From 34d5ee62989c33e9c241b0b58fe3c0c41999db04 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 26 Aug 2022 22:35:42 +0200
Subject: [PATCH 0001/3949] use the correct syntax for running from an external
 script

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a9d245ad..f4a12ba4 100644
--- a/readme.md
+++ b/readme.md
@@ -382,7 +382,7 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
 
-One example for this would be `sudo docker exec -it nextcloud-aio-mastercontainer DAILY_BACKUP=1 /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+One example for this would be `sudo docker exec -it -e DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 
 ### How to disable the backup section?
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `-e DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.

From c872c259c15eac954f9aaa372af477df80e4133c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 26 Aug 2022 22:52:19 +0200
Subject: [PATCH 0002/3949] do not pull containers START_CONTAINERS was
 provided and not AUTOMATIC_UPDATES

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 9db7d627..74891d5f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -30,20 +30,19 @@ class DockerController
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency);
+            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
         }
 
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
                 $pullContainer = false;
+                error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
         if ($pullContainer) {
             $this->dockerActionManager->PullContainer($container);
-        } else {
-            error_log('Not pulling the latest database image because the container was not correctly shut down.');
         }
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);

From ed82a41bc1ce5caeeb979fe752addd4e478fff86 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sat, 27 Aug 2022 16:13:08 +0200
Subject: [PATCH 0003/3949] remove resolved issues from nginx docs

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 68ffeccc..ec29d6c9 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -141,7 +141,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** the config below is not working 100% correctly, yet. See e.g. https://github.com/nextcloud/all-in-one/issues/450, https://github.com/nextcloud/all-in-one/issues/447 and https://github.com/nextcloud/all-in-one/issues/491. Improvements to it are very welcome!
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 Add this to you nginx config:
 

From 7ad975f4b15598cb86395c267a0376855c51b2cb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 30 Aug 2022 14:24:31 +0200
Subject: [PATCH 0004/3949] the dbpassword and dbuser do not need to be
 overwritten anymore

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 7cec862c..92cef7f8 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,8 +17,9 @@ if [ -f "/var/www/html/config/config.php" ]; then
         echo "Waiting for the database to start..."
         sleep 5
     done
-    sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
+    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
 fi
 
 # Run original entrypoint

From 5eaff0ba2fbdc9af97abb31f0f57fe365fffbe4c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 31 Aug 2022 13:45:23 +0200
Subject: [PATCH 0005/3949] fix container logs new line

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 43f84deb..74cb4a96 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -162,11 +162,11 @@ class DockerActionManager
         $response = "";
         $separator = "\r\n";
         $line = strtok($responseBody, $separator);
-        $response = substr($line, 8) . "\n";
+        $response = substr($line, 8) . $separator;
 
         while ($line !== false) {
             $line = strtok($separator);
-            $response .= substr($line, 8) . "\n";
+            $response .= substr($line, 8) . $separator;
         }
 
         return $response;

From d6e1f6220270fc7d1058f3fcdaf359f4bd3a629a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 31 Aug 2022 14:00:37 +0200
Subject: [PATCH 0006/3949] rework the daily backup script and allow to start
 the backup check from it

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 28 ++++++++++++++++++----
 php/src/Controller/DockerController.php    |  7 ++++--
 php/src/Cron/CheckBackup.php               | 17 +++++++++++++
 readme.md                                  |  1 +
 4 files changed, 47 insertions(+), 6 deletions(-)
 create mode 100644 php/src/Cron/CheckBackup.php

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 09eefec1..8f6ecb6a 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -1,10 +1,16 @@
 #!/bin/bash
 
-echo "Daily backup has started"
+echo "Daily backup script has started"
+
+# Daily backup and backup check cannot be run at the same time
+if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Daily backup and backup check cannot be run at the same time. Exiting..."
+    exit 1
+fi
 
 # Delete all active sessions and create a lock file
 # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
-if [ "$LOCK_FILE_PRESENT" = 0 ]; then
+if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
     rm -f "/mnt/docker-aio-config/session/"*
 fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
@@ -26,6 +32,8 @@ done
 
 # Update the mastercontainer
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting mastercontainer update..." 
+    echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
 fi
 
@@ -40,20 +48,31 @@ else
 fi
 
 # Stop containers if required
-if [ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]; then
+# shellcheck disable=SC2235
+if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
+    echo "Stopping containers..."
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
 fi
 
 # Execute the backup itself and some related tasks (also stops the containers)
 if [ "$DAILY_BACKUP" = 1 ]; then
+    echo "Creating daily backup..."
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
 fi
 
+# Execute backup check
+if [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Starting backup check..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
+fi
+
 # Start and/or update containers
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting and updating containers..."
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
 else
     if [ "$START_CONTAINERS" = 1 ]; then
+        echo "Starting containers without updating them..."
         sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
     fi
 fi
@@ -75,7 +94,8 @@ if [ "$DAILY_BACKUP" = 1 ]; then
             fi
         done
     fi
+    echo "Sending backup notification..."
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
 fi
 
-echo "Daily backup has finished"
+echo "Daily backup script has finished"
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 9db7d627..79041095 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -86,14 +86,17 @@ class DockerController
     }
 
     public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+        $this->checkBackup();
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function checkBackup() : void {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'check';
         $this->configurationManager->WriteConfig($config);
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
-
-        return $response->withStatus(201)->withHeader('Location', '/');
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
diff --git a/php/src/Cron/CheckBackup.php b/php/src/Cron/CheckBackup.php
new file mode 100644
index 00000000..6d9b027c
--- /dev/null
+++ b/php/src/Cron/CheckBackup.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Stop container and start backup check
+$dockerController->checkBackup();
diff --git a/readme.md b/readme.md
index f4a12ba4..d564caef 100644
--- a/readme.md
+++ b/readme.md
@@ -381,6 +381,7 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking which means that the backup is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
+- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`.
 
 One example for this would be `sudo docker exec -it -e DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 

From ec1605d29afbdb5cec4d6d740a109a80820952cf Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 31 Aug 2022 14:22:11 +0200
Subject: [PATCH 0007/3949] do not show progress for borg operations

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index c6b07d17..293c57c6 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -124,14 +124,14 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --progress --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
     # Create the backup
     echo "Starting the backup..."
     get_start_time
     if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
         echo "Deleting the failed backup archive..."
-        borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
         exit 1
     fi
@@ -140,7 +140,7 @@ if [ "$BORG_MODE" = backup ]; then
     rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
 
     # Prune options
-    BORG_PRUNE_OPTS=(--stats --progress --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
+    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
 
     # Prune archives
     echo "Pruning the archives..."
@@ -162,7 +162,7 @@ if [ "$BORG_MODE" = backup ]; then
             done
             if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                 echo "Deleting the failed backup archive..."
-                borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                 echo "Backup of additional docker-volumes failed!"
                 exit 1
             fi
@@ -186,7 +186,7 @@ if [ "$BORG_MODE" = backup ]; then
             done
             if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                 echo "Deleting the failed backup archive..."
-                borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                 echo "Backup of additional host-mounts failed!"
                 exit 1
             fi
@@ -320,7 +320,7 @@ if [ "$BORG_MODE" = check ]; then
     echo "Checking the backup integrity..."
 
     # Perform the check
-    if ! borg check --verify-data --progress "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
         exit 1
     fi

From 999c74a731616338f0bff78379f0c6d9dc6cf96f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 31 Aug 2022 15:28:43 +0200
Subject: [PATCH 0008/3949] get rid of some strange lines in the
 mastercontainer logs

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/session-deduplicator.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/session-deduplicator.sh b/Containers/mastercontainer/session-deduplicator.sh
index 4326090a..796ccb54 100644
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -2,15 +2,18 @@
 
 while true; do
     while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
+        # First delete all session files that are not authenticated
         unset SESSION_FILES
         SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
         unset SESSION_FILES_ARRAY
         mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
         for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
+            if [ -f "$SESSION_FILE" ] && ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
                 rm "$SESSION_FILE"
             fi
         done
+
+        # Second clean up all sessions that are authenticated
         echo "Deleting duplicate sessions"
         unset OLDEST_FILE
         set -x

From 92b16393299690ba585f12866591831e23b79714 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 2 Sep 2022 05:35:32 +0000
Subject: [PATCH 0009/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 216fe08f..5a180b35 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.26.0@6998fabb2bf528b65777bf9941920888d23c03ac">
+<files psalm-version="4.27.0@faf106e717c37b8c81721845dba9de3d8deed8ff">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From b61d2d46fd06c780936349d75a418cbe1ee812d9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Sep 2022 12:35:07 +0000
Subject: [PATCH 0010/3949] Bump ubuntu from focal-20220801 to focal-20220826
 in /Containers/talk

Bumps ubuntu from focal-20220801 to focal-20220826.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 6b666374..1a7e3dfb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20220801
+FROM ubuntu:focal-20220826
 
 RUN set -ex; \
     \

From fa4eb448985b0cbf8e4db0d6559f7cf362dc1bbb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sat, 3 Sep 2022 15:43:40 +0200
Subject: [PATCH 0011/3949] Allow to choose a different backup location if the
 first backup fails

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index c6b07d17..286cfed1 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -87,10 +87,12 @@ if [ "$BORG_MODE" = backup ]; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
             echo "Cannot initialize a new repository as that was already done at least one time."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
             exit 1
         fi
 
         echo "initializing repository..."
+        NEW_REPOSITORY=1
         if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
             echo "Could not initialize borg repository."
             rm -f "$BORG_BACKUP_DIRECTORY/config"
@@ -133,6 +135,10 @@ if [ "$BORG_MODE" = backup ]; then
         echo "Deleting the failed backup archive..."
         borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
+        if [ "$NEW_REPOSITORY" = 1 ]; then
+            echo "Deleting borg.config file so that you can choose a different location for the backup."
+            rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
+        fi
         exit 1
     fi
 

From 27e0080ed0e33866ef75f9b3036385e13338ab40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Brey?= <alvaro.brey@nextcloud.com>
Date: Mon, 5 Sep 2022 10:01:43 +0200
Subject: [PATCH 0012/3949] Fix typo in mastercontainer start.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Álvaro Brey <alvaro.brey@nextcloud.com>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 38c38975..fc613b73 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -220,7 +220,7 @@ print_green "Initial startup of Nextcloud All In One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
 
-If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
+If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"
 
 # Set the timezone to UTC

From 59bbff23fe203c39571ad8cb61150e48a73495b1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 5 Sep 2022 13:23:40 +0200
Subject: [PATCH 0013/3949] improve healthcheck for mastercontainer

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile     | 6 ++++--
 Containers/mastercontainer/healthcheck.sh | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 Containers/mastercontainer/healthcheck.sh

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 37442eb2..9b9b764e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -90,16 +90,18 @@ COPY session-deduplicator.sh /
 COPY cron.sh /
 COPY daily-backup.sh /
 COPY supervisord.conf /
+COPY healthcheck.sh /
 RUN chmod +x /usr/bin/start.sh; \
     chmod +x /cron.sh; \
     chmod +x /session-deduplicator.sh; \
     chmod +x /backup-time-file-watcher.sh; \
     chmod +x /daily-backup.sh; \
-    chmod a+r /Caddyfile
+    chmod a+r /Caddyfile; \
+    chmod +x /healthcheck.sh
 
 USER root
 
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD curl -skfI https://localhost:8080 || exit 1
\ No newline at end of file
+HEALTHCHECK CMD /healthcheck.sh
\ No newline at end of file
diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
new file mode 100644
index 00000000..3a0d0b33
--- /dev/null
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
+    curl -skfI https://localhost:8080 || exit 1
+fi

From 3f48169f5c22e6c4783d6ed67e30c974c47a582f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 5 Sep 2022 13:32:14 +0200
Subject: [PATCH 0014/3949] increase to 2.0.1

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cde78a36..0749482e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.0</h1>
+        <h1>Nextcloud AIO v2.0.1</h1>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}

From abb414129af073db58d11d04f331f26dd9a96d2e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 5 Sep 2022 14:04:32 +0200
Subject: [PATCH 0015/3949] add a check for init-user-db.sh

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/postgresql/init-user-db.sh |  4 ++++
 Containers/postgresql/start.sh        | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/Containers/postgresql/init-user-db.sh b/Containers/postgresql/init-user-db.sh
index 1f09770b..5d4474a2 100644
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,9 +1,13 @@
 #!/bin/bash
 set -ex
 
+touch /mnt/data/initdb.failed
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL
 
+rm /mnt/data/initdb.failed
+
 set +ex
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index b2e25a1b..b8563b27 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -18,6 +18,16 @@ if ! [ -w "$DUMP_DIR" ]; then
     exit 1
 fi
 
+# Check if initdb was successful
+if [ -f "/mnt/data/initdb.failed" ]; then
+    echo "It seems like initializing the database was unsuccessful."
+    echo "Most likely the timezone is not a valid one."
+    echo "Please restore a backup, change the timezone to a valid one and try again."
+    echo "If this is a new instance, clean it properly by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    echo "Afterwards feel free to try again with a valid timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
     set -ex
@@ -58,6 +68,11 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     # Create new database
     exec docker-entrypoint.sh postgres &
 
+    # Exit if initdb failed
+    if [ -f "/mnt/data/initdb.failed" ]; then
+        exit 1
+    fi
+
     # Wait for creation
     while ! nc -z localhost 11000; do
         echo "Waiting for the database to start."
@@ -124,6 +139,11 @@ trap 'true' SIGINT SIGTERM
 exec docker-entrypoint.sh postgres &
 wait $!
 
+# Exit if initdb failed
+if [ -f "/mnt/data/initdb.failed" ]; then
+    exit 1
+fi
+
 # Continue with shutdown procedure: do database dump, etc.
 rm -f "$DUMP_FILE.temp"
 touch "$DUMP_DIR/export.failed"

From 04abdbed9e5e8f2cc28ae15f09a127331e42dcf8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 5 Sep 2022 12:19:49 +0000
Subject: [PATCH 0016/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest-arm64.yml | 34 +++++++++++++++++++++++++++++++
 manual-install/latest.yml       | 36 ++++++++++++++++++++++++++++++++-
 manual-install/sample.conf      |  4 ++++
 3 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index 7649fe38..a9753125 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -47,6 +47,8 @@ services:
     depends_on:
       - nextcloud-aio-database
       - nextcloud-aio-redis
+      - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-imaginary
     image: nextcloud/aio-nextcloud:latest-arm64
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
@@ -76,6 +78,12 @@ services:
       - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
+      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -123,6 +131,30 @@ services:
     networks:
       - nextcloud-aio
  
+  nextcloud-aio-imaginary:
+    container_name: nextcloud-aio-imaginary
+    image: nextcloud/aio-imaginary:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-fulltextsearch:
+    container_name: nextcloud-aio-fulltextsearch
+    image: nextcloud/aio-fulltextsearch:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+    volumes:
+      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
 volumes:
   nextcloud_aio_apache:
     name: nextcloud_aio_apache
@@ -130,6 +162,8 @@ volumes:
     name: nextcloud_aio_database
   nextcloud_aio_database_dump:
     name: nextcloud_aio_database_dump
+  nextcloud_aio_elasticsearch:
+    name: nextcloud_aio_elasticsearch
   nextcloud_aio_nextcloud:
     name: nextcloud_aio_nextcloud
   nextcloud_aio_nextcloud_data:
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index d7ce9797..ee7e220c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -6,7 +6,6 @@ services:
     depends_on:
       - nextcloud-aio-onlyoffice
       - nextcloud-aio-collabora
-      - nextcloud-aio-clamav
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
     image: nextcloud/aio-apache:latest
@@ -50,6 +49,9 @@ services:
     depends_on:
       - nextcloud-aio-database
       - nextcloud-aio-redis
+      - nextcloud-aio-clamav
+      - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-imaginary
     image: nextcloud/aio-nextcloud:latest
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
@@ -84,6 +86,12 @@ services:
       - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
+      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -157,6 +165,30 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+ 
+  nextcloud-aio-imaginary:
+    container_name: nextcloud-aio-imaginary
+    image: nextcloud/aio-imaginary:latest
+    environment:
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-fulltextsearch:
+    container_name: nextcloud-aio-fulltextsearch
+    image: nextcloud/aio-fulltextsearch:latest
+    environment:
+      - TZ=${TIMEZONE}
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+    volumes:
+      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
 
 volumes:
   nextcloud_aio_apache:
@@ -167,6 +199,8 @@ volumes:
     name: nextcloud_aio_database
   nextcloud_aio_database_dump:
     name: nextcloud_aio_database_dump
+  nextcloud_aio_elasticsearch:
+    name: nextcloud_aio_elasticsearch
   nextcloud_aio_nextcloud:
     name: nextcloud_aio_nextcloud
   nextcloud_aio_onlyoffice:
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 4aadd825..bdaa4780 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -5,11 +5,15 @@ CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextclo
 COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
+NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!

From e03e3cfc08f01cb704eca4cc5526418a04407344 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 5 Sep 2022 12:19:49 +0000
Subject: [PATCH 0017/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 71 ++++++++++++++++++++++++++---------------------
 1 file changed, 40 insertions(+), 31 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 41e9133a..54c083a4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.4.5",
+            "version": "7.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82"
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
-                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
                 "shasum": ""
             },
             "require": {
@@ -32,10 +32,10 @@
                 "psr/http-client-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                 "ext-curl": "*",
                 "php-http/client-integration-tests": "^3.0",
-                "phpunit/phpunit": "^8.5.5 || ^9.3.5",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -45,8 +45,12 @@
             },
             "type": "library",
             "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                 "branch-alias": {
-                    "dev-master": "7.4-dev"
+                    "dev-master": "7.5-dev"
                 }
             },
             "autoload": {
@@ -112,7 +116,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.4.5"
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
             },
             "funding": [
                 {
@@ -128,20 +132,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-06-20T22:16:13+00:00"
+            "time": "2022-08-28T15:39:27+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "1.5.1",
+            "version": "1.5.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da"
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
                 "shasum": ""
             },
             "require": {
@@ -196,7 +200,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.5.1"
+                "source": "https://github.com/guzzle/promises/tree/1.5.2"
             },
             "funding": [
                 {
@@ -212,20 +216,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-10-22T20:56:57+00:00"
+            "time": "2022-08-28T14:55:35+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.0",
+            "version": "2.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "13388f00956b1503577598873fffb5ae994b5737"
+                "reference": "69568e4293f4fa993f3b0e51c9723e1e17c41379"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/13388f00956b1503577598873fffb5ae994b5737",
-                "reference": "13388f00956b1503577598873fffb5ae994b5737",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/69568e4293f4fa993f3b0e51c9723e1e17c41379",
+                "reference": "69568e4293f4fa993f3b0e51c9723e1e17c41379",
                 "shasum": ""
             },
             "require": {
@@ -239,15 +243,19 @@
                 "psr/http-message-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                 "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.8 || ^9.3.10"
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
             },
             "type": "library",
             "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                 "branch-alias": {
                     "dev-master": "2.4-dev"
                 }
@@ -311,7 +319,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.1"
             },
             "funding": [
                 {
@@ -327,7 +335,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-06-20T21:43:11+00:00"
+            "time": "2022-08-28T14:45:39+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -389,25 +397,26 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.2.0",
+            "version": "v1.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540"
+                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/09f0e9fb61829f628205b7c94906c28740ff9540",
-                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d78fd36ba031a1a695ea5a406f29996948d7011b",
+                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.3|^8.0"
             },
             "require-dev": {
-                "pestphp/pest": "^1.18",
-                "phpstan/phpstan": "^0.12.98",
-                "symfony/var-dumper": "^5.3"
+                "nesbot/carbon": "^2.61",
+                "pestphp/pest": "^1.21.3",
+                "phpstan/phpstan": "^1.8.2",
+                "symfony/var-dumper": "^5.4.11"
             },
             "type": "library",
             "extra": {
@@ -444,7 +453,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2022-05-16T17:09:47+00:00"
+            "time": "2022-08-26T15:25:27+00:00"
         },
         {
             "name": "nikic/fast-route",

From 06315218b8e177c13700bf80c5a4a69645411aa0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Sep 2022 16:04:45 +0000
Subject: [PATCH 0018/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20220822 to 20220905.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index af0347b8..64e4f704 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20220822
+FROM nextcloud/imaginary:20220905
 
 USER root
 RUN set -ex; \

From 0cc5d278fb3f61b257d829c1d5de0ce77b013858 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Sep 2022 07:46:39 +0000
Subject: [PATCH 0019/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.22-fpm-alpine3.16 to 8.0.23-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 02267c1b..da792fef 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.22-fpm-alpine3.16
+FROM php:8.0.23-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From 16c75492f38eb45b1419ce5d40bd3f625223a048 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Sep 2022 07:46:40 +0000
Subject: [PATCH 0020/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.0.22-apache-bullseye to 8.0.23-apache-bullseye.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 9b9b764e..af87d0f3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.17-dind-alpine3.16 as dind
 FROM caddy:2.5.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.22-apache-bullseye
+FROM php:8.0.23-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

From 80482657bee5aca5622745e8ac62ece0bd3dea22 Mon Sep 17 00:00:00 2001
From: "martin.mueller" <martin.mueller@model-engineers.com>
Date: Wed, 7 Sep 2022 11:17:53 +0200
Subject: [PATCH 0021/3949] TURN_CONF set total-quota unlimited

Signed-off-by: martin.mueller <martin.mueller@model-engineers.com>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index eea4563d..dcb53e9d 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -23,7 +23,7 @@ lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN
-total-quota=100
+total-quota=0
 bps-capacity=0
 stale-nonce
 no-multicast-peers

From 46b1a0c068419a32844002a86b81ae7ed48ca239 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 8 Sep 2022 12:50:47 +0000
Subject: [PATCH 0022/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index da792fef..8e0092ac 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.4
+ENV NEXTCLOUD_VERSION 24.0.5
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 4ecfaa065007794a911e8370886aa762c7746e35 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 8 Sep 2022 16:15:16 +0200
Subject: [PATCH 0023/3949] increase to 2.0.2

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0749482e..2b29c025 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.1</h1>
+        <h1>Nextcloud AIO v2.0.2</h1>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}

From feb6438d39424b9f37d6c4a71952115c5bce4e30 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 8 Sep 2022 17:26:36 +0200
Subject: [PATCH 0024/3949] Revert "add a check for init-user-db.sh"

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/postgresql/init-user-db.sh |  4 ----
 Containers/postgresql/start.sh        | 20 --------------------
 2 files changed, 24 deletions(-)

diff --git a/Containers/postgresql/init-user-db.sh b/Containers/postgresql/init-user-db.sh
index 5d4474a2..1f09770b 100644
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,13 +1,9 @@
 #!/bin/bash
 set -ex
 
-touch /mnt/data/initdb.failed
-
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL
 
-rm /mnt/data/initdb.failed
-
 set +ex
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index b8563b27..b2e25a1b 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -18,16 +18,6 @@ if ! [ -w "$DUMP_DIR" ]; then
     exit 1
 fi
 
-# Check if initdb was successful
-if [ -f "/mnt/data/initdb.failed" ]; then
-    echo "It seems like initializing the database was unsuccessful."
-    echo "Most likely the timezone is not a valid one."
-    echo "Please restore a backup, change the timezone to a valid one and try again."
-    echo "If this is a new instance, clean it properly by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
-    echo "Afterwards feel free to try again with a valid timezone."
-    exit 1
-fi
-
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
     set -ex
@@ -68,11 +58,6 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     # Create new database
     exec docker-entrypoint.sh postgres &
 
-    # Exit if initdb failed
-    if [ -f "/mnt/data/initdb.failed" ]; then
-        exit 1
-    fi
-
     # Wait for creation
     while ! nc -z localhost 11000; do
         echo "Waiting for the database to start."
@@ -139,11 +124,6 @@ trap 'true' SIGINT SIGTERM
 exec docker-entrypoint.sh postgres &
 wait $!
 
-# Exit if initdb failed
-if [ -f "/mnt/data/initdb.failed" ]; then
-    exit 1
-fi
-
 # Continue with shutdown procedure: do database dump, etc.
 rm -f "$DUMP_FILE.temp"
 touch "$DUMP_DIR/export.failed"

From 3ac6fc590acafbc24b0ee871f207bb121465055f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 8 Sep 2022 17:33:33 +0200
Subject: [PATCH 0025/3949] add a confirmation for the timezone

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2b29c025..5172ef2f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -538,7 +538,7 @@
                                 <input type="text" name="timezone" placeholder="Europe/Berlin" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
+                                <input class="button" type="submit" value="Submit" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
                             You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
                         {% else %}

From 609cabf9dc01929bf3340aa72560f1e503318bba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Sep 2022 12:31:14 +0000
Subject: [PATCH 0026/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20220822-slim to bullseye-20220912-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 22576972..c60aadad 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.5.2-alpine as caddy
 
-FROM debian:bullseye-20220822-slim
+FROM debian:bullseye-20220912-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 319bda83e8dc8abdfa80bd0cac8833a270269dcd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Sep 2022 12:31:15 +0000
Subject: [PATCH 0027/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20220822-slim to bullseye-20220912-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index ef3b89a7..8327f3a2 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20220822-slim
+FROM debian:bullseye-20220912-slim
 
 RUN set -ex; \
     \

From 935d4aab1114f5fcf43ad0f4277b20c2d9ae8edf Mon Sep 17 00:00:00 2001
From: Lorenzo Marroccoli <lollo0296@gmail.com>
Date: Wed, 31 Aug 2022 22:50:19 +0200
Subject: [PATCH 0028/3949] Let the Nextcloud-Container trust custom CAs (e.g.
 for using LDAPS) 2

Signed-off-by: Lorenzo Marroccoli <lollo0296@gmail.com>
Signed-off-by: szaimen <szaimen@e.mail.de>
Co-Authored-By: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 8 ++++++++
 Containers/nextcloud/start.sh           | 6 ++++++
 docker-compose.yml                      | 1 +
 manual-install/update-yaml.sh           | 1 +
 php/containers.json                     | 8 +++++++-
 php/src/ContainerDefinitionFetcher.php  | 5 +++++
 php/src/Data/ConfigurationManager.php   | 7 +++++++
 php/src/Docker/DockerActionManager.php  | 2 ++
 readme.md                               | 9 +++++++++
 tests/QA/060-environmental-variables.md | 2 ++
 10 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index fc613b73..c57b4207 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -161,6 +161,14 @@ It is set to '$DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
+It should be an absolute path to a directory that starts with '/' but not end with '/'.
+It is set to '$TRUSTED_CACERTS_DIR '."
+        exit 1
+    fi
+fi
 
 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 92cef7f8..8b7e8d97 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -22,6 +22,12 @@ if [ -f "/var/www/html/config/config.php" ]; then
     # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
 fi
 
+# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates."
+    update-ca-certificates
+fi
+
 # Run original entrypoint
 if ! bash /entrypoint.sh; then
     exit 1
diff --git a/docker-compose.yml b/docker-compose.yml
index 42688d0c..d96afc08 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,7 @@ services:
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3cf23451..564891cf 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -64,6 +64,7 @@ sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
+sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index 879c4521..1efbaa14 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -112,6 +112,11 @@
           "name": "%NEXTCLOUD_MOUNT%",
           "location": "%NEXTCLOUD_MOUNT%",
           "writeable": true
+        },
+        {
+          "name": "%TRUSTED_CACERTS_DIR%",
+          "location": "/usr/local/share/ca-certificates",
+          "writeable": false
         }
       ],
       "environmentVariables": [
@@ -148,7 +153,8 @@
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
-        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
+        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
+        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 15e84b1e..e6d416ef 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -120,6 +120,11 @@ class ContainerDefinitionFetcher
                     if($value['name'] === '') {
                         continue;
                     }
+                } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') {
+                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
+                    if($value['name'] === '') {
+                        continue;
+                    }
                 }
                 if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
                     $value['location'] = $this->configurationManager->GetNextcloudMount();
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2ebcf53e..c19a747d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -538,6 +538,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetTrustedCacertsDir() : string {
+        $envVariableName = 'TRUSTED_CACERTS_DIR';
+        $configName = 'trusted_cacerts_dir';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 74cb4a96..2682ef15 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -314,6 +314,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') {
+                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
                     if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
                         $replacements[1] = 'yes';
diff --git a/readme.md b/readme.md
index d564caef..f671edeb 100644
--- a/readme.md
+++ b/readme.md
@@ -490,3 +490,12 @@ What are the requirements?
 3. The feature that gets added into Nextcloud by adding the container must be maintained by the Nextcloud GmbH. 
 4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
+
+### How to trust user-defiend Certification Authorities (CA)?
+For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
+
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+
+When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+
+In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 8cff4438..faf636d2 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -11,5 +11,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
+- [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
+See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From e91a3d7bce4b3a9a68cab8725e15561dac20bec1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Sep 2022 12:39:08 +0000
Subject: [PATCH 0029/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.5.4.1 to 22.05.6.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 0873e2dc..9b51b412 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.5.4.1
+FROM collabora/code:22.05.6.1.1
 
 USER root
 

From 7efa09339c988475ef6ed378e5a5c1cc9650b332 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 19 Sep 2022 12:24:35 +0000
Subject: [PATCH 0030/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index af87d0f3..d9840130 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -37,7 +37,7 @@ COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
 RUN set -ex; \
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
     docker-php-ext-enable apcu
 
 RUN set -e && \
diff --git a/php/composer.lock b/php/composer.lock
index 54c083a4..f1f66951 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -397,16 +397,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.2.1",
+            "version": "v1.2.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b"
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d78fd36ba031a1a695ea5a406f29996948d7011b",
-                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/47afb7fae28ed29057fdca37e16a84f90cc62fae",
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae",
                 "shasum": ""
             },
             "require": {
@@ -453,7 +453,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2022-08-26T15:25:27+00:00"
+            "time": "2022-09-08T13:45:54+00:00"
         },
         {
             "name": "nikic/fast-route",

From 544f38a882f323d32955b357764de393b1b36919 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Sep 2022 12:51:35 +0000
Subject: [PATCH 0031/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20220905 to 20220919.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 64e4f704..c9cdecea 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20220905
+FROM nextcloud/imaginary:20220919
 
 USER root
 RUN set -ex; \

From 93f1f9c47ea244736374c5c0b873bb3413fb9991 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 19 Sep 2022 12:57:18 +0000
Subject: [PATCH 0032/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8e0092ac..332444cf 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -61,7 +61,7 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \

From 18227536cdf7a7789b5f3482f9dab0368b67b3a2 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 18 Sep 2022 23:26:06 +0200
Subject: [PATCH 0033/3949] fix removal of the updatenotification app for
 migrated instances

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index afa6bb4b..b142cadb 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -135,8 +135,11 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
             php /var/www/html/occ app:update --all
 
             # Fix removing the updatenotification for old instances
+            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
             if [ -d "/var/www/html/apps/updatenotification" ]; then
                 php /var/www/html/occ app:disable updatenotification
+            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
+                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
             fi
         fi
 

From 6e2872b9538ef82a9480a6ea91ed2d98e727e47e Mon Sep 17 00:00:00 2001
From: Mustapha Zorgati <15628173+mustaphazorgati@users.noreply.github.com>
Date: Mon, 19 Sep 2022 23:43:42 +0200
Subject: [PATCH 0034/3949] aio-apache configuration now uses NEXTCLOUD_HOST
 env variable (#1173)

instead of hardcoded container name
---
 Containers/apache/nextcloud.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index d701a264..15bc63c8 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -2,7 +2,7 @@ Listen 8000
 <VirtualHost *:8000>
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"
+        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
     # Nextcloud dir
     DocumentRoot /var/www/html/

From 2b5deb81f5656be6db4198b57d1dbe963185bf9b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 20 Sep 2022 18:16:17 +0200
Subject: [PATCH 0035/3949] bring Apache limits in sync with PHP limits

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf       | 8 +++++++-
 manual-install/update-yaml.sh          | 1 +
 php/containers.json                    | 4 +++-
 php/src/Data/ConfigurationManager.php  | 5 +++++
 php/src/Docker/DockerActionManager.php | 2 ++
 5 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index d701a264..530d26ff 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -26,5 +26,11 @@ Listen 8000
     SetEnv proxy-sendcl 1
 
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
-    LimitRequestBody 0
+    LimitRequestBody ${APACHE_MAX_SIZE}
+
+    # See https://httpd.apache.org/docs/current/mod/core.html#timeout
+    Timeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
+    ProxyTimeout ${APACHE_MAX_TIME}
 </VirtualHost>
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3cf23451..65a6c347 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -63,6 +63,7 @@ sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index 879c4521..1bf889c7 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -24,7 +24,9 @@
         "TALK_HOST=nextcloud-aio-talk",
         "APACHE_PORT=%APACHE_PORT%",
         "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
+        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
       ],
       "volumes": [
         {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2ebcf53e..a656c84c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -524,6 +524,11 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetApacheMaxSize() : int {
+        $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
+        return $uploadLimit * 1024 * 1024 * 1024;
+    }
+
     public function GetNextcloudMaxTime() : string {
         $envVariableName = 'NEXTCLOUD_MAX_TIME';
         $configName = 'nextcloud_max_time';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 74cb4a96..f02e1277 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -322,6 +322,8 @@ class DockerActionManager
                     }
                 } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
                     $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
+                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
+                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }

From 1e8d5c71f4f6977df65ec626c3e895881d1af572 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 20 Sep 2022 16:33:43 +0200
Subject: [PATCH 0036/3949] update permissions output and fix usage of variable

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 43 +++++++++++++++++-------------
 1 file changed, 25 insertions(+), 18 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index afa6bb4b..2ac9a22b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -29,13 +29,20 @@ if [ -n "$PHP_MAX_CHILDREN" ]; then
 fi
 
 # Check permissions in ncdata
-touch "/mnt/ncdata/this-is-a-test-file"
-if ! [ -f "/mnt/ncdata/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in /mnt/ncdata.
-Did you maybe change the datadir and did forget to apply the correct permissions?"
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    echo "The www-data user doesn't seem to have access rights in the datadir.
+Did you maybe change the datadir and did forget to apply the correct permissions?
+See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+The found permissions are:
+$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
+(userID:groupID permissions)
+but they should be:
+33:0 750
+(userID:groupID permissions)"
     exit 1
 fi
-rm "/mnt/ncdata/this-is-a-test-file"
+rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 if [ -f /var/www/html/version.php ]; then
     # shellcheck disable=SC2016
@@ -65,7 +72,7 @@ if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versio
 fi
 
 # Do not start the container if the last update failed
-if [ -f "/mnt/ncdata/update.failed" ]; then
+if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
     echo "The last Nextcloud update failed."
     echo "Please restore from backup and try again!"
     echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
@@ -73,7 +80,7 @@ if [ -f "/mnt/ncdata/update.failed" ]; then
 fi
 
 # Skip any update if Nextcloud was just restored
-if ! [ -f "/mnt/ncdata/skip.update" ]; then
+if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     if version_greater "$image_version" "$installed_version"; then
         # Check if it skips a major version
         INSTALLED_MAJOR="${installed_version%%.*}"
@@ -228,7 +235,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
 
         #upgrade
         else
-            touch "/mnt/ncdata/update.failed"
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
             while [ -n "$(pgrep -f cron.php)" ]
             do
                 echo "Waiting for Nextclouds cronjob to finish..."
@@ -242,7 +249,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
                 exit 1
             fi
 
-            rm "/mnt/ncdata/update.failed"
+            rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 
             php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
@@ -273,24 +280,24 @@ fi
 
 # Check if appdata is present
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
-if [ -z "$(find "/mnt/ncdata/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
     echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
     exit 1
 fi
 
 # Configure tempdirectory
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
-    mkdir -p "/mnt/ncdata/tmp/"
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
     if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
-        echo "upload_tmp_dir = /mnt/ncdata/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
     fi
-    php /var/www/html/occ config:system:set tempdirectory --value="/mnt/ncdata/tmp/"
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
 fi
 
 # Perform fingerprint update if instance was restored
-if [ -f "/mnt/ncdata/fingerprint.update" ]; then
+if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
     php /var/www/html/occ maintenance:data-fingerprint
-    rm "/mnt/ncdata/fingerprint.update"
+    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi
 
 # Apply one-click-instance settings
@@ -466,12 +473,12 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
-    if ! [ -f "/mnt/ncdata/fts-index.done" ]; then
+    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
         echo "Waiting 10s before activating FTS..."
         sleep 10
         echo "Activating fulltextsearch..."
         if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
-            touch "/mnt/ncdata/fts-index.done"
+            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
         else
             echo "Fulltextsearch failed. Could not index."
         fi
@@ -489,4 +496,4 @@ else
 fi
 
 # Remove the update skip file always
-rm -f /mnt/ncdata/skip.update
+rm -f "$NEXTCLOUD_DATA_DIR"/skip.update

From 8dd871b3682768cb11bbe6ffec0651c9c5a11f13 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 20 Sep 2022 18:56:22 +0200
Subject: [PATCH 0037/3949] add logging to apache

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index d701a264..75758be8 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,5 +1,9 @@
 Listen 8000
 <VirtualHost *:8000>
+    # Add error log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+
     # PHP match
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"

From 7e148f828771242982f76e21347fdad0692b3fd9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Sep 2022 17:04:05 +0000
Subject: [PATCH 0038/3949] Bump docker in /Containers/mastercontainer

Bumps docker from 20.10.17-dind-alpine3.16 to 20.10.18-dind-alpine3.16.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index af87d0f3..8f82e030 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.17-dind-alpine3.16 as dind
+FROM docker:20.10.18-dind-alpine3.16 as dind
 
 # Caddy is a requirement
 FROM caddy:2.5.2-alpine as caddy

From 4397e74ca948f1602e81f79a5bdb9f3b99207403 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 18 Sep 2022 23:10:03 +0200
Subject: [PATCH 0039/3949] small enhancements

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 4 +++-
 readme.md                                  | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 8f6ecb6a..907b0df3 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -80,7 +80,9 @@ fi
 # Delete the lock file
 rm -f "/mnt/docker-aio-config/data/daily_backup_running"
 
-if [ "$DAILY_BACKUP" = 1 ]; then
+# Send backup notification
+# shellcheck disable=SC2235
+if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAINERS" = 1 ]); then
     # Wait for the nextcloud container to start and send if the backup was successful
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
         echo "Something seems to be wrong: Nextcloud should be started at this step."
diff --git a/readme.md b/readme.md
index d564caef..3bb6add4 100644
--- a/readme.md
+++ b/readme.md
@@ -378,13 +378,15 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
-- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking which means that the backup is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking if `START_CONTAINERS` and `AUTOMATIC_UPDATES` is not enabled at the same time which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
-- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`.
+- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 
 One example for this would be `sudo docker exec -it -e DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 
+⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
+
 ### How to disable the backup section?
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `-e DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.
 

From 4e8c1e53ee2a804622c5553bd1afcbaa5606507d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 14 Sep 2022 11:21:23 +0200
Subject: [PATCH 0040/3949] allow to disable seccomp for collabora

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 docker-compose.yml                      |  1 +
 manual-install/update-yaml.sh           |  1 +
 php/containers.json                     |  2 +-
 php/src/Data/ConfigurationManager.php   | 15 +++++++++++++++
 php/src/Docker/DockerActionManager.php  |  2 ++
 readme.md                               |  3 +++
 tests/QA/060-environmental-variables.md |  1 +
 7 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d96afc08..269dd992 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,6 +27,7 @@ services:
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index cf419f2a..3cbc708e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -74,6 +74,7 @@ sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
+sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf
diff --git a/php/containers.json b/php/containers.json
index 2498a2bc..50fe1d1e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -193,7 +193,7 @@
       ],
       "environmentVariables": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%"
       ],
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b7bb37d5..a816e4f4 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -550,6 +550,21 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetCollaboraSeccompPolicy() : string {
+        $defaultString = '--o:security.seccomp=';
+        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+            return $defaultString . 'true';
+        }
+        return $defaultString . 'false';
+    }
+
+    private function GetCollaboraSeccompDisabledState() : string {
+        $envVariableName = 'COLLABORA_SECCOMP_DISABLED';
+        $configName = 'collabora_seccomp_disabled';
+        $defaultValue = 'false';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4b1e0682..19fa4789 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -326,6 +326,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
                 } elseif ($out[1] === 'APACHE_MAX_SIZE') {
                     $replacements[1] = $this->configurationManager->GetApacheMaxSize();
+                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }
diff --git a/readme.md b/readme.md
index f671edeb..5f43a80d 100644
--- a/readme.md
+++ b/readme.md
@@ -499,3 +499,6 @@ You can make the Nextcloud container trust any Certification Authority by provid
 When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
 In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
+
+### How to disable Collabora's Seccomp feature?
+The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index faf636d2..194f61b2 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -13,5 +13,6 @@
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
+- [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From ef0361dd29543451ad694f24e72a9886de50fca1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 20 Sep 2022 20:05:10 +0200
Subject: [PATCH 0041/3949] increase to 2.0.3

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5172ef2f..0bee9d6c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.2</h1>
+        <h1>Nextcloud AIO v2.0.3</h1>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}

From e0a52df781ab6261790926e45a9b2c71ac109744 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 20 Sep 2022 20:44:13 +0200
Subject: [PATCH 0042/3949] fix link

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 269dd992..f047f341 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,7 +26,7 @@ services:
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
-      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
+      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 194f61b2..323c236e 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -12,7 +12,7 @@
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
-See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-(ca)
+See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 073f5e18e3a9830fbe04a7da76d00d1868ffd415 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 21 Sep 2022 12:23:29 +0000
Subject: [PATCH 0043/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest-arm64.yml | 6 +++++-
 manual-install/latest.yml       | 6 +++++-
 manual-install/sample.conf      | 3 +++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index a9753125..c2f52fb4 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -17,6 +17,8 @@ services:
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT=${APACHE_PORT}
       - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -54,6 +56,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -84,6 +87,7 @@ services:
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -105,7 +109,7 @@ services:
     image: nextcloud/aio-collabora:latest-arm64
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index ee7e220c..0d652f68 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -19,6 +19,8 @@ services:
       - APACHE_PORT=${APACHE_PORT}
       - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -57,6 +59,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,6 +95,7 @@ services:
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -113,7 +117,7 @@ services:
     image: nextcloud/aio-collabora:latest
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index bdaa4780..d8fc73a6 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,9 +1,11 @@
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
@@ -21,5 +23,6 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.

From 240a29cb2b544791621ab4f0a46676a2c81c12f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Sep 2022 12:40:43 +0000
Subject: [PATCH 0044/3949] Bump caddy from 2.5.2-alpine to 2.6.1-alpine in
 /Containers/apache

Bumps caddy from 2.5.2-alpine to 2.6.1-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c60aadad..106436ee 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # Caddy is a requirement
-FROM caddy:2.5.2-alpine as caddy
+FROM caddy:2.6.1-alpine as caddy
 
 FROM debian:bullseye-20220912-slim
 

From fb8fcae3d6b74598db3f0c14fb0d00005649bf5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Sep 2022 12:40:50 +0000
Subject: [PATCH 0045/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.5.2-alpine to 2.6.1-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8dd76153..939368e1 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:20.10.18-dind-alpine3.16 as dind
 
 # Caddy is a requirement
-FROM caddy:2.5.2-alpine as caddy
+FROM caddy:2.6.1-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
 FROM php:8.0.23-apache-bullseye

From 0523af0f8a3c8dd98387fe87ffe776b53d79fb23 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 25 Sep 2022 18:55:07 +0200
Subject: [PATCH 0046/3949] add a hint that the chosen datadir needs to be
 cleaned up as well

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 5b31e1b2..bfc991be 100644
--- a/readme.md
+++ b/readme.md
@@ -196,7 +196,7 @@ Here is how to reset the AIO instance properly:
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
-1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`)
+1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). Also if you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 

From 2af13efe6390ac4df515b9e2f3ef8003f087f63c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 26 Sep 2022 12:18:58 +0200
Subject: [PATCH 0047/3949] update some files

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 manual-install/update-yaml.sh    | 4 ----
 php/templates/containers.twig    | 6 +++---
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 6be6b60e..31c243d8 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.1.1.23
+FROM onlyoffice/documentserver:7.2.0.204
 
 HEALTHCHECK CMD curl -skfI localhost || exit 1
\ No newline at end of file
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3cbc708e..d8945f7b 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -123,9 +123,5 @@ sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
 sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
 sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
 sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
-sed -i '/  nextcloud-aio-onlyoffice:/,/^ $/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]onlyoffice/d' latest-arm64.yml
-sed -i '/ONLYOFFICE_ENABLED/d' latest-arm64.yml
-sed -i '/ONLYOFFICE_SECRET/d' latest-arm64.yml
 
 rm containers.yml
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0bee9d6c..24e1dc5a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -483,20 +483,20 @@
                             <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
-                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
+                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
                         {% else %}
-                            {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>#}
+                            {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                     </form>
                     <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
-                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
                     {% endif %}
                     {% if isAnyRunning == true %}
                         <script type="text/javascript" src="disable-talk.js"></script>
                         <script type="text/javascript" src="disable-collabora.js"></script>
+                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
                         <script type="text/javascript" src="disable-imaginary.js"></script>
                         <script type="text/javascript" src="disable-fulltextsearch.js"></script>
                     {% endif %}

From 8889e92a649bc5bbbc08ae13ef71a9675ab2c62d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 26 Sep 2022 12:22:05 +0200
Subject: [PATCH 0048/3949] fix incorrect removal of OO

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a4238fbc..ac3cabe4 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -382,7 +382,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice
     fi
 fi

From 730128b1ab7914b6475bb9b8fe00ee0fc28ab8b9 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 26 Sep 2022 19:25:04 +0200
Subject: [PATCH 0049/3949] add HaProxy to reverse proxy documentation

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ec29d6c9..1d8124e3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -135,6 +135,42 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 
 </details>
 
+### HaProxy
+
+<details>
+
+<summary>click here to expand</summary>
+
+Here is an example HaProxy config:
+
+```
+global
+    chroot                      /var/haproxy
+    log                         /var/run/log audit debug
+    lua-prepend-path            /tmp/haproxy/lua/?.lua
+
+defaults
+    log     global
+    option redispatch -1
+    retries 3
+    default-server init-addr last,libc
+
+# Frontend: LetsEncrypt_443 ()
+frontend LetsEncrypt_443
+    # ACL: Nextcloud
+    acl acl_60604e669c3ca4.13013327 hdr(host) -i <your-nc-domain>
+
+# Backend: Nextcloud ()
+backend Nextcloud
+    mode http
+    balance source
+    server Nextcloud localhost:11000 
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
 ### Nginx
 
 <details>

From fd3c30bdb7a8ce8c41baa2f1d808108865446cc3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 26 Sep 2022 19:28:18 +0200
Subject: [PATCH 0050/3949] add a disclaimer

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1d8124e3..9078c2d4 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -141,6 +141,8 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 
 <summary>click here to expand</summary>
 
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
 Here is an example HaProxy config:
 
 ```

From dafa03698ba55eedf4e54f4313e8098d984cd1a0 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 27 Sep 2022 11:28:50 +0200
Subject: [PATCH 0051/3949] fix talk startup logs

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/talk/start.sh         | 2 ++
 Containers/talk/supervisord.conf | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index dcb53e9d..d0a502be 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -43,6 +43,8 @@ sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
+sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
+sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
 set +x
 
 # Signling
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 5e2dcd79..5edf5480 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,7 +27,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --daemon --log-stdout
+command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
 
 [program:signaling]
 stdout_logfile=/dev/stdout

From 7716548c752e9758f7b8a6a450e616097a777467 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Sep 2022 12:34:31 +0000
Subject: [PATCH 0052/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.6.1.1 to 22.05.6.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 9b51b412..173ec374 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.6.1.1
+FROM collabora/code:22.05.6.3.1
 
 USER root
 

From bce24687cc261e3bc0557063124a7a0e8bf0ead9 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 27 Sep 2022 14:54:49 +0200
Subject: [PATCH 0053/3949] add Synology Reverse Proxyy to reverse proxy
 documentation

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ec29d6c9..c30bc0f3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -203,6 +203,24 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 </details>
 
+### Synology Reverse Proxy
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+See these screenshots for a working config:
+
+![image](https://user-images.githubusercontent.com/89748315/192525606-48cab54b-866e-4964-90a8-15e71bd362fb.png)
+
+![image](https://user-images.githubusercontent.com/89748315/192525681-c06f3b39-f510-458e-b1f2-6b2cd995e24c.png)
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
 ### Traefik 2
 
 <details>

From 27d70b7739e474b027890b2394eed936c7bd0d2c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 28 Sep 2022 12:22:33 +0000
Subject: [PATCH 0054/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index f1f66951..458d1dce 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1686,16 +1686,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.4.2",
+            "version": "v3.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077"
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077",
-                "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
                 "shasum": ""
             },
             "require": {
@@ -1746,7 +1746,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.2"
+                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
             },
             "funding": [
                 {
@@ -1758,7 +1758,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-12T06:47:24+00:00"
+            "time": "2022-09-28T08:42:51+00:00"
         }
     ],
     "packages-dev": [],

From 6e34656540d0fe33fd2fb8ba7518e6bee16d4f85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Oct 2022 12:41:48 +0000
Subject: [PATCH 0055/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.0.23-apache-bullseye to 8.0.24-apache-bullseye.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 939368e1..308d3262 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.18-dind-alpine3.16 as dind
 FROM caddy:2.6.1-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.23-apache-bullseye
+FROM php:8.0.24-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

From ece09c2f4173c7ba4b196cc55021bf55fcf94923 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Oct 2022 12:41:48 +0000
Subject: [PATCH 0056/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.23-fpm-alpine3.16 to 8.0.24-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 332444cf..3692b044 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.23-fpm-alpine3.16
+FROM php:8.0.24-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From 7239360a70d088ee50fd3fecf0354a9f5828bd47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Oct 2022 13:05:56 +0000
Subject: [PATCH 0057/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20220919 to 20221003.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index c9cdecea..dd9ea352 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20220919
+FROM nextcloud/imaginary:20221003
 
 USER root
 RUN set -ex; \

From 7e235b088fffa03fb66ce673ee26bfb4532d4da5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 3 Oct 2022 17:40:52 +0200
Subject: [PATCH 0058/3949] remove codeowners

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 CODEOWNERS | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 CODEOWNERS

diff --git a/CODEOWNERS b/CODEOWNERS
deleted file mode 100644
index 37219f9c..00000000
--- a/CODEOWNERS
+++ /dev/null
@@ -1 +0,0 @@
-*       @szaimen @juliushaertl

From b63f50e00bb27c1aa882cb723ae27afb5fb7e3ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Oct 2022 12:40:30 +0000
Subject: [PATCH 0059/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20220912-slim to bullseye-20221004-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 8327f3a2..7922e28b 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20220912-slim
+FROM debian:bullseye-20221004-slim
 
 RUN set -ex; \
     \

From fcabd7cf50f492e48d0fe1b4d159baeed77aeb22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Oct 2022 12:40:30 +0000
Subject: [PATCH 0060/3949] Bump ubuntu from focal-20220826 to focal-20220922
 in /Containers/talk

Bumps ubuntu from focal-20220826 to focal-20220922.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1a7e3dfb..1bbdd768 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20220826
+FROM ubuntu:focal-20220922
 
 RUN set -ex; \
     \

From dd607243d73ccd7e9fb7207b37ee0c3d8c6851f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Oct 2022 12:40:33 +0000
Subject: [PATCH 0061/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20220912-slim to bullseye-20221004-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 106436ee..2f3b0509 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.1-alpine as caddy
 
-FROM debian:bullseye-20220912-slim
+FROM debian:bullseye-20221004-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 1a2b4217ec488b769111ca8c37e0bf26f3ef54f4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 6 Oct 2022 12:59:23 +0000
Subject: [PATCH 0062/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 332444cf..cf153901 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.5
+ENV NEXTCLOUD_VERSION 24.0.6
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From b88b55feb405719b32727fcc9b6ca6299b7cf777 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 18:27:19 +0200
Subject: [PATCH 0063/3949] add channel advice

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 24e1dc5a..d2a59ace 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -167,7 +167,11 @@
             {% endif %}
 
             {% if domain != "" and was_start_button_clicked == true %}
+                {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
                     You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+                {% else %}
+                    No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
+                {% endif %}
             {% endif %}
 
             {% if is_backup_container_running == true %}

From 1b7c7a3d66e14159c8fe8e5c92cab331e0b0bd43 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 18:59:23 +0200
Subject: [PATCH 0064/3949] add lets encrypt back

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 9078c2d4..3fd40b2f 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -159,9 +159,61 @@ defaults
 
 # Frontend: LetsEncrypt_443 ()
 frontend LetsEncrypt_443
+    bind 0.0.0.0:443 name 0.0.0.0:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/605f6609f106d1.17683543.certlist 
+    mode http
+    option http-keep-alive
+    default_backend acme_challenge_backend
+    option forwardfor
+    # tuning options
+    timeout client 30s
+
+    # logging options
+    # ACL: find_acme_challenge
+    acl acl_605f6d4b6453d2.03059920 path_beg -i /.well-known/acme-challenge/
     # ACL: Nextcloud
     acl acl_60604e669c3ca4.13013327 hdr(host) -i <your-nc-domain>
 
+    # ACTION: redirect_acme_challenges
+    use_backend acme_challenge_backend if acl_605f6d4b6453d2.03059920
+    # ACTION: Nextcloud
+    use_backend Nextcloud if acl_60604e669c3ca4.13013327
+
+
+# Frontend: LetsEncrypt_80 ()
+frontend LetsEncrypt_80
+    bind 0.0.0.0:80 name 0.0.0.0:80 
+    mode tcp
+    default_backend acme_challenge_backend
+    # tuning options
+    timeout client 30s
+
+    # logging options
+    # ACL: find_acme_challenge
+    acl acl_605f6d4b6453d2.03059920 path_beg -i /.well-known/acme-challenge/
+
+    # ACTION: redirect_acme_challenges
+    use_backend acme_challenge_backend if acl_605f6d4b6453d2.03059920
+
+# Frontend (DISABLED): 1_HTTP_frontend ()
+
+# Frontend (DISABLED): 1_HTTPS_frontend ()
+
+# Frontend (DISABLED): 0_SNI_frontend ()
+
+# Backend: acme_challenge_backend (Added by Let's Encrypt plugin)
+backend acme_challenge_backend
+    # health checking is DISABLED
+    mode http
+    balance source
+    # stickiness
+    stick-table type ip size 50k expire 30m  
+    stick on src
+    # tuning options
+    timeout connect 30s
+    timeout server 30s
+    http-reuse safe
+    server acme_challenge_host 127.0.0.1:43580 
+
 # Backend: Nextcloud ()
 backend Nextcloud
     mode http

From abbeaa31d77bb46d3de07dcef60a5be35367d194 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 20:08:46 +0200
Subject: [PATCH 0065/3949] add a check for free space

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a816e4f4..deb601ef 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -439,6 +439,10 @@ class ConfigurationManager
         if(!is_dir(DataConst::GetDataDirectory())) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
+        $df = disk_free_space(DataConst::GetDataDirectory());
+        if ($df !== false && (int)$df < 10240) {
+            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
+        }
         file_put_contents(DataConst::GetConfigFile(), json_encode($config));
     }
 

From 95311fd7c3887a7e183b61e63212316f05da75c8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 22:34:10 +0200
Subject: [PATCH 0066/3949] use netcat for healthchecks

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/healthcheck.sh  | 4 ++--
 Containers/collabora/Dockerfile   | 3 ++-
 Containers/domaincheck/Dockerfile | 4 ++--
 Containers/imaginary/Dockerfile   | 3 ++-
 Containers/nextcloud/Dockerfile   | 2 +-
 Containers/talk/Dockerfile        | 2 +-
 6 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index b11d8b5b..667c94d3 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -2,7 +2,7 @@
 
 curl -skfI localhost:8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
-    curl -skfI localhost:"$APACHE_PORT" || exit 1
+    nc -z localhost "$APACHE_PORT" || exit 1
 else
-    curl -skfI https://"$NC_DOMAIN":"$APACHE_PORT" || exit 1
+    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
 fi
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 173ec374..0eab5a39 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,9 +9,10 @@ RUN set -ex; \
     export DEBIAN_FRONTEND=noninteractive; \
     apt-get install -y --no-install-recommends \
         tzdata \
+        netcat \
     ; \
     rm -rf /var/lib/apt/lists/*
 
 USER 104
 
-HEALTHCHECK CMD curl -skfI localhost:9980 || exit 1
+HEALTHCHECK CMD nc -z localhost 9980 || exit 1
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index ab09e156..57192bcc 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.16.2
-RUN apk add --update --no-cache lighttpd bash curl
+RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
 
 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
@@ -15,4 +15,4 @@ USER www-data
 RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD curl -skfI localhost:$APACHE_PORT || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
\ No newline at end of file
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index dd9ea352..a3e7c94c 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -8,8 +8,9 @@ RUN set -ex; \
     apt-get install -y --no-install-recommends \
         ca-certificates \
         curl \
+        netcat \
     ; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 
-HEALTHCHECK CMD curl -skI 127.0.0.1:9000 || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
\ No newline at end of file
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f536a699..24a3304d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -252,4 +252,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER www-data
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD (nc -z localhost 9000 && curl -skI localhost:7867) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (nc -z localhost 9000 && nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1bbdd768..7e0e9e27 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -69,4 +69,4 @@ USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (curl -skI localhost:8081 && curl -skI localhost:8188 && curl -skf --http0.9 localhost:4222 && nc -z localhost $TALK_PORT) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
\ No newline at end of file

From 1cf6f995d42207a4f8e850f2afed4cfaf64ae486 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 22:42:18 +0200
Subject: [PATCH 0067/3949] increase to 2.0.4

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d2a59ace..e3851142 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.3</h1>
+        <h1>Nextcloud AIO v2.0.4</h1>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}

From 56af317778a89cfd02e2d4daece2949637b27352 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 23:02:59 +0200
Subject: [PATCH 0068/3949] use correct config syntax

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/supervisord.conf          | 46 ++++++++++-----------
 Containers/mastercontainer/supervisord.conf |  2 +-
 Containers/talk/supervisord.conf            |  2 +-
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/Containers/apache/supervisord.conf b/Containers/apache/supervisord.conf
index 0abc9748..90436e05 100644
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -1,23 +1,23 @@
-[supervisord]
-nodaemon=true
-nodaemon=true
-logfile=/var/log/supervisord/supervisord.log
-pidfile=/var/run/supervisord/supervisord.pid
-childlogdir=/var/log/supervisord/
-logfile_maxbytes=50MB                           
-logfile_backups=10                              
-loglevel=error
-
-[program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=apachectl -DFOREGROUND
-
-[program:caddy]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run -config /Caddyfile
\ No newline at end of file
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:apache]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apachectl -DFOREGROUND
+
+[program:caddy]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/bin/caddy run --config /Caddyfile
\ No newline at end of file
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index ad24f412..aea8aaa0 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -20,7 +20,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=sudo -u www-data /usr/bin/caddy run -config /Caddyfile
+command=sudo -u www-data /usr/bin/caddy run --config /Caddyfile
 
 [program:cron]
 stdout_logfile=/dev/stdout
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 5edf5480..c42bbde1 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -34,4 +34,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling -config /etc/signaling/server.conf
+command=signaling --config /etc/signaling/server.conf

From be299dfe8caba72352bc3cf2c1cb1321b8568783 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 6 Oct 2022 23:22:19 +0200
Subject: [PATCH 0069/3949] add it to mastercontainer as well

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/healthcheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
index 3a0d0b33..c3a5e3fd 100644
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    curl -skfI https://localhost:8080 || exit 1
+    nc -z localhost 8080 || exit 1
 fi

From d5a1fa32c46a898ac784f9e745e110fa2df7a687 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 8 Oct 2022 04:50:55 +0000
Subject: [PATCH 0070/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 5a180b35..ded87b96 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.27.0@faf106e717c37b8c81721845dba9de3d8deed8ff">
+<files psalm-version="4.28.0@52e96bea381e6cb07a672aefec791a5817694a26">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From ca5e97ef5bfe26453a5d7c5b89613f89537694ab Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sat, 8 Oct 2022 20:44:15 +0200
Subject: [PATCH 0071/3949] rework the apache reverse proxy documentation

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c30bc0f3..ffb3d782 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -41,14 +41,14 @@ Add this as a new Apache site config:
 <VirtualHost *:443>
     ServerName <your-nc-domain>
 
-    # Reverse proxy
-    RewriteEngine On
+    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
+    RewriteEngine on
     ProxyPreserveHost On
+    AllowEncodedSlashes NoDecode
+    ProxyPass / http://localhost:11000/
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/(.*) "ws://localhost:11000/$1" [P,L]
-    ProxyPass / http://localhost:11000/
-    ProxyPassReverse / http://localhost:11000/
+    RewriteRule ^/?(.*) "ws://localhost:11000/$1" [P,QSA,B=?:;]
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1

From 0bbae775c625e8f42169495cc4b468951b458611 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 9 Oct 2022 17:28:29 +0200
Subject: [PATCH 0072/3949] small detail

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ffb3d782..16b0c509 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -42,7 +42,7 @@ Add this as a new Apache site config:
     ServerName <your-nc-domain>
 
     # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
-    RewriteEngine on
+    RewriteEngine On
     ProxyPreserveHost On
     AllowEncodedSlashes NoDecode
     ProxyPass / http://localhost:11000/

From ce47fab5553c35ab1c505cd9da2e70042788a2de Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 9 Oct 2022 17:48:40 +0200
Subject: [PATCH 0073/3949] remove the issue from the doc

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 16b0c509..742e1b71 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -21,7 +21,7 @@ In order to run Nextcloud behind a reverse proxy, you need to specify the port t
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. See e.g. https://github.com/nextcloud/all-in-one/issues/834. Improvements to it are very welcome!
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 Add this as a new Apache site config:
 

From c4e5e0e8d48c7c8706023c86d26cdd13c524b897 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 12 Oct 2022 05:08:47 +0000
Subject: [PATCH 0074/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ded87b96..f6d5a2ab 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.28.0@52e96bea381e6cb07a672aefec791a5817694a26">
+<files psalm-version="4.29.0@7ec5ffbd5f68ae03782d7fd33fff0c45a69f95b3">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From 6c81f2b244db13da2a2aafdc19e29d1b66d6537d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 12 Oct 2022 12:23:55 +0000
Subject: [PATCH 0075/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest-arm64.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index c2f52fb4..bffb2441 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -4,6 +4,7 @@ services:
   nextcloud-aio-apache:
     container_name: nextcloud-aio-apache
     depends_on:
+      - nextcloud-aio-onlyoffice
       - nextcloud-aio-collabora
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
@@ -16,6 +17,7 @@ services:
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT=${APACHE_PORT}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - TZ=${TIMEZONE}
       - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
@@ -73,11 +75,14 @@ services:
       - OVERWRITEPROTOCOL=https
       - TURN_SECRET=${TURN_SECRET}
       - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
       - AIO_URL=${AIO_URL}
       - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
+      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
       - COLLABORA_ENABLED=${COLLABORA_ENABLED}
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_ENABLED=${TALK_ENABLED}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
@@ -135,6 +140,21 @@ services:
     networks:
       - nextcloud-aio
  
+  nextcloud-aio-onlyoffice:
+    container_name: nextcloud-aio-onlyoffice
+    image: nextcloud/aio-onlyoffice:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+      - JWT_ENABLED=true
+      - JWT_HEADER=AuthorizationJwt
+      - JWT_SECRET=${ONLYOFFICE_SECRET}
+    volumes:
+      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
   nextcloud-aio-imaginary:
     container_name: nextcloud-aio-imaginary
     image: nextcloud/aio-imaginary:latest-arm64
@@ -170,6 +190,8 @@ volumes:
     name: nextcloud_aio_elasticsearch
   nextcloud_aio_nextcloud:
     name: nextcloud_aio_nextcloud
+  nextcloud_aio_onlyoffice:
+    name: nextcloud_aio_onlyoffice
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 

From 5641f62561cb3f1918ae0482a75653629a10834a Mon Sep 17 00:00:00 2001
From: Klaus15 <le_kluus@web.de>
Date: Thu, 13 Oct 2022 23:04:32 +0200
Subject: [PATCH 0076/3949] Update nginx section of reverse-proxy.md

added nginx.conf code snippet to get a working websocket config

Signed-off-by: Klaus15 <le_kluus@web.de>
---
 reverse-proxy.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 742e1b71..786685bc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -159,7 +159,19 @@ location / {
         proxy_set_header Connection $connection_upgrade;
     }
 ```
+and this to the http{...}-section in your nginx.conf:
 
+```
+    ##
+    # Connection header for WebSocket reverse proxy
+    ##
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+```
+(otherwise nginx will fail to start with a message saying the variable named connection_upgrade does not exist)
+    
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.

From b6470db144f29a64e32970edc5f324eb1e908a62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Oct 2022 12:21:19 +0000
Subject: [PATCH 0077/3949] Bump caddy from 2.6.1-alpine to 2.6.2-alpine in
 /Containers/apache

Bumps caddy from 2.6.1-alpine to 2.6.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 2f3b0509..26be8471 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # Caddy is a requirement
-FROM caddy:2.6.1-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy
 
 FROM debian:bullseye-20221004-slim
 

From 4e598b9de3e7b7fa00daa1c2974f59cb199000bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Oct 2022 12:21:20 +0000
Subject: [PATCH 0078/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.6.1-alpine to 2.6.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 308d3262..12bd701f 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:20.10.18-dind-alpine3.16 as dind
 
 # Caddy is a requirement
-FROM caddy:2.6.1-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
 FROM php:8.0.24-apache-bullseye

From 9d4c591f1afa5b67ed64aaf7bf2517b2a95ce2b4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sat, 15 Oct 2022 00:48:52 +0200
Subject: [PATCH 0079/3949] add not to borg delete regarding freeing space

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 readme.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/readme.md b/readme.md
index bfc991be..0a11ecc8 100644
--- a/readme.md
+++ b/readme.md
@@ -270,6 +270,12 @@ sudo borg list "/mnt/backup/borg"
 # An example backup archive might be called 20220223_174237-nextcloud-aio
 # Then you can simply delete the archive with:
 sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud-aio"
+
+# If borg 1.2.0 or higher is installed, you then need to run borg compact in order to clean up the freed space
+sudo borg version
+# If version number of the command above is higher than 1.2.0 you need to run the command below:
+sudo borg compact "/mnt/backup/"
+
 ```
 
 After doing so, make sure to update the backup archives list in the AIO interface!<br>

From 8450d7d9a53b7322dcf831f657e5691ff8b2682a Mon Sep 17 00:00:00 2001
From: Nextcloud bot <bot@nextcloud.com>
Date: Sat, 15 Oct 2022 09:57:35 +0000
Subject: [PATCH 0080/3949] Updating lint-php.yml workflow from template

Signed-off-by: Nextcloud bot <bot@nextcloud.com>
---
 .github/workflows/lint-php.yml | 105 ++++++++++++++++++---------------
 1 file changed, 57 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 5da34471..62476c90 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -1,48 +1,57 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Lint
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - master
-      - stable*
-
-jobs:
-  php-lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-versions: ["8.0"]
-
-    name: php-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php-versions }}
-          coverage: none
-
-      - name: Lint
-        run: cd php && composer run lint
-
-  summary:
-    runs-on: ubuntu-latest
-    needs: php-lint
-
-    if: always()
-
-    name: php-lint-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+      - stable*
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: lint-php-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["7.4", "8.0", "8.1"]
+
+    name: php-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: Lint
+        run: composer run lint
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: php-lint
+
+    if: always()
+
+    name: php-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi

From 3118ecf385798549c5e65f305381ed9e1d8134fe Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 16 Oct 2022 17:37:13 +0200
Subject: [PATCH 0081/3949] rework session deduplication

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh         |  1 +
 .../mastercontainer/session-deduplicator.sh   | 40 +++++++++----------
 php/src/Auth/AuthManager.php                  | 10 +++++
 php/src/Controller/DockerController.php       |  2 +-
 php/src/Controller/LoginController.php        |  4 +-
 php/src/Data/DataConst.php                    |  4 ++
 php/src/Middleware/AuthMiddleware.php         |  8 ++--
 7 files changed, 40 insertions(+), 29 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d2f61999..4b70d6d4 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -246,6 +246,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/session/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
diff --git a/Containers/mastercontainer/session-deduplicator.sh b/Containers/mastercontainer/session-deduplicator.sh
index 796ccb54..08ec0f9c 100644
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -1,26 +1,22 @@
 #!/bin/bash
 
-while true; do
-    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
-        # First delete all session files that are not authenticated
-        unset SESSION_FILES
-        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
-        unset SESSION_FILES_ARRAY
-        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
-        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if [ -f "$SESSION_FILE" ] && ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
-                rm "$SESSION_FILE"
-            fi
-        done
+deduplicate_sessions() {
+    echo "Deleting duplicate sessions"
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
+}
 
-        # Second clean up all sessions that are authenticated
-        echo "Deleting duplicate sessions"
-        unset OLDEST_FILE
-        set -x
-        # shellcheck disable=SC2012
-        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
-        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
-        set +x
-    done
-    sleep 5
+compare_times() {
+    if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
+        unset NEW_SESSION_TIME
+        NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
+        if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
+            deduplicate_sessions
+        fi
+        OLD_SESSION_TIME="$NEW_SESSION_TIME"
+    fi
+}
+
+while true; do
+    compare_times
+    sleep 2
 done
diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index f18f1a7b..5ee6c267 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -3,6 +3,8 @@
 namespace AIO\Auth;
 
 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;
 
 class AuthManager {
     private const SESSION_KEY = 'aio_authenticated';
@@ -21,6 +23,14 @@ class AuthManager {
     }
 
     public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
         $_SESSION[self::SESSION_KEY] = $isLoggedIn;
     }
 
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index c1f44312..7cf15226 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -101,7 +101,7 @@ class DockerController
     public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index aaab2952..bd7cb0b5 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -23,7 +23,7 @@ class LoginController
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);
@@ -33,7 +33,7 @@ class LoginController
     }
 
     public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+        $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
             return $response->withHeader('Location', '/')->withStatus(302);
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 5e671c11..7ac3527e 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -46,4 +46,8 @@ class DataConst {
     public static function GetBackupArchivesList() : string {
         return self::GetDataDirectory() . '/backup_archives.list';
     }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index 98e4f7d4..c0c814b8 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -28,10 +28,10 @@ class AuthMiddleware
 
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
-                $response = new Response();
-                return $response
-                    ->withHeader('Location', '/')
-                    ->withStatus(302);
+                $status = 302;
+                $headers = ['Location' => '/'];
+                $response = new Response($status, $headers);
+                return $response;
             }
         }
 

From 3ac260837f29f699e5377f0476341691210ea14d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 16 Oct 2022 18:23:27 +0200
Subject: [PATCH 0082/3949] add 2nd tab warning

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/public/second-tab-warning.js | 12 ++++++++++++
 php/templates/containers.twig    |  3 +++
 2 files changed, 15 insertions(+)
 create mode 100644 php/public/second-tab-warning.js

diff --git a/php/public/second-tab-warning.js b/php/public/second-tab-warning.js
new file mode 100644
index 00000000..63abc18b
--- /dev/null
+++ b/php/public/second-tab-warning.js
@@ -0,0 +1,12 @@
+const channel = new BroadcastChannel('tab')
+
+channel.postMessage('second-tab')
+// note that listener is added after posting the message
+
+channel.addEventListener('message', (msg) => {
+    if (msg.data === 'second-tab') {
+        // message received from 2nd tab
+        document.getElementById('overlay').classList.add('loading')
+        alert('Cannot open multiple instances. You can use AIO here by reloading the page.')
+    }
+});
\ No newline at end of file
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e3851142..d698abb9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -18,6 +18,9 @@
     <div class="content">
         <h1>Nextcloud AIO v2.0.4</h1>
 
+        {# Add 2nd tab warning #}
+        <script type="text/javascript" src="second-tab-warning.js"></script>
+
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}
         {% set isWatchtowerRunning = false %}

From c789b7e5db4395d3bb8620163482ed594d59591f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 17 Oct 2022 16:30:38 +0200
Subject: [PATCH 0083/3949] fix lint

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 62476c90..730d2aa4 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -10,8 +10,6 @@ on:
   push:
     branches:
       - main
-      - master
-      - stable*
 
 permissions:
   contents: read
@@ -25,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["7.4", "8.0", "8.1"]
+        php-versions: ["8.0"]
 
     name: php-lint
 
@@ -40,7 +38,7 @@ jobs:
           coverage: none
 
       - name: Lint
-        run: composer run lint
+        run: cd php && composer run lint
 
   summary:
     permissions:

From d3d8b11e2807c7d2fcf7a40907e3c916e283225d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 11 Oct 2022 20:29:52 +0200
Subject: [PATCH 0084/3949] change entrypoint of nextcloud container to root

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  6 ++++--
 Containers/nextcloud/entrypoint.sh |  4 ++--
 Containers/nextcloud/notify.sh     |  4 ++++
 Containers/nextcloud/start.sh      | 14 +++++++++++---
 migration.md                       |  2 +-
 readme.md                          | 17 +++++------------
 6 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 24a3304d..f2398570 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -202,6 +202,7 @@ RUN set -ex; \
         postgresql-client \
         tzdata \
         mawk \
+        sudo \
     ; \
     rm -rf /var/lib/apt/lists/*
 
@@ -249,7 +250,8 @@ VOLUME /mnt/ncdata
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
-USER www-data
+USER root
 ENTRYPOINT ["/start.sh"]
+CMD ["sudo", "-u", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 9000 && nc -z localhost 7867) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ac3cabe4..8e8224d4 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -32,8 +32,8 @@ fi
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
     echo "The www-data user doesn't seem to have access rights in the datadir.
-Did you maybe change the datadir and did forget to apply the correct permissions?
-See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+Most likely are the files located on a drive that does not follow linux permissions.
+Please adjust the permissions like mentioned below.
 The found permissions are:
 $(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
 (userID:groupID permissions)
diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh
index 3b0875b7..f6090626 100644
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+if [[ "$EUID" = 0 ]]; then
+    sudo -u www-data -s
+fi
+
 SUBJECT="$1"
 MESSAGE="$2"
 
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 8b7e8d97..0d32c0d2 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Only start container if database is accessible
-while ! nc -z "$POSTGRES_HOST" 5432; do
+while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
     echo "Waiting for database to start..."
     sleep 5
 done
@@ -13,7 +13,7 @@ export POSTGRES_USER
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
-    while ! psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
@@ -28,8 +28,16 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     update-ca-certificates
 fi
 
+# Check datadir permissions
+sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
+    chmod 750 -R "$NEXTCLOUD_DATA_DIR"
+fi
+rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+
 # Run original entrypoint
-if ! bash /entrypoint.sh; then
+if ! sudo -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
diff --git a/migration.md b/migration.md
index 7649be6a..76498b2c 100644
--- a/migration.md
+++ b/migration.md
@@ -17,7 +17,7 @@ The procedure for migrating only the files works like this:
 1. Restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
 1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
 1. Start the containers again and wait until all containers are running
-1. Run `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
+1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 
 ## Migrate the files and the database
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!
diff --git a/readme.md b/readme.md
index bfc991be..a24a9318 100644
--- a/readme.md
+++ b/readme.md
@@ -150,16 +150,16 @@ Afterwards it should work.<br>
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
 
 ### How to run `occ` commands?
-Simply run the following: `sudo docker exec -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
+Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
 
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
-Simply run the following command: `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+Simply run the following command: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
 
 ### How to run multiple AIO instances on one server?
 See [multiple-instances.md](./multiple-instances.md) for some documentation on this.
 
 ### Bruteforce protection FAQ
-Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
+Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
 
 ### Update policy
 This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.
@@ -409,13 +409,6 @@ You can configure the Nextcloud container to use a specific directory on your ho
     ```
     (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
 
-⚠️ Please make sure to apply the correct permissions to the chosen directory before starting Nextcloud the first time (not needed on Windows). 
-
-- In this example for Linux, the command for this would be `sudo chown -R 33:0 /mnt/ncdata` and `sudo chmod -R 750 /mnt/ncdata`. 
-- On macOS, the command for this would be `sudo chown -R 33:0 /var/nextcloud-data` and `sudo chmod -R 750 /var/nextcloud-data`.
-- For Synology, the command for this example would be `sudo chown -R 33:0 /volume1/docker/nextcloud/data` and `sudo chmod -R 750 /volume1/docker/nextcloud/data`
-- On Windows, this command is not needed.
-
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
@@ -450,7 +443,7 @@ When your containers run for a few days without a restart, the container logs th
 ### Access/Edit Nextcloud files/folders manually
 The files and folders that you add to Nextcloud are by default stored in the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on the host. If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
 
-After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all`.
+After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
 
 ### How to store the files/installation on a separate drive?
 You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
@@ -460,7 +453,7 @@ You can move the whole docker library and all its files including all Nextcloud
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo nano /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
 ### Custom skeleton directory
-If you want to define a custom skeleton directory, you can do so by putting your skeleton files into `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton/`, applying the correct permissions with `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton` and and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and setting the skeleton directory option with `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+If you want to define a custom skeleton directory, you can do so by putting your skeleton files into `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton/`, applying the correct permissions with `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton` and and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports))

From 203b17d316b70673d83666aee5dd03dc11bc24a6 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 16 Oct 2022 13:07:22 +0200
Subject: [PATCH 0085/3949] improve rootless docs

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 docker-rootless.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 4bc6e6cd..00178131 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -11,4 +11,4 @@ You can run AIO with docker rootless by following the steps below.
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
 
-**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. For changing Nextcloud's datadir, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). This logically also applies to the NEXTCLOUD_MOUNT option.
+**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 

From 132b97ba201032557a5bdb2ebe9fe9702e5079eb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 18 Oct 2022 23:50:16 +0200
Subject: [PATCH 0086/3949] add some guides for local dns server

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 local-instance.md | 2 +-
 readme.md         | 5 ++++-
 reverse-proxy.md  | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index ffc6380e..35f6d827 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -5,7 +5,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
 The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
-1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy 
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
 1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
diff --git a/readme.md b/readme.md
index 0a11ecc8..5cc231cf 100644
--- a/readme.md
+++ b/readme.md
@@ -134,7 +134,10 @@ No and they will not be. Please use a dedicated domain for Nextcloud and set it
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO.
+The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
+- https://howchoo.com/pi/pi-hole-setup
+- https://docs.callitkarma.me/posts/PiHole-Local-DNS/
+- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 742e1b71..af13cc98 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -118,7 +118,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
     Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
-**Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy. If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
+**Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
 
 </details>
 

From 8397ff50b4920083556372b9dbcb385a3c0b9e7c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 18 Oct 2022 23:52:20 +0200
Subject: [PATCH 0087/3949] reverse the order

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 readme.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 5cc231cf..c883ddad 100644
--- a/readme.md
+++ b/readme.md
@@ -135,9 +135,8 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
 
 ### How can I access Nextcloud locally?
 The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
-- https://howchoo.com/pi/pi-hole-setup
-- https://docs.callitkarma.me/posts/PiHole-Local-DNS/
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
+- https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
 
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.

From be243fdba9e4198ba06098dc4cabb31e4e7fa21f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Oct 2022 12:31:59 +0000
Subject: [PATCH 0088/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.6.3.1 to 22.05.7.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 0eab5a39..1487172b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.6.3.1
+FROM collabora/code:22.05.7.2.1
 
 USER root
 

From d4645d50ab0a43517f33aff5953b392ef431f2e1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 24 Oct 2022 18:57:18 +0200
Subject: [PATCH 0089/3949] make nginx config more verbose

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 reverse-proxy.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 242b661d..541a09c9 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -236,7 +236,10 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 Add this to you nginx config:
 
 ```
-location / {
+server {
+    listen 443 ssl;
+    server_name <your-nc-domain>;
+    location / {
         proxy_pass http://localhost:11000;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
@@ -248,6 +251,10 @@ location / {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
+    ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
+    ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
+}
+
 ```
 and this to the http{...}-section in your nginx.conf:
 

From 5c256564609b0c959a95c4cc6d9a2dc972411b70 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 24 Oct 2022 19:46:09 +0200
Subject: [PATCH 0090/3949] install borg from backports in the future

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile      |  2 +-
 Containers/borgbackup/backupscript.sh | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 7922e28b..c1e2662c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -3,8 +3,8 @@ FROM debian:bullseye-20221004-slim
 RUN set -ex; \
     \
     apt-get update; \
+    apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
     apt-get install -y --no-install-recommends \
-        borgbackup \
         rsync \
         fuse \
         python3-llfuse \
diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d2f61999..254c1fdc 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -155,6 +155,13 @@ if [ "$BORG_MODE" = backup ]; then
         exit 1
     fi
 
+    # Compact archives
+    echo "Compacting the archives..."
+    if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+        echo "Failed to compact archives!"
+        exit 1
+    fi
+
     # Back up additional directories of the host
     if [ "$ADDITIONAL_DIRECTORIES_BACKUP" = 'yes' ]; then
         if [ -d "/docker_volumes/" ]; then
@@ -172,11 +179,14 @@ if [ "$BORG_MODE" = backup ]; then
                 echo "Backup of additional docker-volumes failed!"
                 exit 1
             fi
-
             if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
         fi
         if [ -d "/host_mounts/" ]; then
             EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache var/cache lost+found run var/run dev tmp sys proc)
@@ -200,6 +210,10 @@ if [ "$BORG_MODE" = backup ]; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
         fi
     fi
 

From f5102f856275cb0f78a1e2a16da0ab85ee27a6df Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 24 Oct 2022 20:41:56 +0200
Subject: [PATCH 0091/3949] add bullseye-backports to sources.list

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index c1e2662c..de0c26bd 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -2,6 +2,7 @@ FROM debian:bullseye-20221004-slim
 
 RUN set -ex; \
     \
+    echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \
     apt-get update; \
     apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
     apt-get install -y --no-install-recommends \

From e5fce3eb890659b1033a6afa36f8a4a146edf7a5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 24 Oct 2022 20:51:36 +0200
Subject: [PATCH 0092/3949] update OO

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 31c243d8..e71c8fae 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.0.204
+FROM onlyoffice/documentserver:7.2.1.34
 
 HEALTHCHECK CMD curl -skfI localhost || exit 1
\ No newline at end of file

From 62f129bdd27ece9eb0b0d16015cf3eda76e9a2e2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Oct 2022 18:52:20 +0000
Subject: [PATCH 0093/3949] Bump docker in /Containers/mastercontainer

Bumps docker from 20.10.18-dind-alpine3.16 to 20.10.20-dind-alpine3.16.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 308d3262..e61bbbed 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.18-dind-alpine3.16 as dind
+FROM docker:20.10.20-dind-alpine3.16 as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.1-alpine as caddy

From 8a71b4e9dc5fd504adf8997cb41a1a849b3a2144 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:41:17 +0000
Subject: [PATCH 0094/3949] Bump ubuntu from focal-20220922 to focal-20221019
 in /Containers/talk

Bumps ubuntu from focal-20220922 to focal-20221019.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7e0e9e27..d7b5e4dd 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20220922
+FROM ubuntu:focal-20221019
 
 RUN set -ex; \
     \

From d41ae98de740e957ab8b0e0b24ffda0017d94ca9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:41:17 +0000
Subject: [PATCH 0095/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20221004-slim to bullseye-20221024-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index de0c26bd..eaf918a8 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221004-slim
+FROM debian:bullseye-20221024-slim
 
 RUN set -ex; \
     \

From 9daecad5b3ccccf87e2610b0272df22f5312bd79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:41:23 +0000
Subject: [PATCH 0096/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20221004-slim to bullseye-20221024-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 26be8471..b898be2b 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221004-slim
+FROM debian:bullseye-20221024-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From e1ec9c738d81e4ac64acfefc2c0c368471fa38ef Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 25 Oct 2022 18:13:16 +0200
Subject: [PATCH 0097/3949] update one-click settings

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ac3cabe4..f434c909 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -307,6 +307,8 @@ fi
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
+php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
+php /var/www/html/occ app:enable support
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."

From fa6a238d1600e2ddc9b3ad07c038aa21ea290c85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Oct 2022 12:36:26 +0000
Subject: [PATCH 0098/3949] Bump guzzlehttp/psr7 from 2.4.1 to 2.4.2 in /php

Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/master/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/2.4.1...2.4.2)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 458d1dce..7fe6798b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -220,16 +220,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.1",
+            "version": "2.4.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "69568e4293f4fa993f3b0e51c9723e1e17c41379"
+                "reference": "3148458748274be1546f8f2809a6c09fe66f44aa"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/69568e4293f4fa993f3b0e51c9723e1e17c41379",
-                "reference": "69568e4293f4fa993f3b0e51c9723e1e17c41379",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3148458748274be1546f8f2809a6c09fe66f44aa",
+                "reference": "3148458748274be1546f8f2809a6c09fe66f44aa",
                 "shasum": ""
             },
             "require": {
@@ -319,7 +319,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.2"
             },
             "funding": [
                 {
@@ -335,7 +335,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-28T14:45:39+00:00"
+            "time": "2022-10-25T13:49:28+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 2faa1357d39a20083748f8c669628c0c2db5f904 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Oct 2022 12:41:22 +0000
Subject: [PATCH 0099/3949] Bump docker in /Containers/mastercontainer

Bumps docker from 20.10.20-dind-alpine3.16 to 20.10.21-dind-alpine3.16.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 0678a7ca..cb0554d7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.20-dind-alpine3.16 as dind
+FROM docker:20.10.21-dind-alpine3.16 as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

From e92daa62bfec44c8825374a6663b16b95256cd46 Mon Sep 17 00:00:00 2001
From: Brian Philipp <66728496+BR14Nx@users.noreply.github.com>
Date: Wed, 26 Oct 2022 17:50:04 +0200
Subject: [PATCH 0100/3949] Hint about custom datadirectory path

Signed-off-by: Brian Philipp <66728496+BR14Nx@users.noreply.github.com>
---
 migration.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration.md b/migration.md
index 7649be6a..f4b8cb52 100644
--- a/migration.md
+++ b/migration.md
@@ -72,8 +72,8 @@ The procedure for migrating the files and the database works like this:
     sudo chmod 777 /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
     sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/initial-cleanup-done
     ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`. Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions on the datadirectory.
 1. Edit the Nextcloud AIO config.php file that is stored in `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
 1. As last step, install all apps again that were installed before on your old instance by using the webinterface.

From d01a1087fa69d2517134a395cd79a7f0eb60a105 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Wed, 26 Oct 2022 19:30:15 +0200
Subject: [PATCH 0101/3949] prettify json and unescape slashes

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index deb601ef..b1f3b560 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -443,7 +443,7 @@ class ConfigurationManager
         if ($df !== false && (int)$df < 10240) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
         }
-        file_put_contents(DataConst::GetConfigFile(), json_encode($config));
+        file_put_contents(DataConst::GetConfigFile(), json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT));
     }
 
     private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {

From b9ada72be3d83e6ac83201b571d0d071c374d14d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 12:35:42 +0200
Subject: [PATCH 0102/3949] address missing points

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/notify.sh | 2 +-
 Containers/nextcloud/start.sh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh
index f6090626..71768a23 100644
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 if [[ "$EUID" = 0 ]]; then
-    sudo -u www-data -s
+    sudo -u www-data -sE
 fi
 
 SUBJECT="$1"
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 0d32c0d2..8ca26e70 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -34,7 +34,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
     chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
     chmod 750 -R "$NEXTCLOUD_DATA_DIR"
 fi
-rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 # Run original entrypoint
 if ! sudo -u www-data bash /entrypoint.sh; then

From 4b10fcada204c36d64acd354cb8dd7d3076f5ed0 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 24 Oct 2022 21:38:17 +0200
Subject: [PATCH 0103/3949] use the add commands to add talk settings

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9655c0b0..7e2cbea1 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -398,12 +398,16 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     else
         php /var/www/html/occ app:update spreed
     fi
-    STUN_SERVERS="[\"$NC_DOMAIN:$TALK_PORT\"]"
-    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:$TALK_PORT\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
-    SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
-    php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
+    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
+    if ! php /var/www/html/occ talk:turn:list --output="plain" | grep -q "$NC_DOMAIN:$TALK_PORT"; then
+        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+    fi
+    if ! php /var/www/html/occ talk:stun:list --output="plain" | grep -q "$NC_DOMAIN:$TALK_PORT"; then
+        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
+    fi
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --validate-ssh-certificate
+    fi
 else
     if [ -d "/var/www/html/custom_apps/spreed" ]; then
         php /var/www/html/occ app:remove spreed

From f8a1c1862a072b0e0887081e69cf4f6eabc765cc Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Tue, 25 Oct 2022 21:03:10 +0200
Subject: [PATCH 0104/3949] address review

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    | 1 +
 Containers/nextcloud/entrypoint.sh | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f2398570..2ef874b5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -203,6 +203,7 @@ RUN set -ex; \
         tzdata \
         mawk \
         sudo \
+        grep \
     ; \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7e2cbea1..fa736390 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -399,14 +399,15 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update spreed
     fi
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
-    if ! php /var/www/html/occ talk:turn:list --output="plain" | grep -q "$NC_DOMAIN:$TALK_PORT"; then
+    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
         php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
-    if ! php /var/www/html/occ talk:stun:list --output="plain" | grep -q "$NC_DOMAIN:$TALK_PORT"; then
+    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi
     if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
-        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --validate-ssh-certificate
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
     fi
 else
     if [ -d "/var/www/html/custom_apps/spreed" ]; then

From 201dbc15ae5b6561988aa3bbde7874297d4f1d94 Mon Sep 17 00:00:00 2001
From: TheManchineel <37479927+TheManchineel@users.noreply.github.com>
Date: Wed, 26 Oct 2022 12:30:38 +0200
Subject: [PATCH 0105/3949] Rework NGINX reverse proxy docs to support CODE

As per PR #1236, applied the same documentation change to the NGINX configuration, so as to pass the full URI of each HTTP request to the Collabora Online backend. This fixes #834 but for NGINX rather than Apache. It might be necessary to make similar changes to other proxy software, but NGINX is what I am familiar with.

Signed-off-by: TheManchineel <37479927+TheManchineel@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 541a09c9..c9e5508b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -240,7 +240,7 @@ server {
     listen 443 ssl;
     server_name <your-nc-domain>;
     location / {
-        proxy_pass http://localhost:11000;
+        proxy_pass http://localhost:11000$request_uri;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

From 87192838e8e72729b652b53cb733903cb0fce024 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 13:04:45 +0200
Subject: [PATCH 0106/3949] improve detail

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 .github/workflows/shellcheck.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 9b80cf3f..c85dc22f 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   shellcheck:
-    name: Github Actions
+    name: Check Shell
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3

From e81c4e30418e613a9e98ffc5f47f8347bd18435f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 13:50:26 +0200
Subject: [PATCH 0107/3949] skip app update if backup was restored or
 comparable

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9655c0b0..97569fa0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -279,6 +279,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
         fi
     fi
+else
+    SKIP_UPDATE=1
 fi
 
 # Check if appdata is present
@@ -341,7 +343,7 @@ if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push
 elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; then
     php /var/www/html/occ app:enable notify_push
-else
+elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
 fi
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
@@ -354,7 +356,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install richdocuments
     elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
         php /var/www/html/occ app:enable richdocuments
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update richdocuments
     fi
     php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
@@ -376,7 +378,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install onlyoffice
     elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
         php /var/www/html/occ app:enable onlyoffice
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update onlyoffice
     fi
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
@@ -395,7 +397,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install spreed
     elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
         php /var/www/html/occ app:enable spreed
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update spreed
     fi
     STUN_SERVERS="[\"$NC_DOMAIN:$TALK_PORT\"]"
@@ -420,7 +422,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install files_antivirus
     elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
         php /var/www/html/occ app:enable files_antivirus
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update files_antivirus
     fi
     php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
@@ -456,21 +458,21 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install fulltextsearch
     elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" = "no" ]; then
         php /var/www/html/occ app:enable fulltextsearch
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update fulltextsearch
     fi    
     if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
         php /var/www/html/occ app:install fulltextsearch_elasticsearch
     elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" = "no" ]; then
         php /var/www/html/occ app:enable fulltextsearch_elasticsearch
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update fulltextsearch_elasticsearch
     fi    
     if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
         php /var/www/html/occ app:install files_fulltextsearch
     elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" = "no" ]; then
         php /var/www/html/occ app:enable files_fulltextsearch
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'

From 31a16535fe4df6bdddf14423c6fea1319678303b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:23:27 +0000
Subject: [PATCH 0108/3949] Bump guzzlehttp/psr7 from 2.4.2 to 2.4.3 in /php

Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/master/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/2.4.2...2.4.3)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7fe6798b..5bf60037 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -220,16 +220,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.2",
+            "version": "2.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "3148458748274be1546f8f2809a6c09fe66f44aa"
+                "reference": "67c26b443f348a51926030c83481b85718457d3d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3148458748274be1546f8f2809a6c09fe66f44aa",
-                "reference": "3148458748274be1546f8f2809a6c09fe66f44aa",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
+                "reference": "67c26b443f348a51926030c83481b85718457d3d",
                 "shasum": ""
             },
             "require": {
@@ -319,7 +319,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.2"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
             },
             "funding": [
                 {
@@ -335,7 +335,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-10-25T13:49:28+00:00"
+            "time": "2022-10-26T14:07:24+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 12f62205912c23b9cb2404d7dc8a9c9ea0c327e6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:43:04 +0000
Subject: [PATCH 0109/3949] Bump elasticsearch from 7.17.6 to 7.17.7 in
 /Containers/fulltextsearch

Bumps elasticsearch from 7.17.6 to 7.17.7.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index c789a72e..9569eb65 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.6
+FROM elasticsearch:7.17.7
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 

From 24eefc7009fe51bd402f3add5c55377455345944 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 15:22:47 +0200
Subject: [PATCH 0110/3949] increase to 2.1.0

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d698abb9..a6d3f4bd 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.4</h1>
+        <h1>Nextcloud AIO v2.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 6458bf661314fae49f255506254fa6f17712c1a5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 15:58:40 +0200
Subject: [PATCH 0111/3949] fix chaning to root user

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 Containers/nextcloud/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2ef874b5..4a68eb3e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -253,6 +253,6 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER root
 ENTRYPOINT ["/start.sh"]
-CMD ["sudo", "-u", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["sudo", "-uE", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 8ca26e70..53bf29b0 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -37,7 +37,7 @@ fi
 sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 # Run original entrypoint
-if ! sudo -u www-data bash /entrypoint.sh; then
+if ! sudo -uE www-data bash /entrypoint.sh; then
     exit 1
 fi
 

From a03fad2c335348af7ea3cec1845e613a9ef0dbf7 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 16:11:09 +0200
Subject: [PATCH 0112/3949] fix sudo command

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 Containers/nextcloud/notify.sh  | 2 +-
 Containers/nextcloud/start.sh   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4a68eb3e..94ea63b0 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -253,6 +253,6 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER root
 ENTRYPOINT ["/start.sh"]
-CMD ["sudo", "-uE", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["sudo", "-E", "-u", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh
index 71768a23..f782f315 100644
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 if [[ "$EUID" = 0 ]]; then
-    sudo -u www-data -sE
+    sudo -u www-data -s -E
 fi
 
 SUBJECT="$1"
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 53bf29b0..8dcdb148 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -37,7 +37,7 @@ fi
 sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 # Run original entrypoint
-if ! sudo -uE www-data bash /entrypoint.sh; then
+if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 

From a547f1d89257bcd7df18b9479f3dba9ddd79f667 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 18:23:16 +0200
Subject: [PATCH 0113/3949] another attempt

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile       | 4 ----
 Containers/nextcloud/supervisord.conf | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 94ea63b0..13d93a67 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -227,15 +227,12 @@ RUN set -ex; \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
-    chown www-data:root -R /var/log/supervisord/ && \
-    chown www-data:root -R /var/run/supervisord/ && \
     rm -r /usr/src/nextcloud/apps/updatenotification
 
 COPY start.sh /
 COPY notify.sh /
 RUN set -ex; \
     chmod +x /start.sh && \
-    chmod +r /supervisord.conf && \
     chmod +x /entrypoint.sh && \
     chmod +r /upgrade.exclude && \
     chmod +x /cron.sh && \
@@ -253,6 +250,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER root
 ENTRYPOINT ["/start.sh"]
-CMD ["sudo", "-E", "-u", "www-data", "/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index f411e59b..e376deaa 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -14,6 +14,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
+user=www-data
 
 [program:cron]
 stdout_logfile=/dev/stdout
@@ -21,6 +22,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
+user=www-data
 
 [program:notify-push]
 stdout_logfile=/dev/stdout
@@ -28,6 +30,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
+user=www-data
 
 [program:activate-collabora]
 stdout_logfile=/dev/stdout
@@ -35,3 +38,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/activate-collabora.sh
+user=www-data

From db5cab9e34304bc5636969c3cdfad872d296152c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 27 Oct 2022 18:51:51 +0200
Subject: [PATCH 0114/3949] fix it!

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/supervisord.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index e376deaa..a26f8d8c 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -14,7 +14,6 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
-user=www-data
 
 [program:cron]
 stdout_logfile=/dev/stdout

From a0dc8781a7af4685b29c01750c1f908d57006aa9 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 27 Oct 2022 22:07:34 +0200
Subject: [PATCH 0115/3949] improve nginx reverse proxy documnetation

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 42 +++++++++++++++++++++++++++++++-----------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c9e5508b..0ba92e0e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -237,22 +237,42 @@ Add this to you nginx config:
 
 ```
 server {
-    listen 443 ssl;
+    listen 80;
+#    listen [::]:80;            # uncomment to use IPv6
+    
+    if ($scheme = "http") {
+	return 301 https://$host$request_uri;
+    }
+
+    listen 443 ssl http2;
+#    listen [::]:443 ssl http2; # uncomment to use IPv6
+    
     server_name <your-nc-domain>;
+	
     location / {
-        proxy_pass http://localhost:11000$request_uri;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        client_max_body_size 0;
+        proxy_pass                          http://localhost:11000$request_uri;
+	
+        proxy_set_header Host               $host;
+        proxy_set_header X-Real-IP          $remote_addr;
+        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+        client_max_body_size                0;
 
         # Websocket
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
+        proxy_http_version                  1.1;
+        proxy_set_header Upgrade            $http_upgrade;
+        proxy_set_header Connection         $connection_upgrade;
     }
-    ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
-    ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
+    
+    ssl_certificate     /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
+    ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem;   # managed by certbot on host machine
+    
+    ssl_session_timeout 1d;
+    ssl_session_cache   shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+    
+    ssl_protocols             TLSv1.2 TLSv1.3;
+    ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
 }
 
 ```

From 39f7874ea7b822c89c8d9322a08eb6991dee1280 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 28 Oct 2022 04:50:20 +0000
Subject: [PATCH 0116/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index f6d5a2ab..afa54e7b 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -30,12 +30,6 @@
       <code>$args</code>
       <code>$args</code>
     </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyNullArrayAccess>
   </file>
   <file src="src/Controller/LoginController.php">
     <MissingParamType occurrences="3">
@@ -43,15 +37,6 @@
       <code>$args</code>
       <code>$args</code>
     </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArgument occurrences="1">
-      <code>$password</code>
-    </PossiblyNullArgument>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyNullArrayAccess>
   </file>
   <file src="src/Docker/DockerActionManager.php">
     <InvalidReturnType occurrences="1">
@@ -64,11 +49,6 @@
       <code>$container-&gt;GetInternalPorts() !== null</code>
     </RedundantCondition>
   </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <UndefinedInterfaceMethod occurrences="1">
-      <code>withStatus</code>
-    </UndefinedInterfaceMethod>
-  </file>
   <file src="src/Twig/ClassExtension.php">
     <MissingParamType occurrences="1">
       <code>$object</code>

From b7708b66dfd9c55f4039627c982b0a16234e3c18 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 28 Oct 2022 17:06:44 +0200
Subject: [PATCH 0117/3949] optimize nginx reverse proxy documentation

With this change, it is not needed to change the main http block

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 59 +++++++++++++++++++++---------------------------
 1 file changed, 26 insertions(+), 33 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0ba92e0e..6affb824 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -236,58 +236,51 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 Add this to you nginx config:
 
 ```
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
 server {
     listen 80;
 #    listen [::]:80;            # uncomment to use IPv6
-    
+
     if ($scheme = "http") {
-	return 301 https://$host$request_uri;
+        return 301 https://$host$request_uri;
     }
 
     listen 443 ssl http2;
 #    listen [::]:443 ssl http2; # uncomment to use IPv6
-    
+
     server_name <your-nc-domain>;
-	
+
     location / {
-        proxy_pass                          http://localhost:11000$request_uri;
-	
-        proxy_set_header Host               $host;
-        proxy_set_header X-Real-IP          $remote_addr;
-        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-        client_max_body_size                0;
+        proxy_pass http://localhost:11000$request_uri;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 0;
 
         # Websocket
-        proxy_http_version                  1.1;
-        proxy_set_header Upgrade            $http_upgrade;
-        proxy_set_header Connection         $connection_upgrade;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
     }
-    
-    ssl_certificate     /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem; # managed by certbot on host machine
-    ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem;   # managed by certbot on host machine
-    
+
+    ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
+    ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
+
     ssl_session_timeout 1d;
-    ssl_session_cache   shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;
-    
-    ssl_protocols             TLSv1.2 TLSv1.3;
-    ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_prefer_server_ciphers off;
 }
 
 ```
-and this to the http{...}-section in your nginx.conf:
-
-```
-    ##
-    # Connection header for WebSocket reverse proxy
-    ##
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
-```
-(otherwise nginx will fail to start with a message saying the variable named connection_upgrade does not exist)
     
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 

From 3616ce48a98302d35a7bc76dd1ecc37edbab54e0 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 30 Oct 2022 02:12:06 +0200
Subject: [PATCH 0118/3949] fix the notify script

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/notify.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh
index f782f315..f74ec16b 100644
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,23 +1,25 @@
 #!/bin/bash
 
 if [[ "$EUID" = 0 ]]; then
-    sudo -u www-data -s -E
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
 fi
 
 SUBJECT="$1"
 MESSAGE="$2"
 
-if [ "$(php /var/www/html/occ config:app:get notifications enabled)" = "no" ]; then
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
     echo "Cannot send notification as notification app is not enabled."
     exit 1
 fi
 
 echo "Posting notifications to users that are admins..."
-NC_USERS=$(php /var/www/html/occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
 mapfile -t NC_USERS <<< "$NC_USERS"
 for user in "${NC_USERS[@]}"
 do
-    if php /var/www/html/occ user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
+    if "${COMMAND[@]}" user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
     then
         NC_ADMIN_USER+=("$user")
     fi
@@ -26,7 +28,7 @@ done
 for admin in "${NC_ADMIN_USER[@]}"
 do
     echo "Posting '$SUBJECT' to: $admin"
-    php /var/www/html/occ notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
 done
 
 echo "Done!"

From adb4279de1bfe9abe8077d891232edc33143de9b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Sun, 30 Oct 2022 02:02:46 +0200
Subject: [PATCH 0119/3949] improve logging situation

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf                |  2 ++
 Containers/mastercontainer/Dockerfile           |  2 +-
 Containers/mastercontainer/mastercontainer.conf |  2 ++
 Containers/mastercontainer/supervisord.conf     | 12 ++++++++----
 Containers/nextcloud/supervisord.conf           |  6 ++++--
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 503dafce..7a0b46b2 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,5 +1,7 @@
 Listen 8000
 <VirtualHost *:8000>
+    ServerName localhost
+
     # Add error log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     ErrorLog ${APACHE_LOG_DIR}/error.log
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cb0554d7..7f4a3869 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -52,7 +52,7 @@ RUN set -e && \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod 770 -R ./; \
-    chown www-data:www-data -R ./; \
+    chown www-data:www-data -R /var/www; \
     rm -r ./php/data; \
     rm -r ./php/session
 
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 3185f911..b343af32 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -11,6 +11,8 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 
 # Http host
 <VirtualHost *:8000>
+    ServerName localhost
+
     # PHP match
     <FilesMatch "\.php$">
         SetHandler application/x-httpd-php
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index aea8aaa0..5072586c 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -1,26 +1,28 @@
 [supervisord]
 nodaemon=true
-nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
 loglevel=error
+user=root
 
 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apache2-foreground
+user=root
 
 [program:caddy]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=sudo -u www-data /usr/bin/caddy run --config /Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
+user=www-data
 
 [program:cron]
 stdout_logfile=/dev/stdout
@@ -35,6 +37,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/backup-time-file-watcher.sh
+user=root
 
 [program:session-deduplicator]
 stdout_logfile=/dev/stdout
@@ -42,3 +45,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
+user=root
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index a26f8d8c..d6476d44 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -7,13 +7,15 @@ childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
+user=root
 
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+# stderr_logfile=/dev/stderr
+# stderr_logfile_maxbytes=0
 command=php-fpm
+user=root
 
 [program:cron]
 stdout_logfile=/dev/stdout

From 77613f456caf80335528fccad4d1c63d8f8546a8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 31 Oct 2022 11:49:37 +0100
Subject: [PATCH 0120/3949] Make sure that the sites are really gone

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 4 ++++
 Containers/mastercontainer/Dockerfile | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index b898be2b..2abf26ef 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -46,6 +46,10 @@ RUN rm /etc/apache2/ports.conf; \
 RUN set -ex; \
     a2dissite 000-default && \
     a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
     a2ensite nextcloud.conf && \
     rm -rf /var/www/html/* && \
     chown www-data:www-data -R /var/log/apache2; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cb0554d7..64f1c9b7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -76,8 +76,13 @@ RUN rm /etc/apache2/ports.conf; \
     sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
     sed -i "/^Listen /d" /etc/apache2/apache2.conf
 
-RUN a2dissite 000-default && \
+RUN set -ex; \
+    a2dissite 000-default && \
     a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
     a2ensite mastercontainer.conf
 
 RUN mkdir /var/log/supervisord; \

From 0e60c52b912165fe0f25ffe45495e6ef57de6b48 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Oct 2022 12:45:15 +0000
Subject: [PATCH 0121/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.24-fpm-alpine3.16 to 8.0.25-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 13d93a67..3288448d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.24-fpm-alpine3.16
+FROM php:8.0.25-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From d767ec65d9f13a217ea71ecd62ad3edf9eb41cf5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Oct 2022 12:45:17 +0000
Subject: [PATCH 0122/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.0.24-apache-bullseye to 8.0.25-apache-bullseye.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cb0554d7..32eb9cec 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.24-apache-bullseye
+FROM php:8.0.25-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

From 982f7644f5535d01156df91b13b0c8b26d9059e3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 31 Oct 2022 15:15:05 +0100
Subject: [PATCH 0123/3949] increase to 2.1.1

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a6d3f4bd..b7171ed0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.1.0</h1>
+        <h1>Nextcloud AIO v2.1.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 968103ee45cd546ecfccb98103cee9fa162df704 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Nov 2022 13:44:54 +0000
Subject: [PATCH 0124/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20221003 to 20221101.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index a3e7c94c..32a35a85 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221003
+FROM nextcloud/imaginary:20221101
 
 USER root
 RUN set -ex; \

From 3bba9da0d57578be5e9691244e9d4ef507382d34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Nov 2022 12:37:17 +0000
Subject: [PATCH 0125/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.7.2.1 to 22.05.7.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 1487172b..b1c20bd5 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.7.2.1
+FROM collabora/code:22.05.7.3.1
 
 USER root
 

From df808c10bb9ae7e2e1f90aa8de7d2847d9d1b188 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 3 Nov 2022 12:52:31 +0000
Subject: [PATCH 0126/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3288448d..5bd0a4b1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.6
+ENV NEXTCLOUD_VERSION 24.0.7
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 4e67b82d463a4b4eaf0e3592efe680db453a7e0d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 3 Nov 2022 15:08:07 +0100
Subject: [PATCH 0127/3949] fix typo

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 8dcdb148..851096ab 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -24,7 +24,7 @@ fi
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
 if [ -n "$TRUSTED_CACERTS_DIR" ]; then
-    echo "User required to trust additional CA certificates, running 'update-ca-certificates."
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"
     update-ca-certificates
 fi
 

From 8cf7d47f26397d2663b2c71920bed8de8adca1ef Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 3 Nov 2022 15:09:15 +0100
Subject: [PATCH 0128/3949] increase to 2.1.2

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b7171ed0..659ec8c2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.1.1</h1>
+        <h1>Nextcloud AIO v2.1.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 99b45997a6ba41bde11d87ac04d7f7e026cb6816 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 4 Nov 2022 13:53:58 +0100
Subject: [PATCH 0129/3949] Add link to docker dns

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index b2e8c82c..742e0fec 100644
--- a/readme.md
+++ b/readme.md
@@ -137,6 +137,7 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
 The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 - https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
+- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.

From 90991c6c24e1703b796b89f3f130d1d832a6a0ff Mon Sep 17 00:00:00 2001
From: Brouware <63195347+Brouware@users.noreply.github.com>
Date: Sat, 5 Nov 2022 00:10:13 +0100
Subject: [PATCH 0130/3949] Fixed typo's

- Fixed command to check Borg version
- Fixed script breaking typo under "Sync the backup regularly to another drive"

Signed-off-by: Brouware <63195347+Brouware@users.noreply.github.com>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 742e0fec..7f965bc6 100644
--- a/readme.md
+++ b/readme.md
@@ -275,7 +275,7 @@ sudo borg list "/mnt/backup/borg"
 sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud-aio"
 
 # If borg 1.2.0 or higher is installed, you then need to run borg compact in order to clean up the freed space
-sudo borg version
+sudo borg --version
 # If version number of the command above is higher than 1.2.0 you need to run the command below:
 sudo borg compact "/mnt/backup/"
 
@@ -326,7 +326,7 @@ if ! [ -d "$DRIVE_MOUNTPOINT" ]; then
     exit 1
 fi
 
-if ! grep -q " $DRIVE_MOUNTPOINT " /etc/fstab; then
+if ! grep -q "$DRIVE_MOUNTPOINT" /etc/fstab; then
     echo "Could not find the drive mountpoint in the fstab file. Did you add it there?"
     exit 1
 fi

From fd88b6188253a89b8b0e90e2ce438530a4c764c3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 5 Nov 2022 01:40:05 +0100
Subject: [PATCH 0131/3949] do not delete the updater so that it can get used
 later on

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    | 1 -
 Containers/nextcloud/entrypoint.sh | 1 -
 2 files changed, 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5bd0a4b1..4b165fd7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -126,7 +126,6 @@ RUN set -ex; \
     tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
     gpgconf --kill all; \
     rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
     mkdir -p /usr/src/nextcloud/data; \
     mkdir -p /usr/src/nextcloud/custom_apps; \
     chmod +x /usr/src/nextcloud/occ; \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3f7af70e..273301cc 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -99,7 +99,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/
             gpgconf --kill all
             rm nextcloud.tar.bz2.asc nextcloud.tar.bz2
-            rm -rf "$GNUPGHOME" /usr/src/tmp/nextcloud/updater
             mkdir -p /usr/src/tmp/nextcloud/data
             mkdir -p /usr/src/tmp/nextcloud/custom_apps
             chmod +x /usr/src/tmp/nextcloud/occ

From 0e36ae0ba9cee3ee900be7cbf59271a487708f84 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 5 Nov 2022 21:42:30 +0100
Subject: [PATCH 0132/3949] add php-deprecation-detector

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../workflows/php-deprecation-detector.yml    | 29 +++++++++++++++++++
 php/composer.json                             |  3 +-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/php-deprecation-detector.yml

diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
new file mode 100644
index 00000000..bd25a68e
--- /dev/null
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -0,0 +1,29 @@
+name: PHP Deprecation Detector
+# See https://github.com/wapmorgan/PhpDeprecationDetector
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: PHP Deprecation Detector
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require wapmorgan/php-deprecation-detector dev-master
+          composer install
+          composer run php-deprecation-detector
\ No newline at end of file
diff --git a/php/composer.json b/php/composer.json
index 55fecbc6..5a0d46ed 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -21,6 +21,7 @@
     "scripts": {
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
-        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
+		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.0 \\;"
 	}
 }

From 19369c7ce2d795e9b2fd9f90e4dcede3ce18db74 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Mon, 7 Nov 2022 04:46:43 +0000
Subject: [PATCH 0133/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index afa54e7b..96bfc692 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.29.0@7ec5ffbd5f68ae03782d7fd33fff0c45a69f95b3">
+<files psalm-version="4.30.0@d0bc6e25d89f649e4f36a534f330f8bb4643dd69">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From b47e674aa7422bf33f27d7d6ec186f06db4457f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 7 Nov 2022 19:44:02 +0100
Subject: [PATCH 0134/3949] session should not get cleared automatically before
 24h

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/public/index.php b/php/public/index.php
index 3829017a..d469264b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -22,6 +22,9 @@ ini_set('session.save_path', $dataConst->GetSessionDirectory());
 // Auto logout on browser close
 ini_set('session.cookie_lifetime', '0');
 
+# Keep session for 24h max
+ini_set('session.gc_maxlifetime', '86400');
+
 // Create app
 AppFactory::setContainer($container);
 $app = AppFactory::create();

From 43eddabeaf6f5dd511d88c5607f94fb6c12b8e9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Nov 2022 12:07:10 +0000
Subject: [PATCH 0135/3949] Bump containrrr/watchtower from 1.4.0 to 1.5.1 in
 /Containers/watchtower

Bumps containrrr/watchtower from 1.4.0 to 1.5.1.

---
updated-dependencies:
- dependency-name: containrrr/watchtower
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 7a54bbf2..493af190 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.4.0 as watchtower
+FROM containrrr/watchtower:1.5.1 as watchtower
 
 FROM alpine:3.16.2
 

From 4e7fa6b4b9e6ac302fb7db3eba9ad29a08483e8a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 8 Nov 2022 19:29:49 +0100
Subject: [PATCH 0136/3949] Add explanation of the initial docker run command
 to the readme

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/readme.md b/readme.md
index 742e0fec..74a6b60a 100644
--- a/readme.md
+++ b/readme.md
@@ -52,6 +52,21 @@ The following instructions are especially meant for Linux. For macOS see [this](
 
     </details>
 
+    <details>
+    <summary>Explanation of the command</summary>
+
+    - `sudo docker run` This command spins up a new docker container.
+    - `--name nextcloud-aio-mastercontainer` This is the name of the container and cannot be changed since mastercontainer updates would fail.
+    - `--restart always` This is the "restart policy". `Always` means that the container should get started always. See the docker documentation on further policies.
+    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different port like e.g. `--publish 8081:8080` if port 8080 should already be in use on your host.
+    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed since built-in backups would fail later on.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootles. See the applicable documentation on this. If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
+    - For further options like changing the location of Nextcloud's datadir or mounting some locatioins as external storage into the Nextcloud container, simply read through the readme and/or look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    </details>
+
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. `https://ip.address.of.this.server:8080`<br><br>
 If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>

From f42fa092022fe186a81cc5482bc0ba67166247e7 Mon Sep 17 00:00:00 2001
From: roib20 <66280613+roib20@users.noreply.github.com>
Date: Tue, 8 Nov 2022 21:40:13 +0200
Subject: [PATCH 0137/3949] Proofread and revise explanation of the initial
 docker run command

Clarify explanations of initial docker run command and fix grammar, punctuation and typos (in readme.md)

Signed-off-by: roib20 <66280613+roib20@users.noreply.github.com>
---
 readme.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/readme.md b/readme.md
index 74a6b60a..ce32239b 100644
--- a/readme.md
+++ b/readme.md
@@ -55,16 +55,16 @@ The following instructions are especially meant for Linux. For macOS see [this](
     <details>
     <summary>Explanation of the command</summary>
 
-    - `sudo docker run` This command spins up a new docker container.
-    - `--name nextcloud-aio-mastercontainer` This is the name of the container and cannot be changed since mastercontainer updates would fail.
-    - `--restart always` This is the "restart policy". `Always` means that the container should get started always. See the docker documentation on further policies.
+    - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
+    - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
+    - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
     - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different port like e.g. `--publish 8081:8080` if port 8080 should already be in use on your host.
+    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootles. See the applicable documentation on this. If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
     - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
-    - For further options like changing the location of Nextcloud's datadir or mounting some locatioins as external storage into the Nextcloud container, simply read through the readme and/or look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    - Further options can be set using environment variables, for example `--env TALK_PORT=3478`. To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
 
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>

From 029b6ea7972b4f75dbdccbca5bbc83795db2599a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 26 Sep 2022 20:27:35 +0200
Subject: [PATCH 0138/3949] allow to adjust Nextcloud apps that get installed
 upon first startup

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 10 +++++++++-
 Containers/nextcloud/entrypoint.sh      | 12 ++++++------
 docker-compose.yml                      |  1 +
 manual-install/update-yaml.sh           |  1 +
 php/containers.json                     |  3 ++-
 php/src/Data/ConfigurationManager.php   |  8 ++++++++
 php/src/Docker/DockerActionManager.php  |  2 ++
 readme.md                               |  3 +++
 tests/QA/060-environmental-variables.md |  1 +
 9 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c57b4207..6542d788 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -165,7 +165,15 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
         echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
-It is set to '$TRUSTED_CACERTS_DIR '."
+It is set to '$TRUSTED_CACERTS_DIR'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi
 fi
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3f7af70e..c0f365c0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -229,12 +229,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Install some apps by default
-            php /var/www/html/occ app:install twofactor_totp
-            php /var/www/html/occ app:install deck
-            php /var/www/html/occ app:install tasks
-            php /var/www/html/occ app:install calendar
-            php /var/www/html/occ app:install contacts
-            php /var/www/html/occ app:install apporder
+            if [ -n "$STARTUP_APPS" ]; then
+                read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
+                for app in "${STARTUP_APPS_ARRAY[@]}"; do
+                    php /var/www/html/occ app:install "$app"
+                done
+            fi
 
         #upgrade
         else
diff --git a/docker-compose.yml b/docker-compose.yml
index f047f341..7808a1b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index d8945f7b..5706114f 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -75,6 +75,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf
diff --git a/php/containers.json b/php/containers.json
index 50fe1d1e..a3ceef47 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -156,7 +156,8 @@
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
-        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%"
+        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%",
+        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b1f3b560..45233349 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -700,6 +700,14 @@ class ConfigurationManager
         return false;
     }
 
+    public function GetNextcloudStartupApps() : string {
+        $apps = getenv('NEXTCLOUD_STARTUP_APPS');
+        if (is_string($apps)) {
+            return trim($apps);
+        }
+        return 'twofactor_totp deck tasks calendar contacts apporder';
+    }
+
     public function GetCollaboraDictionaries() : string {
         $config = $this->GetConfig();
         if(!isset($config['collabora_dictionaries'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 19fa4789..59f7602d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -328,6 +328,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetApacheMaxSize();
                 } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
+                } elseif ($out[1] === '%NEXTCLOUD_STARTUP_APPS%') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }
diff --git a/readme.md b/readme.md
index 742e0fec..f3167415 100644
--- a/readme.md
+++ b/readme.md
@@ -446,6 +446,9 @@ If you get an error during the domain validation which states that your ip-addre
 ### How to run this with docker rootless?
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
+### How to change the Nextcloud apps that are installed on the first startup?
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 323c236e..d3b7ebf4 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -14,5 +14,6 @@
 - [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 78959b26cba96dbb52ccdea92b5ec5bd64ca20d9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 8 Nov 2022 23:40:34 +0100
Subject: [PATCH 0139/3949] improve the UX when the login is blocked

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/login.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 38229a7c..b9479253 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -14,8 +14,8 @@
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}
-                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
-                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
+                <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><b>automatic login</b></a> from your Nextcloud.<br><br>
+                If that is not possible, you can unblock the login by running<br><b>sudo docker stop nextcloud-aio-apache</b></p>
             {% endif %}
         </div>
     </div>

From f9f29ae42ad82bd2b2bff9917173ccc96f49acd4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Nov 2022 12:04:23 +0000
Subject: [PATCH 0140/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.7.3.1 to 22.05.8.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b1c20bd5..6115a0a6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.7.3.1
+FROM collabora/code:22.05.8.2.1
 
 USER root
 

From 54687a23756a8e470270ee9b8b8934c6d3cb0a65 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 9 Nov 2022 12:24:54 +0000
Subject: [PATCH 0141/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 5bf60037..8d2f12f0 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1137,30 +1137,30 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.2.1",
+            "version": "1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400"
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ee811a258ecee807846aefc51aabc1963ae0a400",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ebaaf295fd6d7224078d8ae3bba45329b31798c7",
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.3|^8.0",
+                "php": "^7.4 || ^8.0",
                 "psr/http-factory": "^1.0",
                 "psr/http-message": "^1.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.12",
+                "phpspec/prophecy": "^1.15",
                 "phpspec/prophecy-phpunit": "^2.0",
                 "phpunit/phpunit": "^9.5",
-                "squizlabs/php_codesniffer": "^3.5.8"
+                "squizlabs/php_codesniffer": "^3.7"
             },
             "type": "library",
             "autoload": {
@@ -1180,7 +1180,7 @@
                 }
             ],
             "description": "Slim Framework 4 CSRF protection PSR-15 middleware",
-            "homepage": "http://slimframework.com",
+            "homepage": "https://www.slimframework.com",
             "keywords": [
                 "csrf",
                 "framework",
@@ -1189,22 +1189,22 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.2.1"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.3.0"
             },
-            "time": "2021-02-04T15:37:21+00:00"
+            "time": "2022-11-05T19:27:53+00:00"
         },
         {
             "name": "slim/slim",
-            "version": "4.10.0",
+            "version": "4.11.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0"
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
                 "shasum": ""
             },
             "require": {
@@ -1219,21 +1219,21 @@
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "require-dev": {
-                "adriansuter/php-autoload-override": "^1.2",
+                "adriansuter/php-autoload-override": "^1.3",
                 "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.1",
+                "guzzlehttp/psr7": "^2.4",
                 "httpsoft/http-message": "^1.0",
                 "httpsoft/http-server-request": "^1.0",
-                "laminas/laminas-diactoros": "^2.8",
+                "laminas/laminas-diactoros": "^2.17",
                 "nyholm/psr7": "^1.5",
                 "nyholm/psr7-server": "^1.0",
                 "phpspec/prophecy": "^1.15",
                 "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^1.4",
+                "phpstan/phpstan": "^1.8",
                 "phpunit/phpunit": "^9.5",
                 "slim/http": "^1.2",
                 "slim/psr7": "^1.5",
-                "squizlabs/php_codesniffer": "^3.6"
+                "squizlabs/php_codesniffer": "^3.7"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1306,7 +1306,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-03-14T14:18:23+00:00"
+            "time": "2022-11-06T16:33:39+00:00"
         },
         {
             "name": "slim/twig-view",

From bdb159b2fe670a87e8ac84dccbd514bffe629129 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 11:42:43 +0100
Subject: [PATCH 0142/3949] add a link

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7808a1b2..3480eb92 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-nextcloud-apps-that-are-installed-on-the-first-startup
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

From 9b8937884e228796ad7de0e0f47c05ecd04841ef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 11:44:51 +0100
Subject: [PATCH 0143/3949] fix the link

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3480eb92..57e3339b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

From d424776a43fb683b14efae2fce025a70251f3f17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Nov 2022 20:28:50 +0100
Subject: [PATCH 0144/3949] rename TRUSTED_CACERTS_DIR to
 NEXTCLOUD_TRUSTED_CACERTS_DIR

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 8 ++++----
 docker-compose.yml                      | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/containers.json                     | 4 ++--
 php/src/ContainerDefinitionFetcher.php  | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 php/src/Docker/DockerActionManager.php  | 2 +-
 readme.md                               | 4 ++--
 tests/QA/060-environmental-variables.md | 2 +-
 9 files changed, 14 insertions(+), 14 deletions(-)
 mode change 100755 => 100644 Containers/mastercontainer/start.sh

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
old mode 100755
new mode 100644
index 6542d788..d440f5d9
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -161,11 +161,11 @@ It is set to '$DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
-if [ -n "$TRUSTED_CACERTS_DIR" ]; then
-    if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
+if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
-It is set to '$TRUSTED_CACERTS_DIR'."
+It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
         exit 1
     fi
 fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 57e3339b..916620d3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,7 +26,7 @@ services:
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
-      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
 
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 5706114f..7538e062 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -65,7 +65,7 @@ sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Next
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
-sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
+sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index a3ceef47..2f83611f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -116,7 +116,7 @@
           "writeable": true
         },
         {
-          "name": "%TRUSTED_CACERTS_DIR%",
+          "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
           "location": "/usr/local/share/ca-certificates",
           "writeable": false
         }
@@ -156,7 +156,7 @@
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
-        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%",
+        "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%"
       ],
       "maxShutdownTime": 10,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index e6d416ef..f2d30804 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -120,7 +120,7 @@ class ContainerDefinitionFetcher
                     if($value['name'] === '') {
                         continue;
                     }
-                } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') {
+                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
                     $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
                     if($value['name'] === '') {
                         continue;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 45233349..06fc2ce4 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -548,7 +548,7 @@ class ConfigurationManager
     }
 
     public function GetTrustedCacertsDir() : string {
-        $envVariableName = 'TRUSTED_CACERTS_DIR';
+        $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR';
         $configName = 'trusted_cacerts_dir';
         $defaultValue = '';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 59f7602d..ad46dc09 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -314,7 +314,7 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
-                } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') {
+                } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
                     $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
                     if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
diff --git a/readme.md b/readme.md
index e24f8860..9245b2ec 100644
--- a/readme.md
+++ b/readme.md
@@ -516,9 +516,9 @@ What are the requirements?
 ### How to trust user-defiend Certification Authorities (CA)?
 For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
-When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+When using `docker run`, the environmental variable can be set with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
 In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index d3b7ebf4..eeb51178 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -11,7 +11,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
-- [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.

From 6a51a6a251d967afe5debf377239bc7f03219a80 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 11:53:40 +0100
Subject: [PATCH 0145/3949] use an existing path as example

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 7538e062..f25f4cbe 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -65,7 +65,7 @@ sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Next
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
-sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
+sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf

From 588f9a36e7ba3d8afe2a2b5a6c27d531ddd7bf0b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Nov 2022 21:25:10 +0100
Subject: [PATCH 0146/3949] allow to adjust the PHP memory limit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 8 ++++++++
 docker-compose.yml                      | 1 +
 manual-install/update-yaml.sh           | 1 +
 php/containers.json                     | 1 +
 php/src/Data/ConfigurationManager.php   | 7 +++++++
 php/src/Docker/DockerActionManager.php  | 2 ++
 readme.md                               | 3 +++
 tests/QA/060-environmental-variables.md | 1 +
 8 files changed, 24 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index d440f5d9..b4333123 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -120,6 +120,14 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
         exit 1
     fi
 fi
+if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
+    if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
+        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+The string must start with a number and end with 'M'.
+It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
+        exit 1
+    fi
+fi
 if [ -n "$APACHE_PORT" ]; then
     if ! check_if_number "$APACHE_PORT"; then
         echo "You provided an Apache port but did not only use numbers.
diff --git a/docker-compose.yml b/docker-compose.yml
index 916620d3..495dccee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,7 @@ services:
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index f25f4cbe..70c3a2e5 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -63,6 +63,7 @@ sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container|' sample.conf
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index 2f83611f..a7437487 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -153,6 +153,7 @@
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
+        "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 06fc2ce4..cc8babb1 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -528,6 +528,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetNextcloudMemoryLimit() : string {
+        $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT';
+        $configName = 'nextcloud_memory_limit';
+        $defaultValue = '512M';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetApacheMaxSize() : int {
         $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
         return $uploadLimit * 1024 * 1024 * 1024;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ad46dc09..3debf73e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -312,6 +312,8 @@ class DockerActionManager
                     }
                 } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
+                } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
                 } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
diff --git a/readme.md b/readme.md
index 9245b2ec..ff6d9b33 100644
--- a/readme.md
+++ b/readme.md
@@ -455,6 +455,9 @@ By default are uploads to Nextcloud limited to a max of 10G. You can adjust the
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `-e NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.
 
+### How to adjust the PHP memory limit for Nextcloud?
+By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `-e NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index eeb51178..6adb70e7 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -8,6 +8,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.

From da2b967a3311166b0f234374ad09d845a449e1a5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 8 Nov 2022 21:38:31 +0100
Subject: [PATCH 0147/3949] allow to add dependencies and php extensions into
 the Nextcloud container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml  |  4 ++--
 Containers/mastercontainer/start.sh     | 16 ++++++++++++++
 Containers/nextcloud/Dockerfile         |  2 --
 Containers/nextcloud/start.sh           | 28 +++++++++++++++++++++++++
 docker-compose.yml                      |  2 ++
 manual-install/update-yaml.sh           |  2 ++
 php/containers.json                     |  4 +++-
 php/src/Data/ConfigurationManager.php   | 14 +++++++++++++
 php/src/Docker/DockerActionManager.php  |  4 ++++
 readme.md                               | 10 +++++++++
 tests/QA/060-environmental-variables.md |  2 ++
 11 files changed, 83 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index aa681496..a14a11e5 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -57,8 +57,8 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
-        
+        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version|" ./Containers/nextcloud/start.sh
+
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index b4333123..ba00eb0f 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -185,6 +185,22 @@ It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi
 fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
+        exit 1
+    fi
+fi
 
 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5bd0a4b1..a4f9e4c1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -64,13 +64,11 @@ RUN set -ex; \
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
-    pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
         apcu \
         memcached \
         redis \
-        imagick \
     ; \
     rm -r /tmp/pear; \
     \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 851096ab..b6a3c749 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -36,6 +36,34 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
 fi
 sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
+# Install additional dependencies
+if [ -n "$ADDITIONAL_APKS" ]; then
+    if ! [ -f "/additional-apks-are-installed" ]; then
+        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
+        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
+            apk add "$app"
+        done
+    fi
+    touch /additional-apks-are-installed
+fi
+
+# Install additional php extensions
+if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
+        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                pecl install imagick-3.7.0
+                docker-php-ext-enable imagick
+            else
+                pecl install "$app"
+                docker-php-ext-enable "$app"
+            fi
+        done
+    fi
+    touch /additional-php-extensions-are-installed
+fi
+
 # Run original entrypoint
 if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
diff --git a/docker-compose.yml b/docker-compose.yml
index 495dccee..2bccf6a1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,6 +30,8 @@ services:
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently.
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 70c3a2e5..50f60fd2 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -77,6 +77,8 @@ sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the p
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagick        # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf
diff --git a/php/containers.json b/php/containers.json
index a7437487..9412ed63 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -158,7 +158,9 @@
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%"
+        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
+        "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index cc8babb1..fb0a986a 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -561,6 +561,20 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetNextcloudAdditionalApks() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
+        $configName = 'nextcloud_additional_apks';
+        $defaultValue = '';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
+    public function GetNextcloudAdditionalPhpExtensions() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS';
+        $configName = 'nextcloud_additional_php_extensions';
+        $defaultValue = 'imagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
         if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3debf73e..0377cd26 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -332,6 +332,10 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                 } elseif ($out[1] === '%NEXTCLOUD_STARTUP_APPS%') {
                     $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
+                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_APKS%') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
+                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }
diff --git a/readme.md b/readme.md
index ff6d9b33..2d6867e1 100644
--- a/readme.md
+++ b/readme.md
@@ -467,6 +467,16 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
+### How to add packets permanently to the Nextcloud container?
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS=dependency1 dependency2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=
+
+### How to add PHP extensions permanently to the Nextcloud container?
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick extension1 extension2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 6adb70e7..0b8e70a9 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -16,5 +16,7 @@
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 6f4b91867733d2753bf48f629cb14be90c1de0ca Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 12:49:13 +0100
Subject: [PATCH 0148/3949] increase to 3.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 659ec8c2..40380d20 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.1.2</h1>
+        <h1>Nextcloud AIO v3.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 50e3a5f5de7e65806784cbc44fc17e0b27890918 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 13:22:52 +0100
Subject: [PATCH 0149/3949] fix the string replacement

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3debf73e..192ef868 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -330,7 +330,7 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetApacheMaxSize();
                 } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
-                } elseif ($out[1] === '%NEXTCLOUD_STARTUP_APPS%') {
+                } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);

From 0bab4eaa6dc5516b0339ca485f61f941f61c7ffc Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 10 Nov 2022 12:26:29 +0000
Subject: [PATCH 0150/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8d2f12f0..d8ec0b70 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1442,16 +1442,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
                 "shasum": ""
             },
             "require": {
@@ -1466,7 +1466,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1504,7 +1504,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1520,20 +1520,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
                 "shasum": ""
             },
             "require": {
@@ -1548,7 +1548,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1587,7 +1587,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1603,20 +1603,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/707403074c8ea6e2edaf8794b0157a0bfa52157a",
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a",
                 "shasum": ""
             },
             "require": {
@@ -1625,7 +1625,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1666,7 +1666,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1682,7 +1682,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "twig/twig",

From 38dd034fae9656cb22561b6e1024379b9681f594 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 13:28:00 +0100
Subject: [PATCH 0151/3949] improv the startup apps docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index ff6d9b33..c19fee72 100644
--- a/readme.md
+++ b/readme.md
@@ -465,7 +465,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

From bc9abd39a97b74f40d0bf577ac7599cba4f1ab68 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 17:31:06 +0100
Subject: [PATCH 0152/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml |  2 +-
 Containers/nextcloud/start.sh          | 13 ++++++++-----
 docker-compose.yml                     |  4 ++--
 php/src/Docker/DockerActionManager.php |  4 ++--
 readme.md                              |  4 ++--
 5 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index a14a11e5..bc5eff30 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -57,7 +57,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version  >/dev/null|" ./Containers/nextcloud/start.sh
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index b6a3c749..f047f32d 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -41,7 +41,8 @@ if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            apk add "$app"
+            echo "Installing $app via apk..."
+            apk add --no-cache "$app" >/dev/null
         done
     fi
     touch /additional-apks-are-installed
@@ -53,11 +54,13 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
             if [ "$app" = imagick ]; then
-                pecl install imagick-3.7.0
-                docker-php-ext-enable imagick
+                echo "Installing Imagick via PECL..."
+                pecl install imagick-3.7.0 >/dev/null
+                docker-php-ext-enable imagick >/dev/null
             else
-                pecl install "$app"
-                docker-php-ext-enable "$app"
+                echo "Installing $app via PECL..."
+                pecl install "$app" >/dev/null
+                docker-php-ext-enable "$app" >/dev/null
             fi
         done
     fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 2bccf6a1..b654038f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,8 +30,8 @@ services:
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently.
-      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0377cd26..02cf0875 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -332,9 +332,9 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                 } elseif ($out[1] === '%NEXTCLOUD_STARTUP_APPS%') {
                     $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
-                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_APKS%') {
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
-                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%') {
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
diff --git a/readme.md b/readme.md
index 2d6867e1..feec365d 100644
--- a/readme.md
+++ b/readme.md
@@ -470,12 +470,12 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS=dependency1 dependency2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="dependency1 dependency2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick extension1 extension2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

From fb7d5e531fed48f3d7e7dbb89733ad9baec849b6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 18:04:12 +0100
Subject: [PATCH 0153/3949] add error output

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index f047f32d..ab44b741 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -42,7 +42,9 @@ if [ -n "$ADDITIONAL_APKS" ]; then
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
             echo "Installing $app via apk..."
-            apk add --no-cache "$app" >/dev/null
+            if ! apk add --no-cache "$app" >/dev/null; then
+                echo "The packet $app was not installed!"
+            fi
         done
     fi
     touch /additional-apks-are-installed
@@ -56,11 +58,32 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
             if [ "$app" = imagick ]; then
                 echo "Installing Imagick via PECL..."
                 pecl install imagick-3.7.0 >/dev/null
-                docker-php-ext-enable imagick >/dev/null
-            else
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+            elif [ "$app" = inotify ]; then
                 echo "Installing $app via PECL..."
                 pecl install "$app" >/dev/null
-                docker-php-ext-enable "$app" >/dev/null
+                if ! docker-php-ext-enable "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            elif [ "$app" = soap ]; then
+                echo "Installing $app from core..."
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            else
+                echo "Installing PHP extension $app ..."
+                if pecl install "$app" >/dev/null; then
+                    if ! docker-php-ext-enable "$app" >/dev/null; then
+                        echo "Could not install PHP extension $app!"
+                    fi
+                else
+                    echo "Could not install $app using PECL. Trying to install from core..."
+                    if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                        echo "Could also not install $app from core. The PHP extensions was not installed!"
+                    fi
+                fi
             fi
         done
     fi

From 7bca6b3d2e83b2fb70c95b638570f24884fce00a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 19:16:33 +0100
Subject: [PATCH 0154/3949] follow-up to #1377

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile         |  2 --
 Containers/nextcloud/start.sh           | 29 +++++++++++++++++++------
 docker-compose.yml                      |  2 +-
 manual-install/update-yaml.sh           |  2 +-
 php/src/Data/ConfigurationManager.php   |  2 +-
 readme.md                               |  2 +-
 tests/QA/060-environmental-variables.md |  2 +-
 7 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a4f9e4c1..ccc7d8ca 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -39,7 +39,6 @@ RUN set -ex; \
         openldap-dev \
         pcre-dev \
         postgresql-dev \
-        imagemagick-dev \
         libwebp-dev \
         gmp-dev \
     ; \
@@ -142,7 +141,6 @@ RUN set -ex; \
     \
     apk add --no-cache \
         ffmpeg \
-        imagemagick \
         procps \
         samba-client \
         supervisor \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index ab44b741..a53d13b8 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -55,6 +55,14 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! [ -f "/additional-php-extensions-are-installed" ]; then
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            # shellcheck disable=SC2086
+            if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
+                echo "Installing PHP build dependencies..."
+                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    echo "Could not install build-deps!"
+                fi
+                PHP_DEPS_ARE_INSTALLED=1
+            fi
             if [ "$app" = imagick ]; then
                 echo "Installing Imagick via PECL..."
                 pecl install imagick-3.7.0 >/dev/null
@@ -74,19 +82,26 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
                 fi
             else
                 echo "Installing PHP extension $app ..."
-                if pecl install "$app" >/dev/null; then
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install $app from core. Trying to install from PECL..."
+                    pecl install "$app" >/dev/null
                     if ! docker-php-ext-enable "$app" >/dev/null; then
-                        echo "Could not install PHP extension $app!"
-                    fi
-                else
-                    echo "Could not install $app using PECL. Trying to install from core..."
-                    if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
-                        echo "Could also not install $app from core. The PHP extensions was not installed!"
+                        echo "Could also not install $app from PECL. The PHP extensions was not installed!"
                     fi
                 fi
             fi
         done
     fi
+    rm -rf /tmp/pear
+    runDeps="$( \
+        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+            | tr ',' '\n' \
+            | sort -u \
+            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+    )";
+    # shellcheck disable=SC2086
+    apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+    apk del .build-deps >/dev/null
     touch /additional-php-extensions-are-installed
 fi
 
diff --git a/docker-compose.yml b/docker-compose.yml
index b654038f..1a029f7e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,7 +30,7 @@ services:
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 50f60fd2..6e77ddd4 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -77,7 +77,7 @@ sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the p
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
-sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagick        # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fb0a986a..a9b209e9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -564,7 +564,7 @@ class ConfigurationManager
     public function GetNextcloudAdditionalApks() : string {
         $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
         $configName = 'nextcloud_additional_apks';
-        $defaultValue = '';
+        $defaultValue = 'imagemagick';
         return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
     }
 
diff --git a/readme.md b/readme.md
index 220e8773..cbcd5ea9 100644
--- a/readme.md
+++ b/readme.md
@@ -470,7 +470,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="dependency1 dependency2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 0b8e70a9..63a37502 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -16,7 +16,7 @@
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 84f54b58aa49a35f57efec44e69489abd7f33f0f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 19:44:59 +0100
Subject: [PATCH 0155/3949] make explanation better

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml            | 2 +-
 manual-install/update-yaml.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1a029f7e..1abbbbee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,7 +30,7 @@ services:
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 6e77ddd4..6981ad6e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -77,7 +77,7 @@ sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the p
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
-sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 

From 7a93ad0e4e89ebf3866a08008fa1d022b4a509e9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 20:25:10 +0100
Subject: [PATCH 0156/3949] also allow digits

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 8 ++++----
 readme.md                           | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index ba00eb0f..c41fd995 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -186,17 +186,17 @@ It is set to '$NEXTCLOUD_STARTUP_APPS'."
     fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
-    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z _-]\+$"; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 _-.]\+$"; then
         echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
-    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z _-]\+$"; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 _-.]\+$"; then
         echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
         exit 1
     fi
diff --git a/readme.md b/readme.md
index cbcd5ea9..8c23a986 100644
--- a/readme.md
+++ b/readme.md
@@ -470,12 +470,12 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

From cbf579df188588428ddf1758afac088e1c8b7b00 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 10 Nov 2022 20:40:22 +0100
Subject: [PATCH 0157/3949] fix regex syntax

I forgot, that the "-" must be at the end of the regex

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c41fd995..7c0276de 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -186,7 +186,7 @@ It is set to '$NEXTCLOUD_STARTUP_APPS'."
     fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
-    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 _-.]\+$"; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
         echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
@@ -194,7 +194,7 @@ It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
     fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
-    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 _-.]\+$"; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
         echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."

From bf4ef1147494a41ae0e33b9f062e52ed1eaebeb7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Nov 2022 20:46:18 +0100
Subject: [PATCH 0158/3949] fix removing of build dependencies

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index a53d13b8..48cb2cd9 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -91,17 +91,19 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
                 fi
             fi
         done
+        if [ "$PHP_DEPS_ARE_INSTALLED" = 1 ]; then
+            rm -rf /tmp/pear
+            runDeps="$( \
+                scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+                    | tr ',' '\n' \
+                    | sort -u \
+                    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+            )";
+            # shellcheck disable=SC2086
+            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk del .build-deps >/dev/null
+        fi
     fi
-    rm -rf /tmp/pear
-    runDeps="$( \
-        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
-            | tr ',' '\n' \
-            | sort -u \
-            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-    )";
-    # shellcheck disable=SC2086
-    apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
-    apk del .build-deps >/dev/null
     touch /additional-php-extensions-are-installed
 fi
 

From c5201731c3230e3d2649897baf28f24d8bcc121f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 11 Nov 2022 15:23:40 +0100
Subject: [PATCH 0159/3949] fix spacing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index bc5eff30..674d81fd 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -57,7 +57,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version  >/dev/null|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version >/dev/null|" ./Containers/nextcloud/start.sh
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"

From b6f8d3e8e9d9737c8420bdc35fb64e7f75ee73a3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 11 Nov 2022 15:28:48 +0100
Subject: [PATCH 0160/3949] imaginary - add `-return-size` option by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 32a35a85..ab6d1a19 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,4 +13,6 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
+
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
\ No newline at end of file

From cccf21805ea291812b9d1bcc5d1e4cd851c292d6 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 12 Nov 2022 12:17:20 +0000
Subject: [PATCH 0161/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest-arm64.yml | 8 ++++++--
 manual-install/latest.yml       | 8 ++++++--
 manual-install/sample.conf      | 6 +++++-
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index bffb2441..6b6198db 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -58,7 +58,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -89,10 +89,14 @@ services:
       - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
       - IMAGINARY_HOST=nextcloud-aio-imaginary
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 0d652f68..02300f94 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -59,7 +59,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,10 +92,14 @@ services:
       - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
       - IMAGINARY_HOST=nextcloud-aio-imaginary
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index d8fc73a6..54ae4aff 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -11,10 +11,15 @@ FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in
 IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
@@ -23,6 +28,5 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.

From 15526b6fed5525f4216b3ede7d6d9954cc0065b1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Nov 2022 17:31:45 +0100
Subject: [PATCH 0162/3949] re-add the password change

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 48cb2cd9..7b9d3d2c 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,9 +17,11 @@ if [ -f "/var/www/html/config/config.php" ]; then
         echo "Waiting for the database to start..."
         sleep 5
     done
-    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
-    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    fi
 fi
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR

From 72248fc4bd9998a7491a321c8f8411deba8bfb81 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 12:03:57 +0000
Subject: [PATCH 0163/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20221024-slim to bullseye-20221114-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index eaf918a8..f3118ed6 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221114-slim
 
 RUN set -ex; \
     \

From 2ad2d7c9eb8287a9c37c5014321642d023990f6b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 12:04:28 +0000
Subject: [PATCH 0164/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20221024-slim to bullseye-20221114-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 2abf26ef..14442ff7 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221114-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 16b0f778950f0547a40dd8521f5e6f84136b8811 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Nov 2022 10:53:44 +0000
Subject: [PATCH 0165/3949] Bump postgres from 14.5-alpine to 14.6-alpine in
 /Containers/postgresql

Bumps postgres from 14.5-alpine to 14.6-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index ea83de61..d69d63b1 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.5-alpine
+FROM postgres:14.6-alpine
 
 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk
 

From de137f70aebfe93f444b5627e43f8d4d85638f2a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Nov 2022 13:38:09 +0100
Subject: [PATCH 0166/3949] add an AIO outdated notification

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh     |  3 +++
 Containers/nextcloud/Dockerfile        |  2 ++
 Containers/nextcloud/notify-all.sh     | 27 +++++++++++++++++++
 php/src/Cron/OutdatedNotification.php  | 26 +++++++++++++++++++
 php/src/Docker/DockerActionManager.php | 36 ++++++++++++++++++++++++--
 5 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 Containers/nextcloud/notify-all.sh
 create mode 100644 php/src/Cron/OutdatedNotification.php

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 1fe5ff8d..f8d09c4c 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -41,6 +41,9 @@ while true; do
     # Check for updates and send notification if yes
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
 
+    # Check if AIO is outdated
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+
     # Remove sessions older than 24h
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ccc7d8ca..b860683c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -227,12 +227,14 @@ RUN set -ex; \
 
 COPY start.sh /
 COPY notify.sh /
+COPY notify-all.sh /
 RUN set -ex; \
     chmod +x /start.sh && \
     chmod +x /entrypoint.sh && \
     chmod +r /upgrade.exclude && \
     chmod +x /cron.sh && \
     chmod +x /notify.sh && \
+    chmod +x /notify-all.sh && \
     chmod +x /activate-collabora.sh
 
 RUN set -ex; \
diff --git a/Containers/nextcloud/notify-all.sh b/Containers/nextcloud/notify-all.sh
new file mode 100644
index 00000000..b11130d1
--- /dev/null
+++ b/Containers/nextcloud/notify-all.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
+SUBJECT="$1"
+MESSAGE="$2"
+
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
+    echo "Cannot send notification as notification app is not enabled."
+    exit 1
+fi
+
+echo "Posting notifications to all users..."
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
+mapfile -t NC_USERS <<< "$NC_USERS"
+for user in "${NC_USERS[@]}"
+do
+    echo "Posting '$SUBJECT' to: $user"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+done
+
+echo "Done!"
+exit 0
\ No newline at end of file
diff --git a/php/src/Cron/OutdatedNotification.php b/php/src/Cron/OutdatedNotification.php
new file mode 100644
index 00000000..e652ba3a
--- /dev/null
+++ b/php/src/Cron/OutdatedNotification.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+
+if ($isNextcloudImageOutdated === true) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+}
+
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8eee831c..9550dd44 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -540,7 +540,7 @@ class DockerActionManager
         return true;
     }
 
-    public function sendNotification(Container $container, string $subject, string $message) : void
+    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
     {
         if ($this->GetContainerStartingState($container) instanceof RunningState) {
 
@@ -558,7 +558,7 @@ class DockerActionManager
                             'Tty' => true,
                             'Cmd' => [
                                 'bash',
-                                '/notify.sh',
+                                $file,
                                 $subject,
                                 $message
                             ],
@@ -739,4 +739,36 @@ class DockerActionManager
         }
         return false;
     }
+
+    private function GetCreatedTimeOfNextcloudImage() : ?string {
+        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+        try {
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+
+            if (!isset($imageOutput['Created'])) {
+                error_log('Created is not set of image ' . $imageName);
+                return null;
+            }
+
+            return str_replace('T', ' ', $imageOutput['Created']);
+        } catch (\Exception $e) {
+            return null;
+        }
+    }
+
+    public function isNextcloudImageOutdated() : bool {
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+
+        if ($createdTime === null) {
+            return false;
+        }
+
+        // If the image is older than 90 days, it is outdated.
+        if ((time() - (60 * 60 * 24 * 90)) > strtotime($createdTime)) {
+            return true;
+        }
+
+        return false;
+    }
 }

From 77a0717417607be5c409591808f9d9866c1279cd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Nov 2022 17:54:09 +0100
Subject: [PATCH 0167/3949] make update process more stable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 52 +++++++++++++++++++++++-------
 1 file changed, 40 insertions(+), 12 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c0f365c0..781e9d60 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -85,6 +85,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         # Check if it skips a major version
         INSTALLED_MAJOR="${installed_version%%.*}"
         IMAGE_MAJOR="${image_version%%.*}"
+        
+        if [ "$installed_version" != "0.0.0.0" ]; then
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/update.log")
+            exec 2>&1
+        fi
+
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
             set -ex
             NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
@@ -133,7 +140,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later, this might take a while..."
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
+            if [ -z "$NC_APPS" ]; then
+                echo "No apps detected, aborting export of app status..."
+                APPSTORAGE="no-export-done"
+            else
+                read -ra NC_APPS_ARRAY <<< "$NC_APPS"
+                declare -Ag APPSTORAGE
+                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                for app in "${NC_APPS_ARRAY[@]}"; do
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
+                done
+            fi
 
             if [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -eq 1 ]; then
                 php /var/www/html/occ config:system:delete app_install_overwrite
@@ -238,13 +257,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
         #upgrade
         else
-            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            while [ -n "$(pgrep -f cron.php)" ]
-            do
-                echo "Waiting for Nextclouds cronjob to finish..."
-                sleep 5
-            done
-
             echo "Upgrading nextcloud from $installed_version to $image_version..."
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."
@@ -255,10 +267,26 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-            echo "The following apps have been disabled:"
-            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-            rm -f /tmp/list_before /tmp/list_after
+            # Restore app status
+            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
+                echo "Restoring the status of apps. This can take a while..."
+                for app in "${!APPSTORAGE[@]}"; do
+                    if [ -n "${APPSTORAGE[$app]}" ]; then
+                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
+                            echo "Enabling $app..."
+                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                echo "$app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                bash /notify.sh "Could not enable the $app after the Nextcloud update!" "Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                continue
+                            fi
+                            # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
+                            if [ "${APPSTORAGE[$app]}" != "yes" ]; then
+                                nextcloud_occ_no_check config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                            fi
+                        fi
+                    fi
+                done
+            fi
 
             # Apply optimization
             echo "Doing some optimizations..."

From 64f37b959ec63746137eb19dfaaf74ed679d6717 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Nov 2022 09:04:02 +0000
Subject: [PATCH 0168/3949] Bump alpine from 3.16.2 to 3.16.3 in
 /Containers/domaincheck

Bumps alpine from 3.16.2 to 3.16.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 57192bcc..af023d27 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16.2
+FROM alpine:3.16.3
 RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
 
 RUN adduser -S www-data -G www-data

From c3aa304e0824ea6adf2273c906548ba6ef6e3b8e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Nov 2022 09:04:06 +0000
Subject: [PATCH 0169/3949] Bump alpine from 3.16.2 to 3.16.3 in
 /Containers/watchtower

Bumps alpine from 3.16.2 to 3.16.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 493af190..ade549bc 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.1 as watchtower
 
-FROM alpine:3.16.2
+FROM alpine:3.16.3
 
 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /

From 374b7bf7a67f0a9ea4d37321d75963a78c862806 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Nov 2022 18:05:23 +0100
Subject: [PATCH 0170/3949] make sure that all apps are up-to-date

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 781e9d60..ec9b6403 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -267,6 +267,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 
+            php /var/www/html/occ app:update --all
+
             # Restore app status
             if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
                 echo "Restoring the status of apps. This can take a while..."
@@ -281,13 +283,15 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                             fi
                             # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
                             if [ "${APPSTORAGE[$app]}" != "yes" ]; then
-                                nextcloud_occ_no_check config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                                php /var/www/html/occ config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
                             fi
                         fi
                     fi
                 done
             fi
 
+            php /var/www/html/occ app:update --all
+
             # Apply optimization
             echo "Doing some optimizations..."
             php /var/www/html/occ maintenance:repair

From bec7ee9a76b88e2a51a9899c268d3beacaabfce4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Nov 2022 12:27:48 +0100
Subject: [PATCH 0171/3949] re-order the docker-compose entries partially
 alphabetically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1abbbbee..f70c949b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,19 +19,19 @@ services:
     # environment: # Is needed when using any of the options below
       # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
-      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
-      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
+      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

From d45c42f8ed577ee5fa1519db4ad401794eb9a554 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Nov 2022 12:31:40 +0100
Subject: [PATCH 0172/3949] add a hint to also set docker_socket_path

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 readme.md          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f70c949b..222e69a2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`!
     ports:
       - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
diff --git a/readme.md b/readme.md
index 8c23a986..0ca0ef3b 100644
--- a/readme.md
+++ b/readme.md
@@ -62,7 +62,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
     - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
     - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
     - Further options can be set using environment variables, for example `--env TALK_PORT=3478`. To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>

From ed7b1e3cba20e713328190c01044889ec01f7c59 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Nov 2022 12:32:42 +0100
Subject: [PATCH 0173/3949] adjust quotation marks

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 222e69a2..bcdcbfc2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`!
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
     ports:
       - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080

From ccd4c9046af92679dcae05c2560fba382b1e7d14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Nov 2022 12:58:46 +0100
Subject: [PATCH 0174/3949] invert the default for DISABLE_BACKUP_SECTION

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bcdcbfc2..b118e11a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,7 +21,7 @@ services:
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
-      # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
+      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud

From daa9a94ebd3124e5f7382922c7bebe49b02351b4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Nov 2022 13:50:32 +0100
Subject: [PATCH 0175/3949] add a guide on how to run automatic updates without
 creating a backup first

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/readme.md b/readme.md
index 0ca0ef3b..37d9f0c5 100644
--- a/readme.md
+++ b/readme.md
@@ -537,3 +537,77 @@ In order for the value to be valid, the path should start with `/` and not end w
 
 ### How to disable Collabora's Seccomp feature?
 The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
+
+### How to enable automatic updates without creating a backup beforehand?
+If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is not recommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
+
+But anyhow, is here a guide that helps you automate the whole procedure:
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+docker exec -e STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+# Below is optional if you run AIO in a VM which will shut down the VM afterwards
+# poweroff
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs e.g. runs the script at `04:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+
+
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly.**
+
+**Afterwards, you can create a second script that automatically updates the containers:**
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Please modify all variables below to your needings:
+APACHE_PORT="443" # This needs to match the chosen APACHE_PORT port of AIO, e.g. 11000. By default it is 443.
+
+########################################
+# Please do NOT modify anything below! #
+########################################
+
+# Run container update once
+docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+# Wait until Watchtower is finished
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+    echo "Waiting for watchtower to stop"
+    sleep 30
+done
+
+# Wait until Apache is running again
+while nc -z localhost "$APACHE_PORT"; do
+    echo "Waiting for Apache to start"
+    sleep 30
+done
+
+# Run container update another time to make sure that all containers are updated correctly.
+docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`. Do not forget to modify the variables to your requirements!
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).

From e323f9770b9c7e0395e22d663336bf4c19277c18 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 20 Nov 2022 00:59:40 +0100
Subject: [PATCH 0176/3949] improve the script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 38 +++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/readme.md b/readme.md
index 37d9f0c5..02f2022a 100644
--- a/readme.md
+++ b/readme.md
@@ -549,6 +549,7 @@ But anyhow, is here a guide that helps you automate the whole procedure:
 ```bash
 #!/bin/bash
 
+# Stop the containers
 docker exec -e STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
 
 # Below is optional if you run AIO in a VM which will shut down the VM afterwards
@@ -566,7 +567,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/shutdo
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
 
-**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly.**
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextclouds datadir, if it is not stored in a docker volume.**
 
 **Afterwards, you can create a second script that automatically updates the containers:**
 
@@ -576,36 +577,27 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/shutdo
 ```bash
 #!/bin/bash
 
-# Please modify all variables below to your needings:
-APACHE_PORT="443" # This needs to match the chosen APACHE_PORT port of AIO, e.g. 11000. By default it is 443.
-
-########################################
-# Please do NOT modify anything below! #
-########################################
-
 # Run container update once
-docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+if ! docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
 
-# Wait until Watchtower is finished
-while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-    echo "Waiting for watchtower to stop"
-    sleep 30
-done
+    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do
+        echo "Waiting for Mastercontainer to start"
+        sleep 30
+    done
 
-# Wait until Apache is running again
-while nc -z localhost "$APACHE_PORT"; do
-    echo "Waiting for Apache to start"
-    sleep 30
-done
-
-# Run container update another time to make sure that all containers are updated correctly.
-docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+    # Run container update another time to make sure that all containers are updated correctly.
+    docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+fi
 
 ```
 
 </details>
 
-You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`. Do not forget to modify the variables to your requirements!
+You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
 
 Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 

From ebe30e69f9b556fddc3c4800d1261f7b0e8123e9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 20 Nov 2022 01:36:55 +0100
Subject: [PATCH 0177/3949] make sure to only trigger the daily-backup script
 if daily_backups are really enabled

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index f8d09c4c..563b1ef6 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -13,14 +13,14 @@ while true; do
             export START_CONTAINERS=1
         fi
         set +x
+        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+            export LOCK_FILE_PRESENT=1
+        else
+            export LOCK_FILE_PRESENT=0
+        fi
     else
         export BACKUP_TIME="04:00"
         export DAILY_BACKUP=0
-    fi
-
-    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        export LOCK_FILE_PRESENT=1
-    else
         export LOCK_FILE_PRESENT=0
     fi
 

From 9e0079effc1e561cd9adacefc5af5e94617dae17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Nov 2022 17:26:28 +0100
Subject: [PATCH 0178/3949] increase to 3.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 40380d20..83228add 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v3.0.0</h1>
+        <h1>Nextcloud AIO v3.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 4a1539b4739349f6b5aaf93541c4efb57d2ad791 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Nov 2022 18:26:36 +0100
Subject: [PATCH 0179/3949] dont restore ocsp folder

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index a5cf1f45..3af51391 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -262,6 +262,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_apache/caddy/ocsp/"** \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

From b02d5cde1a29c0e17f0cb1c132c8fce6f8383b46 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Nov 2022 18:38:34 +0100
Subject: [PATCH 0180/3949] fix the new update process

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ec9b6403..d932b6b8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -145,7 +145,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 echo "No apps detected, aborting export of app status..."
                 APPSTORAGE="no-export-done"
             else
-                read -ra NC_APPS_ARRAY <<< "$NC_APPS"
+                mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
                 declare -Ag APPSTORAGE
                 echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
@@ -257,6 +257,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
         #upgrade
         else
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
             echo "Upgrading nextcloud from $installed_version to $image_version..."
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."

From 6b6500c29dc393ced503c0790c4b51c0564a68e3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Nov 2022 19:03:17 +0100
Subject: [PATCH 0181/3949] just exclude the whole dir on restore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 3af51391..2736edc5 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -262,7 +262,8 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
-    --exclude "nextcloud_aio_apache/caddy/ocsp/"** \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

From 3fa584442b2e9ca6bdf7a04b588ae31978435624 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Nov 2022 11:39:05 +0100
Subject: [PATCH 0182/3949] change not recommended to disrecommended

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index 02f2022a..3695fe39 100644
--- a/readme.md
+++ b/readme.md
@@ -468,12 +468,12 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### How to add packets permanently to the Nextcloud container?
-Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
-Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
 
 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
@@ -539,7 +539,7 @@ In order for the value to be valid, the path should start with `/` and not end w
 The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
 
 ### How to enable automatic updates without creating a backup beforehand?
-If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is not recommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
+If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
 
 But anyhow, is here a guide that helps you automate the whole procedure:
 

From b13e8afe18aa05d7ac7ae418ad2047677b376b96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Nov 2022 12:05:30 +0000
Subject: [PATCH 0183/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.8.2.1 to 22.05.8.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 6115a0a6..1a168ca6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.8.2.1
+FROM collabora/code:22.05.8.4.1
 
 USER root
 

From 9019fda7e41051e94b0ee1acb9255aa6f9b4f3de Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 28 Nov 2022 15:41:33 +0100
Subject: [PATCH 0184/3949] Fix reverse proxy documentation for nginx

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 6affb824..f0089b63 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -243,18 +243,19 @@ map $http_upgrade $connection_upgrade {
 
 server {
     listen 80;
-#    listen [::]:80;            # uncomment to use IPv6
+    listen [::]:80;            # comment to disable IPv6
 
     if ($scheme = "http") {
         return 301 https://$host$request_uri;
     }
 
     listen 443 ssl http2;
-#    listen [::]:443 ssl http2; # uncomment to use IPv6
+    listen [::]:443 ssl http2; # comment to disable IPv6
 
     server_name <your-nc-domain>;
 
     location / {
+        resolver localhost;
         proxy_pass http://localhost:11000$request_uri;
 
         proxy_set_header Host $host;

From 459fe462ab46d9b439e36ba9b34c5116ebe8fdef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Nov 2022 12:05:36 +0000
Subject: [PATCH 0185/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.25-fpm-alpine3.16 to 8.0.26-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b860683c..bdd8574a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.25-fpm-alpine3.16
+FROM php:8.0.26-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From 0969d0582a1fcda168969faca577e73ec68890f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Nov 2022 12:05:53 +0000
Subject: [PATCH 0186/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.0.25-apache-bullseye to 8.0.26-apache-bullseye.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d120fd0d..816954b0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.25-apache-bullseye
+FROM php:8.0.26-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

From d5db7568fef0a216e4d46384636e358459366b53 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Nov 2022 12:24:51 +0000
Subject: [PATCH 0187/3949] Bump clamav/clamav from 0.105.1 to 0.105.1-7 in
 /Containers/clamav

Bumps clamav/clamav from 0.105.1 to 0.105.1-7.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 98fc3fef..28b53e3b 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:0.105.1
+FROM clamav/clamav:1.0.0
 
 RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/

From 3b9727086270797974436c4a6189a3cd1b98ae32 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Dec 2022 03:09:36 +0100
Subject: [PATCH 0188/3949] adjust migration docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/migration.md b/migration.md
index 96573886..e777cce9 100644
--- a/migration.md
+++ b/migration.md
@@ -3,7 +3,7 @@
 There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:
 
 1. Migrate only the files which is the easiest way
-1. Migrate the files and the database which is much more complicated
+1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
 1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user
 
 ## Migrate only the files 
@@ -20,7 +20,7 @@ The procedure for migrating only the files works like this:
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 
 ## Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension.
 
 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
@@ -44,8 +44,8 @@ The procedure for migrating the files and the database works like this:
         ```
         occ db:convert-type --all-apps --password "$PG_PASSWORD" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
         ```
-        **Please note:** You might need to change the ip-address `127.0.0.1` based on your exact installation.<br>
-        Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type
+        **Please note:** You might need to change the ip-address `127.0.0.1` and adjust the occ command (`occ`) based on your exact installation. Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type<br>
+        **Troubleshooting:** If you get an error that it could not find a driver for the conversion, you most likely need to install the PHP extension `pdo_pgsql`.
     1. Hopefully does the conversion finish successfully. If not, simply restore your old Nextcloud installation from backup. If yes, you should now log in to your Nextcloud and test if everything works and if all data has been converted successfully.
     1. If everything works as expected, feel free to continue with the steps below.
 1. Now, run a pg_dump to get an export of your current database. Something like the following command should work:

From 170e5126909929000248749a3b559d7c13b4d13e Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 1 Dec 2022 04:24:32 +0000
Subject: [PATCH 0189/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 96bfc692..ca42d23c 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.30.0@d0bc6e25d89f649e4f36a534f330f8bb4643dd69">
+<files psalm-version="5.0.0@4e177bf0c9f03c17d2fbfd83b7cc9c47605274d8">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From d632df56bd6d7dd603e8d9bf450338d4d83e3e02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Casero=20Hern=C3=A1ndez?= <soy@sergiocasero.es>
Date: Thu, 1 Dec 2022 10:35:21 +0100
Subject: [PATCH 0190/3949] Update readme.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updated readme by including the info about "what happens if local storage doesn't appear on the interface"

Signed-off-by: Sergio Casero Hernández <soy@sergiocasero.es>
---
 readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.md b/readme.md
index 3695fe39..a8934290 100644
--- a/readme.md
+++ b/readme.md
@@ -446,6 +446,8 @@ You can then navigate to the apps management page, activate the external storage
 
 Be aware though that these locations will not be covered by the built-in backup solution!
 
+Note: If you can't see the type "local storage" in the admin options, a restart of the nextcloud containers may be required, go to YOUR_IP/containers, and restart them
+
 ### How to adjust the Talk port?
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `-e TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.
 

From f8820cb7c9fc8c4692ea8cd1b78d6b258a989bdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Casero=20Hern=C3=A1ndez?= <soy@sergiocasero.es>
Date: Thu, 1 Dec 2022 10:47:32 +0100
Subject: [PATCH 0191/3949] Update readme.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Sergio Casero Hernández <soy@sergiocasero.es>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a8934290..77ddb729 100644
--- a/readme.md
+++ b/readme.md
@@ -446,7 +446,7 @@ You can then navigate to the apps management page, activate the external storage
 
 Be aware though that these locations will not be covered by the built-in backup solution!
 
-Note: If you can't see the type "local storage" in the admin options, a restart of the nextcloud containers may be required, go to YOUR_IP/containers, and restart them
+**Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `-e TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.

From 9d305844bf560e87c6d2a8ee5b3002e88f4bfaed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Dec 2022 12:09:26 +0000
Subject: [PATCH 0192/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20221101 to 20221201.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ab6d1a19..d1988090 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221101
+FROM nextcloud/imaginary:20221201
 
 USER root
 RUN set -ex; \

From 1ef7945c3122362e029dfa13463e308cdc08e8a5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Dec 2022 16:14:58 +0100
Subject: [PATCH 0193/3949] increasea the loglevel for watchtower

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/watchtower/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh
index 1f6e3097..2c7a1835 100644
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -10,7 +10,7 @@ elif ! test -r /var/run/docker.sock; then
 fi
 
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
 else
     echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
     exit 1

From fe251a9996367847c5a44a3e9ae8e02baf559826 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Dec 2022 16:29:23 +0100
Subject: [PATCH 0194/3949] add a hint what to do if the backup container was
 forcefully killed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index b2e25a1b..fae1cce4 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -9,6 +9,8 @@ export PGPASSWORD="$POSTGRES_PASSWORD"
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
+    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file which is by default stored here:"
+    echo "/var/lib/docker/volumes/nextcloud_aio_database_dump/_data/backup-is-running"
     sleep 10
 done
 

From a3ed26063ccff293fff4c0d851f12673d55c66bd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 2 Dec 2022 21:37:48 +0100
Subject: [PATCH 0195/3949] add hint regarding default borg.config path

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 2736edc5..d90f02a5 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -88,6 +88,7 @@ if [ "$BORG_MODE" = backup ]; then
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
             echo "Cannot initialize a new repository as that was already done at least one time."
             echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
+            echo "By default it is stored here: /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config"
             exit 1
         fi
 

From 87ac2607645539538521b0fc99d04b2ddd606b96 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Dec 2022 18:26:23 +0100
Subject: [PATCH 0196/3949] add hint for not present appdata dir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d932b6b8..a04dad6d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -209,6 +209,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # unset admin password
             unset ADMIN_PASSWORD
 
+            # Post Install logs: For questions like https://help.nextcloud.com/t/nextcloud-aio-error-could-not-get-appdata-folder-after-container-has-already-written-data-in-it/151122/5
+            echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
@@ -320,6 +323,9 @@ fi
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
 if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
     echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+    echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+    echo "In the datadir was found:"
+    ls -la "$NEXTCLOUD_DATA_DIR/"
     exit 1
 fi
 

From 638675906c7b19013c3173207261b84f18b0b8d3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 2 Dec 2022 21:58:11 +0100
Subject: [PATCH 0197/3949] fix version number

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 28b53e3b..518829ab 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:1.0.0
+FROM clamav/clamav:0.105.1-7
 
 RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/

From 7f0f84ecfb63bcc785f2ed06cb36fd475e91ba8a Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 3 Dec 2022 04:21:26 +0000
Subject: [PATCH 0198/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ca42d23c..55d4d585 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.0.0@4e177bf0c9f03c17d2fbfd83b7cc9c47605274d8">
+<files psalm-version="5.1.0@4defa177c89397c5e14737a80fe4896584130674">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From d33f3f3b26bba3a62ac6fb3e8fcd13bad013cc0e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Dec 2022 16:05:38 +0100
Subject: [PATCH 0199/3949] fix the dependency-update workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index bea58686..02536336 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -12,7 +12,8 @@ jobs:
     - uses: actions/checkout@v3
     - uses: nanasess/setup-php@master
       with:
-        php-version: '8.0'
+        php-version: 8.0
+        extensions: apcu
     - name: Run dependency update script
       run: |
         set -x

From b86c1f490a0ca28b2fa80f376464a960b074fe46 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Dec 2022 16:20:00 +0100
Subject: [PATCH 0200/3949] check if vfs or fuse-overlayfs is used

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 7c0276de..eac30fb0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -65,6 +65,17 @@ else
     sleep 10
 fi
 
+# Check Storage drivers
+STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
+# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
+if echo "$STORAGE_DRIVER" | grep -q vfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+fi
+
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
     echo "It seems like you did not give the mastercontainer the correct name?

From bc77beced49a65cdf1a57f42823e6bf494f0c6cb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Dec 2022 10:19:55 +0100
Subject: [PATCH 0201/3949] re-activate error.log for php-fpm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile       | 3 ++-
 Containers/nextcloud/supervisord.conf | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index bdd8574a..200851bf 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -209,7 +209,8 @@ RUN set -ex; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
 
 RUN set -ex; \
     rm -rf /tmp/nextcloud-aio && \
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index d6476d44..e54d13c0 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -12,8 +12,8 @@ user=root
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
-# stderr_logfile=/dev/stderr
-# stderr_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
 command=php-fpm
 user=root
 

From 38f9cb2046eb66bdc987b7b3c33ac3c59b9462b8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Dec 2022 10:34:33 +0100
Subject: [PATCH 0202/3949] fix the dependency update workflow?

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 02536336..9e0af73e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -1,13 +1,14 @@
 name: dependency-updates
 
 on:
+  workflow_dispatch:
   schedule:
   - cron:  '00 12 * * *'
 
 jobs:
   dependency_updates:
     name: Run dependency update script
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v3
     - uses: nanasess/setup-php@master

From 94a508d8aa10f50bf01643bcea97cf65f1300b56 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Dec 2022 10:54:34 +0100
Subject: [PATCH 0203/3949] Print apache errors in the future to stderr

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf   | 4 ++--
 Containers/apache/supervisord.conf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 7a0b46b2..e4523c14 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,8 +3,8 @@ Listen 8000
     ServerName localhost
 
     # Add error log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2
 
     # PHP match
     <FilesMatch "\.php$">
diff --git a/Containers/apache/supervisord.conf b/Containers/apache/supervisord.conf
index 90436e05..c8245619 100644
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -9,8 +9,8 @@ logfile_backups=10
 loglevel=error
 
 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND

From a0cbcc7f52c0232e1bb1c47797f3283d1c71d6aa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Dec 2022 10:58:04 +0100
Subject: [PATCH 0204/3949] file logging is not needed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/mastercontainer.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index b343af32..fbde2b94 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,9 +1,6 @@
 Listen 8000
 Listen 8080
 
-CustomLog ${APACHE_LOG_DIR}/access.log combined
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
 # Deny access to .ht files
 <Files ".ht*">
     Require all denied

From a05a3c02a29f800a39042a9c621c3f085ff8b5cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Dec 2022 12:11:41 +0000
Subject: [PATCH 0205/3949] Bump dessant/lock-threads from 3 to 4

Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 3 to 4.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dessant/lock-threads/compare/v3...v4)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lock-threads.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index dfb1ea24..56c48ce7 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v3
+      - uses: dessant/lock-threads@v4
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

From 3d94ae56c413196cae9682f89264ec6b25a5432d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Dec 2022 15:44:16 +0100
Subject: [PATCH 0206/3949] increase to 3.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 83228add..33d9cf1b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v3.1.0</h1>
+        <h1>Nextcloud AIO v3.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 16dadb8f4e2016b7865073c37513716b9e5a84f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Dec 2022 12:04:58 +0000
Subject: [PATCH 0207/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20221114-slim to bullseye-20221205-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 14442ff7..b20b01fe 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221114-slim
+FROM debian:bullseye-20221205-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 914bc68eeacfc665f6305eca7f92b5db25055df6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Dec 2022 12:05:03 +0000
Subject: [PATCH 0208/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20221114-slim to bullseye-20221205-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index f3118ed6..8c6fe1e7 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221114-slim
+FROM debian:bullseye-20221205-slim
 
 RUN set -ex; \
     \

From 979f2e45fe867a34fcff044d33d57a18827e6076 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 8 Dec 2022 15:02:41 +0100
Subject: [PATCH 0209/3949] allow to update Nextcloud dependencies using
 workflow_dispatch

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 674d81fd..bbe74f63 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -2,6 +2,7 @@
 name: nextcloud-update
 
 on:
+  workflow_dispatch:
   schedule:
   - cron:  '00 12 * * *'
 

From 02ed48f0d592c417dd97843b5f2ef2663b40cbe8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 8 Dec 2022 14:06:32 +0000
Subject: [PATCH 0210/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 200851bf..e6546349 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -104,7 +104,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.7
+ENV NEXTCLOUD_VERSION 24.0.8
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 7b4d0baa6c28164577606caced7af22362e81e05 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 9 Dec 2022 11:33:46 +0100
Subject: [PATCH 0211/3949] remove pdo_mysql

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2884d025..c1c5905b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -53,7 +53,6 @@ RUN set -ex; \
         ldap \
         opcache \
         pcntl \
-        pdo_mysql \
         pdo_pgsql \
         zip \
         gmp \

From 211ce3c69b0391d5705bed53002756616852273b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Dec 2022 12:06:33 +0000
Subject: [PATCH 0212/3949] Bump ubuntu from focal-20221019 to focal-20221130
 in /Containers/talk

Bumps ubuntu from focal-20221019 to focal-20221130.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d7b5e4dd..309f1bae 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20221019
+FROM ubuntu:focal-20221130
 
 RUN set -ex; \
     \

From af1612cda1345e3792bdc1fd3cad74ada56e60dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Dec 2022 12:14:04 +0000
Subject: [PATCH 0213/3949] Bump elasticsearch from 7.17.7 to 7.17.8 in
 /Containers/fulltextsearch

Bumps elasticsearch from 7.17.7 to 7.17.8.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 9569eb65..5855f000 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.7
+FROM elasticsearch:7.17.8
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 

From 85999c297cd34a31b17617c3d3f2acf0f6f3f0b6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 12 Dec 2022 18:16:24 +0100
Subject: [PATCH 0214/3949] also back up the fulltextsearch volume

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 php/containers.json                   | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d90f02a5..8d23eca9 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,7 @@ if [ "$BORG_MODE" = backup ]; then
 
     # Test that nothing is empty
     for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ]; then
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
             echo "$directory is empty which is not allowed."
             exit 1
         fi
diff --git a/php/containers.json b/php/containers.json
index 9412ed63..b603fe09 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -290,6 +290,11 @@
           "name": "%BORGBACKUP_HOST_LOCATION%",
           "location": "/mnt/borgbackup",
           "writeable": true
+        },
+        {
+          "name": "nextcloud_aio_elasticsearch",
+          "location": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+          "writeable": true
         }
       ],
       "secrets": [

From df9457bd915fb7aefda6d7b820f56716ecf979d2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Dec 2022 00:33:57 +0100
Subject: [PATCH 0215/3949] manual-install - remove container_name so that it
 should run using docker-swarm too

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 6981ad6e..3cf0eed6 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -101,6 +101,8 @@ echo "" >> containers.yml
 
 echo "$OUTPUT" >> containers.yml
 
+sed -i '/container_name/d' containers.yml
+
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 echo "" >> containers.yml

From d9f994fc5d41e715a09652db3a6804e4b5aed62b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Dec 2022 00:45:48 +0100
Subject: [PATCH 0216/3949] fix spaces in env file

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 6981ad6e..def0a763 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -59,7 +59,7 @@ done
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
-sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
@@ -76,7 +76,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf

From aa32d496e618b358a3e3b5d99ddc3be961ae3c4b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Dec 2022 00:47:53 +0100
Subject: [PATCH 0217/3949] Update sample.conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/sample.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 54ae4aff..35e18307 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -3,7 +3,7 @@ AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
-COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
+COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
@@ -18,7 +18,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.

From 7cf9fe8decf2fc861d1e4674abda049eedd883ad Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 13 Dec 2022 04:22:52 +0000
Subject: [PATCH 0218/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 55d4d585..ec5b3e27 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.1.0@4defa177c89397c5e14737a80fe4896584130674">
+<files psalm-version="5.2.0@fb685a16df3050d4c18d8a4100fe83abe6458cba">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From f9290e49c88f97dfab47efe39916c796b2d2252f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Dec 2022 12:04:55 +0000
Subject: [PATCH 0219/3949] Bump redis from 6.2.7-alpine to 6.2.8-alpine in
 /Containers/redis

Bumps redis from 6.2.7-alpine to 6.2.8-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 620f3739..41081bff 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.7-alpine
+FROM redis:6.2.8-alpine
 
 RUN apk add --update --no-cache openssl bash
 

From ab5369023bdcedb8764d02a396ea66e0ca0368fe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 9 Dec 2022 11:29:32 +0100
Subject: [PATCH 0220/3949] update to Nextcloud 25

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 app/appinfo/info.xml            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2884d025..93127e04 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -104,7 +104,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.8
+ENV NEXTCLOUD_VERSION 25.0.2
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 1f9c05c8..69cfa58d 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
-	<version>0.2.0</version>
+	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="23" max-version="24"/>
+		<nextcloud min-version="24" max-version="25"/>
 	</dependencies>
 
 	<settings>

From bea8ca86dd54c432b15f3610adae58b338ed5254 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 9 Dec 2022 11:43:50 +0100
Subject: [PATCH 0221/3949] add a volume for collabora fonts

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 9412ed63..e1d5dfe5 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -201,7 +201,13 @@
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%"
       ],
-      "volumes": [],
+      "volumes": [
+        {
+          "name": "nextcloud_aio_collabora_fonts",
+          "location": "/opt/cool/systemplate/tmpfonts",
+          "writeable": true
+        }
+      ],
       "secrets": [],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"

From 52b8bf06965d6ad27e37dc14a6fec9ce85d2877e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 9 Dec 2022 12:42:15 +0100
Subject: [PATCH 0222/3949] make collabora more safe

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7ff28ee2..55d98659 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -400,6 +400,44 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
+    # Make collabora more save
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
+    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv4_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv4_ADDRESS"
+            fi
+        fi
+    else
+        echo "Warning: No ipv4-address found for the collabora container."
+    fi
+    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv6_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv6_ADDRESS"
+            fi
+        fi
+    else
+        echo "No ipv6-address found for the collabora container."
+    fi
+    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
+        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
+    else
+        echo "Warning: wopi_allowlist is empty which should not be the case!"
+    fi
 else
     if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:remove richdocuments

From c6e45ef3789b64a460549a49dc31f5b46495b9ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Dec 2022 15:06:47 +0100
Subject: [PATCH 0223/3949] add exception for elasticsearch and re-order the
 exceptions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 8d23eca9..bacfa1b5 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -258,13 +258,14 @@ if [ "$BORG_MODE" = restore ]; then
 
     # Restore everything except the configuration file
     if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_elasticsearch" \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
+    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
-    --exclude "nextcloud_aio_apache/caddy/"** \
-    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/session/"** \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

From bd81c3133f7f64796f6728b6c458e092adf88c6c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 12 Dec 2022 19:50:13 +0100
Subject: [PATCH 0224/3949] also sync autoconfig files

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7ff28ee2..63ec1d36 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -176,6 +176,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
             fi
         done
+        rsync -rlD --delete -vv --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
         rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         echo "Initializing finished"
 

From e5ca49356c4235139f820d8d35ef4437e256cf1e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Dec 2022 12:06:35 +0000
Subject: [PATCH 0225/3949] Bump cirrus-actions/rebase from 1.7 to 1.8

Bumps [cirrus-actions/rebase](https://github.com/cirrus-actions/rebase) from 1.7 to 1.8.
- [Release notes](https://github.com/cirrus-actions/rebase/releases)
- [Commits](https://github.com/cirrus-actions/rebase/compare/1.7...1.8)

---
updated-dependencies:
- dependency-name: cirrus-actions/rebase
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/command-rebase.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 2279065b..4df2ab24 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -37,7 +37,7 @@ jobs:
           token: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.7
+        uses: cirrus-actions/rebase@1.8
         env:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 

From 6b3be9d6e83baa3cc9056af185f65fbac509e286 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Nov 2022 16:44:51 +0100
Subject: [PATCH 0226/3949] remove the apporder app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 9 +++++++--
 docker-compose.yml                      | 2 +-
 manual-install/sample.conf              | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 7 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 63ec1d36..d516138f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -281,8 +281,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                         if [ "${APPSTORAGE[$app]}" != "no" ]; then
                             echo "Enabling $app..."
                             if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
-                                echo "$app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
-                                bash /notify.sh "Could not enable the $app after the Nextcloud update!" "Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                if [ "$app" = apporder ]; then
+                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
+                                else
+                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                fi
+                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
                                 continue
                             fi
                             # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
diff --git a/docker-compose.yml b/docker-compose.yml
index b118e11a..56255140 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 35e18307..ae1ed7d0 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -18,7 +18,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 5450a788..b9fb1373 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -76,7 +76,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a9b209e9..c389fa25 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -726,7 +726,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'twofactor_totp deck tasks calendar contacts apporder';
+        return 'twofactor_totp deck tasks calendar contacts';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index 77ddb729..b6591d73 100644
--- a/readme.md
+++ b/readme.md
@@ -467,7 +467,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 63a37502..6e4a088a 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 

From d20cf5777f9f0d5869392781521298842cad2c9f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 26 Nov 2022 14:43:21 +0100
Subject: [PATCH 0227/3949] remove the twofactor_totp app since it is bundled
 now

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 56255140..e7e1bc02 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c389fa25..9d21922e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -726,7 +726,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'twofactor_totp deck tasks calendar contacts';
+        return 'deck tasks calendar contacts';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index b6591d73..0c407a73 100644
--- a/readme.md
+++ b/readme.md
@@ -467,7 +467,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 6e4a088a..b0fca4f8 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 

From 882fd3be26d177db2271922770f018b7ebfef725 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 9 Dec 2022 11:38:33 +0100
Subject: [PATCH 0228/3949] add a volume for redis

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index b603fe09..daed5d6f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -178,7 +178,13 @@
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "TZ=%TIMEZONE%"
       ],
-      "volumes": [],
+      "volumes": [
+        {
+          "name": "nextcloud_aio_redis",
+          "location": "/data",
+          "writeable": true
+        }
+      ],
       "secrets": [
         "REDIS_PASSWORD",
         "ONLYOFFICE_SECRET"

From 79946a876c3a1018110d7e2fa4a574b435e8198a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Dec 2022 14:32:38 +0100
Subject: [PATCH 0229/3949] remove the redis database once a backup gets
 restored

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 3 +++
 php/containers.json                   | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index bacfa1b5..7640d441 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -337,6 +337,9 @@ if [ "$BORG_MODE" = restore ]; then
     # Add file to Nextcloud container so that it performs a fingerprint update the next time
     touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
     chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+
+    # Delete redis cache
+    rm -f "/mnt/redis/dump.rdb"
 fi
 
 # Do the Backup check
diff --git a/php/containers.json b/php/containers.json
index daed5d6f..76247dd3 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -301,6 +301,11 @@
           "name": "nextcloud_aio_elasticsearch",
           "location": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
           "writeable": true
+        },
+        {
+          "name": "nextcloud_aio_redis",
+          "location": "/mnt/redis",
+          "writeable": true
         }
       ],
       "secrets": [

From 71231b9b8bf349656fa0cdbd13b48bc5b6766884 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Dec 2022 12:20:04 +0100
Subject: [PATCH 0230/3949] increase to 4.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 33d9cf1b..c31d2f1b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v3.2.0</h1>
+        <h1>Nextcloud AIO v4.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From fb6668755cbcb93b447a99b48a05aadb686c8c0d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Dec 2022 14:32:03 +0100
Subject: [PATCH 0231/3949] make rsync less verbose

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d516138f..37abacc2 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -176,7 +176,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
             fi
         done
-        rsync -rlD --delete -vv --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
         rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         echo "Initializing finished"
 

From 9b3ad327646a852e8cbe152a7e9b8d9d988e9bf1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Dec 2022 15:09:39 +0100
Subject: [PATCH 0232/3949] fix restoring of elasticsearch volume

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 7640d441..397cf700 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -259,7 +259,8 @@ if [ "$BORG_MODE" = restore ]; then
     # Restore everything except the configuration file
     if ! rsync --stats --archive --human-readable -vv --delete \
     --exclude "nextcloud_aio_apache/caddy/"** \
-    --exclude "nextcloud_aio_elasticsearch" \
+    --exclude "nextcloud_aio_elasticsearch/" \
+    --include "nextcloud_aio_elasticsearch/"** \
     --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \

From 0b961c9dfc6c7f90f75c3ade89ec30e8492063f9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Dec 2022 10:36:13 +0100
Subject: [PATCH 0233/3949] try - catch is not needed for onlyoffice js

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/disable-onlyoffice.js  | 6 ++----
 php/public/options-form-submit.js | 6 ++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/php/public/disable-onlyoffice.js b/php/public/disable-onlyoffice.js
index b4d30dec..f9c7eebc 100644
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,9 +1,7 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // OnlyOffice
-    try {
-        var onlyoffice = document.getElementById("onlyoffice");
+    var onlyoffice = document.getElementById("onlyoffice");
+    if (onlyoffice) {
         onlyoffice.disabled = true;
-    } catch (error) {
-        // console.error(error);
     }
 });
\ No newline at end of file
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index e602f177..6d017315 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -13,11 +13,9 @@ document.addEventListener("DOMContentLoaded", function(event) {
     clamav.addEventListener('change', makeOptionsFormSubmitVisible);
 
     // OnlyOffice
-    try {
-        var onlyoffice = document.getElementById("onlyoffice");
+    var onlyoffice = document.getElementById("onlyoffice");
+    if (onlyoffice) {
         onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
-    } catch (error) {
-        // console.error(error);
     }
 
     // Collabora

From e18f8308ed410d354d6f6e1aa793ecfbe92b8165 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Dec 2022 10:57:42 +0100
Subject: [PATCH 0234/3949] Don't start the Nextcloud container if the
 installation failed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 37abacc2..aa3fea26 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -79,6 +79,14 @@ if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
     exit 1
 fi
 
+# Do not start the container if the install failed
+if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
+    echo "The initial Nextcloud installation failed."
+    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
+    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
 if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     if version_greater "$image_version" "$installed_version"; then
@@ -203,6 +211,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             done
             if [ "$try" -gt "$max_retries" ]; then
                 echo "installing of nextcloud failed!"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1
             fi
 

From 08aa2eece3b22e9363e2325975238610b15a3617 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Dec 2022 12:36:51 +0100
Subject: [PATCH 0235/3949] fix Clamav starting trap

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 +++++++-
 php/templates/containers.twig      | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 37abacc2..ac1c285e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -463,10 +463,16 @@ fi
 
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
-    while ! nc -z "$CLAMAV_HOST" 3310; do
+    CLAMAV_COUNT=0
+    while ! nc -z "$CLAMAV_HOST" 3310 && [ "$CLAMAV_COUNT" -lt 90 ]; do
         echo "waiting for clamav to become available..."
+        CLAMAV_COUNT=$((CLAMAV_COUNT + 5))
         sleep 5
     done
+    if [ "$CLAMAV_COUNT" -ge 90 ]; then
+        echo "Error: ClamAV was not reachable within 90s."
+        exit 1
+    fi
     if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
         php /var/www/html/occ app:install files_antivirus
     elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c31d2f1b..0f642d33 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -562,7 +562,7 @@
             {% endif %}
         {% endif %}
 
-    {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
+    {% if isAnyRestarting == false and (isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true) %}
         <script type="text/javascript" src="automatic_reload.js"></script>
     {% else %}
         <script type="text/javascript" src="before-unload.js"></script>

From b90226282a742d2d9b086a808429f8f4aae2a6e1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Dec 2022 10:48:39 +0100
Subject: [PATCH 0236/3949] add stdbuf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2dbb9614..ee73e968 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -198,6 +198,7 @@ RUN set -ex; \
         mawk \
         sudo \
         grep \
+        coreutils \
     ; \
     rm -rf /var/lib/apt/lists/*
 

From 1bd3c2cb4c569f99db4e12cc159dbc731a95e795 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Dec 2022 18:12:03 +0100
Subject: [PATCH 0237/3949] add a further hint

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ac1c285e..c9ae6884 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -470,7 +470,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         sleep 5
     done
     if [ "$CLAMAV_COUNT" -ge 90 ]; then
-        echo "Error: ClamAV was not reachable within 90s."
+        echo "Error: ClamAV was not reachable within 90s. Most likely is your RAM not big enough to let it start correctly."
         exit 1
     fi
     if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then

From 3c40abbb60b69663fd107910a011c9194d607249 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Dec 2022 18:00:33 +0100
Subject: [PATCH 0238/3949] make more clear what to do when borg check fails

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 33d9cf1b..d95e150f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -111,7 +111,7 @@
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html?highlight=repair#:~:text=repairing%20a%20damaged%20repository"><b>this documentation</b></a>
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a>
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -328,6 +328,9 @@
                                 <h2>Backup and restore</h2>
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == "check" %}
+                                        The backup archive seems to be corrupt. You can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                    {% endif %}
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
                                         <form method="POST" action="/api/configuration" class="xhr">

From 1dee9c465c89d4f811e68667bad297561de19017 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 12:33:24 +0100
Subject: [PATCH 0239/3949] reload in case of undefined response

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/forms.js | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 4202f31e..029dfd5d 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -19,12 +19,13 @@
     const xhr = e.target;
     if (xhr.status === 201) {
       window.location.replace(xhr.getResponseHeader('Location'));
-    }
-    if (xhr.status === 422) {
+    } else if (xhr.status === 422) {
       showError(xhr.response);
-    }
-    if (xhr.status === 500) {
-      showError("Server error. Please see the logs for details.");
+    } else if (xhr.status === 500) {
+      showError("Server error. Please check the mastercontainer logs for details.");
+    } else {
+      // If the responose is not one of the above, we should reload to show the latest content
+      window.location.reload(1);
     }
   }
 

From 3f775653a017b289ccd1cedbdc56053ec6b7f019 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 15:30:45 +0100
Subject: [PATCH 0240/3949] Revert "fix Clamav starting trap"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 +-------
 php/templates/containers.twig      | 2 +-
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 81d0c697..aa3fea26 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -472,16 +472,10 @@ fi
 
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
-    CLAMAV_COUNT=0
-    while ! nc -z "$CLAMAV_HOST" 3310 && [ "$CLAMAV_COUNT" -lt 90 ]; do
+    while ! nc -z "$CLAMAV_HOST" 3310; do
         echo "waiting for clamav to become available..."
-        CLAMAV_COUNT=$((CLAMAV_COUNT + 5))
         sleep 5
     done
-    if [ "$CLAMAV_COUNT" -ge 90 ]; then
-        echo "Error: ClamAV was not reachable within 90s. Most likely is your RAM not big enough to let it start correctly."
-        exit 1
-    fi
     if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
         php /var/www/html/occ app:install files_antivirus
     elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e41d0fcb..fa2f303d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -565,7 +565,7 @@
             {% endif %}
         {% endif %}
 
-    {% if isAnyRestarting == false and (isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true) %}
+    {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
         <script type="text/javascript" src="automatic_reload.js"></script>
     {% else %}
         <script type="text/javascript" src="before-unload.js"></script>

From f4944fbf92d5c2274eb28fa8d34d72a60e9b8266 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 15:33:28 +0100
Subject: [PATCH 0241/3949] change clamd startup timeout to 90s

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index b757478c..77bbcb76 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -371,7 +371,8 @@
         "3310"
       ],
       "environmentVariables": [
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "CLAMD_STARTUP_TIMEOUT=90"
       ],
       "volumes": [
         {

From 331442fe388035e986e8b8efb8732cf185062cdb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 15:43:34 +0100
Subject: [PATCH 0242/3949] add two more points to manual-install

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 24efebca..da98efa8 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -5,12 +5,14 @@ You can run the containers that are build for AIO with docker-compose. This come
 ### Advantages
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
+- You can run the containers with docker swarm
 
 ### Disadvantages
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
 - You need to know what you are doing, especially when modifying the docker-compose file
+- For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
 
 ## How to use this?

From e389a17a7441fb3145e1ec83c0af4d85542f2c66 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 16:03:03 +0100
Subject: [PATCH 0243/3949] try to fix the elasticsearch inclusion

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 397cf700..7f185b8a 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -259,8 +259,8 @@ if [ "$BORG_MODE" = restore ]; then
     # Restore everything except the configuration file
     if ! rsync --stats --archive --human-readable -vv --delete \
     --exclude "nextcloud_aio_apache/caddy/"** \
-    --exclude "nextcloud_aio_elasticsearch/" \
     --include "nextcloud_aio_elasticsearch/"** \
+    --exclude "nextcloud_aio_elasticsearch/" \
     --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \

From 70b87ed9f89148bdb304a50f28033d874e067a91 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 16:14:11 +0100
Subject: [PATCH 0244/3949] try to fix it

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 7f185b8a..30c09a64 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -260,7 +260,7 @@ if [ "$BORG_MODE" = restore ]; then
     if ! rsync --stats --archive --human-readable -vv --delete \
     --exclude "nextcloud_aio_apache/caddy/"** \
     --include "nextcloud_aio_elasticsearch/"** \
-    --exclude "nextcloud_aio_elasticsearch/" \
+    --exclude "nextcloud_aio_elasticsearch" \
     --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \

From de01850279e06605c7bb46934c4529ccb08dc992 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 16:20:58 +0100
Subject: [PATCH 0245/3949] another attempt

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 30c09a64..9710dd4f 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -259,8 +259,6 @@ if [ "$BORG_MODE" = restore ]; then
     # Restore everything except the configuration file
     if ! rsync --stats --archive --human-readable -vv --delete \
     --exclude "nextcloud_aio_apache/caddy/"** \
-    --include "nextcloud_aio_elasticsearch/"** \
-    --exclude "nextcloud_aio_elasticsearch" \
     --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \

From 4ab3520d10915673b70cce448c5f47240b170ea9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 16:38:58 +0100
Subject: [PATCH 0246/3949] another one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 9710dd4f..c115d024 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -265,6 +265,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --filter='protect /nextcloud_aio_elasticsearch/' \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

From 756511f16afaac36f0d78d80891ec81c656878fa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Dec 2022 16:46:11 +0100
Subject: [PATCH 0247/3949] This does not work

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index c115d024..9710dd4f 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -265,7 +265,6 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/session/"** \
-    --filter='protect /nextcloud_aio_elasticsearch/' \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

From 65b6d7e6b1497b6a02ba5bca482d3f5e4b0d878a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Dec 2022 15:02:26 +0100
Subject: [PATCH 0248/3949] make more clear which FS is recommended for docker

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0c407a73..8014fb2d 100644
--- a/readme.md
+++ b/readme.md
@@ -488,7 +488,7 @@ The files and folders that you add to Nextcloud are by default stored in the fol
 After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
 
 ### How to store the files/installation on a separate drive?
-You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
+You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
 (Of course docker needs to be installed first for this to work.)
 
 ### How to edit Nextclouds config.php file with a texteditor?

From 6a509513a34296c30d27ff1ec9a92944d016c43e Mon Sep 17 00:00:00 2001
From: thigg <thigg@users.noreply.github.com>
Date: Sun, 18 Dec 2022 18:17:43 +0100
Subject: [PATCH 0249/3949] Added cifs/smb config help to readme

Signed-off-by: thigg <thigg@users.noreply.github.com>
---
 readme.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/readme.md b/readme.md
index 8014fb2d..cf00ebb4 100644
--- a/readme.md
+++ b/readme.md
@@ -432,6 +432,23 @@ You can configure the Nextcloud container to use a specific directory on your ho
     -o o="bind"
     ```
     (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+⚠️️ **Attention**: Make sure the user www-data can access the folder.  
+
+#### Can I use a CIFS/SMB share as Datadir? ####
+
+Sure. Add this to your `etc/fstab`:
+
+```
+//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials.txt,uid=www-data,gid=0,file_mode=0770,dir_mode=0770 0 0
+```
+
+and into `/etc/storage-credentials.txt`:
+```
+username=<smb/cifs username>
+password=<password>
+```
+
+Now you can use /mnt/storagebox as Datadir like described above
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.

From 42c7e86ee9a9c227e09e36a3ca9314e92af877c2 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Mon, 19 Dec 2022 04:22:03 +0000
Subject: [PATCH 0250/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ec5b3e27..905eba46 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.2.0@fb685a16df3050d4c18d8a4100fe83abe6458cba">
+<files psalm-version="5.3.0@b6faa3e96b8eb50ec71384c53799b8a107236bb6">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From f3bfc2beb73110231fd3f84b67c14203beaa7d0e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Dec 2022 14:04:19 +0100
Subject: [PATCH 0251/3949] a few improvements

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/readme.md b/readme.md
index cf00ebb4..3407bbdf 100644
--- a/readme.md
+++ b/readme.md
@@ -431,24 +431,24 @@ You can configure the Nextcloud container to use a specific directory on your ho
     -o type="none" ^
     -o o="bind"
     ```
-    (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
-⚠️️ **Attention**: Make sure the user www-data can access the folder.  
+(The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
 
-#### Can I use a CIFS/SMB share as Datadir? ####
+### Can I use a CIFS/SMB share as Nextcloud's datadir?
 
-Sure. Add this to your `etc/fstab`:
+Sure. Add this to the `/etc/fstab` file: <br>
+`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+(Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
 
-```
-//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials.txt,uid=www-data,gid=0,file_mode=0770,dir_mode=0770 0 0
-```
-
-and into `/etc/storage-credentials.txt`:
+One example could look like this:<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+and add into `/etc/storage-credentials`:
 ```
 username=<smb/cifs username>
 password=<password>
 ```
+(Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
 
-Now you can use /mnt/storagebox as Datadir like described above
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above above this one.
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.

From 01ea8900ccb6c2a15f2d3f6477deaf226b176df6 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 20 Dec 2022 04:21:42 +0000
Subject: [PATCH 0252/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 905eba46..e62c34f0 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.3.0@b6faa3e96b8eb50ec71384c53799b8a107236bb6">
+<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

From e47b58312a9f5c58f9dcf4524e8f33b9004d12b3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Dec 2022 10:59:01 +0100
Subject: [PATCH 0253/3949] improve database import

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index fae1cce4..f2be4fc0 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -20,6 +20,13 @@ if ! [ -w "$DUMP_DIR" ]; then
     exit 1
 fi
 
+# Don't start if import failed
+if [ -f "$DUMP_DIR/import.failed" ]; then
+    echo "The database import failed. Please restore a backup and try again."
+    echo "For further clues on what went wrong, look at the logs above."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
     set -ex
@@ -48,6 +55,9 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     # Inform
     echo "Restoring from database dump."
 
+    # Add import.failed file
+    touch "$DUMP_DIR/import.failed"
+
     # Exit if any command fails
     set -ex
 
@@ -76,7 +86,12 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
 
     # Get the Owner
     DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
-    if [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
+        DIFFERENT_DB_OWNER=1
+        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+            ALTER DATABASE "$POSTGRES_DB" OWNER TO "$POSTGRES_USER";
+EOSQL
+    elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
         DIFFERENT_DB_OWNER=1
         psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
             CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
@@ -104,6 +119,9 @@ EOSQL
 
     # Don't exit if command fails anymore
     set +ex
+
+    # Remove import failed file if everything went correctly
+    rm "$DUMP_DIR/import.failed"
 fi
 
 # Cover the last case

From e70bc8c5f719e2a097a10421a0686027900eba34 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Dec 2022 11:16:50 +0100
Subject: [PATCH 0254/3949] fix the turn:add syntax

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index aa3fea26..ed816975 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -455,7 +455,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     fi
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
     if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"

From 730d4e1bee68d4537919b1c4aae8e5e34ce320a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Dec 2022 12:06:41 +0000
Subject: [PATCH 0255/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.8.4.1 to 22.05.9.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 1a168ca6..5d7a6d40 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.8.4.1
+FROM collabora/code:22.05.9.2.1
 
 USER root
 

From edb616b18cb2c0a617fbc892e0837c44cb382b73 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Dec 2022 17:07:43 +0100
Subject: [PATCH 0256/3949] add logging to database import

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index f2be4fc0..971bb6cc 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -52,6 +52,10 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
         exit 1
     fi
 
+    # Write output to logfile.
+    exec > >(tee -i "$DUMP_DIR/database-import.log")
+    exec 2>&1
+
     # Inform
     echo "Restoring from database dump."
 

From 70a03ba1ae2c0b161165ceaf89930a100f9aae15 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Dec 2022 23:54:30 +0100
Subject: [PATCH 0257/3949] add facerecognition notice to the readme

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 3407bbdf..0e82ce4c 100644
--- a/readme.md
+++ b/readme.md
@@ -496,6 +496,9 @@ Some Nextcloud apps require additional php extensions that must be bundled withi
 
 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
+### What about the pdlib PHP extension for the facerecognition app?
+The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 

From 0239788c786905ec715edad21044760caf65350f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 21 Dec 2022 11:22:19 +0100
Subject: [PATCH 0258/3949] make the turnserver more reliable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 4 +++-
 Containers/talk/start.sh   | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 309f1bae..0e596cf0 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -53,11 +53,13 @@ RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.c
 
 RUN mkdir -p /etc/nats; \
     echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    mkdir /var/lib/turn; \
     chown talk:talk /etc; \
     chown talk:talk -R /etc/nats; \
     chown talk:talk -R /etc/janus; \
     chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr
+    chown talk:talk -R /usr; \
+    chown talk:talk -R /var/lib/turn;
 
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index d0a502be..3b7567af 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -15,7 +15,7 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
-# Turn
+# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -29,6 +29,9 @@ stale-nonce
 no-multicast-peers
 simple-log
 pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
 TURN_CONF
 
 # Janus

From a12b1c0e56050ca62957c3b9635e07451016b282 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Dec 2022 12:10:04 +0000
Subject: [PATCH 0259/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20221205-slim to bullseye-20221219-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 8c6fe1e7..a1e5c260 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221205-slim
+FROM debian:bullseye-20221219-slim
 
 RUN set -ex; \
     \

From f4f717c929014e220929c65bb1b1bc6b078de185 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Dec 2022 12:10:40 +0000
Subject: [PATCH 0260/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20221205-slim to bullseye-20221219-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index b20b01fe..dc32cb61 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221205-slim
+FROM debian:bullseye-20221219-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 9184aab3ec0ff6c7f2ddfbc26753cbd93d977af8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 21 Dec 2022 16:10:15 +0100
Subject: [PATCH 0261/3949] add gcompat for the recognize app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ee73e968..61df8d6f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -199,6 +199,7 @@ RUN set -ex; \
         sudo \
         grep \
         coreutils \
+        gcompat \
     ; \
     rm -rf /var/lib/apt/lists/*
 

From 5f68d556724f150cdd1e3b4c9a309b0232adb013 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 21 Dec 2022 23:19:19 +0100
Subject: [PATCH 0262/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index e71c8fae..9488d6fe 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.1.34
+FROM onlyoffice/documentserver:7.2.2.56
 
 HEALTHCHECK CMD curl -skfI localhost || exit 1
\ No newline at end of file

From 73e029ec237b5b3cdaaa4aa404a8309beb3e6672 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 00:08:53 +0100
Subject: [PATCH 0263/3949] improve the reverse proxy documentation further

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f0089b63..5f201a6c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,15 +1,16 @@
 # Reverse Proxy Documentation
 
-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface). 
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). 
 
 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
 
-**Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps:
+**Attention** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
-1. If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
-- Optional: get a valid certificate for the AIO interface! See [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface)
-- How to debug things? See [point 5](#5-how-to-debug-things)
+1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
+1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
+1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
+1. How to debug things? See [point 6](#6-how-to-debug-things)
 
 ## 1. Add this to your reverse proxy config
 
@@ -471,16 +472,14 @@ nextcloud/all-in-one:latest
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
----
-
-### How to continue? 
-After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
-
 ## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.
 
 Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is.
 
-## 4. Optional: get a valid certificate for the AIO interface
+## 4. Open the AIO interface.
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+
+## 5. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -498,7 +497,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 5. How to debug things?
+## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)

From 1a7dbb4dab6d394e12ee78e20e731860ade283c8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 00:12:50 +0100
Subject: [PATCH 0264/3949] fix small detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5f201a6c..c4011055 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,13 +4,13 @@
 
 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
 
-**Attention** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
+**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
-1. How to debug things? See [point 6](#6-how-to-debug-things)
+1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
+1.Optional: How to debug things? See [point 6](#6-how-to-debug-things)
 
 ## 1. Add this to your reverse proxy config
 

From 35b87eee9b4dd2d3940ac9a445353bfd3a1c39c6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 00:14:19 +0100
Subject: [PATCH 0265/3949] typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c4011055..c41193b0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -10,7 +10,7 @@ In order to run Nextcloud behind a reverse proxy, you need to specify the port t
 1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
-1.Optional: How to debug things? See [point 6](#6-how-to-debug-things)
+1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
 
 ## 1. Add this to your reverse proxy config
 

From 2ddd9406aa8ebb509ca6b112c7e7b42bacd8375e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 01:02:08 +0100
Subject: [PATCH 0266/3949] the files_lock app should get installed by default
 as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 manual-install/sample.conf              | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e7e1bc02..0e43dea1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts files_lock # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index ae1ed7d0..c1c9f7d2 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -18,7 +18,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index b9fb1373..80b0cef1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -76,7 +76,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9d21922e..5ea83f1f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -726,7 +726,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck tasks calendar contacts';
+        return 'deck tasks calendar contacts files_lock';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index 0e82ce4c..66117dc4 100644
--- a/readme.md
+++ b/readme.md
@@ -484,7 +484,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index b0fca4f8..f956b411 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts files_lock`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 

From e8e01f8687a989768a8a9d4c93803b095cd32648 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 09:44:23 +0100
Subject: [PATCH 0267/3949] increase to 4.0.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fa2f303d..08484823 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.0.0</h1>
+        <h1>Nextcloud AIO v4.0.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d6208a0b18ab9f379a8cf038b495174d45679f17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 10:16:47 +0100
Subject: [PATCH 0268/3949] fix the comment

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 6dc829cf..c30c9d43 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -431,7 +431,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for the collabora container."
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -442,7 +442,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for the collabora container."
+        echo "No ipv6-address found for $NC_DOMAIN."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
         PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'

From ed62ff1ff57b6904ee4c503959a246c1206f7091 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 18:45:17 +0100
Subject: [PATCH 0269/3949] Revert "the files_lock app should get installed by
 default as well"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 manual-install/sample.conf              | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0e43dea1..e7e1bc02 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts files_lock # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index c1c9f7d2..ae1ed7d0 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -18,7 +18,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 80b0cef1..b9fb1373 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -76,7 +76,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5ea83f1f..9d21922e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -726,7 +726,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck tasks calendar contacts files_lock';
+        return 'deck tasks calendar contacts';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index 66117dc4..0e82ce4c 100644
--- a/readme.md
+++ b/readme.md
@@ -484,7 +484,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts files_lock"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index f956b411..b0fca4f8 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts files_lock`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 

From 14e095b56980bcf752a80c484fb58bb7e9dbdcaf Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 23 Dec 2022 00:25:32 +0100
Subject: [PATCH 0270/3949] try to close #1314

Got it from: https://stackoverflow.com/a/41388585 & https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
In my test, it works

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c41193b0..475345a3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -46,10 +46,11 @@ Add this as a new Apache site config:
     RewriteEngine On
     ProxyPreserveHost On
     AllowEncodedSlashes NoDecode
-    ProxyPass / http://localhost:11000/
+    ProxyPass / http://localhost:11000/ nocanon
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:11000/$1" [P,QSA,B=?:;]
+    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
+    RewriteRule .? "ws://localhost:11000/%1" [P,L]
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1

From ce165e05a1708eb9f1187420ff0559d0991f97fb Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Fri, 23 Dec 2022 15:45:22 +0100
Subject: [PATCH 0271/3949] manual-install: add docker profiles for optional
 services

Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 manual-install/latest-arm64.yml | 21 +++++++++++++--------
 manual-install/latest.yml       | 24 +++++++++++++++---------
 manual-install/readme.md        |  5 +++++
 3 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index 6b6198db..d4eb4661 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -28,7 +28,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-database:
     container_name: nextcloud-aio-database
     image: nextcloud/aio-postgresql:latest-arm64
@@ -45,7 +45,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-nextcloud:
     container_name: nextcloud-aio-nextcloud
     depends_on:
@@ -101,7 +101,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-redis:
     container_name: nextcloud-aio-redis
     image: nextcloud/aio-redis:latest-arm64
@@ -112,9 +112,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-collabora:
     container_name: nextcloud-aio-collabora
+    profiles: ["collabora"]
     image: nextcloud/aio-collabora:latest-arm64
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
@@ -125,9 +126,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-talk:
     container_name: nextcloud-aio-talk
+    profiles: ["talk"]
     image: nextcloud/aio-talk:latest-arm64
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
@@ -143,9 +145,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-onlyoffice:
     container_name: nextcloud-aio-onlyoffice
+    profiles: ["onlyoffice"]
     image: nextcloud/aio-onlyoffice:latest-arm64
     environment:
       - TZ=${TIMEZONE}
@@ -158,9 +161,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-imaginary:
     container_name: nextcloud-aio-imaginary
+    profiles: ["imaginary"]
     image: nextcloud/aio-imaginary:latest-arm64
     environment:
       - TZ=${TIMEZONE}
@@ -168,9 +172,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-fulltextsearch:
     container_name: nextcloud-aio-fulltextsearch
+    profiles: ["fulltextsearch"]
     image: nextcloud/aio-fulltextsearch:latest-arm64
     environment:
       - TZ=${TIMEZONE}
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 02300f94..6a5c89e9 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -28,7 +28,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-database:
     container_name: nextcloud-aio-database
     image: nextcloud/aio-postgresql:latest
@@ -45,7 +45,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-nextcloud:
     container_name: nextcloud-aio-nextcloud
     depends_on:
@@ -104,7 +104,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-redis:
     container_name: nextcloud-aio-redis
     image: nextcloud/aio-redis:latest
@@ -115,9 +115,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-collabora:
     container_name: nextcloud-aio-collabora
+    profiles: ["collabora"]
     image: nextcloud/aio-collabora:latest
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
@@ -128,9 +129,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-talk:
     container_name: nextcloud-aio-talk
+    profiles: ["talk"]
     image: nextcloud/aio-talk:latest
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
@@ -146,9 +148,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-clamav:
     container_name: nextcloud-aio-clamav
+    profiles: ["clamav"]
     image: nextcloud/aio-clamav:latest
     environment:
       - TZ=${TIMEZONE}
@@ -158,9 +161,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-onlyoffice:
     container_name: nextcloud-aio-onlyoffice
+    profiles: ["onlyoffice"]
     image: nextcloud/aio-onlyoffice:latest
     environment:
       - TZ=${TIMEZONE}
@@ -173,9 +177,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-imaginary:
     container_name: nextcloud-aio-imaginary
+    profiles: ["imaginary"]
     image: nextcloud/aio-imaginary:latest
     environment:
       - TZ=${TIMEZONE}
@@ -183,9 +188,10 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-fulltextsearch:
     container_name: nextcloud-aio-fulltextsearch
+    profiles: ["fulltextsearch"]
     image: nextcloud/aio-fulltextsearch:latest
     environment:
       - TZ=${TIMEZONE}
diff --git a/manual-install/readme.md b/manual-install/readme.md
index da98efa8..c496680b 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -27,6 +27,11 @@ Now copy the provided yaml file to a docker-compose file by running on x64 `cp l
 
 Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
 
+## Docker profiles
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
+
+For a complete all-in-one with collabora use `sudo docker-compose --env-file my.conf --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.
+
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
 1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers

From 950ab32d26753d06748c8b35a575e97a382c61fc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 17:02:47 +0100
Subject: [PATCH 0272/3949] update mastercontainerto php 8.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/create-psalm-container.yml   | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 4 ++--
 .github/workflows/psalm-analysis.yml           | 4 ++--
 .github/workflows/psalm-update-baseline.yml    | 4 ++--
 Containers/mastercontainer/Dockerfile          | 2 +-
 php/composer.json                              | 4 ++--
 8 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml
index d4b021a3..36407589 100644
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Modify the Dockerfile
         run: |
           set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
           cat << APCU >> "psalm-github-actions/Dockerfile"
           RUN mkdir -p /usr/src/php/ext/apcu && \
             curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9e0af73e..72a0a5e7 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: nanasess/setup-php@master
       with:
-        php-version: 8.0
+        php-version: 8.1
         extensions: apcu
     - name: Run dependency update script
       run: |
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 730d2aa4..28fae11b 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.0"]
+        php-versions: ["8.1"]
 
     name: php-lint
 
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index bd25a68e..d45feade 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-analysis.yml b/.github/workflows/psalm-analysis.yml
index 0a5a42ad..5994862c 100644
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 8492f071..53f2ec68 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 816954b0..a83454e0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.26-apache-bullseye
+FROM php:8.1.13-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/php/composer.json b/php/composer.json
index 5a0d46ed..d20a4fb7 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.0 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
 	}
 }

From fbe8316e1d31e98f959dd7c8d75a15733948689a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 23 Dec 2022 16:05:36 +0000
Subject: [PATCH 0273/3949] dependency updates

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/composer.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d8ec0b70..a31bf0a0 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "46e4dcf2df4e1a85aba17d664cacd815",
+    "content-hash": "7a318338d9e074d6f02e1fba5b3dda24",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1375,25 +1375,25 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.0.2",
+            "version": "v3.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/1ee04c65529dea5d8744774d474e7cbd2f1206d3",
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2"
+                "php": ">=8.1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.3-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1422,7 +1422,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.0"
             },
             "funding": [
                 {
@@ -1438,7 +1438,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-01-02T09:55:41+00:00"
+            "time": "2022-11-25T10:21:52+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -1768,7 +1768,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

From 7dc4edc1e037002f7d078db0764f89342cf77762 Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Fri, 23 Dec 2022 17:23:49 +0100
Subject: [PATCH 0274/3949] manual-install: update readme to use default docker
 environment file .env

Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 .gitignore               |  3 ++-
 manual-install/readme.md | 11 ++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index a27e8815..db327d1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 /php/vendor
 /manual-install/*.conf
 !/manual-install/sample.conf
-/manual-install/docker-compose.yml
\ No newline at end of file
+/manual-install/docker-compose.yml
+/manual-install/.env
diff --git a/manual-install/readme.md b/manual-install/readme.md
index da98efa8..617eee60 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -21,20 +21,21 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
 
 Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
 
-Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+Now you should be ready to go with `sudo docker-compose up`.
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env`
+1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
-1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
+1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.
 
 ## FAQ
 ### Backup and restore?

From a81be7c35c988e5d925199f154121f2085cdf555 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 21:40:15 +0100
Subject: [PATCH 0275/3949] update script to add the profiles option
 automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index b9fb1373..78fcb211 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -92,6 +92,11 @@ do
     if [ "$name" != "nextcloud-aio-apache" ]; then
         OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
     fi
+    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
+        sed -i '/container_name/d' containers.yml
+        SLIM_NAME="${name##nextcloud-aio-}"
+        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
+    fi
 done
 
 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"

From 653c63565ef7b02b5ed79cb92db1279fb2cb7b11 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 21:53:01 +0100
Subject: [PATCH 0276/3949] remove spaces in empty lines

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 78fcb211..21d6c261 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -107,6 +107,7 @@ echo "" >> containers.yml
 echo "$OUTPUT" >> containers.yml
 
 sed -i '/container_name/d' containers.yml
+sed -i 's|^ $||' containers.yml
 
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
@@ -131,7 +132,7 @@ sed -i '/image:/s/$/:latest/' latest.yml
 
 cat containers.yml > latest-arm64.yml
 sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
+sed -i '/  nextcloud-aio-clamav:/,/^$/d' latest-arm64.yml
 sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
 sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
 

From 377058cef1ae8113b868ac472d686756843664fb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 22:03:00 +0100
Subject: [PATCH 0277/3949] make description of the mv command a bit clearer

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 617eee60..8e52e932 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -29,7 +29,7 @@ Now you should be ready to go with `sudo docker-compose up`.
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env`
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.

From 4750fb228f04012eb2bfd65653c30258615faa01 Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Sat, 24 Dec 2022 10:55:49 +0100
Subject: [PATCH 0278/3949] manual-install: add IMAGE_TAG to omit separate
 latest-arm64.yml (#1591)

* manual-install: add IMAGE_TAG to omit separate latest-arm64.yml

Signed-off-by: ManOki <ManOki@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest-arm64.yml | 208 --------------------------------
 manual-install/latest.yml       |  20 +--
 manual-install/readme.md        |   6 +-
 manual-install/sample.conf      |   3 +-
 manual-install/update-yaml.sh   |  10 +-
 5 files changed, 18 insertions(+), 229 deletions(-)
 delete mode 100644 manual-install/latest-arm64.yml

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
deleted file mode 100644
index d4eb4661..00000000
--- a/manual-install/latest-arm64.yml
+++ /dev/null
@@ -1,208 +0,0 @@
-version: "3.8"
-
-services:
-  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
-    depends_on:
-      - nextcloud-aio-onlyoffice
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest-arm64
-    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - TZ=${TIMEZONE}
-      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
-      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
-      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest-arm64
-    volumes:
-      - nextcloud_aio_database:/var/lib/postgresql/data:rw
-      - nextcloud_aio_database_dump:/mnt/data:rw
-    environment:
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - TZ=${TIMEZONE}
-      - PGTZ=${TIMEZONE}
-    stop_grace_period: 1800s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
-    depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-      - nextcloud-aio-fulltextsearch
-      - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest-arm64
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:rw
-      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
-      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
-    environment:
-      - POSTGRES_HOST=nextcloud-aio-database
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - REDIS_HOST=nextcloud-aio-redis
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
-      - NC_DOMAIN=${NC_DOMAIN}
-      - ADMIN_USER=admin
-      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
-      - OVERWRITEHOST=${NC_DOMAIN}
-      - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - AIO_URL=${AIO_URL}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
-      - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
-      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
-      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
-      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
-      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
-      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
-      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
-      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest-arm64
-    environment:
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    profiles: ["collabora"]
-    image: nextcloud/aio-collabora:latest-arm64
-    environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
-      - dictionaries=${COLLABORA_DICTIONARIES}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    profiles: ["talk"]
-    image: nextcloud/aio-talk:latest-arm64
-    ports:
-      - ${TALK_PORT}:${TALK_PORT}/tcp
-      - ${TALK_PORT}:${TALK_PORT}/udp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    profiles: ["onlyoffice"]
-    image: nextcloud/aio-onlyoffice:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - JWT_ENABLED=true
-      - JWT_HEADER=AuthorizationJwt
-      - JWT_SECRET=${ONLYOFFICE_SECRET}
-    volumes:
-      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    profiles: ["imaginary"]
-    image: nextcloud/aio-imaginary:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    profiles: ["fulltextsearch"]
-    image: nextcloud/aio-fulltextsearch:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - discovery.type=single-node
-      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
-    volumes:
-      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-volumes:
-  nextcloud_aio_apache:
-    name: nextcloud_aio_apache
-  nextcloud_aio_database:
-    name: nextcloud_aio_database
-  nextcloud_aio_database_dump:
-    name: nextcloud_aio_database_dump
-  nextcloud_aio_elasticsearch:
-    name: nextcloud_aio_elasticsearch
-  nextcloud_aio_nextcloud:
-    name: nextcloud_aio_nextcloud
-  nextcloud_aio_onlyoffice:
-    name: nextcloud_aio_onlyoffice
-  nextcloud_aio_nextcloud_data:
-    name: nextcloud_aio_nextcloud_data
-
-networks:
-  nextcloud-aio:
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 6a5c89e9..2c8d94ae 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -8,7 +8,7 @@ services:
       - nextcloud-aio-collabora
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest
+    image: nextcloud/aio-apache:${IMAGE_TAG}
     ports:
       - ${APACHE_PORT}:${APACHE_PORT}/tcp
     environment:
@@ -31,7 +31,7 @@ services:
 
   nextcloud-aio-database:
     container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest
+    image: nextcloud/aio-postgresql:${IMAGE_TAG}
     volumes:
       - nextcloud_aio_database:/var/lib/postgresql/data:rw
       - nextcloud_aio_database_dump:/mnt/data:rw
@@ -54,7 +54,7 @@ services:
       - nextcloud-aio-clamav
       - nextcloud-aio-fulltextsearch
       - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest
+    image: nextcloud/aio-nextcloud:${IMAGE_TAG}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
@@ -107,7 +107,7 @@ services:
 
   nextcloud-aio-redis:
     container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest
+    image: nextcloud/aio-redis:${IMAGE_TAG}
     environment:
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - TZ=${TIMEZONE}
@@ -118,8 +118,8 @@ services:
 
   nextcloud-aio-collabora:
     container_name: nextcloud-aio-collabora
+    image: nextcloud/aio-collabora:${IMAGE_TAG}
     profiles: ["collabora"]
-    image: nextcloud/aio-collabora:latest
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
@@ -132,8 +132,8 @@ services:
 
   nextcloud-aio-talk:
     container_name: nextcloud-aio-talk
+    image: nextcloud/aio-talk:${IMAGE_TAG}
     profiles: ["talk"]
-    image: nextcloud/aio-talk:latest
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -151,8 +151,8 @@ services:
 
   nextcloud-aio-clamav:
     container_name: nextcloud-aio-clamav
+    image: nextcloud/aio-clamav:${IMAGE_TAG}
     profiles: ["clamav"]
-    image: nextcloud/aio-clamav:latest
     environment:
       - TZ=${TIMEZONE}
     volumes:
@@ -164,8 +164,8 @@ services:
 
   nextcloud-aio-onlyoffice:
     container_name: nextcloud-aio-onlyoffice
+    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
     profiles: ["onlyoffice"]
-    image: nextcloud/aio-onlyoffice:latest
     environment:
       - TZ=${TIMEZONE}
       - JWT_ENABLED=true
@@ -180,8 +180,8 @@ services:
 
   nextcloud-aio-imaginary:
     container_name: nextcloud-aio-imaginary
+    image: nextcloud/aio-imaginary:${IMAGE_TAG}
     profiles: ["imaginary"]
-    image: nextcloud/aio-imaginary:latest
     environment:
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
@@ -191,8 +191,8 @@ services:
 
   nextcloud-aio-fulltextsearch:
     container_name: nextcloud-aio-fulltextsearch
+    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
     profiles: ["fulltextsearch"]
-    image: nextcloud/aio-fulltextsearch:latest
     environment:
       - TZ=${TIMEZONE}
       - discovery.type=single-node
diff --git a/manual-install/readme.md b/manual-install/readme.md
index 07a45c5a..ffa026b6 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -21,16 +21,16 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.  For arm64 support use `IMAGE_TAG=latest-arm64` (Note: there is no clamav image for arm64).
 
-Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.
 
 Now you should be ready to go with `sudo docker-compose up`.
 
 ## Docker profiles
 The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
 
-For a complete all-in-one with collabora use `sudo docker-compose --env-file my.conf --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index ae1ed7d0..2eaf66c9 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,8 +1,9 @@
+IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 21d6c261..ac6a9ae9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -46,6 +46,7 @@ do
 done
 
 rm -f sample.conf
+echo 'IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support' >> sample.conf
 VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
 mapfile -t VARIABLES <<< "$VARIABLES"
 for variable in "${VARIABLES[@]}"
@@ -57,6 +58,7 @@ do
 done
 
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
@@ -128,12 +130,6 @@ networks:
 NETWORK
 
 cat containers.yml > latest.yml
-sed -i '/image:/s/$/:latest/' latest.yml
-
-cat containers.yml > latest-arm64.yml
-sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^$/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
-sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml
 
 rm containers.yml

From 7720ed50616872af3375ee07a4fcb55bab9bde98 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:36:19 +0100
Subject: [PATCH 0279/3949] rename identifier to container_name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  7 +++----
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php | 14 +++++++-------
 4 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index ac6a9ae9..b5ad664c 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -7,9 +7,9 @@ sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 
 snap install yq
 mkdir -p ./manual-install
@@ -18,7 +18,6 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i 's|production:|services:|' containers.yml
-sed -i 's|- identifier:|  container_name:|' containers.yml
 sed -i 's|restartPolicy:|restart:|' containers.yml
 sed -i 's|environmentVariables:|environment:|' containers.yml
 sed -i '/displayName:/d' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 1a668d38..69894f0c 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -29,7 +29,7 @@
 							"type": "string"
 						}
 					},
-					"identifier": {
+					"container_name": {
 						"type": "string"
 					},
 					"internalPorts": {
diff --git a/php/containers.json b/php/containers.json
index 77bbcb76..90a143cd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,7 +1,7 @@
 {
   "production": [
     {
-      "identifier": "nextcloud-aio-apache",
+      "container_name": "nextcloud-aio-apache",
       "dependsOn": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
@@ -44,7 +44,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-database",
+      "container_name": "nextcloud-aio-database",
       "dependsOn": [],
       "displayName": "Database",
       "containerName": "nextcloud/aio-postgresql",
@@ -78,7 +78,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-nextcloud",
+      "container_name": "nextcloud-aio-nextcloud",
       "dependsOn": [
         "nextcloud-aio-database",
         "nextcloud-aio-redis",
@@ -166,7 +166,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-redis",
+      "container_name": "nextcloud-aio-redis",
       "dependsOn": [],
       "displayName": "Redis",
       "containerName": "nextcloud/aio-redis",
@@ -193,7 +193,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-collabora",
+      "container_name": "nextcloud-aio-collabora",
       "dependsOn": [],
       "displayName": "Collabora",
       "containerName": "nextcloud/aio-collabora",
@@ -219,7 +219,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-talk",
+      "container_name": "nextcloud-aio-talk",
       "dependsOn": [],
       "displayName": "Talk",
       "containerName": "nextcloud/aio-talk",
@@ -248,7 +248,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-borgbackup",
+      "container_name": "nextcloud-aio-borgbackup",
       "dependsOn": [],
       "displayName": "Borgbackup",
       "containerName": "nextcloud/aio-borgbackup",
@@ -321,7 +321,7 @@
       "restartPolicy": ""
     },
     {
-      "identifier": "nextcloud-aio-watchtower",
+      "container_name": "nextcloud-aio-watchtower",
       "dependsOn": [],
       "displayName": "Watchtower",
       "containerName": "nextcloud/aio-watchtower",
@@ -343,7 +343,7 @@
     },
     {
       "dependsOn": [],
-      "identifier": "nextcloud-aio-domaincheck",
+      "container_name": "nextcloud-aio-domaincheck",
       "displayName": "Domaincheck",
       "containerName": "nextcloud/aio-domaincheck",
       "ports": [
@@ -362,7 +362,7 @@
       "restartPolicy": ""
     },
     {
-      "identifier": "nextcloud-aio-clamav",
+      "container_name": "nextcloud-aio-clamav",
       "dependsOn": [],
       "displayName": "ClamAV",
       "containerName": "nextcloud/aio-clamav",
@@ -386,7 +386,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-onlyoffice",
+      "container_name": "nextcloud-aio-onlyoffice",
       "dependsOn": [],
       "displayName": "OnlyOffice",
       "containerName": "nextcloud/aio-onlyoffice",
@@ -414,7 +414,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-imaginary",
+      "container_name": "nextcloud-aio-imaginary",
       "dependsOn": [],
       "displayName": "Imaginary",
       "containerName": "nextcloud/aio-imaginary",
@@ -431,7 +431,7 @@
       "restartPolicy": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-fulltextsearch",
+      "container_name": "nextcloud-aio-fulltextsearch",
       "dependsOn": [],
       "displayName": "Fulltextsearch",
       "containerName": "nextcloud/aio-fulltextsearch",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index f2d30804..6c5266d4 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -49,27 +49,27 @@ class ContainerDefinitionFetcher
 
         $containers = [];
         foreach ($data['production'] as $entry) {
-            if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+            if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                 if (!$this->configurationManager->isClamavEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-onlyoffice') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
                 if (!$this->configurationManager->isOnlyofficeEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-collabora') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                 if (!$this->configurationManager->isCollaboraEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-talk') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-imaginary') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
                 if (!$this->configurationManager->isImaginaryEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-fulltextsearch') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
                 if (!$this->configurationManager->isFulltextsearchEnabled()) {
                     continue;
                 }
@@ -177,7 +177,7 @@ class ContainerDefinitionFetcher
             }
 
             $containers[] = new Container(
-                $entry['identifier'],
+                $entry['container_name'],
                 $entry['displayName'],
                 $entry['containerName'],
                 $entry['restartPolicy'],

From 6cca3ceb6c3707f1da04b7cad1fecdc0baf9f075 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:39:22 +0100
Subject: [PATCH 0280/3949] rename dependsOn to depends_on

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 -
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index b5ad664c..fc1c20ae 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -25,7 +25,6 @@ sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|dependsOn:|depends_on:|' containers.yml
 sed -i 's|- name: |- |' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 69894f0c..2df81a93 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -14,7 +14,7 @@
 					"containerName": {
 						"type": "string"
 					},
-					"dependsOn": {
+					"depends_on": {
 						"type": "array",
 						"items": {
 							"type": "string"
diff --git a/php/containers.json b/php/containers.json
index 90a143cd..3c436062 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -2,7 +2,7 @@
   "production": [
     {
       "container_name": "nextcloud-aio-apache",
-      "dependsOn": [
+      "depends_on": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
@@ -45,7 +45,7 @@
     },
     {
       "container_name": "nextcloud-aio-database",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Database",
       "containerName": "nextcloud/aio-postgresql",
       "ports": [],
@@ -79,7 +79,7 @@
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
-      "dependsOn": [
+      "depends_on": [
         "nextcloud-aio-database",
         "nextcloud-aio-redis",
         "nextcloud-aio-clamav",
@@ -167,7 +167,7 @@
     },
     {
       "container_name": "nextcloud-aio-redis",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Redis",
       "containerName": "nextcloud/aio-redis",
       "ports": [],
@@ -194,7 +194,7 @@
     },
     {
       "container_name": "nextcloud-aio-collabora",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Collabora",
       "containerName": "nextcloud/aio-collabora",
       "ports": [],
@@ -220,7 +220,7 @@
     },
     {
       "container_name": "nextcloud-aio-talk",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Talk",
       "containerName": "nextcloud/aio-talk",
       "ports": [
@@ -249,7 +249,7 @@
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Borgbackup",
       "containerName": "nextcloud/aio-borgbackup",
       "ports": [],
@@ -322,7 +322,7 @@
     },
     {
       "container_name": "nextcloud-aio-watchtower",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Watchtower",
       "containerName": "nextcloud/aio-watchtower",
       "ports": [],
@@ -342,7 +342,7 @@
       "restartPolicy": ""
     },
     {
-      "dependsOn": [],
+      "depends_on": [],
       "container_name": "nextcloud-aio-domaincheck",
       "displayName": "Domaincheck",
       "containerName": "nextcloud/aio-domaincheck",
@@ -363,7 +363,7 @@
     },
     {
       "container_name": "nextcloud-aio-clamav",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "ClamAV",
       "containerName": "nextcloud/aio-clamav",
       "ports": [],
@@ -387,7 +387,7 @@
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "OnlyOffice",
       "containerName": "nextcloud/aio-onlyoffice",
       "ports": [],
@@ -415,7 +415,7 @@
     },
     {
       "container_name": "nextcloud-aio-imaginary",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Imaginary",
       "containerName": "nextcloud/aio-imaginary",
       "ports": [],
@@ -432,7 +432,7 @@
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
-      "dependsOn": [],
+      "depends_on": [],
       "displayName": "Fulltextsearch",
       "containerName": "nextcloud/aio-fulltextsearch",
       "ports": [],
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6c5266d4..3e2f21fd 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -142,7 +142,7 @@ class ContainerDefinitionFetcher
             }
 
             $dependsOn = [];
-            foreach ($entry['dependsOn'] as $value) {
+            foreach ($entry['depends_on'] as $value) {
                 if ($value === 'nextcloud-aio-clamav') {
                     if (!$this->configurationManager->isClamavEnabled()) {
                         continue;

From 4a69d53a67a2893951cd9afed461996586e91f57 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:43:26 +0100
Subject: [PATCH 0281/3949] rename containerName to image

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 -
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index fc1c20ae..3b82bcaf 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -23,7 +23,6 @@ sed -i 's|environmentVariables:|environment:|' containers.yml
 sed -i '/displayName:/d' containers.yml
 sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
-sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- name: |- |' containers.yml
 
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 2df81a93..ba355dbe 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -11,7 +11,7 @@
 				"additionalProperties": false,
 				"minProperties": 11,
 				"properties": {
-					"containerName": {
+					"image": {
 						"type": "string"
 					},
 					"depends_on": {
diff --git a/php/containers.json b/php/containers.json
index 3c436062..a0a9a26e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -9,7 +9,7 @@
         "nextcloud-aio-nextcloud"
       ],
       "displayName": "Apache",
-      "containerName": "nextcloud/aio-apache",
+      "image": "nextcloud/aio-apache",
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
@@ -47,7 +47,7 @@
       "container_name": "nextcloud-aio-database",
       "depends_on": [],
       "displayName": "Database",
-      "containerName": "nextcloud/aio-postgresql",
+      "image": "nextcloud/aio-postgresql",
       "ports": [],
       "internalPorts": [
         "5432"
@@ -87,7 +87,7 @@
         "nextcloud-aio-imaginary"
       ],
       "displayName": "Nextcloud",
-      "containerName": "nextcloud/aio-nextcloud",
+      "image": "nextcloud/aio-nextcloud",
       "ports": [],
       "internalPorts": [
         "9000"
@@ -169,7 +169,7 @@
       "container_name": "nextcloud-aio-redis",
       "depends_on": [],
       "displayName": "Redis",
-      "containerName": "nextcloud/aio-redis",
+      "image": "nextcloud/aio-redis",
       "ports": [],
       "internalPorts": [
         "6379"
@@ -196,7 +196,7 @@
       "container_name": "nextcloud-aio-collabora",
       "depends_on": [],
       "displayName": "Collabora",
-      "containerName": "nextcloud/aio-collabora",
+      "image": "nextcloud/aio-collabora",
       "ports": [],
       "internalPorts": [
         "9980"
@@ -222,7 +222,7 @@
       "container_name": "nextcloud-aio-talk",
       "depends_on": [],
       "displayName": "Talk",
-      "containerName": "nextcloud/aio-talk",
+      "image": "nextcloud/aio-talk",
       "ports": [
         "%TALK_PORT%/tcp",
         "%TALK_PORT%/udp"
@@ -251,7 +251,7 @@
       "container_name": "nextcloud-aio-borgbackup",
       "depends_on": [],
       "displayName": "Borgbackup",
-      "containerName": "nextcloud/aio-borgbackup",
+      "image": "nextcloud/aio-borgbackup",
       "ports": [],
       "internalPorts": [],
       "environmentVariables": [
@@ -324,7 +324,7 @@
       "container_name": "nextcloud-aio-watchtower",
       "depends_on": [],
       "displayName": "Watchtower",
-      "containerName": "nextcloud/aio-watchtower",
+      "image": "nextcloud/aio-watchtower",
       "ports": [],
       "internalPorts": [],
       "environmentVariables": [
@@ -345,7 +345,7 @@
       "depends_on": [],
       "container_name": "nextcloud-aio-domaincheck",
       "displayName": "Domaincheck",
-      "containerName": "nextcloud/aio-domaincheck",
+      "image": "nextcloud/aio-domaincheck",
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
@@ -365,7 +365,7 @@
       "container_name": "nextcloud-aio-clamav",
       "depends_on": [],
       "displayName": "ClamAV",
-      "containerName": "nextcloud/aio-clamav",
+      "image": "nextcloud/aio-clamav",
       "ports": [],
       "internalPorts": [
         "3310"
@@ -389,7 +389,7 @@
       "container_name": "nextcloud-aio-onlyoffice",
       "depends_on": [],
       "displayName": "OnlyOffice",
-      "containerName": "nextcloud/aio-onlyoffice",
+      "image": "nextcloud/aio-onlyoffice",
       "ports": [],
       "internalPorts": [
         "80"
@@ -417,7 +417,7 @@
       "container_name": "nextcloud-aio-imaginary",
       "depends_on": [],
       "displayName": "Imaginary",
-      "containerName": "nextcloud/aio-imaginary",
+      "image": "nextcloud/aio-imaginary",
       "ports": [],
       "internalPorts": [
         "9000"
@@ -434,7 +434,7 @@
       "container_name": "nextcloud-aio-fulltextsearch",
       "depends_on": [],
       "displayName": "Fulltextsearch",
-      "containerName": "nextcloud/aio-fulltextsearch",
+      "image": "nextcloud/aio-fulltextsearch",
       "ports": [],
       "internalPorts": [
         "9200"
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 3e2f21fd..8266125c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -179,7 +179,7 @@ class ContainerDefinitionFetcher
             $containers[] = new Container(
                 $entry['container_name'],
                 $entry['displayName'],
-                $entry['containerName'],
+                $entry['image'],
                 $entry['restartPolicy'],
                 $entry['maxShutdownTime'],
                 $ports,

From b13cb77ce20f421ed9a59a16f23d47e76e913524 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:48:24 +0100
Subject: [PATCH 0282/3949] rename environmentVariables to environment

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 -
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3b82bcaf..1a9cdc71 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -19,7 +19,6 @@ cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i 's|production:|services:|' containers.yml
 sed -i 's|restartPolicy:|restart:|' containers.yml
-sed -i 's|environmentVariables:|environment:|' containers.yml
 sed -i '/displayName:/d' containers.yml
 sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index ba355dbe..4d252186 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -23,7 +23,7 @@
 					"displayName": {
 						"type": "string"
 					},
-					"environmentVariables": {
+					"environment": {
 						"type": "array",
 						"items": {
 							"type": "string"
diff --git a/php/containers.json b/php/containers.json
index a0a9a26e..aebac146 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -17,7 +17,7 @@
         "%APACHE_PORT%"
       ],
       "secrets": [],
-      "environmentVariables": [
+      "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "COLLABORA_HOST=nextcloud-aio-collabora",
@@ -67,7 +67,7 @@
           "writeable": true
         }
       ],
-      "environmentVariables": [
+      "environment": [
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
@@ -121,7 +121,7 @@
           "writeable": false
         }
       ],
-      "environmentVariables": [
+      "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
@@ -174,7 +174,7 @@
       "internalPorts": [
         "6379"
       ],
-      "environmentVariables": [
+      "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "TZ=%TIMEZONE%"
       ],
@@ -201,7 +201,7 @@
       "internalPorts": [
         "9980"
       ],
-      "environmentVariables": [
+      "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
         "dictionaries=%COLLABORA_DICTIONARIES%",
@@ -230,7 +230,7 @@
       "internalPorts": [
         "%TALK_PORT%"
       ],
-      "environmentVariables": [
+      "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
@@ -254,7 +254,7 @@
       "image": "nextcloud/aio-borgbackup",
       "ports": [],
       "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
@@ -327,7 +327,7 @@
       "image": "nextcloud/aio-watchtower",
       "ports": [],
       "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
       "volumes": [
@@ -350,7 +350,7 @@
         "%APACHE_PORT%/tcp"
       ],
       "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
       ],
@@ -370,7 +370,7 @@
       "internalPorts": [
         "3310"
       ],
-      "environmentVariables": [
+      "environment": [
         "TZ=%TIMEZONE%",
         "CLAMD_STARTUP_TIMEOUT=90"
       ],
@@ -394,7 +394,7 @@
       "internalPorts": [
         "80"
       ],
-      "environmentVariables": [
+      "environment": [
         "TZ=%TIMEZONE%",
         "JWT_ENABLED=true",
         "JWT_HEADER=AuthorizationJwt",
@@ -422,7 +422,7 @@
       "internalPorts": [
         "9000"
       ],
-      "environmentVariables": [
+      "environment": [
         "TZ=%TIMEZONE%"
       ],
       "volumes": [],
@@ -439,7 +439,7 @@
       "internalPorts": [
         "9200"
       ],
-      "environmentVariables": [
+      "environment": [
         "TZ=%TIMEZONE%",
         "discovery.type=single-node",
         "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 8266125c..d4244566 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -172,7 +172,7 @@ class ContainerDefinitionFetcher
             }
             
             $variables = new ContainerEnvironmentVariables();
-            foreach ($entry['environmentVariables'] as $value) {
+            foreach ($entry['environment'] as $value) {
                 $variables->AddVariable($value);
             }
 

From 5c444472c7fe32f188b8a58a32b776cbcc6694a3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:50:17 +0100
Subject: [PATCH 0283/3949] rename maxShutdownTime to stop_grace_period

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 -
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 1a9cdc71..66586964 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,7 +20,6 @@ sed -i "s|'||g" containers.yml
 sed -i 's|production:|services:|' containers.yml
 sed -i 's|restartPolicy:|restart:|' containers.yml
 sed -i '/displayName:/d' containers.yml
-sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- name: |- |' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 4d252186..43b5dd40 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -38,7 +38,7 @@
 							"type": "string"
 						}
 					},
-					"maxShutdownTime": {
+					"stop_grace_period": {
 						"type": "integer"
 					},
 					"ports": {
diff --git a/php/containers.json b/php/containers.json
index aebac146..31b51adc 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -40,7 +40,7 @@
           "writeable": true
         }
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -74,7 +74,7 @@
         "TZ=%TIMEZONE%",
         "PGTZ=%TIMEZONE%"
       ],
-      "maxShutdownTime": 1800,
+      "stop_grace_period": 1800,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -162,7 +162,7 @@
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -189,7 +189,7 @@
         "REDIS_PASSWORD",
         "ONLYOFFICE_SECRET"
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -215,7 +215,7 @@
         }
       ],
       "secrets": [],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -244,7 +244,7 @@
         "SIGNALING_SECRET",
         "JANUS_API_KEY"
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -317,7 +317,7 @@
       "secrets": [
         "BORGBACKUP_PASSWORD"
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": ""
     },
     {
@@ -338,7 +338,7 @@
         }
       ],
       "secrets": [],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": ""
     },
     {
@@ -358,7 +358,7 @@
       "secrets": [
         "INSTANCE_ID"
       ],
-      "maxShutdownTime": 1,
+      "stop_grace_period": 1,
       "restartPolicy": ""
     },
     {
@@ -382,7 +382,7 @@
         }
       ],
       "secrets": [],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -410,7 +410,7 @@
       "secrets": [
         "ONLYOFFICE_SECRET"
       ],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -427,7 +427,7 @@
       ],
       "volumes": [],
       "secrets": [],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     },
     {
@@ -452,7 +452,7 @@
         }
       ],
       "secrets": [],
-      "maxShutdownTime": 10,
+      "stop_grace_period": 10,
       "restartPolicy": "unless-stopped"
     }
   ]
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index d4244566..a144f641 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -181,7 +181,7 @@ class ContainerDefinitionFetcher
                 $entry['displayName'],
                 $entry['image'],
                 $entry['restartPolicy'],
-                $entry['maxShutdownTime'],
+                $entry['stop_grace_period'],
                 $ports,
                 $internalPorts,
                 $volumes,

From 1e78d729c4487d428bf553e0cd9c77b59db3c3d6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:52:01 +0100
Subject: [PATCH 0284/3949] rename restartPolicy to restart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 -
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 66586964..4589ce23 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -18,7 +18,6 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i 's|production:|services:|' containers.yml
-sed -i 's|restartPolicy:|restart:|' containers.yml
 sed -i '/displayName:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 43b5dd40..34e5f817 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -47,7 +47,7 @@
 							"type": "string"
 						}
 					},
-					"restartPolicy": {
+					"restart": {
 						"type": "string"
 					},
 					"secrets": {
diff --git a/php/containers.json b/php/containers.json
index 31b51adc..a2cfa57b 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -41,7 +41,7 @@
         }
       ],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-database",
@@ -75,7 +75,7 @@
         "PGTZ=%TIMEZONE%"
       ],
       "stop_grace_period": 1800,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -163,7 +163,7 @@
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-redis",
@@ -190,7 +190,7 @@
         "ONLYOFFICE_SECRET"
       ],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-collabora",
@@ -216,7 +216,7 @@
       ],
       "secrets": [],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-talk",
@@ -245,7 +245,7 @@
         "JANUS_API_KEY"
       ],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
@@ -318,7 +318,7 @@
         "BORGBACKUP_PASSWORD"
       ],
       "stop_grace_period": 10,
-      "restartPolicy": ""
+      "restart": ""
     },
     {
       "container_name": "nextcloud-aio-watchtower",
@@ -339,7 +339,7 @@
       ],
       "secrets": [],
       "stop_grace_period": 10,
-      "restartPolicy": ""
+      "restart": ""
     },
     {
       "depends_on": [],
@@ -359,7 +359,7 @@
         "INSTANCE_ID"
       ],
       "stop_grace_period": 1,
-      "restartPolicy": ""
+      "restart": ""
     },
     {
       "container_name": "nextcloud-aio-clamav",
@@ -383,7 +383,7 @@
       ],
       "secrets": [],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
@@ -411,7 +411,7 @@
         "ONLYOFFICE_SECRET"
       ],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-imaginary",
@@ -428,7 +428,7 @@
       "volumes": [],
       "secrets": [],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
@@ -453,7 +453,7 @@
       ],
       "secrets": [],
       "stop_grace_period": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     }
   ]
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a144f641..60088f42 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -180,7 +180,7 @@ class ContainerDefinitionFetcher
                 $entry['container_name'],
                 $entry['displayName'],
                 $entry['image'],
-                $entry['restartPolicy'],
+                $entry['restart'],
                 $entry['stop_grace_period'],
                 $ports,
                 $internalPorts,

From 3c57b2db56350429968e9e8b1f0d573a11a6705b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:55:54 +0100
Subject: [PATCH 0285/3949] rename displayName to display_name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  2 +-
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 4589ce23..4cccac2a 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -18,7 +18,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i 's|production:|services:|' containers.yml
-sed -i '/displayName:/d' containers.yml
+sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- name: |- |' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 34e5f817..e654eef0 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -20,7 +20,7 @@
 							"type": "string"
 						}
 					},
-					"displayName": {
+					"display_name": {
 						"type": "string"
 					},
 					"environment": {
diff --git a/php/containers.json b/php/containers.json
index a2cfa57b..2e7a9d75 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -8,7 +8,7 @@
         "nextcloud-aio-talk",
         "nextcloud-aio-nextcloud"
       ],
-      "displayName": "Apache",
+      "display_name": "Apache",
       "image": "nextcloud/aio-apache",
       "ports": [
         "%APACHE_PORT%/tcp"
@@ -46,7 +46,7 @@
     {
       "container_name": "nextcloud-aio-database",
       "depends_on": [],
-      "displayName": "Database",
+      "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
       "ports": [],
       "internalPorts": [
@@ -86,7 +86,7 @@
         "nextcloud-aio-fulltextsearch",
         "nextcloud-aio-imaginary"
       ],
-      "displayName": "Nextcloud",
+      "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
       "ports": [],
       "internalPorts": [
@@ -168,7 +168,7 @@
     {
       "container_name": "nextcloud-aio-redis",
       "depends_on": [],
-      "displayName": "Redis",
+      "display_name": "Redis",
       "image": "nextcloud/aio-redis",
       "ports": [],
       "internalPorts": [
@@ -195,7 +195,7 @@
     {
       "container_name": "nextcloud-aio-collabora",
       "depends_on": [],
-      "displayName": "Collabora",
+      "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "ports": [],
       "internalPorts": [
@@ -221,7 +221,7 @@
     {
       "container_name": "nextcloud-aio-talk",
       "depends_on": [],
-      "displayName": "Talk",
+      "display_name": "Talk",
       "image": "nextcloud/aio-talk",
       "ports": [
         "%TALK_PORT%/tcp",
@@ -250,7 +250,7 @@
     {
       "container_name": "nextcloud-aio-borgbackup",
       "depends_on": [],
-      "displayName": "Borgbackup",
+      "display_name": "Borgbackup",
       "image": "nextcloud/aio-borgbackup",
       "ports": [],
       "internalPorts": [],
@@ -323,7 +323,7 @@
     {
       "container_name": "nextcloud-aio-watchtower",
       "depends_on": [],
-      "displayName": "Watchtower",
+      "display_name": "Watchtower",
       "image": "nextcloud/aio-watchtower",
       "ports": [],
       "internalPorts": [],
@@ -344,7 +344,7 @@
     {
       "depends_on": [],
       "container_name": "nextcloud-aio-domaincheck",
-      "displayName": "Domaincheck",
+      "display_name": "Domaincheck",
       "image": "nextcloud/aio-domaincheck",
       "ports": [
         "%APACHE_PORT%/tcp"
@@ -364,7 +364,7 @@
     {
       "container_name": "nextcloud-aio-clamav",
       "depends_on": [],
-      "displayName": "ClamAV",
+      "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
       "ports": [],
       "internalPorts": [
@@ -388,7 +388,7 @@
     {
       "container_name": "nextcloud-aio-onlyoffice",
       "depends_on": [],
-      "displayName": "OnlyOffice",
+      "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
       "ports": [],
       "internalPorts": [
@@ -416,7 +416,7 @@
     {
       "container_name": "nextcloud-aio-imaginary",
       "depends_on": [],
-      "displayName": "Imaginary",
+      "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
       "ports": [],
       "internalPorts": [
@@ -433,7 +433,7 @@
     {
       "container_name": "nextcloud-aio-fulltextsearch",
       "depends_on": [],
-      "displayName": "Fulltextsearch",
+      "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "ports": [],
       "internalPorts": [
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 60088f42..2adce34b 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -178,7 +178,7 @@ class ContainerDefinitionFetcher
 
             $containers[] = new Container(
                 $entry['container_name'],
-                $entry['displayName'],
+                $entry['display_name'],
                 $entry['image'],
                 $entry['restart'],
                 $entry['stop_grace_period'],

From 7a9a452f4576fa402dc969c309266e291338e2cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 00:58:09 +0100
Subject: [PATCH 0286/3949] rename production to services

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          | 11 +++++------
 php/containers-schema.json             |  2 +-
 php/containers.json                    |  2 +-
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 4cccac2a..a0722af4 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -5,11 +5,11 @@ sed -i 's|","location":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internalPorts)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 
 snap install yq
 mkdir -p ./manual-install
@@ -17,7 +17,6 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
-sed -i 's|production:|services:|' containers.yml
 sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index e654eef0..ced642c8 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -4,7 +4,7 @@
 	"additionalProperties": false,
 	"minProperties": 1,
 	"properties": {
-		"production": {
+		"services": {
 			"type": "array",
 			"items": {
 				"type": "object",
diff --git a/php/containers.json b/php/containers.json
index 2e7a9d75..027b4758 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,5 +1,5 @@
 {
-  "production": [
+  "services": [
     {
       "container_name": "nextcloud-aio-apache",
       "depends_on": [
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 2adce34b..7d5ac46a 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -48,7 +48,7 @@ class ContainerDefinitionFetcher
         $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
 
         $containers = [];
-        foreach ($data['production'] as $entry) {
+        foreach ($data['services'] as $entry) {
             if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                 if (!$this->configurationManager->isClamavEnabled()) {
                     continue;

From 53065b5631d282f36822f52e417ece4a340f2ad2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 01:03:17 +0100
Subject: [PATCH 0287/3949] rename internalPorts to internal_ports

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  2 +-
 php/containers-schema.json             |  2 +-
 php/containers.json                    | 26 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php |  2 +-
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index a0722af4..9f6836a9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -5,7 +5,7 @@ sed -i 's|","location":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internalPorts)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_ports)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index ced642c8..dfab68c3 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -32,7 +32,7 @@
 					"container_name": {
 						"type": "string"
 					},
-					"internalPorts": {
+					"internal_ports": {
 						"type": "array",
 						"items": {
 							"type": "string"
diff --git a/php/containers.json b/php/containers.json
index 027b4758..2ff1b4ed 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,7 +13,7 @@
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
-      "internalPorts": [
+      "internal_ports": [
         "%APACHE_PORT%"
       ],
       "secrets": [],
@@ -49,7 +49,7 @@
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "5432"
       ],
       "secrets": [
@@ -89,7 +89,7 @@
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "9000"
       ],
       "secrets": [
@@ -171,7 +171,7 @@
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "6379"
       ],
       "environment": [
@@ -198,7 +198,7 @@
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "9980"
       ],
       "environment": [
@@ -227,7 +227,7 @@
         "%TALK_PORT%/tcp",
         "%TALK_PORT%/udp"
       ],
-      "internalPorts": [
+      "internal_ports": [
         "%TALK_PORT%"
       ],
       "environment": [
@@ -253,7 +253,7 @@
       "display_name": "Borgbackup",
       "image": "nextcloud/aio-borgbackup",
       "ports": [],
-      "internalPorts": [],
+      "internal_ports": [],
       "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
@@ -326,7 +326,7 @@
       "display_name": "Watchtower",
       "image": "nextcloud/aio-watchtower",
       "ports": [],
-      "internalPorts": [],
+      "internal_ports": [],
       "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
@@ -349,7 +349,7 @@
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
-      "internalPorts": [],
+      "internal_ports": [],
       "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
@@ -367,7 +367,7 @@
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "3310"
       ],
       "environment": [
@@ -391,7 +391,7 @@
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "80"
       ],
       "environment": [
@@ -419,7 +419,7 @@
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "9000"
       ],
       "environment": [
@@ -436,7 +436,7 @@
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "ports": [],
-      "internalPorts": [
+      "internal_ports": [
         "9200"
       ],
       "environment": [
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 7d5ac46a..0d93f4b5 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -88,7 +88,7 @@ class ContainerDefinitionFetcher
             }
 
             $internalPorts = new ContainerInternalPorts();
-            foreach ($entry['internalPorts'] as $internalPort) {
+            foreach ($entry['internal_ports'] as $internalPort) {
                 if($internalPort === '%APACHE_PORT%') {
                     $internalPort = $this->configurationManager->GetApachePort();
                 } elseif($internalPort === '%TALK_PORT%') {

From 54f61eba68c0cc8e09a78c52b2f3154f4b0e2d33 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 01:40:37 +0100
Subject: [PATCH 0288/3949] internal_ports should be a string and not an array

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh                |  2 +-
 php/containers-schema.json                   |  7 +--
 php/containers.json                          | 46 ++++++--------------
 php/psalm-baseline.xml                       |  2 +-
 php/src/Container/Container.php              |  6 +--
 php/src/Container/ContainerInternalPorts.php | 19 --------
 php/src/ContainerDefinitionFetcher.php       | 15 +++----
 php/src/Docker/DockerActionManager.php       | 16 +++----
 8 files changed, 32 insertions(+), 81 deletions(-)
 delete mode 100644 php/src/Container/ContainerInternalPorts.php

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 9f6836a9..ad62aaa9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -5,7 +5,7 @@ sed -i 's|","location":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_ports)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index dfab68c3..1fceab26 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -32,11 +32,8 @@
 					"container_name": {
 						"type": "string"
 					},
-					"internal_ports": {
-						"type": "array",
-						"items": {
-							"type": "string"
-						}
+					"internal_port": {
+						"type": "string"
 					},
 					"stop_grace_period": {
 						"type": "integer"
diff --git a/php/containers.json b/php/containers.json
index 2ff1b4ed..2f49c6de 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,9 +13,7 @@
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
-      "internal_ports": [
-        "%APACHE_PORT%"
-      ],
+      "internal_port": "%APACHE_PORT%",
       "secrets": [],
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
@@ -49,9 +47,7 @@
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
       "ports": [],
-      "internal_ports": [
-        "5432"
-      ],
+      "internal_port": "5432",
       "secrets": [
         "DATABASE_PASSWORD"
       ],
@@ -89,9 +85,7 @@
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
       "ports": [],
-      "internal_ports": [
-        "9000"
-      ],
+      "internal_port": "9000",
       "secrets": [
         "DATABASE_PASSWORD",
         "REDIS_PASSWORD",
@@ -171,9 +165,7 @@
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
       "ports": [],
-      "internal_ports": [
-        "6379"
-      ],
+      "internal_port": "6379",
       "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "TZ=%TIMEZONE%"
@@ -198,9 +190,7 @@
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "ports": [],
-      "internal_ports": [
-        "9980"
-      ],
+      "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
@@ -227,9 +217,7 @@
         "%TALK_PORT%/tcp",
         "%TALK_PORT%/udp"
       ],
-      "internal_ports": [
-        "%TALK_PORT%"
-      ],
+      "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "TURN_SECRET=%TURN_SECRET%",
@@ -253,7 +241,7 @@
       "display_name": "Borgbackup",
       "image": "nextcloud/aio-borgbackup",
       "ports": [],
-      "internal_ports": [],
+      "internal_port": "",
       "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
@@ -326,7 +314,7 @@
       "display_name": "Watchtower",
       "image": "nextcloud/aio-watchtower",
       "ports": [],
-      "internal_ports": [],
+      "internal_port": "",
       "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
@@ -349,7 +337,7 @@
       "ports": [
         "%APACHE_PORT%/tcp"
       ],
-      "internal_ports": [],
+      "internal_port": "",
       "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
@@ -367,9 +355,7 @@
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
       "ports": [],
-      "internal_ports": [
-        "3310"
-      ],
+      "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
         "CLAMD_STARTUP_TIMEOUT=90"
@@ -391,9 +377,7 @@
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
       "ports": [],
-      "internal_ports": [
-        "80"
-      ],
+      "internal_port": "80",
       "environment": [
         "TZ=%TIMEZONE%",
         "JWT_ENABLED=true",
@@ -419,9 +403,7 @@
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
       "ports": [],
-      "internal_ports": [
-        "9000"
-      ],
+      "internal_port": "9000",
       "environment": [
         "TZ=%TIMEZONE%"
       ],
@@ -436,9 +418,7 @@
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "ports": [],
-      "internal_ports": [
-        "9200"
-      ],
+      "internal_port": "9200",
       "environment": [
         "TZ=%TIMEZONE%",
         "discovery.type=single-node",
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index e62c34f0..ce18679f 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -46,7 +46,7 @@
       <code>$internalPort</code>
     </InvalidScalarArgument>
     <RedundantCondition occurrences="1">
-      <code>$container-&gt;GetInternalPorts() !== null</code>
+      <code>$container-&gt;GetInternalPort() !== null</code>
     </RedundantCondition>
   </file>
   <file src="src/Twig/ClassExtension.php">
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index c1330da3..9697911b 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -14,7 +14,7 @@ class Container {
     private string $restartPolicy;
     private int $maxShutdownTime;
     private ContainerPorts $ports;
-    private ContainerInternalPorts $internalPorts;
+    private string $internalPorts;
     private ContainerVolumes $volumes;
     private ContainerEnvironmentVariables $containerEnvironmentVariables;
     /** @var string[] */
@@ -30,7 +30,7 @@ class Container {
         string $restartPolicy,
         int $maxShutdownTime,
         ContainerPorts $ports,
-        ContainerInternalPorts $internalPorts,
+        string $internalPorts,
         ContainerVolumes $volumes,
         ContainerEnvironmentVariables $containerEnvironmentVariables,
         array $dependsOn,
@@ -79,7 +79,7 @@ class Container {
         return $this->ports;
     }
 
-    public function GetInternalPorts() : ContainerInternalPorts {
+    public function GetInternalPort() : string {
         return $this->internalPorts;
     }
 
diff --git a/php/src/Container/ContainerInternalPorts.php b/php/src/Container/ContainerInternalPorts.php
deleted file mode 100644
index fb0716bf..00000000
--- a/php/src/Container/ContainerInternalPorts.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php
-
-namespace AIO\Container;
-
-class ContainerInternalPorts {
-    /** @var string[] */
-    private array $internalPorts = [];
-
-    public function AddInternalPort(string $internalPort) : void {
-        $this->internalPorts[] = $internalPort;
-    }
-
-    /**
-     * @return string[]
-     */
-    public function GetInternalPorts() : array {
-        return $this->internalPorts;
-    }
-}
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 0d93f4b5..8a5341bf 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -5,7 +5,6 @@ namespace AIO;
 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
 use AIO\Container\ContainerPorts;
-use AIO\Container\ContainerInternalPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
 use AIO\Container\State\RunningState;
@@ -87,14 +86,10 @@ class ContainerDefinitionFetcher
                 $ports->AddPort($port);
             }
 
-            $internalPorts = new ContainerInternalPorts();
-            foreach ($entry['internal_ports'] as $internalPort) {
-                if($internalPort === '%APACHE_PORT%') {
-                    $internalPort = $this->configurationManager->GetApachePort();
-                } elseif($internalPort === '%TALK_PORT%') {
-                    $internalPort = $this->configurationManager->GetTalkPort();
-                }
-                $internalPorts->AddInternalPort($internalPort);
+            if($entry['internal_port'] === '%APACHE_PORT%') {
+                $entry['internal_port'] = $this->configurationManager->GetApachePort();
+            } elseif($entry['internal_port'] === '%TALK_PORT%') {
+                $entry['internal_port'] = $this->configurationManager->GetTalkPort();
             }
 
             $volumes = new ContainerVolumes();
@@ -183,7 +178,7 @@ class ContainerDefinitionFetcher
                 $entry['restart'],
                 $entry['stop_grace_period'],
                 $ports,
-                $internalPorts,
+                $entry['internal_port'],
                 $volumes,
                 $variables,
                 $dependsOn,
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9550dd44..eed07c35 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -124,15 +124,13 @@ class DockerActionManager
         }
 
         $containerName = $container->GetIdentifier();
-        if ($container->GetInternalPorts() !== null) {
-            foreach($container->GetInternalPorts()->GetInternalPorts() as $internalPort) {
-                $connection = @fsockopen($containerName, $internalPort, $errno, $errstr, 0.1);
-                if ($connection) {
-                    fclose($connection);
-                    return new RunningState();
-                } else {
-                    return new StartingState();
-                }
+        if ($container->GetInternalPort() !== "") {
+            $connection = @fsockopen($containerName, (int)$container->GetInternalPort(), $errno, $errstr, 0.1);
+            if ($connection) {
+                fclose($connection);
+                return new RunningState();
+            } else {
+                return new StartingState();
             }
         } else {
             return new RunningState();

From 27bd5ce1a4ce26d0c7ce5d54daaed92c26f4caeb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 02:26:32 +0100
Subject: [PATCH 0289/3949] secrets should only get generated if defined in
 secrets of container.json

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php                   |  4 ++--
 php/src/Data/ConfigurationManager.php  | 13 +++++++++++--
 php/src/Docker/DockerActionManager.php | 10 +++++++++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index d469264b..aaf829c8 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -77,9 +77,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
         'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9d21922e..0a265fd9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -32,7 +32,7 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
         $config = $this->GetConfig();
         if(!isset($config['secrets'][$secretId])) {
             $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -46,6 +46,15 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
         file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
     }
@@ -269,7 +278,7 @@ class ConfigurationManager
             }
 
             // Get Instance ID
-            $instanceID = $this->GetSecret('INSTANCE_ID');
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
 
             // set protocol
             if ($port !== '443') {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9550dd44..bf357981 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -230,6 +230,10 @@ class DockerActionManager
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
         $envs = $container->GetEnvironmentVariables()->GetVariables();
         foreach($envs as $key => $env) {
             $patterns = ['/%(.*)%/'];
@@ -337,7 +341,11 @@ class DockerActionManager
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                 }
 
                 $envs[$key] = preg_replace($patterns, $replacements, $env);

From 117c3de7c559eef2898b49139e9c5e10bea5104c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 02:45:32 +0100
Subject: [PATCH 0290/3949] add items type for secrets

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 1fceab26..b13da609 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -48,7 +48,10 @@
 						"type": "string"
 					},
 					"secrets": {
-						"type": "array"
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
 					},
 					"volumes": {
 						"type": "array",

From 2fd750c8b255ff2933fa34ba2e8db93338fe8356 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 15:56:37 +0100
Subject: [PATCH 0291/3949] allow to hide containers from the interface via
 display_name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json           | 6 +++---
 php/templates/containers.twig | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 2f49c6de..fb7fb679 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -238,7 +238,7 @@
     {
       "container_name": "nextcloud-aio-borgbackup",
       "depends_on": [],
-      "display_name": "Borgbackup",
+      "display_name": "",
       "image": "nextcloud/aio-borgbackup",
       "ports": [],
       "internal_port": "",
@@ -311,7 +311,7 @@
     {
       "container_name": "nextcloud-aio-watchtower",
       "depends_on": [],
-      "display_name": "Watchtower",
+      "display_name": "",
       "image": "nextcloud/aio-watchtower",
       "ports": [],
       "internal_port": "",
@@ -332,7 +332,7 @@
     {
       "depends_on": [],
       "container_name": "nextcloud-aio-domaincheck",
-      "display_name": "Domaincheck",
+      "display_name": "",
       "image": "nextcloud/aio-domaincheck",
       "ports": [
         "%APACHE_PORT%/tcp"
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 08484823..90989315 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -38,10 +38,10 @@
         {% endif %}
 
         {% for container in containers %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                 {% set isAnyRunning = true %}
             {% endif %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
                 {% set isAnyRestarting = true %}
             {% endif %}
             {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
@@ -219,7 +219,7 @@
                     <ul>
                         {# @var containers \AIO\Container\Container[] #}
                         {% for container in containers %}
-                            {% if container.GetIdentifier() not in ['nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower', 'nextcloud-aio-domaincheck'] %}
+                            {% if container.GetDisplayName() != '' %}
                                 <li>
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>

From b5e40dbb94619de7ca8e561ad026fe78cd5bb42b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Dec 2022 02:14:06 +0100
Subject: [PATCH 0292/3949] substitute volume variables in dockeractionmanager

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 33 -------------------------
 php/src/Docker/DockerActionManager.php | 34 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 8a5341bf..a447108b 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -94,39 +94,6 @@ class ContainerDefinitionFetcher
 
             $volumes = new ContainerVolumes();
             foreach ($entry['volumes'] as $value) {
-                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                }
-                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                }
-                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['location'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['location'] === '') {
-                        continue;
-                    }
-                }
                 $volumes->AddVolume(
                     new ContainerVolume(
                         $value['name'],
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index eed07c35..bb1c9e88 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -205,6 +205,40 @@ class DockerActionManager
     public function CreateContainer(Container $container) : void {
         $volumes = [];
         foreach($container->GetVolumes()->GetVolumes() as $volume) {
+            if($volume->name === '%BORGBACKUP_HOST_LOCATION%') {
+                $volume->name = $this->configurationManager->GetBorgBackupHostLocation();
+                if($volume->name === '') {
+                    continue;
+                }
+            }
+            if($volume->name === '%NEXTCLOUD_MOUNT%') {
+                $volume->name = $this->configurationManager->GetNextcloudMount();
+                if($volume->name === '') {
+                    continue;
+                }
+            } elseif ($volume->name === '%NEXTCLOUD_DATADIR%') {
+                $volume->name = $this->configurationManager->GetNextcloudDatadirMount();
+                if ($volume->name === '') {
+                    continue;
+                }
+            } elseif ($volume->name === '%DOCKER_SOCKET_PATH%') {
+                $volume->name = $this->configurationManager->GetDockerSocketPath();
+                if($volume->name === '') {
+                    continue;
+                }
+            } elseif ($volume->name === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                $volume->name = $this->configurationManager->GetTrustedCacertsDir();
+                if($volume->name === '') {
+                    continue;
+                }
+            }
+            if ($volume->mountPoint === '%NEXTCLOUD_MOUNT%') {
+                $volume->mountPoint = $this->configurationManager->GetNextcloudMount();
+                if($volume->mountPoint === '') {
+                    continue;
+                }
+            }
+
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
             if($volume->isWritable) {
                 $volumeEntry = $volumeEntry . ':' . 'rw';

From fc29e69b964c54ceba62265a0164a085701ed23e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Dec 2022 15:25:20 +0100
Subject: [PATCH 0293/3949] improve healthcheck to only exit 1 if it is started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/healthcheck.sh | 1 +
 Containers/nextcloud/Dockerfile  | 2 +-
 Containers/postgresql/Dockerfile | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 667c94d3..4f34c5eb 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 curl -skfI localhost:8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
     nc -z localhost "$APACHE_PORT" || exit 1
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 61df8d6f..435a7f41 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -250,4 +250,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (sudo -u www-data nc -z "$POSTGRES_HOST" 5432 || exit 0) && (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index d69d63b1..89d59abf 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -32,4 +32,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER postgres
 ENTRYPOINT ["start.sh"]
 
-HEALTHCHECK CMD psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (test -f "/mnt/data/backup-is-running" && exit 0) && psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
\ No newline at end of file

From 8ae4ec52a37d18e6b1db76f73f92628afdd947a7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 00:29:53 +0100
Subject: [PATCH 0294/3949] migration - add some documentation on limits
 regarding the database owner name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 8 ++++----
 migration.md                   | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 971bb6cc..924c6748 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -91,10 +91,10 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     # Get the Owner
     DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
-        DIFFERENT_DB_OWNER=1
-        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-            ALTER DATABASE "$POSTGRES_DB" OWNER TO "$POSTGRES_USER";
-EOSQL
+        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
+        echo "It is not possible to import a database dump from this database owner."
+        echo "However you might rename the owner in the dumpfile to something else."
+        exit 1
     elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
         DIFFERENT_DB_OWNER=1
         psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
diff --git a/migration.md b/migration.md
index e777cce9..6a159727 100644
--- a/migration.md
+++ b/migration.md
@@ -64,7 +64,8 @@ The procedure for migrating the files and the database works like this:
     1. Type in `local::/your/old/datadir/` which should bring up the exact line where you need to modify the path to use the one used in Nextcloud AIO, instead.
     1. Change it to look like this: `local::/mnt/ncdata/`.
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
-    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.
+    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|'`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql

From ee50e9147ddc0a6ed49fad5601650109e9a6e0f4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 00:41:29 +0100
Subject: [PATCH 0295/3949] allow to make wrong database intialization better
 debuggable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/init-user-db.sh |  4 ++++
 Containers/postgresql/start.sh        | 12 +++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Containers/postgresql/init-user-db.sh b/Containers/postgresql/init-user-db.sh
index 1f09770b..8c1f2dc9 100644
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,9 +1,13 @@
 #!/bin/bash
 set -ex
 
+touch "$DUMP_DIR/initialization.failed"
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL
 
+rm "$DUMP_DIR/initialization.failed"
+
 set +ex
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 971bb6cc..dfc728b8 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -2,7 +2,7 @@
 
 # Variables
 DATADIR="/var/lib/postgresql/data"
-DUMP_DIR="/mnt/data"
+export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
@@ -27,6 +27,16 @@ if [ -f "$DUMP_DIR/import.failed" ]; then
     exit 1
 fi
 
+# Don't start if initialization failed
+if [ -f "$DUMP_DIR/initialization.failed" ]; then
+    echo "The database initialization failed. Most likely was a wrong timezone selected."
+    echo "The selected timezone is '$TZ'." 
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "For further clues on what went wrong, look at the logs above."
+    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
     set -ex

From 35f2d7db16c03d73fe2fe02e87b3d81597c1b257 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 00:49:44 +0100
Subject: [PATCH 0296/3949] fix the clamav_enabled description

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index ac6a9ae9..6fc03120 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -58,7 +58,7 @@ do
 done
 
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf

From af128d1b466c6db1bf989d5c7480c2d7ee88d5df Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 28 Dec 2022 23:50:41 +0000
Subject: [PATCH 0297/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 31 +++++++++++++++----------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 2c8d94ae..4c81dcee 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -2,7 +2,6 @@ version: "3.8"
 
 services:
   nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
     depends_on:
       - nextcloud-aio-onlyoffice
       - nextcloud-aio-collabora
@@ -30,7 +29,6 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-database:
-    container_name: nextcloud-aio-database
     image: nextcloud/aio-postgresql:${IMAGE_TAG}
     volumes:
       - nextcloud_aio_database:/var/lib/postgresql/data:rw
@@ -47,7 +45,6 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
     depends_on:
       - nextcloud-aio-database
       - nextcloud-aio-redis
@@ -106,34 +103,35 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
     image: nextcloud/aio-redis:${IMAGE_TAG}
     environment:
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_redis:/data:rw
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
 
   nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:${IMAGE_TAG}
     profiles: ["collabora"]
+    image: nextcloud/aio-collabora:${IMAGE_TAG}
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
 
   nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:${IMAGE_TAG}
     profiles: ["talk"]
+    image: nextcloud/aio-talk:${IMAGE_TAG}
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -150,11 +148,11 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-clamav:
-    container_name: nextcloud-aio-clamav
-    image: nextcloud/aio-clamav:${IMAGE_TAG}
     profiles: ["clamav"]
+    image: nextcloud/aio-clamav:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
+      - CLAMD_STARTUP_TIMEOUT=90
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw
     stop_grace_period: 10s
@@ -163,9 +161,8 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
     profiles: ["onlyoffice"]
+    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
       - JWT_ENABLED=true
@@ -179,9 +176,8 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:${IMAGE_TAG}
     profiles: ["imaginary"]
+    image: nextcloud/aio-imaginary:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
@@ -190,9 +186,8 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
     profiles: ["fulltextsearch"]
+    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
       - discovery.type=single-node
@@ -209,6 +204,8 @@ volumes:
     name: nextcloud_aio_apache
   nextcloud_aio_clamav:
     name: nextcloud_aio_clamav
+  nextcloud_aio_collabora_fonts:
+    name: nextcloud_aio_collabora_fonts
   nextcloud_aio_database:
     name: nextcloud_aio_database
   nextcloud_aio_database_dump:
@@ -219,6 +216,8 @@ volumes:
     name: nextcloud_aio_nextcloud
   nextcloud_aio_onlyoffice:
     name: nextcloud_aio_onlyoffice
+  nextcloud_aio_redis:
+    name: nextcloud_aio_redis
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 

From f06ce344725dc759c9aa46bca9f3047f4e4278d7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 10:06:50 +0100
Subject: [PATCH 0298/3949] borg - add progress back and add some additional
 output

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 9710dd4f..42a32b59 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -127,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(--progress --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
     # Create the backup
     echo "Starting the backup..."
@@ -174,16 +174,19 @@ if [ "$BORG_MODE" = backup ]; then
                     exit 1
                 fi
             done
+            echo "Starting the backup for additional volumes..."
             if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                 echo "Deleting the failed backup archive..."
                 borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                 echo "Backup of additional docker-volumes failed!"
                 exit 1
             fi
+            echo "Pruning additional volumes..."
             if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
+            echo "Compacting additional volumes..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to compact archives!"
                 exit 1
@@ -201,16 +204,19 @@ if [ "$BORG_MODE" = backup ]; then
             do
                 EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
             done
+            echo "Starting the backup for additional host mounts..."
             if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                 echo "Deleting the failed backup archive..."
                 borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                 echo "Backup of additional host-mounts failed!"
                 exit 1
             fi
+            echo "Pruning additional host mounts..."
             if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi
+            echo "Compacting additional host mounts..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to compact archives!"
                 exit 1
@@ -347,7 +353,7 @@ if [ "$BORG_MODE" = check ]; then
     echo "Checking the backup integrity..."
 
     # Perform the check
-    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check --progress --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
         exit 1
     fi

From b684e8d1e1da27234d7dc8a0fac2de9b9c0815e6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 11:11:08 +0100
Subject: [PATCH 0299/3949] add freetype-dev and fontconfig-dev for compiliing
 imagick

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 7b9d3d2c..d6266fa4 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -60,7 +60,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                if ! apk add --no-cache --virtual .build-deps libxml2-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1

From 44fb8368bfd27c3b8bd38b40fd737643ca52afde Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 11:25:33 +0100
Subject: [PATCH 0300/3949] also add libheif-dev

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index d6266fa4..8fc42ec8 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -60,7 +60,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                if ! apk add --no-cache --virtual .build-deps libxml2-dev libheif-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1

From 1f2e23c447a31005dd1a84615888ebc33e94de5d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 11:29:34 +0100
Subject: [PATCH 0301/3949] Revert "substitute volume variables in
 dockeractionmanager"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 33 +++++++++++++++++++++++++
 php/src/Docker/DockerActionManager.php | 34 --------------------------
 2 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a447108b..8a5341bf 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -94,6 +94,39 @@ class ContainerDefinitionFetcher
 
             $volumes = new ContainerVolumes();
             foreach ($entry['volumes'] as $value) {
+                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
+                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                }
+                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['name'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
+                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
+                    if ($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
+                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                }
+                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['location'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['location'] === '') {
+                        continue;
+                    }
+                }
                 $volumes->AddVolume(
                     new ContainerVolume(
                         $value['name'],
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index bb1c9e88..eed07c35 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -205,40 +205,6 @@ class DockerActionManager
     public function CreateContainer(Container $container) : void {
         $volumes = [];
         foreach($container->GetVolumes()->GetVolumes() as $volume) {
-            if($volume->name === '%BORGBACKUP_HOST_LOCATION%') {
-                $volume->name = $this->configurationManager->GetBorgBackupHostLocation();
-                if($volume->name === '') {
-                    continue;
-                }
-            }
-            if($volume->name === '%NEXTCLOUD_MOUNT%') {
-                $volume->name = $this->configurationManager->GetNextcloudMount();
-                if($volume->name === '') {
-                    continue;
-                }
-            } elseif ($volume->name === '%NEXTCLOUD_DATADIR%') {
-                $volume->name = $this->configurationManager->GetNextcloudDatadirMount();
-                if ($volume->name === '') {
-                    continue;
-                }
-            } elseif ($volume->name === '%DOCKER_SOCKET_PATH%') {
-                $volume->name = $this->configurationManager->GetDockerSocketPath();
-                if($volume->name === '') {
-                    continue;
-                }
-            } elseif ($volume->name === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                $volume->name = $this->configurationManager->GetTrustedCacertsDir();
-                if($volume->name === '') {
-                    continue;
-                }
-            }
-            if ($volume->mountPoint === '%NEXTCLOUD_MOUNT%') {
-                $volume->mountPoint = $this->configurationManager->GetNextcloudMount();
-                if($volume->mountPoint === '') {
-                    continue;
-                }
-            }
-
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
             if($volume->isWritable) {
                 $volumeEntry = $volumeEntry . ':' . 'rw';

From 4d83172a91999b39357cbeaba538fcdd360810de Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 11:37:02 +0100
Subject: [PATCH 0302/3949] add other file types as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 8fc42ec8..ff8ff9c5 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -60,7 +60,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev libheif-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                if ! apk add --no-cache --virtual .build-deps libxml2-dev libwebp-dev gmp-dev libpng-dev libjpeg-turbo-dev libheif-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1

From 810094daa3d88c08e5a4a43da69873f74ca286ae Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 12:31:59 +0100
Subject: [PATCH 0303/3949] try to make imagick work

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile |  2 ++
 Containers/nextcloud/start.sh   | 20 +++++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 61df8d6f..3be622f5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -200,6 +200,8 @@ RUN set -ex; \
         grep \
         coreutils \
         gcompat \
+        libjpeg \
+        librsvg \
     ; \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index ff8ff9c5..f5b0f8bf 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -60,7 +60,25 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev libwebp-dev gmp-dev libpng-dev libjpeg-turbo-dev libheif-dev freetype-dev fontconfig-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    if ! apk add --no-cache --virtual .build-deps \
+                        lcms2-dev \
+                        libheif-dev \
+                        librsvg-dev \
+                        libxext-dev \
+                        libxml2-dev \
+                        lcms2-dev \
+                        fontconfig-dev \
+                        freetype-dev \
+                        ghostscript-dev \
+                        lcms2-dev \
+                        libjpeg-turbo-dev \
+                        libpng-dev \
+                        libtool \
+                        tiff-dev \
+                        zlib-dev \
+                        imagemagick-dev \
+                        autoconf \
+                        $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1

From e32a3e8d0c941ee81978a3e280b1f2943402d5a3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 13:05:54 +0100
Subject: [PATCH 0304/3949] move imagick back to the dockerfile

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml |  2 +-
 Containers/nextcloud/Dockerfile        | 11 ++++++++++
 Containers/nextcloud/start.sh          | 30 +++++++-------------------
 3 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index bbe74f63..234661c8 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -58,7 +58,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version >/dev/null|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3be622f5..0e581711 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -41,6 +41,16 @@ RUN set -ex; \
         postgresql-dev \
         libwebp-dev \
         gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -62,6 +72,7 @@ RUN set -ex; \
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
+    pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
         apcu \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index f5b0f8bf..2513f52a 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -57,39 +57,25 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! [ -f "/additional-php-extensions-are-installed" ]; then
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                echo "Enabling Imagick..."
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+                continue
+            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
                     if ! apk add --no-cache --virtual .build-deps \
-                        lcms2-dev \
-                        libheif-dev \
-                        librsvg-dev \
-                        libxext-dev \
                         libxml2-dev \
-                        lcms2-dev \
-                        fontconfig-dev \
-                        freetype-dev \
-                        ghostscript-dev \
-                        lcms2-dev \
-                        libjpeg-turbo-dev \
-                        libpng-dev \
-                        libtool \
-                        tiff-dev \
-                        zlib-dev \
-                        imagemagick-dev \
                         autoconf \
                         $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1
             fi
-            if [ "$app" = imagick ]; then
-                echo "Installing Imagick via PECL..."
-                pecl install imagick-3.7.0 >/dev/null
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-            elif [ "$app" = inotify ]; then
+            if [ "$app" = inotify ]; then
                 echo "Installing $app via PECL..."
                 pecl install "$app" >/dev/null
                 if ! docker-php-ext-enable "$app" >/dev/null; then

From 4621a74bb0b622f432f7a889ceaa4fcd2fcdaf57 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 29 Dec 2022 12:15:09 +0000
Subject: [PATCH 0305/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d8ec0b70..88c6cef9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1686,16 +1686,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.4.3",
+            "version": "v3.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3ffcf4b7d890770466da3b2666f82ac054e7ec72",
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72",
                 "shasum": ""
             },
             "require": {
@@ -1710,7 +1710,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.4-dev"
+                    "dev-master": "3.5-dev"
                 }
             },
             "autoload": {
@@ -1746,7 +1746,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.5.0"
             },
             "funding": [
                 {
@@ -1758,7 +1758,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-09-28T08:42:51+00:00"
+            "time": "2022-12-27T12:28:18+00:00"
         }
     ],
     "packages-dev": [],

From 7a6f35024822c29d79899945fdd66bcaf298c9f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 13:26:30 +0100
Subject: [PATCH 0306/3949] try imagemagick6

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 Containers/nextcloud/start.sh   | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0e581711..d5a28157 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -47,7 +47,7 @@ RUN set -ex; \
         ghostscript-dev \
         tiff-dev \
         zlib-dev \
-        imagemagick-dev \
+        imagemagick6-dev \
         libheif-dev \
         librsvg-dev \
         libxext-dev \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 2513f52a..ba03eea7 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -43,6 +43,9 @@ if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
+            if [ "$app" = "imagemagick" ]; then
+                app=imagemagick6
+            fi
             echo "Installing $app via apk..."
             if ! apk add --no-cache "$app" >/dev/null; then
                 echo "The packet $app was not installed!"

From d06b3a7b19d30fa28144abda5f5d616ca3d67edd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 13:43:47 +0100
Subject: [PATCH 0307/3949] revert imagemagick6 change

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 3 ++-
 Containers/nextcloud/start.sh   | 3 ---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index d5a28157..de95fc8e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -47,7 +47,7 @@ RUN set -ex; \
         ghostscript-dev \
         tiff-dev \
         zlib-dev \
-        imagemagick6-dev \
+        imagemagick-dev \
         libheif-dev \
         librsvg-dev \
         libxext-dev \
@@ -213,6 +213,7 @@ RUN set -ex; \
         gcompat \
         libjpeg \
         librsvg \
+        libheif \
     ; \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index ba03eea7..2513f52a 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -43,9 +43,6 @@ if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            if [ "$app" = "imagemagick" ]; then
-                app=imagemagick6
-            fi
             echo "Installing $app via apk..."
             if ! apk add --no-cache "$app" >/dev/null; then
                 echo "The packet $app was not installed!"

From 6cceeda738842a412bceb8627c6c0d2840fc6279 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 29 Dec 2022 13:56:36 +0100
Subject: [PATCH 0308/3949] fix the last command

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 6a159727..55c1c74f 100644
--- a/migration.md
+++ b/migration.md
@@ -65,7 +65,7 @@ The procedure for migrating the files and the database works like this:
     1. Change it to look like this: `local::/mnt/ncdata/`.
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
     1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
-    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|'`. 
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql

From 88fda477c689377fdca3a5e7a1516282a3a56be1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 28 Dec 2022 18:48:40 +0100
Subject: [PATCH 0309/3949] change dockerfile links, add tzdata to fulltext,
 migrate healthchecks to nc

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile         |  1 -
 Containers/apache/healthcheck.sh     |  2 +-
 Containers/clamav/Dockerfile         |  2 +-
 Containers/domaincheck/Dockerfile    |  2 +-
 Containers/fulltextsearch/Dockerfile | 10 +++++++++-
 Containers/imaginary/Dockerfile      |  2 --
 Containers/onlyoffice/Dockerfile     |  2 +-
 Containers/postgresql/Dockerfile     |  2 +-
 8 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index dc32cb61..83106ac5 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -19,7 +19,6 @@ RUN set -ex; \
         openssl \
         netcat \
         dpkg-dev \
-        curl \
     ; \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 4f34c5eb..436091b2 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-curl -skfI localhost:8000 || exit 1
+nc -z localhost 8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
     nc -z localhost "$APACHE_PORT" || exit 1
 else
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 518829ab..e5d65b65 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,4 +1,4 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
 FROM clamav/clamav:0.105.1-7
 
 RUN apk add --update --no-cache tzdata
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index af023d27..ce1403f3 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.16.3
-RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
+RUN apk add --update --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 5855f000..f33b4f0c 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -3,4 +3,12 @@ FROM elasticsearch:7.17.8
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 
-HEALTHCHECK CMD curl -skfI localhost:9200 || exit 1
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d1988090..a7ebed7b 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -6,8 +6,6 @@ RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-        ca-certificates \
-        curl \
         netcat \
     ; \
     rm -rf /var/lib/apt/lists/*
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 9488d6fe..af22a625 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:7.2.2.56
 
-HEALTHCHECK CMD curl -skfI localhost || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
\ No newline at end of file
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 89d59abf..ea8daff4 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,4 +1,4 @@
-# From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
 FROM postgres:14.6-alpine
 
 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk

From 10cdcaa98f448cbce3e0d34776d907264a1b61c0 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 30 Dec 2022 04:20:33 +0000
Subject: [PATCH 0310/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ce18679f..fcf5ebf0 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -38,17 +38,6 @@
       <code>$args</code>
     </MissingParamType>
   </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <InvalidReturnType occurrences="1">
-      <code>IContainerState</code>
-    </InvalidReturnType>
-    <InvalidScalarArgument occurrences="1">
-      <code>$internalPort</code>
-    </InvalidScalarArgument>
-    <RedundantCondition occurrences="1">
-      <code>$container-&gt;GetInternalPort() !== null</code>
-    </RedundantCondition>
-  </file>
   <file src="src/Twig/ClassExtension.php">
     <MissingParamType occurrences="1">
       <code>$object</code>

From cea32f50afe6f19121dd6627bc59b981c0b38668 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 03:10:20 +0100
Subject: [PATCH 0311/3949] allow to add container to host network

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 63 ++++++++++++++------------
 1 file changed, 35 insertions(+), 28 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index eed07c35..31162004 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -124,8 +124,9 @@ class DockerActionManager
         }
 
         $containerName = $container->GetIdentifier();
-        if ($container->GetInternalPort() !== "") {
-            $connection = @fsockopen($containerName, (int)$container->GetInternalPort(), $errno, $errstr, 0.1);
+        $internalPort = $container->GetInternalPort();
+        if ($internalPort !== "" && $internalPort !== 'host') {
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
             if ($connection) {
                 fclose($connection);
                 return new RunningState();
@@ -216,8 +217,10 @@ class DockerActionManager
         }
 
         $exposedPorts = [];
-        foreach($container->GetPorts()->GetPorts() as $port) {
-            $exposedPorts[$port] = null;
+        if ($container->GetInternalPort() !== 'host') {
+            foreach($container->GetPorts()->GetPorts() as $port) {
+                $exposedPorts[$port] = null;
+            }
         }
 
         $requestBody = [
@@ -566,7 +569,6 @@ class DockerActionManager
                 true
             );
 
-            // get the id from the response
             $id = $response['Id'];
 
             // start the exec
@@ -606,34 +608,39 @@ class DockerActionManager
         }
     }
 
-    private function ConnectContainerIdToNetwork(string $id) : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
     {
-        $url = $this->BuildApiUrl('networks/create');
-        try {
-            $this->guzzleClient->request(
-                'POST',
-                $url,
-                [
-                    'json' => [
-                        'Name' => 'nextcloud-aio',
-                        'CheckDuplicate' => true,
-                        'Driver' => 'bridge',
-                        'Internal' => false,
-                        'Options' => [
-                            'com.docker.network.bridge.enable_icc' => 'true'
+        if ($internalPort === 'host') {
+            $network = 'host';
+        } else {
+            $network = 'nextcloud-aio';
+            $url = $this->BuildApiUrl('networks/create');
+            try {
+                $this->guzzleClient->request(
+                    'POST',
+                    $url,
+                    [
+                        'json' => [
+                            'Name' => 'nextcloud-aio',
+                            'CheckDuplicate' => true,
+                            'Driver' => 'bridge',
+                            'Internal' => false,
+                            'Options' => [
+                                'com.docker.network.bridge.enable_icc' => 'true'
+                            ]
                         ]
                     ]
-                ]
-            );
-        } catch (RequestException $e) {
-            // 409 is undocumented and gets thrown if the network already exists.
-            if ($e->getCode() !== 409) {
-                throw $e;
+                );
+            } catch (RequestException $e) {
+                // 409 is undocumented and gets thrown if the network already exists.
+                if ($e->getCode() !== 409) {
+                    throw $e;
+                }
             }
         }
 
         $url = $this->BuildApiUrl(
-            sprintf('networks/%s/connect', 'nextcloud-aio')
+            sprintf('networks/%s/connect', $network)
         );
         try {
             $this->guzzleClient->request(
@@ -655,12 +662,12 @@ class DockerActionManager
 
     public function ConnectMasterContainerToNetwork() : void
     {
-        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer');
+        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-      $this->ConnectContainerIdToNetwork($container->GetIdentifier());
+      $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
     }
 
     public function StopContainer(Container $container) : void {

From 6dd9412fb684a14f6eebd952b59b69ec4dc948e8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 30 Dec 2022 22:56:37 +0100
Subject: [PATCH 0312/3949] rename volume name to source and volume location to
 destination

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  4 +-
 php/containers-schema.json             |  4 +-
 php/containers.json                    | 96 +++++++++++++-------------
 php/src/ContainerDefinitionFetcher.php | 40 +++++------
 4 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index ca50abcc..980f7aad 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 jq -c . ./php/containers.json > /tmp/containers.json
-sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
@@ -20,7 +20,7 @@ sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|- name: |- |' containers.yml
+sed -i 's|- source: |- |' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index b13da609..97c9e963 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -60,10 +60,10 @@
 							"additionalProperties": false,
 							"minProperties": 3,
 							"properties": {
-								"location": {
+								"destination": {
 									"type": "string"
 								},
-								"name": {
+								"source": {
 									"type": "string"
 								},
 								"writeable": {
diff --git a/php/containers.json b/php/containers.json
index fb7fb679..869dc0fd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -28,13 +28,13 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
           "writeable": false
         },
         {
-          "name": "nextcloud_aio_apache",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_apache",
+          "destination": "/mnt/data",
           "writeable": true
         }
       ],
@@ -53,13 +53,13 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_database",
-          "location": "/var/lib/postgresql/data",
+          "source": "nextcloud_aio_database",
+          "destination": "/var/lib/postgresql/data",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/mnt/data",
           "writeable": true
         }
       ],
@@ -95,23 +95,23 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/mnt/ncdata",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/mnt/ncdata",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_MOUNT%",
-          "location": "%NEXTCLOUD_MOUNT%",
+          "source": "%NEXTCLOUD_MOUNT%",
+          "destination": "%NEXTCLOUD_MOUNT%",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-          "location": "/usr/local/share/ca-certificates",
+          "source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+          "destination": "/usr/local/share/ca-certificates",
           "writeable": false
         }
       ],
@@ -172,8 +172,8 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_redis",
-          "location": "/data",
+          "source": "nextcloud_aio_redis",
+          "destination": "/data",
           "writeable": true
         }
       ],
@@ -199,8 +199,8 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_collabora_fonts",
-          "location": "/opt/cool/systemplate/tmpfonts",
+          "source": "nextcloud_aio_collabora_fonts",
+          "destination": "/opt/cool/systemplate/tmpfonts",
           "writeable": true
         }
       ],
@@ -252,53 +252,53 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_backup_cache",
-          "location": "/root",
+          "source": "nextcloud_aio_backup_cache",
+          "destination": "/root",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database",
+          "source": "nextcloud_aio_database",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_apache",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_apache",
+          "source": "nextcloud_aio_apache",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_mastercontainer",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+          "source": "nextcloud_aio_mastercontainer",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
           "writeable": true
         },
         {
-          "name": "%BORGBACKUP_HOST_LOCATION%",
-          "location": "/mnt/borgbackup",
+          "source": "%BORGBACKUP_HOST_LOCATION%",
+          "destination": "/mnt/borgbackup",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_elasticsearch",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_redis",
-          "location": "/mnt/redis",
+          "source": "nextcloud_aio_redis",
+          "destination": "/mnt/redis",
           "writeable": true
         }
       ],
@@ -320,8 +320,8 @@
       ],
       "volumes": [
         {
-          "name": "%DOCKER_SOCKET_PATH%",
-          "location": "/var/run/docker.sock",
+          "source": "%DOCKER_SOCKET_PATH%",
+          "destination": "/var/run/docker.sock",
           "writeable": false
         }
       ],
@@ -362,8 +362,8 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_clamav",
-          "location": "/var/lib/clamav",
+          "source": "nextcloud_aio_clamav",
+          "destination": "/var/lib/clamav",
           "writeable": true
         }
       ],
@@ -386,8 +386,8 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_onlyoffice",
-          "location": "/var/lib/onlyoffice",
+          "source": "nextcloud_aio_onlyoffice",
+          "destination": "/var/lib/onlyoffice",
           "writeable": true
         }
       ],
@@ -426,8 +426,8 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_elasticsearch",
-          "location": "/usr/share/elasticsearch/data",
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/usr/share/elasticsearch/data",
           "writeable": true
         }
       ],
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 8a5341bf..54adb4cb 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -94,43 +94,43 @@ class ContainerDefinitionFetcher
 
             $volumes = new ContainerVolumes();
             foreach ($entry['volumes'] as $value) {
-                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['name'] === '') {
+                if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
+                    $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                    if($value['source'] === '') {
                         continue;
                     }
                 }
-                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['name'] === '') {
+                if($value['source'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['source'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['source'] === '') {
                         continue;
                     }
-                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['name'] === '') {
+                } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
+                    $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                    if ($value['source'] === '') {
                         continue;
                     }
-                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['name'] === '') {
+                } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                    $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                    if($value['source'] === '') {
                         continue;
                     }
-                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
-                    if($value['name'] === '') {
+                } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                    $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                    if($value['source'] === '') {
                         continue;
                     }
                 }
-                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['location'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['location'] === '') {
+                if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['destination'] === '') {
                         continue;
                     }
                 }
                 $volumes->AddVolume(
                     new ContainerVolume(
-                        $value['name'],
-                        $value['location'],
+                        $value['source'],
+                        $value['destination'],
                         $value['writeable']
                     )
                 );

From 5dc9fad2d6d35f60fa89dda2c489857d94d521f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Dec 2022 17:08:41 +0100
Subject: [PATCH 0313/3949] refactor containerports

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 15 ++++++-
 php/containers.json                    | 24 +++++++++--
 php/src/Container/ContainerPort.php    | 19 ++++++++
 php/src/Container/ContainerPorts.php   |  8 ++--
 php/src/ContainerDefinitionFetcher.php | 24 ++++-------
 php/src/Docker/DockerActionManager.php | 60 ++++++++++++++++----------
 6 files changed, 103 insertions(+), 47 deletions(-)
 create mode 100644 php/src/Container/ContainerPort.php

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 97c9e963..be7404b5 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -41,7 +41,20 @@
 					"ports": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"ip_binding": {
+									"type": "string"
+								},
+								"port_number": {
+									"type": "string"
+								},
+								"protocol": {
+									"type": "string"
+								}
+							}
 						}
 					},
 					"restart": {
diff --git a/php/containers.json b/php/containers.json
index 869dc0fd..4ef8a482 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -11,7 +11,11 @@
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
       "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
       ],
       "internal_port": "%APACHE_PORT%",
       "secrets": [],
@@ -214,8 +218,16 @@
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
       "ports": [
-        "%TALK_PORT%/tcp",
-        "%TALK_PORT%/udp"
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "tcp"
+        },
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "udp"
+        }
       ],
       "internal_port": "%TALK_PORT%",
       "environment": [
@@ -335,7 +347,11 @@
       "display_name": "",
       "image": "nextcloud/aio-domaincheck",
       "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
       ],
       "internal_port": "",
       "environment": [
diff --git a/php/src/Container/ContainerPort.php b/php/src/Container/ContainerPort.php
new file mode 100644
index 00000000..577a0bd4
--- /dev/null
+++ b/php/src/Container/ContainerPort.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace AIO\Container;
+
+class ContainerPort {
+    public string $port;
+    public string $ipBinding;
+    public bool $protocol;
+
+    public function __construct(
+        string $port,
+        string $ipBinding,
+        bool $protocol
+    ) {
+        $this->port = $port;
+        $this->ipBinding = $ipBinding;
+        $this->protocol = $protocol;
+    }
+}
diff --git a/php/src/Container/ContainerPorts.php b/php/src/Container/ContainerPorts.php
index 8944a43c..1e88eebc 100644
--- a/php/src/Container/ContainerPorts.php
+++ b/php/src/Container/ContainerPorts.php
@@ -3,17 +3,17 @@
 namespace AIO\Container;
 
 class ContainerPorts {
-    /** @var string[] */
+    /** @var ContainerPort[] */
     private array $ports = [];
 
-    public function AddPort(string $port) : void {
+    public function AddPort(ContainerPort $port) : void {
         $this->ports[] = $port;
     }
 
     /**
-     * @return string[]
+     * @return ContainerPort[]
      */
     public function GetPorts() : array {
         return $this->ports;
     }
-}
+}
\ No newline at end of file
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 54adb4cb..dc0b3e11 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -4,6 +4,7 @@ namespace AIO;
 
 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
+use AIO\Container\ContainerPort;
 use AIO\Container\ContainerPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
@@ -75,21 +76,14 @@ class ContainerDefinitionFetcher
             }
 
             $ports = new ContainerPorts();
-            foreach ($entry['ports'] as $port) {
-                if($port === '%APACHE_PORT%/tcp') {
-                    $port = $this->configurationManager->GetApachePort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/tcp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/udp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/udp';
-                }
-                $ports->AddPort($port);
-            }
-
-            if($entry['internal_port'] === '%APACHE_PORT%') {
-                $entry['internal_port'] = $this->configurationManager->GetApachePort();
-            } elseif($entry['internal_port'] === '%TALK_PORT%') {
-                $entry['internal_port'] = $this->configurationManager->GetTalkPort();
+            foreach ($entry['ports'] as $value) {
+                $ports->AddPort(
+                    new ContainerPort(
+                        $value['port_number'],
+                        $value['ip_binding'],
+                        $value['protocol']
+                    )
+                );
             }
 
             $volumes = new ContainerVolumes();
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d6e5ba59..5742f58b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -125,6 +125,12 @@ class DockerActionManager
 
         $containerName = $container->GetIdentifier();
         $internalPort = $container->GetInternalPort();
+        if($internalPort === '%APACHE_PORT%') {
+            $internalPort = $this->configurationManager->GetApachePort();
+        } elseif($internalPort === '%TALK_PORT%') {
+            $internalPort = $this->configurationManager->GetTalkPort();
+        }
+        
         if ($internalPort !== "" && $internalPort !== 'host') {
             $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
             if ($connection) {
@@ -216,13 +222,6 @@ class DockerActionManager
             $volumes[] = $volumeEntry;
         }
 
-        $exposedPorts = [];
-        if ($container->GetInternalPort() !== 'host') {
-            foreach($container->GetPorts()->GetPorts() as $port) {
-                $exposedPorts[$port] = null;
-            }
-        }
-
         $requestBody = [
             'Image' => $this->BuildImageName($container),
         ];
@@ -358,25 +357,40 @@ class DockerActionManager
         }
 
         $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+ 
+        $exposedPorts = [];
+        if ($container->GetInternalPort() !== 'host') {
+            foreach($container->GetPorts()->GetPorts() as $value) {
+                $exposedPorts[$value->port] = null;
+            }
+        }
 
         if(count($exposedPorts) > 0) {
-            $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach ($container->GetPorts()->GetPorts() as $port) {
-                $portNumber = explode("/", $port);
-                if ($this->configurationManager->GetApachePort() === $portNumber[0] && $this->configurationManager->GetApacheIPBinding() !== '') {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        'HostIp' => $this->configurationManager->GetApacheIPBinding(),
-                        ]
-                    ];
-                } else {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        ]
-                    ];
+            foreach ($container->GetPorts()->GetPorts() as $value) {
+                $port = $value->port;
+                if($port === '%APACHE_PORT%') {
+                    $port = $this->configurationManager->GetApachePort();
+                } elseif($port === '%TALK_PORT%') {
+                    $port = $this->configurationManager->GetTalkPort();
                 }
+                
+                $ipBinding = $value->ipBinding;
+                if($ipBinding === '%APACHE_IP_BINDING%') {
+                    $ipBinding = $this->configurationManager->GetApacheIPBinding();
+                }
+                if ($ipBinding === '') {
+                    $ipBinding = '0.0.0.0';
+                }
+
+                $protocol = $value->protocol;
+                $portWithProtocol = $port . '/' . $protocol;
+                $requestBody['ExposedPorts'][$portWithProtocol] = null;
+                $requestBody['HostConfig']['PortBindings'][$port] = [
+                    [
+                    'HostPort' => $port,
+                    'HostIp' => $ipBinding,
+                    ]
+                ];
             }
         }
 

From 210252825a56eaed000c152d3bb77982746535b6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 30 Dec 2022 21:54:04 +0100
Subject: [PATCH 0314/3949] also fix the update-yaml script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 980f7aad..445b86bf 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -4,6 +4,10 @@ jq -c . ./php/containers.json > /tmp/containers.json
 sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+sed -i 's|","port_number":"|:|g' /tmp/containers.json
+sed -i 's|","protocol":"|/|g' /tmp/containers.json
+sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
+cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
@@ -21,13 +25,14 @@ sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
+sed -i 's|- ip_binding: |- |' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
 for port in "${TCP[@]}" 
 do
     solve_port="${port%%/tcp}"
-    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+    sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
 done
 
 UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
@@ -35,7 +40,7 @@ mapfile -t UDP <<< "$UDP"
 for port in "${UDP[@]}"
 do
     solve_port="${port%%/udp}"
-    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+    sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
 done
 
 rm -f sample.conf
@@ -64,6 +69,7 @@ sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf

From 5bd7070593c54b558492f221897890c667d2cb78 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jan 2023 12:10:49 +0000
Subject: [PATCH 0315/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20221201 to 20230101.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index a7ebed7b..49e8d14b 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221201
+FROM nextcloud/imaginary:20230101
 
 USER root
 RUN set -ex; \

From 8089ab83cf8ed222ff478757cc5e31d5bafc72af Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 13:00:57 +0100
Subject: [PATCH 0316/3949] add types for missing ones

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                        | 43 -------------------
 php/public/index.php                          | 10 +++--
 .../Controller/ConfigurationController.php    |  2 +-
 php/src/Controller/DockerController.php       | 16 +++----
 php/src/Controller/LoginController.php        |  6 +--
 php/src/Twig/ClassExtension.php               |  2 +-
 6 files changed, 19 insertions(+), 60 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index fcf5ebf0..3dc50575 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,46 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863">
-  <file src="public/index.php">
-    <MissingClosureParamType occurrences="10">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$response</code>
-      <code>$response</code>
-      <code>$response</code>
-    </MissingClosureParamType>
-  </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <MissingParamType occurrences="1">
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/DockerController.php">
-    <MissingParamType occurrences="8">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/LoginController.php">
-    <MissingParamType occurrences="3">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingParamType occurrences="1">
-      <code>$object</code>
-    </MissingParamType>
-  </file>
 </files>
diff --git a/php/public/index.php b/php/public/index.php
index aaf829c8..39c1465c 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -12,6 +12,8 @@ use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
 use Slim\Views\Twig;
 use Slim\Views\TwigMiddleware;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
 
 require __DIR__ . '/../vendor/autoload.php';
 
@@ -65,7 +67,7 @@ $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout'
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');
 
 // Views
-$app->get('/containers', function ($request, $response, $args) use ($container) {
+$app->get('/containers', function (Request $request, Response $response, mixed $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
@@ -110,7 +112,7 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
     ]);
 })->setName('profile');
-$app->get('/login', function ($request, $response, $args) use ($container) {
+$app->get('/login', function (Request $request, Response $response, mixed $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -118,7 +120,7 @@ $app->get('/login', function ($request, $response, $args) use ($container) {
         'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
     ]);
 });
-$app->get('/setup', function ($request, $response, $args) use ($container) {
+$app->get('/setup', function (Request $request, Response $response, mixed $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
     $setup = $container->get(\AIO\Data\Setup::class);
@@ -140,7 +142,7 @@ $app->get('/setup', function ($request, $response, $args) use ($container) {
 });
 
 // Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, \Psr\Http\Message\ResponseInterface $response, $args) use ($container) {
+$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, mixed $args) use ($container) {
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
 
     /** @var \AIO\Data\Setup $setup */
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index a06cc6b9..95981a6a 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,7 @@ class ConfigurationController
         $this->configurationManager = $configurationManager;
     }
 
-    public function SetConfig(Request $request, Response $response, $args) : Response {
+    public function SetConfig(Request $request, Response $response, mixed $args) : Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 7cf15226..0ef76e4c 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -49,7 +49,7 @@ class DockerController
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
-    public function GetLogs(Request $request, Response $response, $args) : Response
+    public function GetLogs(Request $request, Response $response, mixed $args) : Response
     {
         $id = $request->getQueryParams()['id'];
         if (str_starts_with($id, 'nextcloud-aio-')) {
@@ -67,7 +67,7 @@ class DockerController
             ->withHeader('Content-Disposition', 'inline');
     }
 
-    public function StartBackupContainerBackup(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerBackup(Request $request, Response $response, mixed $args) : Response {
         $this->startBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -84,7 +84,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheck(Request $request, Response $response, mixed $args) : Response {
         $this->checkBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -98,7 +98,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerRestore(Request $request, Response $response, mixed $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
@@ -113,7 +113,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerTest(Request $request, Response $response, mixed $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'test';
         $config['instance_restore_attempt'] = 0;
@@ -128,7 +128,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartContainer(Request $request, Response $response, $args) : Response
+    public function StartContainer(Request $request, Response $response, mixed $args) : Response
     {
         $uri = $request->getUri();
         $host = $uri->getHost();
@@ -165,7 +165,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id, $pullContainer);
     }
 
-    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
+    public function StartWatchtowerContainer(Request $request, Response $response, mixed $args) : Response {
         $this->startWatchtower();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -188,7 +188,7 @@ class DockerController
         $this->dockerActionManager->StopContainer($container);
     }
 
-    public function StopContainer(Request $request, Response $response, $args) : Response
+    public function StopContainer(Request $request, Response $response, mixed $args) : Response
     {
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index bd7cb0b5..d37b47a8 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,7 +19,7 @@ class LoginController
         $this->dockerActionManager = $dockerActionManager;
     }
 
-    public function TryLogin(Request $request, Response $response, $args) : Response {
+    public function TryLogin(Request $request, Response $response, mixed $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
@@ -32,7 +32,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function GetTryLogin(Request $request, Response $response, $args) : Response {
+    public function GetTryLogin(Request $request, Response $response, mixed $args) : Response {
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
@@ -42,7 +42,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function Logout(Request $request, Response $response, $args) : Response
+    public function Logout(Request $request, Response $response, mixed $args) : Response
     {
         $this->authManager->SetAuthState(false);
         return $response
diff --git a/php/src/Twig/ClassExtension.php b/php/src/Twig/ClassExtension.php
index 9204aee1..ff5ffe44 100644
--- a/php/src/Twig/ClassExtension.php
+++ b/php/src/Twig/ClassExtension.php
@@ -14,7 +14,7 @@ class ClassExtension extends TwigExtension
         );
     }
 
-    public function getClassName($object) : ?string
+    public function getClassName(mixed $object) : ?string
     {
         if (!is_object($object)) {
             return null;

From f272979c43d9e8d7d959d8475a8445e940c84659 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 15:46:58 +0100
Subject: [PATCH 0317/3949] address review by making $args an array

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php                           |  8 ++++----
 php/src/Controller/ConfigurationController.php |  2 +-
 php/src/Controller/DockerController.php        | 16 ++++++++--------
 php/src/Controller/LoginController.php         |  6 +++---
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 39c1465c..b8f48ce9 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -67,7 +67,7 @@ $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout'
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');
 
 // Views
-$app->get('/containers', function (Request $request, Response $response, mixed $args) use ($container) {
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
@@ -112,7 +112,7 @@ $app->get('/containers', function (Request $request, Response $response, mixed $
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
     ]);
 })->setName('profile');
-$app->get('/login', function (Request $request, Response $response, mixed $args) use ($container) {
+$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -120,7 +120,7 @@ $app->get('/login', function (Request $request, Response $response, mixed $args)
         'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
     ]);
 });
-$app->get('/setup', function (Request $request, Response $response, mixed $args) use ($container) {
+$app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
     $setup = $container->get(\AIO\Data\Setup::class);
@@ -142,7 +142,7 @@ $app->get('/setup', function (Request $request, Response $response, mixed $args)
 });
 
 // Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, mixed $args) use ($container) {
+$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
 
     /** @var \AIO\Data\Setup $setup */
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 95981a6a..561cec8c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,7 @@ class ConfigurationController
         $this->configurationManager = $configurationManager;
     }
 
-    public function SetConfig(Request $request, Response $response, mixed $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args) : Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 0ef76e4c..979edbc8 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -49,7 +49,7 @@ class DockerController
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
-    public function GetLogs(Request $request, Response $response, mixed $args) : Response
+    public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $id = $request->getQueryParams()['id'];
         if (str_starts_with($id, 'nextcloud-aio-')) {
@@ -67,7 +67,7 @@ class DockerController
             ->withHeader('Content-Disposition', 'inline');
     }
 
-    public function StartBackupContainerBackup(Request $request, Response $response, mixed $args) : Response {
+    public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
         $this->startBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -84,7 +84,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerCheck(Request $request, Response $response, mixed $args) : Response {
+    public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
         $this->checkBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -98,7 +98,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerRestore(Request $request, Response $response, mixed $args) : Response {
+    public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
@@ -113,7 +113,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartBackupContainerTest(Request $request, Response $response, mixed $args) : Response {
+    public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'test';
         $config['instance_restore_attempt'] = 0;
@@ -128,7 +128,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartContainer(Request $request, Response $response, mixed $args) : Response
+    public function StartContainer(Request $request, Response $response, array $args) : Response
     {
         $uri = $request->getUri();
         $host = $uri->getHost();
@@ -165,7 +165,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id, $pullContainer);
     }
 
-    public function StartWatchtowerContainer(Request $request, Response $response, mixed $args) : Response {
+    public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
         $this->startWatchtower();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -188,7 +188,7 @@ class DockerController
         $this->dockerActionManager->StopContainer($container);
     }
 
-    public function StopContainer(Request $request, Response $response, mixed $args) : Response
+    public function StopContainer(Request $request, Response $response, array $args) : Response
     {
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index d37b47a8..81b1ab84 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,7 +19,7 @@ class LoginController
         $this->dockerActionManager = $dockerActionManager;
     }
 
-    public function TryLogin(Request $request, Response $response, mixed $args) : Response {
+    public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
@@ -32,7 +32,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function GetTryLogin(Request $request, Response $response, mixed $args) : Response {
+    public function GetTryLogin(Request $request, Response $response, array $args) : Response {
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
@@ -42,7 +42,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function Logout(Request $request, Response $response, mixed $args) : Response
+    public function Logout(Request $request, Response $response, array $args) : Response
     {
         $this->authManager->SetAuthState(false);
         return $response

From 5f63e90922365377d2269c082ab5842c62e3772a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 16:42:08 +0100
Subject: [PATCH 0318/3949] fix adding containers to the host network

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 48 ++++++++++++++------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5742f58b..a0abdb2a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -363,6 +363,8 @@ class DockerActionManager
             foreach($container->GetPorts()->GetPorts() as $value) {
                 $exposedPorts[$value->port] = null;
             }
+        } else {
+            $requestBody['HostConfig']['NetworkMode'] = 'host';
         }
 
         if(count($exposedPorts) > 0) {
@@ -633,31 +635,31 @@ class DockerActionManager
     private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
     {
         if ($internalPort === 'host') {
-            $network = 'host';
-        } else {
-            $network = 'nextcloud-aio';
-            $url = $this->BuildApiUrl('networks/create');
-            try {
-                $this->guzzleClient->request(
-                    'POST',
-                    $url,
-                    [
-                        'json' => [
-                            'Name' => 'nextcloud-aio',
-                            'CheckDuplicate' => true,
-                            'Driver' => 'bridge',
-                            'Internal' => false,
-                            'Options' => [
-                                'com.docker.network.bridge.enable_icc' => 'true'
-                            ]
+            return;
+        }
+
+        $network = 'nextcloud-aio';
+        $url = $this->BuildApiUrl('networks/create');
+        try {
+            $this->guzzleClient->request(
+                'POST',
+                $url,
+                [
+                    'json' => [
+                        'Name' => 'nextcloud-aio',
+                        'CheckDuplicate' => true,
+                        'Driver' => 'bridge',
+                        'Internal' => false,
+                        'Options' => [
+                            'com.docker.network.bridge.enable_icc' => 'true'
                         ]
                     ]
-                );
-            } catch (RequestException $e) {
-                // 409 is undocumented and gets thrown if the network already exists.
-                if ($e->getCode() !== 409) {
-                    throw $e;
-                }
+                ]
+            );
+        } catch (RequestException $e) {
+            // 409 is undocumented and gets thrown if the network already exists.
+            if ($e->getCode() !== 409) {
+                throw $e;
             }
         }
 

From cb980f9e846183e65de5245a4a2994fefcdf432b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 17:37:57 +0100
Subject: [PATCH 0319/3949] fix exposing containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Container/ContainerPort.php    |  4 ++--
 php/src/ContainerDefinitionFetcher.php | 11 +++++++++++
 php/src/Docker/DockerActionManager.php | 20 ++++----------------
 3 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/php/src/Container/ContainerPort.php b/php/src/Container/ContainerPort.php
index 577a0bd4..3ecf56cd 100644
--- a/php/src/Container/ContainerPort.php
+++ b/php/src/Container/ContainerPort.php
@@ -5,12 +5,12 @@ namespace AIO\Container;
 class ContainerPort {
     public string $port;
     public string $ipBinding;
-    public bool $protocol;
+    public string $protocol;
 
     public function __construct(
         string $port,
         string $ipBinding,
-        bool $protocol
+        string $protocol
     ) {
         $this->port = $port;
         $this->ipBinding = $ipBinding;
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index dc0b3e11..1766fc6c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -77,6 +77,17 @@ class ContainerDefinitionFetcher
 
             $ports = new ContainerPorts();
             foreach ($entry['ports'] as $value) {
+
+                if ($value['port_number'] === '%APACHE_PORT%') {
+                    $value['port_number'] = $this->configurationManager->GetApachePort();
+                } elseif ($value['port_number'] === '%TALK_PORT%') {
+                    $value['port_number'] = $this->configurationManager->GetTalkPort();
+                }
+
+                if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
+                    $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
+                }
+                
                 $ports->AddPort(
                     new ContainerPort(
                         $value['port_number'],
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5742f58b..141cf064 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -361,31 +361,19 @@ class DockerActionManager
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {
             foreach($container->GetPorts()->GetPorts() as $value) {
-                $exposedPorts[$value->port] = null;
+                $portWithProtocol = $value->port . '/' . $value->protocol;
+                $exposedPorts[$portWithProtocol] = null;
             }
         }
 
         if(count($exposedPorts) > 0) {
+            $requestBody['ExposedPorts'] = $exposedPorts;
             foreach ($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
-                if($port === '%APACHE_PORT%') {
-                    $port = $this->configurationManager->GetApachePort();
-                } elseif($port === '%TALK_PORT%') {
-                    $port = $this->configurationManager->GetTalkPort();
-                }
-                
                 $ipBinding = $value->ipBinding;
-                if($ipBinding === '%APACHE_IP_BINDING%') {
-                    $ipBinding = $this->configurationManager->GetApacheIPBinding();
-                }
-                if ($ipBinding === '') {
-                    $ipBinding = '0.0.0.0';
-                }
-
                 $protocol = $value->protocol;
                 $portWithProtocol = $port . '/' . $protocol;
-                $requestBody['ExposedPorts'][$portWithProtocol] = null;
-                $requestBody['HostConfig']['PortBindings'][$port] = [
+                $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
                     [
                     'HostPort' => $port,
                     'HostIp' => $ipBinding,

From 54c642e787af3908866afe7df0304fb76bd31e7f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 18:16:12 +0100
Subject: [PATCH 0320/3949] fix healthcheck for nextcloud and database

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile      | 5 +++--
 Containers/nextcloud/healthcheck.sh  | 7 +++++++
 Containers/postgresql/Dockerfile     | 9 ++++++---
 Containers/postgresql/healthcheck.sh | 5 +++++
 4 files changed, 21 insertions(+), 5 deletions(-)
 create mode 100644 Containers/nextcloud/healthcheck.sh
 create mode 100644 Containers/postgresql/healthcheck.sh

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 60dffc10..66f0eb6f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -250,7 +250,8 @@ RUN set -ex; \
     chmod +x /cron.sh && \
     chmod +x /notify.sh && \
     chmod +x /notify-all.sh && \
-    chmod +x /activate-collabora.sh
+    chmod +x /activate-collabora.sh && \
+    chmod +x healthcheck.sh
 
 RUN set -ex; \
     mkdir /mnt/ncdata; \
@@ -264,4 +265,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD (sudo -u www-data nc -z "$POSTGRES_HOST" 5432 || exit 0) && (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD /healthcheck.sh
diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh
new file mode 100644
index 00000000..960ee6c7
--- /dev/null
+++ b/Containers/nextcloud/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+sudo -u www-data nc -z "$POSTGRES_HOST" 5432 || exit 0
+
+if ! sudo -u www-data nc -z localhost 9000 || ! sudo -u www-data nc -z localhost 7867; then
+    exit 1
+fi
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index ea8daff4..5bd02dd7 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -17,9 +17,12 @@ RUN set -ex; \
     chown -R postgres:postgres "$PGDATA"
 
 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh
 
 RUN mkdir /mnt/data; \
     chown postgres:postgres /mnt/data;
@@ -32,4 +35,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER postgres
 ENTRYPOINT ["start.sh"]
 
-HEALTHCHECK CMD (test -f "/mnt/data/backup-is-running" && exit 0) && psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
\ No newline at end of file
+HEALTHCHECK CMD healthcheck.sh
diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
new file mode 100644
index 00000000..064bfbcb
--- /dev/null
+++ b/Containers/postgresql/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+test -f "/mnt/data/backup-is-running" && exit 0
+
+psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1

From ed5483500aa04d528ceb6ace165efe3bbbde765d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 18:24:17 +0100
Subject: [PATCH 0321/3949] Address review

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/Dockerfile     | 4 ++--
 Containers/nextcloud/healthcheck.sh | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 66f0eb6f..881ee0c6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -251,7 +251,7 @@ RUN set -ex; \
     chmod +x /notify.sh && \
     chmod +x /notify-all.sh && \
     chmod +x /activate-collabora.sh && \
-    chmod +x healthcheck.sh
+    chmod +x /healthcheck.sh
 
 RUN set -ex; \
     mkdir /mnt/ncdata; \
@@ -265,4 +265,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD /healthcheck.sh
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh
index 960ee6c7..df87360c 100644
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-sudo -u www-data nc -z "$POSTGRES_HOST" 5432 || exit 0
+nc -z "$POSTGRES_HOST" 5432 || exit 0
 
-if ! sudo -u www-data nc -z localhost 9000 || ! sudo -u www-data nc -z localhost 7867; then
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
     exit 1
 fi

From 57e1d95643781ce571c54636d77589031f4e75f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Dec 2022 02:24:38 +0100
Subject: [PATCH 0322/3949] improve containeers schema

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index be7404b5..887af502 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -1,15 +1,16 @@
 {
 	"type": "object",
 	"description": "AIO containers definition schema",
-	"additionalProperties": false,
 	"minProperties": 1,
+	"required": ["services"],
 	"properties": {
 		"services": {
 			"type": "array",
 			"items": {
 				"type": "object",
 				"additionalProperties": false,
-				"minProperties": 11,
+				"minProperties": 2,
+				"required": ["image", "container_name"],
 				"properties": {
 					"image": {
 						"type": "string"

From 29197deb69421df23f9e97fee02c28fff2beb187 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 30 Dec 2022 23:40:19 +0100
Subject: [PATCH 0323/3949] removed not-used properties from the containers
 definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 56 +++------------------------------------------
 1 file changed, 3 insertions(+), 53 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 4ef8a482..915bc324 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -18,7 +18,6 @@
         }
       ],
       "internal_port": "%APACHE_PORT%",
-      "secrets": [],
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
@@ -42,15 +41,12 @@
           "writeable": true
         }
       ],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-database",
-      "depends_on": [],
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
-      "ports": [],
       "internal_port": "5432",
       "secrets": [
         "DATABASE_PASSWORD"
@@ -88,7 +84,6 @@
       ],
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
-      "ports": [],
       "internal_port": "9000",
       "secrets": [
         "DATABASE_PASSWORD",
@@ -160,15 +155,12 @@
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-redis",
-      "depends_on": [],
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
-      "ports": [],
       "internal_port": "6379",
       "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
@@ -185,15 +177,12 @@
         "REDIS_PASSWORD",
         "ONLYOFFICE_SECRET"
       ],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-collabora",
-      "depends_on": [],
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
-      "ports": [],
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
@@ -208,13 +197,10 @@
           "writeable": true
         }
       ],
-      "secrets": [],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-talk",
-      "depends_on": [],
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
       "ports": [
@@ -238,22 +224,16 @@
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%"
       ],
-      "volumes": [],
       "secrets": [
         "TURN_SECRET",
         "SIGNALING_SECRET",
         "JANUS_API_KEY"
       ],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
-      "depends_on": [],
-      "display_name": "",
       "image": "nextcloud/aio-borgbackup",
-      "ports": [],
-      "internal_port": "",
       "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
@@ -316,17 +296,11 @@
       ],
       "secrets": [
         "BORGBACKUP_PASSWORD"
-      ],
-      "stop_grace_period": 10,
-      "restart": ""
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",
-      "depends_on": [],
-      "display_name": "",
       "image": "nextcloud/aio-watchtower",
-      "ports": [],
-      "internal_port": "",
       "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
@@ -336,15 +310,10 @@
           "destination": "/var/run/docker.sock",
           "writeable": false
         }
-      ],
-      "secrets": [],
-      "stop_grace_period": 10,
-      "restart": ""
+      ]
     },
     {
-      "depends_on": [],
       "container_name": "nextcloud-aio-domaincheck",
-      "display_name": "",
       "image": "nextcloud/aio-domaincheck",
       "ports": [
         {
@@ -353,24 +322,19 @@
           "protocol": "tcp"
         }
       ],
-      "internal_port": "",
       "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
       ],
-      "volumes": [],
       "secrets": [
         "INSTANCE_ID"
       ],
-      "stop_grace_period": 1,
-      "restart": ""
+      "stop_grace_period": 1
     },
     {
       "container_name": "nextcloud-aio-clamav",
-      "depends_on": [],
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
-      "ports": [],
       "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -383,16 +347,12 @@
           "writeable": true
         }
       ],
-      "secrets": [],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
-      "depends_on": [],
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
-      "ports": [],
       "internal_port": "80",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -410,30 +370,22 @@
       "secrets": [
         "ONLYOFFICE_SECRET"
       ],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-imaginary",
-      "depends_on": [],
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
-      "ports": [],
       "internal_port": "9000",
       "environment": [
         "TZ=%TIMEZONE%"
       ],
-      "volumes": [],
-      "secrets": [],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
-      "depends_on": [],
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
-      "ports": [],
       "internal_port": "9200",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -447,8 +399,6 @@
           "writeable": true
         }
       ],
-      "secrets": [],
-      "stop_grace_period": 10,
       "restart": "unless-stopped"
     }
   ]

From f98528eac5e8fdeb1656d387c7b80d387aa7a515 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 30 Dec 2022 23:49:54 +0100
Subject: [PATCH 0324/3949] rename services to aio_services_v1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          | 1 +
 php/containers-schema.json             | 4 ++--
 php/containers.json                    | 2 +-
 php/src/ContainerDefinitionFetcher.php | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 445b86bf..27a6529b 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 jq -c . ./php/containers.json > /tmp/containers.json
+sed -i 's|aio_services_v1|services|g' /tmp/containers.json
 sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 887af502..c2e962dc 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -2,9 +2,9 @@
 	"type": "object",
 	"description": "AIO containers definition schema",
 	"minProperties": 1,
-	"required": ["services"],
+	"required": ["aio_services_v1"],
 	"properties": {
-		"services": {
+		"aio_services_v1": {
 			"type": "array",
 			"items": {
 				"type": "object",
diff --git a/php/containers.json b/php/containers.json
index 915bc324..9cb179dc 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,5 +1,5 @@
 {
-  "services": [
+  "aio_services_v1": [
     {
       "container_name": "nextcloud-aio-apache",
       "depends_on": [
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 1766fc6c..a31d7d36 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -48,7 +48,7 @@ class ContainerDefinitionFetcher
         $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
 
         $containers = [];
-        foreach ($data['services'] as $entry) {
+        foreach ($data['aio_services_v1'] as $entry) {
             if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                 if (!$this->configurationManager->isClamavEnabled()) {
                     continue;

From de1eaf77078d88c6b5011c6c52a66c2e4baab9a8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 30 Dec 2022 23:33:20 +0100
Subject: [PATCH 0325/3949] add isset for non-required properties

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 208 ++++++++++++++-----------
 1 file changed, 120 insertions(+), 88 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a31d7d36..ce646ccc 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -76,118 +76,150 @@ class ContainerDefinitionFetcher
             }
 
             $ports = new ContainerPorts();
-            foreach ($entry['ports'] as $value) {
+            if (isset($entry['ports'])) {
+                foreach ($entry['ports'] as $value) {
+                    if ($value['port_number'] === '%APACHE_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetApachePort();
+                    } elseif ($value['port_number'] === '%TALK_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetTalkPort();
+                    }
 
-                if ($value['port_number'] === '%APACHE_PORT%') {
-                    $value['port_number'] = $this->configurationManager->GetApachePort();
-                } elseif ($value['port_number'] === '%TALK_PORT%') {
-                    $value['port_number'] = $this->configurationManager->GetTalkPort();
+                    if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
+                        $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
+                    }
+                    
+                    $ports->AddPort(
+                        new ContainerPort(
+                            $value['port_number'],
+                            $value['ip_binding'],
+                            $value['protocol']
+                        )
+                    );
                 }
-
-                if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
-                    $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
-                }
-                
-                $ports->AddPort(
-                    new ContainerPort(
-                        $value['port_number'],
-                        $value['ip_binding'],
-                        $value['protocol']
-                    )
-                );
             }
 
             $volumes = new ContainerVolumes();
-            foreach ($entry['volumes'] as $value) {
-                if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['source'] === '') {
-                        continue;
+            if (isset($entry['volumes'])) {
+                foreach ($entry['volumes'] as $value) {
+                    if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
+                        $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                        if($value['source'] === '') {
+                            continue;
+                        }
                     }
+                    if($value['source'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                        if ($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                        $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                        $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    }
+                    if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['destination'] === '') {
+                            continue;
+                        }
+                    }
+                    $volumes->AddVolume(
+                        new ContainerVolume(
+                            $value['source'],
+                            $value['destination'],
+                            $value['writeable']
+                        )
+                    );
                 }
-                if($value['source'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['source'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['source'] === '') {
-                        continue;
-                    }
-                } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['source'] === '') {
-                        continue;
-                    }
-                } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['source'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['source'] === '') {
-                        continue;
-                    }
-                } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                    $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
-                    if($value['source'] === '') {
-                        continue;
-                    }
-                }
-                if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['destination'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['destination'] === '') {
-                        continue;
-                    }
-                }
-                $volumes->AddVolume(
-                    new ContainerVolume(
-                        $value['source'],
-                        $value['destination'],
-                        $value['writeable']
-                    )
-                );
             }
 
             $dependsOn = [];
-            foreach ($entry['depends_on'] as $value) {
-                if ($value === 'nextcloud-aio-clamav') {
-                    if (!$this->configurationManager->isClamavEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-onlyoffice') {
-                    if (!$this->configurationManager->isOnlyofficeEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-collabora') {
-                    if (!$this->configurationManager->isCollaboraEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-talk') {
-                    if (!$this->configurationManager->isTalkEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-imaginary') {
-                    if (!$this->configurationManager->isImaginaryEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-fulltextsearch') {
-                    if (!$this->configurationManager->isFulltextsearchEnabled()) {
-                        continue;
+            if (isset($entry['depends_on'])) {
+                foreach ($entry['depends_on'] as $value) {
+                    if ($value === 'nextcloud-aio-clamav') {
+                        if (!$this->configurationManager->isClamavEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-onlyoffice') {
+                        if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-collabora') {
+                        if (!$this->configurationManager->isCollaboraEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-talk') {
+                        if (!$this->configurationManager->isTalkEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-imaginary') {
+                        if (!$this->configurationManager->isImaginaryEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-fulltextsearch') {
+                        if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                            continue;
+                        }
                     }
+                    $dependsOn[] = $value;
                 }
-                $dependsOn[] = $value;
             }
             
             $variables = new ContainerEnvironmentVariables();
-            foreach ($entry['environment'] as $value) {
-                $variables->AddVariable($value);
+            if (isset($entry['environment'])) {
+                foreach ($entry['environment'] as $value) {
+                    $variables->AddVariable($value);
+                }
+            }
+
+            $displayName = '';
+            if (isset($entry['display_name'])) {
+                $displayName = $entry['display_name'];
+            }
+
+            $restartPolicy = '';
+            if (isset($entry['restart'])) {
+                $restartPolicy = $entry['restart'];
+            }
+
+            $maxShutdownTime = 10;
+            if (isset($entry['stop_grace_period'])) {
+                $maxShutdownTime = $entry['stop_grace_period'];
+            }
+
+            $internalPort = '';
+            if (isset($entry['internal_port'])) {
+                $internalPort = $entry['internal_port'];
+            }
+
+            $secrets = [];
+            if (isset($entry['secrets'])) {
+                $secrets = $entry['secrets'];
             }
 
             $containers[] = new Container(
                 $entry['container_name'],
-                $entry['display_name'],
+                $displayName,
                 $entry['image'],
-                $entry['restart'],
-                $entry['stop_grace_period'],
+                $restartPolicy,
+                $maxShutdownTime,
                 $ports,
-                $entry['internal_port'],
+                $internalPort,
                 $volumes,
                 $variables,
                 $dependsOn,
-                $entry['secrets'],
+                $secrets,
                 $this->container->get(DockerActionManager::class)
             );
         }

From 03d761b240385f9923a5fd942686acdc2b51fd5b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 16:08:02 +0100
Subject: [PATCH 0326/3949] allow to enable shipped apps during startup

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c30c9d43..02bef12a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -263,7 +263,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             if [ -n "$STARTUP_APPS" ]; then
                 read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                 for app in "${STARTUP_APPS_ARRAY[@]}"; do
-                    php /var/www/html/occ app:install "$app"
+                    if ! echo "$app" | grep -q '^-'; then 
+                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                            # If not shipped, install and enable the app
+                            php /var/www/html/occ app:install "$app"
+                        else
+                            # If shipped, enable the app
+                            php /var/www/html/occ app:enable "$app"
+                        fi
+                    else
+                        app="${app#-}"
+                        # Disable the app if '-' was provided in front of the appid
+                        php /var/www/html/occ app:disable "$app"
+                    fi
                 done
             fi
 

From 723743354897c678fe7a6bd76800d43ac5569b49 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 23:58:25 +0100
Subject: [PATCH 0327/3949] add some documentation for the apps-disable on
 startup feature

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0e82ce4c..bda06f4b 100644
--- a/readme.md
+++ b/readme.md
@@ -484,7 +484,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 

From 92b271c3e5f3d6a76889b94c85b89445881e30b0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 3 Jan 2023 02:01:03 +0100
Subject: [PATCH 0328/3949] allow to add the /dev/dri device into the container
 and refactor devices

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh           | 12 ++++++++++++
 docker-compose.yml                      |  1 +
 manual-install/update-yaml.sh           |  1 +
 php/containers-schema.json              |  6 ++++++
 php/containers.json                     |  8 +++++++-
 php/src/Container/Container.php         |  8 ++++++++
 php/src/ContainerDefinitionFetcher.php  |  6 ++++++
 php/src/Data/ConfigurationManager.php   | 15 +++++++++++++++
 php/src/Docker/DockerActionManager.php  | 13 ++++++++++++-
 readme.md                               |  3 +++
 tests/QA/060-environmental-variables.md |  1 +
 11 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 2513f52a..88a7ac10 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -30,6 +30,18 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     update-ca-certificates
 fi
 
+# Check if /dev/dri device is present and apply correct permissions
+set -x
+if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    GID="$(stat -c "%g" /dev/dri/renderD128)"
+    groupadd -g "$GID" render2 || true # sometimes this is needed
+    GROUP="$(getent group "$GID" | cut -d: -f1)"
+    usermod -aG "$GROUP" www-data
+    touch "/dev-dri-group-was-added"
+fi
+set +x
+
 # Check datadir permissions
 sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
diff --git a/docker-compose.yml b/docker-compose.yml
index e7e1bc02..a3a2c4c5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,6 +31,7 @@ services:
       # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 27a6529b..ef6dcded 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -12,6 +12,7 @@ cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index c2e962dc..0667942d 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -67,6 +67,12 @@
 							"type": "string"
 						}
 					},
+					"devices": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 9cb179dc..6f326026 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -155,7 +155,10 @@
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "devices": [
+        "/dev/dri"
+      ]
     },
     {
       "container_name": "nextcloud-aio-redis",
@@ -296,6 +299,9 @@
       ],
       "secrets": [
         "BORGBACKUP_PASSWORD"
+      ],
+      "devices": [
+        "/dev/fuse"
       ]
     },
     {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 9697911b..c7ff5cf7 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -21,6 +21,8 @@ class Container {
     private array $dependsOn;
     /** @var string[] */
     private array $secrets;
+    /** @var string[] */
+    private array $devices;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -35,6 +37,7 @@ class Container {
         ContainerEnvironmentVariables $containerEnvironmentVariables,
         array $dependsOn,
         array $secrets,
+        array $devices,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -48,6 +51,7 @@ class Container {
         $this->containerEnvironmentVariables = $containerEnvironmentVariables;
         $this->dependsOn = $dependsOn;
         $this->secrets = $secrets;
+        $this->devices = $devices;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -75,6 +79,10 @@ class Container {
         return $this->secrets;
     }
 
+    public function GetDevices() : array {
+        return $this->devices;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index ce646ccc..4789bbfa 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -208,6 +208,11 @@ class ContainerDefinitionFetcher
                 $secrets = $entry['secrets'];
             }
 
+            $devices = [];
+            if (isset($entry['devices'])) {
+                $devices = $entry['devices'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -220,6 +225,7 @@ class ContainerDefinitionFetcher
                 $variables,
                 $dependsOn,
                 $secrets,
+                $devices,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0a265fd9..92b5f6be 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -791,4 +791,19 @@ class ConfigurationManager
             return true;
         }
     }
+
+    private function GetEnabledDriDevice() : string {
+        $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
+        $configName = 'nextcloud_enable_dri_device';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isDriDeviceEnabled() : bool {
+        if ($this->GetEnabledDriDevice() === 'true') {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 61d8aa6e..cc4478e0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -384,10 +384,21 @@ class DockerActionManager
             }
         }
 
+        $devices = [];
+        foreach($container->GetDevices() as $device) {
+            if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
+                continue;
+            }
+            $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
+        }
+
+        if (count($devices) > 0) {
+            $requestBody['HostConfig']['Devices'] = $devices;
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
-            $requestBody['HostConfig']['Devices'] = [["PathOnHost" => "/dev/fuse", "PathInContainer" => "/dev/fuse", "CgroupPermissions" => "rwm"]];
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
             
             // Additional backup directories
diff --git a/readme.md b/readme.md
index bda06f4b..323a415d 100644
--- a/readme.md
+++ b/readme.md
@@ -499,6 +499,9 @@ You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extensi
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
+### How to enable hardware-transcoding for Nextcloud?
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index b0fca4f8..0b023122 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -18,5 +18,6 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certificat
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 5fd210f9d8a23fa8ed7d60fd2908ada20dfc42e0 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 3 Jan 2023 04:21:25 +0000
Subject: [PATCH 0329/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 3dc50575..b60d8c6e 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,3 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863">
-</files>
+<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863"/>

From ec0e5b645d6c9ab29c971de00e67002937d6c52e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 3 Jan 2023 12:15:50 +0000
Subject: [PATCH 0330/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 11 +----------
 manual-install/sample.conf |  1 +
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 4c81dcee..73eb2a2f 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -9,7 +9,7 @@ services:
       - nextcloud-aio-nextcloud
     image: nextcloud/aio-apache:${IMAGE_TAG}
     ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
@@ -23,7 +23,6 @@ services:
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -97,7 +96,6 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -109,7 +107,6 @@ services:
       - TZ=${TIMEZONE}
     volumes:
       - nextcloud_aio_redis:/data:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -124,7 +121,6 @@ services:
       - TZ=${TIMEZONE}
     volumes:
       - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -142,7 +138,6 @@ services:
       - JANUS_API_KEY=${JANUS_API_KEY}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -155,7 +150,6 @@ services:
       - CLAMD_STARTUP_TIMEOUT=90
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -170,7 +164,6 @@ services:
       - JWT_SECRET=${ONLYOFFICE_SECRET}
     volumes:
       - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -180,7 +173,6 @@ services:
     image: nextcloud/aio-imaginary:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -194,7 +186,6 @@ services:
       - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 2eaf66c9..3431df33 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,6 +1,7 @@
 IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support

From a0bbb86b1357c4a17d61f856b40db5a45f1ca1ab Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Jan 2023 23:25:02 +0100
Subject: [PATCH 0331/3949] add twofactor_totp back as default enabled app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 manual-install/sample.conf              | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e7e1bc02..7fd5c385 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 2eaf66c9..ab3ba1c0 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -19,7 +19,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 27a6529b..8a0db714 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -78,7 +78,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0a265fd9..02a97539 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -735,7 +735,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck tasks calendar contacts';
+        return 'deck twofactor_totp tasks calendar contacts';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index bda06f4b..be45c9e1 100644
--- a/readme.md
+++ b/readme.md
@@ -484,7 +484,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index b0fca4f8..211aec49 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 

From 34376d535f907fd93488804fae12f42ce2317e10 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 3 Jan 2023 21:01:01 +0100
Subject: [PATCH 0332/3949] set remote_font_config for collabora

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json                    |  2 +-
 php/src/Docker/DockerActionManager.php | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 9cb179dc..4872f8e0 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -186,7 +186,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%"
       ],
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 61d8aa6e..1e09f44b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -236,8 +236,16 @@ class DockerActionManager
 
         $envs = $container->GetEnvironmentVariables()->GetVariables();
         foreach($envs as $key => $env) {
-            $patterns = ['/%(.*)%/'];
+            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
+            if (str_starts_with($env, 'extra_params=')) {
+                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
+                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
+                $envs[$key] = $env;
+                continue;
+            }
 
+            // Original implementation
+            $patterns = ['/%(.*)%/'];
 
             if(preg_match($patterns[0], $env, $out) === 1) {
                 $replacements = array();

From c9e2b183aa10b014aaf73b2336086856c3c0b9ef Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 4 Jan 2023 12:16:14 +0000
Subject: [PATCH 0333/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 73eb2a2f..75663881 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -116,7 +116,7 @@ services:
     image: nextcloud/aio-collabora:${IMAGE_TAG}
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
     volumes:

From 480b3193d452d0f25d40b84458d8b247eee1bd36 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 14:47:56 +0100
Subject: [PATCH 0334/3949] add a debug advice for collabora and talk

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 6f56059d..4bfd4605 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -11,6 +11,12 @@ labels: bug, 0. Needs triage
 * Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
 * Subscribe to receive notifications on status change and new comments. 
 
+
+<!---
+For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
+--->
+
+
 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
 1.

From b189e7b773a9cf9c7d9d1a1661d52150a8d29159 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 15:57:54 +0100
Subject: [PATCH 0335/3949] add ulimit for the talk container due to a bug in
 libwebsockets

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index dfe7cc3e..989ba593 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -423,6 +423,10 @@ class DockerActionManager
             if(count($mounts) > 0) {
                 $requestBody['HostConfig']['Mounts'] = $mounts;
             }
+        // Special things for the talk container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
         }
 
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());

From 6b91fb7ca2e324f8aa8ae666cacf808935b9882b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 15:38:59 +0100
Subject: [PATCH 0336/3949] allow to repair the integrity of the backup archive

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh   | 17 +++++++++++++++++
 Containers/borgbackup/start.sh          |  2 +-
 php/public/index.php                    |  1 +
 php/src/Controller/DockerController.php | 16 ++++++++++++++++
 php/templates/containers.twig           | 22 ++++++++++++++++++++--
 5 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 42a32b59..069a9e14 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -364,6 +364,23 @@ if [ "$BORG_MODE" = check ]; then
     exit 0
 fi
 
+# Do the Backup check-repair
+if [ "$BORG_MODE" = "check-repair" ]; then
+    get_start_time
+    echo "Checking the backup integrity and repairing it..."
+
+    # Perform the check-repair
+    if ! borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+        echo "Some errors were found while checking and repairing the backup integrity!"
+        exit 1
+    fi
+
+    # Inform user
+    get_expiration_time
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    exit 0
+fi
+
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
     if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh
index 00e06ed4..e8d93f58 100644
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -20,7 +20,7 @@ export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
 
 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
     echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
     exit 1
 fi
diff --git a/php/public/index.php b/php/public/index.php
index b8f48ce9..be87258d 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -57,6 +57,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 979edbc8..dd417b27 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -113,6 +113,22 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
+    public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check-repair';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+
+        // Restore to backup check which is needed to make the UI logic work correctly
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check';
+        $this->configurationManager->WriteConfig($config);
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'test';
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 90989315..a65ea9f5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -111,7 +111,16 @@
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a>
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br><br>
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity"/><br/>
+                                            </form>
+                                        </details><br /><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -329,7 +338,16 @@
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
-                                        The backup archive seems to be corrupt. You can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity"/><br/>
+                                            </form>
+                                        </details><br /><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />

From bc7b3c4c548865a33976377a25c11e565a97ee16 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 16:14:59 +0100
Subject: [PATCH 0337/3949] add onclick warning

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a65ea9f5..dbc07e12 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -118,7 +118,7 @@
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Check and repair backup integrity"/><br/>
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
                                             </form>
                                         </details><br /><br />
                                     {% endif %}
@@ -345,7 +345,7 @@
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Check and repair backup integrity"/><br/>
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
                                             </form>
                                         </details><br /><br />
                                     {% endif %}

From db9f88945ccc5d507be6517281bad65cfdce4a1c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 16:22:38 +0100
Subject: [PATCH 0338/3949] increase to v4.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index dbc07e12..a63babea 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.0.1</h1>
+        <h1>Nextcloud AIO v4.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d8f24b886239167682727abcff6cf8e65245fdf5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 16:49:47 +0100
Subject: [PATCH 0339/3949] try to fix the borg check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 069a9e14..9c2073e7 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -370,7 +370,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
     echo "Checking the backup integrity and repairing it..."
 
     # Perform the check-repair
-    if ! borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking and repairing the backup integrity!"
         exit 1
     fi

From 16054318272f241517baf0f79e12b59537a87c9b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Jan 2023 17:10:21 +0100
Subject: [PATCH 0340/3949] substitute borg --progress by borg -v

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 9c2073e7..1126278f 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -127,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--progress --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
     # Create the backup
     echo "Starting the backup..."
@@ -353,7 +353,7 @@ if [ "$BORG_MODE" = check ]; then
     echo "Checking the backup integrity..."
 
     # Perform the check
-    if ! borg check --progress --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
         exit 1
     fi

From 62a3740a535f0a68c8ccf43e3f21dbc49501dc14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 12:11:12 +0100
Subject: [PATCH 0341/3949] improve manual-install update docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index ffa026b6..a62b6f72 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -37,7 +37,7 @@ Since the AIO containers may change in the future, it is highly recommended to s
 1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

From 6641cb6382fdf32f8c7e4215a9831c033fa00e1f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 17:46:41 +0100
Subject: [PATCH 0342/3949] add update-helm script which makes it easier to
 test things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/update-helm.yml

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
new file mode 100644
index 00000000..2d2e2ce6
--- /dev/null
+++ b/.github/workflows/update-helm.yml
@@ -0,0 +1,27 @@
+name: Update Helm Chart
+
+on:
+  workflow_dispatch:
+  # schedule:
+  # - cron:  '00 12 * * *'
+
+jobs:
+  psalm:
+    name: update helm chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: update helm chart
+        run: |
+          sudo bash helm-chart/update-helm.sh
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: Helm Chart updates
+          signoff: true
+          title: Helm Chart updates
+          body: Automated Helm Chart updates for the yaml files. Should only be merged shortly before the next latest release.
+          labels: dependencies
+          milestone: next
+          branch: aio-helm-update

From 3cf99a96b2ebeddfcffab4c64940dc28ae99c961 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 19:20:58 +0100
Subject: [PATCH 0343/3949] add verbose output for update-yaml

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 55d19cf8..3e0bb9d4 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -ex
+
 jq -c . ./php/containers.json > /tmp/containers.json
 sed -i 's|aio_services_v1|services|g' /tmp/containers.json
 sed -i 's|","destination":"|:|g' /tmp/containers.json

From cf35a3a391e6db3f1856ec1682d12600180c9eb4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 19:24:24 +0100
Subject: [PATCH 0344/3949] disable ex options again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3e0bb9d4..eb768db9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -136,3 +136,5 @@ cat containers.yml > latest.yml
 sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml
 
 rm containers.yml
+
+set +ex

From 50ed6a1ed832f0420e033f314c8e39de5999077a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 19:28:19 +0100
Subject: [PATCH 0345/3949] try to fix the workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 2d2e2ce6..68e4da7a 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -25,3 +25,4 @@ jobs:
           labels: dependencies
           milestone: next
           branch: aio-helm-update
+          github_token: ${{ secrets.GITHUB_TOKEN }}

From 353b65fa09c16c86d969a1c70c87222de9f8ba1b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 19:29:55 +0100
Subject: [PATCH 0346/3949] fix update-yaml as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-yaml.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 48f5ed46..12ce9366 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -25,3 +25,4 @@ jobs:
           labels: dependencies
           milestone: next
           branch: aio-yaml-update
+          github_token: ${{ secrets.GITHUB_TOKEN }}

From 0810904d416b71a2b7e8f62b9ba5bf1079d43043 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Jan 2023 19:32:38 +0100
Subject: [PATCH 0347/3949] fix token

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 12ce9366..928d396f 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -25,4 +25,4 @@ jobs:
           labels: dependencies
           milestone: next
           branch: aio-yaml-update
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}

From 2c5fa27afbe4926ceead55ac8c59d14f78852d6e Mon Sep 17 00:00:00 2001
From: root <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 12:29:31 +0000
Subject: [PATCH 0348/3949] Create Helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml             |  13 +-
 helm-chart/Chart.yaml                         |   8 ++
 helm-chart/readme.md                          |   3 +
 .../nextcloud-aio-apache-deployment.yaml      |  61 +++++++++
 ...loud-aio-apache-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-apache-service.yaml         |  18 +++
 .../nextcloud-aio-clamav-deployment.yaml      |  40 ++++++
 ...loud-aio-clamav-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-collabora-deployment.yaml   |  44 ++++++
 ...collabora-fonts-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-database-deployment.yaml    |  50 +++++++
 ...o-database-dump-persistentvolumeclaim.yaml |  15 ++
 ...ud-aio-database-persistentvolumeclaim.yaml |  15 ++
 ...o-elasticsearch-persistentvolumeclaim.yaml |  15 ++
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  42 ++++++
 .../nextcloud-aio-imaginary-deployment.yaml   |  31 +++++
 .../nextcloud-aio-networkpolicy.yaml          |  13 ++
 ...-nextcloud-data-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-nextcloud-deployment.yaml   | 129 ++++++++++++++++++
 ...nextcloud-mount-persistentvolumeclaim.yaml |  15 ++
 ...d-aio-nextcloud-persistentvolumeclaim.yaml |  15 ++
 ...trusted-cacerts-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  44 ++++++
 ...-aio-onlyoffice-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-redis-deployment.yaml       |  38 ++++++
 ...cloud-aio-redis-persistentvolumeclaim.yaml |  15 ++
 .../nextcloud-aio-talk-deployment.yaml        |  45 ++++++
 .../templates/nextcloud-aio-talk-service.yaml |  24 ++++
 helm-chart/update-helm.sh                     | 117 ++++++++++++++++
 helm-chart/values.yaml                        |  34 +++++
 30 files changed, 930 insertions(+), 4 deletions(-)
 create mode 100755 helm-chart/Chart.yaml
 create mode 100755 helm-chart/readme.md
 create mode 100755 helm-chart/templates/nextcloud-aio-apache-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-apache-service.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-database-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-networkpolicy.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-redis-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-talk-deployment.yaml
 create mode 100755 helm-chart/templates/nextcloud-aio-talk-service.yaml
 create mode 100755 helm-chart/update-helm.sh
 create mode 100755 helm-chart/values.yaml

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 68e4da7a..32025a10 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -2,8 +2,8 @@ name: Update Helm Chart
 
 on:
   workflow_dispatch:
-  # schedule:
-  # - cron:  '00 12 * * *'
+  schedule:
+  - cron:  '00 12 * * *'
 
 jobs:
   psalm:
@@ -14,7 +14,12 @@ jobs:
         uses: actions/checkout@v3
       - name: update helm chart
         run: |
-          sudo bash helm-chart/update-helm.sh
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
+          DOCKER_TAG="${DOCKER_TAG%%latest*}"
+          export DOCKER_TAG
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
+          fi
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:
@@ -25,4 +30,4 @@ jobs:
           labels: dependencies
           milestone: next
           branch: aio-helm-update
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
new file mode 100755
index 00000000..916f866d
--- /dev/null
+++ b/helm-chart/Chart.yaml
@@ -0,0 +1,8 @@
+name: Nextcloud AIO Helm Chart
+description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
+version: 4.1.0
+apiVersion: v1
+keywords:
+  - latest
+sources: https://github.com/nextcloud/all-in-one/tree/main/helm-chart
+home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart
diff --git a/helm-chart/readme.md b/helm-chart/readme.md
new file mode 100755
index 00000000..b2f5c89d
--- /dev/null
+++ b/helm-chart/readme.md
@@ -0,0 +1,3 @@
+# You can also install the AIO containers on Kubernetes using this Helm Chart
+
+This is currently beta and not ready yet.
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
new file mode 100755
index 00000000..6b23459a
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-apache
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-apache
+    spec:
+      containers:
+        - env:
+            - name: APACHE_MAX_SIZE
+              value: "{{ .Values.APACHE_MAX_SIZE }}"
+            - name: APACHE_MAX_TIME
+              value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
+            - name: APACHE_PORT
+              value: "{{ .Values.APACHE_PORT }}"
+            - name: COLLABORA_HOST
+              value: nextcloud-aio-collabora
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: NEXTCLOUD_HOST
+              value: nextcloud-aio-nextcloud
+            - name: ONLYOFFICE_HOST
+              value: nextcloud-aio-onlyoffice
+            - name: TALK_HOST
+              value: nextcloud-aio-talk
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-apache:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-apache
+          ports:
+            - containerPort: {{ .Values.APACHE_PORT }}
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: nextcloud-aio-nextcloud
+              readOnly: true
+            - mountPath: /mnt/data
+              name: nextcloud-aio-apache
+      volumes:
+        - name: nextcloud-aio-nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud
+            readOnly: true
+        - name: nextcloud-aio-apache
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-apache
diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..fc6d1b65
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-apache-service.yaml b/helm-chart/templates/nextcloud-aio-apache-service.yaml
new file mode 100755
index 00000000..22ed8269
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  ports:
+    - name: "{{ .Values.APACHE_PORT }}"
+      port: {{ .Values.APACHE_PORT }}
+      targetPort: {{ .Values.APACHE_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-apache
+status:
+  loadBalancer: {}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
new file mode 100755
index 00000000..7de199da
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -0,0 +1,40 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-clamav
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-clamav
+    spec:
+      containers:
+        - env:
+            - name: CLAMD_STARTUP_TIMEOUT
+              value: "90"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-clamav:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-clamav
+          volumeMounts:
+            - mountPath: /var/lib/clamav
+              name: nextcloud-aio-clamav
+      volumes:
+        - name: nextcloud-aio-clamav
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-clamav
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..776901fb
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
new file mode 100755
index 00000000..2f83b739
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -0,0 +1,44 @@
+{{- if eq .Values.COLLABORA_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-collabora
+  name: nextcloud-aio-collabora
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-collabora
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-collabora
+    spec:
+      containers:
+        - env:
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: aliasgroup1
+              value: https://{{ .Values.NC_DOMAIN }}:443
+            - name: dictionaries
+              value: "{{ .Values.COLLABORA_DICTIONARIES }}"
+            - name: extra_params
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+          image: nextcloud/aio-collabora:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-collabora
+          volumeMounts:
+            - mountPath: /opt/cool/systemplate/tmpfonts
+              name: nextcloud-aio-collabora-fonts
+      volumes:
+        - name: nextcloud-aio-collabora-fonts
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-collabora-fonts
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..099998a4
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-collabora-fonts
+  name: nextcloud-aio-collabora-fonts
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
new file mode 100755
index 00000000..b5bae70e
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-database
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-database
+    spec:
+      containers:
+        - env:
+            - name: PGTZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-postgresql:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-database
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: nextcloud-aio-database
+            - mountPath: /mnt/data
+              name: nextcloud-aio-database-dump
+      terminationGracePeriodSeconds: 1800
+      volumes:
+        - name: nextcloud-aio-database
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-database
+        - name: nextcloud-aio-database-dump
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-database-dump
diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..5b5d61b2
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-database-dump
+  name: nextcloud-aio-database-dump
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..71a78ad6
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..ec2ecbce
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-elasticsearch
+  name: nextcloud-aio-elasticsearch
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
new file mode 100755
index 00000000..33408159
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -0,0 +1,42 @@
+{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+  name: nextcloud-aio-fulltextsearch
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-fulltextsearch
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-fulltextsearch
+    spec:
+      containers:
+        - env:
+            - name: ES_JAVA_OPTS
+              value: -Xms1024M -Xmx1024M
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: discovery.type
+              value: single-node
+          image: nextcloud/aio-fulltextsearch:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-fulltextsearch
+          volumeMounts:
+            - mountPath: /usr/share/elasticsearch/data
+              name: nextcloud-aio-elasticsearch
+      volumes:
+        - name: nextcloud-aio-elasticsearch
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-elasticsearch
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
new file mode 100755
index 00000000..e6b90ac7
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -0,0 +1,31 @@
+{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-imaginary
+  name: nextcloud-aio-imaginary
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-imaginary
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-imaginary
+    spec:
+      containers:
+        - env:
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-imaginary:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-imaginary
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/helm-chart/templates/nextcloud-aio-networkpolicy.yaml
new file mode 100755
index 00000000..6f63b3c0
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: nextcloud-aio
+spec:
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              io.kompose.network/nextcloud-aio: "true"
+  podSelector:
+    matchLabels:
+      io.kompose.network/nextcloud-aio: "true"
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..a3e65b4f
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud-data
+  name: nextcloud-aio-nextcloud-data
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
new file mode 100755
index 00000000..72483cfe
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-nextcloud
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-nextcloud
+    spec:
+      containers:
+        - env:
+            - name: ADDITIONAL_APKS
+              value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
+            - name: ADDITIONAL_PHP_EXTENSIONS
+              value: "{{ .Values.NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS }}"
+            - name: ADMIN_PASSWORD
+              value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
+            - name: ADMIN_USER
+              value: admin
+            - name: AIO_TOKEN
+              value: "{{ .Values.AIO_TOKEN }}"
+            - name: AIO_URL
+              value: "{{ .Values.AIO_URL }}"
+            - name: CLAMAV_ENABLED
+              value: "{{ .Values.CLAMAV_ENABLED }}"
+            - name: CLAMAV_HOST
+              value: nextcloud-aio-clamav
+            - name: COLLABORA_ENABLED
+              value: "{{ .Values.COLLABORA_ENABLED }}"
+            - name: COLLABORA_HOST
+              value: nextcloud-aio-collabora
+            - name: FULLTEXTSEARCH_ENABLED
+              value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
+            - name: FULLTEXTSEARCH_HOST
+              value: nextcloud-aio-fulltextsearch
+            - name: IMAGINARY_ENABLED
+              value: "{{ .Values.IMAGINARY_ENABLED }}"
+            - name: IMAGINARY_HOST
+              value: nextcloud-aio-imaginary
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: NEXTCLOUD_DATA_DIR
+              value: /mnt/ncdata
+            - name: NEXTCLOUD_MOUNT
+              value: "{{ .Values.NEXTCLOUD_MOUNT }}"
+            - name: ONLYOFFICE_ENABLED
+              value: "{{ .Values.ONLYOFFICE_ENABLED }}"
+            - name: ONLYOFFICE_HOST
+              value: nextcloud-aio-onlyoffice
+            - name: ONLYOFFICE_SECRET
+              value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: OVERWRITEHOST
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: OVERWRITEPROTOCOL
+              value: https
+            - name: PHP_MAX_TIME
+              value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
+            - name: PHP_MEMORY_LIMIT
+              value: "{{ .Values.NEXTCLOUD_MEMORY_LIMIT }}"
+            - name: PHP_UPLOAD_LIMIT
+              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: REDIS_HOST
+              value: nextcloud-aio-redis
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: SIGNALING_SECRET
+              value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: STARTUP_APPS
+              value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
+            - name: TALK_ENABLED
+              value: "{{ .Values.TALK_ENABLED }}"
+            - name: TALK_PORT
+              value: "{{ .Values.TALK_PORT }}"
+            - name: TRUSTED_CACERTS_DIR
+              value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}"
+            - name: TURN_SECRET
+              value: "{{ .Values.TURN_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: UPDATE_NEXTCLOUD_APPS
+              value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
+          image: nextcloud/aio-nextcloud:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-nextcloud
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: nextcloud-aio-nextcloud
+            - mountPath: /mnt/ncdata
+              name: nextcloud-aio-nextcloud-data
+            - mountPath: /mnt/
+              name: nextcloud-aio-nextcloud-mount
+            - mountPath: /usr/local/share/ca-certificates
+              name: nextcloud-aio-nextcloud-trusted-cacerts
+              readOnly: true
+      volumes:
+        - name: nextcloud-aio-nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud
+        - name: nextcloud-aio-nextcloud-data
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud-data
+        - name: nextcloud-aio-nextcloud-mount
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud-mount
+        - name: nextcloud-aio-nextcloud-trusted-cacerts
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud-trusted-cacerts
+            readOnly: true
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..ced4114b
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud-mount
+  name: nextcloud-aio-nextcloud-mount
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..b047dc5a
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..6a46650c
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
+  name: nextcloud-aio-nextcloud-trusted-cacerts
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
new file mode 100755
index 00000000..1da2dbb7
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -0,0 +1,44 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-onlyoffice
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-onlyoffice
+    spec:
+      containers:
+        - env:
+            - name: JWT_ENABLED
+              value: "true"
+            - name: JWT_HEADER
+              value: AuthorizationJwt
+            - name: JWT_SECRET
+              value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-onlyoffice:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-onlyoffice
+          volumeMounts:
+            - mountPath: /var/lib/onlyoffice
+              name: nextcloud-aio-onlyoffice
+      volumes:
+        - name: nextcloud-aio-onlyoffice
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-onlyoffice
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..90916696
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
new file mode 100755
index 00000000..0dc84638
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-redis
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-redis
+    spec:
+      containers:
+        - env:
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-redis:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-redis
+          volumeMounts:
+            - mountPath: /data
+              name: nextcloud-aio-redis
+      volumes:
+        - name: nextcloud-aio-redis
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-redis
diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..fd7af042
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.MAX_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
new file mode 100755
index 00000000..29d078c8
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -0,0 +1,45 @@
+{{- if eq .Values.TALK_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-talk
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.27.0 (b0ed6a2c9)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-talk
+    spec:
+      containers:
+        - env:
+            - name: JANUS_API_KEY
+              value: "{{ .Values.JANUS_API_KEY }}"
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: SIGNALING_SECRET
+              value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: TALK_PORT
+              value: "{{ .Values.TALK_PORT }}"
+            - name: TURN_SECRET
+              value: "{{ .Values.TURN_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-talk:20221229_091124-{{ .Values.IMAGE_TAG }}
+          name: nextcloud-aio-talk
+          ports:
+            - containerPort: {{ .Values.TALK_PORT }}
+            - containerPort: {{ .Values.TALK_PORT }}
+              protocol: UDP
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-talk-service.yaml b/helm-chart/templates/nextcloud-aio-talk-service.yaml
new file mode 100755
index 00000000..a9588e4e
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -0,0 +1,24 @@
+{{- if eq .Values.TALK_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.27.0 (b0ed6a2c9)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk
+spec:
+  ports:
+    - name: "{{ .Values.TALK_PORT }}"
+      port: {{ .Values.TALK_PORT }}
+      targetPort: {{ .Values.TALK_PORT }}
+    - name: {{ .Values.TALK_PORT }}-udp
+      port: {{ .Values.TALK_PORT }}
+      protocol: UDP
+      targetPort: {{ .Values.TALK_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-talk
+status:
+  loadBalancer: {}
+{{- end }}
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
new file mode 100755
index 00000000..8268bbde
--- /dev/null
+++ b/helm-chart/update-helm.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+DOCKER_TAG="$1"
+
+# Clean
+rm -f ./helm-chart/values.yaml
+rm -rf ./helm-chart/templates
+
+# Install kompose
+LATEST_KOMPOSE="$(git ls-remote --tags https://github.com/kubernetes/kompose.git | cut -d/ -f3 | grep -viE -- 'rc|b' | sort -V | tail -1)"
+curl -L https://github.com/kubernetes/kompose/releases/download/"$LATEST_KOMPOSE"/kompose-linux-amd64 -o kompose
+chmod +x kompose
+sudo mv ./kompose /usr/local/bin/kompose
+
+set -ex
+
+# Conversion of docker-compose
+cd manual-install
+cp latest.yml latest.yml.backup
+cp sample.conf /tmp/
+sed -i 's|^|export |' /tmp/sample.conf
+# shellcheck disable=SC1091
+source /tmp/sample.conf
+rm /tmp/sample.conf
+sed -i "s|\${IMAGE_TAG}|$DOCKER_TAG\${IMAGE_TAG}|" latest.yml
+sed -i "s|\${APACHE_IP_BINDING}|$APACHE_IP_BINDING|" latest.yml
+sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
+sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
+sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
+sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
+sed -i "s|\${NEXTCLOUD_MOUNT}:\${NEXTCLOUD_MOUNT}:|nextcloud_aio_nextcloud_mount:$NEXTCLOUD_MOUNT:|" latest.yml
+sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
+sed -i 's|\${|{{ .Values.|g' latest.yml
+sed -i 's|}| }}|g' latest.yml
+sed -i '/profiles: /d' latest.yml
+cat latest.yml
+kompose convert -c -f latest.yml
+cd latest
+
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: {{ .Values.MAX_STORAGE_SIZE }}|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteMany|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ storageClassName: {{ .Values.STORAGE_CLASS }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*apache*' -exec sed -i "s|$APACHE_IP_BINDING|{{ .Values.APACHE_IP_BINDING }}|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/strategy:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
+
+cd ../
+mkdir -p ../helm-chart/
+rm latest/Chart.yaml
+rm latest/README.md
+mv latest/* ../helm-chart/
+rm -r latest
+rm latest.yml
+mv latest.yml.backup latest.yml
+
+# Get version of AIO
+AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
+sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
+
+# Conversion of sample.conf
+cp sample.conf /tmp/
+sed -i "/^APACHE_IP_BINDING/d" /tmp/sample.conf
+sed -i 's|"||g' /tmp/sample.conf
+sed -i 's|=|: |' /tmp/sample.conf
+sed -i 's|= |: |' /tmp/sample.conf
+sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
+sed -i 's|^NEXTCLOUD_MOUNT: .*|NEXTCLOUD_MOUNT:        # Setting this to any value allows to enable external storages in Nextcloud|' /tmp/sample.conf
+sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
+echo 'MAX_STORAGE_SIZE: 10Gi        # You can adjust the max storage that each volume can use with this value' >> /tmp/sample.conf
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
+mv /tmp/sample.conf ../helm-chart/values.yaml
+
+ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
+mapfile -t ENABLED_VARIABLES <<< "$ENABLED_VARIABLES"
+
+cd ../helm-chart/
+for variable in "${ENABLED_VARIABLES[@]}"; do
+    name="$(echo "$variable" | sed 's|_ENABLED||g' | tr '[:upper:]' '[:lower:]')"
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+done
+
+chmod 777 -R ./
+
+set +ex
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
new file mode 100755
index 00000000..5ec3fcdf
--- /dev/null
+++ b/helm-chart/values.yaml
@@ -0,0 +1,34 @@
+IMAGE_TAG: latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
+AIO_TOKEN: 123456          # Has no function but needs to be set!
+AIO_URL: localhost          # Has no function but needs to be set!
+APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
+CLAMAV_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
+COLLABORA_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
+DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
+NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
+NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
+NEXTCLOUD_MOUNT:        # Setting this to any value allows to enable external storages in Nextcloud
+NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
+NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
+ONLYOFFICE_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+TALK_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
+TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET:           # TODO! This needs to be a unique and good password!
+UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+MAX_STORAGE_SIZE: 10Gi        # You can adjust the max storage that each volume can use with this value
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes

From 2a151b71faba759d46efb946ffe602fa39e38ee3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Jan 2023 16:57:56 +0000
Subject: [PATCH 0349/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.1.13-apache-bullseye to 8.1.14-apache-bullseye.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index a83454e0..19535adb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.1.13-apache-bullseye
+FROM php:8.1.14-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

From 16f5a30784d5374fb3d0d2b595431be4ea6cc2f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Jan 2023 16:58:07 +0000
Subject: [PATCH 0350/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.26-fpm-alpine3.16 to 8.0.27-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 881ee0c6..2f9fbffb 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.26-fpm-alpine3.16
+FROM php:8.0.27-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From f85b4c5f2d13b08711407f6d2fe76b7b8656c39b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 7 Jan 2023 16:21:34 +0100
Subject: [PATCH 0351/3949] how to use github is not needed for AIO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md      | 9 ---------
 .github/ISSUE_TEMPLATE/Feature_request.md | 6 ------
 2 files changed, 15 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 4bfd4605..89bad2be 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -4,19 +4,10 @@ about: Help us improving by reporting a bug
 labels: bug, 0. Needs triage
 ---
 
-<!--- Please keep this note for other contributors -->
-### How to use GitHub
-
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
-
-
 <!---
 For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
 --->
 
-
 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
 1.
diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md
index c7d8f285..e60db836 100644
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -4,12 +4,6 @@ about: Suggest an enhancement of an existing feature/documentation - for other t
 labels: enhancement, 0. Needs triage
 ---
 
-<!--- Please keep this note for other contributors -->
-### How to use GitHub
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
-
 <!--- Please fill out the whole template below -->
 ### Is your feature request related to a problem? Please describe. 
 <!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->

From 910b72e4c08363033a967dbb66c1f824877d1077 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 7 Jan 2023 16:23:05 +0100
Subject: [PATCH 0352/3949] improve wording of bugreport template

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 89bad2be..227e6677 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -5,7 +5,7 @@ labels: bug, 0. Needs triage
 ---
 
 <!---
-For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
+For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
 --->
 
 <!--- Please fill out the whole template below -->

From 3738f645a4821c735bdb133d1754a49ec7f931a5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 7 Jan 2023 20:15:53 +0100
Subject: [PATCH 0353/3949] Add hint about Cloudflare Rocket Loader and Rename
 Cloudflare Argo Tunnel to Cloudflare Tunnel

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 local-instance.md |  2 +-
 readme.md         |  6 +++---
 reverse-proxy.md  | 10 ++++++----
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index 35f6d827..b4864af6 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -13,7 +13,7 @@ The recommended way is the following:
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
 ## 3. Use Cloudflare
-If you do not have any contol over the network, you may think about using Cloudflare Argo Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-argo-tunnel how to set this up.
+If you do not have any contol over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
 ## 4. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
diff --git a/readme.md b/readme.md
index d051c75b..fae72780 100644
--- a/readme.md
+++ b/readme.md
@@ -127,8 +127,8 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ### How to run AIO with Portainer?
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 
-### How to run Nextcloud behind a Cloudflare Argo Tunnel?
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Argo Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Argo Tunnel.
+### How to run Nextcloud behind a Cloudflare Tunnel?
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).
@@ -143,7 +143,7 @@ No and they will not be. If you want to run it locally, without opening Nextclou
 No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
 
 ### Are other ports than then default 443 for Nextcloud supported?
-No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Argo Tunnel.
+No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 475345a3..b3a057f5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -124,16 +124,18 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
-### Cloudflare Argo Tunnel
+### Cloudflare Tunnel
 
 <details>
 
 <summary>click here to expand</summary>
 
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Argo Tunnel works like a reverse proxy. Here is how to make it work:
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
-1. Install the Cloudflare Argo Tunnel on the same machine where AIO will be running on and point the Argo Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Argo Tunnel is running on a different machine, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Argo Tunnel). So you need to ensure yourself that you've configured everything correctly.
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
+
+**Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 
 </details>
 

From 16c5f601f2f68ecb08bcfab097941fac74812886 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Jan 2023 00:30:06 +0100
Subject: [PATCH 0354/3949] fix to position of the log-out button

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/style.css          | 4 ++++
 php/templates/containers.twig | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 3c619b24..08cb9e41 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -23,6 +23,10 @@ a {
     outline: none;
 }
 
+#logout {
+    margin-top: 7px;
+}
+
 summary {
     cursor: pointer;
 }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a63babea..d6293083 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -11,7 +11,7 @@
         <form method="POST" action="/api/auth/logout">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input class="button" type="submit" value="Log out" />
+            <input class="button" type="submit" id="logout" value="Log out" />
         </form>
     </header>
 

From 7d926de2a18bfc4e803158035814ced51af39047 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Jan 2023 12:32:33 +0100
Subject: [PATCH 0355/3949] fix the apps not getting enabled on migration

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 02bef12a..44d6c05c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -406,7 +406,7 @@ fi
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push
-elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; then
+elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ]; then
     php /var/www/html/occ app:enable notify_push
 elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
@@ -419,7 +419,7 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:install richdocuments
-    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable richdocuments
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update richdocuments
@@ -479,7 +479,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     done
     if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
         php /var/www/html/occ app:install onlyoffice
-    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable onlyoffice
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update onlyoffice
@@ -498,7 +498,7 @@ fi
 if [ "$TALK_ENABLED" = 'yes' ]; then
     if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
         php /var/www/html/occ app:install spreed
-    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable spreed
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update spreed
@@ -528,7 +528,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
     done
     if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
         php /var/www/html/occ app:install files_antivirus
-    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable files_antivirus
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update files_antivirus
@@ -564,21 +564,21 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     done
     if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
         php /var/www/html/occ app:install fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable fulltextsearch
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update fulltextsearch
     fi    
     if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
         php /var/www/html/occ app:install fulltextsearch_elasticsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable fulltextsearch_elasticsearch
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update fulltextsearch_elasticsearch
     fi    
     if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
         php /var/www/html/occ app:install files_fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable files_fulltextsearch
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update files_fulltextsearch

From 29b7515c65698b8fa43dec00520e9b43e7386d4f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 7 Jan 2023 16:14:25 +0100
Subject: [PATCH 0356/3949] allow to make fulltextsearch:index issues easier to
 debug

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 02bef12a..0e1b1376 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -592,10 +592,11 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         echo "Waiting 10s before activating FTS..."
         sleep 10
         echo "Activating fulltextsearch..."
-        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
+        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
             touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
         else
             echo "Fulltextsearch failed. Could not index."
+            echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
         fi
     fi
 else

From 7b567d5231ac272b0a67d0fa4dcd0621a422b7d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Jan 2023 12:05:37 +0000
Subject: [PATCH 0357/3949] Bump alpine from 3.16.3 to 3.17.1 in
 /Containers/watchtower

Bumps alpine from 3.16.3 to 3.17.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ade549bc..4abe572f 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.1 as watchtower
 
-FROM alpine:3.16.3
+FROM alpine:3.17.1
 
 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /

From 05761ce5e8a2ec012b3c6ad821fe403515173e8c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Jan 2023 12:05:39 +0000
Subject: [PATCH 0358/3949] Bump alpine from 3.16.3 to 3.17.1 in
 /Containers/domaincheck

Bumps alpine from 3.16.3 to 3.17.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index ce1403f3..53f89ed6 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16.3
+FROM alpine:3.17.1
 RUN apk add --update --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data

From 1639e053383844ed6e7bcd15d1157a7d2a0db8ad Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 10 Jan 2023 17:25:40 +0100
Subject: [PATCH 0359/3949] add note to resolver in nginx reverse proxy docs

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 475345a3..6c26cea3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -257,8 +257,8 @@ server {
     server_name <your-nc-domain>;
 
     location / {
-        resolver localhost;
-        proxy_pass http://localhost:11000$request_uri;
+        resolver localhost; # Note: you need to set a valid dns resolver here or use 127.0.0.1 / [::1] instead of localhost in the line below. See https://stackoverflow.com/a/49642310 for a better explanation
+        proxy_pass http://localhost:11000$request_uri; # Note: you need to change localhost to 127.0.0.1 / [::1], if you don't use a valid dns resolver in the line above
 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;

From 4ea03db32e96cc7974b35f93e8f750ec4802708e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 11 Jan 2023 06:02:46 +0100
Subject: [PATCH 0360/3949] Update reverse-proxy.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 6c26cea3..8e5e57bb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -258,7 +258,7 @@ server {
 
     location / {
         resolver localhost; # Note: you need to set a valid dns resolver here or use 127.0.0.1 / [::1] instead of localhost in the line below. See https://stackoverflow.com/a/49642310 for a better explanation
-        proxy_pass http://localhost:11000$request_uri; # Note: you need to change localhost to 127.0.0.1 / [::1], if you don't use a valid dns resolver in the line above
+        proxy_pass http://localhost:11000$request_uri; # Note: you need to change localhost to 127.0.0.1 or [::1], if you don't use a valid dns resolver in the line above
 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;

From 35db5d246740843f55fd3f182a1d3d65fa3ba69b Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Wed, 11 Jan 2023 10:11:09 +0100
Subject: [PATCH 0361/3949] Fix the middleware name in the Traefik doc

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8e5e57bb..be86f272 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -362,7 +362,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
             entryPoints = ["https"]
             rule = "Host(<your-nc-domain>)"
             service = "nc-svc"
-            middlewares = ["chain-no-auth"]
+            middlewares = ["chain-nc"]
             [http.routers.nc-rtr.tls]
                 certresolver = "le"
 

From e0ed1ee554a115ec58a3be68cf39fecbfeffac9e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jan 2023 12:10:19 +0000
Subject: [PATCH 0362/3949] Bump debian in /Containers/borgbackup

Bumps debian from bullseye-20221219-slim to bullseye-20230109-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index a1e5c260..3feb7530 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221219-slim
+FROM debian:bullseye-20230109-slim
 
 RUN set -ex; \
     \

From c843f2a59ae5daf34bf5d0efa213e502ec762258 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jan 2023 12:10:19 +0000
Subject: [PATCH 0363/3949] Bump debian in /Containers/apache

Bumps debian from bullseye-20221219-slim to bullseye-20230109-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 83106ac5..2bd46896 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221219-slim
+FROM debian:bullseye-20230109-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

From 55047a9da78a95ad589af693328e41bf010fd877 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Wed, 11 Jan 2023 18:40:46 +0100
Subject: [PATCH 0364/3949] Remove the reference to an unknown middleware

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index be86f272..dbb41e25 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -390,7 +390,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
     ```toml
     [http.middlewares.chain-nc]
         [http.middlewares.chain-nc.chain]
-            middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"]
+            middlewares = [ "nc-middlewares-secure-headers"]
     ```
 
 ---

From 8281abec33c7db2076dbbc6cd5052e1661449e72 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 12 Jan 2023 13:59:10 +0100
Subject: [PATCH 0365/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 44d6c05c..605c2314 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -397,9 +397,7 @@ else
 fi
 
 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" = "" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
-elif [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" = "no" ]; then
+if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
     php /var/www/html/occ app:enable nextcloud-aio
 fi
 

From 6eeba9d9cbca6bea5b61949567a7a32c070b159f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 12 Jan 2023 14:15:58 +0100
Subject: [PATCH 0366/3949] the helm chart should be at 4.0.1 currently

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 916f866d..606c05ff 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.1.0
+version: 4.0.1
 apiVersion: v1
 keywords:
   - latest

From 438a8547b4dc982690d96e66c1a90d342308c454 Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Thu, 12 Jan 2023 20:16:02 +0100
Subject: [PATCH 0367/3949] redis: add hint to wiki if overcommit disabled

Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 Containers/redis/start.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index 601d736a..53284bf9 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -1,5 +1,11 @@
 #!/bin/bash
 
+# Show wiki if vm.overcommit is disabled
+if [[ $(sysctl -n vm.overcommit_memory)  != "1" ]]; then
+    echo Memory overcommit is disabled but necessary for safe operation
+    echo See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit
+fi
+
 # Run redis with a password if provided
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
     exec redis-server --requirepass "$REDIS_HOST_PASSWORD"

From af165ea5040ac7005d48fb53aff537405df493eb Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Thu, 12 Jan 2023 20:32:40 +0100
Subject: [PATCH 0368/3949] Update Containers/redis/start.sh, add quotes

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 Containers/redis/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index 53284bf9..a5446ce3 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Show wiki if vm.overcommit is disabled
-if [[ $(sysctl -n vm.overcommit_memory)  != "1" ]]; then
+if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
     echo Memory overcommit is disabled but necessary for safe operation
     echo See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit
 fi

From 0ca8a8bfbc5f8a3791225c46719dbbb651703b44 Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Thu, 12 Jan 2023 20:32:47 +0100
Subject: [PATCH 0369/3949] Update Containers/redis/start.sh, add quotes

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 Containers/redis/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index a5446ce3..3ecbe2a0 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -2,7 +2,7 @@
 
 # Show wiki if vm.overcommit is disabled
 if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
-    echo Memory overcommit is disabled but necessary for safe operation
+    echo "Memory overcommit is disabled but necessary for safe operation"
     echo See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit
 fi
 

From f7cc065ac9abc5f618d9e62136e7eedf25577d3d Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Thu, 12 Jan 2023 20:32:55 +0100
Subject: [PATCH 0370/3949] Update Containers/redis/start.sh, add quotes

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: ManOki <ManOki@users.noreply.github.com>
---
 Containers/redis/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index 3ecbe2a0..22b0eaf3 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -3,7 +3,7 @@
 # Show wiki if vm.overcommit is disabled
 if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
     echo "Memory overcommit is disabled but necessary for safe operation"
-    echo See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit
+    echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit"
 fi
 
 # Run redis with a password if provided

From afb231bc9abd9b0d8d8192565620ce06041a45be Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Thu, 12 Jan 2023 20:51:04 +0100
Subject: [PATCH 0371/3949] Migrate deprecated sslRedirect

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7112b2d3..226182a7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -382,9 +382,11 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
     [http.middlewares.nc-middlewares-secure-headers]
         [http.middlewares.nc-middlewares-secure-headers.headers]
             hostsProxyHeaders = ["X-Forwarded-Host"]
-            sslRedirect = true
             referrerPolicy = "same-origin"
             X-Robots-Tag = "none"
+    
+    [http.middlewares.https-redirect.redirectscheme]
+        scheme = "https"
     ```
 
 3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content:
@@ -392,7 +394,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
     ```toml
     [http.middlewares.chain-nc]
         [http.middlewares.chain-nc.chain]
-            middlewares = [ "nc-middlewares-secure-headers"]
+            middlewares = [ "https-redirect", "nc-middlewares-secure-headers"]
     ```
 
 ---

From a914a29c26dd8d229eecf7534a7ddba9d5fbaa4b Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Thu, 12 Jan 2023 21:00:55 +0100
Subject: [PATCH 0372/3949] Add the X-Robots-Tag to the response header

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 226182a7..dbff11c4 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -383,7 +383,8 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
         [http.middlewares.nc-middlewares-secure-headers.headers]
             hostsProxyHeaders = ["X-Forwarded-Host"]
             referrerPolicy = "same-origin"
-            X-Robots-Tag = "none"
+            [http.middlewares.nc-middlewares-secure-headers.headers.customResponseHeaders]
+                X-Robots-Tag = "none"
     
     [http.middlewares.https-redirect.redirectscheme]
         scheme = "https"

From b1f1b47b254a98d8d273667280019b60a06151aa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 12 Jan 2023 23:10:19 +0100
Subject: [PATCH 0373/3949] improve the pr message of helm-update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 32025a10..d6c8d6f2 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -26,7 +26,7 @@ jobs:
           commit-message: Helm Chart updates
           signoff: true
           title: Helm Chart updates
-          body: Automated Helm Chart updates for the yaml files. Should only be merged shortly before the next latest release.
+          body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
           labels: dependencies
           milestone: next
           branch: aio-helm-update

From 8b86294936b02b6fdbc1b46c7fe2e461ab9c16ec Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 12 Jan 2023 23:56:41 +0100
Subject: [PATCH 0374/3949] borg - substitute prefix with glob-archives

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 1126278f..c617105f 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -151,7 +151,7 @@ if [ "$BORG_MODE" = backup ]; then
 
     # Prune archives
     echo "Pruning the archives..."
-    if ! borg prune --prefix '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
         echo "Failed to prune archives!"
         exit 1
     fi
@@ -182,7 +182,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional volumes..."
-            if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
@@ -212,7 +212,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional host mounts..."
-            if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi

From a0fe0bbaeb0baa0185ffc690b92e7e4eedc42412 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Fri, 13 Jan 2023 08:58:31 +0100
Subject: [PATCH 0375/3949] Rewrite Traefik examples using yml config

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 78 +++++++++++++++++++++++++++---------------------
 1 file changed, 44 insertions(+), 34 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index dbff11c4..63430ab8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -356,51 +356,61 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
-1. Add a `nextcloud.toml` to the Treafik rules folder with the following content:
+1. Add a `nextcloud.yml` to the Treafik rules folder with the following content
 
-    ```toml
-    [http.routers]
-        [http.routers.nc-rtr]
-            entryPoints = ["https"]
-            rule = "Host(<your-nc-domain>)"
-            service = "nc-svc"
-            middlewares = ["chain-nc"]
-            [http.routers.nc-rtr.tls]
-                certresolver = "le"
-
-    [http.services]
-        [http.services.nc-svc]
-            [http.services.nc-svc.loadBalancer]
-                passHostHeader = true
-                [[http.services.nc-svc.loadBalancer.servers]]
-                    url = "http://localhost:11000"
+    ```yml
+    http:
+        routers:
+            nextcloud:
+                rule: "Host(<your-nextcloud-domain>)"
+                entrypoints:
+                    - "https"
+                service: nextcloud
+                middlewares:
+                    - nextcloud-chain
+                tls:
+                    certresolver: "le"
+        services:
+            nextcloud:
+                loadBalancer:
+                    servers:
+                        - url: "http://localhost:11000"
     ```
 
-2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content:
+2. Add to the bottom of the `middlewares.yml` file in the Treafik rules folder the following content:
 
-    ```toml
-    [http.middlewares.nc-middlewares-secure-headers]
-        [http.middlewares.nc-middlewares-secure-headers.headers]
-            hostsProxyHeaders = ["X-Forwarded-Host"]
-            referrerPolicy = "same-origin"
-            [http.middlewares.nc-middlewares-secure-headers.headers.customResponseHeaders]
-                X-Robots-Tag = "none"
-    
-    [http.middlewares.https-redirect.redirectscheme]
-        scheme = "https"
+    ```yml
+    http:
+        middlewares:
+            nextcloud-secure-headers:
+                headers:
+                    hostsProxyHeaders:
+                        - "X-Forwarded-Host"
+                    referrerPolicy: "same-origin"
+                    customResponseHeaders:
+                        X-Robots-Tag: "none"
+
+            https-redirect:
+                redirectscheme:
+                    scheme: https
     ```
 
-3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content:
+3. Add to the bottom of the `middleware-chains.yml` file in the Traefik rules folder the following content:
 
-    ```toml
-    [http.middlewares.chain-nc]
-        [http.middlewares.chain-nc.chain]
-            middlewares = [ "https-redirect", "nc-middlewares-secure-headers"]
+    ```yml
+    http:
+        middlewares:
+            nextcloud-chain:
+                chain:
+                    middlewares:
+                        # - ... (e.g. rate limiting middleware)
+                        - "https-redirect"
+                        - "nextcloud-secure-headers"
     ```
 
 ---
 
-Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nextcloud-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 

From ccfd840a06408baea5bb7afef06e53863e168ed3 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Fri, 13 Jan 2023 09:01:03 +0100
Subject: [PATCH 0376/3949] Codestyle fix

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 63430ab8..4599385f 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -370,6 +370,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
                     - nextcloud-chain
                 tls:
                     certresolver: "le"
+
         services:
             nextcloud:
                 loadBalancer:

From 065e7043ee4a8a2547e5bc6b5e90b71be3c1fdf2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 13 Jan 2023 11:55:41 +0100
Subject: [PATCH 0377/3949] add an explanation of `--sig-proxy=false`

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index fae72780..6b2782ae 100644
--- a/readme.md
+++ b/readme.md
@@ -56,6 +56,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
     <summary>Explanation of the command</summary>
 
     - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
+    - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
     - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
     - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
     - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.

From 5beb3965bf61d2cfe888259436183d02e0281243 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 13 Jan 2023 13:26:38 +0100
Subject: [PATCH 0378/3949] try to fix dependency-update workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml |  9 +++------
 php/composer.json                        | 14 +++++++-------
 php/composer.lock                        |  4 ++--
 3 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 72a0a5e7..494eb485 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,24 +11,21 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v3
-    - uses: nanasess/setup-php@master
+    - uses: shivammathur/setup-php@v2
       with:
         php-version: 8.1
         extensions: apcu
     - name: Run dependency update script
       run: |
         set -x
-        curl -sS https://getcomposer.org/installer | php
-        mv composer.phar /usr/local/bin/composer
-        chmod +x /usr/local/bin/composer
         cd ./php
         composer update
         set +e
-        ALL_LINES="$(composer outdated | grep -v "psr/container\|^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        ALL_LINES="$(composer outdated | grep -v "^$\|php-di/php-di\|psr/container\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
         set -e
         while [ -n "$ALL_LINES" ]; do
           CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')"
+          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
           ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
         done
         echo "outdated dependencies:
diff --git a/php/composer.json b/php/composer.json
index d20a4fb7..99162fdb 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,17 +5,17 @@
         }
     },
     "require": {
-        "php": "^8.1",
+        "php": "8.1.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
         "slim/slim": "4.*",
-        "php-di/slim-bridge": "^3.1",
-        "guzzlehttp/guzzle": "^7.3",
-        "guzzlehttp/psr7": "^2.1.0",
-        "http-interop/http-factory-guzzle": "^1.2",
-        "slim/twig-view": "^3.2",
-        "slim/csrf": "^1.2",
+        "php-di/slim-bridge": "3.*",
+        "guzzlehttp/guzzle": "7.*",
+        "guzzlehttp/psr7": "2.*",
+        "http-interop/http-factory-guzzle": "1.*",
+        "slim/twig-view": "3.*",
+        "slim/csrf": "1.*",
         "ext-apcu": "*"
     },
     "scripts": {
diff --git a/php/composer.lock b/php/composer.lock
index 39bcf78e..5b74bab1 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "7a318338d9e074d6f02e1fba5b3dda24",
+    "content-hash": "98f51eb5b87b52c52674f503a131269f",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1768,7 +1768,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "^8.1",
+        "php": "8.1.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

From b762104e233c64d1c256f05faa01042aeab9826c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 13 Jan 2023 15:18:46 +0100
Subject: [PATCH 0379/3949] update shellcheck version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/shellcheck.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index c85dc22f..51a51298 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@master
+      uses: ludeeus/action-shellcheck@1.1.0
       with:
         check_together: 'yes'
       env:

From c58ffa2d51285b4106b0b5761a2c3d2af31d2ece Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 13 Jan 2023 21:47:47 +0100
Subject: [PATCH 0380/3949] Add Notes on Cloudflare to readme

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 6b2782ae..6555610c 100644
--- a/readme.md
+++ b/readme.md
@@ -128,6 +128,10 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ### How to run AIO with Portainer?
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 
+### Notes on Cloudflare (proxy/tunnel)
+- Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
+- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 

From bd68ff4c86362161ff21d0a459fe25e73bccdea9 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Sat, 14 Jan 2023 10:24:01 +0100
Subject: [PATCH 0381/3949] Add hint for using a YAML to TOML converter

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4599385f..988c6862 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -355,6 +355,8 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 <summary>click here to expand</summary>
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+    
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter. 
 
 1. Add a `nextcloud.yml` to the Treafik rules folder with the following content
 

From 9d60d06693ef5ea9784e3b69580a8b62c80485d6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 14 Jan 2023 13:30:59 +0100
Subject: [PATCH 0382/3949] add a hint that NEXTCLOUD_DATADIR needs to be
 specified before the first starutp

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6b2782ae..05b30249 100644
--- a/readme.md
+++ b/readme.md
@@ -65,7 +65,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
     - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
-    - Further options can be set using environment variables, for example `--env TALK_PORT=3478`. To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    - Further options can be set using environment variables, for example `-e NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
 
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>

From ca685e4de2fb0528fbfe5a33553f03ac309141d2 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Jan 2023 22:00:36 +0100
Subject: [PATCH 0383/3949] add suggestion

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6555610c..b0681a86 100644
--- a/readme.md
+++ b/readme.md
@@ -131,7 +131,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 ### Notes on Cloudflare (proxy/tunnel)
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
-
+- It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 

From d47f1bc403432af90c61e9a831e948b789de3a1d Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Jan 2023 22:00:59 +0100
Subject: [PATCH 0384/3949] Update readme.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index b0681a86..2ff9711e 100644
--- a/readme.md
+++ b/readme.md
@@ -132,6 +132,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
+
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 

From 7b8476ed540ec536a963e580ca9f7b8fbace89e5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 15 Jan 2023 12:13:38 +0000
Subject: [PATCH 0385/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 102 ++++++++++++++--------------------------------
 1 file changed, 31 insertions(+), 71 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 5b74bab1..59914971 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -562,39 +562,36 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "6.4.0",
+            "version": "7.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "ae0f1b3b03d8b29dff81747063cbfd6276246cc4"
+                "reference": "1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/ae0f1b3b03d8b29dff81747063cbfd6276246cc4",
-                "reference": "ae0f1b3b03d8b29dff81747063cbfd6276246cc4",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a",
+                "reference": "1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a",
                 "shasum": ""
             },
             "require": {
                 "laravel/serializable-closure": "^1.0",
-                "php": ">=7.4.0",
+                "php": ">=8.0",
                 "php-di/invoker": "^2.0",
-                "php-di/phpdoc-reader": "^2.0.1",
-                "psr/container": "^1.0"
+                "psr/container": "^1.1 || ^2.0"
             },
             "provide": {
                 "psr/container-implementation": "^1.0"
             },
             "require-dev": {
-                "doctrine/annotations": "~1.10",
-                "friendsofphp/php-cs-fixer": "^2.4",
-                "mnapoli/phpunit-easymock": "^1.2",
+                "friendsofphp/php-cs-fixer": "^3",
+                "mnapoli/phpunit-easymock": "^1.3",
                 "ocramius/proxy-manager": "^2.11.2",
-                "phpstan/phpstan": "^0.12",
-                "phpunit/phpunit": "^9.5"
+                "phpunit/phpunit": "^9.5",
+                "vimeo/psalm": "^4.6"
             },
             "suggest": {
-                "doctrine/annotations": "Install it if you want to use annotations (version ~1.2)",
-                "ocramius/proxy-manager": "Install it if you want to use lazy injection (version ~2.0)"
+                "ocramius/proxy-manager": "Install it if you want to use lazy injection (version ^2.3)"
             },
             "type": "library",
             "autoload": {
@@ -622,7 +619,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/6.4.0"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.1"
             },
             "funding": [
                 {
@@ -634,68 +631,26 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-04-09T16:46:38+00:00"
-        },
-        {
-            "name": "php-di/phpdoc-reader",
-            "version": "2.2.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/PHP-DI/PhpDocReader.git",
-                "reference": "66daff34cbd2627740ffec9469ffbac9f8c8185c"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PhpDocReader/zipball/66daff34cbd2627740ffec9469ffbac9f8c8185c",
-                "reference": "66daff34cbd2627740ffec9469ffbac9f8c8185c",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=7.2.0"
-            },
-            "require-dev": {
-                "mnapoli/hard-mode": "~0.3.0",
-                "phpunit/phpunit": "^8.5|^9.0"
-            },
-            "type": "library",
-            "autoload": {
-                "psr-4": {
-                    "PhpDocReader\\": "src/PhpDocReader"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "description": "PhpDocReader parses @var and @param values in PHP docblocks (supports namespaced class names with the same resolution rules as PHP)",
-            "keywords": [
-                "phpdoc",
-                "reflection"
-            ],
-            "support": {
-                "issues": "https://github.com/PHP-DI/PhpDocReader/issues",
-                "source": "https://github.com/PHP-DI/PhpDocReader/tree/2.2.1"
-            },
-            "time": "2020-10-12T12:39:22+00:00"
+            "time": "2023-01-13T22:30:45+00:00"
         },
         {
             "name": "php-di/slim-bridge",
-            "version": "3.2.0",
+            "version": "3.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Slim-Bridge.git",
-                "reference": "1644a2f31079e92a14cebbf90c7f71ebcbe39ee6"
+                "reference": "9374b67ebf2f135b32c34907b7891b02b935d845"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/1644a2f31079e92a14cebbf90c7f71ebcbe39ee6",
-                "reference": "1644a2f31079e92a14cebbf90c7f71ebcbe39ee6",
+                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/9374b67ebf2f135b32c34907b7891b02b935d845",
+                "reference": "9374b67ebf2f135b32c34907b7891b02b935d845",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.1 || ^8.0",
                 "php-di/invoker": "^2.0.0",
-                "php-di/php-di": "^6.0.0",
+                "php-di/php-di": "^6.0|^7.0",
                 "slim/slim": "^4.2.0"
             },
             "require-dev": {
@@ -715,28 +670,33 @@
             "description": "PHP-DI integration in Slim",
             "support": {
                 "issues": "https://github.com/PHP-DI/Slim-Bridge/issues",
-                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.2.0"
+                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.3.0"
             },
-            "time": "2021-11-01T16:14:12+00:00"
+            "time": "2023-01-13T15:49:44+00:00"
         },
         {
             "name": "psr/container",
-            "version": "1.1.2",
+            "version": "2.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/container.git",
-                "reference": "513e0666f7216c7459170d56df27dfcefe1689ea"
+                "reference": "c71ecc56dfe541dbd90c5360474fbc405f8d5963"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/container/zipball/513e0666f7216c7459170d56df27dfcefe1689ea",
-                "reference": "513e0666f7216c7459170d56df27dfcefe1689ea",
+                "url": "https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963",
+                "reference": "c71ecc56dfe541dbd90c5360474fbc405f8d5963",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.4.0"
             },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.0.x-dev"
+                }
+            },
             "autoload": {
                 "psr-4": {
                     "Psr\\Container\\": "src/"
@@ -763,9 +723,9 @@
             ],
             "support": {
                 "issues": "https://github.com/php-fig/container/issues",
-                "source": "https://github.com/php-fig/container/tree/1.1.2"
+                "source": "https://github.com/php-fig/container/tree/2.0.2"
             },
-            "time": "2021-11-05T16:50:12+00:00"
+            "time": "2021-11-05T16:47:00+00:00"
         },
         {
             "name": "psr/http-client",

From c2f3a26be06cab8ce2526d391ff59a3d2473940e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 14:40:17 +0100
Subject: [PATCH 0386/3949] add cloudflare notes to bug-report template

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 227e6677..aa59a209 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -5,7 +5,8 @@ labels: bug, 0. Needs triage
 ---
 
 <!---
-For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
+- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
+- If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
 --->
 
 <!--- Please fill out the whole template below -->

From 8560570ef9e645eaa2660217478f0f2745dc0024 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 15:03:26 +0100
Subject: [PATCH 0387/3949] change instructions on how to install docker

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/readme.md b/readme.md
index b4738b16..929f71d4 100644
--- a/readme.md
+++ b/readme.md
@@ -13,10 +13,7 @@ Included are:
 
 ## How to use this?
 The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows).
-1. Install Docker on your Linux installation using:
-    ```
-    curl -fsSL get.docker.com | sudo sh
-    ```
+1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script** (`curl -fsSL get.docker.com | sudo sh`).
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
     (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)

From 2e70efc61023b1341185a96a8bf0f90063db03f0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 15:08:00 +0100
Subject: [PATCH 0388/3949] make more verbose that reverse proxy setup is
 different

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index 929f71d4..d8de4796 100644
--- a/readme.md
+++ b/readme.md
@@ -12,13 +12,13 @@ Included are:
 - Fulltextsearch
 
 ## How to use this?
-The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows).
+The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script** (`curl -fsSL get.docker.com | sudo sh`).
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
     (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
     ```
-    # For x64 CPUs:
+    # For x64 CPUs and without reverse proxy already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
@@ -34,7 +34,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
     <summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
 
     ```
-    # For arm64 CPUs:
+    # For arm64 CPUs and without reverse proxy already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \

From c7b5c346aa5cca56fd2c24c224f948eb51fbf536 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 17:46:38 +0100
Subject: [PATCH 0389/3949] exclusion of some dependencies is not needed
 anymore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 494eb485..e47c36f3 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -21,7 +21,7 @@ jobs:
         cd ./php
         composer update
         set +e
-        ALL_LINES="$(composer outdated | grep -v "^$\|php-di/php-di\|psr/container\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
         set -e
         while [ -n "$ALL_LINES" ]; do
           CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"

From 1e6e01b8a5544578fbe8d80f55ca6d432f4da259 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 14:26:15 +0100
Subject: [PATCH 0390/3949] update redis to v7

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: Zoey <zoey@z0ey.de>
---
 Containers/redis/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 41081bff..137d928b 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
-# From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.8-alpine
+# From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
+FROM redis:7.0.7-alpine
 
 RUN apk add --update --no-cache openssl bash
 

From de3ec19221939436d98dbbfc28089d51a8da69f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 18:22:31 +0100
Subject: [PATCH 0391/3949] alpine - remove the update arg

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile      | 2 +-
 Containers/domaincheck/Dockerfile | 2 +-
 Containers/postgresql/Dockerfile  | 2 +-
 Containers/redis/Dockerfile       | 2 +-
 Containers/watchtower/Dockerfile  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e5d65b65..e3a42e81 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
 FROM clamav/clamav:0.105.1-7
 
-RUN apk add --update --no-cache tzdata
+RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 53f89ed6..3c4dae25 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.17.1
-RUN apk add --update --no-cache lighttpd bash netcat-openbsd
+RUN apk add --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 5bd02dd7..27b4e956 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
 FROM postgres:14.6-alpine
 
-RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk
+RUN apk add --no-cache bash openssl shadow netcat-openbsd grep mawk
 
 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 137d928b..98b0f2db 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
 FROM redis:7.0.7-alpine
 
-RUN apk add --update --no-cache openssl bash
+RUN apk add --no-cache openssl bash
 
 COPY start.sh /usr/bin/
 RUN chmod +x /usr/bin/start.sh
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 4abe572f..945bb333 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -3,7 +3,7 @@ FROM containrrr/watchtower:1.5.1 as watchtower
 
 FROM alpine:3.17.1
 
-RUN apk add --update --no-cache bash
+RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /
 
 COPY start.sh /

From ab3ef06581ff68bcaf9be74d710911b359ef8f52 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Dec 2022 17:50:49 +0100
Subject: [PATCH 0392/3949] migrate borgbackup to alpine

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 3feb7530..65d39bdc 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,17 +1,14 @@
-FROM debian:bullseye-20230109-slim
+FROM alpine:3.17.1
 
 RUN set -ex; \
     \
-    echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
-    apt-get install -y --no-install-recommends \
+    apk add --no-cache \
+        bash \
+        borgbackup \
         rsync \
         fuse \
-        python3-llfuse \
-        jq \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        py3-llfuse \
+        jq
 
 VOLUME /root
 

From 8f270db5d6fdd01a8af2611ac8d96c037173e703 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 18:50:34 +0100
Subject: [PATCH 0393/3949] increase to 4.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d6293083..b3df6b69 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.1.0</h1>
+        <h1>Nextcloud AIO v4.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From fa88ec3598ffe6eade7e17597a924dbdb2be0b19 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 23:01:45 +0100
Subject: [PATCH 0394/3949] add further note about cloudflare and domain
 validation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index d8de4796..2294069b 100644
--- a/readme.md
+++ b/readme.md
@@ -126,6 +126,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 
 ### Notes on Cloudflare (proxy/tunnel)
+- It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.

From c9e2327cf201337073423c7c315927ec17622b0e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 23:06:32 +0100
Subject: [PATCH 0395/3949] cloudflare - add note about missing hsts header

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index d8de4796..a07f40af 100644
--- a/readme.md
+++ b/readme.md
@@ -129,6 +129,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
+- If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.

From bcf9e65116defab72708bd73903eaa00fb343989 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 23:12:48 +0100
Subject: [PATCH 0396/3949] cloudflare - add note about possible problems with
 cert issuing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 967411b1..f22815eb 100644
--- a/readme.md
+++ b/readme.md
@@ -131,6 +131,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
+- If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.

From 332880d90a4d6c36ddfe695b36e871148e7d51f8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 15 Jan 2023 23:30:38 +0100
Subject: [PATCH 0397/3949] cloudflare - add note about the hpb for talk

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index f22815eb..3abbfbbc 100644
--- a/readme.md
+++ b/readme.md
@@ -132,6 +132,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
+- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.

From cace2c0414c307176aeb395558def880896b9b80 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 16 Jan 2023 16:40:54 +0100
Subject: [PATCH 0398/3949] add note on sudo for windows and docker rootless

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-rootless.md | 2 ++
 readme.md          | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/docker-rootless.md b/docker-rootless.md
index 00178131..11c9c6bf 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -12,3 +12,5 @@ You can run AIO with docker rootless by following the steps below.
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+
+⚠️ **Additional note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
diff --git a/readme.md b/readme.md
index 3abbfbbc..58cf8166 100644
--- a/readme.md
+++ b/readme.md
@@ -122,6 +122,8 @@ docker volume create ^
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
+⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
+
 ### How to run AIO with Portainer?
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 

From 04466f0c42d154f8de476b051fe2f318ece8bb9d Mon Sep 17 00:00:00 2001
From: -Denux <timon.klinkert@gmail.com>
Date: Mon, 16 Jan 2023 17:05:40 +0100
Subject: [PATCH 0399/3949] added h2 window size

---
 reverse-proxy.md | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 988c6862..8420d171 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,6 +1,6 @@
 # Reverse Proxy Documentation
 
-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). 
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
 
@@ -54,6 +54,9 @@ Add this as a new Apache site config:
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1
+    
+    #Solves slow upload speeds caused by http2
+    H2WindowSize 1048576
 
     # SSL
     SSLEngine on
@@ -117,7 +120,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-    Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -255,6 +258,9 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
+    
+    #Solves slow upload speeds caused by http2
+    http2_body_preread_size 1048576;
 
     server_name <your-nc-domain>;
 
@@ -286,7 +292,7 @@ server {
 }
 
 ```
-    
+
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
@@ -355,8 +361,8 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 <summary>click here to expand</summary>
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
-    
-The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter. 
+
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
 
 1. Add a `nextcloud.yml` to the Treafik rules folder with the following content
 

From 843168fefef70ec207a3df8190f88fab670783c9 Mon Sep 17 00:00:00 2001
From: -Denux <83671398+DenuxPlays@users.noreply.github.com>
Date: Mon, 16 Jan 2023 17:15:09 +0100
Subject: [PATCH 0400/3949] Apply suggestions from code review

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: -Denux <83671398+DenuxPlays@users.noreply.github.com>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8420d171..63bf5833 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -55,7 +55,7 @@ Add this as a new Apache site config:
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1
     
-    #Solves slow upload speeds caused by http2
+    # Solves slow upload speeds caused by http2
     H2WindowSize 1048576
 
     # SSL
@@ -259,7 +259,7 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
     
-    #Solves slow upload speeds caused by http2
+    # Solves slow upload speeds caused by http2
     http2_body_preread_size 1048576;
 
     server_name <your-nc-domain>;

From 455ada94e60a27261e2dbed36234e30fc2ba4635 Mon Sep 17 00:00:00 2001
From: Adam Monsen <haircut@gmail.com>
Date: Mon, 16 Jan 2023 21:57:58 -0800
Subject: [PATCH 0401/3949] readme: clarify OS package env var

Signed-off-by: Adam Monsen <haircut@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 58cf8166..1ff6e046 100644
--- a/readme.md
+++ b/readme.md
@@ -495,7 +495,7 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
-### How to add packets permanently to the Nextcloud container?
+### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.

From b24024f4564a762113ebda2e2568b4b0431c7918 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 10:29:46 +0100
Subject: [PATCH 0402/3949] adjust links

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 2 +-
 readme.md          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c856e56a..92aac265 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,7 +29,7 @@ services:
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
diff --git a/readme.md b/readme.md
index 1ff6e046..6b10b216 100644
--- a/readme.md
+++ b/readme.md
@@ -509,7 +509,7 @@ You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extensi
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

From a09620cf53a479ef069856d5e05b162b0a06f883 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 11:13:58 +0100
Subject: [PATCH 0403/3949] update Nextcloud to 25.0.3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2f9fbffb..8ed7f80f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -114,7 +114,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.2
+ENV NEXTCLOUD_VERSION 25.0.3
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 9065e07a23043a9f1e2ae96ffeffe869724537d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Dec 2022 14:16:03 +0100
Subject: [PATCH 0404/3949] upgrade postgres to 15

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 27b4e956..df01436c 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
-# From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
-FROM postgres:14.6-alpine
+# From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
+FROM postgres:15.1-alpine
 
 RUN apk add --no-cache bash openssl shadow netcat-openbsd grep mawk
 

From 7c3ac06b497f86d18c5c05cd91077b663a514e6f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 16:19:48 +0100
Subject: [PATCH 0405/3949] add new commands

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/init-user-db.sh | 2 ++
 Containers/postgresql/start.sh        | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Containers/postgresql/init-user-db.sh b/Containers/postgresql/init-user-db.sh
index 8c1f2dc9..cfd3827a 100644
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -6,6 +6,8 @@ touch "$DUMP_DIR/initialization.failed"
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
+	GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "oc_$POSTGRES_USER";
+	GRANT ALL PRIVILEGES ON SCHEMA public TO "oc_$POSTGRES_USER";
 EOSQL
 
 rm "$DUMP_DIR/initialization.failed"
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 8774d1be..905daf96 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -110,6 +110,8 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
         psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
             CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
             ALTER DATABASE "$POSTGRES_DB" OWNER TO "$DB_OWNER";
+            GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "$DB_OWNER";
+            GRANT ALL PRIVILEGES ON SCHEMA public TO "$DB_OWNER";
 EOSQL
     fi
 

From 4c691debf5a8719e94ca3fd2b3eafcf701fc6f1e Mon Sep 17 00:00:00 2001
From: ManOki <ManOki@users.noreply.github.com>
Date: Tue, 17 Jan 2023 18:22:37 +0100
Subject: [PATCH 0406/3949] add docker cp command to prevent host file paths
 like /_data/ (#1773)

---
 Containers/borgbackup/backupscript.sh |  4 ++--
 Containers/postgresql/start.sh        |  4 ++--
 manual-upgrade.md                     |  3 ++-
 migration.md                          | 20 ++++++++++----------
 readme.md                             | 10 +++++-----
 5 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index c617105f..414b387b 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -87,8 +87,8 @@ if [ "$BORG_MODE" = backup ]; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
             echo "Cannot initialize a new repository as that was already done at least one time."
-            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
-            echo "By default it is stored here: /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config"
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
             exit 1
         fi
 
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 8774d1be..5dfbb400 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -9,8 +9,8 @@ export PGPASSWORD="$POSTGRES_PASSWORD"
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
-    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file which is by default stored here:"
-    echo "/var/lib/docker/volumes/nextcloud_aio_database_dump/_data/backup-is-running"
+    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file:"
+    echo "sudo docker exec --user root nextcloud-aio-database rm /mnt/data/backup-is-running"
     sleep 10
 done
 
diff --git a/manual-upgrade.md b/manual-upgrade.md
index cf52eb8c..8777aa04 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -6,8 +6,9 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
 1. Do **not** click on `Stop containers` because you will need them running going forward, see below
+1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+
 1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
-1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo cat /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
 1. Run the following commands in order to reverse engineer the Nextcloud container:
     ```bash
         sudo docker pull assaflavie/runlike
diff --git a/migration.md b/migration.md
index 55c1c74f..fec791c6 100644
--- a/migration.md
+++ b/migration.md
@@ -10,12 +10,12 @@ There are basically three ways how to migrate from an already existing Nextcloud
 **Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well!
 
 The procedure for migrating only the files works like this:
-1. Take a backup of your former instance (especially from your datadirectory)
+1. Take a backup of your former instance (especially from your datadirectory, see `'datadirectory'` in your `config.php`)
 1. Install Nextcloud AIO on a new server/linux installation, enter your domain and wait until all containers are running
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
+1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
+1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/"` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 
@@ -68,14 +68,14 @@ The procedure for migrating the files and the database works like this:
     1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
-    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
-    sudo cp database-dump.sql /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/
-    sudo chmod 777 /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
-    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/initial-cleanup-done
+    sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/database-dump.sql
+    sudo docker cp database-dump.sql nextcloud-aio-database:/mnt/data/
+    sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine chmod 777 /mnt/data/database-dump.sql
+    sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/initial-cleanup-done
     ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`. Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions on the datadirectory.
-1. Edit the Nextcloud AIO config.php file that is stored in `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary . Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
+1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory.
+1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
 1. As last step, install all apps again that were installed before on your old instance by using the webinterface.
 
diff --git a/readme.md b/readme.md
index 6b10b216..f487793e 100644
--- a/readme.md
+++ b/readme.md
@@ -207,7 +207,7 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 ### How to change the domain?
 **⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
-If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually that is most likely stored in `/var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/configuration.json`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
+If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
 If you are running AIO behind a reverse proxy, you need to obviously also change the domain in your reverse proxy config.
 
 ### How to properly reset the instance?
@@ -515,9 +515,9 @@ The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable ha
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
 ### Access/Edit Nextcloud files/folders manually
-The files and folders that you add to Nextcloud are by default stored in the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on the host. If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
+The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
 
-After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
+After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
 
 ### How to store the files/installation on a separate drive?
 You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
@@ -527,7 +527,7 @@ You can move the whole docker library and all its files including all Nextcloud
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo nano /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
 ### Custom skeleton directory
-If you want to define a custom skeleton directory, you can do so by putting your skeleton files into `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton/`, applying the correct permissions with `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton` and and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-links /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports))
@@ -542,7 +542,7 @@ Netdata allows you to monitor your server using a GUI. You can install it by fol
 If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name.
 
 ### phpMyAdmin, Adminer or pgAdmin
-It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo grep dbpassword /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` as the password. 
+It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. 
 
 ### Mail server
 You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features.

From e4438bffcb729a3ac0fa1b6b0d144308a73d02ab Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 19:49:55 +0100
Subject: [PATCH 0407/3949] change command for texteditor instructions as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index f487793e..abed1871 100644
--- a/readme.md
+++ b/readme.md
@@ -524,7 +524,7 @@ You can move the whole docker library and all its files including all Nextcloud
 (Of course docker needs to be installed first for this to work.)
 
 ### How to edit Nextclouds config.php file with a texteditor?
-You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo nano /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
+You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
 ### Custom skeleton directory
 If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-links /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)

From a415d710135709f7488eeef3b1578bed6478ebce Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 19:50:31 +0100
Subject: [PATCH 0408/3949] add a few more hints regarding the chosen
 NEXTCLOUD_DATADIR in migration.md

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/migration.md b/migration.md
index fec791c6..d2f1f14a 100644
--- a/migration.md
+++ b/migration.md
@@ -15,7 +15,7 @@ The procedure for migrating only the files works like this:
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
-1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/"` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions
+1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/"` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 
@@ -73,8 +73,8 @@ The procedure for migrating the files and the database works like this:
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine chmod 777 /mnt/data/database-dump.sql
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/initial-cleanup-done
     ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary . Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
-1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory.
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary. (Or if `NEXTCLOUD_DATADIR` was provided, first delete the files in there and then copy the files to the chosen path.)
+1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
 1. As last step, install all apps again that were installed before on your old instance by using the webinterface.

From 9645abcecc8b8d3c3884992c0b8856bf6d1058f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 23:22:40 +0100
Subject: [PATCH 0409/3949] change dind image to omit the alpine version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19535adb..94e2e1db 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.21-dind-alpine3.16 as dind
+FROM docker:20.10.22-dind as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

From 5d3c858064f5743e93c963afee92a0f92d6225c5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 23:23:03 +0100
Subject: [PATCH 0410/3949] Revert "change dind image to omit the alpine
 version"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 94e2e1db..19535adb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.22-dind as dind
+FROM docker:20.10.21-dind-alpine3.16 as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

From 98cf71861f891df96c224d37fe5f309d119374f4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 23:22:40 +0100
Subject: [PATCH 0411/3949] change dind image to omit the alpine version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19535adb..94e2e1db 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.21-dind-alpine3.16 as dind
+FROM docker:20.10.22-dind as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

From 0c73019092f49490bcc81ac6e77250c324dffa00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jan 2023 12:04:58 +0000
Subject: [PATCH 0412/3949] Bump redis from 7.0.7-alpine to 7.0.8-alpine in
 /Containers/redis

Bumps redis from 7.0.7-alpine to 7.0.8-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 98b0f2db..e18f59de 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.7-alpine
+FROM redis:7.0.8-alpine
 
 RUN apk add --no-cache openssl bash
 

From 7a18f865fe6fae491d91c7d369c63ed4038f87cd Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 18 Jan 2023 16:22:09 +0100
Subject: [PATCH 0413/3949] add note on strato vps

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index abed1871..d375991c 100644
--- a/readme.md
+++ b/readme.md
@@ -139,6 +139,9 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 
+### Strato Linux VPS
+Stratos VPS are not recommended for running AIO, since they crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit, their Virtualization Software does not even fully support running docker
+
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).
 

From 324edf43c1b5ae25af39c807cc2d61101f187549 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 18 Jan 2023 17:17:29 +0100
Subject: [PATCH 0414/3949] add suggestion

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d375991c..d7925ced 100644
--- a/readme.md
+++ b/readme.md
@@ -140,7 +140,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 
 ### Strato Linux VPS
-Stratos VPS are not recommended for running AIO, since they crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit, their Virtualization Software does not even fully support running docker
+Stratos VPS are not recommended for running AIO, since they crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).

From d5216d3978e5b06b5aafcc394c1cd208f1ba62d9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Jan 2023 19:48:08 +0100
Subject: [PATCH 0415/3949] update 2nd screenshot of synology RP

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 63bf5833..86fdbf91 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -348,7 +348,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/89748315/192525606-48cab54b-866e-4964-90a8-15e71bd362fb.png)
 
-![image](https://user-images.githubusercontent.com/89748315/192525681-c06f3b39-f510-458e-b1f2-6b2cd995e24c.png)
+![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 

From 3b1334324ddbc91dccaa943ee5b6ea6c1d7384cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Jan 2023 18:04:11 +0100
Subject: [PATCH 0416/3949] adjust macOS docs about DOCKER_SOCKET_PATH

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 92aac265..01b4090d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,7 +20,7 @@ services:
       # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
       # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
diff --git a/readme.md b/readme.md
index d7925ced..0c2d86d0 100644
--- a/readme.md
+++ b/readme.md
@@ -91,7 +91,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open in your firewall/router
 
 ### How to run AIO on macOS?
-On macOS, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). You also need to add `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"`to the startup command. Apart from that it should work and behave the same like on Linux.
+On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). Apart from that it should work and behave the same like on Linux.
 
 ### How to run AIO on Windows?
 On Windows, the following command should work in the command prompt after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 3f001b37..c1304c43 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -10,7 +10,7 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
-- [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
+- [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca

From e845fd24a27ba03a0bf3f8cb40f594fb8e7a115e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 19 Jan 2023 16:43:38 +0100
Subject: [PATCH 0417/3949] note on proxy_read_timeout

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 86fdbf91..4fdfbb91 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -271,6 +271,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout 3600; # set it to the same value as this env: https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
         client_max_body_size 0;
 
         # Websocket

From 77922954b46f464dc030f7a278f7f0af3b765b98 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 19 Jan 2023 17:33:35 +0100
Subject: [PATCH 0418/3949] add suggestion

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4fdfbb91..5b90a943 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -271,7 +271,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_read_timeout 3600; # set it to the same value as this env: https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+        proxy_read_timeout 86400s;
         client_max_body_size 0;
 
         # Websocket

From b50dcb669e29f74bc477a01642354dfe9abebbce Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 19 Jan 2023 20:36:29 +0100
Subject: [PATCH 0419/3949] nginx proxy docs changes

- add more proxy headers
- change client_body_buffer_size
- enable ssl_early_data

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5b90a943..8ae0b065 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -258,9 +258,6 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
-    
-    # Solves slow upload speeds caused by http2
-    http2_body_preread_size 1048576;
 
     server_name <your-nc-domain>;
 
@@ -268,9 +265,16 @@ server {
         resolver localhost; # Note: you need to set a valid dns resolver here or use 127.0.0.1 / [::1] instead of localhost in the line below. See https://stackoverflow.com/a/49642310 for a better explanation
         proxy_pass http://localhost:11000$request_uri; # Note: you need to change localhost to 127.0.0.1 or [::1], if you don't use a valid dns resolver in the line above
 
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Early-Data $ssl_early_data;
+        proxy_set_header X-Forwarded-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Accept-Encoding "";
+        proxy_set_header Host $host;
+    
+        client_body_buffer_size 512k;
         proxy_read_timeout 86400s;
         client_max_body_size 0;
 
@@ -283,6 +287,7 @@ server {
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 
+    ssl_early_data on;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;

From bcdcab4d8aab3b490a1bf8ce5eacbfffdba111b1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Jan 2023 20:04:37 +0100
Subject: [PATCH 0420/3949] clamav should never be enabled on arm64

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 68340639..87d4a7da 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -134,6 +134,10 @@ class ConfigurationManager
     }
 
     public function isClamavEnabled() : bool {
+        if (!$this->isx64Platform()) {
+            return false;
+        }
+        
         $config = $this->GetConfig();
         if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
             return true;

From ea0d70fb0fbc136eeb15bac67a4f7b15b67d3c1c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Jan 2023 15:09:54 +0100
Subject: [PATCH 0421/3949] remove gcompat again as it seems to break recognize

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8ed7f80f..2ce8061a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -210,7 +210,6 @@ RUN set -ex; \
         sudo \
         grep \
         coreutils \
-        gcompat \
         libjpeg \
         librsvg \
         libheif \

From 7080ac98329672fd5cb8e6eb2ebcbfe95a992314 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Jan 2023 15:20:46 +0100
Subject: [PATCH 0422/3949] add libpg-dev and pgsql for backup app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8ed7f80f..4a1db254 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -165,12 +165,14 @@ RUN set -ex; \
         openssl-dev \
         samba-dev \
         bzip2-dev \
+        libpq-dev \
     ; \
     \
     docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
     docker-php-ext-install \
         bz2 \
         imap \
+        pgsql \
     ; \
     pecl install smbclient; \
     docker-php-ext-enable smbclient; \

From 9f985186d56371dec3d284c5e9cc431bc73051b7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Jan 2023 16:33:01 +0100
Subject: [PATCH 0423/3949] cloudflare - improve hint regarding cloudflare

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 +-
 readme.md                            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index aa59a209..f0338b79 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -5,8 +5,8 @@ labels: bug, 0. Needs triage
 ---
 
 <!---
-- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
 - If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
+- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
 --->
 
 <!--- Please fill out the whole template below -->
diff --git a/readme.md b/readme.md
index 0c2d86d0..9bc32de4 100644
--- a/readme.md
+++ b/readme.md
@@ -131,7 +131,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
-- It is very likely that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. You need to follow https://github.com/nextcloud/all-in-one/discussions/1358 in order to resolve this yourself. There is unfortunately no secure way to automate this for you.
+- It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 - The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.

From 9396264c92dc145fdf2aad17f7c29f52d67652a0 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 21 Jan 2023 23:40:41 +0100
Subject: [PATCH 0424/3949] update npm docs

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5b90a943..a54c9fb1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -323,13 +323,19 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
 
 See these screenshots for a working config:
 
-![image](https://user-images.githubusercontent.com/75573284/169556183-2999a733-de42-4008-af09-d4151719a474.png)
+![grafik](https://user-images.githubusercontent.com/75573284/213889707-b7841ca0-3ea7-4321-acf6-50e1c1649442.png)
 
-![image](https://user-images.githubusercontent.com/75573284/169555356-71f32be5-99b5-43ea-8aa7-632c8ef8fad3.png)
+![grafik](https://user-images.githubusercontent.com/75573284/213889724-1ab32264-3e0c-4d83-b067-9fe9d1672fb2.png)
 
-![image](https://user-images.githubusercontent.com/75573284/169557664-52db8713-f0ef-42ac-a161-de40280232a3.png)
+![grafik](https://user-images.githubusercontent.com/75573284/213889797-42642302-b079-4378-a4a6-079f4f67058c.png)
 
-![image](https://user-images.githubusercontent.com/75573284/169555441-dd9a42f5-aea5-4082-8e26-7adcfa4e6cfa.png)
+![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png)
+
+```
+client_body_buffer_size 512k;
+proxy_read_timeout 86400s;
+client_max_body_size 0;
+```
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 

From 82272074909d484039318de126943066b612a2bd Mon Sep 17 00:00:00 2001
From: -Denux <timon.klinkert@gmail.com>
Date: Sun, 22 Jan 2023 17:32:06 +0100
Subject: [PATCH 0425/3949] increased H2WindowSize limit Signed-off-by: -Denux
 <83671398+DenuxPlays@users.noreply.github.com>

---
 reverse-proxy.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5b90a943..940a8b04 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -56,7 +56,7 @@ Add this as a new Apache site config:
     Protocols h2 h2c http/1.1
     
     # Solves slow upload speeds caused by http2
-    H2WindowSize 1048576
+    H2WindowSize 5242880
 
     # SSL
     SSLEngine on
@@ -258,9 +258,6 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
-    
-    # Solves slow upload speeds caused by http2
-    http2_body_preread_size 1048576;
 
     server_name <your-nc-domain>;
 
@@ -273,6 +270,8 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 86400s;
         client_max_body_size 0;
+        # Solves slow upload speeds caused by http2
+        client_body_buffer_size 512k;
 
         # Websocket
         proxy_http_version 1.1;

From 43227cf6f724870631cb001f6b89e6f9345dee5c Mon Sep 17 00:00:00 2001
From: -Denux <timon.klinkert@gmail.com>
Date: Sun, 22 Jan 2023 17:39:06 +0100
Subject: [PATCH 0426/3949] undo nginx changes (handled in seperated pr)
 Signed-off-by: -Denux <83671398+DenuxPlays@users.noreply.github.com>

---
 reverse-proxy.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 940a8b04..5eb57d4b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -258,6 +258,9 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
+    
+    # Solves slow upload speeds caused by http2
+    http2_body_preread_size 1048576;
 
     server_name <your-nc-domain>;
 
@@ -270,8 +273,6 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 86400s;
         client_max_body_size 0;
-        # Solves slow upload speeds caused by http2
-        client_body_buffer_size 512k;
 
         # Websocket
         proxy_http_version 1.1;

From 205b2c00be2fe2572483250cb2a8a5f5d457bfd4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 22 Jan 2023 19:32:19 +0100
Subject: [PATCH 0427/3949] composer - add back the minor versions instead of
 wildcards

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/composer.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.json b/php/composer.json
index 99162fdb..acdccfa7 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -9,13 +9,13 @@
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
-        "slim/slim": "4.*",
-        "php-di/slim-bridge": "3.*",
-        "guzzlehttp/guzzle": "7.*",
-        "guzzlehttp/psr7": "2.*",
-        "http-interop/http-factory-guzzle": "1.*",
-        "slim/twig-view": "3.*",
-        "slim/csrf": "1.*",
+        "slim/slim": "^4.11",
+        "php-di/slim-bridge": "^3.3",
+        "guzzlehttp/guzzle": "^7.5",
+        "guzzlehttp/psr7": "^2.4",
+        "http-interop/http-factory-guzzle": "^1.2",
+        "slim/twig-view": "^3.3",
+        "slim/csrf": "^1.3",
         "ext-apcu": "*"
     },
     "scripts": {

From d3794f5f88b84005b917046e4128c72b475d4334 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 24 Jan 2023 04:21:24 +0000
Subject: [PATCH 0428/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index b60d8c6e..fc0c624f 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863"/>
+<files psalm-version="5.6.0@e784128902dfe01d489c4123d69918a9f3c1eac5"/>

From 56f0cfd91448024f78889f598c9d2cddc3f48c2e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 24 Jan 2023 11:07:08 +0100
Subject: [PATCH 0429/3949] fix psalm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 989ba593..c0e4587e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -539,6 +539,7 @@ class DockerActionManager
             apcu_add($cacheKey, $tag);
             /**
              * @psalm-suppress TypeDoesNotContainNull
+             * @psalm-suppress DocblockTypeContradiction
              */
             if ($tag === null) {
                 error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");

From 1035314023b03ba1e34822023e33eff1069bb158 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Jan 2023 16:13:02 +0100
Subject: [PATCH 0430/3949] Add a disrecommended VPS providers section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 0c2d86d0..5c1300dd 100644
--- a/readme.md
+++ b/readme.md
@@ -139,8 +139,9 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
 
-### Strato Linux VPS
-Stratos VPS are not recommended for running AIO, since they crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
+### Disrecommended VPS providers
+- Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
+- Hostingers VPS seem to miss a specifc Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).

From aa9709694854ea8eb59349b389fc546f4933ed6a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 24 Jan 2023 11:37:08 +0100
Subject: [PATCH 0431/3949] add section about recommended vps

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 5c1300dd..1e462a64 100644
--- a/readme.md
+++ b/readme.md
@@ -143,6 +143,9 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 - Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
 - Hostingers VPS seem to miss a specifc Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
 
+### Recommended VPS
+In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
+
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).
 

From a96cae9035b723c139d59490001e3ece5760ea18 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 23 Jan 2023 12:01:49 +0100
Subject: [PATCH 0432/3949] add section about storage options

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/readme.md b/readme.md
index 9bc32de4..b2f1d396 100644
--- a/readme.md
+++ b/readme.md
@@ -142,6 +142,11 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 ### Strato Linux VPS
 Stratos VPS are not recommended for running AIO, since they crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
 
+### Note on storage options
+- SD-cards are discrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
+- SSD storage is recommended
+- HDD storage should work as well but is of course much slower than SSD storage
+
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).
 

From c09f9f6178e7ef872004b53df36325bee9695b9d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 24 Jan 2023 12:17:15 +0100
Subject: [PATCH 0433/3949] add hint about changing Nextcloud's Datadir in
 additional places

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md        | 2 ++
 reverse-proxy.md | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 143cb704..4f20f641 100644
--- a/readme.md
+++ b/readme.md
@@ -93,6 +93,8 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 ### How to run AIO on macOS?
 On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). Apart from that it should work and behave the same like on Linux.
 
+Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+
 ### How to run AIO on Windows?
 On Windows, the following command should work in the command prompt after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1cab27e5..70313569 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -503,6 +503,8 @@ docker run ^
 nextcloud/all-in-one:latest
 ```
 
+Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+
 </details>
 
 ### Inspiration for a docker-compose file

From 7f03b4efda1737451a8393ce0c9f5fcd900fa91e Mon Sep 17 00:00:00 2001
From: FreDTV <70434961+Fred-DTV@users.noreply.github.com>
Date: Tue, 24 Jan 2023 12:49:09 +0100
Subject: [PATCH 0434/3949] Add Synology instructions (#1813)

---
 php/templates/containers.twig |  2 ++
 readme.md                     | 22 +++++++++++++++++++++-
 reverse-proxy.md              |  2 ++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b3df6b69..16372604 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -163,6 +163,7 @@
                             </form>
                             The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
                             An example for Linux is <b>/mnt/backup</b>.<br>
+                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
                             On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
@@ -325,6 +326,7 @@
                             </form>
                             The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
                             An example for Linux is <b>/mnt/backup</b>.<br>
+                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
                             On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
                         {% endif %}
diff --git a/readme.md b/readme.md
index 6237b607..9acbb54c 100644
--- a/readme.md
+++ b/readme.md
@@ -126,6 +126,26 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 
 ⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
+
+### How to run AIO on Synology DSM
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `-e DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the startup command. Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+
+Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+
+You'll also need to adjust Synology's firewall, see below:
+
+<details>
+<summary>Click here to expand</summary>
+
+The Synology DSM is vulnerable to attacks with it's open ports and login interfaces, which is why a firewall setup is always recommended. If a firewall is activated it is necessary to have exceptions for ports 80,443, the subnet of the docker bridge which includes the nextcloud containers, your public static IP (if you don't use DDNS) and if applicable your NC-Talk ports 3478 TCP+UDP:
+
+![Screenshot 2023-01-19 at 14 13 48](https://user-images.githubusercontent.com/70434961/213677995-71a9f364-e5d2-49e5-831e-4579f217c95c.png)
+
+If you have the NAS setup on your local network (which is most often the case) you will need to setup the Synology DNS to be able to access Nextcloud from your network via its domain. Also don't forget to add the new DNS to your DHCP server and your fixed IP settings:
+ 
+![Screenshot 2023-01-20 at 12 13 44](https://user-images.githubusercontent.com/70434961/213683295-0b39a2bd-7a26-414c-a408-127dd4f07826.png)
+</details>
+
 ### How to run AIO with Portainer?
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 
@@ -194,7 +214,7 @@ See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
 
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
-Simply run the following command: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
 
 ### How to run multiple AIO instances on one server?
 See [multiple-instances.md](./multiple-instances.md) for some documentation on this.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 70313569..7d5f1e9c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -507,6 +507,8 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 
 </details>
 
+On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-synology-dsm
+
 ### Inspiration for a docker-compose file
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

From 62bf50d160fbb41fea9debb7a887561acec69d34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Jan 2023 12:05:56 +0000
Subject: [PATCH 0435/3949] Bump docker in /Containers/mastercontainer

Bumps docker from 20.10.22-dind to 20.10.23-dind.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 94e2e1db..e24d7a2e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.22-dind as dind
+FROM docker:20.10.23-dind as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

From de79b71684f7e104a39bb1f11e5f9bc686327cda Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 24 Jan 2023 12:17:14 +0000
Subject: [PATCH 0436/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.lock b/php/composer.lock
index 59914971..b42bd0eb 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "98f51eb5b87b52c52674f503a131269f",
+    "content-hash": "ca8e9b0dbbbd88c096dd8f2bda37a315",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",

From df67a13198b688f5fb895c4feaa331f6c85b955b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 24 Jan 2023 13:58:20 +0100
Subject: [PATCH 0437/3949] add direct link for Synology

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 9acbb54c..18552e32 100644
--- a/readme.md
+++ b/readme.md
@@ -12,7 +12,7 @@ Included are:
 - Fulltextsearch
 
 ## How to use this?
-The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
+The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script** (`curl -fsSL get.docker.com | sudo sh`).
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>

From 7bad651a767b5907272238e086e3ad0faa88d193 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 25 Jan 2023 12:48:49 +0100
Subject: [PATCH 0438/3949] add explanation for clamav

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 readme.md                     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 16372604..6d74031f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -488,9 +488,9 @@
                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                         <input type="hidden" name="options-form" value="options-form">
                         {% if is_clamav_enabled == true %}
-                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (only supported on x64, needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br>
                         {% else %}
-                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (only supported on x64, needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_collabora_enabled == true %}
                             <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label><br>
diff --git a/readme.md b/readme.md
index 18552e32..7d51406f 100644
--- a/readme.md
+++ b/readme.md
@@ -8,7 +8,7 @@ Included are:
 - High performance backend for Nextcloud Talk
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
 - Imaginary
-- ClamAV
+- ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
 
 ## How to use this?

From b3477bad1b363e9e438a742c3da2b301c1630d16 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Sat, 14 Jan 2023 12:11:43 +0100
Subject: [PATCH 0439/3949] Rework the Traefik example

Make the Traefik example more complete.

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 54 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 19 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7d5f1e9c..9aba80bc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -374,9 +374,34 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
+Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
+
 The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
 
-1. Add a `nextcloud.yml` to the Treafik rules folder with the following content
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for Nextcloud related dynamic configuration:
+
+    ```yml
+    # STATIC CONFIGURATION
+   
+    entryPoints:
+        https:
+            address: ":443" # Create an entrypoint called "https" that uses port 443
+    
+    certificatesResolvers:
+        # Define "letsencrypt" certificate resolver
+        letsencrypt:
+            acme:
+                storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+                email: <your-email-address> # Where LE sends notification about certificates expiring
+                tlschallenge: true
+   
+    providers:
+        file:
+            directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+            watch: true
+    ```
+
+1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
 
     ```yml
     http:
@@ -389,19 +414,14 @@ The examples below define the dynamic configuration in YAML files. If you rather
                 middlewares:
                     - nextcloud-chain
                 tls:
-                    certresolver: "le"
+                    certresolver: "letsencrypt"
 
         services:
             nextcloud:
                 loadBalancer:
                     servers:
-                        - url: "http://localhost:11000"
-    ```
+                        - url: "http://localhost:11000" # Use the host's IP address if Traefik runs outside the host network
 
-2. Add to the bottom of the `middlewares.yml` file in the Treafik rules folder the following content:
-
-    ```yml
-    http:
         middlewares:
             nextcloud-secure-headers:
                 headers:
@@ -413,25 +433,21 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
             https-redirect:
                 redirectscheme:
-                    scheme: https
-    ```
-
-3. Add to the bottom of the `middleware-chains.yml` file in the Traefik rules folder the following content:
-
-    ```yml
-    http:
-        middlewares:
+                    scheme: https 
+   
             nextcloud-chain:
                 chain:
                     middlewares:
                         # - ... (e.g. rate limiting middleware)
-                        - "https-redirect"
-                        - "nextcloud-secure-headers"
+                        - https-redirect
+                        - nextcloud-secure-headers
     ```
 
 ---
 
-Of course you need to modify `<your-nextcloud-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
+    
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 

From 841f6596aacf45d15572daf1e6ec0fed03d27ba1 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Sat, 14 Jan 2023 12:15:19 +0100
Subject: [PATCH 0440/3949] Fixup documentation

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 9aba80bc..a57ae474 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -378,7 +378,7 @@ Traefik's building blocks (router, service, middlewares) need to be defined usin
 
 The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
 
-1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for Nextcloud related dynamic configuration:
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers:
 
     ```yml
     # STATIC CONFIGURATION

From abd0dc1f091fc9ce23711152dffe9a178243c31f Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Wed, 25 Jan 2023 09:22:41 +0100
Subject: [PATCH 0441/3949] Add disclaimer

Signed-off-by: hunhejj <hunhejj@gmail.com>

Update reverse-proxy.md

From 56a642163a471f2e0a5ec633b94ebde740e5f0e8 Mon Sep 17 00:00:00 2001
From: tyleraharrison <tyleraharrison@gmail.com>
Date: Thu, 26 Jan 2023 03:51:36 -0600
Subject: [PATCH 0442/3949] Fix typo in migration.md

`--get-links` -> `--get-link`

Signed-off-by: tyleraharrison <tyleraharrison@gmail.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index d2f1f14a..34087846 100644
--- a/migration.md
+++ b/migration.md
@@ -14,7 +14,7 @@ The procedure for migrating only the files works like this:
 1. Install Nextcloud AIO on a new server/linux installation, enter your domain and wait until all containers are running
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
+1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-link /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/"` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

From 097cc33105c9e150eb83ae2314a64b8feb826df4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jan 2023 12:05:01 +0000
Subject: [PATCH 0443/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.9.2.1 to 22.05.9.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 5d7a6d40..439b3859 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.9.2.1
+FROM collabora/code:22.05.9.3.1
 
 USER root
 

From 6179f7a60962554f3bad9dd8456a97e2f4d42ecd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 26 Jan 2023 23:37:40 +0100
Subject: [PATCH 0444/3949] fix other places as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 2 +-
 readme.md    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration.md b/migration.md
index 34087846..55f058b7 100644
--- a/migration.md
+++ b/migration.md
@@ -73,7 +73,7 @@ The procedure for migrating the files and the database works like this:
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine chmod 777 /mnt/data/database-dump.sql
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/initial-cleanup-done
     ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-links /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary. (Or if `NEXTCLOUD_DATADIR` was provided, first delete the files in there and then copy the files to the chosen path.)
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-link /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary. (Or if `NEXTCLOUD_DATADIR` was provided, first delete the files in there and then copy the files to the chosen path.)
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
diff --git a/readme.md b/readme.md
index 7d51406f..d6656027 100644
--- a/readme.md
+++ b/readme.md
@@ -561,7 +561,7 @@ You can move the whole docker library and all its files including all Nextcloud
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
 ### Custom skeleton directory
-If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-links /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports))

From 4fd54aa53e86472c67207f336271941548ebcaff Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Jan 2023 13:55:15 +0100
Subject: [PATCH 0445/3949] make cloudflare upload limit for explicit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d6656027..2dec3302 100644
--- a/readme.md
+++ b/readme.md
@@ -152,7 +152,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 ### Notes on Cloudflare (proxy/tunnel)
 - It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
-- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.

From f5722897e595aadd6a3a9a7a5d35217d2623f2b5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 25 Jan 2023 12:43:59 +0100
Subject: [PATCH 0446/3949] imaginary - allow further mimetypees out-of-the-box

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 ++++++++
 php/templates/containers.twig      | 4 ++--
 readme.md                          | 2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a7f4d1f1..87ab67de 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -548,9 +548,17 @@ if version_greater "$installed_version" "24.0.0.0"; then
     if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
         php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 20 --value="OC\\Preview\\HEIC"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 21 --value="OC\\Preview\\SVG"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 22 --value="OC\\Preview\\TIFF"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 23 --value="OC\\Preview\\WebP"
     else
         php /var/www/html/occ config:system:delete enabledPreviewProviders 0
         php /var/www/html/occ config:system:delete preview_imaginary_url
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 23
     fi
 fi
 
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6d74031f..c6abc183 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -503,9 +503,9 @@
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, svg, tiff and webp)</label><br>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, svg, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
                             <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
diff --git a/readme.md b/readme.md
index 2dec3302..63447ea6 100644
--- a/readme.md
+++ b/readme.md
@@ -7,7 +7,7 @@ Included are:
 - High performance backend for Nextcloud Files
 - High performance backend for Nextcloud Talk
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
-- Imaginary
+- Imaginary (for previews of heic, svg, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
 

From 2469461a3cc07c5a6a6e965c9c3c17a018d6fd9b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Jan 2023 18:27:39 +0100
Subject: [PATCH 0447/3949] also accept application/vnd.oci.image.index.v1+json
 for newer buildx versions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerHubManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index c75c5efe..09612750 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -39,7 +39,7 @@ class DockerHubManager
                     'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,
                     [
                         'headers' => [
-                            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json',
+                            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.index.v1+json',
                             'Authorization' => 'Bearer ' . $authToken,
                         ],
                     ]

From 7a126a96d9c38da42d60f23025d4141286827c3d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Jan 2023 18:57:35 +0100
Subject: [PATCH 0448/3949] svg does not work with imaginary in my testing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 ++----
 php/templates/containers.twig      | 4 ++--
 readme.md                          | 2 +-
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 87ab67de..f0bd572f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -549,16 +549,14 @@ if version_greater "$installed_version" "24.0.0.0"; then
         php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
         php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
         php /var/www/html/occ config:system:set enabledPreviewProviders 20 --value="OC\\Preview\\HEIC"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 21 --value="OC\\Preview\\SVG"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 22 --value="OC\\Preview\\TIFF"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 23 --value="OC\\Preview\\WebP"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 21 --value="OC\\Preview\\TIFF"
+        php /var/www/html/occ config:system:set enabledPreviewProviders 22 --value="OC\\Preview\\WebP"
     else
         php /var/www/html/occ config:system:delete enabledPreviewProviders 0
         php /var/www/html/occ config:system:delete preview_imaginary_url
         php /var/www/html/occ config:system:delete enabledPreviewProviders 20
         php /var/www/html/occ config:system:delete enabledPreviewProviders 21
         php /var/www/html/occ config:system:delete enabledPreviewProviders 22
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 23
     fi
 fi
 
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c6abc183..cf086e49 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -503,9 +503,9 @@
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, svg, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, tiff and webp)</label><br>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, svg, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
                             <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
diff --git a/readme.md b/readme.md
index 63447ea6..d24e8754 100644
--- a/readme.md
+++ b/readme.md
@@ -7,7 +7,7 @@ Included are:
 - High performance backend for Nextcloud Files
 - High performance backend for Nextcloud Talk
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
-- Imaginary (for previews of heic, svg, tiff and webp)
+- Imaginary (for previews of heic, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
 

From 123c1be6b77feb2c594b58d7c9823188cc4f315f Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 27 Jan 2023 19:43:55 +0100
Subject: [PATCH 0449/3949] migrate apache container to alpine (#1573)

---
 Containers/apache/Dockerfile | 75 ++++++++++++++++++------------------
 Containers/apache/start.sh   |  6 +--
 2 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 2bd46896..68d5632a 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,15 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20230109-slim
+FROM httpd:2.4.54-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data; \
+    apk del --no-cache shadow
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;
@@ -9,51 +17,43 @@ RUN mkdir -p /mnt/data; \
 VOLUME /mnt/data
 
 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        apache2 \
+    apk add --no-cache \
+        bash \
         supervisor \
         wget \
+        tzdata \
         ca-certificates \
         openssl \
-        netcat \
-        dpkg-dev \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        netcat-openbsd
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
 
-RUN a2enmod rewrite \
-    headers \
-    proxy \
-    proxy_fcgi \
-    setenvif \
-    env \
-    mime \
-    dir \
-    authz_core \
-    alias
-
-COPY nextcloud.conf /etc/apache2/sites-available/
-
-RUN rm /etc/apache2/ports.conf; \
-    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
-    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+RUN sed -i \
+                -e '/^Listen /d' \
+                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+                conf/httpd.conf; \
+		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
+                echo "ServerName localhost" | tee -a conf/httpd.conf
+		
+COPY nextcloud.conf conf
 
 RUN set -ex; \
-    a2dissite 000-default && \
-    a2dissite default-ssl && \
-    rm -f /etc/apache2/sites-enabled/000-default.conf && \
-    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
-    rm /etc/apache2/sites-available/000-default.conf && \
-    rm /etc/apache2/sites-available/default-ssl.conf && \
-    a2ensite nextcloud.conf && \
+    rm -rf conf/original conf/original && \
     rm -rf /var/www/html/* && \
-    chown www-data:www-data -R /var/log/apache2; \
-    mkdir -p /var/run/apache2; \
-    chown -R www-data:www-data /var/run/apache2; \
+    mkdir /var/www && \
     chown -R www-data:www-data /var/www;
 
 RUN mkdir /var/log/supervisord; \
@@ -70,7 +70,8 @@ RUN chmod +x /usr/bin/start.sh; \
     chmod +x /usr/bin/healthcheck.sh; \
     chmod +r /supervisord.conf; \
     chown www-data:www-data /Caddyfile; \
-    chmod +r -R /etc/apache2
+    chown -R www-data:www-data /usr/local/apache2; \
+    chmod +r -R /usr/local/apache2
 
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
@@ -80,4 +81,4 @@ USER www-data
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD healthcheck.sh
\ No newline at end of file
+HEALTHCHECK CMD healthcheck.sh
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index bed49656..56ff81bc 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -48,7 +48,7 @@ echo "$CADDYFILE" > /Caddyfile
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
-# Fix apache sturtup
-rm -f /var/run/apache2/apache2.pid
+# Fix apache startup
+rm -f /usr/local/apache2/logs/httpd.pid
 
-exec "$@"
\ No newline at end of file
+exec "$@"

From 4e74052c20171c4877d05f1ff64068f49809e881 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 27 Jan 2023 21:36:53 +0100
Subject: [PATCH 0450/3949] migrate mastercontainer to alpine (#1577)

---
 Containers/mastercontainer/Dockerfile         | 105 +++++++++++-------
 .../mastercontainer/mastercontainer.conf      |   6 +-
 Containers/mastercontainer/start.sh           |   7 +-
 Containers/mastercontainer/supervisord.conf   |  10 +-
 4 files changed, 86 insertions(+), 42 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e24d7a2e..69c152cb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -4,8 +4,15 @@ FROM docker:20.10.23-dind as dind
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.1.14-apache-bullseye
+# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
+FROM php:8.1.14-fpm-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data
 
 EXPOSE 80
 EXPOSE 8080
@@ -19,16 +26,38 @@ RUN mkdir -p /var/www/docker-aio;
 
 WORKDIR /var/www/docker-aio
 
-RUN apt-get update; \
-    apt-get install -y --no-install-recommends \
-        git \
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        wget \
+        tzdata \
+        bash \
+        apache2 \
+        apache2-proxy \
+        apache2-ssl \
         supervisor \
         openssl \
         sudo \
-        dpkg-dev \
-        netcat \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        netcat-openbsd \
+        grep
+
+RUN set -ex; \
+    apk add --no-cache --virtual .build-deps \
+        autoconf \
+        build-base; \
+    pecl install APCu-5.1.22; \
+    docker-php-ext-enable apcu; \
+    rm -r /tmp/pear; \
+    \
+    runDeps="$( \
+        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+            | tr ',' '\n' \
+            | sort -u \
+            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+    )"; \
+    apk add --virtual .nextcloud-aio-rundeps $runDeps; \
+    apk del .build-deps; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
@@ -36,14 +65,10 @@ RUN chmod +x /usr/bin/caddy
 COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
-RUN set -ex; \
-    pecl install APCu-5.1.22; \
-    docker-php-ext-enable apcu
-
 RUN set -e && \
-    curl -sS https://getcomposer.org/installer | php && \
-    mv composer.phar /usr/local/bin/composer && \
-    chmod +x /usr/local/bin/composer && \
+    apk add --no-cache git; \
+    wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
+    chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     cd php; \
@@ -54,7 +79,8 @@ RUN set -e && \
     chmod 770 -R ./; \
     chown www-data:www-data -R /var/www; \
     rm -r ./php/data; \
-    rm -r ./php/session
+    rm -r ./php/session; \
+    apk del --no-cache git
 
 RUN mkdir -p /etc/apache2/certs && \
     cd /etc/apache2/certs && \
@@ -62,28 +88,31 @@ RUN mkdir -p /etc/apache2/certs && \
 
 COPY mastercontainer.conf /etc/apache2/sites-available/
 
-RUN a2enmod rewrite \
-    headers \
-    env \
-    mime \
-    dir \
-    authz_core \
-    proxy \
-    proxy_http \
-    ssl
-
-RUN rm /etc/apache2/ports.conf; \
-    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
-    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+RUN sed -i \
+            -e '/^Listen /d' \
+            -e 's/User apache/User www-data/g' \
+            -e 's/Group apache/Group www-data/g' \
+            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+        /etc/apache2/httpd.conf; \
+        mkdir -p /etc/apache2/logs; \
+        rm /etc/apache2/conf.d/ssl.conf; \
+        echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf
 
 RUN set -ex; \
-    a2dissite 000-default && \
-    a2dissite default-ssl && \
-    rm -f /etc/apache2/sites-enabled/000-default.conf && \
-    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
-    rm /etc/apache2/sites-available/000-default.conf && \
-    rm /etc/apache2/sites-available/default-ssl.conf && \
-    a2ensite mastercontainer.conf
+    rm -f /etc/apache2/conf.d/default.conf \
+          /etc/apache2/conf.d/userdir.conf \
+          /etc/apache2/conf.d/info.conf
 
 RUN mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
@@ -109,4 +138,4 @@ USER root
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD /healthcheck.sh
\ No newline at end of file
+HEALTHCHECK CMD /healthcheck.sh
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index fbde2b94..e56bac19 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -10,9 +10,13 @@ Listen 8080
 <VirtualHost *:8000>
     ServerName localhost
 
+    # Add error log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2
+
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler application/x-httpd-php
+        SetHandler "proxy:fcgi://localhost:9000"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index eac30fb0..3d8ab13e 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -239,8 +239,8 @@ chown root:root -R /mnt/docker-aio-config/certs/
 
 # Don't allow access to the AIO interface from the Nextcloud container
 # Probably more cosmetic than anything but at least an attempt
-if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
-    cat << APACHE_CONF >> /etc/apache2/apache2.conf
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/httpd.conf; then
+    cat << APACHE_CONF >> /etc/apache2/httpd.conf
 # nextcloud-aio-block-start
 <Location />
 order allow,deny
@@ -277,4 +277,7 @@ https://your-domain-that-points-to-this-server.tld:8443"
 # Set the timezone to UTC
 export TZ=UTC
 
+# Fix apache startup
+rm -f /var/run/apache2/httpd.pid
+
 exec "$@"
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 5072586c..993d91d7 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -8,12 +8,20 @@ logfile_backups=10
 loglevel=error
 user=root
 
+[program:php-fpm]
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=php-fpm
+user=root
+
 [program:apache]
 # stdout_logfile=/dev/stdout
 # stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=apache2-foreground
+command=httpd -DFOREGROUND
 user=root
 
 [program:caddy]

From 3102dbfaebd1fb329fa1db00bbbed0183d502fe1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Jan 2023 21:52:37 +0100
Subject: [PATCH 0451/3949] add curl back

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 69c152cb..445f8819 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -39,6 +39,7 @@ RUN set -ex; \
         openssl \
         sudo \
         netcat-openbsd \
+        curl \
         grep
 
 RUN set -ex; \

From 405162e1032ee3ff7b3521f8f9467e7b8debfb88 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 28 Jan 2023 16:23:46 +0100
Subject: [PATCH 0452/3949] Fix and improve helm update script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/Chart.yaml                            |  2 +-
 .../nextcloud-aio-apache-deployment.yaml         |  7 ++++---
 ...xtcloud-aio-apache-persistentvolumeclaim.yaml |  4 ++--
 .../templates/nextcloud-aio-apache-service.yaml  |  4 +---
 .../nextcloud-aio-clamav-deployment.yaml         |  6 +++---
 ...xtcloud-aio-clamav-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-collabora-deployment.yaml      |  6 +++---
 ...io-collabora-fonts-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-database-deployment.yaml       |  6 +++---
 ...-aio-database-dump-persistentvolumeclaim.yaml |  4 ++--
 ...cloud-aio-database-persistentvolumeclaim.yaml |  4 ++--
 ...-aio-elasticsearch-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml      |  6 +++---
 ...aio-nextcloud-data-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-nextcloud-deployment.yaml      |  8 ++++----
 ...io-nextcloud-mount-persistentvolumeclaim.yaml |  4 ++--
 ...loud-aio-nextcloud-persistentvolumeclaim.yaml |  4 ++--
 ...ud-trusted-cacerts-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-onlyoffice-deployment.yaml     |  6 +++---
 ...oud-aio-onlyoffice-persistentvolumeclaim.yaml |  4 ++--
 .../nextcloud-aio-redis-deployment.yaml          |  6 +++---
 ...extcloud-aio-redis-persistentvolumeclaim.yaml |  4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml |  6 +++---
 .../templates/nextcloud-aio-talk-service.yaml    |  4 +---
 helm-chart/update-helm.sh                        | 16 ++++++++++------
 helm-chart/values.yaml                           |  2 +-
 27 files changed, 70 insertions(+), 69 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 606c05ff..fefeda85 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.0.1
+version: 4.2.0
 apiVersion: v1
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6b23459a..33a7839b 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -16,7 +16,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
@@ -41,10 +41,11 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-apache:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
+              hostIP: {{ .Values.APACHE_IP_BINDING }}
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index fc6d1b65..d1a03c77 100755
--- a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-apache-service.yaml b/helm-chart/templates/nextcloud-aio-apache-service.yaml
index 22ed8269..50acc4b3 100755
--- a/helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -14,5 +14,3 @@ spec:
       targetPort: {{ .Values.APACHE_PORT }}
   selector:
     io.kompose.service: nextcloud-aio-apache
-status:
-  loadBalancer: {}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 7de199da..d4606e2d 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
@@ -28,7 +28,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-clamav:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-clamav
           volumeMounts:
             - mountPath: /var/lib/clamav
diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index 776901fb..6c4c4b79 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 2f83b739..c30b0afd 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
-          image: nextcloud/aio-collabora:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-collabora:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-collabora
           volumeMounts:
             - mountPath: /opt/cool/systemplate/tmpfonts
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
index 099998a4..54c704fe 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index b5bae70e..36c7a981 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -16,7 +16,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
@@ -33,7 +33,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-postgresql:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-database
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index 5b5d61b2..a7a29492 100755
--- a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
index 71a78ad6..23947a12 100755
--- a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index ec2ecbce..5b92f15b 100755
--- a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 33408159..63e475cf 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
@@ -30,7 +30,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-fulltextsearch:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-fulltextsearch
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index e6b90ac7..2eabe094 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
@@ -26,6 +26,6 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-imaginary:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-imaginary
 {{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index a3e65b4f..994bd947 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 72483cfe..025ae24a 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -16,7 +16,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
@@ -101,14 +101,14 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-nextcloud:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-nextcloud
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
             - mountPath: /mnt/ncdata
               name: nextcloud-aio-nextcloud-data
-            - mountPath: /mnt/
+            - mountPath: /mnt
               name: nextcloud-aio-nextcloud-mount
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
index ced4114b..c36dca31 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index b047dc5a..9a00b40c 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index 6a46650c..f3826da7 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1da2dbb7..c7de97a4 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-onlyoffice:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-onlyoffice
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index 90916696..0a97d85f 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0dc84638..7d9dd504 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -16,7 +16,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
@@ -27,7 +27,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-redis:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-redis
           volumeMounts:
             - mountPath: /data
diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index fd7af042..c9c003e2 100755
--- a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -9,7 +9,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.MAX_STORAGE_SIZE }}
+      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 29d078c8..06ac7f2d 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.27.0 (b0ed6a2c9)
+        kompose.version: 1.28.0 (c4137012e)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
@@ -36,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20221229_091124-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-talk:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-talk-service.yaml b/helm-chart/templates/nextcloud-aio-talk-service.yaml
index a9588e4e..91bc1887 100755
--- a/helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.27.0 (b0ed6a2c9)
+    kompose.version: 1.28.0 (c4137012e)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -19,6 +19,4 @@ spec:
       targetPort: {{ .Values.TALK_PORT }}
   selector:
     io.kompose.service: nextcloud-aio-talk
-status:
-  loadBalancer: {}
 {{- end }}
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 8268bbde..cf3ad294 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -29,20 +29,26 @@ sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "s|\${NEXTCLOUD_MOUNT}:\${NEXTCLOUD_MOUNT}:|nextcloud_aio_nextcloud_mount:$NEXTCLOUD_MOUNT:|" latest.yml
+sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_mount:\n \ \ \ \ name: nextcloud_aio_nextcloud_mount" latest.yml
+sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
 sed -i 's|\${|{{ .Values.|g' latest.yml
 sed -i 's|}| }}|g' latest.yml
-sed -i '/profiles: /d' latest.yml
 cat latest.yml
 kompose convert -c -f latest.yml
 cd latest
 
+mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
 # shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: {{ .Values.MAX_STORAGE_SIZE }}|" \{} \;  
+find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteMany|" \{} \;  
+find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|" \{} \;  
+find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
 # shellcheck disable=SC1083
@@ -85,14 +91,12 @@ sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
 
 # Conversion of sample.conf
 cp sample.conf /tmp/
-sed -i "/^APACHE_IP_BINDING/d" /tmp/sample.conf
 sed -i 's|"||g' /tmp/sample.conf
 sed -i 's|=|: |' /tmp/sample.conf
 sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_MOUNT: .*|NEXTCLOUD_MOUNT:        # Setting this to any value allows to enable external storages in Nextcloud|' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
-echo 'MAX_STORAGE_SIZE: 10Gi        # You can adjust the max storage that each volume can use with this value' >> /tmp/sample.conf
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 5ec3fcdf..e18a34a9 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -1,6 +1,7 @@
 IMAGE_TAG: latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING: 0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
@@ -30,5 +31,4 @@ TALK_PORT: 3478          # This allows to adjust the port that the talk containe
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-MAX_STORAGE_SIZE: 10Gi        # You can adjust the max storage that each volume can use with this value
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes

From 83c68da0a0d6e377054a62a25beb9cbf084c5be6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 28 Jan 2023 22:08:43 +0100
Subject: [PATCH 0453/3949] fix permissions?

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml      | 3 +++
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml      | 3 +++
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-database-deployment.yaml    | 3 +++
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 3 +++
 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml  | 3 +++
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml       | 3 +++
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml        | 3 +++
 helm-chart/update-helm.sh                                      | 2 ++
 11 files changed, 32 insertions(+)

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 33a7839b..6f0b560a 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: APACHE_MAX_SIZE
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d4606e2d..cf24fe5c 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c30b0afd..9068033b 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 36c7a981..d1eb3c4e 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: PGTZ
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 63e475cf..64ff5e48 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: ES_JAVA_OPTS
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2eabe094..ea558eba 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 025ae24a..fc6a0313 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: ADDITIONAL_APKS
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c7de97a4..d4c9eef3 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: JWT_ENABLED
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 7d9dd504..3525d150 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: REDIS_HOST_PASSWORD
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 06ac7f2d..9e25b9fb 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: JANUS_API_KEY
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index cf3ad294..74d0e2a2 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -46,6 +46,8 @@ find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ securityContext:\n\ \ \ \ \ \ \ \ fsGroup: 65534\n\ \ \ \ \ \ \ \ fsGroupChangePolicy: \"OnRootMismatch\"" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   

From 7d36204397e070df4ecfcfe07a5af0079f94d61d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 29 Jan 2023 00:02:18 +0100
Subject: [PATCH 0454/3949] allow to adjust the volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 ...loud-aio-apache-persistentvolumeclaim.yaml |  2 +-
 ...collabora-fonts-persistentvolumeclaim.yaml |  2 +-
 ...o-database-dump-persistentvolumeclaim.yaml |  2 +-
 ...ud-aio-database-persistentvolumeclaim.yaml |  2 +-
 ...o-elasticsearch-persistentvolumeclaim.yaml |  2 +-
 ...-nextcloud-data-persistentvolumeclaim.yaml |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  7 ------
 ...nextcloud-mount-persistentvolumeclaim.yaml | 15 -------------
 ...d-aio-nextcloud-persistentvolumeclaim.yaml |  2 +-
 ...trusted-cacerts-persistentvolumeclaim.yaml |  2 +-
 helm-chart/update-helm.sh                     | 22 +++++++++++++++----
 helm-chart/values.yaml                        |  4 +++-
 12 files changed, 29 insertions(+), 35 deletions(-)
 delete mode 100755 helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml

diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index d1a03c77..f63ffab1 100755
--- a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: 100Mi
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
index 54c704fe..8e514c89 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: 100Mi
diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index a7a29492..2c87ac91 100755
--- a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.DATABASE_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
index 23947a12..a8522aae 100755
--- a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.DATABASE_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index 5b92f15b..04bee927 100755
--- a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.FULLTEXTSEARCH_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index 994bd947..50594a1f 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fc6a0313..6e9e1236 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -58,8 +58,6 @@ spec:
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_DATA_DIR
               value: /mnt/ncdata
-            - name: NEXTCLOUD_MOUNT
-              value: "{{ .Values.NEXTCLOUD_MOUNT }}"
             - name: ONLYOFFICE_ENABLED
               value: "{{ .Values.ONLYOFFICE_ENABLED }}"
             - name: ONLYOFFICE_HOST
@@ -111,8 +109,6 @@ spec:
               name: nextcloud-aio-nextcloud
             - mountPath: /mnt/ncdata
               name: nextcloud-aio-nextcloud-data
-            - mountPath: /mnt
-              name: nextcloud-aio-nextcloud-mount
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
               readOnly: true
@@ -123,9 +119,6 @@ spec:
         - name: nextcloud-aio-nextcloud-data
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud-data
-        - name: nextcloud-aio-nextcloud-mount
-          persistentVolumeClaim:
-            claimName: nextcloud-aio-nextcloud-mount
         - name: nextcloud-aio-nextcloud-trusted-cacerts
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud-trusted-cacerts
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
deleted file mode 100755
index c36dca31..00000000
--- a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    io.kompose.service: nextcloud-aio-nextcloud-mount
-  name: nextcloud-aio-nextcloud-mount
-spec:
-  {{- if .Values.STORAGE_CLASS }}
-  storageClassName: {{ .Values.STORAGE_CLASS }}
-  {{- end }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index 9a00b40c..391b26e9 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: 2Gi
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index f3826da7..ad7c0d1e 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: 100Mi
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 74d0e2a2..1c9bd347 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -28,8 +28,7 @@ sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.y
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
-sed -i "s|\${NEXTCLOUD_MOUNT}:\${NEXTCLOUD_MOUNT}:|nextcloud_aio_nextcloud_mount:$NEXTCLOUD_MOUNT:|" latest.yml
-sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_mount:\n \ \ \ \ name: nextcloud_aio_nextcloud_mount" latest.yml
+sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
 sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
 sed -i 's|\${|{{ .Values.|g' latest.yml
@@ -48,7 +47,15 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|ne
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ securityContext:\n\ \ \ \ \ \ \ \ fsGroup: 65534\n\ \ \ \ \ \ \ \ fsGroupChangePolicy: \"OnRootMismatch\"" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
+find ./ \( -not -name '*apache*' -not -name '*collabora-fonts*' -not -name '*trusted-cacerts*' -name '*persistentvolumeclaim.yaml' \) -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: 2Gi|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*database*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.DATABASE_STORAGE_SIZE }}|" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*elasticsearch-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.FULLTEXTSEARCH_STORAGE_SIZE }}|" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
@@ -97,9 +104,16 @@ sed -i 's|"||g' /tmp/sample.conf
 sed -i 's|=|: |' /tmp/sample.conf
 sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
-sed -i 's|^NEXTCLOUD_MOUNT: .*|NEXTCLOUD_MOUNT:        # Setting this to any value allows to enable external storages in Nextcloud|' /tmp/sample.conf
+sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
+# shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextclouds Datadir with this value' >> /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value' >> /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value' >> /tmp/sample.conf
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index e18a34a9..097108de 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -17,7 +17,6 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional pa
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
-NEXTCLOUD_MOUNT:        # Setting this to any value allows to enable external storages in Nextcloud
 NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
@@ -32,3 +31,6 @@ TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containe
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
+NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextclouds Datadir with this value
+DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value
+FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value

From 3058bf03ec9df63a7c3b8a47449ab3399da81905 Mon Sep 17 00:00:00 2001
From: Jo <jonassauge@gmail.com>
Date: Mon, 30 Jan 2023 10:19:22 +0100
Subject: [PATCH 0455/3949] allow to copy the command to install docker

Signed-off-by: Jo <jonassauge@gmail.com>
---
 readme.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d24e8754..95bd7077 100644
--- a/readme.md
+++ b/readme.md
@@ -13,7 +13,10 @@ Included are:
 
 ## How to use this?
 The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
-1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script** (`curl -fsSL get.docker.com | sudo sh`).
+1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
+ ```
+curl -fsSL get.docker.com | sudo sh
+ ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
     (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)

From 88f2b398a4546c47731b814ca84fb9993c4076c1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jan 2023 12:16:26 +0000
Subject: [PATCH 0456/3949] Bump httpd in /Containers/apache

Bumps httpd from 2.4.54-alpine3.17 to 2.4.55-alpine3.17.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 68d5632a..5c42cb77 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM httpd:2.4.54-alpine3.17
+FROM httpd:2.4.55-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From abd956612d207fa7c26fdee31948de784bed9c46 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jan 2023 12:16:45 +0000
Subject: [PATCH 0457/3949] Bump containrrr/watchtower from 1.5.1 to 1.5.3 in
 /Containers/watchtower

Bumps containrrr/watchtower from 1.5.1 to 1.5.3.

---
updated-dependencies:
- dependency-name: containrrr/watchtower
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 945bb333..ab956637 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.5.1 as watchtower
+FROM containrrr/watchtower:1.5.3 as watchtower
 
 FROM alpine:3.17.1
 

From fb411120c1c63d38c7cd5473c5e0ff6b3c815d78 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jan 2023 12:19:48 +0000
Subject: [PATCH 0458/3949] Bump ludeeus/action-shellcheck from 1.1.0 to 2.0.0

Bumps [ludeeus/action-shellcheck](https://github.com/ludeeus/action-shellcheck) from 1.1.0 to 2.0.0.
- [Release notes](https://github.com/ludeeus/action-shellcheck/releases)
- [Commits](https://github.com/ludeeus/action-shellcheck/compare/1.1.0...2.0.0)

---
updated-dependencies:
- dependency-name: ludeeus/action-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/shellcheck.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 51a51298..3af43bb1 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@1.1.0
+      uses: ludeeus/action-shellcheck@2.0.0
       with:
         check_together: 'yes'
       env:

From f5616cd618565626ede239939db2cb4ccb4173c3 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 30 Jan 2023 14:54:09 +0100
Subject: [PATCH 0459/3949] Disallow Watchtower to update AIO Container (exept
 Mastercontainer)

See: https://containrrr.dev/watchtower/container-selection/#monitor_only

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile         | 1 +
 Containers/borgbackup/Dockerfile     | 3 ++-
 Containers/clamav/Dockerfile         | 1 +
 Containers/collabora/Dockerfile      | 1 +
 Containers/domaincheck/Dockerfile    | 3 ++-
 Containers/fulltextsearch/Dockerfile | 1 +
 Containers/imaginary/Dockerfile      | 3 ++-
 Containers/nextcloud/Dockerfile      | 1 +
 Containers/onlyoffice/Dockerfile     | 3 ++-
 Containers/postgresql/Dockerfile     | 1 +
 Containers/redis/Dockerfile          | 3 ++-
 Containers/talk/Dockerfile           | 3 ++-
 Containers/watchtower/Dockerfile     | 1 +
 13 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 5c42cb77..d813e578 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -82,3 +82,4 @@ ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 65d39bdc..aaae2c47 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -18,4 +18,5 @@ RUN chmod +x /usr/bin/start.sh; \
     chmod +x /backupscript.sh
 
 USER root
-ENTRYPOINT ["start.sh"]
\ No newline at end of file
+ENTRYPOINT ["start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e3a42e81..5fe9c503 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,3 +4,4 @@ FROM clamav/clamav:0.105.1-7
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 439b3859..c16f31f7 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -16,3 +16,4 @@ RUN set -ex; \
 USER 104
 
 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 3c4dae25..484cd613 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -15,4 +15,5 @@ USER www-data
 RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index f33b4f0c..4e92335d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -12,3 +12,4 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 49e8d14b..a4309117 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,4 +13,5 @@ USER nobody
 
 ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
 
-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 7a64f04c..76ae830a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -267,3 +267,4 @@ USER root
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index af22a625..1dcced12 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:7.2.2.56
 
-HEALTHCHECK CMD nc -z localhost 80 || exit 1
\ No newline at end of file
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index df01436c..329a0c31 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -36,3 +36,4 @@ USER postgres
 ENTRYPOINT ["start.sh"]
 
 HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index e18f59de..99b9ebe4 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -12,4 +12,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER redis
 ENTRYPOINT ["start.sh"]
 
-HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
\ No newline at end of file
+HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 0e596cf0..6730710d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -71,4 +71,5 @@ USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
\ No newline at end of file
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ab956637..d08baf51 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -11,3 +11,4 @@ RUN chmod +x /start.sh
 
 USER root
 ENTRYPOINT ["/start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file

From ef397a9df1e82a89d5de9c678f5cdb9bdf88613d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Jan 2023 15:33:12 +0100
Subject: [PATCH 0460/3949] add linebreak

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile         | 2 +-
 Containers/borgbackup/Dockerfile     | 2 +-
 Containers/clamav/Dockerfile         | 2 +-
 Containers/collabora/Dockerfile      | 2 +-
 Containers/domaincheck/Dockerfile    | 2 +-
 Containers/fulltextsearch/Dockerfile | 2 +-
 Containers/imaginary/Dockerfile      | 2 +-
 Containers/nextcloud/Dockerfile      | 2 +-
 Containers/onlyoffice/Dockerfile     | 2 +-
 Containers/postgresql/Dockerfile     | 2 +-
 Containers/redis/Dockerfile          | 2 +-
 Containers/talk/Dockerfile           | 2 +-
 Containers/watchtower/Dockerfile     | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d813e578..edb8ac3e 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -82,4 +82,4 @@ ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index aaae2c47..371b41cb 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -19,4 +19,4 @@ RUN chmod +x /usr/bin/start.sh; \
 
 USER root
 ENTRYPOINT ["start.sh"]
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 5fe9c503..882276e7 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,4 +4,4 @@ FROM clamav/clamav:0.105.1-7
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c16f31f7..13ac2f2e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -16,4 +16,4 @@ RUN set -ex; \
 USER 104
 
 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 484cd613..bf100723 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -16,4 +16,4 @@ RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4e92335d..16eb6871 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -12,4 +12,4 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index a4309117..6f8e5745 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,4 +14,4 @@ USER nobody
 ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
 
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 76ae830a..806753c8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -267,4 +267,4 @@ USER root
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 1dcced12..7fbbe55a 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -2,4 +2,4 @@
 FROM onlyoffice/documentserver:7.2.2.56
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 329a0c31..2a0b25a8 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -36,4 +36,4 @@ USER postgres
 ENTRYPOINT ["start.sh"]
 
 HEALTHCHECK CMD healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 99b9ebe4..f84eec66 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -13,4 +13,4 @@ USER redis
 ENTRYPOINT ["start.sh"]
 
 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 6730710d..eff954a1 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -72,4 +72,4 @@ ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index d08baf51..fbcb0f3f 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -11,4 +11,4 @@ RUN chmod +x /start.sh
 
 USER root
 ENTRYPOINT ["/start.sh"]
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
\ No newline at end of file
+LABEL com.centurylinklabs.watchtower.monitor-only="true"

From e31d4f25ef82c87fb01303203ee7c5f6cafa8b07 Mon Sep 17 00:00:00 2001
From: Jo <jonassauge@gmail.com>
Date: Mon, 30 Jan 2023 17:55:19 +0100
Subject: [PATCH 0461/3949] Update readme.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jo <jonassauge@gmail.com>
---
 readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index 95bd7077..0c0f5aec 100644
--- a/readme.md
+++ b/readme.md
@@ -14,9 +14,9 @@ Included are:
 ## How to use this?
 The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
- ```
-curl -fsSL get.docker.com | sudo sh
- ```
+    ```
+    curl -fsSL get.docker.com | sudo sh
+    ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
     (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)

From 225ff3814dee5a1efd60f80ffb92365300e67d09 Mon Sep 17 00:00:00 2001
From: Jo <jonassauge@gmail.com>
Date: Mon, 30 Jan 2023 19:26:55 +0100
Subject: [PATCH 0462/3949] Update readme.md

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Jo <jonassauge@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0c0f5aec..02e4a9cd 100644
--- a/readme.md
+++ b/readme.md
@@ -14,7 +14,7 @@ Included are:
 ## How to use this?
 The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
-    ```
+    ```sh
     curl -fsSL get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.

From b6c3a777b0628cf3116b045bbade24e440d04eb9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Jan 2023 21:42:32 +0100
Subject: [PATCH 0463/3949] allow to adjust all volume sizes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-persistentvolumeclaim.yaml    |  2 +-
 .../nextcloud-aio-clamav-persistentvolumeclaim.yaml    |  2 +-
 ...loud-aio-collabora-fonts-persistentvolumeclaim.yaml |  2 +-
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml |  2 +-
 ...extcloud-trusted-cacerts-persistentvolumeclaim.yaml |  2 +-
 ...nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml |  2 +-
 .../nextcloud-aio-redis-persistentvolumeclaim.yaml     |  2 +-
 helm-chart/update-helm.sh                              | 10 ++++++++--
 helm-chart/values.yaml                                 |  2 ++
 9 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index f63ffab1..c6d9271d 100755
--- a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 100Mi
+      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index 6c4c4b79..e2379616 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
index 8e514c89..e06d64d1 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 100Mi
+      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index 391b26e9..d6b26e25 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 2Gi
+      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index ad7c0d1e..ed827317 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 100Mi
+      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index 0a97d85f..a6fab5f5 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index c9c003e2..06c64253 100755
--- a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 1c9bd347..84ce9cb5 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -49,14 +49,16 @@ find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ security
 # shellcheck disable=SC1083
 find ./ \( -not -name '*apache*' -not -name '*collabora-fonts*' -not -name '*trusted-cacerts*' -name '*persistentvolumeclaim.yaml' \) -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
 # shellcheck disable=SC1083
-find ./ -name '*nextcloud-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: 2Gi|" \{} \;  
-# shellcheck disable=SC1083
 find ./ -name '*nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}|" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*database*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.DATABASE_STORAGE_SIZE }}|" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*elasticsearch-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.FULLTEXTSEARCH_STORAGE_SIZE }}|" \{} \;  
 # shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}|" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}|" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
@@ -114,6 +116,10 @@ echo 'NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextc
 echo 'DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value' >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value' >> /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'DEFAULT_100M_STORAGE_SIZE: 100Mi       # You can change the size of the remaining volumes that default to 100Mi with this value' >> /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'DEFAULT_1G_STORAGE_SIZE: 1Gi       # You can change the size of the remaining volumes that default to 1Gi with this value' >> /tmp/sample.conf
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 097108de..53c4204d 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -34,3 +34,5 @@ STORAGE_CLASS:        # By setting this, you can adjust the storage class for yo
 NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextclouds Datadir with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value
 FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value
+DEFAULT_100M_STORAGE_SIZE: 100Mi       # You can change the size of the remaining volumes that default to 100Mi with this value
+DEFAULT_1G_STORAGE_SIZE: 1Gi       # You can change the size of the remaining volumes that default to 1Gi with this value

From 8824a8471b58111781302203de37f7f2ed2dabda Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 31 Jan 2023 00:23:23 +0100
Subject: [PATCH 0464/3949] add ghostscript fonts

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 806753c8..d996f8f1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -51,6 +51,7 @@ RUN set -ex; \
         libheif-dev \
         librsvg-dev \
         libxext-dev \
+        ghostscript-fonts \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -215,8 +216,8 @@ RUN set -ex; \
         libjpeg \
         librsvg \
         libheif \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        libpng \
+        ghostscript-fonts;
 
 RUN set -ex; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \

From 5ba7a3f86af6627b539e3fc53f42622e344519b5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 31 Jan 2023 00:37:43 +0100
Subject: [PATCH 0465/3949] also add libtool

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index d996f8f1..90b53f7f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -27,6 +27,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
         autoconf \
+        libtool \
         freetype-dev \
         icu-dev \
         libevent-dev \

From 7c05f185737c7f7cf217312e63b9b11d4a778289 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Jan 2023 12:03:57 +0000
Subject: [PATCH 0466/3949] Bump ubuntu from focal-20221130 to focal-20230126
 in /Containers/talk

Bumps ubuntu from focal-20221130 to focal-20230126.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index eff954a1..2129ec07 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20221130
+FROM ubuntu:focal-20230126
 
 RUN set -ex; \
     \

From 57f182f1e59dbc550a98aaa633e828c2d7c3e6e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Jan 2023 12:04:52 +0000
Subject: [PATCH 0467/3949] Bump docker/build-push-action from 3 to 4

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/create-psalm-container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml
index 36407589..20d387df 100644
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -45,7 +45,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build container image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           push: true
           context: 'psalm-github-actions'

From 33fb628ce5a77aa733e9012b316e63f786ebe74f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 11:38:59 +0100
Subject: [PATCH 0468/3949] imaginary - allow big images by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 6f8e5745..7557fdcb 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -11,7 +11,7 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 
-ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
 
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 133b149ee3272d6ac7815b3230edc5fd7215617a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 12:35:40 +0100
Subject: [PATCH 0469/3949] allow to change the size of each volume separately

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 ...loud-aio-apache-persistentvolumeclaim.yaml |  2 +-
 ...loud-aio-clamav-persistentvolumeclaim.yaml |  2 +-
 ...collabora-fonts-persistentvolumeclaim.yaml |  2 +-
 ...o-database-dump-persistentvolumeclaim.yaml |  2 +-
 ...o-elasticsearch-persistentvolumeclaim.yaml |  2 +-
 ...d-aio-nextcloud-persistentvolumeclaim.yaml |  2 +-
 ...trusted-cacerts-persistentvolumeclaim.yaml |  2 +-
 ...-aio-onlyoffice-persistentvolumeclaim.yaml |  2 +-
 ...cloud-aio-redis-persistentvolumeclaim.yaml |  2 +-
 helm-chart/update-helm.sh                     | 33 +++++++------------
 helm-chart/values.yaml                        | 16 ++++++---
 11 files changed, 31 insertions(+), 36 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index c6d9271d..35c851a6 100755
--- a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
+      storage: {{ .Values.APACHE_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index e2379616..68709d1f 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
+      storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
index e06d64d1..ea0b9c00 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
+      storage: {{ .Values.COLLABORA_FONTS_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index 2c87ac91..78ff6742 100755
--- a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DATABASE_STORAGE_SIZE }}
+      storage: {{ .Values.DATABASE_DUMP_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index 04bee927..8ec6bbb4 100755
--- a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.FULLTEXTSEARCH_STORAGE_SIZE }}
+      storage: {{ .Values.ELASTICSEARCH_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index d6b26e25..d07e3b61 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
+      storage: {{ .Values.NEXTCLOUD_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index ed827317..58384bde 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}
+      storage: {{ .Values.NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index a6fab5f5..674ad7b6 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
+      storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index 06c64253..10f3e7da 100755
--- a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -12,4 +12,4 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}
+      storage: {{ .Values.REDIS_STORAGE_SIZE }}
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 84ce9cb5..91216e48 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -47,18 +47,6 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|ne
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ securityContext:\n\ \ \ \ \ \ \ \ fsGroup: 65534\n\ \ \ \ \ \ \ \ fsGroupChangePolicy: \"OnRootMismatch\"" \{} \; 
 # shellcheck disable=SC1083
-find ./ \( -not -name '*apache*' -not -name '*collabora-fonts*' -not -name '*trusted-cacerts*' -name '*persistentvolumeclaim.yaml' \) -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
-# shellcheck disable=SC1083
-find ./ -name '*nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}|" \{} \;  
-# shellcheck disable=SC1083
-find ./ -name '*database*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.DATABASE_STORAGE_SIZE }}|" \{} \;  
-# shellcheck disable=SC1083
-find ./ -name '*elasticsearch-persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.FULLTEXTSEARCH_STORAGE_SIZE }}|" \{} \;  
-# shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: {{ .Values.DEFAULT_100M_STORAGE_SIZE }}|" \{} \;
-# shellcheck disable=SC1083
-find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 1Gi|storage: {{ .Values.DEFAULT_1G_STORAGE_SIZE }}|" \{} \;
-# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
@@ -86,6 +74,14 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
+VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g')"
+mapfile -t VOLUMES <<< "$VOLUMES"
+for variable in "${VOLUMES[@]}"; do
+    name="$(echo "$variable" | sed 's|-|_|g' | tr '[:lower:]' '[:upper:]')_STORAGE_SIZE"
+    VOLUME_VARIABLE+=("$name")
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
+done
 
 cd ../
 mkdir -p ../helm-chart/
@@ -110,16 +106,9 @@ sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
-# shellcheck disable=SC2129
-echo 'NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextclouds Datadir with this value' >> /tmp/sample.conf
-# shellcheck disable=SC2129
-echo 'DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value' >> /tmp/sample.conf
-# shellcheck disable=SC2129
-echo 'FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value' >> /tmp/sample.conf
-# shellcheck disable=SC2129
-echo 'DEFAULT_100M_STORAGE_SIZE: 100Mi       # You can change the size of the remaining volumes that default to 100Mi with this value' >> /tmp/sample.conf
-# shellcheck disable=SC2129
-echo 'DEFAULT_1G_STORAGE_SIZE: 1Gi       # You can change the size of the remaining volumes that default to 1Gi with this value' >> /tmp/sample.conf
+for variable in "${VOLUME_VARIABLE[@]}"; do
+    echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
+done
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 53c4204d..d0232f5e 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -31,8 +31,14 @@ TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containe
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
-NEXTCLOUD_DATA_STORAGE_SIZE: 10Gi       # You can change the size of Nextclouds Datadir with this value
-DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume with this value
-FULLTEXTSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the fulltextsearch volume with this value
-DEFAULT_100M_STORAGE_SIZE: 100Mi       # You can change the size of the remaining volumes that default to 100Mi with this value
-DEFAULT_1G_STORAGE_SIZE: 1Gi       # You can change the size of the remaining volumes that default to 1Gi with this value
+ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
+NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
+COLLABORA_FONTS_STORAGE_SIZE: 1Gi       # You can change the size of the collabora-fonts volume that default to 1Gi with this value
+ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
+CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
+DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
+NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
+NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
+REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
+APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value

From c8576044b23dd2bd5b5fb80f02b96e4c90fa49a4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 12:51:53 +0100
Subject: [PATCH 0470/3949] change chart version to v2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index fefeda85..e4ab93a6 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,7 +1,7 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
 version: 4.2.0
-apiVersion: v1
+apiVersion: v2
 keywords:
   - latest
 sources: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

From 64458c8931d987b484f00e454cd5a2dec56025ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Feb 2023 12:12:49 +0000
Subject: [PATCH 0471/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20230101 to 20230201.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 6f8e5745..a548217f 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20230101
+FROM nextcloud/imaginary:20230201
 
 USER root
 RUN set -ex; \

From bda83ffa313d38b2d9384a9b900624fe0672c218 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 1 Feb 2023 12:18:39 +0000
Subject: [PATCH 0472/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index b42bd0eb..d6ac92bc 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -397,16 +397,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.2.2",
+            "version": "v1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae"
+                "reference": "f23fe9d4e95255dacee1bf3525e0810d1a1b0f37"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/47afb7fae28ed29057fdca37e16a84f90cc62fae",
-                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f23fe9d4e95255dacee1bf3525e0810d1a1b0f37",
+                "reference": "f23fe9d4e95255dacee1bf3525e0810d1a1b0f37",
                 "shasum": ""
             },
             "require": {
@@ -453,7 +453,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2022-09-08T13:45:54+00:00"
+            "time": "2023-01-30T18:31:20+00:00"
         },
         {
             "name": "nikic/fast-route",

From 0ea229e19abf6babc70debd90993570d853d7c0e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 16:00:52 +0100
Subject: [PATCH 0473/3949] add volume permission workaround

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-deployment.yaml      | 17 +++++++++---
 .../nextcloud-aio-clamav-deployment.yaml      | 14 +++++++---
 .../nextcloud-aio-collabora-deployment.yaml   | 14 +++++++---
 .../nextcloud-aio-database-deployment.yaml    | 17 +++++++++---
 ...xtcloud-aio-fulltextsearch-deployment.yaml | 14 +++++++---
 .../nextcloud-aio-imaginary-deployment.yaml   |  3 ---
 .../nextcloud-aio-nextcloud-deployment.yaml   | 20 +++++++++++---
 .../nextcloud-aio-onlyoffice-deployment.yaml  | 14 +++++++---
 .../nextcloud-aio-redis-deployment.yaml       | 14 +++++++---
 .../nextcloud-aio-talk-deployment.yaml        |  3 ---
 helm-chart/update-helm.sh                     | 27 +++++++++++++++++--
 11 files changed, 125 insertions(+), 32 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6f0b560a..2c0d6e77 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -21,9 +21,20 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-nextcloud
+            - /nextcloud-aio-apache
+          volumeMounts:
+            - name: nextcloud-aio-apache
+              mountPath: /nextcloud-aio-apache
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
             - name: APACHE_MAX_SIZE
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index cf24fe5c..189721fc 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -22,9 +22,17 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
       containers:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 9068033b..024c8833 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -22,9 +22,17 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-collabora-fonts
+          volumeMounts:
+            - name: nextcloud-aio-collabora-fonts
+              mountPath: /nextcloud-aio-collabora-fonts
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index d1eb3c4e..258bf0d7 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -21,9 +21,20 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-database
+            - /nextcloud-aio-database-dump
+          volumeMounts:
+            - name: nextcloud-aio-database-dump
+              mountPath: /nextcloud-aio-database-dump
+            - name: nextcloud-aio-database
+              mountPath: /nextcloud-aio-database
       containers:
         - env:
             - name: PGTZ
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 64ff5e48..2060316a 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -22,9 +22,17 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-elasticsearch
+          volumeMounts:
+            - name: nextcloud-aio-elasticsearch
+              mountPath: /nextcloud-aio-elasticsearch
       containers:
         - env:
             - name: ES_JAVA_OPTS
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index ea558eba..2eabe094 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -22,9 +22,6 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6e9e1236..45b4da0e 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -21,9 +21,23 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-nextcloud
+            - /nextcloud-aio-nextcloud-data
+            - /nextcloud-aio-nextcloud-trusted-cacerts
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud-data
+              mountPath: /nextcloud-aio-nextcloud-data
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
             - name: ADDITIONAL_APKS
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d4c9eef3..374471c6 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -22,9 +22,17 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-onlyoffice
+          volumeMounts:
+            - name: nextcloud-aio-onlyoffice
+              mountPath: /nextcloud-aio-onlyoffice
       containers:
         - env:
             - name: JWT_ENABLED
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3525d150..57be9cd7 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -21,9 +21,17 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+            - /nextcloud-aio-redis
+          volumeMounts:
+            - name: nextcloud-aio-redis
+              mountPath: /nextcloud-aio-redis
       containers:
         - env:
             - name: REDIS_HOST_PASSWORD
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9e25b9fb..06ac7f2d 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -22,9 +22,6 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
-      securityContext:
-        fsGroup: 65534
-        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: JANUS_API_KEY
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 91216e48..e60d530b 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -40,13 +40,36 @@ cd latest
 mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
 # shellcheck disable=SC1083
 find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
+cat << EOL > /tmp/initcontainers
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - -R
+            - 777
+          volumeMountsInitContainer:
+EOL
+# shellcheck disable=SC1083
+DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
+mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
+for variable in "${DEPLOYMENTS[@]}"; do
+    if grep -q volumeMounts "$variable"; then
+        sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
+        volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
+        mapfile -t volumeNames <<< "$volumeNames"
+        for volumeName in "${volumeNames[@]}"; do
+            sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
+            sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+        done
+        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+    fi
+done
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ securityContext:\n\ \ \ \ \ \ \ \ fsGroup: 65534\n\ \ \ \ \ \ \ \ fsGroupChangePolicy: \"OnRootMismatch\"" \{} \; 
-# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  

From be3798401cbf57c2713edadc08410817e99b14b0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 18:51:40 +0100
Subject: [PATCH 0474/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml      | 3 +--
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml      | 3 +--
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml   | 3 +--
 helm-chart/templates/nextcloud-aio-database-deployment.yaml    | 3 +--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 3 +--
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml   | 3 +--
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml  | 3 +--
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml       | 3 +--
 helm-chart/update-helm.sh                                      | 3 +--
 9 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 2c0d6e77..42a162a0 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,8 +26,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-apache
           volumeMounts:
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 189721fc..79ba5fa0 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,8 +27,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 024c8833..e45299b1 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -27,8 +27,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-collabora-fonts
           volumeMounts:
             - name: nextcloud-aio-collabora-fonts
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 258bf0d7..1069990e 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,8 +26,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
           volumeMounts:
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 2060316a..0f9fc173 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,8 +27,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-elasticsearch
           volumeMounts:
             - name: nextcloud-aio-elasticsearch
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 45b4da0e..4cb83af7 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,8 +26,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-nextcloud-data
             - /nextcloud-aio-nextcloud-trusted-cacerts
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 374471c6..fe624307 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,8 +27,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-onlyoffice
           volumeMounts:
             - name: nextcloud-aio-onlyoffice
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 57be9cd7..d47659a4 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,8 +26,7 @@ spec:
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
             - /nextcloud-aio-redis
           volumeMounts:
             - name: nextcloud-aio-redis
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index e60d530b..b0602e74 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -46,8 +46,7 @@ cat << EOL > /tmp/initcontainers
           image: alpine
           command:
             - chmod
-            - -R
-            - 777
+            - "777"
           volumeMountsInitContainer:
 EOL
 # shellcheck disable=SC1083

From cf38b9a73d0dd38121e5ed9480c5654696852967 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 22:25:40 +0100
Subject: [PATCH 0475/3949] also write install log to logfile

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index f0bd572f..e4d2b36a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -98,6 +98,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Write output to logfile.
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
+        else
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/install.log")
+            exec 2>&1
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then

From 48c28d3613b7dd1c2bc7bcca6e44b720ddf57a15 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 19:55:54 +0100
Subject: [PATCH 0476/3949] get multiarch repodigest

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerHubManager.php | 42 +++++++++++++++--------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 09612750..7e022e2e 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -26,29 +26,31 @@ class DockerHubManager
         // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
 
         try {
-            $authTokenRequest = $this->guzzleClient->request(
+            $request = $this->guzzleClient->request(
                 'GET',
-                'https://auth.docker.io/token?service=registry.docker.io&scope=repository:' . $name . ':pull'
+                'https://hub.docker.com/v2/repositories/' . $name . '/tags?page_size=128'
             );
-            $body = $authTokenRequest->getBody()->getContents();
+            $body = $request->getBody()->getContents();
             $decodedBody = json_decode($body, true);
-            if(isset($decodedBody['token'])) {
-                $authToken = $decodedBody['token'];
-                $manifestRequest = $this->guzzleClient->request(
-                    'GET',
-                    'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,
-                    [
-                        'headers' => [
-                            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.index.v1+json',
-                            'Authorization' => 'Bearer ' . $authToken,
-                        ],
-                    ]
-                );
-                $responseHeaders = $manifestRequest->getHeader('docker-content-digest');
-                if(count($responseHeaders) === 1) {
-                    $latestVersion = $responseHeaders[0];
-                    apcu_add($cacheKey, $latestVersion, 600);
-                    return $latestVersion;
+
+            if (isset($decodedBody['results'])) {
+                $arch = php_uname('m') === 'x86_64' ? 'amd64' : 'arm64';
+                foreach($decodedBody['results'] as $values) {
+                    if (isset($values['name'])
+                    && $values['name'] === $tag
+                    && isset($values['images'])
+                    && is_array($values['images'])) {
+                        foreach ($values['images'] as $images) {
+                            if (isset($images['architecture'])
+                            && $images['architecture'] === $arch
+                            && isset($images['digest'])
+                            && is_string($images['digest'])) {
+                                $latestVersion = $images['digest'];
+                                apcu_add($cacheKey, $latestVersion, 600);
+                                return $latestVersion;
+                            }
+                        }
+                    }
                 }
             }
 

From df91f5d483d9c44f2a6d36cd353c38e5c9fcae86 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Feb 2023 23:52:28 +0100
Subject: [PATCH 0477/3949] fix daily backup running into conflict with
 elasticsearch

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile |  5 +++++
 Containers/fulltextsearch/start.sh   | 18 ++++++++++++++++++
 php/containers.json                  |  3 ++-
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 Containers/fulltextsearch/start.sh

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 16eb6871..77109685 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -11,5 +11,10 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*
 
+COPY start.sh /
+
+RUN chmod +x /start.sh
+ENTRYPOINT ["/start.sh"]
+
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/start.sh b/Containers/fulltextsearch/start.sh
new file mode 100644
index 00000000..1048faa9
--- /dev/null
+++ b/Containers/fulltextsearch/start.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Only start container if database is accessible (needed for backup to work correctly)
+while ! nc -z "$POSTGRES_HOST" 5432; do
+    echo "Waiting for database to start..."
+    sleep 5
+done
+
+# Show wiki if vm.max_map_count is too low
+if [ "$(sysctl -n vm.max_map_count)" -le 65530 ]; then
+    echo "max_map_count is too low and needs to be adjusted."
+    echo "See https://github.com/nextcloud/all-in-one/discussions/1775 how to change max_map_count"
+fi
+
+# Run initial entrypoint
+/bin/tini -- /usr/local/bin/docker-entrypoint.sh
+
+exec "$@"
diff --git a/php/containers.json b/php/containers.json
index 68890258..97f494f5 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -396,7 +396,8 @@
       "environment": [
         "TZ=%TIMEZONE%",
         "discovery.type=single-node",
-        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
+        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M",
+        "POSTGRES_HOST=nextcloud-aio-database"
       ],
       "volumes": [
         {

From cc8d3f908a0eed7113bb6257d013b46f14eda2dc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 11:32:01 +0100
Subject: [PATCH 0478/3949] increase to 4.3.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cf086e49..004aa0fb 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.2.0</h1>
+        <h1>Nextcloud AIO v4.3.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From fab569a613be01b354a1cafe5fb84836288ae4f3 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 2 Feb 2023 11:46:04 +0100
Subject: [PATCH 0479/3949] fix(helm): refactor sources to a string array

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 helm-chart/Chart.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index e4ab93a6..83ad1dbc 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -4,5 +4,6 @@ version: 4.2.0
 apiVersion: v2
 keywords:
   - latest
-sources: https://github.com/nextcloud/all-in-one/tree/main/helm-chart
+sources:
+  - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
 home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

From d7b0d07c71fae047c26f796ca6d0ea495864d189 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 11:49:25 +0100
Subject: [PATCH 0480/3949] fix elasticsearch

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 Containers/fulltextsearch/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 77109685..4f4c7fbe 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
 COPY start.sh /
 
 RUN chmod +x /start.sh
-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["/bin/tini", "--", "/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/start.sh b/Containers/fulltextsearch/start.sh
index 1048faa9..96ae1010 100644
--- a/Containers/fulltextsearch/start.sh
+++ b/Containers/fulltextsearch/start.sh
@@ -13,6 +13,6 @@ if [ "$(sysctl -n vm.max_map_count)" -le 65530 ]; then
 fi
 
 # Run initial entrypoint
-/bin/tini -- /usr/local/bin/docker-entrypoint.sh
+/usr/local/bin/docker-entrypoint.sh
 
 exec "$@"

From a28806ad13aad1b639e778272dc65c21b0abdff9 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 2 Feb 2023 12:07:00 +0100
Subject: [PATCH 0481/3949] fix(helm): don't mark ca certs volume as read only
 globally

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 4cb83af7..70abd7f5 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -135,4 +135,3 @@ spec:
         - name: nextcloud-aio-nextcloud-trusted-cacerts
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud-trusted-cacerts
-            readOnly: true

From 07aaf1fab4a99f2cc6f39e431cf54d34c219708c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 12:05:09 +0100
Subject: [PATCH 0482/3949] adjust variables correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh     | 1 +
 manual-install/update-yaml.sh | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index b0602e74..60b6f75e 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -125,6 +125,7 @@ sed -i 's|=|: |' /tmp/sample.conf
 sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index eb768db9..fb45bd5b 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -59,8 +59,8 @@ do
     sed -i "s|$variable|\${$sole_variable}|g" containers.yml
 done
 
-sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
+sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
@@ -71,7 +71,7 @@ sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This al
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
-sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf

From f8218735d195811231ae57ccbe0c51339b333718 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 12:23:54 +0100
Subject: [PATCH 0483/3949] also deleting global overwrite for apache

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 42a162a0..cd74b891 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -69,7 +69,6 @@ spec:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud
-            readOnly: true
         - name: nextcloud-aio-apache
           persistentVolumeClaim:
             claimName: nextcloud-aio-apache

From 10e114c5f8c5238eeb8420cd1032a2ed805974a7 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 2 Feb 2023 12:45:08 +0100
Subject: [PATCH 0484/3949] fix(helm): chown database volume for postgres

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 1069990e..481a0dcc 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -25,10 +25,10 @@ spec:
         - name: init-volumes
           image: alpine
           command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-database
-            - /nextcloud-aio-database-dump
+            - sh
+            - -c
+            - "chmod 777 /nextcloud-aio-database /nextcloud-aio-database-dump
+                && chown 999:999 /nextcloud-aio-database"
           volumeMounts:
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump

From bbfb6e5dbe4f5b8f8e46ab670de319f6a5a7714c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Feb 2023 12:06:48 +0000
Subject: [PATCH 0485/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.9.3.1 to 22.05.10.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 13ac2f2e..b4162209 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.9.3.1
+FROM collabora/code:22.05.10.1.1
 
 USER root
 

From 484bc235e6b903ca84b2e61a67a893482587702c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 13:06:26 +0100
Subject: [PATCH 0486/3949] fix database helm permissions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index b0602e74..3741c9e1 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -49,12 +49,24 @@ cat << EOL > /tmp/initcontainers
             - "777"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.database
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 999:999
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
     if grep -q volumeMounts "$variable"; then
-        sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
+        if ! echo "$variable" | grep -q database; then
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
         for volumeName in "${volumeNames[@]}"; do

From 011356343faca5d7c1956682d6108523562ab5b4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 12:49:26 +0100
Subject: [PATCH 0487/3949] try to remove readonly from global volumes
 automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index b0602e74..31c55bf2 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -62,6 +62,15 @@ for variable in "${DEPLOYMENTS[@]}"; do
             sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
         done
         sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        if grep -q claimName "$variable"; then
+            claimNames="$(grep claimName "$variable")"
+            mapfile -t claimNames <<< "$claimNames"
+            for claimName in "${claimNames[@]}"; do
+                if grep -A1 "^$claimName$" "$variable" | grep -q "readOnly: true"; then
+                    sed -i "/^$claimName$/{n;d}" "$variable"
+                fi
+            done
+        fi
     fi
 done
 # shellcheck disable=SC1083

From 21492e6b9d22029ae1acd040d9523e18d150f5fe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 15:11:40 +0100
Subject: [PATCH 0488/3949] add expose property to containers definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json |  6 ++++++
 php/containers.json        | 31 +++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 0667942d..40dcc16d 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -15,6 +15,12 @@
 					"image": {
 						"type": "string"
 					},
+					"expose": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
 					"depends_on": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 97f494f5..487d0d41 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -17,6 +17,9 @@
           "protocol": "tcp"
         }
       ],
+      "expose": [
+        "%APACHE_PORT%"
+      ],
       "internal_port": "%APACHE_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
@@ -47,6 +50,9 @@
       "container_name": "nextcloud-aio-database",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
+      "expose": [
+        "5432"
+      ],
       "internal_port": "5432",
       "secrets": [
         "DATABASE_PASSWORD"
@@ -84,6 +90,10 @@
       ],
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
+      "expose": [
+        "9000",
+        "7867"
+      ],
       "internal_port": "9000",
       "secrets": [
         "DATABASE_PASSWORD",
@@ -164,6 +174,9 @@
       "container_name": "nextcloud-aio-redis",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
+      "expose": [
+        "6379"
+      ],
       "internal_port": "6379",
       "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
@@ -186,6 +199,9 @@
       "container_name": "nextcloud-aio-collabora",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
+      "expose": [
+        "9980"
+      ],
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
@@ -218,6 +234,9 @@
           "protocol": "udp"
         }
       ],
+      "expose": [
+        "%TALK_PORT%"
+      ],
       "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
@@ -341,6 +360,9 @@
       "container_name": "nextcloud-aio-clamav",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
+      "expose": [
+        "3310"
+      ],
       "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -359,6 +381,9 @@
       "container_name": "nextcloud-aio-onlyoffice",
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
+      "expose": [
+        "80"
+      ],
       "internal_port": "80",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -382,6 +407,9 @@
       "container_name": "nextcloud-aio-imaginary",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
+      "expose": [
+        "9000"
+      ],
       "internal_port": "9000",
       "environment": [
         "TZ=%TIMEZONE%"
@@ -392,6 +420,9 @@
       "container_name": "nextcloud-aio-fulltextsearch",
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
+      "expose": [
+        "9200"
+      ],
       "internal_port": "9200",
       "environment": [
         "TZ=%TIMEZONE%",

From c7519e3f4955a919d66e915fbaeded23b372e8b1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 15:22:36 +0100
Subject: [PATCH 0489/3949] try to fix the helm-update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 7024e177..c559f0e0 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -26,6 +26,8 @@ sed -i "s|\${IMAGE_TAG}|$DOCKER_TAG\${IMAGE_TAG}|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}|$APACHE_IP_BINDING|" latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
+sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
+sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml

From f5c32a1a67a9ec2d5dcb519e35dda9e3e9e43314 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 15:37:03 +0100
Subject: [PATCH 0490/3949] expose it not needed for containers that publish
 ports

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 487d0d41..27e8b974 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -17,9 +17,6 @@
           "protocol": "tcp"
         }
       ],
-      "expose": [
-        "%APACHE_PORT%"
-      ],
       "internal_port": "%APACHE_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
@@ -234,9 +231,6 @@
           "protocol": "udp"
         }
       ],
-      "expose": [
-        "%TALK_PORT%"
-      ],
       "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",

From 91a977e09e634e032a11de97a4bf587702d5a663 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 15:44:37 +0100
Subject: [PATCH 0491/3949] Helm Chart updates

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud-aio-clamav-deployment.yaml      |  2 ++
 .../nextcloud-aio-clamav-service.yaml         | 18 ++++++++++++++++++
 .../nextcloud-aio-collabora-deployment.yaml   |  2 ++
 .../nextcloud-aio-collabora-service.yaml      | 18 ++++++++++++++++++
 .../nextcloud-aio-database-deployment.yaml    | 11 ++++++-----
 .../nextcloud-aio-database-service.yaml       | 16 ++++++++++++++++
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 ++
 .../nextcloud-aio-fulltextsearch-service.yaml | 18 ++++++++++++++++++
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 ++
 .../nextcloud-aio-imaginary-service.yaml      | 18 ++++++++++++++++++
 .../nextcloud-aio-nextcloud-deployment.yaml   |  3 +++
 .../nextcloud-aio-nextcloud-service.yaml      | 19 +++++++++++++++++++
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 ++
 .../nextcloud-aio-onlyoffice-service.yaml     | 18 ++++++++++++++++++
 .../nextcloud-aio-redis-deployment.yaml       |  2 ++
 .../nextcloud-aio-redis-service.yaml          | 16 ++++++++++++++++
 16 files changed, 162 insertions(+), 5 deletions(-)
 create mode 100644 helm-chart/templates/nextcloud-aio-clamav-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-collabora-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-database-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-imaginary-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
 create mode 100644 helm-chart/templates/nextcloud-aio-redis-service.yaml

diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 79ba5fa0..1c9261a3 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -40,6 +40,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
           image: nextcloud/aio-clamav:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-clamav
+          ports:
+            - containerPort: 3310
           volumeMounts:
             - mountPath: /var/lib/clamav
               name: nextcloud-aio-clamav
diff --git a/helm-chart/templates/nextcloud-aio-clamav-service.yaml b/helm-chart/templates/nextcloud-aio-clamav-service.yaml
new file mode 100644
index 00000000..908a7bae
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  ports:
+    - name: "3310"
+      port: 3310
+      targetPort: 3310
+  selector:
+    io.kompose.service: nextcloud-aio-clamav
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index e45299b1..1dc4a201 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,6 +44,8 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
           image: nextcloud/aio-collabora:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-collabora
+          ports:
+            - containerPort: 9980
           volumeMounts:
             - mountPath: /opt/cool/systemplate/tmpfonts
               name: nextcloud-aio-collabora-fonts
diff --git a/helm-chart/templates/nextcloud-aio-collabora-service.yaml b/helm-chart/templates/nextcloud-aio-collabora-service.yaml
new file mode 100644
index 00000000..3e953d72
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.COLLABORA_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-collabora
+  name: nextcloud-aio-collabora
+spec:
+  ports:
+    - name: "9980"
+      port: 9980
+      targetPort: 9980
+  selector:
+    io.kompose.service: nextcloud-aio-collabora
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 481a0dcc..c0ac5fe6 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -21,14 +21,13 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
-      initContainers:
         - name: init-volumes
           image: alpine
           command:
-            - sh
-            - -c
-            - "chmod 777 /nextcloud-aio-database /nextcloud-aio-database-dump
-                && chown 999:999 /nextcloud-aio-database"
+            - chown
+            - 999:999
+            - /nextcloud-aio-database
+            - /nextcloud-aio-database-dump
           volumeMounts:
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump
@@ -48,6 +47,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
           image: nextcloud/aio-postgresql:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-database
+          ports:
+            - containerPort: 5432
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               name: nextcloud-aio-database
diff --git a/helm-chart/templates/nextcloud-aio-database-service.yaml b/helm-chart/templates/nextcloud-aio-database-service.yaml
new file mode 100644
index 00000000..f32b53c8
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  ports:
+    - name: "5432"
+      port: 5432
+      targetPort: 5432
+  selector:
+    io.kompose.service: nextcloud-aio-database
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 0f9fc173..538c51bd 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,6 +42,8 @@ spec:
               value: single-node
           image: nextcloud/aio-fulltextsearch:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-fulltextsearch
+          ports:
+            - containerPort: 9200
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
               name: nextcloud-aio-elasticsearch
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
new file mode 100644
index 00000000..9f761861
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+  name: nextcloud-aio-fulltextsearch
+spec:
+  ports:
+    - name: "9200"
+      port: 9200
+      targetPort: 9200
+  selector:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2eabe094..854bb0e0 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,4 +28,6 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
           image: nextcloud/aio-imaginary:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-imaginary
+          ports:
+            - containerPort: 9000
 {{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/helm-chart/templates/nextcloud-aio-imaginary-service.yaml
new file mode 100644
index 00000000..824f7285
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-imaginary
+  name: nextcloud-aio-imaginary
+spec:
+  ports:
+    - name: "9000"
+      port: 9000
+      targetPort: 9000
+  selector:
+    io.kompose.service: nextcloud-aio-imaginary
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 70abd7f5..d91f74ec 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -117,6 +117,9 @@ spec:
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
           image: nextcloud/aio-nextcloud:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-nextcloud
+          ports:
+            - containerPort: 9000
+            - containerPort: 7867
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
new file mode 100644
index 00000000..36053808
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  ports:
+    - name: "9000"
+      port: 9000
+      targetPort: 9000
+    - name: "7867"
+      port: 7867
+      targetPort: 7867
+  selector:
+    io.kompose.service: nextcloud-aio-nextcloud
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index fe624307..ae7fc2f3 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,6 +44,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
           image: nextcloud/aio-onlyoffice:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-onlyoffice
+          ports:
+            - containerPort: 80
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
               name: nextcloud-aio-onlyoffice
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
new file mode 100644
index 00000000..d324453e
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  ports:
+    - name: "80"
+      port: 80
+      targetPort: 80
+  selector:
+    io.kompose.service: nextcloud-aio-onlyoffice
+{{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index d47659a4..f9ada631 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,6 +39,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
           image: nextcloud/aio-redis:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-redis
+          ports:
+            - containerPort: 6379
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/helm-chart/templates/nextcloud-aio-redis-service.yaml b/helm-chart/templates/nextcloud-aio-redis-service.yaml
new file mode 100644
index 00000000..82147c73
--- /dev/null
+++ b/helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  ports:
+    - name: "6379"
+      port: 6379
+      targetPort: 6379
+  selector:
+    io.kompose.service: nextcloud-aio-redis

From 12358321d1d3cf52f229da302606cd36210daf9b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 17:37:19 +0100
Subject: [PATCH 0492/3949] re-add initContainers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/templates/nextcloud-aio-database-deployment.yaml | 1 +
 helm-chart/update-helm.sh                                   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index c0ac5fe6..7485332b 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -21,6 +21,7 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
+      initContainers:
         - name: init-volumes
           image: alpine
           command:
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index c559f0e0..71dfc6af 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -52,6 +52,7 @@ cat << EOL > /tmp/initcontainers
           volumeMountsInitContainer:
 EOL
 cat << EOL > /tmp/initcontainers.database
+      initContainers:
         - name: init-volumes
           image: alpine
           command:

From 5a959e9b076c86292cd0231d26a3ce680d3563f9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 18:26:44 +0100
Subject: [PATCH 0493/3949] Revert "get multiarch repodigest"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerHubManager.php | 42 ++++++++++++++---------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 7e022e2e..09612750 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -26,31 +26,29 @@ class DockerHubManager
         // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
 
         try {
-            $request = $this->guzzleClient->request(
+            $authTokenRequest = $this->guzzleClient->request(
                 'GET',
-                'https://hub.docker.com/v2/repositories/' . $name . '/tags?page_size=128'
+                'https://auth.docker.io/token?service=registry.docker.io&scope=repository:' . $name . ':pull'
             );
-            $body = $request->getBody()->getContents();
+            $body = $authTokenRequest->getBody()->getContents();
             $decodedBody = json_decode($body, true);
-
-            if (isset($decodedBody['results'])) {
-                $arch = php_uname('m') === 'x86_64' ? 'amd64' : 'arm64';
-                foreach($decodedBody['results'] as $values) {
-                    if (isset($values['name'])
-                    && $values['name'] === $tag
-                    && isset($values['images'])
-                    && is_array($values['images'])) {
-                        foreach ($values['images'] as $images) {
-                            if (isset($images['architecture'])
-                            && $images['architecture'] === $arch
-                            && isset($images['digest'])
-                            && is_string($images['digest'])) {
-                                $latestVersion = $images['digest'];
-                                apcu_add($cacheKey, $latestVersion, 600);
-                                return $latestVersion;
-                            }
-                        }
-                    }
+            if(isset($decodedBody['token'])) {
+                $authToken = $decodedBody['token'];
+                $manifestRequest = $this->guzzleClient->request(
+                    'GET',
+                    'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,
+                    [
+                        'headers' => [
+                            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.index.v1+json',
+                            'Authorization' => 'Bearer ' . $authToken,
+                        ],
+                    ]
+                );
+                $responseHeaders = $manifestRequest->getHeader('docker-content-digest');
+                if(count($responseHeaders) === 1) {
+                    $latestVersion = $responseHeaders[0];
+                    apcu_add($cacheKey, $latestVersion, 600);
+                    return $latestVersion;
                 }
             }
 

From e18babbbde10d0a90d82654ab4eb773e8cdf9369 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Feb 2023 19:41:41 +0100
Subject: [PATCH 0494/3949] also fail the installation if appdata could not get
 created

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e4d2b36a..6bdb5f2e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -204,17 +204,17 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             echo "Installing with PostgreSQL database"
             INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")
 
-            echo "starting nextcloud installation"
+            echo "Starting Nextcloud installation..."
             max_retries=10
             try=0
             until php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}" || [ "$try" -gt "$max_retries" ]
             do
-                echo "retrying install..."
+                echo "Retrying install..."
                 try=$((try+1))
                 sleep 10s
             done
-            if [ "$try" -gt "$max_retries" ]; then
-                echo "installing of nextcloud failed!"
+            if [ "$try" -gt "$max_retries" ] || [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+                echo "Installation of Nextcloud failed!"
                 touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1
             fi

From 6533018c6f6a9b2508bc0390f38c3bed56c6b72e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Feb 2023 10:48:30 +0100
Subject: [PATCH 0495/3949] ports 8081 needs to be expose for the talk
 container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 27e8b974..a5371f57 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -231,6 +231,9 @@
           "protocol": "udp"
         }
       ],
+      "expose": [
+        "8081"
+      ],
       "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",

From 39415276dbc696a5053483f6cac1fcf013eac752 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Feb 2023 11:38:42 +0100
Subject: [PATCH 0496/3949] add list manifest

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerHubManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 09612750..9b14297c 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -39,7 +39,7 @@ class DockerHubManager
                     'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,
                     [
                         'headers' => [
-                            'Accept' => 'application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.index.v1+json',
+                            'Accept' => 'application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v2+json',
                             'Authorization' => 'Bearer ' . $authToken,
                         ],
                     ]

From be7a1910ad0f5c4bc9991a98cdf4fce23a6a6d36 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Feb 2023 11:57:41 +0100
Subject: [PATCH 0497/3949] increase to v4.3.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 004aa0fb..dec73ab4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.3.0</h1>
+        <h1>Nextcloud AIO v4.3.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 2fbebaae5fdd099ed0c16c6ac66e3244763878ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Feb 2023 14:51:56 +0100
Subject: [PATCH 0498/3949] also add quotes to talk and collabora

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index fb45bd5b..5e934b09 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -61,8 +61,8 @@ done
 
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
-sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
-sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
+sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
+sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf

From 2e8f9bc5fad727265dda0e23223370c3e1f81b14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Feb 2023 15:50:15 +0100
Subject: [PATCH 0499/3949] helm - add type: loadbalancer and remove
 apache_ip_binding again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 6b74de3f..354bc867 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -23,7 +23,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 source /tmp/sample.conf
 rm /tmp/sample.conf
 sed -i "s|\${IMAGE_TAG}|$DOCKER_TAG\${IMAGE_TAG}|" latest.yml
-sed -i "s|\${APACHE_IP_BINDING}|$APACHE_IP_BINDING|" latest.yml
+sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
@@ -101,13 +101,15 @@ find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ sto
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \; 
+find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \;  
 # shellcheck disable=SC1083
-find ./ -name '*apache*' -exec sed -i "s|$APACHE_IP_BINDING|{{ .Values.APACHE_IP_BINDING }}|" \{} \;  
+find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;  
+find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{} \; 
+find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
@@ -148,6 +150,7 @@ sed -i 's|"||g' /tmp/sample.conf
 sed -i 's|=|: |' /tmp/sample.conf
 sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
+sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf

From f83864764f327c5b27e5b818f06cffa158ea8f5c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 10:54:59 +0100
Subject: [PATCH 0500/3949] adjust reverse proxy documentation to also talk
 about web server

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md        | 12 ++++++------
 reverse-proxy.md |  6 ++++--
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/readme.md b/readme.md
index 02e4a9cd..54e6a836 100644
--- a/readme.md
+++ b/readme.md
@@ -12,16 +12,16 @@ Included are:
 - Fulltextsearch
 
 ## How to use this?
-The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a reverse proxy already being in place. If you want to run AIO behind a reverse proxy, see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
+The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
     ```sh
     curl -fsSL get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
-    (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
+    (For people that cannot use ports 80 and/or 443 on this server e.g. because it is already taken by a different web server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
     ```
-    # For x64 CPUs and without reverse proxy already in place:
+    # For x64 CPUs and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
@@ -37,7 +37,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
     <summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
 
     ```
-    # For arm64 CPUs and without reverse proxy already in place:
+    # For arm64 CPUs and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
@@ -59,9 +59,9 @@ The following instructions are especially meant for Linux. For macOS see [this](
     - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
     - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
     - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
-    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
     - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index a57ae474..c8739cc8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,8 +1,10 @@
 # Reverse Proxy Documentation
 
+A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
+
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify the port to your needings.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
@@ -14,7 +16,7 @@ In order to run Nextcloud behind a reverse proxy, you need to specify the port t
 
 ## 1. Add this to your reverse proxy config
 
-**Please note:** Since the Apache container gets spawned by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
+**Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
 ### Apache
 

From 2192ea49b2cb514625348efd371b8b8cd36ce457 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 11:04:29 +0100
Subject: [PATCH 0501/3949] change the order of the entry sentence

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 54e6a836..76f25056 100644
--- a/readme.md
+++ b/readme.md
@@ -12,7 +12,7 @@ Included are:
 - Fulltextsearch
 
 ## How to use this?
-The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). Also, the instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
+The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
     ```sh
     curl -fsSL get.docker.com | sudo sh

From ae3b121823be085f61ba6c27aa53f041da338d2a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 11:10:20 +0100
Subject: [PATCH 0502/3949] fix a few more places

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml            | 8 ++++----
 manual-install/update-yaml.sh | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 01b4090d..392ae17a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,12 +13,12 @@ services:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
     ports:
-      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
-      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
-      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
       # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 5e934b09..3c7ca29a 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -72,8 +72,8 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
-sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf

From 4c06f893fcc7749e2210f1e6dc8983c7656a9f56 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 11:27:33 +0100
Subject: [PATCH 0503/3949] add section about docker swarm and Ppodman

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 76f25056..733adedb 100644
--- a/readme.md
+++ b/readme.md
@@ -526,9 +526,15 @@ By default is each PHP process in the Nextcloud container limited to a max of 51
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
-### How to run this with docker rootless?
+### Can I run this with Docker swarm?
+Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
+
+### How to run this with Docker rootless?
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
+### Can I run this with Podman instead of Docker?
+No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
+
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 

From 5c626405519057c04db4227b319b231f41c5047a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 4 Feb 2023 12:14:08 +0000
Subject: [PATCH 0504/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 20 ++++++++++++++++++++
 manual-install/sample.conf | 18 +++++++++---------
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 75663881..f1f0ddaa 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -29,6 +29,8 @@ services:
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:${IMAGE_TAG}
+    expose:
+      - "5432"
     volumes:
       - nextcloud_aio_database:/var/lib/postgresql/data:rw
       - nextcloud_aio_database_dump:/mnt/data:rw
@@ -51,6 +53,9 @@ services:
       - nextcloud-aio-fulltextsearch
       - nextcloud-aio-imaginary
     image: nextcloud/aio-nextcloud:${IMAGE_TAG}
+    expose:
+      - "9000"
+      - "7867"
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
@@ -102,6 +107,8 @@ services:
 
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:${IMAGE_TAG}
+    expose:
+      - "6379"
     environment:
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - TZ=${TIMEZONE}
@@ -114,6 +121,8 @@ services:
   nextcloud-aio-collabora:
     profiles: ["collabora"]
     image: nextcloud/aio-collabora:${IMAGE_TAG}
+    expose:
+      - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
@@ -131,6 +140,8 @@ services:
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
+    expose:
+      - "8081"
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - TURN_SECRET=${TURN_SECRET}
@@ -145,6 +156,8 @@ services:
   nextcloud-aio-clamav:
     profiles: ["clamav"]
     image: nextcloud/aio-clamav:${IMAGE_TAG}
+    expose:
+      - "3310"
     environment:
       - TZ=${TIMEZONE}
       - CLAMD_STARTUP_TIMEOUT=90
@@ -157,6 +170,8 @@ services:
   nextcloud-aio-onlyoffice:
     profiles: ["onlyoffice"]
     image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
+    expose:
+      - "80"
     environment:
       - TZ=${TIMEZONE}
       - JWT_ENABLED=true
@@ -171,6 +186,8 @@ services:
   nextcloud-aio-imaginary:
     profiles: ["imaginary"]
     image: nextcloud/aio-imaginary:${IMAGE_TAG}
+    expose:
+      - "9000"
     environment:
       - TZ=${TIMEZONE}
     restart: unless-stopped
@@ -180,10 +197,13 @@ services:
   nextcloud-aio-fulltextsearch:
     profiles: ["fulltextsearch"]
     image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
+    expose:
+      - "9200"
     environment:
       - TZ=${TIMEZONE}
       - discovery.type=single-node
       - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+      - POSTGRES_HOST=nextcloud-aio-database
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
     restart: unless-stopped
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index d9ce61b8..d36c83f9 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,16 +1,16 @@
 IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
-APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+CLAMAV_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_ENABLED="yes"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
@@ -23,12 +23,12 @@ NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially creat
 NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TALK_ENABLED="yes"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
-UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS=no          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.

From a5f9ff9c7428430ed356108b75a1847723fd66f1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 15:23:44 +0100
Subject: [PATCH 0505/3949] helm - handle talk internal ports correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-deployment.yaml      |  1 -
 .../nextcloud-aio-apache-service.yaml         |  1 +
 .../nextcloud-aio-clamav-service.yaml         |  0
 .../nextcloud-aio-collabora-service.yaml      |  0
 .../nextcloud-aio-database-service.yaml       |  0
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 ++
 .../nextcloud-aio-fulltextsearch-service.yaml |  0
 .../nextcloud-aio-imaginary-service.yaml      |  0
 .../nextcloud-aio-nextcloud-service.yaml      |  0
 .../nextcloud-aio-onlyoffice-service.yaml     |  0
 .../nextcloud-aio-redis-service.yaml          |  0
 .../nextcloud-aio-talk-deployment.yaml        |  1 +
 .../templates/nextcloud-aio-talk-service.yaml | 33 +++++++++++++++----
 helm-chart/update-helm.sh                     | 16 +++++++++
 helm-chart/values.yaml                        | 17 +++++-----
 15 files changed, 54 insertions(+), 17 deletions(-)
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-clamav-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-collabora-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-database-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-imaginary-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
 mode change 100644 => 100755 helm-chart/templates/nextcloud-aio-redis-service.yaml

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index cd74b891..dcae3e82 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -58,7 +58,6 @@ spec:
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
-              hostIP: {{ .Values.APACHE_IP_BINDING }}
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/helm-chart/templates/nextcloud-aio-apache-service.yaml b/helm-chart/templates/nextcloud-aio-apache-service.yaml
index 50acc4b3..62403fac 100755
--- a/helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -8,6 +8,7 @@ metadata:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
 spec:
+  type: LoadBalancer
   ports:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-service.yaml b/helm-chart/templates/nextcloud-aio-clamav-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-collabora-service.yaml b/helm-chart/templates/nextcloud-aio-collabora-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-database-service.yaml b/helm-chart/templates/nextcloud-aio-database-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 538c51bd..94a7e236 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -36,6 +36,8 @@ spec:
         - env:
             - name: ES_JAVA_OPTS
               value: -Xms1024M -Xmx1024M
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/helm-chart/templates/nextcloud-aio-imaginary-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-redis-service.yaml b/helm-chart/templates/nextcloud-aio-redis-service.yaml
old mode 100644
new mode 100755
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 06ac7f2d..a355e934 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,4 +42,5 @@ spec:
             - containerPort: {{ .Values.TALK_PORT }}
             - containerPort: {{ .Values.TALK_PORT }}
               protocol: UDP
+            - containerPort: 8081
 {{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-talk-service.yaml b/helm-chart/templates/nextcloud-aio-talk-service.yaml
index 91bc1887..22598b4b 100755
--- a/helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -1,4 +1,27 @@
 {{- if eq .Values.TALK_ENABLED "yes" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk-public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "{{ .Values.TALK_PORT }}"
+      port: {{ .Values.TALK_PORT }}
+      targetPort: {{ .Values.TALK_PORT }}
+    - name: {{ .Values.TALK_PORT }}-udp
+      port: {{ .Values.TALK_PORT }}
+      protocol: UDP
+      targetPort: {{ .Values.TALK_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-talk
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -10,13 +33,9 @@ metadata:
   name: nextcloud-aio-talk
 spec:
   ports:
-    - name: "{{ .Values.TALK_PORT }}"
-      port: {{ .Values.TALK_PORT }}
-      targetPort: {{ .Values.TALK_PORT }}
-    - name: {{ .Values.TALK_PORT }}-udp
-      port: {{ .Values.TALK_PORT }}
-      protocol: UDP
-      targetPort: {{ .Values.TALK_PORT }}
+    - name: "8081"
+      port: 8081
+      targetPort: 8081
   selector:
     io.kompose.service: nextcloud-aio-talk
 {{- end }}
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 354bc867..ff477cef 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -110,6 +110,22 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+echo '---' > /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
+sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
+# shellcheck disable=SC1083
+INTERNAL_TALK_PORTS="$(find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{} \;)"
+mapfile -t INTERNAL_TALK_PORTS <<< "$INTERNAL_TALK_PORTS"
+for port in "${INTERNAL_TALK_PORTS[@]}"; do
+    port="$(echo "$port" | grep -oP '[0-9]+')"
+    sed -i "/$port/d" /tmp/talk-service.copy
+done
+echo '---' >>  /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index d0232f5e..1f61a423 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -1,16 +1,15 @@
 IMAGE_TAG: latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
-APACHE_IP_BINDING: 0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+CLAMAV_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+COLLABORA_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
@@ -21,15 +20,15 @@ NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially crea
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-TALK_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+TALK_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
-UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value

From d74ed475dfa549f0888a4acd61ca4ba0995bad6a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Feb 2023 17:03:42 +0100
Subject: [PATCH 0506/3949] adjust permissions for Nextcloud's datadir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-nextcloud-deployment.yaml      | 3 ---
 helm-chart/update-helm.sh                                  | 7 +++++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d91f74ec..b2f48ee1 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -28,13 +28,10 @@ spec:
             - chmod
             - "777"
             - /nextcloud-aio-nextcloud
-            - /nextcloud-aio-nextcloud-data
             - /nextcloud-aio-nextcloud-trusted-cacerts
           volumeMounts:
             - name: nextcloud-aio-nextcloud-trusted-cacerts
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
-            - name: nextcloud-aio-nextcloud-data
-              mountPath: /nextcloud-aio-nextcloud-data
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
       containers:
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index ff477cef..767fd767 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -73,8 +73,11 @@ for variable in "${DEPLOYMENTS[@]}"; do
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
         for volumeName in "${volumeNames[@]}"; do
-            sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
-            sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+            # The Nextcloud container runs as root user and sets the correct permissions automatically for the data-dir if the www-data user cannot write to it
+            if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
+                sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
+                sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+            fi
         done
         sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
         if grep -q claimName "$variable"; then

From 058cadb053663aa9580e0dad63863b73538de1f1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 12:52:54 +0100
Subject: [PATCH 0507/3949] collabora - add server-name variable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index a5371f57..1fc53acb 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -204,7 +204,8 @@
         "aliasgroup1=https://%NC_DOMAIN%:443",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "server_name=%NC_DOMAIN%"
       ],
       "volumes": [
         {

From 20ca378b4cc562246141f6b618f87b355f9dad3f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 13:05:51 +0100
Subject: [PATCH 0508/3949] fix the cp commands for updating between multiple
 major versions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e4d2b36a..726356ce 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -121,9 +121,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             mkdir -p /usr/src/tmp/nextcloud/data
             mkdir -p /usr/src/tmp/nextcloud/custom_apps
             chmod +x /usr/src/tmp/nextcloud/occ
-            cp /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
+            cp -r /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
             mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
-            cp /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
+            cp -r /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
             mv /usr/src/nextcloud /usr/src/temp-nextcloud
             mv /usr/src/tmp/nextcloud /usr/src/nextcloud
             rm -r /usr/src/tmp

From f838a99508e8e616e81af0777522edd6f5476884 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Feb 2023 12:15:44 +0000
Subject: [PATCH 0509/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.1.14-fpm-alpine3.17 to 8.1.15-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 445f8819..ed4be10b 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.23-dind as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.14-fpm-alpine3.17
+FROM php:8.1.15-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From 9130a242e329680152ce3b75cd9b035a846b735b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 17:32:47 +0100
Subject: [PATCH 0510/3949] increase to 4.3.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index dec73ab4..0a5c052e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.3.1</h1>
+        <h1>Nextcloud AIO v4.3.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 053a8e6a88724ff7e5536d70d478736d30131553 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 18:07:57 +0100
Subject: [PATCH 0511/3949] fix a few problems with new install check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e15aa367..49b88bbe 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -98,10 +98,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Write output to logfile.
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
-        else
-            # Write output to logfile.
-            exec > >(tee -i "/var/www/html/data/install.log")
-            exec 2>&1
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
@@ -194,7 +190,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
         #install
         if [ "$installed_version" = "0.0.0.0" ]; then
-            echo "New nextcloud instance"
+            echo "New Nextcloud instance."
+
+            # Write output to logfile.
+            mkdir -p /var/www/html/data
+            exec > >(tee -i "/var/www/html/data/install.log")
+            exec 2>&1
 
             INSTALL_OPTIONS=(-n --admin-user "$ADMIN_USER" --admin-pass "$ADMIN_PASSWORD")
             if [ -n "${NEXTCLOUD_DATA_DIR}" ]; then
@@ -205,15 +206,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")
 
             echo "Starting Nextcloud installation..."
+            if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
+                echo "Installation of Nextcloud failed!"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                exit 1
+            fi
             max_retries=10
             try=0
-            until php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}" || [ "$try" -gt "$max_retries" ]
-            do
-                echo "Retrying install..."
+            while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
+                echo "Waiting for appdata to become available..."
                 try=$((try+1))
                 sleep 10s
             done
-            if [ "$try" -gt "$max_retries" ] || [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+            if [ "$try" -ge "$max_retries" ]; then
                 echo "Installation of Nextcloud failed!"
                 touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1

From 847b285e41eb7af6121715c811be1d3b6599fb3c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 18:18:52 +0100
Subject: [PATCH 0512/3949] print out install errors

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 49b88bbe..d3155789 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -211,6 +211,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1
             fi
+            
             max_retries=10
             try=0
             while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
@@ -218,8 +219,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 try=$((try+1))
                 sleep 10s
             done
+
             if [ "$try" -ge "$max_retries" ]; then
                 echo "Installation of Nextcloud failed!"
+                echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
                 touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1
             fi
@@ -227,9 +230,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # unset admin password
             unset ADMIN_PASSWORD
 
-            # Post Install logs: For questions like https://help.nextcloud.com/t/nextcloud-aio-error-could-not-get-appdata-folder-after-container-has-already-written-data-in-it/151122/5
-            echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
-
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data

From d7dc6bdea60e258a22a98a72114cef275e3cd6bc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Feb 2023 18:32:14 +0100
Subject: [PATCH 0513/3949] try to fix initial install

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d3155789..65abe55b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -211,7 +211,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 touch "$NEXTCLOUD_DATA_DIR/install.failed"
                 exit 1
             fi
-            
+
+            # Try to force generation of appdata dir:
+            php /var/www/html/occ maintenance:repair
+
             max_retries=10
             try=0
             while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do

From 345f0f5f302256fc7bc3a8c7cd68ded5370629fb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 7 Feb 2023 12:16:56 +0000
Subject: [PATCH 0514/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f1f0ddaa..f37dd033 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -128,6 +128,7 @@ services:
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
+      - server_name=${NC_DOMAIN}
     volumes:
       - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     restart: unless-stopped

From c28952fc9cd076b935420faa0f077619a22b88f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Feb 2023 00:32:48 +0100
Subject: [PATCH 0515/3949] imaginary - rework some things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 15 +++++++--------
 php/templates/containers.twig      |  4 ++--
 readme.md                          |  2 +-
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 65abe55b..5520c2a1 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -560,15 +560,14 @@ if version_greater "$installed_version" "24.0.0.0"; then
     if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
         php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 20 --value="OC\\Preview\\HEIC"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 21 --value="OC\\Preview\\TIFF"
-        php /var/www/html/occ config:system:set enabledPreviewProviders 22 --value="OC\\Preview\\WebP"
     else
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-        php /var/www/html/occ config:system:delete preview_imaginary_url
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+            php /var/www/html/occ config:system:delete preview_imaginary_url
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        fi
     fi
 fi
 
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0a5c052e..2c5ba600 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -503,9 +503,9 @@
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
                             <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
diff --git a/readme.md b/readme.md
index 733adedb..debcc289 100644
--- a/readme.md
+++ b/readme.md
@@ -7,7 +7,7 @@ Included are:
 - High performance backend for Nextcloud Files
 - High performance backend for Nextcloud Talk
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
-- Imaginary (for previews of heic, tiff and webp)
+- Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
 

From b68f1b970377d89e018871f72cbfbed16a2a4c70 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 12:04:40 +0000
Subject: [PATCH 0516/3949] Bump clamav/clamav from 0.105.1-7 to 0.105.1-8 in
 /Containers/clamav

Bumps clamav/clamav from 0.105.1-7 to 0.105.1-8.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 882276e7..1988d4dd 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
-FROM clamav/clamav:0.105.1-7
+FROM clamav/clamav:0.105.1-8
 
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/

From 3eba28888b22d4d446145a9ece755166e194e26d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 12:07:47 +0000
Subject: [PATCH 0517/3949] Bump elasticsearch from 7.17.8 to 7.17.9 in
 /Containers/fulltextsearch

Bumps elasticsearch from 7.17.8 to 7.17.9.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4f4c7fbe..c78f4d94 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.8
+FROM elasticsearch:7.17.9
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 

From 57b921bc5e8ca1d1cdb7d9c14d9de571d6ba4d15 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 8 Feb 2023 12:15:56 +0000
Subject: [PATCH 0518/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d6ac92bc..d73b3c91 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -562,16 +562,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.1",
+            "version": "7.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a"
+                "reference": "5d1a8664e24f23b25e0426bbcb1288287fb49181"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a",
-                "reference": "1c7f1cc9cf6f51ff7f5f44bb1fa59243fcb7474a",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/5d1a8664e24f23b25e0426bbcb1288287fb49181",
+                "reference": "5d1a8664e24f23b25e0426bbcb1288287fb49181",
                 "shasum": ""
             },
             "require": {
@@ -619,7 +619,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.1"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.2"
             },
             "funding": [
                 {
@@ -631,7 +631,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-01-13T22:30:45+00:00"
+            "time": "2023-02-07T17:34:03+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1646,16 +1646,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.5.0",
+            "version": "v3.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72"
+                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3ffcf4b7d890770466da3b2666f82ac054e7ec72",
-                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6e0510cc793912b451fd40ab983a1d28f611c15",
+                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15",
                 "shasum": ""
             },
             "require": {
@@ -1706,7 +1706,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.5.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.5.1"
             },
             "funding": [
                 {
@@ -1718,7 +1718,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-12-27T12:28:18+00:00"
+            "time": "2023-02-08T07:49:20+00:00"
         }
     ],
     "packages-dev": [],

From eb024f046008939f5cdee266aec93bb5b7bde1c8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Feb 2023 01:35:35 +0100
Subject: [PATCH 0519/3949] update windows documentation to use paths instead
 of volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig |  6 ++++--
 readme.md                     | 16 ++--------------
 2 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0a5c052e..92dbb2e9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -165,7 +165,8 @@
                             An example for Linux is <b>/mnt/backup</b>.<br>
                             On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
+                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
+                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
@@ -328,7 +329,8 @@
                             An example for Linux is <b>/mnt/backup</b>.<br>
                             On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
+                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
+                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
                         {% endif %}
                     {% endif %}
 
diff --git a/readme.md b/readme.md
index 733adedb..b037359a 100644
--- a/readme.md
+++ b/readme.md
@@ -114,22 +114,10 @@ docker run ^
 nextcloud/all-in-one:latest
 ```
 
-**Please note:** In order to make the built-in backup solution able to back up to the host system, you need to create a volume with the name `nextcloud_aio_backupdir` beforehand:
-```
-docker volume create ^
---driver local ^
---name nextcloud_aio_backupdir ^
--o device="/host_mnt/c/your/backup/path" ^
--o type="none" ^
--o o="bind"
-```
-(The value `/host_mnt/c/your/backup/path` in this example would be equivalent to `C:\your\backup\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
-
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 ⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
-
 ### How to run AIO on Synology DSM
 On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `-e DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the startup command. Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
@@ -468,7 +456,8 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it must be `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. In order to use this, you need to create the `nextcloud_aio_nextcloud_datadir` volume beforehand:
+- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/ncdata' which is equivalent to 'C:\ncdata'.)
+- Another option is to provide a specific volume name here with: `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
     ```
     docker volume create ^
     --driver local ^
@@ -477,7 +466,6 @@ You can configure the Nextcloud container to use a specific directory on your ho
     -o type="none" ^
     -o o="bind"
     ```
-(The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
 
 ### Can I use a CIFS/SMB share as Nextcloud's datadir?
 

From cb527ad29cef5ccbb86a4bc24ecf78f36c044f04 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Feb 2023 11:42:02 +0100
Subject: [PATCH 0520/3949] increase to 4.3.3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 89238d38..4320f61c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.3.2</h1>
+        <h1>Nextcloud AIO v4.3.3</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From b2c92d1b398ac97acba173883886b710ccb9e202 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 12:03:57 +0000
Subject: [PATCH 0521/3949] Bump caddy from 2.6.2-alpine to 2.6.3-alpine in
 /Containers/apache

Bumps caddy from 2.6.2-alpine to 2.6.3-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index edb8ac3e..3ab26a95 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # Caddy is a requirement
-FROM caddy:2.6.2-alpine as caddy
+FROM caddy:2.6.3-alpine as caddy
 
 FROM httpd:2.4.55-alpine3.17
 

From 7be09e89d31a39c0a62eb87c8dde334f1c95b60e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 12:04:08 +0000
Subject: [PATCH 0522/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.6.2-alpine to 2.6.3-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ed4be10b..12b2721f 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:20.10.23-dind as dind
 
 # Caddy is a requirement
-FROM caddy:2.6.2-alpine as caddy
+FROM caddy:2.6.3-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
 FROM php:8.1.15-fpm-alpine3.17

From 23509fc18ad7ed214d2fb98584c4927299cecb71 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Feb 2023 13:10:01 +0100
Subject: [PATCH 0523/3949] improve detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 readme.md                     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4320f61c..652031ec 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -165,7 +165,7 @@
                             An example for Linux is <b>/mnt/backup</b>.<br>
                             On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
+                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
                             Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                         {% endif %}
@@ -329,7 +329,7 @@
                             An example for Linux is <b>/mnt/backup</b>.<br>
                             On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
                             For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
+                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
                             Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
                         {% endif %}
                     {% endif %}
diff --git a/readme.md b/readme.md
index 84f471fb..07694034 100644
--- a/readme.md
+++ b/readme.md
@@ -456,7 +456,7 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host'. Append to that the exact location on your windows host, e.g. 'c/ncdata' which is equivalent to 'C:\ncdata'.)
+- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/ncdata' which is equivalent to 'C:\ncdata'.)
 - Another option is to provide a specific volume name here with: `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
     ```
     docker volume create ^

From 8b8059b6d2c4230e0250c288951df44756d1069a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Feb 2023 13:11:02 +0100
Subject: [PATCH 0524/3949] another one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 07694034..49beef42 100644
--- a/readme.md
+++ b/readme.md
@@ -456,7 +456,7 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/ncdata' which is equivalent to 'C:\ncdata'.)
+- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
 - Another option is to provide a specific volume name here with: `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
     ```
     docker volume create ^

From 398cf969ac04f60147337615e48ea7be8440d37b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 10 Feb 2023 13:42:03 +0100
Subject: [PATCH 0525/3949] mastercontainer - increase max children and switch
 to pm dynamic

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ed4be10b..a5cbd8c8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -58,6 +58,9 @@ RUN set -ex; \
     )"; \
     apk add --virtual .nextcloud-aio-rundeps $runDeps; \
     apk del .build-deps; \
+    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/

From a9f0cf6df51c19a591fac66a4936c0869235dc7e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 10 Feb 2023 13:58:23 +0100
Subject: [PATCH 0526/3949] no needs quotes as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh     | 1 +
 manual-install/update-yaml.sh | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 354bc867..5d9cb93e 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -153,6 +153,7 @@ sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 3c7ca29a..c11c630e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -59,8 +59,8 @@ do
     sed -i "s|$variable|\${$sole_variable}|g" containers.yml
 done
 
-sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
+sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
@@ -71,7 +71,7 @@ sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This al
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
-sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf

From 86a8a2d2fdb2748b9d11e07fc8598712b01a0d08 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 10 Feb 2023 14:02:20 +0100
Subject: [PATCH 0527/3949] increase to 4.3.4

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 652031ec..d0560d99 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.3.3</h1>
+        <h1>Nextcloud AIO v4.3.4</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 0dda394f5cfd21cd101ef2bebfe35f4d8cf1f3e7 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 10 Feb 2023 13:22:54 +0000
Subject: [PATCH 0528/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/sample.conf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index d36c83f9..26c4f4b6 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -4,13 +4,13 @@ AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED="yes"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
@@ -23,12 +23,12 @@ NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially creat
 NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED=no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-TALK_ENABLED="yes"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
-UPDATE_NEXTCLOUD_APPS=no          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.

From 8a0dda300296ce9a9ac64f207b08a90e76c5963c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 11 Feb 2023 15:14:16 +0100
Subject: [PATCH 0529/3949] add an additional step about removing the
 containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 49beef42..e5e64512 100644
--- a/readme.md
+++ b/readme.md
@@ -244,6 +244,7 @@ Here is how to reset the AIO instance properly:
 1. Stop all containers if they are running from the AIO interface
 1. Stop the mastercontainer with `sudo docker stop nextcloud-aio-mastercontainer`
 1. If the domaincheck container is still running, stop it with `sudo docker stop nextcloud-aio-domaincheck`
+1. Check that no AIO containers are running anymore by running `sudo docker ps --format {{.Names}}`. If no `nextcloud-aio` containers are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker stop <container_name>` until no one is listed anymore.
 1. Check which containers are stopped: `sudo docker ps --filter "status=exited"`
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`

From feffba739ae5ef2911782514fa5de367d52cf811 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 11 Feb 2023 15:18:13 +0100
Subject: [PATCH 0530/3949] Helm Chart updates

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud-aio-collabora-deployment.yaml          |  2 ++
 helm-chart/values.yaml                               | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 1dc4a201..00aa7853 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -42,6 +42,8 @@ spec:
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+            - name: server_name
+              value: "{{ .Values.NC_DOMAIN }}"
           image: nextcloud/aio-collabora:20230124_100035-{{ .Values.IMAGE_TAG }}
           name: nextcloud-aio-collabora
           ports:
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 1f61a423..4caceddc 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -3,13 +3,13 @@ AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
@@ -20,11 +20,11 @@ NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially crea
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-TALK_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!

From 9c63e9707f8f971658ecc463e2f89839a2fe30aa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 11 Feb 2023 19:30:02 +0100
Subject: [PATCH 0531/3949] rm does not work if there are too many sessions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 907b0df3..c063b185 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -11,7 +11,7 @@ fi
 # Delete all active sessions and create a lock file
 # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
 if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-    rm -f "/mnt/docker-aio-config/session/"*
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
 fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 

From 96f3ca25069a648c3a0fcb53276eb36190ab105a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 11 Feb 2023 20:49:30 +0100
Subject: [PATCH 0532/3949] fix and hide a few caddy warnings

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile          | 4 ++++
 Containers/apache/start.sh           | 3 +++
 Containers/mastercontainer/Caddyfile | 4 ++++
 Containers/mastercontainer/start.sh  | 6 ++++++
 4 files changed, 17 insertions(+)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 461c0389..ce195ff3 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -4,6 +4,10 @@
     storage file_system {
         root /mnt/data/caddy
     }
+
+    log {
+        level ERROR
+    }
 }
 
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 56ff81bc..c466d907 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -45,6 +45,9 @@ else
 fi
 echo "$CADDYFILE" > /Caddyfile
 
+# Fix the Caddyfile format
+caddy fmt --overwrite /Caddyfile
+
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index 646d37e8..f068f2c3 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -6,6 +6,10 @@
     storage file_system {
         root /mnt/docker-aio-config/caddy/
     }
+
+    log {
+        level ERROR
+    }
 }
 
 http://:80 {
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 3d8ab13e..fbcf7c72 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -280,4 +280,10 @@ export TZ=UTC
 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
 
+# Fix the Caddyfile format
+caddy fmt --overwrite /Caddyfile
+
+# Fix caddy log 
+chmod 777 /root
+
 exec "$@"

From 1dc69dca297a3e0fa15cc6ec7719f1427158f3e9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 11 Feb 2023 21:26:07 +0100
Subject: [PATCH 0533/3949] Match only host names and not ip-addresses

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index f068f2c3..1f77faa7 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -16,7 +16,12 @@ http://:80 {
   redir https://{host}{uri}
 }
 
-https://:8443 {
+# Match only host names and not ip-addresses:
+https://*.*:8443,
+https://*.*.*:8443,
+https://*.*.*.*:8443,
+https://*.*.*.*.*:8443,
+https://*.*.*.*.*.*:8443 {
 
     reverse_proxy localhost:8000
 

From 0f38928dd8cb594d6862db58f59f6b059341f27f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 13:03:53 +0000
Subject: [PATCH 0534/3949] Bump alpine from 3.17.1 to 3.17.2 in
 /Containers/domaincheck

Bumps alpine from 3.17.1 to 3.17.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index bf100723..056205b9 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.1
+FROM alpine:3.17.2
 RUN apk add --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data

From d65e94b3b28fbc4240db9ad7b4a59f1a5b71b710 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 13:03:56 +0000
Subject: [PATCH 0535/3949] Bump postgres from 15.1-alpine to 15.2-alpine in
 /Containers/postgresql

Bumps postgres from 15.1-alpine to 15.2-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 2a0b25a8..eacef9a6 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.1-alpine
+FROM postgres:15.2-alpine
 
 RUN apk add --no-cache bash openssl shadow netcat-openbsd grep mawk
 

From 93de08cd542286354285ed7eb8c55a55e3ff83e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 13:04:00 +0000
Subject: [PATCH 0536/3949] Bump alpine from 3.17.1 to 3.17.2 in
 /Containers/borgbackup

Bumps alpine from 3.17.1 to 3.17.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 371b41cb..96b9ebcd 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.1
+FROM alpine:3.17.2
 
 RUN set -ex; \
     \

From eb52264f3bf5523ee7643bb016ef90e767611ade Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 13:04:15 +0000
Subject: [PATCH 0537/3949] Bump alpine from 3.17.1 to 3.17.2 in
 /Containers/watchtower

Bumps alpine from 3.17.1 to 3.17.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index fbcb0f3f..ca187d2b 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.17.1
+FROM alpine:3.17.2
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /

From b7e593a64d1f0ea88cdfb4f2db3a6fcbfa420314 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 13:04:15 +0000
Subject: [PATCH 0538/3949] Bump docker in /Containers/mastercontainer

Bumps docker from 20.10.23-dind to 23.0.1-dind.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c30855ef..919a53bb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.23-dind as dind
+FROM docker:23.0.1-dind as dind
 
 # Caddy is a requirement
 FROM caddy:2.6.3-alpine as caddy

From 6787d322ccfab16b00c1a65002fa431ea6119556 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Feb 2023 16:51:55 +0100
Subject: [PATCH 0539/3949] also restore configuration.json even if the former
 restore failed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 414b387b..d4ef0e71 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -272,9 +272,8 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/session/"** \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
+        RESTORE_FAILED=1
         echo "Something failed while restoring from backup."
-        umount /tmp/borg
-        exit 1
     fi
 
     # Save current aio password
@@ -294,9 +293,8 @@ if [ "$BORG_MODE" = restore ]; then
     if ! rsync --archive --human-readable -vv \
     /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
     /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+        RESTORE_FAILED=1
         echo "Something failed while restoring the configuration.json."
-        umount /tmp/borg
-        exit 1
     fi
 
     # Set backup-mode to restore since it was a restore
@@ -331,6 +329,10 @@ if [ "$BORG_MODE" = restore ]; then
 
     umount /tmp/borg
 
+    if [ "$RESTORE_FAILED" = 1 ]; then
+        exit 1
+    fi
+
     # Inform user
     get_expiration_time
     echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"

From 285aee962bc4336398abc224dfa10d033ca2516c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:01:00 +0000
Subject: [PATCH 0540/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.1.15-fpm-alpine3.17 to 8.1.16-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c30855ef..4c83aa5e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.23-dind as dind
 FROM caddy:2.6.3-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.15-fpm-alpine3.17
+FROM php:8.1.16-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From 63f2b4a3d9bcf7f649f8c20b26e4799945f3af45 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:02:06 +0000
Subject: [PATCH 0541/3949] Bump php in /Containers/nextcloud

Bumps php from 8.0.27-fpm-alpine3.16 to 8.0.28-fpm-alpine3.16.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 90b53f7f..1968cc24 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.27-fpm-alpine3.16
+FROM php:8.0.28-fpm-alpine3.16
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From 194446fc71e30b32d7271801835272f10c3efadc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Feb 2023 15:30:38 +0100
Subject: [PATCH 0542/3949] check size of config and only write back if space
 is sufficient

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 87d4a7da..e116e44b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -453,10 +453,12 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
         $df = disk_free_space(DataConst::GetDataDirectory());
-        if ($df !== false && (int)$df < 10240) {
+        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
+        $size = strlen($content) + 10240;
+        if ($df !== false && (int)$df < $size) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
         }
-        file_put_contents(DataConst::GetConfigFile(), json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT));
+        file_put_contents(DataConst::GetConfigFile(), $content);
     }
 
     private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {

From 43ef6cb0567fb4dc44f00567b3ae9b6b15ca2698 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 15 Feb 2023 18:30:01 +0100
Subject: [PATCH 0543/3949] traefik - the x-robots-tag should be set by
 nextcloud. dont overwrite it

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c8739cc8..cc4977d6 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -430,8 +430,6 @@ The examples below define the dynamic configuration in YAML files. If you rather
                     hostsProxyHeaders:
                         - "X-Forwarded-Host"
                     referrerPolicy: "same-origin"
-                    customResponseHeaders:
-                        X-Robots-Tag: "none"
 
             https-redirect:
                 redirectscheme:

From 849c0c4c8998ce258d6604a769adaa234c4e8331 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 15 Feb 2023 19:36:26 +0100
Subject: [PATCH 0544/3949] disable the tls-alpn challenge

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index 1f77faa7..02291694 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -27,5 +27,8 @@ https://*.*.*.*.*.*:8443 {
 
     tls {
         on_demand
+        issuer acme {
+            disable_tlsalpn_challenge
+        }
     }
 }

From 2e9a908d071a1ec9deb52f28c504598a4fdbf1ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 12:59:08 +0000
Subject: [PATCH 0545/3949] Bump caddy from 2.6.3-alpine to 2.6.4-alpine in
 /Containers/apache

Bumps caddy from 2.6.3-alpine to 2.6.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 3ab26a95..735ca7fc 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # Caddy is a requirement
-FROM caddy:2.6.3-alpine as caddy
+FROM caddy:2.6.4-alpine as caddy
 
 FROM httpd:2.4.55-alpine3.17
 

From f7ec7da3667b816d2698f97914b50469a1d6eec5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 12:59:11 +0000
Subject: [PATCH 0546/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.6.3-alpine to 2.6.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c30855ef..e14ec597 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:20.10.23-dind as dind
 
 # Caddy is a requirement
-FROM caddy:2.6.3-alpine as caddy
+FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
 FROM php:8.1.15-fpm-alpine3.17

From cf69a3114a68cde23e8076a871c796df03fe8451 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 12:59:25 +0000
Subject: [PATCH 0547/3949] Bump clamav/clamav from 0.105.1-8 to 1.0.1-1 in
 /Containers/clamav

Bumps clamav/clamav from 0.105.1-8 to 1.0.1-1.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 1988d4dd..e94ee588 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
-FROM clamav/clamav:0.105.1-8
+FROM clamav/clamav:1.0.1-1
 
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/

From e9497634b6af2a5585272fcbf3df496fbece38c9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 16:44:35 +0100
Subject: [PATCH 0548/3949] migration.md - adjust db-creation docs for psql 15

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 55f058b7..bbc4d0ee 100644
--- a/migration.md
+++ b/migration.md
@@ -36,8 +36,10 @@ The procedure for migrating the files and the database works like this:
         export PG_PASSWORD="my-temporary-password"
         export PG_DATABASE="nextcloud_db"
         sudo -u postgres psql <<END
-        CREATE USER $PG_USER WITH PASSWORD '$PG_PASSWORD';
+        CREATE USER $PG_USER WITH PASSWORD '$PG_PASSWORD' CREATEDB;
         CREATE DATABASE $PG_DATABASE WITH OWNER $PG_USER TEMPLATE template0 ENCODING 'UTF8';
+        GRANT ALL PRIVILEGES ON DATABASE $PG_DATABASE TO $PG_USER;
+        GRANT ALL PRIVILEGES ON SCHEMA public TO $PG_USER;
         END
         ```
     1. Run the following command to start the conversion:

From 73674c61678398ddde1f16256934aa0441c26fee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 16:55:12 +0100
Subject: [PATCH 0549/3949] document multiarch containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml            |  2 +-
 helm-chart/update-helm.sh     |  2 +-
 helm-chart/values.yaml        |  1 -
 manual-install/readme.md      |  6 +++---
 manual-install/sample.conf    |  1 -
 manual-install/update-yaml.sh |  5 ++---
 manual-upgrade.md             |  2 +-
 readme.md                     | 25 +++----------------------
 reverse-proxy.md              | 23 ++---------------------
 9 files changed, 13 insertions(+), 54 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 392ae17a..d968e3fa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,7 @@ volumes:
 
 services:
   nextcloud:
-    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
+    image: nextcloud/all-in-one:latest
     restart: always
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
     volumes:
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 0e7fbaf1..0da0364d 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -22,7 +22,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
-sed -i "s|\${IMAGE_TAG}|$DOCKER_TAG\${IMAGE_TAG}|" latest.yml
+sed -i "s|:latest$|$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 4caceddc..c34a5a27 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -1,4 +1,3 @@
-IMAGE_TAG: latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
diff --git a/manual-install/readme.md b/manual-install/readme.md
index a62b6f72..f4c65113 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -21,16 +21,16 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.  For arm64 support use `IMAGE_TAG=latest-arm64` (Note: there is no clamav image for arm64).
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
 
 Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.
 
 Now you should be ready to go with `sudo docker-compose up`.
 
 ## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
 
-For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 26c4f4b6..d01d8e16 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,4 +1,3 @@
-IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index c11c630e..7d2446a1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -48,7 +48,6 @@ do
 done
 
 rm -f sample.conf
-echo 'IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support' >> sample.conf
 VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
 mapfile -t VARIABLES <<< "$VARIABLES"
 for variable in "${VARIABLES[@]}"
@@ -60,7 +59,7 @@ do
 done
 
 sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
@@ -133,7 +132,7 @@ networks:
 NETWORK
 
 cat containers.yml > latest.yml
-sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml
+sed -i "/image:/s/$/:latest/" latest.yml
 
 rm containers.yml
 
diff --git a/manual-upgrade.md b/manual-upgrade.md
index 8777aa04..8a4975d8 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -16,7 +16,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
         sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
         sudo chown root:root /tmp/nextcloud-aio-nextcloud
     ```
-1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest` on x64 or `nextcloud/aio-nextcloud:php8.0-latest-arm64` on arm64. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
+1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest`. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
 1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
 1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
 **Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
diff --git a/readme.md b/readme.md
index e5e64512..9fea89c8 100644
--- a/readme.md
+++ b/readme.md
@@ -21,7 +21,7 @@ The following instructions are meant for installations without a web server or r
 2. Run the command below in order to start the container:<br><br>
     (For people that cannot use ports 80 and/or 443 on this server e.g. because it is already taken by a different web server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
     ```
-    # For x64 CPUs and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
+    # For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
@@ -33,25 +33,6 @@ The following instructions are meant for installations without a web server or r
     --volume /var/run/docker.sock:/var/run/docker.sock:ro \
     nextcloud/all-in-one:latest
     ```
-    <details>
-    <summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
-
-    ```
-    # For arm64 CPUs and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
-    sudo docker run \
-    --sig-proxy=false \
-    --name nextcloud-aio-mastercontainer \
-    --restart always \
-    --publish 80:80 \
-    --publish 8080:8080 \
-    --publish 8443:8443 \
-    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-    nextcloud/all-in-one:latest-arm64
-    ```
-
-    </details>
-
     <details>
     <summary>Explanation of the command</summary>
 
@@ -64,7 +45,7 @@ The following instructions are meant for installations without a web server or r
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
-    - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
+    - `nextcloud/all-in-one:latest` This is the docker container image that is used.
     - Further options can be set using environment variables, for example `-e NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
 
@@ -217,7 +198,7 @@ Nextcloud features a built-in bruteforce protection which may get triggered and
 This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. For the beta channel on x64 you need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa. For arm64 it is `nextcloud/all-in-one:latest-arm64` and `nextcloud/all-in-one:beta-arm64`, respectively.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index cc4977d6..cbe03385 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -468,7 +468,7 @@ After adjusting your reverse proxy config, use the following command to start AI
 (For an docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
 
 ```
-# For x64 CPUs:
+# For Linux:
 sudo docker run \
 --sig-proxy=false \
 --name nextcloud-aio-mastercontainer \
@@ -480,26 +480,7 @@ sudo docker run \
 nextcloud/all-in-one:latest
 ```
 
-You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host by providing an additional environmental variable to this docker run command. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost).
-
-<details>
-
-<summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
-
-```
-# For arm64 CPUs:
-sudo docker run \
---sig-proxy=false \
---name nextcloud-aio-mastercontainer \
---restart always \
---publish 8080:8080 \
--e APACHE_PORT=11000 \
---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
---volume /var/run/docker.sock:/var/run/docker.sock:ro \
-nextcloud/all-in-one:latest-arm64
-```
-
-</details>
+You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and if localhost is used, by providing an additional environmental variable to this docker run command. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost).
 
 On macOS see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos.
 

From de2c915bba3e76c1f654ad0e65ef97edfa5d771b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 17:19:02 +0100
Subject: [PATCH 0550/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 7fbbe55a..31a6ad6f 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.2.56
+FROM onlyoffice/documentserver:7.3.2.8
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 2ade84e7abdd07621cca9dd3356ea1ec8db4c2e2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 14 Feb 2023 23:00:38 +0100
Subject: [PATCH 0551/3949] connect containers only to custom network

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c0e4587e..4428bd70 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -372,6 +372,7 @@ class DockerActionManager
                 $portWithProtocol = $value->port . '/' . $value->protocol;
                 $exposedPorts[$portWithProtocol] = null;
             }
+            $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
         } else {
             $requestBody['HostConfig']['NetworkMode'] = 'host';
         }
@@ -622,11 +623,11 @@ class DockerActionManager
         }
     }
 
-    public function DisconnectContainerFromNetwork(Container $container) : void
+    private function DisconnectContainerFromBridgeNetwork(string $id) : void
     {
 
         $url = $this->BuildApiUrl(
-            sprintf('networks/%s/disconnect', 'nextcloud-aio')
+            sprintf('networks/%s/disconnect', 'bridge')
         );
 
         try {
@@ -635,12 +636,11 @@ class DockerActionManager
                 $url,
                 [
                     'json' => [
-                        'container' => $container->GetIdentifier(),
+                        'container' => $id,
                     ],
                 ]
             );
         } catch (RequestException $e) {
-            error_log('Could not disconnect container from network ' . $e->getMessage());
         }
     }
 
@@ -699,6 +699,7 @@ class DockerActionManager
     public function ConnectMasterContainerToNetwork() : void
     {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
+        $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void

From a6667496c7562bd5f2ee172d5d569306c60ddc9a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 16 Feb 2023 16:31:28 +0000
Subject: [PATCH 0552/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f37dd033..15f4d03d 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -7,7 +7,7 @@ services:
       - nextcloud-aio-collabora
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:${IMAGE_TAG}
+    image: nextcloud/aio-apache:latest
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
     environment:
@@ -28,7 +28,7 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-database:
-    image: nextcloud/aio-postgresql:${IMAGE_TAG}
+    image: nextcloud/aio-postgresql:latest
     expose:
       - "5432"
     volumes:
@@ -52,7 +52,7 @@ services:
       - nextcloud-aio-clamav
       - nextcloud-aio-fulltextsearch
       - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:${IMAGE_TAG}
+    image: nextcloud/aio-nextcloud:latest
     expose:
       - "9000"
       - "7867"
@@ -106,7 +106,7 @@ services:
       - nextcloud-aio
 
   nextcloud-aio-redis:
-    image: nextcloud/aio-redis:${IMAGE_TAG}
+    image: nextcloud/aio-redis:latest
     expose:
       - "6379"
     environment:
@@ -120,7 +120,7 @@ services:
 
   nextcloud-aio-collabora:
     profiles: ["collabora"]
-    image: nextcloud/aio-collabora:${IMAGE_TAG}
+    image: nextcloud/aio-collabora:latest
     expose:
       - "9980"
     environment:
@@ -137,7 +137,7 @@ services:
 
   nextcloud-aio-talk:
     profiles: ["talk"]
-    image: nextcloud/aio-talk:${IMAGE_TAG}
+    image: nextcloud/aio-talk:latest
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -156,7 +156,7 @@ services:
 
   nextcloud-aio-clamav:
     profiles: ["clamav"]
-    image: nextcloud/aio-clamav:${IMAGE_TAG}
+    image: nextcloud/aio-clamav:latest
     expose:
       - "3310"
     environment:
@@ -170,7 +170,7 @@ services:
 
   nextcloud-aio-onlyoffice:
     profiles: ["onlyoffice"]
-    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
+    image: nextcloud/aio-onlyoffice:latest
     expose:
       - "80"
     environment:
@@ -186,7 +186,7 @@ services:
 
   nextcloud-aio-imaginary:
     profiles: ["imaginary"]
-    image: nextcloud/aio-imaginary:${IMAGE_TAG}
+    image: nextcloud/aio-imaginary:latest
     expose:
       - "9000"
     environment:
@@ -197,7 +197,7 @@ services:
 
   nextcloud-aio-fulltextsearch:
     profiles: ["fulltextsearch"]
-    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
+    image: nextcloud/aio-fulltextsearch:latest
     expose:
       - "9200"
     environment:

From 4362406587b1a7c882882832bcddb3b508459d9e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 17:38:45 +0100
Subject: [PATCH 0553/3949] fix the helm-update job

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 2 +-
 helm-chart/update-helm.sh         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index d6c8d6f2..007141f9 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -15,7 +15,7 @@ jobs:
       - name: update helm chart
         run: |
           DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
-          DOCKER_TAG="${DOCKER_TAG%%latest*}"
+          DOCKER_TAG="${DOCKER_TAG%%-latest*}"
           export DOCKER_TAG
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 0da0364d..1bb70b7f 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -22,7 +22,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
-sed -i "s|:latest$|$DOCKER_TAG-latest|" latest.yml
+sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml

From 42c0dadb11bacc97786588d74294e399370ae107 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 16 Feb 2023 16:39:25 +0000
Subject: [PATCH 0554/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 helm-chart/Chart.yaml                                           | 2 +-
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml       | 2 +-
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml       | 2 +-
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-database-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml   | 2 +-
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml        | 2 +-
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml         | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 83ad1dbc..2808580b 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.2.0
+version: 4.3.4
 apiVersion: v2
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index dcae3e82..9d17ae9f 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-apache:20230216_152733-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 1c9261a3..1ffd96dd 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-clamav:20230216_152733-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 00aa7853..1939fbac 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-collabora:20230216_152733-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 7485332b..f0c6bd38 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-postgresql:20230216_152733-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 94a7e236..7e45d5f8 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-fulltextsearch:20230216_152733-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 854bb0e0..63d62ef0 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-imaginary:20230216_152733-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index b2f48ee1..f4056a37 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -112,7 +112,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-nextcloud:20230216_152733-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index ae7fc2f3..9d2017a3 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-onlyoffice:20230216_152733-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index f9ada631..352dfabb 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-redis:20230216_152733-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index a355e934..07a7b1de 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230124_100035-{{ .Values.IMAGE_TAG }}
+          image: nextcloud/aio-talk:20230216_152733-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From 5b2b60841dbae6475841231258f1f8732f481536 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 19:14:09 +0100
Subject: [PATCH 0555/3949] add loader to login template

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/login.twig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index b9479253..1b3f746e 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -19,5 +19,9 @@
             {% endif %}
         </div>
     </div>
+    <script type="text/javascript" src="before-unload.js"></script>
+    <div id="overlay">
+        <div class="loader"></div>
+    </div>
 {% endblock %}
 

From 7bb713eaaae352138a8bf19fd63e09d3e1f238ae Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Feb 2023 19:17:04 +0100
Subject: [PATCH 0556/3949] increase to 4.4.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d0560d99..8e78cd2b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.3.4</h1>
+        <h1>Nextcloud AIO v4.4.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 32124235ba4877c62eb15476fa6ad81f519f17ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 17 Feb 2023 11:29:45 +0100
Subject: [PATCH 0557/3949] increase to 4.4.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8e78cd2b..ce6bc1e2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.4.0</h1>
+        <h1>Nextcloud AIO v4.4.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 394b89957897f42944795a097328b594f7143d48 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 17 Feb 2023 11:21:42 +0100
Subject: [PATCH 0558/3949] postgresql - improve database online check during
 the migration

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile     | 2 +-
 Containers/postgresql/healthcheck.sh | 2 +-
 Containers/postgresql/start.sh       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index eacef9a6..6e1e86bc 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
 FROM postgres:15.2-alpine
 
-RUN apk add --no-cache bash openssl shadow netcat-openbsd grep mawk
+RUN apk add --no-cache bash openssl shadow grep mawk
 
 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
index 064bfbcb..c2ee4ec7 100644
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,4 +2,4 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 87e8706d..01092bbe 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -85,7 +85,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     exec docker-entrypoint.sh postgres &
 
     # Wait for creation
-    while ! nc -z localhost 11000; do
+    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:11000/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start."
         sleep 5
     done

From 6d2d05432829ef11dc825ebecfa8d6bdc3799fa8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 17 Feb 2023 12:36:50 +0100
Subject: [PATCH 0559/3949] docker-aio-config should not be a volume by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2c5f4994..888425a0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -18,10 +18,6 @@ EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
 
-RUN mkdir -p /mnt/docker-aio-config/;
-
-VOLUME /mnt/docker-aio-config/
-
 RUN mkdir -p /var/www/docker-aio;
 
 WORKDIR /var/www/docker-aio

From 60399acbc7c032d68e8092c221123e87f1d8ef35 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Feb 2023 16:49:25 +0100
Subject: [PATCH 0560/3949] close #2014

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5520c2a1..df39cab8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -439,10 +439,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
     COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
-    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
     # shellcheck disable=SC2016
-    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
-    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
     COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
     if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then

From a57185a34bd2957a8943cf88e9b0601c1a5eb148 Mon Sep 17 00:00:00 2001
From: Nikolas Rimikis <25266387+Leptopoda@users.noreply.github.com>
Date: Sat, 18 Feb 2023 14:27:52 +0100
Subject: [PATCH 0561/3949] Fix typo

Signed-off-by: Nikolas Rimikis <25266387+Leptopoda@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 9fea89c8..f90fb9b6 100644
--- a/readme.md
+++ b/readme.md
@@ -141,7 +141,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
 
 ### Note on storage options
-- SD-cards are discrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
+- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
 - SSD storage is recommended
 - HDD storage should work as well but is of course much slower than SSD storage
 

From 5ab67cea1edf49811040139aafde505135fffda0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 18 Feb 2023 19:03:26 +0100
Subject: [PATCH 0562/3949] also overwrite db_name to fix db migration

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 88a7ac10..569652d2 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,10 +17,11 @@ if [ -f "/var/www/html/config/config.php" ]; then
         echo "Waiting for the database to start..."
         sleep 5
     done
-    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
-        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && [ "$POSTGRES_DB" = "nextcloud_database" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # This was introduced with https://github.com/nextcloud/all-in-one/pull/218
         sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
         sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+        sed -i "s|'db_name'.*=>.*$|'db_name' => '$POSTGRES_DB',|" /var/www/html/config/config.php
     fi
 fi
 

From 758bc8b3ff9ebf813b9b3b76766a0803856f093d Mon Sep 17 00:00:00 2001
From: Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
Date: Sat, 18 Feb 2023 21:43:20 +0100
Subject: [PATCH 0563/3949] Add the directive ProxyPassReverse

According to the official documentation of Apache the directive ProxyPassReverse should be added when Apache is being used as a reverse proxy. I have tested it and Nexctloud AIO seems to work just fine.

From the documentation:
"This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy (or gateway) to avoid bypassing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy."

https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#ProxyPassReverse


Signed-off-by: Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
---
 reverse-proxy.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index cbe03385..389505b8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -48,7 +48,10 @@ Add this as a new Apache site config:
     RewriteEngine On
     ProxyPreserveHost On
     AllowEncodedSlashes NoDecode
+    
     ProxyPass / http://localhost:11000/ nocanon
+    ProxyPassReverse / http://localhost:11000/
+    
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
     RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"

From e97aa44fe49e9bb5209b97c7fab954b5e4294d36 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 19 Feb 2023 11:05:06 +0100
Subject: [PATCH 0564/3949] add a more complete dnsmasq guide

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index f90fb9b6..6dc38412 100644
--- a/readme.md
+++ b/readme.md
@@ -166,6 +166,7 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
 ### How can I access Nextcloud locally?
 The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
+- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
 - https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 

From 31ca661345db3d42c1587d2375c32e8fe62ff29a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 19 Feb 2023 22:12:11 +0100
Subject: [PATCH 0565/3949] rp documentation - make apache_ip_binding
 documentation more explicit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 389505b8..a29bb3c6 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -9,7 +9,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
-1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
+1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
@@ -478,12 +478,15 @@ sudo docker run \
 --restart always \
 --publish 8080:8080 \
 -e APACHE_PORT=11000 \
+-e APACHE_IP_BINDING=0.0.0.0 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:latest
 ```
 
-You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and if localhost is used, by providing an additional environmental variable to this docker run command. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost).
+Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+
+You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
 
 On macOS see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos.
 
@@ -498,6 +501,7 @@ docker run ^
 --restart always ^
 --publish 8080:8080 ^
 -e APACHE_PORT=11000 ^
+-e APACHE_IP_BINDING=0.0.0.0 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
 nextcloud/all-in-one:latest
@@ -513,9 +517,9 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
-## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.
+## 3. Limit the access to the apache container
 
-Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is.
+Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to or set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!

From 98a32b1ccf57943caa63a7f7b894b36504007f0b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 19 Feb 2023 22:32:14 +0100
Subject: [PATCH 0566/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a29bb3c6..f7d52abb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -519,7 +519,7 @@ Simply translate the docker run command into a docker-compose file. You can have
 
 ## 3. Limit the access to the apache container
 
-Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to or set it to `0.0.0.0`.
+Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!

From 342a3b8b8f19f411d7b010605a6ff28519ae6295 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 19 Feb 2023 22:35:15 +0100
Subject: [PATCH 0567/3949] adjust readme a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 6dc38412..e7424809 100644
--- a/readme.md
+++ b/readme.md
@@ -18,8 +18,7 @@ The following instructions are meant for installations without a web server or r
     curl -fsSL get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
-2. Run the command below in order to start the container:<br><br>
-    (For people that cannot use ports 80 and/or 443 on this server e.g. because it is already taken by a different web server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
+2. Run the command below in order to start the container:
     ```
     # For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     sudo docker run \
@@ -49,6 +48,8 @@ The following instructions are meant for installations without a web server or r
     - Further options can be set using environment variables, for example `-e NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
 
+    Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. `https://ip.address.of.this.server:8080`<br><br>
 If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>

From 00293d3ac0ec20a855aaa53abb7b22eb1d9a9a94 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Mon, 20 Feb 2023 04:23:05 +0000
Subject: [PATCH 0568/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index fc0c624f..92c42660 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.6.0@e784128902dfe01d489c4123d69918a9f3c1eac5"/>
+<files psalm-version="5.7.1@8e0fd880141f236847ab49a06f94f788d41a4292"/>

From a8ac8a8c0006df6b55853f0d5bf57496897a9617 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Feb 2023 10:47:11 +0100
Subject: [PATCH 0569/3949] add util-linux-misc which might be required on
 alpine linux

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile      | 1 +
 Containers/mastercontainer/Dockerfile | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 96b9ebcd..7ef02e71 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -3,6 +3,7 @@ FROM alpine:3.17.2
 RUN set -ex; \
     \
     apk add --no-cache \
+        util-linux-misc \
         bash \
         borgbackup \
         rsync \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2c5f4994..a779adb2 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -28,6 +28,7 @@ WORKDIR /var/www/docker-aio
 
 RUN set -ex; \
     apk add --no-cache \
+        util-linux-misc \
         ca-certificates \
         wget \
         tzdata \

From f4e471e002ebc5d556c13cfb66e7aaf19cd88b03 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Feb 2023 12:20:53 +0000
Subject: [PATCH 0570/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.10.1.1 to 22.05.10.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b4162209..c552da18 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.1.1
+FROM collabora/code:22.05.10.2.1
 
 USER root
 

From 1a329d83aace08b71b336213dbbf9132baa4c441 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Feb 2023 18:11:56 +0100
Subject: [PATCH 0571/3949] Add Helm Chart Releaser workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 48 ++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 .github/workflows/helm-release.yml

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
new file mode 100644
index 00000000..a3aa4f63
--- /dev/null
+++ b/.github/workflows/helm-release.yml
@@ -0,0 +1,48 @@
+
+name: Helm Chart Releaser
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'helm-chart/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Turnstyle
+        uses: softprops/turnstyle@v1
+        with:
+          continue-after-seconds: 180
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN  }}
+
+      - name: Fetch history
+        run: git fetch --prune --unshallow
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      # See https://github.com/helm/chart-releaser-action/issues/6
+      - name: Set up Helm
+        uses: azure/setup-helm@v3.1
+        with:
+          version: v3.6.3
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        with:
+          charts_repo_url: https://nextcloud.github.io/all-in-one
+          charts_dir: helm-chart
+          mark_as_latest: false
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+          CR_SKIP_EXISTING: true

From 403cc5cae7f1fb30c0cdb2192b88a6c9298da19f Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 21 Feb 2023 04:36:29 +0000
Subject: [PATCH 0572/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 92c42660..96278fc4 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.1@8e0fd880141f236847ab49a06f94f788d41a4292"/>
+<files psalm-version="5.7.3@471a8c6a1d4f0dcf91fdb34a3109adb204012fb3"/>

From e0a7ca3656ae017ec94d63da5b6b96fde5380f7c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Feb 2023 15:36:03 +0100
Subject: [PATCH 0573/3949] add additional network option

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4428bd70..715869a0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -663,7 +663,8 @@ class DockerActionManager
                         'Driver' => 'bridge',
                         'Internal' => false,
                         'Options' => [
-                            'com.docker.network.bridge.enable_icc' => 'true'
+                            'com.docker.network.bridge.enable_icc' => 'true',
+                            'com.docker.network.bridge.enable_ip_masquerade' => 'true'
                         ]
                     ]
                 ]

From b8930bc577ec75a65b0a33c5f1b5d5de355476cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Feb 2023 16:07:26 +0100
Subject: [PATCH 0574/3949] only check for internal ip-address

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index df39cab8..d0925196 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -438,8 +438,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
-    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$COLLABORA_HOST');" | php | head -1)"
+    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$COLLABORA_HOST', DNS_AAAA);"
     # shellcheck disable=SC2016
     COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
     COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
@@ -453,7 +453,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -464,13 +464,9 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for $NC_DOMAIN."
+        echo "No ipv6-address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
-        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
-        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
-            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
-        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"

From a2585fffe45524b177974c37460c10905a973f6b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Feb 2023 17:31:03 +0100
Subject: [PATCH 0575/3949] Revert "only check for internal ip-address"

This reverts commit b8930bc577ec75a65b0a33c5f1b5d5de355476cf.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d0925196..df39cab8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -438,8 +438,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$COLLABORA_HOST');" | php | head -1)"
-    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$COLLABORA_HOST', DNS_AAAA);"
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
     # shellcheck disable=SC2016
     COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
     COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
@@ -453,7 +453,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -464,9 +464,13 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for $COLLABORA_HOST."
+        echo "No ipv6-address found for $NC_DOMAIN."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"

From cad3b0968ae4698590c48542dfabcb7f544361b4 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 22 Feb 2023 04:27:47 +0000
Subject: [PATCH 0576/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 96278fc4..cc402c87 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.3@471a8c6a1d4f0dcf91fdb34a3109adb204012fb3"/>
+<files psalm-version="5.7.5@5390c212bab06ee230c8720c2e9c54b823db00c8"/>

From 93bd1ce2eed7e9cdc27b990fe2b977985f0b6a89 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Feb 2023 13:28:22 +0100
Subject: [PATCH 0577/3949] talk - improve a few things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 16 ----------------
 php/containers.json      |  4 +---
 2 files changed, 1 insertion(+), 19 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 3b7567af..a315c4ac 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -7,9 +7,6 @@ if [ -z "$NC_DOMAIN" ]; then
 elif [ -z "$TURN_SECRET" ]; then
     echo "You need to provide the TURN_SECRET."
     exit 1
-elif [ -z "$JANUS_API_KEY" ]; then
-    echo "You need to provide the JANUS_API_KEY."
-    exit 1
 elif [ -z "$SIGNALING_SECRET" ]; then
     echo "You need to provide the SIGNALING_SECRET."
     exit 1
@@ -36,14 +33,6 @@ TURN_CONF
 
 # Janus
 set -x
-sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
-sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
-sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
-sed -i "s|#stun_port.*|stun_port = $TALK_PORT|g" /etc/janus/janus.jcfg
-sed -i "s|#turn_port.*|turn_port = $TALK_PORT|g" /etc/janus/janus.jcfg
-sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
-sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
-sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
@@ -81,11 +70,6 @@ url = nats://127.0.0.1:4222
 [mcu]
 type = janus
 url = ws://127.0.0.1:8188
-
-[turn]
-apikey = ${JANUS_API_KEY}
-secret = ${TURN_SECRET}
-servers = turn:$NC_DOMAIN:$TALK_PORT?transport=tcp,turn:$NC_DOMAIN:$TALK_PORT?transport=udp
 SIGNALING_CONF
 
 exec "$@"
diff --git a/php/containers.json b/php/containers.json
index 1fc53acb..154c8bb1 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -240,14 +240,12 @@
         "NC_DOMAIN=%NC_DOMAIN%",
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
-        "JANUS_API_KEY=%JANUS_API_KEY%",
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%"
       ],
       "secrets": [
         "TURN_SECRET",
-        "SIGNALING_SECRET",
-        "JANUS_API_KEY"
+        "SIGNALING_SECRET"
       ],
       "restart": "unless-stopped"
     },

From 66851eda8ffe3a9aebd65f930079e0c01e9126ab Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 13 Oct 2022 14:04:59 +0200
Subject: [PATCH 0578/3949] improve turn server

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile |  1 +
 Containers/talk/start.sh   | 22 +++++++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2129ec07..81d2dbb8 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -10,6 +10,7 @@ RUN set -ex; \
         curl \
         ca-certificates \
         netcat \
+        dnsutils \
     ; \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 3b7567af..10f6d520 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -15,7 +15,11 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
-# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
+set -x
+IPv4_ADDRESS="$(dig nextcloud-aio-talk A +short)"
+set +x
+
+# Turn
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -32,6 +36,22 @@ pidfile=/var/tmp/turnserver.pid
 no-tls
 no-dtls
 userdb=/var/lib/turn/turndb
+# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
+allowed-peer-ip=$IPv4_ADDRESS
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=100.64.0.0-100.127.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+denied-peer-ip=169.254.0.0-169.254.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+denied-peer-ip=192.0.0.0-192.0.0.255
+denied-peer-ip=192.0.2.0-192.0.2.255
+denied-peer-ip=192.88.99.0-192.88.99.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+denied-peer-ip=198.18.0.0-198.19.255.255
+denied-peer-ip=198.51.100.0-198.51.100.255
+denied-peer-ip=203.0.113.0-203.0.113.255
+denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
 # Janus

From e85c43d075f819445489cb517ed8aa3d30ede636 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 22 Feb 2023 18:03:48 +0100
Subject: [PATCH 0579/3949] Cron: clean nextcloud-aio-domaincheck/tmp volumes

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 563b1ef6..82fa4dc7 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -47,8 +47,14 @@ while true; do
     # Remove sessions older than 24h
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
+    # Remove nextcloud-aio-domaincheck container
+    docker container remove nextcloud-aio-domaincheck --force
+
     # Remove dangling images
-    sudo -u www-data docker image prune -f
+    sudo -u www-data docker image prune --force
+    
+    # Remove dangling volumes
+    for image in $(docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do docker volume remove "$image"; done
 
     # Wait 60s so that the whole loop will not be executed again
     sleep 60

From c2444912b847bb8650a71dd0e702178c7f8dabd4 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 22 Feb 2023 18:10:51 +0100
Subject: [PATCH 0580/3949] the image is a volume...

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 82fa4dc7..dc9170b1 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -54,7 +54,7 @@ while true; do
     sudo -u www-data docker image prune --force
     
     # Remove dangling volumes
-    for image in $(docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do docker volume remove "$image"; done
+    for volume in $(docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do docker volume remove "$volume"; done
 
     # Wait 60s so that the whole loop will not be executed again
     sleep 60

From 9e9e991cb64b98e239686aed5fdc361838263bf9 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 07:00:05 +0100
Subject: [PATCH 0581/3949] add sudo

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index dc9170b1..e8e10be6 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -48,13 +48,13 @@ while true; do
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    docker container remove nextcloud-aio-domaincheck --force
+    sudo -u www-data docker container remove nextcloud-aio-domaincheck --force
 
     # Remove dangling images
     sudo -u www-data docker image prune --force
     
     # Remove dangling volumes
-    for volume in $(docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do docker volume remove "$volume"; done
+    for volume in $(sudo -u www-data docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do sudo -u www-data docker volume remove "$volume"; done
 
     # Wait 60s so that the whole loop will not be executed again
     sleep 60

From fc1d8e0b324964658ab4fcc162972720af3e4ebf Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Feb 2023 12:43:24 +0000
Subject: [PATCH 0582/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1968cc24..2bb9a195 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -116,7 +116,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.3
+ENV NEXTCLOUD_VERSION 25.0.4
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From f2154bf2b7d3c0c4325ab95790c83fb76b882707 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Feb 2023 15:36:05 +0100
Subject: [PATCH 0583/3949] try to fix volume order

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index 1bb70b7f..393188c2 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -141,7 +141,7 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
-VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g')"
+VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g' | sort)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 for variable in "${VOLUMES[@]}"; do
     name="$(echo "$variable" | sed 's|-|_|g' | tr '[:lower:]' '[:upper:]')_STORAGE_SIZE"

From ea5219f40ddb5365c99dde93f27b1fdcf3422d02 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Feb 2023 14:36:40 +0000
Subject: [PATCH 0584/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 helm-chart/Chart.yaml                         |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml      |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   |  2 +-
 .../nextcloud-aio-database-deployment.yaml    |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        |  2 +-
 helm-chart/values.yaml                        | 20 +++++++++----------
 12 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 2808580b..87d8cead 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.3.4
+version: 4.4.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 9d17ae9f..9cbae5f4 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230216_152733-latest
+          image: nextcloud/aio-apache:20230223_085216-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 1ffd96dd..b78ce976 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230216_152733-latest
+          image: nextcloud/aio-clamav:20230223_085216-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 1939fbac..6de610a4 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230216_152733-latest
+          image: nextcloud/aio-collabora:20230223_085216-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f0c6bd38..14f2490d 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230216_152733-latest
+          image: nextcloud/aio-postgresql:20230223_085216-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 7e45d5f8..79d074e8 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230216_152733-latest
+          image: nextcloud/aio-fulltextsearch:20230223_085216-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 63d62ef0..e9e31c96 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230216_152733-latest
+          image: nextcloud/aio-imaginary:20230223_085216-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index f4056a37..d1135095 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -112,7 +112,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230216_152733-latest
+          image: nextcloud/aio-nextcloud:20230223_085216-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9d2017a3..c32e9c01 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230216_152733-latest
+          image: nextcloud/aio-onlyoffice:20230223_085216-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 352dfabb..b2a9b0a4 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230216_152733-latest
+          image: nextcloud/aio-redis:20230223_085216-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 07a7b1de..796bf009 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230216_152733-latest
+          image: nextcloud/aio-talk:20230223_085216-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index c34a5a27..6813aa80 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -29,14 +29,14 @@ TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containe
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
-ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
-NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
-COLLABORA_FONTS_STORAGE_SIZE: 1Gi       # You can change the size of the collabora-fonts volume that default to 1Gi with this value
-ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
-CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
-DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
-NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
-NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
-REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
-DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
+CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
+COLLABORA_FONTS_STORAGE_SIZE: 1Gi       # You can change the size of the collabora-fonts volume that default to 1Gi with this value
+DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
+DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
+ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
+NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
+NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
+NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
+ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
+REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value

From f8457a28309b59a98b75aad3fcb29c07a3d3d2cd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Feb 2023 17:09:10 +0100
Subject: [PATCH 0585/3949] fix install check for primary object storage

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 48 ++++++++++++++++--------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5520c2a1..97684644 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -215,19 +215,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
-            max_retries=10
-            try=0
-            while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
-                echo "Waiting for appdata to become available..."
-                try=$((try+1))
-                sleep 10s
-            done
+            if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
+                max_retries=10
+                try=0
+                while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
+                    echo "Waiting for appdata to become available..."
+                    try=$((try+1))
+                    sleep 10s
+                done
 
-            if [ "$try" -ge "$max_retries" ]; then
-                echo "Installation of Nextcloud failed!"
-                echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
-                touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                exit 1
+                if [ "$try" -ge "$max_retries" ]; then
+                    echo "Installation of Nextcloud failed!"
+                    echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                    exit 1
+                fi
             fi
 
             # unset admin password
@@ -357,18 +359,18 @@ else
     SKIP_UPDATE=1
 fi
 
-# Check if appdata is present
-# If not, something broke (e.g. changing ncdatadir after aio was first started)
-if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
-    echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
-    echo "In the datadir was found:"
-    ls -la "$NEXTCLOUD_DATA_DIR/"
-    exit 1
-fi
-
-# Configure tempdirectory
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
+    # Check if appdata is present
+    # If not, something broke (e.g. changing ncdatadir after aio was first started)
+    if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+        echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+        echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+        echo "In the datadir was found:"
+        ls -la "$NEXTCLOUD_DATA_DIR/"
+        exit 1
+    fi
+
+    # Configure tempdirectory
     mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
     if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
         echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini

From 491693f402696986ba0c9ca124c25ca6295a446b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 19 Feb 2023 23:21:04 +0100
Subject: [PATCH 0586/3949] add a more generous solution to starting containers
 while backup still running

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile       |  5 -----
 Containers/fulltextsearch/start.sh         | 18 ------------------
 Containers/mastercontainer/daily-backup.sh | 14 +++++++++++---
 php/templates/containers.twig              | 12 +++---------
 readme.md                                  |  2 +-
 5 files changed, 15 insertions(+), 36 deletions(-)
 delete mode 100644 Containers/fulltextsearch/start.sh

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index c78f4d94..67862db3 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -11,10 +11,5 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*
 
-COPY start.sh /
-
-RUN chmod +x /start.sh
-ENTRYPOINT ["/bin/tini", "--", "/start.sh"]
-
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/start.sh b/Containers/fulltextsearch/start.sh
deleted file mode 100644
index 96ae1010..00000000
--- a/Containers/fulltextsearch/start.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
-# Only start container if database is accessible (needed for backup to work correctly)
-while ! nc -z "$POSTGRES_HOST" 5432; do
-    echo "Waiting for database to start..."
-    sleep 5
-done
-
-# Show wiki if vm.max_map_count is too low
-if [ "$(sysctl -n vm.max_map_count)" -le 65530 ]; then
-    echo "max_map_count is too low and needs to be adjusted."
-    echo "See https://github.com/nextcloud/all-in-one/discussions/1775 how to change max_map_count"
-fi
-
-# Run initial entrypoint
-/usr/local/bin/docker-entrypoint.sh
-
-exec "$@"
diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index c063b185..3b2d053a 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -38,9 +38,10 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then
 fi
 
 # Wait for watchtower to stop
-if [ "$AUTOMATIC_UPDATES" = 1 ] && ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
-    echo "Something seems to be wrong: Watchtower should be started at this step."
-else
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
+        echo "Something seems to be wrong: Watchtower should be started at this step."
+    fi
     while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
         echo "Waiting for watchtower to stop"
         sleep 30
@@ -58,6 +59,13 @@ fi
 if [ "$DAILY_BACKUP" = 1 ]; then
     echo "Creating daily backup..."
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+    if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
+        echo "Something seems to be wrong: the borg container should be started at this step."
+    fi
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
+        echo "Waiting for backup container to stop"
+        sleep 30
+    done
 fi
 
 # Execute backup check
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ce6bc1e2..ccd86267 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -24,14 +24,10 @@
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}
         {% set isWatchtowerRunning = false %}
-        {% set isRestoreRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
 
         {% if is_backup_container_running == true %}
-            {% if borg_backup_mode == 'restore' %}
-                {% set isRestoreRunning = true %}
-            {% endif %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
                 {% set isBackupOrRestoreRunning = true %}
             {% endif %}
@@ -249,7 +245,7 @@
 
                     {% if has_update_available == true %}
                         {% if is_mastercontainer_update_available == false %}
-                            ⚠️ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
+                            ⚠️ Container updates are available. Click on <b>Stop Containers</b> and <b>Start Containers</b> to update them. You should consider creating a backup first.<br><br>
                         {% endif %}
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
@@ -277,10 +273,8 @@
                         </form>
                     {% endif %}
                 {% else %}
-                    {% if isRestoreRunning == true %}
-                        Restore currently running. Cannot start the containers until that's done.<br /><br />
-                    {% elseif has_update_available == true and isBackupOrRestoreRunning == true %}
-                        Restore or Backup currently running and container update available. Cannot start the containers until that's done.<br /><br />
+                    {% if isBackupOrRestoreRunning == true %}
+                        Restore or Backup currently running. Cannot start the containers until that's done.<br /><br />
                     {% else %}
                         {% if was_start_button_clicked == false %}
                             Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
diff --git a/readme.md b/readme.md
index e7424809..d70fac21 100644
--- a/readme.md
+++ b/readme.md
@@ -420,7 +420,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
-- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking if `START_CONTAINERS` and `AUTOMATIC_UPDATES` is not enabled at the same time which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
 - `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.

From e28aef0c6af6a4185e66c8faec1d1ab25bd82eaf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Feb 2023 17:55:36 +0100
Subject: [PATCH 0587/3949] increase to 4.5.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ccd86267..84c74d95 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.4.1</h1>
+        <h1>Nextcloud AIO v4.5.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From e2f92a30c6bbbb7903b109fed2c1bffb55933440 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:05:08 +0100
Subject: [PATCH 0588/3949] remove removing tmp volumes

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index e8e10be6..f8cedce9 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -52,9 +52,6 @@ while true; do
 
     # Remove dangling images
     sudo -u www-data docker image prune --force
-    
-    # Remove dangling volumes
-    for volume in $(sudo -u www-data docker volume ls --quiet --filter dangling=true | grep -E "^[a-z0-9]{64}$"); do sudo -u www-data docker volume remove "$volume"; done
 
     # Wait 60s so that the whole loop will not be executed again
     sleep 60

From d7a174615c9954728f555ffa7f40a7088b260773 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:05:34 +0100
Subject: [PATCH 0589/3949] only remove domaincheck container if it is stopped

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index f8cedce9..f6250206 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -48,7 +48,9 @@ while true; do
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    sudo -u www-data docker container remove nextcloud-aio-domaincheck --force
+    if docker ps --format "{{.Names}}" --filter "status=exited" | grep -qw "^nextcloud-aio-domaincheck$"; then
+        sudo -u www-data docker container remove nextcloud-aio-domaincheck
+    fi
 
     # Remove dangling images
     sudo -u www-data docker image prune --force

From 73b4c2d3eab4a7ac460e24a1ac1ef23b1423dc0c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:13:22 +0100
Subject: [PATCH 0590/3949] add missing sudo

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index f6250206..cccda17f 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -48,7 +48,7 @@ while true; do
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    if docker ps --format "{{.Names}}" --filter "status=exited" | grep -qw "^nextcloud-aio-domaincheck$"; then
+    if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -qw "^nextcloud-aio-domaincheck$"; then
         sudo -u www-data docker container remove nextcloud-aio-domaincheck
     fi
 

From 3eb3a9ff9fb6c8a28b130f963f58e5e8c78fb7de Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:19:51 +0100
Subject: [PATCH 0591/3949] remove -w from grep

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index cccda17f..f5de8a50 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -48,7 +48,7 @@ while true; do
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -qw "^nextcloud-aio-domaincheck$"; then
+    if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
         sudo -u www-data docker container remove nextcloud-aio-domaincheck
     fi
 

From cf8d3dd437d06623528ec306cd55cc754652e4c6 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:26:25 +0100
Subject: [PATCH 0592/3949] add a note on supported architectures

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index d70fac21..70006b17 100644
--- a/readme.md
+++ b/readme.md
@@ -63,6 +63,10 @@ Nextcloud AIO is inspired by projects like Portainer that manage the docker daem
 ### Are reverse proxies supported?
 Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 
+### Which CPU architectures are supported?
+- x64/x86_64/amd64
+- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
+
 ### Which ports are mandatory to be open in your firewall/router?
 Only those (if you access the Mastercontainer Interface internally via port 8080):
 - `443/TCP` for the Apache container

From ac7c7b19d85e7bbe6e9591fc30911483c08d2258 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 23 Feb 2023 18:31:09 +0100
Subject: [PATCH 0593/3949] add note on uname -m

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 70006b17..95f4e39e 100644
--- a/readme.md
+++ b/readme.md
@@ -64,7 +64,8 @@ Nextcloud AIO is inspired by projects like Portainer that manage the docker daem
 Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 
 ### Which CPU architectures are supported?
-- x64/x86_64/amd64
+You can check this on Linux by running: `uname -m`
+- x86_64/x64/amd64
 - aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
 
 ### Which ports are mandatory to be open in your firewall/router?

From 5fd0b3294ee93e78723c54a556aa11a002b9a012 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Mon, 27 Feb 2023 04:22:49 +0000
Subject: [PATCH 0594/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index cc402c87..9efde3ff 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.5@5390c212bab06ee230c8720c2e9c54b823db00c8"/>
+<files psalm-version="5.7.7@e028ba46ba0d7f9a78bc3201c251e137383e145f"/>

From d9ec23e0f86756d24249c9632bdf7457db26d319 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 28 Feb 2023 12:17:26 +0000
Subject: [PATCH 0595/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 1 -
 manual-install/sample.conf | 1 -
 2 files changed, 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 15f4d03d..bf09607d 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -147,7 +147,6 @@ services:
       - NC_DOMAIN=${NC_DOMAIN}
       - TURN_SECRET=${TURN_SECRET}
       - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
     restart: unless-stopped
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index d01d8e16..776f933a 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -10,7 +10,6 @@ COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.

From 9758c124918ff19bbfb9e1c110472a53ed7bec38 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Feb 2023 13:00:41 +0000
Subject: [PATCH 0596/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.10.2.1 to 22.05.10.7.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c552da18..c117fce4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.2.1
+FROM collabora/code:22.05.10.7.1
 
 USER root
 

From 0dcdbf8be285dfb8117fcf8e9522a987761a8d8a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 1 Mar 2023 12:17:25 +0000
Subject: [PATCH 0597/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d73b3c91..212ae06a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1335,16 +1335,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.2.0",
+            "version": "v3.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3"
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/1ee04c65529dea5d8744774d474e7cbd2f1206d3",
-                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
                 "shasum": ""
             },
             "require": {
@@ -1382,7 +1382,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
             },
             "funding": [
                 {
@@ -1398,7 +1398,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-25T10:21:52+00:00"
+            "time": "2023-03-01T10:25:55+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",

From 5fbe9021452be3ebd6782e24f67cb5fef2955f62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Mar 2023 13:03:34 +0000
Subject: [PATCH 0598/3949] Bump redis from 7.0.8-alpine to 7.0.9-alpine in
 /Containers/redis

Bumps redis from 7.0.8-alpine to 7.0.9-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index f84eec66..6c1b72a9 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.8-alpine
+FROM redis:7.0.9-alpine
 
 RUN apk add --no-cache openssl bash
 

From de9b2bba0e9eed68beb44353d87e53e19ebb5901 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Mar 2023 13:06:33 +0000
Subject: [PATCH 0599/3949] Bump nextcloud/imaginary in /Containers/imaginary

Bumps nextcloud/imaginary from 20230201 to 20230301.

---
updated-dependencies:
- dependency-name: nextcloud/imaginary
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b56870f9..15c610f7 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20230201
+FROM nextcloud/imaginary:20230301
 
 USER root
 RUN set -ex; \

From 98078cbe0a36bb4dcf8b5ba0e2dee92a5a8ee0d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Mar 2023 09:12:07 +0100
Subject: [PATCH 0600/3949] improve the volume and container name check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index fbcf7c72..6a13488f 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -77,11 +77,11 @@ elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
 fi
 
 # Check if startup command was executed correctly
-if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
+if ! sudo -u www-data docker ps --format "{{.Name}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer the correct name?
 Using a different name is not supported!"
     exit 1
-elif ! sudo -u www-data docker volume ls | grep -q "nextcloud_aio_mastercontainer"; then
+elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer volume the correct name?
 Using a different name is not supported!"
     exit 1

From 6a22d5443ba0f6e4f1cb0c290b52c2bcc099202d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Mar 2023 09:21:45 +0100
Subject: [PATCH 0601/3949] don't wait for clamav until forever

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 33 ++++++++++++++++++------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 70f381f5..e9cb334b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -534,23 +534,30 @@ fi
 
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
-    while ! nc -z "$CLAMAV_HOST" 3310; do
+    count=0
+    while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do
         echo "waiting for clamav to become available..."
+        count=$((count+5))
         sleep 5
     done
-    if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
-        php /var/www/html/occ app:install files_antivirus
-    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable files_antivirus
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update files_antivirus
+    if [ "$count" -ge 90 ]; then
+        echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app."
+        php /var/www/html/occ app:disable files_antivirus
+    else
+        if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+            php /var/www/html/occ app:install files_antivirus
+        elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable files_antivirus
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update files_antivirus
+        fi
+        php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
+        php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
+        php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
+        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
+        php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
     fi
-    php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
-    php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
-    php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
-    php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
-    php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
-    php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
 else
     if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
         php /var/www/html/occ app:remove files_antivirus

From ee06a04f5191628691c843af667143aa1a163256 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 27 Feb 2023 14:48:49 +0100
Subject: [PATCH 0602/3949] fix datadir permission check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh     | 4 ++++
 manual-install/update-yaml.sh          | 1 +
 php/containers.json                    | 3 ++-
 php/src/Data/ConfigurationManager.php  | 8 ++++++++
 php/src/Docker/DockerActionManager.php | 6 ++++++
 5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 70f381f5..5316fb18 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -212,6 +212,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 exit 1
             fi
 
+            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" = yes ]; then
+                php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
+            fi
+
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 7d2446a1..82206a2e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -71,6 +71,7 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
+sed -i 's|SKIP_DATA_DIRECTORY_PERMISSION_CHECK=|SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index 154c8bb1..a0294656 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -160,7 +160,8 @@
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
-        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
+        "SKIP_DATA_DIRECTORY_PERMISSION_CHECK=%SKIP_DATA_DIRECTORY_PERMISSION_CHECK%"
       ],
       "restart": "unless-stopped",
       "devices": [
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e116e44b..b7f48176 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -736,6 +736,14 @@ class ConfigurationManager
         return false;
     }
 
+    public function shouldDataDirectoryPermissionCheckGetSkipped() : bool {
+        $datadir = $this->GetNextcloudDatadirMount();
+        if ($datadir === 'nextcloud_aio_nextcloud_datadir' || str_starts_with($datadir, '/run/desktop/mnt/host/')) {
+            return true;
+        }
+        return false;
+    }
+
     public function GetNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 715869a0..b22ca032 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -348,6 +348,12 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
+                } elseif ($out[1] === 'SKIP_DATA_DIRECTORY_PERMISSION_CHECK') {
+                    if ($this->configurationManager->shouldDataDirectoryPermissionCheckGetSkipped()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {

From aec815119ea92ca0eb9460699f6c5e6aa04a0fe4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 2 Mar 2023 11:20:49 +0000
Subject: [PATCH 0603/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 helm-chart/Chart.yaml                                         | 2 +-
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml     | 2 +-
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml     | 2 +-
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml  | 2 +-
 helm-chart/templates/nextcloud-aio-database-deployment.yaml   | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml  | 2 +-
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml  | 2 +-
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +-
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml      | 2 +-
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml       | 4 +---
 helm-chart/values.yaml                                        | 1 -
 12 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 87d8cead..678d1536 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.4.1
+version: 4.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 9cbae5f4..24cdd5fe 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230223_085216-latest
+          image: nextcloud/aio-apache:20230302_085724-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b78ce976..d108a0d3 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230223_085216-latest
+          image: nextcloud/aio-clamav:20230302_085724-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 6de610a4..be574c21 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230223_085216-latest
+          image: nextcloud/aio-collabora:20230302_085724-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 14f2490d..97ec19c9 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230223_085216-latest
+          image: nextcloud/aio-postgresql:20230302_085724-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 79d074e8..ebc1dd5d 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230223_085216-latest
+          image: nextcloud/aio-fulltextsearch:20230302_085724-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index e9e31c96..7a1083cc 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230223_085216-latest
+          image: nextcloud/aio-imaginary:20230302_085724-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d1135095..b0f0e87f 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -112,7 +112,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230223_085216-latest
+          image: nextcloud/aio-nextcloud:20230302_085724-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c32e9c01..90c2f005 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230223_085216-latest
+          image: nextcloud/aio-onlyoffice:20230302_085724-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b2a9b0a4..dab4e609 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230223_085216-latest
+          image: nextcloud/aio-redis:20230302_085724-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 796bf009..a1fd7565 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -24,8 +24,6 @@ spec:
     spec:
       containers:
         - env:
-            - name: JANUS_API_KEY
-              value: "{{ .Values.JANUS_API_KEY }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
             - name: SIGNALING_SECRET
@@ -36,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230223_085216-latest
+          image: nextcloud/aio-talk:20230302_085724-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 6813aa80..1ebb8f0c 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -9,7 +9,6 @@ COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the valu
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.

From 50aa3681692ba4889aa5e471d7447d8e6eec8626 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Mar 2023 13:00:44 +0000
Subject: [PATCH 0604/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.10.7.1 to 22.05.10.8.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c117fce4..29e253e8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.7.1
+FROM collabora/code:22.05.10.8.1
 
 USER root
 

From f67cae35fa6fe6a680f39bd917ff7d7ded605239 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Mar 2023 13:00:49 +0000
Subject: [PATCH 0605/3949] Bump ubuntu from focal-20230126 to focal-20230301
 in /Containers/talk

Bumps ubuntu from focal-20230126 to focal-20230301.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 81d2dbb8..2330c09e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20230126
+FROM ubuntu:focal-20230301
 
 RUN set -ex; \
     \

From 97b0622cc3fcec2b3866b71a3584e997110eaa2d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Mar 2023 14:50:50 +0100
Subject: [PATCH 0606/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6a13488f..5414ef3b 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -77,7 +77,7 @@ elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
 fi
 
 # Check if startup command was executed correctly
-if ! sudo -u www-data docker ps --format "{{.Name}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
+if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer the correct name?
 Using a different name is not supported!"
     exit 1

From c23b7aa3969a5f029e3cc9f9abc6be34e97a9ec0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Mar 2023 15:48:51 +0100
Subject: [PATCH 0607/3949] increase to 4.5.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 84c74d95..d49c6499 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.5.0</h1>
+        <h1>Nextcloud AIO v4.5.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From c5e481b767d25ee99139fbdda66e77a55c856218 Mon Sep 17 00:00:00 2001
From: Shantanu Tushar <shaan7in@gmail.com>
Date: Sat, 4 Mar 2023 03:17:33 +0530
Subject: [PATCH 0608/3949] Fix directory path example

`/run/desktop/mnt/host/c/ncdata` does not really contain the word `backup`, so I'm guessing `C:\backup` is a typo.

Signed-off-by: Shantanu Tushar <shaan7in@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 95f4e39e..868a97e9 100644
--- a/readme.md
+++ b/readme.md
@@ -445,7 +445,7 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\backup` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
+- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
 - Another option is to provide a specific volume name here with: `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
     ```
     docker volume create ^

From 4590b28b50a3e8f913fc8ba680912ddf80a7903f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Mar 2023 17:26:57 +0100
Subject: [PATCH 0609/3949] remove tzdata from mastercontainer

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f9f2914f..5b4d644e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -27,7 +27,6 @@ RUN set -ex; \
         util-linux-misc \
         ca-certificates \
         wget \
-        tzdata \
         bash \
         apache2 \
         apache2-proxy \

From c54395aa4c695fb53e6110328ede473c13693de2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Mar 2023 18:02:05 +0100
Subject: [PATCH 0610/3949] update snap migration advice

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index bbc4d0ee..cde31518 100644
--- a/migration.md
+++ b/migration.md
@@ -20,7 +20,7 @@ The procedure for migrating only the files works like this:
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 
 ## Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension.
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
 
 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.

From 1e96eed341be8da50c5beb3b55583f1b7ed72a38 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 4 Mar 2023 20:09:36 +0100
Subject: [PATCH 0611/3949] add a check if the mastercontainer volume is really
 connected to the mastercontainer

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 5414ef3b..b52e81cb 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -85,6 +85,10 @@ elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcl
     echo "It seems like you did not give the mastercontainer volume the correct name?
 Using a different name is not supported!"
     exit 1
+elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
+    echo "It seems like you did not attach the nextcloud_aio_mastercontainer volume to the mastercontainer?
+This is not supported!"
+    exit 1
 fi
 
 # Check for other options

From ba6efd2a9c469f4647a7daeca073016ef97b12bf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Mar 2023 14:34:50 +0100
Subject: [PATCH 0612/3949] change how permission check setting works

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3eff4e4e..a7aa6327 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -212,9 +212,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 exit 1
             fi
 
-            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" = yes ]; then
-                php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
-            fi
+            # We do our own permission check so the permission check is not needed
+            php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
 
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
@@ -297,6 +296,11 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 done
             fi
 
+            # Set the permission check to its default value again if not set
+            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" = yes ]; then
+                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
+            fi
+
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"

From cf3f1f04cd13935061d1188d9acb947577368fb5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Mar 2023 11:42:00 +0100
Subject: [PATCH 0613/3949] update some imaginary dependencies to improve
 performance

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 15c610f7..2924967c 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -4,10 +4,17 @@ FROM nextcloud/imaginary:20230301
 USER root
 RUN set -ex; \
     \
+    echo "deb http://deb.debian.org/debian sid main" > /etc/apt/sources.list.d/sid.list \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         netcat \
     ; \
+    apt-get install -t sid -y --no-install-recommends \
+        libheif1 \
+        libde265-0 \
+        libx265-199 \
+        libvips \
+    ; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 

From 65875302422d3d8bb6914024678b4dbbeb1a6940 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Mar 2023 11:36:36 +0100
Subject: [PATCH 0614/3949] fix set_memory for imaginary and move cap_add to
 containers.json

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 6 ++++++
 php/containers.json                    | 8 +++++++-
 php/src/Container/Container.php        | 8 ++++++++
 php/src/ContainerDefinitionFetcher.php | 6 ++++++
 php/src/Docker/DockerActionManager.php | 6 +++++-
 5 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 40dcc16d..538593fd 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -21,6 +21,12 @@
 							"type": "string"
 						}
 					},
+					"cap_add": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
 					"depends_on": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index a0294656..d75d59c9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -318,6 +318,9 @@
       ],
       "devices": [
         "/dev/fuse"
+      ],
+      "cap_add": [
+        "SYS_ADMIN"
       ]
     },
     {
@@ -411,7 +414,10 @@
       "environment": [
         "TZ=%TIMEZONE%"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "cap_add": [
+        "SYS_NICE"
+      ]
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index c7ff5cf7..e30e8674 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -23,6 +23,8 @@ class Container {
     private array $secrets;
     /** @var string[] */
     private array $devices;
+    /** @var string[] */
+    private array $capAdd;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -38,6 +40,7 @@ class Container {
         array $dependsOn,
         array $secrets,
         array $devices,
+        array $capAdd,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -52,6 +55,7 @@ class Container {
         $this->dependsOn = $dependsOn;
         $this->secrets = $secrets;
         $this->devices = $devices;
+        $this->capAdd = $capAdd;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -83,6 +87,10 @@ class Container {
         return $this->devices;
     }
 
+    public function GetCapAdds() : array {
+        return $this->capAdd;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 4789bbfa..b903169e 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -213,6 +213,11 @@ class ContainerDefinitionFetcher
                 $devices = $entry['devices'];
             }
 
+            $capAdd = [];
+            if (isset($entry['cap_add'])) {
+                $capAdd = $entry['cap_add'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -226,6 +231,7 @@ class ContainerDefinitionFetcher
                 $dependsOn,
                 $secrets,
                 $devices,
+                $capAdd,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b22ca032..3e5f7def 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -411,9 +411,13 @@ class DockerActionManager
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        $capAdds = $container->GetCapAdds();
+        if (count($capAdds) > 0) {
+            $requestBody['HostConfig']['CapAdd'] = $capAdds;
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
-            $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
             
             // Additional backup directories

From 69b0911db1fbed116b71d0d7bbecad9706aaf826 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Mar 2023 15:14:04 +0100
Subject: [PATCH 0615/3949] add two options to cifs mount

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 868a97e9..4ca45b59 100644
--- a/readme.md
+++ b/readme.md
@@ -459,7 +459,7 @@ You can configure the Nextcloud container to use a specific directory on your ho
 ### Can I use a CIFS/SMB share as Nextcloud's datadir?
 
 Sure. Add this to the `/etc/fstab` file: <br>
-`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,mfsymlinks,seal,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
 (Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
 
 One example could look like this:<br>

From 2306587a7d95ccad3acc37890a10811f0e860ae2 Mon Sep 17 00:00:00 2001
From: spatterlight <81454789+spatterIight@users.noreply.github.com>
Date: Mon, 6 Mar 2023 21:14:45 +0000
Subject: [PATCH 0616/3949] Update migration.md

Fixed typo

Signed-off-by: spatterlight <81454789+spatterIight@users.noreply.github.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index cde31518..f57b4601 100644
--- a/migration.md
+++ b/migration.md
@@ -15,7 +15,7 @@ The procedure for migrating only the files works like this:
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-link /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
-1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/"` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
+1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
 

From 2a01e9683b86e85e6969b9e17f78707fee2c5c5f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Mar 2023 16:39:18 +0100
Subject: [PATCH 0617/3949] exclude nextcloud and audit log in backup due to
 GPDR reasons

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d4ef0e71..15d030c0 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -129,10 +129,13 @@ if [ "$BORG_MODE" = backup ]; then
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
     BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
+    # Exclude the nextcloud log and audit log for GDPR reasons
+    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log"* --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
+
     # Create the backup
     echo "Starting the backup..."
     get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
+    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
         echo "Deleting the failed backup archive..."
         borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
@@ -266,6 +269,8 @@ if [ "$BORG_MODE" = restore ]; then
     if ! rsync --stats --archive --human-readable -vv --delete \
     --exclude "nextcloud_aio_apache/caddy/"** \
     --exclude "nextcloud_aio_mastercontainer/caddy/"** \
+    --exclude "nextcloud_aio_nextcloud/data/nextcloud.log"* \
+    --exclude "nextcloud_aio_nextcloud/data/audit.log" \
     --exclude "nextcloud_aio_mastercontainer/certs/"** \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \

From f01a5841b96de6f81d05f8e92b4fd308d64b328b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 09:29:04 +0100
Subject: [PATCH 0618/3949] only send update notifications on saturdays

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index f5de8a50..03e5a724 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -38,8 +38,10 @@ while true; do
     # Make sure to delete the lock file always
     rm -f "/mnt/docker-aio-config/data/daily_backup_running"
 
-    # Check for updates and send notification if yes
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
+    # Check for updates and send notification if yes on saturdays
+    if [ "$(date +%u)" = 6 ]; then
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
+    fi
 
     # Check if AIO is outdated
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php

From 56a95182c74decc786f2f06f5a68f4f7fb64c12a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 09:56:03 +0100
Subject: [PATCH 0619/3949] change to bookworm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 2924967c..ecebefbf 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -4,12 +4,12 @@ FROM nextcloud/imaginary:20230301
 USER root
 RUN set -ex; \
     \
-    echo "deb http://deb.debian.org/debian sid main" > /etc/apt/sources.list.d/sid.list \
+    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         netcat \
     ; \
-    apt-get install -t sid -y --no-install-recommends \
+    apt-get install -t bookworm -y --no-install-recommends \
         libheif1 \
         libde265-0 \
         libx265-199 \

From ebbcb998cefce1b9586f459f67e8baab9797607e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 10:04:11 +0100
Subject: [PATCH 0620/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ecebefbf..b27ec131 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -4,17 +4,19 @@ FROM nextcloud/imaginary:20230301
 USER root
 RUN set -ex; \
     \
-    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         netcat \
     ; \
+    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
+    apt-get update; \
     apt-get install -t bookworm -y --no-install-recommends \
         libheif1 \
         libde265-0 \
         libx265-199 \
         libvips \
     ; \
+    rm /etc/apt/sources.list.d/bookworm.list; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 

From a4f0852bdf3f0b68f36279bc5fb264c73dadc5a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 10:43:04 +0100
Subject: [PATCH 0621/3949] increase to 4.6.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d49c6499..4abc5341 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.5.1</h1>
+        <h1>Nextcloud AIO v4.6.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 671a73a6c4b0f580a61c738efb3ca3d0f9727adb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 10:57:51 +0100
Subject: [PATCH 0622/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b27ec131..f3022937 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -8,7 +8,7 @@ RUN set -ex; \
     apt-get install -y --no-install-recommends \
         netcat \
     ; \
-    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
+    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list; \
     apt-get update; \
     apt-get install -t bookworm -y --no-install-recommends \
         libheif1 \

From 39b669ae83ef17663508725ec0b968e34bb9afd2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 11:27:07 +0100
Subject: [PATCH 0623/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a7aa6327..bbe85075 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -297,7 +297,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             fi
 
             # Set the permission check to its default value again if not set
-            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" = yes ]; then
+            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
                 php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
             fi
 

From 4f5062080bbd226a9e3f14ee646d249b91d32823 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 23:15:15 +0100
Subject: [PATCH 0624/3949] borg script - disable globbing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 15d030c0..5fa6a153 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -130,7 +130,7 @@ if [ "$BORG_MODE" = backup ]; then
     BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
     # Exclude the nextcloud log and audit log for GDPR reasons
-    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log"* --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
+    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
 
     # Create the backup
     echo "Starting the backup..."
@@ -267,15 +267,15 @@ if [ "$BORG_MODE" = restore ]; then
 
     # Restore everything except the configuration file
     if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_apache/caddy/"** \
-    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
-    --exclude "nextcloud_aio_nextcloud/data/nextcloud.log"* \
+    --exclude "nextcloud_aio_apache/caddy/**" \
+    --exclude "nextcloud_aio_mastercontainer/caddy/**" \
+    --exclude "nextcloud_aio_nextcloud/data/nextcloud.log*" \
     --exclude "nextcloud_aio_nextcloud/data/audit.log" \
-    --exclude "nextcloud_aio_mastercontainer/certs/"** \
+    --exclude "nextcloud_aio_mastercontainer/certs/**" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-    --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --exclude "nextcloud_aio_mastercontainer/session/**" \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         RESTORE_FAILED=1
         echo "Something failed while restoring from backup."

From fdb033095936f40d528819f07e8016c4d4d768ef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 23:16:17 +0100
Subject: [PATCH 0625/3949] add an example for NEXTCLOUD_MOUNT on macOS

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 4ca45b59..ae8a64f9 100644
--- a/readme.md
+++ b/readme.md
@@ -477,6 +477,7 @@ Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the s
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
 - Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
+- On macOS it might be `-e NEXTCLOUD_DATADIR="/Volumes/your_drive/"`
 - For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
 - On Windows is this option not supported.
 

From 8cd5f604c42d7e80c825252fba68b1a735bc4e9e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 23:26:42 +0100
Subject: [PATCH 0626/3949] Nextcloud_mount is actually supported on windows
 now

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index ae8a64f9..99522433 100644
--- a/readme.md
+++ b/readme.md
@@ -479,9 +479,9 @@ By default, the Nextcloud container is confined and cannot access directories on
 - Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/Volumes/your_drive/"`
 - For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
-- On Windows is this option not supported.
+- On Windows it might be `-e NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.)
 
-After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. 
+After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
 
 You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
 

From 204aa5649cdeae19b6e23707271a020e5f0df093 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Mar 2023 00:12:54 +0100
Subject: [PATCH 0627/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 99522433..8f2c5b66 100644
--- a/readme.md
+++ b/readme.md
@@ -477,7 +477,7 @@ Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the s
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
 - Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
-- On macOS it might be `-e NEXTCLOUD_DATADIR="/Volumes/your_drive/"`
+- On macOS it might be `-e NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
 - For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
 - On Windows it might be `-e NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.)
 

From d974023c8db9358b0bbf1bf29d3a317db7cbae21 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Mar 2023 11:08:03 +0100
Subject: [PATCH 0628/3949] imaginary - try to prevent possible memory issues

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index f3022937..82ca2dc1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -24,3 +24,6 @@ ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution
 
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
+
+# https://github.com/h2non/imaginary#memory-issues
+ENV MALLOC_ARENA_MAX=2

From 4b3e192ee63a77da9e8731b776dbe432919b6a0a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Mar 2023 13:00:51 +0000
Subject: [PATCH 0629/3949] Bump httpd in /Containers/apache

Bumps httpd from 2.4.55-alpine3.17 to 2.4.56-alpine3.17.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 735ca7fc..c07eafc1 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-FROM httpd:2.4.55-alpine3.17
+FROM httpd:2.4.56-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From 90c2328400ce521824350a01295d6fad8f5e7f7e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Mar 2023 14:54:23 +0100
Subject: [PATCH 0630/3949] increase to 4.6.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4abc5341..3d2d98ed 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.6.0</h1>
+        <h1>Nextcloud AIO v4.6.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 5ddf989703b414293607c18543f4bc082f2ae240 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 16:19:43 +0100
Subject: [PATCH 0631/3949] add reasons why changing volume and container name
 is not supported

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index b52e81cb..2fafd26e 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -78,16 +78,16 @@ fi
 
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer the correct name?
-Using a different name is not supported!"
+    echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
+Using a different name is not supported since mastercontainer updates will not work in that case!"
     exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer volume the correct name?
-Using a different name is not supported!"
+    echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
+Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
 elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
-    echo "It seems like you did not attach the nextcloud_aio_mastercontainer volume to the mastercontainer?
-This is not supported!"
+    echo "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
+This is not supported since the built-in backup solution will not work in that case!"
     exit 1
 fi
 

From 8539b2527802408874a88e3c237fbba6170e4789 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 17:08:21 +0100
Subject: [PATCH 0632/3949] Talk - Apache seemingly needs to be whitelisted as
 well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 4f4be771..d18c1d13 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -13,7 +13,8 @@ elif [ -z "$SIGNALING_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS="$(dig nextcloud-aio-talk A +short)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
+IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short)"
 set +x
 
 # Turn
@@ -34,7 +35,8 @@ no-tls
 no-dtls
 userdb=/var/lib/turn/turndb
 # Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
-allowed-peer-ip=$IPv4_ADDRESS
+allowed-peer-ip=$IPv4_ADDRESS_TALK
+allowed-peer-ip=$IPv4_ADDRESS_APACHE
 denied-peer-ip=0.0.0.0-0.255.255.255
 denied-peer-ip=10.0.0.0-10.255.255.255
 denied-peer-ip=100.64.0.0-100.127.255.255

From 4800888da640669a1248efe87a68b3b2e53c2126 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 17:55:48 +0100
Subject: [PATCH 0633/3949] collabora - add mount_jail_tree=false

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index d75d59c9..5c3e02fd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -203,7 +203,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%"

From 264980df577c9b8c1717ff5424b893e6bd6c0287 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 18:05:54 +0100
Subject: [PATCH 0634/3949] increase to 4.6.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3d2d98ed..2339c1c8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.6.1</h1>
+        <h1>Nextcloud AIO v4.6.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From a97af08bb8ede5f71ed6615f673c3dbf981e4c63 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 18:25:05 +0100
Subject: [PATCH 0635/3949] talk - wait for nextcloud-aio-apache to be started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index d18c1d13..246c72af 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -12,6 +12,11 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
+while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
+    echo "Waiting for nextcloud-aio-apache to be started"
+    sleep 5
+done
+
 set -x
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
 IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short)"

From 86b6d927616706e666885492c67a82cdc78aaa8f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 18:55:53 +0100
Subject: [PATCH 0636/3949] revert "Talk - Apache seemingly needs to be
 whitelisted as well"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 246c72af..545e5e68 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -12,14 +12,8 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
-while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
-    echo "Waiting for nextcloud-aio-apache to be started"
-    sleep 5
-done
-
 set -x
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
-IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short)"
 set +x
 
 # Turn
@@ -41,7 +35,6 @@ no-dtls
 userdb=/var/lib/turn/turndb
 # Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
 allowed-peer-ip=$IPv4_ADDRESS_TALK
-allowed-peer-ip=$IPv4_ADDRESS_APACHE
 denied-peer-ip=0.0.0.0-0.255.255.255
 denied-peer-ip=10.0.0.0-10.255.255.255
 denied-peer-ip=100.64.0.0-100.127.255.255

From e6ecf52df90a62bae1c65471dff525610324c9dd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 20:17:51 +0100
Subject: [PATCH 0637/3949] add link about docker swarm directly to startup
 script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 2fafd26e..17986dee 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -79,7 +79,8 @@ fi
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
-Using a different name is not supported since mastercontainer updates will not work in that case!"
+Using a different name is not supported since mastercontainer updates will not work in that case!
+If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)

From 067604ceac6efaca8dfae07303d8d7f1d88bb4b8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 9 Mar 2023 20:22:50 +0100
Subject: [PATCH 0638/3949] improve hint about dns resolving

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 2fafd26e..26f62ab2 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -223,7 +223,8 @@ curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
     echo "Could not resolve the host nextcloud.com."
     echo "Most likely the DNS resolving does not work."
-    echo "You should be able to fix this by adding the '--dns=\"ip.address.of.dns.server\"' option to the docker run command."
+    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
     exit 1
 fi
 

From cbc19c17ca151e960da26be7ea994bb5180cb0e7 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 10 Mar 2023 05:12:02 +0000
Subject: [PATCH 0639/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 9efde3ff..2a811d04 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.7@e028ba46ba0d7f9a78bc3201c251e137383e145f"/>
+<files psalm-version="5.8.0@9cf4f60a333f779ad3bc704a555920e81d4fdcda"/>

From c5bfdbb6535367eccac6a40f9ae58123574cea38 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 10 Mar 2023 11:17:25 +0100
Subject: [PATCH 0640/3949] fix psalm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/psalm.xml                         | 2 ++
 php/src/Data/ConfigurationManager.php | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/php/psalm.xml b/php/psalm.xml
index 49c40fd4..59601afa 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -6,6 +6,8 @@
 	xmlns="https://getpsalm.org/schema/config"
 	xsi:schemaLocation="https://getpsalm.org/schema/config"
     errorBaseline="psalm-baseline.xml"
+	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b7f48176..1c257946 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -78,7 +78,10 @@ class ConfigurationManager
         }
 
         $lastBackupLines = explode("\n", $content);
-        $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        $lastBackupLine = "";
+        if (count($lastBackupLines) >= 2) {
+            $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        }
         if ($lastBackupLine === "") {
             return '';
         }

From cd34d8d6f51b72ebc0ac1d0b036114c4b94ee9fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Mar 2023 13:00:15 +0000
Subject: [PATCH 0641/3949] Bump guzzlehttp/psr7 from 2.4.3 to 2.4.4 in /php

Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.4.3 to 2.4.4.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/master/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/2.4.3...2.4.4)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 212ae06a..003c147f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -220,16 +220,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.3",
+            "version": "2.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d"
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
                 "shasum": ""
             },
             "require": {
@@ -319,7 +319,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
             },
             "funding": [
                 {
@@ -335,7 +335,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-10-26T14:07:24+00:00"
+            "time": "2023-03-09T13:19:02+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From cfbb6752eef8eec5cd21ec2fe96a105fc763ff3c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 11 Mar 2023 14:32:25 +0100
Subject: [PATCH 0642/3949] nginx reverse proxy docs: disable 0-rtt

0-rtt is not recommended by internet.nl

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f7d52abb..fbc5f7d8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -272,7 +272,6 @@ server {
 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header Early-Data $ssl_early_data;
         proxy_set_header X-Forwarded-Scheme $scheme;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
@@ -292,7 +291,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 
-    ssl_early_data on;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;

From 1546db7f9fea04dd72de609e81f9ce13cfa8e784 Mon Sep 17 00:00:00 2001
From: Tony F <goldstar611@hotmail.com>
Date: Sun, 12 Mar 2023 20:51:00 -0500
Subject: [PATCH 0643/3949] Fix typo

Signed-off-by: Tony F <goldstar611@hotmail.com>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 8f2c5b66..b46d0307 100644
--- a/readme.md
+++ b/readme.md
@@ -115,7 +115,7 @@ You'll also need to adjust Synology's firewall, see below:
 <details>
 <summary>Click here to expand</summary>
 
-The Synology DSM is vulnerable to attacks with it's open ports and login interfaces, which is why a firewall setup is always recommended. If a firewall is activated it is necessary to have exceptions for ports 80,443, the subnet of the docker bridge which includes the nextcloud containers, your public static IP (if you don't use DDNS) and if applicable your NC-Talk ports 3478 TCP+UDP:
+The Synology DSM is vulnerable to attacks with it's open ports and login interfaces, which is why a firewall setup is always recommended. If a firewall is activated it is necessary to have exceptions for ports 80,443, the subnet of the docker bridge which includes the Nextcloud containers, your public static IP (if you don't use DDNS) and if applicable your NC-Talk ports 3478 TCP+UDP:
 
 ![Screenshot 2023-01-19 at 14 13 48](https://user-images.githubusercontent.com/70434961/213677995-71a9f364-e5d2-49e5-831e-4579f217c95c.png)
 
@@ -163,7 +163,7 @@ No and they will not be. If you want to run it locally, without opening Nextclou
 ### Can I use an ip-address for Nextcloud instead of a domain?
 No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
 
-### Are other ports than then default 443 for Nextcloud supported?
+### Are other ports than the default 443 for Nextcloud supported?
 No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
 
 ### Can I run Nextcloud in a subdirectory on my domain?

From 569975297a7f7ecd8b23a14635081d9bb14a3d42 Mon Sep 17 00:00:00 2001
From: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Date: Mon, 13 Mar 2023 11:22:38 +0100
Subject: [PATCH 0644/3949] fix(docs): Enforce HTTPS usage

Signed-off-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b46d0307..3f8e4de8 100644
--- a/readme.md
+++ b/readme.md
@@ -15,7 +15,7 @@ Included are:
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
     ```sh
-    curl -fsSL get.docker.com | sudo sh
+    curl -fsSL https://get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:

From 51f3964c27ce460f3da82d3d9df6ba1e030fa5ab Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 13 Mar 2023 12:17:42 +0000
Subject: [PATCH 0645/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 5 ++++-
 manual-install/sample.conf | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index bf09607d..f9eb7079 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -101,6 +101,7 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
+      - SKIP_DATA_DIRECTORY_PERMISSION_CHECK=${SKIP_DATA_DIRECTORY_PERMISSION_CHECK}
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -125,7 +126,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
@@ -193,6 +194,8 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    cap_add:
+      - SYS_NICE
 
   nextcloud-aio-fulltextsearch:
     profiles: ["fulltextsearch"]
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 776f933a..69edf627 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -25,6 +25,7 @@ ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.

From c22a94ccc37e2b88c363a80054b0b37fce6c9a22 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Mar 2023 22:14:40 +0100
Subject: [PATCH 0646/3949] try to update all apps a second time and try to
 prevent breakage

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index bbe85075..36a0c59e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -359,6 +359,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
     if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
         UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
+        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
+        php /var/www/html/occ app:update --all
         if [ -n "$UPDATED_APPS" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
         fi

From 3c1dcb374f13516d6b34688fbbf861fb69162638 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 15 Mar 2023 14:18:30 +0100
Subject: [PATCH 0647/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 31a6ad6f..b3d08c70 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.3.2.8
+FROM onlyoffice/documentserver:7.3.3.49
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From d41d0c7f940b9c1f23473ac2b6f3d19c0288a513 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Mar 2023 12:59:53 +0000
Subject: [PATCH 0648/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.10.8.1 to 22.05.12.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 29e253e8..aea059b9 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.8.1
+FROM collabora/code:22.05.12.1.1
 
 USER root
 

From dbe30bba2ca5623fcaf3640779155ec253f1b576 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Mar 2023 13:00:30 +0000
Subject: [PATCH 0649/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.1.16-fpm-alpine3.17 to 8.1.17-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5b4d644e..8024caf0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:23.0.1-dind as dind
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.16-fpm-alpine3.17
+FROM php:8.1.17-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From a9a3f74d4520e1550a6bf65c43f3a3c6dbdbf32e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 13:02:09 +0000
Subject: [PATCH 0650/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.12.1.1 to 22.05.12.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index aea059b9..90e5e735 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.12.1.1
+FROM collabora/code:22.05.12.2.1
 
 USER root
 

From 71f143b4aaa8bcfb8fd284f73931a08d953997ac Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Mar 2023 16:04:28 +0100
Subject: [PATCH 0651/3949] fix phpdd

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/php-deprecation-detector.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index d45feade..fe484528 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -26,4 +26,7 @@ jobs:
           cd php
           composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
-          composer run php-deprecation-detector
\ No newline at end of file
+          composer run php-deprecation-detector | tee -i ./phpdd.log >/dev/null
+          if grep "Total issues:" ./phpdd.log; then
+            exit 1
+          fi

From 9a1371a96bb8eaa7633f67596bf04f4336918ce4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Mar 2023 16:10:38 +0100
Subject: [PATCH 0652/3949] still log to cli output

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/php-deprecation-detector.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index fe484528..073d349d 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -26,7 +26,7 @@ jobs:
           cd php
           composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
-          composer run php-deprecation-detector | tee -i ./phpdd.log >/dev/null
+          composer run php-deprecation-detector | tee -i ./phpdd.log
           if grep "Total issues:" ./phpdd.log; then
             exit 1
           fi

From 28ec69e50532a00e03a6d645d5ef5e8a1dbae75f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Mar 2023 13:56:38 +0100
Subject: [PATCH 0653/3949] re-order cloudflare notes and add another one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 3f8e4de8..4ca4e5e6 100644
--- a/readme.md
+++ b/readme.md
@@ -131,10 +131,11 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
+- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
-- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.

From e16340ffcbf5a76f434211dc933efd91dd9d54db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Mar 2023 12:59:46 +0000
Subject: [PATCH 0654/3949] Bump redis from 7.0.9-alpine to 7.0.10-alpine in
 /Containers/redis

Bumps redis from 7.0.9-alpine to 7.0.10-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 6c1b72a9..ab8c15d0 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.9-alpine
+FROM redis:7.0.10-alpine
 
 RUN apk add --no-cache openssl bash
 

From af78a8ff4ca0c08712b11a778bfc14596c4a07c0 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 21 Mar 2023 18:39:18 +0100
Subject: [PATCH 0655/3949] Migrate talk container to alpine (#1583)

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile       | 115 +++++++++++++++----------------
 Containers/talk/start.sh         |  10 +--
 Containers/talk/supervisord.conf |   8 +--
 3 files changed, 60 insertions(+), 73 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2330c09e..89ab491d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,70 +1,65 @@
-FROM ubuntu:focal-20230301
+FROM nats:2.9.15-scratch as nats
+FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
+FROM alpine:3.17.2
+USER root
+
+COPY --from=nats /nats-server /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        openssl \
-        coturn \
-        supervisor \
-        curl \
+    apk add --no-cache \
         ca-certificates \
-        netcat \
-        dnsutils \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN set -ex; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nats-server.asc" "https://packaging.gitlab.io/nats-server/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nats-server nats main" > /etc/apt/sources.list.d/morph027-nats-server.list; \
-    . /etc/lsb-release; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-janus.asc" "https://packaging.gitlab.io/janus/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/janus/$DISTRIB_CODENAME $DISTRIB_CODENAME main" > /etc/apt/sources.list.d/morph027-janus.list; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc" "https://packaging.gitlab.io/nextcloud-spreed-signaling/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nextcloud-spreed-signaling signaling main" > /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list
-
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        nats-server \
-        janus \
-        nextcloud-spreed-signaling \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN adduser --system --group talk
-
-RUN mkdir /var/log/supervisord; \
-    mkdir /var/run/supervisord; \
-    chown talk:talk /var/run/supervisord; \
-    chown talk:talk /var/log/supervisord;
-
-COPY start.sh /usr/bin/
-COPY supervisord.conf /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +r /supervisord.conf; \
-    touch /etc/turnserver.conf; \
-    chown talk:talk /etc/turnserver.conf; \
-    sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn; \
-    mkdir -p /var/tmp;
-
-RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.com/rxi/json.lua/master/json.lua"; \
-    curl -sL -o "/usr/share/janus/lua/ansicolors.lua" "https://raw.githubusercontent.com/kikito/ansicolors.lua/master/ansicolors.lua"
-
-RUN mkdir -p /etc/nats; \
-    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
-    mkdir /var/lib/turn; \
-    chown talk:talk /etc; \
-    chown talk:talk -R /etc/nats; \
-    chown talk:talk -R /etc/janus; \
-    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr; \
-    chown talk:talk -R /var/lib/turn;
+        tzdata \
+        bash \
+        coturn \
+        openssl \
+        supervisor \
+        bind-tools \
+        netcat-openbsd \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3; \
+    apk add --no-cache janus-gateway --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+    useradd --system talk; \
+    luarocks-5.3 install luajson; \
+    luarocks-5.3 install ansicolors; \
+    rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
+    apk del --no-cache \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3;
 
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+
+RUN set -ex; \
+    touch \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf; \
+    echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
+    mkdir -p \
+        /var/tmp \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord; \
+    chown talk:talk -R \
+        /usr \
+        /etc/janus \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord;
+
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
 
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 545e5e68..378811f0 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -51,16 +51,8 @@ denied-peer-ip=203.0.113.0-203.0.113.255
 denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
-# Janus
-set -x
-sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-set +x
-
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling/server.conf"
+cat << SIGNALING_CONF > "/etc/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
 
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index c42bbde1..c3c672a7 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -13,25 +13,25 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver
+command=turnserver -c /etc/turnserver.conf
 
 [program:nats-server]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nats-server -c /etc/nats/nats.conf
+command=nats-server -c /etc/nats.conf
 
 [program:janus]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
 
 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling --config /etc/signaling/server.conf
+command=nextcloud-spreed-signaling -config /etc/signaling.conf

From 4256dc80215375840acdea0b5ae68329fa8f3a63 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Mar 2023 19:17:41 +0100
Subject: [PATCH 0656/3949] talk - stun servers may be empty

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 36a0c59e..7e3fd9b0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -529,7 +529,8 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
         php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
-    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
+    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
         php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi

From 83fb39dabf6a8dc68cd94fe458d1605f69362fd6 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 22 Mar 2023 12:37:19 +0000
Subject: [PATCH 0657/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 helm-chart/Chart.yaml                                       | 2 +-
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml   | 2 +-
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml   | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 4 ++--
 helm-chart/templates/nextcloud-aio-database-deployment.yaml | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 6 +++++-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 4 +++-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 2 +-
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml     | 2 +-
 helm-chart/values.yaml                                      | 1 +
 12 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 678d1536..09a81db5 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.5.0
+version: 4.6.2
 apiVersion: v2
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 24cdd5fe..99cbb4f2 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230302_085724-latest
+          image: nextcloud/aio-apache:20230315_112022-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d108a0d3..83aaead8 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230302_085724-latest
+          image: nextcloud/aio-clamav:20230315_112022-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index be574c21..e56cb0d2 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -41,10 +41,10 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230302_085724-latest
+          image: nextcloud/aio-collabora:20230315_112022-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 97ec19c9..60d97038 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230302_085724-latest
+          image: nextcloud/aio-postgresql:20230315_112022-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ebc1dd5d..7114e03c 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230302_085724-latest
+          image: nextcloud/aio-fulltextsearch:20230315_112022-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 7a1083cc..47f8f16c 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,8 +26,12 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230302_085724-latest
+          image: nextcloud/aio-imaginary:20230315_112022-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
+          securityContext:
+            capabilities:
+              add:
+                - SYS_NICE
 {{- end }}
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index b0f0e87f..bfdca3f6 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -98,6 +98,8 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: SKIP_DATA_DIRECTORY_PERMISSION_CHECK
+              value: "{{ .Values.SKIP_DATA_DIRECTORY_PERMISSION_CHECK }}"
             - name: STARTUP_APPS
               value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
             - name: TALK_ENABLED
@@ -112,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230302_085724-latest
+          image: nextcloud/aio-nextcloud:20230315_112022-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 90c2f005..48e85c3c 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230302_085724-latest
+          image: nextcloud/aio-onlyoffice:20230315_112022-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index dab4e609..66fb32e0 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230302_085724-latest
+          image: nextcloud/aio-redis:20230315_112022-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index a1fd7565..b3784acc 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230302_085724-latest
+          image: nextcloud/aio-talk:20230315_112022-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 1ebb8f0c..49e8b730 100755
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -22,6 +22,7 @@ ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+SKIP_DATA_DIRECTORY_PERMISSION_CHECK: no          # When setting to yes (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.

From de64fceab9139cbae3625a4f2fb448e2a9f0d81a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Mar 2023 13:35:35 +0100
Subject: [PATCH 0658/3949] Add even more hints to datadir permission check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 36a0c59e..5a0a2dd5 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -39,7 +39,10 @@ $(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
 (userID:groupID permissions)
 but they should be:
 33:0 750
-(userID:groupID permissions)"
+(userID:groupID permissions)
+Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
+Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
+For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
     exit 1
 fi
 rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"

From f1edbd71c5e746bf31eb1d51f1aae692d6fdbbc1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Mar 2023 12:52:17 +0000
Subject: [PATCH 0659/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2bb9a195..527d0b90 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -116,7 +116,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.4
+ENV NEXTCLOUD_VERSION 25.0.5
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From fc56c262c14573fb6d2696b6c47c7143620318e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Mar 2023 14:32:06 +0100
Subject: [PATCH 0660/3949] increase to 4.7.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2339c1c8..6684c455 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.6.2</h1>
+        <h1>Nextcloud AIO v4.7.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 69cb6bee4d1bec33afec150ada3cbd2e3c354d7c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Mar 2023 15:21:43 +0100
Subject: [PATCH 0661/3949] enable JIT

based on https://github.com/nextcloud/documentation/pull/9230
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 527d0b90..dfa5bc6c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -98,6 +98,8 @@ RUN { \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
+        echo 'opcache.jit=1255'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
     echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \

From 62afa918f0f289db72b268a18a05efb10b97a680 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 24 Mar 2023 12:01:35 +0100
Subject: [PATCH 0662/3949] switch chart-release-action to main

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index a3aa4f63..ac7a9ea9 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -37,7 +37,8 @@ jobs:
           version: v3.6.3
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.4.1
+        # TODO: switch back @main to a specific version like @v1.5.1 or higher
+        uses: helm/chart-releaser-action@main
         with:
           charts_repo_url: https://nextcloud.github.io/all-in-one
           charts_dir: helm-chart

From c9acb396ad7f0150c478280410165613331cd339 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 24 Mar 2023 12:10:03 +0100
Subject: [PATCH 0663/3949] add labels to chart.yaml

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/Chart.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 09a81db5..a04892ea 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -4,6 +4,8 @@ version: 4.6.2
 apiVersion: v2
 keywords:
   - latest
+  - nextcloud
+  - helm-chart
 sources:
   - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
 home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

From 1c2b4f042db2f3d3bc9855ca6dc12e585cf9d621 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 24 Mar 2023 12:13:26 +0100
Subject: [PATCH 0664/3949] try to fix the helm-releaser

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index ac7a9ea9..3d100183 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -40,7 +40,6 @@ jobs:
         # TODO: switch back @main to a specific version like @v1.5.1 or higher
         uses: helm/chart-releaser-action@main
         with:
-          charts_repo_url: https://nextcloud.github.io/all-in-one
           charts_dir: helm-chart
           mark_as_latest: false
         env:

From a68b00b126f919639ced90fc3b77a4ac954768c7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 24 Mar 2023 12:14:02 +0100
Subject: [PATCH 0665/3949] adjust labels

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/Chart.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index a04892ea..380de3a2 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -6,6 +6,7 @@ keywords:
   - latest
   - nextcloud
   - helm-chart
+  - open-source
 sources:
   - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
 home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

From 961f89437281b2260f8e1068ea65b3d7aef8b484 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 25 Mar 2023 09:56:34 +0100
Subject: [PATCH 0666/3949] adjust wording of regex for NEXTCLOUD_DATADIR

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 8aade3ab..6ec4e9ae 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -98,7 +98,7 @@ if [ -n "$NEXTCLOUD_DATADIR" ]; then
         echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
     elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
         echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/' and must not be equal to '/'.
+The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
 It is set to '$NEXTCLOUD_DATADIR'."
         exit 1
     fi

From b4bd4d115da2a579ad61bd7b32e331c11238be17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 25 Mar 2023 10:09:57 +0100
Subject: [PATCH 0667/3949] Add additional check to properly resetting things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 4ca4e5e6..22cbdf0c 100644
--- a/readme.md
+++ b/readme.md
@@ -239,6 +239,7 @@ Here is how to reset the AIO instance properly:
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
 1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). Also if you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well.
+1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 

From b7e012f886efa8ed49dce5a04411821384c348b3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 25 Mar 2023 10:12:38 +0100
Subject: [PATCH 0668/3949] add dot to allowed characters in additional backup
 volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1c257946..334bb7c9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -664,7 +664,7 @@ class ConfigurationManager
             // Trim all unwanted chars on both sites
             $entry = trim($entry);
             if ($entry !== "") {
-                if (!preg_match("#^/[0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[0-1a-zA-Z_-]+$#", $entry)) {
+                if (!preg_match("#^/[.0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
                     throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
                 }
                 $validDirectories .= rtrim($entry, '/') . PHP_EOL;

From bf9482e5608d7c6cfe12c67ffdd51854918c175a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 26 Mar 2023 14:46:22 +0200
Subject: [PATCH 0669/3949] Make sure that NEXTCLOUD_DATADIR is not misleading

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6ec4e9ae..650112db 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -95,7 +95,7 @@ fi
 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
-        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+        sleep 1
     elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
         echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
 The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.

From 20062b609513d8af4dec408787886d4dc6eb106e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 26 Mar 2023 14:50:09 +0200
Subject: [PATCH 0670/3949] allow digits in NEXTCLOUD_STARTUP_APPS

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 readme.md                           | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 8aade3ab..0c253859 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -194,9 +194,9 @@ It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
     fi
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
-    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
         echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi
diff --git a/readme.md b/readme.md
index 22cbdf0c..604cec22 100644
--- a/readme.md
+++ b/readme.md
@@ -516,7 +516,7 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 

From 0e7e1eaf3d2e6fb79826c6740989f7e719e6d1e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Mar 2023 13:51:30 +0000
Subject: [PATCH 0671/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.12.2.1 to 22.05.12.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 90e5e735..86961512 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.12.2.1
+FROM collabora/code:22.05.12.4.1
 
 USER root
 

From d0f11028d3f873c2ed747ee5ce131ef59c5053a2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 29 Mar 2023 10:57:44 +0200
Subject: [PATCH 0672/3949] increase shm_size for postgresql

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 3 +++
 php/containers.json                    | 3 ++-
 php/src/Container/Container.php        | 7 +++++++
 php/src/ContainerDefinitionFetcher.php | 6 ++++++
 php/src/Docker/DockerActionManager.php | 5 +++++
 5 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 538593fd..39ed0a51 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -73,6 +73,9 @@
 					"restart": {
 						"type": "string"
 					},
+					"shm_size": {
+						"type": "integer"
+					},
 					"secrets": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 5c3e02fd..f96be79e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -74,7 +74,8 @@
         "PGTZ=%TIMEZONE%"
       ],
       "stop_grace_period": 1800,
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "shm_size": 268435456
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index e30e8674..8d5e8ac5 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -25,6 +25,7 @@ class Container {
     private array $devices;
     /** @var string[] */
     private array $capAdd;
+    private string $shmSize;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -41,6 +42,7 @@ class Container {
         array $secrets,
         array $devices,
         array $capAdd,
+        string $shmSize,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -56,6 +58,7 @@ class Container {
         $this->secrets = $secrets;
         $this->devices = $devices;
         $this->capAdd = $capAdd;
+        $this->shmSize = $shmSize;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -75,6 +78,10 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetShmSize() : string {
+        return $this->shmSize;
+    }
+
     public function GetMaxShutdownTime() : int {
         return $this->maxShutdownTime;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index b903169e..95d87913 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -218,6 +218,11 @@ class ContainerDefinitionFetcher
                 $capAdd = $entry['cap_add'];
             }
 
+            $shmSize = '';
+            if (isset($entry['shm_size'])) {
+                $shmSize = $entry['shm_size'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -232,6 +237,7 @@ class ContainerDefinitionFetcher
                 $secrets,
                 $devices,
                 $capAdd,
+                $shmSize,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3e5f7def..c6f3163c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -411,6 +411,11 @@ class DockerActionManager
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        $shmSize = $container->GetShmSize();
+        if ($shmSize !== '') {
+            $requestBody['HostConfig']['ShmSize'] = $shmSize;
+        }
+
         $capAdds = $container->GetCapAdds();
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;

From ef42467cc2f035bef1d526069bd8e656afc1ebf3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 29 Mar 2023 18:46:14 +0200
Subject: [PATCH 0673/3949] add a link to traefik config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index fbc5f7d8..b184e988 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -447,9 +447,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
 ---
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
-    
+
 **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
+**Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
+
 </details>
 
 ### Others

From d5c857325b2b80c3b9d5320f9a36cee30cb102c1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 30 Mar 2023 07:56:26 +0000
Subject: [PATCH 0674/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 helm-chart/Chart.yaml                                           | 2 +-
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml       | 2 +-
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml       | 2 +-
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-database-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml    | 2 +-
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml   | 2 +-
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml        | 2 +-
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml         | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 380de3a2..43cfa80d 100755
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.6.2
+version: 4.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 99cbb4f2..1ed10828 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230315_112022-latest
+          image: nextcloud/aio-apache:20230330_075307-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 83aaead8..4c53bde8 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230315_112022-latest
+          image: nextcloud/aio-clamav:20230330_075307-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index e56cb0d2..7627110b 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230315_112022-latest
+          image: nextcloud/aio-collabora:20230330_075307-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 60d97038..36317301 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230315_112022-latest
+          image: nextcloud/aio-postgresql:20230330_075307-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 7114e03c..05602c55 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230315_112022-latest
+          image: nextcloud/aio-fulltextsearch:20230330_075307-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 47f8f16c..839c4b0f 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230315_112022-latest
+          image: nextcloud/aio-imaginary:20230330_075307-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index bfdca3f6..5b76cc78 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230315_112022-latest
+          image: nextcloud/aio-nextcloud:20230330_075307-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 48e85c3c..28a4186d 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230315_112022-latest
+          image: nextcloud/aio-onlyoffice:20230330_075307-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 66fb32e0..c687b628 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230315_112022-latest
+          image: nextcloud/aio-redis:20230330_075307-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b3784acc..c6ddd49b 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230315_112022-latest
+          image: nextcloud/aio-talk:20230330_075307-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From cd6f5ccebd0ea6ba01b28f8c1a10be74a3ad53e0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 10:19:48 +0200
Subject: [PATCH 0675/3949] improve wording of internal ip in case of reverse
 proxy situation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1c257946..20bb1266 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -268,11 +268,10 @@ class ConfigurationManager
             $port = $this->GetApachePort();
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
-                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException($errorMessage);
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
                 } else {
-                    error_log($errorMessage);
+                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }
             }
 

From 386533b02f68bd68a7fac2415bc2741e6314c4f1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 10:54:56 +0200
Subject: [PATCH 0676/3949] fix the datadir permission problems during install

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh     | 14 +++++++++-----
 manual-install/update-yaml.sh          |  1 -
 php/containers.json                    |  3 +--
 php/src/Data/ConfigurationManager.php  |  8 --------
 php/src/Docker/DockerActionManager.php |  6 ------
 5 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index b552dcf3..796f3cd0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -216,6 +216,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             fi
 
             # We do our own permission check so the permission check is not needed
+            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+<?php
+\$CONFIG = array (
+  'check_data_directory_permissions' => false
+);
+DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
 
             # Try to force generation of appdata dir:
@@ -238,6 +244,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 fi
             fi
 
+            # This autoconfig is not needed anymore and should be able to be overwritten by the user
+            rm /var/www/html/config/datadir.permission.config.php
+
             # unset admin password
             unset ADMIN_PASSWORD
 
@@ -299,11 +308,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 done
             fi
 
-            # Set the permission check to its default value again if not set
-            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
-                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
-            fi
-
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 82206a2e..7d2446a1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -71,7 +71,6 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|SKIP_DATA_DIRECTORY_PERMISSION_CHECK=|SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index 5c3e02fd..618a7d67 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -160,8 +160,7 @@
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
-        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
-        "SKIP_DATA_DIRECTORY_PERMISSION_CHECK=%SKIP_DATA_DIRECTORY_PERMISSION_CHECK%"
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
       "restart": "unless-stopped",
       "devices": [
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1c257946..ad733439 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -739,14 +739,6 @@ class ConfigurationManager
         return false;
     }
 
-    public function shouldDataDirectoryPermissionCheckGetSkipped() : bool {
-        $datadir = $this->GetNextcloudDatadirMount();
-        if ($datadir === 'nextcloud_aio_nextcloud_datadir' || str_starts_with($datadir, '/run/desktop/mnt/host/')) {
-            return true;
-        }
-        return false;
-    }
-
     public function GetNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3e5f7def..63089611 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -348,12 +348,6 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-                } elseif ($out[1] === 'SKIP_DATA_DIRECTORY_PERMISSION_CHECK') {
-                    if ($this->configurationManager->shouldDataDirectoryPermissionCheckGetSkipped()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {

From fe336cf6d80520d1eb146c812f49e6b9999a16af Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 10:16:24 +0200
Subject: [PATCH 0677/3949] update helm-chart updates

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml                        | 4 ++--
 {helm-chart => nextcloud-aio-helm-chart}/Chart.yaml       | 2 +-
 {helm-chart => nextcloud-aio-helm-chart}/readme.md        | 0
 .../templates/nextcloud-aio-apache-deployment.yaml        | 0
 .../nextcloud-aio-apache-persistentvolumeclaim.yaml       | 0
 .../templates/nextcloud-aio-apache-service.yaml           | 0
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 0
 .../nextcloud-aio-clamav-persistentvolumeclaim.yaml       | 0
 .../templates/nextcloud-aio-clamav-service.yaml           | 0
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 0
 ...xtcloud-aio-collabora-fonts-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-collabora-service.yaml        | 0
 .../templates/nextcloud-aio-database-deployment.yaml      | 0
 ...nextcloud-aio-database-dump-persistentvolumeclaim.yaml | 0
 .../nextcloud-aio-database-persistentvolumeclaim.yaml     | 0
 .../templates/nextcloud-aio-database-service.yaml         | 0
 ...nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml | 0
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 0
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 0
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 0
 .../templates/nextcloud-aio-imaginary-service.yaml        | 0
 .../templates/nextcloud-aio-networkpolicy.yaml            | 0
 ...extcloud-aio-nextcloud-data-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 0
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml    | 0
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 0
 ...o-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 0
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml   | 0
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 0
 .../templates/nextcloud-aio-redis-deployment.yaml         | 0
 .../nextcloud-aio-redis-persistentvolumeclaim.yaml        | 0
 .../templates/nextcloud-aio-redis-service.yaml            | 0
 .../templates/nextcloud-aio-talk-deployment.yaml          | 0
 .../templates/nextcloud-aio-talk-service.yaml             | 0
 {helm-chart => nextcloud-aio-helm-chart}/update-helm.sh   | 8 ++++++++
 {helm-chart => nextcloud-aio-helm-chart}/values.yaml      | 0
 37 files changed, 11 insertions(+), 3 deletions(-)
 rename {helm-chart => nextcloud-aio-helm-chart}/Chart.yaml (90%)
 rename {helm-chart => nextcloud-aio-helm-chart}/readme.md (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-apache-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-apache-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-clamav-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-clamav-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-collabora-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-collabora-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-database-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-database-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-database-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-fulltextsearch-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-fulltextsearch-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-imaginary-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-imaginary-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-networkpolicy.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-nextcloud-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-nextcloud-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-onlyoffice-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-onlyoffice-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-redis-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-redis-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-talk-deployment.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/templates/nextcloud-aio-talk-service.yaml (100%)
 rename {helm-chart => nextcloud-aio-helm-chart}/update-helm.sh (97%)
 rename {helm-chart => nextcloud-aio-helm-chart}/values.yaml (100%)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 3d100183..ff028c12 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -6,7 +6,7 @@ on:
     branches:
       - main
     paths:
-      - 'helm-chart/**'
+      - 'nextcloud-aio-helm-chart/**'
 
 jobs:
   release:
@@ -40,7 +40,7 @@ jobs:
         # TODO: switch back @main to a specific version like @v1.5.1 or higher
         uses: helm/chart-releaser-action@main
         with:
-          charts_dir: helm-chart
+          charts_dir: '.'
           mark_as_latest: false
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
similarity index 90%
rename from helm-chart/Chart.yaml
rename to nextcloud-aio-helm-chart/Chart.yaml
index 43cfa80d..3367a813 100755
--- a/helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,4 +1,4 @@
-name: Nextcloud AIO Helm Chart
+name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
 version: 4.7.0
 apiVersion: v2
diff --git a/helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
similarity index 100%
rename from helm-chart/readme.md
rename to nextcloud-aio-helm-chart/readme.md
diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-apache-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-apache-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-clamav-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-collabora-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-database-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-database-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-imaginary-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-networkpolicy.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-redis-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
diff --git a/helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-redis-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-talk-deployment.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
diff --git a/helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
similarity index 100%
rename from helm-chart/templates/nextcloud-aio-talk-service.yaml
rename to nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
diff --git a/helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
similarity index 97%
rename from helm-chart/update-helm.sh
rename to nextcloud-aio-helm-chart/update-helm.sh
index 393188c2..275dd2ed 100755
--- a/helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -2,6 +2,9 @@
 
 DOCKER_TAG="$1"
 
+# The logic needs the files in ./helm-chart
+mv ./nextcloud-aio-helm-chart ./helm-chart
+
 # Clean
 rm -f ./helm-chart/values.yaml
 rm -rf ./helm-chart/templates
@@ -199,4 +202,9 @@ done
 
 chmod 777 -R ./
 
+# Seems like the dir needs to match the name of the chart
+cd ../
+rm -rf ./nextcloud-aio-helm-chart
+mv ./helm-chart ./nextcloud-aio-helm-chart
+
 set +ex
diff --git a/helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
similarity index 100%
rename from helm-chart/values.yaml
rename to nextcloud-aio-helm-chart/values.yaml

From c63d44c1cf1874bd4bdc73f49807c85067587194 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 11:30:33 +0200
Subject: [PATCH 0678/3949] improve helm-releaser

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index ff028c12..a33d4eba 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -40,7 +40,6 @@ jobs:
         # TODO: switch back @main to a specific version like @v1.5.1 or higher
         uses: helm/chart-releaser-action@main
         with:
-          charts_dir: '.'
           mark_as_latest: false
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

From e0f4024eadab6e10c4babef730d6b7a945ec7dfe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 11:32:12 +0200
Subject: [PATCH 0679/3949] update links of helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 3367a813..93a79e9a 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -8,5 +8,5 @@ keywords:
   - helm-chart
   - open-source
 sources:
-  - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
-home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart
+  - https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart
+home: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart

From 5058270c99e92a2360dda2bd6f6ab13200afb400 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 11:37:09 +0200
Subject: [PATCH 0680/3949] add some docs on how to use helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index b2f5c89d..11e7f629 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -1,3 +1,10 @@
 # You can also install the AIO containers on Kubernetes using this Helm Chart
 
 This is currently beta and not ready yet.
+
+## How to use this?
+
+```
+helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
+helm install my-release nextcloud-aio/nextcloud-aio-helm-chart
+```

From e75a426749f7e3877c34cc026b8de54f0e2172e6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 12:02:50 +0200
Subject: [PATCH 0681/3949] try to update helm-chart again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 007141f9..a5498b66 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -17,8 +17,8 @@ jobs:
           DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
           DOCKER_TAG="${DOCKER_TAG%%-latest*}"
           export DOCKER_TAG
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
-            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4

From f726e4a8c62dc4a0c2d56a7b7def0883cf9a3dc0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 12:16:27 +0200
Subject: [PATCH 0682/3949] add steps how to adjust values

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 11e7f629..959588ac 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -4,7 +4,11 @@ This is currently beta and not ready yet.
 
 ## How to use this?
 
+First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`
+
+Then run:
+
 ```
 helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
-helm install my-release nextcloud-aio/nextcloud-aio-helm-chart
+helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
 ```

From a0267c6efabfd4c2398e6e003050a10db571de1e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Mar 2023 12:59:17 +0000
Subject: [PATCH 0683/3949] Bump alpine from 3.17.2 to 3.17.3 in
 /Containers/talk

Bumps alpine from 3.17.2 to 3.17.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 89ab491d..59ef714a 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.15-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server

From ec6b37178b3e9a79177ade4f5fdd9fe43dcc65bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Mar 2023 12:59:29 +0000
Subject: [PATCH 0684/3949] Bump alpine from 3.17.2 to 3.17.3 in
 /Containers/domaincheck

Bumps alpine from 3.17.2 to 3.17.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 056205b9..3077ff7f 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk add --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data

From 5d9573602b93b7fca53b2c597bbdd8429628b7d9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 15:32:25 +0200
Subject: [PATCH 0685/3949] also update the ui

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6684c455..99bf7de1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -441,7 +441,7 @@
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input class="button" type="submit" value="Submit" /><br>
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
+                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
                                         Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
                                         Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
                                         {% if additional_backup_directories != "" %}

From 736e93b5ebaffc981e7ef647f5227b67150b9ffe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Mar 2023 15:54:26 +0000
Subject: [PATCH 0686/3949] Bump alpine from 3.17.2 to 3.17.3 in
 /Containers/watchtower

Bumps alpine from 3.17.2 to 3.17.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ca187d2b..79c19cfb 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /

From 63e7be45fe7e5677f284648c88475cc2d29784c2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Mar 2023 15:54:46 +0000
Subject: [PATCH 0687/3949] Bump alpine from 3.17.2 to 3.17.3 in
 /Containers/borgbackup

Bumps alpine from 3.17.2 to 3.17.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 7ef02e71..3aac5df4 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN set -ex; \
     \

From 94f7ca00b52c5635ffeb9473237820add6a30dbc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Mar 2023 18:05:02 +0200
Subject: [PATCH 0688/3949] change docker:dind to docker:cli

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8024caf0..ece1f409 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.1-dind as dind
+FROM docker:23.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
@@ -62,7 +62,7 @@ RUN set -ex; \
 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
 
-COPY --from=dind /usr/local/bin/docker /usr/local/bin/
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
 RUN set -e && \

From 2a9c4e319810051e04256ae783cd519c8ee9ea57 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 25 Mar 2023 13:41:47 +0100
Subject: [PATCH 0689/3949] wip on note about Nextcloud 26

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 99bf7de1..1e3d4242 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -250,6 +250,12 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
+                            {% if isAnyRunning == true %}
+                                <details>
+                                <summary>Note about <b>Nextcloud 26</b></summary><br>
+                                    If you want to upgrade to Nextcloud 26 now, you can do so by following <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
+                                </details><br>
+                            {% endif %}
                         {% endif %}
                     {% endif %}
                 {% endif %}

From 98eb90360ba28f28e9a02a8f40e248586df315a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 29 Mar 2023 17:39:31 +0200
Subject: [PATCH 0690/3949] add a bit more logic

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 15 +++++++++++++++
 manual-install/update-yaml.sh           |  1 +
 php/containers.json                     |  3 ++-
 php/src/Controller/DockerController.php |  8 ++++++++
 php/src/Data/ConfigurationManager.php   |  8 ++++++++
 php/src/Docker/DockerActionManager.php  |  6 ++++++
 php/templates/containers.twig           | 19 +++++++++++++++----
 7 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 796f3cd0..1b9f8d90 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -250,6 +250,21 @@ DATADIR_PERMISSION_CONF
             # unset admin password
             unset ADMIN_PASSWORD
 
+            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
+                php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                php /var/www/html/updater/updater.phar --no-interaction
+                php /var/www/html/occ app:enable nextcloud-aio --force
+                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                    echo "Installation of Nextcloud failed!"
+                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                fi
+                php /var/www/html/occ config:system:set updater.release.channel --value=stable
+                php /var/www/html/occ db:add-missing-indices
+                php /var/www/html/occ db:add-missing-columns
+                php /var/www/html/occ db:add-missing-primary-keys
+                yes | php /var/www/html/occ db:convert-filecache-bigint
+            fi
+
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 7d2446a1..fad25bc3 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -83,6 +83,7 @@ sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccom
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
+sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf
diff --git a/php/containers.json b/php/containers.json
index 6096733b..c5b606b6 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -161,7 +161,8 @@
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
-        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
+        "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%"
       ],
       "restart": "unless-stopped",
       "devices": [
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index dd417b27..5f4acfe3 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -154,11 +154,19 @@ class DockerController
             $port = 443;
         }
 
+        if (isset($request->getParsedBody()['install_latest_major'])) {
+            $installLatestMajor = 26;
+        } else {
+            $installLatestMajor = "";
+        }
+
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
         $config['AIO_URL'] = $host . ':' . $port;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
+        // set install_latest_major
+        $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
 
         // Start container
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index f734e1d1..07eb7078 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -677,6 +677,14 @@ class ConfigurationManager
         }
     }
 
+    public function shouldLatestMajorGetInstalled() : bool {
+        $config = $this->GetConfig();
+        if(!isset($config['install_latest_major'])) {
+            $config['install_latest_major'] = '';
+        }
+        return $config['install_latest_major'] !== '';
+    }
+
     public function GetAdditionalBackupDirectoriesString() : string {
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 1dc0358b..98789ae3 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -348,6 +348,12 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
+                } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') {
+                    if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1e3d4242..7ec1ede3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -26,6 +26,8 @@
         {% set isWatchtowerRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
+        {# Setting newMajorVersion to '' will hide corresponding options/elements #}
+        {% set newMajorVersion = 26 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -250,10 +252,10 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
-                            {% if isAnyRunning == true %}
+                            {% if newMajorVersion != '' && isAnyRunning == true %}
                                 <details>
-                                <summary>Note about <b>Nextcloud 26</b></summary><br>
-                                    If you want to upgrade to Nextcloud 26 now, you can do so by following <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
+                                <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
                                 </details><br>
                             {% endif %}
                         {% endif %}
@@ -293,7 +295,16 @@
                                 <input class="button" type="submit" value="Update mastercontainer" />
                             </form>
                         {% else %}
-                            {% if was_start_button_clicked == false or has_update_available == false %}
+                            {% if was_start_button_clicked == false %}
+                                <form method="POST" action="/api/docker/start" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    {% if newMajorVersion != '' %}
+                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud {{ newMajorVersion }} (if unchecked, Nextcloud {{ newMajorVersion - 1 }} will get installed)</label><br>
+                                    {% endif %}
+                                    <input class="button" type="submit" value="Download and start containers" />
+                                </form>
+                            {% elseif has_update_available == false %}
                                 <form method="POST" action="/api/docker/start" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From bd4d16ebb00614c4755a455ab3288eeacb494f81 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 31 Mar 2023 04:21:20 +0000
Subject: [PATCH 0691/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 2a811d04..09f782db 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.8.0@9cf4f60a333f779ad3bc704a555920e81d4fdcda"/>
+<files psalm-version="5.9.0@8b9ad1eb9e8b7d3101f949291da2b9f7767cd163"/>

From 1cae0980cd660a332d7a8f9e6da9c10ba66f0280 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 09:25:14 +0200
Subject: [PATCH 0692/3949] Correct cifs mount example

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 604cec22..380d099b 100644
--- a/readme.md
+++ b/readme.md
@@ -465,7 +465,7 @@ Sure. Add this to the `/etc/fstab` file: <br>
 (Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
 
 One example could look like this:<br>
-`//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
 and add into `/etc/storage-credentials`:
 ```
 username=<smb/cifs username>

From 8b6bb9453963183ffe85bdad1597f1037cdabd98 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 11:27:11 +0200
Subject: [PATCH 0693/3949] shm-size must be an int

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Container/Container.php        | 6 +++---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 php/src/Docker/DockerActionManager.php | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 8d5e8ac5..be2ebb18 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -25,7 +25,7 @@ class Container {
     private array $devices;
     /** @var string[] */
     private array $capAdd;
-    private string $shmSize;
+    private int $shmSize;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -42,7 +42,7 @@ class Container {
         array $secrets,
         array $devices,
         array $capAdd,
-        string $shmSize,
+        int $shmSize,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -78,7 +78,7 @@ class Container {
         return $this->restartPolicy;
     }
 
-    public function GetShmSize() : string {
+    public function GetShmSize() : int {
         return $this->shmSize;
     }
 
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 95d87913..498a6069 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -218,7 +218,7 @@ class ContainerDefinitionFetcher
                 $capAdd = $entry['cap_add'];
             }
 
-            $shmSize = '';
+            $shmSize = -1;
             if (isset($entry['shm_size'])) {
                 $shmSize = $entry['shm_size'];
             }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 1dc0358b..81a312b1 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,7 @@ class DockerActionManager
         }
 
         $shmSize = $container->GetShmSize();
-        if ($shmSize !== '') {
+        if ($shmSize > 0) {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 

From 1bf1b2b28418ef5843374ca4643625e3600e4fe3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 12:05:41 +0200
Subject: [PATCH 0694/3949] options-form-submit is not needed for the login
 layout

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/layout.twig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 08b5af0b..e4d5c4ca 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -4,7 +4,6 @@
         <link rel="stylesheet" href="/style.css" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
-        <script type="text/javascript" src="options-form-submit.js"></script>
     </head>
 
     <body>

From 974190fd868273d8c68844479fde6e7e4e08c7d3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 12:24:03 +0200
Subject: [PATCH 0695/3949] move the options-form-submit to the containers
 layout

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 99bf7de1..ecafbd00 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -514,6 +514,7 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
+                        <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
                     <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}

From 9954641e022ca148b0a8b785501f2ddf0cddd806 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 16:41:48 +0200
Subject: [PATCH 0696/3949] fix the login form

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/forms.js                    | 15 ++++++---------
 php/src/Controller/LoginController.php |  8 +++++---
 php/templates/login.twig               |  2 +-
 3 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 029dfd5d..ac84c7d0 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -20,8 +20,10 @@
     if (xhr.status === 201) {
       window.location.replace(xhr.getResponseHeader('Location'));
     } else if (xhr.status === 422) {
+      disableSpinner()
       showError(xhr.response);
     } else if (xhr.status === 500) {
+      disableSpinner()
       showError("Server error. Please check the mastercontainer logs for details.");
     } else {
       // If the responose is not one of the above, we should reload to show the latest content
@@ -29,16 +31,12 @@
     }
   }
 
-  function disable(element) {
+  function disableSpinnerSpinner() {
     document.getElementById('overlay').classList.add('loading');
-    element.classList.add('loading');
-    element.disabled = true;
   }
 
-  function enable(element) {
+  function disableSpinner() {
     document.getElementById('overlay').classList.remove('loading');
-    element.classList.remove('loading');
-    element.disabled = false;
   }
 
   function initForm(form) {
@@ -50,11 +48,10 @@
       var xhr = new XMLHttpRequest();
       xhr.addEventListener('load', handleEvent);
       xhr.addEventListener('error', () => showError("Failed to talk to server."));
-      xhr.addEventListener('load', () => enable(event.submitter));
-      xhr.addEventListener('error', () => enable(event.submitter));
+      xhr.addEventListener('error', () => disableSpinner());
       xhr.open(form.method, form.getAttribute("action"));
       xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
-      disable(event.submitter);
+      disableSpinnerSpinner();
       xhr.send(new URLSearchParams(new FormData(form)));
       event.preventDefault();
     }
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 81b1ab84..954cf494 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -21,15 +21,17 @@ class LoginController
 
     public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
-            return $response->withHeader('Location', '/')->withStatus(302);
+            $response->getBody()->write("The login is blocked since Nextcloud is running.");
+            return $response->withHeader('Location', '/')->withStatus(422);
         }
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(302);
+            return $response->withHeader('Location', '/')->withStatus(201);
         }
 
-        return $response->withHeader('Location', '/')->withStatus(302);
+        $response->getBody()->write("The password is false.");
+        return $response->withHeader('Location', '/')->withStatus(422);
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 1b3f746e..5659c4db 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -7,7 +7,7 @@
             <h1>Nextcloud AIO Login</h1>
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
-                <form method="POST" action="/api/auth/login">
+                <form method="POST" action="/api/auth/login" class="xhr">
                     <input type="text" autocomplete="off" name="password" placeholder="Password" />
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From cc13161ec6016b92197cedecba933300798dd504 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 14:05:40 +0200
Subject: [PATCH 0697/3949] domain must contain at least one dot

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index f734e1d1..78eb1775 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -234,6 +234,11 @@ class ConfigurationManager
      * @throws InvalidSettingConfigurationException
      */
     public function SetDomain(string $domain) : void {
+        // Validate that at least one dot is contained
+        if (strpos($domain, '.') === false) {
+            throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
+        }
+
         // Validate domain
         if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
             throw new InvalidSettingConfigurationException("Domain is not a valid domain!");

From baf7778ed3f647b1b905d63b9b96f6cd2dbdd18d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 14:15:14 +0200
Subject: [PATCH 0698/3949] increase to 4.8.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b539ac42..333bb094 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.7.0</h1>
+        <h1>Nextcloud AIO v4.8.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From fb3b040290b680b6c4cf0349494b73ba988f19d4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 Mar 2023 11:32:01 +0200
Subject: [PATCH 0699/3949] add a section to the readme about remote borg
 backups

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 380d099b..bdba8e10 100644
--- a/readme.md
+++ b/readme.md
@@ -269,7 +269,16 @@ The backups itself get encrypted with an encryption key that gets shown to you i
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
 
-Note that this implementation does not provide remote backups, for this you can use the [backup app](https://apps.nextcloud.com/apps/backup).
+---
+
+#### Are remote borg backups supported?
+
+Not directly but you have multiple options to achieve this:
+- Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
+- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
+- You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
+- create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
+- Additionally, there is the [backup app](https://apps.nextcloud.com/apps/backup) for remote backups
 
 ---
 

From aba666859b863f84dc036ef010166116fbf3de85 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 14:26:03 +0200
Subject: [PATCH 0700/3949] fix and sign in twig template

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 333bb094..5605616a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -252,7 +252,7 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
-                            {% if newMajorVersion != '' && isAnyRunning == true %}
+                            {% if newMajorVersion != '' and isAnyRunning == true %}
                                 <details>
                                 <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
                                     If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>

From 7a10602c6356d7c9369e67a7e8d44b65d2b23515 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 14:37:42 +0200
Subject: [PATCH 0701/3949] increase width to 500px

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 08cb9e41..e43485c9 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -144,7 +144,7 @@ input {
     padding: 20px;
     max-width: 100%;
     word-break: break-word;
-    max-width: 470px;
+    max-width: 500px;
     margin: 0 auto;
 }
 

From 187bf3f7673ef77e8973ed0655af8c464826f188 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 14:44:39 +0200
Subject: [PATCH 0702/3949] only show the note about nc26 when all containers
 are started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5605616a..69aef938 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -252,7 +252,7 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
-                            {% if newMajorVersion != '' and isAnyRunning == true %}
+                            {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
                                 <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
                                     If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>

From 287a5a08cdd30ff4050e3eb3c56dd8c46c5b0c9a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 21:01:28 +0200
Subject: [PATCH 0703/3949] remove temporarily added dependencies after avatar
 problem was fixed

after https://github.com/nextcloud/all-in-one/issues/1628 was fixed
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 28 ++++++----------------------
 1 file changed, 6 insertions(+), 22 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dfa5bc6c..343427e2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -27,32 +27,21 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
         autoconf \
-        libtool \
         freetype-dev \
+        gmp-dev \
         icu-dev \
+        imagemagick-dev \
         libevent-dev \
         libjpeg-turbo-dev \
         libmcrypt-dev \
-        libpng-dev \
         libmemcached-dev \
+        libpng-dev \
+        libwebp-dev \
         libxml2-dev \
         libzip-dev \
         openldap-dev \
         pcre-dev \
         postgresql-dev \
-        libwebp-dev \
-        gmp-dev \
-        lcms2-dev \
-        fontconfig-dev \
-        freetype-dev \
-        ghostscript-dev \
-        tiff-dev \
-        zlib-dev \
-        imagemagick-dev \
-        libheif-dev \
-        librsvg-dev \
-        libxext-dev \
-        ghostscript-fonts \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -61,13 +50,13 @@ RUN set -ex; \
         bcmath \
         exif \
         gd \
+        gmp \
         intl \
         ldap \
         opcache \
         pcntl \
         pdo_pgsql \
         zip \
-        gmp \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
@@ -215,12 +204,7 @@ RUN set -ex; \
         mawk \
         sudo \
         grep \
-        coreutils \
-        libjpeg \
-        librsvg \
-        libheif \
-        libpng \
-        ghostscript-fonts;
+        coreutils;
 
 RUN set -ex; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \

From 15c90407bccd36f90748bcdb1e1f79c97dbfd7ae Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 1 Apr 2023 21:04:45 +0200
Subject: [PATCH 0704/3949] add sysvsem

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dfa5bc6c..766c8afa 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -66,6 +66,7 @@ RUN set -ex; \
         opcache \
         pcntl \
         pdo_pgsql \
+        sysvsem \
         zip \
         gmp \
     ; \

From ed36ba6c8d9d93a399b12004ee625e99184340bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 2 Apr 2023 11:26:42 +0200
Subject: [PATCH 0705/3949] define updaterdirectory and add forgotten exit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    | 5 +++++
 Containers/nextcloud/entrypoint.sh | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dfa5bc6c..59368c83 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -264,6 +264,11 @@ RUN set -ex; \
 
 VOLUME /mnt/ncdata
 
+RUN set -ex; \
+    mkdir -p /nc-updater; \
+    chown -R www-data:www-data /nc-updater; \
+    chmod -R 770 /nc-updater
+
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1b9f8d90..2efc872a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -252,11 +252,13 @@ DATADIR_PERMISSION_CONF
 
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
                 php /var/www/html/updater/updater.phar --no-interaction
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                     echo "Installation of Nextcloud failed!"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                    exit 1
                 fi
                 php /var/www/html/occ config:system:set updater.release.channel --value=stable
                 php /var/www/html/occ db:add-missing-indices
@@ -427,6 +429,7 @@ php /var/www/html/occ app:enable support
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
+php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 
 # Apply network settings
 echo "Applying network settings..."

From 93a0616f7eb78e028116cb3985abfaf3a6e68455 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 3 Apr 2023 10:30:05 +0200
Subject: [PATCH 0706/3949] increase to 4.8.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 69aef938..21b2eeb6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.8.0</h1>
+        <h1>Nextcloud AIO v4.8.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 81a8352d6479920aa57cb9ac260fe69dda84a5f8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 4 Apr 2023 14:34:21 +0200
Subject: [PATCH 0707/3949] update dependency-update workflow

ssh ncadmin@192.168.24.128
---
 .github/workflows/dependency-updates.yml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index e47c36f3..97adff71 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -19,17 +19,18 @@ jobs:
       run: |
         set -x
         cd ./php
-        composer update
-        set +e
-        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
-        set -e
-        while [ -n "$ALL_LINES" ]; do
-          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
-          ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
-        done
-        echo "outdated dependencies:
-        $(composer outdated)"
+        composer update --with-all-dependencies
+        # Disable dependency updates for now
+        # set +e
+        # ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        # set -e
+        # while [ -n "$ALL_LINES" ]; do
+        #   CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
+        #   composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
+        #   ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
+        # done
+        # echo "outdated dependencies:
+        # $(composer outdated)"
     - name: Update apcu
       run: |
         # APCU

From ab8b455b7113170e7db0195fdfc5d262ed10b760 Mon Sep 17 00:00:00 2001
From: Marius Quabeck <marius.quabeck@nextcloud.com>
Date: Tue, 4 Apr 2023 18:03:11 +0200
Subject: [PATCH 0708/3949] add default path for borg compact

all examples up until the compact section work under the assumption that you are using the default backup path "/mnt/backup/borg" so path for compact should be the same

Signed-off-by: Marius Quabeck <marius.quabeck@nextcloud.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bdba8e10..d2355ff3 100644
--- a/readme.md
+++ b/readme.md
@@ -326,7 +326,7 @@ sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud
 # If borg 1.2.0 or higher is installed, you then need to run borg compact in order to clean up the freed space
 sudo borg --version
 # If version number of the command above is higher than 1.2.0 you need to run the command below:
-sudo borg compact "/mnt/backup/"
+sudo borg compact "/mnt/backup/borg"
 
 ```
 

From cd2208f295f16e7866afce8cd4054ee9415acd33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Apr 2023 13:00:21 +0000
Subject: [PATCH 0709/3949] Bump peter-evans/create-or-update-comment from 2 to
 3

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/command-rebase.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 4df2ab24..243547b2 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

From 0c93ad6def0aa6d47c607bb23bfd0080cc1ee23a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Apr 2023 13:00:25 +0000
Subject: [PATCH 0710/3949] Bump peter-evans/create-pull-request from 4 to 5

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 97adff71..3b466f39 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v4
+      uses: peter-evans/create-pull-request@v5
       with:
         commit-message: dependency updates
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 234661c8..b61eda85 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -66,7 +66,7 @@ jobs:
         sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v4
+      uses: peter-evans/create-pull-request@v5
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 53f2ec68..35e87561 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -31,7 +31,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index a5498b66..45dc9139 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -21,7 +21,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 928d396f..0d479b06 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           commit-message: Yaml updates
           signoff: true

From d3b099e8e304e03ad997759a3223fe7ebafd9639 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Apr 2023 15:25:20 +0000
Subject: [PATCH 0711/3949] Bump docker from 23.0.2-cli to 23.0.3-cli in
 /Containers/mastercontainer

Bumps docker from 23.0.2-cli to 23.0.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ece1f409..adf863b2 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.2-cli as docker
+FROM docker:23.0.3-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 6fe6d7e0b4da44a57b1f1c1226b40fb712b50a22 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 6 Apr 2023 15:05:59 +0200
Subject: [PATCH 0712/3949] migrate imaginary container to alpine

I think this is much better, then the old workflow (https://github.com/nextcloud-releases/all-in-one/blob/main/.github/workflows/imaginary.yml)

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/imaginary/Dockerfile | 40 +++++++++++++--------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 82ca2dc1..9a1315e6 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,29 +1,21 @@
-# From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20230301
+FROM golang:1.20.3-alpine3.17 as go
+RUN apk add --no-cache \
+        vips-dev \
+        build-base; \
+    go install github.com/h2non/imaginary@master # use master branch as base
 
-USER root
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        netcat \
-    ; \
-    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list; \
-    apt-get update; \
-    apt-get install -t bookworm -y --no-install-recommends \
-        libheif1 \
-        libde265-0 \
-        libx265-199 \
-        libvips \
-    ; \
-    rm /etc/apt/sources.list.d/bookworm.list; \
-    rm -rf /var/lib/apt/lists/*
-USER nobody
+FROM alpine:3.17.3
+RUN apk add --no-cache \
+        tzdata \
+        ca-certificates \
+        netcat-openbsd \
+        vips-dev
 
-ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
-
-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
+ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 043560952141857e16ec8b8f92bdebca079396b9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 6 Apr 2023 15:49:25 +0200
Subject: [PATCH 0713/3949] add nodejs in order to make recognize easier to
 install on arm64

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 34ec1cc3..679b0b8f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -205,6 +205,7 @@ RUN set -ex; \
         mawk \
         sudo \
         grep \
+        nodejs \
         coreutils;
 
 RUN set -ex; \

From 99f29aaaedc2b735d3dcdc0688af30f520f47631 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Apr 2023 12:59:09 +0000
Subject: [PATCH 0714/3949] Bump httpd in /Containers/apache

Bumps httpd from 2.4.56-alpine3.17 to 2.4.57-alpine3.17.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c07eafc1..764dfb45 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-FROM httpd:2.4.56-alpine3.17
+FROM httpd:2.4.57-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From c5a1a00e38cc1b83c48b8ab59bb68a293825e3a3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 7 Apr 2023 17:00:52 +0200
Subject: [PATCH 0715/3949] update wording for cleaning up things properlyd

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d2355ff3..4961238f 100644
--- a/readme.md
+++ b/readme.md
@@ -238,7 +238,8 @@ Here is how to reset the AIO instance properly:
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
-1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). Also if you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well.
+1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
+1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
 1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!

From ee5d9493de1d5ac8f32b28e989203a29de7ef53c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 8 Apr 2023 13:25:40 +0200
Subject: [PATCH 0716/3949] Talk use netcat to check stun/turn port using
 domain

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 59ef714a..5a5b48a2 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -67,5 +67,5 @@ USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From d93c01f3686c3b977ce55f9aaa4289274cb828ab Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 8 Apr 2023 13:28:19 +0200
Subject: [PATCH 0717/3949] apache healthcheck, check localhost apacheport with
 every apache port

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/healthcheck.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 436091b2..e23585bc 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -2,8 +2,7 @@
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
-if [ "$APACHE_PORT" != '443' ]; then
-    nc -z localhost "$APACHE_PORT" || exit 1
-else
+nc -z localhost "$APACHE_PORT" || exit 1
+if [ "$APACHE_PORT" == '443' ]; then
     nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
 fi

From 1ce496a32385e9060dbd0887cd7c76944b076a93 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 9 Apr 2023 01:03:06 +0200
Subject: [PATCH 0718/3949] add timeout for curl

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 6d4619ad..16b24578 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -303,6 +303,8 @@ class ConfigurationManager
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+            curl_setopt($ch, CURLOPT_TIMEOUT, 10);
             $response = (string)curl_exec($ch);
             # Get rid of trailing \n
             $response = str_replace("\n", "", $response);

From 1fa1c90e22920f22c302d6976360d270261b0faa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Apr 2023 12:59:47 +0000
Subject: [PATCH 0719/3949] Bump clamav/clamav from 1.0.1-1 to 1.0.1-2 in
 /Containers/clamav

Bumps clamav/clamav from 1.0.1-1 to 1.0.1-2.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e94ee588..f8681186 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
-FROM clamav/clamav:1.0.1-1
+FROM clamav/clamav:1.0.1-2
 
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/

From 8cabad38a659526c113f0c12a9c6b6310cd5548b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 10 Apr 2023 17:20:04 +0200
Subject: [PATCH 0720/3949] use commit sha and port 9000

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/imaginary/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 9a1315e6..4d9558d4 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -2,7 +2,7 @@ FROM golang:1.20.3-alpine3.17 as go
 RUN apk add --no-cache \
         vips-dev \
         build-base; \
-    go install github.com/h2non/imaginary@master # use master branch as base
+    go install github.com/h2non/imaginary@b632dae
 
 FROM alpine:3.17.3
 RUN apk add --no-cache \
@@ -15,7 +15,7 @@ COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+ENTRYPOINT ["imaginary", "-p", "9000", "-return-size", "-max-allowed-resolution", "222.2"]
 
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 46ec1ea7f59e56c81b015d31b7d7dca2bd6997cc Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 10 Apr 2023 17:50:58 +0200
Subject: [PATCH 0721/3949] always check port 443

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/healthcheck.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index e23585bc..4e8a2401 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -3,6 +3,4 @@
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
 nc -z localhost "$APACHE_PORT" || exit 1
-if [ "$APACHE_PORT" == '443' ]; then
-    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
-fi
+nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1

From 904d23147c594ca6a25e35b42aa6bee66331e5ae Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 11 Apr 2023 10:54:02 +0200
Subject: [PATCH 0722/3949] add suggestion

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/healthcheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 4e8a2401..835ec4d4 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -3,4 +3,4 @@
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
 nc -z localhost "$APACHE_PORT" || exit 1
-nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
+nc -z "$NC_DOMAIN" 443 || exit 1

From e1890c8f3ba4944e4da6f702a3506b82d8a62898 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Apr 2023 13:29:53 +0200
Subject: [PATCH 0723/3949] add ref docs on cloudflare tunnel and dns-challenge

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 4961238f..085fbffd 100644
--- a/readme.md
+++ b/readme.md
@@ -138,7 +138,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#cloudflare-setup for additional docs on this topic.
 
 ### Disrecommended VPS providers
 - Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
@@ -153,7 +153,7 @@ In general recommended VPS are those that are KVM/non-virtualized as Docker shou
 - HDD storage should work as well but is of course much slower than SSD storage
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
-You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section).
+You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
 
 ### How to run Nextcloud locally?
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md)

From 73e734b01161ad5805caf211f9ff13e4986daad3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 13 Apr 2023 12:02:28 +0000
Subject: [PATCH 0724/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 81 +++++++++++++++++++++++------------------------
 1 file changed, 40 insertions(+), 41 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 003c147f..a0160762 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -729,21 +729,21 @@
         },
         {
             "name": "psr/http-client",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-client.git",
-                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621"
+                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
-                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/0955afe48220520692d2d09f7ab7e0f93ffd6a31",
+                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.0 || ^8.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -763,7 +763,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP clients",
@@ -775,27 +775,27 @@
                 "psr-18"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-client/tree/master"
+                "source": "https://github.com/php-fig/http-client/tree/1.0.2"
             },
-            "time": "2020-06-29T06:28:15+00:00"
+            "time": "2023-04-10T20:12:12+00:00"
         },
         {
             "name": "psr/http-factory",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-factory.git",
-                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be"
+                "reference": "e616d01114759c4c489f93b099585439f795fe35"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
-                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/e616d01114759c4c489f93b099585439f795fe35",
+                "reference": "e616d01114759c4c489f93b099585439f795fe35",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -815,7 +815,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interfaces for PSR-7 HTTP message factories",
@@ -830,31 +830,31 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-factory/tree/master"
+                "source": "https://github.com/php-fig/http-factory/tree/1.0.2"
             },
-            "time": "2019-04-30T12:38:16+00:00"
+            "time": "2023-04-10T20:10:41+00:00"
         },
         {
             "name": "psr/http-message",
-            "version": "1.0.1",
+            "version": "1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-message.git",
-                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
+                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
-                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
+                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": "^7.2 || ^8.0"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.0.x-dev"
+                    "dev-master": "1.1.x-dev"
                 }
             },
             "autoload": {
@@ -883,27 +883,27 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-message/tree/master"
+                "source": "https://github.com/php-fig/http-message/tree/1.1"
             },
-            "time": "2016-08-06T14:39:51+00:00"
+            "time": "2023-04-04T09:50:52+00:00"
         },
         {
             "name": "psr/http-server-handler",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-server-handler.git",
-                "reference": "aff2f80e33b7f026ec96bb42f63242dc50ffcae7"
+                "reference": "84c4fb66179be4caaf8e97bd239203245302e7d4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-server-handler/zipball/aff2f80e33b7f026ec96bb42f63242dc50ffcae7",
-                "reference": "aff2f80e33b7f026ec96bb42f63242dc50ffcae7",
+                "url": "https://api.github.com/repos/php-fig/http-server-handler/zipball/84c4fb66179be4caaf8e97bd239203245302e7d4",
+                "reference": "84c4fb66179be4caaf8e97bd239203245302e7d4",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -923,7 +923,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP server-side request handler",
@@ -939,28 +939,27 @@
                 "server"
             ],
             "support": {
-                "issues": "https://github.com/php-fig/http-server-handler/issues",
-                "source": "https://github.com/php-fig/http-server-handler/tree/master"
+                "source": "https://github.com/php-fig/http-server-handler/tree/1.0.2"
             },
-            "time": "2018-10-30T16:46:14+00:00"
+            "time": "2023-04-10T20:06:20+00:00"
         },
         {
             "name": "psr/http-server-middleware",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-server-middleware.git",
-                "reference": "2296f45510945530b9dceb8bcedb5cb84d40c5f5"
+                "reference": "c1481f747daaa6a0782775cd6a8c26a1bf4a3829"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-server-middleware/zipball/2296f45510945530b9dceb8bcedb5cb84d40c5f5",
-                "reference": "2296f45510945530b9dceb8bcedb5cb84d40c5f5",
+                "url": "https://api.github.com/repos/php-fig/http-server-middleware/zipball/c1481f747daaa6a0782775cd6a8c26a1bf4a3829",
+                "reference": "c1481f747daaa6a0782775cd6a8c26a1bf4a3829",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0",
-                "psr/http-message": "^1.0",
+                "psr/http-message": "^1.0 || ^2.0",
                 "psr/http-server-handler": "^1.0"
             },
             "type": "library",
@@ -981,7 +980,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP server-side middleware",
@@ -997,9 +996,9 @@
             ],
             "support": {
                 "issues": "https://github.com/php-fig/http-server-middleware/issues",
-                "source": "https://github.com/php-fig/http-server-middleware/tree/master"
+                "source": "https://github.com/php-fig/http-server-middleware/tree/1.0.2"
             },
-            "time": "2018-10-30T17:12:04+00:00"
+            "time": "2023-04-11T06:14:47+00:00"
         },
         {
             "name": "psr/log",

From 0b2c7f09b65b690689c71229c2682732a972951f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 13 Apr 2023 12:02:39 +0000
Subject: [PATCH 0725/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 3 ++-
 manual-install/sample.conf | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f9eb7079..5630cbf8 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -44,6 +44,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    shm_size: 268435456
 
   nextcloud-aio-nextcloud:
     depends_on:
@@ -101,7 +102,7 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-      - SKIP_DATA_DIRECTORY_PERMISSION_CHECK=${SKIP_DATA_DIRECTORY_PERMISSION_CHECK}
+      - INSTALL_LATEST_MAJOR=${INSTALL_LATEST_MAJOR}
     restart: unless-stopped
     networks:
       - nextcloud-aio
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 69edf627..e2357b4c 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -10,6 +10,7 @@ COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
@@ -25,7 +26,6 @@ ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.

From 06733e8009cbbbaa56444204ce827cae34bfc2f2 Mon Sep 17 00:00:00 2001
From: ItsQuadrus <quadrus.yt@gmail.com>
Date: Thu, 13 Apr 2023 20:44:59 +0200
Subject: [PATCH 0726/3949] Missing brace

Signed-off-by: ItsQuadrus <quadrus.yt@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 085fbffd..6acb317e 100644
--- a/readme.md
+++ b/readme.md
@@ -240,7 +240,7 @@ Here is how to reset the AIO instance properly:
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
 1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
 1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
-1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
+1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 

From 2d1ddccb2865bc3c624ed013fd356685eb77899a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 13 Apr 2023 21:36:11 +0200
Subject: [PATCH 0727/3949] talk use official coturn image

needs testing

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 59ef714a..f57b9a75 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.15-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM alpine:3.17.3
+FROM coturn/cotrun:4.6.2-r0-alpine
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server
@@ -11,7 +11,6 @@ RUN set -ex; \
         ca-certificates \
         tzdata \
         bash \
-        coturn \
         openssl \
         supervisor \
         bind-tools \

From 401150d427108a67f77a6c7017a5ca2256867c6c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 13 Apr 2023 21:51:51 +0200
Subject: [PATCH 0728/3949] add workflow

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/imaginary-update.yml | 36 ++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/imaginary-update.yml

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
new file mode 100644
index 00000000..2a3db590
--- /dev/null
+++ b/.github/workflows/imaginary-update.yml
@@ -0,0 +1,36 @@
+# Inspired by https://github.com/nextcloud/docker/blob/master/.github/workflows/update-sh.yml
+name: imaginary-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  run_update:
+    name: update to latest imaginary commit on master branch
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Run imaginary-update
+      run: |
+        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
+
+        # Imaginary
+        imaginary_version="$(
+          git ls-remote https://github.com/h2non/imaginary master \
+            | cut -f1 \
+            | tail -1
+        )"
+        sed -i "s|go install github.com/h2non/imaginaryq.*;|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        commit-message: imaginary-update automated change
+        signoff: true
+        title: Imaginary update
+        body: Automated Imaginary container update
+        labels: dependencies, enhancement
+        milestone: next
+        branch: imaginary-container-update

From 34a5e6badff2528ca1cd5d059c2eeb21ddc2cf27 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 14 Apr 2023 11:45:06 +0200
Subject: [PATCH 0729/3949] fix typo, use always latest build of version

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index f57b9a75..c97d5145 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.15-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM coturn/cotrun:4.6.2-r0-alpine
+FROM coturn/coturn:4.6.2-alpine
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server

From 28b9755a50816d007dc9ca738799a32f20d2a011 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Apr 2023 13:41:02 +0200
Subject: [PATCH 0730/3949] disabling FTS on NC26 as the migration to ES8 is
 still pending

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 2efc872a..89076eb5 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -616,6 +616,11 @@ if version_greater "$installed_version" "24.0.0.0"; then
     fi
 fi
 
+# Migration to ES8 is pending, thus disabling FTS for now.
+if [ "$INSTALL_LATEST_MAJOR" = yes ] || version_greater "$installed_version" "26.0.0.0"; then
+    export FULLTEXTSEARCH_ENABLED=no
+fi
+
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do

From 033f0166f4be15c37ec2dd5ded6693fe4f97d2ce Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 14 Apr 2023 12:57:58 +0000
Subject: [PATCH 0731/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 nextcloud-aio-helm-chart/values.yaml                        | 2 +-
 12 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 93a79e9a..6ec50f91 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.7.0
+version: 4.8.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 1ed10828..033d32cd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230330_075307-latest
+          image: nextcloud/aio-apache:20230414_123705-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 4c53bde8..d71f2961 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230330_075307-latest
+          image: nextcloud/aio-clamav:20230414_123705-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 7627110b..307541f4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230330_075307-latest
+          image: nextcloud/aio-collabora:20230414_123705-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 36317301..f6b99374 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230330_075307-latest
+          image: nextcloud/aio-postgresql:20230414_123705-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 05602c55..8fe67b85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230330_075307-latest
+          image: nextcloud/aio-fulltextsearch:20230414_123705-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 839c4b0f..7755ffb5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230330_075307-latest
+          image: nextcloud/aio-imaginary:20230414_123705-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 5b76cc78..91f241b0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -64,6 +64,8 @@ spec:
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
               value: nextcloud-aio-imaginary
+            - name: INSTALL_LATEST_MAJOR
+              value: "{{ .Values.INSTALL_LATEST_MAJOR }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_DATA_DIR
@@ -98,8 +100,6 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
-            - name: SKIP_DATA_DIRECTORY_PERMISSION_CHECK
-              value: "{{ .Values.SKIP_DATA_DIRECTORY_PERMISSION_CHECK }}"
             - name: STARTUP_APPS
               value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
             - name: TALK_ENABLED
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230330_075307-latest
+          image: nextcloud/aio-nextcloud:20230414_123705-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 28a4186d..875bb15d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230330_075307-latest
+          image: nextcloud/aio-onlyoffice:20230414_123705-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index c687b628..e7e66ae1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230330_075307-latest
+          image: nextcloud/aio-redis:20230414_123705-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c6ddd49b..62774a4b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230330_075307-latest
+          image: nextcloud/aio-talk:20230414_123705-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 49e8b730..d276f6e9 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -9,6 +9,7 @@ COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the valu
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
@@ -22,7 +23,6 @@ ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-SKIP_DATA_DIRECTORY_PERMISSION_CHECK: no          # When setting to yes (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.

From 4df6d2c97180d7659560806f94ed90cfee017b74 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Apr 2023 11:49:54 +0200
Subject: [PATCH 0732/3949] Borg - revert to default checkpoint-interval

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 5fa6a153..be5ae17d 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -127,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")

From 157588d95f48307af3c8f25e574c0042c0349b1c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 7 Apr 2023 01:58:09 +0200
Subject: [PATCH 0733/3949] add a link to the easy-login docs to the app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/templates/admin.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/templates/admin.php b/app/templates/admin.php
index 64064f5d..609d7ccc 100644
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -11,5 +11,6 @@ declare(strict_types=1);
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
 	<h2><?php p($l->t('Nextcloud All In One'));?></h2>
-	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a>
+	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br>
+	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>

From 7acdb2dc92274d1b9cc362eaeb131ec798b43357 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Apr 2023 15:34:01 +0200
Subject: [PATCH 0734/3949] add a warning as well for FTS

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 89076eb5..1ad14001 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -619,6 +619,7 @@ fi
 # Migration to ES8 is pending, thus disabling FTS for now.
 if [ "$INSTALL_LATEST_MAJOR" = yes ] || version_greater "$installed_version" "26.0.0.0"; then
     export FULLTEXTSEARCH_ENABLED=no
+    echo "Fulltextsearch is not compatible with Nextcloud 26 and is getting disabled."
 fi
 
 # Fulltextsearch

From 9ba70425f40dbf0acf257870930d184c7e068df3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Apr 2023 15:46:43 +0200
Subject: [PATCH 0735/3949] re-add charts_dir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index a33d4eba..56a27337 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -41,6 +41,7 @@ jobs:
         uses: helm/chart-releaser-action@main
         with:
           mark_as_latest: false
+          charts_dir: .
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"

From 1c5d9f0eb71af193ff29d9fd33be861530db5271 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Apr 2023 15:47:32 +0200
Subject: [PATCH 0736/3949] add a tag to the chart-yaml

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6ec50f91..eed74e13 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -7,6 +7,7 @@ keywords:
   - nextcloud
   - helm-chart
   - open-source
+  - cloud
 sources:
   - https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart
 home: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart

From 1818eb10c325b5fd1cd9854a8e070f90a80d27d6 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 14 Apr 2023 15:54:57 +0200
Subject: [PATCH 0737/3949] Update .github/workflows/imaginary-update.yml

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/imaginary-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2a3db590..bd626554 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|go install github.com/h2non/imaginaryq.*;|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|go install github.com/h2non/imaginaryq.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5

From f122ee5a076e02a976ea90c64a37f076ef0b05bf Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 14 Apr 2023 15:55:12 +0200
Subject: [PATCH 0738/3949] Update .github/workflows/imaginary-update.yml

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/imaginary-update.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index bd626554..819bc13b 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -14,8 +14,6 @@ jobs:
     - uses: actions/checkout@v3
     - name: Run imaginary-update
       run: |
-        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
-
         # Imaginary
         imaginary_version="$(
           git ls-remote https://github.com/h2non/imaginary master \

From ead696b6830cec7a0eed98f9e1f044755f762f34 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 14 Apr 2023 15:55:32 +0200
Subject: [PATCH 0739/3949] Update .github/workflows/imaginary-update.yml

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/imaginary-update.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 819bc13b..8860e34c 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -1,4 +1,3 @@
-# Inspired by https://github.com/nextcloud/docker/blob/master/.github/workflows/update-sh.yml
 name: imaginary-update
 
 on:

From 7f918c37fc2099ece588feb78b48df5bd69ffe0e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 14 Apr 2023 16:06:37 +0200
Subject: [PATCH 0740/3949] fix typo

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/imaginary-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 8860e34c..12bd9e86 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|go install github.com/h2non/imaginaryq.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|go install github.com/h2non/imaginary.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5

From f0069816bc2d09e585f869bc6f01d815d3356a20 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 12:52:25 +0200
Subject: [PATCH 0741/3949] sometimes the built-in upgrader needs to run
 several times

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1ad14001..87271613 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -260,6 +260,20 @@ DATADIR_PERMISSION_CONF
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
                     exit 1
                 fi
+                # shellcheck disable=SC2016
+                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+                INSTALLED_MAJOR="${installed_version%%.*}"
+                IMAGE_MAJOR="${image_version%%.*}"
+                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
+                    php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                    php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+                    php /var/www/html/updater/updater.phar --no-interaction
+                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                        echo "Installation of Nextcloud failed!"
+                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                        exit 1
+                    fi
+                fi
                 php /var/www/html/occ config:system:set updater.release.channel --value=stable
                 php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns

From 085d878223f39c9e5e28e647ea5edc80b30d19ed Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 15 Apr 2023 10:53:31 +0000
Subject: [PATCH 0742/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4d9558d4..d0cd9020 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -2,7 +2,7 @@ FROM golang:1.20.3-alpine3.17 as go
 RUN apk add --no-cache \
         vips-dev \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 FROM alpine:3.17.3
 RUN apk add --no-cache \

From cda66b1a116d623c72b42ac6bea6083e010ebb8a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 12:56:14 +0200
Subject: [PATCH 0743/3949] add set -ex to imaginary

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d0cd9020..9bd0e300 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,11 +1,13 @@
 FROM golang:1.20.3-alpine3.17 as go
-RUN apk add --no-cache \
+RUN set -ex; \
+    apk add --no-cache \
         vips-dev \
         build-base; \
     go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 FROM alpine:3.17.3
-RUN apk add --no-cache \
+RUN set -ex; \
+    apk add --no-cache \
         tzdata \
         ca-certificates \
         netcat-openbsd \

From cf28ad7d45d6b6a18c7c791ac8b4088541b12e0f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 16:35:05 +0200
Subject: [PATCH 0744/3949] run imaginary as nobody user

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 9bd0e300..b5f85658 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -15,6 +15,8 @@ RUN set -ex; \
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 
+USER nobody
+
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["imaginary", "-p", "9000", "-return-size", "-max-allowed-resolution", "222.2"]

From 34239f3e1517316e400f8aafe7e7422ba994ed7a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 16:47:16 +0200
Subject: [PATCH 0745/3949] also install other vips bindings

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b5f85658..e2dd6599 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -2,6 +2,9 @@ FROM golang:1.20.3-alpine3.17 as go
 RUN set -ex; \
     apk add --no-cache \
         vips-dev \
+        vips-magick \
+        vips-heif \
+        vips-jxl
         build-base; \
     go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
@@ -11,7 +14,10 @@ RUN set -ex; \
         tzdata \
         ca-certificates \
         netcat-openbsd \
-        vips-dev
+        vips \
+        vips-magick \
+        vips-heif \
+        vips-jxl
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 

From edf723e4f445f24d807e7660b40268ed77314909 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 16:48:49 +0200
Subject: [PATCH 0746/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e2dd6599..d526458d 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -4,9 +4,9 @@ RUN set -ex; \
         vips-dev \
         vips-magick \
         vips-heif \
-        vips-jxl
+        vips-jxl \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 FROM alpine:3.17.3
 RUN set -ex; \

From 3873795c055df5e6fb27928e2644b7f99e0da61a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 17:00:21 +0200
Subject: [PATCH 0747/3949] also add poppler for pdf support

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d526458d..bccb319c 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -5,6 +5,7 @@ RUN set -ex; \
         vips-magick \
         vips-heif \
         vips-jxl \
+        vips-poppler \
         build-base; \
     go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
@@ -17,7 +18,8 @@ RUN set -ex; \
         vips \
         vips-magick \
         vips-heif \
-        vips-jxl
+        vips-jxl \
+        vips-poppler
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 

From a145bf33a321c4b69e21bb25f5dcb4fa6029006c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 17:37:09 +0200
Subject: [PATCH 0748/3949] fix the formatting of the aio-app section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/templates/admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/templates/admin.php b/app/templates/admin.php
index 609d7ccc..b68d1442 100644
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -11,6 +11,6 @@ declare(strict_types=1);
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
 	<h2><?php p($l->t('Nextcloud All In One'));?></h2>
-	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br>
+	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br><br>
 	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>

From fcf1a1e11b2719d1c37cd262c14a881e0c343a61 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 17:55:45 +0200
Subject: [PATCH 0749/3949] increase to 4.9.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 21b2eeb6..893d2d65 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.8.1</h1>
+        <h1>Nextcloud AIO v4.9.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 46f4136d30315d8538c6de29821bcd496ac0c1c5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 15 Apr 2023 18:03:50 +0200
Subject: [PATCH 0750/3949] update volume prune documentation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6acb317e..5540e7b8 100644
--- a/readme.md
+++ b/readme.md
@@ -238,7 +238,7 @@ Here is how to reset the AIO instance properly:
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
-1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
+1. Now remove all these dangling volumes: `sudo docker volume prune docker --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
 1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
 1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.

From 2a44208f567273fa700229c8b76ef1b0587cc69b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 18:19:47 +0200
Subject: [PATCH 0751/3949] add custom ipv6 docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 28 ++++++++++++++++++++++++++++
 docker-rootless.md     |  2 +-
 readme.md              |  2 +-
 3 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 docker-ipv6-support.md

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
new file mode 100644
index 00000000..a7c475d7
--- /dev/null
+++ b/docker-ipv6-support.md
@@ -0,0 +1,28 @@
+# IPv6-Support for Docker
+
+**Note**: IPv6 networking is only supported on Docker daemons running on Linux hosts. So it is neither supported on Windows nor on macOS.
+
+Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
+
+1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `2001:db8:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+
+    ```json
+    {
+      "ipv6": true,
+      "fixed-cidr-v6": "2001:db8:1::/64",
+      "experimental": true,
+      "ip6tables": true
+    }
+    ```
+
+    Save the file.
+
+2.  Reload the Docker configuration file.
+
+    ```console
+    sudo systemctl reload docker
+    ```
+
+You can now create networks with the `--ipv6` flag and assign containers IPv6 addresses using the `--ip6` flag.
+
+**Note**: This is a copy of the original docker docs at https://docs.docker.com/config/daemon/ipv6/ which apparently are not correct. However experimental is set to true which the ip6tables feature needs. Thus it will not get included into the official docs. However it is needed to make it work in our testing.
diff --git a/docker-rootless.md b/docker-rootless.md
index 11c9c6bf..b9b8426d 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -4,7 +4,7 @@ You can run AIO with docker rootless by following the steps below.
 
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
 1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
-1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/. The daemon.json file is most likely stored in `~/.config/docker/daemon.json`.
+1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
diff --git a/readme.md b/readme.md
index 5540e7b8..bbb93c7b 100644
--- a/readme.md
+++ b/readme.md
@@ -17,7 +17,7 @@ The following instructions are meant for installations without a web server or r
     ```sh
     curl -fsSL https://get.docker.com | sudo sh
     ```
-1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
+1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 2. Run the command below in order to start the container:
     ```
     # For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:

From 2ebfebf24a398eef0d3ee5d65dcf7a0e088b3ed7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 19:12:38 +0200
Subject: [PATCH 0752/3949] adjust RP docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 local-instance.md |  2 +-
 reverse-proxy.md  | 27 +++++++++++++--------------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index b4864af6..515c6b3d 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -5,7 +5,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
 The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
-1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
 1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index b184e988..fbd786b6 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -80,7 +80,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -101,7 +101,7 @@ https://<your-nc-domain>:443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -125,7 +125,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -140,7 +140,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
-1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -233,7 +233,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 
@@ -267,8 +267,7 @@ server {
     server_name <your-nc-domain>;
 
     location / {
-        resolver localhost; # Note: you need to set a valid dns resolver here or use 127.0.0.1 / [::1] instead of localhost in the line below. See https://stackoverflow.com/a/49642310 for a better explanation
-        proxy_pass http://localhost:11000$request_uri; # Note: you need to change localhost to 127.0.0.1 or [::1], if you don't use a valid dns resolver in the line above
+        proxy_pass http://127.0.0.1:11000$request_uri;
 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
@@ -302,7 +301,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -345,7 +344,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
 
@@ -365,7 +364,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 
@@ -448,7 +447,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
 
@@ -538,15 +537,15 @@ https://<your-nc-domain>:8443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
-1. Make sure that all ports match the chosen APACHE_PORT.
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
+1. Make sure that all ports match the chosen `APACHE_PORT`.
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Try to configure everything from scratch if it still does not work!

From cc3dc759177bf7840b0dff5042002815f7733701 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 19:21:39 +0200
Subject: [PATCH 0753/3949] adjust NPM docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index b184e988..11deeede 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -329,7 +329,9 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
 
 <summary>click here to expand</summary>
 
-See these screenshots for a working config:
+First, please make sure that the environmental variables `PUID` and `PGID` in the docker-compose.yml file for NPM are either unset or set to `0`.
+
+Second, see these screenshots for a working config:
 
 ![grafik](https://user-images.githubusercontent.com/75573284/213889707-b7841ca0-3ea7-4321-acf6-50e1c1649442.png)
 

From 512c134e1137d4791a86e4e6af9d509ce133f736 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 21:15:51 +0200
Subject: [PATCH 0754/3949] a reload is likely not enough

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index a7c475d7..72b636d0 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -20,7 +20,7 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
 2.  Reload the Docker configuration file.
 
     ```console
-    sudo systemctl reload docker
+    sudo systemctl restart docker
     ```
 
 You can now create networks with the `--ipv6` flag and assign containers IPv6 addresses using the `--ip6` flag.

From f22117545f6d9fe5e7ac96117d4b9d7a3d1dabcc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 21:25:23 +0200
Subject: [PATCH 0755/3949] RP docs - adjust some additional details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 9ca7e692..f2b227d5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -80,7 +80,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -101,7 +101,7 @@ https://<your-nc-domain>:443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -125,7 +125,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -233,7 +233,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 
@@ -301,7 +301,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -346,7 +346,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
 
@@ -366,7 +366,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 </details>
 
@@ -449,7 +449,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 **Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
 
@@ -539,15 +539,17 @@ https://<your-nc-domain>:8443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
+1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
+1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `-e APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Try to configure everything from scratch if it still does not work!

From 30883d0d61534c32e7d4fc2097f113da4742bcee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 21:30:18 +0200
Subject: [PATCH 0756/3949] add link how to configure things from scratch

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f2b227d5..33b76dfd 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -552,6 +552,6 @@ If something does not work, follow the steps below:
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
-1. Try to configure everything from scratch if it still does not work!
+1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
 

From 4b1ed4e2279426dec8da77df80168c0dd0d13f6a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 21:32:50 +0200
Subject: [PATCH 0757/3949] change -e to long syntax --env

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-rootless.md                      |  2 +-
 readme.md                               | 56 ++++++++++++-------------
 reverse-proxy.md                        | 18 ++++----
 tests/QA/060-environmental-variables.md | 34 +++++++--------
 4 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index b9b8426d..1f0e4648 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -8,7 +8,7 @@ You can run AIO with docker rootless by following the steps below.
 1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
diff --git a/readme.md b/readme.md
index bbb93c7b..b127619b 100644
--- a/readme.md
+++ b/readme.md
@@ -45,7 +45,7 @@ The following instructions are meant for installations without a web server or r
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
     - `nextcloud/all-in-one:latest` This is the docker container image that is used.
-    - Further options can be set using environment variables, for example `-e NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
 
     Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -106,7 +106,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `-e DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the startup command. Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the startup command. Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
@@ -178,7 +178,7 @@ The recommended way is to set up a local dns-server like a pi-hole and set up a
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 
 ### How to skip the domain validation?
-If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.
+If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.
 
 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
@@ -442,23 +442,23 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
 - `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 
-One example for this would be `sudo docker exec -it -e DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 
 ⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
 
 ### How to disable the backup section?
-If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `-e DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.
+If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.
 
 ### How to change the default location of Nextcloud's Datadir?
 ⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
-- An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
-- On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
-- For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
-- Another option is to provide a specific volume name here with: `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
+- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`.
+- On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
+- For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
+- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
+- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
     ```
     docker volume create ^
     --driver local ^
@@ -488,12 +488,12 @@ Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the s
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
-- Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
-- On macOS it might be `-e NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
-- For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
-- On Windows it might be `-e NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.)
+- Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
+- On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
+- For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`.
+- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.)
 
-After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
+After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
 
 You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
 
@@ -502,16 +502,16 @@ Be aware though that these locations will not be covered by the built-in backup
 **Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `-e TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.
 
 ### How to adjust the upload limit for Nextcloud?
-By default are uploads to Nextcloud limited to a max of 10G. You can adjust the upload limit by providing `-e NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default are uploads to Nextcloud limited to a max of 10G. You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
-By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `-e NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.
+By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.
 
 ### How to adjust the PHP memory limit for Nextcloud?
-By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `-e NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
 
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
@@ -526,23 +526,23 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
@@ -598,12 +598,12 @@ For some applications it might be necessary to enstablish a secured connection t
 
 You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
-When using `docker run`, the environmental variable can be set with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
 In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
 
 ### How to disable Collabora's Seccomp feature?
-The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
+The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
 
 ### How to enable automatic updates without creating a backup beforehand?
 If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
@@ -617,7 +617,7 @@ But anyhow, is here a guide that helps you automate the whole procedure:
 #!/bin/bash
 
 # Stop the containers
-docker exec -e STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
+docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
 
 # Below is optional if you run AIO in a VM which will shut down the VM afterwards
 # poweroff
@@ -645,7 +645,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/shutdo
 #!/bin/bash
 
 # Run container update once
-if ! docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
+if ! docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
     while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
         echo "Waiting for watchtower to stop"
         sleep 30
@@ -657,7 +657,7 @@ if ! docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-bac
     done
 
     # Run container update another time to make sure that all containers are updated correctly.
-    docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+    docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
 fi
 
 ```
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 33b76dfd..46bde726 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -126,7 +126,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
     }
     ```
    Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
 
@@ -141,7 +141,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 
@@ -478,8 +478,8 @@ sudo docker run \
 --name nextcloud-aio-mastercontainer \
 --restart always \
 --publish 8080:8080 \
--e APACHE_PORT=11000 \
--e APACHE_IP_BINDING=0.0.0.0 \
+--env APACHE_PORT=11000 \
+--env APACHE_IP_BINDING=0.0.0.0 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:latest
@@ -501,8 +501,8 @@ docker run ^
 --name nextcloud-aio-mastercontainer ^
 --restart always ^
 --publish 8080:8080 ^
--e APACHE_PORT=11000 ^
--e APACHE_IP_BINDING=0.0.0.0 ^
+--env APACHE_PORT=11000 ^
+--env APACHE_IP_BINDING=0.0.0.0 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
 nextcloud/all-in-one:latest
@@ -520,7 +520,7 @@ Simply translate the docker run command into a docker-compose file. You can have
 
 ## 3. Limit the access to the apache container
 
-Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
+Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
@@ -547,11 +547,11 @@ Afterwards should the AIO interface be accessible via `https://ip.address.of.the
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
-1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `-e APACHE_IP_BINDING=0.0.0.0`
+1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
-1. As last resort, you may disable the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index c1304c43..215bb0d0 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -1,23 +1,23 @@
 # Environmental variables
 
-- [ ] When starting the mastercontainer with `-e APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly.
-- [ ] When starting the mastercontainer with `-e APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly.
-- [ ] When starting the mastercontainer with `-e TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
+- [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `--env APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)
-- [ ] When starting the mastercontainer with `-e SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
-- [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
-- [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
+- [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `--env DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
+- [ ] When starting the mastercontainer with `--env DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-- [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
+- [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 8de8274a31337a1d692b8bfe3c95f22db18303b3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 22:02:56 +0200
Subject: [PATCH 0758/3949] add three additional notes on debuggin things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 46bde726..e31495ec 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -552,6 +552,9 @@ If something does not work, follow the steps below:
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
+1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.
+1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below.
+1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain).
 1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
 

From d1d66845a3642eb9de4e285b8fbc96a516e92559 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Apr 2023 13:01:11 +0000
Subject: [PATCH 0759/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.12.4.1 to 22.05.13.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 86961512..ac829841 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.12.4.1
+FROM collabora/code:22.05.13.1.1
 
 USER root
 

From cd4131a82d5ee2572f21f8b26659df40c0aaa5ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Apr 2023 13:01:52 +0000
Subject: [PATCH 0760/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.1.17-fpm-alpine3.17 to 8.1.18-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index adf863b2..60b591ab 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:23.0.3-cli as docker
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.17-fpm-alpine3.17
+FROM php:8.1.18-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From 3e2a64e6d4b3560bf2a238a6c39598f3b8d4f3a9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 13:22:10 +0200
Subject: [PATCH 0761/3949] borg - add advices how to proceed if things get
 wrong

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index be5ae17d..430b985e 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -139,6 +139,7 @@ if [ "$BORG_MODE" = backup ]; then
         echo "Deleting the failed backup archive..."
         borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
+        echo "You might want to check the backup integrity via the AIO interface."
         if [ "$NEW_REPOSITORY" = 1 ]; then
             echo "Deleting borg.config file so that you can choose a different location for the backup."
             rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
@@ -379,6 +380,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
     # Perform the check-repair
     if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking and repairing the backup integrity!"
+        echo "Check the AIO interface for advices on how to proceed now!"
         exit 1
     fi
 

From 6331a9475866795d07dbbb56f09ee2595bd6b737 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 13:25:09 +0200
Subject: [PATCH 0762/3949] rp docs - highlight what to do if host networking
 is not possible

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e31495ec..2620fbc7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -80,7 +80,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -101,7 +101,7 @@ https://<your-nc-domain>:443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -125,7 +125,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -140,7 +140,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
-1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -233,7 +233,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 </details>
 
@@ -301,7 +301,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -346,7 +346,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
 
@@ -366,7 +366,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 </details>
 
@@ -449,7 +449,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 **Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
 
@@ -539,7 +539,7 @@ https://<your-nc-domain>:8443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
@@ -549,7 +549,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. ***If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)***
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.

From 68af3916cbeae65cc6df89132a6aafcf7844ee21 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 13:41:20 +0200
Subject: [PATCH 0763/3949] adjust command

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 2620fbc7..e14b993e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -80,7 +80,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -101,7 +101,7 @@ https://<your-nc-domain>:443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -125,7 +125,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -140,7 +140,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
-1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -233,7 +233,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -301,7 +301,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -346,7 +346,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
 
@@ -366,7 +366,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -449,7 +449,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
 
@@ -539,7 +539,7 @@ https://<your-nc-domain>:8443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
@@ -549,7 +549,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. ***If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)***
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. ***If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.

From 87f97a5270220c79047132fad40166b0366d8553 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 13:47:45 +0200
Subject: [PATCH 0764/3949] adjust formatting again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e14b993e..11d478e8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -140,7 +140,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
 
-1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. ***If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -539,7 +539,7 @@ https://<your-nc-domain>:8443 {
 }
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
@@ -549,7 +549,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. ***If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.

From c5fc60d1fa73f02d3931904d76f71bb238409abd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Apr 2023 12:59:29 +0000
Subject: [PATCH 0765/3949] Bump nats from 2.9.15-scratch to 2.9.16-scratch in
 /Containers/talk

Bumps nats from 2.9.15-scratch to 2.9.16-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index aa8593a2..476025c2 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.15-scratch as nats
+FROM nats:2.9.16-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-alpine
 USER root

From 38392e0dcfed6293446ed4756aead8a8c18c17fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Apr 2023 12:59:40 +0000
Subject: [PATCH 0766/3949] Bump redis from 7.0.10-alpine to 7.0.11-alpine in
 /Containers/redis

Bumps redis from 7.0.10-alpine to 7.0.11-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index ab8c15d0..9720efab 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.10-alpine
+FROM redis:7.0.11-alpine
 
 RUN apk add --no-cache openssl bash
 

From b8379c81d7b8f0ec6ac23a1f1b99f868738dc6d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 15:37:33 +0200
Subject: [PATCH 0767/3949] add a note on what to do if Nexcloud does not open

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 893d2d65..74e0a101 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -207,6 +207,9 @@
                             <b>{{ nextcloud_password }}</b><br><br>
                         {% endif %}
                         <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/>
+                        {% if borg_backup_host_location != '' %}
+                            If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation<a/></b><br><br>
+                        {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
                             <span class="status running"></span> Containers are currently starting.<br /><br />

From 566619ecac5d04335b53dce22552bc69c4c047c8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 15:41:43 +0200
Subject: [PATCH 0768/3949] add a link to the performance documentation to the
 aio interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 893d2d65..589990c1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -533,7 +533,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}

From 52f4d4b41e9f1bd8b117b7e3e78c294854102467 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 15:51:17 +0200
Subject: [PATCH 0769/3949] add a note on backup retention to the AIO interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 893d2d65..36fc0465 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -391,9 +391,10 @@
                                 This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
                                 Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
                                 Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                                The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
-                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
+                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.<br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b>
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>

From 87cb3cd81984f8adc9b779006e9f7a583cd2b813 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 19:07:59 +0200
Subject: [PATCH 0770/3949] rename All In One to All-in-One

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 app/appinfo/info.xml                | 4 ++--
 app/templates/admin.php             | 2 +-
 php/templates/containers.twig       | 2 +-
 php/templates/setup.twig            | 2 +-
 readme.md                           | 4 ++--
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6d780f1f..8e438fae 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -273,7 +273,7 @@ if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
     cp "$GENERATED_CERTS/ssl.key" ./
 fi
 
-print_green "Initial startup of Nextcloud All In One complete!
+print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
 
diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 69cfa58d..a1922f2a 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -2,9 +2,9 @@
 <info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
 	  xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
 	<id>nextcloud-aio</id>
-	<name>Nextcloud All In One</name>
+	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
-	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
+	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
 	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
diff --git a/app/templates/admin.php b/app/templates/admin.php
index b68d1442..8256dfab 100644
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -10,7 +10,7 @@ declare(strict_types=1);
  */
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
-	<h2><?php p($l->t('Nextcloud All In One'));?></h2>
+	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2>
 	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br><br>
 	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 893d2d65..8f2b973b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -79,7 +79,7 @@
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         <h2>New AIO instance</h2>
                         Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
                         {% if skip_domain_validation == true %}
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 142a01d5..c36dd495 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -5,7 +5,7 @@
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO setup</h1>
-            <p>Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>Please note down the password to access the AIO interface and don't lose it!</p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
diff --git a/readme.md b/readme.md
index b127619b..a358ede7 100644
--- a/readme.md
+++ b/readme.md
@@ -1,5 +1,5 @@
-# Nextcloud All In One
-Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
+# Nextcloud All-in-One
+Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:
 - Nextcloud

From e0857cc954716011ee8ee2596212879291a02cf1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 18:25:43 +0200
Subject: [PATCH 0771/3949] add a details tag to note down more included
 features

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b127619b..f373db30 100644
--- a/readme.md
+++ b/readme.md
@@ -5,11 +5,63 @@ Included are:
 - Nextcloud
 - Nextcloud Office
 - High performance backend for Nextcloud Files
-- High performance backend for Nextcloud Talk
+- High performance backend for Nextcloud Talk and TURN-server
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
 - Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
+<details><summary>And more</summary>
+
+- Simple web interface included that enables easy installation and maintenance
+- [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)
+- Update and backup notifications included
+- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and Nextcloud apps afterwards automatically
+- Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
+- APCU as local cache
+- Redis as distributed cache and for file locking
+- Postgresql as database
+- PHP-FPM with performance-optimized config
+- A+ security in Nextcloud security scan
+- Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
+- Ready to be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+- Ready for big file uploads up to 10 GB, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud)
+- PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
+- Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
+- Automatic TLS included (by using Let's Encrypt)
+- HTTP/2 and HTTP/3 enabled
+- Only one domain and not multiple domains are required for everything to work (usually you would need to have one domain for each service which is much more complex)
+- [Adjustable location](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) of Nextcloud's datadir (e.g. good for easy file-sharing with host system on Windows and MacOS)
+- By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
+- Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
+- `ffmpeg`, `smbclient` and `nodejs` are included by default
+- Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
+- Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
+- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud containe
+- Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
+- [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
+- [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
+- [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)
+- Nextcloud can be [accessed locally via the domain](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+- Can [be installed locally](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md) (if you don't want or cannot make the instance publicly reachable)
+- [IPv6-ready](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md)
+- Can be used with [Docker rootles](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
+- Runs on all platforms Docker supports (e.g. also on Windows and Macos)
+- Included containers easy to debug by having the possibility to check their logs directly from the AIO interface
+- [Docker-compose ready](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml)
+- Can be installed [without a container having access to the docker socket](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
+- Can be installed with [Docker Swarm](https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm)
+- Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
+- Almost all included containers Alpine Linux based (good for security and size)
+- Many of the included containers run as non-root user (good for security)
+- Included containers run in its own docker network (good for security) and only really necessary ports are exposed on the host
+- [Multiple instances on one server](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) are doable without having to deal with VMs
+- Adjustable backup path from the AIO interface (good to put the backups e.g. on a different drive)
+- Possibility included to also back up external Docker Volumes or Host paths (can be used for host backups)
+- Borg backup can be completely managed from the AIO interface, including backup creation, backup restore, backup integrity check and integrity-repair
+- [Remote backups](https://github.com/nextcloud/all-in-one#are-remote-borg-backups-supported) are indirectly possible
+- Updates and backups can be [run from an external script](https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
+
+</details>
 
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).

From 324ed4dc63424333386994c742de1e2465ebeff3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 18:51:55 +0200
Subject: [PATCH 0772/3949] add some screenshots

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/readme.md b/readme.md
index f373db30..3be90097 100644
--- a/readme.md
+++ b/readme.md
@@ -63,6 +63,11 @@ Included are:
 
 </details>
 
+## Screenshots
+| First setup | After installation |
+|---|---|
+| ![image](https://user-images.githubusercontent.com/42591237/232849125-30e24c85-bfd7-465e-8310-9b69cd9666fe.png) | ![image](https://user-images.githubusercontent.com/42591237/232849036-28c38d9a-3151-4cf1-97a5-4d94c1f0eba0.png) |
+
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  

From 66430a945d3f6e26227c2a6d5dbc399e1879cd6a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 22:26:22 +0200
Subject: [PATCH 0773/3949] adjust the wording of cloudflare tunnel

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md        | 4 ++--
 reverse-proxy.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index 3be90097..4882ed38 100644
--- a/readme.md
+++ b/readme.md
@@ -23,7 +23,7 @@ Included are:
 - PHP-FPM with performance-optimized config
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
-- Ready to be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+- Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
 - Ready for big file uploads up to 10 GB, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -195,7 +195,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#cloudflare-setup for additional docs on this topic.
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
 ### Disrecommended VPS providers
 - Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 11d478e8..8dd07dce 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -138,7 +138,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 <summary>click here to expand</summary>
 
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Here is how to make it work:
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. ***If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.

From a98e8c02d08b9ecb1b288a1c88b18a204cd90cbb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 22:41:02 +0200
Subject: [PATCH 0774/3949] add additional notes to the first domain input

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 893d2d65..9cba0e27 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -93,8 +93,14 @@
                         </form>
                         {% if skip_domain_validation == false %}
                             Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
-                            If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
-                            <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br><br>
+                            <details>
+                                <summary>Click here for further hints</summary><br />
+                                If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>
+                                If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
+                                If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <b><a href="">this documentation</a></b>.<br><br>
+                                If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
+                                <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.
+                            </details><br /><br />
                         {% endif %}
 
                         <h2>Restore former AIO instance from backup</h2>

From 57d9534133ce8adffe5c2d388de7d07e8bcf5063 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 22:56:24 +0200
Subject: [PATCH 0775/3949] add LDAP notice to much more section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 4882ed38..b9682be0 100644
--- a/readme.md
+++ b/readme.md
@@ -38,6 +38,7 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud containe
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
+- [LDAP](https://github.com/nextcloud/all-in-one/tree/main#ldap) can be used as user backend for Nextcloud
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From 1af81123086fa4c867482de133a88cbc35284fb4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 23:07:04 +0200
Subject: [PATCH 0776/3949] add a hint to manual install when people did not
 grant access to the docker socket by purpose

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6d780f1f..6377b6f0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -17,6 +17,7 @@ esac
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."
+    echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
     echo "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"

From 76841af3394f26569706cdebca5ba5de87d4739d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 23:08:34 +0200
Subject: [PATCH 0777/3949] add a link to the manual install directly from the
 docker socket description

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b9682be0..beffbfdc 100644
--- a/readme.md
+++ b/readme.md
@@ -101,7 +101,7 @@ The following instructions are meant for installations without a web server or r
     - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
     - `nextcloud/all-in-one:latest` This is the docker container image that is used.
     - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>

From b3cc1644bb4eb22ddf5a1409a129564e233302f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 23:10:59 +0200
Subject: [PATCH 0778/3949] improve readability of And more

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index beffbfdc..dd6f86e7 100644
--- a/readme.md
+++ b/readme.md
@@ -10,7 +10,7 @@ Included are:
 - Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
 - Fulltextsearch
-<details><summary>And more</summary>
+<details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance
 - [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)

From 25b04bccdf990c37f596563a6c32fdf66f7769b5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 23:44:07 +0200
Subject: [PATCH 0779/3949] adut apache_max_size for helm-chart to be a string

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 +
 nextcloud-aio-helm-chart/values.yaml    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 275dd2ed..489b91af 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -177,6 +177,7 @@ sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
+sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index d276f6e9..58c31213 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,6 +1,6 @@
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
-APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora

From e8ce8d9dbf051fd2b680885440ca3baa88de936c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Apr 2023 23:37:32 +0200
Subject: [PATCH 0780/3949] add further docs on the helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 27 +++++++++++++++++++++++++--
 readme.md                          |  3 +++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 959588ac..60e448a3 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -1,6 +1,19 @@
-# You can also install the AIO containers on Kubernetes using this Helm Chart
+# Nextcloud AIO Helm-chart
 
-This is currently beta and not ready yet.
+You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below.
+
+### Advantages
+- You can run it without a container having access to the docker socket
+- You can run the containers with Kubernetes
+
+### Disadvantages
+- You lose the AIO interface
+- You lose update notifications and automatic updates
+- You lose all AIO backup and restore features
+- You need to know what you are doing
+- For updating, you need to strictly follow the at the bottom described update routine
+- You need to monitor yourself if the volumes have enough free space and increase them if they don't by adjusting their size in values.yaml
+- Probably more
 
 ## How to use this?
 
@@ -12,3 +25,13 @@ Then run:
 helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
 helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
 ```
+
+And after a while, everything should be set up.
+
+## How to update?
+Since the values of this helm chart may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade it.
+1. Stop all running pods
+1. Back up all volumes that got created by the Helm chart and the values.yaml file
+1. Run `helm repo update nextcloud-aio` in order to get the updated yaml files from the repository
+1. Now download the updated values.yaml file from https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and compare that with the one that you currently have locally. Look for variables that changed or got added. You can use the diff command to compare them.
+1. After the file update was successful, simply run `helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml` to update to the new version.
diff --git a/readme.md b/readme.md
index dd6f86e7..f1da637c 100644
--- a/readme.md
+++ b/readme.md
@@ -577,6 +577,9 @@ If you get an error during the domain validation which states that your ip-addre
 ### Can I run this with Docker swarm?
 Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
 
+### Can I run this with Kubernetes?
+Yes. For that to work, you need to use and follow the [helm-chart documentation](./nextcloud-aio-helm-chart/).
+
 ### How to run this with Docker rootless?
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 

From 939c50726f417bf133b45f863b9987fc1f4813e2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 00:17:11 +0200
Subject: [PATCH 0781/3949] add ipv6 docs for Docker Desktop

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 19 ++++++++++++++++---
 readme.md              |  4 ++--
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 72b636d0..5ed95a80 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -1,9 +1,8 @@
 # IPv6-Support for Docker
 
-**Note**: IPv6 networking is only supported on Docker daemons running on Linux hosts. So it is neither supported on Windows nor on macOS.
-
 Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
 
+## Docker on Linux and Docker-rootless
 1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `2001:db8:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
 
     ```json
@@ -23,6 +22,20 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     sudo systemctl restart docker
     ```
 
-You can now create networks with the `--ipv6` flag and assign containers IPv6 addresses using the `--ip6` flag.
+## Docker Desktop (Windows and macOS)
+On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
+
+1. You need to now adjust this json file by setting the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `2001:db8:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+
+    ```
+    "ipv6": true,
+    "fixed-cidr-v6": "2001:db8:1::/64",
+    "experimental": true,
+    "ip6tables": true
+    ```
+
+2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
+
+---
 
 **Note**: This is a copy of the original docker docs at https://docs.docker.com/config/daemon/ipv6/ which apparently are not correct. However experimental is set to true which the ip6tables feature needs. Thus it will not get included into the official docs. However it is needed to make it work in our testing.
diff --git a/readme.md b/readme.md
index dd6f86e7..7c3a42d6 100644
--- a/readme.md
+++ b/readme.md
@@ -139,12 +139,12 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open in your firewall/router
 
 ### How to run AIO on macOS?
-On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). Apart from that it should work and behave the same like on Linux.
+On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 ### How to run AIO on Windows?
-On Windows, the following command should work in the command prompt after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):
+On Windows, install [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that) and run the following command in the command prompt:
 
 ```
 docker run ^

From 5550d30065b6b631bd5adeb992d5499eb467fdc0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 00:33:51 +0200
Subject: [PATCH 0782/3949] add three more included features

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 7c3a42d6..c404ec6e 100644
--- a/readme.md
+++ b/readme.md
@@ -29,6 +29,8 @@ Included are:
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
 - HTTP/2 and HTTP/3 enabled
+- "Pretty URLs" for Nextcloud are enabled by default (removes the index.php from all links)
+- Video previews work out of the box and when Imaginary is enabled, many recent image formats as well!
 - Only one domain and not multiple domains are required for everything to work (usually you would need to have one domain for each service which is much more complex)
 - [Adjustable location](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) of Nextcloud's datadir (e.g. good for easy file-sharing with host system on Windows and MacOS)
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
@@ -39,6 +41,7 @@ Included are:
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud containe
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP](https://github.com/nextcloud/all-in-one/tree/main#ldap) can be used as user backend for Nextcloud
+- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From be5b5deb7a9921317886a2ee6bdb8b71098ecc9e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 00:45:22 +0200
Subject: [PATCH 0783/3949] additional bonus - apply patches

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index c404ec6e..2a75d2a7 100644
--- a/readme.md
+++ b/readme.md
@@ -35,6 +35,7 @@ Included are:
 - [Adjustable location](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) of Nextcloud's datadir (e.g. good for easy file-sharing with host system on Windows and MacOS)
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
 - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
+- Nextcloud installation is not ready only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
 - `ffmpeg`, `smbclient` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image

From b94bb6569e81361f82449e1f8aef9fde7b1c8e82 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 00:57:08 +0200
Subject: [PATCH 0784/3949] add further backup details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 readme.md                     | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 36fc0465..0f6e259f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -393,7 +393,7 @@
                                 Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
-                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.<br><br>
+                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
                                 Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b>
 
                                 {% if isApacheStarting != true %}
diff --git a/readme.md b/readme.md
index b127619b..e07ac7b0 100644
--- a/readme.md
+++ b/readme.md
@@ -268,7 +268,11 @@ Backups can be created and restored in the AIO interface using the buttons `Crea
 
 The backups itself get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
 
-Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
+Daily backups can get enabled. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.
+
+Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
+
+Regarding backup retention, see [this documentation](https://github.com/nextcloud/all-in-one/discussions/1675).
 
 ---
 

From 45a33d4b5be5e11e29736043592d62fb9ae2f89f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 01:11:21 +0200
Subject: [PATCH 0785/3949] adjust word

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 2a75d2a7..ed3626a7 100644
--- a/readme.md
+++ b/readme.md
@@ -15,7 +15,7 @@ Included are:
 - Simple web interface included that enables easy installation and maintenance
 - [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)
 - Update and backup notifications included
-- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and Nextcloud apps afterwards automatically
+- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
 - APCU as local cache
 - Redis as distributed cache and for file locking

From c8783f79d60762917123e94795883d2e7a601ce9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 01:17:27 +0200
Subject: [PATCH 0786/3949] adjust two things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index ed3626a7..ff73c6e2 100644
--- a/readme.md
+++ b/readme.md
@@ -41,7 +41,7 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud containe
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
-- [LDAP](https://github.com/nextcloud/all-in-one/tree/main#ldap) can be used as user backend for Nextcloud
+- [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
@@ -64,7 +64,7 @@ Included are:
 - Possibility included to also back up external Docker Volumes or Host paths (can be used for host backups)
 - Borg backup can be completely managed from the AIO interface, including backup creation, backup restore, backup integrity check and integrity-repair
 - [Remote backups](https://github.com/nextcloud/all-in-one#are-remote-borg-backups-supported) are indirectly possible
-- Updates and backups can be [run from an external script](https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
+- Updates and backups can be [run from an external script](https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally). See [this documentation](https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) for a complete example.
 
 </details>
 

From b9bd1ecdc3dd2467075bf129bef4b8832556844d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 11:30:18 +0200
Subject: [PATCH 0787/3949] mark you need to know what you are doing as bold

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index f4c65113..3c5d8fc7 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -11,7 +11,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You need to know what you are doing, especially when modifying the docker-compose file
+- **You need to know what you are doing, especially when modifying the docker-compose file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
 

From 1b46c172f09c3826bf83558ca8c9a84e05cf5eb2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 11:31:10 +0200
Subject: [PATCH 0788/3949] Mark you need to know what you are doing as bold

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 60e448a3..d3959df6 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -10,7 +10,7 @@ You can run the containers that are build for AIO with Kubernetes using this Hel
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You need to know what you are doing
+- **You need to know what you are doing**
 - For updating, you need to strictly follow the at the bottom described update routine
 - You need to monitor yourself if the volumes have enough free space and increase them if they don't by adjusting their size in values.yaml
 - Probably more

From 6a4281fc12ed25e8e64488a28a6800ef6054c63c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 11:45:43 +0200
Subject: [PATCH 0789/3949] add a sidenote for when the 10GB upload limit are a
 problem

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index ff73c6e2..bff045e5 100644
--- a/readme.md
+++ b/readme.md
@@ -24,7 +24,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Ready for big file uploads up to 10 GB, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud)
+- Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
@@ -567,7 +567,7 @@ Be aware though that these locations will not be covered by the built-in backup
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.
 
 ### How to adjust the upload limit for Nextcloud?
-By default are uploads to Nextcloud limited to a max of 10G. You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.

From aee32ed35782aba6066522fb558b911cda4a56e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 12:01:14 +0200
Subject: [PATCH 0790/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bff045e5..aa932990 100644
--- a/readme.md
+++ b/readme.md
@@ -35,7 +35,7 @@ Included are:
 - [Adjustable location](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) of Nextcloud's datadir (e.g. good for easy file-sharing with host system on Windows and MacOS)
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
 - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
-- Nextcloud installation is not ready only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
+- Nextcloud installation is not read only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
 - `ffmpeg`, `smbclient` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image

From 4f7ee99782e5fad2209134bb4c63e8597be144a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 18:28:58 +0200
Subject: [PATCH 0791/3949] add hint regarding RPs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9cba0e27..b7a1e363 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -99,6 +99,7 @@
                                 If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
                                 If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <b><a href="">this documentation</a></b>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
+                                If you try to install AIO behind a Reverse Proxy (like Apache, Nginx and else), and you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">this documentation</a></b> for how to debug things. <br /><br/>
                                 <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.
                             </details><br /><br />
                         {% endif %}

From 38c95d14d2b3f0d9d350386d8c35b85777328c37 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 18:44:04 +0200
Subject: [PATCH 0792/3949] make descriptions more explicit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b7a1e363..9e7b19b4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -92,11 +92,11 @@
                             <input class="button" type="submit" value="Submit" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and the AAAA record to your public ipv6-address). <br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
                                 If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>
-                                If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
+                                If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
                                 If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <b><a href="">this documentation</a></b>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
                                 If you try to install AIO behind a Reverse Proxy (like Apache, Nginx and else), and you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">this documentation</a></b> for how to debug things. <br /><br/>
@@ -528,9 +528,9 @@
                             <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forward in your firewall/router)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forward in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>

From 7373bb59604aa96c6e6b3d39e598c55ff75e08f2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 18:44:43 +0200
Subject: [PATCH 0793/3949] talk about open/forwarded ports

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 multiple-instances.md | 2 +-
 readme.md             | 8 ++++----
 reverse-proxy.md      | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/multiple-instances.md b/multiple-instances.md
index b9f5f804..851b6eb0 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -14,6 +14,6 @@ Below is described more in detail how the the second way works.
 1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
 1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
 1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
-1. Please also do not forget to open each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
+1. Please also do not forget to open/forward each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
 
 Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
diff --git a/readme.md b/readme.md
index aa932990..abd2a668 100644
--- a/readme.md
+++ b/readme.md
@@ -114,7 +114,7 @@ The following instructions are meant for installations without a web server or r
 
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. `https://ip.address.of.this.server:8080`<br><br>
-If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
+If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
 `https://your-domain-that-points-to-this-server.tld:8443`
 4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
@@ -138,9 +138,9 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 ### Explanation of used ports:
 - `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`)
 - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
-- `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
-- `443/TCP`: will be used by the Apache container later on and needs to be open in your firewall/router
-- `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open in your firewall/router
+- `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
+- `443/TCP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router
+- `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router
 
 ### How to run AIO on macOS?
 On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8dd07dce..999ea3f5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -523,7 +523,7 @@ Simply translate the docker run command into a docker-compose file. You can have
 Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
-After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
 ## 5. Optional: get a valid certificate for the AIO interface
 

From 838084f073b609d9d24831491fb47571951e443e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 18:33:34 +0200
Subject: [PATCH 0794/3949] add further domain validation feedback

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 16b24578..75c93bea 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -239,6 +239,16 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
         }
 
+        // Validate that no slashes are contained
+        if (strpos($domain, '/') !== false) {
+            throw new InvalidSettingConfigurationException("Domain must not contain slashes!");
+        }
+
+        // Validate that no colons are contained
+        if (strpos($domain, ':') !== false) {
+            throw new InvalidSettingConfigurationException("Domain must not contain colons!");
+        }
+
         // Validate domain
         if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
             throw new InvalidSettingConfigurationException("Domain is not a valid domain!");

From 90082704f6664785090633aaec31485bcc063ebd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 20:54:10 +0200
Subject: [PATCH 0795/3949] adjust warning about /dev/dri device failure

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index abd2a668..533961f6 100644
--- a/readme.md
+++ b/readme.md
@@ -604,7 +604,9 @@ You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick exte
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+⚠️ Attention: this only works if the `/dev/dri` device is present on the host! If it should not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start!
+
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

From cf10c495d1cd2adfb63cf5114d1384b28222224b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 23:39:40 +0200
Subject: [PATCH 0796/3949] make documentation more verbose how to apply
 environmental variabls to the container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md        | 28 ++++++++++++++--------------
 reverse-proxy.md |  2 +-
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/readme.md b/readme.md
index 533961f6..bf96a28b 100644
--- a/readme.md
+++ b/readme.md
@@ -240,7 +240,7 @@ The recommended way is to set up a local dns-server like a pi-hole and set up a
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 
 ### How to skip the domain validation?
-If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.
+If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
@@ -509,12 +509,12 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 ⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
 
 ### How to disable the backup section?
-If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.
+If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to change the default location of Nextcloud's Datadir?
 ⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
-You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
 - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
@@ -548,7 +548,7 @@ password=<password>
 Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above above this one.
 
 ### How to allow the Nextcloud container to access directories on the host?
-By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
 - Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
 - On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
@@ -564,19 +564,19 @@ Be aware though that these locations will not be covered by the built-in backup
 **Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value.
 
 ### How to adjust the upload limit for Nextcloud?
-By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
-By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.
+By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
 
 ### How to adjust the PHP memory limit for Nextcloud?
-By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
 
 ### What can I do to fix the internal or reserved ip-address error?
-If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
+If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
 ### Can I run this with Docker swarm?
 Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
@@ -588,17 +588,17 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
@@ -606,7 +606,7 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️ Attention: this only works if the `/dev/dri` device is present on the host! If it should not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start!
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
@@ -660,7 +660,7 @@ What are the requirements?
 ### How to trust user-defiend Certification Authorities (CA)?
 For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
 When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 999ea3f5..76e15bd9 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -126,7 +126,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
     }
     ```
    Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
 

From 18630789378100233133f6bbd7137eb084eaa42f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Apr 2023 00:11:50 +0200
Subject: [PATCH 0797/3949] add missing peaces

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md        | 2 +-
 reverse-proxy.md | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bf96a28b..590ec7e8 100644
--- a/readme.md
+++ b/readme.md
@@ -168,7 +168,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the startup command. Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 76e15bd9..f83d2e24 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -495,6 +495,8 @@ On macOS see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos.
 
 <summary>Command for Windows</summary>
 
+On Windows, install [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that) and run the following command in the command prompt:
+
 ```
 docker run ^
 --sig-proxy=false ^

From f12885b09b9a9d87cf9b03398c7a7dac73b8d594 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Apr 2023 12:06:37 +0000
Subject: [PATCH 0798/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index a0160762..ec4c564c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.5.0",
+            "version": "7.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
+                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
-                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
+                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "guzzlehttp/promises": "^1.5",
-                "guzzlehttp/psr7": "^1.9 || ^2.4",
+                "guzzlehttp/psr7": "^1.9.1 || ^2.4.5",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -116,7 +116,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.1"
             },
             "funding": [
                 {
@@ -132,7 +132,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-28T15:39:27+00:00"
+            "time": "2023-04-17T16:30:08+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -220,22 +220,22 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.4",
+            "version": "2.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
+                "reference": "b635f279edd83fc275f822a1188157ffea568ff6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
-                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/b635f279edd83fc275f822a1188157ffea568ff6",
+                "reference": "b635f279edd83fc275f822a1188157ffea568ff6",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.0",
+                "psr/http-message": "^1.1 || ^2.0",
                 "ralouphie/getallheaders": "^3.0"
             },
             "provide": {
@@ -255,9 +255,6 @@
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "2.4-dev"
                 }
             },
             "autoload": {
@@ -319,7 +316,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
+                "source": "https://github.com/guzzle/psr7/tree/2.5.0"
             },
             "funding": [
                 {
@@ -335,7 +332,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-09T13:19:02+00:00"
+            "time": "2023-04-17T16:11:26+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 00f166675a2726cf0da76d13aa24ae235bb0ad5e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Apr 2023 12:41:24 +0000
Subject: [PATCH 0799/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index bccb319c..b8c1bc93 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -7,7 +7,7 @@ RUN set -ex; \
         vips-jxl \
         vips-poppler \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 FROM alpine:3.17.3
 RUN set -ex; \

From f46c72b3596e9f3656d1d3c17c4aac7e8ab3c2be Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Apr 2023 12:49:12 +0000
Subject: [PATCH 0800/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 679b0b8f..5ee78a09 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -108,7 +108,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.5
+ENV NEXTCLOUD_VERSION 25.0.6
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 83c77d86e7c263c54b1eb94389e5472574291148 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 00:26:13 +0200
Subject: [PATCH 0801/3949] link to backup docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0f6e259f..6e452655 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -394,7 +394,8 @@
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b><br><br>
+                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this documentation<a/></b> and below.
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>

From 05b5e41894f21b7641d371ee6689300435e020a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 00:29:54 +0200
Subject: [PATCH 0802/3949] document where the chosen dir will be mounted

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 590ec7e8..098c9dd9 100644
--- a/readme.md
+++ b/readme.md
@@ -514,7 +514,7 @@ If you already have a backup solution in place, you may want to hide the backup
 ### How to change the default location of Nextcloud's Datadir?
 ⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
-You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 
 - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`

From 4e6288b934fbcd03e5dced38d6d0a8037825ac2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 22 Apr 2023 09:11:51 +0000
Subject: [PATCH 0803/3949] Bump docker from 23.0.3-cli to 23.0.4-cli in
 /Containers/mastercontainer

Bumps docker from 23.0.3-cli to 23.0.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 60b591ab..329db679 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.3-cli as docker
+FROM docker:23.0.4-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 5a9e45ee6da3c69f21077ecc9374e3808cac9b42 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 17:49:03 +0200
Subject: [PATCH 0804/3949] rename DISABLE_BACKUP_SECTION to
 AIO_DISABLE_BACKUP_SECTION

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d968e3fa..327964a3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,11 +17,11 @@ services:
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
+      # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 16b24578..79377205 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -801,7 +801,7 @@ class ConfigurationManager
     }
 
     private function GetDisableBackupSection() : string {
-        $envVariableName = 'DISABLE_BACKUP_SECTION';
+        $envVariableName = 'AIO_DISABLE_BACKUP_SECTION';
         $configName = 'disable_backup_section';
         $defaultValue = '';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
diff --git a/readme.md b/readme.md
index 098c9dd9..4b54c5b2 100644
--- a/readme.md
+++ b/readme.md
@@ -509,7 +509,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 ⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
 
 ### How to disable the backup section?
-If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to change the default location of Nextcloud's Datadir?
 ⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 215bb0d0..5e7c8f83 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -11,7 +11,7 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
-- [ ] When starting the mastercontainer with `--env DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
+- [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.

From 37b5e12a6f1f6f63e36dfd3e58e6076ab1f76169 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 16 Apr 2023 17:47:15 +0200
Subject: [PATCH 0805/3949] rename DOCKER_SOCKET_PATH to
 WATCHTOWER_DOCKER_SOCKET_PATH

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 8 ++++----
 docker-compose.yml                      | 4 ++--
 docker-rootless.md                      | 2 +-
 multiple-instances.md                   | 2 +-
 php/containers.json                     | 2 +-
 php/src/ContainerDefinitionFetcher.php  | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 4 ++--
 tests/QA/060-environmental-variables.md | 2 +-
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6d780f1f..e2c106a3 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -177,11 +177,11 @@ if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
         exit 1
     fi
 fi
-if [ -n "$DOCKER_SOCKET_PATH" ]; then
-    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
-        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
+if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
 The string must start with '/' and must not end with '/'.
-It is set to '$DOCKER_SOCKET_PATH'."
+It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 327964a3..3538cc8b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
@@ -21,7 +21,6 @@ services:
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
@@ -33,6 +32,7 @@ services:
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
diff --git a/docker-rootless.md b/docker-rootless.md
index 1f0e4648..76d57d6d 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -8,7 +8,7 @@ You can run AIO with docker rootless by following the steps below.
 1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
diff --git a/multiple-instances.md b/multiple-instances.md
index 851b6eb0..2673c5c4 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -8,7 +8,7 @@ Below is described more in detail how the the second way works.
 ## Run multiple AIO instances on the same server with docker rootless
 1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
 1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
-1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
 **⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
 1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
 1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
diff --git a/php/containers.json b/php/containers.json
index c5b606b6..0d012db3 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -332,7 +332,7 @@
       ],
       "volumes": [
         {
-          "source": "%DOCKER_SOCKET_PATH%",
+          "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
           "destination": "/var/run/docker.sock",
           "writeable": false
         }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 498a6069..f1810ec7 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -117,7 +117,7 @@ class ContainerDefinitionFetcher
                         if ($value['source'] === '') {
                             continue;
                         }
-                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                    } elseif ($value['source'] === '%WATCHTOWER_DOCKER_SOCKET_PATH%') {
                         $value['source'] = $this->configurationManager->GetDockerSocketPath();
                         if($value['source'] === '') {
                             continue;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 79377205..ce7a4262 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -572,7 +572,7 @@ class ConfigurationManager
     }
 
     public function GetDockerSocketPath() : string {
-        $envVariableName = 'DOCKER_SOCKET_PATH';
+        $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
         $configName = 'docker_socket_path';
         $defaultValue = '/var/run/docker.sock';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
diff --git a/readme.md b/readme.md
index 4b54c5b2..84b579ae 100644
--- a/readme.md
+++ b/readme.md
@@ -105,7 +105,7 @@ The following instructions are meant for installations without a web server or r
     - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
     - `nextcloud/all-in-one:latest` This is the docker container image that is used.
     - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
     </details>
@@ -168,7 +168,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 5e7c8f83..ea7a375e 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -10,7 +10,7 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
-- [ ] When starting the mastercontainer with `--env DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
+- [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca

From 4ffed7e23c6030d8c9628dd1ea9a4b2e57c13242 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 11:26:17 +0200
Subject: [PATCH 0806/3949] move the advice to the correct line

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 430b985e..64bb8fd2 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -363,6 +363,7 @@ if [ "$BORG_MODE" = check ]; then
     # Perform the check
     if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
+        echo "Check the AIO interface for advices on how to proceed now!"
         exit 1
     fi
 
@@ -380,7 +381,6 @@ if [ "$BORG_MODE" = "check-repair" ]; then
     # Perform the check-repair
     if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking and repairing the backup integrity!"
-        echo "Check the AIO interface for advices on how to proceed now!"
         exit 1
     fi
 

From 05db0359199c571e9baa0ffe984b24d4ae316944 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 11:28:21 +0200
Subject: [PATCH 0807/3949] add further line break after link

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 74e0a101..212696b4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -206,7 +206,7 @@
                         {% else %}
                             <b>{{ nextcloud_password }}</b><br><br>
                         {% endif %}
-                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/>
+                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/><br>
                         {% if borg_backup_host_location != '' %}
                             If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation<a/></b><br><br>
                         {% endif %}

From 2ba096a1abda094931bac6f291e1143322586fc5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 11:34:34 +0200
Subject: [PATCH 0808/3949] add daily backup hint also to AIO interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 +
 readme.md                     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6e452655..c15371af 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -395,6 +395,7 @@
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
                                 Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b><br><br>
+                                Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
                                 For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this documentation<a/></b> and below.
 
                                 {% if isApacheStarting != true %}
diff --git a/readme.md b/readme.md
index e07ac7b0..7c4a8985 100644
--- a/readme.md
+++ b/readme.md
@@ -268,7 +268,7 @@ Backups can be created and restored in the AIO interface using the buttons `Crea
 
 The backups itself get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
 
-Daily backups can get enabled. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.
+Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 

From ff58ee08e7ba25071556e39e3a963ce50a819cc1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Apr 2023 19:10:52 +0200
Subject: [PATCH 0809/3949] add print_red in order to make the exact mistake
 more discoverable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 60 ++++++++++++++++-------------
 1 file changed, 33 insertions(+), 27 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index ab5e801c..96b64cbc 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -6,6 +6,12 @@ print_green() {
     printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
 }
 
+# Function to show text in red
+print_red() {
+    local TEXT="$1"
+    printf "%b%s%b\n" "\e[0;31m" "$TEXT" "\e[0m"
+}
+
 # Function to check if number was provided
 check_if_number() {
 case "${1}" in
@@ -16,11 +22,11 @@ esac
 
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
-    echo "Docker socket is not available. Cannot continue."
+    print_red "Docker socket is not available. Cannot continue."
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
-    echo "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
+    print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
@@ -41,14 +47,14 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
         usermod -aG docker www-data
     fi
     if ! sudo -u www-data test -r /var/run/docker.sock; then
-        echo "Docker socket is not readable by the www-data user. Cannot continue."
+        print_red "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1
     fi
 fi
 
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
-    echo "Cannot connect to the docker socket. Cannot proceed."
+    print_red "Cannot connect to the docker socket. Cannot proceed."
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
@@ -58,7 +64,7 @@ API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
     if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
         exit 1
     fi
 else
@@ -79,16 +85,16 @@ fi
 
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
+    print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
+    print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
 elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
-    echo "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
+    print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1
 fi
@@ -98,7 +104,7 @@ if [ -n "$NEXTCLOUD_DATADIR" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
         sleep 1
     elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
-        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
+        print_red "You've set NEXTCLOUD_DATADIR but not to an allowed value.
 The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
 It is set to '$NEXTCLOUD_DATADIR'."
         exit 1
@@ -106,24 +112,24 @@ It is set to '$NEXTCLOUD_DATADIR'."
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
     if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
-        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
+        print_red "You've set NEXCLOUD_MOUNT but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_MOUNT'."
         exit 1
     elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
-        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
+        print_red "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
-        echo "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
+        print_red "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
     if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
-        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+        print_red "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
 The string must start with a number and end with 'G'.
 It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
         exit 1
@@ -131,7 +137,7 @@ It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
 fi
 if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
     if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
-        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+        print_red "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
 The string must be a number. E.g. '3600'.
 It is set to '$NEXTCLOUD_MAX_TIME'."
         exit 1
@@ -139,7 +145,7 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
 fi
 if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
     if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
-        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+        print_red "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
 The string must start with a number and end with 'M'.
 It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
         exit 1
@@ -147,40 +153,40 @@ It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
 fi
 if [ -n "$APACHE_PORT" ]; then
     if ! check_if_number "$APACHE_PORT"; then
-        echo "You provided an Apache port but did not only use numbers.
+        print_red "You provided an Apache port but did not only use numbers.
 It is set to '$APACHE_PORT'."
         exit 1
     elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
-        echo "The provided Apache port is invalid. It must be between 1 and 65535"
+        print_red "The provided Apache port is invalid. It must be between 1 and 65535"
         exit 1
     fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
     if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
-        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+        print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
         exit 1
     fi
 fi
 if [ -n "$TALK_PORT" ]; then
     if ! check_if_number "$TALK_PORT"; then
-        echo "You provided an Talk port but did not only use numbers.
+        print_red "You provided an Talk port but did not only use numbers.
 It is set to '$TALK_PORT'."
         exit 1
     elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
-        echo "The provided Talk port is invalid. It must be between 1 and 65535"
+        print_red "The provided Talk port is invalid. It must be between 1 and 65535"
         exit 1
     fi
 fi
 if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
     if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
-        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        print_red "APACHE_PORT and TALK_PORT are not allowed to be equal."
         exit 1
     fi
 fi
 if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
     if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
-        echo "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
+        print_red "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
 The string must start with '/' and must not end with '/'.
 It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
         exit 1
@@ -188,7 +194,7 @@ It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
 fi
 if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
     if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
+        print_red "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
 It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
         exit 1
@@ -196,7 +202,7 @@ It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
     if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
-        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+        print_red "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
@@ -204,7 +210,7 @@ It is set to '$NEXTCLOUD_STARTUP_APPS'."
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
     if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+        print_red "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
         exit 1
@@ -212,7 +218,7 @@ It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+        print_red "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
         exit 1
@@ -223,7 +229,7 @@ fi
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
 curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
-    echo "Could not resolve the host nextcloud.com."
+    print_red "Could not resolve the host nextcloud.com."
     echo "Most likely the DNS resolving does not work."
     echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
     echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"

From bdf45c72045dc5a1a360c3a49b6d8db50d781805 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 22 Apr 2023 09:45:08 +0000
Subject: [PATCH 0810/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index eed74e13..b758ff73 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.8.1
+version: 4.9.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 033d32cd..96b487bc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230414_123705-latest
+          image: nextcloud/aio-apache:20230422_090326-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d71f2961..6c0b9537 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230414_123705-latest
+          image: nextcloud/aio-clamav:20230422_090326-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 307541f4..b9d529f9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230414_123705-latest
+          image: nextcloud/aio-collabora:20230422_090326-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f6b99374..0ed2f062 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230414_123705-latest
+          image: nextcloud/aio-postgresql:20230422_090326-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8fe67b85..3abb2a53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230414_123705-latest
+          image: nextcloud/aio-fulltextsearch:20230422_090326-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 7755ffb5..650e4fa5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230414_123705-latest
+          image: nextcloud/aio-imaginary:20230422_090326-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 91f241b0..62e5807f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230414_123705-latest
+          image: nextcloud/aio-nextcloud:20230422_090326-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 875bb15d..99621fe2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230414_123705-latest
+          image: nextcloud/aio-onlyoffice:20230422_090326-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index e7e66ae1..d7887799 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230414_123705-latest
+          image: nextcloud/aio-redis:20230422_090326-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 62774a4b..d8b1d520 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230414_123705-latest
+          image: nextcloud/aio-talk:20230422_090326-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From 378c884442ee8ce10347cf4f1374acad1fd26ac2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 22 Apr 2023 00:21:37 +0200
Subject: [PATCH 0811/3949] mention AIO config and docs in the AIO interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php                   |  6 +++++
 php/templates/containers.twig          |  6 +++++
 php/templates/includes/aio-config.twig | 36 ++++++++++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 php/templates/includes/aio-config.twig

diff --git a/php/public/index.php b/php/public/index.php
index be87258d..7b9405f4 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -111,6 +111,12 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
+        'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
+        'nextcloud_mount' => $configurationManager->GetNextcloudMount(),
+        'nextcloud_upload_limit' => $configurationManager->GetNextcloudUploadLimit(),
+        'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
+        'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
+        'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ac286acb..43a7f808 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -80,6 +80,8 @@
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
                         Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
+                        {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
                         {% if skip_domain_validation == true %}
@@ -226,6 +228,10 @@
                     {% endif %}
                 {% endif %}
 
+                {% if isApacheStarting == false and is_backup_container_running == false %}
+                    {{ include('includes/aio-config.twig') }}
+                {% endif %}
+
                 {% if was_start_button_clicked == true %}
                     <h2>Containers</h2>
                     <ul>
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
new file mode 100644
index 00000000..28f66654
--- /dev/null
+++ b/php/templates/includes/aio-config.twig
@@ -0,0 +1,36 @@
+<details>
+    <summary>Click here to view the current AIO config and documentation links</summary><br />
+    {% if domain != '' %}
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">this documentation</a></b><br><br>
+        You can run Nextcloud's usual occ commands by following <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">this documentation</a></b><br><br>
+    {% endif %}
+    
+    {% if nextcloud_datadir starts with '/' %}
+        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} directory.
+    {% else %}
+        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
+    {% endif %}
+    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">this documentation</a></b> on how to change this.<br><br>
+
+    {% if nextcloud_mount == '' %}
+        The Nextcloud container is currently confied and local external storage in Nextcloud is disabled.
+    {% else %}
+        The Nextcloud container currently gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
+    {% endif %}
+    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">this documentation</a></b> on how to change this.<br><br>
+
+    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+
+    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+
+    {% if is_dri_device_enabled == true %}
+        The /dev/dri device which is needed for hardware transcoding is currently attached to the Nextcloud container.
+    {% else %}
+        The /dev/dri device which is needed for hardware transcoding is currently not attached to the Nextcloud container.
+    {% endif %}
+    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+
+    For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
+</details><br />

From acd0d82e29ac8cd57d80b46d8a25506d4058b2cc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 13:04:32 +0200
Subject: [PATCH 0812/3949] substitute this documentation by correct names

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 28f66654..5f62cbf0 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if domain != '' %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">this documentation</a></b><br><br>
-        You can run Nextcloud's usual occ commands by following <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">this documentation</a></b><br><br>
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a></b><br><br>
+        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">occ documentation</a></b><br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}
@@ -10,27 +10,27 @@
     {% else %}
         Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
     {% endif %}
-    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">this documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a></b> on how to change this.<br><br>
 
     {% if nextcloud_mount == '' %}
         The Nextcloud container is currently confied and local external storage in Nextcloud is disabled.
     {% else %}
         The Nextcloud container currently gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
     {% endif %}
-    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">this documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a></b> on how to change this.<br><br>
 
-    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a></b> on how to change this.<br><br>
 
-    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a></b> on how to change this.<br><br>
 
-    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a></b> on how to change this.<br><br>
 
     {% if is_dri_device_enabled == true %}
         The /dev/dri device which is needed for hardware transcoding is currently attached to the Nextcloud container.
     {% else %}
         The /dev/dri device which is needed for hardware transcoding is currently not attached to the Nextcloud container.
     {% endif %}
-    See <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">this documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a></b> on how to change this.<br><br>
 
     For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
 </details><br />

From b77427b3cf38e3ca329242dcd947a3a836805453 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 13:08:36 +0200
Subject: [PATCH 0813/3949] improve dns record hint

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9e7b19b4..93f0b125 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -92,7 +92,7 @@
                             <input class="button" type="submit" value="Submit" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and the AAAA record to your public ipv6-address). <br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). <br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
                                 If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>

From d908244ef06303c5658ffa36ee6468a6465bdd2b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 13:09:10 +0200
Subject: [PATCH 0814/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 93f0b125..e112c571 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -528,9 +528,9 @@
                             <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forward in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forward in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>

From 5efcff80feed3756bffbba65cf50032436b6074c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 13:26:41 +0200
Subject: [PATCH 0815/3949] add a note on aio's operation mode

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php          |  1 +
 php/templates/containers.twig | 13 ++++++++++---
 readme.md                     |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index be87258d..b07dab6f 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -79,6 +79,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $view->addExtension(new \AIO\Twig\ClassExtension());
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
+        'apache_port' => $configurationManager->GetApachePort(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e112c571..edffecde 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -81,7 +81,12 @@
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
                         Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         <h2>New AIO instance</h2>
-                        Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
+                        {% if apache_port == '443' %}
+                            AIO is currently in "normal" mode which means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else) because it does the TLS proxying itself. If you If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
+                        {% else %}
+                            AIO is currently in "reverse proxy" mode which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
+                        {% endif %}
+                        Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
                             <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
@@ -92,14 +97,16 @@
                             <input class="button" type="submit" value="Submit" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). <br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
                                 If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>
                                 If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
                                 If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <b><a href="">this documentation</a></b>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
-                                If you try to install AIO behind a Reverse Proxy (like Apache, Nginx and else), and you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">this documentation</a></b> for how to debug things. <br /><br/>
+                                {% if apache_port != '443' %}
+                                    If you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a></b> for how to debug things. <br /><br/>
+                                {% endif %}
                                 <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.
                             </details><br /><br />
                         {% endif %}
diff --git a/readme.md b/readme.md
index 4882ed38..0d680c35 100644
--- a/readme.md
+++ b/readme.md
@@ -279,7 +279,7 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 **⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
 If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
-If you are running AIO behind a reverse proxy, you need to obviously also change the domain in your reverse proxy config.
+If you are running AIO behind a web server or reverse proxy (like Apache, Nginx and else), you need to obviously also change the domain in your reverse proxy config.
 
 ### How to properly reset the instance?
 If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.

From a3cf552cf9dae3e23965ded0ab0c3e7a80dbb950 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 13:31:03 +0200
Subject: [PATCH 0816/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index edffecde..ed42340a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -82,7 +82,7 @@
                         Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal" mode which means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else) because it does the TLS proxying itself. If you If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
+                            AIO is currently in "normal" mode which means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else) because it does the TLS proxying itself. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
                         {% else %}
                             AIO is currently in "reverse proxy" mode which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}

From 555ce650fd991b3db612cdd3e91646b4d098d7fe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 14:48:14 +0200
Subject: [PATCH 0817/3949] switch order of two elements

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 5f62cbf0..bd476571 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -21,10 +21,10 @@
 
     Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a></b> on how to change this.<br><br>
 
-    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a></b> on how to change this.<br><br>
-
     For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a></b> on how to change this.<br><br>
 
+    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a></b> on how to change this.<br><br>
+
     {% if is_dri_device_enabled == true %}
         The /dev/dri device which is needed for hardware transcoding is currently attached to the Nextcloud container.
     {% else %}

From e95e2fdf9cf80b9599553635ed97163089143e7b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 14:49:19 +0200
Subject: [PATCH 0818/3949] increase to 5.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 09f0644d..0dd1c9fe 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.9.0</h1>
+        <h1>Nextcloud AIO v5.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 359d43d3dd744ba3873198d8591f7da542735c06 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:04:09 +0200
Subject: [PATCH 0819/3949] fix OO build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index b3d08c70..53eac760 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.3.3.49
+FROM onlyoffice/documentserver:7.3.3.50
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From c24709e2dfb0c311262f1e50ff01015735f039ed Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:15:53 +0200
Subject: [PATCH 0820/3949] fix details regarding backup description

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0dd1c9fe..5028b83f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -417,9 +417,9 @@
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this documentation</a></b><br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b><br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
-                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this documentation<a/></b> and below.
+                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section<a/></b> and below.
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>

From 48746c24debbdf0934ff08441bed2a6331d93f2c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:24:50 +0200
Subject: [PATCH 0821/3949] adjust a few things in the aio-config section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index bd476571..4853828c 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if domain != '' %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a></b><br><br>
-        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">occ documentation</a></b><br><br>
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php</a></b>documentation.<br><br>
+        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">occ</a></b>documentation.<br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}
@@ -10,27 +10,27 @@
     {% else %}
         Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR</a></b> documentation on how to change this.<br><br>
 
     {% if nextcloud_mount == '' %}
         The Nextcloud container is currently confied and local external storage in Nextcloud is disabled.
     {% else %}
         The Nextcloud container currently gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT</a></b> documentation on how to change this.<br><br>
 
-    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a></b> on how to change this.<br><br>
+    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT</a></b> documentation on how to change this.<br><br>
 
-    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a></b> on how to change this.<br><br>
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT</a></b> documentation on how to change this.<br><br>
 
-    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a></b> on how to change this.<br><br>
+    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME</a></b> documentation on how to change this.<br><br>
 
     {% if is_dri_device_enabled == true %}
         The /dev/dri device which is needed for hardware transcoding is currently attached to the Nextcloud container.
     {% else %}
         The /dev/dri device which is needed for hardware transcoding is currently not attached to the Nextcloud container.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a></b> on how to change this.<br><br>
+    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE</a></b> documentation on how to change this.<br><br>
 
     For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
 </details><br />

From 14f5884e60dc8f092f590cf7500b96dae230bd2b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:27:49 +0200
Subject: [PATCH 0822/3949] fix a link in the aio-config section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 4853828c..f991cdb1 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -2,7 +2,7 @@
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if domain != '' %}
         Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php</a></b>documentation.<br><br>
-        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">occ</a></b>documentation.<br><br>
+        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ</a></b>documentation.<br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}

From c76e0aa1c10d5d733ffcdd468df78e32ffc8218b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:36:41 +0200
Subject: [PATCH 0823/3949] fix some typos

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5028b83f..c219792d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -223,8 +223,8 @@
                             <b>{{ nextcloud_password }}</b><br><br>
                         {% endif %}
                         <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/><br>
-                        {% if borg_backup_host_location != '' %}
-                            If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation<a/></b><br><br>
+                        {% if borg_backup_host_location == '' %}
+                            If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></b><br><br>
                         {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
@@ -414,12 +414,12 @@
                                 This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
                                 Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
                                 Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                                The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
                                 Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b><br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
-                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section<a/></b> and below.
+                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>

From 3cce13f2b86ab37e5f378065366b42712751a240 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 15:39:43 +0200
Subject: [PATCH 0824/3949] put the aio password change into a details tag

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c219792d..ab1b631e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -504,15 +504,18 @@
                     {% if is_backup_container_running == false %}
                         {% if isApacheStarting == false %} 
                             <h2>AIO password change</h2>
-                            You can change your AIO password below:<br><br />
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
-                                <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
-                            </form>
-                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br><br>
+                            <details>
+                                <summary>Click here to change your AIO password</summary><br />
+                                You can change your AIO password below:<br><br />
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
+                                    <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input class="button" type="submit" value="Submit" />
+                                </form>
+                                The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
+                            </details><br>
                         {% endif %}
                     {% endif %}
                 {% endif %}

From 6debc29685b3d0bd666d3980c7abae6ec72b144c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 16:01:04 +0200
Subject: [PATCH 0825/3949] adjust a few breaks

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ab1b631e..293a4e9e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -109,8 +109,8 @@
                                 {% if apache_port != '443' %}
                                     If you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a></b> for how to debug things. <br /><br/>
                                 {% endif %}
-                                <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.
-                            </details><br /><br />
+                                <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
+                            </details><br />
                         {% endif %}
 
                         <h2>Restore former AIO instance from backup</h2>
@@ -133,8 +133,8 @@
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form>
-                                        </details><br /><br />
+                                            </form><br />
+                                        </details><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -218,7 +218,7 @@
                                 Initial Nextcloud password: 
                         {% if borg_backup_host_location != '' %}
                             {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                            <b>{{ nextcloud_password }}</b></details><br /><br />
+                            <b>{{ nextcloud_password }}</b><br /></details><br />
                         {% else %}
                             <b>{{ nextcloud_password }}</b><br><br>
                         {% endif %}
@@ -384,8 +384,8 @@
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form>
-                                        </details><br /><br />
+                                            </form><br />
+                                        </details><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
@@ -419,7 +419,7 @@
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
                                 Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b><br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
-                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.
+                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>
@@ -493,9 +493,9 @@
                                     {% endif %}
                                 {% endif %}
                                 {% if has_backup_run_once == false %}
-                                    <br /><br />
+                                    <br />
                                 {% else %}
-                                    </details><br /><br />
+                                    </details><br />
                                 {% endif %}
                             {% endif %}
                         {% endif %}

From 1d1d462bc0f272a67a5f1e2c9a644513a711d18b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 16:06:08 +0200
Subject: [PATCH 0826/3949] fix spacing of aio-config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index f991cdb1..5b9a2660 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if domain != '' %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php</a></b>documentation.<br><br>
-        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ</a></b>documentation.<br><br>
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php</a></b> documentation.<br><br>
+        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ</a></b> documentation.<br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}

From 3bff5f28515f8a482c7a18c0da62ef9e0aa1747c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 23:24:20 +0200
Subject: [PATCH 0827/3949] adjust the button color on focus

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/style.css | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/public/style.css b/php/public/style.css
index e43485c9..8f58440e 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -23,6 +23,11 @@ a {
     outline: none;
 }
 
+.button:focus {
+    color:black;
+    border: 2px solid black;
+}
+
 #logout {
     margin-top: 7px;
 }

From 0779609bed673bf5d678aa875c1a490c0b65731e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 09:11:10 +0200
Subject: [PATCH 0828/3949] set BORG_HOST_ID to a fixed value in order to fix
 stale lock removal

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 0d012db3..87cf8125 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -260,7 +260,8 @@
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
         "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
-        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%"
+        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
+        "BORG_HOST_ID=nextcloud-aio-borgbackup"
       ],
       "volumes": [
         {

From 97be96cde533340d9b9ec21db2a0727f827d73b9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 10:59:45 +0200
Subject: [PATCH 0829/3949] put duplicated path examples into a dedicated
 include

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig           | 14 ++------------
 php/templates/includes/backup-dirs.twig |  6 ++++++
 2 files changed, 8 insertions(+), 12 deletions(-)
 create mode 100644 php/templates/includes/backup-dirs.twig

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 293a4e9e..eaa8faab 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -175,12 +175,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit" />
                             </form>
-                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
-                            An example for Linux is <b>/mnt/backup</b>.<br>
-                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
-                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
-                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
+                            {{ include('includes/backup-dirs.twig') }}
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
@@ -359,12 +354,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit" />
                             </form>
-                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
-                            An example for Linux is <b>/mnt/backup</b>.<br>
-                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
-                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
-                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
+                            {{ include('includes/backup-dirs.twig') }}
                         {% endif %}
                     {% endif %}
 
diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
new file mode 100644
index 00000000..0056f479
--- /dev/null
+++ b/php/templates/includes/backup-dirs.twig
@@ -0,0 +1,6 @@
+The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+An example for Linux is <b>/mnt/backup</b>.<br><br>
+On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br><br>
+For macOS it may be <b>/var/backup</b>.<br><br>
+On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br><br>
+Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>

From 0a48feb1242386e675583d7a0a260635bb3d9cc4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:08:41 +0200
Subject: [PATCH 0830/3949] adjust wording a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 5b9a2660..3680fc53 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -13,22 +13,22 @@
     See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR</a></b> documentation on how to change this.<br><br>
 
     {% if nextcloud_mount == '' %}
-        The Nextcloud container is currently confied and local external storage in Nextcloud is disabled.
+        The Nextcloud container is confied and local external storage in Nextcloud is disabled.
     {% else %}
-        The Nextcloud container currently gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
+        The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
     {% endif %}
     See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT</a></b> documentation on how to change this.<br><br>
 
-    Nextcloud currently has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT</a></b> documentation on how to change this.<br><br>
+    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT</a></b> documentation on how to change this.<br><br>
 
-    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is currently configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT</a></b> documentation on how to change this.<br><br>
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT</a></b> documentation on how to change this.<br><br>
 
-    Nextcloud currently has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME</a></b> documentation on how to change this.<br><br>
+    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME</a></b> documentation on how to change this.<br><br>
 
     {% if is_dri_device_enabled == true %}
-        The /dev/dri device which is needed for hardware transcoding is currently attached to the Nextcloud container.
+        The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
     {% else %}
-        The /dev/dri device which is needed for hardware transcoding is currently not attached to the Nextcloud container.
+        The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
     {% endif %}
     See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE</a></b> documentation on how to change this.<br><br>
 

From 1c6f2b80b781f020a5d7cd0c50323361f1628c9b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:13:05 +0200
Subject: [PATCH 0831/3949] add a dot to the end of sentence

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 293a4e9e..8f785262 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -417,7 +417,7 @@
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b><br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b>.<br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
                                 For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 

From d8719e810c66e0ca5b5e7e815bd07a3d75d7d8ac Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:13:36 +0200
Subject: [PATCH 0832/3949] refactor aio-config section with visibility of
 links again.

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/aio-config.twig | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 3680fc53..7428fed8 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if domain != '' %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php</a></b> documentation.<br><br>
-        You can run Nextcloud's usual occ commands by following the <b><a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ</a></b> documentation.<br><br>
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
+        You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></b>.<br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}
@@ -10,27 +10,27 @@
     {% else %}
         Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR</a></b> documentation on how to change this.<br><br>
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.<br><br>
 
     {% if nextcloud_mount == '' %}
         The Nextcloud container is confied and local external storage in Nextcloud is disabled.
     {% else %}
         The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT</a></b> documentation on how to change this.<br><br>
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.<br><br>
 
-    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT</a></b> documentation on how to change this.<br><br>
+    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.<br><br>
 
-    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT</a></b> documentation on how to change this.<br><br>
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.<br><br>
 
-    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME</a></b> documentation on how to change this.<br><br>
+    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.<br><br>
 
     {% if is_dri_device_enabled == true %}
         The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
     {% else %}
         The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
     {% endif %}
-    See the <b><a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE</a></b> documentation on how to change this.<br><br>
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.<br><br>
 
     For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
 </details><br />

From 860f194d81d9df28f2f0ed0eaec95c567f4a62b1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:17:30 +0200
Subject: [PATCH 0833/3949] fix links

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8f785262..dd21d8d0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -104,10 +104,10 @@
                                 <summary>Click here for further hints</summary><br />
                                 If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>
                                 If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
-                                If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <b><a href="">this documentation</a></b>.<br><br>
+                                If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
                                 {% if apache_port != '443' %}
-                                    If you run into issues getting your domain accepted, see <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a></b> for how to debug things. <br /><br/>
+                                    If you run into issues getting your domain accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
                                 {% endif %}
                                 <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
                             </details><br />

From c590fb9592923ae39823eb74ec55b6216319d632 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:22:46 +0200
Subject: [PATCH 0834/3949] change order of explanation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0181c36e..26097fcc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -84,7 +84,7 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal" mode which means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else) because it does the TLS proxying itself. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
+                            AIO is currently in "normal" mode which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
                         {% else %}
                             AIO is currently in "reverse proxy" mode which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}

From 306f1f45eca8020b2aacaad25aa4a10970f2d2db Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 11:32:31 +0200
Subject: [PATCH 0835/3949] put mode into quotes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 26097fcc..ae0b3c40 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -84,9 +84,9 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal" mode which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
                         {% else %}
-                            AIO is currently in "reverse proxy" mode which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
+                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}
                         Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}

From 617c8820155f1fefc44999292e2523989281050f Mon Sep 17 00:00:00 2001
From: Thijs van der Woude <31108288+thijsvanderwoude@users.noreply.github.com>
Date: Wed, 26 Apr 2023 01:28:12 +0200
Subject: [PATCH 0836/3949] Fix minor typo

Signed-off-by: Thijs van der Woude <31108288+thijsvanderwoude@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f83d2e24..78d55ad3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -28,7 +28,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 Add this as a new Apache site config:
 
-(The config below assumse that you are using certbot to get your certificates. You need to create them first in order to make it work.)
+(The config below assumes that you are using certbot to get your certificates. You need to create them first in order to make it work.)
 
 ```
 <VirtualHost *:80>

From 7cb12f7893d45ebd1d83b60a33de203032e5ff52 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 10:35:01 +0200
Subject: [PATCH 0837/3949] make it even more verbose that the default command
 is not to be used behind a reverse proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 418dcf75..b765af9f 100644
--- a/readme.md
+++ b/readme.md
@@ -80,7 +80,7 @@ The following instructions are meant for installations without a web server or r
     curl -fsSL https://get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-2. Run the command below in order to start the container:
+2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     ```
     # For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
     sudo docker run \

From 608fea646048b5acf90f70fc204f9b34b6ebeebf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 15:16:58 +0200
Subject: [PATCH 0838/3949] adjust workflows to add to review label
 automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 3 ++-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 6 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 3b466f39..9ce168d6 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -50,6 +50,6 @@ jobs:
         signoff: true
         title: Dependency updates
         body: Automated dependency updates since dependabot does not support grouped updates
-        labels: dependencies, enhancement
+        labels: dependencies, 3. to review
         milestone: next
         branch: aio-dependency-update
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 12bd9e86..61148c98 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -28,6 +28,6 @@ jobs:
         signoff: true
         title: Imaginary update
         body: Automated Imaginary container update
-        labels: dependencies, enhancement
+        labels: dependencies, 3. to review
         milestone: next
         branch: imaginary-container-update
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index b61eda85..92e19827 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -72,6 +72,6 @@ jobs:
         signoff: true
         title: Nextcloud update
         body: Automated Nextcloud container update
-        labels: dependencies, enhancement
+        labels: dependencies, 3. to review
         milestone: next
         branch: nextcloud-container-update
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 35e87561..e565bdd0 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -42,7 +42,8 @@ jobs:
           # Make sure we can open multiple PRs
           branch-suffix: timestamp
           title: '[Automated] Update psalm-baseline.xml'
+          milestone: next
           body: |
             Auto-generated update psalm-baseline.xml with fixed psalm warnings
           labels: |
-            3. to review
\ No newline at end of file
+            3. to review, dependencies
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 45dc9139..41a04c98 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -27,7 +27,7 @@ jobs:
           signoff: true
           title: Helm Chart updates
           body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
-          labels: dependencies
+          labels: dependencies, 3. to review
           milestone: next
           branch: aio-helm-update
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 0d479b06..fe41e058 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -22,7 +22,7 @@ jobs:
           signoff: true
           title: Yaml updates
           body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
-          labels: dependencies
+          labels: dependencies, 3. to review
           milestone: next
           branch: aio-yaml-update
           token: ${{ secrets.GITHUB_TOKEN }}

From 070242cda897f9d512dbc1a4f543ab3c09a7fb90 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Apr 2023 13:17:33 +0000
Subject: [PATCH 0839/3949] Bump docker from 23.0.4-cli to 23.0.5-cli in
 /Containers/mastercontainer

Bumps docker from 23.0.4-cli to 23.0.5-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 329db679..284a20b9 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.4-cli as docker
+FROM docker:23.0.5-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 1118ba676497f264ee93678ee0e3860b881df32a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 15:19:22 +0200
Subject: [PATCH 0840/3949] add a passage about waiting for container to be
 bult before testing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 develop.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/develop.md b/develop.md
index c286a615..8c3cef9d 100644
--- a/develop.md
+++ b/develop.md
@@ -22,6 +22,8 @@ Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
 
 ## How to test things correctly?
+Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. 
+
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
 ## How to promote builds from develop to beta

From 18f6aff0160d3afcf6fec4135acbe97fc42a408d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 18:00:08 +0200
Subject: [PATCH 0841/3949] add patterns to containers-schema

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 53 ++++++++++++++++++++++++++------------
 1 file changed, 37 insertions(+), 16 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 39ed0a51..70535d21 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -13,40 +13,49 @@
 				"required": ["image", "container_name"],
 				"properties": {
 					"image": {
-						"type": "string"
+						"type": "string",
+						"minLength": 1
 					},
 					"expose": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^([0-9]{1,5})$"
 						}
 					},
 					"cap_add": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^[A-Z_]+$"
 						}
 					},
 					"depends_on": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^nextcloud-aio-[a-z-]+$"
 						}
 					},
 					"display_name": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^[A-Za-z ]+$"
 					},
 					"environment": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^.*=.*$",
+							"minlength": 1
 						}
 					},
 					"container_name": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^nextcloud-aio-[a-z-]+$"
 					},
 					"internal_port": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^([0-9]{1,5})?(host)?(%[A-Z_]+%)?$"
 					},
 					"stop_grace_period": {
 						"type": "integer"
@@ -59,19 +68,25 @@
 							"minProperties": 3,
 							"properties": {
 								"ip_binding": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(%[A-Z_]+%)?$"
 								},
 								"port_number": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(%[A-Z_]+%)$"
 								},
 								"protocol": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(tcp)?(udp)?$",
+									"minlength": 3,
+									"maxlength": 3
 								}
 							}
 						}
 					},
 					"restart": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^unless-stopped$"
 					},
 					"shm_size": {
 						"type": "integer"
@@ -79,13 +94,15 @@
 					"secrets": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^[A-Z_]+$"
 						}
 					},
 					"devices": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^/dev/[a-z]+$"
 						}
 					},
 					"volumes": {
@@ -96,10 +113,14 @@
 							"minProperties": 3,
 							"properties": {
 								"destination": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(/[a-z_/.-]+)?(%[A-Z_]+%)?$",
+									"minlength": 2
 								},
 								"source": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^([a-z_]+)?(%[A-Z_]+%)?$",
+									"minlength": 2
 								},
 								"writeable": {
 									"type": "boolean"

From cc2c8998bac8f9e6ad4835c83e1cad6581fd187e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 18:57:35 +0200
Subject: [PATCH 0842/3949] mastercontainer - delete things except the needed
 php dir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 329db679..14080c2c 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -71,6 +71,7 @@ RUN set -e && \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
+    find ./ -not -path ./php -maxdepth 1 -mindepth 1 -delete; \
     cd php; \
     composer install --no-dev; \
     composer clearcache; \

From eeeeb2f37bf86c844b7108b22abf9e8ed930a983 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 19:24:14 +0200
Subject: [PATCH 0843/3949] add apparmor_unconinfed to containers definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 3 +++
 php/containers.json                    | 3 ++-
 php/src/Container/Container.php        | 7 +++++++
 php/src/ContainerDefinitionFetcher.php | 6 ++++++
 php/src/Docker/DockerActionManager.php | 6 ++++--
 5 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 39ed0a51..af71a0ee 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -88,6 +88,9 @@
 							"type": "string"
 						}
 					},
+					"apparmor_unconfined": {
+						"type": "boolean"
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 87cf8125..4f5bae28 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -323,7 +323,8 @@
       ],
       "cap_add": [
         "SYS_ADMIN"
-      ]
+      ],
+      "apparmor_unconfined": true
     },
     {
       "container_name": "nextcloud-aio-watchtower",
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index be2ebb18..442ee587 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -26,6 +26,7 @@ class Container {
     /** @var string[] */
     private array $capAdd;
     private int $shmSize;
+    private bool $apparmorUnconfined;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -43,6 +44,7 @@ class Container {
         array $devices,
         array $capAdd,
         int $shmSize,
+        bool $apparmorUnconfined,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -59,6 +61,7 @@ class Container {
         $this->devices = $devices;
         $this->capAdd = $capAdd;
         $this->shmSize = $shmSize;
+        $this->apparmorUnconfined = $apparmorUnconfined;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -82,6 +85,10 @@ class Container {
         return $this->shmSize;
     }
 
+    public function isApparmorUnconfined() : bool {
+        return $this->apparmorUnconfined;
+    }
+
     public function GetMaxShutdownTime() : int {
         return $this->maxShutdownTime;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index f1810ec7..50901f8f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -223,6 +223,11 @@ class ContainerDefinitionFetcher
                 $shmSize = $entry['shm_size'];
             }
 
+            $apparmorUnconfined = false;
+            if (isset($entry['apparmor_unconfined'])) {
+                $apparmorUnconfined = $entry['apparmor_unconfined'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -238,6 +243,7 @@ class ContainerDefinitionFetcher
                 $devices,
                 $capAdd,
                 $shmSize,
+                $apparmorUnconfined,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 96767352..5471bc04 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -421,10 +421,12 @@ class DockerActionManager
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
 
+        if ($container->isApparmorUnconfined()) {
+            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
-            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
-            
             // Additional backup directories
             $mounts = [];
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {

From eaf26a2ec37c3b7a0d78fd101d292384568a289a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 04:07:29 +0200
Subject: [PATCH 0844/3949] add twig-lint

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/twig-lint.yml | 55 +++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 .github/workflows/twig-lint.yml

diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
new file mode 100644
index 00000000..0652df87
--- /dev/null
+++ b/.github/workflows/twig-lint.yml
@@ -0,0 +1,55 @@
+name: Twig Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: lint-twig-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  twig-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.1"]
+
+    name: twig-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: twig lint
+        run: |
+          cd php
+          composer require sserbin/twig-linter:@dev --no-progress --dev
+          composer install
+          chmod +x ./vendor/bin/twig-linter
+          ./vendor/bin/twig-linter lint ./templates
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: twig-lint
+
+    if: always()
+
+    name: twig-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi

From 792f4daf6daf7f29520f26f37dfc18abbe878d41 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 10:25:11 +0200
Subject: [PATCH 0845/3949] update php lint name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 28fae11b..f3e56b92 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -3,7 +3,7 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 
-name: Lint
+name: PHP Lint
 
 on:
   pull_request:

From 861d7174804f069802697adf508618400273b72b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 11:17:36 +0200
Subject: [PATCH 0846/3949] collabora - make startup faster by not generating
 ssl cert

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 87cf8125..775dd902 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -207,7 +207,8 @@
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
-        "server_name=%NC_DOMAIN%"
+        "server_name=%NC_DOMAIN%",
+        "DONT_GEN_SSL_CERT=1"
       ],
       "volumes": [
         {

From b2f5deebd2042d03cf608d223429ab04ece5abf3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 15:12:16 +0200
Subject: [PATCH 0847/3949] Krita should be enabled by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 87271613..b03164e6 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -305,6 +305,7 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\TXT"
             php /var/www/html/occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\OpenDocument"
             php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\Movie"
+            php /var/www/html/occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Krita"
             php /var/www/html/occ config:system:set enable_previews --value=true --type=boolean
 
             # Apply other settings

From e44ef2d126469b5b41bc2e79f1c699d392b36be0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 25 Apr 2023 18:02:59 +0200
Subject: [PATCH 0848/3949] add a hint where to look at in rp doc

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ae0b3c40..786465ab 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -84,7 +84,7 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>.<br><br>
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
                         {% else %}
                             AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}

From e78ef7a31ac9f88201254fc447db367cefa8b75a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 1 May 2023 12:07:37 +0000
Subject: [PATCH 0849/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index b758ff73..b5705fb2 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.9.0
+version: 5.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 96b487bc..e682a8e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230422_090326-latest
+          image: nextcloud/aio-apache:20230501_090621-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6c0b9537..20235973 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230422_090326-latest
+          image: nextcloud/aio-clamav:20230501_090621-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index b9d529f9..5ff3118b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230422_090326-latest
+          image: nextcloud/aio-collabora:20230501_090621-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 0ed2f062..f93e810e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230422_090326-latest
+          image: nextcloud/aio-postgresql:20230501_090621-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 3abb2a53..53ee0d7d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230422_090326-latest
+          image: nextcloud/aio-fulltextsearch:20230501_090621-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 650e4fa5..604c89ea 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230422_090326-latest
+          image: nextcloud/aio-imaginary:20230501_090621-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 62e5807f..fd0d3b4f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230422_090326-latest
+          image: nextcloud/aio-nextcloud:20230501_090621-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 99621fe2..748ce89a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230422_090326-latest
+          image: nextcloud/aio-onlyoffice:20230501_090621-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index d7887799..78623360 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230422_090326-latest
+          image: nextcloud/aio-redis:20230501_090621-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d8b1d520..2b77759c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230422_090326-latest
+          image: nextcloud/aio-talk:20230501_090621-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From 9728a84e75562a8511ab8d75c066c0f5157be280 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Apr 2023 23:32:30 +0200
Subject: [PATCH 0850/3949] fix typo in forms.sh

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/forms.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index ac84c7d0..52555929 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -31,7 +31,7 @@
     }
   }
 
-  function disableSpinnerSpinner() {
+  function enableSpinner() {
     document.getElementById('overlay').classList.add('loading');
   }
 
@@ -51,7 +51,7 @@
       xhr.addEventListener('error', () => disableSpinner());
       xhr.open(form.method, form.getAttribute("action"));
       xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
-      disableSpinnerSpinner();
+      enableSpinner();
       xhr.send(new URLSearchParams(new FormData(form)));
       event.preventDefault();
     }

From 348d6acde73370c573631c34be259f3e69ea5fec Mon Sep 17 00:00:00 2001
From: esmith443 <119460913+esmith443@users.noreply.github.com>
Date: Thu, 13 Apr 2023 19:09:10 -0400
Subject: [PATCH 0851/3949] Update reverse-proxy.md

Added guide for Citrix ADC VPX / Citrix Netscaler reverse proxy.
This is my first pull so I am sorry if I made any mistakes.
Love AIO thanks :)

Signed-off-by: esmith443 <119460913+esmith443@users.noreply.github.com>
---
 reverse-proxy.md | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 78d55ad3..7bc0790b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -455,6 +455,91 @@ Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to
 
 </details>
 
+### Citrix ADC VPX / Citrix Netscaler 
+<details>
+<summary>click here to expand</summary>
+
+**Disclaimer:** This guide assumes you already have created a Citrix Content Switching Virtual Server on your ADC VPX / Netscaler
+
+1.First you need to create the NextCloud Service. This is under Traffic Management > Services > Add
+
+![image](https://user-images.githubusercontent.com/119460913/231899216-db1c7240-dcd4-4c16-8dbb-a8e09a1a8e62.png)
+
+2.Give the service a unique name, enter in the local IP address of your NextCloud AIO instance, make the Protocol HTTP, and the Port Number 11000
+
+![image](https://user-images.githubusercontent.com/119460913/231899348-de5f6eaf-5951-4f83-a4f9-159c0d884914.png)
+
+3.Now we need to create a Virtual Server. This is under Traffic Management > Virtual Servers > Add
+
+![image](https://user-images.githubusercontent.com/119460913/231899409-12488585-653f-4af9-a939-3b318a2b01af.png)
+
+4.Give the Virtual Server a unique Name, Putting LB in the name makes it easier to identify later. Change the protocol to HTTP and the IP Address Type to Non Addressable.
+
+![image](https://user-images.githubusercontent.com/119460913/231899476-1aa787bd-f586-4936-ae92-1257f0af5f12.png)
+
+5.We now need to bind the Service to the Virtual Server. Click the Bindings section under Services and Service Groups on the Virtual Server.
+
+![image](https://user-images.githubusercontent.com/119460913/231899538-6b80117f-df11-430d-9726-00756f90a83a.png)
+
+6.Click into the Select Service.
+
+![image](https://user-images.githubusercontent.com/119460913/231899576-abb8dfce-d02a-489f-bb1b-7d9860c9ce20.png)
+
+7.Select your Service from the list, then press Select.
+
+![image](https://user-images.githubusercontent.com/119460913/231899613-81937157-46da-4203-b09a-28b9459632e5.png)
+
+8.Select Bind.
+
+![image](https://user-images.githubusercontent.com/119460913/231899668-56f67685-c3e8-4efb-b35b-a7587a45ad1d.png)
+
+9.Now we will create the Content Switching Action. This is under Traffic Management > Content Switching > Actions > Add
+
+![image](https://user-images.githubusercontent.com/119460913/231899746-e1638bb5-e05c-48bd-8a9d-73bddc307dae.png)
+
+10.Create a Unique name for the CS Action, I would recommend adding a CS_Action in the name to make it easier later on. Make sure the Choose Virtual Server or Expression is set to Loadbalancing Virtual Server. Click into the Target Load Balancing Virtual Server section.
+
+![image](https://user-images.githubusercontent.com/119460913/231899792-5bc30796-515a-426c-8691-eda5249c7321.png)
+
+11.Select your LB Nextcloud from the Virtual Servers List and press select. Press Bind.
+
+![image](https://user-images.githubusercontent.com/119460913/231899844-ce64a0d8-2b0d-4e20-92e7-9bc0a5882c9c.png)
+
+12.Now we need to create a Content Switching Policy. This is under Traffic Management > Content Switching > Policies > Add.
+
+![image](https://user-images.githubusercontent.com/119460913/231899889-3b3c48b2-3d49-4181-8771-db7e5ec4921a.png)
+
+13.Create a Unique name for the Content Switching Policy, I recommend adding a CS_Policy in the name to make it easier later. In the Action Section, Select your CS_Action from the list and then in the Expression area add what is shown below. Substitute nextcloud.yourdomain.com for what you want the reverse DNS to look for.
+
+```
+HTTP.REQ.HOSTNAME.CONTAINS("nextcloud.yourdomain.com")
+```
+
+![image](https://user-images.githubusercontent.com/119460913/231900102-9c953783-a929-4a81-999d-6592fd7c4df4.png)
+
+14.Now we need to add the CS_Policy to the Content Switching Virtual Server. This is under Traffic Management > Virtual Servers. You will select your Content Switching Virtual Server from the list and press Edit.
+
+![image](https://user-images.githubusercontent.com/119460913/231900156-755ccdbe-556f-4c47-b10f-3a7bfd9d4a6e.png)
+
+15.Select the Content Switching Policies under the Content Switching Policy Binding. 
+
+![image](https://user-images.githubusercontent.com/119460913/231900205-51b0662c-204f-47df-9713-1e81f7f29e05.png)
+
+16.Click Add Binding.
+
+![image](https://user-images.githubusercontent.com/119460913/231900239-372d3c2e-b3b7-4cb3-90f9-19abbad46d1a.png)
+
+17.Click into the Policy section.
+
+![image](https://user-images.githubusercontent.com/119460913/231900288-89a34fdb-1a00-4254-b70b-53706d3142d0.png)
+
+18.Click your CS_Policy from the list and press select and then Bind.
+
+![image](https://user-images.githubusercontent.com/119460913/231900321-8c5a4602-7a35-45cf-9ed1-bbeebfa76bb7.png)
+
+</details>
+
+
 ### Others
 
 <details>

From 4ef65b24ae06e1d9ac9ff807b4c1c768f2e5a9e2 Mon Sep 17 00:00:00 2001
From: esmith443 <119460913+esmith443@users.noreply.github.com>
Date: Mon, 1 May 2023 10:47:14 -0400
Subject: [PATCH 0852/3949] Update reverse-proxy.md

Updated Commit to link to guide

Signed-off-by: esmith443 <119460913+esmith443@users.noreply.github.com>
---
 reverse-proxy.md | 78 ++----------------------------------------------
 1 file changed, 2 insertions(+), 76 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7bc0790b..07513bdc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -459,83 +459,9 @@ Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to
 <details>
 <summary>click here to expand</summary>
 
-**Disclaimer:** This guide assumes you already have created a Citrix Content Switching Virtual Server on your ADC VPX / Netscaler
+The below link will take you to the Citrix Reverse Proxy Guide.
 
-1.First you need to create the NextCloud Service. This is under Traffic Management > Services > Add
-
-![image](https://user-images.githubusercontent.com/119460913/231899216-db1c7240-dcd4-4c16-8dbb-a8e09a1a8e62.png)
-
-2.Give the service a unique name, enter in the local IP address of your NextCloud AIO instance, make the Protocol HTTP, and the Port Number 11000
-
-![image](https://user-images.githubusercontent.com/119460913/231899348-de5f6eaf-5951-4f83-a4f9-159c0d884914.png)
-
-3.Now we need to create a Virtual Server. This is under Traffic Management > Virtual Servers > Add
-
-![image](https://user-images.githubusercontent.com/119460913/231899409-12488585-653f-4af9-a939-3b318a2b01af.png)
-
-4.Give the Virtual Server a unique Name, Putting LB in the name makes it easier to identify later. Change the protocol to HTTP and the IP Address Type to Non Addressable.
-
-![image](https://user-images.githubusercontent.com/119460913/231899476-1aa787bd-f586-4936-ae92-1257f0af5f12.png)
-
-5.We now need to bind the Service to the Virtual Server. Click the Bindings section under Services and Service Groups on the Virtual Server.
-
-![image](https://user-images.githubusercontent.com/119460913/231899538-6b80117f-df11-430d-9726-00756f90a83a.png)
-
-6.Click into the Select Service.
-
-![image](https://user-images.githubusercontent.com/119460913/231899576-abb8dfce-d02a-489f-bb1b-7d9860c9ce20.png)
-
-7.Select your Service from the list, then press Select.
-
-![image](https://user-images.githubusercontent.com/119460913/231899613-81937157-46da-4203-b09a-28b9459632e5.png)
-
-8.Select Bind.
-
-![image](https://user-images.githubusercontent.com/119460913/231899668-56f67685-c3e8-4efb-b35b-a7587a45ad1d.png)
-
-9.Now we will create the Content Switching Action. This is under Traffic Management > Content Switching > Actions > Add
-
-![image](https://user-images.githubusercontent.com/119460913/231899746-e1638bb5-e05c-48bd-8a9d-73bddc307dae.png)
-
-10.Create a Unique name for the CS Action, I would recommend adding a CS_Action in the name to make it easier later on. Make sure the Choose Virtual Server or Expression is set to Loadbalancing Virtual Server. Click into the Target Load Balancing Virtual Server section.
-
-![image](https://user-images.githubusercontent.com/119460913/231899792-5bc30796-515a-426c-8691-eda5249c7321.png)
-
-11.Select your LB Nextcloud from the Virtual Servers List and press select. Press Bind.
-
-![image](https://user-images.githubusercontent.com/119460913/231899844-ce64a0d8-2b0d-4e20-92e7-9bc0a5882c9c.png)
-
-12.Now we need to create a Content Switching Policy. This is under Traffic Management > Content Switching > Policies > Add.
-
-![image](https://user-images.githubusercontent.com/119460913/231899889-3b3c48b2-3d49-4181-8771-db7e5ec4921a.png)
-
-13.Create a Unique name for the Content Switching Policy, I recommend adding a CS_Policy in the name to make it easier later. In the Action Section, Select your CS_Action from the list and then in the Expression area add what is shown below. Substitute nextcloud.yourdomain.com for what you want the reverse DNS to look for.
-
-```
-HTTP.REQ.HOSTNAME.CONTAINS("nextcloud.yourdomain.com")
-```
-
-![image](https://user-images.githubusercontent.com/119460913/231900102-9c953783-a929-4a81-999d-6592fd7c4df4.png)
-
-14.Now we need to add the CS_Policy to the Content Switching Virtual Server. This is under Traffic Management > Virtual Servers. You will select your Content Switching Virtual Server from the list and press Edit.
-
-![image](https://user-images.githubusercontent.com/119460913/231900156-755ccdbe-556f-4c47-b10f-3a7bfd9d4a6e.png)
-
-15.Select the Content Switching Policies under the Content Switching Policy Binding. 
-
-![image](https://user-images.githubusercontent.com/119460913/231900205-51b0662c-204f-47df-9713-1e81f7f29e05.png)
-
-16.Click Add Binding.
-
-![image](https://user-images.githubusercontent.com/119460913/231900239-372d3c2e-b3b7-4cb3-90f9-19abbad46d1a.png)
-
-17.Click into the Policy section.
-
-![image](https://user-images.githubusercontent.com/119460913/231900288-89a34fdb-1a00-4254-b70b-53706d3142d0.png)
-
-18.Click your CS_Policy from the list and press select and then Bind.
-
-![image](https://user-images.githubusercontent.com/119460913/231900321-8c5a4602-7a35-45cf-9ed1-bbeebfa76bb7.png)
+https://github.com/nextcloud/all-in-one/discussions/2452
 
 </details>
 

From cad77f828743bb1b56cdfc6ae453b731b2179ebb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 16:49:16 +0200
Subject: [PATCH 0853/3949] reorder alphabetically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 07513bdc..4bff1de8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -132,6 +132,16 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
+### Citrix ADC VPX / Citrix Netscaler 
+
+<details>
+
+<summary>click here to expand</summary>
+
+For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see this guide by @esmith443: https://github.com/nextcloud/all-in-one/discussions/2452
+
+</details>
+
 ### Cloudflare Tunnel
 
 <details>
@@ -455,17 +465,6 @@ Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to
 
 </details>
 
-### Citrix ADC VPX / Citrix Netscaler 
-<details>
-<summary>click here to expand</summary>
-
-The below link will take you to the Citrix Reverse Proxy Guide.
-
-https://github.com/nextcloud/all-in-one/discussions/2452
-
-</details>
-
-
 ### Others
 
 <details>

From 3d780a5a4da5068a430bbc2f7853d7871e52313b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 16:58:44 +0200
Subject: [PATCH 0854/3949] try to fix json validator workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index d91e47bf..eaf03553 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -15,6 +15,6 @@ jobs:
         uses: actions/checkout@v3
       - name: Validate Json
         run: |
-          sudo apt install python3-pip --no-install-recommends
+          sudo apt-get install python3-pip --no-install-recommends
           sudo pip3 install json-spec
           json validate --schema-file=php/containers-schema.json --document-file=php/containers.json

From 900d47017454ee0714923ad9ccb0d5161787283f Mon Sep 17 00:00:00 2001
From: wky0211 <46506352+wky0211@users.noreply.github.com>
Date: Tue, 2 May 2023 00:19:23 +0800
Subject: [PATCH 0855/3949] fix(typo): "duckduckdns.org" -> "duckdns.org"

Signed-off-by: wky0211 <46506352+wky0211@users.noreply.github.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 786465ab..282db522 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -102,7 +102,7 @@
                             Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
-                                If you should not have a domain yet, you can get one for free e.g. from duckduckdns.org and others.<br><br>
+                                If you should not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
                                 If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
                                 If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>

From 8356e1aba107cff1ec03946b10912895240f5ea9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 19:06:13 +0200
Subject: [PATCH 0856/3949] updaate regex for some values in containers schema

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 468ae378..919f60e0 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -55,7 +55,7 @@
 					},
 					"internal_port": {
 						"type": "string",
-						"pattern": "^([0-9]{1,5})?(host)?(%[A-Z_]+%)?$"
+						"pattern": "^(([0-9]{1,5})|host|(%[A-Z_]+%))$"
 					},
 					"stop_grace_period": {
 						"type": "integer"
@@ -77,9 +77,7 @@
 								},
 								"protocol": {
 									"type": "string",
-									"pattern": "^(tcp)?(udp)?$",
-									"minlength": 3,
-									"maxlength": 3
+									"pattern": "^(tcp|udp)$"
 								}
 							}
 						}
@@ -117,14 +115,11 @@
 							"properties": {
 								"destination": {
 									"type": "string",
-									"pattern": "^(/[a-z_/.-]+)?(%[A-Z_]+%)?$",
-									"minlength": 2
+									"pattern": "^((/[a-z_/.-]+)|(%[A-Z_]+%))$"
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^([a-z_]+)?(%[A-Z_]+%)?$",
-									"minlength": 2
-								},
+									"pattern": "^(([a-z_]+)|(%[A-Z_]+%))$"								},
 								"writeable": {
 									"type": "boolean"
 								}

From 0dc630b5a9506257588ff14b82feb8e7c413a12d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 23:31:20 +0200
Subject: [PATCH 0857/3949] run composer during install as non-root user

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index a8f2b69b..5f0a765e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -72,9 +72,10 @@ RUN set -e && \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     find ./ -not -path ./php -maxdepth 1 -mindepth 1 -delete; \
+    chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
-    composer install --no-dev; \
-    composer clearcache; \
+    sudo -u www-data composer install --no-dev; \
+    sudo -u www-data composer clearcache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod 770 -R ./; \

From e362ea86650cfe588676de298b04e64691509003 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 2 May 2023 12:04:41 +0000
Subject: [PATCH 0858/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 5630cbf8..e3d5fc82 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -131,6 +131,7 @@ services:
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
+      - DONT_GEN_SSL_CERT=1
     volumes:
       - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     restart: unless-stopped

From d58bb56dfa21c1c6d44612629d487a05c5b3f212 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 May 2023 14:44:07 +0200
Subject: [PATCH 0859/3949] add another known issue regarding cloudflare

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index b765af9f..e284879b 100644
--- a/readme.md
+++ b/readme.md
@@ -195,6 +195,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
+- Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
 - The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.

From 126db40a7240362aa6d2b68d258d7581bf6d2c46 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 May 2023 13:01:31 +0000
Subject: [PATCH 0860/3949] Bump clamav/clamav from 1.0.1-2 to 1.1.0-1 in
 /Containers/clamav

Bumps clamav/clamav from 1.0.1-2 to 1.1.0-1.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f8681186..f024c124 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
-FROM clamav/clamav:1.0.1-2
+FROM clamav/clamav:1.1.0-1
 
 RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/

From c6492ef05c7c52bea1e91682b41451ca45c0012c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 May 2023 20:12:57 +0200
Subject: [PATCH 0861/3949] put the database into a subpath

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 489b91af..b7b8583a 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -61,6 +61,7 @@ cat << EOL > /tmp/initcontainers.database
           command:
             - chown
             - 999:999
+            - "-R"
           volumeMountsInitContainer:
 EOL
 # shellcheck disable=SC1083
@@ -80,6 +81,11 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                # Workaround for the database volume
+                if [ "$volumeName" = nextcloud-aio-database ]; then
+                    sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                fi
+                
             fi
         done
         sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"

From 9f4b712f0246e8ba9e206fb6fa6be1219e7a10e3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 May 2023 20:35:28 +0200
Subject: [PATCH 0862/3949] revert disabling FTS if on Nc26

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index b03164e6..e8c88fae 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -631,12 +631,6 @@ if version_greater "$installed_version" "24.0.0.0"; then
     fi
 fi
 
-# Migration to ES8 is pending, thus disabling FTS for now.
-if [ "$INSTALL_LATEST_MAJOR" = yes ] || version_greater "$installed_version" "26.0.0.0"; then
-    export FULLTEXTSEARCH_ENABLED=no
-    echo "Fulltextsearch is not compatible with Nextcloud 26 and is getting disabled."
-fi
-
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do

From 681f4ac73e9e490dbcbff8f8f583cac80d2e92c4 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 3 May 2023 04:08:32 +0000
Subject: [PATCH 0863/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 09f782db..dd6eedf6 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.9.0@8b9ad1eb9e8b7d3101f949291da2b9f7767cd163"/>
+<files psalm-version="5.10.0@a5effd2d2dddd1a7ea7a0f6a051ce63ff979e356"/>

From 347618f6a8d6691fe6fc18f8cbbc0b8280ee04e8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 12:06:13 +0200
Subject: [PATCH 0864/3949] manual-install - enable ipv6 by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index fad25bc3..18971040 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -128,8 +128,18 @@ done
 
 cat << NETWORK >> containers.yml
 
+# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.name: nextcloud-aio
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: \${IPV4_NETWORK:-172.22.1}.0/24
+        - subnet: \${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
 NETWORK
 
 cat containers.yml > latest.yml

From 26e3b14854857777885c5dbefbcbf3a2886e8e44 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 12:21:46 +0200
Subject: [PATCH 0865/3949] helm-chart - create the data folder manually in
 order to apply the correct permissions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index b7b8583a..0db93026 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -59,6 +59,9 @@ cat << EOL > /tmp/initcontainers.database
         - name: init-volumes
           image: alpine
           command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-database/data;
             - chown
             - 999:999
             - "-R"

From 490e9571d1f2e074cbb3af768dfc4cef42a3bd71 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 12:59:51 +0200
Subject: [PATCH 0866/3949] document how to enable ipv6 for the internal
 network

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 5ed95a80..09878219 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -21,6 +21,7 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     ```console
     sudo systemctl restart docker
     ```
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="172.30.1.0/24" --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
@@ -35,6 +36,7 @@ On Windows and macOS which use Docker Desktop, you need to go into the settings,
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="172.30.1.0/24" --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ---
 

From 418e7898b7be9695dd18dfa356e8cad18372265f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 13:07:22 +0200
Subject: [PATCH 0867/3949] nextcloud-aio network - remove non-default options

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5471bc04..788b32ff 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -679,10 +679,6 @@ class DockerActionManager
                         'CheckDuplicate' => true,
                         'Driver' => 'bridge',
                         'Internal' => false,
-                        'Options' => [
-                            'com.docker.network.bridge.enable_icc' => 'true',
-                            'com.docker.network.bridge.enable_ip_masquerade' => 'true'
-                        ]
                     ]
                 ]
             );

From 3ff0b2e98722e8c05ad2883cefd7c0c55936dce3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 13:34:24 +0200
Subject: [PATCH 0868/3949] add internal network config to docker-compose file
 as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3538cc8b..23e70b1b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -47,3 +47,16 @@ services:
   #     - ./data:/data
   #     - ./sites:/srv
   #   network_mode: "host"
+
+# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network
+# networks:
+#   nextcloud-aio:
+#     driver: bridge
+#     driver_opts:
+#       com.docker.network.bridge.name: nextcloud-aio
+#     enable_ipv6: true
+#     ipam:
+#       driver: default
+#       config:
+#         - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
+#         - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

From 04f84bb9b1cee1ac592ec607b219f579bd30eb16 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 13:52:33 +0200
Subject: [PATCH 0869/3949] add inspired by

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 23e70b1b..8e1f8066 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -49,6 +49,7 @@ services:
   #   network_mode: "host"
 
 # # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network
+# # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 # networks:
 #   nextcloud-aio:
 #     driver: bridge

From b2fa058f3352b754c8facc9bd472ff4e7bed7f17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 14:55:52 +0200
Subject: [PATCH 0870/3949] talk - remove lt-cred-mech as that is not
 recommended anymore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 378811f0..eac73616 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -20,7 +20,6 @@ set +x
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
-lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN

From b9ac7851b285ead19b37f6883f899793d5bfeee0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 May 2023 13:00:30 +0000
Subject: [PATCH 0871/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.20.3-alpine3.17 to 1.20.4-alpine3.17.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b8c1bc93..b49f9da0 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.3-alpine3.17 as go
+FROM golang:1.20.4-alpine3.17 as go
 RUN set -ex; \
     apk add --no-cache \
         vips-dev \

From 3b28885ee2692033503b9429a5ca4865f717b2e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 May 2023 13:00:36 +0000
Subject: [PATCH 0872/3949] Bump elasticsearch from 7.17.9 to 7.17.10 in
 /Containers/fulltextsearch

Bumps elasticsearch from 7.17.9 to 7.17.10.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 67862db3..d0d98c45 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.9
+FROM elasticsearch:7.17.10
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 

From 09e299181a1c708e66642be15e2c7329d3d52074 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 15:32:45 +0200
Subject: [PATCH 0873/3949] twig templates - check for was_start_button_clicked
 instead of empty domain

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig          | 4 ++--
 php/templates/includes/aio-config.twig | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 282db522..b7afe6b6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -189,7 +189,7 @@
                 {% endif %}
             {% endif %}
 
-            {% if domain != "" and was_start_button_clicked == true %}
+            {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
                     You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
                 {% else %}
@@ -202,7 +202,7 @@
                 <a href="" class="button reload">Reload ↻</a><br/><br>
             {% endif %}
 
-            {% if domain != "" %}
+            {% if was_start_button_clicked == true %}
                 {% if isAnyRunning == true %}
                     {% if isApacheStarting != true %}
                         {% if borg_backup_host_location != '' %}
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 7428fed8..9f415463 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,6 +1,6 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
-    {% if domain != '' %}
+    {% if was_start_button_clicked == true %}
         Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
         You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></b>.<br><br>
     {% endif %}

From 0e09bb0d1267b36affbae0a990c53dba5f8a189f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 15:29:19 +0200
Subject: [PATCH 0874/3949] try to speed up the initial login

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php                   | 7 +++++--
 php/src/Docker/DockerActionManager.php | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 34c45ce1..d8a0508b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -70,13 +70,15 @@ $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class
 // Views
 $app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
+    $view->addExtension(new \AIO\Twig\ClassExtension());
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
-    $dockerActionManger->ConnectMasterContainerToNetwork();
+    /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
     $dockerController->StartDomaincheckContainer();
-    $view->addExtension(new \AIO\Twig\ClassExtension());
+    $dockerActionManger->ConnectMasterContainerToNetwork();
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'apache_port' => $configurationManager->GetApachePort(),
@@ -151,6 +153,7 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
 
 // Auth Redirector
 $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
+    /** @var \AIO\Auth\AuthManager $authManager */
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
 
     /** @var \AIO\Data\Setup $setup */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 788b32ff..3cbd1521 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -490,6 +490,10 @@ class DockerActionManager
     }
 
     public function isAnyUpdateAvailable() : bool {
+        // return early if instance is not installed
+        if (!$this->configurationManager->wasStartButtonClicked()) {
+            return false;
+        }
         $id = 'nextcloud-aio-apache';
 
         if ($this->isContainerUpdateAvailable($id) !== "") {

From 4a50fcf5a6ac580aa29127b32dccf3c371298464 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:25:03 +0200
Subject: [PATCH 0875/3949] optimze apache dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile | 104 ++++++++++++++++-------------------
 1 file changed, 47 insertions(+), 57 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 764dfb45..79c4e0e8 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -3,78 +3,68 @@ FROM caddy:2.6.4-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.17
 
+COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+
+COPY --chown=www-data:www-data Caddyfile /Caddyfile
+COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
+
+COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh
+
+VOLUME /mnt/data
+
 RUN set -ex; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
-    apk del --no-cache shadow
-
-RUN mkdir -p /mnt/data; \
-    chown www-data:www-data /mnt/data;
-
-VOLUME /mnt/data
-
-RUN set -ex; \
+    apk del --no-cache shadow; \
+    \
+    mkdir -p /mnt/data; \
+    chown -R www-data:www-data /mnt/data; \
+    \
     apk add --no-cache \
         bash \
         supervisor \
-        wget \
         tzdata \
         ca-certificates \
         openssl \
-        netcat-openbsd
-
-COPY --from=caddy /usr/bin/caddy /usr/bin/
-RUN chmod +x /usr/bin/caddy
-
-RUN sed -i \
-                -e '/^Listen /d' \
-                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-                conf/httpd.conf; \
-		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
-                echo "ServerName localhost" | tee -a conf/httpd.conf
-		
-COPY nextcloud.conf conf
-
-RUN set -ex; \
-    rm -rf conf/original conf/original && \
-    rm -rf /var/www/html/* && \
-    mkdir /var/www && \
-    chown -R www-data:www-data /var/www;
-
-RUN mkdir /var/log/supervisord; \
+        netcat-openbsd; \
+    \
+    sed -i \
+            -e '/^Listen /d' \
+            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+        /usr/local/apache2/conf/httpd.conf; \
+    echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
+    echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
+    \
+    rm -rf /usr/local/apache2/conf/original /var/www; \
+    mkdir -p /var/www; \
+    chown -R www-data:www-data /var/www; \
+    \
+    mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord; \
     chown www-data:www-data /var/run/supervisord; \
-    chown www-data:www-data /var/log/supervisord;
-
-COPY Caddyfile /
-
-COPY start.sh /usr/bin/
-COPY healthcheck.sh /usr/bin/
-COPY supervisord.conf /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /usr/bin/healthcheck.sh; \
-    chmod +r /supervisord.conf; \
-    chown www-data:www-data /Caddyfile; \
+    chown www-data:www-data /var/log/supervisord; \
+    \
     chown -R www-data:www-data /usr/local/apache2; \
-    chmod +r -R /usr/local/apache2
-
-# Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    chmod +r -R /usr/local/apache2; \
+    \
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER www-data
 

From c056879df4b717cdd0ccd1a1993e7ca519c50ad9 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:26:55 +0200
Subject: [PATCH 0876/3949] optimize borg dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/borgbackup/Dockerfile | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 3aac5df4..da93391a 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -13,11 +13,8 @@ RUN set -ex; \
 
 VOLUME /root
 
-COPY start.sh /usr/bin/
-COPY backupscript.sh /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /backupscript.sh
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 backupscript.sh /backupscript.sh
 
-USER root
 ENTRYPOINT ["start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From fbc4b9cabb04a3510b530cc676a35b0c1acfc423 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:27:52 +0200
Subject: [PATCH 0877/3949] optimize clamav Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/clamav/Dockerfile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f024c124..23e61b66 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,7 +1,8 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.0/alpine/Dockerfile
 FROM clamav/clamav:1.1.0-1
 
-RUN apk add --no-cache tzdata
-COPY clamav.conf /tmp/
-RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+COPY clamav.conf /tmp/clamav.conf
+
+RUN apk add --no-cache tzdata; \
+    tee -a /etc/clamav/clamd.conf < /tmp/clamav.conf
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From ca9b0cccf31aa50abc98d6181888a4a8470ea734 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:29:25 +0200
Subject: [PATCH 0878/3949] optimze domaincheck Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/domaincheck/Dockerfile | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 3077ff7f..8003bfab 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,18 +1,15 @@
 FROM alpine:3.17.3
-RUN apk add --no-cache lighttpd bash netcat-openbsd
-
-RUN adduser -S www-data -G www-data
-RUN rm -rf /etc/lighttpd/lighttpd.conf
-COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
-RUN chmod +r -R /etc/lighttpd && \
+RUN apk add --no-cache bash lighttpd netcat-openbsd; \
+    adduser -S www-data -G www-data; \
+    rm -rf /etc/lighttpd/lighttpd.conf; \
+    chmod +r -R /etc/lighttpd && \
     chown www-data:www-data -R /var/www && \
-    chown www-data:www-data /etc/lighttpd/lighttpd.conf
+    mkdir -p /var/www/domaincheck
+COPY --chown=www-data:www-data lighttpd.conf /etc/lighttpd/lighttpd.conf
 
-COPY start.sh /
-RUN chmod +x /start.sh
+COPY --chmod=775 start.sh /start.sh
 
 USER www-data
-RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1

From f82818cbc6881684003a607118570e0d2392832c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:30:48 +0200
Subject: [PATCH 0879/3949] optimze elastic Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/fulltextsearch/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index d0d98c45..d592bbc6 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,15 +1,15 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.10
-
-RUN elasticsearch-plugin install --batch ingest-attachment
+FROM elasticsearch:7.17.9
 
+ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         tzdata \
     ; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    elasticsearch-plugin install --batch ingest-attachment
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 8bbdbd6fa7a2d991275de9160b5d51f5ca2b5164 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:31:32 +0200
Subject: [PATCH 0880/3949] optimze mastercontainer Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/Dockerfile | 100 +++++++++++---------------
 1 file changed, 41 insertions(+), 59 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5f0a765e..5c4312b3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -7,22 +7,24 @@ FROM caddy:2.6.4-alpine as caddy
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
 FROM php:8.1.18-fpm-alpine3.17
 
+EXPOSE 80
+EXPOSE 8080
+EXPOSE 8443
+
+COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+
+WORKDIR /var/www/docker-aio
+
 RUN set -ex; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
-    usermod -u 33 -g 33 www-data
-
-EXPOSE 80
-EXPOSE 8080
-EXPOSE 8443
-
-RUN mkdir -p /var/www/docker-aio;
-
-WORKDIR /var/www/docker-aio
-
-RUN set -ex; \
+    usermod -u 33 -g 33 www-data; \
+    \
     apk add --no-cache \
         util-linux-misc \
         ca-certificates \
@@ -36,16 +38,14 @@ RUN set -ex; \
         sudo \
         netcat-openbsd \
         curl \
-        grep
-
-RUN set -ex; \
+        grep; \
+    \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
     pecl install APCu-5.1.22; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
-    \
     runDeps="$( \
         scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
             | tr ',' '\n' \
@@ -57,15 +57,8 @@ RUN set -ex; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
-
-COPY --from=caddy /usr/bin/caddy /usr/bin/
-RUN chmod +x /usr/bin/caddy
-
-COPY --from=docker /usr/local/bin/docker /usr/local/bin/
-RUN chmod +x /usr/local/bin/docker
-
-RUN set -e && \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
+    \
     apk add --no-cache git; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
@@ -75,22 +68,19 @@ RUN set -e && \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clearcache; \
+    sudo -u www-data composer clear-cache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
-    chmod 770 -R ./; \
-    chown www-data:www-data -R /var/www; \
-    rm -r ./php/data; \
-    rm -r ./php/session; \
-    apk del --no-cache git
-
-RUN mkdir -p /etc/apache2/certs && \
-    cd /etc/apache2/certs && \
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt;
-
-COPY mastercontainer.conf /etc/apache2/sites-available/
-
-RUN sed -i \
+    chmod -R 770 /var/www/docker-aio; \
+    chown -R www-data:www-data /var/www; \
+    rm -r php/data; \
+    rm -r php/session; \
+    \
+    mkdir -p /etc/apache2/certs; \
+    cd /etc/apache2/certs; \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
+    \
+    sed -i \
             -e '/^Listen /d' \
             -e 's/User apache/User www-data/g' \
             -e 's/Group apache/Group www-data/g' \
@@ -109,31 +99,23 @@ RUN sed -i \
         echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
-        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf
-
-RUN set -ex; \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
+    \
     rm -f /etc/apache2/conf.d/default.conf \
           /etc/apache2/conf.d/userdir.conf \
-          /etc/apache2/conf.d/info.conf
-
-RUN mkdir /var/log/supervisord; \
+          /etc/apache2/conf.d/info.conf; \
+    \
+    mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-COPY Caddyfile /
-COPY start.sh /usr/bin/
-COPY backup-time-file-watcher.sh /
-COPY session-deduplicator.sh /
-COPY cron.sh /
-COPY daily-backup.sh /
-COPY supervisord.conf /
-COPY healthcheck.sh /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /cron.sh; \
-    chmod +x /session-deduplicator.sh; \
-    chmod +x /backup-time-file-watcher.sh; \
-    chmod +x /daily-backup.sh; \
-    chmod a+r /Caddyfile; \
-    chmod +x /healthcheck.sh
+COPY --chmod=664 Caddyfile /Caddyfile
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 backup-time-file-watcher.sh /backup-time-file-watcher.sh
+COPY --chmod=775 session-deduplicator.sh /session-deduplicator.sh
+COPY --chmod=775 cron.sh /cron.sh
+COPY --chmod=775 daily-backup.sh /daily-backup.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER root
 

From 1841733879686f02dadb9a789d0512f3b8201bdc Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:34:27 +0200
Subject: [PATCH 0881/3949] optimize postres Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/postgresql/Dockerfile | 47 ++++++++++++++------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 6e1e86bc..0163c8b8 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,36 +1,31 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
 FROM postgres:15.2-alpine
 
-RUN apk add --no-cache bash openssl shadow grep mawk
-
-# We need to use the same gid and uid as on old installations
-RUN set -ex; \
-    deluser postgres; \
-    groupmod -g 9999 ping; \
-    addgroup -g 999 -S postgres; \
-    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres
-
-# Fix default permissions
-RUN set -ex; \
-    chown -R postgres:postgres /var/lib/postgresql; \
-    chown -R postgres:postgres /var/run/postgresql; \
-    chown -R postgres:postgres "$PGDATA"
-
-COPY start.sh /usr/bin/
-COPY healthcheck.sh /usr/bin/
-COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN set -ex; \
-    chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
-    chmod +x /usr/bin/healthcheck.sh
-
-RUN mkdir /mnt/data; \
-    chown postgres:postgres /mnt/data;
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh
+COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
 VOLUME /mnt/data
 
+RUN set -ex; \
+    apk add --no-cache bash openssl shadow grep mawk; \
+    \
+# We need to use the same gid and uid as on old installations
+    deluser postgres; \
+    groupmod -g 9999 ping; \
+    addgroup -g 999 -S postgres; \
+    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
+    \
+# Fix default permissions
+    chown -R postgres:postgres /var/lib/postgresql; \
+    chown -R postgres:postgres /var/run/postgresql; \
+    chown -R postgres:postgres "$PGDATA"; \
+    \
+    mkdir /mnt/data; \
+    chown postgres:postgres /mnt/data;
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER postgres
 ENTRYPOINT ["start.sh"]

From e4648ab03ef136f54f331dd8e131b1b783378d24 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:36:29 +0200
Subject: [PATCH 0882/3949] optimize redis Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/redis/Dockerfile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 9720efab..b68d0569 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,13 +1,12 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
 FROM redis:7.0.11-alpine
 
-RUN apk add --no-cache openssl bash
-
-COPY start.sh /usr/bin/
-RUN chmod +x /usr/bin/start.sh
+COPY --chmod=775 start.sh /usr/bin/start.sh
 
+RUN apk add --no-cache openssl bash; \
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER redis
 ENTRYPOINT ["start.sh"]

From 132444cbb967aacdb1109d458241605fbc9c394e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:37:22 +0200
Subject: [PATCH 0883/3949] optimize talk Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 476025c2..14192bb1 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -6,6 +6,9 @@ USER root
 COPY --from=nats /nats-server /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+
 RUN set -ex; \
     apk add --no-cache \
         ca-certificates \
@@ -30,15 +33,11 @@ RUN set -ex; \
         util-linux \
         build-base \
         lua5.3-dev \
-        luarocks5.3;
-
+        luarocks5.3; \
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
-
-COPY --chmod=775 start.sh /usr/bin/start.sh
-COPY --chmod=664 supervisord.conf /supervisord.conf
-
-RUN set -ex; \
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    \
     touch \
         /etc/nats.conf \
         /etc/signaling.conf \

From 079b86d840d3fb33956363b55b3ef2a2545dfe4e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:38:40 +0200
Subject: [PATCH 0884/3949] optimze watchtower Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/watchtower/Dockerfile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 79c19cfb..7cf616e2 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -4,11 +4,9 @@ FROM containrrr/watchtower:1.5.3 as watchtower
 FROM alpine:3.17.3
 
 RUN apk add --no-cache bash
-COPY --from=watchtower /watchtower /
+COPY --from=watchtower /watchtower /watchtower
 
-COPY start.sh /
-RUN chmod +x /start.sh
+COPY --chmod=775 start.sh / start.sh
 
-USER root
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 85ac995907bf8e9c000efe7d656760b199ed783a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:57:57 +0200
Subject: [PATCH 0885/3949] undo version overwritte

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index d592bbc6..034e686e 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.9
+FROM elasticsearch:7.17.10
 
 ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \

From 234590f8ee939dc7cb292ab41d703320f07208ed Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:02:07 +0200
Subject: [PATCH 0886/3949] add set -ex

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/domaincheck/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 8003bfab..7c180425 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,6 @@
 FROM alpine:3.17.3
-RUN apk add --no-cache bash lighttpd netcat-openbsd; \
+RUN set -ex; \
+    apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
     rm -rf /etc/lighttpd/lighttpd.conf; \
     chmod +r -R /etc/lighttpd && \

From c9e406f76c47c09155cda082b327690d1228f462 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:02:43 +0200
Subject: [PATCH 0887/3949] add set -ex and remove tmp conf

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/clamav/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 23e61b66..680ba4ca 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,6 +3,8 @@ FROM clamav/clamav:1.1.0-1
 
 COPY clamav.conf /tmp/clamav.conf
 
-RUN apk add --no-cache tzdata; \
-    tee -a /etc/clamav/clamd.conf < /tmp/clamav.conf
+RUN set -ex; \
+    apk add --no-cache tzdata; \
+    cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
+    rm /tmp/clamav.conf
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 3fc1487cd971707bb0c7a3c72eaf78d3cca8e078 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:03:04 +0200
Subject: [PATCH 0888/3949] update version in of source file

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 680ba4ca..5816a498 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,4 +1,4 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.0/alpine/Dockerfile
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
 FROM clamav/clamav:1.1.0-1
 
 COPY clamav.conf /tmp/clamav.conf

From a4e894092c149fbe6fae7ffe88871a378ad74c42 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:10:38 +0200
Subject: [PATCH 0889/3949] add suggestion

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index b68d0569..53b4781a 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -5,7 +5,7 @@ COPY --chmod=775 start.sh /usr/bin/start.sh
 
 RUN apk add --no-cache openssl bash; \
     \
-# Give root a random password
+    # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER redis

From 55bc84d3f2b51eac5c8a178233b2f238bd171c1a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:10:47 +0200
Subject: [PATCH 0890/3949] add set -ex

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/redis/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 53b4781a..cd19d005 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -3,7 +3,8 @@ FROM redis:7.0.11-alpine
 
 COPY --chmod=775 start.sh /usr/bin/start.sh
 
-RUN apk add --no-cache openssl bash; \
+RUN set -ex; \
+    apk add --no-cache openssl bash; \
     \
     # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd

From fb45fa40739be0ce3fce9f4fd834eae9e75907d1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:11:18 +0200
Subject: [PATCH 0891/3949] add suggestion

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 14192bb1..b100ce14 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -35,7 +35,7 @@ RUN set -ex; \
         lua5.3-dev \
         luarocks5.3; \
     \
-# Give root a random password
+    # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
     touch \

From 12d351aa19fa34f1a09dfc338ae6b5452c177493 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:27:55 +0200
Subject: [PATCH 0892/3949] apply suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/domaincheck/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 7c180425..fc7264ef 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -3,9 +3,9 @@ RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
     rm -rf /etc/lighttpd/lighttpd.conf; \
-    chmod +r -R /etc/lighttpd && \
-    chown www-data:www-data -R /var/www && \
-    mkdir -p /var/www/domaincheck
+    chmod +r -R /etc/lighttpd; \
+    mkdir -p /var/www/domaincheck; \
+    chown www-data:www-data -R /var/www
 COPY --chown=www-data:www-data lighttpd.conf /etc/lighttpd/lighttpd.conf
 
 COPY --chmod=775 start.sh /start.sh

From 3e1ae33e951d3bbc16d6b7432fb027f51616cf14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:31:43 +0200
Subject: [PATCH 0893/3949] Update Containers/redis/Dockerfile

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index cd19d005..5bec5f8e 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -6,7 +6,7 @@ COPY --chmod=775 start.sh /usr/bin/start.sh
 RUN set -ex; \
     apk add --no-cache openssl bash; \
     \
-    # Give root a random password
+# Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER redis

From 7c11a8a278362bc781499a8ec77c831aae79dec5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:32:56 +0200
Subject: [PATCH 0894/3949] Update Containers/talk/Dockerfile

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index b100ce14..14192bb1 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -35,7 +35,7 @@ RUN set -ex; \
         lua5.3-dev \
         luarocks5.3; \
     \
-    # Give root a random password
+# Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
     touch \

From bc7d2a1337d2af6ace4452af8620b549272421d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:35:14 +0200
Subject: [PATCH 0895/3949] use suggestion

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 7cf616e2..741b1c1e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -6,7 +6,7 @@ FROM alpine:3.17.3
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower
 
-COPY --chmod=775 start.sh / start.sh
+COPY --chmod=775 start.sh /start.sh
 
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 06d802fd4377f6f49672064191c5a02413565ad5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:42:04 +0200
Subject: [PATCH 0896/3949] apply suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index da93391a..4e4b51c6 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -13,8 +13,8 @@ RUN set -ex; \
 
 VOLUME /root
 
-COPY --chmod=775 start.sh /usr/bin/start.sh
-COPY --chmod=775 backupscript.sh /backupscript.sh
+COPY --chmod=770 *.sh /
+
+ENTRYPOINT ["/start.sh"]
 
-ENTRYPOINT ["start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 93748f9644a88c1222a577ed569394c3c21995f5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 17:22:55 +0200
Subject: [PATCH 0897/3949] add a second init step for postgres

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 0db93026..94344458 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -56,12 +56,16 @@ cat << EOL > /tmp/initcontainers
 EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
-        - name: init-volumes
+        - init-subpath
           image: alpine
           command:
             - mkdir
             - "-p"
-            - /nextcloud-aio-database/data;
+            - /nextcloud-aio-database/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
             - chown
             - 999:999
             - "-R"

From 669555289caf203533e13545c4448a9b8d9ad323 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:50:23 +0200
Subject: [PATCH 0898/3949] do not use ARG (1/2)

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/fulltextsearch/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 034e686e..baef5272 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,7 +1,6 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
 FROM elasticsearch:7.17.10
 
-ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \

From 73286c558ca9e4874e04be3a7404dada8405e15b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 17:50:33 +0200
Subject: [PATCH 0899/3949] do not use ARG (2/2)

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/fulltextsearch/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index baef5272..01c0ff29 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -3,6 +3,7 @@ FROM elasticsearch:7.17.10
 
 RUN set -ex; \
     \
+    export DEBIAN_FRONTEND=noninteractive; \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         tzdata \

From 0fdcba047d0a95f749551b0bb88fba280f9562d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:07:19 +0200
Subject: [PATCH 0900/3949] manual-install - add an entry to the readme
 regarding ipv6

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 3c5d8fc7..3efe8bd8 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -38,6 +38,7 @@ Since the AIO containers may change in the future, it is highly recommended to s
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing.
+1. Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

From 897f05ee0f5b3126ef140bf5c3f01df3e1ec0bbb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:12:32 +0200
Subject: [PATCH 0901/3949] add suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 09878219..eefbba37 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -36,7 +36,7 @@ On Windows and macOS which use Docker Desktop, you need to go into the settings,
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="172.30.1.0/24" --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ---
 

From 6b15a2838af61808ca632759f52d80f3eab6c67b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:12:42 +0200
Subject: [PATCH 0902/3949] Add suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index eefbba37..a555de40 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -21,7 +21,7 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="172.30.1.0/24" --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 

From dad3477a9f5ed3066e0dba848bc19c2e0c724387 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:34:05 +0200
Subject: [PATCH 0903/3949] apply suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8e1f8066..a5bd5c8b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -52,6 +52,7 @@ services:
 # # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 # networks:
 #   nextcloud-aio:
+#     name: nextcloud-aio
 #     driver: bridge
 #     driver_opts:
 #       com.docker.network.bridge.name: nextcloud-aio

From 17701ce256bf74f93f69a7ff5ec0ab8ad9690181 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:34:17 +0200
Subject: [PATCH 0904/3949] apply suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a5bd5c8b..42e1ca49 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -60,5 +60,4 @@ services:
 #     ipam:
 #       driver: default
 #       config:
-#         - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
 #         - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

From a5d03e495e996f0638938a4007b9d19989ce139c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:38:08 +0200
Subject: [PATCH 0905/3949] add suggestion

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 42e1ca49..328d83b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -54,8 +54,6 @@ services:
 #   nextcloud-aio:
 #     name: nextcloud-aio
 #     driver: bridge
-#     driver_opts:
-#       com.docker.network.bridge.name: nextcloud-aio
 #     enable_ipv6: true
 #     ipam:
 #       driver: default

From beffb879dc45a74e5f9ad3e8ce8745bd8cfb57d4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:38:42 +0200
Subject: [PATCH 0906/3949] apply suggestions to manual-install network as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 18971040..a0e04db7 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -131,14 +131,12 @@ cat << NETWORK >> containers.yml
 # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
     driver: bridge
-    driver_opts:
-      com.docker.network.bridge.name: nextcloud-aio
     enable_ipv6: true
     ipam:
       driver: default
       config:
-        - subnet: \${IPV4_NETWORK:-172.22.1}.0/24
         - subnet: \${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
 NETWORK
 

From a69f6a3d399af9917b79285bfa4da8feeed13c4e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 18:45:06 +0200
Subject: [PATCH 0907/3949] add ipv6-advice as warning

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 3efe8bd8..a5c6b380 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -37,8 +37,7 @@ Since the AIO containers may change in the future, it is highly recommended to s
 1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing.
-1. Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

From e0b0066f8a2fb102a40e947a3173f1a9e1157aed Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 23:07:59 +0200
Subject: [PATCH 0908/3949] add a hint regarding docker run command

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4bff1de8..2de971dc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -558,7 +558,7 @@ Afterwards should the AIO interface be accessible via `https://ip.address.of.the
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that you used the docker run command that is described in this reverse proxy documentation.
+1. Make sure that you used the docker run command that is described in this reverse proxy documentation. Hint: make sure that you have set the APACHE_PORT during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports match the chosen `APACHE_PORT`.
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)

From 944e09237ccb2cb5baa614c96ac1b2d2b19dd0a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 May 2023 23:21:09 +0200
Subject: [PATCH 0909/3949] docker-compose - add an explanation why some
 settings are not to be changed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 328d83b5..a16d2e2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,15 +2,15 @@ version: "3.8"
 
 volumes:
   nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
 
 services:
   nextcloud:
     image: nextcloud/all-in-one:latest
     restart: always
-    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

From a63ff97f433535cde9912fabb5c83f34d2f02fe6 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 4 May 2023 00:38:28 +0200
Subject: [PATCH 0910/3949] improve ipv6 docs (#2504)

---
 docker-compose.yml            |  9 ++++++---
 docker-ipv6-support.md        | 12 ++++++------
 manual-install/update-yaml.sh |  3 ++-
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a16d2e2a..5c4153a1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,8 @@ services:
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
       # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+    # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
+      # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
@@ -48,14 +50,15 @@ services:
   #     - ./sites:/srv
   #   network_mode: "host"
 
-# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network
+# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
+# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
 # # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 # networks:
 #   nextcloud-aio:
-#     name: nextcloud-aio
+#     name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
 #     driver: bridge
 #     enable_ipv6: true
 #     ipam:
 #       driver: default
 #       config:
-#         - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
+#         - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use
diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index a555de40..b59725bf 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -3,12 +3,12 @@
 Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
 
 ## Docker on Linux and Docker-rootless
-1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `2001:db8:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well. If you are using mailcow and enabled IPv6 with the update.sh, you can keep their daemon.json, it will work too.
 
     ```json
     {
       "ipv6": true,
-      "fixed-cidr-v6": "2001:db8:1::/64",
+      "fixed-cidr-v6": "fd12:3456:789a:1::/64",
       "experimental": true,
       "ip6tables": true
     }
@@ -21,22 +21,22 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
 
-1. You need to now adjust this json file by setting the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `2001:db8:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+1. You need to now adjust this json file by setting the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
 
     ```
     "ipv6": true,
-    "fixed-cidr-v6": "2001:db8:1::/64",
+    "fixed-cidr-v6": "fd12:3456:789a:1::/64",
     "experimental": true,
     "ip6tables": true
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="2001:db8:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ---
 
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index a0e04db7..c0cd8872 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -85,6 +85,7 @@ sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
+echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
 cat sample.conf
 
@@ -137,7 +138,7 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: \${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
+        - subnet: \${IPV6_NETWORK}
 NETWORK
 
 cat containers.yml > latest.yml

From d87ae9d51b163ea4c18f60a67a4bb114288b4885 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 00:44:37 +0200
Subject: [PATCH 0911/3949] adjust wording a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index b59725bf..4fc3433e 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -21,7 +21,7 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
@@ -36,7 +36,7 @@ On Windows and macOS which use Docker Desktop, you need to go into the settings,
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. If it finds the network though and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ---
 

From 5667b989b9a211193624aa3e6c7876d88440d787 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 01:15:38 +0200
Subject: [PATCH 0912/3949] improve detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 4fc3433e..7aac4dd0 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -21,7 +21,7 @@ Before you can use IPv6 in Docker containers or swarm services, you need to enab
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 

From dcf83fafcc8f88062d07ebdc09031a8125925875 Mon Sep 17 00:00:00 2001
From: JL102 <jordanlees@mailbox.org>
Date: Fri, 14 Apr 2023 17:34:52 -0400
Subject: [PATCH 0913/3949] Proxy instructions for NodeJS/express

Signed-off-by: JL102 <jordanlees@mailbox.org>
---
 reverse-proxy.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 78d55ad3..7a6f206c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -352,6 +352,89 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 </details>
 
+### Node.js with Express
+
+<details>
+
+<summary>click here to expand</summary>
+
+For Node.js, we will use the npm package `http-proxy`. WebSockets must be handled separately.
+
+This example only uses `http`, but if your Express server already uses a `https` server, then follow the same instructions for `https`.
+
+```js
+const HttpProxy = require('http-proxy');
+const express = require('express');
+const http = require('http');
+
+const app = express();
+const proxy = HttpProxy.createProxyServer({
+	target: 'http://localhost:11000',
+	// Timeout can be changed to your liking.
+	timeout: 1000 * 60 * 3,
+	proxyTimeout: 1000 * 60 * 3,
+	// Not 100% certain whether autoRewrite is necessary, but enabling it SEEMS to make it behave more stably.
+	autoRewrite: true,
+	// Do not enable followRedirects.
+	followRedirects: false,
+});
+
+// Handle errors with proxy.web and proxy.ws
+function onProxyError(err, req, res, target) {
+	// Handle errors however you like. Here's an example:
+	if (err.code === 'ECONNREFUSED') {
+		return res.status(503).send('Nextcloud server is currently not running. It may be down for temporary maintenance.');
+	}
+	// other errors
+	else {
+		console.error(err);
+		return res.status(500).send(String(err));
+	}
+}
+
+app.use((req, res) => {
+	proxy.web(req, res, {}, onProxyError);
+});
+
+const httpServer = http.createServer(app);
+httpServer.listen('80');
+
+// Listen for an upgrade to a WebSocket connection.
+httpServer.on('upgrade', (req, socket, head) => {
+	proxy.ws(req, socket, head, {}, onProxyError);
+});
+```
+
+If you are using the Express package `vhost` for your app, you can use `proxy.web` inside the vhosted express function (see the following code snippet), but `proxy.ws` still needs to be done "globally" on your http server. Nextcloud should automatically ignore websocket requests for other domains.
+
+```js
+const HttpProxy = require('http-proxy');
+const express = require('express');
+const http = require('http');
+
+const myNextcloudApp = express();
+const myOtherApp = express();
+const vhost = express();
+
+// Definitions for proxy and onProxyError unchanged. (see above)
+
+myNextcloudApp.use((req, res) => {
+	proxy.web(req, res, {}, onProxyError);
+});
+
+vhost.use(vhostFunc('nextcloud.example.com', myNextcloudApp));
+vhost.use(vhostFunc('www.example.com', myOtherApp));
+
+const httpServer = http.createServer(app);
+httpServer.listen('80');
+
+// Listen for an upgrade to a WebSocket connection.
+httpServer.on('upgrade', (req, socket, head) => {
+	proxy.ws(req, socket, head, {}, onProxyError);
+});
+```
+</details>
+
 ### Synology Reverse Proxy
 
 <details>

From e30b0f878b8a63bcbae57b588fdf01a15d4d32fb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 16:28:18 +0200
Subject: [PATCH 0914/3949] adjust the docs a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
Signed-off-by: JL102 <jordanlees@mailbox.org>
---
 reverse-proxy.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7a6f206c..512b4cba 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -358,6 +358,8 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 <summary>click here to expand</summary>
 
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
 For Node.js, we will use the npm package `http-proxy`. WebSockets must be handled separately.
 
 This example only uses `http`, but if your Express server already uses a `https` server, then follow the same instructions for `https`.
@@ -422,8 +424,7 @@ myNextcloudApp.use((req, res) => {
 	proxy.web(req, res, {}, onProxyError);
 });
 
-vhost.use(vhostFunc('nextcloud.example.com', myNextcloudApp));
-vhost.use(vhostFunc('www.example.com', myOtherApp));
+vhost.use(vhostFunc('<your-nextcloud-domain>', myNextcloudApp));
 
 const httpServer = http.createServer(app);
 httpServer.listen('80');
@@ -433,6 +434,10 @@ httpServer.on('upgrade', (req, socket, head) => {
 	proxy.ws(req, socket, head, {}, onProxyError);
 });
 ```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. 
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+
 </details>
 
 ### Synology Reverse Proxy

From 1a54b583c599712c1bbefeb46d01c23d339783ce Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 12:05:04 +0200
Subject: [PATCH 0915/3949] increase to 5.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b7afe6b6..e5367bca 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.0.0</h1>
+        <h1>Nextcloud AIO v5.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 93cec3ca5bd4291408dc4168b23b45d3bd02c836 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 12:43:55 +0200
Subject: [PATCH 0916/3949] available check of .1 is sometimes apparently not
 enough when ipv6 is enabled

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3cbd1521..bd159311 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -132,7 +132,7 @@ class DockerActionManager
         }
         
         if ($internalPort !== "" && $internalPort !== 'host') {
-            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
             if ($connection) {
                 fclose($connection);
                 return new RunningState();

From 8750bd343cb298b8b06de49bc06058e47804fbbb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 14:52:09 +0200
Subject: [PATCH 0917/3949] mastercontainer needs to be connected before
 starting any other container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/index.php b/php/public/index.php
index d8a0508b..f75a514a 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -77,8 +77,8 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
     /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
-    $dockerController->StartDomaincheckContainer();
     $dockerActionManger->ConnectMasterContainerToNetwork();
+    $dockerController->StartDomaincheckContainer();
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'apache_port' => $configurationManager->GetApachePort(),

From b08b59b39be00cfd6ce8b2c2a308751c035b66ed Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 May 2023 15:38:11 +0200
Subject: [PATCH 0918/3949] fix initial options not showing up

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e5367bca..db8f5da3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -202,7 +202,7 @@
                 <a href="" class="button reload">Reload ↻</a><br/><br>
             {% endif %}
 
-            {% if was_start_button_clicked == true %}
+            {% if domain != "" %}
                 {% if isAnyRunning == true %}
                     {% if isApacheStarting != true %}
                         {% if borg_backup_host_location != '' %}

From 49e9c74a77fa177e2ec8f36d14e38036e8f632ec Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 5 May 2023 04:08:39 +0000
Subject: [PATCH 0919/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index dd6eedf6..0653e854 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.10.0@a5effd2d2dddd1a7ea7a0f6a051ce63ff979e356"/>
+<files psalm-version="5.11.0@c9b192ab8400fdaf04b2b13d110575adc879aa90"/>

From 6a300d03a6766ac02f1d16dc4bf348bd03fe251e Mon Sep 17 00:00:00 2001
From: iraklis10 <1414477+iraklis10@users.noreply.github.com>
Date: Sun, 7 May 2023 19:35:02 +0100
Subject: [PATCH 0920/3949] Update local-instance.md

minor typo

Signed-off-by: iraklis10 <1414477+iraklis10@users.noreply.github.com>
---
 local-instance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/local-instance.md b/local-instance.md
index 515c6b3d..602e4b2b 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -6,7 +6,7 @@ The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
-1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Enter the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
 ## 2. Use the ACME DNS-challenge

From 616159c1b828a38780115755d3a3d54e0ec59c5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 May 2023 12:59:44 +0000
Subject: [PATCH 0921/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.13.1.1 to 22.05.14.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index ac829841..82ca99dd 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.13.1.1
+FROM collabora/code:22.05.14.3.1
 
 USER root
 

From a9960c8d6a89b3dd315da397f4c7f4140bc18f2b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 8 May 2023 22:59:47 +0200
Subject: [PATCH 0922/3949] add root user check for mastercontainer

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 96b64cbc..e54debc2 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -20,6 +20,11 @@ case "${1}" in
 esac
 }
 
+if [ "$(whoami)" != "root" ] || [ "$(id -u)" != "0" ] || [ "$(id -g)" != "0" ]; then
+    print_red "Container does not run as root. Cannot continue."
+    exit 1
+fi
+
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."

From 9035f476114ccea06fd37b970e3652e4979d9566 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 9 May 2023 00:54:15 +0200
Subject: [PATCH 0923/3949] backup script - a few enhancements and safeguards

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 64bb8fd2..d877affe 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -86,8 +86,9 @@ if [ "$BORG_MODE" = backup ]; then
     if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-            echo "Cannot initialize a new repository as that was already done at least one time."
-            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "No borg config file was found in the targeted directory."
+            echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
+            echo "If you instead want to initialize a new backup repository, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
             echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
             exit 1
         fi
@@ -132,6 +133,13 @@ if [ "$BORG_MODE" = backup ]; then
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
 
+    # Make sure that there is always a borg.config file before creating a new backup
+    if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
+        echo "Did not find borg.config file in the mastercontainer volume."
+        echo "Cannot create a backup as this is wrong."
+        exit 1
+    fi
+
     # Create the backup
     echo "Starting the backup..."
     get_start_time

From 40c3a24b8bc7ab1a564ea4b619244f21ad284e3c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 9 May 2023 11:17:39 +0200
Subject: [PATCH 0924/3949] Update Containers/mastercontainer/start.sh

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/start.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index e54debc2..10c3befa 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -20,8 +20,9 @@ case "${1}" in
 esac
 }
 
-if [ "$(whoami)" != "root" ] || [ "$(id -u)" != "0" ] || [ "$(id -g)" != "0" ]; then
-    print_red "Container does not run as root. Cannot continue."
+# Check if running as root user
+if [ "$EUID" != "0" ]; then
+    print_red "Container does not run as root user. This is not supported."
     exit 1
 fi
 

From d1e781617c42b764cb30cf257a8bddd1de223bc1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 9 May 2023 16:21:42 +0200
Subject: [PATCH 0925/3949] add detail to talk_port docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e284879b..6f5b7a3c 100644
--- a/readme.md
+++ b/readme.md
@@ -569,7 +569,7 @@ Be aware though that these locations will not be covered by the built-in backup
 **Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value.
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
 By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.

From bd4afa7cff72e92cadeedee7d43a908836cf0eb9 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 10 May 2023 12:03:09 +0000
Subject: [PATCH 0926/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 8 ++++++++
 manual-install/sample.conf | 1 +
 2 files changed, 9 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index e3d5fc82..7e20ff51 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -237,5 +237,13 @@ volumes:
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 
+# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: ${IPV6_NETWORK}
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index e2357b4c..6c438210 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -31,3 +31,4 @@ TALK_PORT=3478          # This allows to adjust the port that the talk container
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use

From 1f7f675454a12cb2772fb8783ba0c9b56deb6fc6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 May 2023 14:33:03 +0200
Subject: [PATCH 0927/3949] add a section on Synology what to do if the socket
 could not be found

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.md b/readme.md
index 6f5b7a3c..51be2817 100644
--- a/readme.md
+++ b/readme.md
@@ -170,6 +170,8 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ### How to run AIO on Synology DSM
 On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
+⚠️ **Please note**: it is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
+
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 You'll also need to adjust Synology's firewall, see below:

From 1f6ab346a3643d887f076fb821fa42f2c9357df8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 May 2023 20:30:26 +0200
Subject: [PATCH 0928/3949] add r0 to coturn version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 14192bb1..9cc64683 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.16-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM coturn/coturn:4.6.2-alpine
+FROM coturn/coturn:4.6.2-r0-alpine
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server

From 72909bde642f631246767d061ad453af552c56e6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 May 2023 20:40:04 +0200
Subject: [PATCH 0929/3949] update mastercontainer to php 8.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/create-psalm-container.yml  |  2 +-
 .github/workflows/dependency-updates.yml      |  2 +-
 .github/workflows/lint-php.yml                |  2 +-
 .../workflows/php-deprecation-detector.yml    |  4 ++--
 .github/workflows/psalm-analysis.yml          |  4 ++--
 .github/workflows/psalm-update-baseline.yml   |  4 ++--
 .github/workflows/twig-lint.yml               |  2 +-
 Containers/mastercontainer/Dockerfile         |  4 ++--
 php/composer.json                             |  4 ++--
 php/composer.lock                             | 23 ++++++++-----------
 10 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml
index 20d387df..2f217c25 100644
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Modify the Dockerfile
         run: |
           set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile"
           cat << APCU >> "psalm-github-actions/Dockerfile"
           RUN mkdir -p /usr/src/php/ext/apcu && \
             curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9ce168d6..5f063651 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: shivammathur/setup-php@v2
       with:
-        php-version: 8.1
+        php-version: 8.2
         extensions: apcu
     - name: Run dependency update script
       run: |
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index f3e56b92..fb57d046 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.1"]
+        php-versions: ["8.2"]
 
     name: php-lint
 
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 073d349d..7e4c625f 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-analysis.yml b/.github/workflows/psalm-analysis.yml
index 5994862c..6d367a52 100644
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index e565bdd0..9413b19e 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 0652df87..2bb89e70 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.1"]
+        php-versions: ["8.2"]
 
     name: twig-lint
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5f0a765e..4bed2710 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -4,8 +4,8 @@ FROM docker:23.0.5-cli as docker
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.18-fpm-alpine3.17
+# From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
+FROM php:8.2.5-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \
diff --git a/php/composer.json b/php/composer.json
index acdccfa7..32488056 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "8.1.*",
+        "php": "8.2.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"
 	}
 }
diff --git a/php/composer.lock b/php/composer.lock
index ec4c564c..5099e9ca 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "ca8e9b0dbbbd88c096dd8f2bda37a315",
+    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1642,16 +1642,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.5.1",
+            "version": "v3.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15"
+                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6e0510cc793912b451fd40ab983a1d28f611c15",
-                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/106c170d08e8415d78be2d16c3d057d0d108262b",
+                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b",
                 "shasum": ""
             },
             "require": {
@@ -1660,15 +1660,10 @@
                 "symfony/polyfill-mbstring": "^1.3"
             },
             "require-dev": {
-                "psr/container": "^1.0",
+                "psr/container": "^1.0|^2.0",
                 "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.5-dev"
-                }
-            },
             "autoload": {
                 "psr-4": {
                     "Twig\\": "src/"
@@ -1702,7 +1697,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.5.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.6.0"
             },
             "funding": [
                 {
@@ -1714,7 +1709,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-02-08T07:49:20+00:00"
+            "time": "2023-05-03T19:06:57+00:00"
         }
     ],
     "packages-dev": [],
@@ -1724,7 +1719,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "8.1.*",
+        "php": "8.2.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

From cd0b4cf1ccc84428ca6b27cfc9a669a1099e9fcd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 May 2023 23:22:14 +0200
Subject: [PATCH 0930/3949] add a video on traefik configuration

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 58498417..be339ec7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -549,7 +549,7 @@ Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to
 
 **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
-**Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
+**Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>
 

From c6f49ee45c76b028f3df083bd4e6ee48179e0327 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 May 2023 08:00:56 +0000
Subject: [PATCH 0931/3949] Bump docker from 23.0.5-cli to 23.0.6-cli in
 /Containers/mastercontainer

Bumps docker from 23.0.5-cli to 23.0.6-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5f0a765e..61392c84 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.5-cli as docker
+FROM docker:23.0.6-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 2f2398c704b5984735c43b8e09563bbedb33f462 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 11 May 2023 10:57:19 +0200
Subject: [PATCH 0932/3949] try to fix the helm-chart-update workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 94344458..644f6133 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -32,6 +32,7 @@ sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
 sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
+sed -i "/name: nextcloud-aio/,$ d" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
 sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
@@ -187,6 +188,7 @@ sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
+sed -i '/^IPV6_NETWORK/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf

From 285407e1768d9f6751eac22a6d75aa77ed76b7e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 11 May 2023 11:47:36 +0200
Subject: [PATCH 0933/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 644f6133..286dbee5 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -57,7 +57,7 @@ cat << EOL > /tmp/initcontainers
 EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
-        - init-subpath
+        - name: init-subpath
           image: alpine
           command:
             - mkdir

From bbeb7e2db289c5d45b348dda08f664e35400f4a1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 11 May 2023 09:48:01 +0000
Subject: [PATCH 0934/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml             |  2 +-
 .../nextcloud-aio-apache-deployment.yaml        |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml        |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml     |  4 +++-
 .../nextcloud-aio-database-deployment.yaml      | 17 ++++++++++++++++-
 ...nextcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml     |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml     |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml    |  2 +-
 .../nextcloud-aio-redis-deployment.yaml         |  2 +-
 .../nextcloud-aio-talk-deployment.yaml          |  2 +-
 11 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index b5705fb2..fa82250c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 5.0.0
+version: 5.1.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index e682a8e3..acd1479b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230501_090621-latest
+          image: nextcloud/aio-apache:20230511_075831-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 20235973..2ea0d0bc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230501_090621-latest
+          image: nextcloud/aio-clamav:20230511_075831-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5ff3118b..164e924c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,6 +34,8 @@ spec:
               mountPath: /nextcloud-aio-collabora-fonts
       containers:
         - env:
+            - name: DONT_GEN_SSL_CERT
+              value: "1"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: aliasgroup1
@@ -44,7 +46,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230501_090621-latest
+          image: nextcloud/aio-collabora:20230511_075831-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f93e810e..ef64dfe3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -22,11 +22,25 @@ spec:
         io.kompose.service: nextcloud-aio-database
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-database/data
+            - /nextcloud-aio-database
+            - /nextcloud-aio-database-dump
+          volumeMounts:
+            - name: nextcloud-aio-database-dump
+              mountPath: /nextcloud-aio-database-dump
+            - name: nextcloud-aio-database
+              mountPath: /nextcloud-aio-database
         - name: init-volumes
           image: alpine
           command:
             - chown
             - 999:999
+            - "-R"
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
           volumeMounts:
@@ -46,12 +60,13 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230501_090621-latest
+          image: nextcloud/aio-postgresql:20230511_075831-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
+              subPath: data
               name: nextcloud-aio-database
             - mountPath: /mnt/data
               name: nextcloud-aio-database-dump
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 53ee0d7d..b8f48660 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230501_090621-latest
+          image: nextcloud/aio-fulltextsearch:20230511_075831-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 604c89ea..85864f47 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230501_090621-latest
+          image: nextcloud/aio-imaginary:20230511_075831-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fd0d3b4f..967d90ec 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230501_090621-latest
+          image: nextcloud/aio-nextcloud:20230511_075831-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 748ce89a..9384d233 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230501_090621-latest
+          image: nextcloud/aio-onlyoffice:20230511_075831-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 78623360..0d9b46d0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230501_090621-latest
+          image: nextcloud/aio-redis:20230511_075831-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 2b77759c..8d0ef0ac 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230501_090621-latest
+          image: nextcloud/aio-talk:20230511_075831-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From d100bf985e12f0770befe7d7798b6e155f5c510b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 11 May 2023 14:13:56 +0200
Subject: [PATCH 0935/3949] move VOLUME and delete shadow

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/postgresql/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 0163c8b8..9b2e7e55 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -5,8 +5,6 @@ COPY --chmod=775 start.sh /usr/bin/start.sh
 COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh
 COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
-VOLUME /mnt/data
-
 RUN set -ex; \
     apk add --no-cache bash openssl shadow grep mawk; \
     \
@@ -15,6 +13,7 @@ RUN set -ex; \
     groupmod -g 9999 ping; \
     addgroup -g 999 -S postgres; \
     adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
+    apk del --no-cache shadow; \
     \
 # Fix default permissions
     chown -R postgres:postgres /var/lib/postgresql; \
@@ -27,6 +26,8 @@ RUN set -ex; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
+VOLUME /mnt/data
+
 USER postgres
 ENTRYPOINT ["start.sh"]
 

From b9709aa4007ea15f958c851929a0830a34a2efdb Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 11 May 2023 14:17:54 +0200
Subject: [PATCH 0936/3949] change script paths

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/postgresql/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 9b2e7e55..313360bd 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,8 +1,8 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
 FROM postgres:15.2-alpine
 
-COPY --chmod=775 start.sh /usr/bin/start.sh
-COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
 RUN set -ex; \
@@ -29,7 +29,7 @@ RUN set -ex; \
 VOLUME /mnt/data
 
 USER postgres
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 6ad9e9eda607ad58b9794001761a68a5622fa68c Mon Sep 17 00:00:00 2001
From: Valeriy Sotnikov <sotnikov.link@mail.ru>
Date: Thu, 11 May 2023 23:51:21 +0300
Subject: [PATCH 0937/3949] sudo docker volume prune --filter all=1

Signed-off-by: Valeriy Sotnikov <sotnikov.link@mail.ru>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 51be2817..f0e4a14f 100644
--- a/readme.md
+++ b/readme.md
@@ -303,7 +303,7 @@ Here is how to reset the AIO instance properly:
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
-1. Now remove all these dangling volumes: `sudo docker volume prune docker --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
+1. Now remove all these dangling volumes: `sudo docker volume prune --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
 1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
 1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.

From 3973943acd6ed187264e8a41195400e94759c130 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 12 May 2023 12:50:10 +0200
Subject: [PATCH 0938/3949] fix imaginary update workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/imaginary-update.yml | 2 +-
 Containers/imaginary/Dockerfile        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 61148c98..7a7ad083 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|go install github.com/h2non/imaginary.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|go install github.com/h2non/imaginary.*;|go install github.com/h2non/imaginary@$imaginary_version;|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b49f9da0..af14f2a7 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -7,7 +7,7 @@ RUN set -ex; \
         vips-jxl \
         vips-poppler \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84;
 
 FROM alpine:3.17.3
 RUN set -ex; \

From d95058ae21f2c6e6e737ac22cfdfd1e1bf57e896 Mon Sep 17 00:00:00 2001
From: steffenmalisi <steffenmalisi@users.noreply.github.com>
Date: Thu, 11 May 2023 11:24:40 +0200
Subject: [PATCH 0939/3949] Makes imaginary port configurable

Signed-off-by: steffenmalisi <steffenmalisi@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index af14f2a7..c3980fc4 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -23,11 +23,13 @@ RUN set -ex; \
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 
+ENV PORT 9000
+
 USER nobody
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["imaginary", "-p", "9000", "-return-size", "-max-allowed-resolution", "222.2"]
+ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
 
-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+HEALTHCHECK CMD nc -z localhost $PORT || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 7df7ee738c4088502ea817d5efc847c403563675 Mon Sep 17 00:00:00 2001
From: steffenmalisi <steffenmalisi@users.noreply.github.com>
Date: Thu, 11 May 2023 14:48:51 +0200
Subject: [PATCH 0940/3949] Prevents globbing and word splitting

Signed-off-by: steffenmalisi <steffenmalisi@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index c3980fc4..caa473d5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -31,5 +31,5 @@ USER nobody
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
 
-HEALTHCHECK CMD nc -z localhost $PORT || exit 1
+HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 502f32f207dc7ff94d32b81abb5621939daeaa04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 12:58:50 +0000
Subject: [PATCH 0941/3949] Bump postgres from 15.2-alpine to 15.3-alpine in
 /Containers/postgresql

Bumps postgres from 15.2-alpine to 15.3-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 313360bd..5c16d805 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.2-alpine
+FROM postgres:15.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 9584ef53468292ed7e3e7ae103ce26675a4f073d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 12:58:53 +0000
Subject: [PATCH 0942/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.5-fpm-alpine3.17 to 8.2.6-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 018202f4..4339e204 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:23.0.6-cli as docker
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
-FROM php:8.2.5-fpm-alpine3.17
+FROM php:8.2.6-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

From a0cf31ad1b6da7f654ea4a58f900a9e98bff66ad Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 12 May 2023 17:57:02 +0200
Subject: [PATCH 0943/3949] put scripts into /

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 79c4e0e8..7a95ff06 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -9,8 +9,8 @@ COPY --chown=www-data:www-data Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
 
 COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY --chmod=775 start.sh /usr/bin/start.sh
-COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 VOLUME /mnt/data
 
@@ -68,8 +68,8 @@ RUN set -ex; \
 
 USER www-data
 
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 3b4d741c8e7dda78f9b9dcf45f1efd4aadfd7657 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 12 May 2023 17:58:47 +0200
Subject: [PATCH 0944/3949] put scripts into /

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/Dockerfile | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5c4312b3..b01bea51 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -108,18 +108,13 @@ RUN set -ex; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
+COPY --chmod=775 *.sh /
 COPY --chmod=664 Caddyfile /Caddyfile
-COPY --chmod=775 start.sh /usr/bin/start.sh
-COPY --chmod=775 backup-time-file-watcher.sh /backup-time-file-watcher.sh
-COPY --chmod=775 session-deduplicator.sh /session-deduplicator.sh
-COPY --chmod=775 cron.sh /cron.sh
-COPY --chmod=775 daily-backup.sh /daily-backup.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER root
 
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh

From f917f129328c5a7b1a7ef1feee2509b4fc6af704 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 12 May 2023 18:00:33 +0200
Subject: [PATCH 0945/3949] move mastercontainer.conf to the end

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index b01bea51..4ac4d390 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -11,8 +11,6 @@ EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
 
-COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
-
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 
@@ -111,6 +109,7 @@ RUN set -ex; \
 COPY --chmod=775 *.sh /
 COPY --chmod=664 Caddyfile /Caddyfile
 COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
 USER root
 

From c780f28c51d83e1c8d0ee614b455eab0d503f7f7 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 14 May 2023 12:02:13 +0000
Subject: [PATCH 0946/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 5099e9ca..8b0a0db6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.5.1",
+            "version": "7.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
+                "reference": "733dd89533dd371a0987172727df15f500dab0ef"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
-                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/733dd89533dd371a0987172727df15f500dab0ef",
+                "reference": "733dd89533dd371a0987172727df15f500dab0ef",
                 "shasum": ""
             },
             "require": {
@@ -48,9 +48,6 @@
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "7.5-dev"
                 }
             },
             "autoload": {
@@ -116,7 +113,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.5.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.6.0"
             },
             "funding": [
                 {
@@ -132,7 +129,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-04-17T16:30:08+00:00"
+            "time": "2023-05-14T11:23:39+00:00"
         },
         {
             "name": "guzzlehttp/promises",

From 9f1b0e361d20713d1ead7d50fb4cd55ba950dc2a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 16 May 2023 12:25:19 +0000
Subject: [PATCH 0947/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8b0a0db6..1a782775 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.6.0",
+            "version": "7.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "733dd89533dd371a0987172727df15f500dab0ef"
+                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/733dd89533dd371a0987172727df15f500dab0ef",
-                "reference": "733dd89533dd371a0987172727df15f500dab0ef",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
+                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
                 "shasum": ""
             },
             "require": {
@@ -113,7 +113,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.6.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.6.1"
             },
             "funding": [
                 {
@@ -129,7 +129,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-14T11:23:39+00:00"
+            "time": "2023-05-15T20:43:01+00:00"
         },
         {
             "name": "guzzlehttp/promises",

From 364be594a2b9e8254ca306a3c765c3da52711bcf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 16 May 2023 16:28:01 +0200
Subject: [PATCH 0948/3949] fix missing character

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 5c16d805..e468624f 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex; \
     chown -R postgres:postgres "$PGDATA"; \
     \
     mkdir /mnt/data; \
-    chown postgres:postgres /mnt/data;
+    chown postgres:postgres /mnt/data; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd

From 1513d69a8d318b22d0d68528bfd80d872d290074 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 16 May 2023 17:49:39 +0200
Subject: [PATCH 0949/3949] ipv6 - add note regarding problems with ipv6 and
 docker

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 7aac4dd0..a9694c35 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -1,6 +1,8 @@
 # IPv6-Support for Docker
 
-Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
+Before enabling IPv6-Support for Docker, please note that there are still some unresolved problems in regards to IPv6-Support in Docker. See https://github.com/nextcloud/all-in-one/discussions/2557 for more details on this.
+
+Now that this was mentioned, see the instructions below on how to enable IPv6 for Docker.
 
 ## Docker on Linux and Docker-rootless
 1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well. If you are using mailcow and enabled IPv6 with the update.sh, you can keep their daemon.json, it will work too.

From 9f19026885dffa520813434f37bd048d296ca9e5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 17 May 2023 20:48:08 +0200
Subject: [PATCH 0950/3949] allow to include volumes in backup and restore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh  |  8 ++++++
 manual-install/update-yaml.sh          |  1 +
 php/containers-schema.json             | 10 +++++++-
 php/containers.json                    | 35 ++++++++++----------------
 php/src/Container/Container.php        |  8 ++++++
 php/src/ContainerDefinitionFetcher.php |  6 +++++
 php/src/Docker/DockerActionManager.php | 23 +++++++++++++++++
 7 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d877affe..871dabe2 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -24,6 +24,14 @@ for directory in "${VOLUME_DIRS[@]}"; do
         exit 1
     fi
 done
+# Test if default volumes are there
+DEFAULT_VOLUMES=(nextcloud_aio_apache nextcloud_aio_nextcloud nextcloud_aio_database nextcloud_aio_database_dump nextcloud_aio_elasticsearch nextcloud_aio_nextcloud_data nextcloud_aio_mastercontainer)
+for volume in "${DEFAULT_VOLUMES[@]}"; do
+    if ! mountpoint -q "/nextcloud_aio_volumes/$volume"; then
+        echo "$volume is missing which is not intended."
+        exit 1
+    fi
+done
 
 # Check if target is mountpoint
 if ! mountpoint -q /mnt/borgbackup; then
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index c0cd8872..c37a45c1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -15,6 +15,7 @@ OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 919f60e0..e2d37767 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -106,6 +106,13 @@
 					"apparmor_unconfined": {
 						"type": "boolean"
 					},
+					"backup_volumes": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^nextcloud_aio_[a-z_]+$"
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
@@ -119,7 +126,8 @@
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^(([a-z_]+)|(%[A-Z_]+%))$"								},
+									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%))$"
+								},
 								"writeable": {
 									"type": "boolean"
 								}
diff --git a/php/containers.json b/php/containers.json
index 61992be6..eb16c316 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -41,7 +41,11 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "backup_volumes": [
+        "nextcloud_aio_nextcloud",
+        "nextcloud_aio_apache"
+      ]
     },
     {
       "container_name": "nextcloud-aio-database",
@@ -75,7 +79,11 @@
       ],
       "stop_grace_period": 1800,
       "restart": "unless-stopped",
-      "shm_size": 268435456
+      "shm_size": 268435456,
+      "backup_volumes": [
+        "nextcloud_aio_database",
+        "nextcloud_aio_database_dump"
+      ]
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -167,6 +175,9 @@
       "restart": "unless-stopped",
       "devices": [
         "/dev/dri"
+      ],
+      "backup_volumes": [
+        "nextcloud_aio_nextcloud"
       ]
     },
     {
@@ -270,31 +281,11 @@
           "destination": "/root",
           "writeable": true
         },
-        {
-          "source": "nextcloud_aio_nextcloud",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
-          "writeable": true
-        },
         {
           "source": "%NEXTCLOUD_DATADIR%",
           "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
           "writeable": true
         },
-        {
-          "source": "nextcloud_aio_database",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
-          "writeable": true
-        },
-        {
-          "source": "nextcloud_aio_database_dump",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
-          "writeable": true
-        },
-        {
-          "source": "nextcloud_aio_apache",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
-          "writeable": true
-        },
         {
           "source": "nextcloud_aio_mastercontainer",
           "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 442ee587..0ca8e872 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -27,6 +27,8 @@ class Container {
     private array $capAdd;
     private int $shmSize;
     private bool $apparmorUnconfined;
+    /** @var string[] */
+    private array $backupVolumes;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -45,6 +47,7 @@ class Container {
         array $capAdd,
         int $shmSize,
         bool $apparmorUnconfined,
+        array $backupVolumes,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -62,6 +65,7 @@ class Container {
         $this->capAdd = $capAdd;
         $this->shmSize = $shmSize;
         $this->apparmorUnconfined = $apparmorUnconfined;
+        $this->backupVolumes = $backupVolumes;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -105,6 +109,10 @@ class Container {
         return $this->capAdd;
     }
 
+    public function GetBackupVolumes() : array {
+        return $this->backupVolumes;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 50901f8f..75bd2c2e 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -228,6 +228,11 @@ class ContainerDefinitionFetcher
                 $apparmorUnconfined = $entry['apparmor_unconfined'];
             }
 
+            $backupVolumes = [];
+            if (isset($entry['backup_volumes'])) {
+                $backupVolumes = $entry['backup_volumes'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -244,6 +249,7 @@ class ContainerDefinitionFetcher
                 $capAdd,
                 $shmSize,
                 $apparmorUnconfined,
+                $backupVolumes,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index bd159311..ef41a1f5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -429,6 +429,11 @@ class DockerActionManager
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             // Additional backup directories
             $mounts = [];
+            foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
+                if ($additionalBackupVolumes !== '') {
+                    $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
+                }
+            }
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
@@ -503,6 +508,24 @@ class DockerActionManager
         }
     }
 
+    private function getBackupVolumes(string $id) : array
+    {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        $backupVolumes = $container->GetBackupVolumes();
+
+        foreach ($container->GetDependsOn() as $dependency) {
+            $backupVolumes[] = $this->getBackupVolumes($dependency);
+        }
+        return $backupVolumes;
+    }
+
+    private function getAllBackupVolumes() : array {
+        $id = 'nextcloud-aio-apache';
+
+        return array_unique($this->getBackupVolumes($id));
+    }
+
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));

From 48e70e2b00093210183d40c2c4912c6354788f12 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 19:18:31 +0200
Subject: [PATCH 0951/3949] allow to add imports to the caddy file

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile                 | 59 ++++-----------------
 Containers/apache/Dockerfile                |  3 +-
 Containers/apache/caddy-imports/collabora   | 10 ++++
 Containers/apache/caddy-imports/notify-push |  5 ++
 Containers/apache/caddy-imports/onlyoffice  |  8 +++
 Containers/apache/caddy-imports/talk        |  5 ++
 Containers/apache/nextcloud                 |  7 +++
 Containers/apache/start.sh                  |  3 ++
 8 files changed, 49 insertions(+), 51 deletions(-)
 create mode 100644 Containers/apache/caddy-imports/collabora
 create mode 100644 Containers/apache/caddy-imports/notify-push
 create mode 100644 Containers/apache/caddy-imports/onlyoffice
 create mode 100644 Containers/apache/caddy-imports/talk
 create mode 100644 Containers/apache/nextcloud

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index ce195ff3..7343a3c3 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -5,6 +5,10 @@
         root /mnt/data/caddy
     }
 
+    servers {
+        # trusted_proxies placeholder
+    }
+
     log {
         level ERROR
     }
@@ -12,59 +16,14 @@
 
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
-    # Notify Push
-    route /push/* {
-        uri strip_prefix /push
-        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
-            # trusted_proxies placeholder
-        }
-    }
+    # Bundled
+    import /caddy-imports/*
 
-    # Talk
-    route /standalone-signaling/* {
-        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081 {
-            # trusted_proxies placeholder
-        }
-    }
-
-    # Collabora
-    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-
-    # Onlyoffice
-    route /onlyoffice/* {
-        uri strip_prefix /onlyoffice
-        reverse_proxy {$ONLYOFFICE_HOST}:80 {
-            header_up X-Forwarded-Host {http.request.host}/onlyoffice
-            header_up X-Forwarded-Proto https
-            # trusted_proxies placeholder
-        }
-    }
+    # Others
+    import /mnt/data/caddy-imports/*
 
     # Nextcloud
-    route {
-        rewrite /.well-known/carddav /remote.php/dav
-        rewrite /.well-known/caldav /remote.php/dav
-        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000 {
-            # See https://github.com/nextcloud/all-in-one/issues/828
-            # trusted_proxies placeholder
-        }
-    }
+    import /mnt/data/nextcloud
 
     # TLS options
     tls {
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 7a95ff06..f1443d09 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -7,7 +7,8 @@ COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
 COPY --chown=www-data:www-data Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
-
+COPY --chmod=664 nextcloud /nextcloud
+COPY --chmod=664 caddy-imports/* /caddy-imports/
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/apache/caddy-imports/collabora b/Containers/apache/caddy-imports/collabora
new file mode 100644
index 00000000..89d44bae
--- /dev/null
+++ b/Containers/apache/caddy-imports/collabora
@@ -0,0 +1,10 @@
+# Collabora
+route /browser/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}
+route /hosting/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}
+route /cool/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}
diff --git a/Containers/apache/caddy-imports/notify-push b/Containers/apache/caddy-imports/notify-push
new file mode 100644
index 00000000..6aaf6d6a
--- /dev/null
+++ b/Containers/apache/caddy-imports/notify-push
@@ -0,0 +1,5 @@
+# Notify Push
+route /push/* {
+    uri strip_prefix /push
+    reverse_proxy {$NEXTCLOUD_HOST}:7867
+}
diff --git a/Containers/apache/caddy-imports/onlyoffice b/Containers/apache/caddy-imports/onlyoffice
new file mode 100644
index 00000000..e1994139
--- /dev/null
+++ b/Containers/apache/caddy-imports/onlyoffice
@@ -0,0 +1,8 @@
+# Onlyoffice
+route /onlyoffice/* {
+    uri strip_prefix /onlyoffice
+    reverse_proxy {$ONLYOFFICE_HOST}:80 {
+        header_up X-Forwarded-Host {http.request.host}/onlyoffice
+        header_up X-Forwarded-Proto https
+    }
+}
diff --git a/Containers/apache/caddy-imports/talk b/Containers/apache/caddy-imports/talk
new file mode 100644
index 00000000..79d2a41a
--- /dev/null
+++ b/Containers/apache/caddy-imports/talk
@@ -0,0 +1,5 @@
+# Talk
+route /standalone-signaling/* {
+    uri strip_prefix /standalone-signaling
+    reverse_proxy {$TALK_HOST}:8081
+}
\ No newline at end of file
diff --git a/Containers/apache/nextcloud b/Containers/apache/nextcloud
new file mode 100644
index 00000000..16a7a088
--- /dev/null
+++ b/Containers/apache/nextcloud
@@ -0,0 +1,7 @@
+# Nextcloud
+route {
+    rewrite /.well-known/carddav /remote.php/dav
+    rewrite /.well-known/caldav /remote.php/dav
+    header Strict-Transport-Security max-age=31536000;
+    reverse_proxy localhost:8000
+}
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index c466d907..6229f025 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -45,6 +45,9 @@ else
 fi
 echo "$CADDYFILE" > /Caddyfile
 
+# Overwrite nextcloud conf
+cat /nextcloud > /mnt/data/nextcloud
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile
 

From 1b878a4a8d0861ca8c1e5520fd7ee1c6e1739dad Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 14:15:49 +0200
Subject: [PATCH 0952/3949] adjust typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/caddy-imports/talk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/caddy-imports/talk b/Containers/apache/caddy-imports/talk
index 79d2a41a..b7024cde 100644
--- a/Containers/apache/caddy-imports/talk
+++ b/Containers/apache/caddy-imports/talk
@@ -2,4 +2,4 @@
 route /standalone-signaling/* {
     uri strip_prefix /standalone-signaling
     reverse_proxy {$TALK_HOST}:8081
-}
\ No newline at end of file
+}

From 9388ec5798be1bf12b4451c81a26df40f5d27eb5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 14:18:02 +0200
Subject: [PATCH 0953/3949] increase to 5.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index db8f5da3..e18a7093 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.1.0</h1>
+        <h1>Nextcloud AIO v5.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From e4c5b12982f03f9588729f582288de9f8ec9b4e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 12:58:52 +0000
Subject: [PATCH 0954/3949] Bump nats from 2.9.16-scratch to 2.9.17-scratch in
 /Containers/talk

Bumps nats from 2.9.16-scratch to 2.9.17-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 9cc64683..bc6ab53d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.16-scratch as nats
+FROM nats:2.9.17-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-r0-alpine
 USER root

From 14a77ea88da18a2021f045df2fd3c51c6af1b123 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 15:45:23 +0200
Subject: [PATCH 0955/3949] fix getAllBackupVolumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ef41a1f5..c11f16a0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -522,8 +522,15 @@ class DockerActionManager
 
     private function getAllBackupVolumes() : array {
         $id = 'nextcloud-aio-apache';
-
-        return array_unique($this->getBackupVolumes($id));
+        $backupVolumesArray = $this->getBackupVolumes($id);
+        // Flatten array
+        $backupVolumesArrayFlat = iterator_to_array(
+            new \RecursiveIteratorIterator(
+                new \RecursiveArrayIterator($backupVolumesArray)
+            ),
+            $use_keys = false
+        );
+        return array_unique($backupVolumesArrayFlat);
     }
 
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {

From 1dedc5f2826d65ebc7b31675dbefc75f9fd77165 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 16:06:22 +0200
Subject: [PATCH 0956/3949] fix caddy config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile  | 3 ---
 Containers/apache/Dockerfile | 2 +-
 Containers/apache/nextcloud  | 2 +-
 Containers/apache/start.sh   | 2 +-
 4 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 7343a3c3..6c815c8b 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -22,9 +22,6 @@
     # Others
     import /mnt/data/caddy-imports/*
 
-    # Nextcloud
-    import /mnt/data/nextcloud
-
     # TLS options
     tls {
         issuer acme {
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index f1443d09..f9cea6f1 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -5,7 +5,7 @@ FROM httpd:2.4.57-alpine3.17
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
-COPY --chown=www-data:www-data Caddyfile /Caddyfile
+COPY --chown=33:33 Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
 COPY --chmod=664 nextcloud /nextcloud
 COPY --chmod=664 caddy-imports/* /caddy-imports/
diff --git a/Containers/apache/nextcloud b/Containers/apache/nextcloud
index 16a7a088..a0c2c80a 100644
--- a/Containers/apache/nextcloud
+++ b/Containers/apache/nextcloud
@@ -1,5 +1,5 @@
 # Nextcloud
-route {
+route /* {
     rewrite /.well-known/carddav /remote.php/dav
     rewrite /.well-known/caldav /remote.php/dav
     header Strict-Transport-Security max-age=31536000;
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 6229f025..2aefe251 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -46,7 +46,7 @@ fi
 echo "$CADDYFILE" > /Caddyfile
 
 # Overwrite nextcloud conf
-cat /nextcloud > /mnt/data/nextcloud
+cat /nextcloud > /mnt/data/caddy-imports/nextcloud
 
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile

From ac7bf05f5400a2d895f518b71d38056a2bd10926 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 16:29:45 +0200
Subject: [PATCH 0957/3949] create important dirs beforehand

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 2aefe251..ccd1ca52 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -54,6 +54,9 @@ caddy fmt --overwrite /Caddyfile
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
+# Add caddy import path
+mkdir -p /mnt/data/caddy-imports
+
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 

From 0c945c9516f135f21839e25e8799c973c9f599e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 May 2023 20:58:06 +0200
Subject: [PATCH 0958/3949] caddy - use correct syntax for trusted_proxies

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index ccd1ca52..0e6ca101 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -39,9 +39,9 @@ echo "$CADDYFILE" > /Caddyfile
 
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies private_ranges|' /Caddyfile)"
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /Caddyfile)"
 else
-    CADDYFILE="$(sed 's|trusted_proxies private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
+    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
 fi
 echo "$CADDYFILE" > /Caddyfile
 

From c84091cc0c5ad02b80b7dd7c4d05647767dfb0b5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 18:36:43 +0200
Subject: [PATCH 0959/3949] adjust things as discussed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile                 | 41 ++++++++++++++++++++-
 Containers/apache/Dockerfile                |  2 -
 Containers/apache/caddy-imports/collabora   | 10 -----
 Containers/apache/caddy-imports/notify-push |  5 ---
 Containers/apache/caddy-imports/onlyoffice  |  8 ----
 Containers/apache/caddy-imports/talk        |  5 ---
 Containers/apache/nextcloud                 |  7 ----
 Containers/apache/start.sh                  |  6 +--
 8 files changed, 42 insertions(+), 42 deletions(-)
 delete mode 100644 Containers/apache/caddy-imports/collabora
 delete mode 100644 Containers/apache/caddy-imports/notify-push
 delete mode 100644 Containers/apache/caddy-imports/onlyoffice
 delete mode 100644 Containers/apache/caddy-imports/talk
 delete mode 100644 Containers/apache/nextcloud

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 6c815c8b..6006fee4 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -16,12 +16,49 @@
 
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
-    # Bundled
-    import /caddy-imports/*
+    # Collabora
+    route /browser/* {
+        reverse_proxy {$COLLABORA_HOST}:9980
+    }
+    route /hosting/* {
+        reverse_proxy {$COLLABORA_HOST}:9980
+    }
+    route /cool/* {
+        reverse_proxy {$COLLABORA_HOST}:9980
+    }
+
+    # Notify Push
+    route /push/* {
+        uri strip_prefix /push
+        reverse_proxy {$NEXTCLOUD_HOST}:7867
+    }
+
+    # Onlyoffice
+    route /onlyoffice/* {
+        uri strip_prefix /onlyoffice
+        reverse_proxy {$ONLYOFFICE_HOST}:80 {
+            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Proto https
+        }
+    }
+
+    # Talk
+    route /standalone-signaling/* {
+        uri strip_prefix /standalone-signaling
+        reverse_proxy {$TALK_HOST}:8081
+    }
 
     # Others
     import /mnt/data/caddy-imports/*
 
+    # Nextcloud
+    route {
+        rewrite /.well-known/carddav /remote.php/dav
+        rewrite /.well-known/caldav /remote.php/dav
+        header Strict-Transport-Security max-age=31536000;
+        reverse_proxy localhost:8000
+    }
+
     # TLS options
     tls {
         issuer acme {
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index f9cea6f1..c96e5470 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -7,8 +7,6 @@ COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
 COPY --chown=33:33 Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
-COPY --chmod=664 nextcloud /nextcloud
-COPY --chmod=664 caddy-imports/* /caddy-imports/
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/apache/caddy-imports/collabora b/Containers/apache/caddy-imports/collabora
deleted file mode 100644
index 89d44bae..00000000
--- a/Containers/apache/caddy-imports/collabora
+++ /dev/null
@@ -1,10 +0,0 @@
-# Collabora
-route /browser/* {
-    reverse_proxy {$COLLABORA_HOST}:9980
-}
-route /hosting/* {
-    reverse_proxy {$COLLABORA_HOST}:9980
-}
-route /cool/* {
-    reverse_proxy {$COLLABORA_HOST}:9980
-}
diff --git a/Containers/apache/caddy-imports/notify-push b/Containers/apache/caddy-imports/notify-push
deleted file mode 100644
index 6aaf6d6a..00000000
--- a/Containers/apache/caddy-imports/notify-push
+++ /dev/null
@@ -1,5 +0,0 @@
-# Notify Push
-route /push/* {
-    uri strip_prefix /push
-    reverse_proxy {$NEXTCLOUD_HOST}:7867
-}
diff --git a/Containers/apache/caddy-imports/onlyoffice b/Containers/apache/caddy-imports/onlyoffice
deleted file mode 100644
index e1994139..00000000
--- a/Containers/apache/caddy-imports/onlyoffice
+++ /dev/null
@@ -1,8 +0,0 @@
-# Onlyoffice
-route /onlyoffice/* {
-    uri strip_prefix /onlyoffice
-    reverse_proxy {$ONLYOFFICE_HOST}:80 {
-        header_up X-Forwarded-Host {http.request.host}/onlyoffice
-        header_up X-Forwarded-Proto https
-    }
-}
diff --git a/Containers/apache/caddy-imports/talk b/Containers/apache/caddy-imports/talk
deleted file mode 100644
index b7024cde..00000000
--- a/Containers/apache/caddy-imports/talk
+++ /dev/null
@@ -1,5 +0,0 @@
-# Talk
-route /standalone-signaling/* {
-    uri strip_prefix /standalone-signaling
-    reverse_proxy {$TALK_HOST}:8081
-}
diff --git a/Containers/apache/nextcloud b/Containers/apache/nextcloud
deleted file mode 100644
index a0c2c80a..00000000
--- a/Containers/apache/nextcloud
+++ /dev/null
@@ -1,7 +0,0 @@
-# Nextcloud
-route /* {
-    rewrite /.well-known/carddav /remote.php/dav
-    rewrite /.well-known/caldav /remote.php/dav
-    header Strict-Transport-Security max-age=31536000;
-    reverse_proxy localhost:8000
-}
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 0e6ca101..8bc1805f 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -45,9 +45,6 @@ else
 fi
 echo "$CADDYFILE" > /Caddyfile
 
-# Overwrite nextcloud conf
-cat /nextcloud > /mnt/data/caddy-imports/nextcloud
-
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile
 
@@ -57,6 +54,9 @@ mkdir -p /mnt/data/caddy/
 # Add caddy import path
 mkdir -p /mnt/data/caddy-imports
 
+# Makre sure that the caddy-imports dir is not empty
+echo "" > /mnt/data/caddy-imports/empty
+
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 

From a620640fa778678386aabda8455a7e3492301ecd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 18:41:12 +0200
Subject: [PATCH 0960/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 8bc1805f..1806f7b4 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -54,6 +54,9 @@ mkdir -p /mnt/data/caddy/
 # Add caddy import path
 mkdir -p /mnt/data/caddy-imports
 
+# Remove falsely added Nextcloud conf
+rm -f /mnt/data/caddy-imports/nextcloud
+
 # Makre sure that the caddy-imports dir is not empty
 echo "" > /mnt/data/caddy-imports/empty
 

From a117c684dd6ce3bfb573fdd163eaec9130c83811 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 18:42:27 +0200
Subject: [PATCH 0961/3949] increase to 5.2.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e18a7093..456f0f4c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.2.0</h1>
+        <h1>Nextcloud AIO v5.2.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From cf148b6381f25205076785375e88b0a0019f8f9a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 18:58:36 +0200
Subject: [PATCH 0962/3949] fix caddy warning

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 1806f7b4..9c1023ee 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -58,7 +58,7 @@ mkdir -p /mnt/data/caddy-imports
 rm -f /mnt/data/caddy-imports/nextcloud
 
 # Makre sure that the caddy-imports dir is not empty
-echo "" > /mnt/data/caddy-imports/empty
+echo "# empty file so that caddy does not print a warning" > /mnt/data/caddy-imports/empty
 
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid

From 5e96aad3fd7d82090527e7421d2d42af494a153e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 19:03:42 +0200
Subject: [PATCH 0963/3949] clear apcu cache upon starting containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 5f4acfe3..980e432b 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -172,6 +172,9 @@ class DockerController
         // Start container
         $this->startTopContainer(true);
 
+        // Clear apcu cache in order to check if container updates are available
+        apcu_clear_cache();
+
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 

From 32690ae48fa106c9d3ff9c7883ae3bd0918aa253 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 21 May 2023 00:49:49 +0200
Subject: [PATCH 0964/3949] move permission overwrite to better place before
 innstallation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e8c88fae..935534e0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -205,6 +205,14 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
             fi
 
+            # We do our own permission check so the permission check is not needed
+            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+<?php
+    \$CONFIG = array (
+    'check_data_directory_permissions' => false
+);
+DATADIR_PERMISSION_CONF
+
             echo "Installing with PostgreSQL database"
             INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")
 
@@ -215,15 +223,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 exit 1
             fi
 
-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
-<?php
-\$CONFIG = array (
-  'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
-            php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
-
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 

From ccad3bc98c9b080a023a8af005aa4f29273acaf2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 20 May 2023 23:27:20 +0200
Subject: [PATCH 0965/3949] enable brotli compression for js files in Nextcloud

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile     | 1 +
 Containers/apache/nextcloud.conf | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c96e5470..0e9c5ec1 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -45,6 +45,7 @@ RUN set -ex; \
             -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
             -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
             -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
             -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
             -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
         /usr/local/apache2/conf/httpd.conf; \
diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index e4523c14..b580cb59 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -10,6 +10,13 @@ Listen 8000
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
+
+    # Enable Brotli compression for js files
+    <IfModule mod_brotli.c>
+        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript
+        BrotliCompressionQuality 0
+    </IfModule>
+
     # Nextcloud dir
     DocumentRoot /var/www/html/
     <Directory /var/www/html/>

From 5c058691bd5a23a3891de08d2af460df579974ea Mon Sep 17 00:00:00 2001
From: craigkh <74493036+craigkh@users.noreply.github.com>
Date: Mon, 22 May 2023 23:00:30 +1200
Subject: [PATCH 0966/3949] Update reverse-proxy.md

I suggest adding the name and location of Caddyfile as there is no instructions for how to create a Caddyfile.
Failure to create a Caddyfile prior to starting the container results in a directory called Caddyfile being created.

Signed-off-by: craigkh <74493036+craigkh@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index be339ec7..0f2ff9e7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -100,7 +100,7 @@ https://<your-nc-domain>:443 {
     reverse_proxy localhost:11000
 }
 ```
-
+Caddyfile is a text file called ‘Caddyfile’ (no extension) which needs to be created in the same location as your ‘docker-compose.yml’ file prior to starting the container.
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.

From 5e581d89f11bcca9936ac39d5fde3f37e77fe72e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 22 May 2023 13:02:36 +0200
Subject: [PATCH 0967/3949] add as feature to readme

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index f0e4a14f..eb10d7c9 100644
--- a/readme.md
+++ b/readme.md
@@ -28,6 +28,7 @@ Included are:
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
+- Brotli compression enabled by default for javascript files which reduces load times
 - HTTP/2 and HTTP/3 enabled
 - "Pretty URLs" for Nextcloud are enabled by default (removes the index.php from all links)
 - Video previews work out of the box and when Imaginary is enabled, many recent image formats as well!

From 6e2303481d93fe35d0005827ccff3f2d3f30e985 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 23 May 2023 04:09:28 +0000
Subject: [PATCH 0968/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 0653e854..a9d5fb25 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.11.0@c9b192ab8400fdaf04b2b13d110575adc879aa90"/>
+<files psalm-version="5.12.0@f90118cdeacd0088e7215e64c0c99ceca819e176"/>

From a3767038c66704b2e6f7b8d8c228bcef3d657c17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 24 May 2023 11:41:52 +0200
Subject: [PATCH 0969/3949] change callitkarma link to web archive one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index f0e4a14f..63e58243 100644
--- a/readme.md
+++ b/readme.md
@@ -239,7 +239,7 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
 The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 - https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
-- https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
+- https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 
 ### How to skip the domain validation?

From 4627b9c68526c79b965374d361c580ec378b639d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 26 May 2023 09:17:53 +0000
Subject: [PATCH 0970/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5ee78a09..38939287 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -108,7 +108,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.6
+ENV NEXTCLOUD_VERSION 25.0.7
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 65a9fe4c95561d09bdac9c52421f0fbc204ab007 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 27 Apr 2023 16:01:16 +0200
Subject: [PATCH 0971/3949] allow to adjust borgs retention policy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile        |  1 +
 Containers/borgbackup/backupscript.sh   | 10 ++++++----
 docker-compose.yml                      |  1 +
 php/containers.json                     |  3 ++-
 php/src/Data/ConfigurationManager.php   |  7 +++++++
 php/src/Docker/DockerActionManager.php  |  2 ++
 php/templates/containers.twig           |  2 +-
 readme.md                               |  5 +++--
 tests/QA/060-environmental-variables.md |  1 +
 9 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 3aac5df4..6f08740c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -21,3 +21,4 @@ RUN chmod +x /usr/bin/start.sh; \
 USER root
 ENTRYPOINT ["start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
+ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 64bb8fd2..8eb64e6d 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -151,11 +151,13 @@ if [ "$BORG_MODE" = backup ]; then
     rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
 
     # Prune options
-    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
+    set -x
+    read -ra BORG_PRUNE_OPTS <<< "$BORG_RETENTION_POLICY"
+    set +x
 
     # Prune archives
     echo "Pruning the archives..."
-    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
         echo "Failed to prune archives!"
         exit 1
     fi
@@ -186,7 +188,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional volumes..."
-            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
@@ -216,7 +218,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional host mounts..."
-            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 3538cc8b..97da2ace 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,7 @@ services:
       # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
diff --git a/php/containers.json b/php/containers.json
index 87cf8125..a9130241 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -261,7 +261,8 @@
         "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
         "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
-        "BORG_HOST_ID=nextcloud-aio-borgbackup"
+        "BORG_HOST_ID=nextcloud-aio-borgbackup",
+        "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%"
       ],
       "volumes": [
         {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 205ac7d7..82830d80 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -581,6 +581,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetBorgRetentionPolicy() : string {
+        $envVariableName = 'BORG_RETENTION_POLICY';
+        $configName = 'borg_retention_policy';
+        $defaultValue = '--keep-within=7d --keep-weekly=4 --keep-monthly=6';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetDockerSocketPath() : string {
         $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
         $configName = 'docker_socket_path';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 96767352..cc612532 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -328,6 +328,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'BORG_RETENTION_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy();
                 } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
                     $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ae0b3c40..54d2d537 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -407,7 +407,7 @@
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b>.<br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
                                 For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 
diff --git a/readme.md b/readme.md
index b765af9f..d321dc41 100644
--- a/readme.md
+++ b/readme.md
@@ -334,10 +334,11 @@ Daily backups can get enabled after the initial backup is done. Enabling this al
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 
-Regarding backup retention, see [this documentation](https://github.com/nextcloud/all-in-one/discussions/1675).
-
 ---
 
+#### How to adjust borgs retention policy?
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the upload limit by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
+
 #### Are remote borg backups supported?
 
 Not directly but you have multiple options to achieve this:
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index ea7a375e..5bd7c10b 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -10,6 +10,7 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs.
 - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.

From f4140e1102b2c523cb0b3b550d049e2966340129 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 11:45:39 +0200
Subject: [PATCH 0972/3949] increase to 5.2.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 456f0f4c..9c462214 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.2.1</h1>
+        <h1>Nextcloud AIO v5.2.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From a8a80cbd72f372ed2224ab237c11ca64fc620685 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:22:42 +0200
Subject: [PATCH 0973/3949] update to Nextcloud 26.0.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 38939287..3206b72a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -108,7 +108,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.7
+ENV NEXTCLOUD_VERSION 26.0.2
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

From 9f2b61ee075717a3b2f1dd57ea3846d202591eb6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:24:09 +0200
Subject: [PATCH 0974/3949] increase supported aio app versions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index a1922f2a..584765cf 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="24" max-version="25"/>
+		<nextcloud min-version="25" max-version="26"/>
 	</dependencies>
 
 	<settings>

From 205c7eb6d26f2a8c4385186c8412fd6b66acea70 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:26:13 +0200
Subject: [PATCH 0975/3949] set newMajorVersion to empty string

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9c462214..0c6cbbc9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -26,8 +26,8 @@
         {% set isWatchtowerRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
-        {# Setting newMajorVersion to '' will hide corresponding options/elements #}
-        {% set newMajorVersion = 26 %}
+        {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 8dbdc8bb7746faa866ace2d2f4ec32c8e6c70b43 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:31:19 +0200
Subject: [PATCH 0976/3949] update Nextcloud container to php 8.1 and alpine
 3.17

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 readme.md                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 38939287..ec8d95ec 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.28-fpm-alpine3.16
+FROM php:8.1.19-fpm-alpine3.17
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
diff --git a/readme.md b/readme.md
index 63e58243..58bb755e 100644
--- a/readme.md
+++ b/readme.md
@@ -603,7 +603,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v7&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 023ecce72f96a9ff3e99a00ce66fe0fa5a2c69ff Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:34:35 +0200
Subject: [PATCH 0977/3949] enable imaginary by default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 205ac7d7..e22ccd56 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -157,10 +157,10 @@ class ConfigurationManager
 
     public function isImaginaryEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }
 

From 9d1e8faf5c9a178108875baa8e7953c592db1494 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:36:00 +0200
Subject: [PATCH 0978/3949] remove imaginary version check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e8c88fae..9ca1a643 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -616,18 +616,16 @@ else
 fi
 
 # Imaginary
-if version_greater "$installed_version" "24.0.0.0"; then
-    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
-        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
-        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
-    else
-        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-            php /var/www/html/occ config:system:delete preview_imaginary_url
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
-        fi
+if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+    php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+    php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+else
+    if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+        php /var/www/html/occ config:system:delete preview_imaginary_url
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
     fi
 fi
 

From 4c8e6c07deb389fe71a04ed1e085433140f6f773 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:40:13 +0200
Subject: [PATCH 0979/3949] add notes app to default apps

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-compose.yml                      | 2 +-
 manual-install/sample.conf              | 2 +-
 manual-install/update-yaml.sh           | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5c4153a1..f5a60edf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,7 +27,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 6c438210..27bbf17f 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -19,7 +19,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index c37a45c1..6438da7c 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -81,7 +81,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 205ac7d7..f0abfdb8 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -768,7 +768,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck twofactor_totp tasks calendar contacts';
+        return 'deck twofactor_totp tasks calendar contacts notes';
     }
 
     public function GetCollaboraDictionaries() : string {
diff --git a/readme.md b/readme.md
index 63e58243..428f9173 100644
--- a/readme.md
+++ b/readme.md
@@ -598,7 +598,7 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index ea7a375e..74468596 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,7 +15,7 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)

From 8fe4406e90a2cd993a6a36a484cd29b9c5f9ba1b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:48:48 +0200
Subject: [PATCH 0980/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 58bb755e..ae7b93b0 100644
--- a/readme.md
+++ b/readme.md
@@ -603,7 +603,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v7&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 5be582e327a5fb787ff07dea111a13db547c92bd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 13:24:46 +0200
Subject: [PATCH 0981/3949] improve wording and formatting

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0f2ff9e7..4547ee7b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -100,7 +100,8 @@ https://<your-nc-domain>:443 {
     reverse_proxy localhost:11000
 }
 ```
-Caddyfile is a text file called ‘Caddyfile’ (no extension) which needs to be created in the same location as your ‘docker-compose.yml’ file prior to starting the container.
+The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `docker-compose.yml` file prior to starting the container.
+
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.

From e4de4dcb67a9c5f9d9b39ff62ca2735f45e5db01 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 1 May 2023 18:37:33 +0200
Subject: [PATCH 0982/3949] allow to define nextcloud_exec_commands in
 containers definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile            |  2 +-
 Containers/nextcloud/activate-collabora.sh | 13 ------------
 Containers/nextcloud/run-exec-commands.sh  | 23 +++++++++++++++++++++
 Containers/nextcloud/supervisord.conf      |  4 ++--
 manual-install/update-yaml.sh              |  1 +
 php/containers-schema.json                 |  8 ++++++++
 php/containers.json                        |  6 +++++-
 php/src/Container/Container.php            |  7 +++++++
 php/src/ContainerDefinitionFetcher.php     |  6 ++++++
 php/src/Docker/DockerActionManager.php     | 24 ++++++++++++++++++++++
 10 files changed, 77 insertions(+), 17 deletions(-)
 delete mode 100644 Containers/nextcloud/activate-collabora.sh
 create mode 100644 Containers/nextcloud/run-exec-commands.sh

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 38939287..89a3d692 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -241,7 +241,7 @@ RUN set -ex; \
     chmod +x /cron.sh && \
     chmod +x /notify.sh && \
     chmod +x /notify-all.sh && \
-    chmod +x /activate-collabora.sh && \
+    chmod +x /run-exec-commands.sh && \
     chmod +x /healthcheck.sh
 
 RUN set -ex; \
diff --git a/Containers/nextcloud/activate-collabora.sh b/Containers/nextcloud/activate-collabora.sh
deleted file mode 100644
index 0c10ea02..00000000
--- a/Containers/nextcloud/activate-collabora.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [ "$COLLABORA_ENABLED" != yes ]; then
-    # Basically sleep for forever if collabora is not enabled
-    sleep inf
-fi
-while ! nc -z "$NC_DOMAIN" 443; do
-    sleep 5
-done
-sleep 10
-echo "Activating collabora config..."
-php /var/www/html/occ richdocuments:activate-config
-sleep inf
diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
new file mode 100644
index 00000000..5df4962c
--- /dev/null
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
+done
+sleep 10
+
+if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
+    echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
+    echo "$NEXTCLOUD_EXEC_COMMANDS" >> /tmp/nextcloud-exec-commands
+    if ! grep "one-click-instance" /tmp/nextcloud-exec-commands; then
+        bash /tmp/nextcloud-exec-commands
+        rm /tmp/nextcloud-exec-commands
+    fi
+else
+    # Collabora must work also if using manual-install 
+    if [ "$COLLABORA_ENABLED" = yes ]; then
+        echo "Activating collabora config..."
+        php /var/www/html/occ richdocuments:activate-config
+    fi
+fi
+
+sleep inf
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index e54d13c0..23e85ca6 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -33,10 +33,10 @@ stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
 user=www-data
 
-[program:activate-collabora]
+[program:run-exec-commands]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/activate-collabora.sh
+command=/run-exec-commands.sh
 user=www-data
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index c37a45c1..98e08bfe 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -16,6 +16,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index e2d37767..69c04100 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -113,6 +113,14 @@
 							"pattern": "^nextcloud_aio_[a-z_]+$"
 						}
 					},
+					"nextcloud_exec_commands": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^(php /var/www/html/occ .*|echo .*)$",
+							"minlength": 1
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index eb16c316..ed2bd5cd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -228,7 +228,11 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "nextcloud_exec_commands": [
+        "echo 'Activating collabora config...'",
+        "php /var/www/html/occ richdocuments:activate-config"
+      ]
     },
     {
       "container_name": "nextcloud-aio-talk",
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 0ca8e872..a89374c6 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -29,6 +29,7 @@ class Container {
     private bool $apparmorUnconfined;
     /** @var string[] */
     private array $backupVolumes;
+    private array $nextcloudExecCommands;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -48,6 +49,7 @@ class Container {
         int $shmSize,
         bool $apparmorUnconfined,
         array $backupVolumes,
+        array $nextcloudExecCommands,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -66,6 +68,7 @@ class Container {
         $this->shmSize = $shmSize;
         $this->apparmorUnconfined = $apparmorUnconfined;
         $this->backupVolumes = $backupVolumes;
+        $this->nextcloudExecCommands = $nextcloudExecCommands;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -148,6 +151,10 @@ class Container {
         return $this->dependsOn;
     }
 
+    public function GetNextcloudExecCommands() : array {
+        return $this->nextcloudExecCommands;
+    }
+
     public function GetEnvironmentVariables() : ContainerEnvironmentVariables {
         return $this->containerEnvironmentVariables;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 75bd2c2e..95dcbd4f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -233,6 +233,11 @@ class ContainerDefinitionFetcher
                 $backupVolumes = $entry['backup_volumes'];
             }
 
+            $nextcloudExecCommands = [];
+            if (isset($entry['nextcloud_exec_commands'])) {
+                $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -250,6 +255,7 @@ class ContainerDefinitionFetcher
                 $shmSize,
                 $apparmorUnconfined,
                 $backupVolumes,
+                $nextcloudExecCommands,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c11f16a0..241a8365 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -235,6 +235,10 @@ class DockerActionManager
         }
 
         $envs = $container->GetEnvironmentVariables()->GetVariables();
+        // Special thing for the nextcloud container
+        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            $envs[] = $this->GetAllNextcloudExecCommands();
+        }
         foreach($envs as $key => $env) {
             // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
             if (str_starts_with($env, 'extra_params=')) {
@@ -533,6 +537,26 @@ class DockerActionManager
         return array_unique($backupVolumesArrayFlat);
     }
 
+    private function GetNextcloudExecCommands(string $id) : string
+    {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        $nextcloudExecCommands = '';
+        foreach ($container->GetNextcloudExecCommands() as $execCommand) {
+            $nextcloudExecCommands .= $execCommand . PHP_EOL;
+        }
+        foreach ($container->GetDependsOn() as $dependency) {
+            $nextcloudExecCommands .= $this->GetNextcloudExecCommands($dependency);
+        }
+        return $nextcloudExecCommands;
+    }
+
+    private function GetAllNextcloudExecCommands() : string
+    {
+        $id = 'nextcloud-aio-apache';
+        return 'NEXTCLOUD_EXEC_COMMANDS=' . $this->GetNextcloudExecCommands($id);
+    }
+
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));

From 66dfd9df8e9dcb6d590e484d2245d678aed0e095 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 16:19:06 +0200
Subject: [PATCH 0983/3949] validate json against json schema

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/composer.json                      |  3 +-
 php/composer.lock                      | 72 +++++++++++++++++++++++++-
 php/src/ContainerDefinitionFetcher.php | 18 ++++++-
 3 files changed, 90 insertions(+), 3 deletions(-)

diff --git a/php/composer.json b/php/composer.json
index 32488056..017d2731 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -16,7 +16,8 @@
         "http-interop/http-factory-guzzle": "^1.2",
         "slim/twig-view": "^3.3",
         "slim/csrf": "^1.3",
-        "ext-apcu": "*"
+        "ext-apcu": "*",
+        "justinrainbow/json-schema": "^5.2"
     },
     "scripts": {
 		"psalm": "psalm --threads=1",
diff --git a/php/composer.lock b/php/composer.lock
index 1a782775..fbe12ec7 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
+    "content-hash": "3cbf9ef41575f504b9bdbc8dbe8562e3",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -389,6 +389,76 @@
             },
             "time": "2021-07-21T13:50:14+00:00"
         },
+        {
+            "name": "justinrainbow/json-schema",
+            "version": "5.2.12",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/justinrainbow/json-schema.git",
+                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/justinrainbow/json-schema/zipball/ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
+                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.2.20||~2.15.1",
+                "json-schema/json-schema-test-suite": "1.2.0",
+                "phpunit/phpunit": "^4.8.35"
+            },
+            "bin": [
+                "bin/validate-json"
+            ],
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "5.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "JsonSchema\\": "src/JsonSchema/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Bruno Prieto Reis",
+                    "email": "bruno.p.reis@gmail.com"
+                },
+                {
+                    "name": "Justin Rainbow",
+                    "email": "justin.rainbow@gmail.com"
+                },
+                {
+                    "name": "Igor Wiedler",
+                    "email": "igor@wiedler.ch"
+                },
+                {
+                    "name": "Robert Schönthal",
+                    "email": "seroscho@googlemail.com"
+                }
+            ],
+            "description": "A library to validate a json schema.",
+            "homepage": "https://github.com/justinrainbow/json-schema",
+            "keywords": [
+                "json",
+                "schema"
+            ],
+            "support": {
+                "issues": "https://github.com/justinrainbow/json-schema/issues",
+                "source": "https://github.com/justinrainbow/json-schema/tree/5.2.12"
+            },
+            "time": "2022-04-13T08:02:27+00:00"
+        },
         {
             "name": "laravel/serializable-closure",
             "version": "v1.3.0",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 75bd2c2e..198c5061 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -12,6 +12,7 @@ use AIO\Container\State\RunningState;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Docker\DockerActionManager;
+use JsonSchema\Validator;
 
 class ContainerDefinitionFetcher
 {
@@ -40,12 +41,27 @@ class ContainerDefinitionFetcher
         throw new \Exception("The provided id " . $id . " was not found in the container definition.");
     }
 
+    private function validateJson(object $data): void {
+        // Validate against json schema
+        $validator = new Validator;
+        $validator->validate($data, (object)[file_get_contents(__DIR__ . '/../containers-schema.json')]);
+        if (!$validator->isValid()) {
+            error_log("JSON does not validate. Violations:");
+            foreach ($validator->getErrors() as $error) {
+                error_log(printf("[%s] %s\n", $error['property'], $error['message']));
+            }
+        }
+    }
+
     /**
      * @return array
      */
     private function GetDefinition(bool $latest): array
     {
-        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
+        $rawData = file_get_contents(__DIR__ . '/../containers.json');
+        $objectData = json_decode($rawData, false);
+        $this->validateJson($objectData);
+        $data = json_decode($rawData, true);
 
         $containers = [];
         foreach ($data['aio_services_v1'] as $entry) {

From 955a3c25a28ead0bb368b2743c610f715f4ff68f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 18:43:05 +0200
Subject: [PATCH 0984/3949] mention opcache and jit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 63e58243..b5952102 100644
--- a/readme.md
+++ b/readme.md
@@ -20,7 +20,7 @@ Included are:
 - APCU as local cache
 - Redis as distributed cache and for file locking
 - Postgresql as database
-- PHP-FPM with performance-optimized config
+- PHP-FPM with performance-optimized config (e.g. Opcache and JIT enabled by default)
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)

From cdb245c9c6eb957dd0e8c014de5b28efe7ecfe93 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 18:47:33 +0200
Subject: [PATCH 0985/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b5952102..225baf67 100644
--- a/readme.md
+++ b/readme.md
@@ -17,7 +17,7 @@ Included are:
 - Update and backup notifications included
 - Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
-- APCU as local cache
+- APCu as local cache
 - Redis as distributed cache and for file locking
 - Postgresql as database
 - PHP-FPM with performance-optimized config (e.g. Opcache and JIT enabled by default)

From 61e9e4e7c0887e6fbfd99b32d7aded3edcc19c1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Molakvo=C3=A6?= <skjnldsv@protonmail.com>
Date: Sat, 27 May 2023 09:44:13 +0200
Subject: [PATCH 0986/3949] chore: update workflows from templates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
---
 .github/workflows/command-rebase.yml |  8 ++++----
 .github/workflows/lint-php.yml       | 17 +++++++++++------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 243547b2..ec95ccbb 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -31,18 +31,18 @@ jobs:
           reaction-type: "+1"
 
       - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           fetch-depth: 0
           token: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.8
+        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
         env:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index fb57d046..46310200 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -3,18 +3,20 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 
-name: PHP Lint
+name: Lint php
 
 on:
   pull_request:
   push:
     branches:
       - main
+      - master
+      - stable*
 
 permissions:
   contents: read
 
-concurrency: 
+concurrency:
   group: lint-php-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
@@ -23,22 +25,25 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.2"]
+        php-versions: [ "8.0", "8.1", "8.2" ]
 
     name: php-lint
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: cd php && composer run lint
+        run: composer run lint
 
   summary:
     permissions:

From dc0ae7583342cc9a7250515028d4a51e76e9f9d2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 27 May 2023 10:05:57 +0200
Subject: [PATCH 0987/3949] fix workflow-update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 46310200..adcea581 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -10,8 +10,6 @@ on:
   push:
     branches:
       - main
-      - master
-      - stable*
 
 permissions:
   contents: read
@@ -25,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.0", "8.1", "8.2" ]
+        php-versions: [ "8.2" ]
 
     name: php-lint
 
@@ -43,7 +41,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: composer run lint
+        run: cd php && composer run lint
 
   summary:
     permissions:

From 3fbd54989ab7a9dc5f42648142b57544a36e4ec4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 27 May 2023 17:58:22 +0200
Subject: [PATCH 0988/3949] fix jwt_secret

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e8c88fae..b71d2e73 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -547,6 +547,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update onlyoffice
     fi
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true

From c1bd5add9d6f4b324e605f807c5b18c0f193ab17 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 May 2023 13:00:52 +0000
Subject: [PATCH 0989/3949] Bump docker from 23.0.6-cli to 24.0.2-cli in
 /Containers/mastercontainer

Bumps docker from 23.0.6-cli to 24.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c9deb376..e9f408ac 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.6-cli as docker
+FROM docker:24.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From cc606bce8ddd8ca5977fd7bd702bef70f182463f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 29 May 2023 19:18:59 +0200
Subject: [PATCH 0990/3949] add note regarding cloudflare tunnel local access

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 225baf67..2f183c12 100644
--- a/readme.md
+++ b/readme.md
@@ -192,6 +192,7 @@ If you have the NAS setup on your local network (which is most often the case) y
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
 
 ### Notes on Cloudflare (proxy/tunnel)
+- Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
 - It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
@@ -236,7 +237,11 @@ No and they will not be. Please use a dedicated domain for Nextcloud and set it
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
+Please note that local access is not possible if you should be running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+
+Please make sure that if you should be running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+
+Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 - https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
 - https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/

From 2d41a606ddeb4005266e36d4484cbd9d086c1380 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 29 May 2023 19:24:58 +0200
Subject: [PATCH 0991/3949] adjust wording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 2f183c12..54f0863c 100644
--- a/readme.md
+++ b/readme.md
@@ -193,13 +193,13 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 
 ### Notes on Cloudflare (proxy/tunnel)
 - Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
-- It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
-- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
+- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 

From 41bf7bdd3cb0568da91dc70932d06c41ac710627 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 30 May 2023 08:57:22 +0000
Subject: [PATCH 0992/3949] Bump guzzlehttp/guzzle from 7.6.1 to 7.7.0 in /php

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.6.1 to 7.7.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.7/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/7.6.1...7.7.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fbe12ec7..9387411c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,21 +8,21 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.6.1",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
+                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
-                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/fb7566caccf22d74d1ab270de3551f72a58399f5",
+                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0",
                 "guzzlehttp/psr7": "^1.9.1 || ^2.4.5",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
@@ -34,7 +34,8 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.1",
                 "ext-curl": "*",
-                "php-http/client-integration-tests": "^3.0",
+                "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
+                "php-http/message-factory": "^1.1",
                 "phpunit/phpunit": "^8.5.29 || ^9.5.23",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
@@ -113,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.6.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.7.0"
             },
             "funding": [
                 {
@@ -129,38 +130,37 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-15T20:43:01+00:00"
+            "time": "2023-05-21T14:04:53+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "1.5.2",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
+                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
-                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
+                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5"
+                "php": "^7.2.5 || ^8.0"
             },
             "require-dev": {
-                "symfony/phpunit-bridge": "^4.4 || ^5.1"
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-master": "1.5-dev"
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
                 }
             },
             "autoload": {
-                "files": [
-                    "src/functions_include.php"
-                ],
                 "psr-4": {
                     "GuzzleHttp\\Promise\\": "src/"
                 }
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.5.2"
+                "source": "https://github.com/guzzle/promises/tree/2.0.0"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-28T14:55:35+00:00"
+            "time": "2023-05-21T13:50:22+00:00"
         },
         {
             "name": "guzzlehttp/psr7",

From fc47aa468a3d0ee39823e25360eabaef85ff6d1b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 11:27:39 +0200
Subject: [PATCH 0993/3949] improve wording

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index eb10d7c9..71307150 100644
--- a/readme.md
+++ b/readme.md
@@ -28,7 +28,7 @@ Included are:
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
-- Brotli compression enabled by default for javascript files which reduces load times
+- Brotli compression enabled by default for javascript files which reduces Nextcloud load times
 - HTTP/2 and HTTP/3 enabled
 - "Pretty URLs" for Nextcloud are enabled by default (removes the index.php from all links)
 - Video previews work out of the box and when Imaginary is enabled, many recent image formats as well!

From 8c85e1ef2ecfb4646e03b3461d9b1cf3b5d14e52 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 11:28:29 +0200
Subject: [PATCH 0994/3949] adjust wording

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index d321dc41..69c578d6 100644
--- a/readme.md
+++ b/readme.md
@@ -337,7 +337,7 @@ Be aware that this solution does not back up files and folders that are mounted
 ---
 
 #### How to adjust borgs retention policy?
-The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the upload limit by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
 #### Are remote borg backups supported?
 

From e5a6449a3439ae327bfccddc466413021bfa4a2a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 30 May 2023 09:42:19 +0000
Subject: [PATCH 0995/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index fa82250c..d700570c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 5.1.0
+version: 5.2.2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index acd1479b..27e3e9f9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230511_075831-latest
+          image: nextcloud/aio-apache:20230530_084406-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2ea0d0bc..0a06a0fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230511_075831-latest
+          image: nextcloud/aio-clamav:20230530_084406-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 164e924c..dc43182d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230511_075831-latest
+          image: nextcloud/aio-collabora:20230530_084406-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index ef64dfe3..e0103cf4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230511_075831-latest
+          image: nextcloud/aio-postgresql:20230530_084406-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index b8f48660..ae8b33ef 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230511_075831-latest
+          image: nextcloud/aio-fulltextsearch:20230530_084406-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 85864f47..425d1f8c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230511_075831-latest
+          image: nextcloud/aio-imaginary:20230530_084406-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 967d90ec..f10b8f95 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230511_075831-latest
+          image: nextcloud/aio-nextcloud:20230530_084406-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9384d233..66610144 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230511_075831-latest
+          image: nextcloud/aio-onlyoffice:20230530_084406-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0d9b46d0..0e28652e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230511_075831-latest
+          image: nextcloud/aio-redis:20230530_084406-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 8d0ef0ac..bdbb06a9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230511_075831-latest
+          image: nextcloud/aio-talk:20230530_084406-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From c50132a27ac927d4caa23b777f1454eefed4c4ca Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 3 May 2023 16:32:24 +0200
Subject: [PATCH 0996/3949] optimize nextcloud Dockerfile

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/Dockerfile | 131 ++++++++++++--------------------
 1 file changed, 49 insertions(+), 82 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0607bb84..9f2691cd 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,6 +1,27 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
 FROM php:8.1.19-fpm-alpine3.17
 
+VOLUME /var/www/html
+
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
+
+ENV NEXTCLOUD_VERSION 26.0.2
+
+COPY *.sh upgrade.exclude /
+COPY config/* /usr/src/nextcloud/config/
+
+ENV NEXTCLOUD_UPDATE=1
+
+COPY supervisord.conf /supervisord.conf
+
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 notify.sh /notify.sh
+COPY --chmod=775 notify-all.sh /notify-all.sh
+
+VOLUME /mnt/ncdata
+
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
     apk add --no-cache shadow; \
@@ -8,22 +29,14 @@ RUN set -ex; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     addgroup -g 33 -S www-data; \
-    adduser -u 33 -D -S -G www-data www-data
-
-# entrypoint.sh and cron.sh dependencies
-RUN set -ex; \
+    adduser -u 33 -D -S -G www-data www-data; \
     \
+# entrypoint.sh and cron.sh dependencies
     apk add --no-cache \
         rsync \
-    ;
-
+    ; \
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 10G
-ENV PHP_MAX_TIME 3600
-RUN set -ex; \
-    \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
         autoconf \
@@ -80,11 +93,11 @@ RUN set -ex; \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
     apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps
-
+    apk del .build-deps; \
+    \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
-RUN { \
+    { \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
@@ -104,13 +117,8 @@ RUN { \
     \
     mkdir /var/www/data; \
     chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www
-
-VOLUME /var/www/html
-
-ENV NEXTCLOUD_VERSION 26.0.2
-
-RUN set -ex; \
+    chmod -R g=u /var/www; \
+    \
     apk add --no-cache --virtual .fetch-deps \
         bzip2 \
         gnupg \
@@ -130,27 +138,16 @@ RUN set -ex; \
     mkdir -p /usr/src/nextcloud/data; \
     mkdir -p /usr/src/nextcloud/custom_apps; \
     chmod +x /usr/src/nextcloud/occ; \
-    apk del .fetch-deps
-
-COPY *.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["php-fpm"]
-
-# Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
-
-RUN set -ex; \
+    apk del .fetch-deps; \
     \
+# Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
     apk add --no-cache \
         ffmpeg \
         procps \
         samba-client \
         supervisor \
 #       libreoffice \
-    ;
-
-RUN set -ex; \
+    ; \
     \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
@@ -178,21 +175,12 @@ RUN set -ex; \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
     apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps
-
-RUN mkdir -p \
+    apk del .build-deps; \
+    \
+    mkdir -p \
     /var/log/supervisord \
     /var/run/supervisord \
-;
-
-COPY supervisord.conf /
-
-ENV NEXTCLOUD_UPDATE=1
-
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
-
-# Custom:
-RUN set -ex; \
+    ; \
     \
     apk add --no-cache \
         bash \
@@ -206,60 +194,39 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
-        coreutils;
-
-RUN set -ex; \
+        coreutils; \
+    \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
-
-RUN set -ex; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
+    \
     rm -rf /tmp/nextcloud-aio && \
     mkdir -p /tmp/nextcloud-aio && \
     cd /tmp/nextcloud-aio && \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/
-
-RUN set -ex; \
+    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+    \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
-    rm -r /usr/src/nextcloud/apps/updatenotification
-
-COPY start.sh /
-COPY notify.sh /
-COPY notify-all.sh /
-RUN set -ex; \
-    chmod +x /start.sh && \
-    chmod +x /entrypoint.sh && \
-    chmod +r /upgrade.exclude && \
-    chmod +x /cron.sh && \
-    chmod +x /notify.sh && \
-    chmod +x /notify-all.sh && \
-    chmod +x /run-exec-commands.sh && \
-    chmod +x /healthcheck.sh
-
-RUN set -ex; \
-    mkdir /mnt/ncdata; \
-    chown www-data:www-data /mnt/ncdata;
-
-VOLUME /mnt/ncdata
-
-RUN set -ex; \
+    rm -r /usr/src/nextcloud/apps/updatenotification; \
+    chown www-data:www-data /mnt/ncdata; \
+    \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater
-
+    chmod -R 770 /nc-updater; \
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER root
 ENTRYPOINT ["/start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From d18b58d2a1ce6d3074aa9ab11e3cfc7a79cb7791 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 14:47:02 +0200
Subject: [PATCH 0997/3949] re-order some things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9f2691cd..99c6d3f4 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,26 +1,18 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
 FROM php:8.1.19-fpm-alpine3.17
 
-VOLUME /var/www/html
-
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-
 ENV NEXTCLOUD_VERSION 26.0.2
 
-COPY *.sh upgrade.exclude /
+COPY --chmod=775 *.sh /
+COPY upgrade.exclude /upgrade.exclude
 COPY config/* /usr/src/nextcloud/config/
-
-ENV NEXTCLOUD_UPDATE=1
-
 COPY supervisord.conf /supervisord.conf
 
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 notify.sh /notify.sh
-COPY --chmod=775 notify-all.sh /notify-all.sh
-
 VOLUME /mnt/ncdata
+VOLUME /var/www/html
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \

From 675de94bcfdfab05f1ac9aa46170c2f75a1d6469 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 11:57:10 +0200
Subject: [PATCH 0998/3949] adjust review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 99c6d3f4..dd749aa8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,8 +7,8 @@ ENV PHP_MAX_TIME 3600
 ENV NEXTCLOUD_VERSION 26.0.2
 
 COPY --chmod=775 *.sh /
-COPY upgrade.exclude /upgrade.exclude
-COPY config/* /usr/src/nextcloud/config/
+COPY --chmod=774 upgrade.exclude /upgrade.exclude
+COPY config/*.php /
 COPY supervisord.conf /supervisord.conf
 
 VOLUME /mnt/ncdata
@@ -130,6 +130,8 @@ RUN set -ex; \
     mkdir -p /usr/src/nextcloud/data; \
     mkdir -p /usr/src/nextcloud/custom_apps; \
     chmod +x /usr/src/nextcloud/occ; \
+    mkdir -p /usr/src/nextcloud/config; \
+    mv /*.php /usr/src/nextcloud/config/; \
     apk del .fetch-deps; \
     \
 # Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile

From c854e681883391a63f368ec386b03b2c80d709f9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 12:10:34 +0200
Subject: [PATCH 0999/3949] fix build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dd749aa8..3e6e115e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN set -ex; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
-    mkdir /var/www/data; \
+    mkdir -p /var/www/data; \
     chown -R www-data:root /var/www; \
     chmod -R g=u /var/www; \
     \
@@ -209,7 +209,6 @@ RUN set -ex; \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
     rm -r /usr/src/nextcloud/apps/updatenotification; \
-    chown www-data:www-data /mnt/ncdata; \
     \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \

From e2dd2f8fcf006610cd1eb4bf0ec9dd6841daff70 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 11:44:57 +0200
Subject: [PATCH 1000/3949] rework getbackupvolumes and getallbackupvolumes to
 be a bit more easy to read and understand

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6fe3ccf7..439deb4d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -510,29 +510,24 @@ class DockerActionManager
         }
     }
 
-    private function getBackupVolumes(string $id) : array
+    private function getBackupVolumes(string $id) : string
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
-        $backupVolumes = $container->GetBackupVolumes();
-
+        $backupVolumes = '';
+        foreach ($container->GetBackupVolumes() as $backupVolume) {
+            $backupVolumes .= $backupVolume . ' ';
+        }
         foreach ($container->GetDependsOn() as $dependency) {
-            $backupVolumes[] = $this->getBackupVolumes($dependency);
+            $backupVolumes .= $this->getBackupVolumes($dependency);
         }
         return $backupVolumes;
     }
 
     private function getAllBackupVolumes() : array {
         $id = 'nextcloud-aio-apache';
-        $backupVolumesArray = $this->getBackupVolumes($id);
-        // Flatten array
-        $backupVolumesArrayFlat = iterator_to_array(
-            new \RecursiveIteratorIterator(
-                new \RecursiveArrayIterator($backupVolumesArray)
-            ),
-            $use_keys = false
-        );
-        return array_unique($backupVolumesArrayFlat);
+        $backupVolumesArray = explode(' ', $this->getBackupVolumes($id));
+        return array_unique($backupVolumesArray);
     }
 
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {

From bd550313bd042ae6519994d29fdbb26df307c26b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 16:25:24 +0200
Subject: [PATCH 1001/3949] print out borg_prune_opts

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 2aaea7b0..a3b27b68 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -167,9 +167,8 @@ if [ "$BORG_MODE" = backup ]; then
     rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
 
     # Prune options
-    set -x
     read -ra BORG_PRUNE_OPTS <<< "$BORG_RETENTION_POLICY"
-    set +x
+    echo "BORG_PRUNE_OPTS are ${BORG_PRUNE_OPTS[*]}"
 
     # Prune archives
     echo "Pruning the archives..."

From a4ad1bfe9a4561a67ab8352e0e3b669b599fc9df Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 16:44:43 +0200
Subject: [PATCH 1002/3949] increase aio app version to 0.4.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 584765cf..b853732f 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.3.0</version>
+	<version>0.4.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>

From 0e9d9ac21580b3a33128a218c859b491a4ce5a17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 17:41:13 +0200
Subject: [PATCH 1003/3949] increase to 6.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ff77349a..ac8f896e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.2.2</h1>
+        <h1>Nextcloud AIO v6.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From e61b55ceab7165c15eee29e29dbbf4901321d31d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 19:24:48 +0200
Subject: [PATCH 1004/3949] manual-install - reorder example.conf and list todo
 values last

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 0c82179a..0d2c720b 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -89,6 +89,15 @@ sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
+grep  '# TODO!' sample.conf > todo.conf
+grep -v '# TODO!\|_ENABLED' sample.conf > temp.conf
+grep '_ENABLED' sample.conf > enabled.conf
+cat todo.conf > sample.conf
+echo '' >> sample.conf
+cat enabled.conf >> sample.conf
+echo '' >> sample.conf
+cat temp.conf >> sample.conf
+rm todo.conf temp.conf enabled.conf
 cat sample.conf
 
 OUTPUT="$(cat containers.yml)"

From 0ea456ace1688a2d69cc88ca77229fc1272331bd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 19:36:19 +0200
Subject: [PATCH 1005/3949] fix SC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 0d2c720b..e5d5eb05 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -93,6 +93,7 @@ grep  '# TODO!' sample.conf > todo.conf
 grep -v '# TODO!\|_ENABLED' sample.conf > temp.conf
 grep '_ENABLED' sample.conf > enabled.conf
 cat todo.conf > sample.conf
+# shellcheck disable=SC2129
 echo '' >> sample.conf
 cat enabled.conf >> sample.conf
 echo '' >> sample.conf

From 27d99efebfb5e7f9f89043ee1ee11018ab9dcc75 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 13:37:39 +0200
Subject: [PATCH 1006/3949] fix twig-lint

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/twig-lint.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 2bb89e70..3cab05f8 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -30,6 +30,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
+          extensions: apcu
           coverage: none
 
       - name: twig lint

From cf1efa9bb0fb83a7b042d8a3622499e5357b9740 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 16:46:19 +0200
Subject: [PATCH 1007/3949] allow to specify read_only root FS in containers
 definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 3 +++
 php/src/Container/Container.php        | 7 +++++++
 php/src/ContainerDefinitionFetcher.php | 6 ++++++
 php/src/Docker/DockerActionManager.php | 2 ++
 4 files changed, 18 insertions(+)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 69c04100..43d59844 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -121,6 +121,9 @@
 							"minlength": 1
 						}
 					},
+					"read_only": {
+						"type": "boolean"
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index a89374c6..6fa6585b 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -30,6 +30,7 @@ class Container {
     /** @var string[] */
     private array $backupVolumes;
     private array $nextcloudExecCommands;
+    private bool $readOnlyRootFs;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -50,6 +51,7 @@ class Container {
         bool $apparmorUnconfined,
         array $backupVolumes,
         array $nextcloudExecCommands,
+        bool $readOnlyRootFs,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -69,6 +71,7 @@ class Container {
         $this->apparmorUnconfined = $apparmorUnconfined;
         $this->backupVolumes = $backupVolumes;
         $this->nextcloudExecCommands = $nextcloudExecCommands;
+        $this->readOnlyRootFs = $readOnlyRootFs;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -88,6 +91,10 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetReadOnlySetting() : bool {
+        return $this->readOnlyRootFs;
+    }
+
     public function GetShmSize() : int {
         return $this->shmSize;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 82ebcfb1..9d5c906e 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -254,6 +254,11 @@ class ContainerDefinitionFetcher
                 $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
             }
 
+            $readOnlyRootFs = false;
+            if (isset($entry['read_only'])) {
+                $readOnlyRootFs = $entry['read_only'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -272,6 +277,7 @@ class ContainerDefinitionFetcher
                 $apparmorUnconfined,
                 $backupVolumes,
                 $nextcloudExecCommands,
+                $readOnlyRootFs,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 903f912b..f9c86f25 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -377,6 +377,8 @@ class DockerActionManager
         }
 
         $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+
+        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
  
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {

From 8f54de363f0f93ffa9bec9f530f982dbefdee2b5 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 31 May 2023 17:27:11 +0200
Subject: [PATCH 1008/3949] reaname compose file to compose.yaml

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .gitignore                         |  1 +
 docker-compose.yml => compose.yaml | 10 ++++------
 manual-install/readme.md           |  9 +++++----
 manual-install/update-yaml.sh      |  5 +----
 readme.md                          |  6 +++---
 reverse-proxy.md                   |  6 +++---
 6 files changed, 17 insertions(+), 20 deletions(-)
 rename docker-compose.yml => compose.yaml (99%)

diff --git a/.gitignore b/.gitignore
index db327d1d..68634fe2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,5 @@
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml
+/manual-install/compose.yaml
 /manual-install/.env
diff --git a/docker-compose.yml b/compose.yaml
similarity index 99%
rename from docker-compose.yml
rename to compose.yaml
index e4a98548..473f4dfe 100644
--- a/docker-compose.yml
+++ b/compose.yaml
@@ -1,9 +1,3 @@
-version: "3.8"
-
-volumes:
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
-
 services:
   nextcloud:
     image: nextcloud/all-in-one:latest
@@ -51,6 +45,10 @@ services:
   #     - ./sites:/srv
   #   network_mode: "host"
 
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+
 # # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
 # # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
 # # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
diff --git a/manual-install/readme.md b/manual-install/readme.md
index a5c6b380..6f7a39e3 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -16,14 +16,14 @@ You can run the containers that are build for AIO with docker-compose. This come
 - Probably more
 
 ## How to use this?
-First, install docker and docker-compose if not already done. Then simply run the following:
+First, install docker and docker-compose (v2) if not already done. Then simply run the following:
 ```bash
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
 Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
 
-Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml compose.yaml`.
 
 Now you should be ready to go with `sudo docker-compose up`.
 
@@ -34,10 +34,11 @@ For a complete all-in-one with collabora use `sudo docker-compose --profile coll
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
+1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml`
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index e5d5eb05..fba83024 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -119,10 +119,7 @@ done
 
 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
 
-echo 'version: "3.8"' > containers.yml
-echo "" >> containers.yml
-
-echo "$OUTPUT" >> containers.yml
+echo "$OUTPUT" > containers.yml
 
 sed -i '/container_name/d' containers.yml
 sed -i 's|^ $||' containers.yml
diff --git a/readme.md b/readme.md
index 50770e1d..fe2b6452 100644
--- a/readme.md
+++ b/readme.md
@@ -53,7 +53,7 @@ Included are:
 - Can be used with [Docker rootles](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
 - Runs on all platforms Docker supports (e.g. also on Windows and Macos)
 - Included containers easy to debug by having the possibility to check their logs directly from the AIO interface
-- [Docker-compose ready](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml)
+- [Docker-compose ready](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml)
 - Can be installed [without a container having access to the docker socket](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
 - Can be installed with [Docker Swarm](https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm)
 - Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
@@ -108,7 +108,7 @@ The following instructions are meant for installations without a web server or r
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
     - `nextcloud/all-in-one:latest` This is the docker container image that is used.
-    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
     </details>
 
     Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -190,7 +190,7 @@ If you have the NAS setup on your local network (which is most often the case) y
 </details>
 
 ### How to run AIO with Portainer?
-The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
+The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
 ### Notes on Cloudflare (proxy/tunnel)
 - Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4547ee7b..ac0ef181 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -100,7 +100,7 @@ https://<your-nc-domain>:443 {
     reverse_proxy localhost:11000
 }
 ```
-The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `docker-compose.yml` file prior to starting the container.
+The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
@@ -339,7 +339,7 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
 
 <summary>click here to expand</summary>
 
-First, please make sure that the environmental variables `PUID` and `PGID` in the docker-compose.yml file for NPM are either unset or set to `0`.
+First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`.
 
 Second, see these screenshots for a working config:
 
@@ -617,7 +617,7 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 ### Inspiration for a docker-compose file
 
-Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
 ## 3. Limit the access to the apache container
 

From 23d5267375270dc47adc0ce8ee555d37d6a830bc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Jun 2023 09:58:22 +0200
Subject: [PATCH 1009/3949] adjust details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-rootless.md       | 2 +-
 manual-install/readme.md | 6 +++---
 readme.md                | 2 +-
 reverse-proxy.md         | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 76d57d6d..a3894a64 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
-1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
 
diff --git a/manual-install/readme.md b/manual-install/readme.md
index 6f7a39e3..ee6e8dd9 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -11,7 +11,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- **You need to know what you are doing, especially when modifying the docker-compose file**
+- **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
 
@@ -23,7 +23,7 @@ cd all-in-one/manual-install
 ```
 Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
 
-Now copy the provided yaml file to a docker-compose file by running `cp latest.yml compose.yaml`.
+Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
 
 Now you should be ready to go with `sudo docker-compose up`.
 
@@ -38,7 +38,7 @@ Since the AIO containers may change in the future, it is highly recommended to s
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml`
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.
diff --git a/readme.md b/readme.md
index fe2b6452..f2da5577 100644
--- a/readme.md
+++ b/readme.md
@@ -53,7 +53,7 @@ Included are:
 - Can be used with [Docker rootles](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
 - Runs on all platforms Docker supports (e.g. also on Windows and Macos)
 - Included containers easy to debug by having the possibility to check their logs directly from the AIO interface
-- [Docker-compose ready](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml)
+- [Docker-compose ready](./compose.yaml)
 - Can be installed [without a container having access to the docker socket](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
 - Can be installed with [Docker Swarm](https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm)
 - Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
diff --git a/reverse-proxy.md b/reverse-proxy.md
index ac0ef181..293d9fac 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -568,7 +568,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
-(For an docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
+(For a docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
 
 ```
 # For Linux:

From a51d43c074818dfde1d60d086d29100ebf7a2535 Mon Sep 17 00:00:00 2001
From: Anth0rx <pascal@dengconsult.systems>
Date: Wed, 31 May 2023 14:50:53 +0200
Subject: [PATCH 1010/3949] Switch from mawk to built-in awk

Signed-off-by: Anth0rx <pascal@dengconsult.systems>
---
 Containers/nextcloud/Dockerfile    | 1 -
 Containers/nextcloud/entrypoint.sh | 2 +-
 Containers/postgresql/Dockerfile   | 2 +-
 Containers/postgresql/start.sh     | 2 +-
 4 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3e6e115e..025b5c24 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -184,7 +184,6 @@ RUN set -ex; \
         git \
         postgresql-client \
         tzdata \
-        mawk \
         sudo \
         grep \
         nodejs \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9887629e..aa22558c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -22,7 +22,7 @@ redis.session.lock_wait_time = 10000
 REDIS_CONF
 
 echo "Setting php max children..."
-MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
 PHP_MAX_CHILDREN=$((MEMORY/50))
 if [ -n "$PHP_MAX_CHILDREN" ]; then
     sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index e468624f..2e942b6d 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -6,7 +6,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
 RUN set -ex; \
-    apk add --no-cache bash openssl shadow grep mawk; \
+    apk add --no-cache bash openssl shadow grep; \
     \
 # We need to use the same gid and uid as on old installations
     deluser postgres; \
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 01092bbe..0a88e5cb 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -147,7 +147,7 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
 fi
 
 echo "Setting max connections..."
-MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
 MAX_CONNECTIONS=$((MEMORY/50+3))
 if [ -n "$MAX_CONNECTIONS" ]; then
     sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"

From 6733a7407cd8b3e2871aac5b5e49777589e6a29e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Jun 2023 14:26:13 +0200
Subject: [PATCH 1011/3949] update ES to 8.x

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 01c0ff29..69c9a9fd 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.10
+FROM elasticsearch:8.7.1
 
 RUN set -ex; \
     \

From 18804f8a7959e8f0ef49f8667e54abc8d361d6e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Jun 2023 14:31:38 +0200
Subject: [PATCH 1012/3949] Remove collaboras font volume as it does not seem
 to be used

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 8d7f9cde..fabf3fd4 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -221,13 +221,6 @@
         "server_name=%NC_DOMAIN%",
         "DONT_GEN_SSL_CERT=1"
       ],
-      "volumes": [
-        {
-          "source": "nextcloud_aio_collabora_fonts",
-          "destination": "/opt/cool/systemplate/tmpfonts",
-          "writeable": true
-        }
-      ],
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating collabora config...'",

From af084c7c397a672dedbe84c7acbef562b40985f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Molakvo=C3=A6?= <skjnldsv@protonmail.com>
Date: Thu, 1 Jun 2023 16:07:18 +0200
Subject: [PATCH 1013/3949] chore: update workflows from templates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
---
 .github/workflows/lint-php.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index adcea581..8d7f63f8 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -10,6 +10,8 @@ on:
   push:
     branches:
       - main
+      - master
+      - stable*
 
 permissions:
   contents: read
@@ -23,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.2" ]
+        php-versions: [ "8.0", "8.1", "8.2" ]
 
     name: php-lint
 
@@ -32,7 +34,7 @@ jobs:
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2
+        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
@@ -41,7 +43,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: cd php && composer run lint
+        run: composer run lint
 
   summary:
     permissions:

From df068a809b4f4661dd52642d28fe9359be57bbfd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Jun 2023 16:16:15 +0200
Subject: [PATCH 1014/3949] adjust workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 8d7f63f8..bbace7f3 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.0", "8.1", "8.2" ]
+        php-versions: [ "8.2" ]
 
     name: php-lint
 
@@ -43,7 +43,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: composer run lint
+        run: cd php && composer run lint
 
   summary:
     permissions:

From 78e7af4ae0c0110b77b1e6f4324eec57062b1a00 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 2 Jun 2023 10:26:48 +0200
Subject: [PATCH 1015/3949] add entry about running AIO offline or in airgapped
 system

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index f2da5577..46ec48d4 100644
--- a/readme.md
+++ b/readme.md
@@ -225,6 +225,9 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 ### How to run Nextcloud locally?
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md)
 
+### Can I run AIO offline or in an airgapped system?
+No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
+
 ### Are self-signed certificates supported for Nextcloud?
 No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md).
 

From 0f9b230c9bd1735b94c57455182b923a40406821 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 2 Jun 2023 14:18:50 +0200
Subject: [PATCH 1016/3949] remove the updatenotification app also if already
 updating to next major version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9887629e..586cbc1f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -253,7 +253,6 @@ DATADIR_PERMISSION_CONF
                 php /var/www/html/occ config:system:set updater.release.channel --value=beta
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
                 php /var/www/html/updater/updater.phar --no-interaction
-                php /var/www/html/occ app:enable nextcloud-aio --force
                 if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                     echo "Installation of Nextcloud failed!"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -264,8 +263,6 @@ DATADIR_PERMISSION_CONF
                 INSTALLED_MAJOR="${installed_version%%.*}"
                 IMAGE_MAJOR="${image_version%%.*}"
                 if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/occ config:system:set updater.release.channel --value=beta
-                    php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
                     php /var/www/html/updater/updater.phar --no-interaction
                     if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                         echo "Installation of Nextcloud failed!"
@@ -273,7 +270,10 @@ DATADIR_PERMISSION_CONF
                         exit 1
                     fi
                 fi
+                php /var/www/html/occ app:disable updatenotification
+                rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ config:system:set updater.release.channel --value=stable
+                php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys

From 0368ce7ef9bdd062da28a88c268831a879e1c393 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 14:00:40 +0200
Subject: [PATCH 1017/3949] Make sure to disable apps that could not get
 enabled after an update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9887629e..809e3593 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -362,6 +362,7 @@ DATADIR_PERMISSION_CONF
                         if [ "${APPSTORAGE[$app]}" != "no" ]; then
                             echo "Enabling $app..."
                             if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                php /var/www/html/occ app:disable "$app" >/dev/null
                                 echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
                                 if [ "$app" = apporder ]; then
                                     CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."

From 3671cc9fe6c98cad28d18bdb2cec542c145c683c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 14:56:05 +0200
Subject: [PATCH 1018/3949] Dockerfiles - Add USER to all files

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile     | 1 +
 Containers/clamav/Dockerfile         | 3 +++
 Containers/fulltextsearch/Dockerfile | 2 ++
 Containers/onlyoffice/Dockerfile     | 2 ++
 Containers/watchtower/Dockerfile     | 2 ++
 5 files changed, 10 insertions(+)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 9b733788..cf48f52c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -16,6 +16,7 @@ VOLUME /root
 COPY --chmod=770 *.sh /
 
 ENTRYPOINT ["/start.sh"]
+USER root
 
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 5816a498..c7f0d234 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -7,4 +7,7 @@ RUN set -ex; \
     apk add --no-cache tzdata; \
     cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
     rm /tmp/clamav.conf
+
+USER clamav
+
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 01c0ff29..5a98d10e 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -11,5 +11,7 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*; \
     elasticsearch-plugin install --batch ingest-attachment
 
+USER 1000
+
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 53eac760..2f87e0c0 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,7 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:7.3.3.50
 
+# USER root is probably used
+
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 741b1c1e..ec8f30ad 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -8,5 +8,7 @@ COPY --from=watchtower /watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 
+USER root
+
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 93f14608f37ad6b8766b90e0f68b03c0bcc68572 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 15:04:17 +0200
Subject: [PATCH 1019/3949] clean up some files

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile                | 1 -
 Containers/mastercontainer/supervisord.conf | 1 +
 Containers/nextcloud/Dockerfile             | 1 -
 3 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 0e9c5ec1..8b6ce492 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,3 @@
-# Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.17
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 993d91d7..6dc04065 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -38,6 +38,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
+user=root
 
 [program:backup-time-file-watcher]
 stdout_logfile=/dev/stdout
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3e6e115e..fec996b0 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,3 @@
-# From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
 FROM php:8.1.19-fpm-alpine3.17
 
 ENV PHP_MEMORY_LIMIT 512M

From ccc953d183d99f55b9d62e208d6820911814b951 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 17:50:51 +0200
Subject: [PATCH 1020/3949] update-yml.sh - remove unit for stop_grace_period

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index fba83024..fcb1ca11 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -28,7 +28,6 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
-sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
 sed -i 's|- ip_binding: |- |' containers.yml

From ba6195815e2b24000056687a9de6a2c1140243bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 19:02:05 +0200
Subject: [PATCH 1021/3949] add Docker Lint and update some workflows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/create-psalm-container.yml | 54 --------------------
 .github/workflows/docker-lint.yml            | 49 ++++++++++++++++++
 .github/workflows/psalm-security.yml         | 25 ---------
 .github/workflows/twig-lint.yml              | 20 +-------
 4 files changed, 50 insertions(+), 98 deletions(-)
 delete mode 100644 .github/workflows/create-psalm-container.yml
 create mode 100644 .github/workflows/docker-lint.yml
 delete mode 100644 .github/workflows/psalm-security.yml

diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml
deleted file mode 100644
index 2f217c25..00000000
--- a/.github/workflows/create-psalm-container.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: Create Psalm Container
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '5 4 * * *'
-
-jobs:
-  push_to_registry:
-    runs-on: ubuntu-latest
-
-    name: Create Psalm Container
-
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
-      - name: Check out the repo
-        run: |
-          git clone https://github.com/psalm/psalm-github-actions.git
-      
-      - name: Modify the Dockerfile
-        run: |
-          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile"
-          cat << APCU >> "psalm-github-actions/Dockerfile"
-          RUN mkdir -p /usr/src/php/ext/apcu && \
-            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
-            docker-php-ext-install apcu
-          APCU
-
-      - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v2
-        with:
-          registry: docker.pkg.github.com
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build container image
-        uses: docker/build-push-action@v4
-        with:
-          push: true
-          context: 'psalm-github-actions'
-          file: 'psalm-github-actions/Dockerfile'
-          tags: |
-            ghcr.io/nextcloud/all-in-one-psalm:latest
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
new file mode 100644
index 00000000..f85818eb
--- /dev/null
+++ b/.github/workflows/docker-lint.yml
@@ -0,0 +1,49 @@
+name: Docker Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: docker-lint-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+
+    name: docker-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install npm and dockerfilelint
+        run: |
+          sudo apt-get install nodejs npm -y
+          npm install -g dockerfilelint
+          wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch
+          CURRENT_DIR=$PWD
+          cd /usr/local/lib/node_modules/dockerfilelint/
+          git apply 184.patch
+          cd $CURRENT_DIR
+          cat << RULES > ./.dockerfilelintrc
+          rules:
+            sudo_usage: off
+          RULES
+
+      - name: run lint
+        run: |
+          DOCKERFILES="$(find ./Containers -name Dockerfile)"
+          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
+          for file in "${DOCKERFILES[@]}"; do
+            dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
+          done
+          if grep "^Issues: [0-9]" ./dockerfilelint.log; then
+            exit 1
+          fi
diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml
deleted file mode 100644
index 1dd39fe8..00000000
--- a/.github/workflows/psalm-security.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Psalm Security Analysis
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  psalm:
-    name: Psalm
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Psalm
-        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
-        with:
-          relative_dir: php
-          security_analysis: true
-          composer_ignore_platform_reqs: false
-          report_file: results.sarif
-      - name: Upload Security Analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: php/results.sarif
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 3cab05f8..43506fc1 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -16,10 +16,6 @@ concurrency:
 jobs:
   twig-lint:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-versions: ["8.2"]
-
     name: twig-lint
 
     steps:
@@ -29,7 +25,7 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
+          php-version: 8.2
           extensions: apcu
           coverage: none
 
@@ -40,17 +36,3 @@ jobs:
           composer install
           chmod +x ./vendor/bin/twig-linter
           ./vendor/bin/twig-linter lint ./templates
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest
-    needs: twig-lint
-
-    if: always()
-
-    name: twig-lint-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi

From 2e19b5ab586c364fb04f755647c8b1e7d80eeabe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 20:24:27 +0200
Subject: [PATCH 1022/3949] only run workflows when they are actually needed

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/docker-lint.yml             |  4 ++
 .github/workflows/json-validator.yml          |  4 ++
 .github/workflows/lint-php.yml                |  6 ++-
 .../workflows/php-deprecation-detector.yml    |  4 ++
 .github/workflows/psalm-analysis.yml          | 28 -----------
 .github/workflows/psalm.yml                   | 49 +++++++++++++++++++
 .github/workflows/shellcheck.yml              |  6 ++-
 .github/workflows/twig-lint.yml               |  4 ++
 8 files changed, 74 insertions(+), 31 deletions(-)
 delete mode 100644 .github/workflows/psalm-analysis.yml
 create mode 100644 .github/workflows/psalm.yml

diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index f85818eb..00549c4f 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -2,9 +2,13 @@ name: Docker Lint
 
 on:
   pull_request:
+    paths:
+      - 'Containers/**'
   push:
     branches:
       - main
+    paths:
+      - 'Containers/**'
 
 permissions:
   contents: read
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index eaf03553..c2c10b1c 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -2,9 +2,13 @@ name: Json Validator
 
 on:
   pull_request:
+    paths:
+      - '**.json'
   push:
     branches:
       - main
+    paths:
+      - '**.json'
 
 jobs:
   psalm:
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index bbace7f3..1f55fb06 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -7,11 +7,13 @@ name: Lint php
 
 on:
   pull_request:
+    paths:
+      - 'php/**'
   push:
     branches:
       - main
-      - master
-      - stable*
+    paths:
+      - 'php/**'
 
 permissions:
   contents: read
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 7e4c625f..42cc6bc2 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -3,9 +3,13 @@ name: PHP Deprecation Detector
 
 on:
   pull_request:
+    paths:
+      - 'php/**'
   push:
     branches:
       - main
+    paths:
+      - 'php/**'
 
 jobs:
   psalm:
diff --git a/.github/workflows/psalm-analysis.yml b/.github/workflows/psalm-analysis.yml
deleted file mode 100644
index 6d367a52..00000000
--- a/.github/workflows/psalm-analysis.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: Psalm Analysis
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  psalm:
-    name: Psalm
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up php8.2
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: 8.2
-          extensions: apcu
-          coverage: none
-
-      - name: Run script
-        run: |
-          set -x
-          cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
-          composer install
-          composer run psalm
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
new file mode 100644
index 00000000..1d0a17bb
--- /dev/null
+++ b/.github/workflows/psalm.yml
@@ -0,0 +1,49 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Static analysis
+
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
+
+concurrency:
+  group: psalm-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+
+    name: Nextcloud
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Set up php
+        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
+        with:
+          php-version: 8.2
+          extensions: apcu
+          coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install dependencies
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+
+      - name: Run coding standards check
+        run: composer run psalm
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 3af43bb1..32848506 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -2,9 +2,13 @@ name: Shellcheck
 
 on:
   pull_request:
+    paths:
+      - '**.sh'
   push:
     branches:
       - main
+    paths:
+      - '**.sh'
 
 jobs:
   shellcheck:
@@ -13,7 +17,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@2.0.0
+      uses: ludeeus/action-shellcheck@v2
       with:
         check_together: 'yes'
       env:
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 43506fc1..27f09e47 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -2,9 +2,13 @@ name: Twig Lint
 
 on:
   pull_request:
+    paths:
+      - '**.twig'
   push:
     branches:
       - main
+    paths:
+      - '**.twig'
 
 permissions:
   contents: read

From 87381bbfa3aead0aea6531eca0e44eb06d8e4db8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 20:48:08 +0200
Subject: [PATCH 1023/3949] fix workflows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/psalm.yml      | 6 ++----
 .github/workflows/shellcheck.yml | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 1d0a17bb..0e16ae66 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -38,12 +38,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install dependencies
+      - name: Install dependencies and run psalm
         run: |
           set -x
           cd php
           composer global require vimeo/psalm --prefer-dist --no-progress --dev
           composer install
-
-      - name: Run coding standards check
-        run: composer run psalm
+          composer run psalm
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 32848506..e940d638 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@v2
+      uses: ludeeus/action-shellcheck@2.0.0
       with:
         check_together: 'yes'
       env:

From e8b85917c0bb327235072e6f0ba23b2892a6c69e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 18:05:29 +0200
Subject: [PATCH 1024/3949] try to speed up initial login by not removing the
 bridge network from mastercontainer but instead during cron.sh

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh     | 5 +++++
 php/src/Docker/DockerActionManager.php | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 03e5a724..384b1604 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -57,6 +57,11 @@ while true; do
     # Remove dangling images
     sudo -u www-data docker image prune --force
 
+    # Remove mastercontainer from default bridge network
+    if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
+        sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
+    fi
+
     # Wait 60s so that the whole loop will not be executed again
     sleep 60
 done
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 903f912b..283972aa 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -768,7 +768,8 @@ class DockerActionManager
     public function ConnectMasterContainerToNetwork() : void
     {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
-        $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
+        // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
+        // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void

From 6bbbe68fdb1ee4dd2ce580bdf886fb310825a893 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 4 Jun 2023 20:34:38 +0200
Subject: [PATCH 1025/3949] add http/3 docs to nginx reverse proxy docs

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 293d9fac..84546447 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -274,6 +274,11 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
+	
+    # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # listen 443 quic;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # listen [::]:443 quic;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400'; # uncomment to enable HTTP3/QUIC - supported on nginx v1.25.0+
 
     server_name <your-nc-domain>;
 

From aac2ad10ff486f5e97697c704c7ffdd7c1b4e9a9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 11:08:13 +0200
Subject: [PATCH 1026/3949] add note about SELinux and Docker Desktop

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 ++
 readme.md                           | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 10c3befa..15fbba3b 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -61,6 +61,8 @@ fi
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
+    echo "If you are on Docker Desktop v4.19 or higher, see https://github.com/nextcloud/all-in-one/issues/2450"
+    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir#are-there-known-problems-when-selinux-is-enabled"
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
diff --git a/readme.md b/readme.md
index 46ec48d4..ed337237 100644
--- a/readme.md
+++ b/readme.md
@@ -264,6 +264,9 @@ Afterwards it should work.<br>
 
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
 
+### Are there known problems when SELinux is enabled?
+Yes. If SELinux is enabled, you might need to add the `--security-opt label=disabled` option to the docker run command of the mastercontainer in order to allow it to access the docker socket. See https://github.com/nextcloud/all-in-one/discussions/485
+
 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
 

From 852a80dc0c9578d0b9875daa81ff3e30a5d14373 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 11:56:27 +0200
Subject: [PATCH 1027/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 readme.md                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 15fbba3b..c1929024 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -62,7 +62,7 @@ fi
 if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "If you are on Docker Desktop v4.19 or higher, see https://github.com/nextcloud/all-in-one/issues/2450"
-    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir#are-there-known-problems-when-selinux-is-enabled"
+    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
diff --git a/readme.md b/readme.md
index ed337237..95364d20 100644
--- a/readme.md
+++ b/readme.md
@@ -265,7 +265,7 @@ Afterwards it should work.<br>
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
 
 ### Are there known problems when SELinux is enabled?
-Yes. If SELinux is enabled, you might need to add the `--security-opt label=disabled` option to the docker run command of the mastercontainer in order to allow it to access the docker socket. See https://github.com/nextcloud/all-in-one/discussions/485
+Yes. If SELinux is enabled, you might need to add the `--security-opt label=disabled` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label=disabled"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485
 
 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.

From 8190482718976369b0b9fa86eacfda7b245d9e96 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 12:40:06 +0200
Subject: [PATCH 1028/3949] janus - enable full-trickle support

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/supervisord.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index c3c672a7..15fe4cd8 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,7 +27,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle
 
 [program:signaling]
 stdout_logfile=/dev/stdout

From 3604730d0b486a7195293fb2d0593a9bb6c5f840 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 5 Jun 2023 12:02:06 +0000
Subject: [PATCH 1029/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9387411c..8f6f3494 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1398,16 +1398,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.2.1",
+            "version": "v3.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e"
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
-                "reference": "e2d1534420bd723d0ef5aec58a22c5fe60ce6f5e",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/7c3aff79d10325257a001fcf92d991f24fc967cf",
+                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf",
                 "shasum": ""
             },
             "require": {
@@ -1416,7 +1416,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.3-dev"
+                    "dev-main": "3.4-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1445,7 +1445,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
             },
             "funding": [
                 {
@@ -1461,7 +1461,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-01T10:25:55+00:00"
+            "time": "2023-05-23T14:45:45+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",

From 56bb0771dad78f1e72192c69b272a81781b4c100 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 5 Jun 2023 12:02:28 +0000
Subject: [PATCH 1030/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  |  2 --
 manual-install/sample.conf | 30 ++++++++++++++++--------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 7e20ff51..87aff57a 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   nextcloud-aio-apache:
     depends_on:
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 27bbf17f..cb997428 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,34 +1,36 @@
+DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET=          # TODO! This needs to be a unique and good password!
+
+CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
-DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
-NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
-NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
 NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
-REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
-SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
-TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use

From 70f27ae30478ed894e09798be6da6699cc17869d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 15:05:14 +0200
Subject: [PATCH 1031/3949] allow to disable/enable talk-recording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh            | 11 +++++++
 php/containers.json                           | 33 +++++++++++++++++--
 php/public/disable-talk-recording.js          |  4 +++
 php/public/index.php                          |  1 +
 php/public/options-form-submit.js             | 18 ++++++++++
 php/src/ContainerDefinitionFetcher.php        |  8 +++++
 .../Controller/ConfigurationController.php    |  5 +++
 php/src/Data/ConfigurationManager.php         | 21 ++++++++++++
 php/src/Docker/DockerActionManager.php        |  6 ++++
 php/templates/containers.twig                 |  8 ++++-
 readme.md                                     |  1 +
 tests/QA/050-optional-addons.md               |  1 +
 12 files changed, 113 insertions(+), 4 deletions(-)
 create mode 100644 php/public/disable-talk-recording.js

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9887629e..9236378f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -583,6 +583,17 @@ else
     fi
 fi
 
+# Talk recording
+if [ -d "/var/www/html/custom_apps/spreed" ]; then
+    if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
+        # TODO: migrate to occ command if that becomes available
+        RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/talk-recording/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
+        php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
+    else
+        php /var/www/html/occ config:app:delete spreed recording_servers
+    fi
+fi
+
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
     count=0
diff --git a/php/containers.json b/php/containers.json
index 8d7f9cde..4723e33a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -6,6 +6,7 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
+        "nextcloud-aio-talk-recording",
         "nextcloud-aio-nextcloud"
       ],
       "display_name": "Apache",
@@ -23,6 +24,7 @@
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "COLLABORA_HOST=nextcloud-aio-collabora",
         "TALK_HOST=nextcloud-aio-talk",
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "APACHE_PORT=%APACHE_PORT%",
         "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
         "TZ=%TIMEZONE%",
@@ -170,7 +172,9 @@
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
-        "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%"
+        "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
+        "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
+        "RECORDING_SECRET=%RECORDING_SECRET%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -259,11 +263,34 @@
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
         "TZ=%TIMEZONE%",
-        "TALK_PORT=%TALK_PORT%"
+        "TALK_PORT=%TALK_PORT%",
+        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
       ],
       "secrets": [
         "TURN_SECRET",
-        "SIGNALING_SECRET"
+        "SIGNALING_SECRET",
+        "TALK_INTERNAL_SECRET"
+      ],
+      "restart": "unless-stopped"
+    },
+    {
+      "container_name": "nextcloud-aio-talk-recording",
+      "display_name": "Talk Recording",
+      "image": "nextcloud/aio-talk-recording",
+      "expose": [
+        "1234"
+      ],
+      "internal_port": "1234",
+      "environment": [
+        "NC_DOMAIN=%NC_DOMAIN%",
+        "TZ=%TIMEZONE%",
+        "RECORDING_SECRET=%RECORDING_SECRET%",
+        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
+      ],
+      "shm_size": 2147483648,
+      "secrets": [
+        "RECORDING_SECRET",
+        "TALK_INTERNAL_SECRET"
       ],
       "restart": "unless-stopped"
     },
diff --git a/php/public/disable-talk-recording.js b/php/public/disable-talk-recording.js
new file mode 100644
index 00000000..72c5de32
--- /dev/null
+++ b/php/public/disable-talk-recording.js
@@ -0,0 +1,4 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Talk-recording
+    document.getElementById("talk-recording").disabled = true;
+});
diff --git a/php/public/index.php b/php/public/index.php
index f75a514a..87421cdc 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -120,6 +120,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
+        'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index 6d017315..1b2262ce 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -3,6 +3,16 @@ function makeOptionsFormSubmitVisible() {
     optionsFormSubmit.style.display = 'block';
 }
 
+function handleTalkVisibility(talk) {
+    let talkRecording = document.getElementById("talk-recording")
+    if (talk.checked) {
+        talkRecording.disabled = false
+    } else {
+        talkRecording.checked = false
+        talkRecording.disabled = true
+    }
+}
+
 document.addEventListener("DOMContentLoaded", function(event) {
     // handle submit button for options form
     var optionsFormSubmit = document.getElementById("options-form-submit");
@@ -25,6 +35,14 @@ document.addEventListener("DOMContentLoaded", function(event) {
     // Talk
     var talk = document.getElementById("talk");
     talk.addEventListener('change', makeOptionsFormSubmitVisible);
+    talk.addEventListener('change', handleTalkVisibility);
+
+    // Talk-recording
+    var talkRecording = document.getElementById("talk-recording");
+    talkRecording.addEventListener('change', makeOptionsFormSubmitVisible);
+    if (!talk.checked) {
+        talkRecording.disabled = true
+    }
 
     // Imaginary
     var imaginary = document.getElementById("imaginary");
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 82ebcfb1..3185b63c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -81,6 +81,10 @@ class ContainerDefinitionFetcher
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
                 }
+            } elseif ($entry['container_name'] === 'nextcloud-aio-talk-recording') {
+                if (!$this->configurationManager->isTalkRecordingEnabled()) {
+                    continue;
+                }
             } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
                 if (!$this->configurationManager->isImaginaryEnabled()) {
                     continue;
@@ -179,6 +183,10 @@ class ContainerDefinitionFetcher
                         if (!$this->configurationManager->isTalkEnabled()) {
                             continue;
                         }
+                    } elseif ($value === 'nextcloud-aio-talk-recording') {
+                        if (!$this->configurationManager->isTalkRecordingEnabled()) {
+                            continue;
+                        }
                     } elseif ($value === 'nextcloud-aio-imaginary') {
                         if (!$this->configurationManager->isImaginaryEnabled()) {
                             continue;
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 561cec8c..9ed155ff 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -95,6 +95,11 @@ class ConfigurationController
                 } else {
                     $this->configurationManager->SetTalkEnabledState(0);
                 }
+                if (isset($request->getParsedBody()['talk-recording'])) {
+                    $this->configurationManager->SetTalkRecordingEnabledState(1);
+                } else {
+                    $this->configurationManager->SetTalkRecordingEnabledState(0);
+                }
                 if (isset($request->getParsedBody()['imaginary'])) {
                     $this->configurationManager->SetImaginaryEnabledState(1);
                 } else {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3b6ce07f..0a40366e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -230,6 +230,27 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    public function isTalkRecordingEnabled() : bool {
+        if (!$this->isTalkEnabled()) {
+            return false;
+        }
+        $config = $this->GetConfig();
+        if (isset($config['isTalkRecordingEnabled']) && $config['isTalkRecordingEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetTalkRecordingEnabledState(int $value) : void {
+        if (!$this->isTalkEnabled()) {
+            $value = 0;
+        }
+        $config = $this->GetConfig();
+        $config['isTalkRecordingEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 903f912b..b7383ca2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -278,6 +278,12 @@ class DockerActionManager
                     } else {
                         $replacements[1] = '';
                     }
+                } elseif ($out[1] === 'TALK_RECORDING_ENABLED') {
+                    if ($this->configurationManager->isTalkRecordingEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } elseif ($out[1] === 'ONLYOFFICE_ENABLED') {
                     if ($this->configurationManager->isOnlyofficeEnabled()) {
                         $replacements[1] = 'yes';
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ac8f896e..dde85fb4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -544,6 +544,11 @@
                         {% else %}
                             <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% endif %}
+                        {% if is_talk_recording_enabled == true %}
+                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Talk Recording (needs ~1GB additional RAM)</label><br>
+                        {% else %}
+                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Talk Recording (needs ~1GB additional RAM)</label><br>
+                        {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
                         {% else %}
@@ -552,7 +557,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Talk Recording or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 5GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}
@@ -562,6 +567,7 @@
                         <script type="text/javascript" src="disable-onlyoffice.js"></script>
                         <script type="text/javascript" src="disable-imaginary.js"></script>
                         <script type="text/javascript" src="disable-fulltextsearch.js"></script>
+                        <script type="text/javascript" src="disable-talk-recording.js"></script>
                     {% endif %}
 
                     {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
diff --git a/readme.md b/readme.md
index 46ec48d4..9acaee3a 100644
--- a/readme.md
+++ b/readme.md
@@ -6,6 +6,7 @@ Included are:
 - Nextcloud Office
 - High performance backend for Nextcloud Files
 - High performance backend for Nextcloud Talk and TURN-server
+- Nextcloud Talk Recording-server
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
 - Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
 - ClamAV (Antivirus backend for Nextcloud)
diff --git a/tests/QA/050-optional-addons.md b/tests/QA/050-optional-addons.md
index 9719839f..99296cf3 100644
--- a/tests/QA/050-optional-addons.md
+++ b/tests/QA/050-optional-addons.md
@@ -9,6 +9,7 @@
     - [ ] Nextcloud Talk by opening the Talk app in Nextcloud, creating a new chat and trying to join a call in this chat. Also verifying in the settings that the HPB and turn server work.
     - [ ] Imaginary by having a look if when uploading a new picture in Nextcloud, it adds some log entries to the container
     - [ ] Fulltextsearch by trying to search for a heading inside a file in Nextcloud
+    - [ ] Talk-recording by starting a call and trying to record something
 - [ ] When Collabora is enabled, it should show below the Optional Addons section a section where you can change the dictionaries for collabora. `de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru` should be a valid setting. E.g. `de.De` not. If already set, it should show a button that allows to remove the setting again.
 
 You can now continue with [060-environmental-variables.md](./060-environmental-variables.md)
\ No newline at end of file

From 4953ce95c6468d1e007769da7812f7efc41b5d9b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 18:44:36 +0200
Subject: [PATCH 1032/3949] dont expose it publicly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 php/containers.json                | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9236378f..a1734cb8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -587,7 +587,7 @@ fi
 if [ -d "/var/www/html/custom_apps/spreed" ]; then
     if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
         # TODO: migrate to occ command if that becomes available
-        RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/talk-recording/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
+        RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
         php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
     else
         php /var/www/html/occ config:app:delete spreed recording_servers
diff --git a/php/containers.json b/php/containers.json
index 4723e33a..9a8dfaab 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -24,7 +24,6 @@
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "COLLABORA_HOST=nextcloud-aio-collabora",
         "TALK_HOST=nextcloud-aio-talk",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "APACHE_PORT=%APACHE_PORT%",
         "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
         "TZ=%TIMEZONE%",
@@ -174,7 +173,8 @@
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
-        "RECORDING_SECRET=%RECORDING_SECRET%"
+        "RECORDING_SECRET=%RECORDING_SECRET%",
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording"
       ],
       "restart": "unless-stopped",
       "devices": [

From 625faf7cae175535419b22f75612d870b3120d2f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 6 Jun 2023 07:15:12 +0000
Subject: [PATCH 1033/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml      |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   |  2 +-
 .../nextcloud-aio-database-deployment.yaml    |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        |  2 +-
 nextcloud-aio-helm-chart/values.yaml          | 32 ++++++++++---------
 12 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index d700570c..41f68a9e 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 5.2.2
+version: 6.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 27e3e9f9..504c4fbe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230530_084406-latest
+          image: nextcloud/aio-apache:20230606_070951-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 0a06a0fc..537cbae7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230530_084406-latest
+          image: nextcloud/aio-clamav:20230606_070951-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index dc43182d..fb1b57ba 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230530_084406-latest
+          image: nextcloud/aio-collabora:20230606_070951-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index e0103cf4..391381f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230530_084406-latest
+          image: nextcloud/aio-postgresql:20230606_070951-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ae8b33ef..f2018626 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230530_084406-latest
+          image: nextcloud/aio-fulltextsearch:20230606_070951-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 425d1f8c..a117da25 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230530_084406-latest
+          image: nextcloud/aio-imaginary:20230606_070951-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index f10b8f95..6285972a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230530_084406-latest
+          image: nextcloud/aio-nextcloud:20230606_070951-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 66610144..5e60077f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230530_084406-latest
+          image: nextcloud/aio-onlyoffice:20230606_070951-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0e28652e..fc5c63ea 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230530_084406-latest
+          image: nextcloud/aio-redis:20230606_070951-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index bdbb06a9..7e883aea 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230530_084406-latest
+          image: nextcloud/aio-talk:20230606_070951-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 58c31213..f3f4ac3e 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,32 +1,34 @@
+DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
+NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
+ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET:           # TODO! This needs to be a unique and good password!
+
+CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
-DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
-NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
-NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
-NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
-REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
-SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
-TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value

From 216f8a1272a72bfe840cade4ec642c77c092f932 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 6 Jun 2023 09:22:33 +0200
Subject: [PATCH 1034/3949] add talk-recording container (#2645)

Signed-off-by: Zoey <zoey@z0ey.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml                   |   9 ++
 .github/workflows/talk.yml               |  46 ++++++++++
 Containers/talk-recording/Dockerfile     |  43 +++++++++
 Containers/talk-recording/recording.conf | 111 +++++++++++++++++++++++
 Containers/talk-recording/start.sh       |  52 +++++++++++
 Containers/talk/Dockerfile               |   2 +-
 Containers/talk/start.sh                 |   5 +-
 7 files changed, 266 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/talk.yml
 create mode 100644 Containers/talk-recording/Dockerfile
 create mode 100644 Containers/talk-recording/recording.conf
 create mode 100644 Containers/talk-recording/start.sh

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 71bf1f03..f39c749a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -108,6 +108,15 @@ updates:
   labels:
   - 3. to review
   - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/talk-recording"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
 - package-ecosystem: "docker"
   directory: "/Containers/watchtower"
   schedule:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
new file mode 100644
index 00000000..79834ce5
--- /dev/null
+++ b/.github/workflows/talk.yml
@@ -0,0 +1,46 @@
+name: talk-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  run_update:
+    name: update talk
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Run talk-update
+      run: |
+        # Spreed
+        spreed_version="$(
+          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | tail -1
+        )"
+        sed -i "s|git clone --recursive https://github.com/nextcloud/spreed --branch .* /src; \\\|git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch $spreed_version /src; \\\|" ./Containers/talk-recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
+        
+        # Signaling
+        signaling_version="$(
+          git ls-remote https://github.com/strukturag/nextcloud-spreed-signaling v*.*.* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | tail -1
+        )"
+        curl -L "https://raw.githubusercontent.com/strukturag/nextcloud-spreed-signaling/$signaling_version/server.conf.in" -o Containers/talk/server.conf.in
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        commit-message: talk-update automated change
+        signoff: true
+        title: talk update
+        body: Automated talk container update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: talk-container-update
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
new file mode 100644
index 00000000..1d2e6960
--- /dev/null
+++ b/Containers/talk-recording/Dockerfile
@@ -0,0 +1,43 @@
+FROM python:3.11.3-alpine3.18
+
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=664 recording.conf /etc/recording.conf
+
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        bash \
+        xvfb \
+        ffmpeg \
+        firefox \
+        libpulse \
+        bind-tools \
+        netcat-openbsd \
+        git \
+        wget \
+        shadow \
+        openssl; \
+    # chromium chromium-chromedriver?
+    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
+    useradd -d /tmp --system recording; \
+# Give root a random password
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch v16.0.3 /src; \
+    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
+    python3 -m pip install /src/recording/src; \
+    rm -rf /src; \
+    chown recording:recording-R \
+        /tmp; \
+    apk del --no-cache \
+        git \
+        wget \
+        shadow \
+        openssl;
+
+USER recording
+ENTRYPOINT ["/start.sh"]
+CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/etc/recording.conf"]
+
+HEALTHCHECK CMD nc -z localhost 1234 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf
new file mode 100644
index 00000000..5495333c
--- /dev/null
+++ b/Containers/talk-recording/recording.conf
@@ -0,0 +1,111 @@
+[logs]
+# Log level based on numeric values of Python logging levels:
+# - Critical: 50
+# - Error:    40
+# - Warning:  30
+# - Info:     20
+# - Debug:    10
+# - Not set:   0
+#level = 20
+
+[http]
+# IP and port to listen on for HTTP requests.
+listen = 0.0.0.0:1234
+
+[backend]
+# Allow any hostname as backend endpoint. This is extremely insecure and should
+# only be used during development.
+#allowall = false
+
+# Common shared secret for requests from and to the backend servers if
+# "allowall" is enabled. This must be the same value as configured in the
+# Nextcloud admin ui.
+#secret = the-shared-secret
+
+# Comma-separated list of backend ids allowed to connect.
+#backends = backend-id, another-backend
+
+# If set to "true", certificate validation of backend endpoints will be skipped.
+# This should only be enabled during development, e.g. to work with self-signed
+# certificates.
+# Overridable by backend.
+#skipverify = false
+
+# Maximum allowed size in bytes for messages sent by the backend.
+# Overridable by backend.
+#maxmessagesize = 1024
+
+# Width for recorded videos.
+# Overridable by backend.
+#videowidth = 1920
+
+# Height for recorded videos.
+# Overridable by backend.
+#videoheight = 1080
+
+# Temporary directory used to store recordings until uploaded. It must be
+# writable by the user running the recording server.
+# Overridable by backend.
+#directory = /tmp
+
+# Backend configurations as defined in the "[backend]" section above. The
+# section names must match the ids used in "backends" above.
+#[backend-id]
+# URL of the Nextcloud instance
+#url = https://cloud.domain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+#[another-backend]
+# URL of the Nextcloud instance
+#url = https://cloud.otherdomain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+[signaling]
+# Common shared secret for authenticating as an internal client of signaling
+# servers if a specific secret is not set for a signaling server. This must be
+# the same value as configured in the signaling server configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+# Comma-separated list of signaling servers with specific internal secrets.
+#signalings = signaling-id, another-signaling
+
+# Signaling server configurations as defined in the "[signaling]" section above.
+# The section names must match the ids used in "signalings" above.
+#[signaling-id]
+# URL of the signaling server
+#url = https://signaling.domain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+#[another-signaling]
+# URL of the signaling server
+#url = https://signaling.otherdomain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+[ffmpeg]
+# The options given to FFmpeg to encode the audio output. The options given here
+# fully override the default options for the audio output.
+#outputaudio = -c:a libopus
+
+# The options given to FFmpeg to encode the video output. The options given here
+# fully override the default options for the video output.
+#outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
+
+# The extension of the file for audio only recordings.
+#extensionaudio = .ogg
+
+# The extension of the file for audio and video recordings.
+#extensionvideo = .webm
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
new file mode 100644
index 00000000..907e1f82
--- /dev/null
+++ b/Containers/talk-recording/start.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Variables
+if [ -z "$NC_DOMAIN" ]; then
+    echo "You need to provide the NC_DOMAIN."
+    exit 1
+elif [ -z "$RECORDING_SECRET" ]; then
+    echo "You need to provide the RECORDING_SECRET."
+    exit 1
+elif [ -z "$INTERNAL_SECRET" ]; then
+    echo "You need to provide the INTERNAL_SECRET."
+    exit 1
+fi
+
+cat << RECORDING_CONF > "/etc/recording.conf"
+[logs]
+level = 30
+
+[http]
+listen = 0.0.0.0:1234
+
+[backend]
+allowall = false
+# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
+secret = ${RECORDING_SECRET}
+backends = backend-1
+skipverify = false
+maxmessagesize = 1024
+videowidth = 1920
+videoheight = 1080
+directory = /tmp
+
+[backend-1]
+url = https://${NC_DOMAIN}
+secret = ${RECORDING_SECRET}
+skipverify = false
+
+[signaling]
+signalings = signaling-1
+
+[signaling-1]
+url = https://${NC_DOMAIN}/standalone-signaling/
+internalsecret = ${INTERNAL_SECRET}
+
+[ffmpeg]
+# outputaudio = -c:a libopus
+# outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
+extensionaudio = .ogg
+extensionvideo = .webm
+RECORDING_CONF
+
+exec "$@"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index bc6ab53d..1d5f3899 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -63,7 +63,7 @@ ENV TALK_PORT=3478
 
 USER talk
 ENTRYPOINT ["start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index eac73616..fc0ca93b 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -10,6 +10,9 @@ elif [ -z "$TURN_SECRET" ]; then
 elif [ -z "$SIGNALING_SECRET" ]; then
     echo "You need to provide the SIGNALING_SECRET."
     exit 1
+elif [ -z "$INTERNAL_SECRET" ]; then
+    echo "You need to provide the INTERNAL_SECRET."
+    exit 1
 fi
 
 set -x
@@ -63,7 +66,7 @@ hashkey = $(openssl rand -hex 16)
 blockkey = $(openssl rand -hex 16)
 
 [clients]
-internalsecret = $(openssl rand -hex 16)
+internalsecret = ${INTERNAL_SECRET}
 
 [backend]
 backends = backend-1

From e9d8e1845a2e90666f77f96e7528890f966c542c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 09:26:14 +0200
Subject: [PATCH 1035/3949] wait for talk-recording to become available

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a1734cb8..2c32d0be 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -586,6 +586,10 @@ fi
 # Talk recording
 if [ -d "/var/www/html/custom_apps/spreed" ]; then
     if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
+        while ! nc -z "$TALK_RECORDING_HOST" 1234; do
+            echo "waiting for Talk Recording to become available..."
+            sleep 5
+        done
         # TODO: migrate to occ command if that becomes available
         RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
         php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"

From a05c2bffcddebfd4f208b5ec1d9c8486cc0f8675 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 09:44:11 +0200
Subject: [PATCH 1036/3949] make it save

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 809e3593..a5729696 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -363,6 +363,10 @@ DATADIR_PERMISSION_CONF
                             echo "Enabling $app..."
                             if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
                                 php /var/www/html/occ app:disable "$app" >/dev/null
+                                if ! php /var/www/html/occ -V &>/dev/null; then
+                                    rm -r "/var/www/html/custom_apps/$app"
+                                    php /var/www/html/occ maintenance:mode --off
+                                fi
                                 echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
                                 if [ "$app" = apporder ]; then
                                     CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."

From f430660ba2b245de1480b1ffdd764a511b13a473 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 10:19:34 +0200
Subject: [PATCH 1037/3949] adjustments to AIO_URL and AIO_TOKEN

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 manual-install/update-yaml.sh   | 7 +++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3e6e115e..84efdf08 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -5,6 +5,8 @@ ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
 ENV NEXTCLOUD_VERSION 26.0.2
+ENV AIO_TOKEN 123456
+ENV AIO_URL localhost
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index e5d5eb05..ccd998ab 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -32,6 +32,11 @@ sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
 sed -i 's|- ip_binding: |- |' containers.yml
+sed -i '/AIO_TOKEN/d' containers.yml
+sed -i '/AIO_URL/d' containers.yml
+
+sed -i '/AIO_TOKEN/d' sample.conf
+sed -i '/AIO_URL/d' sample.conf
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
@@ -76,8 +81,6 @@ sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When sett
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
-sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
-sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf

From 50779a329a2f0cb641a3e762d8fa16d2191146bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 00:21:17 +0200
Subject: [PATCH 1038/3949] add profiles and networks to container-schema.json

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh |  7 ----
 php/containers-schema.json    | 17 +++++++--
 php/containers.json           | 67 +++++++++++++++++++++++++++++++----
 3 files changed, 76 insertions(+), 15 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index fcb1ca11..532ca415 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -109,15 +109,8 @@ do
     if [ "$name" != "nextcloud-aio-apache" ]; then
         OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
     fi
-    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
-        sed -i '/container_name/d' containers.yml
-        SLIM_NAME="${name##nextcloud-aio-}"
-        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
-    fi
 done
 
-OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
-
 echo "$OUTPUT" > containers.yml
 
 sed -i '/container_name/d' containers.yml
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 69c04100..30c8f0a8 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -117,8 +117,21 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^(php /var/www/html/occ .*|echo .*)$",
-							"minlength": 1
+							"pattern": "^(php /var/www/html/occ .*|echo .*)$"
+						}
+					},
+					"profiles": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^[a-z-]+$"
+						}
+					},
+					"networks": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^nextcloud-aio$"
 						}
 					},
 					"volumes": {
diff --git a/php/containers.json b/php/containers.json
index 9280170f..45af71e5 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -46,6 +46,9 @@
       "backup_volumes": [
         "nextcloud_aio_nextcloud",
         "nextcloud_aio_apache"
+      ],
+      "networks": [
+        "nextcloud-aio"
       ]
     },
     {
@@ -84,6 +87,9 @@
       "backup_volumes": [
         "nextcloud_aio_database",
         "nextcloud_aio_database_dump"
+      ],
+      "networks": [
+        "nextcloud-aio"
       ]
     },
     {
@@ -182,6 +188,9 @@
       ],
       "backup_volumes": [
         "nextcloud_aio_nextcloud"
+      ],
+      "networks": [
+        "nextcloud-aio"
       ]
     },
     {
@@ -207,7 +216,10 @@
         "REDIS_PASSWORD",
         "ONLYOFFICE_SECRET"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "networks": [
+        "nextcloud-aio"
+      ]
     },
     {
       "container_name": "nextcloud-aio-collabora",
@@ -229,6 +241,12 @@
       "nextcloud_exec_commands": [
         "echo 'Activating collabora config...'",
         "php /var/www/html/occ richdocuments:activate-config"
+      ],
+      "profiles": [
+        "collabora"
+      ],
+      "networks": [
+        "nextcloud-aio"
       ]
     },
     {
@@ -264,7 +282,14 @@
         "SIGNALING_SECRET",
         "TALK_INTERNAL_SECRET"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "profiles": [
+        "talk",
+        "talk-recording"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ]
     },
     {
       "container_name": "nextcloud-aio-talk-recording",
@@ -285,7 +310,13 @@
         "RECORDING_SECRET",
         "TALK_INTERNAL_SECRET"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "profiles": [
+        "talk-recording"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ]
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
@@ -395,7 +426,13 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "profiles": [
+        "clamav"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ]
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
@@ -421,7 +458,13 @@
       "secrets": [
         "ONLYOFFICE_SECRET"
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "profiles": [
+        "onlyoffice"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ]
     },
     {
       "container_name": "nextcloud-aio-imaginary",
@@ -437,6 +480,12 @@
       "restart": "unless-stopped",
       "cap_add": [
         "SYS_NICE"
+      ],
+      "profiles": [
+        "imaginary"
+      ],
+      "networks": [
+        "nextcloud-aio"
       ]
     },
     {
@@ -460,7 +509,13 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "profiles": [
+        "fulltextsearch"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ]
     }
   ]
 }

From 3caec56d93916bfc75ecb2f9ccdf4d0828985c76 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 10:28:19 +0200
Subject: [PATCH 1039/3949] Fix workflow job ids

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index c2c10b1c..fd8e1a5b 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -11,7 +11,7 @@ on:
       - '**.json'
 
 jobs:
-  psalm:
+  json-validator:
     name: Json Validator
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 1f55fb06..b736c930 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -47,7 +47,7 @@ jobs:
       - name: Lint
         run: cd php && composer run lint
 
-  summary:
+  php-lint-summary:
     permissions:
       contents: none
     runs-on: ubuntu-latest
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 42cc6bc2..ae4b2a00 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -12,7 +12,7 @@ on:
       - 'php/**'
 
 jobs:
-  psalm:
+  phpdd:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 79834ce5..cf85cd1f 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -6,7 +6,7 @@ on:
   - cron:  '00 12 * * *'
 
 jobs:
-  run_update:
+  talk-update:
     name: update talk
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 41a04c98..920aba3b 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -6,7 +6,7 @@ on:
   - cron:  '00 12 * * *'
 
 jobs:
-  psalm:
+  update-helm:
     name: update helm chart
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index fe41e058..2c491627 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -6,7 +6,7 @@ on:
   - cron:  '00 12 * * *'
 
 jobs:
-  psalm:
+  update-yaml:
     name: update yaml files
     runs-on: ubuntu-latest
     steps:

From 71e77c2147ba724aa955fe3abe0863973c3d3797 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 10:30:32 +0200
Subject: [PATCH 1040/3949] fix some workflows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/docker-lint.yml    | 3 ++-
 .github/workflows/json-validator.yml | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 00549c4f..cae8fa69 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -29,7 +29,8 @@ jobs:
 
       - name: Install npm and dockerfilelint
         run: |
-          sudo apt-get install nodejs npm -y
+          sudo apt-get update
+          sudo apt-get install nodejs npm -y --no-install-recommends
           npm install -g dockerfilelint
           wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch
           CURRENT_DIR=$PWD
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index fd8e1a5b..229cf005 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -19,6 +19,7 @@ jobs:
         uses: actions/checkout@v3
       - name: Validate Json
         run: |
-          sudo apt-get install python3-pip --no-install-recommends
+          sudo apt-get update
+          sudo apt-get install python3-pip -y --no-install-recommends
           sudo pip3 install json-spec
           json validate --schema-file=php/containers-schema.json --document-file=php/containers.json

From aff48b347932fc53c4759981d8843fc14181d122 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 16:56:49 +0200
Subject: [PATCH 1041/3949] redis - enable readonlyrootfs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 45af71e5..99776f45 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -219,7 +219,8 @@
       "restart": "unless-stopped",
       "networks": [
         "nextcloud-aio"
-      ]
+      ],
+      "read_only": true
     },
     {
       "container_name": "nextcloud-aio-collabora",

From dc77a2732c15c38f553d1568bc1c36cf889ea151 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 10:41:19 +0200
Subject: [PATCH 1042/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 1d2e6960..2b49ad29 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -27,7 +27,7 @@ RUN set -ex; \
     mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
     python3 -m pip install /src/recording/src; \
     rm -rf /src; \
-    chown recording:recording-R \
+    chown recording:recording -R \
         /tmp; \
     apk del --no-cache \
         git \

From cbd86136cc1cca3652d290af0f4224d15d442374 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 11:27:52 +0200
Subject: [PATCH 1043/3949] Move vars to lets and fix some things with
 recording.conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile |  4 +++-
 php/public/automatic_reload.js       |  4 ++--
 php/public/disable-clamav.js         |  2 +-
 php/public/disable-collabora.js      |  2 +-
 php/public/disable-fulltextsearch.js |  2 +-
 php/public/disable-imaginary.js      |  2 +-
 php/public/disable-onlyoffice.js     |  2 +-
 php/public/disable-talk.js           |  2 +-
 php/public/forms.js                  |  4 ++--
 php/public/options-form-submit.js    | 21 +++++++++++----------
 php/templates/containers.twig        |  6 +++---
 11 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 2b49ad29..26d568b1 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -17,6 +17,7 @@ RUN set -ex; \
         git \
         wget \
         shadow \
+        pulseaudio \
         openssl; \
     # chromium chromium-chromedriver?
     apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
@@ -28,13 +29,14 @@ RUN set -ex; \
     python3 -m pip install /src/recording/src; \
     rm -rf /src; \
     chown recording:recording -R \
-        /tmp; \
+        /tmp /etc/recording.conf; \
     apk del --no-cache \
         git \
         wget \
         shadow \
         openssl;
 
+WORKDIR /tmp
 USER recording
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/etc/recording.conf"]
diff --git a/php/public/automatic_reload.js b/php/public/automatic_reload.js
index c8201c64..2fef31a6 100644
--- a/php/public/automatic_reload.js
+++ b/php/public/automatic_reload.js
@@ -1,7 +1,7 @@
 if (document.hasFocus()) {
     // hide reload button if the site reloads automatically
-    var list = document.getElementsByClassName("reload button");
-    for (var i = 0; i < list.length; i++) {
+    let list = document.getElementsByClassName("reload button");
+    for (let i = 0; i < list.length; i++) {
         // list[i] is a node with the desired class name
         list[i].style.display = 'none';
     }
diff --git a/php/public/disable-clamav.js b/php/public/disable-clamav.js
index ae2d003c..18b08081 100644
--- a/php/public/disable-clamav.js
+++ b/php/public/disable-clamav.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Clamav
-    var clamav = document.getElementById("clamav");
+    let clamav = document.getElementById("clamav");
     clamav.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/disable-collabora.js b/php/public/disable-collabora.js
index d6a4ce02..3064ef51 100644
--- a/php/public/disable-collabora.js
+++ b/php/public/disable-collabora.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Collabora
-    var collabora = document.getElementById("collabora");
+    let collabora = document.getElementById("collabora");
     collabora.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/disable-fulltextsearch.js b/php/public/disable-fulltextsearch.js
index de614bf5..d3ca21fe 100644
--- a/php/public/disable-fulltextsearch.js
+++ b/php/public/disable-fulltextsearch.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Fulltextsearch
-    var fulltextsearch = document.getElementById("fulltextsearch");
+    let fulltextsearch = document.getElementById("fulltextsearch");
     fulltextsearch.disabled = true;
 }); 
\ No newline at end of file
diff --git a/php/public/disable-imaginary.js b/php/public/disable-imaginary.js
index 0f7787c9..9cdec5fa 100644
--- a/php/public/disable-imaginary.js
+++ b/php/public/disable-imaginary.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Imaginary
-    var imaginary = document.getElementById("imaginary");
+    let imaginary = document.getElementById("imaginary");
     imaginary.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/disable-onlyoffice.js b/php/public/disable-onlyoffice.js
index f9c7eebc..83482339 100644
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,6 +1,6 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // OnlyOffice
-    var onlyoffice = document.getElementById("onlyoffice");
+    let onlyoffice = document.getElementById("onlyoffice");
     if (onlyoffice) {
         onlyoffice.disabled = true;
     }
diff --git a/php/public/disable-talk.js b/php/public/disable-talk.js
index 7b4a8719..c37d72af 100644
--- a/php/public/disable-talk.js
+++ b/php/public/disable-talk.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Talk
-    var talk = document.getElementById("talk");
+    let talk = document.getElementById("talk");
     talk.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/forms.js b/php/public/forms.js
index 52555929..28c46a77 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -1,6 +1,6 @@
 "use strict";
 (function (){
-  var lastError;
+  let lastError;
 
   function showError(message) {
     const body = document.getElementsByTagName('body')[0]
@@ -45,7 +45,7 @@
       if (lastError) {
         lastError.remove()
       }
-      var xhr = new XMLHttpRequest();
+      let xhr = new XMLHttpRequest();
       xhr.addEventListener('load', handleEvent);
       xhr.addEventListener('error', () => showError("Failed to talk to server."));
       xhr.addEventListener('error', () => disableSpinner());
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index 1b2262ce..cbd55fba 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -1,9 +1,10 @@
 function makeOptionsFormSubmitVisible() {
-    var optionsFormSubmit = document.getElementById("options-form-submit");
+    let optionsFormSubmit = document.getElementById("options-form-submit");
     optionsFormSubmit.style.display = 'block';
 }
 
-function handleTalkVisibility(talk) {
+function handleTalkVisibility() {
+    let talk = document.getElementById("talk");
     let talkRecording = document.getElementById("talk-recording")
     if (talk.checked) {
         talkRecording.disabled = false
@@ -15,40 +16,40 @@ function handleTalkVisibility(talk) {
 
 document.addEventListener("DOMContentLoaded", function(event) {
     // handle submit button for options form
-    var optionsFormSubmit = document.getElementById("options-form-submit");
+    let optionsFormSubmit = document.getElementById("options-form-submit");
     optionsFormSubmit.style.display = 'none';
 
     // Clamav
-    var clamav = document.getElementById("clamav");
+    let clamav = document.getElementById("clamav");
     clamav.addEventListener('change', makeOptionsFormSubmitVisible);
 
     // OnlyOffice
-    var onlyoffice = document.getElementById("onlyoffice");
+    let onlyoffice = document.getElementById("onlyoffice");
     if (onlyoffice) {
         onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
     }
 
     // Collabora
-    var collabora = document.getElementById("collabora");
+    let collabora = document.getElementById("collabora");
     collabora.addEventListener('change', makeOptionsFormSubmitVisible);
 
     // Talk
-    var talk = document.getElementById("talk");
+    let talk = document.getElementById("talk");
     talk.addEventListener('change', makeOptionsFormSubmitVisible);
     talk.addEventListener('change', handleTalkVisibility);
 
     // Talk-recording
-    var talkRecording = document.getElementById("talk-recording");
+    let talkRecording = document.getElementById("talk-recording");
     talkRecording.addEventListener('change', makeOptionsFormSubmitVisible);
     if (!talk.checked) {
         talkRecording.disabled = true
     }
 
     // Imaginary
-    var imaginary = document.getElementById("imaginary");
+    let imaginary = document.getElementById("imaginary");
     imaginary.addEventListener('change', makeOptionsFormSubmitVisible);
 
     // Fulltextsearch
-    var fulltextsearch = document.getElementById("fulltextsearch");
+    let fulltextsearch = document.getElementById("fulltextsearch");
     fulltextsearch.addEventListener('change', makeOptionsFormSubmitVisible);
 });
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index dde85fb4..855108ae 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -545,9 +545,9 @@
                             <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_talk_recording_enabled == true %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Talk Recording (needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label><br>
                         {% else %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Talk Recording (needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
@@ -557,7 +557,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Talk Recording or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 5GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}

From ad570de0b15601088021fb08edfad73a2da9403e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 12:10:54 +0200
Subject: [PATCH 1044/3949] fix user container permissions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile         | 2 +-
 Containers/fulltextsearch/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c7f0d234..f40f880e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -8,6 +8,6 @@ RUN set -ex; \
     cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
     rm /tmp/clamav.conf
 
-USER clamav
+# USER root is probably used
 
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 5a98d10e..45ed67df 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -11,7 +11,7 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*; \
     elasticsearch-plugin install --batch ingest-attachment
 
-USER 1000
+USER 1000:0
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From a797f624ec1d0456dd80f99bc3825aab2ffadd77 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 12:48:43 +0200
Subject: [PATCH 1045/3949] adjust talk-recording dockerfile to only touch the
 recording.conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 26d568b1..fed474e5 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,7 +1,6 @@
 FROM python:3.11.3-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 recording.conf /etc/recording.conf
 
 RUN set -ex; \
     apk add --no-cache \
@@ -28,6 +27,7 @@ RUN set -ex; \
     mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
     python3 -m pip install /src/recording/src; \
     rm -rf /src; \
+    touch /etc/recording.conf; \
     chown recording:recording -R \
         /tmp /etc/recording.conf; \
     apk del --no-cache \

From 9d1ca231f031fa679f9236cf347639aeeffdc959 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 12:54:10 +0200
Subject: [PATCH 1046/3949] talk-recording - remove libpulse

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index fed474e5..aef501ab 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -10,7 +10,6 @@ RUN set -ex; \
         xvfb \
         ffmpeg \
         firefox \
-        libpulse \
         bind-tools \
         netcat-openbsd \
         git \

From 009f05f75301c8a12a104bab35e2de5790727f6c Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 6 Jun 2023 11:10:23 +0000
Subject: [PATCH 1047/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/recording.conf |   2 +-
 Containers/talk/server.conf.in           | 314 +++++++++++++++++++++++
 2 files changed, 315 insertions(+), 1 deletion(-)
 create mode 100644 Containers/talk/server.conf.in

diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf
index 5495333c..46b5be76 100644
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -10,7 +10,7 @@
 
 [http]
 # IP and port to listen on for HTTP requests.
-listen = 0.0.0.0:1234
+#listen = 127.0.0.1:8000
 
 [backend]
 # Allow any hostname as backend endpoint. This is extremely insecure and should
diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
new file mode 100644
index 00000000..ba3221be
--- /dev/null
+++ b/Containers/talk/server.conf.in
@@ -0,0 +1,314 @@
+[http]
+# IP and port to listen on for HTTP requests.
+# Comment line to disable the listener.
+#listen = 127.0.0.1:8080
+
+# HTTP socket read timeout in seconds.
+#readtimeout = 15
+
+# HTTP socket write timeout in seconds.
+#writetimeout = 15
+
+[https]
+# IP and port to listen on for HTTPS requests.
+# Comment line to disable the listener.
+#listen = 127.0.0.1:8443
+
+# HTTPS socket read timeout in seconds.
+#readtimeout = 15
+
+# HTTPS socket write timeout in seconds.
+#writetimeout = 15
+
+# Certificate / private key to use for the HTTPS server.
+certificate = /etc/nginx/ssl/server.crt
+key = /etc/nginx/ssl/server.key
+
+[app]
+# Set to "true" to install pprof debug handlers.
+# See "https://golang.org/pkg/net/http/pprof/" for further information.
+debug = false
+
+# Set to "true" to allow subscribing any streams. This is insecure and should
+# only be enabled for testing. By default only streams of users in the same
+# room and call can be subscribed.
+#allowsubscribeany = false
+
+[sessions]
+# Secret value used to generate checksums of sessions. This should be a random
+# string of 32 or 64 bytes.
+hashkey = the-secret-for-session-checksums
+
+# Optional key for encrypting data in the sessions. Must be either 16, 24 or
+# 32 bytes.
+# If no key is specified, data will not be encrypted (not recommended).
+blockkey = -encryption-key-
+
+[clients]
+# Shared secret for connections from internal clients. This must be the same
+# value as configured in the respective internal services.
+internalsecret = the-shared-secret-for-internal-clients
+
+[backend]
+# Type of backend configuration.
+# Defaults to "static".
+#
+# Possible values:
+# - static: A comma-separated list of backends is given in the "backends" option.
+# - etcd: Backends are retrieved from an etcd cluster.
+#backendtype = static
+
+# For backend type "static":
+# Comma-separated list of backend ids from which clients are allowed to connect
+# from. Each backend will have isolated rooms, i.e. clients connecting to room
+# "abc12345" on backend 1 will be in a different room than clients connected to
+# a room with the same name on backend 2. Also sessions connected from different
+# backends will not be able to communicate with each other.
+#backends = backend-id, another-backend
+
+# For backend type "etcd":
+# Key prefix of backend entries. All keys below will be watched and assumed to
+# contain a JSON document with the following entries:
+# - "url": Url of the Nextcloud instance.
+# - "secret": Shared secret for requests from and to the backend servers.
+#
+# Additional optional entries:
+# - "maxstreambitrate": Maximum bitrate per publishing stream (in bits per second).
+# - "maxscreenbitrate": Maximum bitrate per screensharing stream (in bits per second).
+# - "sessionlimit": Number of sessions that are allowed to connect.
+#
+# Example:
+# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
+# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
+#backendprefix = /signaling/backend
+
+# Allow any hostname as backend endpoint. This is extremely insecure and should
+# only be used while running the benchmark client against the server.
+allowall = false
+
+# Common shared secret for requests from and to the backend servers if
+# "allowall" is enabled. This must be the same value as configured in the
+# Nextcloud admin ui.
+#secret = the-shared-secret
+
+# Timeout in seconds for requests to the backend.
+timeout = 10
+
+# Maximum number of concurrent backend connections per host.
+connectionsperhost = 8
+
+# If set to "true", certificate validation of backend endpoints will be skipped.
+# This should only be enabled during development, e.g. to work with self-signed
+# certificates.
+#skipverify = false
+
+# For backendtype "static":
+# Backend configurations as defined in the "[backend]" section above. The
+# section names must match the ids used in "backends" above.
+#[backend-id]
+# URL of the Nextcloud instance
+#url = https://cloud.domain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+# Limit the number of sessions that are allowed to connect to this backend.
+# Omit or set to 0 to not limit the number of sessions.
+#sessionlimit = 10
+
+# The maximum bitrate per publishing stream (in bits per second).
+# Defaults to the maximum bitrate configured for the proxy / MCU.
+#maxstreambitrate = 1048576
+
+# The maximum bitrate per screensharing stream (in bits per second).
+# Defaults to the maximum bitrate configured for the proxy / MCU.
+#maxscreenbitrate = 2097152
+
+#[another-backend]
+# URL of the Nextcloud instance
+#url = https://cloud.otherdomain.invalid
+
+# Shared secret for requests from and to the backend servers. This must be the
+# same value as configured in the Nextcloud admin ui.
+#secret = the-shared-secret
+
+[nats]
+# Url of NATS backend to use. This can also be a list of URLs to connect to
+# multiple backends. For local development, this can be set to "nats://loopback"
+# to process NATS messages internally instead of sending them through an
+# external NATS backend.
+#url = nats://localhost:4222
+
+[mcu]
+# The type of the MCU to use. Currently only "janus" and "proxy" are supported.
+# Leave empty to disable MCU functionality.
+#type =
+
+# For type "janus": the URL to the websocket endpoint of the MCU server.
+# For type "proxy": a space-separated list of proxy URLs to connect to.
+#url =
+
+# The maximum bitrate per publishing stream (in bits per second).
+# Defaults to 1 mbit/sec.
+# For type "proxy": will be capped to the maximum bitrate configured at the
+# proxy server that is used.
+#maxstreambitrate = 1048576
+
+# The maximum bitrate per screensharing stream (in bits per second).
+# Default is 2 mbit/sec.
+# For type "proxy": will be capped to the maximum bitrate configured at the
+# proxy server that is used.
+#maxscreenbitrate = 2097152
+
+# For type "proxy": timeout in seconds for requests to the proxy server.
+#proxytimeout = 2
+
+# For type "proxy": type of URL configuration for proxy servers.
+# Defaults to "static".
+#
+# Possible values:
+# - static: A space-separated list of proxy URLs is given in the "url" option.
+# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
+#urltype = static
+
+# If set to "true", certificate validation of proxy servers will be skipped.
+# This should only be enabled during development, e.g. to work with self-signed
+# certificates.
+#skipverify = false
+
+# For type "proxy": the id of the token to use when connecting to proxy servers.
+#token_id = server1
+
+# For type "proxy": the private key for the configured token id to use when
+# connecting to proxy servers.
+#token_key = privkey.pem
+
+# For url type "static": Enable DNS discovery on hostname of configured URL.
+# If the hostname resolves to multiple IP addresses, a connection is established
+# to each of them.
+# Changes to the DNS are monitored regularly and proxy connections are created
+# or deleted as necessary.
+#dnsdiscovery = true
+
+# For url type "etcd": Key prefix of MCU proxy entries. All keys below will be
+# watched and assumed to contain a JSON document. The entry "address" from this
+# document will be used as proxy URL, other contents in the document will be
+# ignored.
+#
+# Example:
+# "/signaling/proxy/server/one" -> {"address": "https://proxy1.domain.invalid"}
+# "/signaling/proxy/server/two" -> {"address": "https://proxy2.domain.invalid"}
+#keyprefix = /signaling/proxy/server
+
+[turn]
+# API key that the MCU will need to send when requesting TURN credentials.
+#apikey = the-api-key-for-the-rest-service
+
+# The shared secret to use for generating TURN credentials. This must be the
+# same as on the TURN server.
+#secret = 6d1c17a7-c736-4e22-b02c-e2955b7ecc64
+
+# A comma-separated list of TURN servers to use. Leave empty to disable the
+# TURN REST API.
+#servers = turn:1.2.3.4:9991?transport=udp,turn:1.2.3.4:9991?transport=tcp
+
+[geoip]
+# License key to use when downloading the MaxMind GeoIP database. You can
+# register an account at "https://www.maxmind.com/en/geolite2/signup" for
+# free. See "https://dev.maxmind.com/geoip/geoip2/geolite2/" for further
+# information.
+# Leave empty to disable GeoIP lookups.
+#license =
+
+# Optional URL to download a MaxMind GeoIP database from. Will be generated if
+# "license" is provided above. Can be a "file://" url if a local file should
+# be used. Please note that the database must provide a country field when
+# looking up IP addresses.
+#url =
+
+[geoip-overrides]
+# Optional overrides for GeoIP lookups. The key is an IP address / range, the
+# value the associated country code.
+#127.0.0.1 = DE
+#192.168.0.0/24 = DE
+
+[continent-overrides]
+# Optional overrides for continent mappings. The key is a continent code, the
+# value a comma-separated list of continent codes to map the continent to.
+# Use European servers for clients in Africa.
+#AF = EU
+# Use servers in North Africa for clients in South America.
+#SA = NA
+
+[stats]
+# Comma-separated list of IP addresses that are allowed to access the stats
+# endpoint. Leave empty (or commented) to only allow access from "127.0.0.1".
+#allowed_ips =
+
+[etcd]
+# Comma-separated list of static etcd endpoints to connect to.
+#endpoints = 127.0.0.1:2379,127.0.0.1:22379,127.0.0.1:32379
+
+# Options to perform endpoint discovery through DNS SRV.
+# Only used if no endpoints are configured manually.
+#discoverysrv = example.com
+#discoveryservice = foo
+
+# Path to private key, client certificate and CA certificate if TLS
+# authentication should be used.
+#clientkey = /path/to/etcd-client.key
+#clientcert = /path/to/etcd-client.crt
+#cacert = /path/to/etcd-ca.crt
+
+[grpc]
+# IP and port to listen on for GRPC requests.
+# Comment line to disable the listener.
+#listen = 0.0.0.0:9090
+
+# Certificate / private key to use for the GRPC server.
+# Omit to use unencrypted connections.
+#servercertificate = /path/to/grpc-server.crt
+#serverkey = /path/to/grpc-server.key
+
+# CA certificate that is allowed to issue certificates of GRPC servers.
+# Omit to expect unencrypted connections.
+#serverca = /path/to/grpc-ca.crt
+
+# Certificate / private key to use for the GRPC client.
+# Omit if clients don't need to authenticate on the server.
+#clientcertificate = /path/to/grpc-client.crt
+#clientkey = /path/to/grpc-client.key
+
+# CA certificate that is allowed to issue certificates of GRPC clients.
+# Omit to allow any clients to connect.
+#clientca = /path/to/grpc-ca.crt
+
+# Type of GRPC target configuration.
+# Defaults to "static".
+#
+# Possible values:
+# - static: A comma-separated list of targets is given in the "targets" option.
+# - etcd: Target URLs are retrieved from an etcd cluster.
+#targettype = static
+
+# For target type "static": Comma-separated list of GRPC targets to connect to
+# for clustering mode.
+#targets = 192.168.0.1:9090, 192.168.0.2:9090
+
+# For target type "static": Enable DNS discovery on hostnames of GRPC target.
+# If a hostname resolves to multiple IP addresses, a connection is established
+# to each of them.
+# Changes to the DNS are monitored regularly and GRPC clients are created or
+# deleted as necessary.
+#dnsdiscovery = true
+
+# For target type "etcd": Key prefix of GRPC target entries. All keys below will
+# be watched and assumed to contain a JSON document. The entry "address" from
+# this document will be used as target URL, other contents in the document will
+# be ignored.
+#
+# Example:
+# "/signaling/cluster/grpc/one" -> {"address": "192.168.0.1:9090"}
+# "/signaling/cluster/grpc/two" -> {"address": "192.168.0.2:9090"}
+#targetprefix = /signaling/cluster/grpc

From f3358fbe0af5210926cf48671120e5a103169da2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 13:32:57 +0200
Subject: [PATCH 1048/3949] stop_grace_period needs a unit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 8d8f8199..741d4aaf 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -28,6 +28,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
+sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
 sed -i 's|- ip_binding: |- |' containers.yml

From 0bbe867cad8adf14dc2b1a17e2151a52c49a4a96 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 13:43:06 +0200
Subject: [PATCH 1049/3949] Fix talk-update workflow and improve imaginary one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/imaginary-update.yml | 2 +-
 .github/workflows/talk.yml             | 2 +-
 Containers/imaginary/Dockerfile        | 5 ++++-
 Containers/talk-recording/Dockerfile   | 4 +++-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 7a7ad083..8732c952 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|go install github.com/h2non/imaginary.*;|go install github.com/h2non/imaginary@$imaginary_version;|" ./Containers/imaginary/Dockerfile
+        sed -i "s|^ENV IMAGINARY_HASH.*|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index cf85cd1f..ed3d5dae 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -21,7 +21,7 @@ jobs:
             | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
             | tail -1
         )"
-        sed -i "s|git clone --recursive https://github.com/nextcloud/spreed --branch .* /src; \\\|git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch $spreed_version /src; \\\|" ./Containers/talk-recording/Dockerfile
+        sed -i "s|^ENV RECORDING_VERSION.*|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
         curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index caa473d5..45c59744 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,7 @@
 FROM golang:1.20.4-alpine3.17 as go
+
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+
 RUN set -ex; \
     apk add --no-cache \
         vips-dev \
@@ -7,7 +10,7 @@ RUN set -ex; \
         vips-jxl \
         vips-poppler \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84;
+    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
 FROM alpine:3.17.3
 RUN set -ex; \
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index aef501ab..807d8e78 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,6 +2,8 @@ FROM python:3.11.3-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
+ENV RECORDING_VERSION v16.0.3
+
 RUN set -ex; \
     apk add --no-cache \
         ca-certificates \
@@ -22,7 +24,7 @@ RUN set -ex; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch v16.0.3 /src; \
+    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
     mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
     python3 -m pip install /src/recording/src; \
     rm -rf /src; \

From 9fb238ac4d88f295821acc3d8aa7ab48d8507fd0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 13:49:39 +0200
Subject: [PATCH 1050/3949] try to fix update-yaml.sh

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 741d4aaf..ce94bba3 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -109,7 +109,7 @@ NAMES="$(grep -oP "container_name:.*" containers.yml | grep -oP 'nextcloud-aio.*
 mapfile -t NAMES <<< "$NAMES"
 for name in "${NAMES[@]}"
 do
-    OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name/i\ \ $name:")"
+    OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name$/i\ \ $name:")"
     if [ "$name" != "nextcloud-aio-apache" ]; then
         OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
     fi

From a073033577a31e6cb58c5756b323577feba9ea57 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 6 Jun 2023 12:01:58 +0000
Subject: [PATCH 1051/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 45c59744..c0eb81bf 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.20.4-alpine3.17 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 RUN set -ex; \
     apk add --no-cache \

From fa67e0a7197584b6be873b423e0a9dff364e1ed5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 6 Jun 2023 12:02:39 +0000
Subject: [PATCH 1052/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 807d8e78..3e70e0e3 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.3-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v16.0.3
+ENV RECORDING_VERSION v16.0.4
 
 RUN set -ex; \
     apk add --no-cache \

From 5a842af0042ef34d8c77f39a43110726a2bdddc6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 13:56:37 +0200
Subject: [PATCH 1053/3949] allow to install 27 on new install

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/templates/containers.twig           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 980e432b..60cf08e0 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -155,7 +155,7 @@ class DockerController
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 26;
+            $installLatestMajor = 27;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 855108ae..fac6b172 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -27,7 +27,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 27 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From acd54544ca7227f5efb698c2fdf7a6ae999cf6f2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 14:22:02 +0200
Subject: [PATCH 1054/3949] nextcloud and not apache depends on talk-recording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 99776f45..14963858 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -6,7 +6,6 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
-        "nextcloud-aio-talk-recording",
         "nextcloud-aio-nextcloud"
       ],
       "display_name": "Apache",
@@ -99,6 +98,7 @@
         "nextcloud-aio-redis",
         "nextcloud-aio-clamav",
         "nextcloud-aio-fulltextsearch",
+        "nextcloud-aio-talk-recording",
         "nextcloud-aio-imaginary"
       ],
       "display_name": "Nextcloud",

From 9c4116319d7f73e707121244b521d147d4edc7e9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 16:27:27 +0200
Subject: [PATCH 1055/3949] adjust update docs link

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fac6b172..b95719d9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -273,7 +273,7 @@
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
                                 <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
-                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2692">this documentation</a></b><br/>
                                 </details><br>
                             {% endif %}
                         {% endif %}

From 623ce23264dabb1e234cbba8b355e8a1621dc937 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 16:41:26 +0200
Subject: [PATCH 1056/3949] try to fix fts build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 1a0bdc88..0130c3b4 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,8 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
 FROM elasticsearch:8.7.1
 
+USER root
+
 RUN set -ex; \
     \
     export DEBIAN_FRONTEND=noninteractive; \

From d8b036bd617f9c9d8afd7be638eaeb2b629cb1d1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 17:06:19 +0200
Subject: [PATCH 1057/3949] Revert "update ES to 8.x"

---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 0130c3b4..65a772c0 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.7.1
+FROM elasticsearch:7.17.10
 
 USER root
 

From 12e8266f9830badddd3de5d3b8b11eef2c2ae046 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 17:08:46 +0200
Subject: [PATCH 1058/3949] increase to 6.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b95719d9..a40ef69e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.0.0</h1>
+        <h1>Nextcloud AIO v6.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 5583f88d9c518200b88b6c7e03e911a330d45803 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 6 Jun 2023 17:19:29 +0200
Subject: [PATCH 1059/3949] fix issue with recording-secret

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 14963858..f72fb3f2 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -214,7 +214,8 @@
       ],
       "secrets": [
         "REDIS_PASSWORD",
-        "ONLYOFFICE_SECRET"
+        "ONLYOFFICE_SECRET",
+        "RECORDING_SECRET"
       ],
       "restart": "unless-stopped",
       "networks": [

From 3bc0b30778c4190689a7a766018466887cd958f1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 30 May 2023 18:16:47 +0200
Subject: [PATCH 1060/3949] update aio-backup-archive test archive

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 tests/QA/assets/backup-archive/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/QA/assets/backup-archive/readme.md b/tests/QA/assets/backup-archive/readme.md
index bf29d199..0c60abed 100644
--- a/tests/QA/assets/backup-archive/readme.md
+++ b/tests/QA/assets/backup-archive/readme.md
@@ -1,4 +1,4 @@
 # Backup archive
 
 The backup archive was moved here because of Git LFS limitations:
-https://github.com/szaimen/AIO-backup-archive
+https://cloud.nextcloud.com/s/m5DF3AjRs72kWKY

From 9a207eab2908b16503f1c717d34de0c70a56c31f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 10:27:32 +0200
Subject: [PATCH 1061/3949] borg - add progress to initial Backup

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index a3b27b68..350aeb93 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -137,6 +137,9 @@ if [ "$BORG_MODE" = backup ]; then
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
     BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
+    if [ "$NEW_REPOSITORY" = 1 ]; then
+        BORG_OPTS+=(--progress)
+    fi
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")

From 561220e880da77813a2e5c91ba751a0558d49d44 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 11:48:02 +0200
Subject: [PATCH 1062/3949] adjust spacing of optional addons labels

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a40ef69e..2800e2a5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -520,9 +520,9 @@
                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                         <input type="hidden" name="options-form" value="options-form">
                         {% if is_clamav_enabled == true %}
-                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br><br>
                         {% endif %}
                         {% if is_collabora_enabled == true %}
                             <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label><br>
@@ -535,9 +535,9 @@
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
                             <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>

From 13ddc5c524ecaa3601cbfe2b8c023a4ad42d158f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 11:52:03 +0200
Subject: [PATCH 1063/3949] adjust spacing of some elements

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig          | 6 +++---
 php/templates/includes/aio-config.twig | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2800e2a5..b28e7a22 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -110,7 +110,7 @@
                                     If you run into issues getting your domain accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
                                 {% endif %}
                                 <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
-                            </details><br />
+                            </details>
                         {% endif %}
 
                         <h2>Restore former AIO instance from backup</h2>
@@ -485,7 +485,7 @@
                                 {% if has_backup_run_once == false %}
                                     <br />
                                 {% else %}
-                                    </details><br />
+                                    </details>
                                 {% endif %}
                             {% endif %}
                         {% endif %}
@@ -505,7 +505,7 @@
                                     <input class="button" type="submit" value="Submit" />
                                 </form>
                                 The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
-                            </details><br>
+                            </details>
                         {% endif %}
                     {% endif %}
                 {% endif %}
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 9f415463..f5dd2793 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -33,4 +33,4 @@
     See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.<br><br>
 
     For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
-</details><br />
+</details>

From faa594796313846b46c090391b296d3ed60e6272 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 14:43:09 +0200
Subject: [PATCH 1064/3949] update to ES 8 and add necessary adjustements to
 its config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile |  2 +-
 php/containers.json                  | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 65a772c0..0130c3b4 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.10
+FROM elasticsearch:8.7.1
 
 USER root
 
diff --git a/php/containers.json b/php/containers.json
index f72fb3f2..40cb0eca 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -499,10 +499,18 @@
       ],
       "internal_port": "9200",
       "environment": [
+        "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
+        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M -Des.enforce.bootstrap.checks=true",
+        "xpack.license.self_generated.type=basic",
+        "xpack.security.enabled=false",
+        "xpack.watcher.enabled=false",
+        "xpack.graph.enabled=false",
+        "xpack.ml.enabled=false",
+        "bootstrap.memory_lock=true",
+        "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
-        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M",
-        "POSTGRES_HOST=nextcloud-aio-database"
+        "thread_pool.write.queue_size=1000"
       ],
       "volumes": [
         {

From 69e7de3cc0d7b41ff0c33833d4e75f3ddfdcc8b0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 14:50:35 +0200
Subject: [PATCH 1065/3949] adjust clamav dockerfile in order to run as
 non-root user

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f40f880e..e3daab5e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -6,8 +6,13 @@ COPY clamav.conf /tmp/clamav.conf
 RUN set -ex; \
     apk add --no-cache tzdata; \
     cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
-    rm /tmp/clamav.conf
+    rm /tmp/clamav.conf; \
+    mkdir -p /var/run/clamav /run/lock; \
+    chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
+    chmod 770 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock
 
-# USER root is probably used
+VOLUME /var/lib/clamav
+
+USER clamav
 
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 1d6ba6dcc244b7e241f52c14888d543b37d37304 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Jun 2023 13:01:00 +0000
Subject: [PATCH 1066/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.20.4-alpine3.17 to 1.20.5-alpine3.17.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index c0eb81bf..514de406 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.4-alpine3.17 as go
+FROM golang:1.20.5-alpine3.17 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From a9befa0359acb4dded18cae6cd1dbde381be6fc3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 16:42:09 +0200
Subject: [PATCH 1067/3949] make borgbackup container read_only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index f72fb3f2..42424f5d 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -374,7 +374,8 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true
     },
     {
       "container_name": "nextcloud-aio-watchtower",

From 45691e31df4ad055ed2e2e7e642fb6611414b6cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 16:44:22 +0200
Subject: [PATCH 1068/3949] make watchtower read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index f72fb3f2..b2e01af2 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -388,7 +388,8 @@
           "destination": "/var/run/docker.sock",
           "writeable": false
         }
-      ]
+      ],
+      "read_only": true
     },
     {
       "container_name": "nextcloud-aio-domaincheck",

From 9b1421980f85461b75102f485601921d3866d153 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 15:45:38 +0200
Subject: [PATCH 1069/3949] put notify-push into its own container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile           |  2 +-
 Containers/nextcloud/start.sh         | 10 -------
 Containers/nextcloud/supervisord.conf |  8 -----
 Containers/notify-push/Dockerfile     | 20 +++++++++++++
 Containers/notify-push/start.sh       | 38 ++++++++++++++++++++++++
 php/containers.json                   | 42 +++++++++++++++++++++++++--
 6 files changed, 98 insertions(+), 22 deletions(-)
 create mode 100644 Containers/notify-push/Dockerfile
 create mode 100644 Containers/notify-push/start.sh

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 6006fee4..fb6b80cb 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -30,7 +30,7 @@
     # Notify Push
     route /push/* {
         uri strip_prefix /push
-        reverse_proxy {$NEXTCLOUD_HOST}:7867
+        reverse_proxy {$NOTIFY_PUSH_HOST}:7867
     }
 
     # Onlyoffice
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 569652d2..b990d6c5 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -131,14 +131,4 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-# Correctly set CPU_ARCH for notify_push
-CPU_ARCH="$(uname -m)"
-export CPU_ARCH
-if [ -z "$CPU_ARCH" ]; then
-    echo "Could not get processor architecture. Exiting."
-    exit 1
-elif [ "$CPU_ARCH" != "x86_64" ]; then
-    export CPU_ARCH="aarch64"
-fi
-
 exec "$@"
\ No newline at end of file
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index 23e85ca6..45a6b074 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -25,14 +25,6 @@ stderr_logfile_maxbytes=0
 command=/cron.sh
 user=www-data
 
-[program:notify-push]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
-user=www-data
-
 [program:run-exec-commands]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
new file mode 100644
index 00000000..19e72121
--- /dev/null
+++ b/Containers/notify-push/Dockerfile
@@ -0,0 +1,20 @@
+FROM alpine:3.18.1
+
+COPY --chmod=775 start.sh /start.sh
+
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        bash \
+        openssl; \
+# Give root a random password
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    apk del --no-cache \
+        openssl;
+
+USER 33
+ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD nc -z localhost 7867 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
new file mode 100644
index 00000000..8d10e097
--- /dev/null
+++ b/Containers/notify-push/start.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+if [ -z "$NEXTCLOUD_HOST" ]; then
+    echo "NEXTCLOUD_HOST need to be provided. Exiting!"
+    exit 1
+elif [ -z "$POSTGRES_HOST" ]; then
+    echo "POSTGRES_HOST need to be provided. Exiting!"
+    exit 1
+elif [ -z "$REDIS_HOST" ]; then
+    echo "REDIS_HOST need to be provided. Exiting!"
+    exit 1
+fi
+
+# Only start container if nextcloud is accessible
+while ! nc -z "$NEXTCLOUD_HOST" 9000; do
+    echo "Waiting for Nextcloud to start..."
+    sleep 5
+done
+
+# Correctly set CPU_ARCH for notify_push
+CPU_ARCH="$(uname -m)"
+export CPU_ARCH
+if [ -z "$CPU_ARCH" ]; then
+    echo "Could not get processor architecture. Exiting."
+    exit 1
+elif [ "$CPU_ARCH" != "x86_64" ]; then
+    export CPU_ARCH="aarch64"
+fi
+
+# Run it
+/nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
+    --database-prefix="oc_" \
+    --nextcloud-url "https://$NC_DOMAIN" \
+    --port 7867 \
+    --redis-url "redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST" \
+    --database-url "postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+
+exec "$@"
diff --git a/php/containers.json b/php/containers.json
index f72fb3f2..8f0200fc 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -6,6 +6,7 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
+        "nextcloud-aio-notify-push",
         "nextcloud-aio-nextcloud"
       ],
       "display_name": "Apache",
@@ -27,7 +28,8 @@
         "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
         "TZ=%TIMEZONE%",
         "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
-        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
+        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
+        "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push"
       ],
       "volumes": [
         {
@@ -104,8 +106,7 @@
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
       "expose": [
-        "9000",
-        "7867"
+        "9000"
       ],
       "internal_port": "9000",
       "secrets": [
@@ -193,6 +194,41 @@
         "nextcloud-aio"
       ]
     },
+    {
+      "container_name": "nextcloud-aio-notify-push",
+      "display_name": "Notify Push",
+      "image": "nextcloud/aio-notify-push",
+      "expose": [
+        "7867"
+      ],
+      "internal_port": "7876",
+      "secrets": [
+        "REDIS_PASSWORD",
+        "POSTGRES_PASSWORD"
+      ],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/nextcloud",
+          "writeable": false
+        }
+      ],
+      "environment": [
+        "NC_DOMAIN=%NC_DOMAIN%",
+        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
+        "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "POSTGRES_HOST=nextcloud-aio-database",
+        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
+        "POSTGRES_DB=nextcloud_database",
+        "POSTGRES_USER=nextcloud"
+      ],
+      "restart": "unless-stopped",
+      "networks": [
+        "nextcloud-aio"
+      ],
+      "read_only": true
+    },
     {
       "container_name": "nextcloud-aio-redis",
       "display_name": "Redis",

From 65e864479a54bcb48eab665f77876f4bff250edb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 17:25:14 +0200
Subject: [PATCH 1070/3949] adjust janus debug-level to 3 = warn

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/supervisord.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 15fe4cd8..7b073012 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,7 +27,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
 
 [program:signaling]
 stdout_logfile=/dev/stdout

From 4f7f1cb0a6b7230a85cdbe487cff0536c281f82c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 17:25:57 +0200
Subject: [PATCH 1071/3949] adjust redis loglevel to warning

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/redis/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index 22b0eaf3..8cb3bb40 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -8,9 +8,9 @@ fi
 
 # Run redis with a password if provided
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
-    exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
+    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
 else
-    exec redis-server
+    exec redis-server --loglevel warning
 fi
 
 exec "$@"

From 7e03bb4a7fc3bd7b2bd80f170b383c22dd6dd6d0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 7 Jun 2023 17:26:44 +0200
Subject: [PATCH 1072/3949] adjust postgres conf to not log checkpoints

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 2e942b6d..ee5dd70a 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -6,7 +6,11 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
 RUN set -ex; \
-    apk add --no-cache bash openssl shadow grep; \
+    apk add --no-cache \
+        bash \
+        openssl \
+        shadow \
+        grep; \
     \
 # We need to use the same gid and uid as on old installations
     deluser postgres; \
@@ -23,8 +27,13 @@ RUN set -ex; \
     mkdir /mnt/data; \
     chown postgres:postgres /mnt/data; \
     \
+# Modify conf
+    grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; \
+    sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf; \
+    \
 # Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    apk --no-cache del openssl;
 
 VOLUME /mnt/data
 

From b2b175310133b12b91bf43b4a84ae142876dee21 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Jun 2023 12:59:17 +0000
Subject: [PATCH 1073/3949] Bump peter-evans/create-or-update-comment from
 3.0.1 to 3.0.2

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b...c6c9a1a66007646a28c153e2a8580a5bad27bcfa)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/command-rebase.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index ec95ccbb..9c0f5807 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
+        uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa # v3.0.2
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
+        uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa # v3.0.2
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

From 73526b92d4b75dcfc6d958b6808f8b1d94f4c9c1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Jun 2023 13:06:14 +0000
Subject: [PATCH 1074/3949] Bump python in /Containers/talk-recording

Bumps python from 3.11.3-alpine3.18 to 3.11.4-alpine3.18.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 3e70e0e3..a2a9a6dc 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11.3-alpine3.18
+FROM python:3.11.4-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 

From 3396c83df45fb9afd99a71eaee3b3d406bd551d1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 8 Jun 2023 18:38:11 +0200
Subject: [PATCH 1075/3949] add hint regarding btrfs drives for
 NEXTCLOUD_DATADIR

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index db7606ff..0e0d5ebc 100644
--- a/readme.md
+++ b/readme.md
@@ -537,7 +537,7 @@ If you already have a backup solution in place, you may want to hide the backup
 
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 
-- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`.
+- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using and external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
 - On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)

From 9ccd6949ce7c96386400762b1dbe9c4cbc34367e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Jun 2023 09:59:14 +0200
Subject: [PATCH 1076/3949] add run_upgrade_if_needed_due_to_app_update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index cb6e3a9b..e3bb6d15 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -10,6 +10,13 @@ directory_empty() {
     [ -z "$(ls -A "$1/")" ]
 }
 
+run_upgrade_if_needed_due_to_app_update() {
+    if php /var/www/html/occ status | grep needsDbUpgrade | grep -q true; then
+        php /var/www/html/occ upgrade
+        php /var/www/html/occ app:enable nextcloud-aio --force
+    fi
+}
+
 echo "Configuring Redis as session handler..."
 cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
 session.save_handler = redis
@@ -147,6 +154,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 fi
             done
 
+            run_upgrade_if_needed_due_to_app_update
+
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later, this might take a while..."
@@ -170,6 +179,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             php /var/www/html/occ app:update --all
 
+            run_upgrade_if_needed_due_to_app_update
+
             # Fix removing the updatenotification for old instances
             UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
             if [ -d "/var/www/html/apps/updatenotification" ]; then
@@ -354,6 +365,8 @@ DATADIR_PERMISSION_CONF
 
             php /var/www/html/occ app:update --all
 
+            run_upgrade_if_needed_due_to_app_update
+
             # Restore app status
             if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
                 echo "Restoring the status of apps. This can take a while..."
@@ -367,6 +380,7 @@ DATADIR_PERMISSION_CONF
                                     rm -r "/var/www/html/custom_apps/$app"
                                     php /var/www/html/occ maintenance:mode --off
                                 fi
+                                run_upgrade_if_needed_due_to_app_update
                                 echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
                                 if [ "$app" = apporder ]; then
                                     CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
@@ -387,6 +401,8 @@ DATADIR_PERMISSION_CONF
 
             php /var/www/html/occ app:update --all
 
+            run_upgrade_if_needed_due_to_app_update
+
             # Apply optimization
             echo "Doing some optimizations..."
             php /var/www/html/occ maintenance:repair
@@ -404,6 +420,7 @@ DATADIR_PERMISSION_CONF
         UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
         # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
         php /var/www/html/occ app:update --all
+        run_upgrade_if_needed_due_to_app_update
         if [ -n "$UPDATED_APPS" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
         fi
@@ -412,6 +429,8 @@ else
     SKIP_UPDATE=1
 fi
 
+run_upgrade_if_needed_due_to_app_update
+
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
@@ -446,6 +465,7 @@ php /var/www/html/occ app:enable support
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
+php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"

From 694a3f6356e906e01dd1bdccc38f7a6dbf15c46c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Jun 2023 14:18:05 +0200
Subject: [PATCH 1077/3949] Allow to reset the borg backup host location before
 initial backup was started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/ConfigurationController.php |  4 ++++
 php/src/Data/ConfigurationManager.php          |  6 ++++++
 php/templates/containers.twig                  | 11 +++++++++++
 3 files changed, 21 insertions(+)

diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 9ed155ff..1dbb20f5 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -121,6 +121,10 @@ class ConfigurationController
                 $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
             }
 
+            if (isset($request->getParsedBody()['delete_borg_backup_host_location'])) {
+                $this->configurationManager->DeleteBorgBackupHostLocation();
+            }
+
             return $response->withStatus(201)->withHeader('Location', '/');
         } catch (InvalidSettingConfigurationException $ex) {
             $response->getBody()->write($ex->getMessage());
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0a40366e..9bb6fbc9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -413,6 +413,12 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    public function DeleteBorgBackupHostLocation() : void {
+        $config = $this->GetConfig();
+        $config['borg_backup_host_location'] = '';
+        $this->WriteConfig($config);
+    }
+
         /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a40ef69e..23b8f58b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -420,6 +420,17 @@
                                         <input class="button" type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
                                     </form>
 
+                                    {% if has_backup_run_once == false %}
+                                        <h3>Reset backup host location</h3>
+                                        If the configured backup host location <b>{{ borg_backup_host_location }}</b> is wrong, you can reset it by clicking on the button below.<br><br/>
+                                        <form method="POST" action="/api/configuration" class="xhr">
+                                            <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Reset backup location" />
+                                        </form>
+                                    {% endif %}
+
                                     {% if has_backup_run_once == true %}
                                         <h3>Backup check</h3>
                                         Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it should't be needed in most situtations.<br><br/>

From 82a53ab1395c89401dcf2baf833089551493c84e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Jun 2023 14:49:50 +0200
Subject: [PATCH 1078/3949] disable integrity check temporarily

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e3bb6d15..96a41fac 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -12,6 +12,8 @@ directory_empty() {
 
 run_upgrade_if_needed_due_to_app_update() {
     if php /var/www/html/occ status | grep needsDbUpgrade | grep -q true; then
+        # Disable integrity check temporarily until next update
+        php /var/www/html/occ config:system:set integrity.check.disabled --type bool --value true
         php /var/www/html/occ upgrade
         php /var/www/html/occ app:enable nextcloud-aio --force
     fi
@@ -354,6 +356,7 @@ DATADIR_PERMISSION_CONF
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
             echo "Upgrading nextcloud from $installed_version to $image_version..."
+            php /var/www/html/occ config:system:delete integrity.check.disabled
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."
                 bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"

From 48b852149af75c6c9488b79f2a2950dae5615921 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Jun 2023 14:49:53 +0200
Subject: [PATCH 1079/3949] Remove not anymore needed workaround

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 96a41fac..8d9864f9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -421,8 +421,6 @@ DATADIR_PERMISSION_CONF
     # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
     if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
         UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
-        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
-        php /var/www/html/occ app:update --all
         run_upgrade_if_needed_due_to_app_update
         if [ -n "$UPDATED_APPS" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"

From b3264e739092d3bf43b19d6cef317631eb9f4219 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 11 Jun 2023 22:05:10 +0200
Subject: [PATCH 1080/3949] add note about multiple domains to the readme

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 0e0d5ebc..cf4b0c93 100644
--- a/readme.md
+++ b/readme.md
@@ -235,6 +235,9 @@ No and they will not be. If you want to run it locally, without opening Nextclou
 ### Can I use an ip-address for Nextcloud instead of a domain?
 No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
 
+### Can I use AIO with multiple domains?
+No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create mutiple AIO instances, one for each domain.
+
 ### Are other ports than the default 443 for Nextcloud supported?
 No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
 

From 45b75f91e552622da134bcf48f4afdf8706fd3e3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 12:02:19 +0000
Subject: [PATCH 1081/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8f6f3494..599fdbef 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1709,16 +1709,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.6.0",
+            "version": "v3.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b"
+                "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/106c170d08e8415d78be2d16c3d057d0d108262b",
-                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
+                "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
                 "shasum": ""
             },
             "require": {
@@ -1764,7 +1764,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.6.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.6.1"
             },
             "funding": [
                 {
@@ -1776,7 +1776,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-03T19:06:57+00:00"
+            "time": "2023-06-08T12:52:13+00:00"
         }
     ],
     "packages-dev": [],

From f579080d29e91c49bf794a089dc207a6924511cd Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 12:28:08 +0000
Subject: [PATCH 1082/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 53 +++++++++++++++++++++++++++-----------
 manual-install/sample.conf |  5 ++--
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 87aff57a..0bf98aa8 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -40,9 +40,9 @@ services:
       - PGTZ=${TIMEZONE}
     stop_grace_period: 1800s
     restart: unless-stopped
+    shm_size: 268435456
     networks:
       - nextcloud-aio
-    shm_size: 268435456
 
   nextcloud-aio-nextcloud:
     depends_on:
@@ -50,6 +50,7 @@ services:
       - nextcloud-aio-redis
       - nextcloud-aio-clamav
       - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-talk-recording
       - nextcloud-aio-imaginary
     image: nextcloud/aio-nextcloud:latest
     expose:
@@ -67,7 +68,6 @@ services:
       - POSTGRES_USER=nextcloud
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
       - NC_DOMAIN=${NC_DOMAIN}
       - ADMIN_USER=admin
       - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
@@ -77,7 +77,6 @@ services:
       - TURN_SECRET=${TURN_SECRET}
       - SIGNALING_SECRET=${SIGNALING_SECRET}
       - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - AIO_URL=${AIO_URL}
       - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
       - CLAMAV_ENABLED=${CLAMAV_ENABLED}
       - CLAMAV_HOST=nextcloud-aio-clamav
@@ -101,6 +100,9 @@ services:
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
       - INSTALL_LATEST_MAJOR=${INSTALL_LATEST_MAJOR}
+      - TALK_RECORDING_ENABLED=${TALK_RECORDING_ENABLED}
+      - RECORDING_SECRET=${RECORDING_SECRET}
+      - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -117,9 +119,9 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    read_only: true
 
   nextcloud-aio-collabora:
-    profiles: ["collabora"]
     image: nextcloud/aio-collabora:latest
     expose:
       - "9980"
@@ -130,14 +132,13 @@ services:
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
       - DONT_GEN_SSL_CERT=1
-    volumes:
-      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     restart: unless-stopped
+    profiles:
+      - collabora
     networks:
       - nextcloud-aio
 
   nextcloud-aio-talk:
-    profiles: ["talk"]
     image: nextcloud/aio-talk:latest
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
@@ -150,12 +151,31 @@ services:
       - SIGNALING_SECRET=${SIGNALING_SECRET}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
+      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
     restart: unless-stopped
+    profiles:
+      - talk
+      - talk-recording
+    networks:
+      - nextcloud-aio
+
+  nextcloud-aio-talk-recording:
+    image: nextcloud/aio-talk-recording:latest
+    expose:
+      - "1234"
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - TZ=${TIMEZONE}
+      - RECORDING_SECRET=${RECORDING_SECRET}
+      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
+    shm_size: 2147483648
+    restart: unless-stopped
+    profiles:
+      - talk-recording
     networks:
       - nextcloud-aio
 
   nextcloud-aio-clamav:
-    profiles: ["clamav"]
     image: nextcloud/aio-clamav:latest
     expose:
       - "3310"
@@ -165,11 +185,12 @@ services:
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw
     restart: unless-stopped
+    profiles:
+      - clamav
     networks:
       - nextcloud-aio
 
   nextcloud-aio-onlyoffice:
-    profiles: ["onlyoffice"]
     image: nextcloud/aio-onlyoffice:latest
     expose:
       - "80"
@@ -181,24 +202,26 @@ services:
     volumes:
       - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
     restart: unless-stopped
+    profiles:
+      - onlyoffice
     networks:
       - nextcloud-aio
 
   nextcloud-aio-imaginary:
-    profiles: ["imaginary"]
     image: nextcloud/aio-imaginary:latest
     expose:
       - "9000"
     environment:
       - TZ=${TIMEZONE}
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     cap_add:
       - SYS_NICE
+    profiles:
+      - imaginary
+    networks:
+      - nextcloud-aio
 
   nextcloud-aio-fulltextsearch:
-    profiles: ["fulltextsearch"]
     image: nextcloud/aio-fulltextsearch:latest
     expose:
       - "9200"
@@ -210,6 +233,8 @@ services:
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
     restart: unless-stopped
+    profiles:
+      - fulltextsearch
     networks:
       - nextcloud-aio
 
@@ -218,8 +243,6 @@ volumes:
     name: nextcloud_aio_apache
   nextcloud_aio_clamav:
     name: nextcloud_aio_clamav
-  nextcloud_aio_collabora_fonts:
-    name: nextcloud_aio_collabora_fonts
   nextcloud_aio_database:
     name: nextcloud_aio_database
   nextcloud_aio_database_dump:
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index cb997428..5ac19168 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -2,8 +2,10 @@ DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
+RECORDING_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+TALK_INTERNAL_SECRET=          # TODO! This needs to be a unique and good password!
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 
@@ -13,9 +15,8 @@ FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enabl
 IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
-AIO_TOKEN=123456          # Has no function but needs to be set!
-AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).

From 98b3759e150e250acfb970fcc7a869f2b3b51ab6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Jun 2023 06:32:15 +0000
Subject: [PATCH 1083/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 22.05.14.3.1 to 23.05.0.5.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 82ca99dd..bb836fe2 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.14.3.1
+FROM collabora/code:23.05.0.5.1
 
 USER root
 

From fcaaa6455595ed279cd4ea6e64f94e9eaf27c342 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Jun 2023 07:00:47 +0000
Subject: [PATCH 1084/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.6-fpm-alpine3.17 to 8.2.7-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e9f408ac..e844f340 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.2-cli as docker
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
-FROM php:8.2.6-fpm-alpine3.17
+FROM php:8.2.7-fpm-alpine3.17
 
 EXPOSE 80
 EXPOSE 8080

From 4ee68dfc2cbb766f219f20aaa2653c46752a72d0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Jun 2023 07:00:49 +0000
Subject: [PATCH 1085/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.19-fpm-alpine3.17 to 8.1.20-fpm-alpine3.17.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5e771841..059c0931 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.19-fpm-alpine3.17
+FROM php:8.1.20-fpm-alpine3.17
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 986f9030ea193a79633a959a1040afee7455f6de Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Jun 2023 09:07:13 +0200
Subject: [PATCH 1086/3949] increase to 6.1.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a40ef69e..a5af8fc7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.1.0</h1>
+        <h1>Nextcloud AIO v6.1.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 464b7be5f6630101efa3b7455af28b8402c99e0b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Jun 2023 09:10:14 +0200
Subject: [PATCH 1087/3949] fix collabora by installing netcat-openbsd

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index bb836fe2..e8229cbe 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
     export DEBIAN_FRONTEND=noninteractive; \
     apt-get install -y --no-install-recommends \
         tzdata \
-        netcat \
+        netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*
 

From 53defc5579496f1ad78a0e251b84f283f21cb28d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Jun 2023 09:14:53 +0200
Subject: [PATCH 1088/3949] adjust user to the upstream one

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e8229cbe..312a121b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*
 
-USER 104
+USER 100
 
 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

From 46f28476793aee7888c67d850678e940fb2cd64b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 13 Jun 2023 08:03:44 +0000
Subject: [PATCH 1089/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml      |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   | 19 +---------
 ...collabora-fonts-persistentvolumeclaim.yaml | 15 --------
 .../nextcloud-aio-database-deployment.yaml    |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   | 12 +++---
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        |  4 +-
 ...xtcloud-aio-talk-recording-deployment.yaml | 37 +++++++++++++++++++
 .../nextcloud-aio-talk-recording-service.yaml | 16 ++++++++
 nextcloud-aio-helm-chart/values.yaml          |  6 +--
 15 files changed, 75 insertions(+), 50 deletions(-)
 delete mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 41f68a9e..8b1d36d5 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.0.0
+version: 6.1.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 504c4fbe..f9d594c3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230606_070951-latest
+          image: nextcloud/aio-apache:20230613_065816-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 537cbae7..1abf0400 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230606_070951-latest
+          image: nextcloud/aio-clamav:20230613_065816-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index fb1b57ba..6af2e1e8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -22,16 +22,6 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
     spec:
-      initContainers:
-        - name: init-volumes
-          image: alpine
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-collabora-fonts
-          volumeMounts:
-            - name: nextcloud-aio-collabora-fonts
-              mountPath: /nextcloud-aio-collabora-fonts
       containers:
         - env:
             - name: DONT_GEN_SSL_CERT
@@ -46,15 +36,8 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230606_070951-latest
+          image: nextcloud/aio-collabora:20230613_065816-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
-          volumeMounts:
-            - mountPath: /opt/cool/systemplate/tmpfonts
-              name: nextcloud-aio-collabora-fonts
-      volumes:
-        - name: nextcloud-aio-collabora-fonts
-          persistentVolumeClaim:
-            claimName: nextcloud-aio-collabora-fonts
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
deleted file mode 100755
index ea0b9c00..00000000
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    io.kompose.service: nextcloud-aio-collabora-fonts
-  name: nextcloud-aio-collabora-fonts
-spec:
-  {{- if .Values.STORAGE_CLASS }}
-  storageClassName: {{ .Values.STORAGE_CLASS }}
-  {{- end }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.COLLABORA_FONTS_STORAGE_SIZE }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 391381f7..44ffe656 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230606_070951-latest
+          image: nextcloud/aio-postgresql:20230613_065816-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index f2018626..117a7689 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230606_070951-latest
+          image: nextcloud/aio-fulltextsearch:20230613_065816-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a117da25..83c42a10 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230606_070951-latest
+          image: nextcloud/aio-imaginary:20230613_065816-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6285972a..6e79c9c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -44,10 +44,6 @@ spec:
               value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
             - name: ADMIN_USER
               value: admin
-            - name: AIO_TOKEN
-              value: "{{ .Values.AIO_TOKEN }}"
-            - name: AIO_URL
-              value: "{{ .Values.AIO_URL }}"
             - name: CLAMAV_ENABLED
               value: "{{ .Values.CLAMAV_ENABLED }}"
             - name: CLAMAV_HOST
@@ -94,6 +90,8 @@ spec:
               value: "{{ .Values.DATABASE_PASSWORD }}"
             - name: POSTGRES_USER
               value: nextcloud
+            - name: RECORDING_SECRET
+              value: "{{ .Values.RECORDING_SECRET }}"
             - name: REDIS_HOST
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
@@ -106,6 +104,10 @@ spec:
               value: "{{ .Values.TALK_ENABLED }}"
             - name: TALK_PORT
               value: "{{ .Values.TALK_PORT }}"
+            - name: TALK_RECORDING_ENABLED
+              value: "{{ .Values.TALK_RECORDING_ENABLED }}"
+            - name: TALK_RECORDING_HOST
+              value: nextcloud-aio-talk-recording
             - name: TRUSTED_CACERTS_DIR
               value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}"
             - name: TURN_SECRET
@@ -114,7 +116,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230606_070951-latest
+          image: nextcloud/aio-nextcloud:20230613_065816-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 5e60077f..25bdfc64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230606_070951-latest
+          image: nextcloud/aio-onlyoffice:20230613_065816-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index fc5c63ea..2d37988c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230606_070951-latest
+          image: nextcloud/aio-redis:20230613_065816-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 7e883aea..b2ee62a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -24,6 +24,8 @@ spec:
     spec:
       containers:
         - env:
+            - name: INTERNAL_SECRET
+              value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
             - name: SIGNALING_SECRET
@@ -34,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230606_070951-latest
+          image: nextcloud/aio-talk:20230613_065816-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
new file mode 100755
index 00000000..5a41c65b
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk-recording
+  name: nextcloud-aio-talk-recording
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-talk-recording
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-talk-recording
+    spec:
+      containers:
+        - env:
+            - name: INTERNAL_SECRET
+              value: "{{ .Values.TALK_INTERNAL_SECRET }}"
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: RECORDING_SECRET
+              value: "{{ .Values.RECORDING_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-talk-recording:20230613_065816-latest
+          name: nextcloud-aio-talk-recording
+          ports:
+            - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
new file mode 100755
index 00000000..50016d5c
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk-recording
+  name: nextcloud-aio-talk-recording
+spec:
+  ports:
+    - name: "1234"
+      port: 1234
+      targetPort: 1234
+  selector:
+    io.kompose.service: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f3f4ac3e..b4f430f5 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -2,8 +2,10 @@ DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
+RECORDING_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+TALK_INTERNAL_SECRET:           # TODO! This needs to be a unique and good password!
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 
@@ -13,9 +15,8 @@ FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enab
 IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
-AIO_TOKEN: 123456          # Has no function but needs to be set!
-AIO_URL: localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
@@ -33,7 +34,6 @@ UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
-COLLABORA_FONTS_STORAGE_SIZE: 1Gi       # You can change the size of the collabora-fonts volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
 DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value

From 632fb6b35de34e835b57cbc91dd26ef32928e5c1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 13 Jun 2023 10:16:09 +0200
Subject: [PATCH 1090/3949] fix a detail with the helm chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 286dbee5..83c09067 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -200,12 +200,12 @@ for variable in "${VOLUME_VARIABLE[@]}"; do
 done
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
-ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
+ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"
 mapfile -t ENABLED_VARIABLES <<< "$ENABLED_VARIABLES"
 
 cd ../helm-chart/
 for variable in "${ENABLED_VARIABLES[@]}"; do
-    name="$(echo "$variable" | sed 's|_ENABLED||g' | tr '[:upper:]' '[:lower:]')"
+    name="$(echo "$variable" | sed 's|_ENABLED||g;s|_|-|g' | tr '[:upper:]' '[:lower:]')"
     # shellcheck disable=SC1083
     find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
     # shellcheck disable=SC1083

From a7989059d56e565909c88ea7da01a321980d7762 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 13 Jun 2023 12:08:02 +0000
Subject: [PATCH 1091/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 4 +++-
 .../templates/nextcloud-aio-talk-recording-service.yaml       | 2 ++
 13 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8b1d36d5..29465b3b 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.1.0
+version: 6.1.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f9d594c3..97b233f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230613_065816-latest
+          image: nextcloud/aio-apache:20230613_120442-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 1abf0400..03999b7c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230613_065816-latest
+          image: nextcloud/aio-clamav:20230613_120442-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 6af2e1e8..31583c3d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230613_065816-latest
+          image: nextcloud/aio-collabora:20230613_120442-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 44ffe656..7ecbd146 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230613_065816-latest
+          image: nextcloud/aio-postgresql:20230613_120442-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 117a7689..6c7aab94 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230613_065816-latest
+          image: nextcloud/aio-fulltextsearch:20230613_120442-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 83c42a10..6c616071 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230613_065816-latest
+          image: nextcloud/aio-imaginary:20230613_120442-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6e79c9c0..391e3405 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -116,7 +116,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230613_065816-latest
+          image: nextcloud/aio-nextcloud:20230613_120442-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 25bdfc64..331e6f8f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230613_065816-latest
+          image: nextcloud/aio-onlyoffice:20230613_120442-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 2d37988c..ca338b69 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230613_065816-latest
+          image: nextcloud/aio-redis:20230613_120442-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b2ee62a5..8bf34751 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230613_065816-latest
+          image: nextcloud/aio-talk:20230613_120442-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 5a41c65b..340acf83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -31,7 +32,8 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230613_065816-latest
+          image: nextcloud/aio-talk-recording:20230613_120442-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 50016d5c..6315bd83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -14,3 +15,4 @@ spec:
       targetPort: 1234
   selector:
     io.kompose.service: nextcloud-aio-talk-recording
+{{- end }}

From 9af7be6d89c887799b8e41ec954d6eacae87db9a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 10 Jun 2023 15:16:35 +0200
Subject: [PATCH 1092/3949] some general improvements to buttons and AIO
 interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a40ef69e..43ee8516 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -96,7 +96,7 @@
                             <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Submit" />
+                            <input class="button" type="submit" value="Submit domain" />
                         </form>
                         {% if skip_domain_validation == false %}
                             Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
@@ -173,7 +173,7 @@
                                 <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="enter the borg password"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
+                                <input class="button" type="submit" value="Submit location and password" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
@@ -352,7 +352,7 @@
                                 <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
+                                <input class="button" type="submit" value="Submit backup location" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
                         {% endif %}
@@ -380,10 +380,10 @@
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
                                         <form method="POST" action="/api/configuration" class="xhr">
-                                            <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                            <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Submit" />
+                                            <input class="button" type="submit" value="Set backup location again" />
                                         </form>
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
@@ -449,7 +449,7 @@
                                                 <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Submit" /><br>
+                                                <input class="button" type="submit" value="Submit backup time" /><br>
                                                 <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
                                             </form>
                                         {% else %}
@@ -472,7 +472,7 @@
                                             <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Submit" /><br>
+                                            <input class="button" type="submit" value="Submit additional backup locations" /><br>
                                         </form>
                                         Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
                                         Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
@@ -502,7 +502,7 @@
                                     <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button" type="submit" value="Submit" />
+                                    <input class="button" type="submit" value="Submit password change" />
                                 </form>
                                 The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
                             </details><br>
@@ -514,6 +514,9 @@
                     In this section you can enable or disable optional addons.<br><br>
                     {% if isAnyRunning == true %}
                         <b>Please note:</b> You can enable or disable them when your containers are stopped.<br><br>
+                    {% else %}
+                    
+                        <b>Please note:</b> Make sure to save your changes by clicking on the button <b>Save changes</b> that is positioned below the list of optional addons. The changes will not be auto-saved.<br><br>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -579,7 +582,7 @@
                                 <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
+                                <input class="button" type="submit" value="Submit collabora dictionaries" />
                             </form>
                             You need to make sure that the dictionaries that you enter are valid. An example is <b>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</b>.<br><br>
                         {% else %}
@@ -607,7 +610,7 @@
                                 <input type="text" name="timezone" placeholder="Europe/Berlin" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
+                                <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
                             You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
                         {% else %}

From 1f98b4ffb248e74741ae283f75973976f2f62348 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 14 Jun 2023 12:03:25 +0000
Subject: [PATCH 1093/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index a2a9a6dc..dce202e8 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.4-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v16.0.4
+ENV RECORDING_VERSION v17.0.0
 
 RUN set -ex; \
     apk add --no-cache \

From a0627fdeca22387f80a99e8b5e57f388e6aae492 Mon Sep 17 00:00:00 2001
From: Joseph <jturnism@gmail.com>
Date: Wed, 14 Jun 2023 11:58:14 -0600
Subject: [PATCH 1094/3949] Update containers.twig

tiny change to reflect exact button texts

Signed-off-by: Joseph <jturnism@gmail.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a5af8fc7..4f23b861 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -265,7 +265,7 @@
 
                     {% if has_update_available == true %}
                         {% if is_mastercontainer_update_available == false %}
-                            ⚠️ Container updates are available. Click on <b>Stop Containers</b> and <b>Start Containers</b> to update them. You should consider creating a backup first.<br><br>
+                            ⚠️ Container updates are available. Click on <b>Stop containers</b> and <b>Start and update containers</b> to update them. You should consider creating a backup first.<br><br>
                         {% endif %}
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}

From 971afa4d805cf056c39c039d76a6c34de7254c63 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 14 Jun 2023 20:55:05 +0200
Subject: [PATCH 1095/3949] update nginx reverse proxy docs for nginx v1.25.1

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 84546447..3d3dde15 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -254,9 +254,8 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
-
-Add this to you nginx config:
+Add this to you nginx config
+**Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version
 
 ```
 map $http_upgrade $connection_upgrade {
@@ -272,9 +271,13 @@ server {
         return 301 https://$host$request_uri;
     }
 
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2; # comment to disable IPv6
+    listen 443 ssl http2;      # for nginx versions below v1.25.1
+    listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
+
+    # listen 443 ssl;      # for nginx v1.25.1+
+    # listen [::]:443 ssl; # for nginx v1.25.1+ - comment to disable IPv6
 	
+    # http2 on;              # uncomment to enable HTTP/2 - supported on supported on nginx v1.25.1+
     # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # listen 443 quic;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # listen [::]:443 quic;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
@@ -311,8 +314,18 @@ server {
     ssl_session_tickets off;
 
     ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_prefer_server_ciphers on;
+
+    # Optional settings:
+
+    # OCSP stapling
+    # ssl_stapling on;
+    # ssl_stapling_verify on;
+    # ssl_trusted_certificate /etc/letsencrypt/live/<your-nc-domain>/chain.pem;
+
+    # replace with the IP address of your resolver
+    # resolver 127.0.0.1; # like 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file
 }
 
 ```
@@ -345,6 +358,7 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
 <summary>click here to expand</summary>
 
 First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privilleged ports.
 
 Second, see these screenshots for a working config:
 
@@ -363,9 +377,9 @@ client_max_body_size 0;
 ```
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
-
+<!---
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
-
+--->
 </details>
 
 ### Node.js with Express

From d7bb4d65dfab4eeccac9b3e18c6807e3ac58d0d2 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 12:48:35 +0200
Subject: [PATCH 1096/3949] Update reverse-proxy.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 3d3dde15..e31714f1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -277,7 +277,7 @@ server {
     # listen 443 ssl;      # for nginx v1.25.1+
     # listen [::]:443 ssl; # for nginx v1.25.1+ - comment to disable IPv6
 	
-    # http2 on;              # uncomment to enable HTTP/2 - supported on supported on nginx v1.25.1+
+    # http2 on;              # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
     # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # listen 443 quic;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # listen [::]:443 quic;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+

From 06eed79939c4200c676784f80ce13ea48a41a25c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 12:48:56 +0200
Subject: [PATCH 1097/3949] Update reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e31714f1..869dc81e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -275,7 +275,7 @@ server {
     listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
 
     # listen 443 ssl;      # for nginx v1.25.1+
-    # listen [::]:443 ssl; # for nginx v1.25.1+ - comment to disable IPv6
+    # listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6
 	
     # http2 on;              # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
     # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+

From c889d5a5147582248e13bfbc5ac064705ab72443 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 13:00:48 +0200
Subject: [PATCH 1098/3949] remove link to outdated config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 869dc81e..1db2ae39 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -377,9 +377,7 @@ client_max_body_size 0;
 ```
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
-<!---
-**Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete example.
---->
+
 </details>
 
 ### Node.js with Express

From c6efd29fafe77dc68cb3e79c7c2575f7111fc59b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 13:08:39 +0200
Subject: [PATCH 1099/3949] Update reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1db2ae39..38bdcb0d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -254,7 +254,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 <summary>click here to expand</summary>
 
-Add this to you nginx config
+Add this to you nginx config <br>
 **Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version
 
 ```

From 3831c275d981413a561454a84479cb6c7f4193d8 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 13:08:53 +0200
Subject: [PATCH 1100/3949] Update reverse-proxy.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 38bdcb0d..61899621 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -325,7 +325,7 @@ server {
     # ssl_trusted_certificate /etc/letsencrypt/live/<your-nc-domain>/chain.pem;
 
     # replace with the IP address of your resolver
-    # resolver 127.0.0.1; # like 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file
+    # resolver 127.0.0.1; # needed for oscp stapling: e.g. use 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file
 }
 
 ```

From a984d9e52003745ba0baf84ae537caf0957b7076 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 14 Jun 2023 18:52:59 +0200
Subject: [PATCH 1101/3949] adjust opcache and jit values

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 059c0931..1be98dd4 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -91,11 +91,12 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
     { \
-        echo 'opcache.interned_strings_buffer=32'; \
+        echo 'opcache.memory_consumption=256'; \
+        echo 'opcache.interned_strings_buffer=64'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
     echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \

From fad255869042d9f3b68ca247dc17ed732fb6ee09 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 12:39:51 +0000
Subject: [PATCH 1102/3949] update all container to alpine v3.18.3

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile          |  2 +-
 Containers/borgbackup/Dockerfile      |  2 +-
 Containers/domaincheck/Dockerfile     |  2 +-
 Containers/imaginary/Dockerfile       |  6 +++---
 Containers/mastercontainer/Dockerfile |  2 +-
 Containers/nextcloud/Dockerfile       |  2 +-
 Containers/talk/Dockerfile            | 18 ++++++++++--------
 Containers/watchtower/Dockerfile      |  2 +-
 8 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 8b6ce492..fc8a391f 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,6 +1,6 @@
 FROM caddy:2.6.4-alpine as caddy
 
-FROM httpd:2.4.57-alpine3.17
+FROM httpd:2.4.57-alpine3.18
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index cf48f52c..8e3a65a0 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.3
+FROM alpine:3.18.2
 
 RUN set -ex; \
     \
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index fc7264ef..4c4e33e8 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.3
+FROM alpine:3.18.2
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 514de406..b88adcaf 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
-FROM golang:1.20.5-alpine3.17 as go
+FROM golang:1.20.5-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 RUN set -ex; \
     apk add --no-cache \
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.17.3
+FROM alpine:3.18.2
 RUN set -ex; \
     apk add --no-cache \
         tzdata \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e844f340..280b641f 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.2-cli as docker
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
-FROM php:8.2.7-fpm-alpine3.17
+FROM php:8.2.7-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 059c0931..49f05cba 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.20-fpm-alpine3.17
+FROM php:8.1.20-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1d5f3899..ca50732f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.17-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM coturn/coturn:4.6.2-r0-alpine
+FROM coturn/coturn:4.6.2-r3-alpine
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server
@@ -14,26 +14,28 @@ RUN set -ex; \
         ca-certificates \
         tzdata \
         bash \
+        janus-gateway \
         openssl \
         supervisor \
         bind-tools \
         netcat-openbsd \
+        wget \
         shadow \
         util-linux \
         build-base \
-        lua5.3-dev \
-        luarocks5.3; \
-    apk add --no-cache janus-gateway --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+        lua5.4-dev \
+        luarocks5.4; \
     useradd --system talk; \
-    luarocks-5.3 install luajson; \
-    luarocks-5.3 install ansicolors; \
+    luarocks-5.4 install luajson; \
+    luarocks-5.4 install ansicolors; \
     rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
     apk del --no-cache \
+        wget \
         shadow \
         util-linux \
         build-base \
-        lua5.3-dev \
-        luarocks5.3; \
+        lua5.4-dev \
+        luarocks5.4; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ec8f30ad..113d8bfc 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.17.3
+FROM alpine:3.18.2
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

From 9bef36ca9026cc75d7bba3f64f359881bd8ab107 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 14:57:37 +0200
Subject: [PATCH 1103/3949] try to fix talk and imaginary-update workflows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/imaginary-update.yml | 2 +-
 .github/workflows/talk.yml             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 8732c952..dd9e35b3 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|^ENV IMAGINARY_HASH.*|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index ed3d5dae..cdf7becd 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -21,7 +21,7 @@ jobs:
             | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
         curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling

From 17caf685e6b1900cff10a6cd895d50afa617d2be Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:03:24 +0200
Subject: [PATCH 1104/3949] Some adjustments

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 61899621..cc845072 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -254,8 +254,11 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 <summary>click here to expand</summary>
 
-Add this to you nginx config <br>
-**Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version
+**Disclaimer:** This config was tested and should normally work on all modern nginx version if you configure it correctly. Improvements to the config are very welcome!
+
+Add the below template to you nginx config.
+
+**Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version.
 
 ```
 map $http_upgrade $connection_upgrade {

From 713d48eecd1494524951900de24589760375e105 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:04:18 +0200
Subject: [PATCH 1105/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 2f87e0c0..9f6196d7 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.3.3.50
+FROM onlyoffice/documentserver:7.4.0.1
 
 # USER root is probably used
 

From bcf0f92d8781fa2cb8c1e2bbf9f2f99ca0fa16fb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:06:40 +0200
Subject: [PATCH 1106/3949] also adjust it in the doc

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index cf4b0c93..89038fec 100644
--- a/readme.md
+++ b/readme.md
@@ -290,7 +290,7 @@ This project values stability over new features. That means that when a new majo
 You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa.
 
 ### How to update the containers?
-If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
+If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
 
 If a new `Mastercontainer` update was found, you'll see an additional section below the `containers` section which shows that a mastercontainer update is available. If so, you can simply press on the button to update the container.
 

From f89d62abb26593df3cb7ce2cf99618b6569bd93b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:10:04 +0200
Subject: [PATCH 1107/3949] adjust docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 readme.md                             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 280b641f..43fbc00b 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -4,7 +4,7 @@ FROM docker:24.0.2-cli as docker
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
+# From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.7-fpm-alpine3.18
 
 EXPOSE 80
diff --git a/readme.md b/readme.md
index cf4b0c93..aed80ad8 100644
--- a/readme.md
+++ b/readme.md
@@ -620,7 +620,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.18. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 9c2ac69eacc9ffdd641c814d7a1a5b083bd5c275 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Jun 2023 13:17:10 +0000
Subject: [PATCH 1108/3949] Bump nats from 2.9.17-scratch to 2.9.18-scratch in
 /Containers/talk

Bumps nats from 2.9.17-scratch to 2.9.18-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ca50732f..efbc0781 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.17-scratch as nats
+FROM nats:2.9.18-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-r3-alpine
 USER root

From bf24c10e9abedfeec3eda1a2324785b6d01c4c65 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:22:57 +0200
Subject: [PATCH 1109/3949] update to 3.18.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 19e72121..2a1b7e30 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.1
+FROM alpine:3.18.2
 
 COPY --chmod=775 start.sh /start.sh
 

From a99ecaa4cc865069b7de81a3f2f6d1c68ccb0288 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:28:06 +0200
Subject: [PATCH 1110/3949] remove line

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 43ee8516..4caca113 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -515,7 +515,6 @@
                     {% if isAnyRunning == true %}
                         <b>Please note:</b> You can enable or disable them when your containers are stopped.<br><br>
                     {% else %}
-                    
                         <b>Please note:</b> Make sure to save your changes by clicking on the button <b>Save changes</b> that is positioned below the list of optional addons. The changes will not be auto-saved.<br><br>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">

From 051f202fdfbe3f067fa19f6c26c0e728c07be650 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 15:42:26 +0200
Subject: [PATCH 1111/3949] fix postgres build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 4 ----
 Containers/postgresql/start.sh   | 5 +++++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index ee5dd70a..51590246 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -27,10 +27,6 @@ RUN set -ex; \
     mkdir /mnt/data; \
     chown postgres:postgres /mnt/data; \
     \
-# Modify conf
-    grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; \
-    sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf; \
-    \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     apk --no-cache del openssl;
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 0a88e5cb..8f033b7a 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -153,6 +153,11 @@ if [ -n "$MAX_CONNECTIONS" ]; then
     sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
 fi
 
+# Modify conf
+if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
+    sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
+fi
+
 # Catch docker stop attempts
 trap 'true' SIGINT SIGTERM
 

From ec9e4d4dc3b2871d837c6d2347e3bf2d71527af5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 16:01:07 +0200
Subject: [PATCH 1112/3949] Revert "make borgbackup read-only"

---
 php/containers.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index ca0156ed..baa6b50a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,8 +410,7 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true,
-      "read_only": true
+      "apparmor_unconfined": true
     },
     {
       "container_name": "nextcloud-aio-watchtower",

From 276a85421aa476dfb9249cc055bea9bea8b3c61b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 16:11:48 +0200
Subject: [PATCH 1113/3949] fix internal_port of notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index baa6b50a..93421eac 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -201,7 +201,7 @@
       "expose": [
         "7867"
       ],
-      "internal_port": "7876",
+      "internal_port": "7867",
       "secrets": [
         "REDIS_PASSWORD",
         "POSTGRES_PASSWORD"

From dd053182f9f2cf737e106ff671a5c7f014be8516 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 16:12:36 +0200
Subject: [PATCH 1114/3949] ffix nextcloud health check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/healthcheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh
index df87360c..97d6a689 100644
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -2,6 +2,6 @@
 
 nc -z "$POSTGRES_HOST" 5432 || exit 0
 
-if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
+if ! nc -z localhost 9000; then
     exit 1
 fi

From 4f253b5d31d246032ece65dd0fb611020b6480c9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 16:13:53 +0200
Subject: [PATCH 1115/3949] fix healthcheck of notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 2a1b7e30..cc6ac3c0 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -5,6 +5,7 @@ COPY --chmod=775 start.sh /start.sh
 RUN set -ex; \
     apk add --no-cache \
         ca-certificates \
+        netcat-openbsd \
         tzdata \
         bash \
         openssl; \

From cf426fdabbcb65b31378b40b574920246db963e2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 16:45:16 +0200
Subject: [PATCH 1116/3949] fix janus not finding luajson

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index efbc0781..c5222d52 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -23,19 +23,19 @@ RUN set -ex; \
         shadow \
         util-linux \
         build-base \
-        lua5.4-dev \
-        luarocks5.4; \
+        lua5.3-dev \
+        luarocks5.3; \
     useradd --system talk; \
-    luarocks-5.4 install luajson; \
-    luarocks-5.4 install ansicolors; \
+    luarocks-5.3 install luajson; \
+    luarocks-5.3 install ansicolors; \
     rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
     apk del --no-cache \
         wget \
         shadow \
         util-linux \
         build-base \
-        lua5.4-dev \
-        luarocks5.4; \
+        lua5.3-dev \
+        luarocks5.3; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \

From fde954be5116ae0fcd393810e6e8cd4d82ad36be Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 17:00:59 +0200
Subject: [PATCH 1117/3949] fix one last spacing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 32c2a913..cee41aa5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -570,7 +570,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}

From 20167ab914dbbddd30ecd919da2930a7bf5cb5bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 17:03:20 +0200
Subject: [PATCH 1118/3949] change starting order of notify-push to start after
 nextcloud container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 93421eac..745f775c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -6,8 +6,8 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
-        "nextcloud-aio-notify-push",
-        "nextcloud-aio-nextcloud"
+        "nextcloud-aio-nextcloud",
+        "nextcloud-aio-notify-push"
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",

From daed2bdfb40549a5ebf05f24db8b4306991ad846 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 15 Jun 2023 22:47:15 +0200
Subject: [PATCH 1119/3949] remove wget form talk container as not needed
 anymore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index c5222d52..9b3e90b3 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -19,7 +19,6 @@ RUN set -ex; \
         supervisor \
         bind-tools \
         netcat-openbsd \
-        wget \
         shadow \
         util-linux \
         build-base \
@@ -30,7 +29,6 @@ RUN set -ex; \
     luarocks-5.3 install ansicolors; \
     rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
     apk del --no-cache \
-        wget \
         shadow \
         util-linux \
         build-base \

From e28ef49663cdb7b5b413f37e385f0d2f80b189b0 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 23:01:12 +0200
Subject: [PATCH 1120/3949] Nginx reverse proxy docs again

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index cc845072..db238431 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -280,11 +280,12 @@ server {
     # listen 443 ssl;      # for nginx v1.25.1+
     # listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6
 	
-    # http2 on;              # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
-    # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # listen 443 quic;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # listen [::]:443 quic;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400'; # uncomment to enable HTTP3/QUIC - supported on nginx v1.25.0+
+    # http2 on;                                 # uncomment to enable HTTP/2        - supported on nginx v1.25.1+
+    # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP3 / QUIC  - supported on nginx v1.25.0+
+    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport
+    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport - keep comment to disable IPv6
 
     server_name <your-nc-domain>;
 

From 81e0490e632cd80d331dadddb10ed5090cafdef1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 15 Jun 2023 23:02:36 +0200
Subject: [PATCH 1121/3949] adjust wording

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index db238431..83742675 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -283,7 +283,7 @@ server {
     # http2 on;                                 # uncomment to enable HTTP/2        - supported on nginx v1.25.1+
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP3 / QUIC  - supported on nginx v1.25.0+
+    # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport
     # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport - keep comment to disable IPv6
 

From 14b598adc4435d4a80b9f4091104e3e2a297a3d5 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 16 Jun 2023 11:52:02 +0200
Subject: [PATCH 1122/3949] Update reverse-proxy.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 83742675..fe5f83a1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -284,8 +284,8 @@ server {
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport
-    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listner on port 443 with enabled reuseport - keep comment to disable IPv6
+    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
+    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
 
     server_name <your-nc-domain>;
 

From 421d329e356f46ed060dd8963e7c48e44459628c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 12:10:12 +0200
Subject: [PATCH 1123/3949] fix notify-push container startup

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 745f775c..1fadc91f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -204,7 +204,7 @@
       "internal_port": "7867",
       "secrets": [
         "REDIS_PASSWORD",
-        "POSTGRES_PASSWORD"
+        "DATABASE_PASSWORD"
       ],
       "volumes": [
         {

From 65bb0cdf9194f7698e7dc8678959f8f993fa8561 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 12:18:06 +0200
Subject: [PATCH 1124/3949] adjust detail in containers.twig

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cee41aa5..0652d599 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -378,7 +378,7 @@
                                         </details><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
-                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
+                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <b>Create Backup</b> for testing the new value.<br /><br />
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">

From d9e923de0b79b2d904dc8f386db82aeaf9c1f5fd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 12:28:39 +0200
Subject: [PATCH 1125/3949] fix spacing after talk-recording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0652d599..fbbb922b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -558,9 +558,9 @@
                             <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_talk_recording_enabled == true %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label><br>
+                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label><br>
+                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label><br><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>

From 3b52620c8d350827414bbad328c4ec8734f9c729 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 12:50:35 +0200
Subject: [PATCH 1126/3949] make more verbose what to do when using cloudflare
 tunnel and talk

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index c2e0d311..2e6b6d7f 100644
--- a/readme.md
+++ b/readme.md
@@ -201,7 +201,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
-- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
+- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 

From 997360da7f0605544439182acc9f6ea51aa00042 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 13:44:44 +0200
Subject: [PATCH 1127/3949] correctly delete not needed directories

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 43fbc00b..f3d7f4d7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -62,7 +62,7 @@ RUN set -ex; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    find ./ -not -path ./php -maxdepth 1 -mindepth 1 -delete; \
+    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -delete; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \

From 193cc26a323f6d07551359acc8fa50fc4293e179 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 16 Jun 2023 12:02:24 +0000
Subject: [PATCH 1128/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b88adcaf..4850d0bd 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.20.5-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 RUN set -ex; \
     apk add --no-cache \

From 4ff9d1b136d7dac51f325ebd9a3533960b18e83f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 14:24:44 +0200
Subject: [PATCH 1129/3949] make imaginary read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 1fadc91f..fc46b73d 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -525,7 +525,8 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ]
+      ],
+      "read_only": true
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",

From e22afe6031b6d36a5a34b3eab8e330a98facd8eb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 15:14:40 +0200
Subject: [PATCH 1130/3949] fix the deletion of files and folders during
 mastercontainer build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f3d7f4d7..3fb5b914 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -62,7 +62,7 @@ RUN set -ex; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -delete; \
+    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -exec rm -r {} \; ; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \

From 75a32f6cf0d39339b7f7e978f52e72a0edb33761 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 15:15:16 +0200
Subject: [PATCH 1131/3949] only modify postgresql.conf if it exists

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 8f033b7a..75a86abd 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -146,16 +146,19 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
     rm -rf "${DATADIR:?}/"*
 fi
 
-echo "Setting max connections..."
-MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-MAX_CONNECTIONS=$((MEMORY/50+3))
-if [ -n "$MAX_CONNECTIONS" ]; then
-    sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
-fi
+# Modify postgresql.conf
+if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
+    echo "Setting max connections..."
+    MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+    MAX_CONNECTIONS=$((MEMORY/50+3))
+    if [ -n "$MAX_CONNECTIONS" ]; then
+        sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
+    fi
 
-# Modify conf
-if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
-    sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
+    # Modify conf
+    if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
+        sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
+    fi
 fi
 
 # Catch docker stop attempts

From 3fa798f192b98dcb6e06e93a9c218b5d63dcdc6b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 16:05:05 +0200
Subject: [PATCH 1132/3949] adjust some docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 4 ++--
 readme.md                | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index ee6e8dd9..838541eb 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -28,9 +28,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
 Now you should be ready to go with `sudo docker-compose up`.
 
 ## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
 
-For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
diff --git a/readme.md b/readme.md
index 2e6b6d7f..e6aab9c1 100644
--- a/readme.md
+++ b/readme.md
@@ -60,6 +60,7 @@ Included are:
 - Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
 - Almost all included containers Alpine Linux based (good for security and size)
 - Many of the included containers run as non-root user (good for security)
+- Some of the included containers have a read-only root-FS (good for security)
 - Included containers run in its own docker network (good for security) and only really necessary ports are exposed on the host
 - [Multiple instances on one server](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) are doable without having to deal with VMs
 - Adjustable backup path from the AIO interface (good to put the backups e.g. on a different drive)

From 09d2dc3aba6e679cd487541fa3c60a6deb6e09f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 16:05:50 +0200
Subject: [PATCH 1133/3949] typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 838541eb..602488e6 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -28,7 +28,7 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
 Now you should be ready to go with `sudo docker-compose up`.
 
 ## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
 
 For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
 

From 86ac831bb2068fe2bb6beccfc28afc7867b4c58d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 23:18:47 +0200
Subject: [PATCH 1134/3949] adjust compose.yaml a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 473f4dfe..37d17697 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -11,12 +11,12 @@ services:
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
-      # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
+      # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
@@ -51,7 +51,6 @@ volumes:
 
 # # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
 # # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
-# # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 # networks:
 #   nextcloud-aio:
 #     name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO

From 370f4199c0e252e662a8e9cbb99395b27ef0792c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 23:31:05 +0200
Subject: [PATCH 1135/3949] add some more warnings

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml | 2 +-
 readme.md    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 37d17697..324b80ea 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -25,7 +25,7 @@ services:
       # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
       # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
diff --git a/readme.md b/readme.md
index e6aab9c1..1f68f4b6 100644
--- a/readme.md
+++ b/readme.md
@@ -537,11 +537,11 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to change the default location of Nextcloud's Datadir?
-⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
+⚠️⚠️⚠️ **Warning:** Warning: do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 
-- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using and external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
+- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
 - On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
@@ -632,7 +632,7 @@ You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick exte
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-⚠️ Attention: this only works if the `/dev/dri` device is present on the host! If it should not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start!
+⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it should not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 

From 0ad2591f539613bf26807c9185c679c24af898b0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 23:35:47 +0200
Subject: [PATCH 1136/3949] adjust wording around datadir failure

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 8d9864f9..700cce2c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -436,8 +436,9 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
     if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-        echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+        echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
         echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+        echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
         echo "In the datadir was found:"
         ls -la "$NEXTCLOUD_DATA_DIR/"
         exit 1

From 3b85c59a682430c0eaabd615709b1d87f843f7f4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 22:54:49 +0200
Subject: [PATCH 1137/3949] Make clear that Cloudflare Tunnel is also a reverse
 proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml                         | 8 ++++----
 manual-install/sample.conf           | 4 ++--
 manual-install/update-yaml.sh        | 4 ++--
 nextcloud-aio-helm-chart/values.yaml | 2 +-
 php/templates/containers.twig        | 4 ++--
 readme.md                            | 8 ++++----
 reverse-proxy.md                     | 2 +-
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 324b80ea..8f74ccf6 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -7,13 +7,13 @@ services:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
     ports:
-      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
-      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 5ac19168..cf0aae72 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -17,9 +17,9 @@ ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
-APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index ce94bba3..70e1b8a5 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -78,8 +78,8 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
-sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index b4f430f5..4e2ab3a0 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -18,7 +18,7 @@ TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the op
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fbbb922b..b090b540 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -84,9 +84,9 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
                         {% else %}
-                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
+                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}
                         Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
diff --git a/readme.md b/readme.md
index 1f68f4b6..11b950ed 100644
--- a/readme.md
+++ b/readme.md
@@ -77,15 +77,15 @@ Included are:
 | ![image](https://user-images.githubusercontent.com/42591237/232849125-30e24c85-bfd7-465e-8310-9b69cd9666fe.png) | ![image](https://user-images.githubusercontent.com/42591237/232849036-28c38d9a-3151-4cf1-97a5-4d94c1f0eba0.png) |
 
 ## How to use this?
-The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
     ```sh
     curl -fsSL https://get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
+2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:
     ```
-    # For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
+    # For Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:
     sudo docker run \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
@@ -304,7 +304,7 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 **⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
 If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
-If you are running AIO behind a web server or reverse proxy (like Apache, Nginx and else), you need to obviously also change the domain in your reverse proxy config.
+If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
 
 ### How to properly reset the instance?
 If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index fe5f83a1..f9c021e8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify the port to your needings.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify the port to your needings.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**

From 1c595ab2ef597f33fc0c3616cfeedfa1512ea2fa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 16 Jun 2023 23:55:43 +0200
Subject: [PATCH 1138/3949] add empty line before storage class in helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 83c09067..dfd67093 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -193,6 +193,7 @@ sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
+echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do

From db1f3e77590f6135f772f694d7286e8ae8dac91e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 00:03:44 +0200
Subject: [PATCH 1139/3949] compose - add link to talk-port docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 324b80ea..c8411e83 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -26,7 +26,7 @@ services:
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
       # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file

From 066ecbfb1129686b5727e9b42c2b47dc08c4145c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 08:48:45 +0200
Subject: [PATCH 1140/3949] add a hint that opening port 80 and 443 manually is
 needed in case of network_mode: host

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f9c021e8..32405cdc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -80,7 +80,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -102,7 +102,7 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -126,7 +126,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -244,7 +244,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -334,7 +334,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -380,7 +380,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -468,7 +468,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 ```
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -486,7 +486,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 </details>
 
@@ -569,7 +569,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
@@ -676,6 +676,7 @@ If something does not work, follow the steps below:
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.
 1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below.
+1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 and 80.
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain).
 1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!

From f99136f5534713ebbc52970942efc98fb47882a9 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 17 Jun 2023 12:02:08 +0000
Subject: [PATCH 1141/3949] dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 599fdbef..4c6b9015 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -626,16 +626,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.2",
+            "version": "7.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "5d1a8664e24f23b25e0426bbcb1288287fb49181"
+                "reference": "d5dad2500f409d8b78371823c8b382fe9b5d0917"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/5d1a8664e24f23b25e0426bbcb1288287fb49181",
-                "reference": "5d1a8664e24f23b25e0426bbcb1288287fb49181",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d5dad2500f409d8b78371823c8b382fe9b5d0917",
+                "reference": "d5dad2500f409d8b78371823c8b382fe9b5d0917",
                 "shasum": ""
             },
             "require": {
@@ -649,13 +649,13 @@
             },
             "require-dev": {
                 "friendsofphp/php-cs-fixer": "^3",
+                "friendsofphp/proxy-manager-lts": "^1",
                 "mnapoli/phpunit-easymock": "^1.3",
-                "ocramius/proxy-manager": "^2.11.2",
                 "phpunit/phpunit": "^9.5",
                 "vimeo/psalm": "^4.6"
             },
             "suggest": {
-                "ocramius/proxy-manager": "Install it if you want to use lazy injection (version ^2.3)"
+                "friendsofphp/proxy-manager-lts": "Install it if you want to use lazy injection (version ^1)"
             },
             "type": "library",
             "autoload": {
@@ -683,7 +683,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.2"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.3"
             },
             "funding": [
                 {
@@ -695,7 +695,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-02-07T17:34:03+00:00"
+            "time": "2023-06-17T10:21:14+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 2d22e4a3913094726298e7ba63a22292a494c725 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 12:13:40 +0200
Subject: [PATCH 1142/3949] Use codespell instead of reviewdog for spellcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/codespell.yml         | 20 ++++++++++++++++++++
 .github/workflows/spellcheck.yml        | 23 -----------------------
 compose.yaml                            |  2 +-
 local-instance.md                       |  4 ++--
 php/src/Docker/DockerActionManager.php  |  2 +-
 php/templates/containers.twig           |  2 +-
 readme.md                               | 12 ++++++------
 tests/QA/060-environmental-variables.md |  2 +-
 tests/QA/070-timezone-change.md         |  2 +-
 9 files changed, 33 insertions(+), 36 deletions(-)
 create mode 100644 .github/workflows/codespell.yml
 delete mode 100644 .github/workflows/spellcheck.yml

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 00000000..5c95721c
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,20 @@
+name: 'Codespell'
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  codespell:
+    name: Check spelling
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Check spelling
+        uses: codespell-project/actions-codespell@v1
+        with:
+          check_filenames: true
+          check_hidden: true
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
deleted file mode 100644
index 49c9b116..00000000
--- a/.github/workflows/spellcheck.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: 'Spellcheck'
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  spellcheck:
-    name: Check spelling
-    runs-on: ubuntu-latest
-    steps:
-      - name: spelling or typos
-        uses: actions/checkout@v3
-      - name: fix permission for reviewdog
-        run: sudo chown -R root:root $GITHUB_WORKSPACE
-      - name: misspell
-        uses: reviewdog/action-misspell@v1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          locale: "US"
-          fail_on_error: true
diff --git a/compose.yaml b/compose.yaml
index 32cadfc0..37573f94 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -21,7 +21,7 @@ services:
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
-      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
       # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
diff --git a/local-instance.md b/local-instance.md
index 602e4b2b..aa4bd8e6 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -6,14 +6,14 @@ The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
-1. Enter the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
 ## 2. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
 ## 3. Use Cloudflare
-If you do not have any contol over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
+If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
 ## 4. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8663aeea..33fa1956 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -369,7 +369,7 @@ class DockerActionManager
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {
-                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
                     }
                     $replacements[1] = $secret;
                 }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b090b540..99be7b97 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -433,7 +433,7 @@
 
                                     {% if has_backup_run_once == true %}
                                         <h3>Backup check</h3>
-                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it should't be needed in most situtations.<br><br/>
+                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it shouldn't be needed in most situations.<br><br/>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/readme.md b/readme.md
index 11b950ed..6a42db60 100644
--- a/readme.md
+++ b/readme.md
@@ -41,7 +41,7 @@ Included are:
 - `ffmpeg`, `smbclient` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
-- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud containe
+- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
@@ -211,7 +211,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 
 ### Disrecommended VPS providers
 - Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
-- Hostingers VPS seem to miss a specifc Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
+- Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
 
 ### Recommended VPS
 In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
@@ -237,7 +237,7 @@ No and they will not be. If you want to run it locally, without opening Nextclou
 No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
 
 ### Can I use AIO with multiple domains?
-No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create mutiple AIO instances, one for each domain.
+No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
 No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
@@ -303,7 +303,7 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 ### How to change the domain?
 **⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
-If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
+If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, substitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
 If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
 
 ### How to properly reset the instance?
@@ -613,7 +613,7 @@ Yes. For that to work, you need to use and follow the [helm-chart documentation]
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### Can I run this with Podman instead of Docker?
-No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
+No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
@@ -685,7 +685,7 @@ What are the requirements?
 4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
 
-### How to trust user-defiend Certification Authorities (CA)?
+### How to trust user-defined Certification Authorities (CA)?
 For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
 
 You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 0c90d457..dec77dea 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -14,7 +14,7 @@
 - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
-See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
 - [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
diff --git a/tests/QA/070-timezone-change.md b/tests/QA/070-timezone-change.md
index cc6ae352..d9ae9f59 100644
--- a/tests/QA/070-timezone-change.md
+++ b/tests/QA/070-timezone-change.md
@@ -5,6 +5,6 @@
 - [ ] If not already set, it should show an input field where you can enter a timezone
 - [ ] `Europe/Berlin` should be accepted, e.g. `Europe Berlin` not
 - [ ] When it is set, it should show that it is set to which timezone and display a button that allows to reset it again which does this on a press
-- [ ] When it is set, running `date` inside Nextcloud releated containers should return the correct timezone
+- [ ] When it is set, running `date` inside Nextcloud related containers should return the correct timezone
 
 You can now continue with [080-daily-backup-script.md](./080-daily-backup-script.md)
\ No newline at end of file

From 0097abaed0d9e5de55873e054f8be2c8b14d8801 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 19:21:57 +0200
Subject: [PATCH 1143/3949] Apparently wget is required for lua since alpine
 3.18

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 9b3e90b3..5e65af04 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -22,6 +22,7 @@ RUN set -ex; \
         shadow \
         util-linux \
         build-base \
+        wget \
         lua5.3-dev \
         luarocks5.3; \
     useradd --system talk; \
@@ -32,6 +33,7 @@ RUN set -ex; \
         shadow \
         util-linux \
         build-base \
+        wget \
         lua5.3-dev \
         luarocks5.3; \
     \

From cbba4cc2e6edf736aff298939db04df37177d65e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 20:49:21 +0200
Subject: [PATCH 1144/3949] also compress css and svg files

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 4 ++--
 readme.md                        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index b580cb59..972987a8 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -11,9 +11,9 @@ Listen 8000
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
 
-    # Enable Brotli compression for js files
+    # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
     <IfModule mod_brotli.c>
-        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript
+        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
         BrotliCompressionQuality 0
     </IfModule>
 
diff --git a/readme.md b/readme.md
index 6a42db60..3b9907f3 100644
--- a/readme.md
+++ b/readme.md
@@ -29,7 +29,7 @@ Included are:
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
-- Brotli compression enabled by default for javascript files which reduces Nextcloud load times
+- Brotli compression enabled by default for javascript, css and svg files which reduces Nextcloud load times
 - HTTP/2 and HTTP/3 enabled
 - "Pretty URLs" for Nextcloud are enabled by default (removes the index.php from all links)
 - Video previews work out of the box and when Imaginary is enabled, many recent image formats as well!

From 0a5c4d3d99e2fb81cf9a9305f7d60cf07bc07ea7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 17 Jun 2023 23:01:44 +0200
Subject: [PATCH 1145/3949] Adjust Apache LogFormat

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index b580cb59..d5e91baf 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,8 +3,11 @@ Listen 8000
     ServerName localhost
 
     # Add error log
-    CustomLog /proc/self/fd/1 combined
+    CustomLog /proc/self/fd/1 proxy
+    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
     ErrorLog /proc/self/fd/2
+    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
+    LogLevel warn
 
     # PHP match
     <FilesMatch "\.php$">

From cc66d0dc4bcf8f2687fe37529fb0673979a1f539 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 01:04:42 +0200
Subject: [PATCH 1146/3949] fix and adjust mastercontainer apache logging

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile           | 5 +++++
 Containers/mastercontainer/mastercontainer.conf | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3fb5b914..82f94304 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -80,6 +80,8 @@ RUN set -ex; \
     \
     sed -i \
             -e '/^Listen /d' \
+            -e 's/^LogLevel .*/LogLevel error/' \
+            -e 's|^ErrorLog .*|ErrorLog /proc/self/fd/2|' \
             -e 's/User apache/User www-data/g' \
             -e 's/Group apache/Group www-data/g' \
             -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
@@ -95,6 +97,9 @@ RUN set -ex; \
         mkdir -p /etc/apache2/logs; \
         rm /etc/apache2/conf.d/ssl.conf; \
         echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
+        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
+        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
+        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
         echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index e56bac19..701cb420 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -11,8 +11,11 @@ Listen 8080
     ServerName localhost
 
     # Add error log
-    CustomLog /proc/self/fd/1 combined
+    CustomLog /proc/self/fd/1 proxy
+    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
     ErrorLog /proc/self/fd/2
+    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
+    LogLevel warn
 
     # PHP match
     <FilesMatch "\.php$">

From 776e350e5214596a577c15d8829e62ee28b04ea7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 01:46:37 +0200
Subject: [PATCH 1147/3949] talk and redis - adjust location of entrypoints

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/redis/Dockerfile | 4 ++--
 Containers/talk/Dockerfile  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 5bec5f8e..12c1c0d4 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
 FROM redis:7.0.11-alpine
 
-COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 start.sh /start.sh
 
 RUN set -ex; \
     apk add --no-cache openssl bash; \
@@ -10,7 +10,7 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER redis
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5e65af04..063eae50 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -6,7 +6,7 @@ USER root
 COPY --from=nats /nats-server /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
-COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=775 start.sh /start.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
@@ -64,7 +64,7 @@ RUN set -ex; \
 ENV TALK_PORT=3478
 
 USER talk
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1

From c3e71f2c1910a4946d45e629f62f2f88110a2567 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 02:46:42 +0200
Subject: [PATCH 1148/3949] update helm.sh script for tmpfs volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index dfd67093..11fb8137 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -113,6 +113,10 @@ find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/medium: Memory/d" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: {}|" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  

From 3dec47dc044bd7c2e6cd050a634f13e02c5ce6b8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 11:58:46 +0200
Subject: [PATCH 1149/3949] add docs on how to run AIO on TrueNas Scale

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 1 +
 readme.md                           | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c1929024..3d28b218 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -63,6 +63,7 @@ if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "If you are on Docker Desktop v4.19 or higher, see https://github.com/nextcloud/all-in-one/issues/2450"
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
+    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
diff --git a/readme.md b/readme.md
index 3b9907f3..be95bbf9 100644
--- a/readme.md
+++ b/readme.md
@@ -194,6 +194,11 @@ If you have the NAS setup on your local network (which is most often the case) y
 ### How to run AIO with Portainer?
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
+### Can I run AIO on TrueNAS SCALE?
+On TrueNAS SCALE, there are two options to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
+
+Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
+
 ### Notes on Cloudflare (proxy/tunnel)
 - Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation

From 373f9e3c243294b54d87cf68767785466f1a453a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 12:09:31 +0200
Subject: [PATCH 1150/3949] add further hints for other options

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 3d28b218..7d838632 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -29,10 +29,13 @@ fi
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
+    echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
     print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
+    echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
+    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."

From bc0570440e38cfc3214503a34b3029e6a2def6a8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 18 Jun 2023 12:15:56 +0200
Subject: [PATCH 1151/3949] adjust word

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index be95bbf9..66cd5f3c 100644
--- a/readme.md
+++ b/readme.md
@@ -195,7 +195,7 @@ If you have the NAS setup on your local network (which is most often the case) y
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
 ### Can I run AIO on TrueNAS SCALE?
-On TrueNAS SCALE, there are two options to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
+On TrueNAS SCALE, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
 
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 

From 5e3ef12afb05c7a6edb9ccd8dfd6f6dcd079af04 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 01:06:25 +0200
Subject: [PATCH 1152/3949] coturn container - pin alpine version manually

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5e65af04..cf891578 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,6 +2,8 @@ FROM nats:2.9.18-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-r3-alpine
 USER root
+# Pin alpine version manually as long as https://github.com/coturn/coturn/issues/1226 is not done
+ENV ALPINE_VERSION=3.18
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
@@ -10,6 +12,7 @@ COPY --chmod=775 start.sh /usr/bin/start.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
+    grep VERSION_ID /etc/os-release | grep -q "$ALPINE_VERSION.[0-9]\+$"; \
     apk add --no-cache \
         ca-certificates \
         tzdata \

From a1727d3f4f984ca8b92eae6209d9b81380663308 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:04:39 +0200
Subject: [PATCH 1153/3949] allow to add tmpfs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 7 +++++++
 php/src/Container/Container.php        | 7 +++++++
 php/src/ContainerDefinitionFetcher.php | 6 ++++++
 php/src/Docker/DockerActionManager.php | 5 +++++
 4 files changed, 25 insertions(+)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 1c7527e6..a5811ed8 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -137,6 +137,13 @@
 					"read_only": {
 						"type": "boolean"
 					},
+					"tmpfs": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^/[a-z/]$"
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 6fa6585b..1782211a 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -31,6 +31,7 @@ class Container {
     private array $backupVolumes;
     private array $nextcloudExecCommands;
     private bool $readOnlyRootFs;
+    private array $tmpfs;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -52,6 +53,7 @@ class Container {
         array $backupVolumes,
         array $nextcloudExecCommands,
         bool $readOnlyRootFs,
+        array $tmpfs,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -72,6 +74,7 @@ class Container {
         $this->backupVolumes = $backupVolumes;
         $this->nextcloudExecCommands = $nextcloudExecCommands;
         $this->readOnlyRootFs = $readOnlyRootFs;
+        $this->tmpfs = $tmpfs;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -111,6 +114,10 @@ class Container {
         return $this->secrets;
     }
 
+    public function GetTmpfs() : array {
+        return $this->tmpfs;
+    }
+
     public function GetDevices() : array {
         return $this->devices;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index e23262ce..65e55a0a 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -267,6 +267,11 @@ class ContainerDefinitionFetcher
                 $readOnlyRootFs = $entry['read_only'];
             }
 
+            $tmpfs = [];
+            if (isset($entry['tmpfs'])) {
+                $tmpfs = $entry['tmpfs'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -286,6 +291,7 @@ class ContainerDefinitionFetcher
                 $backupVolumes,
                 $nextcloudExecCommands,
                 $readOnlyRootFs,
+                $tmpfs,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 33fa1956..eb10b473 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -430,6 +430,11 @@ class DockerActionManager
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
+        $tmpfs = $container->GetTmpfs();
+        if (count($tmpfs) > 0) {
+            $requestBody['HostConfig']['Tmpfs'] = $tmpfs;
+        }
+
         $capAdds = $container->GetCapAdds();
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;

From 7a85532755dce38c319519d446e7ea544ed021f5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:07:54 +0200
Subject: [PATCH 1154/3949] Make borg read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index fc46b73d..66cc2a7f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,7 +410,11 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",

From 571b2feded538351ae72e0fa29f5360898b81521 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:30:36 +0200
Subject: [PATCH 1155/3949] fix pattern

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index a5811ed8..5de79492 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/]$"
+							"pattern": "^/[a-z/]+$"
 						}
 					},
 					"volumes": {

From 251f0b89a0be3dfd732407c0eba231a1c7be4020 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:39:56 +0200
Subject: [PATCH 1156/3949] increase to 6.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 99be7b97..e019aab5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.1.1</h1>
+        <h1>Nextcloud AIO v6.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 89b349574094290326d6ea31bfd7731ec7e17d82 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:10:02 +0200
Subject: [PATCH 1157/3949] fix tmpfs creation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index eb10b473..cd857b1b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -430,9 +430,12 @@ class DockerActionManager
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
-        $tmpfs = $container->GetTmpfs();
+        $tmpfs = [];
+        foreach($container->GetTmpfs() as $tmp) {
+            $tmpfs[$tmp] = "";
+        }
         if (count($tmpfs) > 0) {
-            $requestBody['HostConfig']['Tmpfs'] = $tmpfs;
+            $requestBody['HostConfig']['Tmpfs'] =  $tmpfs;
         }
 
         $capAdds = $container->GetCapAdds();

From 66ce6cb03fdc63ec7f44b570521b34b3c3ac2b7a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:25:51 +0200
Subject: [PATCH 1158/3949] try to fix backup restore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 350aeb93..6888dbe7 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -297,7 +297,7 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/session/**" \
-    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
+    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
         RESTORE_FAILED=1
         echo "Something failed while restoring from backup."
     fi

From 7b7e3fdc049c045fda40cc40fc1134e15b5eb90e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:28:51 +0200
Subject: [PATCH 1159/3949] another attempt to fix backup restore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 66cc2a7f..997cd57c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -413,7 +413,8 @@
       "apparmor_unconfined": true,
       "read_only": true,
       "tmpfs": [
-        "/tmp"
+        "/tmp",
+        "/nextcloud_aio_volumes"
       ]
     },
     {

From 680dbc54329070d8642b6067bd61ed13ff3b6dee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:30:47 +0200
Subject: [PATCH 1160/3949] also allow underslash in tmpfs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 5de79492..84343317 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/]+$"
+							"pattern": "^/[a-z/_]+$"
 						}
 					},
 					"volumes": {

From 955d486ade1aae96b4861ce7445f55c5893ccfd4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Jun 2023 12:59:51 +0000
Subject: [PATCH 1161/3949] Bump codespell-project/actions-codespell from 1 to
 2

Bumps [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) from 1 to 2.
- [Release notes](https://github.com/codespell-project/actions-codespell/releases)
- [Commits](https://github.com/codespell-project/actions-codespell/compare/v1...v2)

---
updated-dependencies:
- dependency-name: codespell-project/actions-codespell
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 5c95721c..48f45070 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
       - name: Check spelling
-        uses: codespell-project/actions-codespell@v1
+        uses: codespell-project/actions-codespell@v2
         with:
           check_filenames: true
           check_hidden: true

From 24cfe38c8d0f1f05919abe884d05ba3bdc802d0a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 15:12:24 +0200
Subject: [PATCH 1162/3949] do not use read-only config in kubernetes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 11fb8137..5ae39d0e 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -39,6 +39,7 @@ sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name:
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
 sed -i 's|\${|{{ .Values.|g' latest.yml
 sed -i 's|}| }}|g' latest.yml
+sed -i '/read_only: true/d' latest.yml
 cat latest.yml
 kompose convert -c -f latest.yml
 cd latest

From 0a3db749712c07214dada98f93ddcaab3cf7493d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 15:21:36 +0200
Subject: [PATCH 1163/3949] Revert "do not use read-only config in kubernetes"

This reverts commit 24cfe38c8d0f1f05919abe884d05ba3bdc802d0a.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 5ae39d0e..11fb8137 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -39,7 +39,6 @@ sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name:
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
 sed -i 's|\${|{{ .Values.|g' latest.yml
 sed -i 's|}| }}|g' latest.yml
-sed -i '/read_only: true/d' latest.yml
 cat latest.yml
 kompose convert -c -f latest.yml
 cd latest

From 2e87b41672c2cb3d3a71baaedf0e12d1e315d1a6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:44:06 +0200
Subject: [PATCH 1164/3949] make clamav read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 php/containers.json          | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e3daab5e..c00aee2a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
     rm /tmp/clamav.conf; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 770 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock
+    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp
 
 VOLUME /var/lib/clamav
 
diff --git a/php/containers.json b/php/containers.json
index 997cd57c..281d7982 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -476,6 +476,12 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/lock",
+        "/var/log/clamav",
+        "/tmp"
       ]
     },
     {

From f520018ce39a935edfa71fb7e447b76baea71f41 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 15:55:01 +0200
Subject: [PATCH 1165/3949] add note to AIO interface that imaginary is
 incompatible with SSE

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e019aab5..3ff5cc37 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -548,9 +548,9 @@
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br><br>
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br><br>
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
                             <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>

From 4492f1780941324e54ef27bd9d9f59132ee366ef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 16:36:48 +0200
Subject: [PATCH 1166/3949] remove r3 from coturn version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1657bada..8bb4a745 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.18-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM coturn/coturn:4.6.2-r3-alpine
+FROM coturn/coturn:4.6.2-alpine
 USER root
 # Pin alpine version manually as long as https://github.com/coturn/coturn/issues/1226 is not done
 ENV ALPINE_VERSION=3.18

From c6f78ed87ca2cfecd38cc78eec13092f7cf11744 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 17:49:08 +0200
Subject: [PATCH 1167/3949] fix emptydir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 11fb8137..2ca573ee 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -115,7 +115,7 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|ne
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/medium: Memory/d" \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: {}|" \{} \; 
+find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083

From b7c5e0b95314ee67631d62b70b9fa794877dcc2c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 20:12:59 +0200
Subject: [PATCH 1168/3949] rp docs - switch order of nginx-proxy-manager and
 nginx-proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 32405cdc..53f42ea2 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -340,21 +340,6 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 </details>
 
-### Nginx-Proxy
-
-<details>
-
-<summary>click here to expand</summary>
-
-Unfortunately it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
-
-If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
-Of course understandable if that is not possible for you.
-
-Apart from that, there is this: [manual-install](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
-
-</details>
-
 ### Nginx-Proxy-Manager
 
 <details>
@@ -384,6 +369,21 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 </details>
 
+### Nginx-Proxy
+
+<details>
+
+<summary>click here to expand</summary>
+
+Unfortunately it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+
+If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
+Of course understandable if that is not possible for you.
+
+Apart from that, there is this: [manual-install](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
+
+</details>
+
 ### Node.js with Express
 
 <details>

From 01ec0cb0c25ff32f7ba4fc1feb8653c11a5f9257 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 21:22:21 +0200
Subject: [PATCH 1169/3949] mastercontainer - disable http3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index 02291694..fd816aa1 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -10,6 +10,10 @@
     log {
         level ERROR
     }
+
+    servers {
+        protocols h1 h2
+    }
 }
 
 http://:80 {

From 9777f7029456577bd5a066f16b301dce5b76dab6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 21:30:56 +0200
Subject: [PATCH 1170/3949] apache - expose udp for http3 to work

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json           | 5 +++++
 php/templates/containers.twig | 2 +-
 readme.md                     | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 281d7982..5686ef6a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -16,6 +16,11 @@
           "ip_binding": "%APACHE_IP_BINDING%",
           "port_number": "%APACHE_PORT%",
           "protocol": "tcp"
+        },
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "udp"
         }
       ],
       "internal_port": "%APACHE_PORT%",
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e019aab5..4a006a81 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -99,7 +99,7 @@
                             <input class="button" type="submit" value="Submit domain" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
                                 If you should not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
diff --git a/readme.md b/readme.md
index 66cd5f3c..3da342ac 100644
--- a/readme.md
+++ b/readme.md
@@ -136,6 +136,7 @@ You can check this on Linux by running: `uname -m`
 ### Which ports are mandatory to be open in your firewall/router?
 Only those (if you access the Mastercontainer Interface internally via port 8080):
 - `443/TCP` for the Apache container
+- `443/UDP` if you want to enable http3 for the Apache container
 - `3478/TCP` and `3478/UDP` for the Talk container
 
 ### Explanation of used ports:
@@ -143,6 +144,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
 - `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
 - `443/TCP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router
+- `443/UDP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router if you want to enable http3
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router
 
 ### How to run AIO on macOS?

From d106673e78452ccd265695dd0180ecc069f6167a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 22:15:15 +0200
Subject: [PATCH 1171/3949] adjust debug steps a bit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 53f42ea2..458bbd8f 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -668,9 +668,9 @@ Afterwards should the AIO interface be accessible via `https://ip.address.of.the
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that you used the docker run command that is described in this reverse proxy documentation. Hint: make sure that you have set the APACHE_PORT during the docker run command!
+1. Make sure that you used the docker run command that is described in this reverse proxy documentation. Hint: make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
-1. Make sure that all ports match the chosen `APACHE_PORT`.
+1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.

From 3538f55fc3829bad65342171a30dcd8d721467ce Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 22:15:55 +0200
Subject: [PATCH 1172/3949] make hint better visible

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 458bbd8f..8ccb1ea3 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -668,7 +668,7 @@ Afterwards should the AIO interface be accessible via `https://ip.address.of.the
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that you used the docker run command that is described in this reverse proxy documentation. Hint: make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
+1. Make sure that you used the docker run command that is described in this reverse proxy documentation.**Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)

From 5e160b1bfe981daac446febc2f6836cabc524d96 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 22:17:43 +0200
Subject: [PATCH 1173/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8ccb1ea3..bfd3cf57 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -668,7 +668,7 @@ Afterwards should the AIO interface be accessible via `https://ip.address.of.the
 ## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that you used the docker run command that is described in this reverse proxy documentation.**Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
+1. Make sure that you used the docker run command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)

From cff1e5a070bce3ab2be1fa014fcf911a83464392 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Jun 2023 22:19:33 +0200
Subject: [PATCH 1174/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index fd816aa1..64b1e8f4 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -12,7 +12,7 @@
     }
 
     servers {
-        protocols h1 h2
+        protocols h1 h2 h2c
     }
 }
 

From efa9b096ce7dadd6da6c759a83c3380f061b2137 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Jun 2023 12:58:54 +0000
Subject: [PATCH 1175/3949] Bump nats from 2.9.18-scratch to 2.9.19-scratch in
 /Containers/talk

Bumps nats from 2.9.18-scratch to 2.9.19-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1657bada..b85c0d5a 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.18-scratch as nats
+FROM nats:2.9.19-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-r3-alpine
 USER root

From 3f3811bd3e3e53a2041ef7ae1d5606d03d33371a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 21 Jun 2023 20:03:05 +0200
Subject: [PATCH 1176/3949] small improvement to files_antivirus settings

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 700cce2c..003ae2c6 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -648,7 +648,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
         php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="104857600"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
     fi
 else

From b7bd7132bdfd56c25a4b766d4aaaa60927c10c0a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 22 Jun 2023 10:28:07 +0000
Subject: [PATCH 1177/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index da408abc..0d582085 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.20-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 26.0.2
+ENV NEXTCLOUD_VERSION 26.0.3
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 42affc7d73c59262dca48f0cb6e222c1591f8723 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Jun 2023 12:31:59 +0200
Subject: [PATCH 1178/3949] add aio-config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/aio.config.php | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 Containers/nextcloud/config/aio.config.php

diff --git a/Containers/nextcloud/config/aio.config.php b/Containers/nextcloud/config/aio.config.php
new file mode 100644
index 00000000..7c80b6ba
--- /dev/null
+++ b/Containers/nextcloud/config/aio.config.php
@@ -0,0 +1,5 @@
+<?php
+$CONFIG = array (
+  'one-click-instance' => true,
+  'one-click-instance.user-limit' => 100,
+);

From c16d15ee19480a1e71fa44283affd8895dd86942 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 22 Jun 2023 12:32:44 +0200
Subject: [PATCH 1179/3949] increase to 6.2.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e019aab5..d2b73185 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.2.0</h1>
+        <h1>Nextcloud AIO v6.2.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d0cae686365409daab32c71b962a7debd8e5262c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Jun 2023 14:53:33 +0200
Subject: [PATCH 1180/3949] remove logrotate advice as it should not be needed
 anymore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/readme.md b/readme.md
index 66cd5f3c..b759095e 100644
--- a/readme.md
+++ b/readme.md
@@ -641,9 +641,6 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
-### Huge docker logs
-When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
-
 ### Access/Edit Nextcloud files/folders manually
 The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
 

From 020e3d6cb64ef39fd1f41872bcb6de28bbbbfb8b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 24 Jun 2023 13:59:09 +0200
Subject: [PATCH 1181/3949] add back instructions about huge docker logs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index b759095e..0b48844c 100644
--- a/readme.md
+++ b/readme.md
@@ -641,6 +641,9 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
+### Huge docker logs
+If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.
+
 ### Access/Edit Nextcloud files/folders manually
 The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
 

From 4ed373636de53a006fdf1fdc983f88cc6291f300 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 24 Jun 2023 14:09:57 +0200
Subject: [PATCH 1182/3949] add comment what level 30 and debug-level 3 means

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh | 1 +
 Containers/talk/supervisord.conf   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 907e1f82..9b030438 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -14,6 +14,7 @@ fi
 
 cat << RECORDING_CONF > "/etc/recording.conf"
 [logs]
+# 30 means Warning
 level = 30
 
 [http]
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 7b073012..422f1b2d 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,6 +27,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
+# debug-level 3 means warning
 command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
 
 [program:signaling]

From 66452b40ffb6a80257f6e7d4bf8cb0db98b7f950 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Jun 2023 00:57:50 +0200
Subject: [PATCH 1183/3949] add logging in case disk space is low and thus
 login might fail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Auth/AuthManager.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index 5ee6c267..88bdab10 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -28,6 +28,12 @@ class AuthManager {
             $date = new DateTime();
             $dateTime = $date->getTimestamp();
             $_SESSION['date_time'] = $dateTime;
+
+            $df = disk_free_space(DataConst::GetSessionDirectory());
+            if ($df !== false && (int)$df < 10240) {
+                error_log(DataConst::GetSessionDirectory() . " has only less than 10KB free space. The login might not succeed because of that!");
+            }
+
             file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
         }
 

From 463a6953261be68de8a26d522afc0999499dfcda Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 25 Jun 2023 01:27:44 +0200
Subject: [PATCH 1184/3949] add low-on-space notification

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh  |  3 +++
 php/src/Cron/CheckFreeDiskSpace.php | 26 ++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 php/src/Cron/CheckFreeDiskSpace.php

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 384b1604..60fd4f2c 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -57,6 +57,9 @@ while true; do
     # Remove dangling images
     sudo -u www-data docker image prune --force
 
+    # Check for available free space
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
+
     # Remove mastercontainer from default bridge network
     if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
         sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
diff --git a/php/src/Cron/CheckFreeDiskSpace.php b/php/src/Cron/CheckFreeDiskSpace.php
new file mode 100644
index 00000000..b8fffe27
--- /dev/null
+++ b/php/src/Cron/CheckFreeDiskSpace.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+use AIO\Data\DataConst;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$df = disk_free_space(DataConst::GetDataDirectory());
+if ($df !== false && (int)$df < 1024 * 1024 * 1024 * 5) {
+    error_log("The drive that hosts all docker volumes has less than 5 GB free space. Container updates and backups might not succeed due to that!");
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts all docker volumes has less than 5 GB free space. Container updates and backups might not succeed due to that!');
+}

From 998e7f07d23ac32c6139d71488832b14f1725257 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 25 Jun 2023 12:02:30 +0000
Subject: [PATCH 1185/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 0bf98aa8..d25f0c9b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -5,6 +5,7 @@ services:
       - nextcloud-aio-collabora
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
+      - nextcloud-aio-notify-push
     image: nextcloud/aio-apache:latest
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
@@ -18,6 +19,7 @@ services:
       - TZ=${TIMEZONE}
       - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -55,7 +57,6 @@ services:
     image: nextcloud/aio-nextcloud:latest
     expose:
       - "9000"
-      - "7867"
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
@@ -107,6 +108,26 @@ services:
     networks:
       - nextcloud-aio
 
+  nextcloud-aio-notify-push:
+    image: nextcloud/aio-notify-push:latest
+    expose:
+      - "7867"
+    volumes:
+      - nextcloud_aio_nextcloud:/nextcloud:ro
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+    read_only: true
+
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:latest
     expose:
@@ -189,6 +210,11 @@ services:
       - clamav
     networks:
       - nextcloud-aio
+    read_only: true
+    tmpfs:
+      - /var/lock
+      - /var/log/clamav
+      - /tmp
 
   nextcloud-aio-onlyoffice:
     image: nextcloud/aio-onlyoffice:latest
@@ -220,6 +246,7 @@ services:
       - imaginary
     networks:
       - nextcloud-aio
+    read_only: true
 
   nextcloud-aio-fulltextsearch:
     image: nextcloud/aio-fulltextsearch:latest

From 4e8ce65e023037d24f9a7c9ffffd28651dac338a Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 25 Jun 2023 12:03:06 +0000
Subject: [PATCH 1186/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index dce202e8..25a2ecef 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.4-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.0.0
+ENV RECORDING_VERSION v17.0.1
 
 RUN set -ex; \
     apk add --no-cache \

From 52b3281ad80c45a5fe076b45c0876cfacefd2318 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 00:16:10 +0200
Subject: [PATCH 1187/3949] add last note regarding that one can add further
 storages to backup later on

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0b48844c..981b7823 100644
--- a/readme.md
+++ b/readme.md
@@ -589,7 +589,7 @@ After using this option, please make sure to apply the correct permissions to th
 
 You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
 
-Be aware though that these locations will not be covered by the built-in backup solution!
+Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 
 **Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 

From 68d95af47d1356d68cf0aa5587d51af03697bf3f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 00:56:08 +0200
Subject: [PATCH 1188/3949] disable watchtower pulling for containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile         | 2 +-
 Containers/borgbackup/Dockerfile     | 2 +-
 Containers/clamav/Dockerfile         | 2 +-
 Containers/collabora/Dockerfile      | 2 +-
 Containers/domaincheck/Dockerfile    | 2 +-
 Containers/fulltextsearch/Dockerfile | 2 +-
 Containers/imaginary/Dockerfile      | 4 ++--
 Containers/nextcloud/Dockerfile      | 2 +-
 Containers/notify-push/Dockerfile    | 2 +-
 Containers/onlyoffice/Dockerfile     | 2 +-
 Containers/postgresql/Dockerfile     | 2 +-
 Containers/redis/Dockerfile          | 2 +-
 Containers/talk-recording/Dockerfile | 2 +-
 Containers/talk/Dockerfile           | 2 +-
 Containers/watchtower/Dockerfile     | 2 +-
 15 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index fc8a391f..1da212bd 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -71,4 +71,4 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 8e3a65a0..60621079 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -18,5 +18,5 @@ COPY --chmod=770 *.sh /
 ENTRYPOINT ["/start.sh"]
 USER root
 
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c00aee2a..9664edd9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -15,4 +15,4 @@ VOLUME /var/lib/clamav
 
 USER clamav
 
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 312a121b..88cda12c 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -16,4 +16,4 @@ RUN set -ex; \
 USER 100
 
 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 4c4e33e8..fd4e6779 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -14,4 +14,4 @@ USER www-data
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 65a772c0..fd4c18dc 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -16,4 +16,4 @@ RUN set -ex; \
 USER 1000:0
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4850d0bd..7ef0035f 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.20.5-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 RUN set -ex; \
     apk add --no-cache \
@@ -35,4 +35,4 @@ ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
 
 HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0d582085..7b0902c4 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -223,4 +223,4 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index cc6ac3c0..047c911d 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -18,4 +18,4 @@ USER 33
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost 7867 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 9f6196d7..2c624541 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -4,4 +4,4 @@ FROM onlyoffice/documentserver:7.4.0.1
 # USER root is probably used
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 51590246..4e62f112 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -37,4 +37,4 @@ USER postgres
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 12c1c0d4..38b70064 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -13,4 +13,4 @@ USER redis
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index dce202e8..a49d1dba 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -43,4 +43,4 @@ ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/etc/recording.conf"]
 
 HEALTHCHECK CMD nc -z localhost 1234 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1657bada..bea99102 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -71,4 +71,4 @@ ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 113d8bfc..bb9e8bb4 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -11,4 +11,4 @@ COPY --chmod=775 start.sh /start.sh
 USER root
 
 ENTRYPOINT ["/start.sh"]
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
+LABEL com.centurylinklabs.watchtower.enable="false"

From 921952c0421dd7c48016e6ed83824c52eb9022d6 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 26 Jun 2023 10:27:30 +0000
Subject: [PATCH 1189/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      |  4 +-
 .../nextcloud-aio-clamav-deployment.yaml      | 23 ++++++-
 .../nextcloud-aio-collabora-deployment.yaml   |  2 +-
 .../nextcloud-aio-database-deployment.yaml    |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  3 +-
 .../nextcloud-aio-nextcloud-service.yaml      |  3 -
 .../nextcloud-aio-notify-push-deployment.yaml | 63 +++++++++++++++++++
 .../nextcloud-aio-notify-push-service.yaml    | 16 +++++
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        |  2 +-
 ...xtcloud-aio-talk-recording-deployment.yaml |  2 +-
 nextcloud-aio-helm-chart/values.yaml          |  1 +
 16 files changed, 115 insertions(+), 16 deletions(-)
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 29465b3b..5a3378c3 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.1.1
+version: 6.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 97b233f2..4b4b8104 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -48,13 +48,15 @@ spec:
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
+            - name: NOTIFY_PUSH_HOST
+              value: nextcloud-aio-notify-push
             - name: ONLYOFFICE_HOST
               value: nextcloud-aio-onlyoffice
             - name: TALK_HOST
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230613_120442-latest
+          image: nextcloud/aio-apache:20230626_101439-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 03999b7c..7e70fbbb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -29,7 +29,16 @@ spec:
             - chmod
             - "777"
             - /nextcloud-aio-clamav
+            - /nextcloud-aio-clamav-tmpfs0
+            - /nextcloud-aio-clamav-tmpfs1
+            - /nextcloud-aio-clamav-tmpfs2
           volumeMounts:
+            - name: nextcloud-aio-clamav-tmpfs2
+              mountPath: /nextcloud-aio-clamav-tmpfs2
+            - name: nextcloud-aio-clamav-tmpfs1
+              mountPath: /nextcloud-aio-clamav-tmpfs1
+            - name: nextcloud-aio-clamav-tmpfs0
+              mountPath: /nextcloud-aio-clamav-tmpfs0
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
       containers:
@@ -38,15 +47,27 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230613_120442-latest
+          image: nextcloud/aio-clamav:20230626_101439-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
           volumeMounts:
             - mountPath: /var/lib/clamav
               name: nextcloud-aio-clamav
+            - mountPath: /var/lock
+              name: nextcloud-aio-clamav-tmpfs0
+            - mountPath: /var/log/clamav
+              name: nextcloud-aio-clamav-tmpfs1
+            - mountPath: /tmp
+              name: nextcloud-aio-clamav-tmpfs2
       volumes:
         - name: nextcloud-aio-clamav
           persistentVolumeClaim:
             claimName: nextcloud-aio-clamav
+        - emptyDir: {}
+          name: nextcloud-aio-clamav-tmpfs0
+        - emptyDir: {}
+          name: nextcloud-aio-clamav-tmpfs1
+        - emptyDir: {}
+          name: nextcloud-aio-clamav-tmpfs2
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 31583c3d..1c6fccbd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230613_120442-latest
+          image: nextcloud/aio-collabora:20230626_101439-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 7ecbd146..eff50ee6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230613_120442-latest
+          image: nextcloud/aio-postgresql:20230626_101439-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 6c7aab94..99ca8d78 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230613_120442-latest
+          image: nextcloud/aio-fulltextsearch:20230626_101439-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6c616071..661eab83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230613_120442-latest
+          image: nextcloud/aio-imaginary:20230626_101439-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 391e3405..a1352fab 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -116,11 +116,10 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230613_120442-latest
+          image: nextcloud/aio-nextcloud:20230626_101439-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
-            - containerPort: 7867
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 36053808..a5de6eef 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -12,8 +12,5 @@ spec:
     - name: "9000"
       port: 9000
       targetPort: 9000
-    - name: "7867"
-      port: 7867
-      targetPort: 7867
   selector:
     io.kompose.service: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
new file mode 100755
index 00000000..67d50d18
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-notify-push
+  name: nextcloud-aio-notify-push
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-notify-push
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-notify-push
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-nextcloud
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
+      containers:
+        - env:
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: NEXTCLOUD_HOST
+              value: nextcloud-aio-nextcloud
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: REDIS_HOST
+              value: nextcloud-aio-redis
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+          image: nextcloud/aio-notify-push:20230626_101439-latest
+          name: nextcloud-aio-notify-push
+          ports:
+            - containerPort: 7867
+          volumeMounts:
+            - mountPath: /nextcloud
+              name: nextcloud-aio-nextcloud
+              readOnly: true
+      volumes:
+        - name: nextcloud-aio-nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
new file mode 100755
index 00000000..6a7d17dd
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-notify-push
+  name: nextcloud-aio-notify-push
+spec:
+  ports:
+    - name: "7867"
+      port: 7867
+      targetPort: 7867
+  selector:
+    io.kompose.service: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 331e6f8f..33536e82 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230613_120442-latest
+          image: nextcloud/aio-onlyoffice:20230626_101439-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index ca338b69..3661e408 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230613_120442-latest
+          image: nextcloud/aio-redis:20230626_101439-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 8bf34751..b2c47c6e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230613_120442-latest
+          image: nextcloud/aio-talk:20230626_101439-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 340acf83..8b8a671f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230613_120442-latest
+          image: nextcloud/aio-talk-recording:20230626_101439-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 4e2ab3a0..06e59ff7 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -31,6 +31,7 @@ NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to auto
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value

From 2a83c57425da2c35cc95d2f9d22a9442c8f559c4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 12:45:29 +0200
Subject: [PATCH 1190/3949] fix psalm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 65e55a0a..6deb308d 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -48,7 +48,7 @@ class ContainerDefinitionFetcher
         if (!$validator->isValid()) {
             error_log("JSON does not validate. Violations:");
             foreach ($validator->getErrors() as $error) {
-                error_log(printf("[%s] %s\n", $error['property'], $error['message']));
+                error_log((string)printf("[%s] %s\n", $error['property'], $error['message']));
             }
         }
     }

From 161c967679504f58c90daa3357545ad5cc845f9e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:10:27 +0000
Subject: [PATCH 1191/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 7ef0035f..c2ea6b9f 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.20.5-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 
 RUN set -ex; \
     apk add --no-cache \

From 53ef726114c6b3197ebe7bfa4ef33c0a44199878 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:10:47 +0000
Subject: [PATCH 1192/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index d25f0c9b..10ac15c5 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -9,6 +9,7 @@ services:
     image: nextcloud/aio-apache:latest
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud

From 9e26e2482051ed29978c4a173b29efefcf575eef Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 17 Jun 2023 06:52:30 +0000
Subject: [PATCH 1193/3949] show AIO password

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js      | 6 ++++++
 php/templates/login.twig | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 28c46a77..b3896469 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -39,6 +39,12 @@
     document.getElementById('overlay').classList.remove('loading');
   }
 
+  function mirrorPassword() {
+    var Password = document.getElementById("Password");
+    var mirroredPassword = document.getElementById("mirroredPassword");
+    mirroredPassword.innerText = Password.value;
+  }
+
   function initForm(form) {
     function submit(event)
     {
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 5659c4db..674b8b2e 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -8,9 +8,10 @@
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
-                    <input type="text" autocomplete="off" name="password" placeholder="Password" />
+                    <input name="password" placeholder="Password" autocomplete="on" type="password" wfd-id="id0" id="Password" oninput="mirrorPassword()">
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                    <a>Password: </a><a id="mirroredPassword"></a><br><br>
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}

From ae1d14dbc53144afcc64450ca2459d0e16a8733a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 17 Jun 2023 08:57:06 +0200
Subject: [PATCH 1194/3949] reorder options

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/login.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 674b8b2e..447ef0e9 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -8,7 +8,7 @@
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
-                    <input name="password" placeholder="Password" autocomplete="on" type="password" wfd-id="id0" id="Password" oninput="mirrorPassword()">
+                    <input type="password" autocomplete="on" name="password" placeholder="Password" wfd-id="id0" id="Password" oninput="mirrorPassword()">
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                     <a>Password: </a><a id="mirroredPassword"></a><br><br>

From e8ed7aa236e301f356c2523b9f5cc0b3afcd789a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 24 Jun 2023 02:29:09 +0200
Subject: [PATCH 1195/3949] Update forms.js

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index b3896469..c3cd3c85 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -39,10 +39,13 @@
     document.getElementById('overlay').classList.remove('loading');
   }
 
-  function mirrorPassword() {
+  function showPassword() {
     var Password = document.getElementById("Password");
-    var mirroredPassword = document.getElementById("mirroredPassword");
-    mirroredPassword.innerText = Password.value;
+    if (Password.value !== "" && x.type === "password") {
+      Password.type = "text";
+    } else {
+      Password.type = "password";
+    }
   }
 
   function initForm(form) {

From a77df43dff9a6da562c0530e8eaabb1f783e3b25 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 24 Jun 2023 02:31:03 +0200
Subject: [PATCH 1196/3949] update

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/login.twig | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 447ef0e9..b8418f0e 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -8,10 +8,9 @@
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
-                    <input type="password" autocomplete="on" name="password" placeholder="Password" wfd-id="id0" id="Password" oninput="mirrorPassword()">
+                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" wfd-id="id0" id="Password" oninput="showPassword()">
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                    <a>Password: </a><a id="mirroredPassword"></a><br><br>
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}

From f8d02440c18935b151bcca105f42333e3e9441b1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 24 Jun 2023 02:33:01 +0200
Subject: [PATCH 1197/3949] fix js

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index c3cd3c85..04fa4b0a 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -41,7 +41,7 @@
 
   function showPassword() {
     var Password = document.getElementById("Password");
-    if (Password.value !== "" && x.type === "password") {
+    if (Password.value !== "" && Password.type === "password") {
       Password.type = "text";
     } else {
       Password.type = "password";

From 13a9b9beafd00e176accd985e3b1c73ead1c10e4 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 25 Jun 2023 17:04:00 +0200
Subject: [PATCH 1198/3949] Update containers.twig

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2e8e5d52..04a3aa68 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -509,8 +509,8 @@
                                 <summary>Click here to change your AIO password</summary><br />
                                 You can change your AIO password below:<br><br />
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
-                                    <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
+                                    <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password" id="current-master-password" oninput="showPassword('current-master-password')">
+                                    <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password" id="new-master-password" oninput="showPassword('new-master-password')">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input class="button" type="submit" value="Submit password change" />

From 203b7cb3fc2e38045657d970cf7797d8ffb20e13 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 12:26:48 +0200
Subject: [PATCH 1199/3949] Update php/templates/login.twig

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/login.twig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index b8418f0e..2b9c8af3 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -8,7 +8,8 @@
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
-                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" wfd-id="id0" id="Password" oninput="showPassword()">
+                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="passwordInput" oninput="showPassword('passwordInput')">
+
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                     <input type="submit" class="button" value="Log in" />

From 620c72de23dce326e110557d3d8f9d22e6e5965c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 12:26:56 +0200
Subject: [PATCH 1200/3949] Update php/public/forms.js

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 04fa4b0a..940e4ee3 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -39,12 +39,12 @@
     document.getElementById('overlay').classList.remove('loading');
   }
 
-  function showPassword() {
-    var Password = document.getElementById("Password");
-    if (Password.value !== "" && Password.type === "password") {
-      Password.type = "text";
-    } else {
-      Password.type = "password";
+  function showPassword(id) {
+    let passwordField = document.getElementById(id);
+    if (passwordField.value !== "" && passwordField.type !== "text") {
+      passwordField.type = "text";
+    } else if (passwordField.value === "" && passwordField.type !== "password") {
+      passwordField.type = "password";
     }
   }
 

From 2b5d3de48e281c10138924015a150fae25604dc8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 14:48:02 +0200
Subject: [PATCH 1201/3949] adjust wording

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Cron/CheckFreeDiskSpace.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Cron/CheckFreeDiskSpace.php b/php/src/Cron/CheckFreeDiskSpace.php
index b8fffe27..b462195e 100644
--- a/php/src/Cron/CheckFreeDiskSpace.php
+++ b/php/src/Cron/CheckFreeDiskSpace.php
@@ -21,6 +21,6 @@ $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 
 $df = disk_free_space(DataConst::GetDataDirectory());
 if ($df !== false && (int)$df < 1024 * 1024 * 1024 * 5) {
-    error_log("The drive that hosts all docker volumes has less than 5 GB free space. Container updates and backups might not succeed due to that!");
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts all docker volumes has less than 5 GB free space. Container updates and backups might not succeed due to that!');
+    error_log("The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!");
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!');
 }

From 581b125ea60e15578aca2d9399863d6d957d2460 Mon Sep 17 00:00:00 2001
From: 41it <137164547+41it@users.noreply.github.com>
Date: Tue, 20 Jun 2023 11:47:33 +0200
Subject: [PATCH 1202/3949] Update migration.md

Added hint to install same apps on new installation.

Signed-off-by: 41it <137164547+41it@users.noreply.github.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index f57b4601..cddab398 100644
--- a/migration.md
+++ b/migration.md
@@ -56,7 +56,7 @@ The procedure for migrating the files and the database works like this:
     ```
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`.
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Add all apps to the new installation that are installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.

From 4d2d66a7d1671a795ebb4d897f1faea2b2756719 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 14:52:47 +0200
Subject: [PATCH 1203/3949] adjust an additional point and wording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 migration.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration.md b/migration.md
index cddab398..fbe8f3d1 100644
--- a/migration.md
+++ b/migration.md
@@ -24,7 +24,7 @@ The procedure for migrating only the files works like this:
 
 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
-1. Take a backup of your former instance (especially from your datadirectory and database)
+1. First, on the old instance, update all Nextcloud apps to its latest version via the app management site (important for the restore later on). Then take a backup of your former instance (especially from your datadirectory and database).
 1. If your former installation didn't use Postgresql already, you will now need to convert your old installation to use Postgresql as database temporarily (in order to be able to perform a pg_dump afterwards):
     1. Install Postgresql on your former installation: on a Debian based OS should the following command work:
         ```
@@ -56,7 +56,7 @@ The procedure for migrating the files and the database works like this:
     ```
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Add all apps to the new installation that are installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.

From 1ba0f1b7a3b9be5f456ee3a192c65cb90fc3ab56 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 15:12:01 +0200
Subject: [PATCH 1204/3949] Update php/templates/login.twig

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/login.twig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 2b9c8af3..0b515d25 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -8,7 +8,8 @@
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
-                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="passwordInput" oninput="showPassword('passwordInput')">
+                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
+
 
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From 559101a3089c2a9592eccbfb57c0434459178805 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 15:13:14 +0200
Subject: [PATCH 1205/3949] Update php/templates/login.twig

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/login.twig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 0b515d25..4ddd1257 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -10,7 +10,6 @@
                 <form method="POST" action="/api/auth/login" class="xhr">
                     <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
 
-
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                     <input type="submit" class="button" value="Log in" />

From dfe6bd5ff0e6b775eb77081661d143b1d6eeecef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 15:14:33 +0200
Subject: [PATCH 1206/3949] revert adjustment of tempdirectory

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 003ae2c6..3995ed3e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -444,12 +444,14 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
         exit 1
     fi
 
-    # Configure tempdirectory
-    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
-    if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
-        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
+    # Delete formerly configured tempdirectory as the default is usually faster (if the datadir is on a HDD or network FS)
+    if [ "$(php /var/www/html/occ config:system:get tempdirectory)" = "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
+        php /var/www/html/occ config:system:delete tempdirectory
+        if [ -d "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
+            rm -r "$NEXTCLOUD_DATA_DIR/tmp/"
+        fi
     fi
-    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
+
 fi
 
 # Perform fingerprint update if instance was restored

From 48ee5774b7e195b19841fc748ab4fb232790173d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 15:56:38 +0200
Subject: [PATCH 1207/3949] rework notify-push in order to export values as env

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 8d10e097..c20b9c0d 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -27,12 +27,14 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
     export CPU_ARCH="aarch64"
 fi
 
+# Set sensitive values as env
+export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
+
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --database-prefix="oc_" \
     --nextcloud-url "https://$NC_DOMAIN" \
-    --port 7867 \
-    --redis-url "redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST" \
-    --database-url "postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+    --port 7867
 
 exec "$@"

From cc9dbc9590ecebac0a3c33febad33187084a82cd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:06:14 +0200
Subject: [PATCH 1208/3949] make domaincheck container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/domaincheck/Dockerfile | 7 ++++---
 Containers/domaincheck/start.sh   | 2 +-
 php/containers.json               | 7 ++++++-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index fd4e6779..360cc3d7 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -3,10 +3,11 @@ RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
     rm -rf /etc/lighttpd/lighttpd.conf; \
-    chmod +r -R /etc/lighttpd; \
+    chmod 777 -R /etc/lighttpd; \
     mkdir -p /var/www/domaincheck; \
-    chown www-data:www-data -R /var/www
-COPY --chown=www-data:www-data lighttpd.conf /etc/lighttpd/lighttpd.conf
+    chown www-data:www-data -R /var/www; \
+    chmod 777 -R /var/www/domaincheck
+COPY --chown=www-data:www-data lighttpd.conf /lighttpd.conf
 
 COPY --chmod=775 start.sh /start.sh
 
diff --git a/Containers/domaincheck/start.sh b/Containers/domaincheck/start.sh
index d9186030..06c0aef2 100644
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,7 +11,7 @@ if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"
 fi
 
-CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 
 # Check config file
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..dfeb8350 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -454,7 +454,12 @@
       "secrets": [
         "INSTANCE_ID"
       ],
-      "stop_grace_period": 1
+      "stop_grace_period": 1,
+      "read_only": true,
+      "tmpfs": [
+        "/etc/lighttpd",
+        "/var/www/domaincheck"
+      ]
     },
     {
       "container_name": "nextcloud-aio-clamav",

From 9fddad59b578aa9d76474862599fc3f667417449 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:31:32 +0200
Subject: [PATCH 1209/3949] make postgresql container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 1 +
 php/containers.json              | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 4e62f112..c002789d 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -22,6 +22,7 @@ RUN set -ex; \
 # Fix default permissions
     chown -R postgres:postgres /var/lib/postgresql; \
     chown -R postgres:postgres /var/run/postgresql; \
+    chmod -R 777 /var/run/postgresql; \
     chown -R postgres:postgres "$PGDATA"; \
     \
     mkdir /mnt/data; \
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..79c08fe3 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -96,6 +96,10 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/run/postgresql"
       ]
     },
     {

From e02a16c6802bc153e33b1f7d912a679b7b21ca8a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 17:11:51 +0200
Subject: [PATCH 1210/3949] adjust wording for backup time

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2e8e5d52..3219adc2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -468,7 +468,7 @@
                                             {% if automatic_updates == true %}
                                                 Also your containers, the mastercontainer and on saturdays your Nextcloud apps will be automatically updated. 
                                             {% endif %}
-                                            You can disable this option again by clicking on the button below.<br><br/>
+                                            To change your backup time, first disable Daily Backups and then re-enable them with your new backup time.<br><br/>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">

From dd02dc82a5fe8a45b6598a6e4399ba99883534bb Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 17:42:33 +0200
Subject: [PATCH 1211/3949] Update php/public/forms.js

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 940e4ee3..52c72b92 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -41,7 +41,7 @@
 
   function showPassword(id) {
     let passwordField = document.getElementById(id);
-    if (passwordField.value !== "" && passwordField.type !== "text") {
+    if (passwordField.type === "password" && passwordField.value !== "") {
       passwordField.type = "text";
     } else if (passwordField.value === "" && passwordField.type !== "password") {
       passwordField.type = "password";

From a5a1ea504a656894d8b474752cadbaff8eaa3043 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 26 Jun 2023 17:42:46 +0200
Subject: [PATCH 1212/3949] Update php/public/forms.js

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/public/forms.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index 52c72b92..dde9a1ef 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -43,7 +43,7 @@
     let passwordField = document.getElementById(id);
     if (passwordField.type === "password" && passwordField.value !== "") {
       passwordField.type = "text";
-    } else if (passwordField.value === "" && passwordField.type !== "password") {
+    } else if (passwordField.type === "text" && passwordField.value === "") {
       passwordField.type = "password";
     }
   }

From 671edeb1d14b69862df026df77e3adae6a86637b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:55:28 +0200
Subject: [PATCH 1213/3949] make collabora container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 4 +++-
 php/containers.json             | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 88cda12c..6fda2a06 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,7 +11,9 @@ RUN set -ex; \
         tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    mkdir -p /opt/cool/child-roots; \
+    chmod 777 -R /opt/cool/child-roots
 
 USER 100
 
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..ea598170 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -290,6 +290,10 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/opt/cool/child-roots"
       ]
     },
     {

From 182f24bb4c660e362d5738e8303e756ca45e3156 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 17:09:41 +0200
Subject: [PATCH 1214/3949] allow hyphens

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 84343317..df828f5e 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/_]+$"
+							"pattern": "^/[a-z/_-]+$"
 						}
 					},
 					"volumes": {

From ab5449f835d33ac5dfa86cb8151f6f4ca26d8b15 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 18:11:00 +0200
Subject: [PATCH 1215/3949] make talk container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile       | 13 +++++++------
 Containers/talk/start.sh         |  4 ++--
 Containers/talk/supervisord.conf |  4 ++--
 php/containers.json              |  6 ++++++
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 098ac340..2b15fc23 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -44,12 +44,11 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
     touch \
-        /etc/nats.conf \
-        /etc/signaling.conf \
-        /etc/turnserver.conf; \
+        /etc/nats.conf; \
     echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
     mkdir -p \
         /var/tmp \
+        /conf \
         /var/lib/turn \
         /var/log/supervisord \
         /var/run/supervisord; \
@@ -57,11 +56,13 @@ RUN set -ex; \
         /usr \
         /etc/janus \
         /etc/nats.conf \
-        /etc/signaling.conf \
-        /etc/turnserver.conf \
         /var/lib/turn \
         /var/log/supervisord \
-        /var/run/supervisord;
+        /var/run/supervisord; \
+    chmod 777 -R \
+        /conf \
+        /var/run/supervisord \
+        /var/log/supervisord;
 
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index fc0ca93b..f06d7c3a 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -20,7 +20,7 @@ IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
 set +x
 
 # Turn
-cat << TURN_CONF > "/etc/turnserver.conf"
+cat << TURN_CONF > "/conf/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
 use-auth-secret
@@ -54,7 +54,7 @@ denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling.conf"
+cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
 
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 422f1b2d..5b43ed41 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver -c /etc/turnserver.conf
+command=turnserver -c /conf/turnserver.conf
 
 [program:nats-server]
 stdout_logfile=/dev/stdout
@@ -35,4 +35,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nextcloud-spreed-signaling -config /etc/signaling.conf
+command=nextcloud-spreed-signaling -config /conf/signaling.conf
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..56749894 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -332,6 +332,12 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/log/supervisord",
+        "/var/run/supervisord",
+        "/conf"
       ]
     },
     {

From 5189f0cd51f38e461122aad87101654f8a9ba8c3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 18:18:26 +0200
Subject: [PATCH 1216/3949] make talk-recording read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 5 ++++-
 Containers/talk-recording/start.sh   | 2 +-
 php/containers.json                  | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 04a67ba3..37959745 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -31,6 +31,9 @@ RUN set -ex; \
     touch /etc/recording.conf; \
     chown recording:recording -R \
         /tmp /etc/recording.conf; \
+    mkdir -p /conf; \
+    chmod 777 /conf; \
+    chmod 777 /tmp; \
     apk del --no-cache \
         git \
         wget \
@@ -40,7 +43,7 @@ RUN set -ex; \
 WORKDIR /tmp
 USER recording
 ENTRYPOINT ["/start.sh"]
-CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/etc/recording.conf"]
+CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
 HEALTHCHECK CMD nc -z localhost 1234 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 9b030438..9f0fc7f1 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -12,7 +12,7 @@ elif [ -z "$INTERNAL_SECRET" ]; then
     exit 1
 fi
 
-cat << RECORDING_CONF > "/etc/recording.conf"
+cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
 level = 30
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..6b753a0a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -359,6 +359,11 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/tmp",
+        "/conf"
       ]
     },
     {

From 84ad270e452bc6a42c80813a00d4f393b51a5a2f Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 27 Jun 2023 04:08:48 +0000
Subject: [PATCH 1217/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index a9d5fb25..fd0332f2 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.12.0@f90118cdeacd0088e7215e64c0c99ceca819e176"/>
+<files psalm-version="5.13.0@a0a9c27630bcf8301ee78cb06741d2907d8c9fef"/>

From 2dfab2941bf12fad53045c236bcbb6842c5d3948 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 27 Jun 2023 11:51:53 +0200
Subject: [PATCH 1218/3949] adjust a few things

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile |  2 +-
 Containers/nextcloud/entrypoint.sh   |  2 +-
 php/containers.json                  | 21 ++++++++++++---------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 0130c3b4..b76277c2 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.7.1
+FROM elasticsearch:8.8.0
 
 USER root
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index cb6e3a9b..446dab30 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -677,7 +677,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$ELASTIC_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/php/containers.json b/php/containers.json
index 40cb0eca..756b0809 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -113,7 +113,8 @@
         "REDIS_PASSWORD",
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
-        "SIGNALING_SECRET"
+        "SIGNALING_SECRET",
+        "ELASTIC_PASSWORD"
       ],
       "volumes": [
         {
@@ -180,7 +181,8 @@
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording"
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
+        "ELASTIC_PASSWORD=%ELASTIC_PASSWORD%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -501,16 +503,14 @@
       "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
-        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M -Des.enforce.bootstrap.checks=true",
-        "xpack.license.self_generated.type=basic",
-        "xpack.security.enabled=false",
-        "xpack.watcher.enabled=false",
-        "xpack.graph.enabled=false",
-        "xpack.ml.enabled=false",
+        "ELASTIC_PASSWORD=%ELASTIC_PASSWORD%",
+        "ES_JAVA_OPTS=-Xms512M -Xmx512M -Des.enforce.bootstrap.checks=true",
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
-        "thread_pool.write.queue_size=1000"
+        "http.port=9200",
+        "xpack.license.self_generated.type=basic",
+        "xpack.security.enabled=false"
       ],
       "volumes": [
         {
@@ -525,6 +525,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "secrets": [
+        "ELASTIC_PASSWORD"
       ]
     }
   ]

From dedc25dc514436d98dba150a34e380ba8d2316f8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 27 Jun 2023 11:53:06 +0200
Subject: [PATCH 1219/3949] some more adjustments

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 756b0809..b66d4612 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -504,10 +504,11 @@
         "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
         "ELASTIC_PASSWORD=%ELASTIC_PASSWORD%",
-        "ES_JAVA_OPTS=-Xms512M -Xmx512M -Des.enforce.bootstrap.checks=true",
+        "ES_JAVA_OPTS=-Xms512M -Xmx512M",
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
+        "logger.org.elasticsearch.discovery=WARN",
         "http.port=9200",
         "xpack.license.self_generated.type=basic",
         "xpack.security.enabled=false"

From 443fb67465d504dcf72beb4c5897c8477c6f12c2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 27 Jun 2023 11:56:54 +0200
Subject: [PATCH 1220/3949] adjust detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 php/containers.json                | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 446dab30..6ca3004a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -677,7 +677,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$ELASTIC_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/php/containers.json b/php/containers.json
index b66d4612..b87ee337 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -114,7 +114,7 @@
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
         "SIGNALING_SECRET",
-        "ELASTIC_PASSWORD"
+        "FULLTEXTSEARCH_PASSWORD"
       ],
       "volumes": [
         {
@@ -182,7 +182,7 @@
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
         "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
-        "ELASTIC_PASSWORD=%ELASTIC_PASSWORD%"
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -503,7 +503,7 @@
       "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
-        "ELASTIC_PASSWORD=%ELASTIC_PASSWORD%",
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "ES_JAVA_OPTS=-Xms512M -Xmx512M",
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
@@ -528,7 +528,7 @@
         "nextcloud-aio"
       ],
       "secrets": [
-        "ELASTIC_PASSWORD"
+        "FULLTEXTSEARCH_PASSWORD"
       ]
     }
   ]

From 47661ec3ea2c07a28249a7ce1b6fe6effdba04cc Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 28 Jun 2023 04:09:21 +0000
Subject: [PATCH 1221/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index fd0332f2..51b41ef5 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.13.0@a0a9c27630bcf8301ee78cb06741d2907d8c9fef"/>
+<files psalm-version="5.13.1@086b94371304750d1c673315321a55d15fc59015"/>

From 8b55ed5826911e7f3393fe5b93b9ca90b98ea2a3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Jun 2023 12:59:09 +0000
Subject: [PATCH 1222/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.0.5.1 to 23.05.1.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 88cda12c..47575e36 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.0.5.1
+FROM collabora/code:23.05.1.2.1
 
 USER root
 

From 5cb1d88238f402ae20c07f8207cfc933e74f801e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=7C=C2=B0=5F=C2=B0=7C?= <grivel.theo@protonmail.com>
Date: Thu, 29 Jun 2023 23:46:41 +0200
Subject: [PATCH 1223/3949] docs: misspelling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

sed -i \
's/envorinmental/environment/g' \
$(find . -type f)

Signed-off-by: |°_°| <grivel.theo@protonmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index bfd3cf57..0a025f95 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -642,7 +642,7 @@ Simply translate the docker run command into a docker-compose file. You can have
 
 ## 3. Limit the access to the apache container
 
-Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
+Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!

From 25f9f99ed9e31909f108f11a8ab732345467bf20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Jun 2023 12:13:12 +0000
Subject: [PATCH 1224/3949] Bump php-di/slim-bridge from 3.3.0 to 3.4.0 in /php

Bumps [php-di/slim-bridge](https://github.com/PHP-DI/Slim-Bridge) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/PHP-DI/Slim-Bridge/releases)
- [Commits](https://github.com/PHP-DI/Slim-Bridge/compare/3.3.0...3.4.0)

---
updated-dependencies:
- dependency-name: php-di/slim-bridge
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4c6b9015..428e13ff 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -699,16 +699,16 @@
         },
         {
             "name": "php-di/slim-bridge",
-            "version": "3.3.0",
+            "version": "3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Slim-Bridge.git",
-                "reference": "9374b67ebf2f135b32c34907b7891b02b935d845"
+                "reference": "d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/9374b67ebf2f135b32c34907b7891b02b935d845",
-                "reference": "9374b67ebf2f135b32c34907b7891b02b935d845",
+                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875",
+                "reference": "d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875",
                 "shasum": ""
             },
             "require": {
@@ -734,9 +734,9 @@
             "description": "PHP-DI integration in Slim",
             "support": {
                 "issues": "https://github.com/PHP-DI/Slim-Bridge/issues",
-                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.3.0"
+                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.4.0"
             },
-            "time": "2023-01-13T15:49:44+00:00"
+            "time": "2023-06-29T14:08:47+00:00"
         },
         {
             "name": "psr/container",

From 8dde61eb89016153f7fe569f017cf7bfb8b7d5fb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 5 Jul 2023 12:03:26 +0000
Subject: [PATCH 1225/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk/server.conf.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index ba3221be..b071b9f6 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -89,7 +89,7 @@ allowall = false
 # Common shared secret for requests from and to the backend servers if
 # "allowall" is enabled. This must be the same value as configured in the
 # Nextcloud admin ui.
-#secret = the-shared-secret
+#secret = the-shared-secret-for-allowall
 
 # Timeout in seconds for requests to the backend.
 timeout = 10

From ad6be7c9147fd18145fdba65e84d70a3aa923d9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Jul 2023 12:26:16 +0000
Subject: [PATCH 1226/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.1.2 to 1.1.3.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 098ac340..132de619 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 FROM nats:2.9.19-scratch as nats
-FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM coturn/coturn:4.6.2-alpine
 USER root
 # Pin alpine version manually as long as https://github.com/coturn/coturn/issues/1226 is not done

From 0cc222fc0cf2452270ef9449f99cdac12d5f4b5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Jul 2023 12:04:40 +0000
Subject: [PATCH 1227/3949] Bump docker from 24.0.2-cli to 24.0.3-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.2-cli to 24.0.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 82f94304..19832fe4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.2-cli as docker
+FROM docker:24.0.3-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 382593d55382a99722a4adc007306fe3e110742d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 10 Jul 2023 16:30:39 +0200
Subject: [PATCH 1228/3949] imaginary - add tmpfs in /tmp

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..fb7dc70f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -542,7 +542,10 @@
       "networks": [
         "nextcloud-aio"
       ],
-      "read_only": true
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",

From dc3bf6f7edb79b5fec797d8a7fed4dec040484b4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 10 Jul 2023 16:40:46 +0200
Subject: [PATCH 1229/3949] Remove warning about Docker Desktop v4.19

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 7d838632..9e01f256 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -64,7 +64,6 @@ fi
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
-    echo "If you are on Docker Desktop v4.19 or higher, see https://github.com/nextcloud/all-in-one/issues/2450"
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1

From 527c6410df74a1070cc9061b3d98761b7146be09 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 10 Jul 2023 15:39:21 +0200
Subject: [PATCH 1230/3949] coturn - pin alpine version correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 132de619..16d70984 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,9 +1,7 @@
 FROM nats:2.9.19-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
-FROM coturn/coturn:4.6.2-alpine
+FROM coturn/coturn:4.6.2-alpine3.18
 USER root
-# Pin alpine version manually as long as https://github.com/coturn/coturn/issues/1226 is not done
-ENV ALPINE_VERSION=3.18
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
@@ -12,7 +10,6 @@ COPY --chmod=775 start.sh /start.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
-    grep VERSION_ID /etc/os-release | grep -q "$ALPINE_VERSION.[0-9]\+$"; \
     apk add --no-cache \
         ca-certificates \
         tzdata \

From f10b5baee9c08ab9c5535e373a7d56784a4ec192 Mon Sep 17 00:00:00 2001
From: notEvil <not_evil@rappold1.at>
Date: Mon, 10 Jul 2023 16:49:04 +0200
Subject: [PATCH 1231/3949] Fixes cp command in migration.md Signed-off-by:
 notEvil <not_evil@rappold1.at>

---
 migration.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration.md b/migration.md
index fbe8f3d1..db40e281 100644
--- a/migration.md
+++ b/migration.md
@@ -14,7 +14,7 @@ The procedure for migrating only the files works like this:
 1. Install Nextcloud AIO on a new server/linux installation, enter your domain and wait until all containers are running
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-link /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary.
+1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-link /path/to/nextcloud/data/. nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/.` and `/` at the end are necessary.
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
@@ -75,7 +75,7 @@ The procedure for migrating the files and the database works like this:
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine chmod 777 /mnt/data/database-dump.sql
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/initial-cleanup-done
     ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-link /path/to/nextcloud/data/ nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/` at the end are necessary. (Or if `NEXTCLOUD_DATADIR` was provided, first delete the files in there and then copy the files to the chosen path.)
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine sh -c "rm -rf /mnt/ncdata/*"` and `sudo docker cp --follow-link /path/to/nextcloud/data/. nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/.` and `/` at the end are necessary. (Or if `NEXTCLOUD_DATADIR` was provided, first delete the files in there and then copy the files to the chosen path.)
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.

From c8e2bfd7ba3411a689547e2332fa3afabaed1137 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 12:32:07 +0000
Subject: [PATCH 1232/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.7-fpm-alpine3.18 to 8.2.8-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19832fe4..6c1fd3a4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.3-cli as docker
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.7-fpm-alpine3.18
+FROM php:8.2.8-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 48239ef9fae0667cc2b0d706ece588578b42230a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 12:32:11 +0000
Subject: [PATCH 1233/3949] Bump docker from 24.0.3-cli to 24.0.4-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.3-cli to 24.0.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19832fe4..bdd8c246 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.3-cli as docker
+FROM docker:24.0.4-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 04e287266929aadcb81fcfc601466af19c4b11fc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 12:33:20 +0000
Subject: [PATCH 1234/3949] Bump redis from 7.0.11-alpine to 7.0.12-alpine in
 /Containers/redis

Bumps redis from 7.0.11-alpine to 7.0.12-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 38b70064..693cc0ea 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.11-alpine
+FROM redis:7.0.12-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 6550e012c385e83332360d0494f60d6f26b9c880 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 12:59:19 +0000
Subject: [PATCH 1235/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.20-fpm-alpine3.18 to 8.1.21-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 7b0902c4..ef9b69a9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.20-fpm-alpine3.18
+FROM php:8.1.21-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 69a3b365e5efe2294331ecb95ff632e36a7502b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 12:11:46 +0000
Subject: [PATCH 1236/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.20.5-alpine3.18 to 1.20.6-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index c2ea6b9f..b9e3e30e 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.5-alpine3.18 as go
+FROM golang:1.20.6-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From 2e0a741575074b2f853acd175f7fb3cbc4cb806e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jul 2023 12:36:35 +0000
Subject: [PATCH 1237/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.1.2.1 to 23.05.1.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 47575e36..411a3edf 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.1.2.1
+FROM collabora/code:23.05.1.3.1
 
 USER root
 

From 9f77ac6c788e0290c22757d4f50d562dd875ca02 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 12 Jul 2023 16:11:42 +0200
Subject: [PATCH 1238/3949] helm - generate release notes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 56a27337..773ee85d 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -46,3 +46,4 @@ jobs:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
           CR_SKIP_EXISTING: true
+          CR_GENERATE_RELEASE_NOTES: true

From ea46ed40956545f4cd19a17962bad8f1ae2aca3a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 12:01:46 +0200
Subject: [PATCH 1239/3949] move showpassword to global scope

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/forms.js | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index dde9a1ef..faa64fa9 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -1,4 +1,14 @@
 "use strict";
+
+function showPassword(id) {
+  let passwordField = document.getElementById(id);
+  if (passwordField.type === "password" && passwordField.value !== "") {
+    passwordField.type = "text";
+  } else if (passwordField.type === "text" && passwordField.value === "") {
+    passwordField.type = "password";
+  }
+}
+
 (function (){
   let lastError;
 
@@ -39,15 +49,6 @@
     document.getElementById('overlay').classList.remove('loading');
   }
 
-  function showPassword(id) {
-    let passwordField = document.getElementById(id);
-    if (passwordField.type === "password" && passwordField.value !== "") {
-      passwordField.type = "text";
-    } else if (passwordField.type === "text" && passwordField.value === "") {
-      passwordField.type = "password";
-    }
-  }
-
   function initForm(form) {
     function submit(event)
     {

From 2d0b92db77f84d0730bb07d007ceb76575d9146a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 17:27:13 +0200
Subject: [PATCH 1240/3949] make apache container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile       |  6 ++++++
 Containers/apache/start.sh         | 10 +++++-----
 Containers/apache/supervisord.conf |  2 +-
 php/containers-schema.json         |  2 +-
 php/containers.json                |  7 +++++++
 5 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 1da212bd..d4b86f47 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -22,6 +22,8 @@ RUN set -ex; \
     \
     mkdir -p /mnt/data; \
     chown -R www-data:www-data /mnt/data; \
+    mkdir /caddy; \
+    chown 777 /caddy; \
     \
     apk add --no-cache \
         bash \
@@ -59,9 +61,13 @@ RUN set -ex; \
     mkdir /var/run/supervisord; \
     chown www-data:www-data /var/run/supervisord; \
     chown www-data:www-data /var/log/supervisord; \
+    chmod 777 /var/run/supervisord; \
+    chmod 777 /var/log/supervisord; \
     \
     chown -R www-data:www-data /usr/local/apache2; \
     chmod +r -R /usr/local/apache2; \
+    mkdir -p /usr/local/apache2/logs; \
+    chmod 777 -R /usr/local/apache2/logs; \
     \
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9c1023ee..3fa67208 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -35,18 +35,18 @@ if [ "$APACHE_PORT" != '443' ]; then
 else
     CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /Caddyfile
+echo "$CADDYFILE" > /caddy/Caddyfile
 
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /Caddyfile)"
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /caddy/Caddyfile)"
 else
-    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
+    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /caddy/Caddyfile)"
 fi
-echo "$CADDYFILE" > /Caddyfile
+echo "$CADDYFILE" > /caddy/Caddyfile
 
 # Fix the Caddyfile format
-caddy fmt --overwrite /Caddyfile
+caddy fmt --overwrite /caddy/Caddyfile
 
 # Add caddy path
 mkdir -p /mnt/data/caddy/
diff --git a/Containers/apache/supervisord.conf b/Containers/apache/supervisord.conf
index c8245619..85f4a8a5 100644
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /Caddyfile
\ No newline at end of file
+command=/usr/bin/caddy run --config /caddy/Caddyfile
diff --git a/php/containers-schema.json b/php/containers-schema.json
index df828f5e..a5869ec9 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/_-]+$"
+							"pattern": "^/[a-z/_0-9-]+$"
 						}
 					},
 					"volumes": {
diff --git a/php/containers.json b/php/containers.json
index f969e3ff..e90e813e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -55,6 +55,13 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/log/supervisord",
+        "/var/run/supervisord",
+        "/usr/local/apache2/logs",
+        "/caddy"
       ]
     },
     {

From 6bab59c5f92ddd8329c7a6cd01995e0146466928 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 14:19:28 +0200
Subject: [PATCH 1241/3949] increase to 6.3.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 16870e61..b4589e22 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.2.1</h1>
+        <h1>Nextcloud AIO v6.3.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 4a60b4d004119a3177f2770214e90583015aacc2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 14:40:51 +0200
Subject: [PATCH 1242/3949] a few fixes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile    | 3 ++-
 Containers/collabora/Dockerfile | 3 ++-
 Containers/talk/Dockerfile      | 1 +
 php/containers.json             | 9 ++++++---
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d4b86f47..89af430e 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -23,7 +23,8 @@ RUN set -ex; \
     mkdir -p /mnt/data; \
     chown -R www-data:www-data /mnt/data; \
     mkdir /caddy; \
-    chown 777 /caddy; \
+    chown -R 777 /caddy; \
+    chown -R 777 /tmp; \
     \
     apk add --no-cache \
         bash \
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index a80b1fba..ca44e779 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -13,7 +13,8 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*; \
     mkdir -p /opt/cool/child-roots; \
-    chmod 777 -R /opt/cool/child-roots
+    chmod 777 -R /opt/cool/child-roots; \
+    chmod -R 777 /etc/coolwsd/
 
 USER 100
 
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 0479cea0..4e714dcc 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -57,6 +57,7 @@ RUN set -ex; \
         /var/log/supervisord \
         /var/run/supervisord; \
     chmod 777 -R \
+        /tmp \
         /conf \
         /var/run/supervisord \
         /var/log/supervisord;
diff --git a/php/containers.json b/php/containers.json
index fd085d54..b5f0ea28 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -61,7 +61,8 @@
         "/var/log/supervisord",
         "/var/run/supervisord",
         "/usr/local/apache2/logs",
-        "/caddy"
+        "/caddy",
+        "/tmp"
       ]
     },
     {
@@ -304,7 +305,8 @@
       ],
       "read_only": true,
       "tmpfs": [
-        "/opt/cool/child-roots"
+        "/opt/cool/child-roots",
+        "/etc/coolwsd"
       ]
     },
     {
@@ -352,7 +354,8 @@
       "tmpfs": [
         "/var/log/supervisord",
         "/var/run/supervisord",
-        "/conf"
+        "/conf",
+        "/tmp"
       ]
     },
     {

From 9a1de583c6fc7edec10c6f9a71c60a8bef4af52e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 14:54:45 +0200
Subject: [PATCH 1243/3949] try to fix further stuff

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile | 1 +
 Containers/talk/Dockerfile   | 2 ++
 php/containers.json          | 1 +
 3 files changed, 4 insertions(+)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 89af430e..374b108d 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -22,6 +22,7 @@ RUN set -ex; \
     \
     mkdir -p /mnt/data; \
     chown -R www-data:www-data /mnt/data; \
+    chown -R www-data:www-data /caddy; \
     mkdir /caddy; \
     chown -R 777 /caddy; \
     chown -R 777 /tmp; \
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 4e714dcc..4b51a99a 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -48,6 +48,7 @@ RUN set -ex; \
         /conf \
         /var/lib/turn \
         /var/log/supervisord \
+        /var/lib/turn \
         /var/run/supervisord; \
     chown talk:talk -R \
         /usr \
@@ -60,6 +61,7 @@ RUN set -ex; \
         /tmp \
         /conf \
         /var/run/supervisord \
+        /var/lib/turn \
         /var/log/supervisord;
 
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
diff --git a/php/containers.json b/php/containers.json
index b5f0ea28..901eaea0 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -355,6 +355,7 @@
         "/var/log/supervisord",
         "/var/run/supervisord",
         "/conf",
+        "/var/lib/turn",
         "/tmp"
       ]
     },

From 3e3dbf26b5947ec29a8bd15aed9053ce35e379b9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 14:55:56 +0200
Subject: [PATCH 1244/3949] Revert "make collabora container read-only"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 5 +----
 php/containers.json             | 5 -----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index ca44e779..a11c5b97 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,10 +11,7 @@ RUN set -ex; \
         tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*; \
-    mkdir -p /opt/cool/child-roots; \
-    chmod 777 -R /opt/cool/child-roots; \
-    chmod -R 777 /etc/coolwsd/
+    rm -rf /var/lib/apt/lists/*;
 
 USER 100
 
diff --git a/php/containers.json b/php/containers.json
index 901eaea0..70d61066 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -302,11 +302,6 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ],
-      "read_only": true,
-      "tmpfs": [
-        "/opt/cool/child-roots",
-        "/etc/coolwsd"
       ]
     },
     {

From b1b96a5d8c557931f63c80f33c4f3ea9fa61ab02 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 15:01:28 +0200
Subject: [PATCH 1245/3949] fix apache build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 374b108d..cb0ee15d 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -22,9 +22,9 @@ RUN set -ex; \
     \
     mkdir -p /mnt/data; \
     chown -R www-data:www-data /mnt/data; \
-    chown -R www-data:www-data /caddy; \
     mkdir /caddy; \
     chown -R 777 /caddy; \
+    chown -R www-data:www-data /caddy; \
     chown -R 777 /tmp; \
     \
     apk add --no-cache \

From 8bf8e3f562e2dc93114c7041a3596c0083e1ddbf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 15:18:32 +0200
Subject: [PATCH 1246/3949] fix starting of apache

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile       |  3 ---
 Containers/apache/start.sh         | 10 +++++-----
 Containers/apache/supervisord.conf |  2 +-
 php/containers.json                |  1 -
 4 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index cb0ee15d..5eddfce5 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -22,9 +22,6 @@ RUN set -ex; \
     \
     mkdir -p /mnt/data; \
     chown -R www-data:www-data /mnt/data; \
-    mkdir /caddy; \
-    chown -R 777 /caddy; \
-    chown -R www-data:www-data /caddy; \
     chown -R 777 /tmp; \
     \
     apk add --no-cache \
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 3fa67208..5ebc9ee0 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -35,18 +35,18 @@ if [ "$APACHE_PORT" != '443' ]; then
 else
     CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /caddy/Caddyfile
+echo "$CADDYFILE" > /tmp/Caddyfile
 
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /caddy/Caddyfile)"
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
 else
-    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /caddy/Caddyfile)"
+    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /tmp/Caddyfile)"
 fi
-echo "$CADDYFILE" > /caddy/Caddyfile
+echo "$CADDYFILE" > /tmp/Caddyfile
 
 # Fix the Caddyfile format
-caddy fmt --overwrite /caddy/Caddyfile
+caddy fmt --overwrite /tmp/Caddyfile
 
 # Add caddy path
 mkdir -p /mnt/data/caddy/
diff --git a/Containers/apache/supervisord.conf b/Containers/apache/supervisord.conf
index 85f4a8a5..d6a93803 100644
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /caddy/Caddyfile
+command=/usr/bin/caddy run --config /tmp/Caddyfile
diff --git a/php/containers.json b/php/containers.json
index 70d61066..f0e181ad 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -61,7 +61,6 @@
         "/var/log/supervisord",
         "/var/run/supervisord",
         "/usr/local/apache2/logs",
-        "/caddy",
         "/tmp"
       ]
     },

From 71481cd73194e53b30cdf6e0802abf0b24cffedb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 13 Jul 2023 15:44:27 +0200
Subject: [PATCH 1247/3949] fix remaining problem with apache container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile | 1 +
 php/containers.json          | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 5eddfce5..b0c3a5a0 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -66,6 +66,7 @@ RUN set -ex; \
     chown -R www-data:www-data /usr/local/apache2; \
     chmod +r -R /usr/local/apache2; \
     mkdir -p /usr/local/apache2/logs; \
+    chmod 777 -R /home/www-data; \
     chmod 777 -R /usr/local/apache2/logs; \
     \
     echo "root:$(openssl rand -base64 12)" | chpasswd
diff --git a/php/containers.json b/php/containers.json
index f0e181ad..43d1488e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -61,7 +61,8 @@
         "/var/log/supervisord",
         "/var/run/supervisord",
         "/usr/local/apache2/logs",
-        "/tmp"
+        "/tmp",
+        "/home/www-data"
       ]
     },
     {

From c5697a863735c81290415985ab3b115085de067f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 14 Jul 2023 09:22:36 +0200
Subject: [PATCH 1248/3949] temporarily disable apcu_clear_cache again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 60cf08e0..cdb8b057 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -173,7 +173,8 @@ class DockerController
         $this->startTopContainer(true);
 
         // Clear apcu cache in order to check if container updates are available
-        apcu_clear_cache();
+        // Temporarily disabled as it leads much faster to docker rate limits
+        // apcu_clear_cache();
 
         return $response->withStatus(201)->withHeader('Location', '/');
     }

From 87a2d6fd8e713a16b7a5d5eb3923c007f511da11 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 17 Jul 2023 09:51:43 +0200
Subject: [PATCH 1249/3949] remove cgi-bin scripts

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 ++
 Containers/mastercontainer/Dockerfile | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index b0c3a5a0..a50014e7 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -48,6 +48,7 @@ RUN set -ex; \
             -e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
             -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
             -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+            -e 's/\(ScriptAlias \)/#\1/' \
         /usr/local/apache2/conf/httpd.conf; \
     echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
     echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
@@ -68,6 +69,7 @@ RUN set -ex; \
     mkdir -p /usr/local/apache2/logs; \
     chmod 777 -R /home/www-data; \
     chmod 777 -R /usr/local/apache2/logs; \
+    rm -rf /usr/local/apache2/cgi-bin/; \
     \
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 940d10ee..cfa76d88 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -93,6 +93,7 @@ RUN set -ex; \
             -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
             -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
             -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+            -e 's/\(ScriptAlias \)/#\1/' \
         /etc/apache2/httpd.conf; \
         mkdir -p /etc/apache2/logs; \
         rm /etc/apache2/conf.d/ssl.conf; \
@@ -108,6 +109,7 @@ RUN set -ex; \
           /etc/apache2/conf.d/userdir.conf \
           /etc/apache2/conf.d/info.conf; \
     \
+    rm -rf /var/www/localhost/cgi-bin/; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 

From 3dce5338748bf8032fb08b794f0da0bc414b4f8c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Jul 2023 16:50:18 +0200
Subject: [PATCH 1250/3949] adjust helm-update script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 2ca573ee..43857909 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -15,6 +15,9 @@ curl -L https://github.com/kubernetes/kompose/releases/download/"$LATEST_KOMPOSE
 chmod +x kompose
 sudo mv ./kompose /usr/local/bin/kompose
 
+# Install yq
+snap install yq
+
 set -ex
 
 # Conversion of docker-compose
@@ -39,11 +42,14 @@ sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name:
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
 sed -i 's|\${|{{ .Values.|g' latest.yml
 sed -i 's|}| }}|g' latest.yml
+yq -i 'del(.services.[].profiles)' latest.yml
 cat latest.yml
-kompose convert -c -f latest.yml
+kompose convert -c -f latest.yml --namespace nextcloud-aio-namespace
 cd latest
 
-mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
+if [ -f ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ]; then
+    mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
+fi
 # shellcheck disable=SC1083
 find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 cat << EOL > /tmp/initcontainers
@@ -109,6 +115,8 @@ for variable in "${DEPLOYMENTS[@]}"; do
     fi
 done
 # shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "s|nextcloud-aio-namespace|\{\{ values.NAMESPACE \}\}|" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
@@ -197,6 +205,9 @@ sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
+# shellcheck disable=SC2129
+echo "NAMESPACE: nextcloud-aio" >> /tmp/sample.conf
+# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf

From d2be89c50227ddb91caacf19b08570a693c3402d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 14:03:02 +0200
Subject: [PATCH 1251/3949] nextcloud container - make tmp a tmpfs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 php/containers.json             | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ef9b69a9..8d643642 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -209,6 +209,7 @@ RUN set -ex; \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
+    chmod -R 777 /tmp; \
     rm -r /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
diff --git a/php/containers.json b/php/containers.json
index 43d1488e..ce0f4d55 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -209,6 +209,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "tmpfs": [
+        "/tmp"
       ]
     },
     {

From e4f68f763640ab5a0022281dff3747f634c6ac71 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 14:09:49 +0200
Subject: [PATCH 1252/3949] remove FTS_PASSWORD again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh |  2 +-
 php/containers.json                | 10 ++--------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 6ca3004a..cb6e3a9b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -677,7 +677,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/php/containers.json b/php/containers.json
index b87ee337..9e3b9cc4 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -113,8 +113,7 @@
         "REDIS_PASSWORD",
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
-        "SIGNALING_SECRET",
-        "FULLTEXTSEARCH_PASSWORD"
+        "SIGNALING_SECRET"
       ],
       "volumes": [
         {
@@ -181,8 +180,7 @@
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
-        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -503,7 +501,6 @@
       "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
-        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "ES_JAVA_OPTS=-Xms512M -Xmx512M",
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
@@ -526,9 +523,6 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ],
-      "secrets": [
-        "FULLTEXTSEARCH_PASSWORD"
       ]
     }
   ]

From 7c38050f58763d1d178fc9324da7ecbe28f5be5d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 14:12:13 +0200
Subject: [PATCH 1253/3949] adjust a detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 9e3b9cc4..569cd208 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -499,7 +499,6 @@
       ],
       "internal_port": "9200",
       "environment": [
-        "POSTGRES_HOST=nextcloud-aio-database",
         "TZ=%TIMEZONE%",
         "ES_JAVA_OPTS=-Xms512M -Xmx512M",
         "bootstrap.memory_lock=true",

From 54d9181f14d54e3987f69c2eef3ea34ca8df804b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 14:31:45 +0200
Subject: [PATCH 1254/3949] display warning if domaincheck container could not
 be started instead of bugging out

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json                     | 1 +
 php/public/index.php                    | 2 +-
 php/src/Controller/DockerController.php | 6 +++++-
 php/templates/containers.twig           | 9 ++++++++-
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 43d1488e..a7210c99 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -472,6 +472,7 @@
           "protocol": "tcp"
         }
       ],
+      "internal_port": "%APACHE_PORT%",
       "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
diff --git a/php/public/index.php b/php/public/index.php
index 87421cdc..de46eb41 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -176,6 +176,6 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
     }
 });
 
-$errorMiddleware = $app->addErrorMiddleware(true, true, true);
+$errorMiddleware = $app->addErrorMiddleware(false, true, true);
 
 $app->run();
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index cdb8b057..8f29949b 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -255,7 +255,11 @@ class DockerController
         }
 
         $this->StopDomaincheckContainer();
-        $this->PerformRecursiveContainerStart($id);
+        try {
+            $this->PerformRecursiveContainerStart($id);
+        } catch (\Exception $e) {
+            error_log('Could not start domaincheck container: ' . $e->getMessage());
+        }
 
         // Cache the start for 10 minutes
         apcu_add($cacheKey, '1', 600);
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b4589e22..f5f12b3e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -24,6 +24,7 @@
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}
         {% set isWatchtowerRunning = false %}
+        {% set isDomaincheckRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
@@ -45,6 +46,9 @@
             {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                 {% set isWatchtowerRunning = true %}
             {% endif %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+                {% set isDomaincheckRunning = true %}
+            {% endif %}
             {% if container.GetIdentifier() == 'nextcloud-aio-apache' and class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                 {% set isApacheStarting = true %}
             {% endif %}
@@ -69,7 +73,10 @@
             <a href="" class="button reload">Reload ↻</a><br/>
         {% else %}
             {% if is_backup_container_running == false and domain == "" %}
-                {% if is_mastercontainer_update_available == true %}
+                {% if isDomaincheckRunning == false %}
+                    <h2>Domaincheck container is not running</h2>
+                    This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.
+                {% elseif is_mastercontainer_update_available == true %}
                     <h2>Mastercontainer update</h2>
                     ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
                     <form method="POST" action="/api/docker/watchtower" class="xhr">

From 77dbc791157e96e5e29ce689e807d3e1d5c99714 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 29 Jun 2023 16:16:44 +0200
Subject: [PATCH 1255/3949] build janus 0.x

```
Compiler:                  gcc
libsrtp version:           2.x
SSL/crypto library:        OpenSSL
DTLS set-timeout:          not available
Mutex implementation:      GMutex (native futex on Linux)
DataChannels support:      no
Recordings post-processor: no
TURN REST API client:      no
Doxygen documentation:     no
Transports:
    REST (HTTP/HTTPS):     no
    WebSockets:            no
    RabbitMQ:              no
    MQTT:                  no
    Unix Sockets:          yes
    Nanomsg:               no
Plugins:
    Echo Test:             yes
    Streaming:             yes
    Video Call:            yes
    SIP Gateway:           no
    NoSIP (RTP Bridge):    yes
    Audio Bridge:          no
    Video Room:            yes
    Voice Mail:            no
    Record&Play:           yes
    Text Room:             yes
    Lua Interpreter:       no
    Duktape Interpreter:   no
Event handlers:
    Sample event handler:  no
    WebSocket ev. handler: no
    RabbitMQ event handler:no
    MQTT event handler:    no
    Nanomsg event handler: no
    GELF event handler:    yes
External loggers:
    JSON file logger:      no
JavaScript modules:        no
```

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .github/workflows/talk.yml       | 10 ++++++
 Containers/talk/Dockerfile       | 57 ++++++++++++++++++--------------
 Containers/talk/supervisord.conf |  3 +-
 3 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index cdf7becd..8711eaa5 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -34,6 +34,16 @@ jobs:
         )"
         curl -L "https://raw.githubusercontent.com/strukturag/nextcloud-spreed-signaling/$signaling_version/server.conf.in" -o Containers/talk/server.conf.in
         
+        # Janus
+        janus_version="$(
+          git ls-remote https://github.com/meetecho/janus-gateway v0.*.* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | tail -1
+        )"
+        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
+        
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
       with:
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 4b51a99a..47e2d5ae 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,41 +1,42 @@
 FROM nats:2.9.19-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
+FROM alpine:3.18.2 as janus
+
+ARG JANUS_VERSION=v0.13.4
+WORKDIR /src
+RUN apk add --no-cache \
+        ca-certificates \
+        git autoconf automake build-base pkgconfig libtool util-linux \
+        glib-dev zlib-dev openssl-dev jansson-dev libnice-dev libconfig-dev libsrtp-dev gengetopt-dev \
+        libwebsockets-dev; \
+        git clone --recursive https://github.com/meetecho/janus-gateway -b $JANUS_VERSION /src; \
+        /src/autogen.sh; \
+        /src/configure; \
+        make; \
+        make install; \
+        make configs; \
+        rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
+
 FROM coturn/coturn:4.6.2-alpine3.18
 USER root
 
-COPY --from=nats /nats-server /usr/local/bin/nats-server
-COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 supervisord.conf /supervisord.conf
-
 RUN set -ex; \
     apk add --no-cache \
         ca-certificates \
         tzdata \
         bash \
-        janus-gateway \
         openssl \
         supervisor \
         bind-tools \
         netcat-openbsd \
-        shadow \
-        util-linux \
-        build-base \
-        wget \
-        lua5.3-dev \
-        luarocks5.3; \
+        \
+        glib zlib libssl3 libcrypto3 jansson libnice libconfig libsrtp \
+        libwebsockets \
+        \
+        shadow; \
     useradd --system talk; \
-    luarocks-5.3 install luajson; \
-    luarocks-5.3 install ansicolors; \
-    rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
     apk del --no-cache \
-        shadow \
-        util-linux \
-        build-base \
-        wget \
-        lua5.3-dev \
-        luarocks5.3; \
+        shadow; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
@@ -48,11 +49,10 @@ RUN set -ex; \
         /conf \
         /var/lib/turn \
         /var/log/supervisord \
-        /var/lib/turn \
-        /var/run/supervisord; \
+        /var/run/supervisord \
+        /usr/local/lib/janus/loggers; \
     chown talk:talk -R \
         /usr \
-        /etc/janus \
         /etc/nats.conf \
         /var/lib/turn \
         /var/log/supervisord \
@@ -64,6 +64,13 @@ RUN set -ex; \
         /var/lib/turn \
         /var/log/supervisord;
 
+COPY --from=janus /usr/local /usr/local
+COPY --from=nats /nats-server /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
+
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
 
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 5b43ed41..216a9568 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -1,6 +1,5 @@
 [supervisord]
 nodaemon=true
-nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
@@ -28,7 +27,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 # debug-level 3 means warning
-command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
+command=janus --config=/usr/local/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
 
 [program:signaling]
 stdout_logfile=/dev/stdout

From 91ee3495e19c9edd37dd8710ba9b251ea586382d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 15:04:42 +0200
Subject: [PATCH 1256/3949] move each dependency to a new line

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 47e2d5ae..4454bf7d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -6,8 +6,21 @@ ARG JANUS_VERSION=v0.13.4
 WORKDIR /src
 RUN apk add --no-cache \
         ca-certificates \
-        git autoconf automake build-base pkgconfig libtool util-linux \
-        glib-dev zlib-dev openssl-dev jansson-dev libnice-dev libconfig-dev libsrtp-dev gengetopt-dev \
+        git \
+        autoconf \
+        automake \
+        build-base \
+        pkgconfig \
+        libtool \
+        util-linux \
+        glib-dev \
+        zlib-dev \
+        openssl-dev \
+        jansson-dev \
+        libnice-dev \
+        libconfig-dev \
+        libsrtp-dev \
+        gengetopt-dev \
         libwebsockets-dev; \
         git clone --recursive https://github.com/meetecho/janus-gateway -b $JANUS_VERSION /src; \
         /src/autogen.sh; \
@@ -30,7 +43,14 @@ RUN set -ex; \
         bind-tools \
         netcat-openbsd \
         \
-        glib zlib libssl3 libcrypto3 jansson libnice libconfig libsrtp \
+        glib \
+        zlib \
+        libssl3 \
+        libcrypto3 \
+        jansson \
+        libnice \
+        libconfig \
+        libsrtp \
         libwebsockets \
         \
         shadow; \

From a529fb9b39be1f3ff8bffd38848fdcb384e75f8f Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 19 Jul 2023 15:15:13 +0200
Subject: [PATCH 1257/3949] Update Containers/talk/Dockerfile

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 4454bf7d..041328b1 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,8 @@ FROM alpine:3.18.2 as janus
 
 ARG JANUS_VERSION=v0.13.4
 WORKDIR /src
-RUN apk add --no-cache \
+RUN set -ex; \
+    apk add --no-cache \
         ca-certificates \
         git \
         autoconf \

From 7ab1e951f5256252913e3420e723e820053cd577 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 15:21:40 +0200
Subject: [PATCH 1258/3949] modify git clone command and adjust indentation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 041328b1..0ad085b2 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -23,13 +23,13 @@ RUN set -ex; \
         libsrtp-dev \
         gengetopt-dev \
         libwebsockets-dev; \
-        git clone --recursive https://github.com/meetecho/janus-gateway -b $JANUS_VERSION /src; \
-        /src/autogen.sh; \
-        /src/configure; \
-        make; \
-        make install; \
-        make configs; \
-        rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
+    git clone --recursive https://github.com/meetecho/janus-gateway --depth=1 --single-branch --branch "$JANUS_VERSION" /src; \
+    /src/autogen.sh; \
+    /src/configure; \
+    make; \
+    make install; \
+    make configs; \
+    rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
 FROM coturn/coturn:4.6.2-alpine3.18
 USER root

From 7824060a6cae98e0d5a6116223514cb005b5b0ba Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 May 2023 12:00:05 +0200
Subject: [PATCH 1259/3949] set NEXTCLOUD_MOUNT to rshared

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 31 ++++++++++++++++++++------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c11f16a0..bae9f6f6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -211,9 +211,16 @@ class DockerActionManager
 
     public function CreateContainer(Container $container) : void {
         $volumes = [];
-        foreach($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+            // NEXTCLOUD_MOUNT gets added via bind-mount later on
+            if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+                if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
+                    continue;
+                }
+            }
+
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
-            if($volume->isWritable) {
+            if ($volume->isWritable) {
                 $volumeEntry = $volumeEntry . ':' . 'rw';
             } else {
                 $volumeEntry = $volumeEntry . ':' . 'ro';
@@ -226,7 +233,7 @@ class DockerActionManager
             'Image' => $this->BuildImageName($container),
         ];
 
-        if(count($volumes) > 0) {
+        if (count($volumes) > 0) {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
@@ -425,10 +432,11 @@ class DockerActionManager
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
         }
 
+        $mounts = [];
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             // Additional backup directories
-            $mounts = [];
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
                     $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
@@ -443,13 +451,22 @@ class DockerActionManager
                     }
                 }
             }
-            if(count($mounts) > 0) {
-                $requestBody['HostConfig']['Mounts'] = $mounts;
-            }
         // Special things for the talk container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
+        // Special things for the nextcloud container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+                if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+                    continue;
+                }
+                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "Propagation" => "rshared"];
+            }
+        }
+
+        if (count($mounts) > 0) {
+            $requestBody['HostConfig']['Mounts'] = $mounts;
         }
 
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());

From 4065ab659c0dec55f1c71871b28c7d3ebfbb2221 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 17:08:17 +0200
Subject: [PATCH 1260/3949] add explanation to namespace

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 43857909..61594954 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -206,7 +206,7 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: nextcloud-aio" >> /tmp/sample.conf
+echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129

From f56682b774299f3cc9e1971be8db8a4702144157 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Jul 2023 12:02:53 +0000
Subject: [PATCH 1261/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 10ac15c5..026ed073 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -27,6 +27,13 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    read_only: true
+    tmpfs:
+      - /var/log/supervisord
+      - /var/run/supervisord
+      - /usr/local/apache2/logs
+      - /tmp
+      - /home/www-data
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:latest
@@ -46,6 +53,9 @@ services:
     shm_size: 268435456
     networks:
       - nextcloud-aio
+    read_only: true
+    tmpfs:
+      - /var/run/postgresql
 
   nextcloud-aio-nextcloud:
     depends_on:
@@ -180,6 +190,13 @@ services:
       - talk-recording
     networks:
       - nextcloud-aio
+    read_only: true
+    tmpfs:
+      - /var/log/supervisord
+      - /var/run/supervisord
+      - /conf
+      - /var/lib/turn
+      - /tmp
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
@@ -196,6 +213,10 @@ services:
       - talk-recording
     networks:
       - nextcloud-aio
+    read_only: true
+    tmpfs:
+      - /tmp
+      - /conf
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
@@ -248,6 +269,8 @@ services:
     networks:
       - nextcloud-aio
     read_only: true
+    tmpfs:
+      - /tmp
 
   nextcloud-aio-fulltextsearch:
     image: nextcloud/aio-fulltextsearch:latest

From 91bac10c9af88bfb7f8d3168d94d421c732cfd6b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Jul 2023 12:03:06 +0000
Subject: [PATCH 1262/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 37959745..a9aae7bb 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.4-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.0.1
+ENV RECORDING_VERSION v17.0.2
 
 RUN set -ex; \
     apk add --no-cache \

From 1afbfdc9c55e8b63926c5de5a6417d16cc090b1f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Jul 2023 12:08:12 +0000
Subject: [PATCH 1263/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ef9b69a9..a6fb4706 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.21-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 26.0.3
+ENV NEXTCLOUD_VERSION 26.0.4
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 7bb75459721340d247529aaae0ff4749ed592576 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 27 Jun 2023 10:59:20 +0200
Subject: [PATCH 1264/3949] talk-recording - set allow_all and skip_verify via
 env

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 2 ++
 Containers/talk-recording/start.sh   | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index a9aae7bb..89a5656a 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3.11.4-alpine3.18
 COPY --chmod=775 start.sh /start.sh
 
 ENV RECORDING_VERSION v17.0.2
+ENV ALLOW_ALL false
+ENV SKIP_VERIFY false
 
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 9f0fc7f1..cd2325a1 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -21,11 +21,11 @@ level = 30
 listen = 0.0.0.0:1234
 
 [backend]
-allowall = false
+allowall = ${ALLOW_ALL}
 # TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
 secret = ${RECORDING_SECRET}
 backends = backend-1
-skipverify = false
+skipverify = ${SKIP_VERIFY}
 maxmessagesize = 1024
 videowidth = 1920
 videoheight = 1080
@@ -34,7 +34,7 @@ directory = /tmp
 [backend-1]
 url = https://${NC_DOMAIN}
 secret = ${RECORDING_SECRET}
-skipverify = false
+skipverify = ${SKIP_VERIFY}
 
 [signaling]
 signalings = signaling-1

From 0c5cb7de255e26cb1f43bddc0b7e400d7bc9725a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 27 Jun 2023 13:13:15 +0200
Subject: [PATCH 1265/3949] also allow to adjust the protocol

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 1 +
 Containers/talk-recording/start.sh   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 89a5656a..de5bca56 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -4,6 +4,7 @@ COPY --chmod=775 start.sh /start.sh
 
 ENV RECORDING_VERSION v17.0.2
 ENV ALLOW_ALL false
+ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
 
 RUN set -ex; \
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index cd2325a1..cbc45c60 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -32,7 +32,7 @@ videoheight = 1080
 directory = /tmp
 
 [backend-1]
-url = https://${NC_DOMAIN}
+url = ${HPB_PROTOCOL}://${NC_DOMAIN}
 secret = ${RECORDING_SECRET}
 skipverify = ${SKIP_VERIFY}
 
@@ -40,7 +40,7 @@ skipverify = ${SKIP_VERIFY}
 signalings = signaling-1
 
 [signaling-1]
-url = https://${NC_DOMAIN}/standalone-signaling/
+url = ${HPB_PROTOCOL}://${NC_DOMAIN}/standalone-signaling/
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]

From a262d1f210f25304f57e893ba749fb761bcc088f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Jul 2023 10:01:24 +0200
Subject: [PATCH 1266/3949] add HPB_PATH

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 1 +
 Containers/talk-recording/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index de5bca56..65d32a16 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -6,6 +6,7 @@ ENV RECORDING_VERSION v17.0.2
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
+ENV HPB_PATH /standalone-signaling/
 
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index cbc45c60..dcdffcbf 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -40,7 +40,7 @@ skipverify = ${SKIP_VERIFY}
 signalings = signaling-1
 
 [signaling-1]
-url = ${HPB_PROTOCOL}://${NC_DOMAIN}/standalone-signaling/
+url = ${HPB_PROTOCOL}://${NC_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]

From fb6ca4b6af5f8196ef055e1936911725139abb92 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 20 Jul 2023 13:54:51 +0000
Subject: [PATCH 1267/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      | 53 ++++++++++++++--
 ...loud-aio-apache-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-apache-service.yaml         |  9 ++-
 .../nextcloud-aio-clamav-deployment.yaml      | 15 +++--
 ...loud-aio-clamav-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-clamav-service.yaml         |  5 +-
 .../nextcloud-aio-collabora-deployment.yaml   | 13 ++--
 .../nextcloud-aio-collabora-service.yaml      |  5 +-
 .../nextcloud-aio-database-deployment.yaml    | 25 ++++++--
 ...o-database-dump-persistentvolumeclaim.yaml |  1 +
 ...ud-aio-database-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-database-service.yaml       |  5 +-
 ...o-elasticsearch-persistentvolumeclaim.yaml |  1 +
 ...xtcloud-aio-fulltextsearch-deployment.yaml | 13 ++--
 .../nextcloud-aio-fulltextsearch-service.yaml |  5 +-
 .../nextcloud-aio-imaginary-deployment.yaml   | 30 +++++++--
 .../nextcloud-aio-imaginary-service.yaml      |  5 +-
 .../nextcloud-aio-namespace-namespace.yaml    |  6 ++
 .../nextcloud-aio-networkpolicy.yaml          | 13 ----
 ...-nextcloud-data-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-nextcloud-deployment.yaml   | 13 ++--
 ...d-aio-nextcloud-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-nextcloud-service.yaml      |  5 +-
 ...trusted-cacerts-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-notify-push-deployment.yaml | 15 +++--
 .../nextcloud-aio-notify-push-service.yaml    |  5 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml  | 13 ++--
 ...-aio-onlyoffice-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-onlyoffice-service.yaml     |  5 +-
 .../nextcloud-aio-redis-deployment.yaml       | 15 +++--
 ...cloud-aio-redis-persistentvolumeclaim.yaml |  1 +
 .../nextcloud-aio-redis-service.yaml          |  5 +-
 .../nextcloud-aio-talk-deployment.yaml        | 62 +++++++++++++++++--
 ...xtcloud-aio-talk-recording-deployment.yaml | 38 ++++++++++--
 .../nextcloud-aio-talk-recording-service.yaml |  5 +-
 .../templates/nextcloud-aio-talk-service.yaml | 10 +--
 nextcloud-aio-helm-chart/values.yaml          |  1 +
 38 files changed, 306 insertions(+), 100 deletions(-)
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
 delete mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 5a3378c3..73791c8b 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.2.1
+version: 6.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4b4b8104..50e8d2a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,11 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -15,8 +16,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
@@ -29,7 +30,22 @@ spec:
             - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-apache
+            - /nextcloud-aio-apache-tmpfs0
+            - /nextcloud-aio-apache-tmpfs1
+            - /nextcloud-aio-apache-tmpfs2
+            - /nextcloud-aio-apache-tmpfs3
+            - /nextcloud-aio-apache-tmpfs4
           volumeMounts:
+            - name: nextcloud-aio-apache-tmpfs4
+              mountPath: /nextcloud-aio-apache-tmpfs4
+            - name: nextcloud-aio-apache-tmpfs3
+              mountPath: /nextcloud-aio-apache-tmpfs3
+            - name: nextcloud-aio-apache-tmpfs2
+              mountPath: /nextcloud-aio-apache-tmpfs2
+            - name: nextcloud-aio-apache-tmpfs1
+              mountPath: /nextcloud-aio-apache-tmpfs1
+            - name: nextcloud-aio-apache-tmpfs0
+              mountPath: /nextcloud-aio-apache-tmpfs0
             - name: nextcloud-aio-apache
               mountPath: /nextcloud-aio-apache
             - name: nextcloud-aio-nextcloud
@@ -56,16 +72,33 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230626_101439-latest
+          image: nextcloud/aio-apache:20230720_134150-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
+              hostPort: {{ .Values.APACHE_PORT }}
+              protocol: TCP
+            - containerPort: {{ .Values.APACHE_PORT }}
+              hostPort: {{ .Values.APACHE_PORT }}
+              protocol: UDP
+          securityContext:
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
               readOnly: true
             - mountPath: /mnt/data
               name: nextcloud-aio-apache
+            - mountPath: /var/log/supervisord
+              name: nextcloud-aio-apache-tmpfs0
+            - mountPath: /var/run/supervisord
+              name: nextcloud-aio-apache-tmpfs1
+            - mountPath: /usr/local/apache2/logs
+              name: nextcloud-aio-apache-tmpfs2
+            - mountPath: /tmp
+              name: nextcloud-aio-apache-tmpfs3
+            - mountPath: /home/www-data
+              name: nextcloud-aio-apache-tmpfs4
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
@@ -73,3 +106,13 @@ spec:
         - name: nextcloud-aio-apache
           persistentVolumeClaim:
             claimName: nextcloud-aio-apache
+        - emptyDir: {}
+          name: nextcloud-aio-apache-tmpfs0
+        - emptyDir: {}
+          name: nextcloud-aio-apache-tmpfs1
+        - emptyDir: {}
+          name: nextcloud-aio-apache-tmpfs2
+        - emptyDir: {}
+          name: nextcloud-aio-apache-tmpfs3
+        - emptyDir: {}
+          name: nextcloud-aio-apache-tmpfs4
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index 35c851a6..9e1c054f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 62403fac..d2335482 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,16 +2,21 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
+  namespace: {{ values.NAMESPACE }}
 spec:
   type: LoadBalancer
   ports:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}
       targetPort: {{ .Values.APACHE_PORT }}
+    - name: {{ .Values.APACHE_PORT }}-udp
+      port: {{ .Values.APACHE_PORT }}
+      protocol: UDP
+      targetPort: {{ .Values.APACHE_PORT }}
   selector:
     io.kompose.service: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 7e70fbbb..1ce4053d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,8 +17,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
@@ -47,10 +48,14 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230626_101439-latest
+          image: nextcloud/aio-clamav:20230720_134150-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
+              hostPort: 3310
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/lib/clamav
               name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index 68709d1f..f0f624fb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 908a7bae..c7368821 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "3310"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 1c6fccbd..963a565d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,8 +17,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
@@ -36,8 +37,10 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230626_101439-latest
+          image: nextcloud/aio-collabora:20230720_134150-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
+              hostPort: 9980
+              protocol: TCP
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 3e953d72..ec0cce0a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "9980"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index eff50ee6..4725049e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,11 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -15,8 +16,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
@@ -30,7 +31,10 @@ spec:
             - /nextcloud-aio-database/data
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
+            - /nextcloud-aio-database-tmpfs0
           volumeMounts:
+            - name: nextcloud-aio-database-tmpfs0
+              mountPath: /nextcloud-aio-database-tmpfs0
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump
             - name: nextcloud-aio-database
@@ -43,7 +47,10 @@ spec:
             - "-R"
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
+            - /nextcloud-aio-database-tmpfs0
           volumeMounts:
+            - name: nextcloud-aio-database-tmpfs0
+              mountPath: /nextcloud-aio-database-tmpfs0
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump
             - name: nextcloud-aio-database
@@ -60,16 +67,22 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230626_101439-latest
+          image: nextcloud/aio-postgresql:20230720_134150-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
+              hostPort: 5432
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
               name: nextcloud-aio-database
             - mountPath: /mnt/data
               name: nextcloud-aio-database-dump
+            - mountPath: /var/run/postgresql
+              name: nextcloud-aio-database-tmpfs0
       terminationGracePeriodSeconds: 1800
       volumes:
         - name: nextcloud-aio-database
@@ -78,3 +91,5 @@ spec:
         - name: nextcloud-aio-database-dump
           persistentVolumeClaim:
             claimName: nextcloud-aio-database-dump
+        - emptyDir: {}
+          name: nextcloud-aio-database-tmpfs0
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index 78ff6742..2e37c19c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database-dump
   name: nextcloud-aio-database-dump
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
index a8522aae..6c55b56f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index f32b53c8..c3586446 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "5432"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index 8ec6bbb4..74ee81e9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-elasticsearch
   name: nextcloud-aio-elasticsearch
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 99ca8d78..2dbe316b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,8 +17,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
@@ -42,10 +43,12 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230626_101439-latest
+          image: nextcloud/aio-fulltextsearch:20230720_134150-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
+              hostPort: 9200
+              protocol: TCP
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
               name: nextcloud-aio-elasticsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 9f761861..f0a4a491 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "9200"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 661eab83..9d7960f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,22 +17,41 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-imaginary-tmpfs0
+          volumeMounts:
+            - name: nextcloud-aio-imaginary-tmpfs0
+              mountPath: /nextcloud-aio-imaginary-tmpfs0
       containers:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230626_101439-latest
+          image: nextcloud/aio-imaginary:20230720_134150-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
+              hostPort: 9000
+              protocol: TCP
           securityContext:
             capabilities:
               add:
                 - SYS_NICE
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - mountPath: /tmp
+              name: nextcloud-aio-imaginary-tmpfs0
+      volumes:
+        - emptyDir: {}
+          name: nextcloud-aio-imaginary-tmpfs0
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 824f7285..f670890e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "9000"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
new file mode 100755
index 00000000..092deeaf
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ values.NAMESPACE }}
+  namespace: {{ values.NAMESPACE }}
+spec: {}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
deleted file mode 100755
index 6f63b3c0..00000000
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: nextcloud-aio
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/nextcloud-aio: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index 50594a1f..08cccf5b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-data
   name: nextcloud-aio-nextcloud-data
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index a1352fab..effce881 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,11 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -15,8 +16,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
@@ -116,10 +117,12 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230626_101439-latest
+          image: nextcloud/aio-nextcloud:20230720_134150-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
+              hostPort: 9000
+              protocol: TCP
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index d07e3b61..5b118c81 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index a5de6eef..687444e8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "9000"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index 58384bde..16ea936b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
   name: nextcloud-aio-nextcloud-trusted-cacerts
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 67d50d18..d0ee6bc0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,11 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -15,8 +16,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-notify-push
@@ -49,10 +50,14 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230626_101439-latest
+          image: nextcloud/aio-notify-push:20230720_134150-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
+              hostPort: 7867
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 6a7d17dd..7f709528 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "7867"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 33536e82..5d6c562f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,8 +17,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
@@ -42,10 +43,12 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230626_101439-latest
+          image: nextcloud/aio-onlyoffice:20230720_134150-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
+              hostPort: 80
+              protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
               name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index 674ad7b6..4ed689e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index d324453e..391b723f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "80"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3661e408..0fd0e747 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,11 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -15,8 +16,8 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
@@ -37,10 +38,14 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230626_101439-latest
+          image: nextcloud/aio-redis:20230720_134150-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
+              hostPort: 6379
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index 10f3e7da..8e21d6d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -4,6 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
+  namespace: {{ values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 82147c73..9561d421 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "6379"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b2c47c6e..ead28271 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,12 +17,34 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-talk-tmpfs0
+            - /nextcloud-aio-talk-tmpfs1
+            - /nextcloud-aio-talk-tmpfs2
+            - /nextcloud-aio-talk-tmpfs3
+            - /nextcloud-aio-talk-tmpfs4
+          volumeMounts:
+            - name: nextcloud-aio-talk-tmpfs4
+              mountPath: /nextcloud-aio-talk-tmpfs4
+            - name: nextcloud-aio-talk-tmpfs3
+              mountPath: /nextcloud-aio-talk-tmpfs3
+            - name: nextcloud-aio-talk-tmpfs2
+              mountPath: /nextcloud-aio-talk-tmpfs2
+            - name: nextcloud-aio-talk-tmpfs1
+              mountPath: /nextcloud-aio-talk-tmpfs1
+            - name: nextcloud-aio-talk-tmpfs0
+              mountPath: /nextcloud-aio-talk-tmpfs0
       containers:
         - env:
             - name: INTERNAL_SECRET
@@ -36,11 +59,40 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230626_101439-latest
+          image: nextcloud/aio-talk:20230720_134150-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
+              hostPort: {{ .Values.TALK_PORT }}
+              protocol: TCP
             - containerPort: {{ .Values.TALK_PORT }}
+              hostPort: {{ .Values.TALK_PORT }}
               protocol: UDP
             - containerPort: 8081
+              hostPort: 8081
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - mountPath: /var/log/supervisord
+              name: nextcloud-aio-talk-tmpfs0
+            - mountPath: /var/run/supervisord
+              name: nextcloud-aio-talk-tmpfs1
+            - mountPath: /conf
+              name: nextcloud-aio-talk-tmpfs2
+            - mountPath: /var/lib/turn
+              name: nextcloud-aio-talk-tmpfs3
+            - mountPath: /tmp
+              name: nextcloud-aio-talk-tmpfs4
+      volumes:
+        - emptyDir: {}
+          name: nextcloud-aio-talk-tmpfs0
+        - emptyDir: {}
+          name: nextcloud-aio-talk-tmpfs1
+        - emptyDir: {}
+          name: nextcloud-aio-talk-tmpfs2
+        - emptyDir: {}
+          name: nextcloud-aio-talk-tmpfs3
+        - emptyDir: {}
+          name: nextcloud-aio-talk-tmpfs4
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 8b8a671f..1f15ec0f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,11 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
+  namespace: {{ values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,12 +17,25 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-talk-recording-tmpfs0
+            - /nextcloud-aio-talk-recording-tmpfs1
+          volumeMounts:
+            - name: nextcloud-aio-talk-recording-tmpfs1
+              mountPath: /nextcloud-aio-talk-recording-tmpfs1
+            - name: nextcloud-aio-talk-recording-tmpfs0
+              mountPath: /nextcloud-aio-talk-recording-tmpfs0
       containers:
         - env:
             - name: INTERNAL_SECRET
@@ -32,8 +46,22 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230626_101439-latest
+          image: nextcloud/aio-talk-recording:20230720_134150-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
+              hostPort: 1234
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - mountPath: /tmp
+              name: nextcloud-aio-talk-recording-tmpfs0
+            - mountPath: /conf
+              name: nextcloud-aio-talk-recording-tmpfs1
+      volumes:
+        - emptyDir: {}
+          name: nextcloud-aio-talk-recording-tmpfs0
+        - emptyDir: {}
+          name: nextcloud-aio-talk-recording-tmpfs1
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 6315bd83..0273319d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,11 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "1234"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 22598b4b..920fc8e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,11 +4,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
+  namespace: {{ values.NAMESPACE }}
 spec:
   type: LoadBalancer
   ports:
@@ -26,11 +27,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
+  namespace: {{ values.NAMESPACE }}
 spec:
   ports:
     - name: "8081"
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 06e59ff7..76c39fed 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -31,6 +31,7 @@ NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to auto
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value

From de14dd2052801a99c3497dc16632993fa5089c7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Jul 2023 14:05:21 +0000
Subject: [PATCH 1268/3949] Bump nats from 2.9.19-scratch to 2.9.20-scratch in
 /Containers/talk

Bumps nats from 2.9.19-scratch to 2.9.20-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 0ad085b2..65da74c7 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.19-scratch as nats
+FROM nats:2.9.20-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.2 as janus
 

From 86f606b407cca79ee9af755963c43e313a56afe3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Jul 2023 16:10:59 +0200
Subject: [PATCH 1269/3949] remove cr release notes again since they dont work
 correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 773ee85d..56a27337 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -46,4 +46,3 @@ jobs:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
           CR_SKIP_EXISTING: true
-          CR_GENERATE_RELEASE_NOTES: true

From 5b7c9a096fce0b28e374328ccc3d2f8d67307d36 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Jul 2023 16:44:24 +0200
Subject: [PATCH 1270/3949] fix bind propagation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9fdbf1c7..45727a37 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -483,7 +483,7 @@ class DockerActionManager
                 if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
                     continue;
                 }
-                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "Propagation" => "rshared"];
+                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             }
         }
 

From 2c26a1957c3dece0e4553e614349f61240872fbd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Jul 2023 17:52:30 +0200
Subject: [PATCH 1271/3949] fix compiling janus with datachannel support

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 65da74c7..ee7a477f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -21,11 +21,12 @@ RUN set -ex; \
         libnice-dev \
         libconfig-dev \
         libsrtp-dev \
+        libusrsctp-dev \
         gengetopt-dev \
         libwebsockets-dev; \
     git clone --recursive https://github.com/meetecho/janus-gateway --depth=1 --single-branch --branch "$JANUS_VERSION" /src; \
     /src/autogen.sh; \
-    /src/configure; \
+    /src/configure --disable-rabbitmq --disable-mqtt --disable-boringssl; \
     make; \
     make install; \
     make configs; \

From 2f842e7266eecbbfc8146c953b1500a5001a357c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Jul 2023 18:11:31 +0200
Subject: [PATCH 1272/3949] also add it to libusrtctp to normal container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ee7a477f..ad68e241 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -53,6 +53,7 @@ RUN set -ex; \
         libnice \
         libconfig \
         libsrtp \
+        libusrsctp \
         libwebsockets \
         \
         shadow; \

From f86032a7e4ccff2562da39da3ff892dfb1820c98 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 21 Jul 2023 00:45:43 +0200
Subject: [PATCH 1273/3949] increase to 6.4.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f5f12b3e..c5f170d7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.3.0</h1>
+        <h1>Nextcloud AIO v6.4.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From ff836c46891616b8a9d416064ae96bffde55bb88 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 21 Jul 2023 11:32:44 +0200
Subject: [PATCH 1274/3949] talk-recording - allow to set hpb_domain and
 nc_domain independently

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index dcdffcbf..70eebeb5 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -12,6 +12,10 @@ elif [ -z "$INTERNAL_SECRET" ]; then
     exit 1
 fi
 
+if [ -z "$HPB_DOMAIN" ]; then
+    export HPB_DOMAIN="$NC_DOMAIN"
+fi
+
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
@@ -40,7 +44,7 @@ skipverify = ${SKIP_VERIFY}
 signalings = signaling-1
 
 [signaling-1]
-url = ${HPB_PROTOCOL}://${NC_DOMAIN}${HPB_PATH}
+url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]

From 5c01be98522b7e7594c31136a903feb993c1eed7 Mon Sep 17 00:00:00 2001
From: Syed Mishar Newaz <misharex.sezan@gmail.com>
Date: Sun, 23 Jul 2023 19:23:57 +0600
Subject: [PATCH 1275/3949] Update manual-upgrade.md shebang

There was an exclamation (!) missing from shebang. As a result, execution of this script could result in unexpected behaviour

Signed-off-by: Syed Mishar Newaz <misharex.sezan@gmail.com>
---
 manual-upgrade.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-upgrade.md b/manual-upgrade.md
index 8a4975d8..65f67c98 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -12,7 +12,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 1. Run the following commands in order to reverse engineer the Nextcloud container:
     ```bash
         sudo docker pull assaflavie/runlike
-        echo '#/bin/bash' > /tmp/nextcloud-aio-nextcloud
+        echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
         sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
         sudo chown root:root /tmp/nextcloud-aio-nextcloud
     ```

From b076d5ea1a0f16e57164a5f3c45326ed180f3b91 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 23 Jul 2023 16:45:58 +0200
Subject: [PATCH 1276/3949] adjust commit message for dependency updates to php

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 5f063651..19a8c8ce 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -46,10 +46,10 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
       with:
-        commit-message: dependency updates
+        commit-message: php dependency updates
         signoff: true
-        title: Dependency updates
-        body: Automated dependency updates since dependabot does not support grouped updates
+        title: PHP dependency updates
+        body: Automated php dependency updates since dependabot does not support grouped updates
         labels: dependencies, 3. to review
         milestone: next
         branch: aio-dependency-update

From 12f55056eede8b436930fe4228db42894c35df68 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 23 Jul 2023 17:01:47 +0200
Subject: [PATCH 1277/3949] mastercontainer - run supervisord directly and not
 as cmd option

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 -
 Containers/mastercontainer/start.sh   | 9 +++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cfa76d88..9d1e6818 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -121,6 +121,5 @@ COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 USER root
 
 ENTRYPOINT ["/start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 9e01f256..e0f7cffa 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -26,6 +26,12 @@ if [ "$EUID" != "0" ]; then
     exit 1
 fi
 
+# Check that the CMD is not overwritten nor set
+if [ "$*" != "" ]; then
+    print_red "Docker run command for AIO is incorrect as a CMD option was given which is not expected."
+    exit 1
+fi
+
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
@@ -310,4 +316,7 @@ caddy fmt --overwrite /Caddyfile
 # Fix caddy log 
 chmod 777 /root
 
+# Start supervisord
+/usr/bin/supervisord -c /supervisord.conf
+
 exec "$@"

From dace781b4ee2d7a1f5df15c63d7934f1bd5b0fc6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Jul 2023 01:03:36 +0200
Subject: [PATCH 1278/3949] make database connections persistant

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgresql.php |  7 +++++++
 Containers/nextcloud/start.sh              | 12 +-----------
 Containers/postgresql/start.sh             |  7 -------
 3 files changed, 8 insertions(+), 18 deletions(-)
 create mode 100644 Containers/nextcloud/config/postgresql.php

diff --git a/Containers/nextcloud/config/postgresql.php b/Containers/nextcloud/config/postgresql.php
new file mode 100644
index 00000000..f086b297
--- /dev/null
+++ b/Containers/nextcloud/config/postgresql.php
@@ -0,0 +1,7 @@
+<?php
+$CONFIG = array (
+    'dbuser' => 'oc_' . getenv('POSTGRES_USER'),
+    'dbpassword' => getenv('POSTGRES_PASSWORD'),
+    'db_name' => getenv('POSTGRES_DB'),
+    'dbpersistent' => true,
+);
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index b990d6c5..95c0af90 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -6,23 +6,13 @@ while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
     sleep 5
 done
 
-# Use the correct Postgres username
-POSTGRES_USER="oc_$POSTGRES_USER"
-export POSTGRES_USER
-
-# Fix false database connection on old instances
+# Wait for database to actually start
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
     while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
-    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && [ "$POSTGRES_DB" = "nextcloud_database" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
-        # This was introduced with https://github.com/nextcloud/all-in-one/pull/218
-        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
-        sed -i "s|'db_name'.*=>.*$|'db_name' => '$POSTGRES_DB',|" /var/www/html/config/config.php
-    fi
 fi
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 75a86abd..642039d4 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -148,13 +148,6 @@ fi
 
 # Modify postgresql.conf
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
-    echo "Setting max connections..."
-    MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-    MAX_CONNECTIONS=$((MEMORY/50+3))
-    if [ -n "$MAX_CONNECTIONS" ]; then
-        sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
-    fi
-
     # Modify conf
     if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf

From 7de9aae2b8e7cfbdd8e5c192c155c9de8eafbec0 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 24 Jul 2023 12:03:37 +0000
Subject: [PATCH 1279/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 026ed073..0c5b7a19 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -118,6 +118,8 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    tmpfs:
+      - /tmp
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
@@ -278,9 +280,14 @@ services:
       - "9200"
     environment:
       - TZ=${TIMEZONE}
+      - ES_JAVA_OPTS=-Xms512M -Xmx512M
+      - bootstrap.memory_lock=true
+      - cluster.name=nextcloud-aio
       - discovery.type=single-node
-      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
-      - POSTGRES_HOST=nextcloud-aio-database
+      - logger.org.elasticsearch.discovery=WARN
+      - http.port=9200
+      - xpack.license.self_generated.type=basic
+      - xpack.security.enabled=false
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
     restart: unless-stopped

From 7125b541baba6a24e055d8007f95180aa99dfc07 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 26 Jul 2023 12:02:32 +0000
Subject: [PATCH 1280/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 54 +++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 428e13ff..f01134fc 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -461,16 +461,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.0",
+            "version": "v1.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "f23fe9d4e95255dacee1bf3525e0810d1a1b0f37"
+                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f23fe9d4e95255dacee1bf3525e0810d1a1b0f37",
-                "reference": "f23fe9d4e95255dacee1bf3525e0810d1a1b0f37",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/e5a3057a5591e1cfe8183034b0203921abe2c902",
+                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902",
                 "shasum": ""
             },
             "require": {
@@ -517,7 +517,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-01-30T18:31:20+00:00"
+            "time": "2023-07-14T13:56:28+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -1218,16 +1218,16 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.11.0",
+            "version": "4.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7"
+                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
-                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/e9e99c2b24398b967841c6c4c3048622cc7e2b18",
+                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18",
                 "shasum": ""
             },
             "require": {
@@ -1236,26 +1236,26 @@
                 "php": "^7.4 || ^8.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.0",
+                "psr/http-message": "^1.1",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "require-dev": {
-                "adriansuter/php-autoload-override": "^1.3",
+                "adriansuter/php-autoload-override": "^1.4",
                 "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.4",
-                "httpsoft/http-message": "^1.0",
-                "httpsoft/http-server-request": "^1.0",
+                "guzzlehttp/psr7": "^2.5",
+                "httpsoft/http-message": "^1.1",
+                "httpsoft/http-server-request": "^1.1",
                 "laminas/laminas-diactoros": "^2.17",
-                "nyholm/psr7": "^1.5",
+                "nyholm/psr7": "^1.8",
                 "nyholm/psr7-server": "^1.0",
-                "phpspec/prophecy": "^1.15",
+                "phpspec/prophecy": "^1.17",
                 "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^1.8",
-                "phpunit/phpunit": "^9.5",
-                "slim/http": "^1.2",
-                "slim/psr7": "^1.5",
+                "phpstan/phpstan": "^1.10",
+                "phpunit/phpunit": "^9.6",
+                "slim/http": "^1.3",
+                "slim/psr7": "^1.6",
                 "squizlabs/php_codesniffer": "^3.7"
             },
             "suggest": {
@@ -1329,7 +1329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-06T16:33:39+00:00"
+            "time": "2023-07-23T04:54:29+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -1709,16 +1709,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.6.1",
+            "version": "v3.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd"
+                "reference": "5cf942bbab3df42afa918caeba947f1b690af64b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
-                "reference": "7e7d5839d4bec168dfeef0ac66d5c5a2edbabffd",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/5cf942bbab3df42afa918caeba947f1b690af64b",
+                "reference": "5cf942bbab3df42afa918caeba947f1b690af64b",
                 "shasum": ""
             },
             "require": {
@@ -1764,7 +1764,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.6.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.7.0"
             },
             "funding": [
                 {
@@ -1776,7 +1776,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-06-08T12:52:13+00:00"
+            "time": "2023-07-26T07:16:09+00:00"
         }
     ],
     "packages-dev": [],

From 3a6cf31c4d92b98339bf32dc60388b0685b13f1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Jul 2023 13:00:48 +0000
Subject: [PATCH 1281/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.1.3.1 to 23.05.2.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index a11c5b97..37a7e5f4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.1.3.1
+FROM collabora/code:23.05.2.2.1
 
 USER root
 

From 42b065b0c1d34707b2d1c4bda33033c0aadd7e51 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Jul 2023 16:29:50 +0200
Subject: [PATCH 1282/3949] Revert "make database connections persistant"

This reverts commit dace781b4ee2d7a1f5df15c63d7934f1bd5b0fc6.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 642039d4..75a86abd 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -148,6 +148,13 @@ fi
 
 # Modify postgresql.conf
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
+    echo "Setting max connections..."
+    MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+    MAX_CONNECTIONS=$((MEMORY/50+3))
+    if [ -n "$MAX_CONNECTIONS" ]; then
+        sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
+    fi
+
     # Modify conf
     if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf

From 4bb57f805537361b1f5c5f252a8edb89e03b742c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Jul 2023 09:03:06 +0000
Subject: [PATCH 1283/3949] Bump elasticsearch from 8.8.0 to 8.8.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.8.0 to 8.8.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8e214bc4..d59127b2 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.8.0
+FROM elasticsearch:8.8.1
 
 USER root
 

From c2505e897620f50a9c6c682c5284d49e2c764ed4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 28 Jul 2023 09:08:22 +0000
Subject: [PATCH 1284/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml            |  2 +-
 .../nextcloud-aio-apache-deployment.yaml       |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml       |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml    |  2 +-
 .../nextcloud-aio-database-deployment.yaml     |  2 +-
 ...extcloud-aio-fulltextsearch-deployment.yaml | 18 ++++++++++++++----
 .../nextcloud-aio-imaginary-deployment.yaml    |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml    |  9 ++++++++-
 .../nextcloud-aio-notify-push-deployment.yaml  |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml   |  2 +-
 .../nextcloud-aio-redis-deployment.yaml        |  2 +-
 .../nextcloud-aio-talk-deployment.yaml         |  2 +-
 ...extcloud-aio-talk-recording-deployment.yaml |  2 +-
 13 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 73791c8b..bbbd72c8 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.3.0
+version: 6.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 50e8d2a0..1120136a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -72,7 +72,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230720_134150-latest
+          image: nextcloud/aio-apache:20230728_085937-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 1ce4053d..c06fa327 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230720_134150-latest
+          image: nextcloud/aio-clamav:20230728_085937-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 963a565d..fed4cd4a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230720_134150-latest
+          image: nextcloud/aio-collabora:20230728_085937-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 4725049e..e1c31523 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -67,7 +67,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230720_134150-latest
+          image: nextcloud/aio-postgresql:20230728_085937-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 2dbe316b..dbcadd02 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -36,14 +36,24 @@ spec:
       containers:
         - env:
             - name: ES_JAVA_OPTS
-              value: -Xms1024M -Xmx1024M
-            - name: POSTGRES_HOST
-              value: nextcloud-aio-database
+              value: -Xms512M -Xmx512M
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
+            - name: bootstrap.memory_lock
+              value: "true"
+            - name: cluster.name
+              value: nextcloud-aio
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230720_134150-latest
+            - name: http.port
+              value: "9200"
+            - name: logger.org.elasticsearch.discovery
+              value: WARN
+            - name: xpack.license.self_generated.type
+              value: basic
+            - name: xpack.security.enabled
+              value: "false"
+          image: nextcloud/aio-fulltextsearch:20230728_085937-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9d7960f7..be1eb6f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -37,7 +37,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230720_134150-latest
+          image: nextcloud/aio-imaginary:20230728_085937-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index effce881..78348e64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -30,7 +30,10 @@ spec:
             - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-nextcloud-trusted-cacerts
+            - /nextcloud-aio-nextcloud-tmpfs0
           volumeMounts:
+            - name: nextcloud-aio-nextcloud-tmpfs0
+              mountPath: /nextcloud-aio-nextcloud-tmpfs0
             - name: nextcloud-aio-nextcloud-trusted-cacerts
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
             - name: nextcloud-aio-nextcloud
@@ -117,7 +120,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230720_134150-latest
+          image: nextcloud/aio-nextcloud:20230728_085937-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
@@ -131,6 +134,8 @@ spec:
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
               readOnly: true
+            - mountPath: /tmp
+              name: nextcloud-aio-nextcloud-tmpfs0
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
@@ -141,3 +146,5 @@ spec:
         - name: nextcloud-aio-nextcloud-trusted-cacerts
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud-trusted-cacerts
+        - emptyDir: {}
+          name: nextcloud-aio-nextcloud-tmpfs0
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index d0ee6bc0..bcf78642 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230720_134150-latest
+          image: nextcloud/aio-notify-push:20230728_085937-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 5d6c562f..91753a9a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230720_134150-latest
+          image: nextcloud/aio-onlyoffice:20230728_085937-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0fd0e747..43c727e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230720_134150-latest
+          image: nextcloud/aio-redis:20230728_085937-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index ead28271..66224ab7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230720_134150-latest
+          image: nextcloud/aio-talk:20230728_085937-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 1f15ec0f..b79b1ce1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230720_134150-latest
+          image: nextcloud/aio-talk-recording:20230728_085937-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 23e0a402d03052a38c7322aa3df40a2e010dd80b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Jul 2023 09:29:19 +0000
Subject: [PATCH 1285/3949] Bump docker from 24.0.4-cli to 24.0.5-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.4-cli to 24.0.5-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cfa76d88..d7fbaf0d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.4-cli as docker
+FROM docker:24.0.5-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

From 4b87a5d38c7f977d115da8658220c6a25ef16997 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 28 Jul 2023 11:32:26 +0200
Subject: [PATCH 1286/3949] remove exec

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index e0f7cffa..c0c37af2 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -318,5 +318,3 @@ chmod 777 /root
 
 # Start supervisord
 /usr/bin/supervisord -c /supervisord.conf
-
-exec "$@"

From b65ec5bb69e6dc786cde0365a2e45525a4e5ff62 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 28 Jul 2023 12:05:10 +0000
Subject: [PATCH 1287/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 65d32a16..b58c041b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.4-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.0.2
+ENV RECORDING_VERSION v17.0.3
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false

From 7af85a6982bc6f5ac9568a3416844685df3ba8c1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 28 Jul 2023 17:14:49 +0200
Subject: [PATCH 1288/3949] make FTS read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 34a7b0d2..befcc581 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -613,7 +613,8 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ]
+      ],
+      "read_only": true
     }
   ]
 }

From 3d868d4457a3223f297fe769f8eb186875ccbe14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 28 Jul 2023 17:08:44 +0200
Subject: [PATCH 1289/3949] add executable bit on tmpfs for nextcloud container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             | 2 +-
 php/containers.json                    | 2 +-
 php/src/Docker/DockerActionManager.php | 6 +++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index a5869ec9..91d32dc4 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/_0-9-]+$"
+							"pattern": "^/[a-z/_0-9-:]+$"
 						}
 					},
 					"volumes": {
diff --git a/php/containers.json b/php/containers.json
index 34a7b0d2..1ca7fa86 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -211,7 +211,7 @@
         "nextcloud-aio"
       ],
       "tmpfs": [
-        "/tmp"
+        "/tmp:exec"
       ]
     },
     {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 45727a37..133b14c2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -439,7 +439,11 @@ class DockerActionManager
 
         $tmpfs = [];
         foreach($container->GetTmpfs() as $tmp) {
-            $tmpfs[$tmp] = "";
+            $mode = "";
+            if (str_contains($tmp, ':')) {
+                $mode = explode(':', $tmp)[1];
+            }
+            $tmpfs[$tmp] = $mode;
         }
         if (count($tmpfs) > 0) {
             $requestBody['HostConfig']['Tmpfs'] =  $tmpfs;

From a40ffd760f55967a03b3caba229b9c5c2388b40f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 12:15:18 +0000
Subject: [PATCH 1290/3949] Bump azure/setup-helm from 3.1 to 3.5

Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.1 to 3.5.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Commits](https://github.com/azure/setup-helm/compare/v3.1...v3.5)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 56a27337..6808f546 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -32,7 +32,7 @@ jobs:
 
       # See https://github.com/helm/chart-releaser-action/issues/6
       - name: Set up Helm
-        uses: azure/setup-helm@v3.1
+        uses: azure/setup-helm@v3.5
         with:
           version: v3.6.3
 

From 592670d44810b845538e2d5e91fc737a8fea7a88 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 12:33:07 +0000
Subject: [PATCH 1291/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.20.6-alpine3.18 to 1.20.7-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b9e3e30e..9e2d1f35 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.6-alpine3.18 as go
+FROM golang:1.20.7-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From d12a3984ab895d90b65e32093168f4b4742676bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Aug 2023 12:36:25 +0000
Subject: [PATCH 1292/3949] Bump caddy from 2.6.4-alpine to 2.7.2-alpine in
 /Containers/apache

Bumps caddy from 2.6.4-alpine to 2.7.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index a50014e7..daebe372 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,4 @@
-FROM caddy:2.6.4-alpine as caddy
+FROM caddy:2.7.2-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.18
 

From 2ce9d26cf92f6e7e61fd47fd21413cf6b4f28c3d Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 6 Aug 2023 13:09:05 +0200
Subject: [PATCH 1293/3949] Update update-yaml.sh

Signed-off-by: Zoey <zoey@z0ey.de>
---
 manual-install/update-yaml.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 70e1b8a5..40316589 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,6 +20,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= map({ (.): { "condition": "service_started", "required": false } })')"
 
 snap install yq
 mkdir -p ./manual-install

From f4667a2dec26505dc249638c2e10783a7a4aca9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Aug 2023 12:28:55 +0000
Subject: [PATCH 1294/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.21-fpm-alpine3.18 to 8.1.22-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b53edd37..e4a2298d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.21-fpm-alpine3.18
+FROM php:8.1.22-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 7bb10d32c75b4eeb6e788184400ef85e6016ea4b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 12:12:37 +0000
Subject: [PATCH 1295/3949] Bump nats from 2.9.20-scratch to 2.9.21-scratch in
 /Containers/talk

Bumps nats from 2.9.20-scratch to 2.9.21-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ad68e241..749a20ec 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.20-scratch as nats
+FROM nats:2.9.21-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.2 as janus
 

From eed6b44cd8c0dfcd89a895a74324af6ec2c15c5b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 12:14:59 +0000
Subject: [PATCH 1296/3949] Bump alpine from 3.18.2 to 3.18.3 in
 /Containers/watchtower

Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index bb9e8bb4..3c5889f7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.18.2
+FROM alpine:3.18.3
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

From 0b4a42679d8f6d86ee61d8893ac70f77c2d7195e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 12:36:21 +0000
Subject: [PATCH 1297/3949] Bump alpine from 3.18.2 to 3.18.3 in
 /Containers/borgbackup

Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 60621079..cac1f947 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.2
+FROM alpine:3.18.3
 
 RUN set -ex; \
     \

From be973ed1baae8f195f527d7bde8f4af56257a282 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 12:47:42 +0000
Subject: [PATCH 1298/3949] Bump alpine from 3.18.2 to 3.18.3 in
 /Containers/domaincheck

Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 360cc3d7..08e7dbe0 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.2
+FROM alpine:3.18.3
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \

From c1fed20f315a2c9686ac56c12952c745e1b132ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 13:05:24 +0000
Subject: [PATCH 1299/3949] Bump alpine from 3.18.2 to 3.18.3 in
 /Containers/imaginary

Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b9e3e30e..33410e96 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.2
+FROM alpine:3.18.3
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

From 791c381706b030fdaec988c99a522e661e2b5a45 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 8 Aug 2023 20:38:24 +0200
Subject: [PATCH 1300/3949] fix jq command

Signed-off-by: Zoey <zoey@z0ey.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 40316589..cde58ed9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,7 +20,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= map({ (.): { "condition": "service_started", "required": false } })')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end')"
 
 snap install yq
 mkdir -p ./manual-install

From 76a40d97bc41a578458f0cf932970cc8ba69b461 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 8 Aug 2023 18:41:49 +0000
Subject: [PATCH 1301/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 44 +++++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 0c5b7a19..382207ce 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -1,11 +1,21 @@
 services:
   nextcloud-aio-apache:
     depends_on:
-      - nextcloud-aio-onlyoffice
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-      - nextcloud-aio-notify-push
+      - nextcloud-aio-onlyoffice:
+          condition: service_started
+          required: false
+      - nextcloud-aio-collabora:
+          condition: service_started
+          required: false
+      - nextcloud-aio-talk:
+          condition: service_started
+          required: false
+      - nextcloud-aio-nextcloud:
+          condition: service_started
+          required: false
+      - nextcloud-aio-notify-push:
+          condition: service_started
+          required: false
     image: nextcloud/aio-apache:latest
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
@@ -59,12 +69,24 @@ services:
 
   nextcloud-aio-nextcloud:
     depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-      - nextcloud-aio-clamav
-      - nextcloud-aio-fulltextsearch
-      - nextcloud-aio-talk-recording
-      - nextcloud-aio-imaginary
+      - nextcloud-aio-database:
+          condition: service_started
+          required: false
+      - nextcloud-aio-redis:
+          condition: service_started
+          required: false
+      - nextcloud-aio-clamav:
+          condition: service_started
+          required: false
+      - nextcloud-aio-fulltextsearch:
+          condition: service_started
+          required: false
+      - nextcloud-aio-talk-recording:
+          condition: service_started
+          required: false
+      - nextcloud-aio-imaginary:
+          condition: service_started
+          required: false
     image: nextcloud/aio-nextcloud:latest
     expose:
       - "9000"

From 6341ccdf549702249d972230527dabb01cf71427 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 08:35:42 +0200
Subject: [PATCH 1302/3949] do not open multiple update-baseline prs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/psalm-update-baseline.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 9413b19e..b1f4c894 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -39,8 +39,6 @@ jobs:
           author: nextcloud-command <nextcloud-command@users.noreply.github.com>
           signoff: true
           branch: automated/noid/psalm-baseline-update
-          # Make sure we can open multiple PRs
-          branch-suffix: timestamp
           title: '[Automated] Update psalm-baseline.xml'
           milestone: next
           body: |

From 25619174d6914f41b425792a2f4a1a5c03336bf0 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 9 Aug 2023 06:36:54 +0000
Subject: [PATCH 1303/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 51b41ef5..e468cf06 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.13.1@086b94371304750d1c673315321a55d15fc59015"/>
+<files psalm-version="5.14.1@b9d355e0829c397b9b3b47d0c0ed042a8a70284d"/>

From 8526af575444a832099677f09b3c41c3bf712049 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 08:54:11 +0200
Subject: [PATCH 1304/3949] try to fix psalm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 45727a37..eb437e52 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -896,7 +896,7 @@ class DockerActionManager
                 return null;
             }
 
-            return str_replace('T', ' ', $imageOutput['Created']);
+            return str_replace('T', ' ', (string)$imageOutput['Created']);
         } catch (\Exception $e) {
             return null;
         }

From 78066a8a3b030744bde65b9bb250badd247a7aac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 07:51:43 +0000
Subject: [PATCH 1305/3949] Bump alpine from 3.18.2 to 3.18.3 in
 /Containers/talk

Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ad68e241..ba35d3eb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.9.20-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
-FROM alpine:3.18.2 as janus
+FROM alpine:3.18.3 as janus
 
 ARG JANUS_VERSION=v0.13.4
 WORKDIR /src

From dfe5109f421a6fe54da71b7d8351f05db66501dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 07:55:16 +0000
Subject: [PATCH 1306/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.6.4-alpine to 2.7.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d7fbaf0d..ec4ec72e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:24.0.5-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.6.4-alpine as caddy
+FROM caddy:2.7.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.8-fpm-alpine3.18

From 2a8dc502324ba391170beece30cbe0d40c05a6bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Aug 2023 12:13:46 +0000
Subject: [PATCH 1307/3949] Bump guzzlehttp/psr7 from 2.5.0 to 2.6.0 in /php

Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index f01134fc..07803d7c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -217,16 +217,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.5.0",
+            "version": "2.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "b635f279edd83fc275f822a1188157ffea568ff6"
+                "reference": "8bd7c33a0734ae1c5d074360512beb716bef3f77"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/b635f279edd83fc275f822a1188157ffea568ff6",
-                "reference": "b635f279edd83fc275f822a1188157ffea568ff6",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/8bd7c33a0734ae1c5d074360512beb716bef3f77",
+                "reference": "8bd7c33a0734ae1c5d074360512beb716bef3f77",
                 "shasum": ""
             },
             "require": {
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.5.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.6.0"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-04-17T16:11:26+00:00"
+            "time": "2023-08-03T15:06:02+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From f93085f1611bb3c35535db2a8a53a98cbe05c9ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 09:58:42 +0200
Subject: [PATCH 1308/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 2c624541..ade82e59 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.4.0.1
+FROM onlyoffice/documentserver:7.4.1.1
 
 # USER root is probably used
 

From 3064bd56abf7182f986e6729d77a70e06779ea44 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 24 Jul 2023 16:33:13 +0200
Subject: [PATCH 1309/3949] reload also in case of server error

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/forms.js  | 7 +++++--
 php/public/style.css | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/php/public/forms.js b/php/public/forms.js
index faa64fa9..3adc3997 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -33,8 +33,11 @@ function showPassword(id) {
       disableSpinner()
       showError(xhr.response);
     } else if (xhr.status === 500) {
-      disableSpinner()
-      showError("Server error. Please check the mastercontainer logs for details.");
+      showError("Server error. Please check the mastercontainer logs for details. This page will reload after 10s automatically. Then you can check the mastercontainer logs.");
+      // Reload after 10s since it is expected that the updated view is shown (e.g. after starting containers)
+      setTimeout(function(){
+        window.location.reload(1);
+      }, 10000);
     } else {
       // If the responose is not one of the above, we should reload to show the latest content
       window.location.reload(1);
diff --git a/php/public/style.css b/php/public/style.css
index 8f58440e..f34b20bf 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -85,7 +85,7 @@ div.toast {
     padding: 12px;
     margin-top: 45px;
     position: fixed;
-    z-index: 1;
+    z-index: 1000;
     border-radius: 3px;
     background: none;
     background-color: white;

From e6b9f23e70ef8b8891a98b20da1c1c9aa5b0be4c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 10:54:50 +0200
Subject: [PATCH 1310/3949] Revert "make FTS read-only"

---
 php/containers.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index d9cb2fe9..1ca7fa86 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -613,8 +613,7 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ],
-      "read_only": true
+      ]
     }
   ]
 }

From e5e41ef6ed602322047a7cdac054ce2431aa8266 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 2 Aug 2023 14:39:13 +0200
Subject: [PATCH 1311/3949] include mozilla tls confs in reverse proxy guide

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0a025f95..0ce3f263 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -63,9 +63,12 @@ Add this as a new Apache site config:
     # Solves slow upload speeds caused by http2
     H2WindowSize 5242880
 
-    # SSL
-    SSLEngine on
-    Include /etc/letsencrypt/options-ssl-apache.conf
+    # TLS
+    SSLEngine               on
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
     SSLCertificateFile /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/<your-nc-domain>/privkey.pem
 
@@ -173,6 +176,13 @@ global
     chroot                      /var/haproxy
     log                         /var/run/log audit debug
     lua-prepend-path            /tmp/haproxy/lua/?.lua
+    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+    ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
 
 defaults
     log     global
@@ -182,7 +192,7 @@ defaults
 
 # Frontend: LetsEncrypt_443 ()
 frontend LetsEncrypt_443
-    bind 0.0.0.0:443 name 0.0.0.0:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/605f6609f106d1.17683543.certlist 
+    bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /tmp/haproxy/ssl/605f6609f106d1.17683543.certlist 
     mode http
     option http-keep-alive
     default_backend acme_challenge_backend

From de7d50fc033d5329d3d8e6d7804578a61af44d42 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 11:15:14 +0200
Subject: [PATCH 1312/3949] fix detail with tmpfs mode

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b25880a9..91359846 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -442,6 +442,7 @@ class DockerActionManager
             $mode = "";
             if (str_contains($tmp, ':')) {
                 $mode = explode(':', $tmp)[1];
+                $tmp = explode(':', $tmp)[0];
             }
             $tmpfs[$tmp] = $mode;
         }

From da4ced725f53e53e3c65622df7f979fe5b475ba2 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 9 Aug 2023 11:34:37 +0200
Subject: [PATCH 1313/3949] fix
 https://github.com/nextcloud/all-in-one/pull/3096#issuecomment-1670940790

Signed-off-by: Zoey <zoey@z0ey.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index cde58ed9..4e642759 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,7 +20,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end'"
 
 snap install yq
 mkdir -p ./manual-install

From f1e9e9bf30fd8032082476c3a65021db481d6cf4 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 9 Aug 2023 11:36:56 +0200
Subject: [PATCH 1314/3949] readd

Signed-off-by: Zoey <zoey@z0ey.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 4e642759..548df2f9 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,7 +20,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end'"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq
 mkdir -p ./manual-install

From 872ee180c73b222293a4e16887171af5c0c5ba20 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 12:13:15 +0200
Subject: [PATCH 1315/3949] UTC was moved to Etc/UTC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh    | 4 ++--
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c0c37af2..e48a24ca 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -304,8 +304,8 @@ E.g. https://internal.ip.of.this.server:8080
 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"
 
-# Set the timezone to UTC
-export TZ=UTC
+# Set the timezone to Etc/UTC
+export TZ=Etc/UTC
 
 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 91359846..ef2a972b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -317,7 +317,7 @@ class DockerActionManager
                     }
                 } elseif ($out[1] === 'TIMEZONE') {
                     if ($this->configurationManager->GetTimezone() === '') {
-                        $replacements[1] = 'UTC';
+                        $replacements[1] = 'Etc/UTC';
                     } else {
                         $replacements[1] = $this->configurationManager->GetTimezone();
                     }

From 04910a5b3bae5ec90a74bd7e71d2f76b1cfdab37 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 9 Aug 2023 12:02:26 +0000
Subject: [PATCH 1316/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 382207ce..8a027aa1 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -141,7 +141,7 @@ services:
     networks:
       - nextcloud-aio
     tmpfs:
-      - /tmp
+      - /tmp:exec
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest

From d35aa3df23b9dc200ba5c7181721a40aa6de1203 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 9 Aug 2023 12:02:31 +0000
Subject: [PATCH 1317/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 07803d7c..ced48696 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -134,16 +134,16 @@
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.0",
+            "version": "2.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6"
+                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
-                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/111166291a0f8130081195ac4556a5587d7f1b5d",
+                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d",
                 "shasum": ""
             },
             "require": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.0"
+                "source": "https://github.com/guzzle/promises/tree/2.0.1"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-21T13:50:22+00:00"
+            "time": "2023-08-03T15:11:55+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
@@ -626,16 +626,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.3",
+            "version": "7.0.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "d5dad2500f409d8b78371823c8b382fe9b5d0917"
+                "reference": "8ed79468dfb163824bbf48de5e35d1729f9313b6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d5dad2500f409d8b78371823c8b382fe9b5d0917",
-                "reference": "d5dad2500f409d8b78371823c8b382fe9b5d0917",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8ed79468dfb163824bbf48de5e35d1729f9313b6",
+                "reference": "8ed79468dfb163824bbf48de5e35d1729f9313b6",
                 "shasum": ""
             },
             "require": {
@@ -683,7 +683,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.3"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.4"
             },
             "funding": [
                 {
@@ -695,7 +695,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-06-17T10:21:14+00:00"
+            "time": "2023-08-08T15:59:16+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 7f1b262545d800711f770667495e6e047ce5e888 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 9 Aug 2023 12:03:18 +0000
Subject: [PATCH 1318/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index cfd6b5bd..e2f2e7a2 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@ FROM nats:2.9.21-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus
 
-ARG JANUS_VERSION=v0.13.4
+ARG JANUS_VERSION=v0.14.0
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From e79f0678b5d11326516ace13a6250b7198b068ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 12:14:19 +0000
Subject: [PATCH 1319/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.20.7-alpine3.18 to 1.21.0-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index a5b63408..3faa0076 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.7-alpine3.18 as go
+FROM golang:1.21.0-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From f280f09b6c2facdad25b9def28ac9528611d877b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 14:45:38 +0200
Subject: [PATCH 1320/3949] try to fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 548df2f9..39ac7c37 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -112,7 +112,7 @@ for name in "${NAMES[@]}"
 do
     OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name$/i\ \ $name:")"
     if [ "$name" != "nextcloud-aio-apache" ]; then
-        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
+        OUTPUT="$(echo "$OUTPUT" | sed "/^  $name:/i\ ")"
     fi
 done
 

From db860d24af0230ac78f52824ee189bb76f10ee40 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 9 Aug 2023 12:46:21 +0000
Subject: [PATCH 1321/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 68 +++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 382207ce..e13cad80 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -1,21 +1,21 @@
 services:
   nextcloud-aio-apache:
     depends_on:
-      - nextcloud-aio-onlyoffice:
-          condition: service_started
-          required: false
-      - nextcloud-aio-collabora:
-          condition: service_started
-          required: false
-      - nextcloud-aio-talk:
-          condition: service_started
-          required: false
-      - nextcloud-aio-nextcloud:
-          condition: service_started
-          required: false
-      - nextcloud-aio-notify-push:
-          condition: service_started
-          required: false
+      nextcloud-aio-onlyoffice:
+        condition: service_started
+        required: false
+      nextcloud-aio-collabora:
+        condition: service_started
+        required: false
+      nextcloud-aio-talk:
+        condition: service_started
+        required: false
+      nextcloud-aio-nextcloud:
+        condition: service_started
+        required: false
+      nextcloud-aio-notify-push:
+        condition: service_started
+        required: false
     image: nextcloud/aio-apache:latest
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
@@ -69,24 +69,24 @@ services:
 
   nextcloud-aio-nextcloud:
     depends_on:
-      - nextcloud-aio-database:
-          condition: service_started
-          required: false
-      - nextcloud-aio-redis:
-          condition: service_started
-          required: false
-      - nextcloud-aio-clamav:
-          condition: service_started
-          required: false
-      - nextcloud-aio-fulltextsearch:
-          condition: service_started
-          required: false
-      - nextcloud-aio-talk-recording:
-          condition: service_started
-          required: false
-      - nextcloud-aio-imaginary:
-          condition: service_started
-          required: false
+      nextcloud-aio-database:
+        condition: service_started
+        required: false
+      nextcloud-aio-redis:
+        condition: service_started
+        required: false
+      nextcloud-aio-clamav:
+        condition: service_started
+        required: false
+      nextcloud-aio-fulltextsearch:
+        condition: service_started
+        required: false
+      nextcloud-aio-talk-recording:
+        condition: service_started
+        required: false
+      nextcloud-aio-imaginary:
+        condition: service_started
+        required: false
     image: nextcloud/aio-nextcloud:latest
     expose:
       - "9000"
@@ -141,7 +141,7 @@ services:
     networks:
       - nextcloud-aio
     tmpfs:
-      - /tmp
+      - /tmp:exec
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest

From 03e6f11a2644c62a1d513271f089f2493deaa105 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 9 Aug 2023 14:51:46 +0200
Subject: [PATCH 1322/3949] add hint what the default is

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c5f170d7..16307c72 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -629,7 +629,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC<b> if nothing is entered.<br><br>
                         {% else %}
                             The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">

From aeae72f5ba24d186d0e9b83ecc1e3e4387163949 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 24 Jun 2023 17:54:12 +0200
Subject: [PATCH 1323/3949] move to eturnal

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile       | 34 ++++++++--------
 Containers/talk/start.sh         | 67 +++++++++++++++++---------------
 Containers/talk/supervisord.conf |  4 +-
 3 files changed, 53 insertions(+), 52 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index e2f2e7a2..9581d2da 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,5 @@
 FROM nats:2.9.21-scratch as nats
+FROM eturnal/eturnal:1.11.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus
 
@@ -32,8 +33,15 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM coturn/coturn:4.6.2-alpine3.18
-USER root
+FROM alpine:3.18.2
+
+COPY --from=janus     /usr/local                          /usr/local
+COPY --from=eturnal   /opt/eturnal                        /opt/eturnal
+COPY --from=nats      /nats-server                        /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
+
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
     apk add --no-cache \
@@ -57,7 +65,7 @@ RUN set -ex; \
         libwebsockets \
         \
         shadow; \
-    useradd --system talk; \
+    useradd --system eturnal; \
     apk del --no-cache \
         shadow; \
     \
@@ -74,32 +82,22 @@ RUN set -ex; \
         /var/log/supervisord \
         /var/run/supervisord \
         /usr/local/lib/janus/loggers; \
-    chown talk:talk -R \
+    chown eturnal:eturnal -R \
         /usr \
+        /opt/eturnal \
         /etc/nats.conf \
-        /var/lib/turn \
         /var/log/supervisord \
         /var/run/supervisord; \
     chmod 777 -R \
         /tmp \
         /conf \
+        /opt/eturnal \
         /var/run/supervisord \
-        /var/lib/turn \
         /var/log/supervisord;
 
-COPY --from=janus /usr/local /usr/local
-COPY --from=nats /nats-server /usr/local/bin/nats-server
-COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 supervisord.conf /supervisord.conf
-
-# Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
-ENV TALK_PORT=3478
-
-USER talk
+USER eturnal
 ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT" && eturnalctl status) || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index f06d7c3a..920e63dc 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -4,6 +4,9 @@
 if [ -z "$NC_DOMAIN" ]; then
     echo "You need to provide the NC_DOMAIN."
     exit 1
+elif [ -z "$TALK_PORT" ]; then
+    echo "You need to provide the TALK_PORT."
+    exit 1
 elif [ -z "$TURN_SECRET" ]; then
     echo "You need to provide the TURN_SECRET."
     exit 1
@@ -16,43 +19,43 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short | grep -E "^[0-9.]+$" | sort | head -n1)"
+IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep -E "^[0-9a-f:]+$" | sort | head -n1)"
+
+IPv4_ADDRESS_NC="$(dig "$NC_DOMAIN" A +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep "^[0-9.]\+$" | sort | head -n1)"
+IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" AAAA +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep "^[0-9a-f:]\+$" | sort | head -n1)"
+#if [ -z "$IPv4_ADDRESS_NC" ] && [ -z "$IPv6_ADDRESS_NC" ]; then
+#    export STUN_SERVICE="stun.nextcloud.com 443"
+#fi
 set +x
 
 # Turn
-cat << TURN_CONF > "/conf/turnserver.conf"
-listening-port=$TALK_PORT
-fingerprint
-use-auth-secret
-static-auth-secret=$TURN_SECRET
-realm=$NC_DOMAIN
-total-quota=0
-bps-capacity=0
-stale-nonce
-no-multicast-peers
-simple-log
-pidfile=/var/tmp/turnserver.pid
-no-tls
-no-dtls
-userdb=/var/lib/turn/turndb
-# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
-allowed-peer-ip=$IPv4_ADDRESS_TALK
-denied-peer-ip=0.0.0.0-0.255.255.255
-denied-peer-ip=10.0.0.0-10.255.255.255
-denied-peer-ip=100.64.0.0-100.127.255.255
-denied-peer-ip=127.0.0.0-127.255.255.255
-denied-peer-ip=169.254.0.0-169.254.255.255
-denied-peer-ip=172.16.0.0-172.31.255.255
-denied-peer-ip=192.0.0.0-192.0.0.255
-denied-peer-ip=192.0.2.0-192.0.2.255
-denied-peer-ip=192.88.99.0-192.88.99.255
-denied-peer-ip=192.168.0.0-192.168.255.255
-denied-peer-ip=198.18.0.0-198.19.255.255
-denied-peer-ip=198.51.100.0-198.51.100.255
-denied-peer-ip=203.0.113.0-203.0.113.255
-denied-peer-ip=240.0.0.0-255.255.255.255
+cat << TURN_CONF > "/opt/eturnal/etc/eturnal.yml"
+eturnal:
+  listen:
+    - ip: "::"
+      port: $TALK_PORT
+      transport: udp
+    - ip: "::"
+      port: $TALK_PORT
+      transport: tcp
+  log_dir: stdout
+  log_level: warning
+  secret: "$TURN_SECRET"
+  relay_ipv4_addr: "$IPv4_ADDRESS_NC"
+  relay_ipv6_addr: "$IPv6_ADDRESS_NC"
+  blacklist:
+  - recommended
+  whitelist:
+  - 127.0.0.1
+  - ::1
+  - "$IPv4_ADDRESS_TALK"
+  - "$IPv6_ADDRESS_TALK"
 TURN_CONF
 
+# Remove empty lines so that the config is not invalid
+sed -i '/""/d' /opt/eturnal/etc/eturnal.yml
+
 # Signling
 cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 216a9568..89287db5 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -7,12 +7,12 @@ logfile_maxbytes=50MB
 logfile_backups=10                              
 loglevel=error
 
-[program:turnserver]
+[program:eturnal]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver -c /conf/turnserver.conf
+command=eturnalctl foreground
 
 [program:nats-server]
 stdout_logfile=/dev/stdout

From 9d154557f837dc4b2507c9dbab06e04238c3d46f Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 7 Aug 2023 13:15:41 +0200
Subject: [PATCH 1324/3949] enable stun auto detection

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile |  4 +++-
 Containers/talk/start.sh   | 11 ++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 9581d2da..67d709bd 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -34,9 +34,11 @@ RUN set -ex; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
 FROM alpine:3.18.2
-
+ENV STUN_SERVICE="stun.nextcloud.com 443"
 COPY --from=janus     /usr/local                          /usr/local
 COPY --from=eturnal   /opt/eturnal                        /opt/eturnal
+COPY --from=eturnal   /usr/local/bin/stun                 /usr/local/bin/stun
+COPY --from=eturnal   /usr/local/bin/eturnalctl           /usr/local/bin/eturnalctl
 COPY --from=nats      /nats-server                        /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 920e63dc..b76b029e 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,14 +19,11 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short | grep -E "^[0-9.]+$" | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep -E "^[0-9a-f:]+$" | sort | head -n1)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 
-IPv4_ADDRESS_NC="$(dig "$NC_DOMAIN" A +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep "^[0-9.]\+$" | sort | head -n1)"
-IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" AAAA +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep "^[0-9a-f:]\+$" | sort | head -n1)"
-#if [ -z "$IPv4_ADDRESS_NC" ] && [ -z "$IPv6_ADDRESS_NC" ]; then
-#    export STUN_SERVICE="stun.nextcloud.com 443"
-#fi
+IPv4_ADDRESS_NC="$(dig "$NC_DOMAIN" IN A +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" IN AAAA +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
 # Turn

From 96beb00bb24c2ecedf6f0b60b042f375117600de Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 9 Aug 2023 21:51:10 +0200
Subject: [PATCH 1325/3949] change eturnal.yml path

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 2 ++
 Containers/talk/start.sh   | 2 +-
 php/containers.json        | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 67d709bd..f01ff0eb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -35,6 +35,7 @@ RUN set -ex; \
 
 FROM alpine:3.18.2
 ENV STUN_SERVICE="stun.nextcloud.com 443"
+ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     /usr/local                          /usr/local
 COPY --from=eturnal   /opt/eturnal                        /opt/eturnal
 COPY --from=eturnal   /usr/local/bin/stun                 /usr/local/bin/stun
@@ -76,6 +77,7 @@ RUN set -ex; \
     \
     touch \
         /etc/nats.conf; \
+        /etc/eturnal.yml; \
     echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
     mkdir -p \
         /var/tmp \
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index b76b029e..9bcfcf62 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -27,7 +27,7 @@ IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" IN AAAA +short +https +tls-ca=/etc/ssl/certs
 set +x
 
 # Turn
-cat << TURN_CONF > "/opt/eturnal/etc/eturnal.yml"
+cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
   listen:
     - ip: "::"
diff --git a/php/containers.json b/php/containers.json
index 1ca7fa86..0558e2a7 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -352,8 +352,8 @@
       "tmpfs": [
         "/var/log/supervisord",
         "/var/run/supervisord",
+        "/opt/eturnal/run",
         "/conf",
-        "/var/lib/turn",
         "/tmp"
       ]
     },

From cdb16b041145b905932c6989a88cf277f5daa456 Mon Sep 17 00:00:00 2001
From: BP <busta.pipes@gmail.com>
Date: Wed, 9 Aug 2023 16:46:40 -0600
Subject: [PATCH 1326/3949] Use .Values in Helm templates

Signed-off-by: BP <busta.pipes@gmail.com>
---
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../nextcloud-aio-apache-persistentvolumeclaim.yaml       | 2 +-
 .../templates/nextcloud-aio-apache-service.yaml           | 4 ++--
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 6 +++---
 .../nextcloud-aio-clamav-persistentvolumeclaim.yaml       | 2 +-
 .../templates/nextcloud-aio-clamav-service.yaml           | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-collabora-service.yaml        | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml      | 6 +++---
 ...nextcloud-aio-database-dump-persistentvolumeclaim.yaml | 2 +-
 .../nextcloud-aio-database-persistentvolumeclaim.yaml     | 2 +-
 .../templates/nextcloud-aio-database-service.yaml         | 4 ++--
 ...nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 4 ++--
 .../templates/nextcloud-aio-namespace-namespace.yaml      | 4 ++--
 ...extcloud-aio-nextcloud-data-persistentvolumeclaim.yaml | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 6 +++---
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml    | 2 +-
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 4 ++--
 ...o-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 4 ++--
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 6 +++---
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml   | 2 +-
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../nextcloud-aio-redis-persistentvolumeclaim.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-service.yaml            | 4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 4 ++--
 .../templates/nextcloud-aio-talk-service.yaml             | 8 ++++----
 35 files changed, 74 insertions(+), 74 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 1120136a..3c115c58 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index 9e1c054f..1b88ba0d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index d2335482..7ffeeaa1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   type: LoadBalancer
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index c06fa327..7a2f6dd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index f0f624fb..f7279c3a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index c7368821..08c27809 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "3310"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index fed4cd4a..673afe5e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index ec0cce0a..a759f284 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "9980"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index e1c31523..5219a278 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index 2e37c19c..73c9ed93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database-dump
   name: nextcloud-aio-database-dump
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
index 6c55b56f..e81e639a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index c3586446..addf6f3b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "5432"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index 74ee81e9..4b8ba194 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-elasticsearch
   name: nextcloud-aio-elasticsearch
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index dbcadd02..76cb054e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index f0a4a491..90609667 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "9200"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index be1eb6f2..8032532e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index f670890e..bdcc3d7b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "9000"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index 092deeaf..1f0c6e03 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ values.NAMESPACE }}
-  namespace: {{ values.NAMESPACE }}
+  name: {{ .Values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec: {}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index 08cccf5b..107265c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-data
   name: nextcloud-aio-nextcloud-data
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 78348e64..e1f3b332 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index 5b118c81..51013bd1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 687444e8..2c9b6b68 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "9000"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index 16ea936b..858d7f2c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
   name: nextcloud-aio-nextcloud-trusted-cacerts
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index bcf78642..ddacde75 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 7f709528..cabfcf2c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "7867"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 91753a9a..9fbd6464 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index 4ed689e3..cd4c8132 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 391b723f..8fa58474 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "80"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 43c727e7..02750441 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index 8e21d6d4..0dba4859 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 9561d421..68c46a90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "6379"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 66224ab7..d15df5c8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index b79b1ce1..5c2a40e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
         kompose.version: 1.30.0 (9d8dcb518)
       labels:
         io.kompose.network/nextcloud-aio: "true"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 0273319d..9cbbbc08 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "1234"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 920fc8e7..862671d9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,12 +4,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   type: LoadBalancer
   ports:
@@ -27,12 +27,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
     kompose.version: 1.30.0 (9d8dcb518)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
-  namespace: {{ values.NAMESPACE }}
+  namespace: {{ .Values.NAMESPACE }}
 spec:
   ports:
     - name: "8081"

From c128b6764ec2250f72181935fb8a855f77661150 Mon Sep 17 00:00:00 2001
From: BP <busta.pipes@gmail.com>
Date: Wed, 9 Aug 2023 16:56:57 -0600
Subject: [PATCH 1327/3949] Update the source of the templates

Signed-off-by: BP <busta.pipes@gmail.com>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 61594954..81fb913d 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -115,7 +115,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
     fi
 done
 # shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "s|nextcloud-aio-namespace|\{\{ values.NAMESPACE \}\}|" \{} \; 
+find ./ -name '*.yaml' -exec sed -i "s|nextcloud-aio-namespace|\{\{ .Values.NAMESPACE \}\}|" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
 # shellcheck disable=SC1083

From 68d54176d519fbacbbaa900721ba696dacc27cfc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 09:04:57 +0200
Subject: [PATCH 1328/3949] update Nextcloud to 27.0.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e4a2298d..e64e808e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.22-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 26.0.4
+ENV NEXTCLOUD_VERSION 27.0.2
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 04be2a780dc9eea60a230076a644b44c304dca0a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 09:07:39 +0200
Subject: [PATCH 1329/3949] update app und containers.twig as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/appinfo/info.xml          | 2 +-
 php/templates/containers.twig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index b853732f..2e8fe027 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="25" max-version="26"/>
+		<nextcloud min-version="26" max-version="27"/>
 	</dependencies>
 
 	<settings>
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 16307c72..cd4df5ae 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -28,7 +28,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 27 %}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 5f57fcda858bdb099f65c87609a3f5f766b078ef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 09:14:07 +0200
Subject: [PATCH 1330/3949] set davstorage.request_timeout to the same value
 like PHP_MAX_TIME

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3995ed3e..64188892 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -476,6 +476,7 @@ php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 
 # Apply network settings
 echo "Applying network settings..."
+php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"

From d89d0ce161d65a57a58889c2a7e9e8f8afdd5ad3 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 10 Aug 2023 09:16:43 +0200
Subject: [PATCH 1331/3949] fix sed

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 9bcfcf62..3e744b62 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -51,7 +51,7 @@ eturnal:
 TURN_CONF
 
 # Remove empty lines so that the config is not invalid
-sed -i '/""/d' /opt/eturnal/etc/eturnal.yml
+sed -i '/""/d' /conf/eturnal.yml
 
 # Signling
 cat << SIGNALING_CONF > "/conf/signaling.conf"

From 06228cd616d6c35bdcdd3c0558f1af78ba6d962b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 09:17:37 +0200
Subject: [PATCH 1332/3949] increase to 7.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cd4df5ae..f27d17b7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v6.4.0</h1>
+        <h1>Nextcloud AIO v7.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 6c3b4130067cb8c835d12f15b3afebf0d4e5d929 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 10:06:13 +0200
Subject: [PATCH 1333/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f27d17b7..0a650437 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -629,7 +629,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC<b> if nothing is entered.<br><br>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
                         {% else %}
                             The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">

From 3b9e132f11156496a385f91084279a7d3af4754f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 10:08:22 +0200
Subject: [PATCH 1334/3949] fix spacing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0a650437..e8d982d1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -310,7 +310,7 @@
                         Restore or Backup currently running. Cannot start the containers until that's done.<br /><br />
                     {% else %}
                         {% if was_start_button_clicked == false %}
-                            Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
+                            <br>Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
                         {% endif %}
                         {% if is_mastercontainer_update_available == true %}
                             ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>

From bc4bdfdc99d5b038d3e7a3fbed7132528c4fd6a6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 10:14:27 +0200
Subject: [PATCH 1335/3949] name file correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../nextcloud/config/{postgresql.php => postgresql.config.php}    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename Containers/nextcloud/config/{postgresql.php => postgresql.config.php} (100%)

diff --git a/Containers/nextcloud/config/postgresql.php b/Containers/nextcloud/config/postgresql.config.php
similarity index 100%
rename from Containers/nextcloud/config/postgresql.php
rename to Containers/nextcloud/config/postgresql.config.php

From 369226f9dfb62cacf81aa82d11fdfe1f43ba533d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 10:38:27 +0200
Subject: [PATCH 1336/3949] Revert
 "https://github.com/nextcloud/all-in-one/pull/3021" partially

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgresql.config.php |  7 -------
 Containers/nextcloud/entrypoint.sh                |  3 +++
 Containers/nextcloud/start.sh                     | 12 +++++++++++-
 3 files changed, 14 insertions(+), 8 deletions(-)
 delete mode 100644 Containers/nextcloud/config/postgresql.config.php

diff --git a/Containers/nextcloud/config/postgresql.config.php b/Containers/nextcloud/config/postgresql.config.php
deleted file mode 100644
index f086b297..00000000
--- a/Containers/nextcloud/config/postgresql.config.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-$CONFIG = array (
-    'dbuser' => 'oc_' . getenv('POSTGRES_USER'),
-    'dbpassword' => getenv('POSTGRES_PASSWORD'),
-    'db_name' => getenv('POSTGRES_DB'),
-    'dbpersistent' => true,
-);
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 64188892..e2775f56 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -482,6 +482,9 @@ php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_D
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess
 
+# Apply dbpersistent setting in order to fix too many db connections
+php /var/www/html/occ config:system:set dbpersistent --value=true --type=bool
+
 # Disallow creating local external storages when nothing was mounted
 if [ -z "$NEXTCLOUD_MOUNT" ]; then
     php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 95c0af90..b990d6c5 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -6,13 +6,23 @@ while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
     sleep 5
 done
 
-# Wait for database to actually start
+# Use the correct Postgres username
+POSTGRES_USER="oc_$POSTGRES_USER"
+export POSTGRES_USER
+
+# Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
     while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && [ "$POSTGRES_DB" = "nextcloud_database" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # This was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+        sed -i "s|'db_name'.*=>.*$|'db_name' => '$POSTGRES_DB',|" /var/www/html/config/config.php
+    fi
 fi
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR

From f00aaf14cd1b691351cb2d4078023ed4291e3b37 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 11:36:39 +0200
Subject: [PATCH 1337/3949] add domain-validator

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile        | 11 +++++------
 Containers/mastercontainer/supervisord.conf |  8 ++++++++
 php/domain-validator.php                    | 17 +++++++++++++++++
 3 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 php/domain-validator.php

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index 64b1e8f4..d0806adb 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -14,18 +14,17 @@
     servers {
         protocols h1 h2 h2c
     }
+
+    on_demand_tls {
+        ask http://localhost:9876/
+    }
 }
 
 http://:80 {
   redir https://{host}{uri}
 }
 
-# Match only host names and not ip-addresses:
-https://*.*:8443,
-https://*.*.*:8443,
-https://*.*.*.*:8443,
-https://*.*.*.*.*:8443,
-https://*.*.*.*.*.*:8443 {
+https::8443 {
 
     reverse_proxy localhost:8000
 
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 6dc04065..0b60a0d7 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -55,3 +55,11 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
 user=root
+
+[program:domain-validator]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
+user=www-data
diff --git a/php/domain-validator.php b/php/domain-validator.php
new file mode 100644
index 00000000..59d94f16
--- /dev/null
+++ b/php/domain-validator.php
@@ -0,0 +1,17 @@
+<?php
+
+$domain = $_GET['domain'] ?? '';
+
+if (strpos($domain, '.') === false) { 
+    http_response_code(400); 
+} elseif (strpos($domain, '/') !== false) { 
+    http_response_code(400);  
+} elseif (strpos($domain, ':') !== false) { 
+    http_response_code(400);  
+} elseif (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { 
+    http_response_code(400); 
+} elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
+    http_response_code(400); 
+} else {
+    http_response_code(200);
+}

From a63e0b9b1bc5214669a02316699cad739326d440 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 13:02:18 +0200
Subject: [PATCH 1338/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index d0806adb..ba6a281d 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -24,7 +24,7 @@ http://:80 {
   redir https://{host}{uri}
 }
 
-https::8443 {
+https://:8443 {
 
     reverse_proxy localhost:8000
 

From 1b1626fe56d4e6a5322176cd239793fd0856b3c3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 13:40:11 +0200
Subject: [PATCH 1339/3949] fix details around logging of new domain-validator

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/supervisord.conf | 4 ++--
 php/domain-validator.php                    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 0b60a0d7..5bad1235 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -57,8 +57,8 @@ command=/session-deduplicator.sh
 user=root
 
 [program:domain-validator]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
diff --git a/php/domain-validator.php b/php/domain-validator.php
index 59d94f16..83f4fdf2 100644
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -13,5 +13,6 @@ if (strpos($domain, '.') === false) {
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
     http_response_code(400); 
 } else {
+    error_log($domain . ' was accepted as valid domain.');
     http_response_code(200);
 }

From 2a959d4e59bfbb325ab38c16bd8e6e21830f8f8c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 15:14:30 +0200
Subject: [PATCH 1340/3949] add password to FTS

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh |  2 +-
 php/containers.json                | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e2775f56..5db7d152 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -705,7 +705,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/php/containers.json b/php/containers.json
index 1ca7fa86..9b229b4e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -131,7 +131,8 @@
         "REDIS_PASSWORD",
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
-        "SIGNALING_SECRET"
+        "SIGNALING_SECRET",
+        "FULLTEXTSEARCH_PASSWORD"
       ],
       "volumes": [
         {
@@ -198,7 +199,8 @@
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording"
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -598,7 +600,8 @@
         "logger.org.elasticsearch.discovery=WARN",
         "http.port=9200",
         "xpack.license.self_generated.type=basic",
-        "xpack.security.enabled=false"
+        "xpack.security.enabled=false",
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
       ],
       "volumes": [
         {
@@ -613,6 +616,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "secrets": [
+        "FULLTEXTSEARCH_PASSWORD"
       ]
     }
   ]

From 8a7bcfe747ce6679ee31d5b266a4301c2b6118e2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 15:46:40 +0200
Subject: [PATCH 1341/3949] disable logging for domain-validator.php

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/supervisord.conf | 5 +++--
 php/domain-validator.php                    | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 5bad1235..f64c9725 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -57,9 +57,10 @@ command=/session-deduplicator.sh
 user=root
 
 [program:domain-validator]
+# Logging is disabled as otherwise all attempts will be logged which spams the logs
 # stdout_logfile=/dev/stdout
 # stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+# stderr_logfile=/dev/stderr
+# stderr_logfile_maxbytes=0
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
 user=www-data
diff --git a/php/domain-validator.php b/php/domain-validator.php
index 83f4fdf2..a1e6487b 100644
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -13,6 +13,7 @@ if (strpos($domain, '.') === false) {
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
     http_response_code(400); 
 } else {
-    error_log($domain . ' was accepted as valid domain.');
+    // Commented because logging is disabled as otherwise all attempts will be logged which spams the logs
+    // error_log($domain . ' was accepted as valid domain.');
     http_response_code(200);
 }

From 4c0e30d49d02fb07970c76ea2b6a561573091628 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 16:41:47 +0200
Subject: [PATCH 1342/3949] add init flag to all containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml                           |  1 +
 develop.md                             |  1 +
 php/containers-schema.json             |  3 +++
 php/containers.json                    | 15 +++++++++++++++
 php/src/Container/Container.php        |  7 +++++++
 php/src/ContainerDefinitionFetcher.php |  6 ++++++
 php/src/Docker/DockerActionManager.php |  2 ++
 readme.md                              |  2 ++
 reverse-proxy.md                       |  2 ++
 9 files changed, 39 insertions(+)

diff --git a/compose.yaml b/compose.yaml
index 37573f94..71ae4124 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,7 @@
 services:
   nextcloud:
     image: nextcloud/all-in-one:latest
+    init: true
     restart: always
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
diff --git a/develop.md b/develop.md
index 8c3cef9d..7ac2bdec 100644
--- a/develop.md
+++ b/develop.md
@@ -2,6 +2,7 @@
 If you want to switch to the develop channel, you simply stop and delete the mastercontainer and create a new one with a changed tag to develop:
 ```shell
 sudo docker run \
+--init \
 --sig-proxy=false \
 --name nextcloud-aio-mastercontainer \
 --restart always \
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 91d32dc4..5bb7b6db 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -137,6 +137,9 @@
 					"read_only": {
 						"type": "boolean"
 					},
+					"init": {
+						"type": "boolean"
+					},
 					"tmpfs": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 1ca7fa86..05b608c4 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -11,6 +11,7 @@
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
+      "init": true,
       "ports": [
         {
           "ip_binding": "%APACHE_IP_BINDING%",
@@ -69,6 +70,7 @@
       "container_name": "nextcloud-aio-database",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
+      "init": true,
       "expose": [
         "5432"
       ],
@@ -122,6 +124,7 @@
       ],
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
+      "init": true,
       "expose": [
         "9000"
       ],
@@ -218,6 +221,7 @@
       "container_name": "nextcloud-aio-notify-push",
       "display_name": "Notify Push",
       "image": "nextcloud/aio-notify-push",
+      "init": true,
       "expose": [
         "7867"
       ],
@@ -253,6 +257,7 @@
       "container_name": "nextcloud-aio-redis",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
+      "init": true,
       "expose": [
         "6379"
       ],
@@ -283,6 +288,7 @@
       "container_name": "nextcloud-aio-collabora",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
+      "init": true,
       "expose": [
         "9980"
       ],
@@ -311,6 +317,7 @@
       "container_name": "nextcloud-aio-talk",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
+      "init": true,
       "ports": [
         {
           "ip_binding": "",
@@ -361,6 +368,7 @@
       "container_name": "nextcloud-aio-talk-recording",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
+      "init": true,
       "expose": [
         "1234"
       ],
@@ -392,6 +400,7 @@
     {
       "container_name": "nextcloud-aio-borgbackup",
       "image": "nextcloud/aio-borgbackup",
+      "init": true,
       "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
@@ -453,6 +462,7 @@
     {
       "container_name": "nextcloud-aio-watchtower",
       "image": "nextcloud/aio-watchtower",
+      "init": true,
       "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
@@ -468,6 +478,7 @@
     {
       "container_name": "nextcloud-aio-domaincheck",
       "image": "nextcloud/aio-domaincheck",
+      "init": true,
       "ports": [
         {
           "ip_binding": "%APACHE_IP_BINDING%",
@@ -494,6 +505,7 @@
       "container_name": "nextcloud-aio-clamav",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
+      "init": true,
       "expose": [
         "3310"
       ],
@@ -527,6 +539,7 @@
       "container_name": "nextcloud-aio-onlyoffice",
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
+      "init": true,
       "expose": [
         "80"
       ],
@@ -559,6 +572,7 @@
       "container_name": "nextcloud-aio-imaginary",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
+      "init": true,
       "expose": [
         "9000"
       ],
@@ -585,6 +599,7 @@
       "container_name": "nextcloud-aio-fulltextsearch",
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
+      "init": true,
       "expose": [
         "9200"
       ],
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 1782211a..a7296a65 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -32,6 +32,7 @@ class Container {
     private array $nextcloudExecCommands;
     private bool $readOnlyRootFs;
     private array $tmpfs;
+    private bool $init;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -54,6 +55,7 @@ class Container {
         array $nextcloudExecCommands,
         bool $readOnlyRootFs,
         array $tmpfs,
+        bool $init,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -75,6 +77,7 @@ class Container {
         $this->nextcloudExecCommands = $nextcloudExecCommands;
         $this->readOnlyRootFs = $readOnlyRootFs;
         $this->tmpfs = $tmpfs;
+        $this->init = $init;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -98,6 +101,10 @@ class Container {
         return $this->readOnlyRootFs;
     }
 
+    public function GetInit() : bool {
+        return $this->init;
+    }
+
     public function GetShmSize() : int {
         return $this->shmSize;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6deb308d..6641aff4 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -272,6 +272,11 @@ class ContainerDefinitionFetcher
                 $tmpfs = $entry['tmpfs'];
             }
 
+            $init = true;
+            if (isset($entry['init'])) {
+                $init = $entry['init'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -292,6 +297,7 @@ class ContainerDefinitionFetcher
                 $nextcloudExecCommands,
                 $readOnlyRootFs,
                 $tmpfs,
+                $init,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ef2a972b..6e5239ae 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -450,6 +450,8 @@ class DockerActionManager
             $requestBody['HostConfig']['Tmpfs'] =  $tmpfs;
         }
 
+        $requestBody['HostConfig']['Init'] = $container->GetInit();
+
         $capAdds = $container->GetCapAdds();
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
diff --git a/readme.md b/readme.md
index bb987216..5d89fc1d 100644
--- a/readme.md
+++ b/readme.md
@@ -87,6 +87,7 @@ The following instructions are meant for installations without a web server or r
     ```
     # For Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:
     sudo docker run \
+    --init \
     --sig-proxy=false \
     --name nextcloud-aio-mastercontainer \
     --restart always \
@@ -157,6 +158,7 @@ On Windows, install [Docker Desktop](https://www.docker.com/products/docker-desk
 
 ```
 docker run ^
+--init ^
 --sig-proxy=false ^
 --name nextcloud-aio-mastercontainer ^
 --restart always ^
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0ce3f263..b4a1c8f0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -604,6 +604,7 @@ After adjusting your reverse proxy config, use the following command to start AI
 ```
 # For Linux:
 sudo docker run \
+--init \
 --sig-proxy=false \
 --name nextcloud-aio-mastercontainer \
 --restart always \
@@ -629,6 +630,7 @@ On Windows, install [Docker Desktop](https://www.docker.com/products/docker-desk
 
 ```
 docker run ^
+--init ^
 --sig-proxy=false ^
 --name nextcloud-aio-mastercontainer ^
 --restart always ^

From bcfc33c2a6b478fa1e4e8a1c6f7e60ebc28e04ab Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 16:45:54 +0200
Subject: [PATCH 1343/3949] also add an explanation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 5d89fc1d..4c8fd6d6 100644
--- a/readme.md
+++ b/readme.md
@@ -102,6 +102,7 @@ The following instructions are meant for installations without a web server or r
     <summary>Explanation of the command</summary>
 
     - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
+    - `--init` This option makes sure that no zombie-processes are created, ever. See https://docs.docker.com/engine/reference/run/#specify-an-init-process
     - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
     - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
     - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/

From 1989f27b717bd331165a56c561e937946c9d4ed4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 16:57:58 +0200
Subject: [PATCH 1344/3949] name service in compose like container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 37573f94..039a3209 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,5 +1,5 @@
 services:
-  nextcloud:
+  nextcloud-aio-mastercontainer:
     image: nextcloud/all-in-one:latest
     restart: always
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly

From 2aa5e78a22a084fca0b2cdf00d95427844f98a96 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 10 Aug 2023 16:51:47 +0200
Subject: [PATCH 1345/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 05b608c4..be6aa1a8 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -599,7 +599,7 @@
       "container_name": "nextcloud-aio-fulltextsearch",
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
-      "init": true,
+      "init": false,
       "expose": [
         "9200"
       ],

From c6c1effa6d9c3fc9c8d57c59eaf2bd53b79f6341 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 11 Aug 2023 10:09:49 +0200
Subject: [PATCH 1346/3949] adjust wording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bb987216..0ec38a77 100644
--- a/readme.md
+++ b/readme.md
@@ -60,7 +60,7 @@ Included are:
 - Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
 - Almost all included containers Alpine Linux based (good for security and size)
 - Many of the included containers run as non-root user (good for security)
-- Some of the included containers have a read-only root-FS (good for security)
+- Many of the included containers have a read-only root-FS (good for security)
 - Included containers run in its own docker network (good for security) and only really necessary ports are exposed on the host
 - [Multiple instances on one server](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) are doable without having to deal with VMs
 - Adjustable backup path from the AIO interface (good to put the backups e.g. on a different drive)

From aec119d971505fbaca38eb9d81650f38c3d9ff91 Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 14:58:58 -0400
Subject: [PATCH 1347/3949] Update readme.md

Fix minor typo.

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0ec38a77..c10f4a19 100644
--- a/readme.md
+++ b/readme.md
@@ -521,7 +521,7 @@ fi
 
 </details>
 
-You can simply copy and past the script into a file e.g. named `backup-script.sh` e.g. here: `/root/backup-script.sh`. Do not forget to modify the variables to your requirements!
+You can simply copy and paste the script into a file e.g. named `backup-script.sh` e.g. here: `/root/backup-script.sh`. Do not forget to modify the variables to your requirements!
 
 Afterwards apply the correct permissions with `sudo chown root:root /root/backup-script.sh` and `sudo chmod 700 /root/backup-script.sh`. Then you can create a cronjob that runs e.g. at `20:00` each week on Sundays like this: 
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 

From 2bcdd2af6e8650e23fbed693733fe9037c9ab585 Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 17:32:20 -0400
Subject: [PATCH 1348/3949] Update readme.md

Fixed minor typo

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index c10f4a19..8eb10ac3 100644
--- a/readme.md
+++ b/readme.md
@@ -599,7 +599,7 @@ Be aware though that these locations will not be covered by the built-in backup
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
-By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default public uploads to Nextcloud are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.

From d70cc3b171cbfa87db564f10963f27e35b343c31 Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 17:33:27 -0400
Subject: [PATCH 1349/3949] Update readme.md

Added commas to sentence.

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 8eb10ac3..4affb01c 100644
--- a/readme.md
+++ b/readme.md
@@ -599,7 +599,7 @@ Be aware though that these locations will not be covered by the built-in backup
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
-By default public uploads to Nextcloud are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default, public uploads to Nextcloud, are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.

From 3e0c8713cb4ff6063920b9690f830fb7456ab1fb Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 17:35:19 -0400
Subject: [PATCH 1350/3949] Update readme.md

Improved sentence.

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4affb01c..62975a3b 100644
--- a/readme.md
+++ b/readme.md
@@ -599,7 +599,7 @@ Be aware though that these locations will not be covered by the built-in backup
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
-By default, public uploads to Nextcloud, are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default, public uploads to Nextcloud are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.

From a50456591d4c4ca551896ffb4167d72198261b02 Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 17:41:43 -0400
Subject: [PATCH 1351/3949] Update readme.md

Minor fix, comma added

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 62975a3b..247c468a 100644
--- a/readme.md
+++ b/readme.md
@@ -602,7 +602,7 @@ By default will the talk container use port `3478/UDP` and `3478/TCP` for connec
 By default, public uploads to Nextcloud are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
 
 ### How to adjust the max execution time for Nextcloud?
-By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
+By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
 
 ### How to adjust the PHP memory limit for Nextcloud?
 By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.

From e25bf4b4ca25e9b40f8b6f0d155d7fd4b7ef411b Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 17:44:29 -0400
Subject: [PATCH 1352/3949] Update readme.md

Added comma

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 247c468a..933053aa 100644
--- a/readme.md
+++ b/readme.md
@@ -605,7 +605,7 @@ By default, public uploads to Nextcloud are limited to a max of 10G (logged in u
 By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
 
 ### How to adjust the PHP memory limit for Nextcloud?
-By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
 
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.

From aae60363b095a2ab9262bf73f5101f0566b729b8 Mon Sep 17 00:00:00 2001
From: dienteperro <dienteperro1207@yahoo.com>
Date: Sun, 13 Aug 2023 18:59:30 -0400
Subject: [PATCH 1353/3949] Update readme.md

Rewrite some sentences with minor typos.

Signed-off-by: dienteperro <dienteperro1207@yahoo.com>
---
 readme.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/readme.md b/readme.md
index 933053aa..da2aa3d1 100644
--- a/readme.md
+++ b/readme.md
@@ -626,20 +626,20 @@ No. Since Podman is not 100% compatible with the Docker API, you cannot use Podm
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
-Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.18. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.18. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
-Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
 
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it should not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
+⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
 
@@ -659,7 +659,7 @@ You can move the whole docker library and all its files including all Nextcloud
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
 ### Custom skeleton directory
-If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports))
@@ -693,13 +693,13 @@ What are the requirements?
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
 
 ### How to trust user-defined Certification Authorities (CA)?
-For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
+For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
 When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
-In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
+In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
 
 ### How to disable Collabora's Seccomp feature?
 The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
@@ -725,15 +725,15 @@ docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.
 
 </details>
 
-You can simply copy and past the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
+You can simply copy and paste the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
 
-Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs e.g. runs the script at `04:00` each day like this: 
+Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs it on a schedule e.g. runs the script at `04:00` each day like this: 
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
 1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
-1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` and then `Enter` to save, and close the editor with `Ctrl + x`).
 
 
-**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextclouds datadir, if it is not stored in a docker volume.**
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextcloud's datadir if it is not stored in a docker volume.**
 
 **Afterwards, you can create a second script that automatically updates the containers:**
 
@@ -763,9 +763,9 @@ fi
 
 </details>
 
-You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
+You can simply copy and paste the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
 
 Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
-1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).

From 35c08c0381d12a4683681faa43452615c888c04d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Aug 2023 12:00:48 +0200
Subject: [PATCH 1354/3949] add check for timezone

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index e48a24ca..5c252aa0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -253,6 +253,18 @@ if [ "$?" = 6 ]; then
     exit 1
 fi
 
+# Check that no changes have been made to timezone settings since AIO only supports running in UTC timezone
+if [ -n "$TZ" ]; then
+    print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default UTC timezone!"
+    exit 1
+elif mountpoint -q /etc/localtime; then
+    print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
+    exit 1
+elif mountpoint -q /etc/timezone; then
+    print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
+    exit 1
+fi
+
 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/

From 7f37fd70603ce9d3990fd042f915014a83cdbc83 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Aug 2023 12:40:49 +0200
Subject: [PATCH 1355/3949] add hint how the correct timezone can be set

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 5c252aa0..2e132479 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -256,12 +256,15 @@ fi
 # Check that no changes have been made to timezone settings since AIO only supports running in UTC timezone
 if [ -n "$TZ" ]; then
     print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default UTC timezone!"
+    echo "The correct timezone can be set in the AIO interface later on!"
     exit 1
 elif mountpoint -q /etc/localtime; then
     print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
+    echo "The correct timezone can be set in the AIO interface later on!"
     exit 1
 elif mountpoint -q /etc/timezone; then
     print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
+    echo "The correct timezone can be set in the AIO interface later on!"
     exit 1
 fi
 

From b4afd493413b4327a858f2a9bfe4b903d3126309 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Aug 2023 13:17:15 +0200
Subject: [PATCH 1356/3949] make notify-push logs more explicit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index c20b9c0d..873e59de 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -31,6 +31,8 @@ fi
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
+echo "Starting notify-push. If not further logs are shown below, it started correctly."
+
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --database-prefix="oc_" \

From 8c9020b03136548eccc7a42f0905df582f84236e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 14 Aug 2023 12:02:51 +0000
Subject: [PATCH 1357/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ced48696..f42fd3c9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -626,16 +626,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.4",
+            "version": "7.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "8ed79468dfb163824bbf48de5e35d1729f9313b6"
+                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8ed79468dfb163824bbf48de5e35d1729f9313b6",
-                "reference": "8ed79468dfb163824bbf48de5e35d1729f9313b6",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
+                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
                 "shasum": ""
             },
             "require": {
@@ -683,7 +683,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.4"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.5"
             },
             "funding": [
                 {
@@ -695,7 +695,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-08T15:59:16+00:00"
+            "time": "2023-08-10T14:57:56+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 1b2f865276cb1106dd38835863ce99d3aac23194 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Aug 2023 12:51:52 +0000
Subject: [PATCH 1358/3949] Bump clamav/clamav from 1.1.0-1 to 1.1.0-6 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.0-1 to 1.1.0-6.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 9664edd9..3be2d195 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.0-1
+FROM clamav/clamav:1.1.0-6
 
 COPY clamav.conf /tmp/clamav.conf
 

From 81e1292f0c18fd6583407bd9ae3e321c74652761 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Aug 2023 12:20:33 +0000
Subject: [PATCH 1359/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.7.2-alpine to 2.7.3-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 735cb8bf..3cf52a8d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:24.0.5-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.2-alpine as caddy
+FROM caddy:2.7.3-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.8-fpm-alpine3.18

From 4c5ad66fb364afc15f163ee16bb368b7a6ac2b38 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Aug 2023 12:46:57 +0000
Subject: [PATCH 1360/3949] Bump caddy from 2.7.2-alpine to 2.7.3-alpine in
 /Containers/apache

Bumps caddy from 2.7.2-alpine to 2.7.3-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index daebe372..ae6f5278 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,4 @@
-FROM caddy:2.7.2-alpine as caddy
+FROM caddy:2.7.3-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.18
 

From 268d24c4864afe5981c73322d804a071e333a3bb Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 16 Aug 2023 13:29:25 +0200
Subject: [PATCH 1361/3949] change grep command

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/daily-backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 3b2d053a..f87b3966 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -16,7 +16,7 @@ fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -o '[0-9]\+' | head -1)"
 while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
     echo "Waiting for apache to become available"
     sleep 30

From e56b3369d2209a5476f2a8e7a79d1aeb1e2284b8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 16 Aug 2023 14:44:55 +0200
Subject: [PATCH 1362/3949] try to fix grep syntax for db restore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 75a86abd..8d5f7b05 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -92,14 +92,14 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
 
     # Check if the line we grep for later on is there
     GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
-    if ! grep -q "$GREP_STRING" "$DUMP_FILE"; then
+    if ! grep -qa "$GREP_STRING" "$DUMP_FILE"; then
         echo "The needed oc_appconfig line is not there which is unexpected."
         echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
         exit 1
     fi
 
     # Get the Owner
-    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
         echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
         echo "It is not possible to import a database dump from this database owner."

From 188b3ada950cf0ec838128754711ca67e4164e4b Mon Sep 17 00:00:00 2001
From: FreDTV <70434961+Fred-DTV@users.noreply.github.com>
Date: Wed, 16 Aug 2023 20:44:29 +0200
Subject: [PATCH 1363/3949] Update containers.twig

Add note to Fulltextsearch about initial scanning process

Signed-off-by: FreDTV <70434961+Fred-DTV@users.noreply.github.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e8d982d1..8718863b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -552,7 +552,7 @@
                         {% if is_fulltextsearch_enabled == true %}
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% else %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (NOTE: If enabled on systems with many files, be aware that the first scan process might take a while, during which Nextcloud will be unavailable. And needs ~1GB additional RAM)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
                             <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>

From 4a87a5cde82392f03ea292123ccf34eff41279ec Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 09:07:11 +0200
Subject: [PATCH 1364/3949] fix update-helm script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 81fb913d..284e5871 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -155,7 +155,7 @@ for port in "${INTERNAL_TALK_PORTS[@]}"; do
 done
 echo '---' >>  /tmp/talk-service.copy
 # shellcheck disable=SC1083
-find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
+find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083

From 3988351882fdede2c312213dc1b8c46083589029 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 09:14:39 +0200
Subject: [PATCH 1365/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 284e5871..8b191471 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -155,7 +155,7 @@ for port in "${INTERNAL_TALK_PORTS[@]}"; do
 done
 echo '---' >>  /tmp/talk-service.copy
 # shellcheck disable=SC1083
-find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
+find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083

From f05e602574dd60f4f94989a0bdd68da83cf24b1e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 17 Aug 2023 07:22:48 +0000
Subject: [PATCH 1366/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index bbbd72c8..0c2c22bd 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 6.4.0
+version: 7.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 3c115c58..502d826e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -72,7 +72,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230728_085937-latest
+          image: nextcloud/aio-apache:20230817_065941-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 7a2f6dd5..e6750023 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230728_085937-latest
+          image: nextcloud/aio-clamav:20230817_065941-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 673afe5e..8c51d301 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230728_085937-latest
+          image: nextcloud/aio-collabora:20230817_065941-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 5219a278..941c23ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -67,7 +67,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230728_085937-latest
+          image: nextcloud/aio-postgresql:20230817_065941-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 76cb054e..32d02f20 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20230728_085937-latest
+          image: nextcloud/aio-fulltextsearch:20230817_065941-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 8032532e..1dc8940b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -37,7 +37,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230728_085937-latest
+          image: nextcloud/aio-imaginary:20230817_065941-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e1f3b332..75ca5fb4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -120,7 +120,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230728_085937-latest
+          image: nextcloud/aio-nextcloud:20230817_065941-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index ddacde75..b42699d8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230728_085937-latest
+          image: nextcloud/aio-notify-push:20230817_065941-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9fbd6464..f6ab525d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230728_085937-latest
+          image: nextcloud/aio-onlyoffice:20230817_065941-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 02750441..4152e2da 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230728_085937-latest
+          image: nextcloud/aio-redis:20230817_065941-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d15df5c8..dab8fc80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230728_085937-latest
+          image: nextcloud/aio-talk:20230817_065941-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 5c2a40e5..108fa293 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230728_085937-latest
+          image: nextcloud/aio-talk-recording:20230817_065941-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 6823e81b80c58e27a67eaad5630449e16ed6e77b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Aug 2023 07:24:13 +0000
Subject: [PATCH 1367/3949] Bump postgres from 15.3-alpine to 15.4-alpine in
 /Containers/postgresql

Bumps postgres from 15.3-alpine to 15.4-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index c002789d..bf9b8d93 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.3-alpine
+FROM postgres:15.4-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From fed0f42fed442c71d370a15dfc2c571742202ada Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Aug 2023 12:17:00 +0200
Subject: [PATCH 1368/3949] add check for unsupported environmental variables

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 2e132479..2d78f812 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -268,6 +268,17 @@ elif mountpoint -q /etc/timezone; then
     exit 1
 fi
 
+# Check if unsupported env are set (but dont exit as it would break many instances)
+if [ -n "$APACHE_DISABLE_REWRITE_IP" ]; then
+    print_red "The environmental variable APACHE_DISABLE_REWRITE_IP has been set which is not supported by AIO. Please remove it!"
+fi
+if [ -n "$NEXTCLOUD_TRUSTED_DOMAINS" ]; then
+    print_red "The environmental variable NEXTCLOUD_TRUSTED_DOMAINS has been set which is not supported by AIO. Please remove it!"
+fi
+if [ -n "$TRUSTED_PROXIES" ]; then
+    print_red "The environmental variable TRUSTED_PROXIES has been set which is not supported by AIO. Please remove it!"
+fi
+
 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/

From 378989ecb4d374b302e6206f623a7a94a420b1fe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 14 Aug 2023 12:20:53 +0200
Subject: [PATCH 1369/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 2d78f812..c256ed3c 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -268,7 +268,7 @@ elif mountpoint -q /etc/timezone; then
     exit 1
 fi
 
-# Check if unsupported env are set (but dont exit as it would break many instances)
+# Check if unsupported env are set (but don't exit as it would break many instances)
 if [ -n "$APACHE_DISABLE_REWRITE_IP" ]; then
     print_red "The environmental variable APACHE_DISABLE_REWRITE_IP has been set which is not supported by AIO. Please remove it!"
 fi

From 499992d39092fc53030a4be44cb8e8bf202970c1 Mon Sep 17 00:00:00 2001
From: FreDTV <70434961+Fred-DTV@users.noreply.github.com>
Date: Thu, 17 Aug 2023 10:00:59 +0200
Subject: [PATCH 1370/3949] Update php/templates/containers.twig

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: FreDTV <70434961+Fred-DTV@users.noreply.github.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8718863b..02809fad 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -552,7 +552,7 @@
                         {% if is_fulltextsearch_enabled == true %}
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% else %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (NOTE: If enabled on systems with many files, be aware that the first scan process might take a while, during which Nextcloud will be unavailable. And needs ~1GB additional RAM)</label><br>
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <b>Please note:</b> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
                             <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>

From 62c7e3f133f0a99a5d825a511e8c40be0e583f3d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 10:51:55 +0200
Subject: [PATCH 1371/3949] fix notify-push trusted proxies

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile | 1 +
 Containers/apache/start.sh   | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ae6f5278..a787593e 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -30,6 +30,7 @@ RUN set -ex; \
         tzdata \
         ca-certificates \
         openssl \
+        bind-tools \
         netcat-openbsd; \
     \
     sed -i \
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 5ebc9ee0..040851bc 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -17,6 +17,11 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
     sleep 5
 done
 
+# Get ipv4-address of Apache
+IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short | head -1)"
+# Bring it in CIDR notation
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
+
 if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"
 fi
@@ -41,7 +46,7 @@ echo "$CADDYFILE" > /tmp/Caddyfile
 if [ "$APACHE_PORT" != '443' ]; then
     CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
 else
-    CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /tmp/Caddyfile)"
+    CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 

From b8f534244bd8b49477e95edc39778e2f24e1b270 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 11:00:50 +0200
Subject: [PATCH 1372/3949] fix SC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 040851bc..6095ea09 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -20,6 +20,7 @@ done
 # Get ipv4-address of Apache
 IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short | head -1)"
 # Bring it in CIDR notation
+# shellcheck disable=SC2001
 IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
 
 if [ -z "$APACHE_PORT" ]; then

From 79e86d6f4032bc660a367da106cec1f295ae3092 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 12:37:48 +0200
Subject: [PATCH 1373/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index f01ff0eb..2363f379 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -76,7 +76,7 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
     touch \
-        /etc/nats.conf; \
+        /etc/nats.conf \
         /etc/eturnal.yml; \
     echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
     mkdir -p \

From 3895650f1e3162b3cfd6459a2b845baf602030e3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 12:52:47 +0200
Subject: [PATCH 1374/3949] improve detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 02809fad..e47baff4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -552,7 +552,7 @@
                         {% if is_fulltextsearch_enabled == true %}
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% else %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <b>Please note:</b> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br>
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <b>Please note:</b> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
                             <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>

From c83c59771fe94b49458dba502ebe3957a3fdb577 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 12:59:42 +0200
Subject: [PATCH 1375/3949] revert transparency of notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 873e59de..c20b9c0d 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -31,8 +31,6 @@ fi
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
-echo "Starting notify-push. If not further logs are shown below, it started correctly."
-
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --database-prefix="oc_" \

From d8e802851d0cca35873cd2284e6941b01694e557 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 14:15:04 +0200
Subject: [PATCH 1376/3949] mastercontainer - improve healthcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/healthcheck.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
index c3a5e3fd..e5d27771 100644
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
+    nc -z localhost 80 || exit 1
+    nc -z localhost 8000 || exit 1
     nc -z localhost 8080 || exit 1
+    nc -z localhost 8443 || exit 1
+    nc -z localhost 9000 || exit 1
+    nc -z localhost 9876 || exit 1
 fi

From b2e33e8a51351cdac7311cb7c2bd8d1744933bb4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 14:18:25 +0200
Subject: [PATCH 1377/3949] apache - improve healtcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/healthcheck.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 835ec4d4..3a54ef04 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -3,4 +3,7 @@
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
 nc -z localhost "$APACHE_PORT" || exit 1
-nc -z "$NC_DOMAIN" 443 || exit 1
+if ! nc -z "$NC_DOMAIN" 443; then
+    echo "Could not reach $NC_DOMAIN on port 443."
+    exit 1
+fi

From e6af64087131f01ef9bab8e4efe6eebe8cadeac0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 14:22:39 +0200
Subject: [PATCH 1378/3949] talk - improve healthcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile     |  3 ++-
 Containers/talk/healthcheck.sh | 11 +++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 Containers/talk/healthcheck.sh

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2363f379..65448c16 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -44,6 +44,7 @@ COPY --from=nats      /nats-server                        /usr/local/bin/nats-se
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
@@ -103,5 +104,5 @@ USER eturnal
 ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT" && eturnalctl status) || exit 1
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk/healthcheck.sh b/Containers/talk/healthcheck.sh
new file mode 100644
index 00000000..82e660ea
--- /dev/null
+++ b/Containers/talk/healthcheck.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+nc -z localhost 8081 || exit 1
+nc -z localhost 8188 || exit 1
+nc -z localhost 4222 || exit 1
+nc -z localhost "$TALK_PORT" || exit 1
+eturnalctl status || exit 1
+if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
+    echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
+    exit 1
+fi

From f551a9c56f7bcf13f47db1db6ea86eb08c60044f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Aug 2023 12:56:08 +0000
Subject: [PATCH 1379/3949] Bump clamav/clamav from 1.1.0-6 to 1.1.1-7 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.0-6 to 1.1.1-7.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 3be2d195..e86a03f2 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.0-6
+FROM clamav/clamav:1.1.1-7
 
 COPY clamav.conf /tmp/clamav.conf
 

From c69a5d20652caf5f3a0ec14105450357da4d3eff Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 17 Aug 2023 16:28:42 +0200
Subject: [PATCH 1380/3949] add image_tag to containers definition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             |  4 ++++
 php/src/Container/Container.php        |  7 +++++++
 php/src/ContainerDefinitionFetcher.php |  6 ++++++
 php/src/Docker/DockerActionManager.php | 11 +++++++++--
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 5bb7b6db..d608895a 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -96,6 +96,10 @@
 							"pattern": "^[A-Z_]+$"
 						}
 					},
+					"image_tag": {
+						"type": "string",
+						"pattern": "^[a-z0-9.-]+$"
+					},
 					"devices": {
 						"type": "array",
 						"items": {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index a7296a65..335fdba0 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -33,6 +33,7 @@ class Container {
     private bool $readOnlyRootFs;
     private array $tmpfs;
     private bool $init;
+    private string $imageTag;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -56,6 +57,7 @@ class Container {
         bool $readOnlyRootFs,
         array $tmpfs,
         bool $init,
+        string $imageTag,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -78,6 +80,7 @@ class Container {
         $this->readOnlyRootFs = $readOnlyRootFs;
         $this->tmpfs = $tmpfs;
         $this->init = $init;
+        $this->imageTag = $imageTag;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -97,6 +100,10 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetImageTag() : string {
+        return $this->imageTag;
+    }
+
     public function GetReadOnlySetting() : bool {
         return $this->readOnlyRootFs;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6641aff4..14cd9c25 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -277,6 +277,11 @@ class ContainerDefinitionFetcher
                 $init = $entry['init'];
             }
 
+            $imageTag = '';
+            if (isset($entry['image_tag'])) {
+                $imageTag = $entry['image_tag'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -298,6 +303,7 @@ class ContainerDefinitionFetcher
                 $readOnlyRootFs,
                 $tmpfs,
                 $init,
+                $imageTag,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6e5239ae..3a3d9c61 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -48,7 +48,11 @@ class DockerActionManager
     }
 
     private function BuildImageName(Container $container) : string {
-        return $container->GetContainerName() . ':' . $this->GetCurrentChannel();
+        $tag = $container->GetImageTag();
+        if ($tag === '') {
+            $tag = $this->GetCurrentChannel();
+        }
+        return $container->GetContainerName() . ':' . $tag;
     }
 
     public function GetContainerRunningState(Container $container) : IContainerState
@@ -95,7 +99,10 @@ class DockerActionManager
 
     public function GetContainerUpdateState(Container $container) : IContainerState
     {
-        $tag = $this->GetCurrentChannel();
+        $tag = $container->GetImageTag();
+        if ($tag === '') {
+            $tag = $this->GetCurrentChannel();
+        }
 
         $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
         if ($runningDigests === null) {

From 11de2c2551ac50aaea0b95771860ca923af8c8e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 12:22:57 +0000
Subject: [PATCH 1381/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.8-fpm-alpine3.18 to 8.2.9-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3cf52a8d..c86a1711 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.5-cli as docker
 FROM caddy:2.7.3-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.8-fpm-alpine3.18
+FROM php:8.2.9-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 9fe8e7e7fcad483c47694b6ce83a8ecb92967327 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 12:23:02 +0000
Subject: [PATCH 1382/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.7.3-alpine to 2.7.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3cf52a8d..6a74a2cc 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:24.0.5-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.3-alpine as caddy
+FROM caddy:2.7.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.8-fpm-alpine3.18

From 10a9d56654e4a3276535613ea34bdd036777697d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 12:49:00 +0000
Subject: [PATCH 1383/3949] Bump clamav/clamav from 1.1.1-7 to 1.1.1-8 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.1-7 to 1.1.1-8.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e86a03f2..26e0718c 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.1-7
+FROM clamav/clamav:1.1.1-8
 
 COPY clamav.conf /tmp/clamav.conf
 

From 11f8ac51dbaca278f13ee06c8bdd836b3274bddb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 13:57:58 +0000
Subject: [PATCH 1384/3949] Bump caddy from 2.7.3-alpine to 2.7.4-alpine in
 /Containers/apache

Bumps caddy from 2.7.3-alpine to 2.7.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index a787593e..ab49cfc2 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,4 @@
-FROM caddy:2.7.3-alpine as caddy
+FROM caddy:2.7.4-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.18
 

From 60a692ae468b8a021929d9028ecda0c6753a1663 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 18 Aug 2023 21:21:24 +0200
Subject: [PATCH 1385/3949] ntofiy-push - improve healthcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/Dockerfile     | 3 ++-
 Containers/notify-push/healthcheck.sh | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 Containers/notify-push/healthcheck.sh

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 047c911d..225c021b 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,6 +1,7 @@
 FROM alpine:3.18.2
 
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 RUN set -ex; \
     apk add --no-cache \
@@ -17,5 +18,5 @@ RUN set -ex; \
 USER 33
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost 7867 || exit 1
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/notify-push/healthcheck.sh b/Containers/notify-push/healthcheck.sh
new file mode 100644
index 00000000..8dce437e
--- /dev/null
+++ b/Containers/notify-push/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if ! nc -z "$NEXTCLOUD_HOST" 9000; then
+    exit 0
+fi
+
+nc -z localhost 7867 || exit 1

From 774d10931f48bcb795d0487bb4c2c4dc34d664fb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 18 Aug 2023 21:20:00 +0200
Subject: [PATCH 1386/3949] nextcloud - improve healthcheck

Signed-off-by: Simon L <szaimen@e.mail.de>

Revert "nextcloud - improve healthcheck"

This reverts commit d9352c36d3c902c8ab2e884513cd1ba331bac78b.

Update Dockerfile
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e64e808e..5ebba236 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -223,5 +223,5 @@ USER root
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
+HEALTHCHECK --start-period=60s CMD sudo -E -u www-data bash /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"

From 6f517955d404cebda84439105747d8bb9a896df6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 19 Aug 2023 10:25:23 +0200
Subject: [PATCH 1387/3949] fix docker-lint workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/docker-lint.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index cae8fa69..8e5c5903 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -32,10 +32,10 @@ jobs:
           sudo apt-get update
           sudo apt-get install nodejs npm -y --no-install-recommends
           npm install -g dockerfilelint
-          wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch
+          wget https://github.com/replicatedhq/dockerfilelint/pull/201.patch -O /usr/local/lib/node_modules/dockerfilelint/201.patch
           CURRENT_DIR=$PWD
           cd /usr/local/lib/node_modules/dockerfilelint/
-          git apply 184.patch
+          git apply 201.patch
           cd $CURRENT_DIR
           cat << RULES > ./.dockerfilelintrc
           rules:

From 2c83137352adf46ba208f6a4905a09976217025b Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Mon, 21 Aug 2023 04:08:48 +0000
Subject: [PATCH 1388/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index e468cf06..d229bf89 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.14.1@b9d355e0829c397b9b3b47d0c0ed042a8a70284d"/>
+<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>

From 0d1ec70b5915f08d75de8549d6e54de5a5d59961 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Aug 2023 12:33:19 +0000
Subject: [PATCH 1389/3949] Bump clamav/clamav from 1.1.1-8 to 1.1.1-9 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.1-8 to 1.1.1-9.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 26e0718c..5b22f929 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.1-8
+FROM clamav/clamav:1.1.1-9
 
 COPY clamav.conf /tmp/clamav.conf
 

From 70126d289e2b377edd39908021bad8de2f66ab51 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Aug 2023 18:51:31 +0200
Subject: [PATCH 1390/3949] talk - fix eternal relay-ip

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 3e744b62..204e9305 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -21,9 +21,6 @@ fi
 set -x
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-
-IPv4_ADDRESS_NC="$(dig "$NC_DOMAIN" IN A +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" IN AAAA +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
 # Turn
@@ -39,8 +36,8 @@ eturnal:
   log_dir: stdout
   log_level: warning
   secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_NC"
-  relay_ipv6_addr: "$IPv6_ADDRESS_NC"
+  relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv6_addr: "$IPv4_ADDRESS_TALK"
   blacklist:
   - recommended
   whitelist:

From 2868d45882e9fdf2055a93c65d22019ce8125d8d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Aug 2023 22:10:31 +0200
Subject: [PATCH 1391/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2363f379..efa44ce0 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -34,12 +34,9 @@ RUN set -ex; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
 FROM alpine:3.18.2
-ENV STUN_SERVICE="stun.nextcloud.com 443"
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     /usr/local                          /usr/local
 COPY --from=eturnal   /opt/eturnal                        /opt/eturnal
-COPY --from=eturnal   /usr/local/bin/stun                 /usr/local/bin/stun
-COPY --from=eturnal   /usr/local/bin/eturnalctl           /usr/local/bin/eturnalctl
 COPY --from=nats      /nats-server                        /usr/local/bin/nats-server
 COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
@@ -97,7 +94,9 @@ RUN set -ex; \
         /conf \
         /opt/eturnal \
         /var/run/supervisord \
-        /var/log/supervisord;
+        /var/log/supervisord; \
+    ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \
+    ln -s /opt/eturnal/bin/eturnalctl /usr/local/bin/eturnalctl
 
 USER eturnal
 ENTRYPOINT ["/start.sh"]

From fb7ee455ee72c802af6d6d67c3780ba79c44866f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Aug 2023 23:25:57 +0200
Subject: [PATCH 1392/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 204e9305..b168518e 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -37,7 +37,7 @@ eturnal:
   log_level: warning
   secret: "$TURN_SECRET"
   relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
-  relay_ipv6_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
   blacklist:
   - recommended
   whitelist:

From a4e762c297367fd1f6d5b5d5a870d5dfaed44aa7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 22 Aug 2023 23:49:11 +0200
Subject: [PATCH 1393/3949] update links to memories docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 readme.md                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index b990d6c5..58330db3 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -34,7 +34,7 @@ fi
 # Check if /dev/dri device is present and apply correct permissions
 set -x
 if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
-    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    # From https://memories.gallery/hw-transcoding/#docker-installations
     GID="$(stat -c "%g" /dev/dri/renderD128)"
     groupadd -g "$GID" render2 || true # sometimes this is needed
     GROUP="$(getent group "$GID" | cut -d: -f1)"
diff --git a/readme.md b/readme.md
index 7b2c0eeb..e9c710f1 100644
--- a/readme.md
+++ b/readme.md
@@ -644,7 +644,7 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://memories.gallery/hw-transcoding/#va-api).
 
 ### Huge docker logs
 If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.

From 5b101bd9466bc9b79a8f59c5403f1c564ca23c8b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 22 Aug 2023 23:55:56 +0200
Subject: [PATCH 1394/3949] add lint-helm workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 46 +++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/lint-helm.yml

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
new file mode 100644
index 00000000..b7640948
--- /dev/null
+++ b/.github/workflows/lint-helm.yml
@@ -0,0 +1,46 @@
+name: Lint and Test Charts
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - 'nextcloud-aio-helm-chart/**'
+
+jobs:
+  lint-helm:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3.5
+        with:
+          version: v3.11.1
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.4.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        id: lint
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.8.0
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        id: install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}

From 408be25263ab50ec4cf35f6c5205d7aedf047139 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 22 Aug 2023 23:58:23 +0200
Subject: [PATCH 1395/3949] improve the workflow

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index b7640948..9cf7f65c 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -23,24 +23,13 @@ jobs:
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.4.0
 
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
       - name: Run chart-testing (lint)
         id: lint
-        if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Create kind cluster
         uses: helm/kind-action@v1.8.0
-        if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)
         id: install
-        if: steps.list-changed.outputs.changed == 'true'
         run: ct install --target-branch ${{ github.event.repository.default_branch }}

From 32c6c3e5965eebd98d8818e3ccb083500de239d2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 00:03:48 +0200
Subject: [PATCH 1396/3949] adjust workflow to get correct chart-dir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 9cf7f65c..b35d4792 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -25,11 +25,11 @@ jobs:
 
       - name: Run chart-testing (lint)
         id: lint
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs nextcloud-aio-helm-chart
 
       - name: Create kind cluster
         uses: helm/kind-action@v1.8.0
 
       - name: Run chart-testing (install)
         id: install
-        run: ct install --target-branch ${{ github.event.repository.default_branch }}
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --chart-dirs nextcloud-aio-helm-chart

From 6ab598d805a1b62806b780a26d26e3cc4e1d6ee1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 00:09:10 +0200
Subject: [PATCH 1397/3949] another change

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index b35d4792..cd8223b0 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -25,11 +25,11 @@ jobs:
 
       - name: Run chart-testing (lint)
         id: lint
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs nextcloud-aio-helm-chart
+        run: ct lint --debug --chart-dirs nextcloud-aio-helm-chart
 
       - name: Create kind cluster
         uses: helm/kind-action@v1.8.0
 
       - name: Run chart-testing (install)
         id: install
-        run: ct install --target-branch ${{ github.event.repository.default_branch }} --chart-dirs nextcloud-aio-helm-chart
+        run: ct install --debug --chart-dirs nextcloud-aio-helm-chart

From 5e14e807ac42b23ddf4fa1b65659a2b286f8b9c2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 00:14:06 +0200
Subject: [PATCH 1398/3949] WIP

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index cd8223b0..7f02e02e 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -25,7 +25,7 @@ jobs:
 
       - name: Run chart-testing (lint)
         id: lint
-        run: ct lint --debug --chart-dirs nextcloud-aio-helm-chart
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
 
       - name: Create kind cluster
         uses: helm/kind-action@v1.8.0

From a592288f829d27a7647f609912756e3b9bf63e64 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 00:16:27 +0200
Subject: [PATCH 1399/3949] fix it

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 7f02e02e..6bcefd5e 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -32,4 +32,4 @@ jobs:
 
       - name: Run chart-testing (install)
         id: install
-        run: ct install --debug --chart-dirs nextcloud-aio-helm-chart
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart

From 4fa2683b833210bcc8240d5bdc8ba3bb4a0dfeea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 16:39:20 +0200
Subject: [PATCH 1400/3949] Fix OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/run-exec-commands.sh | 7 ++++++-
 php/containers.json                       | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index 5df4962c..a2a6c84a 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -15,9 +15,14 @@ if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
 else
     # Collabora must work also if using manual-install 
     if [ "$COLLABORA_ENABLED" = yes ]; then
-        echo "Activating collabora config..."
+        echo "Activating Collabora config..."
         php /var/www/html/occ richdocuments:activate-config
     fi
+    # OnlyOffice must work also if using manual-install
+    if [ "$ONLYOFFICE_ENABLED" = yes ]; then
+        echo "Activating OnlyOffice config..."
+        php /var/www/html/occ onlyoffice:documentserver --check
+    fi
 fi
 
 sleep inf
diff --git a/php/containers.json b/php/containers.json
index d3047dfd..c3689f6f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -305,7 +305,7 @@
       ],
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
-        "echo 'Activating collabora config...'",
+        "echo 'Activating Collabora config...'",
         "php /var/www/html/occ richdocuments:activate-config"
       ],
       "profiles": [
@@ -563,6 +563,10 @@
         "ONLYOFFICE_SECRET"
       ],
       "restart": "unless-stopped",
+      "nextcloud_exec_commands": [
+        "echo 'Activating OnlyOffice config...'",
+        "php /var/www/html/occ onlyoffice:documentserver --check"
+      ],
       "profiles": [
         "onlyoffice"
       ],

From 936b6becc0127d996a2544cf1cd8e671d26fd8dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Aug 2023 12:23:56 +0000
Subject: [PATCH 1401/3949] Bump elasticsearch from 8.8.1 to 8.9.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.8.1 to 8.9.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index d59127b2..e3655775 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.8.1
+FROM elasticsearch:8.9.1
 
 USER root
 

From b0582edb857539f52e5c5ac6a9dda19f232c733e Mon Sep 17 00:00:00 2001
From: Duvio <can2004kaya@gmail.com>
Date: Thu, 24 Aug 2023 15:22:46 +0200
Subject: [PATCH 1402/3949] Fix spelling mistake in reverse-proxy.md

Signed-off-by: Duvio <can2004kaya@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index b4a1c8f0..1b6fb7cf 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -266,7 +266,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 **Disclaimer:** This config was tested and should normally work on all modern nginx version if you configure it correctly. Improvements to the config are very welcome!
 
-Add the below template to you nginx config.
+Add the below template to your nginx config.
 
 **Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version.
 

From 66857914277b1187e861f661e716f280973b5e80 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 14:09:21 +0200
Subject: [PATCH 1403/3949] add docker-socket-proxy as option

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/dependabot.yml                        |  9 +++
 Containers/docker-socket-proxy/Dockerfile     | 39 ++++++++++
 Containers/docker-socket-proxy/haproxy.cfg    | 72 +++++++++++++++++++
 Containers/nextcloud/entrypoint.sh            | 19 +++++
 manual-install/update-yaml.sh                 |  2 +
 php/containers.json                           | 29 +++++++-
 php/public/disable-docker-socket-proxy.js     |  4 ++
 php/public/index.php                          |  1 +
 php/public/options-form-submit.js             | 12 ++++
 php/src/ContainerDefinitionFetcher.php        |  8 +++
 .../Controller/ConfigurationController.php    |  5 ++
 php/src/Data/ConfigurationManager.php         | 15 ++++
 php/src/Docker/DockerActionManager.php        | 23 ++++--
 php/templates/containers.twig                 |  5 ++
 14 files changed, 236 insertions(+), 7 deletions(-)
 create mode 100644 Containers/docker-socket-proxy/Dockerfile
 create mode 100644 Containers/docker-socket-proxy/haproxy.cfg
 create mode 100644 php/public/disable-docker-socket-proxy.js

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f39c749a..5beec9d0 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -165,3 +165,12 @@ updates:
   labels:
   - 3. to review
   - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/docker-socket-proxy"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
new file mode 100644
index 00000000..b9b5ef87
--- /dev/null
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -0,0 +1,39 @@
+# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile
+FROM haproxy:2.4.24-alpine3.18
+
+RUN set -ex; \
+    apk add --no-cache date; \
+    chmod 777 -R /run/; \
+    chmod 777 -R /var/lib/haproxy
+
+EXPOSE 2375
+ENV ALLOW_RESTARTS=1 \
+    AUTH=1 \
+    BUILD=0 \
+    COMMIT=0 \
+    CONFIGS=0 \
+    CONTAINERS=1 \
+    DISTRIBUTION=0 \
+    EVENTS=1 \
+    EXEC=0 \
+    GRPC=0 \
+    IMAGES=1 \
+    INFO=1 \
+    LOG_LEVEL=info \
+    NETWORKS=1 \
+    NODES=0 \
+    PING=1 \
+    PLUGINS=0 \
+    POST=0 \
+    SECRETS=0 \
+    SERVICES=1 \
+    SESSION=0 \
+    SOCKET_PATH=/var/run/docker.sock \
+    SWARM=0 \
+    SYSTEM=0 \
+    TASKS=0 \
+    VERSION=1 \
+    VOLUMES=1
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+
+USER haproxy:root
diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
new file mode 100644
index 00000000..4eae253d
--- /dev/null
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -0,0 +1,72 @@
+# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
+
+global
+    log stdout format raw daemon "${LOG_LEVEL}"
+
+    pidfile /run/haproxy.pid
+    maxconn 4000
+
+    # Turn on stats unix socket
+    server-state-file /var/lib/haproxy/server-state
+
+defaults
+    mode http
+    log global
+    option httplog
+    option dontlognull
+    option http-server-close
+    option redispatch
+    retries 3
+    timeout http-request 10s
+    timeout queue 1m
+    timeout connect 10s
+    timeout client 10m
+    timeout server 10m
+    timeout http-keep-alive 10s
+    timeout check 10s
+    maxconn 3000
+
+    # Allow seamless reloads
+    load-server-state-from-file global
+
+    # Use provided example error pages
+    errorfile 400 /usr/local/etc/haproxy/errors/400.http
+    errorfile 403 /usr/local/etc/haproxy/errors/403.http
+    errorfile 408 /usr/local/etc/haproxy/errors/408.http
+    errorfile 500 /usr/local/etc/haproxy/errors/500.http
+    errorfile 502 /usr/local/etc/haproxy/errors/502.http
+    errorfile 503 /usr/local/etc/haproxy/errors/503.http
+    errorfile 504 /usr/local/etc/haproxy/errors/504.http
+
+backend dockerbackend
+    server dockersocket $SOCKET_PATH
+
+frontend dockerfrontend
+    bind :2375
+    http-request deny unless METH_GET || { env(POST) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/configs } { env(CONFIGS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/nodes } { env(NODES) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } { env(PING) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/plugins } { env(PLUGINS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } { env(SECRETS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } { env(SERVICES) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } { env(SESSION) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/swarm } { env(SWARM) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/system } { env(SYSTEM) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } { env(TASKS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool }
+    http-request deny
+    default_backend dockerbackend
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5db7d152..980f8a56 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -282,6 +282,8 @@ DATADIR_PERMISSION_CONF
                         touch "$NEXTCLOUD_DATA_DIR/install.failed"
                         exit 1
                     fi
+                    # shellcheck disable=SC2016
+                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 fi
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
@@ -732,5 +734,22 @@ else
     fi
 fi
 
+# Docker socket proxy
+if version_greater "$installed_version" "28.0.0.0"; then
+    if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
+        if ! [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
+            php /var/www/html/occ app:install app_ecosystem_v2
+        elif [ "$(php /var/www/html/occ config:app:get app_ecosystem_v2 enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable app_ecosystem_v2
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update app_ecosystem_v2
+        fi
+    else
+        if [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
+            php /var/www/html/occ app:remove app_ecosystem_v2
+        fi
+    fi
+fi
+
 # Remove the update skip file always
 rm -f "$NEXTCLOUD_DATA_DIR"/skip.update
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 39ac7c37..055466e0 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -20,6 +20,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq
@@ -66,6 +67,7 @@ do
     sed -i "s|$variable|\${$sole_variable}|g" containers.yml
 done
 
+sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' sample.conf
 sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index c3689f6f..a380e355 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -120,7 +120,8 @@
         "nextcloud-aio-clamav",
         "nextcloud-aio-fulltextsearch",
         "nextcloud-aio-talk-recording",
-        "nextcloud-aio-imaginary"
+        "nextcloud-aio-imaginary",
+        "nextcloud-aio-docker-socket-proxy"
       ],
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
@@ -203,7 +204,8 @@
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
         "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
-        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
+        "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -639,6 +641,29 @@
       "secrets": [
         "FULLTEXTSEARCH_PASSWORD"
       ]
+    },
+    {
+      "container_name": "nextcloud-aio-docker-socket-proxy",
+      "display_name": "Docker Socket Proxy",
+      "image": "nextcloud/aio-docker-socket-proxy",
+      "init": true,
+      "internal_port": "2375",
+      "environment": [
+        "TZ=%TIMEZONE%"
+      ],
+      "volumes": [
+        {
+          "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
+          "destination": "/var/run/docker.sock",
+          "writeable": false
+        }
+      ],
+      "restart": "unless-stopped",
+      "read_only": true,
+      "tmpfs": [
+        "/run/",
+        "/var/lib/haproxy"
+      ]
     }
   ]
 }
diff --git a/php/public/disable-docker-socket-proxy.js b/php/public/disable-docker-socket-proxy.js
new file mode 100644
index 00000000..79099423
--- /dev/null
+++ b/php/public/disable-docker-socket-proxy.js
@@ -0,0 +1,4 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Docker socket proxy
+    document.getElementById("docker-socket-proxy").disabled = true;
+});
diff --git a/php/public/index.php b/php/public/index.php
index de46eb41..7397782e 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -121,6 +121,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
+        'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index cbd55fba..a8a4411d 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -14,6 +14,13 @@ function handleTalkVisibility() {
     }
 }
 
+function handleDockerSocketProxyWarning() {
+    let dockerSocketProxy = document.getElementById("docker-socket-proxy");
+    if (dockerSocketProxy.checked) {
+        alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!')
+    }
+}
+
 document.addEventListener("DOMContentLoaded", function(event) {
     // handle submit button for options form
     let optionsFormSubmit = document.getElementById("options-form-submit");
@@ -52,4 +59,9 @@ document.addEventListener("DOMContentLoaded", function(event) {
     // Fulltextsearch
     let fulltextsearch = document.getElementById("fulltextsearch");
     fulltextsearch.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Docker socket proxy
+    let dockerSocketProxy = document.getElementById("docker-socket-proxy");
+    dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
+    dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
 });
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 14cd9c25..3438b889 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -93,6 +93,10 @@ class ContainerDefinitionFetcher
                 if (!$this->configurationManager->isFulltextsearchEnabled()) {
                     continue;
                 }
+            } elseif ($entry['container_name'] === 'nextcloud-aio-docker-socket-proxy') {
+                if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
+                    continue;
+                }
             }
 
             $ports = new ContainerPorts();
@@ -195,6 +199,10 @@ class ContainerDefinitionFetcher
                         if (!$this->configurationManager->isFulltextsearchEnabled()) {
                             continue;
                         }
+                    } elseif ($value === 'nextcloud-aio-docker-socket-proxy') {
+                        if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
+                            continue;
+                        }
                     }
                     $dependsOn[] = $value;
                 }
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 1dbb20f5..b7271398 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -110,6 +110,11 @@ class ConfigurationController
                 } else {
                     $this->configurationManager->SetFulltextsearchEnabledState(0);
                 }
+                if (isset($request->getParsedBody()['docker-socket-proxy'])) {
+                    $this->configurationManager->SetDockerSocketProxyEnabledState(1);
+                } else {
+                    $this->configurationManager->SetDockerSocketProxyEnabledState(0);
+                }
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9bb6fbc9..86a04d5e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -149,6 +149,21 @@ class ConfigurationManager
         }
     }
 
+    public function isDockerSocketProxyEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isDockerSocketProxyEnabled']) && $config['isDockerSocketProxyEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetDockerSocketProxyEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isDockerSocketProxyEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
     public function SetClamavEnabledState(int $value) : void {
         $config = $this->GetConfig();
         $config['isClamavEnabled'] = $value;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3a3d9c61..0e9228d6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -346,6 +346,12 @@ class DockerActionManager
                     } else {
                         $replacements[1] = '';
                     }
+                } elseif ($out[1] === 'DOCKER_SOCKET_PROXY_ENABLED') {
+                    if ($this->configurationManager->isDockerSocketProxyEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
@@ -406,7 +412,11 @@ class DockerActionManager
                 $portWithProtocol = $value->port . '/' . $value->protocol;
                 $exposedPorts[$portWithProtocol] = null;
             }
-            $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
+            if ($container->GetIdentifier() !== 'nextcloud-aio-docker-socket-proxy') {
+                $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
+            } else {
+                $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio-docker-socket-proxy-network';
+            }
         } else {
             $requestBody['HostConfig']['NetworkMode'] = 'host';
         }
@@ -763,13 +773,12 @@ class DockerActionManager
         }
     }
 
-    private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio') : void
     {
         if ($internalPort === 'host') {
             return;
         }
 
-        $network = 'nextcloud-aio';
         $url = $this->BuildApiUrl('networks/create');
         try {
             $this->guzzleClient->request(
@@ -777,7 +786,7 @@ class DockerActionManager
                 $url,
                 [
                     'json' => [
-                        'Name' => 'nextcloud-aio',
+                        'Name' => $network,
                         'CheckDuplicate' => true,
                         'Driver' => 'bridge',
                         'Internal' => false,
@@ -815,13 +824,17 @@ class DockerActionManager
     public function ConnectMasterContainerToNetwork() : void
     {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
+        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '', 'nextcloud-aio-docker-socket-proxy-network');
         // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
         // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-      $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
+        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
+        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
+            $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), 'nextcloud-aio-docker-socket-proxy-network');
+        }
     }
 
     public function StopContainer(Container $container) : void {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e47baff4..0eab3f36 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -574,6 +574,11 @@
                         {% else %}
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
+                        {% if is_docker_socket_proxy_enabled == true %}
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for app-ecosystem v2)</label><br><br>
+                        {% else %}
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for app-ecosystem v2)</label><br><br>
+                        {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>

From 4a7ed522137443cd4770af669e3e1e95436d7ada Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:38:50 +0200
Subject: [PATCH 1404/3949] should be available with 27.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 980f8a56..762899b1 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -735,7 +735,7 @@ else
 fi
 
 # Docker socket proxy
-if version_greater "$installed_version" "28.0.0.0"; then
+if version_greater "$installed_version" "27.1.0.0"; then
     if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
         if ! [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
             php /var/www/html/occ app:install app_ecosystem_v2

From d4e61d2b32843accb479c5acfde411f2d24a4b10 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:43:26 +0200
Subject: [PATCH 1405/3949] disable selinux for watchtower and
 docker-socket-proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3a3d9c61..d80b7e8e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -499,6 +499,9 @@ class DockerActionManager
                 }
                 $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             }
+        // Special things for the watchtower and docker-socket-proxy container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
+            $requestBody['HostConfig']['SecurityOpt'] = ["label=disabled"];
         }
 
         if (count($mounts) > 0) {

From 6d11b9c72fec53b126e82dc64a7a07cdf0cd0f45 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:46:40 +0200
Subject: [PATCH 1406/3949] disable services and events

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index b9b5ef87..ed41c563 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -14,7 +14,7 @@ ENV ALLOW_RESTARTS=1 \
     CONFIGS=0 \
     CONTAINERS=1 \
     DISTRIBUTION=0 \
-    EVENTS=1 \
+    EVENTS=0 \
     EXEC=0 \
     GRPC=0 \
     IMAGES=1 \
@@ -26,7 +26,7 @@ ENV ALLOW_RESTARTS=1 \
     PLUGINS=0 \
     POST=0 \
     SECRETS=0 \
-    SERVICES=1 \
+    SERVICES=0 \
     SESSION=0 \
     SOCKET_PATH=/var/run/docker.sock \
     SWARM=0 \

From d2d091669669685d378fa7ff96cd2b88669e7379 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:48:16 +0200
Subject: [PATCH 1407/3949] add link to project and use correct name

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0eab3f36..bd066d89 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -575,9 +575,9 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         {% if is_docker_socket_proxy_enabled == true %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for app-ecosystem v2)</label><br><br>
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for app-ecosystem v2)</label><br><br>
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br>
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From 7f4e606d6037b4ecc51c296c9fbb7778f6e0308b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:53:03 +0200
Subject: [PATCH 1408/3949] fix docker build

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ed41c563..8b464692 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,6 +1,8 @@
 # Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile
 FROM haproxy:2.4.24-alpine3.18
 
+USER root
+
 RUN set -ex; \
     apk add --no-cache date; \
     chmod 777 -R /run/; \

From ddae2673cdbb65eb5e29d8e3083f870c8e52c7dc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 15:54:22 +0200
Subject: [PATCH 1409/3949] add tzdata into container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 8b464692..b8eb3364 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -4,7 +4,7 @@ FROM haproxy:2.4.24-alpine3.18
 USER root
 
 RUN set -ex; \
-    apk add --no-cache date; \
+    apk add --no-cache tzdata; \
     chmod 777 -R /run/; \
     chmod 777 -R /var/lib/haproxy
 

From 53fae60c4e258cea9cff518c16d8337d42e43eec Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 16:09:05 +0200
Subject: [PATCH 1410/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index bd066d89..bb21000d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -587,6 +587,7 @@
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}
                     {% if isAnyRunning == true %}
+                        <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
                         <script type="text/javascript" src="disable-talk.js"></script>
                         <script type="text/javascript" src="disable-collabora.js"></script>
                         <script type="text/javascript" src="disable-onlyoffice.js"></script>

From c4fb5a096177d54e91084176f2cc2b51b453cc70 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 16:18:03 +0200
Subject: [PATCH 1411/3949] improve some deails with docker-socket-proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile  | 4 +++-
 Containers/docker-socket-proxy/haproxy.cfg | 2 +-
 php/src/Docker/DockerActionManager.php     | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index b8eb3364..8bb25982 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -26,7 +26,7 @@ ENV ALLOW_RESTARTS=1 \
     NODES=0 \
     PING=1 \
     PLUGINS=0 \
-    POST=0 \
+    POST=1 \
     SECRETS=0 \
     SERVICES=0 \
     SESSION=0 \
@@ -39,3 +39,5 @@ ENV ALLOW_RESTARTS=1 \
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
 USER haproxy:root
+
+HEALTHCHECK CMD nc -z 127.0.0.1 2375 || exit 1
diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 4eae253d..44545e02 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -7,7 +7,7 @@ global
     maxconn 4000
 
     # Turn on stats unix socket
-    server-state-file /var/lib/haproxy/server-state
+    # server-state-file /var/lib/haproxy/server-state
 
 defaults
     mode http
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0e9228d6..3acbcb3f 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -831,7 +831,9 @@ class DockerActionManager
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
+        if ($container->GetIdentifier() !== 'nextcloud-aio-docker-socket-proxy') {
+            $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
+        }
         if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
             $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), 'nextcloud-aio-docker-socket-proxy-network');
         }

From e0b319683986132a44ecb8fbdbba2ca9bc6790dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Aug 2023 14:27:02 +0000
Subject: [PATCH 1412/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.4.24-alpine3.18 to 2.8.2-alpine3.18.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 8bb25982..01ea9c88 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile
-FROM haproxy:2.4.24-alpine3.18
+FROM haproxy:2.8.2-alpine3.18
 
 USER root
 

From 2661e85aa39c946ac7ff9d499b370a8edd353a56 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 16:40:46 +0200
Subject: [PATCH 1413/3949] fix further detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 44545e02..8143c832 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -27,7 +27,7 @@ defaults
     maxconn 3000
 
     # Allow seamless reloads
-    load-server-state-from-file global
+    # load-server-state-from-file global
 
     # Use provided example error pages
     errorfile 400 /usr/local/etc/haproxy/errors/400.http

From 5893fdd03b59da2d4dab2c33becbdcf9438d2803 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 16:58:01 +0200
Subject: [PATCH 1414/3949] fix socket permissions permissions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 01ea9c88..21176d35 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -38,6 +38,6 @@ ENV ALLOW_RESTARTS=1 \
     VOLUMES=1
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
-USER haproxy:root
+USER root
 
 HEALTHCHECK CMD nc -z 127.0.0.1 2375 || exit 1

From 46105d00bb10dc8193de89a74af5c9acf258b097 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 17:36:39 +0200
Subject: [PATCH 1415/3949] make sure that DOCKER_SOCKET_PROXY_ENABLED is
 actually removed in update-yaml.sh

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 055466e0..97d9983a 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -36,9 +36,7 @@ sed -i 's|- source: |- |' containers.yml
 sed -i 's|- ip_binding: |- |' containers.yml
 sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
-
-sed -i '/AIO_TOKEN/d' sample.conf
-sed -i '/AIO_URL/d' sample.conf
+sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
@@ -67,7 +65,6 @@ do
     sed -i "s|$variable|\${$sole_variable}|g" containers.yml
 done
 
-sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' sample.conf
 sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf

From 0fce3d9319e3706ad46b225f97f9f698386d4d39 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 10:24:14 +0200
Subject: [PATCH 1416/3949] fix securityopt label disabled

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 readme.md                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c11db419..4ed45411 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -511,7 +511,7 @@ class DockerActionManager
             }
         // Special things for the watchtower and docker-socket-proxy container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
-            $requestBody['HostConfig']['SecurityOpt'] = ["label=disabled"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
         }
 
         if (count($mounts) > 0) {
diff --git a/readme.md b/readme.md
index e9c710f1..9a51284f 100644
--- a/readme.md
+++ b/readme.md
@@ -280,7 +280,7 @@ Afterwards it should work.<br>
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
 
 ### Are there known problems when SELinux is enabled?
-Yes. If SELinux is enabled, you might need to add the `--security-opt label=disabled` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label=disabled"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485
+Yes. If SELinux is enabled, you might need to add the `--security-opt label:disable` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label:disable"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485
 
 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.

From e13edafa16f8b32f3ce97a1304364584045f1fda Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 10:45:09 +0200
Subject: [PATCH 1417/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 97d9983a..8c0470bd 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -21,6 +21,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].depends_on |= del(.[index("nextcloud-aio-docker-socket-proxy")]))')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq

From 5cae52b1ee2810360c7ce722dfd09db9a715f490 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 10:48:08 +0200
Subject: [PATCH 1418/3949] fix another detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 8c0470bd..e966c19c 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -21,7 +21,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].depends_on |= del(.[index("nextcloud-aio-docker-socket-proxy")]))')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= del(.[index("nextcloud-aio-docker-socket-proxy")])')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq

From 0da1b0879f9cfddf03165d0746aa906ddff74bea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 11:01:28 +0200
Subject: [PATCH 1419/3949] one last try

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index e966c19c..82a74abb 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -21,7 +21,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= del(.[index("nextcloud-aio-docker-socket-proxy")])')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")])')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq

From 8b2963d564d9a9c2afe6c1adc1ab6acf8f4d4abc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 15:29:45 +0200
Subject: [PATCH 1420/3949] fix it

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 82a74abb..d364a0b0 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -21,7 +21,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[].depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")])')"
+OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 snap install yq

From fbafc25c7de5298fbf98835cb281e93ecdc606af Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 18:18:09 +0200
Subject: [PATCH 1421/3949] add a warning regarding using the daily-backup
 script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.md b/readme.md
index 9a51284f..a1c5d5a6 100644
--- a/readme.md
+++ b/readme.md
@@ -532,6 +532,8 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
+⚠️⚠️⚠️ **Waring**: The below script will only work **after** the initial setup of AIO. So you will always need to **first visit the AIO interface**, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup.
+
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.

From aac609f64d53ac5765ef1577f15d65acc46a3f50 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 18:18:55 +0200
Subject: [PATCH 1422/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a1c5d5a6..f00a3c4f 100644
--- a/readme.md
+++ b/readme.md
@@ -532,7 +532,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
-⚠️⚠️⚠️ **Waring**: The below script will only work **after** the initial setup of AIO. So you will always need to **first visit the AIO interface**, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup.
+⚠️⚠️⚠️ **Warning**: The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup.
 
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.

From 76f56ec6a821892a62b5b82df92ddf48e9009e37 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 25 Aug 2023 18:20:30 +0200
Subject: [PATCH 1423/3949] add some words

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index f00a3c4f..85fbcc35 100644
--- a/readme.md
+++ b/readme.md
@@ -532,7 +532,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
-⚠️⚠️⚠️ **Warning**: The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup.
+⚠️⚠️⚠️ **Warning**: The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script.
 
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.

From faa332186335081231a9bfe5cfe2790b475b225e Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 27 Aug 2023 12:02:06 +0000
Subject: [PATCH 1424/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index f42fd3c9..fdb6a335 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.7.0",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5"
+                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/fb7566caccf22d74d1ab270de3551f72a58399f5",
-                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1110f66a6530a40fe7aea0378fe608ee2b2248f9",
+                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5.3 || ^2.0",
-                "guzzlehttp/psr7": "^1.9.1 || ^2.4.5",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0.1",
+                "guzzlehttp/psr7": "^1.9.1 || ^2.5.1",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.7.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.8.0"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-21T14:04:53+00:00"
+            "time": "2023-08-27T10:20:53+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -217,16 +217,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.6.0",
+            "version": "2.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "8bd7c33a0734ae1c5d074360512beb716bef3f77"
+                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/8bd7c33a0734ae1c5d074360512beb716bef3f77",
-                "reference": "8bd7c33a0734ae1c5d074360512beb716bef3f77",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
+                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
                 "shasum": ""
             },
             "require": {
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.6.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.6.1"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-03T15:06:02+00:00"
+            "time": "2023-08-27T10:13:57+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 43a77772c7cfeab434a326810970b5bbacc71371 Mon Sep 17 00:00:00 2001
From: sjjh <2787214+sjjh@users.noreply.github.com>
Date: Sun, 27 Aug 2023 21:16:12 +0200
Subject: [PATCH 1425/3949] typo in Update start.sh

typo in comment: makre -> make

Signed-off-by: sjjh <2787214+sjjh@users.noreply.github.com>
---
 Containers/apache/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 6095ea09..6cfb8d35 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -63,7 +63,7 @@ mkdir -p /mnt/data/caddy-imports
 # Remove falsely added Nextcloud conf
 rm -f /mnt/data/caddy-imports/nextcloud
 
-# Makre sure that the caddy-imports dir is not empty
+# Make sure that the caddy-imports dir is not empty
 echo "# empty file so that caddy does not print a warning" > /mnt/data/caddy-imports/empty
 
 # Fix apache startup

From e55e191033d26638b2800145b8b722171a337db7 Mon Sep 17 00:00:00 2001
From: sjjh <2787214+sjjh@users.noreply.github.com>
Date: Sun, 27 Aug 2023 21:20:17 +0200
Subject: [PATCH 1426/3949] Update readme.md: typo

removed double "warning"

Signed-off-by: sjjh <2787214+sjjh@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 85fbcc35..ab821b17 100644
--- a/readme.md
+++ b/readme.md
@@ -549,7 +549,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to change the default location of Nextcloud's Datadir?
-⚠️⚠️⚠️ **Warning:** Warning: do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
+⚠️⚠️⚠️ **Warning:** Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 

From 9b9f72dcb8ed99631efd8e496a8927d86dde5cb8 Mon Sep 17 00:00:00 2001
From: sjjh <2787214+sjjh@users.noreply.github.com>
Date: Sun, 27 Aug 2023 21:37:14 +0200
Subject: [PATCH 1427/3949] Update backupscript.sh: slight rewording for
 consistency

Added some full stops, changed some wording, changed capitalisation, ...in some "echo"-statements  to improve consistency for user outputs.

Signed-off-by: sjjh <2787214+sjjh@users.noreply.github.com>
---
 Containers/borgbackup/backupscript.sh | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 6888dbe7..682091a7 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -35,19 +35,19 @@ done
 
 # Check if target is mountpoint
 if ! mountpoint -q /mnt/borgbackup; then
-    echo "/mnt/borgbackup is not a mountpoint which is not allowed"
+    echo "/mnt/borgbackup is not a mountpoint which is not allowed."
     exit 1
 fi
 
 # Check if target is empty
 if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-    echo "The repository is empty. cannot perform check or restore."
+    echo "The repository is empty. Cannot perform check or restore."
     exit 1
 fi
 
 # Do not continue if this file exists (needed for simple external blocking)
 if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
-    echo "Not continuing because aio-lockfile exists - it seems like a script is externally running which is locking the backup archive."
+    echo "Not continuing because aio-lockfile exists -- it seems like a script is externally running which is locking the backup archive."
     echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
     exit 1
 fi
@@ -65,10 +65,10 @@ if [ "$BORG_MODE" = backup ]; then
         echo "configuration.json not present. Cannot perform the backup!"
         exit 1
     elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/config/config.php" ]; then
-        echo "config.php is missing cannot perform backup"
+        echo "config.php is missing. Cannot perform backup!"
         exit 1
     elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/database-dump.sql" ]; then
-        echo "database-dump is missing. cannot perform backup"
+        echo "database-dump is missing. Cannot perform backup!"
         exit 1
     fi
 
@@ -101,7 +101,7 @@ if [ "$BORG_MODE" = backup ]; then
             exit 1
         fi
 
-        echo "initializing repository..."
+        echo "Initializing repository..."
         NEW_REPOSITORY=1
         if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
             echo "Could not initialize borg repository."
@@ -212,7 +212,7 @@ if [ "$BORG_MODE" = backup ]; then
             fi
             echo "Compacting additional volumes..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
-                echo "Failed to compact archives!"
+                echo "Failed to compact additional docker-volume archives!"
                 exit 1
             fi
         fi
@@ -242,7 +242,7 @@ if [ "$BORG_MODE" = backup ]; then
             fi
             echo "Compacting additional host mounts..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
-                echo "Failed to compact archives!"
+                echo "Failed to compact additional host-mount archives!"
                 exit 1
             fi
         fi
@@ -250,7 +250,7 @@ if [ "$BORG_MODE" = backup ]; then
 
     # Inform user
     get_expiration_time
-    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/update.failed" ]; then
         echo "However a Nextcloud update failed. So reporting that the backup failed which will skip any update attempt the next time."
         echo "Please restore a backup from before the failed Nextcloud update attempt."
@@ -361,7 +361,7 @@ if [ "$BORG_MODE" = restore ]; then
 
     # Inform user
     get_expiration_time
-    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
 
     # Add file to Nextcloud container so that it skips any update the next time
     touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
@@ -389,7 +389,7 @@ if [ "$BORG_MODE" = check ]; then
 
     # Inform user
     get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
     exit 0
 fi
 
@@ -406,7 +406,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
 
     # Inform user
     get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
     exit 0
 fi
 

From e03e440653bb3ab4ec7a2dab4f488442ce187537 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 28 Aug 2023 08:43:01 +0200
Subject: [PATCH 1428/3949] Use en-dash

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 682091a7..f5f844d5 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -47,7 +47,7 @@ fi
 
 # Do not continue if this file exists (needed for simple external blocking)
 if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
-    echo "Not continuing because aio-lockfile exists -- it seems like a script is externally running which is locking the backup archive."
+    echo "Not continuing because aio-lockfile exists – it seems like a script is externally running which is locking the backup archive."
     echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
     exit 1
 fi

From 0f5a349413a47e687967adc7a8c2449c0a8442b1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 28 Aug 2023 12:02:28 +0000
Subject: [PATCH 1429/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 56 +++++++++++++++++++++++------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fdb6a335..983aaac4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1465,16 +1465,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.27.0",
+            "version": "v1.28.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
+                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
-                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
+                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
                 "shasum": ""
             },
             "require": {
@@ -1489,7 +1489,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.27-dev"
+                    "dev-main": "1.28-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1527,7 +1527,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0"
             },
             "funding": [
                 {
@@ -1543,20 +1543,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2023-01-26T09:26:14+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.27.0",
+            "version": "v1.28.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
+                "reference": "42292d99c55abe617799667f454222c54c60e229"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
-                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229",
+                "reference": "42292d99c55abe617799667f454222c54c60e229",
                 "shasum": ""
             },
             "require": {
@@ -1571,7 +1571,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.27-dev"
+                    "dev-main": "1.28-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1610,7 +1610,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0"
             },
             "funding": [
                 {
@@ -1626,20 +1626,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2023-07-28T09:04:16+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.27.0",
+            "version": "v1.28.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a"
+                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/707403074c8ea6e2edaf8794b0157a0bfa52157a",
-                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/7581cd600fa9fd681b797d00b02f068e2f13263b",
+                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b",
                 "shasum": ""
             },
             "require": {
@@ -1648,7 +1648,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.27-dev"
+                    "dev-main": "1.28-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1689,7 +1689,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.28.0"
             },
             "funding": [
                 {
@@ -1705,20 +1705,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2023-01-26T09:26:14+00:00"
         },
         {
             "name": "twig/twig",
-            "version": "v3.7.0",
+            "version": "v3.7.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "5cf942bbab3df42afa918caeba947f1b690af64b"
+                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/5cf942bbab3df42afa918caeba947f1b690af64b",
-                "reference": "5cf942bbab3df42afa918caeba947f1b690af64b",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
                 "shasum": ""
             },
             "require": {
@@ -1728,7 +1728,7 @@
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3"
             },
             "type": "library",
             "autoload": {
@@ -1764,7 +1764,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
             },
             "funding": [
                 {
@@ -1776,7 +1776,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-07-26T07:16:09+00:00"
+            "time": "2023-08-28T11:09:02+00:00"
         }
     ],
     "packages-dev": [],

From cf0113b1231450bf4254726afcd96d3e121b1131 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Aug 2023 12:38:09 +0000
Subject: [PATCH 1430/3949] Bump python in /Containers/talk-recording

Bumps python from 3.11.4-alpine3.18 to 3.11.5-alpine3.18.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index b58c041b..25e896aa 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11.4-alpine3.18
+FROM python:3.11.5-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 

From b3e5a152133bbcdfe6a5156161a5ebe4fbeef18e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Aug 2023 12:55:16 +0000
Subject: [PATCH 1431/3949] Bump clamav/clamav from 1.1.1-9 to 1.1.1-10 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.1-9 to 1.1.1-10.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 5b22f929..b596fdb8 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.1-9
+FROM clamav/clamav:1.1.1-10
 
 COPY clamav.conf /tmp/clamav.conf
 

From 5bcbe4ec7d6a388658b3f68b7461d13b45befe09 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 28 Aug 2023 15:05:57 +0200
Subject: [PATCH 1432/3949] fix nc-update script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 92e19827..9d38ff16 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -63,7 +63,9 @@ jobs:
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
-        sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
+        if [ -n "$NCVERSION" ]; then
+          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
+        fi
 
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5

From c83f97911b6717e2b9618fb23292f051bbd8cb4e Mon Sep 17 00:00:00 2001
From: sjjh <2787214+sjjh@users.noreply.github.com>
Date: Mon, 28 Aug 2023 18:14:07 +0200
Subject: [PATCH 1433/3949] Update reverse-proxy.md: clarified that unencrypted
 HTTP traffic is expected

response to #3266

Signed-off-by: sjjh <2787214+sjjh@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1b6fb7cf..b7dbfdae 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify the port to your needings.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. Modify the port to your needings.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**

From 1dfab726c4aaff22145f452e94a76426debc43fa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 29 Aug 2023 12:02:46 +0200
Subject: [PATCH 1434/3949] adjust wording what to do if backup creation fails

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index f5f844d5..d10486bf 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -81,9 +81,17 @@ if [ "$BORG_MODE" = backup ]; then
     done
 
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/export.failed" ]; then
-        echo "Database export failed the last time. Most likely was the export time not high enough."
         echo "Cannot create a backup now."
-        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
+        echo "Reason is that the database export failed the last time."
+        echo "Most likely was the database container not correctly shut down via the AIO interface."
+        echo ""
+        echo "You might want to try the database export again manually by running the three commands:"
+        echo "sudo docker start nextcloud-aio-database"
+        echo "sleep 10"
+        echo "sudo docker stop nextcloud-aio-database -t 1800"
+        echo ""
+        echo "Afterwards try to create a backup again and it should hopefully work."
+        echo "If it should still fail, feel free to report this to https://github.com/nextcloud/all-in-one/issues and post the database container logs and the borgbackup container logs into the thread. Thanks!"
         exit 1
     fi
 

From 42b852f18d12285abb5cdda8a6c93e8eea2be901 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Aug 2023 12:28:07 +0000
Subject: [PATCH 1435/3949] Bump clamav/clamav from 1.1.1-10 to 1.2.0-1 in
 /Containers/clamav

Bumps clamav/clamav from 1.1.1-10 to 1.2.0-1.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index b596fdb8..2d1fb25c 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.1.1-10
+FROM clamav/clamav:1.2.0-1
 
 COPY clamav.conf /tmp/clamav.conf
 

From 9cc459731891cce9e9d0d117d5973f6974487197 Mon Sep 17 00:00:00 2001
From: Samuel Plumppu <6125097+Greenheart@users.noreply.github.com>
Date: Tue, 29 Aug 2023 16:25:39 +0200
Subject: [PATCH 1436/3949] Update readme.md

Signed-off-by: Samuel Plumppu <6125097+Greenheart@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index ab821b17..bb248082 100644
--- a/readme.md
+++ b/readme.md
@@ -51,7 +51,7 @@ Included are:
 - Nextcloud can be [accessed locally via the domain](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
 - Can [be installed locally](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md) (if you don't want or cannot make the instance publicly reachable)
 - [IPv6-ready](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md)
-- Can be used with [Docker rootles](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
+- Can be used with [Docker rootless](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
 - Runs on all platforms Docker supports (e.g. also on Windows and Macos)
 - Included containers easy to debug by having the possibility to check their logs directly from the AIO interface
 - [Docker-compose ready](./compose.yaml)

From 722cb9802a68630870d2adff76876a6ba0f1b061 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 12:42:57 +0200
Subject: [PATCH 1437/3949] disable docker-socket-proxy temporarily

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/disable-docker-socket-proxy.js | 5 ++++-
 php/public/options-form-submit.js         | 6 ++++--
 php/templates/containers.twig             | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/php/public/disable-docker-socket-proxy.js b/php/public/disable-docker-socket-proxy.js
index 79099423..7491042e 100644
--- a/php/public/disable-docker-socket-proxy.js
+++ b/php/public/disable-docker-socket-proxy.js
@@ -1,4 +1,7 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Docker socket proxy
-    document.getElementById("docker-socket-proxy").disabled = true;
+    let dockerSocketProxy = document.getElementById("docker-socket-proxy");
+    if (dockerSocketProxy) {
+        dockerSocketProxy.disabled = true;
+    }
 });
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index a8a4411d..75a52c85 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -62,6 +62,8 @@ document.addEventListener("DOMContentLoaded", function(event) {
 
     // Docker socket proxy
     let dockerSocketProxy = document.getElementById("docker-socket-proxy");
-    dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
-    dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
+    if (dockerSocketProxy) {
+        dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
+        dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
+    }
 });
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index bb21000d..a971adc1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -577,7 +577,7 @@
                         {% if is_docker_socket_proxy_enabled == true %}
                             <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br>
+                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br> #}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From 9b9b778f90fc67b5db49a6a750c86ef249b2c964 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 24 Aug 2023 17:30:48 +0200
Subject: [PATCH 1438/3949] dont create an additional network

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4ed45411..f982e750 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -412,11 +412,7 @@ class DockerActionManager
                 $portWithProtocol = $value->port . '/' . $value->protocol;
                 $exposedPorts[$portWithProtocol] = null;
             }
-            if ($container->GetIdentifier() !== 'nextcloud-aio-docker-socket-proxy') {
-                $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
-            } else {
-                $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio-docker-socket-proxy-network';
-            }
+            $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
         } else {
             $requestBody['HostConfig']['NetworkMode'] = 'host';
         }
@@ -827,19 +823,13 @@ class DockerActionManager
     public function ConnectMasterContainerToNetwork() : void
     {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
-        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '', 'nextcloud-aio-docker-socket-proxy-network');
         // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
         // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-        if ($container->GetIdentifier() !== 'nextcloud-aio-docker-socket-proxy') {
-            $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
-        }
-        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
-            $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), 'nextcloud-aio-docker-socket-proxy-network');
-        }
+        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
     }
 
     public function StopContainer(Container $container) : void {

From 480ac49358b3850ee653c9fb58a39ada2b2e3c5f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 12:52:23 +0200
Subject: [PATCH 1439/3949] increase to 7.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a971adc1..3da69b98 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.0.0</h1>
+        <h1>Nextcloud AIO v7.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 5795286a7b9cb0a4359f96600d45869b8f40080c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 24 Aug 2023 16:24:47 +0200
Subject: [PATCH 1440/3949] Create start.sh

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/docker-socket-proxy/start.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 Containers/docker-socket-proxy/start.sh

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
new file mode 100644
index 00000000..dc6e9527
--- /dev/null
+++ b/Containers/docker-socket-proxy/start.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+openssl req -nodes -new -x509 -subj '/CN=*' -sha256 -keyout /etc/privkey.pem -out /etc/fullchain.pem -days 365000
+cat /etc/fullchain.pem /etc/privkey.pem | tee /etc/cert.pem
+
+set -x
+IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g"
+sed -i '/NC_IPV4_PLACEHOLDER/d' /conf/eturnal.yml
+
+IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+sed -i "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|g"
+sed -i '/NC_IPV6_PLACEHOLDER/d' /conf/eturnal.yml
+set +x
+
+haproxy -f /haproxy.cfg -db

From 685786c5f6e9b2b6a21f210d2f72ab97ffe53851 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 24 Aug 2023 16:46:35 +0200
Subject: [PATCH 1441/3949] Update start.sh

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/docker-socket-proxy/start.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index dc6e9527..3496002c 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -3,6 +3,12 @@
 openssl req -nodes -new -x509 -subj '/CN=*' -sha256 -keyout /etc/privkey.pem -out /etc/fullchain.pem -days 365000
 cat /etc/fullchain.pem /etc/privkey.pem | tee /etc/cert.pem
 
+# Only start container if nextcloud is accessible
+while ! nc -z "$NEXTCLOUD_HOST" 9000; do
+    echo "Waiting for Nextcloud to start..."
+    sleep 5
+done
+
 set -x
 IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
 sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g"

From e33f797da1880e40d4777b4505516b471063fa54 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 24 Aug 2023 20:51:04 +0200
Subject: [PATCH 1442/3949] remove https

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/docker-socket-proxy/start.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index 3496002c..250dc34f 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -1,8 +1,5 @@
 #!/bin/sh
 
-openssl req -nodes -new -x509 -subj '/CN=*' -sha256 -keyout /etc/privkey.pem -out /etc/fullchain.pem -days 365000
-cat /etc/fullchain.pem /etc/privkey.pem | tee /etc/cert.pem
-
 # Only start container if nextcloud is accessible
 while ! nc -z "$NEXTCLOUD_HOST" 9000; do
     echo "Waiting for Nextcloud to start..."

From 0fbd7768e0644de0f4751263eba58967875afa66 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 24 Aug 2023 21:02:49 +0200
Subject: [PATCH 1443/3949] Update start.sh

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/docker-socket-proxy/start.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index 250dc34f..43151bcd 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -9,11 +9,11 @@ done
 set -x
 IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
 sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g"
-sed -i '/NC_IPV4_PLACEHOLDER/d' /conf/eturnal.yml
+sed -i "s# || { src NC_IPV4_PLACEHOLDER }##g" /conf/haproxy.cfg
 
 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 sed -i "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|g"
-sed -i '/NC_IPV6_PLACEHOLDER/d' /conf/eturnal.yml
+sed -i "s# || { src NC_IPV6_PLACEHOLDER }##g" /conf/haproxy.cfg
 set +x
 
-haproxy -f /haproxy.cfg -db
+haproxy -f /conf/haproxy.cfg -db

From 5ad26a42fd451441f8f08dbe4b96f5993d22e52f Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 24 Aug 2023 21:04:30 +0200
Subject: [PATCH 1444/3949] Update containers.json

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index a380e355..8d82bedd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -661,7 +661,8 @@
       "restart": "unless-stopped",
       "read_only": true,
       "tmpfs": [
-        "/run/",
+        "/run",
+        "/conf",
         "/var/lib/haproxy"
       ]
     }

From 7c102626d6dc07af1109a085b06b0e19df3581d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 30 Aug 2023 12:37:41 +0000
Subject: [PATCH 1445/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.2.2.1 to 23.05.3.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 37a7e5f4..e90c9e5d 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.2.2.1
+FROM collabora/code:23.05.3.1.1
 
 USER root
 

From cac797114a8613dcf09c47df025dee5cddafe186 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 14:59:08 +0200
Subject: [PATCH 1446/3949] restore lost changes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile  | 43 ++---------
 Containers/docker-socket-proxy/haproxy.cfg | 84 +++++-----------------
 2 files changed, 23 insertions(+), 104 deletions(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 21176d35..4b24373f 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,43 +1,10 @@
-# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile
 FROM haproxy:2.8.2-alpine3.18
 
 USER root
+RUN apk add --no-cache ca-certificates tzdata bind-tools
 
-RUN set -ex; \
-    apk add --no-cache tzdata; \
-    chmod 777 -R /run/; \
-    chmod 777 -R /var/lib/haproxy
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=664 haproxy.cfg /conf/haproxy.cfg
 
-EXPOSE 2375
-ENV ALLOW_RESTARTS=1 \
-    AUTH=1 \
-    BUILD=0 \
-    COMMIT=0 \
-    CONFIGS=0 \
-    CONTAINERS=1 \
-    DISTRIBUTION=0 \
-    EVENTS=0 \
-    EXEC=0 \
-    GRPC=0 \
-    IMAGES=1 \
-    INFO=1 \
-    LOG_LEVEL=info \
-    NETWORKS=1 \
-    NODES=0 \
-    PING=1 \
-    PLUGINS=0 \
-    POST=1 \
-    SECRETS=0 \
-    SERVICES=0 \
-    SESSION=0 \
-    SOCKET_PATH=/var/run/docker.sock \
-    SWARM=0 \
-    SYSTEM=0 \
-    TASKS=0 \
-    VERSION=1 \
-    VOLUMES=1
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
-
-USER root
-
-HEALTHCHECK CMD nc -z 127.0.0.1 2375 || exit 1
+ENTRYPOINT ["/start.sh"]
+HEALTHCHECK CMD [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" = "OK" ] || exit 1
diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 8143c832..6449a298 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,72 +1,24 @@
-# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
-
-global
-    log stdout format raw daemon "${LOG_LEVEL}"
-
-    pidfile /run/haproxy.pid
-    maxconn 4000
-
-    # Turn on stats unix socket
-    # server-state-file /var/lib/haproxy/server-state
-
 defaults
-    mode http
-    log global
-    option httplog
-    option dontlognull
-    option http-server-close
-    option redispatch
-    retries 3
-    timeout http-request 10s
-    timeout queue 1m
     timeout connect 10s
-    timeout client 10m
-    timeout server 10m
-    timeout http-keep-alive 10s
-    timeout check 10s
-    maxconn 3000
+    timeout client 10s
+    timeout server 10s
 
-    # Allow seamless reloads
-    # load-server-state-from-file global
-
-    # Use provided example error pages
-    errorfile 400 /usr/local/etc/haproxy/errors/400.http
-    errorfile 403 /usr/local/etc/haproxy/errors/403.http
-    errorfile 408 /usr/local/etc/haproxy/errors/408.http
-    errorfile 500 /usr/local/etc/haproxy/errors/500.http
-    errorfile 502 /usr/local/etc/haproxy/errors/502.http
-    errorfile 503 /usr/local/etc/haproxy/errors/503.http
-    errorfile 504 /usr/local/etc/haproxy/errors/504.http
-
-backend dockerbackend
-    server dockersocket $SOCKET_PATH
-
-frontend dockerfrontend
+frontend http
+    mode http
     bind :2375
-    http-request deny unless METH_GET || { env(POST) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/configs } { env(CONFIGS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/nodes } { env(NODES) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } { env(PING) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/plugins } { env(PLUGINS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } { env(SECRETS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } { env(SERVICES) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } { env(SESSION) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/swarm } { env(SWARM) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/system } { env(SYSTEM) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } { env(TASKS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool }
+    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version }
     http-request deny
     default_backend dockerbackend
+
+backend dockerbackend
+    mode http
+    server dockersocket /var/run/docker.sock

From a56fbb604538d74a13e1e71d767b470158dbbb84 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 15:13:08 +0200
Subject: [PATCH 1447/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile     | 14 ++++++++++----
 Containers/docker-socket-proxy/haproxy.cfg    |  3 ++-
 Containers/docker-socket-proxy/healthcheck.sh |  6 ++++++
 Containers/docker-socket-proxy/start.sh       | 11 ++++++-----
 php/containers.json                           |  4 +---
 5 files changed, 25 insertions(+), 13 deletions(-)
 create mode 100644 Containers/docker-socket-proxy/healthcheck.sh

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 4b24373f..5999ba72 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,10 +1,16 @@
 FROM haproxy:2.8.2-alpine3.18
 
 USER root
-RUN apk add --no-cache ca-certificates tzdata bind-tools
+ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        tzdata \
+        bind-tools; \
+    chmod -R 777 /tmp
 
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 haproxy.cfg /conf/haproxy.cfg
+COPY --chmod=775 *.sh /
+COPY --chmod=664 haproxy.cfg /haproxy.cfg
 
 ENTRYPOINT ["/start.sh"]
-HEALTHCHECK CMD [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" = "OK" ] || exit 1
+HEALTHCHECK CMD /healthcheck.sh
diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 6449a298..7ec80aab 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,3 +1,5 @@
+# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
+
 defaults
     timeout connect 10s
     timeout client 10s
@@ -8,7 +10,6 @@ frontend http
     bind :2375
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh
new file mode 100644
index 00000000..867d9a5e
--- /dev/null
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+if [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" != "OK" ]; then
+    exit 1
+fi
diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index 43151bcd..d1b9e29c 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -8,12 +8,13 @@ done
 
 set -x
 IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g"
-sed -i "s# || { src NC_IPV4_PLACEHOLDER }##g" /conf/haproxy.cfg
+HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-sed -i "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|g"
-sed -i "s# || { src NC_IPV6_PLACEHOLDER }##g" /conf/haproxy.cfg
+HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
+HAPROXYFILE="$(echo "$HAPROXYFILE" | sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|")" 
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x
 
-haproxy -f /conf/haproxy.cfg -db
+haproxy -f /tmp/haproxy.cfg -db
diff --git a/php/containers.json b/php/containers.json
index 8d82bedd..1df76249 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -661,9 +661,7 @@
       "restart": "unless-stopped",
       "read_only": true,
       "tmpfs": [
-        "/run",
-        "/conf",
-        "/var/lib/haproxy"
+        "/tmp"
       ]
     }
   ]

From 2bb47bdf1b07adbc65a3fee1256bc4809ec5bca1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 15:14:29 +0200
Subject: [PATCH 1448/3949] add disable label

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 5999ba72..6f72f7fd 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -14,3 +14,4 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
 
 ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false"

From b4e30bc66a56290d3f99906cacc93e49875b45c4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 15:16:35 +0200
Subject: [PATCH 1449/3949] add recommended regex

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 33 ++++++++++++++++------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 7ec80aab..363abb71 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -8,15 +8,30 @@ defaults
 frontend http
     mode http
     bind :2375
-    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)|(start)|(stop)) } METH_GET
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
+
+    # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+
+    acl nc_app_container_name url_param(name) -m reg -i "^nc_app_[a-zA-Z0-9_.-]+"
+
+    # ACL to restrict the number of Mounts to 1
+    acl one_mount_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*(?:(?!\"Mounts\"\s*:\s*\[)[^}]*)}[^}]*\]"
+    # ACL to deny if there are any binds
+    acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
+    # ACL to restrict the type of Mounts to volume
+    acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
+    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
+
+    # ACL to restrict container creation, that it has HostConfig.Privileged only set to false
+    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\":\s?false"
+    # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
+    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name no_privileged_flag nc_app_volume_data_only METH_POST
+
+    acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data METH_POST
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/nc_app_[a-zA-Z0-9_.-]+_data } METH_DELETE
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
     http-request deny
     default_backend dockerbackend
 

From f92d36a5f73971c5f3ee9588237ab8dd359e842f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 15:23:40 +0200
Subject: [PATCH 1450/3949] of course we need the src

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 363abb71..024983b5 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -8,6 +8,7 @@ defaults
 frontend http
     mode http
     bind :2375
+    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)|(start)|(stop)) } METH_GET
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
 

From 204a24019fb5cf9c8f335633794ef49180317520 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 15:59:51 +0200
Subject: [PATCH 1451/3949] fix SC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index d1b9e29c..18840a7c 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -13,6 +13,7 @@ echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
+# shellcheck disable=SC2001
 HAPROXYFILE="$(echo "$HAPROXYFILE" | sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|")" 
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x

From e0e26ffc4dcf90911d489e7dcdb2427ea4c69854 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 16:34:40 +0200
Subject: [PATCH 1452/3949] remove docker socket proxy warning

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/options-form-submit.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index 75a52c85..1b70df98 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -64,6 +64,6 @@ document.addEventListener("DOMContentLoaded", function(event) {
     let dockerSocketProxy = document.getElementById("docker-socket-proxy");
     if (dockerSocketProxy) {
         dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
-        dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
+        // dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
     }
 });

From 305dba38a23ce88182d03c8af9518f92ef371a31 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 16:58:32 +0200
Subject: [PATCH 1453/3949] fix ipv6 for haproxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/start.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index 18840a7c..a0a3e985 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -12,9 +12,11 @@ HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)"
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
 IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
-# shellcheck disable=SC2001
-HAPROXYFILE="$(echo "$HAPROXYFILE" | sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|")" 
+if [ -n "$IPv6_ADDRESS_NC" ]; then
+    HAPROXYFILE="$(sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|" /tmp/haproxy.cfg)"
+else
+    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
+fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x
 

From e55faec870f6ab31da4e9acc4b1f70ed7cce99a2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 30 Aug 2023 17:02:49 +0200
Subject: [PATCH 1454/3949] add additinaly allowed rules for haproxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 024983b5..fe3d08b5 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -11,6 +11,8 @@ frontend http
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)|(start)|(stop)) } METH_GET
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)) } METH_GET
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
 
     # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+
     acl nc_app_container_name url_param(name) -m reg -i "^nc_app_[a-zA-Z0-9_.-]+"

From 5523dfc6ae18e60759d9f085e3f7ba718b9410e2 Mon Sep 17 00:00:00 2001
From: Alexander Piskun <bigcat88@icloud.com>
Date: Thu, 31 Aug 2023 12:03:24 +0300
Subject: [PATCH 1455/3949] small rules adjustments

---
 Containers/docker-socket-proxy/haproxy.cfg | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index fe3d08b5..13d3faf6 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -9,11 +9,15 @@ frontend http
     mode http
     bind :2375
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)|(start)|(stop)) } METH_GET
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((json)) } METH_GET
+    # container inspect: GET containers/%s/json
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
+    # container start/stop: POST containers/%s/start containers/%s/stop
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
+    # container rm: DELETE containers/%s
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
 
+
+    # container create: POST containers/create?name=%s
     # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+
     acl nc_app_container_name url_param(name) -m reg -i "^nc_app_[a-zA-Z0-9_.-]+"
 
@@ -30,10 +34,17 @@ frontend http
     # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
     acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name no_privileged_flag nc_app_volume_data_only METH_POST
+    # end of container create
 
+    # volume create: POST volumes/create
+    # restrict name
     acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data METH_POST
+    # do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
+    acl volume_no_device req.body -m reg -i "\"device\""
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST
+    # volume rm: DELETE volumes/%s
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/nc_app_[a-zA-Z0-9_.-]+_data } METH_DELETE
+    # image pull: POST images/create?fromImage=%s
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
     http-request deny
     default_backend dockerbackend

From f0542158de04fe362971465c0b30289fb795a062 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 31 Aug 2023 11:33:49 +0200
Subject: [PATCH 1456/3949] do not allow to set privileged at all

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 13d3faf6..fa0df4d3 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -29,8 +29,8 @@ frontend http
     acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
 
-    # ACL to restrict container creation, that it has HostConfig.Privileged only set to false
-    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\":\s?false"
+    # ACL to restrict container creation, that it has HostConfig.Privileged not set
+    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\"\s*:"
     # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
     acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name no_privileged_flag nc_app_volume_data_only METH_POST

From 594b3f10e14e065ae2fe104974c088ce6c065203 Mon Sep 17 00:00:00 2001
From: Andrey Borysenko <andrey18106x@gmail.com>
Date: Thu, 31 Aug 2023 12:45:19 +0300
Subject: [PATCH 1457/3949] use inverted no_privileged_flag

Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index fa0df4d3..65c08df4 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -33,7 +33,7 @@ frontend http
     acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\"\s*:"
     # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
     acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name no_privileged_flag nc_app_volume_data_only METH_POST
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
     # end of container create
 
     # volume create: POST volumes/create

From 8cb1d413f8ac7eff0a96e66cefec57d875abf973 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 31 Aug 2023 12:31:36 +0200
Subject: [PATCH 1458/3949] dsp - fix healthcheck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/healthcheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh
index 867d9a5e..c65762d4 100644
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-if [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" != "OK" ]; then
+if ! nc -z localhost 2375; then
     exit 1
 fi

From 900ac1463b1a1d779d377a3d48e99851c1c6aa38 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 31 Aug 2023 12:46:19 +0200
Subject: [PATCH 1459/3949] fix haproxy config

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 65c08df4..166ca381 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -7,7 +7,7 @@ defaults
 
 frontend http
     mode http
-    bind :2375
+    bind :::2375 v4v6
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET

From 8b9a87b893cf250ead105cd037f9fd8e5065cd63 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 31 Aug 2023 13:01:33 +0200
Subject: [PATCH 1460/3949] fix the hc

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile     | 1 +
 Containers/docker-socket-proxy/healthcheck.sh | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 6f72f7fd..8fcc32b7 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -6,6 +6,7 @@ RUN set -ex; \
     apk add --no-cache \
         ca-certificates \
         tzdata \
+        bash \
         bind-tools; \
     chmod -R 777 /tmp
 
diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh
index c65762d4..d5bc089a 100644
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,6 +1,4 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-if ! nc -z localhost 2375; then
-    exit 1
-fi
+nc -z localhost 2375 || exit 1

From 3bfa1e523930f716ed3d7eec37e5e48d4da3d066 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 1 Sep 2023 12:02:13 +0000
Subject: [PATCH 1461/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.lock b/php/composer.lock
index 983aaac4..48609cd9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1793,5 +1793,5 @@
         "ext-apcu": "*"
     },
     "platform-dev": [],
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }

From 91618de5a71b2af4732a723b5997bb300521d44c Mon Sep 17 00:00:00 2001
From: Zxhir <98621617+Imzxhir@users.noreply.github.com>
Date: Sun, 3 Sep 2023 15:52:10 +0100
Subject: [PATCH 1462/3949] Fix a small mistake in Traefik Docs

Signed-off-by: Zxhir <98621617+Imzxhir@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index b7dbfdae..a61510cc 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -541,7 +541,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
     http:
         routers:
             nextcloud:
-                rule: "Host(<your-nextcloud-domain>)"
+                rule: "Host(`<your-nextcloud-domain>`)"
                 entrypoints:
                     - "https"
                 service: nextcloud

From fad6477c2aa5e3735bb5bd8247772608a0973535 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Sep 2023 11:20:49 +0200
Subject: [PATCH 1463/3949] do not exit if TZ is set

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c256ed3c..470d5ea4 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -253,17 +253,20 @@ if [ "$?" = 6 ]; then
     exit 1
 fi
 
-# Check that no changes have been made to timezone settings since AIO only supports running in UTC timezone
+# Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
 if [ -n "$TZ" ]; then
-    print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default UTC timezone!"
+    print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"
+    echo "The correct timezone can be set in the AIO interface later on!"
+    # Disable exit since it seems to be by default set on unraid and we dont want to break these instances
+    # exit 1
+fi
+if mountpoint -q /etc/localtime; then
+    print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
     echo "The correct timezone can be set in the AIO interface later on!"
     exit 1
-elif mountpoint -q /etc/localtime; then
-    print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    exit 1
-elif mountpoint -q /etc/timezone; then
-    print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default UTC timezone!"
+fi
+if mountpoint -q /etc/timezone; then
+    print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
     echo "The correct timezone can be set in the AIO interface later on!"
     exit 1
 fi

From e49829eb63148ae5fa6201a89cea6a9be77d2f77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Sep 2023 12:24:36 +0000
Subject: [PATCH 1464/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.22-fpm-alpine3.18 to 8.1.23-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5ebba236..87652736 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.22-fpm-alpine3.18
+FROM php:8.1.23-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 0c4c1a88f35021e82c6acc30abaefa6173231a7a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Sep 2023 12:25:45 +0000
Subject: [PATCH 1465/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.9-fpm-alpine3.18 to 8.2.10-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c3c8186a..b10ede50 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.5-cli as docker
 FROM caddy:2.7.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.9-fpm-alpine3.18
+FROM php:8.2.10-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 9c4917165e71ba7799e91f4ebacd3a498464c8bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Sep 2023 12:29:01 +0000
Subject: [PATCH 1466/3949] Bump actions/checkout from 3 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/command-rebase.yml           | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 48f45070..eeaeb427 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check spelling
         uses: codespell-project/actions-codespell@v2
         with:
diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 9c0f5807..8d7c7201 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -31,7 +31,7 @@ jobs:
           reaction-type: "+1"
 
       - name: Checkout the latest code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@v4 # v3.5.2
         with:
           fetch-depth: 0
           token: ${{ secrets.COMMAND_BOT_PAT }}
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 19a8c8ce..95a00cdb 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: shivammathur/setup-php@v2
       with:
         php-version: 8.2
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 8e5c5903..b13418d1 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install npm and dockerfilelint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 6808f546..5db9aa61 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Turnstyle
         uses: softprops/turnstyle@v1
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index dd9e35b3..d29572f8 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 229cf005..7640c541 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 6bcefd5e..525e84f6 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index b736c930..41ed1874 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@v4 # v3.5.2
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 9d38ff16..4e3495e9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index ae4b2a00..44e2236c 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index b1f4c894..99eb1459 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up php8.2
         uses: shivammathur/setup-php@v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 0e16ae66..7ec63d28 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -26,7 +26,7 @@ jobs:
     name: Nextcloud
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@v4 # v3.5.2
 
       - name: Set up php
         uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index e940d638..697b1807 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 8711eaa5..1283ffd9 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Run talk-update
       run: |
         # Spreed
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 27f09e47..1a185d17 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@v2
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 920aba3b..0a903a2c 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: update helm chart
         run: |
           DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 2c491627..b24320de 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh

From faf1e4b2a9bde32fbb4d5a7d0c6e181f8d3373f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 5 Sep 2023 12:11:49 +0200
Subject: [PATCH 1467/3949] increase to 7.1.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3da69b98..a250dfd3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.1.0</h1>
+        <h1>Nextcloud AIO v7.1.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 96e22fbc3168bcf6715aaa69832bb3ad1b0ba5fc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Sep 2023 14:12:43 +0200
Subject: [PATCH 1468/3949] Update check - move to head request instead of get
 request

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerHubManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 9b14297c..36f46982 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -35,7 +35,7 @@ class DockerHubManager
             if(isset($decodedBody['token'])) {
                 $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(
-                    'GET',
+                    'HEAD',
                     'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,
                     [
                         'headers' => [

From a45dc5aed7447960e76d9238e79591b176e2f415 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Sep 2023 12:29:01 +0000
Subject: [PATCH 1469/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.0-alpine3.18 to 1.21.1-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 3faa0076..1fb68dff 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.0-alpine3.18 as go
+FROM golang:1.21.1-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From 04c442d8c1b39ed09d79ef76e449d022c4223cbf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Sep 2023 12:39:17 +0000
Subject: [PATCH 1470/3949] Bump nats from 2.9.21-scratch to 2.9.22-scratch in
 /Containers/talk

Bumps nats from 2.9.21-scratch to 2.9.22-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 77d1d51d..fcdf28a6 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.21-scratch as nats
+FROM nats:2.9.22-scratch as nats
 FROM eturnal/eturnal:1.11.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus

From 2e0410a704177946d5b381da55c7508cec19b7df Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 19 Jul 2023 21:29:24 +0200
Subject: [PATCH 1471/3949] allow to keep disabled apps

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 28 +++++++++++++------------
 compose.yaml                            |  1 +
 manual-install/update-yaml.sh           |  1 +
 php/containers.json                     |  3 ++-
 php/src/Data/ConfigurationManager.php   | 15 +++++++++++++
 php/src/Docker/DockerActionManager.php  |  6 ++++++
 readme.md                               |  3 +++
 tests/QA/060-environmental-variables.md |  1 +
 8 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 762899b1..321a8511 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -562,7 +562,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         echo "Warning: wopi_allowlist is empty which should not be the case!"
     fi
 else
-    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:remove richdocuments
     fi
 fi
@@ -586,7 +586,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice
     fi
 fi
@@ -613,7 +613,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
         php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
     fi
 else
-    if [ -d "/var/www/html/custom_apps/spreed" ]; then
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/spreed" ]; then
         php /var/www/html/occ app:remove spreed
     fi
 fi
@@ -660,7 +660,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
     fi
 else
-    if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
         php /var/www/html/occ app:remove files_antivirus
     fi
 fi
@@ -723,14 +723,16 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         fi
     fi
 else
-    if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
-        php /var/www/html/occ app:remove fulltextsearch
-    fi
-    if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
-        php /var/www/html/occ app:remove fulltextsearch_elasticsearch
-    fi
-    if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
-        php /var/www/html/occ app:remove files_fulltextsearch
+    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
+        if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+            php /var/www/html/occ app:remove fulltextsearch
+        fi
+        if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+            php /var/www/html/occ app:remove fulltextsearch_elasticsearch
+        fi
+        if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+            php /var/www/html/occ app:remove files_fulltextsearch
+        fi
     fi
 fi
 
@@ -745,7 +747,7 @@ if version_greater "$installed_version" "27.1.0.0"; then
             php /var/www/html/occ app:update app_ecosystem_v2
         fi
     else
-        if [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
+        if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
             php /var/www/html/occ app:remove app_ecosystem_v2
         fi
     fi
diff --git a/compose.yaml b/compose.yaml
index 3c8a33b3..8a323448 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -27,6 +27,7 @@ services:
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index d364a0b0..7067133e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -90,6 +90,7 @@ sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp ta
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
+sed -i 's|REMOVE_DISABLED_APPS=|REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
diff --git a/php/containers.json b/php/containers.json
index 1df76249..3829aa79 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -205,7 +205,8 @@
         "RECORDING_SECRET=%RECORDING_SECRET%",
         "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
-        "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%"
+        "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
+        "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%"
       ],
       "restart": "unless-stopped",
       "devices": [
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 86a04d5e..0116a780 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -888,4 +888,19 @@ class ConfigurationManager
             return false;
         }
     }
+
+    private function GetKeepDisabledApps() : string {
+        $envVariableName = 'NEXTCLOUD_KEEP_DISABLED_APPS';
+        $configName = 'nextcloud_keep_disabled_apps';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function shouldDisabledAppsGetRemoved() : bool {
+        if ($this->GetKeepDisabledApps() === 'true') {
+            return false;
+        } else {
+            return true;
+        }
+    }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index f982e750..ba154c6e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -386,6 +386,12 @@ class DockerActionManager
                     } else {
                         $replacements[1] = '';
                     }
+                } elseif ($out[1] === 'REMOVE_DISABLED_APPS') {
+                    if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {
diff --git a/readme.md b/readme.md
index bb248082..6e09d17d 100644
--- a/readme.md
+++ b/readme.md
@@ -648,6 +648,9 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://memories.gallery/hw-transcoding/#va-api).
 
+### How to keep disabled apps?
+In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ⚠️⚠️⚠️ **Warning** doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
+
 ### Huge docker logs
 If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index dec77dea..f61efefe 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -20,5 +20,6 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From 64d698359c0f5720240e9460bb6b751109000b7b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Sep 2023 16:52:37 +0200
Subject: [PATCH 1472/3949] mastercontainer - limit access to php-fpm to
 localhost

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index b10ede50..b72e638c 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -56,6 +56,8 @@ RUN set -ex; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
+    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
     \
     apk add --no-cache git; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \

From 103077590f53fd1f4c9ccf82039d761be64f93c3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Sep 2023 12:56:16 +0000
Subject: [PATCH 1473/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.8.2-alpine3.18 to 2.8.3-alpine3.18.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 8fcc32b7..7dd94c99 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.8.2-alpine3.18
+FROM haproxy:2.8.3-alpine3.18
 
 USER root
 ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud

From c1cedac15c36f5e25d8f7250e5d1196a444e7ec8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Sep 2023 10:30:47 +0200
Subject: [PATCH 1474/3949] rename nextcloud update to nextcloud dependency
 update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 4e3495e9..ea132450 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -72,7 +72,7 @@ jobs:
       with:
         commit-message: nextcloud-update automated change
         signoff: true
-        title: Nextcloud update
+        title: Nextcloud dependency update
         body: Automated Nextcloud container update
         labels: dependencies, 3. to review
         milestone: next

From f37c435526a02b98ee0ab80b32eea26d0d37ceb9 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 11 Sep 2023 12:02:12 +0000
Subject: [PATCH 1475/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 48609cd9..5882ec19 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -571,16 +571,16 @@
         },
         {
             "name": "php-di/invoker",
-            "version": "2.3.3",
+            "version": "2.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Invoker.git",
-                "reference": "cd6d9f267d1a3474bdddf1be1da079f01b942786"
+                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/cd6d9f267d1a3474bdddf1be1da079f01b942786",
-                "reference": "cd6d9f267d1a3474bdddf1be1da079f01b942786",
+                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/33234b32dafa8eb69202f950a1fc92055ed76a86",
+                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86",
                 "shasum": ""
             },
             "require": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/Invoker/issues",
-                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.3"
+                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.4"
             },
             "funding": [
                 {
@@ -622,7 +622,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2021-12-13T09:22:56+00:00"
+            "time": "2023-09-08T09:24:21+00:00"
         },
         {
             "name": "php-di/php-di",

From dfe1ac9013e642543099b850547ed138ce85861b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 11 Sep 2023 12:02:32 +0000
Subject: [PATCH 1476/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 16 +++++++++++++++-
 manual-install/sample.conf |  1 +
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index e13cad80..0dc6cf23 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -17,6 +17,7 @@ services:
         condition: service_started
         required: false
     image: nextcloud/aio-apache:latest
+    init: true
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
@@ -47,6 +48,7 @@ services:
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:latest
+    init: true
     expose:
       - "5432"
     volumes:
@@ -88,6 +90,7 @@ services:
         condition: service_started
         required: false
     image: nextcloud/aio-nextcloud:latest
+    init: true
     expose:
       - "9000"
     volumes:
@@ -137,6 +140,7 @@ services:
       - TALK_RECORDING_ENABLED=${TALK_RECORDING_ENABLED}
       - RECORDING_SECRET=${RECORDING_SECRET}
       - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
+      - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -145,6 +149,7 @@ services:
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
+    init: true
     expose:
       - "7867"
     volumes:
@@ -165,6 +170,7 @@ services:
 
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:latest
+    init: true
     expose:
       - "6379"
     environment:
@@ -179,6 +185,7 @@ services:
 
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
+    init: true
     expose:
       - "9980"
     environment:
@@ -196,6 +203,7 @@ services:
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest
+    init: true
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -218,12 +226,13 @@ services:
     tmpfs:
       - /var/log/supervisord
       - /var/run/supervisord
+      - /opt/eturnal/run
       - /conf
-      - /var/lib/turn
       - /tmp
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
+    init: true
     expose:
       - "1234"
     environment:
@@ -244,6 +253,7 @@ services:
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
+    init: true
     expose:
       - "3310"
     environment:
@@ -264,6 +274,7 @@ services:
 
   nextcloud-aio-onlyoffice:
     image: nextcloud/aio-onlyoffice:latest
+    init: true
     expose:
       - "80"
     environment:
@@ -281,6 +292,7 @@ services:
 
   nextcloud-aio-imaginary:
     image: nextcloud/aio-imaginary:latest
+    init: true
     expose:
       - "9000"
     environment:
@@ -298,6 +310,7 @@ services:
 
   nextcloud-aio-fulltextsearch:
     image: nextcloud/aio-fulltextsearch:latest
+    init: false
     expose:
       - "9200"
     environment:
@@ -310,6 +323,7 @@ services:
       - http.port=9200
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=false
+      - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
     restart: unless-stopped
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index cf0aae72..c454bed5 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,4 +1,5 @@
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_PASSWORD=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!

From 74b04e9484acec1202daaeed33595fa0b67c46dc Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 11 Sep 2023 12:08:06 +0000
Subject: [PATCH 1477/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 87652736..3fe5c84e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -69,7 +69,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
-    pecl install redis-5.3.7; \
+    pecl install redis-6.0.0; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From 220e562e03810887b804063aa32d97abbe02eef5 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 12 Sep 2023 08:46:20 +0000
Subject: [PATCH 1478/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 4 +++-
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 6 +++---
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 nextcloud-aio-helm-chart/values.yaml                        | 1 +
 14 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 0c2c22bd..3fc78472 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.0.0
+version: 7.1.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 502d826e..42960eac 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -72,7 +72,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230817_065941-latest
+          image: nextcloud/aio-apache:20230912_084059-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e6750023..b9b1e18f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230817_065941-latest
+          image: nextcloud/aio-clamav:20230912_084059-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 8c51d301..58f09495 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230817_065941-latest
+          image: nextcloud/aio-collabora:20230912_084059-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 941c23ee..58666bd2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -67,7 +67,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230817_065941-latest
+          image: nextcloud/aio-postgresql:20230912_084059-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 32d02f20..799fefb1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -37,6 +37,8 @@ spec:
         - env:
             - name: ES_JAVA_OPTS
               value: -Xms512M -Xmx512M
+            - name: FULLTEXTSEARCH_PASSWORD
+              value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: bootstrap.memory_lock
@@ -53,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20230817_065941-latest
+          image: nextcloud/aio-fulltextsearch:20230912_084059-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 1dc8940b..0fa642b5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -37,7 +37,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230817_065941-latest
+          image: nextcloud/aio-imaginary:20230912_084059-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 75ca5fb4..4a6660cb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -60,6 +60,8 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
             - name: FULLTEXTSEARCH_HOST
               value: nextcloud-aio-fulltextsearch
+            - name: FULLTEXTSEARCH_PASSWORD
+              value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: IMAGINARY_ENABLED
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
@@ -120,7 +122,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230817_065941-latest
+          image: nextcloud/aio-nextcloud:20230912_084059-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b42699d8..9578741f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230817_065941-latest
+          image: nextcloud/aio-notify-push:20230912_084059-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index f6ab525d..0a09a9ec 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230817_065941-latest
+          image: nextcloud/aio-onlyoffice:20230912_084059-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4152e2da..abafa5a4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230817_065941-latest
+          image: nextcloud/aio-redis:20230912_084059-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index dab8fc80..6d0a2873 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230817_065941-latest
+          image: nextcloud/aio-talk:20230912_084059-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
@@ -78,9 +78,9 @@ spec:
               name: nextcloud-aio-talk-tmpfs0
             - mountPath: /var/run/supervisord
               name: nextcloud-aio-talk-tmpfs1
-            - mountPath: /conf
+            - mountPath: /opt/eturnal/run
               name: nextcloud-aio-talk-tmpfs2
-            - mountPath: /var/lib/turn
+            - mountPath: /conf
               name: nextcloud-aio-talk-tmpfs3
             - mountPath: /tmp
               name: nextcloud-aio-talk-tmpfs4
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 108fa293..d934b0b6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230817_065941-latest
+          image: nextcloud/aio-talk-recording:20230912_084059-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 76c39fed..b4a7a084 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,4 +1,5 @@
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_PASSWORD:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!

From 5c66b783f4665bfead0e8578978624476e9611a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 08:54:27 +0000
Subject: [PATCH 1479/3949] Bump elasticsearch from 8.9.1 to 8.9.2 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.9.1 to 8.9.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index e3655775..bcdf8394 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.9.1
+FROM elasticsearch:8.9.2
 
 USER root
 

From f2354d0b70c778187c2e154a665b52b14ce8261f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 08:54:50 +0000
Subject: [PATCH 1480/3949] Bump redis from 7.0.12-alpine to 7.2.1-alpine in
 /Containers/redis

Bumps redis from 7.0.12-alpine to 7.2.1-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 693cc0ea..9e7626f8 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.12-alpine
+FROM redis:7.2.1-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 3431255f45f9df5a2cdf7f670aa186926547e3c4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 08:58:12 +0000
Subject: [PATCH 1481/3949] Bump docker from 24.0.5-cli to 24.0.6-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.5-cli to 24.0.6-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index b10ede50..bae38a48 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.5-cli as docker
+FROM docker:24.0.6-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.4-alpine as caddy

From 2635fee3fd808f63aee597ee01ee1f0e00471040 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Sep 2023 11:20:30 +0200
Subject: [PATCH 1482/3949] Revert "nextcloud container - make /tmp a tmpfs"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 3829aa79..869f9cae 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -217,9 +217,6 @@
       ],
       "networks": [
         "nextcloud-aio"
-      ],
-      "tmpfs": [
-        "/tmp:exec"
       ]
     },
     {

From 170cb93806ae874a33c62e63976f8594545c6a18 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Sep 2023 16:13:36 +0200
Subject: [PATCH 1483/3949] rename app_ecosystem_v2 to app_api

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 14 +++++++-------
 php/templates/containers.twig      |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 321a8511..f58f94ca 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -739,16 +739,16 @@ fi
 # Docker socket proxy
 if version_greater "$installed_version" "27.1.0.0"; then
     if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-        if ! [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
-            php /var/www/html/occ app:install app_ecosystem_v2
-        elif [ "$(php /var/www/html/occ config:app:get app_ecosystem_v2 enabled)" != "yes" ]; then
-            php /var/www/html/occ app:enable app_ecosystem_v2
+        if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
+            php /var/www/html/occ app:install app_api
+        elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable app_api
         elif [ "$SKIP_UPDATE" != 1 ]; then
-            php /var/www/html/occ app:update app_ecosystem_v2
+            php /var/www/html/occ app:update app_api
         fi
     else
-        if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_ecosystem_v2" ]; then
-            php /var/www/html/occ app:remove app_ecosystem_v2
+        if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
+            php /var/www/html/occ app:remove app_api
         fi
     fi
 fi
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a250dfd3..c2242db2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -575,9 +575,9 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         {% if is_docker_socket_proxy_enabled == true %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br>
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App Ecosystem V2</a>)</label><br><br>
                         {% else %}
-                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud Application Ecosystem V2</a>)</label><br><br> #}
+                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App Ecosystem V2</a>)</label><br><br> #}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From 5d9c6705c4103b6fad5061501ba10d7347fb4189 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Sep 2023 16:20:45 +0200
Subject: [PATCH 1484/3949] rename to app api

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c2242db2..151abbfa 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -575,9 +575,9 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         {% if is_docker_socket_proxy_enabled == true %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App Ecosystem V2</a>)</label><br><br>
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App API</a>)</label><br><br>
                         {% else %}
-                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App Ecosystem V2</a>)</label><br><br> #}
+                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App API</a>)</label><br><br> #}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From b7c7720244bc29b8b76f27fc5628fa9d44f032c9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Sep 2023 13:29:48 +0200
Subject: [PATCH 1485/3949] adjust links

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 151abbfa..ccfa8ec9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -575,9 +575,9 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         {% if is_docker_socket_proxy_enabled == true %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App API</a>)</label><br><br>
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br>
                         {% else %}
-                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_ecosystem_v2#nextcloud-application-ecosystem-v2">Nextcloud App API</a>)</label><br><br> #}
+                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br> #}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From 2ff1913f2c064a3720593e1ce828b28bc3017b63 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 13 Sep 2023 13:20:58 +0200
Subject: [PATCH 1486/3949] increase to 7.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ccfa8ec9..4d6c3cf2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.1.1</h1>
+        <h1>Nextcloud AIO v7.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 74e73751b1cf16872a81047687ebc1eafa84d9f7 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 13 Sep 2023 12:02:30 +0000
Subject: [PATCH 1487/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml  | 3 +--
 manual-install/sample.conf | 1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 0dc6cf23..7231b192 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -141,11 +141,10 @@ services:
       - RECORDING_SECRET=${RECORDING_SECRET}
       - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
       - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
+      - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
     restart: unless-stopped
     networks:
       - nextcloud-aio
-    tmpfs:
-      - /tmp:exec
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index c454bed5..c2c5ed76 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -33,6 +33,7 @@ NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access d
 NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
+REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use

From 24b7b616d5fba1a34bce6706d33a427b613e0981 Mon Sep 17 00:00:00 2001
From: ten0hira <85587841+ten0hira@users.noreply.github.com>
Date: Thu, 14 Sep 2023 01:26:31 +0300
Subject: [PATCH 1488/3949] Typo fix aio-config.twig

Signed-off-by: ten0hira <85587841+ten0hira@users.noreply.github.com>
---
 php/templates/includes/aio-config.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index f5dd2793..cf4fbb49 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,7 +1,7 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if was_start_button_clicked == true %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
         You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></b>.<br><br>
     {% endif %}
     

From b0eaf7fa8ba8571218e813866be8c01dc7b7489f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 12:23:17 +0000
Subject: [PATCH 1489/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.3.1.1 to 23.05.4.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e90c9e5d..efa16079 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.3.1.1
+FROM collabora/code:23.05.4.1.1
 
 USER root
 

From 7a90abde0a45d8db716288393f6a21549f13d268 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Sep 2023 15:27:09 +0200
Subject: [PATCH 1490/3949] improve docs regarding external drives on docker
 desktop for windows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/includes/backup-dirs.twig |  4 ++--
 readme.md                               | 23 +++++++++++++++++++----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
index 0056f479..53cf3879 100644
--- a/php/templates/includes/backup-dirs.twig
+++ b/php/templates/includes/backup-dirs.twig
@@ -2,5 +2,5 @@ The folder path that you enter must start with <b>/</b> and must <b>not</b> end
 An example for Linux is <b>/mnt/backup</b>.<br><br>
 On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br><br>
 For macOS it may be <b>/var/backup</b>.<br><br>
-On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br><br>
-Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
+On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <b>Please note</b>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.<br><br>
+Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.<br><br>
diff --git a/readme.md b/readme.md
index 6e09d17d..8cabbe6d 100644
--- a/readme.md
+++ b/readme.md
@@ -385,6 +385,20 @@ If you are running AIO in a LXC container, you need to make sure that FUSE is en
 
 ---
 
+#### How to create the backup volume on Windows?
+As stated in the AIO interface, it is possible to use a docker volume as backup target. Before you can use that, you need to create it first. Here is an example how to create one on Windows:
+```
+docker volume create ^
+--driver local ^
+--name nextcloud_aio_backupdir ^
+-o device="/host_mnt/e/your/backup/path" ^
+-o type="none" ^
+-o o="bind"
+```
+In this example, it would mount `E:\your\backup\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/backup/path` accordingly. Afterwards enter `nextcloud_aio_backupdir` in the AIO interface as backup location.
+
+---
+
 #### Pro-tip: Backup archives access
 You can open the BorgBackup archives on your host by following these steps:<br>
 (instructions for Ubuntu Desktop)
@@ -556,16 +570,17 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.)
-- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. with:
+- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
+- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. on Windows with:
     ```
     docker volume create ^
     --driver local ^
     --name nextcloud_aio_nextcloud_datadir ^
-    -o device="/host_mnt/c/your/data/path" ^
+    -o device="/host_mnt/e/your/data/path" ^
     -o type="none" ^
     -o o="bind"
     ```
+    In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly.
 
 ### Can I use a CIFS/SMB share as Nextcloud's datadir?
 
@@ -590,7 +605,7 @@ By default, the Nextcloud container is confined and cannot access directories on
 - Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
 - On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
 - For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`.
-- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.)
+- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
 
 After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
 

From 0fd1c5dd9a616a7c111dde6e8be21df693df2b54 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 15 Sep 2023 16:56:42 +0200
Subject: [PATCH 1491/3949] Nextcloud - update to 27.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3fe5c84e..0f04ef08 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.23-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.0.2
+ENV NEXTCLOUD_VERSION 27.1.0
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 402eb401cbb52c8b6f398c73c464c868c2773edf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 15 Sep 2023 16:58:49 +0200
Subject: [PATCH 1492/3949] increase to 7.2.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4d6c3cf2..0bead8b5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.2.0</h1>
+        <h1>Nextcloud AIO v7.2.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 2cd5d65197034ee943775d649c056b29cad698c7 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 16 Sep 2023 11:20:39 +0200
Subject: [PATCH 1493/3949] 
 https://github.com/nextcloud/all-in-one/pull/3317#discussion_r1322718024
 (1/3)

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index efef5a6f..3df0f3cb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -56,8 +56,10 @@ RUN set -ex; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
+    grep -q 'listen =' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|listen =.*|;listen = /var/run/php.sock # handled in zz-docker.conf|' /usr/local/etc/php-fpm.d/www.conf; \
+    grep -q 'listen =' /usr/local/etc/php-fpm.d/zz-docker.conf; \
+    sed -i 's|listen =.*|listen = /var/run/php.sock|' /usr/local/etc/php-fpm.d/zz-docker.conf; \
     \
     apk add --no-cache git; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \

From 14acdbcb5aaf30203ce4ced275bbb0af35cfdd6a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 16 Sep 2023 11:21:28 +0200
Subject: [PATCH 1494/3949] use php unix socket (2/3)

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/mastercontainer.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 701cb420..e3f6943b 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -19,7 +19,7 @@ Listen 8080
 
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://localhost:9000"
+        SetHandler "proxy:unix:/var/run/php.sock"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/

From b972c9961642220a271333e0ac8759a8ac25763a Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 16 Sep 2023 11:22:41 +0200
Subject: [PATCH 1495/3949] use php unix socket (3/3)

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/healthcheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
index e5d27771..ef2931a8 100644
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -5,6 +5,6 @@ if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
     nc -z localhost 8000 || exit 1
     nc -z localhost 8080 || exit 1
     nc -z localhost 8443 || exit 1
-    nc -z localhost 9000 || exit 1
     nc -z localhost 9876 || exit 1
+    [ -f /var/run/php.sock ] || exit 1
 fi

From 7d2695ec115d58cab38259afe8d3fc706b594cde Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 16 Sep 2023 12:07:04 +0000
Subject: [PATCH 1496/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                   |  2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml    |  2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml    |  2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml |  2 +-
 .../templates/nextcloud-aio-database-deployment.yaml  |  2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml      |  2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml |  2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml | 11 +++--------
 .../nextcloud-aio-notify-push-deployment.yaml         |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml          |  2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml     |  2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml      |  2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml      |  2 +-
 nextcloud-aio-helm-chart/values.yaml                  |  1 +
 14 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 3fc78472..9c5b6a65 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.1.1
+version: 7.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 42960eac..7ab1fb72 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -72,7 +72,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230912_084059-latest
+          image: nextcloud/aio-apache:20230916_091439-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b9b1e18f..017e4deb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230912_084059-latest
+          image: nextcloud/aio-clamav:20230916_091439-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 58f09495..d6b5caeb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230912_084059-latest
+          image: nextcloud/aio-collabora:20230916_091439-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 58666bd2..934d09f6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -67,7 +67,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230912_084059-latest
+          image: nextcloud/aio-postgresql:20230916_091439-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 799fefb1..511d8541 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20230912_084059-latest
+          image: nextcloud/aio-fulltextsearch:20230916_091439-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 0fa642b5..a9fdda32 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -37,7 +37,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230912_084059-latest
+          image: nextcloud/aio-imaginary:20230916_091439-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 4a6660cb..06340fbe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -30,10 +30,7 @@ spec:
             - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-nextcloud-trusted-cacerts
-            - /nextcloud-aio-nextcloud-tmpfs0
           volumeMounts:
-            - name: nextcloud-aio-nextcloud-tmpfs0
-              mountPath: /nextcloud-aio-nextcloud-tmpfs0
             - name: nextcloud-aio-nextcloud-trusted-cacerts
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
             - name: nextcloud-aio-nextcloud
@@ -102,6 +99,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REMOVE_DISABLED_APPS
+              value: "{{ .Values.REMOVE_DISABLED_APPS }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
             - name: STARTUP_APPS
@@ -122,7 +121,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230912_084059-latest
+          image: nextcloud/aio-nextcloud:20230916_091439-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
@@ -136,8 +135,6 @@ spec:
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
               readOnly: true
-            - mountPath: /tmp
-              name: nextcloud-aio-nextcloud-tmpfs0
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
@@ -148,5 +145,3 @@ spec:
         - name: nextcloud-aio-nextcloud-trusted-cacerts
           persistentVolumeClaim:
             claimName: nextcloud-aio-nextcloud-trusted-cacerts
-        - emptyDir: {}
-          name: nextcloud-aio-nextcloud-tmpfs0
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9578741f..4c4abb50 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230912_084059-latest
+          image: nextcloud/aio-notify-push:20230916_091439-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0a09a9ec..ce61367c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230912_084059-latest
+          image: nextcloud/aio-onlyoffice:20230916_091439-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index abafa5a4..5d33ebfa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230912_084059-latest
+          image: nextcloud/aio-redis:20230916_091439-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 6d0a2873..061c1035 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230912_084059-latest
+          image: nextcloud/aio-talk:20230916_091439-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d934b0b6..f3421eb4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230912_084059-latest
+          image: nextcloud/aio-talk-recording:20230916_091439-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index b4a7a084..ba444a8d 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -30,6 +30,7 @@ NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory lim
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
+REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster

From 59a2a51c6d8c00fd89dd3fb4534213b46e6f489b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 16 Sep 2023 20:57:48 +0200
Subject: [PATCH 1497/3949] clamav also uses tini internally

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 869f9cae..77935415 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -507,7 +507,7 @@
       "container_name": "nextcloud-aio-clamav",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
-      "init": true,
+      "init": false,
       "expose": [
         "3310"
       ],

From 92555a2ed6807ec862911e58f3bb9100a9b8f9bc Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 17 Sep 2023 12:03:02 +0000
Subject: [PATCH 1498/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 25e896aa..03da749d 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.5-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.0.3
+ENV RECORDING_VERSION v17.1.0
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false

From c76b6523179ac6717cf4de8aa9d5d67949dd9d03 Mon Sep 17 00:00:00 2001
From: Seth Deegan <jayandseth@gmail.com>
Date: Mon, 18 Sep 2023 02:27:28 -0400
Subject: [PATCH 1499/3949] Remove backup app suggestion

Remove suggestion to use Backup Nextcloud App as the app is no longer maintained, stable, or reliably works.

Signed-off-by: Seth Deegan <jayandseth@gmail.com>
---
 readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6e09d17d..db893075 100644
--- a/readme.md
+++ b/readme.md
@@ -376,7 +376,6 @@ Not directly but you have multiple options to achieve this:
 - Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
 - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
-- Additionally, there is the [backup app](https://apps.nextcloud.com/apps/backup) for remote backups
 
 ---
 

From 693b1ecb787ee144b460ad68e279999265df5548 Mon Sep 17 00:00:00 2001
From: Joe Hanson <joe@veri.dev>
Date: Mon, 18 Sep 2023 17:32:31 -0500
Subject: [PATCH 1500/3949] Added link to set chunking on Nextcloud Desktop
 Client

Signed-off-by: Joe Hanson <joe@veri.dev>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index db893075..78ec655f 100644
--- a/readme.md
+++ b/readme.md
@@ -25,6 +25,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)

From 21919d91661e3bf265034bb3ee8c7fdf94f3a459 Mon Sep 17 00:00:00 2001
From: Joe Hanson <joe@veri.dev>
Date: Tue, 19 Sep 2023 05:45:07 -0500
Subject: [PATCH 1501/3949] Moved cloudflare tunnel/nextcloud desktop client
 documentation to more relevant location

Signed-off-by: Joe Hanson <joe@veri.dev>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 78ec655f..f7b342b0 100644
--- a/readme.md
+++ b/readme.md
@@ -25,7 +25,6 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -210,6 +209,7 @@ Another but untested way is to install Portainer on your TrueNAS SCALE from here
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
 - Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981

From be55bbe7c1e9bc89827cfada472b1ada2eae239d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Sep 2023 16:55:29 +0200
Subject: [PATCH 1502/3949] nextcloud - limit access to php-fpm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  1 +
 Containers/nextcloud/entrypoint.sh |  7 ++-----
 Containers/nextcloud/start.sh      | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0f04ef08..b9e3e78a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -189,6 +189,7 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
+        bind-tools \
         coreutils; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index f58f94ca..06d5d166 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -524,11 +524,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
-    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
-    # shellcheck disable=SC2016
-    COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
-    COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
+    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
     COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
     if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 58330db3..5ca9da6c 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -25,6 +25,23 @@ if [ -f "/var/www/html/config/config.php" ]; then
     fi
 fi
 
+set -x
+IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+set +x
+
+sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf
+sed -i "listen.allowed_clients/s/,,//" /usr/local/etc/php-fpm.d/www.conf
+sed -i "listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
 if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"

From d33538839df11268a373d285397fec0247f91d6b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 12:26:13 +0000
Subject: [PATCH 1503/3949] Bump nats from 2.9.22-scratch to 2.10.0-scratch in
 /Containers/talk

Bumps nats from 2.9.22-scratch to 2.10.0-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fcdf28a6..1a4f4567 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.9.22-scratch as nats
+FROM nats:2.10.0-scratch as nats
 FROM eturnal/eturnal:1.11.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus

From ab3737ac52f66a57eb0cac7efda539127c60428d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 12:32:43 +0000
Subject: [PATCH 1504/3949] Bump elasticsearch from 8.9.2 to 8.10.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.9.2 to 8.10.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index bcdf8394..8468a552 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.9.2
+FROM elasticsearch:8.10.1
 
 USER root
 

From bcced0b176bfaa2fe10754466830f1f35242dd28 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 19 Sep 2023 21:26:11 +0200
Subject: [PATCH 1505/3949] drop NET_RAW from all containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ba154c6e..673a2f12 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -476,6 +476,9 @@ class DockerActionManager
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
 
+        // Disable arp spoofing
+        $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+
         if ($container->isApparmorUnconfined()) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
         }

From a6eac17cb73f469c9107b431ac402baf0b66598c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 20 Sep 2023 20:30:30 +0200
Subject: [PATCH 1506/3949] Make clear that ssh is required

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 multiple-instances.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/multiple-instances.md b/multiple-instances.md
index 2673c5c4..d4065efa 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -7,7 +7,7 @@ Below is described more in detail how the the second way works.
 
 ## Run multiple AIO instances on the same server with docker rootless
 1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
-1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
+1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
 1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
 **⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
 1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).

From 59550f15efa453b731588852862b87169d752524 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 21 Sep 2023 10:26:30 +0000
Subject: [PATCH 1507/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0f04ef08..e7623055 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.23-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.0
+ENV NEXTCLOUD_VERSION 27.1.1
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 30f1f8ee39668d3e4d7124a7fb6e4f8302b61f10 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 21 Sep 2023 13:07:01 +0200
Subject: [PATCH 1508/3949] increase to 7.3.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0bead8b5..3454761d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.2.1</h1>
+        <h1>Nextcloud AIO v7.3.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 94c5c7f4176c39248b314a8a16b3667ff4e031a9 Mon Sep 17 00:00:00 2001
From: Joe Hanson <joe@veri.dev>
Date: Thu, 21 Sep 2023 06:46:29 -0500
Subject: [PATCH 1509/3949] Correct country code.

'EN' is not listed in ISO 3166 Country codes. I assume this was meant to be 'US'.

Signed-off-by: Joe Hanson <joe@veri.dev>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index f73aeea8..d797d452 100644
--- a/readme.md
+++ b/readme.md
@@ -287,7 +287,7 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
 
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
-Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `US` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
 
 ### How to run multiple AIO instances on one server?
 See [multiple-instances.md](./multiple-instances.md) for some documentation on this.

From cc82cd29214fa81be4d0e731156fd20d1bf24dc0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Sep 2023 12:35:32 +0000
Subject: [PATCH 1510/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.4.1.1 to 23.05.4.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index efa16079..190b5cef 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.4.1.1
+FROM collabora/code:23.05.4.2.1
 
 USER root
 

From bef5945cd70686cd5caba914259992f6d7aeee5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Sep 2023 12:52:36 +0000
Subject: [PATCH 1511/3949] Bump nats from 2.10.0-scratch to 2.10.1-scratch in
 /Containers/talk

Bumps nats from 2.10.0-scratch to 2.10.1-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1a4f4567..fbe1c0e2 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.0-scratch as nats
+FROM nats:2.10.1-scratch as nats
 FROM eturnal/eturnal:1.11.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus

From b3fffb877e66d3f215108aac5700ca87ee454937 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 21 Sep 2023 15:38:23 +0200
Subject: [PATCH 1512/3949] Revert "Mastercontainer - use php unix socket"

---
 Containers/mastercontainer/Dockerfile           | 6 ++----
 Containers/mastercontainer/healthcheck.sh       | 2 +-
 Containers/mastercontainer/mastercontainer.conf | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3df0f3cb..efef5a6f 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -56,10 +56,8 @@ RUN set -ex; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    grep -q 'listen =' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|listen =.*|;listen = /var/run/php.sock # handled in zz-docker.conf|' /usr/local/etc/php-fpm.d/www.conf; \
-    grep -q 'listen =' /usr/local/etc/php-fpm.d/zz-docker.conf; \
-    sed -i 's|listen =.*|listen = /var/run/php.sock|' /usr/local/etc/php-fpm.d/zz-docker.conf; \
+    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
     \
     apk add --no-cache git; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
index ef2931a8..e5d27771 100644
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -5,6 +5,6 @@ if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
     nc -z localhost 8000 || exit 1
     nc -z localhost 8080 || exit 1
     nc -z localhost 8443 || exit 1
+    nc -z localhost 9000 || exit 1
     nc -z localhost 9876 || exit 1
-    [ -f /var/run/php.sock ] || exit 1
 fi
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index e3f6943b..701cb420 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -19,7 +19,7 @@ Listen 8080
 
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:unix:/var/run/php.sock"
+        SetHandler "proxy:fcgi://localhost:9000"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/

From 63659491e9ed7674134ad955f3eee449de8bcdf4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 22 Sep 2023 12:03:16 +0000
Subject: [PATCH 1513/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 03da749d..54c2a574 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.11.5-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.1.0
+ENV RECORDING_VERSION v17.1.1
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false

From 915647db1f3a353ea76620c96b81bb0c597335ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Sep 2023 12:22:58 +0000
Subject: [PATCH 1514/3949] Bump elasticsearch from 8.10.1 to 8.10.2 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.10.1 to 8.10.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8468a552..e823eb6a 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.1
+FROM elasticsearch:8.10.2
 
 USER root
 

From 896565c63c7163028362336f6d1f6c8eb2f82ce6 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 23 Sep 2023 12:06:47 +0000
Subject: [PATCH 1515/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e7623055..e1ce9a29 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -69,7 +69,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
-    pecl install redis-6.0.0; \
+    pecl install redis-6.0.1; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From 67901149554b17b23f855fdcacf48d48253fd78c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 22 Sep 2023 12:38:46 +0200
Subject: [PATCH 1516/3949] add warning to notify-push if binary was not found

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index c20b9c0d..f02544f7 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -27,6 +27,21 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
     export CPU_ARCH="aarch64"
 fi
 
+# Add warning
+if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
+    echo "The notify_push binary was not found."
+    echo "Most likely is DNS resolution not working correctly."
+    echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
+    echo "See https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Afterwards a restart of docker should automatically resolve this."
+    echo "Additionally, make sure to disable VPN software that might be running on your server"
+    echo "Also check your firewall if it blocks connections to github"
+    echo "If it should still not work afterwards, feel free to create a new thread at https://github.com/nextcloud/all-in-one/discussions/new?category=questions and post the Nextcloud container logs there."
+    echo ""
+    echo ""
+    exit 1
+fi
+
 # Set sensitive values as env
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"

From f97644e0296b45451043de0d383c8f0f593fa7c6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 26 Sep 2023 15:03:09 +0200
Subject: [PATCH 1517/3949] adjust kompose script to automatically get latest
 version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 8b191471..7ef94837 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -10,8 +10,7 @@ rm -f ./helm-chart/values.yaml
 rm -rf ./helm-chart/templates
 
 # Install kompose
-LATEST_KOMPOSE="$(git ls-remote --tags https://github.com/kubernetes/kompose.git | cut -d/ -f3 | grep -viE -- 'rc|b' | sort -V | tail -1)"
-curl -L https://github.com/kubernetes/kompose/releases/download/"$LATEST_KOMPOSE"/kompose-linux-amd64 -o kompose
+curl -L https://github.com/kubernetes/kompose/releases/latest/download/kompose-linux-amd64 -o kompose
 chmod +x kompose
 sudo mv ./kompose /usr/local/bin/kompose
 

From 0b1ac3422ff95d2df84148e2804a2be82e8526a1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 23 Aug 2023 16:06:17 +0200
Subject: [PATCH 1518/3949] adjust docker-lint to use hadolint

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: Zoey <zoey@z0ey.de>
---
 .github/workflows/docker-lint.yml         | 22 +++++++---------------
 Containers/borgbackup/Dockerfile          |  1 +
 Containers/clamav/Dockerfile              |  2 +-
 Containers/collabora/Dockerfile           |  1 +
 Containers/docker-socket-proxy/Dockerfile |  1 +
 Containers/fulltextsearch/Dockerfile      |  1 +
 Containers/mastercontainer/Dockerfile     |  4 +++-
 Containers/nextcloud/Dockerfile           |  6 ++++--
 Containers/talk-recording/Dockerfile      |  2 +-
 Containers/watchtower/Dockerfile          |  1 +
 10 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index b13418d1..b1a2cd87 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -27,28 +27,20 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Install npm and dockerfilelint
+      - name: Install hadolint
         run: |
-          sudo apt-get update
-          sudo apt-get install nodejs npm -y --no-install-recommends
-          npm install -g dockerfilelint
-          wget https://github.com/replicatedhq/dockerfilelint/pull/201.patch -O /usr/local/lib/node_modules/dockerfilelint/201.patch
-          CURRENT_DIR=$PWD
-          cd /usr/local/lib/node_modules/dockerfilelint/
-          git apply 201.patch
-          cd $CURRENT_DIR
-          cat << RULES > ./.dockerfilelintrc
-          rules:
-            sudo_usage: off
-          RULES
+          sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
+          sudo chmod +x /usr/bin/hadolint
 
       - name: run lint
         run: |
           DOCKERFILES="$(find ./Containers -name Dockerfile)"
           mapfile -t DOCKERFILES <<< "$DOCKERFILES"
           for file in "${DOCKERFILES[@]}"; do
-            dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
+            # DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
+            # DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
+            hadolint "$file" --ignore DL3018 --ignore DL4006 | tee -a ./hadolint.log
           done
-          if grep "^Issues: [0-9]" ./dockerfilelint.log; then
+          if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
             exit 1
           fi
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index cac1f947..0fcdfced 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -16,6 +16,7 @@ VOLUME /root
 COPY --chmod=770 *.sh /
 
 ENTRYPOINT ["/start.sh"]
+# hadolint ignore=DL3002
 USER root
 
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 2d1fb25c..94f8a229 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -5,7 +5,7 @@ COPY clamav.conf /tmp/clamav.conf
 
 RUN set -ex; \
     apk add --no-cache tzdata; \
-    cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
+    cat /tmp/clamav.conf > /etc/clamav/clamd.conf; \
     rm /tmp/clamav.conf; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index efa16079..01bf66d8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -3,6 +3,7 @@ FROM collabora/code:23.05.4.1.1
 
 USER root
 
+# hadolint ignore=DL3008
 RUN set -ex; \
     \
     apt-get update; \
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 7dd94c99..188cb2c2 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,6 @@
 FROM haproxy:2.8.3-alpine3.18
 
+# hadolint ignore=DL3002
 USER root
 ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
 RUN set -ex; \
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8468a552..d51f5cb2 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -3,6 +3,7 @@ FROM elasticsearch:8.10.1
 
 USER root
 
+# hadolint ignore=DL3008
 RUN set -ex; \
     \
     export DEBIAN_FRONTEND=noninteractive; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index efef5a6f..52172ae2 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -16,6 +16,7 @@ COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 
 WORKDIR /var/www/docker-aio
 
+# hadolint ignore=SC2086,DL3047,DL3003,DL3004
 RUN set -ex; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
@@ -50,7 +51,7 @@ RUN set -ex; \
             | sort -u \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
-    apk add --virtual .nextcloud-aio-rundeps $runDeps; \
+    apk add --no-cache --virtual .nextcloud-aio-rundeps $runDeps; \
     apk del .build-deps; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
@@ -120,6 +121,7 @@ COPY --chmod=664 Caddyfile /Caddyfile
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
+# hadolint ignore=DL3002
 USER root
 
 ENTRYPOINT ["/start.sh"]
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e7623055..70e73bdf 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -16,6 +16,7 @@ VOLUME /mnt/ncdata
 VOLUME /var/www/html
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
+# hadolint ignore=SC2086,DL3003
 RUN set -ex; \
     apk add --no-cache shadow; \
     deluser www-data; \
@@ -85,7 +86,7 @@ RUN set -ex; \
             | sort -u \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
-    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
     apk del .build-deps; \
     \
 # set recommended PHP.ini settings
@@ -170,7 +171,7 @@ RUN set -ex; \
             | sort -u \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
-    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
     apk del .build-deps; \
     \
     mkdir -p \
@@ -219,6 +220,7 @@ RUN set -ex; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
+# hadolint ignore=DL3002
 USER root
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 03da749d..b5228ae5 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -30,7 +30,7 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
     mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
-    python3 -m pip install /src/recording/src; \
+    python3 -m pip install --no-cache-dir /src/recording/src; \
     rm -rf /src; \
     touch /etc/recording.conf; \
     chown recording:recording -R \
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 3c5889f7..ffa4ac5e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -8,6 +8,7 @@ COPY --from=watchtower /watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 
+# hadolint ignore=DL3002
 USER root
 
 ENTRYPOINT ["/start.sh"]

From dbdefe273f76051f5faa91bc929b48d20b12b975 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 26 Sep 2023 15:57:22 +0200
Subject: [PATCH 1519/3949] remove justinrainbow/json-schema again

Signed-off-by: Simon L <szaimen@e.mail.de>
Co-Authored-By: szaimen <szaimen@users.noreply.github.com>
---
 php/composer.json                      |  3 +-
 php/composer.lock                      | 84 +++-----------------------
 php/src/ContainerDefinitionFetcher.php | 18 +-----
 3 files changed, 9 insertions(+), 96 deletions(-)

diff --git a/php/composer.json b/php/composer.json
index 017d2731..32488056 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -16,8 +16,7 @@
         "http-interop/http-factory-guzzle": "^1.2",
         "slim/twig-view": "^3.3",
         "slim/csrf": "^1.3",
-        "ext-apcu": "*",
-        "justinrainbow/json-schema": "^5.2"
+        "ext-apcu": "*"
     },
     "scripts": {
 		"psalm": "psalm --threads=1",
diff --git a/php/composer.lock b/php/composer.lock
index 5882ec19..f3eb57b8 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "3cbf9ef41575f504b9bdbc8dbe8562e3",
+    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -389,76 +389,6 @@
             },
             "time": "2021-07-21T13:50:14+00:00"
         },
-        {
-            "name": "justinrainbow/json-schema",
-            "version": "5.2.12",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/justinrainbow/json-schema.git",
-                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/justinrainbow/json-schema/zipball/ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
-                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=5.3.3"
-            },
-            "require-dev": {
-                "friendsofphp/php-cs-fixer": "~2.2.20||~2.15.1",
-                "json-schema/json-schema-test-suite": "1.2.0",
-                "phpunit/phpunit": "^4.8.35"
-            },
-            "bin": [
-                "bin/validate-json"
-            ],
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "5.0.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "JsonSchema\\": "src/JsonSchema/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Bruno Prieto Reis",
-                    "email": "bruno.p.reis@gmail.com"
-                },
-                {
-                    "name": "Justin Rainbow",
-                    "email": "justin.rainbow@gmail.com"
-                },
-                {
-                    "name": "Igor Wiedler",
-                    "email": "igor@wiedler.ch"
-                },
-                {
-                    "name": "Robert Schönthal",
-                    "email": "seroscho@googlemail.com"
-                }
-            ],
-            "description": "A library to validate a json schema.",
-            "homepage": "https://github.com/justinrainbow/json-schema",
-            "keywords": [
-                "json",
-                "schema"
-            ],
-            "support": {
-                "issues": "https://github.com/justinrainbow/json-schema/issues",
-                "source": "https://github.com/justinrainbow/json-schema/tree/5.2.12"
-            },
-            "time": "2022-04-13T08:02:27+00:00"
-        },
         {
             "name": "laravel/serializable-closure",
             "version": "v1.3.1",
@@ -793,16 +723,16 @@
         },
         {
             "name": "psr/http-client",
-            "version": "1.0.2",
+            "version": "1.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-client.git",
-                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31"
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-client/zipball/0955afe48220520692d2d09f7ab7e0f93ffd6a31",
-                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
                 "shasum": ""
             },
             "require": {
@@ -839,9 +769,9 @@
                 "psr-18"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-client/tree/1.0.2"
+                "source": "https://github.com/php-fig/http-client"
             },
-            "time": "2023-04-10T20:12:12+00:00"
+            "time": "2023-09-23T14:17:50+00:00"
         },
         {
             "name": "psr/http-factory",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 3438b889..63c46064 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -12,7 +12,6 @@ use AIO\Container\State\RunningState;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Docker\DockerActionManager;
-use JsonSchema\Validator;
 
 class ContainerDefinitionFetcher
 {
@@ -41,27 +40,12 @@ class ContainerDefinitionFetcher
         throw new \Exception("The provided id " . $id . " was not found in the container definition.");
     }
 
-    private function validateJson(object $data): void {
-        // Validate against json schema
-        $validator = new Validator;
-        $validator->validate($data, (object)[file_get_contents(__DIR__ . '/../containers-schema.json')]);
-        if (!$validator->isValid()) {
-            error_log("JSON does not validate. Violations:");
-            foreach ($validator->getErrors() as $error) {
-                error_log((string)printf("[%s] %s\n", $error['property'], $error['message']));
-            }
-        }
-    }
-
     /**
      * @return array
      */
     private function GetDefinition(bool $latest): array
     {
-        $rawData = file_get_contents(__DIR__ . '/../containers.json');
-        $objectData = json_decode($rawData, false);
-        $this->validateJson($objectData);
-        $data = json_decode($rawData, true);
+        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
 
         $containers = [];
         foreach ($data['aio_services_v1'] as $entry) {

From f59707b065cbd76612bfa7a9d91cabab733ce606 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 11:00:50 +0200
Subject: [PATCH 1520/3949] Downgrade to 27.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e1ce9a29..0a494e9a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.23-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.1
+ENV NEXTCLOUD_VERSION 27.1.0
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 6e17dec951396b8e2f0eb6b11f129f1de3e08c36 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Sep 2023 14:26:42 +0200
Subject: [PATCH 1521/3949] require image_tag and add %AIO_CHANNEL% variable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          |  1 +
 php/containers-schema.json             |  4 ++--
 php/containers.json                    | 16 ++++++++++++++++
 php/src/ContainerDefinitionFetcher.php |  2 +-
 php/src/Docker/DockerActionManager.php |  4 ++--
 5 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 7067133e..df066696 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -17,6 +17,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index d608895a..9a4fae30 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -10,7 +10,7 @@
 				"type": "object",
 				"additionalProperties": false,
 				"minProperties": 2,
-				"required": ["image", "container_name"],
+				"required": ["image", "container_name", "image_tag"],
 				"properties": {
 					"image": {
 						"type": "string",
@@ -98,7 +98,7 @@
 					},
 					"image_tag": {
 						"type": "string",
-						"pattern": "^[a-z0-9.-]+$"
+						"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
 					},
 					"devices": {
 						"type": "array",
diff --git a/php/containers.json b/php/containers.json
index 77935415..75e6f830 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -2,6 +2,7 @@
   "aio_services_v1": [
     {
       "container_name": "nextcloud-aio-apache",
+      "image_tag": "%AIO_CHANNEL%",
       "depends_on": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
@@ -68,6 +69,7 @@
     },
     {
       "container_name": "nextcloud-aio-database",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
       "init": true,
@@ -114,6 +116,7 @@
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
+      "image_tag": "%AIO_CHANNEL%",
       "depends_on": [
         "nextcloud-aio-database",
         "nextcloud-aio-redis",
@@ -221,6 +224,7 @@
     },
     {
       "container_name": "nextcloud-aio-notify-push",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Notify Push",
       "image": "nextcloud/aio-notify-push",
       "init": true,
@@ -257,6 +261,7 @@
     },
     {
       "container_name": "nextcloud-aio-redis",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
       "init": true,
@@ -288,6 +293,7 @@
     },
     {
       "container_name": "nextcloud-aio-collabora",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "init": true,
@@ -317,6 +323,7 @@
     },
     {
       "container_name": "nextcloud-aio-talk",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
       "init": true,
@@ -368,6 +375,7 @@
     },
     {
       "container_name": "nextcloud-aio-talk-recording",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
       "init": true,
@@ -401,6 +409,7 @@
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
+      "image_tag": "%AIO_CHANNEL%",
       "image": "nextcloud/aio-borgbackup",
       "init": true,
       "environment": [
@@ -463,6 +472,7 @@
     },
     {
       "container_name": "nextcloud-aio-watchtower",
+      "image_tag": "%AIO_CHANNEL%",
       "image": "nextcloud/aio-watchtower",
       "init": true,
       "environment": [
@@ -479,6 +489,7 @@
     },
     {
       "container_name": "nextcloud-aio-domaincheck",
+      "image_tag": "%AIO_CHANNEL%",
       "image": "nextcloud/aio-domaincheck",
       "init": true,
       "ports": [
@@ -505,6 +516,7 @@
     },
     {
       "container_name": "nextcloud-aio-clamav",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
       "init": false,
@@ -539,6 +551,7 @@
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
       "init": true,
@@ -576,6 +589,7 @@
     },
     {
       "container_name": "nextcloud-aio-imaginary",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
       "init": true,
@@ -603,6 +617,7 @@
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "init": false,
@@ -642,6 +657,7 @@
     },
     {
       "container_name": "nextcloud-aio-docker-socket-proxy",
+      "image_tag": "%AIO_CHANNEL%",
       "display_name": "Docker Socket Proxy",
       "image": "nextcloud/aio-docker-socket-proxy",
       "init": true,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 63c46064..19e0d3bb 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -269,7 +269,7 @@ class ContainerDefinitionFetcher
                 $init = $entry['init'];
             }
 
-            $imageTag = '';
+            $imageTag = '%AIO_CHANNEL%';
             if (isset($entry['image_tag'])) {
                 $imageTag = $entry['image_tag'];
             }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 673a2f12..738ae8b7 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -49,7 +49,7 @@ class DockerActionManager
 
     private function BuildImageName(Container $container) : string {
         $tag = $container->GetImageTag();
-        if ($tag === '') {
+        if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
         return $container->GetContainerName() . ':' . $tag;
@@ -100,7 +100,7 @@ class DockerActionManager
     public function GetContainerUpdateState(Container $container) : IContainerState
     {
         $tag = $container->GetImageTag();
-        if ($tag === '') {
+        if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 

From f221ab7655aec9e4c9b3df16759ac5c65d3b76cc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 May 2023 12:00:44 +0200
Subject: [PATCH 1522/3949] add fail2ban as example container for testing
 purposes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml        |  8 +++++++
 community-containers/fail2ban/fail2ban.json | 26 +++++++++++++++++++++
 community-containers/fail2ban/readme.md     |  1 +
 community-containers/readme.md              |  1 +
 php/containers-schema.json                  |  4 ++--
 php/src/Docker/DockerActionManager.php      |  4 +++-
 6 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 community-containers/fail2ban/fail2ban.json
 create mode 100644 community-containers/fail2ban/readme.md
 create mode 100644 community-containers/readme.md

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 7640c541..4a3967f9 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -23,3 +23,11 @@ jobs:
           sudo apt-get install python3-pip -y --no-install-recommends
           sudo pip3 install json-spec
           json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
+          JSON_FILES="$(find ./community-containers -name '*.json')"
+          mapfile -t JSON_FILES <<< "$JSON_FILES"
+          for file in "${JSON_FILES[@]}"; do
+            json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
+          done
+          if grep "Exception: document does not validate with schema." ./json-validator.log; then
+            exit 1
+          fi
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
new file mode 100644
index 00000000..af9c8eeb
--- /dev/null
+++ b/community-containers/fail2ban/fail2ban.json
@@ -0,0 +1,26 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-fail2ban",
+            "display_name": "Fail2ban",
+            "image": "szaimen/aio-fail2ban",
+            "image_tag": "%AIO_CHANNEL%",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "cap_add": [
+                "NET_ADMIN",
+                "NET_RAW"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_nextcloud",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ]
+        }
+    ]
+}
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
new file mode 100644
index 00000000..ef5ac7fd
--- /dev/null
+++ b/community-containers/fail2ban/readme.md
@@ -0,0 +1 @@
+This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.
\ No newline at end of file
diff --git a/community-containers/readme.md b/community-containers/readme.md
new file mode 100644
index 00000000..19877266
--- /dev/null
+++ b/community-containers/readme.md
@@ -0,0 +1 @@
+## This is a WIP and not working yet!
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 9a4fae30..1f549027 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -39,7 +39,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z ]+$"
+						"pattern": "^[A-Za-z 0-9]+$"
 					},
 					"environment": {
 						"type": "array",
@@ -51,7 +51,7 @@
 					},
 					"container_name": {
 						"type": "string",
-						"pattern": "^nextcloud-aio-[a-z-]+$"
+						"pattern": "^nextcloud-aio-[a-z-0-9]+$"
 					},
 					"internal_port": {
 						"type": "string",
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 738ae8b7..26cef960 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -477,7 +477,9 @@ class DockerActionManager
         }
 
         // Disable arp spoofing
-        $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+        if (!in_array('NET_RAW', $capAdds, true)) {
+            $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+        }
 
         if ($container->isApparmorUnconfined()) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];

From bbda78001df8d4a8ed7baee6dbc072215522abed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Sep 2023 12:50:48 +0000
Subject: [PATCH 1523/3949] Bump clamav/clamav from 1.2.0-1 to 1.2.0-6 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.0-1 to 1.2.0-6.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 94f8a229..0c6b116c 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-1
+FROM clamav/clamav:1.2.0-6
 
 COPY clamav.conf /tmp/clamav.conf
 

From ca3466759fb6af1f69a4da97a53f04db0cff1901 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 16:29:20 +0200
Subject: [PATCH 1524/3949] add community-container validator

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/community-containers.yml | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/community-containers.yml

diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
new file mode 100644
index 00000000..2df5173d
--- /dev/null
+++ b/.github/workflows/community-containers.yml
@@ -0,0 +1,37 @@
+name: Validate community containers
+
+on:
+  pull_request:
+    paths:
+      - 'community-containers/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'community-containers/**'
+
+jobs:
+  validator-community-containers:
+    name: Validate community containers
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Validate structure
+        run: |
+          CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
+          mapfile -t CONTAINERS <<< "$CONTAINERS"
+          for container in "${CONTAINERS[@]}"; do
+            container="$(echo "$container" | sed 's|./community-containers/||')"
+            if ! [ -f ./community-containers/"$container"/"$container.json" ]; then
+                echo ".json file must be named like its parent folder $container"
+                FAIL=1
+            fi
+            if ! [ -f ./community-containers/"$container"/readme.md ]; then
+                echo "There must be a readme.md file in the folder!"
+                FAIL=1
+            fi
+            if [ -n "$FAIL" ]; then
+                exit 1
+            fi
+          done

From 7661b9fb3a99f1c6ed3ed6e74b5e4b113c078c99 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 16:40:18 +0200
Subject: [PATCH 1525/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 1f549027..d82338c8 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -51,7 +51,7 @@
 					},
 					"container_name": {
 						"type": "string",
-						"pattern": "^nextcloud-aio-[a-z-0-9]+$"
+						"pattern": "^nextcloud-aio-[a-z0-9-]+$"
 					},
 					"internal_port": {
 						"type": "string",

From dbb08337171b29f9069ca8b7b3a9c6e0460ac7ee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 17:03:04 +0200
Subject: [PATCH 1526/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 5ca9da6c..01ed09e4 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -38,7 +38,7 @@ set +x
 
 sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
 sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "listen.allowed_clients/s/,,//" /usr/local/etc/php-fpm.d/www.conf
+sed -i "listen.allowed_clients/s/,,/,/" /usr/local/etc/php-fpm.d/www.conf
 sed -i "listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
 grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 

From 2a746863b9b32f97b2dc09eab0ca23a9f2a06840 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 17:40:42 +0200
Subject: [PATCH 1527/3949] allow to specify AIO_COMMUNITY_CONTAINERS

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile   |  2 +-
 Containers/mastercontainer/start.sh     | 14 ++++++++++++++
 community-containers/readme.md          |  2 ++
 php/src/Data/ConfigurationManager.php   | 11 +++++++++++
 php/src/Data/DataConst.php              |  4 ++++
 tests/QA/060-environmental-variables.md |  1 +
 6 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 52172ae2..4e35534b 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -65,7 +65,7 @@ RUN set -ex; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -exec rm -r {} \; ; \
+    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 470d5ea4..1c26b099 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -241,6 +241,20 @@ It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
         exit 1
     fi
 fi
+if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
+    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
+    for container in "${AIO_CCONTAINERS[@]}"; do
+        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
+            echo "The community container $container was not found!"
+            FAIL_CCONTAINERS=1
+        fi
+    done
+    if [ -n "$FAIL_CCONTAINERS" ]; then
+        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
+It is set to '$AIO_COMMUNITY_CONTAINERS'."
+        exit 1
+    fi
+fi
 
 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 19877266..a5ecce85 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -1 +1,3 @@
 ## This is a WIP and not working yet!
+
+You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0116a780..5bb295b5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -874,6 +874,17 @@ class ConfigurationManager
         }
     }
 
+    private function GetCommunityContainers() : string {
+        $envVariableName = 'AIO_COMMUNITY_CONTAINERS';
+        $configName = 'aio_community_containers';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetEnabledCommunityContainers() : array {
+        return explode(' ', $this->GetCommunityContainers());
+    }
+
     private function GetEnabledDriDevice() : string {
         $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
         $configName = 'nextcloud_enable_dri_device';
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 7ac3527e..2512b7fb 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -50,4 +50,8 @@ class DataConst {
     public static function GetSessionDateFile() : string {
         return self::GetDataDirectory() . '/session_date_file';
     }
+
+    public static function GetCommunityContainersDirectory() : string {
+        return realpath(__DIR__ . '/../../../community-containers/');
+    }
 }
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index f61efefe..488ae8e0 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -21,5 +21,6 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
+- [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From ea32a33fc6f84797a9060353ad391a77ff8b41f3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 18:09:03 +0200
Subject: [PATCH 1528/3949] fail2ban - change image_tag to 1.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/fail2ban/fail2ban.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index af9c8eeb..e09af502 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-fail2ban",
             "display_name": "Fail2ban",
             "image": "szaimen/aio-fail2ban",
-            "image_tag": "%AIO_CHANNEL%",
+            "image_tag": "1.0.0",
             "internal_port": "host",
             "restart": "unless-stopped",
             "cap_add": [

From 538ee321a9b8eea4d967666bd9ff8e8b949dc221 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 18:46:25 +0200
Subject: [PATCH 1529/3949] fail2ban - change to v1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/fail2ban/fail2ban.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index e09af502..f6844a26 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-fail2ban",
             "display_name": "Fail2ban",
             "image": "szaimen/aio-fail2ban",
-            "image_tag": "1.0.0",
+            "image_tag": "v1",
             "internal_port": "host",
             "restart": "unless-stopped",
             "cap_add": [

From b276532f58fb39b2a50d9b73106c82b9f856ce7c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 20:26:51 +0200
Subject: [PATCH 1530/3949] eturnal - set blacklist_peers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 Containers/talk/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fbe1c0e2..255a2814 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 FROM nats:2.10.1-scratch as nats
-FROM eturnal/eturnal:1.11.1 AS eturnal
+FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.3 as janus
 
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index b168518e..d53c396b 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -38,7 +38,7 @@ eturnal:
   secret: "$TURN_SECRET"
   relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
-  blacklist:
+  blacklist_peers:
   - recommended
   whitelist:
   - 127.0.0.1

From ac890f046b043bf4b51fda0bbc590894535d59de Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 20:23:25 +0200
Subject: [PATCH 1531/3949] merge containers.json and make sure they depend on
 the apache container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 51 ++++++++++----------------
 1 file changed, 19 insertions(+), 32 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 19e0d3bb..a26779a9 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -43,10 +43,20 @@ class ContainerDefinitionFetcher
     /**
      * @return array
      */
-    private function GetDefinition(bool $latest): array
+    private function GetDefinition(): array
     {
         $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
 
+        $additionalContainerNames = [];
+        foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
+            if ($communityContainer !== '') {
+                $path = DataConst::GetCommunityContainersDirectory() . $communityContainer . '/' . $communityContainer . '.json';
+                $additionalData = json_decode(file_get_contents($path), true);
+                $data = array_merge_recursive($data, $additionalData);
+                $additionalContainerNames[] = $additionalData['aio_services_v1'][]['container_name'];
+            }
+        }
+
         $containers = [];
         foreach ($data['aio_services_v1'] as $entry) {
             if ($entry['container_name'] === 'nextcloud-aio-clamav') {
@@ -154,7 +164,13 @@ class ContainerDefinitionFetcher
 
             $dependsOn = [];
             if (isset($entry['depends_on'])) {
-                foreach ($entry['depends_on'] as $value) {
+                $valueDependsOn = $entry['depends_on'];
+                if ($entry['container_name'] === 'nextcloud-aio-apache') {
+                    foreach ($additionalContainerNames as $containerName) {
+                        $valueDependsOn[] = $containerName;
+                    }
+                }
+                foreach ($valueDependsOn as $value) {
                     if ($value === 'nextcloud-aio-clamav') {
                         if (!$this->configurationManager->isClamavEnabled()) {
                             continue;
@@ -305,35 +321,6 @@ class ContainerDefinitionFetcher
 
     public function FetchDefinition(): array
     {
-        if (!file_exists(DataConst::GetDataDirectory() . '/containers.json')) {
-            $containers = $this->GetDefinition(true);
-        } else {
-            $containers = $this->GetDefinition(false);
-        }
-
-        $borgBackupMode = $this->configurationManager->GetBorgBackupMode();
-        $fetchLatest = false;
-
-        foreach ($containers as $container) {
-
-            if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
-                if ($container->GetRunningState() === RunningState::class) {
-                    if ($borgBackupMode !== 'backup' && $borgBackupMode !== 'restore') {
-                        $fetchLatest = true;
-                    }
-                } else {
-                    $fetchLatest = true;
-                }
-
-            } elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' && $container->GetRunningState() === RunningState::class) {
-                return $containers;
-            }
-        }
-
-        if ($fetchLatest === true) {
-            $containers = $this->GetDefinition(true);
-        }
-
-        return $containers;
+        return $this->GetDefinition();
     }
 }

From 3104d6e2cc458c24ba061348f7a65eb576e85c57 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 20:52:21 +0200
Subject: [PATCH 1532/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a26779a9..0d48b602 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -53,7 +53,7 @@ class ContainerDefinitionFetcher
                 $path = DataConst::GetCommunityContainersDirectory() . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode(file_get_contents($path), true);
                 $data = array_merge_recursive($data, $additionalData);
-                $additionalContainerNames[] = $additionalData['aio_services_v1'][]['container_name'];
+                $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
             }
         }
 

From 71484bf63124988f9988ea6747794f421ab18e1b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 20:53:14 +0200
Subject: [PATCH 1533/3949] clamav - fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 0c6b116c..5fccf094 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -5,7 +5,7 @@ COPY clamav.conf /tmp/clamav.conf
 
 RUN set -ex; \
     apk add --no-cache tzdata; \
-    cat /tmp/clamav.conf > /etc/clamav/clamd.conf; \
+    cat /tmp/clamav.conf >> /etc/clamav/clamd.conf; \
     rm /tmp/clamav.conf; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \

From 10326e19117fd20de8bc3fa30ac898e8ec76971a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 20:58:12 +0200
Subject: [PATCH 1534/3949] add additional disadvantage to manual-install and
 helm-chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/readme.md           | 1 +
 nextcloud-aio-helm-chart/readme.md | 1 +
 2 files changed, 2 insertions(+)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 602488e6..def74197 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -11,6 +11,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
+- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers
 - **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index d3959df6..33050525 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -10,6 +10,7 @@ You can run the containers that are build for AIO with Kubernetes using this Hel
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
+- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers
 - **You need to know what you are doing**
 - For updating, you need to strictly follow the at the bottom described update routine
 - You need to monitor yourself if the volumes have enough free space and increase them if they don't by adjusting their size in values.yaml

From 4b134a52897b5f4e1d7eca3d84d5a178140ef3b9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 21:10:56 +0200
Subject: [PATCH 1535/3949] fix detail with listen.allowed_clients

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 01ed09e4..91a1c450 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -38,8 +38,8 @@ set +x
 
 sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
 sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "listen.allowed_clients/s/,,/,/" /usr/local/etc/php-fpm.d/www.conf
-sed -i "listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
 grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
@@ -136,7 +136,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
                     | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
             )";
             # shellcheck disable=SC2086
-            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
             apk del .build-deps >/dev/null
         fi
     fi

From ebe4a9b44f62ca26be831ba6c742853e65489e6a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 21:28:44 +0200
Subject: [PATCH 1536/3949] add whitelist_peers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index d53c396b..01287157 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -40,7 +40,7 @@ eturnal:
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
   blacklist_peers:
   - recommended
-  whitelist:
+  whitelist_peers:
   - 127.0.0.1
   - ::1
   - "$IPv4_ADDRESS_TALK"

From 2e928e43b33ed9363f3a79f4129edb4a614a3425 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 21:33:35 +0200
Subject: [PATCH 1537/3949] Revert "nextcloud - limit access to php-fpm"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 91a1c450..ea5f9293 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -25,23 +25,6 @@ if [ -f "/var/www/html/config/config.php" ]; then
     fi
 fi
 
-set -x
-IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-IPv4_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-IPv4_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-set +x
-
-sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
-
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
 if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"

From f5f8c836d21a0503d223971c7717880b62145357 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 26 Sep 2023 15:50:16 +0200
Subject: [PATCH 1538/3949] mastercontainer - use Caddy for generating
 self-singed cert

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile           |  9 ++++++++-
 Containers/mastercontainer/Dockerfile          | 15 +++------------
 .../mastercontainer/mastercontainer.conf       | 13 -------------
 Containers/mastercontainer/start.sh            | 18 ------------------
 4 files changed, 11 insertions(+), 44 deletions(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index ba6a281d..404a1507 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -21,7 +21,14 @@
 }
 
 http://:80 {
-  redir https://{host}{uri}
+    redir https://{host}{uri}
+}
+
+https://:8080 {
+    reverse_proxy localhost:8000
+    tls internal {
+        on_demand
+    }
 }
 
 https://:8443 {
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 4e35534b..75a0757f 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -23,6 +23,7 @@ RUN set -ex; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
+    apk del --no-cache shadow; \
     \
     apk add --no-cache \
         util-linux-misc \
@@ -31,10 +32,9 @@ RUN set -ex; \
         bash \
         apache2 \
         apache2-proxy \
-        apache2-ssl \
         supervisor \
-        openssl \
         sudo \
+        nss \
         netcat-openbsd \
         curl \
         grep; \
@@ -65,6 +65,7 @@ RUN set -ex; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
+    apk del --no-cache git; \
     find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
@@ -77,10 +78,6 @@ RUN set -ex; \
     rm -r php/data; \
     rm -r php/session; \
     \
-    mkdir -p /etc/apache2/certs; \
-    cd /etc/apache2/certs; \
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
-    \
     sed -i \
             -e '/^Listen /d' \
             -e 's/^LogLevel .*/LogLevel error/' \
@@ -99,13 +96,7 @@ RUN set -ex; \
             -e 's/\(ScriptAlias \)/#\1/' \
         /etc/apache2/httpd.conf; \
         mkdir -p /etc/apache2/logs; \
-        rm /etc/apache2/conf.d/ssl.conf; \
         echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
-        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
-        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
-        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
-        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
-        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
         echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
     \
     rm -f /etc/apache2/conf.d/default.conf \
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 701cb420..0d12e406 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -38,19 +38,6 @@ Listen 8080
     </Directory>
 </VirtualHost>
 
-# Https host
-<VirtualHost *:8080>
-    # Proxy to https
-    ProxyPass / http://localhost:8000/
-    ProxyPassReverse / http://localhost:8000/
-    ProxyPreserveHost On
-    # SSL
-    SSLCertificateKeyFile /etc/apache2/certs/ssl.key
-    SSLCertificateFile /etc/apache2/certs/ssl.crt
-    SSLEngine               on
-    SSLProtocol             -all +TLSv1.2 +TLSv1.3
-</VirtualHost>
-
 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 1c26b099..336ccb19 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -300,7 +300,6 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
-mkdir -p /mnt/docker-aio-config/certs/ 
 
 # Adjust permissions for all instances
 chmod 770 -R /mnt/docker-aio-config
@@ -308,7 +307,6 @@ chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
-chown root:root -R /mnt/docker-aio-config/certs/
 
 # Don't allow access to the AIO interface from the Nextcloud container
 # Probably more cosmetic than anything but at least an attempt
@@ -324,22 +322,6 @@ allow from all
 APACHE_CONF
 fi
 
-# Adjust certs
-GENERATED_CERTS="/mnt/docker-aio-config/certs"
-TMP_CERTS="/etc/apache2/certs"
-mkdir -p "$GENERATED_CERTS"
-cd "$GENERATED_CERTS" || exit 1
-if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
-fi
-if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
-    cd "$TMP_CERTS" || exit 1
-    rm ./ssl.crt
-    rm ./ssl.key
-    cp "$GENERATED_CERTS/ssl.crt" ./
-    cp "$GENERATED_CERTS/ssl.key" ./
-fi
-
 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080

From 131dc62508063297c80c7d456b7aefa3f84f63a6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 21:42:31 +0200
Subject: [PATCH 1539/3949] trust private ranges for port 8080

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index 404a1507..e78fe8f3 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -25,7 +25,9 @@ http://:80 {
 }
 
 https://:8080 {
-    reverse_proxy localhost:8000
+    reverse_proxy localhost:8000 {
+        trusted_proxies private_ranges
+    }
     tls internal {
         on_demand
     }

From 36baadc5591c904c1e1daf226b3198a45639c867 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 23:02:29 +0200
Subject: [PATCH 1540/3949] fix detail in $path for additional containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 0d48b602..f846a811 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -50,7 +50,7 @@ class ContainerDefinitionFetcher
         $additionalContainerNames = [];
         foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
             if ($communityContainer !== '') {
-                $path = DataConst::GetCommunityContainersDirectory() . $communityContainer . '/' . $communityContainer . '.json';
+                $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode(file_get_contents($path), true);
                 $data = array_merge_recursive($data, $additionalData);
                 $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];

From dc50106ac921d52a445390f59b5ec0f743724515 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 23:03:41 +0200
Subject: [PATCH 1541/3949] add docs on the community-containers feature

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/fail2ban/readme.md | 14 +++++++++++++-
 community-containers/readme.md          | 12 +++++++++++-
 readme.md                               |  2 +-
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index ef5ac7fd..1c1e59c6 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -1 +1,13 @@
-This is not working on Docker Desktop since it needs network_mode: host in order to work correctly.
\ No newline at end of file
+## Fail2ban
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically.
+
+### Notes
+- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-fail2ban
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/readme.md b/community-containers/readme.md
index a5ecce85..c68bbae1 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -1,3 +1,13 @@
-## This is a WIP and not working yet!
+# Community containers
+This directory features containers that are built for AIO which allows to add additional functionality very easily.
 
+## Disclaimers
+⚠️ This is currently beta and not stable yet!
+
+All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
+
+## How to use this?
 You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
+
+## How to add containers?
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban how it can look like. For a full-blown example, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
diff --git a/readme.md b/readme.md
index d797d452..834db74b 100644
--- a/readme.md
+++ b/readme.md
@@ -685,7 +685,7 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
 
 ### Fail2ban
-You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports))
+You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 
 ### LDAP
 It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container.

From 5448662fddfdc1e5df1eab485c8e8e9017a7cc5d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 00:37:44 +0200
Subject: [PATCH 1542/3949] add link also to requirements for new containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 834db74b..7d1d78fe 100644
--- a/readme.md
+++ b/readme.md
@@ -706,7 +706,7 @@ You can configure one yourself by using either of these three recommended projec
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 
 ### Requirements for integrating new containers
-For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it.
+For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it. Also there is this now: https://github.com/nextcloud/all-in-one/tree/main/community-containers
 
 What are the requirements?
 1. New containers must be related to Nextcloud. Related means that there must be a feature in Nextcloud that gets added by adding this container.

From 810bfa145001cfd77d96404b38b8b5a52e9fdd43 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 00:52:29 +0200
Subject: [PATCH 1543/3949] make text more verbose

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index c68bbae1..fa54ac2b 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -10,4 +10,4 @@ All containers that are in this directory are community maintained so the respon
 You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban how it can look like. For a full-blown example, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban how it can look like. For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From d9ec36797602c4080a5f037c22d54eafea259a14 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 01:05:44 +0200
Subject: [PATCH 1544/3949] improve json-schema with pattern for image

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index d82338c8..d039d205 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -14,7 +14,8 @@
 				"properties": {
 					"image": {
 						"type": "string",
-						"minLength": 1
+						"minLength": 1,
+						"pattern": "^[a-z0-9/-]+$"
 					},
 					"expose": {
 						"type": "array",

From b50a334cd0c1bac3eb54d53280c8a127276c5bd7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 10:52:59 +0200
Subject: [PATCH 1545/3949] fix helm chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 7ef94837..b159f5f3 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -42,6 +42,9 @@ sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cac
 sed -i 's|\${|{{ .Values.|g' latest.yml
 sed -i 's|}| }}|g' latest.yml
 yq -i 'del(.services.[].profiles)' latest.yml
+# Delete read_only and tmpfs setting while https://github.com/kubernetes/kubernetes/issues/48912 is not fixed
+yq -i 'del(.services.[].read_only)' latest.yml
+yq -i 'del(.services.[].tmpfs)' latest.yml
 cat latest.yml
 kompose convert -c -f latest.yml --namespace nextcloud-aio-namespace
 cd latest

From 49ba11f5590d2bd35dd520765638c18c8e37be1d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 11:19:07 +0200
Subject: [PATCH 1546/3949] community-containers - add plex

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/plex/plex.json | 37 +++++++++++++++++++++++++++++
 community-containers/plex/readme.md | 13 ++++++++++
 community-containers/readme.md      |  2 +-
 3 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/plex/plex.json
 create mode 100644 community-containers/plex/readme.md

diff --git a/community-containers/plex/plex.json b/community-containers/plex/plex.json
new file mode 100644
index 00000000..f539079a
--- /dev/null
+++ b/community-containers/plex/plex.json
@@ -0,0 +1,37 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-plex",
+            "display_name": "Plex",
+            "image": "plexinc/pms-docker",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "PLEX_UID=33",
+                "PLEX_GID=33"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_plex",
+                    "destination": "/config",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/data",
+                    "writeable": false
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "%NEXTCLOUD_MOUNT%",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
new file mode 100644
index 00000000..6ca511eb
--- /dev/null
+++ b/community-containers/plex/readme.md
@@ -0,0 +1,13 @@
+## Plex
+This container bundles Plex and auto-configures it for you.
+
+### Notes
+- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- After adding the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
+
+### Repository
+https://github.com/plexinc/pms-docker
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/readme.md b/community-containers/readme.md
index fa54ac2b..2d1d893d 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -10,4 +10,4 @@ All containers that are in this directory are community maintained so the respon
 You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban how it can look like. For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban or https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex. For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From 25c41a13048f13f9c99faf0ecc28b4c38ae69f77 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 11:51:53 +0200
Subject: [PATCH 1547/3949] add nextcloud_aio_plex to backup volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/plex/plex.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/community-containers/plex/plex.json b/community-containers/plex/plex.json
index f539079a..a0bc5231 100644
--- a/community-containers/plex/plex.json
+++ b/community-containers/plex/plex.json
@@ -31,6 +31,9 @@
             ],
             "devices": [
                 "/dev/dri"
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_plex"
             ]
         }
     ]

From c447a4defcc251c627c83cc8e48f003ff8114fb3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 12:24:07 +0200
Subject: [PATCH 1548/3949] some small improvements to docker-rootles and
 multiple-instances docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-rootless.md    | 2 +-
 multiple-instances.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index a3894a64..7e46cf49 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -5,7 +5,7 @@ You can run AIO with docker rootless by following the steps below.
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
 1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
+1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
diff --git a/multiple-instances.md b/multiple-instances.md
index d4065efa..fd457e62 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -7,7 +7,7 @@ Below is described more in detail how the the second way works.
 
 ## Run multiple AIO instances on the same server with docker rootless
 1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
-1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
+1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
 1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
 **⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
 1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).

From 39e12a7af1ee26f259eed79c03a69c3b5643b971 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 14:01:28 +0200
Subject: [PATCH 1549/3949] print red if community container was not found

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 1c26b099..6193cedb 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -245,7 +245,7 @@ if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
     read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
     for container in "${AIO_CCONTAINERS[@]}"; do
         if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            echo "The community container $container was not found!"
+            print_red "The community container $container was not found!"
             FAIL_CCONTAINERS=1
         fi
     done

From b9872f9c4a068bfa6d39f219ba151a460a64c187 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Sep 2023 14:03:02 +0200
Subject: [PATCH 1550/3949] add community-containers also to included features

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 7d1d78fe..c13cc5d1 100644
--- a/readme.md
+++ b/readme.md
@@ -43,6 +43,7 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
+- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)

From c1a7c085cf9c0c87b60e81681892a112f79c8379 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 11:30:33 +0200
Subject: [PATCH 1551/3949] helm-chart - remove hostport from deployment

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index b159f5f3..86579ff5 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -127,6 +127,8 @@ find ./ -name '*deployment.yaml' -exec sed -i "/medium: Memory/d" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  

From 5a4f027478a98e142a097292f9061a2fc3eb571d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 11:53:11 +0200
Subject: [PATCH 1552/3949] create a release.yml

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/release.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/release.yml

diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 00000000..6bf365c3
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,14 @@
+changelog:
+  categories:
+    - title: 🏕 New features or other improvements
+      labels:
+        - enhancement
+    - title: 🐞 Fixed bugs
+      labels:
+        - bug
+    - title: 👒 Updated dependencies
+      labels:
+        - dependencies
+    - title: 📄 Improved documentation
+      labels:
+        - documentation

From 726c7589b28a625cab8bbce3ff5f1cf4134dd504 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 12:11:47 +0200
Subject: [PATCH 1553/3949] use and instead of or

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/release.yml b/.github/release.yml
index 6bf365c3..e636d746 100644
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,6 +1,6 @@
 changelog:
   categories:
-    - title: 🏕 New features or other improvements
+    - title: 🏕 New features and other improvements
       labels:
         - enhancement
     - title: 🐞 Fixed bugs

From bdc5181ae5ce133adecfaad88f4dc21552575c91 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 12:11:09 +0000
Subject: [PATCH 1554/3949] Bump alpine from 3.18.3 to 3.18.4 in
 /Containers/imaginary

Bumps alpine from 3.18.3 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 1fb68dff..31047633 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.3
+FROM alpine:3.18.4
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

From e3d0841841d7319052b9f7cc94bc44492b55576c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 12:11:20 +0000
Subject: [PATCH 1555/3949] Bump alpine from 3.18.2 to 3.18.4 in
 /Containers/talk

Bumps alpine from 3.18.2 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 255a2814..6a051669 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 FROM nats:2.10.1-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
-FROM alpine:3.18.3 as janus
+FROM alpine:3.18.4 as janus
 
 ARG JANUS_VERSION=v0.14.0
 WORKDIR /src
@@ -33,7 +33,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.18.2
+FROM alpine:3.18.4
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     /usr/local                          /usr/local
 COPY --from=eturnal   /opt/eturnal                        /opt/eturnal

From e82ad51c9f362079b3d5e32c767987cf8889b9f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 12:38:30 +0000
Subject: [PATCH 1556/3949] Bump alpine from 3.18.3 to 3.18.4 in
 /Containers/borgbackup

Bumps alpine from 3.18.3 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 0fcdfced..f6e6853c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.3
+FROM alpine:3.18.4
 
 RUN set -ex; \
     \

From af292a1cff5b0a4d45236160b9c03aec5ebdb933 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 12:51:18 +0000
Subject: [PATCH 1557/3949] Bump alpine from 3.18.3 to 3.18.4 in
 /Containers/domaincheck

Bumps alpine from 3.18.3 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 08e7dbe0..7019215f 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.3
+FROM alpine:3.18.4
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \

From 9d640fa9d678c2b522ef069abafa5bc66651014a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 15:03:04 +0200
Subject: [PATCH 1558/3949] add additional notes to plex

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/plex/readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index 6ca511eb..2e05ffea 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -2,9 +2,11 @@
 This container bundles Plex and auto-configures it for you.
 
 ### Notes
+- This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
+- After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
-- After adding the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
 
 ### Repository
 https://github.com/plexinc/pms-docker

From 3202e20dd98578204e9320da7303f635c2ba3013 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 13:03:53 +0000
Subject: [PATCH 1559/3949] Bump alpine from 3.18.3 to 3.18.4 in
 /Containers/watchtower

Bumps alpine from 3.18.3 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ffa4ac5e..61a2a403 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.18.3
+FROM alpine:3.18.4
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

From 1fda79c9e7e86e7c2f250b810c44accda18009c3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 15:47:14 +0200
Subject: [PATCH 1560/3949] community-containers - add vaultwarden

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/fail2ban/fail2ban.json   |  5 ++
 community-containers/fail2ban/readme.md       |  2 +-
 community-containers/plex/readme.md           |  1 +
 community-containers/vaultwarden/readme.md    | 16 +++++++
 .../vaultwarden/vaultwarden.json              | 47 +++++++++++++++++++
 5 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/vaultwarden/readme.md
 create mode 100644 community-containers/vaultwarden/vaultwarden.json

diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index f6844a26..1a41a200 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -19,6 +19,11 @@
                     "source": "nextcloud_aio_nextcloud",
                     "destination": "/nextcloud",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_vaultwarden_logs",
+                    "destination": "/vaultwarden",
+                    "writeable": false
                 }
             ]
         }
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 1c1e59c6..62e5a9f2 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
 
 ### Notes
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index 2e05ffea..b340dcaf 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -6,6 +6,7 @@ This container bundles Plex and auto-configures it for you.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
 - After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
+- The data of Plex will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
new file mode 100644
index 00000000..9c58a62e
--- /dev/null
+++ b/community-containers/vaultwarden/readme.md
@@ -0,0 +1,16 @@
+## Vaultwarden
+This container bundles vaultwarden and auto-configures it for you.
+
+### Notes
+- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
+- Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
+- The data of Vaultwarden will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/dani-garcia/vaultwarden
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json
new file mode 100644
index 00000000..ae397347
--- /dev/null
+++ b/community-containers/vaultwarden/vaultwarden.json
@@ -0,0 +1,47 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-vaultwarden",
+            "display_name": "Vaultwarden",
+            "image": "vaultwarden/server",
+            "image_tag": "alpine",
+            "internal_port": "8812",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "%APACHE_IP_BINDING%",
+                  "port_number": "8812",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "ROCKET_PORT=8812",
+                "ADMIN_TOKEN=%VAULTWARDEN_ADMIN_TOKEN%",
+                "DOMAIN=https://bw.%NC_DOMAIN%",
+                "LOG_FILE=/logs/vaultwarden.log",
+                "LOG_LEVEL=warn",
+                "SIGNUPS_VERIFY=true",
+                "SIGNUPS_ALLOWED=false"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_vaultwarden",
+                    "destination": "/data",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_vaultwarden_logs",
+                    "destination": "/logs",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_vaultwarden"
+            ],
+            "secrets": [
+                "VAULTWARDEN_ADMIN_TOKEN"
+            ]
+        }
+    ]
+}

From bbebaae89b3ab3960f741460fc7ea0abd156e0eb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 16:49:58 +0200
Subject: [PATCH 1561/3949] community-containers - add pi-hole

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/pi-hole/pi-hole.json | 54 +++++++++++++++++++++++
 community-containers/pi-hole/readme.md    | 18 ++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 community-containers/pi-hole/pi-hole.json
 create mode 100644 community-containers/pi-hole/readme.md

diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json
new file mode 100644
index 00000000..a2a6c752
--- /dev/null
+++ b/community-containers/pi-hole/pi-hole.json
@@ -0,0 +1,54 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-pihole",
+            "display_name": "Pi-hole",
+            "image": "pihole/pihole",
+            "image_tag": "latest",
+            "internal_port": "8573",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "53",
+                  "protocol": "tcp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "53",
+                    "protocol": "udp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "8573",
+                    "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "WEBPASSWORD=%PIHOLE_WEBPASSWORD%",
+                "DNSMASQ_LISTENING=all",
+                "WEB_PORT=8573"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_pihole",
+                    "destination": "/etc/pihole",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_pihole_dnsmasq",
+                    "destination": "/etc/dnsmasq.d",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_pihole",
+                "nextcloud_aio_pihole_dnsmasq"
+            ],
+            "secrets": [
+                "PIHOLE_WEBPASSWORD"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md
new file mode 100644
index 00000000..c10d1523
--- /dev/null
+++ b/community-containers/pi-hole/readme.md
@@ -0,0 +1,18 @@
+## Pi-hole
+This container bundles pi-hole and auto-configures it for you.
+
+### Notes
+- You should not run this container on a public VPS! It is only intended to run in home networks!
+- Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start!
+- The DHCP functionality of Pi-hole has been disabled!
+- The data of pi-hole will be automatically included in AIOs backup solution!
+- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
+- You can configure your home network now to use pi-hole as its dns server by configuring your router.
+- Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/pi-hole/docker-pi-hole
+
+### Maintainer
+https://github.com/szaimen

From 4705d947daf9c411fddfea5b22cbbd1a1f1e84fe Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 29 Sep 2023 17:08:41 +0200
Subject: [PATCH 1562/3949] apache ip binding - allow ipv6

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6193cedb..15104d33 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -179,7 +179,7 @@ It is set to '$APACHE_PORT'."
     fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
-    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$'; then
         print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
         exit 1

From 211ef36cd74ccaf63b49a64fef9b9b70196a24a2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 17:29:24 +0200
Subject: [PATCH 1563/3949] add pi-hole and vaultwarden to the example list

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 2d1d893d..5c0c800d 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -10,4 +10,4 @@ All containers that are in this directory are community maintained so the respon
 You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban or https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex. For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by fail2ban, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From 3075b393e4fbeffe74dd0b23923e042b81541ddd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 19:05:56 +0200
Subject: [PATCH 1564/3949] add community-container links to other container
 docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/readme.md b/readme.md
index c13cc5d1..2dc58cb2 100644
--- a/readme.md
+++ b/readme.md
@@ -267,6 +267,7 @@ Now that this is out of the way, the recommended way how to access Nextcloud loc
 - https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
 - https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
+Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole
 
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
@@ -689,19 +690,19 @@ If you want to define a custom skeleton directory, you can do so by copying your
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 
 ### LDAP
-It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container.
+It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
 
 ### Netdata
-Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container.
+Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
 
 ### USER_SQL
 If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name.
 
 ### phpMyAdmin, Adminer or pgAdmin
-It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. 
+It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
 
 ### Mail server
-You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features.
+You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

From 949fd79bdfc34d26ca5cdf310e241a4147d7afe8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 19:11:54 +0200
Subject: [PATCH 1565/3949] vaultwarden - add note which port is used

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/vaultwarden/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
index 9c58a62e..cc53ba8b 100644
--- a/community-containers/vaultwarden/readme.md
+++ b/community-containers/vaultwarden/readme.md
@@ -2,7 +2,7 @@
 This container bundles vaultwarden and auto-configures it for you.
 
 ### Notes
-- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
+- You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
 - Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
 - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Vaultwarden will be automatically included in AIOs backup solution!

From f82affdac634f08173e0508005b34b7452b01d6b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 27 Sep 2023 21:27:24 +0200
Subject: [PATCH 1566/3949] adjust limiting the php-fpm port to specific
 containers again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/healthcheck.sh |  2 +-
 Containers/docker-socket-proxy/start.sh       |  2 +-
 Containers/nextcloud/start.sh                 | 13 +++++++++++++
 Containers/nextcloud/supervisord.conf         |  9 +++++++++
 Containers/notify-push/healthcheck.sh         |  2 +-
 Containers/notify-push/start.sh               |  2 +-
 php/containers.json                           |  3 ++-
 7 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh
index d5bc089a..28edfdfc 100644
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
-nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
 nc -z localhost 2375 || exit 1
diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index a0a3e985..6cdb8349 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9000; do
+while ! nc -z "$NEXTCLOUD_HOST" 9001; do
     echo "Waiting for Nextcloud to start..."
     sleep 5
 done
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index ea5f9293..a9a29bc0 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -131,4 +131,17 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
+while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
+    echo "Waiting for nextcloud-aio-apache to start..."
+    sleep 5
+done
+IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+
+sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+
 exec "$@"
\ No newline at end of file
diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index 45a6b074..184074af 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -32,3 +32,12 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/run-exec-commands.sh
 user=www-data
+
+# This is a hack but no better solution is there
+[program:is-nextcloud-online]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=nc -lk 9001
+user=www-data
diff --git a/Containers/notify-push/healthcheck.sh b/Containers/notify-push/healthcheck.sh
index 8dce437e..cc081974 100644
--- a/Containers/notify-push/healthcheck.sh
+++ b/Containers/notify-push/healthcheck.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if ! nc -z "$NEXTCLOUD_HOST" 9000; then
+if ! nc -z "$NEXTCLOUD_HOST" 9001; then
     exit 0
 fi
 
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index f02544f7..d730c7fd 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -12,7 +12,7 @@ elif [ -z "$REDIS_HOST" ]; then
 fi
 
 # Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9000; do
+while ! nc -z "$NEXTCLOUD_HOST" 9001; do
     echo "Waiting for Nextcloud to start..."
     sleep 5
 done
diff --git a/php/containers.json b/php/containers.json
index 75e6f830..50cd91eb 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -130,7 +130,8 @@
       "image": "nextcloud/aio-nextcloud",
       "init": true,
       "expose": [
-        "9000"
+        "9000",
+        "9001"
       ],
       "internal_port": "9000",
       "secrets": [

From b651c013d402f0fe67b8950bdc1378f8304a41b1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 30 Sep 2023 00:31:48 +0200
Subject: [PATCH 1567/3949] fix failing schema validation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index d039d205..96789207 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -40,7 +40,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z 0-9]+$"
+						"pattern": "^[A-Za-z 0-9-]+$"
 					},
 					"environment": {
 						"type": "array",
@@ -74,7 +74,7 @@
 								},
 								"port_number": {
 									"type": "string",
-									"pattern": "^(%[A-Z_]+%)$"
+									"pattern": "^(%[A-Z_]+%|[0-9]{1,5})$"
 								},
 								"protocol": {
 									"type": "string",

From 5158081cfcb663ce415d3c76f25f6d5853a99a01 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 1 Oct 2023 12:25:11 +0200
Subject: [PATCH 1568/3949] only add container to apache container list if
 display_name is set

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index f846a811..c31760cc 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -53,7 +53,9 @@ class ContainerDefinitionFetcher
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode(file_get_contents($path), true);
                 $data = array_merge_recursive($data, $additionalData);
-                $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
+                if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
+                    $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
+                }
             }
         }
 

From a176b74a61e490bbf83d1236339914930a82da73 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Oct 2023 12:54:17 +0000
Subject: [PATCH 1569/3949] Bump clamav/clamav from 1.2.0-6 to 1.2.0-7 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.0-6 to 1.2.0-7.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 5fccf094..14ee36fe 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-6
+FROM clamav/clamav:1.2.0-7
 
 COPY clamav.conf /tmp/clamav.conf
 

From 395380ea2b320bec4708144522af9db743553c88 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 21:44:12 +0200
Subject: [PATCH 1570/3949] allow to set aio_variables from containers.json

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json             |  7 +++++++
 php/src/Container/AioVariables.php     | 19 +++++++++++++++++++
 php/src/Container/Container.php        |  7 +++++++
 php/src/ContainerDefinitionFetcher.php | 15 ++++++++++++++-
 php/src/Docker/DockerActionManager.php |  9 +++++++++
 5 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 php/src/Container/AioVariables.php

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 96789207..4d8e77a5 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -83,6 +83,13 @@
 							}
 						}
 					},
+					"aio_variables": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^[A-Z_-a-z]+=.*$"
+						}
+					},
 					"restart": {
 						"type": "string",
 						"pattern": "^unless-stopped$"
diff --git a/php/src/Container/AioVariables.php b/php/src/Container/AioVariables.php
new file mode 100644
index 00000000..10a150f4
--- /dev/null
+++ b/php/src/Container/AioVariables.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace AIO\Container;
+
+class AioVariables {
+    /** @var string[] */
+    private array $variables = [];
+
+    public function AddVariable(string $variable) : void {
+        $this->variables[] = $variable;
+    }
+
+    /**
+     * @return string[]
+     */
+    public function GetVariables() : array {
+        return $this->variables;
+    }
+}
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 335fdba0..30aa1f68 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -34,6 +34,7 @@ class Container {
     private array $tmpfs;
     private bool $init;
     private string $imageTag;
+    private AioVariables $aioVariables;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -58,6 +59,7 @@ class Container {
         array $tmpfs,
         bool $init,
         string $imageTag,
+        AioVariables $aioVariables,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -81,6 +83,7 @@ class Container {
         $this->tmpfs = $tmpfs;
         $this->init = $init;
         $this->imageTag = $imageTag;
+        $this->aioVariables = $aioVariables;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -186,4 +189,8 @@ class Container {
     public function GetEnvironmentVariables() : ContainerEnvironmentVariables {
         return $this->containerEnvironmentVariables;
     }
+
+    public function GetAioVariables() : AioVariables {
+        return $this->aioVariables;
+    }
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index c31760cc..a246083d 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -2,6 +2,7 @@
 
 namespace AIO;
 
+use AIO\Container\AioVariables;
 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
 use AIO\Container\ContainerPort;
@@ -54,6 +55,7 @@ class ContainerDefinitionFetcher
                 $additionalData = json_decode(file_get_contents($path), true);
                 $data = array_merge_recursive($data, $additionalData);
                 if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
+                    // Store container_name of community containers in variable for later
                     $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
                 }
             }
@@ -168,9 +170,12 @@ class ContainerDefinitionFetcher
             if (isset($entry['depends_on'])) {
                 $valueDependsOn = $entry['depends_on'];
                 if ($entry['container_name'] === 'nextcloud-aio-apache') {
+                    // Add community containers first and default ones last so that aio_variables works correctly
+                    $valueDependsOnTemp = [];
                     foreach ($additionalContainerNames as $containerName) {
-                        $valueDependsOn[] = $containerName;
+                        $valueDependsOnTemp[] = $containerName;
                     }
+                    $valueDependsOn = array_merge_recursive($valueDependsOnTemp, $valueDependsOn);
                 }
                 foreach ($valueDependsOn as $value) {
                     if ($value === 'nextcloud-aio-clamav') {
@@ -217,6 +222,13 @@ class ContainerDefinitionFetcher
                 }
             }
 
+            $aioVariables = new AioVariables();
+            if (isset($entry['aio_variables'])) {
+                foreach ($entry['aio_variables'] as $value) {
+                    $aioVariables->AddVariable($value);
+                }
+            }
+
             $displayName = '';
             if (isset($entry['display_name'])) {
                 $displayName = $entry['display_name'];
@@ -314,6 +326,7 @@ class ContainerDefinitionFetcher
                 $tmpfs,
                 $init,
                 $imageTag,
+                $aioVariables,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 26cef960..66d45b5a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -248,6 +248,15 @@ class DockerActionManager
             $this->configurationManager->GetAndGenerateSecret($secret);
         }
 
+        $aioVariables = $container->GetAioVariables()->GetVariables();
+        foreach($aioVariables as $variable) {
+            $config = $this->configurationManager->GetConfig();
+            $variableArray = explode('=', $variable);
+            $config[$variableArray[0]] = $variableArray[1];
+            $this->configurationManager->WriteConfig($config);
+            sleep(1);
+        }
+
         $envs = $container->GetEnvironmentVariables()->GetVariables();
         // Special thing for the nextcloud container
         if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {

From c99f442c0c99b46f6a84d660f08015dabe479ec6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Oct 2023 15:05:56 +0200
Subject: [PATCH 1571/3949] make docker-socket-proxy visible in AIO interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 php/templates/containers.twig      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 06d5d166..a8aec022 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -734,7 +734,7 @@ else
 fi
 
 # Docker socket proxy
-if version_greater "$installed_version" "27.1.0.0"; then
+if version_greater "$installed_version" "27.1.2.0"; then
     if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
         if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
             php /var/www/html/occ app:install app_api
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3454761d..0ca1ae8a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -577,7 +577,7 @@
                         {% if is_docker_socket_proxy_enabled == true %}
                             <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br>
                         {% else %}
-                            {# <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br> #}
+                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br>
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>

From 3d1611f8ba4f44d1aa231054ab126d7538170ead Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Sep 2023 22:24:00 +0200
Subject: [PATCH 1572/3949] community-containers - add caddy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml  |  8 +++--
 community-containers/caddy/caddy.json | 51 +++++++++++++++++++++++++++
 community-containers/caddy/readme.md  | 14 ++++++++
 php/containers-schema.json            |  4 +--
 4 files changed, 72 insertions(+), 5 deletions(-)
 create mode 100644 community-containers/caddy/caddy.json
 create mode 100644 community-containers/caddy/readme.md

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 4a3967f9..90cd5653 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -22,12 +22,14 @@ jobs:
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
           sudo pip3 install json-spec
-          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
+          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
+            exit 1
+          fi
           JSON_FILES="$(find ./community-containers -name '*.json')"
           mapfile -t JSON_FILES <<< "$JSON_FILES"
           for file in "${JSON_FILES[@]}"; do
-            json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log
+            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
           done
-          if grep "Exception: document does not validate with schema." ./json-validator.log; then
+          if grep -q "document does not validate with schema." ./json-validator.log; then
             exit 1
           fi
diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
new file mode 100644
index 00000000..91fceafb
--- /dev/null
+++ b/community-containers/caddy/caddy.json
@@ -0,0 +1,51 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-caddy",
+            "display_name": "Caddy with geoblocking",
+            "image": "szaimen/aio-caddy",
+            "image_tag": "v1",
+            "internal_port": "443",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "443",
+                  "protocol": "tcp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "443",
+                    "protocol": "udp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "APACHE_PORT=%APACHE_PORT%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/data",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ],
+            "aio_variables": [
+                "apache_ip_binding=127.0.0.1",
+                "apache_port=11000"
+            ],
+            "nextcloud_exec_commands": [
+                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
+                "touch '/mnt/ncdata/admin/files/nextcloud-aio-caddy/allowed-countries.txt'",
+                "echo 'Scanning nextcloud-aio-caddy folder for admin user...'",
+                "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-caddy'"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
new file mode 100644
index 00000000..f1717624
--- /dev/null
+++ b/community-containers/caddy/readme.md
@@ -0,0 +1,14 @@
+## Caddy with geoblocking
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+
+### Notes
+- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-caddy
+
+### Maintainer
+https://github.com/szaimen
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 4d8e77a5..82672e90 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -87,7 +87,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^[A-Z_-a-z]+=.*$"
+							"pattern": "^[A-Z_a-z-]+=.*$"
 						}
 					},
 					"restart": {
@@ -129,7 +129,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^(php /var/www/html/occ .*|echo .*)$"
+							"pattern": "^(php /var/www/html/occ .*|echo .*|touch .*|mkdir .*)$"
 						}
 					},
 					"profiles": {

From b883d123e69fe7c353df58f0e462ff1906be6da7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Oct 2023 13:13:51 +0000
Subject: [PATCH 1573/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.10-fpm-alpine3.18 to 8.2.11-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 75a0757f..740de957 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.6-cli as docker
 FROM caddy:2.7.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.10-fpm-alpine3.18
+FROM php:8.2.11-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 49e14e428872766bfdc2ff56be9a4fb9dbca77cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Oct 2023 13:14:49 +0000
Subject: [PATCH 1574/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.23-fpm-alpine3.18 to 8.1.24-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ef0900c6..f79ad29b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.23-fpm-alpine3.18
+FROM php:8.1.24-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 89e8aa3cc5b78a4405f7232c38a68d84ac789518 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 2 Oct 2023 15:17:16 +0200
Subject: [PATCH 1575/3949] increase to 7.4.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3454761d..99b5fdca 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.3.0</h1>
+        <h1>Nextcloud AIO v7.4.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 4ba5407c01c37151228c68cd672be0360c58702e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Oct 2023 12:33:20 +0000
Subject: [PATCH 1576/3949] Bump containrrr/watchtower from 1.5.3 to 1.6.0 in
 /Containers/watchtower

Bumps containrrr/watchtower from 1.5.3 to 1.6.0.

---
updated-dependencies:
- dependency-name: containrrr/watchtower
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 61a2a403..3935893f 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.5.3 as watchtower
+FROM containrrr/watchtower:1.6.0 as watchtower
 
 FROM alpine:3.18.4
 

From 55001d9961c149546d062ce95e0db72c52c8c9b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Oct 2023 12:37:20 +0000
Subject: [PATCH 1577/3949] Bump python in /Containers/talk-recording

Bumps python from 3.11.5-alpine3.18 to 3.12.0-alpine3.18.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index e74eabaf..042321b5 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11.5-alpine3.18
+FROM python:3.12.0-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 

From c1c96ee08a395c54732cbc78d5eed4efe781c03c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 3 Oct 2023 20:30:46 +0200
Subject: [PATCH 1578/3949] allow to add documentation on containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json             |  1 +
 community-containers/fail2ban/fail2ban.json       |  1 +
 community-containers/pi-hole/pi-hole.json         |  1 +
 community-containers/plex/plex.json               |  1 +
 community-containers/readme.md                    |  2 +-
 community-containers/vaultwarden/vaultwarden.json |  1 +
 php/containers-schema.json                        |  4 ++++
 php/src/Container/Container.php                   |  7 +++++++
 php/src/ContainerDefinitionFetcher.php            |  6 ++++++
 php/templates/containers.twig                     | 10 +++++++---
 10 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 91fceafb..561c5219 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -3,6 +3,7 @@
         {
             "container_name": "nextcloud-aio-caddy",
             "display_name": "Caddy with geoblocking",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "szaimen/aio-caddy",
             "image_tag": "v1",
             "internal_port": "443",
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index 1a41a200..5305ad85 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -3,6 +3,7 @@
         {
             "container_name": "nextcloud-aio-fail2ban",
             "display_name": "Fail2ban",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban",
             "image": "szaimen/aio-fail2ban",
             "image_tag": "v1",
             "internal_port": "host",
diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json
index a2a6c752..816ac692 100644
--- a/community-containers/pi-hole/pi-hole.json
+++ b/community-containers/pi-hole/pi-hole.json
@@ -3,6 +3,7 @@
         {
             "container_name": "nextcloud-aio-pihole",
             "display_name": "Pi-hole",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole",
             "image": "pihole/pihole",
             "image_tag": "latest",
             "internal_port": "8573",
diff --git a/community-containers/plex/plex.json b/community-containers/plex/plex.json
index a0bc5231..168bc4a9 100644
--- a/community-containers/plex/plex.json
+++ b/community-containers/plex/plex.json
@@ -3,6 +3,7 @@
         {
             "container_name": "nextcloud-aio-plex",
             "display_name": "Plex",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex",
             "image": "plexinc/pms-docker",
             "image_tag": "latest",
             "internal_port": "host",
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 5c0c800d..b796cd9d 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -10,4 +10,4 @@ All containers that are in this directory are community maintained so the respon
 You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by fail2ban, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json
index ae397347..0bacff7a 100644
--- a/community-containers/vaultwarden/vaultwarden.json
+++ b/community-containers/vaultwarden/vaultwarden.json
@@ -3,6 +3,7 @@
         {
             "container_name": "nextcloud-aio-vaultwarden",
             "display_name": "Vaultwarden",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden",
             "image": "vaultwarden/server",
             "image_tag": "alpine",
             "internal_port": "8812",
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 82672e90..0f99c1a9 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -108,6 +108,10 @@
 						"type": "string",
 						"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
 					},
+					"documentation": {
+						"type": "string",
+						"pattern": "^https://.*$"
+					},
 					"devices": {
 						"type": "array",
 						"items": {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 30aa1f68..9d598b4a 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -35,6 +35,7 @@ class Container {
     private bool $init;
     private string $imageTag;
     private AioVariables $aioVariables;
+    private string $documentation;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -60,6 +61,7 @@ class Container {
         bool $init,
         string $imageTag,
         AioVariables $aioVariables,
+        string $documentation,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -84,6 +86,7 @@ class Container {
         $this->init = $init;
         $this->imageTag = $imageTag;
         $this->aioVariables = $aioVariables;
+        $this->documentation = $documentation;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -193,4 +196,8 @@ class Container {
     public function GetAioVariables() : AioVariables {
         return $this->aioVariables;
     }
+
+    public function GetDocumentation() : string {
+        return $this->documentation;
+    }
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a246083d..d5f40f8c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -304,6 +304,11 @@ class ContainerDefinitionFetcher
                 $imageTag = $entry['image_tag'];
             }
 
+            $documentation = '';
+            if (isset($entry['documentation'])) {
+                $documentation = $entry['documentation'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -327,6 +332,7 @@ class ContainerDefinitionFetcher
                 $init,
                 $imageTag,
                 $aioVariables,
+                $documentation,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 99b5fdca..94756ad5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -255,15 +255,19 @@
                         {% for container in containers %}
                             {% if container.GetDisplayName() != '' %}
                                 <li>
+                                    {% set displayName = container.GetDisplayName() %}
+                                    {% if container.GetDocumentation() != '' %}
+                                        {% set displayName = '<a href="' ~ container.GetDocumentation() ~ '">' ~ displayName ~ '</a>' %}
+                                    {% endif %}
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>
-                                        <span>{{container.GetDisplayName()}} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)</span>
+                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)</span>
                                     {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                                         <span class="status success"></span>
-                                        <span>{{container.GetDisplayName()}} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)</span>
+                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)</span>
                                     {% else %}
                                         <span class="status error"></span>
-                                        <span>{{container.GetDisplayName()}} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)</span>
+                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)</span>
                                     {% endif %}
                                 </li>
                             {% endif %}

From e1168f9c4831ad22c07289d282dcd502f0fa69f0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 3 Oct 2023 23:21:00 +0200
Subject: [PATCH 1579/3949] Revert dbpersistent setting to check if it fixes
 too many db connections

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 06d5d166..b4f7dee4 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -484,8 +484,8 @@ php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_D
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess
 
-# Apply dbpersistent setting in order to fix too many db connections
-php /var/www/html/occ config:system:set dbpersistent --value=true --type=bool
+# Revert dbpersistent setting to check if it fixes too many db connections
+php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
 
 # Disallow creating local external storages when nothing was mounted
 if [ -z "$NEXTCLOUD_MOUNT" ]; then

From b9407dbc2d1c2e44f4f8dff4ed4ea0f017c30e0e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 13:15:27 +0200
Subject: [PATCH 1580/3949] whe need shadow later

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 740de957..cbabf649 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -23,7 +23,6 @@ RUN set -ex; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
-    apk del --no-cache shadow; \
     \
     apk add --no-cache \
         util-linux-misc \

From f8ab551ce6582ea97003c6340b23bcd2684b9554 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 13:21:14 +0200
Subject: [PATCH 1581/3949] Revert "mastercontainer - use Caddy for generating
 self-singed cert"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile           | 11 +----------
 Containers/mastercontainer/Dockerfile          | 14 ++++++++++++--
 .../mastercontainer/mastercontainer.conf       | 13 +++++++++++++
 Containers/mastercontainer/start.sh            | 18 ++++++++++++++++++
 4 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index e78fe8f3..ba6a281d 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -21,16 +21,7 @@
 }
 
 http://:80 {
-    redir https://{host}{uri}
-}
-
-https://:8080 {
-    reverse_proxy localhost:8000 {
-        trusted_proxies private_ranges
-    }
-    tls internal {
-        on_demand
-    }
+  redir https://{host}{uri}
 }
 
 https://:8443 {
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cbabf649..b3914c59 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -31,9 +31,10 @@ RUN set -ex; \
         bash \
         apache2 \
         apache2-proxy \
+        apache2-ssl \
         supervisor \
+        openssl \
         sudo \
-        nss \
         netcat-openbsd \
         curl \
         grep; \
@@ -64,7 +65,6 @@ RUN set -ex; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    apk del --no-cache git; \
     find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
@@ -77,6 +77,10 @@ RUN set -ex; \
     rm -r php/data; \
     rm -r php/session; \
     \
+    mkdir -p /etc/apache2/certs; \
+    cd /etc/apache2/certs; \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
+    \
     sed -i \
             -e '/^Listen /d' \
             -e 's/^LogLevel .*/LogLevel error/' \
@@ -95,7 +99,13 @@ RUN set -ex; \
             -e 's/\(ScriptAlias \)/#\1/' \
         /etc/apache2/httpd.conf; \
         mkdir -p /etc/apache2/logs; \
+        rm /etc/apache2/conf.d/ssl.conf; \
         echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
+        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
+        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
+        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
         echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
     \
     rm -f /etc/apache2/conf.d/default.conf \
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 0d12e406..701cb420 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -38,6 +38,19 @@ Listen 8080
     </Directory>
 </VirtualHost>
 
+# Https host
+<VirtualHost *:8080>
+    # Proxy to https
+    ProxyPass / http://localhost:8000/
+    ProxyPassReverse / http://localhost:8000/
+    ProxyPreserveHost On
+    # SSL
+    SSLCertificateKeyFile /etc/apache2/certs/ssl.key
+    SSLCertificateFile /etc/apache2/certs/ssl.crt
+    SSLEngine               on
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+</VirtualHost>
+
 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 9f8551c0..15104d33 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -300,6 +300,7 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
+mkdir -p /mnt/docker-aio-config/certs/ 
 
 # Adjust permissions for all instances
 chmod 770 -R /mnt/docker-aio-config
@@ -307,6 +308,7 @@ chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
+chown root:root -R /mnt/docker-aio-config/certs/
 
 # Don't allow access to the AIO interface from the Nextcloud container
 # Probably more cosmetic than anything but at least an attempt
@@ -322,6 +324,22 @@ allow from all
 APACHE_CONF
 fi
 
+# Adjust certs
+GENERATED_CERTS="/mnt/docker-aio-config/certs"
+TMP_CERTS="/etc/apache2/certs"
+mkdir -p "$GENERATED_CERTS"
+cd "$GENERATED_CERTS" || exit 1
+if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
+fi
+if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
+    cd "$TMP_CERTS" || exit 1
+    rm ./ssl.crt
+    rm ./ssl.key
+    cp "$GENERATED_CERTS/ssl.crt" ./
+    cp "$GENERATED_CERTS/ssl.key" ./
+fi
+
 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080

From bc7a25fa429851592957ba9ab52eb4309d57bc9f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 13:40:19 +0200
Subject: [PATCH 1582/3949] add documentation links correctly

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 94756ad5..165ceef3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -255,19 +255,27 @@
                         {% for container in containers %}
                             {% if container.GetDisplayName() != '' %}
                                 <li>
-                                    {% set displayName = container.GetDisplayName() %}
-                                    {% if container.GetDocumentation() != '' %}
-                                        {% set displayName = '<a href="' ~ container.GetDocumentation() ~ '">' ~ displayName ~ '</a>' %}
-                                    {% endif %}
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>
-                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)</span>
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)
+                                        {% if container.GetDocumentation() != '' %}
+                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                        {% endif %}
+                                        </span>
                                     {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                                         <span class="status success"></span>
-                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)</span>
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)
+                                        {% if container.GetDocumentation() != '' %}
+                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                        {% endif %}
+                                        </span>
                                     {% else %}
                                         <span class="status error"></span>
-                                        <span>{{ displayName }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)</span>
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)
+                                        {% if container.GetDocumentation() != '' %}
+                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                        {% endif %}
+                                        </span>
                                     {% endif %}
                                 </li>
                             {% endif %}

From f3411f08235a17f27e203da03bfcdbc2304ee56c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 14:05:05 +0200
Subject: [PATCH 1583/3949] overwrite APACHE_PORT, TALK_PORT and
 APACHE_IP_BINDING only during dockeractionmanager

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 12 +-----------
 php/src/Docker/DockerActionManager.php | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index d5f40f8c..57ccd205 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -99,17 +99,7 @@ class ContainerDefinitionFetcher
 
             $ports = new ContainerPorts();
             if (isset($entry['ports'])) {
-                foreach ($entry['ports'] as $value) {
-                    if ($value['port_number'] === '%APACHE_PORT%') {
-                        $value['port_number'] = $this->configurationManager->GetApachePort();
-                    } elseif ($value['port_number'] === '%TALK_PORT%') {
-                        $value['port_number'] = $this->configurationManager->GetTalkPort();
-                    }
-
-                    if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
-                        $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
-                    }
-                    
+                foreach ($entry['ports'] as $value) {                    
                     $ports->AddPort(
                         new ContainerPort(
                             $value['port_number'],
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 66d45b5a..7583149a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -424,7 +424,13 @@ class DockerActionManager
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {
             foreach($container->GetPorts()->GetPorts() as $value) {
-                $portWithProtocol = $value->port . '/' . $value->protocol;
+                $port = $value->port;
+                if ($port === '%APACHE_PORT%') {
+                    $port = $this->configurationManager->GetApachePort();
+                } else if ($port === '%TALK_PORT%') {
+                    $port = $this->configurationManager->GetTalkPort();
+                }
+                $portWithProtocol = $port . '/' . $value->protocol;
                 $exposedPorts[$portWithProtocol] = null;
             }
             $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
@@ -436,7 +442,15 @@ class DockerActionManager
             $requestBody['ExposedPorts'] = $exposedPorts;
             foreach ($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
+                if ($port === '%APACHE_PORT%') {
+                    $port = $this->configurationManager->GetApachePort();
+                } else if ($port === '%TALK_PORT%') {
+                    $port = $this->configurationManager->GetTalkPort();
+                }
                 $ipBinding = $value->ipBinding;
+                if ($ipBinding === '%APACHE_IP_BINDING%') {
+                    $ipBinding = $this->configurationManager->GetApacheIPBinding();
+                }
                 $protocol = $value->protocol;
                 $portWithProtocol = $port . '/' . $protocol;
                 $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [

From c4190e4560d369a6637f99184494d8134524fa6d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 15:08:16 +0200
Subject: [PATCH 1584/3949] add hint to create backup before adding any
 container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index b796cd9d..9291bd54 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -7,7 +7,9 @@ This directory features containers that are built for AIO which allows to add ad
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
-You might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
+Before adding any additional container, make sure to create a backup via the AIO interface!
+
+Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From 71cfdb2ff2fad4d4982c0f125da6a609b2ecff1f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 23:12:19 +0200
Subject: [PATCH 1585/3949] improve docs for caddy on when the subdomain is
 required

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index f1717624..e90d579e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -3,7 +3,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 
 ### Notes
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 

From e15b184c0f8b0c4d4a6b58c1acca95223b766e17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Oct 2023 10:02:18 +0200
Subject: [PATCH 1586/3949] Update advice regarding podman

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 2dc58cb2..b031f5c5 100644
--- a/readme.md
+++ b/readme.md
@@ -642,7 +642,7 @@ Yes. For that to work, you need to use and follow the [helm-chart documentation]
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### Can I run this with Podman instead of Docker?
-No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
+Since Podman is not 100% compatible with the Docker API, Podman is not supported (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section. Also there is this now: https://github.com/nextcloud/all-in-one/discussions/3487
 
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.

From 1dca919af88faa77c14b9926c3f81b80df562614 Mon Sep 17 00:00:00 2001
From: Andrey Borysenko <andrey18106x@gmail.com>
Date: Thu, 5 Oct 2023 13:16:37 +0300
Subject: [PATCH 1587/3949] allow _ping docker api to verify service accessible

Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 166ca381..f2fc3c83 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -9,6 +9,8 @@ frontend http
     mode http
     bind :::2375 v4v6
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
+    # docker system _ping
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
     # container start/stop: POST containers/%s/start containers/%s/stop

From b1ed9aaf134314d6feb88f835140459c124893a8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Oct 2023 12:21:30 +0200
Subject: [PATCH 1588/3949] fix privileged regex?

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index f2fc3c83..48a94cdc 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -32,7 +32,7 @@ frontend http
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
 
     # ACL to restrict container creation, that it has HostConfig.Privileged not set
-    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\"\s*:"
+    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
     # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
     acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST

From 4378251cea0d3ef46cfa5dc5bb020ce75f041a21 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 5 Oct 2023 12:08:44 +0000
Subject: [PATCH 1589/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f79ad29b..b6a5e056 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.24-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.0
+ENV NEXTCLOUD_VERSION 27.1.2
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 7fd65f2117541e703d8260146939f421bd0874e7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 5 Oct 2023 15:59:36 +0200
Subject: [PATCH 1590/3949] get installed_version another time in order to
 bring it up-to-date after update

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a1152469..7cca6a01 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -365,6 +365,9 @@ DATADIR_PERMISSION_CONF
                 exit 1
             fi
 
+            # shellcheck disable=SC2016
+            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 

From 29341e547c69b940b6c545555d1143a97856f74f Mon Sep 17 00:00:00 2001
From: Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
Date: Fri, 6 Oct 2023 13:00:28 +0200
Subject: [PATCH 1591/3949] add path e.g. for /run/user/1000 variable

Signed-off-by: Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
---
 docker-rootless.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 7e46cf49..356251e7 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -8,7 +8,7 @@ You can run AIO with docker rootless by following the steps below.
 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). For some reasons (e.g. using Portainer to deploy AIO) the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 

From 2d7014a143d1fefc1e7fe8bd1e8aade18ed26fb7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Oct 2023 12:56:11 +0000
Subject: [PATCH 1592/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.1-alpine3.18 to 1.21.2-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 31047633..6beb9eca 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.1-alpine3.18 as go
+FROM golang:1.21.2-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From 510bdb9aef43e886e67c696c6da9b5fdddce10f5 Mon Sep 17 00:00:00 2001
From: Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
Date: Fri, 6 Oct 2023 17:47:58 +0200
Subject: [PATCH 1593/3949] simplify and deduplicate description

Running a proxy manager directly on the host or in a container leads to different adaption of the example configurations. The description for this is simplified and more structured now. Additional the steps are written once and referenced per example configuration.

Signed-off-by: Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
---
 reverse-proxy.md | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a61510cc..4c7da6d1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -18,6 +18,15 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
+### Adaptation of the respective sample configuration
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`.
+ 
+_Running the Proxy Manager in a Docker container_<br>
+The below configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) to connect the reverse proxy container to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually.
+  
+_Running the Proxy Manager on the host_<br>
+If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
+
 ### Apache
 
 <details>
@@ -83,7 +92,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -105,7 +114,7 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -129,7 +138,10 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-   Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You also need to adjust `<provider>` and `<key>` to match your case. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+    ⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+
+    You also need to adjust `<provider>` and `<key>` to match your case.
+
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
@@ -254,7 +266,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 </details>
 
@@ -344,7 +356,7 @@ server {
 
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `127.0.0.1` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -375,7 +387,9 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+
+Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
@@ -477,8 +491,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 });
 ```
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 </details>
 
@@ -496,7 +509,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 </details>
 
@@ -577,9 +590,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ---
 
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
 
-**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network (if you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy in that case manually). ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+
 
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
@@ -672,8 +687,7 @@ https://<your-nc-domain>:8443 {
     }
 }
 ```
-
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 

From 6cb26872fb21bbebd8dde719f224aa9aae60c177 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 6 Oct 2023 21:13:15 +0200
Subject: [PATCH 1594/3949] add additional requirement to new containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index b031f5c5..16e93f31 100644
--- a/readme.md
+++ b/readme.md
@@ -716,6 +716,7 @@ What are the requirements?
 3. The feature that gets added into Nextcloud by adding the container must be maintained by the Nextcloud GmbH. 
 4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
+6. The container must be usable by more than 90% of the users (e.g. not too high system requirements and such)
 
 ### How to trust user-defined Certification Authorities (CA)?
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.

From 770ebba8e245eff8dd752cb0542dad43b6d76cbf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 6 Oct 2023 21:37:02 +0200
Subject: [PATCH 1595/3949] add additional requirement

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 16e93f31..83c465d5 100644
--- a/readme.md
+++ b/readme.md
@@ -717,6 +717,7 @@ What are the requirements?
 4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
 6. The container must be usable by more than 90% of the users (e.g. not too high system requirements and such)
+7. No additional setup should be needed after adding the container - it should work completely out of the box.
 
 ### How to trust user-defined Certification Authorities (CA)?
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.

From 7336337c2ee522756583eb11f97c369f3abda108 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 7 Oct 2023 01:20:48 +0200
Subject: [PATCH 1596/3949] add another requirement

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 83c465d5..e0ece8e7 100644
--- a/readme.md
+++ b/readme.md
@@ -718,6 +718,7 @@ What are the requirements?
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
 6. The container must be usable by more than 90% of the users (e.g. not too high system requirements and such)
 7. No additional setup should be needed after adding the container - it should work completely out of the box.
+8. If the container requires being exposed, only subfolders are supported. So the container should not require its own (sub-)domain and must be able to run in a subfolder.
 
 ### How to trust user-defined Certification Authorities (CA)?
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.

From dae56914ff45ea3126c1113b9e7811039b0c09e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 12:22:20 +0000
Subject: [PATCH 1597/3949] Bump clamav/clamav from 1.2.0-7 to 1.2.0-8 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.0-7 to 1.2.0-8.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 14ee36fe..02546200 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-7
+FROM clamav/clamav:1.2.0-8
 
 COPY clamav.conf /tmp/clamav.conf
 

From 5188f8026dd6fd46eedc8a8a08fcffd3742fe020 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 9 Oct 2023 14:49:12 +0200
Subject: [PATCH 1598/3949] add dependabot to notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/dependabot.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 5beec9d0..c16ef12d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -165,6 +165,15 @@ updates:
   labels:
   - 3. to review
   - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/notify-push"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
 - package-ecosystem: "docker"
   directory: "/Containers/docker-socket-proxy"
   schedule:

From f36fae6550743d5757adb6cbf3c0ed048ec92cd7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 12:49:46 +0000
Subject: [PATCH 1599/3949] Bump alpine from 3.18.2 to 3.18.4 in
 /Containers/notify-push

Bumps alpine from 3.18.2 to 3.18.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 225c021b..a07211f2 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.2
+FROM alpine:3.18.4
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From ed7cced14676f3086f536b3276b86ac1f2dd6952 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 9 Oct 2023 15:51:01 +0200
Subject: [PATCH 1600/3949] fix listen.allowed_clients in nextcloud container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index a9a29bc0..bb2a3519 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -142,6 +142,8 @@ IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short |
 
 sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
 sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
 grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 
-exec "$@"
\ No newline at end of file
+exec "$@"

From 5dcdb6268ab2b08b58f7f2510de3bfe01bc55bbc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 9 Oct 2023 15:58:11 +0200
Subject: [PATCH 1601/3949] increase to 7.4.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cfef728f..40e2e9ea 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.4.0</h1>
+        <h1>Nextcloud AIO v7.4.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From b56555e92c5a13ec67120036650c950840e1843c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 9 Oct 2023 16:38:18 +0200
Subject: [PATCH 1602/3949] do not expose udp if AIO is in reverse prox mode

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7583149a..03c8c8c8 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -425,12 +425,17 @@ class DockerActionManager
         if ($container->GetInternalPort() !== 'host') {
             foreach($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
+                $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
                     $port = $this->configurationManager->GetApachePort();
+                    // Do not expose udp if AIO is in reverse proxy mode
+                    if ($port !== '443' && $protocol === 'udp') {
+                        continue;
+                    }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
                 }
-                $portWithProtocol = $port . '/' . $value->protocol;
+                $portWithProtocol = $port . '/' . $protocol;
                 $exposedPorts[$portWithProtocol] = null;
             }
             $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
@@ -442,8 +447,13 @@ class DockerActionManager
             $requestBody['ExposedPorts'] = $exposedPorts;
             foreach ($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
+                $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
                     $port = $this->configurationManager->GetApachePort();
+                    // Do not expose udp if AIO is in reverse proxy mode
+                    if ($port !== '443' && $protocol === 'udp') {
+                        continue;
+                    }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
                 }
@@ -451,7 +461,6 @@ class DockerActionManager
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
                     $ipBinding = $this->configurationManager->GetApacheIPBinding();
                 }
-                $protocol = $value->protocol;
                 $portWithProtocol = $port . '/' . $protocol;
                 $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
                     [

From d6e61bc537a2079f252743801cd799170c70de58 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 11:55:45 +0200
Subject: [PATCH 1603/3949] make some changes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4c7da6d1..5cbd341d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -166,7 +166,8 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
-1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. ***If the Tunnel is running on a different machine, you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
+⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -592,10 +593,6 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
 
-Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
-
-
-
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>
@@ -697,7 +694,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
-1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible (e.g. on Windows or if the reverse proxy is running on a different host), substitute `localhost` or `127.0.0.1` in the default configurations by the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)
+1. Make sure to follow [this](#adaptation-of-the-respective-sample-configuration) to adapt the example configurations to your specific setup
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.
@@ -706,4 +703,3 @@ If something does not work, follow the steps below:
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain).
 1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
-

From ef2fd3817f22e9baeb75420ed58cda8ef2de6855 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 11:56:46 +0200
Subject: [PATCH 1604/3949] adjust wording in docker-rootles

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-rootless.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 356251e7..ff32ce7f 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -8,7 +8,8 @@ You can run AIO with docker rootless by following the steps below.
 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). For some reasons (e.g. using Portainer to deploy AIO) the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
+
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 

From 0edd0e1ed8702546ebbb83e12f72aee4f2247660 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 11:57:05 +0200
Subject: [PATCH 1605/3949] adjust some details in reverse proxy docs

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5cbd341d..a3ba3432 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -21,11 +21,16 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 ### Adaptation of the respective sample configuration
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`.
  
-_Running the Proxy Manager in a Docker container_<br>
-The below configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) to connect the reverse proxy container to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually.
-  
-_Running the Proxy Manager on the host_<br>
-If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
+**Running the Reverse Proxy on the same server, not in a container**
+For this setup, the default sample configurations should work.
+
+**Running the Reverse Proxy in a Docker container on the same server**
+For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations should work.
+
+**Running the Reverse Proxy on a different server (no matter if in container or not)**
+For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.host:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
 
 ### Apache
 

From 1a018d9ef2284657ec14f502abe667dee0226eec Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 12:01:03 +0200
Subject: [PATCH 1606/3949] adjust some more details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a3ba3432..972e1375 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. Modify the port to your needings.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
@@ -19,16 +19,16 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
 ### Adaptation of the respective sample configuration
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`.
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. Additionally, you might need to adjust `localhost` based on your setup. See below.
  
-**Running the Reverse Proxy on the same server, not in a container**
+**Running the Reverse Proxy on the same server, not in a container**<br>
 For this setup, the default sample configurations should work.
 
-**Running the Reverse Proxy in a Docker container on the same server**
+**Running the Reverse Proxy in a Docker container on the same server**<br>
 For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
 Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations should work.
 
-**Running the Reverse Proxy on a different server (no matter if in container or not)**
+**Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
 For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.host:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
 If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
 

From 7d8f40c98d71c39fbcbfa13022012264d09ad947 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 12:05:36 +0200
Subject: [PATCH 1607/3949] additional modifications

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 972e1375..3a5c6d5d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -19,17 +19,17 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
 ### Adaptation of the respective sample configuration
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. Additionally, you might need to adjust `localhost` based on your setup. See below.
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. Additionally, you might need to adjust `localhost` or `127.0.0.1` based on your setup. See below.
  
 **Running the Reverse Proxy on the same server, not in a container**<br>
-For this setup, the default sample configurations should work.
+For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
 
 **Running the Reverse Proxy in a Docker container on the same server**<br>
 For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations should work.
+Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
 
 **Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
-For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.host:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
 If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
 
 ### Apache

From 258f6683dedd81dcbc447dac7ea7cecd5b4e88db Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 9 Oct 2023 17:18:40 +0200
Subject: [PATCH 1608/3949] daily backup - allow to disable succesful backup
 notifications

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh             | 5 +++++
 Containers/mastercontainer/daily-backup.sh     | 2 +-
 php/src/Controller/ConfigurationController.php | 7 ++++++-
 php/src/Cron/BackupNotification.php            | 6 +++++-
 php/src/Data/ConfigurationManager.php          | 5 ++++-
 php/templates/containers.twig                  | 1 +
 6 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 60fd4f2c..fc8c4081 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -12,6 +12,11 @@ while true; do
             export AUTOMATIC_UPDATES=0
             export START_CONTAINERS=1
         fi
+        if [ "$(sed -n '3p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'successNotificationsAreNotEnabled' ]; then
+            export SEND_SUCCESS_NOTIFICATIONS=1
+        else
+            export SEND_SUCCESS_NOTIFICATIONS=0
+        fi
         set +x
         if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
             export LOCK_FILE_PRESENT=1
diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index f87b3966..62911b9c 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -105,7 +105,7 @@ if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAIN
         done
     fi
     echo "Sending backup notification..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
 fi
 
 echo "Daily backup script has finished"
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index b7271398..e786697a 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -49,8 +49,13 @@ class ConfigurationController
                 } else {
                     $enableAutomaticUpdates = false;
                 }
+                if (isset($request->getParsedBody()['success_notification'])) {
+                    $successNotification = true;
+                } else {
+                    $successNotification = false;
+                }
                 $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
-                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates);
+                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification);
             }
 
             if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
diff --git a/php/src/Cron/BackupNotification.php b/php/src/Cron/BackupNotification.php
index a570031b..17da93b2 100644
--- a/php/src/Cron/BackupNotification.php
+++ b/php/src/Cron/BackupNotification.php
@@ -21,7 +21,11 @@ $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 $backupExitCode = $dockerActionManger->GetBackupcontainerExitCode();
 
 if ($backupExitCode === 0) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
+    if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") {
+        error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface.");
+    } else {
+        $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
+    }
 }
 
 if ($backupExitCode > 0) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5bb295b5..7411cafc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -676,7 +676,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates) : void {
+    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates, bool $successNotification) : void {
         if ($time === "") {
             throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
         }
@@ -688,6 +688,9 @@ class ConfigurationManager
         if ($enableAutomaticUpdates === false) {
             $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
         }
+        if ($successNotification === false) {
+            $time .= PHP_EOL . 'successNotificationsAreNotEnabled';
+        }
         file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
     }
 
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 40e2e9ea..b63953f6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -481,6 +481,7 @@
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input class="button" type="submit" value="Submit backup time" /><br>
                                                 <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
+                                                <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label><br>
                                             </form>
                                         {% else %}
                                             Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup.

From f8aab5f828ec2fc076b8027714768391d12eaa6f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Oct 2023 13:06:24 +0000
Subject: [PATCH 1609/3949] Bump nats from 2.10.1-scratch to 2.10.2-scratch in
 /Containers/talk

Bumps nats from 2.10.1-scratch to 2.10.2-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 6a051669..f26305eb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.1-scratch as nats
+FROM nats:2.10.2-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.4 as janus

From 5d2275c8066eabb045c8cd32d8a88bab8dd33926 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 10 Oct 2023 16:03:40 +0200
Subject: [PATCH 1610/3949] add permanent redirect to port 80 in
 mastercontainer

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index ba6a281d..b2b2fdef 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -21,7 +21,7 @@
 }
 
 http://:80 {
-  redir https://{host}{uri}
+    redir https://{host}{uri} permanent
 }
 
 https://:8443 {

From 320cd9f4365dd1587667af8aef1b1b2f47a2e0b2 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 10 Oct 2023 16:24:22 +0200
Subject: [PATCH 1611/3949] reduce size of talk image

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/talk/Dockerfile | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 6a051669..949b7abe 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -35,10 +35,10 @@ RUN set -ex; \
 
 FROM alpine:3.18.4
 ENV ETURNAL_ETC_DIR="/conf"
-COPY --from=janus     /usr/local                          /usr/local
-COPY --from=eturnal   /opt/eturnal                        /opt/eturnal
-COPY --from=nats      /nats-server                        /usr/local/bin/nats-server
-COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
+COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
+COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
+COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
+COPY --from=signaling --chmod=777 --chown=1000:1000 /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
@@ -66,7 +66,7 @@ RUN set -ex; \
         libwebsockets \
         \
         shadow; \
-    useradd --system eturnal; \
+    useradd --system -u 1000 eturnal; \
     apk del --no-cache \
         shadow; \
     \
@@ -85,15 +85,12 @@ RUN set -ex; \
         /var/run/supervisord \
         /usr/local/lib/janus/loggers; \
     chown eturnal:eturnal -R \
-        /usr \
-        /opt/eturnal \
         /etc/nats.conf \
         /var/log/supervisord \
         /var/run/supervisord; \
     chmod 777 -R \
         /tmp \
         /conf \
-        /opt/eturnal \
         /var/run/supervisord \
         /var/log/supervisord; \
     ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \

From 849febd414a8ebc3fd3d18ad9d5c5ebabfb6410f Mon Sep 17 00:00:00 2001
From: blu3acid <michael.muschner@mailbox.org>
Date: Wed, 11 Oct 2023 14:09:10 +0200
Subject: [PATCH 1612/3949] Typo in containers.twig

Ln: 325 changed "internect" to "internet"

Signed-off-by: blu3acid <michael.muschner@mailbox.org>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 40e2e9ea..72119a70 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -322,7 +322,7 @@
                         Restore or Backup currently running. Cannot start the containers until that's done.<br /><br />
                     {% else %}
                         {% if was_start_button_clicked == false %}
-                            <br>Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
+                            <br>Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internet connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
                         {% endif %}
                         {% if is_mastercontainer_update_available == true %}
                             ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>

From 2ac76c80fdb838ea4e609beaaf39a94fc9f5f050 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 11 Oct 2023 12:13:15 +0000
Subject: [PATCH 1613/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 7231b192..8b89ca9a 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -93,6 +93,7 @@ services:
     init: true
     expose:
       - "9000"
+      - "9001"
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
@@ -252,7 +253,7 @@ services:
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
-    init: true
+    init: false
     expose:
       - "3310"
     environment:

From e1f7f04347279213f8531fa1cc7c106eefb3e72a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Oct 2023 12:54:17 +0000
Subject: [PATCH 1614/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.2-alpine3.18 to 1.21.3-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 6beb9eca..d7fc53e9 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.2-alpine3.18 as go
+FROM golang:1.21.3-alpine3.18 as go
 
 ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
 

From 4950d1de6895f0e20a99b06d4915772fc932dbb8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Oct 2023 12:22:52 +0000
Subject: [PATCH 1615/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.7.4-alpine to 2.7.5-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index b3914c59..8d3909fa 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:24.0.6-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.4-alpine as caddy
+FROM caddy:2.7.5-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.11-fpm-alpine3.18

From cf1ae8fb1b1019c2020e30eeec9207e09da15e28 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Oct 2023 12:51:18 +0000
Subject: [PATCH 1616/3949] Bump caddy from 2.7.4-alpine to 2.7.5-alpine in
 /Containers/apache

Bumps caddy from 2.7.4-alpine to 2.7.5-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ab49cfc2..ac0bd721 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,4 @@
-FROM caddy:2.7.4-alpine as caddy
+FROM caddy:2.7.5-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.18
 

From 8ebcdf22ca95881828a6d85f6210449b84127069 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 16 Oct 2023 08:17:16 +0000
Subject: [PATCH 1617/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      | 45 +--------------
 .../nextcloud-aio-apache-service.yaml         |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml      | 30 +---------
 .../nextcloud-aio-clamav-service.yaml         |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   |  7 +--
 .../nextcloud-aio-collabora-service.yaml      |  2 +-
 .../nextcloud-aio-database-deployment.yaml    | 19 +------
 .../nextcloud-aio-database-service.yaml       |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  7 +--
 .../nextcloud-aio-fulltextsearch-service.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   | 24 +-------
 .../nextcloud-aio-imaginary-service.yaml      |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  9 +--
 .../nextcloud-aio-nextcloud-service.yaml      |  5 +-
 .../nextcloud-aio-notify-push-deployment.yaml |  9 +--
 .../nextcloud-aio-notify-push-service.yaml    |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  7 +--
 .../nextcloud-aio-onlyoffice-service.yaml     |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  9 +--
 .../nextcloud-aio-redis-service.yaml          |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        | 55 +------------------
 ...xtcloud-aio-talk-recording-deployment.yaml | 32 +----------
 .../nextcloud-aio-talk-recording-service.yaml |  2 +-
 .../templates/nextcloud-aio-talk-service.yaml |  4 +-
 25 files changed, 55 insertions(+), 229 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9c5b6a65..e0dd4e92 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.2.1
+version: 7.4.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7ab1fb72..66cc103c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
@@ -30,22 +30,7 @@ spec:
             - "777"
             - /nextcloud-aio-nextcloud
             - /nextcloud-aio-apache
-            - /nextcloud-aio-apache-tmpfs0
-            - /nextcloud-aio-apache-tmpfs1
-            - /nextcloud-aio-apache-tmpfs2
-            - /nextcloud-aio-apache-tmpfs3
-            - /nextcloud-aio-apache-tmpfs4
           volumeMounts:
-            - name: nextcloud-aio-apache-tmpfs4
-              mountPath: /nextcloud-aio-apache-tmpfs4
-            - name: nextcloud-aio-apache-tmpfs3
-              mountPath: /nextcloud-aio-apache-tmpfs3
-            - name: nextcloud-aio-apache-tmpfs2
-              mountPath: /nextcloud-aio-apache-tmpfs2
-            - name: nextcloud-aio-apache-tmpfs1
-              mountPath: /nextcloud-aio-apache-tmpfs1
-            - name: nextcloud-aio-apache-tmpfs0
-              mountPath: /nextcloud-aio-apache-tmpfs0
             - name: nextcloud-aio-apache
               mountPath: /nextcloud-aio-apache
             - name: nextcloud-aio-nextcloud
@@ -72,33 +57,19 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230916_091439-latest
+          image: nextcloud/aio-apache:20231016_081107-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
-              hostPort: {{ .Values.APACHE_PORT }}
               protocol: TCP
             - containerPort: {{ .Values.APACHE_PORT }}
-              hostPort: {{ .Values.APACHE_PORT }}
               protocol: UDP
-          securityContext:
-            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
               readOnly: true
             - mountPath: /mnt/data
               name: nextcloud-aio-apache
-            - mountPath: /var/log/supervisord
-              name: nextcloud-aio-apache-tmpfs0
-            - mountPath: /var/run/supervisord
-              name: nextcloud-aio-apache-tmpfs1
-            - mountPath: /usr/local/apache2/logs
-              name: nextcloud-aio-apache-tmpfs2
-            - mountPath: /tmp
-              name: nextcloud-aio-apache-tmpfs3
-            - mountPath: /home/www-data
-              name: nextcloud-aio-apache-tmpfs4
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
@@ -106,13 +77,3 @@ spec:
         - name: nextcloud-aio-apache
           persistentVolumeClaim:
             claimName: nextcloud-aio-apache
-        - emptyDir: {}
-          name: nextcloud-aio-apache-tmpfs0
-        - emptyDir: {}
-          name: nextcloud-aio-apache-tmpfs1
-        - emptyDir: {}
-          name: nextcloud-aio-apache-tmpfs2
-        - emptyDir: {}
-          name: nextcloud-aio-apache-tmpfs3
-        - emptyDir: {}
-          name: nextcloud-aio-apache-tmpfs4
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 7ffeeaa1..1ccd4125 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 017e4deb..b197fab2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
@@ -30,16 +30,7 @@ spec:
             - chmod
             - "777"
             - /nextcloud-aio-clamav
-            - /nextcloud-aio-clamav-tmpfs0
-            - /nextcloud-aio-clamav-tmpfs1
-            - /nextcloud-aio-clamav-tmpfs2
           volumeMounts:
-            - name: nextcloud-aio-clamav-tmpfs2
-              mountPath: /nextcloud-aio-clamav-tmpfs2
-            - name: nextcloud-aio-clamav-tmpfs1
-              mountPath: /nextcloud-aio-clamav-tmpfs1
-            - name: nextcloud-aio-clamav-tmpfs0
-              mountPath: /nextcloud-aio-clamav-tmpfs0
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
       containers:
@@ -48,31 +39,16 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230916_091439-latest
+          image: nextcloud/aio-clamav:20231016_081107-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
-              hostPort: 3310
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/lib/clamav
               name: nextcloud-aio-clamav
-            - mountPath: /var/lock
-              name: nextcloud-aio-clamav-tmpfs0
-            - mountPath: /var/log/clamav
-              name: nextcloud-aio-clamav-tmpfs1
-            - mountPath: /tmp
-              name: nextcloud-aio-clamav-tmpfs2
       volumes:
         - name: nextcloud-aio-clamav
           persistentVolumeClaim:
             claimName: nextcloud-aio-clamav
-        - emptyDir: {}
-          name: nextcloud-aio-clamav-tmpfs0
-        - emptyDir: {}
-          name: nextcloud-aio-clamav-tmpfs1
-        - emptyDir: {}
-          name: nextcloud-aio-clamav-tmpfs2
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 08c27809..ade35504 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index d6b5caeb..93b64805 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
@@ -37,10 +37,9 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230916_091439-latest
+          image: nextcloud/aio-collabora:20231016_081107-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
-              hostPort: 9980
               protocol: TCP
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index a759f284..a1cf6fd4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 934d09f6..c921c4ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
@@ -31,10 +31,7 @@ spec:
             - /nextcloud-aio-database/data
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
-            - /nextcloud-aio-database-tmpfs0
           volumeMounts:
-            - name: nextcloud-aio-database-tmpfs0
-              mountPath: /nextcloud-aio-database-tmpfs0
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump
             - name: nextcloud-aio-database
@@ -47,10 +44,7 @@ spec:
             - "-R"
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
-            - /nextcloud-aio-database-tmpfs0
           volumeMounts:
-            - name: nextcloud-aio-database-tmpfs0
-              mountPath: /nextcloud-aio-database-tmpfs0
             - name: nextcloud-aio-database-dump
               mountPath: /nextcloud-aio-database-dump
             - name: nextcloud-aio-database
@@ -67,22 +61,17 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230916_091439-latest
+          image: nextcloud/aio-postgresql:20231016_081107-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
-              hostPort: 5432
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
               name: nextcloud-aio-database
             - mountPath: /mnt/data
               name: nextcloud-aio-database-dump
-            - mountPath: /var/run/postgresql
-              name: nextcloud-aio-database-tmpfs0
       terminationGracePeriodSeconds: 1800
       volumes:
         - name: nextcloud-aio-database
@@ -91,5 +80,3 @@ spec:
         - name: nextcloud-aio-database-dump
           persistentVolumeClaim:
             claimName: nextcloud-aio-database-dump
-        - emptyDir: {}
-          name: nextcloud-aio-database-tmpfs0
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index addf6f3b..adb61d66 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 511d8541..569c9561 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
@@ -55,11 +55,10 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20230916_091439-latest
+          image: nextcloud/aio-fulltextsearch:20231016_081107-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
-              hostPort: 9200
               protocol: TCP
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 90609667..f5ea3428 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a9fdda32..ccb60a5d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -18,40 +18,22 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
-      initContainers:
-        - name: init-volumes
-          image: alpine
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-imaginary-tmpfs0
-          volumeMounts:
-            - name: nextcloud-aio-imaginary-tmpfs0
-              mountPath: /nextcloud-aio-imaginary-tmpfs0
       containers:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230916_091439-latest
+          image: nextcloud/aio-imaginary:20231016_081107-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
-              hostPort: 9000
               protocol: TCP
           securityContext:
             capabilities:
               add:
                 - SYS_NICE
-            readOnlyRootFilesystem: true
-          volumeMounts:
-            - mountPath: /tmp
-              name: nextcloud-aio-imaginary-tmpfs0
-      volumes:
-        - emptyDir: {}
-          name: nextcloud-aio-imaginary-tmpfs0
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index bdcc3d7b..ac51f3d7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 06340fbe..bd50d2df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
@@ -121,11 +121,12 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230916_091439-latest
+          image: nextcloud/aio-nextcloud:20231016_081107-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
-              hostPort: 9000
+              protocol: TCP
+            - containerPort: 9001
               protocol: TCP
           volumeMounts:
             - mountPath: /var/www/html
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 2c9b6b68..fba99885 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -13,5 +13,8 @@ spec:
     - name: "9000"
       port: 9000
       targetPort: 9000
+    - name: "9001"
+      port: 9001
+      targetPort: 9001
   selector:
     io.kompose.service: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 4c4abb50..e25df14f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-notify-push
@@ -50,14 +50,11 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20230916_091439-latest
+          image: nextcloud/aio-notify-push:20231016_081107-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
-              hostPort: 7867
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index cabfcf2c..d12943cd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index ce61367c..8a168767 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
@@ -43,11 +43,10 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230916_091439-latest
+          image: nextcloud/aio-onlyoffice:20231016_081107-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
-              hostPort: 80
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 8fa58474..2e005ddc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 5d33ebfa..6e3c5481 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
@@ -38,14 +38,11 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230916_091439-latest
+          image: nextcloud/aio-redis:20231016_081107-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
-              hostPort: 6379
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 68c46a90..f65e7455 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 061c1035..da140511 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -18,33 +18,11 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
-      initContainers:
-        - name: init-volumes
-          image: alpine
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-talk-tmpfs0
-            - /nextcloud-aio-talk-tmpfs1
-            - /nextcloud-aio-talk-tmpfs2
-            - /nextcloud-aio-talk-tmpfs3
-            - /nextcloud-aio-talk-tmpfs4
-          volumeMounts:
-            - name: nextcloud-aio-talk-tmpfs4
-              mountPath: /nextcloud-aio-talk-tmpfs4
-            - name: nextcloud-aio-talk-tmpfs3
-              mountPath: /nextcloud-aio-talk-tmpfs3
-            - name: nextcloud-aio-talk-tmpfs2
-              mountPath: /nextcloud-aio-talk-tmpfs2
-            - name: nextcloud-aio-talk-tmpfs1
-              mountPath: /nextcloud-aio-talk-tmpfs1
-            - name: nextcloud-aio-talk-tmpfs0
-              mountPath: /nextcloud-aio-talk-tmpfs0
       containers:
         - env:
             - name: INTERNAL_SECRET
@@ -59,40 +37,13 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230916_091439-latest
+          image: nextcloud/aio-talk:20231016_081107-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
-              hostPort: {{ .Values.TALK_PORT }}
               protocol: TCP
             - containerPort: {{ .Values.TALK_PORT }}
-              hostPort: {{ .Values.TALK_PORT }}
               protocol: UDP
             - containerPort: 8081
-              hostPort: 8081
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
-          volumeMounts:
-            - mountPath: /var/log/supervisord
-              name: nextcloud-aio-talk-tmpfs0
-            - mountPath: /var/run/supervisord
-              name: nextcloud-aio-talk-tmpfs1
-            - mountPath: /opt/eturnal/run
-              name: nextcloud-aio-talk-tmpfs2
-            - mountPath: /conf
-              name: nextcloud-aio-talk-tmpfs3
-            - mountPath: /tmp
-              name: nextcloud-aio-talk-tmpfs4
-      volumes:
-        - emptyDir: {}
-          name: nextcloud-aio-talk-tmpfs0
-        - emptyDir: {}
-          name: nextcloud-aio-talk-tmpfs1
-        - emptyDir: {}
-          name: nextcloud-aio-talk-tmpfs2
-        - emptyDir: {}
-          name: nextcloud-aio-talk-tmpfs3
-        - emptyDir: {}
-          name: nextcloud-aio-talk-tmpfs4
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index f3421eb4..635b2f13 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,24 +18,11 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.30.0 (9d8dcb518)
+        kompose.version: 1.31.2 (a92241f79)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
-      initContainers:
-        - name: init-volumes
-          image: alpine
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-talk-recording-tmpfs0
-            - /nextcloud-aio-talk-recording-tmpfs1
-          volumeMounts:
-            - name: nextcloud-aio-talk-recording-tmpfs1
-              mountPath: /nextcloud-aio-talk-recording-tmpfs1
-            - name: nextcloud-aio-talk-recording-tmpfs0
-              mountPath: /nextcloud-aio-talk-recording-tmpfs0
       containers:
         - env:
             - name: INTERNAL_SECRET
@@ -46,22 +33,9 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20230916_091439-latest
+          image: nextcloud/aio-talk-recording:20231016_081107-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
-              hostPort: 1234
               protocol: TCP
-          securityContext:
-            readOnlyRootFilesystem: true
-          volumeMounts:
-            - mountPath: /tmp
-              name: nextcloud-aio-talk-recording-tmpfs0
-            - mountPath: /conf
-              name: nextcloud-aio-talk-recording-tmpfs1
-      volumes:
-        - emptyDir: {}
-          name: nextcloud-aio-talk-recording-tmpfs0
-        - emptyDir: {}
-          name: nextcloud-aio-talk-recording-tmpfs1
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 9cbbbc08..403e2e5a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 862671d9..f351c201 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -5,7 +5,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -28,7 +28,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.30.0 (9d8dcb518)
+    kompose.version: 1.31.2 (a92241f79)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk

From a846b46fcd2073eeeb59c525a582ab07d0137811 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 16 Oct 2023 10:40:34 +0200
Subject: [PATCH 1618/3949] Add NPMplus as community-container (#3520)

Co-authored-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md      |  1 +
 community-containers/npmplus/npmplus.json | 32 +++++++++++++++++++++++
 community-containers/npmplus/readme.md    | 22 ++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 community-containers/npmplus/npmplus.json
 create mode 100644 community-containers/npmplus/readme.md

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index e90d579e..e8d230d4 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -2,6 +2,7 @@
 This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
 
 ### Notes
+- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
diff --git a/community-containers/npmplus/npmplus.json b/community-containers/npmplus/npmplus.json
new file mode 100644
index 00000000..24f1c381
--- /dev/null
+++ b/community-containers/npmplus/npmplus.json
@@ -0,0 +1,32 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-npmplus",
+            "display_name": "NPMplus",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus",
+            "image": "zoeyvid/npmplus",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_AIO=true",
+                "NC_DOMAIN=%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_npmplus",
+                    "destination": "/data",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_npmplus"
+            ],
+            "aio_variables": [
+                "apache_ip_binding=127.0.0.1",
+                "apache_port=11000"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
new file mode 100644
index 00000000..fe8d9452
--- /dev/null
+++ b/community-containers/npmplus/readme.md
@@ -0,0 +1,22 @@
+## NPMplus
+This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
+
+### Notes
+- This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
+- Only works on linux since it uses network mode host
+- You can ignore the NPM configuration of the reverse-proxy.md. The NPMplus fork already contains the changes of the advanced tab.
+- Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
+- Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
+- After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password. 
+- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.com`
+- If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
+- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
+- The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
+- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository and Documentation
+https://github.com/ZoeyVid/NPMplus
+
+### Maintainer
+https://github.com/Zoey2936

From a8c25f7a6a23f855e192dbe25e825fac641978cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 12:53:49 +0000
Subject: [PATCH 1619/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.4.2.1 to 23.05.5.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 002476e5..e212c1c9 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.4.2.1
+FROM collabora/code:23.05.5.1.1
 
 USER root
 

From bfa74ad966e66b12ea799d4387fea126de08427c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 12:58:52 +0000
Subject: [PATCH 1620/3949] Bump clamav/clamav from 1.2.0-8 to 1.2.0-9 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.0-8 to 1.2.0-9.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 02546200..ebb216f2 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-8
+FROM clamav/clamav:1.2.0-9
 
 COPY clamav.conf /tmp/clamav.conf
 

From 388a79dfe9a702c551c8512e0333f276520458b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 13:02:07 +0000
Subject: [PATCH 1621/3949] Bump nats from 2.10.2-scratch to 2.10.3-scratch in
 /Containers/talk

Bumps nats from 2.10.2-scratch to 2.10.3-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 13083f4a..59178e71 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.2-scratch as nats
+FROM nats:2.10.3-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.4 as janus

From cea006c58f83c9585998ea34e4ddf3d61d858342 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 17 Oct 2023 11:22:07 +0200
Subject: [PATCH 1622/3949] fix regex for additional backup dirs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5bb295b5..5fba6fa8 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -729,7 +729,7 @@ class ConfigurationManager
             // Trim all unwanted chars on both sites
             $entry = trim($entry);
             if ($entry !== "") {
-                if (!preg_match("#^/[.0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
+                if (!preg_match("#^/[.0-1a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
                     throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
                 }
                 $validDirectories .= rtrim($entry, '/') . PHP_EOL;

From f397392d9d9aa8c37153cef05b0e447ae578940b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 00:40:09 +0200
Subject: [PATCH 1623/3949] update links to discussions for netdata and pgadmin

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index e0ece8e7..e4df8409 100644
--- a/readme.md
+++ b/readme.md
@@ -693,13 +693,13 @@ You can configure your server to block certain ip-addresses using fail2ban as br
 It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
 
 ### Netdata
-Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
+Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/392#discussioncomment-7133563
 
 ### USER_SQL
 If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name.
 
 ### phpMyAdmin, Adminer or pgAdmin
-It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
+It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
 
 ### Mail server
 You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers

From cd7a87200bdb077796ccb058f5810d6c6053381a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 6 Oct 2023 21:22:13 +0200
Subject: [PATCH 1624/3949] community containers - add local ai

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 41 +++++++++++++++++++++
 community-containers/local-ai/readme.md     | 12 ++++++
 community-containers/readme.md              |  2 +-
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/local-ai/local-ai.json
 create mode 100644 community-containers/local-ai/readme.md

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
new file mode 100644
index 00000000..ce3a9dcc
--- /dev/null
+++ b/community-containers/local-ai/local-ai.json
@@ -0,0 +1,41 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-local-ai",
+            "display_name": "Local AI",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
+            "image": "szaimen/aio-local-ai",
+            "image_tag": "v1",
+            "internal_port": "8080",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_localai_models",
+                    "destination": "/models",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_localai_images",
+                    "destination": "/images",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ],
+            "nextcloud_exec_commands": [
+                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
+                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models'",
+                "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
+                "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
+                "php /var/www/html/occ app:install integration_openai",
+                "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
new file mode 100644
index 00000000..84f2161b
--- /dev/null
+++ b/community-containers/local-ai/readme.md
@@ -0,0 +1,12 @@
+## Local AI
+This container bundles Local AI and auto-configures it for you.
+
+### Notes
+- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models` folder. Now you can download models from e.g. https://download.nextcloud.com/server/apps/stt_whisper/ or https://download.nextcloud.com/server/apps/llm/ or others that are mentioned in https://localai.io/model-compatibility/index.html#model-compatibility-table and put them into the `models` folder. Afterwards restart all containers from the AIO interface and the models should automatically get active. Additionally after doing so, you might want to enable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-local-ai
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 9291bd54..c6c8e6f1 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -12,4 +12,4 @@ Before adding any additional container, make sure to create a backup via the AIO
 Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From 706604539f32fffecd71a13c1a78199c22d31c35 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 14:00:22 +0200
Subject: [PATCH 1625/3949] increase to 7.5.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 86bce419..b62f6069 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.4.1</h1>
+        <h1>Nextcloud AIO v7.5.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From caeff27bf5b1e6a29838fd25cce16256902d180d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 14:22:29 +0200
Subject: [PATCH 1626/3949] fix backup notification setting

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0d1dd97d..f23cfcda 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -687,9 +687,13 @@ class ConfigurationManager
         
         if ($enableAutomaticUpdates === false) {
             $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
+        } else {
+            $time .= PHP_EOL;
         }
         if ($successNotification === false) {
             $time .= PHP_EOL . 'successNotificationsAreNotEnabled';
+        } else {
+            $time .= PHP_EOL;
         }
         file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
     }

From 0feaa9d5275fbbf50d50394d6dcc625f15cb2c4b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 15:27:37 +0200
Subject: [PATCH 1627/3949] local-ai - use correct directory where models are
 stored

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index ce3a9dcc..262234e9 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -9,7 +9,8 @@
             "internal_port": "8080",
             "restart": "unless-stopped",
             "environment": [
-                "TZ=%TIMEZONE%"
+                "TZ=%TIMEZONE%",
+                "MODELS_PATH=/models"
             ],
             "volumes": [
                 {

From 0521605c332502ee19f50f2ba8f3b84499cb7a2e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 16:05:59 +0200
Subject: [PATCH 1628/3949] adjust local ai docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 84f2161b..14536e24 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,7 +2,7 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models` folder. Now you can download models from e.g. https://download.nextcloud.com/server/apps/stt_whisper/ or https://download.nextcloud.com/server/apps/llm/ or others that are mentioned in https://localai.io/model-compatibility/index.html#model-compatibility-table and put them into the `models` folder. Afterwards restart all containers from the AIO interface and the models should automatically get active. Additionally after doing so, you might want to enable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
+- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models` folder. Now you can download models from e.g. https://download.nextcloud.com/server/apps/stt_whisper/ or https://download.nextcloud.com/server/apps/llm/ or others that are mentioned in https://localai.io/model-compatibility/index.html#model-compatibility-table and put them into the `models` folder. ⚠️⚠️ Please refer to https://localai.io/features/ how each model needs to be named. Afterwards restart all containers from the AIO interface and the models should automatically get active. Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 
 ### Repository

From 4df370589deaad872a3c171bc35daaf8baa455fe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 18:05:07 +0200
Subject: [PATCH 1629/3949] rework local-ai to download models automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json |  5 ++++-
 community-containers/local-ai/readme.md     | 17 ++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 262234e9..700b823d 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -31,11 +31,14 @@
             ],
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
-                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models'",
+                "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.txt'",
                 "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
                 "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
                 "php /var/www/html/occ app:install integration_openai",
                 "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080"
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_localai_models"
             ]
         }
     ]
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 14536e24..d8bb2305 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,7 +2,22 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models` folder. Now you can download models from e.g. https://download.nextcloud.com/server/apps/stt_whisper/ or https://download.nextcloud.com/server/apps/llm/ or others that are mentioned in https://localai.io/model-compatibility/index.html#model-compatibility-table and put them into the `models` folder. ⚠️⚠️ Please refer to https://localai.io/features/ how each model needs to be named. Afterwards restart all containers from the AIO interface and the models should automatically get active. Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
+- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
+- Example for content of `models.yaml`:
+```yaml
+# Stable Diffusion in NCNN with c++, supported txt2img and img2img 
+- url: github:go-skynet/model-gallery/stablediffusion.yaml
+
+# Port of OpenAI's Whisper model in C/C++ 
+- url: github:go-skynet/model-gallery/whisper-base.yaml
+  name: whisper-1
+
+# A commercially licensable model based on GPT-J and trained by Nomic AI on the v0 GPT4All dataset.
+- url: github:go-skynet/model-gallery/gpt4all-j.yaml
+  name: gpt4all-j
+```
+-  Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
+- The models folder where models get downloaded to is covered by AIOs backup solution
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 
 ### Repository

From 609c61ad658e6b1fe8cb365033bbf7cd2151db04 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 18:39:21 +0200
Subject: [PATCH 1630/3949] fix typo and also install assistant app when
 installing local-ai

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 700b823d..d5bd17d1 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -31,11 +31,12 @@
             ],
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
-                "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.txt'",
+                "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.yaml'",
                 "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
                 "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
                 "php /var/www/html/occ app:install integration_openai",
-                "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080"
+                "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
+                "php /var/www/html/occ app:install assistant"
             ],
             "backup_volumes": [
                 "nextcloud_aio_localai_models"

From d75a53b6208ad45ce60af86ad6e09a7ce8a1f8e0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 18:54:33 +0200
Subject: [PATCH 1631/3949] add warning to local-ai

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index d8bb2305..448ec424 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,8 +2,9 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
+- ⚠️⚠️⚠️ Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
-- Example for content of `models.yaml`:
+- Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml
 # Stable Diffusion in NCNN with c++, supported txt2img and img2img 
 - url: github:go-skynet/model-gallery/stablediffusion.yaml

From 2f82c168e58b012ebda634664204989f512e6cbe Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 19:09:04 +0200
Subject: [PATCH 1632/3949] local-ai - actually do not back up downloaded
 models

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 3 ---
 community-containers/local-ai/readme.md     | 1 -
 2 files changed, 4 deletions(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index d5bd17d1..f5c2de33 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -37,9 +37,6 @@
                 "php /var/www/html/occ app:install integration_openai",
                 "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
                 "php /var/www/html/occ app:install assistant"
-            ],
-            "backup_volumes": [
-                "nextcloud_aio_localai_models"
             ]
         }
     ]
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 448ec424..46da1a1e 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -18,7 +18,6 @@ This container bundles Local AI and auto-configures it for you.
   name: gpt4all-j
 ```
 -  Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
-- The models folder where models get downloaded to is covered by AIOs backup solution
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
 
 ### Repository

From 5f93ce7f78048bd33904105fbe477f633ead9f8f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 23:54:19 +0200
Subject: [PATCH 1633/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index ade82e59..66a2706b 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.4.1.1
+FROM onlyoffice/documentserver:7.5.0.1
 
 # USER root is probably used
 

From f2b075ac64d1b480bf0ee779368f22acfdeb0bbf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 18 Oct 2023 23:58:47 +0200
Subject: [PATCH 1634/3949] improve detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 46da1a1e..19c61f89 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,7 +2,7 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- ⚠️⚠️⚠️ Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
+- Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml

From b08b1857c856481751f8526a422873f54544110c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Oct 2023 13:03:17 +0000
Subject: [PATCH 1635/3949] Bump redis from 7.2.1-alpine to 7.2.2-alpine in
 /Containers/redis

Bumps redis from 7.2.1-alpine to 7.2.2-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 9e7626f8..b2b12fb9 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.1-alpine
+FROM redis:7.2.2-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From bdf676af84605d691d652cdd810ce488bbeeaba1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 16:42:58 +0200
Subject: [PATCH 1636/3949] add notice regarding https

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 3a5c6d5d..25f6e0ff 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,8 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy.<br>
+**Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert).
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**

From 3210ad06f23d384efddbb38ea29e1cef0fcf161f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 16:47:25 +0200
Subject: [PATCH 1637/3949] adjust detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 25f6e0ff..975606b7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,8 +4,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy.<br>
-**Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert).
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert).
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**

From 4456e5380f2d99309447ea8626ab88940bda4d1c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 16:50:20 +0200
Subject: [PATCH 1638/3949] add another hint

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 975606b7..86bd155d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert).
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**

From 22392b0a948866fd921b6aecaf8d4a773d162914 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 20:33:14 +0200
Subject: [PATCH 1639/3949] add links to ldap and mailserver

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index e4df8409..d518ded8 100644
--- a/readme.md
+++ b/readme.md
@@ -690,7 +690,7 @@ If you want to define a custom skeleton directory, you can do so by copying your
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 
 ### LDAP
-It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
+It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/406#discussioncomment-7133555
 
 ### Netdata
 Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/392#discussioncomment-7133563
@@ -702,7 +702,7 @@ If you want to use the user_sql app, the easiest way is to create an additional
 It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
 
 ### Mail server
-You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-add-containers
+You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/356#discussioncomment-7133547
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

From 3e4f946ab98867f0fd7aede2d834fa95a6eb7841 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 23:02:10 +0200
Subject: [PATCH 1640/3949] adjust link to community containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md       | 2 +-
 community-containers/fail2ban/readme.md    | 2 +-
 community-containers/local-ai/readme.md    | 2 +-
 community-containers/npmplus/readme.md     | 2 +-
 community-containers/pi-hole/readme.md     | 2 +-
 community-containers/plex/readme.md        | 2 +-
 community-containers/vaultwarden/readme.md | 2 +-
 manual-install/readme.md                   | 2 +-
 nextcloud-aio-helm-chart/readme.md         | 2 +-
 readme.md                                  | 4 ++--
 10 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index e8d230d4..b1767210 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,7 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/szaimen/aio-caddy
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 62e5a9f2..0af34005 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -4,7 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/szaimen/aio-fail2ban
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 19c61f89..cdb81a4b 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -18,7 +18,7 @@ This container bundles Local AI and auto-configures it for you.
   name: gpt4all-j
 ```
 -  Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/szaimen/aio-local-ai
diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
index fe8d9452..654296eb 100644
--- a/community-containers/npmplus/readme.md
+++ b/community-containers/npmplus/readme.md
@@ -13,7 +13,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
 - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
 - **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository and Documentation
 https://github.com/ZoeyVid/NPMplus
diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md
index c10d1523..fb15fee3 100644
--- a/community-containers/pi-hole/readme.md
+++ b/community-containers/pi-hole/readme.md
@@ -9,7 +9,7 @@ This container bundles pi-hole and auto-configures it for you.
 - After adding and starting the container, you can visit `http://ip.address.of.this.server:8573` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
 - You can configure your home network now to use pi-hole as its dns server by configuring your router.
 - Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/pi-hole/docker-pi-hole
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index b340dcaf..13bc5e5d 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -7,7 +7,7 @@ This container bundles Plex and auto-configures it for you.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
 - After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
 - The data of Plex will be automatically included in AIOs backup solution!
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/plexinc/pms-docker
diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
index cc53ba8b..37e03bd1 100644
--- a/community-containers/vaultwarden/readme.md
+++ b/community-containers/vaultwarden/readme.md
@@ -7,7 +7,7 @@ This container bundles vaultwarden and auto-configures it for you.
 - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Vaultwarden will be automatically included in AIOs backup solution!
 - After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
 https://github.com/dani-garcia/vaultwarden
diff --git a/manual-install/readme.md b/manual-install/readme.md
index def74197..ae356435 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -11,7 +11,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers
+- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 - **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 33050525..e0a3c916 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -10,7 +10,7 @@ You can run the containers that are build for AIO with Kubernetes using this Hel
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers
+- You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 - **You need to know what you are doing**
 - For updating, you need to strictly follow the at the bottom described update routine
 - You need to monitor yourself if the volumes have enough free space and increase them if they don't by adjusting their size in values.yaml
diff --git a/readme.md b/readme.md
index d518ded8..591dfbdd 100644
--- a/readme.md
+++ b/readme.md
@@ -43,7 +43,7 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
-- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers)
+- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
@@ -708,7 +708,7 @@ You can configure one yourself by using either of these three recommended projec
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 
 ### Requirements for integrating new containers
-For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it. Also there is this now: https://github.com/nextcloud/all-in-one/tree/main/community-containers
+For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it. Also there is this now: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 
 What are the requirements?
 1. New containers must be related to Nextcloud. Related means that there must be a feature in Nextcloud that gets added by adding this container.

From 9a16b7ea53cf089f80bb3579976868c8a9075beb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 23:07:17 +0200
Subject: [PATCH 1641/3949] add hint regarding community containers to the AIO
 interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b62f6069..185f4c06 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -541,12 +541,12 @@
                     {% endif %}
                 {% endif %}
                 {% if is_backup_container_running == false %}
-                    <h2>Optional addons</h2>
-                    In this section you can enable or disable optional addons.<br><br>
+                    <h2>Optional containers</h2>
+                    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <b><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></b> how to add them.<br><br>
                     {% if isAnyRunning == true %}
                         <b>Please note:</b> You can enable or disable them when your containers are stopped.<br><br>
                     {% else %}
-                        <b>Please note:</b> Make sure to save your changes by clicking on the button <b>Save changes</b> that is positioned below the list of optional addons. The changes will not be auto-saved.<br><br>
+                        <b>Please note:</b> Make sure to save your changes by clicking on the button <b>Save changes</b> that is positioned below the list of optional containers. The changes will not be auto-saved.<br><br>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -595,7 +595,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br>
+                    <b>Minimal system requirements:</b> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}

From 499dccb12255304b3124c4f787be169b053dad2e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 23:20:00 +0200
Subject: [PATCH 1642/3949] add section about existing ideas for new community
 containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index c6c8e6f1..93177fcc 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -13,3 +13,6 @@ Afterwards, you might want to add additional community containers to the default
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+
+### Is there a list of ideas for new community containers?
+Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.

From b5577a2909965d28e6087e685876b4ae0149d181 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 20 Oct 2023 13:07:33 +0200
Subject: [PATCH 1643/3949] add further hint what borg is able to do

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 3 ++-
 readme.md                     | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b62f6069..c55a147a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -424,6 +424,7 @@
                                 Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
                                 Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.<br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
                                 Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
@@ -474,7 +475,7 @@
 
                                         <h3>Daily backup and automatic updates</h3>
                                         {% if daily_backup_time == "" %}
-                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC.<br><br/>
+                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC. For creating the backup, it will stop the containers and start them back up after the backup is done.<br><br/>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
diff --git a/readme.md b/readme.md
index 591dfbdd..8916577d 100644
--- a/readme.md
+++ b/readme.md
@@ -340,7 +340,7 @@ Here is how to reset the AIO instance properly:
 1. And you are done! Now feel free to start over with the recommended docker run command!
 
 ### Backup solution
-Nextcloud AIO provides a local backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a local restore point in case the installation gets corrupted. 
+Nextcloud AIO provides a local backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a local restore point in case the installation gets corrupted. By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.
 
 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 
 

From 1f68615c8d18181a4b053247aaea785cee15334b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 20 Oct 2023 13:14:17 +0200
Subject: [PATCH 1644/3949] add hint regarding restore process and backup
 location

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 readme.md                     | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c55a147a..8f05c97e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -366,7 +366,7 @@
                     {% else %}
                         {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
                             <h2>Backup and restore</h2>
-                            Please type in the directory where backups will get created on the host system:<br><br>
+                            Please type in the directory where backups will get created on the host system below. In best case make sure that you choose a location on a separate drive and not on your root drive.<br><br>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -461,7 +461,7 @@
                                         </form>
 
                                         <h3>Backup restore</h3>
-                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories!<br><br>
+                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync is used to restore the chosen backup which only transfers changed files and deletes additional ones.<br><br>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/readme.md b/readme.md
index 8916577d..92ec3752 100644
--- a/readme.md
+++ b/readme.md
@@ -344,6 +344,8 @@ Nextcloud AIO provides a local backup solution based on [BorgBackup](https://git
 
 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 
 
+The restore process should be pretty fast as rsync is used to restore the chosen backup which only transfers changed files and deletes additional ones.
+
 If you connect an external drive to your host, and choose the backup directory to be on that drive, you are also kind of safe against drive failures of the drive where the docker volumes are stored on. 
 
 <details>

From 36acb8e4e6a4e0d9bb91d82e9d7b721fa6a71f5d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 20:37:17 +0200
Subject: [PATCH 1645/3949] add maxconn value to haproxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/haproxy.cfg | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 48a94cdc..9a31f2f7 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,5 +1,8 @@
 # Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
 
+global
+    maxconn 10
+
 defaults
     timeout connect 10s
     timeout client 10s

From 2bb5e84d833910a8d53d9c9101e5fca859da129c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Oct 2023 12:29:03 +0000
Subject: [PATCH 1646/3949] Bump peter-evans/create-or-update-comment from
 3.0.2 to 3.1.0

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/c6c9a1a66007646a28c153e2a8580a5bad27bcfa...23ff15729ef2fc348714a3bb66d2f655ca9066f2)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/command-rebase.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 8d7c7201..466c71f7 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa # v3.0.2
+        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa # v3.0.2
+        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

From 8e9eb59d12e1dfc011cae2770232c03ad315ec49 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Oct 2023 13:04:15 +0000
Subject: [PATCH 1647/3949] Bump httpd in /Containers/apache

Bumps httpd from 2.4.57-alpine3.18 to 2.4.58-alpine3.18.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ac0bd721..740ee23a 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,6 +1,6 @@
 FROM caddy:2.7.5-alpine as caddy
 
-FROM httpd:2.4.57-alpine3.18
+FROM httpd:2.4.58-alpine3.18
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 97f66da2192100bfdfd3506e68d748c2efae0703 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 19 Oct 2023 16:12:05 +0200
Subject: [PATCH 1648/3949] community containers - add libretranslate

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../libretranslate/libretranslate.json        | 33 +++++++++++++++++++
 community-containers/libretranslate/readme.md | 18 ++++++++++
 community-containers/readme.md                |  2 +-
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/libretranslate/libretranslate.json
 create mode 100644 community-containers/libretranslate/readme.md

diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json
new file mode 100644
index 00000000..c0a878c5
--- /dev/null
+++ b/community-containers/libretranslate/libretranslate.json
@@ -0,0 +1,33 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-libretranslate",
+            "display_name": "LibreTranslate",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
+            "image": "szaimen/aio-libretranslate",
+            "image_tag": "v1",
+            "internal_port": "5000",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_libretranslate_db",
+                    "destination": "/app/db",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_libretranslate_models",
+                    "destination": "/home/libretranslate/.local",
+                    "writeable": true
+                }
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install integration_libretranslate",
+                "php /var/www/html/occ config:app:set integration_libretranslate host --value='http://nextcloud-aio-libretranslate'",
+                "php /var/www/html/occ config:app:set integration_libretranslate port --value='5000'"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md
new file mode 100644
index 00000000..c630a690
--- /dev/null
+++ b/community-containers/libretranslate/readme.md
@@ -0,0 +1,18 @@
+## Local AI
+This container bundles LibreTranslate and auto-configures it for you.
+
+### Notes
+
+- After the initial startup is done, you might want to change the default language to translate from and to via:
+```bash
+# Adjust the values `en` and `de` in commands below accordingly
+sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:app:set integration_libretranslate from_lang --value="en"
+sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:app:set integration_libretranslate to_lang --value="de"
+```
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-libretranslate
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 93177fcc..39a50323 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -12,7 +12,7 @@ Before adding any additional container, make sure to create a backup via the AIO
 Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
 
 ## How to add containers?
-Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
+Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
 
 ### Is there a list of ideas for new community containers?
 Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.

From d9bbafdd69430f3c9e69ac9772459f55788c208d Mon Sep 17 00:00:00 2001
From: Philipp Fruck <dev@p-fruck.de>
Date: Tue, 17 Oct 2023 23:36:53 +0200
Subject: [PATCH 1649/3949] docs(reverse-proxy): fix typos

Signed-off-by: Philipp Fruck <dev@p-fruck.de>
---
 reverse-proxy.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 86bd155d..957c3fa8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -147,7 +147,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
     You also need to adjust `<provider>` and `<key>` to match your case.
 
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the dommain validation (because it is known that the domain validation will not when using the DNS-challenge since no port is publicly opened.
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened).
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
 
@@ -169,11 +169,11 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 <summary>click here to expand</summary>
 
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
+Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
 ⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 
@@ -375,7 +375,7 @@ server {
 <summary>click here to expand</summary>
 
 First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`.
-If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privilleged ports.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
 
 Second, see these screenshots for a working config:
 

From 41a4ea7d920d0c40e59aeef10db1f0599d1a2cf7 Mon Sep 17 00:00:00 2001
From: Philipp Fruck <dev@p-fruck.de>
Date: Tue, 17 Oct 2023 23:45:26 +0200
Subject: [PATCH 1650/3949] chore: Add more examples to compose.yaml

Signed-off-by: Philipp Fruck <dev@p-fruck.de>
---
 compose.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 8a323448..bb2cf729 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -32,6 +32,8 @@ services:
       # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
       # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
+    # # Uncomment the following line when using SELinux
+    # security_opt: ["label:disable"]
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
@@ -47,7 +49,7 @@ services:
   #     - ./sites:/srv
   #   network_mode: "host"
 
-volumes:
+volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
   nextcloud_aio_mastercontainer:
     name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
 

From e2b42830671b1fb93d80671d5f11ef3ce5df1dd1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 20 Oct 2023 19:19:11 +0200
Subject: [PATCH 1651/3949] add note that integration app is not yet compatible

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/libretranslate/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md
index c630a690..9ee6e9b1 100644
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -3,6 +3,7 @@ This container bundles LibreTranslate and auto-configures it for you.
 
 ### Notes
 
+- Please note that this community container is currently not working since its integration app is not yet compatible with Nextcloud 27 (Hub 6). You can follow the progress here: https://github.com/v1r0x/integration_libretranslate/issues/1
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash
 # Adjust the values `en` and `de` in commands below accordingly

From c5135e3a4e02e86f748327c2ad1d6383070c0a5d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 20 Oct 2023 17:02:20 +0200
Subject: [PATCH 1652/3949] nextcloud container - allowed clients - only limit
 access in known use cases

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh          | 23 ++++++++++++++---------
 php/containers.json                    |  4 +++-
 php/src/Docker/DockerActionManager.php |  2 ++
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index bb2a3519..47426a89 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -135,15 +135,20 @@ while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
     echo "Waiting for nextcloud-aio-apache to start..."
     sleep 5
 done
-IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 
-sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+set -x
+if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+
+    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+fi
+set +x
 
 exec "$@"
diff --git a/php/containers.json b/php/containers.json
index 50cd91eb..c75ffab1 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -210,7 +210,9 @@
         "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
-        "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%"
+        "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
+        "APACHE_PORT=%APACHE_PORT%",
+        "APACHE_IP_BINDING=%APACHE_IP_BINDING%"
       ],
       "restart": "unless-stopped",
       "devices": [
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 03c8c8c8..d9942fbe 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -289,6 +289,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
                 } elseif ($out[1] === 'APACHE_PORT') {
                     $replacements[1] = $this->configurationManager->GetApachePort();
+                } elseif ($out[1] === 'APACHE_IP_BINDING') {
+                    $replacements[1] = $this->configurationManager->GetApacheIPBinding();
                 } elseif ($out[1] === 'TALK_PORT') {
                     $replacements[1] = $this->configurationManager->GetTalkPort();
                 } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {

From db84d7d48686d7f377c4a0ad04e51e34ed973b2f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sat, 21 Oct 2023 12:02:16 +0000
Subject: [PATCH 1653/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 8b89ca9a..5b714ccb 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -143,6 +143,8 @@ services:
       - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
       - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
+      - APACHE_PORT=${APACHE_PORT}
+      - APACHE_IP_BINDING=${APACHE_IP_BINDING}
     restart: unless-stopped
     networks:
       - nextcloud-aio

From 00ec781b6822c810dc50093f66683d03cb4e19f8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Oct 2023 15:40:57 +0200
Subject: [PATCH 1654/3949] postgresql - close idling sessions automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 8d5f7b05..7fb3b8f1 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -155,10 +155,14 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
         sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
     fi
 
-    # Modify conf
+    # Do not log checkpoints
     if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
     fi
+    # Close idling connections automatically after 3s which does not seem to happen automatically so that we run into max_connections limits
+    if grep -q "#idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
+        sed -i 's|#idle_session_timeout.*|idle_session_timeout = 3000|' /var/lib/postgresql/data/postgresql.conf
+    fi
 fi
 
 # Catch docker stop attempts

From b2ca0b0e22b5c35fcd1eb629726ccd86abdafa29 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 22 Oct 2023 11:11:46 +0200
Subject: [PATCH 1655/3949] add mailu to recommended mail server projects

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 92ec3752..c5bfe890 100644
--- a/readme.md
+++ b/readme.md
@@ -704,7 +704,7 @@ If you want to use the user_sql app, the easiest way is to create an additional
 It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
 
 ### Mail server
-You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow has much more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/356#discussioncomment-7133547
+You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow and Mailu both have more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/356#discussioncomment-7133547
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

From 6168ea3335fa92278b799b8089c11dcb32af12ac Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 21 Oct 2023 15:25:28 +0200
Subject: [PATCH 1656/3949] do not catch error during pullcontainer so that it
 throws and logs if it cannot get the image

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d9942fbe..9a5ddf33 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -577,14 +577,8 @@ class DockerActionManager
     public function PullContainer(Container $container) : void
     {
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
-        try {
-            $this->guzzleClient->post($url);
-        } catch (RequestException $e) {
-            error_log('Could not get image ' . $this->BuildImageName($container) . ' from docker hub. Probably due to rate limits. ' . $e->getMessage());
-            // Don't exit here because it is possible that the image is already present 
-            // and we ran into docker hub limits.
-            // We will exit later if not image should be available.
-        }
+        // do not catch any exception so that it always throws and logs the error
+        $this->guzzleClient->post($url);
     }
 
     private function isContainerUpdateAvailable(string $id) : string

From 5b5f47218088c595b620eb203207f1ce3a85cd87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Oct 2023 12:40:47 +0000
Subject: [PATCH 1657/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.5.1.1 to 23.05.5.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e212c1c9..e15c139e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.1.1
+FROM collabora/code:23.05.5.2.1
 
 USER root
 

From b7de89ba6a0544d3f92bc5298e0f5559791451d0 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter@7bits.nl>
Date: Mon, 23 Oct 2023 21:35:19 +0200
Subject: [PATCH 1658/3949] fix reference to column in wikipedia timezone list

Signed-off-by: Peter van Dijk <peter@7bits.nl>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 90c5fe13..bb438b8e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -649,7 +649,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
                         {% else %}
                             The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">

From d887ed8de19df2f1a75292ed2741e40b72818c39 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 25 Oct 2023 12:32:00 +0200
Subject: [PATCH 1659/3949] change priority of app-settings-section to 0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/lib/Settings/Admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/lib/Settings/Admin.php b/app/lib/Settings/Admin.php
index 2d5212ae..36fbd01b 100644
--- a/app/lib/Settings/Admin.php
+++ b/app/lib/Settings/Admin.php
@@ -78,6 +78,6 @@ class Admin implements ISettings {
 	 * E.g.: 70
 	 */
 	public function getPriority(): int {
-		return 5;
+		return 0;
 	}
 }

From 0decfe49000f7dd4c2819d74842e56bf15fc8c28 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Wed, 25 Oct 2023 07:39:09 -0700
Subject: [PATCH 1660/3949] Update migration.md with info about synchronization

Add information about synchronizing after migration. There maybe issues if the server has been offline for a while and a user reconnects clients for synchronization.

Signed-off-by: Lance <Gero3977@gmail.com>
---
 migration.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/migration.md b/migration.md
index db40e281..0cac55ce 100644
--- a/migration.md
+++ b/migration.md
@@ -86,3 +86,15 @@ If not, feel free to restore the AIO instance from backup and start at step 8 ag
 
 ## Use the user_migration app
 A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
+
+# Synchronising with clients after migration
+#### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
+By default the Nextcloud server is considered the authorative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
+
+If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run the maintenance:data-fingerprint command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
+
+>[!Note]
+>The usage of maintenance:data-fingerprint can cause conflict dialogues and difficulties deleting files on the client. Therefore it’s only recommended to prevent dataloss if the backup was outdated.
+
+
+If you are running multiple application servers you will need to make sure the config files are synced between them so that the updated data-fingerprint is applied on all instances.

From 782e949742426f6769505e273c1873e908b84608 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Wed, 25 Oct 2023 07:49:49 -0700
Subject: [PATCH 1661/3949] Update migration.md

Include proper command specific for Nextcloud AIO

Signed-off-by: Lance <Gero3977@gmail.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 0cac55ce..11078c2d 100644
--- a/migration.md
+++ b/migration.md
@@ -91,7 +91,7 @@ A new way since the Nextcloud update to 24 is to use the new [user_migration app
 #### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
 By default the Nextcloud server is considered the authorative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
 
-If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run the maintenance:data-fingerprint command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
+If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint` command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
 
 >[!Note]
 >The usage of maintenance:data-fingerprint can cause conflict dialogues and difficulties deleting files on the client. Therefore it’s only recommended to prevent dataloss if the backup was outdated.

From 416f50b70c52acd8db341bdee5321e7dc79f6e81 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 26 Oct 2023 18:26:05 +0200
Subject: [PATCH 1662/3949] do not go lower than 100 connections

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 7fb3b8f1..cef78c10 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -152,6 +152,10 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
     MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
     MAX_CONNECTIONS=$((MEMORY/50+3))
     if [ -n "$MAX_CONNECTIONS" ]; then
+        # 100 is the default, we do not want to go lower than this
+        if [ "$MAX_CONNECTIONS" -lt 100 ]; then
+            MAX_CONNECTIONS=100
+        fi
         sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
     fi
 

From a90fd4d4aa5b40f42a9499b02a670a5fac5858a7 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 06:16:51 +0000
Subject: [PATCH 1663/3949] nextcloud-update automated change

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b6a5e056..ae90bf59 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.24-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.2
+ENV NEXTCLOUD_VERSION 27.1.3
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 706c8bc1bd9d8d76d8ba3f1101743fa835b9bd17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Oct 2023 09:28:21 +0200
Subject: [PATCH 1664/3949] fix update-helm script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 86579ff5..32eb4444 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -29,6 +29,7 @@ source /tmp/sample.conf
 rm /tmp/sample.conf
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
+sed -i '/APACHE_IP_BINDING/d' /tmp/latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml

From 2e9f48bb11bb24a01ed34991980986335191ed2a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Oct 2023 10:39:01 +0200
Subject: [PATCH 1665/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 32eb4444..8d19fa16 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -29,7 +29,7 @@ source /tmp/sample.conf
 rm /tmp/sample.conf
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
-sed -i '/APACHE_IP_BINDING/d' /tmp/latest.yml
+sed -i '/APACHE_IP_BINDING/d' latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
 sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml

From 1abdac961367c85a6cf711b40a3d4b3717159c34 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 10:30:37 +0000
Subject: [PATCH 1666/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 13 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e0dd4e92..abd57866 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.4.1
+version: 7.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 66cc103c..7d1648d1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231016_081107-latest
+          image: nextcloud/aio-apache:20231027_071516-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b197fab2..b591d617 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231016_081107-latest
+          image: nextcloud/aio-clamav:20231027_071516-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 93b64805..65ba4eb0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231016_081107-latest
+          image: nextcloud/aio-collabora:20231027_071516-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index c921c4ad..36e1eb05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231016_081107-latest
+          image: nextcloud/aio-postgresql:20231027_071516-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 569c9561..cffce9df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231016_081107-latest
+          image: nextcloud/aio-fulltextsearch:20231027_071516-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index ccb60a5d..f6cc9642 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231016_081107-latest
+          image: nextcloud/aio-imaginary:20231027_071516-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index bd50d2df..bb70a3ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -45,6 +45,8 @@ spec:
               value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
             - name: ADMIN_USER
               value: admin
+            - name: APACHE_PORT
+              value: "{{ .Values.APACHE_PORT }}"
             - name: CLAMAV_ENABLED
               value: "{{ .Values.CLAMAV_ENABLED }}"
             - name: CLAMAV_HOST
@@ -121,7 +123,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231016_081107-latest
+          image: nextcloud/aio-nextcloud:20231027_071516-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e25df14f..012d4147 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231016_081107-latest
+          image: nextcloud/aio-notify-push:20231027_071516-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 8a168767..4c63dba3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231016_081107-latest
+          image: nextcloud/aio-onlyoffice:20231027_071516-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 6e3c5481..567ee20f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231016_081107-latest
+          image: nextcloud/aio-redis:20231027_071516-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index da140511..14a6bf83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231016_081107-latest
+          image: nextcloud/aio-talk:20231027_071516-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 635b2f13..0e12aa90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231016_081107-latest
+          image: nextcloud/aio-talk-recording:20231027_071516-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From db47b9c5739e977ae2e795caabb5ceb68aba5b72 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 27 Oct 2023 13:11:51 +0200
Subject: [PATCH 1667/3949] increase to 7.5.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 90c5fe13..028ef5f7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.5.0</h1>
+        <h1>Nextcloud AIO v7.5.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 969dca48798c4ac48eb066f7ca370396239a431c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:14:10 +0000
Subject: [PATCH 1668/3949] Bump clamav/clamav from 1.2.0-9 to 1.2.1-11 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.0-9 to 1.2.1-11.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index ebb216f2..ca427a5f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-9
+FROM clamav/clamav:1.2.1-11
 
 COPY clamav.conf /tmp/clamav.conf
 

From 552a7babc4f46c33bad2fcdf711caba9d073e11d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:25:39 +0000
Subject: [PATCH 1669/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index f3eb57b8..e1d70ce4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.1",
+            "version": "v1.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902"
+                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/e5a3057a5591e1cfe8183034b0203921abe2c902",
-                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
+                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
                 "shasum": ""
             },
             "require": {
@@ -447,7 +447,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-07-14T13:56:28+00:00"
+            "time": "2023-10-17T13:38:16+00:00"
         },
         {
             "name": "nikic/fast-route",

From 50bdcc7ba664f94c281c6bb39db00e16ee3260f3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:56:56 +0000
Subject: [PATCH 1670/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d7fc53e9..073795c1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.21.3-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
 
 RUN set -ex; \
     apk add --no-cache \

From 5da8dc0c15232a2e15a996707e0a378d103fec3d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:57:30 +0000
Subject: [PATCH 1671/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 042321b5..6d1dbff6 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.12.0-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.1.1
+ENV RECORDING_VERSION v17.1.2
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false

From 69568b088963ab7d02b5998928743f4046526fec Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 27 Oct 2023 13:01:15 +0000
Subject: [PATCH 1672/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ae90bf59..29829ad9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -70,7 +70,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
-    pecl install redis-6.0.1; \
+    pecl install redis-6.0.2; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From dadb57f74f4ee70a4d9755254e12ab0cbe75f453 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Wed, 25 Oct 2023 23:07:42 -0700
Subject: [PATCH 1673/3949] Update migration.md, fix spelling

Fix a spelling mistake

Signed-off-by: Lance <Gero3977@gmail.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 11078c2d..382ec916 100644
--- a/migration.md
+++ b/migration.md
@@ -89,7 +89,7 @@ A new way since the Nextcloud update to 24 is to use the new [user_migration app
 
 # Synchronising with clients after migration
 #### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
-By default the Nextcloud server is considered the authorative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
+By default the Nextcloud server is considered the authoritative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
 
 If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint` command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
 

From b9ee292f8a198bfea018188f535bd41632978961 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 03:14:20 +0100
Subject: [PATCH 1674/3949] Fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/libretranslate/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md
index 9ee6e9b1..c5014dca 100644
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -1,4 +1,4 @@
-## Local AI
+## LibreTranslate
 This container bundles LibreTranslate and auto-configures it for you.
 
 ### Notes

From 2d3b35ed3d04d4e6b2f4fa29ad5d7df93ec27b09 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 08:37:10 +0100
Subject: [PATCH 1675/3949] local-ai - fix path to generated images

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index f5c2de33..174fad3e 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -20,7 +20,7 @@
                 },
                 {
                     "source": "nextcloud_aio_localai_images",
-                    "destination": "/images",
+                    "destination": "/tmp/generated/images/",
                     "writeable": true
                 },
                 {

From 1937fde61deff405f47d9b92b740a3fde0e571d2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 26 Oct 2023 12:09:57 +0200
Subject: [PATCH 1676/3949] add AIO_DATABASE_HOST

Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d9942fbe..b4a092c9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -403,6 +403,9 @@ class DockerActionManager
                     } else {
                         $replacements[1] = '';
                     }
+                // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+                } elseif ($out[1] === 'AIO_DATABASE_HOST') {
+                    $replacements[1] = gethostbyname('nextcloud-aio-database');
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {

From b36f71ff748ed33d25d09698304f5905eed992f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 10:44:09 +0100
Subject: [PATCH 1677/3949] also enable integration apps after installing them

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/libretranslate/libretranslate.json | 1 +
 community-containers/local-ai/local-ai.json             | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json
index c0a878c5..80312a9a 100644
--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -25,6 +25,7 @@
             ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install integration_libretranslate",
+                "php /var/www/html/occ app:enable integration_libretranslate",
                 "php /var/www/html/occ config:app:set integration_libretranslate host --value='http://nextcloud-aio-libretranslate'",
                 "php /var/www/html/occ config:app:set integration_libretranslate port --value='5000'"
             ]
diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 174fad3e..dd69ebbe 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -35,8 +35,10 @@
                 "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
                 "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
                 "php /var/www/html/occ app:install integration_openai",
+                "php /var/www/html/occ app:enable integration_openai",
                 "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
-                "php /var/www/html/occ app:install assistant"
+                "php /var/www/html/occ app:install assistant",
+                "php /var/www/html/occ app:enable assistant"
             ]
         }
     ]

From 9168bdaad5e41efe8c8f5ed33bfba129ae1f6f99 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 08:50:07 +0100
Subject: [PATCH 1678/3949] adjust name in postgres container as well

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 8d5f7b05..63fd43cf 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -31,7 +31,7 @@ fi
 if [ -f "$DUMP_DIR/initialization.failed" ]; then
     echo "The database initialization failed. Most likely was a wrong timezone selected."
     echo "The selected timezone is '$TZ'." 
-    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "Please check if it is in the 'TZ identifier' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
     echo "For further clues on what went wrong, look at the logs above."
     echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
     exit 1

From 54c806c96022b570d0534adb7d75c8f3e13a2d64 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 10:53:11 +0100
Subject: [PATCH 1679/3949] update plex readme to use a better link

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/plex/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index 13bc5e5d..d8268395 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -5,7 +5,7 @@ This container bundles Plex and auto-configures it for you.
 - This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
-- After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
+- After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account
 - The data of Plex will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 918afa1a94b32ce298f37252da626f01a4918f15 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 30 Oct 2023 10:57:59 +0100
Subject: [PATCH 1680/3949] allow to back up empty additional volumes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d10486bf..41394ad6 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -72,10 +72,10 @@ if [ "$BORG_MODE" = backup ]; then
         exit 1
     fi
 
-    # Test that nothing is empty
-    for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
-            echo "$directory is empty which is not allowed."
+    # Test that default volumes are not empty
+    for volume in "${DEFAULT_VOLUMES[@]}"; do
+        if [ -z "$(ls -A "/nextcloud_aio_volumes/$volume")" ] && [ "$volume" != "nextcloud_aio_elasticsearch" ]; then
+            echo "/nextcloud_aio_volumes/$volume is empty which should not happen!"
             exit 1
         fi
     done

From a68717847fbda7d7f9856a805a6d90553f6a2060 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:03:47 +0000
Subject: [PATCH 1681/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk/server.conf.in | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index b071b9f6..2a44a9a7 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -86,9 +86,10 @@ internalsecret = the-shared-secret-for-internal-clients
 # only be used while running the benchmark client against the server.
 allowall = false
 
-# Common shared secret for requests from and to the backend servers if
-# "allowall" is enabled. This must be the same value as configured in the
-# Nextcloud admin ui.
+# Common shared secret for requests from and to the backend servers. Used if
+# "allowall" is enabled or as fallback for individual backends that don't have
+# their own secret set.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret-for-allowall
 
 # Timeout in seconds for requests to the backend.
@@ -109,8 +110,9 @@ connectionsperhost = 8
 # URL of the Nextcloud instance
 #url = https://cloud.domain.invalid
 
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
+# Shared secret for requests from and to the backend servers. Leave empty to use
+# the common shared secret from above.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret
 
 # Limit the number of sessions that are allowed to connect to this backend.
@@ -129,8 +131,9 @@ connectionsperhost = 8
 # URL of the Nextcloud instance
 #url = https://cloud.otherdomain.invalid
 
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
+# Shared secret for requests from and to the backend servers. Leave empty to use
+# the common shared secret from above.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret
 
 [nats]

From 67fab3111bee28240ebf7a5aeb75f7c9c1523392 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:08:29 +0000
Subject: [PATCH 1682/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index abd57866..afeb6630 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.0
+version: 7.5.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7d1648d1..30641ff1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231027_071516-latest
+          image: nextcloud/aio-apache:20231030_072910-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b591d617..3497872c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231027_071516-latest
+          image: nextcloud/aio-clamav:20231030_072910-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 65ba4eb0..a2d19c31 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231027_071516-latest
+          image: nextcloud/aio-collabora:20231030_072910-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 36e1eb05..f0d46c75 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231027_071516-latest
+          image: nextcloud/aio-postgresql:20231030_072910-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index cffce9df..ada019ac 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231027_071516-latest
+          image: nextcloud/aio-fulltextsearch:20231030_072910-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index f6cc9642..359f07a2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231027_071516-latest
+          image: nextcloud/aio-imaginary:20231030_072910-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index bb70a3ee..9da48dce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -123,7 +123,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231027_071516-latest
+          image: nextcloud/aio-nextcloud:20231030_072910-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 012d4147..7054b836 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231027_071516-latest
+          image: nextcloud/aio-notify-push:20231030_072910-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 4c63dba3..d626277a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231027_071516-latest
+          image: nextcloud/aio-onlyoffice:20231030_072910-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 567ee20f..74fc0b3a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231027_071516-latest
+          image: nextcloud/aio-redis:20231030_072910-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 14a6bf83..b7a4db14 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231027_071516-latest
+          image: nextcloud/aio-talk:20231030_072910-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 0e12aa90..9bf04782 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231027_071516-latest
+          image: nextcloud/aio-talk-recording:20231030_072910-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 7dd3622fd3fcae01230ffd1dfa405e14b0ae14c8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:11:09 +0000
Subject: [PATCH 1683/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.1.3 to 1.2.0.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 59178e71..87685e18 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.10.3-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.0 as signaling
 FROM alpine:3.18.4 as janus
 
 ARG JANUS_VERSION=v0.14.0

From 59d6a319d10e18aaa5f1bd9f5e0068c10c6c446d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:11:25 +0000
Subject: [PATCH 1684/3949] Bump nats from 2.10.3-scratch to 2.10.4-scratch in
 /Containers/talk

Bumps nats from 2.10.3-scratch to 2.10.4-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 59178e71..d67d6629 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.3-scratch as nats
+FROM nats:2.10.4-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
 FROM alpine:3.18.4 as janus

From 0cf0215d23548b82fcbe92b8258ec653e63c2399 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:12:04 +0000
Subject: [PATCH 1685/3949] Bump docker from 24.0.6-cli to 24.0.7-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.6-cli to 24.0.7-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8d3909fa..eaee52a6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.6-cli as docker
+FROM docker:24.0.7-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.5-alpine as caddy

From 7466fb0e5814f3a5c1bf99a8d330e7a3e997a9fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:12:11 +0000
Subject: [PATCH 1686/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.11-fpm-alpine3.18 to 8.2.12-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8d3909fa..208335ee 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.6-cli as docker
 FROM caddy:2.7.5-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.11-fpm-alpine3.18
+FROM php:8.2.12-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From aec7df53c42c8f4d1f8309c9ae81afd90615f23a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:20:03 +0000
Subject: [PATCH 1687/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.5.2.1 to 23.05.5.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e15c139e..d9b047f4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.2.1
+FROM collabora/code:23.05.5.3.1
 
 USER root
 

From f585cc650f7b399fd178741b6cef5ff3a7715b7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:40:58 +0000
Subject: [PATCH 1688/3949] Bump clamav/clamav from 1.2.1-11 to 1.2.1-12 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-11 to 1.2.1-12.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index ca427a5f..24737404 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-11
+FROM clamav/clamav:1.2.1-12
 
 COPY clamav.conf /tmp/clamav.conf
 

From e548e4861fd65f8f86d1d0f16d8694174f860ede Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 12:51:31 +0000
Subject: [PATCH 1689/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.24-fpm-alpine3.18 to 8.1.25-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 29829ad9..599a8ff9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.24-fpm-alpine3.18
+FROM php:8.1.25-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 7ffe4fbd5f0516faa3c11657d14fc9524fc54d88 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Mon, 30 Oct 2023 06:52:07 -0700
Subject: [PATCH 1690/3949] Update migration.md, add links about
 synchronization

Make it more obvious about the added note on synchronizing after migration

Signed-off-by: Lance <Gero3977@gmail.com>
---
 migration.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/migration.md b/migration.md
index 382ec916..1574381c 100644
--- a/migration.md
+++ b/migration.md
@@ -18,6 +18,7 @@ The procedure for migrating only the files works like this:
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
+1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 
 ## Migrate the files and the database
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
@@ -84,9 +85,13 @@ The procedure for migrating the files and the database works like this:
 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.
 
+If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
+
 ## Use the user_migration app
 A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
 
+If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
+
 # Synchronising with clients after migration
 #### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
 By default the Nextcloud server is considered the authoritative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.

From ee86a9dd72efb6ed8f2882779fdb7b0207089126 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 12:44:01 +0000
Subject: [PATCH 1691/3949] Bump helm/chart-testing-action from 2.4.0 to 2.5.0

Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/helm/chart-testing-action/releases)
- [Commits](https://github.com/helm/chart-testing-action/compare/v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: helm/chart-testing-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 525e84f6..79eddbc6 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -21,7 +21,7 @@ jobs:
           version: v3.11.1
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.5.0
 
       - name: Run chart-testing (lint)
         id: lint

From fe00d1dac81fc4a5083037328142c76ccb230ece Mon Sep 17 00:00:00 2001
From: xis <xis@schowek.net>
Date: Tue, 31 Oct 2023 18:25:34 +0100
Subject: [PATCH 1692/3949] Nextcloud-DLNA community container (#3614)

---
 community-containers/dlna/dlna.json | 39 +++++++++++++++++++++++++++++
 community-containers/dlna/readme.md | 15 +++++++++++
 2 files changed, 54 insertions(+)
 create mode 100755 community-containers/dlna/dlna.json
 create mode 100755 community-containers/dlna/readme.md

diff --git a/community-containers/dlna/dlna.json b/community-containers/dlna/dlna.json
new file mode 100755
index 00000000..ac37e4ec
--- /dev/null
+++ b/community-containers/dlna/dlna.json
@@ -0,0 +1,39 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-dlna",
+            "display_name": "DLNA",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/dlna",
+            "image": "thanek/nextcloud-dlna",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "depends_on": [
+                "nextcloud-aio-database"
+            ],
+            "environment": [
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "NC_PORT=443",
+                "NEXTCLOUD_DLNA_SERVER_PORT=9999",
+                "NEXTCLOUD_DLNA_FRIENDLY_NAME=nextcloud-aio",
+                "NEXTCLOUD_DATA_DIR=/data",
+                "NEXTCLOUD_DB_TYPE=postgres",
+                "NEXTCLOUD_DB_HOST=%AIO_DATABASE_HOST%",
+                "NEXTCLOUD_DB_PORT=5432",
+                "NEXTCLOUD_DB_NAME=nextcloud_database",
+                "NEXTCLOUD_DB_USER=oc_nextcloud",
+                "NEXTCLOUD_DB_PASS=%DATABASE_PASSWORD%"
+            ],
+            "secrets": [
+                "DATABASE_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/data",
+                    "writeable": false
+                }
+            ]
+        }
+    ]
+}
diff --git a/community-containers/dlna/readme.md b/community-containers/dlna/readme.md
new file mode 100755
index 00000000..7a041b5e
--- /dev/null
+++ b/community-containers/dlna/readme.md
@@ -0,0 +1,15 @@
+## DLNA server
+This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
+
+### Notes
+- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
+- This is not working with Docker Desktop since it requires the `host` networking mode in docker, and it doesn't really share the host's network interfaces in this system
+- If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/thanek/nextcloud-dlna
+
+### Maintainer
+https://github.com/thanek
+

From e6b6ec4cfd0a959697aa369bb9679ebc696b3ad5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Nov 2023 10:49:17 +0100
Subject: [PATCH 1693/3949] update screenshot for npm conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 957c3fa8..bd2803da 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -383,7 +383,7 @@ Second, see these screenshots for a working config:
 
 ![grafik](https://user-images.githubusercontent.com/75573284/213889724-1ab32264-3e0c-4d83-b067-9fe9d1672fb2.png)
 
-![grafik](https://user-images.githubusercontent.com/75573284/213889797-42642302-b079-4378-a4a6-079f4f67058c.png)
+![grafik](https://github.com/nextcloud/all-in-one/assets/24786786/fecbb5ef-d2f4-4e0f-bc4b-82207e2c2809)
 
 ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png)
 

From 6133e82c14123dcc2bff22c56216b767abe1af5b Mon Sep 17 00:00:00 2001
From: Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
Date: Wed, 1 Nov 2023 12:08:29 +0100
Subject: [PATCH 1694/3949] Update reverse-proxy.md typo

Just a very little typo that confused me while I was reading documentation yesterday. I assume this was what the title wanted to convey?

Signed-off-by: Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index bd2803da..3005f757 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -8,7 +8,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
-1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
+1. **Use this document provided startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)

From e4c685c0e7233fb019d2a2b5f7d7c604f914e5f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Nov 2023 12:31:35 +0000
Subject: [PATCH 1695/3949] Bump helm/chart-testing-action from 2.5.0 to 2.6.0

Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/helm/chart-testing-action/releases)
- [Commits](https://github.com/helm/chart-testing-action/compare/v2.5.0...v2.6.0)

---
updated-dependencies:
- dependency-name: helm/chart-testing-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 79eddbc6..f719626e 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -21,7 +21,7 @@ jobs:
           version: v3.11.1
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.5.0
+        uses: helm/chart-testing-action@v2.6.0
 
       - name: Run chart-testing (lint)
         id: lint

From 7060cba6c9a99d4b703674526a50d2e885a457bb Mon Sep 17 00:00:00 2001
From: Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
Date: Wed, 1 Nov 2023 16:12:39 +0100
Subject: [PATCH 1696/3949] rewording reverse-proxy.md

following up on further discussion with szaimen and Zoey2936 on PR#3656

Signed-off-by: Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 3005f757..3873ab9a 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -8,7 +8,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
-1. **Use this document provided startup command! See [point 2](#2-use-this-startup-command)**
+1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)

From c85bacc940b1efda905e760863bfe81e0668155f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 1 Nov 2023 18:05:11 +0100
Subject: [PATCH 1697/3949] change php-max-children calculation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7cca6a01..024ec1d3 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -33,8 +33,13 @@ REDIS_CONF
 echo "Setting php max children..."
 MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
 PHP_MAX_CHILDREN=$((MEMORY/50))
+# 100 is the default, we do not want to go lower than this
+if [ "$PHP_MAX_CHILDREN" -lt 100 ]; then
+    PHP_MAX_CHILDREN=100
+fi
 if [ -n "$PHP_MAX_CHILDREN" ]; then
     sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "s/^;pm.process_idle_timeout =.*/pm.process_idle_timeout = 3s/" /usr/local/etc/php-fpm.d/www.conf
 fi
 
 # Check permissions in ncdata

From 59421d51d25ceaf8f0c166c1dc584baaeb6e31dd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Nov 2023 13:53:58 +0100
Subject: [PATCH 1698/3949] increase to 7.6.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4af3da6c..20040929 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.5.1</h1>
+        <h1>Nextcloud AIO v7.6.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 4b6720436d49d0f38b64fddf05e2058b6732d668 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 2 Nov 2023 13:14:58 +0000
Subject: [PATCH 1699/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index e1d70ce4..3d35fb53 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -556,16 +556,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.5",
+            "version": "7.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c"
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
-                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8097948a89f6ec782839b3e958432f427cac37fd",
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd",
                 "shasum": ""
             },
             "require": {
@@ -613,7 +613,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.5"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.6"
             },
             "funding": [
                 {
@@ -625,7 +625,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-10T14:57:56+00:00"
+            "time": "2023-11-02T10:04:50+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 112c9ad58315486a7313f0d17b0a4555ce82b358 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 2 Nov 2023 20:19:55 +0100
Subject: [PATCH 1700/3949] fix some values

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  8 ++++----
 Containers/nextcloud/entrypoint.sh | 12 ------------
 Containers/postgresql/start.sh     | 24 +++++++++++-------------
 3 files changed, 15 insertions(+), 29 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 599a8ff9..e8bfbd2a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -195,10 +195,10 @@ RUN set -ex; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+# Sync this with max db connections
+# We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
+# Also children will usually be terminated again after the process is done due to the ondemand setting
+    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
     \
     rm -rf /tmp/nextcloud-aio && \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 024ec1d3..6fbb9283 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -30,18 +30,6 @@ redis.session.lock_retries = -1
 redis.session.lock_wait_time = 10000
 REDIS_CONF
 
-echo "Setting php max children..."
-MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-PHP_MAX_CHILDREN=$((MEMORY/50))
-# 100 is the default, we do not want to go lower than this
-if [ "$PHP_MAX_CHILDREN" -lt 100 ]; then
-    PHP_MAX_CHILDREN=100
-fi
-if [ -n "$PHP_MAX_CHILDREN" ]; then
-    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "s/^;pm.process_idle_timeout =.*/pm.process_idle_timeout = 3s/" /usr/local/etc/php-fpm.d/www.conf
-fi
-
 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index af228efe..33c851fd 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -148,24 +148,22 @@ fi
 
 # Modify postgresql.conf
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
-    echo "Setting max connections..."
-    MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-    MAX_CONNECTIONS=$((MEMORY/50+3))
-    if [ -n "$MAX_CONNECTIONS" ]; then
-        # 100 is the default, we do not want to go lower than this
-        if [ "$MAX_CONNECTIONS" -lt 100 ]; then
-            MAX_CONNECTIONS=100
-        fi
-        sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
-    fi
+    echo "Setting postgres values..."
+
+    # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
+    # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
+    # Also connections should usually be closed again after the process is done
+    # If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
+    sed -i "s|^max_connections =.*|max_connections = 5000|" "/var/lib/postgresql/data/postgresql.conf"
 
     # Do not log checkpoints
     if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
     fi
-    # Close idling connections automatically after 3s which does not seem to happen automatically so that we run into max_connections limits
-    if grep -q "#idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
-        sed -i 's|#idle_session_timeout.*|idle_session_timeout = 3000|' /var/lib/postgresql/data/postgresql.conf
+
+    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
+    if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
+        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
     fi
 fi
 

From d13c88c1767e8edd3a0a04e9e0faba8398f8cbf9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 3 Nov 2023 10:23:53 +0100
Subject: [PATCH 1701/3949] increase to 7.6.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 20040929..688d4d5f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.6.0</h1>
+        <h1>Nextcloud AIO v7.6.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f2a79f6346bf9c30475e83167e866f77bd7aa6a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Nov 2023 12:24:39 +0000
Subject: [PATCH 1702/3949] Bump elasticsearch from 8.10.2 to 8.10.4 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.10.2 to 8.10.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7ef653c4..c2baed94 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.2
+FROM elasticsearch:8.10.4
 
 USER root
 

From 4bca0fec3220cab418ba8cdfa1ee65b5700c2b36 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Nov 2023 13:04:33 +0000
Subject: [PATCH 1703/3949] Bump helm/chart-testing-action from 2.6.0 to 2.6.1

Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/helm/chart-testing-action/releases)
- [Commits](https://github.com/helm/chart-testing-action/compare/v2.6.0...v2.6.1)

---
updated-dependencies:
- dependency-name: helm/chart-testing-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index f719626e..26ab66f8 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -21,7 +21,7 @@ jobs:
           version: v3.11.1
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (lint)
         id: lint

From 94edf5f6717bb5a6ebec8ab15b97c8191cf52182 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Nov 2023 19:42:40 +0100
Subject: [PATCH 1704/3949] update some details in the RP docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 3873ab9a..0fc53374 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -25,12 +25,12 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
 
 **Running the Reverse Proxy in a Docker container on the same server**<br>
-For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
 Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
 
 **Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
 For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
+If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
 
 ### Apache
 

From bdb4a8cfed6a82450f3a5e2c0d997594daa86a94 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Nov 2023 20:06:09 +0100
Subject: [PATCH 1705/3949] do not start container if it is started already

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8f29949b..f7e1454e 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -33,12 +33,21 @@ class DockerController
             $this->PerformRecursiveContainerStart($dependency, $pullContainer);
         }
 
+        // Don't start if container is already running
+        // This is expected to happen if a container is defined in depends_on of multiple containers
+        if ($container->GetRunningState() instanceof RunningState) {
+            error_log('Not starting ' . $id . ' because it was already started.');
+            return;
+        }
+
+        // Skip database image pull if the last shutdown was not clean
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
                 $pullContainer = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
+
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
         if ($pullContainer) {

From 4614364f20fb520bc408776f8016621bd1165f3e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Nov 2023 20:16:20 +0100
Subject: [PATCH 1706/3949] pi-hole does not like init

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/pi-hole/pi-hole.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json
index 816ac692..da07fb8c 100644
--- a/community-containers/pi-hole/pi-hole.json
+++ b/community-containers/pi-hole/pi-hole.json
@@ -8,6 +8,7 @@
             "image_tag": "latest",
             "internal_port": "8573",
             "restart": "unless-stopped",
+            "init": false,
             "ports": [
                 {
                   "ip_binding": "",

From e272f26f6f1c56a622cd708030769320693b04cb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Nov 2023 20:26:25 +0100
Subject: [PATCH 1707/3949] community containers - add docs how to remove
 containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 39a50323..665594bf 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -16,3 +16,8 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 
 ### Is there a list of ideas for new community containers?
 Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
+
+## How to remove containers?
+First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
+
+After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).

From 1f9055063a8992ef866583bb317a2401e45f9c61 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 5 Nov 2023 20:30:23 +0100
Subject: [PATCH 1708/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 665594bf..d0328ef4 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -17,7 +17,9 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 ### Is there a list of ideas for new community containers?
 Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
-## How to remove containers?
+## How to remove containers from AIOs stack?
+In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
+
 First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
 
 After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).

From 717de9090dcef6573de9994e03af241f3dc60f80 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Nov 2023 12:46:23 +0000
Subject: [PATCH 1709/3949] Bump clamav/clamav from 1.2.1-12 to 1.2.1-14 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-12 to 1.2.1-14.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 24737404..4c20c9e1 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-12
+FROM clamav/clamav:1.2.1-14
 
 COPY clamav.conf /tmp/clamav.conf
 

From e875c8eba36cedf2f0521b9ec9c7bd7a8ee32194 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Nov 2023 13:05:14 +0000
Subject: [PATCH 1710/3949] Bump redis from 7.2.2-alpine to 7.2.3-alpine in
 /Containers/redis

Bumps redis from 7.2.2-alpine to 7.2.3-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index b2b12fb9..44f932bf 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.2-alpine
+FROM redis:7.2.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From ce84eb7bfe0bae32ee12585d1c05099348ba7acc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 14:16:54 +0100
Subject: [PATCH 1711/3949] fix dig inside kubernetes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh              |  2 +-
 Containers/docker-socket-proxy/start.sh |  4 ++--
 Containers/nextcloud/entrypoint.sh      |  4 ++--
 Containers/nextcloud/start.sh           | 10 +++++-----
 Containers/talk/start.sh                |  4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 6cfb8d35..06adb882 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -18,7 +18,7 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
 done
 
 # Get ipv4-address of Apache
-IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short | head -1)"
+IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
 IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
diff --git a/Containers/docker-socket-proxy/start.sh b/Containers/docker-socket-proxy/start.sh
index 6cdb8349..657c914e 100644
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -7,11 +7,11 @@ while ! nc -z "$NEXTCLOUD_HOST" 9001; do
 done
 
 set -x
-IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
-IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 if [ -n "$IPv6_ADDRESS_NC" ]; then
     HAPROXYFILE="$(sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|" /tmp/haproxy.cfg)"
 else
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 6fbb9283..534ccada 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -520,8 +520,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
     COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
     if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 47426a89..914673e0 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -131,17 +131,17 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
+while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
     echo "Waiting for nextcloud-aio-apache to start..."
     sleep 5
 done
 
 set -x
 if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 
     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 01287157..1e7bafbd 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,8 +19,8 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
 # Turn

From c99284a7c02132901a5c205e27aa0798ebbdef13 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 14:21:56 +0100
Subject: [PATCH 1712/3949] create helm-dev release

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index afeb6630..9abe423f 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.1
+version: 7.5.2-dev
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 30641ff1..4276e9f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231030_072910-latest
+          image: nextcloud/aio-apache:develop
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 3497872c..32a9b15a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231030_072910-latest
+          image: nextcloud/aio-clamav:develop
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index a2d19c31..ce36ce26 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231030_072910-latest
+          image: nextcloud/aio-collabora:develop
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f0d46c75..34722186 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231030_072910-latest
+          image: nextcloud/aio-postgresql:develop
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ada019ac..dd01bbff 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231030_072910-latest
+          image: nextcloud/aio-fulltextsearch:develop
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 359f07a2..31b613a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231030_072910-latest
+          image: nextcloud/aio-imaginary:develop
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 9da48dce..e5612ad2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -123,7 +123,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231030_072910-latest
+          image: nextcloud/aio-nextcloud:develop
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 7054b836..31d4d24e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231030_072910-latest
+          image: nextcloud/aio-notify-push:develop
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d626277a..d67380d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231030_072910-latest
+          image: nextcloud/aio-onlyoffice:develop
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 74fc0b3a..4f8f3c90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231030_072910-latest
+          image: nextcloud/aio-redis:develop
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b7a4db14..4dd14319 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231030_072910-latest
+          image: nextcloud/aio-talk:develop
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 9bf04782..41a2889a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231030_072910-latest
+          image: nextcloud/aio-talk-recording:develop
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 7968fab485744a76814f19238de4bb63c559228c Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Mon, 6 Nov 2023 15:17:41 +0100
Subject: [PATCH 1713/3949] fix: request shared RWX nextcloud volume

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml          | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                         | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index 51013bd1..320d719f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -10,7 +10,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   resources:
     requests:
       storage: {{ .Values.NEXTCLOUD_STORAGE_SIZE }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 8d19fa16..df65eba7 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -131,6 +131,7 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{}
 find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
+sed -i "s|ReadWriteOnce|ReadWriteMany|" nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
 # shellcheck disable=SC1083

From b8c70b73ca320c18a02cfc683e80dfcf4b07abce Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 16:00:49 +0100
Subject: [PATCH 1714/3949] change defaults of NEXTCLOUD*STORAGE_SIZE

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 8d19fa16..8bfd9878 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -219,6 +219,8 @@ echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
+sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"

From ce079d1e0dc78c21f7ab27338b1c987ae77fe37e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 15:55:51 +0100
Subject: [PATCH 1715/3949] disaable limiting the listen.allowed clients again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 914673e0..625462cd 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -136,19 +136,19 @@ while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
     sleep 5
 done
 
-set -x
-if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+# set -x
+# if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
+#     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+#     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+#     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+#     IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 
-    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
-fi
-set +x
+#     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+#     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+#     sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+#     sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+#     grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+# fi
+# set +x
 
 exec "$@"

From 9c3dedfebc009e77551081a04c5a2d5652b5edf4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 16:05:47 +0100
Subject: [PATCH 1716/3949] create new version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9abe423f..53b47e3a 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev
+version: 7.5.2-dev2
 apiVersion: v2
 keywords:
   - latest

From 7f3fbbde0d1e2cd89da14436dc0c905810275fe0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 16:08:10 +0100
Subject: [PATCH 1717/3949] update values for default storage size

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml  | 2 +-
 nextcloud-aio-helm-chart/values.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 53b47e3a..a0fd7f9c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev2
+version: 7.5.2-dev3
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index ba444a8d..38598c33 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -41,8 +41,8 @@ CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume th
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
 DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
-NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
-NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
+NEXTCLOUD_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
+NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value

From b5e07bae904ba6261811d39c9c7b82f64d23ffe0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 20:17:21 +0100
Subject: [PATCH 1718/3949] comment some more details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 625462cd..96b82c7e 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -131,18 +131,20 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-    echo "Waiting for nextcloud-aio-apache to start..."
-    sleep 5
-done
-
+# The below was disabled again because it fails on some deployment methods, e.g. on kubernetes
+# There is apparently no way to make this work reliably automatically
+# while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
+#     echo "Waiting for nextcloud-aio-apache to start..."
+#     sleep 5
+# done
+#
 # set -x
 # if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
 #     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 #     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 #     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 #     IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-
+#
 #     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
 #     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
 #     sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf

From e133814052bea0a9de12148c7002f2a38d3d29f2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 20:20:27 +0100
Subject: [PATCH 1719/3949] increase to 7.6.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 688d4d5f..60de7441 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.6.1</h1>
+        <h1>Nextcloud AIO v7.6.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 3ea6a956e42bb5e4318762be8d77ba99aa5bd6ce Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 6 Nov 2023 21:47:31 +0100
Subject: [PATCH 1720/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 65005f04..e5a7bd93 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -131,7 +131,8 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{}
 find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
-sed -i "s|ReadWriteOnce|ReadWriteMany|" nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+# shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|"  \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
 # shellcheck disable=SC1083

From 1e8250af93522d9290c7bb116ecbc134862e3c2d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 11:03:50 +0100
Subject: [PATCH 1721/3949] change externaltrafficpolicy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-service.yaml                  | 1 +
 .../templates/nextcloud-aio-talk-service.yaml                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 1ccd4125..a3b64e40 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -10,6 +10,7 @@ metadata:
   namespace: {{ .Values.NAMESPACE }}
 spec:
   type: LoadBalancer
+  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index f351c201..66a63499 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -12,6 +12,7 @@ metadata:
   namespace: {{ .Values.NAMESPACE }}
 spec:
   type: LoadBalancer
+  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}

From fbc98857133dfbdf0688bc11054b86bbd1a3eb04 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 11:14:25 +0100
Subject: [PATCH 1722/3949] also adjust script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index e5a7bd93..0e756390 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -149,6 +149,8 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 echo '---' > /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy

From 17c413039dc6be4ce1e20e9864c8652b05b799b5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 11:17:24 +0100
Subject: [PATCH 1723/3949] adjust version number

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a0fd7f9c..bd8a0da8 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev3
+version: 7.5.2-dev4
 apiVersion: v2
 keywords:
   - latest

From aa98c93806ad86e8463c6177cb3df7e3d9111682 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Nov 2023 12:30:27 +0000
Subject: [PATCH 1724/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.3-alpine3.18 to 1.21.4-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 073795c1..f63e88df 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.3-alpine3.18 as go
+FROM golang:1.21.4-alpine3.18 as go
 
 ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
 

From 2e596a921a953871eef75faeb0b711c4d0c06473 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Nov 2023 12:46:31 +0000
Subject: [PATCH 1725/3949] Bump elasticsearch from 8.10.4 to 8.11.0 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.10.4 to 8.11.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index c2baed94..622ae2bf 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.4
+FROM elasticsearch:8.11.0
 
 USER root
 

From 30f5e27889b7b452dc3521d1dc924c1dfbeb596d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 14:52:49 +0100
Subject: [PATCH 1726/3949] fix getting ip-address

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 3 ++-
 Containers/talk/start.sh   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5dcbba5e..df5315c7 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -65,7 +65,8 @@ RUN set -ex; \
         libusrsctp \
         libwebsockets \
         \
-        shadow; \
+        shadow \
+        grep; \
     useradd --system -u 1000 eturnal; \
     apk del --no-cache \
         shadow; \
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 1e7bafbd..43bfd0ca 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,7 +19,7 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv4_ADDRESS_TALK="$(hostname -i | grep -oP '[0-9]+\.[0-9]+.[0-9]+\.[0-9]+' | head -1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 

From 5808898b38386f52b88c815e06b7898ea84d0531 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 15:17:03 +0100
Subject: [PATCH 1727/3949] address review and fix another detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 43bfd0ca..fb720233 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,10 +19,15 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(hostname -i | grep -oP '[0-9]+\.[0-9]+.[0-9]+\.[0-9]+' | head -1)"
+IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]\+.[0-9]+\.[0-9]+' | head -1)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
+if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
+    IPv4_ADDRESS_TALK=""
+fi
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
@@ -36,13 +41,14 @@ eturnal:
   log_dir: stdout
   log_level: warning
   secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
   blacklist_peers:
   - recommended
   whitelist_peers:
   - 127.0.0.1
   - ::1
+  - "$IPv4_ADDRESS_TALK_RELAY"
   - "$IPv4_ADDRESS_TALK"
   - "$IPv6_ADDRESS_TALK"
 TURN_CONF

From c7a6fbba33b02465c7c4bc37283d7599b0d9c9ff Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 15:29:00 +0100
Subject: [PATCH 1728/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index fb720233..d40e5ee5 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,7 +19,7 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]\+.[0-9]+\.[0-9]+' | head -1)"
+IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x

From 04e5c5e592e3355cf38c7d0f4aee2c76b469e61a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 8 Nov 2023 17:02:15 +0100
Subject: [PATCH 1729/3949] make sure that notify-push is executable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index d730c7fd..dcc5100b 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -46,6 +46,10 @@ fi
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
+# Make the binary executable if possible
+ls -l /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push
+chmod +x /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push
+
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --database-prefix="oc_" \

From 9705ada11227245af0e75aa4b50d9486faab7a18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Nov 2023 12:28:20 +0000
Subject: [PATCH 1730/3949] Bump nats from 2.10.4-scratch to 2.10.5-scratch in
 /Containers/talk

Bumps nats from 2.10.4-scratch to 2.10.5-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index df5315c7..17e73546 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.4-scratch as nats
+FROM nats:2.10.5-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.0 as signaling
 FROM alpine:3.18.4 as janus

From 2f4b4cde66012b4d2246a6d6c561ea77a0318ea8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 12 Nov 2023 12:02:15 +0000
Subject: [PATCH 1731/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 6bda1123..92b7f1a8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -42,7 +42,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \

From f6e35dd5e6c6ff67e521b66de6c0f25068057598 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Sun, 12 Nov 2023 12:07:22 +0000
Subject: [PATCH 1732/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e8bfbd2a..4d70d764 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -68,7 +68,7 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     pecl install memcached-3.2.0; \
     pecl install redis-6.0.2; \
     pecl install imagick-3.7.0; \

From 18f2eba949462e817925b4ac39c1b695dd3b3a3b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 12:27:10 +0000
Subject: [PATCH 1733/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.5.3.1 to 23.05.5.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9b047f4..dbe05d16 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.3.1
+FROM collabora/code:23.05.5.4.1
 
 USER root
 

From fe1c145d1aee0bb839103f9a9fe1bb5902ca9333 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 12:36:41 +0000
Subject: [PATCH 1734/3949] Bump clamav/clamav from 1.2.1-14 to 1.2.1-15 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-14 to 1.2.1-15.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 4c20c9e1..622362e4 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-14
+FROM clamav/clamav:1.2.1-15
 
 COPY clamav.conf /tmp/clamav.conf
 

From 9e8c039d8e930cb781a0ea91c474885294f482ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Nov 2023 12:41:10 +0000
Subject: [PATCH 1735/3949] Bump containrrr/watchtower from 1.6.0 to 1.7.1 in
 /Containers/watchtower

Bumps containrrr/watchtower from 1.6.0 to 1.7.1.

---
updated-dependencies:
- dependency-name: containrrr/watchtower
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 3935893f..b9b87625 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.6.0 as watchtower
+FROM containrrr/watchtower:1.7.1 as watchtower
 
 FROM alpine:3.18.4
 

From 4ef284844293fadb03ab3515ffc36c737785846c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 14:01:33 +0100
Subject: [PATCH 1736/3949] try to fix helm update script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 0e756390..ccb87bc7 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -149,13 +149,13 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
-# shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 echo '---' > /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
 sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+# shellcheck disable=SC1083
 INTERNAL_TALK_PORTS="$(find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{} \;)"
 mapfile -t INTERNAL_TALK_PORTS <<< "$INTERNAL_TALK_PORTS"
 for port in "${INTERNAL_TALK_PORTS[@]}"; do

From bb1bfd2703fa5e35447dc1319e4d45e3a7ae8c84 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 14:05:23 +0100
Subject: [PATCH 1737/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 66a2706b..a016b46c 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.5.0.1
+FROM onlyoffice/documentserver:7.5.1.1
 
 # USER root is probably used
 

From bf816c0f537d173159feacfba2981d045a7e8c95 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 14:09:36 +0100
Subject: [PATCH 1738/3949] another attempt

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index ccb87bc7..954cf728 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -154,8 +154,6 @@ echo '---' > /tmp/talk-service.copy
 find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
 sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
 # shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
-# shellcheck disable=SC1083
 INTERNAL_TALK_PORTS="$(find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{} \;)"
 mapfile -t INTERNAL_TALK_PORTS <<< "$INTERNAL_TALK_PORTS"
 for port in "${INTERNAL_TALK_PORTS[@]}"; do
@@ -168,6 +166,8 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 

From 9d8f172ac663c72e6314c687ffade46be439e190 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 13 Nov 2023 13:11:17 +0000
Subject: [PATCH 1739/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index bd8a0da8..8c8f67df 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev4
+version: 7.6.2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4276e9f7..cf49071c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:develop
+          image: nextcloud/aio-apache:20231113_125854-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 32a9b15a..83ccd425 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:develop
+          image: nextcloud/aio-clamav:20231113_125854-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ce36ce26..6441e160 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:develop
+          image: nextcloud/aio-collabora:20231113_125854-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 34722186..171586b8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:develop
+          image: nextcloud/aio-postgresql:20231113_125854-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index dd01bbff..50582c50 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:develop
+          image: nextcloud/aio-fulltextsearch:20231113_125854-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 31b613a5..966b8d93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:develop
+          image: nextcloud/aio-imaginary:20231113_125854-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e5612ad2..bd83c1e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -123,7 +123,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:develop
+          image: nextcloud/aio-nextcloud:20231113_125854-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 31d4d24e..4c1da3ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:develop
+          image: nextcloud/aio-notify-push:20231113_125854-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d67380d4..8566be6f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:develop
+          image: nextcloud/aio-onlyoffice:20231113_125854-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4f8f3c90..f734af74 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:develop
+          image: nextcloud/aio-redis:20231113_125854-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 4dd14319..7eadf2f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:develop
+          image: nextcloud/aio-talk:20231113_125854-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 41a2889a..eb14a0b8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:develop
+          image: nextcloud/aio-talk-recording:20231113_125854-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 2abad75461c8d31ad083d3ed1082257cc5d96662 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 14:24:13 +0100
Subject: [PATCH 1740/3949] helm chart - add dualstack functionality

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-service.yaml                 | 1 +
 .../templates/nextcloud-aio-clamav-service.yaml                 | 1 +
 .../templates/nextcloud-aio-collabora-service.yaml              | 1 +
 .../templates/nextcloud-aio-database-service.yaml               | 1 +
 .../templates/nextcloud-aio-fulltextsearch-service.yaml         | 1 +
 .../templates/nextcloud-aio-imaginary-service.yaml              | 1 +
 .../templates/nextcloud-aio-nextcloud-service.yaml              | 1 +
 .../templates/nextcloud-aio-notify-push-service.yaml            | 1 +
 .../templates/nextcloud-aio-onlyoffice-service.yaml             | 1 +
 .../templates/nextcloud-aio-redis-service.yaml                  | 1 +
 .../templates/nextcloud-aio-talk-recording-service.yaml         | 1 +
 .../templates/nextcloud-aio-talk-service.yaml                   | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                         | 2 ++
 13 files changed, 15 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index a3b64e40..47c36b71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-apache
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index ade35504..4683278b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-clamav
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "3310"
       port: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index a1cf6fd4..6307dc4f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-collabora
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9980"
       port: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index adb61d66..e770011b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-database
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "5432"
       port: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index f5ea3428..6e66b639 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-fulltextsearch
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9200"
       port: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index ac51f3d7..182d0460 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-imaginary
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index fba99885..48ca483b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-nextcloud
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index d12943cd..fee9d10b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-notify-push
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "7867"
       port: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 2e005ddc..af10c7cf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-onlyoffice
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "80"
       port: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index f65e7455..508b0c75 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-redis
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "6379"
       port: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 403e2e5a..d307c573 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-talk-recording
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "1234"
       port: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 66a63499..9d87d9ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -11,6 +11,7 @@ metadata:
   name: nextcloud-aio-talk-public
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
@@ -35,6 +36,7 @@ metadata:
   name: nextcloud-aio-talk
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "8081"
       port: 8081
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 954cf728..a5b67a3c 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -168,6 +168,8 @@ find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 

From 40d7c05362a9d53132e7c550ca4b6b40d36b2489 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 15:39:55 +0100
Subject: [PATCH 1741/3949] add JSON_THROW_ON_ERROR to json_encode and
 json_decode in config manager

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index f23cfcda..c72e1641 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -12,7 +12,7 @@ class ConfigurationManager
         if(file_exists(DataConst::GetConfigFile()))
         {
             $configContent = file_get_contents(DataConst::GetConfigFile());
-            return json_decode($configContent, true);
+            return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
         return [];
@@ -514,7 +514,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
         $df = disk_free_space(DataConst::GetDataDirectory());
-        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
+        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
         $size = strlen($content) + 10240;
         if ($df !== false && (int)$df < $size) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");

From 72ecbfec498db2bf15f0e35bd039afd6516fcb8c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 15:53:17 +0100
Subject: [PATCH 1742/3949] re-introduce limiting the php-fpm port to certain
 containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 10 ++++++--
 Containers/nextcloud/start.sh      | 41 +++++++++++++++---------------
 manual-install/update-yaml.sh      |  1 +
 php/containers.json                |  3 ++-
 4 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 534ccada..e7166fac 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -491,8 +491,14 @@ else
 fi
 
 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
+if [ "$THIS_IS_AIO" = "true" ]; then
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable nextcloud-aio
+    fi
+else
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
+        php /var/www/html/occ app:disable nextcloud-aio
+    fi
 fi
 
 # Notify push
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 96b82c7e..1e74ea23 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -131,26 +131,25 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-# The below was disabled again because it fails on some deployment methods, e.g. on kubernetes
-# There is apparently no way to make this work reliably automatically
-# while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-#     echo "Waiting for nextcloud-aio-apache to start..."
-#     sleep 5
-# done
-#
-# set -x
-# if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-#     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#
-#     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-#     grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
-# fi
-# set +x
+while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
+    echo "Waiting for nextcloud-aio-apache to start..."
+    sleep 5
+done
+
+set -x
+# shellcheck disable=SC2235
+if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+
+    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+fi
+set +x
 
 exec "$@"
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index df066696..865c2376 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -32,6 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
+sed -i '/THIS_IS_AIO:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
diff --git a/php/containers.json b/php/containers.json
index c75ffab1..e52c61fa 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -212,7 +212,8 @@
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
-        "APACHE_IP_BINDING=%APACHE_IP_BINDING%"
+        "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "THIS_IS_AIO=true"
       ],
       "restart": "unless-stopped",
       "devices": [

From 2de67a38bdf0e2635679fafe12fb3dbdf917c344 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 20:33:46 +0100
Subject: [PATCH 1743/3949] add hint regarding collabora in rootless mode

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 docker-rootless.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-rootless.md b/docker-rootless.md
index ff32ce7f..f176d517 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -1,5 +1,7 @@
 # Docker rootless
 
+**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
+
 You can run AIO with docker rootless by following the steps below.
 
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)

From 344270b8050857fee31cc602b63824374268f309 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Nov 2023 12:19:41 +0000
Subject: [PATCH 1744/3949] Bump dessant/lock-threads from 4 to 5

Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 4 to 5.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dessant/lock-threads/compare/v4...v5)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lock-threads.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index 56c48ce7..e4e2cc32 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

From eb22484e9e96c7c3b15d9774c1b6d49b45219f99 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Nov 2023 13:01:26 +0000
Subject: [PATCH 1745/3949] Bump postgres from 15.4-alpine to 15.5-alpine in
 /Containers/postgresql

Bumps postgres from 15.4-alpine to 15.5-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index bf9b8d93..420b548f 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.4-alpine
+FROM postgres:15.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7b507e5107eee0fd767ab0ec469cf6b3d4f5827f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 15 Nov 2023 12:02:22 +0000
Subject: [PATCH 1746/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 3d35fb53..7bdff1c6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.2",
+            "version": "v1.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c"
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3dbf8a8e914634c48d389c1234552666b3d43754",
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754",
                 "shasum": ""
             },
             "require": {
@@ -447,7 +447,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-10-17T13:38:16+00:00"
+            "time": "2023-11-08T14:08:06+00:00"
         },
         {
             "name": "nikic/fast-route",

From 0374ec96c4d2057ad0451c9353fc06f0ffc4f3f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Nov 2023 12:25:30 +0000
Subject: [PATCH 1747/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.2.0 to 1.2.1.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 17e73546..f9a61460 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.10.5-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.0 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
 FROM alpine:3.18.4 as janus
 
 ARG JANUS_VERSION=v0.14.0

From cfeb8d872a9a90cd688df7f3593da826bc7bfa5c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 15 Nov 2023 21:04:25 +0100
Subject: [PATCH 1748/3949] log whole error messages

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/index.php                      | 3 +++
 php/src/Cron/StartAndUpdateContainers.php | 3 +++
 php/src/Cron/StartContainers.php          | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/php/public/index.php b/php/public/index.php
index 7397782e..1c997f3b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -7,6 +7,9 @@ ini_set('memory_limit', '2048M');
 // set max execution time to 2h just in case of a very slow internet connection
 ini_set('max_execution_time', '7200');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
diff --git a/php/src/Cron/StartAndUpdateContainers.php b/php/src/Cron/StartAndUpdateContainers.php
index e72ae804..049245af 100644
--- a/php/src/Cron/StartAndUpdateContainers.php
+++ b/php/src/Cron/StartAndUpdateContainers.php
@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';
diff --git a/php/src/Cron/StartContainers.php b/php/src/Cron/StartContainers.php
index 98f9ae8f..366866ad 100644
--- a/php/src/Cron/StartContainers.php
+++ b/php/src/Cron/StartContainers.php
@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';

From db582816d3c21cb82e5675f3adce04e8ac56050d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 13 Nov 2023 18:47:23 +0100
Subject: [PATCH 1749/3949] community containers - add memories

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/memories/memories.json | 33 +++++++++++++++++++++
 community-containers/memories/readme.md     | 12 ++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 community-containers/memories/memories.json
 create mode 100644 community-containers/memories/readme.md

diff --git a/community-containers/memories/memories.json b/community-containers/memories/memories.json
new file mode 100644
index 00000000..ce29a558
--- /dev/null
+++ b/community-containers/memories/memories.json
@@ -0,0 +1,33 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-memories",
+            "display_name": "Memories Transcoder",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories",
+            "image": "radialapps/go-vod",
+            "image_tag": "latest",
+            "internal_port": "47788",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_HOST=https://%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/mnt/ncdata",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install memories",
+                "php /var/www/html/occ app:enable memories",
+                "php /var/www/html/occ config:system:set memories.vod.external --value true --type bool",
+                "php /var/www/html/occ config:system:set memories.vod.connect --value nextcloud-aio-memories:47788"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/memories/readme.md b/community-containers/memories/readme.md
new file mode 100644
index 00000000..bb8e066d
--- /dev/null
+++ b/community-containers/memories/readme.md
@@ -0,0 +1,12 @@
+## Memories
+This container bundles the hardware-transcoding container of memories and auto-configures it for you.
+
+### Notes
+- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/pulsejet/memories
+
+### Maintainer
+https://github.com/pulsejet

From 542a6a0cbe53597d83f87322c18f84e7cfd34666 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 11:43:49 +0100
Subject: [PATCH 1750/3949] get recording server from its repo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/talk.yml               | 16 ++++++++--------
 Containers/talk-recording/Dockerfile     |  7 +++----
 Containers/talk-recording/recording.conf | 16 ++++++++++++++--
 Containers/talk-recording/start.sh       |  6 ++++--
 4 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 1283ffd9..e4bc89c9 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -11,18 +11,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Run talk-update
+    - name: Run talk-container-update
       run: |
-        # Spreed
-        spreed_version="$(
-          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+        # Recording
+        recording_version="$(
+          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
             | cut -d/ -f3 \
             | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | grep -E "^v[0-9]+\.[0-9\.]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling
         signaling_version="$(
@@ -49,7 +49,7 @@ jobs:
       with:
         commit-message: talk-update automated change
         signoff: true
-        title: talk update
+        title: talk container update
         body: Automated talk container update
         labels: dependencies, 3. to review
         milestone: next
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 6d1dbff6..47ee0b27 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,7 +2,7 @@ FROM python:3.12.0-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.1.2
+ENV RECORDING_VERSION v0.1
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
@@ -28,9 +28,8 @@ RUN set -ex; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
-    python3 -m pip install --no-cache-dir /src/recording/src; \
+    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
+    python3 -m pip install --no-cache-dir /src; \
     rm -rf /src; \
     touch /etc/recording.conf; \
     chown recording:recording -R \
diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf
index 46b5be76..99515528 100644
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -96,11 +96,15 @@
 #internalsecret = the-shared-secret-for-internal-clients
 
 [ffmpeg]
-# The options given to FFmpeg to encode the audio output. The options given here
+# The ffmpeg executable (name or full path) and the global options given to
+# ffmpeg. The options given here fully override the default global options.
+#common = ffmpeg -loglevel level+warning -n
+
+# The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus
 
-# The options given to FFmpeg to encode the video output. The options given here
+# The options given to ffmpeg to encode the video output. The options given here
 # fully override the default options for the video output.
 #outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 
@@ -109,3 +113,11 @@
 
 # The extension of the file for audio and video recordings.
 #extensionvideo = .webm
+
+[recording]
+# Browser to use for recordings. Please note that the "chrome" value does not
+# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
+# will use Google Chrome, or Chromium if Google Chrome is not installed.
+# Allowed values: firefox, chrome
+# Defaults to firefox
+# browser = firefox
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 70eebeb5..87550d29 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -26,8 +26,6 @@ listen = 0.0.0.0:1234
 
 [backend]
 allowall = ${ALLOW_ALL}
-# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
-secret = ${RECORDING_SECRET}
 backends = backend-1
 skipverify = ${SKIP_VERIFY}
 maxmessagesize = 1024
@@ -48,10 +46,14 @@ url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]
+# common = ffmpeg -loglevel level+warning -n
 # outputaudio = -c:a libopus
 # outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 extensionaudio = .ogg
 extensionvideo = .webm
+
+[recording]
+browser = firefox
 RECORDING_CONF
 
 exec "$@"

From f1b9d863940c2720cd4b934dd3972fc365d870d4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 16 Nov 2023 12:02:11 +0000
Subject: [PATCH 1751/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7bdff1c6..58006692 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1328,7 +1328,7 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.3.0",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1375,7 +1375,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
             },
             "funding": [
                 {

From ab3ec7fc75ec6ff6ecdc209d75b348d2754dd203 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Nov 2023 12:12:21 +0000
Subject: [PATCH 1752/3949] Bump elasticsearch from 8.11.0 to 8.11.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.11.0 to 8.11.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 622ae2bf..7e0ae167 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.0
+FROM elasticsearch:8.11.1
 
 USER root
 

From a0dd9d6605977a2af63f22e2e87622f72a8dbb57 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 13:58:06 +0100
Subject: [PATCH 1753/3949] helm chart - allow to configure additional values

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php   |  1 +
 Containers/nextcloud/config/smtp.config.php   | 20 +++++++++
 Containers/nextcloud/entrypoint.sh            |  4 ++
 .../nextcloud-aio-nextcloud-deployment.yaml   | 22 ++++++++++
 nextcloud-aio-helm-chart/update-helm.sh       | 44 +++++++++++++++++++
 nextcloud-aio-helm-chart/values.yaml          | 11 +++++
 6 files changed, 102 insertions(+)
 create mode 100644 Containers/nextcloud/config/smtp.config.php

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index 4c37f72a..c68a925a 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -12,4 +12,5 @@ $CONFIG = array (
               'writable' => true,
       ),
   ),
+  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : [],
 );
diff --git a/Containers/nextcloud/config/smtp.config.php b/Containers/nextcloud/config/smtp.config.php
new file mode 100644
index 00000000..40cfdf94
--- /dev/null
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -0,0 +1,20 @@
+<?php
+if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
+  $CONFIG = array (
+    'mail_smtpmode' => 'smtp',
+    'mail_smtphost' => getenv('SMTP_HOST'),
+    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+    'mail_domain' => getenv('MAIL_DOMAIN'),
+  );
+
+  if (getenv('SMTP_PASSWORD')) {
+      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+  } else {
+      $CONFIG['mail_smtppassword'] = '';
+  }
+}
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 534ccada..a6a56e6c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -464,6 +464,10 @@ php /var/www/html/occ config:system:set one-click-instance --value=true --type=b
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
 php /var/www/html/occ app:enable support
+if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
+    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
+    php /var/www/html/occ config:app:delete support last_check
+fi
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index bd83c1e5..e7d24775 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -37,6 +37,28 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index a5b67a3c..2cab0d18 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -190,6 +190,34 @@ for variable in "${VOLUMES[@]}"; do
     find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
 done
 
+# Additional config
+cat << EOL > /tmp/additional.config
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -227,6 +255,22 @@ for variable in "${VOLUME_VARIABLE[@]}"; do
 done
 sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
 sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+
+# Additional config
+cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
+
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+ADDITIONAL_CONFIG
+
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 38598c33..fcf10e5f 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -46,3 +46,14 @@ NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextclou
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.

From ded000e6149e0ea3e106309d6b781de460348cc7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 14:42:00 +0100
Subject: [PATCH 1754/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Zoey <zoey@z0ey.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/talk.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e4bc89c9..59e0ff49 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -18,7 +18,7 @@ jobs:
           git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
             | cut -d/ -f3 \
             | sort -V \
-            | grep -E "^v[0-9]+\.[0-9\.]+$" \
+            | grep -E "^v[0-9\.]+$" \
             | tail -1
         )"
         sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile

From 2af3be98e97564db9945af9889fe91cf617c110c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 16:01:08 +0100
Subject: [PATCH 1755/3949] increase to 7.7.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 60de7441..ae7bf484 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.6.2</h1>
+        <h1>Nextcloud AIO v7.7.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 5e843a9a9a25502706639fb9546be4e521d1cc8f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 16:13:00 +0100
Subject: [PATCH 1756/3949] gcc seems to be required for pip install now

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 47ee0b27..2b5f5393 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -22,7 +22,8 @@ RUN set -ex; \
         wget \
         shadow \
         pulseaudio \
-        openssl; \
+        openssl \
+        gcc; \
     # chromium chromium-chromedriver?
     apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
     useradd -d /tmp --system recording; \
@@ -41,7 +42,8 @@ RUN set -ex; \
         git \
         wget \
         shadow \
-        openssl;
+        openssl \
+        gcc;
 
 WORKDIR /tmp
 USER recording

From dee692f3e9e44a9b95f8aeecf8dbd2c20d60e126 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 16:16:41 +0100
Subject: [PATCH 1757/3949] fix it

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 2b5f5393..01368ed6 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -23,7 +23,8 @@ RUN set -ex; \
         shadow \
         pulseaudio \
         openssl \
-        gcc; \
+        build-base \
+        linux-headers; \
     # chromium chromium-chromedriver?
     apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
     useradd -d /tmp --system recording; \
@@ -43,7 +44,8 @@ RUN set -ex; \
         wget \
         shadow \
         openssl \
-        gcc;
+        build-base \
+        linux-headers;
 
 WORKDIR /tmp
 USER recording

From 42c721d4f05acb1c7505736ac1b8dbdcfb0fd961 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 16:49:03 +0100
Subject: [PATCH 1758/3949] fix permissions for notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 Containers/notify-push/start.sh    | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index b3752166..3e70d40a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -513,6 +513,7 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
 fi
+chmod 775 -R /nextcloud/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index dcc5100b..d730c7fd 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -46,10 +46,6 @@ fi
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
-# Make the binary executable if possible
-ls -l /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push
-chmod +x /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push
-
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --database-prefix="oc_" \

From 7bdf1bf49efe23dc5b036a73385dc2607ef9ba26 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 17:01:33 +0100
Subject: [PATCH 1759/3949] Revert "Bump elasticsearch from 8.11.0 to 8.11.1 in
 /Containers/fulltextsearch"

---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7e0ae167..622ae2bf 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.1
+FROM elasticsearch:8.11.0
 
 USER root
 

From 72e7dc29a87f8d84239f870916a63e93595900bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 17:13:47 +0100
Subject: [PATCH 1760/3949] fix the path

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3e70d40a..7ac5d955 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -513,7 +513,7 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
 fi
-chmod 775 -R /nextcloud/custom_apps/notify_push/bin/
+chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

From 0714ea0234ffcf72d8d3fa1ceed201cf3cc02154 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 16 Nov 2023 21:36:08 +0100
Subject: [PATCH 1761/3949] helm chart - create beta release

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8c8f67df..730585b7 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.6.2
+version: 7.7.0-beta
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index cf49071c..f502392e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231113_125854-latest
+          image: nextcloud/aio-apache:beta
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 83ccd425..40adf7d1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231113_125854-latest
+          image: nextcloud/aio-clamav:beta
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 6441e160..8f768491 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231113_125854-latest
+          image: nextcloud/aio-collabora:beta
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 171586b8..3fd76308 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231113_125854-latest
+          image: nextcloud/aio-postgresql:beta
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 50582c50..cfafa4c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231113_125854-latest
+          image: nextcloud/aio-fulltextsearch:beta
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 966b8d93..35f1134f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231113_125854-latest
+          image: nextcloud/aio-imaginary:beta
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e7d24775..f7611897 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -145,7 +145,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231113_125854-latest
+          image: nextcloud/aio-nextcloud:beta
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 4c1da3ce..19a8dadd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231113_125854-latest
+          image: nextcloud/aio-notify-push:beta
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 8566be6f..d2864c9a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231113_125854-latest
+          image: nextcloud/aio-onlyoffice:beta
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index f734af74..06667865 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231113_125854-latest
+          image: nextcloud/aio-redis:beta
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 7eadf2f7..24914c3f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231113_125854-latest
+          image: nextcloud/aio-talk:beta
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index eb14a0b8..8014d895 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231113_125854-latest
+          image: nextcloud/aio-talk-recording:beta
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 03aa7a1ce1c1fc71efd4ed0b9af7cb8f2af8ef81 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 17 Nov 2023 11:03:03 +0100
Subject: [PATCH 1762/3949] name loadbalancer ports in a different way for a
 test

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-service.yaml               | 4 ++--
 .../templates/nextcloud-aio-talk-service.yaml                 | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 730585b7..36cc2484 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.0-beta
+version: 7.7.0-beta2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 47c36b71..04f8f875 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -13,10 +13,10 @@ spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
-    - name: "{{ .Values.APACHE_PORT }}"
+    - name: "1-tcp"
       port: {{ .Values.APACHE_PORT }}
       targetPort: {{ .Values.APACHE_PORT }}
-    - name: {{ .Values.APACHE_PORT }}-udp
+    - name: "1-udp"
       port: {{ .Values.APACHE_PORT }}
       protocol: UDP
       targetPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 9d87d9ee..a89c82f9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -15,10 +15,10 @@ spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
-    - name: "{{ .Values.TALK_PORT }}"
+    - name: "2-tcp"
       port: {{ .Values.TALK_PORT }}
       targetPort: {{ .Values.TALK_PORT }}
-    - name: {{ .Values.TALK_PORT }}-udp
+    - name: "2-udp"
       port: {{ .Values.TALK_PORT }}
       protocol: UDP
       targetPort: {{ .Values.TALK_PORT }}

From db0c20584d44d371ea679be7397270389e148c7e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Nov 2023 12:33:42 +0000
Subject: [PATCH 1763/3949] Bump elasticsearch from 8.11.0 to 8.11.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.11.0 to 8.11.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 622ae2bf..7e0ae167 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.0
+FROM elasticsearch:8.11.1
 
 USER root
 

From f935993ac6c3a7b2ff25942704abf9e68c6f2ea8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Nov 2023 13:16:59 +0100
Subject: [PATCH 1764/3949] rename pullContainer to pullImage

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 14 +++++++-------
 php/src/Docker/DockerActionManager.php  |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f7e1454e..51dd42a6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,11 +26,11 @@ class DockerController
         $this->configurationManager = $configurationManager;
     }
 
-    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
         // Don't start if container is already running
@@ -43,15 +43,15 @@ class DockerController
         // Skip database image pull if the last shutdown was not clean
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullContainer = false;
+                $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
 
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullContainer) {
-            $this->dockerActionManager->PullContainer($container);
+        if ($pullImage) {
+            $this->dockerActionManager->PullImage($container);
         }
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
@@ -188,7 +188,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startTopContainer(bool $pullContainer) : void {
+    public function startTopContainer(bool $pullImage) : void {
         $config = $this->configurationManager->GetConfig();
         // set AIO_TOKEN
         $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -199,7 +199,7 @@ class DockerController
 
         $id = self::TOP_CONTAINER;
 
-        $this->PerformRecursiveContainerStart($id, $pullContainer);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
     }
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0c64ee52..b535558d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -577,7 +577,7 @@ class DockerActionManager
 
     }
 
-    public function PullContainer(Container $container) : void
+    public function PullImage(Container $container) : void
     {
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
         // do not catch any exception so that it always throws and logs the error

From 01625b1b7a92087caecb991ad63649d03167cedc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Nov 2023 13:29:19 +0100
Subject: [PATCH 1765/3949] fix removing THIS_IS_AIO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 865c2376..da40f406 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -32,7 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
-sed -i '/THIS_IS_AIO:/d' containers.yml
+sed -i '/THIS_IS_AIO/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml

From 2d2d7a2e7a5168d7f372b1ec820cff7950767491 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Nov 2023 12:44:59 +0000
Subject: [PATCH 1766/3949] Bump clamav/clamav from 1.2.1-15 to 1.2.1-16 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-15 to 1.2.1-16.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 622362e4..162046e9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-15
+FROM clamav/clamav:1.2.1-16
 
 COPY clamav.conf /tmp/clamav.conf
 

From 10a8f5b09939402d7790a4fb2f4129e9150bcca4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Nov 2023 13:27:51 +0100
Subject: [PATCH 1767/3949] Make sure that image is correctly pulled before
 continuing

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0c64ee52..630bf502 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -579,9 +579,15 @@ class DockerActionManager
 
     public function PullContainer(Container $container) : void
     {
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
-        // do not catch any exception so that it always throws and logs the error
-        $this->guzzleClient->post($url);
+        $imageName = urlencode($this->BuildImageName($container));
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $imageName));
+        try {
+            $this->guzzleClient->post($url);
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+        } catch (\Throwable $e) {
+            throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+        }
     }
 
     private function isContainerUpdateAvailable(string $id) : string

From f7ea98ef243f404f2f89331cb0f84b0afd440f69 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Nov 2023 13:08:42 +0000
Subject: [PATCH 1768/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.8.3-alpine3.18 to 2.8.4-alpine3.18.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 188cb2c2..f86b9718 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.8.3-alpine3.18
+FROM haproxy:2.8.4-alpine3.18
 
 # hadolint ignore=DL3002
 USER root

From ebbc68e4e5c4099e22c2e01ed8bdbfe7151c2110 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 20 Nov 2023 15:09:03 +0100
Subject: [PATCH 1769/3949] add section how to connect to database

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 develop.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/develop.md b/develop.md
index 7ac2bdec..08aa9e8a 100644
--- a/develop.md
+++ b/develop.md
@@ -38,3 +38,6 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## How to connect to the database?
+Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

From 5ed71e8a88bd65ed3edb256d48777129878127d0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 09:11:31 +0100
Subject: [PATCH 1770/3949] add mknod capability to collabora

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index e52c61fa..977a97b0 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -323,6 +323,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_add": [
+        "MKNOD"
       ]
     },
     {

From 98e671403c34f70948bd05769c152a0cc17d87f9 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 21 Nov 2023 11:38:08 +0100
Subject: [PATCH 1771/3949] helm: fix duplicate SMTP_HOST env variable

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 2cab0d18..48f73505 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -192,8 +192,6 @@ done
 
 # Additional config
 cat << EOL > /tmp/additional.config
-            - name: SMTP_HOST
-              value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_HOST
               value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_SECURE

From e20f31ab90ca684ded39f3928943295e3a11d78e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 11:44:17 +0100
Subject: [PATCH 1772/3949] address some other details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-service.yaml               | 4 ++--
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 2 --
 .../templates/nextcloud-aio-talk-service.yaml                 | 4 ++--
 4 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 36cc2484..a30ab34e 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.0-beta2
+version: 7.7.0-beta3
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 04f8f875..1d74aa1b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -13,10 +13,10 @@ spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
-    - name: "1-tcp"
+    - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}
       targetPort: {{ .Values.APACHE_PORT }}
-    - name: "1-udp"
+    - name: "{{ .Values.APACHE_PORT }}-udp"
       port: {{ .Values.APACHE_PORT }}
       protocol: UDP
       targetPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index f7611897..fae7a932 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -37,8 +37,6 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
-            - name: SMTP_HOST
-              value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_HOST
               value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_SECURE
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index a89c82f9..40121c3b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -15,10 +15,10 @@ spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
-    - name: "2-tcp"
+    - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}
       targetPort: {{ .Values.TALK_PORT }}
-    - name: "2-udp"
+    - name: "{{ .Values.TALK_PORT }}-udp"
       port: {{ .Values.TALK_PORT }}
       protocol: UDP
       targetPort: {{ .Values.TALK_PORT }}

From feec123292d7adc6d2d217bd130e8c5cd93752e3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 12:00:51 +0100
Subject: [PATCH 1773/3949] fix clamav permissions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml      | 16 +++++++++--
 nextcloud-aio-helm-chart/update-helm.sh       | 27 ++++++++++++++++---
 3 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a30ab34e..bc9659d6 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.0-beta3
+version: 7.7.0-beta4
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 40adf7d1..0d28c91d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -24,11 +24,22 @@ spec:
         io.kompose.service: nextcloud-aio-clamav
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
         - name: init-volumes
           image: alpine
           command:
-            - chmod
-            - "777"
+            - chown
+            - 100:100
+            - "-R"
             - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
@@ -46,6 +57,7 @@ spec:
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/clamav
+              subPath: data
               name: nextcloud-aio-clamav
       volumes:
         - name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 48f73505..b3525ece 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -81,15 +81,34 @@ cat << EOL > /tmp/initcontainers.database
             - "-R"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.clamav
+      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 100:100
+            - "-R"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
     if grep -q volumeMounts "$variable"; then
-        if ! echo "$variable" | grep -q database; then
-            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
-        else
+        if echo "$variable" | grep -q database; then
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        elif echo "$variable" | grep -q clamav; then
+            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
@@ -101,6 +120,8 @@ for variable in "${DEPLOYMENTS[@]}"; do
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                elif [ "$volumeName" = nextcloud-aio-clamav ]; then
+                    sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
                 fi
                 
             fi

From 89a87d8b607c9e1fb2c4030a1d69cafa2f7ff348 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 17:34:37 +0100
Subject: [PATCH 1774/3949] helm - allow to define an additional_trusted_proxy

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 8 ++++++++
 nextcloud-aio-helm-chart/update-helm.sh | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7ac5d955..18dc9b48 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -516,6 +516,9 @@ fi
 chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
@@ -561,6 +564,11 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
+        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
+                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
+            fi
+        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index b3525ece..54f78987 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -233,6 +233,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.SUBSCRIPTION_KEY }}"
             - name: APPS_ALLOWLIST
               value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -280,6 +282,7 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 25c5b3dd6579be1cc8f7f3edb274d5ea165767b9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 19:10:06 +0100
Subject: [PATCH 1775/3949] helm - add namespace to different section

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index b3525ece..c257cd05 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -264,8 +264,6 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
-# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
@@ -278,6 +276,7 @@ sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /t
 # Additional config
 cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.

From 4e3b93da8208f62d1dc2e1e05f1fb4061c3b289d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 22 Nov 2023 12:02:17 +0000
Subject: [PATCH 1776/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 100 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 92 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 58006692..4cebda77 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1558,6 +1558,89 @@
             ],
             "time": "2023-07-28T09:04:16+00:00"
         },
+        {
+            "name": "symfony/polyfill-php80",
+            "version": "v1.28.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.28-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-01-26T09:26:14+00:00"
+        },
         {
             "name": "symfony/polyfill-php81",
             "version": "v1.28.0",
@@ -1639,26 +1722,27 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.7.1",
+            "version": "v3.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.2.5",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php80": "^1.22"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
             },
             "type": "library",
             "autoload": {
@@ -1694,7 +1778,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
             },
             "funding": [
                 {
@@ -1706,7 +1790,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-28T11:09:02+00:00"
+            "time": "2023-11-21T18:54:41+00:00"
         }
     ],
     "packages-dev": [],

From 92664f7964595e73eba06acbd22bcbd234f422db Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 23 Nov 2023 04:09:07 +0000
Subject: [PATCH 1777/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index d229bf89..ecbd3ec6 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>
+<files psalm-version="5.16.0@2897ba636551a8cb61601cc26f6ccfbba6c36591"/>

From 95850d30bb64ef59471019c356430fd119cb668f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Nov 2023 08:45:28 +0000
Subject: [PATCH 1778/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-apache-service.yaml                 | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml                   | 2 +-
 nextcloud-aio-helm-chart/values.yaml                            | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index bc9659d6..6e3e8b5c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.0-beta4
+version: 7.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f502392e..f605bf93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:beta
+          image: nextcloud/aio-apache:20231123_084113-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 1d74aa1b..47c36b71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -16,7 +16,7 @@ spec:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}
       targetPort: {{ .Values.APACHE_PORT }}
-    - name: "{{ .Values.APACHE_PORT }}-udp"
+    - name: {{ .Values.APACHE_PORT }}-udp
       port: {{ .Values.APACHE_PORT }}
       protocol: UDP
       targetPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 0d28c91d..310a7e9d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:beta
+          image: nextcloud/aio-clamav:20231123_084113-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 8f768491..0ec6e6f6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:beta
+          image: nextcloud/aio-collabora:20231123_084113-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 3fd76308..44e86abf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:beta
+          image: nextcloud/aio-postgresql:20231123_084113-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index cfafa4c0..78d2156a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:beta
+          image: nextcloud/aio-fulltextsearch:20231123_084113-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 35f1134f..2e47e831 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:beta
+          image: nextcloud/aio-imaginary:20231123_084113-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fae7a932..33c7b00f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -143,7 +143,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:beta
+          image: nextcloud/aio-nextcloud:20231123_084113-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 19a8dadd..0bb87c54 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:beta
+          image: nextcloud/aio-notify-push:20231123_084113-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d2864c9a..866cdae2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:beta
+          image: nextcloud/aio-onlyoffice:20231123_084113-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 06667865..86db5044 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:beta
+          image: nextcloud/aio-redis:20231123_084113-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 24914c3f..90bb0d72 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:beta
+          image: nextcloud/aio-talk:20231123_084113-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 8014d895..3cda8532 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:beta
+          image: nextcloud/aio-talk-recording:20231123_084113-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 40121c3b..9d87d9ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -18,7 +18,7 @@ spec:
     - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}
       targetPort: {{ .Values.TALK_PORT }}
-    - name: "{{ .Values.TALK_PORT }}-udp"
+    - name: {{ .Values.TALK_PORT }}-udp
       port: {{ .Values.TALK_PORT }}
       protocol: UDP
       targetPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index fcf10e5f..1fe9674e 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -33,7 +33,6 @@ NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
@@ -47,6 +46,7 @@ NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of t
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
 
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.

From f577221fa7bc8c47466d5c9be66174d02bcabe41 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Nov 2023 10:50:32 +0100
Subject: [PATCH 1779/3949] elasticsearch 8.11.1 is still not available for
 arm64

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7e0ae167..622ae2bf 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.1
+FROM elasticsearch:8.11.0
 
 USER root
 

From 42ddbfde34d9cca02e63c278143042594d84388a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Nov 2023 10:53:07 +0100
Subject: [PATCH 1780/3949] helm - publish new dev release

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6e3e8b5c..07f81a34 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.0
+version: 7.7.1-dev
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 33c7b00f..b9c88281 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -143,7 +143,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231123_084113-latest
+          image: nextcloud/aio-nextcloud:develop
+          imagePullPolicy: Always
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

From e6d0059986f87ddb6e325686fc871310bb8875ef Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Nov 2023 11:34:57 +0100
Subject: [PATCH 1781/3949] helm - disable volumes if corresponding feature is
 disabled

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml | 2 ++
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml       | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                       | 4 ++++
 nextcloud-aio-helm-chart/values.yaml                          | 1 +
 5 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 07f81a34..6ca1192a 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.1-dev
+version: 7.7.1-dev2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index f7279c3a..c08d5f75 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index cd4c8132..55445a35 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 35be3432..a105d1dd 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -308,6 +308,10 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
     # shellcheck disable=SC1083
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done
 
 chmod 777 -R ./
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 1fe9674e..d7312d31 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -49,6 +49,7 @@ REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From c82ad75d7c9dcd896ea0ca6208bf72e5aa86e6b3 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Nov 2023 12:24:27 +0000
Subject: [PATCH 1782/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 5b714ccb..eb755a0d 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -202,6 +202,8 @@ services:
       - collabora
     networks:
       - nextcloud-aio
+    cap_add:
+      - MKNOD
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest

From a149f75795ca6a649cff1d4be73e2b7cbc6965a2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Nov 2023 14:50:52 +0100
Subject: [PATCH 1783/3949] add ADDITIONAL_TRUSTED_PROXY to the chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6ca1192a..37669b75 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.1-dev2
+version: 7.7.1-dev3
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index b9c88281..8353c7f0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -57,6 +57,8 @@ spec:
               value: "{{ .Values.SUBSCRIPTION_KEY }}"
             - name: APPS_ALLOWLIST
               value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS

From 4d46894f94907298d8678ff1f828aa7c8e813831 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 23 Nov 2023 18:12:58 +0000
Subject: [PATCH 1784/3949] nextcloud-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4d70d764..21334726 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.25-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.3
+ENV NEXTCLOUD_VERSION 27.1.4
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From f0fd5b692d68a127f94bcb98654f60e3ae4017c2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 23 Nov 2023 19:16:02 +0100
Subject: [PATCH 1785/3949] increase to 7.7.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ae7bf484..d1e7827d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.7.0</h1>
+        <h1>Nextcloud AIO v7.7.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From b85ffbb0cc76d8411614301a270ec57c73cc5fa0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 21 Nov 2023 16:49:51 +0100
Subject: [PATCH 1786/3949] helm - fix lost+found in nextcloud

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   |  4 ++++
 .../nextcloud-aio-nextcloud-deployment.yaml   | 11 ++++++++++
 nextcloud-aio-helm-chart/update-helm.sh       | 22 ++++++++++++++++++-
 4 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 37669b75..76e1c150 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.1-dev3
+version: 7.7.1-dev4
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 0ec6e6f6..cb9ba46c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -42,4 +42,8 @@ spec:
           ports:
             - containerPort: 9980
               protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - MKNOD
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 8353c7f0..839323f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,6 +23,17 @@ spec:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
       initContainers:
+        - name: delete lost+found
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - /nextcloud-aio-nextcloud/lost+found
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
           image: alpine
           command:
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index a105d1dd..e16883b2 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -98,6 +98,22 @@ cat << EOL > /tmp/initcontainers.clamav
             - "-R"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.nextcloud
+      initContainers:
+        - name: delete lost+found
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - /nextcloud-aio-nextcloud/lost+found
+          volumeMountsInitRmLostFound:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
@@ -107,6 +123,8 @@ for variable in "${DEPLOYMENTS[@]}"; do
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
         elif echo "$variable" | grep -q clamav; then
             sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
         else
             sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
@@ -117,6 +135,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                sed -i "/volumeMountsInitRmLostFound:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
@@ -126,7 +145,8 @@ for variable in "${DEPLOYMENTS[@]}"; do
                 
             fi
         done
-        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        sed -i "s|volumeMountsInitContainer:|volumeMounts:|" "$variable"
+        sed -i "s|volumeMountsInitRmLostFound:|volumeMounts:|" "$variable"
         if grep -q claimName "$variable"; then
             claimNames="$(grep claimName "$variable")"
             mapfile -t claimNames <<< "$claimNames"

From f93f5c02a54a6b7010e3ba23bd673c6d4d2c8dc4 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Sun, 26 Nov 2023 12:26:30 -0600
Subject: [PATCH 1787/3949] Minor English grammar fixes in readme.md

Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
---
 readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index c5bfe890..b0f177c0 100644
--- a/readme.md
+++ b/readme.md
@@ -16,7 +16,7 @@ Included are:
 - Simple web interface included that enables easy installation and maintenance
 - [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)
 - Update and backup notifications included
-- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
+- Daily backups can be enabled from the AIO interface which also allows updating all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
 - APCu as local cache
 - Redis as distributed cache and for file locking
@@ -258,9 +258,9 @@ No and they will not be. Please use a dedicated domain for Nextcloud and set it
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-Please note that local access is not possible if you should be running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
 
-Please make sure that if you should be running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
 
 Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/

From 08f0986101b3e94584785307103511f1dab926d6 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Sun, 26 Nov 2023 12:55:35 -0600
Subject: [PATCH 1788/3949] Clean up formatting and minor text adjustments to
 reverse-proxy.md

Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
---
 reverse-proxy.md | 59 ++++++++++++++++++++++++++----------------------
 1 file changed, 32 insertions(+), 27 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0fc53374..7b17ff03 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -7,30 +7,35 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
-1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
+1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
 
-## 1. Add this to your reverse proxy config
-
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
-### Adaptation of the respective sample configuration
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. Additionally, you might need to adjust `localhost` or `127.0.0.1` based on your setup. See below.
- 
-**Running the Reverse Proxy on the same server, not in a container**<br>
-For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
+## 1. Configure the reverse proxy
 
-**Running the Reverse Proxy in a Docker container on the same server**<br>
-For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
-Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
-
-**Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
-For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
+### Adapting the sample web server configurations below
+1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
+1. Adjust the port `11000` to match your chosen `APACHE_PORT`.
+1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options.
+   <details>
+     <summary>on the same server without a container</summary>
+     For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
+   </details>
+   <details>
+     <summary>on the same server in a Docker container</summary>
+     For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
+     Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+   </details>
+   <details>
+     <summary>on a different server (in container or not)</summary>
+     Use the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+     If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
+   </details>
 
 ### Apache
 
@@ -97,7 +102,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -119,7 +124,7 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -143,7 +148,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-    ⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+    ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
     You also need to adjust `<provider>` and `<key>` to match your case.
 
@@ -172,7 +177,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -272,7 +277,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -362,7 +367,7 @@ server {
 
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -393,7 +398,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
@@ -497,7 +502,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 });
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -515,7 +520,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -596,7 +601,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ---
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
@@ -689,7 +694,7 @@ https://<your-nc-domain>:8443 {
     }
 }
 ```
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
@@ -699,7 +704,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
-1. Make sure to follow [this](#adaptation-of-the-respective-sample-configuration) to adapt the example configurations to your specific setup
+1. Make sure to follow [this](#adapting-the-sample-web-server-configurations-below) to adapt the example configurations to your specific setup
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.

From 5990bbcac4f30fdba9ea5f254d7ed61208bd841b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Nov 2023 12:45:44 +0000
Subject: [PATCH 1789/3949] Bump clamav/clamav from 1.2.1-16 to 1.2.1-17 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-16 to 1.2.1-17.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 162046e9..fdb1cd80 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-16
+FROM clamav/clamav:1.2.1-17
 
 COPY clamav.conf /tmp/clamav.conf
 

From f05f0defd3864f94eb22cd82b71f82804b8820af Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 27 Nov 2023 17:30:02 +0100
Subject: [PATCH 1790/3949] add a hint about what is getting backed up when
 using aios backup solution

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index c5bfe890..c61725dc 100644
--- a/readme.md
+++ b/readme.md
@@ -371,6 +371,9 @@ Be aware that this solution does not back up files and folders that are mounted
 
 ---
 
+#### What is getting backed up by AIO's backup solution?
+Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
+
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 

From 04ff1189d566b96200c3ecb9b1d941c554dfad89 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Nov 2023 12:18:10 +0000
Subject: [PATCH 1791/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.12-fpm-alpine3.18 to 8.2.13-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 92b7f1a8..e8bf6d78 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.7-cli as docker
 FROM caddy:2.7.5-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.12-fpm-alpine3.18
+FROM php:8.2.13-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 78dbb4585e8df9919b3d722bd78a68b62163bdb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Nov 2023 12:28:40 +0000
Subject: [PATCH 1792/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.25-fpm-alpine3.18 to 8.1.26-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 21334726..058c303e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.25-fpm-alpine3.18
+FROM php:8.1.26-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 20c9c7f0e5105eba7ecad902f0bf9eb35247c29b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 28 Nov 2023 14:27:58 +0100
Subject: [PATCH 1793/3949] adjust readme for hardware transcoding

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 2b5581d9..554d3b81 100644
--- a/readme.md
+++ b/readme.md
@@ -668,7 +668,7 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://memories.gallery/hw-transcoding/#va-api).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. There is now a community container which allows to easily add the transcoding container of Memories to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories
 
 ### How to keep disabled apps?
 In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ⚠️⚠️⚠️ **Warning** doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.

From 46b982c338deb00e9ae6fe69610cc5b410c3ad37 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 29 Nov 2023 12:02:29 +0000
Subject: [PATCH 1794/3949] imaginary-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index f63e88df..582bbe75 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.21.4-alpine3.18 as go
 
-ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 8ac090a091add8f88389fccd5100331b5a486eb1 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Thu, 30 Nov 2023 08:16:23 +0000
Subject: [PATCH 1795/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 3 +--
 .../templates/nextcloud-aio-notify-push-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml     | 2 +-
 13 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 76e1c150..ab8327d9 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.1-dev4
+version: 7.7.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f605bf93..95206aba 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231123_084113-latest
+          image: nextcloud/aio-apache:20231130_081302-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 310a7e9d..52cfb07c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231123_084113-latest
+          image: nextcloud/aio-clamav:20231130_081302-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index cb9ba46c..68cc29e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231123_084113-latest
+          image: nextcloud/aio-collabora:20231130_081302-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 44e86abf..44c92d1e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231123_084113-latest
+          image: nextcloud/aio-postgresql:20231130_081302-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 78d2156a..29bbf1d1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231123_084113-latest
+          image: nextcloud/aio-fulltextsearch:20231130_081302-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2e47e831..d28cd599 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231123_084113-latest
+          image: nextcloud/aio-imaginary:20231130_081302-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 839323f3..44a81740 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -156,8 +156,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:develop
-          imagePullPolicy: Always
+          image: nextcloud/aio-nextcloud:20231130_081302-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 0bb87c54..0975b3e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231123_084113-latest
+          image: nextcloud/aio-notify-push:20231130_081302-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 866cdae2..fecea8cc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231123_084113-latest
+          image: nextcloud/aio-onlyoffice:20231130_081302-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 86db5044..7913eeb7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231123_084113-latest
+          image: nextcloud/aio-redis:20231130_081302-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 90bb0d72..b5c4bf49 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231123_084113-latest
+          image: nextcloud/aio-talk:20231130_081302-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 3cda8532..33a5e284 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231123_084113-latest
+          image: nextcloud/aio-talk-recording:20231130_081302-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 0596c605843eb09a20e1758b4eb5d8d3565117aa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 27 Nov 2023 17:19:58 +0100
Subject: [PATCH 1796/3949] disable trace method and improve apache ssl conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf                | 3 +++
 Containers/mastercontainer/mastercontainer.conf | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index c7f986f3..8f179328 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -49,4 +49,7 @@ Listen 8000
 
     # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
     ProxyTimeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+    TraceEnable Off
 </VirtualHost>
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 701cb420..d1f4ed64 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -49,8 +49,14 @@ Listen 8080
     SSLCertificateFile /etc/apache2/certs/ssl.crt
     SSLEngine               on
     SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 </VirtualHost>
 
 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
+
+# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+TraceEnable Off

From 7c448b9989611e523aeca9f2456f87f46cbdc7c0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Nov 2023 12:49:31 +0100
Subject: [PATCH 1797/3949] adjust formatting

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 42 ++++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7b17ff03..330c28ea 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -22,20 +22,34 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
 1. Adjust the port `11000` to match your chosen `APACHE_PORT`.
 1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options.
-   <details>
-     <summary>on the same server without a container</summary>
-     For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
-   </details>
-   <details>
-     <summary>on the same server in a Docker container</summary>
-     For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
-     Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
-   </details>
-   <details>
-     <summary>on a different server (in container or not)</summary>
-     Use the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-     If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
-   </details>
+
+    <details>
+
+    <summary>On the same server without a container</summary>
+
+    For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
+
+    </details>
+
+    <details>
+
+    <summary>On the same server in a Docker container</summary>
+
+    For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
+
+    Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+
+    </details>
+
+    <details>
+
+    <summary>On a different server (in container or not)</summary>
+
+    Use the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.
+    
+    If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
+
+    </details>
 
 ### Apache
 

From 14e8996e9060da50fd6bd438b1310b21a7a6ea79 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 21 Aug 2023 12:38:58 +0200
Subject: [PATCH 1798/3949] nextcloud - add stop_grace_period of 600s

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/cron.sh | 15 ++++++++++++++-
 php/containers.json          |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/cron.sh b/Containers/nextcloud/cron.sh
index 0fe5f589..87f6bf7a 100644
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,7 +1,20 @@
 #!/bin/bash
 set -eu
 
+wait_for_cron() {
+    set -x
+    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
+        echo "Waiting for cron to stop..."
+        sleep 5
+    done
+    echo "Cronjob successfully exited."
+    set +x
+}
+
+trap wait_for_cron SIGINT SIGTERM
+
 while true; do
     php -f /var/www/html/cron.php &
-    sleep 5m
+    sleep 5m &
+    wait $!
 done
diff --git a/php/containers.json b/php/containers.json
index d3047dfd..e39be660 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -205,6 +205,7 @@
         "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
       ],
+      "stop_grace_period": 600,
       "restart": "unless-stopped",
       "devices": [
         "/dev/dri"

From ecf7aeb92b96c31cfb1874244b86eb193f09ddf5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Nov 2023 12:43:47 +0100
Subject: [PATCH 1799/3949] always run exec commands

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/run-exec-commands.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index a2a6c84a..ab3abab7 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,9 +1,7 @@
 #!/bin/bash
 
-while ! nc -z "$NC_DOMAIN" 443; do
-    sleep 5
-done
-sleep 10
+# Wait 15s for domain to be reachable
+sleep 15
 
 if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
     echo "#!/bin/bash" > /tmp/nextcloud-exec-commands

From 70557b7beca6ac06a20326b4a72ecdbe50dbe2f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:10:43 +0000
Subject: [PATCH 1800/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/talk

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index f9a61460..d4dbd703 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 FROM nats:2.10.5-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
-FROM alpine:3.18.4 as janus
+FROM alpine:3.18.5 as janus
 
 ARG JANUS_VERSION=v0.14.0
 WORKDIR /src
@@ -33,7 +33,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From 913c2e3f1a98e82897383aab1b8a760c39e1a486 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:12:15 +0000
Subject: [PATCH 1801/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/domaincheck

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 7019215f..f494f545 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \

From d45e2d9616504c0548aaf2d94c85c26702330bee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:19:50 +0000
Subject: [PATCH 1802/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/borgbackup

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index f6e6853c..7e467e67 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 RUN set -ex; \
     \

From 1d62792cf8b620742c699bacc7a7ec16ebda8aba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:27:15 +0000
Subject: [PATCH 1803/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/watchtower

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index b9b87625..d63b5a53 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 as watchtower
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

From 4f4d8c37435ad87fa67e144b8aba901761005a2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 13:06:13 +0000
Subject: [PATCH 1804/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/imaginary

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 582bbe75..9a868ce0 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

From c859dd58a2750b7f01daff320dc0e760d8ae74af Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 13:06:14 +0000
Subject: [PATCH 1805/3949] Bump alpine from 3.18.4 to 3.18.5 in
 /Containers/notify-push

Bumps alpine from 3.18.4 to 3.18.5.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index a07211f2..602db937 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 0e3aad3f55c4f4276d0e60ebf05b33db8e4f45c5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Dec 2023 10:35:27 +0100
Subject: [PATCH 1806/3949] community containers - add stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md        |  3 +-
 community-containers/stalwart/readme.md     | 17 ++++++
 community-containers/stalwart/stalwart.json | 64 +++++++++++++++++++++
 3 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/stalwart/readme.md
 create mode 100644 community-containers/stalwart/stalwart.json

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index b1767210..c26b39a5 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,10 +1,11 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
new file mode 100644
index 00000000..034d8fb1
--- /dev/null
+++ b/community-containers/stalwart/readme.md
@@ -0,0 +1,17 @@
+## Stalwart mail server
+This container bundles stalwart mail server and auto-configures it for you.
+
+### Notes
+- This is only intended to run on a VPS with static ip-address.
+- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 578, 993 nor 4190 yet as otherwise the container will fail to start.
+- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `mail.your-domain.com`.
+- The data of Stalwart will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised, 5. Take note of the administrator credentials, 6. skip https://stalw.art/docs/install/docker/#add-your-tls-certificate as this is done automatically for you, 7. Review the configuration file, 8. run `sudo docker restart nextcloud-aio-stalwart` in order restart the container and enable the config).
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/marcoambrosini/aio-stalwart
+
+### Maintainer
+https://github.com/marcoambrosini
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
new file mode 100644
index 00000000..9da8e12e
--- /dev/null
+++ b/community-containers/stalwart/stalwart.json
@@ -0,0 +1,64 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-stalwart",
+            "display_name": "Stalwart",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
+            "image": "marcoambrosini/aio-stalwart",
+            "image_tag": "v1",
+            "internal_port": "587",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "25",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "143",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "465",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "587",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "993",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "4190",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_stalwart",
+                    "destination": "/opt/stalwart-mail",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/caddy",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_stalwart"
+            ]
+        }
+    ]
+}

From 996b7c357cca65e4cd6bea6a6fb539078fd61dcd Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 4 Dec 2023 12:02:24 +0000
Subject: [PATCH 1807/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4cebda77..ad792be0 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.8.0",
+            "version": "7.8.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9"
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1110f66a6530a40fe7aea0378fe608ee2b2248f9",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
                 "shasum": ""
             },
             "require": {
@@ -32,11 +32,11 @@
                 "psr/http-client-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                 "ext-curl": "*",
                 "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
                 "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.8.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
             },
             "funding": [
                 {
@@ -130,28 +130,28 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-27T10:20:53+00:00"
+            "time": "2023-12-03T20:35:24+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.1",
+            "version": "2.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d"
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/111166291a0f8130081195ac4556a5587d7f1b5d",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.2.5 || ^8.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
             },
             "type": "library",
             "extra": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.1"
+                "source": "https://github.com/guzzle/promises/tree/2.0.2"
             },
             "funding": [
                 {
@@ -213,20 +213,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-03T15:11:55+00:00"
+            "time": "2023-12-03T20:19:20+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.6.1",
+            "version": "2.6.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727"
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/45b30f99ac27b5ca93cb4831afe16285f57b8221",
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221",
                 "shasum": ""
             },
             "require": {
@@ -240,9 +240,9 @@
                 "psr/http-message-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.6.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.6.2"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-27T10:13:57+00:00"
+            "time": "2023-12-03T20:05:35+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 7ee0c582abb66fe32ca5a157adf33f3405ffb952 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Dec 2023 12:36:17 +0000
Subject: [PATCH 1808/3949] Bump clamav/clamav from 1.2.1-17 to 1.2.1-20 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-17 to 1.2.1-20.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index fdb1cd80..32ac6000 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-17
+FROM clamav/clamav:1.2.1-20
 
 COPY clamav.conf /tmp/clamav.conf
 

From ae26696319064be72922c54fb141ba320f5d93fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Dec 2023 12:56:14 +0000
Subject: [PATCH 1809/3949] Bump nats from 2.10.5-scratch to 2.10.6-scratch in
 /Containers/talk

Bumps nats from 2.10.5-scratch to 2.10.6-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d4dbd703..fac18448 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.5-scratch as nats
+FROM nats:2.10.6-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
 FROM alpine:3.18.5 as janus

From 5cc15a3d382f65b78d060f806f67863afda88911 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 5 Dec 2023 04:09:01 +0000
Subject: [PATCH 1810/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ecbd3ec6..285e2b1b 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.16.0@2897ba636551a8cb61601cc26f6ccfbba6c36591"/>
+<files psalm-version="5.17.0@c620f6e80d0abfca532b00bda366062aaedf6e5d"/>

From 12d5ea1fd1bfa11e5fdf6ef8bc360d1cb9428a45 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Dec 2023 12:11:05 +0000
Subject: [PATCH 1811/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.8.4-alpine3.18 to 2.9.0-alpine3.18.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index f86b9718..3831d548 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.8.4-alpine3.18
+FROM haproxy:2.9.0-alpine3.18
 
 # hadolint ignore=DL3002
 USER root

From 39b79c84c5575bcc5407a0e66374b0258e60ae5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Dec 2023 12:53:00 +0000
Subject: [PATCH 1812/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.4-alpine3.18 to 1.21.5-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 9a868ce0..2da7768a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.4-alpine3.18 as go
+FROM golang:1.21.5-alpine3.18 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From 3a212f4a38605c37f88045ae9c82fe23c27701d5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 14:37:20 +0100
Subject: [PATCH 1813/3949] fix local connection

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 18dc9b48..eb95aef2 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -478,6 +478,7 @@ php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 
 # Apply network settings
 echo "Applying network settings..."
+php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
@@ -531,8 +532,6 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update richdocuments
     fi
     php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
-    # Fix https://github.com/nextcloud/all-in-one/issues/188:
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
     COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
     COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
@@ -596,7 +595,6 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice

From 6335a8427ea0d44a981966726dab6f2586935e4c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 30 Nov 2023 12:40:19 +0100
Subject: [PATCH 1814/3949] add timeout and sleep to notify-push

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index d730c7fd..e9f558c9 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -42,6 +42,11 @@ if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     exit 1
 fi
 
+# Add a timeout of 15s to hopefully get rid of the first error that is logged if apache is not there yet
+sleep 15
+
+echo "notify-push was started"
+
 # Set sensitive values as env
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"

From addf019e6ee2d9d942687467ea2f8c43ec8bd681 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 15:30:07 +0100
Subject: [PATCH 1815/3949] allow to install Nc28 upon initial install

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/templates/containers.twig           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 51dd42a6..bb57ec91 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -164,7 +164,7 @@ class DockerController
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 27;
+            $installLatestMajor = 28;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d1e7827d..038d2d87 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -28,7 +28,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 28 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From b8bd8719d4842f33d1f836ec127cdab1f68c126a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 15:34:45 +0100
Subject: [PATCH 1816/3949] increase to 7.8.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 038d2d87..7fc6c8d0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.7.1</h1>
+        <h1>Nextcloud AIO v7.8.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 813a73bb63f327f5f50ad8800c1db90e235ac6c6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 16:13:28 +0100
Subject: [PATCH 1817/3949] fix typo in stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/stalwart.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 9da8e12e..d44dde5b 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -42,7 +42,7 @@
             ],
             "environment": [
                 "TZ=%TIMEZONE%",
-                "NC_DOMAIN=%NC_DOMAIN"
+                "NC_DOMAIN=%NC_DOMAIN%"
             ],
             "volumes": [
                 {

From 2407aaf8970f161bc17afa9558870ff789a04b03 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 16:38:02 +0100
Subject: [PATCH 1818/3949] adjust docs for stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 034d8fb1..bfdea91f 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -7,7 +7,8 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised, 5. Take note of the administrator credentials, 6. skip https://stalw.art/docs/install/docker/#add-your-tls-certificate as this is done automatically for you, 7. Review the configuration file, 8. run `sudo docker restart nextcloud-aio-stalwart` in order restart the container and enable the config).
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
+- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server there.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 2a7115b06bc161197e728e81b30d162ed5eaefcd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 17:03:44 +0100
Subject: [PATCH 1819/3949] recommend stalwart mail server in aio

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 554d3b81..a71de6b1 100644
--- a/readme.md
+++ b/readme.md
@@ -707,7 +707,7 @@ If you want to use the user_sql app, the easiest way is to create an additional
 It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
 
 ### Mail server
-You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow and Mailu both have more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/356#discussioncomment-7133547
+You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

From 6aab3961ee6177bb67fcc02814e9b179ee62532e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 17:40:37 +0100
Subject: [PATCH 1820/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index bfdea91f..0cdb8c41 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -5,7 +5,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - This is only intended to run on a VPS with static ip-address.
 - Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 578, 993 nor 4190 yet as otherwise the container will fail to start.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
-- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `mail.your-domain.com`.
+- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
 - After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
 - Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server there.

From 5b4668931febe104ef3ef2f6a93583d60c1800eb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 17:56:55 +0100
Subject: [PATCH 1821/3949] libretranslate - remove note because it is working
 now

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/libretranslate/readme.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md
index c5014dca..ffab72ab 100644
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -2,8 +2,6 @@
 This container bundles LibreTranslate and auto-configures it for you.
 
 ### Notes
-
-- Please note that this community container is currently not working since its integration app is not yet compatible with Nextcloud 27 (Hub 6). You can follow the progress here: https://github.com/v1r0x/integration_libretranslate/issues/1
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash
 # Adjust the values `en` and `de` in commands below accordingly

From 749c7c641047f5173b304f4ae2a924e192af03b7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 20:43:17 +0100
Subject: [PATCH 1822/3949] add more docs to stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 0cdb8c41..fa471a7d 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -8,7 +8,9 @@ This container bundles stalwart mail server and auto-configures it for you.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
 - After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
+- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
 - Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server there.
+- See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From d2e2609e9cc35bc772feb1f2404b608b16b1c302 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 21:11:04 +0100
Subject: [PATCH 1823/3949] add further docs in stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index fa471a7d..02a2696a 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -7,9 +7,9 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
-- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
-- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server there.
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
+- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
+- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 3c7b3d84ae1b0b8cc88e017c4ab68d54297218e3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 21:17:31 +0100
Subject: [PATCH 1824/3949] add a note regarding snappymail and mail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 02a2696a..2bdf67f3 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -10,6 +10,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
 - See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
 - Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
+- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retreiving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 388beb986b28f4440072ce103abde457cab283c9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Dec 2023 21:26:20 +0100
Subject: [PATCH 1825/3949] fix typo

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 2bdf67f3..15ba79c3 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -10,7 +10,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
 - See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
 - Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
-- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retreiving mails.
+- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 59180b37f318debb338e1ac536edba95bba57360 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Dec 2023 09:17:45 +0100
Subject: [PATCH 1826/3949] helm-chart - create 7.7.2-beta release

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 nextcloud-aio-helm-chart/update-helm.sh                       | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index ab8327d9..e3685e2b 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.1
+version: 7.7.2-beta
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 44a81740..cb1de4e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,12 +23,12 @@ spec:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
       initContainers:
-        - name: delete lost+found
+        - name: "delete-lost-found"
           image: alpine
           command:
             - rm
             - "-rf"
-            - /nextcloud-aio-nextcloud/lost+found
+            - "/nextcloud-aio-nextcloud/lost+found"
           volumeMounts:
             - name: nextcloud-aio-nextcloud-trusted-cacerts
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index e16883b2..3dce3815 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -100,12 +100,12 @@ cat << EOL > /tmp/initcontainers.clamav
 EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
-        - name: delete lost+found
+        - name: "delete-lost-found"
           image: alpine
           command:
             - rm
             - "-rf"
-            - /nextcloud-aio-nextcloud/lost+found
+            - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
         - name: init-volumes
           image: alpine

From 762fb0c58192d0f34d2eba50a8c1c06d604f3894 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Dec 2023 12:32:08 +0100
Subject: [PATCH 1827/3949] helm - allow to set SERVERINFO_TOKEN

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh                             | 3 +++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                        | 3 +++
 nextcloud-aio-helm-chart/values.yaml                           | 1 +
 4 files changed, 9 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index eb95aef2..c1b02519 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -475,6 +475,9 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
+    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
+fi
 
 # Apply network settings
 echo "Applying network settings..."
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index cb1de4e5..0aa8afd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -70,6 +70,8 @@ spec:
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 3dce3815..bfc7fbff 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -255,6 +255,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -300,6 +302,7 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index d7312d31..f81e9d3c 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -48,6 +48,7 @@ REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.

From 0789e29b3f556d0d9279683e7e08ae34f1eaa049 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Dec 2023 12:38:04 +0100
Subject: [PATCH 1828/3949] increase to 7.8.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 7fc6c8d0..76fde77f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.8.0</h1>
+        <h1>Nextcloud AIO v7.8.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d8ec6d7886f6e4afa3c5200b38ae4301f626b861 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 7 Dec 2023 12:40:26 +0100
Subject: [PATCH 1829/3949] helm - create 7.8.1-beta

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e3685e2b..2b95e83b 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.7.2-beta
+version: 7.8.1-beta
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 0aa8afd5..38676dbf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231130_081302-latest
+          image: nextcloud/aio-nextcloud:beta
+          imagePullPolicy: Always
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

From e0c3fa3998511fa30b7e3cb5a91d9fc99b75c19e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Dec 2023 12:50:57 +0000
Subject: [PATCH 1830/3949] Bump nats from 2.10.6-scratch to 2.10.7-scratch in
 /Containers/talk

Bumps nats from 2.10.6-scratch to 2.10.7-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fac18448..ef1cd751 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.6-scratch as nats
+FROM nats:2.10.7-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
 FROM alpine:3.18.5 as janus

From f46a2bf9931b0c7df4890374e71c0c329f6de593 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Fri, 8 Dec 2023 12:04:14 +0000
Subject: [PATCH 1831/3949] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index eb755a0d..51a6b3dc 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -145,6 +145,7 @@ services:
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
       - APACHE_PORT=${APACHE_PORT}
       - APACHE_IP_BINDING=${APACHE_IP_BINDING}
+    stop_grace_period: 600s
     restart: unless-stopped
     networks:
       - nextcloud-aio

From c603b17625d40246e8a4cd4d1c8a89e33dd26e39 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 8 Dec 2023 14:40:20 +0100
Subject: [PATCH 1832/3949] [breaking] - update aio-local-ai to v2

Breaking because they no longer ship Arm64 images and thus it can no longer run on arm64 and would fail to start in that case.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 2 +-
 community-containers/local-ai/readme.md     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index dd69ebbe..60032cdf 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -5,7 +5,7 @@
             "display_name": "Local AI",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
             "image": "szaimen/aio-local-ai",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "internal_port": "8080",
             "restart": "unless-stopped",
             "environment": [
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index cdb81a4b..40a129fb 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,7 +2,8 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
+- This container does not work on arm64! If you add the container on arm64, it will fail to start because no image for arm64 is available!
+- Make sure to have enough storage space available. This container alone needs ~14GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml

From 9cf47f65e1809b36c07d0cc4f0ff764c7a377929 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 8 Dec 2023 15:04:11 +0100
Subject: [PATCH 1833/3949] talk-recording - pull geckodriver from community

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 01368ed6..68da553c 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -26,7 +26,7 @@ RUN set -ex; \
         build-base \
         linux-headers; \
     # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
+    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \

From 54ad851d7360df54cf07b55cefb73fdff542e0cb Mon Sep 17 00:00:00 2001
From: Jos Poortvliet <jospoortvliet@gmail.com>
Date: Fri, 8 Dec 2023 23:38:36 +0100
Subject: [PATCH 1834/3949] Update readme.md

explaining "AIO" isn't really the best way to start this description ;-)

Signed-off-by: Jos Poortvliet <jospoortvliet@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a71de6b1..6b3c4307 100644
--- a/readme.md
+++ b/readme.md
@@ -1,5 +1,5 @@
 # Nextcloud All-in-One
-Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
+The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:
 - Nextcloud

From a24a2ebad9862a848c313c9534fbdc37305db432 Mon Sep 17 00:00:00 2001
From: Jos Poortvliet <jospoortvliet@gmail.com>
Date: Sat, 9 Dec 2023 11:37:24 +0100
Subject: [PATCH 1835/3949] Update setup.twig

Improve description in setup.twig

Signed-off-by: Jos Poortvliet <jospoortvliet@gmail.com>
---
 php/templates/setup.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index c36dd495..30dcca62 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -5,7 +5,7 @@
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO setup</h1>
-            <p>Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>Please note down the password to access the AIO interface and don't lose it!</p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>

From 6221db92eca9305f24ba73503d238ece0cc8ee64 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 10:10:01 +0100
Subject: [PATCH 1836/3949] open logs in new tab

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 76fde77f..b19862ba 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -55,11 +55,11 @@
         {% endfor %}
 
         {% if is_daily_backup_running == true %}
-            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
+            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br /><br />
             {% if automatic_updates == true %}
                 It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
                 {% if is_mastercontainer_update_available == true %}
-                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 {% endif %}
             {% endif %}
             {% if has_update_available == false %}
@@ -69,7 +69,7 @@
             {% endif %}
             <a href="" class="button reload">Reload ↻</a><br/>
         {% elseif isWatchtowerRunning == true %}
-            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>
         {% else %}
             {% if is_backup_container_running == false and domain == "" %}
@@ -128,7 +128,7 @@
                         {% if borg_backup_host_location != '' and borg_restore_password != '' %}
                             {% if borg_backup_mode in ['test', 'check'] %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
@@ -144,7 +144,7 @@
                                         </details><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
                                         Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
@@ -167,7 +167,7 @@
                                 {% endif %}
                             {% elseif borg_backup_mode == 'restore' %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
                                 {% endif %}
                             {% endif %}
@@ -198,14 +198,14 @@
 
             {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
                 {% else %}
                     No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
                 {% endif %}
             {% endif %}
 
             {% if is_backup_container_running == true %}
-                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 <a href="" class="button reload">Reload ↻</a><br/><br>
             {% endif %}
 
@@ -257,21 +257,21 @@
                                 <li>
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
                                         </span>
                                     {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                                         <span class="status success"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
                                         </span>
                                     {% else %}
                                         <span class="status error"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
@@ -383,7 +383,7 @@
                             {% if is_backup_container_running == false %}
                                 <h2>Backup and restore</h2>
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
                                         The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
                                         <details>
@@ -407,9 +407,9 @@
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     {% if borg_backup_mode == "backup" %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% else %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% endif %}
                                 {% endif %}
                             {% endif %}

From f7e2a2bd5d3b32c257e133eeddf449170781b4c9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 10:17:24 +0100
Subject: [PATCH 1837/3949] Adjust two places

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 php/templates/setup.twig      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 76fde77f..145d8d60 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -86,7 +86,7 @@
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        The official Nextcloud installation method. Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 30dcca62..7783830c 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -5,7 +5,7 @@
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO setup</h1>
-            <p>The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>Please note down the password to access the AIO interface and don't lose it!</p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>

From cb5c6495d6141bddc54b2b9ecb90b2e07e48945f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 10:43:47 +0100
Subject: [PATCH 1838/3949] use correct way to do the update to new major
 versions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c1b02519..c1559c1f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -258,7 +258,14 @@ DATADIR_PERMISSION_CONF
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updater.release.channel --value=beta
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                php /var/www/html/updater/updater.phar --no-interaction
+                INSTALL_DAT="$(php /var/www/html/occ config:app:get core installedat)"
+                if [ -n "$INSTALL_DAT" ]; then
+                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
+                    # shellcheck disable=SC2001
+                    INSTALL_DAT="$(echo "$INSTALL_DAT" | sed "s|[0-9][0-9]$|00|")"
+                    php /var/www/html/occ config:app:set core installedat --value="$INSTALL_DAT" 
+                fi
+                php /var/www/html/updater/updater.phar --no-interaction --no-backup
                 if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                     echo "Installation of Nextcloud failed!"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -266,18 +273,6 @@ DATADIR_PERMISSION_CONF
                 fi
                 # shellcheck disable=SC2016
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-                IMAGE_MAJOR="${image_version%%.*}"
-                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/updater/updater.phar --no-interaction
-                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                        echo "Installation of Nextcloud failed!"
-                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                        exit 1
-                    fi
-                    # shellcheck disable=SC2016
-                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                fi
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ config:system:set updater.release.channel --value=stable

From dc223275d4faacffcd39d40a6b76f48d03ee9d81 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 11:17:08 +0100
Subject: [PATCH 1839/3949] startcontainer - thow our own exception so that the
 message is not truncated

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 795c6433..1b742913 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -572,7 +572,7 @@ class DockerActionManager
                 ]
             );
         } catch (RequestException $e) {
-            throw $e;
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
         }
 
     }

From 58329a7a484861b4aa114b9cca809b46f088ada2 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 10:04:30 +0100
Subject: [PATCH 1840/3949] log normal imageName instead of encodedImageName

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 795c6433..4bf2e1e0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -579,11 +579,12 @@ class DockerActionManager
 
     public function PullImage(Container $container) : void
     {
-        $imageName = urlencode($this->BuildImageName($container));
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $imageName));
+        $imageName = $this->BuildImageName($container);
+        $encodedImageName = urlencode($imageName);
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
         try {
             $this->guzzleClient->post($url);
-            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
             $this->guzzleClient->get($imageUrl)->getBody()->getContents();
         } catch (\Throwable $e) {
             throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");

From 6412aa3e0f4262e5fa6b163be7efb3bbd2ed5e2e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Dec 2023 13:08:19 +0100
Subject: [PATCH 1841/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c1559c1f..d174ebd9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -256,7 +256,6 @@ DATADIR_PERMISSION_CONF
             unset ADMIN_PASSWORD
 
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updater.release.channel --value=beta
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
                 INSTALL_DAT="$(php /var/www/html/occ config:app:get core installedat)"
                 if [ -n "$INSTALL_DAT" ]; then
@@ -275,7 +274,6 @@ DATADIR_PERMISSION_CONF
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
-                php /var/www/html/occ config:system:set updater.release.channel --value=stable
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns

From e96f35cf49e9b3c60047fbd5e36163ac63dd3962 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 12:13:44 +0000
Subject: [PATCH 1842/3949] Bump clamav/clamav from 1.2.1-20 to 1.2.1-21 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-20 to 1.2.1-21.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 32ac6000..823292cc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-20
+FROM clamav/clamav:1.2.1-21
 
 COPY clamav.conf /tmp/clamav.conf
 

From dac04a709a6f45a4488597be9578581d19430214 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 12:36:44 +0000
Subject: [PATCH 1843/3949] Bump python in /Containers/talk-recording

Bumps python from 3.12.0-alpine3.18 to 3.12.1-alpine3.18.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 01368ed6..6b43c86f 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.0-alpine3.18
+FROM python:3.12.1-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 

From a9d40f95e7b7a2361c722b1cc576fef645eb6d1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 12:48:16 +0000
Subject: [PATCH 1844/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.2.1 to 1.2.2.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fac18448..5a780a95 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.10.6-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.2 as signaling
 FROM alpine:3.18.5 as janus
 
 ARG JANUS_VERSION=v0.14.0

From 8f78cb36cf854dc7d79182357672b5ef58507837 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 12:51:23 +0000
Subject: [PATCH 1845/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.7.5-alpine to 2.7.6-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e8bf6d78..edeccede 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker:24.0.7-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.5-alpine as caddy
+FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
 FROM php:8.2.13-fpm-alpine3.18

From adb2988f016f7b560c7f3e904886415d946cb69d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 12:53:14 +0000
Subject: [PATCH 1846/3949] Bump caddy from 2.7.5-alpine to 2.7.6-alpine in
 /Containers/apache

Bumps caddy from 2.7.5-alpine to 2.7.6-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 740ee23a..8230aa7e 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,4 @@
-FROM caddy:2.7.5-alpine as caddy
+FROM caddy:2.7.6-alpine as caddy
 
 FROM httpd:2.4.58-alpine3.18
 

From 81a9934616e7cca068c0260d1decc88312da52d4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 12 Dec 2023 12:01:37 +0000
Subject: [PATCH 1847/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 13 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 2b95e83b..7c0ea325 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.8.1-beta
+version: 7.8.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 95206aba..130e0e14 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231130_081302-latest
+          image: nextcloud/aio-apache:20231212_115941-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 52cfb07c..eb5a2077 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231130_081302-latest
+          image: nextcloud/aio-clamav:20231212_115941-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 68cc29e6..1eed536f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231130_081302-latest
+          image: nextcloud/aio-collabora:20231212_115941-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 44c92d1e..753f0a0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231130_081302-latest
+          image: nextcloud/aio-postgresql:20231212_115941-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 29bbf1d1..80f9e0e9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231130_081302-latest
+          image: nextcloud/aio-fulltextsearch:20231212_115941-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d28cd599..d47136bc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231130_081302-latest
+          image: nextcloud/aio-imaginary:20231212_115941-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 38676dbf..78e6ad84 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,8 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:beta
-          imagePullPolicy: Always
+          image: nextcloud/aio-nextcloud:20231212_115941-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
@@ -174,6 +173,7 @@ spec:
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
               readOnly: true
+      terminationGracePeriodSeconds: 600
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 0975b3e5..c4f63cca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231130_081302-latest
+          image: nextcloud/aio-notify-push:20231212_115941-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index fecea8cc..c6770279 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231130_081302-latest
+          image: nextcloud/aio-onlyoffice:20231212_115941-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 7913eeb7..5c9a66ff 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231130_081302-latest
+          image: nextcloud/aio-redis:20231212_115941-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b5c4bf49..387c1375 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231130_081302-latest
+          image: nextcloud/aio-talk:20231212_115941-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 33a5e284..c791c155 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231130_081302-latest
+          image: nextcloud/aio-talk-recording:20231212_115941-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From badc0347b45f2fbe3212682d5b776126a27d6f24 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 12 Dec 2023 12:03:22 +0000
Subject: [PATCH 1848/3949] talk-update automated change

Signed-off-by: GitHub <noreply@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fac18448..5b722414 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -3,7 +3,7 @@ FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
 FROM alpine:3.18.5 as janus
 
-ARG JANUS_VERSION=v0.14.0
+ARG JANUS_VERSION=v0.14.1
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From 6d3eed0209cccf27fb45f57ab15a92abdfcbe053 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Dec 2023 14:10:54 +0100
Subject: [PATCH 1849/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 145d8d60..aeeb8a55 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -86,7 +86,7 @@
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        The official Nextcloud installation method. Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>

From 18e4b815a48c7fd930e6a6d9f5ed94afaf3031ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Dec 2023 14:12:53 +0100
Subject: [PATCH 1850/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6b3c4307..fe660d59 100644
--- a/readme.md
+++ b/readme.md
@@ -1,5 +1,5 @@
 # Nextcloud All-in-One
-The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
+The official Nextcloud installation method. Nextcloud AIO provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:
 - Nextcloud

From fb796debd6140444bac64ec7e674a5aafc30755d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Dec 2023 14:16:03 +0100
Subject: [PATCH 1851/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d174ebd9..20b31854 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -257,12 +257,12 @@ DATADIR_PERMISSION_CONF
 
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                INSTALL_DAT="$(php /var/www/html/occ config:app:get core installedat)"
-                if [ -n "$INSTALL_DAT" ]; then
+                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
+                if [ -n "${INSTALLED_AT}" ]; then
                     # Set the installdat to 00 which will allow to skip staging and install the next major directly
                     # shellcheck disable=SC2001
-                    INSTALL_DAT="$(echo "$INSTALL_DAT" | sed "s|[0-9][0-9]$|00|")"
-                    php /var/www/html/occ config:app:set core installedat --value="$INSTALL_DAT" 
+                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
+                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
                 fi
                 php /var/www/html/updater/updater.phar --no-interaction --no-backup
                 if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then

From 312f238bf6405614612506cdec228a8ca67a4f26 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Dec 2023 14:22:33 +0100
Subject: [PATCH 1852/3949] try to improve database dump logic on container
 shutdown

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 38 +++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 33c851fd..2a7b6845 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -167,25 +167,29 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
     fi
 fi
 
+do_database_dump() {
+    set -x
+    rm -f "$DUMP_FILE.temp"
+    touch "$DUMP_DIR/export.failed"
+    if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
+        rm -f "$DUMP_FILE"
+        mv "$DUMP_FILE.temp" "$DUMP_FILE"
+        pg_ctl stop -m fast
+        rm "$DUMP_DIR/export.failed"
+        echo 'Database dump successful!'
+        set +x
+        exit 0
+    else
+        pg_ctl stop -m fast
+        echo "Database dump unsuccessful!"
+        set +x
+        exit 1
+    fi
+}
+
 # Catch docker stop attempts
-trap 'true' SIGINT SIGTERM
+trap do_database_dump SIGINT SIGTERM
 
 # Start the database
 exec docker-entrypoint.sh postgres &
 wait $!
-
-# Continue with shutdown procedure: do database dump, etc.
-rm -f "$DUMP_FILE.temp"
-touch "$DUMP_DIR/export.failed"
-if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
-    rm -f "$DUMP_FILE"
-    mv "$DUMP_FILE.temp" "$DUMP_FILE"
-    pg_ctl stop -m fast
-    rm "$DUMP_DIR/export.failed"
-    echo 'Database dump successful!'
-    exit 0
-else
-    pg_ctl stop -m fast
-    echo "Database dump unsuccessful!"
-    exit 1
-fi

From fe669a0be7618468809ac391c2820d8fa60e0840 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 12 Dec 2023 16:37:29 +0100
Subject: [PATCH 1853/3949] restore major version check

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 20b31854..213fdaed 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -272,6 +272,18 @@ DATADIR_PERMISSION_CONF
                 fi
                 # shellcheck disable=SC2016
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+                INSTALLED_MAJOR="${installed_version%%.*}"
+                IMAGE_MAJOR="${image_version%%.*}"
+                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
+                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
+                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                        echo "Installation of Nextcloud failed!"
+                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                        exit 1
+                    fi
+                    # shellcheck disable=SC2016
+                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+                fi
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ app:enable nextcloud-aio --force

From ad4b48c82e56b2d0769fa78912da9839bf290b99 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 13 Dec 2023 17:23:20 +0100
Subject: [PATCH 1854/3949] change chart-releaser-action to specific version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 5db9aa61..c1f7f861 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -37,8 +37,7 @@ jobs:
           version: v3.6.3
 
       - name: Run chart-releaser
-        # TODO: switch back @main to a specific version like @v1.5.1 or higher
-        uses: helm/chart-releaser-action@main
+        uses: helm/chart-releaser-action@v1.6.0
         with:
           mark_as_latest: false
           charts_dir: .

From 5c3be60532cd6d88c48d5a2bcc29cd834e28b90c Mon Sep 17 00:00:00 2001
From: William Wong <46506352+tar-xz@users.noreply.github.com>
Date: Thu, 14 Dec 2023 18:26:45 +0800
Subject: [PATCH 1855/3949] Unify `<your-nc-domain>` throughout the doc

Signed-off-by: William Wong <46506352+tar-xz@users.noreply.github.com>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 330c28ea..c7ae0b29 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -505,7 +505,7 @@ myNextcloudApp.use((req, res) => {
 	proxy.web(req, res, {}, onProxyError);
 });
 
-vhost.use(vhostFunc('<your-nextcloud-domain>', myNextcloudApp));
+vhost.use(vhostFunc('<your-nc-domain>', myNextcloudApp));
 
 const httpServer = http.createServer(app);
 httpServer.listen('80');
@@ -579,7 +579,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
     http:
         routers:
             nextcloud:
-                rule: "Host(`<your-nextcloud-domain>`)"
+                rule: "Host(`<your-nc-domain>`)"
                 entrypoints:
                     - "https"
                 service: nextcloud

From b9725a16336ace79fb13aa5fbe85c6b3caf3d5d8 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Dec 2023 11:50:50 +0100
Subject: [PATCH 1856/3949] add note about enabling logging to stdout

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 15ba79c3..e18742d1 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -8,7 +8,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
 - After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
-- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
+- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml`. Also, you might want to enable logging to stdout so that you can see the stalwart logs in your container logs via `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/common/tracing.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
 - Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
 - Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project

From e07f1835512b5c84877c17f02eac8e6da4c34e29 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Dec 2023 12:00:28 +0100
Subject: [PATCH 1857/3949] improve default port docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index fe660d59..ca8f5d9b 100644
--- a/readme.md
+++ b/readme.md
@@ -252,7 +252,7 @@ No and it will not be added. If you only want to run it locally, you may have a
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
+No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).

From d616a8a507eb8b0f828b9212019951b9cc7de5c7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Dec 2023 12:09:04 +0100
Subject: [PATCH 1858/3949] Remove notify-push timeout again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index e9f558c9..bd7000c1 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -42,9 +42,6 @@ if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     exit 1
 fi
 
-# Add a timeout of 15s to hopefully get rid of the first error that is logged if apache is not there yet
-sleep 15
-
 echo "notify-push was started"
 
 # Set sensitive values as env

From 73d1ef29d8b615a1b2f784ce1a91662938d13cc3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Dec 2023 12:10:20 +0100
Subject: [PATCH 1859/3949] update Nc to 27.1.5

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 058c303e..8b055d3f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.26-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.4
+ENV NEXTCLOUD_VERSION 27.1.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From ecb0ba780dceb684347ecd2757ff74a4be9e94d7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Dec 2023 12:46:44 +0100
Subject: [PATCH 1860/3949] increase to 7.9.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0d58f76e..e5f1cea2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.8.1</h1>
+        <h1>Nextcloud AIO v7.9.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f9601276f0968f3a1657676c978f6b5f143c5c7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Dec 2023 12:56:02 +0000
Subject: [PATCH 1861/3949] Bump elasticsearch from 8.11.0 to 8.11.3 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.11.0 to 8.11.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 622ae2bf..b93bb559 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.0
+FROM elasticsearch:8.11.3
 
 USER root
 

From 66a04cb4363d0cb1cc7c954bc9a58c49e19439bf Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 20 Dec 2023 15:38:41 +0000
Subject: [PATCH 1862/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7c0ea325..fbfb5d7d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.8.1
+version: 7.9.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 130e0e14..ca37990e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231212_115941-latest
+          image: nextcloud/aio-apache:20231220_153200-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index eb5a2077..74385ccb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231212_115941-latest
+          image: nextcloud/aio-clamav:20231220_153200-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 1eed536f..f9044afd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231212_115941-latest
+          image: nextcloud/aio-collabora:20231220_153200-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 753f0a0e..abfddbd4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231212_115941-latest
+          image: nextcloud/aio-postgresql:20231220_153200-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 80f9e0e9..ccad8581 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231212_115941-latest
+          image: nextcloud/aio-fulltextsearch:20231220_153200-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d47136bc..c3b02f21 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231212_115941-latest
+          image: nextcloud/aio-imaginary:20231220_153200-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 78e6ad84..abc3ec88 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231212_115941-latest
+          image: nextcloud/aio-nextcloud:20231220_153200-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index c4f63cca..bcff7bd1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231212_115941-latest
+          image: nextcloud/aio-notify-push:20231220_153200-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c6770279..c428d0cb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231212_115941-latest
+          image: nextcloud/aio-onlyoffice:20231220_153200-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 5c9a66ff..a04650db 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231212_115941-latest
+          image: nextcloud/aio-redis:20231220_153200-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 387c1375..7ca4f4c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231212_115941-latest
+          image: nextcloud/aio-talk:20231220_153200-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c791c155..9009aec4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231212_115941-latest
+          image: nextcloud/aio-talk-recording:20231220_153200-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 275e6099dd18e1e827fdaa5253931eacd36802b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Dec 2023 12:14:23 +0000
Subject: [PATCH 1863/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.5.4.1 to 23.05.6.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index dbe05d16..bbecd37e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.4.1
+FROM collabora/code:23.05.6.4.1
 
 USER root
 

From 055c55ebfdf40b662d3ab5789d4fb298fcfceb1f Mon Sep 17 00:00:00 2001
From: PreciousChicken <hello@preciouschicken.com>
Date: Thu, 28 Dec 2023 12:10:37 +0000
Subject: [PATCH 1864/3949] Add context to custom skeleton directory howto

Currently the README section that describes how to change the custom
skeleton directory does not explain why an administrator may wish to
do this.  This addition to the documentation provides context: a custom
skeleton directory is created to change the default files and folders
that ship with Nextcloud.

Signed-off-by: J Hackman <gene@preciouschicken.com>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index ca8f5d9b..1d52ac12 100644
--- a/readme.md
+++ b/readme.md
@@ -688,8 +688,8 @@ You can move the whole docker library and all its files including all Nextcloud
 ### How to edit Nextclouds config.php file with a texteditor?
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 
-### Custom skeleton directory
-If you want to define a custom skeleton directory, you can do so by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+### How to change default files by creating a custom skeleton directory?
+All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban

From ef257bbce9bfa06eb63ef6ef7369a7d0991f259d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Dec 2023 12:15:32 +0000
Subject: [PATCH 1865/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.13-fpm-alpine3.18 to 8.2.14-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index edeccede..763b554a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.7-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.13-fpm-alpine3.18
+FROM php:8.2.14-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From 5c5c66cedd9cdf82580bd154f0bb5bca350b2470 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Dec 2023 12:57:47 +0000
Subject: [PATCH 1866/3949] Bump php in /Containers/nextcloud

Bumps php from 8.1.26-fpm-alpine3.18 to 8.1.27-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8b055d3f..dfe06d5f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.26-fpm-alpine3.18
+FROM php:8.1.27-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 507b17d8a9901e66ccee28c0630960a2a2e5ea1d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 29 Dec 2023 22:58:52 +0100
Subject: [PATCH 1867/3949] adjust the main features to make clear that most
 are optional

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/readme.md b/readme.md
index ca8f5d9b..f291f787 100644
--- a/readme.md
+++ b/readme.md
@@ -3,14 +3,14 @@ The official Nextcloud installation method. Nextcloud AIO provides easy deployme
 
 Included are:
 - Nextcloud
-- Nextcloud Office
 - High performance backend for Nextcloud Files
-- High performance backend for Nextcloud Talk and TURN-server
-- Nextcloud Talk Recording-server
-- Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
-- Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
-- ClamAV (Antivirus backend for Nextcloud)
-- Fulltextsearch
+- Nextcloud Office (optional)
+- High performance backend for Nextcloud Talk and TURN-server (optional)
+- Nextcloud Talk Recording-server (optional)
+- Backup solution (optional, based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
+- Imaginary (optional, for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
+- ClamAV (optional, Antivirus backend for Nextcloud)
+- Fulltextsearch (optional)
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance

From 8a296415fd14349a45e580456dbe1b9c57c905b7 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 30 Dec 2023 04:28:18 +0000
Subject: [PATCH 1868/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 285e2b1b..eb79571d 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.17.0@c620f6e80d0abfca532b00bda366062aaedf6e5d"/>
+<files psalm-version="5.18.0@b113f3ed0259fd6e212d87c3df80eec95a6abf19"/>

From 12b914f73144b6245b8abce1fe200440d98885c3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jan 2024 12:59:44 +0000
Subject: [PATCH 1869/3949] Bump clamav/clamav from 1.2.1-21 to 1.2.1-24 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-21 to 1.2.1-24.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 823292cc..688ea135 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-21
+FROM clamav/clamav:1.2.1-24
 
 COPY clamav.conf /tmp/clamav.conf
 

From 7fcc519d449c50e5bf694bd27e1afae67070171a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 Jan 2024 11:29:55 +0100
Subject: [PATCH 1870/3949] talk-recording - re-add secret to backend conf

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 87550d29..14a893a4 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -26,6 +26,8 @@ listen = 0.0.0.0:1234
 
 [backend]
 allowall = ${ALLOW_ALL}
+# The secret below is still needed if allowall is set to true, also it doesn't hurt to be here
+secret = ${RECORDING_SECRET}
 backends = backend-1
 skipverify = ${SKIP_VERIFY}
 maxmessagesize = 1024

From 5ca8025dcdf32ded868628f3501538339f6b89b7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 Jan 2024 12:33:48 +0100
Subject: [PATCH 1871/3949] increase to 7.9.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e5f1cea2..6597d13b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.9.0</h1>
+        <h1>Nextcloud AIO v7.9.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From bd3fc82923a236dabb004ae59d446282c6ceb6c3 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 4 Jan 2024 00:39:58 +0100
Subject: [PATCH 1872/3949] community-containers - add facerecognition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../facerecognition/facerecognition.json      | 29 +++++++++++++++++++
 .../facerecognition/readme.md                 | 11 +++++++
 readme.md                                     |  2 +-
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/facerecognition/facerecognition.json
 create mode 100644 community-containers/facerecognition/readme.md

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
new file mode 100644
index 00000000..3ad00fa2
--- /dev/null
+++ b/community-containers/facerecognition/facerecognition.json
@@ -0,0 +1,29 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-facerecognition",
+            "display_name": "Computing container for facerecognition",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition",
+            "image": "matiasdelellis/facerecognition-external-model",
+            "image_tag": "initial",
+            "internal_port": "5000",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "API_KEY=some-super-secret-api-key"
+            ],
+            "aio_variables": [
+                "nextcloud_memory_limit=4096M"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install facerecognition",
+                "php /var/www/html/occ app:enable facerecognition", 
+                "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
+                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
+                "php /var/www/html/occ face:setup -m 5",
+                "php /var/www/html/occ face:setup -M 4G",
+                "php /var/www/html/occ face:background_job &"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
new file mode 100644
index 00000000..6614be86
--- /dev/null
+++ b/community-containers/facerecognition/readme.md
@@ -0,0 +1,11 @@
+## Facerecognition
+This container bundles the external model of facerecognition and auto-configures it for you.
+
+### Notes
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/matiasdelellis/facerecognition-external-model
+
+### Maintainer
+https://github.com/matiasdelellis
diff --git a/readme.md b/readme.md
index 57d900f0..60a11027 100644
--- a/readme.md
+++ b/readme.md
@@ -663,7 +663,7 @@ Some Nextcloud apps require additional php extensions that must be bundled withi
 You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
 
 ### What about the pdlib PHP extension for the facerecognition app?
-The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
+The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.

From 2197a3bdbf70a81e51fc4a385b445e144156f35a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 5 Jan 2024 10:26:01 +0100
Subject: [PATCH 1873/3949] add fuse hint regarding alpine linux

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 57d900f0..9942d204 100644
--- a/readme.md
+++ b/readme.md
@@ -388,7 +388,7 @@ Not directly but you have multiple options to achieve this:
 ---
 
 #### Failure of the backup container in LXC containers
-If you are running AIO in a LXC container, you need to make sure that FUSE is enabled in the LXC container settings. Otherwise the backup container will not be able to start as FUSE is required for it to work.
+If you are running AIO in a LXC container, you need to make sure that FUSE is enabled in the LXC container settings. Also, if using Alpine Linux as host OS, make sure to add fuse via `apk add fuse`. Otherwise the backup container will not be able to start as FUSE is required for it to work.
 
 ---
 

From 8fc41130a0d15691574b87c037b223b517e504e0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 5 Jan 2024 10:52:09 +0100
Subject: [PATCH 1874/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 3ad00fa2..1c198fc6 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -22,7 +22,8 @@
                 "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
                 "php /var/www/html/occ face:setup -m 5",
                 "php /var/www/html/occ face:setup -M 4G",
-                "php /var/www/html/occ face:background_job &"
+                "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
+                "php /var/www/html/occ face:background_job --defer-clustering &"
             ]
         }
     ]

From a126cfceaf9055817a2e10cbdd096078ef14108f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 5 Jan 2024 22:34:20 +0100
Subject: [PATCH 1875/3949] enable previews for modern file formats and add
 some docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 5 +++++
 community-containers/facerecognition/readme.md            | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 1c198fc6..6f4511bb 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -23,6 +23,11 @@
                 "php /var/www/html/occ face:setup -m 5",
                 "php /var/www/html/occ face:setup -M 4G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 2 --value image/heic",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 3 --value image/tiff",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 4 --value image/webp",
                 "php /var/www/html/occ face:background_job --defer-clustering &"
             ]
         }
diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index 6614be86..9e4cf106 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -2,6 +2,8 @@
 This container bundles the external model of facerecognition and auto-configures it for you.
 
 ### Notes
+- This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
+- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 592e910da642676baac5538201765c54cba98f11 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:54:06 +0000
Subject: [PATCH 1876/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.6.4.1 to 23.05.6.5.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index bbecd37e..dc8d3516 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.6.4.1
+FROM collabora/code:23.05.6.5.1
 
 USER root
 

From 9a30bd15274902c81f6d0237a743463517153b6b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 13:00:00 +0000
Subject: [PATCH 1877/3949] Bump clamav/clamav from 1.2.1-24 to 1.2.1-25 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-24 to 1.2.1-25.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 688ea135..aee171bc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-24
+FROM clamav/clamav:1.2.1-25
 
 COPY clamav.conf /tmp/clamav.conf
 

From 8e1884e832cca36452cf90353cafd7135c94f247 Mon Sep 17 00:00:00 2001
From: kri164 <52274164+kri164@users.noreply.github.com>
Date: Tue, 9 Jan 2024 09:13:34 +0100
Subject: [PATCH 1878/3949] Update readme.md mistypo

Correct MSA port 578 -> 587

Signed-off-by: kri164 <52274164+kri164@users.noreply.github.com>
---
 community-containers/stalwart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index e18742d1..80c2c2fd 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -3,7 +3,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 
 ### Notes
 - This is only intended to run on a VPS with static ip-address.
-- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 578, 993 nor 4190 yet as otherwise the container will fail to start.
+- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 587, 993 nor 4190 yet as otherwise the container will fail to start.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!

From a8cbdbf19f709987e7b7523bb4d2f2744b075b98 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Tue, 9 Jan 2024 12:08:30 +0000
Subject: [PATCH 1879/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index fbfb5d7d..b9855bad 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.9.0
+version: 7.9.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index ca37990e..76026194 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231220_153200-latest
+          image: nextcloud/aio-apache:20240109_092105-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 74385ccb..3eb10197 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231220_153200-latest
+          image: nextcloud/aio-clamav:20240109_092105-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index f9044afd..0f81ab24 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231220_153200-latest
+          image: nextcloud/aio-collabora:20240109_092105-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index abfddbd4..4628247e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231220_153200-latest
+          image: nextcloud/aio-postgresql:20240109_092105-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ccad8581..70dae450 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231220_153200-latest
+          image: nextcloud/aio-fulltextsearch:20240109_092105-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index c3b02f21..99b85cd9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231220_153200-latest
+          image: nextcloud/aio-imaginary:20240109_092105-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index abc3ec88..5d10e469 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231220_153200-latest
+          image: nextcloud/aio-nextcloud:20240109_092105-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index bcff7bd1..73b4e379 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231220_153200-latest
+          image: nextcloud/aio-notify-push:20240109_092105-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c428d0cb..1cb955a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231220_153200-latest
+          image: nextcloud/aio-onlyoffice:20240109_092105-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index a04650db..16c6b41a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231220_153200-latest
+          image: nextcloud/aio-redis:20240109_092105-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 7ca4f4c0..ac14a974 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231220_153200-latest
+          image: nextcloud/aio-talk:20240109_092105-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 9009aec4..7e248ee0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231220_153200-latest
+          image: nextcloud/aio-talk-recording:20240109_092105-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 0be0c00a2ca5fd243151f453559388978817a7f6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 9 Jan 2024 13:17:24 +0100
Subject: [PATCH 1880/3949] borgbackup - add check for .ocdata file for datadir

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 41394ad6..f2e9d04e 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -69,6 +69,11 @@ if [ "$BORG_MODE" = backup ]; then
         exit 1
     elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/database-dump.sql" ]; then
         echo "database-dump is missing. Cannot perform backup!"
+        echo "Please check the database container logs!"
+        exit 1
+    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ]; then
+        echo "The .ocdata file is missing in Nextcloud datadir which means it is invalid!"
+        echo "Is the drive where the datadir is located on still mounted?"
         exit 1
     fi
 

From 40062e6fb716b9c237c25d83a40a7a01d2113b74 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 10 Jan 2024 04:09:14 +0000
Subject: [PATCH 1881/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index eb79571d..efff0560 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.18.0@b113f3ed0259fd6e212d87c3df80eec95a6abf19"/>
+<files psalm-version="5.19.0@06b71be009a6bd6d81b9811855d6629b9fe90e1b"/>

From 031d4cd19cb701b09a03b814598c22bd513b5406 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 Jan 2024 11:58:31 +0100
Subject: [PATCH 1882/3949] notify-push - fix postgres_user variable

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index bd7000c1..e524e20d 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -45,7 +45,7 @@ fi
 echo "notify-push was started"
 
 # Set sensitive values as env
-export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
 # Run it

From d9c90afd00581d9d800dd34b8de3f89b978fbc97 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 Jan 2024 12:00:50 +0100
Subject: [PATCH 1883/3949] increase to 7.10.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6597d13b..36e73424 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.9.1</h1>
+        <h1>Nextcloud AIO v7.10.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f0e206b60d426d19e421d3b57084720314e2017b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 10 Jan 2024 12:24:45 +0100
Subject: [PATCH 1884/3949] add some more docs for facerecognition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/readme.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index 9e4cf106..fa22e0bb 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -3,6 +3,24 @@ This container bundles the external model of facerecognition and auto-configures
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
+- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
+    ```bash
+    # Go into the container
+    sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
+    ```
+    Now inside the container:
+    ```bash
+    NC_USERS_NEW=$(php occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
+    mapfile -t NC_USERS_NEW <<< "$NC_USERS_NEW"
+    for user in "${NC_USERS_NEW[@]}"
+    do
+        php occ user:setting "$user" facerecognition full_image_scan_done false
+        php occ user:setting "$user" facerecognition enabled true
+    done
+
+    # Exit the container shell
+    exit
+    ```
 - If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From bff4772ad8c2146e27a7cec4ff53a2d1c0bd831a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 12:22:49 +0000
Subject: [PATCH 1885/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.5-alpine3.18 to 1.21.6-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 2da7768a..0018739c 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.5-alpine3.18 as go
+FROM golang:1.21.6-alpine3.18 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From e0ca3bdfd63fe17abec407e16709c4f3ad18e659 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 12:45:39 +0000
Subject: [PATCH 1886/3949] Bump redis from 7.2.3-alpine to 7.2.4-alpine in
 /Containers/redis

Bumps redis from 7.2.3-alpine to 7.2.4-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 44f932bf..575c50fc 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.3-alpine
+FROM redis:7.2.4-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From e56bab9d599326827505717c79223b9b0c387e7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Jan 2024 12:43:40 +0000
Subject: [PATCH 1887/3949] Bump nats from 2.10.7-scratch to 2.10.9-scratch in
 /Containers/talk

Bumps nats from 2.10.7-scratch to 2.10.9-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 4091f963..08bae13e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.7-scratch as nats
+FROM nats:2.10.9-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.2 as signaling
 FROM alpine:3.18.5 as janus

From 27d4f793e53109d895cfca3a1085bf310a3a4fc7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 12 Jan 2024 16:22:22 +0100
Subject: [PATCH 1888/3949] disable SELinux for AIO containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ad4c12b1..03d3f08f 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -522,6 +522,9 @@ class DockerActionManager
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
         }
 
+        // Disable SELinux for AIO containers so that it does not break them
+        $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
+
         $mounts = [];
 
         // Special things for the backup container which should not be exposed in the containers.json
@@ -553,9 +556,6 @@ class DockerActionManager
                 }
                 $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             }
-        // Special things for the watchtower and docker-socket-proxy container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
         }
 
         if (count($mounts) > 0) {

From d045a004535c7e0232e72f9b611ea2c47fd99cd5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 12 Jan 2024 16:32:18 +0100
Subject: [PATCH 1889/3949] inverse the addition of imagemagick by deleting it
 if it was not added

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 Containers/nextcloud/start.sh   | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dfe06d5f..9059b933 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -191,6 +191,7 @@ RUN set -ex; \
         grep \
         nodejs \
         bind-tools \
+        imagemagick \
         coreutils; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 1e74ea23..a9137847 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -54,6 +54,10 @@ sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
+        # Allow to disable imagemagick without having to download it each time
+        if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
+            apk del imagemagick;
+        fi
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
             echo "Installing $app via apk..."

From b0b771e9463c21fabe53c0c37b329b06dd77ead7 Mon Sep 17 00:00:00 2001
From: Nils K <24257556+septatrix@users.noreply.github.com>
Date: Sat, 13 Jan 2024 06:49:04 +0100
Subject: [PATCH 1890/3949] Update notice about Strato VPSs

Their newer generation no longer has a numproc/task limit, see:
https://github.com/nextcloud/all-in-one/pull/1799#issuecomment-1889735379

Signed-off-by: Nils K <24257556+septatrix@users.noreply.github.com>
---
 readme.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 505921d5..00eae3c4 100644
--- a/readme.md
+++ b/readme.md
@@ -222,7 +222,10 @@ Another but untested way is to install Portainer on your TrueNAS SCALE from here
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
 ### Disrecommended VPS providers
-- Stratos VPS crash/freeze/make errors when they reach an extremely low PID limit, which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164), Strato does normally not increase this limit.
+- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.
+  If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it
+  your server will likely misbehave once it reaches this limit
+  which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164).
 - Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
 
 ### Recommended VPS

From cf54794be20388d10af68208f73b4b708b83996e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 13 Jan 2024 10:46:42 +0100
Subject: [PATCH 1891/3949] Show info when psalm runs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.json b/php/composer.json
index 32488056..b0dc2546 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -19,7 +19,7 @@
         "ext-apcu": "*"
     },
     "scripts": {
-		"psalm": "psalm --threads=1",
+		"psalm": "psalm --threads=1 --show-info=true",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
 		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"

From 6518217d2b4f885d2811067a918a4fc6f1a3a322 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 12 Jan 2024 17:07:59 +0100
Subject: [PATCH 1892/3949] point at documentation if AIO is in RP mode

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c72e1641..a757a386 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -359,6 +359,9 @@ class ConfigurationManager
                 error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
                 error_log('Expected was: ' . $instanceID);
                 error_log('The error message was: ' . curl_error($ch));
+                if ($port !== '443') {
+                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
+                }
                 throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
             }
         }

From 36a67eb7499e970e2de51a3ebf65ccd37642796e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 13 Jan 2024 11:23:03 +0100
Subject: [PATCH 1893/3949] apache - adjust MaxRequestWorkers and ServerLimit

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile    | 6 ++++++
 Containers/nextcloud/Dockerfile | 2 +-
 Containers/postgresql/start.sh  | 1 +
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 8230aa7e..828cbcaf 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -53,6 +53,12 @@ RUN set -ex; \
         /usr/local/apache2/conf/httpd.conf; \
     echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
     echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
+# Sync this with max db connections and pm.max_children
+# We don't actually expect so many workers but don't want to limit it artificially because people will report issues otherwise.
+    sed -i 's|MaxRequestWorkers.*|MaxRequestWorkers 5000|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+    grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
+    sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
     \
     rm -rf /usr/local/apache2/conf/original /var/www; \
     mkdir -p /var/www; \
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index dfe06d5f..01bb9d22 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -195,7 +195,7 @@ RUN set -ex; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-# Sync this with max db connections
+# Sync this with max db connections and MaxRequestWorkers
 # We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
 # Also children will usually be terminated again after the process is done due to the ondemand setting
     sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 2a7b6845..4ae7369f 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -150,6 +150,7 @@ fi
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
     echo "Setting postgres values..."
 
+    # Sync this with max pm.max_children and MaxRequestWorkers
     # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
     # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
     # Also connections should usually be closed again after the process is done

From 72fe74964479ff94392bae18c23af1e8297ddee0 Mon Sep 17 00:00:00 2001
From: Marc <github@wuast24.de>
Date: Sun, 14 Jan 2024 10:04:36 +0100
Subject: [PATCH 1894/3949] Add Treafik HTTP/3 Support (#3965)

Signed-off-by: wuast94 <mihauku@googlemail.com>
Signed-off-by: wuast94 <github@wuast24.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Marc <github@wuast24.de>
Co-authored-by: wuast94 <mihauku@googlemail.com>
Co-authored-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 90 ++++++++++++++++++++++++++----------------------
 1 file changed, 48 insertions(+), 42 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c7ae0b29..eb9c72bf 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -556,61 +556,67 @@ The examples below define the dynamic configuration in YAML files. If you rather
     # STATIC CONFIGURATION
    
     entryPoints:
-        https:
-            address: ":443" # Create an entrypoint called "https" that uses port 443
+      https:
+        address: ":443" # Create an entrypoint called "https" that uses port 443
+        # If you want to enable HTTP/3 support, uncomment the line below
+        # http3: {}
     
     certificatesResolvers:
-        # Define "letsencrypt" certificate resolver
-        letsencrypt:
-            acme:
-                storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
-                email: <your-email-address> # Where LE sends notification about certificates expiring
-                tlschallenge: true
+      # Define "letsencrypt" certificate resolver
+      letsencrypt:
+        acme:
+          storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+          email: <your-email-address> # Where LE sends notification about certificates expiring
+          tlschallenge: true
    
     providers:
-        file:
-            directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
-            watch: true
+      file:
+        directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+        watch: true
+
+    # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
+    # experimental:
+      # http3: true
     ```
 
 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
 
     ```yml
     http:
-        routers:
-            nextcloud:
-                rule: "Host(`<your-nc-domain>`)"
-                entrypoints:
-                    - "https"
-                service: nextcloud
-                middlewares:
-                    - nextcloud-chain
-                tls:
-                    certresolver: "letsencrypt"
+      routers:
+        nextcloud:
+          rule: "Host(`<your-nc-domain>`)"
+          entrypoints:
+            - "https"
+          service: nextcloud
+          middlewares:
+            - nextcloud-chain
+          tls:
+            certresolver: "letsencrypt"
 
-        services:
-            nextcloud:
-                loadBalancer:
-                    servers:
-                        - url: "http://localhost:11000" # Use the host's IP address if Traefik runs outside the host network
+      services:
+        nextcloud:
+          loadBalancer:
+            servers:
+              - url: "http://localhost:11000" # Use the host's IP address if Traefik runs outside the host network
 
-        middlewares:
-            nextcloud-secure-headers:
-                headers:
-                    hostsProxyHeaders:
-                        - "X-Forwarded-Host"
-                    referrerPolicy: "same-origin"
+      middlewares:
+        nextcloud-secure-headers:
+          headers:
+            hostsProxyHeaders:
+              - "X-Forwarded-Host"
+            referrerPolicy: "same-origin"
 
-            https-redirect:
-                redirectscheme:
-                    scheme: https 
-   
-            nextcloud-chain:
-                chain:
-                    middlewares:
-                        # - ... (e.g. rate limiting middleware)
-                        - https-redirect
-                        - nextcloud-secure-headers
+        https-redirect:
+          redirectscheme:
+            scheme: https 
+
+        nextcloud-chain:
+          chain:
+            middlewares:
+              # - ... (e.g. rate limiting middleware)
+              - https-redirect
+              - nextcloud-secure-headers
     ```
 
 ---

From 7644b5f453ec8fbec571138b2e206564a83baaae Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 14 Jan 2024 13:28:18 +0100
Subject: [PATCH 1895/3949] improve the reserved ip-address notice

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c72e1641..eb88db17 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -320,7 +320,7 @@ class ConfigurationManager
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work!");
                 } else {
                     error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }

From 93de170c38bacee9c882f6b59cc1903fa9ae80ca Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 15 Jan 2024 11:06:18 +0100
Subject: [PATCH 1896/3949] add further hint for what could be wrong

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 15104d33..986cf6e0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -70,6 +70,7 @@ fi
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
+    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1

From 61caa08b10410de7946cadccb5941812d4a05a46 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 15 Jan 2024 11:24:09 +0100
Subject: [PATCH 1897/3949] only check if the image is actually there if no
 image is there

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ad4c12b1..68877cd1 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -582,12 +582,19 @@ class DockerActionManager
         $imageName = $this->BuildImageName($container);
         $encodedImageName = urlencode($imageName);
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
+        $imageIsThere = true;
         try {
-            $this->guzzleClient->post($url);
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
             $this->guzzleClient->get($imageUrl)->getBody()->getContents();
         } catch (\Throwable $e) {
-            throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+            $imageIsThere = false;
+        }
+        try {
+            $this->guzzleClient->post($url);
+        } catch (RequestException $e) {
+            if ($imageIsThere === false) {
+                throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+            }
         }
     }
 

From 5f04e41488996a0585a24cb2bc1ed0f0abbebf2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 12:53:20 +0000
Subject: [PATCH 1898/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.6.5.1 to 23.05.7.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index dc8d3516..0eff2275 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.6.5.1
+FROM collabora/code:23.05.7.2.1
 
 USER root
 

From 27d98c0d75d3221f9372a5547195da870facd7a8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 13:00:24 +0000
Subject: [PATCH 1899/3949] Bump clamav/clamav from 1.2.1-25 to 1.2.1-26 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-25 to 1.2.1-26.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index aee171bc..2c7de76f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-25
+FROM clamav/clamav:1.2.1-26
 
 COPY clamav.conf /tmp/clamav.conf
 

From 29399df2957b161d9026c66797e0318a8833ab97 Mon Sep 17 00:00:00 2001
From: matiasdelellis <mati86dl@gmail.com>
Date: Mon, 15 Jan 2024 21:29:18 -0300
Subject: [PATCH 1900/3949] Increase version of the external model to v1.

This adds a few fixes that you can see in:

https://github.com/matiasdelellis/facerecognition-external-model/releases/tag/1.0.0

Signed-off-by: matiasdelellis <mati86dl@gmail.com>
---
 community-containers/facerecognition/facerecognition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 6f4511bb..819a4760 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -5,7 +5,7 @@
             "display_name": "Computing container for facerecognition",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition",
             "image": "matiasdelellis/facerecognition-external-model",
-            "image_tag": "initial",
+            "image_tag": "v1",
             "internal_port": "5000",
             "restart": "unless-stopped",
             "environment": [

From d393edd9262e5b823fe036f668a940f05fe23fdf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 12 Jan 2024 16:19:21 +0100
Subject: [PATCH 1901/3949] Make port 443 error message more verbose

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c72e1641..30c3e636 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -331,7 +331,7 @@ class ConfigurationManager
             if ($connection) {
                 fclose($connection);
             } else {
-                throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
+                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.");
             }
 
             // Get Instance ID

From faf88fe7f0e6fe83971eb7109d2b928d9df407aa Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sun, 14 Jan 2024 13:32:45 +0100
Subject: [PATCH 1902/3949] improve the hint what to do if access on 443 is
 blocked

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 4ddb3304..51780b35 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -359,10 +359,13 @@ class ConfigurationManager
                 error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
                 error_log('Expected was: ' . $instanceID);
                 error_log('The error message was: ' . curl_error($ch));
-                if ($port !== '443') {
+                $notice = "Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')";
+                if ($port === '443') {
+                    $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
+                } else {
                     error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
                 }
-                throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+                throw new InvalidSettingConfigurationException($notice);
             }
         }
 

From 731c09fc74dc7787c6bb12feae8b7cd29085920f Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 17 Jan 2024 08:59:59 +0000
Subject: [PATCH 1903/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index b9855bad..b5dca7a7 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.9.1
+version: 7.10.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 76026194..ceee07aa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240109_092105-latest
+          image: nextcloud/aio-apache:20240117_083657-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 3eb10197..2dd4af6c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240109_092105-latest
+          image: nextcloud/aio-clamav:20240117_083657-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 0f81ab24..03def331 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240109_092105-latest
+          image: nextcloud/aio-collabora:20240117_083657-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 4628247e..9a3ddfc3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240109_092105-latest
+          image: nextcloud/aio-postgresql:20240117_083657-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 70dae450..6f4784db 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240109_092105-latest
+          image: nextcloud/aio-fulltextsearch:20240117_083657-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 99b85cd9..261458cc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240109_092105-latest
+          image: nextcloud/aio-imaginary:20240117_083657-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 5d10e469..acf7dfea 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240109_092105-latest
+          image: nextcloud/aio-nextcloud:20240117_083657-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 73b4e379..e89dbe4e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240109_092105-latest
+          image: nextcloud/aio-notify-push:20240117_083657-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1cb955a0..44ab44d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240109_092105-latest
+          image: nextcloud/aio-onlyoffice:20240117_083657-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 16c6b41a..0cc5bbc1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240109_092105-latest
+          image: nextcloud/aio-redis:20240117_083657-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index ac14a974..1df9be77 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240109_092105-latest
+          image: nextcloud/aio-talk:20240117_083657-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 7e248ee0..610e0f9f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240109_092105-latest
+          image: nextcloud/aio-talk-recording:20240117_083657-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From b43e8e56a23c7a7eb72d13af2b503f6abfe85369 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 17 Jan 2024 10:02:40 +0100
Subject: [PATCH 1904/3949] increase to 7.11.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 36e73424..8e2cc2dc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.10.0</h1>
+        <h1>Nextcloud AIO v7.11.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 8cf535e187c1811e8f80fcef9bb424edb5c04075 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 17 Jan 2024 13:25:31 +0100
Subject: [PATCH 1905/3949] actually make the inversion of installing apks work

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index a9137847..e9e0cbc1 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -60,9 +60,11 @@ if [ -n "$ADDITIONAL_APKS" ]; then
         fi
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            echo "Installing $app via apk..."
-            if ! apk add --no-cache "$app" >/dev/null; then
-                echo "The packet $app was not installed!"
+            if [ "$app" != imagemagick ]; then
+                echo "Installing $app via apk..."
+                if ! apk add --no-cache "$app" >/dev/null; then
+                    echo "The packet $app was not installed!"
+                fi
             fi
         done
     fi

From a6727c629aa6b659c381bcad1f1dfef8ca55f0a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Jan 2024 12:09:55 +0000
Subject: [PATCH 1906/3949] Bump elasticsearch from 8.11.3 to 8.12.0 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.11.3 to 8.12.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index b93bb559..711b1454 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.11.3
+FROM elasticsearch:8.12.0
 
 USER root
 

From b17561d41e575c7efd45fac1a6fb410be79bbe37 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 19 Jan 2024 14:40:49 +0100
Subject: [PATCH 1907/3949] remove show-info for psalm again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.json b/php/composer.json
index b0dc2546..32488056 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -19,7 +19,7 @@
         "ext-apcu": "*"
     },
     "scripts": {
-		"psalm": "psalm --threads=1 --show-info=true",
+		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
 		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"

From 5ec3fd2d3d54a15f3dc56ecbef9769fc9ac1c2a8 Mon Sep 17 00:00:00 2001
From: hunhejj <hunhejj@gmail.com>
Date: Fri, 19 Jan 2024 14:35:53 +0100
Subject: [PATCH 1908/3949] Reword the error message shown when the password is
 incorrect

Signed-off-by: hunhejj <hunhejj@gmail.com>
---
 php/src/Controller/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 954cf494..787ec6e1 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -30,7 +30,7 @@ class LoginController
             return $response->withHeader('Location', '/')->withStatus(201);
         }
 
-        $response->getBody()->write("The password is false.");
+        $response->getBody()->write("The password is incorrect.");
         return $response->withHeader('Location', '/')->withStatus(422);
     }
 

From c2bfe1d37de8d7792fbcc432014ccc4429606ee9 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 20 Jan 2024 21:57:51 +0000
Subject: [PATCH 1909/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index efff0560..19d94ff7 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.19.0@06b71be009a6bd6d81b9811855d6629b9fe90e1b"/>
+<files psalm-version="5.20.0@3f284e96c9d9be6fe6b15c79416e1d1903dcfef4"/>

From 5303ff292722c2ecacbb2f65e85f3640bc0fea47 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Mon, 22 Jan 2024 12:03:03 +0000
Subject: [PATCH 1910/3949] php dependency updates

Signed-off-by: GitHub <noreply@github.com>
---
 php/composer.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ad792be0..0c46654c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1090,16 +1090,16 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.3.0",
+            "version": "1.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7"
+                "reference": "f66be9740283ed4f432535aff3623540e178013a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ebaaf295fd6d7224078d8ae3bba45329b31798c7",
-                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/f66be9740283ed4f432535aff3623540e178013a",
+                "reference": "f66be9740283ed4f432535aff3623540e178013a",
                 "shasum": ""
             },
             "require": {
@@ -1110,10 +1110,10 @@
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.15",
-                "phpspec/prophecy-phpunit": "^2.0",
-                "phpunit/phpunit": "^9.5",
-                "squizlabs/php_codesniffer": "^3.7"
+                "phpspec/prophecy": "^1.18",
+                "phpspec/prophecy-phpunit": "^2.1",
+                "phpunit/phpunit": "^9.6",
+                "squizlabs/php_codesniffer": "^3.8"
             },
             "type": "library",
             "autoload": {
@@ -1142,9 +1142,9 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.3.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.4.0"
             },
-            "time": "2022-11-05T19:27:53+00:00"
+            "time": "2024-01-22T09:08:27+00:00"
         },
         {
             "name": "slim/slim",

From 85d5b6890d6d836c8d83ddedb4256370a6585780 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jan 2024 12:20:41 +0000
Subject: [PATCH 1911/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.7.2.1 to 23.05.7.5.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 0eff2275..41ff51e8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.7.2.1
+FROM collabora/code:23.05.7.5.1
 
 USER root
 

From 11b1ecbd30f13df88605ba5d6af2c0e32f4b6700 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jan 2024 12:35:50 +0000
Subject: [PATCH 1912/3949] Bump clamav/clamav from 1.2.1-26 to 1.2.1-27 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-26 to 1.2.1-27.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 2c7de76f..e1e124df 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-26
+FROM clamav/clamav:1.2.1-27
 
 COPY clamav.conf /tmp/clamav.conf
 

From ad7248358c1380aab047577797d70567a9516d34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jan 2024 13:04:07 +0000
Subject: [PATCH 1913/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.14-fpm-alpine3.18 to 8.2.15-fpm-alpine3.18.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 763b554a..38dc498d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:24.0.7-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.14-fpm-alpine3.18
+FROM php:8.2.15-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080

From b4a380c1b2428e96bec23c7a437cd441966e3e1f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 24 Jan 2024 12:14:08 +0100
Subject: [PATCH 1914/3949] try to fix psalm

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/domain-validator.php              | 2 +-
 php/src/Data/ConfigurationManager.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/domain-validator.php b/php/domain-validator.php
index a1e6487b..8f4fca11 100644
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -8,7 +8,7 @@ if (strpos($domain, '.') === false) {
     http_response_code(400);  
 } elseif (strpos($domain, ':') !== false) { 
     http_response_code(400);  
-} elseif (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { 
+} elseif (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
     http_response_code(400); 
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
     http_response_code(400); 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 51780b35..3b3cba5d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -286,7 +286,7 @@ class ConfigurationManager
         }
 
         // Validate domain
-        if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
+        if (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) {
             throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
         }
 
@@ -305,7 +305,7 @@ class ConfigurationManager
 
             if (empty($dnsRecordIP)) {
                 $record = dns_get_record($domain, DNS_AAAA);
-                if (!empty($record)) {
+                if (!empty($record[0]['ipv6'])) {
                     $dnsRecordIP = $record[0]['ipv6'];
                 }
             }

From 1b4a00735ca9b5d88f391fd5acd528397743af80 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 24 Jan 2024 12:09:20 +0000
Subject: [PATCH 1915/3949] Helm Chart updates

Signed-off-by: GitHub <noreply@github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml             | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-clamav-service.yaml             | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-collabora-service.yaml          | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-database-service.yaml           | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-fulltextsearch-service.yaml     | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml          | 2 +-
 .../templates/nextcloud-aio-namespace-namespace.yaml        | 1 -
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-nextcloud-service.yaml          | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml        | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 6 +++---
 .../templates/nextcloud-aio-onlyoffice-service.yaml         | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml           | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 6 +++---
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml     | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml               | 4 ++--
 26 files changed, 50 insertions(+), 51 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index b5dca7a7..1f8f8783 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.10.0
+version: 7.11.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index ceee07aa..d7f57ff3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240117_083657-latest
+          image: nextcloud/aio-apache:20240124_105749-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 47c36b71..e2a3389f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2dd4af6c..dc68a217 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240117_083657-latest
+          image: nextcloud/aio-clamav:20240124_105749-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 4683278b..7af1e626 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 03def331..51cde672 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240117_083657-latest
+          image: nextcloud/aio-collabora:20240124_105749-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 6307dc4f..9f47648f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 9a3ddfc3..752d732d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240117_083657-latest
+          image: nextcloud/aio-postgresql:20240124_105749-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index e770011b..9999233b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 6f4784db..3ac00e1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240117_083657-latest
+          image: nextcloud/aio-fulltextsearch:20240124_105749-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 6e66b639..f98c2335 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 261458cc..9fc6b6b2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240117_083657-latest
+          image: nextcloud/aio-imaginary:20240124_105749-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 182d0460..3bd1c737 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index 1f0c6e03..265abb64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -3,4 +3,3 @@ kind: Namespace
 metadata:
   name: {{ .Values.NAMESPACE }}
   namespace: {{ .Values.NAMESPACE }}
-spec: {}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index acf7dfea..64562d6d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240117_083657-latest
+          image: nextcloud/aio-nextcloud:20240124_105749-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 48ca483b..dd12a261 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e89dbe4e..dbc15082 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-notify-push
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240117_083657-latest
+          image: nextcloud/aio-notify-push:20240124_105749-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index fee9d10b..17ecb5bd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 44ab44d4..902ee707 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240117_083657-latest
+          image: nextcloud/aio-onlyoffice:20240124_105749-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index af10c7cf..549653db 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0cc5bbc1..260d0ee9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240117_083657-latest
+          image: nextcloud/aio-redis:20240124_105749-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 508b0c75..7f2bc67c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 1df9be77..16967a71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240117_083657-latest
+          image: nextcloud/aio-talk:20240124_105749-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 610e0f9f..4b6f4d30 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk-recording
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240117_083657-latest
+          image: nextcloud/aio-talk-recording:20240124_105749-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index d307c573..2ffceefe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 9d87d9ee..37306e42 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -5,7 +5,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -30,7 +30,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk

From 1c8e46708feae11304db3c5059611efd1ad74045 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 24 Jan 2024 15:25:43 +0100
Subject: [PATCH 1916/3949] allow to add nextcloud-aio-caddy ip-address to
 trusted proxies automatically

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh          | 1 +
 php/containers.json                    | 1 +
 php/src/Docker/DockerActionManager.php | 7 +++++++
 3 files changed, 9 insertions(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index da40f406..2c67aafc 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -40,6 +40,7 @@ sed -i 's|- ip_binding: |- |' containers.yml
 sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
+sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
diff --git a/php/containers.json b/php/containers.json
index b62c4236..2ee9a131 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -213,6 +213,7 @@
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
         "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
         "THIS_IS_AIO=true"
       ],
       "stop_grace_period": 600,
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c0772013..50b9c977 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,6 +406,13 @@ class DockerActionManager
                 // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
                 } elseif ($out[1] === 'AIO_DATABASE_HOST') {
                     $replacements[1] = gethostbyname('nextcloud-aio-database');
+                // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+                } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
+                    $replacements[1] = '';
+                    $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
+                    if (in_array('caddy', $communityContainers, true)) {
+                        $replacements[1] = gethostbyname('nextcloud-aio-caddy');
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {

From f2b661dc914ec268a1e2d4810fc9e7580ff0d094 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 25 Jan 2024 12:01:43 +0100
Subject: [PATCH 1917/3949] nextcloud - update to 27.1.6

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f0c32667..8ea59e0c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.27-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.5
+ENV NEXTCLOUD_VERSION 27.1.6
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From 2aa4b4aa1188654c304b744ac5dac5a11675dac9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 25 Jan 2024 12:04:26 +0100
Subject: [PATCH 1918/3949] increase to 7.11.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8e2cc2dc..8c232f72 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.11.0</h1>
+        <h1>Nextcloud AIO v7.11.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 1cce2e535f1d3b8b8a626885860c9c0b1d443dee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 25 Jan 2024 12:17:43 +0100
Subject: [PATCH 1919/3949] fix filter_var syntax for domain-validator

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/domain-validator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/domain-validator.php b/php/domain-validator.php
index 8f4fca11..5f5ac009 100644
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -8,7 +8,7 @@ if (strpos($domain, '.') === false) {
     http_response_code(400);  
 } elseif (strpos($domain, ':') !== false) { 
     http_response_code(400);  
-} elseif (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
+} elseif (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
     http_response_code(400); 
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
     http_response_code(400); 

From d1804260b325252a99c2c81b75b603d44554fdc6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jan 2024 12:56:12 +0000
Subject: [PATCH 1920/3949] Bump peter-evans/create-or-update-comment from
 3.1.0 to 4.0.0

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 3.1.0 to 4.0.0.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/23ff15729ef2fc348714a3bb66d2f655ca9066f2...71345be0265236311c031f5c7866368bd1eff043)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/command-rebase.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
index 466c71f7..2a4125d8 100644
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

From c991fe55ce3a715aff8d95e297098f2da259ba65 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 26 Jan 2024 09:23:55 +0100
Subject: [PATCH 1921/3949] downgrade back to 27.1.5

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8ea59e0c..f0c32667 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -3,7 +3,7 @@ FROM php:8.1.27-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.6
+ENV NEXTCLOUD_VERSION 27.1.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

From ca1b736cf7ed441f98bdc92b69abbe0cfd8a3ecb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 29 Jan 2024 09:34:26 +0100
Subject: [PATCH 1922/3949] fix borg backup restore not working anymore

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 50b9c977..cecde9e5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -525,12 +525,11 @@ class DockerActionManager
             $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
         }
 
-        if ($container->isApparmorUnconfined()) {
-            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
-        }
-
         // Disable SELinux for AIO containers so that it does not break them
         $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
+        if ($container->isApparmorUnconfined()) {
+            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable"];
+        }
 
         $mounts = [];
 

From a9c1c5fe11cd97749396db8b6a1e928c4092b70c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 29 Jan 2024 09:38:09 +0100
Subject: [PATCH 1923/3949] increase to 7.11.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8c232f72..5ef23811 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.11.1</h1>
+        <h1>Nextcloud AIO v7.11.2</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 54a06b7b2360f126692e06f7379c0892c916d427 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:08:04 +0000
Subject: [PATCH 1924/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/borgbackup

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 7e467e67..264a7f92 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 
 RUN set -ex; \
     \

From f9bcbff15114c582e42cbf2ae12d1647ea447608 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:22:01 +0000
Subject: [PATCH 1925/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/notify-push

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 602db937..02344b71 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From afab35175d2b7dcbee4455f6aba6e9957b0600c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:24:39 +0000
Subject: [PATCH 1926/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/imaginary

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 0018739c..83693504 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

From 3b957792fe3fd65803c2c955aa9e88ade66190b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:32:10 +0000
Subject: [PATCH 1927/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/talk

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 08bae13e..1d15bc87 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 FROM nats:2.10.9-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.2 as signaling
-FROM alpine:3.18.5 as janus
+FROM alpine:3.19.1 as janus
 
 ARG JANUS_VERSION=v0.14.1
 WORKDIR /src
@@ -33,7 +33,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From ffb4f6b7a29e2e13c0dc6877a5ad6d608904edca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:32:45 +0000
Subject: [PATCH 1928/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.7.5.1 to 23.05.8.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 41ff51e8..9de4410b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.7.5.1
+FROM collabora/code:23.05.8.2.1
 
 USER root
 

From da878302d1a869b7cae3504eb2ddfd16e62e0d19 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:33:09 +0000
Subject: [PATCH 1929/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/watchtower

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index d63b5a53..2a90ab7e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 as watchtower
 
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

From 8cec66d34a31949d4cbb06d674821eb921396c65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:34:06 +0000
Subject: [PATCH 1930/3949] Bump alpine from 3.18.5 to 3.19.1 in
 /Containers/domaincheck

Bumps alpine from 3.18.5 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index f494f545..9dca95a3 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.5
+FROM alpine:3.19.1
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \

From b079734daa53de09138f0f560edcb6191fb8394a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jan 2024 12:53:45 +0000
Subject: [PATCH 1931/3949] Bump clamav/clamav from 1.2.1-27 to 1.2.1-28 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-27 to 1.2.1-28.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e1e124df..b1aca4d5 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-27
+FROM clamav/clamav:1.2.1-28
 
 COPY clamav.conf /tmp/clamav.conf
 

From 75b2bd3c756cdd97aef3fcdff494994cef5c47c1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 29 Jan 2024 16:48:55 +0100
Subject: [PATCH 1932/3949] update all remaining images to alpine3.19

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile              | 2 +-
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 Containers/imaginary/Dockerfile           | 4 ++--
 Containers/mastercontainer/Dockerfile     | 4 ++--
 Containers/nextcloud/Dockerfile           | 2 +-
 Containers/talk-recording/Dockerfile      | 2 +-
 readme.md                                 | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 828cbcaf..b30b65f4 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,6 +1,6 @@
 FROM caddy:2.7.6-alpine as caddy
 
-FROM httpd:2.4.58-alpine3.18
+FROM httpd:2.4.58-alpine3.19
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 3831d548..ec30c35d 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.9.0-alpine3.18
+FROM haproxy:2.9.0-alpine3.19
 
 # hadolint ignore=DL3002
 USER root
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 0018739c..78a10c1e 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
-FROM golang:1.21.6-alpine3.18 as go
+FROM golang:1.21.6-alpine3.19 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 38dc498d..f6915300 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -4,8 +4,8 @@ FROM docker:24.0.7-cli as docker
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.15-fpm-alpine3.18
+# From https://github.com/docker-library/php/blob/master/8.2/alpine3.19/fpm/Dockerfile
+FROM php:8.2.15-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f0c32667..c6a24ebc 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.1.27-fpm-alpine3.18
+FROM php:8.1.27-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 4c5dffe2..c8db1403 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.1-alpine3.18
+FROM python:3.12.1-alpine3.19
 
 COPY --chmod=775 start.sh /start.sh
 
diff --git a/readme.md b/readme.md
index 00eae3c4..081278a1 100644
--- a/readme.md
+++ b/readme.md
@@ -658,7 +658,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.18. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.19. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From db5290f603059cbfdbefadc74f5d2efef3090c3a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Jan 2024 13:03:32 +0000
Subject: [PATCH 1933/3949] Bump peter-evans/create-pull-request from 5 to 6

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5 to 6.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v5...v6)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 95a00cdb..dc1824f1 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index d29572f8..27fb53e2 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index ea132450..0c0db2a9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -68,7 +68,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 99eb1459..266763e3 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -31,7 +31,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 59e0ff49..de29ac39 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 0a903a2c..d1372c61 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -21,7 +21,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index b24320de..c241708d 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: Yaml updates
           signoff: true

From ef30ecae8f62c8b0cbc6379352c99e31595b058a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 31 Jan 2024 16:17:04 +0100
Subject: [PATCH 1934/3949] helm chart - allow to add additional trusted domain

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile                         |  1 +
 Containers/apache/start.sh                          |  6 ++++++
 Containers/nextcloud/entrypoint.sh                  |  3 +++
 .../templates/nextcloud-aio-apache-deployment.yaml  |  2 ++
 .../nextcloud-aio-nextcloud-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh             | 13 +++++++++++++
 nextcloud-aio-helm-chart/values.yaml                |  1 +
 7 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index fb6b80cb..121f1778 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -14,6 +14,7 @@
     }
 }
 
+https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
     # Collabora
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 06adb882..9b89c2b5 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -51,6 +51,12 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 
+# Remove additional domain if not given
+if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
+fi
+echo "$CADDYFILE" > /tmp/Caddyfile
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 213fdaed..c2dbebed 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -528,6 +528,9 @@ php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
     php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
+if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d7f57ff3..c6f41223 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -37,6 +37,8 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: APACHE_MAX_SIZE
               value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: APACHE_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 64562d6d..cca6a9a3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -70,6 +70,8 @@ spec:
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: ADDITIONAL_APKS
@@ -112,8 +114,6 @@ spec:
               value: nextcloud-aio-onlyoffice
             - name: ONLYOFFICE_SECRET
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
-            - name: OVERWRITEHOST
-              value: "{{ .Values.NC_DOMAIN }}"
             - name: OVERWRITEPROTOCOL
               value: https
             - name: PHP_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index bfc7fbff..20cd2f70 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,6 +27,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
+sed -i '/OVERWRITEHOST/d' latest.yml
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i '/APACHE_IP_BINDING/d' latest.yml
@@ -255,12 +256,23 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
 
+# Additional config
+cat << EOL > /tmp/additional-apache.config
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
+
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -305,6 +317,7 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f81e9d3c..16d7cd51 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -51,6 +51,7 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 4e96085574458a3941889daefd30ddf1b8b5eefb Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 1 Feb 2024 04:09:25 +0000
Subject: [PATCH 1935/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 19d94ff7..13cad7ad 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.20.0@3f284e96c9d9be6fe6b15c79416e1d1903dcfef4"/>
+<files psalm-version="5.21.1@8c473e2437be8b6a8fd8f630f0f11a16b114c494"/>

From 44464fc1d78ec7581d563078e4a180aa9e0df1fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 12:11:59 +0000
Subject: [PATCH 1936/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.2.2 to 1.2.3.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 1d15bc87..01c605b0 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 FROM nats:2.10.9-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.2 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
 FROM alpine:3.19.1 as janus
 
 ARG JANUS_VERSION=v0.14.1

From 8d27a0bc511f11d5d2c1055b2117a05d5ffe4c45 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 12:16:17 +0000
Subject: [PATCH 1937/3949] Bump docker from 24.0.7-cli to 25.0.1-cli in
 /Containers/mastercontainer

Bumps docker from 24.0.7-cli to 25.0.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f6915300..3d7250c4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:24.0.7-cli as docker
+FROM docker:25.0.1-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 322304d1ef63e06bf40a0720bac3c28dbee2b3f5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 1 Feb 2024 12:19:53 +0000
Subject: [PATCH 1938/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 1f8f8783..f7f7f0f5 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.11.0
+version: 7.11.2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d7f57ff3..9e04a65b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240124_105749-latest
+          image: nextcloud/aio-apache:20240201_120631-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index dc68a217..d0733ac9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240124_105749-latest
+          image: nextcloud/aio-clamav:20240201_120631-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 51cde672..eebda80b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240124_105749-latest
+          image: nextcloud/aio-collabora:20240201_120631-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 752d732d..e933846b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240124_105749-latest
+          image: nextcloud/aio-postgresql:20240201_120631-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 3ac00e1d..8c4ef301 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240124_105749-latest
+          image: nextcloud/aio-fulltextsearch:20240201_120631-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9fc6b6b2..b28938df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240124_105749-latest
+          image: nextcloud/aio-imaginary:20240201_120631-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 64562d6d..121529de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240124_105749-latest
+          image: nextcloud/aio-nextcloud:20240201_120631-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dbc15082..f9e368b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240124_105749-latest
+          image: nextcloud/aio-notify-push:20240201_120631-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 902ee707..5afbff12 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240124_105749-latest
+          image: nextcloud/aio-onlyoffice:20240201_120631-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 260d0ee9..539a4fa8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240124_105749-latest
+          image: nextcloud/aio-redis:20240201_120631-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 16967a71..9edb16c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240124_105749-latest
+          image: nextcloud/aio-talk:20240201_120631-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4b6f4d30..c0f6021f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240124_105749-latest
+          image: nextcloud/aio-talk-recording:20240201_120631-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 533b8785b1b44d41df62bf1cc3052107039ab343 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 13:23:33 +0100
Subject: [PATCH 1939/3949] Revert "helm chart - allow to add additional
 trusted domain"

---
 Containers/apache/Caddyfile                         |  1 -
 Containers/apache/start.sh                          |  6 ------
 Containers/nextcloud/entrypoint.sh                  |  3 ---
 .../templates/nextcloud-aio-apache-deployment.yaml  |  2 --
 .../nextcloud-aio-nextcloud-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh             | 13 -------------
 nextcloud-aio-helm-chart/values.yaml                |  1 -
 7 files changed, 2 insertions(+), 28 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 121f1778..fb6b80cb 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -14,7 +14,6 @@
     }
 }
 
-https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
     # Collabora
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9b89c2b5..06adb882 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -51,12 +51,6 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 
-# Remove additional domain if not given
-if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c2dbebed..213fdaed 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -528,9 +528,6 @@ php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
     php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
-if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
-fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index b662aefb..9e04a65b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -37,8 +37,6 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
-            - name: ADDITIONAL_TRUSTED_DOMAIN
-              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: APACHE_MAX_SIZE
               value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: APACHE_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 531ea40d..121529de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -70,8 +70,6 @@ spec:
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
-            - name: ADDITIONAL_TRUSTED_DOMAIN
-              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: ADDITIONAL_APKS
@@ -114,6 +112,8 @@ spec:
               value: nextcloud-aio-onlyoffice
             - name: ONLYOFFICE_SECRET
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: OVERWRITEHOST
+              value: "{{ .Values.NC_DOMAIN }}"
             - name: OVERWRITEPROTOCOL
               value: https
             - name: PHP_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 20cd2f70..bfc7fbff 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,6 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
-sed -i '/OVERWRITEHOST/d' latest.yml
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i '/APACHE_IP_BINDING/d' latest.yml
@@ -256,23 +255,12 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
-            - name: ADDITIONAL_TRUSTED_DOMAIN
-              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
 
-# Additional config
-cat << EOL > /tmp/additional-apache.config
-            - name: ADDITIONAL_TRUSTED_DOMAIN
-              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
-EOL
-# shellcheck disable=SC1083
-find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
-
-
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -317,7 +305,6 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
-ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 16d7cd51..f81e9d3c 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -51,7 +51,6 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
-ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 05b9c03a3df05b63afcf83323b57ab5472b0deb1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 13:24:32 +0100
Subject: [PATCH 1940/3949] Revert "Helm Chart updates"

---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index f7f7f0f5..1f8f8783 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.11.2
+version: 7.11.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 9e04a65b..d7f57ff3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240201_120631-latest
+          image: nextcloud/aio-apache:20240124_105749-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d0733ac9..dc68a217 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240201_120631-latest
+          image: nextcloud/aio-clamav:20240124_105749-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index eebda80b..51cde672 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240201_120631-latest
+          image: nextcloud/aio-collabora:20240124_105749-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index e933846b..752d732d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240201_120631-latest
+          image: nextcloud/aio-postgresql:20240124_105749-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8c4ef301..3ac00e1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240201_120631-latest
+          image: nextcloud/aio-fulltextsearch:20240124_105749-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index b28938df..9fc6b6b2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240201_120631-latest
+          image: nextcloud/aio-imaginary:20240124_105749-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 121529de..64562d6d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240201_120631-latest
+          image: nextcloud/aio-nextcloud:20240124_105749-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index f9e368b3..dbc15082 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240201_120631-latest
+          image: nextcloud/aio-notify-push:20240124_105749-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 5afbff12..902ee707 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240201_120631-latest
+          image: nextcloud/aio-onlyoffice:20240124_105749-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 539a4fa8..260d0ee9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240201_120631-latest
+          image: nextcloud/aio-redis:20240124_105749-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9edb16c0..16967a71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240201_120631-latest
+          image: nextcloud/aio-talk:20240124_105749-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c0f6021f..4b6f4d30 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240201_120631-latest
+          image: nextcloud/aio-talk-recording:20240124_105749-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 54915279212f6e8d803d7892f8d33e6feba68776 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 13:25:22 +0100
Subject: [PATCH 1941/3949] Revert "Temporarily revert "helm chart - allow to
 add additional trusted domain""

---
 Containers/apache/Caddyfile                         |  1 +
 Containers/apache/start.sh                          |  6 ++++++
 Containers/nextcloud/entrypoint.sh                  |  3 +++
 .../templates/nextcloud-aio-apache-deployment.yaml  |  2 ++
 .../nextcloud-aio-nextcloud-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh             | 13 +++++++++++++
 nextcloud-aio-helm-chart/values.yaml                |  1 +
 7 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index fb6b80cb..121f1778 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -14,6 +14,7 @@
     }
 }
 
+https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
     # Collabora
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 06adb882..9b89c2b5 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -51,6 +51,12 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 
+# Remove additional domain if not given
+if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
+fi
+echo "$CADDYFILE" > /tmp/Caddyfile
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 213fdaed..c2dbebed 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -528,6 +528,9 @@ php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
     php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
+if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d7f57ff3..c6f41223 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -37,6 +37,8 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: APACHE_MAX_SIZE
               value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: APACHE_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 64562d6d..cca6a9a3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -70,6 +70,8 @@ spec:
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: ADDITIONAL_APKS
@@ -112,8 +114,6 @@ spec:
               value: nextcloud-aio-onlyoffice
             - name: ONLYOFFICE_SECRET
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
-            - name: OVERWRITEHOST
-              value: "{{ .Values.NC_DOMAIN }}"
             - name: OVERWRITEPROTOCOL
               value: https
             - name: PHP_MAX_TIME
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index bfc7fbff..20cd2f70 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,6 +27,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
+sed -i '/OVERWRITEHOST/d' latest.yml
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i '/APACHE_IP_BINDING/d' latest.yml
@@ -255,12 +256,23 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_TRUSTED_PROXY
               value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
 
+# Additional config
+cat << EOL > /tmp/additional-apache.config
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
+
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -305,6 +317,7 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f81e9d3c..16d7cd51 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -51,6 +51,7 @@ SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via E
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 094cb9400ef8866b906c926e1f38261906e93f0f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 1 Feb 2024 12:37:17 +0000
Subject: [PATCH 1942/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 1f8f8783..f7f7f0f5 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.11.0
+version: 7.11.2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d7f57ff3..9e04a65b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240124_105749-latest
+          image: nextcloud/aio-apache:20240201_120631-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index dc68a217..d0733ac9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240124_105749-latest
+          image: nextcloud/aio-clamav:20240201_120631-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 51cde672..eebda80b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240124_105749-latest
+          image: nextcloud/aio-collabora:20240201_120631-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 752d732d..e933846b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240124_105749-latest
+          image: nextcloud/aio-postgresql:20240201_120631-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 3ac00e1d..8c4ef301 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240124_105749-latest
+          image: nextcloud/aio-fulltextsearch:20240201_120631-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9fc6b6b2..b28938df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240124_105749-latest
+          image: nextcloud/aio-imaginary:20240201_120631-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 64562d6d..121529de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240124_105749-latest
+          image: nextcloud/aio-nextcloud:20240201_120631-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dbc15082..f9e368b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240124_105749-latest
+          image: nextcloud/aio-notify-push:20240201_120631-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 902ee707..5afbff12 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240124_105749-latest
+          image: nextcloud/aio-onlyoffice:20240201_120631-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 260d0ee9..539a4fa8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240124_105749-latest
+          image: nextcloud/aio-redis:20240201_120631-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 16967a71..9edb16c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240124_105749-latest
+          image: nextcloud/aio-talk:20240201_120631-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4b6f4d30..c0f6021f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240124_105749-latest
+          image: nextcloud/aio-talk-recording:20240201_120631-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 19e564ae842066625fffa46672c80c0aa85bbeaf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 13:42:13 +0100
Subject: [PATCH 1943/3949] add workflow_dispatch temporarily to helm chart
 releaser

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index c1f7f861..635423fd 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -2,6 +2,7 @@
 name: Helm Chart Releaser
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main

From 827ad7ff70cf813ba169789d9caedbbe32c8d8ea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 13:42:35 +0100
Subject: [PATCH 1944/3949] Revert "add workflow_dispatch temporarily to helm
 chart releaser"

This reverts commit 19e564ae842066625fffa46672c80c0aa85bbeaf.
---
 .github/workflows/helm-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 635423fd..c1f7f861 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -2,7 +2,6 @@
 name: Helm Chart Releaser
 
 on:
-  workflow_dispatch:
   push:
     branches:
       - main

From a46f6583b7b5b92b3f343173a120a378f8f7462b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 14:06:30 +0100
Subject: [PATCH 1945/3949] increase to 7.12.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5ef23811..22703f21 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.11.2</h1>
+        <h1>Nextcloud AIO v7.12.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 9fd556c07931e2deddff4ee1da6d59bb32643e44 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 1 Feb 2024 15:01:14 +0100
Subject: [PATCH 1946/3949] helm chart - create beta release

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml             | 3 ++-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index f7f7f0f5..46c8063a 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.11.2
+version: 7.12.0-beta
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index b662aefb..64e12c6d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -59,7 +59,8 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240201_120631-latest
+          image: nextcloud/aio-apache:beta
+          imagePullPolicy: Always
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 531ea40d..8fce52f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -158,7 +158,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240201_120631-latest
+          image: nextcloud/aio-nextcloud:beta
+          imagePullPolicy: Always
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

From be4d76d3183781eb9539e78fbefa5b0f1c9c96fc Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 2 Feb 2024 12:22:36 +0000
Subject: [PATCH 1947/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d084fdfd..431ad778 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.21.6-alpine3.19 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 1f3002a862c27e120fb9f33370412c740854aae2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Feb 2024 12:32:04 +0000
Subject: [PATCH 1948/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.8.2.1 to 23.05.8.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 9de4410b..80ede651 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.8.2.1
+FROM collabora/code:23.05.8.4.1
 
 USER root
 

From 4dfd72daa76f5107afcdc10c7dbf77fb0becd75b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Feb 2024 12:47:18 +0000
Subject: [PATCH 1949/3949] Bump docker from 25.0.1-cli to 25.0.2-cli in
 /Containers/mastercontainer

Bumps docker from 25.0.1-cli to 25.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3d7250c4..3abf9ddd 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:25.0.1-cli as docker
+FROM docker:25.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 1d70c439b7323e9899c3bc88e6b1f63ec008160e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 2 Feb 2024 14:49:16 +0100
Subject: [PATCH 1950/3949] fix imagick not having svg support

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 Containers/nextcloud/start.sh   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index c6a24ebc..1d08a160 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -38,6 +38,7 @@ RUN set -ex; \
         gmp-dev \
         icu-dev \
         imagemagick-dev \
+        imagemagick-svg \
         libevent-dev \
         libjpeg-turbo-dev \
         libmcrypt-dev \
@@ -192,6 +193,7 @@ RUN set -ex; \
         nodejs \
         bind-tools \
         imagemagick \
+        imagemagick-svg \
         coreutils; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index e9e0cbc1..b4ca3519 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -56,7 +56,7 @@ if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
         # Allow to disable imagemagick without having to download it each time
         if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
-            apk del imagemagick;
+            apk del imagemagick imagemagick-svg;
         fi
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do

From 22fcc55089edd88cb9926588c7751ee3354f5bfc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 12:29:09 +0000
Subject: [PATCH 1951/3949] Bump clamav/clamav from 1.2.1-28 to 1.2.1-30 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-28 to 1.2.1-30.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index b1aca4d5..c3095617 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-28
+FROM clamav/clamav:1.2.1-30
 
 COPY clamav.conf /tmp/clamav.conf
 

From 1939d6aee739fcaceab9f985c37e4c458097af79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 12:46:55 +0000
Subject: [PATCH 1952/3949] Bump nats from 2.10.9-scratch to 2.10.10-scratch in
 /Containers/talk

Bumps nats from 2.10.9-scratch to 2.10.10-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 01c605b0..a18da383 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM nats:2.10.9-scratch as nats
+FROM nats:2.10.10-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
 FROM alpine:3.19.1 as janus

From c16cb7265a6e6a1f8f5baa90b3851ec534e72dee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 12:52:22 +0000
Subject: [PATCH 1953/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.9.0-alpine3.19 to 2.9.4-alpine3.19.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ec30c35d..9ef15dc5 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.9.0-alpine3.19
+FROM haproxy:2.9.4-alpine3.19
 
 # hadolint ignore=DL3002
 USER root

From ae14cf39c6d4eeb3c63a70d115770afc567c3bb6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 6 Feb 2024 12:07:29 +0000
Subject: [PATCH 1954/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 60 +++++++++++++++++++----------------------------
 1 file changed, 24 insertions(+), 36 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0c46654c..f36bb64b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1395,16 +1395,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb"
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
-                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4",
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4",
                 "shasum": ""
             },
             "require": {
@@ -1418,9 +1418,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1457,7 +1454,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1473,20 +1470,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-01-26T09:26:14+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "42292d99c55abe617799667f454222c54c60e229"
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229",
-                "reference": "42292d99c55abe617799667f454222c54c60e229",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
                 "shasum": ""
             },
             "require": {
@@ -1500,9 +1497,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1540,7 +1534,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1556,20 +1550,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-07-28T09:04:16+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-php80",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5"
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
-                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
                 "shasum": ""
             },
             "require": {
@@ -1577,9 +1571,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1623,7 +1614,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1639,20 +1630,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-01-26T09:26:14+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b"
+                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/7581cd600fa9fd681b797d00b02f068e2f13263b",
-                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d",
+                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d",
                 "shasum": ""
             },
             "require": {
@@ -1660,9 +1651,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1702,7 +1690,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1718,7 +1706,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-01-26T09:26:14+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "twig/twig",

From 84530a8938dd88075ab635d7cf95708b2ab18dd2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Feb 2024 12:11:38 +0000
Subject: [PATCH 1955/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.21.6-alpine3.19 to 1.22.0-alpine3.19.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 431ad778..23eac43a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.6-alpine3.19 as go
+FROM golang:1.22.0-alpine3.19 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From 67eb251a7f7046987e53a287277c94d7122d3d5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Feb 2024 12:52:47 +0000
Subject: [PATCH 1956/3949] Bump elasticsearch from 8.12.0 to 8.12.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.12.0 to 8.12.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 711b1454..df4bb5f0 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.12.0
+FROM elasticsearch:8.12.1
 
 USER root
 

From dbed6cef0c972f336edc170c97577a361b952e4e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 8 Feb 2024 12:58:28 +0100
Subject: [PATCH 1957/3949] increase to 7.12.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 22703f21..b61df318 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.12.0</h1>
+        <h1>Nextcloud AIO v7.12.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From ce2a09df5e2e9698e6fb82072f7143f4e75cb3f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 12:33:15 +0000
Subject: [PATCH 1958/3949] Bump python in /Containers/talk-recording

Bumps python from 3.12.1-alpine3.19 to 3.12.2-alpine3.19.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index c8db1403..dcd5bb64 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.1-alpine3.19
+FROM python:3.12.2-alpine3.19
 
 COPY --chmod=775 start.sh /start.sh
 

From 81f4a59a732de0ceafbf6a050bc25a3b6fe28c26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 12:47:35 +0000
Subject: [PATCH 1959/3949] Bump docker from 25.0.2-cli to 25.0.3-cli in
 /Containers/mastercontainer

Bumps docker from 25.0.2-cli to 25.0.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3abf9ddd..d1ddbc86 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:25.0.2-cli as docker
+FROM docker:25.0.3-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 56673bdee276784af4db475d06282be90a463949 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 11 Feb 2024 22:08:21 +0100
Subject: [PATCH 1960/3949] hider server and x-powered-by header

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Caddyfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 121f1778..feb2a6f3 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -16,6 +16,8 @@
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
+    header -Server
+    header -X-Powered-By
 
     # Collabora
     route /browser/* {

From 1e266139606314f538277437046f579da7fb7052 Mon Sep 17 00:00:00 2001
From: Joshua Hesketh <josh@hesketh.net.au>
Date: Fri, 26 Jan 2024 15:35:24 +1100
Subject: [PATCH 1961/3949] Drop NET_RAW from all containers in manual

#3377 drops NET_RAW from all containers, but this doesn't
appear to have been adopted into the manual mode.

Signed-off-by: Joshua Hesketh <josh@hesketh.net.au>
---
 manual-install/latest.yml | 24 +++++++++++++++++
 php/containers.json       | 54 ++++++++++++++++++++++++++++++++++++---
 2 files changed, 75 insertions(+), 3 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 51a6b3dc..b0ec690b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -45,6 +45,8 @@ services:
       - /usr/local/apache2/logs
       - /tmp
       - /home/www-data
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:latest
@@ -68,6 +70,8 @@ services:
     read_only: true
     tmpfs:
       - /var/run/postgresql
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-nextcloud:
     depends_on:
@@ -149,6 +153,8 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
@@ -170,6 +176,8 @@ services:
     networks:
       - nextcloud-aio
     read_only: true
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:latest
@@ -185,6 +193,8 @@ services:
     networks:
       - nextcloud-aio
     read_only: true
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
@@ -205,6 +215,8 @@ services:
       - nextcloud-aio
     cap_add:
       - MKNOD
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest
@@ -234,6 +246,8 @@ services:
       - /opt/eturnal/run
       - /conf
       - /tmp
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
@@ -255,6 +269,8 @@ services:
     tmpfs:
       - /tmp
       - /conf
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
@@ -276,6 +292,8 @@ services:
       - /var/lock
       - /var/log/clamav
       - /tmp
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-onlyoffice:
     image: nextcloud/aio-onlyoffice:latest
@@ -294,6 +312,8 @@ services:
       - onlyoffice
     networks:
       - nextcloud-aio
+    cap_drop:
+      - NET_RAW
 
   nextcloud-aio-imaginary:
     image: nextcloud/aio-imaginary:latest
@@ -305,6 +325,8 @@ services:
     restart: unless-stopped
     cap_add:
       - SYS_NICE
+    cap_drop:
+      - NET_RAW
     profiles:
       - imaginary
     networks:
@@ -336,6 +358,8 @@ services:
       - fulltextsearch
     networks:
       - nextcloud-aio
+    cap_drop:
+      - NET_RAW
 
 volumes:
   nextcloud_aio_apache:
diff --git a/php/containers.json b/php/containers.json
index 2ee9a131..f79f1b47 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -65,6 +65,9 @@
         "/usr/local/apache2/logs",
         "/tmp",
         "/home/www-data"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -112,6 +115,9 @@
       "read_only": true,
       "tmpfs": [
         "/var/run/postgresql"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -226,6 +232,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -263,7 +272,10 @@
       "networks": [
         "nextcloud-aio"
       ],
-      "read_only": true
+      "read_only": true,
+      "cap_drop": [
+        "NET_RAW"
+      ]
     },
     {
       "container_name": "nextcloud-aio-redis",
@@ -295,7 +307,10 @@
       "networks": [
         "nextcloud-aio"
       ],
-      "read_only": true
+      "read_only": true,
+      "cap_drop": [
+        "NET_RAW"
+      ]
     },
     {
       "container_name": "nextcloud-aio-collabora",
@@ -328,6 +343,9 @@
       ],
       "cap_add": [
         "MKNOD"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -380,6 +398,9 @@
         "/opt/eturnal/run",
         "/conf",
         "/tmp"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -414,6 +435,9 @@
       "tmpfs": [
         "/tmp",
         "/conf"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -472,6 +496,9 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
+      "cap_drop": [
+        "NET_RAW"
+      ],
       "apparmor_unconfined": true,
       "read_only": true,
       "tmpfs": [
@@ -494,7 +521,10 @@
           "writeable": false
         }
       ],
-      "read_only": true
+      "read_only": true,
+      "cap_drop": [
+        "NET_RAW"
+      ]
     },
     {
       "container_name": "nextcloud-aio-domaincheck",
@@ -521,6 +551,9 @@
       "tmpfs": [
         "/etc/lighttpd",
         "/var/www/domaincheck"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -556,6 +589,9 @@
         "/var/lock",
         "/var/log/clamav",
         "/tmp"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -594,6 +630,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -613,6 +652,9 @@
       "cap_add": [
         "SYS_NICE"
       ],
+      "cap_drop": [
+        "NET_RAW"
+      ],
       "profiles": [
         "imaginary"
       ],
@@ -662,6 +704,9 @@
       ],
       "secrets": [
         "FULLTEXTSEARCH_PASSWORD"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     },
     {
@@ -685,6 +730,9 @@
       "read_only": true,
       "tmpfs": [
         "/tmp"
+      ],
+      "cap_drop": [
+        "NET_RAW"
       ]
     }
   ]

From 68bef922fbeeaea67cd2e62b705f717f5127c11e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Feb 2024 12:31:09 +0000
Subject: [PATCH 1962/3949] Bump helm/kind-action from 1.8.0 to 1.9.0

Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 26ab66f8..626c9c8d 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -28,7 +28,7 @@ jobs:
         run: ct lint --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.8.0
+        uses: helm/kind-action@v1.9.0
 
       - name: Run chart-testing (install)
         id: install

From 1c594ec74b31c3784e0695f6a404b4ef47dd49e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Feb 2024 12:41:54 +0000
Subject: [PATCH 1963/3949] Bump clamav/clamav from 1.2.1-30 to 1.3.0-38 in
 /Containers/clamav

Bumps clamav/clamav from 1.2.1-30 to 1.3.0-38.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c3095617..b4c4bb47 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-30
+FROM clamav/clamav:1.3.0-38
 
 COPY clamav.conf /tmp/clamav.conf
 

From 4a2092b0f5959a43511cebb7c1bf3c3473e535b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 12:20:34 +0000
Subject: [PATCH 1964/3949] Bump postgres from 15.5-alpine to 15.6-alpine in
 /Containers/postgresql

Bumps postgres from 15.5-alpine to 15.6-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 420b548f..da4e63eb 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.5-alpine
+FROM postgres:15.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7cadc15c82d460fb53eba85a545ddfc01049d828 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 15 Feb 2024 04:09:41 +0000
Subject: [PATCH 1965/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 13cad7ad..f4992608 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.21.1@8c473e2437be8b6a8fd8f630f0f11a16b114c494"/>
+<files psalm-version="5.22.0@fe2c67ec89f358940f90db05efd2d663388b45a6"/>

From 255895e219cec814e7a27cdcfb888f4e16837f48 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 16 Feb 2024 04:09:01 +0000
Subject: [PATCH 1966/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index f4992608..c537d28b 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.22.0@fe2c67ec89f358940f90db05efd2d663388b45a6"/>
+<files psalm-version="5.22.1@e9dad66e11274315dac27e08349c628c7d6a1a43"/>

From f2d5cfab3560927bf83784924bb6f3df047809b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 Feb 2024 12:50:33 +0000
Subject: [PATCH 1967/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.8.4.1 to 23.05.9.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 80ede651..a4b0bd06 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.8.4.1
+FROM collabora/code:23.05.9.1.1
 
 USER root
 

From 9ba0dbf6a3f768b8d82d299ac18243c26309f1d5 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 16 Feb 2024 16:21:18 +0100
Subject: [PATCH 1968/3949] add # syntax=docker/dockerfile:latest

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/apache/Dockerfile              | 1 +
 Containers/borgbackup/Dockerfile          | 1 +
 Containers/clamav/Dockerfile              | 1 +
 Containers/collabora/Dockerfile           | 1 +
 Containers/docker-socket-proxy/Dockerfile | 1 +
 Containers/domaincheck/Dockerfile         | 1 +
 Containers/fulltextsearch/Dockerfile      | 1 +
 Containers/imaginary/Dockerfile           | 3 ++-
 Containers/mastercontainer/Dockerfile     | 1 +
 Containers/nextcloud/Dockerfile           | 1 +
 Containers/notify-push/Dockerfile         | 1 +
 Containers/onlyoffice/Dockerfile          | 1 +
 Containers/postgresql/Dockerfile          | 1 +
 Containers/redis/Dockerfile               | 1 +
 Containers/talk-recording/Dockerfile      | 1 +
 Containers/talk/Dockerfile                | 1 +
 Containers/watchtower/Dockerfile          | 1 +
 17 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index b30b65f4..a2b653cf 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM caddy:2.7.6-alpine as caddy
 
 FROM httpd:2.4.58-alpine3.19
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 264a7f92..c2ffce90 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM alpine:3.19.1
 
 RUN set -ex; \
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index b4c4bb47..bdaff07f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
 FROM clamav/clamav:1.3.0-38
 
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index a4b0bd06..77482a8e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
 FROM collabora/code:23.05.9.1.1
 
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 9ef15dc5..9f22546b 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM haproxy:2.9.4-alpine3.19
 
 # hadolint ignore=DL3002
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 9dca95a3..5f695bc9 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM alpine:3.19.1
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index df4bb5f0..f0357035 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
 FROM elasticsearch:8.12.1
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 23eac43a..e81f89f4 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,7 @@
+# syntax=docker/dockerfile:latest
 FROM golang:1.22.0-alpine3.19 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d1ddbc86..f626f321 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
 FROM docker:25.0.3-cli as docker
 
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1d08a160..c2adcaaf 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM php:8.1.27-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 02344b71..48a37741 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM alpine:3.19.1
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index a016b46c..03bcab59 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:7.5.1.1
 
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index da4e63eb..939ca008 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
 FROM postgres:15.6-alpine
 
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 575c50fc..e184ba40 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
 FROM redis:7.2.4-alpine
 
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index dcd5bb64..41875ecb 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM python:3.12.2-alpine3.19
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a18da383..94fce5c3 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 FROM nats:2.10.10-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 2a90ab7e..d098f748 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 as watchtower
 

From df8a6c4ca2c2975e5511f74f791ac37f901ee033 Mon Sep 17 00:00:00 2001
From: "airo.pi_" <47398145+AiroPi@users.noreply.github.com>
Date: Fri, 16 Feb 2024 20:12:37 +0100
Subject: [PATCH 1969/3949] Add extra informations about root-data change for
 Docker

https://github.com/nextcloud/all-in-one/discussions/4224
---
 readme.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/readme.md b/readme.md
index 081278a1..7d094149 100644
--- a/readme.md
+++ b/readme.md
@@ -688,6 +688,15 @@ After you are done modifying/adding/deleting files/folders, don't forget to appl
 You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
 (Of course docker needs to be installed first for this to work.)
 
+⚠️ If you encounter errors from richdocuments in your Nextcloud logs, check in your Collabora container if the message "Capabilities are not set for the coolforkit program." appears. If so, follow these steps:
+
+1. Stop all the containers from the AIO Interface.
+2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`).
+3. You might also want to prune your Docker (`docker system prune`) (no data will be lost).
+4. Restart your containers from the AIO Interface.
+
+This should solve the problem.
+
 ### How to edit Nextclouds config.php file with a texteditor?
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
 

From bbbd55330046c1b811527a99871253d03702c84a Mon Sep 17 00:00:00 2001
From: "airo.pi_" <47398145+AiroPi@users.noreply.github.com>
Date: Fri, 16 Feb 2024 20:16:26 +0100
Subject: [PATCH 1970/3949] Fix pi-hole config page url

---
 community-containers/pi-hole/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md
index fb15fee3..cdfdf641 100644
--- a/community-containers/pi-hole/readme.md
+++ b/community-containers/pi-hole/readme.md
@@ -6,7 +6,7 @@ This container bundles pi-hole and auto-configures it for you.
 - Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start!
 - The DHCP functionality of Pi-hole has been disabled!
 - The data of pi-hole will be automatically included in AIOs backup solution!
-- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
+- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
 - You can configure your home network now to use pi-hole as its dns server by configuring your router.
 - Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 11de100d502724df9f7e33dfb3dcd6f021d01973 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 17 Feb 2024 12:02:06 +0000
Subject: [PATCH 1971/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e81f89f4..becfd42f 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.0-alpine3.19 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 5dba923eff6706f7dd83abcfc92a10eaa58aaee2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Feb 2024 12:15:15 +0000
Subject: [PATCH 1972/3949] Bump nats from 2.10.10-scratch to 2.10.11-scratch
 in /Containers/talk

Bumps nats from 2.10.10-scratch to 2.10.11-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 94fce5c3..dc3588bf 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.10-scratch as nats
+FROM nats:2.10.11-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
 FROM alpine:3.19.1 as janus

From fba263e671dedb825e96a6848b0c093a1f1ecb13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Feb 2024 12:22:17 +0000
Subject: [PATCH 1973/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.2.15-fpm-alpine3.19 to 8.2.16-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f626f321..0ad9eb39 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:25.0.3-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.19/fpm/Dockerfile
-FROM php:8.2.15-fpm-alpine3.19
+FROM php:8.2.16-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

From 38994281618d3b59639e8acf121a19946d0de662 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Feb 2024 12:44:22 +0000
Subject: [PATCH 1974/3949] Bump clamav/clamav from 1.3.0-38 to 1.3.0-39 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-38 to 1.3.0-39.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index bdaff07f..29862480 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-38
+FROM clamav/clamav:1.3.0-39
 
 COPY clamav.conf /tmp/clamav.conf
 

From e04a47a1435c49cd21186c24a874d7de2ffd8baa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Feb 2024 12:55:42 +0000
Subject: [PATCH 1975/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.9.4-alpine3.19 to 2.9.5-alpine3.19.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 9f22546b..10396e27 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.4-alpine3.19
+FROM haproxy:2.9.5-alpine3.19
 
 # hadolint ignore=DL3002
 USER root

From dacd48cfd0510b72c7bcaa39258654818bc3b2c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Mon, 19 Feb 2024 16:09:51 +0100
Subject: [PATCH 1976/3949] fix: Do not apply an empty allow list if none is
 set
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 Containers/nextcloud/config/apps.config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index c68a925a..32283588 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -12,5 +12,5 @@ $CONFIG = array (
               'writable' => true,
       ),
   ),
-  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : [],
+  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : false,
 );

From 1ac7d7866e72c0f45a7434ac28bfbc9bfc88595f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Feb 2024 14:07:59 +0100
Subject: [PATCH 1977/3949] revert imaginary container to alpine3.18

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index becfd42f..d27cebe0 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.0-alpine3.19 as go
+FROM golang:1.22.0-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.19.1
+FROM alpine:3.18.6
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

From c61261a0a1fc37e6b1afb9bfbd724721c97578c6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Feb 2024 14:39:20 +0100
Subject: [PATCH 1978/3949] log the whole exception if container could not be
 started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index cecde9e5..79dd069a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -186,7 +186,11 @@ class DockerActionManager
 
     public function StartContainer(Container $container) : void {
         $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
-        $this->guzzleClient->post($url);
+        try {
+            $this->guzzleClient->post($url);
+        } catch (RequestException $e) {
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
+        }
     }
 
     public function CreateVolumes(Container $container): void
@@ -578,7 +582,7 @@ class DockerActionManager
                 ]
             );
         } catch (RequestException $e) {
-            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
+            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getMessage());
         }
 
     }

From 93dd64f5eed5e5950a0f274749c1ba88091a606a Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 20 Feb 2024 15:20:43 +0100
Subject: [PATCH 1979/3949] harden pulling images from docker hub issues

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php |  9 +++++++++
 php/src/Docker/DockerActionManager.php  | 15 +++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index bb57ec91..06bc52a9 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -48,6 +48,15 @@ class DockerController
             }
         }
 
+        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down 
+        // and try to mitigate issues that are arising due to that
+        if ($pullImage) {
+            if (!$this->dockerActionManager->isDockerHubReachable($container)) {
+                $pullImage = false;
+                error_log('Not pulling the image for the ' . $container->GetContainerName() . ' container because docker hub does not seem to be reachable.');
+            }
+        }
+
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
         if ($pullImage) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 79dd069a..d71edecc 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -587,6 +587,21 @@ class DockerActionManager
 
     }
 
+    public function isDockerHubReachable(Container $container) : bool {
+        $tag = $container->GetImageTag();
+        if ($tag === '%AIO_CHANNEL%') {
+            $tag = $this->GetCurrentChannel();
+        }
+
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+
+        if ($remoteDigest === null) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
     public function PullImage(Container $container) : void
     {
         $imageName = $this->BuildImageName($container);

From d4245da813cf5b59089fa0f6ab2c59d91cec47ca Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 21 Feb 2024 12:55:09 +0100
Subject: [PATCH 1980/3949] increase to 7.13.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b61df318..4461301c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.12.1</h1>
+        <h1>Nextcloud AIO v7.13.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From fedb21438726fda09d864d71e2b6d96674cad0e8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Feb 2024 12:02:15 +0000
Subject: [PATCH 1981/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d27cebe0..07dd487a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.0-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From da60cc44bfd931edd929bf3bf5e5cea83dc1b4c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Feb 2024 12:41:30 +0000
Subject: [PATCH 1982/3949] Bump elasticsearch from 8.12.1 to 8.12.2 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.12.1 to 8.12.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index f0357035..d1fe922f 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.12.1
+FROM elasticsearch:8.12.2
 
 USER root
 

From ba7bc4818a41bbd20da320f3378204568e4f2db7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 23 Feb 2024 16:19:27 +0100
Subject: [PATCH 1983/3949] helm chart - disable FTS volume if not enabled

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 20cd2f70..d403cc24 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -350,6 +350,12 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
     find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done
 
+# Additional case for FTS volume
+# shellcheck disable=SC1083
+find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.FULLTEXTSEARCH_ENABLED \"yes\" }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+
 chmod 777 -R ./
 
 # Seems like the dir needs to match the name of the chart

From 9ac868f636d1bfcb1ae68f2929d93e17b17fe82a Mon Sep 17 00:00:00 2001
From: AiroPi <47398145+AiroPi@users.noreply.github.com>
Date: Thu, 22 Feb 2024 21:54:37 +0000
Subject: [PATCH 1984/3949] Add jellyfin community-container
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: AiroPi <47398145+AiroPi@users.noreply.github.com>
Signed-off-by: Pıεяяε <47398145+AiroPi@users.noreply.github.com>
---
 community-containers/jellyfin/jellyfin.json | 39 +++++++++++++++++++++
 community-containers/jellyfin/readme.md     | 14 ++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 community-containers/jellyfin/jellyfin.json
 create mode 100644 community-containers/jellyfin/readme.md

diff --git a/community-containers/jellyfin/jellyfin.json b/community-containers/jellyfin/jellyfin.json
new file mode 100644
index 00000000..f16e5a0a
--- /dev/null
+++ b/community-containers/jellyfin/jellyfin.json
@@ -0,0 +1,39 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-jellyfin",
+            "display_name": "Jellyfin",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin",
+            "image": "jellyfin/jellyfin",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_jellyfin",
+                    "destination": "/config",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/media",
+                    "writeable": false
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "%NEXTCLOUD_MOUNT%",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_jellyfin"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
new file mode 100644
index 00000000..0feaaafa
--- /dev/null
+++ b/community-containers/jellyfin/readme.md
@@ -0,0 +1,14 @@
+## Jellyfin
+This container bundles Jellyfin and auto-configures it for you.
+
+### Notes
+- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
+- The data of Plex will be automatically included in AIOs backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/jellyfin/jellyfin
+
+### Maintainer
+https://github.com/airopi

From 187d86619a28822ad28900fbfa52abbae9a2f13f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=B1=CE=B5=D1=8F=D1=8F=CE=B5?=
 <47398145+AiroPi@users.noreply.github.com>
Date: Fri, 23 Feb 2024 17:22:29 +0100
Subject: [PATCH 1985/3949] Change Plex to Jellyfin in the readme
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Oops, my copy/paste is spotted

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Pıεяяε <47398145+AiroPi@users.noreply.github.com>
---
 community-containers/jellyfin/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
index 0feaaafa..0ba12cea 100644
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -4,7 +4,7 @@ This container bundles Jellyfin and auto-configures it for you.
 ### Notes
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
-- The data of Plex will be automatically included in AIOs backup solution!
+- The data of Jellyfin will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 99a0069460a86e1730ab1b003b44d89da7170cc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=B1=CE=B5=D1=8F=D1=8F=CE=B5?=
 <47398145+AiroPi@users.noreply.github.com>
Date: Fri, 23 Feb 2024 16:38:07 +0000
Subject: [PATCH 1986/3949] Updated README for Jellyfin, Plex, and Caddy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Added incompatibilities between Jellyfin and Plex.
- Included note about Caddy handling `media.$NC_DOMAIN`.
- Added information about setting up a reverse proxy.
- Included security notice for Jellyfin initial setup.

Signed-off-by: Pıεяяε <47398145+AiroPi@users.noreply.github.com>
---
 community-containers/caddy/readme.md    |  2 +-
 community-containers/jellyfin/readme.md | 10 +++++++---
 community-containers/plex/readme.md     |  1 +
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index c26b39a5..3209acad 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
index 0ba12cea..5292928b 100644
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -2,10 +2,14 @@
 This container bundles Jellyfin and auto-configures it for you.
 
 ### Notes
-- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
+- This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
-- The data of Jellyfin will be automatically included in AIOs backup solution!
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+- In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
+- ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
+- The data of Jellyfin will be automatically included in AIO's backup solution!
+- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
+
 
 ### Repository
 https://github.com/jellyfin/jellyfin
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index d8268395..a3f679cc 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -2,6 +2,7 @@
 This container bundles Plex and auto-configures it for you.
 
 ### Notes
+- This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
 - This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!

From a5ec42bbcb29576ed073b9d6d2901a3d37ea7e57 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 24 Feb 2024 04:56:22 +0000
Subject: [PATCH 1987/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index c537d28b..9dba49fe 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.22.1@e9dad66e11274315dac27e08349c628c7d6a1a43"/>
+<files psalm-version="5.22.2@d768d914152dbbf3486c36398802f74e80cfde48"/>

From dba7e43e7f81a369954411ad67fdb06cd46cebe0 Mon Sep 17 00:00:00 2001
From: FaySmash <30392780+FaySmash@users.noreply.github.com>
Date: Sun, 25 Feb 2024 16:13:39 +0100
Subject: [PATCH 1988/3949] Added a replace statement for the database-dump.sql

Without this statement, only the comments in the database-dump.sql which state the table owner get replaced but from not the important ALTER TABLE statement itself.

Signed-off-by: FaySmash <30392780+FaySmash@users.noreply.github.com>
---
 migration.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 1574381c..38b6fa47 100644
--- a/migration.md
+++ b/migration.md
@@ -68,7 +68,8 @@ The procedure for migrating the files and the database works like this:
     1. Change it to look like this: `local::/mnt/ncdata/`.
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
     1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
-    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`.
+The same applies for the second statement, check with `grep " OWNER TO nextcloud;$" database-dump.sql` and replace with `sed -i 's| OWNER TO nextcloud;$| OWNER TO ncadmin;$|' database-dump.sql`.
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/database-dump.sql

From ad684182453ade52b6b92609d8d3443304f889f5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Feb 2024 12:30:29 +0000
Subject: [PATCH 1989/3949] Bump clamav/clamav from 1.3.0-39 to 1.3.0-40 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-39 to 1.3.0-40.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 29862480..49c23314 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-39
+FROM clamav/clamav:1.3.0-40
 
 COPY clamav.conf /tmp/clamav.conf
 

From 5b44bb596441b077094c46c763c4aba97e3af1dd Mon Sep 17 00:00:00 2001
From: Anton Podlozny <47890723+apodl1@users.noreply.github.com>
Date: Mon, 26 Feb 2024 20:14:36 +0200
Subject: [PATCH 1990/3949] Add a clarifying comment to nginx ssl-lines for a
 situation with a subdomain and certbot

Signed-off-by: Anton Podlozny <47890723+apodl1@users.noreply.github.com>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index eb9c72bf..51d965b6 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -357,6 +357,7 @@ server {
         proxy_set_header Connection $connection_upgrade;
     }
 
+    #if running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. In this case the subdomain should already be secured without additional actions
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 

From 701562416cc10092d3247593b1337a63f03daa8a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Feb 2024 12:11:52 +0000
Subject: [PATCH 1991/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.9.5-alpine3.19 to 2.9.6-alpine3.19.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 10396e27..2f2b23a8 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.5-alpine3.19
+FROM haproxy:2.9.6-alpine3.19
 
 # hadolint ignore=DL3002
 USER root

From d5b6252b83e429dd8aa911eebc50964b7cb6f336 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Feb 2024 13:04:46 +0000
Subject: [PATCH 1992/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.9.1.1 to 23.05.9.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 77482a8e..b067bc77 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.9.1.1
+FROM collabora/code:23.05.9.2.1
 
 USER root
 

From baacf24a4db45746a7a46b0480148a21c8ca8099 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 12:01:30 +0100
Subject: [PATCH 1993/3949] helm - put namespace into quotes

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d403cc24..6fe1c10b 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -160,7 +160,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
     fi
 done
 # shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "s|nextcloud-aio-namespace|\{\{ .Values.NAMESPACE \}\}|" \{} \; 
+find ./ -name '*.yaml' -exec sed -i 's|nextcloud-aio-namespace|"\{\{ .Values.NAMESPACE \}\}"|' \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
 # shellcheck disable=SC1083

From 9b8ceb1a7d60be2702366189376eb482713304e7 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 18:26:56 +0100
Subject: [PATCH 1994/3949] update OO

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 03bcab59..8bea975a 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.5.1.1
+FROM onlyoffice/documentserver:8.0.1.1
 
 # USER root is probably used
 

From 9c7a35dc230b40a38454620d98fb592fc6aba389 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 19:08:00 +0100
Subject: [PATCH 1995/3949] add some comments to some files

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    | 9 ++++++++-
 Containers/nextcloud/entrypoint.sh | 9 +++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index c2adcaaf..984dfec1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -4,14 +4,17 @@ FROM php:8.1.27-fpm-alpine3.19
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
+
+# AIO settings start # Do not remove or change this line!
 ENV NEXTCLOUD_VERSION 27.1.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
+COPY supervisord.conf /supervisord.conf
+# AIO settings end # Do not remove or change this line!
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
-COPY supervisord.conf /supervisord.conf
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html
@@ -116,6 +119,7 @@ RUN set -ex; \
     chown -R www-data:root /var/www; \
     chmod -R g=u /var/www; \
     \
+# Download Nextcloud archive start # Do not remove or change this line!
     apk add --no-cache --virtual .fetch-deps \
         bzip2 \
         gnupg \
@@ -138,6 +142,7 @@ RUN set -ex; \
     mkdir -p /usr/src/nextcloud/config; \
     mv /*.php /usr/src/nextcloud/config/; \
     apk del .fetch-deps; \
+# Download Nextcloud archive end # Do not remove or change this line!
     \
 # Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
     apk add --no-cache \
@@ -205,12 +210,14 @@ RUN set -ex; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
     \
+# AIO cloning start # Do not remove or change this line!
     rm -rf /tmp/nextcloud-aio && \
     mkdir -p /tmp/nextcloud-aio && \
     cd /tmp/nextcloud-aio && \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
     cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+# AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c2dbebed..4639cd90 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -106,6 +106,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
+# Do not skip major versions placeholder # Do not remove or change this line!
+# Do not skip major versions start # Do not remove or change this line!
             set -ex
             NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
             curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-${NEXT_MAJOR}.tar.bz2"
@@ -133,6 +135,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
             IMAGE_MAJOR="${image_version%%.*}"
             set +ex
+# Do not skip major versions end # Do not remove or change this line!
         fi
 
         if [ "$installed_version" != "0.0.0.0" ]; then
@@ -255,6 +258,7 @@ DATADIR_PERMISSION_CONF
             # unset admin password
             unset ADMIN_PASSWORD
 
+# AIO update to latest start # Do not remove or change this line!
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
                 INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
@@ -292,6 +296,7 @@ DATADIR_PERMISSION_CONF
                 php /var/www/html/occ db:add-missing-primary-keys
                 yes | php /var/www/html/occ db:convert-filecache-bigint
             fi
+# AIO update to latest end # Do not remove or change this line!
 
             # Apply log settings
             echo "Applying default settings..."
@@ -463,11 +468,13 @@ if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
     rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi
 
+# AIO one-click settings start # Do not remove or change this line!
 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
+# AIO one-click settings end # Do not remove or change this line!
 php /var/www/html/occ app:enable support
 if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
     php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
@@ -503,6 +510,7 @@ else
     php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=true
 fi
 
+# AIO app start # Do not remove or change this line!
 # AIO app
 if [ "$THIS_IS_AIO" = "true" ]; then
     if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
@@ -513,6 +521,7 @@ else
         php /var/www/html/occ app:disable nextcloud-aio
     fi
 fi
+# AIO app end # Do not remove or change this line!
 
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then

From 356e32f3d198712a085ed544cc5d37022dc14d1d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 28 Feb 2024 18:30:56 +0000
Subject: [PATCH 1996/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                      | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml       | 9 ++++-----
 .../nextcloud-aio-apache-persistentvolumeclaim.yaml      | 2 +-
 .../templates/nextcloud-aio-apache-service.yaml          | 4 ++--
 .../templates/nextcloud-aio-clamav-deployment.yaml       | 8 ++++----
 .../nextcloud-aio-clamav-persistentvolumeclaim.yaml      | 2 +-
 .../templates/nextcloud-aio-clamav-service.yaml          | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-collabora-service.yaml       | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml     | 8 ++++----
 ...extcloud-aio-database-dump-persistentvolumeclaim.yaml | 2 +-
 .../nextcloud-aio-database-persistentvolumeclaim.yaml    | 2 +-
 .../templates/nextcloud-aio-database-service.yaml        | 4 ++--
 ...extcloud-aio-elasticsearch-persistentvolumeclaim.yaml | 4 +++-
 .../nextcloud-aio-fulltextsearch-deployment.yaml         | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml  | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-imaginary-service.yaml       | 4 ++--
 .../templates/nextcloud-aio-namespace-namespace.yaml     | 4 ++--
 ...xtcloud-aio-nextcloud-data-persistentvolumeclaim.yaml | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml    | 9 ++++-----
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml   | 2 +-
 .../templates/nextcloud-aio-nextcloud-service.yaml       | 4 ++--
 ...-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml  | 8 ++++----
 .../templates/nextcloud-aio-notify-push-service.yaml     | 4 ++--
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml   | 8 ++++----
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml  | 2 +-
 .../templates/nextcloud-aio-onlyoffice-service.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml        | 8 ++++----
 .../nextcloud-aio-redis-persistentvolumeclaim.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-service.yaml           | 4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml         | 8 ++++----
 .../nextcloud-aio-talk-recording-deployment.yaml         | 8 ++++----
 .../templates/nextcloud-aio-talk-recording-service.yaml  | 4 ++--
 .../templates/nextcloud-aio-talk-service.yaml            | 8 ++++----
 36 files changed, 89 insertions(+), 89 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 46c8063a..a81e9961 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.12.0-beta
+version: 7.13.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 64e12c6d..542920db 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -59,8 +59,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:beta
-          imagePullPolicy: Always
+          image: nextcloud/aio-apache:20240228_172209-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
index 1b88ba0d..773d198f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index e2a3389f..df54d903 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d0733ac9..8d95fc48 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -50,7 +50,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240201_120631-latest
+          image: nextcloud/aio-clamav:20240228_172209-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
index c08d5f75..ebb19681 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -5,7 +5,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 7af1e626..91f71af2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index eebda80b..93b75ffc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240201_120631-latest
+          image: nextcloud/aio-collabora:20240228_172209-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 9f47648f..ecdc035b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index e933846b..24c89b76 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240201_120631-latest
+          image: nextcloud/aio-postgresql:20240228_172209-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
index 73c9ed93..49135452 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database-dump
   name: nextcloud-aio-database-dump
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
index e81e639a..7b753e22 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index 9999233b..772324e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
index 4b8ba194..44458a8d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -1,10 +1,11 @@
+{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   labels:
     io.kompose.service: nextcloud-aio-elasticsearch
   name: nextcloud-aio-elasticsearch
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.ELASTICSEARCH_STORAGE_SIZE }}
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8c4ef301..a4bbf35a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240201_120631-latest
+          image: nextcloud/aio-fulltextsearch:20240228_172209-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index f98c2335..c3b49c2e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index b28938df..d1954b24 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240201_120631-latest
+          image: nextcloud/aio-imaginary:20240228_172209-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 3bd1c737..9bae54ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index 265abb64..ef732d86 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.NAMESPACE }}
-  namespace: {{ .Values.NAMESPACE }}
+  name: "{{ .Values.NAMESPACE }}"
+  namespace: "{{ .Values.NAMESPACE }}"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index 107265c0..5be12896 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-data
   name: nextcloud-aio-nextcloud-data
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 8fce52f2..3dc92052 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -158,8 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:beta
-          imagePullPolicy: Always
+          image: nextcloud/aio-nextcloud:20240228_172209-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
index 320d719f..ee55be2a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index dd12a261..9f0a1fa6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
index 858d7f2c..d18f7a82 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
   name: nextcloud-aio-nextcloud-trusted-cacerts
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index f9e368b3..1437caf8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240201_120631-latest
+          image: nextcloud/aio-notify-push:20240228_172209-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 17ecb5bd..1f428dc2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 5afbff12..159e464d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240201_120631-latest
+          image: nextcloud/aio-onlyoffice:20240228_172209-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
index 55445a35..80de727b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -5,7 +5,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 549653db..be51a6c5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 539a4fa8..5985bd54 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,12 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240201_120631-latest
+          image: nextcloud/aio-redis:20240228_172209-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
index 0dba4859..51b4f588 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   {{- if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 7f2bc67c..c669581f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,12 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9edb16c0..36925eaf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240201_120631-latest
+          image: nextcloud/aio-talk:20240228_172209-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c0f6021f..145a3cc2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,12 +3,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   replicas: 1
   selector:
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
         kompose.version: 1.32.0 (765fde254)
       labels:
         io.kompose.network/nextcloud-aio: "true"
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240201_120631-latest
+          image: nextcloud/aio-talk-recording:20240228_172209-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 2ffceefe..2778a3ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,12 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 37306e42..03b0e0a8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,12 +4,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
@@ -29,12 +29,12 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
     kompose.version: 1.32.0 (765fde254)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
-  namespace: {{ .Values.NAMESPACE }}
+  namespace: "{{ .Values.NAMESPACE }}"
 spec:
   ipFamilyPolicy: PreferDualStack
   ports:

From bc79fd18777ae863047f8a6fbfd48c6c2f255406 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 19:45:19 +0100
Subject: [PATCH 1997/3949] adjust order of detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 984dfec1..44e3416f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -140,9 +140,9 @@ RUN set -ex; \
     mkdir -p /usr/src/nextcloud/custom_apps; \
     chmod +x /usr/src/nextcloud/occ; \
     mkdir -p /usr/src/nextcloud/config; \
-    mv /*.php /usr/src/nextcloud/config/; \
     apk del .fetch-deps; \
 # Download Nextcloud archive end # Do not remove or change this line!
+    mv /*.php /usr/src/nextcloud/config/; \
     \
 # Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
     apk add --no-cache \

From 4810797d023f6a8ddad98adc043cc9165f6f2f34 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 19:51:04 +0100
Subject: [PATCH 1998/3949] change a detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 44e3416f..06369344 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -223,7 +223,7 @@ RUN set -ex; \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
-    rm -r /usr/src/nextcloud/apps/updatenotification; \
+    rm -rf /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \

From ce506564cba86bbe4376e3778525dde13f0951cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 28 Feb 2024 21:57:25 +0100
Subject: [PATCH 1999/3949] nextcloud entrypoint - move /usr/src/nextcloud to
 SOURCE_LOCATION

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  1 +
 Containers/nextcloud/entrypoint.sh | 22 +++++++++++-----------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 06369344..55bd8b57 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -4,6 +4,7 @@ FROM php:8.1.27-fpm-alpine3.19
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
+ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
 ENV NEXTCLOUD_VERSION 27.1.5
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4639cd90..9e356b07 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -55,9 +55,9 @@ if [ -f /var/www/html/version.php ]; then
 else
     installed_version="0.0.0.0"
 fi
-if [ -f "/usr/src/nextcloud/version.php" ]; then
+if [ -f "$SOURCE_LOCATION/version.php" ]; then
     # shellcheck disable=SC2016
-    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
+    image_version="$(php -r "require '$SOURCE_LOCATION/version.php'; echo implode('.', \$OC_Version);")"
 else
     image_version="$installed_version"
 fi
@@ -124,15 +124,15 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             mkdir -p /usr/src/tmp/nextcloud/data
             mkdir -p /usr/src/tmp/nextcloud/custom_apps
             chmod +x /usr/src/tmp/nextcloud/occ
-            cp -r /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
+            cp -r "$SOURCE_LOCATION"/config/* /usr/src/tmp/nextcloud/config/
             mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
-            cp -r /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
-            mv /usr/src/nextcloud /usr/src/temp-nextcloud
-            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
+            cp -r "$SOURCE_LOCATION"/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
+            mv "$SOURCE_LOCATION" /usr/src/temp-nextcloud
+            mv /usr/src/tmp/nextcloud "$SOURCE_LOCATION"
             rm -r /usr/src/tmp
             rm -r /usr/src/temp-nextcloud
             # shellcheck disable=SC2016
-            image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
+            image_version="$(php -r "require $SOURCE_LOCATION/version.php; echo implode('.', \$OC_Version);")"
             IMAGE_MAJOR="${image_version%%.*}"
             set +ex
 # Do not skip major versions end # Do not remove or change this line!
@@ -189,15 +189,15 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         fi
 
         echo "Initializing nextcloud $image_version ..."
-        rsync -rlD --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
+        rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
 
         for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+                rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
             fi
         done
-        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
-        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
+        rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
         echo "Initializing finished"
 
         #install

From 8f14e4740186b35377deb24206cb60fabbb4fc2f Mon Sep 17 00:00:00 2001
From: rugk <rugk+git@posteo.de>
Date: Thu, 29 Feb 2024 11:39:55 +0100
Subject: [PATCH 2000/3949] Fix and beautify link to Docker --init

* The content has moved and is apparently now there (old link did not work):
* I use a link text instead of a plain link.

Signed-off-by: rugk <rugk+git@posteo.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 7d094149..a4fb9e3f 100644
--- a/readme.md
+++ b/readme.md
@@ -103,7 +103,7 @@ The following instructions are meant for installations without a web server or r
     <summary>Explanation of the command</summary>
 
     - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
-    - `--init` This option makes sure that no zombie-processes are created, ever. See https://docs.docker.com/engine/reference/run/#specify-an-init-process
+    - `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
     - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
     - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
     - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/

From 6dbb0841bfa27f623b4531473d9267b01dfdac1e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 29 Feb 2024 12:33:50 +0000
Subject: [PATCH 2001/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 55bd8b57..f88197e6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 27.1.5
+ENV NEXTCLOUD_VERSION 27.1.7
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 COPY supervisord.conf /supervisord.conf

From 20c3fbc1543e71984faa312fb194f515d0523160 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 1 Mar 2024 18:31:49 +0100
Subject: [PATCH 2002/3949] add it to jscon schema

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 0f99c1a9..db63fddf 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -31,6 +31,13 @@
 							"pattern": "^[A-Z_]+$"
 						}
 					},
+					"cap_drop": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^[A-Z_]+$"
+						}
+					},
 					"depends_on": {
 						"type": "array",
 						"items": {

From 68d66a53fbd9247ee1340eaa38d9656a15ce5a84 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 1 Mar 2024 18:35:24 +0100
Subject: [PATCH 2003/3949] increase to 7.13.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4461301c..5c7f8455 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.13.0</h1>
+        <h1>Nextcloud AIO v7.13.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 0808ab7dca1afb8d5b408d74aff68eeabac55e2a Mon Sep 17 00:00:00 2001
From: FaySmash <30392780+FaySmash@users.noreply.github.com>
Date: Fri, 1 Mar 2024 19:46:59 +0100
Subject: [PATCH 2004/3949] Fixed replace statement

Signed-off-by: FaySmash <30392780+FaySmash@users.noreply.github.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 38b6fa47..f6866f7c 100644
--- a/migration.md
+++ b/migration.md
@@ -69,7 +69,7 @@ The procedure for migrating the files and the database works like this:
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
     1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
     1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`.
-The same applies for the second statement, check with `grep " OWNER TO nextcloud;$" database-dump.sql` and replace with `sed -i 's| OWNER TO nextcloud;$| OWNER TO ncadmin;$|' database-dump.sql`.
+The same applies for the second statement, check with `grep " OWNER TO nextcloud;$" database-dump.sql` and replace with `sed -i 's| OWNER TO nextcloud;$| OWNER TO ncadmin;|' database-dump.sql`.
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/database-dump.sql

From 1f2920633db280a6cb56636e70c40ccb8819bd20 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 09:52:37 +0100
Subject: [PATCH 2005/3949] helm chart - adjust strategy to recreate

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 6fe1c10b..1f8858ef 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -214,10 +214,6 @@ find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferD
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
-# shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "/strategy:/d" \{} \; 
-# shellcheck disable=SC1083
 find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 

From f0bf35e57c7db2ba5c4ddfd154552d84d69cd6e4 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 10:24:22 +0100
Subject: [PATCH 2006/3949] helm - only add namespace if it is not default

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 1f8858ef..8fc4ce57 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -218,6 +218,10 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 # shellcheck disable=SC1083
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if ne .Values.NAMESPACE default }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
 VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g' | sort)"
 mapfile -t VOLUMES <<< "$VOLUMES"

From 48f6d8317a84d7b6577036d74a06dfe4a6625850 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 10:40:23 +0100
Subject: [PATCH 2007/3949] increase version of aio app

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 2e8fe027..b6e79feb 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.4.0</version>
+	<version>0.5.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="26" max-version="27"/>
+		<nextcloud min-version="27" max-version="28"/>
 	</dependencies>
 
 	<settings>

From b5469ad3726cd5bd079b042e518312f582f9f49b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 10:46:38 +0100
Subject: [PATCH 2008/3949] update mastercontainer to php8.3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml      |  2 +-
 .github/workflows/lint-php.yml                |  2 +-
 .../workflows/php-deprecation-detector.yml    |  4 +--
 .github/workflows/psalm-update-baseline.yml   |  4 +--
 .github/workflows/psalm.yml                   |  2 +-
 .github/workflows/twig-lint.yml               |  2 +-
 Containers/mastercontainer/Dockerfile         |  4 +--
 php/composer.json                             |  4 +--
 php/composer.lock                             | 28 +++++++++----------
 9 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index dc1824f1..b5f907e9 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: shivammathur/setup-php@v2
       with:
-        php-version: 8.2
+        php-version: 8.3
         extensions: apcu
     - name: Run dependency update script
       run: |
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 41ed1874..2381300b 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.2" ]
+        php-versions: [ "8.3" ]
 
     name: php-lint
 
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 44e2236c..6d88d3c6 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -17,10 +17,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up php8.2
+      - name: Set up php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.2
+          php-version: 8.3
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 266763e3..7ac04412 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up php8.2
+      - name: Set up php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.2
+          php-version: 8.3
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 7ec63d28..de622279 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
         with:
-          php-version: 8.2
+          php-version: 8.3
           extensions: apcu
           coverage: none
           ini-file: development
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 1a185d17..34d6afb6 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.2
+          php-version: 8.3
           extensions: apcu
           coverage: none
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 0ad9eb39..7abe7348 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:25.0.3-cli as docker
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.2/alpine3.19/fpm/Dockerfile
-FROM php:8.2.16-fpm-alpine3.19
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
+FROM php:8.3.3-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/php/composer.json b/php/composer.json
index 32488056..7dd9c8c3 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "8.2.*",
+        "php": "8.3.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.3 \\;"
 	}
 }
diff --git a/php/composer.lock b/php/composer.lock
index f36bb64b..f111306c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
+    "content-hash": "4dcdd3b6df3f2041895d4db74bd45102",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1148,16 +1148,16 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.12.0",
+            "version": "4.13.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18"
+                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/e9e99c2b24398b967841c6c4c3048622cc7e2b18",
-                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/038fd5713d5a41636fdff0e8dcceedecdd17fc17",
+                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17",
                 "shasum": ""
             },
             "require": {
@@ -1166,7 +1166,7 @@
                 "php": "^7.4 || ^8.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.1",
+                "psr/http-message": "^1.1 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
@@ -1174,19 +1174,19 @@
             "require-dev": {
                 "adriansuter/php-autoload-override": "^1.4",
                 "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.5",
+                "guzzlehttp/psr7": "^2.6",
                 "httpsoft/http-message": "^1.1",
                 "httpsoft/http-server-request": "^1.1",
-                "laminas/laminas-diactoros": "^2.17",
+                "laminas/laminas-diactoros": "^2.17 || ^3",
                 "nyholm/psr7": "^1.8",
-                "nyholm/psr7-server": "^1.0",
-                "phpspec/prophecy": "^1.17",
-                "phpspec/prophecy-phpunit": "^2.0",
+                "nyholm/psr7-server": "^1.1",
+                "phpspec/prophecy": "^1.19",
+                "phpspec/prophecy-phpunit": "^2.1",
                 "phpstan/phpstan": "^1.10",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
-                "squizlabs/php_codesniffer": "^3.7"
+                "squizlabs/php_codesniffer": "^3.9"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1259,7 +1259,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-07-23T04:54:29+00:00"
+            "time": "2024-03-03T21:25:30+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -1788,7 +1788,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "8.2.*",
+        "php": "8.3.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

From 995fca1ba6bae9dd8f4ba89f55b715919c0ead01 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:01:11 +0100
Subject: [PATCH 2009/3949] update nextcloud container to php8.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f88197e6..5ec31918 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.1.27-fpm-alpine3.19
+FROM php:8.2.16-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
@@ -169,6 +169,7 @@ RUN set -ex; \
         bz2 \
         imap \
         pgsql \
+        ftp \
     ; \
     pecl install smbclient; \
     docker-php-ext-enable smbclient; \

From b54ff9503a5b5e83c7ba6a37eab62856b630f0f1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:04:22 +0100
Subject: [PATCH 2010/3949] update Nextcloud to 28.0.3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f88197e6..f0141cd0 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 27.1.7
+ENV NEXTCLOUD_VERSION 28.0.3
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 COPY supervisord.conf /supervisord.conf

From fea71433c803f95ab76a14b215f9b4c2e502c7bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:08:08 +0100
Subject: [PATCH 2011/3949] remove upgrade hint from AIO interface

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5c7f8455..124b2684 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -28,7 +28,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 28 %}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From b866fe25db355c31103b84b46be397b0b0419435 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:16:23 +0100
Subject: [PATCH 2012/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 8fc4ce57..2cd0b38e 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -218,7 +218,7 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 # shellcheck disable=SC1083
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if ne .Values.NAMESPACE default }}" \{} \; 
+find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if ne .Values.NAMESPACE \"default\" }}" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 # shellcheck disable=SC1083

From c844b4dbef4c908d7f404dc75c0e584c6cf6f445 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:18:29 +0100
Subject: [PATCH 2013/3949] apache - drop SetEnv proxy-sendcl 1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 8f179328..3d4f812f 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -37,10 +37,6 @@ Listen 8000
         Require all denied
     </Files>
 
-    # Fix zero file sizes 
-    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
-    SetEnv proxy-sendcl 1
-
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
     LimitRequestBody ${APACHE_MAX_SIZE}
 

From 75eb2fd7aa08cfad284d171db878510a9c8e1dd5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:25:30 +0100
Subject: [PATCH 2014/3949] nextcloud - set maintenance_window_start

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 9e356b07..5f917324 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -490,6 +490,10 @@ php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
     php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
+# Set maintenance window so that no warning is shown in the admin overview
+if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
+    php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
+fi
 
 # Apply network settings
 echo "Applying network settings..."

From fd3f6d90180e4fb4c329a4febeb3201a036539eb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 11:48:21 +0100
Subject: [PATCH 2015/3949] secure imaginary with imaginary_key

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile    |  8 +++++---
 Containers/imaginary/start.sh      |  7 +++++++
 Containers/nextcloud/entrypoint.sh |  1 +
 php/containers.json                | 12 +++++++++---
 4 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 Containers/imaginary/start.sh

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 07dd487a..60d3ab4d 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.0-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -23,9 +23,11 @@ RUN set -ex; \
         vips-magick \
         vips-heif \
         vips-jxl \
-        vips-poppler
+        vips-poppler \
+        bash
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
+COPY --chmod=775 start.sh /start.sh
 
 ENV PORT 9000
 
@@ -33,7 +35,7 @@ USER nobody
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/imaginary/start.sh b/Containers/imaginary/start.sh
new file mode 100644
index 00000000..67af02d9
--- /dev/null
+++ b/Containers/imaginary/start.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ -z "$IMAGINARY_SECRET" ]; then
+    imaginary -return-size -max-allowed-resolution 222.2 "$@"
+else
+    imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
+fi
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5f917324..5125e590 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -703,6 +703,7 @@ fi
 if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
     php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
 else
     if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
         php /var/www/html/occ config:system:delete enabledPreviewProviders 0
diff --git a/php/containers.json b/php/containers.json
index f79f1b47..0c780618 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -146,7 +146,8 @@
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
         "SIGNALING_SECRET",
-        "FULLTEXTSEARCH_PASSWORD"
+        "FULLTEXTSEARCH_PASSWORD",
+        "IMAGINARY_SECRET"
       ],
       "volumes": [
         {
@@ -220,7 +221,8 @@
         "APACHE_PORT=%APACHE_PORT%",
         "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
         "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
-        "THIS_IS_AIO=true"
+        "THIS_IS_AIO=true",
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
       ],
       "stop_grace_period": 600,
       "restart": "unless-stopped",
@@ -646,7 +648,8 @@
       ],
       "internal_port": "9000",
       "environment": [
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
       ],
       "restart": "unless-stopped",
       "cap_add": [
@@ -664,6 +667,9 @@
       "read_only": true,
       "tmpfs": [
         "/tmp"
+      ],
+      "secrets": [
+        "IMAGINARY_SECRET"
       ]
     },
     {

From 2416b85f9db1704afc11239442ef89e1f0a94b79 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Mar 2024 12:04:05 +0100
Subject: [PATCH 2016/3949] caddy community container - allow to access
 host.docker.internal

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d71edecc..ed4d7717 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -566,6 +566,9 @@ class DockerActionManager
                 }
                 $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             }
+        // Special things for the caddy community container
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
+            $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
         }
 
         if (count($mounts) > 0) {

From 6a0432177a5ac89c375f0ff92661991f97cf59f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Mar 2024 12:29:52 +0000
Subject: [PATCH 2017/3949] Bump clamav/clamav from 1.3.0-40 to 1.3.0-41 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-40 to 1.3.0-41.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 49c23314..7083b255 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-40
+FROM clamav/clamav:1.3.0-41
 
 COPY clamav.conf /tmp/clamav.conf
 

From 05facb91a150224599772e46b180f72131388e81 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 4 Mar 2024 13:04:33 +0000
Subject: [PATCH 2018/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 60d3ab4d..e1e2bc11 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.0-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From faff549b538d35fcc30e182785860fbc751654ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=B1=CE=B5=D1=8F=D1=8F=CE=B5?=
 <47398145+AiroPi@users.noreply.github.com>
Date: Mon, 4 Mar 2024 20:02:30 +0100
Subject: [PATCH 2019/3949] Add informations about custom caddy rules.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add some "documentation" on how to add custom caddy rules with the caddy community container.

Signed-off-by: Pıεяяε <47398145+AiroPi@users.noreply.github.com>
---
 community-containers/caddy/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 3209acad..42405ac4 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -7,6 +7,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
+- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 48c0b74c4f57af170cc5027641172e01e4024bfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=B1=CE=B5=D1=8F=D1=8F=CE=B5?=
 <47398145+AiroPi@users.noreply.github.com>
Date: Tue, 5 Mar 2024 11:15:23 +0100
Subject: [PATCH 2020/3949] add sudo to the docker command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Pıεяяε <47398145+AiroPi@users.noreply.github.com>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 42405ac4..60c385bf 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -7,7 +7,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
-- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
+- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 0ee79281815cdaa7808eb5cbddf93b1f2cbbff56 Mon Sep 17 00:00:00 2001
From: Robert Zilke <robert@zilke.dev>
Date: Tue, 5 Mar 2024 15:17:24 +0100
Subject: [PATCH 2021/3949] Add note ncadmin is a temporary PostgreSQL user

---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index f6866f7c..b8bf8734 100644
--- a/migration.md
+++ b/migration.md
@@ -33,7 +33,7 @@ The procedure for migrating the files and the database works like this:
         ```
     1. Create a new database by running:
         ```
-        export PG_USER="ncadmin"
+        export PG_USER="ncadmin" # This is a temporary user that gets created for the dump but is then overwritten by the correct one later on
         export PG_PASSWORD="my-temporary-password"
         export PG_DATABASE="nextcloud_db"
         sudo -u postgres psql <<END

From 2978ba98c5edaf13035e99994600e3a9b7c350c6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 5 Mar 2024 15:57:04 +0100
Subject: [PATCH 2022/3949] add one log to imaginary container so that one know
 that it has started

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/imaginary/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/imaginary/start.sh b/Containers/imaginary/start.sh
index 67af02d9..2b93da8f 100644
--- a/Containers/imaginary/start.sh
+++ b/Containers/imaginary/start.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+echo "Imaginary has started"
 if [ -z "$IMAGINARY_SECRET" ]; then
     imaginary -return-size -max-allowed-resolution 222.2 "$@"
 else

From 78c1a63dfe40575ae3189d102bbc4f1280be0d38 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Mar 2024 12:15:37 +0000
Subject: [PATCH 2023/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.9.2.1 to 23.05.9.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b067bc77..e4c21a37 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.9.2.1
+FROM collabora/code:23.05.9.3.1
 
 USER root
 

From e13d6d73e5915319e23155351d0ec957e68a0df7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Mar 2024 12:38:23 +0000
Subject: [PATCH 2024/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e1e2bc11..b3285e0e 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.0-alpine3.18 as go
+FROM golang:1.22.1-alpine3.18 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From a91522702966df892e6d9a8f7d364731220345ee Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 6 Mar 2024 15:05:14 +0100
Subject: [PATCH 2025/3949] add fpt configure

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8924daa7..97869ea9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -58,6 +58,7 @@ RUN set -ex; \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
+    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
     docker-php-ext-configure ldap; \
     docker-php-ext-install -j "$(nproc)" \
         bcmath \

From 1acdfe05e1b9c526e6fbc0cde1035fca6ecd0281 Mon Sep 17 00:00:00 2001
From: S1m <git@sgougeon.fr>
Date: Fri, 8 Mar 2024 08:47:06 +0100
Subject: [PATCH 2026/3949] Disable Apache proxy buffering

---
 Containers/apache/nextcloud.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 3d4f812f..728d19dc 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -14,6 +14,9 @@ Listen 8000
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
 
+    <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
+    </Proxy>
+
     # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
     <IfModule mod_brotli.c>
         AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml

From 224feef3e322ea3dd155aea121dd4a1aff47e5bf Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 8 Mar 2024 09:34:27 +0000
Subject: [PATCH 2027/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 8 +++++++-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 +++++++-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 4 +++-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 +++++++-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 +++++++-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 4 +++-
 .../templates/nextcloud-aio-namespace-namespace.yaml      | 2 ++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 +++++++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 8 +++++++-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 +++++++-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 8 +++++++-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++++-
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++++-
 14 files changed, 75 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a81e9961..baa9ad85 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.13.0
+version: 7.13.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 542920db..155eb5a8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -13,6 +13,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-apache
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -59,13 +61,17 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240228_172209-latest
+          image: nextcloud/aio-apache:20240308_092935-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
               protocol: TCP
             - containerPort: {{ .Values.APACHE_PORT }}
               protocol: UDP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8d95fc48..6f1426da 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -14,6 +14,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-clamav
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -50,11 +52,15 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240228_172209-latest
+          image: nextcloud/aio-clamav:20240308_092935-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /var/lib/clamav
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 93b75ffc..490810ca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240228_172209-latest
+          image: nextcloud/aio-collabora:20240308_092935-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
@@ -46,4 +46,6 @@ spec:
             capabilities:
               add:
                 - MKNOD
+              drop:
+                - NET_RAW
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 24c89b76..2e7cf200 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -13,6 +13,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-database
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -61,11 +63,15 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240228_172209-latest
+          image: nextcloud/aio-postgresql:20240308_092935-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index a4bbf35a..7cecee06 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -14,6 +14,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-fulltextsearch
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -55,11 +57,15 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240228_172209-latest
+          image: nextcloud/aio-fulltextsearch:20240308_092935-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
               name: nextcloud-aio-elasticsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d1954b24..f289a8f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240228_172209-latest
+          image: nextcloud/aio-imaginary:20240308_092935-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
@@ -36,4 +36,6 @@ spec:
             capabilities:
               add:
                 - SYS_NICE
+              drop:
+                - NET_RAW
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index ef732d86..37f54753 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -1,5 +1,7 @@
+{{- if ne .Values.NAMESPACE "default" }}
 apiVersion: v1
 kind: Namespace
 metadata:
   name: "{{ .Values.NAMESPACE }}"
   namespace: "{{ .Values.NAMESPACE }}"
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 3dc92052..8df1b622 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -13,6 +13,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-nextcloud
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -158,13 +160,17 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240228_172209-latest
+          image: nextcloud/aio-nextcloud:20240308_092935-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
               protocol: TCP
             - containerPort: 9001
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 1437caf8..9ac50221 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -13,6 +13,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-notify-push
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -50,11 +52,15 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240228_172209-latest
+          image: nextcloud/aio-notify-push:20240308_092935-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 159e464d..ff74f06d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -14,6 +14,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-onlyoffice
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -43,11 +45,15 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240228_172209-latest
+          image: nextcloud/aio-onlyoffice:20240308_092935-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
               name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 5985bd54..2724b13b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -13,6 +13,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-redis
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -38,11 +40,15 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240228_172209-latest
+          image: nextcloud/aio-redis:20240308_092935-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 36925eaf..343fc026 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240228_172209-latest
+          image: nextcloud/aio-talk:20240308_092935-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
@@ -46,4 +46,8 @@ spec:
               protocol: UDP
             - containerPort: 8081
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 145a3cc2..d79b2df6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,9 +33,13 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240228_172209-latest
+          image: nextcloud/aio-talk-recording:20240308_092935-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
               protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
 {{- end }}

From 97b3f8465ab467987d3a8c4cef8e68f0f0b2bdcc Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 8 Mar 2024 10:50:24 +0100
Subject: [PATCH 2028/3949] increase to 8.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 124b2684..ed1ad63c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.13.1</h1>
+        <h1>Nextcloud AIO v8.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d55723dbea9a50fa6743fe6b6b540fecc26fce2d Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 8 Mar 2024 11:47:05 +0100
Subject: [PATCH 2029/3949] add missing indices on new installation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5125e590..4b24d748 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -327,6 +327,8 @@ DATADIR_PERMISSION_CONF
 
             # Apply other settings
             echo "Applying other settings..."
+            # Add missing indices after new installation because they seem to be missing on new installation
+            php /var/www/html/occ db:add-missing-indices
             php /var/www/html/occ config:system:set upgrade.disable-web --type=bool --value=true
             php /var/www/html/occ config:system:set mail_smtpmode --value="smtp"
             php /var/www/html/occ config:system:set trashbin_retention_obligation --value="auto, 30"

From a9a6aa51dcd9173d058e8339f1588d20cffaeaa9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 11 Mar 2024 12:39:42 +0100
Subject: [PATCH 2030/3949] Make more clear that port 8080 needs to be accessed
 via ip-address

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 1 +
 readme.md                           | 5 +++--
 reverse-proxy.md                    | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 986cf6e0..f4f86164 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -344,6 +344,7 @@ fi
 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
+⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
 
 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"
diff --git a/readme.md b/readme.md
index a4fb9e3f..89ae8a46 100644
--- a/readme.md
+++ b/readme.md
@@ -119,7 +119,8 @@ The following instructions are meant for installations without a web server or r
     Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
-E.g. `https://ip.address.of.this.server:8080`<br><br>
+E.g. `https://ip.address.of.this.server:8080`<br>
+⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br><br>
 If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
 `https://your-domain-that-points-to-this-server.tld:8443`
 4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
@@ -143,7 +144,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP` for the Talk container
 
 ### Explanation of used ports:
-- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`)
+- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
 - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
 - `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
 - `443/TCP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router
diff --git a/reverse-proxy.md b/reverse-proxy.md
index eb9c72bf..14aa18b6 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -699,7 +699,9 @@ Simply translate the docker run command into a docker-compose file. You can have
 Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
 ## 4. Open the AIO interface.
-After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.<br>
+⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
+Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
 ## 5. Optional: get a valid certificate for the AIO interface
 

From bf103b9061263e0b00b06d88e94d8e68f12adbfd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Mar 2024 12:49:40 +0000
Subject: [PATCH 2031/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.9.3.1 to 23.05.9.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e4c21a37..290ba7f8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.9.3.1
+FROM collabora/code:23.05.9.4.1
 
 USER root
 

From 48d891d3900fd50a488755751d0284061c3114e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Mar 2024 12:18:10 +0000
Subject: [PATCH 2032/3949] Bump nats from 2.10.11-scratch to 2.10.12-scratch
 in /Containers/talk

Bumps nats from 2.10.11-scratch to 2.10.12-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index dc3588bf..ad564324 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.11-scratch as nats
+FROM nats:2.10.12-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
 FROM alpine:3.19.1 as janus

From 810dec4a966abbf9dd0d8cd91fa1bdd4dab21303 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Mar 2024 12:22:54 +0100
Subject: [PATCH 2033/3949] nextcloud - update apps_paths to include absolute
 path

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index 32283588..cff5dadd 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -2,12 +2,12 @@
 $CONFIG = array (
   'apps_paths' => array (
       0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
+              'path'     => '/var/www/html/apps',
               'url'      => '/apps',
               'writable' => false,
       ),
       1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
+              'path'     => '/var/www/html/custom_apps',
               'url'      => '/custom_apps',
               'writable' => true,
       ),

From f9e78ba35ee05f4ba05f7101bbb099a194e1410f Mon Sep 17 00:00:00 2001
From: Dennis R <dennis@elsysweyr.com>
Date: Mon, 11 Mar 2024 22:46:57 +0100
Subject: [PATCH 2034/3949] Add private mirror support for OCI references #4362

Signed-off-by: Dennis R <dennis@elsysweyr.com>
---
 .../templates/nextcloud-aio-apache-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 4 ++--
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml           | 4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 nextcloud-aio-helm-chart/values.yaml                        | 4 ++++
 13 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 155eb5a8..fd058e50 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -50,7 +50,7 @@ spec:
             - name: COLLABORA_HOST
               value: nextcloud-aio-collabora
             - name: NC_DOMAIN
-              value: "{{ .Values.NC_DOMAIN }}"
+              value: "{{ .Values.NC_DOMAIN }}"FF
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
             - name: NOTIFY_PUSH_HOST
@@ -61,7 +61,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-apache:20240308_092935-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6f1426da..8d1c2cb5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - mkdir
             - "-p"
@@ -37,7 +37,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chown
             - 100:100
@@ -52,7 +52,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-clamav:20240308_092935-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 490810ca..9c7578e4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-collabora:20240308_092935-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 2e7cf200..d985a81a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - mkdir
             - "-p"
@@ -39,7 +39,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chown
             - 999:999
@@ -63,7 +63,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-postgresql:20240308_092935-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 7cecee06..651b6b90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -57,7 +57,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-fulltextsearch:20240308_092935-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index f289a8f3..2d1a9a4a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-imaginary:20240308_092935-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 8df1b622..4794085c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - rm
             - "-rf"
@@ -37,7 +37,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -160,7 +160,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-nextcloud:20240308_092935-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9ac50221..9e5d63fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -52,7 +52,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-notify-push:20240308_092935-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index ff74f06d..6fe576f6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -45,7 +45,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-onlyoffice:20240308_092935-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 2724b13b..fdb77e84 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: alpine
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
           command:
             - chmod
             - "777"
@@ -40,7 +40,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-redis:20240308_092935-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 343fc026..d11b8287 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-talk:20240308_092935-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d79b2df6..4ce14819 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-talk-recording:20240308_092935-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 16d7cd51..0cf5b1fa 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -10,6 +10,10 @@ TALK_INTERNAL_SECRET:           # TODO! This needs to be a unique and good passw
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 
+IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
+NEXTCLOUD_IMAGE_ORG: "nextcloud"          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.

From 5b3658c6a0290ad396ea3bd8a3b259ede0572dea Mon Sep 17 00:00:00 2001
From: Dennis R <dennis@elsysweyr.com>
Date: Mon, 11 Mar 2024 23:33:56 +0100
Subject: [PATCH 2035/3949] Reflect changes in update-helm.sh and fix
 templating for unset values

Signed-off-by: Dennis R <dennis@elsysweyr.com>
---
 .../nextcloud-aio-apache-deployment.yaml      |  6 +++-
 .../nextcloud-aio-clamav-deployment.yaml      |  8 ++++++
 .../nextcloud-aio-database-deployment.yaml    |  8 ++++++
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  4 +++
 .../nextcloud-aio-nextcloud-deployment.yaml   |  8 ++++++
 .../nextcloud-aio-notify-push-deployment.yaml |  4 +++
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  4 +++
 .../nextcloud-aio-redis-deployment.yaml       |  4 +++
 nextcloud-aio-helm-chart/update-helm.sh       | 28 +++++++++++++++++++
 9 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index fd058e50..290ec273 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -50,7 +54,7 @@ spec:
             - name: COLLABORA_HOST
               value: nextcloud-aio-collabora
             - name: NC_DOMAIN
-              value: "{{ .Values.NC_DOMAIN }}"FF
+              value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
             - name: NOTIFY_PUSH_HOST
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8d1c2cb5..4dfa7a96 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -37,7 +41,11 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chown
             - 100:100
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index d985a81a..a8b514b8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -39,7 +43,11 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chown
             - 999:999
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 651b6b90..540f1abf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 4794085c..c295a832 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - rm
             - "-rf"
@@ -37,7 +41,11 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9e5d63fa..49864c10 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 6fe576f6..d5a5c278 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index fdb77e84..cf4a2a4d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
+          image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 2cd0b38e..4187da53 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -59,7 +59,11 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -68,14 +72,22 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
           volumeMountsInitContainer:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chown
             - 999:999
@@ -85,14 +97,22 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
           volumeMountsInitContainer:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chown
             - 100:100
@@ -102,14 +122,22 @@ EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - rm
             - "-rf"
             - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"

From 4dac111b9fa4da889b37cbca6c37ce6cdcdaff11 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Mar 2024 13:22:57 +0100
Subject: [PATCH 2036/3949] update link

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index d0328ef4..16eb7705 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -15,7 +15,7 @@ Afterwards, you might want to add additional community containers to the default
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
 
 ### Is there a list of ideas for new community containers?
-Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
+Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
 In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.

From 31fa780f29082c901c0c5e14f667487e982e2b8c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 15 Mar 2024 14:44:05 +0100
Subject: [PATCH 2037/3949] add another remote backup guide to readme

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 89ae8a46..babe5ee4 100644
--- a/readme.md
+++ b/readme.md
@@ -387,6 +387,7 @@ Not directly but you have multiple options to achieve this:
 - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
 - Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
 - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
+- Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391
 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
 
 ---

From fd2cb11e403d34571576f91b9ed00666d6115aec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Mar 2024 12:07:05 +0000
Subject: [PATCH 2038/3949] Bump php in /Containers/nextcloud

Bumps php from 8.2.16-fpm-alpine3.19 to 8.2.17-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 97869ea9..b9594aee 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.16-fpm-alpine3.19
+FROM php:8.2.17-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 3ad6d672c33700bafef58e22e2f58ed53366ba57 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 18 Mar 2024 13:13:08 +0100
Subject: [PATCH 2039/3949] community containers - add hint regarding what if
 containers are already running

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 16eb7705..12bad7c0 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -9,7 +9,7 @@ All containers that are in this directory are community maintained so the respon
 ## How to use this?
 Before adding any additional container, make sure to create a backup via the AIO interface!
 
-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop!
+Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.

From ac43b433c8e6ced5e5c3872311c854e470bca899 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Mar 2024 12:46:34 +0000
Subject: [PATCH 2040/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.3.3-fpm-alpine3.19 to 8.3.4-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7abe7348..7c78bb83 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:25.0.3-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.3-fpm-alpine3.19
+FROM php:8.3.4-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

From 03dbbdd111b7794385223e34db4ad6e614eeebfa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Mar 2024 13:01:25 +0000
Subject: [PATCH 2041/3949] Bump clamav/clamav from 1.3.0-41 to 1.3.0-43 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-41 to 1.3.0-43.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 7083b255..c8920ead 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-41
+FROM clamav/clamav:1.3.0-43
 
 COPY clamav.conf /tmp/clamav.conf
 

From a00310f4e4e94e5c5aeffdd4bde0e1723c5d8ec0 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 19 Mar 2024 12:08:31 +0100
Subject: [PATCH 2042/3949] log the whole error message when network creation
 fails

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ed4d7717..8a8b1ab2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -879,7 +879,7 @@ class DockerActionManager
         } catch (RequestException $e) {
             // 409 is undocumented and gets thrown if the network already exists.
             if ($e->getCode() !== 409) {
-                throw $e;
+                throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
             }
         }
 

From 02d9e3a3c5924d9957182a38c0957d5fd24964de Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 19 Mar 2024 12:02:57 +0000
Subject: [PATCH 2043/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml  | 2 ++
 manual-install/sample.conf | 1 +
 2 files changed, 3 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index b0ec690b..3481b555 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -149,6 +149,7 @@ services:
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
       - APACHE_PORT=${APACHE_PORT}
       - APACHE_IP_BINDING=${APACHE_IP_BINDING}
+      - IMAGINARY_SECRET=${IMAGINARY_SECRET}
     stop_grace_period: 600s
     restart: unless-stopped
     networks:
@@ -322,6 +323,7 @@ services:
       - "9000"
     environment:
       - TZ=${TIMEZONE}
+      - IMAGINARY_SECRET=${IMAGINARY_SECRET}
     restart: unless-stopped
     cap_add:
       - SYS_NICE
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index c2c5ed76..e4fcff5f 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,5 +1,6 @@
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD=          # TODO! This needs to be a unique and good password!
+IMAGINARY_SECRET=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!

From 976aca9139235fe95223ea4bfc47dfb262aa41e5 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 20 Mar 2024 08:42:56 +0100
Subject: [PATCH 2044/3949] fix regex

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3b3cba5d..c6a47537 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -742,7 +742,7 @@ class ConfigurationManager
             // Trim all unwanted chars on both sites
             $entry = trim($entry);
             if ($entry !== "") {
-                if (!preg_match("#^/[.0-1a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
+                if (!preg_match("#^/[.0-9a-zA-Z/_-]+$#", $entry) && !preg_match("#^[.0-9a-zA-Z_-]+$#", $entry)) {
                     throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
                 }
                 $validDirectories .= rtrim($entry, '/') . PHP_EOL;

From c91c0b98679e127b02a3b53e66a125c4d6499bc7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Mar 2024 12:26:51 +0000
Subject: [PATCH 2045/3949] Bump docker from 25.0.3-cli to 25.0.5-cli in
 /Containers/mastercontainer

Bumps docker from 25.0.3-cli to 25.0.5-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7abe7348..416c6a08 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:25.0.3-cli as docker
+FROM docker:25.0.5-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From b961792d6854919452695267d71c5aa31ec65a19 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 14 Mar 2024 12:40:17 +0100
Subject: [PATCH 2046/3949] update the script

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 4187da53..4545a413 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -300,6 +300,8 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
 
+# shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i 's|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/|' \{} \; 
 
 cd ../
 mkdir -p ../helm-chart/
@@ -354,6 +356,10 @@ SMTP_NAME:         # (empty by default): The username for the authentication.
 SMTP_PASSWORD:         # (empty by default): The password for the authentication.
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+
+IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
+NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
 ADDITIONAL_CONFIG
 
 mv /tmp/sample.conf ../helm-chart/values.yaml

From dac6b57e0a14ac015b9583824256d92e3502e326 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 20 Mar 2024 17:09:31 +0100
Subject: [PATCH 2047/3949] Revert "Reflect changes in update-helm.sh and fix
 templating for unset values"

This reverts commit 5b3658c6a0290ad396ea3bd8a3b259ede0572dea.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +-----
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 --------
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 --------
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 4 ----
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 --------
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 4 ----
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 4 ----
 .../templates/nextcloud-aio-redis-deployment.yaml         | 4 ----
 8 files changed, 1 insertion(+), 45 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 290ec273..fd058e50 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
@@ -54,7 +50,7 @@ spec:
             - name: COLLABORA_HOST
               value: nextcloud-aio-collabora
             - name: NC_DOMAIN
-              value: "{{ .Values.NC_DOMAIN }}"
+              value: "{{ .Values.NC_DOMAIN }}"FF
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
             - name: NOTIFY_PUSH_HOST
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 4dfa7a96..8d1c2cb5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,11 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -41,11 +37,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 100:100
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index a8b514b8..d985a81a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -43,11 +39,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 999:999
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 540f1abf..651b6b90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,11 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index c295a832..4794085c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - rm
             - "-rf"
@@ -41,11 +37,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 49864c10..9e5d63fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d5a5c278..6fe576f6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,11 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index cf4a2a4d..fdb77e84 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"

From 33eb9c99eaffead22a986febbad3b809e2ef2455 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 20 Mar 2024 17:09:41 +0100
Subject: [PATCH 2048/3949] Revert "Add private mirror support for OCI
 references #4362"

This reverts commit f9e78ba35ee05f4ba05f7101bbb099a194e1410f.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 4 ++--
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml           | 4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 nextcloud-aio-helm-chart/values.yaml                        | 4 ----
 13 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index fd058e50..155eb5a8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -50,7 +50,7 @@ spec:
             - name: COLLABORA_HOST
               value: nextcloud-aio-collabora
             - name: NC_DOMAIN
-              value: "{{ .Values.NC_DOMAIN }}"FF
+              value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
             - name: NOTIFY_PUSH_HOST
@@ -61,7 +61,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-apache:20240308_092935-latest"
+          image: nextcloud/aio-apache:20240308_092935-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8d1c2cb5..6f1426da 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - mkdir
             - "-p"
@@ -37,7 +37,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chown
             - 100:100
@@ -52,7 +52,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-clamav:20240308_092935-latest"
+          image: nextcloud/aio-clamav:20240308_092935-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 9c7578e4..490810ca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-collabora:20240308_092935-latest"
+          image: nextcloud/aio-collabora:20240308_092935-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index d985a81a..2e7cf200 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - mkdir
             - "-p"
@@ -39,7 +39,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chown
             - 999:999
@@ -63,7 +63,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-postgresql:20240308_092935-latest"
+          image: nextcloud/aio-postgresql:20240308_092935-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 651b6b90..7cecee06 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -57,7 +57,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-fulltextsearch:20240308_092935-latest"
+          image: nextcloud/aio-fulltextsearch:20240308_092935-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2d1a9a4a..f289a8f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-imaginary:20240308_092935-latest"
+          image: nextcloud/aio-imaginary:20240308_092935-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 4794085c..8df1b622 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - rm
             - "-rf"
@@ -37,7 +37,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -160,7 +160,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-nextcloud:20240308_092935-latest"
+          image: nextcloud/aio-nextcloud:20240308_092935-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9e5d63fa..9ac50221 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -52,7 +52,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-notify-push:20240308_092935-latest"
+          image: nextcloud/aio-notify-push:20240308_092935-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 6fe576f6..ff74f06d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -45,7 +45,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-onlyoffice:20240308_092935-latest"
+          image: nextcloud/aio-onlyoffice:20240308_092935-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index fdb77e84..2724b13b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: alpine
           command:
             - chmod
             - "777"
@@ -40,7 +40,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-redis:20240308_092935-latest"
+          image: nextcloud/aio-redis:20240308_092935-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d11b8287..343fc026 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-talk:20240308_092935-latest"
+          image: nextcloud/aio-talk:20240308_092935-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4ce14819..d79b2df6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG}}/aio-talk-recording:20240308_092935-latest"
+          image: nextcloud/aio-talk-recording:20240308_092935-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 0cf5b1fa..16d7cd51 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -10,10 +10,6 @@ TALK_INTERNAL_SECRET:           # TODO! This needs to be a unique and good passw
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
 
-IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
-NEXTCLOUD_IMAGE_ORG: "nextcloud"          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.

From 1abdc32fdaf69211c082fe106e984ae9444ba5ea Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 21 Mar 2024 04:09:30 +0000
Subject: [PATCH 2049/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 9dba49fe..2771cd06 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.22.2@d768d914152dbbf3486c36398802f74e80cfde48"/>
+<files psalm-version="5.23.1@8471a896ccea3526b26d082f4461eeea467f10a4"/>

From 9d5f9ca0a5b287297ed1297adcbf74f88b101fc5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Mar 2024 08:09:35 +0000
Subject: [PATCH 2050/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                  |  2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml   |  6 +++++-
 .../templates/nextcloud-aio-clamav-deployment.yaml   | 10 +++++++++-
 .../nextcloud-aio-collabora-deployment.yaml          |  2 +-
 .../templates/nextcloud-aio-database-deployment.yaml | 10 +++++++++-
 .../nextcloud-aio-fulltextsearch-deployment.yaml     |  6 +++++-
 .../nextcloud-aio-imaginary-deployment.yaml          |  4 +++-
 .../nextcloud-aio-nextcloud-deployment.yaml          | 12 +++++++++++-
 .../nextcloud-aio-notify-push-deployment.yaml        |  6 +++++-
 .../nextcloud-aio-onlyoffice-deployment.yaml         |  6 +++++-
 .../templates/nextcloud-aio-redis-deployment.yaml    |  6 +++++-
 .../templates/nextcloud-aio-talk-deployment.yaml     |  2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml     |  2 +-
 nextcloud-aio-helm-chart/values.yaml                 |  5 +++++
 14 files changed, 66 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index baa9ad85..7d435e60 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.13.1
+version: 8.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 155eb5a8..5e7984b7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -61,7 +65,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-apache:20240321_080708-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6f1426da..4d77ad85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -37,7 +41,11 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chown
             - 100:100
@@ -52,7 +60,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-clamav:20240321_080708-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 490810ca..5b5cc0a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-collabora:20240321_080708-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 2e7cf200..6ba319ba 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -39,7 +43,11 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chown
             - 999:999
@@ -63,7 +71,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-postgresql:20240321_080708-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 7cecee06..ffe74631 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -57,7 +61,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-fulltextsearch:20240321_080708-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index f289a8f3..7494731c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -25,9 +25,11 @@ spec:
     spec:
       containers:
         - env:
+            - name: IMAGINARY_SECRET
+              value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-imaginary:20240321_080708-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 8df1b622..634aea24 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - rm
             - "-rf"
@@ -37,7 +41,11 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -104,6 +112,8 @@ spec:
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
               value: nextcloud-aio-imaginary
+            - name: IMAGINARY_SECRET
+              value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: INSTALL_LATEST_MAJOR
               value: "{{ .Values.INSTALL_LATEST_MAJOR }}"
             - name: NC_DOMAIN
@@ -160,7 +170,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-nextcloud:20240321_080708-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9ac50221..c7730a66 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -52,7 +56,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-notify-push:20240321_080708-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index ff74f06d..330f9334 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,7 +27,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -45,7 +49,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-onlyoffice:20240321_080708-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 2724b13b..0f6a8e33 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,7 +26,11 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
+          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          {{- else }}
           image: alpine
+          {{- end }}
           command:
             - chmod
             - "777"
@@ -40,7 +44,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-redis:20240321_080708-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 343fc026..5319f6d9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-talk:20240321_080708-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d79b2df6..f58eccd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20240308_092935-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-talk-recording:20240321_080708-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 16d7cd51..51440408 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,5 +1,6 @@
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD:           # TODO! This needs to be a unique and good password!
+IMAGINARY_SECRET:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
@@ -60,3 +61,7 @@ SMTP_NAME:         # (empty by default): The username for the authentication.
 SMTP_PASSWORD:         # (empty by default): The password for the authentication.
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+
+IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
+NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.

From 9a9fb8bc8b802f8ea5c8a7b18e01561477c211eb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 18 Mar 2024 12:36:06 +0100
Subject: [PATCH 2051/3949] aio interface - adjust wording for disable daily
 backups button

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ed1ad63c..fee107bb 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -494,7 +494,7 @@
                                                 <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Disable daily backups" />
+                                                <input class="button" type="submit" value="Disable or change daily backups" />
                                             </form>
                                         {% endif %}
 

From 5f97e7e2eec0e5f78ba4d225878760401de94746 Mon Sep 17 00:00:00 2001
From: skjnldsv <skjnldsv@protonmail.com>
Date: Fri, 8 Mar 2024 20:30:52 +0100
Subject: [PATCH 2052/3949] chore: update workflows from templates

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 8 ++++----
 .github/workflows/psalm.yml    | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 2381300b..69db96dd 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -33,10 +33,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4 # v3.5.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
@@ -47,10 +47,10 @@ jobs:
       - name: Lint
         run: cd php && composer run lint
 
-  php-lint-summary:
+  summary:
     permissions:
       contents: none
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-low
     needs: php-lint
 
     if: always()
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index de622279..3b0b89f3 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -23,13 +23,13 @@ jobs:
   static-analysis:
     runs-on: ubuntu-latest
 
-    name: Nextcloud
+    name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@v4 # v3.5.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
         with:
           php-version: 8.3
           extensions: apcu

From a6f2a3c76de58be156d4f4b15855b6955e7537df Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 22 Mar 2024 09:58:19 +0100
Subject: [PATCH 2053/3949] add dbindex for redis as comment

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/config/redis.config.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index a5fde3c7..e51b3022 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -6,6 +6,7 @@ if (getenv('REDIS_HOST')) {
     'redis' => array(
       'host' => getenv('REDIS_HOST'),
       'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      // 'dbindex' => (int) getenv('REDIS_DB_INDEX'),
     ),
   );
 

From e422e0861f4945ff19d05e6cef007f6321ff708c Mon Sep 17 00:00:00 2001
From: Alison McCue <gh@maladroit.me>
Date: Sat, 23 Mar 2024 11:16:29 -0400
Subject: [PATCH 2054/3949] Fixed a typo in containers.twig

Signed-off-by: Alison McCue <gh@maladroit.me>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fee107bb..598ee8b0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -153,7 +153,7 @@
                                             <input class="button" type="submit" value="Check backup integrity"/><br/>
                                         </form>
                                     {% endif %}
-                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!<br><br>
+                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO password will be kept and the previous AIO password will not be restored from backup!<br><br>
                                     <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From 55d697166811382ab21ecc5fedb7d0ad446f99bd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 25 Mar 2024 11:18:23 +0100
Subject: [PATCH 2055/3949] adjust comment

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index f4f86164..8ea80817 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -47,7 +47,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
     DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
-    # Check if a group with the same group id of /var/run/docker.socket already exists in the container
+    # Check if a group with the same group name of /var/run/docker.socket already exists in the container
     if grep -q "^$DOCKER_GROUP:" /etc/group; then
         # If yes, add www-data to that group
         echo "Adding internal www-data to group $DOCKER_GROUP"

From f001c6f9550dc76ef85c38ae8abebf61caac1530 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Mar 2024 12:34:26 +0000
Subject: [PATCH 2056/3949] Bump clamav/clamav from 1.3.0-43 to 1.3.0-44 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-43 to 1.3.0-44.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c8920ead..0c285dfe 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-43
+FROM clamav/clamav:1.3.0-44
 
 COPY clamav.conf /tmp/clamav.conf
 

From e8dc3692a0a05e34e68cb537cee890e220076560 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 26 Mar 2024 13:39:54 +0100
Subject: [PATCH 2057/3949] fix(helm): image repo transformation yielding
 invalid yaml string syntax

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 4545a413..bf83b834 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -301,7 +301,7 @@ EOL
 find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
 
 # shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i 's|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/|' \{} \; 
+find ./ -name '*deployment.yaml' -exec sed -i 's|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;s/$/"/;' \{} \;
 
 cd ../
 mkdir -p ../helm-chart/

From 0f89c6eaed65756e4bd4cd54612442e7eb6d7cca Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 26 Mar 2024 13:54:02 +0100
Subject: [PATCH 2058/3949] update helm chart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                         | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7d435e60..d2555fe6 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.0.0
+version: 8.0.0-1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 5e7984b7..661a5908 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -65,7 +65,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-apache:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240321_080708-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 4d77ad85..0d0f09c7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-clamav:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240321_080708-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5b5cc0a0..24437097 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-collabora:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240321_080708-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 6ba319ba..8ae5cd90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -71,7 +71,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-postgresql:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240321_080708-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ffe74631..49e58d01 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-fulltextsearch:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240321_080708-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 7494731c..068349a9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -29,7 +29,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-imaginary:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240321_080708-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 634aea24..204970e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -170,7 +170,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-nextcloud:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240321_080708-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index c7730a66..d2ce79e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-notify-push:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240321_080708-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 330f9334..0fb72534 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -49,7 +49,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-onlyoffice:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240321_080708-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0f6a8e33..388f0232 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-redis:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240321_080708-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 5319f6d9..49456542 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-talk:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240321_080708-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index f58eccd5..3bff1528 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}"/aio-talk-recording:20240321_080708-latest
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240321_080708-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index bf83b834..1cf2327a 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -301,7 +301,7 @@ EOL
 find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
 
 # shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i 's|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;s/$/"/;' \{} \;
+find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
 
 cd ../
 mkdir -p ../helm-chart/

From e7b587f73d44fedecfdb24d500d4636dc53394d1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 26 Mar 2024 14:06:27 +0100
Subject: [PATCH 2059/3949] run helm lint to catch any problems

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/helm-release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index c1f7f861..68a17875 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -36,6 +36,10 @@ jobs:
         with:
           version: v3.6.3
 
+      - name: Run Helm Lint
+        run: |
+          helm lint ./nextcloud-aio-helm-chart
+
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.6.0
         with:

From ce43fe96a9d53f527d46a5dbf94531e163daf95b Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 26 Mar 2024 14:11:55 +0100
Subject: [PATCH 2060/3949] ci(lint-helm): simplify workflow

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 .github/workflows/lint-helm.yml | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 626c9c8d..96374721 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -1,4 +1,4 @@
-name: Lint and Test Charts
+name: Lint Helm Charts
 
 on:
   workflow_dispatch:
@@ -8,7 +8,7 @@ on:
 
 jobs:
   lint-helm:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -20,16 +20,5 @@ jobs:
         with:
           version: v3.11.1
 
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-
-      - name: Run chart-testing (lint)
-        id: lint
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
-
-      - name: Create kind cluster
-        uses: helm/kind-action@v1.9.0
-
-      - name: Run chart-testing (install)
-        id: install
-        run: ct install --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart
+      - name: Lint charts
+        run: helm lint nextcloud-aio-helm-chart

From 43c16a086fd6d33bc6bd840e3000441b81a897a8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Mar 2024 12:48:53 +0000
Subject: [PATCH 2061/3949] Bump elasticsearch from 8.12.2 to 8.13.0 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.12.2 to 8.13.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index d1fe922f..3beeedfe 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.12.2
+FROM elasticsearch:8.13.0
 
 USER root
 

From 0b31db1b2189ee57269c03e0970763fd645bfa89 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Mar 2024 12:10:58 +0100
Subject: [PATCH 2062/3949] nextcloud container - add redis session handler to
 Dockerfile

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  8 ++++++++
 Containers/nextcloud/entrypoint.sh | 11 -----------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b9594aee..1b83bcdc 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -117,6 +117,14 @@ RUN set -ex; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
+    { \
+        echo 'session.save_handler = redis'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"'; \
+        echo 'redis.session.locking_enabled = 1'; \
+        echo 'redis.session.lock_retries = -1'; \
+        echo 'redis.session.lock_wait_time = 10000'; \
+    } > /usr/local/etc/php/conf.d/redis-session.ini; \
+    \
     mkdir -p /var/www/data; \
     chown -R www-data:root /var/www; \
     chmod -R g=u /var/www; \
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4b24d748..ca22682d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -19,17 +19,6 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
-echo "Configuring Redis as session handler..."
-cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
-session.save_handler = redis
-session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
-redis.session.locking_enabled = 1
-redis.session.lock_retries = -1
-# redis.session.lock_wait_time is specified in microseconds.
-# Wait 10ms before retrying the lock rather than the default 2ms.
-redis.session.lock_wait_time = 10000
-REDIS_CONF
-
 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then

From 590012ae38240bc3288816977317558d001cf62f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Mar 2024 12:49:52 +0100
Subject: [PATCH 2063/3949] nextcloud - adjust COLLABORA_HOST logic

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ca22682d..518a2219 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -539,6 +539,11 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://
 
 # Collabora
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
+    set -x
+    if [ "$COLLABORA_HOST" = "nextcloud-.*-collabora" ]; then
+        COLLABORA_HOST="$NC_DOMAIN"
+    fi
+    set +x
     if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:install richdocuments
     elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
@@ -546,10 +551,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update richdocuments
     fi
-    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
+    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$COLLABORA_HOST/"
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    COLLABORA_IPv4_ADDRESS="$(dig "$COLLABORA_HOST" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    COLLABORA_IPv6_ADDRESS="$(dig "$COLLABORA_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
     COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
     if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
@@ -560,7 +565,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -571,7 +576,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for $NC_DOMAIN."
+        echo "No ipv6-address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
         PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'

From 90e9791008b4bdaa6ed3d6379995fb80e614a09d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Mar 2024 12:18:27 +0000
Subject: [PATCH 2064/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.9.4.1 to 23.05.10.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 290ba7f8..9069429b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.9.4.1
+FROM collabora/code:23.05.10.1.1
 
 USER root
 

From 44646615dda7830bde60d6f90a6ca7dbd63db574 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 28 Mar 2024 12:47:57 +0000
Subject: [PATCH 2065/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1b83bcdc..768a9300 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.3
+ENV NEXTCLOUD_VERSION 28.0.4
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 COPY supervisord.conf /supervisord.conf

From 94880e1e98d883f741655f44b5959f19899baa9f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Mar 2024 15:18:38 +0100
Subject: [PATCH 2066/3949] increase to 8.1.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 598ee8b0..a8d09147 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.0.0</h1>
+        <h1>Nextcloud AIO v8.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d7d352ebdd67eedb9ca13b1b087d8c5d751f6b17 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Mar 2024 15:36:50 +0100
Subject: [PATCH 2067/3949] fix redis sessions

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 768a9300..a382b521 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -119,7 +119,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?auth=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \

From 9f6f396447ceddcc65721636f963c01fa7a94aea Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 28 Mar 2024 15:53:57 +0100
Subject: [PATCH 2068/3949] fix grepping for collabora string

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 518a2219..0adc3fdc 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -540,7 +540,7 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://
 # Collabora
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     set -x
-    if [ "$COLLABORA_HOST" = "nextcloud-.*-collabora" ]; then
+    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
         COLLABORA_HOST="$NC_DOMAIN"
     fi
     set +x

From cd81cbd0a34aba2dc422f6aece9f5b6091e814e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Apr 2024 12:22:46 +0000
Subject: [PATCH 2069/3949] Bump clamav/clamav from 1.3.0-44 to 1.3.0-45 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-44 to 1.3.0-45.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 0c285dfe..3b6fcb78 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-44
+FROM clamav/clamav:1.3.0-45
 
 COPY clamav.conf /tmp/clamav.conf
 

From 9736a77f10d36a1726fe3891902399251f45c0cb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 2 Apr 2024 14:57:53 +0200
Subject: [PATCH 2070/3949] fail2ban - add further debugging hint for issue

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/fail2ban/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 0af34005..a3d5aca2 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -4,6 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
+- If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From fc0fde93b54bc2e192fae1e50c9195166876d1fd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 Apr 2024 13:16:50 +0200
Subject: [PATCH 2071/3949] add some more infos to jellyfin and plex

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/jellyfin/readme.md | 2 ++
 community-containers/plex/readme.md     | 1 +
 2 files changed, 3 insertions(+)

diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
index 5292928b..f744069b 100644
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -5,8 +5,10 @@ This container bundles Jellyfin and auto-configures it for you.
 - This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
 - This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
+- This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
 - In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
 - ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
+- If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important!
 - The data of Jellyfin will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
 
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index a3f679cc..c9553645 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -5,6 +5,7 @@ This container bundles Plex and auto-configures it for you.
 - This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
 - This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
 - After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account
 - The data of Plex will be automatically included in AIOs backup solution!

From ac2891289ebb27c81cfccf76da8e414bb031aeb8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 3 Apr 2024 12:03:26 +0000
Subject: [PATCH 2072/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile     | 2 +-
 Containers/talk/server.conf.in | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ad564324..fa0c89b0 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
 FROM alpine:3.19.1 as janus
 
-ARG JANUS_VERSION=v0.14.1
+ARG JANUS_VERSION=v0.14.2
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index 2a44a9a7..4df82b5e 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -221,6 +221,8 @@ connectionsperhost = 8
 # register an account at "https://www.maxmind.com/en/geolite2/signup" for
 # free. See "https://dev.maxmind.com/geoip/geoip2/geolite2/" for further
 # information.
+# You can also get a free GeoIP database from https://db-ip.com/ without
+# registration. Provide the URL below in this case.
 # Leave empty to disable GeoIP lookups.
 #license =
 

From 913394073b868d2f07c4f2e675e96cd1c68e0644 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 3 Apr 2024 15:37:58 +0200
Subject: [PATCH 2073/3949] finish this

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 51d965b6..f2ad3af2 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -102,6 +102,10 @@ Add this as a new Apache site config:
     SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
     SSLHonorCipherOrder     off
     SSLSessionTickets       off
+
+    # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
+    # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
+    # In this case the subdomain should already be secured without additional actions
     SSLCertificateFile /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/<your-nc-domain>/privkey.pem
 
@@ -357,7 +361,9 @@ server {
         proxy_set_header Connection $connection_upgrade;
     }
 
-    #if running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. In this case the subdomain should already be secured without additional actions
+    # If running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
+    # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
+    # In this case the subdomain should already be secured without additional actions
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 

From 6f8b06294ed3af987a21f74ba52468c7a0a31396 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Apr 2024 21:28:46 +0200
Subject: [PATCH 2074/3949] rp docs - add hint that contributions to improve
 the docs are welcome

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 3e4745f2..ffc0ea10 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,5 +1,7 @@
 # Reverse Proxy Documentation
 
+**Note:** The maintainers of AIO noticed that this documentation is not easy. All contributions that improve this are very welcome!
+
 A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).

From 6530c5afc386de3c8ad82cc9423373e7f2c0e4f0 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 4 Apr 2024 10:26:42 +0200
Subject: [PATCH 2075/3949] Add lldap comunity container (#4398)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md   |  2 +-
 community-containers/lldap/lldap.json  | 46 +++++++++++++++++
 community-containers/lldap/readme.md   | 70 ++++++++++++++++++++++++++
 php/src/Data/ConfigurationManager.php  |  8 +++
 php/src/Docker/DockerActionManager.php |  2 +
 5 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/lldap/lldap.json
 create mode 100644 community-containers/lldap/readme.md

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 60c385bf..a6400b25 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
new file mode 100644
index 00000000..3592f179
--- /dev/null
+++ b/community-containers/lldap/lldap.json
@@ -0,0 +1,46 @@
+{
+  "aio_services_v1": [
+    {
+      "container_name": "nextcloud-aio-lldap",
+      "display_name": "Light LDAP implementation",
+      "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
+      "image": "lldap/lldap",
+      "image_tag": "v0-alpine",
+      "internal_port": "17170",
+      "restart": "unless-stopped",
+      "ports": [
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "17170",
+          "protocol": "tcp"
+        }
+      ],
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "UID=65534",
+        "GID=65534",
+        "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%",
+        "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%",
+        "LLDAP_LDAP_BASE_DN=%NC_BASE_DN%"
+      ],
+      "secrets": [
+        "LLDAP_JWT_SECRET",
+        "LLDAP_LDAP_USER_PASS"
+      ],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_lldap",
+          "destination": "/data",
+          "writeable": true
+        }
+      ],
+      "backup_volumes": [
+        "nextcloud_aio_lldap"
+      ],
+      "nextcloud_exec_commands": [
+        "php /var/www/html/occ app:install user_ldap",
+        "php /var/www/html/occ app:enable user_ldap"
+      ]
+    }
+  ]
+}
diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
new file mode 100644
index 00000000..03f81cdf
--- /dev/null
+++ b/community-containers/lldap/readme.md
@@ -0,0 +1,70 @@
+## Light LDAP server
+This container bundles LLDAP server and auto-configures your nextcloud instance for you.
+
+### Notes
+- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
+- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)<br>
+    First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste.
+    ```bash
+    # Now go into the container
+    sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
+    ```
+    Now inside the container:
+    ```bash
+    # Get Base
+    BASE_DN="dc=${NC_DOMAIN//./,dc=}"
+    
+    # Create a new empty ldap config
+    CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
+  
+    # Set the ldap password
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "<your-password>"
+
+    # Set the ldap config
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName                "uid=ro_admin,ou=people,$BASE_DN"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase                     "$BASE_DN"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups               "$BASE_DN"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers                "$BASE_DN"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL                 600
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive      1
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute           "mail"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin         0
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber                "gidNumber"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName         "cn"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter              "(&(objectclass=groupOfUniqueNames))"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups        ""
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode          0
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass   "groupOfUniqueNames"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr     "uniqueMember"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost                     "nextcloud-aio-lldap"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes    "uid"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail         0
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername      1
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups             0
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize               500
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort                     3890
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS                      0
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule           "default"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName          "displayname"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter               "(&(objectClass=person)(uid=%uid))"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode           1
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass    "person"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute       "auto"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute        "auto"
+    php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange         0
+
+    # Test the ldap config
+    php /var/www/html/occ ldap:test-config "$NAME"
+  
+    # Exit the container shell
+    exit
+    ```
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/lldap/lldap
+
+### Maintainer
+https://github.com/docjyj
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c6a47537..a4693330 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -386,6 +386,14 @@ class ConfigurationManager
         return $config['domain'];
     }
 
+    public function GetBaseDN() : string {
+        $domain = $this->GetDomain();
+        if ($domain === "") {
+            return "";
+        }
+        return 'dc=' . implode(',dc=', explode('.', $domain));
+    }
+
     public function GetBackupMode() : string {
         $config = $this->GetConfig();
         if(!isset($config['backup-mode'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8a8b1ab2..5b65f4b0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -283,6 +283,8 @@ class DockerActionManager
 
                 if($out[1] === 'NC_DOMAIN') {
                     $replacements[1] = $this->configurationManager->GetDomain();
+                } elseif($out[1] === 'NC_BASE_DN') {
+                    $replacements[1] = $this->configurationManager->GetBaseDN();
                 } elseif ($out[1] === 'AIO_TOKEN') {
                     $replacements[1] = $this->configurationManager->GetToken();
                 } elseif ($out[1] === 'BORGBACKUP_MODE') {

From bbf826659d08cd85607c1ecf62114e28732d46d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 10:31:21 +0200
Subject: [PATCH 2076/3949] update ldap docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index babe5ee4..19f910b2 100644
--- a/readme.md
+++ b/readme.md
@@ -709,7 +709,7 @@ All users see a set of [default files and folders](https://docs.nextcloud.com/se
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 
 ### LDAP
-It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/406#discussioncomment-7133555
+It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. There is now a community container which allows to easily add LLDAP to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap
 
 ### Netdata
 Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/392#discussioncomment-7133563

From 1a2299260bdabf1ed15a75cd4a9b617e924aaad1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 4 Apr 2024 09:24:14 +0000
Subject: [PATCH 2077/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index d2555fe6..72dc94c2 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.0.0-1
+version: 8.1.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 661a5908..e43add5e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -65,7 +65,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240404_082330-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 0d0f09c7..d843a61f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240404_082330-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 24437097..3a45a1f1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240404_082330-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8ae5cd90..9c0cc6a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -71,7 +71,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240404_082330-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 49e58d01..c6e4ea2f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240404_082330-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 068349a9..04f07cd3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -29,7 +29,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240404_082330-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 204970e7..ecc2f30d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -170,7 +170,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240404_082330-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index d2ce79e3..a479f5af 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240404_082330-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0fb72534..c12e6857 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -49,7 +49,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240404_082330-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 388f0232..6ea4810e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240404_082330-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 49456542..d4843093 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240404_082330-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 3bff1528..5d48cdb5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240321_080708-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240404_082330-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From e433bc27fe52c8fa7c71e351b04b10d81f61cadf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 11:03:02 +0200
Subject: [PATCH 2078/3949] helm chart - allow to adjust
 TALK_MAX_STREAM_BITRATE

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh                                 | 6 ++++++
 .../templates/nextcloud-aio-talk-deployment.yaml         | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                  | 9 +++++++++
 nextcloud-aio-helm-chart/values.yaml                     | 1 +
 4 files changed, 18 insertions(+)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index d40e5ee5..76bfbb81 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -56,6 +56,10 @@ TURN_CONF
 # Remove empty lines so that the config is not invalid
 sed -i '/""/d' /conf/eturnal.yml
 
+if [ -z "$TALK_MAX_STREAM_BITRATE" ]; then
+    TALK_MAX_STREAM_BITRATE=1048576
+fi
+
 # Signling
 cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
@@ -80,6 +84,7 @@ connectionsperhost = 8
 [backend-1]
 url = https://${NC_DOMAIN}
 secret = ${SIGNALING_SECRET}
+maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 
 [nats]
 url = nats://127.0.0.1:4222
@@ -87,6 +92,7 @@ url = nats://127.0.0.1:4222
 [mcu]
 type = janus
 url = ws://127.0.0.1:8188
+maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 SIGNALING_CONF
 
 exec "$@"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d4843093..2f641a16 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -25,6 +25,8 @@ spec:
     spec:
       containers:
         - env:
+            - name: TALK_MAX_STREAM_BITRATE
+              value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
             - name: INTERNAL_SECRET
               value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 1cf2327a..c1719ef2 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -300,6 +300,14 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
 
+# Additional config
+cat << EOL > /tmp/additional-talk.config
+            - name: TALK_MAX_STREAM_BITRATE
+              value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
+
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
 
@@ -356,6 +364,7 @@ SMTP_NAME:         # (empty by default): The username for the authentication.
 SMTP_PASSWORD:         # (empty by default): The password for the authentication.
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 51440408..f554d9b8 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -61,6 +61,7 @@ SMTP_NAME:         # (empty by default): The username for the authentication.
 SMTP_PASSWORD:         # (empty by default): The password for the authentication.
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.

From 9a4e7e6abd18e30e51a18b04788abfe653b23d7d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 11:33:45 +0200
Subject: [PATCH 2079/3949] increase to 8.2.0-dev

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 72dc94c2..eef44781 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.1.0
+version: 8.2.0-dev
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 2f641a16..75db22fd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -39,7 +39,8 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:develop"
+          imagePullPolicy: Always
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

From 6c6f0e2909e95d635e0ca24aaa54a55abd035b50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Apr 2024 09:53:48 +0000
Subject: [PATCH 2080/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.2.3 to 1.2.4.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fa0c89b0..3ad643fb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.12-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
 FROM alpine:3.19.1 as janus
 
 ARG JANUS_VERSION=v0.14.2

From 544519994ac356c5f506f48e68e624216fe98049 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 12:45:07 +0200
Subject: [PATCH 2081/3949] nextcloud - adjust TALK_HOST logic

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 0adc3fdc..50991106 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -623,6 +623,12 @@ fi
 
 # Talk
 if [ "$TALK_ENABLED" = 'yes' ]; then
+    set -x
+    if [ -z "$TALK_HOST" ] || echo "$TALK_HOST" | grep -q "nextcloud-.*-talk"; then
+        TALK_HOST="$NC_DOMAIN"
+        HPB_PATH="/standalone-signaling/"
+    fi
+    set +x
     if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
         php /var/www/html/occ app:install spreed
     elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -632,15 +638,15 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     fi
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$TALK_HOST:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
     STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
     if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
-        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:add "$TALK_HOST:$TALK_PORT"
         php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi
-    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
-        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then
+        php /var/www/html/occ talk:signaling:add "https://$TALK_HOST$HPB_PATH" "$SIGNALING_SECRET" --verify
     fi
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/spreed" ]; then

From 847b6b51582d2210591e43c1e2fcfa321f97ead4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Apr 2024 12:09:15 +0000
Subject: [PATCH 2082/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.22.1-alpine3.18 to 1.22.2-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b3285e0e..e477fe31 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.1-alpine3.18 as go
+FROM golang:1.22.2-alpine3.18 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From dc4a08ef7807ea9e9f6afbf9a05348fa677b00cf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 14:39:24 +0200
Subject: [PATCH 2083/3949] fix SC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 50991106..be057297 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -638,6 +638,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     fi
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
+        # shellcheck disable=SC2153
         php /var/www/html/occ talk:turn:add turn "$TALK_HOST:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
     STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"

From 0aa4f63244ac761489dc4a2197508548e214a4ff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Apr 2024 14:43:28 +0200
Subject: [PATCH 2084/3949] increase to 8.2.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a8d09147..c4ff2412 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.1.0</h1>
+        <h1>Nextcloud AIO v8.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 7f6cd8c4730b799c747ac5001e23cd1853c4bf16 Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Sun, 7 Apr 2024 15:55:08 -0700
Subject: [PATCH 2085/3949] feat: enable HEIC+TIFF without Imaginary

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
---
 Containers/nextcloud/Dockerfile | 4 ++++
 Containers/nextcloud/start.sh   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a382b521..ecf3cdc9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -44,6 +44,8 @@ RUN set -ex; \
         icu-dev \
         imagemagick-dev \
         imagemagick-svg \
+        imagemagick-heic \
+        imagemagick-tiff \
         libevent-dev \
         libjpeg-turbo-dev \
         libmcrypt-dev \
@@ -211,6 +213,8 @@ RUN set -ex; \
         bind-tools \
         imagemagick \
         imagemagick-svg \
+        imagemagick-heic \
+        imagemagick-tiff \
         coreutils; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index b4ca3519..108dbdcf 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -56,7 +56,7 @@ if [ -n "$ADDITIONAL_APKS" ]; then
     if ! [ -f "/additional-apks-are-installed" ]; then
         # Allow to disable imagemagick without having to download it each time
         if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
-            apk del imagemagick imagemagick-svg;
+            apk del imagemagick imagemagick-svg imagemagick-heic imagemagick-tiff;
         fi
         read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
         for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do

From 5dc079077b1aede7dcd307fd6956d4a192b24802 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 12:10:59 +0000
Subject: [PATCH 2086/3949] Bump clamav/clamav from 1.3.0-45 to 1.3.0-46 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-45 to 1.3.0-46.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 3b6fcb78..030a19b0 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-45
+FROM clamav/clamav:1.3.0-46
 
 COPY clamav.conf /tmp/clamav.conf
 

From a90bd4af723ae973f663152262b7d74647c74a2d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 12:30:24 +0000
Subject: [PATCH 2087/3949] Bump httpd in /Containers/apache

Bumps httpd from 2.4.58-alpine3.19 to 2.4.59-alpine3.19.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index a2b653cf..ca9eeac5 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM caddy:2.7.6-alpine as caddy
 
-FROM httpd:2.4.58-alpine3.19
+FROM httpd:2.4.59-alpine3.19
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From b8285379ba05ff2e126d7b739e57c6b21d8f5d76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Apr 2024 12:29:03 +0000
Subject: [PATCH 2088/3949] Bump haproxy in /Containers/docker-socket-proxy

Bumps haproxy from 2.9.6-alpine3.19 to 2.9.7-alpine3.19.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 2f2b23a8..26278cf8 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.6-alpine3.19
+FROM haproxy:2.9.7-alpine3.19
 
 # hadolint ignore=DL3002
 USER root

From d99d0240e043768377f8b5c2dcf2945cc103b151 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Apr 2024 11:52:18 +0200
Subject: [PATCH 2089/3949] nextcloud container - add exit to cronjob

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/cron.sh b/Containers/nextcloud/cron.sh
index 87f6bf7a..a8f6c522 100644
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -8,7 +8,7 @@ wait_for_cron() {
         sleep 5
     done
     echo "Cronjob successfully exited."
-    set +x
+    exit
 }
 
 trap wait_for_cron SIGINT SIGTERM

From 02a77f521314d715ee555c5fedfae63fb3364949 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 12:25:59 +0000
Subject: [PATCH 2090/3949] Bump python in /Containers/talk-recording

Bumps python from 3.12.2-alpine3.19 to 3.12.3-alpine3.19.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 41875ecb..b2c2d28b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.2-alpine3.19
+FROM python:3.12.3-alpine3.19
 
 COPY --chmod=775 start.sh /start.sh
 

From 2d8fb5a97e45334b20fc59f5e0b02c4f3e63573a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Apr 2024 16:47:00 +0200
Subject: [PATCH 2091/3949] cron.sh - remove set -eu

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/cron.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Containers/nextcloud/cron.sh b/Containers/nextcloud/cron.sh
index a8f6c522..0b888279 100644
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,6 +1,4 @@
 #!/bin/bash
-set -eu
-
 wait_for_cron() {
     set -x
     while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do

From ae67c815268251d311f985037ed3bc3f6cd900ca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Apr 2024 16:59:10 +0200
Subject: [PATCH 2092/3949] adjust order

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ecf3cdc9..9be9dfa3 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -10,12 +10,12 @@ ENV SOURCE_LOCATION /usr/src/nextcloud
 ENV NEXTCLOUD_VERSION 28.0.4
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
-COPY supervisord.conf /supervisord.conf
 # AIO settings end # Do not remove or change this line!
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
+COPY supervisord.conf /supervisord.conf
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html

From 6b0434e47b53d360506a5f056c8f5c638146c1f9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Apr 2024 10:07:03 +0200
Subject: [PATCH 2093/3949] improve the change domain documentation

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/readme.md b/readme.md
index 19f910b2..6a686949 100644
--- a/readme.md
+++ b/readme.md
@@ -323,6 +323,11 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, substitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
 If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
 
+Additionally, after restarting the containers, you need to open the admin settings and update some values manually that cannot be changed automatically. Here is a list of some known places:
+- `https://your-nc-domain.com/settings/admin/talk` for Turn/Stun server and Signaling Server if you enabled Talk via the AIO interface
+- `https://your-nc-domain.com/settings/admin/theming` for the theming URL
+- `https://your-nc-domain.com/settings/admin/app_api` for the deploy daemon if you enabled the App API via the AIO interface
+
 ### How to properly reset the instance?
 If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.
 

From 81c432a1a209c13d10d4b58f68051e4416880de6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Apr 2024 13:03:50 +0200
Subject: [PATCH 2094/3949] nextcloud - add turn_domain logic

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index be057297..cd636456 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -628,6 +628,9 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
         TALK_HOST="$NC_DOMAIN"
         HPB_PATH="/standalone-signaling/"
     fi
+    if [ -z "$TURN_DOMAIN" ]; then
+        TURN_DOMAIN="$TALK_HOST"
+    fi
     set +x
     if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
         php /var/www/html/occ app:install spreed
@@ -639,11 +642,11 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
         # shellcheck disable=SC2153
-        php /var/www/html/occ talk:turn:add turn "$TALK_HOST:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$TURN_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
     STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
     if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
-        php /var/www/html/occ talk:stun:add "$TALK_HOST:$TALK_PORT"
+        php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
         php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi
     if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then

From a5aedd2ba31becd93c44e1e748717f222d8f32df Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Apr 2024 13:27:44 +0200
Subject: [PATCH 2095/3949] nextcloud - add logic for BRUTEFORCE_PROTECTION

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index cd636456..44ed9acd 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -498,6 +498,14 @@ php /var/www/html/occ maintenance:update:htaccess
 # Revert dbpersistent setting to check if it fixes too many db connections
 php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
 
+if [ "$DISABLE_BRUTEFORCE_PROTECTION" = yes ]; then
+    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=false
+    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=false
+else
+    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=true
+    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=true
+fi
+
 # Disallow creating local external storages when nothing was mounted
 if [ -z "$NEXTCLOUD_MOUNT" ]; then
     php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false

From 577bac5253e0435a998227d86f1c5e113a9cd206 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Apr 2024 14:06:58 +0200
Subject: [PATCH 2096/3949] helm chart - allow to adjust
 TALK_MAX_SCREEN_BITRATE

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/start.sh                                    | 6 ++++++
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 4 +++-
 nextcloud-aio-helm-chart/update-helm.sh                     | 3 +++
 nextcloud-aio-helm-chart/values.yaml                        | 1 +
 5 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 76bfbb81..37d2682e 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -60,6 +60,10 @@ if [ -z "$TALK_MAX_STREAM_BITRATE" ]; then
     TALK_MAX_STREAM_BITRATE=1048576
 fi
 
+if [ -z "$TALK_MAX_SCREEN_BITRATE" ]; then
+    TALK_MAX_SCREEN_BITRATE=2097152
+fi
+
 # Signling
 cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
@@ -85,6 +89,7 @@ connectionsperhost = 8
 url = https://${NC_DOMAIN}
 secret = ${SIGNALING_SECRET}
 maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
+maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
 
 [nats]
 url = nats://127.0.0.1:4222
@@ -93,6 +98,7 @@ url = nats://127.0.0.1:4222
 type = janus
 url = ws://127.0.0.1:8188
 maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
+maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
 SIGNALING_CONF
 
 exec "$@"
diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index eef44781..d74edcea 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.0-dev
+version: 8.2.0-dev2
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 75db22fd..9b8651c1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -27,7 +27,9 @@ spec:
         - env:
             - name: TALK_MAX_STREAM_BITRATE
               value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
-            - name: INTERNAL_SECRET
+            - name: TALK_MAX_STREAM_BITRATE
+              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
+            - name: TALK_MAX_SCREEN_BITRATE
               value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index c1719ef2..22098412 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -304,6 +304,8 @@ find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additio
 cat << EOL > /tmp/additional-talk.config
             - name: TALK_MAX_STREAM_BITRATE
               value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
+            - name: TALK_MAX_SCREEN_BITRATE
+              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
@@ -365,6 +367,7 @@ SMTP_PASSWORD:         # (empty by default): The password for the authentication
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
+TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f554d9b8..58276b24 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -62,6 +62,7 @@ SMTP_PASSWORD:         # (empty by default): The password for the authentication
 MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
+TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.

From 0d26a81f0e7ae32977fd3cfc69884ec3a72083ea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Apr 2024 11:11:23 +0200
Subject: [PATCH 2097/3949] also chown the supervisord logs and run dirs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9be9dfa3..ff96b980 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -198,6 +198,8 @@ RUN set -ex; \
     /var/log/supervisord \
     /var/run/supervisord \
     ; \
+    chown www-data:root -R /var/log/supervisord; \
+    chown www-data:root -R /var/run/supervisord; \
     \
     apk add --no-cache \
         bash \

From 6768013945e8c2418fa6c1fc79384a56377074ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 12:23:12 +0000
Subject: [PATCH 2098/3949] Bump nats from 2.10.12-scratch to 2.10.14-scratch
 in /Containers/talk

Bumps nats from 2.10.12-scratch to 2.10.14-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 3ad643fb..304c9555 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.12-scratch as nats
+FROM nats:2.10.14-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
 FROM alpine:3.19.1 as janus

From 5129ec03a3a8c5b0620e52ce7b9d4933649d20e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 12:27:06 +0000
Subject: [PATCH 2099/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.3.4-fpm-alpine3.19 to 8.3.6-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ea48c16f..854cab9e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:25.0.5-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.4-fpm-alpine3.19
+FROM php:8.3.6-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

From a2342f02f9dcb86c45e83cd139a8b427dec22d21 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 12:39:36 +0000
Subject: [PATCH 2100/3949] Bump php in /Containers/nextcloud

Bumps php from 8.2.17-fpm-alpine3.19 to 8.2.18-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ff96b980..76f1e159 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.17-fpm-alpine3.19
+FROM php:8.2.18-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 7e9b130781e66da5945032a204826c8740de166b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 12:49:43 +0000
Subject: [PATCH 2101/3949] Bump azure/setup-helm from 3.5 to 4

Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.5 to 4.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](https://github.com/azure/setup-helm/compare/v3.5...v4)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 .github/workflows/lint-helm.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 68a17875..c6c93cae 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -32,7 +32,7 @@ jobs:
 
       # See https://github.com/helm/chart-releaser-action/issues/6
       - name: Set up Helm
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           version: v3.6.3
 
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 96374721..41779d5c 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           version: v3.11.1
 

From 3010ccd0d445a65a2a0a5785f8cbff775d07609a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Apr 2024 12:35:53 +0000
Subject: [PATCH 2102/3949] Bump docker from 25.0.5-cli to 26.0.1-cli in
 /Containers/mastercontainer

Bumps docker from 25.0.5-cli to 26.0.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 854cab9e..fbd022b1 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:25.0.5-cli as docker
+FROM docker:26.0.1-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From c871e3f8af6e13944408619da060b2ccc61e39f7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Apr 2024 12:57:41 +0000
Subject: [PATCH 2103/3949] Bump clamav/clamav from 1.3.0-46 to 1.3.0-47 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-46 to 1.3.0-47.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 030a19b0..d10da1ea 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-46
+FROM clamav/clamav:1.3.0-47
 
 COPY clamav.conf /tmp/clamav.conf
 

From c0ab585c088081fe0839e6d2a08babac009a7456 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 15 Apr 2024 15:12:20 +0200
Subject: [PATCH 2104/3949] aio interface - show upgrade hint for 29

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/templates/containers.twig           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 06bc52a9..64285e05 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -173,7 +173,7 @@ class DockerController
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 28;
+            $installLatestMajor = 29;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c4ff2412..a3fd4162 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -28,7 +28,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 29 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -292,7 +292,7 @@
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
                                 <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
-                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2692">this documentation</a></b><br/>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></b><br/>
                                 </details><br>
                             {% endif %}
                         {% endif %}

From c6710187980a3a115646d41e44cf7c1b20c7d47c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 17 Apr 2024 17:52:42 +0200
Subject: [PATCH 2105/3949] close #4491

Signed-off-by: Zoey <zoey@z0ey.de>
---
 .gitattributes                            | 1 +
 Containers/apache/Dockerfile              | 1 +
 Containers/borgbackup/Dockerfile          | 1 +
 Containers/clamav/Dockerfile              | 1 +
 Containers/collabora/Dockerfile           | 3 ++-
 Containers/docker-socket-proxy/Dockerfile | 1 +
 Containers/domaincheck/Dockerfile         | 1 +
 Containers/fulltextsearch/Dockerfile      | 4 +++-
 Containers/imaginary/Dockerfile           | 3 ++-
 Containers/mastercontainer/Dockerfile     | 1 +
 Containers/nextcloud/Dockerfile           | 1 +
 Containers/notify-push/Dockerfile         | 1 +
 Containers/postgresql/Dockerfile          | 1 +
 Containers/redis/Dockerfile               | 1 +
 Containers/talk-recording/Dockerfile      | 1 +
 Containers/talk/Dockerfile                | 1 +
 Containers/watchtower/Dockerfile          | 4 +++-
 17 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..176a458f
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text=auto
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ca9eeac5..d268ef90 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -14,6 +14,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 VOLUME /mnt/data
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index c2ffce90..0f5cb3d0 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -3,6 +3,7 @@ FROM alpine:3.19.1
 
 RUN set -ex; \
     \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         util-linux-misc \
         bash \
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d10da1ea..5afc2d02 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -5,6 +5,7 @@ FROM clamav/clamav:1.3.0-47
 COPY clamav.conf /tmp/clamav.conf
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache tzdata; \
     cat /tmp/clamav.conf >> /etc/clamav/clamd.conf; \
     rm /tmp/clamav.conf; \
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 9069429b..e69d8dbd 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -3,12 +3,13 @@
 FROM collabora/code:23.05.10.1.1
 
 USER root
+ARG DEBIAN_FRONTEND noninteractive
 
 # hadolint ignore=DL3008
 RUN set -ex; \
     \
     apt-get update; \
-    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get upgrade -y; \
     apt-get install -y --no-install-recommends \
         tzdata \
         netcat-openbsd \
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 26278cf8..ed163191 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -5,6 +5,7 @@ FROM haproxy:2.9.7-alpine3.19
 USER root
 ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         ca-certificates \
         tzdata \
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 5f695bc9..82aad6b5 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,6 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM alpine:3.19.1
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
     rm -rf /etc/lighttpd/lighttpd.conf; \
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 3beeedfe..8355fd20 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -4,11 +4,13 @@ FROM elasticsearch:8.13.0
 
 USER root
 
+ARG DEBIAN_FRONTEND noninteractive
+
 # hadolint ignore=DL3008
 RUN set -ex; \
     \
-    export DEBIAN_FRONTEND=noninteractive; \
     apt-get update; \
+    apt-get upgrade -y; \
     apt-get install -y --no-install-recommends \
         tzdata \
     ; \
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e477fe31..02d4e0ed 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.2-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -15,6 +15,7 @@ RUN set -ex; \
 
 FROM alpine:3.18.6
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         tzdata \
         ca-certificates \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index fbd022b1..3d141283 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -19,6 +19,7 @@ WORKDIR /var/www/docker-aio
 
 # hadolint ignore=SC2086,DL3047,DL3003,DL3004
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 76f1e159..08485b8e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -23,6 +23,7 @@ VOLUME /var/www/html
 # Custom: change id of www-data user as it needs to be the same like on old installations
 # hadolint ignore=SC2086,DL3003
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
     deluser www-data; \
     groupmod -g 333 xfs; \
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 48a37741..5bd7a4ee 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -5,6 +5,7 @@ COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         ca-certificates \
         netcat-openbsd \
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 939ca008..bbb8d302 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -7,6 +7,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         bash \
         openssl \
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index e184ba40..62f18b41 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -5,6 +5,7 @@ FROM redis:7.2.4-alpine
 COPY --chmod=775 start.sh /start.sh
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache openssl bash; \
     \
 # Give root a random password
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index b2c2d28b..fb6ba6e3 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -10,6 +10,7 @@ ENV SKIP_VERIFY false
 ENV HPB_PATH /standalone-signaling/
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         ca-certificates \
         tzdata \
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 304c9555..91e2b179 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -46,6 +46,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         ca-certificates \
         tzdata \
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index d098f748..f7ba3ddc 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -4,7 +4,9 @@ FROM containrrr/watchtower:1.7.1 as watchtower
 
 FROM alpine:3.19.1
 
-RUN apk add --no-cache bash
+RUN apk upgrade --no-cache -a; \
+    apk add --no-cache bash
+
 COPY --from=watchtower /watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh

From 1ee74f1d42f69ad4831b6b7ebaa5dabe24332d86 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 17 Apr 2024 18:01:12 +0200
Subject: [PATCH 2106/3949] trust IP of docker network gateway

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 44ed9acd..0fc9ccb2 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -537,8 +537,10 @@ fi
 chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+# IP of docker network gateway
+php /var/www/html/occ config:system:set trusted_proxies 2 --value="$(ip r | grep default | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.1")"
 if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+    php /var/www/html/occ config:system:set trusted_proxies 3 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
 if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
     php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"

From d976ac2c66ca177b9baf28c31935803618bfcb89 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Apr 2024 12:08:51 +0000
Subject: [PATCH 2107/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index f111306c..69ccfa7c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1710,30 +1710,37 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.8.0",
+            "version": "v3.9.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
+                "reference": "a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
-                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58",
+                "reference": "a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.2.5",
+                "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
                 "symfony/polyfill-mbstring": "^1.3",
                 "symfony/polyfill-php80": "^1.22"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
+                "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0"
             },
             "type": "library",
             "autoload": {
+                "files": [
+                    "src/Resources/core.php",
+                    "src/Resources/debug.php",
+                    "src/Resources/escaper.php",
+                    "src/Resources/string_loader.php"
+                ],
                 "psr-4": {
                     "Twig\\": "src/"
                 }
@@ -1766,7 +1773,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.9.3"
             },
             "funding": [
                 {
@@ -1778,7 +1785,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-11-21T18:54:41+00:00"
+            "time": "2024-04-18T11:59:33+00:00"
         }
     ],
     "packages-dev": [],

From 90b0edd95b39dd21ef0bbfc336989eb55d56438b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Apr 2024 12:08:12 +0000
Subject: [PATCH 2108/3949] Bump clamav/clamav from 1.3.0-47 to 1.3.1-49 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.0-47 to 1.3.1-49.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d10da1ea..0603c76a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-47
+FROM clamav/clamav:1.3.1-49
 
 COPY clamav.conf /tmp/clamav.conf
 

From a01156d90c24ebc269b5ffa31b657f9d208dcfbe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Apr 2024 12:13:48 +0000
Subject: [PATCH 2109/3949] Bump docker from 26.0.1-cli to 26.0.2-cli in
 /Containers/mastercontainer

Bumps docker from 26.0.1-cli to 26.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index fbd022b1..7ce7713b 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.0.1-cli as docker
+FROM docker:26.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 35b098cf02961a6c38db36639d2ba099bca5ecee Mon Sep 17 00:00:00 2001
From: Andrey Borysenko <andrey18106x@gmail.com>
Date: Tue, 23 Apr 2024 09:28:05 +0300
Subject: [PATCH 2110/3949] allow logs endpoint in haproxy.cfg for
 docker-socket-proxy

Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 9a31f2f7..66a0c594 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -16,6 +16,8 @@ frontend http
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
+    # container inspect: GET containers/%s/logs
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET
     # container start/stop: POST containers/%s/start containers/%s/stop
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
     # container rm: DELETE containers/%s

From 283584fe00ff3d95f629ab37ed49079349d420a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Apr 2024 12:43:13 +0000
Subject: [PATCH 2111/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 23.05.10.1.1 to 24.04.1.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 9069429b..5818a97f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.10.1.1
+FROM collabora/code:24.04.1.3.1
 
 USER root
 

From 22d88a97f904d8f0490276a2dd2026250bc3f910 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 24 Apr 2024 10:15:02 +0000
Subject: [PATCH 2112/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                        | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml           | 7 +++----
 .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +-
 13 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index d74edcea..11973ed5 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.0-dev2
+version: 8.2.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index e43add5e..af9b024e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -65,7 +65,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240424_101241-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d843a61f..456116ff 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240424_101241-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 3a45a1f1..717a69c8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240424_101241-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 9c0cc6a0..8f01b58c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -71,7 +71,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240424_101241-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index c6e4ea2f..1360cc61 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240424_101241-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 04f07cd3..e033bdbf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -29,7 +29,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240424_101241-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index ecc2f30d..dc080069 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -170,7 +170,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240424_101241-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index a479f5af..fd9912d1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240424_101241-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c12e6857..14b5640f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -49,7 +49,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240424_101241-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 6ea4810e..e12a9997 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240424_101241-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9b8651c1..cd762064 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -27,9 +27,9 @@ spec:
         - env:
             - name: TALK_MAX_STREAM_BITRATE
               value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
-            - name: TALK_MAX_STREAM_BITRATE
-              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
             - name: TALK_MAX_SCREEN_BITRATE
+              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
+            - name: INTERNAL_SECRET
               value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
@@ -41,8 +41,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:develop"
-          imagePullPolicy: Always
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240424_101241-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 5d48cdb5..c897bc9e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240404_082330-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240424_101241-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From d2028048e9745741f31a25c890aad95270f21181 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 24 Apr 2024 12:03:04 +0000
Subject: [PATCH 2113/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 02d4e0ed..5446c76f 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.2-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 17ce7cc2b14fb460134adf525ae9fd4b4c5ac1d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Apr 2024 12:57:47 +0000
Subject: [PATCH 2114/3949] Bump docker from 26.0.2-cli to 26.1.0-cli in
 /Containers/mastercontainer

Bumps docker from 26.0.2-cli to 26.1.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 963491e3..8e46c2dc 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.0.2-cli as docker
+FROM docker:26.1.0-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From e0e1143b9c2594978026a56548b009fe4a9656a2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 25 Apr 2024 11:26:29 +0000
Subject: [PATCH 2115/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 08485b8e..817dfb8a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.4
+ENV NEXTCLOUD_VERSION 28.0.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 # AIO settings end # Do not remove or change this line!

From fe947707b012b13f88c072e3656238ca4b0080eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Apr 2024 12:27:50 +0000
Subject: [PATCH 2116/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 24.04.1.3.1 to 24.04.1.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 569e2ae7..efd2b728 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.1.3.1
+FROM collabora/code:24.04.1.4.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive

From 1168c749b0669c4e2e34cab5bd93ff9736ba2e04 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 25 Apr 2024 16:33:41 +0200
Subject: [PATCH 2117/3949] Revert "apache - drop SetEnv proxy-sendcl 1"

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 728d19dc..2304aa9a 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -40,6 +40,10 @@ Listen 8000
         Require all denied
     </Files>
 
+    # Fix zero file sizes 
+    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
+    SetEnv proxy-sendcl 1
+
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
     LimitRequestBody ${APACHE_MAX_SIZE}
 

From 03792a5661f74766e8a2852e1b6a8c5fb603a640 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 25 Apr 2024 16:51:33 +0200
Subject: [PATCH 2118/3949] use the same logic like in apache

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 0fc9ccb2..28fcf02f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -537,11 +537,17 @@ fi
 chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
-# IP of docker network gateway
-php /var/www/html/occ config:system:set trusted_proxies 2 --value="$(ip r | grep default | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.1")"
 if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-    php /var/www/html/occ config:system:set trusted_proxies 3 --value="$ADDITIONAL_TRUSTED_PROXY"
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
+
+# Get ipv4-address of Nextcloud 
+IPv4_ADDRESS="$(dig nextcloud-aio-nextcloud A +short +search | head -1)" 
+# Bring it in CIDR notation 
+# shellcheck disable=SC2001
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')" 
+php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
+
 if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
     php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
 fi

From f3ad24d9322cb0943dfeb31f6e3bb5298754e349 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 25 Apr 2024 16:56:11 +0200
Subject: [PATCH 2119/3949] increase to 8.2.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a3fd4162..4249cb2e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.2.0</h1>
+        <h1>Nextcloud AIO v8.2.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f8cc35cce92cfeeec492777184627740064e340f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Apr 2024 11:01:34 +0200
Subject: [PATCH 2120/3949] adjust the compose file to use `:` instead of `=`

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 compose.yaml | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index bb2cf729..a401b1d7 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -12,28 +12,27 @@ services:
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
-      # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+      # - AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      # - APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
-      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
-      # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
-      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
-      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
-      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
-      # - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
-      # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+      # - NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # - NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # - NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # - NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # - NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # - NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      # - TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+      # - WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
       # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
-    # # Uncomment the following line when using SELinux
-    # security_opt: ["label:disable"]
+    # security_opt: ["label:disable"] # Is needed when using SELinux
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

From 9347144a1951407b6f8ee038de92c96a76b50270 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Apr 2024 12:02:03 +0200
Subject: [PATCH 2121/3949] improve UX and UI

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/style.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/public/style.css b/php/public/style.css
index f34b20bf..7f86decb 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -6,6 +6,7 @@ html, body {
 
 a {
     text-decoration: none;
+    color: #0082c9;
 }
 
 .button {

From be089e132f9900467197d18effec9addb8a8f65a Mon Sep 17 00:00:00 2001
From: Zakmaf <100925791+Zakmaf@users.noreply.github.com>
Date: Fri, 26 Apr 2024 14:02:50 +0100
Subject: [PATCH 2122/3949] Update compose.yaml

Correcting the mix of two syntaxes in environment variables

Signed-off-by: Zakmaf <100925791+Zakmaf@users.noreply.github.com>
---
 compose.yaml | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index a401b1d7..e886db33 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -12,24 +12,24 @@ services:
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
-      # - AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # - APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
-      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
-      # - NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
-      # - NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
-      # - NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
-      # - NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
-      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # - NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
-      # - NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
-      # - TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
-      # - WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
       # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
     # security_opt: ["label:disable"] # Is needed when using SELinux

From 689fa2a69b65b2300b19628930b848e85f94887b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 26 Apr 2024 23:18:50 +0200
Subject: [PATCH 2123/3949] nginx config should also work for freenginx and
 openresty

freenginx is a fork of nginx
and openresty is nginx with some patches + some modules and lua support

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ffc0ea10..1b07cd78 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -301,7 +301,7 @@ backend Nextcloud
 
 </details>
 
-### Nginx
+### freenginx/nginx/openresty
 
 <details>
 

From 1edcf9ed5bf5fafea45a33eb743756d839f61b81 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 29 Apr 2024 13:22:17 +0200
Subject: [PATCH 2124/3949] Update reverse-proxy.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1b07cd78..8003be5e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -301,7 +301,7 @@ backend Nextcloud
 
 </details>
 
-### freenginx/nginx/openresty
+### Nginx, Freenginx, Openresty
 
 <details>
 

From 07a8367181135e00de58ba88a2b0a679dbd36ab5 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Tue, 30 Apr 2024 12:05:57 +0200
Subject: [PATCH 2125/3949] LLDAP - Update ReadMe (#4571)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/lldap/readme.md | 141 ++++++++++++++++-----------
 1 file changed, 82 insertions(+), 59 deletions(-)

diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index 03f81cdf..27934d28 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -1,68 +1,91 @@
 ## Light LDAP server
-This container bundles LLDAP server and auto-configures your nextcloud instance for you.
+This container bundles LLDAP server and auto-configures your Nextcloud instance for you.
 
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
-- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
-- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)<br>
-    First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste.
-    ```bash
-    # Now go into the container
-    sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
-    ```
-    Now inside the container:
-    ```bash
-    # Get Base
-    BASE_DN="dc=${NC_DOMAIN//./,dc=}"
-    
-    # Create a new empty ldap config
-    CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
-  
-    # Set the ldap password
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "<your-password>"
-
-    # Set the ldap config
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName                "uid=ro_admin,ou=people,$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase                     "$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups               "$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers                "$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL                 600
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive      1
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute           "mail"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin         0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber                "gidNumber"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName         "cn"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter              "(&(objectclass=groupOfUniqueNames))"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups        ""
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode          0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass   "groupOfUniqueNames"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr     "uniqueMember"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost                     "nextcloud-aio-lldap"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes    "uid"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail         0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername      1
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups             0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize               500
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort                     3890
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS                      0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule           "default"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName          "displayname"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter               "(&(objectClass=person)(uid=%uid))"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode           1
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass    "person"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute       "auto"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute        "auto"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange         0
-
-    # Test the ldap config
-    php /var/www/html/occ ldap:test-config "$NAME"
-  
-    # Exit the container shell
-    exit
-    ```
+- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- To configure Nextcloud, you can use the generic configuration proposed below.
+- For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
+- Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
+### Generic Nextcloud LDAP config
+Functionality with this configuration:
+- User and group management.
+- Login via username (or email) and password.
+- Profile picture sync.
+- Synchronization of administrator accounts (via the lldap_admin group).
+
+> For simplicity, this configuration is done via the command line (don't worry, it's very simple).
+
+First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:
+```bash
+sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
+```
+
+Now go into the Nextcloud container:
+```bash
+sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
+```
+Now inside the container:
+```bash
+# Get Base
+BASE_DN="dc=${NC_DOMAIN//./,dc=}"
+
+# Create a new empty ldap config
+CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
+
+# Check that the base DN matches your domain and retrieve your configuration name
+echo "Base DN: '$BASE_DN', Config name: '$CONF_NAME'"
+
+# Set the ldap password
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentPassword "<your-password>"
+
+# Set the ldap config: Host and connection
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAdminGroup       lldap_admin
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentName        "cn=admin,ou=people,$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBase             "$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapHost             "ldap://nextcloud-aio-lldap"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapPort             3890
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapTLS              0
+php /var/www/html/occ ldap:set-config $CONF_NAME turnOnPasswordChange 0
+
+# Set the ldap config: Users
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseUsers             "ou=people,$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapEmailAttribute        mail
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGidNumber             gidNumber
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilter           "(&(|(objectclass=person))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterEmail      1
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterUsername   1
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserAvatarRule        default
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserDisplayName       cn
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilter            "(|(objectclass=person))"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterMode        0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterObjectclass person
+
+# Set the ldap config: Groups
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseGroups                "ou=groups,$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupDisplayName          cn
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilter               "(&(|(objectclass=groupOfUniqueNames)))"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterMode           0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterObjectclass    groupOfUniqueNames
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupMemberAssocAttr      uniqueMember
+php /var/www/html/occ ldap:set-config $CONF_NAME useMemberOfToDetectMembership 1
+
+# Optional : Check the configuration
+#php /var/www/html/occ ldap:show-config $CONF_NAME
+
+# Test the ldap config
+php /var/www/html/occ ldap:test-config $CONF_NAME
+
+# Enable ldap config
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapConfigurationActive 1
+
+# Exit the container shell
+exit
+```
+It's done ! All you have to do is go to the Nextcloud administration interface to see the magic of LDAP.
+
 ### Repository
 https://github.com/lldap/lldap
 

From a8104183aa7d726021f6dd746790eac7d31222f8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 2 May 2024 10:48:01 +0000
Subject: [PATCH 2126/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml             | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-clamav-service.yaml             | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-collabora-service.yaml          | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-database-service.yaml           | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-fulltextsearch-service.yaml     | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml          | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-nextcloud-service.yaml          | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml        | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 6 +++---
 .../templates/nextcloud-aio-onlyoffice-service.yaml         | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml           | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 6 +++---
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml     | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml               | 4 ++--
 25 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 11973ed5..e7245a00 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.0
+version: 8.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index af9b024e..f60ce0c1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -19,7 +19,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
@@ -65,7 +65,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240502_104630-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index df54d903..52eaa9e2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 456116ff..121f76cb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -20,7 +20,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
@@ -60,7 +60,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240502_104630-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 91f71af2..ec83fa7d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 717a69c8..3416492d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240502_104630-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index ecdc035b..2f4a318d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8f01b58c..630c9130 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -19,7 +19,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
@@ -71,7 +71,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240502_104630-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index 772324e6..e5e6593c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 1360cc61..8e674c63 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -20,7 +20,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
@@ -61,7 +61,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240502_104630-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index c3b49c2e..76cd53b0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index e033bdbf..f5f571f1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
@@ -29,7 +29,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240502_104630-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 9bae54ad..e83fccab 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index dc080069..e9a3387c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -19,7 +19,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
@@ -170,7 +170,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240502_104630-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 9f0a1fa6..c609bbac 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fd9912d1..baef75a3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -19,7 +19,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-notify-push
@@ -56,7 +56,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240502_104630-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 1f428dc2..da7d7bc7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 14b5640f..82185e57 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -20,7 +20,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
@@ -49,7 +49,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240502_104630-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index be51a6c5..fea08092 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index e12a9997..684c9cdf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -19,7 +19,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240502_104630-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index c669581f..df81767d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index cd762064..0006e4f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
@@ -41,7 +41,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240502_104630-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c897bc9e..823f5dba 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.32.0 (765fde254)
+        kompose.version: 1.33.0 (3ce457399)
       labels:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk-recording
@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240424_101241-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240502_104630-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 2778a3ee..e5b1bea6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 03b0e0a8..99af734e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -5,7 +5,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -30,7 +30,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.32.0 (765fde254)
+    kompose.version: 1.33.0 (3ce457399)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk

From b9c57dc8d9c76b03db76e5c9e48a5fa2264e40ca Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 3 May 2024 04:09:51 +0000
Subject: [PATCH 2127/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 2771cd06..b5d05c78 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.23.1@8471a896ccea3526b26d082f4461eeea467f10a4"/>
+<files psalm-version="5.24.0@462c80e31c34e58cc4f750c656be3927e80e550e"/>

From 11de79bea4d1829bc2adb8f0c0af61464f40300e Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Fri, 3 May 2024 08:27:33 -0700
Subject: [PATCH 2128/3949] fix(entrypoint): system config value types

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
---
 Containers/nextcloud/entrypoint.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 28fcf02f..37d24eb8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -290,19 +290,19 @@ DATADIR_PERMISSION_CONF
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value=2
-            php /var/www/html/occ config:system:set log_type --value=file
+            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            php /var/www/html/occ config:system:set log_type --value="file"
             php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
-            php /var/www/html/occ config:system:set log_rotate_size --value="10485760"
+            php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer
             php /var/www/html/occ app:enable admin_audit
             php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
             php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"
 
             # Apply preview settings
             echo "Applying preview settings..."
-            php /var/www/html/occ config:system:set preview_max_x --value="2048"
-            php /var/www/html/occ config:system:set preview_max_y --value="2048"
-            php /var/www/html/occ config:system:set jpeg_quality --value="60"
+            php /var/www/html/occ config:system:set preview_max_x --value="2048" --type=integer
+            php /var/www/html/occ config:system:set preview_max_y --value="2048" --type=integer
+            php /var/www/html/occ config:system:set jpeg_quality --value="60" --type=integer
             php /var/www/html/occ config:app:set preview jpeg_quality --value="60"
             php /var/www/html/occ config:system:delete enabledPreviewProviders
             php /var/www/html/occ config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\Image"
@@ -322,7 +322,7 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set mail_smtpmode --value="smtp"
             php /var/www/html/occ config:system:set trashbin_retention_obligation --value="auto, 30"
             php /var/www/html/occ config:system:set versions_retention_obligation --value="auto, 30"
-            php /var/www/html/occ config:system:set activity_expire_days --value="30"
+            php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer
             php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false
             php /var/www/html/occ config:system:set share_folder --value="/Shared"
             # Not needed anymore with the removal of the updatenotification app:

From c364d072ab97d23a337b7dc1fc2f872e82036b0a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 May 2024 12:36:32 +0000
Subject: [PATCH 2129/3949] Bump golang in /Containers/imaginary

Bumps golang from 1.22.2-alpine3.18 to 1.22.3-alpine3.18.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 5446c76f..5f2f5f38 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.2-alpine3.18 as go
+FROM golang:1.22.3-alpine3.18 as go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From e82191370b6694ee23e379c4f63bc5484570de4b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 12:27:54 +0000
Subject: [PATCH 2130/3949] Bump postgres from 15.6-alpine to 15.7-alpine in
 /Containers/postgresql

Bumps postgres from 15.6-alpine to 15.7-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index bbb8d302..bfce1750 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.6-alpine
+FROM postgres:15.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From ee15249e1b181d248ac9a1728241860b6c696379 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 12:36:15 +0000
Subject: [PATCH 2131/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 24.04.1.4.1 to 24.04.2.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index efd2b728..8b691c4d 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.1.4.1
+FROM collabora/code:24.04.2.1.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive

From e2f5b50e375fc34c0477819fef5f43616641616d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 12:51:01 +0000
Subject: [PATCH 2132/3949] Bump docker from 26.1.0-cli to 26.1.2-cli in
 /Containers/mastercontainer

Bumps docker from 26.1.0-cli to 26.1.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8e46c2dc..e0e81a67 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.0-cli as docker
+FROM docker:26.1.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 92bbf20d6b03c932d753e2c8bd8d0e52f7cf3e4a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 12:57:32 +0000
Subject: [PATCH 2133/3949] Bump elasticsearch from 8.13.0 to 8.13.4 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.13.0 to 8.13.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8355fd20..512d4eb6 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.13.0
+FROM elasticsearch:8.13.4
 
 USER root
 

From a5ed5c43fed132e3f160f5dce4523771122e1969 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 12 May 2024 12:02:00 +0000
Subject: [PATCH 2134/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 68 +++++++++++++++++++++++------------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 69ccfa7c..1acd6569 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -775,20 +775,20 @@
         },
         {
             "name": "psr/http-factory",
-            "version": "1.0.2",
+            "version": "1.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-factory.git",
-                "reference": "e616d01114759c4c489f93b099585439f795fe35"
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/e616d01114759c4c489f93b099585439f795fe35",
-                "reference": "e616d01114759c4c489f93b099585439f795fe35",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.0.0",
+                "php": ">=7.1",
                 "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
@@ -812,7 +812,7 @@
                     "homepage": "https://www.php-fig.org/"
                 }
             ],
-            "description": "Common interfaces for PSR-7 HTTP message factories",
+            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
             "keywords": [
                 "factory",
                 "http",
@@ -824,9 +824,9 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-factory/tree/1.0.2"
+                "source": "https://github.com/php-fig/http-factory"
             },
-            "time": "2023-04-10T20:10:41+00:00"
+            "time": "2024-04-15T12:06:14+00:00"
         },
         {
             "name": "psr/http-message",
@@ -1263,31 +1263,31 @@
         },
         {
             "name": "slim/twig-view",
-            "version": "3.3.0",
+            "version": "3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Twig-View.git",
-                "reference": "df6dd6af6bbe28041be49c9fb8470c2e9b70cd98"
+                "reference": "1b351536b9a07ed90a3563ee9d71a987c5d74610"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Twig-View/zipball/df6dd6af6bbe28041be49c9fb8470c2e9b70cd98",
-                "reference": "df6dd6af6bbe28041be49c9fb8470c2e9b70cd98",
+                "url": "https://api.github.com/repos/slimphp/Twig-View/zipball/1b351536b9a07ed90a3563ee9d71a987c5d74610",
+                "reference": "1b351536b9a07ed90a3563ee9d71a987c5d74610",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0",
-                "psr/http-message": "^1.0",
-                "slim/slim": "^4.9",
-                "symfony/polyfill-php81": "^1.23",
-                "twig/twig": "^3.3"
+                "psr/http-message": "^1.1 || ^2.0",
+                "slim/slim": "^4.12",
+                "symfony/polyfill-php81": "^1.29",
+                "twig/twig": "^3.8"
             },
             "require-dev": {
                 "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^1.3.0",
-                "phpunit/phpunit": "^9.5",
+                "phpstan/phpstan": "^1.10.59",
+                "phpunit/phpunit": "^9.6",
                 "psr/http-factory": "^1.0",
-                "squizlabs/php_codesniffer": "^3.6"
+                "squizlabs/php_codesniffer": "^3.9"
             },
             "type": "library",
             "autoload": {
@@ -1322,22 +1322,22 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Twig-View/issues",
-                "source": "https://github.com/slimphp/Twig-View/tree/3.3.0"
+                "source": "https://github.com/slimphp/Twig-View/tree/3.4.0"
             },
-            "time": "2022-01-02T05:14:45+00:00"
+            "time": "2024-04-28T20:36:39+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.4.0",
+            "version": "v3.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf"
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/7c3aff79d10325257a001fcf92d991f24fc967cf",
-                "reference": "7c3aff79d10325257a001fcf92d991f24fc967cf",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
                 "shasum": ""
             },
             "require": {
@@ -1346,7 +1346,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.4-dev"
+                    "dev-main": "3.5-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1375,7 +1375,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.0"
             },
             "funding": [
                 {
@@ -1391,7 +1391,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-23T14:45:45+00:00"
+            "time": "2024-04-18T09:32:20+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -1710,16 +1710,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.9.3",
+            "version": "v3.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58"
+                "reference": "3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58",
-                "reference": "a842d75fed59cdbcbd3a3ad7fb9eb768fc350d58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7",
+                "reference": "3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7",
                 "shasum": ""
             },
             "require": {
@@ -1773,7 +1773,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.9.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.10.1"
             },
             "funding": [
                 {
@@ -1785,7 +1785,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-04-18T11:59:33+00:00"
+            "time": "2024-05-12T06:16:18+00:00"
         }
     ],
     "packages-dev": [],

From 3b3bb3a161ac2ed61ad17cf390e036b1b101f856 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 12:06:04 +0000
Subject: [PATCH 2135/3949] Bump clamav/clamav from 1.3.1-49 to 1.3.1-51 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-49 to 1.3.1-51.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 4ea19742..ddd1184f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-49
+FROM clamav/clamav:1.3.1-51
 
 COPY clamav.conf /tmp/clamav.conf
 

From c916d80a7509be3fdc09790e3fca2234cc29e546 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 12:07:45 +0000
Subject: [PATCH 2136/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.3.6-fpm-alpine3.19 to 8.3.7-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 8e46c2dc..7d446759 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:26.1.0-cli as docker
 FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.6-fpm-alpine3.19
+FROM php:8.3.7-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

From 314cd10607613adbb92737887d5d3cbe70be79e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 12:18:21 +0000
Subject: [PATCH 2137/3949] Bump php in /Containers/nextcloud

Bumps php from 8.2.18-fpm-alpine3.19 to 8.2.19-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 817dfb8a..0f444f35 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.18-fpm-alpine3.19
+FROM php:8.2.19-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 3c91fa84e3f837ae1e8de6ee5136af62ddb4d83a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 13 May 2024 18:07:40 +0200
Subject: [PATCH 2138/3949] fix all places

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Auth/AuthManager.php            | 2 +-
 php/src/Controller/DockerController.php | 2 +-
 php/src/Data/ConfigurationManager.php   | 2 +-
 php/src/Docker/DockerActionManager.php  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index 88bdab10..a4bc96b6 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -7,7 +7,7 @@ use AIO\Data\DataConst;
 use \DateTime;
 
 class AuthManager {
-    private const SESSION_KEY = 'aio_authenticated';
+    private const string SESSION_KEY = 'aio_authenticated';
     private ConfigurationManager $configurationManager;
 
     public function __construct(ConfigurationManager $configurationManager) {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 64285e05..6d55bc94 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -13,7 +13,7 @@ class DockerController
 {
     private DockerActionManager $dockerActionManager;
     private ContainerDefinitionFetcher $containerDefinitionFetcher;
-    private const TOP_CONTAINER = 'nextcloud-aio-apache';
+    private const string TOP_CONTAINER = 'nextcloud-aio-apache';
     private ConfigurationManager $configurationManager;
 
     public function __construct(
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a4693330..69e9bc6e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -305,7 +305,7 @@ class ConfigurationManager
 
             if (empty($dnsRecordIP)) {
                 $record = dns_get_record($domain, DNS_AAAA);
-                if (!empty($record[0]['ipv6'])) {
+                if (isset($record[0]['ipv6']) && !empty($record[0]['ipv6'])) {
                     $dnsRecordIP = $record[0]['ipv6'];
                 }
             }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5b65f4b0..4e56e5f0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -19,7 +19,7 @@ use http\Env\Response;
 
 class DockerActionManager
 {
-    private const API_VERSION = 'v1.41';
+    private const string API_VERSION = 'v1.41';
     private \GuzzleHttp\Client $guzzleClient;
     private ConfigurationManager $configurationManager;
     private ContainerDefinitionFetcher $containerDefinitionFetcher;

From 3ee5278cc61643fb0552a4eb820805b6b061c025 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 May 2024 11:51:46 +0200
Subject: [PATCH 2139/3949] change the rewrite for remote.php

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index feb2a6f3..cbe309b2 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -56,8 +56,8 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 
     # Nextcloud
     route {
-        rewrite /.well-known/carddav /remote.php/dav
-        rewrite /.well-known/caldav /remote.php/dav
+        rewrite /.well-known/carddav /remote.php/dav/
+        rewrite /.well-known/caldav /remote.php/dav/
         header Strict-Transport-Security max-age=31536000;
         reverse_proxy localhost:8000
     }

From 48ec6502d6e563caf243772d5a5b1be7ec25e746 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 14 May 2024 12:02:38 +0000
Subject: [PATCH 2140/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 1acd6569..735dd331 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1710,16 +1710,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.10.1",
+            "version": "v3.10.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7"
+                "reference": "7aaed0b8311a557cc8c4047a71fd03153a00e755"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7",
-                "reference": "3af5ab2e52279e5e23dc192b1a26db3b8cffa4e7",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/7aaed0b8311a557cc8c4047a71fd03153a00e755",
+                "reference": "7aaed0b8311a557cc8c4047a71fd03153a00e755",
                 "shasum": ""
             },
             "require": {
@@ -1773,7 +1773,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.10.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.10.2"
             },
             "funding": [
                 {
@@ -1785,7 +1785,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-12T06:16:18+00:00"
+            "time": "2024-05-14T06:04:16+00:00"
         }
     ],
     "packages-dev": [],

From 46b6992b52a24ea5ef3f2370f1a9a9afff8556d0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 17:44:30 +0200
Subject: [PATCH 2141/3949] pre-fill the domain

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/domain-prefill.js  | 7 +++++++
 php/templates/containers.twig | 5 ++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 php/public/domain-prefill.js

diff --git a/php/public/domain-prefill.js b/php/public/domain-prefill.js
new file mode 100644
index 00000000..c81f2231
--- /dev/null
+++ b/php/public/domain-prefill.js
@@ -0,0 +1,7 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // domain
+    let domain = document.getElementById("domain_input");
+    if (domain) {
+        domain.value = window.location.host
+    }
+});
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4249cb2e..a885646f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -20,6 +20,9 @@
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
+        
+        {# Add domain-prefill #}
+        <script type="text/javascript" src="domain-prefill.js"></script>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}
@@ -100,7 +103,7 @@
                             <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
                         <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
+                            <input type="text" id="domain_input" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                             <input class="button" type="submit" value="Submit domain" />

From 99567d687201229eb38a33209f6e0fd95d26998a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 17:48:03 +0200
Subject: [PATCH 2142/3949] change `Nextcloud AIO setup` to `All-in-One setup`

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/setup.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 7783830c..4bd623a4 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -4,7 +4,7 @@
     <div class="login-wrapper">
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Nextcloud AIO setup</h1>
+            <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>Please note down the password to access the AIO interface and don't lose it!</p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>

From f8603b10fce895c7e487951b6986ce51bbfdf32f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 17:49:17 +0200
Subject: [PATCH 2143/3949] add warning toe note down the password and make it
 big

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/setup.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 4bd623a4..da0ba12a 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -6,7 +6,7 @@
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-            <p>Please note down the password to access the AIO interface and don't lose it!</p>
+            <p>⚠️ <br>Please note down the password to access the AIO interface and don't lose it!</br></p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
         </div>

From 628abc02f6b04e634a86dd9bb9ac06d9c006ac9e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 17:55:26 +0200
Subject: [PATCH 2144/3949] change password to passphrase

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 16 ++++++++--------
 php/templates/login.twig      |  2 +-
 php/templates/setup.twig      |  4 ++--
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a885646f..5f9869bd 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -156,7 +156,7 @@
                                             <input class="button" type="submit" value="Check backup integrity"/><br/>
                                         </form>
                                     {% endif %}
-                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO password will be kept and the previous AIO password will not be restored from backup!<br><br>
+                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!<br><br>
                                     <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -528,18 +528,18 @@
 
                     {% if is_backup_container_running == false %}
                         {% if isApacheStarting == false %} 
-                            <h2>AIO password change</h2>
+                            <h2>AIO passphrase change</h2>
                             <details>
-                                <summary>Click here to change your AIO password</summary><br />
-                                You can change your AIO password below:<br><br />
+                                <summary>Click here to change your AIO passphrase</summary><br />
+                                You can change your AIO passphrase below:<br><br />
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password" id="current-master-password" oninput="showPassword('current-master-password')">
-                                    <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password" id="new-master-password" oninput="showPassword('new-master-password')">
+                                    <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
+                                    <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button" type="submit" value="Submit password change" />
+                                    <input class="button" type="submit" value="Submit passphrase change" />
                                 </form>
-                                The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
+                                The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
                             </details>
                         {% endif %}
                     {% endif %}
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 4ddd1257..a1864ef8 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -6,7 +6,7 @@
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO Login</h1>
             {% if is_login_allowed == true %}
-                <p>Log in using your Nextcloud AIO password:</p>
+                <p>Log in using your Nextcloud AIO passphrase:</p>
                 <form method="POST" action="/api/auth/login" class="xhr">
                     <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
 
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index da0ba12a..7e0aa61d 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -6,8 +6,8 @@
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-            <p>⚠️ <br>Please note down the password to access the AIO interface and don't lose it!</br></p>
-            <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
+            <p>⚠️ <br>Please note down the passphrase to access the AIO interface and don't lose it!</br></p>
+            <strong>Passphrase</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
         </div>
     </div>

From 560dce906eecac422cbad61e8f7304d44d9b9aa8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:01:20 +0200
Subject: [PATCH 2145/3949] adjust loader color to match nextcloud blue

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 7f86decb..b9418737 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -198,7 +198,7 @@ header {
 .loader {
     border: 16px solid #f3f3f3;
     border-radius: 50%;
-    border-top: 16px solid #3498db;
+    border-top: 16px solid #0082c9;
     width: 120px;
     height: 120px;
     -webkit-animation: spin 2s linear infinite; /* Safari */

From 26c042fd28fee57d18fbc13494b1f0936fd98e7a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:11:13 +0200
Subject: [PATCH 2146/3949] pre-fill the timezone

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/timezone.js        | 7 +++++++
 php/templates/containers.twig | 5 ++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 php/public/timezone.js

diff --git a/php/public/timezone.js b/php/public/timezone.js
new file mode 100644
index 00000000..b43bdfe7
--- /dev/null
+++ b/php/public/timezone.js
@@ -0,0 +1,7 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // timezone
+    let timezone = document.getElementById("timezone");
+    if (timezone) {
+        timezone.value = Intl.DateTimeFormat().resolvedOptions().timeZone
+    }
+});
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5f9869bd..477e718f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -24,6 +24,9 @@
         {# Add domain-prefill #}
         <script type="text/javascript" src="domain-prefill.js"></script>
 
+        {# timezone-prefill #}
+        <script type="text/javascript" src="timezone.js"></script>
+
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}
         {% set isWatchtowerRunning = false %}
@@ -647,7 +650,7 @@
                             In order to get the correct time values for certain Nextcloud features, it makes sense to set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
                             You can configure the timezone for Nextcloud below:<br><br>
                             <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" name="timezone" placeholder="Europe/Berlin" />
+                                <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />

From 5a826222d4a3de6c706b6f78413f06f13398e675 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:15:34 +0200
Subject: [PATCH 2147/3949] try to fix glitchy buttons

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/automatic_reload.js | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/php/public/automatic_reload.js b/php/public/automatic_reload.js
index 2fef31a6..7b14a3c4 100644
--- a/php/public/automatic_reload.js
+++ b/php/public/automatic_reload.js
@@ -1,17 +1,19 @@
-if (document.hasFocus()) {
-    // hide reload button if the site reloads automatically
-    let list = document.getElementsByClassName("reload button");
-    for (let i = 0; i < list.length; i++) {
-        // list[i] is a node with the desired class name
-        list[i].style.display = 'none';
-    }
+document.addEventListener("DOMContentLoaded", function(event) {
+    if (document.hasFocus()) {
+        // hide reload button if the site reloads automatically
+        let list = document.getElementsByClassName("reload button");
+        for (let i = 0; i < list.length; i++) {
+            // list[i] is a node with the desired class name
+            list[i].style.display = 'none';
+        }
 
-    // set timeout for reload
-    setTimeout(function(){
-    window.location.reload(1);
-    }, 5000);
-} else {
-    window.addEventListener("beforeunload", function() {
-        document.getElementById('overlay').classList.add('loading')
-    });
-}
\ No newline at end of file
+        // set timeout for reload
+        setTimeout(function(){
+        window.location.reload(1);
+        }, 5000);
+    } else {
+        window.addEventListener("beforeunload", function() {
+            document.getElementById('overlay').classList.add('loading')
+        });
+    }
+});

From 63c667cac347619e2703d2cb301df84a6ad0c186 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:17:56 +0200
Subject: [PATCH 2148/3949] add instructions how to inspect container logs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 477e718f..262f3715 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -236,7 +236,7 @@
                         {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
-                            <span class="status running"></span> Containers are currently starting.<br /><br />
+                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <br>Starting</br> next to each container for further details.<br /><br />
                             <a href="" class="button reload">Reload ↻</a><br/><br>
                         {% else %}
                             It seems like at least one container is currently restarting which means it is not able to start correctly.<br><br>

From 000d881fc2ad1ece6a7dd0222e66e4e05be63c73 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:25:39 +0200
Subject: [PATCH 2149/3949] change wording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 262f3715..2e59cfbf 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -428,7 +428,7 @@
                                 <h3>Backup information</h3>
                                 This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
                                 Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
-                                Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
+                                All important data of your Nextcloud AIO instance will get backed up like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.<br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>

From 14153b424b11e52e376049724a498593d586b77a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 May 2024 18:26:54 +0200
Subject: [PATCH 2150/3949] adjust wording

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2e59cfbf..eebab725 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -152,7 +152,7 @@
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
-                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
+                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From e78de8a113e04c4fe1e7ddf6a7d623486a375577 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 May 2024 10:55:53 +0200
Subject: [PATCH 2151/3949] rename password to encryption password

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index eebab725..fd750256 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -136,7 +136,7 @@
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
-                                        Please adjust the path and/or the password in order to make it work!<br><br>
+                                        Please adjust the path and/or the encryption password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
                                         The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br><br>
                                         <details>
@@ -174,29 +174,29 @@
                             {% elseif borg_backup_mode == 'restore' %}
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
-                                    Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
+                                    Somehow the restore failed which is unexpected! Please adjust the path and encryption password, test it and try to restore again!
                                 {% endif %}
                             {% endif %}
                         {% endif %}
 
                         {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
-                            Please enter the location of the backup archive on your host and the password of the backup archive below:<br><br>
+                            Please enter the location of the backup archive on your host and the encryption password of the backup archive below:<br><br>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
-                                <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="enter the borg password"/>
+                                <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit location and password" />
+                                <input class="button" type="submit" value="Submit location and encryption password" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
-                        <b>Everything set!</b> Click on the button below to test the path and password:<br/><br/>
+                        <b>Everything set!</b> Click on the button below to test the path and encryption password:<br/><br/>
                         <form method="POST" action="/api/docker/backup-test" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Test path and password"/><br/>
+                            <input class="button" type="submit" value="Test path and encryption password"/><br/>
                         </form>
                     {% endif %}
                 {% endif %}

From 2352367a19a6ad4460f9375e6f2782ba0be92f20 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 16 May 2024 12:02:28 +0000
Subject: [PATCH 2152/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 735dd331..ed53f767 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1710,16 +1710,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.10.2",
+            "version": "v3.10.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "7aaed0b8311a557cc8c4047a71fd03153a00e755"
+                "reference": "67f29781ffafa520b0bbfbd8384674b42db04572"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/7aaed0b8311a557cc8c4047a71fd03153a00e755",
-                "reference": "7aaed0b8311a557cc8c4047a71fd03153a00e755",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/67f29781ffafa520b0bbfbd8384674b42db04572",
+                "reference": "67f29781ffafa520b0bbfbd8384674b42db04572",
                 "shasum": ""
             },
             "require": {
@@ -1773,7 +1773,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.10.2"
+                "source": "https://github.com/twigphp/Twig/tree/v3.10.3"
             },
             "funding": [
                 {
@@ -1785,7 +1785,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-14T06:04:16+00:00"
+            "time": "2024-05-16T10:04:27+00:00"
         }
     ],
     "packages-dev": [],

From 32890a75f3afbaa43320cd6b78b0db2a84442a6b Mon Sep 17 00:00:00 2001
From: ncguk <inglenook@duck.com>
Date: Thu, 16 May 2024 12:46:50 +0100
Subject: [PATCH 2153/3949] Update containers.twig

Many text changes for readability. No code changes.

Signed-off-by: ncguk <inglenook@duck.com>
---
 php/templates/containers.twig | 84 +++++++++++++++++------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fd750256..117b1a42 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -63,19 +63,19 @@
         {% if is_daily_backup_running == true %}
             <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br /><br />
             {% if automatic_updates == true %}
-                It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
+                This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.<br /><br />
                 {% if is_mastercontainer_update_available == true %}
-                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                    When the mastercontainer is updated it will restart the container, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 {% endif %}
             {% endif %}
             {% if has_update_available == false %}
                 The whole process should not take more than a few minutes.<br /><br />
             {% elseif automatic_updates == true %}
-                The whole process can take a while because your containers get updated.<br /><br />
+                The whole process can take a while as your containers will be updated.<br /><br />
             {% endif %}
             <a href="" class="button reload">Reload ↻</a><br/>
         {% elseif isWatchtowerRunning == true %}
-            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
+            <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>
         {% else %}
             {% if is_backup_container_running == false and domain == "" %}
@@ -101,9 +101,9 @@
                         {% else %}
                             AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}
-                        Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.<br><br />
+                        Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
-                            <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
+                            <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
                         <form method="POST" action="/api/configuration" class="xhr">
                             <input type="text" id="domain_input" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
@@ -112,15 +112,15 @@
                             <input class="button" type="submit" value="Submit domain" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.<br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
-                                If you should not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
+                                If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
                                 If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
                                 If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.<br><br>
                                 If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
                                 {% if apache_port != '443' %}
-                                    If you run into issues getting your domain accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
+                                    If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
                                 {% endif %}
                                 <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
                             </details>
@@ -159,7 +159,7 @@
                                             <input class="button" type="submit" value="Check backup integrity"/><br/>
                                         </form>
                                     {% endif %}
-                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!<br><br>
+                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!<br><br>
                                     <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -174,7 +174,7 @@
                             {% elseif borg_backup_mode == 'restore' %}
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
-                                    Somehow the restore failed which is unexpected! Please adjust the path and encryption password, test it and try to restore again!
+                                    The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!
                                 {% endif %}
                             {% endif %}
                         {% endif %}
@@ -189,7 +189,7 @@
                                 <input class="button" type="submit" value="Submit location and encryption password" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
-                            ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
+                            ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
                         <b>Everything set!</b> Click on the button below to test the path and encryption password:<br/><br/>
@@ -239,8 +239,8 @@
                             <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <br>Starting</br> next to each container for further details.<br /><br />
                             <a href="" class="button reload">Reload ↻</a><br/><br>
                         {% else %}
-                            It seems like at least one container is currently restarting which means it is not able to start correctly.<br><br>
-                            To break out this endless loop, you can stop the containers below and investigate the issue by having a look at the container logs before starting them again.<br><br>
+                            It seems at least one container was not able to start correctly and is currently restarting.<br><br>
+                            To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.<br><br>
                             <form method="POST" action="/api/docker/stop" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -308,7 +308,7 @@
                 {% if isAnyRunning == true %}
                     {% if isApacheStarting != true %}
                         {% if is_mastercontainer_update_available == true %}
-                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
+                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.<br /><br />
                             {% if current_channel starts with 'latest' %}
                                 You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><b>here</b></a><br><br>
                             {% elseif current_channel starts with 'beta' %}
@@ -325,10 +325,10 @@
                     {% endif %}
                 {% else %}
                     {% if isBackupOrRestoreRunning == true %}
-                        Restore or Backup currently running. Cannot start the containers until that's done.<br /><br />
+                        Restore or Backup currently running. Cannot start the containers until Restore or Backup is complete.<br /><br />
                     {% else %}
                         {% if was_start_button_clicked == false %}
-                            <br>Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internet connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
+                            <br>Clicking on the button below will download all docker containers and start them. This can take a long time depending on your internet connection. Since the overall size is a few GB, this can take around 5-10 min or more. Please be patient!<br><br>
                         {% endif %}
                         {% if is_mastercontainer_update_available == true %}
                             ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>
@@ -372,7 +372,7 @@
                     {% else %}
                         {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
                             <h2>Backup and restore</h2>
-                            Please type in the directory where backups will get created on the host system below. In best case make sure that you choose a location on a separate drive and not on your root drive.<br><br>
+                            Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.<br><br>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -391,7 +391,7 @@
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
-                                        The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
                                         <details>
                                             <summary>Reveal repair option</summary><br />
                                             Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
@@ -403,7 +403,7 @@
                                         </details><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
-                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <b>Create Backup</b> for testing the new value.<br /><br />
+                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <b>Create Backup</b> to test the new value.<br /><br />
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -423,18 +423,18 @@
                             {% if is_backup_container_running == false and isApacheStarting == false %}
                                 {% if has_backup_run_once == true %}
                                     <details>
-                                    <summary>Click here to reveal all backup options (it also includes an option for automatic updates)</summary><br />
+                                    <summary>Click here to reveal all backup options (including an option for automatic updates)</summary><br />
                                 {% endif %}
                                 <h3>Backup information</h3>
                                 This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
-                                Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
-                                All important data of your Nextcloud AIO instance will get backed up like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                                The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                Please save this password in a safe place. You won't be able to restore from backup if you lose this password! <br /><br/>
+                                All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.<br /><br/>
+                                The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.<br /><br/>
-                                Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
-                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
-                                Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
+                                Backups will be created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
+                                Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
+                                For information about backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
+                                Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.<br><br>
                                 For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 
                                 {% if isApacheStarting != true %}
@@ -459,7 +459,7 @@
 
                                     {% if has_backup_run_once == true %}
                                         <h3>Backup check</h3>
-                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it shouldn't be needed in most situations.<br><br/>
+                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.<br><br/>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -467,7 +467,7 @@
                                         </form>
 
                                         <h3>Backup restore</h3>
-                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync is used to restore the chosen backup which only transfers changed files and deletes additional ones.<br><br>
+                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.<br><br>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -481,7 +481,7 @@
 
                                         <h3>Daily backup and automatic updates</h3>
                                         {% if daily_backup_time == "" %}
-                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC. For creating the backup, it will stop the containers and start them back up after the backup is done.<br><br/>
+                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.<br><br/>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -491,11 +491,11 @@
                                                 <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label><br>
                                             </form>
                                         {% else %}
-                                            Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup.
+                                            Daily backups will be created at <b>{{ daily_backup_time }} UTC</b>. A notification about the result of the backup will be sent.
                                             {% if automatic_updates == true %}
-                                                Also your containers, the mastercontainer and on saturdays your Nextcloud apps will be automatically updated. 
+                                                Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated. 
                                             {% endif %}
-                                            To change your backup time, first disable Daily Backups and then re-enable them with your new backup time.<br><br/>
+                                            To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.<br><br/>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -505,15 +505,15 @@
                                         {% endif %}
 
                                         <h3>Back up additional directories and docker volumes of your host</h3>
-                                        Below, you can enter directories and docker volumes of your host that will backed up additionally into the same borg backup archive.<br><br>
+                                        Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.<br><br>
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input class="button" type="submit" value="Submit additional backup locations" /><br>
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
-                                        Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
+                                        Each line and entry needs to start with a slash or letter/digit. Only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure that all given directories exist or the backup container will fail to start!<br><br/>
+                                        Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
                                         Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
                                         {% if additional_backup_directories != "" %}
                                             This option is currently set. You can disable it again by clearing the field and submitting your changes.<br><br>
@@ -551,9 +551,9 @@
                     <h2>Optional containers</h2>
                     In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <b><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></b> how to add them.<br><br>
                     {% if isAnyRunning == true %}
-                        <b>Please note:</b> You can enable or disable them when your containers are stopped.<br><br>
+                        <b>Please note:</b> You can enable or disable the options below only when your containers are stopped.<br><br>
                     {% else %}
-                        <b>Please note:</b> Make sure to save your changes by clicking on the button <b>Save changes</b> that is positioned below the list of optional containers. The changes will not be auto-saved.<br><br>
+                        <b>Please note:</b> Make sure to save your changes by clicking <b>Save changes</b> below the list of optional containers. The changes will not be auto-saved.<br><br>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -647,17 +647,17 @@
                         <b>Please note:</b> You can change the timezone when your containers are stopped.<br><br>
                     {% else %}
                         {% if timezone == "" %}
-                            In order to get the correct time values for certain Nextcloud features, it makes sense to set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
+                            To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
                             You can configure the timezone for Nextcloud below:<br><br>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
+                                <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
                             </form>
                             You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
                         {% else %}
-                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can change the timezone by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="hidden" name="delete_timezone" value="yes"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">

From 5ad62bcd2feef339f3f0c9e2e8e2d27bf6763c89 Mon Sep 17 00:00:00 2001
From: ncguk <inglenook@duck.com>
Date: Thu, 16 May 2024 12:48:54 +0100
Subject: [PATCH 2154/3949] Update containers.twig

Signed-off-by: ncguk <inglenook@duck.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 117b1a42..f50aaa2f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -65,7 +65,7 @@
             {% if automatic_updates == true %}
                 This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.<br /><br />
                 {% if is_mastercontainer_update_available == true %}
-                    When the mastercontainer is updated it will restart the container, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                    When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 {% endif %}
             {% endif %}
             {% if has_update_available == false %}

From 047c3555ba3d42b021ecf2262ba62ae328d1ad1d Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 2 Oct 2023 20:27:47 +0200
Subject: [PATCH 2155/3949] Add a config option for the postgres database port

Signed-off-by: David Mehren <git@herrmehren.de>
---
 Containers/nextcloud/entrypoint.sh   |  6 +++++-
 Containers/nextcloud/healthcheck.sh  | 10 +++++++++-
 Containers/nextcloud/start.sh        | 11 +++++++++--
 Containers/notify-push/start.sh      |  6 +++++-
 Containers/postgresql/healthcheck.sh |  7 ++++++-
 Containers/postgresql/start.sh       | 10 +++++++++-
 php/containers.json                  |  3 +++
 7 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 37d24eb8..4cc709cb 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -212,7 +212,11 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 DATADIR_PERMISSION_CONF
 
             echo "Installing with PostgreSQL database"
-            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")
+            # Set a default value for POSTGRES_PORT
+            if [ -z "$POSTGRES_PORT" ]; then
+              POSTGRES_PORT=5432
+            fi
+            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
             echo "Starting Nextcloud installation..."
             if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh
index 97d6a689..054b1da4 100644
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -1,6 +1,14 @@
 #!/bin/bash
 
-nc -z "$POSTGRES_HOST" 5432 || exit 0
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
+
+
+# POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
+# shellcheck disable=SC2153
+nc -z "$POSTGRES_HOST" "$POSTGRES_PORT" || exit 0
 
 if ! nc -z localhost 9000; then
     exit 1
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 108dbdcf..a3f19f9d 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,7 +1,14 @@
 #!/bin/bash
 
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
+
 # Only start container if database is accessible
-while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
+# POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
+# shellcheck disable=SC2153
+while ! sudo -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
     echo "Waiting for database to start..."
     sleep 5
 done
@@ -13,7 +20,7 @@ export POSTGRES_USER
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
-    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index e524e20d..6180162f 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -44,8 +44,12 @@ fi
 
 echo "notify-push was started"
 
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
 # Set sensitive values as env
-export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
 
 # Run it
diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
index c2ee4ec7..2b29a955 100644
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,4 +2,9 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
+
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()" || exit 1
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 4ae7369f..0e7a35aa 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -6,6 +6,14 @@ export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
+
+# Set PGPORT (the variable used by the postgres entrypoint) to the configured value
+export PGPORT=$POSTGRES_PORT
+
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
@@ -131,7 +139,7 @@ EOSQL
     pg_ctl stop -m fast
 
     # Change database port back to default
-    export PGPORT=5432
+    export PGPORT=$POSTGRES_PORT
 
     # Don't exit if command fails anymore
     set +ex
diff --git a/php/containers.json b/php/containers.json
index 0c780618..f34bbd04 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -99,6 +99,7 @@
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
+        "POSTGRES_PORT=5432",
         "TZ=%TIMEZONE%",
         "PGTZ=%TIMEZONE%"
       ],
@@ -173,6 +174,7 @@
       ],
       "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
+        "POSTGRES_PORT=5432",
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
@@ -266,6 +268,7 @@
         "REDIS_HOST=nextcloud-aio-redis",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "POSTGRES_HOST=nextcloud-aio-database",
+        "POSTGRES_PORT=5432",
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud"

From b1ad854de6de5282be68578fbc4c254f113070c4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 17 May 2024 14:03:59 +0200
Subject: [PATCH 2156/3949] Revert changes to database container

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/healthcheck.sh |  7 +------
 Containers/postgresql/start.sh       | 10 +---------
 php/containers.json                  |  1 -
 3 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
index 2b29a955..c2ee4ec7 100644
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,9 +2,4 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-# Set a default value for POSTGRES_PORT
-if [ -z "$POSTGRES_PORT" ]; then
-    POSTGRES_PORT=5432
-fi
-
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 0e7a35aa..4ae7369f 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -6,14 +6,6 @@ export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
-# Set a default value for POSTGRES_PORT
-if [ -z "$POSTGRES_PORT" ]; then
-    POSTGRES_PORT=5432
-fi
-
-# Set PGPORT (the variable used by the postgres entrypoint) to the configured value
-export PGPORT=$POSTGRES_PORT
-
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
@@ -139,7 +131,7 @@ EOSQL
     pg_ctl stop -m fast
 
     # Change database port back to default
-    export PGPORT=$POSTGRES_PORT
+    export PGPORT=5432
 
     # Don't exit if command fails anymore
     set +ex
diff --git a/php/containers.json b/php/containers.json
index f34bbd04..fd1e137e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -99,7 +99,6 @@
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
-        "POSTGRES_PORT=5432",
         "TZ=%TIMEZONE%",
         "PGTZ=%TIMEZONE%"
       ],

From e17b1d4f23d14e11601a1c0800186f07ff34ee83 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 May 2024 12:28:21 +0000
Subject: [PATCH 2157/3949] Bump docker from 26.1.2-cli to 26.1.3-cli in
 /Containers/mastercontainer

Bumps docker from 26.1.2-cli to 26.1.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 49bbb978..98f9556b 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.2-cli as docker
+FROM docker:26.1.3-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy

From 2be9c9ef102cb94e61d0b1fdfd8452e6f4b41be6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 May 2024 12:37:56 +0000
Subject: [PATCH 2158/3949] Bump clamav/clamav from 1.3.1-51 to 1.3.1-52 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-51 to 1.3.1-52.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index ddd1184f..185999ab 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-51
+FROM clamav/clamav:1.3.1-52
 
 COPY clamav.conf /tmp/clamav.conf
 

From df3935a99233e9aaae6ba1766362f4014cf587c9 Mon Sep 17 00:00:00 2001
From: Killiane Letellier <killiane.letellier@mailo.com>
Date: Mon, 20 May 2024 16:16:04 +0200
Subject: [PATCH 2159/3949] Corrects a typo in containers.twig

Signed-off-by: Killiane Letellier <killiane.letellier@mailo.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f50aaa2f..8c79c8d5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -112,7 +112,7 @@
                             <input class="button" type="submit" value="Submit domain" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.<br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.<br><br>
                             <details>
                                 <summary>Click here for further hints</summary><br />
                                 If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>

From 4794d5119abe48d437838f76ace436b0d4c325d2 Mon Sep 17 00:00:00 2001
From: Braiden Psiuk <mail@braiden.dev>
Date: Tue, 21 May 2024 09:14:41 +0000
Subject: [PATCH 2160/3949] Add information about virtual machines (#4274)

Signed-off-by: Braiden Psiuk <mail@braiden.dev>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L <szaimen@e.mail.de>
---
 multiple-instances.md | 213 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 210 insertions(+), 3 deletions(-)

diff --git a/multiple-instances.md b/multiple-instances.md
index fd457e62..32e1a462 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -3,17 +3,224 @@ It is possible to run multiple instances of AIO on one server.
 
 There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
 
-Below is described more in detail how the the second way works.
 
 ## Run multiple AIO instances on the same server with docker rootless
 1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
 1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
-1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
 **⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
 1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
 1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
 1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
 1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
-1. Please also do not forget to open/forward each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
+1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly!
 
 Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
+
+
+## Run multiple AIO instances on the same server inside their own virtual machines
+This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root.
+
+<details><summary><strong>PLEASE READ: A few expectations about your network</strong></summary>
+This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of <a href="https://nextcloud.com/providers/">Nextcloud's trusted providers.</a>
+</details>
+
+<details><summary><strong>A note for VPS users</strong></summary>
+If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along.
+</details>
+
+**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use.
+If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation.
+
+**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**):
+<!--
+```shell
+# For host machines running Ubuntu Server:
+apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils
+```
+```shell
+# For host machines running Debian:
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+```
+-->
+```shell
+# For host machines running Ubuntu Server or Debian:
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+```
+
+**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1).
+
+**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.**
+
+1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it.
+2. Choose the distribution you'd like to install within the VM:
+   <details><summary><strong>Ubuntu Server 22.04.4 LTS</strong></summary>
+       <h4>Downloading the .ISO image</h4>
+       You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image.
+       <!-- This step is required because Ubuntu no longer hosts their "Legacy Ubuntu Server Installer" images, meaning we can no longer pass a URL to virt-install to use as a location. -->
+       <pre><code># Skip this part if you've already downloaded this image
+   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
+   </code></pre>
+       <em>Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail.</em>
+       <h4>Creating the VM</h4>
+       Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]):
+       <pre><code>virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
+   --os-variant ubuntujammy \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+       <h4>Using a different version of Ubuntu Server</h4>
+       To use a different Ubuntu Server release, visit <a href="https://releases.ubuntu.com">this page</a> and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly.
+   </details>
+   <details><summary><strong>Debian 11</strong></summary>
+       <h4>Creating the VM</h4>
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       <pre><code>virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
+   --os-variant debian11 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+   </details>
+   <details><summary><strong>Debian 12</strong></summary>
+       <h4>Creating the VM</h4>
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       <pre><code># If the os-variant "debian12" is unknown, try "debiantesting" instead
+   virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
+   --os-variant debian12 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+   </details>
+   <!--To learn more about virt-install or automating this process, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_installation_overview-creating_guests_with_virt_install">this guide</a>.-->
+3. Navigate through the text-based installer. Most options can remain as default, but here are some tips:
+   <details><summary><strong>For the Ubuntu Server installer</strong></summary>
+   When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do <strong>not</strong> want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return.
+   </details>
+   <details><summary><strong>For the Debian installer</strong></summary>
+   When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device.
+   </details>
+4. Configure your new VM:
+
+   After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges.
+
+   We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them.
+
+   **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.**
+
+   Run these commands (**on the VM**):
+   ```shell
+   apt install -y curl
+   
+   curl -fsSL https://get.docker.com | sh
+
+   # Make sure you increment the TALK_PORT value every time you run this!
+   docker run \
+   --init \
+   --sig-proxy=false \
+   --name nextcloud-aio-mastercontainer \
+   --restart always \
+   --publish 8080:8080 \
+   --env APACHE_PORT=11000 \
+   --env APACHE_IP_BINDING=0.0.0.0 \
+   --env TALK_PORT=3478 \
+   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+   nextcloud/all-in-one:latest
+   ```
+   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
+
+   
+   ---
+6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)*
+7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**):
+   ```shell
+   apt update -y
+   apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
+   apt update -y
+   apt install -y caddy
+   ```
+   These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source.
+8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**):
+    ```shell
+    virsh net-dhcp-leases default
+    ```
+    This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname.
+    Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor:
+    ```shell
+    nano /etc/caddy/Caddyfile
+    ```
+    Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`.
+    ```shell
+    # Virtual machine #1 - "example1-com"
+    https://[DOMAIN_NAME_1]:8443 {
+        reverse_proxy https://[IP_ADDRESS_1]:8080 {
+            transport http {
+                tls_insecure_skip_verify
+            }
+        }
+    }
+    https://[DOMAIN_NAME_1]:443 {
+        reverse_proxy [IP_ADDRESS_1]:11000
+    }
+    
+    # Virtual machine #2 - "example2-com"
+    https://[DOMAIN_NAME_2]:8443 {
+        reverse_proxy https://[IP_ADDRESS_2]:8080 {
+            transport http {
+                tls_insecure_skip_verify
+            }
+        }
+    }
+    https://[DOMAIN_NAME_2]:443 {
+        reverse_proxy [IP_ADDRESS_2]:11000
+    }
+
+    # (Add more configurations here if you set up more than two VMs!)
+    ```
+    After making this change, you'll need to restart Caddy:
+   ```shell
+   systemctl restart caddy
+   ```
+9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy!
+    
+    <details><summary><strong>A few extra tips for managing this setup</strong></summary>
+        <ul>
+            <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
+            <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
+            <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
+            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
+            <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
+   virsh console --domain [VM_NAME]
+   # (Login to the VM with root privileges)
+   mkdir -p /mnt/[MOUNT_NAME]
+   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]</code></pre></li>
+            To create the XML device definition file, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh">this short guide</a>. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup.
+            <li>If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)</li>
+        </ul>
+    </details>

From 854f596463f07ddcc9ada2e4177c757591c0ed1c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 May 2024 14:11:35 +0200
Subject: [PATCH 2161/3949] increase to 8.3.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e7245a00..aaee64f2 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.1
+version: 8.3.0
 apiVersion: v2
 keywords:
   - latest

From 06de90a838fe7ed879dc25ad617aeea616983c5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 May 2024 12:30:10 +0000
Subject: [PATCH 2162/3949] --- updated-dependencies: - dependency-name: redis 
  dependency-type: direct:production   update-type:
 version-update:semver-patch ...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 62f18b41..03ec115e 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.4-alpine
+FROM redis:7.2.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From d175d88024a7de08686d7ab55bddb3947933f51f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 May 2024 15:05:52 +0200
Subject: [PATCH 2163/3949] Revert "increase to 8.3.0"

This reverts commit 854f596463f07ddcc9ada2e4177c757591c0ed1c.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index aaee64f2..e7245a00 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.3.0
+version: 8.2.1
 apiVersion: v2
 keywords:
   - latest

From 93044dd1816a2dc3d65656dcac2e3e324b047162 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 May 2024 15:06:33 +0200
Subject: [PATCH 2164/3949] increase to 8.3.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8c79c8d5..51f4eac4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.2.1</h1>
+        <h1>Nextcloud AIO v8.3.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 8fd457f62cfb2b4f871c9440802499b5fa1ad29b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 May 2024 17:07:44 +0200
Subject: [PATCH 2165/3949] fix detail in containers starting screen

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 51f4eac4..bf03801d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -236,7 +236,7 @@
                         {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
-                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <br>Starting</br> next to each container for further details.<br /><br />
+                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <b>Starting</b> next to each container for further details.<br /><br />
                             <a href="" class="button reload">Reload ↻</a><br/><br>
                         {% else %}
                             It seems at least one container was not able to start correctly and is currently restarting.<br><br>

From d1be45c359c4c9d13609e7caa46adbb9255a3b85 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 May 2024 17:10:09 +0200
Subject: [PATCH 2166/3949] fix it also on setup screen

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/setup.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 7e0aa61d..66cb98b1 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -6,7 +6,7 @@
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-            <p>⚠️ <br>Please note down the passphrase to access the AIO interface and don't lose it!</br></p>
+            <p>⚠️ <b>Please note down the passphrase to access the AIO interface and don't lose it!</b></p>
             <strong>Passphrase</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
         </div>

From ee7868fb58d0ca22d488b77c1475e6778ec89bf7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 May 2024 13:57:47 +0200
Subject: [PATCH 2167/3949] fix limiting php-fpm socket to certain ip-addresses

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index a3f19f9d..0bbea739 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -151,7 +151,7 @@ done
 
 set -x
 # shellcheck disable=SC2235
-if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
+if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"

From b40968d9899de925a04bf0371f99ee64dcdc3693 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 22 May 2024 12:03:29 +0000
Subject: [PATCH 2168/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/server.conf.in | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index 4df82b5e..6b61b7b8 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -7,7 +7,7 @@
 #readtimeout = 15
 
 # HTTP socket write timeout in seconds.
-#writetimeout = 15
+#writetimeout = 30
 
 [https]
 # IP and port to listen on for HTTPS requests.
@@ -18,7 +18,7 @@
 #readtimeout = 15
 
 # HTTPS socket write timeout in seconds.
-#writetimeout = 15
+#writetimeout = 30
 
 # Certificate / private key to use for the HTTPS server.
 certificate = /etc/nginx/ssl/server.crt
@@ -34,6 +34,11 @@ debug = false
 # room and call can be subscribed.
 #allowsubscribeany = false
 
+# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
+# the "X-Real-Ip" or "X-Forwarded-For" headers.
+# Leave empty to allow loopback and local addresses.
+#trustedproxies =
+
 [sessions]
 # Secret value used to generate checksums of sessions. This should be a random
 # string of 32 or 64 bytes.

From 9207d0f913d35f3c3273e906457bfbf7fd426ea1 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 22 May 2024 14:08:44 +0200
Subject: [PATCH 2169/3949] Revert "Bump collabora/code from 24.04.1.4.1 to
 24.04.2.1.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 8b691c4d..efd2b728 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.2.1.1
+FROM collabora/code:24.04.1.4.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive

From 676d5c2e5352a65002ba8c0c89c4aa202b021a7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 May 2024 12:08:53 +0000
Subject: [PATCH 2170/3949] --- updated-dependencies: - dependency-name: nats  
 dependency-type: direct:production   update-type: version-update:semver-patch
 ...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 91e2b179..078fcbd4 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.14-scratch as nats
+FROM nats:2.10.16-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
 FROM alpine:3.19.1 as janus

From e9b61527732a4a40db5044a81dd895ccd1182787 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 May 2024 14:15:18 +0200
Subject: [PATCH 2171/3949] fix collabora build by not running apt-get upgrade

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index efd2b728..3eb2b187 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.1.4.1
+FROM collabora/code:24.04.2.1.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive
@@ -9,7 +9,6 @@ ARG DEBIAN_FRONTEND noninteractive
 RUN set -ex; \
     \
     apt-get update; \
-    apt-get upgrade -y; \
     apt-get install -y --no-install-recommends \
         tzdata \
         netcat-openbsd \

From 42e161601013bb4f7a9a95512d385296ddb0dc66 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 May 2024 12:17:55 +0000
Subject: [PATCH 2172/3949] --- updated-dependencies: - dependency-name:
 strukturag/nextcloud-spreed-signaling   dependency-type: direct:production  
 update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 078fcbd4..800aea53 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.16-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.3.0 as signaling
 FROM alpine:3.19.1 as janus
 
 ARG JANUS_VERSION=v0.14.2

From 8530499e1e9b1d0a81bbca4c8ff7e8739f9d9c01 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 May 2024 12:44:37 +0000
Subject: [PATCH 2173/3949] --- updated-dependencies: - dependency-name:
 collabora/code   dependency-type: direct:production ...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 3eb2b187..ea0385ac 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.2.1.1
+FROM collabora/code:24.04.3.1.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive

From eeccfec0c960117ba92e4276267d5bf328d5dc23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 May 2024 14:49:24 +0200
Subject: [PATCH 2174/3949] Revert "pre-fill the domain"

This reverts commit 46b6992b52a24ea5ef3f2370f1a9a9afff8556d0.
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/public/domain-prefill.js  | 7 -------
 php/templates/containers.twig | 5 +----
 2 files changed, 1 insertion(+), 11 deletions(-)
 delete mode 100644 php/public/domain-prefill.js

diff --git a/php/public/domain-prefill.js b/php/public/domain-prefill.js
deleted file mode 100644
index c81f2231..00000000
--- a/php/public/domain-prefill.js
+++ /dev/null
@@ -1,7 +0,0 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    // domain
-    let domain = document.getElementById("domain_input");
-    if (domain) {
-        domain.value = window.location.host
-    }
-});
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index bf03801d..8c1acd1a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -20,9 +20,6 @@
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
-        
-        {# Add domain-prefill #}
-        <script type="text/javascript" src="domain-prefill.js"></script>
 
         {# timezone-prefill #}
         <script type="text/javascript" src="timezone.js"></script>
@@ -106,7 +103,7 @@
                             <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
                         <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" id="domain_input" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
+                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                             <input class="button" type="submit" value="Submit domain" />

From 6d0bee33d3b545f59c1ed9cbda0b6ef25a4ac8b1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 May 2024 14:59:48 +0200
Subject: [PATCH 2175/3949] fix bug with getting api_version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 8ea80817..f215f6c6 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -76,7 +76,7 @@ if ! sudo -u www-data docker info &>/dev/null; then
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
-API_VERSION="$(grep -oP 'const API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
 # shellcheck disable=SC2001
 API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"

From d14ac5cd1d29e413ec6600d461324559727dde81 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 May 2024 15:22:59 +0200
Subject: [PATCH 2176/3949] add borg_backup_mode to Backup container status

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8c1acd1a..d8fab230 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -208,7 +208,7 @@
             {% endif %}
 
             {% if is_backup_container_running == true %}
-                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                <span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 <a href="" class="button reload">Reload ↻</a><br/><br>
             {% endif %}
 

From a6d2b908f5360bb738e3870b7fbeabea44011f82 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 May 2024 11:53:16 +0200
Subject: [PATCH 2177/3949] adjust apache reverse proxy docs to set x-real-ip

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8003be5e..d76e0c6c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -82,6 +82,7 @@ Add this as a new Apache site config:
     # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
     RewriteEngine On
     ProxyPreserveHost On
+    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
     AllowEncodedSlashes NoDecode
     
     ProxyPass / http://localhost:11000/ nocanon

From 780ba6dd9db2805ac2be6bce96e44f9e397cfd1a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 11:19:36 +0200
Subject: [PATCH 2178/3949] apache: remove caddy-imports

In favour of https://github.com/nextcloud/all-in-one/pull/3192
Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile | 3 ---
 Containers/apache/start.sh  | 9 ---------
 2 files changed, 12 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index cbe309b2..ed15101c 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -51,9 +51,6 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
         reverse_proxy {$TALK_HOST}:8081
     }
 
-    # Others
-    import /mnt/data/caddy-imports/*
-
     # Nextcloud
     route {
         rewrite /.well-known/carddav /remote.php/dav/
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9b89c2b5..49270210 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -63,15 +63,6 @@ caddy fmt --overwrite /tmp/Caddyfile
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
-# Add caddy import path
-mkdir -p /mnt/data/caddy-imports
-
-# Remove falsely added Nextcloud conf
-rm -f /mnt/data/caddy-imports/nextcloud
-
-# Make sure that the caddy-imports dir is not empty
-echo "# empty file so that caddy does not print a warning" > /mnt/data/caddy-imports/empty
-
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 

From 62242ed247b28bd591d58f7a78ec68d26c91f5d4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 11:57:00 +0200
Subject: [PATCH 2179/3949] AIO interface: substitute `b` tag with `strong` tag

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig           | 88 ++++++++++++-------------
 php/templates/includes/aio-config.twig  |  4 +-
 php/templates/includes/backup-dirs.twig | 12 ++--
 php/templates/login.twig                |  4 +-
 php/templates/setup.twig                |  2 +-
 5 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d8fab230..68d5837f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -78,7 +78,7 @@
             {% if is_backup_container_running == false and domain == "" %}
                 {% if isDomaincheckRunning == false %}
                     <h2>Domaincheck container is not running</h2>
-                    This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.
+                    This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.
                 {% elseif is_mastercontainer_update_available == true %}
                     <h2>Mastercontainer update</h2>
                     ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
@@ -94,13 +94,13 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
                         {% else %}
                             AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}
                         Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
-                            <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!<br><br>
+                            <strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
                         <form method="POST" action="/api/configuration" class="xhr">
                             <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
@@ -119,7 +119,7 @@
                                 {% if apache_port != '443' %}
                                     If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
                                 {% endif %}
-                                <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
+                                <strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
                             </details>
                         {% endif %}
 
@@ -135,10 +135,10 @@
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the encryption password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br><br>
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a><br><br>
                                         <details>
                                             <summary>Reveal repair option</summary><br />
-                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -189,7 +189,7 @@
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
-                        <b>Everything set!</b> Click on the button below to test the path and encryption password:<br/><br/>
+                        <strong>Everything set!</strong> Click on the button below to test the path and encryption password:<br/><br/>
                         <form method="POST" action="/api/docker/backup-test" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -201,7 +201,7 @@
 
             {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
+                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
                 {% else %}
                     No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
                 {% endif %}
@@ -219,21 +219,21 @@
                             <details>
                             <summary>Click here to reveal the initial Nextcloud credentials</summary><br />
                         {% endif %}
-                                Initial Nextcloud username: <b>admin</b><br />
+                                Initial Nextcloud username: <strong>admin</strong><br />
                                 Initial Nextcloud password: 
                         {% if borg_backup_host_location != '' %}
                             {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                            <b>{{ nextcloud_password }}</b><br /></details><br />
+                            <strong>{{ nextcloud_password }}</strong><br /></details><br />
                         {% else %}
-                            <b>{{ nextcloud_password }}</b><br><br>
+                            <strong>{{ nextcloud_password }}</strong><br><br>
                         {% endif %}
                         <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/><br>
                         {% if borg_backup_host_location == '' %}
-                            If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></b><br><br>
+                            If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong><br><br>
                         {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
-                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <b>Starting</b> next to each container for further details.<br /><br />
+                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <strong>Starting</strong> next to each container for further details.<br /><br />
                             <a href="" class="button reload">Reload ↻</a><br/><br>
                         {% else %}
                             It seems at least one container was not able to start correctly and is currently restarting.<br><br>
@@ -287,15 +287,15 @@
 
                     {% if has_update_available == true %}
                         {% if is_mastercontainer_update_available == false %}
-                            ⚠️ Container updates are available. Click on <b>Stop containers</b> and <b>Start and update containers</b> to update them. You should consider creating a backup first.<br><br>
+                            ⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.<br><br>
                         {% endif %}
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
-                                <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
-                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></b><br/>
+                                <summary>Note about <strong>Nextcloud {{ newMajorVersion }}</strong></summary><br>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></strong><br/>
                                 </details><br>
                             {% endif %}
                         {% endif %}
@@ -307,11 +307,11 @@
                         {% if is_mastercontainer_update_available == true %}
                             ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.<br /><br />
                             {% if current_channel starts with 'latest' %}
-                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><b>here</b></a><br><br>
+                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a><br><br>
                             {% elseif current_channel starts with 'beta' %}
-                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><b>here</b></a><br><br>
+                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a><br><br>
                             {% elseif current_channel starts with 'develop' %}
-                                You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><b>here</b></a><br><br>
+                                You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a><br><br>
                             {% endif %}
                         {% endif %}
                         <form method="POST" action="/api/docker/stop" class="xhr">
@@ -388,10 +388,10 @@
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
-                                        The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a><br /><br />
                                         <details>
                                             <summary>Reveal repair option</summary><br />
-                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -400,7 +400,7 @@
                                         </details><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
-                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <b>Create Backup</b> to test the new value.<br /><br />
+                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.<br /><br />
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -423,16 +423,16 @@
                                     <summary>Click here to reveal all backup options (including an option for automatic updates)</summary><br />
                                 {% endif %}
                                 <h3>Backup information</h3>
-                                This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
+                                This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong><br /><br/>
                                 Please save this password in a safe place. You won't be able to restore from backup if you lose this password! <br /><br/>
                                 All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.<br /><br/>
-                                The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.<br /><br/>
-                                Backups will be created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
+                                Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong> <br /><br/>
                                 Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                For information about backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
+                                For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.<br><br>
                                 Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.<br><br>
-                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
+                                For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.<br>
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>
@@ -445,7 +445,7 @@
 
                                     {% if has_backup_run_once == false %}
                                         <h3>Reset backup host location</h3>
-                                        If the configured backup host location <b>{{ borg_backup_host_location }}</b> is wrong, you can reset it by clicking on the button below.<br><br/>
+                                        If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.<br><br/>
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -478,7 +478,7 @@
 
                                         <h3>Daily backup and automatic updates</h3>
                                         {% if daily_backup_time == "" %}
-                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.<br><br/>
+                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.<br><br/>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -488,7 +488,7 @@
                                                 <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label><br>
                                             </form>
                                         {% else %}
-                                            Daily backups will be created at <b>{{ daily_backup_time }} UTC</b>. A notification about the result of the backup will be sent.
+                                            Daily backups will be created at <strong>{{ daily_backup_time }} UTC</strong>. A notification about the result of the backup will be sent.
                                             {% if automatic_updates == true %}
                                                 Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated. 
                                             {% endif %}
@@ -509,8 +509,8 @@
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input class="button" type="submit" value="Submit additional backup locations" /><br>
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure that all given directories exist or the backup container will fail to start!<br><br/>
-                                        Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
+                                        Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!<br><br/>
+                                        Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
                                         Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
                                         {% if additional_backup_directories != "" %}
                                             This option is currently set. You can disable it again by clearing the field and submitting your changes.<br><br>
@@ -539,18 +539,18 @@
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input class="button" type="submit" value="Submit passphrase change" />
                                 </form>
-                                The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
+                                The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.<br>
                             </details>
                         {% endif %}
                     {% endif %}
                 {% endif %}
                 {% if is_backup_container_running == false %}
                     <h2>Optional containers</h2>
-                    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <b><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></b> how to add them.<br><br>
+                    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.<br><br>
                     {% if isAnyRunning == true %}
-                        <b>Please note:</b> You can enable or disable the options below only when your containers are stopped.<br><br>
+                        <strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.<br><br>
                     {% else %}
-                        <b>Please note:</b> Make sure to save your changes by clicking <b>Save changes</b> below the list of optional containers. The changes will not be auto-saved.<br><br>
+                        <strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.<br><br>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -569,7 +569,7 @@
                         {% if is_fulltextsearch_enabled == true %}
                             <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
                         {% else %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <b>Please note:</b> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br><br>
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br><br>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
                             <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>
@@ -599,7 +599,7 @@
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br>
+                    <strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}
@@ -624,9 +624,9 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit collabora dictionaries" />
                             </form>
-                            You need to make sure that the dictionaries that you enter are valid. An example is <b>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</b>.<br><br>
+                            You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.<br><br>
                         {% else %}
-                            The dictionaries for Collabora are currently set to <b>{{ collabora_dictionaries }}</b>. You can reset them again by clicking on the button below.<br><br/>
+                            The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -639,9 +639,9 @@
                     <h2>Timezone change</h2>
                     {% if isAnyRunning == true %}
                         {% if timezone != "" %}
-                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>.<br><br>
+                            The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>.<br><br>
                         {% endif %}
-                        <b>Please note:</b> You can change the timezone when your containers are stopped.<br><br>
+                        <strong>Please note:</strong> You can change the timezone when your containers are stopped.<br><br>
                     {% else %}
                         {% if timezone == "" %}
                             To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
@@ -652,9 +652,9 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
+                            You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.<br><br>
                         {% else %}
-                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can change the timezone by clicking on the button below.<br><br/>
+                            The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="hidden" name="delete_timezone" value="yes"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index cf4fbb49..e3c34d62 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -2,7 +2,7 @@
     <summary>Click here to view the current AIO config and documentation links</summary><br />
     {% if was_start_button_clicked == true %}
         Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
-        You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></b>.<br><br>
+        You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.<br><br>
     {% endif %}
     
     {% if nextcloud_datadir starts with '/' %}
@@ -32,5 +32,5 @@
     {% endif %}
     See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.<br><br>
 
-    For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
+    For further documentation on AIO, refer to <strong><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.<br>
 </details>
diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
index 53cf3879..bbc11eb8 100644
--- a/php/templates/includes/backup-dirs.twig
+++ b/php/templates/includes/backup-dirs.twig
@@ -1,6 +1,6 @@
-The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
-An example for Linux is <b>/mnt/backup</b>.<br><br>
-On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br><br>
-For macOS it may be <b>/var/backup</b>.<br><br>
-On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <b>Please note</b>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.<br><br>
-Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.<br><br>
+The folder path that you enter must start with <strong>/</strong> and must <strong>not</strong> end with <strong>/</strong>.<br><br>
+An example for Linux is <strong>/mnt/backup</strong>.<br><br>
+On Synology it could be <strong>/volume1/docker/nextcloud/backup</strong>.<br><br>
+For macOS it may be <strong>/var/backup</strong>.<br><br>
+On Windows it might be <strong>/run/desktop/mnt/host/c/backup</strong>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <strong>Please note</strong>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.<br><br>
+Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.<br><br>
diff --git a/php/templates/login.twig b/php/templates/login.twig
index a1864ef8..5e68ffba 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -15,8 +15,8 @@
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}
-                <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><b>automatic login</b></a> from your Nextcloud.<br><br>
-                If that is not possible, you can unblock the login by running<br><b>sudo docker stop nextcloud-aio-apache</b></p>
+                <p>The login is blocked since Nextcloud is running.<strong>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+                If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
             {% endif %}
         </div>
     </div>
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 66cb98b1..1069980c 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -6,7 +6,7 @@
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-            <p>⚠️ <b>Please note down the passphrase to access the AIO interface and don't lose it!</b></p>
+            <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
             <strong>Passphrase</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
         </div>

From c152aa352c4f84887287cc39e09c34a3ee43fc1a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 11:53:09 +0200
Subject: [PATCH 2180/3949] AIO interface: document limitation regarding
 restoring of community container data

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d8fab230..85ef2b12 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -157,6 +157,7 @@
                                         </form>
                                     {% endif %}
                                     Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!<br><br>
+                                    <strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.<br><br>
                                     <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From f000ee6fb7ca952b3befdc6776674fb7634ae654 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 12:25:08 +0200
Subject: [PATCH 2181/3949] AIO interface: add note how to reset the AIO
 instance

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 multiple-instances.md         | 2 +-
 php/templates/containers.twig | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/multiple-instances.md b/multiple-instances.md
index 32e1a462..f98f867a 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -214,7 +214,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
             <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
             <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
             <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
-            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
+            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
             <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
    virsh console --domain [VM_NAME]
    # (Login to the VM with root privileges)
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3fb1ddae..bb9d7356 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -666,6 +666,10 @@
                     {% endif %}
                 {% endif %}
             {% endif %}
+            {% if is_backup_container_running == false %}
+                <h2>How to reset the AIO instance?</h2>
+                If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>. Make sure to create a backup first and note down the path as well as the encryption password if this instance is already productively used so that you can restore your data on a fresh AIO instance.<br><br>
+            {% endif %}
         {% endif %}
 
     {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}

From f988c6a3494acd7bfec6e2e3f4ad2e3417e17ac6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 24 May 2024 10:27:15 +0000
Subject: [PATCH 2182/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0f444f35..1a8b4521 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.5
+ENV NEXTCLOUD_VERSION 28.0.6
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 # AIO settings end # Do not remove or change this line!

From b18c210f86387c6cd03dfee11185cf6f3c37bd1a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 24 May 2024 10:27:21 +0000
Subject: [PATCH 2183/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/server.conf.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index 6b61b7b8..b748cacd 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -35,7 +35,8 @@ debug = false
 #allowsubscribeany = false
 
 # Comma separated list of trusted proxies (IPs or CIDR networks) that may set
-# the "X-Real-Ip" or "X-Forwarded-For" headers.
+# the "X-Real-Ip" or "X-Forwarded-For" headers. If both are provided, the
+# "X-Real-Ip" header will take precedence (if valid).
 # Leave empty to allow loopback and local addresses.
 #trustedproxies =
 

From 3bd2e867a16ecb50c2c83966e4d39b4272a6e466 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 May 2024 10:28:35 +0000
Subject: [PATCH 2184/3949] Bump strukturag/nextcloud-spreed-signaling in
 /Containers/talk

Bumps strukturag/nextcloud-spreed-signaling from 1.3.0 to 1.3.1.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 800aea53..92a9f284 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.16-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.3.0 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.3.1 as signaling
 FROM alpine:3.19.1 as janus
 
 ARG JANUS_VERSION=v0.14.2

From 3c74c666c4311bcae8e38a0082edd170790a4f57 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 12:55:23 +0200
Subject: [PATCH 2185/3949] move `How to reset the AIO instance?` to a better
 place

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index bb9d7356..2cc7c3de 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -198,6 +198,8 @@
                         </form>
                     {% endif %}
                 {% endif %}
+                <h2>How to reset the AIO instance?</h2>
+                If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.<br><br>
             {% endif %}
 
             {% if was_start_button_clicked == true %}
@@ -666,10 +668,6 @@
                     {% endif %}
                 {% endif %}
             {% endif %}
-            {% if is_backup_container_running == false %}
-                <h2>How to reset the AIO instance?</h2>
-                If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>. Make sure to create a backup first and note down the path as well as the encryption password if this instance is already productively used so that you can restore your data on a fresh AIO instance.<br><br>
-            {% endif %}
         {% endif %}
 
     {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}

From 194e073883678bc7637f86e82527e2f35f5d337f Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 24 May 2024 13:07:00 +0200
Subject: [PATCH 2186/3949] Revert "Revert "apache - drop SetEnv proxy-sendcl
 1""

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/nextcloud.conf | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Containers/apache/nextcloud.conf b/Containers/apache/nextcloud.conf
index 2304aa9a..728d19dc 100644
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -40,10 +40,6 @@ Listen 8000
         Require all denied
     </Files>
 
-    # Fix zero file sizes 
-    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
-    SetEnv proxy-sendcl 1
-
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
     LimitRequestBody ${APACHE_MAX_SIZE}
 

From 9e80bcf322b3c808c32ea2b0840fe4cf07b8ff29 Mon Sep 17 00:00:00 2001
From: kri164 <52274164+kri164@users.noreply.github.com>
Date: Fri, 24 May 2024 16:37:25 +0200
Subject: [PATCH 2187/3949] Update stalwart.json - add port definition for web
 admin interface (#4556)

Signed-off-by: kri164 <52274164+kri164@users.noreply.github.com>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/stalwart/readme.md     | 14 +++++++---
 community-containers/stalwart/stalwart.json |  9 +++++--
 community-containers/stalwart/upgrading.md  | 29 +++++++++++++++++++++
 3 files changed, 47 insertions(+), 5 deletions(-)
 create mode 100644 community-containers/stalwart/upgrading.md

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 80c2c2fd..747f5335 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -1,3 +1,12 @@
+> [!WARNING]
+> Nextcloud Community Containers are beta features.
+> The Stalwart server is under development.
+> 
+> The stability of these two services is not guaranteed.
+> Do not use this feature as a main mail server without a redundancy system and without knowledge.
+> 
+> To learn or use as a secondary server enjoy it and please report bugs at [marcoambrosini/aio-stalwart](https://github.com/marcoambrosini/aio-stalwart/issues).
+
 ## Stalwart mail server
 This container bundles stalwart mail server and auto-configures it for you.
 
@@ -7,9 +16,8 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
-- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml`. Also, you might want to enable logging to stdout so that you can see the stalwart logs in your container logs via `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/common/tracing.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
-- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
+- After adding and starting the container, you need to run `docker logs nextcloud-aio-stalwart` to obtain the system administrator account and password. With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
+- See https://stalw.art/docs/install/docker/ for next steps.
 - Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index d44dde5b..c1aa3fd5 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -5,8 +5,8 @@
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
             "image": "marcoambrosini/aio-stalwart",
-            "image_tag": "v1",
-            "internal_port": "587",
+            "image_tag": "v2",
+            "internal_port": "10003",
             "restart": "unless-stopped",
             "ports": [
                 {
@@ -38,6 +38,11 @@
                   "ip_binding": "",
                   "port_number": "4190",
                   "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "%APACHE_IP_BINDING%",
+                  "port_number": "10003",
+                  "protocol": "tcp"
                 }
             ],
             "environment": [
diff --git a/community-containers/stalwart/upgrading.md b/community-containers/stalwart/upgrading.md
new file mode 100644
index 00000000..958f4355
--- /dev/null
+++ b/community-containers/stalwart/upgrading.md
@@ -0,0 +1,29 @@
+> [!NOTE]
+> Unless the starting script tells you, you have no action to do to update.
+
+# UPGRADING
+
+During a major server update, this message will be displayed:
+
+> Your data is in an old format.
+> 
+> Make a backup and see https://github.com/nextcloud/all-in-one/blob/main/community-containers/stalwart/upgrading.md
+> 
+> To avoid any loss of data, Stalwart will not launch.
+
+If there is no update, delete the `/opt/stalwart-mail/aio.lock` file from the container. Beware of data loss.
+
+See https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md
+
+> [!CAUTION]
+> Before each update don't forget to make a backup.
+
+## Upgrading from 0.7.x to 0.8.x
+
+Before upgrading, do a backup of your data !
+
+```bash
+sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /usr/local/bin/stalwart-mail stalwartlabs/mail-server:v0.7.3 --config /opt/stalwart-mail/etc/config.toml --export /opt/stalwart-mail/export
+sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /usr/local/bin/stalwart-mail stalwartlabs/mail-server:v0.8.0 --config /opt/stalwart-mail/etc/config.toml --import /opt/stalwart-mail/export
+sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /bin/rm alpine /opt/stalwart-mail/aio.lock
+```

From cceb1a8a6c5dcf0557eaf3f93de8f1107ef88ac5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 May 2024 18:29:54 +0200
Subject: [PATCH 2188/3949] remove beta warning for community containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/readme.md          | 2 --
 community-containers/stalwart/readme.md | 3 +--
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 12bad7c0..0708b60f 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -2,8 +2,6 @@
 This directory features containers that are built for AIO which allows to add additional functionality very easily.
 
 ## Disclaimers
-⚠️ This is currently beta and not stable yet!
-
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 747f5335..8f9e7895 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -1,8 +1,7 @@
 > [!WARNING]
-> Nextcloud Community Containers are beta features.
 > The Stalwart server is under development.
 > 
-> The stability of these two services is not guaranteed.
+> The stability of Stalwart services is not guaranteed.
 > Do not use this feature as a main mail server without a redundancy system and without knowledge.
 > 
 > To learn or use as a secondary server enjoy it and please report bugs at [marcoambrosini/aio-stalwart](https://github.com/marcoambrosini/aio-stalwart/issues).

From 0d572bce064c99f8046c8b5c589c6b621a9a2ffe Mon Sep 17 00:00:00 2001
From: Yannik Buerkle <mail@yannik-buerkle.de>
Date: Sat, 25 May 2024 22:30:26 +0200
Subject: [PATCH 2189/3949] add documentation not to use @ or : in passwords

---
 nextcloud-aio-helm-chart/readme.md   | 3 +++
 nextcloud-aio-helm-chart/values.yaml | 1 +
 2 files changed, 4 insertions(+)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index e0a3c916..6285aaf3 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -20,6 +20,9 @@ You can run the containers that are build for AIO with Kubernetes using this Hel
 
 First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`
 
+Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database
+connection strings. You will experience issues when using these symbols!
+
 Then run:
 
 ```
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 58276b24..7a0e02ce 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,3 +1,4 @@
+# Warning: Do not use symbols "@" and ":" in your passwords (see readme.md)
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD:           # TODO! This needs to be a unique and good password!
 IMAGINARY_SECRET:           # TODO! This needs to be a unique and good password!

From 9e7979b00e28d0bda5057238a3ce11a40f7cd61f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 May 2024 12:33:15 +0000
Subject: [PATCH 2190/3949] Bump clamav/clamav from 1.3.1-52 to 1.3.1-53 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-52 to 1.3.1-53.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 185999ab..da54d35f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-52
+FROM clamav/clamav:1.3.1-53
 
 COPY clamav.conf /tmp/clamav.conf
 

From 3c6b44d1b558d78c54454a29896bbd5723b82eb3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 May 2024 11:15:13 +0200
Subject: [PATCH 2191/3949] helm: allow to set default quota for Nextcloud

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh                         | 7 +++++++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml      | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                    | 3 +++
 nextcloud-aio-helm-chart/values.yaml                       | 1 +
 4 files changed, 13 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4cc709cb..a144ce81 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -475,6 +475,13 @@ if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get su
     php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
     php /var/www/html/occ config:app:delete support last_check
 fi
+if [ -n "$NEXTCLOUD_DEFAULT_QUOTA" ]; then
+    if [ "$NEXTCLOUD_DEFAULT_QUOTA" = "unlimited" ]; then
+        php /var/www/html/occ config:app:delete files default_quota
+    else
+        php /var/www/html/occ config:app:set files default_quota --value="$NEXTCLOUD_DEFAULT_QUOTA"
+    fi
+fi
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e9a3387c..ef0d3d56 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -84,6 +84,8 @@ spec:
               value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
+            - name: NEXTCLOUD_DEFAULT_QUOTA
+              value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 22098412..44d523b0 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -288,6 +288,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
             - name: SERVERINFO_TOKEN
               value: "{{ .Values.SERVERINFO_TOKEN }}"
+            - name: NEXTCLOUD_DEFAULT_QUOTA
+              value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -358,6 +360,7 @@ SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monit
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
+NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 58276b24..0d383504 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -53,6 +53,7 @@ SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monit
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
+NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 414716e27934d0c91bdc521cf3988ac07d55aaad Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 May 2024 17:24:28 +0200
Subject: [PATCH 2192/3949] use `127.0.0.1` instead of `localhost`

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile                     |  2 +-
 Containers/apache/healthcheck.sh                |  4 ++--
 Containers/collabora/Dockerfile                 |  2 +-
 Containers/docker-socket-proxy/healthcheck.sh   |  2 +-
 Containers/domaincheck/Dockerfile               |  2 +-
 Containers/fulltextsearch/Dockerfile            |  2 +-
 Containers/imaginary/Dockerfile                 |  4 ++--
 Containers/mastercontainer/Caddyfile            |  4 ++--
 Containers/mastercontainer/healthcheck.sh       | 12 ++++++------
 Containers/mastercontainer/mastercontainer.conf |  6 +++---
 Containers/nextcloud/healthcheck.sh             |  2 +-
 Containers/notify-push/healthcheck.sh           |  2 +-
 Containers/onlyoffice/Dockerfile                |  2 +-
 Containers/postgresql/healthcheck.sh            |  2 +-
 Containers/postgresql/start.sh                  |  2 +-
 Containers/talk-recording/Dockerfile            |  2 +-
 Containers/talk/healthcheck.sh                  |  8 ++++----
 php/src/Docker/DockerActionManager.php          |  2 +-
 18 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index ed15101c..79ecee8b 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -56,7 +56,7 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
         rewrite /.well-known/carddav /remote.php/dav/
         rewrite /.well-known/caldav /remote.php/dav/
         header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000
+        reverse_proxy 127.0.0.1:8000
     }
 
     # TLS options
diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 3a54ef04..15235352 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-nc -z localhost 8000 || exit 1
-nc -z localhost "$APACHE_PORT" || exit 1
+nc -z 127.0.0.1 8000 || exit 1
+nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
 if ! nc -z "$NC_DOMAIN" 443; then
     echo "Could not reach $NC_DOMAIN on port 443."
     exit 1
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index ea0385ac..126e3cd0 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -17,5 +17,5 @@ RUN set -ex; \
 
 USER 100
 
-HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9980 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh
index 28edfdfc..d89deb6b 100644
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
-nc -z localhost 2375 || exit 1
+nc -z 127.0.0.1 2375 || exit 1
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 82aad6b5..13ad3d5e 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -16,5 +16,5 @@ COPY --chmod=775 start.sh /start.sh
 USER www-data
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 512d4eb6..4aedb6e5 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -19,5 +19,5 @@ RUN set -ex; \
 
 USER 1000:0
 
-HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 5f2f5f38..fabdc0d7 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.3-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -38,5 +38,5 @@ USER nobody
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/mastercontainer/Caddyfile b/Containers/mastercontainer/Caddyfile
index b2b2fdef..da0e222d 100644
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -16,7 +16,7 @@
     }
 
     on_demand_tls {
-        ask http://localhost:9876/
+        ask http://127.0.0.1:9876/
     }
 }
 
@@ -26,7 +26,7 @@ http://:80 {
 
 https://:8443 {
 
-    reverse_proxy localhost:8000
+    reverse_proxy 127.0.0.1:8000
 
     tls {
         on_demand
diff --git a/Containers/mastercontainer/healthcheck.sh b/Containers/mastercontainer/healthcheck.sh
index e5d27771..72187591 100644
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,10 +1,10 @@
 #!/bin/bash
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    nc -z localhost 80 || exit 1
-    nc -z localhost 8000 || exit 1
-    nc -z localhost 8080 || exit 1
-    nc -z localhost 8443 || exit 1
-    nc -z localhost 9000 || exit 1
-    nc -z localhost 9876 || exit 1
+    nc -z 127.0.0.1 80 || exit 1
+    nc -z 127.0.0.1 8000 || exit 1
+    nc -z 127.0.0.1 8080 || exit 1
+    nc -z 127.0.0.1 8443 || exit 1
+    nc -z 127.0.0.1 9000 || exit 1
+    nc -z 127.0.0.1 9876 || exit 1
 fi
diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index d1f4ed64..6a7d37dd 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -19,7 +19,7 @@ Listen 8080
 
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://localhost:9000"
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/
@@ -41,8 +41,8 @@ Listen 8080
 # Https host
 <VirtualHost *:8080>
     # Proxy to https
-    ProxyPass / http://localhost:8000/
-    ProxyPassReverse / http://localhost:8000/
+    ProxyPass / http://127.0.0.1:8000/
+    ProxyPassReverse / http://127.0.0.1:8000/
     ProxyPreserveHost On
     # SSL
     SSLCertificateKeyFile /etc/apache2/certs/ssl.key
diff --git a/Containers/nextcloud/healthcheck.sh b/Containers/nextcloud/healthcheck.sh
index 054b1da4..54c79dca 100644
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -10,6 +10,6 @@ fi
 # shellcheck disable=SC2153
 nc -z "$POSTGRES_HOST" "$POSTGRES_PORT" || exit 0
 
-if ! nc -z localhost 9000; then
+if ! nc -z 127.0.0.1 9000; then
     exit 1
 fi
diff --git a/Containers/notify-push/healthcheck.sh b/Containers/notify-push/healthcheck.sh
index cc081974..e2539436 100644
--- a/Containers/notify-push/healthcheck.sh
+++ b/Containers/notify-push/healthcheck.sh
@@ -4,4 +4,4 @@ if ! nc -z "$NEXTCLOUD_HOST" 9001; then
     exit 0
 fi
 
-nc -z localhost 7867 || exit 1
+nc -z 127.0.0.1 7867 || exit 1
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 8bea975a..e3d4ab86 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -4,5 +4,5 @@ FROM onlyoffice/documentserver:8.0.1.1
 
 # USER root is probably used
 
-HEALTHCHECK CMD nc -z localhost 80 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 80 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
index c2ee4ec7..f72aeecf 100644
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,4 +2,4 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1
diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 4ae7369f..97eab9a0 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -85,7 +85,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     exec docker-entrypoint.sh postgres &
 
     # Wait for creation
-    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:11000/$POSTGRES_DB" -c "select now()"; do
+    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start."
         sleep 5
     done
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index fb6ba6e3..91591320 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -54,5 +54,5 @@ USER recording
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
-HEALTHCHECK CMD nc -z localhost 1234 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 1234 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk/healthcheck.sh b/Containers/talk/healthcheck.sh
index 82e660ea..4834289d 100644
--- a/Containers/talk/healthcheck.sh
+++ b/Containers/talk/healthcheck.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-nc -z localhost 8081 || exit 1
-nc -z localhost 8188 || exit 1
-nc -z localhost 4222 || exit 1
-nc -z localhost "$TALK_PORT" || exit 1
+nc -z 127.0.0.1 8081 || exit 1
+nc -z 127.0.0.1 8188 || exit 1
+nc -z 127.0.0.1 4222 || exit 1
+nc -z 127.0.0.1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
 if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
     echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4e56e5f0..93cc3fd3 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -44,7 +44,7 @@ class DockerActionManager
     }
 
     private function BuildApiUrl(string $url) : string {
-        return sprintf('http://localhost/%s/%s', self::API_VERSION, $url);
+        return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
     }
 
     private function BuildImageName(Container $container) : string {

From 54dc5387a72d9bd61bc46ffd1b7ff8fdddc42745 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 May 2024 13:48:00 +0200
Subject: [PATCH 2193/3949] nextcloud: wait for redis to start

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 7 +++++++
 Containers/redis/start.sh          | 1 +
 2 files changed, 8 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index a144ce81..c1945e54 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -19,6 +19,13 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
+# Only start container if redis is accessible
+# shellcheck disable=SC2153
+while ! nc -z "$REDIS_HOST" "6379"; do
+    echo "Waiting for redis to start..."
+    sleep 5
+done
+
 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
diff --git a/Containers/redis/start.sh b/Containers/redis/start.sh
index 8cb3bb40..69764c1a 100644
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -7,6 +7,7 @@ if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
 fi
 
 # Run redis with a password if provided
+echo "Redis has started"
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
     exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
 else

From 712d86e7960e0c89afb5c837e7aaadd3ef835e19 Mon Sep 17 00:00:00 2001
From: roelofz <11368363+roelofz@users.noreply.github.com>
Date: Thu, 30 May 2024 08:51:52 +0200
Subject: [PATCH 2194/3949] Update readme.md

Added a name for Stable diffusion, so a very small change:
  name: Stable_diffusion
Added last step to take to finish configuring the first AI and be able to see first responses in the Assistant.

This is my first PR ever :-)

Signed-off-by: roelofz <11368363+roelofz@users.noreply.github.com>
---
 community-containers/local-ai/readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 40a129fb..9e2b1135 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -9,6 +9,7 @@ This container bundles Local AI and auto-configures it for you.
 ```yaml
 # Stable Diffusion in NCNN with c++, supported txt2img and img2img 
 - url: github:go-skynet/model-gallery/stablediffusion.yaml
+  name: Stable_diffusion
 
 # Port of OpenAI's Whisper model in C/C++ 
 - url: github:go-skynet/model-gallery/whisper-base.yaml
@@ -18,6 +19,7 @@ This container bundles Local AI and auto-configures it for you.
 - url: github:go-skynet/model-gallery/gpt4all-j.yaml
   name: gpt4all-j
 ```
+-  You need to add gpt4all-j under Text Generation (Default completion model to use) in Connected Accounts in the Administration Settings in Nextcloud, the default does not work.
 -  Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From b2cebaffccbae5e81674ca04c65de63b574b53be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 30 May 2024 13:11:37 +0200
Subject: [PATCH 2195/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/login.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 5e68ffba..278567d5 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -15,7 +15,7 @@
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}
-                <p>The login is blocked since Nextcloud is running.<strong>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+                <p>The login is blocked since Nextcloud is running. Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
                 If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
             {% endif %}
         </div>

From 2edd95228939951e08b07cb36bada50ad8053160 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 30 May 2024 13:14:31 +0200
Subject: [PATCH 2196/3949] restore <br>

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/login.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 278567d5..34287829 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -15,7 +15,7 @@
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}
-                <p>The login is blocked since Nextcloud is running. Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+                <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
                 If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
             {% endif %}
         </div>

From 8602eda17ea15d146014a0147de8a303d5312cbb Mon Sep 17 00:00:00 2001
From: Kasim <kasim@rafique.co.uk>
Date: Thu, 30 May 2024 21:45:41 +0100
Subject: [PATCH 2197/3949] Update manual-upgrade.md

rephrase parts of original read me
add alternative method

Signed-off-by: Kasim <kasim@rafique.co.uk>
---
 manual-upgrade.md | 125 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 111 insertions(+), 14 deletions(-)

diff --git a/manual-upgrade.md b/manual-upgrade.md
index 65f67c98..b5a5e053 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -1,26 +1,123 @@
 # Manual upgrade
 
-If you do not install any upgrade for around 6-12 months or longer, it can happen that your instance is so outdated that in the meantime the PHP version of the Nextcloud container got bumped to a version that is not compatible with your currently installed Nextcloud version which means that after doing an upgrade after this long time, Nextcloud will suddenly not work anymore. There is unfortunately no way to fix this from the maintainer side if you refrain from upgrading for so long.
+If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
+There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
 
-The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below:
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
 
-1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
-1. Do **not** click on `Stop containers` because you will need them running going forward, see below
-1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+---
 
-1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
-1. Run the following commands in order to reverse engineer the Nextcloud container:
+## Method 1
+
+1. Start all containers from the AIO interface 
+    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
+    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
+2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
+    - There you will find information about the max. supported PHP version
+    - **Make a mental note of this**
+3. Stop the Nextcloud container and the Apache container by running 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
+    ```
+4. Run the following commands in order to reverse engineer the Nextcloud container:
     ```bash
         sudo docker pull assaflavie/runlike
         echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
         sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
         sudo chown root:root /tmp/nextcloud-aio-nextcloud
     ```
-1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest`. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
-1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
-1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
+
+
+| To change                              | Replace with                                        |
+|----------------------------------------|-----------------------------------------------------|
+| `nextcloud/aio-nextcloud:latest`       | `nextcloud/aio-nextcloud:php{version}-latest`       |
+| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` |
+
+
+
+ - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
+ - However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+ - Using nano and the arrow keys to navigate:
+  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
+6. Next, stop and remove the current container: 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud
+        sudo docker rm nextcloud-aio-nextcloud
+    ```
+7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
 **Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
-1. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
-1. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
-1. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
-1. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Also you should think about enabling daily backups if doing regularl upgrades is too much effort for you.
+8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
+
+---
+
+## Method 2
+#### *Approach using portainer if method 1 does not work for you*
+
+Prerequsite: have all containers from AIO interface running.
+
+<details>
+<summary>Click to expand</summary>
+
+##### 1. Install portainer if not installed:
+```bash
+docker volume create portainer_data
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
+```
+- If you have a reverse proxy
+    - you can setup and navigate using a domain name.
+- For the **standard** AIO install
+    - Open port 9443 on your firewall
+    - navigate to `https://<server-ip>:9443`
+- Accept the insecure self-signed certificate and set an admin password
+- If prompted to add an environment
+    - add local
+
+##### 2. Within the local portainer environment navigate to the **containers** tab 
+- Here you should see all the various containers running
+
+##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
+
+-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
+    - or you can click into individual containers and stop them there
+
+##### 4. Find the version of PHP compatible with the running nextcloud container
+- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
+```logs
+This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
+```
+Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
+ - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
+
+##### 5. Find the correct container version
+In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+
+##### 6. Replace the container
+- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
+- Click ```Duplicate/Edit```
+- Within image, change this to the correct version from Step 5
+- Click ```Deploy the container```
+    - if you are prompted to force repull the image click the slider and press pull image
+
+*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
+
+Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
+
+#### Now you can handle everything through the AIO admin interface and stop and restart the containers normally.
+
+---
+
+##### 7. Last Step is removing portainer if you don't want to keep it
+
+```bash
+docker stop portainer
+docker rm portainer
+docker volume rm portainer_data
+```
+- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
+
+</details>

From 33a80bad603c71809173199cc7f5485bebf9b02d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 31 May 2024 11:48:47 +0200
Subject: [PATCH 2198/3949] add warning note to facerecognition

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index fa22e0bb..072ae01a 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -3,6 +3,7 @@ This container bundles the external model of facerecognition and auto-configures
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
+- Currently, in order to run this correctly, your server should have at least 6 GB of RAM, better 8 GB of RAM.
 - Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
     ```bash
     # Go into the container

From b1d24962c237d8bd3cc9ece9cb20c9860ea41c54 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 31 May 2024 13:42:53 +0200
Subject: [PATCH 2199/3949] adjust size requirements for local-ai

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 9e2b1135..8aba12d1 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -3,7 +3,7 @@ This container bundles Local AI and auto-configures it for you.
 
 ### Notes
 - This container does not work on arm64! If you add the container on arm64, it will fail to start because no image for arm64 is available!
-- Make sure to have enough storage space available. This container alone needs ~14GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
+- Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml

From f934c7f8a00b8cb33b0821c10e5d94c9dac8998a Mon Sep 17 00:00:00 2001
From: Marco Ambrosini <marcoambrosini@proton.me>
Date: Fri, 31 May 2024 15:15:34 +0200
Subject: [PATCH 2200/3949] Fix record type for caddy-stalwart

Signed-off-by: Marco Ambrosini <marcoambrosini@proton.me>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index a6400b25..9ad8ddc9 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -5,7 +5,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From ff5593f8caaf77074c1eed0a52bb2b7a4243617a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 31 May 2024 15:28:24 +0200
Subject: [PATCH 2201/3949] facerecognition: change to FACE_MODEL=3

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 819a4760..1f9ca763 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -10,7 +10,8 @@
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key"
+                "API_KEY=some-super-secret-api-key",
+                "FACE_MODEL=3"
             ],
             "aio_variables": [
                 "nextcloud_memory_limit=4096M"

From d23984885dd122f0b50b3930eeef50273e52b693 Mon Sep 17 00:00:00 2001
From: Marco <marcoambrosini@proton.me>
Date: Fri, 31 May 2024 15:30:34 +0200
Subject: [PATCH 2202/3949] Update readme.md

Signed-off-by: Marco <marcoambrosini@proton.me>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 9ad8ddc9..22677a7f 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -5,7 +5,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A or CNAME record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 9915281b748b817d6d08d6afacda8ea8d53bcd4b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 31 May 2024 15:32:04 +0200
Subject: [PATCH 2203/3949] also add hint about AAAA

Signed-off-by: Simon L <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 22677a7f..4c1e3c52 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -5,7 +5,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A or CNAME record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From ed339d5101ece3fef6cc7ba7f86e8bf614128e48 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 31 May 2024 16:38:01 +0200
Subject: [PATCH 2204/3949] adjust the memory values

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 1f9ca763..89e8fc8b 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -14,7 +14,7 @@
                 "FACE_MODEL=3"
             ],
             "aio_variables": [
-                "nextcloud_memory_limit=4096M"
+                "nextcloud_memory_limit=2048M"
             ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
@@ -22,7 +22,7 @@
                 "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
                 "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
                 "php /var/www/html/occ face:setup -m 5",
-                "php /var/www/html/occ face:setup -M 4G",
+                "php /var/www/html/occ face:setup -M 1G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",

From e05b0f30613cc37b1ad563f7843d4639d601f7e2 Mon Sep 17 00:00:00 2001
From: Kasim <kasim@rafique.co.uk>
Date: Fri, 31 May 2024 16:00:32 +0100
Subject: [PATCH 2205/3949] Fix spelling

Signed-off-by: Kasim <kasim@rafique.co.uk>
---
 manual-upgrade.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-upgrade.md b/manual-upgrade.md
index b5a5e053..517c217f 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -57,7 +57,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 ## Method 2
 #### *Approach using portainer if method 1 does not work for you*
 
-Prerequsite: have all containers from AIO interface running.
+Prerequisite: have all containers from AIO interface running.
 
 <details>
 <summary>Click to expand</summary>

From 03912efe0ce925c330c472ea0234d7aa67aba941 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 1 Jun 2024 12:02:25 +0000
Subject: [PATCH 2206/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 3481b555..f80e32b0 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -105,6 +105,7 @@ services:
       - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PORT=5432
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
@@ -170,6 +171,7 @@ services:
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PORT=5432
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud

From e1866b404c60906e51ba7f9f88eba3e18599797e Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sun, 2 Jun 2024 22:25:33 +0200
Subject: [PATCH 2207/3949] Update add admin token

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index c1aa3fd5..56051574 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -47,7 +47,11 @@
             ],
             "environment": [
                 "TZ=%TIMEZONE%",
-                "NC_DOMAIN=%NC_DOMAIN%"
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "ADMIN_SECRET=%STALWART_USER_PASS%"
+            ],
+            "secrets": [
+                "STALWART_USER_PASS"
             ],
             "volumes": [
                 {

From 9387c1cddb7e7a2a72d1e63b115ff43e7abeffd6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 3 Jun 2024 10:58:58 +0200
Subject: [PATCH 2208/3949] revert "set NEXTCLOUD_MOUNT to rshared #2601"

as it causes too many problems.

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 28 +++++++++++++-------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4e56e5f0..ef3b0952 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -223,12 +223,12 @@ class DockerActionManager
     public function CreateContainer(Container $container) : void {
         $volumes = [];
         foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-            // NEXTCLOUD_MOUNT gets added via bind-mount later on
-            if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-                if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-            }
+            // // NEXTCLOUD_MOUNT gets added via bind-mount later on
+            // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
+            //         continue;
+            //     }
+            // }
 
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
             if ($volume->isWritable) {
@@ -560,14 +560,14 @@ class DockerActionManager
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
-        // Special things for the nextcloud container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-            foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-                if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
-            }
+        // // Special things for the nextcloud container which should not be exposed in the containers.json
+        // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+        //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+        //             continue;
+        //         }
+        //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
+        //     }
         // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];

From c97ef0963d57f850dc803943ea125dbe2afb2b2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jun 2024 12:18:11 +0000
Subject: [PATCH 2209/3949] Bump clamav/clamav from 1.3.1-53 to 1.3.1-54 in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-53 to 1.3.1-54.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index da54d35f..39b8e420 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-53
+FROM clamav/clamav:1.3.1-54
 
 COPY clamav.conf /tmp/clamav.conf
 

From 5f70b352e044ee8c4c417c58367223d1eaecb32e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Jun 2024 12:24:11 +0000
Subject: [PATCH 2210/3949] Bump caddy in /Containers/mastercontainer

Bumps caddy from 2.7.6-alpine to 2.8.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 98f9556b..2d319ffb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -3,7 +3,7 @@
 FROM docker:26.1.3-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
 FROM php:8.3.7-fpm-alpine3.19

From c087be299ed7d1f92ce8cd20c6a0cfa8c1c16701 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Jun 2024 12:58:21 +0000
Subject: [PATCH 2211/3949] Bump caddy from 2.7.6-alpine to 2.8.4-alpine in
 /Containers/apache

Bumps caddy from 2.7.6-alpine to 2.8.4-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d268ef90..f052f9cd 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine as caddy
 
 FROM httpd:2.4.59-alpine3.19
 

From e41d8b824c372af50ccbfc59748f2a509114d043 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 6 Jun 2024 08:00:47 +0000
Subject: [PATCH 2212/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                      | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml       | 7 +++----
 .../templates/nextcloud-aio-apache-service.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml       | 7 +++----
 .../templates/nextcloud-aio-clamav-service.yaml          | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml    | 7 +++----
 .../templates/nextcloud-aio-collabora-service.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml     | 7 +++----
 .../templates/nextcloud-aio-database-service.yaml        | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml         | 7 +++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml  | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml    | 7 +++----
 .../templates/nextcloud-aio-imaginary-service.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml    | 9 +++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml       | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml  | 9 +++++----
 .../templates/nextcloud-aio-notify-push-service.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml   | 7 +++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml      | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml        | 7 +++----
 .../templates/nextcloud-aio-redis-service.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml         | 7 +++----
 .../nextcloud-aio-talk-recording-deployment.yaml         | 7 +++----
 .../templates/nextcloud-aio-talk-recording-service.yaml  | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml            | 4 ++--
 25 files changed, 54 insertions(+), 62 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e7245a00..aaee64f2 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.1
+version: 8.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f60ce0c1..4ba1bb68 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -19,9 +19,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
     spec:
       initContainers:
@@ -65,7 +64,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240606_075829-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 52eaa9e2..4b1a7667 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 121f76cb..9f40255b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -20,9 +20,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
     spec:
       initContainers:
@@ -60,7 +59,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240606_075829-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index ec83fa7d..a0096210 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 3416492d..353574e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -18,9 +18,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
     spec:
       containers:
@@ -37,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240606_075829-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 2f4a318d..57a8181f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 630c9130..8c75db33 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -19,9 +19,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
       initContainers:
@@ -71,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240606_075829-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index e5e6593c..f83fb954 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8e674c63..b3b07039 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -20,9 +20,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
@@ -61,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240606_075829-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 76cd53b0..6c8e415d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index f5f571f1..2b6f7824 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -18,9 +18,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
       containers:
@@ -29,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240606_075829-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index e83fccab..d71a39ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index ef0d3d56..483c160b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -19,9 +19,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
       initContainers:
@@ -142,6 +141,8 @@ spec:
               value: nextcloud-aio-database
             - name: POSTGRES_PASSWORD
               value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_PORT
+              value: "5432"
             - name: POSTGRES_USER
               value: nextcloud
             - name: RECORDING_SECRET
@@ -172,7 +173,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240606_075829-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index c609bbac..cc8bca41 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index baef75a3..f7f803f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -19,9 +19,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-notify-push
     spec:
       initContainers:
@@ -50,13 +49,15 @@ spec:
               value: nextcloud-aio-database
             - name: POSTGRES_PASSWORD
               value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_PORT
+              value: "5432"
             - name: POSTGRES_USER
               value: nextcloud
             - name: REDIS_HOST
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240606_075829-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index da7d7bc7..dc658984 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 82185e57..2a720c7e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -20,9 +20,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
@@ -49,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240606_075829-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index fea08092..995e4f2c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 684c9cdf..99e18b1e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -19,9 +19,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
     spec:
       initContainers:
@@ -44,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240606_075829-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index df81767d..e1eb0ea4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 0006e4f2..6cf3096b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -18,9 +18,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
       containers:
@@ -41,7 +40,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240606_075829-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 823f5dba..f9ada416 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,9 +18,8 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.33.0 (3ce457399)
+        kompose.version: 1.34.0 (cbf2835db)
       labels:
-        io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
       containers:
@@ -33,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240502_104630-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240606_075829-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index e5b1bea6..e242050b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -4,7 +4,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 99af734e..29527887 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -5,7 +5,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -30,7 +30,7 @@ kind: Service
 metadata:
   annotations:
     kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.33.0 (3ce457399)
+    kompose.version: 1.34.0 (cbf2835db)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk

From 0230e0134ff6ab10e257d06e100cec076ec8dffb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 11:09:08 +0200
Subject: [PATCH 2213/3949] nextcloud: increase the default_socket_timeout

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1a8b4521..1573d2b5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -118,6 +118,7 @@ RUN set -ex; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
+        echo 'default_socket_timeout=600'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
     { \

From b9ec25aca5088d4e21541d3405d77ca9a4c8ed3c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 11:51:18 +0200
Subject: [PATCH 2214/3949] aio-app: increase version

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index b6e79feb..e064273d 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.5.0</version>
+	<version>0.6.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="27" max-version="28"/>
+		<nextcloud min-version="28" max-version="29"/>
 	</dependencies>
 
 	<settings>

From eca9defdcf81d826a1a614ad2854703dbcbd4624 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 11:54:52 +0200
Subject: [PATCH 2215/3949] aio-interface: hide upgrade notice

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2cc7c3de..78be9d2e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -31,7 +31,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 29 %}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From a9f2f318a14c39198393f62770b807669a0689b5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 11:57:08 +0200
Subject: [PATCH 2216/3949] postgres: update to 16

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index bfce1750..b98ea8e9 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.7-alpine
+FROM postgres:16.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 695b5a80e83abfd094957795c8c899f7c9d6ab24 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 11:59:18 +0200
Subject: [PATCH 2217/3949] nextcloud: increase to 29.0.2

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1573d2b5..daaa2dc7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.6
+ENV NEXTCLOUD_VERSION 29.0.2
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 # AIO settings end # Do not remove or change this line!

From f6d59d41d07e73a40d77a4281dd13926289e7982 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 12:02:30 +0200
Subject: [PATCH 2218/3949] increase to 9.0.0

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 78be9d2e..48367529 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.3.0</h1>
+        <h1>Nextcloud AIO v9.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 9d802f03234c078ca351b992cf5d0f81fba165a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 12:43:50 +0200
Subject: [PATCH 2219/3949] caddy: fix rewriting .well-known to remote.php

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 79ecee8b..8e7e4a21 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -53,11 +53,11 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 
     # Nextcloud
     route {
-        rewrite /.well-known/carddav /remote.php/dav/
-        rewrite /.well-known/caldav /remote.php/dav/
         header Strict-Transport-Security max-age=31536000;
         reverse_proxy 127.0.0.1:8000
     }
+    redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
 
     # TLS options
     tls {

From c78198620e184226c12d544948cc90cc975a630a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 6 Jun 2024 12:02:40 +0000
Subject: [PATCH 2220/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index fabdc0d7..3d447c04 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.3-alpine3.18 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 01c6157d1a19d231ed00c4d5c6a96c09527faf23 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Jun 2024 12:18:31 +0000
Subject: [PATCH 2221/3949] Bump docker from 26.1.3-cli to 26.1.4-cli in
 /Containers/mastercontainer

Bumps docker from 26.1.3-cli to 26.1.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2d319ffb..e609dba7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.3-cli as docker
+FROM docker:26.1.4-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine as caddy

From 016b8b44648d7ad5709af474c9ca98d58a51d472 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Jun 2024 12:52:22 +0000
Subject: [PATCH 2222/3949] Bump elasticsearch from 8.13.4 to 8.14.0 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.13.4 to 8.14.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4aedb6e5..fd23aa4b 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.13.4
+FROM elasticsearch:8.14.0
 
 USER root
 

From d83195f2f1a5e433cb100d0b05532a89638fdf7b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 15:02:33 +0200
Subject: [PATCH 2223/3949] talk: disable specific health check because it is
 not going to work on some specific setups

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk/healthcheck.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Containers/talk/healthcheck.sh b/Containers/talk/healthcheck.sh
index 4834289d..e4544763 100644
--- a/Containers/talk/healthcheck.sh
+++ b/Containers/talk/healthcheck.sh
@@ -5,7 +5,3 @@ nc -z 127.0.0.1 8188 || exit 1
 nc -z 127.0.0.1 4222 || exit 1
 nc -z 127.0.0.1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
-if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
-    echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
-    exit 1
-fi

From c51edb1bf4987dc433761a3db5220d66a4269d9a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 15:12:27 +0200
Subject: [PATCH 2224/3949] adjust note regarding updating containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6a686949..6e0b84a8 100644
--- a/readme.md
+++ b/readme.md
@@ -310,7 +310,7 @@ You can switch to a different channel like e.g. the beta channel or from the bet
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
 
-If a new `Mastercontainer` update was found, you'll see an additional section below the `containers` section which shows that a mastercontainer update is available. If so, you can simply press on the button to update the container.
+If a new `mastercontainer` update was found, you'll see a note below the `Stop containers` button that allows to show the changelog. If you click that button and the containers are stopped, you will see a new button that allows to update the mastercontainer. After doing so and after the update is gone through, you will have the  option again to `Start and update containers`. It is recommended to create a backup before clicking the `Start and update containers` button.
 
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 

From 3eef585cd37b06dd51f201bcd95c12528f6fb1ac Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 15:22:18 +0200
Subject: [PATCH 2225/3949] add a note to the readme about update notifications

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 6e0b84a8..e8655ea2 100644
--- a/readme.md
+++ b/readme.md
@@ -314,6 +314,9 @@ If a new `mastercontainer` update was found, you'll see a note below the `Stop c
 
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 
+#### How often are update notifications sent?
+AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
+
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
 

From 42ddfb099de16e8f2b9b09d243531d8c4bfac485 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Jun 2024 15:23:41 +0200
Subject: [PATCH 2226/3949] fix detail

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e8655ea2..95e00a85 100644
--- a/readme.md
+++ b/readme.md
@@ -315,7 +315,7 @@ If a new `mastercontainer` update was found, you'll see a note below the `Stop c
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 
 #### How often are update notifications sent?
-AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
+AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
 
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.

From 439f3ca43dddbd42bb72f615bc501f248490b155 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 6 Jun 2024 17:42:28 +0200
Subject: [PATCH 2227/3949] Rename env to STALWART_USER_PASS and add doc

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/readme.md     | 2 +-
 community-containers/stalwart/stalwart.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 8f9e7895..4a8a214d 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -15,7 +15,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker logs nextcloud-aio-stalwart` to obtain the system administrator account and password. With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
+- After adding and starting the container, you need to run `docker inspect nextcloud-aio-stalwart  | grep STALWART_USER_PASS` to obtain the system administrator password (username: `admin`). With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
 - See https://stalw.art/docs/install/docker/ for next steps.
 - Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 56051574..a70849c3 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -48,7 +48,7 @@
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
-                "ADMIN_SECRET=%STALWART_USER_PASS%"
+                "STALWART_USER_PASS=%STALWART_USER_PASS%"
             ],
             "secrets": [
                 "STALWART_USER_PASS"

From df11865befada15aa048c0709dd189d2298625ea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Jun 2024 10:08:08 +0200
Subject: [PATCH 2228/3949] aio interface: add hint what to do if daily backup
 gets stuck

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 48367529..e2ef6185 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -70,7 +70,8 @@
             {% elseif automatic_updates == true %}
                 The whole process can take a while as your containers will be updated.<br /><br />
             {% endif %}
-            <a href="" class="button reload">Reload ↻</a><br/>
+            <a href="" class="button reload">Reload ↻</a><br/><br/>
+            If the daily bacckup should be stuck somehow, you can make it unstuck by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
         {% elseif isWatchtowerRunning == true %}
             <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>

From b67f3722fc2fbeebccb47d2290192f0e88ec34f9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Jun 2024 11:12:49 +0200
Subject: [PATCH 2229/3949] caddy: adjust docs

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 4c1e3c52..94700b6b 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,6 +6,8 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 87cc69ccd87669de9dd5ae8dfc78842791a719b6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Jun 2024 11:14:58 +0200
Subject: [PATCH 2230/3949] facerecognition: remove warning about RAM again

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/facerecognition/readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index 072ae01a..fa22e0bb 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -3,7 +3,6 @@ This container bundles the external model of facerecognition and auto-configures
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
-- Currently, in order to run this correctly, your server should have at least 6 GB of RAM, better 8 GB of RAM.
 - Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
     ```bash
     # Go into the container

From 8c8f5da875365a23ce3e3fa3dc8906cc0b495d88 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Jun 2024 12:13:00 +0000
Subject: [PATCH 2231/3949] Bump collabora/code in /Containers/collabora

Bumps collabora/code from 24.04.3.1.1 to 24.04.4.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 126e3cd0..788535cf 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.3.1.1
+FROM collabora/code:24.04.4.1.1
 
 USER root
 ARG DEBIAN_FRONTEND noninteractive

From 0fcaab829a9cb6dbda60b498c3e57ef690ff1067 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Jun 2024 12:51:19 +0000
Subject: [PATCH 2232/3949] Bump php in /Containers/mastercontainer

Bumps php from 8.3.7-fpm-alpine3.19 to 8.3.8-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e609dba7..c03e2d01 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:26.1.4-cli as docker
 FROM caddy:2.8.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.7-fpm-alpine3.19
+FROM php:8.3.8-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

From 8eca2e3965010e106776f59356a5bfaf080d6cbe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Jun 2024 12:59:15 +0000
Subject: [PATCH 2233/3949] Bump php in /Containers/nextcloud

Bumps php from 8.2.19-fpm-alpine3.19 to 8.2.20-fpm-alpine3.19.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index daaa2dc7..ef2493fe 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.19-fpm-alpine3.19
+FROM php:8.2.20-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G

From 5b49ec6da2da892b565dd9b8e697c2fe9171f919 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Jun 2024 15:17:27 +0200
Subject: [PATCH 2234/3949] fix getting ip-address of talk and apache

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 2 +-
 Containers/talk/start.sh   | 4 ++--
 php/containers.json        | 2 ++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 49270210..9d2a8c2d 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -18,7 +18,7 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
 done
 
 # Get ipv4-address of Apache
-IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short +search | head -1)"
+IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
 IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 37d2682e..01206e16 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -20,8 +20,8 @@ fi
 
 set -x
 IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_TALK="$(dig "$TALK_HOST" IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_TALK="$(dig "$TALK_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
 if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
diff --git a/php/containers.json b/php/containers.json
index fd1e137e..a8669744 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -29,6 +29,7 @@
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
+        "APACHE_HOST=nextcloud-aio-apache",
         "COLLABORA_HOST=nextcloud-aio-collabora",
         "TALK_HOST=nextcloud-aio-talk",
         "APACHE_PORT=%APACHE_PORT%",
@@ -376,6 +377,7 @@
       "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
+        "TALK_HOST=nextcloud-aio-talk",
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
         "TZ=%TIMEZONE%",

From 354c642f75eea0aa5c670aca95d81ca7aef810fe Mon Sep 17 00:00:00 2001
From: Hannes Franke <hannes.franke@tu-dortmund.de>
Date: Sat, 18 May 2024 20:29:20 +0200
Subject: [PATCH 2235/3949] Add note to get correct source IP when using
 rootless docker

Signed-off-by: Hannes Franke <hannes.franke@tu-dortmund.de>
---
 docker-rootless.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index f176d517..958a5a9f 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -9,11 +9,25 @@ You can run AIO with docker rootless by following the steps below.
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, see note below.
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
-
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 
+**Please note:** By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
+As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
+* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
+* Run `sudo sysctl --system` to propagate the change.
+* Create `~/.config/systemd/user/docker.service.d/override.conf`
+  with the following content:
+  ```
+  [Service]
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
+  ```
+* Restart the docker daemon
+  ```
+  systemctl --user restart docker
+  ```
+
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
 
 ⚠️ **Additional note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 

From 39e0e4e2b224b1827aa8edee558482d1c395b85b Mon Sep 17 00:00:00 2001
From: Arman The Parman <77603167+ArmanTheParman@users.noreply.github.com>
Date: Sun, 9 Jun 2024 12:47:09 +1000
Subject: [PATCH 2236/3949] Update readme.md

Grammar improvements x2

Signed-off-by: Arman The Parman <77603167+ArmanTheParman@users.noreply.github.com>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 95e00a85..abc7b969 100644
--- a/readme.md
+++ b/readme.md
@@ -375,9 +375,9 @@ If you connect an external drive to your host, and choose the backup directory t
 
 Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore selected backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 
 
-The backups itself get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
+The backups themselves get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
 
-Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.
+Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to automatically update all containers, Nextcloud and its apps.
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 

From 20d8976f1a7c3076ef8913dbcdc626f09bb6b407 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 9 Jun 2024 12:02:38 +0000
Subject: [PATCH 2237/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ed53f767..fcd0eeeb 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -830,16 +830,16 @@
         },
         {
             "name": "psr/http-message",
-            "version": "1.1",
+            "version": "2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-message.git",
-                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba"
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-message/zipball/cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
-                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                 "shasum": ""
             },
             "require": {
@@ -848,7 +848,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.1.x-dev"
+                    "dev-master": "2.0.x-dev"
                 }
             },
             "autoload": {
@@ -863,7 +863,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP messages",
@@ -877,9 +877,9 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-message/tree/1.1"
+                "source": "https://github.com/php-fig/http-message/tree/2.0"
             },
-            "time": "2023-04-04T09:50:52+00:00"
+            "time": "2023-04-04T09:54:51+00:00"
         },
         {
             "name": "psr/http-server-handler",
@@ -1090,30 +1090,30 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.4.0",
+            "version": "1.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "f66be9740283ed4f432535aff3623540e178013a"
+                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/f66be9740283ed4f432535aff3623540e178013a",
-                "reference": "f66be9740283ed4f432535aff3623540e178013a",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/179cbcf40ee1d246d4906aefed42d3e62066974b",
+                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0",
-                "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.0",
+                "psr/http-factory": "^1.1",
+                "psr/http-message": "^1.0 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.18",
-                "phpspec/prophecy-phpunit": "^2.1",
+                "phpspec/prophecy": "^1.19",
+                "phpspec/prophecy-phpunit": "^2.2",
                 "phpunit/phpunit": "^9.6",
-                "squizlabs/php_codesniffer": "^3.8"
+                "squizlabs/php_codesniffer": "^3.10"
             },
             "type": "library",
             "autoload": {
@@ -1142,9 +1142,9 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.4.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.0"
             },
-            "time": "2024-01-22T09:08:27+00:00"
+            "time": "2024-06-08T16:37:18+00:00"
         },
         {
             "name": "slim/slim",

From 7bdd51554aaea7d890e91f1b5020c6d059f3c533 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Jun 2024 10:24:30 +0200
Subject: [PATCH 2238/3949] nextcloud: improve getting values for APPSTORAGE

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c1945e54..70ae4bc2 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -162,8 +162,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 declare -Ag APPSTORAGE
                 echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
-                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
-                    php /var/www/html/occ app:disable "$app"
+                    if php /var/www/html/occ config:app:get "$app" enabled >/dev/null; then
+                        APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"
+                        php /var/www/html/occ app:disable "$app"
+                    else
+                        APPSTORAGE[$app]=""
+                        echo "Not disabling $app because the occ command to get the enabled state was failing."
+                    fi
                 done
             fi
 

From 335026ce76cff6309cf9705575bf8c520bbab2be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Jun 2024 10:38:59 +0200
Subject: [PATCH 2239/3949] fix SC

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/apache/start.sh | 1 +
 Containers/talk/start.sh   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9d2a8c2d..560dd84e 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -18,6 +18,7 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
 done
 
 # Get ipv4-address of Apache
+# shellcheck disable=SC2153
 IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 01206e16..e73525b8 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -20,7 +20,9 @@ fi
 
 set -x
 IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
+# shellcheck disable=SC2153
 IPv4_ADDRESS_TALK="$(dig "$TALK_HOST" IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+# shellcheck disable=SC2153
 IPv6_ADDRESS_TALK="$(dig "$TALK_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 

From 084d9a86feec308b9e993a2192cbb761f7324d5f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 10 Jun 2024 12:03:32 +0000
Subject: [PATCH 2240/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f80e32b0..ac6f411b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -24,6 +24,7 @@ services:
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - APACHE_HOST=nextcloud-aio-apache
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT=${APACHE_PORT}
@@ -231,6 +232,7 @@ services:
       - "8081"
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
+      - TALK_HOST=nextcloud-aio-talk
       - TURN_SECRET=${TURN_SECRET}
       - SIGNALING_SECRET=${SIGNALING_SECRET}
       - TZ=${TIMEZONE}

From 7f9e85254ebdcc508f96a68b4804d300a9f1ad29 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jun 2024 12:44:30 +0000
Subject: [PATCH 2241/3949] Bump python in /Containers/talk-recording

Bumps python from 3.12.3-alpine3.19 to 3.12.4-alpine3.19.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 91591320..a28969ef 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.3-alpine3.19
+FROM python:3.12.4-alpine3.19
 
 COPY --chmod=775 start.sh /start.sh
 

From 7c97d6657973accbc45ade86cfe65733d3672ddd Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 11 Jun 2024 10:38:38 +0200
Subject: [PATCH 2242/3949] address review

Signed-off-by: Simon L <szaimen@e.mail.de>

Co-authored-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 70ae4bc2..eaa78778 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -162,8 +162,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 declare -Ag APPSTORAGE
                 echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
-                    if php /var/www/html/occ config:app:get "$app" enabled >/dev/null; then
-                        APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"
+                    if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
                         php /var/www/html/occ app:disable "$app"
                     else
                         APPSTORAGE[$app]=""

From cbe0a89676001bff86cf2ee9c7aea0767ce21b0d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Jun 2024 10:50:29 +0200
Subject: [PATCH 2243/3949] increase to 9.0.1

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e2ef6185..7110782b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.0.0</h1>
+        <h1>Nextcloud AIO v9.0.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 2a29d3f8b8533944b7ef666909ca8352eda0495b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Jun 2024 12:24:55 +0200
Subject: [PATCH 2244/3949] aio-interface: show timestamps next to log entries

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 083d09ad..d36ad4af 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -166,7 +166,7 @@ class DockerActionManager
     {
         $url = $this->BuildApiUrl(
             sprintf(
-                'containers/%s/logs?stdout=true&stderr=true',
+                'containers/%s/logs?stdout=true&stderr=true&timestamps=true',
                 urlencode($id)
             ));
         $responseBody = (string)$this->guzzleClient->get($url)->getBody();

From d1ed80af33d1dab1ab16e27e6e3f7623405c7b4f Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Tue, 11 Jun 2024 19:52:10 +0200
Subject: [PATCH 2245/3949] Add igbinary as serializer for increased
 performance

- Install igbinary via PECL
- Enable igbinary support for memcached and redis
- Configure PHP to use igbinary for APCu and session serialization
- Update Dockerfile to include igbinary and its configuration

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 Containers/nextcloud/Dockerfile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ef2493fe..3e2a62f9 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -78,12 +78,18 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
+    pecl install igbinary-3.2.15; \ 
     pecl install APCu-5.1.23; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions \
+        'enable-memcached-igbinary="yes"' \
+        memcached-3.2.0; \
+    pecl install --configureoptions \
+        'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
+        redis-6.0.2; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
+        igbinary \
         apcu \
         memcached \
         redis \
@@ -99,6 +105,11 @@ RUN set -ex; \
     apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
     apk del .build-deps; \
     \
+    { \
+        echo 'apc.serializer=igbinary'; \
+        echo 'session.serialize_handler=igbinary'; \
+    } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
+    \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
     { \

From 8b9777e0d8da5002ec0b57b46b1f6ece9a66a442 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Tue, 11 Jun 2024 13:35:01 +0200
Subject: [PATCH 2246/3949] Update stalwart.json

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index a70849c3..7425aaed 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -5,7 +5,7 @@
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
             "image": "marcoambrosini/aio-stalwart",
-            "image_tag": "v2",
+            "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10003",
             "restart": "unless-stopped",
             "ports": [

From 16489ce23c9596064482d4695addeb7f70176050 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 12 Jun 2024 18:42:51 +0200
Subject: [PATCH 2247/3949] Change maintainer

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/readme.md     | 6 +++---
 community-containers/stalwart/stalwart.json | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index 4a8a214d..cdd1db04 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -4,7 +4,7 @@
 > The stability of Stalwart services is not guaranteed.
 > Do not use this feature as a main mail server without a redundancy system and without knowledge.
 > 
-> To learn or use as a secondary server enjoy it and please report bugs at [marcoambrosini/aio-stalwart](https://github.com/marcoambrosini/aio-stalwart/issues).
+> To learn or use as a secondary server enjoy it and please report bugs at [docjyj/aio-stalwart](https://github.com/docjyj/aio-stalwart/issues).
 
 ## Stalwart mail server
 This container bundles stalwart mail server and auto-configures it for you.
@@ -22,7 +22,7 @@ This container bundles stalwart mail server and auto-configures it for you.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
-https://github.com/marcoambrosini/aio-stalwart
+https://github.com/docjyj/aio-stalwart
 
 ### Maintainer
-https://github.com/marcoambrosini
+https://github.com/docjyj
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 7425aaed..65041db5 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-stalwart",
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
-            "image": "marcoambrosini/aio-stalwart",
+            "image": "ghcr.io/docjyj/aio-stalwart",
             "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10003",
             "restart": "unless-stopped",

From 7123a997a90aa7d3640471a70f019fd4e00795ad Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 13 Jun 2024 09:46:10 +0200
Subject: [PATCH 2248/3949] Move to DockerHub

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 65041db5..891bd9da 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-stalwart",
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
-            "image": "ghcr.io/docjyj/aio-stalwart",
+            "image": "docjyj/aio-stalwart",
             "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10003",
             "restart": "unless-stopped",

From 4b3c953758e98d86df6ead4d066b79e8321757af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Jun 2024 10:29:20 +0200
Subject: [PATCH 2249/3949] adjust update script

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml | 15 +++++++++++++--
 Containers/nextcloud/Dockerfile        | 10 ++++------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 0c0db2a9..e1840fa6 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -36,7 +36,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install memcached.*\;|pecl install memcached-$memcached_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install memcached.* |pecl install memcached-$memcached_version |" ./Containers/nextcloud/Dockerfile
         
         # Redis
         redis_version="$(
@@ -47,7 +47,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install redis.*\;|pecl install redis-$redis_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install redis.* |pecl install redis-$redis_version |" ./Containers/nextcloud/Dockerfile
         
         # Imagick
         imagick_version="$(
@@ -60,6 +60,17 @@ jobs:
         )"
         sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
 
+        # Igbinary
+        igbinary_version="$(
+          git ls-remote --tags https://github.com/igbinary/igbinary.git \
+            | cut -d/ -f3 \
+            | grep -viE '[a-z]' \
+            | tr -d '^{}' \
+            | sort -V \
+            | tail -1
+        )"
+        sed -i "s|pecl install igbinary.*\;|pecl install igbinary-$igbinary_version\;|" ./Containers/nextcloud/Dockerfile
+
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3e2a62f9..57c82860 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -80,12 +80,10 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install igbinary-3.2.15; \ 
     pecl install APCu-5.1.23; \
-    pecl install --configureoptions \
-        'enable-memcached-igbinary="yes"' \
-        memcached-3.2.0; \
-    pecl install --configureoptions \
-        'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.0.2; \
+    pecl install memcached-3.2.0 \
+        --configureoptions 'enable-memcached-igbinary="yes"'; \
+    pecl install redis-6.0.2 \
+        --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"'; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From 92fae7b81bd574eaf78a3637af01957bb0da6c83 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jun 2024 12:51:32 +0000
Subject: [PATCH 2250/3949] Bump elasticsearch from 8.14.0 to 8.14.1 in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.14.0 to 8.14.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index fd23aa4b..5c7adb15 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.14.0
+FROM elasticsearch:8.14.1
 
 USER root
 

From cfbb3484aee011964244a39ef46046e6d42482fc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 14 Jun 2024 10:04:01 +0200
Subject: [PATCH 2251/3949] trusted-proxies: trust docker network

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/start.sh         | 2 +-
 Containers/nextcloud/entrypoint.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 560dd84e..9d69eb47 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -22,7 +22,7 @@ done
 IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
 
 if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index eaa78778..3912734d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -567,7 +567,7 @@ fi
 IPv4_ADDRESS="$(dig nextcloud-aio-nextcloud A +short +search | head -1)" 
 # Bring it in CIDR notation 
 # shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')" 
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')" 
 php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
 
 if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then

From d2e09f00c7d7be2729a9e60856d48f8ff6f52d4f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Jun 2024 13:00:37 +0000
Subject: [PATCH 2252/3949] Bump slim/slim from 4.13.0 to 4.14.0 in /php

Bumps [slim/slim](https://github.com/slimphp/Slim) from 4.13.0 to 4.14.0.
- [Release notes](https://github.com/slimphp/Slim/releases)
- [Changelog](https://github.com/slimphp/Slim/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/slimphp/Slim/compare/4.13.0...4.14.0)

---
updated-dependencies:
- dependency-name: slim/slim
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fcd0eeeb..9dd65f73 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1148,16 +1148,16 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.13.0",
+            "version": "4.14.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17"
+                "reference": "5943393b88716eb9e82c4161caa956af63423913"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/038fd5713d5a41636fdff0e8dcceedecdd17fc17",
-                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/5943393b88716eb9e82c4161caa956af63423913",
+                "reference": "5943393b88716eb9e82c4161caa956af63423913",
                 "shasum": ""
             },
             "require": {
@@ -1165,7 +1165,7 @@
                 "nikic/fast-route": "^1.3",
                 "php": "^7.4 || ^8.0",
                 "psr/container": "^1.0 || ^2.0",
-                "psr/http-factory": "^1.0",
+                "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0",
@@ -1182,11 +1182,12 @@
                 "nyholm/psr7-server": "^1.1",
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
-                "phpstan/phpstan": "^1.10",
+                "phpstan/phpstan": "^1.11",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
-                "squizlabs/php_codesniffer": "^3.9"
+                "squizlabs/php_codesniffer": "^3.10",
+                "vimeo/psalm": "^5.24"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1259,7 +1260,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-03-03T21:25:30+00:00"
+            "time": "2024-06-13T08:54:48+00:00"
         },
         {
             "name": "slim/twig-view",

From c5915ab563cb503eb5d54fdd362f406139812d9b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 17 Jun 2024 09:00:50 +0000
Subject: [PATCH 2253/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 4 +++-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 4 +++-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 13 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index aaee64f2..e2237a32 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.3.0
+version: 9.0.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4ba1bb68..3ad8ce8c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -44,6 +44,8 @@ spec:
         - env:
             - name: ADDITIONAL_TRUSTED_DOMAIN
               value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+            - name: APACHE_HOST
+              value: nextcloud-aio-apache
             - name: APACHE_MAX_SIZE
               value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: APACHE_MAX_TIME
@@ -64,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240617_084300-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 9f40255b..e135d834 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240617_084300-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 353574e7..a9dd4166 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240617_084300-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8c75db33..5fe13835 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240617_084300-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index b3b07039..72dccdd9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240617_084300-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2b6f7824..0512e623 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240617_084300-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 483c160b..c85f3c0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240617_084300-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index f7f803f3..056feadd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240617_084300-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 2a720c7e..a4a106c9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240617_084300-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 99e18b1e..1883c434 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240617_084300-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 6cf3096b..6344bcf6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -34,13 +34,15 @@ spec:
               value: "{{ .Values.NC_DOMAIN }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: TALK_HOST
+              value: nextcloud-aio-talk
             - name: TALK_PORT
               value: "{{ .Values.TALK_PORT }}"
             - name: TURN_SECRET
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240617_084300-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index f9ada416..90b43f53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240617_084300-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From dbbbc76098bf9cb48e3b62e63a9a925d4fc0bde7 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:55:43 +0200
Subject: [PATCH 2254/3949] community-containers: Add NocoDB (#4835)

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/caddy/readme.md    |  7 ++--
 community-containers/nocodb/nocodb.json | 43 +++++++++++++++++++++++++
 community-containers/nocodb/readme.md   | 28 ++++++++++++++++
 3 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 community-containers/nocodb/nocodb.json
 create mode 100644 community-containers/nocodb/readme.md

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 94700b6b..fcb71964 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,13 +1,14 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json
new file mode 100644
index 00000000..8a915c2f
--- /dev/null
+++ b/community-containers/nocodb/nocodb.json
@@ -0,0 +1,43 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-nocodb",
+            "display_name": "NocoDB",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb",
+            "image": "docjyj/aio-nocodb",
+            "image_tag": "%AIO_CHANNEL%",
+            "internal_port": "10028",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "%APACHE_IP_BINDING%",
+                    "port_number": "10028",
+                    "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "NC_AUTH_JWT_SECRET=%NOCODB_JWT_SECRET%",
+                "NC_PUBLIC_URL=https://tables.%NC_DOMAIN%/",
+                "NC_DASHBOARD_URL=/",
+                "NC_ADMIN_EMAIL=admin@noco.db",
+                "NC_ADMIN_PASS=%NOCODB_USER_PASS%",
+                "PORT=10028",
+                "NC_DISABLE_TELE=true"
+            ],
+            "secrets": [
+                "NOCODB_JWT_SECRET",
+                "NOCODB_USER_PASS"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_nocodb",
+                    "destination": "/usr/app/data",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_nocodb"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md
new file mode 100644
index 00000000..8d528928
--- /dev/null
+++ b/community-containers/nocodb/readme.md
@@ -0,0 +1,28 @@
+> [!NOTE]
+> This container is there to compensate for the lack of functionality in Nextcloud Tables.
+>
+> When Nextcloud Tables V2 is released, I will stop checking for updates, and will no longer fix any potential issues.
+>
+> Some missing functionality in Nextcloud Tables:
+> - Multiple view layout (Gantt, Kanban, Calendar...)
+> - Field (Person, Tag, File...)
+> - See more here https://github.com/nextcloud/tables/issues/103 
+
+## NocoDb server
+This container bundles NocoDb without synchronization with Nextcloud.
+
+This is an alternative of **Airtable**.
+
+### Notes
+- You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`.
+- The data of NocoDb will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb  | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin`
+- See https://docs.nocodb.com/ for usage of NocoDb
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/docjyJ/aio-nocodb
+
+### Maintainer
+https://github.com/docjyJ

From 892f2d875a84c832e0ae5d943cfc5d105abc98d2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Jun 2024 14:00:10 +0200
Subject: [PATCH 2255/3949] increase to 9.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 7110782b..55005749 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.0.1</h1>
+        <h1>Nextcloud AIO v9.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 9f18597cc87c50c666664cc037f22d7937a80588 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Jun 2024 10:39:08 +0200
Subject: [PATCH 2256/3949] nextcloud: print warning if logging into root
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 ++
 Containers/nextcloud/root.motd  | 4 ++++
 2 files changed, 6 insertions(+)
 create mode 100644 Containers/nextcloud/root.motd

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 57c82860..2db2c8e2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -16,6 +16,7 @@ COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
 COPY supervisord.conf /supervisord.conf
+COPY root.motd /root.motd
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html
@@ -256,6 +257,7 @@ RUN set -ex; \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \
     chmod -R 770 /nc-updater; \
+    echo "[ -n \"$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd
diff --git a/Containers/nextcloud/root.motd b/Containers/nextcloud/root.motd
new file mode 100644
index 00000000..d3cae8a9
--- /dev/null
+++ b/Containers/nextcloud/root.motd
@@ -0,0 +1,4 @@
+Warning: You have logged in into the Nextcloud container as root user.
+See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
+Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
+Of course <your-command> needs to be substituted with the command that you want to use.

From 12ec7dca01ce0babbc1010f38a722c8075f5331b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 18 Jun 2024 15:17:18 +0200
Subject: [PATCH 2257/3949] local-ai: arm64 support is back

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 8aba12d1..8fef4473 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -2,7 +2,6 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- This container does not work on arm64! If you add the container on arm64, it will fail to start because no image for arm64 is available!
 - Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):

From 2c59fb0db90cd9e3684de84371c61d00efc6b454 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 19 Jun 2024 12:13:51 +0200
Subject: [PATCH 2258/3949] fix the .bashrc

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2db2c8e2..64963093 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -246,6 +246,7 @@ RUN set -ex; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
     cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
 # AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \
@@ -257,7 +258,6 @@ RUN set -ex; \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \
     chmod -R 770 /nc-updater; \
-    echo "[ -n \"$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd

From 7d31e860a3dfc3dfd605b3c1d64ec20f42f85de1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 19 Jun 2024 14:50:25 +0200
Subject: [PATCH 2259/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index e3d4ab86..a616540d 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.0.1.1
+FROM onlyoffice/documentserver:8.1.0.1
 
 # USER root is probably used
 

From c91343434618814a172be8557b4c70fa45a431f2 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 20 Jun 2024 04:09:41 +0000
Subject: [PATCH 2260/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index b5d05c78..7bf39a80 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.24.0@462c80e31c34e58cc4f750c656be3927e80e550e"/>
+<files psalm-version="5.25.0@01a8eb06b9e9cc6cfb6a320bf9fb14331919d505"/>

From b753fdc669065a88be8836f823752177b38c7cd1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 20 Jun 2024 12:02:37 +0000
Subject: [PATCH 2261/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9dd65f73..29cede5a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1396,16 +1396,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4"
+                "reference": "0424dff1c58f028c451efff2045f5d92410bd540"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4",
-                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/0424dff1c58f028c451efff2045f5d92410bd540",
+                "reference": "0424dff1c58f028c451efff2045f5d92410bd540",
                 "shasum": ""
             },
             "require": {
@@ -1455,7 +1455,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1471,20 +1471,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-05-31T15:07:36+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
+                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
-                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c",
+                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c",
                 "shasum": ""
             },
             "require": {
@@ -1535,7 +1535,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1551,20 +1551,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-06-19T12:30:46+00:00"
         },
         {
             "name": "symfony/polyfill-php80",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
+                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
-                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/77fa7995ac1b21ab60769b7323d600a991a90433",
+                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433",
                 "shasum": ""
             },
             "require": {
@@ -1615,7 +1615,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1631,20 +1631,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-05-31T15:07:36+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d"
+                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d",
-                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/3fb075789fb91f9ad9af537c4012d523085bd5af",
+                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af",
                 "shasum": ""
             },
             "require": {
@@ -1691,7 +1691,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1707,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-06-19T12:30:46+00:00"
         },
         {
             "name": "twig/twig",

From d907693a8a66c0114d8e36584047945bb8d5a8f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Jun 2024 12:16:09 +0000
Subject: [PATCH 2262/3949] build(deps): bump softprops/turnstyle from 1 to 2

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 1 to 2.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index c6c93cae..1548cb2d 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@v1
+        uses: softprops/turnstyle@v2
         with:
           continue-after-seconds: 180
         env:

From a622fcc894e97cba54e43663f1907764361b5a83 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Thu, 20 Jun 2024 14:18:09 +0200
Subject: [PATCH 2263/3949] database-restore: only get the first match

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 97eab9a0..10e46550 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -99,7 +99,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     fi
 
     # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
         echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
         echo "It is not possible to import a database dump from this database owner."

From 85ede06e7b65df0eff57cce621b2d86144c041ad Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 20 Jun 2024 23:58:19 +0200
Subject: [PATCH 2264/3949] update alpine to v3.20.1

---
 Containers/apache/Dockerfile                               | 2 +-
 Containers/borgbackup/Dockerfile                           | 2 +-
 Containers/docker-socket-proxy/Dockerfile                  | 2 +-
 Containers/domaincheck/Dockerfile                          | 2 +-
 Containers/mastercontainer/Dockerfile                      | 4 ++--
 Containers/nextcloud/Dockerfile                            | 2 +-
 Containers/notify-push/Dockerfile                          | 2 +-
 Containers/talk-recording/Dockerfile                       | 7 +++----
 Containers/talk/Dockerfile                                 | 4 ++--
 Containers/watchtower/Dockerfile                           | 2 +-
 community-containers/dlna/dlna.json                        | 0
 community-containers/dlna/readme.md                        | 0
 nextcloud-aio-helm-chart/Chart.yaml                        | 0
 nextcloud-aio-helm-chart/readme.md                         | 0
 .../templates/nextcloud-aio-apache-deployment.yaml         | 0
 .../nextcloud-aio-apache-persistentvolumeclaim.yaml        | 0
 .../templates/nextcloud-aio-apache-service.yaml            | 0
 .../templates/nextcloud-aio-clamav-deployment.yaml         | 0
 .../nextcloud-aio-clamav-persistentvolumeclaim.yaml        | 0
 .../templates/nextcloud-aio-clamav-service.yaml            | 0
 .../templates/nextcloud-aio-collabora-deployment.yaml      | 0
 .../templates/nextcloud-aio-collabora-service.yaml         | 0
 .../templates/nextcloud-aio-database-deployment.yaml       | 0
 .../nextcloud-aio-database-dump-persistentvolumeclaim.yaml | 0
 .../nextcloud-aio-database-persistentvolumeclaim.yaml      | 0
 .../templates/nextcloud-aio-database-service.yaml          | 0
 .../nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 0
 .../templates/nextcloud-aio-fulltextsearch-service.yaml    | 0
 .../templates/nextcloud-aio-imaginary-deployment.yaml      | 0
 .../templates/nextcloud-aio-imaginary-service.yaml         | 0
 .../templates/nextcloud-aio-namespace-namespace.yaml       | 0
 ...nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-nextcloud-deployment.yaml      | 0
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml     | 0
 .../templates/nextcloud-aio-nextcloud-service.yaml         | 0
 ...io-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-notify-push-deployment.yaml    | 0
 .../templates/nextcloud-aio-notify-push-service.yaml       | 0
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml     | 0
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml    | 0
 .../templates/nextcloud-aio-onlyoffice-service.yaml        | 0
 .../templates/nextcloud-aio-redis-deployment.yaml          | 0
 .../nextcloud-aio-redis-persistentvolumeclaim.yaml         | 0
 .../templates/nextcloud-aio-redis-service.yaml             | 0
 .../templates/nextcloud-aio-talk-deployment.yaml           | 0
 .../templates/nextcloud-aio-talk-recording-deployment.yaml | 0
 .../templates/nextcloud-aio-talk-recording-service.yaml    | 0
 .../templates/nextcloud-aio-talk-service.yaml              | 0
 nextcloud-aio-helm-chart/update-helm.sh                    | 0
 nextcloud-aio-helm-chart/values.yaml                       | 0
 51 files changed, 14 insertions(+), 15 deletions(-)
 mode change 100755 => 100644 community-containers/dlna/dlna.json
 mode change 100755 => 100644 community-containers/dlna/readme.md
 mode change 100755 => 100644 nextcloud-aio-helm-chart/Chart.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/readme.md
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
 mode change 100755 => 100644 nextcloud-aio-helm-chart/update-helm.sh
 mode change 100755 => 100644 nextcloud-aio-helm-chart/values.yaml

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index f052f9cd..c4070766 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM caddy:2.8.4-alpine as caddy
 
-FROM httpd:2.4.59-alpine3.19
+FROM httpd:2.4.59-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 0f5cb3d0..fe2732df 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 RUN set -ex; \
     \
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ed163191..fde9c468 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.7-alpine3.19
+FROM haproxy:2.9.7-alpine3.20
 
 # hadolint ignore=DL3002
 USER root
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 13ad3d5e..57ec6f56 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c03e2d01..516c863a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:26.1.4-cli as docker
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.8-fpm-alpine3.19
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
+FROM php:8.3.8-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 64963093..239c6578 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.20-fpm-alpine3.19
+FROM php:8.2.20-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 5bd7a4ee..1532169f 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index a28969ef..5f268ceb 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.4-alpine3.19
+FROM python:3.12.4-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 
@@ -26,9 +26,8 @@ RUN set -ex; \
         pulseaudio \
         openssl \
         build-base \
-        linux-headers; \
-    # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+        linux-headers \
+        geckodriver; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 92a9f284..ef973845 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.16-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.1 as signaling
-FROM alpine:3.19.1 as janus
+FROM alpine:3.20.1 as janus
 
 ARG JANUS_VERSION=v0.14.2
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index f7ba3ddc..7fcdc452 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 as watchtower
 
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 RUN apk upgrade --no-cache -a; \
     apk add --no-cache bash
diff --git a/community-containers/dlna/dlna.json b/community-containers/dlna/dlna.json
old mode 100755
new mode 100644
diff --git a/community-containers/dlna/readme.md b/community-containers/dlna/readme.md
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
old mode 100755
new mode 100644
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
old mode 100755
new mode 100644

From 17e002e929e5372ee90b37bf10146964bb2d89c2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 10:52:47 +0200
Subject: [PATCH 2265/3949] nextcloud: properly add REDIS_DB_INDEX

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/redis.config.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index e51b3022..4c541471 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -6,7 +6,6 @@ if (getenv('REDIS_HOST')) {
     'redis' => array(
       'host' => getenv('REDIS_HOST'),
       'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-      // 'dbindex' => (int) getenv('REDIS_DB_INDEX'),
     ),
   );
 
@@ -15,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+
+  if (getenv('REDIS_DB_INDEX') !== false) {
+    $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
+  }
 }

From ee34c83ad23172aacd494e7cf0b62936a0860d31 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 11:21:34 +0200
Subject: [PATCH 2266/3949] adjust readme

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index abc7b969..2152b2ac 100644
--- a/readme.md
+++ b/readme.md
@@ -668,7 +668,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.19. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 81e1f8e2d641e7ac48df28905df537666f153c78 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 11:54:48 +0200
Subject: [PATCH 2267/3949] imaginary: update alpine to 3.20

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 3d447c04..ef16c959 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.3-alpine3.18 as go
+FROM golang:1.22.3-alpine3.20 as go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.6
+FROM alpine:3.20.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 8a3669dbb5cac599bef4309dbf8c93c049c1a833 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 12:15:37 +0200
Subject: [PATCH 2268/3949] docker-socket-proxy: update haproxy to v3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index fde9c468..5b844768 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.7-alpine3.20
+FROM haproxy:3.0.2-alpine
 
 # hadolint ignore=DL3002
 USER root

From 267b98bd843a318429bbb0e8f7679706d8826261 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 13:16:55 +0200
Subject: [PATCH 2269/3949] fix casing of AS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 2 +-
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/talk/Dockerfile            | 6 +++---
 Containers/watchtower/Dockerfile      | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c4070766..c9106443 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.8.4-alpine as caddy
+FROM caddy:2.8.4-alpine AS caddy
 
 FROM httpd:2.4.59-alpine3.20
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ef16c959..7c810683 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.3-alpine3.20 as go
+FROM golang:1.22.3-alpine3.20 AS go
 
 ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 516c863a..1cf825ca 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.4-cli as docker
+FROM docker:26.1.4-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.8.4-alpine as caddy
+FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
 FROM php:8.3.8-fpm-alpine3.20
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ef973845..9a7b3627 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.16-scratch as nats
+FROM nats:2.10.16-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.3.1 as signaling
-FROM alpine:3.20.1 as janus
+FROM strukturag/nextcloud-spreed-signaling:1.3.1 AS signaling
+FROM alpine:3.20.1 AS janus
 
 ARG JANUS_VERSION=v0.14.2
 WORKDIR /src
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 7fcdc452..0d694282 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.7.1 as watchtower
+FROM containrrr/watchtower:1.7.1 AS watchtower
 
 FROM alpine:3.20.1
 

From 806b0ace54b1fa72abc34d52ecd23bdfd484cee0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 13:27:36 +0200
Subject: [PATCH 2270/3949] dockerfile: use new syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/imaginary-update.yml    |  2 +-
 .github/workflows/nextcloud-update.yml    |  2 +-
 .github/workflows/talk.yml                |  2 +-
 Containers/collabora/Dockerfile           |  2 +-
 Containers/docker-socket-proxy/Dockerfile |  2 +-
 Containers/fulltextsearch/Dockerfile      |  2 +-
 Containers/imaginary/Dockerfile           |  4 ++--
 Containers/nextcloud/Dockerfile           | 14 +++++++-------
 Containers/talk-recording/Dockerfile      | 10 +++++-----
 9 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 27fb53e2..b8d26dbe 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v6
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index e1840fa6..6535d016 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -75,7 +75,7 @@ jobs:
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
         if [ -n "$NCVERSION" ]; then
-          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
+          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION=$NCVERSION|" ./Containers/nextcloud/Dockerfile
         fi
 
     - name: Create Pull Request
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index de29ac39..15ea5fad 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -21,7 +21,7 @@ jobs:
             | grep -E "^v[0-9\.]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION=$recording_version|" ./Containers/talk-recording/Dockerfile
         curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 788535cf..39f0db05 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -3,7 +3,7 @@
 FROM collabora/code:24.04.4.1.1
 
 USER root
-ARG DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 
 # hadolint ignore=DL3008
 RUN set -ex; \
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 5b844768..f244b0f4 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -3,7 +3,7 @@ FROM haproxy:3.0.2-alpine
 
 # hadolint ignore=DL3002
 USER root
-ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
+ENV NEXTCLOUD_HOST=nextcloud-aio-nextcloud
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 5c7adb15..df54a301 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -4,7 +4,7 @@ FROM elasticsearch:8.14.1
 
 USER root
 
-ARG DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 
 # hadolint ignore=DL3008
 RUN set -ex; \
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 7c810683..8a1fc3de 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.3-alpine3.20 AS go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -30,7 +30,7 @@ RUN set -ex; \
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 COPY --chmod=775 start.sh /start.sh
 
-ENV PORT 9000
+ENV PORT=9000
 
 USER nobody
 
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 239c6578..75aa18ae 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,15 +1,15 @@
 # syntax=docker/dockerfile:latest
 FROM php:8.2.20-fpm-alpine3.20
 
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 10G
-ENV PHP_MAX_TIME 3600
-ENV SOURCE_LOCATION /usr/src/nextcloud
+ENV PHP_MEMORY_LIMIT=512M
+ENV PHP_UPLOAD_LIMIT=10G
+ENV PHP_MAX_TIME=3600
+ENV SOURCE_LOCATION=/usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 29.0.2
-ENV AIO_TOKEN 123456
-ENV AIO_URL localhost
+ENV NEXTCLOUD_VERSION=29.0.2
+ENV AIO_TOKEN=123456
+ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
 COPY --chmod=775 *.sh /
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 5f268ceb..e61a1680 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -3,11 +3,11 @@ FROM python:3.12.4-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v0.1
-ENV ALLOW_ALL false
-ENV HPB_PROTOCOL https
-ENV SKIP_VERIFY false
-ENV HPB_PATH /standalone-signaling/
+ENV RECORDING_VERSION=v0.1
+ENV ALLOW_ALL=false
+ENV HPB_PROTOCOL=https
+ENV SKIP_VERIFY=false
+ENV HPB_PATH=/standalone-signaling/
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From caae672466f721c9574794aa1ddfbf99a4c62cd9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 13:31:26 +0200
Subject: [PATCH 2271/3949] apache,mastercontainer,nextcloud: remove xfs-user
 adjustments

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 --
 Containers/mastercontainer/Dockerfile | 2 --
 Containers/nextcloud/Dockerfile       | 2 --
 3 files changed, 6 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c9106443..1f14371e 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -16,8 +16,6 @@ VOLUME /mnt/data
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
     apk del --no-cache shadow; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 1cf825ca..c1fa062d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -21,8 +21,6 @@ WORKDIR /var/www/docker-aio
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
     \
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 75aa18ae..d07c1b80 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -27,8 +27,6 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
     deluser www-data; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     addgroup -g 33 -S www-data; \
     adduser -u 33 -D -S -G www-data www-data; \
     \

From 2e07a1d2e3431395e9bf4939424e553b887ebee6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 21 Jun 2024 12:04:51 +0000
Subject: [PATCH 2272/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 8a1fc3de..b90c0803 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.3-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 4a7dd7f083d492f09fdab10a623e487614541e40 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 21 Jun 2024 12:04:51 +0000
Subject: [PATCH 2273/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 9a7b3627..07dab107 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.1 AS signaling
 FROM alpine:3.20.1 AS janus
 
-ARG JANUS_VERSION=v0.14.2
+ARG JANUS_VERSION=v0.14.3
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From de66654070b5f629dd718ad1ff17faf900dcd0be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2024 12:20:17 +0000
Subject: [PATCH 2274/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.22.3-alpine3.20 to 1.22.4-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index b90c0803..5cbfc407 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.3-alpine3.20 AS go
+FROM golang:1.22.4-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From a5bb6883f78ff29aadd309af3ec8528112e2927d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2024 12:38:53 +0000
Subject: [PATCH 2275/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.4.1.1 to 24.04.4.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 39f0db05..b9d9c28f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.4.1.1
+FROM collabora/code:24.04.4.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From e9a31e1bc0c93a0c1b3cd8f24ae2fb189e0e8188 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Jun 2024 15:00:06 +0200
Subject: [PATCH 2276/3949] nextcloud: update s3.config.php

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index addff4d5..f902bde8 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -11,9 +11,11 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'sse_c_key' => getenv('OBJECTSTORE_S3_SSE_C_KEY') ?: '',
         'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
         'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
         'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
         'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,

From 21a344624aba14570fc0fbeb8ae890319607a77e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 22 Jun 2024 17:57:25 +0200
Subject: [PATCH 2277/3949] collabora: add SYS_ADMIN cap

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index a8669744..ffead0d8 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -347,7 +347,8 @@
         "nextcloud-aio"
       ],
       "cap_add": [
-        "MKNOD"
+        "MKNOD",
+        "SYS_ADMIN"
       ],
       "cap_drop": [
         "NET_RAW"

From fba98513a39d028429ed38f4804e8a196dba3897 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 23 Jun 2024 12:02:37 +0000
Subject: [PATCH 2278/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index ac6f411b..da511f7c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -219,6 +219,7 @@ services:
       - nextcloud-aio
     cap_add:
       - MKNOD
+      - SYS_ADMIN
     cap_drop:
       - NET_RAW
 

From 6718c18bd277dcc74f61d451a9febcf3b6ac631e Mon Sep 17 00:00:00 2001
From: surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 11:54:01 +0200
Subject: [PATCH 2279/3949] Add caddy unauthorized ACME challenges problem to
 README

---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 2152b2ac..bdfb6ef1 100644
--- a/readme.md
+++ b/readme.md
@@ -824,3 +824,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
+
+
+### Securing Your Caddy Instance from Unauthorized ACME Challenges
+(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file

From 7dde233bff79e8552de872068c7bed4fce8fa1f0 Mon Sep 17 00:00:00 2001
From: surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 12:19:19 +0200
Subject: [PATCH 2280/3949] Remove blank line

---
 readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/readme.md b/readme.md
index bdfb6ef1..86fdbc39 100644
--- a/readme.md
+++ b/readme.md
@@ -825,6 +825,5 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
-
 ### Securing Your Caddy Instance from Unauthorized ACME Challenges
 (By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file

From e4b40ae56b9252bb9e23039a9335fdc2dac9a731 Mon Sep 17 00:00:00 2001
From: Surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 12:55:30 +0200
Subject: [PATCH 2281/3949] Update readme.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Surfict <allexandre@itis.swiss>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 86fdbc39..088e0eae 100644
--- a/readme.md
+++ b/readme.md
@@ -825,5 +825,5 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
-### Securing Your Caddy Instance from Unauthorized ACME Challenges
-(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file
+### Securing the AIO interface from unauthorized ACME challenges
+(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic SSL certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file

From b2fb94cd424cd2c7b6924bce68f4ff2f5f3c5495 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Jun 2024 13:03:25 +0200
Subject: [PATCH 2282/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 088e0eae..58311da2 100644
--- a/readme.md
+++ b/readme.md
@@ -826,4 +826,4 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
 ### Securing the AIO interface from unauthorized ACME challenges
-(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic SSL certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file
+(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.

From 5dfe0b755ab9ac5119f3e86b395e9de9d64ff96d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Jun 2024 13:50:16 +0200
Subject: [PATCH 2283/3949] fix another typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 58311da2..68ee09bf 100644
--- a/readme.md
+++ b/readme.md
@@ -826,4 +826,4 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
 ### Securing the AIO interface from unauthorized ACME challenges
-(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.

From 40306c4ed3678f20733ee9af4fdcf9440c61f50a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Jun 2024 14:32:14 +0200
Subject: [PATCH 2284/3949] domain-validator: use `str_contains` instead of
 `strpos`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/domain-validator.php              | 6 +++---
 php/src/Data/ConfigurationManager.php | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/domain-validator.php b/php/domain-validator.php
index 5f5ac009..57506b8a 100644
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -2,11 +2,11 @@
 
 $domain = $_GET['domain'] ?? '';
 
-if (strpos($domain, '.') === false) { 
+if (!str_contains($domain, '.')) { 
     http_response_code(400); 
-} elseif (strpos($domain, '/') !== false) { 
+} elseif (str_contains($domain, '/')) { 
     http_response_code(400);  
-} elseif (strpos($domain, ':') !== false) { 
+} elseif (str_contains($domain, ':')) { 
     http_response_code(400);  
 } elseif (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
     http_response_code(400); 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 69e9bc6e..b2093839 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -271,17 +271,17 @@ class ConfigurationManager
      */
     public function SetDomain(string $domain) : void {
         // Validate that at least one dot is contained
-        if (strpos($domain, '.') === false) {
+        if (!str_contains($domain, '.')) {
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
         }
 
         // Validate that no slashes are contained
-        if (strpos($domain, '/') !== false) {
+        if (str_contains($domain, '/')) {
             throw new InvalidSettingConfigurationException("Domain must not contain slashes!");
         }
 
         // Validate that no colons are contained
-        if (strpos($domain, ':') !== false) {
+        if (str_contains($domain, ':')) {
             throw new InvalidSettingConfigurationException("Domain must not contain colons!");
         }
 

From 65a95439c8eabfb68fb7e8ce5b3ef3c90811e125 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Jun 2024 12:50:54 +0000
Subject: [PATCH 2285/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-54 to 1.3.1-57.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 39b8e420..68aa789c 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-54
+FROM clamav/clamav:1.3.1-57
 
 COPY clamav.conf /tmp/clamav.conf
 

From 97c3afb4bbc6551445d26712aa2e9f3120183b90 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Jun 2024 12:36:19 +0200
Subject: [PATCH 2286/3949] nextcloud: increase to 29.0.3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index d07c1b80..080a3670 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME=3600
 ENV SOURCE_LOCATION=/usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.2
+ENV NEXTCLOUD_VERSION=29.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 225442c13c0866fa318e9f2bc888e23cec60705f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 27 Jun 2024 12:22:12 +0200
Subject: [PATCH 2287/3949] improve formatting

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md           | 3 ++-
 nextcloud-aio-helm-chart/readme.md | 6 ++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index ae356435..66cda23c 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -22,7 +22,8 @@ First, install docker and docker-compose (v2) if not already done. Then simply r
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).<br>
+⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols!
 
 Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
 
diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 6285aaf3..b40fb976 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -18,10 +18,8 @@ You can run the containers that are build for AIO with Kubernetes using this Hel
 
 ## How to use this?
 
-First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`
-
-Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database
-connection strings. You will experience issues when using these symbols!
+First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`<br>
+⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols!
 
 Then run:
 

From 8a6b6f429523e8e5eafc78dadb73d33785b47856 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Jun 2024 12:40:33 +0000
Subject: [PATCH 2288/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 26.1.4-cli to 27.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c1fa062d..52654e85 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.4-cli AS docker
+FROM docker:27.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 05a7b1ebf58669a8638dcf41549e21d1b67b3845 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Jun 2024 12:39:25 +0000
Subject: [PATCH 2289/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.16-scratch to 2.10.17-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 07dab107..2b3cb651 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.16-scratch AS nats
+FROM nats:2.10.17-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.1 AS signaling
 FROM alpine:3.20.1 AS janus

From 571edd4bb4c72ca2fcd8b45a2b2ad11a53f63b70 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 29 Jun 2024 19:23:26 +0200
Subject: [PATCH 2290/3949] Implement internal mode

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 10 +++++++---
 reverse-proxy.md                       |  2 ++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d36ad4af..57bcadc5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -137,7 +137,7 @@ class DockerActionManager
         } elseif($internalPort === '%TALK_PORT%') {
             $internalPort = $this->configurationManager->GetTalkPort();
         }
-        
+
         if ($internalPort !== "" && $internalPort !== 'host') {
             $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
             if ($connection) {
@@ -438,7 +438,7 @@ class DockerActionManager
         $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
 
         $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
- 
+
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {
             foreach($container->GetPorts()->GetPorts() as $value) {
@@ -478,6 +478,10 @@ class DockerActionManager
                 $ipBinding = $value->ipBinding;
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
                     $ipBinding = $this->configurationManager->GetApacheIPBinding();
+                    // Do not expose if AIO is in internal network mode
+                    if ($ipBinding === '@INTERNAL') {
+                        continue;
+                    }
                 }
                 $portWithProtocol = $port . '/' . $protocol;
                 $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
@@ -708,7 +712,7 @@ class DockerActionManager
             if (!isset($imageOutput['RepoDigests'])) {
                 error_log('RepoDigests is not set of container ' . $containerName);
                 return null;
-            } 
+            }
 
             if (!is_array($imageOutput['RepoDigests'])) {
                 error_log('RepoDigests of ' . $containerName . ' is not an array which is not allowed!');
diff --git a/reverse-proxy.md b/reverse-proxy.md
index d76e0c6c..aa15ed43 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -8,6 +8,8 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
+If you are using a reverse proxy attached to the `nextcloud-aio` virtual network (like the [caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy)), you can set the `APACHE_IP_BINDING` to `@INTERNAL` to disable the exposure of the Apache container to the host network.
+
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**

From f19579a4bc347669a2c4933c4465857ee6dfa7c9 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 1 Jul 2024 09:21:42 +0000
Subject: [PATCH 2291/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 nextcloud-aio-helm-chart/readme.md                             | 0
 .../templates/nextcloud-aio-apache-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-apache-persistentvolumeclaim.yaml  | 0
 .../templates/nextcloud-aio-apache-service.yaml                | 0
 .../templates/nextcloud-aio-clamav-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml  | 0
 .../templates/nextcloud-aio-clamav-service.yaml                | 0
 .../templates/nextcloud-aio-collabora-deployment.yaml          | 3 ++-
 .../templates/nextcloud-aio-collabora-service.yaml             | 0
 .../templates/nextcloud-aio-database-deployment.yaml           | 2 +-
 .../nextcloud-aio-database-dump-persistentvolumeclaim.yaml     | 0
 .../nextcloud-aio-database-persistentvolumeclaim.yaml          | 0
 .../templates/nextcloud-aio-database-service.yaml              | 0
 .../nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml     | 0
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-service.yaml        | 0
 .../templates/nextcloud-aio-imaginary-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-imaginary-service.yaml             | 0
 .../templates/nextcloud-aio-namespace-namespace.yaml           | 0
 .../nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml    | 0
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 2 +-
 .../nextcloud-aio-nextcloud-persistentvolumeclaim.yaml         | 0
 .../templates/nextcloud-aio-nextcloud-service.yaml             | 0
 ...ud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml | 0
 .../templates/nextcloud-aio-notify-push-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-service.yaml           | 0
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml         | 2 +-
 .../nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml        | 0
 .../templates/nextcloud-aio-onlyoffice-service.yaml            | 0
 .../templates/nextcloud-aio-redis-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-redis-persistentvolumeclaim.yaml   | 0
 .../templates/nextcloud-aio-redis-service.yaml                 | 0
 .../templates/nextcloud-aio-talk-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-talk-recording-service.yaml        | 0
 .../templates/nextcloud-aio-talk-service.yaml                  | 0
 nextcloud-aio-helm-chart/update-helm.sh                        | 0
 nextcloud-aio-helm-chart/values.yaml                           | 1 -
 39 files changed, 14 insertions(+), 14 deletions(-)
 mode change 100644 => 100755 nextcloud-aio-helm-chart/Chart.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/readme.md
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
 mode change 100644 => 100755 nextcloud-aio-helm-chart/update-helm.sh
 mode change 100644 => 100755 nextcloud-aio-helm-chart/values.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
old mode 100644
new mode 100755
index e2237a32..2a95e84f
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.0.1
+version: 9.1.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
old mode 100644
new mode 100755
index 3ad8ce8c..92023a6f
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -66,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240701_074701-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
old mode 100644
new mode 100755
index e135d834..246f83c9
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240701_074701-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
old mode 100644
new mode 100755
index a9dd4166..d6d4f983
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240701_074701-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
@@ -45,6 +45,7 @@ spec:
             capabilities:
               add:
                 - MKNOD
+                - SYS_ADMIN
               drop:
                 - NET_RAW
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
old mode 100644
new mode 100755
index 5fe13835..a49cfdc3
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240701_074701-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
old mode 100644
new mode 100755
index 72dccdd9..c074d93f
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240701_074701-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
old mode 100644
new mode 100755
index 0512e623..57b3f6d0
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240701_074701-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
old mode 100644
new mode 100755
index c85f3c0e..63fc4fe5
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240701_074701-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
old mode 100644
new mode 100755
index 056feadd..d56589ec
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240701_074701-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
old mode 100644
new mode 100755
index a4a106c9..1f859cda
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240701_074701-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
old mode 100644
new mode 100755
index 1883c434..7dcffc57
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240701_074701-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
old mode 100644
new mode 100755
index 6344bcf6..e640b774
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240701_074701-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
old mode 100644
new mode 100755
index 90b43f53..d580f02b
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240617_084300-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240701_074701-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
old mode 100644
new mode 100755
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
old mode 100644
new mode 100755
index 0ddb92f7..0d383504
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -1,4 +1,3 @@
-# Warning: Do not use symbols "@" and ":" in your passwords (see readme.md)
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD:           # TODO! This needs to be a unique and good password!
 IMAGINARY_SECRET:           # TODO! This needs to be a unique and good password!

From 9dfdfbf27bcab117e210759006aa0c414dae8719 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 12:37:18 +0000
Subject: [PATCH 2292/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-57 to 1.3.1-58.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 68aa789c..4092d316 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-57
+FROM clamav/clamav:1.3.1-58
 
 COPY clamav.conf /tmp/clamav.conf
 

From b3977ed1c8bb52ca4993b639a239d6a8ed859ab6 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Mon, 1 Jul 2024 20:28:35 +0200
Subject: [PATCH 2293/3949] Update start.sh

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index f215f6c6..f4121c92 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -180,7 +180,7 @@ It is set to '$APACHE_PORT'."
     fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
-    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$'; then
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$\|^@INTERNAL$'; then
         print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
         exit 1

From 83c24156bcd878d9ec1cd00f643af27cef8fa3c8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Jul 2024 12:06:49 +0000
Subject: [PATCH 2294/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 1.3.1 to 1.3.2.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2b3cb651..56a3d59a 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.17-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.3.1 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
 FROM alpine:3.20.1 AS janus
 
 ARG JANUS_VERSION=v0.14.3

From a98e89b5c9be8171a212a30d59c96ea46f1b164a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jul 2024 12:15:03 +0000
Subject: [PATCH 2295/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.22.4-alpine3.20 to 1.22.5-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 5cbfc407..d7b2896b 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.4-alpine3.20 AS go
+FROM golang:1.22.5-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From 6fb4b3479e51902ceefc646ad7dcce70abe582be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jul 2024 12:25:34 +0000
Subject: [PATCH 2296/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.59-alpine3.20 to 2.4.61-alpine3.20.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 1f14371e..964c235c 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM caddy:2.8.4-alpine AS caddy
 
-FROM httpd:2.4.59-alpine3.20
+FROM httpd:2.4.61-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From b8bb08cf3b67bc84938f2c3f9f65a332b692ef66 Mon Sep 17 00:00:00 2001
From: kurt-mcrae <83569406+kurt-mcrae@users.noreply.github.com>
Date: Fri, 5 Jul 2024 09:23:49 +1000
Subject: [PATCH 2297/3949] Correct wording in containers.twig

Signed-off-by: kurt-mcrae <83569406+kurt-mcrae@users.noreply.github.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 55005749..07157682 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -71,7 +71,7 @@
                 The whole process can take a while as your containers will be updated.<br /><br />
             {% endif %}
             <a href="" class="button reload">Reload ↻</a><br/><br/>
-            If the daily bacckup should be stuck somehow, you can make it unstuck by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
+            If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
         {% elseif isWatchtowerRunning == true %}
             <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>

From 52fd04640d4b6d15cfae0876d5d0a5290822c9e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jul 2024 12:10:29 +0000
Subject: [PATCH 2298/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-58 to 1.3.1-59.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 4092d316..f70864ec 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-58
+FROM clamav/clamav:1.3.1-59
 
 COPY clamav.conf /tmp/clamav.conf
 

From 75e5fa84ce96b6a175fcd6fd767308e96964674f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jul 2024 12:40:56 +0000
Subject: [PATCH 2299/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.2.20-fpm-alpine3.20 to 8.2.21-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 080a3670..be7ce606 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.20-fpm-alpine3.20
+FROM php:8.2.21-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From d727f111027a0414e6a178d8a45afca4b845542b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jul 2024 13:00:39 +0000
Subject: [PATCH 2300/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.8-fpm-alpine3.20 to 8.3.9-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 52654e85..95777bfd 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.0.2-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.8-fpm-alpine3.20
+FROM php:8.3.9-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From f29e66c1b45728d381dbfc09195fa0943f6da006 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Jul 2024 10:05:47 +0000
Subject: [PATCH 2301/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.0.2-cli to 27.0.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 95777bfd..bf987c05 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.0.2-cli AS docker
+FROM docker:27.0.3-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 5e320a7b88813fba78888de0e987b7d0c6e540e3 Mon Sep 17 00:00:00 2001
From: David <142408439+LinuxSpielKind@users.noreply.github.com>
Date: Tue, 9 Jul 2024 12:29:54 +0200
Subject: [PATCH 2302/3949] Update reverse-proxy.md

Users running AIO on Ubuntu Jammy may face blocked web socket traffic trough Apache, since rewrites with "?" are deemed unsafe. A error like this can be found in the error logs: "[rewrite:error] [pid396674] [client 192.168.xxx.yyy:57444] AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F"
The rewrite rule UnsafeAllow3F is fixing this issue.
Infos on that flag can be found here: https://httpd.apache.org/docs/current/rewrite/flags.html#flag_unsafe_allow_3f


Signed-off-by: David <142408439+LinuxSpielKind@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index d76e0c6c..bd36c93d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -91,7 +91,7 @@ Add this as a new Apache site config:
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
     RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
-    RewriteRule .? "ws://localhost:11000/%1" [P,L]
+    RewriteRule .? "ws://localhost:11000/%1" [P,L,UnsafeAllow3F]
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1

From 95a1ed0bba36f506cce403cdc638d24de36bef59 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Jul 2024 12:43:59 +0000
Subject: [PATCH 2303/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.14.1 to 8.14.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index df54a301..54843ba4 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.14.1
+FROM elasticsearch:8.14.2
 
 USER root
 

From 017e1ee23d12fd8b994a9dcbea23a65477ff0d7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Jul 2024 12:46:14 +0000
Subject: [PATCH 2304/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.4.2.1 to 24.04.5.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b9d9c28f..127ac170 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.4.2.1
+FROM collabora/code:24.04.5.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c8d461a0613f4de5b5b0c610ae5796d08ab2a228 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Tue, 9 Jul 2024 15:06:58 +0200
Subject: [PATCH 2305/3949] Update reverse-proxy.md

add sample for @INTERNAL

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 reverse-proxy.md | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index aa15ed43..4c62e3c1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -8,8 +8,6 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
-If you are using a reverse proxy attached to the `nextcloud-aio` virtual network (like the [caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy)), you can set the `APACHE_IP_BINDING` to `@INTERNAL` to disable the exposure of the Apache container to the host network.
-
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
@@ -41,7 +39,9 @@ If you are using a reverse proxy attached to the `nextcloud-aio` virtual network
 
     For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
 
-    Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+    Another option and **actually the recommended way** in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+
+    You can also not expose the container by setting the `APACHE_IP_BINDING` environment variable to `@INTERNAL` and use as target `nextcloud-aio-apache:$APACHE_PORT`. This option could break the domain verification, to keep the proxy must point to `nextcloud-aio-domaincheck:$APACHE_PORT` in case the Apache server is closed. A sample configuration is provide for caddy.
 
     </details>
 
@@ -151,6 +151,19 @@ The Caddyfile is a text file called `Caddyfile` (no extension) which – if you
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
+If you want to use docker virtual networking you can use this instead:
+```
+https://<your-nc-domain>:443 {
+  reverse_proxy {
+    to http://nextcloud-aio-apache:80 http://nextcloud-aio-domaincheck:80
+    lb_policy first
+    health_uri /
+    health_port 80
+    health_interval 60s
+  }
+}
+```
+
 </details>
 
 ### Caddy with ACME DNS-challenge

From 03cb72116e3dab891ca6582402ea44210be60438 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Jul 2024 16:24:35 +0200
Subject: [PATCH 2306/3949] nextcloud: fix APPS_ALLOWLIST

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index cff5dadd..6ccf8932 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -12,5 +12,7 @@ $CONFIG = array (
               'writable' => true,
       ),
   ),
-  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : false,
 );
+if (getenv('APPS_ALLOWLIST') !== false) {
+    $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
+}

From ed1de79e9b0fa9deb121b7978ae1339ea3259fe7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Jul 2024 17:59:56 +0200
Subject: [PATCH 2307/3949] keep /root/.bashrc

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index be7ce606..40b42232 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -244,9 +244,9 @@ RUN set -ex; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
     cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
-    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
 # AIO cloning end # Do not remove or change this line!
     \
+    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \

From 6463df73e6eb227238d9a20b3b29b4e0e303be7c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 10 Jul 2024 18:01:54 +0200
Subject: [PATCH 2308/3949] Revert "keep /root/.bashrc"

This reverts commit ed1de79e9b0fa9deb121b7978ae1339ea3259fe7.
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 40b42232..be7ce606 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -244,9 +244,9 @@ RUN set -ex; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
     cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
 # AIO cloning end # Do not remove or change this line!
     \
-    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \

From 66dc0bc7d62588653d5c7fd28a5974d903038f08 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 9 Jul 2024 15:01:27 +0200
Subject: [PATCH 2309/3949] clamav - adjust max filesize conditionally

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 11 ++++++-----
 Containers/clamav/clamav.conf      |  7 ++++---
 Containers/clamav/start.sh         | 11 +++++++++++
 Containers/nextcloud/entrypoint.sh |  4 ++--
 php/containers.json                |  2 ++
 5 files changed, 25 insertions(+), 10 deletions(-)
 create mode 100644 Containers/clamav/start.sh

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f70864ec..8a05cb1a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,14 +1,13 @@
 # syntax=docker/dockerfile:latest
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
 FROM clamav/clamav:1.3.1-59
 
-COPY clamav.conf /tmp/clamav.conf
+COPY clamav.conf /clamav.conf
+COPY --chmod=775 start.sh /start.sh
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata; \
-    cat /tmp/clamav.conf >> /etc/clamav/clamd.conf; \
-    rm /tmp/clamav.conf; \
+    apk add --no-cache tzdata bash; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
     chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp
@@ -18,3 +17,5 @@ VOLUME /var/lib/clamav
 USER clamav
 
 LABEL com.centurylinklabs.watchtower.enable="false"
+
+ENTRYPOINT ["/start.sh"]
diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf
index 1de35086..0b781bd3 100644
--- a/Containers/clamav/clamav.conf
+++ b/Containers/clamav/clamav.conf
@@ -1,4 +1,5 @@
+# AIO settings
 MaxDirectoryRecursion 30
-MaxFileSize 100M
-PCREMaxFileSize 100M
-StreamMaxLength 100M
+MaxFileSize 10G
+PCREMaxFileSize 10G
+StreamMaxLength 10G
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
new file mode 100644
index 00000000..416ecd06
--- /dev/null
+++ b/Containers/clamav/start.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Adjust settings
+cat /etc/clamav/clamd.conf > /tmp/clamd.conf
+CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)"
+echo "$CLAMAV_FILE" >> /tmp/clamd.conf
+
+# Call initial init
+exec /init --config-file="/tmp/clamd.conf"
+
+exec "$@"
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 3912734d..8f564241 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -733,8 +733,8 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
-        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="104857600"
+        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
     fi
 else
diff --git a/php/containers.json b/php/containers.json
index ffead0d8..b18e18d0 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -204,6 +204,7 @@
         "TALK_PORT=%TALK_PORT%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
+        "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
@@ -575,6 +576,7 @@
       "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
+        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%",
         "CLAMD_STARTUP_TIMEOUT=90"
       ],
       "volumes": [

From 3cdb855df33260670eb1a267e571b2ea8486175b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 14:26:08 +0200
Subject: [PATCH 2310/3949] set apache_ip_binding to internal for caddy
 community container and remove legacy code

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 2 +-
 php/containers.json                    | 1 -
 php/src/Docker/DockerActionManager.php | 2 --
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 561c5219..2bd68e3a 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -38,7 +38,7 @@
                 }
             ],
             "aio_variables": [
-                "apache_ip_binding=127.0.0.1",
+                "apache_ip_binding=@INTERNAL",
                 "apache_port=11000"
             ],
             "nextcloud_exec_commands": [
diff --git a/php/containers.json b/php/containers.json
index ffead0d8..1bf3bfd9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -221,7 +221,6 @@
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
-        "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
         "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
         "THIS_IS_AIO=true",
         "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 57bcadc5..8b2e8a3e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -295,8 +295,6 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
                 } elseif ($out[1] === 'APACHE_PORT') {
                     $replacements[1] = $this->configurationManager->GetApachePort();
-                } elseif ($out[1] === 'APACHE_IP_BINDING') {
-                    $replacements[1] = $this->configurationManager->GetApacheIPBinding();
                 } elseif ($out[1] === 'TALK_PORT') {
                     $replacements[1] = $this->configurationManager->GetTalkPort();
                 } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {

From c69aa5634988d1e1fa95bb71dc6871d224676d7c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 14:27:27 +0200
Subject: [PATCH 2311/3949] revert changes to reverse-proxy.md

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4c62e3c1..d76e0c6c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -39,9 +39,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
     For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
 
-    Another option and **actually the recommended way** in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
-
-    You can also not expose the container by setting the `APACHE_IP_BINDING` environment variable to `@INTERNAL` and use as target `nextcloud-aio-apache:$APACHE_PORT`. This option could break the domain verification, to keep the proxy must point to `nextcloud-aio-domaincheck:$APACHE_PORT` in case the Apache server is closed. A sample configuration is provide for caddy.
+    Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
 
     </details>
 
@@ -151,19 +149,6 @@ The Caddyfile is a text file called `Caddyfile` (no extension) which – if you
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
-If you want to use docker virtual networking you can use this instead:
-```
-https://<your-nc-domain>:443 {
-  reverse_proxy {
-    to http://nextcloud-aio-apache:80 http://nextcloud-aio-domaincheck:80
-    lb_policy first
-    health_uri /
-    health_port 80
-    health_interval 60s
-  }
-}
-```
-
 </details>
 
 ### Caddy with ACME DNS-challenge

From 789c9abcd21fdecce7e68ae3661efd90cbd71691 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 14:30:56 +0200
Subject: [PATCH 2312/3949] fix SC

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index 416ecd06..658e9f9b 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -6,6 +6,7 @@ CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)"
 echo "$CLAMAV_FILE" >> /tmp/clamd.conf
 
 # Call initial init
+# shellcheck disable=SC2093
 exec /init --config-file="/tmp/clamd.conf"
 
 exec "$@"

From 002c9a8fc2125609bc3bd0482b091724b258c724 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Thu, 11 Jul 2024 15:00:33 +0200
Subject: [PATCH 2313/3949] get rid of "some font thing failed" error messages

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 Containers/imaginary/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d7b2896b..94035fc5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.5-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -25,6 +25,7 @@ RUN set -ex; \
         vips-heif \
         vips-jxl \
         vips-poppler \
+        ttf-dejavu \
         bash
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary

From b2d373cd7f9fbcc05b149b4aa591e60cfafcdf3b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 15:07:39 +0200
Subject: [PATCH 2314/3949] increase to v9.2.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 07157682..290beca4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.1.0</h1>
+        <h1>Nextcloud AIO v9.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f72ab28a4172f28f3095ead9b39308bef1c3f9d7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 15:54:25 +0200
Subject: [PATCH 2315/3949] fix clamav

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 4 +++-
 Containers/clamav/start.sh   | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 8a05cb1a..46c0b600 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -10,7 +10,9 @@ RUN set -ex; \
     apk add --no-cache tzdata bash; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp
+    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
+    grep -q '#!/sbin/tini /bin/sh' /init; \
+    sed -i 's|#!/sbin/tini /bin/sh|#!/bin/sh|' /init
 
 VOLUME /var/lib/clamav
 
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index 658e9f9b..0f19f86b 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -6,7 +6,6 @@ CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)"
 echo "$CLAMAV_FILE" >> /tmp/clamd.conf
 
 # Call initial init
-# shellcheck disable=SC2093
-exec /init --config-file="/tmp/clamd.conf"
+/init --config-file="/tmp/clamd.conf"
 
 exec "$@"

From efca35b0e97bf3633262ab58bdfedad127188c3a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 17:07:14 +0200
Subject: [PATCH 2316/3949] try to fix it

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile                 | 8 ++++----
 Containers/clamav/{start.sh => start.script} | 7 -------
 2 files changed, 4 insertions(+), 11 deletions(-)
 rename Containers/clamav/{start.sh => start.script} (65%)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 46c0b600..721aea2b 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,7 +3,7 @@
 FROM clamav/clamav:1.3.1-59
 
 COPY clamav.conf /clamav.conf
-COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 start.script /start.script
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -11,8 +11,8 @@ RUN set -ex; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
     chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
-    grep -q '#!/sbin/tini /bin/sh' /init; \
-    sed -i 's|#!/sbin/tini /bin/sh|#!/bin/sh|' /init
+    sed -i "/^set -eu/r /start.script" /init-unprivileged; \
+    rm /start.script
 
 VOLUME /var/lib/clamav
 
@@ -20,4 +20,4 @@ USER clamav
 
 LABEL com.centurylinklabs.watchtower.enable="false"
 
-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["/init-unprivileged", "--config-file", "/tmp/clamd.conf"]
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.script
similarity index 65%
rename from Containers/clamav/start.sh
rename to Containers/clamav/start.script
index 0f19f86b..c9a530ab 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.script
@@ -1,11 +1,4 @@
-#!/bin/bash
-
 # Adjust settings
 cat /etc/clamav/clamd.conf > /tmp/clamd.conf
 CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)"
 echo "$CLAMAV_FILE" >> /tmp/clamd.conf
-
-# Call initial init
-/init --config-file="/tmp/clamd.conf"
-
-exec "$@"

From f90971ef9d1a0549ce3b56ab33d7788481513ed4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 17:24:59 +0200
Subject: [PATCH 2317/3949] another attempt

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 721aea2b..e81d4260 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -12,7 +12,10 @@ RUN set -ex; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
     chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
     sed -i "/^set -eu/r /start.script" /init-unprivileged; \
-    rm /start.script
+    rm /start.script; \
+    grep -q 'clamd --foreground &' /init-unprivileged; \
+    sed -i "s|clamd --foreground \&|clamd --foreground \& --config-file /tmp/clamd.conf|" /init-unprivileged; \
+    cat /init-unprivileged
 
 VOLUME /var/lib/clamav
 
@@ -20,4 +23,4 @@ USER clamav
 
 LABEL com.centurylinklabs.watchtower.enable="false"
 
-ENTRYPOINT ["/init-unprivileged", "--config-file", "/tmp/clamd.conf"]
+ENTRYPOINT ["/init-unprivileged"]

From ef1e7c28f6fe002a079de8e92e76f2866e3b2b4f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Jul 2024 17:28:25 +0200
Subject: [PATCH 2318/3949] fix it

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e81d4260..b1b3f416 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
     sed -i "/^set -eu/r /start.script" /init-unprivileged; \
     rm /start.script; \
     grep -q 'clamd --foreground &' /init-unprivileged; \
-    sed -i "s|clamd --foreground \&|clamd --foreground \& --config-file /tmp/clamd.conf|" /init-unprivileged; \
+    sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \
     cat /init-unprivileged
 
 VOLUME /var/lib/clamav

From 8027a7e5eca2efcb685de01ee4ce9fe6a3350950 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 11 Jul 2024 18:22:39 +0200
Subject: [PATCH 2319/3949] fix: remove unused go binaries from redis and
 postgresql images

Both binaries gosu and su-exec are not used in our entrypoints.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 Containers/postgresql/Dockerfile | 5 ++++-
 Containers/redis/Dockerfile      | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index b98ea8e9..43cb2130 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -32,7 +32,10 @@ RUN set -ex; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    apk --no-cache del openssl;
+    apk --no-cache del openssl; \
+    \
+# Get rid of unused binaries
+    rm /usr/local/bin/gosu /usr/local/bin/su-exec;
 
 VOLUME /mnt/data
 
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 03ec115e..3bff0e1f 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -9,7 +9,10 @@ RUN set -ex; \
     apk add --no-cache openssl bash; \
     \
 # Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    \
+# Get rid of unused binaries
+    rm /usr/local/bin/gosu;
 
 USER redis
 ENTRYPOINT ["/start.sh"]

From b8c1d78371a3f0bcd51d1db99c0cf82ee3bf18fb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Jul 2024 10:24:56 +0200
Subject: [PATCH 2320/3949] update links to upstream docker files

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 2 +-
 Containers/redis/Dockerfile      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 43cb2130..a4ab0fc5 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/16/alpine3.20/Dockerfile
 FROM postgres:16.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 3bff0e1f..de776cbc 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
+# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
 FROM redis:7.2.5-alpine
 
 COPY --chmod=775 start.sh /start.sh

From 22fbd73d92ae4164e7e7ff02f3949d8aad752cb2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Jul 2024 10:31:30 +0200
Subject: [PATCH 2321/3949] add link to httpd

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 964c235c..d8fc0410 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,6 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM caddy:2.8.4-alpine AS caddy
 
+# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.61-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy

From e60dd31a355818b4acfbb99589888822a2349e40 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Jul 2024 10:36:14 +0200
Subject: [PATCH 2322/3949] make it `rm -f`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 2 +-
 Containers/redis/Dockerfile      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index a4ab0fc5..ff8de132 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -35,7 +35,7 @@ RUN set -ex; \
     apk --no-cache del openssl; \
     \
 # Get rid of unused binaries
-    rm /usr/local/bin/gosu /usr/local/bin/su-exec;
+    rm -f /usr/local/bin/gosu /usr/local/bin/su-exec;
 
 VOLUME /mnt/data
 
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index de776cbc..d8a97f33 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
 # Get rid of unused binaries
-    rm /usr/local/bin/gosu;
+    rm -f /usr/local/bin/gosu;
 
 USER redis
 ENTRYPOINT ["/start.sh"]

From 46c7fed2be514b64a219ff611877415d39891e11 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Jul 2024 11:34:00 +0200
Subject: [PATCH 2323/3949] update the ipv6 documentation

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                  | 13 -------------
 docker-ipv6-support.md        | 22 +++++++++-------------
 manual-install/latest.yml     |  8 --------
 manual-install/update-yaml.sh |  8 --------
 4 files changed, 9 insertions(+), 42 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index e886db33..d300a97d 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -30,8 +30,6 @@ services:
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-    # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
-      # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
     # security_opt: ["label:disable"] # Is needed when using SELinux
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
@@ -52,14 +50,3 @@ volumes: # If you want to store the data on a different drive, see https://githu
   nextcloud_aio_mastercontainer:
     name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
 
-# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
-# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
-# networks:
-#   nextcloud-aio:
-#     name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
-#     driver: bridge
-#     enable_ipv6: true
-#     ipam:
-#       driver: default
-#       config:
-#         - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use
diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index a9694c35..aed19065 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -5,14 +5,12 @@ Before enabling IPv6-Support for Docker, please note that there are still some u
 Now that this was mentioned, see the instructions below on how to enable IPv6 for Docker.
 
 ## Docker on Linux and Docker-rootless
-1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well. If you are using mailcow and enabled IPv6 with the update.sh, you can keep their daemon.json, it will work too.
+First of all upgrade your docker installation to v27.0.1 or higher.
+1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json:
 
     ```json
     {
-      "ipv6": true,
-      "fixed-cidr-v6": "fd12:3456:789a:1::/64",
-      "experimental": true,
-      "ip6tables": true
+      "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
     }
     ```
 
@@ -23,22 +21,20 @@ Now that this was mentioned, see the instructions below on how to enable IPv6 fo
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
-On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
+First of all upgrade your docker desktop installation to v4.32.0 or higher.
+Then, on Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
 
-1. You need to now adjust this json file by setting the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+1. You need to now adjust this json file:
 
     ```
-    "ipv6": true,
-    "fixed-cidr-v6": "fd12:3456:789a:1::/64",
-    "experimental": true,
-    "ip6tables": true
+    "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
 
 ---
 
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index da511f7c..1be0ea0d 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -388,13 +388,5 @@ volumes:
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 
-# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
-    name: nextcloud-aio
-    driver: bridge
-    enable_ipv6: true
-    ipam:
-      driver: default
-      config:
-        - subnet: ${IPV6_NETWORK}
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 2c67aafc..4bc92661 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -139,16 +139,8 @@ done
 
 cat << NETWORK >> containers.yml
 
-# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
-    name: nextcloud-aio
-    driver: bridge
-    enable_ipv6: true
-    ipam:
-      driver: default
-      config:
-        - subnet: \${IPV6_NETWORK}
 NETWORK
 
 cat containers.yml > latest.yml

From 3b6464852df037fc4211c5d63f6fa8f61f446adb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Jul 2024 12:10:13 +0000
Subject: [PATCH 2324/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.14.2 to 8.14.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 54843ba4..45a4aa9d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.14.2
+FROM elasticsearch:8.14.3
 
 USER root
 

From 338e0868f538cd05b1dea16d00d05f2ef35f3438 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 12 Jul 2024 14:37:17 +0200
Subject: [PATCH 2325/3949] Update compose.yaml

Signed-off-by: Zoey <zoey@z0ey.de>
---
 compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/compose.yaml b/compose.yaml
index d300a97d..69516d24 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -7,6 +7,7 @@ services:
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    network_mode: bridge # add to the same network as docker run would do
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080

From b3161695e6d50b6982dd05274fd7952d7059a144 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 12 Jul 2024 14:38:38 +0200
Subject: [PATCH 2326/3949] Update docker-ipv6-support.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 docker-ipv6-support.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index aed19065..f4423e65 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -1,9 +1,5 @@
 # IPv6-Support for Docker
 
-Before enabling IPv6-Support for Docker, please note that there are still some unresolved problems in regards to IPv6-Support in Docker. See https://github.com/nextcloud/all-in-one/discussions/2557 for more details on this.
-
-Now that this was mentioned, see the instructions below on how to enable IPv6 for Docker.
-
 ## Docker on Linux and Docker-rootless
 First of all upgrade your docker installation to v27.0.1 or higher.
 1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json:
@@ -34,7 +30,7 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2557 in order to recreate the network and enable ipv6 for it.
 
 ---
 

From cd4dbca6b5148ca3359375427b7a9581e598d12c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Jul 2024 12:42:24 +0000
Subject: [PATCH 2327/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.0.2-alpine to 3.0.3-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index f244b0f4..2a0a6a80 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.0.2-alpine
+FROM haproxy:3.0.3-alpine
 
 # hadolint ignore=DL3002
 USER root

From 4eadbc93b73c636b592a2a1ff2835ce578307b71 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Jul 2024 16:52:24 +0200
Subject: [PATCH 2328/3949] caddy community-container: allow to disable the
 vaultwarden admin interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json      | 2 +-
 community-containers/vaultwarden/readme.md | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 2bd68e3a..47fef1db 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -5,7 +5,7 @@
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "szaimen/aio-caddy",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "internal_port": "443",
             "restart": "unless-stopped",
             "ports": [
diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
index 37e03bd1..450f8838 100644
--- a/community-containers/vaultwarden/readme.md
+++ b/community-containers/vaultwarden/readme.md
@@ -7,6 +7,7 @@ This container bundles vaultwarden and auto-configures it for you.
 - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Vaultwarden will be automatically included in AIOs backup solution!
 - After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
+- If using the caddy community container, the vaultwarden admin interface can be disabled by creating a `block-vaultwarden-admin` file in the `nextcloud-aio-caddy` folder when you open the Nextcloud files app with the default `admin` user. Afterwards restart all containers from the AIO interface and the admin interface should be disabled! You can unlock the admin interface by removing the file again and afterwards restarting the containers via the AIO interface.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 0600a89a8852ff8142952ddab3eeeab3567a7366 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 15 Jul 2024 11:46:27 +0200
Subject: [PATCH 2329/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml     | 1 +
 manual-install/update-yaml.sh | 1 +
 2 files changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 1be0ea0d..ef317ac5 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -390,3 +390,4 @@ volumes:
 
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 4bc92661..6d65052d 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -141,6 +141,7 @@ cat << NETWORK >> containers.yml
 
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
 NETWORK
 
 cat containers.yml > latest.yml

From 1f04defd75d89e54f316af3beefa0db319ac1856 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 15 Jul 2024 11:47:44 +0200
Subject: [PATCH 2330/3949] also remove IPV6_NETWORK

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/sample.conf              | 1 -
 manual-install/update-yaml.sh           | 1 -
 nextcloud-aio-helm-chart/update-helm.sh | 1 -
 3 files changed, 3 deletions(-)

diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index e4fcff5f..69934fd0 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -37,4 +37,3 @@ NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 6d65052d..a1db1388 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -95,7 +95,6 @@ sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIO
 sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|REMOVE_DISABLED_APPS=|REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
-echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
 grep  '# TODO!' sample.conf > todo.conf
 grep -v '# TODO!\|_ENABLED' sample.conf > temp.conf
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 44d523b0..ad360d8b 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -336,7 +336,6 @@ sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
-sed -i '/^IPV6_NETWORK/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf

From aaf748b547dbc9840eb3ce8fd3f60f31b1485b80 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 15 Jul 2024 13:50:04 +0200
Subject: [PATCH 2331/3949] update link to network recreation docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index f4423e65..8d338dfb 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -17,7 +17,7 @@ First of all upgrade your docker installation to v27.0.1 or higher.
     ```console
     sudo systemctl restart docker
     ```
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
 First of all upgrade your docker desktop installation to v4.32.0 or higher.
@@ -30,7 +30,7 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set
     ```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
-3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2557 in order to recreate the network and enable ipv6 for it.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it.
 
 ---
 

From 65c2ecfd5de70b1e4c7196365042f5fd4e1e4b76 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 15 Jul 2024 13:45:53 +0200
Subject: [PATCH 2332/3949] helm: allow to disable creation of namespace

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 44d523b0..46346402 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -246,7 +246,7 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 # shellcheck disable=SC1083
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if ne .Values.NAMESPACE \"default\" }}" \{} \; 
+find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 # shellcheck disable=SC1083
@@ -355,6 +355,7 @@ sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /t
 cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

From b4b5f70ecda06791001de4b904447c71261f8a41 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jul 2024 13:01:59 +0000
Subject: [PATCH 2333/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-59 to 1.3.1-60.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index b1b3f416..fb000da8 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-59
+FROM clamav/clamav:1.3.1-60
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 9d9b9dd561a112353cdb38737446905ff3a42570 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 16 Jul 2024 12:04:41 +0000
Subject: [PATCH 2334/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 94035fc5..db340159 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.22.5-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \

From 773c2d4325159161b5a2fcedf246db5dc5e8f78d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 16 Jul 2024 12:05:33 +0000
Subject: [PATCH 2335/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index ef317ac5..f92f0288 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -134,6 +134,7 @@ services:
       - TALK_PORT=${TALK_PORT}
       - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
       - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
@@ -150,7 +151,6 @@ services:
       - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
       - APACHE_PORT=${APACHE_PORT}
-      - APACHE_IP_BINDING=${APACHE_IP_BINDING}
       - IMAGINARY_SECRET=${IMAGINARY_SECRET}
     stop_grace_period: 600s
     restart: unless-stopped
@@ -285,6 +285,7 @@ services:
       - "3310"
     environment:
       - TZ=${TIMEZONE}
+      - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
       - CLAMD_STARTUP_TIMEOUT=90
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw

From bd7b4fc2ae334822a3fa33092922f93f88874e43 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Jul 2024 15:23:33 +0200
Subject: [PATCH 2336/3949] update detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 8d338dfb..3a3dbb33 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -34,4 +34,4 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set
 
 ---
 
-**Note**: This is a copy of the original docker docs at https://docs.docker.com/config/daemon/ipv6/ which apparently are not correct. However experimental is set to true which the ip6tables feature needs. Thus it will not get included into the official docs. However it is needed to make it work in our testing.
+**Note**: This is a copy of the original docker docs at https://docs.docker.com/config/daemon/ipv6/ which apparently are not correct.

From 8ab9c734b4f630244277daacfc8e4f7ccf080b67 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Jul 2024 15:33:43 +0200
Subject: [PATCH 2337/3949] update link to docker engine

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 68ee09bf..4287d92b 100644
--- a/readme.md
+++ b/readme.md
@@ -79,7 +79,7 @@ Included are:
 
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
-1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
+1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. The easiest way is installing it by **using the convenience script**:  
     ```sh
     curl -fsSL https://get.docker.com | sudo sh
     ```

From 460e9725d8ee6f4ac9589d6994300b1a5008c3e4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Jul 2024 16:38:51 +0200
Subject: [PATCH 2338/3949] updat-helm: adjust workflow for new tags syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index d1372c61..62ee2650 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,8 +14,7 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
-          DOCKER_TAG="${DOCKER_TAG%%-latest*}"
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"

From f1da5f9269d1746ff5e879088814368f373871f5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Jul 2024 17:21:54 +0200
Subject: [PATCH 2339/3949] Update update-helm.sh

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 545b00b8..c9213944 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -28,7 +28,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 source /tmp/sample.conf
 rm /tmp/sample.conf
 sed -i '/OVERWRITEHOST/d' latest.yml
-sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
+sed -i "s|:latest$|:$DOCKER_TAG|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i '/APACHE_IP_BINDING/d' latest.yml
 sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml

From 352e086b3972440dcc1e8b3523c1f188a94acc31 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Jul 2024 06:40:09 +0000
Subject: [PATCH 2340/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 +++-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-namespace-namespace.yaml          | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 nextcloud-aio-helm-chart/values.yaml                          | 1 +
 15 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 2a95e84f..fbb34c7a 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.1.0
+version: 9.2.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 92023a6f..7f63a125 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -66,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240718_063028"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 246f83c9..65d53acb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -57,9 +57,11 @@ spec:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
               value: "90"
+            - name: MAX_SIZE
+              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240718_063028"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index d6d4f983..6ccae5a9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240718_063028"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index a49cfdc3..3b759312 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240718_063028"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index c074d93f..1e82d189 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240718_063028"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 57b3f6d0..33a6c5dc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240718_063028"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index 37f54753..cf705b7c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -1,4 +1,4 @@
-{{- if ne .Values.NAMESPACE "default" }}
+{{- if and (ne .Values.NAMESPACE "default") (ne .Values.NAMESPACE_DISABLED "yes") }}
 apiVersion: v1
 kind: Namespace
 metadata:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 63fc4fe5..a46f7e3e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -99,6 +99,8 @@ spec:
               value: "{{ .Values.CLAMAV_ENABLED }}"
             - name: CLAMAV_HOST
               value: nextcloud-aio-clamav
+            - name: CLAMAV_MAX_SIZE
+              value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: COLLABORA_ENABLED
               value: "{{ .Values.COLLABORA_ENABLED }}"
             - name: COLLABORA_HOST
@@ -173,7 +175,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240718_063028"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index d56589ec..e88c828e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240718_063028"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1f859cda..9c0d9a59 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240718_063028"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 7dcffc57..4f3d3c98 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240718_063028"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index e640b774..28ee9054 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240718_063028"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d580f02b..a0db1dd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240701_074701-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240718_063028"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 0d383504..115ca86d 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -48,6 +48,7 @@ ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice v
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

From ccdb9bd1f37c3bc087da7db535074057fc36388c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 18 Jul 2024 09:35:45 +0200
Subject: [PATCH 2341/3949] update oo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index a616540d..8c899516 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.1.0.1
+FROM onlyoffice/documentserver:8.1.1.1
 
 # USER root is probably used
 

From 37f4340ca6de3354ddfaeedac416ce1ce18ab851 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Jul 2024 12:10:47 +0000
Subject: [PATCH 2342/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index be7ce606..7b74eda0 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -7,7 +7,7 @@ ENV PHP_MAX_TIME=3600
 ENV SOURCE_LOCATION=/usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.3
+ENV NEXTCLOUD_VERSION=29.0.4
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From c0798bc5b3bd60e08b45df962f93a2daa88ce2a5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Jul 2024 12:12:59 +0000
Subject: [PATCH 2343/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 50 +++++++++++++++++++++++------------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 29cede5a..4ed77340 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.8.1",
+            "version": "7.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
+                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
-                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/84ac2b2afc44e40d3e8e658a45d68d6d20437612",
+                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5.3 || ^2.0.1",
-                "guzzlehttp/psr7": "^1.9.1 || ^2.5.1",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
+                "guzzlehttp/psr7": "^2.7.0",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -34,9 +34,9 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "ext-curl": "*",
-                "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
+                "guzzle/client-integration-tests": "3.0.2",
                 "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.36 || ^9.6.15",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.0"
             },
             "funding": [
                 {
@@ -130,20 +130,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-12-03T20:35:24+00:00"
+            "time": "2024-07-18T11:52:56+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.2",
+            "version": "2.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
+                "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
-                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8",
+                "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8",
                 "shasum": ""
             },
             "require": {
@@ -151,7 +151,7 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
             },
             "type": "library",
             "extra": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.2"
+                "source": "https://github.com/guzzle/promises/tree/2.0.3"
             },
             "funding": [
                 {
@@ -213,20 +213,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-12-03T20:19:20+00:00"
+            "time": "2024-07-18T10:29:17+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.6.2",
+            "version": "2.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221"
+                "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/45b30f99ac27b5ca93cb4831afe16285f57b8221",
-                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
+                "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
                 "shasum": ""
             },
             "require": {
@@ -241,8 +241,8 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
+                "http-interop/http-factory-tests": "0.9.0",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.6.2"
+                "source": "https://github.com/guzzle/psr7/tree/2.7.0"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-12-03T20:05:35+00:00"
+            "time": "2024-07-18T11:15:46+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 44fbda535b024c03395bd8d751b0d2793b8b9212 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 18 Jul 2024 14:53:17 +0200
Subject: [PATCH 2344/3949] increase to 9.3.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 290beca4..eb05a5d2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.2.0</h1>
+        <h1>Nextcloud AIO v9.3.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 0a2b5b6ace593f2806a5458f012cb8dd62e53cf8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Jul 2024 13:08:50 +0000
Subject: [PATCH 2345/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.17-scratch to 2.10.18-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 56a3d59a..8229bda8 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.17-scratch AS nats
+FROM nats:2.10.18-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
 FROM alpine:3.20.1 AS janus

From 4caf23ad28031015cf0264f28839d72366b05efb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Jul 2024 13:11:54 +0000
Subject: [PATCH 2346/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.5.1.1 to 24.04.5.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 127ac170..26b41db7 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.5.1.1
+FROM collabora/code:24.04.5.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From ce6e9411f5e59d11624ee70b0cd2c95bc8fe9442 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 19 Jul 2024 10:37:14 +0200
Subject: [PATCH 2347/3949] adjust things a bit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-rootless.md | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 958a5a9f..754c44ae 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -9,11 +9,19 @@ You can run AIO with docker rootless by following the steps below.
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, see note below.
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
+1. ⚠️ **Important:** Please read through all notes below!
 
-**Please note:** By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
+### Note regarding sudo in the documentation
+Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
+
+### Note regarding permissions
+All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+
+### Note regarding docker network driver
+By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
 As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
 * Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
 * Run `sudo sysctl --system` to propagate the change.
@@ -26,8 +34,4 @@ As stated in the documentation, this change will likely lead to decreased networ
 * Restart the docker daemon
   ```
   systemctl --user restart docker
-  ```
-
-**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
-
-⚠️ **Additional note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
+  ```
\ No newline at end of file

From 85c606b09bdb3b7c41a19c73756131c9c98c2d5b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Jul 2024 12:38:57 +0000
Subject: [PATCH 2348/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.61-alpine3.20 to 2.4.62-alpine3.20.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d8fc0410..b118fd95 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.61-alpine3.20
+FROM httpd:2.4.62-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 9458650f8b74dd58939f3797298e82970648964c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 22 Jul 2024 14:11:08 +0200
Subject: [PATCH 2349/3949] fix json-validator

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 90cd5653..86e269e9 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -30,6 +30,6 @@ jobs:
           for file in "${JSON_FILES[@]}"; do
             json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
           done
-          if grep -q "document does not validate with schema." ./json-validator.log; then
+          if grep -q "document does not validate with schema.\|invalid JSONFile" ./json-validator.log; then
             exit 1
           fi

From 00f7e2f749f686beb0df5fe843eb0538925a658e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 12:32:20 +0000
Subject: [PATCH 2350/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-60 to 1.3.1-61.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index fb000da8..6120f818 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-60
+FROM clamav/clamav:1.3.1-61
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From e9fcd554cbbaf24b6ba622fbe3d2bb944fbb5993 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 12:50:21 +0000
Subject: [PATCH 2351/3949] build(deps): bump guzzlehttp/guzzle from 7.9.0 to
 7.9.1 in /php

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.9.0 to 7.9.1.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.9/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/7.9.0...7.9.1)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4ed77340..2bfa2a88 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.0",
+            "version": "7.9.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612"
+                "reference": "a629e5b69db96eb4939c1b34114130077dd4c6fc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/84ac2b2afc44e40d3e8e658a45d68d6d20437612",
-                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/a629e5b69db96eb4939c1b34114130077dd4c6fc",
+                "reference": "a629e5b69db96eb4939c1b34114130077dd4c6fc",
                 "shasum": ""
             },
             "require": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.1"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-18T11:52:56+00:00"
+            "time": "2024-07-19T16:19:57+00:00"
         },
         {
             "name": "guzzlehttp/promises",

From bb66445cf7770a93780d00444638941a0a13c64e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:19:49 +0000
Subject: [PATCH 2352/3949] build(deps): bump alpine from 3.20.1 to 3.20.2 in
 /Containers/talk

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 8229bda8..d3d3e623 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.18-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
-FROM alpine:3.20.1 AS janus
+FROM alpine:3.20.2 AS janus
 
 ARG JANUS_VERSION=v0.14.3
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From be4e2e2afb6c2b30d90dcabf0aae97cd229e4ab3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:23:41 +0000
Subject: [PATCH 2353/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 1532169f..2da52eef 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 786f6ce2af3e1ecdcdfbeab60222216c6a571b1f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:31:27 +0000
Subject: [PATCH 2354/3949] build(deps): bump alpine from 3.20.1 to 3.20.2 in
 /Containers/imaginary

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index db340159..8c37d694 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 8656f58009b95784c9fbadfab4fb6036c3a0c410 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:32:30 +0000
Subject: [PATCH 2355/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 57ec6f56..1dae9f9d 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 8327b9aaa099e8b9df3b5ec3e690c63544fac7b7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:35:06 +0000
Subject: [PATCH 2356/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.0.3-cli to 27.1.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index bf987c05..1a34da87 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.0.3-cli AS docker
+FROM docker:27.1.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From bc90f47d7ad0ffb171c8d99397e68afe1f50ceeb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:37:00 +0000
Subject: [PATCH 2357/3949] build(deps): bump alpine from 3.20.1 to 3.20.2 in
 /Containers/borgbackup

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index fe2732df..d46eda1a 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 RUN set -ex; \
     \

From 3496815879efe8e641519592cc897b7a558355d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 12:54:55 +0000
Subject: [PATCH 2358/3949] build(deps): bump alpine from 3.20.1 to 3.20.2 in
 /Containers/watchtower

Bumps alpine from 3.20.1 to 3.20.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 0d694282..cacebde7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 RUN apk upgrade --no-cache -a; \
     apk add --no-cache bash

From 8a9c5ae973bf05741f2cc37df027b1a9a12684c4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 22 Jul 2024 15:43:04 +0200
Subject: [PATCH 2359/3949] helm: add network policy

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-networkpolicy.yaml | 14 ++++++++++++++
 nextcloud-aio-helm-chart/update-helm.sh        | 18 ++++++++++++++++++
 nextcloud-aio-helm-chart/values.yaml           |  1 +
 3 files changed, 33 insertions(+)
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
new file mode 100755
index 00000000..7f0bdbae
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@@ -0,0 +1,14 @@
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from:
+    - podSelector: {}
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index c9213944..7fb80ec7 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -315,6 +315,23 @@ find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additiona
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
 
+cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from:
+    - podSelector: {}
+{{- end }}
+EOL
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -355,6 +372,7 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 115ca86d..dddc569c 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -49,6 +49,7 @@ REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

From 5c1bf530116de60ec9e80672b9c66b572d73b88b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 24 Jul 2024 16:36:34 +0200
Subject: [PATCH 2360/3949] adjust helm install instructions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index b40fb976..c15f9e1b 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -25,7 +25,7 @@ Then run:
 
 ```
 helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
-helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
+helm install nextcloud-aio nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
 ```
 
 And after a while, everything should be set up.

From 9a70fa4ddc3186d2fae78750e6df33edd5ec0230 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 24 Jul 2024 20:14:00 +0200
Subject: [PATCH 2361/3949] update rp notice

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index bd36c93d..40e44fb5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,6 +1,6 @@
 # Reverse Proxy Documentation
 
-**Note:** The maintainers of AIO noticed that this documentation is not easy. All contributions that improve this are very welcome!
+**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
 
 A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
 

From ddf561b404904e018588829774c729fae970a6d4 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 25 Jul 2024 07:46:35 +0000
Subject: [PATCH 2362/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index fbb34c7a..6ac5084f 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.2.0
+version: 9.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7f63a125..f1fce678 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -66,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240725_074330"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 65d53acb..9d6245a6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240725_074330"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 6ccae5a9..43e1532f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240725_074330"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 3b759312..ee762e86 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240725_074330"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 1e82d189..9fdec581 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240725_074330"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 33a6c5dc..8da26e1e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240725_074330"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index a46f7e3e..1de14c93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -175,7 +175,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240725_074330"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e88c828e..7cf00dd4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240725_074330"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9c0d9a59..bd772580 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240725_074330"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4f3d3c98..9be8b3ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240725_074330"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 28ee9054..2140ecf1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240725_074330"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index a0db1dd5..b83636c8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240718_063028"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240725_074330"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 85431fe60d08f340e5be5b51172676877a47d997 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jul 2024 08:27:31 +0000
Subject: [PATCH 2363/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.0.3-cli to 27.1.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 1a34da87..7fe76414 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.1.0-cli AS docker
+FROM docker:27.1.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From aea0af5344fb6e425819ac5392e9a60eb0505f48 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jul 2024 08:44:34 +0000
Subject: [PATCH 2364/3949] build(deps): bump guzzlehttp/guzzle from 7.9.1 to
 7.9.2 in /php

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.9.1 to 7.9.2.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.9/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/7.9.1...7.9.2)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 2bfa2a88..dccebb41 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.1",
+            "version": "7.9.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "a629e5b69db96eb4939c1b34114130077dd4c6fc"
+                "reference": "d281ed313b989f213357e3be1a179f02196ac99b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/a629e5b69db96eb4939c1b34114130077dd4c6fc",
-                "reference": "a629e5b69db96eb4939c1b34114130077dd4c6fc",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b",
+                "reference": "d281ed313b989f213357e3be1a179f02196ac99b",
                 "shasum": ""
             },
             "require": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.2"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-19T16:19:57+00:00"
+            "time": "2024-07-24T11:22:20+00:00"
         },
         {
             "name": "guzzlehttp/promises",

From 3c26a3bed1b32c963281ac615745044cab04dca1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 25 Jul 2024 08:48:38 +0000
Subject: [PATCH 2365/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index dccebb41..e54d798a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -556,16 +556,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.6",
+            "version": "7.0.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "8097948a89f6ec782839b3e958432f427cac37fd"
+                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8097948a89f6ec782839b3e958432f427cac37fd",
-                "reference": "8097948a89f6ec782839b3e958432f427cac37fd",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
+                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
                 "shasum": ""
             },
             "require": {
@@ -613,7 +613,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.6"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.7"
             },
             "funding": [
                 {
@@ -625,7 +625,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-11-02T10:04:50+00:00"
+            "time": "2024-07-21T15:55:45+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 533c270d061e45f867654600bdd5e47f76e76b10 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 25 Jul 2024 15:27:50 +0200
Subject: [PATCH 2366/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-networkpolicy.yaml              | 6 ++++++
 nextcloud-aio-helm-chart/update-helm.sh                     | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
index 7f0bdbae..8e6986b8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@@ -8,7 +8,13 @@ metadata:
 spec:
   podSelector:
     matchLabels:
+  policyTypes:
+    - Ingress
+    - Egress
   ingress:
   - from:
     - podSelector: {}
+  egress:
+  - to:
+    - podSelector: {}
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 7fb80ec7..3a251b00 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -326,9 +326,15 @@ metadata:
 spec:
   podSelector:
     matchLabels:
+  policyTypes:
+    - Ingress
+    - Egress
   ingress:
   - from:
     - podSelector: {}
+  egress:
+  - to:
+    - podSelector: {}
 {{- end }}
 EOL
 

From 31162a29d8ca91150d03c13f98516d8165729031 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 25 Jul 2024 18:12:58 +0200
Subject: [PATCH 2367/3949] fix

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 .../workflows/php-deprecation-detector.yml    |    1 -
 .github/workflows/psalm-update-baseline.yml   |    3 +-
 .github/workflows/psalm.yml                   |    1 -
 .github/workflows/twig-lint.yml               |    6 +-
 php/.idea/.gitignore                          |    8 -
 php/.idea/aio.iml                             |   34 -
 php/.idea/modules.xml                         |    8 -
 php/.idea/php.xml                             |   34 -
 php/.idea/vcs.xml                             |    6 -
 php/README.md                                 |   32 +-
 php/composer.json                             |   18 +-
 php/composer.lock                             | 2041 ++++++++++++++++-
 12 files changed, 2071 insertions(+), 121 deletions(-)
 delete mode 100644 php/.idea/.gitignore
 delete mode 100644 php/.idea/aio.iml
 delete mode 100644 php/.idea/modules.xml
 delete mode 100644 php/.idea/php.xml
 delete mode 100644 php/.idea/vcs.xml

diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 6d88d3c6..aed16094 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -28,7 +28,6 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
           composer run php-deprecation-detector | tee -i ./phpdd.log
           if grep "Total issues:" ./phpdd.log; then
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 7ac04412..fbe362c1 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -23,9 +23,8 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
           composer install
-          composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline
+          composer run psalm:update-baseline
           git clean -f lib/composer
           git checkout composer.json composer.lock lib/composer
         continue-on-error: true
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 3b0b89f3..e4775674 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -42,6 +42,5 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
           composer install
           composer run psalm
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 34d6afb6..4544f993 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -13,7 +13,7 @@ on:
 permissions:
   contents: read
 
-concurrency: 
+concurrency:
   group: lint-twig-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
@@ -36,7 +36,5 @@ jobs:
       - name: twig lint
         run: |
           cd php
-          composer require sserbin/twig-linter:@dev --no-progress --dev
           composer install
-          chmod +x ./vendor/bin/twig-linter
-          ./vendor/bin/twig-linter lint ./templates
+          composer run lint:twig
diff --git a/php/.idea/.gitignore b/php/.idea/.gitignore
deleted file mode 100644
index 73f69e09..00000000
--- a/php/.idea/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/
diff --git a/php/.idea/aio.iml b/php/.idea/aio.iml
deleted file mode 100644
index 042caa0e..00000000
--- a/php/.idea/aio.iml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" packagePrefix="AIO\" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-middleware" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/psr7" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/log" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/guzzle" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-client" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-message" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/promises" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-factory" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/container" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/http-interop/http-factory-guzzle" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-handler" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/slim/slim" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/ralouphie/getallheaders" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/nikic/fast-route" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/composer" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/opis/closure" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/slim-bridge" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/invoker" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/php-di" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/phpdoc-reader" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/slim/twig-view" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-mbstring" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/twig/twig" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-ctype" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/php/.idea/modules.xml b/php/.idea/modules.xml
deleted file mode 100644
index 139e985f..00000000
--- a/php/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/aio.iml" filepath="$PROJECT_DIR$/.idea/aio.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/php/.idea/php.xml b/php/.idea/php.xml
deleted file mode 100644
index 14326088..00000000
--- a/php/.idea/php.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="PhpIncludePathManager">
-    <include_path>
-      <path value="$PROJECT_DIR$/vendor/psr/http-server-middleware" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/psr7" />
-      <path value="$PROJECT_DIR$/vendor/psr/log" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/guzzle" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-client" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-message" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/promises" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-factory" />
-      <path value="$PROJECT_DIR$/vendor/psr/container" />
-      <path value="$PROJECT_DIR$/vendor/http-interop/http-factory-guzzle" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-server-handler" />
-      <path value="$PROJECT_DIR$/vendor/slim/slim" />
-      <path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
-      <path value="$PROJECT_DIR$/vendor/nikic/fast-route" />
-      <path value="$PROJECT_DIR$/vendor/composer" />
-      <path value="$PROJECT_DIR$/vendor/opis/closure" />
-      <path value="$PROJECT_DIR$/vendor/php-di/slim-bridge" />
-      <path value="$PROJECT_DIR$/vendor/php-di/invoker" />
-      <path value="$PROJECT_DIR$/vendor/php-di/php-di" />
-      <path value="$PROJECT_DIR$/vendor/php-di/phpdoc-reader" />
-      <path value="$PROJECT_DIR$/vendor/slim/twig-view" />
-      <path value="$PROJECT_DIR$/vendor/symfony/polyfill-mbstring" />
-      <path value="$PROJECT_DIR$/vendor/twig/twig" />
-      <path value="$PROJECT_DIR$/vendor/symfony/polyfill-ctype" />
-    </include_path>
-  </component>
-  <component name="PhpProjectSharedConfiguration" php_language_level="7.4">
-    <option name="suggestChangeDefaultLanguageLevel" value="false" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/php/.idea/vcs.xml b/php/.idea/vcs.xml
deleted file mode 100644
index 6c0b8635..00000000
--- a/php/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/php/README.md b/php/README.md
index f33f44b8..ca6ede1d 100644
--- a/php/README.md
+++ b/php/README.md
@@ -7,10 +7,34 @@ This is the code for the PHP Docker controller.
 Running this locally requires Docker Engine on the same machine. 
 If this is the case, just execute the following command:
 
-```
-composer install --no-dev
-cd public/
-php -S 0.0.0.0:8080
+```bash
+composer install
+sudo SKIP_DOMAIN_VALIDATION=true composer run dev # sudo is required to access docker socket
 ```
 
 You can then access the web interface at `localhost:8080`.
+
+If you have an error that says `Couldn't connect to server for http://127.0.0.1/v1.41/networks/create` makes sure a `nextcloud-aio-mastercontainer` is running.
+You can start it with the following command:
+
+```bash
+sudo docker run \
+--rm \
+--name nextcloud-aio-mastercontainer \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest
+```
+
+## Commands
+
+| Command                                 | Description                            |
+|-----------------------------------------|----------------------------------------|
+| `composer run dev`                      | Starts the development server          |
+| `composer run psalm`                    | Run Psalm static analysis              |
+| `composer run psalm:update-baseline`    | Run Psalm with `--update-baseline` arg |
+| `composer run lint`                     | Run PHP Syntax check                   |
+| `composer run lint:twig`                | Run Twig Syntax check                  |
+| `composer run php-deprecation-detector` | Run PHP Deprecation Detector           |
+
+
diff --git a/php/composer.json b/php/composer.json
index 7dd9c8c3..0a58cfde 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -1,6 +1,6 @@
 {
     "autoload": {
-        "psr-4": { 
+        "psr-4": {
             "AIO\\": ["src/"]
         }
     },
@@ -18,10 +18,20 @@
         "slim/csrf": "^1.3",
         "ext-apcu": "*"
     },
+    "require-dev": {
+        "sserbin/twig-linter": "@dev",
+        "vimeo/psalm": "^5.25",
+        "wapmorgan/php-deprecation-detector": "dev-master"
+    },
     "scripts": {
+        "dev": [
+            "Composer\\Config::disableProcessTimeout",
+            "php -S localhost:8080 -t public"
+        ],
 		"psalm": "psalm --threads=1",
-		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
-		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.3 \\;"
+		"psalm:update-baseline": "psalm --threads=1 --monochrome --no-progress --output-format=text --update-baseline",
+		"lint": "php -l src/*.php src/**/*.php public/index.php",
+        "lint:twig": "twig-linter lint ./templates",
+		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
 	}
 }
diff --git a/php/composer.lock b/php/composer.lock
index e54d798a..017a2cb6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,20 +4,20 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "4dcdd3b6df3f2041895d4db74bd45102",
+    "content-hash": "0e1d24f3fa776163acefdebc91da39d3",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.2",
+            "version": "7.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "d281ed313b989f213357e3be1a179f02196ac99b"
+                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b",
-                "reference": "d281ed313b989f213357e3be1a179f02196ac99b",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/84ac2b2afc44e40d3e8e658a45d68d6d20437612",
+                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612",
                 "shasum": ""
             },
             "require": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.2"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.0"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-24T11:22:20+00:00"
+            "time": "2024-07-18T11:52:56+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -556,16 +556,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.7",
+            "version": "7.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1"
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
-                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8097948a89f6ec782839b3e958432f427cac37fd",
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd",
                 "shasum": ""
             },
             "require": {
@@ -613,7 +613,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.7"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.6"
             },
             "funding": [
                 {
@@ -625,7 +625,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-21T15:55:45+00:00"
+            "time": "2023-11-02T10:04:50+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1789,10 +1789,2021 @@
             "time": "2024-05-16T10:04:27+00:00"
         }
     ],
-    "packages-dev": [],
+    "packages-dev": [
+        {
+            "name": "amphp/amp",
+            "version": "v2.6.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/amp.git",
+                "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/amp/zipball/ded3d9be08f526089eb7ee8d9f16a9768f9dec2d",
+                "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "dev-master",
+                "amphp/phpunit-util": "^1",
+                "ext-json": "*",
+                "jetbrains/phpstorm-stubs": "^2019.3",
+                "phpunit/phpunit": "^7 | ^8 | ^9",
+                "react/promise": "^2",
+                "vimeo/psalm": "^3.12"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.x-dev"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "lib/functions.php",
+                    "lib/Internal/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\": "lib"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Daniel Lowrey",
+                    "email": "rdlowrey@php.net"
+                },
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Bob Weinand",
+                    "email": "bobwei9@hotmail.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "A non-blocking concurrency framework for PHP applications.",
+            "homepage": "https://amphp.org/amp",
+            "keywords": [
+                "async",
+                "asynchronous",
+                "awaitable",
+                "concurrency",
+                "event",
+                "event-loop",
+                "future",
+                "non-blocking",
+                "promise"
+            ],
+            "support": {
+                "irc": "irc://irc.freenode.org/amphp",
+                "issues": "https://github.com/amphp/amp/issues",
+                "source": "https://github.com/amphp/amp/tree/v2.6.4"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-03-21T18:52:26+00:00"
+        },
+        {
+            "name": "amphp/byte-stream",
+            "version": "v1.8.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/byte-stream.git",
+                "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/byte-stream/zipball/4f0e968ba3798a423730f567b1b50d3441c16ddc",
+                "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^2",
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "dev-master",
+                "amphp/phpunit-util": "^1.4",
+                "friendsofphp/php-cs-fixer": "^2.3",
+                "jetbrains/phpstorm-stubs": "^2019.3",
+                "phpunit/phpunit": "^6 || ^7 || ^8",
+                "psalm/phar": "^3.11.4"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\ByteStream\\": "lib"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "A stream abstraction to make working with non-blocking I/O simple.",
+            "homepage": "https://amphp.org/byte-stream",
+            "keywords": [
+                "amp",
+                "amphp",
+                "async",
+                "io",
+                "non-blocking",
+                "stream"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/byte-stream/issues",
+                "source": "https://github.com/amphp/byte-stream/tree/v1.8.2"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-04-13T18:00:56+00:00"
+        },
+        {
+            "name": "composer/package-versions-deprecated",
+            "version": "1.11.99.5",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/composer/package-versions-deprecated.git",
+                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/b4f54f74ef3453349c24a845d22392cd31e65f1d",
+                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d",
+                "shasum": ""
+            },
+            "require": {
+                "composer-plugin-api": "^1.1.0 || ^2.0",
+                "php": "^7 || ^8"
+            },
+            "replace": {
+                "ocramius/package-versions": "1.11.99"
+            },
+            "require-dev": {
+                "composer/composer": "^1.9.3 || ^2.0@dev",
+                "ext-zip": "^1.13",
+                "phpunit/phpunit": "^6.5 || ^7"
+            },
+            "type": "composer-plugin",
+            "extra": {
+                "class": "PackageVersions\\Installer",
+                "branch-alias": {
+                    "dev-master": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "PackageVersions\\": "src/PackageVersions"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Marco Pivetta",
+                    "email": "ocramius@gmail.com"
+                },
+                {
+                    "name": "Jordi Boggiano",
+                    "email": "j.boggiano@seld.be"
+                }
+            ],
+            "description": "Composer plugin that provides efficient querying for installed package versions (no runtime IO)",
+            "support": {
+                "issues": "https://github.com/composer/package-versions-deprecated/issues",
+                "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.5"
+            },
+            "funding": [
+                {
+                    "url": "https://packagist.com",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/composer",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2022-01-17T14:14:24+00:00"
+        },
+        {
+            "name": "composer/pcre",
+            "version": "3.1.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/composer/pcre.git",
+                "reference": "04229f163664973f68f38f6f73d917799168ef24"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/04229f163664973f68f38f6f73d917799168ef24",
+                "reference": "04229f163664973f68f38f6f73d917799168ef24",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.4 || ^8.0"
+            },
+            "require-dev": {
+                "phpstan/phpstan": "^1.3",
+                "phpstan/phpstan-strict-rules": "^1.1",
+                "symfony/phpunit-bridge": "^5"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Composer\\Pcre\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Jordi Boggiano",
+                    "email": "j.boggiano@seld.be",
+                    "homepage": "http://seld.be"
+                }
+            ],
+            "description": "PCRE wrapping library that offers type-safe preg_* replacements.",
+            "keywords": [
+                "PCRE",
+                "preg",
+                "regex",
+                "regular expression"
+            ],
+            "support": {
+                "issues": "https://github.com/composer/pcre/issues",
+                "source": "https://github.com/composer/pcre/tree/3.1.4"
+            },
+            "funding": [
+                {
+                    "url": "https://packagist.com",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/composer",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-05-27T13:40:54+00:00"
+        },
+        {
+            "name": "composer/semver",
+            "version": "3.4.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/composer/semver.git",
+                "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/composer/semver/zipball/c51258e759afdb17f1fd1fe83bc12baaef6309d6",
+                "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^5.3.2 || ^7.0 || ^8.0"
+            },
+            "require-dev": {
+                "phpstan/phpstan": "^1.4",
+                "symfony/phpunit-bridge": "^4.2 || ^5"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Composer\\Semver\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nils Adermann",
+                    "email": "naderman@naderman.de",
+                    "homepage": "http://www.naderman.de"
+                },
+                {
+                    "name": "Jordi Boggiano",
+                    "email": "j.boggiano@seld.be",
+                    "homepage": "http://seld.be"
+                },
+                {
+                    "name": "Rob Bast",
+                    "email": "rob.bast@gmail.com",
+                    "homepage": "http://robbast.nl"
+                }
+            ],
+            "description": "Semver library that offers utilities, version constraint parsing and validation.",
+            "keywords": [
+                "semantic",
+                "semver",
+                "validation",
+                "versioning"
+            ],
+            "support": {
+                "irc": "ircs://irc.libera.chat:6697/composer",
+                "issues": "https://github.com/composer/semver/issues",
+                "source": "https://github.com/composer/semver/tree/3.4.2"
+            },
+            "funding": [
+                {
+                    "url": "https://packagist.com",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/composer",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-07-12T11:35:52+00:00"
+        },
+        {
+            "name": "composer/xdebug-handler",
+            "version": "3.0.5",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/composer/xdebug-handler.git",
+                "reference": "6c1925561632e83d60a44492e0b344cf48ab85ef"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/composer/xdebug-handler/zipball/6c1925561632e83d60a44492e0b344cf48ab85ef",
+                "reference": "6c1925561632e83d60a44492e0b344cf48ab85ef",
+                "shasum": ""
+            },
+            "require": {
+                "composer/pcre": "^1 || ^2 || ^3",
+                "php": "^7.2.5 || ^8.0",
+                "psr/log": "^1 || ^2 || ^3"
+            },
+            "require-dev": {
+                "phpstan/phpstan": "^1.0",
+                "phpstan/phpstan-strict-rules": "^1.1",
+                "phpunit/phpunit": "^8.5 || ^9.6 || ^10.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Composer\\XdebugHandler\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "John Stevenson",
+                    "email": "john-stevenson@blueyonder.co.uk"
+                }
+            ],
+            "description": "Restarts a process without Xdebug.",
+            "keywords": [
+                "Xdebug",
+                "performance"
+            ],
+            "support": {
+                "irc": "ircs://irc.libera.chat:6697/composer",
+                "issues": "https://github.com/composer/xdebug-handler/issues",
+                "source": "https://github.com/composer/xdebug-handler/tree/3.0.5"
+            },
+            "funding": [
+                {
+                    "url": "https://packagist.com",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/composer",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-05-06T16:37:16+00:00"
+        },
+        {
+            "name": "dnoegel/php-xdg-base-dir",
+            "version": "v0.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/dnoegel/php-xdg-base-dir.git",
+                "reference": "8f8a6e48c5ecb0f991c2fdcf5f154a47d85f9ffd"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/dnoegel/php-xdg-base-dir/zipball/8f8a6e48c5ecb0f991c2fdcf5f154a47d85f9ffd",
+                "reference": "8f8a6e48c5ecb0f991c2fdcf5f154a47d85f9ffd",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.2"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "~7.0|~6.0|~5.0|~4.8.35"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "XdgBaseDir\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "implementation of xdg base directory specification for php",
+            "support": {
+                "issues": "https://github.com/dnoegel/php-xdg-base-dir/issues",
+                "source": "https://github.com/dnoegel/php-xdg-base-dir/tree/v0.1.1"
+            },
+            "time": "2019-12-04T15:06:13+00:00"
+        },
+        {
+            "name": "doctrine/deprecations",
+            "version": "1.1.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/doctrine/deprecations.git",
+                "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab",
+                "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.1 || ^8.0"
+            },
+            "require-dev": {
+                "doctrine/coding-standard": "^9",
+                "phpstan/phpstan": "1.4.10 || 1.10.15",
+                "phpstan/phpstan-phpunit": "^1.0",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
+                "psalm/plugin-phpunit": "0.18.4",
+                "psr/log": "^1 || ^2 || ^3",
+                "vimeo/psalm": "4.30.0 || 5.12.0"
+            },
+            "suggest": {
+                "psr/log": "Allows logging deprecations via PSR-3 logger implementation"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Doctrine\\Deprecations\\": "lib/Doctrine/Deprecations"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "A small layer on top of trigger_error(E_USER_DEPRECATED) or PSR-3 logging with options to disable all deprecations or selectively for packages.",
+            "homepage": "https://www.doctrine-project.org/",
+            "support": {
+                "issues": "https://github.com/doctrine/deprecations/issues",
+                "source": "https://github.com/doctrine/deprecations/tree/1.1.3"
+            },
+            "time": "2024-01-30T19:34:25+00:00"
+        },
+        {
+            "name": "felixfbecker/advanced-json-rpc",
+            "version": "v3.2.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/felixfbecker/php-advanced-json-rpc.git",
+                "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/felixfbecker/php-advanced-json-rpc/zipball/b5f37dbff9a8ad360ca341f3240dc1c168b45447",
+                "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447",
+                "shasum": ""
+            },
+            "require": {
+                "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0",
+                "php": "^7.1 || ^8.0",
+                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^7.0 || ^8.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "AdvancedJsonRpc\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "ISC"
+            ],
+            "authors": [
+                {
+                    "name": "Felix Becker",
+                    "email": "felix.b@outlook.com"
+                }
+            ],
+            "description": "A more advanced JSONRPC implementation",
+            "support": {
+                "issues": "https://github.com/felixfbecker/php-advanced-json-rpc/issues",
+                "source": "https://github.com/felixfbecker/php-advanced-json-rpc/tree/v3.2.1"
+            },
+            "time": "2021-06-11T22:34:44+00:00"
+        },
+        {
+            "name": "felixfbecker/language-server-protocol",
+            "version": "v1.5.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/felixfbecker/php-language-server-protocol.git",
+                "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/felixfbecker/php-language-server-protocol/zipball/6e82196ffd7c62f7794d778ca52b69feec9f2842",
+                "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "phpstan/phpstan": "*",
+                "squizlabs/php_codesniffer": "^3.1",
+                "vimeo/psalm": "^4.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "LanguageServerProtocol\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "ISC"
+            ],
+            "authors": [
+                {
+                    "name": "Felix Becker",
+                    "email": "felix.b@outlook.com"
+                }
+            ],
+            "description": "PHP classes for the Language Server Protocol",
+            "keywords": [
+                "language",
+                "microsoft",
+                "php",
+                "server"
+            ],
+            "support": {
+                "issues": "https://github.com/felixfbecker/php-language-server-protocol/issues",
+                "source": "https://github.com/felixfbecker/php-language-server-protocol/tree/v1.5.2"
+            },
+            "time": "2022-03-02T22:36:06+00:00"
+        },
+        {
+            "name": "fidry/cpu-core-counter",
+            "version": "1.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/theofidry/cpu-core-counter.git",
+                "reference": "f92996c4d5c1a696a6a970e20f7c4216200fcc42"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/f92996c4d5c1a696a6a970e20f7c4216200fcc42",
+                "reference": "f92996c4d5c1a696a6a970e20f7c4216200fcc42",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2 || ^8.0"
+            },
+            "require-dev": {
+                "fidry/makefile": "^0.2.0",
+                "fidry/php-cs-fixer-config": "^1.1.2",
+                "phpstan/extension-installer": "^1.2.0",
+                "phpstan/phpstan": "^1.9.2",
+                "phpstan/phpstan-deprecation-rules": "^1.0.0",
+                "phpstan/phpstan-phpunit": "^1.2.2",
+                "phpstan/phpstan-strict-rules": "^1.4.4",
+                "phpunit/phpunit": "^8.5.31 || ^9.5.26",
+                "webmozarts/strict-phpunit": "^7.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Fidry\\CpuCoreCounter\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Théo FIDRY",
+                    "email": "theo.fidry@gmail.com"
+                }
+            ],
+            "description": "Tiny utility to get the number of CPU cores.",
+            "keywords": [
+                "CPU",
+                "core"
+            ],
+            "support": {
+                "issues": "https://github.com/theofidry/cpu-core-counter/issues",
+                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.1.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/theofidry",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-02-07T09:43:46+00:00"
+        },
+        {
+            "name": "netresearch/jsonmapper",
+            "version": "v4.4.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/cweiske/jsonmapper.git",
+                "reference": "132c75c7dd83e45353ebb9c6c9f591952995bbf0"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/132c75c7dd83e45353ebb9c6c9f591952995bbf0",
+                "reference": "132c75c7dd83e45353ebb9c6c9f591952995bbf0",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "ext-pcre": "*",
+                "ext-reflection": "*",
+                "ext-spl": "*",
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "~7.5 || ~8.0 || ~9.0 || ~10.0",
+                "squizlabs/php_codesniffer": "~3.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "JsonMapper": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "OSL-3.0"
+            ],
+            "authors": [
+                {
+                    "name": "Christian Weiske",
+                    "email": "cweiske@cweiske.de",
+                    "homepage": "http://github.com/cweiske/jsonmapper/",
+                    "role": "Developer"
+                }
+            ],
+            "description": "Map nested JSON structures onto PHP classes",
+            "support": {
+                "email": "cweiske@cweiske.de",
+                "issues": "https://github.com/cweiske/jsonmapper/issues",
+                "source": "https://github.com/cweiske/jsonmapper/tree/v4.4.1"
+            },
+            "time": "2024-01-31T06:18:54+00:00"
+        },
+        {
+            "name": "nikic/php-parser",
+            "version": "v4.19.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/nikic/PHP-Parser.git",
+                "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/4e1b88d21c69391150ace211e9eaf05810858d0b",
+                "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b",
+                "shasum": ""
+            },
+            "require": {
+                "ext-tokenizer": "*",
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "ircmaxell/php-yacc": "^0.0.7",
+                "phpunit/phpunit": "^6.5 || ^7.0 || ^8.0 || ^9.0"
+            },
+            "bin": [
+                "bin/php-parse"
+            ],
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "4.9-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "PhpParser\\": "lib/PhpParser"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Nikita Popov"
+                }
+            ],
+            "description": "A PHP parser written in PHP",
+            "keywords": [
+                "parser",
+                "php"
+            ],
+            "support": {
+                "issues": "https://github.com/nikic/PHP-Parser/issues",
+                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.1"
+            },
+            "time": "2024-03-17T08:10:35+00:00"
+        },
+        {
+            "name": "phpdocumentor/reflection-common",
+            "version": "2.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/phpDocumentor/ReflectionCommon.git",
+                "reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/1d01c49d4ed62f25aa84a747ad35d5a16924662b",
+                "reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2 || ^8.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-2.x": "2.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "phpDocumentor\\Reflection\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Jaap van Otterdijk",
+                    "email": "opensource@ijaap.nl"
+                }
+            ],
+            "description": "Common reflection classes used by phpdocumentor to reflect the code structure",
+            "homepage": "http://www.phpdoc.org",
+            "keywords": [
+                "FQSEN",
+                "phpDocumentor",
+                "phpdoc",
+                "reflection",
+                "static analysis"
+            ],
+            "support": {
+                "issues": "https://github.com/phpDocumentor/ReflectionCommon/issues",
+                "source": "https://github.com/phpDocumentor/ReflectionCommon/tree/2.x"
+            },
+            "time": "2020-06-27T09:03:43+00:00"
+        },
+        {
+            "name": "phpdocumentor/reflection-docblock",
+            "version": "5.4.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
+                "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c",
+                "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c",
+                "shasum": ""
+            },
+            "require": {
+                "doctrine/deprecations": "^1.1",
+                "ext-filter": "*",
+                "php": "^7.4 || ^8.0",
+                "phpdocumentor/reflection-common": "^2.2",
+                "phpdocumentor/type-resolver": "^1.7",
+                "phpstan/phpdoc-parser": "^1.7",
+                "webmozart/assert": "^1.9.1"
+            },
+            "require-dev": {
+                "mockery/mockery": "~1.3.5",
+                "phpstan/extension-installer": "^1.1",
+                "phpstan/phpstan": "^1.8",
+                "phpstan/phpstan-mockery": "^1.1",
+                "phpstan/phpstan-webmozart-assert": "^1.2",
+                "phpunit/phpunit": "^9.5",
+                "vimeo/psalm": "^5.13"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "5.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "phpDocumentor\\Reflection\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Mike van Riel",
+                    "email": "me@mikevanriel.com"
+                },
+                {
+                    "name": "Jaap van Otterdijk",
+                    "email": "opensource@ijaap.nl"
+                }
+            ],
+            "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
+            "support": {
+                "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.4.1"
+            },
+            "time": "2024-05-21T05:55:05+00:00"
+        },
+        {
+            "name": "phpdocumentor/type-resolver",
+            "version": "1.8.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/phpDocumentor/TypeResolver.git",
+                "reference": "153ae662783729388a584b4361f2545e4d841e3c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/153ae662783729388a584b4361f2545e4d841e3c",
+                "reference": "153ae662783729388a584b4361f2545e4d841e3c",
+                "shasum": ""
+            },
+            "require": {
+                "doctrine/deprecations": "^1.0",
+                "php": "^7.3 || ^8.0",
+                "phpdocumentor/reflection-common": "^2.0",
+                "phpstan/phpdoc-parser": "^1.13"
+            },
+            "require-dev": {
+                "ext-tokenizer": "*",
+                "phpbench/phpbench": "^1.2",
+                "phpstan/extension-installer": "^1.1",
+                "phpstan/phpstan": "^1.8",
+                "phpstan/phpstan-phpunit": "^1.1",
+                "phpunit/phpunit": "^9.5",
+                "rector/rector": "^0.13.9",
+                "vimeo/psalm": "^4.25"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-1.x": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "phpDocumentor\\Reflection\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Mike van Riel",
+                    "email": "me@mikevanriel.com"
+                }
+            ],
+            "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
+            "support": {
+                "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.8.2"
+            },
+            "time": "2024-02-23T11:10:43+00:00"
+        },
+        {
+            "name": "phpstan/phpdoc-parser",
+            "version": "1.29.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/phpstan/phpdoc-parser.git",
+                "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fcaefacf2d5c417e928405b71b400d4ce10daaf4",
+                "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2 || ^8.0"
+            },
+            "require-dev": {
+                "doctrine/annotations": "^2.0",
+                "nikic/php-parser": "^4.15",
+                "php-parallel-lint/php-parallel-lint": "^1.2",
+                "phpstan/extension-installer": "^1.0",
+                "phpstan/phpstan": "^1.5",
+                "phpstan/phpstan-phpunit": "^1.1",
+                "phpstan/phpstan-strict-rules": "^1.0",
+                "phpunit/phpunit": "^9.5",
+                "symfony/process": "^5.2"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "PHPStan\\PhpDocParser\\": [
+                        "src/"
+                    ]
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "PHPDoc parser with support for nullable, intersection and generic types",
+            "support": {
+                "issues": "https://github.com/phpstan/phpdoc-parser/issues",
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.29.1"
+            },
+            "time": "2024-05-31T08:52:43+00:00"
+        },
+        {
+            "name": "sebastian/diff",
+            "version": "6.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sebastianbergmann/diff.git",
+                "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b4ccd857127db5d41a5b676f24b51371d76d8544",
+                "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.2"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^11.0",
+                "symfony/process": "^4.2 || ^5"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "6.0-dev"
+                }
+            },
+            "autoload": {
+                "classmap": [
+                    "src/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Sebastian Bergmann",
+                    "email": "sebastian@phpunit.de"
+                },
+                {
+                    "name": "Kore Nordmann",
+                    "email": "mail@kore-nordmann.de"
+                }
+            ],
+            "description": "Diff implementation",
+            "homepage": "https://github.com/sebastianbergmann/diff",
+            "keywords": [
+                "diff",
+                "udiff",
+                "unidiff",
+                "unified diff"
+            ],
+            "support": {
+                "issues": "https://github.com/sebastianbergmann/diff/issues",
+                "security": "https://github.com/sebastianbergmann/diff/security/policy",
+                "source": "https://github.com/sebastianbergmann/diff/tree/6.0.2"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/sebastianbergmann",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-07-03T04:53:05+00:00"
+        },
+        {
+            "name": "spatie/array-to-xml",
+            "version": "3.3.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/spatie/array-to-xml.git",
+                "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/f56b220fe2db1ade4c88098d83413ebdfc3bf876",
+                "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "php": "^8.0"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.2",
+                "pestphp/pest": "^1.21",
+                "spatie/pest-plugin-snapshots": "^1.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Spatie\\ArrayToXml\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Freek Van der Herten",
+                    "email": "freek@spatie.be",
+                    "homepage": "https://freek.dev",
+                    "role": "Developer"
+                }
+            ],
+            "description": "Convert an array to xml",
+            "homepage": "https://github.com/spatie/array-to-xml",
+            "keywords": [
+                "array",
+                "convert",
+                "xml"
+            ],
+            "support": {
+                "source": "https://github.com/spatie/array-to-xml/tree/3.3.0"
+            },
+            "funding": [
+                {
+                    "url": "https://spatie.be/open-source/support-us",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/spatie",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-05-01T10:20:27+00:00"
+        },
+        {
+            "name": "sserbin/twig-linter",
+            "version": "dev-master",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sserbin/twig-linter.git",
+                "reference": "0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb",
+                "reference": "0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb",
+                "shasum": ""
+            },
+            "require": {
+                "composer/package-versions-deprecated": "1.11.99.5",
+                "php": "^7.4|^8.0",
+                "symfony/console": "^5.4 || ^6.1",
+                "symfony/finder": "^5.4 || ^6.1",
+                "twig/twig": "^2.5 || ^3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^7.3||^8.2|^9.5",
+                "squizlabs/php_codesniffer": "^3.3",
+                "vimeo/psalm": "^4.7"
+            },
+            "default-branch": true,
+            "bin": [
+                "bin/twig-linter"
+            ],
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Sserbin\\TwigLinter\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "sserbin",
+                    "email": "sserbin@users.noreply.github.com"
+                }
+            ],
+            "description": "Standalone cli twig linter (based on symfony-bridge-twig)",
+            "keywords": [
+                "lint",
+                "linter",
+                "twig"
+            ],
+            "support": {
+                "issues": "https://github.com/sserbin/twig-linter/issues",
+                "source": "https://github.com/sserbin/twig-linter/tree/3.1.0"
+            },
+            "time": "2022-06-29T11:06:19+00:00"
+        },
+        {
+            "name": "symfony/console",
+            "version": "v6.4.9",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/console.git",
+                "reference": "6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/console/zipball/6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9",
+                "reference": "6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
+                "symfony/polyfill-mbstring": "~1.0",
+                "symfony/service-contracts": "^2.5|^3",
+                "symfony/string": "^5.4|^6.0|^7.0"
+            },
+            "conflict": {
+                "symfony/dependency-injection": "<5.4",
+                "symfony/dotenv": "<5.4",
+                "symfony/event-dispatcher": "<5.4",
+                "symfony/lock": "<5.4",
+                "symfony/process": "<5.4"
+            },
+            "provide": {
+                "psr/log-implementation": "1.0|2.0|3.0"
+            },
+            "require-dev": {
+                "psr/log": "^1|^2|^3",
+                "symfony/config": "^5.4|^6.0|^7.0",
+                "symfony/dependency-injection": "^5.4|^6.0|^7.0",
+                "symfony/event-dispatcher": "^5.4|^6.0|^7.0",
+                "symfony/http-foundation": "^6.4|^7.0",
+                "symfony/http-kernel": "^6.4|^7.0",
+                "symfony/lock": "^5.4|^6.0|^7.0",
+                "symfony/messenger": "^5.4|^6.0|^7.0",
+                "symfony/process": "^5.4|^6.0|^7.0",
+                "symfony/stopwatch": "^5.4|^6.0|^7.0",
+                "symfony/var-dumper": "^5.4|^6.0|^7.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\Console\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Eases the creation of beautiful and testable command line interfaces",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "cli",
+                "command-line",
+                "console",
+                "terminal"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/console/tree/v6.4.9"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-06-28T09:49:33+00:00"
+        },
+        {
+            "name": "symfony/filesystem",
+            "version": "v7.1.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/filesystem.git",
+                "reference": "92a91985250c251de9b947a14bb2c9390b1a562c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/92a91985250c251de9b947a14bb2c9390b1a562c",
+                "reference": "92a91985250c251de9b947a14bb2c9390b1a562c",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.2",
+                "symfony/polyfill-ctype": "~1.8",
+                "symfony/polyfill-mbstring": "~1.8"
+            },
+            "require-dev": {
+                "symfony/process": "^6.4|^7.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\Filesystem\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Provides basic utilities for the filesystem",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/filesystem/tree/v7.1.2"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-06-28T10:03:55+00:00"
+        },
+        {
+            "name": "symfony/finder",
+            "version": "v6.4.8",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/finder.git",
+                "reference": "3ef977a43883215d560a2cecb82ec8e62131471c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/3ef977a43883215d560a2cecb82ec8e62131471c",
+                "reference": "3ef977a43883215d560a2cecb82ec8e62131471c",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1"
+            },
+            "require-dev": {
+                "symfony/filesystem": "^6.0|^7.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\Finder\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Finds files and directories via an intuitive fluent interface",
+            "homepage": "https://symfony.com",
+            "support": {
+                "source": "https://github.com/symfony/finder/tree/v6.4.8"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-05-31T14:49:08+00:00"
+        },
+        {
+            "name": "symfony/polyfill-intl-grapheme",
+            "version": "v1.30.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
+                "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/64647a7c30b2283f5d49b874d84a18fc22054b7a",
+                "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "suggest": {
+                "ext-intl": "For best performance"
+            },
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Intl\\Grapheme\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill for intl's grapheme_* functions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "grapheme",
+                "intl",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.30.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-05-31T15:07:36+00:00"
+        },
+        {
+            "name": "symfony/polyfill-intl-normalizer",
+            "version": "v1.30.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
+                "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/a95281b0be0d9ab48050ebd988b967875cdb9fdb",
+                "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "suggest": {
+                "ext-intl": "For best performance"
+            },
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Intl\\Normalizer\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill for intl's Normalizer class and related functions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "intl",
+                "normalizer",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.30.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-05-31T15:07:36+00:00"
+        },
+        {
+            "name": "symfony/service-contracts",
+            "version": "v3.5.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/service-contracts.git",
+                "reference": "bd1d9e59a81d8fa4acdcea3f617c581f7475a80f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/bd1d9e59a81d8fa4acdcea3f617c581f7475a80f",
+                "reference": "bd1d9e59a81d8fa4acdcea3f617c581f7475a80f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1",
+                "psr/container": "^1.1|^2.0",
+                "symfony/deprecation-contracts": "^2.5|^3"
+            },
+            "conflict": {
+                "ext-psr": "<1.1|>=2"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.5-dev"
+                },
+                "thanks": {
+                    "name": "symfony/contracts",
+                    "url": "https://github.com/symfony/contracts"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Contracts\\Service\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Test/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Generic abstractions related to writing services",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "abstractions",
+                "contracts",
+                "decoupling",
+                "interfaces",
+                "interoperability",
+                "standards"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/service-contracts/tree/v3.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-04-18T09:32:20+00:00"
+        },
+        {
+            "name": "symfony/string",
+            "version": "v7.1.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/string.git",
+                "reference": "14221089ac66cf82e3cf3d1c1da65de305587ff8"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/string/zipball/14221089ac66cf82e3cf3d1c1da65de305587ff8",
+                "reference": "14221089ac66cf82e3cf3d1c1da65de305587ff8",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.2",
+                "symfony/polyfill-ctype": "~1.8",
+                "symfony/polyfill-intl-grapheme": "~1.0",
+                "symfony/polyfill-intl-normalizer": "~1.0",
+                "symfony/polyfill-mbstring": "~1.0"
+            },
+            "conflict": {
+                "symfony/translation-contracts": "<2.5"
+            },
+            "require-dev": {
+                "symfony/emoji": "^7.1",
+                "symfony/error-handler": "^6.4|^7.0",
+                "symfony/http-client": "^6.4|^7.0",
+                "symfony/intl": "^6.4|^7.0",
+                "symfony/translation-contracts": "^2.5|^3.0",
+                "symfony/var-exporter": "^6.4|^7.0"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "Resources/functions.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Component\\String\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Provides an object-oriented API to strings and deals with bytes, UTF-8 code points and grapheme clusters in a unified way",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "grapheme",
+                "i18n",
+                "string",
+                "unicode",
+                "utf-8",
+                "utf8"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/string/tree/v7.1.2"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-06-28T09:27:18+00:00"
+        },
+        {
+            "name": "vimeo/psalm",
+            "version": "5.25.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/vimeo/psalm.git",
+                "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/01a8eb06b9e9cc6cfb6a320bf9fb14331919d505",
+                "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^2.4.2",
+                "amphp/byte-stream": "^1.5",
+                "composer-runtime-api": "^2",
+                "composer/semver": "^1.4 || ^2.0 || ^3.0",
+                "composer/xdebug-handler": "^2.0 || ^3.0",
+                "dnoegel/php-xdg-base-dir": "^0.1.1",
+                "ext-ctype": "*",
+                "ext-dom": "*",
+                "ext-json": "*",
+                "ext-libxml": "*",
+                "ext-mbstring": "*",
+                "ext-simplexml": "*",
+                "ext-tokenizer": "*",
+                "felixfbecker/advanced-json-rpc": "^3.1",
+                "felixfbecker/language-server-protocol": "^1.5.2",
+                "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0",
+                "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0",
+                "nikic/php-parser": "^4.16",
+                "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0",
+                "sebastian/diff": "^4.0 || ^5.0 || ^6.0",
+                "spatie/array-to-xml": "^2.17.0 || ^3.0",
+                "symfony/console": "^4.1.6 || ^5.0 || ^6.0 || ^7.0",
+                "symfony/filesystem": "^5.4 || ^6.0 || ^7.0"
+            },
+            "conflict": {
+                "nikic/php-parser": "4.17.0"
+            },
+            "provide": {
+                "psalm/psalm": "self.version"
+            },
+            "require-dev": {
+                "amphp/phpunit-util": "^2.0",
+                "bamarni/composer-bin-plugin": "^1.4",
+                "brianium/paratest": "^6.9",
+                "ext-curl": "*",
+                "mockery/mockery": "^1.5",
+                "nunomaduro/mock-final-classes": "^1.1",
+                "php-parallel-lint/php-parallel-lint": "^1.2",
+                "phpstan/phpdoc-parser": "^1.6",
+                "phpunit/phpunit": "^9.6",
+                "psalm/plugin-mockery": "^1.1",
+                "psalm/plugin-phpunit": "^0.18",
+                "slevomat/coding-standard": "^8.4",
+                "squizlabs/php_codesniffer": "^3.6",
+                "symfony/process": "^4.4 || ^5.0 || ^6.0 || ^7.0"
+            },
+            "suggest": {
+                "ext-curl": "In order to send data to shepherd",
+                "ext-igbinary": "^2.0.5 is required, used to serialize caching data"
+            },
+            "bin": [
+                "psalm",
+                "psalm-language-server",
+                "psalm-plugin",
+                "psalm-refactor",
+                "psalter"
+            ],
+            "type": "project",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "5.x-dev",
+                    "dev-4.x": "4.x-dev",
+                    "dev-3.x": "3.x-dev",
+                    "dev-2.x": "2.x-dev",
+                    "dev-1.x": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psalm\\": "src/Psalm/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Matthew Brown"
+                }
+            ],
+            "description": "A static analysis tool for finding errors in PHP applications",
+            "keywords": [
+                "code",
+                "inspection",
+                "php",
+                "static analysis"
+            ],
+            "support": {
+                "docs": "https://psalm.dev/docs",
+                "issues": "https://github.com/vimeo/psalm/issues",
+                "source": "https://github.com/vimeo/psalm"
+            },
+            "time": "2024-06-16T15:08:35+00:00"
+        },
+        {
+            "name": "wapmorgan/php-deprecation-detector",
+            "version": "dev-master",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/wapmorgan/PhpDeprecationDetector.git",
+                "reference": "42cd3786c8971bf80921a3add061cd44df3e73e3"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/wapmorgan/PhpDeprecationDetector/zipball/42cd3786c8971bf80921a3add061cd44df3e73e3",
+                "reference": "42cd3786c8971bf80921a3add061cd44df3e73e3",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "ext-tokenizer": "*",
+                "php": ">=5.4",
+                "symfony/console": "^3.4|^4.0|^5.0|^6.0"
+            },
+            "replace": {
+                "wapmorgan/php-code-fixer": "self.version"
+            },
+            "suggest": {
+                "ext-json": "Adds ability to store report in JSON format",
+                "macfja/phar-builder": "To build phar"
+            },
+            "default-branch": true,
+            "bin": [
+                "bin/phpdd"
+            ],
+            "type": "package",
+            "extra": {
+                "phar-builder": {
+                    "compression": "BZip2",
+                    "name": "phpdd-dev.phar",
+                    "output-dir": "./",
+                    "entry-point": "bin/phpdd",
+                    "include": [
+                        "bin",
+                        "data"
+                    ],
+                    "events": {
+                        "command.package.start": "git describe --tags > bin/version.txt",
+                        "command.package.end": "cp phpdd-dev.phar phpdd-`cat bin/version.txt`.phar && chmod +x phpdd-`cat bin/version.txt`.phar && rm bin/version.txt"
+                    }
+                }
+            },
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "wapmorgan\\PhpCodeFixer\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "description": "Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions.",
+            "support": {
+                "issues": "https://github.com/wapmorgan/PhpDeprecationDetector/issues",
+                "source": "https://github.com/wapmorgan/PhpDeprecationDetector/tree/master"
+            },
+            "time": "2024-01-30T21:54:23+00:00"
+        },
+        {
+            "name": "webmozart/assert",
+            "version": "1.11.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/webmozarts/assert.git",
+                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991",
+                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ctype": "*",
+                "php": "^7.2 || ^8.0"
+            },
+            "conflict": {
+                "phpstan/phpstan": "<0.12.20",
+                "vimeo/psalm": "<4.6.1 || 4.6.2"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^8.5.13"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.10-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Webmozart\\Assert\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Bernhard Schussek",
+                    "email": "bschussek@gmail.com"
+                }
+            ],
+            "description": "Assertions to validate method input/output with nice error messages.",
+            "keywords": [
+                "assert",
+                "check",
+                "validate"
+            ],
+            "support": {
+                "issues": "https://github.com/webmozarts/assert/issues",
+                "source": "https://github.com/webmozarts/assert/tree/1.11.0"
+            },
+            "time": "2022-06-03T18:03:27+00:00"
+        }
+    ],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {
+        "sserbin/twig-linter": 20,
+        "wapmorgan/php-deprecation-detector": 20
+    },
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {

From d30af69ad959ea645d51edc9160b96404eed2e0a Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 12:07:22 +0200
Subject: [PATCH 2368/3949] Update php/composer.json

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.json b/php/composer.json
index 0a58cfde..3ac4ea36 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -31,7 +31,7 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --monochrome --no-progress --output-format=text --update-baseline",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
-        "lint:twig": "twig-linter lint ./templates",
+		"lint:twig": "twig-linter lint ./templates",
 		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
 	}
 }

From 2ab19cf79ee803fff0e2a0f9d5f0e6e7fa722664 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Jul 2024 12:57:40 +0200
Subject: [PATCH 2369/3949] helm: allow to set NEXTCLOUD_MAINTENANCE_WINDOW

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 5 +++--
 nextcloud-aio-helm-chart/update-helm.sh | 3 +++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 8f564241..3868a50b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -504,9 +504,10 @@ if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get se
     php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
 # Set maintenance window so that no warning is shown in the admin overview
-if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
-    php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
+if [ -z "$NEXTCLOUD_MAINTENANCE_WINDOW" ]; then
+    NEXTCLOUD_MAINTENANCE_WINDOW=100
 fi
+php /var/www/html/occ config:system:set maintenance_window_start --type=int --value="$NEXTCLOUD_MAINTENANCE_WINDOW"
 
 # Apply network settings
 echo "Applying network settings..."
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 3a251b00..f23d9572 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -290,6 +290,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
+            - name: NEXTCLOUD_MAINTENANCE_WINDOW
+              value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -385,6 +387,7 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
+NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From a27f51abdcfd1e168861e44758e7e601ef2ca08b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Jul 2024 13:51:47 +0200
Subject: [PATCH 2370/3949] nextcloud: allow to skip database optimization

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 8f564241..ffde22b9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -295,7 +295,6 @@ DATADIR_PERMISSION_CONF
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ app:enable nextcloud-aio --force
-                php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
                 yes | php /var/www/html/occ db:convert-filecache-bigint
@@ -423,12 +422,12 @@ DATADIR_PERMISSION_CONF
             # Apply optimization
             echo "Doing some optimizations..."
             php /var/www/html/occ maintenance:repair
-            php /var/www/html/occ db:add-missing-indices
-            php /var/www/html/occ db:add-missing-columns
-            php /var/www/html/occ db:add-missing-primary-keys
-            yes | php /var/www/html/occ db:convert-filecache-bigint
-            php /var/www/html/occ maintenance:mimetype:update-js
-            php /var/www/html/occ maintenance:mimetype:update-db
+            if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
+                php /var/www/html/occ db:add-missing-indices
+                php /var/www/html/occ db:add-missing-columns
+                php /var/www/html/occ db:add-missing-primary-keys
+                yes | php /var/www/html/occ db:convert-filecache-bigint
+            fi
         fi
     fi
 

From 1accb8f5687edb415e709e5d5ea7b945860b5cec Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 14:28:32 +0200
Subject: [PATCH 2371/3949] Update .gitignore

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/.gitignore | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/php/.gitignore b/php/.gitignore
index 2954225b..ee440441 100644
--- a/php/.gitignore
+++ b/php/.gitignore
@@ -1,3 +1,6 @@
-/php/data/configuration.json
-/php/data/containers.json
-
+data/*
+session/*
+!data/.gitkeep
+!session/.gitkeep
+vendor/
+.idea/

From 5dbcf17e454f2c14b52fcb8715bf803e72cf3262 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 14:34:17 +0200
Subject: [PATCH 2372/3949] Update composer.lock

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/composer.lock | 54 +++++++++++++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 017a2cb6..5205c7a6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,20 +4,20 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "0e1d24f3fa776163acefdebc91da39d3",
+    "content-hash": "3667c8e398e1c0d2a418f52c750d071b",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.0",
+            "version": "7.9.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612"
+                "reference": "d281ed313b989f213357e3be1a179f02196ac99b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/84ac2b2afc44e40d3e8e658a45d68d6d20437612",
-                "reference": "84ac2b2afc44e40d3e8e658a45d68d6d20437612",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b",
+                "reference": "d281ed313b989f213357e3be1a179f02196ac99b",
                 "shasum": ""
             },
             "require": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.2"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-18T11:52:56+00:00"
+            "time": "2024-07-24T11:22:20+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -556,16 +556,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.6",
+            "version": "7.0.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "8097948a89f6ec782839b3e958432f427cac37fd"
+                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8097948a89f6ec782839b3e958432f427cac37fd",
-                "reference": "8097948a89f6ec782839b3e958432f427cac37fd",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
+                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
                 "shasum": ""
             },
             "require": {
@@ -613,7 +613,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.6"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.7"
             },
             "funding": [
                 {
@@ -625,7 +625,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-11-02T10:04:50+00:00"
+            "time": "2024-07-21T15:55:45+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -2025,30 +2025,38 @@
         },
         {
             "name": "composer/pcre",
-            "version": "3.1.4",
+            "version": "3.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "04229f163664973f68f38f6f73d917799168ef24"
+                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/04229f163664973f68f38f6f73d917799168ef24",
-                "reference": "04229f163664973f68f38f6f73d917799168ef24",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
+                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0"
             },
+            "conflict": {
+                "phpstan/phpstan": "<1.11.8"
+            },
             "require-dev": {
-                "phpstan/phpstan": "^1.3",
+                "phpstan/phpstan": "^1.11.8",
                 "phpstan/phpstan-strict-rules": "^1.1",
-                "symfony/phpunit-bridge": "^5"
+                "phpunit/phpunit": "^8 || ^9"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
                     "dev-main": "3.x-dev"
+                },
+                "phpstan": {
+                    "includes": [
+                        "extension.neon"
+                    ]
                 }
             },
             "autoload": {
@@ -2076,7 +2084,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.1.4"
+                "source": "https://github.com/composer/pcre/tree/3.2.0"
             },
             "funding": [
                 {
@@ -2092,7 +2100,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-27T13:40:54+00:00"
+            "time": "2024-07-25T09:36:02+00:00"
         },
         {
             "name": "composer/semver",
@@ -3801,8 +3809,8 @@
     "aliases": [],
     "minimum-stability": "stable",
     "stability-flags": {
-        "sserbin/twig-linter": 20,
-        "wapmorgan/php-deprecation-detector": 20
+        "wapmorgan/php-deprecation-detector": 20,
+        "sserbin/twig-linter": 20
     },
     "prefer-stable": false,
     "prefer-lowest": false,

From 68b5b770c79bffaa430cbbd9026ead754ed8f122 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 17:39:36 +0200
Subject: [PATCH 2373/3949] Update readeMe

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/README.md | 41 ++++++++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/php/README.md b/php/README.md
index ca6ede1d..70028349 100644
--- a/php/README.md
+++ b/php/README.md
@@ -4,29 +4,52 @@ This is the code for the PHP Docker controller.
 
 ## How to run
 
-Running this locally requires Docker Engine on the same machine. 
-If this is the case, just execute the following command:
+Running this locally requires :
+
+### 1. Install the development environment
+
+This project uses Composer as dependency management software. It is very similar to NPM.
+The command to install all dependencies is:
 
 ```bash
 composer install
-sudo SKIP_DOMAIN_VALIDATION=true composer run dev # sudo is required to access docker socket
 ```
 
-You can then access the web interface at `localhost:8080`.
+### 2. Access to docker socket
 
-If you have an error that says `Couldn't connect to server for http://127.0.0.1/v1.41/networks/create` makes sure a `nextcloud-aio-mastercontainer` is running.
-You can start it with the following command:
+The `root` user has all privileges including access to the Docker socket. 
+But **it is not recommended to launch the local instance with full privileges**, consider the docker group for docker access without being `root`.
+See https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
+
+### 3. Run a `nextcloud-aio-mastercontainer` container
+
+This application manages containers, including its own container.
+So you need to run a `nextcloud-aio-mastercontainer` container for the application to work properly.
+
+Here is a command to quickly launch a container :
 
 ```bash
-sudo docker run \
+docker run \
 --rm \
 --name nextcloud-aio-mastercontainer \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
---volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:latest
 ```
 
-## Commands
+### 4. Start your server
+
+With this command you will launch the server:
+
+```bash
+# Make sure to launch this command with a user having access to the docker socket.
+SKIP_DOMAIN_VALIDATION=true composer run dev
+```
+
+You can then access the web interface at http://localhost:8080.
+
+Note: You can restart the server by preceding the command with other environment variables.
+
+## Composer routine
 
 | Command                                 | Description                            |
 |-----------------------------------------|----------------------------------------|

From 2c573b2e2418c32c1242ce692baf2e7d7fd89ba7 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 26 Jul 2024 17:42:45 +0200
Subject: [PATCH 2374/3949] Fix gitignore

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 .gitignore                                           | 11 ++++++++---
 Containers/mastercontainer/.idea/.gitignore          |  8 --------
 Containers/mastercontainer/.idea/mastercontainer.iml |  9 ---------
 Containers/mastercontainer/.idea/misc.xml            |  6 ------
 Containers/mastercontainer/.idea/modules.xml         |  8 --------
 Containers/mastercontainer/.idea/vcs.xml             |  6 ------
 php/.gitignore                                       |  6 ------
 7 files changed, 8 insertions(+), 46 deletions(-)
 delete mode 100644 Containers/mastercontainer/.idea/.gitignore
 delete mode 100644 Containers/mastercontainer/.idea/mastercontainer.iml
 delete mode 100644 Containers/mastercontainer/.idea/misc.xml
 delete mode 100644 Containers/mastercontainer/.idea/modules.xml
 delete mode 100644 Containers/mastercontainer/.idea/vcs.xml
 delete mode 100644 php/.gitignore

diff --git a/.gitignore b/.gitignore
index 68634fe2..a9ac8d70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,13 @@
 .DS_Store
-/php/data/containers.json
-/php/data/configuration.json
-/php/data/backupsecret.json
+.idea/
+*.iml
+
+/php/data/*
+/php/session/*
+!/php/data/.gitkeep
+!/php/session/.gitkeep
 /php/vendor
+
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml
diff --git a/Containers/mastercontainer/.idea/.gitignore b/Containers/mastercontainer/.idea/.gitignore
deleted file mode 100644
index 73f69e09..00000000
--- a/Containers/mastercontainer/.idea/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/
diff --git a/Containers/mastercontainer/.idea/mastercontainer.iml b/Containers/mastercontainer/.idea/mastercontainer.iml
deleted file mode 100644
index d6ebd480..00000000
--- a/Containers/mastercontainer/.idea/mastercontainer.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" inherit-compiler-output="true">
-    <exclude-output />
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/Containers/mastercontainer/.idea/misc.xml b/Containers/mastercontainer/.idea/misc.xml
deleted file mode 100644
index 639900d1..00000000
--- a/Containers/mastercontainer/.idea/misc.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager">
-    <output url="file://$PROJECT_DIR$/out" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/Containers/mastercontainer/.idea/modules.xml b/Containers/mastercontainer/.idea/modules.xml
deleted file mode 100644
index ff3363f5..00000000
--- a/Containers/mastercontainer/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/mastercontainer.iml" filepath="$PROJECT_DIR$/.idea/mastercontainer.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/Containers/mastercontainer/.idea/vcs.xml b/Containers/mastercontainer/.idea/vcs.xml
deleted file mode 100644
index b2bdec2d..00000000
--- a/Containers/mastercontainer/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/php/.gitignore b/php/.gitignore
deleted file mode 100644
index ee440441..00000000
--- a/php/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-data/*
-session/*
-!data/.gitkeep
-!session/.gitkeep
-vendor/
-.idea/

From d2820644a02fac2d2a958451faca1f00a397eb86 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 27 Jul 2024 12:02:06 +0000
Subject: [PATCH 2375/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 5205c7a6..fa97d76c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "3667c8e398e1c0d2a418f52c750d071b",
+    "content-hash": "0e1d24f3fa776163acefdebc91da39d3",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -3019,16 +3019,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.9",
+            "version": "v6.4.10",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9"
+                "reference": "504974cbe43d05f83b201d6498c206f16fc0cdbc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9",
-                "reference": "6edb5363ec0c78ad4d48c5128ebf4d083d89d3a9",
+                "url": "https://api.github.com/repos/symfony/console/zipball/504974cbe43d05f83b201d6498c206f16fc0cdbc",
+                "reference": "504974cbe43d05f83b201d6498c206f16fc0cdbc",
                 "shasum": ""
             },
             "require": {
@@ -3093,7 +3093,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.9"
+                "source": "https://github.com/symfony/console/tree/v6.4.10"
             },
             "funding": [
                 {
@@ -3109,7 +3109,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-28T09:49:33+00:00"
+            "time": "2024-07-26T12:30:32+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -3179,16 +3179,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.8",
+            "version": "v6.4.10",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "3ef977a43883215d560a2cecb82ec8e62131471c"
+                "reference": "af29198d87112bebdd397bd7735fbd115997824c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/3ef977a43883215d560a2cecb82ec8e62131471c",
-                "reference": "3ef977a43883215d560a2cecb82ec8e62131471c",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/af29198d87112bebdd397bd7735fbd115997824c",
+                "reference": "af29198d87112bebdd397bd7735fbd115997824c",
                 "shasum": ""
             },
             "require": {
@@ -3223,7 +3223,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.8"
+                "source": "https://github.com/symfony/finder/tree/v6.4.10"
             },
             "funding": [
                 {
@@ -3239,7 +3239,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T14:49:08+00:00"
+            "time": "2024-07-24T07:06:38+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -3485,16 +3485,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.2",
+            "version": "v7.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "14221089ac66cf82e3cf3d1c1da65de305587ff8"
+                "reference": "ea272a882be7f20cad58d5d78c215001617b7f07"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/14221089ac66cf82e3cf3d1c1da65de305587ff8",
-                "reference": "14221089ac66cf82e3cf3d1c1da65de305587ff8",
+                "url": "https://api.github.com/repos/symfony/string/zipball/ea272a882be7f20cad58d5d78c215001617b7f07",
+                "reference": "ea272a882be7f20cad58d5d78c215001617b7f07",
                 "shasum": ""
             },
             "require": {
@@ -3552,7 +3552,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.2"
+                "source": "https://github.com/symfony/string/tree/v7.1.3"
             },
             "funding": [
                 {
@@ -3568,7 +3568,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-28T09:27:18+00:00"
+            "time": "2024-07-22T10:25:37+00:00"
         },
         {
             "name": "vimeo/psalm",
@@ -3809,8 +3809,8 @@
     "aliases": [],
     "minimum-stability": "stable",
     "stability-flags": {
-        "wapmorgan/php-deprecation-detector": 20,
-        "sserbin/twig-linter": 20
+        "sserbin/twig-linter": 20,
+        "wapmorgan/php-deprecation-detector": 20
     },
     "prefer-stable": false,
     "prefer-lowest": false,

From 562b55b872becbcb81bf262bd7e6e6f45db92e6b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Jul 2024 10:30:52 +0200
Subject: [PATCH 2376/3949] improve hint where to activate the external storage
 app

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4287d92b..097dc266 100644
--- a/readme.md
+++ b/readme.md
@@ -629,7 +629,7 @@ By default, the Nextcloud container is confined and cannot access directories on
 
 After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
 
-You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
+You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
 
 Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 

From 7e56c912f742d96311388c9b6d2c9acf0e0f90a1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Jul 2024 10:48:56 +0200
Subject: [PATCH 2377/3949] increase to 9.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index eb05a5d2..b8c364b6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.3.0</h1>
+        <h1>Nextcloud AIO v9.4.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 8c02eb274051130c9716d004c5a4ab99d29843be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 30 Jul 2024 13:19:49 +0200
Subject: [PATCH 2378/3949] rp-docs: apache: increase timeout to support big
 file uploads

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 40e44fb5..aa0d0bab 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -120,6 +120,8 @@ Add this as a new Apache site config:
 
     # Support big file uploads
     LimitRequestBody 0
+    Timeout 86400
+    ProxyTimeout 86400
 </VirtualHost>
 ```
 

From 9da2235d3e4880d91d8ff45bd8deb3f0ed9686d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 31 Jul 2024 13:52:38 +0200
Subject: [PATCH 2379/3949] update rp wording and add caddy to the examples

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                         | 8 ++++----
 manual-install/sample.conf           | 4 ++--
 manual-install/update-yaml.sh        | 4 ++--
 nextcloud-aio-helm-chart/values.yaml | 2 +-
 php/templates/containers.twig        | 4 ++--
 readme.md                            | 8 ++++----
 reverse-proxy.md                     | 2 +-
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 69516d24..f3b53452 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -9,13 +9,13 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
     network_mode: bridge # add to the same network as docker run would do
     ports:
-      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
-      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 69934fd0..1f4e6b48 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -19,9 +19,9 @@ ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
-APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index a1db1388..d8bb0cc2 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -82,8 +82,8 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).|' sample.conf
-sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index dddc569c..b704467a 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -20,7 +20,7 @@ TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the op
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else).
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b8c364b6..799fc0fe 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -95,9 +95,9 @@
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
                         {% else %}
-                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
+                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
                         {% endif %}
                         Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
diff --git a/readme.md b/readme.md
index 097dc266..49f8eb98 100644
--- a/readme.md
+++ b/readme.md
@@ -78,15 +78,15 @@ Included are:
 | ![image](https://user-images.githubusercontent.com/42591237/232849125-30e24c85-bfd7-465e-8310-9b69cd9666fe.png) | ![image](https://user-images.githubusercontent.com/42591237/232849036-28c38d9a-3151-4cf1-97a5-4d94c1f0eba0.png) |
 
 ## How to use this?
-The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. The easiest way is installing it by **using the convenience script**:  
     ```sh
     curl -fsSL https://get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:
+2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
     ```
-    # For Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:
+    # For Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
     sudo docker run \
     --init \
     --sig-proxy=false \
@@ -324,7 +324,7 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
 **⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
 If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, substitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
-If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
+If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
 
 Additionally, after restarting the containers, you need to open the admin settings and update some values manually that cannot be changed automatically. Here is a list of some known places:
 - `https://your-nc-domain.com/settings/admin/talk` for Turn/Stun server and Signaling Server if you enabled Talk via the AIO interface
diff --git a/reverse-proxy.md b/reverse-proxy.md
index aa0d0bab..9a4f80ab 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -6,7 +6,7 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**

From 7a638b8a6daadd924c0976630db42775ca168f0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 1 Aug 2024 09:47:54 +0200
Subject: [PATCH 2380/3949] daily-backup: fix issue with APACHE_PORT

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 62911b9c..56302c80 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -16,11 +16,15 @@ fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -o '[0-9]\+' | head -1)"
-while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
-    echo "Waiting for apache to become available"
-    sleep 30
-done
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
+if [ -z "$APACHE_PORT" ]; then
+    echo "APACHE_PORT is not set which is not expected..."
+else
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+        echo "Waiting for apache to become available"
+        sleep 30
+    done
+fi
 while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
     echo "Waiting for watchtower to stop"
     sleep 30

From 89d2dd7287c19597b6a3c694b0648aea60bf1b16 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 1 Aug 2024 12:15:45 +0200
Subject: [PATCH 2381/3949] increase to 9.4.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 799fc0fe..bedfd481 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.4.0</h1>
+        <h1>Nextcloud AIO v9.4.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From b84611a5ac76d0da7c7000bf80a5bb7cb857c3aa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Aug 2024 12:30:29 +0000
Subject: [PATCH 2382/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.9-fpm-alpine3.20 to 8.3.10-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7fe76414..848add64 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.1.1-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.9-fpm-alpine3.20
+FROM php:8.3.10-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From a9710944f0d7ed66628793e0b4b9e273a1b399e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Aug 2024 12:33:10 +0000
Subject: [PATCH 2383/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.2.21-fpm-alpine3.20 to 8.2.22-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 7b74eda0..9905e431 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.21-fpm-alpine3.20
+FROM php:8.2.22-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From ed8794522d6eabda8a4323ed532b2d25678ceb83 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 2 Aug 2024 15:09:08 +0200
Subject: [PATCH 2384/3949] manual-install: adjust the docker-compose commands

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 66cda23c..26e802e9 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -27,23 +27,23 @@ Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env
 
 Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
 
-Now you should be ready to go with `sudo docker-compose up`.
+Now you should be ready to go with `sudo docker compose up`.
 
 ## Docker profiles
 The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
 
-For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
+For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
 1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`.
-1. Run `sudo docker-compose down` to stop all running containers
+1. Run `sudo docker compose down` to stop all running containers
 1. Back up all important files and folders
 1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml`
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
-1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker compose pull` to pull the new images.
+1. At the end run `sudo docker compose up` in order to start and update the containers with the new configuration.
 
 ## FAQ
 ### Backup and restore?

From 7879b9ea0d1a9236ae99112d6ef387b6c74110da Mon Sep 17 00:00:00 2001
From: Paul <devnoname120@gmail.com>
Date: Sun, 4 Aug 2024 01:37:06 +0200
Subject: [PATCH 2385/3949] readme: fix mistakes in Cloudflare section

Signed-off-by: Paul <devnoname120@gmail.com>
---
 readme.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/readme.md b/readme.md
index 49f8eb98..dbcf8306 100644
--- a/readme.md
+++ b/readme.md
@@ -207,17 +207,18 @@ On TrueNAS SCALE, there are two ways to run AIO. The preferred one is to run AIO
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 
 ### Notes on Cloudflare (proxy/tunnel)
-- Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
+- Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
+- Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
-- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
 - If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
-- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
 - The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
-- If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
+- If you are using AIO's built-in Reverse Proxy and don't use your own, then the certificate issuing may possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. Note that this isn't an option if you need Cloudflare Tunnel as disabling the proxy would also disable Cloudflare Tunnel which would in turn make your server unreachable for the verification. See https://github.com/nextcloud/all-in-one/discussions/1101.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.

From c4e1ab64fcae74caaf11093086853f407f0c3fbd Mon Sep 17 00:00:00 2001
From: Jimmy Everling <jimmy@jimmyk.se>
Date: Sun, 4 Aug 2024 22:21:39 +0200
Subject: [PATCH 2386/3949] Added reverse proxy configuration example for IIS
 with ARR & Url Rewrite

Signed-off-by: Jimmy Everling <jimmy@jimmyk.se>
---
 reverse-proxy.md | 57 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 9a4f80ab..517da7be 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -639,6 +639,63 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
+### IIS with ARR and URL Rewrite
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+#### Prerequisites
+1. **Windows Server** with IIS installed.
+2. [**Application Request Routing (ARR)**](https://www.iis.net/downloads/microsoft/application-request-routing) and [**URL Rewrite**](https://www.iis.net/downloads/microsoft/url-rewrite) modules installed.
+3. [**WebSocket Protocol**](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/websocket) feature enabled.
+
+
+In the web.config example below, a Server farm named `nc-server-farm` has been created an is pointing to the Nextcloud server:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <system.web>
+    <!-- Allow all urls -->
+    <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
+  </system.web>
+  <system.webServer>
+    <rewrite>
+      <rules>
+        <!-- Force https -->
+        <rule name="Https" stopProcessing="true">
+          <match url="(.*)" />
+          <conditions>
+            <add input="{HTTPS}" pattern="^OFF$" />
+          </conditions>
+          <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" appendQueryString="false" />
+        </rule>
+        <!-- Redirect to internal nextcloud server -->
+        <rule name="To nextcloud" stopProcessing="true">
+          <match url="(.*)" />
+          <conditions>
+            <add input="{HTTPS}" pattern="^ON$" />
+          </conditions>
+          <action type="Rewrite" url="http://nc-server-farm:11000/{UNENCODED_URL}" appendQueryString="false" />
+        </rule>
+      </rules>
+    </rewrite>
+    <security>
+      <!-- Increase upload limit to 2GiB -->
+      <requestFiltering allowDoubleEscaping="true">
+        <requestLimits maxAllowedContentLength="2147483648" />
+      </requestFiltering>
+    </security>
+  </system.webServer>
+</configuration>
+
+```
+
+</details>
+
 ### Others
 
 <details>

From f6fd960ba0942d2488c616bd3746ce5044bace0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Aug 2024 14:01:30 +0200
Subject: [PATCH 2387/3949] nextcloud: allow to configure proxy options via env

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/proxy.config.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 Containers/nextcloud/config/proxy.config.php

diff --git a/Containers/nextcloud/config/proxy.config.php b/Containers/nextcloud/config/proxy.config.php
new file mode 100644
index 00000000..c7848474
--- /dev/null
+++ b/Containers/nextcloud/config/proxy.config.php
@@ -0,0 +1,13 @@
+<?php
+if (getenv('HTTP_PROXY') !== false) {
+    $CONFIG['proxy'] = getenv('HTTP_PROXY');
+}
+if (getenv('HTTPS_PROXY') !== false) {
+    $CONFIG['proxy'] = getenv('HTTPS_PROXY');
+}
+if (getenv('PROXY_USER_PASSWORD') !== false) {
+    $CONFIG['proxyuserpwd'] = getenv('PROXY_USER_PASSWORD');
+}
+if (getenv('NO_PROXY') !== false) {
+    $CONFIG['proxyexclude'] = explode(',', getenv('NO_PROXY'));
+}

From 8bf7a4d57f28de38bbd684867fce8afc340439f3 Mon Sep 17 00:00:00 2001
From: Jimmy Everling <jimmy@jimmyk.se>
Date: Mon, 5 Aug 2024 18:29:20 +0200
Subject: [PATCH 2388/3949] Added link to "Adapting the sample web server
 configurations below"

Signed-off-by: Jimmy Everling <jimmy@jimmyk.se>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 517da7be..db9d7629 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -693,6 +693,7 @@ In the web.config example below, a Server farm named `nc-server-farm` has been c
 </configuration>
 
 ```
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 

From 0020bb45b2c1f749a6e7104b90281c830abd3e4a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Aug 2024 13:38:04 +0000
Subject: [PATCH 2389/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.5.2.1 to 24.04.6.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 26b41db7..668457c6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.5.2.1
+FROM collabora/code:24.04.6.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From eb3a133a0c9ab6ab48d886efc80b6841f40b2dab Mon Sep 17 00:00:00 2001
From: Jimmy Everling <jimmy@jimmyk.se>
Date: Tue, 6 Aug 2024 19:45:21 +0200
Subject: [PATCH 2390/3949] Rewrote the instructions to make them clearer.

Signed-off-by: Jimmy Everling <jimmy@jimmyk.se>
---
 reverse-proxy.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index db9d7629..1ea7b179 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -647,14 +647,24 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
+**Please note:** Using IIS as a reverse proxy comes with some limitations:
+- A maximum upload size of 4GiB, in the example configuration below the limit is set to 2GiB.
+
+
 #### Prerequisites
 1. **Windows Server** with IIS installed.
 2. [**Application Request Routing (ARR)**](https://www.iis.net/downloads/microsoft/application-request-routing) and [**URL Rewrite**](https://www.iis.net/downloads/microsoft/url-rewrite) modules installed.
 3. [**WebSocket Protocol**](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/websocket) feature enabled.
 
+For information on how to set up IIS as a reverse proxy please refer to [this](https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing).
+There are also information on how to use the IIS Manager [here](https://learn.microsoft.com/en-us/iis/).
 
-In the web.config example below, a Server farm named `nc-server-farm` has been created an is pointing to the Nextcloud server:
+The following configuration example assumes the following:
+* A site has been created that is configured with HTTPS support and the desired host name.
+* A server farm named `nc-server-farm` has been created and is pointing to the Nextcloud server.
+* No global Rewrite Rules has been created for the `nc-server-farm` server farm.
 
+Add the following `web.config` file to the root of the site you created as the reverse proxy.
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>

From bc084eca93e594d4ab8c3148616a2d0d51116876 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Aug 2024 13:30:23 +0200
Subject: [PATCH 2391/3949] nextcloud: improve update logic

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 41 +++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index fd8fc382..b90049a9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -11,9 +11,10 @@ directory_empty() {
 }
 
 run_upgrade_if_needed_due_to_app_update() {
+    if php /var/www/html/occ status | grep maintenance | grep -q true; then
+        php /var/www/html/occ maintenance:mode --off
+    fi
     if php /var/www/html/occ status | grep needsDbUpgrade | grep -q true; then
-        # Disable integrity check temporarily until next update
-        php /var/www/html/occ config:system:set integrity.check.disabled --type bool --value true
         php /var/www/html/occ upgrade
         php /var/www/html/occ app:enable nextcloud-aio --force
     fi
@@ -99,6 +100,18 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Write output to logfile.
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
+            # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first
+            if ! version_greater "$installed_version" "28.0.1.20"; then
+                php /var/www/html/updater/updater.phar --no-interaction --no-backup
+                if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                    echo "Upgrade failed. Please restore from backup."
+                    bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
+                    exit 1
+                fi
+                # shellcheck disable=SC2016
+                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+                INSTALLED_MAJOR="${installed_version%%.*}"
+            fi
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
@@ -816,19 +829,17 @@ else
 fi
 
 # Docker socket proxy
-if version_greater "$installed_version" "27.1.2.0"; then
-    if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-        if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
-            php /var/www/html/occ app:install app_api
-        elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
-            php /var/www/html/occ app:enable app_api
-        elif [ "$SKIP_UPDATE" != 1 ]; then
-            php /var/www/html/occ app:update app_api
-        fi
-    else
-        if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
-            php /var/www/html/occ app:remove app_api
-        fi
+if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
+    if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
+        php /var/www/html/occ app:install app_api
+    elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable app_api
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update app_api
+    fi
+else
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
+        php /var/www/html/occ app:remove app_api
     fi
 fi
 

From 9ad7ea14565eeda1dd905581236b4e804a1ca57a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 7 Aug 2024 12:05:56 +0000
Subject: [PATCH 2392/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fa97d76c..6df6806a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,26 +391,27 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.3",
+            "version": "v1.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754"
+                "reference": "61b87392d986dc49ad5ef64e75b1ff5fee24ef81"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3dbf8a8e914634c48d389c1234552666b3d43754",
-                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/61b87392d986dc49ad5ef64e75b1ff5fee24ef81",
+                "reference": "61b87392d986dc49ad5ef64e75b1ff5fee24ef81",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.3|^8.0"
             },
             "require-dev": {
-                "nesbot/carbon": "^2.61",
+                "illuminate/support": "^8.0|^9.0|^10.0|^11.0",
+                "nesbot/carbon": "^2.61|^3.0",
                 "pestphp/pest": "^1.21.3",
                 "phpstan/phpstan": "^1.8.2",
-                "symfony/var-dumper": "^5.4.11"
+                "symfony/var-dumper": "^5.4.11|^6.2.0|^7.0.0"
             },
             "type": "library",
             "extra": {
@@ -447,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-11-08T14:08:06+00:00"
+            "time": "2024-08-02T07:48:17+00:00"
         },
         {
             "name": "nikic/fast-route",

From 149688803c883a626e7e74da194d5dba1569884f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Aug 2024 12:20:01 +0000
Subject: [PATCH 2393/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.22.5-alpine3.20 to 1.22.6-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 8c37d694..c7d51736 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.5-alpine3.20 AS go
+FROM golang:1.22.6-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From d91c58ea28b21134c333d2148cbb95e7fb27b9ff Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 8 Aug 2024 08:58:46 +0000
Subject: [PATCH 2394/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 nextcloud-aio-helm-chart/values.yaml                          | 1 +
 14 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6ac5084f..bb0248fa 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.3.0
+version: 9.4.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f1fce678..8a4fbc4b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -66,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240808_083748"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 9d6245a6..b9595b84 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240808_083748"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 43e1532f..06aaffc0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240808_083748"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index ee762e86..7185f3f5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240808_083748"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 9fdec581..bd38cbd6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240808_083748"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 8da26e1e..62a6d035 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240808_083748"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 1de14c93..83267591 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -85,6 +85,8 @@ spec:
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
+            - name: NEXTCLOUD_MAINTENANCE_WINDOW
+              value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
@@ -175,7 +177,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240808_083748"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 7cf00dd4..fd4505bd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240808_083748"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index bd772580..d28179f9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240808_083748"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 9be8b3ad..3c08ead5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240808_083748"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 2140ecf1..b66a1b7d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240808_083748"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index b83636c8..24e6e975 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240725_074330"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240808_083748"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index b704467a..6591aae8 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -56,6 +56,7 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
+NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

From 41e6d7cf6d2330e695b26ada5eca2a25634d91b9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Aug 2024 11:25:38 +0200
Subject: [PATCH 2395/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index b90049a9..cc6289c8 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -101,6 +101,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
             # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
             if ! version_greater "$installed_version" "28.0.1.20"; then
                 php /var/www/html/updater/updater.phar --no-interaction --no-backup
                 if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
@@ -108,6 +109,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                     bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
                     exit 1
                 fi
+                rm "$NEXTCLOUD_DATA_DIR/update.failed"
                 # shellcheck disable=SC2016
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 INSTALLED_MAJOR="${installed_version%%.*}"

From c5cc5d1521f92128a6f81c7749a1cce422ca8c9d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Aug 2024 13:28:20 +0200
Subject: [PATCH 2396/3949] ignore minor updates for redis

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c16ef12d..16e7a8a1 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -94,7 +94,7 @@ updates:
     time: "12:00"
   ignore:
     - dependency-name: "redis"
-      update-types: ["version-update:semver-major"]
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
   open-pull-requests-limit: 10
   labels:
   - 3. to review

From e058ab96ea3faf1024083a2283b9aa4c2066d214 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Aug 2024 11:29:57 +0000
Subject: [PATCH 2397/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.12.4-alpine3.20 to 3.12.5-alpine3.20.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index e61a1680..e13bc9ff 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.4-alpine3.20
+FROM python:3.12.5-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 

From bc6dfe871101801031ec0e60334e3599ed589797 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Mon, 29 Jul 2024 17:44:32 +0200
Subject: [PATCH 2398/3949] Update Tags

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css                    |  65 ++---
 php/templates/containers.twig           | 343 ++++++++++++------------
 php/templates/includes/aio-config.twig  |  56 ++--
 php/templates/includes/backup-dirs.twig |  12 +-
 php/templates/login.twig                |   2 +-
 php/templates/setup.twig                |   2 +-
 6 files changed, 243 insertions(+), 237 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index b9418737..d4c25a8e 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -9,12 +9,13 @@ a {
     color: #0082c9;
 }
 
-.button {
+a.button,
+input[type="submit"] {
     padding: 6px 16px;
     width: auto;
     min-height: 34px;
     cursor: pointer;
-    background-color:#0082c9;
+    background-color: #0082c9;
     font-weight: bold;
     border-radius: 100px;
     margin: 3px 3px 3px 0;
@@ -24,15 +25,12 @@ a {
     outline: none;
 }
 
-.button:focus {
-    color:black;
+a.button:focus,
+input[type="submit"]:focus {
+    color: black;
     border: 2px solid black;
 }
 
-#logout {
-    margin-top: 7px;
-}
-
 summary {
     cursor: pointer;
 }
@@ -88,8 +86,7 @@ div.toast {
     position: fixed;
     z-index: 1000;
     border-radius: 3px;
-    background: none;
-    background-color: white;
+    background: white none;
 }
 
 .login {
@@ -108,12 +105,18 @@ div.toast {
     font-size: 17px;
 }
 
+form {
+    margin: 0;
+}
+
 input {
     padding: 10px;
+    margin-top: 15px;
     margin-bottom: 15px;
 }
 
-.login > form > input {
+.login > form > input[type="password"],
+.login > form > input[type="text"] {
     width: 100%;
 }
 
@@ -123,7 +126,8 @@ input {
     display: block;
 }
 
-.login > .button {
+.login > a.button ,
+.login > input[type="submit"] {
     margin-left: auto;
     margin-right: auto;
     display: block;
@@ -146,7 +150,7 @@ input {
     position: relative;
 }
 
-.content {
+main {
     padding: 20px;
     max-width: 100%;
     word-break: break-word;
@@ -173,6 +177,7 @@ header {
     background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
     height: 50px;
     justify-content: space-between;
+    align-items: center;
     display: flex;
 }
 
@@ -181,18 +186,18 @@ header {
 }
 
 #overlay {
-  position: fixed; /* Sit on top of the page content */
-  display: none; /* Hidden by default */
-  width: 100%; /* Full width (cover the whole page) */
-  height: 100%; /* Full height (cover the whole page) */
-  top: 0;
-  left: 0;
-  background-color: rgba(0,0,0,0.5); /* Black background with opacity */
-  z-index: 2;
+    position: fixed; /* Sit on top of the page content */
+    display: none; /* Hidden by default */
+    width: 100%; /* Full width (cover the whole page) */
+    height: 100%; /* Full height (cover the whole page) */
+    top: 0;
+    left: 0;
+    background-color: rgba(0, 0, 0, 0.5); /* Black background with opacity */
+    z-index: 2;
 }
 
 #overlay.loading {
-  display: block;
+    display: block;
 }
 
 .loader {
@@ -206,15 +211,15 @@ header {
     position: absolute;
     top: calc(50% - 60px);
     left: calc(50% - 60px);
-  }
-  
-  /* Safari */
-  @-webkit-keyframes spin {
+}
+
+/* Safari */
+@-webkit-keyframes spin {
     0% { -webkit-transform: rotate(0deg); }
     100% { -webkit-transform: rotate(360deg); }
-  }
-  
-  @keyframes spin {
+}
+
+@keyframes spin {
     0% { transform: rotate(0deg); }
     100% { transform: rotate(360deg); }
-  }
+}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index bedfd481..91e18424 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -11,11 +11,11 @@
         <form method="POST" action="/api/auth/logout">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input class="button" type="submit" id="logout" value="Log out" />
+            <input type="submit" value="Log out" />
         </form>
     </header>
 
-    <div class="content">
+    <main>
         <h1>Nextcloud AIO v9.4.1</h1>
 
         {# Add 2nd tab warning #}
@@ -58,107 +58,107 @@
         {% endfor %}
 
         {% if is_daily_backup_running == true %}
-            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br /><br />
+            <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
             {% if automatic_updates == true %}
-                This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.<br /><br />
+                <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                 {% if is_mastercontainer_update_available == true %}
-                    When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                    <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
                 {% endif %}
             {% endif %}
             {% if has_update_available == false %}
-                The whole process should not take more than a few minutes.<br /><br />
+                <p>The whole process should not take more than a few minutes.</p>
             {% elseif automatic_updates == true %}
-                The whole process can take a while as your containers will be updated.<br /><br />
+                <p>The whole process can take a while as your containers will be updated.</p>
             {% endif %}
-            <a href="" class="button reload">Reload ↻</a><br/><br/>
-            If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
+            <p><a href="" class="button reload">Reload ↻</a></p>
+            <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
         {% elseif isWatchtowerRunning == true %}
-            <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
-            <a href="" class="button reload">Reload ↻</a><br/>
+            <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
+            <p><a href="" class="button reload">Reload ↻</a></p>
         {% else %}
             {% if is_backup_container_running == false and domain == "" %}
                 {% if isDomaincheckRunning == false %}
                     <h2>Domaincheck container is not running</h2>
-                    This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.
+                    <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                 {% elseif is_mastercontainer_update_available == true %}
                     <h2>Mastercontainer update</h2>
-                    ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
+                    <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
                     <form method="POST" action="/api/docker/watchtower" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                        <input class="button" type="submit" value="Update mastercontainer" />
+                        <input type="submit" value="Update mastercontainer" />
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
-                        You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
+                        <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+                        <p>You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.</p>
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
                         {% if apache_port == '443' %}
-                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
+                            <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                         {% else %}
-                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.<br><br>
+                            <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                         {% endif %}
-                        Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.<br><br />
+                        <p>Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.</p>
                         {% if skip_domain_validation == true %}
-                            <strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!<br><br>
+                            <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                         {% endif %}
                         <form method="POST" action="/api/configuration" class="xhr">
                             <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Submit domain" />
+                            <input type="submit" value="Submit domain" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.<br><br>
+                            <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                             <details>
-                                <summary>Click here for further hints</summary><br />
-                                If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
-                                If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
-                                If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.<br><br>
-                                If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
+                                <summary>Click here for further hints</summary>
+                                <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.</p>
+                                <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
+                                <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
+                                <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
                                 {% if apache_port != '443' %}
-                                    If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
+                                    <p>If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
                                 {% endif %}
-                                <strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
+                                <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
                             </details>
                         {% endif %}
 
                         <h2>Restore former AIO instance from backup</h2>
-                        You can alternatively restore a former AIO instance from backup.<br><br>
+                        <p>You can alternatively restore a former AIO instance from backup.</p>
                     {% endif %}
 
                     {% if is_instance_restore_attempt == false %}
                         {% if borg_backup_host_location != '' and borg_restore_password != '' %}
                             {% if borg_backup_mode in ['test', 'check'] %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                                    <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                     {% if borg_backup_mode == 'test' %}
-                                        Please adjust the path and/or the encryption password in order to make it work!<br><br>
+                                        <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                     {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a><br><br>
+                                        <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                         <details>
-                                            <summary>Reveal repair option</summary><br />
-                                            Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <summary>Reveal repair option</summary>
+                                            <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form><br />
-                                        </details><br />
+                                                <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
+                                            </form>
+                                        </details>
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                                    <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                     {% if borg_backup_mode == 'test' %}
-                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
+                                        <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Check backup integrity"/><br/>
+                                            <input type="submit" value="Check backup integrity"/>
                                         </form>
                                     {% endif %}
-                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!<br><br>
-                                    <strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.<br><br>
+                                    <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
+                                    <p><strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                     <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -167,53 +167,53 @@
                                                 <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
                                             {% endfor %}
                                         </select>
-                                        <input class="button" type="submit" value="Restore selected backup"/>
+                                        <input type="submit" value="Restore selected backup"/>
                                     </form>
                                 {% endif %}
                             {% elseif borg_backup_mode == 'restore' %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
-                                    The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!
+                                    <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                    <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                 {% endif %}
                             {% endif %}
                         {% endif %}
 
                         {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
-                            Please enter the location of the backup archive on your host and the encryption password of the backup archive below:<br><br>
+                            <p>Please enter the location of the backup archive on your host and the encryption password of the backup archive below:</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
                                 <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit location and encryption password" />
+                                <input type="submit" value="Submit location and encryption password" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
-                            ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!<br><br>
+                            <p>⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!</p>
                         {% endif %}
                     {% else %}
-                        <strong>Everything set!</strong> Click on the button below to test the path and encryption password:<br/><br/>
+                        <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
                         <form method="POST" action="/api/docker/backup-test" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Test path and encryption password"/><br/>
+                            <input type="submit" value="Test path and encryption password"/>
                         </form>
                     {% endif %}
                 {% endif %}
                 <h2>How to reset the AIO instance?</h2>
-                If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.<br><br>
+                <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
             {% endif %}
 
             {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
+                    <p>You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
                 {% else %}
-                    No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
+                    <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                 {% endif %}
             {% endif %}
 
             {% if is_backup_container_running == true %}
-                <span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
-                <a href="" class="button reload">Reload ↻</a><br/><br>
+                <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                <p><a href="" class="button reload">Reload ↻</a></p>
             {% endif %}
 
             {% if domain != "" %}
@@ -221,31 +221,30 @@
                     {% if isApacheStarting != true %}
                         {% if borg_backup_host_location != '' %}
                             <details>
-                            <summary>Click here to reveal the initial Nextcloud credentials</summary><br />
+                            <summary>Click here to reveal the initial Nextcloud credentials</summary>
                         {% endif %}
-                                Initial Nextcloud username: <strong>admin</strong><br />
-                                Initial Nextcloud password: 
+                                <p>Initial Nextcloud username: <strong>admin</strong></p>
                         {% if borg_backup_host_location != '' %}
                             {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                            <strong>{{ nextcloud_password }}</strong><br /></details><br />
+                            <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
                         {% else %}
-                            <strong>{{ nextcloud_password }}</strong><br><br>
+                            <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
                         {% endif %}
-                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/><br>
+                        <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
                         {% if borg_backup_host_location == '' %}
-                            If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong><br><br>
+                            <p>If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
                         {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
-                            <span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <strong>Starting</strong> next to each container for further details.<br /><br />
-                            <a href="" class="button reload">Reload ↻</a><br/><br>
+                            <p><span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <strong>Starting</strong> next to each container for further details.</p>
+                            <p><a href="" class="button reload">Reload ↻</a></p>
                         {% else %}
-                            It seems at least one container was not able to start correctly and is currently restarting.<br><br>
-                            To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.<br><br>
+                            <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
+                            <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
                             <form method="POST" action="/api/docker/stop" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Stop containers" />
+                                <input type="submit" value="Stop containers" />
                             </form>
                         {% endif %}
                     {% endif %}
@@ -291,16 +290,16 @@
 
                     {% if has_update_available == true %}
                         {% if is_mastercontainer_update_available == false %}
-                            ⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.<br><br>
+                            <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
                         {% endif %}
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
-                            Your containers are up-to-date.<br><br>
+                            <p>Your containers are up-to-date.</p>
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
-                                <summary>Note about <strong>Nextcloud {{ newMajorVersion }}</strong></summary><br>
-                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></strong><br/>
-                                </details><br>
+                                <summary>Note about <strong>Nextcloud {{ newMajorVersion }}</strong></summary>
+                                    <p>If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></strong></p>
+                                </details>
                             {% endif %}
                         {% endif %}
                     {% endif %}
@@ -309,34 +308,34 @@
                 {% if isAnyRunning == true %}
                     {% if isApacheStarting != true %}
                         {% if is_mastercontainer_update_available == true %}
-                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.<br /><br />
+                            <p>⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.</p>
                             {% if current_channel starts with 'latest' %}
-                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a><br><br>
+                                <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
                             {% elseif current_channel starts with 'beta' %}
-                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a><br><br>
+                                <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
                             {% elseif current_channel starts with 'develop' %}
-                                You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a><br><br>
+                                <p>You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                             {% endif %}
                         {% endif %}
                         <form method="POST" action="/api/docker/stop" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Stop containers" />
+                            <input type="submit" value="Stop containers" />
                         </form>
                     {% endif %}
                 {% else %}
                     {% if isBackupOrRestoreRunning == true %}
-                        Restore or Backup currently running. Cannot start the containers until Restore or Backup is complete.<br /><br />
+                        <p>Restore or Backup currently running. Cannot start the containers until Restore or Backup is complete.</p>
                     {% else %}
                         {% if was_start_button_clicked == false %}
-                            <br>Clicking on the button below will download all docker containers and start them. This can take a long time depending on your internet connection. Since the overall size is a few GB, this can take around 5-10 min or more. Please be patient!<br><br>
+                            <p>Clicking on the button below will download all docker containers and start them. This can take a long time depending on your internet connection. Since the overall size is a few GB, this can take around 5-10 min or more. Please be patient!</p>
                         {% endif %}
                         {% if is_mastercontainer_update_available == true %}
-                            ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>
+                            <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
                             <form method="POST" action="/api/docker/watchtower" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Update mastercontainer" />
+                                <input type="submit" value="Update mastercontainer" />
                             </form>
                         {% else %}
                             {% if was_start_button_clicked == false %}
@@ -346,13 +345,13 @@
                                     {% if newMajorVersion != '' %}
                                         <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud {{ newMajorVersion }} (if unchecked, Nextcloud {{ newMajorVersion - 1 }} will get installed)</label><br>
                                     {% endif %}
-                                    <input class="button" type="submit" value="Download and start containers" />
+                                    <input type="submit" value="Download and start containers" />
                                 </form>
                             {% elseif has_update_available == false %}
                                 <form method="POST" action="/api/docker/start" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button" type="submit" value="Start containers" />
+                                    <input type="submit" value="Start containers" />
                                 </form>
                             {% else %}
                                 <form method="POST" action="/api/docker/start" class="xhr">
@@ -369,16 +368,16 @@
 
                     {% if is_backup_section_enabled == false %}
                         <h2>Backup and restore</h2>
-                        The backup section is disabled via environmental variable.<br><br>
+                        <p>The backup section is disabled via environmental variable.</p>
                     {% else %}
                         {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
                             <h2>Backup and restore</h2>
-                            Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.<br><br>
+                            <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit backup location" />
+                                <input type="submit" value="Submit backup location" />
                             </form>
                             {{ include('includes/backup-dirs.twig') }}
                         {% endif %}
@@ -390,33 +389,33 @@
                             {% if is_backup_container_running == false %}
                                 <h2>Backup and restore</h2>
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                                    <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                     {% if borg_backup_mode == "check" %}
-                                        The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a><br /><br />
+                                        <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                         <details>
-                                            <summary>Reveal repair option</summary><br />
-                                            Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <summary>Reveal repair option</summary>
+                                            <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
                                             <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form><br />
-                                        </details><br />
+                                                <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
+                                            </form>
+                                        </details>
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
-                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.<br /><br />
+                                        <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Set backup location again" />
+                                            <input type="submit" value="Set backup location again" />
                                         </form>
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     {% if borg_backup_mode == "backup" %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                     {% else %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                     {% endif %}
                                 {% endif %}
                             {% endif %}
@@ -424,51 +423,51 @@
                             {% if is_backup_container_running == false and isApacheStarting == false %}
                                 {% if has_backup_run_once == true %}
                                     <details>
-                                    <summary>Click here to reveal all backup options (including an option for automatic updates)</summary><br />
+                                    <summary>Click here to reveal all backup options (including an option for automatic updates)</summary>
                                 {% endif %}
                                 <h3>Backup information</h3>
-                                This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong><br /><br/>
-                                Please save this password in a safe place. You won't be able to restore from backup if you lose this password! <br /><br/>
-                                All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.<br /><br/>
-                                The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
-                                By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.<br /><br/>
-                                Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong> <br /><br/>
-                                Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.<br><br>
-                                Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.<br><br>
-                                For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.<br>
+                                <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
+                                <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
+                                <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
+                                <p>The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
+                                <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
+                                <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
+                                <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
+                                <p>For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
+                                <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
+                                <p>For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>
-                                    Clicking on the button below will create a backup.<br><br/>
+                                    <p>Clicking on the button below will create a backup.</p>
                                     <form method="POST" action="/api/docker/backup" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input class="button" type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
+                                        <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
                                     </form>
 
                                     {% if has_backup_run_once == false %}
                                         <h3>Reset backup host location</h3>
-                                        If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.<br><br/>
+                                        <p>If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.</p>
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Reset backup location" />
+                                            <input type="submit" value="Reset backup location" />
                                         </form>
                                     {% endif %}
 
                                     {% if has_backup_run_once == true %}
                                         <h3>Backup check</h3>
-                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.<br><br/>
+                                        <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" /><br/>
+                                            <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
                                         </form>
 
                                         <h3>Backup restore</h3>
-                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.<br><br>
+                                        <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -477,53 +476,51 @@
                                                     <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
                                                 {% endfor %}
                                             </select>
-                                            <input class="button" type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
+                                            <input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
                                         </form>
 
                                         <h3>Daily backup and automatic updates</h3>
                                         {% if daily_backup_time == "" %}
-                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.<br><br/>
+                                            <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Submit backup time" /><br>
+                                                <input type="submit" value="Submit backup time" /><br>
                                                 <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
-                                                <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label><br>
+                                                <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
                                             </form>
                                         {% else %}
-                                            Daily backups will be created at <strong>{{ daily_backup_time }} UTC</strong>. A notification about the result of the backup will be sent.
+                                            <p>Daily backups will be created at <strong>{{ daily_backup_time }} UTC</strong>. A notification about the result of the backup will be sent.</p>
                                             {% if automatic_updates == true %}
-                                                Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated. 
+                                                Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated.
                                             {% endif %}
-                                            To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.<br><br/>
+                                            <p>To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input class="button" type="submit" value="Disable or change daily backups" />
+                                                <input type="submit" value="Disable or change daily backups" />
                                             </form>
                                         {% endif %}
 
                                         <h3>Back up additional directories and docker volumes of your host</h3>
-                                        Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.<br><br>
+                                        <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
                                         <form method="POST" action="/api/configuration" class="xhr">
                                             <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Submit additional backup locations" /><br>
+                                            <input type="submit" value="Submit additional backup locations" />
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!<br><br/>
-                                        Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
-                                        Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
+                                        <p>Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!</p>
+                                        <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
+                                        <p>Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.</p>
                                         {% if additional_backup_directories != "" %}
-                                            This option is currently set. You can disable it again by clearing the field and submitting your changes.<br><br>
+                                            <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
                                         {% endif %}
                                     {% endif %}
                                 {% endif %}
-                                {% if has_backup_run_once == false %}
-                                    <br />
-                                {% else %}
+                                {% if has_backup_run_once == true %}
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -531,79 +528,79 @@
                     {% endif %}
 
                     {% if is_backup_container_running == false %}
-                        {% if isApacheStarting == false %} 
+                        {% if isApacheStarting == false %}
                             <h2>AIO passphrase change</h2>
                             <details>
-                                <summary>Click here to change your AIO passphrase</summary><br />
-                                You can change your AIO passphrase below:<br><br />
+                                <summary>Click here to change your AIO passphrase</summary>
+                                <p>You can change your AIO passphrase below:</p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
                                     <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button" type="submit" value="Submit passphrase change" />
+                                    <input type="submit" value="Submit passphrase change" />
                                 </form>
-                                The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.<br>
+                                <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
                             </details>
                         {% endif %}
                     {% endif %}
                 {% endif %}
                 {% if is_backup_container_running == false %}
                     <h2>Optional containers</h2>
-                    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.<br><br>
+                    <p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
                     {% if isAnyRunning == true %}
-                        <strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.<br><br>
+                        <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
                     {% else %}
-                        <strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.<br><br>
+                        <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
                     {% endif %}
                     <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                         <input type="hidden" name="options-form" value="options-form">
                         {% if is_clamav_enabled == true %}
-                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br><br>
+                            <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
                         {% else %}
-                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label><br><br>
+                            <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
                         {% endif %}
                         {% if is_collabora_enabled == true %}
-                            <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label><br>
+                            <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
                         {% else %}
-                            <input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label><br>
+                            <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
                         {% endif %}
                         {% if is_fulltextsearch_enabled == true %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
+                            <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
                         {% else %}
-                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label><br><br>
+                            <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
                         {% endif %}
                         {% if is_imaginary_enabled == true %}
-                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>
+                            <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
                         {% else %}
-                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label><br><br>
+                            <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
                         {% endif %}
                         {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
+                            <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
                         {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
+                            <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
                         {% endif %}
                         {% if is_talk_recording_enabled == true %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label><br><br>
+                            <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
                         {% else %}
-                            <input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label><br><br>
+                            <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
-                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
+                            <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
                         {% else %}
-                            {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
+                            {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
                         {% endif %}
                         {% if is_docker_socket_proxy_enabled == true %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br>
+                            <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
                         {% else %}
-                            <input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label><br><br>
+                            <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
                         {% endif %}
-                        <input id="options-form-submit" class="button" type="submit" value="Save changes" />
+                        <input id="options-form-submit" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong><br>
+                    <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}
@@ -621,21 +618,21 @@
                         <h3>Collabora dictionaries</h3>
 
                         {% if collabora_dictionaries == "" %}
-                            In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:<br><br>
+                            <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit collabora dictionaries" />
+                                <input type="submit" value="Submit collabora dictionaries" />
                             </form>
-                            You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.<br><br>
+                            <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
                         {% else %}
-                            The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.<br><br/>
+                            <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Reset collabora dictionaries" />
+                                <input type="submit" value="Reset collabora dictionaries" />
                             </form>
                         {% endif %}
                     {% endif %}
@@ -643,27 +640,27 @@
                     <h2>Timezone change</h2>
                     {% if isAnyRunning == true %}
                         {% if timezone != "" %}
-                            The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>.<br><br>
+                            <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>.</p>
                         {% endif %}
-                        <strong>Please note:</strong> You can change the timezone when your containers are stopped.<br><br>
+                        <p><strong>Please note:</strong> You can change the timezone when your containers are stopped.</p>
                     {% else %}
                         {% if timezone == "" %}
-                            To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
-                            You can configure the timezone for Nextcloud below:<br><br>
+                            <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
+                            <p>You can configure the timezone for Nextcloud below:</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
+                                <input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.<br><br>
+                            <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
                         {% else %}
-                            The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.<br><br/>
+                            <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
                             <form method="POST" action="/api/configuration" class="xhr">
                                 <input type="hidden" name="delete_timezone" value="yes"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Reset the timezone" />
+                                <input type="submit" value="Reset the timezone" />
                             </form>
                         {% endif %}
                     {% endif %}
@@ -677,7 +674,7 @@
         <script type="text/javascript" src="before-unload.js"></script>
     {% endif %}
 
-    </div>
+    </main>
     <div id="overlay">
         <div class="loader"></div>
     </div>
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index e3c34d62..718c1844 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,36 +1,40 @@
 <details>
-    <summary>Click here to view the current AIO config and documentation links</summary><br />
+    <summary>Click here to view the current AIO config and documentation links</summary>
     {% if was_start_button_clicked == true %}
-        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
-        You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.<br><br>
+        <p>Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
+        <p>You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
     {% endif %}
-    
-    {% if nextcloud_datadir starts with '/' %}
-        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} directory.
-    {% else %}
-        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
-    {% endif %}
-    See the <a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.<br><br>
 
-    {% if nextcloud_mount == '' %}
-        The Nextcloud container is confied and local external storage in Nextcloud is disabled.
-    {% else %}
-        The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
-    {% endif %}
-    See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.<br><br>
+    <p>
+        {% if nextcloud_datadir starts with '/' %}
+            Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} directory.
+        {% else %}
+            Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
+        {% endif %}
+        See the <a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.
+    </p>
 
-    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.<br><br>
+    <p>
+        {% if nextcloud_mount == '' %}
+            The Nextcloud container is confied and local external storage in Nextcloud is disabled.
+        {% else %}
+            The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
+        {% endif %}
+        See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
 
-    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.<br><br>
+    <p>Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.</p>
 
-    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.<br><br>
+    <p>For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.</p>
 
-    {% if is_dri_device_enabled == true %}
-        The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
-    {% else %}
-        The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
-    {% endif %}
-    See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.<br><br>
+    <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
 
-    For further documentation on AIO, refer to <strong><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.<br>
+    <p>
+        {% if is_dri_device_enabled == true %}
+            The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
+        {% else %}
+            The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
+        {% endif %}
+        See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.</p>
+
+    <p>For further documentation on AIO, refer to <strong><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
 </details>
diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
index bbc11eb8..22090dee 100644
--- a/php/templates/includes/backup-dirs.twig
+++ b/php/templates/includes/backup-dirs.twig
@@ -1,6 +1,6 @@
-The folder path that you enter must start with <strong>/</strong> and must <strong>not</strong> end with <strong>/</strong>.<br><br>
-An example for Linux is <strong>/mnt/backup</strong>.<br><br>
-On Synology it could be <strong>/volume1/docker/nextcloud/backup</strong>.<br><br>
-For macOS it may be <strong>/var/backup</strong>.<br><br>
-On Windows it might be <strong>/run/desktop/mnt/host/c/backup</strong>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <strong>Please note</strong>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.<br><br>
-Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.<br><br>
+<p>The folder path that you enter must start with <strong>/</strong> and must <strong>not</strong> end with <strong>/</strong>.</p>
+<p>An example for Linux is <strong>/mnt/backup</strong>.</p>
+<p>On Synology it could be <strong>/volume1/docker/nextcloud/backup</strong>.</p>
+<p>For macOS it may be <strong>/var/backup</strong>.</p>
+<p>On Windows it might be <strong>/run/desktop/mnt/host/c/backup</strong>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <strong>Please note</strong>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.</p>
+<p>Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.</p>
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 34287829..7240a7e2 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -3,7 +3,7 @@
 {% block body %}
     <div class="login-wrapper">
         <div class="login">
-            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
+            <img alt="Nextcloud logo" src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO Login</h1>
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO passphrase:</p>
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 1069980c..3ec51881 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -3,7 +3,7 @@
 {% block body %}
     <div class="login-wrapper">
         <div class="login">
-            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
+            <img alt="Nextcloud logo" src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>

From c990d03b9132946627e7c5b2f3498d816af0a71e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 9 Aug 2024 12:02:59 +0000
Subject: [PATCH 2399/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 6df6806a..ecbba1dd 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1712,16 +1712,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.10.3",
+            "version": "v3.11.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "67f29781ffafa520b0bbfbd8384674b42db04572"
+                "reference": "e80fb8ebba85c7341a97a9ebf825d7fd4b77708d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/67f29781ffafa520b0bbfbd8384674b42db04572",
-                "reference": "67f29781ffafa520b0bbfbd8384674b42db04572",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/e80fb8ebba85c7341a97a9ebf825d7fd4b77708d",
+                "reference": "e80fb8ebba85c7341a97a9ebf825d7fd4b77708d",
                 "shasum": ""
             },
             "require": {
@@ -1729,7 +1729,8 @@
                 "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
                 "symfony/polyfill-mbstring": "^1.3",
-                "symfony/polyfill-php80": "^1.22"
+                "symfony/polyfill-php80": "^1.22",
+                "symfony/polyfill-php81": "^1.29"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
@@ -1775,7 +1776,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.10.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.11.0"
             },
             "funding": [
                 {
@@ -1787,7 +1788,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-16T10:04:27+00:00"
+            "time": "2024-08-08T16:15:16+00:00"
         }
     ],
     "packages-dev": [

From 30981b9afa22eca6da007f888b71df2ba54d9b8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Aug 2024 12:10:45 +0000
Subject: [PATCH 2400/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 16.3-alpine to 16.4-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index ff8de132..64d66403 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/16/alpine3.20/Dockerfile
-FROM postgres:16.3-alpine
+FROM postgres:16.4-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From a23026889fa09ddb687793b793bc216bddfe6d2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Aug 2024 12:58:22 +0000
Subject: [PATCH 2401/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.14.3 to 8.15.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 45a4aa9d..9289608d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.14.3
+FROM elasticsearch:8.15.0
 
 USER root
 

From 151b05ec014122311be55b26927b98dee6601e73 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 9 Aug 2024 16:36:16 +0200
Subject: [PATCH 2402/3949] nextcloud: config files: do not compare against
 false

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php  | 2 +-
 Containers/nextcloud/config/proxy.config.php | 8 ++++----
 Containers/nextcloud/config/redis.config.php | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index 6ccf8932..c890e787 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -13,6 +13,6 @@ $CONFIG = array (
       ),
   ),
 );
-if (getenv('APPS_ALLOWLIST') !== false) {
+if (getenv('APPS_ALLOWLIST')) {
     $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
 }
diff --git a/Containers/nextcloud/config/proxy.config.php b/Containers/nextcloud/config/proxy.config.php
index c7848474..c283f86e 100644
--- a/Containers/nextcloud/config/proxy.config.php
+++ b/Containers/nextcloud/config/proxy.config.php
@@ -1,13 +1,13 @@
 <?php
-if (getenv('HTTP_PROXY') !== false) {
+if (getenv('HTTP_PROXY')) {
     $CONFIG['proxy'] = getenv('HTTP_PROXY');
 }
-if (getenv('HTTPS_PROXY') !== false) {
+if (getenv('HTTPS_PROXY')) {
     $CONFIG['proxy'] = getenv('HTTPS_PROXY');
 }
-if (getenv('PROXY_USER_PASSWORD') !== false) {
+if (getenv('PROXY_USER_PASSWORD')) {
     $CONFIG['proxyuserpwd'] = getenv('PROXY_USER_PASSWORD');
 }
-if (getenv('NO_PROXY') !== false) {
+if (getenv('NO_PROXY')) {
     $CONFIG['proxyexclude'] = explode(',', getenv('NO_PROXY'));
 }
diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index 4c541471..c99a9ec1 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -9,13 +9,13 @@ if (getenv('REDIS_HOST')) {
     ),
   );
 
-  if (getenv('REDIS_HOST_PORT') !== false) {
+  if (getenv('REDIS_HOST_PORT')) {
     $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
 
-  if (getenv('REDIS_DB_INDEX') !== false) {
+  if (getenv('REDIS_DB_INDEX')) {
     $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
   }
 }

From 8c1f6ac4f602feb5b14d899fbf260546eb7db042 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 11 Aug 2024 12:09:16 +0000
Subject: [PATCH 2403/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9905e431..8bfc7d6f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -77,7 +77,7 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install igbinary-3.2.15; \ 
+    pecl install igbinary-3.2.16; \ 
     pecl install APCu-5.1.23; \
     pecl install memcached-3.2.0 \
         --configureoptions 'enable-memcached-igbinary="yes"'; \

From c369b1f4aef4b14591ca743a4b03b030eda731cc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 12 Aug 2024 12:04:33 +0200
Subject: [PATCH 2404/3949] aio-interface: update stylesheet with update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/layout.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index e4d5c4ca..aefb4955 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css" media="all" />
+        <link rel="stylesheet" href="/style.css?v2" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
     </head>

From 2cd955a7f2385cd132927f0ff3dde9b4637df1b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Aug 2024 12:21:23 +0000
Subject: [PATCH 2405/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.1.1-cli to 27.1.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 848add64..0d86164c 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.1.1-cli AS docker
+FROM docker:27.1.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 4e2420030134d16f3697abbdbe47a3cea8c245ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Aug 2024 12:44:56 +0000
Subject: [PATCH 2406/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.22.6-alpine3.20 to 1.23.0-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index c7d51736..4ddec533 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.6-alpine3.20 AS go
+FROM golang:1.23.0-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From c63440f2eec8dbcac12b8a4c5341893065cfc6f6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Aug 2024 19:54:54 +0200
Subject: [PATCH 2407/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 8c899516..e32a0c05 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.1.1.1
+FROM onlyoffice/documentserver:8.1.1.2
 
 # USER root is probably used
 

From db55a1c2822eee4dd295883726f36f85fb292e3a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Aug 2024 10:00:47 +0200
Subject: [PATCH 2408/3949] helm-chart: document that IMAGE_MIRROR_PREFIX needs
 a trailing slash

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 nextcloud-aio-helm-chart/values.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index f23d9572..9302154a 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -399,7 +399,7 @@ MAIL_DOMAIN:         # (not set by default): Set a different domain for the emai
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
 
-IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
+IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
 ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
 ADDITIONAL_CONFIG
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 6591aae8..8977910a 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -68,6 +68,6 @@ MAIL_DOMAIN:         # (not set by default): Set a different domain for the emai
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
 
-IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry.
+IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
 ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.

From 52305ce9e9ea28ed9017e787ce5be519507ea3b6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Aug 2024 11:46:21 +0200
Subject: [PATCH 2409/3949] helm-chart: fix ALPINE_IMAGE_ORG variable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-deployment.yaml         |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml         |  4 ++--
 .../nextcloud-aio-database-deployment.yaml       |  4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml      |  4 ++--
 .../nextcloud-aio-notify-push-deployment.yaml    |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml     |  2 +-
 .../nextcloud-aio-redis-deployment.yaml          |  2 +-
 nextcloud-aio-helm-chart/update-helm.sh          | 16 ++++++++--------
 nextcloud-aio-helm-chart/values.yaml             |  2 +-
 10 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 8a4fbc4b..c986c8a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -26,7 +26,7 @@ spec:
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b9595b84..30570e20 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -27,7 +27,7 @@ spec:
       initContainers:
         - name: init-subpath
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -41,7 +41,7 @@ spec:
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 7185f3f5..0697737a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -26,7 +26,7 @@ spec:
       initContainers:
         - name: init-subpath
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -43,7 +43,7 @@ spec:
               mountPath: /nextcloud-aio-database
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index bd38cbd6..5d47750d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -27,7 +27,7 @@ spec:
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 83267591..fd028792 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -26,7 +26,7 @@ spec:
       initContainers:
         - name: "delete-lost-found"
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -41,7 +41,7 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fd4505bd..7a66d2d2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -26,7 +26,7 @@ spec:
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d28179f9..94795e0d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -27,7 +27,7 @@ spec:
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3c08ead5..50c4ca67 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -26,7 +26,7 @@ spec:
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9302154a..6b86e872 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -60,7 +60,7 @@ cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -73,7 +73,7 @@ cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -84,7 +84,7 @@ cat << EOL > /tmp/initcontainers.database
           volumeMountsInitContainer:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -98,7 +98,7 @@ cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -109,7 +109,7 @@ cat << EOL > /tmp/initcontainers.clamav
           volumeMountsInitContainer:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -123,7 +123,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -134,7 +134,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
           volumeMountsInitRmLostFound:
         - name: init-volumes
           {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG}}/alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
           {{- else }}
           image: alpine
           {{- end }}
@@ -401,7 +401,7 @@ TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max strea
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. It needs a trailing slash!
 ADDITIONAL_CONFIG
 
 mv /tmp/sample.conf ../helm-chart/values.yaml
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 8977910a..bd482675 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -70,4 +70,4 @@ TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max strea
 
 IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
 NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
+ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. It needs a trailing slash!

From e74f52aaebfb35ba05bfc52e97b7fcccb034fafd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Aug 2024 12:01:30 +0200
Subject: [PATCH 2410/3949] helm-chart: simplify logic around image for
 initcontainers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-deployment.yaml      |  4 ---
 .../nextcloud-aio-clamav-deployment.yaml      |  8 ------
 .../nextcloud-aio-database-deployment.yaml    |  8 ------
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  4 ---
 .../nextcloud-aio-nextcloud-deployment.yaml   |  8 ------
 .../nextcloud-aio-notify-push-deployment.yaml |  4 ---
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  4 ---
 .../nextcloud-aio-redis-deployment.yaml       |  4 ---
 nextcloud-aio-helm-chart/update-helm.sh       | 27 -------------------
 9 files changed, 71 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index c986c8a0..a9c83d3a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -25,11 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 30570e20..4592f89e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -40,11 +36,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 100:100
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 0697737a..cbd61b3c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -25,11 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
@@ -42,11 +38,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 999:999
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 5d47750d..cbbf7168 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fd028792..8d526c6e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -25,11 +25,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - rm
             - "-rf"
@@ -40,11 +36,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 7a66d2d2..05585df4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -25,11 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 94795e0d..c574d17d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -26,11 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 50c4ca67..55a0952e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -25,11 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 6b86e872..be2d968b 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -59,11 +59,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"
@@ -72,22 +68,14 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
           volumeMountsInitContainer:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 999:999
@@ -97,22 +85,14 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
           volumeMountsInitContainer:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chown
             - 100:100
@@ -122,10 +102,7 @@ EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
           {{- end }}
           command:
             - rm
@@ -133,11 +110,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
             - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
         - name: init-volumes
-          {{- if or .Values.IMAGE_MIRROR_PREFIX .Values.ALPINE_IMAGE_ORG }}
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- else }}
-          image: alpine
-          {{- end }}
           command:
             - chmod
             - "777"

From 8e8f5f1a04c904b3359c0b29a73edccbdf387f8a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 19 Jul 2024 11:23:15 +0200
Subject: [PATCH 2411/3949] aio-interface: adjust design for nc30

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/img/Background_Light.jpg | Bin 0 -> 676856 bytes
 php/public/img/background.png       | Bin 9621 -> 0 bytes
 php/public/style.css                |  68 +++++++++++++++++++---------
 3 files changed, 47 insertions(+), 21 deletions(-)
 create mode 100644 php/public/img/Background_Light.jpg
 delete mode 100644 php/public/img/background.png

diff --git a/php/public/img/Background_Light.jpg b/php/public/img/Background_Light.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..ecbe6d0b897064ec992d01d0de6500736cff0a19
GIT binary patch
literal 676856
zcmbTd2~-o=(>U5mItw8Q9SB=QY{FuQh=4&^wVNc!BHEEeMMYVH25<v$0Uf6k7DI4}
z2ri6ECxV8!BaVtXiUSJHFeV5(Iy$4c3^MA^bw>SM{_Xsh_r3SN^PP9z%}GwDyXsce
zy>+YZt*ZX~^XIz&l#-a72vDd1pdmlN=O+MPzC5?E6rcbg003(8);*d|TT-$#X3Uty
z%R;j?OLFo;bC)a{vnqS(nDEfBF+kkJRZFvT3-e0goV*43i{nNAICEYE=WF6cGa}Q%
z(w55dwE0P8#d+yvQ&hQSg}Koh(ZmUG+^U#Wi<U0RE6IjeEn2vES<I?<(chiNkk?;s
zj}gItgOn7;i_kAr;hAX|EL&2X2S<m7kIoGXi-5;Rhh~q<9yd06TvT=l91#{F9TPTo
zOxU>5;o&in5iwzr@V}afBv`DOA2Us!_%Cwgzj)EV<XX9MW$4PWp-YMvj0um9jvf;h
zF(x8nGzl?!S?S`E>{X)|FZ2I*5AwWaxyAWQOY)a2hQIWfowH<lNxX<;_McKLTAG&j
zpN{{>0b8`_i)epCFDsdr_kXeRKSD24l`hR2Gc9k~lI6v@c_g_1zmdt|``-zD0VKJJ
znOdAr&P(<}`I6k_i}DtiB+KJP<daZMz9wc|bXYDqe$k`H=Vgx{Esd0hkB-V47dAR~
zY);hJoCr;xG&|?t{rpe(k>jJn!)4<YV<RHQg@-E=QAI+uJX|J=j!2Y_9TyS)Z`|a?
z%Sy5r=jQ#Jc0Nh_U%2xB6*op!oR?j)q*%3N$-;jt0;XM3vSgWd$x=8XGBg?%r)B5n
zFaB~T_{%K)Q)qc!asG-tO=9tqMeyIl9FzY)u<-v){D0zW{{If&7?P<mUv%Za>CV4z
zkqY_c@;{4#{PUmXl((2%L&fA``TPvv{k;SL%>{B%Qa=9zQ~*@Umqz|lX;kt{qmqsG
zuSTbVWTVmPbOwV#r!$!>7L&>T(m4NV6cQe!flTr-o5f`Pw<rGr`QI--UjX<l)>0RM
zM&ScgK841oeC`0w0e|!L<%eYT??!S5(iu$Fe;)k5o<IPF6aWP2G#W^y08}>$!1oJB
zsY+UQk<N9qSp*(yk8q<ucO={sFkVc{Vfwolv-D$YWgeE6^nl!D(m=1?0ePfnIsXe;
zD%lx@&LBIZH~|zs)s^NK4x(;!CE3|#hFKJmFimi*-Qmu>m*fAuc&zM&z9qfZk{jUh
z`4+&Tk@$QXAD9Sy2878!KA38~E;)aFY|V$%AL<X(nBF_4kILMkye+6cVCWi=yp%tB
z4jT8Y8ok}0qx(5&j7IuK>W!|Rs=9`)-|!9|n|e|z_4oIXsi*;7s=l06#yV-Pp<E?>
z+SOepOY8z^8>c>3^*59T>p8^{t0V>AV#Cqcw0r4^UB)(`L+3tF)$Bd&Wx~jOS59Tx
zv<M~d_Azn(FI#7Pr7WSW7usrWZVuI&_iCI$=>Covqom-^hxz_;X~%qyGQoa-bKB8t
zNB>Ys7w%C5Iq2Qyy{=CcK#u$ze{^iIe}j<l9*26}?rry!RWmpz_>r?iABlbUk97c9
znYuJ7uzMEFNlSiIwZZg2_e=dd^InhYKp-bE)SVRQ1;!XT)F$*P_S4l#bHsS!<mIg4
zjlzrjb~Swl2F!#vtA$8R3|U;YUhx1v*Ywt+y&0?3a~8kMJ6tMh`|j8*Yq{o`1Qb2K
zm3g?KVTB3qG&x#a^*f7K$kJOM+{)x)tPngrzIRaD!8m;kc^Yt|R=A>pT1{N`4{C~B
zKGVPuS2y2U((jqrW!Nnlp!wijH8=fsPS?o%LoV)Vtbnk#nghR>cq40r%-+J}lE|6&
z<<h4CSA;7}RpqXeceAt<B7&qaI#OlV(^rY}f7TYN(}soqb`xD)4Dc1{>3vI7=^;t3
zGYxft!{Ee9dY9%2NpbF3M@fz!H#Rv`CCzbX1e}&7N>>*8S;Ln;vKDMMoq=~%+-MNC
z*yq&(9r!&i>q>dMQ~I~hdM3#dxLjzuf32`WQwm0|PKvY%$4v^h2*)MRvDnn^p=P4P
zz}Sk}X|rwGn`7H_Kd&ul7&rM%e;uVpnVt|K9^RO0HhW_q;{=g2t4Gk&vHM#OceQbn
zOjQRoX?A<=*0AdRi{-D<q&(PH2jp(%6*Ls!%aNz?w=qX`n4z48tWhriDsj*dK2hDD
z$%u~4&mz_4c8Ltt1;qDD7vcx4G}i^4>9UQ;WqG9RzU-qLWh3^CEgUD8KPMG+F6P(}
zW8QD&iJ6>T&l>WFEEI3mOSxVD(dJsAiMVSU@<|R!gZguvGfn8mNkO4kgyW_SH=1w#
zu95<d_jDkqutd7hI#m60#+$m#=>hR7S?lptW@}N<8h(j?2vQd0d(S)0Znkwqj{xOQ
zgIe#_?9boZEkm3RVf}AFc~nDPCNME2+gfyGUz?vT5jozX`(=wsEzS8UkapD6F2nxP
z4DY8^yXG20*ZCZ_6ujR~RlBvG`R1mldSi5CpR9G~ev5FgD=j8y|Kh~OHGBC9Pw?=F
z#Z|lat*qmHzqYt}uSQn=fH=2LcoysPm&`N=-|GDkNREd}iq+5d>vmJNj9;N}7((92
zru0s2wmWLz3e5tG@SxWDgsIPKYw1^{@LsWg%|9=ZOBe3wAXb<d#s+@90Mm1>spV1I
z8rG;HXZy{D*C!vi!%fV+HOeB<ZH_Pyu1Tv<AV2`H-U=uiGq@?jNY)q)Lv)nn?1)}>
z)ASj5&}=T&-IAXNBUz!>73tOVC)MW5q9liB;?}a8K=jydia~GKwLkbAzl7$OoJaS1
zpt)`>NJW<^WUaSf$y9#<11jD%PP28+g-9$mX<LIto2Y8hA5W`~9Ohr<w?CiJf?aFf
z*~Ing9UOkzyPpe$%t}!*0(TF#we){u8JV4vT#*?++2WmDpH|;rACSPl^hk>rO+4(>
zX!hppGk}^hKP#o|qVuifLUI1BjKj^%x29TODjXXqg9c7oTKbGc5!<lB)yLLWc4kfr
z-l-cw$9_2Vo2AC>L{op{lxWxMN-2EZz&v9`7V7kWk(1tS6!L~Jf)pxl^KwK~DF?dN
zO`LYXTvQ@|^3k#Ut2DQ6#A_>9TAAj&eXWrnyIM2Coiva8Uyy<rm8!m|EoI`igPl4X
zu=X*sa5L|QqK`+L6Xd)xV54|eIBf$I>-^j%<ULyb9C-@ANRuu+T(x(E^}0cuDBA|Q
z8^i@GwydPc&>A#iVKV{lsN~L@Zms@h^Ojkn!44+Fz$pyHJLY1sE<N1%g#)GV3KOl=
zY^MM0B_5f7xWO{Cv$$!q6s~R&ZrIwYxYnw_8c3RqvGS@7b>%8XU`>0Q5YUdSWuZTK
zp3<l{yNIiArMl)cAJ}ir87LL|(RIF(hDM>YwE#j^=D1TMR!A}9Wj86x3VL3(tI?~u
zML2G%RF=#yVRY@z_e7kJO65R68rHk~5wT*6dIl1)z&EMfqv$zlbd1o`tbe3oj+Q1<
z|NJ<%uwn$58JiTB5`??XY!ik<sRBljvIJO1&2U3ECN8e3d~;WKYqB7dxh!gT(z<+#
z-CmyC$%1;*_$9F2!kHAnn80dVVJZxCOANRYx;|fywnUJN=?i*woZbH2StvGHU(<N}
zMy=m1q(u77DtJXJsh9o|k+!2ag}Y53x~oyx-Txo#>OEkl*Wc7h^xozFBpzrfg~KTh
z={NA$WU0cw-deqv-%Z)rYWsg8e?v}3lxtT5hjde0j)1)0EX(83ZsdC4RX6_p8kt|K
ztucEm-4aQ=J8sqmawf_%#0}x3z`6f-zI*%sMR@1b00tZrv_-?a{@-yYSweRmEDY)*
zaY=70%%oJ;&p=p912+Rs?9f`flGj`4S(lkelBVbUB(64t_IAaTYe&chF9{Mt^7=F&
za8I`^F}IUD<@PS_^w4(xF#qR@{-+|arHbe<J+d`4b@sWP^k+8g+r6(y0$gbQvP2m+
zW`1*sz1a+Qp1?@pg;jesxpMyY>sGP1+fdbBKLT7T_Rp(34`NjDyjnQ?%D(1(wWL2u
zJ|wBxe~`61MY%eao}NCk;4`3_xx(|SNEvo-bI2N%6vki6umR27X2~Bik+Z!D9#nXb
z^v;Yb9W$&2FT?LXIJ~+0nBi%Wk9+RyhpFN#N#EEGaTX1zI{Imye2%*cTCJGdgk&e^
z@s8G;*ZAId9cu6bLUUakNU7m+mCh3d${&^@Sq{#Rx~;p}jm}PIM7tV~j<yLYQ^O4W
zIBeoTv}paPBDrU);c}<jl$(oL1x`9NUhR3(b(K38b1AS&qx-?FC2D_<&}cu}44;`d
z!`b0|YUF9hSVgL>0AG|qtbfL3JFhqgC5}+D+2PdPl6%d!9vQSz;xSr{)J>~~dP_wI
z+=d1X<TgtAN`VFbVl;GR`#0G3dihI6ypbU^+H$_^cnJz3>cpbk@(Stv{Z4ZF@(N&z
za;h;4aCXJJAh6d;owP-=U#mUYu)U$tV}Ah6onmKsHes<EiVUk-?*v{S($U%q<#@;L
zC+D?;1Scs}JVC1kKpX<VNZW0-0AE`Wbig%s1C-D&cCW>I{4MP45A_{MuDwPIxBibF
zE=Id7xB$N?MV@{VMLwu9Q@^9osn_L+W%kP|b*<PBeA?liyF#X-{7`Ec%Nq#1qYnAK
zHfx2^xG$&~Tw_8Xx3)0z{aTjX;f4!UZ31oKr!MXX`NVd0tW2xD5@cm;cYsR<@;j-l
zyZYn!Ys9}D%-<vB7Ec_st~kDVHl6GIRtdbHKL~qt&$2O%2L2&+I^J9f!sAJG?%4z)
zn|R`a<R<WqT3xQ+2X`EIU{S`KebPM#_QTdNmpD^;wabI5y%doZkh=Xy<k0EZUXT0J
zbQ6=ZCc_YGceTDXOe*%fY}H7Q_{C$>!7Ev1+Z6={NU~fZi9JQE&`mKEm<kI;fzC%)
zAk<-@O<^>udwbe^8<4$)p<(b=n*iP{0~gCz$mcKqRXeIMJ-}@J$?G$403Mt3L^mfH
zHxer@)ycj1FVNs206taqeuqtcaXWr{Ey|wZ(XZD7u`|&Dy@?lEfXiH_$~hGbQ*&^A
z>yZX1YT(|`KA{h)t*VnQD$GE=f7tOb3oinqjtC;tCUErFIlFiHhyV=WD7mb#H*FQd
z47^^R`{wIWFcF>Ak-?8G+N{ZBtyM3=cz)l%8LT?keq8|J&hLn@#}*=dLEoCb$fR!#
zBYTHqPm3>^%mnal6IZe}iThzv0G0BM1y?sZTe$O$mh~)dM;+r${HAUQuA@>y^Gsf6
zetrk9XUMCsHRK%d9BYG_3-5qWrSa1aABNe}2kUaKP5TM|tz&Ks%y%*#;%=}SHaviO
z4-s`rUH8>#f(}Qu51X<hhNxYzU!g_{O40%2V~y-_Yo!`E_NZ>or1f>;ThGy9Z|}P>
zYblid#AGV0n<DmRx}`;#886=wKC&AP+Y6>o)e}hI55wq!CF#{3?DBDPF+fdyC8owF
z+HkJ--1kj@aG091t0v7ZE)o0fsoTfyh`Kauco=J+P8o24*lnW#riX7d?K5|~{1;KV
zvlbfG_tBkak0?@3v4tLhrZP2hsH0!tWgIbl+CDtLj0o2-mR<}oLT_IZ$b8?;6sS-O
zO`s~L*r#@qeuL``99y%|+Vo#-#jJHp7R&pLqQ~&IgBD6f>mQwh%WkrM=XCykl{mAl
zg28pSu;o!LdLIPLX||#vF1=LSekiFVjTcpGHuDne5P0Q8f$N-yAH9Oa2zX+l-gMjh
zCf|$Ezj?|H4t9+nKCRO0*N5O|VB_fha>1sld<~;YzydLEcf{{;%4QqItJZ0#ORJ#Q
zQJuHcnpX}&Q|u8-rFq=By}x&Jljs9(ipyRLk4)R@v3-N2pfcbMI&ol_obi%CXX-pq
z;idJuxd~;Kis-Kj9sHR`4JfNLhM0Hi+g*_N`dQ?fKu4y)b>H*@Ip4Sb+7u$~nB*<V
zPK-QmlyJaY9>G7Nr;XiN29JG-dJpsu8PAy?z0crIkLN?zmC1}*De#@flX46dMJfSC
zko=ES5dof({2c0^dbYXJ>*P3+74IM2(VbKEdOYJ8=^_}bj>G!=6k>&b!Rzj-1753d
zf*}tc=tc%Vc7Oow`8SqU%8C{dz>Kk!LqD3EZ{=00rSmV9wXtMXKAQrt0iIA>wH{b1
zHZ-Q+H6Ju_#epXzww)+k@3+_WQkO1wD8{1eeiqjTQoYXW*>l!xb{qW0@?X2Yjl07I
zULe~UCrMqb+K$eWBEa!n4ZCv(ct{*bk6H(Q+QIeO+B@h+>T=7}l}Yv>rk38huxd+n
zP;b}B-cGvL&v$|eVdgb<8qZA5mEp98QS`-hZ8&?4whnY{CF*6Zan^!kAsBDJ3V85W
z3ClmcXttlN!>y6n^vifOG3+wwnwlO`Gd5sT-x`9TX|x!C{*4fn-kXn(N^x2&S*I<<
z`g3Ly>(Xst?Z+58iieKM<4%Wn1%hjP|3bXJ_iawYq-WX$n;F)TALMSVU~<D!Gj1Gm
zuN_>OogI&*8%kw~fkxKy7$Q0TP7KJ%8TeMFHZ1EgO?o<pJj#a;)%DX-&zO@Tl7pJd
za)CjX81l1S!1K_!9t;_2V;8wh+(-7XVFwtq3mY|Zo1O;Dnch`!j91#i`gr``J)~@#
z94w6_XI7F;e+tG3fsA9vkbemw4(@Q9xNovFXXZ^4XWid?h%N-Nek8jISvS)1r57M%
zNr{w}+6JunrjA`!v~HsT<o)UwR`bi2u>Ja~%JW(JuuXb#(JNcfp(wa&i=4gt(V1d4
zPWd4@ou0#X@_My^G~c7{0Nl`r?8ycApO>6Ml(OVQrePmj1#*94gn+q<bFs{_-f6cj
zD|}E%?JeGG*;_m3CA)%p57oG}-vrk$jJ4s?iNp3WV2t!-IoBq!=*@<^7#Y5r=%7=7
zz6pA58fDF&ZcnjrijF+)%ba|yZ&_W&<c!x34vtlgUDtb{Xc%x-h53(WURr2qta1F&
z326(K$+=T1=?y=F&d1O(m-Xfg)4Lk~7`j#~x_;h5te-2kMr#i_5<gih&zdr_AL+St
zwUdHHKR-=LV`#CA1zks3o^RAZt~h^+)@^QhH|AbgNq<_!l&3l6hozjN+$!4zVHBTx
zXdoVs0bi#cV}aUvBVQt2t*tkw1-k|Ib@=U_DrIkdp-2QSBl=_XgVtHLnfQU50E6SM
z{6`6TR+54TM5(;mzsdw$+%%p$^Ou7W!|vNCOW(uHb5?8POe>hWF~#tJ=VuRUBua;g
zsTE$G%2hDbzCkhs0KE&XjeL<3!kAe`;&#bov?2!7iQP)vBvFrQJYqLovQ`%MQ-0ZH
z0=!vUY_y^Ziu<8{59F?d7<>P{MHDU=G+L%|mCR)V1rOdRkUI=VROx-Ax>Xam$droM
zS@b4u5+r%9cK@NY0%1<r>zPM`W^c3|qC~pO1H79^UneSii7d3~#t>-or)s>2zt38b
zaWxa8bmfLQSXrNeXM`;ah~2pincw_CzuDyj=5-on7+i`}?ejPFgn5OpwfYMy0OzCo
zyMf_L<nFqBl-2)@9td$Mn*X+`QnUj;7`uDWe}uD5ynh&v<+bhiJT^yGrmbr1oBpBS
z1HD&rK_B&7Ei?b5TuPHum+$YCv*@kw>XaMnZ3LXGd!!RYTC(^7M#87~(pIx<YI^(@
z{wx*5GD`Noy%Xj%=3<3~%e+*AgkDUi^Cs=nQJY>`Xt_WUdBnPYM8ozxN41#dm5br`
zmYr%3^npHyb?}>g0s#66|9SJ{7Y}riEbhUoy7pNE)`m6wX-&JA^aHHo(&EVsaFX1;
zMt~%J6%~k&AP0eY4oYfzqn@7hO35mHG{|`#XdgDR7=L-k4Sa37d?Zi+|3av|E?hDI
zf21_=>=$OwEfDhSAHW+^zmd2<v~3^d``1UMl1_<N&Zy_vasu3*D}e3$pBR!J+3G5x
z@|oimw4-Hr0H@cVPE1CU-WDk)H&REvN(e5Wn2fmm60}FaSi!VWTnDWAaF5A<t`>-1
z0`hmFNNG{oD^!CvT?4fPx`~%`K)wdZyigDPdGuon(K9O(8UEu#dW>5;C`vvLI?+B&
z7u$Y6lmL76^t-iU;`~VWHrtV`dGm}0Q_*fKXDxvb|M{zl0ZuPeEc!RERa9ZC#QMNV
z>IjR{Sh!&^lIHoRP)*MjgK4Tug9I4yhHZ?kl;ATn_jV$eH$crH+|39jM2yj+yjb+R
z8_PG?IjYM&)Pnq1lVv)KSia?hDS@?#YHhKrE*O7%r28etOzda_V{fP~Xve6WJ57wb
z(@4Oq*Cp+-tBC|*s=ly9fUd=1*;REI;(R_z#Zg?O_#ZkQ#D00-!U~rPNGrv5ratRO
zy*9r<fL3_An2Y(c&TXN+<|prhDC;7wqbz>Y72NmmqjS(~#X>c0t+?96SuJmz=@kkM
z>vx1@;8Ud#YXHAFBaMt}(cUW}6+SKOj6Ifs1lA$05=qP45f<fZ<*YtMgj0^#n9Y0C
z^sLDx^2B&P^0mzwIC>&Q^tJ0}fG|P@!5ZKng2~J}>TnYa?qP#E=?KAvd-ZOVn$ChQ
zKgPBe_QO*@2hrdD(m-=d5eM|Cm8tq0ZCSE3%nN5>K<I^wme@*KNXbV*V1~OHrRgSG
z4$})~zr<K@#~|dqVHC&K9H^7P*Dk=guVK^=Mk6tIu`XvY;H*+W8R$p8nZ8TV;eElE
z#h75r6bKqzj5$7Beq!inU>~yCvxS<aI(G{KdJO@)wWA;dz}juKb`BVT=%+(nqv}D9
z_h&#svHsqW6>jdgdtWkGWxJmg%Kf%%G@!4Kbcgx<Mjk*4*YJ}|ZIp2%_9IJ@5e;Sf
zaU!<I$UtveE37^9UZZpHWaO+B^t^Aer2mC#6hB-9wtWVcn-cG{3Vu*vPWMS!$9IA`
zF{On0&O!ViT?F)`4~>3<&Z!QhKEV>4PaQUJ`d*-OZ#aPD`x?lZok^WF>LWDczMKKB
z!4fC709&a$p&4rx06sevt{f_}SOdzcD-xclApJi+*sfH%Tp(IR5AS`!<{uQ};u~%3
zKOGd^2myc76MXphO8UwN7^xGcgg0U_iCKl*BO^L1KdCj0+~?vD!|4`a$2k+ap%Svk
z7JV{|YSrRbH+916G1}GwKlN{$5jb%x$~z4omOYpp0mf?d5c(O|Y7mTGE$~1JcW5Yc
z$DzPci;$^3WS{X8S#Wv4L^90|p+mzjQ*mT;(`jP;l74!zPc2>|20d2~>c>v|Ry=BJ
z;UFIHqJ?#x0g=0g$(=h;;e@z)#&~jnCy1@u4>H%LP<S*XFD?1}T$Z@3J}jC%9L^XH
zd6%nh(zks7C+gEsf=~=2z-e;}ZE$K{Af=*)plnG2c-J}z&y$KU&he5*)+C-RUWq(;
z)K%VL1?MC?1fl-z)Ww>cSaFJBLwH)LXv>ZFaBE}}HaZ?lj9=6bP_w+mqt2XEfd0cv
zm#d=f1T*qvXBe+)8!}q<CKI?&Cx{M-;jx`O4w(|@X?*3LrUc1d=hH{J;hbm87j3sw
ze)ae2o2i`DqfHy5;IE=|tI`A9RESm3)ka7oEx^42+_&O~sVWL2!S8;+ykBIelbgUt
z(4<I4sJ_j7sh!pU1OnlY@U+gG)EzOFv&Rkz<ji*>Ymsn`gOb>0IqkZp&h;=;&R$1X
z=J)RcLw_ubpgl&@EjT=*frvXr?CpUb3dLqPZ@k62?13)i9+ID{Kzl;*wD-i+4G`zN
z0Rj652I=pgqp2zfLX%VOz$I*5M3fpRcMC+!acX<93&jSm6LZPU?d6y5$g;jQkZ3nc
zJYMcIq?d(Xho)tXuchp5*nkbMsh8Ck=*B!Ej{Mha)amG<9h6&Iy4|byFLc45YT(jy
zqf=+4im|jrPKjjkUm~T9KE$tljs$F|b3S?q%Xk*D*c%;lb-<cBHNa`Yfjf3a#6`s}
zuFJXrm)JUwj1x%2t8VFtDOS%#+0-%+-La=fQ2Z&|L0v2{dIq-Zd##%Te3OFLZbPiA
zjaw{O{_9>{pHq`?y+QV(F1_9^JecL6T!HWX{8BL?N$569;B-Wtz!f-+cbK?uKd9No
zZNP%x+00I8>-{MP+xu4>n|~CHIncs^dtk9<xoU>s*gE7qK#ZMYvX<#k_%%B7<PK!r
zQl02nv3}At{kou|dZ(ol{nfdw5za9G;D#t7dj5+CR&=p+kbuBBO2AlXqy4a{v4Z{5
ztWqLV`wWw7KA1){w>Zz)`4SDibdnYP>RklOch$9a02_GXuJR=??5RM>JavvudkeZa
zkdC}1@%;RG`^>6nB@*Z2YjsOgGr^U@A(981epuw%6x+5JxCPwi7}N`Utj5D=2{W{#
zvtQommL|Y}-wwd$-*)l&-^(LQE!$QT5T`KC?tfyFoOz}bny8@l-Bv&mRe>yz;UyU7
zyKfPfdDm>NvSEXS$0`KI|3b{Gl|a}bNoBJ3V2rbWs5WrBW#>Y}a4uigWam}%WK(RB
z7JBts@rXf8JZsSHo{Bf|%3$E`-vR^^uib@w@4jS%w5yM-(__TL+wX7~yT^18OrNLS
zSW&v1A?-&NFuyq;z#R9$8her1jWqUEqCNAB02-ZnwvO$N_Qb&Kc$3#_^H91foOE!|
zww%(7p`aJF5?Q%a&3_au_sHB-OMg2^%yh$Wr!qpfemU}R1!8_RWK0czpmhHX)SH0N
z+haP(!`6n2wA-%`X|@W}1^jBDbTufcE)mwWCl;RrC0NwKOknbIjdST+*wcz?)*d!&
zD>kwTCPh!v&+o;55)QhT4(i4s=WD?mDMS+Gj}qXu03DG+H1%)<(CyieNP0~-q5F@p
z04uM3odWr$Ru?ks1k1XrkQJ<d9isbi))ac72TP?EghC_c?Xv=(2Hl<`A)kR3CaoLf
z1a%Q*zUQ#0c~e-yt440uFg(l_y#H${+Pyze?SG~lS+KMK^2YD#^^4?kS7VVYp4F2=
zZ+wopk~$W9l-wZWQ@%^$a_{0D<rZK}6oH25F5Ux90d>Gf2_6uJ3`B_q!DgkHlT;+9
zFu(0`DYSuat>A1Gzj~!bdtBK~x}vEDL?9$4OzXF??>Er$FP4fKF0O~G=MNI*0~-FO
zfAj-#c7^iIBZD+d!M&=7og$(|JGmG|Ts}UgM1iCok$YIQ`q*C=8~L&_4>{*$8-5`T
zN`XEDX%3l%^}g47Dx)%u3YwC`Rm^e7yAP&l436|U-G(qnO*7jiMB3qBlOP`(Z&oQ>
z^p*(!ZjU=vKkB8*_d#bi^~X@cyR=#5n`@)kuNz#4ShTTy5^<2;0A+yi9{vOUg@8X^
zAjJhb-u)i1V8R{&o531&d;39H8ulDxtz5nBpQ!!Rd3x55w<-i~h>i~CK8iEVq`&!s
zmf<VrPP#Tg)N$P1pG}?)3H{p<zdLW1TBA>@oWpJ4c{&IrTHODMw{<Aa1Sgr%ISm9_
z3<)>w??lC3lE2B-LweJ*_iePt{nQ^x!`O~`e}h>MPbRAuOkVFc1yU(rshL4mp7Z7b
zz4rZhBU%6OH@VTCB$ES~Sn-R$@j?e-&aDdfZXCb6wT*=?-rG$b{sfy5WQFEbF!nxv
zL6U=y6z3epf8FYdan8HqkM5{>jMlrlRagqes+uvToeBk_@G^8xtAn<w!AXj&W)olk
zAW>6xDkS)WhL=dh9MUl8=|8_ggMWk%FRuiBv(-Vj<2JiAzL02D;U80MvD*X|L-@xc
zWNWrc`K*+XMo@U~)s&t|0j|L|XR+WLB6=+gwyP<-qs61ehYfT30Z22=;F>DTlm_X~
z2hcL&b^yo6ccvWNUQFZ$X>PVoA2svA@E>#4r?yIey71E)_q>BL27iB`_kn~<b*kx4
z2fFZe;7jEFc4Gks<X#%2xkc@+<ian4Fq!WGGBl)1B~$oU%Lr<4uH3_XSQoU^mK8>~
z#nrR?HXQ1(24pH_>+DwmcZM`YorQ>~ek<F8*9w*z80QvSv6E~VxM$UwBT+=JSCP_u
z7eAaHI#L2N{0@9nQ8{k&YOTJ-dBDfCF$<9O+YJ+2@L%`4pN~ZM?7B#AqUQv>%prj1
zV(adG_e(rR>=F=)xd!(MyHhGZWm8*iH0BN@cl6h_!2D$e@KXDEIqO9~fNOJfw8vY>
zVzr3;X+)0Kq-a&EOP^(wTnR?FEMFzDp~oKf$YW=5K<UCcv^U8}cAZ;0<wTPm@H@e-
zoJu40cA0w%%@bD65ipyu&<8i`fRLE)jCFwSg_zHkBRcyP{L&q!JJP=F0dX+%EnIc3
z@rs!`RmE1=r!SjzRj;2n?~YQoed2UOz^5*8wJ5kBq+aN?hO~Z6a_8W*jqY{Q0|I6#
zA=cUNT$Ff#@$xWK_TlC%%Cmo5?g7^EBm{QOT59u*YOsK^xD4w0G{S-_+lai|SC<JA
zpl2L+{*)MVa|XNeSDhg1(}X~I?A#NI{)Gn(IMc@NWm#CXQ*Gi{gAd;W`~V>%D_x|3
zSJ=itEHsb)`p&HjFn9DT%)8=-(Y&{gr$X=qnu<+SUVV)g{!|H!CBj9ufoPWJiF&#3
z*0M}N2jI1=PSRb6u=#T5Z>{?m77?;(6Sth`=c$h<=%vdhZ7e9~?GYqY%rRPn*FM_&
z<DfolrAxbV(FL_B>7#w_&#zHQ!`CCPuWxj_mMWA0Y@t@Kdz|}-*uZsAuSxD6<Yc14
zd4aNBAvi$U00~D7gNsi017~JjJCKaT6}%ioHvRc-kl>@Mm#LgxIkghPCwYmRQ`P!U
z2PX??mtMR=vTqNpQ!!4qQ<?oSBE0Mrygn&Zf1}aWI`54F^jo)Rp-U(2?O!SE<r7%d
zD{NxfF(lu+ln4(z)K0?(bpcTp{CWv3Y~Cp)6?jG-?g-awOKK@p%RU1~o8OKtWx7-F
zZ8gLOfZZ<${YM$-lD2*+l5<U-(DdR361gnZvi`;IJrF#8M6GzrRQDF<{_4vKI3@eS
zY2;ISsnU7H4u=}<yWT|g(UrmDQF)~E&t1)E_RY_LLk@4!=j{2grXPq4)y*t@NAM3R
zuwjyhH70NKJ9tC(EMg7DdX5CJ`^lmiv!Gv{;Is&vS#-(Z*Wu`s<~)m*Xai2YpJJsn
z9gt*^xk+H4&Sp7rNMoKJ<v{SSC+j`~ZX@-8=yV39!Ra`>K6t=LExXPaBo#f<FKeSs
zauz-24H$xr2_h)+8_Uj5EXw0agi6A47c2+5Rug#_>ndO`W}K0t|44-|Zt_&nemx7(
zkl}n+LZ5ffy>!|}%)9ZLim@pz5BRe@5&>Q#)K1#T-alnZ%P0+%CtC;7lE^64{15?)
zIFYFi@;#|R^j}F!QRiW&OVkUxFVZ7cXM&fUT`Px8!#kK8we<DG*sd4Ic`18(-BR3n
z`bp%eLzZ|Vg~)tcL#V1EvD6)3F$L;v_iWbn=xTxb(mi?OTr9~o|2@lgsS<27)Uj5&
zra@l4=bMv8?|Nt9p!X7pt=WCH#=aTkx!=wULnCDgaZr>|z&H^5X^>k?q{3qrQdP)X
z2Li{bDF<~6;xj0X@e{N_{v+Jy6)JKb)c>ZlfUOS7{!_?=NMs#+?Jv~ZMx3?kl1|i9
zd)Tb@fo~Dfuyzxsm`w5s>zW6QWjlIS!IPdCBE-I3<*62Y>b^?K#unUbT?>|Ttppl7
zQBNVB)mZ)ZFG{x9;-dHWP%28V=p(@x@#NDX3!(Ti%d#M^u>!*9r}*KJd5fn)A{>G*
z4ietjv?1L78aWhg<tNr!$H~L@gMi|X62`XU5jxIATe;?^!geZGz|j9y=X5xHuT3yk
z&RD8qP;KSI(&ZF$1TH%+hCZZN#-&N`>MJSxD<M&NC)Thf4x+8S!m`gb)<j;4Ca@kz
zD6-KgZ{Ts$_Ze~f4g_u>(bW8w#XiuCPgYLm6JotMF2y|5d<66u?Lf3+<kBrs@BSuN
z)QMzGuo2^?&v#%#ApyNcvOZvm-KUnKbJl*adyy`^W>vkcKYcDMWVS^w^|UxgUhcun
z4e)Fue&H)Ml3Sp)a=B}hz<2>;_`gUpfA2wZK0t{A-$3lm4F5Q2=EOiy8{db{KlM+d
z8znS~%0<1SRmG^XQC#E<mrmudpu(kS>6=G{^!a=w8y!%)_09hP&6KblQgq6xcf?$+
zPK#vEF$EMmFg}|Z;2KlM2)VR~6}<SyI2+BSmetEl?^d(A_YWzVy!&LT2;O>xX9c=`
zczZ|Se*eFku`G!-+-(sg3^I($pY#$-+<s_tV#uYPd{6Q$KE}~TP_jzvlpFq7A!mYA
zkuu@UC8i)@xZQh~O$QC`<zKl6XxBjV^!{NVl<J!BUEY9_vb(O$iR=E!>P<#^S}GEl
zsdNuG{%kS36PvXsHRX2VU4z?mcFVP$`Q735+}m-OvN~+Ap-79k_;)Jl&`dqST!s34
z20}B{KzL~jsOzR2hIrq$uqD?mKuii9K<0n62ia=Y(vkc;)Z{f}n3{|TH(F^wr8wt6
z$q^w|#TaEbDr-$Q(oc*>7reLleOyIGPQIRFaz0PRXSVZRD}Y=9Ix9);^%~)>R?~K2
z!mhvq{f879RkxPq`by3&X#<uC356BU?@(iB)#$8MqCnU#Y0UGPL*%%;R!VyA+Gr|>
zDl@jQFX);#8a%*$WZ<?t+Y=iG&FX(-O-(Bl(>6Trrsy^rMvY5P6~QYNqN-l~v9}f=
z*|P;O4bo;ifbcq}rvngcQ$OS+T39g*LcTQ=tn;zULOH?`#q@2g^4OXR;Qj;r{ikYV
zK?QA63!J<pfOYnY*zdKgZuBo2r?Gi*=~tsJVbbyLFVNJ6J7oG>3k7%c3-pmDNi-Y@
zVSy(spy@T4;c?Il%US+mN2DI3N~n-Gb%=Fos6qJHC^>ncwYSUQ(`lbxtiVDtsbruk
zJF$W>pvUkVsD=jV>Rz!BM`sjKdD|`Zt!-2)owDHr<dpL#3dZ&&qXphO`(LA_4hT5=
zwN1j_cBsB7<j)rU4mTy+thG?Mk0YCr9N9aoaM))+t$2NDj{qvaKFDyH*g#Oeo(dC3
zUrjX<p<F7!qrD<a_l9&u2SKb_m<iy|4TMmyFRlYPZ{e_23gIB`D{e*>y8}LvgG20&
zjY*76tBD=XbI(CF_0u5g>(eq!|4PMR);Q={Jtff29fQ9~S@fPUmxi3si&it(<*5ID
z#x?B8LSo$HTgmbSQ9-sl5_-Q@6t*Jron>>%F3kB-C4IcOI`D#3!MU1%1?2s5SC??T
z4!8sbVL*|<K{-&2PqYBVK5znlm5!CqvT{;b_ip#Ay}M#Wqv3vJOE<W7-yqTVMh?Gx
zCt5$NK+RJ*C<Y%DPaAUGU}zU?CilJBesp|QrafqHC-5N;JWkBhp_(a%^2tiUT`Z9D
zRKu@qgTwuXATH#rrfh$Xh_KWb3YR_{B*HDAAq)!lO;T37l{j~@sZKwb&<vWMl|=bK
z?t9siA8RZlf4Ga^=o1|puo}>Oh1mBVR<kUSo+HVVC$Q>OkqcgL75ljtI_O&$7{w#_
zuT-P2942N|+F8w|Na->;t1K=I0nWIwRJ`w19)&h0xvNAT%AJ=YpUER!6?vf02>L;P
z3*`XF*ez90pUZUT3x6`=b1<8@tP(ua2j?b)Hcu*w#72up5O^;R4Vx{hdust<ICk4P
zC}<NaaL+rorD~!E2%yYrVP9p~L@BoOgBFoZ`j%iKG49k%%E3V&Y@&l^1N-e_9PivQ
zL`ZxDJPg-`Tq(cISJUq57O8<}7Y%-6!1p%GwhH7-j59J|v2upny-wuOYH_QW^X2;?
z6z>Wkifweeuv1X*SdI!V<?J)F^>RYG)`m~mUJH3a5s<MesEd9R>=KYsZk)2T4-w^j
ziwXaf!#uH>I}TZQ7e^Nd0?!e7<YGe;8?eI(U>!G;S_+S=N07bjI$j`cn-M%Ipv^@3
z1WqmVw=g%(9)b^l3#T_YErQ6PM2YLghxA9fZt83!eKNch^}0zn-^Ha!3$XI8&IW#K
z@Uh{;!K0_q#s7r4M{8hRvg^0ULFjw&XcO%`2)fRedk)|fG$a(8tMxgH1)d_j#boKj
z>I6!8JNPli8T&%8K%ZKSmcjs*T7b>ILj5OGi?ATOPSy^@|IHOm<@5kwV+X{-xH_j&
zEE-Ooj)hv6qa$mbLkEm3D4K8?(p~5yrYaIfO(UdyhdNMagP*hU_P3(i{#{C*8u@*i
z?n;R6CFbS8RtyqLEoPf;yu#U6yH4PgZ3`A*qT5$!t`gno2Y7xvI3Vg86<z|(__j;@
zsvo4hBUwzYcXu9<K4GJN;OZ?hu%)FwX)BtP6m^cS4?E3(D$?gaQo=L&ycFxcLmyf(
zXWI92=N4eW1jssmkeEjQPRuwg!To}fC-W>8CztnZda8ZM+PKXq_FGf<!+YB(rVj+b
zpMh?GXxasN-H=N+?r8ypHxvrM6I_14O6khdyGn4T0WBnB8X0fo5d)?Q#&ttu6r2KI
zd<eWF6-u!LgtR&rsT7r&E;bPBbZGWRF+aY`y#baUMO5+d29;;)cMX<;v=8cOoNqFy
za|7vTmdk<MTYfa*2Rq@yXt4U1&0MCMwT=#ciZj#UuV#57+Cm`=ElScbfF3L&=Yqp#
z798_Cq|OQ-D!^ZMaaW6Yk%-WQhjww;!J`H8C^c=KfHArgKvz^yZoN>s+z8C_u#V_Q
z{N73E2Vn<7T~qHdMh=8Py^a)uucp}I+?|&p)*>aO$D&(_u=h(;0=40g2>{>0?5GnC
zXNzfVlF>m2kKduL$A+~_r&poAU1FdZDd1TJVLBe}5ZGwrGmtTe9^IT8<GjiT60=zD
z;=o^jYXRJP=)9*6Hp;`Crw)TND>F>OQF5x+=`_ZO<P#Y1>LtRF5o8|P8dlsd0l5Bk
z1=dW%eHJ%drl524ltLq!TV)6dCm&24TV27juy2?hfalmCoG{65uW>`Iz51hpCZQ4#
zPTcfHg*ja*CGb>D9qo825fydLE*ws;#bt9b=ko&oK1>(|k6kD2r)}6QyBlJS+@MNh
zZJR(5@MO#7tdS!ozDBygOCswR_z3~$B9Z*Xta9c(jjQPsVPxQi%cYEQf%Q_#N3xba
zgxGj*kSaN@$OxzU$OUYe@(bf@i<9Am?`*xAa2sF2Cfe8*&MfgrJquX1@_?m^hU;8z
zuW3yKSYttg%0lo?GX)<_264MLl%SJ9et8=p{GPB()X4KS{lZ}Zu4nDjfzuWpd{hNr
zRx!X6_P!ONg*JMg`vSMaHoxa+^bEBs@-A_(uhvj+3#LwbPb4ujG1;Y8lFF-I9HOaH
z3nc>22Xx=toEM<OWaj5c(a6g-!X6?fJUA)DDl4;&7%L<^TPQZxH5Ep=t-!)LGyNuG
z1X;<)$LaR;2%QUSIF`g&tiNta0flfy)LkRA&@eAE#(Kb)u1YIWOelc8fA0}2_?Q84
zm4Rxn8#a2k)<T;s<~F$lH=ZMXg|AX{xj_m6mSLMvfYWz?<pJ;4x8bsfWEO6dbrT&3
zYuqR)kGhL@d8~%v$Y(^R3F%bknNc=~DV3{;s^fX|Ga$b*El>cIODz`Z@JOuJvSFjG
z;<!;v`^mU&p*WxOnzXf6Kzs#YuiI@D14H$!5{4;-mDa#@O!u~75#Xt~az9r}(OtbE
z#87eJD`lbwa=eau2Z~ybkm&>ohwvurHFfPYBgJih00W884ad9@)tCt^ca9j(Q87r*
zch`2{hm1P;Ld_h@5vi=w?gv&OUy1d)>=Hh`2}&UtTC|kdte_3xcDzI2Y{7G0>Q%!d
zktLJg5|jGy-yC6_i!`=?eIdzj{<2KIj4bdo?+qWYR-NUms_*4R^0%K*D}R89*+wGK
z2D;n<YVmeEsU^B}F=w=#3XPC6`Y9&AH%N;UXHdfO@)ZXoS<i9Yi-DXaC>qE?UuxGc
zLl^49O3}g;c(cm=tR1<C&C>&Sb^Smj9h;&Rv;0`2YGA`Cc)hPyf87uOAJj8kv1xew
zJqi$3L+rF;P=fwc3rl|!%z8-z_%lk}O~}O*_8OBgn?@EKdZG{sGMrwd;nTBK{PHW#
z-Qa+p3@b9$iplU_2>v7Pg^>K<aAUkZ8eV3jvMx5!9}egf*j)kehyafe$P0#3udps$
zWVhRhrEN~rI<bRm1Wx1z()+5d{84>M=aAY_FkFs^QYaS5uc3xr2ccfFGzwU1ffI}#
zC)`<LZexNUaK)I3ar+UCJj<9tCyN^V^{kn>JyhK@{ZW*+r;DI6tuFln{;!;f;0j+y
z+_aE6^1o))6gAkhg|-dM#c`@UM8yrNM+O4<+Pl7zYL`d}`==x}UcwBLB8Y<w#RUG|
zz-r$p8XT>`hIAoT5C0xC!ysx>g?0f`-KjBLcZPtGB0RC8X$|DJXP?18`XypK0maTy
z)JKxfy`htWY38d^DovrJB5@AH>!RpH8yV5?v+CYgF#2g0x=B0}9_!HttTp&hfkvLB
z^0XBi<OG)}=I<=9&Rry7YFD_+CY50}&ZR;*01oPp!BrN0EVNL~qgs8Y8u3B_Dm&T_
z5W5@lB{fsD>jGF`OQG@PXxZT9FA+16??10r5_`;{OuEvL;*@a98a%!QzSysteT9~Z
z<mfu8kwSuf^jwSt_%`#h4G-VZ1lcEfs8~|ukp%C(UrP(?2WsXX#*|hiUA{1ZDe!Ql
zz|wPzb<_G$_@eE^h&BWH8W;$&`f0DD2u~J7LcBCoHm5&Va6H@Suu(~A4FpAV((LI=
zHAN^he@K7q5V==l8o?V1V8yXMt^S3;Vs*W7pCzbZRO?hu!!c%IizJ2O_rU~ukrlrq
zJGr#j8sfXXvp@8smQr!!^m{6AiplHvrzU!+Y&$ZcOyJa-K{@s;%?&~dH@Hi>xBU28
z30!^rV8}S;h&z}w$;D`?f<QHx4d0=9ZApbK>k!?7A-vth;tUKjHfg9-KuG8}>Tf`k
zmm+V8$_CAL1?|l7rK?2%Ff$qAD?44J?&TI&jAs^@SF6EKa&{2{K;O?mmiS75)xUZJ
z__NXoc0e&I`e5=l!5hV3*heJ=?*sYAo?kOcPLx|f-}(gC1kg9BNv?##$M1#18QEa=
z7}d1BII`*)nMw@38mbQqJmH{W0sEXsHo}#g0-RqV`4d<We#u738fGz54T2CAZ#<b`
zDPai603JFEnl!(gcH-0;N6EI|#q_2j%zIEb1;y_5S^a%~H;3t{C3^`9*FyY6W;5>+
z=#cKitoOcbYyO=C3td-sla+~ushkPZ6MpJ*i}T7B7C=0}FTgw&SHq}dY(-oUJQ7*#
zCg-2UX2m7FBTQL+qAf~s`Q$EEV{8Foz8Wg7_Zn-lzGN8!iq(k*^E(ST$0(}ES5qCO
zstjP5qfU-%jgg&H^NJHGPQo;3b}{O0rk}C9QyPwIfca`Vt%1@<tY@LCi1mqcG2P2H
z$zvPbs}Cb~i|Kc+(8ivyi%zzQ0nphS4c{9WoP*~_lGaf0tqo_>w0N8;PS3moiC4kg
z5d93j1b;0@U5$+JM5KlO!yClak7B<1p2$Fu3LcAWbP5Gg2|&<Ukzz&$xnlp7RLCj+
zxdI!#oG-k*Ljmvd^`m|{CW?JoF8oJ0l@_(u>Sv>y)D-Y744*Y6iXr3l<??8yV3AfY
zb*lyZ2?cG%IX(QfjWu)YX+^qqBg>G*w7ybI;!zH%1pSBC)VqG@W0l%yw?Wc?{A6H!
zmo!E$|6Qe|eZ)p-SV$XFz|*ogxUPpnF-5B>dMe!{`C=#`C{EAPw@~SYD$u2mh;d?h
zpx6Xf0Bj9}(jVaZOnRHsECRN=G+{~TLR|M8h2bX9!d`U&K{U?9bSrCwub8J#pqrrC
zut{IXhJC{zNbWJ{eo(-tFL59bbYF&qwEj9duLOmrYXDsj)jC25&xH~-o<>><c~q&D
z=sQ)67S<}s=m8t6po=TcU#s0G`c7MywU$Lxw=t=@e7RQ!^(bx}|HQ(w(BQE%8mM#(
z2&6(3gvGrJMfX|*Wo$xC_q!~R)rhLr6Wz^M9^F=^3y<!zbryQA{bO`u;mjZNfIF%~
zRciz5F6D<#QYeNKrw(m)R#3AlQs0aw!|3BrHaNQv5=jpX!&3+^SX!*0^QpN#;L@x+
z?l~uxCv2H5HpI>q^VK^enwx&>26mLNJ#PFi2CA0LZee?QvfynaE_IDAs$luu1OR&0
z8f;X}=FW?B#O{EC`W0-y;aWTmnohHjCdUprRm+{nW(YzC9`ZA32Q#P>Ev#qQ?B_{t
z%jK`n5{NEEbYP>QA_%0uW&t(uk=0`ODY&jOVM2lPCqu<w6HW|TH$5&k9x6g9VB@e9
z=izL+gQ}wbg#SZ<91YWvp={3}Yj7V(U8q;BJ%I$tipg+lA2BvfZ#gx8e~i^_HX%!4
zh8C3PE>lA#%rOsa`1p2cE7&)&L7cGzh~B)KV4Tw$m`|5T-M{Y{!i9TlnF4nEBb}T&
zNzQbkVximlWds8`9J&ynHRyU<f_I)G&Ru-t;LwEAx&pJqW{-udW_mH&E;1X})p?XI
zOTtaQpMe0#1in^W3<)05MsxMOXaK{C{U2d8P1$+9^GtI@3fyt@93L}DhD|~<e>iDt
z5OKWM$uHb10Un;k;wOmdhL=dt94A&5(gv=v3-7lB*K6bKGxO2VM;JIuY|YqUf{CW}
z#Dtx8f45h1O7T?{%}-E7r_MuH$jAH_5f%8sKI6NIQ;g-R8FD728Yd$rH})85<>Sd{
z^8hxo^;{g}6E?D&<D5bH4A{U`p9VqW9gg>|LEW4M?UcI(BRj#aa-o@X!rc)t(@kL3
zFgr|&&CVy&#p1PtD8RdpKvC5SpYN@B&VpUo#3^ddyoYSTY9m{ucODNW46C!$W>dLK
zRETjrY^>7=jyAO>areWJcg^)dDB@Y02pQQe0DKi#=%f*mz<?9=5p?a$J1CHY0Gxnd
z<m&nSA4QDty+s51SbR~td(ydxM#6OtWQgA+<t6#QKd)9$D7Pa3@&%AjT^`%d1hN);
zBBPg6sKbnm$zAdgo;8>|o1i|!W0Q=aYgh0!Gm>3E)KwKNwnDPyih%3S@wdm{#;`5`
z*T1uBpNKDf8q)2Y^Q{TL>m9lZ-r3ygKA9|>i7$;XR2`dbv%T`wR!pR*Q~|V!Y3VYL
zu(;O=+v|ckNE75#^qhhiH-XeQs+r5f61SBioacB45ij7~oBm)h3!rzjSomB-ted<(
z$|kuqsYgy0dY`W)T-X;ea{%GQ!IBCt3zY30a^kF#IV5m9^RcDIc%ed``${eQWz{Nd
z`gWdLem7OzIKC6uQZ|Suxi{^g-Nk>rH0XI>#awmH?oLB)*SVxVM{1NbJ)!wD<OC?1
zu27xd#P3c<okC`%d8@@!bWO;%LJ7Q>%vybbIQPZD3rh4JAeAhcgrg4IfPQSWh80lb
zUFS@&KVTE>qWvpL-4l1YA2ile&r(!A)PdimJn9hb)I-+rC|hvW%x)!L@Ic=t5*a9f
zl{9>0B%gii7}CYSDkc_#(JZ(j34-QTViUB~)Cx%R@Q^Bu;~<^m{vYLH-st7>ayI+k
zoqFdm%$t0Dp6UxRYn@nb1!`KQ$@h1YA|>g;|6%Q2pqjYaaN)TnnIsS<kZ==l5<rIt
zC>Sc@Z4weitUAF&Ma3&BqMrpt>#aH&ZZUWXh^Vx+LzFtkTSfU))G8>7Rw}62YPChG
zHu70NudQ0OXWQ>`&N}NqYyD@fv)3Y-OlI}~$-MjB&-*;jW}%Pt$lF6!;<GVvsgEra
zHhi5{lyS|*9JFVn(+S_4i|B?&X;Bm1pT*i20$9<4tRlkA8s;UX?67KEc9Jw*(rL$)
z?Fa$jK?Ea{X)tU_z?jvhftwJt2rs~CI*+}BggoSvt?&0in)k<&$zD57SVhKoHU#-r
zC6N`8<~9NaFcS%WQZNeaNTv_nK)i$<2UJ1~^!~m(n&Wi}aDFPdSVWG3&_GEpk|Zs3
zemj%**e=6#1bc_BtC4|U1s7L<(IT8NhA!Zq?Rv!d<DV3C+7-WdvJaPm&hy9WPZz`Y
zm^|M2ub%B=(g?en4rqm&+rkE@7{bx-fEC}Nb!s3FEDTmj_N=vK&`ulHQW7^Xc5lL-
zS<m;Vsvf1pon6pBckG4np)SO+f6!)FnQdN>!=Q(Bf!jT@KDZ;IW!KO&Ss@m9iOYmq
z{>I>?4KRiqa#JsudZa(0uVpfa%8cl5t*+o8q!|5qxM6A*fwrmwp3;X&W^CjWdivED
zSisBrwh31RY%5i!Xo*Ucr{vRg8EHe@F;<+WIEveP*FoIs2#CbLiaJFUWt_gK?Y9Ij
zu3sZE?*}^2vrSN50UdteE*q8PVupDf61rqYyQ=Tadlq?rA%?&1C>mB>GZ81|czvdj
zSr0idGM@(Urxl*MCQ3@j1%(mBR1vt-9}+|2&UuQq$|PzgE`uMjxWG0%u9@%;Zqu&o
zJd)_BYw?NY$85H0Xjih1um{o}`4e1&RMDpf(z{nXRNrv?P#N^mZAj;T5&G!M2C{#~
zX4=J$>KQMPeZy8Y$-bQ<gH&xz&=oIS9p}Sd(rz};b3?O~kk~iZxmSK(O`Km(?Y4ZM
zbTMYfBD{}$EM_!fm;|Y;gQ{QLXP;1n-6Q&p1ZkU`3?YO%F1Zdse>US)E0TKDBwx3z
zd$&Z<<)nT(4+sQ*6q(5rsTa|K6ufqYCzzA7-b!A3OF2T_Ao`*aw)=IeeYXANDbjq}
ztoQBR-HxR2&^=J?VR7OXlluH37B-Pr=1(TWW>!#THC5LvM3S%7?su1+e5@@hLd`^E
zseB%>H<!@m9YmNV<8r=Rezt)AE@1vM1G<dgQ5t0o&9OHFjkwqDi-%cc*<SwFrAZ>p
zXWAuFPv$+QbMmxyXziWxG`nn7TUx)Ir_Q}GZ}zYKa*IKlZ~(IbA%|ni27K4k{1yD+
z-uE4Fr<3i^!y>O;11QGHWCju1!welFT|@>)W&+}cY)U#t7WL3>S?PwLU`x=5!S#k<
z%&)7}Y^+<z(mh3L`OS;YXZPJv5i=b%dly@yTU0-H*+t(hrl-rDB!16>4;d^L`lMzW
zCST!3<ic}`K+;XmC;jOz4tjo<$RL8B(sAP^3)o=~!H+c&?DTirn1t&+s&h^hG~`sq
z&2$paJuv$_Z!jD5CL@}tyZp$l_UH8Ool~o<mgtAso3Z&*i$zN}SpY%61druv=6Tr0
zZAc#vAiHc3Bp0AJOj?2Z`%T&Y#Q1OmZIC|DuFw{R-cZKvD^JrBA#6AUN+6$ue}ME5
zKf)@_mZ!iA1rcJEJblGiwduY*aEUi36(ih?&A1>GBQubL9f*z~`cgP9L;lsEY~pnx
zx$|HbGkkHg=!6A^v7aB)0oN^Q9j4g(e?ndlTQM+)pJY)4o_Y^b^Ez;*^keH}Axh_F
zlXPnrs+sWfdK75vGIx2n?7``Kkcs(WL`G9Oes&Nb9o2CWKi<vwrB62-**ly`*pSAU
zmXVn-L}KRBY$e=WZX@zIe`Q)7BJq;`vcE!WDNQ?hBlIZ<k!TrjHX?8lejns!)7gi!
z4VsspIDk+j*Sf$IBbhf!gFLdEBpFQb{sTR}Zj2npN&WD+f#6(cC~05s0=KhD;+tgE
z)PQews1eQ<gD4*E<WfE0AhGBDQQ|s@9yf&PJ4Dk>B!<FR)M7B_5!0YI3&gf4A{guj
zLNUY$aXmB1LC;uXbV>sanGhs=(QOU%`q-Nx((H<ck!J+~TcVJOkIliuaz&q;e3yB`
zu8HWA);7A7E|P02fr$lf4tB%fLqjNw;hX~&nD--&*rBQdIe+}O_B4Q}`*lUN8>HHt
z52>TvUdb-*pfx1;rtBxxf=}W;LF!8!k_Y#B|NNQXem7q0UEny-kJVi_<k*8=?{^G*
z>l#yF8z0a2tKaL<cw#={;DxuDaZSa<%ASDYlkaa2yNy<od*x*lJnq4yJG%odr%UKh
z$<$SZ2vA%{6GMaOauE?Rg^`Ly-X2!wAmnT(jyuUy7spEI={_XW<dAukOOO!T_y~OM
zX>G}8M8?_V%}i_?AMnvtk7T`-I9P76*~WIXYKeDKDZdqe7h<@VFR942S8e7+A&AOY
zY>RX|z+jMRkoV8BjpIEI6^@4uc6yTgcMu0A8m0`|;DH=g`Zm*ZY!qTB$KeC5@Qb%t
zAoQ~p$clkDn|a<&<VD?pS$nqS))P++<Bc8k^O_3Bns}T<_qBNjdIIz8dRnOF`xoJy
z-S~noRMBiNA;>T~ms@<FZTw>ai$^#6@Zy;<3kA3+LI}jRHGpKs6+8$Jr047!(SdAw
zY#8yTzJO+b-DgGK^is?DeoHAu&-?a|6A9)t&xOOq4+^CIY{=K((+g{pI}7Ng`v^$=
zgjUg&c(xcP5P3L51TXQRDOd>Q^Q@g=m*D7VN~u7qF=mV3*xL~MY=y@e8J~;&Zmdx>
z8qB9{&}lOwUAyRX$F{(&-xQ9*YN2LVa9G;g6!H?46s_7jdrgHr^Oy-UN(1&;=!Bz1
z@)S`*^<#R!){7NljR#cFwWG$uR)`o%MT$2RL-3W8R(U;w4LV^#9E#8dY$hN$WO#Rm
zj!;4K-$T}e_zgPFK1*CH;>BJ^$jytAT0YG-Vrv80c(a;>elD(0O-p3)kDr;*f(HDo
zSWo%AB_?W}WV=jAO^DFo8{(7sy?wekkoe!c4gc^nj?8OslP7^97HQZtinrDi)Y)fv
zPfQVRRbB|aZPSH)!|$5B)dGeuYSmu$%x`r60rc|*3=?DNsMta4>1gOi+i;c2@Ha~1
ze}`E#q}LV;WA9+{x>00uGqf><NBh}D$WRX}z;EU);>5Xbmtpx~Dt2~RHJ>`fMH=xt
zUtaQxHpH^D-XmMmAYIV}M=kE~(Vj%mL{yey4|B<nG(&a#L{PMbjt)~vzUXH^Gm&1E
zd5NFaCCFN1dAMw~SJ?qskWfZ@v;!-DP!|(AnwbQ!PFAc@eeBl`|8gJXb(cU%7iH-g
z*|HAgvHe_2)Ih_E(L{)l!^)K&Jftv7rOb7Ub}z<-J0%lv3~BO)jPBEj_ef&o!$Qd;
zo3T!2m=mt6na4;e<z&9!oNz+kfi2r+j#W_D&7bsQ^u9fPH76TeTpr-?=&FUa%gn@o
znx67WAz7DwS~u4$fcj1!9CB&sysMWz`01g=Fj9HXq_Q*=;qhKPU<u4H1W*>R9GP!U
zC%;<3muR4^+XYaY{IE6FS?riG`32yvz5Ww&i>@K5k8#c1b|^_{XnG8CRVoxzdyqF4
zxu8Sv#_}}Uq)|EfER+Muszi_B1u_soF;eV?=XA0lNoF{e`VK;9uv67C&IsUVmOE+~
zLdDHD5vsrtR~V_1;F5Z{31=pB=s}9?qQLuFhYpv?RkX7RVZFU;MP+1((5H-ddHY8B
zKjxZn;J&o&E-S+lF{=&YS95SSZqT$%1aTE74^+sdHMnRS+zl=lNK*=sN@EHS0<vS7
zE_?=E0Mc#-AnP9fr*l8K*+(lkI;mi@3QN7hdSNgq7@=7E1DbOhHLt0iWU^q=T!YN*
zBZ5q**6teS)CSJBjZ(_AK?^muti=9LElAi`-DN&yk~(FTFhu#`M4Bz15ZHahzrNq!
z{@CH`_uHra-QaGRJ=~)e>?<nK33yz)FGB#H9NGxGjGd#^w)}Ta^30JVot{lMz4qtp
z5j0)?&2z8l3l0{wje2Y_tX@GvxAwArv@lZ^9e1u}C-Ge!3Fo|3F;xMh8NV+u+Wxv7
zVNj-B^pf8j>qr2_(|Wp#HP!^VC20ovhBVKwk{vk?{nD49Xh;uE<x`sp$nSMsjaB}&
z6CNCT4{BNQX`=g$N(7)0jiD7GVueuBns1KukeA2g!c<r$^Yon~$eD>;a~kDOm{E1S
ze6d?J0v_v>o&UUTR01CNxjwXq328l>PMXebU{lZSRT>xOR;%;=HldwyE-5BH8k<Y~
zE-O5<wWnTXbY!~7RUOFOR<x9}pZ55-DA2K3;EDYln51!{+oIK1maS^{AFLd)!|_21
z-|wWSrRSk{EdifIR>&qg-M-^CZui*jXE?jhxg&JS`<a((VnM)N?hF{Eo!e;0P40B>
z9YiLX8O*8ei81L?kqFG$+yL&1^(u&=YC}wr!QkT!3l;q7h3SQ7ethH@6#S*&)3X&V
zPM2qNl{kn+J9U)5JNj0;Xiv9LwRC5S?CmL)IH#T=B^}7w)!PvK=WM@XBDqreGS5Ko
z1)}xx@pj^4B`C6t{<Kwflqw<7h<Rl+{tuIXFTn6y$M5gygtlZ8AM#S?JFidYNsqnT
z=cAcyh}%&E|IiE<OH6X};W}u*5DSDocuM#EA?%uZz0LoYQCAf^FWbaUX@`)W0ha8*
zw6)p(HNQSH_x|0~lcQdqun@<|vGXTtHw^25>L1#hySy65v37bz{tmCu;}x0rGMATq
zsDtF&3dGC&9}_;MUKZ3I1H)WtA91=Z*`|aRs@AWO$u}e6`&pD9Q^EHBLWS2!8tK`_
zmY{a{F#VAVg)ibJ^XfDq=Ql#FE*&LAnOob!jsuGO#9k?6>BeaD?nV6in<Lv%<;`W9
zaXm+Mtw20&WBRwJi_z^lp=d$Srzs*P8uL%)GrR3MB>?q3DkuoDgQ;UDec564Jy*eR
zyt>`dS9xFXKVN)JvQPw(VtOc;oGR>3=(u)JyPh%PKDUAe+6;;Bop$u)F;FVaO)K)N
ze97kzVSF7lU5UxtA!!kGxe>C0FNYmq3VdM^|J8_4{<CB58Z8H~GgMp0GJ1;WhMv)h
zf|c@b>62PSJS$RT*>W-u?>!%OcsCcUFv?E9xn|N7ZnllCG?@W6<-ZNg?v4XCV<#)*
z%S3k|Kt?_fWKKoInIjc25YHC{#<Dz^od4CT==m?*JAZPcsoU+y<!s4XTK{t+RP_-i
zuJoUtNacFfcjF2qetH8MpaMjcS2}(+a<PcQ`!*A_0hALso{AdO$76H|S}ey?-VW3B
zdbJ3|S~)q~L9o~9^#pkXAqWlfSFZeire?%)?4hI)cp;kbb|luW0>`8oW?&_TDLG)C
zUxe==jUZHm9ySmY!OM08pa#PoN|4=xQvqfHW{`9p=mcDSxFZ%o@RCsQx4gfcy%Asp
z8ngm=k4uRD!a6V;LZrIoA}p>087q*%e3`Z|bu!<dPulNDmzcn*M!T%2S5Xdc#B{Ma
zeECkE0K_|Go>NTwv=k#q%tRAJDP1#Kp_8kWqwF8u5RY*mNfSbT<adrg_`2%op~={D
zTUFst2UMxV4Q1zU>mb4*BLfY~+;KALQc6u5B9h%3A1t9O)w?<!BS?E}M;$z$JhF0i
zi*mkBeBiztJGhcuqfPX<CCkiNV7AdV0RaD$H*mvLJm998nLv!BU9&2^y#I*PI;g%a
zQ${{M(~5SoUP8#Eml$p>GQ_>EgX6<3%bYjpB4qSt<YB~5n9rA3PL1NuWKHov8xt_;
z2{SQry94&d3erT!sBkOPDiiQXqXUS^tl{7E+zpM@OF&WgSfv7B9FLZJ*A|X)-Vl{<
z`r!qog?Iei4g~_b=y*jJCj<tVBwDvpg0WYa33-bB+~DP8pfB%<={|JQ1zo9DnLimZ
zz|iwrfpzk4xA@NnBkYr5Zejl&WPzRX`y)lv+k}{nXh&N_(`LHGpKyM7vK+}ZO1~9&
zdt|ljbhAZD7iP*>$<#H`P{u;;=&vtHeIEVAI}iFpGt%OR+s)E=$KX~aJ@JV(VvbYO
z2>50oSID{ze}54@RtW=&qT5a+nfvNWqZBzo+0ZH`?1;+Tcc(zEQCmw)lk1&ud~hb#
zQWd7b_a~KGrFq{~N~#P~m+9EZV=mNEOE>V*jr69nWuTxU+n|B|kxf3n-T~EN+vvqM
zQ{Ls->LoBy70VXTznCP>G@3kK7{-j07;~Iir`DItg&n1DUFh$tTw%va*<%_HKA!Zj
zm~K_Q;_J|e6P1#rW=rt#a$NBdj+|JX27ljxKK@d`ZdR*6&EVr|Qg-qvUsE#Wxgj<+
zsST}O&JSMJ0lD%QTl<|_gdSYOp_hszhe%8k*Q{C|s=}AKVQ%z!%<#Qyh1+%Yo?Cjc
zipB=`5;4!{BaQGaARO|t1ra%-9nDz$3{_w82KLT9`1FOnTcHbL&-5W2l)@*|+db$@
zkND7C_9@%t@Mol@k5h?*zS+!)o+@d9?2QZB9%hkjNYQdO;v~oB{5p}20-91rSwK`Z
zt4AV2VX0aAwp`+O+Fe=OjxklSOvFT<y+PxU6T>eKm6h(<*B0^J&u;dK%zl^*&><-I
z>m+_KX(hv%uoScuV1I0Ai@!vrZ01$AvI+McRkJ!&Yr5u|P>thr#uvR}cV+I-M)E4m
z^8Fj7`VC>2VCHG;gW7)5Jg*{qfYslv<H~nkDNGoh?XJ2*6A{Y<(Jh31dYuB{;uIFZ
zVO!}_k2rVad6mrobm37?25O6c;AHpQTTFe=IHf`o?$NpZDDD3mNx25cMv5mxXk0m;
zM+yw^TMqIwa>wSJYzv2P)BkA(1anuk5G^EYcKH&DBZiS3*l~>5bi2kp&0`_H>O0v;
zJ)ClbR$E0`hHw=I*dh51G6xB`4`8azm<z1!Dk;6(3|m!(JE~8ZaON(bf_h{qc)W=6
zWD2Bl!9{X11%1h<ASj;<DtX`+cuvzx4PoSdd$t5%xn5ks-htb~UEy#W5e^ZoHxOi!
zV5j$A`@vf<d;>fpEeiG>^?pAA_O$ghNx*TSgL?=Q4)_*czb-J6cqOCAlGJ6G<uZVJ
zoUke80{qQizYWM``UsI8g-UU^-)dYzOlU`h$Zk8sdSmPGr}mz8kVn@0cjKY%e$M10
zKn{9qKnRm<{WNE<4QlK>A~7ICEBD4pbVZIMsLgDm7)zcbv#4_1OLwTskArr$Gpbi)
zX1xJDh<omoG`OLJUn%N9H6BsL8%!nb=w>B6oUYDs4sOtdU-59BXz><Z5r`}Ec|J97
zwb08EduUQKT$Vw^j3U3RF@-YmEzz4*Tba=ALbA&6x6`~N_%TK11!IAyZzE7Pp732G
zqxrr_eQ6oF@z%NP%=lSNpLGx+Z5^U}Z7PYvh{1XjI&2ULjX;>5Zb>uTgn}|bzc16#
z0qJixTa;4{U-3pF@6uxC>?9||51?lbo&k~lpEZ!puIPqW+D)B~MJEZ}`CV2^;i3HA
zoThuusYcP?D0T|DCYnx1mD+A7nhBy02Klhm<Z4;?(N%4t5Uc{$$Fo$@PW}{(voIj>
z6(~RZxWF7zD{_sxIZ6wBU9we)l6h#?+8y<lQCeSI1dS@=2Wi>k4VrBEkn$0wCh3Md
zV4{yX`Moz5({B7plVhgchoFB6QUeUG%}27(p}4}`=5TfyX$2Yl+no3F!LmFUBBDi|
z0ICx<!-uWFDy<0Zw}AVm)D*#lT;eD6rg~m@VKAvp%?+!VFSQXJ#p&++TC1t#z7zW1
z%rCnQoqnV@%-LcH4*d!Aa{sWe2UJZuh2VWwNv?${xy#O6P=k(7^1zB{=s0+p-K+xc
z5yShY(WM2<RVQ|sRLK^((RrOLnP`t@4i&>Mtf5`Rz^O#=DLqUu!Nfg8(YGDd4cUYT
z1vf~ZI?1KoCAAuae?#=Rg44aP;CM}8k|~3u2e+YIE9Dn}OD6L>6CN2Nmb=*%o^Kt{
z#OhkB&#hQuoNVm}Z$-$hba`M6OQaVRK@l?ekPWHjsBa_g5GgmXc`LNVd(5IPM~H!x
zm@~YQBdSG2{BJaT5&DD(X~MHpsH`(T%C*FY?eyG)3!A0OK?$F^DL|{e<a|DKNRw=8
zgtzws<qFO2A)n2oPT4-t5OL4wO8H~D0hZxUf3uA*$zk0=R&B95SVkU>b=dDNSxD_s
zw2+G@g&3wP6}=uiH?{HZJ9H;YapYj5=yOon=k-Tx3HqAaFnc?|(1$DDQMK-(lT3#6
zr4|s&p+S6}ms@l3=ljmD5>2|uYCQNN6-EM_hqMpAhA%AW6lmb9rEkaDkGYG#Awz}8
z*RBaKNI#+2<Y9x`p;u%BxdmVZ=z164+g=B~cBLk4dC+dW<jcw3Go!z^naACAINbk2
zWdC{;-J^GR**~TmAY~)=MJRc)?YC5%UNn##^u9XwpQeRqp<SI!?w#!=#$M$^@DLQI
zx3Ny<NCg`7(w#W?9kqw?Mz_HO%n>R)TY-ngvU-zM1nU9UKn+t4g);>qohg8Y5C-BP
z2!zP{nDsueIl+s8-S6WTuA<kdB;X!R0nrnCLAz1Fe?#Duf1NN0yfF~OL>b1XqkJX|
zzn}{+89A6A#FG{fH+y?PM<fWe|9%(*HXFdM6!ZoNl}09FhG>x&*PtHJk1gm}m8G<m
zP%+Upwg{EsjZIS8fC_#7VGTIulTlz8<ZAqdL;1nAP&cF#D0XP2oU-@x6mKK80HVg#
zXw|%2KX2hcWVk2RFmULw?!Dtng?dkYbJh7a^=$Wz_2JQDr*my9)YI!auX5TmP2`8I
zL_GWSC!YPq1JOaW;(QlN+2fvAC;mEwkk-(hj(o2Z9bAsj!9{EHP4Y{;q_(Zs#ofMo
z!Vz3gXnvShA)m`=cWm;ge6w)|oBapr_H;*^u4x@{_e}8@*>)O-8C41|ONVya;5+Ec
z5h8k%_@Zppe#d8Dc6&-0<FxM0W~Iq+-zq=Z29w8i`~j8m3TtFXKNJQ%HcYV{r6OOE
zL33n<We(c@tq0w5pL3orX1HZ;`&pSgtlgmUL^I5AU%XGk{P#?~Bz;7VhyD`yF+9LA
zNg0{p%k*tTyV!d_w)FM4D=YzBPV4eSx3f9kfi!N6%IM({9ZT0Nr5Alj4q96Y;)c(*
zns)eLF92b2rQ#HKbS^MJ9taANA?qmCF#9N3HRC>eANQb_+W1lDqsBFa2gvA3agN>t
z-5bor-XzglM!HN-UmPxc)pA*%#$O(3&=<%LrO2r7aMUEpW2ZhPiv2L@DWK=ff+Rd$
z32PZEz5KgIi$1PVb%@`2>ncYsdqoBwE%F=ZBnRfbwW)7%zv?uL+HB1l;GaS)p2m5^
zk_r;dqu{eysOx^Z=+i!4dv0nwbj4;l?B>!crD6?4?*x7YH|Rs;fSoDmX+4g|9#><D
zYYJquhvGrACh>|SUC|8#RL@x4P&rP_#<n=gERlaEHrK~8KJ#UrHv7q$-_0c%^fP17
zRj20kMcHYwtmw04PnZ#F_Yv~1+5<)Q^@RLbE)bW`(v2sy>#fSINk@T@Lfx4Nqpx`)
z9XnUjg6v#|No(8SI5nL@rY7I#2Ok4s^=ND-KX9(u=VrR*EYl?IJGe$Yah!*QqwAlV
zN0LK)5@9l8>3ueyNLHl5w;nT)_zDqs--#JBRWIFs+15@rnUwQY1?oa0)T>1^^SmY+
z`Q@%Nt&6~}ug)n;w_wrs^%`|lhSLfCEs3F~$Vg@E9B*VQ889Zs-uHA9`ubB-;0nI#
zbEapnlp<>ZG9``UDyCh4n=r)}dVoPD6-W|exh=CHkG(6|U3_7>!?0-y{LglERFK}V
zkdu8aFgdv_>Y!JaQxxKMMCY=(_aJ+EJ_uRj?KvXHeY@f}`qLJA_e}BzCWh5&^F&}c
zG&9c1RD2uHVk$*A<I@@;M1CRQ?V@8V_)#kVoNKTuszM)QZ^jzfr=wkyE7)LuGjKeS
z!F&0y9&&l~k%#Qa96DAvbd3Fz2xjb6_ugwlA;0;5Vxj;WRiP8;<?~6*Uz%T_e%j66
zT}1u2+Vxj##aY(5#*I%2rd@>O+TBDHnYcmNaoVJ4AWOURHR@^c_v^IcXjKqwKyRQy
zbIrBrZK!{a9WoP2H4Un?G;ILa0rxG8tk60@LJv4yn9(vO$Hyyr_?|1~QeqiiAC?UR
zY+xc9YKL+`92FB#wv^t|$=>8M!Cu%Ef-pKF1Zu!Q+6lX&+kl=0MgU4Xl=8m?o<K+r
z<@3PB=H7h|L^#Own0fReJ{`M(+CeRe&q4rp$%OIw^cF*3%IBV|rzzv=Yl`)8PKtNr
z84TcyI)q6EbU_6ZCMYtY3g^Hj%pxmDiAlB!FtlJ3Y^K|x7P`e4>jU3+5U+fR%J^I9
zx>Q$uIRnfYq6#M-vM)Kh`M@hbZ0})sHR3IaY?Zl3L|ak`dyWasLN6e>1bQTtWQMpP
z)G33%sF21Ahsj(vr^Oe#4cD#CV`l>C6N%F+-zaS-r|uV6Y|9=HM!kaTqU_3~7UH2=
zoTFx<KjX(A1|$HLd0v4+#0WsM0>T4w%N1;cj+6P_Y{Ygd4iDw~mmD<&A9fnuf3Nhg
zVO0-grDIjbok<kmAAAOp9?UBQV?qF_i)+5-cek0@O@@H*hiw<cn=ZiT0knG0^3iEG
zI_`ofKFWfW5K+MlHMg0W@duyTmRy8}(Upp}RGi9Lxjl*mXxU&>C8CyoTz^evYarR6
zMKM+=xPG(BW<n1RFxMJTP8hvA!&&hrhdVUVtq}v(9(wq@$(q`@wCx}s_ly$veM0+N
zplBDm9rwv<lZ4b!=!WrzNn5h%^NL)2RfjnK9qxa3o(Vsqw?=Bu@_RcY9EB3+4R|95
z?_<WlAUC=^fDP$Nxax_+hjrU0Yh#ztT@GcubDUdtHe!*(<s`g4Tapw)Ks@*3W)l`p
zjH>cFXFhXBLn_(k*}Ez@#r2ul+Pycd(2Se*Da^PWI{DMppZh}4V{6;7&&u)W)_FJt
z&=B%jE~zYAQlNIiiz42oMTTTUu~+80WzC0=aPZPaoUFYGI+2e06VYGC7*0mbWI_kG
zGp&6Kg8ts)f^W##n<_JTw1{AzbrPwf_S6@@J-5Cl?tTO2i(WSTD4*YD*R-ibrXd{*
zsn~U&KKDWce=dNe9?^(K=)_|>Fo}-KAn=n!C<AE@H=xVfvE6g*&&;8k*8&vuY3Vy>
zbx7P|JShJ@doHyBth~X5PP0n$actBBH`V}sObV#ui`$UMm|3ca<k$Ce39v|krAy}w
z;OsNa*TiJfOWn>v^C(v0@`U1^nDL#gsdS46nstfiPJ#eERe)k><j1tA`e@taVP<7=
zhkA}%SWE4CP0lKynjOmw!TeW0?i4S_{r{OQo=5Mr1Mz1(mypf0pWd|J;hV9X9F<(s
z4(~iUtiZIev!#ac8xNG)!GIYDJe6^u6&H00F0L6N&t3#x9|{@d>S7Z;>oU)$3w?;G
z0vm8s$gHnm`b=tvPHa!ptlQe5n*Pv72(SVjS_>}Tfbm(P8R`5wW>Ryx@{5oLYFhnk
zFhFD?hRD&&_<k;8B(%LoJ%5_YBsjH|&3Dd{d*Np$NDoZ;({+zkl*82TuD3?A)gs<i
z?XjM(mg-=|$Q&y*#}iWk-MI}?z7UKOA>Np|2E0<e4g2T@{9_*{Dh4j$WzU!%R)h#1
zM1H0;y<d>!uO<`X+QkNRTSLs7<D=W46{MeDLW76}>fb3K&HGQQ0<;<vQ)pGLSNRA{
z9#^zuC7<wU&Uy=-?1m!Jpq^5?biN=!`#StAOBwokhYB1oPlV>sU<@%>4VZy3{rigG
z2{01~8bn~QL4ct6ehag_-+KQ7Y`<^+dHt`w?+=Ov-aMe0KsbHhlqMqx+p5a<2ZJXm
z-5_dH1-u&SDU^`p%r0M{W;o(;Uc`UI`|9Pqq=2x|cr3rpPQ?Ptz}2`9C#!_Kh=b`*
z@`)(vVi8`irz6vOL(Rq;>ckxn6g#!Ers|rRZv(qN7<MZpWM1J;T0B_h?wWjeEnuuU
zGC{quKQF6ti{q#D6s053Co1t{Yi15Z^_txdJ(ulX?iQtHLdVM5fEF~5ouz4nHr@XA
zVllvZLbf3v-nPuX4Jg@5J5|c(2Oa^(%!@5lVXG3Jc~Lfyl={3!8tl+l^gL_4H~4tX
zhYJ@Lqlc`#-|rs))4pExheJJcgSr{*?^fTH^%m*UI#h9lUOJQ8^2h)JQNR*2C{gu#
zDkS^!q5b;V52%f&Fl6*Xd)ilS>9jPE`EGH`{)B!#(h9GaIPK@$wM=Pling_FEQk>F
z(w>+t(E>lIMDCg?A}XKO_UbNrLD#tLP@Vj=MH#xP$+PbdH~d-sRp?_YpLIUUzryK0
zvB0rzM6-JGpU~gk8f}3aOO#EyB1lX~)T(l+gp=Lni@ReQMce;bjcZhje|8X|0p9^d
z(a_SnO6l|$^qL#09ET}%r2kL)j9;@;4_}>B<7qd^uC%e?KVLvhz&B~6=HaSs@YZI5
z`xX>Rmhzw1R=4DSZPS31xb1gb>|%4+<+qt3O_>0zyrIO~uC(kJ0=NT~ptXkJqsy$l
zJ-TaOnXsVRwy=SJLit59TyR5k=g+?nXm%>3-0uZF(_n>$ee*d3=Y8jfcY#@ANk|^8
zn4aM!cli>`FCj(BlL^^@lUDEs))5r8Ib$-1HQ>!WzrT+MKj*&2$PbZ9zsGb<5EXlz
zEE>G5=ycQz75#;ub9#h^a}L{+;fY$i+#J8kg<j>@C{p&}7dN0|iWrmPRJXm~DrN#2
z$BZ#ULx5X^C!n2P=FEa2K4G5=ec{HYxutI=PBz)9Zwih{-Wt&#rJP6xRorGm&Wy84
zrvo)AG1EEfn8H5fEE)}2n@LjE&p#U8esY-(s>-)PTsv^A89>i39AE&;YQ)4%1nf5G
zBqN>qJLNkqO3%+~RV9w?$ze{w6$u_jF|=>rCC2$i_WCor`G?63stOHV)hTQ#R;Oue
zl)jeX+bQ4q<Y>Ihiw*wK5ilzdP<(>uIrll-Ee~qILqIvKEWzv>0+$`5B1fKdO?WJG
zT%JtDuJ-nZM}ZIS#Z^zdaA01ok;JNYS8(fnFy;68^o)4`0lrPO_|SR7%%VKt|G1b2
zshfv<7p+cy9_E^qT>zk1Y1#GPja(<WxVBB#>$)K~j1pIP0%w^r!q2*K&7xo<_4NMK
z9ToV8%{i>;fm>Hr__~0$c^9$~JM(BRI77gY2tjoFjf*S_c=^~YKU742K3g^Oj@uh~
zo7SB7Yqv&ZLEn`nI@7+H>?W7avf4s58J9RGS(P0af|V2m=5jqYiU1u%!~9K!{7U)%
zb3UK?SK6BVpJ1782O-DQMag3H*Bzp2M%-|XPluLHx6cM+KtTNa4Di2=%LMvOcEJMS
z3oko|@NwDS)FR%1B~VaBmKx=5c3{okq^IWE4SxsqPmwDE#J!=Ejsztt$A5r>|7Xu`
z()s=`7|dt6Mv?innhsORjq<bPq+EM5jC3Q=`{)arK}1X_Qlv#?!4^YhK;Y_Y)MZ%J
zMH_sUWf~IZ{=8(Sz^24K8Q!>R+Sxvt;}EmnqP^9lhiCoZCX%4$2)_Ma<H+GkabgD@
zyj{qN*kbLo4u}@kwz>T}o%xSxmtzp^fkQh)n#+wCd31o)caDG!&1wQZ3k!}?YlSCP
zi({Bxujq4uo=MI0Dqa*m)s=q4x@vZO*yOHoq_doTwkhBbGTbP6`qn1$TTw)e;-P7!
zD%jZKAEq|@#JpvOA9`w7aQ?Yf`fCBrE8_~#I1l`>LO4>*gZV{qrDUGonmhz}ep&st
zMI)Dz)42rnm}S;|HnpeLzNUg~+&W6TzbK2yFTg2fx}5)f=YT)fX}h^w-62*8GuqPu
z`=f@Qd5iD`tUeh~^Nk(%N*9E^FicwE&bjmBBi4ZE*qI{Yy}fJI%JoFZrHo7LrPS7o
zvbo#nk|KoEVsr<zt<xTTj>7!y%l~nSKk<sJ3W*SWhwb54#U|?{eO^*W2XLhJ#06^v
ze(^9f{^&ke2+vrUvg^Q5mz~;zNj}1$VXFoIp*hOF({2z8wrW3XNJIxOq32jdlbh*J
zJ;gWZRXGcUlRHZSQ;jhfoNUA}MzCQ~()zaO%fQqiEW#ivS(!&`erbjf6b!yIAkhEu
zFTDJq?<(M+$JwgW^K%^u)4ef!Jpmwtt0qTXPGldYC7p^A=T2%S=1q6%zqWntV10hQ
zpi*Ya+LS>|CV*i5IH~Bg$J5_@4GOiTUhDN)yD{P<F=~XD-x=}!E)jGTA$7#Vc@vn>
znG4w8)L$7wJ_9SO*oa?R_@dBPTKm~4<jyg*${0hEnVPSIkg9`LDDFN_tekkwD+~rX
znIz^3eODMdVZTH92NgbR3<b@b#D^x;TXpbt2Co+8)x1rF`>W|3O;-(ag$o_h8W0$h
zH&CnbP5QK(bHOib1TbI$Hy$5HZMp5#6pR1q>L<4G`Q&Yr=2km4liIrT;D8S3XXPl(
zF8`l8ATL-Y;2+sRcjlOeZ||vRjvsFVDdQx;|7ol@GPwu|H7{`1R<9~2*m##>yN|O7
z)j*9edAe{iIk^I>dPdVnKVamZsCA#KmVU!QNae+g5H_B>BMP{nq@3j9$Mj6VSZw|i
zGBD(O@?8{8$DdvkZCzXz_^Ajkv}dUy^eZ=eHn5)YP4;L+U(4iUC|?Q+ct-bb^@$t<
zV}`Vx27F{Ta!FB7S8s5r8st>u8k6*6l|l4jv(jqN&_IbF`yK7qfwZtYNHP%`l8&FL
zZ6B^Z+`ymZygtv?$MU0^hvo#$=Le1dJH7YXT6*TM`_j>>E~dxS)C&AG@ai77HrSo(
zpQ$2;r95TAxS!opB+dh&uhcYN{X>PQJavKv-fc#2K!ZpQ=#==c;{mh$^cpADfjnGZ
z2Q3tQ<2reBTQrOT2p|>&NbU!~)-e+?I{6}r$<*tP$_f4xZ_l{V()py}6%R2nR9L*-
zrwd55QU9|_lWwfl4-i_K?*Q4rzZ*t(QcmJ$C&mtAIDg3nWKA}3!=U`%5F<F>h0a43
zn=-nceut9^<*0BXx?GKwb~?pwh*+SM@q+fhQTpE-PVK*gt(*Mc-}?XY8k`NzbCRGF
zH-e_X9ax^6Oj-{_-5OJb7v9Fq2Nn_t$ce9^e_bXBgxXjZc>UTLApn#sL`9W>r5CU`
zhdFrA-6?BKCQ?7iqmx8G-H?8+a%AU`=IS4N{j^_pXwv@v(L}5vm#^<Tm2#RI$Xu@q
zEWyDJ-H*p7IcpeXhA4D9potAjx2Ch#%~N|laF5P^W*FsMPKF{Y+~Th*5jJ)F7ON#M
z7a%r59qaRiQA_kp=oE6=HDO=AndoHyggW4#yVxaGIp8ApED_>vV4w0x^N+sFX>l1p
zqyy?YHTsPTeh&DYy-u`EdR@O!gj%wJ{RhmizyJl~*KPeuDumi=A_HxW(INb#TDoti
zFcNlR(De?aaHC4q5|QReZF3j7E?;xUc%+s|77@MZGO)B=zk*jptRMk979D`WW6M1L
zZ>&L_)@GYjjKyEhUo9)!g!opb5r(;CI)&*4{mBYGsQ(*R_--IZH7%jTTcQY{SW$fp
z-)BG6#<_f0AWShnd`o1cUc^%a1L?jUfbj9|sHdj4+p)Nt6@S5dgy>(~+Ws3~wi^sd
z0iK%E9in*_rBi0NVp6(N>LtQXyf6&Z3VFX89h<)6<id43wrr(#?+a73CF0zc0+pof
zHY9Q8uq^@a909wMki&&ft<bD+!ZLoDL4?;B=G0<y4HF&o$3EF_T)LhS4(HV8bnN8<
zbns^65vUw&sYD*#Jj3r_dAYmg3)B4-JDKp9*_QdQf%j$yycTFm)Zu3~=_FH~h)CuJ
zFtv1Whs3AA4e0qhhzL8OpHX1V$rHW=b9?&uTC-1it!vB;PiUR|N3Z6<yp!p0K&Bbu
z>+tg)`4EeQiTurGIVw<liikl6-OwyaW;Psu5AwhCtN@CzNhQVCpizg8JmkJ{aps}8
z?^`CA_g}$JjbZG4Dc|yPFd-+1#5p4OD#i|<uSWe1M-N;;dREtrtzaXn=#PE7sspo8
z{XUoc)5r8)UT+@Jj7%O6G;}LC_NE0fy-dXKK-WLaN*F#&FMXTCt{gKum1fUoR2jma
zqpiqZ=`W2?0Op6`YhDVwqXyWF(~gp>WWcrZ2K0|B{_vt1P{%d#7K0p3GG~4)&IKzb
zZnl|HRTk^<Q`Pu<3VzUK2k?W*KXV<Q0M;2XWlZiA0&`^GCfV`L4dN-aV_rLa0qqpV
zpR_8pp28{%E|?Vu@W>wIs^mPwm>ti(8sL8hY`<Fx>DG-mFg3ZQ9ht<y?*suos&6->
zewH@)1{CD)@HGO>W-pMi1#1hB;)(X<rr}Y>nAm%w6U%wYa<|l<NUqLd!?yy<q+joO
zq)AWAGI$sEUH}mPyTNA>6a9|?wh6Da<fEm84BDgJ1bEhxd1et2y$w0am*3=mC}vWJ
zpDZ`7aeb=w^T2y<BUzwyf?EAS@ky>XjWmNf{2doDF3mz*=yC?X&9yIXhA$|<I39Jl
z&4`v(V$eell!bWnV72A5L`OX+27?0YxC#9||4Z=-XRXLEk8WVG;RF%S2Q8rkzbREI
z*ZZbZ(dQ1+@!0s!8Gy`%hG2D~@=@e4C)y+-?YNV7{GZa&|BKN1-*Aho|BVW~#|!Q{
z0WD$-?r-9)C);{CMYnW)glN}9THVPbg1u5=$b!MzgmG>0_5#An%aUB8XvhM6qANDq
z7wYV@{@_E+E_pH?dF4k+nEts84}ZCHynUPdC)Gab7x$Vj*0mKjH7fJDmd$1yEMGNi
zlD5xk0DC>NVj=sk(F3<sS`PoxZjCBYYv@89E3RsgJef6FyZ*sTlIT>?rO%xmDst`P
z>}%7~`HR@b+t36K$_{j_m6Zj0SOZ{nn)m@6rh@`n_=FmIZ)MO6Jo5GSYu&<BuqtBe
z#8m6ZM>{-@@WUle>dWo(xPx;}j>O?p9nir5tHCW`%K$B6w9D@!lfjY5eoJUvv0jx~
zLoBVdkp-rhsY2vL4~4CHLiaw`EpqkwLl+qkr1zGOmlhcIzVjqve?l*qU`3A4&%e>+
z5llk=jatBx<eG?h?z#oR?=>=jP4t`=oguE%)xe|dTl<;`UUJ{c8!oJ8ArC#eN1W^O
z9`+BrT1>=#`%?oN_~}@)#T*8fb9#_1+X_r8AJd7wV(rFPOX#Y3?;IFd%%$(2kW+x(
zJmM4P^yKYEN57#iXM!oy+UxIh18}c+OT-iqjc>Co6P;?`UOfS{JMWRoimMt}Fp{x;
zW23S7*8ygOU0qUStGAxTNh3e0%ZmD|5r~3DkqN-zK*C|ex&bmBk*12bJ7(##V;pPU
zaiKn!RR(vQZuj|#7V)7b`NFh9wYAr5xbRrHI~1B8%Ae?VD5$X4ydi1|53QU(SglA4
zWO^vYhGH7IMCo|LdB=88oeRr?&zo@JNhd#YeGc2!^cgcU*!9S?+~fP;Q*xJoYT<>{
zjBhESc4M~}8^_`FGNVs;W3g&x;vzP*gbBVz_QTNtlO8(cw;K}^<KK#~xjmm+gP8&b
z8)@kK+Cwz~zj5ahLjtnJt)ALrBpnT{6+0s6Hm&b`_pUc<3)Hn7xx{SL-{-zsde8**
zv(R^2Hdf<jfJ&I&Grt)+l_4m*^Dodfd&#Uik4!Z6RFv|EO-5*sj87%aDNE>C^GRhk
zuDK1JeZy!g>+q{nKQ_=q7IGslz`Gm`D3}}hgm%2r?ikeV^-uk=MXjLNyCF-DlS#X{
zn7MOv-I2^GJ@dGRjt%u<V}~#l6H=y<J(Hn{NKK=8cpiI=iq-axVy@(}nXvnmm+i4l
zPj4@=V}(mUFlYFETz=m%;029LA-TOd_6IflELL>%IAsLooalUPic_2MygNu{TU<{!
zo0{~ZfE^Lx@R{o9{U@Z`=H)KL_nAu{15$P_Xm`m5!FOSRF4Sjq{O;PXWifM1MCde|
zaa*GOg31(Az;tU|^1-()P>G%iK9nV@2=6zBQlCpE6Am;YlR4>|N#2;+*-#S^=U+oy
z2TTd5Zf23vN*s+9>cOI>{L-t=Q2RrtUlED>0Q)V#S5gHUfV)Icey9BkK{mldwZNSW
z2sC5}Ot87^70#lz8a7)G@%0RT-LY2ToWc*Q5ZyrR`|Wdu2K@Jh{`OFw&JG;WjIG}I
z*c|dpzy}4YjtY0e(gyDMg|{m4yIKH>g5lv`&4jQmHHJ_o<3$H{s?jA0q37R5DtMhw
zm&$+gx(1z9TQmYgE_F6xMKV$X*q&sJ;opeqUz76xCl6+&%%-AuMPZnXOlQ53le#&M
zCymkzNVkk5g}*|2Pe3X4Z=u|hDBM7(q10TWhAcv`0IRhnP^T14Zk@OfT|BlL2%JWb
z-D8=ZIVr)rZcn;AwUt<ISjb}aF7&3LkecGo|87lwZVqu`MXHKhGA*%^@hPSIp?vBy
z;C<I_3g%BTx~X0nhsfUH#iO!lJaDB)wU3Ahvq6Ur-Ur;-FKz%X^-(5Ozt1LKOvQaD
z6l-qV#;kF(l1JP@Q&_zQ389Z*=m_ih$BY{FARt56n+Pk!&KZ^=q}H$Fvzl|j5b=fx
zp4t-jU_vLTt`?XJFCc$HfYk>N-NS?Wmp&2O=3%ox)J04O6e?dOPLihC1qj;=+13-#
z!kI#!W&BXVXQYOBW`=z3FhDUm{T2lXC0SOqU9^=k&@G}9z!u<GJ44(g_3ykfOW@jn
z&Nk1Qt<*UaYm!Vd6m1Q%nL;DF9jn^Y9o+0T`FD-Vg^if7^4&#DYPCw{t|SRx2CU$)
z`T}<d0IC`6=}NU*C`@&iY_g`t_<q8a7>7;8>1#?8c_|BVMZ<05pBR$K$r}V{Fb4Ig
z;G2)~6GBcDsqjv~#Ma+sO-<x^0Cy~6bXlT#E5~_io~W5%XP^$O^~eML9OQQaYWEsp
zEc*rh(Vb2f_H$1cCu|nELUzB#bLJ=YW1AvMTBvg?jlFiIxJzc>;ehMO?<GS|wvm<M
zEe+Dwn-TC&ZEqi5QU~MyEny4T56Shu9@&puDGd|07WlIg;@GRyJfo92q!o_<#<z{`
zznc|;eJ(xsxx1)pvDF`_NY0Q&sZM@pkcpZT*@|uKb^>bsF&ddj1}5t4+QWu$U>>zA
zh`tzhqKPPihER%-+vwp#&YBuE;vk@;*`_@FCAstvSm^nbUe!!-;l4Vn#jRsBw-(XC
z<*HN~7{22uuswTFVb8fsBx2WF418CLw)E|F-hhV_@iLS!$chs?c^RKL-50^XRoN6R
zYkj<X&Ut+RpI<fK?aF0a!Wj9}0=zfFo}K2F=mW|+kTsKd{X2oxMr7=^8bRV&yY@co
zQ-3NO47)E51AmZhv+mo$@|hV3*|M{n_2Cm{%`juJy<dR!8K+-Q9ZrsJi))0wO{x?@
zCuKF~u36~dqqS|pZJwxY%4{^VQu;^(fss!d*8vSmF!HaLt+%R<;r>_ba~fc`y%O3@
zoKZ1rQLC7IB?Qf~DjV<pLGHcgk>=SLdGMA><;Hp26<>;KL`T3~EJ-yf&|Oi;<FQ_T
zRXpR{(<*}aQ7KrZtOG`JIqmx-F1B5%V)$Y2&11I2a@Q+sT_cxvu}x1Alzx^v0eCPR
zO?n07Uip-V`VACFo0%|6&3~rfe?4O~07A!|)dh55ns09LBR-aqYkE<>qE-UU1R`l|
z4SghVwu$_$zLMEEDwG6T14K@yQH3u_LCgK0^T@w~(f{Sc``q&{jFTkSvCCRrD4S}O
z^x%Dg;l(u)P_>1)m*f^^GQTBT^&SZYE#E+h2#X0r@kkG~m!J91Rv9-ItD*m?Hyf|l
zehv!9%@g-Yp!xFrsx#%$<E^KGj>8;vPUzzr?r>(dQInn<Le`OObIEkU)wo_ItFom5
zlsk2bHeeDzi3sJM({p8Z$Y~Mf%$H`sFZq52(gLH`bH!obY}-qf_RwJwg;vEuH#<F{
zpP<k05VfF_YltJcuwksqbfPjt)a#-%IKxBE^tC~~tK%yL=Nc;n%`%M^H3An7GIfAe
z5s?=7p5~BKfI;8`n%$P!0PS}mjxfr8mK-#JwWfu6xP!!CCw~7+M;|{-48wK1p6ZGU
zm@K^#587C(gsZNrZJ^koGWn9rJckh+k5B1dOUoD0VDZ1qISVz|tX$v;wHyqDu}xl|
zo=2Y=CL(g47*y&MYA$@##c$sf4aq&k^u=^|BYNfb`9@K2y{=^afeN&sKpG9!ZW8Mo
zPyh)HjFkiTX1@w~Bhi(^_wx$U^$al_1D4Iqueb`Z9*L+A9Dcsj+0!3T>YacrQTTxl
z|NaNyU$}4jY-DP7mWzSQp3rk@x*T{v=ZSWLMMC>8GK}~mmwnZr%mYPKzp%DoCFK)A
zjIX}PPgz8NG%j>41F7lhuK_73xI?sH{%lMe+T<yFuvAUo<=g=sP-z(9hsm4Jk>btt
zyyv_$YNpVS1oW}#+|AXLBWv4B?Yig#*<#XsqC;H^U=dSD-TWHf)$~y(3+=cF_ipm`
zUFgWorbadpbK)i#hHa$od)6<V%S_pGuEo^WT`6B<LXw!^OlCHwxvYnPt$ULoUYD-f
zv&cL={1B*Z{qo$~$4@2A1}u(|h9U94j&koYXWQDv7uu-V$bJ=ac3va2ag>Y<xo1W2
z!B=mkd8p8DLsL9`0+$dZ*Uj#b6^o*dR7;o8sP+pWMb4Aj#_KyBa026I2j+Sl=w*ya
zfd4Tvy-z>M*da>g+OqE&)wB-}M}Q@_b39-25aHgtHR!1UkGnT5$-qW!a0J}?PGMiV
z!e-ExR-=REUT59qg_MJyTPHi?mi`T)<Xz_u8-fpAX~FvWeWZsXOyvI625fx{75;T~
zjqv?N&-h787{6;RMEZNj1Pto01+}<c(aPl8>YOPa2U$loc_HAb3k<^gw-UYvdd3xj
z^i9t<q`fm^WTLKhqsf#s)2UPpB=Z``OEa&qnrdO!w=EDf#q0|Cye-+wP6?_%Mvll2
zq~Ud1B*!@uKH^jfw02A_gftt}es-EnL@lqD0SDG#*E9}3Fz_+0Y50=$3CnOm^Q;O=
zgRD|n*z)v5kR7*#f4$8U3M^rVJ7G}=!iCUOjekT2`hf+wxc``m%~zXMMgG2bTnT{-
zg?coM86O#;+N{LGg`G>kc1TJ&IBIoEpHW#D#+?%sciJ+fG8|}$X@r65AO)x0-OIt@
zPMb(?LhN)SppqA_&$Xl-R@48O4JB^`I_%d1s@!|q*SIEIeKVAR&TdWQm3uv6D>9NU
z0@d&THn7-9J44kxHThIBha8<;f2JK>U#T+IkQ508J+)bCIM$Sq?$e_c%jtB6rog^I
zrg3<bdry-VWOp(Iu&Lg+|2gme-{R~4=iD6x)W2ZSf4>RjLI2)*-%Xfu6rV1^q(CnQ
z%(EtbXC)dt*{c+y@_SBuWGwsiBETAe?(|>neO`$V-Ao@RLrMRZSoHJ_>>EQy87?`h
zjh^n*@`Z^ReI{~=kCNt0?%I4%<ZNi_Iv<GJ<`RzDcGcQWmR_wN53O@M3I}dw`jm%y
zfaV3t&NzCV5QP(Uk|$>UY|HR3y^#}bh6S&6zQaV&p_7~C{1FrF6xM3L&EeiKu}eBI
z-yiV4Pkihjj==C<%lYv{mhWy|VM4XrXCSGqK_7fA#MK~I8He~WT?Y|>LEzKZ8Ylph
z7zD9TrOHT8Bv`zS+AT7OzSr5pm=OzR!`+N;*kr4^u)f=Vt_H5JLuan0{3$kVIbBnv
z8edsSBn(cMJ?(ZRK;D+zvXeT;1b;8e*kgg2hex6#C;Ad0u5lRIFT@D1eq=5eZ$~V{
ztM+)<eT4XPhWXti6^~{tt-zE@tUAd|{lJvAl!E$Y+u~b2<oCtML&2AjG(u7botO1F
zCfc>vy{^aMN_AnxLPvgQi_iZc?ajlQNY}OBs!CN-8Gs5TOwCY<phZLk0R=>@ghUY>
zDwwFCpdu=wt)Mu&v{Hb^I3W!Vv_la^W7Jl0MqP@EA}wuDv0Ik|jc6m?x*WUJt*rCX
zYk%Kfd-%?|&N=l5LtTlI>8a;^-uwRDuRM#3E|NPpeKV6fVAb<z@XiwCgmziMLV2B6
z>Ln~7xEdNx3rw&sD4sVdpo>1mk_|Cnaz|)eS@lV6x`T`Ktb~inLz3cmp6uNi2AXFv
z4$ch(zNcD2fk|49((D5!UDl$Ng1E21-&nn+jUBx2>L;g9J1<-W0v!V?hnFiv>zNUg
z<DCjc-y8*0&`MbuM9NzB)eAD2v0I+wJ!DLV?`o~v#n;-Tm?h+T4?FA{tst)UX}9e`
zt}M`}5LgN|D`i$aytM|-bAaoXabQxvhz;Vun2;ck5Ip)d0Iw;uzWpRzDnIzIx$?Iq
z*c?r<A0yUSqC4%JFci`*pa*?amtC1iS*99I3hApkjvnclhtVV+(u~^fTLT=S=7HIX
zcSZ_alMFh%trI>_!~gg;Df#80LfQv_C#GvO13g+?%#|qppg{~ibBMyL$Y{>MYt_QT
z^@?0Dg#wRU>j&(JE9|jg4exjT1GRhU)?1d-cKI@O(dZcWT#JjR?V2QzMHGaGg^bpF
z1`z^C``Uo1ITgIEq?C@Z2-9~mninI9VFJJ7Y5)W*(uunqyZ_e4y*e)^hJU$}MnLpt
z${R@VhPyYYy!vlcxC<&Zug^b}`}*_#>P@rkZp+9(!tIxLOql=jO-ZVa&s}kytiaRN
z;k`2%ieFgl(VkWGj8$WV;P^x0myz-6Y9KHLN)QClGKbbe&{js{+u>N{f0u>^+Q_KV
zuc?q6b+vMKM={Cp77*VCza}4b3RW!wFjk}BLkH^u+Kf?FTut$QeG5fXFOuu~q_NPV
z0VaXJ5#G&B&Zk%H%+pM`j)nig5f5Dba#Y_}N;2;dxolygivTO`e(V*}dZ3OlB!f<-
zojYn28%D2J3M&vj89$R|Gm$H~tfdbXI>Rp2Uu@&MJGXy1thgH$(9Epv+YDQ-yHM{M
z>Dn^-wT|B{t|=epc0E>0$C$!;p2%lk$Lyg{D1cmDuV~yAlAPO6<wQ#@IVe!m=>NS$
z{kLy|XaDRdmoo$ibwEWqD5`}OK&B*5?JkVFd6LWo>iBN46VcjT691)$0*a2lTf;=t
z#Q>GaaSR_ru2cw|@XvbGy96xaPH7|fQ@{s>{If7?7`g-5(7h$(NF~!tduNc<4O%H8
z)xp!DSH-3%&<>#|Dr|R2?vL(yrgif2mMK-^`i&~Jo?eral8&vl>IE6cO<9R1&rMS_
z#hF-kzk)=D{(6jw@;glmeH+7=w#{bA)FJz{ss0}vnB|T}k&q5W9XnO0_gAMld3aQw
zs!-hN5H6;{tn1)CG&^am)xG}x(IoF6k-Js)wOh``%`aY=`mt^<Tiw-U^7IjAOw4z-
zs?UGb2%?--&!gs#xlYe4SfJx((p;P2jKd_;*^ks>-#SIr)zHztPF1$$l_BJk>T0Jn
z*+j@5qHYB$O!=0H^<PD|O?lty5LaIq#nyeBk{}r7m=FG`LU)|#=-Wx8=6|X1R-GXe
zPaoCelOOM=SJP{|Z0N143X!swhm_ikHVZoW#u9$tm%Bi{-AG<EGLub$I^&QnUWq%D
zbl*#5*8U-ZjBD$B14b%!jZk)+Mm9J%U>GMY)K7j5q_#yTxejN{etj4&`@#r@G(qwQ
zm#k9)8NtQpAaiZb4$L*`=Li3Q_8aOUH7fCc?3AXz*7o(}Hj7T_I<1#J-|@~YX?BmH
zH==lqHvJ44Stu`xTxhp*=tC{E6zr|5$2WcUg6peV`Q5`u2vs&{$}OA7-4S@HT9#~?
zGPKQcYKs0!C_?4h40q`0n<2(4o2Jo`vb<0z9t4B<#*DK;ds^iBwqKm^zRwP}6+{yP
ze{;bAy4RhL<614y>798tsqf};UFeOj256E0-6}{x_q4i0%Xlb3LPo;->zVJo+SwJG
z4wd`#-Q!(kKVmtt4Qdles&=0#FcTY&7b3oC)~Zj7?-BuN=a`{KXKtaVPDmq?dEVfQ
z3><-%3+}gPLXm(wR;d#|FAbjr8vdK#Ie2uQ+2g%YH}nYS2|VFRpBY(-B+<$BkL<#G
zi;6EQi<2r8^3Klv&l}37+=1YQBcNFKTu0TRX)%Jd203FTC)h*~o7;u+aoit3;F;^S
zGKARLc7xmI&eDg>>geb@I*H%o0}c`@T9Lx;x%*cM)b|Hl(NdF0+0UpQM-`15I!D7+
zP5@RjHPm&>wr>21Y9v07_X(|Zvg|X$S6-(b6cYOZkh`+3I;<-n%rY^@<Rh7(^^Z-8
z(}|1@C69l<MhmE~x_ZTicKy3QbYa%n2OGwCrmh`d#Vq{&^QPq74z6<0Cc@=qGKYw%
zHH*v5zoa<WS!U)L&uur3tF-r9#iPQ!OylIwDXjjaLt78T;#G*9QI%>4L_8!!bj9bD
z!C!rcwt|s<V{EMi>a;X&XGRa_xFa=UpIU*GoW$A%OHbgtZ!|xJq8)1%eXy^4)7wn1
z&cT<|a@$OF6Bu7XF&C~wmoG%jvC$pYNDvWQ7jVZM8FWV*5IMjJPu8%hzH}^oR)KIa
zHNaEf_n~n}o6Y>_6s>+zCVqZG@8}(wJ-G#qn7EdwWqHJ)LAy<3bh(@Y`BA$vjq~2n
zSuTo5e#?kwTPb*dA^wbwp`8#g$@2vOhbpPTZAS~~Xx>D*zo!!!Yzm@viZ^UF0LIh6
zVxgi28x)`BAau}Pt2fiV&Hpb4uOT@3WZ=IP%0P<uLPIYnYU0cL<`4lHx#4zB55kic
z?CNkF{7Pq%Uyk>5c)K~-VU>8gqSX>ZE846^r4fVCKNX?qe?3G7xjViO?VfCCEI35Y
zr#Dyf=@72~wH5TNK6EXjdS!^`Q7LIgZgl@qIs|hO5tcfb05$v1BL8Qf`_G=($3O@e
zQVR&VRKRR5lMdau$rJ$K5-;{_tQ28Lm2t7dlTAlV9yX>O+y?jPz8jdG$}v#w%jHG`
zGh))v7+vv|djc(ZD<2D7OgZ3%im{sYa}9r`I>?28dv<7wJzK6g#u?!(3@h#NuCoep
z5RY=Jht<O;oa%d)J*03^tQMNAr4`GZ-cR(fR~|p$b&Yh&;d(T@A?!!H;OJH=yv(|e
zyEDiY$J2dh@$0b;8}8BOq*mOLmE$u`C~$`fS8eQM1V-rMlSvBY<#mUh0^tnMvpy&Q
z^7N!l!<<micN7FRN}(U=RkM0xr6%Ct2mBJ6a@G-3o1rDVkAsFh=|e=|O@v$d;SQZ2
z#@P1ACv{qr__QJ$|N8*O-GLS5ah1+B!wqAzFPEw3S5GlRDCoeHt$+rgk$t`+7^Y1x
z^^Gwj%ce0sQYxUW7!$j!Ttak|<XWcp2Ot?AT`xVHg$p*uK!6M(v&^Bq%f02qscTJ&
zm^Kv_GO*IFvfh4X+cVJ)EGuqa%}8%!A=0bTf5Lk`G;tMg=b>C)JNjyh73yV@K#sV5
zX4tYX1_?=LVwnJ>!N<g43iv)-&tUM;DRqzs8bc;N)RLR4v@_L8;gC@HAQ7~Byrc-e
zMSvGG`1&O>`0UBX;zY;3-pTZgB0YX+<8^4jq=%B2dAl{<ZT7Ia50RUDl)B4$(D&a`
zXDzj_l1OeDC8=-dJ@>HeVW?PXho(=X;rqWcpn(I<Us|7GVXjWSuB$-(I~>b%*^oiy
z-tkUVFbI+;di0=F3iik0*N2}2_Eb_<30(I+%NjDEGORznzlR;DdtDG(G(CrimgkJQ
zb-R`Q0S7Y`uy^H&FTlb_4=J<zlhqavlL$oNtqUvAD@O1`&n@Kx-3ZOZH5c?kC0)6g
z1b|$CH`e>DRbn4CpnZqBs%TDWv{cK*D}0zB`ycJj-9bNfaNj0C^MM#E3XorSg+g&p
zoRZj%hR|NaP3Xny6k%mKvuiD?3r+)}GND==HphybB2Uoj*YN&Ur1x-&Bz}~HiF`U8
z{;}nrRW&6BGAK`|ldHW8%@MCnayA+detnm53;Mmyrfuhfl)K4lCpVxwN}BjO2YUD&
zF;sR}<Is<*WD9F0v_2WTq^VIgp~v4C{9jPm^BjC8-8YW{2^nPMLfVOLqGVhYPcO5r
zG59iS;>uU{3a<=xc=rXdp1?BdB&Cy^k$Ppi+&{n!ujhn@wTkft=Uu}DtpsX)#z(I>
zZVJ8%Oe;T`NTG<s1)GESGJ@mH%&NFbh16^1J;9emCN+P*F$wH7c-(qQ_s4~GcrH7O
z!qEM6SMr`k-n3630a_DiqV%zy1G(ruf2;+By)sR%p;U%plnS(m@%(%sv9CyB4W)6s
ze<LOXj>}EMyS+(7Iu2yRD!N!aLqQ7}1U>50jJOfK_Mtcv?*s(D|9s%wBZXK?Xq;v3
zJbN@pN+NSXHZ#9rnb};V*T+m#gx_L^R@m`8dFm06M1eIcVfddWsDIyy`j2lB-R<h`
zRGwT8${+^pPk+j?tYr6Gm;(+|^?C~Tv_!C0wbc`tn$+vMtETl|8gFn*4r~6i!JP@D
zOd$pYwhSl-{>WZuiaRWI5Y>lBwo4184%`b&Cp*AD0>V@QW)zs^yJb%~;u_f0w+_+*
zokZNNgWR}V8e7iXVLH<7n{@SwwPo1d563b^uGpFr6+Mg7I&3pRjkKRB_?i)mGy@+J
zAniiEVQ9w2N{8TJ8QA4C8VzcPi4SMr{+m;<9;^nLz+w&dljk%j`if0NW2aYi1oSaM
zzhN)AGk3v+Ot`4Sa;YJ}%}@bN90wHJ-cD$rQu~svJI!mo4A@g#LAIDk??3{6xi($l
zmJ6;vaT~1R{=6W90OGF69BBQkcF2j0VpJMS3?4vl$wAns56E>1=_LQUi1OXG)5<`u
zDPXldt#sHL?eHZ&W`XLv2zJ7==a!0$T9p9g+QlsrqC`V=zqfkQD+juAwAuxM@NoHM
z8`y4nK}`mxy;GeI0-H6ynOHp4Y?|fI|0Su!=#8Fxh)D3nzs}@izVt(n`SsThSAJK@
z`X5qDpw%mKp(KzOIBOTGeH<KO&KDHZ7u(tK%ZKUR)o<9L00@+LrnAAFdfdTgIOGY-
zT>)8JFnC{A%3Ad<^EP7k<e8(Kkh`h^k1N4GK16Pq1;cIy(jf!i(>*>Ei-cy}!KfbF
zp}T+3ve$a|KqE4DfeHD#PT<T&zkfhsd$RU9orXCk!RV2*oncEi=g6Nr8}>i%X{EN|
zMIB7A54m;s>v7n;(b5Y_!TV+u%{YnksvWMho4N&h-$d|Q;7zGxD(zc`y#Cn<J!x?r
zP}Y)kKHy+G(3|y0^=bg?ftHU}wObTjDr_SFO5I;MjUJd_rBQN2-H8hG_-$wGDqR~_
z%nOB6Mk=D4A{?CPE4W@!v<}FDr>4B87f)@lhp}x=@#g(&k(`-MweZTZm8P^CBg0wW
z`gf*5vYWSU+>mPPxAroSoQJMBO)@}#J7U75k*cs^8z@=d>x!=MJa+t(1It}%=o~MX
zUnfov>cPPW9dhj$uX+V}{fVULoIeFS9{_3C9vEMn3Pzm!P-dk42g?kK-FD(3wt5*@
zxz`~@*CEi?gS{On&*Jk1m9LIS-mmCSI}R30L_y{p$+0i}pMfrpiYoL-eXR`ww<9K<
zbxJN?{G!8i<BZT&VS}*Wmr{>eZ@_GQm&xPl{oZd3bm4i0$h(GzE{p|CqeA3ruA2k{
zTdP|)te{jc_IKI<jXJQaoY^Mptz(l{-X_=enP!;(;7&^^Sbv95#N@l3ju$O*^=6~#
zW`Ls(jlSD~tiBFi+(!3V;Sg>IX;t1!=(9$IAd4k5lNx0n8wUC>N7Yh3>AXv00Y&rH
zyK-RxCERo!ffC4#hi2Ojf05%=om>V=e)qNzY4Kdp+TEvCRi>k}4Y`AJiKKBVYWL}t
zA#|xAc%LcFLy*QwMR_y@A0AzaZiujC72@(doZbM8WbuViOAQ1j`wmmmeQjPo-PO-T
zd`YlxqYIuDyOl~an0^PVkcUi&PK0`DY)L$xNYFQ~HECyeQDjs-lYd#&pI$Y+jh%GD
zIosw<dYPenXZVsLf*6CLrNC_Za`SoDCD-%@^cn`prt{13Ie35$9iWhsNu&<9k$at_
z#<D~kP=r_IEhY_f*olwp;JWIOF5zZ+^VfvxG|-v<*F%DUOvuiXpZJ0gYJNr~Im{-E
zVfHAbxvv~?(D^--@UF(1d7<6*)q+>Lo`!AbOykc)Z?uIBg)V^z6EGH`|J7mjU%KBk
zM($2^4<7zhpZ@FrY)8P^KaYP3Q~%d*;FOI_03el86^ynLfu)&DijXd7Q5aEazp5FG
z39-}zk#)a+-q!+F;V`Pmf%S@H5V2$R2B4)vZR(FEuds0W<PnQzjpo!NHe$-CDeo?V
zfap`V7cRKHHrD0VD@dH~j2VpE{7jiyNBBYhgxdZo&k-fewTCZ?b&bf|KYZ$73fQ2I
zHyfw^4q5_R@jFICHkl;@%Fq=Zz?ceD@(eYh4g#W9(cuu<i*Z1~Tsh`ZCkU7~-E=&7
zgab(`G1y4|5fzZt8emT9g=?Q4o<W~8V!@pNvnZcHZgfh4&6n_l4;AXFu>EZ;3f_-#
z<evK-!ecrv?!29m`J8kR0h!R-T_HZK7t;Vg$Yb$byP&j}6FW^F#{-l)4L^7v$ES|l
zPR0O<L-T3A;#>P+&Fw$**z^sYEkSHk8hSd|$w8~EyDzI1oNZF2kUY1y8qGJ2Ef&om
zOYhD2wF&9)De6yGQ&a==;62TUVw>|6+9#G~<bgyGmv@dd35L-zIf7@7(R~!Sdn%tQ
zFBG2mjXOF=!p?e6Psz4M)xfPJg<S+Iky|%dS*$DLs80*Jr4@iVlKh+L{J-a0A|5LZ
z`7A&1X`~hLQ+W4@DTnAquW6BI(358lKI4H&pZ)Lxn#Sci=sr5Ru<~+0L8RcYp7{g#
z_$6H(#5BlaG%2@!P5>I&OdXcf#ff8S$YW%M_XCDpO}V8d%-5!F(5VQlXvZ{H#E*3A
ztQ_wk!lR`b**o(Mjbz=WmD#NCW@R(u-l*n&zJ%A?N28J_u^%<N1#4}t`AqolrZI=h
z$f;rUe43z>K-|b0`6sFuu%k_J;TxJKkkiOnbq4G3f+@q=O4EA1r$X;<VChAQV|kW&
z;<fyM{fFz&sdKh((q&D!B_)X)bx6<=6LRtVl1|5}o|hceKV7Xt?w1R*e|M5GcQ@FA
zIn_f|n<6s%GlKpR`+*cLtfhc#3vwGBtNq@PmrkQ+Jz^kjfP_p2#CS_3wpe{|!xX~*
zr$!M-FdIe(4WNqxiD5fiRZ2loXR$*1I16{%bDjvuI$4OYx2y#<n!x3mAcErP);7+~
zV;Io&K4bGd>J)t+{H|9u-4V|xl%_qExj^3aYdzt9!&X7O9*n#HmJ5=8h>LR~8}XL`
z*K3`7lg{zJA5dw%p^<Ifso^-k1b$`2-`iNtFcUK{4n#hUDO%2q369Z?m<d>{>lvNu
zFwj60%r`6g1$9Ii_OeD#)qw#D^JHt5e3Xw9f7L<>lREhkU%7bC2+&o!On{19NxbA-
z{5m2O>2RN5!~L%TD#ocM<VCY!l@+?|RR=ZAW|!$D#YjMXS8~XOf%Z+&*OAAs>HU=t
z1z(KN)ePhCIl0hk`U2|thPzV^3v;KGrh1wr^A8r701q#$#W1vs^7hCIAd=p_){f?M
zo-)$E5rj-!=3`4o`IEaRP$6R80I8ux+Qc33R$mhqzg!{YPufaOQ&rl~dvI|-!RWp=
z_}~XV6TTuy2N9oqGQA2s)AgsxG$s_{IHN+lSS<k~V-07Ll^BPfDE;bMJKMe`rbh5w
zk7EBxoAB?ypujuYJT&`v+6xb@hE|#ZE0))w-rAsm``_8TJ7)8-8%HIpeyl@Cb?IjU
z$a9TytlK2}f0zo3{%L515l45Mj3Cs1>WRCX;_kEm?Vzmc(hi(p^msQw1-<d!fMs+P
zf!bz-5}+u`dzJ%);87-T8NhbKg{Z(J1r4TzCpjxc6Mja2KjZ<x6U_+9#eQw&<^}V%
zRUu<Lan0{zdoMnJK)O8r&>1vWIqe|8oiz!PYbE02wIn{%2}Zsyr_au6444@`_8-zi
zHyR=$t}fRp7FTYpgd*8rPT3^C^|V?l&FJQzr<s#{Ph3))<{5(87EnUodO@G`(I6kY
zZMj^!eU1b1dub7s32U!aT2hkxn<f<KLr;@_QE8Sr!Kk1PTOw>w&9ISPRPUlKU`w5p
z57SGpo+Bo_qCyAb*uxg(vs}K6Y?NMoT!Ss`<jiZz2IGJRGR$=k-RG^HSXp=BI$D%c
zVV+TG&CX!>nYS8Q5IOwVrxu=$nz6;p9yTNN;UTE>N+!Is@3ngP(H!nGk-U(e<1!R3
zpnbFBdHeVuvyw~J)UXjq81uVXIz(rS>R}^a81b+HD{}qDTIo9Mx}@Y@x%5YyfXftg
zX}f!`%ID9xHEY$-k@+SVF3AN%1n6j`InsUIv&PlWUA_*V!vLRIbkimpxW*`Tddiv=
ztw4x490bm5W^-q6Z_^47c6dB5&?|r9H;s13z1$YlOQr_bN?wd|1m1ck@r_?hhx{>e
z4vQ}Y5t%lnZsIN!%J4tJ{(L&POyvn&yS4C=D>iabx@<hq4NjjL9OC(PuR5&2jt%#w
z4<(SymGw$E&8<}MkoM`>5VqJv|M+QSsZsTvwSOt&@ehd0WnXDOaqzqw-0Agl2wzJA
zILL!$@X#dqM_y8EN0LtbjIC)#^r7<0eAVR>F?7-M{<PP+>-1p2U963bln+C;(8{@-
z>f%krmVVsy)jCJW{gZevFEHsz?%@=C@2`Z`6qt}{z)K%L?>!KWognC!*X&eR0-!j@
zgHT}WTdkPP!;EA9o@Vq6JjhpD=f>*$(|zrL1I}0`*~pwf+#P+SJhE)BqRL7h<@VDr
z{%t=uaP^5DilR4qaX-U~T+#Xn$B`Fb6rT8$NoDZM<F!zacKO&Lg-Pr)&T|rQRJ8Pb
zX&b&{1#SVz-MA^$rGe|f+*r_Q8<_6{UYI?gD2_i9g!d*|4Yx{$p@QsL3(&Gm#^Yfp
z%gWM#{HaOVZ%SXECpl_YX`)N}&Fa`Bf#(nd#J#AfMpw<U7jJOQE+Zn6+t}oVwa`H$
zwCy9gK|4U3c^yODe^5XM2Y3A=zuLqY|Ne?zxM@@ZUq0A@q=;ove|3UkS-@w7KBR8<
zrLe$Q?Huc>QwG7Ag5iapH@Gt@PIM=+T=3nNv2eaN7Kb0Y;wUO2sI$ssT3iX@r4Wk=
zpRTaOA)~D5O@#<R)z0_UL!(pq!~#QrX@Z$KYy0eS%Xpw*qW+R+Ra-8pniSzc+z8Y@
zXgT;2^*Y5A_;CH_6NXPE>x#uws#B~b@10KHm~eg|@i`Mo5l&<*(Kx{lcZ%M$GVpvK
zVBzm@a{BAEVyX#BO2BZHHt+#?B()6?YG9B)8gaQ&sQ=L}7YE*uk(tOF%RI{h6!J=J
zHpL%mh9*>lc?QS@xNU=Rz!uG6R%t<BVGBOcW>L_=FW=HY@q{j0OrE3_f0ohz7&-j=
zPx1V!3z(n`y~m)gE?d}`K}=8}y?7ZZ(Wv1*O-k7lU`BNN#ctWuqoq)tCL(Qq(K?Gq
z9nyiOi0b7Gp^*QlGOzd#W&mi6wJ_X$A|8w}xPKO5s(XY1eg+lzf1mr0@+_+BzIlW#
zK~#qTO;y%*W|Yt&Oe!7&XqM+osY3b!1|`@_08Q>BSn2aR4t4@KEw1Sv9}@)4`jwi*
zrcs4j9S*lhMq;zs*O!}=;{0pd9X*GPxnRgXvGz{KuglYFv%k9a{ip>=m5)r`Z`-YW
zOdcyyud4c@q{Z~YrX~RNKUxEA110dvaQ}`H=C`L14n$qbpVV#(Xzer3%Zrjl_5F*S
zesRB#NwTZbew3<YBYh~df3v^`dr>DD&k^ZPxXWrO0xlqshn>I+55d}0zT{`DpH?gV
zBi}UXX&s<7lpAWGAY8Sl1v_g~YS;GTaEQ<BNReE**2$!hcCnxiUF5OAFnLBY9s3Vx
z<5&E|BB8@Aft-4|OyORS*mGGBQZNb_3I{nXo1eTf`E><R*siuc;)T<6Whh0>m||w2
zvyyW7y=Ocr3MtYvQLpp@S0)sPBS0=`{Z<XlGAXOTWIul+DxjAF0-s)br$w=UnWp4^
zCk1jBP+NEGZ0H#~{Pd#((hBOC#f*QCcV_6f-|^nb>S`3E|2k|_*QVgZ_9Iz^^Xm|C
zo2~W~z16BtfkIt8(rL@A*2a;k3Te+G<ce?s(Bq<uSL^_RN_O(;vns{+lbUrh{d;ZJ
zj7oK+r7-P*n;d?CKe1E38-$egVDG#IboNW2aXt5iLN|3;l^!kd;hc-$Ye#9u(^&mb
z^pcY~e;kki<%74)b(u~5OS!0O*ZB2v=_~Do4}2Nd1Xv7pMBi3+7VZ(96g90t`+iA3
z^&0m#d_fJwIpX1aF8@o`fD}nql^lN`?+p7~S#M(gUZ-ORF+;6};3`@@)L`;k>*#%>
z+2|Xi)A+~?)Lw`jS-LwN=zr(^tPKlAWRE&_`{AmE%gE*KR@gch<d^>N`mJGTpE|ff
zZj!zRBCocFz~!Yw2ls7;<hq}+n7JT<??ep@gn_BcT~gr(GCF7}A7AYf?jXL>OU71c
zpy)&w?WSMRXiNN!uPH#kXzbB|3<`oqUjaGZbTGj*$s6I#{k2QXXk@&)_>yl<He+!V
z;*06qCb3<R%jM$%1OuLi?b_1iWrqYiv(1Ru<FL)5IKcO}!Ux%QA1yww9^!6Jb{;&P
zN3AKSS1gL)CVr!r1mEFLuW2h090m9-D0-tpemy`UI9=InaEsG;wDHLyKN*?nJKg!R
z7cES*_LI|+_KE-Iz5B$*FkKeM44gi>ieI#rcTX&3RC2!^;O%79&iS3LRVC94(8<ot
zbkQ4ncIjvU$l5SoL9dFQrr4ow5Exsn$MoVkF<R*zvtsWUZ6VC`HNm5()t}UChb4(p
zL<1#n2ef(_pT>mYJykm-9{V_r50qbyTq$5YTpif`FelMS6vx$oksSQXb?C~>98b$T
z!^Gmo5ZaLIwrS{K4RpASf3=iPzLH-qn6V!id<$c=sUU>6di^GP_?KouKcdH(=2V_r
zfh$0=a)!>*PK<3vITmoI!Yw({1hKpQU;?SH5mziu2#2~TpM1-rqxAF+R+fT@{^yPt
zM8njwmhqDPi?mU~KdNt)3ssmRrN@zZY}QFeTBdd4^gfX}6~K#H6$JR~6(+S=W*7)r
zib}_U*@gN)s^h=@^j{iXpntG(f1dlF%IcqY1U%UnCO~9&0DG%T_d6Yqx3QQG!oAB8
z6$YM(VpNHA0C{>1&fcUnKwkk0EDBk22qR>~PAT=_-6^S`nW0maG#K*_pBmg@EBTul
zt=}+uecS>6S-ugP8>i}R9quDyDrRYB_Ol)}84{OoQf#C5f2gUtI8O_cgK(Xr2mpiv
zf!^qvNnfM6M_?SUFQ7vJO#2^DEv|Q)b=7R%GEE*(VqRH(Gn8<9aOrmwcC8+)>Ds1&
zcf5YzYx+1j?-}>lSPvadWFTlcQ0x=E&AO2e;I89TEAL@z=V{|Im5XgYUn=yA+lVpO
zDmmlD{UxSv?-8rrm_RL<+Xl61*uNW1(j#w7A>I;+rrrbvnoKJQhdtqvDtitAO{QtA
zC=;smN<6LUeTO1<rW7l&t!)<fpXJj)fN<(VrYnON?W<P=w-D}2Ka#>ZFSiqu%J8OG
zy!S2z)Iy(Gss{Ui2i<1cRUWu%Q4VxRn~|E<0BxCWYvie?bpB_h*e-cCuw)9_HB@a?
ztSbrCX4HLhR>sc_QM9<E^C$od^-3h9=UN0^<C>uW4h|(`Z*gyG_vS(|jNEv@Na2_o
z>;vf&m0XAjNA9PW%rDfHA6J)!jIl|h4=u6xK<FIht_nu9AR{-9T$G>WPEl@!I(p$w
zP4PKi(8mm=+BDG4pDLg;?T*|x9YpFWRA~)=1)|3%+3Z8s%gy&k%Hij$+Spg@iqaG~
z?=4+Ax=fm7g}Q929~!DYEH~2wPl<}n1?5{496K-HXoOx?7-U!M<g7<T=ozy@ahBgx
z*3)H;oU9Xh7lW+`avtpww;^xMI)LBz-t^NS`zpDz^mlskc}55C0v~1UlBDg)?Rxki
z=l+Yjr5N9jdsLeQc1><(h4l3YDzM((F!^cS8(?B+xPS`UIM0lud@VJCtS<6yTjRc{
zoG5y5HHHHI&b?L(;CHRd?LAyix1FrfTrc`suXb+>GnvR^wui2?r^hL4`h#)$v<DP-
zHVWQEoL`D5RMk5rc3a2K`qa`{Ib*8TN@A6qOaaM^Xm0fi7(1k~EY_ekU_|iFl-5qE
z^5wc0xW#2JvBFh?aK}iZbcl(@eV~WPXUd`j`l6Fmk0bl^klSt(F)YUHs8*p<{K@z!
zcT?bAPI!upt#1oNk1oBeKJ-|xdwqwuJYQ-rI=#Bl5ui^H+?=0AXp>ic^G2N1vRM1|
zaJ!J@D->m1LCzTRJxFg$eQlSMo^-MF_gxs3xjK&a5n5&9WxVLbZ-6{XyrXyd^PBRv
z8Ybjgjfz5jj6H1pkL{L!Ks`(@OP^#q_yu^%1(B~bVLqOgK8nG^t+fLx1zXC6@AafN
zI*1rX#(N$#x7^X&Y{%>yte(&2*s@eaEj4%#oW_R8Gv%JAFHuQ#k%e@u23nU)G&p7u
zUzoHTSZNZB?f=MMUzixG9Nrfu!e{@zQ2zASoV206IO+51&JN4MN+sIv+#hPUTEU{*
zPaD*$9y%6RMMw7B9$`zIXU6^Jj}$MgwXEoG7zTie3GBe!sX&hc{PIhe6GSjrh_A3A
z@KVZy3I@R52o9j|i*j(V<#?<Snw;IeYX(;8|KkBP6IueW%H5?g3h9al*a{39vu`2r
zipOP|32of*j<>jVx?8q!O8yE8ZRCRYEB5E0fP3YA3bdp^P4J)E-2YF%C;&Y7&!Yh(
z21pX9Ct=>T{0~_z8rTbGf#nTq#&S!5*Jeh!d#)PccwKkh#sJ_@!%0X9DaNT!W&+?k
z8N3<#=~0KshxAubnWxK5XYd|p%59G#zMSe^Q2CSS#2WiShr3+4Jvv=JvrhnnM>G_T
zxaBNbdYb1yZJkG#O7Fp|NkYJ%)FUAM1rQZo4*%7Mh(Z17*@yDTVxOLDiv4vb3w_`6
zoee!}(@^;!C0(Mvd|C??IR)Oh_bvbpDD+rUj9jcQmHukdu5U5JmmOB_a~v5-Z>Ifu
zdA7y9twYwF=j^cv2Z4p<!hDPFlLiT(0$l1U<fWtLja694<gwZ)9A39+NR7h?s=<lV
zAIY73JV``2Jfby%!U3jq1ta@hAzWUq?(^{yv~XFmP|znuydmMOt_3<f@e+O`ur$ku
zhFH3q(SVN?@I$t0EM1NwAN6tibRU!A>X<3dEQ1~;he{t}?!g>XHXiiio68ZgJX0cp
z`a7|t4I|{<ODPrh(J4ATuLX*}6-!Zl{mBKz@^u%=?5k!_N_U0a+IND6a=VdYov+n@
zKemC~bD1AK8%;}w?A`%^SZP9y_=h`MIwW69-W{%;Fe(|1+=#m0YREfr*hvbvZ1JYw
zo6L~F33<3(;r$Ej@EUhBA`v+lGS0JiJ>&s)cCYZFnc#U7tWAJ+0+-vS3|<_N%hnfP
z!t!2DgN}%7&`uLQ{oBvX*q-6m;0|_{x*YgTr{u(Bk9JlRduMS|AjwZW-ZzslE??d(
zTd=TJF*$%7J+r6P`vYHbjgw3iy)m(}$!USe2n7Uki-j}jGME|om+*-Fjuoq-awa+G
z9-LMF%}4brH;TP6tPIzNZtT}k8@=mepi#W&6&~P^eRS+0pz0LCi51^bz2=OIeUmh1
zjeMTbw5=GJ=7fEeqIx9PWl_|0qi=eIh!5M)tPZzC@Gu@Z5OL4@yl`%eQ1u%t8dnRw
z#RJapVvh0sef>07jJ6-T5d_>uv}n_7*i8Ar3_+y9brt|j?{*6L=aLeN7({<&uwHej
z;8q5w5ca`^>-3~QgccY)-s>%g%czG7ZkLHiR9Y}-U?LA?F+EQK4smT*aE#Z<n?6aY
z$v{;jwDK$$Eu2GDy^LE#$qYRofyL6vOG}-yDIfXNRhD{`^u4ZV@QE*k@d5j<ML6Jp
z+h-FF$g83=M(Ut?$12vl9O_}?@->!)A&aTq(M5go9e{@uN=M{5h~Gw#tG>InKszFs
z+$)Y4_S^++o@o-?S3tk969JOon?-TDkjKM{$Fwo<pqoyp?Ba*2lp#2dNTj4fpAR(4
z`TV*!OPyg}3XNb^8+*kFfdDqP?j4O3(zA;{lItE^b?mh}ivMZ_F+Fz%F~D;##^|fg
z3codl?!ORW)alqwNNbaZPe0)d3%9OrQZ$#6L3rT4=SgXp)3U-SwpBmul*=!ye;=!z
z4z_!5I3aEDK5b~ZunGtCVyoRA^{dkogA28E>?XZ*mBII13p$f7WBh@+33Nyu%4e3D
zG~LG}&<mVEav?Hnj~kg{DbQZQ4U`DPrL};GZ};xl|8!{mATnJsSK&#MKXULJ%B`C4
zyS$>B4oATrR8L~)QDfS^^>W>p2c=NC_PwVq9dHZFl`#FMEaSfoE&lIL02{==h{yii
zfU7R`C<A|4Ey|NiNK)ao<$0+9x>N-r%|95E`vGl!2e0X)fN`jk&Fu&Ps1dMYb^LSd
z&a(q2?GnPD@Iy_$WR-)_#W=AYUxt7cKtOZy(Wt}9>{Dx?BhKgbl|Q*{+LEWZnsMdK
z+_rTtM7^q`_n>O*qdK@zDe*}JX};H?A@ljEXmQwjk2;Cy1!WstF3?Lg?(9UM-qWzN
zn$YPgfL?1+Cbmd_FIPS?FoLrvcr6iF#@^u0DkNi?n1!<LEXIX^oe#?=)?zADI~l~*
z!0r-W;Ozt}HXj-;9@_!iurR$4bH#&1b_w=4g^aGR5Y<W^eMf~{sFYH^*K<<V>Dzl+
z4{WGS3H5tTHX~JktAs;VcUZ{No2MBf(@WK-=!o8*$`NUiQ?)44<h`syj+Nunb8AJp
zvHNTN;a0Z2Ez1EnfN}q7uR=j15u5^U9DkON!S`r-|JqEDXS^lYr?Y$z<(ae*(@p=4
zYmgfVXrNOzfrA#7D;jLg$g;(J$vx<F-({MxegK?v3C?FipH-4W_8-<mJ$o;J;yN4y
z41}W36|hkJ)u}Qn>FRjr?w=ebqX8z1e50LMwATvY?2I7st`(8-`_AkjYykBtQi#t0
zl$ITRYsy+)Dzt{2QXt}Q7SjtOL=jeRD0L>F{!gwUre<`qFTQ!y0c|OdoIF)8K5*<F
z6gik-qjFE4Dj7Lx+}wIP{|0+8xjli5_C8YUkUtO7NUkMoWj?P=X`!y6WK%nTq<x~J
z@0*2YnO0s%1#C%lf!&mxW>oOy$E~J5Kcv9hN39}oH3P0b*)nq7)!ue#r(N}V#0r}x
zy}op8=^d^A)e3r$YbiM}m;(|~P3%|O=zh7D5o;-=+DyZM$gAA(w?DK47gW{kU6<Z4
z4X$(Yx0O8Od(PJ&Xf_4@H3iB+G!57dKJr4W;b2xLK2Zeb5>G*(h~H;d$}0Nc@m*!;
zoq4!hbRWti+X7<GcI>quH?&kfB#!(H^m5=5I{uaeYnWBZm*v<u1ckFfdrvXGzmBt4
zMPvb(vAdb&2%7RTrl^a9a{b1<5AzhR=u>aNLssuj!BhRtAE&px38?Vi=FN!iWLO2G
ztbztIo7i)_1uij|2y3>ZSeS3CzSvv^l};F4iQgv^H^zu&7mc;Z{MM4|I`{z;`*Kl>
z;%cy|S^#^0<b9v96Tg3rhq!<r?eDGZ$H)eI$+|>8qZ<=&tByGkzm|t#r+uGuZ<%A_
zrU*+9%_XQHgM$BU!cDt<T#!c7@QX?B$nI@2+wM24saNLaSvO4Er#Ci)k7VE@`{~Iy
zbWl_sWSs`uD33D9B&V9lRGclBHlj!yGrE(V7|jR!7^G)naF0GYI94j)EDLGJ9EWGm
zI~DNdM*G4eQ<~fazn>j>2g#nprtbv#B=%hj!HgOa#KoOU5Qt_SBa?Rw&K2hI!@Kw4
z8pS!ncg^NrCn-KiQq&2oJmt{z2Sf@0i;0^RGgQZEc^MwGy3-Jqo%%+<w`T)GJXVNG
zfSM2<N<Ra#)*HaI)~^%H0t^Y|W7gP3a2p_HcOU;#mHqQvEzWB^+HEVH;v6J7fayD)
zR!_IVd%AX*N33=@bo<KiS)PC!@!ZokdJ!rstW^kW$(RHX14ELOy1V84|98NEDMm<Z
z(ORs76WT@Jn~;}oF6od3E)d(T!08-mKcLo1!2XmD3s-gj#UQt~n{*h?*)%<Dd;)YJ
zUEp0>;`g(n@*`Ptd4o4IV*Jy8K%v>k1#s8XzlPV2c|M&uAW4PhfxxFzD?I__xzG?x
ztJX?*4<|vEx#cwoH{@{_zXhStVTKg2SSAGb7#qou1znVEawhcqAEaz}bkmsOg$h$q
z7S3Y3>Y-ts4Nw_(JfE(C7tU{H9JBb6AEHf&IDi;4Y;cOYT&|q<Y`a_tz1H^X^b|EA
zRPRZcdGW(?z2%#8Mq?8DV=FI=YVB~di|PffY*Pv^I27)P<n3tX-Hvbss+J3Zx&o0F
z3+IMFPw&4W!XID9R+rFpHVaKZPmFqSHmlM9%wH0f$#QuU)}u~^#MHnC`RE3^vPDoL
zQ86ElpukPAan2q|>U9}I49INjQY+-_jl2NJ(I1!qkW97otA~PjMA$!|dPubC{qj-<
ze=cFGQfwes0}yBx!a+6MkG_Xm#B(IL;ha)&rkz*P-&T@Q3u$-qZX+46+37T$Xe4{%
zl%>90UcFlFsCfY5xs*pKmF(>m^?@W!5%ST$LU8;nuv_2KyO*&eFY&h?<w<puQajne
zztt1S%BKtHxP$!C<Q{9w;RkRypa04v$oL0Du%kI?$Z2|}x}k?e!q-SQT}LN3Eh7*5
zC-Bi*sF{66qn^nx`@L^>931|aLL(vW!GrPoGn?%)kcoaO*EJ9~7Z?)K5q}LI)cS+N
z|EAu$N3xiV+7H;)4nju8ocUBbHWvZ&{^#F}a`MfWIsEEfr{>e~$wpwFFOS*$VYv%u
z8BNa$ddA@pA|_Vntf6A&*=10h!*iKQ(B!RB^u5SOA6voU6U&l7Okux1)6f{3y%?;S
zq6l7iAqGOk8$zx<ujmu%uy5|0K}J%6r@oZldC{ZNza}`9<jmeC`Rd<@(7kh5-$x@f
z;REm6#38Z%qhq`?n^q)yHk$-l-g^A1V>hwV3`ETSJoF~dOyHdl72YK;t<l0RYTxUG
zV!`MXeEhCTK~$gS=3zXKTcN(cG%29SrIqir!!>rI*QRL-CH7z<30*$9{T*Fu!9!M@
zpr`k<r8$ZNz5^c;g?m?C$uD-+t&zOh1ecV8HP5`nT6NX*HI(dYy?lLy?TqifAm=9h
zOk^J4f6GU5^lz5Mc4!evrtTn;k`Ha7CkNl=V@|AJN)}zbht1qzg?xU_a(HIl=hw@d
zv7Wp54&B>A`PxlR0WtDp72j0?mjKZQekFS;ns#*QYkFIYRwB6yf_IK>um;!!-cxBd
zd5#abM?p^7y7wPR;%lmhGi=3kJ9p%SQC?*jtJmEHDvB~9$2-BUGDu51g!*QPy;(@C
z&OxZ<jCf0=IET3#rib5?!g(?^IrZirh6!WKbC4?_Br2<3i=QtIQX#k4<)xv}B{<t|
z=QDQO1yKc~sNNE#U}HTxSpvypXnJz9US70ZKJ?vDIzMUG-VQXjw_f1YYUx#m-%+13
zgg)T=gP`N6{3`lpJtnx+0R|ISit(4NAR?Bfa|B=zg(gy}MP<$dP}a}-6de_?xdx&^
zPDyG%fj7OF4(CAu{hyBQ3~Gj&xiF7<ly7AxopfM-<KS1?QBLu~7;T6(dO<;w-=H9;
zz^B#njPXxL-3RCLK!%TYE6o@$w7Ww7|2hnDz!e9>$PYjUTq-CRdR%gl9=P{>lkm13
zk?`Znc#DD|RG<cjd2915fA+lqh)9FR7qVj&pxxKIQ+=dl$x(cFROL$j&}27n=Xxad
zX#nuQ!8gov*D7xlm(1A*bK>t|>Yk1Eqy1i4YeHI(7t6@egNTSWtJj)VRy;Fm0X=_L
zndDi+Y9)*`TArB13+b3yEzq6d802D6n<MxDCxNl`a#6^IGO;@i;_KaSE=9HP%6;le
z1CLT3Zq-cuTM#6%Q!dK4AKKMK#I{;+&)4+`+#`dGKjg4<IZNj7$)$saI*W&VMQK#8
zwbJ*7_`-IFC%1LZ03$N-vr>eNB;Y5bIf1vjlf6?wyDA;-lUg0oFeue-OPscq&GcrQ
zMzvc3;BaYkmyvLE94~@Ao))?f#+AiBcW&9qLrQa-)p8>N+irL4&LrGh09e+fnV3mW
z#XY9wqia|YTx0+BFkoClM<b20i9R|GbEOXn)m6QyqoMb;yhWxEhPOFT4-bz2<tlUO
zNM8xOX#NDdPe3)J+?ib6m0R3UEBP{H0Tfk>9ycR<mulRq2j>ao8JSF?hWD9r__}fA
zq*l8R3Y<Ib?6v9{Ch5s>CchhnTK)9#Z?q`57zXuf=e}2Xo=7Z(FI+Pz8m4C9&}Q_$
z!{@fi^M>qm>A1l$w572D^8N=@rb;~mNP<V5cy8M{xry^P!;?5`>_P741U}0wt}gY%
zLXO=dW)=#BfY%XKZ6ohqXi`KMzc+hkUeerdweDU|(1XHrSvW^D=v*BC*JMwWbi>TT
zof?o-0I$KGFVKf<?`ie_Dib=Z{Z_sCYs#*2U#s8-4f|fN_MA8jD8^nfzO@kMqF>rT
zgW%Q1HF60kDW3%#S{L8YJ5TBZYWWp7qL7~W&9>fYKmVegg%-x{XK2;x4iaqm7fpR5
zp>F*H+NTfkqgB_Re8N@PFBX_{mMe6pT5ZdX(gG)@@8UF(ap!;IjxMe)4Q{#ojDuuB
z4hT#~h99Q6aXuhe{#l2g5j-D6WP92V>{L7Kh}HTAY{M!abqM!V?&8GI9~d-rRH6$T
z?-bbB7~InqM=#cftS*#{EDf;6%#D#Bw0W-l)BrNnZj5h+cS_K6g@vBlS?Q$$zdm2m
z9JhK^3N}~n0H&5#^iC_93fgO-wS!H4qm@C;IkIn0C)UVwg47PL)NOQlJGg7{7GVE4
zke>rrJu}iCvohrYKV3JPR(~YRSic9E&>&auI`mkgegC{nIY4q(Tp_sEO1%`2m}W2@
zoCtWFcdJA0fsL$m==^L>o+DnO%{kJ^t?adw2LeobQA8duyqeqSP;aj$P*%GSHC=n&
z{yqi7$NM|bPk?Ys0>{=HOE|a4r)}-(2y5_H<l$u$8PfHgC4=<c0vu;5bXl=@x<R&z
z?$w7$y5vAd8b>YCQ(x)R@+`UrYkXta_m$`|2dJQLEQKhFWCG@mLv>hTo)2Od4iB^!
zmCSaC&I37#4M9(ZxMT3oF#S{ygaiNmAk3vfJu0c&7kLTTN62mChU3CvsO-XnVyTH-
z-}wz_+D|D2?+d0u9%D$+3W}VU4yh|VSzwL&lefVAzvkQ6$v=m+;7hkT0~{h7#e%tu
z9`(Gz$T;AZ_!6PSJNWnj8&r-;_!G}KgOlF}KJ5{J>rI5BmL`m*?P&KkK~gRyxiYrf
zP7Js^1$6in=vFwJehDTXQTyk;8=w_jP}m-YzqoW@pZBb(T?6cqw<{|d9a*G3Jkt#I
z+dU)(nN;){Y)(SRtpsP@#{EqSJ(T>q&B<-dWYRy)vBu5#z>ik|nl_#Pg9W+{NXK8B
zy{mz0qAOQ1IJu98XGdsyN2x(^3Rb`=e9ZEA9^m!UTMQ~KG?h|lY*f7#4$S55oVG&;
z`QaXgINnDtFF~mKy(#uLcB@jqWMMIL!sWMqX?khM=X5MP`z{^p-%QLM^Tb7pmYg?>
zUt(>uK%DTCia0QCaK$|^Vv`>bzK^g*^&K(YMfKLHy_NQ`-8{WMpb@nk4v}n@FQE%E
zyD?GP@#oZ#A4tR*VuHfM{*46j-n|EakLdAv{k48Yxon2r8ny=LoNfY(mo?n!yJl9^
z(D~P~>{naKgJuj#+<_872Z5%xk*q&sHpev+j;|Rh2#zr%DroNF))N}Xz`RS#ji$D1
zzZ+v_T>s51-};9~Go3BF)j@f-Rnz`|dj`bJPp<0@<cRz$7_T>U?wd}Fwm*X}NIFrU
z-H@BL_qaAY*e-CNLT5h?ai@IRoPrEKZRIFiq;N#$J9_gJlPJ(Fo{X8fn@4`RPV8}M
z_C*h1ped8Ub>P{_LLF{XZ$C87EEze}39pH4>2w^VX4*L|a<0W3kwaN$#b{PHe#bQ}
zcV(S0LtjNmAmQrk$OFdz?|9gcV6x)-w$^dHac~8^@1%1L(`fTMlg9~jwHf~JL*WCF
z{K)5KeK;M`f=zxIu@w<F3(6pmB+6Lqkfl2vqjPxT$!R|@q9fQZSFLVQ3!uyKt%xQ%
z>h^?kA$k6U1Z$vVSv@!?Fc58(4+Za`nK>RdahJ9CBm+7n?;i7|pVR<Xc(rn+9--(g
z&Osl(WgDAlqO<FF#<cFQP9;w;U~7DZKW_j#_Lo+PLQUM`7atvLR18h9WR!L`7d73i
zi*u}<F=rY>CQ`CtCNHo6Ncu3}(2IA%L9x$>q|qET^gPqgeMK_eIry7GVRlxfm<kL5
z8xQHFDZ&fC*^tk<mT}XNqS{8wj2618w2t`r8o0~~wbD}|h-*Zrt>i)O0`0`E2AOQJ
zCIo1`9cYRmml3t3@Rt3b3K_}hewOg3#wBTuB>SUM>!(~&tnZT}Snt0jDakX>micTD
z1^ItvCZN033fTifYMaLlg*qdUTDa?*M8fa2tppLwUue)t0Wm#-AJh4?MKQC;r`?+G
zW5=P=FuTU`{KXeD5uBRH`&GMSs}=NH#t#;>fxUmNA8<~xd3dn^9TZ1;I0KQ-vSQER
zHQ_|S0My&VlQYG-e53O0#j&$MK~L)-bb#W(#Pi9CF$VP(ZAb$4JSLF9vKq)+dpoH8
zEy!(}7yB!9_Z<P3U|JoD_LC<m>9x(!`Y<Pci|wtr5aUsazYNYaCWmzJkVEiXSN4M?
zoL6sehJFBh?JB56PzEf6%S(0bukYB`8N#L(iY9l+o|eS%{WsIuZcF&&8i8#qKKX}q
z`j<a*wEkBq{NLX#!?pg4)s+^8wLqi^xI5f2h~HMwPFNtH*TzxE$P`C$;zPrvrxI&@
zS0429Qj(30*YH**gp6BkC%dH$|0iw3|I_@TTRX=6d84qL?h6G#2x)VJpMZ@N6T|0m
z-myFl*t1lC*?T*o_paywTt(C@D6>#K_~nF2+HE$D0FMLkE&!(*<=t_)Ue3_yd^$v4
zhe*5eirTpt&VHXc{?L;zV?P|5pvXTo<xreGe7Oyp@xfXA$f5LTwS3;L>C>-O!$&H=
z^b>5cRp{zn>9U7Q?a=r!di=#4D)_2~O<IrGbJ~&kD#cG1^xm29OCu!UM`!SU<;+=w
zTw%~?Sa69D#*@&`m#_+<%#LBlcz-7bJQK{~CkEhB$Pv@+tRs!c!i#ILZD>Tn2FG3#
zI@VdL{>F^;O|?Ta4ca|lS?QVUGwJLQXZS!~mLcMLZarH?{~~ZI<_@Qn^*8*1{IAa#
zGhNgI{{ynKx9i~b*c?kw3h3U21=mc<9T&~SNE37?Cen8LY`%WqS3KkkEP*|mppW1!
z1Uf?^WLJo{*yB1eeYz9=RGKlZof9r<hO#rcy^b@T<xzpeZtq1jbev2i2fbtsg*D{O
z)bH)<-Y(S6GU?qPD}+5qj*KVys5dlpySEtx&nse0G<{GbqjN-sLJtKcu!%yDI6f-C
zmEKGo<jIxxuq$S0)u7|e#HmUOdr>G&QJ*cAZ!a)}H8vDQec&U9#0dMCF3yd?!G=;(
zrc$veI+v3S0W;x5fI#I}aQ+pCnDI1Rl6|2Dgbf&a_xOh2qp?h1VUy&=4dc`+uf5ke
zj|FOZ{luZAu9BhdPqC_eUw;yBC~9^3UZ2|Jy>)ewsTvwo#)O_Bla>>H*S3Usv;p^$
zs_slVA}exVwP_Ekv*%jA#u&H6QhfQudy2^5I$XZblaXGiLuG(2Urm2I4_w*(?YrIg
zniNy*{+5lgy4}z0CHER(7sJo9W22nb`&3wPCr3nZM`aBGU<f9+!=DzD(`W$omQ6Hc
z5dyHK3ee)v#rX#4<{-1YQZy<#;0#$+<V8|sJ+H}Yptbm7X6!4iX1Z;)G?V_h5OsGA
z`?cODZ34qS+BtxZdWEZI9F8%gx8CRIXSLgM=Onsh-Z8Q59Q3(a>leq)ybiBx%LQm8
zW-r-rp4oG%9s<R(@i;vraSmTmWT1bDNHm$$+caUap*C^BUZ<@|REJL1B2Kt<f`N|f
zlLI#@2%+4RA$rl*q}*Ph4`&+?2i%n$;EGfHU!=WxSQF{G_FGk{Bt;US0tu50l>k~q
zL{U&g)GA06LE8!j8&n(+6|vi?alo-sGQ>CqL{yxLC|Vt76bIB+P!wrVP|?<<HquB(
zT5ZSfmTmVsuY2w9+xt6bt^J+voc9m(LazW9@YM4@&wc-H$s5{d;|%YVAalMKy$yzI
zO7Xj%om??o^M>y4_c~s+&QDt@MI|AT-Ht}s4rjSNm|s|Uh`ob(19AfHGOf+JH{Kl5
zpP0}kejw7zRC0c6KGOmgs6kQqIgr2jGlzxLKnG1uuISlRP7<IqZ}9b6zucsJ@T<LI
zu2v;?3yKoy8L*Q8&W59?M@9jTsX=6Ku8UL;3y1GQQ8mzf*H&r1oD@G~<bzarOUr0J
z9`ExAADwT`C33p?Dc7M9lWaaG{OtU`KX~|n3i9!?V*%UMv#Rx>wqc}yyy!8EG++uA
z_P^_)_>m)fdsj(CpC94wB^a>sr&9~>0!OsF?4L~t!21fIE~{S^WT}D<l(@{Ili-bs
znyC!t#rR)TQ=_JPJGq3&8qyFi6}8aAD(X|ie`D}a_?dFr=RxrQ`I77(3p4=40fPY`
z(N)HquR}b+^he;mL`kF-P03Hv{#eiq64ejX;^#o7Amge5;snG5GP)twsYPV}{tBRs
z>No(b(vu|jpgBGjm8n!insl5?9G(EbvU&-C+XxfK$M>d?AFNl7>`c#{`bb%532(dY
zxH4hjnA&POAyyM{)v1|&)9U0Stu2&W?<{z5&Z1QJc5aQP@EFIa#_f~a!%s`>Vu%!P
zQz8Cm3#fcAr^3I>;_>tad+Rx!kV|@)>0vVG5El$NeAotYO5Fn+1oo*7eHb@~xqkrF
zcOpN<T<R8}_G(0jt7xPL2QM|@J}3C7VF2^0!J;>XAg~GA>P^kg<SgPN+zOo09I=bW
z%t&QAMwV-nN2iOYhVK1+3?v$8$-Y#0FC9K_jGkDF&dFDKK{AYjhU<8IBE$Hv0Z8rL
zI_X==6NX%7&i^|krlcV~z8w>upz|+<fKt5Cu})g9`P(e8kd7L9(<$DT9nKYNkbnZ6
zu>M(n4u5FK-sd_t@BpCcEhJUwa}tuol!IqfZ_jwko-1?S($mc6`2k=oy3d!Y*zthM
zBs4s9CfdPEEM!SN?(=;`<&$TC5^?p7pF<UJOYgF+*v%|$%~i#a1$o-_@B5ht>V4sY
zJMqI34@Owlr@uEq$SH>;qG`Gz3Gy=;ssMeqPBb9Ltf~<w_uvPX2q$v3D1(E$s~iiT
zwL<qxWbYon4OO~d?y!y@Es9_R9~G-N<nin89?wcG)7E9+;A(b%ja}SOo^Q5UUU%lF
z3>mv<<V#ttMDv3SmUFTx3G%2jLfT_oArLO#7Ed?OYrHG+@c}?b;d3G_nLo8Gi^Ji7
zd%2MRZ);;62SY~oRpa|MZZtnM{E%I^*Q?nfwtSPqD<`I>riAK;7~-0n*^w%bwhspE
zc;Oaw4)1-m7D{zEh1;u5AOY5pB$ga@)k}`Y*(l<pwqVDZJ0{UaTaw@Ym5G+xXDuVL
z2U1Uy`Tp=?YI+JlK-NNQ{=~tz5Oy6!;%%Gm=%C1F?<k+bmy)2fu73V9Ug>5enuaP9
z6)akZ-E(k7&&N|2W2kcu0{G^?@7LLdT`KHy_Su<qCipLoO}k%0((^bXZR0{~{-9c>
z!8N9op#3vwtp2Z24nFEpHV4($@KxY9&C-;l<$CF%z-Rz~T#<IUE-XH=c&rMZ3Wy>D
z0%a(%@X!ACsHXSSwB_2J2R2%vqo0c5G*zK#YzJIvq(qB1siM=0y{ov?C(Ta0g|@?Q
zDXI!2nU8U9Lxy20>I7k$Psh%uzGBzFqLWZ-+}w5iZa1#@u+jZ4U$Cn_o?KAa^~`ld
z-tI(6LbK2EQl=f<IC^b`wbc+0wX>5{lG$(Roat+LZbL2>T(c1f8(vdZD`CK60Q!yv
z(N!NPI#iu}j@XI2d;_cpOU82I<aG~FeCF!h6pSoVnF1Bu11HKC-Kg-6h_vU&56==!
zYlR-Pi~-~}rs-4h`2At8X>l~!XXhpAJZ~GOlP4JgQ(T-!lmfF=msyX4N3%+Ena3X>
z5v&O4hEZv|Q!{J13Q9f$GWIH45_2J+c&x$mZ_!LR_a=<XpgIK+sG}0WKdHifAmam+
zZzj2&|5HqjPN#h@KNeTcPHY7QF0>NCv9ruSD&zn1Rs$rw<!StYB;CT(<uZD%I$!pQ
ziN6}ogzjw;-^sue#xukgYRw(1=+xv%@#H-zryY{(AcO5}4=`oID8UeV1_fUgn5lx7
z*MDwV|Gyn0ZjhmaP!t06hCcOZ;WCx#7su41E`s;KW-jM_?V=}6_k|pf@I(e^@B^4C
z(B`rns)mS?1|5Px-?qX}n`u3qNC~D;8<vlxi`tm}&8c3>wXcBs&2IVDLfqILranL7
zWC3suAD_BxZy%S<etR_wdwtMtP$qO(l0+Bshygxy@|uHr4$Cc)7q@ql?q&4B8T6aE
zoqER4<sC@lVtU+WM^;{B1m7z?h(kJda-kXTxnX!KysfwusXW42%jn3q0^@LCfspGs
zU2~NM&hmKJU;c)gb+{Gz3E0eL=|pj*@-rrduK+xT7>t+?u~=4$A+AL}u!L>0qF&T&
zlf3)^lJSDke(2A=QQ0ALJ)&cK-!!U*ezHMQ?;0qwgRQkOfG?3y)PFcgr94>A0CLHA
zWQ)oO`9#}#_Z0kdNrf~@ZT`lAJ#^M0Pb;^$<kd`F021(ODeESb;^SqLh~jbA5i(pj
zy&TY#tBBg|PP=&*Q$|5v(h}6AlSK#V4cbrH?29jA`N-ln_6H{m9C2&TQd8eh+?}2d
z;>I*Fye=w-gPz%3G0g2Yd#MDE*>RovdN2Vz;g^=>#D}%Q#Zr0-Cz25xmXt~WnWI1^
z6OX83aRPPcP_4qRw`ts#zmn`_4wqcjX1((AnUhQH8`h7(8Kuj5f$`aGdP5UlTFc&%
zGDn}wc7F%IKEcuV(<+jLub+NlvEw5m9)h*p_9}TJU?6X5rl|`cKW$zKbf^V_GLVTI
z)X=R<B$SZHul7iOXVRGCY(8F5)U__Q;tPqv#?a7D8Z_d?TeCWhM``NBV`OJ@=#Rj2
z?%Lv|2|jy;kF204WLnWRk6+Uz(j_Wp`1(4LXYDKV2dUZ)M-2}oT^Y`6)){(2jFZjS
z{S0laKSNT#tx+4sNBsD0D%5+w10$`2DjQ*tS!|`I&SmL7?QFtv=V##*!1;zFqR6=d
zpxFdPF{7jBvTx#=edd_l6G=3HWG9~eAVY^_M1?-CF#63ZL02?GQTLvKVx)-Y(qCCC
z*XIajRvz!2E0UJOL?e4|F{#O1YCpJaoi_9jt$7zD>aK$Jmh<_Tik{Y9iT*r6yYX#<
z;^~oaZUz*M;2VGLV(IQhRQT-Wr1w*U2?!WnUiDK#?>%Z;n0}>@1X$B~zrhZ4z$aWW
zW{Zo8395y3URm<7(Ma{TR69#k8<z542)zPUC4Q@T35#bcn6T?GA6JFdo^@IS=IN;u
z^`*=YNiMlar{Mm}%yI&SkLq0xl#2>i;^7Y)&7e;JHzbHPrUY@Y(8i8Jv!_9E8$!`p
zKbu4$yBK2tPEUz~iFKu><HSOmn)=WPAvfGro~Q3zvqt1!evF4>LsiU)Hy&(GLw=3U
zH-ZsQyp9~}`<7Z5xl#jPY6O}<2B0K}^zTTCMY9&bn}_6By@8SU22b_l`px_^Ns22+
z9537Gz<i&NGKrW)Ai=S#QB>Bph$`gFCYLVrK*rzURf^RB&FWp;RY{pM8*r!c;WMP7
z84m|H?|*R;zkO$bvOH#8A$*UPqft}zs@6}ogvu*K78Q4BolHeLJ~hYJKlv{E;F1eU
zWt9>TI%j~<szEg1G1B0f3nfQ4185!4E@0aK-QeKA`FBuOjSvsWl7opfej)Yrh!7n3
zgYeE2GS+|uHL0@P2Dace(h&76lY7YjUFN2y5eTfxAbZ73@QfWrmEivXMb1qWGQTq6
zE^~UT&ks8Q&jT2Sai<<S>elw1=vZgj6QZ+7VqyuGmlSvFx){KdVJBN>!Efrg=+!0@
z%DD>c<?1eF>dS?eDvp}-hF%#A$n_zymW!T~Eupgvlw|?Ml?@&p3vMz{0-yS+6|PsN
z4G_TJ1Lg`DFBc(i7R5i|&7$@$$g}DE7HLnbOypUas(&U{=h<;!XCcyCjc+t9$~A~W
zTdEPb)4!Ax6y)|D7B($sqXltk{+ur!Y60=JOb>6p@dFUST^VB5>yFtJ#A@$A3|dM^
zX3+_L3-t<VsD&z^PB&3A`xy0D2TCxXm<d@Us#3uWS^j*n9vwh<7-o3m@VMDjtji!e
zVf-^ZauX_1JcUkxu#Gq-Ma~Hx{?UwFafXKiY}#kk#b_pKZX%!gA}!mz_I=rH{NN?6
zXu~ro`k-DWJ!KZhp3Jrw!gbu@Ysi#(@A3J5T4{B&7Q{*v0;5VmQ8~11qY!d2#+0V9
zawbDHJ=!a(#WpnLLZj&PbzJyHFI52<c9jbj4#=u5X0b7(sD@jc55-keiaAU3N%FTU
z-UsQ#dv6F8FL6Dj4gTpqM<(1^=LnPdsVKidi+Gp7Ns4pg9ft;!Yg}jNg2e1*mn*m{
z%0uM5h{ByKQlU7$KQ+zR)SQ<0b1Z-8SwRv3zzls_AkRlHlXc`3s;cMK>F`d$du^4S
zUFNdG9xUJ1W_5}5D=@g-F({?8mC4%tY+;}EgMOs+c3%g1>HATw;=Zn!S@Yy6I<Gym
z!@dRmk%OlN;6!voi+DPnOj_oO;~i&BgF+H*e{E3{9ry4U`}%-`-x?)%YE}JypH0i*
zztuBSlUtsRj(XP1DxE{`|8@*@W$bX2Iq6|WPYE8k;@S2`w)iyHoM?KI7u74UZQko~
z$ntGB1vgl`k@Y!40d>qMu*Mj=kWL2s)PyYL*LoX~^>_y4-SE)?Esf{gn$zs&9h^Ex
zYc?f$-7}>eXo61E&n6Y3zj4rX*F;)-3Ui&+#Xj8)ri)7-BEVOX_ER)g;kLZGMbz_f
zvlZ|*Si=T9`Aiq?Q!-^U5fgmINS$YZ0wC7Gz~LDNT03PAs(f0H_p+%>a#4TXeivMt
znwlp_i^BBrPcTQ5!aRXr->1VodK=&x4dg!+n^J2xV{0LAu!^4x%;oMJ)SWfPgawz|
zFB?{8c@}js!2+pJ_$=QKF<%0qXbIS1UA4d$bFocQy7!3IRFU<^4mM=rUb1&IX(`xa
zg{S_C;nW=MzIy*#A)<!~!d`hgv%51;=CU}ho3~9;jqB>0$!&_#XU@5<n*TZ0Q#rx?
z0}Y~I3Xq$e-)QZ(;j6MW17=a0O;H{vySUB$S$Q2aYnhV`+>HfKe@G3mhmHMG4>eeC
zL^Fwpy9BSr4YjnNv_7$7?-Q$#c*II11SWdO!WM(d<hh~Q=SMr%_P#WdiaMZ@-E)X{
zKP1k_SE!lL=21PfZ*W5*O=-Iy3ZXyP_ZIy$lTH|tj&`u0A{xX6eMlj53+CBJFAX>`
zQ3$?P;@IzJqFSLdq)0D@=F{3nM?N6K&x?Y<(!ns8kW_SnRhI8b5|dsBP3=E982m)X
zwikfy0l&EHX;##nD3H#cuqQ-x8234~-x9omWSbFSfM#d<jV289u398VdZ|%&?cH3{
z`zH<|>=Ka>Yu4qrQhF0;m6iYGBmBRAm&%|Oz=)NgNH9=3S?7{oCGRU+J2P5FPKYx~
zXeOBl257LglL9L<W#t7A&@=mfo{Ip@M35E1NRUWO4Cn0gX|PrNX0{!Uec0em=XG#i
z(~knqj<{`E>i9PcA8k!+%9TX7AD%Y-ccWK#fnlW*b_+LO;_b&Ain+W*49#vAWDBST
z6Zw&I+$=#?S8Q?ZQA?+pubbe^pB)fl+28XC#z2phDlFDiBl@LP^ic;%w?Hz-xByiW
zAgYB@+0;p$S1DjrQgd=mfq#XY159p{TGjY;6W}$%kP&7T0!tgxUgjtKahy7|Rt%*c
zx&iDEikGd;>A;RWt3^D|M3{HyaGQiu=#m#zFU$tF{vl&gdzGd59WZIuphI#5rC%2N
z;+mbSw%Tb@{roxAXX08QoWvDP&66`?2{vYv%DZw^B775DQ<yJNJmk|nQ-N;oFClDm
z7)npCiNnPc9mLJ0yzIN7c;veZgX7(|e-_K(EcquUWKYjF^VbGuoT|%W_?1*<d1W(+
z4!Qd~N~wo58*IcoGQa#A!xx<cOp#ObKd(>Z8<Q%s?d&3IposudhJ2}8H{b6g=|5(R
zWcqdFRW^&3VQXw|rW*3{^P#xWBf?_5%qJ5YpB{SaIEbXR>W6%#D=f{N_u8bnY=k~;
zV|;YI2h}Sj0}*5H{5whcDo9Tlp6A9(W3?Lsv-3x)R42|l#NrrYAub$qnx{^K_KbUg
zxQ$uJzFl~_#HYdptpUXDcnrdmz{;mo|JQ&CpthW%hANh7#WvUTcyBMh)2#La+LFge
z)*^t@F{JnpK5P`N`%}v_SI1WAvN~5Zn_s?iohOEO7E)8ks+9XhY{lNRJ65vp3lN<f
zgMtmksJS_!W7AqyfNfU$hgOlzrIY~~>z*w(pOcrGiR5_fi}UM<i`ToD@n5Y=xoNf>
z3nWXSCrWU?CER4|LWZZJYo^?BxONQ}C?wP3JuN985`*lS0Yh5o!FRO>BU2?Ft|sM$
zjP@=e;I71*nwo^Yb_i43CaCn`mp&NWN~I=59^KqOxFcUKs)g8>xspK`o__W{9kv<#
z7@xeaH`cl@Qu<|{Oidca5UaY@jI2c?-_fJb4mxUpZ6iqK>Sih;)M53zMzFN>mILh1
zIn;kgz3S%-B|M;wfv#|m15`2h{tmTxCVx{%aXo)T84Q!Tq(zzJ1FXF74kE4zs5c+k
zG_^nLvN!qzACkoIR}%Ke=6Z3adlWus;v$-wn@ZiWx-7XD*OL5Oxv$B0f4j;>a*XSz
zh!tGBF=0-pFv*HygO$q!pEYr~(Aa7`%30R`n3$hoT#d%(;4$gwJQZ`!_3P^xz+U&A
zD}w{S?I)yQRsp`=&c2#%7xf$L2MBv>E_V~#&MBv^8>z4?OIylUK6qim%Zm#1!5&NP
z>!&McQ^z`auO-o>YgdPrz7DONgpat;3~9dx<op5E4(s7Z!L|C3jiJzh`Bms|)vaEM
zOgv!6-a3k=jX8sgz6^yoeB?KF0AU5g^UKzyG!P4#R6jd3iZP|8IT_5->3Otfmmwuc
zrH^X2?gOB|5F$woJjwM4NcAXC`SJbi(l=HD<Pv24D;qKlKTJZ24R-XT9q1zHC<nHH
z&{PmBY;ld|RWkFiBZH`DBRxM>2So`3*3N5ftrYc#0yo>iwG3(K3t6OKVfO#m30D_Z
z3&Ri}k3N8ZsB^j03bizg&Xr=|7siXu1L$TZybIpP`(^<x9C)%gKD&_raR7h^1fRir
zSR>|5qpD!)9FGkcgQKH5xdGi&DYK*HvX*z<YzpadHEpuybF00wPut15vW8`bSq|;i
zsRqMUOIRT>!eKA3u`rjq*w0=@93CWNwY$<q%DEQCBcT)?Nfl1J4nen;ZFH>jze_a*
zTaS<WGuz@z710w9H~ZJ1zC%-?87*p7CraB!o&57lz|2G%+|pmLN#dRNZm?-%0i?za
zr1W9lrLtOTe!RG61N?mf{mM*tun*rUxaNMerrhb~9?MtmX8i7vYtD8S_P#+#UQt0N
z9vPO6%rO`#SJfE#n7ddtL&iL)HU;)<WdeTb*=4<yQb6@r;}1i{A!oG(N-h1TiYXo&
zm`J)$262fg4e+IY=5?AR1os*AN>~k69wX`Gg}I`be9_N(Y0k>j1bLTp4FXn5A&QGX
zjYZ)UvLW<<UDj6HIaVc0Igb+?#5Tl!tWTqgGTH)rE}|JZ;Q{BmP(AlM19!i~MME=J
z6hrq7e)j>fHuNXE506MJ`D>zT(3JO1&g?l4B+%yYX=_rclY^p>r(0wJx%!FDw+-;F
z8j@HWl{y0LcS0!KTx--9{@EX-^&WB@3M#SmJLw2t^R@N}UpVJJR}-FkRxn?CA7yGT
znQcNI9-}8udU%MpEzAL$Y(FcA+wp1Vv7aeUQq3@$HIXLQUd2p|TcWE|`$1-Q*M65M
zb}EU9LaD0w5hBW*4TEq(t+yC@U68Arbk9ld*yQ9y0HF{|j17UB>MV*OORcEr{qf3H
zrNx}FlsMuqM!!mjoGZ=%cWwD?z<Ga5g^ThLjk&{CaIu|Vyym&7xnVhPs3A26H=e(v
za(^_Yn$abKpNiH$G-F3G^!qm^UC%OOa*)bnNCsqk6!Dx**g8B#q}<C4O&5KPeqn|D
zZnI%&q(@|XNR`W{N#HZOJ>{-t5_tTH46aBjl~GeAf_#kh*KhPecXUEp(ab@5tYwED
zxoopzVf}_>?@jhyRwYi5ZDZ2z;UhyEhUv`H5U^Zw*~R#*ao9x)oeGMC<{Lta;vPCf
zFPf;(D|?JA`$e>h(mqN0w%E<}T5Y^|r(rIutH)n?#H#xB{JknH;4ui?q?OacS>H2x
zJhQlZ5v_~Kwl1T<Qs%GlN2${JZ*=gSBzTTdw96JK0h)3iB;A=Ro_27xy=qS9N)ArO
zi6R!k(hQ6S1Z~carb8Oe4??AGZFT5U5+6pwdl(ja`E|IX>~NiS=t#yo7+T7YAKk^i
zpCh0}`v3+ZL|RrO-t|MAPVC@I19wa*Cnr1=$F<<>w2P?**U>jEM72%s&XKNkR~Poy
z2?502qNL22@jk8bEC{|D0HLU)Mf8(iG|Jr}DN{2e7s!Ofq7L@<h*JN%c#*P=+tzo^
zJE~~;<K~E3XtYe_F(ULka6!JiVkv)eenZG_C%}3f#j(RS1?IGFd~y(Y#czH9F8g>a
zJen$ET+@hDRiDR!*}=zFnc*uv?l{m)AkzR;{_tBFxVBK}+cz2wSyO8iO?ht`cQU2M
zk%Lct(j^}k9qVL$|E<7AOTzwSn48m3m4#ZP?kNjXtErw(vP1f_%SY$&IFOg&V02_e
zz+A<o!c0N6bof$jesL4xo{qsgtY~qa)2)XUo-4?}_u+Gc`cDr!|3`1ifYGiSnu*=H
zRKBXz1N#Q7yIR$gmy&DK{%{<4L-+7n1g#7=E369~P^U!z>NbEk{*O>1(Et92;tjm}
zzn=e8#C@JC|IY*dvt4Y%0kDTyRe_whg=|a=eWXHWT-?w+jO?rO2+NWYf>!}@n^UQw
zdnN#MI|)WC|Krf&Iv}H_RJ0++p|Qhuco|>W#%~|Yu0y7uo3KLZX>7Ca4-bRWj%;f^
zQnMiQRLn}Uv8a2@76Y{7EuAo9ozr59)$WNhNBnMr+#dn@f`{Om4oNBjr7Q9ZPzzSw
zU?k<Aisd@BLkwI<fXwLD5Po3>t~T@zQZpw6pc9d%BHj5i#Qf%{f$BH(biY^vY4a0Y
z!&7C2(N$6>f4bcgD}Jid)044-ttNPO7w_5^#P8*BKlIy2lpc+em0}fUlggTb>{m)Z
z^p{WK_d(YpFsS|4*%Xp)q?R#_gzjn=Cf|TFx8lw-io`gZt4|B_^qa_9@e$&EE|yEL
zUssE{VO}k2pA#RtfLFg!=(7t~=gaq~6qD*yi-9!YF8$TxR5_%Qi@?mS49G77epy{2
zviD9$w)iunLVs*Esa)Rw0>JG~UV1thAkts3FRill-Ig`_TzYH>(sWhOJSFjm=}3^p
zA)^nJLwU>AQeTH<(Z9|s=WqAg;j|83%@Mxa+lVR!zuIm|a;#v))0>bjdU)9cCPl%|
zIXnXi5Z;3FODa>JjCI;k*BPKiUw$N<z4UgB`XunI4X9&Z`6rUf3A(+b|HwBi9DKhX
zK3PGv^_?t)KB*KJ%~3&p+RVXEv0!#cxuv&hsSa61Dta#xs}Gs%!To$5r%o2_wL?S0
z4wt&8&W&iyXNd1?-Kl3B?BYJHw(*70HRhmb%6JXzp#68PXqMhiM{b)HPRXx1l__Dl
zl5h@ZCTmMgehQ&LTCPh@x#{#s|5z&O<ep8w{ixZJc(@Kdr%cC`N!eW9UrxuB6N2T{
z@<Z9y$s<Wh*{ehnPUPn5kRI{M<iV9K*u}vuYWX10WcHaTNUj*+@849RD~Dl<P@A9M
z`%ZHoZG>5I%^}`4z5(@~xdT<cdJCW*N}2L1V+^&83Z9I4<$FEk*DIp<DQgX|TVQUM
z{zG<KstRuJ67Rle(*9lr!)HF(de$A2acRd3OiL;&AU2#IP+w;c>|959eS5eW-DXS%
zbMOV%p^|q%24Gl)d6g4!=Tu6*sLhyqGw#*eSB5@WCjK4O$s3;68vXp7VX<T)i_F|=
z3T=pHVDWi;{AsH_awfUY_rhIR(ies=<L2<DP~_$(n<4;#05=z!_Q0lhlbm$2qqF%#
zFtF*YuBnb|^*A2C3fqT8Q5U}kl%!MC&soTo6-lBe1z;)4u+4WFx$@z%T-v4IL||_i
z%D9yVsVK|*-m4OYG|xQhB5cC9hg|x0rE-M(H4eJ{8&#~KBr-J0hkDwbE76>+5ie*5
zj$1Ua3@BLs&=#Jb%O|v+CB|)Sg0A?qA~`Z>+VK6D&qrU(bggyMb=gt(ENm7Ty5l-*
zx%!p)QfUe{-GspYjOA6PLkbeA68X8E{mj7Rqa0X;D*vsEZ8ihoYPk;u4D(H3K<v*1
z*P=ef?-EADwTypXsxPu&d@In8CE|JlGq;;RfiD(5Tq+t-gC+d*j*4<Mi8@(E2HDLs
zC@>uc3JJqkoVS;uciNp2(d=Ym#4!-_S`J?LUmme7KG;ew(#y|lD^@>%Y7Y@{RZ!nj
z`{pDuUN*-e41dH+W<{BjEC<v`!`>eNnZAwX?Eh;m{;zfRKR?jFsKuZEvoSGCKA$?l
zt7IyCb{o40^KP5Q9ADjHj87ZfWgb_L4|non!w#ZYuLjq4N{3~L^Jsi>B6x8(*7@%r
z!uzu!&!~r9G+LU0>$_CF6NFD3<*>X(9bAB6uAM*l0Mz5c$PX*Fei1(YNg%KL-n5S_
zkb^PBC#7O)Xj0{l>j>~3L4iMtDPIzKwYpWTU`CQ;MUCi(R%NC$^sgkVymlQx6?SnY
zFB+)r0InmrAMD_snDnS0Z?_<+qAzsN606RAZUJ@ZF;c*6m>nu!{a&BwU;JgcW)&9t
zhh50gS=>z%D!$8JJ1LQLy#9-1L#~;m3vQ;1Ki0u(v3$6{fsqdvCxkUl!;XTa956}~
z>+`I<z4Q&WWQV<Xm$@Gw5MNPuh~F>bH$8v4q{Rrb7h18x^{l+CwHXdLn#-&VEmpTP
zf#7!Qx(szW?F7u65sk8^JD2L*{TER^1CYIK=71yQszi5aw*lJJW%2G+A{#ZI37q^1
z7uRB9i|Z5)UF(4}i%!=AV`Phn!QppX=pO^4=$znsniT!D3u;D$F%?c$KCqOYn<Q$U
zluAYPpQ8)<enYVruG2cC(e&kkT7;0630@0KseMiQm15(Uy`o6lvOtR_VpJnDA$n;I
z_E8>dm{4A&`8#yY4)!+kUvgDLbSk&~#Oup;`<@VwTUnxUINSEk>L{<{%imBDcXFvN
zMY?LCkl<uryM8cYOJv_J8xQES6PzA-kL<*2$<AU^zn}V9j?_N1xOM@<&P?Sky<{sa
zzG9nY(;rmSH3VJ1*6k>o(>->;8$+wauK-u?R#V&0(r^*AG#56+FQ1h1s{<ZdwM?k!
z-a@%qp~Z&4pd_93ZKoBRy1*p8{bPWKFw5&Z!MsnS0yL?<fuyF_nMj8tM&;x))&osx
zan29f{NMqMC-Q1eH>sJLHaO4VO5V!7G<z);JkbgtobbvzI5YPnZ$O7Keh(8nIB%hZ
z``z2m2QQRKwU(0J`qYZ)Ch%0ej!ceghHqCik0`>zzR_7mf5HPZ%P{E1ZHqgAh?ob~
zu+JVk)l~F1PaUG}ZLJ91N-ZUHg3fOz6F9Rh7f!RIk=7f08I@=C!73D>_;qkuZ~Et_
zIl0IIcDR2%mG?@W$|V0(si8jLPI&!p;4dLQ@?QO&?h)af*R(eVcNK^aNnA%1Kl0)C
zv7pbk;V~1spjjV@@xIV}2h@UI-E1OX0mDF#(v-^DcBh-fV9vA*o<#~v$5)CMzGvdE
zI8&jtYbNATqbSgf{<P3~!nh2TW^$QM#`9rk1=IooGdGb|w2nl#DrJ{8ugVeqlI8Kz
zE=#aIY96`u+)3@;vc<)is0$?TnXV<Tu<-}fkmr7f1&g_4n3yLNB)q5cmJ=+no21(F
z><Sn6F(!}Yc`d5<=eBBZn7gFyY}6Zi>egs-?Uyg#8OV;0z;1Ex4TVPW>7Q^wvm56L
zaG*9abIUG#RJWmpvE9lc@xRJ35JGaJY@rEH1%Qf_bg{aP%VhX{JWxarzL3MZcM}&u
zWDvSChaa*VQ{2fFU2VYow{fEe&{@VuJd(Jt%N&RW+x#3*_=<GK?T)u0ss090y(Go*
zbUPAFg-jOIlwUfipQQPVB(_;_H^H@NnZf1H8o~qydSNY47o+G8G%*aAV*K+H*oeTk
zMvJ*g1(sMIe}{%Ly*KB}8=)ms=%b~?CRy01;|_beA>0YzTt+00QL1f#4D?UXK%Xg=
z|MUEZ%I^Qss(%iolY%Z7+_U&oxynOo`GR)9wu7fmN&#QWaFwb?8YQLd9N|D*uERhl
z+`%Oif;aW=Wt!z=rK-<7VmpG^35i`2oKnzpYZZ|6{&}<<ODhasFAxU-@$$5VjR$NB
zXTbRx<5gGV*4ukG=$REv+G3IgjL$mg+d&ju$t)g_3+qwUr4C^Xpx3)`=UgWUV*5>Y
zvf$PM1RTqYJziP&br%DPTr`D&)%Hpm+^dp_QHf!*X@VQcwwXhbfLG>E`@0IRQ*O_i
zMZnG#sAV7mmx*rN@8C9pV8VNPS8=oa*c?a1=&>a>^Jg7#$R0I)VOm!X8+2~X7Pv_!
zgMPVYV2CQ#_q#;+VJfVb;w*W;Mvj@4wU8H3%O_&wJ`HW4e~33P2H4nC%2+2O2HVZy
z4IZLJrYIoeQF^V)Mq@?WdIEEmhuW(pd$i2=Ei?X9bQLjdA2bR>4i$)gJ8KG&rQi|w
z9HNQu@c`%0Q1P^<DeRR*CrdUc?6M*-mY)Nb56HEAkR09nx-$F9A4Ft@U5vo&Ln1nc
zU$)c01bMj$ho+Qpkz0TEBkakb$)EoG0%Bnw@rNBQ7SrDDNgFM_Pv%mYH`trL=<ZfS
zPj`f+{6RS1iTNdhchpfZwqKPaymhWy_}&vE5D8gR)sauhRq&{zFG>S0pGH*|Z1H|$
z#OdOqpG>r!_|lGETzqUBxt=xod$r)2b$_j;^<LGCXlss>9sW3r?{Q|19)`NOiB`U2
zf?_ET^{DQc=wS9oBn+yh6Au7+Jjg|pzM30NUFn|Fjiq4A`F+*H4(=EIawFgCuZ5N^
zg$B9*QlkHwL75>&^{9v_ef+H}jpWT_Itr-A^(y(4R7qNSo}E7qz(_mPNFi#3&N#5%
z55|E=GDs1WNM%0BM&(QfbTW&*nU^nLVPdwrXMuEw!^+VWe`sV{Q9+lQ89v*4FYkNp
z?B7C=_8cxHg1apgiPhoH#BJH;aTrEy4+7f9>pyj}H?_h(_GKDHJV59F3X}>(U^K_I
zWGT0A`o+ZD-^nK*)4Ngz*IDIU-03LE2hSFp^lqBg{NrIy<j8N-wI-Q)yDik*3a?xI
zexbEw{>CFkcf+%YtXIQR@)cmLGZr@wt$n|cr%8`jLO)+`>O>BR-+9W&T;9?k)stB0
zzj6YggcsP7wi{AH=2MxUaJN%*n6@Fziwt((-%5odSEJq;z?HBMx_|B0c<=Wu(3vG=
zEl{;eo-gNZFZU7qycc-WJ?^@s8lS$H8AB?r6f@@U%XQG37RcNEa4Gh3&LV1_3VCsl
z^jeAg#C+|WK>2Mkg?9dx6t*f+gL?I{+8>wF2lUGQ#u2BtQz6H{uSNXV5d$_2rbBIC
zny+<mCZcMvk(P6gP4iH^5TK*t-{@1i2%WQM&xVs_By5Q-h5WuU(}!)nfpkyhMv7l>
zJ!0Xh(_qW|5Z*iQl%QF^^R~c)0IKfY4L$o~1LMsPiuxC5K<x`*M{75XNn+<XFmr-K
z`~bmw)Wa3c7}aJb;Us~(H4pXJYZU=9u4@dhY-d@X0LAcM9wj6i1ExR+dI-U{#0G{M
zldnUZ!c9MCaJR|jWlO3n!e;e{vp+BV#IRANM*qiv;Q!=L1IYgTOb-6C1o9(f{Q9R>
zG7C{kRN17$I_$f|B7}{Xld4Yk8T^1+&Z|M_U#=%7<D}F&{!|;=-0&aGFGYtlVh~3^
zQKzYb?c!!Avt969{}^5yKKoB4b51Vw3}3inc758NrT6m}WyBoM=yS<YSF+HkIycg6
zN&y=U)5IE!vTOGW@FV#c7k_ac3=%N1r(p5@{`L)P)sL!#pb+xsQ=1(Xmmb6II_}&l
zK~hak*Gqc};epu}!68LuAZ4s<kf{%e9MJ&_LK5VSFe!|TNG6i`t*NQF>r=Z-2Y`Ss
zP#4aK))BjKW?_|hcL_Uo{|cpOM2k4&vBEWt-)9HBb9L(Te!j}E#H`flmDzUWgdtvG
zY883&=X<JLA11;48ESQuy1^B!iB_lDd>9u;ShU{%;Tn_r$-=jk+wd85CHgeii;BYu
z?+Z-iPq|^1yg@ap-S;mjMPs8>;6Cg=dP58`r4b+A3VB{f3}=#LkM|wV(sw#ehHyrl
z-U21ph>ooiyon6)iC@UzviTb0)Vrz393a+K&Bj<)y%&%QdFol0E*1+1YD^0$eu`hQ
zy_}Fwy6?L%4R*Ai*1IjqcTv5j{CqXcRBG-@mFjHYJKcQL1wje<fTzImF80?_e$ZPb
z2nRf?{u(D&G>6^d#Kbrgv=k6V7um%M-zuyg;EX#J`Gz&<7?3_E(J`ZDEfTZ!d@C?L
zpz@~gvZ28ivH0$$sQA&S(kZ{ORC{ouU6?<R`LYigqBdwcGW6K+F6-b0osO`G+$zlX
zhg>@0{0D0F#2?=)hq2<D(WxWPbTW|=&N<HaYKF4_Mq|aRU^GJXLmt0xB*^TUOrpo_
zkocKs4=|y(%jCC(wZ%ol?fK&}5cpmN-M{#HswLxUp`b3@$^;dmpDoW)kbAYTq1P3j
zQ_k+yMG0?9z2og6AW&n^^&4+#!{wA`i0(EH5z#iNPhACC_-eL89#Vah0;G#O*P)g-
z@94zxRy2AW<6?VH<*aLAR*yzg%f4139YgUEp%fy&*SKa+X?{wO-I7;DzL=Sgs^=cC
zS6HfV2#mLX_EWS<S5kXpRYRt)TZ>)<$kyBD3cf>z3JrQ~fJ&QyVW_uXDs+9hFNP$a
z@ZelcFuI46K{)3<{fMPv0b;=)5<98=mhkoa8G3|&vrEW`lWo@ZuV*Jx{qu~-yDZgN
z5c{+w+8{qhL{hQf^3&iuq;8+<Qc`(9Otn6=ik2NEgLez=PxYyb%Qlj0FSoOyyQ>Yl
zkVbgbUHk-oGhQ}*GqDSp*AD!N`&29AXBkcU@M~6G_1}S`LMwGWY&5m3Z*<AS`3$J!
z*EVi-n1Oj$IZiqFZmSwzdiG-_oY=uCd`g+b<$~wK-`cp5bE@p+qPa4cPnFQ@9DaZW
zICQS&teB>r*U_j+q`tL+0cNQOLc%zz!nc-+MxBfooy<>3-%u>OyuhIN$-BgoHMc@a
zyw<VPMCI1O;h(lB{|?!{j#JKee?(VV+@mIJT-_o@ThW>M&`U9L-U)a$*?ieddeUhX
z?qt)-iHzpJ2`9y<s$Drk{RfeVTN2KtD48LKh>DT#>+!$<W>;_j;>4I^mG~&Z!6y4s
z(a<FaEVKaASg9K(vAFTx(Ud>QrK`vIDx<(QktfDCi2nxA3W$usb-W+{ud20Mw#trW
z^Ewd8d~q-hZ}-RHvMNagv#<QEAxRnlq*_e?iFk60exV3Jxi^6jxa#7BN}GuWE$;u$
zjPmczu!{Px{qesy%F0m`MS^5daWlaeY;T?b>_iJ%p&LJ%+=SjhnGkWGDgZ*1NgzhF
z1x7=G%<d2vCIelzL)PG729FF>LeUYQ{ncy;vG=(t0qg)M;JKXrhSD@hEZMWK*ee@a
zQT4}=FGuU3fG@$&q8?WAx~hBH33d6}ab6WQ>V(B_Q`HrE?8JhC_|fkHu-3+e+_Gxn
zoCm6(?5=qIVTU%d|5w&it1N3>yKDH#H9S7=y4Wfw_61rjpIdmzrVt>Ahu0G>Axcbq
zH9{B4%#LI3taX?hOHIKJ`D^_bVpS|rc|AY=tz*yiCZ)?_C+C`-YsiizqAQ!@U93BZ
zQz!w=YeM$6TOwaB*B!L!LR_FR6*jr3Q&_fp>fa#)lI+=Pn)rsAy&a|?yspxf%&__7
z2+(Mv-z+r+uSp}SJ<OjnOd6h4ye(vtcPGx)e5isvMwZK>W>BjQ(40!Oyvyv@UzD&h
zTh%AaaHYrPe6qg$elB$P9Pj<2z3A>o9}2k12U5qsvv}VrmjMre<%?nxk^%ps8v6ar
zDgla<*HUFF>ikABoXs^#=HE|^fAJetnQb|37fDMY^Xt_iaC#^3Hganny7n>(>A5gV
z0;JKu=R@vI@a`K<)ccz@w*D3(@S->Q^tyaWND9e4VS3f%SWHdX=Bt%Rg0@fxy6G_w
z)XNjC3&?DLvwt&jk(1HFGo9T(ad(uVb!Op#a?OYkBGUgB$3WbqI#EnJcQU35yAhID
zs)BB{;y*d24jciOM)Avc04+@iU$bC~zPwcRqhGaB^1eF4ym@zGLiP7D>SM*hinpe|
zjSvPU`-NHHkpYN9dgZKgtV#vF+-Dzm^8DoU_+4oI<OaTbk~LL16`-6a9^|9?LkF_+
z@vZL3_9N8hz--&JX(m|PM^Vs6bppg-4XQ_n9<Eg<Uw)@|i^!=E7DPOB)QsI!!rqCq
zjkx%hn)5dfUGY@yr(^5CXN*vupM68%zW65wD)ZLr5)4)e`Kfx%b3JUC3O@F>w%6-;
z^ruJ%v+;-hf^-5ZY48R^2S4CC@JO4$_-r0jhM}!pj9+e)3@T}bA>>^vqnLK4k)@zm
zKI0EH5~NpFp0Bf?ta9lSZSeOTmT0c8@E%DFA;tObPHsR<)Io<Pa96Z(#I%v~%Kbpe
zV<*@At#g|i<PQ11z_Fo=NKJPG>41I>pP{F)xGl`6ISZ)zhIjG%`v+gD7!fYDS_ip+
zMVBFWFEL0$nh$=$<K1tQPqHf(yRqq)iS<)%b!!ig-k6>LU4ES?ca91lQeXUqOuS<h
z6)~aRDc(~Kt&GCl{<v5>36a;UJo5PC%Zc@0^qpoGCp>Y6O?yrE_}*l+c$lYnQ`<`=
zB@Yw$Z)&jm{Tx84l)!#Ls!PQ2rw2lmYau2>HIRyU`b#}@HGW2^%i`!zba(q)$KeKt
zr4*0Vauu&QXokZaZo+bOLQ5?*4O7Ei=5OkO6y9ncWb*k^kMOHQ=}M}`<!DJ*)I8u{
zJxvptqYUyBR*ce^U4uK>5#bi)fOd04LxsfY@oScwM9d_1<x=elu~zA;aEtlZ4y*eC
zE9^(WalXy|QG9CQ#Sko-!TR<OlUe_QskvmZtkPvbcMJUe@$-b?U_Cnh%ToC2S9VTR
zpr8Kz?@1!hzsUf0as#6%YGwLL8p#P|m_|iK18IRfP^)Qd;je&I7{oF^!Gh}1Y(wZS
z^n+AVZ%et`WgY>f99jP~f9XG_5KupoxT81jLbgXz&r;E!XBb#BNhl+ya1s3eO1K6@
zHZLP3C7d4sNHU+xD=Pl)`*F~C|I-7ult_d7LY8GvDXGY)rgb<rkP2rncbFppAA=cX
z2U&dX93mUZf#oM?xn(Y3{=gFhfTA0m3<Rh35O+dM+w>BQoSDffE1B?~!?Qd!Zu`=>
z^Qq%64>9Jpe_#1;?3>g=_RnG!y;jeN-smIDeP#JWh%=X9nKXP%7aIiPp^0RRUD^cO
znNXXnW|HbWknrw|6%QlVkx(f{Q3reIz$c0d9`W+a4m)wet^wpD{G-E>qx5*H&QdmO
zCHsJ};T!9!hQfZ`6{CVrri-tXTPxyS6f@vP&D?Co<u*3^u4!EH;;uqTx|4kp$FywQ
z-QO~7<UXzN-X<eDTA`tb4dOOo`g5^Id48?*d5ftBYEU>sn|pZ8FtkNcgh!{K357O|
z^UYQ72zyPbr$Tpm>4joAAXF?mbG))S!~%qN7T_awsQZkhGP~7cs9`9Gendv+SbQV(
zq7P$QC7FxtG8fcyBG2|nMFI!^K|qtU0hO%i0-k=@7Guq}5GN>hQv0=Xe(C~hcvXJH
z%T&Xeh0pY3$K481eQ8BE+SsTrLGkrrrghu(ZGvlCsL9p;ZYzf8;27x}<&iI6+aFlR
zwcj_1aZHSie(12iNO-5yeA&(=YIr_*A#0soXY@Yhqq<Cgzkvy96`hK4WM9d(%P-|q
zC&or0f#JB%nRl3oEfEHI%b@vb7Rn<nl_?{LMPD<L{rlr^qZS_-e)S=7C~>3U32A!|
zB{`2;<DABNsuRHe3qvj$<y$))hkr=L-2wU%aFAwsJIwD)C<sO^Ea$zyt;8dokoT$r
z!1p1b_G4`4{{4ca;4CURCbU3h=T|f<3agWNgW~Nt=)525N%qam_lbLNjQ_QsLD%nS
zB3Zn*E-V12K7F8q#>_yNfQGYw+T>phBKNwT)cf#3PA9m(OZKkX)vpJUjs!I2aDyA8
z4MP^}P4eTjpwl7JpcZ`ATyLuUS@L^I$U;KvM9R`cTC@K*LrRB>K0&$x#IMA?5(bA}
za>&wVT(zt}zOeO_<@SjgBmWZ0xn1_#0b;k99L_YD)@eXay|o}_s0m3Pt5>jufALg$
ziD1VvOR=!2BT<j+*P-Z2<H%ljv!2(A4@BwPjq&Y_FaHP6`njv5MbRndr=;imjXELw
zM}dm1;oyl6m?a%J`6LJS9l}SwrZSz9^<b}cL7C{aaNcz!%^A*i+L@sDjL(3HMJV#3
z{WOCSa0}c}DF`f#en<eQfJ1fMm$-A^>G@9F<-_Rq0NewrZW-B%did2bAs=XJcne}@
zMiqLnQRnk|hIwQteO2147LQj1KY5G|fVa8C%p9v}myEc|9qzQQT1yXKzlbVZty2C;
zI<jT?@mF{}VLlc9lL<-VGmxTkbBYklf}Bs^I$h+q9<yr2^B+A`jK~?^Ac4NGSGAEA
zPycvw>Y6Mhku)F5HH>{WG>_+tW}v54Zn3SZz5KRIyXO|r@823G4vE#!v4j_)k}P)N
zC%MXC;U}4B>##)k;V9BpBeLf48%O`rVdV!Usg;rTgQF?p0?vN}GH5rX%C0&@*K>Zf
zqwIZ^VI+TyI)RGD)x*!AbB*Fgcvdc!P4zR$Ybt8tMlM~IohuvAf`qk_{ed__g?=9O
z{<A~lz}iV@54@dk?kiNu7t;Yy8RZts7c{h~m@^f*(!QNSseg>%7;^~NTx?c>Ls;$~
z)$#x6t#&79v`N;S<)(pu*<|v-$(bNMl*;uk!MG;GMZpOn{CP$%=SiJQu3E$)E@a;*
zpw;-tp`(F9gU&~lbv&!PN7V~}&#BvY|2lML!OSWy^YM>wLH6B=G2UN<-=|g%ZSK0K
zy0o`gpV-2=7JEHaPDn+3?7^dRJFTY)tru7%xo-Z3R8>%5{4b@a?bP*p)6R}O(8g^S
z8K@?c>a~Mlr+y?R>)3YzVCZD@H#Ha18S5Te{8uzHFY1-y)>FAxhGG6&5H`n52KiD5
zt)i?xBy@bW72=+WulNS3NS7Q3{BK6D3V6+eD)!d|nYnw?U6o}1PvtTy?*JM<t(%Xe
zrY}p9%~8`alN-pslUEu&T*LInS32&j%`EM(ETF#-q&2N3MI`Cn#wL`;zdNwTz99nd
zara7pXvszk=~3@t{sH8LA=zxewv8ctRpZ(zj>!&r-$$`%d?6`h#W7ZTDeXFiq!glT
zKDyh1-+0YTxK0y+CSdisTjN*p;H{^F=y948e@FJI6j`W>rw;xJhDgh0SBAXSV+-4(
zsK3U}D~Fck^x&n^HttMx<uZQy`syQVbBbm~Q>Sa;O>+i$w{v5&?^(iam|Y_Yw?;-L
z#0!bjbK%Mt7Nulrq9NTwpMiJp>IMNS66o*Hbvj|~1q4F&?}-MNmGa~*(D2!kB%$9&
zR8oWk-p*5TC$~Z-A6JXIy}98CKi^9IWo&}RXAA4+&JY7~tq7E?k6)@V(0nH)2C0n7
z39B%LGjJNwFYc<temsxb_}n21blS0|kh8gfybQ(5I`^AR;vThkQ%3)gjs}h2|1BG^
zBW;yzjdIi9A?tp4?)~akmFUrLHERWte6>Ec-Z|LLc-(0h25j(!*Ln<ZrTY0bt{L8%
z!sDn;1E0~BtV#@?u2^li?pt=I+#Won%U<~iJ8hEobQK$^KJ5?tOCs)O>5>PP!0KG7
z`V3WxOU%%a1z;#PTc=4)#VXWZjC^B2D@C09JERj+gI0^7%*pdi(e%6$QF?O^l9b4I
zXDD&D#ZP5CS-A^-f1nAeU^X{VFZTv!&yMc|;nMTD)#QGF^Za#km|5MQU!VM2g#!*c
zNSbB^p+<X{y&_~jgGFOK<FyXk^-F#N)%rvLHOADhI~6+f^qX8s&=HW-v6qKtXW`JY
zX6^c?SNsS(qfw+>D-l9|tEHj<m)DDN>-Brry8VT}Q8B-KLCy~UYEc`9i``KOA0K(R
zdDL^g1T1nBvyfZfH7=RqR_VMFxXo;56MP-}%X@sX_2?$ijyLfF^D&q9i}^uYGC0TH
z_ev`oA?-mdKGRmnTR#{kxHvSk4PTIo8=q`}OVdTC|GbLd-S>z6aOQ6`wlz=;U(0>s
zfYgB`d@ZVC@?v`X%c0fzso`(NFe8xj&3?Y>9-4K251=wn8GJD9dwzTz?(R3mE<Q^P
zw~FMXYn!=AWW_Gq$s3_a;+|#-xU-byVqE8c&nfkAX45rc{a&l+o%c#jiiv9t@yR=n
zn4d3=h^8vqcpn3_(T}%~V91k#`=>Z1dkzwDT_m^gbiH^<q|qcPTZC$t+x+8he`<z$
z&dX&2+(WRfN1OD1a>h|vN$u~mNFQ-&yG9h|z6e`Q7E{(qW{_{YFOXDIo!s|AuPBir
zz7d|ItE{sGML{x@pAT5KG5KjR;Ym_~pr>`3bLCDj*Zx<>(x(pV@S(zAc5(wPd%dmM
zOyn#=Lrscq_TRab5BeRIV8JmFR_~XKP~upws+<TIgX4jCVwSPu6%gIY{!?)GS-0`u
zp3j-lcH*<t4o!vOX42e*1mX%e4Qkz;=ssPqHh<)I&gEWH9PYydFbqAz1}4QIlaYH%
zS&1!l61Iq<vQW3|KA_76QavE2##27exI@K4fj)|gqMG^B`S>Y~YG(hbs~XnZ{7Bti
zs^sIy(9D`?%vauDL@c`FxA^gR-E|LcyZdW>MpUbEwywg>x$pc4VGXXhDL4Y!EtZh}
zBEM4TJvILpNRh5S$&7e^q0U~-p?0iq6biy@(+cQ{^UdN+3o+nkya+&!Wj`Nojse{_
zHzZXQY?Y0gYIIqJp*vEcKfg#4w~EGcY`0OYo?8jU_%mpdrq5NU=(z^I9B;qFi4p<}
z#NV{waXDab<k`S`_I02`2t@ygfQKLCkv_v42$%E3(QlG@&vrJ*E-V?R?^ib6q&ocz
zhfThZg_UW6g|9hXe7*$)&bVxHWHcBYSNB%vLlP-=WeVQg9rIk}Sohk9%``8fHn@kV
zwu(B~uPaqDu^x;!r)+ituvZ_?y?nJ^^cW(}N3dqsfINQiy|?Cv6WhMsd)3}x{wDan
z2_QDrbkmhBNQLnAb;f_SLF{%TM`wp@)0m@r)nH&7g}PVRLXyF6$lsx_4`RXna;k@A
zyRW|EP-Lv_<i9&|Pgd|3ra(6VILZs|vTZeuLmb<?6G#6#!rjuNU~6nv{7$<a5h`w2
z155~mDS_svS2<)FRg%T~Zrwo~BhBGXQc{|$SM_x6jaf2HVL93NaufP@=vk{cs{DcY
z>o7gtu-j^$nwKHctH0mH#NTQXE4LnaUL_&^Bum{5hQJ)GCk}-WqujDu7^Su}!aS9X
z!2Jqeu~LSGGXYYt&d!RX<_fML?k=)2$>m+C>fD7=d{38<&rWJJ_%u|{fIfaI#qa4H
z{QD9yi8C|5enVpe56cOk2$r~CZjJn<7C*7b(05o8(ObIN!F#EyFk%dF#@Bj|vdiF?
zIpspA{(gep{`d`}NX5U#$Dg&^Q>=3B7&Y?HK=S#KRoJ!aC#lvGbPLtqdsVi1PK(Ot
z|Dx>OqnbGT_3xR<Bn(M_Nk}+E&>?~j5l}EF9+?RVBAzA~6i_@MBI2PQP{CTA!~ij#
z0^$i<J4CQCo)M~|R#8!;qJW^)))o<Mq}6)BR(;gIx6iZJyZ8HB``N$!&L1upvVeu~
z&3#|r>-t<ZWMRe0Kn?fDjVd;!D4$78DwNP8uh#Q`rRejNDGj~LtYk3o@<^#;dd*m`
zE{6h4?G5`aK@|p7`Ql%ngT6DsaF&hoDp97l=^uew)F}~0W%fdo5UA}QfqH7()D4vS
zS4^rU3Vr~oioEl6RPgyaq!16ULmnI^`5hwzB}vsT*8pXRcGr0|<2O4U5BTjG((!tr
z(|zdXR9VE$&xs0q-=R%9bt~W%f%CXW3mUzyht|%+J#e0-3Xr&fUH45Xvud!SRQCmG
zk{Q${mR62zjw%#b;^KAg4T0`S?vhH_;9mu5A_JMgjdR=4l5rmr$o%IN$X52NQUSBb
z-I`)ri(B3hKJ%mz+>X7q_96iFM86tFjPR-Ai?1EfMYPFXmbmvg!iJ!Q<iUDLh-}DW
zeJ6Y6D@N3ghPOHf=+?EMI|0UyuzQWdsm?HN%nYI9*NP}pBxMzzu<t{Z)l>=l+(?gN
zLiRiQM_59KO}i$B`$RaTkFKZlzS5F_btPT9?S>>F_;2VGhb(Bh2!*FjcJcuLin1vh
z-KoZcxW6HSQ>>9Bw&3OKWQHN6@1nWL%yc}0o22C%v@%|@ra{`!cSnbHrpd^(QM1O>
zLpLVpN?(lQzUiiFk$*o&jZJ7U&3Jy5Z1}d8I8xtC`ST>GjBKXtP(~lEyHe)$ur4|7
z@F@rXGErblGL5#_m0<e+|A?0Vvx5(m@nI$sKss`T#CEA^8%TksY;<}qSORwP1<e7~
z?TFAQcAUk-?$85TC@`vJ-X>8t?N$PjFq8lq?hM4YbQo(g|4UK<Hp*-^^iw&to~eS1
zLGzv1s?Zf9H*jpLRi*gKqnY}nURgV9oN28M7^G|6c^`g~&!#iRmRE%^B4_wqNruC?
zB>ro)R}VekroL*${CogA*>cLjeG>wAJ~N8{G=%KELr=i{ZBzP}1m!zXBAxjrnrHlw
z$UUfQZ-$OLc{@J`RQ~g>a!M2pJRm@gBl}7RsH|g5Fn>4x{Y;d&KBF8yywnM=+SOkx
z@S#(xxWG&8l=PiK>Br`Pa`3e|1<a@kB+@Y8jIWu}X}KtNq2utqG)Ldj6FQ8m-*mIV
ze{Sm!0=A%RcnMaHvwnMn7zMH`?1Us59OAI`KABMbgc3gS@&%Rs3K*$H?}fsfv8Xm=
zYdv&*OLpkHT|c{!ql=^k`|lA;<@BWNJu05`cmJcg6Fh)mB<%dt4qtiG?vXTd7-4>o
zr~JBA=50LOJZ1QeA}uzuML^Vt720MIRX2>+5SKW@vY^wsY2XFKbmCpHG-bY4X8Z>i
z866j|w78v|0k{*o@8(<V=k}kZq3_>Zs}e%_dq>*FXGRV-sHy`NTaL}NLi^9xmZwIy
z!}|lRD5dTr6YP93UdB5r(*&Ny{g791Ef?tu<_ybQplDrls=UjTFOwswmvdYmOM{r|
z`eyZM24pOcU(+w$cA-V+wv6OxNta{DxiK>BoVYtBsto~PMO<=6tJtS#fg-mNsLXv9
zOD0es`|2MX#UBD0q8ON9bm}+Dn4;c7D-|v#jaSFDD18SGc|m2&*Q<(p-EY<p(>3#&
z+o6P67QwvyDi!3Br{}{RYpu|`)HfXRyRKO=uMXV}HErXsET&gb(QZ2U+@QQ#c;9_|
z)u>w6u5!S>$P~*6-N+!?GmL(boVzn4^NHOQcOnO(6=|-(iny0?iM_KqpKg{{IMRe=
zC$iC}oaHyZ4&l8WY7qG7u!v4QL@B>+hmWttpv(bjJE%Z=_(1@*>7|uk%yRiW1lEQ8
z7HZbogT$C=P7m)JmS7Sc(@PbwDAT8R#v|Il&R0!^y#`&5I=?g0E9dZWzu8$HR%s&_
z+`uVbjZkIQR+E*R?lbE*<}IfOB!YTW=3}|6{7@hhan)&@H(F@9a&%I(>{Oe}0;QvJ
z;EZdJEO}gO4n3I1tq}v%g|QZr2MXQwR~(hL*zxRiVL3)U?fWOwwy(O%?M0bWj6KZY
zDh6j4a{T&69uKLtvvVh>Gt~8mrIql?)_0uWVJCn>?>MuZ8G{Z5)e+<TY0r@6_DF?2
zq$R%QV-EkTN1tr+*+dyJ#_SBXQBLClH66dnG(A=g1?`p*>Q|KVPfd^`7x@63wQQA2
z0W_%Y*r#^h5IwlO)O*mLGAO><NutrMM*QB_!4Nos7hDD13ns<V0|0&76PeoLp?PG}
z4D4_@bJFw(eYDNks0Qb3R@I0$LiA{|d>^;2e+?c3P$$>fxE5+7SPbW78>3G#*ls$u
z*q~^rkjR;_-Z=zRf8L6P-pkpZ%)Ow=7-DWuEndFZ2sfxVE~h-&c_+6<dkn1Oy`6#w
z{n%+ze>YU87&pTRjq*@a8y#}oky^JM?F!<DHxQAyY49s2dVK9xCpo)$T+w$HbhUj4
zB`Nlyq-^j~W|#^$c$wfVvxrEWjS^e3ozwoJ{f<%U2N@=&31`~Q2mZS~=D((=^mij)
zb~cxy10+{mBslbF!P*sZ>+ZH>Kem$dqYauyQg`$vH7Lu)Mm6l?fW87=LH@T23z+m^
z)LTAHd`xT{g@Za$MM_U5%qszg^g$%nM~2bNM5j>2nxF<`vw_d2RVK59k6|IUa8iZ6
zBNW^+`k!ZVa4e@MVq~W=n_A+qU_2t;F)N{OK{IipT^@x`tJ4rsciMsLdiUpR?o14u
zn)vFDE@l4R%`Jk!2CGsoLxS-0b+Rw!=hAz8YC{L!-=yT5Rpe1Vy8NC)NVv_b63wGV
zV@9yKrsL9K3sthF-EGbbki7AZV7r#tdF#J7@idUVJnXg;-nZvIUrjZnO9e;%_zbn`
zaqvTO!&w?JjAXrs81z$c19aVT>bZgA?`~EEaJsEP4Jbl&4>Lu;a`B^so{dJlFz}|R
zgKW$t@|~85uGc7bE&=tbYYcFg1JXdX#K)b$d%iCfx$yBT{sPOdcF`!k$Tl0A<8|n@
zp%rHM0sd6jvk12S&2TQz!c0pxpc9_7^P2ddb<Uqc6NSeq#1%f86u;K`SLkJf))}<^
zjgU9asvH>}jRmP$wfwhE@vEg1vm=Viwehv8V-9CfT&$hFKCP#LT(yT|ILSaA^V#Hd
zN;<J`Poq`Ujq$LSS|_;}U`TFtS$bt>14>mT9{OZRDTt~kHJ}L7wx>B=t{0T(yy}sG
z?eN|&o2ML1s@DhZ8F&kTBl6qvSxs{d`_7)Tjm>J|b0KQ1Pc-glRL0Jopqk+b7h)QI
zT`Sn5{Uj_O^$WxjZ^?t3eDSBkO6cPdMs$Mfqcp-7o_9Lj79$ehlW)ojJfI~vuQ3r>
zE=A6DJmp!b&Nfpk4cvMwSqJ%f1A~(uhaDL%>6k@PRV4Y?%8Jz|xC-qqu;d!Wsl=B`
zj6W_Y=RC7M#o+swSQN1u)8J*X(bW0R<ovuxuV|4^yH9Ap+Pe}DJ@atTY!A`dyq65N
z)7PmQw30dvK+pcL%xfkv_jtuoCa6!LV*uXY$*Q9%{$m%YZzHoTULfav*{`w{_UXTY
zo@ft5V-3yDfbhBeIZha$EqFEe_GtxS^-u_)(Jy=vrw3lA0h44%ifL|fybatRu!xv;
z==MO&qx%a9UKo~Wop!Sh)XSKod%aUt@Ddn>qTLV=ynk9=Sahd-v%bS}boCF!&JU?_
zNY(<|t2h85`R<r?oUPg7IYbxQ*NKVh>=2~E=xE&x-V>EQdX3e{bT;hMz@9fVkzmEv
zG6>ye=a1{1lU?*=xSl`!K02>b$Qw$q{H5(4Du{H%xyj#h2_Bi)5sSE<?(<hcazZ9`
zW(yheKxUh+2Nud~Om={YEVP#Ey8$mF;BK-)@t#Ti`9ur+O9ywj%c3k~;*ORH5;X5)
zb3s!U){lLyg9@W5X;(Ux_ma9i$kHcRl_1t9?*k2mUjiC{f8c(XTN}RDh;B*5)*jG#
z7^%pesHh4mYlm`FAO;OaMWqaaF)8G>n}(NO=1wk6Bml<FQNg^I34uo}Ay;3t{66w5
z2%3V^<&WB_ura|xU!S*juKsdvoW^S*XI?$6L`ctSKyC0joXjJ@)`frRJ{mg}^?i%a
zH%Jb>v`#pxb({5W4G=Io3KagxPtA#)oOeKMreHqCucHQCX>c^%aA4@j`{<mX{?fU%
z53Ley{NB!tYK9AIc^e%8+r2xjHR41|DihU+U3G@en1abNVs)rI6SVmK`-di1P&)r|
z6dmz~(?DM`l^VGCvIA1z)qBL<3}!w=n0%^O?N%AH-V<oOn%i_b{y$Lk^xz-=^ZDma
z@}F<|R7nLcQ+V$@A{{=2PXz1H4iMe>+)A9x^e$)yHSO=2lqxrzlL-)ui~;cL`+N#U
z0q`TFIRzMfeqz#4oICU%7YkGBr=vLk1ZS?|R#3IV0U$~r{G1k#13Oy#CKEzu6sJcn
zxnqA)Z+-GU^KU3QWx81>QI^0<b@80fxm16wL=1qkwvdCujVm23wBHC~<qjfo|Bf!U
z<*_T=%|iweuMM=;zO@q9rI_RTYrKH<POgF6?EKIs5F&m<%t>dQ5<IfR3e{CRg*W;%
z8F*2=-ajXxImRD78?v>Lk3sB59-b?E(p)Os=~lx3p&=Pgx?&K2X0K#$MT`<TG|YaO
zFOhszLnpNEph7MR$BLQQZK-%9=D76OCCG9O;O*?~qxE~GgA4QR(3?buTF>9{>nmEo
zHk4xXKMWUYms3%=CoyD-wmo{WL!1t;ufgJ`0IK@D@ONF#O%INLQ%6)>=&z*&BXLNa
z4rK_2qv{iP`Qo;{m?SMkP!;sO6GrQ5g*-nyU(1;j!t3~cJA;~UZI3qiUqT`N%}QkA
za1SO4h}c&O*D&GnSL>OlXIwv>a^y5@OCySKuQEm3`DpN4$+t~80UU4(&#-2}?&>!V
zmiMO3xo_v^U#%sr&_M!9-ORKcS29!PYf%l)hdN;;26Z=(;^_n{c{0S{jC8fy=U<a`
zGLRPsZY<9Ay>`bX9MuYzbPNTi0=6H*uhF@0)puD=56ZxeySvSr$Gz*YBQrr$tN4u_
ziCp3=&y;`lJJ2&{{|#lTWe>GJsBwZ`@NEfup`rIa&?mfLJY&60_uAucn9<rkPp^K|
zFlxIDc~H))PI|3veY$|NFAM%69`H~t3^aX3t{`09>7XSoaK*Vt@NQ`9xRz=va)^fi
z)u~#y`F6#G2m=DG6tbQHaZ$V(m1<RNGVL+K@z)0%cFx7c2hRs)M|*{$*}mx|nyU3X
zEAy^Kt{8o(n@#A`<9idb18?%F3@FTSaG&4{eDdK_O6ep%diuON2|7GsyN`B(P>F|U
z>dQ*9S(;bE(@t^7J!kh&gc?;ZyWimN_1BcMi4~sCS&EY{02S@S-D2Q-V`d}-x844_
zJ(<|iqV+o|V+1vNpYbl!pev$19Ka&?TV!C0B)PaNdv+<JYCC2a@Y+D=hUbw%9vic*
zE1S*H{p%sqJ-Zp+Hci|7aXe{CKby#gVqxr`^gyM+5m-?u?{}oIcyhKbKDtUlRougS
zH6{xL+vCO_U=7$>H4PE()>c5_xxyRUI;>Nu4p-pGV{!U|hzRRGeO!kna!@{rUMyc(
zg<U)+Lr4!?<=1TA2M!cv_bh#*n_H`^cqne_(fMy^b-;Up<@O)ogxj~E6pB1%PK(Tn
zPL=}^7X)jP7)67Wy=7Oed$E_42X!+MX*(&vX+b`BSlCGpJ3BI(=^HjWTfS`t>e1Lx
zA)ZAf*I+>y-_gH|Q<#x{!FG=S@G|kmjDsaEx9;Uy(Q!)Q2xtb@XpegNa01T}x~aO^
zEW3uE&`ym^MlPF-lP_8b-#lu5r***~4m1J|YArSRH3QO1h+$S+CrdrG2x0sI13dEm
z3cx#_Y~mH1N`}URIxr{^^~WHs47&P`GxxsdvaX&$mi4)+k@2(=yCYP#+<>@({Yeib
zbd|18noQtUhCzKNs@Ubj9WXSej>=o1aRIzxyYPbDn8W!?O+JgU@~5l5v&dY=h^u9w
ze|{_pAK?fUNRR)wkDE;Tj8V7(^zqOsb2Ky$gYWW*m7E#2hEBe()hhEG2eL+oK<qs=
zHwff_ubKe=_0xz4Ltgu@^ZWnt=fCFpf4WV8!2}0`UU)GySHyiPy0Z0m^0?y92?@cS
zmE$9lG*)}2vVRkT8+dXi5XE5lHR$nhNZD?5Fp<jdVvX0(Y<f{WpmzsRp8qntpeSrW
zaXplT^J7%}yC74wgL)$qSD)6Ic|S?;CY^+d862Xl?f7v2PF8x%)!{z}SuVeIHZfOB
z`T@z9bzavYs{NT!N-}|6gs`TWKi$cTql}iqfMzFY)YpANg<CVD-1>n0T5sIp_gOpR
zzrpX0);%Manmy6MGx)d&5<!z0*@tv~;VrEu4Y(ZOBXVA&v#7%NoD330ngwC5FjHHt
zL$E^T`2q~tfh%-KYBT>eCCyw5Nci?3y1a`2W!ptQ(DqeA(7|A|^(lb~Uv2+H0?srX
z8MxXR{($12Zck$s_jzwl16qm7I#m1V_CTZ>$%-{Ch&zx+fX*^vKIRpvT93bTr-&IY
zX!OK^b~$ysnu3xgi|SB1pO|C--bQ|a(vfkc&}HT}{S8%#G!_6QPU?7)tjhw_>y5sP
zvnTiZ){+bt=%FqR?~<Za;4$UOCVcWl(ztT1wJ1A}X%9Y?bEh6yS<;?2T2uO{J%>;W
zdaX%RWQ;iQ1@6?|4At_cYUP$5J07=-;@$G0XQpw+O=c|XR+kY4^n|~`>p;T(sHLDg
z<Q}<komxtoKy|^T6sMhCGaHK5Kv3amGH0D4kssHy78}42n|YV&p&#aJed-wHnzrbi
z8FLMx+k7^XgkM>DG82M(C9&{l!9K&HunQyOLFa?Ubk`={P^*0H+9k-$<08W)@dm$`
z2U=amb8z$X^S<xozfs9L+<s@HWlZqJa=~g&@s>yshq3B|Yd|I{pjn}Gg|75SOyrA|
z1VrmnVTqV7=?CJ`B;@Up3W%E5Xw0+oB(-x+JM?GC3f+da544g)_JhfPJhJoAw1$2Y
z`k+c_Z$x-K<&#e*LDCFrU<&Oj+lRRlaf8!ZF*#1B_xrKLTCt*5DS5J|8bqY2Ie9DS
z!>cu>DPRpcg;<K=nXQ$O`%-~La3WKH@qh40#;biQxU&Ou;VH+@hafob%soq=Yu!fp
zH5Q_>`UY8yWDufQ?T}3VhbkzODe}GsSsrt}rP|@xbtAW$z+X(&ZO2}(g0X=wM+<r5
zQjvzfslN$}#?m8ZZ;kdfTw7|;?u>9ALUOh75Nx;Z2)wgBIidWe9=Bnip~;eMsP?qL
zA$`_t9b{vm&7d1E#ok|}EOdzLDWoAdk1&m&v0CX^&3(yF=ZAIubn<tTB;<EiP`JJx
zt;~O=XP|MG6*{=;3nqA~9qVQ1;r{g8OIHz7+_A%W$d??UET27!nY^hUZ;J*EnI35;
zsSdsVep4XW=O|ZK;%<Qsq~Mam@y(017D0(+^;)kMncBlHFnFhGf;!5P{w7uW;aqGb
zl5JF4f_jq&Kf9~#|AA59VJ^>+_&BBQXUsdm7Bd_rrWu4jjOPANOyASn8FxLLgrH>r
z_~^eT*}y`Ks0}oe@=6WXbY20I^rur9IN^{rwE*|r@8sPS63haQ`Z)d>XgOM~y!D8L
z&oW*@!CWMBfogpmXgY|jcK}h`HvP-xq&8$%4>b!wth2h<>AnuC&txG8y9h7JJXx|H
z)lGY$ch40yx(l7#B?GYXj1agIeppPEnR$l)$rA{pOiXHW{3_5hdJ4qZ3h4lwaeF^z
zL)P(3=B%WP^L<O$#L5Hf>m`0?hLc^Tx?1--U=LyN|9(*aA9EW8gWIeJvl^VlBY-si
z96&(w@1iG&5yvs~dJ7`<%m%efZ@49Ih(tG;ypjgQKBdL%@X7^kfelI_kYq+C!h=|M
zUD7AoD|pf&!ejwa5xX6<<g#72EuqW&(P+L+G`KhR|AJR<LG<#JPYE5Kz^!SD0{(t)
zwzc)P-Em}q7P{zB?7nWi*<`(~GR1^EsppHw6N1l*DFx7)2HDFqWlOZfxS>{lMgw%p
zAZlpD1Ejr5FghR}U@H_k4A0M(*7+^d@`X^}nszLx5lwP<c;@s6hM<ChO$gu1Djav)
zB8DT5V4Z3Et-{=(d)?*e3pz#m7qtz9B8HiTdodqv&>ODW&MRC%_|$wH3$?C2h}NY&
zz~PN4_u>0MDCS9_T5j|am2k9Ojwi~b7^XiL!ao77(ra+Pw1t68#<P6KdZCD`h?&#j
z$b^1n%8`*VPHHy@()yevevwn|8-&8oGiO>IpdSbJ&H-VKB~F>R0lKuEF@;daKuhRl
zJ{1|ffW+@SHWiX&r^N<{t83-C4BTcPQ0NcDqJh+P_Khhjdc1)5S6p)WGxm8pUibxa
z3Kf)b`~550h6^->znh~D?seFTHd1sP=0hto7=54QBP`VSAXkZxsvcyV*XJ9m2LN{9
zk4|$^gLGaxo;G2E%$t4euzMEZXXL;Z$UYt7be3=O%q|fByotS#hOhz44M`0ff_~`H
zO*`$gN~@tgmRY};^r}UYVx6$h%3=INBnR<$`azDBZ@UXO^*O!KpNf4N#5Ya9Z6W;5
zgP!nrK#OhHgJ?Z<sz~6F#iDNFE9-T-d7IZJpu)0UT`oLykzO|6;C35_zFGK!M2)52
zCvrDE+^+GjcK0+EjGq{hrm6IQF{kMbclNW&Vz(tT_GvMYqKvwCmx<u*EhF8kCB+|P
zkfJ6kv3w)m=YxTKc(TLjfeC_hsfb6rPBvky1aS!OMZ$b9Iqf+xaZO9^S>_ru@mKYJ
z$868rSl`t1w62}K+UeLF-ikL5o_sV!KA?d(6rL?K!q>c43f<#IXY<-$jKZfD-IiXa
z9aZE7FDozOS?~|!fWcRNsg3U7b?(V&D(K1NOek%kD34g3l1&=#`B!?xXJ_TpGtcaf
zyGvZUiXwO2j_WWY=5P>G)FG1;9CB0?+lCZ%un*6bEq38vzjH|_Do*Pm8U0l?&bAse
zbj@)+$DN^+IGerT?)X~fP57HO%4|QuT1D34hW-_;uXXTzWL+*2&64;APpI0lPf@Hg
z5^l$DX$5l<HJIRAfF(XuAqXh5uJ>IqwVt=37LHIeaX+?NxYa9E?7&Se)DYr=`9koj
z)kjC#`qvJGQPlgAA^Gx%Co>Xu?Eel68!D5wXp^3?IZt&^%hp!Y>PZJcQMZ5D-;k4+
zOMwyKSa7+C2`wJd%=z@0+G^e8zOkCv_q|rj-@lpMH|sj1@^r%Ody_@4sIz2$0p)q2
zxDLYCk~nEC*vuq_T<u54el6n0y`oUxR!eZ?gD1Lv6CjGq;7nr_!%;RyFAIyC&Uvp^
z5Sy;rQ7ZZ%DURJ*rc!V|d0pndXPT^-+l$6>Ii0T^=716K1%(t(i21D!+Vwd%*l!<!
zTu(&T*^S9mBirf1vrVe-_iecPT%M8}Z7`@`6rjpp>H6efd`YwhH_~7ps5yA_!E3bg
z*Cu|z{)T{V&Mg>pX=ll)m1VM|@R|1^%bs-Thu73>P_yWnN&^ccH9Fh(p_YL`HCP8O
zO0y8lUr<qj2&hXI8V?pAE<RjGHGatybUrsG(0wo1zkZ)jM0!`4!IA_<fnNmsH;-=y
zYg$TmHUs7kgvVPC59bE?HM$2n#GQR-SortW*v6Mxj)hNahnj-3ImJcyT=y2a9!!4z
z|Lhk3r$(cb2x>_dNaqFM)DBWh6qx?Rws!u?Qtzp*UCzI>iKyTcjc+ah<}u0887EBb
z>@evfOfM)}=85@&cQ1$0Qnz-PU*(<vg8wY;{~vb6+W(-os`{hA95?6wK1GlwV<Fq)
zdlbb_1RAWY@9ZAukzMP~6x^8slyt$!)?>E~59cmb{?v;sYJc(}$8jVl!V-D-kWur1
zpVeSugSqt|<i7qZgprGdoK;PH3tE3fQQU;)kT<0F&1A~g%^)~cX%qX~g#+rLrOCKn
zKIdD~BA8Eo9BD%%F_}0A7dN5|m}a9U=ejME2{Ib(&&dFWhp_JF2tojgF<Z|Ei^pvZ
zR)MZ=jfqiQH67DOW_md$7^sqY3T{R|5e=$!%bC!fa;?0K6NJ1gr=VO_C#YUMK=%Oc
z=+d|OQM^A{%OR5SlU{tuirOaN!IoF_{4~P7LP4@Go#pR$U4)=V(Nz6ARK*S_Ad4WI
zI?1OGnZB+>g9i=wp^CO-lZb1;3T#7~(+R$kD^{ZKD3y`X;eJ5pltWa&LXPwN!5%a;
zAQ@XUmZsLk%@~OX3~J{UX*EY5lAc$uI}dt2*8>Ghk0XGLdHEFUgph=C29~nq1RGj3
z^sTDzn=0_3fw&Yi%^+XD?Jy%UUa{aGv&CYfYWy3O<>kW?<9mB)u8cRZ9fF1vgRhnl
zGum}Z_ZqM0xRdYpD-K7X3WxD%32#`i6B-Iw!I504uZg&M+ak^6bPTpPr*QoBb>r<9
zY$?Ar;j>#Uc+1TD{6*QO^!mk)aa>%J%XI1!mF)IO?X<$fZwD9$)>BcAL+QU;Je%`4
z5RN0Q<4pObark?j`vTC6pi2N~w<&=X1NY?i?Yxbv7Z&b|Q?zkQ^WPHV_xxyQFL(;g
zEB{&of+9=)5(*3tUXfHoo5JZY6lR(OPJPy1ia@b4Y2oVaa%@@Q&Rl_~i$hOw6mf#{
z_2<QbUg~eH!iy}i+0KLYzEsij{9N}+uWRs^OQ_FcOZa0{${ky>jm0GYD=Vh`ZlsAE
z*V{lrR1}-TRrLNP8F9bTlZjkv1vj;_wy)&wzs^eJfeLLgw>iUZp3&xVOzuxD4S{H&
zi_Pn>8h>~TqGDB{)Qs%_rBn}GFqihDY2Q*2jgqLg8G*^x^lMehxDyV?Jx_9gG)BQ~
z-Mo;41FPq1>?iDGT(S2=EQkQ#!DHW)nS2MgGvOQFa_Xk$k*v+tH^04D^Q`Aq2YdUU
z?4=eejJS&wok`7wM&gO!yrP%=n#Qep0Kdq$n}A2x4a!&UEqO=899%~ITEATyK9uQK
zDgcF7$6qJ^agBx+*2r{y?a-Y%xZDbTnL^WHSIVh8K0kU(f?EMT$qF**uFAXUMsCbB
z4t}6z#xBYv`!DYASG#{xPP0J-N@MC<G+?%Txv5lKR#dDJkbQxr(WYu}EaYf9wo77&
zU78buN8?VEWcR5ME5CW%8j0p|BD&2NWI7KI@5kGj+gw4)%%0gW)Q&!=#Cy%q$?`f)
zgQ$V`9=9IhH7s7tt!bGIE<|Qo8)0@c<AqUH>8%Ca`R}*Nw4P9&PA?>40NE4{)W@Ss
zs`x0mzV~fi>{c0X42bdsQ6yiM-(>+6K=w_mIb$tH2r`&3mpB!+g-}$Nvz)<fMo**X
z9ja_2VN*81P5Gt3jQsB{iRsXYi|(Y?2bqEYHkEPE>6grIrQU=&LIZ#1t{d0XZNT<B
z3)-+e5Y!C$*XdpUznIk&IJS!~e)6dU{~;mcIe7{NF*bnFe4apU>5O3S_<UpV6j)%(
z;z|U>YeZbtA9K-K;a_w_BYKxlgK#*AEKO@f5O_976G@O;25=v+gF`*=$bgsobl^mE
zYc<`~d!f8~u*E=ogC@RhO}4~$x?Ek<(0%22`~(Jw>Yj1!D>~~}^cm-`I(9k|-xoQq
zZECWv-^>dyn4pG`o@C$F3ubBQW7BDV(_+^D0VEZ5JLdeDOOg%vPX@?2;4+bJ>o+jV
z5CHziPH0mRdRaa<^7*5=)RIb#$vDbx<wQR_c<;bCcCmsJb;!MHZYikbQmoNn)5=6L
ziIdBLh42ZLTX(7M<Mbn}iv7W|-@*?1b*EKzs+NF)pNyq>t*&s}r*aC<;lOY$yKV-Z
zZU0cg#tk&R`VFyZxDKD$^?)k>e7km={|Z{WGX#pZHy{O0BcwZIiA&@auH3Gh{bNT%
zXjZOtp#K_MjF(y_o@oubX%eC5n(5RoHoDP49=v6M?hLX-ai+r7YU<<#V%XDMH}Rj;
zD#@5vRQQzFK&lxDm>mXhH<Plc|D!s@D_H6=Z>m{-E-BUtT{+CNDv;H8C&NF|6Y`bt
zKi1fo3rn@4J|&_2`XiwIyHq0tRSy?=yytUuStKjH$HkrDbj^Bc10;G?Dw?p^lv<0*
z_jNRQ<UF~~O<AFx45QaJ4-1lgxpeT&dQkJT2=5!Q_yH4^^(Vk0Kl_~7K`%&Y$8*$g
zHNu!4P`fmha@2Ufv`B9KMV*}gnDLwPNLD#NldkDDdU%lGofb%#)=-eqePFt_sr16%
z&?K2umo1mU`4}=!`My|yH&mR+G}5sXni;=kcQh8CtRclM43u~64JR2n+m<xry9Dd_
z_e}h5s&}F=ple}-V-vq$QysteO6oNf@8s&r*l|&z=%~BMDO0c0c(`w;F{$k|h5WK#
z$Gh`38|SH+?gGEGEv}$h_{@iD+!ZY8K75}dCM}v+OY9H6AbX(+TKw3Fjho`Ah=nn)
z?yRDD48#NJ*YzZURouVV(0eEFl!KQDj9&&Aflr50E9Wme!poRVdGdqb+lX6s*eB{8
zv19j8>S3<D`mkGYbku{yV;XVL9uxes!>GBpMxUfEl{GwVG@_$dWy*f|xEtNF<1tJ1
z3pYSxzuy%nkUeL-{!z_MrT5&@;@I-lRcwTwcJeZsgAn7-jOKbfRxt&PJD&hNWo3tp
zcur%I!w+P^u_Ly_kBqa7Ue9UXEv=6#zZ6oJZ)g!3U5h3jFep}(V(?WHZ(4^bwxD^6
z4=s|YJ6UZz^xM)(6Tp>LS#Z@FQ14VHTL9W3lCn*@-$S5D0L;{EPAb??rsN+^ma&ST
z<oHd;?&uD7deRP3!vD>a^HcBHLr|kBZWK^b4t#m=r7qs%-uzh(D53aTDPFT!GR1$>
zo+`_iT3J$SKCy+GGmeu!_~RuN@$>E>IuDDT|1sO>3{6oGeGb$!WBMxTp7+iA*AgwR
z?yhu$RuM@9GYvh}ejH`$^?~tfZRr1eP90P|sM9*)JtLa?SVR;)HexeEYM3#vy<|+J
zm0&yPp0*!;SYmO5i*$6S19b#^qLV<Df?ct}jEgi5WdcUz6Uz*-+iLmu8u`t<SX3oI
zB;&`P!z;PT2CzN1joDDmX>-`@zdEdQI|fM2<1J<)_3{cT=4Q83fnWV<wNtQQoe7q{
z>ET0w;cFZAnhB^*Mtf=kWwUgkMr-MZ7GC@dn2N9#?3+{u&%;6wb{msSQKaY^sONov
zLZ-Si3yquCJQ8MHj>IOn-e5;>M-t1|3K4Ein;UpN>TsHQDzIuN`!o`qSFku`8^$EO
zCETUPf2YSI$fr#!JHKxi=f>BMs6Je4?+CpFsxVSMT6yoX96tWZ@O9tEE|qvkw{<_~
z2$sGhydw(nN9c}D>ojW+>9i1}Quu$j#{ff2Kr^7R;6U`b2uS6BVORiyO?Q)PLg$sq
zq)F!3Udr_a67a%mgXp=?h$#2@%uEx;az0ck3TWTNciCX^eV=azPKQ-x$}fv$#6O=z
z1dG5wu~`70Q1?&c`n7Iz>UyX9wq4k<ej@<!L91=cBM)r!+K(JhU*h;1S{`xyMlII0
zDSG2AZQ_LM!1l5f*<`ADGEb{qV~e<5ZUBdlc1qsC_Or6DsH&hWijKF0q!j3edxjtd
z7ap{u;_KrH`&p+k`1)7OK!eXSxfU=8cb_bS7H`*+>UM@-<c$r82lnJ-*dnuw@JCJU
zo-;WP4^V+$A+#MDy39TJFHcKo(c)}m%W4j=XRA5=6$|f%BW$qJtB+bxUL!2uVUiJl
zed}bs0poY(=C?%7;!l^4wNf_P0Q(h<ECsa?O2j;!5H2;O5FQ5Y5w$r<{KhFzHVkm<
zu%v@~+?@}2L>iN}H$WZ-;35dFN+Fig`OB!TSpaNR2XhPR;MYf+kPZOAmdFbGr57Vv
zHfv<wHpVg~{2wYWPpgL}XoG1%E?IARPSZ>B8u?>nf+2?yu({srknMa7(u3*Lo?L@c
z?G(M#y6=>>vbVFHylQY^ffRo@MfFIIZiN<})l?@7|Nfma0Pe&mLxljNnNJPwU@2pB
zE)~5lT6gxs9g}i$7gv#|k_?<`Go4t*QCXw2&EJ--&_NzAwP78va)t4ZJ_F16KRCmZ
zx}nQwe?BKyuLC$sq}}Br`49Km`%hhj^S>OyK?=)&F;bKEx=eKbszJYTNrz>@!S9{w
zOGnOvB=9#bRr%_N*YLi9bBco9|Au}un0?|WhEAo<%=IPxHq2??Cd}x${gXUVc)Cl?
z5Q*i98j<Fg%iN&FznI+Tb2=}D6(IivruR1HPnw_7vw~Xr=V==^xJX__#=#$(jj0D}
zVQXuHao&QhCM%xMX^N|9Si;6z<YCO%e%Ukh)P)IJ2Z1iTV=5<NoYv!t97{SS9;fPi
z>T^<lNK{}@E8g39XWaW)m3QBRP%^qsEkrschGT`=v8MNU$lYRQyq|Ild*cXCar+Uq
zV|f!ot~Tq9m5VL-{B<Spyi)JNzGY-^)1*3NAHY!J1C<8Yi4mg~y7pZasyv}XOircH
zgBcg)Og&;L8wM~a-D^wn>gUw52JwqU`lR05lHm>CpGwxpZd)fc)fkW!)F2|!J?=sa
zf1cPhY+j2zEv4BWoK#`ov1=sbH!1_n0V}tTqd)t#9c}$05q?RXz3m9z`B`+%-u)~0
zkg#Pvkp5zlWf9N7k1zctgYL+u6nV>NWiyi=&BV)xP{dh#@$eP|MDVX<-!Nf1zW*tL
z_WDAG+yog7^Nu<3%eZ45B4=OkC*N8_FS-iefYQ$UJ=#%Pvmxv`dmT79p0T{%zkyFR
z*f)91$SN9Io#YT~ONNRkWE-<;SvqI9eeU5f`$co2T>=3t%B~2RAu68`3>yw@tAmgh
zgWLQnmUN`bqF3NHYf-0hUNx680p-@usO+KEeA;?HoRJXr%Oxw=n4jeY<xcl$O7?04
zCm5V5Xp#7xQ0{ovvZ0%8djra7m)<d9W2IJ~%{V&u#bd6|0mk(C{A-A9I5BK(8cDn?
zr?s9~(8?egIyg31@a=h-XoLfR4FU%m@Y8m99^kc%Ci!)_LMdtW8=lRoF-0jZnrY>O
zcEBBmams_ZB^@pm459iph(iEGNH)2Xy*`VwV;*&nP2ZJLeYk&r6Cg<8hUdC4)0p3l
zJ|AQ}u%O5z6dL25GHx-nUGDCIJG@ocs~5W70FQ)u*b!iKCzb#04)?#l5m+6EgAnPp
zPaFY+G-grre$C|#V$;7ukvsx_7+*l0TVt49@bnt~0TmL<X@*V!7W6Pje?H8od)4u*
zB2o;@l@2k`^J$9mG;zBsRV|-B+9wSNBkV#P3i|||U5rUhC$_4Q=WB4yyD`82Cw2Ce
z`*YAu`Bm<fn408_YOy)ahjSG$J#uw2wBVv8RB3m>|0r`o*Y{@gu0hERW+v=5HuM{{
z+sa$l;NA6rrE&s@Niok`7_sOF4gxo;Tmv(=6n^Yr-w>SDWpOvdWBPnUuk`^dh;K`&
zYl3@9^Ce-M)0ivUZ5Gu+kPmf+IQF|`{nlV6a*5^J5abv@82OcPqUBonaHFu*6ce;{
zkYiMYv3MV)@f=ZOnE6N+M7y=Iyw#JecGLT@8urY3rjRUl5`I8)tmdlEt|@jq_&s4b
zu0!j)UB;Cgs9@aP4j<I>^B3uoMVE;g^XqWA9hwt}>%A+uUF&0h*^G0eE;3V5{b5qj
zU|elZ4yim(<D-2IX<vsR9rl2B5c<zHUXR(goTf_rQ9<uYKL4$rbgN<DjnAp$F3X8~
z9WB$5b^l1(6}obZV?*g)#&vw`-slgufp+ZW-_SR7!j5B3Vn8ZAo#~;DHW`AqsQB~1
zwYi`1%|Z5K@zG}-kGDx`a=B~!6`<-_P7}6j=e%~wSd$A%dF$FGezkd_>8HP;8Yut1
zBrky~nT?kEs0L8%g*lfdsx|~q-pCp9IBv(<BkWjE?ggFsZj<SBjW@nzRyuD(6x*!(
zo&Dn)v<hq^2Y>BJk`}n>8XdF;<XsadI>gl16=Q?+GwwuLqzN8}meG@X)9A{P4#%OM
zLZ@YX>=b$~leb(ybvxw0>f=cR)u~&UM;xEZ8sEL3_?H1zi0gCkl+HFrt<II%;)I+}
z*!@Jo#G79*W*BoD<3!zfdzKnP1y*?Aw6!L?kH;FP!KdTaG|n_2iN&5|nEb=rWtA#!
z#w?;lR5M$q@XKDTf>sZHZU}2ci!Ud_1G~@R?!>lPCgDjd<oR$~2sx2jm26{fms9A8
zbPDNvz%Z#3C}1kpnHS`)Ef0<^79QAEhmhU4n?za04ef2+KoBRcjYlR;VB#J)h1oGg
z5nvy>yuyF2lLaf1jL55rSpPm<Y~c4765)D=T9-@ud4?L+jr-Zr_bnHbMfDq5%JUZq
zRh8rT=o+WVXH;mtd|c~#lhP;46X1dOIGj(1Cr1jPo>Ki!g2$F&2k5A$p0{=DcYYl#
zisD_^O}l^gjom5S``a3Wu=ugd_v-_Q|9gp-DOBe9XA2r}$y*D3s4gSXjA!##BuB1X
zusfpw-dbWDbqJh>uk56wLJq(_{0(%<`Z}$qv1o*&Vq}s73qAu*EM}3duT~q`?_vXY
z5GtVJCOnXN{rJwwM4&IJ;1kvsjaywgR<J&somDS{XC;PuT_*ZCWUyN`XEMkPZ&ktm
zuP9px9Wc~G&J053@IH$ju4sYGZei?4EGX(8Sy3{Y433>bEqg&p^qZrqp#G=M;bA&p
z?w+rX!zWwxpT6}npI%nwFePE%Sw_(7Grcvg0pI7z+{!U=dJna;j1%&5MQ4ryQgh8~
z3dlW6N7@v5%E})v*~|4;to&(py!Li^?{DpJ20Q5hXafUXrL7Nm+dX8GpT^_XBRQ76
z`yb}&FU54>7sn869Ms6O-i1zmNX8TeRB@lDDt@!qljbqCXmU&3lp5RE^CfUdH5uSA
ziaUr@o`vC^B@9F|j4X5%+}~=o0zC7}M*#fzHp;z!hv`lk4+JwVTL0@*{{Q?P3NuBa
zRXpn!T28ECJn*TrOn@7)pP#eQt;lY%d7*|{zDT)c#Qp}~1q5smntj1-h$AfjW(DwH
z-Yf+nRKAQ9IQY;@%8Bsas9^L=D%CGws!90Jj<FA&ZgohBsnPv8RcpG>vm(YcZbvE4
zjv$|u9#fQv1k`R06vmt(K!6ztL7yIQ);C$gZMfXKgH=;dcR~Nd#bdU<dCQqk&A9<+
z!R^*3#?vi3flkk)L~lP7T5%0)JZ_fJzh>%Is$IsQOG{}KoK2>p=K`Uz+o_o*sMeCY
z-KRk|ODltWs`wP?A&xdE=0Z;@UgZh~`ckXHjIVv=^tx?ARpIdR_>)>S?oMaMU?E!W
zaPLGronb#<w||dF@b(hnq!NB}tc~n*4X^+03rUW(HfW=@oYC8+5X0@w$5gzg0H=BV
zeY+8Q>kN;1NgZ{gYO%PN2GOcvPT|#Bs}Qvl8=li~TTPWz*c#iEFc+i{a!39w)t1>0
z@ksD9j`S%*>oDoVi9-!(U6)%R_u113ch8Y}d3l{#D1!o<KQ)gO+KgGpwSE$LvSDK$
zs>}AchWDG^R7^dC*Bj_v?@PS~T;)@z*WMjMr@q|a?!ZbJM4XOZUeF@sdQI&FtvQYW
zheNRVM{xQbi4Y6q)ZjECvakwX)v>08$5Y}S>HLyBJ5*+dZg*`QKi`n(_H;{*@rvIy
zyP|q!^?qUOk51yYj8VSSaF+|+*;X&D&$HNeTs|ik>eFQ^oV5^m!aD#^vZ@j-fFE2a
zm9^@<PwJ+Q-32bQJ=$?+=t4@K5ex?4?{}Qo-Gq_N4DI`c!l;jvO!Tx2s$%1(EIweI
zm(M-6>bkO>kk3=40gGyOtUR{LKAU5&I0k&lDgz-i-5HJ@e7~>EF=W3%ox$s!vwrl9
zy++747Y4B85wZ1=uzDl+)v-Hm_9tU8vbav-#p|;A4esGGrXT;>Xy9J+`MfJPEF(JE
z#R%5u`2EUXwfrBxZ$z7aMqua$P?KqoCd>{G?rv$UHqPs`4k~`hXr3?9VgVGeOPY~O
zB|JqwvGURam16yqGOK;d*o^+5muBWIa)V`H*TzJa8G}swt5haHMLFz%d-J>4XTO`K
zz1AY4^F?a?!vYD<kTidGs4*o|P^jS2OWh-vI5u^=g#x<|XoBO`1xpk9xej`~(1v_}
zUoQIdtp<LunqzynM!p~qOz&grGnq&U;>~`{;U6M4dPj7^8h+tKlAE-ANv(ZJ^kAXt
z&hBK-(K=*x3)R6Sem??bc-}(|Zhu2&)0Am;;W(db8g$TXEiXatgatjCAd^2(V{dgD
zFTB$AYp>$}0Q${t{y|QjX(iM5JKd#ioop!Jy`qt6w<Y7EHOd`%kBv)A(kqg<V9>8U
z(7~X+6Z-Q~b-bR(#)w=xYVDnV^Rc+i2qY$+4=1+$IH^Y$2f3BXb}b;m@Az)RlI>Fl
zFxF6u*>@QmH+QP;)?3ndIM79lRy%@s$w=beSb3G|B>>xov5cq+rlZ0xyis0guc0F@
zI)#rebTf0md{LS-?KFH(1M!<3!O<<*vl5Mv_PHTEP$u7U%u=cgg3C0(ttVPr?veN^
zM4q=RPZ+ea3IZLOMs*e7b3LU(*1y&%3N1lPxBbASoU=tB=#`VyX`R-M5AU_`FRXwD
z*GI@<!paFrsm6VAv<~CfPy;7qv$`V@tO1!>20L;=ZO}2}y*DT9uJkXL(F3n)eb!sC
z`dyqyG~h0JfHW10u)#rz8>mEqNC5=rNhVUT{Vid>S%SiiXZ412#ejDOB1Zq_;Y#UA
z{P?BltIV|63N7&9GiD(v2!Ub-v02|HGiTN>eQef<&cAc?`QAjn!r-r(L2gw0$=UP2
z(D8LZfe&M|0D}MzImKxZHyN+IobJ{7PKAg`p9~`aBg|46>-g2&cBiQw-OQvB%NZQk
z7-j#;C<TGfvXKL%cIkEsBpON8f4uTwVnRrK+vzB<g}K7taL`q&drTt$(_Oe@SNSe7
zc>53B9CJ{yqOQItJ@52X>Y*>+?=W4sz*z)0364l4Y|vp49G!FX9Uy6^Ghl!VFOoug
zr#>_bP-j%?Q--7oV?vn$2KR3!$u-7%z{U}D&6k3H*-eId*Wn)%q~nvB{8>29P)^(7
zL2QgOZ17J$RP_yuwAr|Qucde_#ik=R70W+t&{SSmuJ6`P&ze~;<Q-m@>+83TIY4XN
z+MU?gS<AYZlpW<9bpmYe{#0={t`zY4SK*)sW`~&>=53&j5jobQ-DRaz><kiq=VxGE
zp90|Ii3gbAllAC{1rxK&E1HQT`PN1v^=Fr_6XJhdt;!CK<#3VzVwk^wV%V;MFP}!m
zD2ag{2A|Y-gc722%*i%vzBXL$ET1=YmZ<?g+br7g5aXYfh`&5pBAI?_2<d&>Qt(rK
zu|W`J*``H$Tdloc%`zq?0gbY+k@g$RRXx;dicZ}zp{;GyX3{a#GMWEbY_QxIWig$&
z2Kg@=#zFN*<g&OoT!!j(kY>m5Zij*T=Bhzr>BN)Ta=I-Q2BR!f28s|=4S^?XnAX`i
z!5cyaZ`#{HX3X!mWfxo*V|6)U*_CHGfvU-h_s#ph?o&cO__+skD)-ZSPpwINAWuts
zRAJ};=H!W%)1OapKh)T7pYrgLMtl2xRAy}%6!Ew;Q|9A2y{5UBVsAEtkC+f)F-T|g
zgEnqZ)BSdWTE0f!&|vrSvt($FwSdWrG7fz~?R>TvwuKfi0{}0So5Qcq#<{ZP1}GNb
z+^WIv@5r-_CiMuNJUP-r2(<nFY;}25tZl?DBd<H0hxV4)eF6;bbE(z=PWSh@ImG_6
zF=Wu!V<pLks4G7ikl@i<SXEvlcE5GjS70NP3dB}Xf}SSVi^fvchwn(o1zsJ`Vi(1Y
zY>v<GUq|g+#s>JDNAc-*-l;fSrx7yU%&Il6#XOcd)+r<ACc@XKS*<ZZa8t}HQ`JSO
zEYhwTH7$;}_zUK|GpDR`Vwa0AGFUL1tzolP0G9ibF6%nwOMwO1oMah>4AA0zy7Utf
zQzBgAUJ35JbJ->1l@)&$cMAEH(CG!FZ)b)?^SG@X>@Oc%2DntF@wI>z6|(E+Al_Ch
zdbS06*ygAmc1~;$Iql@cer-9Xix%HOChg^J>$vFc(sHVzn($fqK`-yeMOKNRrb_g3
zueU*lgbGK{!_SHFchT%a%96+}7<yif1pUsY4B4KEx67!Yo69HI%%?vjVyZMJ^e|^l
zG4(fK%x8S~=37US=kPNj9%(VemNdO4L89RNX619z(B)yfq@o_$gHf9PhN9&G_nJ+=
zn1}$MA-Z^AaZpDuZ-`<8hCO!fTb;ul4UkA1D(6Dnh-pr2u3U6%nQ2?FRUap<lzH4w
zbXiPCR92=p=Ce5viYW#{Z2d(N%VvX+pJYA@o%}Y8#<22L0M6u_jd`Y@BH*0uyv?>4
zKx((}8`?oRtnsm{?~pLky6J(<YYAkQ?Q|I8AUV`F)D#+lU}MoY+^}Iwm}xKQ$VL6F
zvJ+g~F+(`Vj0s*=>Qhte{$!rgQNB;XhgzD#93y-|k@7h193H##ca!=B<wZ}`h0SR2
zJ5ElC`}2-fRr2|Cr4JQ$q1hogI+td<I01EnFeXnOqL)^-OnI8A-JuIODI^4-qDqJl
zm&x=<!@n2l5qCA?5t8hoboKo<_5d}69{Zdb|JB_jq@HsSd$SKj8v^cArAaFMlWg;U
z=M#LQ5&+ssGadqi%_b1P3N@xnRd(JAc>OEtL2h||Eh5T=0gADX4j?q5AjBo)p^~!<
zE>dt&pU&>!F^yE3EE_%Q(0+IjZ2ITw7I<*vGy>U$fV=D10et3QRg~>zg*_>CoaX6e
zmvv`f13tB@IQ{sSMXDobr~j6BuJXI=rtBp(!b8o2#|-IQKUr*{OA##G4)w1EY_A(D
zw3MmofqvM1KKq{G?X`$672xq(W~ybE)0rKs37IFaVm}O02Q?$*8a(7DB12T4UBD|#
z0!1qua^?2zlr5O5<;9uZpK7tfBhKQy6k@x{R1%QGUXZ!x+ugjiI&mK19tpTq0jOy5
zHZF%Rfx-_t%a;X0BL-<b;6cXi`ImyQyz1CsnKYx08LWd4adTt&;^B63jtY{Rifm4g
ze<-(oCX2%<jk)(-%9Dp8UBk?TR?oMlG6W|$@QsW%UfnE-FKW@J+~nipMAXIpKBCNO
z6&$d*En-q@-DOgZQ0K5j=5W14#D2vSR@;OJtQzIqwcaWBT%eQfTwS22a_%B&_o`sA
z-(;;D*cx!qh|jc|Q-E&$Ax0^lQB1cpY-&Y1AK8-ih$^LSOrHN-2Q81!7ut)4`5e&0
z(K__Q$g|0w0Zc#9)H(?@&qD^-GLcBSZ*uw36->kpa=&O^PQE=<p@&WvvTU3!TTa)0
zJY_eH2d>r6&ump>TbPqt->)NEP~MqNP~FUS)+!Gi{Mk~p@YG?vb@u`*Pq2WiejRU&
zl(QqZ<ATARY=Gs6V}QT1jhemWaixd<Z>u>RM53I~((BWoYndA?oC(XFoOZO0z2#_u
z9c~6*OcOK3t{v7)(C?TupHWio;v-)M;qA$<wO=}2YwSk1g~P?T`=SsN7(cBhV<oT-
z1$#Z5m@Ro(fD$L(@F~HLVgtMtiz+;@q;H)BTb-Z_+S?urU}iEqpSJ<?ScH2h?s1Cs
zxwug?eK(+2pWBXz-V#IlhBB1sh0g!<T`F?^Hzp3owaJ6%#9Q_BGy*hz^Egm){Fe^v
zXRo2M4~kIl>aw8nc8(kDd;S><ePfVp@Lcdx2OKH<Ea;XgNX6@I>C0=9Wr^AO-3QvC
zjXl(YDA-f!2#UO)%a{cb4W5C2Xr;Xm$snwHYZ)2yAvp|0BpA)ORqAGxF$L)fclicN
z2})f%?~1$Knmh*HBUx>9_dPxu;Sc?JMtIl9W28jb<g(&$8y|-+Cnv`(!>6pJ;qxuf
z`b_XGnhUvAW*3&+QzXL8#JGGCe-(gFa;mxyOsrz-cP(S6U(1}5!w2fAid2+nyU#DT
z5}Q8XO%dmh)GSWuA0#}WM0=6Q;Y{d`6Y~5WAJfmV?+xIbf9L3P?HTx10R%$6I_bbz
zZDj8q$8<GVz@z3EVIUK`apnX@6X#}5$!xj8Sm=<=t-=*dVsV{p*6Z~okFv~IQz{64
zK746%Qc6uZd|_wC=o|=IJ;q1noV1|KA^3k7dlRT8vUc6Ss!~ackU#|!CK)Obw1|L!
z&;kuw35g;&R4{Qy5m6CsS`-!3)=DwOI052>QxQR9oKagvZ5tH@+5r%>+fQvp+m3YW
zhl;k+YX7(WegC`ex#!$-?p{j<*MbC$d++yspXc|irJeCdu%j{Hfv>C+$2Onb39oi=
zg?-I--j^F9onqoOPG;9Ji6?wwxNsmM&f;_jhU@iJfbhP)(z?Gw;9@q)z0Dpf=apo?
zRa$sB1*FYd0Og$2k}&VS%v-S2==5wBIz#=`246fSf=Qd#6^@XWl5l+}7rBXwIbu+$
z(cfU?t9gsmX}V_S>Ph5UqhfaD?((2uhv4AN1|)Gd!%$1<KnJ6K!iwHocfZnl=e458
zUg|KalTQygRf6)gE{TCZ>g7{FFazjj*C44DVWjg#OiKOp3G>jU3+NSv&lb+0YWX`$
zfdKx$T3(ckZBrqyo<B30*sRxdnR6r6iIS%*KD95m_6aikkv#EDv=z&$N59rD=DnAp
zG%=a}o4Kz3ufE;?|9AgNAClFg+{h;;(uD@<ds|cmu6Nkn0Y`~TZBdzk!X8HGSQ2M-
z7Ux_y12zZX!dM`J|M%KNRTH*;0*YZT{_DCA=)-_Z&*0-{Y4G7x8r#sKiL~>n-D7`e
zXN_o0JQjXLo?iFxhSS5kmx~T>J@aN*&-mk$=hi4%H{mN<(9@&^_XI6C0dIg>r-y!_
z(`Q;Sc3WqoWH1&GxyUdn1EV5(DCK4)?(-$Uw`P*I!|!7iqqaeDYq-(0vJqrV@bfy&
zsB35YV%;ZFu>=!d=abZCf=eyhhD`fbE9@9b4(zS;><|O$=IlXPs)5H|>77apK3v$z
z`NeCO(-KcTKN3~HvwJ1WF?W80(KM>mwd1gD(5tOv;W<K>XNOkL-NVJ4)Hvg2=<80?
zY^={e;&F+mLc9aEjhBv|in^<JWttP3th}4?G_*@)f#=ewlW5JF%Eek+Kn}<U@~lwX
znYnSz&i$9E+$MJ^U)I9acJcDPm9~PP?pZg!8K=`vTT#j@&+CAqr5PfCFu80zT;!*0
zl)DbECXU|w<vq7<{Kp7uV~@k^_o78bI}51BSZTI%u6ELk$3PI1dfg(rysRXK_Fe7L
zRg_;@;q2}(pY)MKS9Fo%_-_Wk0gbOr^Px`<YznDrjbab$oG^HSb->({n<8i4k5n`}
zUtG`pe5aIhaen!=%xQrH<;2s1v*;G_8uvrXR3RhE&5=6Nq|5@hxGR4csK=G4_aZ9m
z-d<-HTU9-8lHM&5puRe&EjfcR@zo-^J9f~ii}Q6VOlW#xXX0|HQa^`^c*F}5FRK!T
z`-#>JsPT5l0Bb?<VYd|u9_#uO&1-9f>sLKt+je1u=Up@0SP0}0R7A8My1beMnmJB8
zc@gc|ge0{~4~j|gqk~50d5dMUT~tv3j~@b`pyIrmbSC~@vnh0hD8TLYpg<kAOI38Q
z3HV>VIRXEgtxwNRU(|25!*;!cKeYd+&w_%gc_e|Dq41TvJ7g|b8jE&0q*>^=F%h)J
z^TI38f?U6p0--^$-86ynPr_!p53!TlrKyzS$4T(&HQN;&`y^bZ_Ifv@*IGWwk!6~e
z>G1;5U{}u^WLYP|sOH^0LAm6s`Yrn=a=%YSO5!p%8xGAv7v3<HmPG0b`uf$8=mJZg
zs^7-HppJb8IE@=p2`!Te^C>*9Py~Rg<5ug2zko}}J;}m}1_w)byWyw~4}9Ow6<7Ww
z9}7mn%IK1GYw@Ud&Tw^rns=@VFfa3lC9wdpjz79D3r+rjn}1hEQG*9;(c)*<9<&yH
zN-_l`{sKfrf~oEGF_rga@~3A11I0jqFB86~z^LtHze@%VZvgqP&-Zw1u*`n~z(8pK
zPh_A%76)>;BVt@gMTG0K3g?Egz<=)9t<Ii=qA}<#9TW$H1dY`nONSmz&Ql2v#}J9@
zT|4At^v`yuvKV1z*c$N;OKqWetX6_cMz~h;zDVI>-rG@xNMhZxn8gQ^(o7~{XyzXG
zd0h0INNPcAhLZxJ=Ghec0*p&%W>D50NlK4y6*=mRwQ9glAe;Wfz|SLL7}Ec4LdVl%
zI~#*mwy<<luDI}GuqH8m;42`hy!4*fl4B+P&uoJX*EkUf(DjJYu!RtdvDO32CV!B+
zjft>SpPOgU4o>Qj58b@1(A{TP6r%2~K(5$4B&5e6gWD;pJVqmWhy!kBUvF#m1vy-`
za})kCxUs5tqLHV3)Uu`wVy%?Bs_2~!69ipHQqiyU6ytN%!cVB=7H&sjsr~=n<xwEC
z4rw+W%LPA128!)7;EXy~xN8X2S|P3R0B03R+;(u<pg>rr*8e}K=}C?P*Y64^>Zz#-
zpnI*xbrr%lVO55Z25MfRsD!Ga{Tzc(fiLZa7@QnTqS~uvd^ZqhBA+AXGK8SH<Mnw0
z3!}gXNGni2;M4rQJU(-OK@WybtOMNNM$eP@p18nq8_Kb%y2@s!H9i-f9GoyerwTN6
z?*6#&%Lm4TkyBlWi^}q;Q<cGS<1BFR4lbfUljQv2I}%=J#EUCrU+yHCFDLzuC%Iaj
zLubnoDD(r%7xCcRH1>r$^;a&jKnT;bqb!^-kpF4yJZ^1Af?=4BiV=Qm=kqG4l%wos
zBvu7UC762!4@N%VN)vSadaIyZKjD2Warw&h6zlQtinIxokhNFGxa4!t%qiABQ?`zl
zb;SbE9T1k;#bX0_M?fL)S^>6@s@<s5suU4=vQ>IcKPt~(p2U?6sWpoyhFiUbbJVkH
zP?S~$x!1uj=J=8PDu-DeM^7pEaM%?1VDl4G$|Wrnzrbvbu@e<Cq@j**xvl(Q6og>p
zS}<6E;*Tt)L1ghUgY(&+5S3m~rJF#!Bulb);<rjHXq=HJ4ap$Ar*PDYbwRJyU&ZPB
zeCy?~cQI3@?8+=Gb=A=0bP(8nUmAvD1N|$Bh97*rkXl^q9#2mj)`Yu0I&6c6UFUiH
z_R7FPA9nKLiy$>*m0VZulUISaWwOU=)=32b%b_R}fC!mo=ioqI$Gt0W$bmz(QF@#=
z_h_#19iN8qA8*?R&RPtOLUHB>dtEr14t7a3@@!pib0xk8TC)EYmF~+jcQ+rMr2(#@
zdv;J0Ponn?B!-m8U@*~-C#3>jzXcC62RthqPklw&(Q<g0)$|X=4}EP}XVS85k;M+S
z6sR^!!7%Jg6T)1y3IYmJ4IbV{k2F?|giaXN87cZ^|D-+9MbcTtr_`7@VRYH>e$TcO
zp1itjP=qCYkRflh@ru3kjruisTCBG?Ib72=h6jRDK%P?gN((Hx)r1b-I5pSK8`ijx
zidqe(WYEO+i{6`;i<HG1b&$E|w%xR}9fsB7wo@4?>Sv_Spj^T2Z)ZWsC<B-Bior!v
zGM`JvSE-G`5h7SJJ(4<26e16=OH&33Y~r^SPLX@Kk&+CzFBdnjwd{Mg7!UTWmj3$C
zqLTm?0}v-Y@h^SChVj?Uw+PbSQdRAhHVB{iS`7_w8}!P+TRYRP5<aiM((bijk;mSX
z3W!zFldqOU;v2KpNfUm2F^UU!@oGn&Pe+vrr#BnCD~a@fdXsvFvB8^MhpKga&paZ0
zcIPX*aLR{@aa$6pA;KPdcutfR3Vg2z^7F`T?cBy|%60dzIXFoDkn#V+px&o{Xj=2O
z^eeh%GBhT<Lo_)Hm{V<gmV%U;%o%zua?PoCWoDU6=#(qXq1EM|G|jfGE}n3uUnZ|>
zRfiN>qn@DV=^Y%hJo%gPlq8Et0lMEXMd7eY`{2$iz%ek%!MT^%gGUwA;^4n(1poUl
zUem*&lck{}?feJLBHr1NQEJqq>X=c_6eI@<#B_g3H$oX_5J;}RHDJLaCiNXbL~>i!
z16<G)gT7$LsD)}Mqyec~&9KYNv8}SR77I5jzlUn)q%O=A+kkrAbXMW|)I{Ga9l112
zpXA<lu0{1Jo5QnQS)SpY$~D%8GncG9jZ+41xZE&BU}XUluEOnTFhi}&W*S=Q96N6m
zG1EZ$o**UbMhC*{+VMUJs3=obW$5x|YH?!K<yS9tA(sg`;tLmCgnD<PpHfV#7v8N(
zDgoHDej{@QO56VaX1NQa)yZ60ZW<0G?lR~27H{C39)!UTHX=xQO3m}mrNs9TQBV|>
zxd?2z+`sSA|K~d((#a6Amn^Dp)a|n3B`R|o;r|D50@#YL%RX0!Z=YHcn>Ilo!Dbud
z9+@=GTN9$f{TpEXA;a2~|L(s3x9`wac_825MS+;P)WbG`qM5nuL3yL_6<bK914cFh
zSGbDdJk<C^2h*rDHSsIlhGy~+^WUv~lp|uDg4v(YT9go|6DA=oCi3&a;11%U`GHWP
z0UYZ9CTvs8*O0e{jqTCSD$v>g%?&;~W8$9Bb5jp+#MM`-qbK_e3zUxb)#rk{Tk1u4
z<%{3CwNs8!a!PK1BP4j@Zw6VrV^SSa0nArN(>rl*ACOk{Vg}TD1c-n$*<a{U>x_xg
zE{qKPF~t_JG<-jGq8sygaqNyo^knFsPA2*d<)gBRa<qZglj@PdCQME>dRsnhQfz6D
zI8(RU{R2+U0|6xZ5$&DD7KJj@gvOj|pwkmlWuTq!;Zy1prfl@?b6ua^Sz>VUu)_=S
zh~-LM$j>(%{HBMd_#4Z<v+>T>1(8VS^3wz~xm?jgk3?lu7On>s&|SO4wVInIb<XF;
ze`Oba_0*Ku*2ph|8}#ac(<CC!RcBy8Mu#{JUTjncHxom*s=unIi*vk*<C0`+0BvZM
zt#Ym8-+KdOIe!vIMM~&}<wVm(CFH;QfYnsL!Nr?9efE@oRtgh6XS>ZME7m^f5{u%E
zg-3zh$)28Pb!~gb{n9dYq0}k*ro*~^a;&}2uzz-%Z#CX-=0#h&scjtwy`mHvu&D(K
zzD><(XckSwsxLH2CA;kPQ`_~F`|ajJbxSfy3avKh3)7O|=lywoRV4alN~5P^PNht;
zEER9~Grh{aIHMaAe#_+KQr&|y#xcEls>11$)RW%dPZ+Du_UBV)zq{Z7<owj{GW)UC
zLj78MkYMX=pigS10?xi8(xIA-qC`nMH~7JP+i`tQA@cp0!{$Tbt620b7pBgfQmz~w
zN{7C=Rmt1^i^M=jf2sqO6*4db%al>v8o+=g>=GY?+x3SwL$TF)N&{%WC3tt}RsNs7
zxhbZoE~ftOT`p2W55@ZRfrvi+25!}9paNZ3&<`N1$ARAO`~}(3jy!b)3>N)l#12;m
zVc{zQ4Qfy?<}qUo7J%_(-Y4*SL^o<hJ2a@%mh;^?9QXEo4dN-9MSnr<q(b_XNocF+
z*7aX(@G1SLay<t$t@qKYTT+7{VDuO>I=2<tIE5<|LMaY=!@b)M#SuRhHr2zYm-AS(
zx+V#Y-j<({a^V0mQVmg=^SY^Bw{@D4SL?cX#~zYQLQ`BS1h?7HIKpqfqn}{?TFb$?
z-P#fT=Uvx<4c&8n>?;~-HtnPza-&16yfItU<!{b!GS&zK;jKHfdjY<jcgY}q+{p}2
zU>>sbHa4rydVoq9Y8%*~8-A4f3Lnn0XLx{_7tz<MdI{Vp3C?=>K`d9X`<Alkw?pkn
zV_?gm23hdJVF6I~e4x-gwwUKJd#HzIlM6w7$vf2ITiw1wsy8EP=Lq)<-XR;KUYU5z
zDL<+fH9k`N%|4}0o703M_0R&Hs<Q_x^wP=PZjr98Gx%~MvFuNf-nP3hQM8k<ati1&
zrktdGmM#_LP|(`5nXKS^mg5Be>-3+{*{F-z^ZPlP4bRkA&r997;k9N^DkNcf6AURu
z_aT=<B)U}rH;gs77(WL-qZL?~3B*0Muo}LY@Fo`OoGxhbj%H|?p+g?}xE|T2!voy+
z5KxC5qIvl3Rz2@jUt4hLiZd!C=sHzNl-y*=)OxMr<8X2r$-Pra9%m=<$5x`}XF+Z+
zfB{|2{|id7>~_K6KZl=EuP6nP*~8Wl$wVK!$ybiT8k5*G3%VKUcCK}Jt}sfD`Ew>{
z6u03~uE$3@hV1iiapT|D>;LekMF*V?t9h^5FX_&ZR~=+BnW@EUr<WR(mt2c3jV0%*
zltXQM#>$}I-;f?^UTu(;dZ{zw1{o^l|L2wu=<}3m)&J`Okj9!)gx@0UB_#NWTB|AB
z)~_7*yJ&%z6}pfiEh9Sk7#IM5o6D<*Y+^bP@uHIYao{|ID6&rn@Pz?ZJnEF;)(GVO
z-bqf_z{1Z`9TbIA0Q~H4ZoJ$%;%^jjAuq8OI2R=TGDB2sU(WQiMYrUV?hX)WUOwxy
z!tIzrH`i*b`Y=mm)dccR*b6)433UXMe-U*$-x8B@kn!BSg@V4(n1$2KvIaV2a-m?6
zUuICBu0s=5g&Vu62zng9nL4;Gi%Ia~qq{EDI&Z)o6_Rle?QB`{Ui9rn#i%@)$GbX^
zXK>I@j}x^s_BKj8_!(3_NZgsCA`f)2(N!A?IKg>-KC#NPoc*B>H48n_Vh`bxU@jL4
z=-X=HMd{`1dI^xpLA_Ws4GU(?k)vtekGep}xXzmne`gep$V!8s87459(VYGm>0Y5;
z^SwnC;_PREv#T~CH+s2KU*ED4OTUsDglH<56BknPV#vN%`FOwP#MN&N6cAxN{!=CK
z$u!q${bdM0o4L}SM+Hpp8AqA!yJh!KRcdNbqta#gsH{(k#N!mpp=Hi0rqr{|PCgJ>
znPm&8$d7vH_?JHe6`(d(J3jBDhHrAG;;WBE+66=@5{N~0lhq!?C)RqbH%YlJ)SQly
z<JzvpFl@miJLF9pxP(4APC8<81I{maM&b#n^qe@E?2jP>j5z+dQ21JJU_{#S;rC|$
zZo@({g6cmeBHvXi2afHsN!3ZjmgT94E-ToiJfBaDFCGo%r9D?!NFv;A(9N^lr$a*X
zT@q!7N@)@wtxIzL+PJ0^A9FXt`{2TJO7XnWG1hAQX@#1adGVk2D(cE6hiUS7hWIY;
zC;V*Bj0TE`UZyIf&fk(}`#G4UzZ#rRf%|gF*LzLqj1Oz?^XIJ1N?9{ZzbjEZ(Hi)5
ztIU?uzKaaO+HC!%_X(uDJ>8$$!hBvB<h8u*t%l)lx`aaG%ztqENwL=pR_d~{8u96~
zE|@I~v100_YESAAqfU-~PppOe9}xu+-)(+HLA<*e4(5ie&#mM_S)%I{ATi`$WMKYk
zq=%C4`UVF|%x>MtlPy@k258CcJz&<rdWV1As&*YV!B;wb%N6*{5UON3fh|3$F-@EB
z#Kx}8f5%PiE0@jB@0@$kUU=68wbcUp**<N80&;j^MY}ST#mAnSh?msqyyYZOy%6J;
zyqREux6E@?B=kGDkP4Z?jh}Dv<=g4uS(`hkw6Syd@wIar>gp^9Rm`+El%mYde}a{4
z11eqWtR)pGI-%wbsU$OdwBpePF*>oghM3k9t6V?mI$W^p$5v>AGjP{1zb8TNmvcH~
z;T7$z8p!KCSCWc*o}~?7^qaMDM52AfVm-cjzYZP$mWD!-?22^123e*B#eWzZ#^ty)
zAYf*HpeljBeHgSr3N9I`xxbPTcm1Z3_FwD1!}=t143Gbg6F#4}X0Hg1h42QnI2Z)y
z>5^SwRLP4VlNatYC|qAA2CQGEEK4zcf4fU4!xlF3SWE%Aj^)dp@h*$krO`K|&^eM^
z>Bsns6*||gb~uun`;?_$w#xFqW}!Lnh|wxKy7DFMJyl;xdwUY=`b@DFdZTWW)=szb
zq8H1>Y@D3;70DgxC0BdsQiT1ro&|prTV^I`_4keg?qw}&d8JjzabY={VwOK;R)DbR
zK6Xq)Qnp&`$)Y;Ak1y{1(U*w(KqG8;dPl9@{Qz)qOtA0W?*lTes_s(-fIZDeqtfjF
zRMqGfbH5#VM2Fm$sf4dA+|>IJVY+a~AT>2KNR74?bbuOU0o-6lSO6-=ruMW6ER5BZ
zAuL21;WGpyqxHzOEEB+Wdpt4CJxK@u->L+{?4k2%u}X4U$eO#&1;w4rodGO11A(`<
zLPy_|9NanCw))B)eyaXyCOv$iP9|uTxiAjQg|&hi^Z%4GVp#~_32`l;ioj+;+nbc4
zs_Rr5NV-4QqLqP2beXdX*MI?Vqdy<DqOm-JIBLS&!4dI!)jEkSaj{Bnk(x(T{p<8W
z955<VkB~WQK$4-FhJ9KzY7C!PY2B-F&Lg#g$-M{U|8URyA~pKV?FJ{=z)?}=+1Wa`
z10EmsQms2yg7OV=?Sz^2VE3hy>VE<Lj413t7jAaq*YP#WXWQ@`DgxDrM(oYEo5WWe
zWT9xT7IKvhb1=P5(hlgyjA%|Y@*#V_1%|fR3Gc27#FG$u?xgjEKL|6stqz!ZSrv4<
z3%)bSFiBPiW^nk#Lmkew#0^|rtj-WRSTPm;u$ak!uXGjkj*L3axmM$*8zNC&D(2;v
zIgl=-nn1^FqL;gN%+O5ka*I(iWmtn$gCU|jc`7r>9(Ss%%6^D@p5wfSOwdlTiERhX
zTb93kXgLmgFGh&>+bas@^de4J5oBJVe!AMAZ-&6D7iRidlshA8CKBtuMr9x9NV#GB
zE|n6WmSry%|HPNi&$mjtLims{IFku%V_X9Hr)2QUP4w{|+UrLL`x2AhyV}!bf;L33
z#}p^EF^SaNuW+w53cLTAN~w7A75acV^wM~zBG_%Twn%MiSmzw1pHh&{`0g0@)Rqi7
z+(TzuEO*W@W(qv~#-0Z&TD+$>NdiVY%&8!Dgd3bo`FGG8r`Y<<)b}{pW8z4I*M=_h
zK;DgeQl~jG^~kw$bv$vAC-`b;X3*uvm1Jf^hhYA$JKDgz4v9BklG4kW@qCr!PNgW<
z!IizCSHCn&-By3<MWH09fj*F<m$9!hxaq46k`<-XpIpCGPQa)GZyD0Y!282rQJ!Zz
z_uG8d$x?3IVBellRr=SgGvK%CO4#%R$72=$2>H6)8}D95j9*M~U!{SUNgf}z5*56M
zq^Y#cMqP>rO|x1|SD`;YHJG_Zk6a2^L}vtT(&0H*pP2T`)m~TD0vqR^3fYC+2lz<f
zpjgZ_3J!iXCUZaEy4c`(N7ZFOlt)d1Emm0kX?i5`2=!TJT{|=ra>EXA1?%RUu6lMZ
zR*(H~rb2pfXtn<E934*bTQ$xF8PdH;7`0HB^}=#6)nYbvsj@8-Ju>=yQkh+sgyb62
zM&!`0i;$Nog-Jq89!gX|@u?)oL_d#c>#{e&cvhdqD2TnDyCReIK30crNn@i{S1UKI
z3)D~aUt<m2shbw14T_J$HHu4h<ZHn9M4KmPs;LF_HVd4#j0m@yHv!~%fc|ih76*w_
znRQMNZQo4%Z83VV0#mejy>FEjZ}7!6zekfnv$6ihg+N+(^r?RM#shV*-{IgJ%!7Tt
zGF;!#I`Z<yeGO2$Fa&Qwc&P~2MKTSifwXyOrudDu!W+Z-Zy{@vU2k#8CtDKpYRZyN
zPJ(OJRoeoiD@3~kL|pn6^9kEx^!TpCkiJ^4^lN$cYM*?Y7w^qvQ;I@-9VEoC-ewue
z|8pm@{Lj&NFM;1ts}E}|e5(nSXaxb|PwHv<w=tHYga_s-bfy3wW&JJ*A0#Tv@TfJf
zh36?ZUgwqbKeV7PRnRsnonaPJp)X8Htw^I_J(EBb9-nK_uZ_Z6ZfDVnOIspf_BLR^
zCDkc09lD-`!V1Vf{{a2ua67AA<E=U{V5=VasN%MHM;t)DKiy?osp0`wEzqli+qC-9
z8w@E_)|7$>BphTK+JZ3tPZwd9qhA}M3DgOweq>H`C<p+w3VB*VE0hIrIREQj{vSSo
z<R}LJV6WM2hli+@wxHXM{C3_xV`5Rg8<TdFBIM|*aXm(Z(QIXtb1(upYcwSIy_W`q
z<Wwz)6qNpl@AhAO!s`V2)iNMU1tcoClm}Q%`B*`wDcID2sKB3Qp<GuW5(c;op`!_+
z#KLO^vL06RS=;k@u?uQRsT_Tri+kl7v5H#Jzh=tnTv!W_P|tTLiYP9X@A5jSiU#|w
z=avfkq^+@k01L86I)6?)81by(Mx9})C?u@abmgG=*lKU$oMhA<#gRzStOmUfxE#3Y
z3H8vW?tNP5UMaWGvje^tLmltn2S2Ex)9%rp#!Z5wb_gV*x<6r$aW$#v48U%QmaMBI
zYMxo4A#HLh>|;K0u-?Kyfr(92r%iC!NF6IsWgY_R%9;&PX}eMRi3`{9v@u2ev)+WL
zqeTdiP0vRO({F!a@NCSMWC-F92D8z#yKL34N_pap9rlw`bLUmaOBMk>WmGKz;SPAi
z{-2;Pxf7_t4heHb2`LV-Cs5f*L<P|gIo`7wZ$$QiG$%v6EXuO3bhf1pSe0g6mx)Ja
zZK6GIqLJdMhKU{O9Q>c6inPmpInJ=ksubnSN_gi;t&o+J@%jA{L{%GiX;!qDsSQ1L
zRjE^YfK`0uLKkZq45JWp(F6&Cv+!HEe`kdq#G)a-xZ-M{F7uJW?cU>ZQ9?;rG-nM;
z)tJM=K4AlKUUI%l;TA~_gz~JiINW<?1Ap#JjSW6*4pp4NwEGlEUF^|MhWAQwTQna&
zAN-ZdByHdm+iveb_};@NbDp!0RBFdVuMM7KifMkoa-Q_ob&xJ`I4WUO=Ecy}6QqL{
z7J=z32o1eg3WfA`Q-iN@hZMhs;laZuPyx)Z6-u%Hn+yi>@wVIFUcKR{6xL)jEv^Q^
zwsTxm{gbT)WkamwM33_;M^^b^ZZREjO_}T)Ff1+`BE`^&uc@!%I^;hzNTFLbEuLQA
z+2FG~Qu)w10(x@(7v70u@&Vc?&%wX>2ZBpGoyt##0vejr@JZhn%(L|i-)*n!Hh5kA
zx{@vH1Ma*}5bozIdu<XcQNI`H6GL(Z(26p#?bq@(c>SwfS(7>%cw;pD?Bp{#r+(y1
zYW9)xV%Bq&-MXZG;zjRaHGcs>r`K96LA^GtYqbrH-cTOOMElNd;JrIdnb5rZ>Ms|U
zv>H3U*55HAUq7^?(QS=;;5E(VSVDN@N5G^y9iv&dw6kLPfHsTTB}Pc=S0f?5`Y5l$
z2?nELyK0gYa=mJxk7u#Tbtq4y@(jx-@Z`Us6Ir%|-JYF*??l1%SzZQ>czce{YsV>y
zh3V+^SoQHtZt^^X8wdnA)Z$rCH4Lry+FgGYb=GM_dClSzZRM88UNFSJb-I<3HWK)y
zC${j0yQz_a05`ntvfK4s<l0jWi+|d=GO57L-_yTU7wr4M0fpzxd!_ceDh2<pH|CDe
zxeWG=QB>`}+$x32`Rzs*diY#B7T)O6>iW?BZ0?3<M(CT+JfdiQFtB^Q`<~pBeAlEE
z4_>Tuj^ox*X&o|R>#^Oa8_zUojLl;Z-q_FWc~2qq{m@M`@nNK{?{x&rb<Uw8TZp0)
zJLweO>sr?DsV-q=FR;R*7`A5_<E@ko%|wm^5?s4pm*jCvJMLNRLdud)OuXDpg~k4)
z4yHb)!uQQ<2w;$kG=#KMUF_!k%@uBiJpF6kly1HA#XV7#L$+HFy8V8c6J2+)^Wsv`
zPXS!i;Xbnd8#Ly1{Abz}@I)AA8^5<2XEI*tQaaTAD^pvPZw9yWZPj|<Q0`e4fyWu#
zqzU+ZQyz72m<-lBN3YKWJ(a?lK7m9kw7OEJe;QicZ$dp%^m`;#ia;~SJy8U)b_&I`
z@_Fs|3^?}K;NJJG!N=`s7ZBc0-5f<_5k(Kq$><FeWWqNqSl+jZo*&2LS5Xp464rNT
zDU^06Ng`zVJL;{f#L7aX2SA?g)6Q8S1a~SIQ^(&%*D`k~s}OZF$xhr}Z$jgPnQ419
zP8Y#=7o)*t|359Lm6E(t2ivlMOkm^!n(`S@DVqDIgYy<r^H7k-#{OK1fnspUu@G(X
z?xveYBjjqM1;t5np0Xto7{oBQMt3lS24~p+<S)=kQ3xTK?!#=QPZE|^S4F)2WiltK
zq7(qZYvncZkJ|zs*#4d?2%T;HCV_IXl;w!hMxNzgM-C07*W3|c5~J1i@)0r}hM2*u
z0f6B;&|0XP5UJc6Q4Jgt%w905BbH4wYv364Zx}NoZc04-qi|sLqC@LMw<N;owoJWz
z2T|=VY?|0)5NuIrn?9^J`v$$D4!9R!7!m};uA+YKb+)p*PcPJwi|;&PE0yApM&1Z@
zGVe+~T*<HDy<bFuC<#JkzvcF_qczBkM##0D3~4sRi^viCwxdXVq&nFt%shB=2h@7l
z<}Oe%4-!K<i*VU8Uz|s9Wld6O!D5}C?<S9A5x9sc0Qm%oC#;9ZYfI)=RcVC%n=V(C
z%s*BbHKIeNg<KkV-WO|lsUmA3;hU|OmtqTSIdtET#+FFUpn9ol${UPanL$*Uj>zfd
zl}03P5~N<$$(kP`5OiT}Cga>jsVB#EP#2PIV4lF8bbSe8US&p+*AvE*?V#50dCDFi
zUFto>&I6HyyAmN~$bIx7+jYyz>$7^fN-V}2x$1;FBed8BEmkW^FIla{=2td~{m5C+
zf^e<;oE*A_)fVaZ+ByFtC<d;WX)`TETTdj+{}@4h-_T69n5*5FR1#tQi@YIP-gp%Q
zH(u#xE$3MUdVOW4C$l)KLe&|isoAmG`y~YzWwK1WG4fLgm_ouO0CR?l=gF%w$nV)t
zS)zgN=1$v^OH(X+*LJJ86N|nA4w2clqPy+ai10XEd`jl#+dEcfRMe>olJjkn6mq^T
zG6y%gK(Y#X<)DdLmw*n*1lPpiN%XUa)`2{wS@MvD_#DB3oWH9*jfB|Adj%~RaOy-#
zgM<*sTM=q@C4i+ytEtk(bYj1b$r|ogPCe1xg93t(3n{|+RW|i(Ij<oRjef7%tNEvl
zHmCI_lr!qt;b|r}^jot`qMi<d>P|21ra&?S-~ZhP0ZoN7!A!y~Idvh@-MNd_{INaH
zy2pKX_4yXhgsxY``_bbM8Uq%p_(Ng(0&K;;clo(pxqsiHV^x^qa$+3oO-I-ABJ&ng
z&u1JME0+Y{vBT2dT6oDyv*P)MNW;9T7kNKe&@k9MFViB;x(Dc$9ctf#9|>mVM=8Yz
zUlu@}eVvdHKi@=bmTKK7+WXbxr<P429egFA+3<Z*p*4NEvKl~d_WdnG;MPHl$CTOz
zpW48}F4KO|VK{$NAHvT@l{;JX$cO-exbq~P_+rry4f44Xxi+!teA(~{X`$r@`#xU<
zB#^4(4bmc3)Nt=UIwL{-lo?UeP$5ij($4dW(nS+t8B#7*U^w_%)8CLa$=z%4X%Rj<
z#0uv%7qCwM=$c8^tsOpQ)tF6&FKYv-s4D%ak<ptqY^jMdPXS#mN&lUAVp^NV0$|#P
z<0-VJ-yiRYu%)+Wq51k`4iu-O5y-Vk#=n=z4smeS-L-6nPmBil-_T?n$=R8yrsbSF
zrJPDsG%DBsw4zkCd^AqM`~$$2xjqRhXCZ9ns&b*Xl>uQ}Ifq(?@{ueRGm-4~gR<x_
z6Q!Ou-@H!TZ3%-d&>}sbs`N`LFnvKML_K8B*l-h3D+Jwmf+z-if?dkv%ho@Y+c9c3
z>3W|;C*Cs9u0O_N<m5I^@Z2!qTbWY^eta<T<rSNKswv&<QH#yf3TJ00k?73;r%WJF
z{bYwq+2~rxHN)8my*y_%?W>21{p+x)n5|YY%Io0@+B`W<Z&=-F&Y}A^7i_ly`xoya
zNcZ#sETY%C#FLNYv&!(Z3w2X%k`r1Jf`cOAKP`wwVXI{#Zo?Z6Sxrl-0Hh|k8LoBO
zRBB>-1CaOxBXv99)=!jb3}`lm{#uTGsSCD<z~DULv#J&p9{*$IA*%(a5MfE?7N{kj
zTpvqNJ-l^cLL!ShrAwVJI@d#~fWpDkIwv6vr$I29KMBeL2Z7AF?q8>uumP~+7<Re^
zQ(3B{K(Y!}D1)oDuvVtm2Qw{=Zuvw_V+MYdsD)?Gte1;NTUa<`R{Gf)^n_`li(4XH
zJ&Z+Hjx3_Vg>_h6;8dM1+HO42t`wULqH#SA<Z(T^`7`XH(0PG@k9(H>;Z1NSl#n1x
z#tXCU-H?kd44yawb&h8h#PMcw;x?8oj`6QlW`P`&PpUO*rkQC0N{AL<17X1U+~lGk
zUsdL6TR?>;0ntN7E?IC^g}avXM|JStQ|g=p3YxZ)>>vBep(=MO?UsHh=JGHLu;~fF
z7ZaY`^@z{HGP}Zc@`uua&DU&U#ic4PI={rAf76Oyu^ByJXhD}5S)QQ^o<u=YDn)id
zIg@9E*eMpir-eIqzjqcr=zhB8RP^>PbNWw-_8Dp!#W<0cC!Vh<$(>FHg4Sf2;%f&^
zvzunF{ox|JQ)BaM>1%;e5B1d3h7o9m3{p@FR?d=YJ!FRA*(kxW&l6O_j<tNsyRU<3
zapKg8=>Qtggcsa22)+g`#=8TjqaIq_+&w&zxn~G1NgFMfg*j4@;=@vRY`IJl$lvZ{
zC6=dN%WTAjrRo`5xkTt>uwAfrK&7bufkSW(u%<_iN7%}<uZ{TTgM9!}UGqFyNs6bu
zyHly??bapEiL^@uJ4y2nNA7U~fjVu{nqa1F@??7aCx1Uo^36CYMO^-e7OH=vhWrnc
z0|lm!llb!2g&MyZZys9KKWc_0NuWsC-$|3y{wQi^|6QcS$C}L^4d`s0W;4xM?yyzk
zzK2=AyOWQyyPV9)r`1_`93&Y1tKBwJX&_ban(gVh-P2qH$a`V)?3m}a!{$B9W^bM#
z&3M@JaIZgoe(wvMmobsP1EhO5+Vsial`_y}oIUpY8&Q(YJ6a^rU5c#gvvuQMbCp{=
zDb4EQ2D{xc4DYW)7^=7>g3k|>E&OMO+9a7J$3X7yN+8h`W{Wuh{?>45N9p0NUsUJ|
zHdoa_g@Tnv3KD*$VrTZoN$0LDc+^?s895Q$gObNuoV*qcp$^{r3F!{{6W|BO^~rUH
zvaIWBMt4x=oqEkhixTGtn6bTS(Z00#O7vbbu|VtQl=D66<kH;;{ZI(qZ&k=3Pk9|1
z3n3fiYIw!mR4L{2<wYicSg!&<JLHwY2}QDU)rl9};|*@;Gc35}MCR53zA7$kb_X4r
z7&gXiTlEi`J+VRq*Tn9^<R<lNYWax@Y30IV>Oh#DZd#OLi=!-caM=x+%R^_AHXPey
zUH>G4m+tJ68R(i*qaVJ)9QH=5PkgN=#u{aKv<xr3{-GROTr4wc(nwj2gIUp{d1O9>
z`&xor|1o2%g^laY;G`3%cSIsFk$_%hTe}kbzcoaCC4)ljSkM>}-MFSlH@3&cv^oCA
zYjG8U5y9|z*~E<R&tEYooLr;W@8Y))NVW2G^f!8=H0YK=e`FqK>S}}!7zAmJeP*G@
z2mfrh7cQN7LuL$4{#1i2&M=L($^H|lD9c37n=4+p(uN$IJ6uO>w6mk$Mg0O_Ev)eH
zTu1L0JH+i3&O;1_ey3M9@^@YhK&WS!g7xolQ~_p!ku`nKoqB<pu>s#US)gtiJUuXJ
zJb%P>WT=WaoFS%Mhqx6j;zAHhFrU@v0*=XBl=$-u{iU6fu>sPW2Aq-%OxvW<t-#5A
zJv8KNlzUL&c1!#qvugL6g>>M9r!mASi<J*WIq2CJAj{ETl>ub%Yi#vp>-s?k$R~kg
zh8g6Ki&`|7!_O&;^-eymDLZUT=kCiZlK6LfZIWO-0ECs40uv)8W<X|iqpNHUSF~ZG
zPJGirl)K8@O946y*c<+C{Qn<s)H07vMk$l?)bh>5ZZ{@lG*AWkiHKBL!1QvAwFfGw
z!2!gy0HS;*=#4Z6Cj3lU3>s(&Wuvr)|EaXl1)FGwp>dE104CH}qT-c$w7Dh@ALC7g
zg=f&s3QUD^lWB>9`W*giTR<nrB0?PSvv8nlEd^l%U^Tk2vEWDn!_){RC;D53l|!k6
zSqu13h4mk_XOgH-pA4Y_{C2J_epqdQE_^Urep^$27ATm0+as7YPcrFUwXQ@v-K3qu
zEwozWPCBV+uxn6rkX#LOqOyp>iukhSs=#xllb&xk;{B&NWDcA3n^{n~Gj|ZCkY6i_
z*Cem2Uju!$OLKULhVhnZVhiO3;nV_c$9=?z70e?cVO9|pFHx~9w%)Gr8!9rnl86ny
zf72kFV6mp(n7mnI`tg+3T8}|tB+pTy>!m1gl9VhFS&_b#L2GZa^2uIOYD1)OTNfL-
zrHkEQdkZGtG!!pSN+6DWw!`X_{mmt1hLA64PkPZPS^Om;Gtw}At6e#&yTaprgrNUa
zeahCh%p!gaaS(fKC7f*MY5h}nl3Bfy!+_Aflwa!X{Yn#*PAjgK^O6fiZg#OtDhCRv
z62EGg8ubB(9s?i){1>$41$%ThR<vU=wcy$^?%X)&=o32%1HJZYzbrWWDOrNp*@^FR
zwLp`xa%U3c+JB^76m-SREE%8`xdOb(NeA<2?;q6Ct7{?iUQ;j7j$E4e3LB_@VpyyN
zE};&mWux0=#*zV)IHLatIb|#&8SG>*11bK3%ts;xoA*ay!KeCQzQ>+OBZtK64JXBL
zAP#1hK_I;zJ4=-Q9;>p~?~vo2q%HC!un}F|W(fYH7cfMRzO#u(y}N6%+)TM$1dKz#
zJ`z1MSJb$l`sE9eDesH-+|hp5wO+sKG{>ulpaPf9$&Dd{l@7)w3UehKjCWzfNXl(M
z4-N<DjP5(iaOUSgSt-_L=C7?ZaLCo7Qm?D96$%}G%AhPL2haDg%@F<wMnS-##_UuR
z%t>d2z(!@At)IudBn~ZIrK9GJ>jm3fhRpetwt-6U;Buk(;5gvToX|@Q_T%$PUa3@~
zu3+W?#4UNeX_h2vm<#4MWqe@@^b0KYEcwDihn{^yA(u816@zAIJx)MB?@Q2hW}5c2
zP--XHJI=3#cl)DW)BQ)ex$I#4iVD4H9X;~Uuu+!CSB2Pu(JF@b{rP+&a{3I#PEA$w
zT2Uy{D0`gSk{14u9eH)rIN9t|0RqbU+4ecgIVWnA%McaZQ~xBN*qnV{I<`|_q}HDy
ze7!SS_c`)+6+9seWjSRCC~*+QQinn<QAI5yR#`0gy;NE`tzGZlozIoHt=aF=+X0DA
zit{+#a~M9UqehkjE}#6f<Jn?MoOA0b=M_w2#aYc*miL7Y*)Upx58il|tcl3#qNz!5
z?EJKrKmmGm|0Y!0t&0zK$f<8)h;?EnVYQWfn9-<sfu{|AqmJ(%YpXg)1D-`U#ZIw1
zU3v3TC&|m=B-vS}k*#oKveX(B5R1*da@`I;R{+ykhb;JYf(T26Z8}~D^b&Ax60Doz
zvTcz1u@+JVbIitM5cLy5wqE|BhB_NVdya7Z$v84C+v4WEI9J=R?}T3KHm3!JecK)W
zKXh`ZI?XyDvw9k88C3}BXipmk$($n)-Xtg%o6n3CgfiI{x?8Oru|X?ZUGS$}wsWXR
zD2i3N_sMm^#4<33inogRJGes;rs*~4lF+#ti`)CCHxEshSF)yyZz-4G!CaSz7kM75
z#mH%9JVB0J-DBV11e+zxYT<8f3O8xmhy$JM<`>!k4_X9MQH5A74-5!ytNq&?)u376
zNm-uRQ7_8+c@zCli!0BvO_l=0ox4_sSOB2Wtr#CxK}^GkD}J`xqnCbB$6$v_DW0#J
zZD=_@Y&DpTfOuWT_CE!xLpli_@>ym|k?v|alCz(q{g!Vq=$S%I5x))*qTmrJTE<ta
z6?`D{{P&tmfiLODNk-EKgvChv-yvbnV1i9213HBh=IX*s)zc($Obh#*privTv765j
zz2@r?Vhi)dXu5RCm5U%U4M>;f51HrGI=LaUG+_gp=>LZ*vOR06HKf(KJHz!!1N>1t
z)nUp!1gu+6D*!=gl7?X;4f>=U?XWew%r3&g81VX)t97%B8{nHtxo}auRC+>}wS4yh
zC2{b+KCNj#CC`O%vd9M}$$a<NZfyvLEW3!HrY8MV)=`MPvohVgf5J}%r1;-*GK-Gi
zybcZCiNooiLV@q9Ad*C)InLc;MK<QbNeig78|*n?5Q{SSu3bpUXQqmHq7O2e@bOJ!
zf{Dr(_9|i1BBR02h%r)ZP`z3^({9_Wo`w@QEzZ8zK1{Sr_joIPMpq!;zx>!CJAP6l
zytQcxZCdN*Rk=)-6y2d$&%I4k19moxh*<vCt*wZ63|EV_ISNjym`h2-$qlzQ>C?Yc
z!E>krKOdmyTOieGHZFLY$06Vdu!sbKZ|anSnRXHRbow;Ry`Y{<2oIav$<|*z@iEqp
zx>q^?y7`mQ7avE>XA;WdeDP1z1INJ0Rdw9pE!dzK5$APx3%xhYDU3d_2JSX+rpHfK
zj~$z-Y_aThrj=6lHBcSQ7)_7&8X26WQ3O_A2!P<3kFN96hGsG==i8#s<MgckpEci-
z%wQ&5MoxwweW+80oS#}czG06QJ@E}$KzU7@xIpJT*wkeu5*A?|EAs0&^@{-Ri$O>h
z?i>kpX>L=&8UD);Z>Vr(x#`*dE)C??fmwpC8r<e+v9J-n%Kgwdt8MKa-$Spd;<RbM
zx2v-|U)Hyfi{(M))5rgUet1#@Nn{4z*;Z(9S+<`@BwipWF+fmfsLgbDU@nw7(gFkp
zOEw_pNMvXYRCZ*qCdiGSZHp-`w~D=EDx5;cverbO-UwA=sV6bmJwqFO3;yMuavOx*
z{=E>3ntLh``Z!gW*lFS)ix)YS`s*tuM!(2O=IG13KRLmYV_{rbBR6>THTi_Z{Z>XC
z&UZArrw3)=*GwwDxD^^QWRqde0xiH^o2tIhQo>~ATCeY`nW`$cx2?#aanmf!!Woq}
zL2m9ul6bBZf+5tcafWeiH(Q8>wDXPryML&`N7){CY4|-)Xy<>t)j9u>qcu|}r6UDF
zd33+i8{ZI9PvS`~iTi5q0YgNH-!j55`k-~A;7}ksW7$@!_#LruuURpBMyqVzhE}Td
zpGmK&joA_GxI^@mV-YJwnCHfv{YFZ{4{C+_PUZ-~?3W_A`p#RbG|ziGF=A2W55)SF
zm07Gu*7Z%}`p*&JOCq-uP|M4wCMT0Vu0ndXJ+O?95*iaUW22zNMG0E#LN~p!zVb(6
z3MF%k{m`OuhCgK6cl@R?h)Y<!f4W7DLDxasYQeo<&~)cr3+%Sutu)6p@hN#(J^Z3O
z5EWm~NHM)BLaya=#abe6NSBn}+QmM(dAZ%DZQ5OqhdwUS(;vs`bMXr~ZDzYuOjxi?
zTRc<QSnW{@E!m0l7K2n-roeqwq~TZ=>KtXS6qFgEC&aoHtqX!*<hz**g&QJM=60Zc
z;-wSbFVG8I8i^wS=yZpb`7Oy6NMrzO_w9-n&%q)+8so0;keWhrg)$&ZAzowELoK4m
zy-JrWbaY?9VY<qa>0kXx>`5w88CZ+eyc#=@jjg^e0}h=Vv}YrRMpxh_{X@&Rex>Sx
z6|H=4tiLTFJYNPR@$ZOXHO(sTXex5iWSc;nn~Th0Vcs9WoPflQF$WDHwQus0n32LF
zk^Ku0p|L$T7Zs8&Er3Hi6jQ>1-+$DQ&%ZBpP25hf)sq{2f=!E&B7_bBmIx}8c}s!r
z3w44h+O}4?)-_TzsVDBgY*(T1Bub4ES<<8uUzxDYQb5RYN+%a?qeoC~IQ9Em9Z@bq
z@t#<|#&pq14u+N>%29=V#>@S8Ba4c^gCxPpp~Hhs-D+1<H0)0r4{3t9y;YyXXzCz}
z#$^agoC0+wLFmDB9rVi!L0Ca0Po%Vg{1>fsr(6%L(_kUL|EoI%>!?<!6*^D<Z$RpO
z_0s+$Sj*O<)%^6cX*a<Mb35jaTGqSRSmc_Zr_I)tiEHRid(|ZM=xL1})ZF(RIPrPk
z46!@MA2W!|V2{%4(-vx#B2n5&#5!20UR6PJ3zm@l-9_&>55e)pbp8Uiotwm4tqpf;
zq+?t{UhDM3<650#`8)Z8z_qBka^d)3Nh-SV`9sIR&QVFkjoILCePg+)!oBcRxfOZ6
zDbzvEYx~`NdcE~SDd&!Pek4;KWDXR}vkIRrBCF7n2E6G~zCw6ex;QQTg?i4J-4=9M
zIrqZF!i(O(*RLAI_}+COyX%~L3pHM)V-)&5`1Oyt^F^lx{vT=mq(iOlz1)gSb5t|=
zr2M5_dDQliPYIXMdk5)~AZ$576Y#U_NOkJVN^4MCS5bv7_yrAZmKpjx*-^L77Ur^7
z%?v0e^h1)YX22LTIWyJ@_f$aN4AQ5uN1s<{tmjID?sOX6haLg3nB0Okv&C~gV(YVN
zKNMc3l{vk$k_S^7iL9Ua(Am3|f}^?A>C5ZO8u)wGcy+7!Q8`a+bsldP(9@=mE`zUj
zowbvKcI}|5PVOWi{P{cB^)hKJmzB7ko2HV=qV|nZ)86-PRWd<g>?LqH&$pGlTyI$u
zh(6k+q6LKup0W+o3kY_Hj;5Usm-Z5+H$rXaY%=xwUF5*AmE8T7wC;o-i4zkHi0Y|~
z*KMQZ#1(r95aN&M8Rb;`ODp0TZ^Oq|wbiLiOBZQaCiM`#n!2Cu;OVvSB>B)xctcDL
zaB#rov%;Vf`BrLnL*3prbL6!!zUr=NX?~R2DXT>TNs#PDkcNpuzj_#Is;~R1M}N7k
z9Y5KD^sC!Jn|>9kJc`fNilA>II$53WPy>Hv&sKSG!Jy<PmXS3MZvEt$yX=-rThCDY
z1%J@ae`GooU)viGM26RE)t@X6$F|35EGaopx=idU9iCMrOK$`7&EX|ytc>m_*a8CL
z??X{Iua-Bn6olpA!$W%Q@a*~fK{h4W)FwApFPz5}@98X5Tq%;x9NR*py+ua15AAT2
z8VUq@siiCMv5C7oX>Tl&YKHn<$5O;ot$X68-6h8FlwnkQ{efHq^K`GN)Z4p`8=uYG
z{aNcY=R!Sn@6Hw$Sfz)m_Ji4Pj;JU@qw<S42(lIWeow9I6M?9IO+y9L1;4I!8eCIG
z8$gQPhtl!=N3@&dk+qorv#46qvrv@YQ;SV?0a3jM<hj+UbinTNV5iV1JANyf8@pgg
zEK#)UJ5kWIfMhOeT{fHk>wqwk94gKRGx<wDwZo(7q?vsA=s?^rGh%kE%|5q-US9$H
zb{f^(i?sOmg#hU<S1p!tAg)mGlGf)srSp@pu|3o>|MfOo+BL#c{ArIB7GYCgy|)&v
z{+bm{+k5cWCv0L<DX|626Jyz_U3kzi8OXU0+*X5#*Km{mg2rqOEFJcK_=SL!{M`Y#
zLq!&X!1dt2AUA9AIegegZh9r8JOzw3&#b(arwI=mbpds;J8RuYaFK7sTw;kGAeF8{
zf2q7t?29gJZH0^GGvB+{27Smks{MRa{2#+Np<k#+osOz=BI;Df+svz7qja7n5*^;>
z#tVy1m&D!GgB{#Ez7z+EHuzb>U!|;h&sG1Xw>pK!wMb}5E+znG?_Rr)PKN13M58}S
zW7=Rgw?>~-`I<W8=W6|24E$FMv0x)>?MR#fQdqbfQCgME)q=n*7%EJ|sc&>;DbH78
z(4{gMiu$!L2Td$6E}%Z1qkY7ayMkuh`5Im!NXh!|4gfH${(FIqy^$)!>aaVQ;KIu=
z)3|tja`=%Zyh5n{x`Aim--ls}9x7r1v-;mp^Rt)>>IRhuMIEBm1|!CPo?7r*_<4Y2
zihNd$=)LifdW0UI^OTwP9TxB-QKFw>v#H*WANVb7{tH_88xTez*H`F_Gpa7iGNhX=
z7T%Y3_Y7TaRRe&}rXoB3f@V>}7PZ|{K_X^HUX{UrWUl7RJZ_b{$nwYv2w|)Tc!4~W
z=4$-#3B<83o9lrmjB1)0-iaJGC%Qgm&n~8L?;c=4G|E<;s>gTTZUtGAp4P%iP`$S`
z;l03WJ(~ftW<AH%>$4~45lD+(7Ctz+MpP)A8wv2bAivzpmZX>flCYoUB49=m8AZDA
zB2oFru?F~!%I!sr4P_FW`IGbs855hdZ+$N^ztBr6bh23B&Z0x=dGES(bjp0vRMs+D
zue=p1G7UImV-i<l1*IQUUBDB0+7QqPa55b{KY6WudYgIZ@djkxrR#{+&xKv*+g$Zh
z+poX7Rh0R3j}}JPn?q(QTJc>wXy=8EcYt;HhNk!my|01q0TdZyNamA$&4;{?q#JL|
zRIaA#b87GJw5Qp_Fky&Yk#GbtE#dr8_jA8*CHF5=_S+nLj3kE)+e^77ZLe^N{6d{x
z41lipH6pc3u-VwvK?da_H=3l$UlP$@r00I7zQMf<W%eq;Sl0QAjjy!Bo3^IPzX@@-
zD!wQ}ZrDzQnqA)(ri@mZ!oH%6@IS7(ShT_gU%TPsSwNt0d-<@rkhzcie}ugYR1@dF
zuRoJak|Ep%NVo|y2^WXRU9hOAlaMG^nP8%zf{3UHRl%a7wK@qGLl6xJDtMbj&=Ap9
z)T*de6cnwt#Dc9>TSRJ+sy{DSm8$)}_ILK$|8w@<=ZtHi!dl8&x@PA6em|e*;ZUAl
zoqL?JupsRO;|?+=FuqM<0KAY^9Keja!1G?^?mk4hS2#v`VN`nwn4s568!uH`I0Imb
zKT1u#a(gn!X#IMkhqSa$zb>*+npFUdB6GE{X1oRMhL4{V@abITbnfx}lF`if{S3>K
zpv2@i`#2OfYQA1G`OBQtx{)KA9l3b@k8-hk*9~^aV7&~sj8SlE(v*#bQm;wHCgYA=
z@Q-~ilLc-4!vdNNfm$p#f0b&>?<c(3x;oas*442xac?yiAF>uV?&{ZsTWtIl?48E9
zxX*!!9P+)dR1G(&V#9kP0s~f+av@g}k+fDUTCF3Rc)OWgo62T-dGPW$&aYRIg`soB
z#ub(-G&rKRofAhoScB*bZsQM$k8K_Gt^XWj=Z0pbgg<+mX;Z+l9Xa8)Cn4=;p><Z(
zEK!e5F;F2onxG#f5|;deMPI|d^Bb!p)66=``jIq37gh|?qjyNhJ}6=-mTSAlN&UkT
zUJ}iAFqM986*=+2D&Wq$O-63Cl4mKCaS^-6CMpMztLB=H;5CDF9PxQSmBGgZEnYCp
zY#dD>t_xRoHNtV&?|O9ZYd(5MereEBYFK-LBGTqyGd$Fs->xD-FV>oN1W)aiy2n(I
zjw;MuB-#3dmJ=?OL~qpwUh|gDZ+G&4MI6|gEWqB*t0xPdt`%>|EUI<3!?%8sCDxub
zBAzh>Hbqjlz+$S}<~+5VL9gflRT=l@blc?hN_}^t{&Y>R!hT+PzsB!8!rgnv){KWl
zNzDFM=*ozh`FvQm1zk;kL101jV<_^p)HX~ZTb?Uo!F?YAr_z`T<@5$-(r6SL5b%})
zulJT*_;!_ww^o&=be8DPR`UdezjAsTn~67QLL;T#fNUSBXH<o9xVq1Y+F^GS<8ySk
zl*&tS<kTd9I^20&L@)NtU_BPtW6&$S?5`7jrn;+o)A3Ulo%XB~I7kWtgETqVP0+4z
zPQMuVL08KD%T&Hi<@|z~Y=B!CF<(P<f%#59z23l~WOI%yqDSS@*@|!YY+hcB1x4Ea
z%d81}0=%aO6D}{wprsr|U|g%Q9aF{v0FQvJmY)$oeyy}bNqKy+KsnD%>AbJag3S?0
z9cze;?!c?CmHQE3D)=80vjVWz#{2~&IT7^2{9%?v>rKtV!=$7CY~%a_P;{>>gzjXH
zgBxk#`SB#+$>EU4f<Dfh{^Js}5p;E%?FQ73L8v^P`QM-a*n|M;G@;8LOld;dOv+sG
zmQf$3<chN0w*YrnB4|SRj0g0L9}{IK%KSIE)#_Rwq=MS6+Lj5ABpq>_yMz=z)cB1?
z1r8X;V-C^SZDLg|l6j2ajhBST@K>t2FUf$-I&4Oq^jGj|0ixcvOxsq3bVRrz7YDt%
z{r3Pq*|w_yAOUc(oY?gk7@UO!X+po3JDRTuvs&T{T`7;&&lCzw2|bP@JJuRO(s=C7
zb^97bA?>V}iOl#`HFS3m)W+|;<cIC>Rgi{6=H%)|9O?jX);*b2xZCL5?X*-ezkiVa
zEYX5NZYJBwUk>anPw7S7I@V)p0R%l=x7TtZAhQ$JgeE(2C*KYHi!pga<F^3hk*&K$
zzzfLMZo<ZB{dqTs$q%8i3dKpt6p~=@c?v}9=Ue$+7ieAistxGT1^*IV6rXI?J?w%;
zsWIc~BFeUwjP|0uOAHSbiUKeAQYU;oLI?hTq;^@lFDHl=VCKdQY+@yop=GCdz6s#_
zoavpZRyfRPAavrQQo*FtN!*Z54qPgsa|Ce<RMK;y)5!2(pSG;Vv>pkU+rnV;rM!Bz
zK>J+Ib?o?{g$v@nYF)Y0=GlYzraIPjT#lq)Qp+4DNp?2zCnZQ4!dgXS=1ucqUp17%
zQ+e!cII~Kc-gn!{A<W;pDx+%5fNpjJ+q3@#EytY}lZQ?=WU)evQ9>~OO)a*zmm~OM
z0XA`0u0E;_%%GMC0{%=w*9c6a)Q4R`HJk>DlWdr8k&AsHU;{PTdVkt1Rj}qrCQ4jB
zXFMENXgN!}m_?Zc$%4o4)qBECy>mzpe9HDV{IQo6;$d`bDrw<v>Lh==L4i%7)^+8w
z6^OEuS1yexiFu%P+PEWsqXM}<QtG5zc=(8(QiOszTHo!n)U=RGL)#=-VNuOiD(dq&
zL&S?4{t&OS7rwf;qJnnrxPn+Vw;$0<W1PYh&pS3D3;jIP6{4>3R%%Js*i`MfU(9xW
zK8QmNedYL;*77EHEkFAgqFLDqX{WQju{wLwYm1q)+eslzJF|+YSZ;1c&W#qb@7;Yn
zGet|^681tRUyf1C@U79*dSIV6yL^3Ty($W=2UN`|)$0ITZX%pDzdgx0d2FY^;ocR{
z&=_HAc-$iXz>m#2&UYO6mSb*bdgbUdq8YB*EMeE;rLp&V*v@pKs|8w8ConHt1picG
zMa~F#0KN1odO-7TXESY|PQ>0g+nqE$)^vy}XfA948M+^1JU9#Us8*9>)1c|V40glx
zh|>9b8-u|Atq5yyRmvtO_p+W$Czt9okhOUOdLAGeL99#<X|%mJvVFmq?ShkQhRi|7
z%EEFk$1G4sjAZnPs<Q@T$GCKhus?q(<a0w4^#_7e4#n5<znAm(Mxp^a=GF+FYQ|4_
zb=zJ7WiQ7?f<B!m?zys*s(FUVVo#``r@s*R)b~dj3$b{GTzD?2Ys?=t+U&SJB3F9D
zQ0XzCIW}XT&uyj>Ka(z#dtANk8tiexNM6eysTCP&GF4*d4n<w+Al<B_R+4sW8P5r=
z96Ke;dz0M3%}Tc5U+2hw%SnCL%|ebd<6e+pc$>14kSwP|qGa1w(xXi1^(bKC-L8lT
z@04*jYjb*H?xlSdg?O4mU-UCN<C@QLlOx{@PQ_+7QlQ`=M&HqKqJGU{3(PS%#ZE^>
z(P#1bx+Jzofd#6eU=$c;XDNhAV-GpWpKIR<*oy38ye`xd*bV`NTG>DImjChrp?uV;
zM^^zAQ3yk(GN>0i!>kuNKV?$ZJf^*W(y8FWm|8A-i&5yVYh#bT87ZBrCyGBVBR(>k
z{;xJO@piJ61v}96pcj^ir-Gf+cm=BIr*$VwoqprAAxwrr0Juv`s*bDskB7m(e+ICz
z9H)a?DCgfpA_I8Be2g%;Ueo1*^2Nu{waW1T<z91{H>{97v6Lp|d=uH<vh-&ceAP!v
zwsiQJ<mj9!%*ZP_8r-Rxi9``y!F)01^QUxvFBly}Ge8glU)+mQk(wKP<L$R5*Uz6x
z6QMs%Y{LjpoknITv$o&LfX+wSoKUi<N1V0yO`KldtMO(UKs*m+2kFvT=HNP#6hFNW
z{r1RE4vcnUdmCw7Ei1{77b+mTPS=+Dp1Nr2(qt0!m{Y9+Ag+(VlPTr%Rn)QLz0#DT
z$rzc&9i33>;oGA<n){H>Pm_=GwX05T`PAH~U0==i$X`rii)Hrk?8!=m2Tf41wZ+WY
zOFuD*&nzM|_!JWlA6i331n8^d4a+*?O3w(hMit{T|0GvWya&yjuW|)oCHRQ~%Py=}
z%^r_^O0&g5(+Ifh!CwsK*tB1rJll^uVB%hp3vz+&>_;^zU8CfBe`hw?;yd@`feF*(
zMSSB<fGuJsNEd(27m*&y^gmt^n?@v@O>#R;K*MOWqM3VVrQ9(D4H?Ha2}(XuO;9>*
zAVwQ+VH1>`ZQp8f#gleU17CvS_+<Mdy0fEbQWHSAzw5@k@s`i4p(Gdf4bCSwci%&@
z9Q_r7{CXwi_~QIk^{lnNTHPmZ%a+qW3M15RqA!&AjabJ4`r+O47LKi6qae8@3C)_J
z#%VeS6uD&%g4;1iXq5urg6gI<RlOD0t{Hs@&}1vc!3XM8)3OHbq|2~bXL{kCZxLR|
zMGfnMDR51nUs0JnVo4{*NBPNkFASK(2sL83Y^Ikl-rapb>}v^@PLGl%?w$uaxD5p+
z7_-ICUj-DrjYYzK1P|XoG>GqxGxl<{K7I7U8us=Ev541Pn!3FKAI;)jH$uFdd5cv}
zmE=Md^~0$P<is}-u=gB2`wvn(uKjphNWDX7#Zh_Log01n9gSAbj)8K<Ypp=JW%}`X
z8&!}L(R9jVJez6TdSe1N=S5bfapX+tgTkT=KbI<H;E{@Q2Gng3gMOBRQ*0^2;+E%e
zf;|zc;tAm!mdDKQ)0Zz}{RZ-+D(acbl2-h>-AyNQl+LY}%$}>lqH@O)Q1n}-4jSy*
zAND&RvJ>k(QXJysORG}=1kc^66B<mabsnvQ(pHwDiiGau?o|I5)$LN-o&3^Bp!<<j
zI)6yuci`8tca+zkr|k8C8$?*-f&`|XwQ;sW6V%DvmW95Uh;M$G<9x8nN&0G%n&Tk7
z+%64zMXvTD%=~eL2tKe}U!E(W=bzLmB1S09_62;jxDnIm#q_E}Qrwl;`85S2x%!O}
z#^EIS>AiV};dS{|S^50L2-GpZIw+=BmCc^{UU0$LZ_>B;<c8yvj2&Td@2q7n7LeoL
z5TZkK^%5ShBqp5`Kt{IUCC5n%^4fKf4ybdJjut4-E*ZgVeERiLwq!K133!14Pbqzm
zAViMWWBx|et*MrBev(blG56}79RDg)s@}`XxUm)A=(}OF$-L>7g~`1y1@0q>XCWDy
zsp<CrjotG&SMTC=f;0m1v~wR`9!FSS42k?0jWGPTc7Egb&^)}*%KDC=N6djeCXrR(
z*UGs|l7%ZGS;^gA=}5?+U>ul5=<~GEE+e%Lpn|(i4ZX3L<CpW{An`Q~JgA8r8sx_2
zf#V2=wZ08!2dmg7Z91%uCQwd2eE+f54XD5TS@0h4iV?h0Usk2!WAn94*2nXU%iZ}V
zXuv4Fa+QL~R^u`Owi7Jwei`(L%P*9<WNy~T++}b{Cu<0{e4NSr9~Zia^P3u)BpGLK
zk~BOcDSwKJX7CIc0a4In0!)3@N*$X(W_8oW_?C9z#!9g-^G_F!!T)DDj){fSv|eD#
z2y7?vCgKKgp7A=%$Us|Rb`9T#K%G>4F6zMG&LF|6S;PVZu>ZVx+es;Uu3P2AX=OpR
zA3u+&7<(YLL`wgOx#rSKLB);N@G)3HhTKh%%&VfL>CZsZ0ZW{#{;{&I2)pgbNzZo*
zULf22gRB1um1T@T(Q=P9wO7g6T7rM|G*1QDZdW1fdrFj800M$@f^<~jCj|RZ7JX%?
z&DMa28`OAu3GTM$6M4EnauzpM<Xc#j1c1=Isc=n#%wKs8n>Ah&qW#RmkAEvEaT}9R
zs1Uug+OEE1xd8me{%E*=9rW9Asq|<mJf;exJnuQdnM9~JCY`_4PcWfl$fHhn-3~|X
zZZ3k(Oyp0iO~NW3dT@gC!Ni5PM~UUGc%i~82DHad4bWV&mW-NX(C?StP(c%9wv&(W
z+0Lj?ZntSUVGLSp(JQVKV@FwZ7xrqTImaw6v#Kz>-U1=}?s2kh_SJ~d2*P4^>9yJ^
z7VwQfgXKh#;(QI;$Gkm9(B2~{fxneI+)RI3uCcKAg<ac;rLzLcyJ&~(<I=R#6AAms
zYEXLnRy_8TNQWPy&*m$VrSU@Pf#Fk40`8_(GZy$cgC$SdUZd^Z1L<wmPAic~!!q8`
zQ+`R(ODVan>Zwli!Bi6K>Xlo*fAmild)Op~fgz*3BVL*VR}YvQoqUG}HHXq6U9GU`
zLX$wc^#`@W+3O<bt{6&L1~wjDZeXvv*rbLl%U8$Fc02W~RbW@R3;((TltapyQtog`
zj-bT;a}K$!j|tP{UBnCD3o_hGzEev#gM?SHjb=_gmG)?cS;VWAjNQ2rxd5NS!;FXT
zMWRbd(a>Ehix*4SE%UkwE$r-0+b~hU8bg^On~7G=KFeJtK(OBj)D$clxI1zrp=%B-
zH&*=oD5!k%l<K+9$gVKt3L^3(Zw<A$w};shW0gaefV9@~=AQQfN6b}DSJ_TZOR4>y
zo)Uz++=9>_;&{$4bE41&Vn0?i(PC$vb&BGK-^q*V?#Y%*`?b|YPDhI^nmdX(#m)3@
zThY!px9vSz*D)ubyfGOIysE>rHZclpQe5Sb3S^$5$Q%AfWC@miR~41M^UW(MND{#g
zW7P`BzswM~Ukmk5cq6U?R->&cR~0f*gA5jkN5mXZpz?~{WbvevqrvQYQ+Te_ebTWi
zKKjGYN(*T7Y=5B)<ZeTac5^(C5`QRFz%3SjZZU7zzV^)l*pamxi+~%4`A!jzvKvR5
zU8x$dL&%Qi>{SVy&UzysLh>~4vVT;d!BbFqwnxXfTF6GThCC`Z3)YyacxGU5|Eg|*
z(>a_{)z18Z(uJ=+-3GZuDrKB^RLXCch3r@EeFu;&xDtX^zL%lwsaFNtD#SNb4t{2Q
zB&Afm8MVOJE2+onQkB>})f`m*49uH<nsv=)!}ubqB43U4YtNqRo;EpM=!b`$B}ANt
zJEqOk!X$KVZjjb}pH|Zj5VhYU><apwwJ6`f#Km|Zhw`YDw;96p)_yReNlpmd`oqH}
zNzN02%)#Tv(BQ$4IL+#Qy_>UUL#{8Yc&?r<jBNAtjw>-CEObD#I#TL>TTstO3B75z
zP%a^^J61^XEddj8w<oTsrFg9gS@c0C5^U{O;9;&N_V}b+ZHmgajRpa2_IJAdY0UN_
z;T;x)UF0@F%39YhzU~*xEN{|9NbX|tegqha9GeI|&O3+2MZYtk6E7l>DrVE8@vK41
z(sp!{o*N7H^79BDNq-;ThO9}#c}w0$aPE_!A?Aa)^y~RzgsX7>^M!PRqks*b{2|q`
zcitt~2#jP5p@kIrY04R^q{R&;vE^&I_!^7T&?_Cg`32Bp4)RWchE)4yQ14>ViT~V$
z|MLd@&#xdxuSF=U!2ZsUsACaJ2b6S#m%%gJ!nwzKLFYu+h@i-AR;0qtvhC+~srxa;
zZH1ml(IU!!ni3$Q1YZ09hs#NhAf!o$+G*1{<VgXx-HWodA%T%p*5%f(y=TB;J{~Q|
zR`fy_HJABF<l}Yz`{=_m`(|)Jn#vRJYB3%EU#kodb=pp%gq6zDg2`1Z#gr~p*-pCh
z5y~Bz8YIn>bgu5)(-8G>+(g=*I&nf>mg^}FY7>_u&!4LW^U~qFr&^IoI5$Ty>9wsX
zV4{bBe|UC*2`Wx#n!34{YS4R{$A&EvvcACIv~t#}p{)WIuwyCwZ}MKSJy8|xZM^~U
z3MgLB-%zvMVgp0GfigcWmif@pa=<Qbr3v`~H@m^59MbSq#hzs`wQ9oy^!g{<<8r)K
zc%?`Q$sjl14<Hn^qUR80tf2!hA7PGU)NzMR9!gi_QnrP=zfI?T<ig9iywm=#TG=D@
ztmkUQ%BN!#n1hgiYY=jk#vb+ggHLbhv3arp-SpfGn~4|7?Hp8OORXT<FJA?%GE1d5
ziwL^rwTbPvYkhb4x>c(EHqQZlNoW$qx7h~$g4*?+kL3PvLp3Yt;;)hX7i6e%evQ4)
zp+4PaX@0Ku_&4!Jzw=s9^H6|N2D$GCT)Jyt1ACAz48Lq?Fb-Sr_Wd;+aANhe7rF&H
zEPW;e^spSo*^621m_hn`e~!a@a6*yUR;4NVTKfQ9$P~K@^8MawNoA1sXQ@iwJ*SNG
z>XT83eNb26n$Kd3WHz6t!wufbC9joyHGEmxo$jTkBTvLKcJo|Kp2xTi!}5S$6EBxF
z!FVVXEk9MK$_3Het1O?gYW_H;CF5*2I{8NRgR97gly`@$(21nKAr;TJhJX3M335sE
z5Pi9H(z`m>dE5A+m7>All*Cx^Zk51VuZ8P@bxCG_{T()!)iriUOF9O2O4~By+{?pp
zW$KZrw<gM&`?aS@(>fq<@O&F#X07$n>S3{_&L;YK8&cs6FcGXvUka%HQB@cD9aZ+n
zQ_=1>JG_Jmlh)~$)C}4sjk?H=Ri5qU22CJxFBzS6i5kFCAQwC%qh9biKPS%=y4NpX
zZ<u@9g0g4!<kq5Feg?91W`o)M3wQrCY2uE6vjU7BiNz`T2_HRs)GLKY<4Tz9C&tvP
zX55Af3uvoIQ`5xd{JKNV6&JRec3h6Jk>bfunbkX%<(ai`MIRG6Q=#ykW925536>TH
zPwzK}2Ui)!3eGYO&P>>tK7E|jmfg|8c;1P!NMcX-GvVfuI*j#a4`UaLjcr%lWNIDv
zbWb~dI2wm8`{AkHdWkChA^lz2_D_nODpOB-ImO@qS!x0BuTcTe=mS*z;xJ`_T?&9Q
z`P8r-bj^MfTJg&Uz0>4Q1VoOn%muoL3pbBi(AesS^bcYS=PvH~ZkrH#HGPC(Q?z@z
zP)Pb!9EdZsFM-m@IJcVROm4Dq9;JKsTpBUOkSV}tY$wI{(p^QKD+lSkPp1HFp&`L@
zgEsKp77KDygLs=k^tXn+ZF4&E*&@V#Zm*zxui5X<cgm#QWvGvz?IshNsdM|?L@$3=
zJ-tTmDs|W1a_B@H9l@YgJAZQoZxmDF9Ih7~e7-VZaQ~?y@+IZ4Pe9!n6fJR}lgc=p
z%6a#Y?ZF@gJ!jB&R69Tr4dS@7KKnXl9^+~y%^RAO@ddy_a7~YVMG~T@@o|n65v1R4
zr-=){L9U4b4?-IS4;bMg$Jd$f4ATn+gV@(}f^jOh2NvzhTGr#=_3UqVl6pK>OJ4Km
zINohXggI_*LuKTH0X=P#19=RS{uem}?aqo+*c)u`SkSzOo`cw93@UE5xuD;nnA;}C
zq(y@0amgxpK&y%X%5p4LPMw*mwW-7O*;Fh~uI!j9clN%B*zMk+hemd8v_KIu?vy;R
zU|UR$7NS%L?OubC!wP=`pKbo%=RN=NJ3iV?zgBo(&!CPGTp42mJLElrs8Z)lOsPVb
zO5Gc77^aV}5mN0G@xWr50M}C1&7&B1FUrOnoApn<?*B^m5Rmd{(>{bncX@RO6J8Yi
z3?HxUG~h2>dRY`UmjMRM9Q0#&31pS_V41`}-xerQlVlN=#ALv~8N3lsfg08S$BKoZ
z?Qp!hmuiC!;n_X1&ClxMzXXKumH9+K(D19V0M@iv?Dnx%r|cBAL}nE@>%t0#OlJ%-
z@wPDfrZoI7CYFId?`n1X36c<np9sjy{e!j8>Wduw62lL-n7)mE4vY&u7LF0aWAN4|
zee{bz$*dP<-dbtw>jEq0bOW*}g&xmIu$`Vj8&^p+@aYKTPk@Y$D-wIyH(~QCkIs%;
zt&2^pGzE9FC*k}!5)8h_c2+|$xrEOAg|B~TKd4E6CWn0dxaDp9>5XgBsg~pEtod?w
zy4?Q*-$HlFp-2_79kj?jEd2H+%pvPz4o@`~=Pu{4MRr+6ZqT15vEhE(8)kJEM`W?t
zKwwY$)G}`nvY>rVKc+{W<}>5;VgjT5O<$SGZB_&2xB^yVA3_UL&EvX4uuLvb5PJjM
z><8$}(Q0Vh-4VRS#%gs=%gHk{;p=nKyQ$$5)pi+`w`Fv!jYL0vm@Mzp3@rz{>N9+a
z#vwX`lNaL$-%W4sqaU6u6&?hj<0yjIUClkwE10n1=WCGNNGtT>n`X+PXJ3uvc(e)k
zIKb&neHA6Q{Tq6vX4#+Z*5`fT!*<z9`wVKYwkb>*+k6O+ngoZd;pPFMo2x|NX>(F*
zg!h_*-GOMySLJ%})GFzy9vS;h`b=S!AQpe9%;H?XYr<9pe}Va>YIQ=F;d{!o4UdgR
z$IOJ1d^vaL9!m1B5l<$0`V1o2mM><_8=d3XhF-iJpQO%C_MI&UAVQV<>!{?@L{Q8u
zV0Q=|9<mS*dZp~1S$e&DeABvGShM)~Ksg=z2KQVuG3%Qh`Bvl=JXw$ikGpO%yTw$X
zI(L?1crWGNZtv6TT4iu_czKn|`u+zKEq}f6p?2IiwY7pjvKH>+z-4_A=;OH2x!f(w
z<R<U+RHpS_R3l-I-Gg;!PoK0>^?J&_0|#QwS?r4Nl~IcLrE<#+KW6g>V~ka;YZ73a
z6VK1QD){t}=S13FbwM>P=vRR{`}c1j>Z&TWkvWs6Wqp{gh8qYW^!QfuC*+FTr|_*_
zpHiODVte~WQ&l6YOElVGUo5U4HxVyfdTSz)hi%NE+PRGq`Qm0O+Ve+~zIO6Y-|1<)
zwA4ZP?)S}7cXz8A3L0K#hBmw~S3UZ?fb17IU)UC)QQI#dasH**4MEb)o6Z&E4u5dJ
z9nk!|H4zleH5~%yxHS*;KF!bfc#{S)ERqb)^N^H;QAxB<uORo+6H;63%}os_i2Yly
z)V3$}8uPjQ?D`(;!TnCR__dEZ0U|%~hBEbog*mqN6N>y-R2wwr_!~r3A_m~j@By04
zeJ^PDTlv<seF4xej4atD34}IvN^Q@r!^?E`U8b^M<=D}2^J|DJXHEgi8~X<2oMcr%
zAI!QtJKJ_PH6{cO;V-wu`EGx&hRPsqmnc^ui`ak$9;&t3z|z}Hme3h{2b&gm`LY&3
z+=C6;v@+G=Aja{)#3tua?a(Q<ocbFw@g~l;z&@>>o?1q8k6JPFwp3iCNcD3{=A(h$
znBDnh8*=TV9)fb9%bYq@F&UgdhzcZ~^SEZui`pF}a;&D0@oE0j!dvQKGu-PYJ*aZ2
z80r!NOiYB$!o$_^OUU4vz3@-d2LZ%-t<}l>m0}8?tI9j8jMOE%2_%)VQNXeXm$cbz
zK;2LK2TD`4L_iES#-t3A4rrD{$l$y?W}x>GjANZ3rzF5@z&qK`fn>qUMm(~REHAYQ
zH=#@ah9u@gT~hgsFDNRTiUSP>w3Iavfl}Vz>P?2&cUVXl{y=4WniMYLb7Wl{t+o}V
z{O=8ExgOF|Dw=dbIo$%VjQFn?BSHP^g<~sgT_>F)-12cnx05aKGGz}k1shO2qRTZ%
zvo`3JBIN<$ywneDcnjWBv1Y~00bO|)2ZWR;3<Kwk|Nc_KAWQpkG*tw?&J_~iRN?SE
zR*tz1x3al_o%@5zCPxUp1vzg%htG>dY^eB;dvt#gc{SUC#fgB6Vp?WL5u|sFRD68I
z6b$|Y2Nyx96jDZlFf6N1O38jIRUTOS-pM1&nrH6zJG~{LbIqk8pC^lctgQNU=@+b)
z6CO|kPKsk{eC5=e2(xnr{BxM1{w<SKIqEGF`Mj5NWoWXw)}ez#DzEXL<5nWh%P{-V
zUlPC|9%fv%AZv>GX>Ba#!$bLm^V5lzU@P}rcSsMY$<--F&sIW-VP?ezNeO^Ax%~W+
z9JiVAoU9Ovf7NpERq~lC`oWq05yr8(+iNo&=Ff4ONzfJMgL2}}VwIA8gOy%q%N;av
z{+f4{UplK3s(f&j<5$YxqeNWmWytH48urNUn?rQTUq;oW0&r8_sY+-{hs@4WwpynB
zN;Aghu)!u^`b}Nylo@o|Ck^n|CuhUoo_;}w&DmNc2n$;)4z(}pg{G>Nu@y&}Sl2bT
z{95_nO`RnV^tJF8zt9AIe?iP818%9(?TX$I2y~HQoPwSgRl6$G{2SdKgEU9;Dh5BX
zYrPc;UpzIrd#)Scw8brx=y)RK#!4m)(-f;xM{e{evU7S7TDz4cgr0U*St0imH}x;Q
zC{HL#?seyDvgK@sA>HY7#@KPES?3nbL{4te{&qD@w%~dMTYDpuFG}riQlmA}O7U1+
zRg=Gl6l%5lu)%Alo}+^_itmaeXt2{tt658H4HInf^s|_I4`p(GnXrls8r4ZH`0E@s
z3Ln!T*)gOGi+t3}YI#ML>ua<}#}y^p=RO5#SF1qu?dZ6&pGL<87Ixv)@0vd|v6qgZ
zfoH6&JPWr)Zsjbv=XDVRvd1Y0dilJlrfm>3ec2I!d6^}@XbirA9IMFfGab5QW$iwp
zfR2t-Wspn8JT$ZGLUc8`YfXn@kDL5YWe8WU*5AfL=WEeqJ~wsF2es6(0Pn7a0{qtZ
zq?%Gja5oDInVV~)7JQp|*E)R)>OaLFMDprED6CzGaNkdakq6@~;`%W_CD7ILqlr#w
zfY*d%56VAb8HI5IuS+-&skXk7hqkkbb;kWUu|<QG&DU?1R7l;~N6apFI=)>iq4&Qb
zjFHh+`0xN-{23+VbfY07rpC>5vC1Yi42VceTq)5x#WmtbuS?8kf(3K-41l)xNUspe
z%_YbEg>P24Lz)Y32=f=xst^|JBs3i|8vlm!=*LUtm`*XaGA&)<xF&xxp_X6EDNRq>
z9WGR&izD^ogM}a{5VKcdAp6GG0kMES$+Y=W)i<c-g;OsUb*Q(8d(&)QGUkYmd)CwJ
z|KNrIE8;_IS2QD7<_Hs>9c8k)(4Z77_}R5y>fiW$Q12YqQp-E#q<}hBNde3X`zpqX
z?4NiIZh0Z~)rs|icqfAJ+ohsYy@EG{FBp>8UC>*FOI@X7j-QjEbFRUDUzhaj%kDaF
zv~oZ`Dd#@&VICH8L7`GXx()Lq`P!aV&R7ZvSmEP46#fmbsL@kU;ES7<_4uJve8DfM
zZcdaUt(5ij^=a}<9jkOLQ|g%^lsuU^T{<UYHvm67Z&bj$oP%mf6yck;+`p)?8<>br
zKfq_l^3#|Dl#Kp#ki0zKV%mG~NiQ}!&U}5o1vp{xk`YtMK0gT{i|klVIJ`R9&e7}5
zx-Mfyne@gw5Q~DqaLeQOqEz58Q(!9YPAL!JeFUaU^x?ov>fPgXXCq}E#~rV*_Z&oG
z$`HSMO8bUua6#s4h1Ypo9K9A}<<*<Ox}(kHzSXfNn0>UPh!osk1^+9Vvdz?a$<P}&
zIO7SwQr36Bo1pu0RX;WtR06aVd`pMD!#JQKXk0=~K?7t{2Z*k(0=%r8aMqwsUjUZT
zpsDcjHvE5H+xr;Z$JwkU{7EI=cwsUXcolH#g|c@78RnG8X!*=og%I+K!e&QBwV{zf
zp@}%13)1coRRO=l$Ls$A8x)XX-Y@_#zF}ejsS1m2>Yn;;S+TejG@<Wj196Z&V2Vz{
zOPK?D78{RkV`(Fq1Y2TEq>z>I?|~L{qC1f>qyB~&MGDnFPm&^AM%x5|;vV?%@kZ~f
zhZmyU>KxX07`jz2agVX@CjZqbK9lvu{O4e#_0yoA<LltCTVeCx3|6S5*-DA_fgVq9
zf-BEI>gEXq@da}mM9}s@8ea0o0<lnO97eI}dlWnJ#{qNLlOi_xsV?WeQ&tgLS!jXR
zSbKqSrZkow(5!PKy>hksuiKjBSzU*S66t9HzjWMLre)L!;~LXKPk(IosG9N-pII^i
zG?JK>D|*zce4NEz^->NFyTZse6W#u05jWV_uRGzG<3Q0FJ1v;RAfaQoh&WSc4(T!|
znxcX}rIAyIs|k-?iUPJlTQRx;r>4q<CZ$6rinzEQ$79%;37UM$9O!=LgVAN?bn};2
z)v5OODeX?_-xrLdH1C*pIc3{b3jKCP4)qS1&mACN%6s8Upk1-fWQX6qqUCr0cBd=Q
z+gm02<%W!jP4SnS=YufPsvzxGtKB|g@{R(|Vy=agZ>4+=5j3RVYpEmg@v0s?3|Qc*
zP`%05^~t&FS>NYKH$Bx{{!=x#a}aa)>~&JiyQ#AeTQ!BC*^ksJhu>TZ9KKs77w&ts
znPTg2HDTqe6!6cla-4QferiZv*mjXG@)>tET*V7to8<)0dRD|;dnF}Oxb<ll?HgJ_
zLT9X0N1DpYZ@K?BGzYg2QVOVDOD}f`>?ERYkZ$ivV#a+JCDBWd4_3qW&eYh<SQDB*
zS?zk~L^`NS18HpV4_fKQZMQL)X;2lCt|vw$E?o^mmc+JlygBf1NKI;=bFYbFhwQ6_
z!aY}B>=Up&UtsRzcJ|Yq4|fpkio+8E%GTcI*x${-@-!+44oa+rr!yiYDel&WJtG%)
zOwLnf*kZ9GEzPVBg}p#<%CQP)Y&|oh#Ri+dp`{1gG1jd%J~4$*<$Ko2BVb18!-0*R
zd}huE6ruQaNI=}JaIacCRyq+(HfQ-}=8kR{CUJ;^lD^019{?kvuz~6;YL(r}KFJWg
z-y=ZB-3^{a;Gj3E4SvEq{yvU9bGXACWJMM`<bXsfFQ3cP(ux;{yC+Y!#)4Fa<Q|q5
zGlwsLTmsFT+uJM$n+`tO7X??Go%ceDE{N=ngbJU*>^IL8=*<xm;-I(dk?)cmn&yu@
zRu)Cyn)l8SxAIdpt8Y7?&-%I`*Mer`5|Ar<xJ%^u%N{4{r?b>^@`>GClkH`z0>O1g
zp(3uMjrqax5MK2zd8Qy2m$ne*G+kIOi{Jj;ff#IB0XMZ6hpXB0*nR$<(>nSe?#Su>
zly=OZ&<?PuES=|$r3kpEkX_qMlHD1{l^#JPS8>{67qWm9>Bd;t9~C`_Q~T#TvaXqt
zQ(NyzLz~;6WpmX+Hp4xk27A9O0)M*jS-*aJJ{WM3Pqr=hG?jKYtnYRlG-9{b5}doO
z66$KhDl&AIo~e1&V5)8EfjX<UHgH>Z;z;>u2~m6xIWp!I!MQ)eYzN7$IG5p4mwIJt
zpT5wlj9YlfO4d5KNulDXTYBPVzYfn+;jNj`c-<E)39o5@QEf0Yv6ES7*496-Va&d6
zh0Rh6e)HFZ3bfW{Naqw`YV^{b>xKe&dLlCpIG1!i_8lhLecfqte;sVxsy)!e;|N3@
z9%T4Tlml%i?3d;^$Mpx%i{tAcZfO2k0J>4IC%JrY(ZUOR1zi6yPw=3zbfJN030nah
zm9{@65OIq!LK6?hhwynYWxi8A8)OAib@*aMxc!{GGEOuexgLv6xeYUwr7W=k+hno0
zN36v^Iiw+>V;NF>`)YtLbP{0kFDc}v*>8^7@_AdH1z)~Up8ENm(;NV7VmapFOHtzk
zLS%t&b-9U$$roqDwIB>m8I~4d;RSi%)=E-AW<uz!NyoHvfmH)k=^n^g{=dE^&)`s}
z!QJ}MjQ)3wLXN@jg*4<A(KIi!i<QB;TkSybS%~Ez#*`YoiY<2VXT$dtGu)iD4bi1y
z&u5W~WJBmGX&m7raC%H(EI!TX{+V+9w;xPkZSucdri$)3a<O>r3x(~YDEX{{e%%<b
zqLt=?ZimY%2*>dV4dKTCk2AAFN{Qg^j}JcSLrsp&a_~1n_mpbv-_KP~264U%sK`*N
z5S30LP+~GAlX`_{I29I24*pIcW(Pk6Uc8ke-9Zjm({I__pLZzOeFc)Uscc$VW>=Z*
zJlx3wmCQgxCJt7RPhY?9MORKN6+}B=?9^-YYF<Juo0a!5jCz&2dK>jb+$2W!ghH~-
zw9j0OkT!bUe!0fsm)xLnKh{7l*kGxZ^95n9CZlo2wG^C!);rDC;*@<c9`;m^hp%a~
zeYfk4rDT<akPOV4XrUcYY1#=T^o4&nS~1WpP#V~m&D>TEzFr74&H`DM5*RHaTcOd7
zt`12{S5ff(K8-FErLrT|CwT6ER0J*jVGa;Y_9_-T<`Z7awR?nQ8(h9l3G2ejcP#wg
zWTJh_Fl8k<Skde@q}9cokk3M}Tn*2}N7NTZ%OR%a%{w7W^s9<Jy!lI&p#7;ZOxMzR
zq7@h`TO~WfXEpcf6m62wre70rNLrdq<+MScp^z)y1c{Ef*`^EC&i|_800x@ARsmO5
zc#65dLiF`{y_87jIy%>~!TdtW#+GXqHgXj1hA+Y@nC{_++WuhyTD!z?)=Lul^JD`*
zu(w;{^ETZnF62*>3HBd~5eO>_RA^Uqg!Y0+&JEsyL~7G+S@b@>f>tqiIbrdBQ;<aR
z4(DO%;uR)j#&&>dP<&l(8T5)>87mWivkO1%f>zr)s6@gv_6(g}Qm!uMx=#)Nheuzw
zBYhioNyf5bRq>SjA2CY%h|?OACGynGuF9axaTbj-T}5!)8u?u`H7l1dh7Tu}k;epT
zZuXDz$Q<n^&R~$44&R###b%F{e&3MQ_D8(jtHDHjyd+t@c7si(CYI)JXzNo33hbx9
zbDw3g7+!9W;B(rn5clMG6*`_mSN;e#3j8ZbZ^ZtFnGFE}(#E}eD2*M-lIY39$v#>-
zvpfTUfRpgL%Xt$0>PiRsAf2z^<hP+4Gf`2^t1zJrvWpn&Hr$K&&JkB5KLP<p5zHZL
zM*jxc1Tteg+29-Cl26!U%;N_%8)w&`;pKz0{c`y$#f+QR^K=-x>p-a*`e~7UkiHbW
zGh3lb8tgXC_r@u+E;u8)QjB-lFzttF<SXc3^0dwHGD!mzc7LVbt!b}-74c=9V!Fcv
zu;6mlCwJS=dr6gqFO;j`Z#^yelZf6r=ydb_8$vrDy#=}*rPrxDv1w<%GaKQn*r55l
z#YWO`g^+^#o-3t*fFbaI&Ve;cLQ2hxj$2_(!Po&T>CB-#JoY)6J%maNG?U*+Du-wM
z>=CQH8k$XW>RD-z<f_s8njp9bM5Ndw5_rWy;CNtNLzAnjWpGx$#irIUgauUf)4!M%
z@f&nlN~hE_F;mAt^#(2f`FU*<^5CLH{Sj@=P1<z2OqjIr0>0<CZ@ay$UzyYu<nXo3
zK4b_yHKG)YuMy0~0MwTir%V}0#!}uiAh76cx2@A%jc<+3yt%_&#?jkBAJwB{R4I#)
zX|@^JIeH(n*bUShg)VOs=$q{VWOS2r*}xs0dD66b2FULdmF?6QQqdm8Op#tJpq_zh
zL;Z|o6Ly~Ejp&QTTH8U)^A7G9{Tzj6>$SWkU^qGal>}P-Hzenk3NMPTfxey8QJ~t|
zThICc#A$oc$|x&Rplw5)q%#Osb&j)D&PracG03<ZBob_%z>Z!sSSoukMlthMRD%=b
zca(HO*(6h<w*Zzlyf9M4F$C;TI?vSxf>^JP^aW$8BRXWRoa%k7v>ndUe^P@!o}gxx
zvE6pawBVp{PwCx%S(WOsNg=%lSH3Leu8rdJI`D9?+`97)8*R2*XRqQ3fe-1wTu$VN
zFf&=3TGrX^-Nv9)wAjlqwI=YLPNMVg?8X`Ah)#uVh1?TZuw0{0naOKgi^MsVZla<%
z_lSRre&8YXKUp&XF-i=cGbW%;1#=Fhmg_2&;?FJUg=w`4PV|s&T&c|vojVvvhAx77
zaD2SZwSf?scz$dPUsHrJv&_M_!I1~DB1UO3j@P`y!2So*nZf5+kHHwu7T4-ny5K!X
zm>JK2X00_!f$1X)ywwd{v#G$3f(oHn`^QN)$)hoDVZSUtyvTGRtVy*f@ghSa{C)SF
zQhIKYY;1vYn#rD}J=y%^p>8u&u}IO$91~3g4wvtQQsy3c{4<pumn>f}|2A}n_r6dy
z*X$9#K>3$N;rChrPI6zUZQmyFA^&=${4h2)p-z!qIH3Eou@ohvIINc<NL}V6sJUq_
zA9Iy!j+Kd4zcDqgS?dR&=?-xX{FSn*(CI3wPX;CjCV*57GPnK`hqGI$nTLbAJZ9xa
z%Iu)UCR4o^A1BA0=7iX8Xu@e;j&SF>YJp93I?^$rP$fC04Qgge$%T~>A!g2A4d#BS
zNY%a2p}ZL&JIH6`HAg|I@9FOwOuN(f-c>~!3vi1*e4?>2zLihtrkTf1mg9B{$qI{K
z@)2|5C)#W~cNg@K!>`S9_eFqUSm@R3IevVY$roBMbJ~jdug!V-*HAl9k66%Al6bXB
z+3Cb`AWN<b!Li?`29Lwm3*oBRXR+ic&zUzkx$B&1#nW6165i9pG(sd_nmkWs@|6(K
zhe5X|An%X0b8`16xwr0f+^bz1#Y?}x0avD|a}PU#qRsp1kFaZcPT7i1>`8ru(a1Sv
z37QDoWejAnK0kOBWA_HYCT{40ITE#9&V~~t)csk}1y<%mCs*SWlPwuDMinaqY*PI-
z9^1-#|6?QW`OK4H#^G2ekXzb4i?Dbf>HA{(RYh;mokltS^9|*KzE;h;)FHZhKkhZh
zPT%Hv6514_boPu<&N3vWW4?*;WXJ@8?TKMBcwGi%FBNwYjsfAM%Z!z@bfiL$+kFc1
z6TRi3;0708$zR!mCt@EO@r#$8;_Z?UDgDK#cYrW05uX#RCOenYAn&2MvtidQbFQK+
zq1*^RJU*rY?r^(5+X@?p^qalQLLTLg4{Zl5)|F(<jNmwOMUwklKytOvY2~YbZ)e#Q
z#HdwXgxCcx<yF?%D`Van5|TS2i0=UCVp0a8ol0rHIy|bMo)_OlCH(gLw_5g6;Xyy>
z=_m`E&uo77vK`jE;+rj(drZDTZ_XLrWbDWr30QQ^L)vPHKz^B5ipx7|(CO@ZN6bM}
z*~B=%?F0I-r!VSJ=M1w6nbcotzIej5Xy$P%V&-ZD3%?vO0tVNq_Yv8p=(X~8s26bZ
zP{?5G(o~D_PO8);n<-|qV-(pAgqhXzwfdTlpStnv?|SoEAqc$eBU2(R4P$JDvPp@z
z&I+6-%`3KWZ>!1#laJVJlG^3;4;Qi4nGiRi#uG0u#=RC*P1kysCMgwm9tO;#YHh7Y
z=kC|GCD)t}BYlaV4QhB;vH;CJBoTd9*^nxjNo41iMq{r-K(>eY>QoL!^R=GeQ2NGA
z7360))0I6>OmFh*HnaSiFbKKgXIu)RSWO6SxN}jWDx{;u&D`>$D7nn*li7h5_Zp_2
z`z;;!6<98)5tmvV8k;F00(7Oi!&WLTOXFgJc1%S)mOv-QbPB}L`)UaJMEv@VF0(~f
z>a0PuH}!5$KUX^0vd1fCdEYH2@Rd2w3Am!4YTUh8C%S1iit7RZNBu5v)lB3nrzBw4
z?ig9&ngKeq7xhhCwFTu=6ao|5v2(yI7?K-FYKl-ZX*ag73FF!&1iqtYmr7re7O)!0
z)vB)!ST+xr(|62v(|Z#b?idv`O#ZGyhqU}$Is>fb$U#vdcL%xbQw{2y(k@IqFTg7L
z>F;Ya?@lw^HGIg8)PTk&JAaW1V!r@q*u^`D+}vTxZecsC3)!S0eBJsrp%wxLNBFFq
z_wyOOXPaoXRmh1p%3*Qf3(Ef#KFJ1P?_a-9KrigrZ~9UtKdTf#MJ9IfGZN)49^@X$
z!TCcNT%5!C_hjq;_mOp%!fbXBq7_Yo&^sXI#ksWB!r2?+#L^T&{v>9h6YoJR8#ie<
z!uo|!WpxOJpN^^l=XZ<#lLL7n8oO&YKE1+xLW>T9C>RT{N&fpwtkZt{GH5-*tci>g
zMuK8JakpGD$OHcAXd9T(wJ-%LOn`0xIW|n-Y=meHA%Ouqk<EPk19wv@=L`r>WLiG1
zqBH~wv+jcC3m|CmH73}^Znb?z1k9Odx(Mj&@~k{UuW7Fj^jvfC+~wmL#iwpPFCgb+
zAD^7osyngE68I&ii~5KnFz(rdL1C94JT$i^OSB%qig>|bKD=Z}9kxor4A9n*HXDbL
zd(gRNmEinU&VwBJsXoi0ErSEP!xl8fJc=2&x7%A;h*eO9YfIHg^;HZUQ1;zZZq!L^
zt9QsZwNt=HkmGI8)Y$9UP~5Yj7Qr;7(vER7>&vJsiAL4BL&YTK?IdGI*GKhI#uua@
ziw>gZp8HOx+2V%_rH$v3-r%kG4=Jd{;fq+H$#Fgs0%b~)Iv1sgJhR>^U?-}nmWCcC
zx|dYV6z`@yH(hl~)*_S2lq))+W6yx6<VL@?JR(=e%MJ!L-UQujS4riS49cVQHm034
zy|<GS=2h{7S_V6%OVidAw&_ylOf+ItIya!p?xwDo9s_EK-@a0Lo~2-)nUm5v9X<!5
ziV~(TDYVm8uU>58ME_zg9XHPsSX^O2VtPs)+~ndmrgh{tYqyq{ySoU)x}plR6EmDQ
zk4=;i{j~Jlhqz6cKS#8sh5qThv$nd&#HB&6U_g6Q5u%xcM?RDD_#Q>d-N$B_OR&s4
z9L47R+&-;teTx$o%>(&1EjCA*ZFe$~jN1|y=tS5TWDnwnGvb01E6@_?LcMD4g~KYB
z`g}b0T(2v+K!ra1)ejEOW8BuBqbT-sx#umQT(}DshX*@h`Y;e^W1edE#V-3CA$Yge
zjmx=3Ug??J$v;(I<DW{$dRW=J#VpQ(Y5MGk#}%_a%rc4H;4(#ItwS#3sDR=&`U$wr
zb)>`HxMz}vZFe4D%W9;js-<YK2|l`10{7{n%|n{tb_8EvEpy-2*sA}Q|4F2p6@PT6
z99mvfWIK@^o)@*wRAql?r~GEqW4is1F)GTffdiM|tG}Ih5%x<qkW;0CC%RV8yx`en
zi+&U?U9;V!^c<DQOaf;XKmIMvyKax?E#`_P+g8nv6_q6r7hlV}yCby81{C_E&Ptsz
ze5!T!?nHoX_D-Nb+|;7cA#d9x_CA#_N$-|8P;T_AI3eUh<$DB?_*ttfKC*DQ%P*!!
z78rDox>@#gV-98`GP+H>AIF=X%yM7d0P+O!evTY@*6?a&(Te13v+@qW0#qh=ZpmM%
zS^A7*o-NNcX0!BVTR|Bz1n_oP&|ymEt|=0nEK)Ogc~cX)Vs-<{UiWE~0`gcTwJn8J
zsul4?wv$T*PCLU63Wc_t#pi`7&DC_$N~)Zkq!)K|MK>HUh^OsVvHD)tstlPu<cgUB
zc!E$E-Yp`hr5tEuH1#8IOeMqAsJRJByQ4#l2d#<ns;1}(jx{v$_4%mSmS>dAzgjj%
zQ|mm*5VFF;sRWz8EeR5*amkoiYi=AiiK!`i;)27}HZ-@L)3uJ$h~D6C#bh5fBSb%;
zDbs?EK42a@s~E4kufo>uLZ}*_1RP%IMlRMe`#37#Kbhp{$FD~@dNkvm0lx~g?i{5@
zsj1HI73r{01>HMh+D@LV5#`t{CGC4*vX+l0cTaP;W)2imHU%S$I~i(4$X24gnp-+k
z#+2Qorh@ep16uQuXJqi2-z4k=P6D)upMbJCGLI@*VAf3m7eD$?7agVt#Y=lCX(tBG
z&#_9Vz1Fss@ZCusjKty_1xC5uf&|rZ$)Vs*`DhR5C~ymQ`$NyA_6tCua6T|cbUA;I
z(RqXa&HM}4%BPcI`q<MZ9G+5}Y9vb}n*<6<ZYwT3l*8R`8S|(Xg6vI9?n8^jIX|10
zzs0MFCM-nP`tc6U{Lk%_kMl5N5qNTHa`;vj6{KYsvEx)z))9>{CYG77Kt&&eVr(4v
zWkq1b8VNli2-C-B$G<ON0r-f~`gp-A>_1j9Aa)#I3GnMuTb3>Ex;RGkpZN7<+KA7O
z+@1G_xttqqd1(6bGyiJg;k*RfHJ_9!yfE>g(>>R>61}8Q@RICodoE+_mbP=8Q7dKl
ztFtcJeX0TME={3<z$IlrO&X6lL}-4-@4l7f=4?g8_j+XZ%lP`f9Q$-+!OwRLvo<PA
z+NmYsp(s5?OtHhi>g78&U4J3{lrV=aK1aE4=6)@Ww|n>!)wp!xani)ICI=f{N)5Cm
zOXD|Xc3DB%7!BEBmx2VA@>+%ShSe<b(jp!b{!ruSCY_--<~oZwS2cPiS{D?gwKnMJ
zCHcM72c=w~2HVkyq*}FSgA(Ho+J82KU$#4)Q@}RC<)H<1e9J@_@{q;}-Y3989g<4u
zYn_t{a=$rM!Qr`m)?*?(Q!P4xE;@BnS667~)h&v9vUjt&Q8T7p?(r7Dxc-J1xh#C~
z(e1s$IfGR*gQMiJR2P)}cx;Za@wi6P;I`JpX8EXu^$oSzI`*N09IoAWBSwp7@}qto
zFx1ZPf08Cm>WR0?<G!#LstcALGQpY!GgbDP`&EL~XZSxIz@Z|+6a#(fJr$1c_z)vZ
z$o@5Q4ilDFrG)R?&DA8$i#r)92w!5sQ<`pX0V~4?%k}!3?^OysGYPRfaiAG3Jvw^D
z66xHY2jIRJ-!U_jXn?#n=f|m(1;5ln*MAkXFC98RD25zvc}Fv3xs==#*<C<}N*`*Y
zGLyBYeeoKF7|F&j^qE_7x|#WDz=C@$$8U(fuqmbu$Fdp*weKSZv~G3H_tNm9$Wu?g
z(Fp|&VWhDH6^6%J_#Hl4k?1kUo7CO3SdN|>Ry#L!5OzMt!HoFARzv{#>wF@)9=Bc*
zpA$Q{;ccSI?}vm0!9==x?due*%{L70kFCc<&~1a)%SBLLe%kE2v$8vp+*QK3eGTT)
z?5P=4&^0t?QVORa!VdPCEd=uDBGrY8?g;vEafYHS<IB;6Xvx!?I&;Q%;l0X~+--j5
zvEyfc&^45HycpD%X%MyR*m3<tl)8o~xuKACYAiwN{x`ZWaP8+BWsw$mig8<lHVjGo
zFxZykS0a^n)IM}q3zj$@*5cNb8DC4Gb)+S51K|BRa&xub!7A2!rs19S|KscJ<6_GH
z|Nk>HXQngL)tQ><N^xdXPSb^AS|OY>7rJtBCNoq-5|V2|E|xQ=3u6kEkQRFy#WdI@
zvV=Dwsue}qW!X*0Y@cO?cIl1%z3k`n{@%X7&-e5Gy#CPbCfwAm+j*Vm^Z9t*?~}^A
z--9;~hx%&5Vs#?tc4|A;m3ZK?5za5o+k1^0`(|htSv}UkFNVaPv1ZQde%^q1p+TCY
zj4o%TF5P3DltkX{supn`r<A#4jt8>IaRH6}+C;FM*9Z?i8@>QCcnsYO&%W9qS<#bJ
z2bPw4?K1A{S50n#O;}obtP?%)WZ@VDl3m`{TTpzr+xS5q!gzR;aa$i`&HPiFpV6S0
zJ1uYsEO&!bwsBgOWx9e%_lVGk5AMSyve==<Qk>Ulv+n+?JcBZs`RFAcU`PJqk8bt5
z(F}vtqMSz_{wF#77DXj`BJ4AD__mf?%!uc<Moimw1m*?2K%mj%ovQW5KodIgaFeWa
zKwiY<g!n<mUG4^F)w`y8JS7`7CEU+zL1O1>B^T$yVNMUIsR<{0%!e*xH1;K7)I!th
zd!ohD@-JmePdaxu$^0)flyKn@1H96qQ5rb-4}GE@?U)1}=zK>IC|q{UTIE}$@H!#Z
z%@?WHA4a-XNC@Tdp$wD!c8|z9Wq+GGzPVizxrRH3;pC3W6M_w4WX=HV3&e3UdRb2+
zw5U(Z!-^VzJW2R~$$`y5g8rCiu*g(q%EGO;IvJ+*SY$uMAnf>RlBPK0P`-~Hx*}Xq
zPfbYpp_Ee<uh`;IM<u>mLt-QEn0(8o8TAQg0oACE@=4lZbrBMc|1n?Wj1ERsDZ4**
z>MB7oHS9?@9Xqsw*;AuYPxa?!>ZbVUieuN-#dG$bEfZ}x{joi6t@TuZ#+l4c{N_V(
zNZc!GqLb~|37G~3UoziDQ$h>JgSaGOJpcrUe{)6`eKRMI10G+jk^i4_kN^AETE=HY
zWoD1rZ%v+PMK-L$X%_Hg`14BfKTZ&Hr{1%oEy$X7URj<+x%NMf>r^iyNk=d%fgLiY
z(L_C5F9)>-F8|j}^WQ$gU@3;-0!*1P5=UH&GOm5-AA2L!0uBx>*90wkYUGo13?zi3
zv=PjcgnV8X%>XFd=Xnh{8V?FhU_~HK@b~ehxCqXeRS@w`;fs#Pu`dHnF3U3<*h{5I
z@{S7<b2;-D)MrTT+wf}sPhhF?)aJ_Rl0CkgN%3qF#|4~TQ{C`x+mPGar~#=W_xpXF
z#qd)g>{c5aVW)&SfJj(8vy~D=d4sjeigxN#m|pTzuxka@cJCNlYjcXDWd9f^mBe*Z
zF>{sV;wH9e%&)Dw%+Ycj^CY-((@?=zS1db^fQ7Cx@{y^~NvEJU+C+SKc5EGJ)V#7C
zJvrW2?2uD0y6klTjWC^1SyvC#%el~Q?Rz#N3mac|M5CSepx2lwBQR4fyM#|Au3WJU
z1g6ZhN5k5~amEi{_v2hJjkTCDuU{IdxBKTpIRNW<lbzw&XSW{vv9C68AH~tj59p+a
zGby=|yLD>sXKND{7-BuMx|Qb<-X5#5xn_Qe%J%VB9+T?4PgdmlSS#u|A*N~l7SX+4
zTKlbbh3ld)vGm)!7U(ELj|(gY<Pd3wS{zNW3)XfP>r^3|WqRJ)b59xCOPon$F5WJd
znCA6kgQa?8?Z<egcq2VStl$}>$vZhB`Q?_;tjFrj@%eGM^F~<9n;l070Zr@WRU}c+
zD~4`fKdmrdqg7bu4HfHsgkh1K<HcUFIrWYUA^~QxK{I@W)d2Zi9E|cJHl*_5q6Jp^
z#(>P`clb4ZyRh>ys`U15Z&wpbH`^>H!Ce0NO<;H(<p?g0^y@`-=j9UVfp-m0O;pqY
zbb3~b-P!bx)uG2n!yHp)iC#IP=lNx9mN=G7S(AedWpbR?0B-lmUL6lC)9~{%M`Piu
z?kH@b!ZoVuog>?c#_dOEsI1aJQ$A;dJondk@;&31cA3TB20qP`-^pRumY)!z%%*nY
zQJ7Vb{`M~8b=-F!k-0L(W+E|1pV~}xG}skUzopcng_rk`gD!U-D?jr3`9?q-cI(%P
zi|UTp6yZm9>LsHK6E2mqm+yT?@wx?*aY(Qnri^f61BzXY>eu=YY>>FDQ9v74@nP-+
zi(|+$IAjc=^-2HJfOc%n_mr$XmsUnZ>%_UEd(4*O-!{9kY@3d|wIAWNSgqdYwa%1d
z(QLc7(p|L)H43f(iP#u}F6!6$lH83L*~Or7!-89&uMh8NkVJx>_=3=l*2>b*Bl-vz
zndNIG*CpywqPe)+?vz@T3Zv-6jaOUn8}Yw3NJ^t9%ww&`Rt@2GYMRz_;-Xq%WON(i
zzENf+YOKhilzSRgE2tX9+0?}+awam*ZkNFxXfvlrkwq_#tY<huL_`6IkX=eMjyt~m
zKAhWo&la@aVo4u2?$Fm-k%O##DscT^YgzF|v%J!|#V#|6i}32C6b+#DKDyQ7KXGrZ
zZO244qksf4gTG-Ti^s6rQzzkU_`s&N*ab@BQ)o8tt!3ZZ({EI=g89&$HQA`SZkgHB
zJ8H;b(g$q7xOO&3YQl^kw$(#Uk73%kUCTSAAM{F3kYX*LEk}kDFL&v=m<AW5{cO-<
zo6q8CLW)Utly%Emid6riLAEHNmkk7<)<I;z*<@~7XD^dwPOgWTjBz1_ytg~e0`k6!
zzdd-lgzHEfRnKk0l6~5(uQz@uaeew&a_xIjfI@if-3Z5ZRO|x1tP+4t6pdmu&u}!$
z<Z}gQw<frj@<#Vq9TqA$Bc51zB8*~1BcQciOw8h(!})4?Y12@(h|PFhr{dedo~JHx
zxPdIUdJ;}Kc~BV3vGB`nL%~Q$cL9i!?$|@T-r?JBnT|NJ^E0p%5fW3w4_TGxwr>T&
z_Uq-w1HUn@{?JfH!TD9jA2O+3;X(Mbz#u-ZEzYL6dIife7dT=&{JxpXKWN3!KUo4%
zd@f=B|HqhV6E<==t1Ly6_^J=t#Ca>iR3>T1D_|es;s$~&DG@rw#QE`^O}1boeqv<2
zL@WtKj0-bFWrhVf1MZUl73l)nW4I|EH>Ln<>#HS<yNp}1QC{kFAC2s$6(Fm|Eds_1
zBklrdVW-LYq=M=EKP@~i<p%<w8I%E%E1<t`Ly~urkPt)S9T$@RpV{)?pzvTH4B6FM
z96zwqhEKLXE}<p@w*0#5hs4ugr=C4GgOL3`KWU~Gw*-Z1wc%H+=7x8Q+}n`dW$eMG
z;QQry?%U%<Q93+5cI~$g`l=zN(Ei1bHO_;;*9s)t;}QPjwv;mB)aGw!g|+sf2GAEI
z<U`+8|Iu#Xr;1npqYME~d31bi=($e4D&hsO(am}ChVYMat|TI+tZW7EwLXJvd3!ft
znne>y^}0wUaXnOnJC>R%zioxNl}DYd7q2~$An7|+nFPzt@TdmrU|Sp4v1D7H%5yND
zD;gu3#DpCa@SEGuVrmALnMK$i59QMR^(@z~zbXqn#A5sv1zrGZpWM!U=uGiODLsn0
ztR`ZQCWRflMI#ujB-JS?R(jx2gHG)>YldF!5zs2C<_TMx43~u-V=M;vR1OAte?WCp
z%~%&9C6`>6ay$EaE#4!6L#pBaSGVfrA>7Uzdg;lJodA!&l9GQyLiBg+m{05kSTcPv
z(Zc$)O~{sT5)9m1eOC?IqwlSSTiz>->^m!(aj&<aDCrS@+{N2VDWS`zHpRp<*_;PX
zo;S>nru09%w-G;ppZGbc?tIUzuS;bgW_>!KQ|nVu7#*`4b-DZ0O6JD1v+6d-4(~`i
z`&}zHcpgv<f3vt#td5@X2kB7Vm@oCHD#Yo(pf$ZsI2ZUn;Zr3_JU2b!OPOI#Rpc7P
zIFPhj#Gz*mtRbwcQ;KOa`crK1UWcn)HovnwOqq9tOQ(jHdzNoxtAyQmo6!q|A-3{)
zgJ#ZKB8-b{B-d3z6(RTb%6Q*-zF2TquUtOK^9%iSxjK^8xz#Ruqn-V5@l&_J?NcK4
zUSsbyK-|75I9_z9$l@Mg@EYsmC?8(ssr(i=cT9`Mf$&x9Z<eD<A8#V<*5)cl*C7)0
zlxDY&Io2t5BOAW+kMaO%(t`?%<hlBvSRSY4!)_G>Pj5-zJ{Q?m=AD-375xTrc5q*A
z4y#=4f5#g{D~?R;wG`bSeFRok>FP8SJ!{HRr+X~77tn4g&$wQrV%`wglu!hoGgV1-
zJ8#~lS2iDbsTVA=qrS`)tCNC;vf`13udj9$6mfQBW<|c#k+X*=RmfuV8?Cd~ohLLI
zH4YCk>0`|Np88j0@bEyB|Jc7EL5A-5M765%f^O=&ch>xbiq9fyCN}U(B`$;9-LmY#
z?y?G#_1)<Q$tCJ3TLNH)m)HQQ*x2V85hEh{D3kX0m^a#>mWORTw<ha=p8X=+L8Hkm
zuUM&dvFt}lZ}cV?zwF&(=k9l@mtzA-4$6ZfJb8a}6;|fnDt77))2Uh?`P~D|Mbo(%
z)8-@11sfDK0XwXKKa~JPyS6Cr4NGN{L<d39<GG`Lg>DhG<`CxK7W&CF^j+TNb=Q}_
zB9tqdtgi?orMC>em$qJhnNh#v#};=zl;<IXMR3$OJ-Tg^mHu>OgvwSFY@_|&Wzj>s
zS!0DpVxy*`UeLAhQKaMAlTW=R{=VrgoaMg&3*ixlGocffPrffHS1Nel=efCPybv}m
z-KgQMs<+XivAGCTk<W!zX4n!_#lm@qt%n3&c|2ME8q(=6XtG$9YU*x6-%Jsu6%8IX
zL+jXIqX|4rO?&V`BCc1sY`9N4&i*A*Ur#6X>!$5wSVF!W2_!~IlFlI&W;sbBe&V=w
z^~mDr9VXXtt;iuLDWwrz`#ziCY8pu1{5-Su$e0y+^;=8X^^8~K)H}U$k6zGWJJKu`
z?$Hjmhuqi1W+$pR8NB1gh|6ORv8UUbZ_=qBz$$j)!3|i!rCQ!ycX=~J$1Bhw+aE#K
zr!HnE9AgD9<z_)>1}+H-mFiswunkLfV9Eqm<Vq%nbTt#9Go=tM;)C6mWei|r#j|n5
zid#cYTXt_(Fq?9)<VFfi^^dX1TodOY6-oF~vAyQhE27u-Z31g`!q0Y2&9n?o3?<wB
z|BiP!yxph}UTH%nn$VY-y0}aWHp}~|j<|ZD4Ei0RvlJ}$rk&)8UlR^@`t^QSt*}vE
zmIlZQgJDqnc2Xk(jCFI7yml!-CvMCBPkzAvx(UkRNC=_~bmtsGx+|fRPjN=aO>Ik}
zVm$Q}%U4lRp9`c{B*tnbk}>}(v3P7QAR_~MLdo=haRY!H#?A$)1Fre=fQPezt-dO8
z9~Lf7n>1l-gE(@qNRfV}SZe+~ciqa*HyG)L9~C)8SZ#8<-JCL(n&v;~kz8=0Q&>}{
zcRY2XM$hxAx4eJdPW0>7D_jP38U2o^XuqSMY#lRkV9A|o77@<T?U3&kHuWJvZrRJr
z7UX6l6Cx?@Txi@<KvTK5m-HQpS<LK9<cotQ+oJ0x;}KZ$ad@{0^#ig>B{5;zyIP0W
zvfYl2St#}BnRVOS2%A)MR*^^lNo-y013)+Eob6&q!Xmo!gTdXXO_VQT+AeFzfi>E*
z5=~f&O7wD;H_7wlzSZ;UKy8?X$}HB<{f|(|QM>ibeD2Tjmh%ln)z3R<zsFS9Tyav<
z0>HRC^zllLJj9_*0l6>S!T@T}i4fB<sLK@ng>}f~0{y^oLSBtVTy{0{lJ-f-j1!S(
zju|~H<njR<_GWfgp_Y3BUt)7`yE}knoln3<7Pz6q{={*#dryz)#NAGAQo`4d^zyy6
zqTji-^FhYy?IhJH4RtBu4YBBnbF-KT<VzjaS9c)Gd<~Kb{as>??CpE@k{i3HE7Mxp
z^teWY>;+ngCtyeN<dCECkn^*foGW+W@b}wr@xz~E@y&l64vdx(c(C{RO=wiVhT_9^
zl&=)!o$e<W{{=ORy>mglSpMy(jf^S6IFJ!J|LPl#I97tPMeA$Xm$N?3@%I>iY>`H^
zsSWvuiGNiL#%Mk(b<*P-u#tPCi(}xkD0BJ>RFREf72HG-=T5xkbc?Lz7cf5{%b=&d
zHDq)zQ*f3@kIC}ca8y;nX5mM%k(hD?DGZIQ7ps42@PURu*x(X5jfkD_Qe+>wb$mR0
zyT~GgwvOrqsM+qrzSwaQlKIOKVmM!~dddXZ%tS~VO+wwtr_Wnuba!W$xoTwYOt1xF
z&NM!V%ff1Ttg`M3v<KT$kKd$lZ_akjYGTYF+~I75-bby|MvaksJH)TihxD}It-D4l
zWKK~(06-X5C|*PG5`gv4!QpF$zUgz_FxlyzO;P?lV`A)33;y7qJ+tw_^@rkVm^!yz
z88zD|DNTxbX`1|@%zay-&BpFsyCBbPCEpXwzw!rI?=FRT_xYzfu;(~CmjCv+m@8zv
z^r@=Jo7%khr!>JOjm6%#7ime%Z}BVQ=*3KGYGE`c%Cuwrnq;kY*@h7e>QIgDSqoGg
zQCp9<IeIwEk)S5bAQ{^6@&UG^@jw1)6`a<po&-j0-++ng0d756a&3q=qIWNfhfk9J
z>2uyn*c3mh>mAO>2F|vxw(Hb$BC)*GN;q=yc0*!S%FiPH&n?KTsI~d3Po$Q38cE6f
zt8iB<8H&_U^Ly+*;^#K}k5A(%y6<`~XIVX4Q1^;BScliBR6H@_`vNTIYxz`M-DGsI
z<LeA+R6aE>^?0I1=5Qv<T-QG%kdzsTp+yq3)U`pfBne1Apn79$Htd$nugG&#ELsC0
z%RRLdLmopnSG^*g<=>c7g5FFL+Ub}+fIu^-u79Y<w>C=B9ohVb3b5pq@Bj_9@uq&Q
zara!XNU3Ghhgj&=c&y;-zD^0tZpQh=D6)A2>$whh$(Y?FJ-EG*T=og4pLD`n@2jkS
z49`z52x*cXl7D^umcp7Lug!COaE5d&^|_#nt*O*FMq3V*2x4u5Z)esUUF=@HIK?W!
zhALl!)kz$>8w`%f#WJohXlf&HnM0X-E;ifMi`cpx79IgBV$B3MCl%7!67x>^unAdI
z=yj76Z0NIDH0sq3*V}vm`#)I|`yYCWJ1!pbsAZL}|K8C2&(78V`Bi0nMH~>v%)Qct
zy7t=A%AB*<Ir;IH?Gla~>L9|lAJHILS2$TdgD{kMhS$t0|G7r>+ay-(^QlQ@!)KPl
zV;^y<+ohmzA^tsoMyw(Ku52U(7z3TLIx$f4H)zO{()6v(=!9OTfyfXL^`Hd@Y`%08
z24VnBf5#3uB$z8_yV<>JLn)Kt^S{8gV>VF}M$<TB66LC~JzYjTIO+{Cd=BiE1~Gox
zWfu16{iJW+(ZA<>zCdEadMXrG)l=Iw)8_bV0h3fzkcWA02Gw2l_T_yfxtDL$a0UMT
zwV}S^XvP{oVm{|kKTuaPoQNJ~j|LG$Q^JrDHTwM9rJ|>=mSY7jf;ljBvr)WqU3U%X
zpND#NGutktQj)b~Dte}x%dR9-f6|zyUR$Y`y<15sWLFjZhl9!_;)mUK-2Z93JX(SO
z&<Kq^_yz8|VU;Gyp#n}kqE+3&=><aYC-StUa8y2dx!cXr<zB7){QN*JbSzuX`@x4r
z0_^$J>}WAGbqUKuLJt<0=_*467zS;&;+YPmpi-C>@AzS>guI=7nbbUew}&KLT0Lf<
z*E8DPcD72%y!cZ;xlw+<CYoGbq75FqEyk;@dS_k>ncy?M>OOz(7Dgs%*Ddqy)5va@
z;=+OL8ack;8OnsG@&4RYO!b^<6lYwv@r<Lwne7^}i_Pt(hIJddvzfm(Jy^qWIQ_2I
z<PaV_ot(GpKIC+uQ3@^GVdeGi^1-2wR2{j_PbUN#N73u28{&Cl!gO%~%_dt>$5UoF
z*2ANRsj#EMwSoIl-wSuAWQIOy$~%|U$-m@2fP1b2wwT7Od`?J@k@NZ+nHi$H&phv>
zGSit7-=z)WNvmpQ3!mVJlEt$J+M(~(!9xG^5AU&^pB~)j`#o}KgeK_^P|!N>)EbK}
zsrX(k=h&?;GK4GmVKzxvU@y;e9@p;S^Ap4W=Rqs)+<P|GXRxR+9w5D3Inc?F;aaV9
z*RK{@(PO2Jsi}1-6o-o1&HwJ#4o>{Z`6;e<`YFW!RlR(Rr{^Jyb@jJWMdJcG{iYcr
z3(^bn5BpOvSu5_g8o$~pu{`Y>AE}w>bj5}$K`j%)Ps8>cJRqJv>DTOtLGS&d_1vMS
z+0vLnw#rq?>klP{(3C6k4f_Q)j#8V5tk{H3{0n+<j5*0Kg3<PGSRVnga78BS%HtSh
z-KO#{rrdka(r!_YBqt`c*f~#)5<f~UJIFuFdhlN=n20_L{Yg}Lwagljlt=XqWD`}u
zLXmU>2ngr(*29elDd#yX8Px$dI-ZlrG+yQBEVlgC4XY{WY&YY%RH$_vos}p~oTFY?
z&mR|P8j5!5ps^Q$v%K*~{r7VA)DO)B5uUymhxU#SViG~DD(%Db3a72<{3SU7x~uM8
zW>_;iW;8W%=lf{`Hd&VNn!Hpqy;rzfey0)1c-gO#y>NMJ!>`jisCna6cIU=NQtzkK
zPo<DR`!vTY-UvG_;3ifT|Eb00HY8!k^RE<DukV@}5Jk*t;W${3C4Q2YdTt(XtgA%4
zlXS9FfcI-o;ur~a;!8NsZHYfS?m5A@S4$Eh3-WXMI4bcmUCfNZdy&|W#j^K?@W8>Z
z%{%?gI%12i2FLCO%b8(~(2z&)wF}C<91%s@*+U8KDRO#p?TA2eJTrV*tbawk!<wIH
zwVP|WrRL2!gIn-%F*$>GCz66aA{t<~q)x6yK?{dAN{8I}3zG6*W`WR51d;<#X?+>g
z*OO#Crx-b%dKH(+_vokZk=Pij7JqjCY#{RN88q@_Ep=*ktvOF3y&6j@99Q)khx!qu
z?;n?5YeyWB$jeI%ZeTYvA@W*F5I%%8uHi=#^_Y?bn&;E_P%IfL-=J{F*G)2lV2%HI
zc8A|33S2IgOxKE@HKhN1<qr()RPst6QA4rVrBZ0Ift%a`m}m=zGQtq#jLn+G`k_K1
zoKkhMhmUQ*_J-<3rS!96%=35)eoa6+p4LG({9OcQ{*Uh!Tq~D?0(ce1970YFZ-Ccl
z>wa5g5jwB)JcWVAzY4U+{@Y=FMzFJJ`_N))sD+o{+OF*wuI}Um?;}WW9Ww(MoCtZm
zUm*a5{>>uZnZUOO)iQ~@Y>W);fRUU^5GZnKLKN7)Pa;?_^XJU;=W_^)=Q@;fg=@5n
zaqN(cSVqmnRJ=?Y4FIK#YXELi@Y_CLgP>eNentS^P2%{9K+TmUFsG5j{Xl*G9I27$
zxGmdo$x|8xZhP~G9WP1Pa-$XG+{D-QXxuvcu^F4xbc_((H7Rz$Kd;LVyQ(pPD#x6B
z1LUwsoUY-_f(AP;V;<GzLBh2lc9G$f)kF=MWJ}{c!JQh~W<qr4b*r%|SvOhlBB-Ro
zF0&S3fCr?oBTIIeEwEEk>?_qb;qj96MsBixChY9o7R0^D{Bl!4mpqTw^W=-P+L|w^
zDe!1g&AeSK7jK&fOfk^@O1+}{rrjmYtO#A)uJJ<O&L=L$m^tP*dD0TcI<6?S6Feto
zr=y9^QymP@?^0sj@XbhYoJ14iTntU97buq+6kA_Zuv;X^iwrHB#d^=RIVOE!5VYJu
zofmLL8RzuWxLLTxDZ~7!m*zCp%DbH@cF~xt;0D~Pu(&}cJ+z~}Rn%s3)8Scm=;XZk
zd~K#+XU61dS4>hcD7sTF?N4mVbK3T4LcIw4KtX~0Ru>Z;9_K5SG>qA7#}_P?bMC*;
zdw9R3Tn_!JaWPwywvq`q%veLW8PIR$Yu7cmLyqU;h-<f3=g0^o;Dt*haV=7T9tCi*
zMV)8?z(4-FSfWuPT4gt#-Odlq(IBh-_@R_{ZZ#g-Q-Ot#2%2Z%znA0d<_b=wSs}&x
zJ}QELesa5l_Wr<y(tIB4lEjT-kOUJBJ0SH4vhcTTQSy4jmS)Qb3e@LILm&(Ua5MUk
z;q;0RVN#?{0!>(FP?R{`jOv7b&|}(Pw|fKVL7BAh-0^*I)Ky-JDyyi8F6iEt{(Yjk
zA%rONIHG}IpFT4ANP`p9A5pW1K)X62fv=8~h^#lhJ3V6nZ1Q*4ZShA0C){k^zJgv0
zGbp~X*p^DaQ-vrt$mar#Ry*2WJaL6j7=5FXMD|=PgVfydW#Q?5@7G(3E^h}vq)5o0
zqX#3{w@c^#C@*b`x&(9m-M2^tK3bG=wxK@sD;z+*!j_q96WZHU$g?R{NgbMe*d`y@
zViQN>v|m#l1C@J%4BS&X@ZqLnVlZ5v7T!X6=RP8Rd|@7R0lq9_g+7*|gvj3*pMi5&
z2J)U2y{Z*nOa7o!K_kA5%#(8#fXxm1PcyqKF$x<wjm|(<sRdZ(@O4`Ca~mggSaUeR
z+fF&1pG{3V7<i)m#1ZRsqhwK+3{98+5WkJz|B)|Qw?a`aTUmG?5^hq@YfP*iU!G`0
zuOGHsiFD^@60AafTW<1nsImn7XsHw!0fW<S_L|$xpv$w9zHS*`1_jU+*vcHl>%!Vj
z58CaMLI=JtRT#7Atz}OayIs=NYgKm(BD>kV6Yyms<ds?cPpe78h*dX&F0e${y*H$A
z+@or(YUmD=OV-0^N_Eu|M7$6h8>D=&4aM2BEu5i72&PUJ&rN%z=icHXv-a|#8E1Mq
z`?T@TT01ZA-N0pwZkW0F+&a=L2di4#O8OQ&(YxTzz1`*l;bs!@2nj+CGyOWw^l*bP
zy2I^*c$#~6zAllO)<t{oWOftQh!<w7EdAPb+qRV1W;}~Rvbk-`Sf4A1#*!D$*^nmy
zvQ?<+HHi;ylC6Ehm$dmvxIceE`F!-I!df%9{W>b|4tz=?@cYFddP`<mhQRvM*h#(k
zbRG~`agN#DA6N@=4U*9L#DzS!1RAGr1y;kEueH2dhGqPq5&XlZA%}@)lO^uk#gk5-
zv{d<bvp(Ec^ki@79u?N)7B6)9lgyeWV)xD)z@;~uCEH}2V+u531m_SNHF6DSx1gQi
z9y4Y*f~PB=QlsXC6^N7H2a@E+)<fif1;9Rs!2Wgk@LIjFOmN6R$d0P<>NfZapcFtf
zo=<9^anT0XCkg>|b4<P1@sE?WLAxFJu_$<D2u#eWl6@$d*dN)(ry$UQ{<n5Utr-4W
z&ZtGja3bZ$MZK`1CV>e4^N+mo`E3#1mHI@3n}Vt3;l5~~RnBGV|MSWKH$xl<GLv2w
zBj3%0Vc6%MmoO6uSV)ZnSgXUp3MJ$;%fMY(CJ4J8^_FxzV^ho<J$`)F^#gswi}Qaf
z+@9?;#KTZ<v}l@E95<oY7PQb6F%A|P;o^9a(_JQjT4+Wbjxu-{|5-aUx6`n<T^wBK
z!*215B<I|H2qYmc`TM8|@yxj#H5$G~D`~H!{Of6%K4PHwa3I_IC=qCoRWycGK9KiT
zW^ksg0DOU62EKppIG^4;#=><}Kx!`;|EtxSFniS_@zTi#j#CHWtdZVM+qkJ6DYb6#
zxN(S$ZERfJ&Tq-GX~Uy%fi3s@q!A#ZkZu)4b~=v5Mh`3r9FMp_@Ot*pWvNapBMh*|
z!^u<#>Q6Tm2i`My<c)#%fL&T9!Cjr9bym>(>K(&g=+&O<p5{~jm%>fagZlIi|6D`3
z4Ymhg_(~=Jbs&!;t+o90Je%102szxUQ60`?b}0{J>wS_Qf%(RFaKmz?%}Nih4xg1=
zG*)3~ydGjnymfmNnXzda*R{%_lR9Xux8MVZcN3hyAR8a<Bon?;<efcN3tw7U%kx}0
z+n1VIEav{!m8Bzu5q#9?Zi>ngTY*S@(dl(1yeS~QzI><Nlhz2&xje8OsJdJ?-+j7M
z-4Y;MAB!CioR9KbQTFWhzV7^_p^V(@DuHC2X2@3PcZ^Ol6~zm8b<nq3zm>>~vHM`1
zAga9QrVVv<mT(|r{2}eTau?I_z?3FzMd~+Ak=BtndKhTwqI@X5Cv%R)+7_X4i(JFQ
zUDK?z%g<N*Wk*wpF`4wreHT^{;#;P~;EC^T=074yte`25oaG+VDB(1F{Q%(8E8|=!
z>Sh-~aBNm#_dKwb6V_FMZD0Px5`+y#g5A{G4qfH`7LIhWP8Q_(4;w8>Yvrq$w4Zg{
z9u4cO9q*y?hLY`hj*J|aFmvcU=ywmHSy`tSjQC@>211`srV@omOypSgr-x;!5paLy
z(?ZsN>-_kU&cs&Dog=N#tHUNuTIbiLK@&g57Zi6@thYIbm}Z_k)J2nZ6td}Dt4>$l
z`Wwoh+Q=QWy=|g$D8qNgu#sFmQY4>IqJ<9c&DL!jCP6<&t}r@vP16hZ+-(5ho_APY
z#PE0(zv&_qw5zmdG&ag*1bf>$d3U2@Ie;s0y_*i=ytB@Tn)(<L{F)3h<Jp%a!l(9a
z02Y7VCyVj;=7b&IaHv@8TXf{I9CIJY)<aHJ<1SElXILqo$+%|4{D-*i(2i<nmBaF-
z?Q2}y2AklMTO#2Qr#$zGy|(;cDrm<u)o|o%tzz~b(z|x;ZpbG$bcHcXCxtjaZI=p{
z&7f3+6|c?O4{g3iKM8tO&~3M-Zl#G3$KBF^pAy*7>wCd#INiiOUHz`cyc=pObMeO}
zXWEC3)5SrXP}S2Fx;PHk3oCuer<|rILuVIr@WV;xL~aG&eq;6LT{rm~o3&m7BtWyR
zKIjbr-m{PQFqHD*T&?Tf$a-EqmH@@$Jw7{{0yP~EOay~0ufn#-8i`MdQjr@!$9kw)
z&{R|y`45B*^Igw6fPsQe)n?ZaVOJX9RsP^nug-8*y0M_(Qc&Y@4qzyQt^fJ3lOvl{
zS1lPOgO8OVi=NV%f2jCGAgc0xFE2<g=FA&Kg#5<5x8}FWO}@H#EU%6drnBl=(7IBl
z)9RDjm~^9xpn_9uFf><kJ{bb$1JWSk{@zCnnc50(NqEFR^&^fxl%m8+-5afA^czC5
z*w6vJG)}vrcWmKpEoR~h*{lx241N|{B_jghQ+DHDP`6c3OlST;gwQ#xfT)&o_1yVw
z{A5_mPX%4!Nqyu}kG%x33RDOG&)Hwbjc3h%+DzkAs+Q+K$(~dIlVUZuX{cZs3HL*P
zwnxP5drgGQvw^Wh*qml~o!z*OTxLf=>Wlr~cK$)3QQd}u`-9r+OR1P^?AB(Ead0O5
zh`+wfy+VYd!$n+vn_yezd^p<$`Ma$J>WvtND`LWJ;M1Rv>>Zm58DI&R?*oaK)U8Qi
z5|rq9(0Ueq%F`(S1>~Pos$JKxKV5Nt<*IKOx_!D2FYc5DUo9{dQct>VL2fyfsB^kK
zw2k`MDE1lLAjO76YF*Z+@^=;fq9K6H%=$zR$#Lu9?R`2()|zQmvM7LEaFZ^VF~;7-
zuV$d1bc?amO?hZ4$OzJWN*DK96DlEGZd%XG(`Z6KDP-c<WV(cL@<SE!J!=)fnOjXo
zYM`*UBC{fraH7@c-;yzq3F3qWzb3eYJMvWz;XI$cUfcNS9<FJaRy(1Sf4)4MEWEAc
zPR(`^<wk^dQBY|@sXt~pX5${r#LMgX7OR=FpssDu-8dU(W1{*nPs{~HvON+v9)+ca
zeZ-=!V_K<;*rOWalI#T7@j~4`ewSi=e0NyXg`~<%-)6Ub2Z?rpWO12m_eb!*-FaAr
zO+0;+J(;yq<Jk6-#$!^MV4RON&nvRtk$kP7&k|WB|76+Ir{7~|yVW}*6Wh2Cv*<Q?
zttqmpLM2jrS_y2LM*8isdYLJ`r%XkArqlO^UNwS9U8uq=FnH)7h*v67d(_?Moi0Z*
z@viAoX$8N7EYDhI9aUuwx*k=Yp~Q-vt61-406;MILa}-~Kd17zci1oO?ScbKeXx-m
z@*eRQ_<PT%(tkh3y4)+1aAP1#=vkYapaAU5j7>okWo<~-ts-M_V9-K+sDigB3u8UA
z3bGTC@&NveO<%ul%3XWijE@U=a3EC=9pESP=Vg!;r-{>)O2MK0*^vXWa=RgfbiIxu
zVb4(P>Yc}&`>%yHM!^!8pEfxXkb}rI_{ip0y=G|E)vx5VdqWARZZaW31c}@+0$0y|
zt)92e`i9)7c5y2d%o|mvn71=q)PnmbUXn9Lapv}En#={7MLQRFsE`iltBqpEz0TbE
zoNco9>=E~8kp#v(eM@=Y7IU0cgXDLz3I%%tMZ7388(!nyfJ7Mi?K*m-gGTZM)?E-m
zE;DO%g1un$rHFWyuf@(U!iQ3WGkNZ=Yn&rTMJO)62<h%1G70$~q~kXC5c>9HbmGvs
z<85QrjXCloi%xvZq<NPwVDqIGnpk+&Vp)4T+}8??n;a;`iJ``6aOMhusS<7ijp$g1
zB&`ZLuJ^3_^{H)f$dJNp-Nc30rTS09cjw4dye!jJFQ9;kJv*S&ozE2k6~XDkGRO1U
zGO9q{BTgJrs6%DtuFA=T)2lMQ?6ur}NPH7FLH7BEDL;NJQ@Vd)kveilaD@mgSSn6F
z_;a+u$>j7WfVGS)w##<il1$rn*d%ocx;nt_7_wbFF){<PV~eP`SMM!H3AhtpQhqh*
zH7Num$!Ri<YABB*`JPtE77ms{AV>NS8zNk*d?(NIT&WjVT?ty%nP>`oTs$@*T-&jr
zH~<m|S}5q0qk(g%6_$_HE;H|o8d9qYg2TDR_F+}yjpRZrIV8nW$$2=vX=vOc?Hzxw
z0JyO^)K8E5-US`tg^LK@N7UcNHwq8fXQLmV#YW!fo0ko8;`0478QEo>R0#beRvKY|
z&VzVs<M**cBvfQu6eU4pKkB$`#!wMw!MtqhQK282!2}$6t5XpecrGSLoJIUc<Y@Mb
zG7>OCC14yg`!rEi%kxMx@A|1{1K9I8M@)!2*-bBsq(&UAM9+@Q(aJ!a%-aXkb18>X
zrUkTr<W(5@nocf8wvtE&ugjX>S~d+!lg9d7<I-!~P^4dySdGqG&X)#-PNv|A-*p>r
z)u^Cuc2BoC1M%ge3!GPevKdd_({ue(DbqWANK+O)=e$`s>0l+N{8SFB9|0E|8!t{L
zy^t@o!9~f$o;AdI+*6NXD!v|eWdODJXrhUh=uyA3Ihf@nP%d&7SsZnZ#Q$)@?AZE`
zItg&-%3I*KNOf?JjdP@tC^fGlPRpGg;%(LiW)9i}WkhsGw^M)Q{u5K4AR^P5REY){
zTS7p@3<tN&zdaTphB0PSY&=Awqp^`OdJzCmj$spU2ZQzky8;YWXjI}78vyS2e_cOq
z#zsEr1&9IofBkpsL2#Kyr>9v*aFGVS(;Y@!O@$_XES_Y27JHJPb5#0^$6D#aRp(<A
z_6bk26j$}n@xm3K;>3iDw$8T%dM;jNjc#nyC0QUF7ObG}#sM&*1;b<G-G7QCm;O@`
z)Pb9>_Zy}^mHQ<_f)NV(J$mmH))AEjwNy^3gapkzpLP*9p%6=nMw6D|bn#|I{z2<-
z=PXmi@%IW}MNl`p!b3le;&Pn#m`rzw*V>f9-PY(c*21ExW=Z3<NB7;VP=S(I{S)rw
zjAM%6@C@x~w%{Zlv>~%M|LPsQ+^Mg-Br>4^WFO{JOJ<2N9Dljl&6NIfz&6c$m|1e;
z*D;kd#1c(aaZgid@$|RfO*9B(wRLSH!fPZYd?@!}i~RQLU$pA?lb4uSx13(4qp=<8
z4wFLHPZN-D!s-kuxD!o-cdL)qF!Yr%wtQfIc%TS6Q?Xj-;NsjVJ<>z}@cn*PxN<|h
z2tHdUmW*vjuZ<d8hWn#dR`dws-7^jETizk(HFIw&0Fpu{aOr-{6vrc3!d>H}9;CaH
z@|pbyu}2Orgmr>mgU7AlG|O<vIHR45%qL<u>PRBu$ZsYqoRw~Z&zZ66+~_jR3+zN4
z+L;@;dmJj*`>}1@q(9sFK0<E3IA**F_ut#D_sXXDKE1gf>n!qS@muy7I-+PnTb?Rl
zAfC5>!Eaz2QCbeR{4T~G102Z;^*dYP1Apo&R=zFULeEamhtq-*b0-bSH_N#id7jHt
z;l5SONr!F=Gy&kEy_D)^GHDktw@myOwCjubt6T@NheGbz4u{6ctxjPy=T5PCRGHN!
z$@o#c;>C(&$%>5G23~AU+C8d7D=#Bu<#%j~GX>c;#i<Xdzm)P-NT65fWvG``yMPFK
z24@sGp<SABXM#mY-l8r)30um6OQy_~$f`bllLs~J+e$dyZSD};x&sZ<Iy4WO!pQs9
z5Son0&_pr9T^4iV5_44wEgve(>85YaoQ|^#E7}zKQJY^{ijp8^$e#++r0=%E0?(r#
z$|%vEW5Jg2q4XhaRDLo#vQz85qmB%Y$HdMvv$ek5uEeITi(_V6Ya-7QzW7VVNwalH
z4Px_}Xp(VqL4IoC6OmJ0)P2L?SrcPsVwAXQjC>{yqGNwSQ}Gi`(NFIVV>0t|e@50o
zX5JLUDO3K75<TaT$YcbxYWURQNtppH<~{Q|p)V&6{uy5!(l;09+23|bMqbA9n>r*D
zSMdwW!wb2c-v+=72xXT!pWSt>lBXMCIr7@PPe171^Zk`?<Ih^m<go7=Ima?(koUVB
ztbAvJNT|!2T&#=?w933rdF5!a?m?|^n1kms5uVP+#pq4I`dSjLn>bv7{CuR#81^(?
z81{?_+7?EX7(_JW(@%US<w)x0TbYE|9!mXXl%>EC=KeOM0iX-sVQ6YmJ>%9<V@NDr
zOjJX|@;6wj=7IDFkrq&o83%kUxnPz@->734ch@R5g2ULxZtWz-+(W~L*f=>GJFvXs
zoH9XrdM2xEEcQ3RZ=VG|Ymc)*X2710Nn?dh>*bY3lycnaQHv0Bt7n>n%Gz4cu$L0o
zeiAnrYA}oc^j`eoT=@F_kbGWB9gw!1AVX3)4<|1JEwgp5QsQEWrLs*2oxjPt`C_wi
zBlHG5<3rm5-pM)K7MRUHAR(+II>NKQ%2}mA(<UgTKVEE0ILS0QB(ghPtv_2?<|E4g
zc~3SvB_u$aC3e_KIY;jnoBHLuqa}!iAJfbaY!nB3XoclAsHhmm=v2=34e}jNrV|kw
z#G$oqiYF1)!fS^BfRV)v+*d}xg8vPuO2q0Ox-0g(3gjL&$NaA})&KPop<GPR;+vKo
z&w#OW4^jEG($Pw5`6#cLeu=8)wjt}mtFz}9+7TgQxzE<uAXBgQj?zv5AyYGSRBjYg
z|5i`@x11PMGa6Eo0mIyvpwI#hsW}#;H3fs6sOn6nkMQTxdSN#7djp5Sk$|?D>|S7y
z`Fp$%7m$-+H*aulf&QH%3vfq7z0d}MM3ol^VMt+#9`Gesp@*Ua^cC+hPw|3UCjE9J
znAR7h1zTP;w$yKPU2#;TiR^7Mn!hx>G5Cbf?pT9Xj*({b%Izri^a{+o-b6E#0m<%_
ziq^mqgm6*A9%DBnri}1jspnRPQ!rXbr1fF8;Nn>VT>MB+2oGkNgK^GFnjSZ@&)|vj
za<wA*isfz>5T|z>?b8JOLt%WZP<+p)BFlIm6S0Y3l$wVejnTl<&4o!V{e-*RZjL_2
zba&`k3pCe2W%^vOhPZ6Nl26xL_Ex^qsN@RsxfvB2dfj}jX^aZPjsAO&w?XsVGNm9!
zU*@FVXA96peKwH1q<P%8R{iv0rP$4`Y+{uH%d{TL+$5I#_>1N;=2R`7Icx)a>^=q!
z``BXHYJ(oPDk0Zsv%LF>`_q~!cbc-czIX+smnK4)Evd({{?Jo#E2l32jFUBdfF3PO
z=I<)&_#o!+Ut~yx8N}$dHWB}&btG5OR5$?K4WY_T{;C9XpN99gmea;o=Yn2Y)-R-1
zJll>P^~#pa=*RI@v;WjUN2eR1(N0p1jW_>6M-G_;-6+>NM%mGj+eolaDw?MLX$n3(
zN{RDQzG5RTDJ7jdfdpEZvx?b{@|w}NJqGO!b3SLgNdBF%p7s06CdnidND1gyLR%S%
zdRDl_!gEVTA{_31|CObNcXr<ez{9@jJr1z-+OIbd$2Y9jtKd<3m+qwY$L}l6>P==k
zxP_7d+kwspI$wrzHZ~9&+wxpxHcL3niGL##oGk6>f0_^ZM=A}RfJPKrwI$J<{!|NI
zV?UhM5|9f9Prp>?bCoT<y@8Fq!6*uO@%<D&o9>kO%xdRuq>f%YlUs^uCKQ;QS3Y+$
zu2V)Tcmmnsv_R9fSVmc{N3QJ~m$RGm006X1ZG#f5RXbvxy#IkXb??msK`Vlptlcyp
zIx(TIQ>Xq~NW!&d*FV~Xh*PqaLRMb4=JNDz>%FvI+<T+G1S=dvEG_0+-Mz>Qxz<6C
z3JP6KlLh-O0zRzsr`VbYV-n;}Kh~{kr$z*R)1Y=kvYyz&aCguMI+feNot%+``KpZ@
zX=d>A&}?jrB}_K3%?%(ky>Bbsx64Yn6E@qzw$JEg;&}PH#ks;SllgMrdkt{GyvaIs
z?C}n@!r{;fy(z5`i~({V1)}htE>j*fM<X^xQ{K&^aJSAfbXK?7c)xgRoVXqS&hZWD
zdbbg7A>L?_%6j9?D+t&e-wHw!-rMCm$_Uy%Tf*eA6m({r#^rY#gjraNIS$FcWB`iU
zNcU#=RE1BTuCRa#no`7sFS2pmdKD3v@<*G0(OGNdillxrGK2R`j4kL3JG(QT^3nl%
z^Na?`2C>>eG##|@GrVgR9)cjkc<UaCghe-&#2lOu0MR4nY9dRKb;ox}ULKSLIPs9a
z00JxmK_(k+%m8EzW9SWrbJn5MJow(0yB3G1W^pv|Dn#Kj2sjKxWA}Wa9~|cv!Z<`!
zmFdoQ5>_*tg42CHjK|V7UrO}ycb$Bws4%ffHXe~ouz~8R$K*7(%<*DdR0XC&E}yLr
z%9@PEeDR%~<wPrq7ojor1v`%zW(Xu1D09<^&EU*?_1;Qs8)8)j8juq!o|xf3C!@hB
zR^F~mrZu`)EbL{xbP0XLR?@}fWc8rb;kKG}q<=#(eY^Jtt0X54>7*76a~IfIcxxZ!
zZ~z^x*Kr3i)F}~0HbN$_o=!zJid6|kJBJY~K1jF=&@cdG<GmjP4eZCt_l97SAS%Vi
z!Q#4YrRq$^b72ipu(1<rzm^Yub)N$4A>0X-_mg2}i#2x=D<FAyn%GSzm!cu`v(NF~
z|9()`LuuiigzpW=^AB8_1iVDG{2#%{1PuGE$q>X59L$uVKg$4FR7n*;zpmjAzhf;r
z;GmuEB0|{OEJnV632isi^uHh2|6SHtK#L4TMZ7XzBhc>|<tkXjrt&KZ)VP)a9-KS0
zA6L)P%*wwTa^P>sLHCR#mw>|Nzq)4}&gbq~8AnS15dhEZs6o%jB#SDxXeP!wd)T&f
znl~LPJvqBb__FK!?>t5Jpr1NyEp*q=;01w7!bzRV_dj1~w*}{Z4hXxVH0N4llm%a5
zfGARJp(Mvq-COoTj8grs-r=&%;p2D2u)ufNw_z_$>MOP_VZXbXTx)<A7XiYG6?T&w
z2zJjr7jB(i3I+>j^E7nIt0vpCvwW%mFkKFx%;r6KNzvY(i*3-Z_3ttE``m65WoP-i
ziB{;uj(C94w7{p6QKN5kr;yVsFby9l6A5jOt`eIpR8q?(d7dQIO`1SEnt*g$q3c0F
zOLU}IV}rfoxjYJE$K}{6k_M%6!xl72!f@-U1bGNHa&WdL(f4Z%l|6i<Q=2q10#8uH
z<?k5h6cy%YF@v=rIRKaP60m=)H3(>DeoU#u;%&-y=V{SxAfalLx7|a%+Sn6QB?P%*
zeK2EwMYv3`L1#57rtQE{V?uAQ)H{R*Dj1*~y_Pt$gTA@G*QDRSrCk>nxGakSP?KKv
z2ncyx(4o>iFm@zH^xH5$)5Q`}_CY7wB(j`bxc&r{*s3%@$f6wz{(E+^-!atTz^B*{
z(B!8&aHqjzK({N*WC?bmVLuU6{4=lADi~US96vs3bY-n<X>1vBx0Jv5?T5DMP+coE
z+7i5Hxqp(|@b(g26X+T<y{mSuYv=aaM8Z$XaEZhE^?UTZ2WvD{B>}BKE#MaFX7ube
z)jDCE#T5#d<bf$R(bYMV#$ZmP2Z~4MC<Ga|VuR0U;SyJk=uOQl1L0hsb(1mr{`y8o
zPM6ek_!qv%{9xBo1)4HujPs@t%l?>NDslOG()(-os6K*o6*W3_pD@=F>oZiuT}JM8
zV6n~2i53A3!K@fqx!OT5-uk+_!hUE&(u0er8q0_-ri315urfx)7Jjn(9kObjKD0%3
z6qfOhw(vS@G6V%4YU<r5yZ6X*%H6R_WH-NJ6B>UI$5tfh9=FHe+Y8VVyz;JXHU5z=
zz$D~LHNzQkrJ&cM{A9CyO}VVk*N5CvOQEwR?d~zay45x2LrMIOFG#HW$sx>hAuXOi
zLK(QKUKsW}?)&Y~E(TK9J@!;Tu)C{FCAw5y95zm&Le@x65P>&}HL5w~+5%#oR;y1+
zeR&j*3%J5euq^@-v+35FoC{pjgd_QFWb*TF#<lv}3|sy`Q|zYHk{G436aGHIdcyyw
zQt|LW9n}#@Ij$RhsTscX)oN|vUSdZ#K<w<h@t!Z)L-;VgLdsmA?(a1wTxOcATb?=3
zDdl-}LI-DY8SOHr_*SRFY0v6U*2=Z>QqkC#tIQ5gAF24#O>IMpK9uR-B}4x(x$Yt#
zw@U{H4~c|+e8++jw_#Stv>vu(gNU89{zGxX&0m{|^FVRAx1RUT4^60(=yzNS(9Z)K
z^!uYMrA@L0N6ehgrxpg&ac)noFuA?81???a?jO5%b*E&>zU{?BI{qMvlR7yK(H$r+
zL(jh<g4xUCP3-1-HTBr$Jxj%jthgT}s5+zrg;?2Av3fZl-aE!7g2yUE!tHZzS~^@c
zkXFR=h_W2}qp<|NL%GyVs24VCqeRK@@ODX<UAoi7<UirsN-}fy54h(W0-fC=x|!0%
z(`Z&TRSvPUsoWRYs4Zv#j1>SOI@oez62GHHH;M8e!A^Y%I15j&kdYH3+aX;ZmJn}T
zppSWbv5^{cqo4Q`aod8=jxOWP0J5*`VYD$Gn@tg32bEghUdfSP+hX?Ou1=J~8`|1v
z<`+9lWPA#DRdB#Y&uti@BWo4Y23TTv2K3t_J+ch{AG%a1vx*9|dm9GEgiu{}lTjjF
zj7@HbVWFFpcm0)R|I%#qyn*xh+hy^lIJYoMf#vsX$3_K{S~C4Nu?rGFeV*TQ;Qyho
z_FuoH{VbJ%ZqY^##8NC(i)6ndGDFs5NxUo;TSbrwtlBCimZDxPnBxEIU@Wl3!~;F3
zTm)_>a1;!n|HnfX$WocXn}YL;FduEPV-z7Dk6W{{N0Gcs67$>i1&hQVXDkbgY@0NP
zIi~a~?XY2>J5PDF;v3|KYbU;1p+Dqia;WZ<OlT%KXX{zHQ!@Yheu{;3c<oJ-8auPR
zO|K?iQ>jSxS=Q&a#*x+u`d8?wz$}{cvdr}<6)|tU$~uq+L`4D6o?&|<i3peAMt<1C
z9Jwsrzt6X1hRJRk64#Z7&{m&wHc^gB<9PlxY&qszK09ALXo}ekD&l)Oj_OL*Xl!-#
zR;jkY=Mf661>cd}A*{7(&bvp@`$uTVyvs08KIy}5Y2md40G1Smofxrtwutp|Q?y7|
zZcrE6DB(^Cp&e}^GZ0ce<DD&^H%63(fqcXl2c+6DUtv|T1|B?`!Ul`XJa<{UXjLbl
zbKp~z_WH#urfEKPyK(<Gl5n!;dc4ukoZi=5B6P!<fknsL;9@O09sN*m&GY%G%jy(2
zZ^Ia$W2r}*_0-is94qd6P0szN&ZF|0o$lHs0;zS3*Y+K_7)p8!D&*)GrWkReHIc`b
z*u0&C2lC`kmo4v8d7V&NBrm@1ESs!5oJjeWH0n}XAP>Q$JaT8>aVc`VND2v7E*+1g
zu!HZ_NHZj(`;i`#FX5C?X}jIhWGrX`D;Vg+-IF0?WM|uSHgYnu#a}z`7>0!XjQixy
ztYsU^r+>o~Y-klbdRCIe4qqL&`$U*Z)OO`em$9;z?SA%~1y4(U5dizO{RJgD3d%Bl
zb!qp<dUryD+Iv4C>E?WB%Xe>E%nt)wgu3uQJ;|9qGyf#gu{+<;ISG$Axu7Yc+c?>_
zs9D3?bVT2lo78RWt7rMgGMQ6}Mwt71e3?XO9@J0#5I;fB`E`L!QOtQ~ImGp9;f)o)
zeOL|M?Ee1<dlRT8@~z#wl2k$w0#q<z60i~hi-^dmsHjyTk-4p4qJW}^pn%;9inFar
zm|_qG1Vx;R5-`LWwN=y>5NyCkLBXljqlh-r-L|OM>QVdqd+z<d_1*V9@43ZVvS2N<
zl0{PczxRHg-%~r_)k65*RuRaEZt;fD)(jobpMg%UyKvJa2tBLjguf!==DuL0sGp6o
znw|bnyu?ZvG|CG2)Mp-6kU5uPLYbnC>o0Y1{r8(-KN)AUSh3^)t2HS6^N!G)BqHcu
zx(ye^Z|685>B9j|=8S_0AXt6Zs0Q>Bpb*q^-5(8DKQ;u_wZiG!Yee2ZU(e89t@Q?5
zhM7Z3q}`yvdOAyDU7N<eA*4|WA=La|7R{O#!Jv-wPSIuHxOYEMgs$sm?YkR0TCHF;
z@&LkX6fo>;k6Fu9ElhxUw%=3Wh|k?F8u7#BKNwDE<$IHp;-P9s(*rs$Z<$tcn=cD&
zDU-7vZ%V`1XO%ajpMK0nuK?F(<U`np^Pw)kYT3YR^~hVzmqboUijYQ4*xL)i1r##j
zXqSB4`d3Q1D}&SaL1q~`ldUCJD2$V3K|cke0e>Zmvy$fF<<O#U@}TcS)asq%ZC7RF
z9evVDj=Q3#zj1fjS`MAX^v+gHzW;G0+qDKxx7LWQrtE2k+x^+N;^c7=%1&w|9V^y7
zRf<^sJy>ZQx59NHwEau3*njc<Be{-ue`+VvHegPAZ78<w!^RF-%9wYmq(@Af#QwNQ
zy>`Q=F2`VYkp!|D;X%q=ML*OUL|2!pQE;p&WeHrn<u`^@mb{I{$calrxvb4yQ2lC9
ze{!@D`5QV0a?BPB^gwVC>E-F8Cu_20e6Iveap+OD7iGweO;r|7s5=Xz?Oj8}(`>XJ
zkADKDH9Te4xK>g1&TI(&8PipcQ;QE?N1d)<1!r=y2lNi<;4Jb6<hhJ^P03$A5hp!!
zXh0rL8q`mXaFKA2UJAEg9t3uwhDgh76@hc1eH!$vl2x4nloZA!Cm%G@siw;j7$nPh
z-d_;+Rp8CRG|-{JzFMb>2!wl|vPR|H-#W$dIfdOqm)VyayjG_W>(Xcw)?LFg;;Rrz
zmV`Al0%!?}3j7Pr-;|GOhYQH~!Wz^B%N&Sl8QgER$tKSAHir$4q;!{37E+8=4C*HC
z$maCZ|4kAAej&2sT||S|GI}}x{(Ph4Bj3RP3NYIyt82kTU^#BqHZ`rSW~zTMSvSGn
zGhwPd(*RB>=Lw~n{EvngP-cV*9-)|qRAU;b7b^IGvA~nf3hjj=VXU5(xqJ&sb|Q<k
z>QzPRooRl(RkmF`iw!i%C>r&OT*6ppv(%!0J?F_^o1-Y~ppjce<&Nmn>h+W8TzzmN
z+iHYb-9|3wBHC*UG|877ce{-}>)<>fnA&_K5QO;JA2j3M$v-Hlm+@$EoQyL_d{L_6
zP9oU2K`|K`@*acko@wUpZ^OTsaxCB`wUlrv_Bh8?9?qn!noSPbI>4zsI+$YnERYZ@
z<}GZKSL__Diw+Gw-5k4f&r*f`qws>EMd?I`_Artnc}e9j=tZheg5~~+&vJ7_>Ek`L
zuhTSN!>NbA?7C^-g>+{W{F<r)VSCxWkRTk%EooOJxL;XEZ$<}T#XtHDwK<r{_hn@w
zbjhc9))+!%H?-VnzTB~%@y;1@%Y);XxkYVz2Ur0@#IpS04ykr-UYBW%LofGi@PJq;
z(LUBLco%L=%)tU%dquna4WXCiCfXsDd$s1b>@zsG911I=&jA&Fq$ND+mW(y1*FH6h
zzJw?kpZo!*sSPW_i~AH)R;kl?ezA<8zkxY5%E*17VNW@iseq-rhey)Pj;C85_Q;yd
zRyQgo;nymw=7=Xe)?ZUf%9O&nnBQ_xsdFZzkVOI<E|?r81Lh{q`fcvmB8fSb&lIJE
z_V#p>iUKwC`nbrR{2MA#lY9M$B?5Hz9Y)e}+u%j3bI@gU*vd4sO(Gfp8UyJ}e?!r_
zZ927?(^TWZZTUEVpp4Da5oyvvV<%v3X7pJySm=Ia+zv&$bwZiAc9~x57P!4syJ#F}
znx2+Z5#wuIq$cY~Ko-)!(pmQhOIb~u-7*UHlY}iNl0NdJHHerv{px-k3YtV$nG{k%
zIzWG||5)?^D-TKU6)!R6FrI=d+J=U)mbN#Hj;y%82(Sw^K@?DbZ0J^{>L@F;?+2ya
zC1&hvWjr)erHtcwAr-7ol-21s%CS-1=wg>N-Ssws^e<ey`a4SAi&RxyDn|ANJ=by&
zv*pa$yOhx1(DFcj*IGKkXOIQu6KPIs-+*MAwj*Yb<d1aBdd#o5){JiSP=(imebXQ(
znlBsWF3gc0xzAFh46Mt{)_A|1TqZ2E>C>Mbst37C)=En9YbD*Jy?IF(u{nGRBb~pL
zY!WS5lohKFY*j|`)X8sf#d3AF(rs~Xw(lvdyd+^q3cDXo5<@!5w6kBE;X>zzS+h}W
z_Fts){M*@fdEL=fTWW5>HV9%^H0BZ&I=dI%a9558OJ;4KZ!kc~;N^Rq+tenJ?0rp0
zVBfg?zJ+$<z{kET;$<OIwdgh9%hy_|L3JzRH}R212dOGDSc0=^yy;w!&*67yNEsPk
zk8}8^q;SwWlj+rcnS`@jCAR|k4Xn2(#dWyE<AX`?tFCNzxNA$U27A-P2o@h>s_oZX
z62H!$jQOQ8`h<Gpw)a!f(6D+u@q9g>JUT${_I+Q4tVVdFu2RwanzG~a_IstMt7LEk
zG^(XrjCj)k)W49>gQT;XV!<|Cg5D-1jX3Y(lR!KUw+>jRjGQv-x%Orob~s+FDD_tm
zmN47M`QED+W;;LO7K_lE8Gt@-O@LSUVo-m6*<(}=wdbJ`RmxyYU%f5T3PeUCl+*Ga
zW@j1S1`*!ZTETY2Qp{ErX#$Y}TzFbq)tY2&W9dH_oo5-bjzH;5GPT5xZ48m|x%*hq
zWrdJB2ZBxk#WnT0u}IDGz**zWdEj}-YRAl%i8(G*JRpahdI)txoiaK$5{b^T)6P39
z;_o_1cy272`K*ccS%F#RqLFZl2YdfvX;F$|iHmCXK|M0BgSGmxHYpFfqqmS@lQ{*+
z`f%$cBV)z5pXZql9r}w9J=L(9T&VxIVfg=j2c~wP0d7+z&OWMOMS{%@3mPJ_N4#h1
z7MF1V4WaIA6Z^YZQ)N!KQt%c82y-TTWfPhsMvMQ9BKuzp9xnvRVGJNdnH>26yL_z@
zvFe4g`nAqy$<$&IVzzMSrNHQvNNp;sOY)FCFh0;$4}&uCmE+$4rGSdT2R|jUI7YB|
z0nLn63c6DbwAS+yf8A3>MF8NX&1>T*Pl^cl))@aZ*g)p5dzYt@#sm5@*N+j!i_0wS
z#%_%(+*rKyMH}Gy6qrw13<nwcV{j6x0~!Tr2{^-_Tb3GoG|TfoZ7UrpEIeJMzSoNe
zC=<Dr24e4umHlRi??fV&z!Wt^I=x<@?`np6x#DcXa&cay#UJA%8(0}zkP&b1p8yJv
zKK&Jc?8f#%F^4SaH=S3zWAi-}ju&L?i1qZ*O$KOU#1Of$Je2=NuC@D9Eed~Zpm{5F
z%RRuxJ5MQTTr0zt^nH|B{KZ(Ul}Tn@d8c-?dmNRhB1X$zd7vmowG8G#qoT6Z^y)2g
zQx(Jr1pWHfyoKudH@h<?JI^iBILIsxwb}{#U8&i0gJew$Mn}@ER~X#mxk1~b5fk2h
z+ci}1xqx=-gmBk&wBY*?VW7!rR2{cV3WqHpkRA@n=`#bVY02`vjHno;JiP~uw?sf2
zW)eL6$zON>MsesImw5xianRIy%GugT-w6V!fS0$aSx!sA-o&DCBjtGh>33rLxRFu;
zD_2|_?Ju=)3qL$cBZN4A*}BuvYMPpTavv%ntL50wQEO!)>*`mj+@R_`bZyi<6gmTP
zR9~59o6w{lx%81$8E>Dm2MT;{U}}n?q+i=X4v7SXiXY0WY@WZKj2-pCPOa*N1a%9a
z8>*G5q*W6DI5hgA5-!BHF=AK6nuQN}#T^jqL98*yVdLV@s##|Wos@pb(zPbdsNQao
zUDoHD<xb=`2WhqQs*ctXGj{umM79>nmfb51M^}<z8ab!IJ-)6+C3k7vlwQqQ<FrDi
zJACinJk|cmAEZ9gBk?^{a-6P{f>u{7A6CtHJ7glpi9?EWri|j%%TDcoP!vYc(5taw
zF^Mih#$svb?*oOSZ)O<t?v8jdkz4_}{r0MkC|>p5v@~7o3-MGm(ji38x_bBPQ7!IN
z7mdn>^TKmko_^g*$-{P5;Ov@vaFY8?8m26lmc>Z+)rb}gQ|t<EFf7;WNs~Ezql$X_
z_LfHExC`TXz{biCvhf|FZUlPw;F`?Z?>T^h_l!6lz_EW^cd*#Sh^>C`CRBCh-0`OH
z!&t#lp|CP0c%>%dV@AGsaxJsE#Zk$Ecs3$la?AC-UGi7+Wp(Vv7G8><<L=9Ys;F}%
zX6+xFht)G~PES!Mb+ClBW*uu=op6Wa`7>f9DJ?iFUejHrmXF+WSn8R0Lo7RDBKD;*
z)ze)ysg8SMdJ<(Db||pEnSec7U+lpnhJqd+6D_>|sf%z#ZN;*l6^aj@2(iRBO<&w>
zF-*zbM<5c5=g&mrt!E)89fOxC;l(+_Ty~;XY4z8%o#f7Ci=G>O>s)&5;<sp`>mnXk
zae`|178~Xn#9NdS=5{ZP-5FC9Y!W;eCIUD4w7DMlX;t<}{|fhr?hOQoc;{2Alrx4i
zM0RtFx@XhRil!lk)_=5%9Ro&apmo^HZ(o<GIk&E<sRHPQsuRXm;a=>m^lppyRqU4^
z=>ym1Bc>*iSPyQpIRVXxi;cs8o|PCWyM`v^@iKy~%vIK&<$3Ju+W5V+FX=BFl*5tQ
zFf+f3gPV=3PaZpwPj9WT5Ur7y!j%}07jlt;9CD%0C+K2#Mmxb<fbIAt=(F5w*G+3z
zB+O_)lP)W;E9cK>DBUnVI$c4X^wDp|Ng}y55?irWM2)!rT*r1B%P<f$Uc>qvL=;b&
zsAez!SQhJY2}Q)W+dPmIHh?p~Qie_nCTbO%MXVV?ILnZ0naTx+e8i5a>eEp=OwN+&
z*nva{8al@fH>F&<oNZNN#z8ibHt3wctSeImafPuJ9jr}{aQMn65vQt*t<-be`q76s
z)UhC$>KeUEiGS4sv**faW}BWLOn8Ux!2+3GKn}JQfG4T(00if3w)Ih4>?FBPhdwfO
z>p?oGVqvd1#a<$Go_}9jDjl%7qWgD+3y}DSNZ`v*w^vNWw`AMz?E&jzl8<+_*=JId
zz(^Kk<9W!fCY$Y8#xy#>o|JUW-AVHFCQhelZMG83+rXnL{_BqD|NGfi4>+1yZAvDQ
z3&VEWSHy`7`s{OhZ?6aoDxN0eV40w*vH1Kpcc4nkQj6hiF}rO{6SOlI<WE{CIF5v!
zz8CshzSsk76M`{NHO9|We~q`cNGBIG(!0}F6e1Sqr0$LxQW|zDElGTZJpv0I*`VxW
zm#n$Z<Fvv&l_*j<>+P^r;@PYflx@#2sYoFiDZ8ne(XuvZiv8?nn952$#G%@muzboG
zGk4zIE8F-wwAr96F&NjGVKCoCUDlaxuA&L{h{I&s!bvXutw;`O5j6{H1=*QFd0kGw
z_3NL_oKxxU=rZ4EE*`s7N?ZaMT+1=f4Qa!gIUkhWkVQ6D)wJ7L>ZpyZiA!$NW;KCz
z*%O98+72+K!Yb*Q5__lP|CB+FQgnu>j<K?FUWXk?RL8BWQ*akNHlBLWY|!Si?g#tV
z%s$Krmu~D*36IoQ!IN?r=~<)nv_FUApq}OOyMee?L^)FTxSR-$D7a9=eM%U3^_-~P
zYSpn)hFT;TtPJ#X*bLjZ?2pX(IHt6qH(Xb0Ix<r&pJ#Ow<*)~E`)>A*t>+aB`ma{8
z_R_S40$TC59$HHKx|NBy*aZWM=qc<dQi#<v#e-PqbS_yvwD7Uk`8JtwUpnr+24-F1
zi^MtsM#ul5u+Pi&Rk%0-S7boKAS=_Y7l)I>#LD#V)g%{VM0-@+3s~_d6FNJ{WM+Ea
zsGwha!_@O2SBZk2yh}s)Bt_ubj}cV|b47&%`qM*)aUF{>gRr{+)F%2yXYtb0=T0hm
zc#CTX@Qi!J2qk%ADOfHduIfZ;?2?K@?xN{HiiVJBAtf^oJS6fzFgUi$%x7hz;X@j=
zpM_k=3OYmii>9iQoAyzh(!Pd!oKa>m%g44($*FL8s0yD3Hq6kUa#b|(ak(OpHPokF
zB8uY$9u8N{UcV<^!17+C;S9czYa5&FOsu69M3Ub#GbHfpL^IC(URAZ5on}HeW-ySi
zk7I^Ww^avLk_%Nh_bT>ifCr2LVSR<Q3trj{gpPT+M`p;%(A3Pxf0?;VyK1q;H~h)~
z^%O}Je6^fH1gt$whh686*&TEXDq=s3?m(74T*N;zWB-FXvtDbX>MR*C^0M(T@sr)S
z<CSo~%RS#Z*JIJJRq%7bEgL%2DbnAI8!${XTfmK#*jBf(GTd)yVkp&~70D$|Tzjm2
zV^2a3rTV~?Wwm9Z<DJToKOdWR0+NhZ9AfzCG-z24zQ<DUhx0-u=oZ_^W+ZB2rDd7(
z3boaRk&%X7*qrCat=$aWx}_IRp5_+my!Tsu-~{O|^$a(EI=(@g&(^0%W#*RlV`?lE
z*hVX7eS;tLM;`Iimd8wW*{EQ7s)(JEMM9aTgbbz@n^45W?yI4P@pNos4+l))B&?&L
z%GpJ1?n)JV+@1Sen`QgFu*N?tk}eutq~^KD{K*)%ewK8(tc^qzF*0Vi-;U4}sXu3X
zzqV_ND)jga3Sm>>sD4zpQvR@8g$Q`j>5P$o3geHAhtmqBHRtIpvp#?=3}tWZ8rK9F
zh-qmOJ1v>ZagyVT)-pxVfgYy319ld%2H|XqXwKFUE)x%U5o_Rw#EHjx;Xj$JP9;bR
zm4~|Lr^FSUb~JOGo|t8teGs-klKYjPL~)*Nr5$%<qoHTrMccbc_eJfnVasQ+=y)r1
zp(wH%*(HPHp%2o7GhvG#P3+@l%7)K(-3_qCxIrO;QGh2ia};){FoLm^@*&n~WxUTF
zMZ{>mjv6>9uSx|7rFc=jWm1f44i>#iB~4w_t<iZeBvbDRkzwi4Zo7elY$sN$9Jzl-
zZL$6z{n{vt0ps3cXJ=3=IAMghqlpJHww$YZK6)n~<K=cCo^ZryiP&kIfhGYcj{n_7
zm*Hs30*!jZJ?LB+7bOT0pxlUr1<ST0+<TlYYUgm3eBLBdfF^c+&0*O*hMZmkhFGyG
zF$+|V{}~PgCS_mMVpya_;MebattpFJh>iZ!x7sHxwuo)YqWIbYf!-gcF%wuXjkZ^g
zR6`*Yu41XF5awSB<}&dAU^D>qK8$foij_aSKiq4D6YPz6YvU_k<*NNA$PoBUIauJh
z>V!7`THt&yq0OD?TQVlim|=G_M_zMSA%A5?hsz)&q&Uul9pPj04c<w{O@zs<^)NZ2
zlMCy~A5EC!-nHFaX`b5Mk};>;R!J+oLwebNP78NHMzt5rAr~FXLwWN(R78M{la6#z
z&sE!WcbGCj?9|gXsp@kGHOl@wji{09Zn@4!$cfXa@0zqp-_%gQ_G^Rq%p1xjz>MFC
z_psagDy5sdb~OO{(@as1lzV~j9Sfk_9!0%8yWaQMq$DMq-#q<3KFOT3{zu$fa1l(z
z0I&>p^4Gc@G12E2b#_BC>#l?wO{flhR48{p&$3)++Av`i<v(()M07$gL7nH<a5Hb;
zGP0Iv?A>JO>_vl!7HX{OW$D%|mgP^YB!#$!?WwaX6DFc6aNd)7EerxXe49Utx}1ZD
z$Z&0!A<Jc-Dx7Cqs^9JR+^~S~V7~!s`~AOsX*Znt6?kf{Ia{OLCI)kU=*ktUc^en_
zd{gEqm?!l<+evxfe+b>pCL<(<H#ZFx>u1CO`an8I&0BGwKC`ln1L9`a${_3XgJzq?
zJp(kvJwH(-uG0S2jsnoA;ORuYc9koD7@SvibDR|Pk!XHd;2NKd44{ax;0iaD0$&rv
z2|j%}NGYC-Yi&Ntpa+&CaIYjAqqOnypkdms$pLR<{72fi3_rA8V|jKA!R=wY>TCC1
zCs_y7VncgwWoBsDk}eh6=VdO;n-{1aG_sw#MkaJ~SM)q@69u$G1%BVD)ZZsOM3Zkk
zJq-88JN{*p$k&D1F9vA^t{UZ~F@I4|5^<)(Ic?#4nYr1&1B3(L`?)ZW2%c8L780Bv
zx5Z&J6s)F&58Pw#sAjD0=${Um2p_nBXj`2hq?BF#NhyxAqbL1g(Vif1lj$0N?$A5g
zt|sG;4k|qFl(Cyjm*TKP8E+>SUAev@#8oh3*O@ahv-a^FgElNjVAA0|UAD*Yituf0
ztWzS3(|fS#t7rBWySExGY6{)a3re}HzbmF+I$GD(jIZs64AQN+)^P#d9bDHo>pnn~
z$cp)z`+#m)A5yDb;o`>?hbLE#_SMbOsF3uvB9=Hjf3(@So7L4mVA|~*)a^by!-g*l
zXarz;p=`@C7qzfO(Hq$KH+1e%hweC^&db@q)##YxI3Pqr)?&nE-gCVxAtX#&T{sgr
zrHiW76)AGM5JrE_6ARp4IbH6SN@$x7L)funGVRsV9$oUdy+@3`t2cQY+Ml$GUiv0v
zPeYOgM9vb$>BX%#f*&(g$r3oN$6Qsy=<TPA)c!wdppzKA^<IFckSS~LigY@}g{GVn
zpH-_@Vw=rLZuj%VHUan3G=V!;Q!`wrmGOlAA}S|TZMQVk%#sW%ThiYU{>{%jWTEE@
zNDimNti9UPP)Pq#x-m9KL3QXuBZ0?w6>`TYV+qQl)}Lqcu8%JTuzG&ueh+->RmzIf
z1hP6K;Tg3HHK9jOlaLL-3a)r=tT?+e7k6CQpyvq>Gv#*aj2@kmu2j3*Pc(Brn0OZ{
zzJ<HR8*(g{$b9KhCAwf^8hrrfff*AFoI3F$kNzH$^}+;;&>2{8%{tn5@xfl`XWCh=
zcO0Ls_I~PUl)+IwSt{yw8YRo_*G@Ygi8yDS$P<~obs$p~+PZlac^Nb_XzS*xYz`?@
zBLLk0#b65GgxlO>t)*ssYfw5qP*Rq|{?MVRl=nk)&h}D+!EEr?n)V9iE?GpMZq`4s
zkh2Q(b9mjS;)I=|>F(%Ma|I;qB)GX4Wq-`%R_kr98VaH?koQ}vOL}k)o7qV$S%!Fg
z@zDc8g0cQ@s9w70voOum+b$<quirSRjW2v8jBM-I&WokwNTxP!8^SYlyL{S4DEP=u
z;<5<3{sre8Fj|7tn15HCfWj>QglWX!AGd{sd!b4Ex!fZ6YmItrRBD7dG+1dE?L#O>
zi>Hh%FwK<CAZ)FW7(o87(liFsYIReEavg&5xm{sCPkcFRGC$BfAGXEhZZ6?XW0;If
z<Z@vnc9!%3*fQi9_iM3}={}a({4c)^{1(Wdfxkv?#AG)5Op+oW9)c|<)^oam&D8s9
z%0RWc#o=$rXnvava(Vu6S(>DutBFrP*j`e8>um8r&NrPO%g9TSjnn5i)2FW$HDex4
zzjbrP8rdRLn8xW-+n4v5@t1#0#<pP>=;MA$qM1c^qmzyC+;sH}+o{y-MM3@mLCqY)
z4OU?A;(l(E5yEx@BL7IO!cm8hYGt1TXM2l44m5(&W_ZfXE;4=3PYU}fj3H-2IQy78
zSK0c{${eGZgNAK0;WwYD52pj#awStRx}irQZ{p@ZwHY)f$Hb^O+#+1BwPY80ut)uD
zcKG!hQ{kr?$kHhDj+6+VSF!VD`V-P|-<a~Y8=0TJ^PrL%)%S!47k<n|>ddT~#ruS!
z8Q*j-2N*We{7Hz;4mO+LU%2q2A>Z4|N-_ss(7VnnGU+F~Erjj%c9o*wCJNM(irFvs
zRx=>Mmd$!>ItyWEYSi-IwU5{b4Wx2yncV$L%{<nedc85LK@ud^XbOI3;CNNSAlCH^
zI<?L$vdyy57k@IB@OCzEE$|^SVPiAAgOL`#yB0b`xv*QIsht_RE!*tnrp1p9d|$%)
z8`D_cA~ljmwC_HaE6`>asAof+8HOVYT(|5`J=fouNLB9KB;z~X4L|it;d8Y%lJDiW
z+#QOO!;`H>HAqkO8S*^_a$_AijMezTqrEI&k?_%JI#sDF0}pEb&}AbvXLw@|y7|3Q
zyzs_9qqoC?Xtz0XJ!d3su~_`YWWN5%3ItnsZB|mpX0D^42|Jp&qi+Qs!RQw$s6%C8
znSIRCZ0KglI*?2H!|fDa)`)Vw`Os&S1--kpP~d0;X4PI-b!<gjt-<`etSvlKIYXRY
zH^8)xTOjh=5OtteDAYasteV|(W-=g(O<86*(v^gjw=Df9?VwHb*}`sI$K+Zp&dDa4
zRwBuXl|+hW@!LwZDbMNwT^6DW%T%&!1+0ZVZz#fNb97;3#aGkzi9dQ3ffHnA_GIj|
z^}<y6KxGwce>iEy<DGd$jrANf{k%cDn&IBp*4QDFO>jZq=qB#spvrQ^_d@ygmj?b%
zu||b<9aurP1ro~y3fUH{NUbulcH?!k#CQ@QiV8<>AsxF;-_b*!Opn6kx8eqBg5Krc
zq(3GPREgJ1NAJHafxnFJraV2(EbAL@H6vsNb!Easx}GZ8oH0T5m7@_i+f^|UA+Eq0
zcG+0rX)wz=#e;@6`++(tcIjeD!Wbku@eRoJAiU1q%2H`tsZSNrAmy_tNNJr)j*XHd
z1owAP4FmV4Z3=h4(8E;dtYgr+VRlFv+VWJRmTY}PIeVVQC0kYDqBDWzaKARDSkCg6
z86AB(Kc?7OIvepr!j>}DBs(-RwYiN|{Z<+As+@gpxJ=!bL6?2N0y8x;`>vXixn@>R
zTAL{fMI9&WqKhN*l~%VuVtF;nK+j#|*!f4aP>NmnhKHivr<(O@zeDY!(Kqh^sKqiD
zYV=XcIuvuJxBJs%&PT-LxWz=A%C*%)Pa~OXf5@Y@UI$M#(K8inNzqb(COcF@NB|mA
zb>)O<EwO~vAkBNgxKCl|wb>e%btZ#_SiS$&_aeK_$EIKtqd$#>+v)8WpCdX(w%Vg_
z024sSGqNo|mCWo1Jw+wP|7%q?r1hdf93p-BstN_xtw>9`uEQ`ogii}URmM=W)Icgf
zP!olzepd^dEF!U)3jUT?${7V9DA;)bK1Za3_O_-g@OB3$6t;_$0r4on@s|U(fCfc8
zxXC{$EUbrsh@8nCVZbH5gkO6s51~NuC?JCRblwA!rP941@U)rz?+Xan$7}4ar_rP8
z2DI3x@>#CHCkMm)T=kfn+9*HV>o`0D!$V3IKCt8s){aSAU0+!9jPoH9k;RJuuu|6{
zrGfYj2x<T0g==+O_J9i&LGa?)zpul<Wa~^9mTP}qr?6oW*=+iN2zD^CK|lj{g$`iG
zfb?0W?RP^!e1S0-OvbP%8rukroLChg1$;X&#)B9l#6}DOT6E!<J=oSS#U3Khw}9|H
z+OwYghgI6Ov(C>Fmkv%>y`FvIs9TABuaJq;r%8n+yZ7t{cdmR!`mP|99G=X1`d~pj
zw4h&Kq!J_$$3?iy)7fgtl`<$?u&!LrY^oM@syN}~3hz*}+-0rFT9&h82Ov~msC+(P
zoVIJpsCs70_@}+-V!s8Y_%nvtW(agez21-uhMTBucW^YCVq8K><eV&q>0;2|mw<4y
zBL<><0B{HXU`#uQ=e$!=*B^%g^sxRl%K4!vRcYN0)YX19a(Y??8GZGKUex=#O#h5}
zF0Z!j0SN_bdbw*(7iAL#+ifC^&}s$8@;zp42`I&Mi>&;+Ai~bIMz!dNC3@`Hc~5?*
z?L#!_k$H}pZmbCS-icRuVOy?rRENh)6Wg_jE!9nTcR;z464}&0GL5%<vnD7U*%2Q#
zN=V!IW|=Gr3Q47SV=Aq#{t6;OqhxTxfLB0Ah|r#;aCEGPIn9SEb;GGaYSpk3tzlU!
zc&isBeCmcGfV7*(+MA)*rU~swhLM)g#6c7iTs39<oVLU)ZL$W(gBKfaDSUOyVaRGi
zvBA<OC08W)ZZdZKF=IVzo{|1zOgqE@{5hu(HShd@*3sbyQ|^P#NPg$csciZoxswdH
zcpPa6xitSr91a`9;$CoO;W_Is_b;gddL5B{(f5-v--E4PtO+2pCcp?Q&yJ+4&X*~Q
z!EAl(<=%vH_Q7GL@{qYLmwgARX}VN=a~z<AS_~E(kHpy*vk8crqkwuRystI77GnIL
zZr1QxW<?I+=FtvP?hTRX%uGQ3OMXXYS%WcA73H_x$3v91atWfOcT@8{_Obf`m|N$K
zYezav^c_J&k6_P@-KiA@HFzaVv=)-=@?Eh7L+b~Oc28c1*us<xxj)=4g2(Ni?X-{3
z&kHph7nu<QI#MqyHf(hs`<WUkRm5<lyzOMF2wUUFn2G|Il&Ovla$X%TWeHn=0u_~|
z{G$@Tp4K-Y;a<qdM$%tMB?H<wzkG_8@Vd^|;{x6C%DMuJrR4&`?bfpJA3IXpE^<lp
z^I{>YP3V_f_$*_pXV-{{T@JlM@0Ql`Snk6?XD|Y~*>1|!z5N>k#)6lH>|tvM+@b3*
z6VTJyW0mRG2_)R_rT!^H8ad><K(B4=|1z6M8s28Fi2RW;>i(#!=_2lsmhdz$02|%T
z6=FNtK^pX(c6gP@-TCIHE;-jaEs{a|mo`~rCttnC%0k#k{G%Eenp??#BT^jMxoq$O
zvo#|Bi;+?N{_VON1{!&$EcPE}I`_*ly>fiAYL?_vj1SXz$@*fKoKwp>qJAhwt`2|=
zdiivBo=rj?A)Ja5%_=I$GE>{g<I7ZqF*5`C!?;aTr-II%Uh_;DZTMm$v<qSHp&q6=
zf10z&f!r@;bmE0~Rd|Kos=Le7wAXYH^2`I_zA-(q@m)~>UQ_LR{&P=bU|(+Z(f(Zd
zbxX51vZ9Yc1u0L>+D*0R5ffpDdv!v=FZ%VC<AzjJK!&!__WfWPhhnO#J9NBddbbtE
z)NqjXBH1zJ^kA+Jij~7^t2NW*%=X_rfiKi>rkGeX%y57^sS7ohjp!I5xA6``>AZVQ
zd$5|L64;#;t}LEVk41^7+iFx;gHDRA5>GG5P_h49KBy~7Ym(FKof`6m%QEegr%i-#
zi@m=d4A^UO>6N&|uDMwInJ*LKP(h^=C1{py9__8Qvh&tHK38Q&O>(-BrmqYhFl=8X
zUXFO2qkqUW?CqD9ldcC8Ec7+%VxPiqSGs+{(Lb|U^PgZX^maH73!uY{GU7RHH-+*)
zSXqU3W$1Tis`>W4s;T3_QR@$0xr*mXf%|s@64Fh)Gb5hkQ)Ks8RTrtSbS~#+KUVH?
zIfZKDJ%LUE2~UO{w}TacIAAm|@tBW~H04erB_+y#nJoX?KLqJxiV*07ga2~I4}ZkH
zL!_VzaZ5rKBV<|XeD!HL>YGSPeu><u3Y~*$LsR;|3=o;*P=j*TL}PkYG)4c*ugU!n
z5^FHOBc7zF*i<m>oJsl&fC*t=4V?VDZURY(5Vgn>Bs$~PII!jX%aIeFVuPEVgwA&e
zj@s&LIGRHru<CHbiLW~y@I|L-)4|N}ExDL)xuXI(;W_1uA|_04tT<84{i<VI^mgDv
zR@O27JnG@>1pC$xqdmZ##uSj{#;>1EsXSP<ltu3qBR1;XMRs|H5xv!fiZe~VP|jnW
z$}Ph<&vKBO1cNT<AmE7VcAQ&Z<?vx8Ax>t-fo@$sV-^dt3J@}kcGDs71|%l>>e2{k
z>&(h3kieqnKPt0a_<axqpUaRsBx^L@pUj5(=w4y!`*_surFr|OqicwCW0ry&h>Sh4
zA(7(NzWxWSEJo@O_)CWoe}v@rp2MQfpkrTn&M+FkGZ8^qAiS}+(SU1rxS|y4W36Hh
zXZGoJ&2kz<W}A$dyvqT4P(;P1^#BI+Q?td;+t+=j-o5uPcH1ne#H`-#H+Y?j?Jzd(
zvNOypv+qwcWRan9Ju(}om$lN92i$p|xk?+By~6d1(d?xYe#{o{u0k(}#21$t>{qc9
zPpc`HOSrCT8M0+vkz95H#K{=lUK^OKTua9W){3zc)N?aGcezxm9}2^7nz0)Wgk9qm
zN~(9fm?(_XC}t-=ip;YF9_h^{GIbxjDi3x3i?F6b)N*hAwRQB7DV2Lwym3Q=+O=TN
zAiGTzlgCWs9>f}Q*6&fUn;!V~LKCwPyIVlKsJC#H2#E<tDL2p8`g3%@!6C^S4RSb7
zY#x4Wsy^QfT{zzW`G@)8Y)4}npa}HJ2M+puyIjc?zCv>MM!$|c<b|`9iw~9>nUodE
z*}g*l4WrfJYy!K8D+{GXz~d(<OmBtQKU=W1W6)*#{LE;WwZf_apAvWARyWty4;cg2
z?&+b$${11al&DN+hPUm(Ct;Yx;Iphyr+3>WgPelde?weN7~iDZx<_I6`({#2jk>A5
zKE0oDxlC!Z_D@g*^2F*z&a}P%%LVO9>+1mr2lJh#4j3H2XLDGQ8WC1}PuPY_xOe9p
z^P-*VIeumAcV<~&XQcsO0+uB<iaGrzr$tM#3EzxAOh=vJE}*omud3{4dYmT@Q*v$&
zVH;-=!5_?{1Lt8;S(Mzewe?#QnvtGO<@|CykQf}F4DPS!xB7s#^V#a@vxEyO8I+W^
zjcWhG=idK>(zj%?Efn=lNVAuBSTQ+$YdcbIxlLvW-8|%=S~ae&0mRF-Y)h*;#<U6r
zZXWQi#raCt&Q#vAkM}6s@kpmUE<!n%Aj_c>t$!@m#CEQNE-!Z^ZASw6#e=~93~f)U
z7@2z0vxD2JmpNbZH1Qr|!ZmqfzdLb=>hLSlc8pTqyLK{e*FPtQvOd#iyuNo+xcSBn
zjnIm^BCUysdONh_Cd9Pq7~&q1tqi_PZylv(hxMpb6|J9edRv@BzcF-_I~#d1t`+uk
z!i1pMZwr^46MycqUYl4##bnUs&y95WwNZfzKOP%*9;PC1t5kiPqm53x2$5UbmSbkT
zX>T?u13(~`E+#jJ%}_RGHr&liK2wiJ_5anUb%`nFpmgl%ZcQXxwu}ymnHDZdp443&
z`&e<4jU?V}#{Y&|df{<%2hn-edUun;=Z%dkeDuQ#rKBBjk;^R27Gjw5b}eRiw?j4^
z<o4y`qd$5@HsEVDcJRquWVOFA7A#Bi9=MSpT%}3q^F-;^S4mgg>dT{UT<O;eq6c)&
z_;_1)g;K)0NO}AM<Oo+PrFB`O&C*GpCyc~_TXc?r;oo4J+;s@Fi)TW~UUr99bVT4`
zI=6AXh~1d=o)(%d%bg7;CQObXeELSKIm2v`!-vdXlub#xIJrWRGo-WTdFvwTk<E-{
zRmR5d*#(uBHeoM{ozrMF9oo#Y1@MernM$`f`rM08#U^bqje+jv-&}k|n`EwK2E=@B
zF=&TiTO$hyK4ngPTt2^iJ-rPvd&PrPgk+P4kerYF?|It)6chcw;mi!r#OnG=UxSYa
za^h-=Wu9%kb)QP28YC(9BCgzEH~6(fqoRQBn@ojWP_+%>p2#H{5DE0J4UhofZeUae
zskow4MH+DHAa?pw+XLCdugEboyGR@6tcue7eq_!;`!#`rhM}xuy2qubThn}nEXAxu
z_DTDUVGY!b#=g?6BgqvYAWW|v8w4_TNpJ0jq+j$IkP~N*jPqg{Uj2^Y?lJOaOJaSL
zWx0sW5yYc|zi5ohK9u$Jv1t;7x|#>X*Lw82EgROEwY#ik(D=fNeiQQ4%&lu>RXw6&
z6TH(I-ppUxV{IH4sFjN)b=mf%OPf%e2xr;YlP_C)i0L<b%9UyQUt_h%h<*dlZ`>;7
zj>39qOcn7ZsNeL1p<c3M3kwNm{k+FK{zfMXUErtbZ&PlY)#^FWU-4)%t95rVuZDYd
zrujfntgez$u|8?6ge&n}f9qh$PrY@DSjSf<8sOjt=8a-byAZasRch!3+HUm6DwH>m
zrZ2RV6C?MB8{OwHu;t*)Caz6Oz(e#x#kv90$(V)cF<}fk@4yeJZXp=ug(AG@*tW5|
zY*ikpenAtY=)z7+>g7VWwG6bj3;O|V@gQm9zyNe&>6QW0sr#*D;+5(Ch8S~d@$?Ti
z;Ud2j`?RHM<pp}zCIh~vqF$P~C0{uweW>5yx0ug=eETioY*f9cc@2Ck-eIYb{hWdy
zp|iZlrw|W6p@L4-GWlHtpOZGgjw%=W1q4peqycJZ;muDJ=iNK{#P#7rFj*K}Bo;S@
z@D1rT_t*w6%mKhcbA^yf95w0G$pL1&@9)Pj&Kvr3kH$tI#gpb1R6_0Mk#F113FekR
z<erIFVz2#yo2wO;9)JBu2iV3WH9tSzh>uW3Vf2LziGaHxs!a5oYPE8DiG9EqQ{K9J
z4*c6yT$_<|axJkEP4+B#hFVpNQy%%|j6SDp4SJ&~bOw12j{BZ8FK3L^Q%2oN)BZX6
zA@uHMLZ{kt@gRj*^t_y<GCK+vh!p9tJ8@~$EmaeHE`SI=$J@qmob7Z8xAzJ&zde#%
zPp>w*`RHEN)6W-_BE;I~5lXprSKNslC2MO=Bx<Nl=faakv-)I)Tr}vEx!NJ<1ey9C
zRs`+ZTq+B9&y^RHcWW-25tiq2e6;-r1|GRi`l2!RVly&td(5UZYjG9>>jL?P#{9uZ
zt8(b1T#~e*$ogW5s!#_8EJHqOMe<9G;%ZV-=3BsWzp`5oiydG5q^E{g(|HHJj8UK=
z+NrW~@9Vm9R*+mWz7uX^xl&dask>FCl=C4RNuAHrQf8FtXCzw^n{b90Us#fXwLvEX
z%$Un%5q;f#n#QFI?2j)(#@u-`4jE-ooS5BYrsRu-p=%f<EH4tDzw?f<LK4)=`ZaC^
zz15bJtv+zi@0%b#NB2)m*Vt1F(My!k2lv$H%EMQ0N~_v%OKov*_5imX#wBjG4YG(4
z7JAkbgxiq8RPPqoBQe$`Vd;Slh~PwnEW{y11V!y6MqhBadJy24wfmK<YfC><@~hnF
z*T@N<O}i<1OqZa-v@G28nrnnZa0hG(R=#vdMZA2Q?c~0V_p>oMuGNDNWM4IVDVR9D
z1~<K1^UP8^_YC~KFoJZ8qDPERg?4sCW1PW0Z(~_jk`~!Cy&mb;zcSVwF_bo5{0C#4
z`sX(W3rd?<ERUP1iMFixVupb&)#@UB%(W#CUT4e|mPCQpXx>RB>m_$kx8yx|-HVCL
zEaKTm8Gm8Z$4$6ItKW5Wtx0k?Zl<wn#T{kj8vu6C)X#jYit0qej{cY$*y?<FVmGTT
zN6lV_S_aX?D$X!s_evM~T%ULmb!}bJXB_cVf$IIoDcCQs?jjd<ajoX>MJ+S+v%g))
zp7e_J+QP09fv{3`l4}r<^j~V0m5%Q>_>Sphhd)iRHEO@$wz$o3u4O%9oRW{AN;LeB
zN&p~e#^3#LNhs`Fnhgk2cH|1c+<|TTb*nv5nbqtL-NZDC<lZ#vTUk$pLWLD>|Fz}#
zuh(UmUqOy<BE)LAl+hmuWPOd5xe|$+Kx&VMcuTkk0JU!rVLRPu)Q9rTqg!y=M+Zyo
zmBF-0&t~hf|M8N7q|SfQ1blRjSgAI+hL!a(B{qD!h<wsD7k7_W#ocV<v)Q^<)?0Fv
z8cgWEUH}5e29?Z_wxX**SN7~{X9j;ocv2oJFSRHLjV3P}Mf-nHj`|xq^M<rSTe8aG
zmZ-~0(BqtgUL~G8cPA|K-lmS*&S`_6h4veE3ztdM@h?e7wz8ON{DiVf2gW+_t0sJw
zb1a?di=c1%x#a*%vZo}Qybg(poherJEIY#q?Fgv1nZ8QW-CyCl^C#fiHQ!N0@_NW@
zs>-lpytanYbL<C97JqDh_o++rsLpgIf2n!wbO#l?&E{&xqE=Pt`K9p+KmGih8kx@f
zroNDI)F+zL>ZkyRpo5ttS&$(cM||&uE{|k+v!rP3LN((4jY%1l%}=?HG55<U+oc%9
z)08W(9udl}?@$Y}8$`mbvj>@iq&J7LAHGxZ#_$69#_OE<&)DIcx0gzr7G-f&%UH)@
z@)@^aQA7&yy{enr+CKfIn*JMF!N*#Y#8iv+*@3t1k>~ngc85pxyHAvA#+~Qpv0)$`
z9lOk7AR(f${suA5J7pl2*bXT?kGp@sPR-Wp77rSj&_TU6gmO76QnKgGQrHpL3NoRw
zgVobWZdRg&w}01?%kxcc`*ANPwh*|RmgL&kq8Ld6m)phhY9*L!d0#aFr-S_)eC({P
zQj0HYg5K_i2#_qq%iT?sBL5wxSs9Z#S8O8rZ)JvrcV^v$OOs?Q-T3wx5qqfTlUStC
ze2T?fYfqD#3*FLmu#G+8d2f@kT9SXpgPhs>&9aIdyD@{f`N@M>{pRK=6$1~-lp{)>
z8+C_glk-j)RemhbvXe0y$33@SR)NmFH`U&2{2OOkJ#IbW{UFUU4bL;1-585@LSX62
z!T15HYZ$ZFTw%Ry8txSIo!M$lixb#|I9$31@t(JtU1sgT0+wc51$EE9%oRK8JVWjA
zgZynvW{Nb)f}IEyf>YsHl(zMp%<;q0CNjZs1>xy-v6svPU=@gk7o@MQN0hG5r~((c
zW3}I+R5*QFcufQrgEkdzI!#LV1yA-tLx5o!x%x(o<Mge^`PSLQKnO7NHR=}hqAjeg
znII-xSBg3|P8^^UUT#7Jy@l|+&=$D~jTyTrh28gU6r0{(+|Q2}v7JB4B!{<!6Mgsm
zULol3u$`Wju_sR%v`8aF9FCUvA{9lHJj`FaRwZ;g9C=ycv_v?Zs5!i3(2#d!sRC8(
zr}QWRRDrvp`{x%c1j^Iu8QX4~S*x9~-QgCkLWHqgi)xeFN&lBCoW*vQ*?x|bjE%_Q
zl}*Cpao~voeX2o;ynQb@a&ob_hdDN5RE$WP%G$ckLAj+Yz{WdQu=@=q?`LwaRo*KO
zbrPm>^p^1<B?RG5Z|^gfhR$n-`Qb`O9Up1k{Y-4d%j^U8+;zF=sfkWXfsV<Y8P#%6
zB<>UPq_%<Tb)Q!#quv$Qaz;ebd3X2WMm@(!(PB2PpI#$!5B;*6Ra7j0e0`@X7K@YS
zwJ-ddP39d{4)2zT>bh!#MYb^_)U5_y9yPKV9|8}dU3krma}auWv@o9-S!S`3_6?-0
zmz3hKQP-b&r1N4kH_A9@9CftWGTY*1rcRuO&^FRDk%p@Vddv?yl$`fNxtuUWG5rwH
z{)^Gul3`7&C0*Ny;We>n_~IXp`0uW?CpQ?=<=%r3Oe}W1`AKa5bDEmBun8U&-LtVv
z&<%A-*zVC8dNgW!PoY(_#p`7V_R)w>W9a00AF5_#Ql8<&W8J4z(%Mx8J}mdK{B*GO
zp@LS?q~!j<*fc8A9z@rdtfzAd0xgL(G~t~=PuTHBE%zt_k*mGLm|IQIwY6A2%d@R!
zv_f24%%HDyKH4XMO$K+1Kq4_T{abo#0_q*~xjS;_vTy?#{0eOAw2B7S5o}c5M-XDy
zJ!9ehZ*_3cpw3fnA%efc1^)X5Q?Y;IP!v`ss|z(le33})4S2ltPNlU6;Oe2CpPir+
zAzdE#pAqZX#yp*@;I$+Yt3w=z<T*yK$ZoCz6>-V`pn3ZWSW^Jq+t>M+1_DKOK{ugY
z(8?~RrXjX=+AhEn7hj}MR|3H7?fdliKw)_g25C~Oc;YPR!oFTSfVu`P3$C43X5V2*
z13eMsc+L!OA(EpU0fEV!8y&an>RwIJ)L@IzQ6O<3Z@KWr@}6;i3H~l#c3vCYmA(WT
zI9qxmn-f=vQRgNQ%V)WzN@@e#Bf4Xcf~n)!QzO&pj60<FGSg8c_Z{ubRr)lUbvsT~
zW8q*4l6RM8j&Amlhn^`OkK;QOgo7ZY%l&D;38Q^MTt&InbS0W(Wj?&@b{TmP5aN&c
zk5)Y}%^y48lpE|xsbZ~z&5nbgdLnIulsgZ=mM4b5L@rJj$+!pfc6KL-7ACBf+H6?-
zD5HRFsJ{D#m<+Q5l1)crIjAA<w`|drGsddIJB}W9$ATvI<#7twXB3ooh{mgEJg)I?
zQI;!L=Vud~HuJdOnusI*OhM*%GZb@%Hw_qXn$$N+x&Per8I4c2%nmiEsp%lHfp5mM
z+V}A<x85sZH^!ijtbdxvHK8B940dVjuoG6N@4}%yzaQfZVq<#PJ}FXs-~4*5yDu54
z4d0fg-JsznDKgc;cRLI}y!O%0T#lM*+BTFU$HoI=?Igk26njSnjOu?6>AHDn|4wq@
z3r`{BZ+qVu&@8>i>(_pAmyVkj$#MgVl+;ih3Z5_>w%;2MP0<hJbZ|4YZmz6Dg>=*b
zG261bqRisQ1wAyS^wwWNbkEJ!DfZ=g+#`>SwDV4ewG~XABqo}5Bm~GgX2!`ibvlGK
zu+-Fmzj~ZSspb#z0q*AkMO&~_ZkdDB5euz7P)=xPPZN<fYEF|fL2La)wExacm1dt|
zP}^L)KYZMKsZHX=wNjJYA+gya{Ud2)b}sU4vs)nfF4EJRciUuciBfk%$mBx$Osm-A
ze6O<g%ea2M!?NF`t$tFr%*H>X(9*@k^j-UMI!2N7(}*6XcjeqfwMXRx5qS5p#l!{7
zDIgW<bl=V;3$OXzY}2jWnlED=7scft@2CCrV%3rKCTOqL1^`X`k=9>iS!9Omp8iU=
zGz;)Y0^ww?f_og9w5~2i@#M&B;@d6zBMn_Qte;m^8-MBSI%wByG{isHLQ^tUhPt<F
zMq0hq7)OEW=hdfTmYO*sU5*RQtk*vIwcAxLy`l(qugdP&o7aFd;lT`SEp<!5EY>ts
z0n@y6wB}+rH9>BnmTh)AW{S<3VMY=rnLQUob+hiPI0;h!c`KEci>C3n$eYblWxx7B
z=~0_kii$UimJLQg7Mpiwnin;yS8P$qm0K<b<FB28)QtR5wVE)kT2SpT^na4B+)|o5
zr{cFJ7(fPIH0fD_C<-fsw8q>Kp2Dy$+!h$$rI0duYZgwF`i*;gPi%Rc*{kNvIfdo@
ztm+O8*wt%BlFs!r1%uBBJ+-S?=c7h5>y&=_yokkblwnhk>52=M*;H|65I)^eK;FGa
z&cc-YKA0q>ZyP{7i*?2Tyo*?23y|@<f~e^weR^nVjnTNZiM_Ww_C_c7%spPja*ayv
z)M|bPdp`hVqM81hSw6p7KdzQK7lFM`pi=V7H6_~MHMJGCad}G!rpnvcoK?7cuXx^D
z+>q9)v`o^E7_H!Niv=ZzM5_J_I+2$UH6%0t4f*icQVaJy(TFW~jL-o+G9*@dMT#um
z{_G`}X<u%b+X}B#iz=S9@}jr*s=|`{@;+jdMjHs9fl=+mN;SG^x5%XivTucbK2Zsy
z9zvUcXtQ~5;_WT=*IUXZYj^{;q2Hn5JV}*!SrZH!NX0JPad%;jjKjUy#i8}3j=AQ`
zt=CNw-#!EP-b;FfcbYb_hAlbo&l2$U0T)*C&AaOQ83$rzClpX`X=4n@BmgXd4P`iE
zlXAWZH#J>*P1JMmv1@ubbAWK5!BP&YX_q}QVsZ=3j%((e%eI=#siapBeRS3!7;F94
zOOH+M!2eP>PUebW`!@G_TxBKW-pw!;6tU$_AyBU6ey->XAVDty%3#^=x+2Qt0r??j
z188ON{~$NO4br_R*32yiJONyXaF6IGeZYi;AWhW-oWI2#7EP)s9O0UE*;b}8P298;
zP*FIe^%f!&q_J7z(AR47^>QG@Bo~EqSrV>D9fdhhW(g6V_Wl16Oc1uxOZ=kw$c3!T
zW7_GaasG6al}Z>oj|5Tm_0mr&@gA=Ur1PO8(xdl3%Cs3q47wLhvlg|pK4YIWqRk51
zK7)EP^J*;-lBRtSjM=Bx^E3L|(RA3&m``rKJ{ecqxFk}n=erbLn$|8q!JnSSGVA-B
zydtZ13n^zOYNyNmi|EL!TTw@zwChueeKh*momVrgo_l5z<AdGflUTVDn$(MmvmwDJ
za4%Rd^T}Q7u6%BS1Sa0mWiq<O2pT<c<AAocG0<!k>#BDAYYxNn!AO(Z>{8$x(-q75
zK2S08bPTyzjk})f<t~zHAF6w8W;DE2NQ!4qrT2#y?pVn$_Lbf@k9FYXnzU<{Vn;gr
z&DMh??Q(`Sq<{>8y+rHV71J`xi9l<!DZI6jqBy=9tC?z%ie)mK`WpgPnK0CJI*oF?
zTCNda`hVy;^ROoFcKuJ1$wJsBF=2@alL$COKtON>orDAdK_{9ZASkklU==8?wVH%&
z2rhuQ(N>258X~A5RK*Px5U?mHXtmlRZb+-I3w3+d_xEkjb)9p5=e+0p2Ly64<d0l=
z=6Rm`{@lSWVdjF|^8ISU@sA!!kr`zlH3-^$EBY4=+As!jIx01EoRM1y+fA6=$`-Ej
zUr?;X#Z}P$C!Rh_vc6R~Xs>SVQ%S5Wyi>`^p<>8ltpSDK5Pj*M`iAvyf;HdE-K#9p
z4=AHVGF?A%@Rks#rb`eMNu$o!{4=aRTvYmT=$IiQ2zo<A(w=BL!!D45x?;2re?*?%
zkvO8tmBV*O4eN5`FZGvC91-viITV?VCo;oJY0N&3{gCPS=r>@y7EST?8d&1<(;^|}
z_WMFya&v)cG4HX5GVyLYbs_Y~1YRQOIBU3rw4FFD1T$ZwF%1sJYco(@4b|xBU{#o#
zBimNmhcn8s%j5iR%%ZCJpD$p=<i5`8`w(&Oj=<qcir?`vsHE2|q(Hk`3~>@>@U_87
zmp@8cAJPI6WWR@Sv5+ZFpHx}V+v_@2wDqH7+?vAG%46j8n(Z{#d>XY%8L`NLcDoIK
zUh0!hs`-7|j;<WV7b&Kg<t=Vs|FX}F^ybhl3v5&1x+1z}@bamqQ+ozzlMd-?#zZzh
zDxBR(w)2Baf9NRutFN$1Is%K{OF)uz{Y_jyU#A}Tfv1Mx;_u+vFo7VCc<7y>35nU|
z54kw)Z+K795@(e2?|mw9%*_RkG51e|sTF#B&1}>@Nm`Waep$L7@3MCvNKv^AjG!Nz
z8(ztv)z#g5<y5*w;3D0X#p-yeqnZ3^T0MvF-czw-zHu}qBnNM(;qe+@q)WxA2b6xt
zFB=%5K8f2rk)-nD*&PciP_2D>KH;p%A?B_s8k8X%@{!&b@xp31x6t67LZ$rWy>i?6
z0E)x;+!wH|ItDJjtvBp&niCFv9h;|K={n2e3NKX&X9W--Wq9pEF7-oAtvcS1-P}=^
zqa^PdKxVg~Q9JMV3YztFObi{AO2fQ86l$B-`rxh-!@0CkNfc8>oShq@^ay>TU%$Hu
z`jhA{&Xie;1^X(j5lg!(W<~~lNk0`>RNc?><PMarsdzBF?nJt8pHX}D9tGX;y+AU~
z{^;?Vn6K0jw7YE}neG|x*?Q=vu_i-K<v;&uVc^wcT0QHcg3TV%b>m5DBFc@s+grDi
zwNphbnptBxJsS7UGU|4R<PS=cgM2l1jse@0ocwNEg<xPjy1b0W@3DGiG{@sEi@)nm
zM(C3<hueAOm~7RtN~I+*e>s$Dpu+Dm0hm<3m-ST+&os+e`8DguP*IS$FTh0reNNMD
zo~?rI+p!uziXD3+bGRa~J2ubV!YF#(&-6*YWKmVXF~{u3a_9EKf%8CL!joHG5qGPC
z-vyO(T{LuyP+WL0jh~<rl)1lEgj>$cQ=Rt|u!7E&So+va<-qpCc_H4k$DC@lGMA#}
zFC9}WPR4a9EhgE&#y@XD`EAfikV(co{Zi&IwUKt9g(bJl;WSvJdN~o|%LCw}?l(32
zPhVhKDPi;)EH1SP^hsvj+)-V~tUHWooZ0Z01ImWyW2k5)F;m3=SvmjnaIUGjd(~b6
zh}KX)WTf>iG=K&yHBUx(8%q0`fdZqNiZa0u28EUbiy!Gj%LSuExT6^(#|5f12=I|A
zK*9O9XVC~p52_dG)Q9Oa8!cDKEYUFBYe-KOH0r+`fWO&7sJWN4AtXrVf$zh^2=P}%
z)dz!mg>wEj1A(bw3ykVXIyu>o>XI;EJ1~r%7!J^xyY9eU!L@ei(fiTI7trI^4?kSW
z8rH06u;wXJ=3h8BC@eIH7m+@@4Ccz;^r-De6B6gb#D6kSjgvm}tcf7c$3)UE9QHGA
z;j2d#9$$x}{5Z*EZ8YlNkS}kyS)=bIoa4F_(AS+Kv}gT$Y=-X<9rfw@B86;0fGo^M
z!{~s(qA_{vF|w&^+&bCz+(-pF`(%$K_xEA_4r`v2duET)gi6QNXLLij8}s`HFD0?j
zfL`pJfr_k3INpCAa#cR4K{!=Q-l-jnSiXwbTQPl0g6>MZ=c<^C_Mbne^4NYkTYZ$w
z>>|FMQ!$dS8V4>gF&2!&=9I>7lon5%076mi0xpn-Eb9({Q6%=}wJ&{bq!cZT&HHbw
zm8+)2nxSO0TR_CE{9(R?V6U$iikPo5Nn%msh}CeKUiVBSap|}|CaY~k!w?PRluuu3
zFjic*Q>a+367NX^gK{d{-NMXuI=k>0NU?drJb=76Lwqrww)0z!;9^F!N%t>kgTn6n
z!VY?vQwlwI=MjU+#}Ro+se5Z^JC(+*9E?{fkj*P2{r8%=qEnpmL`Dqk9BwYM+LWb&
zXf{9u8rR^=!K~?BPS2K^X`YO$RNnRR?zv0DaMv51rpcB|9%-F&WXh#xF=-aGUlM$~
z3BB0SV%BYsht4GGKjhJAJ52=(BJ7%lc}qMWg%Pc)G3`B7&EW-Zb)>E7bgs0I{v*IL
z(k0i_8XiWciO}X!koO!s=4tR}bjAqWmt7e)HQWoUi3&y-7bjunE0}<P%pmIct_{i}
zmi~0&HMf|Quzl3RhGUCABeKO`cSudnvnWK=bV{u<uF+Xt>cQemL)QxsKoK5pe4eb@
z5xLQHv^W{{6FTk^y_Xu|57e}vJ}X5B6mI9|8qHoaDzJ%Gxjg91dv_i31@p$wCtV{;
zIY;Ec<(qEU(=M=-WzLdXg|0ED<+Y2!fb~d))pY~*^Xav&b_Zrym<nb$e8CcnrhY4E
zS~PZY3xN+Ys-+WIkCW-iTMsOzr{0w$`oD5cJKDj6ZiEXtpD#I-WO>a~T6jOy4)QoQ
zKq=Xn*u%lay|&$ir+b&X@|XD%_xc>Gyo=8UZ3n3BgNl_uXt*8k(ZDQPNjrM)<9xmu
zg&!_3c;|hGmb3>-T(|UDWCFtV-hEM4k7&Ei)tv0k_)k3g=ik`!iM|<B!Te`OTrEqj
z*5<HX7GQoHmnHhjqZ=h<{Tk>7As<jL2*{8W{Cr0y{`H+o?k{uBuLUcLH;Q=C;2BJu
zxll0ZVAbTmsOaM!c#Sh<KsE#3p}|<CDz{luj&xxrW&4OW{<P%4_zFzn>DQ-%ze#bw
zW++spaTzvG9{@Y+o%EX+?SB1df<jLV3D0*eQqJfIJl-U>p?&s~iWGV3F1r`adn9G|
z%8|ag{tVR+mFHV6sUC;fb0PNW(my3tKT$eT(jknz3)CA=%%xupaEy@S^+eC_vx*mp
zFRvpaavQJ{0rpROiL0aQNrGHxUb_g$Ie`5$jKIR7tZSs{T?+_UAB3N$DQ~{NQj7+o
z;}!<MiU0Um&fq1h{{=nlWuE;#nLlEmPhSQPYJxM>)KDG_P|Fr;q^1W=jqFz`u=v%m
zsirj_+Pf0bkC)_ktkL`LGty>JGh9d0snBw@mDM#99Yu9#W4|X@)e`-tK8b)AZrrs3
zx;3Ip1cQh)eBwvSzQyA{!G;RN>BVxURO=6N+xnpsBZfsF4=_<#D!+8DL_TO|q!o?(
ztfv3;YpA1TrS0N8`t`%)BsW3D9Rvwg!hoN=x)Sf@Q0p-vm;xfUHw<>q;ZOy~N3H~*
zw-twWsp*d>{^LID_`dN2@A_eHv`?}VY><9yVL0V3FJl$9qjN}p7rSZsJDFEITD{+W
zl=&Fi=lwrhDBY(TK(5=MX1p8U;zipi#7_oNSbk|(vyeRqJO}op`gmxsC$(&~4h5w2
zGoPnRkMV#Zlvx^{$1rnAQVJB||MzYP^j?3#+#s#49YxibI1W)JMmLmYgi1T;AgIj+
z2KLr+9#bX&4`?)cmw>}z!v9%`fJ;{9si#T@iN6I>9j1K82h!@>-O%Yrw}^<CXQNS*
zZ<5vle<y-wU-P(B9O1uB84@*H=T}F=yA02FQ~sq#%LSS%^AwEP&I?S5c=za<d}wNM
z#~|jg6T_;0U7=v#qz(2Ryq#kQ0r!db4Q;T_PaD##h<z<k1MEjF)7y_!FzDCYQI6G$
z65rhcEj7^StA1$a5rwew57O4(B4J>?wD3q%F;%yEl|t~!=*rn!*+Qic4~BYJm%LGc
zcW#cwxFKBxDbNTqhDRK<A4fHq@3zo6SbA=WO>Y@G8{bk-+XHdhiwCF^mo6)0g&FY#
zdLsR0KUz(8_4A@jZpmP+xBhBtS)DzoVlHYG-;@w4R5O0+XC_#d2P4tN8Ol{*skO4;
zL#n`85>G_*BQ8lKmN1*P1*l?^e{!`Bs8mEjW-R+3DuvtyDCnkqD^wzJ7{7yni~K*s
z_B?p0I-H#vL=e4K3}R1_&^|xE->y|e@tv_WeSgz*#rQ$BFn33Qf*9`s0Azsc;~h>y
z!zj00u<B#7omK8qBaKM9`y0$jO%K;MB$$O`uT^Stn4Ee57yqG+|CxK+EIBc$3uQS5
zou+J_Ja5q#t`vSQ<p$p{xxwFtn$t&gM*%Kk`l}X88{DkzxWLgR&KQKgKk&lDTj(ZO
z75Kw@K=6oE2{zrK6AMCZ@Ju3&HB4H~7gOsi%=}gW)%<=1vm`DX{}Qok8G!O7W~ep8
zzz$ZhewwaMN^76)j7^^Z*jvkZe1FG)0BYYTDUmToRZDjCTg^M{>Al1Ag6<Ck&52ly
zbJm3OLUm7y+51N-i%FZ6+a>$A*8=F!{ouvRZ1N2F7hp7ZHvSfw!nB_MWyJccDcuYn
zPn8j>WH=?xFxDp@OiSoEo1_$qSn?cIxK{bR*B+<^jouU0dBSSO6RpcJ(~lms{e2R<
zig^ap^cs^qEp)=Kq5G><qba!LU}z$b^hp@B8ZX&+AegmxJqU8MGffRiugq)p&GAY6
z_?;<%y~=PWo~J90qu6T#*J!W&7&wc{@7hqBthqpK8Hf-+ZG#isflZKVA2+O5K+kh5
zQddpwpzYM0FKM+D#S=OZwAOL1Fkiz?9Omdi-syznmp;X)ps{8fvw$Di1AkryiHjg;
zmDyqb%=$JBa=!Mp+QQpbi-FzJ*JiyPv&U567pjFEO|Q(-sr)|`;d*P$IQNwoNbLr&
zh5_$}fm0ygWPgs6MltE;{ZA#jqg=GGsk2c(GmzbGX5JhBTbV`X+oLLY?qb6dJ$j?F
z1~$D2m=j*R5j3j0`~=jtx;QHzrV`D2cgp-jf*NjC80=Pj8AZ!*piW=`Js*H7`6&bY
z7pl<v(1|JgFrp~vp2Aqg>tOEN?c(pq2m=r}C1Gum%wHO!l=ogTRViW(7Cj`a_*JbI
ze*koJ#UymuDE9NY8)g+}?sRpyM(OqpqkY_J)?4IWH+!rl3H(vknTSQfAIf=`1K1r<
zp*5IU#U;IzvZB^t_?d}dg>-XQ8I}xutEchru-Z>Wf<`DCe8#!nYv?ZxORF=vosJ<;
zNUbhmRYLs+p2arRD^<wcaFM~ZY>WsyUm{J~r&#ntYP9xQ0YhgcxjkK|tNv}H=1BFH
zJ_laR@n-`TiAt%^s#eg#^BdTR1)~G?NUkrZlGYc#kHhlI2E*N}X~uGZkRFpU?=w4g
z&XEeoODuPOD<sN-?*fX(d(7I?6i`0SJAi|~9MP57_S;Q#e)>w5T48cirf96=jBcm%
z1>PU`1pg?J7gT0Ck9hJQmdK#FzP*rk^6g=r_pl28$1mw)D#+Q}Fn>`FzG03GPW8pL
z&v%y#rf=wgp>zEV{^l621wg=M*I&|It5JvN5uXEBYm@0|RB{)7hj!I8@v4B}%;8vV
zrBJDT-$qkD7a9~$K-mlfq|{~<kdb-eIeGFo!vV^Lksx1|=%YZ2oOT;U$m5h!b1hdg
zy-+~VnKP)Ug|2iF$&)R-PtTqjtfn&p`lL?iU*+TfJ0;RMYO%LHVWsQ~qm8UK#rFm%
zA-d-ZNQHkZ<PdJ1`*7b_%03S{dx;ASTQ>SQV}8*=lhrq;DH_n@1eGwFBxdxlYDxWj
zMc!Y@aRyYvF~XDz{AZB$%7y?F@LR$m*Mvc5GN^ONLcL`w-uU-5!a)lN<=KRC+)6+`
z>25WYh^V2zo&o1?c(x^BDj>mAQazR5z^RJ3`BCDBr!}jnFp$2W+<ao?H-67Mp4RJ#
zr~|RuwQUNJ3_!frh<r=jTa0`zZNmy+BRW-k#m8vvMr<3^w@sY546rFZl(-$AjHxrR
z)5B@sBOhxY<ghl5lJ?YVS(wdRBisi<KEIk~X21UC_kP62lA5u8kRh@=K0zqmDa38>
zUc$7mT8&W0Dz4#+J)U%z`5vvlWIEiwj|-P|lG^HZ8ui%==E{vK!Q9^s)EuLbCLYoE
zF0T;p;K)l{H<_i9fviU6p<XDrE=>n=GWU01SL1;OYQFDrA*f?H3Idu7+uLvD*7){+
zxG2Ep>~BV*H*D0{+tXSOhH9L*<Y?$YUfm^L_mIU`Z@$skfdSl$TiZ*mIrTRz9rm5K
z^~Zy_#=;jlO4vYw=&In8u-thw#eTlxC#v~Fw#M$8jA^*u$>_1cKsC{xMQK=q6lU#v
ziBqH_lQHn8Ko+c*OQ2xgQndbFMsEqNyP_fhq(KjUA@jD5OpZtP?zT^X$YFi&W;QO~
zUvZyV;eh3Xn63$J0Y_W|g6Rxgfj_@Hzg)v#@S|cfYmf_7HT5$Gzmy~Rigc<j=GTqX
z{BTLr*&Z$03<61Al(4OMXsLmMXy9#ChXaRv1tTAsAwn(mTG#Z|`du}jc(w-1X=(@5
zG1Z91Q(Z?O^RbWvLOz4fnPTs@cwSIzGhuLYIani<dEaUg@5(5-xhx$b`-Q>kTNgr)
z7N1P{$)-pFy)CJU(s_d5NB-=hjUyvwCv6Y5JbKV>vT{>CGaCRNh}HoSb?WOJ!HltA
zYsQpB+^Y{_*^14DgG^T3fncHbh#k(Dj}k~aW<2C-4thT~KyYv$&~`BnxYyWWo^dXb
zZUV^R6ztQmCLKOxUNcKd+c~NE4wHE%o?rH2%SMU(P53Fkc3|bUGRE(*u%!~4NfnO%
z3wm{CkGw$fdmYCA#}35t^R&~$z$o^)oLW|=pYGso*u#8e#<m>>S_7NgjUKM+4-8St
zaMa(o4emNoZLZvqo%l%%?-#r`dotK%q}@Is@%q(VWMX~Q&2QfT9k}vDn*`Emb|)kK
zJCvKH<V#@g4)aYWIzBIPQ(N8|;Pi&jn{Jw^SVveA|Jx%%{;vKG4@BDx3Zc}qqqX4z
zMf>F(U<cU!Y#dlQWx^6Q-yf*@;!k5~vA1P@+1}YvoG|uwX%X`Dvnr(Y$;h~F-eh;9
zn{dJ|OLYE;5#hK(hoLUF<anBnpK5?+PG_q5PC1KoGPnJqjU3ftv{lS_s)T(qx&@wd
z%#t!Oys2*BHOR@l$Q1Aqd88TiLArzKrpISYlcaZqUVs31dcrlTAcSP+b2+kCR>qyO
zidFsa&3x6O*{3C1-cpRTIBL|M)TVYp_i|nmA=a13mV%5L#PX!G$rLg3O+WN@VCxUi
ztu(6eqp{$4Jut||oPyOW`Y`(kIkcz%vq9JAywMHe>aIR9@FNbvypH!{O3{qjJ$g}4
ziRH;VaDb;F`Gti!FPQl+s3>2ZZK=Z7PgNkd<WNHF_azWLkcYo*(JQa}>F8c7%^L9A
zd>*6Z9l{Ga{aFZ|^`+EuCk*~sVD-bjC3;WG8ME%g-;^^tyMR)~O(}i9(~$qY$;vAh
zqYL?pjg8plXVXDK8Pxwm8^ajvhl{DHTl$H!J&Yd4=I_yRx7uWaANDz%W7$Ti7GV6l
z<=lLFtXa3ysT?`aR;o8AuLP*r<<+AGHZo#ky%{As5R3>vP~Yd)EyQR2riV9Pf;xW_
z#JlctmD66UR9!($LYcVYE$*HVl|=lROdR;;9<|Mz3)CBLa4;%?Pd^C7H&w*rrbH7r
z3l{({>_0eeTRHp}2xljacJ%}%P6{{XkKWL}VM3n?-PcB@hl1AG1EsD|vvL-tlQDEf
z9@`5HbKm$Gh>Loy>3?g*g<!o^s5g&uBHX)lgF@HS??<SZPl(fWX7CQVt~9-$Gp?S9
zk)bz@7Sn6r8~0q=BBUoEfokyvp$wMnKW&8-&39X@ld1mJWBeN@lJYO{`CmnfPJ;Ya
z&I4v3GXIK#VPwA=Mx0zKJgR#?pkKF$ZGkv2MJdEZF@QN#4x}9r*ps2?zH&<{Ot$7f
zYSrIa4}MTJ1p*(WcDUaR%Ff3iQkK%MA)H+XsptpmKKvgYlJhehZO0m)cXYNSxkr8f
zd-N?-$T#Ub)aKSVvUHi0ivLYouDzM5lZWOB^RyEPQ&RE(1JS|Cb+{?VF6Ji~5+BpB
z#sDa%@UtHZ_-Bs13^TJ};cyoQ^F2v!^UO4GW8cDI+%OwDQyBJ?d?(a*hwjHC%pTS?
zE@nnEu{2BJ@^O~srB6cqgm;cfhEK7_ZR?)3sqpVc_7{@^H$LSRE~Tu#2}@gJa(K4+
zu+UWh2MMh<drqZ%84A{6((6!%+F=}sLpjke4E1(?rx8S9Yjg1FUmK{t?FTyzm1skr
zVEub3hUBQMaIvmtP+GV$AX)a{*Cut$XFZx_+8So<87LHdX)#VF#mpI3mm1vnWrdqP
zzu({HM_OB_Au2zD7~tjLw9NttfEtXR+cSQm>ev7}maZl1+IG;zYc+DN<HPTb@Wz+8
zUe-`4i<^Cimzqz|*GWZ2lQvPzgm!m!sjYftxL*6hlf2l`eI9W&$Z60UmF3J5{VQIw
z)qWoqQm|8hWdn_iGTQ3<qPMycX-NyXBEUbMcK9c@z&7lVzkso(k_TDcuBJ}hQ`3`n
z^jXI87?+wfp{x?h$0pq$Ph@}fk8WBU5?6u7TEzfk2!bYVR56i_R3Z}y<~7BUi1<iZ
z<s>87kUl}f+SL3Jow4ROrgDZpP90}VyB;G;56;XsK#|E*bG^3~K7VvbZD!LMOP5y7
zf7XntSaVy74ddS`<AOIXU!uaD60I|^qtN`f89Bn@dABpw8u88+G}v|yIhirt>IrF<
zF?%C(@YV78&jy+8n~QAk?l(AIeXR;%-$)V8e_Qtas1#yv9zJYh;ZskX%@-sD7o}P0
z;^My48B(^-!*>Y2iz&&sysv~NUdjgmsusV~XSn51G86#rLm0zDi}jM%LKS_&uZ3zv
zi$4eIIS1}0)K^@b@lT1B>$!o~k?M*3rEMi``&$V#%5!sNkgB+JkExbu7)RVdI9q1|
zdeiGo4~<w~D`xPP?W*A5?K2x1shml>H2x8}zGkHkQX5&eLgMU2yA*i!@}_=b*Ox|y
zXlFPXeRh7P%tGidkWCqW^g$vVx9JHYrxjPAd%so^eiJKbwj25-u6-6#3eQ}q*Q>tk
zB?5F^#)%8fCNcSCnhdhKWHx=?mJ_b4Ir=R!&~yOIE2CK=qbo1wD1b-)a({>CsFdf8
z2^ABY=#!SbR*U-sEDKo1i>_&juRO_;h=HqLD@0b(s-4XT{iq#tD(<K_hK3JDZIDL}
z%ky@>%<`n!?eLzF8sef_cjf&Zs7RSIR!*GUHAVy%6+9R&$Zwd6-ZXQ9UmFe6j~?oU
zMdMLf{ghte#F~E9{(vuBnvEE^gt*4agq7cI9jQ!g)yS;fe+23mI7Oah#&E=~j?%KT
z4FP#2dWT8UM5zwi_vEk{YU|h<ilo4gyOqJes1%yj`!mbP0x^IcRc)XZeKaFh59gcU
zIA@Nc3+X(f_q1J`(=UUl7Add3PZ#jxEXrpiG1-1l=s5JXY{KQzXFi4<s$|w!bGA#1
zbeqFoVzC))3T#S4`Z`Mb8gxqqNW*TznE%5V9*`8ZK_<TUbveuC0po`nCEl*secZsz
z`an%s#sk{U8E6ddJ%{Smgy!cjHEQup)52HvazkGKPZeAGoMzu){1gWOM5K(i-nGYo
zkG)63Y=^WD&K^YMmwzB8qnA8fTrJMab)f-6I%`Z^G>2oY8bBROzfy&*mz+|B<f%)=
zz*IaCP6Bd<4M<&ZI{*u0+YB_V<r^aOypUjTy<5RVz>RKR;X2vDHAZ2HVS<Y7GOD{J
zm(mce>t6y2|I8(dy~%1*cIt@7m4yM;7B5dJcy)m0+V(Jq^(V&ML5H><8rCfgEAz)U
zzDQ=V3eE7a^KHC=1~+d5fU6w)quDZxqpxtU2Wo=;xVBOT=ir&K4yeD$`Wq?>Z-H<t
z-AgdB^ZKW;jyuS6fQhm%IEF}W<6=7UzYml>3X~Nlqw?1-G+Uth?avgsql{C~yhpq0
zpXm7HO$$KiA)gx$;}Z?ctLWY&+>onQ9VA3(kGLB${?(dM=)dpGfb!x$nllt^B8cHi
z<~Ltz=%4yz;_X?=@gJ$L&5}<77FYXsi364HuOs^lt<=K(Z?6)-1JGC@2Y*kI40L0q
z4&BLN76$>-IP)Ag4^KH(x8%q;^cVd<K#7ZLjyltn_L#T)l)JMB52qth2NaGy##ai*
zJ7!gw;~cY*<GD(qxqS7bgkb!lhCZ9Mb4rM%5;m^i=ZQ?9V`(P#ic61~v(B#}1234c
zk9)@P0_4Z0bBNGcs1e+RuC&^0MtlwE@n_$tn6CGEVF@3l)?}bJndq9aXmrnCwFw8N
zKrrI#9mn{veh`|QPC4pc$#4^=cn!B01#71k>d+NZ7CarcD@b~$;XAL^4_lt7*I;n(
zNdBr%X*_7WyGCG9B;Oyr$*eiU4A(xNI;g@uuLt0aE8vzqdqQ1#EVQ<R7rDzo^W_T#
zS0&7%r2dk*CDVn9G`cBinba-jg+W6=vxO=J*`l54R~3P8$mc<$T;R;GcJC_o;uBGY
zuX5xKi=$+r-G}vLuJ2T#Y>mteI~8cWCY33oygLa3P$$q!&@mlWc?n8gJ51WRF&*x~
z{#I=tsAj&=1q`HVy_F1YqrRfKpCvpQPtTi0i91fC)IuSBTe8y1z21ZJ$HduJ{^WRW
zET;t<wK+EkhwoE+@=m-`5S<YQKW!&q`-LWL=ohAoh68z!Z3Y(&6NxBM_8xl7C1dj+
zq=nTMAu(GKPrnyQM4PNI9)qTezG&%Q8TN9mA&ofkQWhKiE7`EE<Ob<7Umt@*7stD4
zXuFOs_a~-BJyE6q7+<A<d>^SbiT&ZIaUL+|%`i@mm{T<vNmy+2HhFp6HgkVnk0(q{
zjyhb)_%VYk0nW}{IT~JQIMr!WA~)29COy(GT~rm?Ua(h~g5$0l<sv8cBP}~$B@fLV
z!ipttOJbB0M}^hq^7OeME49`F!Apf`QUz(eo*{MmJ?eEZlJ%Gi!7P`^!M?o%6z=s1
z2_Ah)7`Nk-Tn_h;5OQM<CK?Y!CO+*7;uC^9pId5#*S{0=f0OhjN;da#I=cPUW~%1S
z-E@7Vp7tlGKHnTZ?5=sBloxC?6`br=iMI43xoZXdYnvsNEOT!3FHguFIr97$rh?Y4
zP%-^!n|ewW$(76~sMIXz^Ls=dGLj$;Ip~F98AkTbeD=r;`9qf<fnd9_L6x8ONet}y
zt(P56Wuz7C2qfeyNuyDu_gFMyzfxv9U=v=nL1090x~mth%HeNIW<%#&b9hBofSB~8
zz~q|if4jn**K`N!zcS#8!M2Yh>72CZLxzH5t3bAAKof_uBjhvel?zydV4ts+OA9wN
zmn*D8h7H>vm;gXlX$1{%Ik)`#S@Ey3)CBngQOT|4xvovmJdRrF3P6H}r(afZvgK>p
zfekH&*?^|zcz2|BQ3sqD>`Yd%yoRXlOG%~m9E`jr^x=ABzHQXoNmO!<7%Jj2{f2-w
zCts!db&YPr#a^7DP&abi11H$+<gBCLoKNM+r7@6BWMW5#n-9#LRJ1s>a4}Y$i`iTm
z0?`rMjF4TwlC{UkvG_q#S(G+C-;VMDxgqZ;Tr%0kAKBaf-EVJ|7MVuJrM-6WqZcz#
z?c2SAM&{iSH|sRRHg|sjH~w;ffCfY+m+o_jO#IQf<C*w<t=!=}m7{j}oy&3jUPEN5
zG*HQEExrK{c$h=5FmnE_MpftwV1o%$(sqh*1IQPLx`1@rG7>1+BW-||@e2lM1}M9P
z1o$3Xu=O4nh4Y?hX{oj0;*uv^DaD?%mypjcbR9P-VRbS6n!iG{6{|dYAOE5;P=|!d
z?9aU#*v6v00=0Mwa(b{yuVx*kw(bM?#*Jte?w#=w_@e;SO+f&=W4Z^GOmWS8%Gy)U
z)CBvH+hc@jJpNAx`U3PGii|M7te{W+N&v>{|K{jvQtsmtS*Wqnvj_9g$aG0^%4aJR
zKKEM90Tm!2Pn^T*7XmYHF}g5^qQ~WSWBPn(@e@M~z3VSKE(L@V|Na=oIY4W{WRx-P
zFe*5yd(?}UaXE?BB^Uy--rD2gM$2UWJtCHZnGmGI{-erRC&MuNzh6!SxT~tZrL&9<
z_$-Q`PM^I#T~6(8gMFu9mFag%BI4{qk1z0Nl>MXQQVaCHciXz?wB}j0ro;CJ?VQFt
zX!abA^`Pei6}G$U9i%9oDTl_Y3HvE#)WaX3*b|ARDuS20?n&W5LaTtCWq(AW^tPRV
zxP+;l=!~2p-QD2Aynrn7pwpfj*L`yjs|3@tBqId@nl$*pcT}RqF6N@04}L|WjSMaf
zILgMmhf!ML(_z!O$ydy1^2`HfZdRgYkEqGV%ow#MFdfvw?YPJ4lai2Q1jq`~w4X+=
z<*QG0mIn5jJ$#Mm_~zb{C7GXvt^N$}bn)HGKlXIoxGZ)bDYmhm5XUI03<yonUC=L*
zU~7i_`{@=R%!WCQ>tqVO?Ray6TLU{3Tn1vHTbg7zI`u@klJA=N!JNw#p>?xkh?O={
zGT9PrZC<Hk5nKg1+{(dIr%HD)ypn_M6i2roeBd;iA7%To1!WFGmVOC`8HZqD9*B<P
z0fd5L(NH9hZrj7BT@j@f9JRN$extBD=-xGXrh4waX9G%p%=d>}Eml&W`-p)P3I=5?
zPbi<*feb#V5zc>q2~DSnSBTaPACfjrb{SNdtfNfcz{Vf^>xkhtRfSI5hl`L$eo%W!
zYuIqnQFaAXRSpGKLMPVz9?redMLOQQFG~(tWb#*7n$p_dm(!o-%C*5rxbbAN>`9lq
z_@P>=d!h{thn+9FLPHx?aj91Bjf2?HPtj4wNRb~Sc<ULd=ec-97lgzjIj=BfVLA+X
zDF}<_wLYIpaS>A@(AaiLc<bhoEvRo$eU?-@EEBot6YG3Dd$_Bn=f$v6UmS-uXi4ll
zRTRGYfDJFo8LaqXO^LfArGa#BZ@1#{;d<SttooVgk6TIzhai!gvNh2|rdAa(+xhoa
zSh2i2^`8dntw~{aqSSzdPVpZpa7-N9yRyY|*^TQ}OuLD*q~C|`i?q3S^l3K&Ay0e#
zqXyh5#d0Gm6JMg0KJ)vdt8#@`B;i<~UAWUk0^ALlv;weN<-Ybo3*M14--%$nz_ZUZ
z6<Yl^cwF;kQHIfjwX=&)n`T4@gLo<}niAUx_)yxzxvZ!0DnxO0(BQzMnY67p)QTw!
z%(*j$)<s&r^M7WpNnPIbMuA_cfR2b}Q+b=y5|5M_m)KXuBmSF>jtsm@Y?O?*?2i_Y
z4cv$!ygB{&s&TR91Hn;2P`|1q^y=xYb)}YXscrnn6&gp^-ADWt-oCD%{gn<g*N&Jc
zy(+|jXXd=M&}zi*)R;;x+Jn0mT`89q?TIy+a%2JYcaQYb|1e$bZo!Ji4t$;^g_vpJ
zmj9PhFoBiR;Bwa31u)LG3+&Egd0mcF5#+GD0KNM)-qU_t5nWIp{1JmQh6y?2#I_1g
zIn*=jYncVZTdb6Z`f2;`PCgFlr<K0}gTal~#PTohL`XtxGq782a>r!O5vHrad?sir
zR63j;Bjj#HM2OuFJVO7E6=siZ{zkPgU#$irHfS}qSPeNzs_5(h#=y;RRBM;i3m|y^
zh$pN`v##7Xu#!_aI&9eEt7i56Nd*77At12-FS5ECiHN%|V6-TVXyS8_^4>N2w9Lr9
zY9F9lbd3-R7^pL8YR$9yLD&B4NAWl;=pKrlki?Y8qCU&Lta|%6e~x>kXXns5!rf^7
z!sws3Dfo^%xWx0!SeHoEI&0u<)^1r~CO38yiv~vZ$m3%MN1I;(E2J&pW(5OTJwPmc
z^f5wecGz#$2jrAnhLBcHX)Ao@9chy#?loGp4@fKhp2wmy;ZbT6b-*{Fm_A8P29Fv5
zhLv}*1W*mj|Ky<JpRe{{j0@8T<sd4XvA%`->s}B`)WQu*fdLTGC({rWfP)=R31K-K
zL*6JjIo#Lk5H37TM@ZbD8`7j&B^=sFD{{{muH;W>$+KC9_jGXb|EU`kY*S;b`aOvF
zpUSOVa-Cq9N?ckqPZ&<+2nkW=$V8LWVnUsX_bi98unbEl*Pls!h_xW;kqKyCgLOE%
zT(6tZ0jUjUhn{>U!YI++!nMe}&61-=l%`eAVA45#{RGDSpAtjxGusVTd-hmL0%UYE
zi_rvveH1c{d=PKZ#(jD(MZznrcYQ_tHP$s?6CY_E`xw4<W)5c9Ca{YE@K-_shKB$4
zfJq`!&s%`mCo{PDJ<N=5_yoR}h|1xcAWIbH;IfdtvdId&W@0ATj6tUVsCX>$ukS1p
zA^vW%Kt!=s7oDUVKuEa+nQ(x4k*-gn%$}(85Lu9p8FXz2JcOg|3)hXDeU({H@{d~6
zirI~%ab87LNc328azLK;X3d~w?q)f6PPMEkQwUkw)s!#<w0Sb6)D**b-zX`ypcy@~
z^%adqJJiL1yUq}Qq?)cbtH%!v4pH@^V!|p6uLgG+_%yffo!kPn!8uKJd8V0rZFYUA
zEHu%k;x)jeitb81+}aQl?;)ZSyiHXD%hd|uYjygoVHK|sSS6bnkH{uzQL#M;s`K5W
z<lW*y4pSTOwGp`=8;$LvKsmbdotiV<Y`JlSJRCs<pVkQXzm)mXwC6RG<=Ib-s73df
zpNV2<5ZiCeSZN278YYhnk5URm+d7>itG%I7jEezSDh=~+1lc^5<2g4|L!azJCHCDq
zX5JGsbf1^z41||yW^Tt}5#7@2dVnH2!5{aLn2IY$No3A$*Ds^Gvb;sEs0~n!H<z+@
zlGGex0>sWFjoWQ5a1bXm?GMLtkG6v&R^z{fOG<6DX<Y7tA5<L2pa3a+(?eQ&B~&Hg
zBvaV!0300zEQuo(((UuN^atP*csA>%<4N&iYp4L9b(rjHRT43^k0}3+<7N;<&H<8`
z0fkMzKp*BDS~zYR!JvPXS}9y^QnCrgFwH#Hny=nO+R5rHB~~cf^c_e*o^teNS;D+b
zQH-1LY{a+AINs+b2<QNtEBsnc#Nk`RrG>QKF(qU9Zp>O#X%}1-4jp+-DPtU7A1c#c
zbC{@#of9X}^dIGT2D-q462G;Bj&@2qG)+mocvzu@+;(gf7Z;D?dSm+o`mJWi1q{R!
zj0x*B;Sc$fA1LjGhn$C~z2EHM1@CNDLIJDZOUi6a5K9+rW2lo$K312u@wc~q0&yzA
zO(&aGbjSP@J*Ln-B0?md>Dn)cY1aili8E-){F;_LI>S!)8F954#<VMniYcCy?DTJ;
ziQktF6^N~zuD~`wry5LEQ=d^9`oju|%feZ+Jmo7Fr9c*6VRVTvU6HQ$e`Tb3b(Hd2
z3yg=w>@w7{P#w}-VupQ=nXb;9jpotkYLvD&hMiUPw1s7ofODEid5pj>PNj}GbY_QY
z+z0S+%6f!|(#%n~%Z#WS`*ja<JXT6UTO`<1owDDL%k-UtwP<~idjjNacA?r5M6HW=
zJu3;nvPjRjuBNtM0dQi+VsIOL;u^D0&Z+Ou(MHydQ=}!WlA7mbJm$b$0~0!nn5%Lf
zMI%(Tv;2kL-hB$&Y+-k?Tktq757AizVc@{dP^JzDVW1m(b|Cna>=@e5{8h<BlJ$xw
zl~s(O6>w_jMp%uekS~egd5FPb4=3NW7F4=pH}V{2hzM9c5zJGaLr;w&DK+`31yau4
zn{9%sas*=2a#U3}`|(--f?UyH$M2}CGg8gimJur1!&faq9&O<zggW9QdSp3p!ZpLj
zJyQl@{&F?%98Ye$rb#x@=n+(34VM12Q3K+*OV3QcFXN1+=>u9WVe<r*4OQWKb!iTf
zp;A}~kHC<g{lSFVaL!K<2-XkjOPnn8_>TGEoaId-m^eF2@7x!ijeBF-n7g->4&>=t
z8C(c33X8+huNyU?)@}HQ9`;-T@7_$@Z-SuUwM;6eXJm1?>1~|+K1<enG+xi11EAVZ
z^f6aJN-Lg7u|XI;E=aaWRmP<7q*@#Zs%WOs5g_RVw(%K42<5gwb^R&^Wnse$O~XxF
z&60qFn0d#ujQhCj3IE2*-LvvS;19<95$)sqct8$|?H!0rI^DdH+GUfbTkCH}2zXFG
zL(g16NDyn)qCiZyjAXV9LK!c?m{4zJ)VndA(#c(eg7v!$j9_%BfpH(wVmi!;0FK}P
zbvPS{1@>w;Mz=7|q~~bk1p#=nh0LmaT)_$RUW18!I`Q3lnWaWR<-z#utiQ8gY5%9W
zS1f2@py3u=ozF+q|0TYE6Ye^55HwjW5P_iK%sVs)RT63z!N>sxN-m~%0r?@F?aE{R
z#~AOguR;LIO9f*{rI7!VE|tS4T=VFyXXUh1=<h6xX$0<82ZndFeH+$=|J7LSirAuA
zL9Kg2o*L#skn2*tWFRvX@tZI~m9Tq9pVY<J00pTqXzK3@XoV{H6iica9}4if5&gUs
zS}rT1cXMOEpn2XDCbH_!MWcE588`j~9d)I-PmvZs6B`nt-LojAi{3oD(C&7Hq_+<Q
zw-eBW<LPK+1st!A`XZTw=@J93Dy;TT<>DiClG4C%?rXX@?z?K~<eg9Zk&b_oofT;a
z1+=_Y^E0`UR&S{ga^Pi@(`K9*<=Jtv`c=u!H&>M_9O<0SQy@?<t5k3HD0rw)mV}sG
zde)d&U$Du(n|}~04=W^4Zt+NdT=2d?ES~`_BMl52p<3!5yMpz-RJ--|OT{8rQ65+J
zM5ya}nQT|U9+7xGaYVE$&_=%m_Yp&{y9tVzKNYPkN*yp47d2GMkBNV{G9n@PH@`v%
z#@t+ET5A%bKeKA>m|{7IykJl~D^IgmcGDKMF8UM`htOqe<?iX#Xj9jD&#t^hB=(%y
z19cR~T@nQb^|dBWS(=4aoD6Bv>zvKy3cZu0Ho@syJ~Q3fECIVkGo735J$7=FICr`)
zZge=?YWP#Rh<)>Tx0+#bdY1sQ7QrU0b4Rbbsh*`LT+{+?KpG{Al$&;w&(rK14b_ZE
z-=l{p{oZ;yIU9)Cgwsf+_gg+$7Y8HfBl}{qFW)pX)DsZrZNnM;Dk$@bC~#1C-fCuc
zInAN#NN)s9d`=~>9iPV)WpWL+nM1P#zDp6@?u@d(xED31cQ<k;uf(j@WV{J!YL~e@
z-zBtGeG5}3AeO;1Bx|(klK;Tl^PUD(LEwNt8aDk|SV)zeBf7MIvQ2WlFy_vIe?iF_
z=Ffdus;HNfx0<Td_ZD|Boeo?`x15*p{zyv)v|w)M+#FS|^RHSH<``S3c8%p6{j|p5
z!#rrvxLsVLN{HWovMfatvj13tI=b5bWY(jy<EPslr$%dpq<fO~2oo7QfvK9Gd=e^G
zZ;!s>%4?uq+*25$Sa!qJ0@=3CI?RwhYEsf(aSAl>=c$~;^;(EOm=o{N)qLMyy3Ca5
z>ob%~vvS~}KH1t^Ywx(R(13Po$L@vhkv#2i08n#y#o!YCzRWV};i(^P?B9WIs^s09
z!C66f?&Y}Svx{UCPk*=H+su!nb@Qy9ZkWlXqe2Wln)9fOe0u|-9Q57;Ps~;>dbFeB
zqw%CyXIEF`fsQRg-r<ZTGADh2l)9Oqa`bs{*fe=zM)<^uODm|u@xxtyvD&m&bFO`P
zfU|R_N$gw}Ath6ln7P2P0y(|jTPY;2fS@v`3=O1}jBYOt6p<~WuHAq60Z&zq=-H!M
z@3{ua^gnnZJC_U86Jwb0KHbcW5RJTbgNO@T`Z7mrkp6S?T=&SKpw6&<tnkcbbeFvU
zwNiZ5)&`rDVHX@8D;<>*4Mzm5_6tjDhYXu_b(sp8-GO8Rx<}VVgvtDX&aOckJABMs
z$vk6f;6U~@6X@|KnA-VgfhyEggM=jBm&sfQ1+IsdnK{38g1ihj;^1$pdc?6Lgkj&0
zdtRGqtnoeKB0zf6wuWOHPYK4|@M@zKmoAW!^G#LrH&MG??;dg!t{JpYm2|YWc-U(V
zxzErWb%DerRLht?LCx1*bX{~B_}@6z|AHh2dnjW;IzzYnKAh0|jj_sM;&BCXC~7AL
z@>mp19!swuX%fZ5nb(I5Hi7|@>tZRj%|0Dtc4gPH!1O4@b@~A_miBa%h#<2lIm}K{
z9TBJ{%UW7+7xlU)<&X(T@*9$E>{NuWbviXwLysjqc8KAiI%EFz+A5{u039%(4}UMP
zSU(8Au=<sg@Y{1GP~ga%-r<7`707DMA;NcZs!M>zx}i)zm5n!YS3sESTyK(<KVk@a
z)&~2`a~0g)(KojYGDFk2oVhZ{uEgX6X2)t^e|@qr0BYzyrcoyi!v3~0-a0|1W33w3
zf9en2n$EODA&i)C)$kIxd7dLp@|V|_cwzi5w}V}*?Yc@#;ANI(%GOqWD#7oonYgB$
zXC5^LmJ3wK#vJPv@U)jo(ZjJWfFFk0R=2=Ptk2}6VSBaxSMB-FN3t1AFfdrU07FxU
z49DRZg~F0T?UmNVlnz2z&QJM3?X*Z*%%RFwYj1RZHB8aL;yDO&lVjM36a|CK|4VZS
zB!}6!8Fc6P)E<3w(;hs_NE4qAQ7<}j=5&q*wiDQ-q5V)-j_pkpJ#jsmgAY+K)WsX5
zk6Hk>QnFna5Gp3yne6b!|LPb24%a}XPRK$7E9kDTQLynlG>G}BME=w2jUGa%``NRo
z$%DDKbG<*sO{R8gGzDjFnZ+^ODn(biNa9f|C9}uQ-atCO;2Z%C(K`<biH>#~l9=5n
z=zQM0NOzW4KCJr`tzrV~m3*QB@{U#!rgWDIu5!u}#T1DN-j}g;#4CIA9(i0d4{B>Q
zV;1~-dvJEHyfR|dmA7j13nvwC#lev&uU_I_j*c2y)E5j)B~;NOta#(?A=5k{|E9;S
z;&`PXw8kwdi<j85hw_2vT4t6M96p6ZZ?7*{V~Q38k6x{iwi&WD!rBDV4i4aR(;cHd
zH!K_=eVM8R<V$Qh9{4OrVC!c}oL$J|n^K2O$5PBm9csshgEHodUpl+;8NtP7&lwM2
z%f4CWU39b(%Vo<p`%1MLw@3rD^+6<0u*zt;80g?1p(n19EEzub30bVbb+gPK>kW6H
zQsj}zaD5?ck=auWkcfDqGcss3OQnvB*dg$Uy)`1R(J~5}<=nP&`z4e4Gqwz{T_!2e
z-f;HXSN^i3N&<*WZL+4s(;cd3fcZoj)8fOZ*1h?nhNoPvj+-s>PVLH%g9Y18S4dZ&
z>31cF(LRrrba(4_lI;(Ni)!58;&!X>O}p*!4b|gpbS7aVHzJZ{U<3sYB7GUl{pm8X
zd9-$-_d1n8YnyH9L~8g}+s40<g$kv)o2$z7U30#hj67$Vj$X4N%@c+P6%&ff1>2e~
zV^GABcgpy9f%W28>U0AyN~I1`_TvoSdY20Ss`>GF!ndxs&WnYIy<)x?0)*RrPR@c1
z>Mi{>^g+M{XLioNxg1_a1;viaNh&+B!dns_5D{$ud1I|6%WB!V0Ri3DkcB^gtsH;T
zX&^1tcNs_A=^pkb#5mO6m&x_GyC(Uvq|QPhN;gf7Jl@7Xo?-9OKaTYSdrZ-)8Z{>P
z?joEtjHk&y^b|%@gU?vxIPLj<x%5*EoTyyKfy3-SmpCLzx+by{qwlMjP86k_(Ww3H
zgkt6U6Bo#Y;9;7dd3$`jiL|Eu*h2XTM>Ptlgrlr{*v)g)0R|(#RVcKMk0yugkL9b|
zkLJ!dtE*$T2x#Kt3EpOx_7BoMfj#K9$2q*h(FZ({!<})&!<0yldm5AHSRC4Nn4b-X
z2$w(68IYca{!HcZ-~Xbg@Rg@SU6;gG%cCQtiAd=FSubT)(3)Zr|Cj?t;>-5-D;EB#
zbeJ8Za`-f$URAM&sIBOS+7zMqfjJ!0>@^i`KM0yAU8Tto)|mpG++4qowmtr_s*Isb
zGv>E_D@5L&+nY>i|3JJS8ubA?ybao!)7<Ex?wuetDd2=r8vLb)!O8$H#_r%6LqWzy
zW$=?mmfOJ|GNW@8Q&7u?^u8PH4#Da(G}->ZjT3{nwjm|Ul|sf;LPGg+Jd?N<Dxu8M
zV$KAfoPE=n7jfiS{U&CV`+}kO<*4H04zQOFi~x~L5o&zIFx8=kkhiss827<cX#J>u
zp@QFMEO*|@nb?|^vj`YYSXE05oGUegagz$3{bX!C+5J_FPsrZp0b-{0E4;2^L?5?X
z%{#tSvQxGVhFt7ac$gD`vSs3Oqzt-s9{{L1v+gV856iGyL4-W|{PRJ<iiI$8yRaAf
zHf{|S)!a`nr;HrN>kq~fWh%)~#iH3naL6mA<+tIvzC%C<9&9%Ht~F@WpHEvNt2rmI
zY&ILVTRi1Jg)iLR_n}Eqqxtyjv4~i%^9hQ}GeXWq@<Sbc)?(R=JJ3Ge^82)Ze!Ju|
ztf~V{r>RAa+!r16)zpMY!h3|T^ZUX<6KCWx#Fsdsv^~VBjB<Kwt_A`;Vz>FuX_frj
zwfGkT#A(nE*vkNeY)rOh29>)I7R>e&G6hCz_g#}HvxSzLvsh|7AZ9ENV1+`j^VcOU
z_%NeI0{&|D4>CA8+?>QxV>Fw5MkD+8URqZt;rRe+zuU#jVKw);{b#NE?+=*8CREKR
ziJ|q4S1=hvTCEDCd6{y?eejWO+l}@vv@{={S{~13OpV3dr{`d>fHvcjN3x~lFBjPV
zZ3B~#_P9anRN_4{(Ge^_N(k|}a?XlNCfY|TQ)zM9j3xj&Yd*a<CHMzox#6!%X}jzR
zI)sB4paY<dlK;|W$P_e%r4)b$2xdGq&y~jC)X2I1jIN5<9%NxvjIg@vN;Wri;w_-F
zyLF}SNsIJy%7x1A(7fWz3Br(zyMyMWY15WKQP{UKW__}mR<tGgP#L*pk034%&Fvr>
zxtPvsWb%n!0}`>TjbzjiYjLQ|5^6+mbTCijo8BZt?WdHuZ$&vxjZeEcVm8@)G?llv
zHP#T9`D5?R#h=t1q1J3?*mVc`x$NnX=@>1~BGYrtIz{yQ%^+Cp*&NQ~gHMsyB+J{Q
z$82!_EP(L!8tC?s19Dxbs|#eR8xFt|Ec28Fsj0iW>Bfx99n7(F8~5Nv$;#}9OQk%u
z()07Ba~eC=+7twNe-egh^=nL()o+rOoiAny!%tsa<-9~urFW@HGu4y4ZeH4qL7LWj
za1T9!>o+m7_Rmawm!l%;AZPNKd;;Dew=4$hVZQFd@d4^2Dw(XCiCVK2$}dxL1SjX|
zCAw!%mm8=rB@v_A)ns;6yW}W)aA*%Na%DGip@763&Uker!f)M}36D}Z$eUmvy<XAu
z8F1JGk=Vq6!6w4?BN`ZRtjlBf{p=#y;u=P+ddh2AX!h_e1<jV4E{o1_5yCbD!{Nr<
zuLmsMd}F#d54<95sz!ZgqBQSU1etk(oP3USH!+_i8CaUEt8GXndIz?)UhJ(eE_UGL
z*?+U8kEQiFOYtAJd<lnV8>Dp0#RB#~170xp+D1oQf5vAEg!#{n7RU|j(EQBksozMf
zmVTM*r{9bI{#mGWeG78kNMMPd!Y;~J))x0seAkK?JGyNLv!nRkw@YL)5W}bG&~6(*
zGihyOJ(`%ZuR>ZNs~U}oI-rW0z3FyY#(cu!<8DqmoEE;r(_sQ(cs<<oGGtHQu7_{r
znERU&Rc!n07-iIi-n9n(iA1Z{N^J#aTw7@@t@>7F`Aw@V>$|Hua0pR4kK8z!cs~We
zq3wOwt<%(8o;?pSKCrrDClm`r+RM9uc9|cauZP&Df+<B*k#;MVe`fw2CR*}t4o62H
z^d>7raNpJO=@o1qpzVI|aYPX(XXiNPu{QNwG~v@E`9yl5HrI`^HJcJ*?s40m@YwVk
ztC^ds`9_l~{r#;j>!bx7WTHnvvH~U0y!luDA6@Sr7t`MN|F1c=nx<M)Go2Kx>0la3
zN0LKpPDweesTnGjN|9_7Ior&vPSbQSr9w`tl~_%Puo1SRQV~UQu^p1bP8-{yHoCBX
z%XQt4?|t8o`}%$Un8)(aL&M<xdB5MU*YmY<RP1`0?Bk7%joA-5J^hCRem!`aFMsVf
zI@#WW9uSuSh9{)l^AiOVAJ$y0l7KUg^?&U{nrx|rE=}cED}H<E<|i+WE;r(fckfR2
z*_Ntn`+DDh&Y{Zz==V9IEKj!=KrV~UuvY$a0=d8HSFuC6)daO{*Pz&$XN5rw?tEad
zx{1Au771Ml{_vE5sd|_#9p~;|AsMS#qp<A#B*vqkMD0hBmQoK<^(-i7o@;x>pl;Ef
z2uvj`((!tj&PQ5-!floOC=KRh@O^V8En6DZNV8I4Nr$W$^Iuo8f1d9iC@k^`hYcSW
zHE03^lBp4;`l7;j6_W91i<GkO{Ye@)y<Wf!o}X7L_P-Fpq0uYq)dD*dc6g6U??N}I
z^u|XvJ6wgqWT_sw@2#nUB6F0H?$cFKGNa4Ya{5Ch+Oz^jeKBi`%|v!IbCr(@DvY0A
z68hGJ>PH7{GgMTxDkyMW?iS{@PwH{4i&?C5Hu*)RBA47EMA2H%+$TJUSq#8Am&<Du
zQkK7Bw%b+uRx4VT3Wi$)ABDkVs}sHS0mm`=3RyD1n5EZ;L(3K--@P@-L74ZEEOR;$
zNGmFltwg>2dl1)iBKM+p*w1RXUWMM>3Q3}}`BqPuJdNXud3q4owwWkD=KowXCqp0+
zyZ0fU@&z|EGWKm<mGBpIQZr2zVi6>&@lDJGnN;%b)inq=yt0x6c(P|iRR>cW$q@lG
zgF_%bKMl-8?I!0AGIq$>76TV~$gS!}wCq>ZJhOqCUAW@&Rc1a2f2K3)B`3*6qqIX}
z=7|A5_rO@4ETjgNp~x}?{Nf`8K5~U5{rc&KB`OYhtXp)CDpUP1T-uG@r`*#>(AZFR
zd+np4fn1vIGwg6qvUCXi^g%>>EFzT>fW{|)&3tf`XyWc3p4mFZOc6VcQVagy6Isa|
zK^Ouivw>9}ahq@~XVDBCk4%ONI-99vHG=QH8a#I17uf%rmL1Uv+8fXrBAetNBTyFY
zKj`d#R8obPM!QM`(nxZOEeNv*Cq5Vg&DMOur?npc3I*!FmJ5C>#W)m!tvCoji)<4K
zS;LZz4ltjgrVoOg|L)5E>j{vsAQq%l$o&!jZ2EW5i;^SXU`AP6K7A*jD;cCxKSmQ=
z7uGqP{Sf#0+(OB`r^7>a9IlTq&!H%emqb_?TR>qnJkIFxVFAQ_-^BuSC*(dx3Rhht
zd9MA6E}9Dk7p2gj)DaUGjoBY4HhHzi17ug{p!(a>Q=l2Q{s{-Z-64>CQ;v!zUROfw
zoIcbv<L69C1`|1kxy3GTwxWU>vAorNeI|L9M1t+xouKxO^X2k5W%xA%lKyO@i}h>c
z*K*ydS#l=jxKu3l65+r~1;UFb^&pL^`iV0|^t?z)qZkmQw9c<mM6~`5JT!W|O|7vK
z8pdH&liJ7vKA&Q>ehV|3*nw7+J|ILE(X7_ro7SjBPWz%+!^8bLBHLfB8gu8kZo=l+
zh!?a1x^Ys_@>W)&!##raM5Svq6HodOl&0gnm&i5*mMQq@nopB4jN-Bf3C(wI5Q>(x
zM6>wc)I7=X4I@i)r_>o`+`PzBo%idRD;<*q#Uwk-?XmfqrWH6|^H%`V#wyT+moMa~
z|1l`&N-8cJk<(}+gdW(EG!<{Sv2E|5t|AS>G%k}&dL+?!cPDeVZ8oxNKg?7^zwdn~
z0%j!sPH^njP`2{luNgHr=2i3wq81y|tY9^rwIbP8*Fb5Ub_7VPI?CA7sSA*-E)15?
za<0R&o&D|H&?Rw@=h(~sjHFqwbFE&~Z6iej%h`??hniATJ7+*!C${OO40e*}tI-VS
zdf7Xvz>!gGtcA}Xc~xR_J_F?5o<5?8Nr}2ZrDgb?YvhRU^$6toC2D`Pe=32U$*67c
zs@Oubrn=u#5;5B)tQT?0Bm?q=yxqH|wnq?-IYiIsi%HT$23ec?U~lS*>0{L8sr30P
z=ILk;vuFZ*d|&w1GOpb004QQ->BYIUuGEIR+^fYkHr$^6N+#X@ZDn2Yq<MzQZrNqa
zM{{H2Z#UP4aB!d7!-Lx2n3WgTgeG+D_|tf_|E9y?OZ?a|l5QgDx&47vk?7KraJ+-*
zE%+>~WfPKYd6Jkid#ykJac&eh_B@wUi<+2kZq)P2^sicZ6*KC?rwCMUD(H0BQMb>i
zpg>3b@%q$oxtY+#+5w**tan4kUZRU<uT-EQ{JyTh*vUI)Ee~)F<6gg1?(HaA4t9la
zg3BnQoe{IQc2)8MP2DtVx^Lj$Kr3^6TMYzX+=h{R=zmgijzGjAqf5z7cVR$Gxn#nm
zA!Hnywp|6$zvC^<a%#uyo{W0?^r;ZfuLfCQ%l$a|jW$b)YT2UCP|EV11d#UbPy_V6
zQeb0mlH@Yskm~#VV^hUC<o3iqAm25j-Ta?dybk-uehc=Or}no4lChvm@DW1vc=tyM
zn9cqkBTj=n?mZ_8pT0qKh3^TG#674?mAB!T!&9!^dG=k2-QxfRS#{{jgz<~E_Npo$
zE-YpEy)rWBfq2eudXdcMyPHC0l`^Dhx*966aMKF<v#XY^-7F&ICveG_PAXJBelu=2
zqn&KB<$$qZO^Gr`AsVcupB8y&a7vEHwE&p`iHArNhfP(~thmbFBv;}P&G($&0hhjY
z269*ORs2bP283~GRtEqmmCdb>kQaRd?(7;0cQs^BQ8%*09%Uy%c}ML)w%H|d0q?*t
zN;$8NefeQpD|UK|d2ehiM}ynpsvJ>{ov)_5-7VvTLS|Q(6P(FNPkIg)f&=<PR@83?
z{|tNkQsLZ1Ml9Z=-nG^7I*gQAJQAV3Gj0r4*%e&T`J6?Mi=8+cc}73BILBZf^?g4d
z-gX+P{S5nLLbrlTHMgG~@mB>e{2D23iB%iyHLJT3_wV5NF~TAXe4Goxg7LKtn%nIz
zi(E~Y_Rx>$X?5A`GWI)#9l<3kwuoKv(4uV|hHRnS>Q<~&^x;}1twew<=>qQcqw|E2
z*Cz$wH4vtYHz-jR7H!m+=sB(XnWw2Wn^`N6iwZ!A^Y5(!$A>T*zXUng_0TRtmX+X5
zLSN7&mqjVOK2dqNv?&d=wExK7rRID7TVUdhBv8O2GkFY*sv{nmrmC=A9NOrCPA$_)
z6S~}xqVV0xIV4-A2&2}C<PTv66;<;8bM!DA&FG+A6i{*ZK5h&>%hbfEaYK!oKzOqz
znS=Y9Ek$Lp*yAH&q~x1H6y?2_X$HeV3>;=sVi4|s{j%bJ*_>gbko1QukiGbVAiU;}
zer)a-qu5EY3gcWVozSNlVa(aJ%}dZd>u&(6GdB;q;(L5?C1=7vjakjTa81*IKz`xw
zpb@^y<NvHmL1OteNNhm2Q8Z{nm>en=>A_SgS>!fj6TaQuXPX6fA=gUD_A)J_za@{q
zI87}Ezi+D>)PU`N3)G5IXTYk>iRD1ec>}X;fC0?*O~0#gLN4|tj+anUPLaXmtz0AC
zIm~p6Vl_K#MQN7Jtk%cV1z`kS3DaFwgk9-RgKE-K^KP9g`Z<qof3ch9Vo&8s)deUm
za|}_%<NO5=E}5`ULE`Tntlf79voD*Y%Jk$bRqS<gW%S+&8jqpp?V>}L0%dq%>;Z6M
z;a#2fEo}$J$>ghPzlA?yEt_;qpeUK*k7!E-Ht*!on>0==X5c`(#^f&*x-^`{lN}7t
zNRdHX;y6ThknT9O@~h~_t_B>}75ArM9eO5vsF^2m=KyY1ELW>h8II3Mmn+Fq9&I5%
zxDiPIa|KLzbjgDY%M~MXNiEt0JRH<V#kXtMgx?#$+FNtTOb#^M?5MXpegkT{aKf74
zv^4t;v0?|wnvQ3S-JqQXUzMtJKb<`G6%xx1aNsX~+g(s{`+G-cf6H}LNV(*o8>3iA
zYSRvcBG*Di{D4GOxv3*1IWe8cyei78Z5OCe(_?(q#tfCu@<5$iqgdk|-W7yTTUf8M
zk-Xs(rtbDRi!mbi#E5mgE@y`#^z4#w3$Y3J*GdBk+;G$9)_Tq7+Z?)~65Cx~U&9jY
z6xoeN=_B>}sz+bg3YOV@$<K4yN|g`mcs0VR>tdy5bo4CH%uq!gz0n&|{;*w{G~j#q
zas$V0zarYo-&pzBa}S+N+7~)-r^9sNxY_zgcVp0|^H2R0imO&hFT##l+{vFDiEP;P
ztI<>MlNb<!_jLF>Os$SupC$MrYz21L>{loYs5~!#vgRMJi5ckPFlI*f58*ebT`qDC
z;AXGS60?zA!Xt~Eg~_H#$zuBr)AV!P54+Gt?7?%{^!R}e+-H|#pDes`kT`U5Qb*jJ
zdAHvbtsnr#kf4w0+;X4_$b~s+l`s<_+?^RhMi;g4^8}02;EYRyPkF)0g%aNlyKNne
z<HtYiP=aSMUGeHvxp@1F<_J6^#*!6L^(<MQWOC#dMwYf)^zvp8=&~O_Ae^6t9ULP4
zz;Dc@Irp!CE1uVh;vU?kgkrvNrK)A)*@;lXw`v?2m@lV2t(8_Usd?UmCf!y+XU?0b
zp{&SoqpN-G$sT^v<FO*{=U?Nb?8SXO_Q7uzX7nrAd_E^7U_g`h=?4kx?vXAV+ja7U
z*NPP864z#A=kPtfI9QUb1A1$|5Y;x6WM8qghEWcMg-|;BmIsi-&6gJqvkTVBWe<LL
z9?)NI*Oytvb%*#qIf91HnBFORKAW<K@%mAa`fEmZF)H;HZ!Q_k>9j+=QVdEcUS-U+
zxJY#r+ZBqCB^}INly@q5BVN8<8JYjCftF<Xs(T)@{RmTas<_^$&z9*QzC${*<j&P2
zO7vt#{B+2dmF3LYMUAa6Tl@5Wy(WAkZn9EkJdpI19y|0C=2KPAjJS;#l{aRqj!%lL
z>Is-V(Kn7Myh>=|H82&nRr;nMyN+#FFyX8z{kX>L`bMF45A}xTP3|XZ!XMl+itO~T
z64E=QqvHuNkNX`YMI%!(`MoPXNXEA^?~U`-pDi8Ce^tMWkM5UqNZ`7|pvE<zdv?+)
z4fj$HYRgknaQ-bMA9QxpUg}AZ!?xU&ACbId-ow0OJ>l;pW1~oO)akY6-J1}w`g-#A
zKIS+o`t=K3dW&+sy(dh+E|y0eT~)(~OiaRThq5D?V??Y`m=aC%&U}!pie|1v<2aZY
zU$PvuF`BN%n3qc#K8eoEjceTptLgE718#tgNk6uEUv7f__!o6)m5gI*5kel)j36K9
zLZ)j+L3LZvqAIGxmO1ckKa<W&S*Xau&XUirJnOI8<%v(v>p_<%%4rKku*hhBoKW!x
zjKvmSDCoUaMeRZGXv0`&YA1tq?Edco;D0~ytxk~k7SO_T1SZLNuEC5#YFtSv9LF0?
zm!lSEKxS5vh|JNLQ_Xa8kQV(*!g6B$d+kMejQ;nb5=`iHkq#E>KpLZ8qiLo`(|}8q
ziolFg=)+2SRUy0x<7iN5dN&P0&4T$%nwZX_5cB^7IkJZ;y?lwB$&xUsI9&(`s+wK%
zT0ea|)z`P53*0|eB{cPVPn?Y3Cs}sE_lNMLr($>N`D5`E&3hImUudvbEg0`!O~9U@
zT4mxW(pB9*En$2>08>uE4yI^k1;Ur3iF;`ItvP{4x5}pik~{xZiQ!(q!0aP(cn)@J
zZ8Y8KI5yibzKgAK5gOe+KguUWT@b4I4zOiWx%8nVnenPz@i$OJ$pT+P5$2Hdizw#1
zlCdHWCZxdU7`4olA(5A-uWlTX<CC%Tj8X(2Eagzm9eylY6+&TDqMe%vVt*J-uuL8i
zvl7uHoTcnwi^7fkC6Pvs)BRY)w6aQNJ6$Q(tW>1iKTds(Va-kJ<)|<JnHuH#3}Al)
zcDV~#<H8F>+7GHoLimgGuM$RYKP`I5I8M36)!{<6bgmd{YB%P3UBd*(xo=XfuHH^c
z&fLwfS1U7^<}g_<f7S|=_7<m3GGijoLf0D|j{ZJNZht+tNwTV63beF~D$iQRgA>B}
z2>s@SRu<R2_oa6D{QCYh9nf@kiUYo6{z9J)MH(>`&S`pkqFyD`*w<$&igTmqr%&NN
zRI}fX0C-LRjVjvIQo3Gs@{E$7G<zTs@VS2BbB`ot_kCI(?`w(F?wu$rlSMoH0<tr_
zCac@G_VNm8F^xo<q=d0>`8QwcQb)6xcCui9BJ<ocvA%7%2bk;JZFlZ=RwdwkDC3K>
zp5{HF)kpN!iSl8)(W-{a6p44^=+UjNbr@yExqALqDX{jvgaD?Op&2z>m8P9peajk*
zXWbvFfTkImkBZh7z-ezDi+`#(Onid-ohG0h%J3DA%-i2eIosv5$@Mti(fE4~ESmuK
z){W%JqgiW|2|l~uEA))KRmKU3#UCG(^Zv0mUNCpT;l4W0qsnW0g#(31`pSR8xc#{6
zIVBkx+DG}h2ToK+O{r;LDmHt7XhjXo?KUOqfLeai)y6FK0;gZA$CijiK0rVxKtDTh
ze0OiN()$gpP%?A^!}!YOy8GU@jk}Ys*`-?=GLc*_kA5sgSGsi&D>-tfO6s!Nc!fh2
z)$@JqUk)qmx+y2boq!`IR1BgZ`3|jUZ=Z^{FXN;H-254adPmcAdGou~)^MnKrj?UM
z!ae)Xye=M?R%v8z-lw!`c#O|3lN4O={-{dP%s9L;8mb>d?cTtId8g%e+o7kt3eQ`d
z8tJ%kZj#*=-h+8OmE0Bm0vAq_s8Q!VU+`?(Wcg34sXgZfQq%h2s}f-Rb(XKP4%kA#
z(ESDNf{|EtcT4JU?{p(~N#hxb!?YF-Od0>&Ut^F&+syQwi14HyVj}!T5bG&d691qK
z3_MZKkIA{;%7hD@av;V@lgg^3zOzhg?a{OTY?q;TO7w5wY$Yu%w!KHm^?TsVFFweZ
zX~}T{0Wbwh7AM^OfXZr%f{azPF9d8c+6p0`>RIA$Q<pA*oiA<pLSLvGsmZi04m}A5
zH1Nz_<57pGZJ6mO#{;EgFllF*t+F^3djwjU3{BCCB}&x9aqDd@oK>zw>CP|7@pQcs
z$&g#;n4XwJzw@X=;gKo<liF%AUN@D)xdApEZ^TrHLi)O2;pA<3XjJv1=i4`xl$d%e
zBew1Qz7I0<R-zr+sBAX>EYm90^Koi*cvL4QDWT>llOBQjb99~M3dD0lyxwEOs<EN8
zD*yp96=x84T8hBbvtI$3VewgVu4adC0Ygb7<TNwlJT-H2KOn;J7(SH0lWru%PdbNy
zaUCdqn?xc!Sc_De5%^5Xm1F&zO%6pBL4=GeUR5N!Vn`FWuN%(x`4*-yd!S>Vlxl8&
zBCyzkbi{mo*f7;=T^ZM(iyIz6ls=S?`{-nm&z@rr+b~i0*l5Ol0qvlXh74dCj4b>p
zCiPH5>ae*6Ae-}y08=Sb?b)?y_6!%pHV0vg%UGfYaockT_=XH=zwV)*Pe()6gc?O@
ze<9x1h-Nevr_`DFRuzv{b(FMC=8~q*3#>(}$N9rc+yxZSuKkaG65@V_XKml<JRDrg
zcInLl%EU>&C7E?0#bVl&+omcDBP~7l4#vbC{soQtzYQ55l2#RUSGQ2Dey@a4R3euE
zL~a$($9SrO%q(=2lz)`O4U|-2zkvDd19FxRJR)r>|Etzfi?#oAXbP&H+EaS|mwI2;
zkB4r^5#CSan2X|oX$=77em;Rh5H<e&G1{b_{`*j4&YL<Lv4#Le_%AAHyNzTO6tYBs
z>`S5LdnRm`t2)~Ir0$d?IjTM$cFdg->-9B$^FOvdsk{?FJZGfXr(G=9L2tYbT8oVt
zp%Z>lscH6UC|+35$7(zLB4T&<PEX4108k@pAAJvWa0kYm;aIL%8zgj-iVylDrJ<^b
zWLM4$an|U*O=Q-X9@M-YKOV<w8>b4Rf8JG*qR2~(_tyEXvzW!VnI=)0L4yYWWPY=j
zQ!?9Y905B%AMIoCxZ+huW0tsd+_5?~`v6G&gR*sk@Ty`jvgX1%QTDV`zmnXWj#qFI
zO_Ij59sepNG==d=Uhp-mSY-X(sE^&%Ig+dxx1d6@xOZ*|;IK--_iLxJRkQCt<q+w6
z2;!V2q+};NIij`+wY$$4cSI+x_a4jwx%bv7;LB62lXX>%(JXeH3cV$UU3%#p#}~fj
z?vvc9jX5i9&y|JY>JpKqp3{AgsG5QQV-s26O^#Dm$I10g>`Q9?IWG^R&VEv|AS<`V
ziDeNUXQesUudz%1{kq;PC_+gaTlKOm{`RBeRrt~sd*3Od0^d>D1AzOiR+iV#6f%rC
zYeOE3^;3qhpW_s%S~8r=CN<6nMlx-sEWX<5QCIm(9^Lh{1&D8`J}FnmA$w2;aBVMB
zJb(F{dcI)9Vy-<plF8#F*rv-L(f2scd8AT4Tzb%rX`XlmQWh#$N{{5GB|&k@;6jmy
z<*VQbhWgKBc4FJLVq+!M9#PZ(B@b?5ErtoR<g=X%8#s>5{g3&QWvBh86Asqyc>{Xy
zrA}^2xn2offDg%@bn$l`*xtjFzjLS73AO0r+FK4E6sR2}raY4~DX`zP!6J{09fwY(
z5q0z)fimHi@E1jq!@FwH$<U0@K1F;t*ga&dCC7SJD~~vRoM$#6*Kg$K&|{h}-qz3Y
zgp`wc)wMCpchA2)<hdZBX|j~c#KmV1%mkCL>L~VV-SpmAaQIRV7NGC_8%Q&=^!uiY
z@;2XPlcTa5F!N#V5$Z%)$Kylo88badUJ@*1$_75Fa&rzv{U#4Rb%aKM61RVx-nNH%
z+>@cT*q(y?^=UFi*3ET2Ewql<n9VDgo2HID^BjGmu%Ep;v=YwQr=8AI<^*NPq)IU_
zacb0{AmnH1P5EJwY!{vEgaU^IRuz}-Fn#1u-*2Phn=U>pDc8TZQ>Hwn@UqGz5i+Xi
za_>{(P6>0H9?VE}d#h8}cc>?LBF~Ki%D+D6WN{`~iB8sO%_lcjyUw;5FigF-H~`(0
z$*a*)D9E3n5OVURK6%0{OH4Ck<}dYn&}Ws73AHr?@%Dcbgm<c<S7;}6mj;TF=FMsZ
zp32F_+Rh>Yd+|K$>$`$Tmznd1DlxOv0-2Wx3O%8nfr7Z2r!|QQRLFMJ45kip!OvwX
zxP(7>4&5$oImk4j;Zr5kGW}Zlt0Q5wC}z;b=gqRt9IDg%8wf=_6I5~h73^dy!nK)`
zP&#Us-5Ok=?_*L98#b~pT$)HGrFDwrkLvomdtn*HREw6n-DlE|bqLJzf;MF<vrc7X
zLP>8;6EY(zvn6TWBHUIb38~_U{RT{tQ;(ktOofU&!1;6xau5+mZeP3hNwpy9E*hfo
z(ykLYv@)}X=wy{uW(A5cA~q7$@`ypf&VEhnL1F?t*%OjFKS=x9i)w|}<lNfY(35s_
z7mUVs>`FueklNMHGVK8>5j<^bquyudN`CWH_#zZi2m9q4F`uPl(~LfLpJ5a%=R5c3
z*WuZLl}6SdNx0vGnIa}VevrKVQc9!n>y6^CX&7h01aU&?vvUg`xQibh*X7g_q9%(w
z3g$8{#rhhi04Cn72Ra}cwV>cVuV0e9L-@``@2Jn+7D?!NiBC1J5%7pjBKAo{AMR@!
zfb?%7$F*HlF{bxf&~+S88IJRRur4e>7kJiBc(h*Z^V-PH9jr18)ITSj*Qe{xo8H!!
zcn#=jN$axNBi7VC%-G2&bvUZ!n$yJ>(3`cogM8)nbfiJsj7m(PHx`<vTz`eb1cI@v
zUnSpQxlWa#qHl#9bG!rb+!9fpWoS?L?5dZj!?bnCf$m;{8filP{+lRs+FXMZfdB9Q
z42C&4c2umV4`L#Y4&<i%=(~VCg_kxHD*c|8HF_aTTj-3WQ0#y?ijq{zLsiJnt~l)#
zLP-UGRIdNzW>ZogH$(ve$d7#<8zB*qMVe+5FGd&7+Yg0&K(_l^OeUB;ED;OnqdU<l
z8(t>0_50rkP@^2s6(*#hh>Qj(MJVD4d{lvJXaq&fE>kUs;o_GOTk84>f>#C}r{t4$
z7kHM&b64_siE9eUvz5faYnjrj_V!a1SVH~D4r$s8yfDyD<ONR~8&(FH-X>8nNr!`(
z!0QJMz)ZvP4pb8of_eZ7wV-IyHjePd^5!VY0{>6qbeZ&J3QKTkMHgy0pzWglBZwrp
zeXP~<Y01)ePJK2dM%q%az<&W}si!X63fR!Ycj<jIuHnSu7v6*VG3SqqwYmzhJfoiP
zF;O(}Nta3@ZT|d0GONx$S7o=rXf`ycW-Lk29gUy5(Ks>b0bz3cnvvM|^W2yD#<9O3
z*wWKTE55@u47XiRLAwmkjKl{?)vRR6zR6`N>CWdng@(|d6IsG$Xld%9Ik(k(+E`C$
zf!n#ygr&4=sU&8jQSX?1@6dgE)OiACNJuo*WcnPVh9bH0b9f5jE`;0Uu!pjJU#fx5
zuIS;#_*14mx+|MvnCb^6n#D<C(wccp!z5#BcUCJ?kU0G_m7=!yQ5YpX9+r<kGu)$0
z8Rl@h*nxy*a}uHS55$=3A{EZhK9@0k`henkE`HcIeSElkNr-3YSw1_VYl<ZL+J<>L
zKE57Vo+QFUKjYl+5+kt0R-{hq?^e>XQ!Aa0oSwdRE^u?ysBf(<BLQI5NWX4<ak+{K
zjMmPX7T0zH^M13It}Pd2wQz1>z_kf5zV6}>#zhLA=O~MAh&3$$?GQ|RwWO=t;n|f3
zLT+f%LxK9I#o8XLT8mrPainB&AAMZWd10+R=Ydq%a*@j6b1?5w8+=+8SBf=Fe<*C!
zqbFfu(=>JoQRM%)biOL;)Nc=~1O?tlSPqmpD(qy)<i5G;Q<W}Z>{-1(y{=XsUFIby
zQVFi^D`dQnII8z?YqgGvm6tM3vjj&oiUqK!t~l_oifzWU<M65KaKE;|!@B{A-NOvU
zw4cWw&QzQ0=(|=|79|<JY%R$M)l6ECwAfBwb0;Ok<F{9P`{ssmk;Fs`H<fZn&C%C4
ziGj&3HbT~$mvw<D1-pX0(K**X&~&9|_}6Vae?1^7aR~odY)S@9bB$4{5{qY{uo&>!
zvZ+zHq<F@SeB}YwPuO}a_}NSkVtwwCu0A>Aj!jvU^VKrzU#?biD`y|z;P=S1w8|uE
z*qxg-p^_+k@l{Y*)k+pNC_a#1@cqA@Kr+SQXVgopOitf;ht&2QSEo4Z8U^5ZTQM<3
zjS3xJ-jhr1HmI$o+;Pu7sv*sCw{EF((||rD-z1NjUj-!3AEE#?8`LP>aicFIluhAb
zVWv%|X?fW0Ta=3asiK-@8-loWaI!Zq>rjI`4OAxb6-h-8<23NB5_}v%LSM_+lbQyN
zzBl8(G%~`(j^Sc%ENxb@)f+TGGHvcHtDp3KCr%=XBa5@~!m(4~!hUR)Kb>XN#F|_<
zJEBGh80qEAz>~Crp~|C(j=EXFJ*e{wDk)T7$d0MPnWI~~L$G#DE7b+H_@KSCYa1rr
zSA#{YAYpaVqbn6)YD;7*5_qn%kLTOAF<Oyd5rhg`gcAP%&^-8qmLpzoh_;SA-NOfF
z9+N{!(TdvNj1GlS!5W1_P34_dcIb)cO6iOMLhP;S4v;L`xnG3m6+v@OZVm;*{2XSn
z_)8vQwBSb2M=0(tz^&Vyk!7EWBR}~K<>IzKmT)e*2%}GWAfCNZL|(zFyJD63JSo9?
zut}JmUH})yy%CF{El2hsN!!2JeMD#<g8d<OP^Ad3<MZ+%7Zp7q06A4aGEI_IE2npd
z<epQ2>#6-y>>w{>3c(1kkW8B14FrX07cVUJaH)a9FJwrj#X4>#2HU8~jy;Wv28XY?
zLIp8{T&LGW&SOX#a~g5(7gf(e3GS+HO7yx?4ZJ*&hSRo%!oa!BL{SM>Yc7X^SN(!=
z2L_qTodsMqO*6i=m+dzyvbr&hQ0QLnQvsLsSh`*=ovREr`6O{wvX;1XDfy~R1&8g9
zHfO>6)^Rt&=qV{{uiP5*xJ77L1!1&}6Q@J&jaM+)E`{4Ub)U($FjfgO0-8#>+~g>g
zfin~I*x;CAK;%V<u&INuiJE>}!<?nEx)VvI>AeX>y`DAG_XNb~SigNjJU^@;Xj?=~
zqhl{sv;Oxn!@;0(02oBUY~GGPFxFvX?JAD&loZt9V$g)TK=)(7i=K$smN2trGgEbp
zlqm|-z8h)s1qwI9(e#J^YVP>F|6Sky-;em&|Nd^4dS)XanTl6qU`QE)(E>!1yh7d1
z!H3&fz^)&mGH3ZFR9Sug@A^%J==|$28>={`l2(*shLFCXrWr_0C3!U}j=ptNcv!W?
zjFdz1L#><NFIyq~lVTj}H&~i4*ppTo6jXS|>u<nlEQominQ+G!HmhT|6q@dq<8@Ck
zv#*4f2e{LXReOt6GOZ?2?N~Uw(QL_jHNC%e9nuS<a=0EiKx*sxHnC!6UKwz0w`zhj
zPf|LT1n64bq`E6L3w3g3NCVuT%g`IA2ByoSoVz21JT7UeKg9KGHAEY3G6|cya>*fH
z*e*%@(n>yUYLM_5`(pQD*r)Yzb42M)F%+?Md8YK*x8C=v@h2&%$iO{$q|1PSA$iW@
z>r*uo{8h?Ty|S}?Q{Kr`YBG&7U&|xaGTW0>d&hGP%~7=M3=eZt2I3sQ2dHxRte&L&
zUhpBCx8K6x%ri^Wiiwe|A*JmvG590%XxB>$fkL=_p4P30Z81X6tK>MgvgXVAwDw8@
zsOTm|W37y$ZFib!f2Q#jT!tBC{7ctOE;E`fmoI9-DN^<&gv#-pS;e9?B(78;^rUwD
zr-Roq;+fHnWv(@1`PcNETSIJR$WP}Sn2Hr+SK-lJRV=^vNHsJSr?t_s6Pg|<w{Chg
zzlEclKAk6i_7Jg^W?|I$y<d;Z*MXj=KP1a;zA%t~-Gy2ceBb(_z=>0RJkd4bi%6TU
z{!R|H|F@(IqyZHv^la}w1I3rGLSF7d0xZLPIdM8jOKUr>^PYH2O@IBTiQJpInnbaM
za!b8PG9@vpPZeAF%Qq@0@N9FraQk=xZRbKk?)W=%!!TV(%iS>2#I0<B#yS~X(*I4V
z{y_Wl2uE~|#=61TE{{6b=6Qo#s}3E$)EjjqX0X8a%++<u!@9$jwRN`TqE3<1;~a+~
zE&|6sN+ItoZZ1*Z&uTM@3ukZhj!s#E#1q2qq7aR9Q(mn?@5Al8>}KQTa;D|HQnh4G
zCa#o)<Qa@vv~H>RS+SfdSH6|qw99vhtd;q$&p>C|i2KpX1V#Ol%-*YZT8F#^SwLWS
z5C&Nu>Yh-mM@m=JQiy-=Px539E$y~4V-2h0nn8Rjze1Rc0m;0qDJbR`yyxN+CVe2!
zKvk?04QWYS#78E6;IhcWqelAYZ2yIk_HTezF{TQ(YA0nj6K8>)$->oQt)K-Z^Cvy!
z=w!V2@{lt<5HM#%&8y1u58E#?!a(xCh^QRkcH*<WR#!=;Wo#Nfv(UcRy1-oRVKP=Y
z*vYHuf!+=3d53k{#Iie>5MVIoISOLJL(b0S9ryT###r^r&FyX<68dH&Hus^Gg-Hx&
zU6T!%-2k>#d=XaB4tAh{6^RHI`+O?wH@kGak)q{}{D|_BFCBOriR8KU?^ez0Ne#yJ
zK5zC?Iva7jbDMB`rZS(u%*a^YDX{(}FO0<xY%(9$h$}|wP$AP{xdo;$YBKgvGp9hJ
z+T>@*VVjqBie3tE;|$3_S0-w<R^kA|wzWf0NZLJ$7KrgxLti0ZtByl5r4e(K2xG`<
zQ}fnaOek+(ot(WHLFe5yP$dOFBA35m&LJE3pI9fcJ8uq>i_bJjz)k*y7`ozCBBfk{
z$t_kv<cZzFD#mF=$vV5MBNA{e)#1I}OjgrMC|#=kRWo7H8q5a`$?z?g&CWxUH8Oq_
zG>hWCfFBwa0f=EEyua$2sdAl##X6toxwYv(s{+ul15+g2yt|#^Q)_UEM|&6uR1Fp2
z&o#-xrQrO-x@wzkI%f`;MlqIejz+53OSfAa8Do0(;W>}fh+JR25#~lkv@&d|n@yHc
z4^0@QZb+Fd+mQBW&PCnkfvK9szld<&6-XyZkLUU#JUBvEJ!O6+*xYR%t7HbasL&93
z{^YO;+pTMQt*#=PCM$FEXy%gN0?>(kBuOSFWBW~&+o({0PB@C4>R>$KEgKPot)J7h
zlR!rUD+-PX5^4)A1<alARIbCj5kC<(O5{w{1D~Zf3OgyAI4iLrSr4rvF!ZwC!>g+c
z8K<N-;u^mJvEF3qpbkIlEQi=!zUeZF?6i`(Mh{a?dMw3N*i=E?;n#nZBVa}vVR&Pu
z{aQ@gHA^)VVcj8ByGlfguwJRob{SYZi>(DNY&x7hy|3F2Qy4hRf5};XNLv2KvB1;)
z`;?xYl+5OrfgjsH5vMkjr)P{BXvall>L<zUrIQ;8J2A_W$@#B_F-(a4XZjZbyDQ~P
z37;x+{TeDhTZ94jH2R%BT5}nb-$<K+Na&oV9%^7(iQ6_%@8-uBQj#4y9mmC#z7xkd
zQjS>;qm-DX5&-rRpJmA+R!PK)=bHF^o><bOCm%xV7r?-{tVy$M4>aZjPxNPUD>Vn1
z5-qQbB^+C!=9j)*rR9GMf*HwAj!0&ucNC$F=|&(e5N4DWqJd-jc#1$HH}q#qDycb7
zOJV-+%BO~R(yVLBg}d@3j_1Vs-_Oe#^EqP1;$HkRpU;RFR~738+Y6qdWay+6lrd&l
zf{Y*AYjZA7Zpt0d7nH44WpAKU+<tAmIIF_1gEej;U3aGaJBbA>qH?FNojVC?Sh|Jg
zsB_Ln+$!xxrX(uefiJk^x(>{4=BsTrJ4RGykIztR&wi!ZS&SpU<%?-%?`a?{y5lc~
zaTukK9eZfJIDz<CXR$<7jtrmB90z#w#uGw)kePR{+{3a%x#*n9J4*QeEr=6)@(3%5
z_wWUaR*<SYR)ew@U9IG}bsXzO7^~t0{Artns1JmquEA=a>})0eTt|u22IlF74_r!x
zCj~~<Z_Oo)@0a=N)xnj*lg>BF7*><|b!h8P1X-t_R^-U!FF_X-2pQ*z6Ie0mspVH^
zDCZCO)`A5It7}ol<*#!}HO*f;M55kdbj-*)Mb;Ft$IefI1D$#oAyTB|EWCy3P2LvI
zLtE2!t(u-nB{5E(=|-m*6CB#|rL`~hz|*3k%H5}V4x-)r>n)GCDRxcFV9|Du7OMRj
zwBKrYe9fb4d3w`ZrL-kLmqwz<dk+G^6O1~K=r6+KQ9CDr6KuBg=YYZ^7!GIfL8lWw
zYSV3Z=$Fu|^<*=>St8kbP6sBm%nczYuDEA}qik*dpwV>t?=^zs_v(GMx+GJpMXiDi
z+V0&!q|s^bVk*jpskyRCEWZBk*W&C2zGGx!|H-==^gW3;n?s0?r!$mEdjp07U6j!`
z)^a?RUh(nz$-UftwwKkViWZx|i@gT~kufW5XX3)@zZ5HaGhBNV`X)o$#4cM~d#AS3
zTSRvdM!v1sANPLl+zn3VuA@SMumYjx&Nly$L%_i>uYgyM0d8C*P;~`Hj?MGVr48nC
zn{y8F!vJ$v|1)<Yng&8G7L5y#dq(*`Ojk7(>@aGg{hPB+&BV7x+DlC#=fMI^%Z_>8
z=JT1oEpJj&x1>``+({_j(PkIz9}?iKk}|xrC-_zPZj`z^vnza!&a9&^?Mu=Vnm#wU
zOl1r=H0B%DcuE_y=4UkMIw)55u4DJ3$_*x&-_Hr1*DkK>H^QvX(N@*dN?saOfYz22
zSFwhFA$4s7Y3i`TaBEdq%0xZ6{>hg(X5db?PAA(RdR$ktbXYzu%HS$?WsIf(9Dn+t
zi$XnTQZsMQ@5|LSi7_9Pbl-1%a<Abf9~#B}b1pJLzCR&^`llk3f!0k#%ZxMcRc=pq
z;#2Chk_m!f*Eu1Vw)gQ@D?60T(y4f?bu#szh+5=M9NnEXo7eFf&h}1>=a6z=O4X>E
zqqXh<@|jnK$hpoyt3h&>aWm{cEhCwCDYB1VbE|KADcE{C*tH41kekdqCNY8zgVk2!
z2~a+lB(i6?wxY5tKb6cndHAAQ9$-N=js^p8a7e#7f5oCw44Mc8zSKNEGK3;#rj}lv
zz&Uc`I_b`z1IeQXi<zO$CZE0tbM7Df1}%dpF348ysig1L#R7v>%=YsKK$khg3UKWe
ztz=9u=6yKC5SSgATgqYZ+~<zsz?>DXIiikVf0>i&8<1?B*F48`l@LunZ&|MwAuGAk
zq->jV;AGzNHG|GnT$ES8ELy?kw4$M`W7|>`=Hd7B3|iQIx_p>pY75q`)|=EG7-T@)
zi1sx9fHR74zhQ&~8j`A5pYITup(Pk03oR%3Vm|JR3wnI!`$-{S4fqn{)yvVq8FvS;
zBnQoz{WcmI$5Ibe%oHd1uvbB|1JCLi$p~G?q`T`)4Zd4%m3sQJ9#(+Tu4LY2g0|y6
zvb++{J2&^WQ9HV=ool+1igI$%NZDMx$dQj;fD7%j9}25jdsxeMb{Ucf%wIkhHS*vO
zgjxDr72S=bu5Uvm+e{DB()hr@8AM;kEAUoI-@L^9@|@_L7WOX}QS-5+T$tSlOoK4l
zR$hqLC)Dg>A5G^Mf%z?L<uh98nFwlcfMyfoUCZQBU@x^fCp^JDqbP-MJ!qlVt~fZN
zM82I$!vmfF%rr+NZUFs;<`ZG!Mu(;)8hWcLqxt#4PN<#X9-_M^2dOY88$#3a?^ceg
zng4wzUxLD=;@!akJm<sY#46>#urLvW<3Au2L{P$9h#5`OJ<u|-!ze7V(8T6(sDbke
zoE-O~hy0Jm2?fto0XcQ^m`X?ic~YA9FdSxoGlb|6w}Q`j`g@7O?ryuwM!ccj0)i-p
z7*6pytte+8#}pKsFsYAeeP$Dq&651+SDBzW7d!0>rfO0(p;l-V1)rfk*L$;<f8#+K
zIR)Z#JzpGp=U)Cu@cWd(9RZmppZ6NCB7y8zJQ>!W>uaZus0-v`*Bi-r)cFzAV*9Nd
z$B<)ErYf7yW-@72A5`$?DJs*zA~fRXN$+J0vc5^It*@m04eU^1k2>MBL5nT>7Aq9I
zl5wpJ-cYuP>Ex;Fc3-x0$Oz;vp{R+Mrc*Wei>i#Hd8uyRs25ti+d6{4Q^tamNS~SF
z=6Q3J-T>EN(icDpnqCINoIZ@mdi6J8keda%?^Gk)-2?W>8p(EZwarAfu3$A*wVFcK
zVDtU?vlHi+!Y?fmQkEz3cT9fJ2{%7DY%CZW<k5VopH8}YRU@v@oY+E$XnoQx(Z8u2
zPQ|p3YngMOw|I6d%RBIqO0;6Nzpc%-C)6zW1Q~p+byz+Mn3PRG?5=r{nq>o6-jWY;
zpZd2sD4Zpy%?q7yc2a3!?W)_sJEi!#ZuqeF#vgsqi|yEMFGZoLzmz|5^?hE-H+3V&
z&hEL6<1>VxEB(5B0Q*PLc%vv_n`^o}Hn#P(#!iPuTWzX902Gcv)0+A&_aS~=j0=;D
zFP&MM6@A=Eosd#3ptX0*JiiXH&j=R<1fLktv$sv@&zFX04P@J0$Tt_&xn6!%Ml;Fj
zgk`NSu8=V^>((furigMRgE=64S<lqbcY5fipRYQg<Hj16K8%ax(-WWN8sRI)S_q9#
zuU$FfH+iyj=d%bSmsu=fe9k-89bq=D3uEYCgi|4Ye|=*DFU?5^?QedGeXQF`Sz&zI
zDbQ=Or219|kSZ<`O*K7ZXr;B-QMq=j)RK))5Q5xx*E>yr%(8A+S#xUp7|{v57#UF>
zJ{D6hK6>G?n_|IkC0Va4=1dVjGs$B)tgv;vf0{B3GIm;p4=a<N7VJ>XtWQb%#kAda
zteN=u*S8x*cRiaoKApi!Uf~$N!R#T~^BZ?&^(@J@!`sOgP|<3!Xv`XAO%iQ9#<_VT
z#n$q9Q<sR;@M2=ugs5z-;s&9UcDc883HPD?(Yajl0RucB5qyY%X^_`(UBYPXLK%C;
zjb6D-XFscNfyB(F<@;%g(>JxFl6`7MRuI`0Qgfe^o7bqB<u9KRKcr)0(xVMgCV~c$
z#PfZ;?x?{&N1fd9W---`TMLlRO%sS@voF=644VNXT&O!NDlA;&m3iT?8@HpOHhO9L
zCSygZgxTO*IClC1{9v0h06f)6CSS7=8IpQBx@84^<J7m9?4PuQx)jv+xK0<}Za)5(
z%8#m$HEXQv`K@+V51;Y^$Lg~v=<y~|ev&8VXWN6qf1TWS8f-LJXra~NpbUEWjGCEV
z-SZsdNuG8Ac_U+{;e|2F)GD7{!I&$M^rZEvcL?k~i2!dd);-tU9H4@4rt2N{A8ETJ
z@E1-iyicnvxsK&lL;Y)qYO836byR!Z>keLF+~$}p#}e>>91g=LJ-2$ry;i342jQrZ
zVVe~u#Z<hAV|24=onZ9-r#|zhQ0B;iE8|M_H>1uCxcb)F$exRc@vBENRqZi`u09*|
z%v@u;(@|hDWsmai*^wDh#j6<d2dfz+{yrRl^^mBht@1O1&3g!a(hxLnI+d{SWo($1
z=VY%)9spM}<2>HUrSN<!{bc1o!-dXP4%!~+_y`JZdLc)Np7RW6xEaEbmqaz{aM1!h
zbb)fY78RKXs&F5d)7^c&s-&*f<=s-pK+A;PRjhq##HWMloP|CaC9-V}c1yt9oeZBf
zhiRKvxC!7(9TJD|%uICJnIe8zWR6};+w#a~UMjyOYq`a4?dB1X+*Sr@DSG+JurOVz
zaFC=FMCM=0=%CNI24I;7=6|+S99^HR4u1PBNa%f8?IV+k;4Lb(x2f<n0;6}^f#p5O
z%H<yw$tSsDeND^5L0w_8s#BCOgT9+hWvMTR7qnN);-EFlM@23`V7kKLyVzs9KFN94
zH>oIY|H~T~dhL$q5W{=LBmMw7d&v$B>N%<eI^No-!<OL`6xi>U-s4)#UfeJEDhA$%
z6i+cQT7aCS;N-1*uWrpo5wp9PWczM-i2+eXs59S11xd0^*NXw3+!AB$ovm<_*gtHn
zN=1auh}TUl`JEb$YgU-fxQVh43V`#5jrgvKqax=?9elPcZn>iwm<ET3vE-yB!TO9(
zeU+?iXDqH1$~s=^gMf)nR5MY@dNB0w3F-fQWtCa?8~44&GeDay!XGu0p^6yF>E+dQ
z2bbYf4X-iT`$myz1w|C~^R6j1=DsPDpAs3L4~#Ry|56P7r?!=#z%f)*9ra38@ij;T
zjS>vur0X=8en&-Dj1s%#tRx+T;W4O-f__t@8Kk<_O^7GTH^a58WG2&sg;LU42EG-d
zgC5N+K7v!YWiUB|`Vw<tJMSSh=FWQw*Sbo9Jb&LOytMJ|w%zf?lV)VnI@lKliP6oe
zJ-k%OrS8<=Ow`!nUyTQDI!MLwO@pic26}jmaJ4|z07G<IwXPiLJ>%Iv!QU)e<+j(A
zqv0B~H#47O`mc2Ou4-Xry2x=A9;Z~qy@0NbDb~gOS`zIjK$2n$mlF;|b{uMQr%eaU
zYF0&f5N3j9eNfWN798;CP)7e_2i565oKz>Yo%B0_-&xG!$=CFuf}iT&BdcDAO5(1K
z!OwLCcGk`xFoUNYCiTlI^jR`}AL`mW*RUXoRTL!jux?WGkWIB0jGh;Ca$uF~Aa-Ui
zhPP>Mb@4Km6qD+NZk@@cb*jbTfu|{srqkIIDv^8NknZe?J)T(Qx^>F%3;!S)L*M#j
zJ3dGflApc$7AD+57L$NOwpdp)sEZn!DVm^-NgvSa;3>ZO3y3+dn%U<xS90tf?C#0w
zG{<$4(DiF+$j@6L;rKg*5OdO?=v&>Xhi$u5%up<dwEOF#<y`1AHl~A}6Bvba(j|*-
zUn|8bHZ`ygbh7MkjMEb*zX#)ZmFB>HD_qv}&DX;zOkefS%g@qv{*x({{*BpIo`lvo
zcS2X3+R@{hyvbbV^`-|R-@4_Lsq-@Cafnmw>qhvN$<PkhxWL^u2<?(^ogBULD+hoc
zh2gXEFEgcgMz*VzMH$7L2~SRUlM2}QtB!9m^{~dI6#}e6ef8Bg7M4ef$ueNd!SD(A
zE%@G|AX<|1<D=~pc&_ijtN|gJq`9*KKiXPYCVi9ENo{C$@0mD7f}5SFMHsyjyho5h
z&wF)L6j1D%G;0@=t>bP_R<}%^aW6%%C?|=pPF%RR+#$=v(jl!TjY>2Bq@+LyGurMd
zm&DbNsA^-%@x|lY4!Sv@)8;JfxEm8SvvTK$kV?Dr8yxuyawi89htJqr&bK)ydvuYJ
zBs=*xutKzoG|v}urX1tFdea_KAYNZs_`yY$w%Mc2E|+e?>@9fkTC6BnzcKN87O8gV
zgP&i8ot}TGIy5h;eRFD#UN+h5ZInA<vUDk<ybPf|Xl_&YL}X93J9xOZHs9bnGguwE
zz_uIqt4uGWr?i#Nos&GU#&0BDVKKAnA2dF&Rh?ow@`-(U5H9t1ofFMX$%#ENu6AK0
zuV8~epK{*I@vL!kH#Ihv`<A$$@gN{tztL6uQEX~=>wOTRN-Qjw3qOAzBXkBTmO2<a
z`OqHi6m{8*hWUM&a^Ec{wJ8x*=K?5YteI4}d2!{@?Ae<sr8f}p)7QRUDVGOwnH%vu
zXptiou(wpxKm&GsiR=RYDjleW622;V`)(nco7?;U>Wd4on{hK0Z_5PB0qd6<hr_va
zvAks1n2?ccQ!AMk9xyaj><SH>DF+5z6cp3BnP(@Tli$bxY0LhB9A@B&okR7C$PnPt
zu|9#_^lveEwf*og8q(G)&Zp0EWw*_Gf8m2dQoyD_*$>R8=AePa_l>F0mGR?W5!9!V
zwcXX)8K{J9sJMkYdySrP5^zK@sY_|$+Y)MIY?!S?f$x>dJ_wi!iWp<2@Wtx~9*0(s
zz5VrfIZr!Q!pwa;c0AQ$IzFBiz=WZw`5ovRh$zCd-b*Z|h@4wCinylz7|o4L<|_|R
z6}qh$zGD=7C#`H&NQy3&tYcojhGOfl>Lb=6Fo$v^7H&R9z{qK9Dm49x2Gwm@yn_jV
z324ZEI`@8&3O#j7$^(uEUhPg-fSVsU+|-x1Ucn+hP?7cZDCT|1UjnvXNL$&X08fst
zy9gg`o3xGzTTD(y|5!oUEODNi=@L(}F6_<`Oq;#NMVec9XXQFs1oQEqM)BkTDpz*m
z%Q$o?RRwHNS)t`8=W4p$?atZ?=QAm$k)hcZ-Ag`Kku4``&nfJzDDpis$<mB;F|(T8
zC}Or+su8xU9cn^mD3*fmonp<hkYA0&l$y~X{UMtzdQyi_A<+>mFHMsz|FSEu(sYd*
ze_1l`h*D*B<AXj90N+%7fs58&uM=_2@(2-gD?0v+#B$|kn73@e9?*6RTl^F>gLL3S
zD(THP5are?pe=qINIRrQ;T+uy(5ibgX{mGmTo!reAO!W~?;^m*LD}pX4V&Spu{vhf
zw*X10Xf+kt5`N*2b@Z=Lh{Y#Dbf=Y81okjjjL93q&9bN=T97e=!<e-)fV%J1{4{87
zSf}_ba=k}6hL<Ws;7*|4A3DX`0#B)J9z^X6k{#0(%$@mMg$e?fAwUVpU6e~wKEg3D
zltv+7k(U_c5>DjY??O!&poOKs**RoGiQ@k)ME~nyKaI&UI6w<__(OgHJqvCUppbIR
z*ed5gAEc8)+IP~$#2Tz}-zBmLPG*}^ks%MEMKj8Il7DYong4g)`XevhiF)D9LJ*Mh
zz3`YS$^2oY3VZevi@S)%e3aM&Ll~Yx&6JZgVGPm=^`eSCZt2Qo$tsz6+`rxzm7`v&
z(SlYQ2)R~DgY(Yxft~{@RlCj1Fdi%FbDiLimiEd2s?Tke+tpFWHplH99?S~V_bEf$
zHSx<|>JDAcL3in4kec->x4=nbdE$W&?J8O`g{a=ORt$2dTBMS{I8x}dM+A+sepXD8
zn`No^y<=QyBi?E{m=#ur`qYF8HBNi)gi7Qy-Or|=+(g#6Igx7AMZD94mHyh5&-P4I
zQHv%IDzkh4;a-(CK~gJ6|FmsjsNm_XRVpP@qcJ=1baA%?sY6i$veV<|?mAm(Hb=9P
zXsWUH==S-T5Q}o~Wm-K*#jXbq8a+8{hOo1kd~8%7TK5qD|JXY7u%z<;?H^VVw}XNU
znF1~$nJbp56|1=i3g(_`xm2TNPTLgVhNz{cEmn5KG$gGwO|zP`q|`Pvv9it78gs^`
z&8C`ao-^O)_w3L41M#|0;gXBbd%5rX1;uR<6TLlofJ5skdw#!#o!TLe?LE|?w(8u@
zs`>|L7MpkHr<zyE)1QiE=TB78o)1vCGWj`}0r+iL6qw8HAm9IsyVjDhuF65MjiAI*
zk3+O@`1L^jUM=zq)yR1Hm0{vLmX}~%Nj1kl<)=r8d)c`}H}^gs)VyaEk+^)xUV9iu
zD2QWsp2>yTL!HBPKu<khm#)^Rp@x5eYb@2ibj7nnW9vQ%q5K$gUN|t|MSX;<`R-%T
zYa`_wB-BEX&8xRO7+L)1<8PU&22(D*$NNAkA2?txV%V;!l1bk09?rg+UCisNHLQ>g
ze8C80$<k`Tqfysum^eC+1_Vm+CF8!kqVIHP$_{;P1=PtSMlM96*vh|66zipuAYipv
z_>DpYT!#rH@qd@sgVKd-6b&JFPQ8)u9`*<NdjQj$eb}?0H!TrUEr6NvsTN8DD?PqK
zbNKoXST4IepiQZOmhr@M`^JQcIY4GZc&GD6tip?!pPoi89XIBcXjP->#*O374WaHk
zY`tn~>X%zfYw4px$+=3#GV)Dx+M@l$Wide4sn<K{t-<_PF3N$11rPf&Rp+0wa>n%#
z%4LVOH%F{{Pmz|``*Mwp)`>FeOOo%GTqTjhoDs|J%Q6RA$Kz1Jj&(nZGeF+qoDW=Z
z%6MKvs$m@a#UtSZ&&^wA>^w<{HdBE96ovhoXBU%ME3O$WBw!a7OV$RZNu6=WIqAnQ
zTkEXCZlVcdaovN1)eP&vd0a=s$^m}vgqmu!8O*mQn15h<kVn<>+i@&jP*^qFm@qyx
zM7^<+UQ$8XGb8U8YBwxNPbZB<P<~@E#PTEhsKvUd8sMPm=!9BSWjX5T**u=4R*Mqj
zD+wjWOSXld&Whj#l^=>ZPK^{48>#92OOJ_p)SC;1hWW<kGpYmogp-h`Tq5%vd?!Xa
zjEe~Jp$K4kg`{^mQN$r{l#a(sU=m;Ivsn~qP_y<aE@kOwnvpX%9!<s%qvx`piVd!Y
z!M$VgPcUlp@uKguO2akpPs4zPOJo7fZYA$2sw3g9kFp`AD-_$Xn_zrDSd30g4OgpJ
z-d6;;H<~|FQRNzZ4^>mTfSVI4qKF1eXY|M`48PE*`E)(=MM27jU~&N#-No+1MtPDA
za>V{y9=sI-MjU80Pn7k1T9((B%Ji;C7=snVv`%^^_^c@jRZA|zh6zP*#YzQZAvP}a
z(KW!PsYm7xaal&{eCO%kzY|WXT<wL3W8PH^MOpCA>n4cIxy)fB&I(WGqI#45YSF;z
zTRfz7el&;LuNe6*^74&p$FcV~3I)<9H>*&l>w}8w`z8G&diL@D?})DyZdV$$EQ4ih
z*(M`@2?di@Hy81B-fgA5@Yn$sCsRVvSbmMmg6}Z2=@bnDH>aV!B_if$C?A}l%_8g<
zbc(`H<`1G<zCf+XI|>NpD{-FR5(<gVPkZmG8W~B5@&Y1wC3inllsK0ZE_Iv5^Ez7w
z7NxIWD$we*95P8{O%Qnf4o48q<I-~|?#*0bxwC>0&ykD|1Lw;_krkW;HCo>oKVfdt
z&PQnXm^}jkGNy+HX_|+P&}-N_bP_x^JQj+V++gnupdjQrxDp<dtL|c(h)6s(><Nc}
z13v6Whuc*505=e(1L>=q%YReK2v7e3h6YY=8EvOthpU}z1>5Lk4~|Xw+4QBGNo6~o
zm(B97E%3rig-g{qcfBH2kLM63U>YXvc2lI%FO;}~@TkrTe^RFw>pb~Qpj~d5xW7uw
zN$DQjCp&6D@!HP^_Rq-3-e=KpXIKUYw}dGYKoi|7c^MtXd`ab-YpD?+oocQ_5()Jc
zOEmuqWVc8)tZFQs^570pW>Y440Oy~>#!2`r`#&y*L;|w;MEfo@pQVI*V<jDjRW)i?
zvsAT|0_<kBYTYb+@QtzdhN!3ndSmTC={xv9gf9WegB#}m=K|p77ls02DwYcoND!nA
z*e9s4>t{^gOFl4JI8*5z%)v>?TWP8RN3RcooLR)QD6imSSU9{)+J_W?WHAN^Lh5PI
z#8d>&d;p773ag2c0{5Re(4?xGR73O`_0TUlAzS>QTw-Q0toiNC;X|4~NXcCRR|pl!
zHyEU%Gmc%fM5XxBo=#D~o-H$U(@7PqIF|sJGgLy3IllS^J5xML_YUw;(^0SU90wd~
zOeS76`B3M>zn>X^gM#UNIQGK{XXQyuV_jY@peGlLg&QuO^=BEeN<^qMKBAc}2P(G^
z))JBzB?L9bNOHvnJ5=gD2X!@a??gd3%EUvhm*Dyx^uQY3)3_-<SIvp|ROo%8>gte_
zQVu-I9v1ZPJf&`Au@_#6$2K;?C49ILhL7=~TACr3h%-{PD?9QzLW|D!DV`U5YcCDh
z`)Nq=pmR?^elY$h)LmqcVy-nkT%L+%NIdj{dXx(9#$j{Rw+e$UjKJ>uz+!wfA(IxQ
zJTzAeOF0l>>GW)Pjss8bi4UsM16SOr$NUHp0ydZsO7}m&MN`$+!%sYb3R(H;byXCq
z2G&Gfewo0a0HA};eAjj(ArW})1r+e@xgU}%EdK(u67oNAT{KuBhiu+F*AakeZ)ZgV
z7>EvWAmv*XZ6j>#Ls}k4pf`9fF!91<qrMSH`CaeBTL9yyu{`nmoBM6j3xl8Y%>Vcx
z#w=f+ZNIL{nH<Zg76V6wrtB2fVRdZfgDMtsw~joQO@5Z{$nJl(n;5lo%fX*3W}G~p
z0@ehQe9tU?nS$Ku2P;FYwUJx?Jzw0%zr|xbXB#VGY{O~5tHnxn-YqLC#*}<gd|xo<
z{7H?!XQxJxt=d%t=p+RCZI*qy^?O(Vxw!I`d@o@_4Q_eA4YNMqLFn&J#Myq!lvrDx
zhf>OG36bnwwvX5?t21`RmeDLHKbLJvz%#XNnb+{ZK2Ui!V=gJ`XFg!R_71-^f$y(8
z=jwJoMsfe{`kB!TIpuyrP_icZ<D^wux7Ki1Yorfs5ak(`$$nn~YYX@GAJ%W}Dy!|j
zr1C#^)2>wKf2iZr*A$uJVeh#Ou8pEh`i-VT!v})NbI!ez%?+7s0@<;O-k;aq(A>I4
zJa@a2u4XTt#{uc3#T&ar*Q7XGetN(-S3MlCmBtho%nk8FTWUMJtH|4X-0}$vZ-*&r
zJTT9D^Ks|wzF#pqf|vNoyPX!(S#M6Ao>Vs&XhVe#X~*0a8dW)jNHg{^&cBYJYIko}
z+nK-F8+x35uvw2EbOec7rBD^5P=aXS`yd=ovYay5FNESww?IIJj>kcmx=g-6dl$Ey
zz(j|Q<r&@_%=FCkx=j)Sb+bOrf+A0NS+=0ARz2W0LytFz-e8EN2AEyv3n(AeH0!v$
zQ38)u3}@ibo~xl^i|o_Xleg9=pq!yvN5{tC$nQd76C(-L!T!y<q9NodnBk%*Sn49+
zU>C7S#@f_e)*R~OUijRW##D<`Nij-2bK|*{K~hW~R^Yz_K?qm@a{4btBaXqJ)ai#a
zJ?kbDA>dJhpH_?Yt6-PjtRjO`3YFVtg`8(>>p-N0f0`&duBbhJ?oJ?AAnThCF{8Td
zAc?~~0t7H-kt^7*)B2xDMzq(DKQ~rgI+c+b8l*ptYZdnow|plEepxh+E6z%>4aR3G
ze_xIO?p_h*dYk@skI%FFxF-N@_WJb)7PaxRNMt!cTbZ7jcXUKmTWlfS)evyKyK-$8
z#tq2nbMt>MXB$&u4_m|K9%@7|I%gCXGbGEC`vfJ|Yb2;r_=MTuBFV8FQ4(?orSA%H
zN0PB|-^AC}@w{sde0vVJH!S}pO*=Yw5SQsS&$8_JDBQN_Q!dP5s;yGiU$fK>xs<(l
zwYrK1eqOO(LmXh)D|@GuMFq@#>vU`nG#EHj5T?bY?<ZNX796T2d#;;@{Z(5_1Nm(E
zz=4oZ85z7;%>hvz8l-F)>{`w5Rnqx)R=+-go~!(tTs`W2YuQKs{R<0%o5%#~bSt!U
z14<Opd81rxM79>9J>rq?Ou%a27`#hEl#|S}3T-laS`l^NHVI83yyIK-(@^HEbmffZ
zW<OMb&1{$CeC%u~Q2A4?R`Rh9<K_0V0`2(^J#e60^Dik1wcDHbX=q@wmyH8VqbS9u
z+_Yf}K_^QnF5TPDF`TyC_uD@}ZZ=2Hc9OB7%B8Tsa<I~PIHu4d9K9fTt0)}j@-`F7
zC$R4rncx=+aP#idiZb0xyaDAMk41hG<TUP8RRkG+BLq#pB7@xhP4K&>?dBz3U#PzV
z$I4p@$NZ)IbU(eQLC;=?P;F$gGJd0{Bi=0GqX`-!m^7%=$KKNr=Smvms+m`PDL_;y
zRHNyI-=^4ovW~xUS?>2_@*~(y$kW)34M*vwcvRH=*;TO0opp9bITL8M8D|blv(fL>
zG62Uyyphlq<?zQ|4t&aMy;W2b9Hs~IWKSy&ZrmtM=@T&J+i>6uoO!#!Hi97$CP@9S
z3prqm1`NC^f;||I3Pn8F2`XTN3q;|UwX3TJfQOI-u_B0mcZHW47uX|v^rr^7fQMoQ
z!ImW@<3D3_xN`Vc(nX=r3Tx9P68V4bQz#yE_&yx$@E?mSS%Ac3%FtM6$+JTkqC+v7
z^#zKfbodEi)N&U5SR@iniLZdURd8eOS7C*$N2$@v&{$Zvg@&Tx{;M5RkN!c&%F*Yt
zrHBsJEw(s-wc`3b9>@L2XW={@qQ<Ulw|WC-@Lkr80(P26M!C^T7zvpTn|GL9GD?=I
z>|U-hzT{g|4LfQ%0%iIkHK-nCj`_%u9Z2I8{;9!GOGyGmsSjcp_4yqrJCc|#ZP>=6
zCwvna=!8+G-**dy%MbE^F-7UOgli-`Ifor39}^-tdQ8&2EF&@ZbEh`Oc%vNYEB(x{
zEZr^W<h^6>{j!BePTmMdfCvK$cyi|_-HR2_@}DVY&hli(ed&dQ35&DDASEIbCP=PW
zxhFjz>BSC^Id4-#sX4=hR1aFE&j@IZT_%b=;{bj=HKFRtmUpx=Sw>G1np)J0**Ln9
z{dSF*m4c0KG!lNiuP_k&#fuQkR48_+oh{*EwGR!8`!2>Ld(6$s@n0Zi>n{S-a&vlt
zXA}hrhB4~EO6To69LOectl7Q?o*QNr^#gC#x64n>KJXV4ds9wBohhq@2v;07V8=29
z;ye2?-Uz{P2&5hRCMMt5;#|YP_1~c~I%v6tAmu#Sw#xK$iG7d)+FCB?Ogj!T>$Vg`
zrK=SYi#oxWZYIw7<u#e)IWa0M4sU?ICPSozG1Mi7%T<f7kIRcqiZOh{yXYUYE{1eP
z!|Rb5X+P`oAS(}TQzH8YqAQ=suAbgk2xcV1OK`ws#Nny1sfs^0h^QsYf$h~WK@1L*
zUC~RGtPffoTnNt9J?1D4<3h#csU%}1V2SjK1ggf*tA^SVzg4cDhx@!sd*>UC9AINn
zRQRebGRYUvrIDGwsBbt%D&%3)+YQPTVt!=et7?8Yj`A=%EoLr}S~r_{ja=1`6C*lJ
zw(Gd^k-==?B}~;uHgK)HCo}vavxJb}H}jadxZ}B5&Zk*=wF?|CJV*<yqk1*H>;JXK
zKo!`UQp*2xJtMOAy2TcDvAX8$`l988Cr*LF)Wau@2TKbr%EpQuq(LK7(w|OX7|kZ@
z=5ch59GO2aYQ&nPJ1~daDYXP{U*rz%xnsMoo~BLYNLUkvB@aW6Hk}tpuCY5E!WTl;
zNs@;8vT37Nvrx_tp9bIABYKYGcy$V8Ib{b!zPh=>AGrQ&q1WN#?bEB6)hXsTO<B8q
zEW=Nn5)&@vP&f`McE;uU=vx;3{Ak?>6*S?L{k|M)c$=rLO*Jwa21`l>i&X`tq1325
zEz_vZ(|G8{cBP%kym*QKjtuc}|0}a4D%8|<F>eFt0It7AS5v`HYQ2ql6{-TWSY>*Y
zynsh@JxKvy3J;XIx06qX9p)3PQtbCNm#Xg(X^jM6uO8d#sag!Upbzf}u--{=n}f?g
zJFY?uQufy>t+_kuPs-+^ey9vNxSZsty9M_<whxg{S**CzC&VQ`uz(qxwqg4eWi0G`
zF8lc7LwAJaX;zIJ)~>ULxxv_{3AGxP3Qk#Xudg?oR+W8xH3J0W4~K}5zO{U9*o`dw
zR&lQDQ_npDWsv6yh5jSARcx^y47ryO7F9TvLK+><yW34;!6C1<_YWvJ+Q9Cw7^l{2
zdL3snQ;mq=WZ!=947qrLg5Kk~aMR=&{fgxA5Jv*e_3LGo%6+dG(LjazS2h~?H~Ssu
zhj8T`-D(nc<%v+FOTlV%KgV+UtHauy?3=SXwl7mnw&okx@Wuix2pV&0zc==3k4rH)
zy<n(7mE-Uvn=6zKE#{eZEbkZdwb(7`beX3+gW)zkaB9<8H5m+&mjSi3`hMUJFW%V2
zwwGFO0~>=)rsCoDyMM*@nZxPNRA&?}^_tRch1uH4>B*u7WMH_;T^pLl71kMrP%01<
zz8@Umm^4Jl1<of!#e`6SR+eF+OfExY&PdoqmClHpurgfI8(AdM083|Nw)Q5|p&jfB
zs{Dsa{h+NKMs3R65aZ_vVPlP}?-*H1dxMG^c=5!Hlj#yf<IP%GuqIuS+Rn(6u(@F)
zh6-xEncpZlIH{1VAVvI02udvA=CW2Ex;3fDH!okAN%lIErVX^bIxFN@udwkWB3C_5
zpkt-;sYvEqHqQ93RSv|A_dJ6xC-#B`&(ery!O;1L!D@oUhX$FW6w1n0Jg&FcYY?62
z-9an+aTI2}xv2!<$yrS*D&hrZ32djrbgR&Q%7&ed$hb~$%_(@jv2X1UdHOXGb_c3Y
zj9b6+#}I-%qT)@A2*|5)^$nkkSE<pya60YdLai{W2e;0NmM$~@*%5xh3w!A4)`!Lf
zz&;|&Xgopgpp@&Csf>QZ7tmE;EagBdY6TqNH5|BtLdo_Rr$npZLlpY2gY&<>;OX}3
zZdR%NcF<h=ShO2bA@vbkz-P01>W!5r&DLQ!@c_3<#$Snp>Nl%I)|t6{8}GvcBX|?s
z2MlB2F*bbtD-8R;XWU2vkBvYOSv&%~9It>Mghb*pCFJ}njNZSgEJV(WitxMAJvdP2
z#)dcQxg?Yt^Ga?<*$w)9hWOg3b~L48z&TUKF(Cch@3RBhd<Q^?9B|-Zl7|!-Z`nri
z)ySmsWF*7VH3jELiy6}Fe5=<@@K1YQdM`e1kkO`?>;mOyMiz^OA*lpn*B1TltqX<R
ztA9vVp5h7a^1CT`&>&~22nEc+ArWSnLh!VZiHCSud#j|`I?>u}8)G?oHgSl9DN{g9
zNmky3+M-%^-|?~!+7E)zeA3RI=8(`ZCd8;lneAUpv6$N$5yr+gwf2b^R-Yx3+icSj
z$wW3g(9oJMmbbdN$e~qz0Qg55#^@=Dr?>T{0@63}CyFfLbJ9~z5D}5LpW#Z4yhIDg
zW4Gn!u7}YV^AzqF7}~dES~lgP$E4qw*V33+rL(;5(9cRWR9P`swM`6*5NIxbbP%HD
zboz;5KhSHnLHYItN`Wo=O=D8TY<<Hk3EI7s=7c)0LplhI#xd9MX=TeHTxAHD(V%3G
z+$iSp)CSpOhO(PG_M*98EZ8{*P*p@5h+W@9D=~Bu>E*1^@}lOp#)CG=r$ktJiyNJJ
zr#GJGZSeaYpf~TGC~`&L9T6-38s21E29IC73vK?#j&`cx2ODGZWUfJpD81?iK`~#y
zsMArB+(NQ$15lElT;Fu4hjv^K1~m8CxxypfqIDA@<eF?9__69o5-I5+^2rWb%Qr3S
zk=y!-eD+`tm&(#em&Eokw$74>c~g6wSEe&9OWxu!$Fjl|apeTk^&C3Dx8L!U6jkxA
znO<;g`woslbZ3$v(a>0-hZ=a>(<3#Vw|mjY4`1S=E`1D~K<hWY9tLZr2`fP1w7rqQ
zVChN70y8e=pb?XDLhD9ZMN+YiDt}oY@`_oAv8Q>%Tam!lyV)4(db6Du$1QGZRwpkS
zvDR)Ash#{0_e>$!%Aj@@7<Ne}mAxh*;n04WLRrSr&PT*(rr6oU)8%<^k^Y4~8g4=v
z6N=V$%iRLtq;d8&w~<?3-4D`#W_HaBFI@kt+fWqMEwg*=QzAU;--bTOoNNeRCf|x>
z3Y&TtEp#UeQ&<bSwhaom|J~v4e9zX)LU9iHj?)lx<-Bdc*x+eL<|72;K@{JFDL_FL
zO`R*o0Yl|Sdb{i9jZ?214+I+D|HhrHb?S|M?bCGr&Ed(<l4r`dW^1;d*V0)^2X5I)
z^{iljgktz3zA<&G^5cmGH6b2WzDLFLyzasNzdSX;_RWJ8@CpN?<8~Bv4)u84yfi||
zg2&U6m8xyqRvZ}+Pd_r!+lIz3I`4e$5)ICfDAwzXy3LvU2cVS7xw@FU=R=Y`?!zcN
zi}OLAnVz<k(_RLqLrU9!0PJkPzt@=hyz1GhD@VM{E<`;Nb<%@PX4H1>ltGay&L$Mr
zC9sWyTH5=L)B`C{YXs{r;1jH<_IW45xrIP^hmvBDC92ew@>A)U)@CtSN*=AYqP8!8
zImG0zIzZ&7MD3(_E`VgnM%E4VFy7tNN$I%oTrax^VROiyMt!-aR_*@2^(ms;7b@C6
zq4G3;>+io)hd8!s4N*(c<-=5}WCMK~f^~HvP859Qjl$E^>OI?+RSwV8A74{t2od8m
zqSI(3*=2W)>4g#;I^i1VFTc=JxK>!^T_tNX+YHK<y@LeY(ya{X4XDVuk7V^q5-)1t
z!5etXP4?7=mCWN<RZp?$okO$W=&dfQ$ILnJgIT);qttR{F4B<!uS8d3*ti#@NCuGc
zOOT8J)6Oa^#g*HfVrCQtd51i7vjt(poNa8Z>xQ9UL5N_?e?gqX8ijtQ96@5`K^3Sd
zHjE#Dse##JHXaf*(w^Q@fo0WRV|W%LjTNXcxyS+#!rYqQjg=7Uwcj;5UxUPSTWxbo
z?R9o+Bv!@1tz@Q^;68=5aEwFMtLVY~H3kdIHO+_$ZmG><dOGiG{yGh@IcIN`;bHr_
z&^yjTxnG4p_1RzHYX0wDtU395bDfd@$KFIyxWm_vIKv4uotWdueZ+dnl6itI3b!}%
zb}ILA>@~%qy`zx(A{K1jU2jjTdLsy8^Kofz9Gc}*bXlSO5It_{-gFaU!}khY63~fc
zrD%h2y}goEIzFXh;~u(QS}g74cKX6AcR#KS=t;j`MFU2V4BsNUs_)o#YCQ&Gv0mOK
z3W}|_L$#TbOfP{Yze0aI(nZGAgc1cs_5ubKe1v6Zu3J|n3vgK+z}L5wee5C<8VUng
zwTdSc?nPKUV2Jm6UQ7Qa>Mt8X@wvpyYpSryNrV7~P<AK_j3;vFwzs5gMieA1ciKYW
zZlO!apN3gL28oYCXb8ZVly8}L4YwnQjwy>%o(`Us-y$o9iP=kn&{z|?_0<q5=PNX@
zK55OY;_Q>)UOK30e$PhjtHU#}KNX9B>*h?>fr2m8c>}hGfU0%X@K?b=LleBdDIC-x
z<oO#<s2lXMG9lzHC0k@C2G)t-xL*4Ia!Vlqiq{+I2OUCcZ|Q(8-NMR#&P1(ZqDg4j
z$K;g9_NI7_RU1l?aNd)lLeIo~9UA<_Ggf7LbC4AHv4@hO`Jb&l``;Si|GD7vp9nY9
z6%JZB*&YO8613uD0dnGPI}+xMzEdMUu#>brb04TeHYDRfNJJ`5iPR&Zsv*A4TnkmG
zIKYIo57PtG1%OFx1P-^Po5E2pQ{WdffC<@hI1<3*>!d7oY+sOb2z!r#FyV5by^X=}
z4ZrzO0|WK7M`c%rNl)f^f|=6o6D?rZF9PBG4yao;Q*F4YPw1W)Cz>r31bl%SkAE8m
ztUVwnGGrQt(0)DR53BF%;XizqF~64I7_6Vm+N%Uwseo9a>e>~LftGAYW52HR$5YFb
zHx|aN>kL<|ALaooE_;b=?_Zl?@>TM}9<|=O`;=3&Cd0zGs>#=&Te9}B>xcJ?6qE&*
z3QnUe(6T~Q0P!r(LLY654r+M4mlWPowq|yQzIA^U3UIvIt~xkf8Ix(<(@sHa=<+s%
zFwlcP4A@muTHVxi8|4c^PE~VATHobrM#qX8fR*#DgD0fCPGcAHI-sjVt|G2rvmEmE
zN|!xqk)P!({u?^!-a-SiI5I^$<&Qu&IPINe$7@8zbn?`TmlYUTy#5ZN$^yDOhb?Ar
z79vsjsU<wJ3q$GT(mxDRkT(jEhU<9dDI)%&(Qo-s{IJ2VDqtm?kF%Jk!{q3Ak@<dF
z!Tr|lDhN?qg@h1)Oc~0~OQ3V{e>#xXEFTU;9MfdVI*Qt5&#sseDabIn>wDURg#=*A
zCQ``u*sKu?EKM^QKyelXA#DELMrXqqPq#{vU9C!MdZUY{XZtcz7|^&%4cY0mM1&l3
z*;`3Bx%Y{$r&=-ONZ&KI5O3KD)W&-unJ?*90Pw>7j=*crKDqgZA3iw|q^M5=Vr;Pr
zl($47v&0-}89hJY;_k|j(lqjJT_CaKGo`_56On~=8JYp^8rX;g2`lh;#9mjl1?VCz
z?T9Dw!q&n~dR(tk(USgTGzto7Yk4bd{5(7wb)Q-BX?jRp6FZ8!6Lhze49K3X=6f|2
zQQU~p8LZK}^<K@feNQUc>RX{HB@VTlYoGjN9Z;p|G(LZtY`GIRR_heo*-*-lolj%j
zczbO}VE9?}RM}rv_Y?~4^+=SWJfzjoW>X-)(%&#K;8#UfXx`3UYMTXLo0Z4gfq^!!
zO=gj-Dc72WW`@|?9UVq9iEVfIUf*{zSG3{Wezs>+Xh53OXs!0-`llY6TMEmGGlvKJ
zwN|GYb+?a2&7LV42PlWXb3EnTy78dqH-k4eyw(||7B4c5<%rj>@ed<-c+=8zj!4s#
zW4l6cD?J|*XX;g~Ifq+c7>hFIsz+hTQTJ2b20_WWCH&~lD(ZE2p8sKYjc7ryx~2+u
zR9#ZBv93OH8!&Gc>qFta6N8A=RjRU3q$AW+tY{V_TeX2D^|k}^-w&{4X=rH-P0y4o
zf`1CFA%h&dZbteuoP3xkJl+Xelgv6$rlW%UU9mb;ho8FS@l=?+f&4kn9?JPC#HZ<0
z`g&MZO^Ata6#7PedISOomcbq-kNp^SNk@bded#kLPvRX7Zg9=4OV4Dw^NiglKZ?2g
zE?2_I5vOX&d6&|2Cz@4v9r!@K;R8nT#vZ+_a&|k-n*I4RC6)QL93H3@o4(OQ^9GiR
zwr-Igq&3Og>(L7tGlq}4G!X(I@iT;2c^rlmz$<b$iTj3|{<+Kz2jY>`$Hp$ZD+N=2
z8&$=Yb5!$1o1+8&0Yt;b%YMW-k_psC^iOM-(^bz@N9#|ezy7;kb+2;SgaY1UCHV(6
zKaSW;2U3G$MGV8$DV2DadZb{~yKcl|MwT}|xm%zu?q4w+?VJ(8i=b1a4`e0C6|7lB
z0g%SFdi6vc?_Xpg2zws!dSQ5_$);K5@hWByd9YuS><qc*z2cB1DUXT5ZNA%HHLKWj
z^Vx+&3iu_EWf$}aO_7sEhk?oI%uMC1Kof$-0#|t&|ICOxqo`6-6LF~j&+q)IMaZcN
z_F_z}3hFnzcg@TqJYaG+h)W_u5$FuRMeq{Ess{qU!B59L=aq!z$3YmzPRO|4<wymX
zK$o~D$G)}@j3!RkDkUqN;Msy@Cz8D1MCtTczA>boocHo^zm6NOnZwlsu*Z&?xSV!m
z1%I2C&U4$dn}{lHYi}w)HAAOv{>{u-D7*rfPJngkgFX}(x*Q!-VD(-Q=4v-7^hbjJ
z`>Po4a}6DzAuu#uge6`PkZ)+EMC(z3B<eGz>^lXGHFw=2bzxoEL#L8_lx5B|1%QS<
zh#Pl_geO{kC~GZ<yg<E4g*6x4`H{<Auf|+%B;ib6iSXYl!X6}pBZW6ts#GJ-Z=7J_
z95kT&!c#TX3~r_Z^1PTRb6el_MxyoaVB<b^{-H26roI^ho$sY0$v!ZND05MJ^$L|;
z@P4Gq?dMtef5JwYu2Il2t4p|okUd9$fGGjNUoJ2VxFQD2E=7$EV6)#a=qxoNlj3f_
zOeV>kp&%Y1I$lX#893iGBBJyW3cL#^DN+%1kHr7&jK>*DZhU0xqm*>37lbIuO(m+R
z8gA9A4Ze{KI)}sCGkC^yx)IM5ZplGP?4%4#_X91@E1t5A2mxXP4~9ziUv_5Xf2Qv$
z+J7eT|Hlm-Muzjy`YaqUBasP_xGX4`LZ&Q)VFqXlWh;v{DY<h8@e)bIDWMq)R)-FO
z`Yxa~Vqnkg7FH<)H;uMReG4@bXov>FVT7nG23#4i<OLd2MhOoE0~$vKzvr<r8&r{t
zAC>P~gZa0&chB1@Oi+(8u4{Pq{2gaee4$G6PQ)GAG>B*-;iq4{l`9+Z$eip^xk&gA
zFi)v58^-LNHjD@J>I#LiW!bDm6#fx<RWRZ!LlKxbAf5AS-FXswuuV;d?wR2X*)B<#
z9TNoLmyp$7e9fO>_-fgNr*;c(?SP&+o4ZaU0*r`c=mKw*90PzX$I#CVAQ*W)3`ZZ<
z@h9OF%9Fz)OJBJYqORe)SkE4rk!$hgXTPVzhHTq4l-U|?$@g^GR2Z%%sRE6iQJWJ2
z_oO?Wwow^cU9EI!Ar`N1G^JgZIR)@~txyd$e3Zqmw`|st@5G?<Pd-?P0fgrRm?<+-
zw1Ed$=XE9%5S5AXEzOFD=W`bd1XJenItKLPNas%IBKT*El7DDBPY`tulsLN3OGJPr
zns{|<UAkhC<1!Xnw7pu-IB@oxkhuEP=K{mTh2Hg|9fg9eF$+bA$0O2;gc0{FbZDgW
zm|zLLRH=OCDkfwd>O+^-5qLy6iLSHK!uHd*ToH88eyCb)^(6GNKoGSYf)l$!tga^D
zjr8i91=M4?d;~I-E`UEFmu!)wo4o&C8QDbt>2D|5K;uT)!8bnH9CWOPFSJ_CBYKGd
z`){CN^rs;D!?vB2`iG@a6a*1AJoLJ~;{zpTN>%4V4f19E8K^PeVpiRX!#2f(9@e2m
z%JqwXZc#N#lgLEiP0p>uEW^?AZK?i^bu%Sp2ippObyh|1b1lHtbO#ZZ7WWLSw>j8!
zg<#Qn(jv(u*T`0-!vNae7D(@lbc-BO3ef2?X%-)}B=>14TfYjj2#4OaS}FlxLX1&4
zwx)^=ZE5g-&iL`ZOy+&R{azSD)Q(JLGfaLMXxkO%UbeY0@^EfdLy)^8KU5PLQ=UR<
zl-+3!7^5EZwAm(X%>woJ;l0S3wuPOGUJJXmefKtnnny0%N15FFM0BQVstNdcC$Erv
z;&jx+=Q<y!lQ-UKZZ2d-cQ$*m3@w-Le-|3})A^BCmtF5{h|&Ck_SKl4W+mTV+`oIY
zb>Iq=jYMXyS(oMwW~I-TN97p|*letgvi8ky(-TL-Es5W=64RF+{fH-qf*h{92OLzY
zZi#TutJ)hc1Sfq@EJKO?J#K#fwz2kLQ`FbVO^n8}V>v%~%U_*oSaB{mtU$SFlm1b4
z&4F?jp_y^Ac^uI)Q`YV-Unq_#@cwv@80c=PSZ1TY*trsYf1kQBM9Q@BBNcM`O`no(
zED33&CH<;z5bg6&eaF~-_Z#)1lc9y)Iby3h%Zs0%n%3XAsWOiVvfi699Cb%^I}S$b
zOdt}Sa@mqreo)J)O$9k@ocY&KtybFdO~5hoix$k0m_3e-M_-Cr$%w7U7J2#WB->Lg
z>TU9gd6B<)D^_mg$x>z#TGS0p?NcM)V2yS(B{)L^&fSo3n)0m_6ma1ifq`$#jNJXO
zx=Dhtwlcyxf5qnZ57&0$<=1fEVIi9Rz^f7n)i|7+{11Q*<(A4u7UOHJxtF$Y;f9SD
zc%hi1(P%sKt-)x#$x?Rg=mUK1@%pCsaA({*eEbybsis`g!hO5v5-);UX&AMm>Tr6_
z#$R`9x$-Mc!$y|YB|lcnni|ZP4EP`jDqA8m>+%z20kB5l*pR%s&wU%N8x^fHvMR+{
zh_~SkZzKqr6z?zT1>ABKVVkkDCAIk=rS8Q5qo;Uwnb9wz{^E2$m(rH&2SQ-OaQc<|
zMjXU}JMO~c6BpYLXR=M$%I<|w^gxd+?`!M;-7z#S^~Yd&kQ+ALNf#0AJq=UD{}Or`
z)xvs_rZxKnmPd8&iL9UDHg?r}t{~+fU|hSEZ(ld=6@j)a!hWUq9KUb{^;uP0cD+0H
zmEw5!NBGR{{yq<vC+DUD_@mU{9jB_CDo_@w*Q}ED=guh$S}LCg>BQmorg3<>ogNSi
z>!WuZMMo6FsB-k7W?hJ=*xuI?haz}Cgw+nnkww!AS=O+-|Hp1vHE8dR7&UW_a$k8s
z6wR@Gd>JZOO}nn3UmNA&n6}{xz=Q}&ep%x~tv5RGaBZ#PcKrCvsdR@kMaR<N9F}ga
zayB@Jfq%GPCWJwxGY+2v_+-mrpxEeZ8oKK+-^EMErcm-~xh4vihQOUL?+>PzU5e!U
z#+_>fM~Qo7jOAW4-~s|tijePX4Dqs?SE@l1H^}NJJi%vB9VR~tg^j5DL0cvzIyuh%
zAlCR8VYOzkb7c^)zBV4w_BO;c`VsN$AkqpbGSj(*)WV6fpe;uX79(z}Fwc45rFWUi
zG9MM%AVSRU9n^H_(6k#}X~d$vBxF`9DA7Y>9YY1)<i}MER!%15W>Xo4qY`el61XW_
zMTY7J0(qhY#2HVjVfQ~JT^`?0S4|YR12;|M8?~drH+amwDy9IqLu^NEe!4f8(0dsV
z_h^5oGeg1s!F#Fnrgd*f4fV+Dt|dJEgLsD3*Pl3&=v$U7^zzJ{i>x0!TU|9`f}@X8
zGm4Vs{_u#JK=cs&#{>?~`*A%;fW_9Q<n-X*?Akv=$uX7);4?o#ZozhuWZ@RQ&*6z*
z@buX>*Oj<{{H(2f^7eREojSkn(E+6-c=9h1N7sXoRZEftg8x1`AfhpB*8gXe@SiyX
ztodUVfH>CqCz;X#SO#xQXTSkt2(8NijwCQ~U{!t>7zsqC(HQnh27ZoFa%}*-E0Mlq
zO~@eRjPV%TS^AE>5h_x^ct3>OUlXd1WSP}Q4*l)qOvzac2}qtj{it}<Xh8X=P3A)w
zV4%r3Shz^-5LN%47t=<<Ls=i#S=B_&I}xd|0Bsm(Wtzwkm=G{{<Ost7)Affu`m5S$
zJ*<Sl;R?>}5)=1z@_ZOh<n0vS51{Oz73wDi#m-TLINbbw1i!LbqPFy1+QCt|B?OVU
z*6|{`H_`k)z3|u;kv@$KQmkB0Gw44nXiFX;-{}a!zaG;`Ow^r9yuGc99LY0IryE*Z
zhz$e$M2r%=vJC}C31lt*qQ<)KEd5pP>H|R;x0EWvwCsokPesdUeNptpxIGHx)O@zE
zw&Pe2q&#UkC}J6j#c;!|r6CH;deKDSF13cAj2>&Ouw1rjb_eDDN(xztDNCrYv2b|>
zQ)ukh8oR1t!`))26^60f;0yytX}0ed)iO#}5&4y0+bQD|gR89E9=tu$S=QnG?v)%2
zn3OM1WKBTB$U<OrfkKHc)|-ce%CZ8hO(L#ziiw6rtIfFfZ&|>2u0X)wyT72FHi-~2
zq?L%_+@h_6B<{yADsvN-bT(t<>3Z{hPi=Wot((BuLPUX=7iTfEE|W3fS0R{kdAwE$
zn52>7)*Yj%_D(qtnCG>E;apq$XzYHSh_qk#ZCfb2m7myR8GKZtXnhj9PFCDDYgDNk
zj%FY3JUuC^%!GXk!0$_^YxBt^Jt}7BX9{Gt2<nlbij}08v9q!kiCM1>QF3f&9i5J}
z3Cv}ekTHDbn}zX!<juEHlH4vjS<ct9$GXvHC8kpiD#c<)f=HhSB$0aTSnhju1eOP7
za?eSkZ{&rD7@>cEcr-uZiF^_k?;$ZUE7RNR<=JbTbn82bEVCe08-z>DRKjz8muHN~
zMor?HKg^eG-qn**I?b~Vku_#Uo-+;;U5`;c``WqBIYtrL-IIu2p8Y-OZdYsa0@K_g
zq3W6UQq+PKqgneKq9$1Lk*(@mak1X1Pfwj44BZ@;p7>^OO)+t_roQCw#G}R0nSXbV
zPy8HS=%sG3Sh8Q&Tu~#Em}Hw&773H~J>23Uy`lKs%M#oL32S_c%|6}Snsr}Ud;1d{
z?tB|hi?WWBr{t}TerYv$X_s`zd+{%3&hQ%UvdrU%WKE9j&6%bw`@I*=v;+-)J+@qY
zBA`rP);rQE`naL}ski-_^-;#`tmv^QMPy4!^Wy^n1#8yF;NC`BcY(#F`qk^B1~DC9
z)OVZM*TK2T7O!J%7bT~i4*En6oma6P?ugfLoi~R@2&({xrrT<&Mc((Z3h##_jg??A
z^;=C4ke*0P13nJGJ8#$5H}8o2+s?>~H--{G*<DJ3K&FROdvGI9O{>5}C2PtZHgylA
zMc9jLuoU?;Jb`{|2<6>4%R|2T#PiK%QGO3#`$k=;B8B<}=Wx05^~;8h{AqeC)urQ_
zvK2dNnR(L!-+)f4U~c3P+jmPVK0WVX13J{$;WI5`JaE0DFx0>91&{7lcV9?f*z}iZ
zbdDnEpcR`Mq^!9Q9Y2F3-d7;{pKasa@5rZT<~<H#=$XZs)as9KitS0fa<aIce7r19
zU3<LoX`=<ZWc`fL%kt{Cnuv23$DR{I{hQCo8@MML(cVW(bZ*1tNL8`ft}X>L?~-2+
z`ACY2H+stylVQ?lE|B~Kkj$w!T_4rJd8;;Ku%z&w&LZN%-j{*_?uGrkw(!{{zvrGC
zog0z_?kg!eesS--s<e6BH!c^J{ZXZttK<FU2Ur7+QB{s=(<XL)ZG1$8^X5@qNK~<f
zbNZ$}BV&6DulAzz<CchEMt%QZxyi~!85=xGRehJrH_x2Ps4p}VOe#-pN+xXcO@r42
zll;~@7GV!xY;zm+exf&7bZTP=P+CuT=OnWh2`1B@(KD?Ry!fL@G1bQRDZ}uC4*f#4
z@V7hsS(V9zmoCRIGQ~!|X-6!=w8NbGmI}-AJq)!w?O>|$h$tRMZU0GE!Ev}O@W9&O
zoyq>i8n}3Dya<)M%+jB~Y1LX@f(`En4>wlk&N*_5>QOPn#N<I482x9M3T@tKHHs?N
zZxwFCEt{5b1K;yGWUK<q`Z*GmKl0w$0p%Sh#{0w6Yee&pY0YTzyPXsX_x@@=*1jAw
zM0Quzpea52AC&YPMMz1GJytO4Q_H9~OfM=n`{};Wh%<3dY;Kg}I6!Ud>O-8Gx`Vp#
zya|>hpbiQ~ljq*?BfHr!$rQJ)tC$#G|7R|e496VPqDIt=)c$iS4(3EjJ>BpXN#k$7
z;-g^kQaZ5Xn#|ky6CXGuci=u{O`_iMx&Hw49W%0bFcK=|^{GK%_$*A0eA`3U{02v|
z)>78Va4-KZMAC16ekew0{G!>GyqhHU-74r{qJm&+oKBTIqt|bp-NB~L?Ai!Pyn?+h
zDw_{le1UmWKlR}%<|ZI3S02`79Lg67m{-LpNl*O-fi>mafLy_a@a>X?-TzZs-~mI9
z&3ItC?7aLq2;%iL2z0j8SP{Arbfuerf%fOI;pC27LE8x#!O&JGaA?Lk<)z#S1&7b5
z&d@U<(*Ycq_Fwx2_~ifpR0VL&01I|$QsjU+?4y^aBI$g=N;uQ4_9>vld=J76SZj@T
zKzdy~L}LZ4LYT@{1bYn|2e>l9NKj-dHxf=rK-X!hBgY^p8Z{y1A$Y(HRY1ZQqCO54
zCJ$gHo+3|mY{?b5C0(i_xNrE^>|XlJq5&R1pl!t`8<U`5_Uvg!>{)a^3zYk*!Ecr3
z-#~kBk_d5;&AX$(O<R!)fZJokLS9P$>Sa8{#@Il1rj1<cD#VxeZ((^=BZuF!Gh+ry
zT8Grot^G{?2|R>#e(-=VjBbB%MsC^5s9`&^XXGh%KiJySaVZ+m_3_tPF~~G58{IEk
z?7zt&GUQmFn!^lyV-zYxCE$z~3B_y;FMbH0;sm?8u#W2#%E?!ocURL_9-2`zUmT+V
zy=q0GcO%HT{Rn%J9a7XBNqf}%x4rqAk%fe;JXkr06O*LwY5bo=gBNiMFD9qSOYv^9
zS>y>4%&oL*(_alpsQZc@u;V@zO~;GY9%L?K6(x!IE|%|5N{mM`Jpb&LEcqa|_<~fz
zwM(OlVD4LD28jgRqaTETwU~)LK{RhC=w;u4lV6-~X9lYm+l;*xMEEnH-Ga4=pM=<2
zHanzG1-k>`RA4aq0uJ%s<UlzriJUisgDmS;&BCh6;&(hDjPuP89;NBdtQciE6k~<N
z`K_*ln1g5medPLJDZEDcIdO3+n8PoR|HE$xj-cDL8Fb(C;6_(&O#SIh5CVQwV%rsC
zb{=q&3t%gFtz&P9p<Ro~h~f)e?p4tSJsoEZQ*G^u5*Aju+Mbw<qv&DKX7iCl3j2M(
zO@bQB6DP;5*t-%@o6H33O>*$n_1Ur9S90Kk(jju+X1N=p+)(18xN_2T)jqjm4Aadx
z%)BV$!ybc6woNID9*MD~7?YT)G@Sdu8ZB{oKFk!@F1jF>^j}KdAj5lsUsZ`H%eMF8
zoT$pz5q#r!N<0A5+xyE>uPIvA^o5GO&zVrx@uJ2kcbE0lsI>jP&JHiqlDn2pG=%20
zz2Gy3##{nW<(nHbyCjQdn<vi4e9R(LCw~iUFaNqO^1{31Pwh4LOPlOEj&(+_d-%G@
zVV}=^*_|^77F~)zm!Mr3n)M6$rtK6P6EwOpdEw=c(XCNq-m`C6c;}DlQ(p7>jn&Z$
z`mL{6-W8ARR6U6(tJ1SC9{mGRwCuF<UaB|hzyfS$)A_>}ktnb2QB6u~OD2!gbKyHU
z#rlJHl{mH)%zr$N)_q(X^=tD%<LC(^vyg{Jl3z5J$i=Yk-y#28Ri;`*(OqHO$TE7e
zs~l4^I&d#z^VF(#^Gxeqp}#l|osaf8S6ePFNwG41u9^>BlX}aHyDjd|OCC>KVeBE{
z@x*M?jer%5nA0ImtW@u#cFrAM^Nhy%kRp!sh-mbd)ucM3!evZ-->2~C34H-KO5%Ll
zY5Znq!=ySrA)wq_Nx}TRMl8f_S1sfF5B*?3<7?)5{>zs9tz48fWrK+b8v#)Fsz^+`
z*-L8ajk6yM2qha{`9OpNyDPB={J^l`%|Q|?>&x2F4Q`pz@oj~IWUXY^vD=T}^vM$c
zwwHKi-oYdtJdVJ=qq}A-t14<BthCnpt`6>LDvK@`@#ZcqhawSZx0IhV;FxRK-R+B&
zZS@rdtXDhE-Q_PP3;7bA{7gApd%PGVW9185Eal%}$JH5GWrdskc>TkH)3k;KV-Uj%
z6|64a#Q#HPbrd?@I7qyp0`|;mQ(|Uig0Bt5JVYrs;CsawYsLP`YQ}k_jT2sNvHsLY
z7NsnfjyOV_%{z~b5Lzh%S=5JnPb!CsO}}x-Wgo4FBRUT6NzVjA(Qp7y-ClImt+-#j
z_`U&^=3Jp<S0NFWPi8J_EXNnsqvd7W*v5{)SCz~<M&*&c%sq9i!+RhzjzVz0|EkHc
zz5ifCY?VtrQ1|DU9J*=uu~}Y`amRv%`Z-15@CK?rnlntQ8$oY>M5LaW$2-<*4l8ot
z%z*P`D`UycE*S%Kja50azpqFlQVw=jgdCrTDPu>!;AzL3^6zj3dMj?g2Dd{*_JS`9
zb_@KyRxaX+D6`4~i4xW-7o11p*B!Kavop(5<0HyGReSkun}({Qud3<(Ud<M8eRn+b
zTea7LMLquj?P~YS68oHJV{8}O>WhweXjj%SI#U+YM{>xgc;d&95>4%Z>bVX@1xrB%
zVO5U|v=uRvV=sLdhCQIjfATW2ysW)VxkankqkaP2^3xufCWzZr$2N)xg?nLyiE*6S
zQohqt9UxDMz$4xuG?@D&Bl4{NP|={wqP|f^UoT(;=*fV?w9U%;t#;p?WnOAH1sfjf
zDeXk#Dl;P=WzE6U64?#_vcO@U$_qr_w~08TSCaV5VYHo{1&jQdR<Jw=sX$-+2~8+j
zWpA3PRp5+<IdXfw9lK~{{`UBIw4?U}C03LZrA+R(FIoz*5)JEiZ-%_{M2qUwn47jF
zp4Xl#W#gSkfQ3EL&BIz>hg>sA!mT)y#Y0}7fS4f2iPCEfrWGKQo7VBsE+&1%?=YJj
z<*vs0{(7(lN{8EEx4riGsx>n7#ccriO=~L>_L{+^xOX8j`#uksisW{yF$RUeG9DW7
zKLiC@I9%!gS0@&%2ZQ((@Ih}+NdUPHTH8?#36V?mg`|%~dd1y647S-YGWsdH%RU^K
zl$*2T{~Z#rME`w2fq@g^{`39+b;Ea&z)D0kbPxukAyKRO+&k=zFNDigco{4JcUsD}
zx~MEZzFEq|nV1ZNjdXZykXEq}%}%5g0wY;{ZuDfi$=?vWlw!gpp(dpov^6M1pg%*M
ztZB)rQ)0A(z)>=cb`B**nE$+^J96=u?QDYl!v%fBWpR=+O79|X-86wbtX5-Hg-<9~
zZ%s<PdJMwh46#&`jYqGY#D*kUSV+&lQKC$nRky7$#yN98f~0voL(M4hyxK`kBloD!
z>?&Yavo$U%Wyi#fp}%J;dy?TL61oQ;;$`lNo3928h&&|j%4!F3!@?wR>nRb^Ae63l
zO5DbBnbOc)8=pyqaoyI(f#l$+TxS2*xIVH{Y`s_wA&hr>(~BHmscX~)e1eUGfFkL=
z2<P3w{N`ViM7YF1r)AS`zOPc-3t}C~425lX0bsMdhA-O_pfG7IA6_XLjhsRBZ5<*p
zCauP0>Kg8+A7_-V2oX!z!u_IN!dp8b$!$~8;7)`iI|M)1BYHjZcud^{AB`q@UQkI~
z9^rC{t8z!q)fh&9`v*`G`(`q8InqmkepF1wxIjriKcWH*#KWW$7Co4ay(%XYjmV(F
z12m-boecvZUbyi-9)!P!H@+YQT*So4oped^#GQ)BC8QoaoB=jd4(uh@iwuiQlyYX#
znR?PLZsl4*r2X>W7z#FJ!HFsb=-W+it1od3c?u-I%9Ishe(MTrfx3^-ruY^Xgk3w7
z5<uU?O;()jC$ntfjTefkmo}&I6GnJj3i#BEnF=G<askuToE<P=PVy57FwqiTBs>}B
zy(G~WTkMqLBvm)7X@@Ue{(acAck32;-g!ds_>AkuOMD&Q@}P+r^<_l|?Dk;l%iY#%
z=f%XytkqrcWadYm%Fy9A9_e^VixOqN@;p{$Ik|gdZK;XpAm1IG!$S7!ux*%QgYWqo
zVzzQ}66LO%t&S+2)cK?<JJ#=&x635jRcYj`4*xoaIC9?YYeGjF2Cy#qta`E$k==fO
z`;C;<8-|0PTRyV{f`u=}vKnGj5G8Y`$j+S$-7Ke3_hq$Da{G5SMK0d+uEkAH|K}-A
zV{6niAmQ?!V6X0ny=_a#&1)C0+l=-4-12*b?#yuYp`0eg@0-fjqj%JJ#duF0bg|y6
zR^&|y{q_!f3Fb;155AZ<bAISZ@*ga_SAt(FS3Ut#YaQEYc{~00-Rm>&_r4|R<ub12
z$zuG2W~1AT7vA^(jtTeQqB%DEq{`7FCploxeCzsqx&vi(fBty5xcQeORC&&8`n~f@
z%1+p&MSn`oe`1u&I3G2auk5Mu<pwpkQ{^9&ZMA)fOKWOd?uon~>P@z+e=ZvAoX4*q
z1q&vBlfl2kn_#4g+-6KuHx-ysLXkc4<Upylm`7V*`_!EY_z`*3NuAiZcV(?wwAq;e
zCNH1a0ZDASvKVr1@~e7a#MM-uHz?w`#8+Tf9=0B8R^@ED(I!T94p8`mJ&hdPCIZv@
zp0PP!oAi6;)O8sx?_%Pr28M+E%rXeLDMXT(mgkbam980tw_L%kN)f8;Rt;|sh9dN#
z=QeJK-}I$rJ$EXNpH0Iq`zK;A-vrhK(fCoyEm>3X#*637UX|2q&Zpc#&s|6eD&EX$
zGtE^x9*2x0;pS40Jf#2d+TyP@p;+|3rQ3|iHagK*nA@}T^z5ZZxuG66ioa);GOPpa
zzV|FppUSZEa-Wo2uiDOyo;$eou*lbOZ;0A3?Q;<~;zF+=-Xd(|t}BkxALY#ryL~Bu
zWco59qO-s6flQHB3S3vvz!zs!|BbD8k7xS-|NnQwFl%FTSkla)S;%24(P6Vq&TZL*
zC^;WGQ0VlkX2fg=Ij;2DRx~3;lvJ;hV|s}>Mkg=S3#C^|y?S|9ukWMx=ll8o@w@yU
ze=u{oxa?vVp7-bNe!E?76_IAq1tm^h3v)GEyfCMZC2%*thd4|H(#JX(#>Ac1vwnNR
z6920IpszL+6n4GtLwWDL#5)fx4H5Bg6mM;VHqDo}LLkXrvl*M~pH$I6tN^qoL((_w
zM7X?Q`ZfSB<nNnyN+aG{V$0ez7VIZNdJ;EReRX?iUs?TOX%W0qPYc<Ob`GG0WwZvh
z=05otZ|a_P$suB+EX~1@6&8DQ?L0T-u|8Z*Nh@7XP|Ou%<G#CNFJz$KC?XzAg~I!Q
z;xH4_S=>1=J^#MBKz&76ZlSdy3fpArO-alC<=S#on5JdK?)z#+=~DI~Uw0eL(njr4
zD~bB<kRh)pZIsT=PBa@D1ICj3T30M-NJv8lUFLXETQI72<YYVV(m=!??!(<%OD3Yj
zfo1r}X|bfH_cu@T)l}}?0=k)fHCeqKhaOcCG7TOTa<U_7Q9R;CJ8A+Dkl4di^M0Ix
z`TPk|$9@ft8)zFDrB|G1ufpNdJ1!zKlDHmwalSy^&kQgZg~!Zek)?F=?l#2UQPHIV
zkg0dx>@GG;lQ{{U^+)KjmSV&MgFZH0%SZu1yLeg37%N`4A>vN_qUM$Zkmy`0Vk_Pg
zTXLJMq^B{ErD{i>TQe3UQ59|JkKQXw3V@FP4>2R}l1h7#puDt)1^bIyD>uk+myPNx
z<a!caVsznw#)5){g19fkq<KtOJ;!+KgAeq3)*}6xvk3i}Jwh^~Rj9Ly%W!|C5I|!X
zTXSW_okFomw-}lX@{7*@AsU_@R$K;P(GP|UWQ(#@<M1TM<+<X*FlHl<Vo}4fs>E-V
zj6>AJuy9SfZ92LKB^da>s69B54;@(D37Rf}{s2P;<L;;-LZ?WU0oE?Xh8_%YMgAzg
zr(eSe`bV}s0eY%$OWer-Qs$1f0(%JEfv4LD@3;KP7XUj6aQ=UI1OJn4#IOMm9dXSP
zWPmC0A2`AED{Y8y!32?3mrgq%POpvT$ecBi`Y}~F#KTsUf&vdioaF2R_J}QH%nAhN
z{(1nhqQOR5H6G#UrkoI>=Dc7aJqm#~qQg><kg`wUa^9%TnY9kjw=%T0JtTesbO_;J
zX+NPpsU1Zc7pnp(V?!!ZMF)-gy@Y*C1G{Hfgq<&OuOP~nrAp)G0okPG3vOruRtrUV
z1c7Kr8U9kR)>@eXG0|vJAsh%q{f=KSA%=XNio3-iyU0+Of2*c9%EeV&66s?xN4rD7
zg+2i7zb_P|cITw;1KyExgFX$>35C%WJo_~dS7ZaUep8iR+H|MJ-WSgL!W`Reuv%(Y
zA}>VV-pn;Jf`Ec)gwZv$j$}DXd-f$oU?t7|tV1fbi{<SwgAqe-@E$6PLgN+Y?u3jt
z8O-@;ZgOp^``K?wE__Fq?Yu-3KWHr9X?$*l!YVZW+2QJ%9VLWuE>rMOL|(>jksq~~
z*G>;DAL6mES+T>n)384Gi!@M=SUZWWh=zeUVHRo&pb2c|<J?Ga(FpXsKJ_2s^(P~Y
zU$SyUt6gQg>f+io(C-f@$VsOI=|`Henu6Ee(*K70W!saD6eI+&0vD#>^w-YF>ga#G
z$tuBM0%JaSYhH`iAf9R=)!25us;v<u>@G&q-2cGYFC3he<1^!IRJ7XDFUPph=hjyT
zYs89OOoeSC*7Ak{A8t?<;;v(I`OuUEvQi(mmI10<t9$mYYAOO2$>aO^8s|aO2ST$K
z-Y5vUJ_ceccKITE;+Q8#J4yShIg0b56HvEDG{?Rw^f&WTP;9>gH9Sp?x1IVWA7_L&
zo_?4YnI3YvC&lA9X+P$1`x=)%vjUU5{)Jd}Krq2)OrZ6aKjy_6^yO=coJ&x>j&m%&
zal=MP8>}cnuMjsCEs2cQ3-wr!B%46DjR`5~&OPHcs#WRD$H;4qtv>)6;+Bq9>st49
zyYNOY<Pyx^|JaU}HJ`;^!;O?w6FX*JCT!?RjMR4`?zkfD3wmkMMDv%}S2ourcRqI0
zpw+B=*1jhE$==Vwsf9z3seD@S)%B2-QS;$(jl(I%Q+s7`2d>Yp?8ZJlkt-^`+M|Au
z)ho0OOue>~Av(=@Q<d<O9k%r`Ly@)KF}Zu!dU4=l{kTSs<)PHdL|k|%>Qwcq!JeQ;
z9lvt3T6mo#<fd_xE`M552REd=B4V44e@)G(yo(sHtJe6|sVu(;bVzcbbFOL79iy%I
z!0Myfa5Ggy>G2z7moqL?_IMzj2nqAIAJyeDn>*Bj!4~|zksFcr;mi_cXD$SpFs-T!
z>5q^2p#zK#@zkuqHRLDmZh5e}15WG**VxLwzn!|Y&he50*Nn;$W%j){64zjZ|JsV6
zm8Kn=syCmY3@)Vx*OVfV&gd`v%>xmdzAtNwz1O>km3U{K#=K|q=~{LJnHVjMD6PnN
zRB3KN(ko%!qIXCX36McDW|#!Mr4hi)LCk_V<MwT)I}IHt0OkVkYI$d-*RV2vq9ebR
zB6Wb)C<ql=ke6~jcLX&`Wz+pPlQUgtmzqpnIQ%>=tFjuH0`D~t!1}(U=cfvPCneCj
zT-ZU1e`YX~RVg#HC<5uf(h=Us!nzs7d|C#cSWI<c9>oXvk5!ALrhc_COhApn0B9f2
z|LObn<b(pGrS^!!aH8N3hoPqOMsVxiuD7RJEKL&^fPF&$<lGr0o7M_m^ygJnrpM;K
zC>na5p7k+Gs{m^0Vn~*zwYcsS69l{cz3VGw!3|)1LG;vGTj$2TQsaxhH)%K&_vl;q
zO0mhuW{a%l9a~`l)F|Ea$T7v``EcW2CDVAP0atS2;Of>$@b1_ZW;1<RV3+IA452)2
z6)-e^^A2jw(0`@$wR2x>HvI@R`j86BTb~3KnazQ)qxrX@dU=N?p_fnrnQS`MOUTxD
zf_GR0Ou=8OtZMq-Z1y=ly5;N$)4$!>kedprCWa^jf#=7Ux{&nl`EZzrodftC-d{7K
zPDR_>P-hH`+;w5LBfbXB`B&LS0ZmUGnE}mnZzO;&Oe^kmO9=5bmv?+CZs*?f-GuSz
ztyW%%KfJ8UYJ`h0V{8xV=$u4`ndBM{-LfAw%=V>S9AN5(F+D7dfz=gfAO4AfUgy2@
z%T7HH^Kv$>bNBd)$*e2!8pAZV(8WfAb3R#au#;gt|A!+dOW;x?QFd3o6Y_*?E+-?Y
zeJU%{@KP}N4rJWd{8>yPk4pTQ(uTH;$-<_@OB3YELEu$#Uy<_btkBs||HC7pBf%k)
z7tRV1AqZmfnuFOIJ3UJkTJdOTwJKsBJ6Ei|u$PZ8pOl#%KV!tn=m|rZPb+K|Yh{?k
z!^kxUYo28wYU^$oIbnIQnZS9X=FXZ{KBT1#pac;RjOLco?mi~>Qr<tL3O6<<i}BrV
z&fOesUBae*h(?fDOQ6v06I+*G-Qyg*HBc$n`dZ#7pdyJ5T{qb-`AUo9o?6|!Fvhlo
zZv_EWy@2Jwrs{|~7ZhS6`xSuT|Gr5(DO1~i>qPn5egwAay%4(&_}aUApce?PLMZ2e
zczc32DP7I{g`L832OV<DNo?=qDfD&FmR13?K)4Y_`${^KE*@}2^r*pozR}fUZKQI>
zgvT*%)-FMG<*9Io)J{F-xk0=7*xE~t&`VU}Dh@f6$c57XOVUlIM<KN6DL+REEkL{%
zCbJP5^qnmX22D+GB9&ZyCrZC_RFPE}&8D8w^fM_4SjxK8s>zZgkJ4MyPjW1afA*~X
z&*89s{*?dEfr$<2WW5yF7r^m7CM7z5qR)dZ4xk@-hiNnscYx4LDG#DqXfJF0tNtbf
znu)d*ex%dC61C`Hl9IV2!xWt0e`F<kDfnu#Ko6)b@S`%HWV&=5E``QK=~FmJ%ZA^?
z8Ck>RHPuXSN(B9}n0>-wO-st|e8)HS#g-KZrFHc**h4Pm%df8y;D5!rN7#gD?6zSc
zwO7%w@yJRU)D~FkN@_hAaP)Oo3b~NphKak1*|mkHl0TFwY&S>4vV|IZVa*t21K|ZG
zg26axyFf`llAOlkOp_Iw5V)!;G%knX!Pvinuf5fZUIZ8G;c)pw&r-QT!!p9+W#VPu
zO!tLU#^nrenaow${FzgXuj)`hoafD9^s^dlOiB%Fs|5Ty4*9Yjb}1Qg5hZ*Gd=%5{
zVf9Q^Ba{B9&_EqSXqMq%^OxvmZ??{gB1|1@`IM>8?&W1OIea-cI5Ut7^|+<S*<s#G
z5@3wKe7vcWY?i6Tq=MD8GD4>3t<Nd+8ZJ(_q6nf_NFZwVIEc67aKLKK#lZ_$!L@u?
zk%;Q3B3wE{k=;tfbCik644(qQsp=1094f3*tVu$~(k9OYTa57BwU4CW?`@A_V#129
za)uT+aV%jg#3I>oPeV06w)rX_50u-wZDQj4@vn*+1ba7(@~dwltP+QdoL|ugfkcLs
z;DfRU>&5V&STM1%40UKfHU!$9N=I+|mfglq#5#7;al{F+xIdR$g{QAEf>E{?Nj!cD
z9cZH{+F_AW9TtQlyMpOY<;o>R!wE{%2)oloIFZaau#_^~)<}#_-RnOJ2It%K@V`Jg
zZLX&!GD*cjGI0^7qu3otm~w5@6Ok!B<FK~kOOs??ba^{KNLaMAT?hS}i<8oIiM(y^
zWi3-?h+uEB#=G|4Yvm%yxt+qe-Z)wG=025fzRL{*ACSJVYCRVd!1vIQ<|qVP3ioK>
z<sz%}58Tw`j+O+SBE_h{wyT$47P4@7E+bhbxtf-n9WPVPR2>|@xiRWkYVhdg8zXhB
z)!M;VA2(dRd%$w6*?X>Y2<2(vW4pmFr9(e_Ik$Ajt^3|{S?1#xa)RqGoQ^y?`SRLS
zYGdEQk-JcwJ=HuK*eTwul$KoW5-fF(Y#UPa9SA+xT)rtsP5rIDeBlNhp^h2zLO<Ld
zFDZ&syrGp6^HAF!4eboLo-2akqZZ&sny0+2>T-4cb~ouv6!hyuiN~dn^xvDeopD`h
z=iM8f&vQU|CpaX3#+D7C0u`}C^A(Ya2{lKbA9iUGwbt!<`h;F&hI;TT?P|oKE`LPN
zdCHT&ZkR-#O)90X<z_xMLwl&YHW)wF-+V09Ji+<cTU*`cO)mlu-dVFMq1NRQhCW|+
z`1Jvh&hPr$Drnbyri<kOrGEtNpven#%3i%%Sd)Mmv>b4%X|0H0RNPwP+c8D&&j<6G
z-Fz{`Uh|37ob+*fpH=vn#$<>=VFpr_WVL9hAVsEEZERGebp+1lJc~S50?_+nV%oou
zm6<HJ7>#<Rsi|9=rzk18N=z_iAfC>u5==vfilA*5vXWKW6P@Xc!0Z6~@CW>cO()NP
zfE8FLypU2i!XawKE3^_hgP`kl4pb*L3NyZd>*d#vtUWjTFt(y>qu47r++<ii7pNb-
z=^ab)WVivO&5<mvygE<A^t4{m4#)d3(&G#i1e7TTRq!!O*1-jT-W>&fWb+3p%N(?=
z?f}Uo@|odxJnOLzL8nH~-JXwXD78+=x{{dxn&X1)?N8|(4Q`A*9K>_m%-TI0H&nyq
zgm<K`C%2+}SUR8iG)?pTqBELA=s+u|V=efz7+k@j&&lsP^_aPS5lU&L3>4Sp$h(+o
zz9<O|b(PDz|ApLCljfr(9Qwt$)<<1qltT0t1!$(zi~s@j%KTklRSBr@hL{q<z~q$H
ztd*Vr%RgXfWrC^2Blhq@hhPv#J16mc-DkuUWLIqiuF@5|4|W=Hrrs2!+(_mOyF9&7
zxetSO3K}$3yxpAME;Eh(1B?JxXHsV*N=KT}MI;e=z7Ow4FiT|u9%7$g7@L{tmV}bX
zVb#B?^_U{asTO5Iv<RMF$}Vww@EWGoXULiAzIXvgLt8q3T;vViGKxQKWfbgEHm$JF
z?U1IYA{HQnqSi`b_3K_j<(V^&7TH5hn?7;|rh?C|2XEL?EonZ=jro-9osA)lr0(>+
zo*%7_X69IYc_UXPpQ{F>DU;+*_VB?S@Z;s9Ieg>c3bsdr4ru7>I|gRV;LCCuBpV6L
zCr7~?k{tf!5@~K6f}j#dftH~;km+veGKB@^6W?lE6=La-ysj{2iZj&w{Co##-ju#h
z&Kb~jR1bKNngM*}!I`+n$!BSfjJ$qom@!C!Oob~gGz%6!aopnNOiqSRP883)9}#f#
znnwyv&$P{v0*8c-ifW#!ld>vXkw(Dg3)1t3@4I>|BIs&7;Wx4c7@Kg8l37Kr7EzSv
zZZFRJgD$=d+onUZyeFN98g$~_{QTl1%HLBDN&|MpZB!JkAdrdBil^i7TPgx4DK?5{
zF+^%kftj&UWNSt`4Qhx$dFsJBgNO!ywlTdP8?jCPR3Q^d9IK^C!9kD?rZW%*)ygVn
z34%nDscMK0pmDtEjY{sQ5Ei5Y-}X1<Y^&Ly(gfw69x|xCie-Dsvqv-{I9|~ZK@=BZ
z-fhJz;6a8t9#kCLlA(~(M>#G;qAO(i7dg!2Ay69r_aFfu5sW8cxNyMrwB<712qEez
zp=0&#P%Q6eNv7sUK5WgIVS^Fynrg#1q*4Z`m;V>ibxe8rHqZ3#KP1~D04{0Vs{_=Q
z|2YN-4i7*f0OMGP3|LKo&;*11d|;Bvk>L=!0AVbIBha1(DM&TURpzdRK*vGQB9iX>
ztYAV$BzhxWKw+S{)&%BRLT^x|cjF*`(?Mhv9B&Aub6~)83)%b=JvLG2D6zstHYq`o
zG>X=ao!Rq``%?0;T3Hq>JuITB<LnONkeN=K%vg;Ly+bnMfi6SznkCF05o2A*H$1*4
z?P?)pP$<&6#%7_D!#SMIwj6Dsr~FEV#Uuy^I=zVrN*&N+m$zb;0y$0xfZ-`V&IoK4
zJ|Ve}DP+5xuL{)HmL?(+<07lhi{=nh$@Z))+nz$7zqP7L;5$9ZcIAU-u*_WPEKK)2
zg{)OX)ILR{OhP7=Yh7$f6xF)aex4)T^cNAMW&vOp_&9Z44lF{dvQgTL+@iiT0tZtu
z-|!%-Evj_u72cXVE&h8bByvrMC*T9l=jkf=`YZOQxHsFi@od`Qh6kNy`4LQMF@3lh
z3$yr4k%ar*9f+4SC`1O^7~%b%EJA2V4{BhWVUtXD@y|t;qu#C;HX&U!axuCuso2co
z5wvYeq_)h2Z<ms!Eq95Y>2zV+-pc|JL7--7n;ieG62l29IIa|%it^+1brJ3xUo8{m
zxd!cTgctG-Ru%IXV7m)H(a|=)%kJ8F(Hrt(3wG26hd(bTtA5~-5nnQvTMGu3TY?SA
z%jt16Hh1G;PN+{*@>hU-e(|a`&z?knLno89JQ>NCvX0-U2ADGRqVck=MLOzEY!HHx
z@9uk=kM|6pZZov$FxbE+6dmP4G*L@n6j?##tbF*K!`YfwU$1D&IDUvhzkTUGl|Hqi
z`YtB$UegF>A=@m45u&-hjb_wzCqoB%R&2fMs<jty_rPE7qDv-!TA_@k4%A|`hea#d
zKF34Uj0sI%_w<K1pVLw55T(E&o_9PHr<rA4=8p{0@*TJ1sd2~=8K~8pn&~U#3s&9M
z!v*$O`~3ls$$~-NRgZ=a7mHfuc8)gfgze2)M@wO1bm`yfAybH|?8UvMP{(?g@Aflg
zrx-qAE@OUmyNtS*3@MBC<$Bv;wt>4Y)(ae5lY;YW&kn4d+u%K%+N}?1?`Nh;=Pa-O
zA?P*Dg>@d-9++iIKj_uUFKH0{RXB%L^(DTzo2;ZNN1|^NjBj$6Q=CT*wGS?CC=1wy
zepS;ATW(BTZ~h=|^tkI9g(+NcN_tMw+Ltr2y>{-XHae&>Z*HrP(-8hb!|(&t7@y{3
z{3rj2Nw*W){{XqE|1aN$L$LthP~O;Z(f{Oan&s@Ry8VSk(Ae`|En{AJ9D?6zIk`<1
z61h3J>_kbmU1W2mcxY3_V=QCDbm4Ps)8~Y%&UF{I?<-dTm!a`gGIhSzZ~<-Y2oqng
zl>f&!k{xiW?m}pMQFV3D--dWsV6M0=E=et3fI$y;0z&_wN!-e>H(Yb)CJyeXiJy4m
z3fgFwZuH8>B|pK0<%-tq_}JzluA6x_f}HdV#6re5xQQ8v=x7G$<i2b8RP=-s3ANi#
zqkx$S5@AL0S0XE7??aT?hL<fF0-!Lj%J|1?=T47sdVLjUfo|-uKbq<mx+S#SU1>@$
zRI91)?4Hr_)P+$9%We04Uo(JAENUkV-`C*89XHU4Gd-=Su58@hx(K=ee-pv=;nEK*
z{{c94Bp~2=YAf6@8S$C!@{HaqatwEglgl~<9rW8f8M0%=n8~F{25Z>mZZLmf+J1m*
zg)AF-qkQymN)$h_n=?$@xMp4rZ+;8V-U%i&hKTlorOrWPJxBsazR5cr<R0c7W^kBY
zf;MlH;iveRDc|U0DR9xIS$R!?<&U~LjNq@|5$N$*N!=HzbQB-vKS(jT3(_#2k;5vd
z!HID|w1YhFkkJ|xNM`mdsDRLLxuck6PQ&yHqJ%C_$?+2hR$?S|7ZC9HMYj6lKnlYx
zI?pp-MaVXsbCO&+s9ZF-$_;3`|E<_$LHHSvs!dm=AR8-heRmaSqko;xx}<M0FP}8v
zn>6fYm@_#7l5mzG-Ofk!&^CIrMac!*e>NSx&do^GL#{I_4)lCfen>}U8pMvnb!wu#
zVqs^P+?=JapLk4x!)J=UfH{qLs}N)KY@%4<znh5HTEa|6q}YI_8#$Al5u!2Kyz@tb
zy^NrSq(i^+L9<3&(V6EN+W@z-E>4_lRv?7L6H4?v4C~YJZhP+*rbNU7^UQ_g$4Ije
z&>I-YJBmw=5_bV3o(I-TrBjN^8+~A?YxwSzmH&~<4R#T3w`LExb!uQ%w)oJ-8OHaT
zbX3rp8S<KabhcU<(in#5arqN@-6b1wC|VEsW6j*8kl+f{C*XJs&2?Zxxqbd4d-!WP
z!_8fCiIyNVyj!fTtW{(>x+;m7u|}jiXi|*TKPJn>_JrvnM@!hKixe!mV@Hn#XC=4L
zUBgZRMU=@H5Xj8}#r#HmBL(6Is?_2oN{e<0mk(L$#KHc|nJhQQ^dMj^8hGO_ar)p0
z*x77gyGVv6g^tH$3i37_CSuPIZ-V179K&(_J#PF?x|1&P%&Q!(k6{&rVTV*E%pwR-
zQyv_NaC4>jtN^I0SKh=kZNq$a=52y(h4PstW@FXeVXaIAHp6VI<qqF;8~{Tnu`L~e
z+p>wHE8CdFS;ImeQ^7O}%>P%m`0r<iy|5KYd?;VmSxZBpbySNEv+0Q+IaUQu1+xuE
z8iTyiU2)D{mOl*ee8uz|LSch)k>x(Kk!|&Y#rwZA3TzgMv;=KNGH=1pmLqT!Fe1pM
z{ybtLctQb#y92<Z1D*aS3rUZH%z}wV<U~$K33`x#{)_~MQW%E-T6|~qL2ZL^!?k%#
zRXk588)?lF-8L98w6@fLNLR3rH^geu?_vL}m;c907E+&BtW{g4V;T3IYtHon)i<+}
zRQFFj$R@IqAq*dZz|>$$3DQ#*i6D9uVc7v-Et#@WC?+<3RoIwAGPS|JVX7x%R~skd
z(}sDa{6C5hT<8v`8v0%)N7?wCJrEk|S38sA8$a=lPszT;V~4{a7lL`ZX?gpEMSTi}
z&)q?>+~d?K@>(AP$o`%m=LMECwhhN{G1w7&aE8tYz9H)cM(=pS7EkC?w`4}lfNJeF
z0~X<&h~>VD>%VTf(Ym&rYRC)H)F-~Y@|Kz+%*LxodFxWNh1*rVV#ukBaamYH`N)p?
zt=kXsyqyK>q6la;`iY3Sk>QJByIf|J-<I<>b`~Vi5udr*#~AFR<NA4f@azK98j(vx
z@I#&UJ3@0Jd%p@2D^ZbSh~Kv)=x8sT=VR=ib@kXRhn|vSecF(ksE>@W+yONvF{B6K
z^YS}}<K^l~$~rt*C8T~^L0yT7Ho)FV+&(Lu(lzzd7sMs<hxuscdD->0AHTkEx8L*r
z82S1_+=mlq@U?<)ZKMSC&}><`t_|QMygsmjVbnk&6eO0Bq@bIvRos$wS>h^|#e=$g
zj_Wv{?%FxTKe4x>fi;4P;%bn*ZmO`?JeO6%FAXEZ{0htCY*$r=V`N(|=|<V8Qid3Q
z<VWaiyOhL|J-p=ck>O!|2+s*zeU)$2wDid%PNPC>kD6}rE4Oq!v3)=3x~R@43VNQ5
z2+4a>=ezs4;4sS<`B}?hOPoz|AJ*UQoVGy-7h}A9LH8Hz&ZZ++mB{5<C!w?3P;VF{
zUXX;ck4*HSV=`<j+xx16X2XA!#@Q&Fop`=cb2i>^JtJvaC?PuDWLMAAmi9&F>^-48
zpGc3=y@gIl42_J`cV39ADJxmKqdDKQD7dfq;P_p~BX;Wt4OjLKbih4pW^d&6Z}Ynz
zS{@&Kwd>2`L9Usq?tSZjwsFtK4M<xb2Sz7CGw8{B1|!i!l6vCk!*9HUFY2K1#?Udm
z^m)lZ1XOEX_47cx10gS6vSNgLmTeLPBu5u|(g`(*ht(%`I}sOkZ1d85u--I-o#SrW
z4ba!h`Uc+y#~;00pJ4aZeM!$b)Xs_==z+Oy8w#%hGJ@rL<~eRq=jfsCmKz(d|8u4~
zIQH5wmAU!pV||~usOEQX`uEcfI^!?yF6<|2_<Rb<J@h*HLdJ47t=euW)-J@}<?1%K
zpnm=MzJx$~2S)5yyJ<st=LM;gbMISA7Cvay-zDoTzQ*LP%DD_am~(QSED1;RNG(Fa
z`PBhU#<2Gwe*NCI{|(5Jkd}@lDV-mn%X<OR+RR3kYvyxNM>ZNinR_M9qUEb9{@LUK
z0o3?+u`9`W%Q*^gZeE_vs=V1CZ&jGm?Mi4Y|FQ1S61e2LTxFeYq@m)VN%hN=oM(HP
zV2x20`5iExa@19j>@=QR1ljTv{oUv7dl0PdmAePZLoR8hFIAN67;3tx)DtaT^j4%j
z(A=)U_n;ns;T!FiQl+Mnh(~3nUiNxQJoTNu?qE;Ov$yYY7(Oo2ZkoI%p0=r-#EF1z
zKn%aoA8HH@;6c+XG5*g8<0HI<vz}Et)|HKa*YF0W{%HP(Y#nqT9%#fXj!U-~0y_g@
zl+}dqTC6cM)t83ea!qP8@lVnb-f;LgknNoF0U!Y*>Sa}_OtWs{H)U&vA?iIP41SA5
zqk%$$<e*0Ff~;FBG?J+<8Q$Ch0Nf5Gobd{<O<7h#-8oY;$7B`SIYv-z&h%-tXKO{|
z{9(W2l*TLZhuD4vZYMp$K~+WPn~kmZvaVZWZF-E1h+j-E1!iO5=Lqw&qNI$xE$b8n
zQ0M%K5-}g0<FcqCq<uxSA&su|IYyYWK|q9J>UDlrG4G(UjA$c7wE4y@ocnVT7*%M;
zY=o#7RIr*M@uQvGA##MIU6j`F-Mk359{GlCSKXC!FFu`9JD}|e(pCv(dM;VRVaRrm
znTB?NEi=#ER+(&hUkGfgCZ-TJGk^2%2`s#0>dFz11oN7S;A<YfVVdTj%e)iPZv0bi
zf635#xms&qvf-O*`z!J0qUlL6=9q@z3H|GRIoS{b$c0L(37I-(VLU1=HA%$!sGyi`
z8@4rJt3{h%f~Kj_)^F$ZJUT8O3BWBR1v?B!Xp>fVf_2YtN-gXJP`qvudPe1|7nIk5
zxKkSGk8H&thbtJ)oj+EOxO0S)1*7~3OsLYlqtetJP&Ln{`W*%0)b^o7L^}uRDkWle
zpWCKJ)UOjM$iE-85jw`ReKV$}awM8|s0VyVRy3j~k;x-r{sp(%*X=z?m)Z~xr%ZXU
zHC+aHLg<QB0l4^LOvGRGgClzM70Wi_j62Qui=YrK5UxI$@!1!1$MFp>V9o1(R#4_v
zli6|;<exhF@?SjjJ(a%)>zSNIi>!VBT22Y_>GR|1?>m*Ce8_0cunk$u;*T*{*o^fe
zh)ez{9c28&Dx8Hy(CHG4kN&p;C+KZ+jBxwqPrkfIUH*Fw*J^zQ4I+$+`#cQ%IirSW
zlDovEZ&jhPm;H{e6>E3qh7~KkI{)GWX2}l}2=3hX7er#!YWLSUwmf9TNsPOB=TXIj
zmQ&M6VnMG?mo*;S>=Y*x_+fn+mKnRMC{#lg*)(HH1oJ$DgJ9J^yPA+$4pgN1^loHr
z!6KJL$mHDVMYQUC>_jv|jp!U5C<KSlB>x;ZejZ@W;LtH-JhuvA-WmUqy~B?lt0Hk$
zVSFou64aT8n5F?D#uouQ0Lbn^GgxNMTof(-K{9Ja<wGqiDD;2ht{AT<?M7X)dCCs1
z1`NL=0LlVE*Z+sq`pM1wN!9rIq#87w5s3`2NYbW*C%ouyeiE;Xz|;e(k&*g6rW_qD
z1D5vtGxY0U$p|gW?^`^b!tU%7N3IcMioZn6WG{o<O5ZNjtB;iHBh0Us^m|I>NT*sS
zsu0)Gt0P~fK8A#5v5*6@h=`*UzW#eIL<i3-E1eWff)Vu$<N5mg2+d#UEIrH)sJ<Wy
zK7y=zypkJ~={74YkGZ5uxA(FdfFIdHy%NUZe0?qBRXc`=tGwms#X74lP|h$?>6_VP
zZ(Z}3RoJ8PENz!t{P3#Wy9ygLqpHBF?cPZGsX>tfU9B`#2`C-Qr-A?Dkk9CxH|%S#
zF8BEdk*vVwMG2C`HGG9&e_9`?v)cL+3C1KgM^56|d-X;%R=hA(Yac$O9B_)2lC*G)
z#E(2U^)rX#6k&ISkK39UO2T(86@W-D0W=HR_fLv$B6f2E_Smp=c~S;1IOBwpY;otZ
z8S;!8=U_QtPDkXb4Cnzr(Up8IYqYdcIQ`;)vbag6AU-%w!ff0BuE*ANPn$;k2^{k~
zM)wHp7!EJ8wc)Y!_fQ57u@j9qHFKpARyhhh6T?u_HD)}jG_p^4aU-%LD4?1t_LMpF
z5hnD|JswBhc6gag9mA`HuXh@BYOEpkX=ZfdY@MuoZFf(=`!rRd6%MkN2BlC@ZyPaB
z5$PS*VsoZ6ws_h*OX9>gzuwZo)03R6<2Djyr5EvxAnc;)2)kD2`3k9oP+%t3q35`k
z@wLi+uu&WWtx=bWFJ;j8Js+LTvIrp4@>~e6>5{&DkzP)Y3necCNj={xaExn?=!qwe
zocWsB5ol-nP^m^~yAC8&%O}Dvt_99x2TO;~2zE_5%W6s(%?P>ti4OgEdL{->$qhAS
zb4IIP<~ItCPlsW7k$<!iTSO-wEBWaDRrOlHV<IqnDCWgMw7%^VKh+cU^icR0^Pm&V
zd`iN9>RmE|3CC*0Lo0uURk!YBoK>z+2h}$wMiM58N!-{QbhnJHt(^ys-@57eDE&=}
zUG$c`t}X|kz&u6A)#;O!50029k6T<Z3!2v^p6f~0#ozq0_)DbG)|%k@=SLH-9lVVF
z{czAuy7`08TQ#Jwj0ZXwQQdilySlo@x1_^E8aHf~zO!stBkc=z^heP<8rHM@C+^u8
z@h=R!Ky&t5?=`?o(Ul~5V3LdI*j^2*t{|5!n-ZE0OnMwXQbv>Aw21~I!L#ibr!ilS
zu1!AQd0}y%^zn|w%D<NmyIh>zZ^N%UTvwni9l+OpK3s?C+b2qmt$B2DjCyeVfXleC
z%fAr$u84_@mEsYTTfxK|&aDk=*R1wR7*BA>G(hw^A6T<*BJkYMi;L=K&$Wz-a~=<n
z;1#V6TVx%=_A5B=Tz}U%uw2pZom#^VU`k5y|ClSGN6`~<dDo9ks{;4?KMG$pNMv5f
zVFvHD9Bd29fRhxhl=x?>KMu}Hv-O{|Tg>HH8AXAu8q(WA$oOGnz!4zV6al7|4?EZ(
z;8re0iX!ZHPxYn7*a0!#A<6MrV@m?$b)J2W41Ls^fC`82DYCAtU-gRZ$AL!V$U3h~
ztE%%Np$6cl{4}XXzQVg-n3btN*v4}Uk>2*DhFcl<5BYephMF&|xWf1IA9o&{jf1yU
znd`ZEWh|4WsL)fl<ux5+LIn!oLLw5H4uPa9^M#)OK!-#fN+rFYev_%B4;tt(B}QX2
zHPu07V=P*c@r{-kiZre8+^d-^c~_ZDmaOwli_~1!`J#O@V<f<T=-k_78;SDC%-FK3
z6rjR-ys#sB1nAG2sdc^wp7Yz?wF`F$H(WqaT^>t~!KG)UhCLjA0(mM)=zwsLeYGZ}
zWkvqJR#Mljnvh@8nogl1MQ?r@C3Z>o*5&TPK8saF%x<gdAND3ZVcs%4+Dga<9*vUX
zPIqeU!-)APa!P&;5;L<J*C|R~2h=S4sV@M14Sau&sZO0aCq^7fkn85IR``awd7j?|
zs<iICnajGOO7#uPZ8&n|byUM;WzL|vFAbS*${COl6qh!EKCO`y%=C#5zF|(9RqoEu
zIA9de|DmO@ndm4yp-f1-HMGmM9FV~YcoX9btdk*&>|tX8HpRF!a>NFVG`G#f_L(r!
zy!J%!H;~9>vIhn-IHXQJWXtOjyi-@`&?D`Dn;_1rkqw%z`Vy6E5*s$K2U$pn6S8A5
zinox|E(h=B=A8<0WgTIvC&4-A4Ub2hfj@+ACW|w%LsLTRb|;CvYggMa4S675TmgOl
zH#JcX&HbQ|C_4f@YZvL=hK_!m=F)YTB{sz1CpCx%6&SUa!rl5#AuWROXe;S#tDlm_
zafd{Ps=Vm&*QmV670Wu|*(*;~7`a=0{$Ah_5%Mb)Jt~kW3BTFPa-m-pd1fau1VVK$
zl9~TjA=fA`2js2NdXXH9!*O=3i!vcTzr##sJH@W(sK#zQ%;k#g5@aPAyFRkF9a{yX
z+z3#RJZXRS;f;5v`as}ut~J0FGoVJSn;2~su3~eyMNA1r=HPv`UoKt&jCrWc5Mb?^
zrVAo1c@gh8R>RnTA!A}>*9aSFdx9eV1rz)A5Z5bwx4j@z0IE_p{qVf>s;!s_c$;{W
zMX}8IP@K@MXGW3V+0D{1BoocZmnu2lS$GwEs}*$m%z*VR`g)Q`8KlKQnc*0E%woR%
zq->MIqL=&!M5cd`1(O}3-<5g8{@+1TdI0dVO3rZk#Ivwn%SQYls^pg0DX`yV231?)
z=ubf|_8TY1y+_YMT=k+5fq?uE2;3Wn?74)ayCc-lJggUsr_c3bnXs)mjp^K<!wy*5
zz(B#q{~W;6pwm?_Ai8ip!K42UEI*4Z!HfcWq>-Qw$yN|tU^Yf?3gKhE)ALnO%-^jt
zuN{<dFMHRu_;(#s-^`CpecI_^SAE>h0bEfVNiXV!ZCBh2OA=dU)3=vhwLYF08Gw|n
zzQTxX$uQzW9goW(Ags2tyLkkni^0P7YJ4TS+`}M6-!(Wj2LU?zq`OY{6$E6)@oEXS
zi`f#`L+x{=2*P7T<XDy?Z0X*+VwDX|N0B}kO&3L^b6-dvlFIE9lnrPRBxEZCHe=vl
z!bl8Q4~&*htLOQ;4S5{+)`BQD?y##2(p4AsC!5`2Vumc%D{jVbE=B<o8_4;(g&tx=
zXv<i(f9r^uUM$Y{CuC&<P+R&^8PV;t!B{42<=j623bqFzy=Ni;{E(pi>kBM1T2o3P
zV|T|v-$t=T(+b@L62c{UH`%7TWt@0@#k^8H*j2{zu(Nijw6}cnqdWiTA!|H8gv@9-
zJXH)aE^SfiN}2+1D6A3`R@i-i@iBGjI@y<XWz}7IpXf2?Np>wJj3CZ1XpF{8?N8yy
zA2|#RH1LkYT*J&_sJ=@t1V?hbg2Stv9n^h#aO@&Q$E}<?&kZC{!u4f05Bt&F*L{p!
zD&}USRjg-o{+yqY-5Mz%FjE0-+K7OsD3>LxKQoSw;o(MWet7Za6M8NsgwBZ0+wR!v
z2gA$3#YRRk8?IS$(>q_+Jy(ZBK2xIRut7ur5QnulRnZ|x>#ZtEL+mGy!0_QDKJTPo
zxNHb>bY27jL~nfX*($6Iv>!`hsBAjS#gjo_YB;nP5^3N=3*gp2jWFG{(~o^%>J8g0
zr{<jl1bu;r&*)Wrxks8)qUc0zg0*BK4Df=S98WL#;j~W>k^+1k^_?KII&moai6GEf
zW)ihs8|Uq%a>(j9?D{cySnPPz7FLT};Z-zDP?k0&Ow`nlMKUojN?D)#c8_DXTb170
z6(_a1x>zU|b=&EA-LMM23Vl^>UVG9o@lfoYNF(b^j_u>Ck&*k~lHR(`S$ljy?S0ef
zv+MIg=&JS#)QzyCJ#$&F($b@2dSB|jz%;&{xFt!u<FX!XX4cj}O`oue82#GqoA!Vx
zo~s>+-IX^9>3p=`rEV;EcGlnC__(+DrE#R_eU~B7cw#ZmvErNZZ9X*<o@>6gN-vxQ
z$c0C!j(*H!UXVtlOYT~RXNj`^hVA<}8zo<odtsaHQOmkRv9`!5Ct1iyq=TE_2h;1!
zEt^CwvnkIiSY7aqpnk1F=BmJ!(T#y<7h%|olrfw62PPb;ons%;B>FkR*{^8hsMCX?
zC7tIHU1*|ySMkXHJmrf^XSnB6&xx)}9}eNqW%SlviL-?Aef(ef7;8=CE>{PEv1TN2
zf7H~PJADX?(HAbYSJa*zM(g?K=O1-G=(rPTuZr8Ib)rW8G%Pn#QByN6`Eo;EGrq3$
z;x8lgNLz$TPjqCyCubr~gfe+HHzu~e5;=VRtBTl>cD*QSk$okuYNM)$1>cs%aO&V}
z*WeJfX_JEFtv=p0a>%Exh+_W%OFqxdYH@J`YamN}YCdN|Z%aLnqiNYze~WK3@%{jX
zv-@e1MZQRyCNy;m=7htgFA#e*%N1IhzXCJunM|-X>3lxevo79DiY2GFO}?5GrZpUo
zRLNdmX(c+?C%5?d(KVI)j*a0$=WKz>0{(!H2nW4D0r{ojy^1tJy9F}AA!a^@dp{Hp
zKYLJLxPDEBTF))$!w5fGuyiN%BLn>+b5=0;ozyFWchT<53)959-nvgsD#i`C>F107
z;Jd?3@8_-Ip$A?n9p=C)>^g!UB&~=*EI|#m4A;e^(9q@&?BDQ7rgYl`i8A@(Gl0R^
z1{i#mjSPkCLHnW88hRd<+wI9U6DE0feSEs@V1@<el^)K(c9$W^zPG+QNZ@id9b{i1
z^zR_kOKe(ol$aUueBGi)vvJf>@n;3Jqh+Mnz?Q8oF~>|n_T{#h7y%Ntgp}LA{8iQ+
z9-)Eyh*HfaclrBw!NmQE`jAYjah91kq4HwI>pI0e=IN}vI2+^1aDrsxY=x%56~L(i
zjZaj}J68F5mm{<ij5mXQh#{yPIq9)iFABByFS7cXGqa5u4DD8W+vlCO#7yt2RHqOj
z0J@!a9hT`$$i$F}(c&n`vWkc%vtqU+klPd*10Dq_HEiF^qKNM}5}|pwJB3<WRY-?F
zsyZgGnIQlCVEni7I<}Gj&{FyqFw&vdB{YgL6k)W8nDC+3wq|0#4<LrESpqF3uI5UQ
z4b2>6DW1#8zK|fn-r24yu@yQT(mNn_PXF;Xu2(xa3bK0Wpcwc%Oh>rJ8w#TFCgqQH
z6qVH)AnE-^d?q6*j)zHq(us&a&&Ms;_ph0h$RV9AWQ$N{`yv}j{J^4beE}iK(OY>O
z<b5&4;WBX3c7L{^XF;SoO4M^F6*AfOC9)NpIF7K3VY@>gpBdH<)!J9cNso<>;kv`m
zsS(BvE(1E|mxA$x%ZrPkZQbGRBO`bC##vxE!eNAK``9Saa_$)x_4ITUKPxYq<-Tr_
zovvp+LCmwOt41=8r10*;#MM;{h}O_a4x^(R!SOuor^9vgLSa)aACDk@SkKB2OFnaq
zP0Zp<HoIqfB#;U|ZKn_goOr8YYOF2OU^AW<qo;;G-nz)qh%sP6R*$Rc=7@vd=`nAS
zsE?SnEd8KgTol>8O1-Ukgu~HURc;s^79?|g!`HMVYq~=#aP%P-JV=pFoCh8h9?{L{
z=Ya9^5cO38vhlsQ(cT5gLqeSgXru*`BtJ0D(OU)iUCiZxTru5gdoshujI8&4BT)sD
z34|oEIS*d|G?Z2yp(EQ^<}FXf#IudX6n&XD5ll1)4Gee|;IMu!imEs(zz&Iln-K{9
z{_orZz5r4SE)${ib8iHW2AE^4fatPO0emVpAL#mL923<#CiGbQ1YwLG%$7d$p^<%j
z(Y#HbxNe(~wAC5C)|a|C0~8c;p0m*iMi9&?y9WBik*HNAxE+W=E>f#qrAfM^!Y8Bk
zi_^LeDCww;MCa*FtiMQ$qck`qYT88U!PzY<6fMVEHC>84ajYi2i7_7M3(~e?UIn=>
zCPJRzDOm@|888bEM)bvpJ>n04ku@(QD65a**i~y&Irm{QCq-7;rf(c5IwTKSlG@eA
z!D-&IBwpHuPX=uw7`utMeOMeM`By3k&3<5o{;Ig_PCR<9&HSqVsah^C$OOt&5c@tc
zdD@$zd4U(-zJN`RYZw=t@U~8$iC9Z1q1(w6q#S@*IccA$(m}fXMq&{?RiyS0jk=^}
zmTtP~2=00h(V?Srm|Yf$Bp=#~J&0pK1qla)>BLMhI3*NQvf*bD?5w(R%&iqto!6NU
z5{PI1b9yFP^ZpE0>w^NSzm?B8eQsXV_%6PUVg6OkWe`ixle6q~2}7NDR?B*1I1=7J
zBa*i-assnxjTGU*N#VJ<M6y2OPF8WykfEUlaz{zQHy(c<qrxar4nc1@7ot>|uoD)d
zNK@_hYDP4r-m0pc%OrF-E_Atk<EAp3`yb(xfrFA0%I<R)4`8xt`LlzV9TuOX1`fVf
z<Ew8RX2swC&%qHM#43*ypEoaXT&1Q<sV^1CodHIs5nI)M6v3xAG6j5z$IZ+`B(VlG
zO@UE7_oTf>oJ<Dk4{21U8JdNHG|eA<Hk7!!)q%Xg7$a^8<g>l9@)FU^M|l-mmYlGI
z3vs&`R!?Jn;b?C3$-3m1>K*Z=)aB*EcN{Ib<1F_|KW|Xk_V|^%a0+==134DI@cHNq
zgAiheL!<Nt<x9j`-pDJ(Mf)!le&OBZ_r#SWF{76gO;_8XV5Q#)iJ0*%?)!Mn_tUbd
z5Wk$@)VH&9PhbD)Q};da_%>e$)Ctzg!@&pk#~s1^O&BXWH&S<SpP}9#s=m~VEpz#p
zK3%)<`KKmP@UOO`f397XjAq!k`_u(aAJyzA(n`9;uN>PG>znj>8fM-c9C~$9?|C+<
zc*mI6{9OJs&BwD}ZA0d|SGt^bEvmjns%*%&(4XYiNn3Km-q}jqo_@Xa!7I2?j$TQi
zJaN2;e)=n5n(dpYh;aMOp|@+}35Vov{Zz&C$lxB+JpmSzO@Ag{q-Q71+;AOjm;+^D
z&Vi>AlOLDespx=A0eA0iV8we9WJvlvb8BtMZ@E!U4y?tUHw<r-8sAQy!$&LoYgY;A
z20NNfUOx^#Co&qidgAs(1w3SJqNCHZZtIS00^aNJ$jV?tet)v2!>H@!CI7%-myF^a
z;_7AR2^8iOgEt^B=>{|}`;g4|6l%<&@T(SU^ux!*kOwY+t-|#0{zX8<2XGc1-M(z$
zYHHjWCy}+cT$g?1qaPlVCPn%A_rE?auX$!x&WC61c-UKAd3mEu#&9$4Xuqs5_1S@<
zNV5+Jka&=Dags`t`P2mj+pZ1XbbEC-i{%pXFGPbLftcH!Q2d{hW^D%k1JKPTRBn3O
zqDQJ5qdSNGZdJXyGk}?m^z(DuTW22N{}k<_Fn@6OrHM9g$~8`!^YnG?Iq&O3O=ht@
zq&NqsF$EznFC=#+nZ6LQtdeFJhZBqK+!$JZew?93v-#4>%tN<la<A;$tO9}H&?5*`
zL%8SLPM)v8Kn;q)P`}oa;*xLU%Ye~jJc$78mO*LKF(J5=huw^#E)=o736CCn(sZP0
z!!L9Lt~)n{=>{|!zla+)7LszauI<eR$>!;~KNbNQr25soGFqgU*qBuv<Oy6d#63B{
z4-(-yil-qX7*hF_#Hj5;LdMEaUL~;i*p89c?6thLhEgwsUeMtwW|Qs630OzweoWL<
z(EY)LUi*rOujBthqJ{!&bzL&Ud>ax51#4?5ra`yg$n@?{(_{3dl?|O9&B)EqUu)7=
z{hkmGrphL<yX5k2zq>et=6@l9?5K$8;FK_C&RJ@h|I_3UvN_1ibyex1*B|eH2P`mQ
z=~s_w82M&wr)O9?e*CUxN(@2FVAw^v+ZT*ITf>EEk5jlQ3*~YJA=|WEq6Wf;s4120
z0Yrm)+<=CA>w)6*9e7o~+@q^NW%>23zdr`K<Cdxd5fg31<p>rcDN?Kx@hQ3HsTbHN
zX-Ut22;du+^#qC#T8BX6u{ie?9<dNU+nRx`veHAZ`G+G{K0$+CHM0s81v~d1uh68!
zzUbJx+p2d+mF$`nc<u)ZA#-Kv@kUkds;l9$!ULZ26<ZRt;t%IHAzKShA&F>H9v5#i
z$Jimm)|o3=8}E`jNXsO-9*g=YJxS3K{w_}FuzCX<x#8Xb64C9@i~Qa5(k>P+Mnbye
ze~S)%F;m5Z-`#-QEHw27^DqOMk0UF`@U8Zlngce1$Vnll6OX3;5df^dRR>kjy3-2b
zhWI~H`K3o|xI8%Ed^^mg1O_>3x>IsbOFUV_5x*~$;0d#+KORILl-fKya>l@2gUaWo
zZ{nc`7f1Bm|5i~Pjw&dQ2|Y}Y1P*b}86K~c_<(G|@-XMC^WH`yer(d<a<a_-QR;n5
z*e9fJXN94>6q&vkFg;A`_y3UEB#p?#i3Gt~Go(}B9Mz-D%!%h+z*tP-Xz4|1X6gsU
z34)%epaxVm^y)UY|0axkSF?h0-oR&(<q_G&My}JzI9@=Xwg5hZxO6gFke;I3E3g&|
z|Er7$!!#H$)u~Fz{e58|46L=Zs37~oqYNmn7!oGk>LE1CoS_SE!%1;Wp^jh-0L_d^
zDv{6}7tIihoD>D~NV=0MSI~o!Ir2=PcR670FyNtIA*eA(l*|d}E&sK*fH6fu6cfYX
zQVkCFe>^c<44sWdaG{w0HQW66D^O*Qz(F<n&`r$@l;$zc3LPhk)*42X`15qN_2Z$=
zH}&#6yGu)g0`{IFi=#5s*l^4sCpb02=rs~Go^(yD;l<l^E<&UkKEeo+<#AK}f)2!?
zPaLIwVg)QE)0Ku~ttl1$E3vwthp&do7$%#WSjI;-zER4uUFL&zbbzl^I6^$*-BJen
z!SO*3_J3d#bRSRza8S}S4ftJjKR&Ka`b<UiF|6IrW}HpJP0FtO{-_AUX(xxclU`t;
zxg1K|N?`Y$JB1{tB?60!$vdIw0u!1-hdkILCVja$dW<*dcJwkn{qm+pW!;{$IJWa=
z9oA)tv83=5gSj=HkAs8<)+lcM3rX}=00SOT(G2t;qw5tsm8lR*5!jrf(l5TEYIZjl
z;)<A00eJjDQ_EQ#U1Ac2<IrHl<jYT#iR}Me>`6DfvU)pC^V&Jt^(dm*o5M&6eM+lS
zGo84NlPh!=(4l!0rGxodDs8_)r+r4W%2lTSk!<|WWq8mVQJvS}fK=G8zPolSZI)Z&
zM94ydlU~GWW+xnrA$rXyl*@ef2_-<d1jbIzs!WP?ZYmr6NtL|7oB}^`5Bne|ZcLR4
zIZ7iBJo)=Lf&f7tXW4jM816=LIHq5QvsL1jj0x>a6SG4>S?2*yDu&99Wb`|$AThsM
z5^S|JG!~B17&6TwsY>l6UAt8?y^|F;_J&V<$fOOcWyWnkS`|a4e(+YSILIOCDlAUx
zs<$RY8q!L<cZq0kc8fi7BRg_NTHZ4C;nN~ZWnt9SRD!W+4dD}DD<HoMo1v3)b$RB%
zD;u=@YwvvF35GSK>w2_-uj7h*{$svjlf&nmjL)y5hWpvZ%fXdDJmCghm^n7NyUE}<
z+1?mE8vD;t*;o|vthi(Yp<91&t7->*@9a`Lf$w>9U1Hg(=lkZ%U%LEe8?Sm?-87su
zdPbXeH+l1emwBJKRmO!$)ZnhKw{B$=EvE#(PHuVHu_5_maM`ZHyN*xVx2f}0k(ckx
z?P}Mmdvj`YVCwznFJIbjrkYWLZm0($PSCZ^k4J``eAbaRliYJ(<NW;amu_Fj&G&9@
zSW6rAOYJZf^<xQyx(zNjf8R4NJtLj7cAd^=RK6^@kyzcjf9k}&bz86z4T-;;+_f@N
z|F1c<-)KYfGrJ%MFICyOooD5x<0yiL$v5vrm+174qVIekW0!`7Nar3q$CJS>V`~ST
z5;xUebcc@l8Ts398h>nJ>2DpDuyNYLz;Rw*XK=Ue>l~NgsHrW}y&EqCIbs5@*d7{l
z&UHZT{aRnN@nhYx$O3<OL~_#Pu@+)=Ejv|W>@p#>i@Z3!M*l&#RrRss%kplE$9?gV
z;Dxl_-5&sbwWADXSn-^h13z=D+F9Ol4*J8h<2R*8Q2v{%!j@g&Zkf#9LOx*LdCB4d
z<=pUsa?5(wZ;zf8niW18p}H*R-gV?t-@zKX`5-KEB+~m67*Z}SY#Q-fY3|K;U}mO`
ze9mkSxTS9sqT4#CWlZE_ks9ap+~B6MGdap+)bEpP(<hd$J#rXc!1WH|{|{5=9?x|D
z|NkAC^Ty_|&@8m(kYhR4#wIznu?eM|4IL1Y>S~+QjD#eK+LptN4h|JMToiIhkx@t&
zI$Uz4t3+4naQ$9=zTeOH_Iv+>y>Gp3bJP3b`FuR?k63rE(c&rqo$?m2V?msx)2bmS
zQj@f9Y8_;3FcSAJr?|JC4SOWxB&z?tV?u3D-=dwuZH)behn_lLYVnt?2vc;%A^_&>
z$%9{GUR)(toP2u@s<rdxm*>;)o8BkDZ44;ko4d$Hoh8->Oarw1o)!^#T7Dw|7LxF~
zxVk;@T!hY6e`4CT3?tElOrYHXNriIEa$mmm8Bcn`&Uep~bzRn4tr3QDy4)eX5O7yT
z{g@st_snZsclKMk7jWZKnrp?Kw}i*Qd!jxKfF(O>+v97A`U#>DwtNw`Us5AYBDflj
zs`>T0ywg&nSnOmu)A)NHa^0<;?kG`u23M{AN{(0E7f)of77_NI^&ajgPkNPiM4@ci
ziQ|6It{>PQ`J#qGGnihf94RWl<Y@ZfRk@Mco`Uicks2i^Ba&~qkY@LVM^E(Y@?OZV
zOPHHg@FPHz*w{fG)eJ%|<dcR3B$J|C*U2pd)O@a~I@b(D3}h+3Z~sbaLakr|B+&cY
zle+>Kh3{@<)8#$m6!`iEzxsR;Ldm5RM2w-PBO}(S&Xi2AX3OS8gnqnVUcPwkKo4RO
zHqzrB(E7tZL$l0Mj7|*zf#$8X!&yF=)|-mw^40qz9}CM9%;h#uLF@WlUQXQszo&Ar
zipq7dqs!mHQZ!$XE$hM+3Vup=>bPfF-&P3jk;hsZpU1J)O-|*qeBA~6Ls+5eke91(
za>Q7BI}kgyUznFBDXv^DPDK@^=8kMfI1HYh&nMBY>4V@@^BaC&$HNvZGp_>v$p=$W
zGN8Ec=}w<eieZSaoSC~!^BcFyub*6p&$dp5PzH4osf;s~*>L$+Q*$5gar5uRVGsYr
zbd9*_W@eZwxphm|b0n5^2T!^br$TO!2-U+(>|!n!h);x1=slpas?aF(Pcl%&w!X*E
z!~DllX#UJs;{E2(zu0Qgw|#zx2z549sFRu?mY$cjpqEeDZ{VlpB?D>LS!Go0H+~p!
z^kMR>&ag>4U{lVVY%K54tBL>VX*)^6fWIp$2FRN3TjxoN+5?x9w<zNW?akP%0hxKs
zBZMg_hVJV?usYJJE;TaTNs?M8PP0I2K3{Y7CL(m}m*E9&sKlI)o;Zw8WO|AyD~5`B
z)RIM9UB!mC(s{J*???ne^JN9uu2iLXKf}EM9k-1>!mYR=Gc!j;hOAJjdW!Z`z5Bl-
zLcLJfQU-UX9Q%=}xA+@pyuJ?W*<T=jE)^SIfzud#6{R?U>;GuO#~4phge~#GG!MvF
z8<Cq)1Uco;#2a8^x^gR&*6WBV*NB(iNOG?51}jjJjbv5*zv!@egT`GlJlBU<U`P@{
zEP3(wz_yTpRW8-}>PWM0G-4KeFmM3b2AhZB&>GV?s8N>;zUm<`a}OFM47w+vYLaFj
zP`DiKZ^bj*T{IZ-*svv51xO<pS6T_U@6AFRxI4iHIjm~~<Bq3N!EOXj2DV>i2owr=
z!Z3nJ|Fg;ZPXGxdh=_v!Y_>?CH~xP%Tmq+GpZ{8RfpynBijS<qQpmh)*o@35Ls^Wy
zW}FQo?KD=m;aku{b4q?ke^1Cf)Ue_syR13~RN(>VMWot{pw|2R80?&tOl4gW8wEHb
z(8ecH3wKck+3Z{b!4C6AZ~~tcm<?ZRk1QOOh{A<o&EGLFmoY_!7=Pv0?d~#-6MW+B
zJ4M!sd&I1UbtNhVfH1=9-f3{KpM8DzHCGJoQa}6)um}@u<E3`~{>qc`0cpG9#$85=
z)pWS1al)#>%7gOKg0c6NZ;~bsvh`#S1ET8Pa`x3_tb?JaP&Ff0NSp(AX*;*e#qcYY
zZ1|p0qLehdi!6jF97(0pI-8}e4`AD7oL><y_`Sb_NKzX?;v$`h5IFq2NJ5)tF%(w`
zPRj7WzRZkcCQy-+@^9s(bndZX2K+_`QO$~f|07f7PW>CH)%&BhTt!bCK5yeLqJ6&e
z+by1@y*dB5U9KEM!*m0s=AqC`w56cAOY;1S$esV_#Xg?k=F(M2p2zyjEOsW9nL-y%
z3b>~yUA$EMx0S#jU{pZ|?^guw7S(`CQyjJKp$96WeM;FYwoiuYX#uAr6oYP)nt~im
zaK}S9EI8%ULAxH|%l2*(NxsBPYK)(DL0c>2c=APU+YhM=$1Qj35!VR^ebv;^jOi=G
z>sk1oK4wUFM*6*cmcxFgH7&269vqfb(@zzvO}b#sD1(wPq#|E!Z|g{n4pfkKSEiD;
z&T<w`Pqj|!)lH-}QjA~ESc+Oq=5A~GFd#?q4fT|@+BRFG70R6}MwoskmBU^I=OEp$
z>}0hY6OQjuW+k*bPZv4wDpuuRLsl)#2<{ZboN)r-atm(+7M2|8n8X;<ZQplnpY)RA
zq0;Lx+q>NRZC2(7QUgNH;^DW}t)>SsMXnnuCZRE_((bg%-%FX%w`?b_+#@JiRSZ<3
zx}&0kPw)EY$0FKO&0!%m`1&Ed?(iVG<-lhA&;3WyXX@XE=&tszKVKiZan0XrVh3+8
z5fu3Ce~etQ*_>lJcf<1X<?XQz>F|6dhbw6vdqT$LC5nH^0_*U96)K|NB)13My?)nX
z5%?W1;ws)g1^Uf8Ub|2Q*B;uWPSIQre(E!Ed2vqZ1b-;#ZJ{GQ?^AF}DvS$z3eXj0
zE2FWP=W`Wm4vjna>Zg9&M_u=%dC{1Y=^^+{78z(mD?*F}9<eQ3hqlI!#XBa)F6QYz
z6>MTxhH>51f-Y}!>Uv=LLi2ms%c@vY=+Y`ByKZY5{__6RkVDN)WhPw;b|J~_1<^ds
zxM(1uTFM}={)JpIOUj?`hwTlqa9sM`!=^{r+&qZhp=|NMwIGd)|7WM}&H0P_Z1=K*
zrAgzr125S-??^xf6{O`rSh6$8y&cR@4?na$?S|t1MXaSP@F+cHC*47F1gXV%d6cQ;
zo@4n)7N53SG0#bSB5M(K-|k<F=u%jBne9u>(j?(56pZJV(b?jjE*SAh18~MbUecKt
z9$?&Z>buVZ<Vmh>!Wn>a>Hc0MUxfS%>3c}7$W+pO$`9~+u(3x?!MMU|GrP)pcTVwD
z6JG_B=c6=VX9qgwS2|Z?42PYex?t>dwT;Tb#v}N#oGgo*oXsAVJ7gSLki}PShX|Q!
zs2J!Q7xeI~%v5yGU2)9XZgJnAMJSFn7Rr)4oJMt|eH}2Z+yA#GYxKtYi&%SSRE<=|
zu^znMbQ`3Qw<YWzsLj>=t)RR@-%xQg@C+O0jHj|UYq^9P2M3r#Edi_Dp!oyo3Ld@v
zIMZ%%<#1xmPNm>?`_4bEh?uu-x?NIUChB=5zt`50)|RZN6|h*O6a|bf2BH`Bfcvi|
zYp4y%h})nP?9gIZ01Q3l>8Vy{)NSsyf?e0vewpm;v!3&OQ?dGPvR73*Y)Id{yrUno
zMbMGPak?n1mv+Op*<1Tf$C2k2(#ot!@yBnRrb3J44x7x0^8og<_0<*=EBT<V!smn7
z`vK-V<dMRNg|v)v6zDn3d3k0nUx*$Jhwe6UKPA0GX)f;o|7#&}3ffS9ZL{_J6(wcM
zm##(BSM}mvC40%qg!OvWr}W$zGtY{tJ6}gz4bOQ3zMW6z_76TpeP}e;bcLJ&XI~{Y
zNlwP6-QG#;<7{haO9t~UTkR40xTpF6sb^ZoSB)nR&(g<_QuQ$@4qfIsRW<oSlTZ-E
z4h3&6dWaS3X8BwXac~ZaVF<UrE$vaa^Z=LT&b}9({5d5`yY;~w0Azf#O2E=@dN&A6
zKQ(2H6bCONhF;!drWn2J0d2$xqdIWI#H89_1_ZRl3uNFEUKL9x0|nwdn^C~wPl)P;
z;j>geF#~QK0~2xQ?HhM`aS%TjaHyxHL@^`;1Asn;p7Hvg`smRcL1W;ReX%9QTgRfy
zrS69$7+pUh=`ocSYAPwE0V9?+s-wWU_KC1yYbq9U>o2kd`cp<uE656%15fnRRulN2
zC?i!zCJqR?_mb@M9nZBu08CD_>!kZM(ytC_BfJT@dKI9K;H!0!s6eIJ4$>z`O1HDg
zuUCCdr*2agQWqmc{V{a+yv1-<s0!6;m4I<k<|k>>J#wy5!sC+X0gMaL7>v_vCqPZ!
zMzQ#K9#w4%l<lyFv`*m@-KMy^w%Fvll`y;Nu?h47vWBX0K`28jP>ujZ&Krj6gWf(u
zJcrA9lZ}-M*;E_k#h@so<sn6^>#zz(7(7H4<$yaS1cxx!TgZojid^G(u6N7u_ae6^
zltz+xwN1bZdQYQt7MV+URSRgu2^Q4j6U$MmVZ*iSK)Q?8zSU=J!2fUYF5xgs4YOSt
zHGG1_GFOtp6SOJ9d7h<E^ZBr63Mxf`;TcQXxQ1{Hy`~?Lg##6alq`SJJeo&CrJyL3
zFdj-@2!jKiROFD#BA#U!wGnIxqF=3izmnDedxZYik^`JM|Nmj~>v1$@yB+1K31tLw
zo#FNn`L0j#B$m~!Q~tY2#GUfv$Mntur*J4$fz(jN)FgAAsd@2RWD@QX8zRrW5fsLO
z^0|jHv_W4OmxSz<YE2q~?Wc9cFhPV0htm{tSiwdk@S>zcEUU2Zui+&ssBC3rZ*8`!
z&yBm)Bs-i{Bi8dMnWU;N$lOMvTye5dfe>L-gJU?{j3)oKmsBAZhcd@Z3ea2Y?86!j
zI<FdFl+QIQLlU33DUaThax=CfDbaZw<Bf8NorlP05|j02HKit%d9((|5rX=Q5fIV&
zGV%aRzljzYPOceb`){y_lc=58P>{*i(;L)NklLAb4oJBLSH|g_%}IhE#i!SL#z?TR
zH?POAkJht1a_(~SVmBSqN1Lj>&)kV0L5t2AAy0R`hTL=}+_|TlOzRv!R@%*UjbUtj
zJ%iJEGPDX7pGGt|-xE#1(Nz&sb7w#)X);BtU~Gh(8+#qSH4kqqLEOF|3%hLh<27SF
z)3Vgx7#`ALBygQPovK`YgH?rIBfs~%L_k%KO3cDq_jgO~YbGC~>%DlbEapPLH1oTP
zO_0gP0W&$~LXo}Q7?pFxRQAv2I$8cYU%yv0t<%t5l7_N<8L9rQquw;HoO+|@_n)!p
z4Ci){__DVeE3gTojfPdooVn}Rq~CqylGc&VP%0G>I*V&`f4Nm8Y1NP+z7WmyV>*tF
zgk0m?l5R}=E5#?U?leK<$eWYYzc(olR%p_Q^18J9cG2#n1M40VL@mPGgx`(jCn3FN
zMndJJ<-UjtA)-fblnxp0vjhLwPFq-8Yo?ktGC__6K%JlK{FF^0w*}hB&|O$)0c$TC
zsSD=yM|@-LDO=fHzSbV5?c0fb&Cv-DLXp86dtaXwYqjT)D(sWq+$WGXlN;*xjx{DN
zBG%RoZNNW3L(RK;0(PWAb8E);_rBUQB1r1DE57n*_HBI_>v_uA<5LLOn#cUCv-5Yj
z+FRM)8*Z}iG*StQ4h!+$S*b4vdUF%aAC0LvJ>5PyF+AfzfpoKkUMD}^dOzItqA{-j
z&}~`Yix-5s7aOir?k{Z1=_`r&V=N{#VV%1s#c9Y=JN3rL`<9Q0ew$5Vp8DB1?VtOi
zw1OImxoJNfVZKH-bb0%gOPV&i1B2D)LMf)9eL<g7ik~Lv^fwt6J?@FPm3XGv8p1X6
zQ*nAXYB*UEXJ*P;OimdI^{a0~qSV6-v@cyWFFbnEV>yR_Yx}dm;M=X|JLxyocaHI0
zW7}5aUwHLeL~a^D>`8eN_@i<a<Ud5Kg=cpqUx`r~SRILXTx!bPso!p~%`)JCZIN`X
zUqf|rW97cziai3Y`zxDFljn?r_1<;qejYNYI^ejn;x0&+G}mnqSP9kG5iOHDq)IJj
zW)6>nX1j60s|HzTyRDwCS|lh<sktzuiSK#3!?H4?Zu{6*1>fp8vFmb;;dy8WcF<9S
z8w)@@dDsoNyF>H0v_`ZVbadk8FKw7yLj1PC>z+$Tv9+${#WfPry!R|fR4Fcw<n`fO
zJ!MTBrk=z5lnL}P+Tw=}rDsvaUH6P8eV%Q$Pqm6WNRX}HXPZ6^Z~eznqV&w<ii`vs
zAHg^qB9&{auIP7av$a}j4z$3G7Yx5A?$<!t$+O~omKW5@M6)izU>{EB2DfJ*9uZtM
zqbNZot!TzwBJ&<-$MB=1Jdm1kK(f`>&xa`@z>4ml-M1O!faamJEML7l9^*??=MY2s
z5L((f_ca~Ka43sklT6X=98p6hbxY!-3!n)NN=&W`iJ@*>s5m3Y)l(1$_~gn2&CT?G
zA*W1sGG=DrIskE_^~WAmd}JPGKbvH&iOP4v>2;5(sS_f#F9EKJ>O0?i4fT`euAZDk
z<4w&V^?-swPVaXR<!a7wxk(0pEalPVgo5%wQ0|jI$qNY9<zaiJBU1}uF6qPs*V?*e
zoE>a;t-v~*=&&G!_y!;xwrPSr6+N>RXo7B~Q}*G~L}PoU(_osTZuR-n8ZkLG^V%pa
zo^k6Rg}-L1X^RkOt+XTS$b=5_q^`A;G0gv)*@L^#88$qv!-!D&>ZDX?tns4nM$44@
zaj!FeqxmifJ%^lx`iA<l_01(4lXJ4*k7TN^TzpD{87~dR_q*`U-kSH;faO-F^BSYZ
zO3D__xVZClr<6naZ8pGz8PFVbd`pN}x=kJ2l#9vaG=8d6?Uky_d5|O|A|h$wg)$jU
zGHxLh%mt}@A&PsSMg=pt)P)5odS>SesqVnGYJ@#Xef1biPxm2H$0IERzfAYI)%6Kb
zZH!4B{NfN|0qq5av<`D>zryWOt?YD(7=FRc#oye+)TtDmqahPo=QJx}L^9#YljQh{
zjsjoAM@q~9OIENFhD9qn-C?t!v$aJPQiF?KE0ma5TgZ%y<vx0LNAprR{2+f|&^fyO
z%uWV>s8*(gz2hwvYibDLJG!VP$dEENMaf9Yx4k%4D$8;fU$U=9)w`w0HuzDgx@p&I
zirk0@CHjsp!catl%78HH-3p1;$DrMp^zQg3B}pnRDD%?b<%1=tdr6%71tF{LPD(Z+
z?|lsfWdu<tb`ZtJzVFX?bW?1<N!P1OrMu_istKh@Nr^)Adn6g8&e!N&B6i*qoI!9S
zZlm#gbO|R<TCj1Jvuw*DWk`76u_CHVfuvghIBQ09;leYzs)Fh`)nY57oUZz0L8<J_
z+Gcb2`a8q!{XH0e$$mf1rMP%0@4%l6LRc?}uYe|DAyCyge<5tSL-oE-1+f^9qM-3(
zl$<$+=Ycee9ZC$BmGfrDu*M8gb{@*GB7Z<hZ5nuozN4|q0u~}m!g62)+kRkee2#^y
ztDz0oRX{hIE>kES|5==orI{rpV<#92vPc-^!&f6$qF_|Ds3P}mbPW!n5cD5FqW}rd
zYFDGkp~y!Hg}ZSg&;*YXZtygP<w+;=bYuv^wtmQY5xS>{D1(WIU}&_8ItR*|5xEn5
z87h0EDE%T96+vZT{x4evW72^A2Mg@W|8W8R-{ZeN`K6J_LWxvh=7(zi>Lns|e*|u}
z-`Uy(<nspHyUyWa)jOCsSBl2YB&gwuW}`hUjs3EC{!JN2aNS}Ant69qGvNtcafJnc
zwF56Z3bD?ZK;GN1%ZM_4B^wc`EV)?&eQ*$kQlM<6m^%^ZOdX>I$O?;R86h?M{0b0@
zDCmzvm~9+$^zQgPpZJB+?rTm)EZa@3^D@lj3N{K7v{|SYJU}c0vltb-3D|4CWU!go
zc9?S59HvZO5C!R6qnwTOBMUqGWrDU$mvELyqP&<t&leyJLvhqg4+#=B{ZKqX&E^gN
znmKYoW;WO=v3NcKx_#|X$typlB;(%!v7gy!pjng@9*SP;Eg^BK)(5dzR0@5-!3f>r
zI=qKKq3Jz7xDbuJb-zN?JkPb<&_gNF?d*`WI>-bP5o|!HR5pU4sTrX0ge!P+kxrPo
zOhbR4uvT{ggFVTS7>HKs2kNVDNzJ~x5bO$H2(nZwMqhD1ti}s(Zy!OTm1dDtx+$bc
zD%xTmhJ!dlcn@9)N54+cdMv#e=SiMa)uq43@cxRsL?Z}HG-|I0Gmu0g=d?cZURlV;
zZg<3AG{GgQ^)Ws%LlmZ2*sW|_yy<5q3p(j3F$=>C`Lb^&T~^kuHXMFUI~jO!1Q$Nj
z?nJWFyC2jlx@34S$;<3;v;mq~@UT!>jW>O^RMeKcTs}6;ur_*344~iF7cJ8+TS2>O
zoF;tf;SMWd`~vsHGS;5)d+_1SERW^~qwDVT<Bz*RRO6_f(vAC0{iCNWPq^L(q2ikP
zt#`M{hy}h#y#WxK>e}yM6L?5RpBQFb&*>cABqFv#-ji+G!lLroKx!FO-&d(`Sa`~T
ztU)Dat#HC#{S<pIJYDM{2oD@MHDn}Aa-F$Q)Dp=I?q18@D!IJLI?Q0PG<!|u9ej7%
zgQcMBu?jhA3LfGuvSD=(dw5^t((+0|el4NoXti?VU)6Ktx^2e8qyKnZIlkt;;p{~5
z>r0J0x4Rlx13n4-dHi42ji7wEZ;<Fm%&Cdp^>TjRx-a5>9j@Z9<c`R!h(DO|3r(q4
zT$<!t56xSWT6SGnR7I^g-^pnFBd{t5-rmjA-_sL4@-$)J=T|3+gI<SzPm=GyOVKb9
z{!Oghe(c;boL@0ztZ=bb`_kEsftw)?|5V&kQ1Nd|UWuAj-BQ;fPilI6Xzi{O1pUNN
zhqh0RuL~U=v3BI%BawRT%TF!rLLJ(773d#w+$xkeE;UBy+a4$O#Ai4FxkK&GuGOxI
zER8kyocp}1FtsxC^l@c*MDw=lm#5JoZq~uEz|bvu(USfn;HHtILWWJ#qw%9EO%2pk
zX%8qRT6eCwo{{@w{M_@{8-}+rRq7ME*VlNP>D?9I`|}5Lqwzb;)C#9wJf$kvXKJ<F
z`rKhs7dh-!EADDQD7|8nHa$-Nk?L_&5%TJs8O@!mY6-~vd1JH622Jt7_V(%qY}&Ul
z-GzmU+<gUYAK7-_qO`Y!5Z6bK*nJDX@J3c~ym_wE@i)%_eUstg#oHmjW=i{7AJuVw
zQzO+)tr+;84q!z5+1jE^=5{*%2-X}9_csfx;B0zkVKg=We$y}NOtCjX-&#DvlE2H1
zb$2i5(E#Bqb49cy?wOL)u`yr2dk-DI7&SZ#tvJDQXN0?UxB(}&`hk2=r>1-@7Vz^3
zZ3p0VUu*QAr-`h^9!U}ieiIz;1P4`ANi<MC_DA)tez=*ol&!l!5AbP<tA9!<_sZ2K
z2;;el@Rbp*fEy8DYj(Nx&>LpTn%^XfPb_mpy}s8|Q~bJ?M@#CZn|j@70iN{HmRs5f
zcxuk!Z=-$P3yF50NFc`6&8kwygWxwmN_d?gUSCFJ$lnQSpkrX3qxdH0T!fN^w@q#H
zqdmRs9{D@$leI#8T1IPcLP}_C%OgPMgN$Z^V&-A0+FMdbTG!EZFcBMb4|a&KMhyG9
zpyls)n#*9Tcfag7Ce>E=W-8slKfqk~r0OAGlc*VkrpxkBzhTe8ufaM2*IeT?-qe%R
z+8tgt*5}tn6>X4N);eUq#YoCKGIeST`Z^wSEX}8n7}Y;psp%<_6ZMx-fb6F~bU&Rq
zzpXkd!A}-;F8u99xjFD|&&8$g3^4cIHnx3)o>%5t(-TMP01jzWkeXVtOa+L)#VzN{
zk^#F<q$Lxo27P|^>v@|+<4_N3iW!gxS~OOy)+z{lMUMH{JBPnFDo!CHXkUSHa|9eC
z{JDq_RWTXe)5Br<O=PRN!IxxY#{Gm(AjHU{1Lfz?o&YYFA|x)PP4aXYFn2uLYK``c
zs7j*LoG*QG4ke{7!k7C1IY;)iOFMv|*R3hmb7)edh3YLOtw!T?C*KH+pg;D0cOzSw
zJXm1)LrwqaKy`0%azjC_0Ot;#Cn<GyPn^qdZ1t=tW#%K$edjx&)?w~_^P+S12g2n+
z=M?CIZBkKzIWL{=fhhJD8Dc@%WEv`7$&ge3);5D!Lm8u3#ysjX!mKZ%yBRgFU65oq
zB=a%9@o=Z}%rz~=hxNd&;4Y7<3wwH%Av}5Za0RJzyf&C>J?kB;Eou|Zl~Ubb33HN!
z%ETO%#0$zOO6--3SQck?FBaCFag~Hn@f0x`fPtf(rYVG4T98pb^Z!EZ6bv2-FCsKw
z|7}RB2MH_4qWT%nJEg3!(IJG*n!PJ@^A%v(VT>RM48R<oMIy}qg=h+GfwOrd+s#=_
zhm?@el+nXqrK<P2RHO-R&8S^7^1^)0?IINg9jc1$1a?59M^mBk2tmuFgH+#1kP^Bn
z25335({vlcUx~8(7=eZ$*brMA^5?te8N@h?H@uBq6n@OS_KcK-LMg*wia6Sw5b{_I
zE{`-8CQ}K=igclyzRILQ7wsYC2Q5iR@dCeOo`{T+>L?nL^P;hK!eDgL={3X#R}2F4
zj+f#ODw`oZRS?^{Eus$-`}EO}4#*PK0!&#_8DvLMFvD&}gry>X^&5bL_CKB?U?&28
zB48x?p95HoDF6LRodmr14l-C19YQBb)$JMxS&;ifbeql9On-uw{U*<=VUSh&ue5on
z*{L<bfjXuKzf^nHbU!EOduUUmA5<89ZzGe!O9Zgc+ib`mgJ87OyZ$q!cdn1I*4Idr
zYdA)iW~p$<+&Bg41`&z}xwgQ@wiR&`OwmTt)duA4rFntkdm5wj1B;n7Qmh(MJ)*2k
z3ucB(azY_n_wS{<e@WtvVJ>aM(Ui=WU-kfAkF=?d)(wU9FoM%KpD3z6Z(j)@iUet6
zQof3am2owc5k!Qwom9Akf!1E*ZYkH4ZTvVki*#*#S%O?c{lwPJ9AjxiPgVD^ag{)5
znI_Os3M7JrbhTj{m2&7ljk5jxfXYel@uGSkcPA4@GGv~+9{t$|3(>>udh+zzC)!Q~
zY(IlLIfB_yp#u3`C@4}n#%8O&CrL;RTWQeA9dY^wtlc5Mc`_g)3DT1a_0lpLg{uE{
zgzXQ08{icxUQ#oK12Tyg_Ejb`M4}_uOt~dUMe>6f(`XAuOrQE_!gqOR_m*w?mzb&S
z<K}OE2inJ2IWfhDaX&wuAa8xzk5z@}XOY%+!=hm&j_HzKsr#5O*6Q*Bz943S6<Ddy
z8;3GNO6*bsv#HkvGorRUf(8!Td*>;gWA`tlbs#f{4}D2LW36~2GJ7PXTOnbM^m3S8
zY%D!aYG^qSZ+Gwae)`^@tY%CtmXn2#4RhmMajyM`k^gpN(g;_(vOQcMYzHs?L&_JN
zs}rh03<)e7HHd~h13_0$Os6-AjWz7t(W<9vf8eBdnlSZDGvEAcHk^49wD#=Sms$xg
zsUgK}ypT||Rxsn0v!UC09G;ui*rU4RkZXsSl|$Hb1*WDN_3C?un54+7*Y*HQyf(S(
zv<}BgQ7e3PgmyQ760(>EtNyN~y}6Ls)ucIBRC|T=K))&C$MsmB;K8RM`;z+~j}FL=
z+COE@t=sT*!*Qm_Ix&8DAZGKLH3x#)N7?v=wwc$Hlk>Iazk6iIC<!XE3d=lS=t58D
zKC$a~aI@WY*8|N7#WPhaDU~6B)2I7`$~*4ga5PA9Jv#kkaLU<{QAko>n7-pr|A>Xa
zx`s&gciYci%Ff;0w_vSSXobI8o3G~avHNpD!Rs*dOUzN#==;~M;&Qh!xhC9j<6NWh
z)F(-WZ8Lh$<KA`*9dO>ydtswVf9mvi@6AF}ahLY)#ltUk7I~)*l+528(P$t(nmhGF
z`%Y!MZIMIa?19a@3SI8#e=;oDTk`zK*W?H5ZlH?(g=}d!V1GIb{B)<QExfNBD>rI+
zzkc*hYwDTGrj<0sxacPi;|dP{Xg=!dXgIt3a?~7Uao}@E!P13-O32Ms&h?e#s7S%R
z`0$j1n7RZ*9iw%dek*vL6HHx=lgJA<HFwU<+}(*!3^Zx-Q=cw<x^pBh=O`+3<=9wE
z%ja)dr}P4C<Mkm0oW{ngs-Di3BuVX@{x;6X)S%I8fazF8%`Y3Bsop!Os()DbO!e^G
zu<j{Eru~-ZX)hY1{R6J)41WEKTs!-@Q>ca<%a%Ulr_>Zf^KxRXaCz~^n_ahs7}bSc
zhsYXVYzzM?iBF?7=zuj<@h%(Fa}n?s8`De}f~h%v6eaqr`!XR>UE^2Xafi0N*0k=x
z#!VMwwO7N7*!HJ$JhqVHo`v?M*GkKz-8;R>18Gsu!KQ?swWikgQrz-1XS8)I6bUl&
zgw=7jorCgD49%BfR9{=8!aijj%a~KFzOY`{7GDh5K=47g@`^`<c0}RS@BQGOOt8K}
z58_w@>k)CwC1WF55)RxJbRRp-<9hc~^XJ|u@sEh(CaqN!=S@xP;^3`MF8yGKI){)P
zLbU=~o^+pJ`>GRjkfruE-MX>lS-`I8D*?petKO#gs@faB);7^gr+-tvlBxNAOSP}x
z5IJAmlPUbkua{bDz)IO51itS`t*NNz&k!&uf;j93&XhUmk9*<ulOW-Z1S>(sgy8Ey
zC_&$X6Q2S;u~Qrjug*pR=<>0manB=~M!Q3ueIXa;a$26<TThm}om>+DK!IP*>URP$
z6L!CT2H3uGMK2{0z#pz)NWRiiX1ZShG>_rN`VR0-K5Xa#?*ZiXdM>!U5-%!Cn&cQ|
zSj)qoaW*+=LYH&i+Z<f-38nJV9-O7wJJZ$3E?9fr%I#d=P~b~~RIKG&)<t?)5z{vS
z?|6>ILx8=Rvq<+z2rxepQlBHn;J$)KPBDn-QhC(Ogq8YI0DuL&`g;MqqB-wdE;bPh
zs=N6{;;8YX^!SsUClN(3&?A8k@jQc<JMb2eOIp8rFn(*y2h+bdCIdNHyOZhef(Y~S
zcztgNFp*Q@Sk;oF1-E&wj5Da-3+sMKLS=|UDR7P-QT-Q!uy>B?4lYg!k5?uU5Y7Rt
zp7Ene#r~x74nT&^SfP(pz4#Ym0?9=?bYvQ9;qQ?#c?cHsD^YA{w~-ZK9;8sfGKtDe
zxVNFqoch7#0Dv7RG#hnn5N27c6BHN9*T=mdsR3F3B1i^Xdko?t7d_syLsAarhy=0p
zu_qk`LG!KP0|7YQ2;x(Q+r}{AIc4}`nYkOhX@S*+$Nxh|oz*D?@nBR(=0dpFR)`SF
zq(+mVg7pC?TUaTm)<hxJj@B^CF?*C5VM!G>na0}7dDs*d0fvN;wPR|ARS~Q{$7pR6
zpYcAUFntD5jGU4{abMyw%*?X45@7)~wuo<aLI@Vw9~vd12ikObL{c*Gau34pqKt=A
zNo$gDW2=UJDs5Q-MPu5CT#c7K2m-T#jWhbgs~KwiA-zfqr*yRlRpX6UVtAe0BQ=W4
zAYOWwM_r?pFGLxV#E5O6mf##SxIcfZ2b~vlK?cpleI@im#?LGW9WqX^5yEuPMj4}w
z+WNYm&qkCD{4T43?8;rHLbUJ7P#@mh#(0Y6d2cUKscJ68ZbO~Nm@tc1!Yr8X_#K7~
z^vj4gf=^`_O(6IT!_O4%(U1xP?=I(3?q(!}aXJbz-J*<06YbO{;WT-NDagAV5POdT
zG6_u}=A25=47!s-^-g=tLJReeF}EK#ut!UBuLEylcF`_Eu@?!Og<7nbW<(;=34GNf
zL~h&cCtBdzTLj+)5tWh!dLDA9aAi?Qt3(tp$r^GH(b0%fbx^JBC_)_;Q=$Amv(>%c
zgb)T93-5wR$p0}b0c7+4uKoUNU;6)7f&V!bjKv<6DF_re+}9W85u-$Yl>YUi{OKf(
z9emyFD@RE6`Kpzv<esBer*WWG$|425`?#4;qb)wmBkTU-evIdl5zN5`j$n7X4EgO=
z5#d$RW-8Uu#jEZbY32!9v4l7QL9ui{f216mTB02E5!G^u8=`5ZQMD>{71tO)Z3G%l
z1gjAiGgzXm>t$jsj!$yqXPqMpUspH7)hD~yxXV%651A<Qmp|C5+4jT6#FFs20TGRt
z03bfcec(R_B-heqP@C;r&Wn^=tZ}SB-eoo&dS6+(QJPDGTb~#P1=A2W&?~7;k)B@Y
zkUY5%FRAzlbk|25ZRac!0(Uw#g8Mrji`_kqhQ*<!5~WSlq!Dre-qxoBiv>UjMWN&|
zDBl!Z{nce{(5)=PV|H~2YIy2gi+c>EzA6JukQR2UJ^ZVa<dlr5qc=b*t+gv9&n@C;
zBJP|QLLYcrqW*=ft&rT_F`6tGk&n;ke%~H0L1;ehP#$N(gPSG)LdaBgJ<8S5Rg%T}
zbwj5aYAbm64k5}o<s;R->A^a@sc^$bYFwUzZz)^B0ip9R<fIRw=3DAhe(?^0lv)q3
z%tnT9?v-)$EIz!-$DdWqc92L9NBYv`c*Lz~ueP?9Dm(uMH$<{B`IhH-sinjDKql+>
z#u{u~ySNd#0U%i>sKE~q*zR4dvEqi0h!LvjHKw)?qbiZArX$u-b|~NDh<OObdsI?n
zP_F2Ll}H5Lu~4!7GNkJvVpIpC=E25yYq`=k)Q3PmyI2=hgioqsOi!kG+}dubSbfT#
zdG&_gQazvbBx7Sj5hrfU9{=vTrz|hNRgiB#HrBIv&=*=hSL1m}$2{z}8ok|#`?v=e
zDl*1&Z>{cKJH|{B^RTDyEf^K9BfiP(vb!89FzS3Ns~Gp;L@2D+G|nimJr|-2GY|=a
zRswSzRrP;_v(K}_-=?i7^DACFZlGyWx-+^RvN!u(PW#6$L#lbbr_pLf>#X3F<XbB=
zyX^IN&cypL!t>qr9d94xbfj6ohmmS86pJ$r-?{JM1nzqI_U|?KVKc9YGxpl?y-i(R
z#*B(H=dJJRr^+F^O$i@@Q(u~PL}qT;_7<bE>H6Km^2G};p1csv#)cX{Tg)-&wm!sY
zxl(DqFX9kkt@2i+wo}B`N%)<!oBoAF-gxnXEp)L=ou4)E(16j$%|;Yd@1On`B5S*0
z>d;Pn?1z`VJYGHslUvws8#&<e{jUqVjvS{@Lk*7xITS8Ec;aNS&1}`N>Q?Hmf~oob
z`($T>RCfM=_0;#<XSc1<bM`1#xAYI(U+_9BFm>dB<5F9H=gX~wU*Yt&o?>UE$N6JB
zoy#8u?a&Z}oO#3=<ZPnfabZXPB}lt<oOmYW&~<f41*L4K|HIhD3zUY&jIgw4=<NwM
zqna%fr`?^un$^!6+%$(@FEQaw64L$<HvSRie4y)%tcA3xYoQ{hZpt{}n^-*MdT%z+
zf_g*Af*!rzoO$EV6*6}!`6*5QZr`mi6|F>e?6kr&xLg-hX=|e^%0yl7#y<v{Y#HCC
zoFQY{t3R`Pza$5<sy4$4-(rpHMe2Ip%WS*B16<~e1c*e-V_sf*VKE!m??p1zpS_Qy
z?geMR9dS{>OV&>vdAULcjvw`S094$kntw$0NHlfrqr2b0>%fm}`z;e6#WQ(3ZYU*?
zAJrYKcDXI<IDW(R_kmw_Dag6aY>O?=n?8W2naf#gXXoH~z{7|&JewS~Zc|-kNs@Af
zYV?rWfoy4#x}wIiJC&!u{Vp&w<CU4LQGFHrcRAuN-V%5wvDansd38|%LVSN`Wx~SJ
zPONiGTi)hjquL;CH81TJiC3<U%Nh6$&wRF8)U4}+Iul=Y^&JU!Ow^oReL(9(5rdjF
zbU+qYs5bC85Zu_c4<bO_rNP7;dbFuh`IkLi>A~!f4r3Ow`}-L!bDLQ3@}|}Ro4ZLX
zpbWu&mcyi+M9Z0L<cj{D$BEzqoBZ6N(V%|hmTtF^)GE@|3!e!O0WHUJT@0*FW_fY{
zTR@89-5De$xE4=tk&!!cVMzw-s{(X_2T?2j^UdOJ&B?P)WP@|sP0E(yPP{rNUVr@x
zT_^b6VV4PDaZgU}ee%My<Kq5;&a6;(9<u*@HmWN7&blJH{995NDD2GY@v_W?LB~OR
z76vp}fsQjJ(OG8d>Fn(4g?#b7N}zA%e4;R*A?rn4KA=Bb9!XW-a+zKl8hcX?&6EH(
z<Zh33{G3b$^Bq7b0h76qa&+vRPVgcD;}(%_5~^+-u<|QGr=PB?B+S*Cz$xX3dqhua
z=<YXiay7y0aL6x2)LM!kSm?bMlQA1-glR*hS?kmbPu@R4x|D|c-Fq`*B<ek~{S9DG
zoRLLJEH6>%eqB3|<b^aqtfm3>kix$Z&##gN%+3V~=<NU(afz4IfgcQhPDn~>Cv_AY
zWUIMBEysXLJsGU#H%b@-%GaW|ucH7@Dvz5yl7CkQFp)sE&_)oP#?nwXr)&hFo0zL9
zmIB`LsgihLs9tN=<6-)wPx^4TRQ16nQ4+~^GGp30g|G~&HY1Z_7;dgEoIarK{m%l?
z`Q?~g%P8U4NQCVNx(|;(oQ03bos-mp0QZph9QThOS6Aqe1|i8NDF@Y&V>|{ezbC95
zfT9}D0!8X2)Tvvtr>ayCa&{P!s`Z*tJrfPaNp$!1KX<3lE$0-mm>)D<ZMuD`LV74&
zU;YKm2Khp~u6mS2T*#5WINL^5y&)rkRwkQ>-$+eL8^t6DOBsnEUGf$ZhBk&s8Z|=^
zX&PhDlPH;zF$guC+MWelKRd)!e9}cHJBYM@l8nZR)Ie~M68Dk~LCtaB@0mAtW@3+u
zN)Z)=yU{RbhMKM@N1(9{w93n&)+yRP%M_<)A~zV94<&Oy(5>qb8}7{$EFEmWiX0b@
zO3tCXG)?y+g0xj(P-;jpqVNVo8A%v{=3B``JruR4Z=`k~I*<u$7}}f{r8owKmnh-b
z9z+>I=#ZlFwjW~8RFF2&HI(zHYdc4fYp-wsw#b3Nq!~fM9PGbMpG-6z{oeuD|IWew
zzYprDOL&~y0Up8)no+8dK7I=9fhnZ{XlTV)(A5~YeCzbmf0UHs6=H)=tEx5gj1`+6
z<D$`zyv;;IZp%ccUkQ{Q)F(eu;`YZ62u;3>@>`(_UIOuCaVoVFrRk>9k0BZ04w6Mn
ze;|NFkrAG_Pv4h`j4x~kprSdc5Mp31RS=hAb&Xh1O`jJ=6gU}4(QSMd%%o#<zVI3T
zpC!b$I}T)CgOI@BdVipLJ2xPcZPW$Oh1n>LuW<m6zN0~ABuLl!f+f!xZP=-$j`Ip}
z8Np`m8e@9%mC~rY1)pfB#6K1qaWDAS=gRXlHX|`7&MtH@5Qmj4Xmmt7><k6@0O!He
zt|^9i9~*)Fs2-`G<CpYqNM%xW#0(^A3(6u%J&aup3)8+L-O#oLB|OSO$VJV*EVtKx
zMbnS`XyoVF#0$7N?=@3N=6n0$Yh@h&nq63>n07CyAmTfWpBr;W*@W>YnmqQ3_xwxV
zidy_Yc}>R{X8WN|Dc5AGAK8KWTj395JU5+4IJ7KnSW&2VpK!lMY)xS+LW3XdF!r(T
zX)-)k8p`mo+IN7-(nbfB`Y=B8V#jdD{S1ZSc=bsi(83DPk(dLYvlXg!n$3gGOJ(n3
zWhxuR0qmqJnRIfil2Ky{Q!3KlswK&!u$BYps$F+WF8M-{4Iim8$g(D@n!_b7sO0Bp
z%Y?(O!w0Qtt`!>*<(oECbEwP9smR{sn1s#7uIGEC2LmK$LJY?2MN#r)hobMZ?A|7Y
zr{`pO3GVuWefy4(?4BgsTRGI$k_^l2pUB=;j5~Cug`4*c$*fO#+NO+JUm3PWe|8B7
z&}mK8>Q^Wieo?9S_sCh-Q4-CsI4h6SeQJRn>&<b}@XQN|_Q0ig3r}i!TZ{9p>R+<$
z4@wo|#!Al|!iHJ9K79HnV7n{+KKg^<!>p64$qt`iO+P<?-PPlvzV@r~GJWokxW!`A
zt5NdXNghN=azp&3W0tFdx03sLm?h=FyU$NruWKEf=n>0rctj=WNA1v?YdO;%qFa_s
zF?CAxHaMu=bpKz7ktjydP*7<Wwq=LLTD<wx$<TfK`&FH(!HXd;=Z8D{%m<uy1b&zT
z?(eZ6=H=p1eQ(|K{Fa>t)>G@`oGxC_)7`x}dTFXjv3>W3#%t0b+<W5K>Gq^ieJCH^
z8ExN~qN}jDc`11OOGo(4Qh&1c{(}W+Q{DQxhsQjyyZ;)!cXQ#r-N;Z`(rCzF+amAm
zlO6NMyH;(>VAg#OqwL6&ZM{chuP;0?NGa5RX;7Z4HO26n%1$<)ZueA4b_7er?fpHZ
zLFNU2+w#qK6iw>&-$lAW*BOc|Je(u+cmJayni6*WnRM#L>@(-bR@W~SZl5@}ulY<{
z<?oT^D=q_5C*2F(b=A`)!S?Ekw-#HI%>3J*^>t>xaD;&3^HoBpE_`e?JN2=>v&}mB
zaTd8{!1MTx{?15gN5|>2!{1UBR-i#|a+QQo1!0Tn#RJ<F%0z*-^`HAyUz|QbTDvc*
z^UHjmMczcixSlw42W3&XeV{2iVlQJ+M`7u^rs>6lV;;DU#)UMP{%}J>_qS~~%p~>4
zAKy^-A+5h6Et%OgF*Jl5yDQz)uey$3F<?-OeRI8DeIREe#jD2I1_r447v6q8C$c)-
zV-LS6$|QHIPrbxTOoO&i1)M^!3WMeoU;gSb@ygxTmShsl_!f-XbQOrR(F+z9$F<xS
zi;#I`JA>8L&K?%xtS5{=&uta`+RdH)y(FIXE#_p<dUi@(xNXh%Gf~b*Abvof<i_h#
z0$J`nXhm@Uf*?)5oPn1K(w2^xr|$GsN6$FS398y1kFpT-Z_!_On9u;7#1|)zy;dge
z8!Zv)J2!ZD5UdxA`<zgT2ad7bukqmW$RBL?#cPp|(4*$wab1`TkLPF{X{P4Gu~NoN
z_<guKu$db~YcXa#d`}sxKeY%)C9Ky>cI2*-4KmwXOYNQQZ+FyIwI6re_Zp#V<yJm-
zzb#}h&8zBifxJxlinz0>`{xxfd$JP1s@V4G5QxS~N~k*G2Jt#ckobe|&X_f6Z*CwZ
zCd)Zs`{;P|4+%a~(Q=Cn=rz5xH`1!=ik)xr8w+eUzVgMSyd!uN2&+Uexrnmp+OoF-
zG^1MBjShL#xaV(Q-QVNSdM7%_K8BVL>gR<+`seb^93ze90h}ROyjooe=8?vkiZj6H
z-F?AfV%YC_UXlf><K#wY4e)V&)IB$!Ul#{?&6HWTOx{xsRddhTr)1sb4#*6)cVOm?
zl`7U*!9Lf*3~L6HnbAHxaVar64}KDs6>Cm)L8f}t_}zPFCW-jVwdG%knNvO~>4-+P
zG{Lp{)t5&=sV;6*z@$3I-g?Y0^}9#i)C3-ZPSS|;Np{MpBv+Z)dNe`~?pyX?zes$^
zvK!QD6qBRYS78JFY<hwCgI#r!avpS;10i<-)!Z`q=iOzGRtLxq6(F)dtn4iTXl?aS
zcc$Q#upe1DJZ8>#IqRWp3Gng9Zp%$<5DLxaprX{5;if`8G>dAiw7CRknS=PLH<EdZ
zeGQCk%?qf*Sy7ZM6=|%v!&JS@6*^VWP5Bo>HxKoQ+v<x}w~{kcQDL9yZiHqO&2~H3
zx7uT3s5XeTMnm+xq9wZEH>nSU?=wa{op*Rd$K#mj`hXIrzDNj(5|WIPW@#({BU_h{
zL8`t+tYqm$x{-yMXtOc<RJ-^w5H?iXTLPfs{WFg$F{ve6r+0CL+9rL~ph!b#pI*=3
z<WW}2ig%Qdk73n~cl6^F5AS>NmR+Ls;Lm=#Quwt0JG9$kKWt5fFiShbNQ;o9O8k3?
z&XWS5m|mZ&J$(mra|)xS#~g<0sc01Sr6Ih?T!S7j)uCCs2jA=i-ObfjohR)+AtURA
zPty_BG{zGPWt97c(IK2_3meihG>`EQmGbc=SVmiNygBa?@~0=EWoMzF-gr%W81MTY
zAag&=8yQ_6frZHwPzoiYGLrbxGRkBE>*!cvl<o70lKX{Z@`b~lZ4<dpAQFwsqZqqW
zm#D@siBhxsrI-itP|!lMx{DR$7&|YbxPT(7WNPd=yeN=?MPL|oYqzrV1YP~29dknp
z43A^G?(<3B0;;b*0?z0|zF=(ZqB)S)N<`L&*?w>dAAbJ_8>{9d&5Hwnt)Sj>x$|f)
z*OO#2ya6S{Xx3om_zCEH4%grrfxA3{e7Twmk*&p|C}e^xcZh;S(zXC<0&1Nkd)NS8
z!kyPI0_|u2K|X2zPlL#>v;TLHl~R}k;*;r;03F*uyOe`*Ytaq_?M)R@0>p50pxx(i
zmx+w@+hfBZ%sP%Y$(q2NC^e>^g{^#~`TuxW41-#RotJ6a936p0FOs<@ce5eEnW0Sg
zoA#Kn_NF>IMf<9;Las~EhJ4uuB+YI2W;We;SBc7Qi2(MP?Utbx%?y4>$}f0T?-Suw
z!w72cAi$R{5g0J3sD(=ufOT^-fnc49+R!q}m*Q<HCC5sXcPsw1QzEqXsVFTJE4MIy
zE_BAtRaopu%4Vj<;YD0MLy{eF-#(nX?&W*_SBMUrJeKOM-$*$G{R7K}<TF%Pk?<bz
zw9%?aJ57I@>1l6*@pd?{9r<&IgkbPI*jnS&*F&fHDtU;}RdQfcVF;<T=jtFRV@)5?
z%zXQ@2jWHS(x6BiJ&Y&$1H`lN&u-dyk&b;0Mq5AL1bJv!n*F5#;?p{!Jo=o8#-A{O
z4!Sy$g$SwUyMr`ri`Fp0ZOwJ2PhbT}=<~T4FEcW{umNcUQwX4Wy5xxIanG*(3wb#w
zF}zGLMRvJ_Qr+A0?4VdxSI3>YLMJ9I3zzSBeV8$0H7B})iVUFP?pU#~R?F@0QI{D*
za<*mUc7VI)0ljP)^B4K%NO5BV+PVBI3F7eHiiNNH7h>T=l5>uOOt-L&=OfH?Gy3y$
zFk6!(9MwUr%!#p9z2x7NE$!l-uVXOcxXR}HU~@+#cGku}t9<dW7aX&Q>Dwo$^uZA5
z(s_3d77sZcbIpwo@vKMLLH<6ru$7S+G<)odZZXKVy3gUaOUj3qIdE0MCGDK6-0gvV
z!w(F{GrU1z*G<fnIF^Zxn9z?8@etg&J~gj8qhl$kTR_;h5@Q>DoCQlGp104omcV^?
z8;yw|L(Rnjc-g?q{IfSM`Kg!@=irsI4{bE#XRjNBVuuYwu1_Z@Ynh-5>$U>Hv2tH|
z%krK-eAxC$jY)8r&pa@)5ACt{n}ER9E&E%nq;NEh2hK?Eh$2vz+l^v2B_g@?Ch{kw
zZhfwK$eRnE&u_3Fz`D7QFT3@w-aL{ZeW0Iz-JDheirB9gT7YV*nAOIE`r9Jso_*l>
z`y5ONip>B0qo$nn$C}96ap<i~3?(q(_~nE88vF8)m4B4<ob>uDhcE{z4v-DjUAppO
z9r|hEZEZ*UHM*NNmOfW$KI!o+f?~L}qww@;Y1a}l!Y(@JAA>|lgu3zJUBNRgpe4;G
z5#pehmt&V&kXD%~=(SmG#mg?dd!6T~>4b}IxVSNDTK6*_^_OVZnZb+i4h<?;-(S{#
znH}i@u_&tXcDbC<9%$3)-N~8ja0~=d`{6^Zcl|v}byDU^NYeGf&i6YS`V(}o+ji<=
zEDeJG9QbSN{^#9R7Ci@S2cOuaoreon55!;Bms(wT6Yp$Rm~k$=;Pq<s{#d<l;cdsX
z?>u`^7inb<{p4XG*Dc^}?LJ}=iAqZAL$&O_?6H6EjiW0a5pmCStF~|kR235{a7k4P
zQ!&W5hGfyE={YmI?Ru}NH;Xl=*@CJpMXB9SX<6<*YZ#x$_?BJ}mT~1+afLzIIxVN3
zGkI~JZ?zsE_xun~LL6TC+j7!6A;M`{eecEnm7Ki#&+aht2Tvah^^wCr?dRUf_H}==
zdiI08cA?SE*_RUOeaXr>^wKRtXLqpLjvHUo^0!A<Z<*?A{TH%LNwaQJ)ugMmd-&a#
zk0Wa8<Kj5<{&o}e8k?>u5VT9{Kfgp9eV57HH9t_>@>$GH-X9%7m^zlueaE!>=BKOk
z5-<f8VfgBFa$ec+mQ$~atJFtV3zRn_eRs4vXD+As?zjQjter}8*tDY*$`0_kG1+Ph
zT=LhPTYsCccsym{q42$x)%q>EPh*oTB258a1YiT-`85htMJLXlMFs>Iv=mi*N6Wt@
zqEvm1>ZZ)q-ZL%SZ+uw|pJe;`d@w1r`$R8&httoL#2efl2k<ZZR9|&H*efeTkWajQ
z>*AMZ<hakTUOg|8ui5`-J|t6dunJaRUpNu-=uk11J{*n!er5T$ea<J&q#MPnx>_Q}
zIHN72Q~vK3@aMvwm3`Q}6F|trf&o#%m|YR7<9_2!k=dA5fVoDZ_7-wUUF2CTSTL&3
z#huhsbLTzSP{SQ932*$oiRL1fZUS@0xAdKiFz7i8TF*2!lkNvpj`muF-M5HcrvaLK
z&2MFE18a7JaT)>YRIk=OsDG|AA-y3-Je8*Kgc%(*$JuXH-f=Fh+g>%vCpe&)3NxQ?
ztX#8x0Kz*Q*mFkRqVfme`Pb)5tq%9p0DqvtlK4k)ssgglHugH!UIAGMtX@_IwQuxF
zcQIyyCj_};yY1Bti$HSn@L1)w<(vKsfEe)_!5+MT65oSbM_Y~iSyF#G$(mcr5ZCNC
z<dZ?SZ!1+I%-#2oeU=Rvw>2LVDP=VQ^$9;Q?Gx%Z;W{P*-!`;)Tppmq2s;}33b4W4
zT|tYRd{G;>M0d|rxBCH*82u6dkFEEPXG8zn|09A}5hOOX8?jYds|1PK5)xZmtJG>K
zx-}>w_8u*bC?ZB}nocdXs-;DZYE`R;lzyti>C*FipZmVQ_v7(<e82hQbV_QRbFN;m
z>v~>hJW$^p-i~X|X|C0}m7!evfTE$~7{%shNvTdb8#MZMzWHm|sMM^agrNY4?I(+c
z8(J#?F5?*%pd7xmvO(}}3K(J$Vo{#$O|hIy;j(_}N<!!SP@Bpfnf2#F#=%nn)hX3@
zhH<z-#ydgaK1wGC`S8FuQEZm{n=n8It5rp5fsNz1wn16))k#T`aB>L1t^T|To~aWz
zjne2fatI!ZY{Z7i*#PiH$CheuDXt_p`Nw(=n;_`wn<X1A9+qyO_$bXlNC4WX#i`UV
zccpBFtl5(UcLxBP9ZiMA`@dv2>%RnhrgN9TkS}t6+Y2o*Y-G23yOg57s7X<;rp^xA
zlOBlUNC=B>q`8D^44fp``xYrSV3d$2($ZwWAYm8Z@ZevwC{zY2<T<ppGWR7^mvUTD
zBj+Co3LXwgCt)ku7mED$p^laED+Q|86~CQ?X^PSJG8p@$*0pK;H`1^wky=+VU`*<s
zqWWbc*q1PQ(;OZ{!N}k^m|x-17zfhQ!Z|HaiBplxTorn~RKzYts$rPy`57r;W{Y76
zLVhD{2@<R0@Iy_5D6LNML9%Efne<G@b6sG<M9}qPG!b_++LYp$47SK9(mu9o4QSsh
zXIN?i`CL{hOP~&L(^E_EcV^TEso*{5vUM5j99>5XjG7P&DnetXl4Oa>4}+jW6e+(d
zh*KCm8P1#=)m#>^P)9K6x<LdTiU5U0<EZPX{R<oi4<S>S<n*CZyrmrma+=F8q(;`B
zCHZ{9C>3ImDrQW1d?GPXa%vBSJVUfqCMEGbz_K)0`LuNetr5z$_<xAK|5AN2L^KS6
zk>UxMtg>xlm`JB!kM(r(gP=4{@C|v2<`T~vBOLa(8hXf<b3?!O&W7~3WJN6#JP(?%
z8|&Y2)bF)qW+Q>oCL2EnJ)bjbYx}VPXPZ5Ijm4C|`h#g@gw#T!tg$)Axv4N5n{Ceb
zk>2&6GjN@Adr(kcOKGBAl@X183PkbEEwQ>kN5SyCOZg47bEs*R9XmuKhsDRnrg)|m
zuSl^e1E>sgP<j&S$XioAjt=7RkO@SF5^z#P&5KveZdWO$<NU~eU78m`6D35s^KOG@
z55`{z<n2jC@982(2q;fUSv&{1+%GIpJC^x{BAP&m%4kjXHIkI!F$r}tjdV=OvK^g?
zyl5TiC2QrZ#gFt5BnBSY(4Usd_mzH6Z$p~Gbzq?=8LDtyF;X*=e;0**b-M^P6NyyH
ztz@>pzbc7t(L1B+V=+L`>H%^3$LgwuM1ux}(+Ewb(8*CSR-++1P>L$KG&`-DVuJJ)
zBav2mAActBOFP+UqNKJXd9=Y@&u3{g010pt#vhYljk6_DDU6()G2S>OFrfQcIF?r!
zU9hfN?|n2alNPN;6y14>zZ|95dtJRndhY4~TNmmwT{WX{p4FQ6-ma3P`H2*b{HvCM
zUHuQ5Oih>1$|Cy<A%|JHjqRqw(8%cFQgvF;KM;nlZ~qDDL*%I9&ymb2lb@t!hjc|R
ziZ|`(Bm0uEndUqip90^kEk5M_%~^EkVN!$dz-(@Ln8UWzw5&p1)G8dInyq&^TFI7X
z_GMP8pZ@4PVWHfm4Y8trwQyK&BvzTyCU()lp@Ng$CTRNk2EpV}7er8C{xG}tE>GOV
z<g9L#<DA*mgaozQrT){(sTq0yK*EJTtiOo4&*DA-9Go;Wo8p`;MZQt>>KaMxs@MR7
zS6*zOMwdy}6g*nwgA^|G&qoDDhPWd`GNxtw$$JA>Pm_PyTL;e92SxHrKeNjWWeV{$
zW<O0kzi2ct+u4_02fZL^a^u8jllXc;ajIg)^i*)ZIpY1f&z`dr-vW(?CpP@|vD!7H
zf`3IGp<cnUdB$qPb3xj#9XcP1P&tmCy^nDDa!B`z?{@xO(d|#PR~?fz-gn0JypqeM
zJ?PWxR<_`VW~D&7A&PWe>q!^IO>?O21-wia`KGd<c%Or-aeiFahF*TX7{U0ALH9-f
z$1%Zb6CWgXb(IBS?@ZJt`TdUde@hwxF==sC@-gn{^oT~qvB1C#Mb2Pmf^Bwj?fW{(
zMaU|&^U3Gj_r^zEL@l1@fet`bueA$#{AH*f-vqZRN`kSWbQUPS5Md-te{}ep>!$=k
zwJ!E)*37BiqRYdM@7ue5C!hy4RX%X%e83Un?uz4H;Ph?1u2*iOsb8+(^($?4m{me6
zlw_*bCi=O`omwqwK86I#g!@DZ_1664x}l2}(MG+}Wv?k_VwJ0!<jt0v9qU&F^Q=>I
z+0hsy6$Qd4|3{V~yZsVH5MRa@s{SrwDy3RkcUrEshV_agk=D?%Gx|+_#d)8slCF<+
zESsve>(MKA>E~4L(B{^+prvbCo^y9c<Fl`FGT(Xh7Y*Mye4*@^*Oto$#l@prd!-xg
z)scMb>f!aCi3qO0m=HA&@r2-*mSb+ed298o(F@jGH+z3iiP`|K&ZAetmPxr<xOo@)
zG>Gcv)dTCHjaFZa*0b+atLyQRFGD;wlJtsn3qs7pHbOZ5$~Q7R7{GIU`n+)MItTnl
z?NiAj4a_CY(QiTPg>w$eY++u@{>nES{KBJwb?ju?*HMee>?kF1qD+aGp4gh3pR{Y=
ztK+QZ)|xK<Y4H8+A)%AXSEyb|h$X-6-7=8+$7daTUaj49G}(q+JpRyYD{D*RFkrJs
z7@k?1_D-^X`DZ=Zqu+h8pn4!#@MZqAYL|kNixean+t`)-yXd@7jFQu%FF(WmHnZXm
zS4nDsGC;AejF-6k;1OM2#MsU+k7O!SWHs5+(owKX?g}r5oxJ7nqa`a$G2}%_g{J$+
z5(=lyt10N`9dor*ThjWYlXWa*dGM&lFyj7wV>7_buwKY9E#VAAi3N*#ZH>sDw(q*w
zj|eSp3fruMh69y%%#<><0y$Iqu(KRi{>RjgV&(+#<lQ*tj{0ct(YN3oFzIS(V)U&)
zo0=r3m1^Xy@HDg>wL2SR>9^Pi#I2YM6<jsdYm<Spe0H+@9KfILK{^Qowe{F#hQ(8|
zsjq7;H~OQK*>w`3GzL_dl4fsAQ4#_+bFh-beY#}e&pbjI-b~(?+3+AM%uHqdYAYHD
zu5U^)F_qC~tKaWDSLn60hekWRYshKz9n%zqN87~gc>Csg$#x}sD!op}M1>hPlz_u8
z)HpxbI6~755>$J&#x5c3%_&)M+ocN@M-Lh&A+#Rm1Cti=#T*vhmFzU!;EJmq?+KA=
zZ(4$Zc%MPn0-s}(X-nNB->={vTJUqdQ6ISHk386RAsglTIkc5C%{jVz<%0bO0p8+3
zoe`wVAWJ57s`R0sfiLng3-IVjxRuJTrkMN#Ks>Jg*pn7qH!^#l^<l46m|&7|qTEeY
z@c-hDnXS`t41?|^7}$G>kDvq9Ir8Alci=}B8V&;G&6uIex-Y4J*ek2x0$LsuvIZE+
zzsmUQGkTO#-1D#?``pP=@X=99114ex4mhXL016LFjUc+urLR<SbA68|0YHUJTMg`(
zq;tujD<wkQhl@pCSVs*a4)hiQixnZF2Rfe>#Ybz}P%9|#@o69@iHCU%!VH8HJ4wO}
z5saF+dK@ENCO)w<Npbg?)Uf-rCsBZ>5*rPMe@{4Lr5rHwqR)7eSF@-JblZ=$BI%B%
zV&hmz{ht{y$gMzZYc@YtijmF>)gmg03eLg|_`BJFCf9K}$N@CzKq1mKUDn!JPhk*d
z^AV#4mBW{k^5WLDlsTY2`o3BKt@8z+Jeux2jx`Pqe$O03>oFksh*~)NX(n9*@$3Z)
zE2*F&LNZpTcj}<k&tL?fPNGFCmAznk$FW#xLp%-t@q91Yd2QIXFiz6e0G^Cb`-9O4
z7-FTxCqgF)$QLV&%-l$(96~Qm=Hwb`B~8ldlsjCu<^)H;V-juPNK*P61xd1F#_y7;
zOR_g$geC|>!T3Eh-;dO;pD1?Sh?uIy;;6cEP)1A;b>l*si2^fxjufU5kFSbiw_1!;
z{=C8{)2i1*5t!EOG_2|kxC}laO^OF)6}yoLC~lfF6HL~)#DgO(7j_RO`5R5Dm;eLy
z@M-*crdy%%!%~<q{t8poSq*cYX`#A?IyDO=DdQ7pYkcGUr9yfD{cb=zJc^*vcp`NA
z|C)aP^BpV{&hSSHphYgj+X~_0pYcrmcs)T~!EH+2*O^gS_`9wQZ0Q|39r>)~`S4nM
z{q6%Zv@c0?xScMT{GHkUX-bRYUDfbY^?DyUnL|(@!3_YunaDqLXqarAHB;xKVtw3M
z&}_H}B1)!u-go2Cjm+*1@~bJCVu})IxaSo0Vm<-V2``jw>dyvM^OW~jELd4W#UhVW
z;2FPemqAuZ{@(2LaMfKLmZs79S&HPRdIc^_?-J5BN-Lb=AYc?K*>UXQ^RyzA(6L<;
zzUF*)cF+1Zg8XPa4x{VA|A#}90{K)TUzh%S_Q3tt4+LixpS1{6L*^5Pe`7^j09Hi^
z=%mOg`Mx^CWQD04S_G<Nic=z$u;Z+3DNSbG)y~t?NMnrd;avLdA54gE)@8_Y#_u8&
zd;^TJd|(nZ-yZnRY@na7L4r%~6FL8LKumwvl=(eu?Z~ihY^PxOK3w9l<g%mVov8wy
zhLLc@!#t$7K0F<w3)g*>&Y+7JGbxaRttoZyH(2FSU?0%xCsQeKm^6D%IhLi~9k$1T
z1XJ-$qXl&}bFgo<RY7vDkT`@%2j>aWZ{(5dy<ctHUxSv_lw$;g)gm}mF3jrXI;ZUn
zKs-5|LUB><n8H9L8<9p+;txmTPaR59h_tLgyAhG+M}rekoH_LrgRT}j^pY*Q)z)bB
zj`Jw1>;}MR3=b=<cRhD2+3Bjrz#d_X@Rc_N&>eir4YsX>)Inlfr`DzwY3KMI4}7dQ
zDe5xLZ=ks)Ps|PcHB>VinbO+gNa@4no0YU@5v6|ahs0SlH{$Y5hRnZfI&=&b`g4eD
z>vLu!in1(jUTF4J;x{i(utPH$i#p=}BKqgHG|{hHL9T=Ejyjh)HC#!DiZ8nb9)3<2
zd>AC{`8I;@l{WFNv-H$fXyMuBq@;cRa>ce28?!DBnF|v-`BdQ+0Om^2yhzD7D8>!#
z`v{v2iZ*T~+Q-{;9d8Sz@efqJ;pBwmCddut=rrRxQz2p@YY(;iHM?iqM;R8?6*)n*
zwJ*LYW4wIy^OD8FU&<%MvQE?~jELoh_64rjUvJB6eQWtrp|G*{%%kmxbN`8Cm3|9M
z-iS3sbhaIG6}tW|X!}LA_xE4@`Ag>#3L^&HqD{E5o3(F?u15VX*N@gZA?BpYaEcT0
zpGh2v$*r&JdcyU~dz)$IvEApbEEDZjQQ!FLmA#Vv*h;s5ZF}Wb@saoDdcBHrJL&oU
zLh6*>n*mEp5T#gBL)+71+j1{dpImb7_MiJDoc`_Ei51pTTe3`oqGXeRY(Fd6^7KUu
zkstcz6tkDt+%tcB*DJMD4H=(w49E{`t$iFpLqJ08C(G+AES>}ea{~39|62MQu_e)d
zQ%<S8*RXr<iPZlX|H+B-sa0E)mt#)HKKV1}u6n9=#nb%rE<HJ4t0Udhd^y^0E9P5R
zZ24F&uRriK;;GLmqNB*8vkBJ-mS;**mc6TP1HYwjC5(R&o$ph2c#zbxZ$|N`*=fF@
zh_aFe1i#*SqG%No{laR3cP}>mHtxC0FR|p85SV;fQoavm>u0K|5%t+<<<>dJu}2wl
z-@ts%gdCeGdkgFO^IGiV!}bgEce55B8Sn86sjfQFoc}bjM?xdX&#N16dhm>Pxz5sm
zLabZ3To>!6g=3J3yMfSX*|}@6-7u#fT^-)Vs*fWZI16;rUPBMc$Wizn?{1yeE$cbW
z^xrAMEys7VzZP&bA8<!>*~z}H@x4*hXMct*HMsdnKdv|I*!C7gK6=pfuDzR=6{>Ec
zRR6Q3p}F>XWzk78YV#k6hCjW_`3h<4bOo+<u0F`mD_-ysH4d++9~GrsuC;a@Ek*g|
zcA!pZwUsatnS1`qOzbX|E?%;{xOym&Q(d{08SipIgj-h9=dKA~jTse+D@;oAV<#6J
zKX)WeUAY7zj9W#|MTxiG@?%mm2$sQvW3Ro4UcM8txihuT%!34;#uSSsulfokmAfxU
zxdMZ*!{lSVD<^fS>ULMN->+l1&v49ePH(s;b5VauT8QG}wKe1fY7w#W!D9m)(9}hK
zpK&(07I%N(2E~Q6b?&^IL1MU<eZK+>SJHR1aQ=2wbJG&i3aF$LGeTu(Q!{I_R~X12
znsOB`-u%d4t&kpL9?T=m{E9o4-`upw|D0nO_UrVn5qO1x<mRKl!4(<3l35ij5laFg
zI(6gkEnsnz7Saw}*H^FLk;&Vd=7tXMa$0Me_DvVgSSD<#LtEG<adoBwMl-+8{4F_k
z8F#G@4@8C~LFNPy91xgD)iyN=F|U^QuWz>VO|BGpiC=4A*v^tvGpGhB=bNPj{1X{h
zJKEI508bTDJ<1L54}t=Ie;{~6>-mq6Pf0)}9?_5F@Ra-865&x7JCstL)j$S8{}kY{
zS}Gy$tADVGNq$j8PW%--f9kKne|6;3ShG?bf-k)i<o){OM+{Lo!~$CO5-iI5yvpal
z!4h-d2}78G4m<hxvJA!Y6fQCxbaU{A;H<q@a9pdAoMgT9#S~y-j~W<q6h`ld=X&yR
z&GRPGUY|)bW-cNCv1?|J;ew>)VW>eCUl0ad;gdW2u9gm$nG8XN8+?O^;ERMW8WrR|
z8h>7WJ$Xs{4pge^WJnl>t9(<hu5|}@w=~ESQ9=m{3yr3H$8bjn@1I}5uAejjdRy(X
zi-p3NN{MOy@jQYVLvD{8cu__M2ox68S*Wi&cr<E&w_8<G5tvT06gr6p8Zzt-_?&~t
zCTI=|uYd|~zSSF9uRbesQc*?<=pbiyXNcQp$00$AF!v-^k8LlUNd`g^sZeG|*{VGa
zm~ei~Wt3S~s1{g#wvPm#ssKU|{-CQ~+JTsNj4Zg?D#xHHh8QkOPM4aBWJ0j!>RkjU
zlAXYzG=q8t)@4z$czAUW$23d&l>aBv6udIg+p)qbUG*~ZFxWN9)TGuAqvg_!QLU^-
zjes%FHrGQZgC!`~<hxdh;P|bz>QM|QoK?^D*BPN8d(`V-B1DSsWe=1u(zaT)_|1<p
zn1)Lw)vNc-uCqatqB?DVpxGBfI5RES`I#(=!!KmQFb)^=h3`$n;8h{%T1yND3YoKv
zIvzZ0TYjL}858vKSq+*5O?Vp)t2nO;8HYbOM5UUoGWqo`{6@-e=lG#@3Pc|0ROC_A
z6$)L^1l0rB47fu2Hqri@P{}8}{!1ME`soA3s#rz^iGLXar9qG(4X}vej3P30RA7-L
zQOuA!gjJO}N2aK!jbnmd`{4-+JP3y)!dB(h(XBC_qhiMa^48=WtHp7Gf@G2b7GL>)
zVITiy{qXowDPGp+5Ec!hz@t@dduIGqEKmt{rl54Ns$8hVv{1uHvGS=x|1BbEYsfN6
zsSp;%wBTo&gP&W6i~Qe85(r6J8uO~8L#;@rNwA2J5$y~WTK`9zYioP;sz1dy1h1#p
z>eG#Q5lsch<lgDLLusu&uuG5V<Hfd@(+ZWJ&JI%K?nv=zR&m6=FuNw~%1lYpIw>lW
z-FuRBC>SjLQqF9H8*ZmERR{mho8+H;Ta{~~hC$jVh1;tU)C>ML-Sd@-9yGkJT9-*S
zW62F1WO3_U2_2M{+`)z-ojfEHhA&KUW(dD?`@w<;=E<pcFNiQ)P1Fhttl30EDITlh
z<kTo)?YF$7Bji&TbLu_PvNMZqk0M2KFttR8P@5^iN9?aL3Tg5^lH{oRjUb@S)=RyQ
zMVeeD?wJ(`T^^(aWZf7PfTY7|sxlY@W9VpEd<vbMD)51&p3BB>+avaKMMT{mpJ9nX
z)`&#S?hNF)bSsi-fk`@X-j`0$7ywI3ws_6SHKf3I3-ORWD=d<T!iO-Vgx9`m8ys<{
zP&6LvNwWn^Tlq>78}a597BELl%++=Dy`VhNY-p*9PBUd+w?l>`L>%308++h~YL`dS
zKM-5f;RMks5ttwh6#iw73<%rC%d`Zt*oN61P&VYQk<J%eUp~Nmg~+V3@(=40UCCZ*
zt#yp=JHLzkj~T!`IpVJ3NVS*#DDQOX`;2%p#rrJVl>gAM8&&KH#dqp-#ELvI&==~T
z55Y#Y^Y_TqQ;BV>TXidSD9DKOIAf~*g&N<~&hci(c#pB^AC2L{NGacH-&zsL+x9ZX
z|3EZ@0`ZYN=6om4-njGf=#}P{yLpiNj04r0(F*+Z8q`cTXqvvefQ;@f4dA_qrWc*`
z@{E|RqYG?i^IpgP&O_d83lR%YENsln>xAK(lu7q`8}AG`%Uw_IG*C#D?9A4x@B64V
zqm6mgIbnC5+j~Bt-NEg-_c;qOxk6EC&+JCCtSxB1?P`0C|A^qD(k7}5aYW_qqV6tA
zkDPwf+Uc8uoHZov#jH&HT&9q=*?sAU9I%_*nI4LpYi(`B3_meHb<#VoHRh=BH^}p!
z!tJ%&b*UQNqZ^;SL6)#HtL1hURQsij{%Du!{`q^KyUz8ShuX)O>21j#a<AUVS9^NA
zi0`9}d)3GF{axp7JzfYub|4=Hjf%4OjckYt`aAkWjQCC7qTb?b`TY6VtBNL1)c&|g
z?aC^Q93OjLGv3!fSl4s@tdUsP?6)MjLI*eP4;C-`_V3?TDY~xLniot9E|NM%f0<|*
zdaJL>D8yPM+B@{j%8`EZ<gxxo=X4Oh;wl}i(Ro<yTVDxxfudy9`=J#l8<}S~YZK+h
z70<$QU7u5%6hFvY9_4%amx^pazIRiobdhm*ljVr-1b=SWe;#<ht!dr4d$DQb#h!&|
zr5~z;*_!()Ng)YWq_;#61c9XSU+3zUv{=Vy^hb1kH}#xUIJoid*;<O3%-1>5oVN4c
zXI&8s#iB2<lefLPCFzlZE-mf*gAj9s(~8rK7q_gs_QaT76yx!3z6N2x-l*Up7quPN
z5RIR+K`!Bc3r>IBy0a&(J<-yfB#oSO$L?kAHYM-Hzu5Ml3o~B0aLY6#&`ruqqPOS*
z=M8POy-7!Q^XiS`v(NqBs^`_yPlboioj_T?)*gcXRo;w!+$LT)Vj-DwGCyK|?h@50
zaR)J|Qn$~cu(zf7QT{`t#=QXvjw4;lY4StYyb=gs5%-zNvP=PQ%I4LCP3f0=(i<E1
z?yUTD40T|&GzN(C%f@97JT9)A7qb@W_UO1&27~Buj-UJ`fmq9q&X25}E$LVgl;ErV
ztD5Vzx%L_wU-ezLc{3|i`^4MB4Y(`0yM<x1(VkT6mzFqjCsq_iQAm|=;A1uA7p!>t
z#!r2R*s#q^t0+?^5AfcH{O4OrYinzF`Pg7ah%@)G_0#5pX9n%LHHF6Cd<at$VWwI9
zRKKvzj)W-r2hGhpft@t1<N6*w9_+=)>av0!2sH4wlxi|vh56R5)h#SmZj1L5Th3hK
zH#zb=fh@h1t+z&bzV$HRut;NiOyRk7c$7GcuRtJ4-=kkroTb&gvo5YSW>4Cxee%rr
zPCJLE6i<txD~Z|^;N0x{+rT2?)?GZMAJj1V;}O}dHQi^}N@*A)e*H7sgc-~5vD=)e
zi}xHm20#^g=@ftZMv}Cj-2T0NSQica(pb}1s&fr3bl)PdGk2|ofsINFxkTqiX$Qo~
zO+63{I6Bb#+=;aH+)x=^=CxHRm_`GT5(GZqxxH@jn<6*{&z~(;7PqH`a=4%@{c*Cy
zPGMwG+>aegiT3Du>)qkw7ST}zJ+jgca*pzBB#@1eJWLLdeF@K`0mg&?f|OM&!l#~`
zVU0fx{`h$X{09F1-8mc0e|_W3Rp3=>>u6QUc&AJW<?P$0CMt#we6#o3dRTM-&aFw!
zQDY~+d3u-*z;HcaEPHI}D^U%YcV@E<Y2a{cD|2)8GW+D%uX{xm)5Hk<j@3lKfZH;!
zRxFe4QU+ll1R$7fO-POj`&ovq@p7=-r^oj4OvVlB1|Np|cjdJ1HYp{F7&H&ffC2|W
zE25+G1X^LvK~SB$0N!qBln=B>%m}i;yE7T-^IHNT%&T%c-Fz4q0LsgODuD_wEq?NK
zH2~NR$eOHkvt$j<CISh_2Xco-l}hBq%@B`a(1U>?3CqRpbxVw|KmqchvUzpQi@rnP
z;(hef<)E+?IDr0#r$dMhG8D5;#s#2+^9l}x4bM!7m}g}G)thYcub91=d>d4vrCjf`
zfFJo$zs!#Td|x5$wEG~(_)tWc2wKCiE1y7lmT=JyidAwdKK8~rN>b@JG^e%j`#_yT
zVJi6#L(sQhQ4Jd=eB&8w{E6@M4`q3U(vY`fu&qd0@DhL8b6R)u-vh5x?(_F?EF>ty
z4sP7p4F1r8#6y+D8MTkVe3gVpDcMt}li*@+!Ss`0FNz#)C!g+MYNs}22G+20rYymP
zLC|{SI6S_57BGyDb4`P2mnG9>-&5q(nh#^9q6Y=T#1#qT^n|X=dLss)2fIz%JKipX
znWzamR{bP1vrd>w1#PAwg+r+zV|kasA%7J3hQ&<H-DU3`CPwr~4lbt|Tn_Y9v&HVM
z#wy^1Il`rgH={7$%f_?qj7*5U+fOz@70Rj-R!A8yyvBJv4kwsk4<$N*m{XXSEE3D2
zyggU%_(X0R*1C*3`l_;rdHGzxAf&)0l2vD_fE7QCg&&e5ie+uc;?L!%(!ejdksU}*
z$Iy7w)ifyrgH>RX<`KhGCfm70jS8j~W_rNw8u0O9qCc2N7^<JgAw+>7GAxaz+yL<;
z+r1-}LBFE0!eU8yZDq&=8oyxcGGO~JJmvp9P)sllB}ux`jLLdX7Z<{zBtGL2sTe3y
z0I4~OFNHx#2OXt7Y3tJdz_ZliTLV9KhIPT1vg@fBSgC|3a4PZl&;Y>lKac<Au%Kah
zTawEsDghNwaP`j`l*#=>TTA6nldCe*f4F+t)wQF`q4x2iZNQ{^-(E+*a2)#rH%?oY
z(ouWJ?06&T%VqDY#Mfm|?f<SZpwswdDMv^)U4oiDUkUa6>3(E;reM^aLZyAnl8!W5
zlE9R&z$V)`l+F&5`F#dUi(5yR3Y*Y-M{B^gqcN2v`FTA9a$pxtge8CGK<d9Uy94}?
zCtR_4QlSK)M->zWGnP)vvg+Y;>IV8AXy<y~NxG1A30QXs3?dT~-vKn8MIHW7%q)fM
zzTcMc)<>jH41v*sp-?hS>nwqcDE90_mgX%H)vjaLsge=g<M#EcE_ZnJx>Q?&2Y#Jz
z)DX|1O369d63xcxmis){g*I+*#xrh`zL26|)zvJ0*Gtz~0;^J@zwc2A{I@;Vb!*o-
zF!N{QsycAJ^yRmcs>}m?c63Yl&zAjghzx^i({TAP&X$8vBM3(#$1_PdgY}}8TWq=+
ziN|18=m%&wnraQcL&`y!18Gk3-YZzDl)`Uw3?$5a#FRQRUNCG+82rhi>!&AJ6;WK@
zIwumnL6R3mRO=D{Ld-K38mMMnM*3dc7$Y2?Pi?)2L)(iiW1mvXf3R`%N<Yq2$~#}a
zV3`awQ_eDy)s9-z1N)xJJ)<51SG{St>rPxfl3MdGOdHYU6DgL)+$J%M2c+!M@ludK
zYSUq{ogW1sPi5<#;a~P}b71J_y)B3ra)Pet1jpg>wcfMy-q5w$!->%`(q<i2UdzU}
zjYAOvV_o7aipoSSySYvnRA5+AK~7~#zyJUXJ`ESdtS@p7<ZFg}n@ZtnwJ9CCzK;*U
zkqtNcMcA`>V(xgW8WFF93Uak8Q^zqAzANWPX?kX#y!->>gL!T)id%bU_+I2<TJrTA
z2*&kaEVT2);A3A;9brgehC1|YwM}EGfuI76LfK!{tX#Q#Lb-3~c7WOt=J}Bm8aYLR
zeXL>-8oa2G6W(MxTXgr;%Xo8P6}ZDM6PkUA<gml_xlHq8_b=MJooQ~-I1;0ji5siz
zq&4>Dz3nr8{FZjkB+o78sC!Tw^!h2kHVd&m`^xZ{N;3Ynd0Sh>PIb4mduQ*|bhw0m
zO+9R(*Q>mLXF>*v{Re`+)^f>V`=MTk#5aBjuRidivhhQt<*g{cYH$C%;I8j@&0Bmq
zDQT6@Bc$FzOofOwb2sWQRtZ9V4{-JpvD=ZM+2(Pk!s3MJ{Qi9OejDlV^6xJr-)@*K
z%JGPl!oMcIdgVYIFJz0$`cEEv>Hcan7a12q-8t2}ZwT^pN)h{HU#;4k>aKo`3ha~j
zX1Vi1@lm?EWgdNe7YNmf{v(#U2M7K(H;8&zy<GiQlv4ctTR-FPdUv;I$h<X=z3PIr
z%oBNaNYS>S<(96X)py<84`y5M;*-DL+}Fq$f8P`%yRHA(|8Dj~d81;4p&u<~d<1)^
zN{NQR3I0V4%k{q&x2194FUr_8xhrDa;G2ID<6g9OH(Y;}w*P6o>VAj(7E?>a5momC
zW(!iiJ6&2MGf@JOGv3}Yf=_H|7ka0?eZ;S3tH1MY-o#~23+e!qm^*2^wTNx+dNDt-
z-n54S&a&x+`f{mwj^Vu7N<svL;9Na<WNS16b`&%FZoF>CDf3w4^-|QY3+bVy?=U*k
z2%nIeqI~yheQ)8`rkx*>i?;Iq*_&hKj|luOwc^BZg^A!V^7{r(Jx}ZE_WNaU(X9Aq
zfr7eF=<|Gt&-a&gylY`%FQ2_5EgU&!$dQQqPtN_U<16hA_8pifuwES<u6BTICr&Bc
z^lsD6$MgP?Jx`bme|$QyAB1-rTH1;|AGr_RPshi#x_E64eB9nedzC#U{L))y7Hck)
z&1u-ggy!}<{=%gE?A~$w23bJ*&AQFGgZiPB%56`(*Cdcf<(J&3Zjt)gm29FJ`rEm6
zSKiX|hoE|06y-I+@{qhj|4()8^Z5PH%zzy#?rNWt=1t9gzPj?gSNjTPb7j<gvv<;K
zVoY7#!nS%-_MpAIwq!p_C%M`7JP@LKPQ{8=)?uDBEg5gS>bsA|xL%U|x9S{6uT~N|
zecGK=<Y(!p1Pn@po~ZD?we_e&pilftt7`doiL`y6-{M^(kgC({w1TVv;X87Q9_D8K
z@&FxlcT<}5{vr@Y1o!GiMxJ0b*!JBw-CoU1kG+GNX;i2w_}3L&cqjh-->uWMqxYGs
znOQNZi+<^vz~O`8u!S?5L*j=)TUkIt%cu-7EoIHAm7ykDhR;s{R^ZMZcfvBj>b-8k
zviI+jouS$6{rBU2Zo1-%QqL$Ud-n>yZeWM8x=yC4Sgm<^bw6L6Ouh{|&KC|}_bW=;
zH+cWnh!;n%xqQLMQK`(&Z$gOg!{Kaj)4nBn8Y0f;io4oz;abT_ptw^DwQr+wh?h4b
zP%EtQEGf}~gU&6@3s%m-?ERyAu|;l@z}x)k)CT;lU^V(*Ex@>YHbmDJq5yBT<4`Q*
z3&<QMzm`&5(*jS{r*F$&ZP0x)UFb8h3?XyE5%{Z~!dC97u3Gl}tyfGyt40M}thYL?
zw8`NfeGXm$;2K?X^Poc`om;u(lHIwNQI;gQB*ZH>=$^-@3jG_6bgW(mS7<Z*NE0C_
z?9IkjuYDAliU?nXq}pY%!qaI9%^=^YXZyZUs=ItaKiYego2B$CM_KLy+0Qa~@!=|X
zrz<Y0L<J*P4_n_Wu5^C76!M@{f)na5hBt^l?O8oKc#jjpOCJ2}IXrjX4SNab&Q1NH
z-^e-lrBysK?|8Z9TRvCcu?I@e*v?feeCIvEk=$f(LO}%P=Vw+Sp9u1)Q!9M1>C$1a
zMfN@b1Qg6FPQ3taoM`E#e`moCor=!@RqB_Oh08CKh~NZb`J6Hga5Qpf%0N;;`}(K%
zmE0`IWHFG|M`TP}gMeXMXdM-@9)HrT!b?1CbxoG^R`n$w&NZFXYlO$YD6ZsA7%TkS
z-2sUQh;TL4-fxS2liVimgr-FFGIe|$zRr%?);@cwyP6k;^lOcxP*i&ogi{NTo37-@
zk6QV^oB@udh#h?K884(x;l+wHx>zXQ-~o`kzR<I*R30`>@-IGO*r=vp7uNK53cOit
zR1K1KZ_+i$&O}V&`JfCe@S83Ctpdh`VD^Q2-C%7aoUc75O;(__lKpU?mrR1HucAD=
z&K9TZ@u;>Bn=P>H;YJQtLFUC*3bIqo>MPN;QV88ayj<B)XS*-+{4y~$WkuXN(&TYy
zGjW<WHcArZx3FLt9}7qG7iq_(UYbQ((dyZ)9Y!|pjQo|!xKaf<2AIb9`VVB{eI*Q!
z!w5pO!GyWoY4XcI<Mf~vGb|+j$>{Y%Fe&8+0#gn|{*WMBV{rf$c*Z)XTKK9|wsjVk
z`6iKcD`gbvf`OSua}f3zL2hI!d=E-E1)e^R(S@tdO!Lc&VRPJ9pC-9FANfi_yg3{0
zdPu8KtqPqY0;qz@z!?4iJ>aFnDYCZmS5p`QLMW1X$t(e?Lx8~~()d-4+X~G@R8`#=
zFyN;iU!eun@a2)T_@H*Mf8{K`RMd_cgfA5;g(spVQTP9khy~x;lKz`7NT#4j9As*W
z63Ko;l7h-kIGQqQ68WHlXv{_pkpW?O6q<X->ahO@dZrDvtd(k_^2mY(8;H*4r8_V)
zNPj#Fz5L#B_%?!&*u(D|1olwQa59ZVP>&=&X7DFh(DWE>8_}hBat4-7q4KM~Wk|XY
zjG#%{8Eays2e-#V5SOOO(G`PV!APhg3~!Uh%1RJX%WnDd$u2GQ1_OeIZd;*IQns3(
zMHq5fXe8amLcNAKiykGY8gWEk+?m2qiQi7E)(ye%$mJn(u83|OonqYl*|{uUZ!fDM
zC)b)@3X!a{^-K4^O|}2t&k%Px_>mqKb6G;<1<TegFo7y_KD8glCvc6Se(z+=JzI(J
zR>lGneKIXepr+?Nhre(40!mg6*@i8+{((jJk+EU2(+ct;l?9t+R#^I1a!R33O$mNY
zq}0!!ZBI-hxwOr|vmA`p6H{3N`Ri{KWH{%6$oqbR_aoDK=02NZb(&*Ws^+=g!gi*A
zinFNXzR$K73E+zj52UoX`mg{L-=o65{wj*%kghaP%I6hRM3MfM2=|hSTV)JX2G7pu
z;?vI(A^ge$MGAXdd_5S9hI#jPMnFc5ZR0^x3`cpQ5@M1zd)4o5q(kQc)BWUl<_GM+
zXhL9i89II+xc%w4Mw(q&D$aArP+rZ^$qS~ZOj$5l`5rih=mG)3LG%bONme03ERy+L
z<%Pm)qAYJpr7p=!*%%;*HFGk`W{1pWM%S}9=LLzSzVpzT9~g^}cf|y?N724n-{hw4
z7j7GAcBVR&HhevSJk)re>mh*CoZE&y+)q)RZ)~f4C5MDZ7<`+?Rq>`CS%ctcXsDuu
zfb^W<v4gF9WN|J|igFe5m0i`qhAdgC*oQSd;gDWUpAB*vPFb)Susg6gv{nFBxr2(%
zoi#(AKP3D<dvD9djIk5MUP9(81j3Dn16IRax8lPX!LPMX7u@{T=Pbiy|M;taY&VN2
zKe%9|8t6qdy&ZqA?|d*_Pp+lWbpN2BFGDBliGHrjUE9wV(-A%`N1_ecl8bR(P71&L
z4xAiHQw?WDds@8dbFiE5J<}R`J?KuC%g!Lp%cm_-F=FpIL=C8UZ!f7WZP>6q=bB^#
z!F)i|v+xY>*tq!Ut@j>rB-_+oyS!gN_wRRt(S{tY3>tf1XtXOHQr#RHP~x^OcAe|n
z|HQY~Wl%)dUgqF`4xHBsc<u0LDI{J-%9c~yVjnYLvT_j9;P42x#>25AvEHn=bh%<V
zKaN~;o?o7L_sjjwr@Kw6d)uF^x(STQ5;#VNJnJ^=s0Q%gey4vRr?b*JtCfUv6$fgk
z#FcBn5~*TruF!!x>O{$2p%7T5E_tH7?tbA+$o62|A<OZqkn<PientTa-gs{D>C(jA
zuupX|D?M*VE%(ZvJ7~7-=iAkI{*;th;!0~LL%Fr<sL=6xZ|@y&dzzM{tC;X^E;fZ_
zN-pn)AC#Z)(l07frHk=-dz;5|=K|#4!-7UvTU+Oqb5mpNZLU|R4+bP%k=+x=XC5Nv
z>r-9ZjEt2O|K=C%_rd?qOB<GBR;SyeQ~rNm8~lCX=9i>!t^2>?b8>Bi-8mZ<L+zKO
zzh-LTo*K7a?DKFMGkqL*u=}USwDDk2DC+!$swdiAZt_n4w^KM5`@%-Qmi!d?Aj7{D
zrkTFv*DM_6kkykMuilh)Ty6K}$EXq>OvQ>i7vr_nZQysqg&TGB;!UaNUvm>>-Cs3_
z6vQm%1zsQ<3-ynN&Ks*f!;J4Z4cqjYWi{IUzU$QJzvo27sRFjFX4K!aLC3Zw`bL%V
z^(G;+&pm(b3DwBdTW(Z*tlO-uHvd#?`HsH|cKm5T>)O_>sL3YNvMcmtiDcD~`#!qI
zMTXe><$pa)A0Z|gvXpawWvYt!WKie)6d~of{n)usn~3;-AZtvijfS_#n82B+R(IFk
z^rgk!!IulZ!(p*zUoV<HJo$z*ms@kSas(nUI~UPn9#i|wCa=1^y)i1hx5RuK+t^(`
zWR4V_WbA8Q>pJiEa?SLUe*|xA@oa?gD#yPn_85HckO;Ocx33m=(;G0QM+I8gTp&!}
zF+xJK!#%y-Uj?tEHgdY7_eR0@vl{D`E?mJt2jyPdZ<XY}c(5L&JYe`cM5e@R>)m4l
zD|&D2cJ_WBaRf5Eb*-OY%_{+zlV_m4iKb@Az>_MX4pp(8-&x6FKqW@i%>!x5w?KK=
zrF_FDb^`B%7>z$CybBxNycTz!a9~inE7>-x(V(W<D{UZ3yixojaw@j`Qa(M|eH3=_
zz#m5SlK^5)0dE7SU{g5u&HRK&@-9Uzv%8#cv2J5nhB5&^_^9+90AoW$;gP36hBQ1?
z(k}3dwp0!6*rHnNZrAcnue6rd9rK8g%%;$rkHi@R+?tN>Q-O^@E9#TRGTzl>-jEGH
zIrHmq?Q`e&3~(mrxAtCX2a~MF)xeCeVVGI+vjWZacI6U1M-7cu6RF04qcT>%$sonK
zFAcB?@#EOnFfEV%gN=uj$!!r^BH>3CWILBk3#x;g=fgy-?$Ym+blehIqCE7I6O4Bw
zw}D;WN4YP7Mt#%V;3Xchm7b#@@*AX0=X*D%Wl1ZdR*ZhMc!YkpK<x+v1Upsg#MYh1
z2I+4Q_5NAVt#ftQi}%PQlg8ks?lj5+QnhAHWMy*1*1D!W`*qkR2v$NBvSRp5rxj*4
z4_=o&*{Co!v@;CG+(6u>s&Vv1*n~_&os+Pao+G4|IGqG2q);#LBZ#_rk{2*ik^Zl{
zDx(i(G*!h)wvWyKFf)k*m8NUo7mS|wxeVTFebc%lqrqy6-YfT6nG$55F2OKpifFV0
zABf-wzy-xeK6(SB>?Oq+4gc`$h}FvCMql_}?;CNt=75+_@gu!i&1ronx*g%_oBKoB
zGp-SQoXeF_K@Jri#E7oRNq`38cWwrv*5nut;D28K!6XK`&kHnTL2s)2UJC=1nuhM1
zx`KKU=%w2V3`bUK`?|2Zx=srA{=jf0dC6&vF)0T&x2EA`q6pCE&)tPH>%$B&t%aB{
zzi(u6+bU@4%e~62YrX1m;);fU6~uShRb#JooM+`+6?E@lsfMOy61a=!NV9UVj{Blm
z^~PV;(=}yZRG3B{bxt$pvATwcn;<{%w%DMaFxP;#48GycP{`WjLZZr&S(2nrbw5-u
z3%>C{qu~Y;)xwL@p(Z)($7I)<_aLJPpOC$@78Yr+W)z;<U519Abm$ajT(&K@)oS7}
z<U`KF<V`~fp6SJmF<5sgX`)vz&FC^kJ;j+1&JKE+M6pxc+evnS6%v@KlUS5=UJ_A%
z5QdlxLQ(QxAf2&t@1oeUB0_^Oi#^X-m#06ZI3K-S0W^O#Ese5G;Y)(Dn-3yY4qv^E
zbU?g9Fmf#&drQ4`$^3^*iS}w!USXmSU~GXK7`}DdI+Wz`E;Vn81s4?}YE`cb+B04Z
z!ZdG1aq@*Vzq17)7Pff9FsRcBluQPaEAah)u!!IrEijnIM;0v_NBSr~K@QzJPGdN9
z(Ui7j@cml+tErPnqVO~yOE(Pa0zIo5#Q&9~1;LSoev`zcgb1S6bg5K|$T)14kC7_2
zL(#&Aq++B&uoU2dJjwq)@&7#j3mycVV6^9`1YCd~{Rz*G599v^r3Kx^s3lVF7Y8Ql
zptpvf*ze|m{Ak-)NJ@imwA6bYCZPqVktSjw!tVG&q1)fvm=zZ6Oyu*uBf?^gL(YcT
z-j}%kK;%*SBv~w-BO3L|mas}k9wn&?{dDE%rXP+(<E~uCr~UrOzQGH2h#-)5UsbCz
zg(5P@#_H_ecm>Z|Y=h8)b*X0_KRG&b{ZKknCe*o9Slk$+le}f^%#1Yr1w&6{A|pvh
z+;4;to0CJVo~fP1GD7#RY_Lr`^>7qY;K8qW$i63c&<?b7A}qwi0n!6esb`5I%&A4y
z-b^0NFB50eB@&d{i>51N8N0LfWZw7?NGh;WBJLw<h0VO{5t<|kIZ-Sk5U-3R5u`0R
za-Z(x)5{L+Cy}1nu|p-FAzKdSGJVYnSb)E5`eRju>Q7`M0~rUUiDJ9KlEgqVen`^g
z$fQ(}z=!i3%*itfh$u)*rxnr%M<Bb4sClcyIiij&>ul&Sy&l7W3$4-~ET2{Fa=D~)
zG>vAFVd|T*qP`};Utq#!j!0_F*vqsV0Wi84{0!VcFYxf~8LGsg5K^E$iw%)c!C<Dc
z&{m}=zOR884&Tw(Fe;#EsYL23z^$>GQA*XIr(9Xm=>M7Q^TXWOGabMBm!jTmplt-Q
zG4H6cKx!VU*I&F)HOrz*c7gdA{QK2JiiTkLGtluxj>eeY0rj4AQ4Lqco?UN@!~K6C
zNrD`4LFqbHdF$J@-1GK(9Gx!)K(01E$RbKF+&-xa6>6A1oAAOlfD4;Wo76aeW}ryM
zMpI$Pp0VD29h}S&_YdPKwPhW0gdB9)tssCqlIwoU{@!>!FLw3gvM$9?Dds5L5avjH
z>J}NCt-_WN<QYc2j^0)8I2?|%U=OF8P8U8t(F0j=?;-si8M1Y#MVnzXG61zW1p){(
zZSypd;~KszPWqaImx`-jcl&OwDrKeIq0UA71{*3!e(~}i9+3(hEWgIc#Ldr-Xsp(I
zMn^!^3xaR(Hgq0E+&U7L+;_yO+RLtbt~Vc{vT51t`CM_+L_Xtid-wdK?Zu-%E;@Jx
zS?=He(nwIXvF+{Mwl`fG>N@VrBIDZw8~wc=f6Kx|b)r+g-9D-O#8t#zG8`A7bV9i+
zAtE78XD}kjZ1lqpT)$ve$~r0ztd%SXsZ|bVpIrP5HgeZry;}NIUKA9BYu|U{R%nE}
z#&deSsKqjOBY)1`(CtHnmsdg4E#IwBn@!XAjlEYk=PW7Ws?gwhGS>H%9JQe74>hCg
zab#?t;KgH?ml(KT9({;Vl^0@vWfS@X6x|VS8;}=4e#F|gWc>XZN@+x&a$dpp1KXjW
zsOL#X1w%`aEful0eUOAL_cUIomvSp1bai{ycf`Oy`Q6#+_6he3A5D^(nbqm`E4><d
zjRD4oBDFuZuO6BCg%`A$7>x5Vc<rTJKGHKIp=-gdsI7{TK0&GzB|q7=9@~n#C99yT
zd$5Z=zjcsl<E-2I`ahU?ZN=Gll2;<+b9Qe|z+aRgbk6$d$Qqvb5Mp+Z*gR(9d?~hM
z7*X!i6@V>>b2*;O<;LVmoZzLZrJ}5!cPpJ*IMhEepkS3%9a&wGf6?cckLFw0^~Oh8
zeUIN;*6%T?sr=B}dhtelf~x)A@U@ZW)2$Z=q@J4K-nF(G9G>6dzeu>7YAK!jQ)sFC
zp|p1bL}wwt?NW@p)|MDXk(lJOC+56F;_Z&V2y=Q~TM^yJ@6{(`DVr7fSxbi!g;Zs`
zj%yy-5=H!W<a-&l<Ks2|XW>5o9v2zyNxkB?`(s@%c1-M5dt~&V*`R%>U#Cb1aTjh&
z`*m7B(a=ff&&+M_-ppDmN;m#^om}?3y=mu>fcTll?%>_-k4U^3ZEL!$?23kYjC7x)
zVbO8i>0>@5>(?`T6yV|^?VTDnOFNZPk<p0uZu-SLi>?E*-Wu|oKI%5js}o)&2Xbtd
zey$LY5OK)O<bg-e?{E9~@y6!)52*4d^kM@xa`SFpj2Rz)I$hE&@nFwNb#3liXNg!w
zWJr!@cj(?oh{tw|NmsY8rG9!ypyD20uP!>hYe+nLGTN(b?$jdUz3F-F#_rmu4PDAF
z`NEURPc0ZkOl|I+^eqQ9n=y|6nUg+#{k*XS*cE9zGku4o^wjZ(-0N~aRFlO$Cp!}~
zGy5sI0qai}JBpfc;W+Dg&HUTnv6Hs_;`C2to^vVlsv;pV&Rlx(yjiRkPI`;KFv4uT
z`71)Q(a_y7dqMf(q&!%?IakoUXpLo`6lYJ9O&$bhxS1?<8dhc!=G^C#wa?6htM=Yo
z3bV7wl?B;e;4{zcD~?8mnQlrp_Sln-et-9%?I3Apt4^@Yswi=Dc;aw1w)$F3axISx
zA_ih_I>Bs8KuVEB;peVSoXOzRmJOt7qLzJT*=cIx#0l9U<KSS9LRD;W_|*y2<<=dK
z6Q5g@(b0atPT<br%J};8;*qTAgIOSa3;q}adT5-WxKMxw^;-YN2{cGj<lu~3|IJLA
zNUR`tBJ^COL|74hhG#!Ja;suj9Vaep;w-hJ9pKz+afLrFw5~@f@lU$<07@kPHws{r
zUj3paON#vmBKa)}*pJ!4C?1D*@wVF$PY`z4)f;Y6f#0bz3yD{|BHcimTKS0!CeE4M
zN3NWtCT=!*OU{aitqk^nFy{kEY6>0Lu&{@d=IptqNCQR|<dZq*!>vvFjS=S@_&I=a
zc^%f+Wi(Wdh&SZ}^7kJ|q5@jnHd8}oX`czMS5Q!8Hc6+s91_ZFygd$*uwoZ<K2h7k
zR(8GxaIncx^>UJH2SU!=1_i<eVqf2Z%&W_f&s{~~ARzHkWpE3`2!!>_EP$$%J$TQ{
zh6)_%$6k!AFge6&qWef_2;*s-k+><E+~~d}+yexrTK3UnD4<kf7mC8|3;uz`*z<#S
zRJsT#<A4{yL|G|=7M5vp$r#!aX38TcArQwJ0LMzmAmUxU|Jab#MI*^1gp|WUX@FI?
zgd;&DHnWJ&p=#@qZ7vm9!4MF>od=?K@cu<@Ha8b>a8ienC99MOI$4m(HWaX#x3BYo
zzag3BuPg)W*v#cqvMa9qv>;a*6=`<!q?uat;=5jJNA9S!k<P3$HyxOoTpA%$Nz$wH
z^0R+|pyWGxCk`URRu#uU;u!fn;FN0=#jL}Ego#p${heV4rjAE1JqNEW{12pJm<aGL
z&%#(AG(A2tF1wz^um^XIvspTe7G!(B7ye1ah<;h)jgTC+@z-APiCP?dN)&e}0BMoc
z2NoAVt|aq3Mw2wNj5Zlku>r~+e;NmGF6?M$=-Fv4;xOz0={-%ha+D)~lff)b+Bjz)
zv2^yBLOx28b%|q8t{pl!BX3%IT=YOS+#f~iWBOVMCz9v_Q;y*4x?U)B3S<$SS=R@*
ziE5)ZPNhhf+}jp9RK5!?FDTFlan_Ob<_%$(+`&iP;r=EPIgIJ4)bALz>WWb+Ol?=A
z8Y`<AK8@1*`DYDgTp<9F8BLExljOr8WS9vO;b5|!sRmJz0sB4OHd3kL96p4?D>yr)
z)=`IGz`AZv=5JwIb>gK+unIU-{46s{ndow`OqhQMznv&~)n{1NUMwa}`YlTYk5RDT
zJB_a>6X1gV8t`!buPQ$H2cK9lBr;9V>LbJSt_?G@)CR<JaX(4?w2|u6pX;<y^c7|h
z8>t3Vy31GmE=mxOmr__)ipK-Li~+aer7=z8Nf>$3^#$lC@>!~%EJ>c9AtZ#qrAp;5
zh5^fyRw?{1*BmSxW9aPvZfJ?nKQmx_K}i0<kx59QLt1<4;Ye-#f@7!g4FRxSyteXm
z_T0ejJ`3>^VZkhyvxx-N{mu0RdP)?lGns&f%r@JG{bbWg!&H(9YDfyPAKRdtQ%Z$F
zc37&fD)BaMByp&1LcBU(hNr;gxe<nFj@a#4%p6xedzH@od36>d;mOL@#LC?|SfoQ&
z#*C6o|ABDNVRh3aWnPl_bIIs*A(Pbosh=sHe>W5cL0IY!GeY$KHoh^4yg4f%=+wp3
z{Y(h-ziiiFoLqvTJ}Sm!Q}`D}zhE!JU#!sUH&)Y13T<F^wxKRq-E_fG{h==ocJI14
zb=lw5`NrbS$y2`a2aCk)?NAbG_lTI*?}cA)5=izIB03K~vOELQm{Gz!l;Ec>aoJ-8
zJIvSb96czcmqNt7PfIs;NVIL};xU;&v%6IJLWBq?L4)6B%#c0w8^sikGM&r+w{Wv<
z_|^MAn1`b0BUw5pmT!~1#E6oDV6H~g*J|qcZr}{qb6zg=m$7kE<CprObfFa)jr^n&
zVH;nxoJY~gc{YP-6V#y33iLHHu&FAMI>;U3;kj|Ob!La=cMNg&Y$K;*r0hHQa%3nk
z108qxGpm<=&BL8-YFV@HO^uftdT5Dh3(-^k|EPNJaJKjVk2@iV9eWddZ)uGpMvNK_
zVnpe&SG2Y&)f1tlu_@J5HKHXV)TY{=Qkz;eYIM@7D!$c&(^GBF{qFC+?mzBaR~xIz
zC!?<C>-l-Sp3jmkR2HS%9DJ;pgSVmSq`^I#f?th3k72uB)6BKICkxrUTGLDnu=Yr2
zQD4MGsc@#l@SnF{E3uzrdL?#4_P7*3)g{@qWev44sqKWcca~jRsx4I^2}oQFF6LG8
zsKm4EI1MkM=0^g4N7S31tmHw6Y9r?4Li4*^{0XJuPw%haSey-UG9$w};yrP_b889t
zo&`Rcx2n5lgZS<=kXV~0Cteyh44}fJLJz2kb8b3>-Txp*l~+=D3W2NBZ`uJm2ah8~
z@<$vT2SlU?&wnjuTnfZ26-kdc_$zL;0BGQD_}V&`7`N#8Fu^DlsgdY0jrQ&nf6S37
z(*EsCJ(<jbY>BL&LV$b~Mwbp_o_TZ&2=H#X`LTwQWiEtdm3{A$9u;&}7#oV$SUil|
zEpbm<osd{;>lAnwv_4Yl(I_KxNn|x>NwZG#Y*9m`lI%6Lz=);yadPFaUX_wm0Hm>D
zIL}XaPEb;yPPN>WOFhbHzX|c2?eKBv?)JM8b^3+)QFohw!7014x{HhRf)}EGHHi$k
z_{up9=$1l>pWb(9Cjs%-iYyg=*{j-gqa1%;c)5d|VWG3OHMLRE*5L!Os^B36q|G$>
z?fl{2zwc(|P&7U^R^pehadYcQP!&pPr=_M)t|0GjZj`x0BkOSZm|ZHuTp4v`oX=hk
z<?E6lFyeS3f(-c)=&Q}wZJnPURO+2lFnE0N8JncIWvBbI#7O-M>;-iak=^aSZb?TT
zZLdmDF>POcUB<b3Ag#iq3aEg;=N!9@^V#4Rn$EUd?ybrQI_r0%m+7)y_TFok2s=k?
zCfv~X9$jO<mi<!iigR=(Rfa!bW~|1jse+Q(bNp9jk<s?hAG<b4!~dyO`tMXOTFncc
zVcEPjs}o24Y~d%5TwU|hq!-5|j1}A^?m9Wd23X!SgBDD^Z*$(7Hdl!L4^ldo&(-Tb
zzJxwDfUZT3JP47dOjO+8`Dq4KnVT7KNMKpE*gWIAIq910|2$pKYUX)@(IzG45C12t
z4?}{^Bp@8cQYuDQ$0z@tNqDHqE1D6)yUR1EmH)G8V<ka7TfMDWFqS~3CY`v#&HB1N
zbCg3uD}T!cPHCY+jD?*b?zK5Gd^ft>z<_^z5v6lz-7U-?h7ns5IgZUWyC~?ay9)Nf
zKHcb!eXPIckH_Obpai>j4usSeF1WbPI3ynJJ+nmEeBka?TvoaG!rbkN4J!LM)&>&l
z%Rf%QcPtkC?8fYeSOg45c;djuS1`4?!t{%OWk;ygaU_HXH~naF302<utNYMqxRKuX
z>>$!Q);;WfW(wCofEkJ02@AWH#(zQEf0Anr`YGbXdclTz7%@?Kv4K}>(kwQdy!XrZ
zv-d?I!JZQrq2$g*pG?`W%e!2PJ~YvaM*Ii-WbnS4dtR1*#Vx<d$bXCJ#hGGV<e3%I
z_fGfJKw|4NxhfD>^f~5Q@AO&eC7-Usq+_f4C)5}pqvfQgJo0vzz_Z);eS<Hoik*+Z
z9S6=-IFo_S-kLre>x8s2zp_0+omq`mx>~%Yb)$^GflqUj)fkg`-z79q=yupHnytdy
zB1RSpdp$~Nyd-r#cW&OxOSfZfz+@?LH9{@h&8KsAr`vteATP{9_1{aiD*|sArI&Ev
z^!wQbyJSEO8_s1LNzbf}_Lk~;``UDs2zmYedoS$Wt=~&xZJCOm3&-cLsbxucwL?U|
z=C}#GX{gSoH!)IY2tucR$Krnw@zU)}u*2^xZS~1ox@$TEX=X@e0?FI$8pYOIUIxz2
zJneo<-{x;M)_0^gu?l<71MPL3E^q;agDqRiiv>pNws}obL5U6<B+-h83RZ?+*<ekt
z6TEa8)Y`_HH=pfM#{C^7PqTlDsYdEPvPq?s{?_r152##@wuu6YZ!PAD0EIYT+WiQ-
zGqb8buMcA7FE}Ik!BX0Z-DFg0UcBxY1K7(Y=aT0vsSC$JA>ZJLj}-CRHJydg?X4VE
zwIE?ddS16T6g&N0k#)OQ;^(|iqHAlaiW|0~y8FY|S|xIO?P`c&6zH;YN}c@Dmv3g2
znx&hhKOntu96W?k+R5!$&L~pf=Fz)da&F;YO#m&+>jJD8L=v14_MXQdU%9!z=+I@g
zAYeSl4>*g|*yx|41lQK0?aQ-EiTw-DDLUX3L53fo9wuXX(v&8^MqsJGKtZjxb?in7
zXIcJ=g?izY81JPkvwORY5-<|HzcX(xooZ1-(QB(*86Tc&#P2A8YLhK+mj^=&-!#Ap
zEyM;8{O)fWdX=`rdjyn~o+pO|M(S|ZP$5F$u5E?q;ivOB^_f86$C9qVJIds`PqBe?
zeEyQ$WIW#DN?j2+rl0NHC)!c0BYzNKuyYY?nAP;#=$eE1M4a^se1)9l?Ta@ZT=}h~
zx%!hpGT7Vn#kmxte&S~C??6|4r$@5IdCuR1!XJeJ^ljNNPLiU8SI5E<qLx*_uWujd
zzIKul0yg>*-r@oyyLt1X<!}VAwyUOPxeZ~azkWO1miigy;7UpRJ}l5^sN)kboWt`0
zeZzXM3Pk(d2AD6_1MdThxJ-pj3wX$&UHTe(=c;g5<ElnnhDMC>wVz^Ql`1II769J^
z%uWF}{u&Cq<gSl&6KXa>94VM6$+~E?x1)s}#e5WpESBjLw^?=`m<3b@EyplaZ9=cT
zUtCel!cX=bMX$~;?Ya<2>yN_Il-u{MnE*xJATueG>B*hnluG*7RbgYNsysr%*io1Y
zznf5>%ygxpAYME=(l`)@`0S!oOZv#vGO6~bsv;g*-%-Kom~uckh1`U*#lvuAqlKm#
zilifqRL)9?L*huc1_$}7n9*LUm_eh6*F8B5U&jhe|8I=TKODHM^4D8zZRs4aw}b(R
zQw%K^=czjmGkHsl9)`5#VCQD_dEo20wXlw5Z!zZ^U0D4u_WA=52ojlK!!bg>SHfFD
zvOB?Sw0wl%mPcWYY&jVm<AONeKG3A7qz$BTFpl#JIw+U?yY!Kk1(!ghl7+YQd69*1
z*fU1ZAid2Q+CqoJ&cLvAQH)gnMn*h3arbRjGB+JY3oJw+(2I{}RghhDt^sH-4dSLk
z6W+a12H~V4i;rm?F*FScoZglMIvjdchm6?L2CBM%)JP;5GqtLec!)%X1`mk@<5ep4
zwtGt?@`^$^FVVQIO%S~h5e=@q=VOie<+OH8MnWsw6_-U|T)&X`d$UQ)4o)Y}cL<7N
ze%atWCHH+4^%h0Zi;&A!Q95>if5EX^6{mPsZJokt72i9g*Xpik{kS{}=Y!hBzM(NW
zR;IB2YuWW#b+1+ZD8CqJzI}U)z?MWJqc?YaNc40lzS&O88+LR@DeFfH2SQ+h(oP=`
zz{)&7n&U8%{?5#{7v{(M=)();co^qm6d{ne`B!dxxGKyuh<mWdEeyIDUC;ET-5r>&
zhg~KY3JbCzdRs?_J)3G?u_<D?D9C`|{>zK`ho0zg50{0(6?;z=SDM*HEzr`V7(qn%
z?S&rPw0FgjbeVfwdGl6IC^E7&pN?gNa<I|E7sMy%#rN)i^<ZN+wAJZhheD(XIhd#<
z^(l^TbeQWUTJ3Fw5Sy*$5AwumB@#SHRP34vj1CE~BhYy-C@dm^*G}3vS+)>o^55jC
zV2nl%z;0N_s1d?vENqjZL;BzMa5#+%;$;t+xl3oHXRW1hgzQ{tYO_gzeLZp7k7kqR
zCLwZ{MA}ds5=x{q*qc>t?2i5_*lG@wYlr@&C@R1nqPES?*}R>rA>Xpvm)pd7`7UGL
zmX~;hEv@xY!!c>;E(@0$v;EdJU_)T3jqRUrI)x#YN~cQwcTaVN3!fw>zI9pz2?&sm
z$5PjycE`s{hc8J3YgllG+O5*n${i84Mfdq~QSfYI3SeaU&ZO{9U-L`{aZk~)f8C)_
zUQ2$9xqQ9p|L9qU-1P&a7p@6o!u_Twqxz`VrsI2AAOt{WZB#8}=AvgqN4;sODN(sh
zAe*f}RIPacxT&GV@pVI3B>*3j;@|s(jXYjE&RpS%mzIypFi9Ps>}?$?+vQ8sDrF_m
z2+qPET(%buKz2Zx;Jy-t=fwCp?fok;hliGqigvct-sQDJ%YwXrRq@h;aSwikFuiMb
zQ^PAGwd{o~15vRPOQs<o3)+od%Y;GDi(Og-za<&>Z!i2jK&ZgjyO%KNG-6}ae{JpH
zyR!1Wm#>V4dJp2t!>X&OhBIxI4k|p!b0J@29QIe_h{U(X@~K{DN4~5|mc)5oW4QRZ
zC9f^VK2~fKi^g|77=E#HL-MT(`Gq&?QQS^>?~VgURb#W$=iHgpu$%n@;kN>N$BS-d
zTuS{X06q3MzN>LGF!kpHDMJGt(~4W;51#h)>^hHS760-rzYyJ|9J&@_Gqm8chCwAP
z#1;fHW<MKsNyz1UY>9Z?U%cOnhLR^X>qyas8?7!T`BcjlTZg=EWyKoX=&6MY^XyRd
z-3hg)KKERP>vq?kzsx1p-`nt)UsGR_#H&U!|AP>2NggJ<;9KS2JXA9-Wy=CJYXjEZ
zd&;dSo3YaiNo@&7L(?{Un|GTD;u^~rO|LOB@QW4sBMnC@Cd4=UKE4*xgR2q`4ZiqS
z<nup?5C~imbh>l8Z>lhKx5)1=oxcy(sC^&PvR6aGAA5fq4vdukwMhIQQidom;w7OF
zWwoM&Mj|j1-5oE^{+fN*aRb`vjDO^Ne5zU&-yG?S9~tf7WM>Pju#h{m(@)4!+!Lz?
zSkDnrvbJ&JT4U%RD`A#MiHmzDxZdB7b4c&Bq{SQNKRk8!1M9U`X02HXTJ1kbd-M|O
z=gksb_A{`h^cML^p>l%^ipW5qD<N*>A1GN5O6!qwbFY_Q=H}#GHxEQvQ8HU>9tL1f
zlrp0i9ou!5i5ve4mi5he%da6Ny9#`sh@})*cPX~2-h6q><f=)320mVfGosbUb3f~d
zgucu6^oFlrtJNFD8>z{LA^%HW!X5|Y>e)Z6{Nm=`-f^Rge`T!PQtYorORW#Po01|v
zzCc}9cN>jWNy|$cH))&Zt%Y5w->Y3{@2kpN`v;nv7~@oTlEPY^SvK2CuM<y=^6`mN
za0}WgFTVI6B+2N5-<0d)zrwoq<pzD$yR=Ujq;g7yS6*i9c}HF!aqLl+Y}6gzYr0)f
zSmv1O_&n46*S%=TW2x}`fPS@cR$@V9>zfX|U!v>d2hfK$MgQ~3caIHk`-FUf<hRnO
zDERpRS*rFi@bY5#vmNrTPLx@*gVu%Ensw<XxH%ug!l|2*RBTs;Ytm#;z;k5`V=8oK
za*Z;7J95`5^X~HK_a>>oSaQ_&yXj}j+RS_skN&r<_%&+mO_i_IlGQBaAMD(r{|!9r
zL+jqVt8&{cm+|V<Ol9rciUPii<sGYER*SSc;$|&ep*0^;Zb$0U4EZG>OzOaD97AiQ
zc3FsA4-kp=f4yu5a0`>MhHBuyn!v0Yh_6ytu?Ui4)KgjjA2D@+Td=s&AP#_O&b1rz
z8hv+Sjisx8$2M^3@dI;vIWh5jG<QDhLwA2}#8tc9ZmcEyI-pU$?r!cJg!AHMf(C7P
z9kMS#x28cd*PDjyMel{l=;8W5=)KhNt0s3BK?0cJo}3&&q))g%!=%;gfyQ=+LXF!u
zkApv{{bpf>UD#~uLH6nLk0J^%%4Z}seeuU`eozVbv8-byf?UqV$-dsc@Xn`Uytn8R
z<7=@2H?>;o{c2{v!q~FS&M(ZZ9SDWn^%QiWAD79M>{jP<pFAZD9P|L-NAG5rOb~gs
z`ZAej``GI8-3Q9|RRZmDJ3(W?n$efsh80NLJwL1}z>bB1ZcCl|Q7+M8S@nEpqby`Q
zv-PRAbiLlqpl^p^gI>DrXxl{B?swzAC?ONm8No0AY*L!I8LStT59WTj5k^FMC%pS#
zVOR|%SSz#jOa4mD1X1#GAh6R7p>z<@x_0@DoG=LA(i3oFyTf6aQrbP2{<kYQ7M-K}
zBp`X$iqcmk@D}H<T{+VaoPB7s-3ouCjwIVW#xUIVXr<<EW6t|L$otn|3esWU2ayg$
z)qOq@K&IRSNKV5VXEe~+SC;>SY~M-(%Yz1nv)|OfNOkfHkA6gkp#dhQqS;nKm|se$
zyodiieLI{O@zb`V8Qg*J7oqS-9rnlHVpxH$tsz{1eJ;=Gk{NadONK=u-y6a1q1>F;
z?|g}ivi!J_dy&9Mw;x`R3Erdvvb$ttpWA=-JayTBjGzn;)!hfoOt)0~e-K<?&^ux9
zuoSB+69>T2<~Ww2SRaVc&tbn~DGr%c?e%E_AB8U<Dg;(IsF$ygbd~2dwuFIo!|pw4
zMqeJ6O4WN1P2o4c2~HIpH->D>TI8{T_%lHvI@oL+-6sEE;6>hVvpnxg!95_(Ihu~^
z{HOhXeFd3t(XXb!li)}Ft=;{40l@@1FS<^H8B4M}-AIqt&&5{z5`ZUn(*sLWYGyy4
z1}POaW&iX6vs+rRtR=^EJ=-kwO7*-n$VyWfiyj8IbpYPRPkxi%ZV}+<5PX2lHca~-
zMY$Qey*{DC>S4AjmU>WexDe$0A%+wGX@+ES`+;GVdA+o(P5Jk53G9PNdeFGgIpIP@
zm^1Bfut}I{i3=1^qfS&2%miO}``{*p4=coRN=qQ57Qvl~bwEYmy+kKIVQy>LwJ~xK
zE=4UAqLuz8&CZk#AFet08zT+vpxxxWvq0}BfnVVyakaQGze1fz5;We=^PM5yBtwSg
z^dICs$WDtXAzH5`2v8vJnlUg0e=v0NG~DWjCnN9<9UfRSCaNIH?$Ztn6oX$miN5si
z#yCt+*IQJ<C5p6Q+Ke@$L(Z6R-7m$sfRBjDI9^dU_Djf850JN;u5?ofHV2nxilVT3
zV_Hg=J$$zEOyKAo7~}w*i8ZAGRc!<jg2Tm=Is4$GFX-T<Eq)$2#Ym}@Nu!xyyoDdl
zD%E1(a|m?QI<st#Y(t_GZQ0m)u5;$F(_v&2xKIYtpt%Vy5(e*spwa8Z0qAuxAuD(t
zQVBspCfVa)@c);kwgG#DI$O0%TO4d;#M@b9*g+qH(j$t<+oDuGN&cqvxHmKK1^r;O
zvRkpuy8=2YN}i)G;sR<}rAl`iaeQ|~xRHMvpmMhuA#PS0Sg4!wFb6F-3~iHvq)Exg
zTo<80l)E_M?4Kh2n3_M$6}RINTrqSSP1xC6z%m#j=mo`zx5RpIQNG}?{k`pQ*om@j
z3i}Hxdse|49Ojq)9ET3U+aryAjxC0%{U}+3@?J^~5fHRr$KlC9qtfXb)%j^OZWyw+
zO<-1w>5*^vp7eu<(Y<?W79aV=UJ|>yoo$EpUKCy2BiFl`sc<E33W@KoXXQ%^z`c`R
z?#>|~4~E>y-a`+G@>*B5$r(?1*6YfZLJEZ-nF8l=qU9^Ez=B|75Wg+y%Qi9OhmaU?
zj0U%?e_@mM?K)a&kpsrINmY`}jcC8>@y9O*$}CNVyPZ6LaxZJT!d~(emx&D;;>I8y
zRff>DO=G0#jS`pUAO+{D%^K@mZS1-K^pL%T7Znca#GErfdt^hChu1MQN@v_PG~|Rt
z*)STk=EOoh9ot-Ogz4D<asB;S8DytG*sM`b)W)^*qJDSbQJjw!lqluo>|bP!#1MM7
zYxE<#nNe?z-cU>_%O*A2C_62+1V7H>*BtV7sqH;&3Bs4jW~$M=ZnT@O0Xo8eT7^9J
zkYPJFA{Q1Xo7jL0965%{-@ofJXA8dh58t&ASQKvl#K~NFs+E-r-Mm1?Oq@iYSRQey
z;TR=N`l=)k@<KK!*YvkO^%U7@@R!=A_YhSmt2o1XKHkT+l-En_@~U^caCp=_pNuev
z{<sZIFf;_i%-?!#>X3a1?|p45FkckF7d>D*Sy*5=L?9FEd<d~_&Rg1xTBssO>8rZG
zH38VMhP)W=%lGm^eq~RQB#E29TBE(iBB?xAsW9vx%Ud!*@-L{vxW(<)uV1@<8^PJP
zu}(~uyk=yYgXO&YoryOrd-(Nq>dsYtDteK+JSrVUPa(*atIS%+V0<!!PZljByQKTR
zx?ONSjFW39=u2|w`(H=e`4Z{<_w7AJ=5h_Jtr-mJ!HD@rhwaSwMYp(m^Yc4-+1ocV
zf0slhkA^16Z^|=tI+~}gT5e@PN)8*91930#gM@k+mBa6j^XnZe^Ys?NyDzuDZ+8$b
zr}YKzj_KYC4~pY8|76;eJ6i83U0<CR*U>G%@aU&61<VF@e#a34XN(6d)P4RM++A!p
zNhewnPTtsRH{U%zkA#d~V^SacDqP6Obl<#e;y&u|b(sqRO>**b@0&Yn*t-~h@TK-=
z#opB0*`wUE+vZVwqB|geW7RR3<M3Z?;O{o9ls#Q{{-(W>|CDj`z$|@n%GnoRZL`yE
zTv{V<;@ctnZRG1wT$PeTohPg1;#JyFo@AcTGu_nChV4H?uG9x9>D`aC7-nVONDaJ8
zltv48nVG#-vl>bjAtSGC-H(VX>dvgeb7kKc`|9;jPH?BaEB%!A%B|trormX@f^<{$
z3mrRxUtQDDi``D_`&cL#{c==tYIEmPbJ+J5t7oC5Gm;amr`Mx>5|ch`#2s5Z?N)0T
zHGEfTO#3PQYZABtx)F%`5$34kj(7)y?|B>cJ2xoBq2>Qv;7%2E2L+Iv#chYO=z}Qr
zsdLYgXES^X$g;m&?}vT<y!~Xk%-zgW6Fa`5FZOFv_RH>gb$O(f=88H$;n+4&<)(<s
z)eO~lz!VP-`U=DS`UH;Iv0b(Ji-bBRPGvi9rByI-N2|l^2IWqadN=>2eO|9}Igw)r
zNZDI!4)6m{R=eLS85*0byr0^TvYM-Y($Z(jfp^&u?1D&?pF4dNvfrQKr4yKAxpzNo
zd;DmKuU*Rc)<kM#o%-t0cW2ARtBvEg5V0Zg|GUU`Z__J5XX($L@msMyDK=pE8Ls}>
zEg<_K@<W9C_@dF#d$b-m<82GD&b!0d&B%G7+WynPEe{~>mhq!Ek}GPw@K$dSf3B-+
z>wfWHB1mPVCOR@C5>is8jE+9alEoA(#qWhm$}jUh%o)%<qsOyWu-Tf5tZurfz!4tN
zRx=P`?ZoTZpjmJy*6o~a-{$BtpUZ<rW27!Y?^0}eKF>AEfsYSCDwds$6mO7^86imR
z++pAbpm;x4c;~kQ`$s}3kgl;&bJp}xp7A2V?}PqBv)CI+=1tmS)km&~Ocz)GkCii*
z%%uK<TqvQYJGj3#tx44AVue}<$yUvK{S+(s+LqNtR&iOQwgcJJS^jFqV+xN46=S!!
zB<z0zQ+E)-x9xK?a;ICzipiV;+ja?ACR!Z;;3iry-ihERAqgDc^0lG>@TM&6?cmNg
zl!BW-1<8-cEhVn8Yrp|-9r|eFhy7I_uiZ&d7y(*eEh!)wF0WL~&Z}*-#k&c_gk3e*
z8C!#Sc+T&3tLxB*m;`n4VTMPtscb7J&5H?y{DzGupeF*WZz*b4^0S`?J}q&$^QX5L
z-XgU3tYe?_?VRvcF5z<&>g~G{s-2)BJ@#Vizdx`GqY#X&hxby3+&Xr_BBY)JNcrQ4
zT<tlD4%6MgMAzMF#TP8>5O1L%zRmPpeHJ()@UV-VgEH#R6*A%ghV#?h=b%{i=^sKk
zl+oJml~h}t#TABpWnXg)=+|8gs?|yr*cAO)0q6<7Yk8usCq+6>{U(r$y`dmcx93yp
zI@s9^+IfZttqp4ycf2&gwqj4e=^YY~igwva@)}X8)GVOaOj10;?XrZYzqaTwQkQSD
z0k}HNb#@|H+cLXPV<C(H3O{6Hgi^AII(moi>p`%ZzCR+jAvl@_O1`XPAuj~A^zOtS
z4aWkE-GIAHL>fHxeEgt<_1SMqJDf3tGqFhb`R!7-@@CP1eC<I$2LW$p?9-=1J}bvu
zQaXxkf3{QAm(8~0$OhD^%w-i15c$jT@fIC4sSK`wy}_pmS5Aj)hv#@+1u?v-V+V)u
zzVWB3*`uT?P$>Ig?)o71T`1TZj{gr51IDm|Yh_gncHJxJpJD*@V1J2$H`otX)Qk#2
zX1u{JqTMgnZ(81^XBP)bT@Tg)guN!kX`&UfXS}K%M(}Dq`Y{pAh=1ZOy=1heVu)&K
z1y*+6*T<qj?yn9`fp&-?ud`|>t?=xd@9RNIT%}PApj}i~dffo_j#{t<x7Y7a?z`RR
z;slKNF@68*f$sA@*TE|ygfUDJ(9Z{tD7*OH0x<cx2)JS@fXRbhVkUIz{mKo^_g(RR
zrj*xYkZU}w1)O;6MKH_+%mHaVS<E55l%Y-qz>W(eCcK!0(pDEQQ3Syv!SKFRC<W;F
zO#Sa*+0uxEI>HnZFb9v-2yv+VK3~f8&0Fxkuv6HsVkCS4d!DlAF#Lg-g^2O{_C6Ws
zIHKxNtSry~*SM@1hLV<@!z@J2iNUXJf>}Z`okwXKR9cLD%CXf6#u&-R=deoTR$~j5
zIrF1v5*%ViAX&A_zUZR|{=E7*GEG9c)<)`{800_5If{m1t{t}H3<_SbpRQD9$bbF<
zNj&Ha1))sIiA0`jXZB~kT(8FAqQg+8DH!AoiTfgYNP?p1tVb*3;>PeAz5w~W<A%-=
zHhdccV%)Vhu7>R-!%PIXVPg)iXbbE44m$Ocj@Y3T37Rtn90wqFPf6?uhTz>T;=5AE
z#}s%P1NKOZa~M*xM{D0wv8M9;YKc<q%@I9mFTlYjjX-d36Sc+!Lx@M;XpHQu{|94Z
zu?WTAA9SH};2_~m$Qxm!MCL=7(TPfM1ce8QpXFU-`<nIXUz$5Zc8fU3<d}t2wzI=H
zu|jYSx}uzr6Pl?+BXh9Hi2~vMe-{o|CsVfc^l%A3g5L&>G(Pu?Bm`9XkObAY44C6d
zH{#E==<CLw6>j2(X1pPhX?$mRv@~u=I8oMnc(R@CrACOL(EW}t&d{n}bk1{7;t5U@
zmSFFXOujDuQd1)bI)ub`;=GirX<-VtrG&ZWRpP(k{3V`?uyLZLU*Q6-)PJi*ue%~h
z#91a*BFmp9EH#yEgJ%CngBTD08|QJx8w=oErr;+j<h?8otR9)}7DCo&LTsFKB9^Up
z;-ZYFgi3%@PHAyuV?xGJKz~AtQcmX=Tz(~-b*qeC$Z-hQ%u2IAhc#uYu&qw;dV9Fu
zDN|ay-p65dXh)+vFOiACE?yMgXUR4Zk3b$TJXLV?Di-U^h0Y3^|0#-rC8}bx^OLd2
zJQJ-#iJ){NkX6fpvT?IJd`lKyNoeP>liDO(C#2i*C~G{jR<RRTBP5O6l1xjo{f46|
zG^Fa8JaFBSWIDY>=ApKohDMqw7#8CFihalVe4;pQc@!RIVL9!;yCvMA)@$bxu26D(
z)Mld>MI&J~SlaxVctM(dMS@@yi_w&C7BilJIo;dkdfSwtXSys!_x9j(^T1t{NcZT(
zVt3y5i-TT>PPm&l<dDsjp)L8z-jMe8A7~06p(`H_b@P_&fSA)ep?hZMhHVl=t6JA-
z%aB7dHY)Vggnow~NgX31Gb;NKD#mieh&$S3-Mv+z*&Kpg-+%f}<F%57i$OUJ+d-g>
zDp!pS5On5~<{lXe$EENm4_!1sc|K1_9u*(6jPcM-9u@xBm*;)Ue~KXM!tN2mMWI@R
z2qqCnbAI5O^y|(Bu_ct8mi$yC*PC8V<z(je1?SymOA~)^y4{>F^axL|b{J6+cq=0j
zI;@NTv^UF9B|jg@et_#Tok||%Y<3lQ(>q}xh-&-lk=j#aS=U<hC%wMqgu$df){3ZH
z&sZpZ6t6B+Qczgvd6%&J)@fwHOi;=r^R{9ChdWmsAF9>9qwClGaefl#d{yaXT+gD7
z?&)?=Qz7G_;8gz@<&p3xb=rPi@Iw0K>q~tnd%C9+vm)@1TB?>T>_27{pAk!GJ|M_-
z5AT=x$v7~DV^c;6%0$uHLO$~;za@+F=VV3vi?U-oN5YwMZpq0qDj`EoETFZ$@)@h@
zoI}PX{d19l>JovE%UqmC2%A3o>h7lk<5v%Jtx99A<y_qU)U|sYAS6Atl=46)Wo@}=
z-BKwLhNbEp#l3nFxAu>OaTfU`09~F=ZtZrom6z#%;&Q-u{Z(}9tYqgHgKfx<wfjfJ
zum0+St=XY_AM#tOV$&V&K54>IlUJ8l%(#1WeJ%>`A12E{k7F)fp7(JW?GYqf`#se8
z6yE$FB(Boia>OQBw){+_&2Dit+y1lmnA6Kg4-kfR(tnG3dCvI!2k8ifb+{MZuH271
z7KWt1%r9adh4cd(TQa}UduK+oIef>3Xcv6Reecin@keK#&1LIOyMFi%6!OJMq=jR>
zNXH#L$<Q4aLs;3S?s!b%3mKqmCw1`uT61KC8W%VD9UHj3mumP9MEc0W=t{34D_>3o
z|6x?U37>I7uwpC$nFr3NS7vA&6=!FC7C-5e7<yk-erA?a@!nvSp7*1wzfRROD@2z6
zIb03>l2WtcnGlr`fQ|@>@OgNf;J7MMqEs-<C@+`o9h*JMytg*1dNo~px$V#PJ;^Mv
zr{0U1Z%-$Lt`_}TI+$fQ{^~yMTg()UT;|HCj^;Qw8IkTV(>cCU`&P(ve5Lxj{6er4
z1pU=qbZ6*Yz11_)jx$YZv*mu+v!j5_y6P;sm0ZD46Q867re&Q8j{!S1=9~id*z+9k
zWR@d0EBI&61$pXZmV3;^w4T+%(O)McPMJ2RYAM9p>;|Fr-^GEph#R6-3m@`d7N4=b
zT~#e|oHk^A_e|3>Z7us>FSKU8|8fbu`9bQ}n<wG}okct`Vc+Yoye<~kAM|dH+`bd^
z_;_Q4GBI2bzMH?kDVGKPQTfog>gI9U-jIE=vtL{GZol5Cl<;N;!5+C;b?H~HDWAoS
z?{w>ILY2HLbP7JUeNJL)e&6{q^yVs3;Ygb2Y2Tz-Mxv42{Fe|`?+tCPAhW${Kl0p#
z#H6<D&UftvO=@CGhUFbK>Q9hEh?h(EB1TW81{JV}`n<5OplqgQaSCP@8Baw65?tbY
zOUs6FQCrPy2s$>mI@oWj=+druh$U`QyescicYwgE#cvj78^~h0{`l_&e+;Or#fb~7
z2`4;vRP7yp;&|#Pko+CZ)mQ$vkB^>V<+ODoCfWam`NyOEQTAUiHn%6L>(t}A_6_9S
z&XQRE<7<<>xAyzyEhLZQio+G^v?Y58>O$4hK04kmhULX+i9t_Q!*(erziao7?1pE-
zmd{ca!n1omsovaXg7rV>G-rUA{Uk&%skc*Wx^}P=<LW?Rxwa}%l@!<5jm5<LD|Ewx
zk@0CZ7JjMM)LNN&u@~bTPI$Sw_dE0ZGa2z0*=D9ZYDPkkoa-R-c-pW0hpn`%N(mA<
z8VoUOV#dhY=y5Tee$Hbo5=Y3V$4Af3z;KgnE~id0?b=z$!FuXU(9k~8JJ7^b;`xAx
zpGDADQH>?qS}2rQBOgQM<8^Mf)s1YW4v*v9S2AOX1|y`}Wkr^3Mr%gdsfs95>Ed6y
zOzCOA)b)Y-vA&zZTS;Ra_LGu=Q(!O=x?aRBuDB-o$gMPahK-*qst4ta-`O2!@I3`~
zt>{O(UcKGo>py*P#Qq0-7WhXMfswM%>}NFrz;2ztPT;F`f5~J&`CYwzJ3Nor*Sh4+
z-ZkZV9f&-rlG;5Ku#kth3FG_%9Mr`xHq~v4E#Ead7L5khtAPDK@YutEBFo-eg8VI6
zi#CH_HG-sMsUWoa88eJ)tLdbz^mzXbQI$y#%xuV4;LfKCJpJmz>Cp^YljG&Q2k|?p
zkC(Sa3E16724EMq|EH3`qf-2&xZEo#V0piN4)ge}fl1QO*>q|Lu4P<4T?IBeX|v<u
zS`#CFR>@src(2y#`h6a4br~ucnO2>U0sv=c$y(Umf(6<Yt_mgZD!y*U@P~Ho7dL@C
zlXaQrN=#H^r9MaX00w-&3;6QWes)opaWUY2jAOublK)TmM<$p#_6Rvmtm<&u;8&0O
z#G%j|35<4aW#~Z`x35?0L#otoKb*K1@KD)*yx-%oQ(vBVDjn2*=yGa016@5S{i>zT
zvpoTJg1QJ+Q%A3T1qpq2{Ep8-Dc&C?-|ph=$WcJaThYJh<aR9U(+deIA-ohGrH07H
zJm70bvgCxBCs3?cVl_)#-Jnkm<o?MXf`6dG#`e2m7!v~ovjq4>C*m#c<BrT-lwO!r
z_zzM6KG6vRpo(dS_5Uq=mVd!4AhGn060!7tkC4;?qFN8g=q3*Df4c<g<2b%+v{lM}
zHP~V#^vVjQNRkl;DTa8{)(xg!Eo78K41UR)2Hph$tz8Rv?8XJKEShkswOy|vDzytB
zGljn~m|P~<8cmFzlRhnV?>b^V@H^mNq)#1siIr#Xt4c3aCYt3)nGW&}GWv25vOH%{
z30UHgM!jtzF2@#LlZCOBmKhK$&p${_k?>M<p!VrB29TBXc;Nlxf01cyuVeVyB2l#%
zvpHClhZixzcw7`jhfCeeeg%uXjPU@eCguy8@Eo%*m<l-8JrX6yrHH{8eefvF9KO+K
zCW__E;XIgt^^yFehhYh?#4rw#;!TXZOo<?pu??LV7LT#z)*<?FMVr&_xh!)+kp7~g
zmZ~`CxL2aWX;SDWiaZM40VV^X(`1^4*e2G_G<%Z*0)Br>^L})bIn12+jBF!t8S5E-
z*bbMzjm5r-$`VUO>n3yRoU4E<mcII8b9R&hU7&d&HYpenxTYA+1`2fl|9epy`@NXS
zPGN(I!eBy!NIRshMwUI>Ga^=zO%9!h1AnuL!tG_X?rQKM6xpP9h|jX%kQ~6Gdx*hu
z#KDa?wQFinNPmzt5FC*M2(b-&wlfD9cESl8BgmtnMsYRd!zRnc9T8PPoOjJ-8~!xv
z%4KcfFnv64pKs;=xaJM{;;6z2X~St2YLF^hY}gSWuFh!|s+ZvICA=j~Vxj<)&+G5G
zT|31=T=h_bC^Td<HIPK^LMdpqE$>Nho(~`9II?eEAVUz}DMk!PoZD%L3hCujb~YId
zCQ|+iJU?;?fxqwv2(|lD<PQoo0x&l|dm%!i)95t1rh1<+uiPxdOU-a-n@p>|HvHf#
z8v0-h;58&o2Zxwk!}o}Qfc1a8H8h|8#gi}hc(ja^t%#^hWMB>2!sGq&?0p2MnM#vo
zU&J5-Bp!8*M!HfS$5o9gw#N(z+kcR~Ib49VDD$e~bqt#T<*MDyF&CJ4!Ge~eum%<{
zlFo&WVGG$JBFFmp?Je2ck<ZZS-W+Uc+hk7FT@3Wq<UpPcnqeR$$^}!n$5Z!-`sFQ|
zTa1G290B{rJVQl0Pu%IvS!xUlK@>qMMVoEY>eY4y-{yFbr5uax*}_MaXteaI0A%wg
zWqCP9GiQ*|eGZOMi4Tr+NXaW($t4{#Crm&<$cuk9G}y;WqR^ZZT4dxa8)yDik5D@i
z7Y4!h@ko|feaJZ<r=Ez<5#BiNgj3gLMmuHieDYAXlOXM;NPx}D$}cJW1U{pn*{=#D
zYQ?;)k?z2|y`1LYYt>&3=$~n$&o}w6pFAsBViA-lIAHf`URJ7RR?fa>@lkxdp-|~b
z&#tw_7qZSluVS~oWCjU(pE&kJb&IOj-2*f=$)AeYzd5l+y{V5f0}cCyKW>S0JH58J
zBra~`^smmui;jAWEBC)`S2Qnw>dHOE8fmQq?mV&_P;(oh1hrkgLqXfRvn|<>Odmc7
z%JyU~B86WTdqYMBxgmm){wJ<gZu;ZF@^*XkMz_XHMOSib#iP`LUC8&&K2$HbXIV1U
zxral1GUQ!nB9eEo*u>E_wK`YFW&QIhD)`Aa>g)^3wrA{Ht8dBJJS&=gws?gn<g?#9
zfoTjnXRsqJ_JiXcqGwZRltfG*E4MGS1A@zw?F0}=^Wz(%k4RH6?2X^yCH$>0_xd4L
zU+Deigo#P>mxb>-id4rR_Fu$z%@@~o%gC)b>5H5}Q9sMIttyPLclfO=$&|i`Tnn)@
zvp7{I+O<}Yx_0z)MTko%q`n9BLLnA<Is0)MYxR?I%Znb--9+6KRD<h@1eMPG6>?u?
zSJw+dsIimv9v%exJ#H<zLM=V5K$#Xd=cjDiQ4wPJ!1$xTDs{MpfAK``y?)be7BaBv
zlHX2s`kdD-x%-z*zC}B=C405H?Yny|&CEk3d31GmedQrkrE9CQ`7lL(EX-BLqLKOO
zCoKYU4ip|{U|kGNzw|L)TNguz3(Bmb8+`VUELZrx@|A%!-y>xBt4ckc*QYNm#c})^
zAdln`Yng9iBb)5@-(@NGUX4^Ui|1+^6<&T&XZx^4wpZiGP6Ybqs`$Oct=<f-wb(PX
z?UuV6-?Nuz;yD;*P1?8DpR5GgTx2K3;Bgtol{$eef9AH+?2)dS<VE#yRQ~Xv9eRey
z%A{@j>8Zl-9e1}<l`1}IfbQsv&ve8(-p#gQX#T}I^x7eEA?2g{>+2O(Xa9p}9JKdM
z>z$ixhc@eIq^mUgTaAU^Nf6Mwi~?JZGe>n*OCJIweo-uIIrDn{<!PNmRa<vSu^GZ1
zOPZ`KF2#w-PYnz_)?cSq{TX3%kY_#2Xt}qpKp@9L_|T_L6C|@&kBZi|?34UoMItgH
z<^IJK4=mctFPP*>NnVUkQ|pLOJNHs(tt1N}hxco%{@E)4dvbgg?!Pbs2%~GlcH$3s
z>a5ppKFf{#>ib)W=lZqgljQ&L^=rJ*T?;Ynt!omh{`r^Lv_Y~pM+$Z1%9~D9L0+Bu
zL)m)6%Gsgbzv%f1)9slLbl$kV&UXfW`jwY88E3MiSS-Jh&9Pth5W8jv?K{gM&z%^5
zb3_-1O%fg|R~Q;?KBbHVd|ehPx^V)K>WLOc&Z<)fZ##!Uq2T%@kAS2lt9}lu?b3!>
z%byVf-eAE@wHdhYGx6lSw=CA`$XUy2&Y~{KmW*3=LNDzF#eFlqP8imVx0VfE4GZn4
zIs50NbfW(YZONG^ZqeE0?Jn8fq{&!IOBF+>8*?+3-7}pAd^<gD(;)h-G$yQbG(uoj
zN+P0T&gXonZriIhukRJ1;>$CUx1TOVR<H_mqM2<L=?3xa5=`UC#XH>shK}C1UAtGN
z1e!c_BXw&hH9+^?hitd2=F9>>w4h>{r{($#E+qq7`dqD$z{=h`Z#O%l6l!$|tV7l~
zwKuFaq<EuBd-Ag?oUc$?XajeUh%U|*A#!sdV9uX#xP`rwZ*gvFSW}m8NmFdBl&^eX
z4>;t&#$oRYqo-A!%kg$zIx5jAZbtnDHF*ajAUK;Vcw^2B`}W^nkp@xF{gE+7Yv6FR
z$$p<w#FU;1s@c2eJ$wF%lSbc6WYpfNQSW4%Zpq?xS)(R`GIW(U!Q;GLw}Z~?0I<`a
zI9ZQfo?VzEbp8+naPzx@tnKx!=t@pSPWR<YkLcT(9j`7#MWwEtU~ggkcI^$I4CZG`
zQli1H-zL6`-6ANvc02#Y8=xo_0rME}nT6)*oZn^0Gv}Bs9hGbEtazluvvwK~%<b^*
z^*B`^j7MB-*m&}#CSymsyu*$9`QEp-ZBb8;t+5$)0`EKP(tR-ruifu&WIX0lO1n;h
z$dY)~Wv7eDC;=f$5V7oMwr-}uy3KOXiP8bI&3OMP8XzKX>eIoxrjW;>q`A_zToX<V
z!0GI^!0OJ5KfDCa3IH;WBYdtAM2D|S)%2YP`cU%0Iu|mx-B7SL2w3WpE+#yncI5*5
z&2Ql9eEpK0mt1Rn@jZvG@@`2>e$XCs!2+DOxOu*kx<&tN22yeupu?GKTdWxNJLj)h
znhR4=-KxiH`oIH_Fz{z6|85}4yX96(gd)}4Uv@Ds(WjjZl-2my7Xfar=YZ=A`OMCT
zUm)NmPx)sL@Vh@7Q32vOmh-1KW@p-u^IdRaR3XTj?Emw@kBR)1>h3pOlTFG1O~F#`
zkb<?%&Qp0vgJt<zky*m(6yUUjx7&5qu(xtezs+m7@w4BsP;8Y4@V+_5A5{RjKjZ}n
z06cMz4aG3H_8mNp>}R9_kMop$4gf+fhRnj#(`o&GHcD3*4-A5`1U!C*$Ed0uR1Z#9
zFM!Qbi2sY<q28)LN>eN{-Oc|7T0N`OdKggoD#9C7J=*AhkS@^mH)(taSn%$K{z}`a
z*}ns~M>RnS^T5!H@5-JXm3op(6dgvwV{oD(vQVBW+@7Fk5mR{jW{@lj1jTIJV*@iy
zTRLNbRbr!b<F-&r%^P-%1R64y1IB|>r74w02kn&Gtz%$j;k(4>8)sJp2RiJUb6G^(
zxFo^SBe*2)7gp47oMWWxJ=hDl`ad2Wi%hq-xvdyCipDT;0(2b0o=`OA_OWQ$ZOu6`
z$pZHVH(@5G4|#?_#fz1(qqgWd=tVR`aB`CrCbfD`+_<9azP+EwcE$=UC~h2-r^GjI
zl8l!aw2(juyERy1VlaZN%eWCb8WbTqG3MyuH+pT%lan@J?Vg<nDP%+F)4SU-d!183
z6<X`<pk~WX<BSlyPhux58n`-Erzy<|*%z0=1FvIef8F!YE>Oy~_lA(}ni#5RWz!p9
z&=m(@5&Q}ETnHNNPaI?mF7S*f?JYDuB*vjfbnk)-%~05Q@g6X)_Wy5llnv(n+nfKt
z%TqQs?r4n87D;oE2{T3_F?w0z=!Yw4iWVYE;yv*lltg6M!jJ}{9&n5-_!=7y?#(4Y
zXN1`zWKRNL9zi=NWJ}b#3JoDj`c#A=x)4StR$w7i_#+dT@{FM<p2LJo1X^f8^1sZd
zA58y)jN-0IXcb;@hCi^5w@mR?8q9snqbRb7{pI0qPOBZ*ZRZyMYI8+N4#)l<<dBKL
zzG5k|!9x$OqaAe9Q@kB7NBBQNMBfLwii6xI>^(<Xy&)SK@3+|J1$pRgwP?BfaEPl-
z2W_^Xh*Fzx44>HYrcmk1J{*g4c0^CgyKFkbFuxUNGB%D#r?GxfLzp^*VU8Q`!fZh^
zA8GKJRvx>(xRJ_-Lj@9#)Jz=4v&8_cG2>46e(7dh=bJ|}Xb{OnbkN)s&i9}s8m`GU
zOGY@wabQqAhiDY^2Lk)r*nsSsjT2A&7>3CzjhjQ~UcO7ALysSuoHW<cGpUmHSkTPx
zkWoEdyGEYl$ffj5A*@|#;z5^jqFWjsa86j&TT17RdqU#SU|nxSW2pbIm}t^_y2kUq
zB=l@l%hl?lAWbrTe~}|1Gj>d)6p%gVu5&WHC5u*?t;3<&W@Q?B<V9kut!6xXWf+@Z
z)*tT!IkF}wTBRx}7!P063p8C%F`oxN3*tmi)G?rIzkHJoX%M}zB_SM_fX>SjpQ<NQ
zHg=qICDC*(je5N%^pFO@b)eY9J3=H`njPWt`jqGZjkmQ#6%$QFRo2!aUz--Bg*vX^
zb6aW~TK9A4)40%8q?4i#Z|0MoH6Fy<1saY%l&q|Kdd*TsvSX+UR>8mgspusn*o8k%
zHh7=EkbMje^zTb3nlK*Ld}JnQnys`|IvaGh*ZD#CEg$oZE}aX*f5A@{@db|ky?xKp
zswn&X82RnJb9z;wugVu0;=X|fYrA*(IXtUA_2iUYVFm95o(W0s>FVM?TT$^MApYQp
zdx9?1Br^zIdHp51J!jO_fKy}f2}%E9+OBxK4E_pJySBe|=mzJ;=G}Edy@mVyR_ptG
zZM*1xwW486X<N6UvQCbv;&3TYyKO<x%MM*N+9pNW0?+07x}L^#9kCy+a)-+-11#t3
z*;&aGH0gT|`>O(W-Tsu0zU#?@gdSa9DJ@iA@A-d<eyAHcL2Bg;mm#ueXxZCh3{0FH
zE5jw7cv~%B*PM?VBJzn((Elp6ZGNX<0MctD8Uvo00J96vg4;x%^%a%A;IH{Q_-XOh
zaAY9Bh$4GQzl!gQ<pE><=x6VwV#TNXWPHnyw1>OL3B`-fJ!K<(PXFuLMO#kqDwBUM
zyl|FF{rSMm0ul>y{%$9iuJISdBiBD#>xp@J&l6TVzMoZ;O>2zld$)Uxl$asoJCo&C
z@>~B`B2R94cxARA;_jolZ<@^Ap4|k=Bk1-?1-AO4s*E#d!nuk^Cj3KNtmfG)3=`SY
z?QxAwMZL!X*Tx{<3ez-tKmEK8RpB|&!=x6~ty-ONjgmtJwjJTa92`13QQ|2Hk1}tS
z9qAg*nWT)alm&!HZx-O)C&P-Wjt%~UBsQpJ2TfXBQ|l^jlX5p4@})e^SFQ&t*_49i
z_rka9ANds&80tBky41vat)164DkM3ST@i^b>!_+*4$ZHrU3zGkHaxog9?1ps@)#g=
z6t3qjlla(zBxV!+cSbS4Mnzyk9Mo$q7b(SI%Y5mEPekWgf9xbkI>o~ie8R(%9-Y~7
z(7zU>_|oHF?UkBl!H8!9DsN}{E$2Hd?RLJzpb=c3G2sB@-^q2WK?Rwo0NpMaVPwqS
z(^;BoK%H8DapWlM^prypj|aE(W$e+>e-J$%0E~+$L>ZLGmi>|yTZ$7oKI8I1AjV!{
z&dt54xMQtTB-5+I5}RT7+F-2BNWjDw-zL~OVx;<2k6n<|H<kahMe!;u$<li%p*ph_
zFuDyy$35x{&T38e5215yDd8c5`f;lHy|f+$vF3=8Kf6sr{!zUBO(ha>9DAkI;G=iA
zi=>5Wzfu&&=jKS#(WuZ`7MF%)^Tn7Z*7E4lw`rXW8)T`@Q?agsNXx7exvc)$h#*$P
zRAf?6giBchpSjG{Mts|hWzl~SwA@<S!FH46^tm@ehivPIDU7KCx$<0hrzB-ecv4$&
ztC6}g#8i;Ez*-(yH7z;2=&-Q}7G1YL-swIpQz^B48PfvxRfEYx>wJ<zNZrpBMUkQ6
zT>s8ypE>YfimQ`~75tzl&-?JXSj8>Wq%KK;FWPs*yTL;8<r=%BdTE~jl3~FSdbE=}
zX0c|VVo4`)GI|j5R$;zL`-I_xu0n;`UjdaHVue#JU;lMJfsj<TemtW~+tXZk@(-2$
zdv)l0p_^HvZ(&4hY5^b3CFXPD10Sn5tdA9gTt0@G0qtvLdq4C}FR*-19ZgAnGiq-e
zFYe~L`_tuucg@HMtV}!AX)0+Z_PqsKb|r8mHfVR0kk0bC2|`d36xW{XG@0HEc9gYy
zF^<QxGTTb1x}oOdYeR_0Yg!}c?XuC*ZNH(Ko-Yzw9jqgE-7&htg)rZ<%osi>C3?<t
z$zAeE!gmG>5wc$X)y8TqSGCX_L~+Bc)lz)1K~OVp^(mmmxDI%zd5G!rv_`FhqtN2J
z++wQ2^Seap)-8fM<mG9-JmG2fJ7w^AKKUEC+1=L**HPt#L%dA&pghJMQJkqY)E*_U
z9HO^prWKQVQdoBi==lBeId2={g^g(}08{jnhXL80s7CI)8N{6-!|c0Vx#e~{Q0h1t
zHF6brzVOI9EBtm>IY{-jPgyE&y!q|2v)==}Bgg4rnZtfZK$)ZmnrkE&>55u>Hq&PG
zj%5h@x79tclIYi;7$M}<%B9M0*FCE=1kjWVU?c6*(Z;o6Dga-W5#}*D^=HEiY;{<2
zt%`T;x0s(QMfdddK(h^ylcclKf>3a578f!KEK5_$i7KC+fpZMKUA1L(nmWD~Y$pou
z%Y&{Dg9JoKQd2vMk-8?Y(3j6Tk~WcH60GCI52(FBTOSA0oEE+3Pn|_*r-C)k-N8S*
zf6Rk;#m8ohzPt;g=rJISmpa1$tgrVRBx>_sj;#;Yk`+u)Z(IbR56^<|*Lv^(o46Y&
zfD<z9?xHAtwj@#p$GyO|r`kp`z}ts68oa>^B^WKSF=bF8@Wy7?;a=EoUKjyy>OVLI
z;%ojW3<XAW&Kz?a+ypH50?0D#e@ImWpZv+}kri!X9ff3iU%C#ijfXtGiGtUIlNGA_
zTTHKUuLI)8@_w{62RNAYOap$DcS?2ZbHi}MMnH10pY)2a*I~q0LV=d86kvZo)?V9x
z@lubNVM=xPZrs&*>FS$1dYd~x76Ju?|M28e8N{1jl=1|DU?x-m$6L5TJ`C%CN8ZfQ
z+vtmZt33to#0Ja)$__Ud4O0qQDbD-gp}d8}{&gD+FS$MU2QW*CgK8JhR@d^iL7$k<
z^%&eFcQB?}HB!egm91kD9F=JvA@C3!x>fxzE2pJ~u%2rmzQ~z?KLAfy50d)}yl*rp
zLbx8qn3k;vxRkpfK<|f+vSKvz8%y#mZ9_&9hp_$Nh1!UJU$s@$cQa&D)0Zb?;$~?6
zJix=l)}i@;@yT?HQ4I_teLSc5&Y`@UhW$O)z*5V_g20IJ2FxAflBG|XTC(TnF1iLf
z=={>sRyk>*#i~AA^2CII%@rV|K*+bf#El$pU&i6_%8N#}l-snEaqi#^B|e^K1x6;w
zim)|CtTJiMCfTb;#P5_Ss#2_7iwk<ym0pK_K32<q$Ry{8<jb=P6@^BK435U{IZ{aD
zJ1SU`S;DLatCCZNqEuLjiKXR)S*cT**L6RR!>-6{X+Y9$m0=xz_NgK~3r<rk@}fKF
zb?n9QTL^fX4oO5{toCp8DTKp3lNk8wU*rj8y2dkvgC#45_^Spkf1RD&u2(0u@B_h4
z^_j>5#IRnLts8Ue-nT&5TZ*6w`sQ2GD+<u|C269Z<So)la|F5&p+tdyKg7xQ+_V$h
znt-yUw9_q!ZhADQQ_*uAx02C$=o}6$xbCd{7#s*kVC?_@F0=M99+(F^g*^?KL}#ZU
zZDBm%4;UU!0V^M&JIp3E0gIw(ag->c`RTNGhy=RUQ!=uM!r9IXzXqlaB35@8LKP;5
zTb0@}`|rG0{PYFu9&sJxioPi4O*vYhQSdz22U7#ZU8|M$r2d@{;U~g#j`2;45=3^&
z`}+S7_2%(V?tk3yF!n5C-x>R4jVMbrmO-`#W2dZPkR>G28T%M}vW6JN7|SsjYn>=-
z60)0;J&8^WbCmRZzV7?=JWqdE#x>V<&Gb^A_vgJ4Bn6X`E;m-QDs^9jvDT}Lkwr!e
zC-_>lLuxDojpOiaX?jkKqB)lXOu8eDZCG2K7)4rR$!GfKU>QxyI`=M`U48&(S4T8p
zusEm`8$nlDD4GF6R)vg$=6G8)CpY6iY%1u&i%tSiDJb6f%G(dxCOc;frR$u8uK4;7
z_yc7pqrIx9@$Dgp7TM;_OcyZ$glHw^`i2ogEghd?8mEk?@O~w`>6YmXi{h+qGOAR@
z!>;gPgu)WYsoGH-9FpbLaCXHlj1u*r#@LwAW;c0V#*94FfRG{lN#<B7{%YnNF#t&(
zc>FtGVt}e&-MS%`2FinE2HxesJa+Ka@p;E+NOM}gXW%MwJvsfEdUdtbytLCSN+8mm
z73Ca(ul97zC20f~*O62hb>d0PnPJ)(^w&AGeXd!Oes$B;>&fNhH@}whgLoYA+sQby
zXR8gwq)Rug1YjFK?O7<WIG4@jq(X!aUSfcayizP^WW_Ow*SXlnMX%}%V4K(Vs^OS=
z;hM%3BB7;Y?=F(@g~~9^lCH#O!?<7`19si#;U*Jq9{oYGyI5*h=as1$VYBEFMpH3K
zj1Hv}$?&(MkiA0m%h2_p;R?(}xwuug${*iN-%o}4zkMCh(iR#m?#+V<Xr2Q7ZQZMb
zeQfuXgCB~Iguj(YbZ`2uvmjX`IXgSe?jbVXt={(B#U@gZcNxkiJuT$dVi1ShJZIms
zu=F(cic)xL+S$@i>5Eb|A_T3m-cRY=G4WXPaqn7Ju`M?$uBqthg~^bO1TXXM#T5gj
z_s@%d4vx<He(hP@0)NQdpja*{@O8W&-To<1)9*ugYa1Fpj&HIa=NwF1EdW&zO(G$M
zJ_5*?IqeA$h<IlG40`uT2-wTBj!qpCWG|-A?W;}ecttGzJ6$e$qiY_h<~5cL-Ok^g
zoh@iG?78<AKKI*gcK%<XZ~f2}_|jgxSfO8wIPVKfTX|5F<I66Rhhof$T>sp)KL**9
zndDZv&~>_>?_rwHZ4YT$2b1_$qZFAzFW&_>g?LSRwZB+&K$chcx7?$I>%U811|Fp4
z#B7XseWjOfJrow@(4S~Ikp$m7a@2i(vr&I`L$dQ(i=2{9{n(9}Jjoak!<X{u<HU?h
zV~f;G=#``&ZgU5x$NPObZ)<M)psl>eC>JywTw=RK;&+scpyT|RxmwyA{{>$r(GbF_
z<(B(hdn2J4EEThR?YX@hdr*c4o@Pz-Yb~V-myGwde&mqqra$ob<+{bL%d^^sG*M<k
zmi~bxDa{-=V6PdqbRSD-F?@S2H*sUWU8S0?E0G(zsdIORGOxd}XFM3<YJ?3gn347$
z!rdCOJ@2JS_gS^YP0fM8L&rT$k$-$Tbn7a;E*~B-+8WPaC&X%qbRVm4EJtcxVIcq&
zx&5ALr<`^4m9d8dHAlY_Mq;(pzy6J#q!m5dLm?yFQ9|{Kcj6v9?nMN14ksxoof-Ty
z$PW@^-mmSwdgDH{hNCm|S^5<w-PCs9n^^rT0Pj0VvnM|*1;$veR_UK&*7Y~yck}!|
zcKBWHcD`l(Qs7v^c;p=CohX;~i^)8`5HPfP?mXF^bk1uZ;n%H5Fk`$9WHV$Q-*XV&
zcea*ovzwDfB0UM0SgxiSN0Qs`Uze((%dY-6%X)tsWPAU5wDgZx2`NXlywWF+IwG<3
z%t^XSp}}=<a`_)^eoJS^lAOZ5Z%W;{@5lq!-rOcgV<BGxZ~K|FQ1FS3g_(TDDVFO^
zn-$%!y^kZbn4h`CG~arPKDIFp$j^VFG@)QUtXa}I$OdB<>?F|bD3z08%iK!hxGNX_
z2SN3Oh>Xy?{aGNtBJa)49t3KH<pry$es=$uEqznMkH%u`QIsVzNyCcZPYT-&T_<Ub
ztalFGKA(VKb-z8ovi*Ls+Y#VB$Px|BjuQ11VQ2b3;Ncdnz4&hB&Yb&#s^2YIn9%S8
zxlE8HBQhTF{R_i~U6wT0mjz3Ze4g3u2LU~<Eq6j^aoqZ40S%seerma|6DT7oSukpo
z>&L1$x*6&bvK$n`R@GpvKSRHRG93v2CEkqf=P!q>cQrY4kB&q68Y`pTEf1pak*F#{
zfD4fC4r2#K=JPbc3)5I<mEwdz_|bgEFO?A0z_x2<ufMyOc>dJeO4*D`DbBKsnKY~(
zd{jRWO!!zekNV!|ME>nu@wtrl$K?JQKnvyi1zovu;)Fd9x?xH&09X4-l<N9N#fC%&
z)Pc(S&>7wn-pcHc>89JxrSsg=GG%Q+Vn@wpO&?R@#hPBVWiVRsa{y|<MvTzg1lHbO
zd1mIf2423q;({3u%kq`%a1uSfDqF6?H*Y5@e0~VpI?EaZswK<+;x$JF?ic7e?2$(M
zQ+TvE1jNl#wd(3T+_Y!w@UgpRZx|P*C!r1eS%QtVXlhq_*<xQ`6__@nO-)WX%^KXf
zZE>G1c59eWUKaL&$ji<A;b^Kx)ZmU@pYq$pT2nLF>J=q-<@5C8P(n&5^%9WO^XCP;
zo*V<YhNkYXJ~hzC4G+P2U$GL{V#gT61DruhJlaHAvd0JAU(>L7C3c4(`P`9!ZVP&Z
zW$&p~ET5!}20-$4?FGdB#m+l9&9f}spv(!Sa4*DrlnWM8OM(S29Fcn^pIb{G7(eP<
zZ2i>)QdCgSH|2<8W3+RGHy*K<(f2=S2W!3TtMoI|(OMoA0q){yMSa9<(@B^764Txt
zwkEpp7w$+SHqwRf!>x?$^l|HwIk6%mT6`1G>J#5T{`Ek|=sjD~i&5ZsxY0Zv!%bVa
zkOxeL>7_qAW(MKHAnN5&muB!L;0Wf;z)BK8i%v^F4`r-`qJGj4K!O$UO(x)1=o}8M
zQIWo>drGH_WF}2K@Ct0DOD!|lA$l`{-tK^e^z<~4%@e8w;$1*2(Y-Z?Xmesfr$=TH
zJ4m|eIu*Usn5ctAVntfCLx(Oju%s#oyN*k{#JF>SNgrlyVL$@5=yHcw>h1I~nb#aY
zz|gGz4KsAL>k{gek6`DY7A#D?Y<U_d=}X>~>`ow%dWT(w?wS<|IU2TKXDkJT!;(N6
zxKMu|0SnS@*h>hC>NPKXD^B}@SlnyCN4|sY9MC?xiPlyC$jAZ&t(#_LHVc5tqBCsZ
z$23M15HnTCv;aN(R%W2zgji8w5)@DNeI=oTE=oyhwE=pf{(jjGNANNRoz{~;A82?1
z_AZAGxIb>_;x_=)u3Ub#3%tVqjldQA3S0!H3)K6gpo}xA=2xXTm0SL81xUG9wTAhW
zy%#I0pm>Yu1NfNUft7tVHvFLu+=X`fH1I6rnwwso-o-s>ZQvG8QYZ(x^O5ttz=A<P
z5CEXW@|6l2d_58_1UQ&%{s;gAEct-Xm4$PftRt#h?6;alLM_=~#$op)9=N&fDIJ2a
z&CJ`_DS!zwLIAhHeFqD)HF*kx#U<J(gBXXF`ruQrY5ezqpa|Pnd;1ErKRY$BZ6aAL
zRcfJ4)g}oRTEnk;O~1$)1LtF&9kQwXgmKMQO_m7z2C6&1?8w<1qQqXYF<{%2&s&xt
z39i$c_L+k;;~_yd)olU`h6h46&P-!cm8GLhaBd9Ea}eB|y(3<82(8INfR4jR7xS2z
z3X~hzSVyaq3ap%&XBoM!7|XniM#^Nr#dE19MYAARlMoW2xFkyss8d!dd$<Cojg@zr
z;kP<Y@2j%xKToGj;^5blIo4*GSUGY3Awf>KiEK4o|Nq<nGqNRD=dBYu&Fq4nERQl}
zEirO3F|jxFLdTaF4~(Jq%wU%18wF>4X~ksED4xua%ETCrBs?U+MpcON$}j;zrU-&N
zS|(qHag@arehZl_0{8!F8zd;}%=+m8Y%rDJ3+>r1xc1JdzRq^@ndde4oqZvv^rY%<
zX4kEsWAIHDawrq&a`<}J4Gh`?ZUWWZKc`IM_;yktEHqjPtB#f7fU=H3k9x=)HcY6f
z*G?=uFlDjBRYAP4&+3i}Zn!zd-t~46%;8LOunSvC?xw)`p->o0I)Rw1F@ffuS;uk0
zYaS9vJWsNo5f~oB>)=GzSrO;I$LynSi#?Eirw`wIr_)R9lVagz)#$f6lgRAD8;MnR
z8p$@0bsCnOQ%)ZEf`_<f$1{=<nr>b4LQVFJXNrl$5}Bd<Ou8&JyhKhhLwguSft;_L
z=+quWs-{Gm|1ge(2)%B<!iE;!#uFvBejyMA%LshUamZ^DzX!h^M-4<*LV~3FvO2!O
zAKA@?WfHD5C#fBM{btX`Y4&-D+3?K@g7NR6_r{S;C+_5;$iNKWIeRhgE%HuveI1M}
z{qv42LaJ~WBV=GbUb;%8B5ld|*wM(LeEUDNh0UxidFr8<tP1}povAzU^Rqjn%{&ch
z%os7qZN~z%y)D`^<b6VQ_qx{*%+u7dPzK}cmdb(9X1-Pz!-f!KDL(@uAC)o$YP}w_
z;{>M7RYk5{A#>6Bu<QE)TtR+C#zFh#-Nuyc?pxl~)d3IqhFFH*bvj;joAEmLB?`$T
zViqpJE=jB@v(cfXY>HRR&8mfjOIYW#2cvVl*SOFz=$6t|kxSe<4v(ML#;r+KpQ}Bi
z&>+dO$behl6S7&bi5(c-GQnoiW+czizCeWz%c6E2di^@LgJezKG#AWp)$39YX{A=N
zATBcMZYmowE4MqWK>qpzRV<(r<~82q?qPGEhXO^wCP$9-uimiz0Y)luOfGJpd&(xj
z#L)$e-!yiZe5#wyR2UR5k}m49+U}BF^`;iu|BiZeHqq{)_(-VrO2xbfJv7YJ+t9bV
zY`ZbmYLWJ3oJxFo|4oS2M)kn=eUWj^QpE@6|9P>{lG1i-c7bSUbCo5S!JIM`wzYCp
zs^yWPJ^w7kFP!yD10ySQmW%kyF#3n1w}O_yNgK&}l%ZOCx4YM;>-YGj(Qj_l!1jcD
zD>d1lCuXVslm*G;Nba)-S!bK|ecE^)Uk<tKB^1*jNk93=jR#$TQj0105JHoBtIUJ<
z+>faUna=1?Qsn2ebbVUc{Vg60^GZrWt*+D$895(9mKm8~^Q)AQzom2!!j4@bEaRvw
zuaJMF7G|LrvNfWo7s8kPQj?|{nnOB2w9CiNwsH!EfnmRLi80YNGyk^;DYwsPru)B}
zJoeT6+jXU%+xHGe-uf4^H|8GSn^bl6!^gAz1bcqky@`KFuZ#n9{G(qkakj!)7@CG|
zytTNSSSB8LLM*T1a9?PwGkU`UM<Guh%*DQ3O0TtslFR*Cq+aVXicAq6?6n#21n$NM
zWOpe$*?LC*nG#a9(_p$gAHBO{SS_B?3&C%U*<NejKfZLmn`0N0C{0uL#*?9Wn`g%q
zG-r51-am@tW|lC|(vP`tQvFi6?l0y9{#-y|oEsvKG^!|{bk7?tKv^PVxqv$VpG*D;
za8u43&m6v==IjLEvnlt7dK&Natmr;p;>e72L^f@H93S~-?4%5yFQ4ccr)Fo9*l@_x
zmb+mM1<u%OTGGn_c*WPok%pM3Wls}f$EuKh>^SYdo!#x^NB(w(BYfM<TkLwLEB#BJ
zmZEH`H@oV>K}O}&%6$*}_2#DQyeFkh68?nB>xb-3*HlWV_ib(Tdn<hd_qpXejSBc1
zRhq788@=+vzry7JMq~3t^bf7Wl+KP#izyr8=@{u`t)J*tq3X-fvt3zKxn!^|2C(D6
z{NEjNn=S1H6(@}p#xC2yMkShVY)18Lv)+ahEno%tS0~~ZI5DuH#%r;7jX=DDv;B{q
z88XQG+U`aA!&>xO{uPTSIjWcET!(T4X<JoFj0{{(&Axyfc-aZ<vQYkfA*5=1Kq2j8
zs#=I}?zz}=ay_)-CUOX?A0O1*q~Z(p^yFc@kM0Qm%{b@cx-}y4W6`ipMB2zYisClu
zy>9Gl*)&4{PwlCEntnCAJaV(EC01{%P4l2YM+k^~ZjA>OYp%fKnnw&Iek>XOgz$up
z_0FEo_cOkcd~r_2wL*F~_xTHBUpoFeow*Ypy0wl<JKC9oVL#W-ZJ%*9W89wnE{Za`
zFQhhn&)R|FSGB#U7jMHOJdM@#e8bAS`>S%e9>gBGj)y`nuXIe@0)bZimbGf<J-aS^
z*Mjo%qHaqxmMudnkOICsl0vnWe(mS;Wv7ttxt<mO%=rBeA}o8EJm2p5{l#_;s_tHP
zKwgl~;mEm;4cEyK)kZyWVu+r%TQ)(k$CZ*htX8Qi=zDxFc9iptdE4%A;>)D{FMfmM
z;nqlv6=hqiUS~TRYarBGzX8N9y11EkzKADhpFDlkCA!_vP%NlhcDAnOrEm@06x%|S
zU^^&hjSz(GcX~DtaCxsnD{ApBP6h^TxP?tYXiDD$Gx500KNse_lsQH8#EMaNFPAqp
zO&!}uFggaD;wr$AJ7v$`s`+*oAHkf&WytHO%C#F*PKvli`+W~wW@x-U$;qBur27tn
zQq^x=BJxnsOyo)=2VPTm+zI8sF9bJU1#aCul5>`O!=lJ+f!TCn3K#nkF$2aFakBxD
z!P4+p_&dsfb=BJ}Q<YQ}Rv2W085hFc<wdV@yXUg8vglJyur)NE@3ydY>puFD4hWY2
z6sS1>a(MdgvkR>5DADAn52Ky!culq|VY4C^6dD7Z3}m*IlO>?YCKK%pu27DkNk6s>
z)#cPv!B2zQDj*0TB3k7XZa&}qa#E!4a!_*O(~2&Tt2kh)=3HZ|Q-~Y2ZCpc847Aj*
zbwtmZrmMS;)he;U{xw20EG`yABnRX@nY;*I-AE9hZ3mcBg_u~mp*ujFKM;>WP%1j#
ze=`J0jvq6%m{MIcSjUEHhGv};l)AsGxdPH4yd*fCoZh~?_OCxim!BEszgB2;en`;h
zJxI}%Y#S7>buaTah!caPw?)Eli=D5EwvW*oNSS&x1yX4`5zx!2h~6^DBGql$PtV&2
zXeHS|L(yUE3Yhha8L^QtRsq+_^l}W)&R2~a%GZ@=Fn-^-PnZn6g;N1JMSD7OGhvce
zy%~&?>v3}KlR<$x?LZ5}%40s`f#`kX+WM$&2Yfmwdk7@s6`e<&7wmllQr<q+2TtFY
zT|0>0%Dh6%2hg)bFO5@tR87bTea;bM)z-fFGeR2h2>ZEmC}B5|V8tyEkq<XOc{SBE
z#kS_6K|Lz&H-H25&Wr1|ubk$i25|?Qpzc0y@C4wm3ite*#8+jjn-}LCbOnF}h~H`_
z8gS(EYQIU^fM?m4|0c}@oC#OTRzdL1{SW<e?v+WSz3T0>NN}}1eD!l?7srmL(aP$S
zWiiuSWt|3^Wc{zRwkBuvl74`RK1YfQNSF;@cn}fTmKm}Rr-2JVVMJUD+)(bPUrncp
z_~H@Z@3AD|?sQDm+aFdy(iB=O^*F?B?~9^xQH<6gB?deN&RTp#d^H(jYEl%#Et3lb
zTlddI1fv2~Z<+wD(T(`)<?3x_LviRd!3v7Tck?G~^K}HanE{mlhQ_q88@xpKfQ=OS
z7HLj3aK~B<nYzj3N$Utg<V30vBqZDv%E1~M0T3YHM6{O)+y<eA^re%}R;j;Md?Ms*
zsi|Wh!=^4(mn0~&o(^`b@&u3aMrBQYXEFjRbb*|F5p)0$vX!fGFkRWAS}g|Qn{09x
zSmi6jye5OX<Ya#(BpPoj#a44W;Q{PSj6^;c2x6Smmn{}UhzYQPJQX&K_1$TcL4#`R
z%T7#<(gNrV-e}IY;7j=hvM>z<*Cm((%#584nrDH8IP5Siz5a$mBw0+u5(FXmTs$j2
z)o}~MWGrw*JR4uF%Yv4i<+c>c2e2WPiGj#$FZlm&{+S+}(L}bLy~)NWQq6CN;Em=m
zfpi~L^OG5Ty`Vq&7$H@b3@gAdM0&udnw-kP#Bl|g2!kn(ax3F@e8w2o7^aL6DZ9KD
zU(pO~Fx-h1v=@?cTwOEvlZYvDl4)RL&K8@;$od*O?KB1N_gfgFKCORWKqkt`nSAYd
zQ3BC+eQch^CxGt?$#i15&&ME3d}1Gv$HcBphAWyeqqvjssmf39wczh^p^@Tz8UZM2
z8yCWv2(XP<r(=+u&*I>7ZcTU?mSn=ks%Kbm<{O6fzU=y$BN?PJ@I5DZVeAjSBL5%+
zhSgUPDtN^m!g6U0vTwM788`F{L6{-d4A<sNLs`?Dgn3n2cgYIwD?Im!>C7$o+6jzj
z+)T1S{^VSdK*T1#`P1L>C?9@hTqEzu1at9*8M6JmnTz@;i}lJbVWj6n#vxMpf|<Qr
z8-%em)vCMu_Jgxo8NvuBfvWTVCN*jK_6PsqRZV{)Qf$!GQchaQlqfb|3@Ss-3ZDOK
z>!zjlYrjuy1jUN?X7>DFL0ZoDAe5&m<L_BgweiJN!O_QUBGoL@JJpXN&`AiPIsDMf
zLBdR5)e(L-u9_;7$EbG}U;QqVt^2WXXrsRX`wi?c9>h;tj4G<Qru-pr%v`E5jvTz-
z@8D!k8H{~D-kU|%l$(W?Yo#EyrRyG8X-9@i%$}D~34}r%2Aj&C)v+X1!>2~Xa!EO@
zOggA#0=6rcUrPUpPRp3lxtf+zzpNcy#2ad^T+ig&Ndbq(gt&E^H?q};kh&GxtqW{L
zPtWahdemhhKBYq-4Bi@z#D77lpKvftAmC|)Nb<cKx(exiVf)<&vvI0(R7%qR;JLUH
zeZ}65^ve+`YcUl=)EP-4vKEjLxut8gQZBV^V4*!n6Dh>=*SLkmEJ%31Y>&^73bHWn
z%DeS8Rdudtfs3*`ikl@ok#k+k<&-+SxLc?GxkUu?((iJ;Tgc9eICAZ(eJ-26PscWw
zOmb1ch)wLb5k9}9zPW(r1>>$lBc!bfVdnxnq<vL;BRcq>e$6QLcLHvbM&rEqKE)OZ
z0WYpWDel1Mn?tYF&V_G-^i8QG8=aZ(Ac<pSxi~l3X&=PgTrC~{>36sL?t{7L5!$vj
zMD7GL|2SsE9|MV+LL+AC-i*YU`Z@gPHdjCkq2+#@TC%+v8S|1Rbob#O;~VoIg~R^7
z!J-|ZotEWZaV_WXAn64zsKvHWSnS5oF0i8>WNNXgIlWo9qw|?YN8un`(oR`kM_=P3
z=w`9qk_TB$fIm3!*~`lPef6&D=f~^&8SRN9ucBD~+pTLc*x1X;vsB!E?;H~eU;?xh
zVwoHY9^OBe`%hX{;*+Gnd@qm~$zFYoS}s4^klS~y|5q-Y1>5h~w(-wGJD0_)_5LU~
zY9uXiu~SJR_=(?jK?4n!u;>1ZRa4^0lYWvEy1aKnl5WFNQ#81_Bsgbab{$o&(`Xd8
zIKh0K_@>g!f}+aKn`i;@H5a6Bcn9phnwoR813ZG*e>`r*XPaZ9N0tKL?JX`n6`;oV
z{uMMqJ9NhE#Q+GhXcy1%U=9RQhWq@7SXVN6(l`h3!c;~}UW|dH$H=nLwfs%vojMTh
zv($ap^vqX|PrB5M4iPH%#nidsR(ewc&XDN;d&X@yV;SOV85j_gHE1-N{S0ZAZ*>})
zxm1u8>eUEZi^d6ldwtD{$jiOp;nHKR>mBEw$9U;H9O7vg<;>NY0%Pjx^X1J*9;SX!
zG8!&u^!lam5SiL^c)7zz{#@&7aeG`neXu=UagM<&kd#<wp&VO$8rV6+LyhvJZ=fOH
zTpYgHJR`}9?v)RLaQPaLV<PP0`qWV)Z21O+o3VEYtoEfw4)2nwDi^c#5{%y+wT|w#
zP~s>j?VG-lob-U0heNDXy?{@QTVu&o;9vNd*EO6PKZNWCTm6`a690pA@h`h&m8?y;
zxo(LXz013H+16y9;wPG5U(8f6x(n9p+p$o-$h+DC?l*>whL!l<BA*rciA)A$#G=x4
zo2`Hwc29&!YU%I7X1&FaJ+1wG?>kl8C$a<D?RH)-oY;ev{6ICsV>PRx+&iHc%=|6x
zstto}e?Z&8fV4e;6nd5UQ3t&5pcHrC5xMq~Xoo6m_bt!1ezqVfsWUcuTOA+!j=cUk
zV?QyXR=d1u9ML5Lc!2yf8Pd%4%3H;Y`wCU7MWmrzxBY-+gPnr_(v~OC^qk{rRMYhQ
zL4z#)JA~C+P<t(fvh7f@Cw%PdxZYv6_BXRziv=g(nl4Y@)SJI};bp&CU@zrWj|6M1
z>l|6AR&dg=^?KK*koR-BF|XIT<<k>|-W_JQw%GjEj`0)BZk6M+Vc0&kB4~=FJD(3>
zg(-APIyY93B0{xK=Bz#zuP8l`;%ILuUcx#B6UG>-C-hY~%DgqBf|1!k>%8o}3uM?`
z)%Q5sGD5R)0_V9nK=Qk=nDY5zhDC>u<@F8pcZJ>!qPpDMMhNL}zN^V9a-7!rawyZ*
zDGYpanRC01lo2YCfPbJY*~$DnP8kSWxaB<l!Dkjj@D0xuoVaPNI!fKuWnnfG4Meus
z0l06n1cUnAYBGqpIUD0-z@Rbh$iI&hAt02z$3}a}pfaiFtF7o>@KZ9Jrn<levKL$K
z5ZmcAY3(Tkzm6nDL4H*@3Jccnw>FalI$r>uzs#G(9%4lSs(V}zBh0RU-`Hi&6uti`
z#z~9jdj%$jhYx)3d!DSF61IADMu1<EqVdaLMNazaE#-zqB+k2yoj%HHe=bKcAw2uq
zsJR_ODMvf8F2S#UfF-K`k`#6q$bMe(Sk5u+8TPxA#U6#~F&f=0C&j+}4=w1#Ek)E?
z6+xJZFj_yGb`y`!c+TWyOyw~N`HM-XFlBuebyqN$8<KHEl6g5J2F$}jTX<Psx5-e}
z3`QfYstvvLqVRUA%~x(_vb~>PSYdwT&iU)wAbmcp&FAX0eSl5p%YvpOU}SjiAtGS9
zGe(2l4<>f^j?$tmN&z*{>3aY22FQwh6m*4=smIh!{9c(<1N>p6jkBGoWEZ0iE7(^r
z5aqvtdH>~Gkt;uCKkKdiP7@f)tXg6o5uI{kcO4HA=4HI94G^C(6WdQgF#Adl{3#=X
z*?gRmcVHi2H>Gv!VCO;L{+4dRt~5~pob-5yZ{~oc%P2i&L8EB~+@TAI31Ve5R^$N6
zBf}Qx7BU*>Zb14y;rV@^rpo$3mO@E^5Jy#YCZ1Cv71I?7h~QbU|7Z1PGSo4rR&-9@
zhA3qM7=RP%`G)|U%l|p%C1-(VgWJ#;_oAevC}d#u7TJe%PUge-FH-MlfAX-cEM}Nm
zkaR<ktrt+`j0lj!KYmW2#8KE)H{L=z`P5JVb^hVjsG{flcI8odql)PM*PMHnvzul6
z$-X+Ly|KR@@y?v~L_sX$^8nnBqA4kz%Ah(O{4yp$I~NxtskidJr^A3ScuV6Iz|fxA
zkkNqvBfKszh{D|Sp3{~Ff~#?sVKoICH%GNDPRUo`s(40|RA8+cAnE`&_CC6FwxL)X
zZXw9-rrYBm;yQk&{Qarq=vQBJ_%7fBT<?Qje-aiW`x(lj>Rsj!Bu>hI6j1Z762^1N
zHACOBmcaWsL<!+?1jD){#nrrQTsVCfpc?Nr&456-+yOQVmgmS^l-*j<F(=4<J_>0A
zAj$4goA0jXuO<wJk$rcWSTmR$1)iTEK6CZJJ_aI8M!cjhcTKa{$>)HQ-7-J1uXDij
zjpNKD6EgUGxNIo*e1Qc-=Ci+BBJcYSWo6AT@g8Ny+*<wJfQn+aLiGRm3D4f79?7;%
zP6%`j7>h}jzkj8yNk(|^?>@m8zK~x}hOMRXI;sRrvt2{LcwX$t%n88fkg~2n;rBg;
zm~J1*HZx5#<?Y}GSup03?Z(Ooe=|OuvA=>1@g}b~7D8lmn-YP;pEJSIku^RD)#PM|
z=f*0I6@#|lF=3U~HqJr`aIhjTJHmA`A3*&DtgDO5s|{F<Z{kL!wILW*L$pM-K9s0(
z8oc>`{{W{i6D$>KhJJ>I&sU(eXO+3Ms;!vl|KKI^VcaAZ9s{^_8>=?sBm%O;NJ>WF
zHZch91B}d+ViLmv@)m~GOi}<X2;IabT|~xSLK~GCizV1zCMFe*$h(%pzVKdq7bsIr
zEosae_tLBnsvjsWC0~)5Md4OBa)iD>kme??L!tSs;>ujRWxZ!I|FYdCJ>VcH(`W9p
zTwJgp<M2IclKGOR%rIte!7u=;PJ}tPN8VGe_B<qVh`1XC^CAsjqcv9>+yzt3$`@^v
z)t0w+7$z~OsKHO$Bx0{DJmPl{d5(Lf{HFrykJ>8kBX#Hr>;~5_jx1+IJpT!=z{|@D
z#-+LJ%n@fGcq04AS!2%<)*%dpMNpV;Em=V#`wHs`46D>}u1yxt+~|ZRF|CYB%GldV
zVjQ+Ix5N-B428Vf#@@wPWd@)rVTKs&$`lAaFupmbPlOasFvlst#L)K41$j&;wYPZT
zpKy-zR|SwKnnLz~c<!?_lR4r-yQMeB$*P<eGkkF7J_7gJLmkV7+bYM}7eS;*WCnE*
z$}by-P*<Oc)(q&DZGp%3Jk^_Ku7h~-deTSplUw29qBeqAJ>T1sDbEn;je4=|GGYuF
z1u=rvB4ZDU2(CP_o@e>*J<VQm`LcD0s`(3dTx`6b-l56R7kp5}k6}DWdSa#Gy8gmC
z$<WKxLxcsQtMCycCUOaT8D%y<d|qNn*h6G+MFvQOB3p6&2={roe?p#^J<B(K#<)s!
zI9PX8F$(C+KoTrMZeQZCx3M038u6E9Af>I;BPW|dDqp0~>J9?5hjL|iSIvX1nU^L_
z=`D2Y7y)Wnb@S|bk@mpNOT%4Z%9R%61F834I41`J0v@>-cS=Cj5P@?G!0O8FH2Xh@
zlZxjZ{jgPo;UeYphtV&CW?Nr9AivQG{iVOr$>K^dyz;Elw7pIawklGhtkK@GBFC2y
zeha1Q6-`^Nde=KJXI>dW8)d{Y+c;vxX*8z9wsAFU$#XBC;^3k_;mm^1p0#S~L6&$O
zFEi=PhH>K3Yj~jdC$JZDAsI>9h}q~77{fX1t`Mg^VpsaS<l<Jm#MLqL$Fbu6!tlP<
z)m>*AZFx{w+C{7_M?dU1R*PLxW+~9=L%7cvXXwdtgR{O*E8^|zYmFDWa=R1m?e!rE
z{#XpP0qA);QOBkMr&Up{be#83-@W$c(S7QE8l>H1sHHG#x@+%5jkcrNXf@m$nP>L_
zh*2zFL@Jp&J@kqjX$)DCh~S2gKbmtf@TwPX3|}%r(s9PH<=vizYnLK-m+7S+_<hE1
zEZn;kxihlNd0QMlvMXnIMrYnoB;m59LQ8*DOM8d|fC)&E@*R}hjrG2;<BKB_=7u&>
z*x+&?4*D+0>2FTJZgfhG3x}GOvHS)?|2*>#9f!z6L+3CzaL<0CjQ<yOu*hU%@M+ow
zJ2bjCWbs$<E1?+DXX;+&dB!GF#TF3h2@B5qqfuU2Y!RARg^XV`N(uzJC8JTHP**cQ
z%LYf6##VY<U%UUmd~UX$p$S?R!AhzjV+QK_c>!6%gUQ}}>h%G`^pnOdTCc>{-pPRB
zuk@6&4B3V|l_ip_6g__y*TQ`6bqSE83ItQ>!J`pB&Nc!|g56@vRzjM<jM&K1M&69V
zd)!f7Y4<VsA0z#-KK3wN1Iw;zsAEXotOSAdfw3aRTtA#K!x<e4i@f?yIuBt9Hr@rF
zeq1>n<AaWHW)W{+eHJEc?Xw0CzHv`W&|A?Tr9bpzpTB$xJ4R^2``%xMQZMSn<l+-+
zHwP`>RtoNwBya6&u4`p#LBU`Ra6vz1pPB4l@04&p4nf~^{8Xm@U|xeolfHyk43d31
z|HO|djdi1NF8>A%tV3G#qmpq5yS8fiM0RD>yS^V1$-N`a7F{xLjK6im!N&a>BC$PV
z(3(d9fQO3CgedtpH{f1aXAL3lVI=ZU<ZBxxYbcw3&M!-UzGp=>5x>ve^m-)(tlLFH
zIX(LLeq}YP2m`54kIW<9SfKg`tU$uOeYWm(Dp>b_q~>!%{qWynPTd2yydltYC!n=J
z<lUlt`_Od)un25b^$$wel#*w`!GW#Z*GO6r_j%P@lYub*?k7U0K|LUpKdF!(8SP&5
zW<;(l^Bltv9=C>dR`pY>m+R0IYwvQ3$&zS$!KP({f86^H@CU_HvJdXKc<$XYxV(=$
zB!cdQ!TsVV?6*#wpZIofb%KJRnEHw6qVdAqFSIc(zIQ^kB}#@96#Q+{O>2jq1=X)i
zjG_M4Y8FOz1`q8SzDWqx76AnFeuRYEC(j6u-v-%~nLf}H!J-nw*Lr+G&Rc$ktk6vD
z8^vw2QJWid3OB;6cZS>T{C^DUO}>;WLEYIneOeK~ESsJ>>P@#Old6$^W!cdIT?Qh$
z_t^yW$wS!^4C#@7E0Bi#*F_{sBc0N@;jGRI*%e5}f3J~;(W~(CuTBqlL0>DseRk(q
z>vl_N06uPq>^e5cH>imj1R<LFikZq_ye-M63Ucc{=f%ih?UY;^?5itHtj#eZxAkgW
z7<}e6WjB&2$u4>vo+;xcQ!E7&d|)>$ki^zqnQvUH%l-r(`!4k@sEYc-fsg%mLvX#k
zTSDH<aK`4)fB#p`3gJ@~DVD<ACYU-`U^F8{ow6HvcZJ-0o<5-o)0ohSI1c>OO$IQA
zkDXfR!oQ!R2Op#1iBEu6LyyhY)27wuT^O*S^;1P1`Bk~@Ca25LBqy5`OEbdC<xuAL
zXe<q&Al3jMtPMDWglf0U^>oQ>_cg(S&acq?7Bc4<y&5vxg>B}wDNrhv#8&S^6`U^Y
z)GU1b1DF74I59H75WaQGirImgKO*>@MZ=N`wcBNsV;{1UqJfjRtQT8N6Vv;th>uX8
zkQL<LF99~)-B>gBpTtk}u^S9ipmi6X9oMGXP|Urjvc}P5nr0~>XOe%lOHMq(3ix2T
z@z{W_O!X;kl--!OoD)mbz*rB*5I*8!Gtib8gcV)~vY-7j-Aql;ZE(|*rQ@p=Rsyma
zpczy3GN-Ik@KG1ftuWZ^p2pk*XFG=4YB1Uwm{*=wh@JbQ&1WGd`&sEG+({V3m;QCC
zeS&n`H(%`>dYy|1Q3`rna=O+3wRsmvj`mAJ-h-!lZ(Zpv#m2&P|B!%O2l`d)G&m=;
z1G58m+(IBrr!|7plDpPDBivmDSe#S7D~pZ2;4}eb!%|Whuvb*5dILohjtRyO2ItoV
z$6|t?`=n1~&g7V8Okt*K@Bmn=Yt|Mt^T-bsJ?gyPS#R$PVnS~|o}FUWOwfwmnDM{%
zx*{A80y#V1AUO52mQs@Zf$_mdyEjXP6_9w&z$74=_T(pEMSP5#1r+?$I-7tsU|+**
zXx>h#`!X5`j_f!$XH9gPD*HH`z)-!W{Qx|~+?UG54@d|BEC2%D>%W1;cgFmY(pg|x
zmYV}%oZPU`SH7Q>ppiP@DeG&gfCCs#KIKq&Pn`zikRR6ir#^&&^9*7|$*i+?gu&MS
zMxH;2W4cHzoo`=`{{xgs!SZ>hdMCMx@Al1s9qpeb3WeQ*aK!dyF;=FbS>2b{PH*lU
z+cvm4y0*CNt^|8J8N{%<-lw;zHsxQ>7_h<UW&!7TMZkVQWCJ=gLIovw|4iX3u|9MH
zP((ETJK(C;=b8ghv%dPo8lLRTb2XxHiMVNy^y$lX!Zb{TMKY6BhK#iscU1%7r4+XD
zZU=0%4JMo;3T=wN+^a(}zI~Hxfaxg>C9n?!N&N`Ykdr0o5*LtLovLZt6c-ZUXp(0Y
zOoQMo<7caLBy<%B09MN(FW8&=4lv}+tm5Q#rmRL$iYSw0m-3oCj@_c5uUkyA>qOWU
z20_>MC}UZk0UMr$PgABcWdh2n2q9$p16Z{vmp|i#R1kATTy=&i#wlr($j56<xsT(@
zXFupWs^%MFfRwSNQ2bd{UqRx7$c-dCHn|U;i*{*)lH>;AEjTM^HM|A?|AK;B#%cos
z2!4-g2&Gw&1vZRfM^=&er-E>vCM5kNCe2L(zd5N0+4ohMLEkx(NyAG}Xb;0}$;FNH
z#d8~P<FtO5a#W*xWwcSy(w(FW+ez{!N%kLC$wJW%qdeR=FJ^gmGn<rr)htGzFBsm(
zsTdYd^53yKK1ARkP^raC{ZxLn&eaUdw3Fl&yAZFOdT*4|_$OKQc|;vvC7vp+gC4%M
zorb(lw-Ipc>8@_J_r;e^xA6ryG#Y^<eRw-TmKk@GOnAG#!<v)ttgcHuOD0{7;*cmZ
z;liTPBKKd_;B)1itYAkZ!e+*xRrSOL<1iL=yxT!O36@}r|5;t1@rwy{$qH8T7>RLk
zt0JWsdVgI{o_ZFitit_g29d7*JNgNL=|+!tGTjF~h)<aFzH{T77E9{)@HO~tQnl%U
znKKh3S_{Uy(|A^3h=~#3#Dd&<!^@&^J}UWn!^GLM3=b7sEK}Rdb9C#tyr%hul)z}h
z(fyvh667=}<Og|T#R9+dsGOr87@0w&k#8{53wVrBDg;VRn-#3;?Ul_JZK>8S!8M5a
z{tv>f%mPndSWU5Qim(@kZR6E-Q~n1T{XNyJ&7b{f%GjJUA#6Ld8g^wnUbbT*^9#=B
zRXPMs!0+G}!f`d|YaguL`<2g13EjhTM3(TG3J9zl)TPz1&9Hu<n0ZDVGTcKnGsuq|
z*o%#@!mm5jH0CPCL^9Ynx3U>N6HpEEMTOK6xN@GG^2_|5ny0*g-%D>WPiIOOPPR%(
z%oWRN#st)6B^AC;R{1NGQRG~gnfdUdJfHXM^aHB+ag3Ixu*3b%3*VVnS-cm3r!}0%
zg%tcN^@j7eWk{bb($N+;4l)#0X@v5dUFlP?Npbcnbt@vHycbc_8Hq%BUu*ukKs(I^
z$yVsI&*aR$y%iCQ$O^MaG}!rbk7Qn&_3$$1$<@tZ**6a02cF}Rr<b^FXQ?r>VH=0y
z7U!Nkrp|Ce!o+sn6G2X9Fooo{yfR{+D^fN#`8!3_(PeH%vXf8ZeL+CXNO+&d5!>Uo
zH}`wP_Wm;%ZS8hwiXI92y;n#549Z{!##`gQI(nU-rr^Z>yZ`N1TWa~I^fxvP1#VSj
z_XUaEK39657sb(i!RA7g9?JB<z5y^A)gBT7Tcf$w`t4p3i%g3mYFSU6ti2RsUItJ^
zF@^Q{ZjB{goryi8oHw^G2dLdN2s^%QlvkHC=R5xk?D9?jOuyGj)A>ge=!@8u#Nu|w
zFHj{rPZ~=zNMaFStv^lOd-78A#A;~s^GL2mZQ!yVtAr<}N}^ap>B{iNKa=e`5MIp)
zN=UuPVd$|25*}}>kEPtvf5UTafdc2mM?_P>k+pfOe}^xLLDtHAzeiVGt9*XroMi2%
zWD{`GIWXtD-A3Q*ZgT%r@PQ{7FA%G`4iL@Ihw!EGi+O^T)&LwB59_9nAN_uBi#1r=
zd!%?HA;Qr)av|~gjjgtkSyO!A8U6b%iO&P7!z67zL2}Wv$zsrFy4M~OWw4(hOn81(
zU@r!k91^FOKCOLs+j|B)(=~&BrGqxAD`xATGuj66LtlF~rmZ~+7Nq@G9>KL8DRM0z
z+PN6jKc6r3@`|LF`nvk+u%>4=#&u=1f8mdLXxCD^4ExJ|y^fljvQ*4mTJ~T@d}Jxv
zT=gB*Zd@+z`271_rcH$zJCIl!#K6SDvXS;+@0o|xYZj%4uqT`CS=X2U3wSp<>ZYTg
zvK)H>={TXiGev*)7HVi!zM?^|D!b9({RMbmhyJ3*NuOkQSoM|=Ks#7ge9ER`k^g*r
zHN6^IW#UErq;iq)R|wkM0JIGNC%`^dax_TRYT<@n#KGkbP!^h_E0wvFTSFhfZv_Ni
z2xl6nK}1uQ8{H>1GD|u+_jelSKZQJUwj1n(^Z&N$opioRHSC|lw1W7Ra3&*KH(yw+
zdj&OXC~v=lp1&Z>1f)cW#J;M<OYRLz4_};1qy#G7WF5QdV&v&IPRl4*KqY9#IRmJX
z|9XV506Gr}DaD?+AMW!SLVtB(SJHYxg~HJI<(u4S5qv%s;00-4JCjG>NsP|Gs@=1-
zU)|pGRSW2_;#y-VHL=X4%+0<ds-2hL|G@!%<e|u<5Aox0XiLwEx?3oH<9`q-C-((|
zq48Tmev+)r4X%`&iQE;nGwzd!jjEY^El&S*vF6W}xo&%)(suM$QVO2p92K<%%50V1
zP8RqMqzN4oHi~BgK<S`Gfm6d+mI&Ayzq4uYnNqX*=$D(|Q<{j{$T&Rp6#Q6<SpB}P
z-yBjI`EGfn!-D%}7my<9?f<i3U}4gwQi9m%X)nCZB8pNt672D80*-?oXs411RpO_G
z+63{;Un&m3VeDc!(P}B*x=EGTiyRNF=$lmc0U9oF(KALGtGg7x+-<%{S*fSaPj2*l
z?DRiKBYk`YbW#cB;to_5-K|AeD*3NK_gtrO%8|J4|4~R4Pm8?1*FtTH+oD&%B*{V*
z-zw;DWJZu6WNBdeqJ*u)E%$8KktI&|>!T_SetN4OZ^cnDS)vB=LWU-7?b($ic*ZyI
zw(_)H?_hsg_c!8=hkV9YTbn?&`cUyC7dujfY;;@i#Kvx7VG%T_{25j<*)wbUz4q?d
zlHj1ht6<%ky^1W{tKBy;iy8t#?2iE=-QbfvzS*=HGx{j7Gg*oy&C8DZsP$gH+@bO(
z-AA;7>q@rQ8t4$N5~-Dj#<*WfOK@0Fc}aRk(7T}W_B2wg)@_l-#is(t@#_m+3Oez#
zf8LeP8EBaOdADUO_F!*r^^v#BPnE?_Zbr0OO9{s|JGR805yaQVMm<TlW2R*HIF-c;
zWu8#4oZZUY?3@&Qgw%)G$B#Ec1COKNtTD|>JZ46V&%xctpD!NwwTq8a{QLTJVXFtV
z)+r`F!zXq2F2747t53!);Wq3w8Tv=_M}jf>?Im69uYzaCeT{2~v2Md{u_9UijKT9Y
z^dBQ;GmT0&t^{A$Y$?n!r4$$v_3B#Si+lqU{5DtHBG2h7)<J3cVjs85yT|BjS&3&G
zvrqCPIn}?E7i+~{;bRu{(&Qe4b7bY0H&s>!e~X?GH9)I|e0Q-q)LP_bH`Hq&O4hf#
z6}pHTSp0NBwv=YvH2#E{f$jAq3EE<g<ym!X`S&5KS5N>U&<H^(*cAmYQE_DYI2|=B
z?wY?~D{6r3|6z+UaCnii3DjBXQFjGg!6)WD<y6or>~2FGGzb_IXk&}r4w^^J+pTDj
z)7xS{$gWj7nWp@>Fby!5#Md+~fA6)y_o%BK8y!>DpwJ-%#`LEW98K#UuDj$k=f9s`
z$XGEeIv&oe^y!EBlR!1n+A-*6qruohGI~MBZwE&?=q><hdebaXv|!L+Yv8jo3qfEd
zTer8XfojPEZJbO7MQhyaXB0aommz!_%Gl3JVMzjt(xB;=UXx=x=LNVK&5Su)or=zJ
zvn8=v1ON26HqOe{t5^VPIxTN8nLP$k|7?m$a~OcYPMH;8SOn2Wld<`Fvad2&NB=wl
zSm|~nfMj7=EBixS-fP4h8JhRviVk=o)5%t#Wq3sunSAQl=sN(*e`x(R%ighpRqIod
zp+n@{<Ga%hV-;UnPNSR_??iAa0_b$<uNdH3==@iV8#E=qoJCmx4>UK!;RVonyi|LU
z58PRrrK<L+v%DKVV@;YRMRG>LzFp!4wh}SUu1s)YZe5Vm6nBY60HLohWB@<Y%F+Q4
z9!0UEu@<Btar^&Rtpkk)ekLHc75M${D0V;)Z8fye@r)DTYu>+jid)(S9YNx0g+^1c
z{i(6y+o@tI6J8)O3!E*GDS$3@b#X5-A?Q^xJuQ%|%DLiB0+kf$f1Nf7PoB0Eo3cG5
z&DV$Io0kBUldfi%ItC!Bgo^nfP)|0jxYL`xMJ*C6E(F1;d+GNAgdICN@(%cNu)N%N
zXGL|pbHUs6;>B{UL(O2<?`}kJDFZ6IBFI(+RQOdeVKHtd2=`8u4enO64BObS4e-jC
z-)HK?H!Mp&Xe2S+0(!-b%`DQ;^BAUm&fyoLpx0QGi%k_ZjZT70zdM5SZW9M(UWsLk
ze!^h<?2U;G%<Fy!0y2gmWWN@Qg2Fy9A*5o+Y*0K33AI8D;+tXSZ_y&pzu?@9$qeNf
zV!aez&czJPb#{pH71Y#=slB@OH=489SQ%=<5Ow1ab=8Vh^3oKSDCFX7@BpLn16G0E
zq#sD^Cl_SXPV&=168E(@ve0_9ray-rnRr*gsXUbtk0utHu_B|{%&sXjGUux&A=s4R
zxMYlMv6;9TI})V_Z`;9Nn?q@krWyB=ZXl1UAxW>{=O=cOVeSYWW7kQ7%)Ow;*Y7hU
zq2+9YRa%F}uEnajjfPZ+Y*Ugmf{z0dfs-9&%!Wb!#v_p-ZpgM8S2HaERLW&}ewok*
zvOb6Ul=?2QXC?K30}(q^Zk?;c6R=Gv7{2}8ZuNGRf~GAR0>4lxh?GR5|8?z!NKPda
zbe$j`|A9I*yee)dso<p(s+j3L<R`rOs*e5D+3if`KXz~Nj%T+?ESk3v>N=n_xQ}Y1
z?8vv6FFzHDCZEaBCX!r)1bQKwgJT%<6&X?xzW$_+#D|QN6%;6Y%w^9gnT|P`g$(vI
z{8UyONtR7gyB$HgGJIE$Oo-MtHZ54kGx$N~SW@T@qoy$uIQ5&EISgw7Xn`ahWAFHD
zyut@g0zYL{tUWIhn5}c4@j{0I|AE4=_(IP~@Cud|R~IonBoZ@5Q;L+`V3N(+XnVZ+
zpGyTgk&(MKR!)QQ_6VfR>#t~T;v-?>=)t!nLW0>*5p$qE&kjyXXO4M)q&JKK6$CZG
z*HF||vftoyAYN&4@b2|(RspeocA;r2w6E6iWinT6^76OUhH6;c>uKX^x!z8*AU|6H
z9k=I+uxnFt12guK!>$7-Q*$Hyv*V-?Q%3LaT<o=`uzjmkF%ilUf}qJ59z7T29ieWz
zHN-;c-xX`C@1BR#d(QtNruZ?q<6ftCp5qY+SJ0mCV=t}MDJVW>o!x8z!{ds%_>7tO
z$QdYf$kbybl#g9KnvV!1LQ(s&)<0#M*RnP@f91RYQ9_~kZ}S-2`C+~YUoH{F$KjH#
zik4@z7mPd2R?=p#eEFPC+k|k(^wxu5qr$w$7a?s4`Wsz$O-sKzG;QUUhVfo~T)JMX
z|2cP2&oJ@^hsN{_NFyxXN&f|+LeG@K&n?^^UfbEdkjZ7ZqI~o3_PUi1kqk+)sqbw=
zv_7|p-!U>Pd~eU=B(@bplhFDyl^)157Z50H6Kfiu*{pjO`|g*%Pp6&yN(H~oh}W}p
zRikF1u$#xg!I9ASjbTUjZ*oe@$^e|fozH7%x2|hgf30H>3ZLn$QqgG`nhE!&ifE?9
zsCmY`^n1&Vq_=ZoiuwQo>CuC%t~10`f|p8fkr#FJ0N!Q?wh@)zLSdf3d@y_e+@+-N
zpsrUc+py}c#8lAuh2A$B<_qnKFL9g;I^YLGw7?~P&l_o{lBwE|CH_JoNW^M;$m8_`
zzzVp=zMl_QvXi)$^XSIrwyCf7k?J+O_Vm8J1lD0lAaSDkjmY8NF*H|W`7-TH<tg?t
z^e}q)mL1|&tOkTupXq-FDmu<EXN@i73D@)Z(Q=^ZOD(qxpI^7A4_`X3o5x29aRB6q
z+_C}giz)+XH~zP4uYdo}Q`hMSPmA6qs6OgWir|=N%so1m0P)fI?e@mG4<U;<w}u!X
zd<t3ikNN^<40&vC>voER{I!y@LXOXZLjsp{<*03a@9icm_o;g?E6Q?^f4vWEcinH_
zqlo+uvH?>JZO3l3EVLcqIiu%nu@<3*`8U5TK;5GpExeuwvB1k-EOw-wYO8{f5j+7>
zdJT<o)$}{D$$_{uHSEaMeNLdM2?8yT<v?h){2y<waesI9DUBk_dJDz8WeqGX%iP=E
zCfJR*WAs6R9XWVzMmnU}3<eoX@|Cgbu3eV6dghzmh|{0fHxhNL)_ll)!U75Q_$SNG
z(Uhh{lBj`0YfHY=o7bD~ZrP2yOU+6ob=Rsi$Y1W#Ee^Nqu(fM?6#V|v$WGI=&cne!
z3+gL-k3W&0RqO%xae?+-ESogbye1Fz-_bKs`P3(C{2JIJ%QaZ}majB6q3_n<TdB{t
z3Ju-<%zycf2x{J(RM))Rsq~g%kFoWByW99O>y1igrv)SXg4U>!-e`}as)9%R$L4Zp
zd9If0ea{Zq->k@B725&5TA~S|cpiJFm|Xh`x_HETq8U>2j6=`ja02sE#%&J4x^N+$
zu2Fy2uRH+(QItuwl-w3mlq8tu0k{}sylE(Z@6~5uD7LdX8?W~2WA2><zkxk!Q&etX
zQ1Z3McU4<@06Vgm`xZh-x(2itSwoX*M1~80G{c0R_>QQ3xY?fpO33sgZ%qc}p&528
z|1>)Ee9zSj<DOzuvpPMW$3uAt*V>R^c2urjC``0BWBU|?03Fs(I)Nw6`N=KH_^sfS
zBwGZaI!4qc3X8+aW*)m0SNycN)H%kywR1pxcZ)KjhT{n_x-6yQ{(pp2`CFpyL2IWk
zA!>PaeX+R5V?o`1M6DvyaPIHA@u;4~jpBhl+)s7@#NK=ZD2P?adpN}oFeNL%TcQIm
z|3i4!ayz9e!Ng80XcmaoJa1oE%KI*SN-U`ccG^6A9}XUCTRyZjBx*Z5YY3}NWHc2v
znanmt-!jk(C_LZQ@cNWk;<gA>Jmm4rA9tv?I8V_)D*r|7{YYONr)~caV(7Ftv^uaf
zPNfVoe4L&u%Ij*{+8@{B>2J1r6js=3#{E>cvFU@jk~dYt#>>n1sO*@@Z3y&zEc@^I
zTdHx;uXg-(^UZqa-{rAJGfK1)X5xFNy+^@3UHUQXi^s-`uL(|G;E+&rOakk<%96cD
zG(Kylit;KDot5<>He?U{Yp$pDo1a2=JhrJUzY@LI{vu<!SS=4CSdrIOdTgqC=KE(<
z%NU(!pFQ93Vt|3P&*cs{x;~(a`Oi3f;PH}y#?sY&Edll=qqpF9?}l>h_15~OO*1?P
z9UBKbHrcar0!J9{s~amANPCYj1xCIaTWVOly01{~aqx<Mz3t7lNjbG$EskgRk6;NV
zU&fa1y;NHA=X!6T@KuH$*vTre_sFN>*~9ezho!TQYkGgU_(p@o=#XxahAAO1Bm^a;
zksdvyOOaN(Q9z^w>D~xIP>}9MQjw4xR}dyrJ|Fx&{&8Qh{B8{H&dxdS(=8$SXk`$m
zI3%#(AS>Z>XzZ<9*K0L`W%RCfI3o#uOAh&|)AQ3<x1m3pC!#$gQ19$6XEG@`sV=xi
z`>2m@e{5b7_n6>T9Jo&qK3vzPMF+=4FEB8r_6s<i!HJv3xL0&uSnXZJ<uB|gm|My-
z_LyBxV{n-?xyg;-m#nK^08wifSP|;RBH{B>XZWIZ)M{y>m0&NpL2((Y7R2#5vhIle
z#(c;!Rr5d&m1aau>7vaZ6yfsAM7L?wYCep7q153lZ~%8Kyc#<%kW^wdhj6atbK)tH
z!jUJ<mrCyiw+`SoPj8m04mrfcmE?j1<3#yAZJpSR;g(hx8MObk{_M(9!!y2h&x%$*
zd#r?i5I^`<1fokYvoo-e;a+Sh2iDKJQ#c1*5^~YDg$eO7o-ByBD!?KN!)nuNIo%<R
zDmO8q6_zAGL~+rm>)=Vh29A%N%*l-st}Y(OKsF;_JAFSq)He_oLWI4v|4y*{-Mnfu
z3Gp5s;m_=9kS2nxi?TJOt?%HK$75D=!swP18`*!SsGc^Ic_8Uhl><Nh_=-q}TGRVU
zMSXgs@Y7fH^6ciALv3amrTcPm1B*V!etvq`Owa2Pk;K$;{XdG#a}#=6j*Lv@12JrF
zpruYFqJ)mGa!Ath6$e>BPnYt7tw?4YeDTzsJV6kLT81Xc3Em$=K6o!|T>-?<Cm}B&
zF6z8jkGBd3qwyZZNVBHQ>MRq!cxDJfSN$W)fM+WJ(Zt`bH!?d5$)xrMxhb}#Wi5Dq
z(@Jm6U=3z|+mlaidI+CLX>o$(RpfJ+?A740Sxj|w56EYcQL;PN=hRKtO9F&zoqyMd
zpMF4MC{f#k1&eiM7V%&@GgEmt)4Kp}HL&zqwA5CX+5wbJq*HI0&xXv?6@oSgjMZcm
zNE&Px$FZQlN^`s{B?>4qVNKSZD>*~~zXj4&-k*s8_jNM{a*fPK-vKEMDa#C4&6=*t
zZ4!BC4~#CF^|-=aVo28mkaEl52LcB>O}3m0{GC8h^zIy>12MStSUY#ymq7Y_-;1wG
z`E@r`Cz0P&QA$J&lthGCLHWG1NYzp$Ql}LtCDZ;uGNAP|q((qtop$Ld*HsUl50v4f
z%i`F;vDUYO&Ibv~8E$Xs5L*fdsth7t5(8==qw!_RHlG{K!0HC<w>X#{>~8jaBPm*9
z+6^ituP7C+n**Z`#{4JE0EiytP2l)7)jqu(G%(;2Fb8PbZY6fX*;1F&P&F0(c(qhB
znfRRzK-9GjpQQubD)5Jpfbz>v@cdz;848U2C<Szn1zV}1TlQuA2u6VmYCG5i>2wgA
zyUX;x8owX`ia&yo8So)-m5LH<O<W2})ML?CPn6bEkBE?ph@++yvB%q6>m)#Mvbze|
zliJanCKg-}5Fz1cLMnQ^7s=AFVR}Q+U{y^7jC;J0`WM2czbfU&Jv#kwub&e!jqHVu
zFc?AzU^k8Mg47!jMb3iZ`V0uZ<Q`~=P#Di@cn?JWgAoKSS4Qql7I*kt2>;q^1Pw@o
zMcfb!(-ZE8zKJ8_1)CEvuni{+@?%8GFyje=m!Nf$qK-&aWw0d3M37M18)c~K@X=wO
zlL8JFX-fs?XE9%chM0O41e^g8aKiZvCKK`&?=kR}P%nu?UMgGTRPR!x-uHq+Xs|P|
z?zzdTcmz8hF&(Utj@)zu&j>(a@Sy`>Ibvp9!)w62%j}UQHTQ;|K6hI89Rf9*Ys`kc
z>M<1JF>kxs<DS!zO=`~*Qtzk|GEL~wAv{&}37wy-*$wM*(!=W6=4O{((RF8Y-_#}J
zZ1z*j+k^|ou=TgYjGyHUl&@Ei3o2IZL=0)Wh23194iqwgsS8|xR6&o3EG#3bu88RD
zCQqg#yWEPK?2mW6HKE6EL3)GG$KV0)U8tA!Rt*_POA9CD8?Sn_Kfj<Ty{-@J(9gTv
zkVH6@zOZcun(A0ILrb4Sz+kpzC%P5)y~T*y_0b<AeeKwq9BKwu>K@2+hOMu1fBdqM
zDL>OsaNuQuWl^HK^!F)eg$oL84xisIeDx+QVk(;pz7sACDYm3Gr}E&VNBnBcrPknk
z5xpPxPJ{hEr~F3^QEruoB`{~B5p6?8>eOwMyN&T5lFO+PNxC=U#wmFE;tciUiRwS`
z-UrrI7##})*BrAGQ^dqHF8{XL|D!0X;7>sn`9ew|N|k2J)l0c3j2UlSDCYgz9id3e
zTBlojvr!V;?B#-j-3~_?B-O~6L3q}mvY^{BKFi}WdMH-q?xpJo4~qh$phWfEjoiw2
z8^rOc;$l(3k-`>K+P12`dp^7XyTXTJ`?w03I4MJw$h5F6wY<Ei<(XCeIkp<vbfa@c
zG7FsSa4f+~1TBhiZACW5rzvx<sb!BgN3nJM_H`-}beFS@B!Vs^!M>SjS1G9Qb6R)O
zrWY*Atdh4xPYVN^#tlM*2zy-0M-$X)+k{Y<33T-))DrQ(?oAxcPIkQ}3(NjZYn_Q(
z4%v*)>fu=kgp<nqdv7c7f134xj=Qd>)6{91ylvCtX$>>?Z}+s@3-+kqSq$>}FLst7
zSgK~1Z{aY=WhJcbW4cN<&v{vgWX~hmW{>0SyDx6H4);0d`}PXQOth=h=Z=Z4|0vR5
zq;d~pd9h!7g>!uylj&GcY+7af&aZ2M)r&Vmd%$Hz+a0vA-^<i_V~JzXqs=@Y*{2gs
zsWe|#WHj<L<DzaYMUn^pG;M6Ts*NNaq)^4$VV=n8h@J#VrG~t4JoL)}t#H!-iPOM8
zFLGV)6?x3(4)^lS`M!uBnDl&ltNk^>DzsRe`8>lzK(l9i9w(~I6%_@7X)^8dibEf0
z9u@rWg2A8anZigOTixS(Gcc9RScIJG7<^7*do8zSDycn4v5On(LRSckpoyJD9Ctgv
zM(ZYUk7SM?2T{j(E2y>Yfnz#I)?x4C4C+ekL>3#vr`U5p*(t*|t<y#-Wj@&MQF21A
z-)zSlZM?FQv>w6Ou>}T?ax8J}Nt_*?*V@C(W_JEdMsujpirPA%M@8p?7(|K(v%i?Q
z1;-G4Pk7_$m)8w|T6>xzDeuzg_Pzik$wt%edr6!>um9C^X@gJdBZ`^-2uQeN3@IH5
z&y`%dwhS-eCpmn;gozC9xE_OYJ4NTx@WPGCFKpsCw|SVg8oZ{aXdZ8dnTXa8{<KLU
zPln^cZ)az4S>MaCdNkJyB5_0DLrLI9l3ik*Ts=Y09l4hr2$9z+pMTm)<w^=gyT&;B
zPE{i3v&oEh45unp7G^gJKzoIKWQb#@q}E7r?0pzp#|vLjcxl1w=?G@i7H0>aj*_6j
zd3_7F%c93k`HRDFeOz8n+B)SIweF(!Od>s&a^OuXWNa@x6EsKe1$lm`tg;ePD4La6
z1w+&fR82e#aA~1k#(06nId9P#OyKLF2btMW$t$x4f04m4TiXbjIo`OAXlUa7){&Ut
zhJ?S6L?d9sjERK(Abk=KTH<l;K^85`mOgE!LpF>yV8E6GM7)4Z2nv~ZXD>gwa#z4i
z+k@K?v-QCAY3K|K6xszHmApPL7K77j5N+$6^ZMMzQ0&uY@v$?onEQpL-2qahO+y^<
zHZ%hL&;4=8Ab{fiHh(qt5~+|8!Pe#nP*gpA3PmaVeV>PbCJ}b3JE<caOS{UU$-3oS
zSbtvrcYDA6KX`}zF+y4Fd5xj!TD<RUfU#xPfLmVsSjZ)~A}F&ocnx>WyUTj7u4Qyt
z<kVc9xb8`SlVH|&|0j-kc;f4)22f^g7Ke*&8uXV4;0l3*pC_0ARuPa!Lyx0WRYV4R
zR@d^zyq;c<n*mn?9u-RT>&|eZZ1w%kK$*=3dCib}*7W5-68*jvEb0^u+^aTLpSj`s
zOFp2JSVud%i2^2v%r^sN-5>j>F5kb&)W(XLQ#j-~_G>ZS>J1_mek5h~)8ye#pP@y2
zT@=mrPD{I=H9>ic!sryMymXMWJ9FE>#^<Vf`hf`1=0(Z(eq6NOS|PxiR^>bD1P^x&
zRMa|#0Eyt(vvbf*=%6?y8+2!+;6bN}!Csw0o{mOzNE}WVV{mpSO1kXJO7813;lB`M
z%R&e9$EZ4R&4EnJ5Rdv=ArK=do_XqR=)NC#r~e9wj-!6M8}qdo-97I?3C4id_T+lq
zJ@iC<QK?;^phA*r3*id{cnkl@p1nJ4E}3p``e!*#{`CVy-71h=VmM}83;pDGdH5aD
z%(cUazNS%dD!+BI00Yl!jusR2MY<R=OJRg4ZuH(+u+s57-X;yjXMfG_x)=UG)OsZf
z12n%|?@7`V?&M})9q?|f!f<Z-9{eK8G3e>F!1B3&CpHu5Onlw}s>|gsq;_C?<VxJV
z#mR?9GK!zO<|d;<cQO843k3xGUlvqO_VTBBjpR8TsMZeq>v|3&I<1E82!?XJ_LMj_
z0RxbVLrSOEzEkU$VY$imNToUZ2jmYdN|Ae*%r$h#559e)oXowq=l;77g_r2}(>prP
z-QB#M`b>Xm4xb4IM`=?hhEB-W&f8x~abAc0cVp>{B$Vxq!PH};{e0W>lfAA0I|QB1
z=A8YdJP)GQ9;|;~9UJPl!H9hAoRe7Z{)gs@6#@G*@MK|l>rmi+XC=?wb-7;f-dt8%
zL|+{yF=3Fvng6}D!+lTE-f*h{9PJs!XB+KnrS>1meuQ$oOyP;s(Y##Fzj)%*3x49b
z?Tc6}SGydzDdW)NKe*rivwtC5xl?<Rq3j6QNp`9CGk>4+5N)m(GL>`Scsg;+L~Q6<
z<epT1UB6>cw0Wt|#Ru6S8qPnJ^KVwF9QJ$&lcWk-!OP^P(%kxr|B?OP*j&}d9{9i6
zYWGg9{TY4u9>yOJ2yut}y~82y&!izjILE+Bo&`;a<rLbQ-u_H0{-Zc}#mykk42)S|
zwRR`-ieLDTR##(X1s1CuuxN;Qd`V{S0InxW4fXJ+{n@i9VN<GkdA^n2M+DK(p4XOg
zQW;(5I0KU+*&v?@OP#8XI!$Qd;Py;DCU@t887}vBL7MyJR<v=*H+~Wz7ilabxn_ta
zPUBpV91ic-kCo_+yRX};Z45?9;m}M2D?3aB3*;U52!!pisj&x!-D7yeDxUiGND;Jc
zs+Z(q7!_RId%;JINQY9H4#2vaEEfi;0qsknoTMuElR-+s*kT%jZ%k9o{&D`hN#VHu
z4q5)Z`wjhzLk$fyB0bVo7lrr_(fVfcAt@AoWFQ8}!%+Ob^`^k%pZM`Gdgd{A{3N9t
zSB<59PU#qeK(JG|kn+nHRGCQQrRM>AOy$#u6`%~m_XXbRGf4VhsD7=A%XjOLo}jR|
zJ<mdcGJ0wQf;(A<)Wqz}26;Mh(|m04XlnA=mD-|mn@zZK)q+^QYyo*kA*|?p)wB7z
z4#rGulwywQ|6#?pOJaZu3n%Oh(Eyehd!g32?-k&{N*b)_l`i6QYbIxdl|qWp)HIyF
z0XEEinxKTGZ!v)3?f!F=-s<-w;C?}~4pI_P0(cU64j{z0La9*N;S551k2@%o%Je~q
zkBDkw8ayOoR)Qu_a+F<RWi8gaq6@q<{1SmQ@9Z^u2k6CMJ%<s<+0M@Qc|b2A^Z(ER
z8rugKF16VpVgt}zN}479kv03a1KQyXhRPRoq>dlb0(;O+J>qFOkkFL!?x3qwl|xSJ
zdL{N6q_44or?sx7*s$kSdKk0p#t6tkCj5FOQLPeQ0<5mCnI!=LYm<RlQ2}1?n!%5&
zjd(^7ny|H7dSAH1hH+rjTO$P5iL~p@yZ}i??+(oEivH=h-5=();5pAJSAT;M7FyxJ
zhje@@vF-oTi#>xtD(?8IIW^B_eb~w^X;f+j6NKV&k{Q6SbK*HNv{a6ML8>;5&%YY?
zT<gSBnIsWvz^I>1tlD#zulkJpEz9I-D~U?#$`gLk^fN&L)TDU^SVheCQDge;sm$_V
z`t?=;B&6i$1c4p?wa<cVS;oBs5r%>k6e?iUzA77!_qkpa-DORfWnUc0g5eB3xl{*2
z(RinTT4Dk}yCPvDQIE2W)eyh1V1e_+7TrUVH&M#hmG5&(y}ApXQPWKEfa<HaKD+-C
zU&@T&Qdo6{kZXN5GL3LaA1_5P!koO|U9&U<zg`*A_!nZ&cxifw@RuwQVx=Pzq!Nv}
z8&;9Bq)#VE85Z7yzY<Z%sLVyLPe6)5Ae8y=^vn=1fgB{Dj=LtvTTolAr=fNogc^-h
zUQ95!MJPua8bPO3ZQT0{2m$2wFGN+<OU01r!V}@Rtx5!My{5tj<F3UA6)BfsYP~d-
z=Z3wK-w~-+d#vje^G}fjmIRdF=u3<X4b>#O9~KD3sid5zac7p7R}`EM-!IDunxKDs
zO#Xrz(ot_nXa`47Erc!~-mU5{j3Lt&qK5>F_%Z}JjvJ|sFXK7uma0;JCA8W}WO=`p
zO0plsOP}+p$IvV^j$0nTc)-YzcDV;a7CvE~h^ITC%9X?Ul1;3l$YAl#;9IJ{5PtWV
zaM)Lpn;n2J&=ptk=gtw>-e6F*P~LKQ7-{08sf<t<OB5z6d)uq(z%&E8M4}H~GE%R`
z8o!O!i$Qm{ZFlM=jT3lRkjWS%RTQS3M2o{7syx$Yd__$^P|I27Jktu1y6rC*cfFd9
zP9E<uAq-|=sjp_0HIGkQCC6vs71cPIQC1iOAqmKT$Jw;+p{M$gQ|`Gr1@R8dm}+N+
z(2+CdDVP|%2L@!dW@FT|rYE-&A%9LQAHF@ZfN~{J+iRn!?VN2>EG*+2Z;TK^q|8$s
zs0*0ez8S(z>plIp-d0209lIj9aoxVkCAKBf<gsxQjzrpqH{Doi6bw~on9>PbILCX<
zw%IkL32=XY>a%ncqv9k*o0AB;jAKwL#BfpJz#H0bb|f~uQ`s?dRNh_}FSVVK@q*Qf
zZP6v!g@Cm6VW)jBwi=h|b9B&}b$_k{_dY=Ni<T#x2FI`-iNy03&{w0LVk=S16lS-b
zhL79ote7q=)3FgvboWh8%e~#-x^;1nCM0G06|)CLGh5BclJKi350IPYt}Su}FoNBv
zuLuQg6*E=P6N;_km>_YNqo}YJHJQ<7^IX_hELhit6=0)ARU-&!?=bkGYOagKbW!`<
zc~bVF=KWrZx@lz5^o<g^wfYpu%HfWYUl&T8`0?k#GZPDcavQ;6Fm1S$ROBQa%xf0u
zT<TcL0&u^Fd_#>fMZybcd0XsJL29RCqXJtKPV%}_Gb5x++ZZI;9-p~&*$_M`s~Bzm
z0{CFH{+xzy%2D15*R2-C`67uNn<^R84dOq3!|<>MG4G45U~1A7n9j6fk4bFoQZOi=
z_>YR?34YxJuI;mav-gi|u~LL#N4ctmZ;ZX3`d_?-c6f_f6TTUk^a2tu?}sqLTQwWg
zzjLL+){@o7F#N=mD)&d$w<p`Lv-e35mJ?qvi1BZN&d^-?OH#O;u$BI#SFO&MdXWWu
zJOE^3Os{2!Z!h9x*IASG<c$6o|EsmpEslnOoAg>e+6y8tkU}Pk)(^dDW~Z|1s}p7N
zaeXm*=)2aly?Fja=JX)s8e@9ZDo7U!4{xYDycuZe+3K28e8|r<KN}?H_f#DB#GX=B
z@vi2kTGEJ)=vhdgSXFfY(W|_nWSuW-D@4#Acq8lI0E7UUq11EKtOkGt!Jq6NkSjCk
z34hhr5nT-FYQRa4Wsf=R>^ASAqq`~N{85zvjW+lkk<p_wH1h>Dx5%oIX@Ie`Y`Tao
zU<IyYTV`bq`<QU@)cpwXb7OQ<Nag5D-Y=;&QQpgG=^1!`by-i`9|zt5Wbrhh6R-~n
zkqoVuI_!K^91~v&Uj(1^n`kM#?G2M~1sTg@x1fhq0WSH3@?yq)=ziuM+WN#$mp4x%
z??CRmf-~<jNt2;nX5M1grkU~|?CiMAgf_&<YRff7H}03s#%+h;-ih}@^F&LszTlR7
zy-?Z)S}Is{0B5>a#eLh%rvA8FRbVI39bv;Cw_~GF{sbnpJy)NP9inyzWqh!x?GL%t
zO7Hikn|*GL6Y(4fJf%i{9`vsH$m*!oG)4+pQ~9ty5YvJkPEcu325aVkGPZu1GUl0^
z1vK7bj)jTnO>lv?bK;Oj_IUH2)ph>|nN(wm#vnPEgOlVcgMWztsDzfkkjIO=F0^vq
zS3=2W2+2)y$;|*Rla98`Zk_=u&u7S{foRjH+~Pk*DQx~pT>1<Oe0itI+Yy@4I0~YG
z7#iaLsm40zZZdkXGt$3@Tid4Uncc8E@E$^OGndy?nr|XAf*`jn(Se`Q00tHW88}s~
zyZt}gY7r&X__)XYpZ^pk&IRgC#3Ca(NxJ7iKmzSH<{Z9L4E;pYc=OfjM#dBa^zy+|
zpw~7U*3-Dd!J#ln%@657Zr;2dnGqywuj%yuvGIma8!LLQAMX)BgiQ>I#6$Z-E0#cl
zQPv5Q!nX3@Tc;VoPLGLXtDb~`%;3se3w8u?ObF73ont<WDW=F{qLs#ZvBV)UH`AU{
zkU~sK3d;L-leq8x{pt0QgBB;OH?ufQaL6E?v3E1GN#SEE$37k4P#>U!Yb-n93-rL=
zayk>P2#LP)YCqp4f6p@7<JhDg_xf@eJikyAv^A~3!5<SYu2=iO2Rjqa9=$r(OtH89
zvy7!Y9C%se`7O@{eD?C^+{JmNx+|9z2OUm+#bRYf!>zV)dY3Z4#qo;`T7#eeg?w?3
z;9wYAt@>dNA{x~LVO+&iAC$0T7yep0+;F;`+=V<y$nD!$u88)ry3pPDoC638F)47V
zOfPS7K2?hdQ0xSHi&saK;Bx?KuSO|xh+1Rnx6bB*^@YtK#M3uQXBVe?;kZ(V67b6d
z0B%za-Z&FoLiySSs?~n>w`SBj_kZg)aP&Ir`f0RUa|ahI#eY<p@jZ*4*S*k$L6F}0
zUQV&PtA`#XFM~>#tkI!6;Sm2Y?fdzjXF{QLRFik;&*H%Y5|HU@Q1~3&bH;V9&+TPf
z7+|(awW?f@Ot6pX0rzUS5(Rx<`I~XCTM2j&KavT~q8IEh`QmYPjHJJ*8V1fy?SdRD
zev3t${e?`glG^k(nCx>nC>@*Keut;qDWCp%)H(*s8~%teWc4B=^jKz*x|>jO^&)HF
z{DJK@Ie8r#(;xg&DGqKE>U$Q8GgFF{IW_CK|H<?0-sQWT1f{s(uDxE}Rdh)2VY4)N
zXij3?t5Y#6wLVy`b4}P(?OyI!L*M1QnNr?=XZFyh!xdeB>!SNED>-eTuT}>~U7l&>
z_xwf>o``^(stct(?{NDl6rhV9IJeT-<S@=YG-(aa>O8knp+RI8nVAir3Fr4@L7u9n
z7We|^&;C-_ZjbXXgxY>TI78~(+S&2Iqy=X>bdbPGa)&-=3_ZHJ#`F=9YL`13Xf|~4
zI#_t+rwKYZgK8~yF#LsvNy{^Ghm)^MZv^%Wgnrwdn1WZ$`VU?e3jzC$gM-MES;>{<
zBNL30L*&V?Tf-AIjmvMo+g!@?%dW1J0(t9E#nDH76kE|gc_INWkr1y!?{rHnJo4nc
z9>%2KQYqW=EveT!N%;HG7H$3IJoxB|;|-$B$FF8PL_W`|J7q<Nr@#cmfnEBAlZ6a_
z&o>GxKG}2FOAO~8#5wKB?gw%6G&EI#54!pq6D~5`NA9F!7`rUS8v7Z!)#$-5m9bL8
zKnHXm_@r7JSRdH{xHI_R!*tYYQS`?jGpm6+ZuxHR3b%Fo7HrP!G`$3lNy~BbXY$Ww
zYsL6{&)hiNP4g0a;Bu1wRFc=ivV)s+Cb$;NX&;`<4LLV6pj{>?zp8$CYQAMf>Es+<
zbI(w&B*<Y~LqJsylQ$n3faaIVnDyBHv86Gv;Ff%LA5`PGUuLK<$vb*Arg|xU)g=;+
zPr#{Oz<JW5Bs~M2r?QKb+){5f^8%`Z&2NA*Bm5T4%PeEklyOyc)BD5St26IwDD#MC
z`%l3@X9DTPIJgLfw!Z0}=(ldIox)Pv*G`cG^pwQacgg)_c{SmrNX_|lHGxykfiBH{
z^Wj3Yr-(*9h&AFB7A7U4WNiujgn%0+U3|9^D8wf}!8Z<JfDG{(2~W-jTDX1&=(@R3
zLr(yUK*By}m$eS`YCMqyxMn-$LU<J`81w^3Xv|`Yf25Y53565(ThH-TY*D7}`IS_X
zq9SAgIKKQVS{%Vuk4=*vorq$#>G=zZ0ZG!$NW+2hR`^W;$}5cX7_;{ymb>6PJO$xR
zHDEwOms#$qx*7-R`UIAU*7=Vpr6un8%LW_5(_g$OC^8>=JSJ`FgjN&+y)hUuFUo9)
zJX@DN2B=p`+14yT;hWqBGn(-O1ppE^8mPg0gL`n)^uZrb{c^q4dopa)e(5p$z@*Fx
zHfO^FH^D3n^yGZ;y&jg?AlJ#eqNR4=JojSoP$_4n0k7`+wo+wTYcxLPBj(UF@X&2*
zAJZ~w)swFtf}1xTae*=z4pA92OaLOps@*7<xOtXWcE7Xt$>%H(#?$~*Yts)8VY5My
zVj)1^BbuxbMfWwKd<`Me=G1;91jheOD3d6>Z3R6w&Z(1mdP!&_e@$Vx%+MWv7U@J#
zA(LsbrMjy(&5761W2>ed&!9l<$Gm&2QcU#p<VIYWQ7u_mNg`C4iPe-}uv>eIKy)fp
zJnp#)?MexWs;-(L@~n)2n!6$<q#$gv@GZ^hxgOs*e1cvCK-!5f3~5zKcMES2pt(Bf
znu-a0fkC%Ym`tS#!QMsyOOF><z!1=iA2JxdB^h?a1;tj63zFeyY#0*T{s_~a?$n%&
zp$z-?k5rWnI!!;$2HlK+AfD4xGpDKx#)bP*r>d*M4Dr~YczVoudN3Fp!G@|q9Cs^_
zE`)j-O43I7R%I`q6g&+>s?v}N26B^=*cux7BgeV9(mM*Duj2!58yBanz+`-sk_lbp
zV(hW*<j@Se>vHs2a$1!%ugu%Rm=fMUH>n>a$LwUsK?q+6mx&XP!kF&(kQMN{K9I!!
zx@1JBc0vdFtVXD(x5*)mka8)!rnd?`DNtzjGa^nhQbw8xLNun<%iex_@d_a!46|N8
zJ=bSYwIs;j(6>%242P>q&@PBt2pJKuT*g5hS0chM7c3_j#w{z#s7lDcr8zTGvQY<)
zU+2C-bU`2P&;R%xXLGzzJY+0J6<^*=A3-5`mkiSKtR~jbs5AYiA$|k1P?7SxF;~v<
z1<pE^q?kCCae5;1{y1l8`kgAeD9UqYRXs04J-gwlhwm8J_RU*wmer9X3S){IPw16n
zSq)V(dFkw~#m`6^Khqq_;TD9DuIuTM)JhvU(U>|Hl9LFp2@w|-)(vFIt~n6J?AsCO
zaSL|Kzp+k>Xc8MB>Xjr}*+4K|Cey1&iKJ7NBt0`!2TObD*-ZCesS7J}-?-2R%m=e<
zCG)o?tje@U=MyY_<gW`Ag(&<D@4z-1v{{%U<NF>7!WSrnkZEP@HP?@4s6T$&@aa_c
z>cE2pyOtC?+p$_KS43L7$z!s6()b&b7B$j)_p@(D5${5i+6*VE{QCl~dH#rM5GU|I
zXm8Z>?Ry+fKDShe3dD9YO(r`KMNuWyLv9oWVk1~Tm{Hd^b&e6a5)vIO1`&%Gl*EAT
zc%mQr{HBjaoYZkR7YSSYNuUowCoD^nALI}zRUWlZz}q}sNgO#RoWLM5#NyD8#(cZE
ziFBV$V?tZ|RPOQj<jHZ=hzO`>U09|p?4UE}zj)Xw7{aIPA7<@FO<*~hrMD}x!CGT|
z6wt%Pl{N3N3^Gjbye70I7TLlV))~nysv2wFKejV%Fh*ls_digiCvif1`LrdzP(99&
zC2tHbx`A?kf95$g{w(7$&&RK`1PR%Mp$;OxZ$P1Ih-Zs6oDqa#-<U`&dMw)i<N_rq
zY>)+70LF8JI}tc%+uMKw=OzJ38F^^g_OkI~>wg%mq-+a*gYn1!@=-eSV;_bu0b>OS
z4e#Et=jJ=B^L{Fe;>z&gUq1p8FCDoA-KWs!=|p1Qt<|ct4<}et!&W=CuB<>R<8SCe
zQ-wJ)Ae64EUi~(6(R@0iXa$)w{$Wxo?mKrkpTK9f=WxOn(R7h&z!&uTQi_`2%u~VR
z3%{7RJG?^DE#NHYDSz)}3tMTA-ckUfQDBeju>JMRwp;<?O5|Lsdr_xPTdv#}0HLr)
zF`NH4Vt44b_PJf&s$=6h*@KDJt6XL;umkTLKrjxvJO8?6K-it#3qY|9So|kob%(wE
zlS4Y*Of);4SzE5m&wzQH4hh!*{WOrNOKX62Q7=m65!G7d@4ExIcZUSD@nlIi<-UMu
zWQLB_-O*eSAk88ti3gS-J5Z1PWMoS>s(t+zaApQvoriU1ZP{14P#N+>c=w;IR_Hl!
zb7sAtn^{!yrJ<jQp3L9X%b&ex=ysW5o7~8HyXCEmqFCa#;gB7F;QM+k(8zy4{(gAq
zQB<NhbRAF9Y|_iGZvo?!bcd91X0}xhiFLb%FETi!kOUxi8jd2MXVO!TMHGa%y3Wnv
zB55GeX@mX(41Xa_kPf#eKthh=QvS&QL|+L*EnhcZpVcd*-6F)Y-HLQxu0f$i7C(j4
z0%S!)o1<VHozgp>78y!wYI4&nl06cBsHQ%M$hN&`F7aB;O)pcZOHFB%HqoMLrrNx%
z(<_A&zNwd+RDMy16-aa)O)HMa@e3V+y%fq$E;P09;EvS|9F@oUdw!q>Gn*-)6q%&g
zEMK>oDSo3qTJ5ThYtO1rXm8>UAFa9a3k7Ua<)roBgU*<!(?Zl2W=aQFV_7e!Jv+p$
z@9rqetoq1?xn2psY9QUl>;rDyjmq&gxzbp;?>}^D8f9g_3Om%19vc9`2Pks*>C$?x
zSJf{kCuaVg-P`ebLEyb2(T2Op&7S@}<jZg1Vl$Cw{B_RdkFL8wzU9rzGD=SF0$uuk
z-;FHH`r$6P$1xv!11{-Dv%+3OHfxS_KEI4j<bgVi;L8`=xjN*${jL-Q@vt1oGR9{F
z;cK=57M_*d+6U}cowV`6Q7vDevBlFDMcGU1JuBbyn`PF`+l@B`z)dK*0V1S=*_DPJ
zTcj~1{q+c-I3#i1>4}8l*RB+CFlKc=*cg0%?o^Z!GM=wT<jU|t3b!=Y_$2A8HPC~3
zNl(sHj?EK{O9kZDkV;M|lmrKt@s?>nkGvI!!|`VVu0&sbCVC|CKu)>hi=#(k;+R9q
z&_v*yN?FV^H}?>kbxN5F>9~L2h1&G7qF!h^W$U9_t*;BrIq;7z1Aa&^M;~5ylz^Ge
zHZJ`y#9CINywhrP(f(3Nau`mqY&N2}5W4$3QfAvPs1!I~Kk(l_t(q44t+*&~FfY+h
zTFxb3b&!9$R5q+71Ekv6g`;Rt_^toxw=m+}!T^wK?7ahnP7?-|E-D=d=41um0X~*n
z-+|5_a%%;H7Tk1*bbz9A@(yjQuky(-;y<Rm9lTnfBJ0yG_B@*0fllHz32#V>pGnJ1
z?S)IFav52GPDLnl3~$(|pzHSB&ZpB^+az(<(;G`Wp}V&d!mv>JT*FIo@xIPttL>Oj
z7OLVb$pEX0P_`xwUIYW_)fGCI=E9y$@8@cLVh$He`KdW#uXOw-c)D1o)YUGzFCo6U
zY)4vWC_Z_uYf{NiUX<gsjWvzWYCT5jdh}FGcBam5Tqs9;JwAqk{l;9X<hipyQ(e8z
zn(U=GjRsY~$>;WAU=ZrKq4fSjh;+8153=knb4vZ3{zA-2pGAx3_J$tYNc2mz0`&jt
zPwX?4)5Y|DStx_61T8GLS9i_-fO4uxvVBJB`1w;Jc$JZSVdzdhSBy`meAcLSJk#sm
zz{;gY$#W}dTPd>N%zq)XOxT`|?-lLcLkBYBu{xVG=_hYr6=zj0TO6Jn&A;Eu?WJ0+
z=S7U?2Hso(8Zt_4Q3qY?@0EXH3Wqq@%(k|VR&jKHPp+lDtQbWB?X+WVdQDtsJHg?k
zfPiGeYBx3K6D@nV{z~p>)y7HQ5><&bm(}h}<Vg+$wld^p(&~#;>JH~so&hJ0iFMz8
z7fmmAiVo08a5|}ntgd!{#=H*PeSL1gKFMaacLXl`VFlmW9sGRrtm8%3;rZ(SZlQ-Y
zUi!6MsdwO7o^_lojW>Ix<QM;^;-U1ZZZBN!AA*<W(%5RhSn&eThEFv*&z)TU>)Y9=
z67Ub1u5viR=qVVA^jK{!Bs~ccjA`s(T&eXv(;rjng|URqy>OB|aR6t4?O+b$J3@`i
z@heGYA<_{XTUC|IViB_YA<~&dlN(n10c$OrCri&An0BOr7>?P<U(*n=(D((msycaI
zpFb%lY^-MZAp0!|xV2_bomK4FyC0creRn=_WH{-<Ylg=XdaXLvj(wl+kNnh~7(T-r
zGcffFl6uC{Yt<+EgQ91@)?cxUcwYX8dXrAye4p^eYkY$Po#Dd+0M&mJHgd<c)=7Tl
z$Y*E)7lC*c^zV;=v)ms6B-Yp)*FrO#3phLNEnL}bt)-4~68TM>+Vs;qopbd4@9FIK
ztOWh>6+Y*tSIV9R`aCMN2f-a1ow}M*W5xcev<F++@1xxUsKYMO4M5HFQ5ctWFXcFX
z(>LjvUY+qkhE`We|L@u32I@NVP7b~{*zg^G_w7nBK}9vmv}~l+bVRQ}2Wocbfj_m4
zDe)TdSF-s{q3Ph`HImUsZl+uNuRynsPUxn98;$8*67lZNz)H{iRji!pl%T@+frOvd
zC_RkZ-lfloKCfd+pR}U0L&{stNu=(c&pkSTN3mhZD9|?>B0=g|8i6b-(eMtClTd-q
z27qIqZ#MwdvlX^hZ@q*Z1;cQVN*yAJe)<#mnE^Dcn&_yO94G-v!_1WVv`n~%Mp~f0
z5fGcuDj{&K@BVTB{5vLsPjK^ujj*A=kXOk)43eI(^Ve6QS6g_YFrapZ8f1XvYI>rG
z_YV9fG3}TT$j{~|$G@SVuD1UU>V{zEmGlU7=Jp5&POtK!i?rqHjgc{2^Lf<OD)C7q
ztpgolUxh^Lyt?gv6~f>4HOQ9L8UZXn6LCq*?AzW)W#BrUL$m`RV;YtFR1l5!qSOqS
ziUWA@x<-A!q>cw`CVni_SjL^gT^`uE5SeM~KsO|)nh<15MTS%@of>m1dBII|i$DE&
z#Wf+4QU+&9e&&6e4x+RVD3gE%Yo}&2?z{z5E1k;>$gA>40g*|)bU|l%7g~@~a#Mh2
zUyggne`o<<+D%CYXVg@}0`gPTW;J>>VTL^_@%S*HP!+0Ag+wtavDGa+`jofWm?`dZ
zyQmt<L?a(12?5WM5^OJxuWEq7;A^zq9qR?p@qAaaN>TQ!2PCZt-I3%4iR!h3TjdK5
zwd!iq5OQTSlw*dTxqc?)Zim*d33`&e-E2YP>ttpW<k1&$LNMqt=PNEcNqgm1QaXfV
zwf;j_*8<2!wUKf-YoOp;!pO-juBXd-aId46q|Iv3a6w6GljQ9b^;?J!e<3tsg5frX
z`1FN0CR&8>!d?($J|~{7h>V!l<Ghbwhq8p$pXyGB>&@srdIsYGe7gwFGLnD)@XF`~
z;|>cbU^3||VPWBd5o9oRWgsU1_m7XjN!j$>wF)v~UIGG$OaTD_nX<AB9Ua7FHH-r%
z$d$TXaf4o}R23FBR-hLJGe0&Cs+^C_DmJN%AF%|P5|9^FXUd*XWqI~WJvU~y;;mQ@
z-f5zq{;@<&HvhHw7Kevn518#C$ncYwM8qpq<kpQfunM?fc#dO94(yR!fg2ewsY3P4
z3>_w7>t?^Zb0o2Ynunp)RvatG%=k@aeM8O+K|z0~7YJETo>+T`ib)z7FZa!i@2X_6
z)pxn;u^!`w<k74%Aaoki|NK4EiIB+G9##E^cyBpBR3u8VkFCbM|HGxFq8!y)t`%BY
zVH~zkE~-!T%sQSwj@OHWK+Sd`V&pD&e<a!4gon*PvW*@;R#gjoNFXm+)*z=+Q1E~<
zrQm&{vjKuw%D|V7a+6WjT9eX6X+jyn*QPHB!Fn10Dcsd!KG$c#Ml+_wv=<DLjZ?${
zt?14C#*hUXfAU;CiWdg=nINi%E;Qk*k<H4?ZyGw8u&Vec#Ziz$1;`u8vfqD?eU^~j
zGNTP3<2k{WBo7nUqTLp@;>5k?mdq$n%^w)xE0LCAnbHL$iT*OS!>)iMC`Ef}uim@(
z6j5!aIvcgj(#&5>p&v%%Xj+mK`529L?0%@9YvFm6as%|}y4;!W7+ty=&Hh~UhQNO*
zxA||3loyp{&n-S9_wtNtPFg&?n4Si+ohrE^hLg=n<D5j*WxISek<Jq(=hR>$h_znU
zfoE+*Iw=b)K>%ICtrW^38-ApE{nEb~_?VGnpX=mC#m+5n0;-LNlO;tZ*R_vkKzq-n
zUA+!#>pT0{e_?@Jtp-#5NbCdXy$KTvof6VIO-y;%CKy!=I%AW1Rpp6pzay0X?YB6`
zteNY(f^o)1H*u23J7cP!0=F<j>qqf)qh-|SJx;`t{H<_pvpztqzz}=P7(aHuXQ5CI
z?FwKNLRkVt_aY<ywXuki>b@c>SDkH6@wnZJ(OTedp_U#jB%TQ`d|?KZJq*6+<bNg)
zXWs?jF8k9L@Ye}5MBMKcA?MS1Z#ivLjMShN9)%3EDkxW)-&O-5&B}>JED5x-H=+K?
z?Op|WtNsKX5rJusPRB21@SS;FNb2Qx_dCqM%3JFJowXc|{tGoErX(a;{Y$;=eERP@
zi2@NL>t7Y*L&m0JJ07y0&%!~(6v)7Ds;#3RJXen%2SE@|xRzFd#MIom3VJT%H(0Kt
zH=o?TijH>Yg!e0Q|6uSCFzeY~z)6r3HM*mK1GvWCUTX&xV8lkS>@ud8vWppi!DRNw
zUPx{}k=FsmKlEUWapmpwXMycOR=pNcMT{UwDi0cgWA)w0-dARAZ?0hJ_G)aOfg8wl
z{P;{9pIUm{&$O`(NIlyarX~;F9Sq76Jkfca&;(i&xB&)usv*MxL}@JKk|P_{$dBy9
zv|G?d_zq^?iSe02Q5|tO{(4EH%!lt-w#Xav<u_~C$B`KsBHqS+HDJ<I(rjqbI7rOI
zLg8)8%3i7CI}a*nrgkNxD{rt4XBw%C=Zbl^`t@5AY$GZW+|JAtl`}`I4GSO?w60;9
zyPg(6=s-kN9GAeFJg<$aEWj1Mds<{_pi_;+5=q4n3q<pYnDu<ZR@uIs^zz_9DZXwf
zul6&*b{=IiTfUm!`GV_N!fYAT1K*J8R4%Qg);PME2x@C9UXp7V<oV0+W!ITAQx*~U
z#JVxL=>zRA`>9Hv#gAH8@CIF{6!%BTAI>s^YS5%TbJL<CXp6_Ma}_f&FreL&rZ)T3
zW2vQ!?a~Ur2gG4W7xgm3^H~qNGs3e-i0okNNWupCq}u-hlRQ!Mwz08XeP(l8!g~-j
z6=q9tc*hQ)fq|I3QMkJ@3In2(`OWq8r>{|_eRpv3PSj#OX8(M)+a)EH2I)ZNJt7$8
zWRtxK1X<oAXuC?65r|5f4mn4h)RBSIXm1d~)X}a!K>y7_I}d@0*C&jFxG#92(ICs2
z*Oe#bT8(0i&#?MBd(}h(RW*ARov`XFeVEzYy{f@}3mjgH1I8?pTt);1?(M%O;$omA
z2W2<wf_!f~TqQIyxOa9ZNo>9CS9WH?MV)B3*4=44U=}Xob+bIWIvmztxYoGAuUBbS
zta9_ae!x2+lESs*a?g?tj+uyI!@`fgWrMq?d=exsIla|fb%YdidHLIZ3GaSpWS-R+
zjon9-`N+xuPKRlBAFR<{DM!_@L!n&-=F5Jma7_S4ZZlOJ3`*2yMj2EJ%;n^M%qYL=
z*d5~N`&ihondcga*+O$`fU!ZR*g;j{rNlekW^hJf8J$$I<EMKO)a;prXEePNJxA=e
zk^wQiIkyvia8Y1~kF01NGZ5=LeWyfrqlEK3C`w?a06m+<(YGGVi(stqmk2%X5*@cF
zwd=X;65T4VBXiZeyz_c!o59fp!+DN6jqz~^;w4@?gfzN!!r}MUV%*R@AbD4C?&MB@
zla(7wYfm@f=%r4Vo=-;$o?BU_$FIBRPMH9253$#+__TbkG4$9Tn#Ap@sk5eX;Gwaa
zJEaxM5R}jA%KTcMER;dhlY3pjE-3%BgDL=ZZcv9jY5SN{fAoAG|KK@Eb%#NH!MUa#
zWFWDu)+_YbOXeq0P3{QQ>Y>fa=`f|{(s+n)QYKXAN9|=<f-;`+rz4$h=TQ0-iFjH{
zgBEwO%d$*j4xM_d8_Rx5$EvGAkqVDg_x)8)V*KAw80}}j4&h9ZuYXtSWAGQEpXoy0
z^M^3#U5Ry^I1`Mwd}%NGfE?<QJ$`ekQR-azsYXlqi2S?t*CD*|Pisp3KX9EZOZObY
z1x^LL5A84c<voh&_cJp}tYbKFD@;fem_f_D(lMn1XNu8&fYv9fRGA3gVB?D5E{wnd
zvGD6REVAhK*<Zl>V|`sFD)a2szK+)BNdkJHpA~BCqqE1+9iG~s{GdbVH!As-($OX(
zuNSMOe5t)sH0Q_l^odvd0XCO>^{G3G_i^%1B|~9e>~D7%$bQS$XRb=Xyq=Z6tDFx4
z&R}X!*l~7xg}*#dUzsT7Iw73Z-o{DV^7|+;gI_vB%Q>Iug092ZtcK<j$9foTn6AAF
zV#~pRAA|U^t<_MK(+OG&Qnj9&^XuG(S2_NAWqFNRh}5*jEg_sGQmH3;UsQT`#HzPt
z<7DBt-MpDqFSz?e4f5P*sgsWjvCYRObw5IxRMv^_im8?N+lSneH*F_#1($9j{8%o8
z<2?l$?L!Q&Mvv8qh0oA|Lq6jwiLtlDkWw$zI%`%8r*q?6(vwRuP6EWow&^`9$uA0H
zJxRSZ<lvK+CtjXQ=Qae8i{@m$nuT1RywC)ZC8lWC8?pvf;HC<?#2@YD@_ihA5+cRE
zN`9x*QE|yzDbaO&yi%6$pgw<14U%*pSB_iD3r&XiXEMxK4PVsG0hOqd);UZVgv_7!
z9-CwESQiGV)M=k39P?}VR#nyEPu-#<>ts%OjZe~ho6kg_oZ%lM?@K^I<kk^LPo;*4
z&M6Gz=Z*Zj(Feu@Ro}?3u8H>}y2sMzBjcU+4C~%Q@cRo`LpUea)o3-p{Dw}T7T=Q#
z*}}zMB(#^9u6wx}mF?{21M|@>a&@UgTX8WjWKjU?p-r-$9sEfhG?JsGwVjGy<Nlag
z>Llc*p%6PezCJ_t&1Ao{A9SWSJbGDD4EnPzp=knOvscS+Dy`KIsZdor!Jsa=;1Up}
zEg`wc6<+KBmq>3?!B^2M2YU`~rP-j4m?v#wC~vRbcPg0R&@@v9Fdw8MiFyEaNulv0
zZfubokzG<L@c2jPGOz%r<t3yhKunT0&J~k4hm})#HUR)8*T0W$Rpp{j@8k(qIW&u>
zB;;b2;F7QOu%~az^&M=m1B_P@(v27&mD^xw%Rapvg!(G0a+_J^K-13&J723vR)ZEl
zN(Z$!c~B=dx<Ykg_eo~!GuSh~2UGjy{8VUDB)CGfENXx`1eR9`KOOtWcTLobwSKxi
zH$3M82!6NUF8>C2McI$_%S~nKZI#tb%!a7+nO!(<B;E(H+)0-K@Bj#7>%y)IiFSqh
z)%G?kb1kp_MPxr^gUl$!?Ft&Sr?4-8TK1Z%Y$e`*{dkM%wZ0SY7~bd&RbWiQ$alf~
zR(kUe3MfF&Od$3IJZ9E@B;FtB4v@wH;C@vC)ztZm36Lp8rj`N*eh}exfP)DlC4UO;
zW}qYW%4S4H0CdiCiFI)Ewp6Hp4~j(Xm1Kt@2>X5xQyCI$jb>0fPX(0D5C#A~r5(5e
z&+`L4n;@L%N^U!X2NnXjmpH(k;qXpp7!B&a?L4eOd)7pQG2E|N(a~xu2{Q45V76}h
zrI`U|C)U^1ScmQ1J!wly;vNcw;Ixns>w_^~IHi;{4B$~Q-Oqcbu_2+n(lR@)g*#A+
z6?)pnuEOm_NL*YQidUJt+KQ}#)k0x#a1izlO`@W`oF!C-@UPQgYtd6KCu50fn|Q~m
zq)tLNFfMPJ8g#5TZs+{uZ5e)&a~Xa#oX${>%80<OJCKuFD@CI=PH?iHJc77TaH11o
zN8AHVgdw=bsaTc?Y<Q0PD=hI+A{5$SLTsOAAj!vwP&z2#_5h--;O!vE7A#^0I{r`M
z3C5@t)D_?h(me<Jw_#y1|1S&wCl3GjUkEV*QB`0a0d+#Syo4Ivk1!-75|4XL8YBtp
zPIG$m&IALyah^?f?DeFw0J8eqxUPkWTo$|}Uva0a1ifPk3l>kv^mZ^McjK;zgY3u6
zjGM2U!Fn~J53@48`0j>9@ZK#93qolMK5vGrOfCFqc*7}WhYQ;h4x`ww5Dw5RD1=Zl
zzb`0WGa!j)`}zujlq%#ei)1q*cQN5oEui9wD5=y$fo(|$^xfi!r3f@u**2%6NGS47
z9B12p4Ahf(3uZ<Td3<f&(2C_IBx21<P*@#w5O1j{v(BhN(b#gKYw>HTj2vY~Lc6i(
z0!Yj|bgL*gAalnW;`PTTjQgq<JvE(L6N<M`2?15V=-Dl?PHIQtu#R&!YI|}1P(K8+
zbT^K|?z&*{Q~vBKFaNfrr-EVK`42c}g;lL}NFerho2m~?U?l#{YBXi!@IM9P1j+n&
z%h>ZIRMi}jPoKQ4Cik7ChHGTDfATfX`VASLj2Z9k%LcUgUY*;S>yd~6_V4(^Wh2g{
zo0Ku*J+VHjMW(Brk?$wz;8mXFd@ZWnC>8KxiZopz*~jz!M8JZDgOxPx3Anmq9xS#x
zf%967s<WN$%!c`3B+_l%=M6W?GLpxeqUSZxhI0gU_VD^}CmKSS^W#i`KP=x0`J2R_
z#o|X=s-nmxQ@smYgX_%glJ5b@22ISGNI|ic5auRE6AGaU7Lr&+G1>sg7||=X{VPNx
zd+QcjB0ZH?p@mP|_qy(@>pXh=h9#{?3_KMj48ZdP<=$>0Lg0&jUYTR0r=J1!xLax}
zuXq~A3VNjaJ9;IRrR<B-<LVR=TQg!S!8bKoZnFD>-}+I7{ku`UYCYtc>L4e$e%tRs
z20iQ3s+m`d9yb1+RekX6S)c)aQA*Gt8obHOQx`cN$8=~=5QOXZJTSiZOrd^=Q<CDI
zoEM;+fJvqGFcRWiK8LD+MO<%Zy?f(INmbHZ(8C}#Z+L_7!qOFIT|jh_dyG?6xS1ay
zAKmu`Y&;K50Tu;}weB<jVEL~$E_)haQO>yK!zgFp(Z6|=V^y8(-1mWVmT3o|9od13
z!Z;ErhC6=IslC^XLo$YHu4Af!>Ka2U6s)t7)%_7R-|bZhQXHa<_CTc_f%VxcuogQW
zP9IJ1=z_uHDj*6N^IpUdA`^H8uq<WTnS#Wxvwkdql5+uB$zJ`*e%&Fac)uR?ZUyK=
z=uyL)`M;3Dp6XFC9rmdYoOAWlC?HK|K}0n;W=xR1Wc_?r1dt@#Yi)G2AUshK#$rG&
zZq4E3pExaf9xYzoM_>F5X75lIfsaqbAO>tgtJ=qVUhY3AlnZYD3zY7i3E&GS2@8qt
z=GL@10%vl}xy7jxZx1L>%`3fXmHJgg{iF)mkMUsJswcdklF;spCJ3L-M~Sj+yfD1N
z%6KfuuoXH#5Jnlq15oCGQyM?~;nnl1P-H)c*_p(E(?7D0!-$<%LkmGc5wKiRx?oHb
z(_lvHJJ!<^K~)O}xm(aBOk=uMwd)gK!#+e~LBilC#<zowZse|Bz)`ILiP?%h(<Uwk
zBf0G3q%xn*)H3{Ps@JgB{6E+^<7K8D14A)sDwZmd$EpHl`KW6lY$ZePB^Xo2b>@pz
zjJ$m~)7#gGml6F6UggU^mxF*FR{k{5LUDL39}&yls76{Zq%hUVd1_14V>`t0JzHJk
zFRDk#83FD<4A;@;_OhY(Q*(cpM*EZrof|ZTW9a3L5{^X-9uo(jpF}OTtDeg24xlES
z`Mk8&%g*9(m$!eGZa{_Be5X&Y)kJj&7=cJ0By9Q91YBI6pIz3aqBSepetzz{zNKTY
z&UBh9tpU?@ohcgD3V@~$6B3AM&5+2O@X$DZWCdgqILU&Tzu3~QS89GAn!7(_-jm?e
zKuR8LPG4@ZXM?3#5kWD?I$#g#U-*so`Yd=})N6uSDJirvw)fSmva2vCQ%fdZR8mbn
zQoz1V-t2#v7O^hlE3)HgAC+#zEYONL#4*d8e}h$fx8%ZHX8~D~6@!~wi}}!RY%C1&
zUN**EYAqIf-r&!&uG=PXEx~y156RDkmHIiLgs1orGT4B=+O5rOrl&8yO0^F8*iad%
zJs`VzlL;g@?LKE;mjk4G@MRzM62VfmL(3Hq1y^G+SqUDI!`^|cg#QXXpyDgeUC1rF
z8oMEtoV`1sM<Kw%oXOua!zdX>lkJ#x;)1`XUCiDDC+1wliY)8<`MqHtn`gu#mz<AZ
zfTIenmr7EywEj_pK@!j9REkbjOt1Gu<7CsnvUNBFNg?x;l7+iJ8d3acoX?Rw_g6*}
z337l50W*%oK}bP5d99-t)tV1hfSd595KfC~O~*7LPxNkkTGpk^YEXO+p1))1CB_H#
zC)kWdz@BOq!>^c93q;d!_ZJ@J(+PPMx)3p+_jsG^?5+X2;7wfl&~@f%*W8JFtIb3z
zu+f`crvibmyv~guZid^pO#$Ta_HQOTwq?b&Togw)P0(;0v{p@V1$mOw%Sof7*6$Hv
z%~|xb=L4@5{aKaiEJsv7`(7+pg`%sq;HOh>Xo^hZd%Cl7?&L1ku<rt=<-d&^lqfa$
z+W8_f2eZb{6%7eSruMTUe{MGBcPefta&+0Rv`OFit)+kBJrb+%g->x?=CnpBnlG|r
zLbvscCDnIy$ah+YkR1o`m9PdX!$EORBJ^mU1|)4=1-@$1g>Xi>K5Hpm)+sobWr!p<
z*snGJbn4b&=c4}bPlEo5MIPHpjKP0wh9TDlHp*H*JrUpl;!*w4aQW}pZjR_7;aG8*
zYo%W;bT7ED*(~ulf4|Q0<apjsg!*K7HXw7#Z~bD3MRz|xa5wfZq^KXcfLP6c29~BT
z>DnRq+d>!XgV8^uEIh^3b=$J?PwyTmS9}WW{tKC04=GyD53E-@O8G;)d7#^d6!<wW
z#b#;Un#J+i-h*MfbeZ=Uc#>+8ryt9IXQ=*#Ok~-tdz$<w#qDsSvx!GIZ{4ObcA4^9
zGmMJ&tgP=co-5wYKFh^qzjlIZ1sx(*Jag8SXB`<NyV`iCf8d-!6*Kb3xpo=M$Q_ye
zA6I7`*5n_y{n4nDbc2K_Afcf2K%}IlRYF2iQaVN`-6#zMlrHHOkQhh|q(kWt86{E+
z-Y>uBc#h+JU;a?p#_sJ##;)@^&(A4|!p|{44}Oh>ccsV&Ibb(tWIBn`3D<`KU{17R
z>r9bJ0>Uy=E&ztC`xth2r$bvqUn|oL<bmWVYfX}!p>O`&0PY4S-r&aYd)trxU{InI
zHRh2ZzhVA%cLToS!FZCiW4CUQtMuPzi2K(vRdyRr8R~LjVZ(S~><d{Ds|}|Vqbdgr
z@4G4c%utT0=8?#@W(kMx^YWk4lJH(@6}wNpCXO|8NNDfYPpDy~fxob=OeZLmwucDJ
z`Acq`wGT?t+|GMCW4*ftU#%4sC7}<ay(=j$39cHB;_dbe7OJ)ZM_-*4E1$FFlj&r3
z&wk0$81uXl45&Sd#|w`eB$?OXYXmjhT^Rl8wi&P^VBxz9Cn{C9N;Qw~;UrcpofN1C
zv+4s*^|s$OUKJk5L)!*Kw{(>XxG61#mfNd5BO_0+#H>lPskCB6uD;7Us`cvq!<w)<
zn@G@<+4gx2>@fwJXvlJEvU*;6VC-Jshs{5pTt_Z|X*ThB>orYv#LFfq)4Z&FR!E=8
zpd500qvfp5P<F;apu&u!1_AA7*1ktK?GlIdIJEAfn357$cy{)88$9aS;RIfP(V?Cy
ze|Q{EjV*)b>$9!xO&F_|rg2#-U?SU`El)^9TMy2D<&y!x-IvXrlbwU0fk1L=mn?;3
zJ#*^>yoOOB1_TxuzcL7RL=n!;@xDIGM%E7r7qx;cc<*{(hV5BV-O0b$jw;h?<yuGR
z8zk_$(=1mNE^h{w(opf-uA7R*wy;;&<C&Vp?)m$Yu^NRs${Ncp@gG~OU#&s`+{Q@5
zYPV)=mdn#twpx$5mT~lj;*OmH#kg;SPl1S6x&--s9oyYx<7Z!=W_Hhq*~S?fWS_j>
zu8K;XHm$T4k3ESuOYyh+q#IVRdetF49_$cav^f;M9RnK6P9GTNfDu!+cwiVeP+RL2
zlN}sF5d)%{`sO3oOr))85^05EDzJHkhSlzIj!>sj4L?pW@)AA&u4f{x!2z<Cfq5fF
z2g>zBPA8WT#2`6nG=HG)c2#pm-8F#d35}VHZH&>o8V*TBBpeF9_Zw6B%oze!>KBxk
zFL1!VpFdUl7~9zM^&#MQ!W$>l&j92mr%|{n`|8TbRq$sME9OJr?qHW!-(9eW?2*UN
z0&0)NPsvtbMs=C!1w_)VNPF+HxTm8pEZ>85p)3JS*;UU2wES)iKPx2E{0Uf-N|j94
zdUXwi6aot?TL!bfFDOn}aM2aiH`Q(uVVmrm4qE8!y$d=Z7F?C0!RYwKpb~&bUCOfc
zK@yXgj33++$wM$?ZiHB<9cVb{50Mm$Uo#oPmpZ=<oVZN>hhU85-IN*kq!6^*ORvrE
zj(Yg44~*$P+hCiEaz}tTB?Vs8IB*p6gmRQwJ&#~?y$e`75y5)b^aMGmgC4GfwmJsL
z9N2!Y1VzOZ86QLgtM4vP-H6|9p<?IGXX&l)Ugl+3URwoqc{4+UDFB|+@4!=HCsNXK
zq%>*kRUjb9vRUxy2`J0kq@hcRBnbXsdcUvNNY6&(BWc=!lG@F<AiG->w$(iP63Gzp
zYQny;Ymu}H*<ra-hq@NXlw%utY4`FwYz0JPlMqS24?6h0zD1;?w+Hg+%SeM#a8aO5
zq(r`pdRjvtG@f$O2!>G1kdhm1=7lGW8xTMTA-L$^@hM32om*b-NPLtSNv0qjMEKY4
zW4;qvhDGaY<J}Ea{Yd1kc#}xp|EeEBieM;Drdj?iNh{~h^$omTyWrr}ZHmxVPB66o
z{~uJW9NWRc8c-vBPLkFTOm1-5ZFAH#)jRy<pbSu)@`~W*j>Bi8Cgv8ilB4Oa*S%%m
zgV%DB7*=&0_zfOAB@sK8-Fuy;088fN4~cpA)Ur!bzl@Xin!SAZ8ymcjv}bWr{2?Ov
z*ZY?AX+=aLT_=>3=-gD^MN0CtUca%vT9(gHK==q!l0WcQp2~-VM*-n9xszE&s8msQ
zk0h&rXyJY6^^F#OL3~!X%}C1V8@gK83qZQj*MJ^7yqH9<z@*RFjMWe*D^(C81NB?3
zWp`P}X^o7|IrB3v_+wtL{!+cebFGfOBm`en&Q5?Gyzf`ieQ{z#Bu>d-Ko`RM?!&k|
zXZLdCC#DTjA&HaVlk*aTUW$-AdHQWo<)_hjsnvu^j2#w1146fIBp+S-z>I2ppi6G(
zHt+kM$<C4o@6&-rXsq3H@+4-)4fVE1Bjolmp-ST8L<oqixZ~WD8D-hwJ4K%zSxLNI
zl9`*ARb#jujV(y=ays9tKS$8$DZZip_;qwe=7Xjq>r1&vF_EE$g<vpdk}(dHV3Wl2
z-*r9<Z<y^GqN%jtdMJY8%=}#z=7UP3q!g7ecs>mp=2>cQH^t8}g<q6O(z38vwbe^d
z;b%Jfys^GPx=O45yvJ_+d9_<5RYUv3L!Q`|3`K>qN$n4F25uhO+z4c037l;xQ*AO3
zdy8<^Qf?w00$<k^O~R|(0J#4md!oVR4pG2w+BMMmM&fB^+*$)f?=GG?@S>8~xhi61
z3^l=QVAu30R~2s9Kfrv~u#G(Q8kv9dOy5(f1ZTCdHFu|?PgTDL+?QS&4vDRT{NXm`
zj}h-{g;fBs$(o*^TjEzSZ&kI_6i|;4$XKo`@&ndWcVu23-A8!2?hK{lZ;2IMo~R_7
zdwdLm)h>%~p?&k^Qj_ruW@GEDo#B}ke~gc<P|`IdEL~GbUh#Gi*7I2%l@;~OaRh|V
zBH7;LMIqkT)5QRxX`4dcEvfgz>3;y7XrUi$;WDo*kDRY2zNFq@g>`Y0=?ffSfQqJ&
zqQt()J_Z>?ur4$k2t>&6#m6wDfWZ;v&zciERa`c*KA8Z<)WEzOld_=zEhEwKLauLp
zKF$-w8eKuiF$&3OOTJt)_rncQZabUIytz>bOsAliAi*Yzv%W6PxIM?`V5Zo1?)th7
zcnGeDVwc(Emk-V>ygjqobE++rb(l(yZ-7G{0;YdonSjCn#3iwjucA1!+<^(z7Ca$q
zcMGQW8R@GdHU`E}OpNaV>ngC+&eROtT$HE1I>w=2BQ~<P@m1||%P;3epAH{?PNj6!
z7~ptK2?OIKI>GM3Y1#x-u$jemS})5wq6L3xrNm5tGPGvD1n|Tb<J*FUsj+zAh<sN^
zROXBhDzyDCr<iwd9!m>OY=CT)JZlZ-Gr$_<Ze*XJ5_B&EY*WDaQAi9>PfM%KtObEm
zg_xwrpe}AdqT%>UO3Bs0`KO3|l9W1N+FyKX0sWj{9E_fF)4_corjo||wbtgxBuYW&
z8Kq;?P(z3E4%nJPn}k)Di>jp7P%&P?Bm@PS&CO_|ijz5M#$R%i2|Bcu`TuP&e@+)Z
z&TJk#`PunUQ^U^Rjcyrqv4wXtc6%u6)x==GN^~b$-%fAdm59zPO7FBO|93k*Fqy<I
zB5yhK)rqA;X1Z0qOLvZ`sNA@whTIrxPkcQy9d2LarfD##STFCmT~(;vsDa;ATB>&s
zeyUdQQ1yue^vE`BSJh@XMW7B_9Ui2P`cj#v2$T%Y_omWSi%mP(qNGhr3#RMhZ5><j
za_Ac}BW(F~O|K?Mf?z(7MclQzm;AHmH`WBSjalr5a!@r?c@CpsC-vOXtylfVHEv4(
z-6&h7v>~hV4;}Jej=eD`9<$v|qAv$Hn|Kw6=?Vu>!yIc{<Fa7`Ml{MMA%#bIM#eS6
zXdh1EYJkT9wP$<&9*G}YjB8@CZGLW5z%TA4xq*r!yyqyf8QAF>5S9x@J}Z{o#pG4O
z`LgeT*$EIj!9B6}{?G%D*kIHsk-^94&A=wKBJ-CQA2a*SCS#)><r%tLehDnRK@$~R
z{aSztt;m?pOjK%8v9<dr-Z&*PKeJLx!%(|cP#zJ*ZQw7$VU=Mq0vs-8!*$q@fkZ@j
z_SD{p;@R4VCi}XDKC@jNob&_6&=s>QG|0Pj_Ix2Fy1h{VQ7I?biFl~p+-Hu};f<t>
zTlmL+YO8P-o9?G=pRBj{zyhqAvLinCcM=7y(dz`U`^*2k`B~ufChU0YzA9}A!H9Ni
z1nv{G!s_9xL+$3=VjP^)Ldh7bcB&`%5=QpqWco&E^-o*cAjS~Jb6xG$90z#MMvOOJ
zcNrMO8dO$EFBId=TLUM7-81%UYJijcYrVZ3{)C<$uXu|9y}iQ2Da66<>x%BqGUP8?
zlwrh5aMc438@UT?<~T-u=n>74c6(j7HdgtGC_Am*e$TFZA4dc&B&1t?3%W3cI8<bL
z;Hv$#6SWOv5PFiu_e&VD{^^is{k}vR)<nCL0o%mO5jD6@Edb^!HwJ9=?TD3ArhXwx
z%4j4ya`CJk%zuZN+vgMyhnRwk(YeqvWW+j_Ht5Dr8v>`DVVP;zPdB(>=bW$bxXN<i
zcu1q=aN&6X%m7X@7!*g@<=^B|Z@H|ieHs8W?3_J^{ph@)^x;F<jNQfUC+uj4Y+OQ~
zUP4Yg_KrBPu_s@nVeM-d)o4n-?N1p0UrdbbL?138zJ1VHU#QY0WZ(a1Fv+XjYq-Br
zxSqiajtfd}xlp3-@O_DDZ0F#G7!-k>2;}Rw#ct7eqHx;a0m&lKH{7*Pli+9=bPUXm
z{vq51^myi{u5beQcEo|)dcx->NHMw@ws4M%hT`oF?jfk>A>a<-yE1U_7T~mV58UeN
zfFRp<6a@bKbqQ&;@2Z8hufoB*WxnkQjQ7vBZ0(1J0i$>SuiLaxyUG?N!uN0ecUdG9
zAv^R{f*Sg~9Cw<q13%g4+vYe#zJ;PQ0uA5~5_ZxKznUCt<4&-@c^gMR7-6?Krr>Dr
zG%UEwUo&k~UPw@q>W}!RjduB;%l2DcaQ$y<JNG4Ug&1&|;08{5Pss}@!fSGLhO1aY
z_`-ffU|<2TQ<;Vkeo(Nwc2NvY(br)c9JG~l+0Vq}Xce}AffvBGy{kjwh|A6Qig%D`
z4!-S-AQHDWe@cbx$d7==Y_*PML>`#HSB+m1s~uUIzaK#gcPH}E6w+@E#CxwE#crMH
zycBc0j!aBjbGODZ(2$vb5I6-~9T(%FgP)T`%?WenrzB{9W9YkH0R3vft;DS4V_30#
zNp#w$*8&XSSdJsa&7Xsg`-O*q{BzTrQ6<XIcWAA3)I1o9;u(J*I<utpG3<;in4~_n
z#%RCag{8_j2(rp(u`iQaoIP~)NxkL%;|7`anS02?-AHGof!d4QxBuLRFhLwm-?|<5
zc{W})!4NT8_ddqa7w42Zroz_d(s<;=DCoCx{AXxza`LZYjY5}xz5eTgJYXXGnmQaU
zo$G)Um0SxqU)yx+cb|M;-Cj4a1z*<E-Y&|lMDk-t+>i$%yFG)BdvLcQXg5JrB=sxv
z)=tkJXm_%7di%jngG^;0QiToKy?HAg@9~d@Q~Gl^gvY_$Onpk>ba7J9TKwsXw<voO
zaV&quk>F9YGmb@QyEpMx`nSo=$s@<yt(7ALmq{PU_hp{CA`h98dvC_6)y{b4s(>AF
z?%t1UMs0cnV4|-jib*x9GhIBwyiiu0QsEy}|2d2k#xCi!cEpdG1l=37mkJ)HsnbhI
zHIHQ?=8p8ViD}(PTXX1cH$Yvm$NP82d@mSV;o};Gs(|;kOv172ymO{e>04>5SfOD%
z<yJnIG2|2i+Bd){DFViIvztR6hr#TdNiPKEd6&V2j@16_r}5FBPpuhD;t(OmHC03R
z*Jr^0+@G6JMpN^{2<QXMW(oOPzXP02a1sex3h!T5dc8hyLmnpf>R=y7pS(U>OWj)Q
z;A?)MJK|IPI%pyumcT`tqGV%v*3cu|pZkN{bOChooPf+h_we-o<ElCtEq{1|XyT5<
z=ZYob=B?fPRy2AA9qAj(2$_y3iLSN(*3p94B*H|N5%H`Q59FL;LQ!p|IZJNPaDSS=
zz#Q^w_CE?WX%;9AaQ5|=XFT4?1jz(=BljlVv|q~>%Dqtj(@#^W{s*%{X4y1)pEwp0
zmlcO^*ZHhT?q=*AX-c(VlUYF))YE$ROT|usr!5MfJFCQs#IA<cQ=JN>dhdxL#n_=v
z?~q*&xyFH}D7@aZ<ljzYcQ-;p_NIxn2fJ!TP793JAf=u?5&A5@f|YGZ^3k|qA}UdF
zTp_G+xv?U8)EM7C(lQK`A?ng)H&*)9iUW*M#LQ-x<jVaRMrnmbyWxUAOm7lLnb*rJ
zm9-YA@Wa2jqK+vk?0|>2){*Ob_q?U01OU&@&atX0Eh$SAt`gCjDl|Eod?>H*dICJY
z6okpg)B~*u#|RN6u*_{FTl6hy?Ovdx1B30Tu^;G{_((z6?xq2tO73|7!U4QiYk?U|
z?GhpQovmQbb)i<J0kXnIB+>3L4X`CQ?O55zy#@2KKhLUw_cCB3k$~N?Y!!R=6(5O^
z!ucaGAwT}Ffe=r86+n-=j6QQe&#?TVo=FJ6NNl&jqWg=*1~?3vRUhc`_%a3R)7cIs
z?b1O<$Mf$(#kRq@4xkazO<~d5z)@=f5Q)Nqg~$OBmqLgw$rIlA1F8j>zp^q{`Bq2|
z_w!HBieA9F^Ga&-yL3N25l@NYPC5htV3JqMpFu22cs+)u@%4vmz);L{n5svvwWK%4
zV1f_)(P8u-Ol=#jGL$A!g5S0sc_ZC<O2+43Og#0}5T_92at6;ihWP3ku$q0i8=lW3
zBJT4}pPNcvjDCuq&z?N5mHC~<ue>`YPtucj%i?z2o)d}O(d<%4#3P@gwZ)Z?#9a?n
za-)uh*cVv53y3c8x-h=eO0|+m>i5^0%leLXs32)Gs0x|=t8<Gm;RC0eyvrOd*JA=^
zQ^Ks0LNx_Rclkv1iBJ$HC1@o`)uEzd&Ex!E+b~F`Zd2&6QMren-my5?4iStl3B~_^
zKOp0Hcm$z%7tb#^6CQsr>2A|}@<rz{vkhS{L#BaowX^UdhRM$dU}YJ?G@n-7K@lM*
z9SQ^@qHL7<dT%~?`l%6Np!0fw+-8ba@<A_Wb0UYroe!bXcKDEdXI}jLPOTFBWeF@H
z9a=%G{_sf`m1s)0t|I+%q$*xn3G+?F2tHG56Wv=!J|6qGs($`?YEzsQeLvHE3h?W+
zO9_}79Nu34s0hU)DC1l^e^!DQxni^$LKy7eB*8D(z|)%tx&#gAdlI5=*;U;Cr0K}T
zNANtitXl!vmNzCmPDRwy^yrD5^dHL${$PloGt~>gq#kjYH26q{_o(25(fy?Y!{7&x
z7_M82N4d_A>(|IzOkOLPi`((#>?p8w&a1F^tFQAyNOcr1?w+zj)!5+^P2GfYGga~U
zdub$^id3YZ-4xz#cGFcTsS%Vpa`whr`|NyhvXa4!i@WtcqNZhLB&BPO?5Mh3sBgE-
z`&9%ikYBwQ2RmLi<TU_*H4PVMsO7ezMp^RMMSdc&i@qIa6}El~I)26DWxFvEg9;O@
zkOBIYaq5PqV7#v7)IvvAca#XhcG0K6U_<Q@a@{ZmYQ=93MjEaImeVUB!`d?y$sLxV
zQ%UB|8HT^PBF=(v!bkcpV<tu0A9nNIdO<7v$=E`Dt<d)q2#4;;Hc_xCOpq5169<p?
zJ%uZO>6(P=BOpb<ADk-e$T>SdHB_^l`l(3T-A!C%TBj<@$66F*+C@|Kz$Bi<2zC><
zKlwOi>en-!-EnSRYnbPn=(=0nRwXSj+9s76-{X|D*xT~z(4@ZqU>?zIDW3N_U6aSN
z=d~JCpQJ_a*#%nq%^NwbTlF`j9E;?BsZ$zle-wAwL4|jPsuM@(sqQzS2ENC-HIx(<
zN$u|9MTtSnE9S2*JwgX1-BvXL#$T`#w77UP=}^>=4tgU7_fU8%h<k=_?3WzpLy6^8
ze+<#rgR*dGSB8O}Su_3VI<xG+3_%fw+hFKkU-JG$X{UBfVaWnux!e;?C{h$Ewq(=L
z<#sW{C)+vX+nerU#tncM<b}-@j<RsGV*^)R0N?Piw_h=}uuaVOR@Zc})a4_=)&p%P
z=E`7Phr(m)g{?8ry$3v>YOSUEfGAECwA0n<wFlr`U(Y5b22_@9fwGQ&{xIt~FGkMx
z$O5D-@E^~g<REYA4FdP^?<DYvc06x-jO&!;jFy}%PzrKyhdKobfkFFl6&Q;}RO~1}
zc1M6wyY<gRL>*BW#2H$Kczt#V9%=>;nFZKwH!*>M-e!kMk<>HGRN^23EV>cYNU=N+
zEY*@>uS~ENl#qNwFFq3shWHYq{J7|ms=DwFY4)LsSsoLRTa`GN0gTplqI%C5Q@*Pu
zw;25<{Tr`r?uj~-e;D;V&3~uHyJvy2=(ACXfNa(_ATGJ1h|cku>EFCv>t5inQ{5$q
z<h81M28d5JUYw_q793zzeB~-uWXOM{2Z*(2XlL>?il=}|RK@-yB+MS@8%st3vTf_6
z7wvZnD?LHu;qrr|ii-beMrI3q9@>z?<{6`x519$^402wA?ed&h+L|`c)XwjSCM%iz
z*VC;{@m(mcX^?q)6hA;-Oay4P>Hh8t(WT{66@eYODOlQxa+oE|UQexW%!x|&v0di0
zIJS+#z((9Hzb0N;pj%x-w{C#}K=I>3t@XM!Mf2-Q;`x71N<Vad33kD9!zXJDeEJim
zClMZB_ExF7EPk-YJa%|>68Vn`lcGn1k~niW(xXBVL-Y;AMJX1jMx7{$JhP}!4>jGC
z-qvI{s%1wUYueK6t{HN^ReRR2)rZh&sF;ng!++aEIN2XG73RvnW5s93cz>{Bc5rTB
zZJx;4VA{zVr4Nw~kN)#eG<8}CC9_viVI}E=|9q|Q3fDS1Fg$$Id}_L3v|kSClW_g<
z)!H|AfW4vw)Na(|&U~(8seHNt>dezP>k@?2|7$isVc)%k05TC6*<Gjnbsdds!fK`c
zLFg3p_Su5kP`|jHs+w3^)FPR@>+O2L7y|F2nr-pPrwc7>1HYOpKKpY;BMMreW|h1B
z2dsHFQ0_$vwGJNv|Az@Tygp~*SocsQuw;OBA>F8sUNo&%lEIe2s7|8$L{c8r_IAAi
z^d(Y$VH;bI0So_8!&?~N`(4yOzwDg8?sv!7L)NXcg1V&vcl2U2kx!Gpt<EPO^ZN0f
zgKq(J=vYs4teJiT;^OWp6W9_?t-A)ZPMJ3&pBIA_5Ub)iUsBe$l}kv4?C15}wHUs|
z*N1v%?U7b7<l2LBYmdSs4sFnFs{MP_i?0vzFwXaWF3`GHdkNEVBtYo-j2w=&cFpiG
zK?Jv`0g#3gu@c31Ey`$*p)UmE1yP8me}^tT5hVH2>*rRICvGGB0ZofI%$f63kjbTY
z$yG5qlr*>E=yj=!)wYG`ck+Q|%P(7C{=BxQDx2k-ElCHzns>L>T9yi-$3cI&*2qQ;
z*$Q7{Mn%6uqmN#oo^u4B&SE93PhD$p=$K-To^ue7SLh7q*<xI3WhvFe9=k-W_yVu)
z!ook>wqWvr;PcPt{>N|E&irL}Ep~BGyq!~N3)8>7k22w~j~52;sBGKnyO>$z&r3)G
z%CAXwZ=grJEn+VRlZL5>Cmas``3`#|iyXa#MC_*i#KaHSbJ|9o3GiiJLQ<>I+LRoB
zRoIq}kO!I|RhxE{r4sD1`5nmsuKj>!zqUUrX^Zo~5d`xDJ+X$K(b*#YUP1~bT@L~!
zVOAO7nRj-HLeFJSOx)+eq}d3rEJi;&JP7oKSxLg?VE?8isboh_-rTJJMO}@CCIzLO
zS8g0$LSA69k=RlkUf9W=e{5vaJVDMBm^ZgNi~pKzoc;ZW(*V+d^Cje6f+3@S82l1K
z_PFj4=Q5kN?!$Z1IT+iy2Rj(4F1A`+CkvFoug2C51%0`Mc&?<)x4_Xo7;VOdlic;6
zOHTJLA@ePlkTRHqcE;M$!P2e=5_fzFVeO(o+U&WLn_-LoK8Htb;Yu-Ou#Oez&`a?6
zJ36mLjGtkzhW^~y=a-PWrGLnE_<r$3ob`VKKs;ewCt@!aw$T!qD_D&M=cyb`gS~{{
zCZVTIO*px(Lq69D1K93gtePAQw}iU-ss)J)?X^W>PVBdU(9RQkTp4Up_(D$@y~J#F
zcEW6vtGAqTP=_^uqu*abG(3iIr@t(`u&Ik+beH)D9zrcRV+O*=4ID_;o_4m!s?^Q*
zzTC*&NbTHhhfV2$gA4!Q0}2T|NCPdK%%d<$gBwI(focF7!iqvKAp!oF+GBsyba=UY
zW;uXau7L;8xp5&6Tk1@*WuI6`Jdkdp!6ACE2GFG=EKn^D@y@vuE+I8&Z!pYzEvugi
zaqN6P$8@Sv;u1L$IlcYwMTq@#=EKHBT$ElyT)_kDyo6B6{R@#p*fi`d7Arw_Wnfck
z=M?6@W5B&#+w0=My{eVmYOcG4yjsJxcAm2T&owu`;;Q>m%}tAo6z~%Y=$~TjP}+r+
z;w9v>+>=K0*l)Mu_m+dS;3wB`ZJ3yIA@kpHR=_eKK)R1HcGJep1$;|8puu{d3t|f4
z>+q3$aGmr#Yq(?(AD<ZN=XoMH90q)6E+M-n=jK@W{L&?)*LzLjACAwX>7{oKKwRx|
zTtZUN^g+PYZ+ij<u|1ARn9-{DOZ~uIR$m~%yz2ae>jSC}xC`8L#3e+{{BUy*8hI+@
z^vJ8z2D;1IiL=HTl%AX5qNkx)o=Zp{h502U=2Y`p(B{l;A%;ZwA9BMm$SC20AG}=s
z(8j26DVxWgrf<)o7>=Id2;di6N99lf1XjETT&<1~2_HJd9quW=P=}rf^Zj?_-5#ts
z495-azJCcpbNCQUHBQ5JgIxY;qfE|)>EJ7sl(;15zda4g`qN<79wO*&uFF3+ZFE97
z`1uARl?LoW9;B~Z5)5ZLfT(kk=r?7H8`;A8Tta{=vDrru{6I}`p!acAgCRpdW3|5i
zk`sWQB&1wIn$D}y`w2m5=TfhL4hNf(Or&f+y|p!kiuDEGb%*l@zoA(&UyTr*)kkkR
zPWiB!EoshXmk=3wI;0inAi(9F>tX87YXX+ov9Ovk*nH=|hbX9U80G1kP0}MhY{K^x
z40IkTaJWAW<9i9)6}~|Dd38QOWt(%k$&tZPavGNqUfVPd65+qf2bU0`O9=i_9DK<C
z@e(eLDqz|r0tp>_b{6om15_IvT|!o~{x<Dns~)2|oBs0Kroz(Fj?@nWUUrT^vl^in
z=58r(&^htsolSD~r;>*k<{KuR1Q7ytA8^jiI6lXKl$zXM<`|D&%ylHXT<#+XeW&h$
z@B6;LzpxG>EO_S<@-+#Gn|WjmUCZjyqIo6YvGueMV^r0$fs<_KS$?S-;@R@o>I25S
z97s%Up?R_OmaT5*RnU{xE%@2qo5z@Z=Kur;`V9hzB8a1V<h?}G0ZkkytQ9~_Qeko@
z_pL;Jtb*;fSjBIxh%%oVKK?DIo^zI6_wq01p^$26?c(2-qq8Pf56m56H-XQ8Tg(%z
zfnwEsef7n9gUn#SLrL4SmrUW3Vsj3@8DII>kl%uXLVe%2Y+_4?5WsUGu)am1t5n^N
zR3YF0maq{uCZ1aSp|*MJjMcn;`IWP83TqvPLfPNKvD?8nb$%sn*&QWGjJNprIePFO
z5TOp3f;CBme>(f7x>rep-!k<3D5)m#(oK`^&3mwfb%LhPU1SY12uInMk6?(daCZx_
z%D|26!y%6Y#w<TO^6BD?>gE;rvb4KnuDag$$xU#8PYIBwQ+nS(R&OY=TK3BW>WZUB
zGVv_%a3qzoMDDyUkkR6he4oJSsQYBp?bv4S*5h$VhD(M-OjdfEj7sbU-5Io8bk0fJ
zlXMQc6N*QoJI=?ux6yXi9<z}upqD)A%mR;fQRoXXGHOeO#Yx!gP$&@?IJm110j~+O
zJfk&N(T2D!AL}KA{%)#BwawhI`%jD=p{0_2nf)BFoFv;}N;fMin)iYv^f*x-HdQ_G
zTWg|RDQ})WwFatOf_*_pN_n_>JXsID<NK<?ti83iv#vK%4w;@G5yJheK_NR|a||XC
z;Qm=jgO|kpdDp(~NyB4_(p4~^_j)dC4VYh!v?RL9F(0R0m^WH>WuNh>->#cDk=R3%
zJttTzHL8<of7oJsc9O_hJ{PkJ-kJpyhTl_J2h>V|)UBFe)vD+dkFWe2@LDzm>pLAb
zy4}7*74F?I5jw5mC6-*X;daA!z>@Tfqdeop8k*dZ4A>s?t6j{ryU6GLLG#uC4%Z%N
zJY;o`KOm(})(v1pIHT%r=NL=V%#Zh(npNaf>qid}Hi!ZRDp6N7tdS`=rl{ya>ZFc9
z(S5HS$bka#-j`Q-iUQ@a*&JMyKf*|^{nKem=4WL(5+i*8)bU6$O-3uJ;2oj+ZZQp0
zhFUkBcVzVp!eT{gL2e?M^+?A`(ET=KirGpKZ<Q^{O48zh;5nV~sBy9yK1_j_V$RCS
z+VK823zHS)PbB!-&R?p^`PkP+DW7oj;ZG39ULn0%Wj`4(Tde&4)KVa5E66xPBn9#c
z^pp-)*Qt(~0yT+;otJsqeIaV<DoLMa=WtcVBs2mFWCzrn_;juK2o^`48gu<&vSf?^
z^}k<6f;s2_#x1$)8!(W-?!fspOf6Pbc}ta;CwJ{#RDt*7riyN*Mh&Or4iLfcyN-kC
zlpA7e5>%7;1xr&O)~1612V^An3X{f~4>02;3bEnQ{H$t1jP(!@j8N?RV5$*J2w&w@
zie+WZQKtqxw6x;g=$y~bBU=X{^k1XJ274b!gU~|ejj2hHqBlwM%swO(Ej_<2Sel4?
z>|0Vp@eq*BHxl-Mn?)-YU#QseX2}t#VOlmt0dU)Df08+EjVFbW+H@InoQHm&)}n21
zN$Wtr{cX_QE34Vt`$=_}LzQ)G((aWZ4Ai=kq8cXc@AtCX4&35rbx%zd1f^1}1PX^r
z(!6nH`liafk(+*;gUO!7PjteILk<)eLw$S;f@K}l^I|zNL&c;u@swB;R{Cgf)x_u$
zS}Cvk<s~I<9VwBDOihG_GAi6Kpta`;!HYpabVvzqi#@m-Dk5y*P!Q_4Sps>H97@F>
zJQn;onhFsg$xXr)K0p>k3Q_-{PiuX{E<~0}Fi#x><@4OHh}uBu`ri-y$S)2+>0(gO
zy#chZ|NXdgJ(OrnXaK)9Bqj>)S-vnyH__28V2x>W(|r{w+-+QKb{lWG<E5FyZ}R(|
zhF`{cM7Im>rmmJ0=8WUrmg2uFE;JlTyr<wso&v~c{p~mTukmgNGsQ<oOGn<Ks^ZqY
zlP@REA7lGO&ys9TSCQf|8`b!Efk3cj!&?Hw0~?E*q9Uk#QsJYlcS<BvT}#QtLc3*p
z^ht$@pCqjCbn{Ti^+*!?dQN#rl!CD}aalo9rOthE2I?~9JkcF0M(LM}Wif=!3i5Kd
z^jVqn#w;!I%I@dc>qD4HmrIQpAO!{xv7x60kwh4&f;&lkX^{82s@pf2IZ0=<NTZd-
zzW<ZQ2UWF2B1$fUL`Cv;iyxKnaR9V_pR4RTBQaD}lbO9D_w#UBOeA%`V1bat*9XUO
z2H&Q7Rm#hF?JQ?G(!_7(M@b|*9HfH~LSsC4AJcR?{^ry0hLe>c?|_@)Rr9d6WOA=D
zT!uo0s~2Zqif+3b710LG3r0CzZhcMNMnC%Nw?S7bg<_vrLuE(HaR?ddCa{jM*xp?K
zDBkYXFA-59CjOzQ@!_oAl!`96WXO;|s&!_;$+D2RjrhKj{^WH3glM?X@<Jx_?0nGl
z>b@t<3s6dAI8Fm9Wm$v!Rl{}Jh=&l{4*8X9wJQVhq*7LOKT{HR3dEc0*jnT(rWi~`
z=3FPk*Yh2VevR8+IA1%^R6dwPv312MPCbbSWU{V=pRYm6VVX<*B%0jk9pG2{i~J*L
ztSFFL`yw5#f(RW2fdltFzR-8;zvH{I<=uVmYIyZ53`dqOj}>Lb&!Sz-?J1tSFzC!U
z$$nwF{sn}?%Jw4~N#w@Z+4g)&%h?(OKPBIHKUi$8_@yq(cG6K7|4kP1RrAQ?>rl1w
zOg)9i(C;=^laFnl3odiXtfcLw#cjZo@1$+_u)*++g9?C-g%XoNsKul{W|?w>__`Z}
zn)`P&UCi?YKs3`Wf^hwj`X!A*8*y_n<%yV74jiM<3aOl4UrPNe=6?fCYqy&`=ms;$
ztecH0hU5480HZ~+A8?mUG;z99XdiA~wYjp$A(~^`Zm4e8IaVYnBWiu|hQ@&A0+gm*
zv_jM#-dSxQKy9-x&3UaZ>2iq2m|9IW?1uALy9IgOjt9Yp1f!;t2vp<!RZn37`d08|
zPH0wnLQ?!I@5u=02rBlq+!Y}E^RN|Au~BG2QEr;pKR^PjHY&E7LpX|v-2;x3V#eb&
zlysKhyDKW%l@sKh40tDZ6>b1vH&FuO3x^dTN?HG>ZzWUuUF9c0On&dd%H|)bKZqD0
z-UU9{h*>`(15Xh18btIbSj2uXNWaK7>vY-ex^NS^w+<fZDj>+Y2c2N2-*_f%_bhOH
zCc%|6q<F+MvQJuCOI+plRsST^xoTO|KfMYyIL;&9KvEFVfIJW&`z4=_st`C#7J|m`
zApq|)QmKlHXgUtHVsj{5?*NTby(bB)b#tKjm(oGh31V6NdW*p+u*9V>>MtN+zeOy>
z)+VV^)Kz-EWns)zlL`P)iPl#r%^o^&zovvHr|{>dwnpVeEcn6N@MteHkb(&QcawE;
zx8pg&f>Jj>Dw%d_XIr)fU(q@hV9_i{`ZQnK`CHx<b_E8KFv-eSnxa8nR8KO1`^3re
zy2J8A);3q`$vzgYkWl-mlXoXS21`R`B|`sJ6czE!OUmadQr1GOf}%>TBvF>UrOOqi
zF((SNR%MQYIbZh2qg&H6oRYhAzJWl)YYV08j$%XBmUo7$K1u9SmgbF{+N9Lty=Ge~
zHPTI~`8+paQkvRBZ&%wIiw%Cc#`&#v#8x(jIq3WM5!-tu9{6-0GrQ-iBodB+q-2a-
z@LJ{goop80Bq=%DAGFj)MMOmR5t+g<AAOTu{du3&y;%2%&sQ3jyA{+yowZb{YS`UM
z*g;F<$B!rFl9JQV#yzMj$!fz~s{6@^tqiY&yGKn5O8r#CEf3V`&JN9e;Z5IoR<Yg}
zOKFFPf~01exYW_zKe-ph<1rRbR_!I}ro9^ix|M$a%vRXd(prm<i$1k2fw8fDmNO&o
zHW`VpfWL}=rt;afpkp)=#;#q?*(Y5y6!D4gaEoCeK{wK<jUoOP23Gtf^jZUbTaC}H
z6TD&hFU)}BG|%y>=_lUNly+;U4eXyYwmEkaJq%{0u^?go*g#^niQK4w!;Hhygq725
zFAG&Eor<L-?w3Klol0Q7bIFik^C`vcJwhB}zJf`-L=Z@?i`n+8#psXVKHQN;GT6>9
zCx}Z3v}GQFcQ4f^A#?HQ=<APSwBTvY<}Xad*>o4w|A<9ml_wsfP1GXOv=FC#@>NpS
zci?az$Tyde5Ht)oa?T3+8AyhfTip)M_s>nfQWEC2Z}@t5?wVihTT7m@w7q-5Ry*|h
z49<n+d3|uURN2|R0lW<j(C(9BN5{oIovvQrkEI9gr+=90*3@whM|+o$MUJ%>z=zN9
zWod{8w|j^f1gqQjrlk+&9m~0kj!1yKd5e4G#8G#)_&#FsCkH2Rbbm+x#eKuT873l5
z+S`^+QxABYf}nOb%0n_yrhKcNW(HYDTNCemAAvcGa(Eqfh<+1m*B6yQ*K$?`t+d6W
zau>mn%9rMk12QH*&stsTG$qDu-s@1{GsY+Zyu}o|gaoc%SmP)k?qf%Aju~${eMAsA
z7UR}MjCln1E|~j=jyK@l8$d{DxP%PX4K?Fb-kO{&FdyD9KiOxvuwvLahs~J1*++9@
z;O^eATYI(N;3n(>#T;R4@Qrw*^>gS9ENi3<=W@Py#O?hHoqRyD_+Z&c?a)WtS#)U6
z<Kn1uWCMxGI(mVO-*5gkIN+ALsX^TEabkB6#VsAwxU{+sd$bp?*d{ahNRs2Hc@xtg
z)+0>OA#~u72Qytv_=lSVEi=28<iQ(T=_v)G;T{mw8slOx|L-5-6+m*R<BZ=Pi@5fK
zw+e<P8zoQTy#Chcv#rJ@<W>fvt-0lEY!26nt?)o1vEl=Ft*EixQS+n$h}v*;21O3j
zZp2bD2Wy?+ot@(dYq{gl`+Gx;!eyZ63hpa^&Z?o{>cgj3gWZ$;S=dF~Ps#rDpH}zj
zmr;iv<?H`675Co}{N!nQplPtv3SWA)sFpuAK0$82FVY)`B$g^-w%I@E4ZgMq>Ft>*
z>j1YtkhG6X=8d%R%N#g83ubJtKR(bP*nik#vGpbGR<(~2jUIFW)u%;qW9-Rop*r|F
zgwXcG;?L>NOwdHauTH%W7`6=DsBntJL);R<iXB|tBHGw+iBX<tgk((7O_Fsl@C{_O
z$lZBt#t++lSYzuEQaAHBoezh!j-MOi56FM{bO4h({lt=+C5&i3J73fde936wJ4Mza
z0iPocrlBK$18O^-3-eG<ymPjSBQoraRZ;0AP?D@dz>gY-8*jJ72JzrHkP%pnm(_TC
zNyM-drFxeTn}!f3_Epk=^k%-?=(jZBg4+8MG--BWQ6l6oiyuD#3K`<gz&i4=g}@JS
zymMjolqCB~HmS$AFy+V~KZxe_z~(O;DMLU|n|nZrZ`~T$TsJ#(<eRN-lQbGKPxQ3Y
z`3{u-K3mUyMLpqPWykP*A2?cWg~FXUhoetQ=?}rVUPf<{&=wU*l+kDPZ+9?N*4a_7
zgJ)N7NiiUpIWmUo8G~QFH?1gKH79#}30ZQnAWS5{htNH9(=wwFuYe77j6xDxa-oL{
zJie_R{II6Asy5grNAetGZBKSoiuF+~Tl*|X{_p>Q@uE#ojuUm@jKGro-4~!qr)@rC
zc%9j2ANw&{kCqZR)~DU!o7IL$Y#Yv|Cczn+emYBP@hIx-<0uY_fDIzfg@6QOfOFAW
z!fxSwYl*p!a0kr6T1?&)`Bu28l};R-zRexn!mkl_@#GQ$U+w{Cv-!D}be6wKXRvYS
z`vX`3OseA?Sw3+kgsET_DKS}RwlKqflI0p03DC~8Po}bW{Z3#PT0t;k+}48sn>CMF
zw+91N-Uo8f!VS!PuG)o4og+}E>3y0`IU;)=V8W%rl6?b)2c3DbkH88WB7xtGvd{U#
z8%B`sxb~G&YPH23LwOgqjzeONI-}7C)rLSJRHHm(UAVW@gATD}Y34}Yf>CbdE^ZxZ
znL)`fA@}^efQAMHwHcGGg+1Abj)hg?U*_U5XVpo^8wj-VS4tA$LNDL}2d{@a9Y^S}
zpQ!6{n`17Z_O=wpa)irqIrP{#z{z$R1y-Z=aAl`3Y{XJFJBzoAjG@c7bG@a6lYYq{
zXpc*w-$U3C^bdH2W8p|S*?Uzxytex15#mVV5|Z3}gfYMI&#$ow+J~L6L4lV8)X>Bw
z<e|_n0oL}fW^x#pBM<PBr~YO}8_ThV?U!9(Uvm+?gs=@mJ>jRA<|PwY%6p9L=`>Ij
zX?`wJ*3NbKdmv6<z?0!dlxXcFq&G(KXC1b{Cs@1NbM2fRS`N;f(@{_Y(BRI#p4@B;
zVg2d3_P6lF4W4jhTjARTMZ|Nt4faahs6S7NIXEBu!}<tzEnXZU^ao>PawOi97C!KI
z564ZW2L5}R@?{yf-v^=%$4zb$Kq!@2s;@zK95PB{n^$?AePIq)5?EUYAEnyl)5W7Y
z@gDDk=9U4=rCxe3Aa#8PhAt>6g$fw~IsW2NwSU4x^H3&Yd`hB;J-GW?I4p!Fl0B>L
z@yt*4jcU2AWhGKhpLlhT?@ixVTFy8X)s1f+KF`(LZ$A&ZL2a$X*q4f1(_8mzN5kJS
z*?2?-L!Rd<Z{+~9R)!6s*b`7eus;K&H0v!vcw2N`wuA5DBPe;wscp<gk6F3tPri&E
zkAow3iJ=3dI&;r0<RK5mD*qb+y%fEH75Hi-&xAm5wN3WoeT<PK#hm!<q33m3$d<Do
zH|mlZZz|ci)P=+1$lM}6n;Pr_?P&Tq<RR}fcYyxz;oMm0Dr>7^fyei|qAYEAp96Tu
zq4SBed2Mq}wl|b5%3|Dr_Xny<x-)^$+bWJpe*?kl9T<t2?8X>8Y;pEyRq%>@Z+s;^
zaYT+}^(j03_s?J^YZCFw*KUo#Hq{MZwOJT6F=@ZwvIp>0v<%9=Zt;@-x8~L8{;J4T
zNupVWWT6FBH341{aBJ3Pzy|>Zm}prUnwR?t<3qyM6k^AVJg*NCGT7p{(28Gx3}kGz
z^~APFatkFN#}7ce;MQ*l+l%UaE&x3#cx|d%T$uj;EY-vyO?mDMYUb$QQ`sjk5;ZkE
zq@PXpZ-X^wgcRu}a64N{n}}JX$YP&GeS+GF+~yw;O`X)dse^iXY*Es^@aZogFxs7L
z>sZM)CjH~q*lO(Cwqp{TcAvkM-3?Muf;S?Px#)~Hy}~6m?SKmOMy>gJMFqArgzJ^2
zcx+=CyR(5|(5$y8;zVhhcp;1oG_Ij8wBL%GFkE3dI2*)>0F2+|2g~o0$&%Lo7q$&M
zW#32r&EknN0FmS5(5JnmHDmb(-c!KWe_^w%c^z;r8kH4#!F!7WaRDX^V!Z)?&G5o%
z@LZFU5}%VM9ROw`R14P*Xj(%NX6^uzzjce?05DpSDbRZ|??#Y1SnGPio2UeYk90j_
z8<&_WnM6x<me0Zp0fDjZ<hTJmKpB?oE7gkZ$zR~fx|b*h%>zmj$wOVw`&|T^1K?KJ
zH!jg}j@(r1A*{fj6ifO*9SBJHq)ou)mHVUD!vdiANu0Q!N8k_p-395fr6NbIlF8Ck
z2+4zT@H~v6paFY`#tvATBACcQv$y0ju^zBv*)|Phs3xUftq!z$+58mY=mYU6NEj$|
zi$ht96O)6_CwB#PJ#&AE29$jCq+qO<x0AhMV7>^3Cky5G^)Q<kIPBO&m5YLwfVJOI
zLfxXC*<n;CAL;dXy~ah~N@VqyF%J^9OatU2m2|dmd32nf&Ox4th~1v9vPb_mCm~){
zWC<~}HdF)^y+if*2FXseHDSkCRH9w0;A7^u2}HD9ilEI~m3h`xzBEw(X2n=p?73tC
zbLi)2roT@a`)<E_oQMDT&aV$QB#ZY7X?~2jZkP1zC_I1pl+=w&=LhFUyuy$AuQx-S
z`3dM(tceAK-^!omah7mh|1Y`}atDAmAhn#^cK{9}kEE4r@_&`4|NbT<!qZs|HibOc
z3Fd4dj>MO{!=t07q!H=OMitIwE-=T{5fa6CWR@%ZATQge(vWt*@ec9)l)n8?cv(r)
z(Fbb6`3?iRp_+T8Pjs|Bpga&2?{2ETvWdRydE&mb*RTKe)S(zQ$j2B@uMk<dxrgSm
z(J6VX;6c7*6$r+D<&XGW_rnAq@72=}bVD6Gn46^DB#HV)83m9iv9|AA%c8$G-|O6W
zi7o+w&6_UC1*zco!^aHbOxW5JYdfozDIM;A-MVVR4Ed``w81yd%A)an<2)4<{wWcC
z=QbYXD%$?gOX6TxFNC*voyq!X^D1MQsno5q8>`3ey<GQ%HaCdKIL97^l8fR+h(vx?
zB&C0HgP4=yQ8~X@mndI|OXv;PZ_ZD-ezpXM$rB$ZXw-5)eh^5db0ewW^rrk_lc_E<
zV|{8I53%BN1gpykuut{pP2vWhO&=14jZJRv@Ro^ux~_LomO0kl^$0tuX`fBz=#F3V
zi<@RgRsnpic9OMteiSu7z~`?CNg@XoU-Xi=4JI-75D&aCT8?t`vG`%%{iLDYmH5Sk
zwwQQ+ut(H|BkN7^nsC$VMEs+INAY;Gl)AwKsZH@qpQ(Mmy{~-L6nQ&u45qLC0s-m5
z+bIJWMVH%@h8(RR^)x<^%v25)2Wpfho^2C#epQ%*k7@anUI1qFa5q`G+3pn?+-qm(
z@TW-H_|((&JM*t!6Ez~vcHR0Q4FzYWe!IcX{EJ1QC5`KgzW4%Lg>hYK<#~x?-U8J(
zp?ThSZ`qd`4!Pv(Ye!xKMM~LRy%VkRUA$^`7cVR9_mrZk=zNHA`QIsPphU$+K3E{r
z%GT!v|8C@Dbl}J;b!MtU`xCzQ@O}kL9#Ju^ezWjF9eGjl$7~N|pRRYW_&%EgE5C+b
zf+ULJ9=g;D5NaC#WO^$+MyeT@nRFPb_aT2qYz<XDInKw*-)gH6yh_m2?M6&Ic04p`
zXaQ9DPiymRxl;mClYqd{(AUN)N^n~$SKwh2_jnUZkyZIVray-Msx3PR*&Y`2^Z3oH
z*E9B4T2#MME+OTZaYHG4T(y0ItDp3r*R3N!v)V<gQ7}F#Y-p?a<6CVwQ_CmZl9f0W
zy<Ov21n3oGfy(4Q1S79!G(gJAg4&&M&Fj7);5=3@pbe2Nt)$`qd9-9Z>vpO4Py!EI
zwS={sPJ*qJCxL90?bGqXY^WhP|K0<{h~-t_sH56}(W_;^9@KQV`*g6FP1JkUovHzo
zlPyCv5Zj~)l4~5R0T*PceyI6PU3kJjlZJUWzY}a0q^q$Vz&O+Z8gf21(ziE&K^hpN
zid`01_vyxf+Y2B(8Urg?f%i**86ZQX<%X$ADdVek3;L>3Vt_A9#oLGKj)qh}czodO
zr`_lOL*EKStfdBb)bD$|0KfrGiqn{4?a0;58&FwOTEykx$pF1+D&t)SY`X?r{*`@d
z?f1j0bM~hJH7`QcT=D11T{U>@OKbu%QBJbWp9xGp=3KSBH4Owan{|qdm$JE@%!W!o
ziNA`k&7xhc+lXzzg<dB&E);ES?m4Ku46KnWT`#P(Dw4*_wqm87{_Kgc$bqZ?uT~tT
zOC($0f*!wpe7X~vwi|oWh`JFo!oqq_vV(SlO>~a2=dr_TTm&Kh$TQlh{{F6u=i>bK
zapZ}dkyB!QEZkteVG}G$|74#j2`b!XnQYX~iqgXzb;Kw#qrKig7w#6L=;zU%w4>1@
zs7H~}=uz#iZk}*O0WIo~q#pe4Y`y&gl4?tbD=mqz9?~%p&y296x`gmd>!I|;ZyQWn
zqby|~7k#hOuH8~N(0n>L&)AzQZe)@_-_dDkWMZ`&!t<<bM{hTN({8$3JXLF2LQdPj
z^KNQ4_ZNz&is}2azDbecTn5u7xVd*45AJDcOlvpw&1D-3R#X^jH}<!X^Z|~eBC2z3
zhuWun4w=H_udwiwt^dpS6OZ)_f6;|`MT)1Vwjcf}?$%r=i<WgPUVI6R#7}e{GM(Fj
z&yua{em0qC^_&lzl|Bh6m|3)RQ#d=Vx&5<VyBYq5axJF+R-eRMqdid>Ps$oT_RZsT
zSZ2rES6S^{dGg3YA<5!Jxp8dNt#r`*8+8&$ixb(LJqby!8;S*T(6L76&1RnEdFsc3
z+i=vLzr?=3CK$aiTmCMTxEJY^nRSCM_2og*h|Y8KL%7q6MKm^1!Zy}N>Ng@G8SPea
zba=MadFQ~t^Dpec#h&HsDeGvP&qh*wOeaU&W~Z{G`vKZaJ7*7y5<aM`#`VSH4#%t(
zHjPXU+GmdAW!iIv=MTZ$val50^{5dOv}t0z)e?F10v^BdZvz_-+mq0C7GFK(I8{D@
zo?)A678soV4m5@SMjU$l`Cd1)8I)}%45kndoKyJ1{M<Yrjt65D1dUnwH@^{ND?EFS
zTf;4Yd1{g84La7%gTTdwVY?04f3`I~is|IrIsdhV0~P}QQ;J8jxWh?H`7@&V01oh$
zR?vOpC;+}wO>qf1kJ$9?L_ca>8oFhUX`#&gBL`(Vh7Th4jyj(o?!yxOJ5HHwT2hwo
z4JVAeU0Y4c8pXcxt;H1iUZX7K9W>>mzZWmPl*r>}m19^;F9bHq>JMUA^A6Kq>>%q>
z_t)J~|EL$q%BKL<!5@=NB1xdFd-h(6ce8)14Ivm~la%Mp|4(bzX73BfK(ZYh(!j6S
zTc!iI<Zb=yafiw7;HgDw(Sv#I=nk!6+r7gJ_aGEudF-Ez({R-QHM0Fzqko>!e+k^=
zoz0H)W7MiRu|Q)~<w_r}^qG|c<tOks_I8yvPw%ulCR~$n?NC_2RL=x=iY*c>HUM|s
zd=ly*dE;O^{dvR@`=^~?JRYX)hAHV=ryW4@s<&o4Gmy$jM0Y2#7u{~fWvG+eqKApi
zD$pv_dzDcYaKCFMG4Ko{8WY?xlegdf4o$s%(LKV~Q!(Qj;_&@ZYIW-FQZt8DFKhIo
zJa^}mvMB3BnFEJs@NqWw`7_wKSy64^$!uT^CzUD(&rVL7FkpSSNkTS*+aE@&I!gL?
zK?okbs;Hqhab&2q*<U}|`28h;&aWy1J@Vy#uOyYWqvS_Xamr4DDPYbz)s%P#u#rcK
z!a5h$SqFa&-J}VQD1S?mloQ8a|0fN8$Ak}d*({>1Yq-z;?&R3dJ;0<p)j03Iqh^IE
z`Q;?yRJic?n(zq41N6#HY`u>pGB<D3Fq!;{G1aschQ*t(?*@12Kv<KgE`ZpT*4aa)
zY?G1j`BZgGU^;WuJkhCU0FFt1t>}Jt%AerZTE^axsH8~mSmyb5j;7){t1{23JW960
zWjWo!_MEi~riNsNCAm&*>XB;%;w0Ba7vw_OYDJh|Vp7Nz&qd>*XR`9m{aqUATJ_T^
z>#hTV!>6hP#9ZsS{Qtz*(PVi4$h?;2c!#!$qyL#0BYv$#BHC^Xs$D|t{9W}*D>(u<
z+GN_;U)<7s>}hJ{eZ+X-wbVv^&6_A>N-8r0r_DwD<f4WQ@tZq>&h0Hbnr(Fam)5<X
ziTA9m`zD8$C=MIl*_O$|6799rVoKqiLtLwBLfvc0%^bhHw-Wc#j!#*dX#2bO1FcAI
zN~ME^@<Z&2^he|m{*9M<9Nr%ycz%qgJHULFvuiE598T`Wlw;S@B>nP;xhsmU%WldR
z3)Z>g-S#QsrwowRQn~wy!9t?a(jI%j-M+pt7cvoQVS7$<+-WMNM=OU};{iXoo_<Am
zr_KF=!xPlN`^p*dE7k;;^+2(RxpRp`h$otyhC$yyPo7D{Ln7-8P#(bRL}V{b*1EPG
zS5=iz>8X#!dh))NfmCYAX$BQfO=9oSd#RomxW7Wbhr=FAm--7#2Sv}Eq7xR~c_M5F
zXKU+XvDe2i{rh&ZTOc}hyj`qnRRzshV!HY31|FSlEmE~5K0V0WZJ@W=F_TS3AFckt
z)a??&`D=j#n{o?N>l8h5=%5Z*&aiZUR5cFK*2<Js=Y8w{aP{8dRQC`3|FLCD_8uXL
zD6&U(8OfHFSqO)$jAN9&6|$o;Bb#Gq93v~6V{bXOb8yh_<^Ej1@AbXD_g`@i_j%(w
zj>qfyd_0fLeEm%V6U$_F&YS0FuloK$xTZQUa{_iNI-l7zCyQ+xQCP+=0ZfzZ(Qm0X
z3j>&P{RMg4!s;XUU%B?v^>jiFmYqK3XEv-0PiFw2%UNTFHZ;_=3MtNZ^^}#wUhu_l
zRh?!PY+{^Y$Ke;z-hS~;6={X2&hSsau4rP=YkD7-2Hzd{d9|J^U}XU@+mMg!;C$|e
zbg2Xg=+Pb2V8cTE^4gVAiPP1=KM3jEKL|Rfd+&{%f9)ZHqXI_1k&RsQ*w~k$-#kIV
zW-L!y;SO`iX~NlhnvH1iEK_wR6PQ%*eqkB6pjP5=k#T`H4?_$0I)^7B-C22VuWYPb
znJx|OBVB9Wd7(jzahF@(X%GE?Fy~B!a{2MVnVj}DYVvIer1^+GabiEnYCc0xFV(lD
z&JNMYlE9F*m}6hprHkavmDVf1T@fO|+TQV03--j7z;b!vt~0(S-v{8OgX5x-zUcA6
znfs+hpe1D{_?_T3e?jjQ*D-tb2V|&jURt<V+?D&ZF?Ye37)NkgmOLbHD9qw}biw)X
z*X!*Zf<L}_CT8C9WG3BY^DHR^pYK(GyYkAGDlXT_e4kosJk?|%>wqH<$53(1t?xT?
z4CU_X^#%O)#lY}BbY!G_C|Y-lPi1?v*S=zC({^v@uD^e|IA-zZd1Ys|fjQr&GC7A-
z?|p_OC508vx7lhM>z}|m3`bXRXG;F7I>|bjJt53u+p$;g=NFlCa(@SMmT^3$RxMS^
z`eiBrx>}@rZB*saceERLSNvQlmUhx)b&`Cq>*2Dja=4)ZiY;KMYk3cdSw{4#QeZLf
zA|9%4@a1?MOrpM--@Y5RvGOx}m}z?n^cLfBP4@FFRRR5CkLZh$6X=+o?(mqxGep7t
zcqJTml)R}Jw)UUum84j-$?^;rgMgGDM3MZKd;0ai$c&TluC}Iy8O^+9-#>C5F}Ep`
zbnzn#OyZ7mVm0$Xb63YL7}44ZQ;zg|Oa+b5j$2H19n64e5iLrlJF?W083c|9206tt
zR@{;3AbP}B(OuK713-HSRD}8}d_dJ3Z+}F23&^JD8oWtJN{Yt8JZx|x!jwx}$k)$}
zEzV%9Tf2k7b^^qV618rRNd5GJ$^^qfoM>w6EvU#5M};ff+$%Ndd8u!1b1#=kRt)TP
zI4*SQ1I-NHtv|r`N-JE%Np6J-J)x-9^$e}N0UHA+AF{1$jvvjfmW+};wQTPF+?O@u
z&o}Lvas8h6f!r1aksJegpx4dZoyE;*{VqVbZ-uhPdwVT4b;fx-salg+n}*|d?YGJQ
zr~}GvL(WIE@53s+=8B!$L3W5%H2SV=+96jTXy4VER5E32fXvSgp6i`R%88;_C)uy+
zF5@De$>Gk7m&r`P6l0Hfe5-3hnnL@!mbUP<;-$UHglOCIT3g^JCFfCx0|DzTLjA5!
znH9bdeU{V4O4mNT%;qfy5GmN3SB2V68);q&*p9s(DAdK@AhG_-N1A=ZbZm#>WL(K)
z=Mv6sI^_DO5J%uI9|hU1uCbk;Kcc{W2w`%sfuFT2l>Ixa%9sQR@g2}=i+c#TO)miw
z*i~$oW-Qsh0olyaNJtv|vy~rQ7hD{q0f=fP`lC!nJPGk{^7HpGWd+Bm1MAKVUNXza
zAC4>vVHx10W`=><(F64682l`Yt^0br5MIv%ali+LA784_>j^4SD0B6FCKN&@#AK@S
zRT~+IcoKuxW!q5>F%=_G@4-NckX#A3X;zGNiqbP{GG=;}VH~+v9Qbz(Aay}1s%~gS
zGMgV!f{*dug?-Xhitf=ABX<1rJL*00r3L`ESpvE@4_D)&tlvKk33h*SgHoe0FBUe+
z&p~c#kU&5zuv~E9H?ANm$IpFk(euUXR@>|7?>H;UG&)iIk0H1x&s2%;P(M^8tuDr=
zD7=|l`b=XpSX-U=<|Yk{hcfDaoCm<38^n;psKX$%!s7p9S|wC6$LV*66MkkZ#P@!u
zLPAZUlAXeiFCvy!c_#u-I8wdbp3pep>1fybkBCHx5)<94QQc<|c}l*;u?7*<a1N&8
z5AJ~!$j2l&BA<36Dt9Fb6dvp=^YazzKU2tHI(Y_3V2|`v@!&Bn3@1<tTYgFXrVCF%
zGfE&qM)&bzU|I2<^8{0RQLV7zAdg#*RwKwo$`2Hs@XrlyJ)kx#!{xa3Brnc@E{Sik
zkn+rOF`~7r+?F<4wuq$DR40lnoNv_g@r4SN;X7SwV~pe_t*!#k&?ZOzwoL%FK<)E+
zfxIflvL>o$qOZ=2sc%^mFWIRE@xFNr;f`ewaWu^Mvs@VaP>OU0c3!(&e3yjT$b$c_
zwA1rv&nY=xZN_><y2KW9E8RRYOo%jPkkfL%o5yV&DaC{vF(E-EF%njY$F^vy)2{!@
zYB{g~hHuvdwbGzaV=mJD5{!C7cJO$jF+k*zOEI^3Iaf@v_<eg?c=|&T+?wwZv5?>X
z8qZuSjTy!hnGvpIBM<pwV;gSf&d*C^VuPSuFgwtXt8I^PA-E0(4Nrfy47u$}rs!SW
ze8y#@>DAkr*;HRTlRhu~GW1W=h*(A4#{@}yE!T?0L9XRKZktzeDaxSnrobavMEnSS
zfY{2k9CK!BR~%*i@)FnIId^JW7*df+^13Ya^`<0Df7G0C%GaGkY$R<{JhC_9R?$~}
z_*U5O$x+40=T(JUb=5cy_J20Z8vP`a?+XU1$7T2lu{Atkv02Xj8`p+l{Bn~(e`MCl
z?yAf+vQ%)UtkD8#D?MFvcIOo;4DqKO`#HEW(y2ubDa~S+*|2q2s<QEopBqDb!Smav
zMI}O${<4J+X##vpx13rgYyCr?c8Cs?u*J5z#_<y6c7L$10~Eor6X#i{%!vu`m}*Z}
zcY<G~j9CH|PG;sn9OK@;&sUFVx1Ts209Ms0LIj_~Ptr#q0yA2Jg5W0-(%o~^@}5G+
zN8B`4d_-c3yzaLtw7;i!-2@Z}G|vQIR1<Mo={tfZ+6l17OfMtg?$iVJ<B6Ly=(l9j
zc?zJDCUF4tFDa4^+-i~g#ycnpz(R)T$6_Cv)Re|+FI0AmxEdhRy8!ob_ESXqDKhk=
z<PDT%+Kg8191!9Jt3;b$`(v6v6JVX(uFW#S;A7ecl?}TMuf?cY@%HoC3+mQ(Dc3A!
zYZ`65?Dx4>#Op4w)_}m0A4g!RF%fv9^_t;SF)aUH?6JGvZ+wRiNLDpY3FG{4ym4z5
zZ7k6_@uS1wzuRgrGtNz7>7@b00V9i6_qoUJ79$+~3m@5U{MkeF+W*hjlW`w!41}bX
z0kOI-%4j8>Ui-g(U~^I5y>I`)q0L!zD97o{u;D$R-H9!C;^vSyEuHyaLdo48!9WJE
z#`Q%BVJ&|9gQ_98hFQutbID#UxTPizrrW4GR0YoNs|qJ~z;(VW>Qz0LLSb!YQ2pmc
zKWu8*rp7*GT_c-Xsdx27Kh*z*b-Xh^06j=g#O(cDyX=1MGG?+n0v1{}Wo!!!9QR4Z
z%O1szbB}71%BCaC#EnPNjf+ZRV?%t%O~jxTsN=wS0ml{NowZLToMWTR%rxAQdX+0m
z&PbKVUS^in#JDp>Q{7>`IAf#qC=C0v#GBvKSifJsD*MhqBNBVEo^E4li{tTjtWf-S
zeKhZPBHOV@U#&an?3ZFVKQ(s4MR24!ydnx?4aO?u<`t2+uaKj9j9B~|H0>6@$D~aO
zxj;^1LaEv`4nwl7FRe@{R-|Q@T&=?1l6l+Q{`(7pHXkZ;=?98cDXK(}bH}ouLsR`+
zZIVWM&#=}?vj%>mFxOdLR<UHPgEii&Ue%*#e$O=(wR>`=6KUm0&`;^H4~|1w^cv~d
zr*O@173uQ4pLVjxKl<^_vc7AnW#g(jy6Qb3E5BiE8j-U4EoM4Z`hk4BeANZ>FAiJ^
zFT~MH$15x@IlDY22lrZj?*_7<i01mq<j*$Z<ZtD0>!7{-nzH}S!D9V5=k{RSsM<;@
zzq+5W+q3Tv-O($q`wpqm;p~BWXDzPayjS`kr0lXt-s3RC?n^DUvH(<Knpx!7d%z2H
z3JXj8e~<_3ey!N(D>yngMsyy-NQ~$DD*SJ<uo`=}?_P_VkmcQWx!UX84hDunEQ-J`
zy_dZoaZ#*qwt2vhp%?P<M;=#*?2BER*;xMt(98+A(v(NTV$fKSl4+DhR?6X|y0C|@
zoUA!zU3@r)#(&<0?O7h8c3=l9D0Fa+>THf^GYgDnIj1CCxW`xCW*s|(b-I|H57B9n
z0AYwtXb0ZDMI3wFKKNVWZmRI-wN|5EOwPLHsvP*sf2esL+1VTLOX8W((Tdv&iaTET
z(cL|#_Qtb-xuJ{3pjFsfigH<1=Zdd{%ax7?iw056Hq-HoOcs>e(4k#>SLSd(@rz88
zntu7-o3KM!;{-!Ep99U_K~ICA7VA#Asw<!DkY8w3YN14biA04{+(s+;jQcBxPeonP
zW>uI5mPRPP3uR$aokW#WiUpS5&F}3y+OkqfyS;YSwSIa^+fMhPLq^cG>IN*wxPReX
zJI{3c#J+xQuirbAH&zA8Qi+)k|7|Oso_;r`VHbM=z0zi!O`mvB=8N4IrA#fF{(xJb
zzLC1>4vE_UDAL-AZ$6xe-rBj0wI-%{i;>YvI3<#su3_yA0!8&82Aqlk9yz4^)|T66
zu$>B^;ov4uvzhMsch=0Irri@AZ)~v5dJVV`Nk2sIeDLa%`hnFUOlOjG2H%%_4<p9i
zc1%V%eS6!v=CFLPS>#;i<x(e^`ylj-Yn10G9QN*p8#_Oxb`-Gj$n9IPE>OK|2{!32
zKspF}d5G=|T}5(Pas;fK;0c<FJk%~g+G0!bcIo;#H8`WJ1G+sf;+=67Uw3Nx7HH`-
z#@L;a9UwiDNmbt6gD!2R_Vr@Y#<F)ZZC8J;W-(&FZ>);&EV~OjQ66Y4%l#!fBoYj_
zS6)jLBLD1EkY_0XgXPSj7+F4OINlwR+kS(+P?i1cu<hkbu>ExjDtAcP`x2==uNCCJ
zluh$R=J(1Oc^id!2aWd5hj`k+g%V587#Noa=rK}0Ywt37v8>Y+dZ=K7M8)2{gWku2
zyNkN*&h`Z1l(cw2?ha?`%O^?uXb0rqvAWw?BJ&z!B6ryl^Hqcg;Y#a(pRM12$oko9
zBlVTM?#-t+qNJLcvO&jfCc8bMpL6CkNO2Q9(`*LJDeh7D#?)bMFpP!bljFYCShKx)
zdawDHJMug?_~pAFZ=H54<!^^AF+@<bk;G`ZOYtdZzc#`mEBZOZ-Xu_n(jW<xz-HU3
z4P~DTi<+0^>F+^JoABM5ak<R^v~;PPO&CY24-<8lcC-vU&F``fYn8x(A>teobBzr=
zr0f&-b&2WzY<=~EQ#*W4tF?#i_s=0N3NvFjit<^$Px5FJN*B@281YDyEC!r9VI4p`
zAk|Aa%+_|kbg&3Lx%*dso~{$~53&*yDa3$h48FM?!o8QjiF-1CS}Vw9Z;Tm83D3#5
zFeG?<vAW+PCvf?_AcYTu&G1c*TjJ93+F&kF!N%DfzGx6Z2<;ro7I3Gz6b)lr!mkiy
z-6ky9I`*2M_r^!__4@DRv`G81sH)XF%5s>?&0KbarylNXABP!rSECXk<U6xFBMyl~
z%^lu1{RUr#u0+~X3L3tfC`ba<<9E=W>~)^{+q2Q1%3{4EFV`h)Qf&CZ5Bnp+vjU|S
zUJHyX8Qxj~t`KB3%g~nzF-M4X5Kt6aeAwq{GKe=PM<L2NPfoh2SBw$GSV5$N8I4oC
z#`p}d*^#NO48d{AA!B0nM#bLaa(g(LYvKfpha?s}>#Ylr8;m(xR~qAfxtO%j**L3o
zLLt*KgYD)~>^hIt3ZKKx3(4=S=~u@wsy?g7l&eqgL`#arw@R#vhgl{4qWrx2BYIi{
zvq&A(+go%iKtI!{${2g0(c`TehQkf)o^F_iWk0Cw_g#y}FH0`3Ovox2C8&t&^S?i=
z$F2m6PLr7Lq`}$WiF6(IDTW6NbdAd=P{;d09iByBUg@`09O{woPGPV)2njL!=#uDI
z${ugqGY1OfXpumCF9t;D@NW*ReixFW4Aj7x6=3Bx7hz&g<j6+mKdqsmkNp7)2;-nm
zEmW)v@pOC?zuM@I$5Nt`o@JtYM)wc0^c>NjH>6t%<A(}!c;x1njGL>i*WC|yUW!w$
zA~`J??wPmDoJVZQwmAEgUe=q?vmde?^oRs<B=($`w6Ho#zX4UiD>Vns*@kT9_lOx}
zkHU6?W$fK|=N3a(BLKLdwa~EJyCNVAH$lT{#AX?L;Eq`VR4e1JA3JvTVrANHHnkZW
zdgC8tAdHb_jOcE-@UK(XGo#(Wp7Se^4f+Z@lbe#*dxM2RBWl;Dy6ecAn*Kp>R?c6@
zM+ekf28y<X*8y2JgLkvsKgj;oEXPyu13o0^ep)VjaeL*8osTcRcfU#IAEXcM44an+
zjy9Y<dDiBN#FoKz>ExbD#AV|UVm7n2MJDqf1aEl_1>Hq2p!qHx_F!0H_#FDo%mtNx
zY<McC!|nnyP4pS5#|xxa4ppv)@{5)U99Z`LH#DkqM3nT#*!e*D<s}Q@N5?~wf4l#d
z$%kEd!{cA?dOey~o0;p(iGsCM&6`}X%lDpIK4Q;jURZ9~xPfJ4@uXR&*OpIMf(@|A
z!Qu{w4kzPb7clP|{Z1S{A&m!T{;m^}9;YoDSEh$9fn0M{-6c&&I^*k2&KLll!uqDp
zoeekAA8a4FTycyFzVysC^a7!ya7tAGm>i_}N`@Lw&FtTsgZH<fe5)>a@mUo3*l)MO
zTi-2|3^bg|I4W6>nPPujVp9Ds{Hew~7W+N=wh*fzRU6V1r5?oS;%n1%MhUQ09qGAk
z3JRP<#a?b?`0e{9g6-uIlT}CG`8Nx{GCg)XDV7`w%FefB_Qb)@Re!@b<M^bi449V@
z`A{cysuyQ$Yu=>It_-#{N_LQ8xxnl62$bEPt2xt_4Y<@hoc_9u9g!A`le~I#kCbmL
zv!X*D5hloDlKk8bSe;6lYi2ZzDlHg5)@mmj6H)lw{g0;m&_NrnjJ%!QQ)vm8K<WBN
zuHVe<_Y*;xudBnlQvtXCc~zVwmfvsWv<N=7k^{V1*3wz=dyB>H=}V0$$jPuV7*A_2
z^ULnJvHcjnhR&=++ps^&SJx6|g$~VF^T3oRgu@yfcG~*nNdD4yZ{$>`bcfLxV?FzY
z9f$P)Q#u75uRN9c0m_N-b&%A+aqUueSEujame&IsAp5FP4I5Qk_XIk(yI(xM<OIfl
zoT#Yxnl`c_$DgP}t2IXq9PSmB6F%#v7<qW8-z_?my&lCe_(E^?lO|O(1NQ#$QoCYK
z4Gq2luru!?6OE;9Lld)Z8M@DKRf4ixwKh-C+K6Xn?IBmyTSJQJS8f=9kH*g7@6Byd
zra0rYF+X7iy-Z-kR$C#M0Pv~R#Xm@(AfDcpa)Se^Gs~02zxSI9B$?`6@w<R$N$54$
zT1BmK%z<&&T5VpiC)7`x9RW~Mgrj!80RTHhHPbUs0I{kg*YmzkMDgA&j=n2trE*uH
z)X~s=wt4q@ww8cND;=1gdS^XwsX>mYapvNQU@2NVr&6e3w(g+vlV@_!>suorKlBTA
zFe2ia{mZ6987P~{P{csT#D1ng1`rx90Y3m*IN!DAfV-(eCJVTfUAW}<uOCX&dlNlD
z_4@)~@25?x>m3j?F|>mGAkaA3_5cghPH$QV*Iz+_cZEgMw}&VE%%1E1P>NH1od{IX
z5wE@_0?%?p%^aXiKl!@IZC5;O9rY!cLdiDagT`s2`X<ko71u$+$;YS|4897>^pXe_
zxE7Ta6*$qc3Vj#Kr%%ZH%R|BoGDzLuH{mg;?g&ntXub9C0=C2~#nDu;{v&#v`IEf~
z!DNb?x2Ox2qo_0}UwmhZv2fj2WSXetS4>`|dd&O!t!^IcDL-wlVtU9}o<M@yZf*ka
zU=JtNLZOQ4acxr6Lr4U*JU-sT;wb93)J;@O61mirw)%oS)Gs)`64~L~Fy%57;}7R@
zs4INL$G`D^HP~28sG9ii);z=G_`m#2_#a8y^KRgSMx1$OF00HCzJ5=P{kEV8gfZE~
zkkX#ZC#YG*!g2N|`EhZ-Vi)VKr>em$pUf9s1&2}P$FB<WPX?$6t`A*?bqPKx;Q1;l
zhClvl%P>Olitw=TTibesyZ&<&f7GiG`mnWe-M55=(a*OdUN)V7rA_;JZt{zSG(}9A
zU?yd;@aNGzi^#k%qQ_;qcrsegN|Xz8sfZ15)Q?68l2}wDqN!l9!=`bg=bpO8)j7uo
zOcckuctr_?KSZ9eIY!|RI7Z|J7)RbAU}~_6s1MaOfAZ}WF3xMG!l>VD_UQyFcov1R
zWV*KqQ>+SeB^WZEkmGQ!Q5#E(jcYm8-8Ed?j4T#8p?dRJm${Qh%}tItmdq~lN5VKm
z!kz7#y7!!@l+)u!xx^x@j|rk~>xL;)ab(^6UK4kJD)95ox(Gq_FPHdFhTGq7c8-(3
zvbMRaU-;=uFhea^O>K*WQf<bPF;x|Z)rHL~SI~U9E|%e56)t`g8@6(%q1)F5vprE-
zt#;2RHN|_ERS2{6wPIh^p4N>gKKrp!8<@)#N1gSy16R%;q=Y(Nf8fzM1`(tC_mFru
z@w0A?{fMo*Px?R`p1T#t2stCBQeV!KB7-=-XBC;nuahdu_d%(Vi0J8f>sD%640!21
zuZx>36oFwVWN5)sk7FEX#2fOIr=Y?1rB4BZj;1AlJ3Hl^A!k>@pTT;6#;R+XUF+6(
z+0>gBt>*-tPeQ*-%kPdyRFJ#|*$!qphu!;cNE~g-=G)>X7;kKOW*AkqO!P~W8lCfg
z1Nn|+LXPf&<*Fa{z{aES{XU-Kw<1}K7}<IbYxcNMl`N43@{mEbZ)+2tMWEPpS!${f
zHvCB#812DssZWT)dGVDK(*&rUS-J1=O(=heeS2*z>Rj8xUsi5@Rpl$jJyL-RGog;~
zcw+Lg#uluzPI;|FL^YO5sUN?=T8kV<Q}E>t)`9d;6%iGImgjY<D691~TLDA$O@2dR
z-cv+@!wg;oE^AM}0?;PMYY)}%2Dg!Uz7w3+0>h`1Rb-S-B&-iXvL-bSRJ~?t5_)h&
z>*$O@CdgqXGlTbpN{0@9jg(p@t26y7xN%v?O>AByUqAY^6&@vN+N{Yy8Bg$#?WU}E
z@uQoBylN%^Lwg;^HwJMy4pl7%a0-;zp1U(-YIGu0jcb4<DWJ6qkND;e*#AjC-tkiy
ziR7yM9|`hP<tB5orn~2v{iwug<})A73@^OQs}Z`g3AD{-FIbdhP2;M}fp!_(sywXV
z3usgeXtlLEktvD!NOgH80v46lguBiTE@w0bQ9$`7Sz5oT)D(GLmQ&+cmF02!4>E}d
z)Z-kG`3QnqABYDvKDCQc0;*)MmFq3p2AeI&as?=-Vf`RU?rb?p*VDJs7Goqg3TUIv
zB@Vo2(95by_0XT!p9yfkwudyab5DC4Sbt8j=Al%t7n97(T{=Fcym5qrAlbR?O)&t5
zYMCJs<;+Fk)28htu*Ov^RynSeu_2ijdhI7xJrOTMZMdSvOF=ZqQCg#%Rt!4InvSFR
zO&?4*L8q;c8yzbr9)%6J2I(2G%8l$&-;%$bW#-D7w`23{TS@FnCF2K)J0-E?4U7=j
zr1B^;!l7X&(2*hEfkWMDhCmD&IQl2gt|<{(QA3TR+-Bua`^i>Bb^HdICYAnJ7giP8
z`FwlZ`ZCQg{mv9&|Crl9i2j7LWlaK}IgK)wE6j(4_gm1+Bi8z=yQPi+Nxua=N5m*=
z)q|N74XAc*T39Nif1(&7>TC`q`71^^`0STpS%n_f-MT?`w32fwNoTy>+&**`RxP=r
zyfY9b`-Kl49$MffqE;<9wp{S`uf89Zb?9=ATP8T3w%Kx1SbAQ7)Tt{#2Yvn~QQ+~-
zEFi^1Ric6A<{5o_{0sJYWKW$FT|&RS=O2Ht_USi^wR{r~Yn+>zZZm2Xgr0ugaILO^
z&1&o=E@I@@V2jypb&VITwFur!C~{Y%gUZN7o_(l)_Jc=LlNoG){q8)7-sGIrRTHtc
zdS{=FIyrG4*ljJH4kZRA!RXmw58CC*<IgCum<t=LOnK&0kn)5kT=^A{iJX<IQFizW
zpEjtk3>~t`A0E`5w#b8*<6A^$nK|r;EBTon8`tKP7vZbTGV-JyfBPmWU`cDoE8MGo
zd*H=BXnM)dVqQq|G{$CSD*3?CZWn4Hu#|t0M;WO@hnGTf?5pxSdq=Q<#H)?N#>F-E
z(@KVTGNY>S_Wc9&5?dhbL4UxRQ8xybg}GYIY~HJ%o9_Wx9dl$QOl&jzj_h|CWP@vK
z38Hb2{SJb<Q_`G|h&g?uVNcy#_UmlO0-K<FWfQgq1bvj*pKnPt%&dT$tdKhHW6NEu
zE2+&LH&r?7$fT~{+GseVlg%AE>;`Kh%c;q68><BIkb6a@+g)WQ*sJAVC*rbn1$6h^
z`wxv9dT6@(noVjD^1XHv%M3T{N*&BFFwRtGyRCl^_xkj;)YZG&eAKr~YsRyn03=cQ
z#pgn^qk7Ue8uv7cj)$pr^VA2*eElvCdoXtFPt#wOJ#dN(JgrEp8h25>=W%tg!KH2Z
z37X|DcTwkYK2Ka(I<t|}`a8hnU2q+rX<`OISSJp9w{ANzG-V!PrsKbp&*0sv$mor^
z+`<X7XxJ5)jzPQ29bX#Tp4E_m_YZl@yWsv}YckBIPiDmad5Ls1*dFqFB)hA%DSx{A
zu(I;OT=Jf}%T)Ea+0%jFSY%6rCACg^<?Z#H`ST2!h)!ZdEugfO!+Hz0lxsy6SH)Ff
z7>4F|9TGabr{dOZt<M;)_5|C9xHKO6e2+FBI24t=Qn}Rne4lx_bfwI@uMIQ%`KCv2
zJ@uhcaliy+v*b(6gP79EO7K-bEWk7_ReA@pMVm8Xi{cx5@KTgzDz$H5^n_t>5eP#m
z&tmHDc1%O2tglRH1l_tJ`~k)UiTQl)z8j*LTKGO&^h{4aAdSx6!GpjlKkG;&b=8|i
z@`q;5h#sn7-a$T~{stZpNqLsnrVfVByO4FHbboozr;J^<Oc)aEy-zAxO>DZE6Y$#)
z^#{UNeQDmABA)kFrzK~O`A@?GxHhfaA-fldcJ$7$(^>NyH<gSyWF_y3_TwRSJd))(
zkM2n11c+d4LxcNA$#xi9Zj26R+YTX@HISV)f=m6>huS6ny*Y5c@$m7qxW8^Jw40Wq
zFwYc|`?8lUd7>}r&tKtsYOGzBy7<Mob+Z1BytybT)}Rd!SVdx#C^l?@p|Js+OHs{+
zX9<3#KUvd~(Q8#Wg9#X;BAL>)UD2LY*{&Y{p~A2Rk`o=cL(5gtUK+lw&MWc&y}Si3
zc7JUi5%0`c<7ar-X(@K!oZZ9r1);eL$bBK0-8;b}%W+Z6w2rqo?0_Jv&7nUWf3t2t
zPuRO|F2y+hBB%k$(;$eNRdK-eokoD?4$k;jC<>e;<^I36n>r%#O>^yyjd^}hJi4al
z(Y#BvC}!3cm%VvbCOT8ejQsh&+&RoMTY+XSIgw~Q(t1o3x0$k~7vsA$FA{gC1X-ba
z`*u6vykMTCa<}7=M6e_g#UA92PmRnHrZG*jU%nwILGx#0b)~0e)5hf#`{jGDwSSPc
z2Wd+M1n+VJ<Qsb1*h-<oxx*AvUzaE6MKNi1%ng{=(=l!&;3LA3doK5HayPOpx<~N}
z9_C^sQC=|&4hmY5S|QD**y$Hno2wLl(-@n`Abfe#A{&oB;O;`;U_=FN*g9NKv`YXc
z+@x>2*^b5OBYq@oqFpdY)P%uf8~9y;9}Z>X+CFjJ!&`7j+@0&~fxI*fq*Rg0@iUV5
zL`r)=6VJa>;%~S5W;U-cc0O~l^OenoQSsAm2dp1rOqQZo6*$yI*K6~#Ok2!EF`tt$
ze$A5l8azclrAG|d<!OibqW&1@EyQQ-5}Cq)btTS7?w@Q$<K^&rYzq?GE_}j*m)t8%
zSMagpP&)3+ZcC{1r^7h7Z%KGl2%&Nki`L20_M$bSM%J&(N}oHQ`Fva4l8FU)jZe@W
zsyOg*dlCt9W=m~e>;~rfAB&<f%>DE0flXOk5oJkPFZSrMmu)Xz4RYM1XgV!0$m}>H
zN9uUqNFrq?kg7qXQ~E_)lh)k0ikiQtt!1;PAQ$q>czfdcffx)e{WV1{GlPm$SJSC3
zZ)Fde>8~;yY*dV%s`oocII%suK~s9Gb7%M>%>Jp@emt#6b9co>m=fRbgHqrcF#^8}
z6WTDTeW-yXs2Hr}<%yhX)wgMbSAhx@+-LXWlhRsHupQ%fPc>_!UScPO`)pB>$MMU1
zy`#kJy$)n%dbLm8NS1B|Y6gkiZo3j5f%9^$oN4AtFV5diro%h*T|Hc8QSsD#{pHMJ
ztN#%f=_@(Ml@})<hx#UxGR`6q?^6>E>3OX@FPXiWBif|G28I>yNwBgEF;>%*7fygi
zmc$s(h71{E(C{}`mTq3P&O{gAgo#t&D`x|TLmx?-N-b}>xF35@fnxCjbufzkpeKUG
zP#6&lJ(LTtxc1q}?<n+7U#TJApi>!Qk=??j^=7^ol<dO3!u#GU8|5`S@_VjFLv~y2
z$wO~RU2NjiViKAFl_EVjgC*TQve27&dckfq3)aP={z3QyhrDZ0vOS@RL(aHFG*L&E
z?WY?xYx2<pYo}MjJXe?-<@qSs-d>k0-34Mv=>Z0-h2EYnGdc*=mR~xwT#?^AIJ%%j
zY#bwo(XHt6OPjp{<kFt(mxdu0Z}2R6qFHJge|YNW**Ykb+4?Q;k+6%QQLDodxTT<_
z6ZYn;x#>nOM%vfvUFqdsGGd|YqNIKODt_%shvy2U)0bOm_Cl{7EnqF(wdCfnI8NzI
za}ug9%zSkg&#o-DV9AI-c8_44@^>U(qT&=_)iL2oTZqFz=BroxXYvF`e8BZ*Aq>5e
z-SrBV&XBaRnTxb&k>~q>UIX-O@zAYxe#HjSa2n<@BLM~=WfD88!uFPW-g$x@wu<J<
za`C+-cl;JE&h`+)D-Z}1-&m?h&K7-T@mH^>E*k)-_iX{j?F~7!MXQ$ZBiBG0qFq-b
zI<h*MSe*y`t*3$vnNSa$@UFMlg}wEK3kH~arrl>pkGCruzI8CXjEc@zCME-u@t@b`
zF4#0X#ZB*dd1hY+xxV#>x}k(>rW@Ac#rKvYgCnBn%w2bz0Pw2vF?ibd*aPIkXcFD=
zV;{R<#pXaUu|ZOj@Fx?&x6F!l<b{jEb5Elupssf)tBF*Zi1oz;1b2q0l@x@ig47wB
zY^~YgqtoV6<BmG(qR7M7M$im|6Ua_E7m2-}a0b1)2XQ(PA4gN!M-blAF%DE>)+A1{
z_uPkOL^z0>?%tJUaYri<ch`{g<+z&F$>v%!kGj3mGduGE8))`jX<|{J?u7!>i(&$o
z7Y?@37&cO?IrM&vPq@aLxubJ$kkOcx$01|~5=c$U%Bs+RKTlg}S3c$P^ys(3n{&}9
z@&RQ$4zWHbaY@!MF*3xTJf*<kv|5s|(Sy2J(e(EY3_~suTH5XO(oBwO65f19E0I(?
zBZhuwV|91^k>87f-!vUi4=J=miJU742;FBnAXbc4*Cz5X6fQX}aCfu(kr}pK9{bU&
zYurz`7AQ~yCa{AcK&{=6i&86i@}(3l$!h{EN`ybSXq~_~Sqk^q7?{sqKD)`ga9h=n
zX!M&D|ETQyxoS{0yOF3Z#r2nuipL%7ST9j<Y)6;c)lLl=FaeWOSj`hhuq91cI8l{C
z6F90OQe+|_5@qHHl205#9M}3M9!5HrTfi)Cr#Kk`LQ-@OPxkX-9la(wxB)-=Nz+GZ
z05-mD5&cPGg>Cf2@b*rxi?Qw+3aTl@Zgi<bG||Hb5;1;gz04D)Zl5W~C8kdl!U!-(
zohb_K4hC5&0Vi8??FH(xVxcd;{K54}Bw3z8fiv7){Y!<eXUeV{{)k9G!U~0q9=!<z
zGvZhmNSSWan{XmjHT5M@vShC1PQUks5nw<pI7UYl*ruZ2uBO4WzRkY41O6|b4{V+E
zYWkxBd*I>BOk+i1m4BRd^{PYEH<qIdmEG9vRFrV`p7%x#*=zo)T1<n77{_HMYEMDG
zwiGiB8Yjk+el&T8z;%pbvF0$*6cg<Xy_Ku-5q0Y!EwPjAceXl};Ybfy2r&ZA9~INJ
zohx2jEI?*+Wx6R8mP>!DD(@4^Ey6f{Znmin0e+<*t>MRZe<P0+iEFl_zOtn#63fCA
z74ak~=~NhGOmGW7e4!<$V!{zWEy^7@GI&g+AM)^5us0l!Lqy>tBq(U$$^Q|Q6O#q?
zkVTZ`LKSRPfYj-K|G{w~oNEyIp4?CGAttn<!lq-KWX5*gTeN?>Gfm#rH=PW#KmFiD
zVxFB8QHP`aik<_;Y49xRnSlQ|-35O{eK@Zji4DQ{6YKVW5bX~lj#YCZw4hN|Y?@n7
zIHr6%&EVP9J-3jAWm*-UOxTJoE)eqalSe#^k0Qab65a>vTq()L9JT{1QF)_W{vjMZ
znOe6A$W-e-sib%);V84Sn1qJu8(Mc4=M8HKgiL>M>ZP_-X`w0>E(~&ZjQA4GQ6u>0
zO|QODKCz;oU94)<_t5QOeRsuNa>dn%2`>B1Fd;qxe`-^l%nv3d5%)UBH>oB*u#n^#
zbgI1>S4|`H)x1bBd`Qs~%kq?!oKe^B=~Z#$kDwd$ww>b)J%nfjv5NR&l(B9~1p@9l
zPBPrtAn2!(m{QU4Wc=|&_q^umwsP@cVFzPxCODT-W<sz(wbL`l<*gMV>n8BOrDf(8
zhIcMtIyKv~!jk#@!H<;>42at_rdaFJZKkPTA%D!tovl`1o6|5(?6>zkTr$)ncV%HN
zFwzCNDcLrq(GcFcu*s4-zEoYYNvAi1VKJZXIkEm+T;)*0gG}F?)M{?Mn)$W;02r5s
zTm&Ur34z#29N}7gBa%c2$e_^f5Z5`vgBjKsC0pLN{2-I1%D!Fb=ff{$6V!(zq;<+K
zwNlMl&U3*?q*!g1J<kKg+8=91S;Kw@u>cPIa8lE&g3Fq;(5Y;`m#>kU>UZSMR^87t
zO^Jg$TAm$t!4h>=#o-R-&1I83A`h7a%NuLi<_<W6z66q(CN;isj;Z3f<bu+FqM4p`
zwOy$tZ9lFuP{9BqvQo#^*2c*DWT<l96bQzVvhkw>Uq7U)IR~_UB?~XBxTJgI_)b;=
zYyK136ESA-SF9kQ+-Y8wOXrVvNU`GzD85<VDg0R;)m;my&2v#AoUwMHDyIM_fHPlu
zLQEnM%N3@H3l1|W35rxVE<e_^h=5zl{7Mi1UbpCmYWn%xV->~$S9vGi+#;c`E;?ph
zGohna;5vh|4V@Wwsd9P_7Rod$yG?@WuM2cPTHk0^#z_1pc?z#)2*deVgxds`qpxXF
zD2Jd{XWu|s{qYhoa*vTaSAZm#;X*Y^VlCCx=_gkn5OgPkN$Ji6{G4yQQi7(}dt-sW
ziF;#yU5lPx1WpP*U6obIHL(T{2dKwI86=X~*qp=x({ci$CHC=;sh841UUl8FFXSe<
z0v;5BRqSdYj;itZGsaQ6&T{!QOUunjS6C?vnxeqxW*cRxV1dg;)4|n2gv>0+i}j1g
zHB<8ns0z17oRHErLgTe3>v-=A$7g`Blmw{dO>&<otUPO&0S}GYV#-$W9{98XX$2zb
zxVPx3WkD1y5qtqB9{yLCYgwpcnhe>v4raaav*)P(?3o3UVzI3*tK`=s+^lFcF+SC_
zuTSaql`=S|N%YdWCIQ9=X5o5eOZ%>~RzC-4et}vYDy+wW-ejU;lr=<_*M-%79N{d^
zo=SV2xe^Zw57YoHIcBb<mb>CLajh@Y>E0qVy;T18YB{QDifagVlHPwlo;XUL@N~f-
z%ZZu!xq7nQJ%GH*H5iUidIqIlAHa#l$nYC7<G(D1o<^(%xp(qyoahoCjc6GU&vt5a
zo`8FOsT^6l3C>u?j4NLSGzfBRri-Bigp`Nj=>yT|Xq-=PZ-RH=Ro$<?Go3+$l7Z~%
z>CKgTnf)Xyu<evqRVVq&Ipu80-=N*Q6Z(3swb;?5IG`b)Q2Y0^9@ZwM82uCnWe>~q
z){c@bFAgjd@Rl;T8u<2kY&QU&KW#%MRT<FT((eb0>zDtE`_QDt%w%z*60PRScG-5n
z)1Zf)R&Ko%)NS^$3q!Ezz(>3n;j7}}5#?T1iNjJTM910&s(V6scI8S)_waJzvK;7~
zvG=F^N-;;HHck(gpB(RBIP|O?C!f|Io&~bW*BrKjhM*rT($84~osEEb-}Pp>Pt<Kx
z629aQ{6WA9(%`dE$81RtR-icLxf3L=qz`7L#Ti}KJ-Fk)z4HN02+W#Oyl}5&0V6xj
zp**JGtQ8Ke+x4n-b8vO7#$hpopMV4u&C<%1`Q^#l#*u$!OKUGM#@+_1V;DI1c8>Qx
zV?7G~IaCch6>QFy|FE)x>XvD`Qj^~6Yk34992~>5v0LYX1O*Qdnaa~oTiKGbnUe0G
z){&UT4+q>-t~WtkT=))9m4Yx^PbG43!&hSWN@X2VDD`8I%o_kBiN+MXSO=A&_UM5Q
z`M#H>^j{fXY<8^z>4mbviA}o;)cO$IOPC>*jPZgF-Y|2t26_$o!aB@9w1vErQ#MxZ
zkkqeDK|Bf}-19U^lAuT|+Ux;lnk7T<YomY4R}TQL0zUgUMqdhgn*Mh19P(Iz2|l$|
z$7eOH$evjZ_$$W|npVD36Jw#xh+XbneN9%wO`rT3QxS<zhL`=p%>K}$f8LhJDMV<(
zh_NXXBa2pI_HyJrFNvAgmd@T|O6GaUn9X$02EZo2QEohZqcfH9&L(7hlYg@>A-jgS
zodcaKP>2U4_TVZ#ckMD^SX=cNn#)Ehq%78OnXX+<d-XOd3M~+ndhDzQtSdM6lswxk
zq0h(;Jc%UYc&Y}1T9-rl*%n8FwL?%FHJZETCQTp+=9}2Lx@>Huyxq0lZE->U4-(Ux
zokdqby1V8dXM%02=%}aTIJ@WR-eM?<X}B-(d3bBUqR1aUXtB9G7(grgiZ)X(HQ9J*
zj-Ej}DrF7F1?tfPCX&42%Vy@I@pQtUGB2lndc&UG;~1B6&8Po8gfYqNy}eJL3++&O
zcl+o;DjbO~=@>3L`6APJZQX<Ii2E~<s9PPc>E@dM4h))lIMB`$?7pJnz-oP#j4cgf
z+`TC(O4-iG>ace|U?lMOA^2I)c_d~B5^5VZ?4HfpOtyFOnxQ#OIdcv{nVC)fza~Wd
z+c4&7wY;zhQ4@=p%XLb4e`SR#ugPYX3ATHqfd?l{>qE_mlZf0A5z-dw;1NS7Pf%96
z@PHAUODJJ)NzD`M4DMN!Q~&#C=dY?L%e#C?yE#cEs^!~%+#Gfb7WxHa&Xt3UJ-;1p
z+wDF;NZyMU7gk-(qHG$p*x=*l>d;j+-5#2gZ}`2Itmq>#B9;8RZC={XwgJJVk#+Y#
z`$qthvSA2k`Y{X6xADz^qjy!8-D(do#CxqDEDhe}_)={3JCm8wy}mzrW4vfh?kb>d
zQQKq{has6o|C*UxcJEpwrb3h0@_+oA)W@z{?6|yxp4he}2@XpZ`IOI%3RX&bt;{8O
zaU>eP&wPGn+>hL4H^fIb+FIt44D!uC@~-N|3Yfy9E32X|Cn#1@7{y%`U<n!9w22vO
zo!GObME@bH7<DTajm<2>Gd*D_d_~aR`Du`r6rf6eG<%tqLxPPl+B)Q2Pdl;mMJecY
z{LIQ+3S$Y1#XIAHm=bxI2TiIsRCHa`!+5!dQ|2V6wK-UJ`aCG%Y2AqdUxwnY_B<aE
zx5%yLu_jaO?|6?iBG)&A`r^q(p6`->hkN@hO$)vvP?<Z{G+BFqdGP`HIY*zCk7n<_
z?C_4uvUxDm^08n|G^Uwe*rPF$;E+SyR{|0ZGm!dmWac36*_cRSR<#QKQhi`V+2qjV
zZ6zs>BEUv8-WhlO6u(P6$0%~OKp*UXS~Om?ZYDdi;e!o@6Yte(X+N14O8uRKT$fgr
zgjm+sJRKQ~(!T3IPE_AxtEz0PG2ZW=Tzt8gx3=r;-d~ABM!}`3SFC+6VBKS3j-zQ=
zku7EQ=@id$tN#_|?YgvjkTjHPhvVaB&hA6R+(x$fbk4UetHIrJ1MCJSdqq&&hf1{f
z>oAle>jf5_gLJX0f8Ze0F~+gkb-(2;Vt!+rk!>-s^!<%EjWO&J<};aMXZG+wL}R;N
ziKTxB(iOEX+8G>lqI3AivD`>o&V$`MdtTCBRx%m6?)Y}O;JJU0Uwudi|GE!_<6D!B
z2Mcp3A}&J4ZjQ12RT58xPP1n7go#ZYqdkPmkMvk(yvdv|4KZgc-rITJl7N4|5$<WS
z=IVi5UExrl!k71W`{{F6YZJ^Hd{cjuRo3b=`S2N@p2hDTGT3|`sJxAE32B#-3Rt^Z
zt?zi#(ZC&Kyg3GNq6sF+-C6A*w0%C<5$d{Ib2+$(M-(b)4s29<C3^kfaK{%e3b9oe
z`=)hkv#$SGzNz=HgUinmS`--N=@kDN);N&Ebw(1Z+ivkgN6;()y;Y_VOvKq%I!`K7
zKhK8s;Imfm0VjcaCI0>`L70p<>F9*Tn$omM-zeEV7e1Csq6Zw|`v6nQMaQ=e#Cs`I
zv%^!QygzT&V=uHtQh&_9{N?#{4Rkn@ZXg5<xx1vweI0ZB8sc9|iX^C~dfsnQ@H>j*
zCaXN5_qr499}D7~L97XPx_+fKuZJ!;AQk&6C8Gg16}#MO%fw6ayc}i1X50#V4B-w<
zgnSS*>3@L$=NX*??c*XDgNESHhevw#od=0n#g{X(j+;uv(C)!VC#6Gz48aduZ=*5t
zs)#iY9<LNvHVtm`n%2v-^M&ogo0|);e4i`hs2ofAIZcxRw~Lg=6oz49zR$bskDS<h
z660Ur-+>-|f;J3Fy*yLBX>95<?NIXd5TPkA(h$^17Qq|D>bdxB*}@%R29s=<LlR3e
zVF;ps-Td3Ka7MR2Z@x$b<w)qK@3{MQBR+pe9z@DSPA@9@r~R5yl{{pRJjxl({Buad
zg?;aqvnTfX8O>k7E|0EUQL5aohmwi0g#RGrY(m5qa<GVf@U$#^c<i-y_y&`7b$Z?c
zj9y>8&xD|7<mIn-Kd2AAvR(;y5~AO~b_<3b=5(zb`orP@t_FvA`vL60ANKAaBo6zX
z{nN#L{NACNJw+M9r!p->Iq|3dIfHWEspqgI56p^PfX?fG5PJ}qn?J?LW?PwcVG0rH
zp{O&vTIgFjHww);4o9rXH}<p5l@I=d1o^EaX0D7}Sq4NFh$v}P0{=lW;#(<K&sr=u
z_XJN?`i%Tx)TqnFy^BCJqJFmEN*4L_*jwZ1bm+kOiZXTWD*en~zP~JR<-+LDI5Y>n
zOPs{xD}<EiTxnhR2iLoNr4v1|@8jKiqd895u5RWHJ?SW7_34Sv8FWo{U1qj5vWQSQ
z(HcG^@FrevZ<+EB_$wrr)T3vt!6IOx(@LYirlMwILoD;}K;vmZoim;-|1dnDyZ+4C
z*Bf>tGy#fF$!Lm=YlV%h&0jE3Oi@XI4MIy_@CJomBpI<Usa}Rh-{D>$afQESuZzdq
zZ0}^h{jYS6vP1+8y?=bO-z;=6Q)rgk7o^De{ewhVyT86A&<H(jn$3yk%^x?q9IqLT
zzvm0gRtYKT1crxhNHnB@N+n7o8V*R>Azl;SocoW82cWx{Z@c)!8db*Vr_M963Ub^o
zesmni0<XtAv3ILhw2Lcbkq^*cB_$e9OG;N#EGDGY51yp0G@uxPtaN#$VP|O?LG`tC
zo=#!|6~Oa)<n`b_s51r!bwY_#5um%+l@{lp7~R$HF;hQ0$JoSjh@PsBax8fi8)vd3
zfs^K&=h?TG-Sh6Tqo<8*<X3^TwUmx*7Trt-*)OKW^&9AN>qwi=Gm$@TG4{U>?e$a@
zow;Sb8IzT0nEW`D@l8i%KI5AzoD*7llOY%BSSlOY3e_lJ3V)%)6|!AgnpG<#SqSf)
zwaNGW0zj8#?eER8LN5fgHj`@dK`6V?CqTihUPojJ=>c#>cssAKG^+)v^EM@S8KkhL
z?Sp7Qc#I7JGGmBY)~4?+-$0#_o(xHCBe_VPei-{?(1$_Bl!gu@z&;1BU;CuUQ$5^n
zL<`tO?5+_5Yxyi);my3hq1jXsPvF9`qJKCH+J-hs<nll(Zsod~B36n{j(oXYKqO#T
zlii^V(rcai`ut#Su!6&IHQ)5Jl{!wdiU`P?v7;UNE5E<+UY?`2bGTP4XQmG*TqsvC
zXbZl$vzk^}=?3Y7gzMTV1$oJgcuEVuHMg}98rJnp47L_l&$BVj`tkG`KRlf7Mpz{@
z;#!Wig*sBLNshp)El@VsJa7ZeOpmri-u-LGx|R=A_1j~J$Z=ss_OK4W5&g3e4RI3d
zFWr^{AU!6sORuDxZu-eqpJ6a)TEsK1$92`Ja3UWkI+*xN`+MCCAfW2>l8cP~(pf?O
zY)m4we=)i=QH{3X;j^F}weOpJuY()~(%`W|HiNiP;mp;;QcUkDmQ`>CaCpRc3R%nB
z7z2snL6TmJl9d9u6vEFwGMvCeJbt|6irp%pQ0G+%o#I!BA6C%}%N!04QxJWv<x^O=
zu-lYtmiU6hEZ3<WN0FFbMKFZ17+(_nLp4Q#7}u5q!iW>9_@D4x;@UJt59jz3<yILX
zke^G!A4MjG*D+0?{Qs-aDIXGXz#%c;3vc5k^A{_6*%QaCuA4p)qakFxUs$Z-hsP51
z(;DQ)j1+!@(~i8-A4;>zD)M5wT1t6$L_6Abt?2MVIK5%&A0cxC#d%S1u4T=+vJaZd
zoCZj(CnTgq4-JT-x|pL#bsxbCjc7*m@)9XWaIM66pBeI{7k!l!+*78l{Dz=~LI&11
zg*a!cpV0b@92*cOoh(M=efS!kTNC!uy;P->gvs#(9y%iRqiTL#L%K;w-jrPw*S3IQ
zPiWw7;kYk5Pv<k<J9&k<&p=hOlm0<FbuKfn=%27qdVJ!(+~QcG5_jcSkOO)}Ri5Wz
zYd0qv&4`ouiywB?b4%skk9%c0=`6Bd>}39PJH39HsErG}eXhim&7VHiwee+yaUx9a
zd)Zfk^ilHy6<{on+bS#ooAn6Ngh~GN35g)HOVwQHvx#nA1+o(HGKs`VeJy9}fyndN
zgo%UBL{;49-)qnZ4l-tiS?Q=GE#kZfWua93x0Ri(Gzcf3^A`RJYcL}P@yuMr<ctI)
z&*{6gD+g57v*|wVm6~M|FZ|8&O1<JlF<o64L)D*+b1u`ZIPz!RyZJ()IJ2{A&*O4j
z)NfkrYq^p!K>Q!R{SLSpOEO^)_+Ev<$&1rauSyEDG8leFaD&}|x6A>#BnfSIUV_jK
zBqElS2VgJ<Ty1>n<u`Bdy`7zP7cCM?(*>EZh!A$^1U^vp{Tnt4(bBq6U6{Sw_~PLX
zbxGp~+EG`l2Z@`6A-IunR80jDWYDQ|TmRmPH^Ry;Qa1lnUtgn5<!My-@yYW)YWc1<
z^+aq55Nqbe+`Wp*8~%am63JS0k4%4GCyVqcSjK8vz4KjX@e+Q=m5>~xoaHoaXO)Hp
zXU2daDR+-hTLy%f#^SJYvoza+$GFXgFRo$KX$p!mmGQvjhdKagRxGQWS(~08!ZiU7
zYlJ8_c#pmMkAPv_0tl5FWN-%n{+UL1)ErRThccBq`5ZfAows6%Ic`cNRGB7jPNPp_
z6#MC^fC)L{TGB-6d>Ty8QT_P3bcn*b`5B)RlaGd6i<v;}(Z#+UNS+$lGG$wx?2;c*
zTh3Weny|&@fTP6(DyF6&a9bCkYKPKoE(Rb!rB-e;n@YiA%m7CAz5;Yt2f<~A4_+g+
z?J4vGmm_H)5IX^$wNUfAP2BaGRApNHD0hv#9lAzm7j0gT$ak1k`zmRCop~#F{Po)4
z`h5jXvp*Svnd%6l&95EjjZ_>rP9Q);#Q+|zbNnzH?;I!;UK6j4Gs-DJ(`&z!#Vk#7
z&G&0ec%A54n@Ve>Af<y}gTA`k!MB>hMQ8xud}AV#84d2EmQNn(ulD|b>9Gp7qQ0M?
zg{Y3It0v9NeL?k~_??+BPqY{SKxx#@$|u7&E^5x=kaMMG@MTJpep&HQ7JkPGI_qlJ
zlGtuziZJt18ck2BVZA@yLoX6pW9Vs9%Y47PVDZ}zK+23Ex5nQh?AEdhtDJO4S&Pz3
zw^zPPD^7t5<9ARkv77LG!K|Yw_357R)J(sSgG!d+!3?6NErC;u8S!elEBA){h=XZ&
z*lcowH@%)}H$Jq#S4*U#S~`uW8%bmMC~iJ9sB)krO5E8sFI{-1(*{DN%swZ^gnf$(
zPcO=g&C_9~hdbgq%LF|B27Ksm@S>?sBkX{XicfhbOW)acwEs_m-FE&gUC_eKthnr`
z>qf2Oxq!ED+;WZ+*<P`?aMYsgm)jN8``Ule8U5265kQ`^g)obz6#Kk-$%NHi0W};j
zamIS_>K_E0srpq^PxQ-Jwmm_0bgTjdHYv|1%+Bt|z2Y~7wYh3W<1fmBKf9%3yu=Ut
z^HWI2I}Wk~Ej8o=e9!zBZlO=EC=>Tu_j1}$H$htKa_;xHIJEK7zUTJRsfG82Sw7%f
z2iZtVQt)zhVPVy;fkigH4t+I?_t?_ytlWX}*Xc%cO-Jf#Q|gTRX=?(oLxC>F<>{M+
zo{hTT?132QEZ#4p62$2OCA$mFX%q6wC^@y2uM4xV21~+B=j=64?5<p@d3cCQg<A}=
zQ9PJYKXPAl9Y3nN2x6pSU^VGIFn=ex6Zaw~8QCv{tO}2o8awC~mIa5Qw-fp5Tc5o$
z(&*|t^nC;a@;SIRnFUzaNf@erXl)1=0foOnrT>qmvkq(Of7tNokZy2vDGiE%w6v1a
zNJ&c%q#KlOBqS9O>6C7X0V70dMvg{Oy1ws+-}U;J8{667LOI;$dF}@qwI@}h->OqK
z89yd<uof{P+@7|HBR<&Ubu6=bNiA%YZO{hXrR<;Sr}L-v_(cfX?=~G)?f(*$X~)nb
zy(G7ZHk<G=!LMY1ri{SdmztTVyLzxn`mz8|^M+;THH5?hROa8@<m}fSvwDy!i=D}9
znX|E;-hs~jLbO7i$8BRhucL3a=N_*uI*aF?OC-Ewv9i+WvsV%a2V6wW8(4@{sEdvq
z1D(^~TKcAu7$lZ&^Ac;C={Z+yYfTBq9IuDPCA3j;e$|X=NqY+`t)<zFH7)QOht}Gr
zq@i>a4>1H@;u#a_lsI$RXwx5r%!XAChC3a5)zYq}#n;`&7OgO81r7=;Oeyo)HUehE
zV>QawM@(avo-i)jm~o!8H*<^Xbl7dCx6%K>xyTd4AEg|<ETFw^L%e$Xy8k@2GIjJa
zJE#qk+aoEX=RJFUu?Y|r;f^iPQ(<<ph~>RkXHO`~m_wKdj$YOy_&s7gJIUrMJYXHR
z61OOv-hqj!*RJJb;<SFrZ>Vhrf9k8py8XMV$!lUuyUK~_x&QLDjr#Z{EkxmbnKX7^
zU$^CVlP!CiR%=Ste7hmtJdmia5t}AZ@6EYnEA0whd&E+Da#iEM@8hzb#PhZ+uuMND
zebM$h?<S(@>RXky_aVSyysK|+`yzL$6a&u-q`f1=sQuchT58S>u4gSH3L8)L6!}y0
z+GYvdhZZcz6X^Pm>(1Q~WH6W}2j%Xm?LOxME5k4EMoJj}Ga=;Ymw52+O;MkGUjgAx
z8gs5Uvq-lcd)u#W9xG!@@ctuAyvVPRhBxjWTE5Hm$qr{4pDm&O)OWBo>J!=<Y->bn
zU1ZBHo-><#mzj$u`P$9>IszKi+f%~`sgGTJi*$R!1LH9LQJPGh>9uy3(LWaW;FXyC
z0fJcnz11oYskr<Bt(1J?N^7T8zY7O!By47=_Q`Cv+W_^b>|4ePUHF?JPVb(bFSbm(
z?_Uiui$T?(GsZh*WJNN9bEFmy662K;$KR2l%IM#<_x5FDh~oA3qAiu%F9tEp-g;~w
zD{Q9FS2Dpre`Vy%F!!@cYxT`lGwf=WtcAZR%+oKIE*@_piu$<GjdWkMbs)#!ZqB#x
z(rQkrc1GrrIjAt;F}oD7ZJrWjkZW;d>+%aYZ;Fx5H_9fmZjU#CGKSR34x6RcclD@<
zcjQl6BdY$y`{bfh4czpJw$D|%&YH%v^?bM!|5~@_vNpaaW#OKu<kijQWTUl#VQ^jt
zr?Eu`SMuBS``Ad5DZVyiQsMYE&Te~PxjomLl5tY~FZE6KnAtmv8=-1H3UT>`fz9n8
z<y_<|*i$|76tT@D91#MH2Bqy^Li8)=bt7F@1x>$l*|buqe_Yk2sU;4NGG+K;{ydgz
zf%OWeJ0BUQIW&~S_|z?>DeV)NT+4Fy)>953HwhX=1f^X`1X&wfvE6Vm#Xq~Or^zG>
zVnzN<h#L=F_1bU~yMjTcH5Gul<T1+<E6tiKERiM|?XOp~$bLouLg&EwZGxv_@=T&%
z9PM9nyfy57!_`?|vp<~M?}#!w-6zG5d#H!QGB9&D1QEJ|fhcMJST~xw{~#bn#`j&X
zV{-@E3U{=4KpH97ONig(6_aazWr@znw}~$8R>X5Gmf(&fwZa^UbCGLbFVQrO{0qrN
zIzMDl4$!9F#}SZQ4p6skRU;>Ej*369B*Srag$+cx+tfBqgNvXvAqz36T{jsbg0N$4
zy6b_vWZaWAGm?E9B^Mk(7Rz#%5oFI|L)hW38Fo-X{!*Lc83WH|A(puc$I!(cOYO0!
zv;!AUTI(1RK~W^O7fz^UP(b<l=;Ah_2_u|&?yW6d?t26>Byw)(63@@>g@?;+mt?n8
zw%aMA7F#pb;p_hI1ButSV48{Vl@<4>ZXXB=3xC}gvP`4(T$MEGiXdX1*qOK_SlNd=
z+ER*<`-y+o`#vyM3T7ksy2N~w-%jj+rrFT<g=9&wXEax;$k|ujRp;cV#4Teyfz`i;
zm1(_sPT!-BIj1U3|2gm*vb2|<lkJ%Df^EUP(mbC$SF!0GSJ^e6$KF+p61SSya8A+`
zYpfdS7Sjh3|4xnDrvkd`%xy_jNngCQxV^mke%?Rp8ym8A{B3pmIy|9um}G)Hv7F&`
z-DKd+*Yo-IE>sp8x><g^p3ic?k(XFs&(x5Iy-$9grwok+3hhaN@8ii1DbIusN3c7Y
zHW)^2*uR-(4?Y)Jgv4=j-wEENZ6^PDp%l?974NOiu;JQN&3R92^RlK77LT*fGfT52
zsLKxFxT?z7xKf85&Qt(X;9#7(DIj-PHCP!xGmsloQa3fHWHyBH#f_N>1EQGZbNeRB
zOAA9YH!<WXBL-tzrFFSagII;X;TCI^j8OzCham~xy>EV)T><t5;;N9}`S69s=C>;>
zFIANa(|QeVCgT>>!;UZU2Kt)Iuj`i{g4{Q4I-3NIhd|q{@E@1sVMWE@YL1d=qg+*w
z`J1J81O{S~`6Dlio~x_R2dzB}R<~^!efzh@yJb{s3s}ZD7JK-nvom}@r}0N?CnUc-
zy*4{;AITSS9cy%@vrul+a_eN!f46qay>};mHvuGQXJVGORc#A|vS~h~>g=vS7v|sb
zaowdufBwwueC$$+jqvtH<idF`RE&%|B^~8G_AZ`5Bkbs=b9IH$44Cd0I}q<zrMWLg
z+9Hk-wojrYLW~c79%~#PR}o8ZFGV1>EqDDiuJ!La&NI&aDk=^f)e59T^IX<oS3{Rl
zF58UM{D*FS?cXnnFBsPb7!b#Ayw?J=CA&mvHopD4^u9j2(@0&rOS*)*oCla9rSTdM
zf^Jj1EPYXR5*l3<8UwK0Yeo^ot@QClP%6Uj#%##~&YS%6J5-k8RU>20&s#I;!NZ$H
z@!Ngjm4zE314bPpW?#;M)b->suN3#gLUcKD5F(RD4Ot>uFEmY#U}d~x%(Fo8CB;St
z1H&G<ir3RAKtWH<N`mzkq|K^Qc8*={9+1;l-A}VT*Wi;dMIF*Sfd;&C&uU~8hwn?H
zrMvq>-eeba{_hrE8s}sbY|_~+Zj5`d{ldRyY@3g5!NDk3Dc$|Z$5IIGyDOI7rbw38
z(Px71{X>2tEubSR{&?iesnK}X_2a<bgNCrNnQERj{bc(qAo_BHhfQsh_PEb_MoV#Q
zmw*dpW@-;+^}ssf>>7rKbAf_|!FuZ+p`XRjyGgkF9L}C3<;=)3fM19P*;>Y8HQV$A
zaE?>nj@wA-5z`0ff0x9^-Irp}2CY5oTcjsDtQ60kG9fQW3!D*)fGZeZHLve2AWTE>
zpa~5askpk&o2_eMPeXW04dAoXB&1o;QKTjq*rgKkTs8R{+niHG0-a#$_tWS?GWEZ)
zsCe`wZGLu)Qa3C(<W-G=YV~KzBZ3S8&z_MW56bL@*}2ecUE#1`@+si-Y9zoBQ8lrx
z8T{o9exf-g;J=qM6qSAZJe6)rXdY9uSz*e3zE{o_^d~W?&?)TognC$Ld=3>`pX4qW
zr8yLl0f<FIFn0uC5r~j@q%@d({nR(*C!H)@o>RR^3%Z33%FjT!>P+M}6RXkS&%aRJ
z`$OTN(ScRJ%9i^m8N)kZ{E8cF$=|UK`(N9V$3cHw@tf7k6C*-W52AS)(Ar#`3N8{Z
z&&K27{RbG6T<$l8DYx#NCJ?w<Rk74DF-N_o068)N(-1<{8hcE@zN!Ve`08flUmxi7
z*Ne*%xnO~Mry%+xP*SwQF#RfMC`#qvS_&d+XlfV*Mmf#mBKt+4*N8oF2;LpTms3Vy
z`Vv)*EYb3yMUY}qrU@C9#1v5T0Uf(KhgrVGu4MTG{b;@dbk17}oxKRoZdDWYpMq~q
zxhlaiR5O2qL>!fzYDj5DO-jr$er5z6e&dK@Jx!~o5E`*Gg)os+<;F6FiFHi&D-lfX
z9}-&BhV&!C%lW~g?i=CX9d+lnV+v2~oG8ed2)XP(yyy~t@krL@9Rn^VzELSDE?c$2
ziw#ZOG9qyMm+K^^#Z`3im%vqmFL;C-8Eo?-lo%OPTSUhpjBLcAcsjb29+;H50lJXi
zU*vQlPhdJcU*wpWXg5N?r2nrT`6zfD4GlsiuRkeAv?f3h$%F|BjgtBCB~7L-KRohd
z?iOu;>@rIaCyP}M&j+isK^84lW!k{fu<004_{e=!Y(l@Oo2$AhbWiUqKD*XeUCKUM
z7T(-}$D!;x5T-iGAqdmjG*=8i<tG`?BxIu|<y6xwi3&T?DSb>&q6K>s3MA_%JCWsq
z1yD+SO_@-iFXgwS*bI-jC1&i3Nzfp_Ya_o<f74YUTmNZZ4vjG+u@DSlp`<41cj774
z-8-qfiw+NI$<bAy@WZ6Q$M8+nGVIBJI?SXDDoYA9!3O_6D(v|%=0}yvCDJ{W*8^A3
z!{kWz5^^RLYx?smUa|18_|?BC?kf`-x-T_~8-dRtibSduro}Bs&E7U?{WT0iAIFsc
z2rGY5m+r5(@JFr6aiiASs0z<CI&M<MMS<V_k(o2yaWo60HI0HJ<VJ9`c(Y@>tx^XA
z)O-@vBx$)|jvB?w8TbXtXbe*^m{ORdo%A8x`HQ}e&D2p(D;-Rd{Pk4$)4^rz4-er^
zT^O{&9QP)5Po(^_QjYqw`7l8VE#W`ajGDNBoKfS@^!6NUP91eEWY8*l{DDG4IYtKM
zr&V16gN|k`TEuBTIOz($ALN^-W;09Hsm$^gvu_LgXZUjQq4Qcu(rQ@IqEx6rR`3vO
zk+_vb?_AHhCJ23n33$F`2IlkmUg|q^<CpI$3*J@xGEVBKy?-c1&?5ek&;xGsm}nVq
z<I}XGXW>J-l7b>}?`EoFZRPEFnjNfQeBSsOM~1&D*eT`3AmH^w-Ri{QBdy2WOghf*
zL)xkLo;_9;L2IYz;Md#JQ?J=s96lD~xO-2RRW^>Dqn)tF(-u(Y3tCU~e@6;T=lAPz
z&xF`B6{vKVT;_u>tcMQ`>YGlT{+brbe9T+~ajMy|`9ghQxdJ%LPajS;lJdtCJg;BP
z*R#C|79(a$_~KrxUca{nnTbwzt^<#A^7D^ZbFUcM9BKjnt24~(K3)&t=MJcHRt=tg
zBA7o02IT-d^7RXbc~zEC{m-@@)A76sa3A^{PU<p;`DMbW2hSQsTlf6@zf2dDpShGx
zHr8T)NGhPcr%iEr_AY!+-vL1vc(BVn>ZJOq+pve>J?pBnXI;6wKP13m-(oO|`|fq*
z6?yh<@0MSJRMe@Xqqv1FmsV4yCs3BFPuGJ5C_U!rk;--uvU2GjZ2-r#y+5X}aj-|w
zR-KOsh*|mhyCIrz?dYkwO$vP_I~xc#yB>gXzGPqno5(|M4}x((VDrjz7JPg2gQX1Y
z1}3O4cA<rlSSWxl<^4zO`Oxm0mjG@RLb_`tK%B086?}y)P*jjvcR;;PJm+T!u-SWc
z?_+8LXA?f!CTw0kmNfCe0k3>eU+ZR5wWBW%?wg;bRr!{{p7TCw-o;`)Z?z5pt(Dro
zWl-95R`P#la!i``^`4e_o*AhoOx!EgEo(JO;mbuow!^!~BMm2kI?JykHEXbVH@p|)
z)3ITF@%EWPtN+AgeA6C5fOLO#UFo8@{8XDxJ?KDwMT>#eW>&<d*!V5j8oBHR=>pZ(
z4;2_7lV$OFwj?&ZxA(5}KkKBCAno<zunv?Vf0#9u6v$c8OXp|S3dc|JKg&<c_%(0g
zv0N1WEIgQ`s8Tq7(B{tQu@Ao<yuofjqLW>m-`IuG@$g-@ZL4;liQt(`Ybg2%7)q8d
zD*}bX;(n|VD*iMPcvmj!n%^?Qt95B^u1iHcD+6_;pWtlzd$P^@=)5+Fy8kBO78Fa&
z0=a=NN1DAp_XUwSag&d)ejWVcKS<Kpd_1@!sg#vId<YtrPwyD2qCm57{^r$uhjjc|
z*4=Wnb(-kjs=u|LM9_z0vm>{ZYjCOc(+cOg_uPfqCr~X!yR<+ZNx?168Q0s>4A<8m
z%%g4?6K;?dckryiOEdQWAjGuN^_L(q6NK#CWH|i~a=UUSAPt|}L&bO`w=YWfd5ePi
zx*)%iu}z=mpe$+kl{>kc#(z>L(yixN^Rqetm?d=8o*f>-R`%HLi21>V*mi%Q<cb<d
zhD!<AMwvWsz6P5@O7F30udLyGFGoo$M;~@3!pu~z%1XC^nkIg;qgSr`*O;(x4Y-ha
z&iBW|mZH8#dH@1Vx3OKlH#LO=6B5pZtrkxsYfdG2?r?|LXJ4g0L+GB*x#Z=Yb^&EG
z^nf#uKLCelYAhNV4-6h1C+P?>#g)(vs-w|k*uuHhsG)D{=fv`Ouax+}6Kc^3Jiban
zpQe4kUxLL0Ju^bcc(1JZ&9;3$A&1Ng<-U#e*8O9gR*Y>Q$e~9w;A?JU3lTOj;CC7Q
z2aaa$8x{6KV#OW?u+)?D*E7ii&u8n6vW*Xt;C_ogvU3XsChhMtPlQX}DucC-3OGa#
z?lC#XqMHY>-m?_ek_RRZ>HOSjfq&Qbtp|y*94g$e<INVrnygR!xZ}MBHuKuBj@ZuM
zF}>#waL74swmy(0rPW|B=^IN=MexH?pi!r!vQn=Cj1N*{+kf?vtgOjra*NjZR{~<C
z&e_U}9BveCHsj7UT}v`_MVJ_L=<_bQ3NlIOe~(tF^lyuGzD}8ib~C)Xe^1S}`?74%
zgn0;-Z;gNX<~}2{REp(t{bbg<`<P$rvw;QzzWT`+5Gq4P@Oe*nv8@8U=HvHuakhz7
z{egB2^-%XBp9<S&G%!V!n$WW01$RghVoYvIALy4_iP09?2r6CD=U#IcUkghajGup9
zTPf&YlD4(C-;22VFvFgj*R+{-ZGJJ)?Z>OU=^snKtUR(z@*f1Ngr-A&%ww5qIvPZ^
zVspmlu6(`gL8R`l^Zx3xj$te$`H4@_n@T^~y}ouXlt`9jPt#aYu$u~P+w7Rgkkyo(
zZf{!(@30%EHq#N5vfqz5l1Md@sdTi~oydMJ-_vR{iWs?R;$0RsBPMV{n`|cEQyVb+
z$dVbSG8*+fXDnvTyJlrXx#hESo#%uS<APm1k$DnZk|s0l1i~F!ODNj<>8HVm?3mT}
zu#M8cR>@C}tSz5?Mb48c6~gl6>#@z(RL?|mOTU#YM1{VZu`4OT;0V$pA=U15AQRvD
ztKO)bIVv6|u!P8t$oH)mxZ^uWHT(FeRKT6w-7|AiCtPgx4fK^>CJ`20RGRl~E!rvU
zSxXGbW(ez#L}2#csro*dP9Kje68ck&IdLq=?kem|W`bny0|$qhL;avXtgMN@C;xka
z*gk<(#*>)WWR%(G(1}=?J>uThT>GCH`;ME5I4sI!hXd0ElGn_~wxBqcfsXuDV1Z$o
zV*MZFF={z8xnJ>YQ4AVF-%HKZZgHZp^V!*nAYA<8F~Ks;T8RLy<?P(jB_XtidH<`s
z;TR9LJV8uwFIwq@p(U#qY2>`CI-d#^rEUPldbns<ylH_zkggV=V4A@i5&stZKsEFt
ze<;rz%7`QOKq<7zmwDJ~Z2(5aUc4PQ9KP{J1GyI&CFIi(?Z+`Rs>GW%#<R&-7{dA0
zDAn`Hxo5vYEFwoHX)wu|eg*^Q2Pq^9s>8=5O3;PmZ$4>az~A{R9*(ou!OF?{`tO!w
zxw&j_teYhds+6y%lYl90peCFJzr{gxy&8saaO_ZDwq{^sxs{t!G&omNE<Vy$v3lW3
zF<?zbS1GKo|AT0sc9jSlW`2T^96d<0hPHna9YT;<+c&UB;CCze!>>cwwe*U4%(1~d
z7BpLZoES16|IPRePTH^GHm}Vgq9xpcQ7tgI;OD`k;_$5ZMv}BRgq<o(t4~SbnZnze
zIkD~-u4gHpSWy!kMU}L%(nsgP3K-qO3V#P69aEbQ<YcIB-M;|~*}>hxLm}-lr(ASZ
z4S#Vl8Bp=sFNZj7)a7{d#cP<N;F|k!>N29%F}8Eqgem0z6#jm;5hQ{H%c8sa$9)pV
z@xmPtr0K~krq^KW+b6G|ahH|})8g;eYc1N}XKsxYT~qqQK~cB~`~<PVZ1N<%_@G)C
zxKWJk7Yf`Z2rj8B)!;12-MS8=5zEuZTm2TN!D5|pkT_e1lSe7oye@$3r6!C---tG-
z8zwk%qhDwZfAQQN(6?VM7I>n0iUR$LAH2&^K><?dZ(%o1sf$A%X6Fy$w}}&Z)=-8b
z!8vbG8_`}hk~5!saR!pd<=c#M-%D*WOphkLEI;+kwfnw+mPDH&r0`Z92*xS=zOzCf
zc+O7jApgB=_6tdp>?L&JGT4<!esu2L+M1%o<6SaYDdll@PRrO;&prO?VXncH)M|fv
z7SAGIw$GR~d?BXQ@S9Elcj>u;rPX~2`5NuAAa|Qb=QB0?WivM~3_9J%m4Fln&Spo4
zB*z=mxn4y2)jF}<JrG^kECV$}91O=ewAwf?vx6g&Qw#KrZJ&cWvn4A76y~23o&L?F
zuLt2`t`j+0-v3S<u2&(nw~A);<PWm}|CvFB)xf^@y%KCjykR)`(?U+&YH<A@WEG`r
zlwDsQ#1xqB_Q<=uao)reB%~u*$^4wEGUNVMX58sCNiJ3>Q1*Z4shqicyX{N;8m=y7
z0$LL{Jz>vSd1-BqJg%1tfL4EuKyGae-mPBC=r(OEE#CA1m45e@R!kBMtcJM{a*x;F
zskF%8@ckuZA6iFrvvv~mZ=GIi9FH8>E54y!50OT=uqGJX&rzC4f$Y-cximmt;2S$F
zP}DNv$4&Ug;!H4+y0<9z$ofrCJh-2IQ%tqiZ21-k1*R9}|AVABp=K|klAUct*h*eR
z$OvQo=)30{hw}{5{3~~y={LsGDf@sp?H)3$p<Qb96Sk?IJMK#-8Fo@5;PYvB=L7$O
zlx|!&FMK=#_?`ZP*al6RC7v+4x9+K`-_43PSBsW(I7@-{WkTxa-N$3KY_XxMz$NLU
zPK3aX**Xx!8QzM<4J$e!I8^?*Fdo6y895QRjQ_lS2WzJNZuA$e6Fe7b_EC3x1@UHg
zTzfsoQsSrZ{!7N#OR0z1P19rNW~kY{uydH`x)&qm&dRa%nYRmr_M(0SpiHBpiN?dq
zCYwo|VlJ(S_6y}~W7h{&jI4zlN7o5ISE8J!u=nzj$0A~FfI8*NK<FTHyko3po^64s
zL!8I&>aa>iI;8B6T<##vqWxbYxdTqOP#fNjotT`BWd0DNwC5U60EBYmj(Ywki}%cM
z%v5cx*IGMP|AgE`^j`ws!RqHhoW%V0%rr}|R5<+M?1=7IUk#l8gd3m>^^VM%aF)d%
z)DFlJNsx9b5sq2R)R3L7<U2^zZ2`c<9+{sAmK<lB_8iigO;laSW@)g6D0FkRK-baw
zHOF@ODVP`(b!Ftx*PjGkNyo<^Oh2yj`Y>}n??-ZXSLfh6#5WjXu7mBYyVOCFJI!>a
z`2<c#RUgw0mv#u8>Ko^$=4o%VOQKYSjqy8oU0Ivhf-yn*f{*yXVP7|M@+Z{ZlGf1x
z4_LZpB7(3;W6xxwWMdo9R^HPhY^vuzzBm7yUYLq4G{?H0Ut@5smg0>$p53rpwI4k=
zXQM`guzSu|>-lyuQFDq2xUa%~JZu2Hy_6rcA1qhn9K@UwN`W3d?H4u{$StM(Sh`W_
zqtYXq7=D^uW;8fQ+_m+!JR90+hUs94aBPw!1zz|P&~!wqlz(v0+>2nJFtOyJ9jyU=
ztelozeTAt&q<ryIttaY-UL;6;QQXVu=NTBE8fq?E%zzwNFUf*6(7-pWN!4q4WFNZq
zn<-G~h+^<CbX@=&n7LUhy|E!EP@Yl)b=C)P7b^sh8tW6--?RP(8i%X$uZyR?Th||b
zq&D1>EMn`SFp&#O00l%*LMuT6ps|PSj|WlGO&}m$a^gn{z(~*b!O##vtXXIX6k-@U
zF<j7Bz4*l~5sdoexGfQQ{8zPnwE~%<_`nE1kp<*iZPH|0EjbM$+SHmBv|qPKJ+iAK
zym4#6?w|1jm?>l$iUCsl1a>_g1gTzd43}pDe(l?0SRz3RXMRkv40~`&#U~w6$eIpw
z$sGL0EVXvy=ngP<9pkpdj&=W1pCULUr`F2GaMz{84ZTU67@&f^LeKAtbNDC2r0FiF
zxoT|hp)mfjnMrfEG}JR9I)4YvQU^k;qxob+HJ`cAn?lF(ZMQ71%A?ZZ0ErZN7PC^U
zn|1KBRZi?1iIPPyItEoV6Bo%4rVtKU@D@o3VgwBhOO`|j6a2xE!PcU1)ntcIKq6Vv
zW$2jjf8s-bvglG+Iu~<T1&?s_vGjHY8|bhxR4=I%@@r7%OlTdz6%6zUNGTDQT+vV}
z{Ae15B+80O5~3TfXi~|dbX^KOUMvy{hmQ(O@UTZjXqb8<%f)ElqrZ%p+C6>vqw}ft
zD>^O6FZ<HRkVNOuRuY9%U2I}1Pg$8~Q(KR)Hj0A@EM)%aXmO&(b&S2cpR?%pZ>1{G
zE!BSIF&*G{DSB)uKNU<cLV2W1`E}$ZpC#Ry;^@Uw#-Hq3G8kN7V9y}jmoER&?=)xo
zZodHaH^IxKba0ZjCo%52Sw?Vb98&Bp2N}BX{V%u(IT{CDLI;vn9AOKirq$I)Y#-Dd
zEw}w>xxSSOO6$uYN$K{`I(50~Dm?F^IqGMAT5p%JI0RIsV-tke&-t~#KGV%{fnrKZ
z>&j2nbdim)>XN_dA&7D}d3yg!(9Gno6_$;f4_<vzbD^*8)sDzyuRtYuvc;2l7d&f>
z$LvlD(6KdwJJzA~Q5!w<fd;5LvW}3OU^5P@b4XCAIXX3HXsN7*HwcIh5@45tI%5O8
zp>QH|h@-`_KHU|9Q}JFN6d95DIy~Pho19u<;pm`|=(-<cY$9hOFb_$;6L@&`x~PS)
z32o6i)4>uQ*FF?Uq2>Z*g2t>exj!!54If5JsVSzw*O@kcrq)|m43q&4as=-LhU`F+
ziZsTRz?n1oLuH0j#HnWYQ^PXwBA$bFPac<40yq%)t{?1-Q=3%JbF$cbzf2XL-b>HA
zDBl6KGI3jO<N4?)?uO|`%*ZU5U$I~NLqE(lb%86M9iV*oVsymljXvUjUZu!@JnMLE
z_pJgzjlHf@k#8m1g_K!(fTPTQgrcqV*-RCJl++j7r|(v4X3GIN!b^#)#zuwa)VF!{
z%rmMj2fP9uL(`?ky<-1jy2R#b6=7g0FC>j3J6+b9D)^JoNDL9%K+w$tt<>NUw>p;1
zw7MYRTfxS1x*+KTW&pF@9PD0<to?7*Zsy#Rt}TUBH|q_GAuhosO;z<t^|*BjLr#K=
zY@~$;aBu-eMLRGE#`ltTX3xG?qYdXuQgN4``92G1L%WfGB54N_THqtivFdsxq5zxS
zC(7m@US$p1+(V~MheTF#te<^wgVVQrua1iCy~{=J3z7p@H3C7%I*0ExK)&vnEkMvb
zw+rrXaO?kH334)`aqszh<@e-1P!pu_Ge)9Y>0TT?pq!4qFD8b8F4<P|?tNUVp849`
z9%ui5TCwRyPnrSWNl+042+S!F7QN}v2ohI*F3JTn_~rVB3^^5{`+fcC|NkBl(RP8{
zpu-6Ip#yX=V4bi$9%a><xKv~aJ_rA258T?yciqID9DQZ&03-UX6wsb%cd))(z0KMn
z&KID2KihW@{)eV2dbCB!sXZBs;SeOqJbSE5iCqmUTAltTo2`8_*bSdjA0gDuc{fd1
zaLP!`9;2sZ?D^qAj7Xm%XeEB<@h{GAv8+oX)nc|aiqCLL<lHUPvegG$d{2v8GM^KE
zPvnSsKIuYVKztYSN_l1;U1?HASzE8+Sxhg_uIXM}(f6y80)stqG~KMh642;Psn%BM
zYx5LBB#*33tj?Ux8Z$hQoXe&cJo^x>*JtzZeJ<UWWUktLq(@%U(oAJmV9)cKz1Ev4
z{-ov=pWB0VX|#(rm79o;**T0I+I^q^ZrSbu0;W5LXEg}KD(YZJsqeh=?BLetFC#&~
zl<B6xQBBC;RhsFjbo3>(BRTN=!6iQqV?}3+lynEcMR*qh<$gi57bC+XW58v>n#Mhe
zx}oO2;|m(x*u3=NKL^=-k?xzk+v_{SeMVw95X(9`#8|iw=0%?!-f%`FbWEqGueVLl
zv;ON$0y{=Q!_r*1=Rqk;qRF#we*`Wv&{Vl3EPFTk!4f#7Q^EV>^X%YnzG*mb8qR|?
zr>#8MMeww|JUc?=jtLL_vpzV&ta}Si#y9GJ{YB+<B0p!n`uRVjRN&Dt4W&n$%{1ZI
zfT$S8GmPvqRzAb)owWxTZ<Y0N$PZuxdb}fo!f<|HR1=jG;m?U!u$t387_Y>+2~WOX
zYYsSY*teRr*nJIRQkw^_vRliX(F|$YK;mhh^b>Rk;U@OKuo8~H>Oc~=c1#|h^TXVK
z1g>v6nI(9+UyGT#NSPi`*{8YbZBlcO!2K5Ry~GDrx}BB44flm$@n?uIrpDxnd#rTO
z3|bpBvc#HzJ^{$ox-amC`GNcW5jhvglNhX;06D4x)7}f>Ue?=`wj1^LkO_HikbWRw
zC;TQUW)0jh>4g}L-;=0Is75mlMw%5V5kfmA^;pby9~OA5<iS2`4|7{z11E&zcAW8`
zPUF_0#5?w0h%Ic(c7+7spe5FD)7?LFLKTKCW#DP+opW!v)BR&6?UlIK+{Td03*Yk|
z>)rFLf9IH%w30KE|6kg3?b(wz95C8hM+|JHH}wYNd<(-atpngljM4Qcad8(%Wj!mn
zVcpTM{8mitO+SB9?D^=1fb%l0ep$}3Ah45}<B-8=MIM*{I)>o=t7tMh{n5(epDpj*
zpG7weTIt$}SW`#(1AW-rEUjhkSW{;+*H!a=6TO<Ok+_lZ^lwXOmbzB%ZODEw$F|3_
zHnoGIpGEkD^eq&9H_NPx2G9Ky$;xSNDxteGveEx0LJ;ZZA5r{pt3KW<nSR<)?M=#p
zAkcX=s+*%9O6V2Z*3s^V@yyzDQ1<hxHWJAWCcW~|C$AGb@Qg>Dw!gHL+?DofeMCT5
ze(GUmGo^0stl;s~C`xmG9XU3playtM2x|TP$Z}(^bV5yVjO*?*X;L%tGKfy$1xKw2
z7fqYspHL<tres24U2@*P!8XL3LR%$i0mCP{pB@%M1WB0t6hCTfv=|P$^7^bsv`Vhx
za<-bC$^*_cRxzr_(($tPvvm^TTiO2NlH5ZAH9VUQQSLDME@iJWLNa#kHW`YbNL^Zl
z`@|`>1~Fz*$yNj`uIuTx&Y7OuqIACyGa^Da>ye0C?u>->XlbMu8rw9zLJ}-~<%GOn
z^e6MVI`fAR^{D92&g+S%im%l>9!<n%|D(xPBS`<fB5*3(`MEE|(J%~G@5NUHPvkxo
ztUI+={pMI0B7+_lTWH@a{y~LBif=zE7L}{ywQsR0B8+l=nL&sQm(ihi)eW_7ZEg~G
zt0LtRX61Aj@Ef4-CFy^o@b;6~0d3b+1`%s!Np7*%6Hl56;#U%pp4xN>!-t>GJTrP*
z$@Qg$Vb3GzhgBIhQ_>VxzOk&?9@q%bpiU;9z@tkhMV^R%_Dq8Rkg+yGk#F-0YV73C
zgn0?kC=60?jP9&@^p5cy59Is;t_24q@Bs@USYuo)(II$mR-1Ewt81lR$7o>d)JW|g
zGRcMd5<$nGkhi+7;*e=MTDI~$;UNy-K;?6r%ztj`C5>BU*h0`>E<eB<P$}iwY;Ou+
z{u*W>TEvq%aQzYfPXJ=8>QXM(p35F`634MbmN~o%ZG>Vwa?e|oUe~HyT}2e9|9Wr5
zMsy~}<ko9rhy8*zIioq?542G{WayR55Sq6tY3<+=qaJhFs)=4<zuQ1;xWXy)&aR`>
z%MFt}p^^}aefwJ;Y*&KqNilM7!5fn|bi3O7&Ug{cO<OvBwHfP8a?@mM^G*Ns>H6Ik
zuAS}a%%yQlEez#84+LY2f`Gc(V6zALBpwri5bPrtW)7Mj-}tdjk+kx2!*zws0VHAz
zos(Oc#Kge&`r|nstpyChgo0x9*nOx^c9U%0u#`I`AE%!D;!aBtBbvxU2zi^&Q7db1
z#+m{qZ1&j|=Bb-PpA3L79_^Q3U+3!1YvJey1PM6K3dTZ}hO`4JU%U%bCV31?kTBk0
zteK{#bYg~m4FiK?)t=2XbZywU4Ri6F572RN9!;#Zk7TV{NBS`+JJ~jc_GQtqnMJM^
zaoQ+u2mYja)$Bv|GNV16U_?c9yRTR`$!|g|{tu6;AXRCGXUREi;4GQ;%kzwhO>>cU
zB^LW0?o+KlE&oAWFZu&!Mww5&wCQq<2>(Rpm~Mk|>}|1E9u*Kd?wInW3<qq{ghK6#
zo@;R39-}6ihj~stuJ`g_pQ!yiiW`M<GqxoT8CK?@$~NI#rhM7{i{H<gk!$12FVbVa
zGd`7WCPv<sHW$?Ktd2dt{e^k9_H%pkw@><Y$8X4B_YsuJg<4%onb=cNJ`C+u-)|oZ
zzk#cqHCMx(iQ~Sz!-w(nEgl{#YeVDbj)vR1&l|;lNUqR&5qw@VQFUoEI}q0>?wi;(
z5xw*p2T9YbTKYL8W{oZT{CThSsp^p1>cqw(!^x`hekSSr{_kRM7!!G9c$Nk@ECbr9
z83(Qcu%c49Y)fz9szEFUDCFv>_9vHwWZ<h86g~4&Sp4{^uc|d*LGY#o&fJ=&E#oVc
z=3wmqIl$x@SaO989tl{5XgnQxpR3YWbD29XmP_=!WQyn5XuJN>Ka6alg`DXdsseV5
zYGBM7$+j{3*f+(G^KNsxz~P^d#U`|!O@L)6pz+<Y?beA?P~yITV?{aTSbDU+;YOZP
zmBUT!+Z2>oR_}|knfR2kApNNuuiLoGJh;G_)VZJSkFGf+^E4x8FDfv}&(!p;>en5(
z6jn%l*;#WE6p+w7OLgAry-!R=KOK>W@?I(mJW%2bO1N0mIPylFNGE_(7W(*oR>sjl
z{<#CECHMJrCo3O(KIt=H5qo&M=yh?`#t^i<6te!=+t5rOK)40zQ+PY?fn;OznZDR6
z_P!Ka^u)?0>NNeDG51pX*PVFKMKd_XnL5kM1fKkxMT7q!yV7Dc@f$kx=a9WMhQ%*c
z*JGT-N8SgA{#BeO8iS}ihS%*8H`++QF84DrC%-l<x3lYv^+OZUI}P|=0RNu9i}Z4b
zZN!c7GbtBvibXeOp4Z-(D+a>?*X+0x`0XzP)uC-ct0>Fv_6t>&2;NFzlg-r6YY9~U
zL6+mClEP3nq?7M+4YtMFKt=B(OU4sDKH%CK<A%3iC=HHEl?s3))MhGb=?13|wMO+_
z#BkmF7QPIjUub){0cH@-feGwFqSrz~?>nc;y7zeyaT7G#dP_m~Z#xQbtjbv$v17F|
zF?hP)k(FSt21#YTSle}8Jc6u;%C{6mp01&l#PVS9u$Jj}y3Pq`0Dc^7YI&C+bx_X%
zIo19AbPJVU&(;N5igpl*i4Xk443Rn3*RE{Z+;dNcIFSR>#*?#I97l6q2ZOEky!wG<
z8PYFbUR<of7S8&XUk8`=t;D~{U3x~^U);9>tvkDv_+SZ^5|@6T*OqSPc5(jZ%FHqT
zH-n(<CyfChs3)Sewn)G;vR)G|(ST5{jEuFe=NTfP&u1<w55uu*v@c+^`w>;nG&rB!
zU23Rnx!0qUp$Xb<X&{v|%k)BbO6Vta99XX$v*jWcrk>36&fn;O>K$d-;C+bcFrTM9
zr*=8y3Ksw%1e_^`oAxbd$^9%LI-XmPuD$^c!~h>49gM<9Q`G_@>62W$(vBiHz+VNG
z<WEeFDTm@gCh$2x3Q1Ce1s&A?khqhe+4qwhz@^QwV$kLzd)O1oQ<5eo!7|j{<t6#a
zL3<COuLHza1W`i(V$Iwoxnv3#3l0Q4qXx@@b~`#14vfx3@qfW9yn<bV`W+6jjdSG7
zQ3JUdL&b0Ad;dWm;^*2;6&b9Lj9aVLfLBweSGmA6v1RJ@@zAp5q;h4-DxLZ||9Jx_
zzS3C$8mhIRC@U7^%;c+el~njt;UMiym&#79{o|~iP|HII^FoL;cjhDAglPCOc>he%
zpfYHX9^fAeLR>s@Cx9SP?YxXBncIv?1_36v83`ig+5!z&n7p3ftFw$=@BAGCC<)WT
zgs}K4J3CSjjs|=#PizOgLxta?zQxR>-Jeq^vp*=5$Dq?Sbb{>C-<y>eoDRSLgJ7CG
z@bbaLKGpc6L-s8ymBM15yAPA*hYmjTcc)IxnBxBOP>AxsmtWC3jfz>HLEk}tT_txX
zy^PR8f6$!&m<1w>)t87F**HQ;M>p^oE2|Vw2OAd`mqNxy=HkmEuKY)6TAHAo_fQ_6
zR-OVA0%fWW8S6tou)<}BQ1J!RFec+*;uE6dCB^^I%<t`ut#$O_#;Jb5SVUbGGxmmJ
zHTJ2@9<?;3g~Hcm5_<+qc`Nfh2W~79n{bV%GI~BtUpo`CO3@#DkR#o3LBSPXHbsz*
z<D<Jl=DN{ogwczC5U&pK_al?2FY3|ryT1vqMG9C^0JP3c!f{gjz&LyS8z~H<#pnHt
zN~SQLNnNgP0#*2SDupC$O^oG{J5DzVRMjMv&W8NWsXWG6$0vC^X-6a9(iqZ>$oASd
zJF==GDR#xbQl8r2Mq@^N(@@a*g6CB=NLqvr<28>gz$mn{FLm$^-8bBivR|bsi*hiC
zefOr8<A<O(!=pG<lr3Rt@vq)GI_>-?4sz7}+*WE1wUByBz?WnUJM2b(2r`F_`~*yi
zY3AXP?n9banfm$Qxu<A>&j3s6T_ncrojU41W|Gy)ae&(Y<T+J+2uD}8;mCQ-USS!9
zHpY^gWg^(aLYJ?V<LFfVtk=8P!FyT$7fgPtf9a_5`OPQcnh?=eB7&&OJZE{e7f&h(
ztKX=jfwYn*5H}7~<0NM~c&{W4B)MRMoRLLMcQJ+9`yRAZ%<1H)$|lR5XV~$n!sP-%
zYOs)>?=?Mo9HF0^$X&lI(%AGSPvZ>YsI@nSoZ`pk4_P=gEOzmzW;WfX>6^gjn8NH6
zDZsDwA@pC8hlrY-u+b7cb+O1zU_XBXDMh9?Pg&(dK0Cuz7LFmRmc13Ecm&LC6zAPP
zO;5OuJXMF{*Ox7O;j`{b*tJslde$JVWFd~US1oqv7;AK6%7*rr373GazfMn1x3g8M
zcU6j0gMs5OOl+o5fbd+qB3QKq{dnpb;@T6G2eUJAUYGlNHi#P}?Fx*P_SH1qTg$Kg
zWGp0xM(mY<jXc4dmB9k>4A|PI8<{-AI6kI1XaRiF-OmIq<oTbks)lD2qocgWgcVq@
zj@ZI^zkUP8DNwZYb9EP8Rf`g>?f+j^Y38hMM%)w}39uq(Wy$UuhD3A(Kvw|`92sd-
z2;o05e`@yn<q@kaR30Tj$L_Qc8}-G<Bj(LLEjk<??gFB!d-b^@f0}%DTm<Osfi51g
z(^lbR1Z5oP1NO{6v696Op1sd5<#ak?$ZnwD>#QCI&i`SqB`+fbbvgzhw`_m}voC+l
zGGX(5c3WvXF^anjl24#Fr_M0DjG^K&dJls-9R(3TZdq)vc;<HRGg1ATQ?SANh|pO;
zyTXr_d&cxI5c!V9asxmh@P%m*W-dn1frmC$E1R>g--9e*pSq|aQ2RK=>j6Mno-@Rp
z`EwdC@NUhWE#pWrTTGh@E;-l-NGnqUg;lNiN_DSh8(nbo95VjG5sl;1|B84{dl7-E
z|3N12V@i^(R)nzHzWWT5-Nf^e3b<2yD6Q?A_-ntnvuPeppvh+{f7sFo?ysm^QqHd2
zrTVcOKI6QyT=yov)lbYbo$Rln%~X!(S%RYsSPU#^c=(K>Y>Udn<k?xcZ1CC<kh>3U
zhj+Uun_JsVf`xz(rAUulL>#L6gy5XZ6IiUi#t5+SEXsNRUGu?D35*6CgGJ)BPsjQ!
zj$JC=Gfb>`NW2{L{GI@^NFOHexe?cPMBRQ`a*a<5>~Pwt(?Xemd(h&N-Zmt`Yrm8D
zqMY&A^uXcmmdKM{hUEI52x-m>?>V<k)DiFi3|s^Oc+>D7q)VDceNk%bI%k}|V+kYu
z^T)p{7gf^IK6&jM>z5jsXAO5-7kQxbw*BC*rx|1Koe0lI?9FB*O~e{?75w61P~X_4
z5;5mS&^Y{Zy6dJ9m?7RAV9U+Y=e=t%zbzM!+;B6KgI{P6GX`|FuO0{Lk09m-uk$|N
zd<TJ~OX+nt&ZX<y+hJ$H;Z+Gi)BhlhJx7Q4fh7hF&VkLb>2z*0ey`*C&*@{FJ_BpU
z&EwNWFxRG)=1b`8s637hwR(gt^!6xOh%+axC9P@mV1WKhbs1Teo|F67F{bag6JWP7
zTF+a9o`vn$ID9Mz*UbVCzJ{7c52Q7(AGqx?rNoL$cN?n#{9-=6E1WTz+V6pIUwDea
zyt#rGyBlx1%M(&laGx~Et~+<0iEjMOuxkL=TV5Lu)s{+Yg{4SJ{6VWDk_ac!C@E$H
z;kAIaD<(h&53Ln5brxUTveGEE4>ICa=P?B!=-g^Kk>TO(aJ?uf$r)Z(Z!({>wj(Q)
zQHZSgz%>hT6-QOE+o?6ccwEO8p2@GDM6xkJsWzz}uEE56EiTF6f9&-@V~-IAcSmMN
zk}+ieoYt2zRf693^KCwUzNFjS*MA9hKj%%D@4AXHi}_#YEZ#5cqA88RC4XWSh@Hf9
zm&rz92)U>K3o;?xk$<3S3@yB)eEI{Zyk=UfnKpF5k=y|5X`4-B!Fh-EKga}a%;K!b
zQYh&|q$j~8FOx4^R{_7egt{%VokL!|7if&vAK37kC&QJjhgm3fJCuQHVA_H8d<*f1
z3gu0on%qnHPMHwUmv5}3?XJvc(0>i<1aYpaXYR;5{@!P$DDe2)f7qDlR=Kr+G_9@Y
zZX=uut=AMxfUzBUjJ#6_m(i_n1>i_^vpL-MXI|};ppRg4o6#fTmZrY7{x_dv`wb${
z+Sv_h>tm1i?df6ne;eK>kVT*yjf&RmWwd=paAIz0<fK|mNv&WeiCS9@8jaSaIXbF*
z5!{H?6Q2S9=R*7R3T>u@hL_c?q_5T5DAmjpJ+Har7{aUY3rmm~gc=jVcu`HConx~|
z0?U$cx{dq248@=&n13R0b#r2&xe^y;wB@%$UPOOhYmB_v8S;`+cRPKP{I;APfkRB+
z$f;}LSu9l0P6Jei)>*!J6DLsbGP1hQ1P;%OIIfs@pj7DRFSL2#h##-wBhynjC5*GP
zyDex9w?<wVefp<>B-%m?iDvMh?ElulJa{C!Pc^Wl+|tzB@cn)KLD3l&(QtOH^X~%{
z$rs=4N8hCNLX{Jp4au%P+nzrZTD>93uF0-tdh$zvRoh3WUVKy@FUG!<X?P`N%(Ys%
zF-F=oS((KD1#d<YlKB0v6Hvg>JRmWkU2P;RR`ZK(vv@ZyY@?_yN6nPpo93%VX<VO@
zV!bWg)H=j=qUt4oHUcB}l%Lm8muz25#5i)&HsRz@-=JCUP5!+ZS~})wh>ew}9H>IG
zZg>#?Ypq`<o)Wjl3o;-!*e9VoiPDyc=d;7~?Ld20CU&p}<4{)>#Qbwh%9rPw>?Yd4
z9PE-@8bJjDZ&4tFGf+!6hIIVWVPUrZsL?R+Z)+_l&Y$pX%8ApkzE_{q-G@Ku9Ee*o
zv4su8xMDk)Vh7o#e{@Mqpye9+Vw{hkP`;V$m4s9Aga7Rl&n${E27b5qe6g|{{KxZX
z{n{V|uOv049SLz8ok+wkE&sD`BTLjP$oB5#R{pZ<;4N8S$Y5md%d%X<b<WGnj*=1&
zGl^O^aX|=#sB@?E3l6ROOP$&n!-358q&>7-KHTRopJ>znq-joE(`^Bl@k<4ftUp>O
zg2B|d)m}AyA&NI<GO6IeI@nPyfXRYyyM$ft9AaS%kz-s6&1AKK<DBBxm^)KWCjZ%{
z4^C$ZJ&v=W?f+u_Mo6}R?vWne*mmC_k!csL9_?1sx$Q$AFJ;HthSEe%o?0*u-Yxdi
zk7mr9p*(v%7IjxrSg+_qGwfL%%2699wD1QhH^?hVs=r?&W{K5f-zEE)%eO9R!E%S`
zGgB5<G453@Z%m!F!KAH>)y%ooh8<{dkZVtIdU{*Vxkb=q%aZ-$?bD5P8;)dKm7X*B
zNUTGf_LnJ%jg0;zRZrpCoHUZ5?d0O3SWjIB9SxO4LSx{ellh$m!ro>6$8yA`Jkl*G
ziaB!s34!QNsnMuy8~vF6e0S-vKhMV^B^Q3}rXf{tEGne<%#|6>Bja7ZsQN^8)xK_G
zYG&H<Pz*d#vi(QMUwek$u5TQZ`?D!cd#P!qt#gOii^b(>?TFX*zw*lF%AXCQhcm_G
z4+W=0;!KRo+`Wt2<&T5LmZEjCKd&-RC)&K7sQ4;Z?e3^TbW+Y$`;{rY;1?E;y_?l$
zeBlXEn(#tF26K1YY;*ak!#<9Lv0&JDjQ1e1BtPayUBVi%bDsc`I>c!uyU2hkEf<NL
z>mNW2yL*k(+{d5SOH4{P5nXEP7+gG_Y~Bz$$3mt#80qXRF>+b%3z{>~q=;x2lwUqb
zXzs6E$<+&-FTaGG8ze7JX%`g!%R>@%Jpj!)?5{RQo~UEGy91Xtv`_QF*8BiE1?k=$
zU?g}NN{M+NYgc&Wu_!PcP`NG}@>5-0e)2;qy&JBU)bn*P3!>{mp3y!{^nM(l=NUkK
z-35_6^bpR)M`@3g-R`3`44SiUSPNEOO-UU-IVVvH9o4H6qk}I#V<TJm!)~K^xBuw8
zDNkLDXf7nb%pb&-{g+j{F+wvYj-6Z>eX$87pEqmMwf&o|I_NTYPeG5vH&|liyKYQa
ztHxy5q<D_mznRYMeWwhKu^u*5JP<LK=4LwgRg0>gRJHdxnszvz$<En%e5eNxWU$+f
z*bt=Y^a84)(K1P+Tz_9r0A-?l0u;cNFX}*PR{Dlck$Cogt;5%__t$eLPJ!<3<frR;
zPvmS2+nzN_fRH=mnvaF?I!oo_uOAcYA7<B|v?pA`*8&pv&lXW$cAo>Xk9)l>Y7pIY
zsP*-$-IKh?{~+z1qn-3W1mMSp&U-R@=LT`VM16~?6Vg!^ZmlU7zJhBPi;Vmi7cXzA
z@AFPC{Qk}p16QX@n==gF$hz`?dU<xw0p*{tT@|r@is-+CPoGJjb6#kyNdp+Q=M|7^
zNOheR(3%m?hL?&+C*~)1sEXRWi$Ed31+LM+j;fNsodca+L4yB5{syJZ5e4Qfdm`p{
z^!zLR11>r=vaUGSFK%tC_I+!C`C$Isfbig5bNJoh*STRbe`;rGsld(Ne|Owt%fRj)
zl+wK)1XmXmn;)=sW%q5mi3+UB*_BG5I={Fxh=3&A8J(J3Tw0vN6M_!KgUM%Ks4IBn
zD%TCdR+erUmib`73c8Sw+*tAjc_qAVSE532iE92jf#E;M#a00|in)asXiCo{#DPDH
z$yctunOEI8W$0-Cj@%tjG#66gP=2hGfDB}HB~vFNAT)8P9n}C&UG;+Ou{aNkDXve0
zg57nj8KW*$`;@Q5d~Od6McX8h3C`U99<wFVm!iKmSjqdr6r0J1U+Dptwv+lw_dyi|
zkVx3nqcczdA`Os4S;3+0xt8Q4<i-co(A%%J(l5V10`)pP>7#Ms_)0@R$9>MwC-HtA
ze>fdK=w5tHLP$HM;x3noZl*U3&Y+a#JK_!f+!xgG3UUJ%y$e+>d21F_UXBWQsw6{8
z1w3Uu$*rKrvv&3qg|y;6kazj4I1bEF<CG~sAaB_eNI(wh2c~fL8CWmp5ay<JN}<OG
zTYh_14<Dl8m6fkItdZi#8ybkaqer%M&!1{{19Ov064QH-)$z>Yv|)T|V#(VUB}OZ9
z-+g;LDvUc-cZU2)2cP#>ZU(ivvt#t<<Qs7goGzp>@3BCQtxII5!~#tA338Nz0l|>p
ziTA^S#**BtATWf_$netg_1CT*QyE;~aB_Q?53*3RUM<4hIE>ofH(DOKzpZW+U&h(f
zH@Mmz?tore9cAGpwc%f(MK0Y5Q7d#ns~|WjLHW9%)t2$&9#RR6&+FLhsZ-ZxfMLH-
z>{Nx+ln_^^K;@~gSW8_T035l4Z$RKrM?eTdPnkjb>8c4NlE?_OqxotD`AbS}KbfeH
zBbB1TYgI42t}oAatA80&?20K5#swuia#RI?8Eam#=&PUy?$CK@M)`V79S2XbOsI#J
z=IYy$K0K}1U2DpeNS`ti%KrM?CEdsB_7*#y^$u5$?9pC0cu;-mKfC1MD^M&dDCP2e
z_o_C-o;0yH4123s#=<^2f@~}S8#-a~f~N8C1&5qb@;VhWHZ2vV7}{#LES-gi0xrK`
zDIWda3zshD6B!}2*oTkGsO7D5C6Z*oWMCWt{#Q?UA7;2U1#{Q477Tw1^mA1*$7n8A
z(F82Cf>T|YR>4EuV)I877fkN5c6J%ewlXdFbX%++aCg3NaRslSY0AVG<D!vxuYOUI
zM`MkCph=5a7hn8Xq!#nZ7d1!c5J;0Ou3LZRm(S8HCJPGTLI#>L%2lQuw%gXb3Bn$9
z;`U_^jHF?QTGTs4>}}t4wAtup;lf(>#-?}5+>?lUQXHby5G^ZF)~L161W7Gy2jC?7
zg4Vc0Vyr5-6{TbM*kDqV9J52QEs1LMIa6W#Wi7Kg=x>zfH*-9eDSd2<c^8cV`58hg
zBQ2~@f*TWOiqzs-T{&$n)wI-PFBv2^T8(U4#kD;d*QuB5Z<O`V)(>SSq^vE_!MN>s
zS)lrgTuU?Ziwx^mU9O&~M_+znZRjfYKS${5c_>Y+rfz`*6YZWZuN|7-SSYJOU6_qU
zsa|zg<W}t5lqehmI1~zI^~wk$LW(=ufaZjy!S+hWyys)8nlqi<eryAVM?T#zva6rv
zyC$)+!pHJcU1>vGnTw*A_W4FrG|88ELn;!aS^r1UdB;=rKYsk$4SSDki?T;Tc1A=-
zMr4FbWM8tg%igkA$(|uxtH`)??QGY&_PR#0`TX9#zyCarbI-kxYhADVd_7+#NIHv?
zRON{<wtccWD24bR;@e&ECkm%uAAJ|WlFon9FhSmtFaXMQ<<%E<!0fakLi4a>Eg$4a
zN@d*5meHd}y5hqy*2WOA${05vL4ewVbMK}ls*Y2DvRs|2=xfZEs&p&AoUgGr7bkg;
zlKNtzXBzj%=U#^@$(5DS&$$jjAhm0y07-RWc;@Lf+fgGW8nM|}JD-`(rvH)7Om$dF
zDK)HEh0NB}wV#lKp(u*edsieXGQ+sip+Q=KoM_Bm;Y~`;YcKz{)L!Le!bN6Wd+FWX
z)eKy}5`O(L(22_+?eS*aDoSnHb;4Dow!<3F$>zpZJHzoIe&M5hBhQV+7ho3F)8yT6
z#(f_(ko_qn0)}i^CUf*^B$8i4K2IeIU9H7LzB+IA(Wlh@M!Dn|M9d6Yct)*RAOM-}
z3x3GPKs{VBQ3F7vcEC0blnqp>{adO@o1EPuICVFg^8nj`jk)dv8iqiDK5H9^#rqTg
z=Q^4>3v2;4bc0!N9FVavA2*01If<?x^Uuu7GMP}CDk4n(H35XkCHo}IZ@BbE&oudc
zx2u!i{P{t=>U>8pGw028ov){C1B_*1)fRJOZ~_+;oQj}51KWZ~P+_AwijorQDW^;R
z-)DLgi3u!k0;S44NBHAAaK0RnC;{+ly7V~^QdQh66WSv?U?5ELY-=LcT&@Old)7CR
zmSsyZmD-=R|D6LOrxON*>8{6(n5tcm@^(u~w3!G9f_4;sL<3h;-04oR)NNS?+Z*@O
zF{!2|u)6oi(mN(^Kzn5*LFWz-M|FuLPq*rBgiub7#!YDl|5G|Sz!;Y~fqcCn?!v@u
z!cm#dboVA;n%*r)Hpnuw_Cmgi1#lD^WJFwTu{Q##1(M`Y{piO%jm)mI*vAbu<IkO?
zopz8Vk`ImR5!;RRc+LBFK!oJqRy9g;TCokEh0;^Rk4aT*>rN7rDt7U|LVI@FcUXe7
zDTtEKKmfo>Xk3O}lZu(y2Jkvx>8^0|x`P(Nam7L7`vZHxxb^4^jvLiidzn6peI;38
zt^q2Yq>64TMk8+yo#7sxvsBI+bXo2ns}O#UN6U95k_!$dHD!yGzjYsCXoV!qSxDXu
z*}`V=ny`P74vy+5cYZh|@LyE_s*m6EcNbzYvm0lxlK>MR*db3gcZFPe^cUTOaExyP
z;nA+8Z);%u-!plX?cNc5_3wKb*}cPm?^y%?g9HS|U06NE_{Z%bek0$-wg%YvNd{2m
z0MX|IdH12ALo`UDW-qQ-?;gIsVhil^M=hOR<-|LZ&@=akn|_&W={}VwK51wT(Efeq
z((rUmUf@3nXsx7PYjem>u6V^UymWDl!5Q;?Iec(QMn~o>vb=tHvjf!q`^TfbRWAv`
zr~I`jPW<)6-nc^FVq#asa?2TKs_f@)zJaU+w$zivSN}o0%Be7h%{keP{-<K`<SH3<
zlh8K6pX>#+-a#PCQ`dh&TAGHV?b4fpcc@pYh(y;$&-Cv}P7^KHvclWjVNL7UAk>(J
zJi|+do%Out-I#v(OUgqx)Z7V?(BJ<ZYhe?M+jXwG2d46{HCz}h4y1m(M;er|T5`Jq
zD`8-*(T9@vN?@t_z&9QZM(5C8bdb<|#K0OjKN!m~LYP_UVf7b2G@r=fy!X-sRL>;%
zujbjVR4VS&MMGQTj4y)7yxi>%neAQSKc4cpO*+dWQVEp~z?s#FNO=!pSekfgH^^yf
zPw=R=LiJJx%iW_vCoRtJ)E_SoRLzhe&XIS;C##B~EdWh6fw{#Y7|jU4n^xdMXkw(}
zx5eT5@te%Y%jZK{uMXAIS~O<Wr^$Km<V}x;l!JhW`|1En;8IA(FWr9pe}EH8_HQb8
zdy)^;+gDrbz$5O0k&x~X=E@=g1eKsE`f$OeeA5nC#R2OhHrJ!>Lw<atrUJ*25N)sg
z<R0F7&J>UZ9gwP!yuV)s=qzLGvMiP*h`}Ur@X+l7fq~2>VPETB(Im#1W*;tKk^D;8
z_9&xu2d1o0iW!Yn!=LvmfNp)r6G66eJN{m=wCUm8MI1!7Mgs&<4yk@$$#EWjn^dUh
zd{mRVCS}8wa93W%bQk9C(Ic6i5iM6yC01dZjuL80vETW<{I~~{&-z*ETFWCVY!F1{
zJY!<dr;VZ8xh8R{)-@dUr<Jfrb*Wgb#UD!{^8_Nf{i_J>a0)Y;u1S#$`lf*YAQ8<K
z`b<Ac{uzEhe92HBcc}WLV2r&c6d}@Gi0yV@s82>{$%XGy%?)-WQyHTqfI*>6PU{7{
zLLcQ$sfgMtFvZlzZ08zV4?|g3;ej-k4pJ-9Z7MYdW-tE!kzG!3YhQ>RcSpncJH1v3
z&#Be*E@E(!xwC1yZ22$T80h%_u_r0%33R3^1RdeyxRq`Un&gBH{qyDve|J%kpy~P%
z9_c>C^qG)4G0lwXw(-SR9C^+3w~J-R6Mh}CXTGnGe%I(ExH?8+BRn1_EqXn5u<55-
z`CgYQcJg#oiIDyJc0{N<G<wCR!1xdC6m!2~xyAi=_c&=qy_i3rz`6}0Pv9I~rzx&5
z>{22mnKC{7!*ZOE-hl9qO|zDA8mm;<pBL8^Czy4PH$iskCgjc-(TM9unyLZETy4rx
z^WCOY%sV2)QiwG0-{wD2v=@rPWdBZ&9=3tacI0E#Z;Yr|cLt`~?!gB{xH}XLHQ{kH
zc(<n~+fP=q;<qMuE7K+`lq=KfRcS=H``Z>p9!@i&f137g6<7UA<ad`VA|Dy}2`$Xt
zyJ#`33)&q9P>S0;(fz9o5k4Lnq7nq@C@A6xefByIve2+vIwXZ9!Q4~By`bv<bR%53
zvFQV=6*<G2QteVya?g5GCjy&0dWdK_UNi7wPDIc%IAO1K-+aCE8)jB%?d-H7YfO3j
z+ow*QJqwNHdsB?GGL%ZS%sZmQ>Li=Q57Qo4O0l|IJ0WD7g=>x4GOm}Ihg5l5?&A{{
zj{kB~%9TnLgt$|usQ>QqYiQ@!fW4$!iAKvUyHG{mYpEK-JAaUwmilE5>87d@jbPEN
zqDr!93Lj(T&>&*`VDCnH%*i7NiBTs__abY8{IE{sH_|U1+pU*d>w6!}!>>XAmiM1Y
zpWNE~2&bqwCG_y4YxXqDI;$=zM&0(Yt}u3ZepVoE$x4G1{SLUgb8Pt!P?W-gT@XR@
z$jE82`GMIw_6&Z;nW*w;Da%|x{|YsRXi|CV@)KU$pJ|p|{)#0GLo_1NVyW1*MOJr;
z1l*AIwF-4tWFX5@?Cn%5_{NLIg=3+)+5XVT@Q5!^>R*SpvM0>lgQ^MbB458g9y%f7
zk6X@NC_Li+T|XCaEjw&_>-=3vucs}mtMV>J%*~0j+hAuBP1GV&i~Wi_F1+>HpmiE0
z))*6aiIY3rukxwuI}*JbA&5h=-H)?%&!{e!9&1TNDT)?i(}8?78{S(-h+w9zp8vA)
zw8a8-Pp@+m<Sv2M;#^;-1ez=8mfg#jwJ@x7n-Wgk6LpEYFUVA(KsfuXAV+3Owh*`5
zJkH>~L%i?ApP7E84}gJ5HxzqQ{J4mc1~2<Os<Gv2p*@zG*MDYhKJASsUWYE>DMQ0F
z7sQ?+_RqAKj_q^;il<j>Q;Yheh@Ys|Y|L#pUhPP2{YJf3G9^iYtr1hLz7x0pN3Wkt
zfB9tZ_OvJKL-M7vhic&%n3MO*RI?uK+Kb>2ggZw>xgUjS1|50uX+pC*9OHGK-lHM)
zhMXd7an`RWw01OXG!a08p^V~J^mI896|YauN(<C&xj!r+a&PXlm@W;ek#uGneo3?c
z=v^vn2jh#qt;PqsO})~H`9_OqDON8!?mYt4Vy=q{^)`mYrhcaW_KbYMP({Y=@9xqu
z8rU-BDmX7k&_}_)K8PK<4`im@n-ZEXdt=hSKGWyg!vcK`<1WI;)jhJhn-2NO5X_yL
zj>U%SeZ?n6K?<IacwxmCv37ouk~Ybd%pyPJ*`GEMHc7SYzc}#7<9vmjC*3;Nq|YC~
zOwQT)758FBALJ)V$dt)WOZFw26g?i2_A}prC6isxls^)m3vA|ej<NIMZ=9>ac06YK
zSYf>C!20esws+#$;N#ca67j7#GeukCGL`Y*s}j!iweZmY74i_@W=3P-XbZ$xVnwWp
zg6bkp`tL4s<I)3EYWVHPJVbuTc{%+=t?jRtc4oo~{@RxRm|Ux)JXE3u8u_6|vP^-w
zzeRd$u5_)C>W6@EAA-%y&He0Yt~hdjpH^&p8R}|%>a3x~HO6mFdMPuqJ^LSoYlvLi
zed(pBHj(iU$vtH1g{fa#+F9C)Y}E$(IO}W|d@n*9PQ>s@Kf0}ArZ%0=O@FqXzwQEg
z&BEG`_T>iIgE?G6>C@!|&WdWGiwEW|63f>T$(QC*f$m3gNB~yxG|#n@^<I$V!4<SX
zO}5C)_Ns09Uv=c6d_e$f)`ZC~kh4u6%ij>=XB@&OUjwII@|I^LMAlBHd6N5juK2ID
zKOV}1HwmR1kt+b2a+vX3*k2eRynMOR&?x$7NN^!qU?{`pUwr7{&q6ud5Z{Bw6W`{G
z>I0|FaL@TEG@)YW*sV1>XI8P;^B+W6oht|ERe<*L44%j@^EiskN(L?GA8E_{d?`0X
z2EI9=Xb70<#7nQ;mZ_<3+PyF*^Ef40ynW#jkuu@#><$#`?x&QpQZPK7MyX~k@BNGT
z_Ql&MwqJ2i7CehHz@GE+z6l+sQR?x*VJi#xI9*OzOi!iysk7YE=)nDp5K{3RW}`_b
z9|=Ix<g(O7<8+u05BPZbhbaTH>N=#rr%^W7viDr@)=S+^`L~<Ht_Hx-RG^b>|4w-u
z><o{D62GRh)&SsA9Gh@0H_(@hmKJ`pg`W6-!ATTB$~z**=#4%W@q_Rxt+-TWTVzPy
zQPC543_)g9KjY0i5ckx|j0$=<C5SmT$c70d1ytuJe2nvPvc~eMsyez$tDrsfEp|Qh
zD6$(gM85o^RWg$HF<3YT?YZ+$hN2yP;?0bMCKiNb;`cN`s8svlxj~{w%(wK?W)RIc
za4`_62v4}pUh|yiZxcCPJu>hJ4ZF9P^v3&s^Uxd3SNoE<=^&tDcn8!>jqh{0DLg_O
zI$z`;D}7LCIZ~OBzLmK-z&N2bE6hy*x^4~gqJ_U=pM~S-$gkW4S8M&2pl3%^$qsHE
z{JGg`Tgp;g!1-<Lv%X(nyGXqNafPb_ru&jVDpV$VkV<KVVp2SEJM0NWDq*|dVB8>z
z;=wa71gOzF8gTU*?jrkWJ|YsKr<x9W{7O>riyM(RqfaSNq${E_XjNjeRk?LNNVy1w
zo%2DAR9Xq5t=|XvhTl0BB`2SJ;p1T@VF$6+H`V$i0+mFaWnzF;eIITI@fmV-W(2|U
zJDhxwvZ}}^f#Z`NfU*eA2ytk+6<U&UM696Cx7an!lp?Tjpp53Bn!5nR7g4B5Nwcuq
ztHLqhZCa0c#)u-n>!z9^8GNf*j8wu#SQS^G8sE^ZE89UF2T<FDB+j>#C7Uo<-~4TU
zr`JhVABgY`gP(Acze!VhLL6#xsH8JNd<jfYcpPJO`C9`Ud;^3=B?Waxy7;(H?|hah
zjLAGwxy2vC=sAZk3LRGodljdqFn;S}$0yzLYHB=oMImbayK~fDcW|seJTd)(r;oeR
zOt8o%(@oCWflFc+{5BtAjgL=*uc(g?d6lB@j)-_dnLkSDKB*e+)@P4Vo!g$Y&G#KA
zs{8O!&HC)YT!;gZI`O<N4EcB9Q(na-%^=QSP6H>Hdbbk!3ila%#XwV8)Kb1<2%_ys
z883VkJx;B>s(X)sRhL08q#~qUy*!6PA8#^*9VfQp*`0ott^Dp1&b8o!a^45zJxA6`
z4Zj+AGmG_A-ZHl)(u5-Fjdj)74oZ~`AqQm~;r9*_6-p3|?o<-B_e|k}{4%-%4itto
zL1hNS@IT6m5d<6Lh9q(_G^#=H%?h!th)Fx#{)f+1b|Xr~7Ap++Z+SNw7~8p$x{OnN
zX2_u^Vjgjcd=)X=9qDcVBVw>V0#Q^*`CTM|;Kt1KgFCOb=sOOKKL%*SMZPtIW?K+@
zWpRh$EBbS*&@JUkScHfv$az{7*w2C{RUOR28*HlcODjDYK^d+-ozyOtn2@K50o+)|
zHNXyJQIuxsW~xpO#BlJ7_~T=O7n7P0EXS6Z36hB1hQxunDfAIAGYP+E&L03~BqU)}
zH0JB$c}dz`negtrfP@-lEE98pQ7Q<?cxXO<NB=GTO+o%6;kBN(282Dt3KOB3kySbA
z*|}i}kyW8~isD}bwv<ddoqL{3-M~rR5!}>3J7_1uaX$V0MlBAh$I0=%pSc%?s}f7!
zH2&OZJB}>0ChT*D;v`fQ?|aQ-d4nv2)<=01iC<gpmfFv3hYi2^y~FaL<5N9f6_bT$
zW+v@vi7fr@j~CpDuHOJ6HRLR+#!BUundLCjSf6N@nf4-XmIX~|A>GQ)1SqBn+igl>
z%{U;g0<I*l-&gf-MxKGTnZ?htlx>@=mvbOpSy{9=p}f{Nss}Jp<2NO8*_Xraz~2M(
z+DT9aN+NOK0NR?Jf}^>j4(RUEHUdh=WiyI`Gw19<8MvlHrl~$aiIBy%b_tfXtQxv+
zCcXmTXc=lRPGfZb2+Zjny7I;7^E(t|-VDt_$l<o|*CDBmER~g^(c(L_LfrGQ)ef>h
zX=0skVyl=&Qe%J3fnU+ka?o0Ha<s;?f==n=(cG{{-;R;|Eefu9=k<&g=FfY9zZ~|0
ziJgBNsEdvq9o2-1y7-TspO(XBkS>nz@7>TsTQgHqFpdW!?f`oNt|y#`fg-G-6M&0y
z+7gJI1tneozoiCan+oPJ7&5b^`|4oXF8L=7XqsweO-$(T%64Xf0X)u;x|$fVdT$^R
z2coE*r1p>=yz6ZMKnY%$&r(>;Ydqct99M%KALY%)-U3PRr#>2w|It#OZh|}OeK&Ux
zo^u?U1`u6=Xm3YBGV<o0ovNJ)iY{qgcmVp;7NmeJxdJY8F3;K7H~7Nm+8~YsZYFDO
zvKvxsmZa42ZRxnx#PSa&$&lmb!A9n9vs|8a7#^^)_;%98S~|o7EbM`Ui|wZU{M){p
zjdkH77$AUeu?$V)z=u#*ZdcLEm*^cER{}}-dW+OZDr3rmi}hb_F!6`>nw{z;cku*H
zD$XB+?S!!@lX9k6i9pk(!5Agzl~r)C4LCJ-o>6x9);aIf@*fMe{XuGufh(Y+^po{&
zTH9s#Vjxv~;HoTku$|^2D?OBvpo&GFC;3vw$^2z_{Cw}JJm@2U7YFTu^kh?W=##8;
zq;t=-mCs6tpLYPy5Nd%lT&VZd`?~&YuNTZc$ILNL1<)NJoHB{8=B@LtCuso1Bq+bO
z>Vow-3(!jq^oq%AJ6k{n&b?k+Na|Y3YrBx7=bW(+mJ<aT(luX4=WP7ne?C%|dlEtc
zulvr1e9rd#_iFb}W-qeN7=Z1&DOG!|4gKCd{yQ>h?xguJuQwaMLo5nr(*$!~ObQGI
zh<1*>7O+c>a!3Ub6D@l$<5oS}YTi#GI!}WvXx+(DcHUjEm4=#Mu|{ymzf=akYFMgJ
zMn<TI?vT8vI&+oVwSry<B6B^j$;~g?9@okt<AjrHb6?KBuEGY(%HdYMMMXI&kEOR(
z^eU?rtMK24N-vR4yy|gsm!2a3mxgawCFUcQ=bre*2{?YLM8M5?gbX!%Sd%8e@%7dz
z&9I56WxC|lwKKMubY{njn0YOetf^468z;Mi^)Hmsz)eggir2`2Q!e{11rFjC^!#I-
zG^$^5V9hQo)o=0qz=Gx64&X>Ers%&Xa>ZTe)v;edgRB+pzJMJl&p|@!B@y$^KF*=r
zzg-c5G*wlg3Fo&Mw|o>bk^EIaOYmh@s!3OxnBlVBT{kJWwH2=e`oy547OJlTYRf)N
zwm;x*TvsBZKnCR_W!p3x?=^b#wy4}27^!UAQrTc>BkX-8oFQXzFO%c2ezp#c40JxQ
z4&WCD$r(IajLQE#4akUGhvd*clM%JR^^}~8{o7*@@l&`y#%*Q2rHQja{bMP#(rw6{
zQdNqO6nRciVRh(^Uf^Vpe{z=(U`Ok@wgO0j`7t_J{#eYb)e|Pp1iTmGYv8#A29nhv
zOAPY(Rh(zdTw?FqP>QxwYI^+;c6ny-bS%}z+G<j$iL^6IK&`vVhqilmbkFEjj{r<y
zaM4tlJ>H;{zCPwJCslOKL9YGsqbA#CH6pf$m@2Wpn4tqCxxi#*t<=om+M*ORX6^YU
z`&;ptzyFAZi5E0XX<(0gj4kJ=BOj>>SYXNh1)`<hF!c--UZGj5OkvpuHsPJnY{N@3
zuC5)VPj5%2_;_NpF$45zq@|5+cB4oa%gAQIvs$q#|5IWGg4#!CyqVAeRiQ+D$y6I-
zm~6Y}h4!#gc+;J(iuGJV730EHh6=1RrJt&(xB(x}eKNc!_`HKfCP7fQUbSrRPv5Mu
zKg{a6<-Zt+BqRL79qGa>o=@w8RDcTqw!pw<eo3B3t(5gG6#3G3Fy@l|jVuQb74W+U
zE`1Smdsy^K+yPc{MV4!Lgd(pcjJqqXpiI<#cIOM5o=#-+i6}wD`yVO~d;ErAZ`e%B
zc;>sl^~&}X5(ccXY04bwYu4flgFx-x!!GnZHk5(T@~^(Fz`h#3);HFuB5srPDNXo0
zO>1o2p2AV2P+1L?ko$}}Tk3bwvJ7Wfs#%wp<@@^^q7rbNXkxX`r}=F2kn9hOw<^fX
z7QH+>q->+f*h@aj&h*3ftl;ukk>3WT#C3wx@oGVeK?cefpRM{8sI7Q1?R)e5Nasga
zqT4sSc?WqsNg-YKw*m82pA33Q-I;qY%8I=u5l8FhcHb^$T@^Sv)y~+4=4ObRm&eQ~
zxlK+nCf~m$t?MUx>0qt2uN4$RRGuEaBAR9kBJ)tAGyZ4qZp+`$j-|iSnFx5c>BH)E
z8^Y50D_CE#r9OhIyFmN)OI0mDBfL#1D=sPn*;m;k$KhjdeOaP*?aidW(GS;Hxp}eS
zKkGxcBOWF&qG{gfOQ%B?$>Bk8mylR{+m;}?3R%luZmvq=91KrmqrlU{MNks7OlN=^
zr3IKi5w%H`cAAa0?x%0Q?{&Zs8WGE6Mp3Ew1M+1TnsFpUAufFpEE~6`)Dx3bDYquC
z0abZ^%SKPfHZ+NKZ16VO$aDJ{=7YJ}1lPbhZ5lo8wm6GO2r0`m%b8-hK(5hp>T?D>
zOm&@JlGiZ?f)BY($oE-q&V@G}Ym>`y*I%LDz(y2BFSSUj&@yLa&)k{H)5wC3P7{w~
zENN!GoLa-9voOxK&(GMC#8SG&e2@sSEKS8)oQo_fg|W>UlW4c4auJL4!VJIL7nmuv
zwc@SdAfE^s>C3GtNV9a<kjP=N_!#7F$Zc0P8p{f3&-0T<Jx1!Z0)LdF1%>9&T!cay
z_$$PO2we}kr6Ec;Qhf3eI)nS}Y{$phmfuj6JCY@nEb1qJC8fYnGOHmQ)ndB6*GXJ|
zXSULLfL3IQ7yS$6ka?BFchVmc(YJ6Fan&F1KYNye#d<DpTH$SC3QUYI5(rnUvC>MZ
zG84%!WtY;*DYmLzNc6=+n-Ii=ztu@pb(L~$c~InTUpTI4o@?z~w2{pb+L2I*=aoQP
zOl`yyN7N=Q54(FLs`0hoF=dEA<R0>V6=eO6H*3IWszdJ^N_oGCzht$X<8YDS)%YI2
z+cn3^`%mPnkj7VlVTfU}i{|xW$h&h^(wt!(@a3gFN0G6$wx^B?;}#VI>Vcs5S6x!`
z&x7Ocx4w>A5tlp*6?T(KLhBa!6>fPfMt>ea%|?aQp&{%emC{JZB$i8XIm-6hSS`ig
zZ2KWq-AZfhBYtaLO$Q~!EgYbg5wYcL`>LIp?x|Ua6PN9nj$UEjgfJ`?Mo&o><mqmp
z9`Ubzbu+tqZXh!1!y7xiBUA=^4OiXyRu_H;rq^qUwOj}l*KajLoWU#nd$@w|V(p5J
znR!wI5j^y{zWh_$$lpKb%rU>VV5Tyt_$Dr|+ca)P4vllMWFE6y#O91!Ft34)krN+Q
zeL`xnkvH|o+$y;}Vrx3u+puC%C$e{n_d>&PG%5#Q=Yv_1R4K7K#2uJ>U+nT8k=NUM
z5xV7r1}x_+IpY)5u_rEM@73s~F<f+IH|;>aD%MZFm-nORDgwC)N%t%|m;=^c>YeF`
zr1xsWPakkMzOO<AyoRa@q`eizL`!a-)Gv??t}LFMmy88G7@rL9tyTqtd$x_xT1y{a
zdqAsfEd2%hG>1?LZ8X;PeosvH=@m<yJdb%>-cWET@zQ*q=#u+|%hQFF9S|FF&v%_i
zr@}w8yRTzXMt$U;oi6~MsW!0pC$0R|>|Wy)A~aRfndMKf^?vK+55bAE)5`$$Y{bE;
zykkK50qYeT7+85kD0wk3@YAQh7}0K}ZEEBGllI`fcJh_j{`-^3kIR9uBUXTX-Kepy
zmMzcrkT#7uC$gz9zzWT*pmMTLFJ7;m%5#FB0&k!HAfe!GKmVVW*B)Sk_}Y&6k^h?c
z0@~)%zlVohDpRmE;HlIeE8c3L(&bOme>v+r)rH|pS7|E^KlYX-8rlZ?2tD19JeXfE
zjSv4WjGW~q@5?<60bh{t2bU~D9@l(LA99jzT|GWJ09(E0Z(SzjT$=uau=FP>L6vj2
z-T|};X0~2_gFrRr)OH+Dc4R);lxl{roy{-r>u&dW*zeyhSlO0|Cjze_S-Z|_s2--2
z4wSBV%OX#&m$QSI$30zWO8Z9LZw?%<3Bz+WX<Hr-x{x(p3c9dC1}>hAmCwldEySQG
z)w*Izh4u~gtK|ZaZVitOfLsZE?6bt$eH2Ketp-pf*@0pLUQ>7Uae<Wr%cs%arIuYh
z&$E1AFm<AFi*YN?8;s!HBKFx=*^Xn%oucf5D+6{(M;&(*S446<)qFT%7Z~l_mVpC&
zklsLis5~`bmQ7tgzrIMyX1ASr{7+d{VT{c;%jOi1EczkK9}mE~o*!G7e34>yLr@aE
zU4GMQt%4PIRAS6=hfo3JbB_soUP!aBXY|m+aqHdNY}(ZHC`WmZ!E9<U92cYs=TSEA
zXRZ@qq>QexsTD~kQT+r!pjp!4OrS#QF;b0iU~qadc^_awgiD7vCMMBnhG-C(IO;~z
z=iU+gGHV~9lAVEaWEg#XzqTfI%6A~e-q5X+Qu@1Ysj;+oObn2Oi_WG&K<I4Tm)x-L
zbPqVbr)AXlRqLf8BKu(Bj$WiN;QmCdD|6u<dHyzo1qAj>P`6YEqfC!9pff^I%q%gc
zi2f2n+jeLg8%c^=b&OQn@+(leMDbUw22p}D7g>W-NUWFmm4QmUi^Ug!Np!#QZ^YfX
zOG;oJZ`p}I)`1I0%CMC|MXQ%hr<=kfcUak<SFqU5nWGSRn9zSWK(mbm*Acu*!HI`N
zm*$dkr|N?JJO%cj@9gy@iGGrUD&49^27j!*Fn8VItr9q7-inGuYs5rXWo)N}E+5=b
z#f*2GpU;MdkmUC{#}?FtwzLd9f^bngTtTo(LVtKQW~>zL#&XMnhtA1d-%KgemyTOp
zWsJ@4_*UtRU+7y8l3Rj`BYn4Ol8D^zOegAC4L<#275&-DwnRrYpyVqqj{OKeN8#dU
zi1GK+`|MqAx0*jFa6H9-$f+@{qWKw8N*?rgoEkB%V1>2BhLH1H(%i=!zoU-FCydm2
za);L-K7;^CeJkJ=ox)lW1I{qZ25GQ0(M>^4Cj_?_hk(jjY1vEV@e{mL8VIuwFFR+Y
zjv=-z#QJvei!a1xM?JrXJpAy1W69Jfhv&ZhiweHFw+a;0hEmk3A8_azsa4X}DwOKy
zweiIj1W%gpuw5FAL2?6|^J4<4A(5X8Ug_8c<aO&qTu&60jxTi~IAr$l{QPh9A$Y9R
zDi(WBg4JtM4XAOYa>#WEN+N362Fvopu)B}hCfM_5cn3_)(<AR2Kzfx$n1}gZ8t^HR
zKZR3SKi3g;23DcZcs{)L!JC8|nSXGnNuTA{h~o2wDv(L7MGS)%tKWsY(x|Q|#J@zk
z{$;sm=;T0gZ)Hv&7?F~Co>Pcdz+F4Pa=e<Smjc>{njV(2!ph}ft8%b2FUUBP|7xo1
zIK(1(rR>#&<hfrB3Gv22<#8kBgWh}xB^>naa-Vz$BaA}U6d;|ZAmo~D6_J&&Q1XdV
zRVPPS1?4Ih;71rz{fLc-d3wBLQVvP3Hxv6vHYLT+yhV*+Bz9$y4&IhzTKAOeD}?d2
zNBP4V<L0^&dIzcy7DvRo0xnRfbd3!|{jdcTmv1E!WLRtzBM&DP8;oN=v)tis5N7V@
zy;nbO4J6-q0xILcodg+b<QO~vYjsP(B5HP+d<Q>23(5tx8o@&GSr>;9w1AVLJz$Ys
zr^3l?F$tcX&c);q;bjAw)<;Me67!1u?W*}dVfN^{`^}s6K^&p=Uo-n08knAR)VloP
zAM<^5+!9`VIzA@8z??2XR!oqk4*MbfkodMZGqnWY4`~J~MOMT7w|DPVYfUzEB}Y&>
z^BN-1094}ocJ$rekmMgIezk^IK1prlDgRUdjnq~CU_(a#JMaWG?vkZg@AKs}qkS8$
z+DKLF?#gDyYxRss5#LT^Z#8r%_yH)QP9hh5(7$?mGugIVWX?yL)F$mm3~il_u1y7D
zLL-XSO;Y(|&O4y9?vYYp$zn?VpBenZb9eVVJ_rh&(}0wk%6b(Zt6z^evfQodizJEo
z2F?LqBlrUQM+B(3f&QAad6=L>*}%JaLzd~-nQjofNQ3U)K;nuA=)K7@$xY%!A5YlV
z03XsnP_%=wb?jE(1TMe?g&>Ak6^!3RM%%MfVQ<TCLLbm!o28`zV(i`{rwjYLb#Wd>
zHyyRM#Kb7YN>EWt+?buhhmeU!n|Xt<40hl0A>U291N1r?D?<ErRoSo~6GI0*v1?5;
zo18!9JIP6CK{~WKGleHMjj#V~;D4)eo@uNGnIIKX1Dk(g|AaBTHD=acGgG8HD`#ML
z4%}N(K#3DAGiSqmuWdChz?OiS8;`K*YlY!*!~6)Yz4LQgurNmwsxkd$Vinww4T2{M
zXe38ZcnL|;K;^ToN2ps_B@@lC8U^LKHxq@PNXK>;tzg?%DYGOQQTDU~E@t13r)lxX
z2_{_bfiLnGuU=^}w+&Ee%Jw(UskT<|2Jp#j{9W_Pc%(DdpMAjCZFMzqV`-^=3wh9l
zkw0v}El9;HTYmrZ>xi7V_fO92=hvL4ny(M@5~n+g>!4xA-d5X<@ykA~c}vSi>njJR
zS33cIhj}Myr{T*7^5+9N3qFVk30;=afBXDe1H%pv|AWu~BX+>+<R#g{`m=>TkOqO*
zMI7_2E(hiduo*nfT2^=A$G?uf|AX9K&clGl8!TMD?@Z`>;@MDt;Piix)x7kZsF%HE
zIt4z9+Qr~3MFEDIEIPcA{?PsJnbgH$^~bg|<^lAf^fdJE591YgQE|RMl4AVs=*zGs
zmW9F`<8D96)jbg&1WUA0P6leepOwH87?jsN14h_Ipob@e)_>WBC*<4Srzg3dZKP+e
zUrj?|3UEg#!{5j^<>@9uZfwfQL~~Xe)<(k;;Gg+5|LI;Y%Cm>ELCuJvH=-vv3mhz8
z^}BZZ7VgFIuYtx(*Q8i0J1Ui<_GXYv(*}EsbYFuGQ!bIrgBF9TVLdIiS`89&2W`<5
zX--Avt>a)-i}a$0OD@#>t`X8!rtzZ9h?Yy_ItpX1Y1`^Xd~~BlN*_XNQcSV18k91$
zX1mXKwS+@(zNVP&@dym;9N;UNG8x;eO1ZhC-jVdVD!3l8XV|L>Nysz?r%?e{(jmZh
z_VE*JgR4FoL#rhO21eCT@DHcK|BHH7bB~SUhP7So;2sE&=dAvmRT5eP*$qH~yd+Fd
zD7cZp=xy56<cwX}RVyh2My2G`J;csGn`F<;X9A!?Cbim@=J<1V%oINE0IlYcX{_;_
zwR&#z1@yzRMbT8(BYOTyV3BU6XB{E+=DDb-N@@Wt#cjx2;;n2y{X=bo3io=XyB`O=
zIq|Ov5x@ZzQ_{C{B{*-tkeXRf-GES<H_P9vu$mB^!?Fc+ok!5zHR`UCa<<J#V*L2K
zX0U0!Wk!_qzCbjCjZuB<z;%DL|N9kVd#Oo*{?3elx~4WLcXuAP_G@MRI1Sz3O{>lA
z38o>)@56iyRkl8#tucid+H?!7%?B!CyxEXH;wXWB4f0N>#bnB=8W@9%&FpMsST4cl
z_}i%U6ZU?hH+Od4oJ*}Y6SCpr5H--myy`K*(x-JkfGuKadfbhqF!Lo|F)45QVX_!F
z5iPdTIOA;?sRBi+&ibpLeMSQ@>us}A{=Tj+h;4pMliS`Wd_PfOD+@hD@3KVc)SEmh
zmvxYL7hLO={Mu{^n-G?Olk;*l4jAVtSL9&2V9#QGDxd6I?^(Sj&e-9~qk%_@<h4bd
zli(zh?ng#=spC8Q3zwOThqgr^CyzqU?-VRMum+I126f~<p$jjUa#oX?h%c*!(ZyP0
zG4s`x{d6O*k{JAA6x;>pEa?iZ_g1>bW(^I5SPcWNB_qyj;<O@1>vA^<%B^I^!v!TX
zTyT<YBC-4)VT+O6MJAo!asJ`Lc~&Y*BTv4>V6X~{`mtKl0CO@8K1ySzjmDICxfLH&
zphpZJ>q~#e7zN$;;ols|Zfpt0!h?e0BYK5$$Lzgd-y1xh2)Iaf(MfGC_tw9d>$lhl
zf0pM-Xw0lYAn`)ede3r3gwp;o@1%w?3N7in_mXBUW`UV>B|B!7l4fk%_+qLBNBEK^
zcAn7&u`5?57tys`5$MW{NRu((D)A~j2-$gU&g)>tOM>*w3+EcYczeQ6RJ2t$Nxo;r
zcl3#eG4DOpghQ3i<5jkUJlX<>t4$_F<JaeT8hOL83Yth1GI$R1$bi~<)b;tmjvBWA
zygd4u)j#WtF!&3bcKg4E)hw)~C!s7D76xo@HX<Mf=z4?r?=p2BcxYDSxry}Eo~MWW
z!K63FemRkBC;IO5453Xg+ar0!@Q5Ske&pzt@dd(iqXT8Iu_WSHydXt7j~UhEiw2L*
zscuzCIDP2V(0nKO-}QH5w=8i*&OwT(<Gm#_V_yGVMAAN!z6&qOj!2Ndpwh#St{Wt1
zcl;GodOR@pPS3n!dXf?KEOPS5+697VLrtXp&%osl35Lvlh}2M9sgelMBZ3lod8w1l
z%RKCc^(n<SpsOT3raxEV!!v;U9@<{Sh~m>@l-Ng0=eq_4+Or;P<k*ueRpXHt*bj)#
z%?!+k>v|OV8u}e{5q}FNrk<)bxLE3;Z?pbRV{N~$)D-C+r+k|}h@XmKQxAI3CGVa9
zl{KR()H?2782?q9Y5o9=7m}*96XZ@CJU4!DA}nwIJi#$eL8H=Y{=V33j9=MGSX|r}
z(AGjBewf#hwQKO?bDR7`@kjQCu_viklz6RwBfp!$Y4%KQl0m!G9oa}Jt%j#SB<_|&
z$A9%a&aC1zh*(6=cq{asghhf9o#kTwL1Y}3K?KPeCwT=~U?;n?Y-Uef!})z>m&<;%
zkcR*zmUjKbqSJlVTB}5Y^LrX=?->D|EEN_@%*vkyvA8o)mZO8+?L+sTOoxt$8N$CT
zpdJXXj|pC;{5l}jy3ODl%hDm9TTiM?hfmz^OYn)m3$VKCNNAquC~1`afGu{e*K!8(
zC#uq%F=rIsH7w~D5;>x(o#rVeLcVO+Y;R7Jm~pNMf3f^eg$@UyfCt^u=zPXwlv@!>
zxcjJ?KOGuZ^pNZpOx}yqxWm@+>l_WKP3IvFEpvBEtmM>)5`)x3jL*hKjjXb)+FupT
zI?f2;s1FSaGr7E6Pu#k0$LbcKIOrLD@_STOFV7!@KwHWUt@Wjn6EnWLs%S0yk|l)@
z58(XcR1@QdSLTvG9c)b1V;sX0PnJcO&c7lCt4|qtx`zf@Yt#`$s(QDz_N@vG8OyAW
zl@f)iNPFD{@HbUNN?&5<iw#6<<hEO+uS2Z1{5#NC@K-&5AXdwE9uoN`GvGJuy-)Q5
zSD%ZdroB5Mmg{wM%sudtE*8Soaz|K?nI}=ci5@dLjQI_#IIO>F_w;eNafZJ~UH!ok
zB#bf|JKVhLdsx{AcI(owmuYd9G?)=*HQLQRDfX1bz;!f!z17TPxSk|*axbX2rqm56
zlZLp(ujaXi#$VPLx0)=k*!c}B;<rDLY&H*wlAT7esQ`4&e}?5^d|T$$<ATMXaQMmB
zZ~d*L>{2S(vn-dw3~AyY881@4oRP~V8KL$uu~$Pc70<W@a4s3ltFqspZicU^ikfvx
zJ{TW;A9dt-?YL+Hjdd=58NkZjW+K0$%y=H2^=n}9*!9d~8>o-ikb)x_JVZWR{70Y?
z_WR#XU;-@0%Y41h>U6$Jp0jQm=w$jDML2P?c1d1E%e20zzna}Txt6{}E%?a}{oIvs
zo0|I%;@M+MgqQU9@9E55&(1&8#oABZQ~8UZm&hqtoHWScW#<}5!kZiqR?J@tzGfV<
z?LW)=aGJ++8Svm@{p-;}6p#hnk$7smeib)~06@}jzZb5(M}5DLT6(juGk}3fo(?77
zG<a}zUEOlJaG`zu<FY}Z?L;;g`}+DNIh^&%qUGT5Fu-dy@X7mXn*Sintv*B3o3Bk~
zE&@BiUi9wO!Y{vpc#n@^^WKOY-s+30JWTqjJm3CLvE}o_gG2X|K#X5{XsU@BVhkFX
zzlU5w{d+%%F8mjtf(`76IREjrBxNB!QxAJC=hbvcXbla5sh8SJ#wV7pPKKhd@o?{A
zR2Rb^nej-N%e@Rm2jC$RgX*BE>k{g#@4?e|u!tAD<@>Q}z<<CS>;OZQtpal1mNmD{
z3+#1bAxhF4?A-O!EAy8QGVYZ1Uk93YM5*)b&t)!h`=df<cz+jx5nZRZiYiniU?5J?
zu~ny5%67L%-Cf1FcfDy>{pj@LL(s*q&wDv;XE2CZ-DT*liUNahvz&vy>C0)2O;@5~
zrhkujSWZ+O-B1>NG@td6GRJC+Y1Se`vZ1>An(jl6LC1a^BDq5jFb5C@ss6iPVe?(l
zwp20ZSml-sZl(j#+pVx#PwhXKDdO?<0xxbjAB_`xBxrVd#woOEKE(%=QPDq~Yhc2j
z7U)*l>6m%1-YjG-tpa3IH<=OVzjqTY+<vMX%{?ZL%7(yNEjs%TM?u$5)N|<FKh;8*
zz-Q5LT|bdyq?eQ82M1uv&iLe@<CIbNC+J1hH_!Q$eDR7agkX9zayE`*^VOK7f-$&9
z#2TQ0OdMHGxHraD2K`)*ff@T7xks*DZLMc$9H>q0WH_xVy~zLFV<gqgUphsAe+zW#
zrfwd#D|>fHbj4Kzv7Ov~aA>1>Xx3}unP9Q4rzo|9-uLfD&lrd7c3flaZGt5cBe#uF
zx1vhMN>g#raiC5I7i4S&$=Filss)7yDb+)jF%*u1z#aaIY&EVZV1kmZn=SOt-<&>Q
z1nTXkLY)bt<NlIAvZ-4jLULXEdb0&5yeOXd4n;X+d49jPR_Xbxk`lQ4n!Y$G7kw$1
zsf&oXy3r|_9aTRxQ;L>+D83R_tCZT7`CGi$wsbe2(KDlKTFIEcGa!Rbhp76gfdW)o
zgihy{Y~?3(2|FZSI4aEcbVT=-fC@Fo#{{Kl7HS(>eYTLGKjLR><Y#RlIU*E$s|dM%
zY(P!DtWW6sPLW~r+!~iBDvI1}@10_sTH#Cy+wf;L();9tI#9Oz&|#Kdnp?L75NwIo
zbn*Ilh8v%Qr#tfRtQIGI-m$9Jg+TYk74Hs@Q;YO{qN04QXk&owZV%9DgRfQwVXRO2
zjP<leo}F@tbAQwP%?4o*25&k%yq2L&G>esFt02_8N1@a^N<r$&OCK&wUdCATDXJ{0
zi%5PesH2cVnN<81pYoL{#hsdB0+qZn3=MTK8fSfgLX~T@KE>)S4c!^rpF6=9U}tS=
z;u{Eb(#G}62)gf65EF7R;=Ahu-4I#4;kR1@m5?PA$9-l4)sGKZ?DK<hb`O+Z?H+9$
zIq+t-)sn<K12~XmBjrs3lTLY3Te0mQ^NypkjJu@WsO?v2C5C=TG-lgqX^ZphwSk@q
zlKk@aXTbYFpD&K`mjfF%LAqg#BqvCP$RZw96TFx>KxTw5mEEgcit(&#3D`)f8Wnlp
zieEO^ApBKBmtmsib`le(kRixyVoVWf6Tm~HM2_{rw>3dJ<)7f{QBL%TZ9;uY09cgd
zSJQU7RSsYw--4k5V9ahOD;oY-xf}}FKiBcTfryy&i?|!(*ur;@hNP5Tpkxl}>raaA
zRfQ7CS>W565z^X1b#q*p8_6n%`jkv|;&92_!WzS-xFqkD?MH$_n<5@N+pqy5h1a1<
z+5)drS$x=1pt6ZSD=y2(TK%o>)|aXl?{|JUUz$_IXGw~=7axASzZnM!o#_fs$ZuYX
z+-0s9`SnmGE)+sg)^UA@akH@=LcaWrA=0?UW0oX;E<=PG=LfHtl&sMXRRYBf9!5QF
z+?K=>X-9#}k<eclZu`~6B4=2{LW8#MWAK85ZOd3EHx)T_MALjoYqF6Xa#VLbV&gDU
z|4r5Gj0j@><;{6@9SBV>w3_A8@>9(7Tx!*%#2^Y1MwLK_ZHe^H+mbPSl^bt3)JSO@
z?0Y$30P0*T7(#9EXYT2pipGCH!!1gGvH}tJ+t?OI>@|K9VJ;wIpE7vU{IuM~I_TG}
z(&kRx1u~cTkwp9sh@rC~UqQ9`#E29jmCT$?qyJCm*WZI_hAU>qd|juny`wsR4^$;?
z&VupZP=q*;4#794r%6=>rg-;jsz9r3rYm<Vm?vt$SytLasx@`f>PAbX-FVziPmV>=
zHa{)4wW%N}jwi@6<NQ;%+apD3u}~D9b7L{`<HAgf;KtN}<jB+i8%y#(x0}s1P(%Bu
z;PnR-+rasCagyyuH&&#|?D9mi&v*Y94DG}(8~+DUi2~75V@<4(LAWtX_M=F=23HKN
z6X=;aSjLw<1zk8v@N8K`Fu(g>F>Utvv^A}q05Dh^owodP<)F`Y(_AC%#1Tf(G%@c_
zyQx~p2C7(1g1%er>Ib@3&|L$APJEJ_!0HXIY12urz6cCSUY!o%1syVm9wUGxdLMl^
zPUG>P1||qF3^@W}(-^3zF`Z_mM4NbaI?!7FiUyx#S>S!0oRag>>8IVW(td6C3L5nF
zvS5b3$N>NW*)o||=2@cYVOn?7gg6^nX{yax+IKBP=Q){cE~6pn-^=f_c8(7A1FFeZ
z0{a6yeu6g;F0}icEa2DlESK?`(5hBBp1i(mmWQjW2i{j_PuG9){09jPjP_FqJj(s!
zhsNH4&bkmz*rc@p*$|Hqm`OYFMYvrSGwdQ?XIxhQ2T{xWEAJ6Gb7?nyEdAIr0*%g<
z(gg`p=>CxZ%JR@*uDKpJJg?>~4;47Yx)PXyA7FCGbn*EQ%ioA)`s%OCr`eK$;W6=K
z@)Cl9n1&y!fr)tX&sVp6lUm;KJdjOC9r~<jmv*$-hIn+=r3NNIa+hbGt81F~=k;0H
z1!#Ab#(G*@D?K8Z*;Nto6Aolg4vo{{B0SJ4pEX9!OA+yZw9QB4q@(6nO}X~Lt-xzA
zzw{=&7;fea)SOM?KiaNVCb*_XUnsVwE76VqA!w|)pGbvDv^_%%Szj;ytO!vW)&~c*
zPIoVSY{YZ)C=a!<p)bdtlidPcv>ua{MnACy1GuzE>QRDr$zvFJz@A~@dSK7M$Iap*
z^in%zyvI)@btgI5YuxnB*hTTTq;>_F+l(9akv>iS+pq)%Q5bWE^fVRwK<s_6=&t3n
zXQgCAde8LDA<X@Kqo?Y<P{6*dtfp@8Ps<VBy-d03YoYvWfZ>f^C(+Qa5(dyClfqyc
zw?V6NVAj@jc3wrFjfvHptN`N=$d0i0uK3^ZkH6}Xmc+WGmC&>N&;XDSxZoO|7_2Dq
zH9-?}*IjxP@=cKF-z%haA4&i{RN^l1bfq3z36}~de*GY%9)v;HSOsV>iE(+X86bm9
z>*lb)^!HxfeXt5N+(2|QD*Hsl6-rbmpeo=dodsh|4b*L}6>-R$8xoeTC2|b+D3&uo
z$&RF~roTnkbJ8NP*p>DbZ_mpoV=*A?si6<DJ9^}Er-zRzBRPRB=*U3;WI*V{Ub&|e
zW~U#E0Jnppl}aOn{sI}3$xxazc&C(&5-i%$Hsy?7O_pczB@Q;(G$kZ6uwnxEG@I5_
z6<Fpy0vyX}rE+@iwLd;yh?)?q0R1SQ2Dm4_IHGJI&KOJVSJQreL_3n2U7qI$0l?Xg
zmB*brL<brtw>?NXRKg(3v{53WBRD)drIfw`Yn$gykg;+En6tn0^ymDXp=F&6d*n>+
zJZ}#5=PcII(lxMXB$p7agao~YSd%-!+n%};CT^A@5-MY5&~m#iHM-lU-#C)fe?XVa
z7L{T=vwq?($YPmc$PdF(YS2&SFzY6_MUsTRrL7f11yuN>TiUqxNz{No`^_ow25~e(
zINgC2pnXLmtQ0F%VpIb2!){{|^ae2&Se)pf(**<9=Dr2`JTncj6`&{k%T~UCh(s-q
zS_<AfXi{|wN&=;rD&agYv2;8ZkvlOt!|qs0^&rBi%7!l|veQA=wah~gyS5$VT@%z|
z-uY8ap}OUcjn>qYpN>Unj<vg3_4B#sk5DnsE~^J-(s?AdGWX+H+wUs2M9Sq=JbjXw
zCCK{DQ(UA`#n=MdI4&6tf9Dbw4jLNhUfim(!z0*Uj1qZIFeSWkN*X&fB7E_ZK{__(
zl8Zybm<h4E`A5a@kHDUuL}^KkQMk<W0(AqMimOSkpT!2^6^W!zDOc0~zOuz><_e}H
zGho^^mRlxHx1>J*;h^rlE$<PhOp9BanaYE<7@)Y0d>LP;+1Rjul%SADS@F;Lxn?6C
z0;js7-9TU>V85L5t+87LjNDo34JWUN@)q+b6Qae`E~yb2%IWuZs-vl_K}hg1SZj0E
z5_cOhf4h^z3+>^S*0`gKXs)fZV%~vfhv&SCD=ycI)y6)$FvS(;4t-G({w&-(Rr2iP
zyKN7`(>M42-l<s3LtBX)Ek7j5x16ZEn&{v<P8h{0U8yinkvsn5YbR(Hsc9ZQ*M*su
ze_O6dTqL%)6YgcpS&ESvE0>(|-~GG-VSPGc&+Mesj7JXDjUE3}St2pJjmN>e+((+W
z5gKSs2#IkNe|%q?S#E8X($xJ=zUuiHD$tgE;-O1s#o)t>DamBpN4mZ<Fzln8T7kqG
zB1{$kqD@o7+%E@FNp89bFOjaqPv0R@a8<W4=~-nuHzqaKaZc0s9=B(^wji!u-yT0G
zOr^&<S#^pU`Icl9EGxFuB`{bRWko5AzG1e9_Vrzu5P2>28TVz?BsT>gt*GI*M3t9z
z%dPQuWh<7#?71In(R{%^>T|R~>3-2FTykK*5~DHnba>FBPl8o--aMZ48IlOv3|>zz
zy<9wsxO<0ew0~lX(nH;eHR$<`JA@qW*~5$Hrd>+pAqDma*4Rb*6KGx1&`f>v07!$F
z+oc!pgL<S2($6|{3I{D{p%*e_!nj#vk`6mcat*h0rYskWwZ&TTuvUzJXb3MWeiiyI
zWSU6EGWVWJw*H=l`tI+9tEx-=MBgnh8-!-K%%y==F`Bt6aT~GtTWCZ&j*ZyJ3h!H~
zjq%t;iw~~o`-%bn^x9XFT)0elZrXkP4!aoWzQy8mx6gW|6XEVI5=2|zsUPGv%5&#A
zN;s4ft&teJ2yHQqrPrT(>pO<^jWP`l;H8Dh9+M1|L~?&v2P9U%SV=7&4<1!--CqMZ
zsdo(<;r<7HLZd{S;L+l!Xih0HF-Zj>nkVeN^zw$SpG=jK4}Ws$|90qmXq^#XzM5~J
zsCV(XuXk0>MuqHc@2Y7%bv{Ls8jYp3KD_(dUJ#OCYJL~4qL^6Nt<$3+e1{kMtq1Qe
z_xF#30`{MwKc}Ml*mM=urBqs{^~jUds$B>OwO$-E8q*57y1vT1{{{R$+#c5yPfqE>
zP-q>C;P-=p?l3_s-v_W4#jfqb!stXlJW+u^nd!|r{fv^ApL$w|T#40P4D@?0m={At
z(lYcIvCN~L?8-gG4=*|ySX-LYq6-cUq<7VNq9vjO-=RFdOrLX$%S2waW8X?9;w5=_
z<T}t@r1q^V8a!^+7R_@Vh}FKA)%`=xNf-P2T}&jF@qu^qkhsW+MPzcRCa^d$A?NN!
zE*4^bdL!rYBqtJ89#_xB!mvTU?_R*|eJtZ!=$k|m+RPkouee<F2Ygm7mo@V~%S6tF
zzklzzY2y-~(kgqrk*&Oe(MPJURW6+o*La8f$Qr^omJUT9?_R(5BX<+eW2Qlx%X7Ev
zT>JSsDh2kfYI-gmI{G%q_qrj$(x$%7^qT`;#QSZzYG>pbi{Kf3wQG6BKVR?nTSq%!
zffg1gc#ETbU+?R<oc_?ua@b`u`*x@NWi!=Xy0Gd1ncV*%F4wwkVgAdm%PFKL%9z*x
zLCX2!r{kZJzLfnBl64gL@jpmo;O{`HILQl_z~)CaG4MGQ*7CDJ(vT3@!TX_%)9U!c
zz{_00N7p}w#%^YC3xrl`@Erb{Pueb6@#QXDLl<I|1nJ@*_{*~5tpq-~1PUf0LDm^C
zI`<RHdj22e(1`2`z%wX#n=!dqI|~s_)5@xBUN(r50s@$ho8aqLDaZarua{YY!e}Al
z<bnyy%J0|SD}NDe)eJwAa6_*BuwA^i?QU$0|CHAc@*(MP7lhUF)l{#|=JFwI)dUs2
zdNFj69LE*>Oi2*^ezg9Cr*8cs@1XUd$EY=T%FOmru>^>M@Rv=E-dozcdtmqd@(wO<
ziO^swR?vrXUH}1wl1@!VS86>Ubjia8;x*&+5_OILA4z8&*96;e;n9M0r=)=NKuS_+
zK|(qOMoBZeQ@RmEq)}QVq+1vrqJRjayM`b#`uT3&??0Sl8~f?TuKS$pWHolp|2ev4
z=L`M*_Rs(}+J3&vqAdOFmy6k8ft*$9?Zb}Dejp<#)mSTjli~e=5q=hxzx9ua3JjUF
z9)4DMuKz-9&<uW7dZ~KXNh_79VJ#;J6b6oMcKV(Z<zPn7v#1D2WMzeG>-OQje+sXZ
z@c23#<_U<6uY&5H)EWqH7c}!1RubCQnzu+rz3`M0RwYwZ7XF=GWljVb59bQE6SJKe
zlRiJ}AQg<J)#Grp>dk5{+jg=prg=x!f2+pP>ucb0GNGb|+Z;+bIaGnOC`AZS9!Tjp
zXP0q^g1(qnM2T(&-63!hNxEFdwYCY=`cyjJ3Rmt+y5w)~0A&)L6&~wp>D^!BS%xYp
zw?oem)k#irE-|=Zp>65Ke2~Q56kATFNH6_C?}8s?h0;Nca~)gs9?WF;8~33KxEAIM
zlN}(qek@XkLt`}Q`0Ic9Bf>bh8A^~`5}}SVSBR;6kq7mTjA{e7>`ZJ00z>uO-@5P<
z%6<OD`~i8SZ}bDK>hzh!SX$2kE{YxnuLm*YhzlNoe+oO}vjH@sdrzcM=RUqib`RK*
z_;rWh4t!Eb7TAzi%9Ogd`|{3`6i{|UW@}&T>v7I~r`VSGqcnYGr-V5nXs0PxtM8qP
zB^96yWJLqj*=<p#JajJ+01UlK2X{xvhA9w3K6b5Vu2DyL`tA`hJ7G<K<Eu_Zv|$V@
zNd>C!l2r;6A#(MJo-u;om&@BG9dHm5#$erzP?Q$|0!Ptn*AetlPQGqAJQ#SZf0P)S
zDM~+SP_P90U6Wap$_Jdt57Fe5*BAAZ_I)TSSB${qR-msVuuSwf#~!hZt)peE;G{y}
zXhZBtdY?jOAedvXjh+{!7OEr`#$57zBJ|S5CcZ4hvnIv*4WX5z#EZg<f&}Sd+J0wB
zn8ESn#?phRD}85gOyM9$rs}d63_m089l_&J991ty@ZAr;EGA6-N2w!^KhzyjXK|p0
zZM)IwvGF+ur@nB;z@%S>?N4UT=a={Y@bp$hlX)q1Oo^s8oA6R%zEUNu<n`J3$J|Eb
z^X`x>r!vPHBc}Qf27&eFLPpf{S=Ml?%X@D#6`CYjtLDEWbwo`hD3uO<X7hRa^e|2n
z*m!9JGIdN82oxMrExzA32O%Gvp-)phVe5HQq9zu_@g+tv(cuDdhKvscY94;JW})5z
zUk7EX8#1a(Tt1Bf1|!%tiG(4A39XkuQ7=@qP|y@o#qX0kg~$Z8uvmV*0dHmY_IQ9}
z*i%7U%qk9bNItR-s1R$H^pt3a&|@0lbg1^ABZpS}S_9dhnEs7N<;uK%>&(Y9;K7h2
zY(9NR4p<KH-eaC|5a%IWav1;Yv+>QY$DG3S5F;+_*p{rrX9(!n0b+{g>l=-@Gblmi
zsW5vLe?1MSGc~vYcjH0zm>l@LU7`;ilwG_A9~{KeWZ6_4EJ+3Tw)BC|d&djz>w7}Q
z7Mj^s?3_8zMVtctgs|j)Rz9rBUL_7GDh3aqPdPv<9(2u|AyTd5I-)-hGfb!`K$$J*
z1z}rcnJq$tJa$KHKoTnS=NTYAO>ln4a!?Z^*GR`E!W*~w<t!E^5MVydBzE?JY~lg6
zVX!$aM2wS2ZA!2bY_zGAhaGJ#5iqN~_*|65RQH9p?d`7;Hyav$W!8VjFM#Cc9c4Ol
z+T_%#F2$Ky+m-i`Q`3W`g2M<4$~)+iyuu=kFb{B_V~uU~TleM}EOWDGgwxr)a(hZ%
zS9#ah;yV9e{(KsM9^!OvlTqq@E#=wX%QudYmbFix??%v41Mw<yF}YRrKX{b?bG`~v
zR-j2cHUf>Z=6YesyR}g7q>(!e(WF8uTpc;{93+&2n-s|v!Y_gHIz@99A>7lh+71v1
zi1c(yMP_`79{?c7&04CWXV$<46wF{Y0Y<}r%=SOtxrcmx``-~ZIC<>+{@ri8IPn}z
zj8(b8*f3(GL3s=$eLm*~W~(o6G&lvp0M?rPahtm2bO&+{4#M&F8jSC*lPl9@^B<(&
z41|h+(|VvUnoYCuuGv-QWZx{XWEl_W5%3fF;PbKkuY(qxmwL(z!ao13YVYA*Q%gyK
z;@SZkkMhCYg{LkqHueMrZ|-bJK0a@%Jjbo?2vTSI{eqIq|FzJfhc08|LDY%q%qLOn
zW3v1ISWuu}9OA>cy*Y>&{S3dI2Ulb|I~#adY2c)@%v8KseO*&~M}HXMKKb{>+CcZ~
zgta?0kJTFJte3Fg=Z5NmXXA_V(p-P~6ObHwe$?3b&Y>TV=*c(W%MSkHs*#HCa91ol
zlW8*68K&srgKz9U{9-Uz$Dy<2(0a19EA4$ae{F}NZ6!*;+@f>uGCGvjU%yVd&^q^B
z@dzCYQL%SkCWO;%QajsvuO447Y5h6=yc8n);7m^D;?>pPYxUn~*twQdJMb0lBFBiT
znXA9NO8B#+`D$&G>#X%v!C=a{T{rZ??KZVw%VH;24*0~g#xdpxyT!J1(BKp1{nh-d
z&_K{0yAW*BLS9d9hE9N2-B7{B0?<Y~1E=fO!jr5C;GAcG2H1sM8Rh!!Chz6A1VYY!
zjZ7{R3QI=ddO1y!w|m(cO5c58UGYnHoZ$UEDmM&a;Le8sso|@(zo2i@O68+<>MyHv
z%6gSL+W3d?HK&zbpV8!!Z8qESZ6!=MU*uhf+jZDq8Vx})I9jnmnbR~nZu&_3sv}(1
za>qG4xbLbXHVAHo(6HE%89t;X+no`*iVYr4eC?j?D}t7pKm}Ggtduf)WT1o{KE+&C
z#dyhX5QzKxy~dC8FG4ddE5ht&pn{Jlk<Dd1e+<ED`e>*G-YzA<n#JpPtv$UYp*R5z
zi;*Z1ItFWc-ieC1Md2kN(_r5dmj7emp+272+;dsS#ezljG-@EQHn^w1ucIsJ#sI8q
z;Vt5wHv477x4iox7btFzEe~5)@<={FxgD+-9QK;o{k1&WfIFvD4nCc_`@>b3f;BIn
zG+-P4AQGL}RXvwXtUur;4M#51X4(1l+i)6u1TC_OGvfzaD@xqei58lHAJ*>6vY8!&
z!qy>taY@Rm`TnNns)ssnvQMk4n@`r`0TTIUP}y3~x>mFNg9Cy|{GO9RE64n-jw*oQ
z@c$8(h+zm5x45g1f$UJr#yXU3Z)n>odAn_pHq=y}e){~gD#G%}Zky2rA9X&01h*UN
z4$W1>JaGER52Knqa>ZZZo7brZ6ZDcOSH@b}4OtAQD*E+;mKtTB3tjyR#{I0V^Fcgl
zv{Gvec$E8esNB(ehyu;$Wjt%X#|14b^yvbCbU~}_Tjy~l160zc4BU7&Tif&HZBzd-
zf22+Gw()G7<p1tTo2n+}0RLjZo4>W1e*OBXZ3V68WFRB_0HYzLV)OL}K$2Q*3tXA?
z^S{?f&Tokz1sK|g&Fp@Obn+)TS|n3{9N>Mo$bp7goi<etfv8eTUz;%f^-QA4;37Lc
z1S<m>qHZza9oafBoa|mB;*@XN+uqb?6&LYH+@!w)*(@&HPpU4#Mg>x2=mO2B$*kG-
zCcJ<nxnab(u0kA??(3Un#t)c&T*Jzuu1iT(JTz-ql871lI=~_0N?i<=no>gTSeqfD
zM1Krv8z*Iubs0JwPBw{PtW079AC_9kjN_h}(FR?3&!$;Y4C;+&;alOqKz>w#rmeN+
z=`-QZ{akI|u~cYJPgXo_o7gO6!jbOr@JL@#>fnCboWxUo+EMQlNqLE-E{ArbQBP?W
zYB5an*OA@r<ow2@s~U8pURkJCJSGw<_xTCadMInXEPUkCeD5Mh{yL-;OJ75F*N)lf
z-J@vE!2GWHtzeUGwy3%Hr~ozAq^Ur?t1USD%!!6Q1!_afXL0|&4m7Rv{iQm7=x?a@
zQFhEoj*>2Q8B$L5vXP*4R&%u<ymYIRTE5jF-aRb)I2z|*gZNi{a}amfFFB((pn2P^
zT6GRkT3|o!kk7h?E<Jcen;&>G^k0rEbf!MM&eX7RvqcV4X%M3;^PBR^tMg9&#(I33
zg37gw;bOe`q)QqYnG~!?=!G9G?3>H13VZCXOC`KKNDg7N(Jm$Y4+59VqH<q#RJ0xL
zUlV5JiRLsdBiqAh6x^ucJ5@l{5kvbO6etn@ikADh4-aX_+F)YV_T8zco3Rvl5v^?F
zmZ-yY4~X@*-8b_wl0MiveU&a6=!Eb&T$Q+sVq1moCgygUAp(e_Yr5!Oq%SEmqr!A=
z*~4m)DUx>Ipr>;E5sLqGsh=}@G#%ho9>&#EfM68q!IP>P*Pf%pY3qB%Fxl#xqcdxa
zsyPq6`tNR=*%^z;IlMF}3`EEQzVqa8D1bOyYFN3YT$Lp7rF1L@b7)23av#e&b*=Eo
z+9t6x^H<S*edq@#IqxvKFdVljBkx8{d+H$!=@IJ}amlNfnyd@)?>`4rASK=%5b|JD
z^NeEoC*&%mRp{H*NNsa*VEJSl4|TOLjcE$F6HBB$DW!mMA@f(GSqSzL-agn|+=%;t
zefs1lKT<VhYS}@E%JF$9+?^u!5EGxXbT@9cY`H%g1*wSpNxF?@CnYvhV=^epOv}>j
zBQ;WmPfk4|>5RK&f$7F_R5#D0v?i}&u`Yb*b}=XaQ+a`w{mt~2454mVx!&S|$Jl4h
z`cZPL8n_aLhisEsFr~6-T%Ia|B-!r*m9pCQxLtiI#l3DXM!Y}_ZD<^6!i?0PkubtU
zEWS;>QPS;vl2}W*jEDq*8mady>|Zfqr0A{afU@O2W-W)9={BVfZaAH_Fm3b?hoU&N
zl+T1wY%O+Mg*D*-|GcK6reg89#dQPF(o?8DBJb-C!sYXzA!vy89Gl?!8fzJ3;Qd2z
zQKHH84Z?`CaX<Jy14zC)YtzzxZ>wGsRYoa;P;~irtT;aN1=gS2A`M3q+x*qjP60B{
zpW0jUs3BR-#O#Ubt5&&GRJ|zHd$#;MH67b>Puy$-hSEQUmXIRd0O4516O6Czl?^k(
zi!xm$)b>0Ac#<U+r2Udxi$xu_PxIGSC#9rHzcMxpGGcOy2$DX}o-G<nUxVB}y5~zR
z$zz2y{kiql9woz&lf>m=|5#cN0-q%_mL!+aQ_@^n%Hm4TX-wC$ASj0qSFUaAD;^EM
zY1}EK;15wP8p^`WVI|!Z>Ys{;@TI}&n9|&a$`|GhoK8_mZSEDuuy7<>zD7`)Sv!bY
z7l&mzS5=i)=a!O{pd{iN9w|za)1JSf){}&i$e$!sqrWD*J{K<<Nx}TwYwIN$VU*0K
zQ#0f%EUY-kL{>A5Cef$Qed`+Y#~WHPjC+Bzr&td&pLT;fT{8hCk^&0v7cciR(urvy
zK4|Jo3(=B@wvK(K@_`JhR9w1I`Lw0H{)ra5ig(K<!uE$hOd*h4BFEewIu8crB52=u
zbjd2mw6LUGQoXbIO&J(DPhYZUNPqR&3Uxo-l0b4sMN`&ZBY4R#=CV$7r2%xI7TwVc
z*-ZvB(4Q&8b<0jC?O|wXBV+Zw!@iBp03SKgEKHJ*$Hs#tF%z4-zd(jXD%BYtvJmv%
zdax>G;)@%Iv9R=8Lm$@vHR`a)XBK<q+W`A}l}(mBtHCFdz49qT#v*QGb)>UhZbNEu
zynS!vw<Pw?ebNqeubk)1;OOq|tI$8)XJ0P3)>I$#oiMcPoo*H&5i!TkNWSF<fdO4^
z!`E5^7tFU>Gz{HlgZrTr|3Q8To|IuUUxdD{L-mJlFrU|B?8v+CzoQ#Xy6l!a=`IQ(
z$#Nq`3jR&`5h8cH4q`UfMYJL6Ov|v&wAX{(4{TQUo0-MAuLnnNBQB)nuFYEh7L0Ul
zH}+lI|20~Fw|WDJ)N-H5E|zp)3IJduyXzOh1(_G2Q5W6hp(p1TYL{CB!RYfe%RsZx
z7Gqz)fVN+8!Zxm!kAq^JLrM%O!ISFUCHp$~mEdA%5(*Pedx@<`HS5o`eP=NWAD&y=
z%Hh{^k~Ew^hpxAT^$7jw#%Uc9m+T4!Ej8vzI;=L9$P?2!<i?-Cls@}J8!qiHwtnbt
zx(`AR>J$%*z~ma?;K!S%2G0KI;4~lyPp<$fMn|Oz3!eTCvxc*e0}tuy2IX9yY<@}~
zfVbKo=F)DF$>e&T{UQLr=q!*j50j0`IV*}&>4MhShUDwo7tew8dKFRv_Hq5w5M+~r
zu4*6kDidw%GSmr^v?xUj>X7Qh_i}pYMQdWAS>GM1OMyaq7&EgK$c8vDO~||xn^xu#
zREbTII%z-y^r=U~+@8Ofo)7RF7o-l2k(9F;ekJftJ4Ze@;%*zB|L5~w)XT|8N|z0A
zqee($h-%xUy%N-W?2zKbDax&Z&hj3|jPfUY{uWOfFGOZWloYg#(g}>RJti=Q+QRso
zuz3D#mAq`oT4)GEQ0tA7_av(&Js&U<)6s`k7)z)d?6ggodh~)@;Cq-uIKo$brp9R6
zOJgMQYnXmo%8k10vAN~iJ$DHl;4b1bFVuPomdqAZUINa<REQ^p2GGQEMW|Sy)QFV+
zn#>l)C;!h&r$U#%PWkj&$JS=`$*VAs%=sCg4Ooj0;}lR6VYgB!8f&kelnRvDzQM~$
zs7`zuKA8hE$t(S*A(}-Z3QR=bJY2{=D<t5RfLqj@8W{m<?W`=m=!PtD0={zhV^UBG
zGbx&XCd$KT=Nw(;-2Ae5?=gaamkXkX3!kB%rtLEC(bsrvpCmv@cMyS5q1?!D$uj9c
z$tbPk#ggc!uVDbkYH|}!pkO80$W~w(yLVg3_l(fvEosbWhvHKCCskN+A#8i}Hq4K@
z)5#vCahF3=7KtFK+7S5DPkMSp3-{Qmm3Slz-+aiyxQ)LzSo}!wK8rCVNSm7#WAqtD
z05{e|d}N(ARs#!W7=Ghp`Bg81n0l=IqNlIoaTZgbeHY-yyyy2(m+ZTKdSHqVOXRZO
zn}fBJUuI_1qy3Atl@R}mw@O%_GL@r<skUOP&2x0_Uz_V`^GWh>Gar(QDm?%7MM+1V
zd`3|&C4=P`1{grIR)2h6Dd=Q<$y#OCs6+Er*Z85{jJ5m}3#7N2O8Jc`y~kQ?p~e)M
zJm0jyNIdkP2YKA*Fy1e{bY`3pRL=_u@<Q-|r<!(Aud$GDexyWR$V2Q{pVFEZ;=F#Q
z=m29X)Hlld3WfY|sCx397~-HW+BM7nGoD?6!J11?c|c@T$#^zec=~nTvx?8K6i>!N
zD&xj#ckH1otU_h)j;9Ygf+W~XzV~DPrkOGD?!ch-QFiiM5tNoFZTP&JkOd5&2GJ~X
zlkp;^v>6FmR)mR7P})=;(R)d-luw^+K>g~ewX|OUY-HAO@dOYL4V+=-PBGBl*ZgQ$
z8TWZL7G*W8*Z9-f1}=DtWEcNkmna5EQncV>#m3GKHNn_$FT3U@8UD;q<ZV{5Z2TuW
zqIHRw+}du8Mn188lf$A+5Nu3GI>ldRP}XGD7VfO(Xg)l8?B{bm%xaM@_vrVV7;_tA
zw7nMk&w7HMzWiz4bS#AYAm5<n>kQ2zDJk4<Zn|LDc!aP^Z#!JWj`oerROfEn5o@ot
zyczgXnb307(71<U?WyY!Hl<qz%kZ!N*t-+9T=1EI&-KW}H^zl>@tnX*9iX7BiM*&b
z`8n0xoM7#7sYuK#mI(qfBB?}~25yy;;5%&~e2mreAmSp^V=XU-#VcA?<>u0W9XDjO
zOWNQs3OZ4>8=+qfV~v^`ALQlbYATS?-g`NdqB-&NLGM4qURb89jHwhCct2qE@HKLq
z+W9@#FXzosN6&YMWPIjTJ$1+Jnh`s{&yK<y8m<j^?=m?Y#3T3kw*a02-^%hrgxbgp
z$d{Q~)O;-e@d3gCI$=M<$qesPH?q$(G`#aI&8+}h8$eqoX1N4@a+qCI8v<67S9P0r
z2V^?)QdJ)i-#Mz4m!>3XVv6rfK2lN`y|~_0|MN`yoYCg01{(oGG!O_Kw1+!_@DAWL
z_LgU3YmY!q2jpm)2=PH&2#BgdZ;d7V<W3u1=H%3x|NZ}Oc2)p9vv;d%jmTh-S&97)
zGC80Lw>0O=sr=RK&{d_x$>~Dj_4DfaeZY_kh1Y-xsj=lK`uk<LPpU&b68L=vS%h8L
zIQV8khwC@983kX1sn0@h*iiJO(g%~wWha*ye-hhxr0@K^M6*N2rR@h(aG^~kNd|qM
zp%j>mYdG{QEO?k;ngi-@rVKQ;ATu-`*x9^>ZVooG)+|Gt`TN^=udizbUoiKCP+%2o
z$(&8}P%LEmp}p`2|9>@Xckl~y$V*w0O*z!jAHjh&_iI;%F0c;rRKi*al+zFEEmD}*
zr8~M2_RNQxp<Ib)|3aMp%H6Pb4>ilkMbFKheFz<7yL!KVVzJD;Chd7`YIZcSeL8eq
zw%L8qeX=}ZqqPD45p=dTg<che+KGVU6uMv%n!Z)=)=xsmD0$HeM>loJzDhqDJ+fJL
zAI-@p?_@Ij1STJb7uYm4j`<oTz68TZPqb&GomOf%s+oslAd>w*Mnpjk>$*PC!4?(A
zi?{5WdO^-BN3&JDUx2n5O1CcevAJq4^n?{Ll1T}o>C%NBD>QHg(a>!Sbm;ZfivOt~
zmDVL5T;ig;^jgXG(dwYfJ@fdZS@FB5TXXpPiG~!XRBv>2#+q)$9K&4V*NL028Wsne
zU5ttO8j*_qDEs!jVJjjn?7n)UZL35K6%EZ@bhePdGK#srQ@4RDl+Ru~AlIsxs=p%@
zg_h*{sr*+%eVn8PMMzRUH1xeSxpH0R{bY!gnth7~$nBiNL(*XsapeT-VhuOFk`O-L
za`HxrGCTMp(+^V~#kNl4j%?W#Utp#rVxypF!1GG?#3q$Z6#!u!jRJR!5eFNFszfI`
zw*XC}YyqQRpiI`gbc(jNYtX6UR~@hMcU$w|Q}wf2sZIoysK3@5MlDpf9tlR19z7)g
zL6Y)$MqfhxCEZ*J11&-`c-d)yU1taJ$6XP8=KSAeS7(PX(m8ej#xFMmV2sD&QreOX
z%OFh=$m*D#EJ<#t33#^xv;mL@vVrfm<hqf{ByHjsV{>3V$5U5lkgqWT86f_&hYf(>
zNSRHXb9~(<ce|nfX#I;19oxU5N`uH<bX2AtMfzF>I;j1#)%8^JNH7x@5A2Ev<bF)L
z3GNgovjW8)z{Qz}2aX*kWIZWIPybI9;NkH^BD086q1X}CFf+7xFVQtNhKsF%3oJ0S
zHZ2V`AoZs8GmN?wbribsFAJ{<ZlKJYY`VJ4=Op|>gIHZ-emx6?C#Y0(P@QN};C*t)
zc`w~h)c|Uy(keXT`a{2eS%tlY_AF~`nDf!qXBD2w5CO0~xACRn$@aSza)sJiw1Kiy
ze&EM7=vc%?`!i5^3T&TC#mH4y6++!5gErf(*D1_isa96kWvyG%H~(nV=Ya7a$fJ<C
zii+<kZDEY1lJ@P3yTSKDXCkWgCWRMk&ZiJLu2rIm=&O?)qY?po-<gGinQsTc3k0s1
z8WiJytK_JxE3=xc6$>MFyya2NYGpd{3@w8fy?MO%WyWUu>SIQ}Bt~jEYn*-pG_qr`
zgB)d$7T%ubV=usI^r09ga}lP{O7Yg5&G=FzAMI>u*=haac^x#PW5J#<B&(>Qh_ehi
zT35&VMu%?F9TVtv`Zm5M+O{t54s|`IrY|k!42;T>^d%#)H6%rC;8h2_sP^X(_HB<F
zxO_WZof|h~ci)cND@r-!@8(B!$I7+5#fcSvp|wg8^r)})ZFL0ESZ*qWhCG^U3DT(4
zYp7q)`F=pv;~AM7qe6EU`_~_JU;e$YCq3Fs#u@y$2UtlxrYqAxPG#cF!EM^<Zcinr
zX<lFLclienoTe9Xe73p8LlYM3Y!LR0DQJb9-c|p*maYVy1UjkT)Et+Umw#|{gwb@l
zVV2XjG@Qb|e>YP-#1)@*=YHpP93r}|9q##;ioq!PD5w3Q{Z$Mc3uCL=u3@>=41T)f
z+(;I3wt^9fJGFTa^mYQmm~sf(K10#bq@1gnJSp&gSnKmf$1?7;$Tm1r88tTIhrx*g
zUn~~m5a+}O&Wl7_l-PPZsb`}@4S7Gq6&L5F=X9x+4X)9K+;QrQZM6Pd$<0MR+DmX2
zRmGvz`Sle`u%2+50t$M-MJnY1Lpo<yWbL3V70idH%#>wsG2$Rr+MBNpQPJ)m;#T&$
z6bkL(5T7n~1q9Sqc<5cC*)-2Yt#}}YByLYXc@57dN^B@7H_2SXNjoqRYv_nLJ56)7
z7B8HcTF=t0!BPPq93fQ(Z!IZyiKuehu`KofptqSJ(rTIO67i*3iK=?nI*(KT4f`2P
zH!J%psUxLK;G1au`^4`@Zq|&dYoZ(3&h|%8Nk%L^Qr9d|XvnQ(DC^#T5U;m=8qJ<~
zjkT^1%d^#KM?)dOeu%kJQ4WpZ$tJkgH2ZYWPkPxcNil`S#MTD{rNC|7Jl%))quh+7
zWggPvT;Aa4BtnW>O?Bx|uKr>s7Oc^XF(hY?6!(o1{H(d_4wZ;G%%riex9y^9=pCx=
zsO*YaUVsPUie=b<xDj+L@hQ1fNkn!gvC=5SL@jWZbePmNu{-vVd1$w|GIG%+W50ha
z{otA)iwUOSNe#ysP#`~TV?|pXA0Bdswf`oxL2W0Xt?5-h?UYvcxURs1!e|>>d9^#V
z+OxuF;HPgy{f1&Z$pI$huqQ#`vhNbxjO(f)ly4cLgq&UBtxC05F>L2y?&To_x}-<q
zKWrEC%=^c++TVFKyGIxo7`-q{NZy6bLkd1>v%#}tyn2LREDc%vZYM|byXH)=E{<N1
zzIZwN(X1JNAlXYyr$eLR(8E1(`e^ulr>MR9Uc;2^Dmet@vs0p@xr+DGMWPrcX=9Q$
zPN>jgK8K;wCV=O@RLZKPc^wst8Os$~sW^kp@Ln#zyv5f{zM7kLWaF41ZqYuIDu0bJ
z`uh_;g)~UEYh}f36C))Bo5mnsC6Izm_u4838FA0%^=`c&B~}Xi{FZdXf-sL%DzfFc
zm`9TI@t0G1lymlnM~d!*!94VmLXJUcwos8$&cygg77zC)pW?&9Xh#w%kQ35x&54!X
zFDRDQt6Jk{(*NWOzo)Ee{#`>alU^ZB<l_S#>pkClY$YZ|WuD-pKy<w@?%TCe@!y&u
z6_-vo6x4dCofkDlzol~DRa#Fx7bZs2fG7{qC~-W@JhFwZ!&|wG1%(Gc_T+)-=G@HX
zFgau+x2BdnzJ(`NBu%oSPwe}ZWAt+!{e`aj$rdKa2VG?ix?6|vzQt5#J<(!I@l58!
zcjcAXl^#V8dMZafO48z4M`=om3>0A3&B7f5bHm@k5OykR8%|fnjF^`)dTtFWi*q-)
z*0nX_Xw$ysTzT5}jRrEjAO9M<-IV(KBqls~sNs`u7~DPPnpnp9c)+4!<_^{@IQ<2)
z2L1UcFXIl2E@t7uFR<$ra%T70v4)xb)xQ?wDJM)F$Cj_iv=8cjK3HZROR)#E=Ha3%
zQk-R)WD)i**|6Ai)#AwIRxN9G2if1WB4>J*<ru*s@XA_7rd?z4CiC*HHHBQ>1jZhT
z6xapRa&uI0-Yjwf)+hPb?7|Oa6BL?x&K!5*1`e|llDZqFu1LOxp1wr~z9;HFAsIYy
zJ0xAaMdo$1^hSK48%;d>G76N;JAz5UL5xTDFJBqmh_A~XYF#c|N1eGIZ5{;wl(TQ|
zNer-I6v!AaFx(8WKh@fh4)pWL-QFMQYWlSnN^=n$-g*ATqY>3acPwRWZMiqv@wZ#@
zL{|LWy4lHbhudLF!4Yt(1;V*%*JIO6YC3{WT7%~<LiRzaO3R%jcU0i-(C%RVAV~78
zU#y&OhFcl=nA?kMPUZociA{Uy*M{7h{*njeKs}sV^7}6vC8cH8|JY;9tBBRlRw262
zOX66bRHX=@*C+pj7@8Y2=6?|g8GHm$(lu^dEohQ3j-j-^Y;_Ivw{uF>(*n~PEpTYD
z@OoCyfV{q7RlWt1mLjEB>6i3Plfdos2DADzwC>AGVCxxX$#*Q3EO2Gqng?&oc4V}p
zuTwmQOC@iLFp6;D^QCPp+xd$hiX-uyW`wB>G=IzZIe@bjPXsP88DpB!C<My+r$i^W
zX|$0+NtyUN&g4THvk78G<DMyl_Yz_zVF}etWr)VgBquscBJ3zf1J8N3$Oyh_Mj|6z
zCCkIF61D(_h_i!DE;=j9&pJSwbKj?bIsI-`%mR#x*++Uj_5!M&Z-x56jocH#2-m4F
z8g;E7hnE7ePQp8J5P7lx>MI2>&4C>xKnawhR(dCQ)4Vg{{DErvEZX()22e~>EMR3+
zE*0TXP!?O!9x~PN4kDBriRA_g)qzo&3ENT6SeMV${~HLoSmWD&o(6Y_*uV`1v+@~n
zl5nMI*0qwY_~CxcwOq2#%EVg7PxF5<hH96XBuTHP8MB0`zj$k)N#tJ!c+R}MYX?{v
z`#!-#X%74PSY0c=s%QW!*|~U+Q7xX~-!lVMpA|hvVR<2GzZn|MUtj65&FxvtM-oV5
zq^A+K;W9JSO3H^BjzQYWg3==b4fek_vMc5XV~;awv|*0%<!w<C4tdU%BT@1^JY?7W
zS1eHqGeFNXeUC;-0cxd)YlSOOUT*q)tdiaP-p6!8=+skDe0@SZN5?RX?>N|Ygq2Cy
zw77btbwplztcUuTil<MFKN@4Z=y=l&Vq>s$KErv2WsIq+O}929FES2NH~o8Ih_w;i
zLQi>5?JyqGbjTFshc@A<&(nL@qHm30hN1=}J}m9OI7va%s-_svCDW?>bITuP0|gI7
z2a)b)l~@QJqmwqa7N1TX>iU15X6_Xg7h>;z;ZW*VG`}XT<WPA!P8KZFk=d(ohW1v}
zVUcl;{q$k0k~fs~R|LTrwrX;?o;C*SI5(!FlLmeo4MAyz@4A-~vG5z6YIzikDh+;|
z$so;V9({E~Qo;{CQ)#?@5%W04l~9P22^(lMA!c4^vqUhy(KS5`GC9-FYIl`<4p!oE
zwIuXKYX)5Wik*V%rC{;Z`wG;fNh8(!ek<mOS8Ps3DMm8-Fw;I7E|xn5G~rXuV6Nio
z`6b$3%0cyFgW~}Pp1Y=%Y`zZ_kSe<enTbQH#F~U+JE!s-tdj7i$BLa`%&HF_RX8b7
zC^)f$ij*WouiznQZIKImVp|jel;hKv7<BJ~J7=yZ9YRD5%sJt;@z1N9qlp!M#8Wp%
zOSBi8EJ@_rex$w&(A;~E8BikD9L=BPA^<LD5qV{C4@{Qrh7+z7JC#b=Mt>y$bt@W3
zD3hMb)2P-HFegUT3^msSz=zRi4V!M?o5-7%)W(E3o_;@iRz7;0fc~(#nI+D}TRU@^
zP$4%g;Yn8Vhd|p>xHq+-hI{|!LK^+h$+PyuLkYMHr@`G${G<<SpL$pbFO@BrgpYp7
z&gk0k(#&^Z{`6hN@w55U)dq=F#vp39l9%m=&bjVf+>my<mv{ObL2*JzQ&pamMP6R2
zFh;rUzq_nQu1EjI4<58PeL$0#DGQ+;2eG<n`9BxucPL6I!ZT_AXG3F(dmlxQ1b{Be
z1EVp-D_^T;mp&(fgTTEylT5H<<qprEf|gezyi$}IWX{_q9upX>12Z%~i?;0+;4OQ<
z=YnV@2cxT~fDk7TA~lWl2g_N2>(r}TkBKq^nav&8h=Zi|Ddiwj48Z<Zdu{AWD<CU*
zd08M9P9S}UHS#`3%NEMtWZg+{=I61vUW);HbRrM{wd38s5dYuKmYZ8k1oX~l>^E3q
zZyO1*qvpL!$oz7`-Mgz|E&QgvOc)cLy<6uxbk5kd<4OU(o?i)5jbGU*^g$8_bk7ov
zX7al3i_WT)5Y^1d85jUiBSY)r<%Sav#5kYJPh+cpjoZzxPbCkBe-r}L==|^{=#3pF
zFUncmr$^SDA8c4HD+7(rQoGgRXbVou2=L(m2en3AP!#p&MbC~8Yo~{S(s_d^2<zFc
z&iv)$3)fV!Udi9@WX+BjQiuY4gR=(L&nD0tzV37L_FTTul>QpsyzS6-e(zn0t4mpx
zjnIST%cDOwhp4Ltlz9J5w==QQX@H;#bIjKE>EzO{#pC14{lDFrpg)ZtN9S^Te-768
z28u*WN`@GHF-$oYxki5W?B<dwIeC=>4mjk-LxtcAXxS@IA|Ojf-h8>0R+0T}am3tv
z{O4?)@ggWWsB?eiDrNjAFmZT!w42?m`F;U;r|!UJ-L~xYMzHPNS@flqqlZ-M_606~
z%IxOx0}y1H2P^6g75u6B@&C9u;b_EC&FdSA`(|J|b&`uVtE6!&Ht+ZCMueJR2#?hw
z6wPTI*N~G5m1?+|@XJU@%kwK`n(Q*K<H)e!D`on5v~|<-ayQ0nFeuWv!jO2!w~mC|
zL6@Rk#g~PaW?=hFm-t}4>wc;qW_B>*YRqiof;O_UrNI4m<M^=H8cht&Cg&?=qzV`1
zP$>~sNQQpfg~W~5rSVpaaxI|-tO&L*xAFg^n0;BC)Ue{?7NLtVKf2pm%j`7&gV<Lf
z$M4Jhygw$@BNY0As{dfZbOn$7rwY%Sk47^B!}m{sgofr=?ujMy*BlupGtIHQ<Cvc%
z(SP4~ND2EU8~Yqir?I~=2K^?Rql`32@&eYdndXGQTcWiZ-`;@RW2rJWO%5SAmX1Zm
z?-Ue1BJa3LuNlXKA9h4|f*OFd&H$m#+^A<qm(sDQ00Mk#C{ikYkd&^*?~TpfZRY>X
zI18uE&<Ar>9+SR|tQ(Q4rIo<XoNu~;@fH@%hEX1j*@CDsc0Gg5+Zb?P^1~QgB~fnF
zOuvOzcpC2nIe~pn?lvKn5F)v!0Did3u8@vDyn0bM<3#sM8l7w-KF#|BG_6jmUEOGC
zBQEgZMxwKIqYcp(t0{I5>-mCBobDTq*93mJaD|d2Q;>WFc^CkJ>>cdsbVhe-{#Rhi
zGRBm0e3f38v)PUkqD|in+cO(7{GGEEJRy?m&J@O0-I&u~<A0QqY#gE3<6xg!12sEY
z%wMswIqr3Y8jS`@lZ41aHWFq>HGc6mhs-&5DmG|HePhqxZW+qWuKPH%uWvjk(#j&`
zD-&e!$?o`{`)CkpkF3g%6SlAV9}r37+x*W~<eQ3&%?@CmUeP(^kG+isL>B+~1RF*4
z<dE8$jOA?k#yw25yy=ZfcC0(-Mbp`we;wu+t)I4k3m^3r+2g$ba#V*eGqE|>cgwum
z_I0vZFk|#z!Uoua+v)R317h^Y4XjAa3EoF^b(5%#mE4%XUH4{o@#Kaqv?WTmIviGA
zxe1eWwZXCrR-7N`rAtd}HX>CIV;U+dZu5pudaYp(lV0<Wo1a<_2rmv<&wc-zu=wys
zja}-)cE@@~BMAfl8oa<jWRYD^YbKGd%}K^+)O{mR^OahX7JIJ~xoY;2jaqEQlu(Co
zt+=LfKL$~8J(qx_kz~45`MtueA0PG;|0%S8@Wn4=WjFJC4&+ZKZt9AqOg1*ITQ}d-
zVpgg|2I&R^#RKrA&EWd}9+?F|lr3p5AV{z-9<{6tUmmiAQusaLNB~Y8VTtgB@Qg_T
z{HS%hs|!-vh8|Wk^}%1@D1WV|JqJ@CvH4H~oosy5B>mj#ryZCzGd52dWAiGgWI`fE
zE#lPH`>&#K1$vPb<k{_X3>UU(5V2SNywf|wi(J4>&H&eIvL+fE%_j|co@Ynr${6D(
z8m$vI;K+2sm{654J1f^RoZM`ay8Vr7k#uu>A!$bI>x5}%(`Rp`ofyAdsi!lKBpR~*
z9oJMA7-(+!ZMcsV>gmQ;%?gW8`dWF!RS>KhQ}ACWekIbSDB%iZ3k)*ZTbrQ3>P)TR
z2zk#=6Du<;r@cZ!-z6rz#L-Gv5#$#cDvgzHul1YUBQ|(ecQ+6R_EI$x8HRrdGsFQ;
z{3IIdYqO+6(anGx5`h@zONW{3GJB>%5*5rk^#v)eJ{L<V^T!Fk%zhWagjD8O;aD`v
z19G7CWUU2yvC8VTf+d&QAPBvrh9I`=ZeRGWuVv~^!6F{hc{=vj`l{~?b6;V5!h3pq
z?*pUx=U3<-^HNlC1rlzo?tkRzq`3;GO$-*t*gA<(4s9idOJKU%LIaqW*0w1kGu-#`
zD6hibt|$1tp8-GWBE#Clyn*<}DY=#&TcmqFcDV(Q%swVA2d3@v2iEToP{9&mkBQ^X
zzF(!^R=?8a?j${0;cCnYA6C}{_7UtvMFU%k;!uyY#A7@PL!i#=mEGybnpZZ%SE#sI
z=^~!yvHCt5<VqtE!G{&Cw+{fCN9fZ%Ju@AY$B-)PW)ds)A2W2bl1i-MOOHfmk9lHt
zh<W(K9rEVs+kLFmqkajT?04S8(G0zVuEJRAVEUz8W<p|JLegLOz5`iJVu5!Uv<X*?
zb$Bh#FJx8|HN-S`m_Le_Nt~48orsZu^;)=;N&70*w4E_f=@W6{c6Z~unI`;3bsX=2
zkngURG77ku>3d8d*@SYgW2zp1ti40xuHH2#M<VL|BxHIr(3xfuq8#?k@n7FnBGg)J
z4&&v{`_c#7jP)J~WE>;e7F<h+#&=Zu_7s9%z3nQmKk0p3gLOtL+92L|d1+SN3_1uV
zy|Bw+of1ZiOLXP1`V}n^NsLFmQR}~5iAy5En9@?(twJNu(#FT~x%0GIUOaoV&PMbN
z;y)T8fajHL=B-c(YZJz9#=-9&^uecEx0&hC?Pg)_FMXF-h{P6=kDA^ONAfejOi0Wd
z3yWV&bH9q3r;qymvj3`c?E4Enp{qnwMJTa9eaee?THlSEfpTlc`bN_JtE99T?s`_F
zXnRrQC^)NFBTRU2rDulgfk8ueG+eg#sFZam^@x(bjhfR~OxV2Wg&DE&gCHs>{&2Pz
zqjt~xzq$sB@D<Ex?DWbZYlY*ohlGq0R5aTCc<1LuvA~u$vQxx@WuVPyi{0`<kIq-h
zFozILE|Ezod0&saV)22}V}-QOlt#Tn+SBY$IqL9cJPH-@A(0b$Mia&qG!Im3C26ug
zaPp|~t5dSvqa)9DB!5~^q4b?GFZv628)4;^;|P5u_eWZR?AgMhX?<v*pl?~EaCT>8
zi}Avz>AIT1K<iUn^@@bKt0k&8&>wKwRhAvmO2B5yg4QSEMI{TDSkm5#5|!!mdFLxJ
zAU<#&7SjAN247z-c5Ay^g3T|1E5YT_)~~ws`SNZy__&Q;X}{XmQOy|6W${^}l8rHK
z{lq;-b~AR$U0aPQZDaC#pAw|s4ldh}*wF}#%q=sEeoh&3T`_u*<uU7TE_7XEY&S3h
z96+)!fM{T=`9m`W?(;#zhQYsl0Y0H}X?710NpzYiZX_Q<G7siJPG(flfHR9~r|#_E
z(Vy!@bihsb1+}rw5vE$p%Rd3zBkRFS%Wk&{?O7~06Z<iCX8wM*mol<)T+AiAw<6cg
zOMyhatq164nXbQ@A<NQr&_Sw%wMjR{zkYrfcAmNZlMAAE^kunw3mm#E(7Iktp@P3s
zqqB*=;YP9`tTjy!uK$CK-KJiL=DQsK>;6K2<GXgZQy)UJl;{Bt(5`)qY}9Sr4~6L<
za_1WeuiS?Hl%eY{JH)SUW8Q_@bKfwphmOhZhn|oNoiV@dBk_12+K7@n24`<K4kqi{
zU&gPOcjXF>Lpw*`H2ll|Vgc6RyOvw~j{-v$7po)DE@Y{}3IcyO<m5*4jxXWwL)}U?
z0=tjlj6SJ$vlhv+<`Nf8PFtWFb%=aLmiRt(67kD;!#iJP5-s<JPuY)@P-k|Vb35&C
z@Z^enMzTyB{hJ?fuiPaPk8`fkAB>JxGDN_~ye2&OGwWdtj?TvNwH4|gCXy=i!-E$`
zuq>90gvTP!UnkRDS^Qvofg9g&uwKxFILGk-lcresY~_<x`P<F?#^i=~zy=K_1h=zB
zwf&1FZELxbv^^)S)lC&uq?<4(PTyD#m~yPCvl&V^DLCv%=9MCF;R_f^<78%k=jmCi
z?Hg4pqwDe)NWJtyRHf*2X$P2avRoem70&OV{5CjHzAUp)nR{Nzrz_!qX5!hGa~+^G
zw{+2KAQnpUfgKXhVmjhXJHjmwF*mfA)2piUy45eZfh{K>t~)}sdb>G6OVJ!AQ;F;O
zGD%azz6m?!JE$~Gy83HyPj9?;!7F%34K#}mdU(wBqLLz6zmL;*z_AIl04|w#@|b;d
zagt+j)25BN<zX*2yZQS=XZ7Ug28{(xJ&{i<1%Q$HaMP7Xl$Q$+bE_6aQb-&Kf%qoO
zW6_@nV4hgk-W+UW<4MSh1#(gOlR`{IpNs^s*0>XcpRsS+WEoJOHC!`+q1nO(b~cCT
zhTlo3Bqy1o(IFmzQi-hWdrkH3kmm{I?hevZ01QdAe!&K<rqc)~TfmeCY1R@RWzpX}
z2X_?b!CVL!5T+LQy=l$f#hMOEQDPPvrP)B*>~NvtJwo+HOo1{t6nKD78F|2rS7YJy
zH-Qp)FudN6Nr{-2xU^5RK}-)R#7{p-pkpn00Wvb}B;_N7?+8^iRVx+}lAMcopjn^4
zPqTFUD#j-wzD`j=FwVIls*h=&=2|FKV)8RkByyKX7e?oTnv<@d(lZP)-3J5&3N)1W
zu*LTk$->z6^w?G*PJ!hme#LB$20BPt?$u*=W9bowWPEz|GHr|s^Ap0ER6r@z3sWGx
zNFJwEpWt3ROWJGhiZmul4s04xF$3P6bvmr;9GV(w@7fj7==j>Hd^rv!G0sLC<!rgV
zy+XRvfJ`NS&!NhMy<j;TCF1)q`X|LL|3UWV_J-nd8@tMBBh4JWr^w4ONyNY)SU-kl
zus%;bnF?6Z0&(Aw@C=-S+j3?7$kueHUL6Hmo)R<p3>DQ;4W@(gk2aSIZ<RmL#5dsS
zXZGV+of=Q^JK%HiOl2z9x%-DiRG83OBQDYt_tr>+U)wzY-v9LG$qy$OZO&p^o`bb%
z3x0h|&QDQpLGZt10lMa>|H8q#w+2<|1fz42#t>Hye2kT4=k1Z_07K4e1Jw=FC@!Uj
zZBa_)BRfM1Q`%^crx;*8i_tsnul@(qJ_eKByYf=+C^!4_k%yq{R7gqrSDD|9^gMD#
zud({6i!dl6&EJ<H8CG_2WAw0h5CTqRSEHV;$}+p2JQ8fXUm8%H?4K6gIZG01qHK7w
z1e}f0GJWyZPNlSUTxuFGoERA>h%UXroYn>dt1gf5l7zL>i)XMWa|5))MIraV)v|Cu
zf1(4f9qc;43pSHIAzYQG2o3NE@jO)-4Rp=j`!Vq`8ntK7{=^YWOc{9pa&vq2vF~xk
z3-5*bA=^Q9?yR<h6~eH7dE)vu0CW-{V`|-0GI8eaJ!k0moMb?M)2)7w<42Vk=Oth{
zxxp+CNZ_SbZNQ-d|K{XQSp}5HT9Io<u|F>Pe#l4x8?34w3$eO{Q`hX=c!H)VX9CaZ
zp^G)$L5V)_;_PztWS8)v@+S>uhbLLKXj_cB4z=vd>}~YF=0B;f>6DVf;~uHSnz1ea
z7Z_YDEQflHV>gpx@T-|n728)QF>|~OxMl`DzToh}I~h!ET1N|p?ZC`dUjFwr5(Ykl
z4Pcfb^u-%mh<TU;%1>uk<@Xnwy3_%{p>=6F>~C??^XL0@*B*jp$rR&c@dJzU?5G%R
zD<7{uxPH@_RMM-M1CVC{Hs`p@`wyh=EW~^BzlBt0?o>2Wb#<|$UtiV`CV{c@b#Sk>
zD&9uAd0BwgXb#MAC_WB}N8G87fBV(&$?yUgQ)O>=Q}?aN6Qp8F+#Db)<p0~>0`}q@
zhDGby4d5WA6fk|YX#L9waI08Je*temnoM1G*r)66*i!9zgjV@8gg40eSZ1-tHWNEh
z0i*NRpP#($@D4+u<+z>NU0kNQmJcHU5F4OYUckjN1#?@?U{L-w<)>LeFqf5AV6TuG
zPc<>S5g6ROF1$#VQg%V!dUB$=KbYLHoN<jl?>^s=y9)JhY;GYuOpG>mI$hg0lQz4~
zpQ`wkGIKFG61pt6{$R*9W;M8UyKQj*7iHtJy8SSqB}Ak^@Yw8CrwG_E7!O?v-Msw|
zLOl7pGp6Be`S9#K83b5ng*&_C2K>%%#BOH=hqh&E<am#|fv1@D2wjhUa24no=#_)A
zfqTx<G^fOS<R`x3?D)`~iR2R=4&Tw=r#niPDoBN;4b?UvPfhkZkqy@gIhWlFvFCp^
zG$)LKKRHaE_2y;vY+XUusK<n2Z9Pop_wAqdZkHNAPQf6Xt9)d5zpP(Fs=61BW(5Ez
zLo}1@%bZynnyY9$Qetgrs^6nH<W*Rc)?WGBzE<=^fRb6?sfOl&X<k=4zLiN>p5`Ib
zSn`V(wqfqO)2Lx2-Gm<B>hxY`Uwf9;JmXI-(SS0qt8L8l_FpfJg-|UhpN5tSR*R_3
za^GYPt!W+xrTkADWnQ`Mbsc4T2W4WTEe-mE2%&>WKS*!8)<{K+`;n~I-s>msnq^=x
zY1vrXqBh$H=wsKaU(b6L84~v_N`>LBLX`xm4q`kT>#gA>c?7CCwyi9r_a4;HS49_%
zhY9o#G`{Vtx9`B!_ZVHPj&ZT)Ke3D}nQt;A2Tos>07)94&LLj6@sRY{;9e^;GRal*
zPDIyTwrhFIe|$V8LN^OvL?MMO_ST%_0_IXr5$F0N)+XENSY~G|++qz?+iH7V{*_lA
zM^3MbtxbBDWKK_qf#JYR-Rug8R!72KWhEHpY-ioFU?px0a*`S8Cm2ihkqYBPN)X-<
zhydU4;Me~kby0fnvP`Uh$&7>jRgZQD1$br!9Z0tX;<Harb9|c>0Uj6H3G)_;c`Ib5
z*&$qVO_+pO!-|9Wz77b=bWUgns(5B3G^o}i!EG#Fw=mYfV-_uCY!;Uq#umbOv#jJ1
z!`^1vPIA_aVO!ppWjY=%(K-U9^c(}S8&9ciu|Yyp8a(ntepaKc_0~2xmoPI8Q4de%
zq^Iu>VHAo}9oM?*377!GcdiAq;qgDI8}hd#$u(7)9_kJ9p^ZeJb~WoKFru54v0CV-
z{uu~uXQAyl@Nsh~f?ulep(j09gvdG7ihsC(u#L5CoGmQV5_Q=%=PAoptPe)aw{DFJ
zR5=69jm)cET_^2KOylb&GqR+jtl=XLbc4Mv35*j*{zo`ri7vX&sO&}tOryFaqA8{C
z$>G4n6W%XlF{`%A>?^@UC#8FXHrAg>;CLr`P72{6GhRLpP_3_faziJz>@l2J`Io1D
zyR|ctG42%in4Vwd$u?TvLog(LUt`U-{deqe7~U?dQsG^ViZpt7K#h4+;0cayspMws
zyk(0heW-qEK&@}=Dc(OQUc3n4K4%*~8!)O$w+e}UJpbD|_UwnR1!?436ksyldhe@v
zPc<t&CDQpA(`M8fL!DC5bfAr!1XD5f%H_DM_r=c_`SRFfvyYA;@4duOI%gdv`Ma51
zn<L*fUk@Kd36GN!Lv{hkL|{xrYAqTBK=b#pB4^FCXbrdoBqmJ5dl3WA%&uq7)cS#R
zJaFe9C%K`<sSRo~4l`mCoNgDifY%k4bR(0{%4(wm@1ZL5B*{|Rm>_G*2d^38^3N;-
zDhhuUSG@yDn~jhn${2#7&1r_W6)z1w+8hyv3$G5j8^8W>T%C7)jD;5+>{#+nkKs4X
z0V0OHVn%kC1&!%N{K*)qe2h5Z=tN}xm{gH&9xk%_tDmcYB4+=o@Iuc?3}kD7LggIC
z+wXi6?52I;uB`G??M3E4aIBk_UH2p-3)XwvAzPhyP+v`9WSZHUxY>a%$#Fd+$fSjW
zr{dl7X7gBM_R`QLTdQGgQ6_2QK&wep#^~MtmECe<``XDC>b2d@XGCCNu5j3Qw6?6{
zF=f>4lG{09gC^xcnd{~A*<TF~pOB=8nGBTSJlL?IO&4B&6r(qa+<cpgUpGWLObqfh
z9=@Y=cJ8kcx&VS?3t;fe>u_NS26xVnVKsCV2e(8bH`E|vVpc2;6|;1KojtU~W$X7E
zqU^6~c1CHdo-ol}eF`5X_ZH#V^Tz8$Vok-BSYx=8g&=iM=s46Mfur<H|1JsY@8RL(
zgRfqQeGF9S{CTq6<Nn&wP(Qr>mWMlZuk><Za>ye?X*?C>w#gZiP8Ofda3X|4*`ZvA
zj|Wel;Z<UNTC}23DVN^uwoeRk;!wTPgLQTdqvPTjqfpPz#Iq#k<WDr!Hdh@VX5u8B
zfDlYCFs~1bu<T_G9qExB*4aR_21jNAO8Az&naAl^d#5bWo%z#A_0%QXFomGU`^czc
zUk!`8jFyef1v~_C;S#O<pdiJ)PA!z_v>DTb=-mVf+N%ha5>A@7`iE=p-CU(Fzd-*e
zR4bq~?cC`cW_4-`8ns$MD~V#!5)?~+gp>!*J|o87tPsfVBmtkgL%$mJ=jlArno(&*
z#`Hvo*}ms{A}li@k0wQ15m@;(pvMw@3SR!xcrrN?+O{}+Oq;7@#Rmk)aM?m(@D{lE
z){pHc)9v>@XF}J3=UiIz-AI(Avl=y(hG5EBjIUqZB~SnLTVdhg2|t*``hp5vC%_Tx
zLBGdik8zqxd(wA=A}Ri?V51QSY|j^#OiLg0xjRE&qjTkc+!6>V$!<$ws!5M=eq3b<
z9@ze&<n2IE`kd)H+)h`s4)@mBX7O|8d^k<DR(nP#^rODwe!2LNJ4W_ajwap``z}`t
z`^)D<=N}%G>2`!I2~--Fi<^1g=qTmtqBgMbT!o_Xd|GlsYKkNZJb9b-pv0@VW_x~|
zHOzsJI%j@jz2~2OfC-H0syuvazDv1sUQpQ;)|!g&@yG}*j-RBc_vEFG5~aq23`MMH
z+L;(Cpy9`$Tq~{NT6CqxdEAG3J)z?+8E>&kLArIVjX?G1JQLsw(J&!O?b%Kk7Szh2
zEpUJQAeX|hV)1d7zqq#U+dWYQx}#9dMjJD!NYcOG08GkPaxIGSlBjfC^M%2lJ4E>6
z#s^Ik*7Gs{A4lgM5B2}RaVw*2$>{8vJrX)IBV|M=Tbxa@&&V$G?3|GmWgbE{A>+<Y
zHfL{fA|vzrd;9&xgU@~LJb1Xf*XQ+mK6}-)s=LlAUVRimCGV$=1}De7`}xj*?_a0|
zKgVD{_B0<8&dxnU4Gq;(P8oYjs?mL<gd_i@4KtuzBztwNr-!4ad^9$e{|N(mB_p06
zL*8`rL!O7*TF&=dGF8w7O{Xt$?W+*K8-TZAa$t37*z<*QNjUI@%bNslXn6B;`#fXx
z6P4zq2L$EGF#SYn38v$k9I`karFo3T1VA*Wki*l(*YGs~d~d!B$(MFR++NJpcE+><
zQJ|lJ+)v8(bJKG2V~4+E2=&tfwVVX^l;&Rq7TgCQ2ys)p#oUk&1FA0H^YXrwJHmpp
zf^BS4al7YpBV3&5{^YdSHmW38-NNdLyGy)H?d{D&x6=gm;q~f{YF^hdL5A4L&h?<w
zT`&XB#nQ|Xzl3)0?q5B+9zJm+Z^W70%w}C+7@Dk^y@Ipb-{Y!p$Pt7zw7v~`%=#<{
zy>UQJshm9(`H+e}b|tp})h{oiFuA0-Lp2b@<@M%DaPG~HYnb9W>$(!_t7JKF(eTZ$
zma8|R%YV=OWZXB-SB@=#|7wfj%5--K8k`JO_z!P(bun&-SoW}=E%OQNFI(bO>^}=f
zf6bM)nh8b2e{JXe7gPtn2u0c5lQy>RL!Mm}bKjMg6rNu0eBbMTTX_+9(E27em(_CG
zGVcNo-gZ)f;?OkH)vbfO&{JxvSy^&VDp+*t_R0a<htsyGQ$@<@)%}CqPV0dG@cv-G
z@*GE@L;NeS3aXVK(SwJVY+UofF)XMjcwOQd=0(8qk!*CDvv&~ycggbjk;C$$h)-uY
z4X1b`Tu0i&am2aCqlNYNADKq{nZ3(9U!1)c7cNA6(-<4XI$ZC_v99bZZ!pprd)uO>
zS<Q#hNx~4rNoaSc=QPfGHN*s!T;nTu8ekS87xc6y-Z;P>mg+@12yn+5Hri;e-S$gk
zgPjc|hO0Ka@OB5{*o;$l<LeEcZ_2~MNl`G8u)->2`{w<3K(tWC>V&ZWMt-!J?@VHI
zhX`5#05;scC8J@?J*F@3`@GkN38Rz`06(hMjoa<tJ&?xOe*5`L?s@{%4yW|eGWUeO
z=r6VYP2!T$H3C*p93PqaC+&28y6TSuila}b6i$XqKSg%;D-oq|A5Do7R4GSyD^^y_
zXR7YG!1c#oszjJ8kX`vqjc5T_%{=D^8X%9dt>^g-2mmRvuS1o!UBGCG>2+0%X(?b1
zb2_@kIg^m9IoXPr+w8_r1A{tC!n6B5wGtiK2))z%zTVk-r7xfX1Qy)jc6<=ck8=#h
z{e&7<QDdmJ@N5lMC$L4z$h%DPj_(soEHH^=5M2c!i;$xisPj+}1{#2NkLQn2ac}5r
zE9Gt=!;1DJ>|ik7CDM3{0==0rhd?hio297opq!|tUUJ3N+dYYZXhPZ)$>drgr8}V^
zE|LC=27&)GlUI<BAq6yMFs6r?>QCLnaHT$xYNgignCw~#jeQW2;awW&c_*^(=dH(N
z=S9?}FzDB|^Lnl4Z&P<9aKF$v93I;&NpzRU@9L+qB{Rl|yXzO-Fp26wZ}O9Dr`&w?
zj>I{?`q!DjFLT7L;=J_lQQQUw{Oshr_yX_5GB^lK$E=i-2fJ@O60xU}KfCkvlLy<;
zpqN&8{r0wyL^#@j<FTh|2N~riTc1NroUl@e*;ig)i7+YV%GH<(bshF;YU*~zae{}Z
z_d<PwkCZamH6`;Lp5jv)vD03a%2RjoCGgOT6E*-i-^-sp5=1W;YGTpmO1b|EDDX5m
zH~Z>RDtXk4%^PkQi@v<GiJ~uTG1@N9V>o*Lp2ozw(3g{+Ncp|4)5nWM-OV_BJuhut
zG8)qx+C<S!oQNls59#$yUTeP7*5%msD3zKSgV1Xm`PJT5j}TH~305{3hpp+N)I-us
z^0|~Kx6T|DoK}QkvD(4{T>v+Oyib4gOF1kyUOJHGqX}b9X(7NAb0P`DP%{&pU<4(o
zLZxDXr|$iI%0IT?;m__xQ#HUNrlVK^ScXZRABW}R_AkHwe2&SSLNh#cyIwxIiHZYX
zIjHNj3wHxy7CB*^E?6nGi1T_-hybk3;*Y12<>X`#s$Qnr7WYU+gLiiI@%K4sCnD}Z
z`XtK{9F;cqraK%7Z1<m-FltOJM@N@0lUh9m)t>eiQau15rm{nh)0uWDJdc`}!B6nK
zLkfyIjkr)Rd(%#r7Z$@s+?wX%?Q5};Yq~VqUTBw}WO`C9KEn<K5q->4oz#m_q|SL=
z^>-x@Gn)?vh`(_<SI+ikWW^R|Zbe|hllFChGb`U^n4wxb%Tm2VB1PfT>B8(tQJVhH
zDm=rl_~)mJS<}~Pul~bZHIQ1ccd#YKhsz;fvm8ID4p%6(?0z&En2oHt=^k`TumL0@
zF|g<3MLa3qTeCCdgwMmzP!(VX_1HF+p?V0Qifg_ys*tP~3a=i%-X;GC{b+8T2_lQL
z*Ol}!*N~aUer7kW<kah04}M<IOyq%)vqgDpJ}I6|Z?}RVh$FIFvy2#HLIvf3@M_|x
zgsRE)hUqTU=tK+>e9fbI(KGQ#M@;VNHHeoYk1$%K{dxxFa~y(!r4lhMf;AC{WQf^Y
zU9O=m;B3|IcpVW}u@6DJB|8+`ldrjXJve$X-w&fQyoSO&s52t3?j9t)UMYcIQKEG_
z_1p_lzW*~~Y}0|9ynB0U2KGs@2q0u&--qU3QXV$}%apu~%Pdp0H~1Q84@Gm)5FkJT
zl%PH_N~IK=dab|m@mcEB0yhU(nJ9GqKcE8#?IW`qf1*C{$hW3u+`!d@0fXzu7}uKC
zjUe6zLaQDS)ljdxIbR?Ap!K`!X=l4X{Se4}b^;^@VRolN7TQCimi5Q7j)Y^svsbsc
zrX#=3&b05n*@&3`c?5U05hJY7%-%RW@y=r7I#@V<`Hx`{8nM@SwedEX%?Y~dPTdMo
z;7iLLRrDXo*&DdB2aq}5{jS~Mgmdx-?hbP&Opw1DGaUYJgJW~o>+0tf`A!$kRW9oP
z4h1f>Vb6&b<~z=PCH1O6d!}otb4Jo{_UNtLe|YzrsC=r;d*z=Vdf6Sg&0U1D+b1<A
z)=o0DU{B;v(Hz@^d?8++3jrm>{*?DHbbC_dp#)3TiTu^N5`ig;6B8H<4J-PR;rN;b
zl+$0RG|QeRJ0BU2GT|bzcJ54&&t1HHHsEsn+UY|pEObMFvB)Vsdq!dLE0YGVI2lMr
zaO$$ON<!&A&NymidP-2J5nhHsb(5va>AP@6Z&P%85{l@>cHki8C;CQv4A3LQO9M#_
z8hxXSTaj+KkS9K{8RF<jue*&|recgw0-su)FtDs7zS4OVS1>2GlfL(aYg>wYN+nWD
z=l4kz{SouBZ=tAHKh}nvpga79K0{UfR_AzhW``D(Em#EWK?I2n<1ZA2?ExxnP+=Rr
zTULrN+Fs)5_PCZs$HD;RZVgsDqSWfsJWtUG>_E$0VON~7PFnO)dTRzcSmBqZVY;QE
zjTGgv4jE#gtwU@Kyi&!Ja=u9In(#Qe8yaCFo?bjMN?|X&lkwYr#e|o)CT9^E?qY+!
zCt|4m4A=b3ak$<i8S=!|T`IgSYw>aA<&R9kXcPtZMDmrXIA`cE7-XuS_?S0P6KY^I
zUeXyUY;Y=}M`uo{ZFlZeWqU&B{-sgngxxK*20JJjSv!pf%wJ0zGJ8x<18Z_U*NEhg
zu663e!EpRE8#+8P_xy(Ig3Kxj?Knd?2l)TVGKl*j!BfN5J@_A<H_$~%o^TNmGr?P-
z4bPIttS2dkJriBAr3b2t^zI*f2XGHykSL<Yw>F_Dpr&$%ZpbxzirCiByJ|iccP7Ew
zM(++BFWPn`P8i0lq&0Hv_j3|9@@e}D%l<~1u1HL!b*#>z-oE&3H_6qa<42cPeCNT9
zRO_m=2F%(5mIzKu_?%E!yy9_SJ6cj`K9iRBlR<@LfMnEM|3lfM40rYIGD^Sm_zOy%
zuE@o44riv?tomv+U1J=fSb5MB#7oKV!RH+E?E^~bdDUZpHi+Cu6C$<tC{%3SvpvqI
zL-6_}g7pkRzvh6*Mx);?>dr6P!p5~$Bstrph*qfGI?B2c=bAigzF@f9;h5PIFb!#T
zr*}LsL`n|d>x$rM{zjtbg_v4H8Y!WFuN03sA|>W!lktzj%uMKuH*#>skdVVr_`!M^
zxqZ`cYFi@jGy3Ae_+YQZ#WOXsm>Y$HBv`uWVb+GsQ-MJ+EXsBK56`iJeZqVs%X8QZ
z0qu<}>UL5$nmZx4<U~aqVFzBrwto8%)7$k(%)_u6Vk0#DhBi+-|HGqmqp-Gl$m4n5
zm=)<N)E;)>Th2ISd_wtaH6t^}smDEgaG-;WmvQo!W~vrU=m1kEp{kf!C?-wmYF-Ur
zCtys+WgYC2<2p7UNg`~UGmebpUkjD4aCvfyTW#HTE=|W^k`|)N(1IM}DH*#sc(d+1
z@vItlSpaFayC5h*Y&55%oB5ek9LG4u`r!}WBFuvGo2+e-zA+6PXzsBdonstPXrc$B
z{0|XHq#q<=UJVf`#_3doSWA+X9usoBcW<2XF_o@x5&*9*;TXe4MN6G!!hP5GvclHW
z48i-J1`mo4MkRD*ig2ONwx-+kW<Z5))q5Bpl@6{S<;dzpdE2*1MzaG9_Zt?&QO16`
z_a5-@L2|A7bhvFIY_%i`-mF5fnEBAeTdQ6g-_6WyT&m(bA`lySK<Su2Dii5@LhjL*
zzzI$xJblDkx;38Em?Ju4S8!;sU|93>ZgXqv)T-rhhvUPVlbSwCwZ*?0t=1Hye6(HL
zhMGMRaE~rPiW^IP1ColpwS+N0c|#}nC^)=5WsACROQ!Q2^*7AOQ7P45opSR^Rhl3(
zTfgB_h5a$1pvi>#_fvlin5(f&NG3weGk_VsUSqdCyugP32`9@gR^m1K!*~lA_J^``
ziW+8Bm!yNnk7+aCcBE0mo}CRfT3-MaeF9fLTlnzFMkRyeydhAl)Y?XxPsk(GQa^vy
z!SziI{KcPA3&}$mS9BI)U&9&^L3C_K3JLZqi}5^R>&jTZEg=D~k2+$wx%G=>if&st
zjow>a!cM+9bXQo_DQJad!R;0_&YTV<(Jxn`!}GK2JUy~KdD4j^!gz6RZmk4g+sx+J
zM$>LxKtnr1gfAFx%7%GBFOaIaImspA3mxi-eNWRv5jL!k?JUyH$((%bZh?pU00q8~
z{?Fr=CxPX$jX#S%B}put+{cOu*-F_nzFSElkG1crcH9ZP+`&(F`(pm6_ZiL&%XTWU
zgHeyNlaTOnIsZz#`00Z3vL*XKeunyyqfEqCOJ0#_hs=iT`3>S-K3WH8iq&S|g8MAe
zSW&|GlsALw2__|DMc<H)Nfs7@hm*$JDr)<Qqesh?y~?zX>%53&meJRuT(@~3>m0zF
z!NhXRbL0V5hj8(&-dTgOZJSGUjpv}YSXa1+eWs+<Let8(9*(@xZnZ3(%SGpuZQF@j
z_aNM{mb8TU<Fb1$_N5d*HfkPtjVA@I?~6$AG2i4Z(xnZ`f0!!e4m}{M)B20m?Zmn2
zrZeam^4)e5&~&K&g*Y!(DR-9X-#8-Atteq2Y;M3kBT>8|%}|0=Z|xoqb7Y50T5seU
zSQLBoQ_C6oa#&~mz0sR(pi_cfiw?MLrn8KPm#Es$xqPyAfiU_Yp0km&B_P7*qb-Lj
zVb^5r3&K~SYD9N4(6yB^!fo|UIhSSV#XTaZ-2Cr3azf&s9Pw7LjCl@lE_$R<b&PB2
zEdMk$81D|qHcmF^f>T>u{A{PY(}(&}3TN>}rIT=(mOH$Q%~<@vAF%ah>=)1&Foc#m
zh6*F{t2KXRa*}Y$^8ya>L{g_>H<54oePuG|M$!`G^LhM79O1^rHsfS@59RVg+D1*-
z;o?WWdGV~@KkN01_7XN`Cv>an?0`$Kp^4CCs>1hr(6}uDeh+u*M=_9$j{C_mbP!#Y
zw6N4-$Y;mL%hkVVyQ71mBs^;d`>eY>7L7lr3Vts35S3!kvn4iW6m!~&E%wyEqiY9g
z6}jzXaQ9sVTV9-xUW4|M7F2S6DbCBLXM^3I-uebjfM~FTB94FI)w&U(x!T0bCPajC
zw@iU&CSt1haEgD@7VZCzsrq4H-vo488GhS4b4#v#38$_6QE1Xa!D(LMD7=ld(olRM
zp?B>NK6_D!yKx@7xi|7qo>lQ9Y#hL7<QoyI@<iJ;zO6Zm82j;S2H&btM2|On#mn&N
z<qKq>rHcJu-;G4}$osH!p~FBnw$+9OcqQ!M)JkU6Vn@>xET@LqdY5{CPlHSxV?)~C
z?4~a*v&H~k!=iu7v$Tp9?pz8Uv8^neSe{NUM#uyx_PS;xh+G1~q`y{PYz*2X))bvr
zFZQ<f-XGYXT<8ZIZ&@~8DE^1{B=<E={BH1?Wh~m0&V0`{ok^;<Q*=&YEw}35aK?Xl
z@h$NG@H*FOjy-~M_brd5FD<X0&jyVyP&wnO*(oaDQjQ+*3V_$8k9QN$S1M=EHZBxR
zS6YgGqsI?hC;ug!1P}(#ki+YqjW$-hV`v5*{zk7p-thC2-EXwBoZUQS{SWU#UpQY~
z24c|@+s4N2v$DPb?**HukLmF{?jBa&S#u4iJZ~4g|A|M*Wcfk9nP$yS4xLzr|1iCC
zpF+pkGkIm>JfUNqt=j$5<e<4uB~`<Pj_;Y0PeqxYP;NnQGibcmy!RgZ<M;R2#$RRs
zX5ZS|Hwr;x<Or?@KuUG4B6pxM<eanK8BIw&@M_0;hbSSrA>MCCnKP<k4cU?WYK~@D
zKHBTC+%ZHk6F`QQE4d*DGY-|v9n(nsR4GJVQ4^CIOgMjc87!AdoGE+-oJpL4smZoh
zNKqLugq?Z!ZH$fj9VBl8k@pOHOY^h)=APiIc6`wzcV6fWvJ_vlg<rGQg6>R!DsfL6
zH#pj*-c#usEYqfc^ZlI{lw)0TKsjYETrJ^$YoC7%#nKcJ*@`PL>1eNd*HfEPM`j0d
z64Yh28Dq8eZ?-qQJnGF7?j)?+v0Nq{9SIi=+t+Ac)*0Ex>yv!{c}xHQR2nAQyW35m
zzOp!?VgOcAU<wGRy-Z6&Bp}qxssgq=)J9Z_;`lYHM)o0pQzY4L6R>9u4if`R%ryH<
z%NR&m_8abl6omK#=)Am28UfQRu^(-~02NB>SPIlpuUHt2IlaIEOuB{uMKdrFz8>cU
zvF+UFGo(;K)RHxc)Xa*HfbT!}S}IjC!wOvG$6J=k=}mD&iGK}BBX9oWcji`6<WsNB
zne55k24{@Ct>;b2Z6FC`<f;UI#m++70_ne~FYW_-IeY7Omrup&=2#kIJ4~%me!+bk
z+0s0;$Yy1)iXI|do8~#xu8*|KTTT6~Md3h91WA%op`?vorb!H`3gf2_)Gbaly3@tF
zFQ{(os^8~F#U%TO#e9iY5FqWyGSqdr)Kf}Smd+<_SNg(2@8rcF;*s|x$>3Hs-X{j7
z2mBDxlErZD5Xz_bq9}W6L1ktUkLz-vHEFq`As%ZK#bRh(OUYbVv>Jt4Ut7FkeV>p-
z>W-?(xWS9Jd1p>C0wF<7?4Nd6$~p}6O6ir_((bFFyUc0JSSMQhIDg9DNWIf=oOHv$
zVpREXJV~n1;h#X9PlH`dpJb_c=8S9^oe4qM0!UW4Q>~p4PE_M+`X&Uv1;XUFl10^?
zPgHf~q%1}|E8X#&1j8jGYkx*VVQ1>mkucQ6es?J6&uC{A+QGo<{6izL?BP^b1ckOC
zuslH~n-&wKjK_B|WUKV{=1g&#T*BlwXan_jK8}K*7?jgWY<hBdp-i%MX6YaR2XpcX
z1HU&lQO&-(DVn_Co6eUPuN|!aWqq?#1>hLPmwK@#jL46X+odK`-Qk8bKVf)LcLXFx
zx(gTXYdcfl!rQ?`O`)54`7X6-?lOMt!~i^SG%lg&MBN*u%(G90M5@+~Lf8b_N5B{g
z55L<f8q{Hooc7ua9yD1YzJ7Q*!AKZi`B)dgWZbz@zo?jtb!{<#EmSA*5x!9OQxK#~
z5z@{*jjkwg92V!GGZ&xLlbVDuWfycjZ3f|qs?EtMzjGZU^<6r8Ct}@6^A@t+&i=3C
zq<i(XzYAjaH>)%EY9gMmRo(YT%{;RYEH8+1bM0;@HrcEBMyWGj85x#pdk7+t&{_G8
z{a}UITh3rzlmeCXHZEgDJlOAHdT;%iUf}m=eLWZ3q*V6HGK!Q~{KIGp1wr~^(3yFD
zik6D01}TgzYZ_j?ZsE71*RQP=K6?KX@!hI?F)?pGwI6@;MFF_^^fP=rvmGb-yGC&T
zYKRigO8%hN3Rodki+d`wP}~s&;fYW0TWu*pDPRHLMHsz&{10{Am8ok>!b`5Y-W9p*
z=1eb*SNx_2r4?rzh|;H()ob_n;qLC5bPt*F^<wG4amc!QS$0JWY_z@>$xYqKj4X=j
z2AK)el>Kb@V7veS;-=RO1Yhi~$uQMqo`+=n)$6~x#%t@kKmG!GbNKXhKSZPAQNk^7
zH%0c2o!GQ}V<0Bq-34<|U=%k3^QL5|JALW(S?>m@G+5*N%YHVto>&>LsX`hxbeBtA
zi=MWpkGsD1WqOQHLe2TgrfYWM)uyx<1+&-UvtV<(!Ssy{?XVkZB4(>TD}wdS*b9aw
zvGd%ICjkmmH{-DF@;6>8$Tyz3BbyHokAPnLKfDvme~*_s*y1}q7xoe~!A69|LvS3u
zf2Ct_!i-cDKFz&KR9yYO$5rz$yF3@R+nI0y!?}u&tx>lIDfawX*{gLvU`zWCPvl}_
zLz;49wRL{4p|89#V`q~{^bH#otHLOSujd6aSc4A|9Mz?tza_)75f9KTp@#{2Ws2NM
ze8K?UBF-0b=fLD^OIGzoeBk%+Ib_9B6R+efBlaR5_Y5g3>%eF6giAhMVM8w5V$m0b
zF4giKGT(WbEwc&IhrO;A1G)GJ@*bx9IK1&`kc@jWsrLLp;TT4jk)p1pgP!jileJ$>
z_tF2jGDG4(d%Lqb4y!H|8k`W;kex>5HXx3$Z%7r}p>lIXq&e0UvLv*|8729AS~Tq1
zDRPVYad7fipROvQ0m+VcZ?S?8wkI3i-cKsxqPr80CC+p5iOJng_o4jDNN4ReA~x~;
z4}LH4s?(n>t7+n6E{^!eW1!C}9>DZwEpcZce66c2qG(=d2fU^uus*hI+j9SqveYZK
zlktW;kA#6F%=%d2*f>nvK`Bzes^qd=Jj(t`y(G>N`9}f*^Vo_lTIfUTCDBuOi;bNx
zLPL+c=MB4eBHxDNM;Ma4e+0Cs7fQT^HMU}@S@lDzH*Y0-kC;Ju16Cl-c}7&+ow|D@
zo`=%zoMs9o(WqQEVpz2}FJ#~%wbK~dG3@sC#(38RRYTW0v9Z7VukB?gHczBNHrg(p
zM_dYXo-#B0KJ=3xC!)hl+vXghqsrs}F9t=zjmvhKL`@6&9`6(!>EWtT*oY;Md(Mzw
zK-*fv=VkJ@{^c5(9di`ZA%T5q;;ZS%Mv$N67$GIqsaGs+t~^`~Y{v_%VV9=A=EHc-
zS*3i}QL+;)tObDe;Q(x#dm-;M6GgW(<0P<6cxH%b?lusyvH>-<8C<>}M}u9(5ae0*
zf(?{M|69VO?yE8KILuWkX0SpLyB2zwgC+dxA1?@m-eA1-%#ZII)sx^zDL}TtE^r?&
zEB<L95tgk6=?xpsWB5Nj-lg4sKE}~+RVB-14;t56B)XDPk^{o0Q-SlT`8<7PHbbUW
zY5(SmNWjOF-Uu6a5w!^rEP>KN3dDBqQ%?*SgD=P@n$?#9y2DE*PwWXL9)71d7)=2M
zI+q9*_8`mSi<P;S=llY;PcmpS3o&BgiCrMFoq@=NS&e&o_WKRndq49ruY1V|u(*(f
zr8uRi8i}t}i27%qW0W~>=@FB1^}+LjygE9M%TytM=g>l$QLYnTP2#-=0>Y;}q$4Mv
z8-m|Wc#=#qB(YsL-{Y{t4~KXb?9Mcyjx<3SZRGqTWZe?g`(t9CzycFqmSVyea-exQ
z2itof9IyJg^ayZ3MS`(5nu~MGq`tP^IjFU^G|#Y$oikzXW$?!7I@-7)CsUd&FO_xD
ztTZgws;@Zy;$dU<+*d~3aFf<?z>^8cT$&yjRUQA$h@JOX{Vu$UD!T5pG{4GOw()Pv
zchX@VGCieURxZMQ8-AgHlcmX)2w-LAEngfC%z1Xuzi1fkTMbu=gc%z?tjReok>H=a
zBVYm+5qPv@xYi5$U+$o;<vF8;{(;FB<a4uuEgRZ1L8l1kq7Tyv)wEQyLgSmNQyb-_
zB<2o#g^k*zjH<HgQG4%I#*M542PF6!a+&YR3N7~pbgyvDjFOJ8oKxe>8tZTPd`Zvs
zA>(-$)c0FnANQJslk{Gh%tX*8C`akG2-)mWlj3rV<$QU|mq0fNPK?>=l{K?-*Q%Cj
z)(<r-Nuu0mO|*X=%{$>S&z&=R8-N_$5%uCs(1t1#oljWqhNN!wjn4oCd=|B-PpfU?
z3QObhemK>Oo!zz8SVa}`noiYU$$j3}sFMinF=iNupOwEkX55|heOb$?qR1q0Q3XDT
zDg-|;*AbnZP)?m_HHblsRE^5+u7%7G^Y6;f;H&nyXZ`&_DN3&;p4-^KN3HXax)cMj
z*22hX;XJaKM%y~gERC4;Xu5A?U99~O&C=q>j)msmtcw%sqg^{6no~ooSUQ;*Xx|~?
z2Y)OktA85j4^VnN;Nc&3<HP4iZXP;(r3KtLyjeeLuN!9Okv{8|7V<sFmvkc%{qQ$i
z?O}rIYRN$*C-K1+HwMu==~lvXA-#?4bkRa${q1FC;kZ{pVaipyy=Rqkv)`Gl(_unH
z56r*Z#tl;y&_2G%aN=bPp!pAP+KnqplXiF{rEzzz?m!;<C^ofd0l$hnR?pz@SsRWE
zl3T`+q;UM$tO4(KcammCKculbT-J3b0hNS|h-%boecbHKr{JKDo)b?L@#8JXQ6j@I
zHa`ShhD1v|9e$V*E~`9|P*prD_K9fpwr&@Wk9QX5PNVih4O+A{$3(kBW;|NCNmH!^
z50J4L9j7!6IkDFC4CWrU$Jx!Js0_sJHiwCK@}i2fLC@rgXok$6M_o)whxU-0PAe*4
z<oWw*-OHZS_B+V|J9b|;@%(BrLUJgSffH_HmOwP&qHv63O_`e!iA_9T4cUu+z;6v}
zj)48#J^y6=U451Li8UfOz>}K9abzHsfy-!bb#i}1wH+sWMEkTf*VF6gBVH98c$)2{
z5V@~{-xwv|kRd7{s*kguS#6%;P0yZ|aj?;P%;}D)77=yBk25gS`Gd3im+!4}PHRq1
z{944!n0b2yi}VGLX#uXlpAMhfcofSq@0=9R@W@?Z34gbUhqB~^JJFHON3B!%*DV|4
z^{8q-tUM-}1B(f_Ds{q;PkohqtU_%c+aWxtLU|xA^42MHg3Y7p&r5x(#uSH1Qfn4W
zh6>@wuXTVb(^H%dZ=G>0QK7?W&Z%{_F!}qHrWf3EcKQ@DAekbigv&Vd@*07zYh7Wi
zupPrux|EMX`a}phUL*-^74ms@4tJA7Ls#uPl%b!x6bhpnB6(wddDA2B!JOG4;lVw{
zBz!{Q@*V3)HR$_+3u={=^dwa=9A0u5oW}IgeOOuyJ6Y>y7+i%AUyV|^kVa?I8U!T!
zjqx}6JzE?3i#?c&zxIpXQ;YII{$7rG7p_k}kl#1#hD+IgaEElF$USJsk6|(0!Q;q3
zPPHVq*h9o3Ed2e4?o?u};1$*GpEgpl9{QBM3rTDTS{A)n7o!{E6=*L4FZE`Y{WBn%
zVmYC9FerkxTs}I|znj&Oej_wDCVjytVxK%X+x$b>)Omh|AOF~Tn?EO_P+B(E3sLYC
ze9T+e<*Q@U)@vLL`m5CEtrxW7dp_7_^XxU5w~$xPOYJtyMide4jO_cI_?lJYBd}4D
zY^_a{Syjf*p6k#r813Bf$bEUukdcGA!C9288|SIMEM9y$Yn@-XNO|Lp2;<3#W#~D(
zV(Z%vs8bY=Fou)o-m#}&t@51&wu5=d{P62j?0#4Le!7IZR%bUXjpa-p;*aY)XM6V_
zp5n#H;sIK;>l|DFap<Cz|Guum+JNDB($l{c{BiiNBHPj_#Itv0WhiKR`*IJs7C?j&
ze9-0`0S*2*J9Uv($C`5Der{S+LG54SH@$b6(0wtyNfo`;ywcJFKScvR6d*zRgTgeh
zN)5AA_MHd*hlhS+!zYKv&Jyi+>S$IbtOiZ4eTN^C^#A+&_JyDQ&SB-qxuWeA^h&e#
zav0oW%hXALwl?aIEPfZXQtL15z>=$D<6pg8maKctQ3AuNVrTsWn0#F%x7i=_4Wwje
ze`VZWTMt~kzn+HES7h|#mjms$!`}adzVbESG;nGHIw!rqf#@YS@mVSE$6=GUQ>RzI
z{{)32WfFZqmt_7qPv~}i6%b&Btc~qh!ye0$bR}q%*n&u<Y8?y*@pT3)D52k{euZv-
z+n8wBs8&mY{GBC|W#s@Mm?@r|{hNU8R%h1A&qN3D?1){^)_t`rPeL2jW9s@u>OqrW
zj*+-CST6OG?cP?-I_`y^6&J6&;lhPS)Ii{Y?x665T9ZntXABc3tf(@|m`_&%6bqv6
z=*v?n6y$EkCj)!=<{EmS=k91Q;(A_%q`ET>zW=p~zAgrZVre#-R?p~ndP3lE4c?_2
z08|*txzeAVF`$6*x?_xRHFKiscx{lV0rW>M>u7mEg29nR3baO)(|!I0=IQ--Dy%jj
zamm8(x#6u|oAs5`;dXawR^60X2<XwQh1(p9<@XI4>E36)zHgaECdx1j7#fMFg%?kJ
zb*t0;rB|*q?HUitDPDAdT%#eht63<>NAQai4I-i}Gle!HXWbALFMay(XaWcBY9UmT
z(q8J*`|ljjY{jCH+@qDZjg9-6-Z>et%e>kZ5agrXd3Hz78|p-w3l>+2PXeYW42<3p
zXyE^dMOBFh>gj*`3w9jH$X^8ad(ls0QW^B?M(?kFDt70V<_6%H4pf{f#uQboI>5+w
zlfNn}G>^h+<V68DiS^~D+s=5W?)t<Y3~e21smVMSNuM3L1Y+_K%WO?8VFFG{aR%L#
z!VXQ$aaYB~BU?o*2Gj|fFAWTK{aQ!7I42hKXvneD>Y`7o!)Ul!v*`_9X=cX!RU_pS
zR_hC6@U)J>TWh+fYA>nD8KP=P^k&uBhG6bC!Q5~u5nO^$mV=PCd+c7+AA`>$L;-*Q
zs*#Z_=cRY>oz59meu<*IvBOX;XZRC8_K#sidQO_UiS?oN+f?-kcBL;PQm#FHT|6^q
zH`HhYnm7f;<wv8Gl|;IY;_%G2Ul&Gw=u)Yv`=AQ44f0=#pmowkS*W&TP)fK$|3KA&
zxO-PkFOMHPM`OJBPat#BMU28r+hN%}Dj&5SB7vdv=jE*<DZa%bR3>Z<NzoKYMY&U+
z6q6z=WO`d0n*iSh4-zdm{<L9*_N*F+v%{aKfh((TAnXpd>LB{SbEda8`Pq(mOXOGD
zQ$O_+leyqb#czm=U~GAjjQ9<s)==y+H;N-CW4{~u&fbLaW^CFE$%=5Qm!1-mp!>3_
z?!8#*TqyHrAM{kjNY=shh*5IFYUHCyC*$g$Qb2o2ij65AEGH+Wh%*G%Y$B_6adq#C
z-b+K}syOD<hf3<EgiRK5G{|#GRr#ezA~1boYx=Rx<-7bOX7*93v+wdL1yR1U@2iIl
z>xkbK^TgI#(l~_4JR|;*1_i-3^Hu~!YznUt7r@BOYl$<<>h5gShezV?3IJl>tEtoP
zQOG8%+6!eQrGmpyQ(X1yEpp!5+CFF(87CA7TV|2B%krJ;?&{w9{%~Kf9Mo5i>hcY=
zL2V_PAn`;O_?8mfctcgp>yC}F52ij<Be^Tip(+rFu24DXoxBo1lJeF~+XM-QkM%m)
zh}}4RW|~`aFz~+dYSq@v?5op2-hQbPi|p2XqcJxlbAPef*7DL=P{c@yV!-Gjg`F)>
z55nUYNtcX`ui+-IS4U*@>Ec7}YFW$6(-}j0P*T9YT?BKGrCi^sGELo@nZ6NnW_v31
zQsZ#v)lxf5*)|gtIF5&m@nJjwk~dQI%{b(hfa-`fSleWmFfDRD+pM{s?Nl=z+@hb1
z9j&d?;k_sS6yRlE3=L_|HE@%HOyx7YlX&>6<zkgNY`p&KsSJU@m1ed#K;q8Jro{Du
zV|6A*lUS2p0x%2+R#ZcjifuDN;iWur5wAT~=%vx&YnPl2u9WxJoteq{H+tmP)tEXT
zvflS$-4$6Dah0yhR;D?E*%ej4XO1I2fLe_E@9AS{0@4CK&z5Z8!G@E7H)xyH+IuN_
z9xZb+PtmKvidVu{@^u~;^{q3rb9Bf17~71+Db)V{-;F@7QFOQa>F~gRcniUi7Xdr}
z;U%04wf3y2?={Ic{IwDsLGObntQbH~3u018=)Lm10#9TT7w!FTJm-Sn?EZ}(b|Id6
z%?UQee|+7}q^nMYJx>$7arKnz$Lpre@2dJexsWOqn&UFOn5DF~fp}~*BMHfR?Krey
zZEwGG>`9Q6z>4(8jFXj3p8eYyUfUKfRG6$luK)0=q1q{s4L->|4-D&0t19weY4&~!
zuKAVCa@Sp6$+saVOrQmWpq7BAIP>y(vbm9lv0}eH?}6q9h)i%VbHt=)XLfoI{DnMf
zXicM7HX|VBtpsh7meA&CbUoednOE0Nf#;iM@B${wTMH^WKM=n}$&%1s7HNBqfQIrJ
zibMJ4WeL=urO0-t4?MD(*4gY5$J2BZNzYFB&Qc|5e2vU)jn_|+H;EghtG*nG*ON(i
zvy1_e$QA}qLk_hsur#d>F6_%H`BGYQ8jJ0)U?W_N#B!WKfkb|TEA7|5^%*Zq8p{;!
zl@Ruu+D<xd?eJ1Xn*&UTf*D*iEi=GCv_C+CwGp}1YX)WWWr0?lz3WtNOZ?%4D-?aT
z2b((8H2=pdHLcj_qS4;KDv|D^jJtJg{~@LxEKIL9PU&W24ctF;kDdQ`r>!|X);)TT
zC<`CNOd7feNJ#e>of!P`D`W;(2oX}8kcI+YA#?8nMja5Gd7_$sSpSxN^OZzE<Kx{_
zcPYh&2qKzF>cTr!IajjMw(PP(%1a$)PmDk=AQRP{UD07Qh}vk|rr(u}=E=hMMoA$q
zCx~8tyIaL8a}SJTf;KbLX*rrCCU^j?7!e&fai6B#%9+jxx@hM<2glq5muV$YZ0;F^
zLa{cCG8t=sUs8CUZ*ZO9@xl3pZm9}u3{~Ye%EI9cX_&W;x`v>`f?e?GWP5^1eo{=b
z3b3_nX^jIn!BsWt!L68K9vdKnoVM<CITM)Hwwm~C2YMZ`VxmzY5~BBCRfw&Dh6(a`
zXZ1|ejLanI8nOGe7n>!<P9DmAmOY+?gu{niJC0ZQmuM@*dx0x^?gZbZSPL0x(j%C3
zLfHD3uco<y+)OfFpn7;7H%lUmfBqzz@35~19QzkbX#)ul8RL6m(gQ?9|CZ8Re>aPv
znXHpy){s}DS;R`T@<O|y+2O1h{Pt3HrNy6kvBGHuxqc;I1j!gkq#*obIMj%HLpeW~
z-#w*}@H~C6!gw#MipwRE-fxky>>Y?YTzwE?eYdhY#4g64_Rc3o@Qvi<8D{VTgl;G|
z)haW2s@V?0zAeK;(~5|0xn#@i;6yf~J-qtfnZT-MAmjkswfcvd=M>DM<W~@Ym^ii2
z0E_;VUj?cFRcKK?g^ZZy-j|HkphkQe<~h)C8>1VU|M@cBcn^<KHY1JxJ3#o1{%YL#
zE>5)QfQP4%;_V)Xux(9&G>6RJe`qv9AKpYPvYW__yqw6obY}CXluf6LjWwfpL$Un1
zyPJf))fMqVvVT151T#zGkP;oV(WnCXi)AM_pUIk@b}SP|oLKVqxO+fMGn)pNj$p!z
zB<@yN^phLOukFiZ-@sSR+9~h9M<ta=&xN;;5v7N*sW(Z=3$ppr&FpBA>>JufpLp_A
zi^ox{mTXR1jv(rFL_9e5N+)FJ83HrTrx2fqqUtLoPxiUbLgwx;*Xnc51J>$BBJM`D
z;-=w~o@YkGSeIAvOG+|@$$QOw-iS=*Y#P}=(a06p=9?=NnjXfYi_5`qWJk5qH0BK0
zw}wAZ+b?k_r`P<^1)WOJtdc^NL<1t}6Cq`^O0h}OcR8LYPYg6y>AjAg#N6OC_UE&1
zEf~sX?+MOz*7IqW?^%)0tM9smVXmpa+>$8$Wc&I1V!o`PC{Bbk-bR!zUjlY(){^<-
zo8yv<HM-~FGnWH8sV`Jl<aO;d`$KqyyuQmFd-lWSf<D-PxU^=u_)4HO@W)V;G;pwI
z>93YhvUtvgVZsd^8pH|QyjaBC*yJq3PGgs+ds;sqQseN&z&;HENX(&cdjkZ<R>ZUF
z4-^ow=1#Q!{vy!!oRu^@q3BdZ^&FlLo#c(|JMOs#{hoobKf!KW?+s~hzyFiavci<x
zwm7Ef&xzYVFf7Av&gr{SEaQK)bZWqoYuzFE{JFW|7Sqm&&_A$*Nz%4d#hfENJd`-e
z>%+bt60iROSzAW4aj(H|0R>~F-bfPN?Qr4F*p;-xTG&mbnyf2B64uGwV7s>;+aN#B
zqn6Cxk7eY(v%H;#fVK|dhoI}TO0!>`U)HV=<*zDV4)pFW8&j$FyQOT)otqV=#8AvF
zfj{uShfyQu4~GFgd74}@rrv`|Q5|~OE~2r%Ca}upo3_W|p?LoTrU;H*4v2VN62NJ5
ziI4MCyiAjRU=3KC(WA#C3R~!hFG|QSL+0mq4>yR{%)z(@6n<q19B*iuMK3fXR^4Nh
z4Qu_cx@Gq?NN8njBGh$)HvZY0Q{iHhJ~i)A9Ta}1m#Fat2CaXQ==$g2A1ql9#~gO}
z)cT@NI+?$J-WtX(URlI%DD(lEv;Wa8CHm4>TL&1ulah_b8t+x1y3qmi)_hzu><p^E
zy8$$;kyskvnO5)N@J}!z@vkPD_%b!efFia*c5<wo7Z<^sd&J!ijK)>YOQl=KtJwoB
z@-f*!6}6W*?Hc{Lv<7iWje|tXQv0UeD~r+Dq(CGw;~9)$BIOs!Fgd@13Q8Rl&vTa3
zbD!N&#jxydyu}ct28TIL5X!G`<mTeO6sql=5HfOoV?cZuMG>DgQL3x%^BDZ5YR%F0
zKsW2DQ5H+gabOuf_wlNSF0c=a-PA`xPgL6uwI3Ek3-`L{$%#$NNd{>#<R?mRhbjSS
zDn@cxnlbZG|78WodEWc`nC$bAIHw3T+12?HIq)|jR~@SVY2?m6v>L9c-K#>mQ+({9
zyA7!(86+q6BNn~MqO)vgdoL2(Z`4TYt<sp7P2>Lwi}@fP5KW(u8No3SJ3U9Pv)mPn
zE%nwpFtLw`4Z#kbJ$3RH$4vj@Tt>uxmF!lbw$TW*?_i+&UPIY&zkMy$B4#VJ&nSIF
zQ%mQx)M-(&Pc&{+pP`MNQ#_xSf5@4vkPC?_tYFzOO1BrvOfP`m{Fur>xvVr!N7p<y
zlxdAv*p{{#rE4DbxoOz7N4b&j7&0WqNmy3MWW!e1XynjGOO)|oQTK63cZ!w-Cu^v-
zIGLS67hgkdX(p8j#dRPQRtnA8mJ<Xi5tG=q(<14Y?X6Fby~IRR(~F3x(<r&kII{s^
zc$7B4VzW^7XU1Y-G}gs#n_p9-oW_{D>!^)K71J2=7FYcXPVI{BB@(%yd8CaW=lbrk
z=L|2lFDAP^SsTYgM3i2WXYDlcsCuLBnYpprXd~J!X#T#fz$T9KrpWtq^Yxn|@A@+x
zz8EWK5Qr3*z{UMOZWc;S$x@FFsuyuJvpW^&CzH<zTn9k$2cXd^HH8xiaJsMM<N@s$
zOB4Wy-hKCrfF-m^$xRzXMkVt{ZpHd{SB7d68l;E|3+Y&VPhHM{)*FaDQsT{sGK*do
zMfR`#U*k=AOqc7}J6Bxg+d40bIY{`l+t%xoPIt%6+~d3S?7xMKlsVk-LdMh__eu^o
z_HK3e;#rm=PiM;9Zkyzcx{-~M5#!2;XNyJbaHRCevEpjL)q>}F!t0Eg6T(xMRkz-6
zZ;d^(gubWB{@aj6>gXTVSb`SeT|fbB8&V{RfI@@*1thpI2Il%JY*JjP>m}}+E9~9d
z+rF3_x=Q?K$p=UOx@rmDysQNOW6r><ytu1p^;8Fz-D}@82*G6>`?MfYP@UoJMK<`Y
zo=jaNfNL-4w;Pq{10Bnnv@ch0MuSBEDlX=(O=SfWp0XfL62NA94)YoppCNHL4BZbF
z{L`km?C&S{!hXWPr}gBY>t^6kySsR-#>O3>ZYorG!zP?2xCDGo+1OjlOzG4wUFD88
za~w{C_Wqcrf9Ja?e`kZwc-Rt(y@KRwP>pK8_%;dr-fWyFw|z>hk#ZI*`vK`ptRJ0F
z)m6T7rt{r-@4aJJDiuy@ijv1X*3hhh!>;b~T^>M@P$9dU`=t<9>fg9gBjRvd*t6eu
zYNjGQX{LK-Cu##ZIuzy1^cv61n8EC7)TBCUc(#=V1UF{not(c(T*){;7#c%u!U-Ex
zi^Y+nux`o$mWEdlP+769HgfLi14WZMRu`%m<_+W=M<wYPD!YiC*(nya_RY-w6r8}t
zfNc4C)Z}WP1%^l@4sfZMGC>m8FX{Bm6G77s<ogCaMSOB~i?#gQFkoAnqI5L?9U51v
zv>PT960<DdG9WbNpi85jE|Fdh&@uQOm-N7A7GB4(6Zdq;REMcd)wnmSZrFqxsJ1;i
z`g7?)|E2Cy=h_Rk+doDIHcbJ1%C^AE6wC`Kz}SZ3_u%s&%zVuZVdg>!sILe?wGFx_
zbQIER^}NIDDf|!h%7JIQ{YeoKIAIU#55<u?2E)Yv`mTAwtXcX%1x1IQ`3LOSS;|NE
zjnyVRx>|mL$C915s#N~L+-8NBCCQt4S4z!h@$&5lbM+X`-|}%WATLspsqAIYXIIco
zuaY2wDRnfJ#4^b=+5k8Wu@H!%9wm{*Qm@F#6g;nX=lyyBMo725X5xi&`)7eS2*m>$
zQuMa;P_MQQ3Y+Emd_fjHuU!f3aIf0fYt>B7B9~`eUByn+KVI_}t9*5o=MTL~EEKR|
zrADk$l*Zofq~;)!N&73n{7xLEYH(%n&Y;-+d00&AJ0hBpOgFvfO3J>|O5xJV6y~*t
z&slzji!WE>DH@Qn7O1Hb7<E(<m1exPdc;U9#3xurfB5GtXQ#Erf_YQ$b}8z`%($bv
zVKjt=ri_Y;!cdL98DG71oIZSjP^^@njxh2_RhMz3ePT0)Xjn?mz3WJNM64F2Lb6G3
zS0PjX?B}C##%=C=XQS`~!^{a8By2I-ss2m*VL6uyjr!5ed}s6Gp>N`pyO(-WpQ3Tr
z-!gypScD&I*_)u5Acl4m5eh~9DQ>D0RYbJf#5qsDI79F#+yI+bTqbO}YS2v6gz+nT
z8mF9I_8W2|nJ?pZ6IDIDg<035q|W(75TYz{(Tp?IRz-7DjdDGlqV*~(mvmNwOM6##
zi%WfqU1dW!Ab$HUcg$W%ls%l6iG2H>pTHVqEP!2SW;fBpGdREtvYt2(kVZ|Mn=;j=
zYP(qfeD--<{Td=nz_g8+nd)k|qv~S)=f-wA`0-|!(}(KBJli!cQ|L_4grb9>$kO$q
z9kc|dTiiwO7x41d#?x$9)B&fGdrDrh7R(gwTEuumOWO-gg8yYZx*~lyk^e{3P~C$a
zypT23Ni84DH%mi0bFo=BARbGh0Mn%JQA15j;cM6trQ6_Eu4dy?{F%G)3#IX@n7^u%
z=H+#?ghu?%74sAy;?+B2qAQvMY-C%CoAx3m#FS7%%YD1?Kbd@@9!~K*@dnDCDsJM8
zl@Ys4uqDEeH8S8g-3I*=C_Zl{s_gqb7Ow2XS_*0{5g6GA1aG?SP+)Wu4ofP|7(*Fe
zb6GHQH)WdoO%7kLyxX9oyCqc)zL>s}NcpE<$|AcwkBsSgix%p|7tn6mB!6+oS#N84
z>PRgJKMiUQq(~8bTU5z|u0V5Sk^JO{4EE!_HIN(a?vl4kVS4{hRWY^yhBve;NIwDQ
zNlLVAzhqDoD<H}tjb+4h0#ugKh@b4tRO5H90Whcs?ac8IaN_H|Q7hdcsC_;GaZ{6W
zu2jr#)-16bRou<fp4V6w+g53?L_(Lnai(RA=$$*dPIpZ2%EB?O#6W`tx;o{RZ_J|n
z)yo)CuG1W1Rcb~d6KuePz=}s29&abW2Fbqu_)S#XQ~JIGuY@4<ipMJtinw08eX~kw
zSINnd)r;KIqJPi+{arbw3XBNad^|G+#LkZ;5qxY^DY@Sc{TqD!jCU@E*A@2$b6qLf
zR<1f3kaH)-py(MMb2uE@w%pb`n-D7xa4^G{wO5v>$?hjXCmeOk=-mLj8I~fQX~FT8
ze_1l;kNsrO8z+kQ8XL26mYv8%{F2wpMt+GptfaMJ?J*x2oqicseH=t92G+-GC&{#G
zqzrJw+RBi@$t>Nm%QkT6WA5Ky);H4HFsl;7{0@YM{zX_s0z5s@CX@C^2W830<}t32
zePfW02^YAt&qc10;{iTp*?U%zo0pzFNrCSDN@L#y@|Ja*@2}NY)3ZN9(<z3qpKzSx
zH;;5M(xH?=Wm;PT-q8DS51E`5F^a`|k+!o~d%OsmsB!{to&I<n{?Lt@ue7p)V><;N
z#Gg8-o)_tV^~BUWTK}lIqfgn6m1Q8Jb=n3}>w+e{LuoH54m102D$Ua=F*i%zuLk~@
zTZ$^!PKo|B7t)hxk>^y%TZ!$)*3aGucQEW8W%;dG_>M;DODrmG=T??RI9|w~bY~-+
z26seLgA?ecyi&qog2Sx0+1#TaMg?zfTYZ}AZN2~NgO)ilPEsW;666!gtx-O2qvANk
zy%pBA0u)l1f`F+H)^I8-nkpVFhGfq52L^<NM3CX{t+o?D$;0k%R)~B$Av#0QL5#(e
zoABTEvgc|r$bs&rN*nerE&nRZeJv@)#@_Sh&q@RYuoqRxV{_DwMqZOuDO}Uv8cSRq
zJ)L#g!w!GlL5%-v>mAB<Z<TF=FvLtVhq6M-$-XrwC`&`8IjOijg$~9ROzwH4A+l;X
z6tir~*dO2~X*0Bb@8&WX6@@(U%@gGq@7e*z<gBbr{QLfR6_OS90n`B!LYnSmfJU>x
zCmAp64^+Ok#hF6^(>`?+Q4-wAa{9Cr3V#Ur0FT5y&T|+`%_X6crABBGYlN(7ZT?99
z$|_DNWku~d5GFMb&%pzQWXgc1sktrua=;^RSLlfyV5;|6EMm|S9>3T=maD&ZAI8F>
zNxTp>mENqPy^h%)b0;K_fJ#SpI)6?x&+~sL5K5i>`I*R%ZYBt4<nj6{e#-0Bj-4L`
z$1fy}`+dpT?hSM%t3v;k4!X1ce$y;e#T`XtdstIj`;rk5fAIqNl|!^y1-)TX;W+8|
z6<3>O2!0Vyp;^tsOqUoRn?ABs<pWF@>)sC0fJTnTb%^xq4fYHFP1;3^>^#o1e*9V9
zKeZ4(9^RtE4r7FEC&^?=Sa}9wTYHXY>6-SG%;V_eeKdNG_t7p{8svnnj;gkZlj8_N
zq5h>*$yQFV<?^`NkgQ{j#K=0+^pzGc0k5*W_9G2c*?Z6Pb0tKagVEg53s>>nreWGZ
zJu^+>%qEQt5DtZC)Zimi)LxwRP+k#AP>rb&aE3Wl$TntQ9FTBv<0;<}wzbg|A2>%;
zbwvj489aMl;n)ByPVEG2&3F!2`W}}V^c;@cs4<86;01t|C|qs4@sn>%;@0>hP=#=P
z^NPJ4zj14^gexa#rL{`-PNGhvZpzOV7?Ud<qUuI`1fp(WIWj=V-OcvAnmNAZc6W=1
ztbH58P76xzTERWlV>*@G9>1b;|Cza&{T}UOKN1R;7p=WX;jQT$QM)zHz0cQ9?1h)&
z)%s7!3_tF4V7sXPP56E}(z4mZ;DqL#CF9;5+V3f&Imvj24O^WSegT4y9@73-5VDzz
z0Z5fXUMX|E8|MC@uKs72PbjmZ@3&7^zpphT`e-%1$C)pHE|zeM%JjYa!)kbkhpS%M
z1OHERi58aQi%9Nd60Ue%Q&Kr|v6anU>|ox|C!-<p+y;ydVffW9hv7EMg}QlO=kwkO
zj=@1?W>4d$v1Rb^q(Z}9B>VH7$V%CFi=F*e3_RE!=&biBv$p+ilk-7iNc^N)a*m2C
ztbQ!<JhHaiiRGC-z~nx7TMf%I$!r?3*dRB<*$y9qr?*fXp~BqJ14B_F=y?K@a<!Dq
zfJ$@gjD`^LJ847OeMGQ(u5&V_piu^+!d4U|9!gk!Mb;IUX`}Og+EQ(ZZ($%%)dy?i
zTF7^gZf`v(3}UXIa2s%)A&FOxWl2fRICn}<`LGZM+b=^x*%$W`kIcuqhDUO7)oeN&
z>@F2*EsECJS4+T$m*N%ed(}1ET;Gs5AyZZ+#=2+)7$!!W247a%0L&M6R&V}Wm;Q&_
zWh54>c$wfv?VJ2Q<<Q3UIAad>_-4jAA?`%^a8FT6zjEgpZeCiF=s&#udy&tkh8Jce
z<5xUx$dk9_|A*&?<ftBo^dP#$w$7Op_Uy&3P=2HaSx%P=Z_-9mSlPoOj4<=q+jCX}
zg(7c8f;NFawh0lJO%CpLVHP3D?!aGaV-t`_b!EPg2{RA2%DG}<U<#oODb99Q^j)@O
znb+AV$*l@*?TWz81-+_fh}<E*lGS(f_ED+ad5Nu<utJ}Mj#_R334G29u$&)fve;_1
zc7gnOxY-CCLee<ZzttO$=-u?Hdfdp^6EJkYcUtXtn|gCyO?FG?1P7I6nJn&DeO-m)
zi|%h!;DU47dDSyDun+mjb!TSoe=MDMJk|f>zK;;emc6$)#xb%<cA42T9I~@V*}Su7
zGBZNi6vDAW#vwZ#>)0#nh~miV`}Fz!{!-`hI>S-NIrr<nuS=xJ;k;L2J%~(im{|3g
z=#9$tp<9ZcPZggp0fK#$an3HVczYiZc0RR}%024rlL_sUUVn>SPm_GdmlGQxN#EAv
zl<OCVt;a=RK9_j@Oqe+(SWIO-w41L}F56eaMAYsmUMd+(yt?j>K`h)nHPWmYUtz}c
z`%7cwXL&(>#JR(3V_4Zph2QsFZ+;At-v1z&TB&mTE2=|#jR8!|8pyR|uKTXH9sh2K
z$|Y31UN?MkK(Ied0>`Skbryp{)p^6#aYEte>vgv)?&NC2KU(h>G1s=cOvNWxNdX?~
zDIb!ah>E2FZJGR>BTp-PVO_OkuZA>{Y*A9k{@l?33Eel_*nn`s9InMjD#$Q8Cl2y<
zi;EmN`jt2i=KcR(Y^<xAkRkpEPCxIu$l&GBj4#h7LCaKj=(Zt7S4f=hm8x8X$H^1X
z6?)Urkd`(kU<pkOa9T}=Stt4Pl?y3Zax08MODO9V-Xtya+@Ep7(rl(<2yvBZWi)T-
zo9`}bA?UN_L93fmT5bSi(Uk0eUv+8f9^3fDpBn>Vn*;u)nU;QwJHOFXox*xk-aV1S
zZB<&b)}WmEK>$!jn0u)DL7yQ)KgHY=xya4svkOQi<d*OXT@ekQG^kikEfFc#>t(E#
zbx8Ww+F^bu-U=u<xNmHpQftW$5c8FO(!-<<>k@#lYdA6g10J}K4V62ULhQp5mVAhS
zC6@0yF(I1om2nXQM=D*<HIp9;v7vL`yp9Q$A}g5#d%%9du=^9@yZNJsN*|x{FprFY
z;aF_cR&932m<E}$5fxP{+p)H#^_85sHduN^KR3~my^_QG9!(&ES5Xx)_TQeLk?d=Y
z7ewalBOq0R{HQGV<`9Y&Lo@BX)Yn-dHoUD(x*zrPTB9!gEiAJ&9@n@i^PUpU2C@%Q
z$MTSmox4k0k8<=9U1Wf0*mS2boK2I|o5D!eFw^j;L~fvR%f~e-U9Dq352W3SHslmi
zQ}3I4p||1eUkrbmA`&*mF{+`NLd~$Bk_I7sX-n7<kw&U5bw6R2euIhVm+F2%D*L<m
zBqyKmuhq6Wnd(`p?()z0Cx?8H8S=?V#+YhEb(MTLmTW%s>5b&o&3-xn=rxiljjuX7
zw<Mb$(y^e*_EZzPF-M{5S*%q*gPt8H4F{?1`7;zeDHLYh4OA3%Y}*OaJ!Z}WMn(K0
z@6GN%m(Skj6)MAjtMB3;mk>#m*JaB89_z_F3Gxq<ELfqZymQY<NQl8isKE;HO84=V
z<Qej+^V;EBG8TE%nTAHr+dbRAh{84v&>W!sCOhw+%=G^K2bm0`+B*Lm{Qq}U;Dni`
zN9SDQwf<R6&5_m>vTm$_lcq<K1>bjdd+$)-Xc@c#X99H|7R%1E`#YD*HJ8GFkyp;w
z)@n2BSJw*5OB<Z<C9=jWHt#=$)L=$dSasAXc5ZR3NVSZd4{Z;D&tW=yVQ4^<o@oxU
z|7vxiVo#>mVHx}>W;yF_UWf3(pHB&gVST@QcpwqnNtxSx=-=ANA*^ELnESERE2{_r
zpY$)A!d2Trg+0WH>ovH7uDXSoPC}+s!rQ?1`utZ)Ax4q5Kw3;YThkmROpp>ZOK$oN
z)$)vSsAWG~GW0&(W_ORzLY{rh&`EK%wFFYWcJez#mfWdn=%o<=%oK5ve$)bAvjVT~
z^;nKh-ZGC!15t<&+K5ipa|?f}$MSeStnwJ04i-`F-F3=lLmn}B5@UkzNn39+l7&@Y
ziM*yp|6|p>yyN*y6s{Qqcz0=|=u{<Eyr<}d&1`&ATbGHJ-UJ)`Vdgru+*UZqgVY>V
zTpQ@!?Rw*E%osq@BTl1=BE3~izgsFX7uB>PPnz+BVSjKTJH1<Vf6Kp*u=<;1b$<Py
zd>{h<EW!Eh|Aj>zmsAXS*+cFtq(l+|(zY7W#n5WzdR`51Bh{Nt+fB`i^*{-J%O*u1
z^<APmPcikk7D#CDH_M%FMpY6ZGSb2QMg*d)IGWcC8R=2D#X=34+_|y!_5N!h`>f7m
z<OeSCo^A$|ci)v_sYZRNX~7I%eM6@3k6pmFp?droKx@{RkM;csIfA811>`$~5-Jw>
zh3b_KavHdu(^K53X!X_@;JMNDo;F=2=7U{0M{59f9LGk)(E49Rs{FG-n1dsm%>Ql@
zPoouDuH<QGD5WVW0s<r4cfY|{3l&gvR$`w2N#ph_j$JR;=E14YI^$@4Kf3bru3!p1
z1ejDNBy$7G4IN*dD8*y;+i8{jR&nn{Bgw6y@%G%8<FP8~m(|53uM&#NaU&?>3G($G
z9<bK(vE^A_=ct;;G?G8kb^RG1txn-fc>B$JB1OY4$0!wCb-765H$1%Y@pfJHb<a$g
zOe5BOt(RacV8~-Z_lwrt4i*04k?4D=RYPs(4-5*G#fd7kF2yd1rl+}6m9AQ{WpB+W
z9%iu=8MksIx{#<&13<22dSd&x3NU7R+iz%VORH=MXS%ugPPQ%6^z&&XQ;>NIUuNU1
z>#gBRSF2=}LJ44UQq;Q=6|0)R{V>D8{J<>_oMx^ew#T)o;c3G04%HYkU1P2*1KRAG
zcCuR(Aa_w0(Fd^KyJVG?KfjDrC36>&Zxx+Yg0@SO3X#!wF;~+ShL;?meuEo(>myxb
zQNr4}$W|>+lSnu^!_k5+6;I#Tuc+CMP1n%Tg7JlF_XItvpK^<df3!In7r_#nJKh^J
z#6Ld{7{p{BvVSJdFG-2Zft+WFPDHp5P=x)57~fITHx@;An%t|NU$$Y(6f`lCC<>=T
zq$+dD{1get7Y6EWlF!OvjZ{{*Auy+gUtl5i;3BbE7VjhIAVs8!_=4FJoiv7U6xgA<
zV7-g<wFsL#@t$pbBemJ?;Wz^&pwdIhrxj~J;@fjK`sxudd4CzklgCg9^IH1X*)DQ}
zP-$MsQXLcL`o7CQtIZ%Xaj!{MXPBebu%dR>J?lW!X;Y<fh8U_WF(onO9@aVtdOfZ}
z`^xcz6VIz_0l{`_&6`3(*K5Jm<@ue+;|6Vznan17MbsES{^RDZxe{#nH5zQ4;@9NW
z-YXrMxi7nVFloGWkr^=qsZL3<;!&u8IOyao;OS15o7RACjQ&=A>tSOPtECpDVE6N8
z0kDH&^{863tD0>5B5LREm-+G4g9ly&h%4(SG_C4o9!~Fc@=yXFQmj!kRo4plZo(c}
z3#;LYC^6^_uBGOauKzPt&euTHw9fo%fwljIDYzW?x95Wi#cwb&CvNV|<*XIY0Y7;E
zfI<;}bjBJ6U^!g3RH1dQUw{F7*3P{c@PC(GUH(fk>N>k|Ma|S5j6@Z_*#>MH0C+)u
zu{HUc*fPI|OqgjrP`SnNKDA{@=Z$=u^+2A|a~9YCv0o0ZqE*6w2n>3+=fjr|IvIk3
zjuY`U!x`f&J<?kGHZRNmc7mX1h4a|@g6XQObgT(fq6<Ncb2m8HS|@a3Z}sT!ap<$(
zir6JtPQlKjLg#RrC9LWIlL)PKvLZoPUs(Fg`q@)mlMO}5e-MX%khj-?d10J~K123}
z*L^7^EZJ*A;DGkP3-ziLQn`>1!Sc%kj%k7f0=M|vM(@6q-agc%mD-7OcKMj-?*-;b
z;{yTqe9kpJrN+WQNj;FB&1gt7#aK{z;&YMw@?vB-F?FiqlS==~msG-@Ht9Rg*YR-L
z?2vw8JlN-E@m@^G<=6HPbRLVaf|W7;waEZ2oe|;&N;adV!5ACN1FJ6NYXhnVWv>cw
zy0*Ww2B@16TgWL)Fp=%-!eZZ=#{(165qM57A`h?IrIgo!G3M4>7Ue@~(rkZAN#RtX
zkcU4E>w;K4)BZuyg@6%c65Lk67Z`*gnd42izry;t7g>wWimev+Glbc$vRqX{71qm+
z@8P}av-{CG4zVt`aNAnpG9=yUd9IHPXmzk+?j!~zmd(0HJH0*zw0ei`>q57+x~uvo
zX_Y&?($|peG+I`qryLq?ImPak*{v~wb->B8_!VkEV$lBZ5GnjbAi4<42&d&9zIwVT
zf(ktwOh&06=pi~LNwk`^2&LwdUZ;}~wDdZh4(Cd>+U+`Y#s>Qgw3KpuLr;?Ewg$E7
z{unDM6?%^)OXCo=&17?ZRmxBp#Ila?7UY7UCuz-CR{Nz=t_Qf6Oy79}2+dh2dN4p(
z;ZAe|b`aUdF=zh|^10Y<ml;d1po>t3vEf`9kZ6xw?<^2d_6Eou`St-C%|n~e*#QjX
zE|Q-|sG;E0w61sJKf2v)7l+PhmNt3O<6_%tht32*QZ>!TU$g{$o)J;BLe`dr-W#3<
z>~&h4Tc{YcmKz)cm>%`+K<Q@L0(dm&Ma)RsI|yrvO7Dy!h5#*wI~^+;3>H_S%YCEL
zC}M*MP?LlUuFpQfZQU0oSgVe!g`;h}-SP@#zNAolNepj@etUwEV9q0p64)Q9cIb$9
zWa+}8i|j%h7PtWE^)`l7$1|+s?fHA0E`hk(ptg;~Hu@t<oLAjxzUuM^6XBr;@{b6e
z{AtY7a<>bvL4}NGNt-!_5*a^9Jroe|MQR`<^_$k4K@Mrm;R+oND7snmXi=AE3<*vw
zCbKnh5qwB>AwrD!jJ<5YVB#C^G8BshL~nGy7>_Qm;n_3o^SVe%qn}NW9q4qrt}KNW
zobqxe+auTtMyyQ7?k77g;wIa`78SBO>^CP>fR>xSd0g26@={%*)DnqU7`6|)D4|IE
zyjDe>c-0NrZVEd#`jG5kY^Jcy+$<z2I?Iq~9z94gaLDB8-o6Xkcz4VnZ)a{X`Y?Tw
zsm$)j{F1uO7Ns6JkEAxMcI-?iY4`r~4<eW3c;cWx6yR6y1OD@XhAMw{{}x7S<H3-B
zSJcD1Y5WbzFFi=tbaZ3c5|qj_^oKoKPUr)1w`%FemWH6o>g)@l^CC@gWhSr=sNw}%
zq6U<H)7Z^tD2)7X!0l8ztzBu}Y1o*s58z<Aov*NnJ^hkCF??u;<BgtYe(E)K(Xq0j
zP{iXR!9=ae)Q|P3ZIMtkHiC@_E)9p%Kk)Xx9Tk~AQS--9e$CPSLP?0l%*rBDG=R?T
zPQ=d6#cRu>L~PJvy_-#-)fYoxzH-Z1hM4<FL{@7#%6Ew#^q!lC|8Ow%1FUSiH>4t(
zh&xZ!MA42uJECL*m53;Bt$xAn`(?(Vm}$*a+n>4CbV&5A4;_qDRD9Vv&qaxKo!@7C
z1SR=|P1&SZGH?4sx1>q;;Q|5`ahY)XAznqmui5Mj7rM(r87&$BqmAghLyif9D&*tx
z``KVx+(7V=iZI+|9){&<4!yw4bDTH|t|(+aFL})kwK*g>DCJR{HlV^Bq|alfgev`X
zJDa@OvP95xq~+cxR2go7e!55R_=SMw_D*lR-bGTT-TEVbFbC5)U9$V&@Nl<!Ek;BM
zmksONOj?~+$Tl)BX!y1tys8jPJtvv~wATriH*-$D2D=SWTyJEN<HFu)Za%Wv0sX3f
z1k6W;EEYc#a;)tt17G}lvI)D3L?Vz26@EZ4g%v+;PD)IVAQrXl7L1`IS(=nqco0Ce
zXA;jm?0v4SIB)34&+64AFZ*AT@K$w=X*LF)=>F<-Zx@=|kW{HLERAeVK$sZ73Okc|
z#E26Doin%k!!S(B_om+T>l`-XPHBz{%sDbdp@V{T{iP+vr*}*)lJZuzSE$T(?3kKh
z!pSeBUIz(V=v@?gTo$%&Q#<HnD7K#_&*64YPkvO`>JROx>7L>#eO66+I?K{(x@MpW
zC<Sa-IO3V|{kiJS;-tmA7~27wY4IJcx>-lSgnv@nn;R9juzK?R@|)nQ3-du<)Ebj(
zf<T#h*V23!>2L}((&ePFsIv}17q_BZQ4whR!l5n}A?LVK`ysOo%Q7RZIf$rtv(8J5
z9zR*Lbjj7W56W-n6j>GDsUh<@D2MSHvrn4s7+idE61CHj6J-_uV-0FJGweG9osiOe
zS6*Rvo#V@NxRsMUYDrNa&%$u(!vBlpRe?j>fDBL1C%&B3MtyCo2f|gHVUBe8qlLSr
zA6H5igX}CM2@>&rcg&^T=#gybMQs^?YM<*D6&?`vw{A@DXpHkpaPXbpGiNz;QtH}V
zDJ^?khQ6@;+V0)^t~CFC@^%CMufe{bxtV$wDQ<8MH9s4A@jU~%CXyi+gZe=;#_aXC
z&)3xqOoV^VF3t_Ss^d(E)^_CcnP;hfm`!CrDZq<9Sl6>C_P5SR?>z9iRwvESj(Plk
zJuRdi9X2RSf8O7Aq3oED?{&ZWL<uARRj8{YucGWR^Rh<^&fjn<+f3fTuI_^%YI)+u
z>VPBYzIJwfYu0Nge|v$o{B(W=lmwor%cg#3EX^1D(vNGMVQyFQ)KfbK7(0^g$8cql
zC#FW)GDT=4`2oLk9Ja26b}iQrHbxv3#pI`LX;8pM?4l1-IK`{;G@L9KV;#Sz2dHNf
zo)~!1N`BV87j}0EOblqhChr$<u*`~dYvZIdYgV>0pUoTl_FlAe#u;|mi>8y7W|y&H
z1iHDkbP-6sUq+JzHp>$EBA9$eBR|iJ$mx3LX{#Za%UjrOyVTniS|)u{<j=`i?w1N6
zAk*SKt(H+^#m+Hk;t?yOsdl9nHUt!!FddXFA0OM%y`fW4%8Rzc^U~ImP3ZWU5HAK9
zX5pv1C2RV0Ki7_VSm`*!cQ=6IdrhA*0m<W{SnpeMR3@Y=mqNMO@;L3KwZcKKa`7o(
zIK3$u<lS8gm8NU~x0wuI<21#`655=s<k}F1=#=B7l<pMg)do|*WFtO0t|df$wpBXP
z*SXjvSc{7gPDqhZ!QAUGBt6`mn4&n!G*owzAT0CO85vRS4Ptmtmn6|jXqiqFdlyw^
zbSrE^RglE`Bc6!#iNQTCv8idpDeqtMd_@BcGh6RpH-4>@AWyfDm{31}R|m3}YkGdm
z(64!9+Wq`JVSN<G#?fn91HKUY@gF)W+~Nu2ms2i=^b{!+_O6dZYh&#3VyUiZT&-fb
zq@y0{S3Gi`D(^_%{_~n);*aQ0^hPp{*LVHe?{~=W&Z%Nbd|(_!?Gr5<zCGy8#H9j(
z2eO`jY2+1_kFU4wQ<~o~z@8qxLIhvy-ym={86yK8vV}o8*IJfozQ#ly&!n{dym)r3
z>)dXEIqi_`5i&uhd|JIkU3`rm+j{Vu6Dk@qhPCsk>^D6R4)sU@8BSBDJVNs#=ap?+
z_5HiF|DAWpNgw@#2!<RUja>*_CR}>J{y{3R7fZvjQU_b!3mjw7y74ov$oY0w#a~Ng
z?>d8!$gG3&e-KFw_+|SK^27BvFOz@gKu1<H_5x^r13dmgZl4;j$1jt~uOBL=9~FXk
zn8-rLtWQz-t3!XjHe7$23FW;8jmWC7!DSC&|1d^OJw@|hVja3{@41-1S5lWbAyuH|
zD0wb<9LDer6R>`MbaIVEE&YSgoi1S)$o$UsPp`)623`gD6ArPGcTf$Ue<cgGR<L^c
z>e-KT1<9}Az%iDUzFv*WJ!C=KnE0oR!!Z1ogP!gGT$<-5p9!F^>1cc8=unBR{+7Tj
zwF*0b$eBQ0Vb(6Of@O_E_oku;97=`bR+mnh!_yOIYov~k<Q58smHM-|CBFYcGF{bL
zO?g)pzzc#%4_4ynWl00er8nygY+m~e!5N<pmiJrm!3xGIzYVw+1Zit>^pV)?chR)o
z5N;@=>oUhV6sG|+*o;Lf<qxRBOlE~T)wks5J+ru3PdT;4%G|TEKcLhU(Yk2@Va{&~
zJkAN;l?ehl^Da+HUV)UyuHULK*Z8BOV08iH9V?!hsjQ8<8X@Yle+bu|=j>{YQO!Ge
zW(*loje^BDeI1)<1{r9zLj>1Lzy>C8KUbGvK#`)}5=qSEeJ&uZ|LouMjt|w4xm=yw
zcoWVrH`arp7}V7O<TA66tt3}o_u@@(qp<*&s{gdQdNU>x+zbIOBTB!<eq|MKh9LsJ
zE`~#Q;;BKd@<nd`o|Pk1!fqO%bD&JWDsB|tSvbSq;NUgZwsekNV#q*z0-r1IEw4W_
zhOP$9k#>9XiHv;!h@+-7uT$Qd1E+WlBCa43&Ro!F3U}s*R%CJ)N8B-BXJfddR>Dj5
z$o{)fnVUkTP`wucPX{}o6=!h;^0g-Ru78}e(&-u|GC~EByq}<bTI+SMRX~u~ncuF=
z$z=>5q(XpcEcI2;$6(NCQW$F<57i3qxX0m;{6#fGv|7*QKgMa^KZb^my!okW(DlB1
z?8)VvVp&gXO9(;<d7X=eBJ)V%A$>d2gvw?dEX9@3GG`Lw>Z13gV<Yz<4!3^uvq>GP
z+7ra>6!Y6#P@cf}p;j$}uQQ_dZ0NA!4Z;DmW3`De!L6#?@Y$|3U*Li=QE|Gpy_UGA
zOkH9~zzJA3Noj&kHX5$KG%{;BEnMQvZ?%WIG*rSQkh{0Zr|G2P@ABu)_Vq+?(@)by
z2Y7<WXSK1iqK4SR5R8>@f`GuND8?C%d!yT?GSGhc0R%k^Bsx`^t`BKB{sVj)?i4O<
zC%Dj$Dw*-_LS{Z^BQqe^{tVL}kq`tctk0y0^W%Mc=XbUC;H*z}3_<0Grtg#ebJPWA
zTel&qU!hz)Jn@SN6v`jwU^b(atW@J*hN|l!x89hhM;&z~zU!k$MdR5cv*Igi))VZ*
z&>$y?vY-9qXVzHl`9?rO0t%`<w!+ovBb2DRzTR(Qu5ikSY~vs*YD`{wNJY{gJ5rNK
z=CopVgA|VV24WWCyRyed5)H3OzY>?o{DiS5iL3Y`?@)1r13bMsz7pmx$*Rsy-KPhh
zD4`jZ8SRdGQIB;n{Mw0Ld{H8^mrQTMfaB|EzR+VPbghxu>V6PT2t3{h_a@H7UpGQ;
zT%}R!Z!?w;y4}=8OB+B`lO9XD^a22K*1uftbSqocEeweD=kn!uSoxnmclWjOpYKZ5
zQFAec*3_Q4W3>^`Z!;yXFA9VxKY;5tsch;_(>Tv9JCZ%gxg8E&HvWh#A!e?-EpFxl
z+)ZYb>w`2VB_1B*;+6+4CMC@EI`Tj8Q7#>ffmG>P?lc0rYD;s(Q>}e3<fYsr-d>qk
zqYCmn8b~?%_KgMff6jKb(Hx|1uQl9EnwlcS3@W!>KQa6{u+j8V{x(GYL*Bxa_!-p=
z+$L?=!<B!11SRl^w#<V#Nxd>3jS>Jwp$8<a2@yCx0L8m7M<12ovULEkG8%wX+;;m9
zS{!PA&@V5munY|!CjDp!;+x(1)5U{p6r{ed_J@2B%M54Qz<hYEe>2On$9{+CHh&$p
z<sq->Im_~#y=itQbwB9dgnhYm=IlsuA2r0yT_1Ya{7hFp{kU+ebCq=+{tvPg`Wuwp
z0bb4HGADBr$82qTY+k-VIAthPQTT7+#WqxF9t8fUh=X+I>%Ey&phJtbIt#vk?fNM!
zWo7X2S@PxbRob=w-=)>R!eK21b5YI7RtTK37Z0q*X#3ZD<~2@qm;$dj*D#?^puaK1
zQfqE)IwS$fyvw9Zzf(Esh1M>qN9=xkFI{HhlI{bv4btGLMXnAsWOlpd??WIo>^i8v
z%-G!?`raRUC>O`eSwf2c9iDM~E>>_&KqL9`e&REZ{9iaD`^eN-{es<qrdb-X<JRmk
z2gY~#9o-3m()@O(P8W$@ye$zew6`Ke_Gi%Ha{)wzE`wS+L)d=xFCs&)eY3P2m9i-{
z{&Y`9Xvs<@?+gj;@0k7gZd+<G`@+7f$)QF?+m!@eFaK9>P<8rZPSaB}d|G9n<aBrg
z&<8~s;BA?+1Wb7i-tT-3QP)`4DLbc)C*`g1j#&BkKkqo>MrP-d^!!P`UGv^>8i~gJ
zc`eQpmr%ACh!geM<wS4%(B8`hvR%wj5)2b3Hy}~?h3@+gMm!i@hLy6hImgFqDE?mN
zn}*)!w@`)o4lVlUxO;!Uq9Rf5%)w=PVz)oB1|Tz7`JxE9GajKbEP>>{VAuWVhAaeE
zrr^M(0j*X?zidIdt)PRpGUm=u$Cb&gO_A}SNP@5<2?r5W7=r!dFA0X9wG1(f@Ho#9
z!_8@tsUfsOqMQUtI<46lx@{Gdc`e$$gX}0M%>Z()e3Zq%TAkv<Oa9kjXUYl8tgw%A
zrs%i^1=a5)R1~%yK<u2oidM2+dC}_&r@x`N(iIF7mevCy-9w}kT$WZ^;@9i#xVUoW
z=a!`sU_n()>Yhj?XgB5OB_WDc=UnRf@&u6ll`#>_e`z>Mk`uFCSr<<!EnhK|_LlN|
z4jJgp@76p|?wq#Nwz)|A&(2cpNhV&f5eQ|lxRAfJ3(pUNTmZ6W6EoybwKEWoQ%7Td
z6WBmPI)*<CMZUS&Y(**&2<@io?$?S{J7SL6;Atm?dOk`I`+y+oH<oTKNc23sT!a;C
z-a8}LG3Lo=MoyT#>tn1^8?>~I8^=6MR?_-Drg0ZsJ0F~`wjf16{PXHA9XUZCiMQ;s
z=eY}Ai=&_rO<gXqGaX5R#t&pX${@gmZU)+c;uTBnBAr~$@*V9k>V*sbTD<D6dvmAd
z0RvbtVVLA~=wnIrG-KD&nCh{dh|?@-yJ0tRKYLwuxvM2<d*#!ELLI4Jtn~;`#UMP8
zc394|E+}p+5ujo^UZR69yiNR&_6UhJhJD{-EZ8GwWIJTfWwA1&-(=ElImBBFc}V)r
zw(wjK7T4C2O5l{bqF`>f##+oH64E7=sPtm|AwzF5JZH(17`qIu`cD0P7!;fG>M?YA
zA7cCrz&#+Ltk7^I<%qWnL1g`>XKG^0*Y@EfJnhsv)vW%SMJ{=&^u`{v!kwuniFsxf
zF!rav{(w%A2qzy~tjkD7hK#fWCOd-pKTT1#MWekxaQR;_w{>WT4b?Mz(X6PPrM@G2
zT)=FzVHz)ZJeUY42<ciF;vGg4Eu0HN*BhhSPKWF@><$x*OubhDjv0>laUzxL)mm*$
zH;Ba<HG`~(6s6f$@R)$tIp^Ltkb<q$<-QD5*=@09dJ-lvSpljn8XZiuSsjzx;PX;g
zOJ}kVCz}S;7L~KxZ-HQBQnem?Qep+1(Q9|cAV_AXts;qn#1yXth8T$CUi{~Fvmw8F
z%HK+BX)nF{eU^J^DRnBUb-=%TI`|GwH`SoiE^?_K5^fsvx!8P$<vuoAnpkuo^$$bw
zaV9FP6^|l8o+#IvvH|;Rq@)s6HeaW3&HH0it-_hNiZ_fRuJ_03TkCh=G~xS=W1>3g
zz<p&5<C;e0<MjWO+r>8fT5BYOUrLBAF3?2^lu=70XCz(?QJNA+f+^8ruW6#Mi@^QB
zBJ{%T^omN?kmvM=t8tL5S0&7fYNSCgu=N$w>0cpkX1hP(ih%(*X&(uns^!R@#q<tV
z`xsUAuk(g6{ex)L)=BX#b!GZ9J<6+?&TCG{s}tgDOghR0YWh)|#GJ@7A-cjKw~Ze=
z)uV*oy)pD6YwsE>kf2P*+$4YKP;G4~Xn&D)KG#y-yAl=PHp*R39+cKrg;k8><TQM}
zZZ;Mm{NcI80nyq(_C-y1I&Op{4orr3k)G_bE1}!Zuet&&Umo#}s$AuJP7rWlW#SR~
zdC8!>hd8C{nE30b>>VObh%W-kjZ3U+z-El=3avR_*;fcCO942+KD|I8WJeYhYoozy
z`LyTbvzCUObEJ`<yqyCAZ?ynYRmHnsUFg>meuA+X$agr$MY}&Y-N0GN?Qps<>seiJ
z6nI)1dg|Rn>_`>+eZMx1phXIFq2RsLw53<H7w?s%w&PIMpz~80=#Y5TO#AkS=hc1z
z_*^#oyO$`R%0$u31jMpl1*YWuo1ldAQ908Bj&K0OY`)@+&c~gL?hevSL5T?8lPBLk
z2lzK!E5BD3VY~n(#A9t?W>QT5&NbVv(R7}h^74O4!xrkwXMBr8e;p&3rsl`Y&W&|U
z$=9K(Jv@ztpXpD}gMJNosf^7jVUk(LNS9Rk|15uW3aSnu`!y7&I6+k!TD{ql{0^Sx
zJE<6?7(_%B-gx(8jjs~I>a^JlWhir9r?a&wI)*R4r}#Kz<~*6CdwOc`VjOc21%hJ{
z(T&QJ8e2@W?(eSk-q-wog&)aU1{hYpGl#um-d4!_#YCmkSzoq{rbc(mn|!$9^Y)Pq
zXGO(3g9rAaxh#MZx@jdEngqv)EfD*36>zJ)I{Z;;z1_Ae^_$SQ|Cw7dw%~qc(t?y@
zY<uO*VUle}s#r_1nf`N>2kR{J)%d;$$H!RhGP4V<s|khto*2F3|5h*NWV7QI21qp=
zcgL6LZx4L|pMs`#StcLBcvJQxQd$?jG4IC(I$w=SXZPAkXv^3H;PiXHqqrjPV{Cz^
z_HK}VD(1C%*4A8*Qq1f|YAXIC&3+Q6Gg(}?>%Skrp0y?0uD0LPL4+(KZbNr&fK7rc
zrTNM&uNU-occvA#*hHWPS_YkQP_p=3KiMNZ92{ch_BBV=TxRnNgzRTOTAY@MaChHH
z(n}R9ZY>3jI7Fb7)oWLvPg~>yF>!`3-t_`UH=Zs8ZTSy^n0Yz?9$oa$^U_jWulG*H
zD`LGs)7DFmlO)5F-RZ-y^xa&8xI3tk8(fRPb>>a0pFV<%A&1|^?yAe3Ux)x!mP^NU
zM1A$R)g}NhAwxpsB72Hdt2UdY>oU~2RCo~;n;o*W?@FyL^Jy`4i7>m+6D}@%r&Ktw
zg~Sh3fpl*HB=ib*{&?@<i{SA-*+>>SfWMB~8n9hbOk&BS@FG>dzf<V~x7tK!Mcd`t
z5g*Zg7FX$${?e0aqNRh40Z&9G`#{CpNn&rVt`#ahq?{@nPd2>JDSkKl{>bpS9^NGR
z7OSP%LaY+07SA0BOGQ-z`e3ElF5s5)G+04PEDu`26xPKX3@URG0nShAIRbQv(gyF*
zTUEY~;^)YpW)7whp_fa+gMk&Ce_lSZQo0@N=t#ADfa=z3V&(K0RZ{JgYzI8vrg7d%
zD5>pMhQ8kBZth%~-<`~ond0a&uVzDoR#y)4Nkkiab-G>gPf<~KXmk{Z>ol!83G(!Y
z_p|EY>rcf~3Aai|qzxKPb1^il(s(~I6*+(V!dn?C=<DK5s`BFpy_WURqTS1i7~8%?
z9?99mf^F6PkRKQs_POeiQPbQ%Pn+ek4;ubLn+9a<*E60mo5*(W99@334E^NM_z%K`
zwQx@k%0ENfHw1eCj8B=6a2U9ldv-ATWu910tw6@n*O{o_vWL&q9e<nB_kPU*rF>yV
zRtw}`R#wG;W}vC!IXJ|0bt7e5T9#z6p4-T*vlj}>D~kJyBVoxN0I%~cXmQ!G?c_oK
zOJY%ul(;{I_$?l+E`OKBes!{LY5fj7JHBS=905D3e~|0+!i{Xl<mJD-O|zFVjlpVW
z?h$qE_`?cZ1vg+GYlYuoKH#u7;2rle?M(=DwEW{7x!(zxK5k*tof~b+tUeggOUDk-
z2&xMjChX06KP&~_`RBZNeCaWGop_mod?$rX-$P!f)U{np05UZ90kZwlKQO4!Id8qK
zA$5Sos%mDL_1)&^*(Yo7p^Fe!#-*?X41DK+ttAplt2tcAq42Ezl5}fweU4{%w0XhG
zBkgy<KM1*HVibdcYVA<{*MOEwY4}1c$C!~Lj|Xj3(2?2tE>3tkLyeA(B|@(4D^i5M
z>VB<c|8Go?LF{u|Bg;d^TC;tJxL2M=1^PpRd6nZECo0vBU&8z-TQ-|Cf)dy^3(!xg
z)kNo`JMl^2P_Eo}GNdnUwD~H5@+l^R1TNS{Aye7fZ}I$_p|RLJ+v%^?DqwqxVe1B|
z30&~=C_V*Hj916Hl1SYAy<R7>98h->q}OTmgQPc`)?6IB8K-WT$DTN9jbrkk#*J#g
zQTBsnC;EPgr^om-#y$%z)1}|x-Ywf-`ni@<!L2}fv<Qz>GoqTT61?;)%!b^6U@on~
zREh<AEiN}@^~YvKBlj%;6myM8-K0U2ku#M5*u%uX3f5NL1zntACnhq*Ls4NlO1?I5
zW0iW9IDfODG9|}*^$4uU3h)>nYD`r-H0daf{Q-Fj5=9m<q4v>!#rkD>Wpurl=(?ec
zF)2$u9*qOT)PW<-J=LiLwrEw9tj(Ih(~KJBSi37j(CaaOqYn(?ViUA_>tx^JK{JT_
zT3+Ab5uxo?aYH5-2e`kOY@`v8$UUeUD&B)y^*K@KzYC|<H<PMcEB@&vZf|89WB%5V
zV~JltzE+@uuXTuq*N9;}Hi*#BKDHn@U-c1_d~I=2Z{*rIV?4AX)k&N(fxO!QY_;s3
zsaUDy8XFqgqPM;nPD!OqPx#`ryvE7(tBiv3_8G}4F$op#iu?R!qagdh_PU?1TuEx=
zQ9N^)`FjfXDHZlHaYK$jgyr7l&NAf)TWhov`*hTv9U<FdxC17ou=c%w_wJC6dn3V5
zzVA_TP-=z)ykUXFy@zx>%_{myNlqZm`71|ds-;SI9(Qd7P&TG<DW!dsjY*a!29?#Q
z&;7_M4s*nsnw&>vg{v|xixL&sRNd*bd_GP0%5pkG+qFqvUXB}BxZ7@pNN|D-$SMNy
zOOwj{Age@O)eKa9{tI;F{|Gq6DO~-2b>a8}wxKQ`tHSY4L9WUTf*`N&67}#0&B=m-
zPv-u&+nP5@1MME$T(J5&>g}GUuSu$({09M@o1$d-{BPRn^r#EIk&D*qJvdS0VKGQ^
zXi15KGafJ71jsxz1`epZm$yK1NV)T9+yzLU2ws4A2Oi<AK2>|;m3oF%a|h`ZV<PDJ
zM6+ad6j7pnEeti`F@my9GE1honmOItbc3G((UMfOC&z308KsDbC*k61enm}NJi%%2
zz>KRc*NDmj=|&0pt<pGdvyqj+$?)^RMM6A7F(4gV4&4S)abo6b-8Vd~tKlF`80Q<Q
zS#7!#HT)LLwA}M@0K})1F|>duxs<2XHs)huj>8S)_&p`QZJHp!?nIzNi+YUcXY{|o
zY%i0(m`N;?v@sC9y%9@sX?f~1`~NC}G{&5l121^vuC35v*KfU<kZRe4FLtADrJowU
zF3~?38p0RkM!I*@acS0Pw*sopXE&Y|nL$80jvJZ|C*?l@f^QuV`#|hS_4`mSp`X-H
zD7L$Is6^}FuRyZnwcxd>N&}?Va7sEajs)r!>pV{sS&nJVQ9zHA2t<3)uKxs-e&}A{
zCWfCwfk!H-JuWzEIda<~MXi6KiO1Zr?|G~GCr9uMr7YUD9=-Da97#6CyHRI_0C^Pf
zgTJN`0C?kzkQg{Ghx?U@%mL`+d{&GFMyWD7AYgjB!diJQ<ll;HaGa+T6h8uEtd!@-
z`ho7g>OP;wnS?p;Qp}nvUqV%epD_4CA*Si_#Y=!{oAXBe-sbc{NrgVSth&^_^Z+mP
zjo57BUx`gkDd>^Eb`5gDEf?x--A6C~it(2GR?Pkf`PxxBc=2rgda_yj(6{f;pS9Ls
zXC{}^C&AB>(`PcS$&jHz*JI!u#pRM&*nS7b@p+Jc)7U}}xZ%E6?O}{5tWKxDR;5B%
z$pVgZwt{pX%HN6frZh2I_dR6N-B5!=qxA#)U$~YT3ulZ8e_x-6;3V4N7b~shGaY91
z2oG)-SZz<by`I&#=o>l|3E7bvbnJNS=kwK<Wn;XhKP7-4#6b741kDX<yy_pH*1c?!
z)VSyKu$1@t=S92_tM`PwH-A1_9NLu{Npks^z`xq=!sO^2)eZCe)UN5nn2~%>OX5>U
z0Z!t?S!;G~nGYfyFGhh|1XZ_)7XZ2Q!AMIY^w*e(;)2(j0f{x1lYKWR*8N`Z{tTA>
z;Vt_AbbppIkc{-C;&fLr^6(V;%Ek^3#*;_aGUnK+ss9vOu6ty3(IUI_{^zfRN-;XB
zRPMzxHDCk`IfFVR&Mhh%Fpsm?W;aHE<?k`U*bi@iY4+hbRR9Bn(wO+Tq9rydVn*|<
z`skRKG0v$NT^6FXUFJbtXl(E25NfMuooOU#-fkZy3NbM5zOOEng<(ylPx{(3030Xp
z+1e>T+=4tP!e?j7=%>B}0fHFD6^W1dmR%q7a^-16rJPZZfjpK#XqyA#A#SDBF~}D0
zKvJY^aF|&CRVvnJE!&0pFTJtTuaS$Yq;nqYl{chncRbHadHO@oq?v{`e8VC^wzFgp
z6H-$-&z`BYt<K-dVn4|iFm+W#+lkt&4&YaQV}ILs@N;m9jhKnRpZCeV-l^-ACvUi#
zzEle&NQ-45kW4zvOXX>TlZJf<R2M}#KGZ&&&`jayq}S4<6KIiM+^tfsjTm$yVK3#w
ztQeu}sg0PBbzU2~n6;g$#-wFW%wLw3;eB>c1_Mqj`J+q~xdzzRxP+G?A+yYLYffFa
zlu!J;xDz)qQEe?;=gPN_Oe+1oFaFx8?Ueh!tSPOS&W8&Jgb&znY%FVcBTVkX3$b)7
zNVn;Jp-}>0gECb(WWuF<5)}cnCgUFfTBX51biFea21Wl1o$_Fq-t>91WAV7=K394a
z09g3AGksbn=WqcG;=(`?WCOXb*P-{63B{PA7Z%QDikrzxL%f;2n<fD+h~8STw;)#P
z)s07iG^<~Jo#|_-)CyJ&pl#HBpz3Zovko1Pb~vORzlte(+LI)4B@+!yH_$CEAvsK`
zS{>`(wpHB_g4%Hv+t6yi^Ac$9r3+}aT<wbuGify>YF2SqxU!<%6QhW0&*p<Sjs4Qw
zahU&$!Gpb7uCGSjzGig9xWg9C)n2As6z>BPa#REX%f1R_cj*;%zpQjV8t0(kGS^$w
z%y8LIVdX(vU^fp8(_U1|8`jLK!Di1X;+Ur%Uv0h>uuM8G8)Vvf(MS&(S1m0~nr!Le
z#ALF9YN5$N1?yDFQgqPSHILp5O-rogn6vcgGfmg3Tw_Ves+@2Lel{LxI~8mMU?Ke-
z#SxtjTENYP`@m~glwqSX6P~j4mHqfbu7tx=l`%B2PsEOR2SvrVy38{SE|mod^*Kzc
zh533o@0PESOsU;P-PKTb=paGs+O)Yf0=ewwJ&`j~2xv2AbE3<)RMO4t0t+5DNJ(#F
zp7`5YN~Wpg(T|B0@FEl*px){XNr9Zui+CoYhTdv=FRlRmBw5y08ss$?cvwKuX!mY>
zln~i|qi*xb6nG?-S!`djJ=ry%jv)Fix>#0?e>Z?=>gTA%Sr+aNM3yG^k=-*E*cH;(
zb<MC*W}xs@6dw<LkCBEK*6{*_)J!A0ff=oUoOz;**o<)Z<A;kSi%1^z4ZoupG5a}n
z+Izj;NtGbdsbTbrH;`?p>cgAQ0sRm_N2%1W`W6#}7!1L!;H^qp8(d`mvb$$hVrh2K
z70dZWYf{ysJz&0Q@zut9*$CZUMmpv;o2w_^m+9|0FA@jPLMN{!at8-)ou$Jc8d$6&
z;RLS^cffBccw&#>vHj*Cs;=dmvCcYWP?U>spPIq~L0I!H9<yOWY)C&ZBk}8$6LVuV
zj7-7amp`D!M2@jd(qtR7sr|%itd3X!&ld?Xhnd+}7*!O)C!k)n-Q8yUdd*_cN{k)*
zU>Ap@wzm4jaTjOx?6rWE-gazTggtzB0NrK(gh`#c!WdH)$~&EHTlJx4HB&Yu|19sx
zu7PIt<~*76=)<ORmBV?;p!)meQ9cW|u3GFQpcM}9mrwt)RwIdcc+GPh8~?1gEGEm)
zYXGg(gZxpYJty<&`H}_-u2YoR6#v&bt^hmjE2Y~(J?ElGL3RA6M@nt=teuoBIQ>S@
z_vq7oS??1%TppG0G0>RlSX+ZQKNC()=ESmg2(OBEMY1yF?2YON{>GvL=|W>}1ced(
zDP-P}-hWrr#C%aJnv<4|;(Fx~IBR^}k6(}Ekr5R#AGP?p%ywNXLTv_>{fr-#_u>v=
z5^IyAh}YD&+}s#9GUFwiUtIic=S2f>*`n7>`YK}+q!v6mfdW;#QG!KTA6VSTTMK>M
zyV>OPUTcAXLd1(A_;Fku_JQb>!vwL(Ew&^}zUs})AqCT8=l|rDIvcdShH`AEVV`uY
z%W!q|^ttV~V+B*`@1DMOR&43L&FE2;8dvy*altH(xg<g#T9s*G7sDYX3a!o`iMo93
zvU&Sdd|!c`O3~?pRz7diWLjy#v3I>dQdm_&-r%BOOxH<XZ#U<~YTjlPi!E{AKS(cE
zo2Ok-qrzeHJ$fH|R2id5r{jIbhNAzb>c@(izy?!Dn}<q^l{g!*s!~kW94E9=cv}9o
zCSX0a<d}Uz<l<dm!MHcmq!z0a(lhMuy{Yf{XLfMuaeQJYk97miu3~Fm|G8?$Un+f=
zd7KD#3GXOR9P909?tBT6Avqxc5++%!WA6J?7MTkVIivlm?VXz)KzuisC%Z6MgxI{^
zK&J}(pi;ClS`UMx(^{Hc7)H+1Y9;<NWLO)Yk4j6wEu4)=7DX@KcY%;g<?bylWn07_
ziqt0H`f=onfoC`$@jHj3yYxoxR+I|Kc5fpA$VXvIDmoDOt!@#%yi*bD-IrIOS;~j*
z9hImDO&gr3|E78{cJQ@aTP$p4O55_b4SgFqk#oXwjHl26kuz9P$@!!2m-3BH<(O#c
zXA^r@x~wK|wDnCj!qjYVk5;0YyLvtEl=22s)|T>(0kh)M$$J}j0yc89LxwG`6<cY9
z%%Tin_EWvmCfWvC`tP3frR$UhazUQ|%ns<u7GKLn5a%2*{Jme5rehk#^wCO7w#(Dz
zwm<0j3}H=7v|+M2bGgg)E^F9<0w5S*{#G{l@Rd5I5|;x*e+?eyVgiiAXc9Mlp<7!d
z&ndTHl><kf$eANA*SV68sSZyzx8a9@)@@zL#MWr8E&8^eqv0g!nU6(BYS#uR_5IAw
zUt`$r;xr8ixZQ8sRiB%kj4{wMfsm6-Pm*rq<+8_WD3ra%<1X#2$Nk9{DN8D$eXp+4
zsUSV*NpY^^wC{Mc`=>#1<=bRsk%Y|eIJ#A}W>X2c*x%Mo(1^Xw9ihAb{!T!I_`{e2
z4K~-}|0MUraY)DU$=}lza9YUR>!nCMTQa1GlE@_zN+PzOQpBe<;CarYMXFJ*<zHBJ
zsyaRypY%BTzWL*%$FwoKg9#<sEc_Dh2LeROJKom$-4XhR4^&#4yx@(X?0;#G*-K{4
z2U^1m*YVZLc#f6_EW<Npj<%EEDW)yY0jAf>JU{oBP;1JLP~nWBgoT67fvbKpEa9-2
z1fk_&+(|HN#%4D__iS8`_pc5S-TwY)J2>$Cnrzs0=i=Eg{2i04&ZW>^{^~OW<X<7V
zj%DSAQ2WR$j7!kRc^YBX>D~3Q6zLtW(=g;e$ml<a#I=08{Mc&961EX5{11W_lUnKj
zl=36++mpZx%fPQDYwfK3j_+bv!oI!&MVv!Lq~iJGu(XxiV}DstW1A1Sn8F!l$A(`$
zKJofXo6>%*+k0&QJ`4nV2sU?rKRetBfuDxO{ev`x?T#HQjC6q4@51#E%)_STj_%I{
z0OV|UR=?M?p<}XmHdc5={g*YN|M#BsQK7ZuwQeIOtgor#6p2;nfyyJB*q8zyc+<zF
zZqr$RYDpP+CU~@fd|N;E@lUWv$o2h>xI~T7Lv<@hUL6H@#9tOb@mc*P^?1h7Z0MQf
zVkpURqJ<UpJ_7KVd!DnhC&oHd48H5J7W@b4e_?lD?osP@pzBcEenW3ozqCLtQ@h{R
z;%UnoZy~kiIRfMMIgQ4MsbTJb;TON?cIJdL(;R`^>9JF^3S7P{_EmqmEByhZ7zia6
zvg=Fe-D&l}p6aDs1W}^^;O*FZ`COE@j#`*WI}ugahB;TA7&+7qUwvjfQJqn2OzrD)
z95ikONsY_#F2F2XD5p(TquOAZvo5N^X+f}p$#A|vfJZKv?7Cv%n*zboM!?gLh!Oxy
zCf^2=!O#AA%||V**)z`-=FU^}C>$IGKVPnZhK<d^lsS45G=G{!Wd5^)H<%wyKX0rK
zX-cpJ$&S=*pOGh^cx0VM=05?e9cE&ARen?Z`EZvK1U<~nxc6MmhHkwqdD_s@q;+`@
z0D;`kzk$Kkt=~!yDL^KJmjM=8-<-Qjq1C6uGaEO<su+%VP{LuB`siwQz}8VX2#n!2
zrhfO$r=&Ky=%RrtOFmLF%@@>xp3#!?Cjc1pVyzSil2X0oU)@jOcS!2Hfi=_AP&jDS
z4Y2Ul*DKpg+yhAtEIGtit&vbs^W!zY0Mx~`*tBAvx#r?NkX@x7@PqCTt&!iGJ4F2C
z^nEe8b`6=*V&+$dW@ZEGRL4f;6h&Tk-wC})6kMRyn+XNaT0zJ|%3&_2Z{zjmPJFp5
zm$RAb6z3FH^&w`8R!@z#HnxOW+E-88$nf6uLnqf#LgkoNK2`D7J5U^8&r4jzytgN0
zo1<aJ*`wBb<o!M}-j0XwgY)TwBhYE!d2aoe^}&pm7n}dMT>WHz&FLGd{}T7KnG%6;
zYM^h&$P5)OgjJb7fb*9&#@h9yOQhwNP+om&By?3~`3UMdabeR&prvC?W~|ca)%%%s
zpbFTf$d!|mZzwnqJ*b~f)2%OjyQ0YV`0}M|!ctp5+;tcvE+Gx~-h+`-EEmz;%F)JT
z?ruc`4)gKu&f<!iM3N0WM{`_`unpz!)s4x-PaZauJZMZ7{=sYX6xGiOQV-KL=OBC#
z_^6lG^}*g*AaO`sDl?m4f{NN_B@E-e{TcGqKxgF?Op)(qXPs4Fy=NmvwL+2E4_#TX
z<}Yo6aivXhCGNrL(|DS|lFHL(PW(+3xCidiZ}Y`q=0(m#u-a`5u+F%P5n*_M7(_u$
zt)(-Xy|yK+0xCtg`hOZm%QIU^I@g?^g70!&*+8!ZpnksOlEs4{rfHm0y%_dVGMeY@
zgI%Dkl6A9JO{Z_1B&nY?=K#4;*KHf#D}6!V9xA017sI*)E3bv}&k9+U;0_znI%$<W
zt;Ba#LtVfZ=H$!?`WZ{lAK)^0culs*+Ur`xL8@FFkr?1CJ6uG#ed<;LT;;w!^%bB4
z4{}(byLwwvD-|8UHGWrSNT<#8fwpTaHwa}2{`&SpGZs8<#}^P8e+-yk;0hn99Fh3B
z&_m9uBVi_Kb=riM1}&yfIw*1C?LNEe+66cwV7f##bA7rw*2YD(%d|$l3=+ES)EUDK
z;KXXE+0flw))P}8^!B*5mXt;gZE*Ga+2bBtaex@#tpoVtQMxt~w>t9_oqpyya#$2z
zA*za|%?sdfF0ym=&uabKyudL_DvhF)WYh`P$*{fIIgXNPg4}J_FF_rhO#}1Z4r3X<
zDIQIyIa0l3_%~#nu;x?xyl7=cNeLk94!SB_7aN8lqpPxnw7oV36yIJRo{gOi6%Jq2
zbaaf%*3T2Pd3BzxZ5an1wO<vC5%e9u4C@gLwE*L(?e$YnS;ckhF=&H_4rnHbZ#F0W
zt!-D}UN*l_VC^0IeLRM~4BP$(Ibc059NqH2+WtBaq|6GpxoW>(D%!ymDp#mJc@*ry
zntVui7F3uuCaPvO2-PuXtX+2hc~MvuaT$(R@RRgXymCgJCDa5cYx!{kTq3)0Yo>m#
z4vjE*WB<|;?6ODE5<9q7<^P6Vp<b@fa>-LM9p<RFM8eKhEuMg~4*z;bhGm|nw=L5}
zWArK8sfokIKqobQ`#WR+EPb2aNopDBtHmWDcn#rZfHpHX$vpZEHpJnz+GE&b=z&}G
zJv@CnowmXB5JKjoDmq@hI#<+@K&)vusy%Qg$=@>I^9%F<L6cOS0qIB*W*noYZ$MP$
zaJ`a=NsI`L;-T!z%fckqANpjP+<ToTD{(da6%r}nGp*$ay559RvQxJzPhBq}y}i=c
z;W}XNjUcAyNca6C`)Qf(4eW!7QJ$tbV@KH+YaIW#X@DaP*^BLv;*sFb9~Q+Q6xQ<P
za4BUd3k_%Z3nsO!zH<TY(Sa$8FmcA&%u!1xKO^8<f{`pJJG~&f0okCSw_0ew*k2S(
z@J>Etxs~lCKZGFjo;`y-GQ2>nkvZc<@O1!^#w~}cBZC{uHmUskS2p3=Rw8d1XA93Z
zn6nq+CFV%4*^$31#38@5#K+L#42kM~8xvX*dCeDJ%Lw!<>m2M4;X2#Bq$t$xY)8@6
zfLFeog#5i;ln+*lT#a{9T~6ymbi)-2XYkMJpU)+N(2cRBUOP<4!<Gj=mDw&~-U?08
z2eDU=?Dn-f26~lZ*-o@%)kLv$F~gfYsL4SQlzPkldCK{ZB1>K#Z!8@QuSLP+H85iZ
zwQIuZQpdb^SLdQIuzk9A%HMhu_I>+<SW`9TkxcG6k-XH4BCQ0vV5O{;T48&IZ6+@p
z*}7g$VJpM${@{BR?X^u~i_h|$uS%FBYsKa5PPo%v%A7rfPK?GC+Zi`4&}6SJ^ocgh
zYkRLbFabX9yB3755GR|)VC4Iju>W(36aVII<An_B`;D>sHOEP3BRSD4+0&M~YGf_+
z_G+fhK6&unAWwe41R7f+uIFXDgOlw!U0o}>ebtXLT}PWGz<WU{Y5<Fin>o(%`7YdA
zq*iQRy6|NjI7PLec$GDP58T^}*mofxXY(pjJ@IG3G7KKJ=)N5{B%(pQewLNM!!Wwt
z!u%onkjImnLI=kg7_Sy_!h78ENuQS(X@bB<D%EEoEe)K>6Lo;SgJ*8H%p;-6HmBjg
z%%a3S{hp!%Li%B8gU8>iS2_tM44cGSFc-5cIDO$HUZ_pV7DtTfCYE5KD~4V|rUnjW
z^%WWRmmV<SEq78N`e@@}cL%RvEyxSWuT`Ru$m*48<`4x=ukNryD&Pecvl!B0ro8v@
z59FZP@5qDRdr3K@=cbx#G!vRoIe5#yv)ANxljiP%%vSc$2UXV##!6#fWh*B=g6o)h
z<ee@<H3GciP&q!JTBY!Jh+HI~R%L--hS_u|a684Hj63CaIldv13HurcaW&`E9}w_M
zI^h2}I?J#o{{{+=1|_7s5frHrIvOMlkdT%xLApa4l#m9c8>PEDBt}U{!^lyBj8GUb
z;Q#)7KM`ZYd2MXZdG2$c<Rv+?zSaq<fuTXa1;?yr<`aIcN@n&Xa5or*!JA*YP=bk!
zsSy#-LKD>d-QRBztE1{Z>TlsX%Bt%NOIp!Rv?)wq!A(q07AFkTe`9QgLWU#fdAue$
z=>|=ZOr5YKlL)yJ9V`7oKcwu7#}*zsTq9uU3=-bZET*ekdefIgHnY;b_f_0AaYA}f
zFwQq%y@%r6u$`(UrSzXj7XlGd?SVMM%+B7P<X6w|ioV^%+-xM`IQG4-8!^`PeFYwq
zvMc=e*IT``L;($iAbv4Q2hUXclBG=6!j+{UMkJQ;=-m-&V)aPCutAP%v`DNp<(4f$
zAxs{wkv6b7yhgS#rYbw2b7m=xIu<6F#MQ0(nbs-a8De3ytDN`Hd^WK=9D+;)y~i*f
zj|P@MeiCycvtcMaVUkol!-zosmAF?$ktxnor02^*Pqd^B_6Pl9Ax+huWgTzX5iVQp
zhQW%1L9M-g?_JtQre;Rn?M2Qc_v;_})TXTWqrD$f?U!p{T0#j0qyA{ocNpF7@b_sn
zk_rzBuMFfRi?VAyS&?m}XVuyp9BK|_{!u4cS5<1^3GxIlp4Re$%9G5!uprxrQI1!!
zRHf5kc{;Hor}XdJlRm!l<6y&r+Agtp)Z>Wa*4B>|)5+q_ma1;9I-J>?y`z+Z!*=h*
z1}#ky=5%4n?}&6yDz;HgCs!fZ<8>WA_2|dV1nyTJy1I3PK_}K42KE-C>fLcvz+H2e
zE=_UVAhUg&ziwb;Q^0&!QJKP{Eu1fD*1k1UXZJ&)wdStX`d^*$(v+RPUY-JxFS0E?
zInyCDZaNZ^HwA1y99Q)z=W}c2^?Z?=L!OPYol6tbiz)mAv+B(@v%-u9?`!XWG&azh
z16{f0E380qVL?MZR`15#`KbN_?Lp_e#Ld$6(*o1pR?+umc7_uXOE?e1wI$nqXRLci
z-U}MiV=~QJ-~#FXl(dyM+I}$vvr#xvZa}Y`i|~6EmNqdUdN7>T?A4n(Ok9z@uHdyj
zQ(SOXx_3WZ9H+cEf4>EjRU=&xD?KnxS=AuD+ME2rKJG>I+->R2MDtLLp^&GCT4PrD
zFe%e!DS*5dvD#lS-4T3~>uxp8)bffVUBk&dVz$XJN^3I9d4HAhcKMNY)Vj9HU<9AO
zO5D35p}-%8JUcnD)~20}ADD!lZ(s5l1{SZJe^7UMOnUonFMT*GZo1tH8EIwkFz%La
z5N73@k?(Ufn~!Re&7rsKr`0$J(m*-9Wn_xZ2mQv!AES-O3bqw;#@WZkQ!2^bW*Jx4
z*bH0$-d8-(V-LR{mZco22=}&hXn)K2w76hf3-u!FU4K#iY*yWJm07laXvSK}6R5M?
zaQXdYgAQAf@2wU}Y4<c;I|Am$WpWVVve%yl@9G`-xdokUCye(d3Ktp9jd{91P~*c1
zf&bj4nmsdZb4?&xe`zlb+Ia=LLdr=IZ%BTWS-g<BL!-ljbW!H{X?v%1HgJdj1>THm
z@f!RN&Sq)GBwBx$o=D?Y#L5zfaMve#y`%LX;Yuy}bLq~>+A~>NsQK2FS0<G~t|9Gs
z9tV0yNX^feMa9~fMN7zEjeRnAhpt$=2qjEQ2Kx-A2S4&eV?W4!hJ;ykZxYS(P>5=}
z;O3ezc|deOU~)>K7<Z<}FIn@kmRi}9F!B9+9qL^Slxq2F{Te-m+}R2pCmu8VBnVG;
z?Vl%F9j9ckGd#80n0{){?&td4J$YEHb)=uPExKRmL(s;fBU$kuMD(Wus<phde1@?%
zD@k;xs#pip(vZe$=V{u`#H%x17SN-TG+ZS5<YDXucah*K@%hZZe|aIx<7_I42yfa?
zxYM+#Z9PXywLAni7EeZ7wjRntCHej<iR|?N9<b82P|F_)K&7;X+}H1-(M0@sV|K%(
z!3b*KS3-=z_*88m3d`BBFDlkK8q64Z7vb^bw2rRZwfa}VyBWsN?UAS%$(FedV<Gwl
z-4gxIi(a3C3^R9pzHnC8(037jCNd98BYZk}we(1D$Vj7#aNHl-o`6^?syY;u=dhfq
zxJc#CTBI~xj`&;~r?qerxqV@;gy<=_z5~)KY(D*!(2>hv-59vZz_$G0q4Un}HyjpB
zv11y4Um1}qPrjtf{yrkWZD4i$v@OkB^)pm5I+&B8VEumV;;Vc2)P?s7Ga?zv^AXdp
zHSf+VVQs97*Od|M6>yGbN_r|0TZ)!_3RygID#?eCJum)2p2VKmVr4Y!c3+8o^Ayy`
zRIXo!N3_MwD}7;-WG44~#I7{WL-N2*JpHpa3$H*NV>4*(P~29_JV$Je8{FI8Mkd9M
z+sB>z(7H_#86vkl7tt7uqIGkQenu~{U;qgel$ZW3ovZWL(Fn)*>(yGleCvtS*uVa!
zpX<+M;v2vU$@#b1iFSzN7yP8wH5Qp%`1K%W{wHXZeZdr>9Je+L`R;039M_(81SM?@
zqZY2Kd@Ps4HT~UEeSHo7UR`w}oLK_vkiP>7u6O^eAv2Ld#{leEII7QTdO`>yol;oh
z*duWhnRyn|FBjeMr#AmV1mojn*QA3o(f>h^tT*?&ho!qXmxGcp0l6cX=RAHii)(bN
z3Y+RmzjApee6MrEuH$cIE^ZCGNWI}fDhI5M*UxTh|AXiRC8LnwOmpkR$tuRZnLMJa
z-!j7WR@OyE+W5VcDQCQ3IiQOYZ{vVr=#JL`8g|<e5LA2K3BL#gXF0*C1JB=*((p!T
z9IBUo(=*H18<SK0!&D6UYs4VPxo{H$&V)MtsE9nYhuB{M<<C^#=%X#a?q1XoOfGa|
zH*}`bb@$P(Uv*zhjHLv>n#yQ+mv_sxGBRh1_O4s&8sh*eh&h4JHBq?y%ZXIx>Q5um
zPjCSfDKMRWX<?-M@r(N&GG&-mPupTpc-f9{R#jPe+16H%JgX@;)V#{Z0Tx8n2h2Y5
z;4QB3k{gi_?@$|jnU(^mlSi?>A-Dx<yujgvTj87CoJF$I0x`e{#S=2?*y#!{o3k&e
z=qUXL7d&x41%aa5_hNFI04*9_k!6dW&-;b{CenqZo6G<INve0kSS;{Ot3;68SGCud
zbhB_mXxe}g-4txQJC@)_%`U~iKuh%{ofvsXga0jk?a3B^4-UHPrQmvIeX&!e`lC4f
zcFn-_oE+XL#1aYGW}xa_sJ-z29~gUudr|nh#)Yl33gkk);US=BMQdru`DRf6?gbtg
zM8^a^2U!!Y{C@N!0$SozTS~ASCcK%V1rj4C3lKcPo?Vwk^D?P)b|iX+d{8d4d=o+0
zBb5Y<JWgjJ!{CRZV8tsr_5&^mjIb3C?tpA3wr4B$WxA!i5*URS{MCBFv43wq%IQHx
zmUXOC5!gw8EqhfmS8U&V<-=Z4<3=JtHJE<L`RghfkVRV8wp7N-W;3lHv`1-~Kz_!y
zF`%tKE?@nUO8*1hp8#$B2zorQ#O@PBr41X;Ggg|hxMDn&XRxOMq0^bvl$<cBHoZMP
zJ2eBj@{>*t<;LG5ywJB)+D}R4C^XIFGD~m+M~D(q9_v`#yBpMo0$yqTgAxtnX7Ojw
zo=^Wak7e99eJW#J)v|e;DDmb~>(U&X6_YW2S8VXzJ4@8c;ZIJ$Fx51fvCb>4NbxQX
z>Q{el2?XC4@<ZU$PxU!;Yv7lb0n{pbOiH#R-zv?6zg3k3XhwjvSP^{BHQ3g62#_|x
z7B_+b_c^~(&LYpYZ|qdq2NBfLNl;SDc;k}3ESNl}i}++(0Dzi!tupQ=9J(;j<_hOe
zB?;uMuOzm&5J=0I?EUHi#=~96m=I+t&Eb%^W!`~GV#}7v6+jss{LLr>qG$&nTpL4J
zjr%(VLyTF<<AjmgN@TE&v^Z~U43P!zy8>t>vHXRHj#!7Qz}fuPzf=n=w=Cv9d524_
zZC%BiIXZ<qixhJwa8@Mb65RSmuwX%{y^kd+n<l__Nb0zjim!OVy=lhg{B>CX^g5!i
zLlhhH!(bfb*&d7mJv0G)!!b*1%lNz|*vg)h=2G(Szy~wDHV*r|Ws8}^e_s%ZGcIs}
z!LP-!+Mi2>62IceWnV|x`<Op{^n<=}##~DS^vR~3ozjAfz*3iEDANNl$A#4np#AUM
zZHI@yusUW`K*~g2n`4`C5WXN<YEaa^5zgF4!4;UTVC=dS6%bVL`S)QQ0k?Ms-z*qH
zhrWNW4QQbnwg7EjhQsDy`tB2&t#1a#=f?w)Z~Kks-aVRX3{J63EUaj(!uVLIhWD%M
zWJn%521|Yf4xaaqk5N5VK~rxVIp>=jF5aV7zS_0UfkE<PPMS`SVjyUiL^jAD=G_NP
zuD#`Dhv0q}0}s&YTEdlcaAl9`rv8N31Y6;fQX)O|K(hmnUaUWK8$O1J%?s%4AqNi6
zZ-4aUK5xFN(o3F#N3R^-B<8auV$Jb;#d|kh`;N5^3=k-doI1VlN^Q6{v1-z9sgM#d
zYJDQjlIs;jdm$Z<k`?K0JoMVATbp1~m$Mmm%c_2qJiB*%A$}PEJ84GCid}YN=C8F*
zaDN9fF7F<7_PB@ubcbb9mZEJU*0~eDczk<z*y&Ga(B`%CCD{!eRJz6jS7i<`rp`Qv
zpd99t*gsQ+kdcaS27lKXH%{K~tj%=`=I)4$a;OD%l;^1L@2FO*FZ;E+*H0VOUx%~b
zI6-_OZORbqfBu}pnI}ew;FJi%))NQ~HY%G*+&>Bw56%rxHmNp+_H1;~u+7G_KWmA=
zpyCbL{&S@|_Run35Q>g7XkxQ+XNwR0;ohZOyMnhICk0o^QaeDq^ttvph(6)q1B}n0
zW5U4Kp`e2SsN|C<6oQin6SC%%^fS%g&o6CL*+m5k-_q`%tDO*R!ROFV+PT6NtL&VL
zWUk{i0rjOhdJ9)^9E4xF+^^`$jrJu|hxc8H*ko7S3?vBQWdTFFhF8q0V)>n^4p`^?
z*mmsOs`h#)$MYEDKFLpRTC{IQUF3fBNK789zB27z(Gqgqobe>F=O3#d{v&M5u=CHN
zgJsEFW&KUn*d9fm8^|+%ETu)M#k{`WZY`6;m)6$p!>X&p{~XXnEk_XRD1r>Ir^S`Z
zwX6JT7WxKrv3aS@aDH1+Bv2<ke0V7Pf_y@|Poaa<c(6ud3hF7_emGpmgA#+@8!^vY
z<zdh4axl$~eiWYT6I0<9xI+cRIYBNW?lH;x(p|jf#cTaC`n6cO3{eVNn3!>4v(*0}
zx~hN>>c?r0*@PMGX_2V6N1ibZ;caJ7(i&iHT5emp1&RW<tfLqcLn0o}3QZmn2je#7
zf`}=mvv-2*#o-8?@lo``1Y!n8I`Gj1++78fD~f;+`@^TqHghmWeSMI*3eK}7qR3YI
z&D0%gMm04+uH<nU6C;#ZPVE9(TjIp=whk{69-J#^V1l=h;$qn56|C;dDbEOCM8Gp#
z5-?Hx@G1&rj#FT9APY3f>^Ha(k7<aaD#%<D`p;{9z!h5T$lN4dF#}-=zT5(J0W(bU
z(m&n;Flif=OTLD$CN4%vt0m|eZqrPQ!upsk1kx|}#psy-AWK}*^wWUJMbn8iJDKNc
zFB*x-wlgDn93oCeh&4Dy1`RR3<l*3XD|&+m1qc1+ab__F8|7rWO7kKpuRe>LJ^`w>
z(!Jf>_Wms}v)CMYe^gzrio5Q~DV%2P1#5phjylx~eU<|vc<V_BVj#Gnj(?D>9qx>?
zEKW$KTwgW-`e*g<CkXT81k^_4&k$YDkj}>Q9<~r3nsS#1KwHJ?%$WcuKcj?)J&K~6
z@ZZ8`4;dJJE04p;`JtRZs&k0!eAEfTguUJw{0}zr!ePp6!a?dvlt<~WpjlnWTW$)c
zQ=}@QjL@BHUdCXphlW_y!nPNfjnHyT%DAa+FKPm*nPwwFQ_T%7v%WH@zvNg@n@Kkj
z#PkO!y8goLS&`2kw2b>*>>dRE#)8GXc!&Mfw#-jF-aQ4@bZ$~{TT$Dx4l6J+JK9)P
za=o|J1+{)XG-$FH!$g!f+*0^h*n15p&MLMJ*)-5~R}~14uqp*!ZGI|(rl3}LaBRgn
z@`8KbyuRX#+3u2KOA=;DX2ZGnA7qM_sSW{Wsy$?GZ&9^Eso$*x*4m5gYSXVj8(F#R
zp7Bq(AemO>4{;bQU}b82HmGK|p_mNL#>Mb&+8suJR^ja}knt^*1VxFbgTkxK$R@YR
z(b4Bh;3709tFCB2Q@ntlwM$IE>hW{wr4S2ehVsZBG~K<;*2mIq88z1CqjAu<%Yh-X
z1`_j&dljmdC}gCpi#LIpJib%enHg$hfo;`CQXRKpQ0AO28I5y~E4nOg`(}_i9d;-p
zL2g}0KjD9Gu7smwCgS1VpyA5E7&&{R)bBC{>1#QQn{oC{9s6S7!2X>T9U!Adu*aQE
zKkCOf42$Ay9yT!OFdEz-zPNh!eI(7gGlcW!g;3z;{gR@&YI>$qG+m6`sOi^<r#d#}
z^iD)P`18-S`!Q*uF9OHX5;8o&K^eBR&@oYp)|-PE=3@?%i68f;tDq@6s_wXyHhG5A
zCEn`q;8KR%p?BW6=2YBVGd6^gfBg@lB<75-b}ODU7=ZO=&Q*9-yvB^4l2RI>80=H?
zN5?g$b7##yi_EhGSb^H3hR^|G><T5`wXiO}@1N{$+CcbLFR-zXaOT={+e}C8{MO&J
z<7?!#lyzq<r;YaiW-O79b_)=M7ewd=-g2)d?S87O+#DVwXQk%htb(HPaciUz&I86K
z?Zn=L=6kB%K}wElCEku{0dMw;bzi{6;gs?Bw13Z@<hmfwQk%<+O@^nkPJ1)?6qxUH
zcD_Ll<Q#S^hO2K<su@vsvjcY(;Va8B=1IC5er2^ECmUr?2HE5IDBpBRTS~7vkia2{
zRZ(l<^2Y=NbXj}~IqQ^>oRPXZ`?*1Ebcf+@zBog+n-k97x~^B%&yu20bAsW<S1^SN
z&>us~RMxo7(CEGSm8->c(<L7{#PY7xXPQsRHM6EH!;&Y++u=$+kn3LQPj+-#3S*|(
z$(^fe^`*{b`f(Vu3bki6pJg|5-Gya>)ZL=}v)S8=8}6XXyJZ1i#T|EUlQyM^77jxC
z$W@63>$J3F?OEL+HcS!JVpWw)wVdr(1TjU~1`{jJmbmzv)IWWYtSeS3Ho<$DYPpTo
z*9NkAVa~7L<u*uWW{Sk!Z*BX4d_=Ie?a!1M?r~<?NadH^`CYOWwq^U$&SL<!osb91
zrF*3sW8E4lQ(0uI_Crm!v3P+4YtOdY>OfAUzl(>>qn`U)g5-7?(Pa3;QkeKQicq9s
zbBkK6E4KlTFjIiiT4ZG3+l^vFMxWq)o-T)>wuE_@o<DJm(1o{(EANo?Kk&FAYmEzf
z5r6)9x=JMXt*pu7?205s;3QBLS%N%Pbg$dp+5MMqDN(VJ^=Ua}&u0*6^o9fuwNrZ>
zVBWAGu^FYFPt8mhpcxKR@wHSVy_=yq^QW&Q2A_2xir<;vVRd>Ew`1@h1W$B7LaJ%Y
zY(-12qC^@Qp#QM^eB)+e2u;$wrKNRvJI%b(5$%<jD>{3i$EzkF{&^-bxrNxv6I`za
zQ_*|Kelj^LigB&(jMHFc+Mm<XDi`;Q?bRTh$)BU!5oXDocrB3OX=?=~b>;u@N>v@@
zTKuA}&E)RQ;4VNX1PE}y<RoC0i}&G_lOJZYEN-U!AxtyV<@zWy7%Nvphk9$Wh82vv
zhycvCvx@~H<WW(~6^NJ2IBlmOipljYq2tbebBp9Tqt+@2Kx&NGoylBQGAd4&{ReT`
z%IGwwEI@XVNmDhxj|d`{rsAQ#MN+cCxu#2=)aBgSH+gi^k8O5>r%)Df%*CCpjT)tz
zE{i=U!+DBrFD>6iRF=`HcVt=iZdUnNrob}E&J+KFTZYh62K}g{Q@w+sc9=A8H9@VW
zC|kWVlH@gShNu0}-OTCGVjac~f9*ygxc3VxqEesgm8ktYZQ1G_bP%J-r_6e&8b92B
zQI?{~xBr*T@Qimx_CZ^XMZEJf$ef73exB(c^^nT=qowO=+Q!mBFWQHCBK$AE3YO~E
z0mZe{aF9FYqJ)aF-!R6|^_3U#1XLDt0g?(fQ<T>2mMR5MtrkfmJ+*hGAqZ-Lmv$D}
zJ-%(x5kBuvU#Xg0hOJkn1@zqQC@Nw;UDQcdm0TPW$}nHiJAH-I@-RSKh+fjp(F^R^
z<3iOO^hrz7vd8!f+RQ{Ob!f4z>s)wW68K)dICBBrHnNZp)1=7PHi}TD^G+wZrxBbO
z4s!%u@ZUPR>R+^0ilYx^=I%XXs|_!B;Kp%Orl|0_NwhtWGBKx&m%_BgO<V7A>>ZBh
z72$1nwrJn8mpZ?)YU7P3@1+P1l`<x|Up6987@nac`c$5Ym?QmOKM__aMSiJUtRk0C
zxF<DH#<7BSxKlMS<w}OtmR=U*jjE}Ir}C-Wg@2XQ{$|V-3XX!G8X!vM@`xEyUfRj<
z_mr#_y9o1_MSp8=P;MCE`nj!?75p6geaXxga1Y?pa#K~Fdn}_3GYw?KnbcZR42F*S
zw!pG{_fk-@-%1X`+t81uNJCeUZ0fI+>E~_u%HNynOYa6&6LE*cpmN$h5SScXJO2or
zpZXU(Ev+&y8^oN*9*)?Aj?2K~PyK!UIt@)zC!ASU_n;~CB6oH8Q>R%_BJr{Yrl!ZT
z=VajN0Dls=yWWXzIcFnZiEly-S-g#)?~nU*+|jc3^2C2_z&|K?aDoR!Pa6l<Ym<QV
z3A)k<1in=1=F6b^#p~Q=yt=g|XJ-`Q6S1DUBN?5miLGlgKt#b=SiGCzr*0=})2S7K
zYv8vz-x%K7K5IVD*}9cHRl)>xZv`)lcVpbH)Ia?_zGU+C)7$K3zYzrQU|54Xk%xl;
zK3DK*5O!^}r&~O!?YC)65RV-r<Ye!Od^82mM5-qqr0!jqV6JVvvE^90*gdjx;#(hW
z`&EBOne*UNOX+UgJ^O(+jp73CM#C?HBtG7tOpzcHvgh==vC61Jod#VqX1zr4l`}$+
z2H1#ZrZTC%jHVJWovYoSb?Y!1pQO%HhQ>EYmOcPmT>7dd_Bn=6J<Avd4J`^HE36wf
zx$bftq%XnSd<zb69Q!|rg*7Tn{F4ji80tPrvfW_JN*{H&cW6v*?LO+j3=)|MTUp1K
zd{w@Vtr>-GwK<bwl~e{`^b0=Y0D>XgS}`$phA$KR&2>-y71y{3n5<QShscVe=RZi<
zzo;ohwisxj>CFUxFwDs;a6jS|s7;x|R?@BnoiePLz``x^PD}m{=Vx_d;?R_p^v}R)
z-9z`Tj<3R|Nxk=9U5#;F{2%ZHYft@2-l}n!B*u}iG$-66X~znp(Lwz%dF~jn4rT_l
zoy;CUHB>{E^9?A3h?|<G80IA9DTgmg=8E*eGF=%M4U>ybBWxQUWcsBA{%ztA#x@3Z
zuxsxI?_bgVX0`bO#f%MZ3PN^WGN%-ir61m?Juq{axKh{#P@|TD=n5vIMpUewXv()l
z&m<{=0VTB_i@`erb&3@GqS<+Ld7#L~1@%o`53f&f(N_wMRdyrg?ylo2akcvitVU{r
z`tuopl6rjApftk<laRXuZZ$lKH@ZaePtGSk<umU)uJV%lwWmrm*dFg6v}M;6><dv^
zE9;++eDUxP%(r#>lx|tA@u3u7&`PuMTRJ56ktgmDIcE}|4cnslx9`#S+Fc2YAhOp=
zR5^#wmV2=K*1JCVS9;PV!T80O7T|B__F@i<E5#J&!m;rmj5jWeOo8T@I*@xxw5+q{
z_Ojb6&<r)o5Q2@XeSQG$7(of9uRgw>tNm_T2AW!%232KmTGk0&xIxy0j3|;-0<z_h
zc#08_61^Ds&fU03%C0>Z&PiDgup_#uJu6S0Y+J{OPb=V?q_#$p`+z0FIsRHGF$W{v
z5$&e_I#=5hvh?T~h<BJ+np(HOO#3Qs&s8k-+qvW36Sv<mz!1^F3RAte%4wQ}ToD3-
zWr~fp5e2+vWf}9!t}CijfQ1S}OtR~Gb`1&u4hdgC3Y)v(aWI>uN?paOS{U{TX$$~`
zm?Qu8{EMCL!%vj$^$%yufyn4&3DR0#Pj=rk({Op&+ZAg<dk%z56$Vwdp32VLC(ArE
z9CqhmJ>G>mFLD>$c}vGym%G=AV$+AMID%#QB_O^!O!u2~AslZbDPjxmDSVRbvo4P{
z`*vQlNis?^+k=ks%_N|d99edS@gpZ}RJ}S)tiiOH*Vgtc>@Tq%eGUykG6xV82+Bs$
z28@USZTeW-zezCH!aFA#9of(&R;>|{#d+p-h7$WKI_!l++7r+`b0#he%zR+qv^trm
z@%x}TlGy)qqvyP{1NP<&p4ogr2NN@P2Dp@z<r|G&KnH|aAvRD&^vkk60VG7qp>D2I
z(uXPSPO?tMOtmr{gcT%2?;m^h*)o>>n_nMf`>{tWfdEn=6`c2VeP83%Bw<27>F)B)
z8?a<&$L);LQHgyV2VVfO&puu*C6)#F{K)>dO8EXO0=&^Lo=8@OWego%ja^q<E073v
z#W!BR^}W|aN@6{l`oy8_N-`+^{C0FX*Yn8x@p(X#u=kTXII-Mr(mz8`bcF2vaS{8C
zTbtX}{~!e5sSIcTT_>A}rhBi<vNj#z6(LpFYv<GIhW;BcL9i}$edDW^3|=~>F8)uk
zuB~mee(wJr$mVz}yO<1Op7reS441p7#y<WAvd%{V)dU+-ERxN>reG>_(C_G!%<rgk
z(BuelWYgK2$kXn!olME?W>O_3t2bNcvx^Sk`Ryxm9Wor@y8evlt})Z?b)4VYm*pjv
zj$95a8s9mZwidTbDBS&YF?+tp+Y*v>;qqqxkK3i|7-nT`BG3RPpe$IHBGu7xUL~_-
z87T;j^iD#1a=C7A&&zkY2}W|M$&@owRjfM3ZY)PpIZZmyxcpvR>5o^_DpX*dso1Ez
z`3Xh}Ir@jORP7BJ3meyBW<s75g*T$>z!b^H-m6%unz_LZH(~zdh!IqpUxP@$l|lF`
z<?1sP^4d1PkAAuN<~mR@m(?NiWgDA20woA%HJ)kR_b12!>W(Lau(+SxdA&QZ`yuEk
zINNR=juO_*%)ngS$!P0>x}4ICG5+mB4@J-kjF{JlBD~>=g(n-%TP^Cq<FWU}l+Vnx
z$X(I*L%?uK9X(De9@JCq!aThkmYZb8>H!hHytn?LPY)B5Wu?EZw_fxxzNH5$l12hA
zgP^&P2tqQ@antb2y4!kYEoG54O)lGll@{_$Rfh%4xfhtM;SNNg>5?QfnaY$43)0xo
zs&q8Aki-*JZOJWh62x=P3XWWa<*O35*%jiFfT8@WI#JrTw5a%20eoEABoc$!J`KOH
zM9Y^4Knrv;iEIAx5sj$TfQ_IBT|MdkuVGcFFxt#w{9-ES>d^;zlxuh*2;d^6huG`B
zBBQj3)lo0lV82_SJK;!iOog8*=Nr+FuBG582)*eVQ^o%xh^l{N+ysSFpMW|o)+B2i
z^Y-q<bI=(WbVnQdAbIA$?L@Jo(m@w#FK~TAmaR$vn%WAQ?K`LVSu_3MI0A=Q`Toj*
z%l>-q3aw-Jw>ZVq4}JPFdo*;(aa`iq{?o)}paYS2#rtAbNVRiaFdBV#@<pB5Fgi}M
zo<FSSHbTkOHLG)Sg!CDoBI%y{u&QoQ+gQj-0xT_sX_lVl=v`Jad*Me)>a5NUm}LS*
zzbxh%?ttpeD%;gU3yJXa@H-YmyEi+WwD*UwNh-$DN~DL59Gfx0<T)`uyw*0d?(x3f
zM-Y4ly&upbvR1mC1y%$8a>fsX`Z8Nv`m7}r_GCrOy6y%nyX{PYlMcecyob+pm~L;0
z7rK|r(;YsrF7WCPn(ShQ(8*oZc|Gy+P_=Ylu|y~zWZ}r@uW>%nqfwS^J)$Q*K`r%r
zou>udhl0?@oA12c{hlF(8E@K-_j#OtEF6As<43O65O2<y^^wac>H5XaQ83@bvX<1T
z3GbDd$3sIA!)ZAWVysavZ-?Y?aX!Al*-1;=2^hyZrA#zmwh<~r@~j-jgu_zS5|fAe
zU+eU5(;?8RM&bQ&KOtTcMcm@7uHhW{OZqCav#M5@4nK_7$yus<Ot>RCG!X@bI2<a|
z;2)BzXA~Qo`E|IBHajH2<`W)9kA~6v#SD@XINLfZnUvN4Y`r;2;crtRej!ds?aQQN
zB4u#9ZYA7;(;)UXwpXhn&IUo+Ba(@aO>(a`3*D8VZp#g$f{lUln`0K}N}y?)UsK0=
z03*?w+=ygIgItBNZZWZ?tOsyt4mrO}vFe8lqC{X6H;c*wBp`%0=<tkbzER5LJB^#7
z{6TYaZiz`iHilbCO=eTuUF-;XM~9?Aenr{-6rf%!ly;vT!o+sC!kJV;<y`L!ww<4;
zqYU|iuf)XO2omn*woooD!Ki6HMJNV?T8dri4zYW($?&oadnfphkVcWh;yri2@(>QA
znfqJ*PP#F0N=pMrvK93ANN@tfT^8Q#N8*^Q#d=UNl)<AsoC8WGzI9ln^^@6B_*B+S
z5B#7Z`f2-%K9IDx!fs?L@&*`nirQXAAdtysf9@A)PNcHxs<((+{f1H4jZ~h1Fcz29
z=uW~<bt>ohSlL#Qg&%<NEZxt(?=G{RTQV$E5#?j7&@~Bhb+eY%JwCJYOHymjk>G6(
zA9P!#Baf<dy)COhNAaNF7Vk+vbvw5y2iDnVPO7fhS;jo&?(ou^8JGa7p`*jJkY{Dv
zMWSrrWFZ&P>oyXg-jt5X*|4zNUkYdg3vRNSTNO57xoM!!r{dhC^k%5%#Z5|P2OD@~
z)%IUi4?Mj9-XcCL8c)x0S9Q<|OorK5Gh}HAy2pt^Ldpd7q&i1?nF~W}1%cU_DUx~O
z3*Ge>HQ<zv8f|7fGzV{W34pkX{gSF9eQ(@k`$n-T3e?m5I#emt#lB)}19sM?;{>#2
zW^DxD&k)OQ>cmbk!Z7K7TWH;?c$S?pW3H6JJUSvXIZs4T=Vbputa=W92{lIhd&=DQ
zLSi^G1YeGu9N_TDF;H8{ELk4a4xGTYm*1(%EGw)!Sc`jGBu~k#xR1Io?`%)#e9LlB
z1*R)D^TfmHhj*C8DsFb0IA^1C@Psg)G3c8n`5vxS+Xgl2Ea|~H@{lpBwA7FPCdWMM
z?9;i|KjoiK%X-&;CN_<(YYAwJSRvMTT))`g%XL1>N9)&bM`3Y{6H2c&jX_bHI~!Wx
zK&5Y7_W6)29%*ATDj2J7j6V56r{HgUOov<C<}*S?jDvM&u=Hy2x~5wi<`|1U!p_^U
zEb4q-FraP=iW9~g0K^y=E}VUW46(T)nS*)(gxhFSh4qYtz3IyDl%uLbB~j3ZTs9EF
zR$>NjAxqg6%dlpb96O6uvFe*}<tiVl!N6r6#P1!$83waTyR(Yy6Nh-m&k`UODm){O
zr;?b9=<cWKPoWvYBWoHr!BC!sDlOFL*u)ZaEaxDeQ@t*JIf)Kj7J_r!$?&KdbvMr*
zK7FAIa2YSC)70=-sa`=)Ksrm_23a#1DxfwdTpk#vkNk{ySWZ2H^HZu!6Gmwx;GcMw
zCvO!fjcb3B%d8#R0I_%anT2O)RpVSgrXA<k5l)(>+wEWtx+NINA)hy-l@YVbFm)X+
zjt%uUDEXO@>zIog6bMi}elV}Y0-hZzt{UJGGtoG)PmkmEiieRB<)^^Ov6J^SrAlYi
z+d8|BGvnQTRq4s^LMWV=4}#3LfpUrb>oGTtGRIcZ`WFv8Y*4?qH51mUjVjHL9@i9}
z?`dX!FGW8kC5Q^zi%?`aVl#t^eIbnvIINtflHe{jytf;Um)2Dkl@a8#`DcK(P+@hk
zEnQP)A)seG2@OhXJ<eJ3bTsetXM<X4$*ankHT+_T&R%!C)+*P>q(ORLsYRgag9neJ
zrwCdJerf4}2a}7u;9o#KDPZy|in3{s!W3urbNymU?anm2JU1hBZnrc}9(c;Oh{<Xy
zlt}jtlnhXo-E7Ls_JhrNQxsuN6__L&pZ=j$7Vl0{IWx0I<}y7v1TJB@&Id@7AFtuL
z0$FE(N-3b6M%&stwU6{}3V%?R#iG7^5#6_JCs+CW^F*^Ve|BbOzZ*eubY&%xw?_Pz
z(9_l_S<KoqvmaAI)c&yOA)1WoQ|UZb7fUC-LRswQqhT>1JF+AK$x>$pB{+QC-#nGE
z_0()%&+wFQwV%)6(P8Z4gd0-}QZx2PFnv}lUSWpi&jy}(A_qu|S0Y90n6;g-S$oAK
za$PU$iXN`A$M0*a6(df{K*&WKx>c4I(5p2H;<LbCfoq?*Hc5J6jSl(2h{lLsEh;C~
zho!Ul8|*6~+Jo&ociY10c5weH_H~AFY?7=<X$(ky_){hl5%juj6P@BprbBrTMSFUp
z)Q2K|s1g2PsFm(^ET%YMPt%1y!d2I)tmwgy^^!F2$-DWHB2nM&^`wS>9VuYSak9;0
z3KlKS;3j<~>Va+KJMv)N8o{QS(7Sk6!TSld9+)qWFE>;`*EyxFDw)4W?wb5r=A-<J
zTRm-I*{KApv`C;=iBw4~k@K_rlo-X7fF(xN_KCv8o+p$dkF)IodjgigUr%bb8|{MV
zub1HTBH6cVimE)eaHh}YU(f5m$J((LRm9r9>rn?|uG;5`9NM+kL{y!ve2t|D<jmV%
z8r>IeN<Uy?S`3rUD02nU5&gP0M@(P1aqr1^=R(RCiDyBq!`twst_Yw&;zS!-H_M(P
zab|VbTUW`7*ROL0WRCI=Wrxm%*{m?)Y4en`7RLeI@t5g=)m{@_xWvbt+(r7d`tXJ0
z>sw$y{1HFqWEt6Gy%usSPN%XDl%j#DD_5*1&KQ;J=4;C!$_w=&=ilbhF<x$?C<me|
zHTsq>T`VU4($#<b<410BHvND72N~VW>UQ|sJudq-C_d<K))HEh6L3grfr2D|=yJU;
zuG`)GlAE)9sMp|sq=P!47qXfELE^qHpIoQ^2Wd{dF>Sc!xfHw!xOI=W0mnJrODq?`
zx6_Ek`VN@a&cu|TkAIw0XZgvR<T0q`Z8#%NjBacyZU+J4b<5gXFK&ic3me+KJ0&h7
z%lhTfrr*)Y3PPBN6=~Ke-WG6aD!3BJc~~<9-6(7OwWK$JW{s37V6iV)t@nWg?~z|x
z%Yay4YV6j^xo=F&Gpc#ACS+>!kT}(SJ;{Ml{z9$*3EqLt9j_27cVlw;Q6~fP3I4Y3
zPtjGrhZN5V>sq%zs=R6|s7;w(N_@~ZvHY&{J;y<gp%W9?*({idKOfa9)hq?WX7891
zONV357ySQOs+*ULl%_nhnqGV(<``G=b(CTpwgw~?y+iAazU{vVXf!iRNlvF~jJaG#
zX)bWVeFyMR=c5niYEy>UkZu|CZ-tj^%n8AZhI%Xvk6}(^>2GI`uQI69E%E|UwQU%c
zP^_1wbjzm9gPE;yeL9?s*q6OaT)}DeK&(AV&G>szUp5V#@6%OVE7|@|?imIwG&;%{
zVXw0~f%@}RF;IJxS!6#AJyUK>ZYCE5X=+w&#N1w8jmzIo(SL%Y1sEv9rJK73g@P1m
z^I3VGm4N{)<~a+SF@U8$3;<~m6A6iWC~z5JEsTIP$|zwHe2b6=)aB?@^fK(<4EI}4
z=l~Kb;;|>-rk-U8<oD3u2!qVXoci)#ij^~Odr#BaYEyCTucjv{oBxclLKKPRzu!Wd
zsx$-3VE967;6(aYNg)!oPGzjNXug?WasEpn)=s4T_7fq5<I!tPwY3a^Lduw*XaxgU
z->>5bZA?K+bQurY((x-3LddTQLREg&Rq@^<5r0szC2?#`L)S8D^wHz_GRi!d3rio+
zN@{H}Ml#X*+f~_Lp`HI1`=E7)GUnfrAdNM%?HgcmpO6xT_<tL;!5~d-bdD@YgRr6=
zUleibn?W6)mfBmgYWjHC=rPITUGf6qvxJ6+PNpFpjh`lPSwDk-buR}|q6ZlZy%7m_
z>dTkNgie!yJm>{hIRKRorB{BuaRYs~FuIbIRw+%f8Z54hBJL(gNuiFB#Vn&mjsP%D
zN0g+P*<wTO^*1PbUXzPW6Z4k=zDUx{g$5t_2{1*DeMA?WkDC{syTAEvDX}p4rlXO!
zzU*<?#>F1Ebp0>IgO^bIA{gzbOI#ac=y!!te`-)ybL_qZ%{mYknQE2CfQwsEosIW_
zaN28VXsQF4k!qKS7yczy_r@63stA8nrJ23=rLvf-T{a^)y#yCXnzz3?JOvb$SM>0i
zCI#rD@joXVs3a*0J0s)j@5q*!J|4I#gTFmlPMB3}oMvw3st2i372|8V=bJ@PUkUTD
z9OUyal!kpy5m7o~(@c+2w6y@PM9g-MxK66C3bWNZ14$CJ_aiT$qm~aLk}P+av!Tm2
zke{01zW~Q;o}WC^*agnxszl-mhx9?XgwwpdmV1~|UU|U@zVM076H9A3<7KoRgmbpe
zFxU3n2;O~6(QY11fNe`v{-|knilp+}+r~#z%}rQbrMi0lSTJwAj5XR~dxx5S&94=D
zCeXd5g;BOekzBk_h<_ckDgxUx5<LN(<#^g=`z0$kCR<pQcXBg}pwmP>ZcSbiSoNw0
z*ikp@FNcqMlEYJf19CUVUoBzpjwXK%kbQR{Jv`ir?N>QgrI+dNGams&&AZ*}K}fRN
zOR}Km&LbE1bLre$qbv>U6q$spw(a>`!Qwvw6HyoHiMyloJcoY+CI775aCGyej{==^
zG)79giXNX4^P|0EDIOVR%rlVHd3GfjdqGAUJwNOhWEIHyr+eq0f`|hkNT;g@(l>LK
zalRBd3wI#xC&%M5iRb<%0xaTLuyH}G>nM8SyItYFRoM)f<XD&0>!MY<?Gyv(pvARv
zLbH@FQ>%X(vi-6G#5KR2Q#jrdFYu2G5~Oa;Gu@zm@pRNsTl6&Jy}#<n>Oe1MdAA2h
zS`Q0g)s}r3{4;mEqbMYkEFkvip|5@3*ml@9ENR_VG|F2G2&i&?g~FvGDY;0DRmD2I
z<@>!@uY*%~)K`=|887P(X>7R=nJg->x<<53yF^C<p2r<a@UXw6&<|%x;f^?06`OSO
z_R6M9c0+5C%*7p#vbnzfH2*`D0kb^tr$1B?ZRGhH%=fv_v7hp@I7OE|L7+Fy8Z2Kw
zO<^cRynRB{_uwrqA|oE}pRQ;Kx!g?G3W-m$e63r%GJvTQ0_RtjbO%)LLsu!I>%}(*
z$L`JcA&5hu1=%{TtIS0T_vFKv1MisY9X%#sLh@pj2{d@eiU_btq!A#r6(SwkNv28G
z)twTzoe0}Cjw~Q>h6u{zt!Qmb!V5u({~!h7lg>B-XKc-SR+6m#OfQCW)rj;!Ta3-|
zClOE9%ZSpHV~3_+UwSXuL4~813`&XN7$I|6v_u$}yjmKeG+@lLSbv=tAx%j_dP}e`
ztb|of{pNQrf>;rMc-LS`!Bf5U{!%ClDlMmC7lqH&O>kJw!EJJYkMd3;e7ps+lAZ)%
zbJBObN%c2<VR78_!wf{=Z-3`FF4_u0{Y6(Ba}kw5gc2+ew3=A4n5J8ZDqv2)RHTQX
zNa!Y+U#6vkS>@+r@0A$)%fsuWhrG-T|C0N08y>Giu;SREel-EBJOFS*(-v}gfv^f+
zf%9yOZH~I%3X}BPlJoQaKN-=ArF7Akg8_wlalbriHW^*pjXRqo<AF#f7gYX0uRDWq
zT1GEg@%`gd9vW=igevBAnFF#iHEg3(P|fQc=ckNHUZzTYFb94WtX8zd??Ycb>&juI
z$j4fSq$=iQK@Y}hem-8lB7t<jtT;vDXYX9&f-^q!+0$cUZo}|GZ2grh$iW@%s~HRB
znc*{Fn7Q4f6(9*$4mNsVFYcE%N?|Gy4D0*cXCQMxoOyWVhIh(s6IxzzvjYitIZ8_&
zI+dTm#Fn7U6Gr#B6P0y5WPX!?rO$K(Gsy*qVU-O+gk^UbLW@6JRPw{}Xg6`_u%<sj
zjRW^p;LGxKv_1t`_G@ResGZd^K%hCB+bJ;O<YtqJ*=`6l56!4gm&npMmcXjYoAEjK
zRRr8|qTGRDQaXfCC}2(`6Y?-l=*_l~*o2@5DR>a})V_7r`LMvATgce;#|wW)KU5lK
zB^$fPS7s@W0f1}nJKUCzsS!>b|E<7bwjHL<mb!4jBe)}mo)kVpSqI`(G~`qOi=X>;
zqGapy!e9JbQI_<Wtj7~x#61BPFKX}8D2t#ajXUQ^rA?=Gp6}kQPWGQC$dTf4?<dW`
z5y`2y91N;A++2@d*QT~COwc8|CPzRzjtSov`K>0VY~VPg_u~`1yyUHq&M{ov2!V?)
zw|E8NLSvdw9KyGs(|2i0wLPqSk(kvvH-&5V`&gJ_>C{uNx-cbhYtxje*K9se<pob+
z$_`3V#VY|awD9SpwSnuCC#Qewu_q_r;|emnub^QB{iz6NU5*Klh==>TDaR;I8e+DN
z9Nxyk_aZ4fJJ047<jGTUhq8^v&x725A|LjLj)`rhCUVmICB`kjjYyy$%4336B_M$<
z2qR2?m?kPD`#RP{V)v#mJ&7sH?z|vol}6aR>6n1lfn+SA%w`7Unj6H^fA?X)z@r9@
zLI3$pPYb)AjVRumK+}mCWg54Yf$9$Ww4eB0EZwS)F=bVKYRl*ox`QPXg}`4HZ=tCz
zJlx~Z1QP1L{c+UE6?i519fNGz{M27>Ah}ZE7HYmYk(AQd{!3rx2rw~cWaw9Xca%G&
z(<B$6zu6nb^t8UJHp>m6>r-++b!ONIx`!*BaL&B3A7cN>y@S$^;7NqbB?5W~v894N
z&$VLcD(lCI*kr<@vAp9~t)K3E7=raf<(1Zc>Qor2hW@HA8n1Qq%@^oee^fEGgRn?y
z`!ZG@iS`#h!1sAZUOjVt?Db}ahgluvG86%^@%>P1LkJcMv7wyCG_KJDWbMlky8C<B
z9r_)hkEy>Iz(+EyV?%X&jFy4vVm-85+yfE!XDgf)yRT_M-gPW0o!`?dJ<fnqe^qr+
zT#7fXImQYTTXXZ>u@{<U<~JQDR#Y&e6Df_Fvp(&28<;&PpOS6;UifSBqvexucC;VP
z&wy9&J#^l0dLL5$>L(Q_u3HFl59b*FHeF7z=12(h;rFXp4_k5A(vKVGe){dCdJTwo
zPPRy;sH0<cQ8j~-l6AH3xdrS&u9`l9|Gvb7tmVA_`5B^8p;EQ^<Q5iZtqtbc;(ju>
z3*MP7+eUe%BiZw)40vc|yX#cfVIwmp4U8BFJkO^EFkCga^s+(`ijswNuuZkkdRnD7
z@P=Fc_bseqYRzX>nC$A?-9#p;2whjSKK;<(N3DWf*Tcm+X1LM4EL-V`Ci(zH^Frgh
zgP?HL+)msJ59QHSZ#x`n;*{I3HYV%pzcItAdXVcV+q%GEqmlo!cx|~Hf9{*u``i_W
zsNtNhgy^{l1javvQvgvx|4KsFZAFTV0x)K%Z~;1LoQHZv)#$V!w0hC*y{M^Nlyog+
zI*El;vdUmJn$d?$S-zF4bT;=$N!T);PEXgxsB^v^AqvZ(C>a0uXjh*G16{?dOR~Cw
z>^5qR%7(tr*-mD~_(0zgev@}*HJhb%Wa$tm#Y-j8cr&;5XUN-4;hQNcpd%*64o`df
zn?ieSGQ=qVOLCh~;GFq0g{m-+V`p;qM!H1(Z16r8X4Pk=RBQe#bIajMm*vZyZE$<A
zoFMOicLApPeioDIORzj-9nYomh{xZ;%5q>o!&4J=+>gE|>CykNSPA@bHA?WXnmsVM
zMJ`j))2vg?9%!K)W~|=+P_nbO$5d9>Ck7Z;W!dGr*92y*u{(ruXWL4Tb97d20+0s2
zg7J@bl4~basMPALPtFo{?^W!_^w5NQ@cx=%ya~y~p9h-k?p25F`xp2czYJuMwzU1v
zBt8QIiuL{Xt_Rr+G6%MUW@4HW(;%2Gra*u=<>q!;W91IB2g^xJ@Y8pbj2Pe4dk%Y^
z`Kz`=viH7NskcT+Fal(%(2vdH^G=xwe~_mIf#;$^{>{|wQ%@|~vYTUhH%0{=kfr#8
zBCn&4L@}D=SMz<^vUu0;3?nZ+plkG6Wu-nPt3t<DE-yU^TFmeNE=v6ryN=_pr3Gjw
z*G!eWxDusk;p^;*s2Rpd!=%pxm@#dMFn?x~ZF{Y<o9}iuaz$x{2xhjS4J#qZi@B>(
z04n7a`OXwoJy;!mzLSwH-yPrqf}y>4`%$yXzX`C)^udr@q1Roy&njfC#D7V{aa>^3
zgr24y8&PpgATYYwtLRP=nGHPQBC?9mVXWD_S|ly=_Kel&agqxCRXXcB?x${2TJ&JW
z8(WkxTiXe|6E!?n>~X4{Po)Bx(l~SBYjCyNo^Q}Vq{=a`o%w3-c7KA#0R1OZxvFm=
z2>xEt0m+Qs5=G#TQvQ;GJ5BYL#MWH2uPZ=Dae%RbgMnUj-<xckGfHvb$ens8!%QUM
zPvi|Qpr2-bYN=qgh$6MY=LC$ORq?$%pnli384*6MvE-_CIG?y8d}<2lytP_RUg0Eg
zS6vmD$C-y|Ome3@I<N;t#J9{J?+qMLifBYdAyD*x<+u`pMS{M%dCc_oc^eQvRoWl1
z+sw+Pk;+ukB3;LcQlQ#KYD0-gQF)*epaU^F|HPKvvp62vBCW>$ksRB?Q7CvLk`OPZ
z(VB++-Fr5v;Jok-pMw5%-=t46g5>;DVo>JjoUAGJug9}WIJ7e(#NjqiB9w!b2)H#$
z%%IH!)P%&dxuK(S|3RGU%HoiXS+ra9)WZI?xr=WH3&j~kRVYu1K&MWSk4k%JlKc*@
z`hGt*FHNUvtESvc2~aZK2SQCcWeFYVPj`<6bY{CaanmrIT_&03jsZ(G>nMnrI&asm
zlM$PK-nDRdA}GDYz)4qX*lB9)+5F^r_m<4EM~vIV;g%J$^{r8LJgal>rSVO5VeKWc
z0<D>S3VvS2c6?#q_VMX^y?UF|#jQRH;ln&%{ui@0PiB`ROi$+zy8F9P-G9_i90Di6
z!o9(*)Z=GMen;2KR**5t=#ZhR=`DBUp*Ol){8IK8>&HJ;mr}3Y{)6bTzPydPl?Fp>
z3fG3Gi{`brrWe0E<6Y@;eSb%-F5z_*hB)+?RMU<lZ=IiQbc6StasFMhrqL7Kzq?W|
zWUVi5s!yE3i>sY9{9<BDy1Qd(^x_a@;f`w`;t&yfe$i2%TX7ahyL~PD<+$2Zmefer
z|L?6c?G_NVJ!y)D(yJuV8pBCtx%Dqr|6F@}lWvZ45x$uZlzB0H+Bv@gp&-MqsNAZ?
z2V7J$*54^(%hYHS=_9yJ^RH0~g8QEE+_;WKjB@4de9lR=%uX+)5tnxyD6Zvj$_pQZ
zj}SII@|dP2KJ#P}_fhLG2H%2nV7eZ|3nVIk#Pbe*hvPu}kiY`uPmX>5<Tl)-i^2H$
zAZcpKYHb_=RwL`i6@vXTvBj}N0)Kg&bpQ_eIh}~!u>>;fWf>hTs11+QdF^0ODk^qd
zmAR-PYKzL)>`(!KSCy{^+eK2QC~$oN`?j01@{w#9>IVc(PRJ|XCxBR*#<wlAILPr+
zk0zHmRdsT+k#2@6l>Lj891lhwfcNgZIa9LK3|VOt4iqTAXiku4IgU2t4t&X~vA_Y)
zAMj)^sy1Ad#=e9vvqLKtLVSb$wQD^m_*)*|B(@HR1yhs7MgR&+(&6C%AeFwuUovol
zew{f@6R5@w_eS5_Qoj$fA~Cc77xGg6=y+z;Bm_m~NPPwcxx02?=uJ8}ne@C3^yrAV
z6rP$t;(;7)792?Du{0<*O8VacYE?qJJ5R+b8YmQ+I<zZA7G{#a|B5bMrb-56ldH2H
zuCXN_&U3HJ!q-Lm$-kT))TLV@!1+BLA_F!{39x#Px5Ey4cOvDp3^Oon6~ebnRANco
zTtv!^DLHeAuRn!R3PPq82WH+jvekW>uymW^-Rt@EG}P;tt<u~ZNjnE}jo^t&O$!Y?
zFy?CWl-rCkwT|!UY{}P>5?5>iDq~1L^J~9mR&QdXkneY{peKi3IQRU6b$-;w{swbt
zl=48V6pl4&Tns`Y$WQYxVE)W6n7?$tin}q6eQ6(T&LgkwR&@Ho@R+#5i?)iTNr3wg
zW`XsdlRi!CXNtf|#1amwZ;^-o)l%u&bG3tPy0Sp4ZAqaZKglgp2BoHnr?#*Us9+og
zGiY>Y+(6P)8%gqp>)$5Y2(zxEg9Vlu&cP4BII&bsX@ZS0IM&}p&dq=8^c1_){|3((
zTmxSMU@8Rq>>paxV}-A%(o|Lt5~RKiT+26b2t-1g_suE?7T~Ugutf`iFB_74T>;}4
z0oTEve*N#3jLQjtRvR?tLZd2?Q3MTo>*YX{q+pvi-WX24U^|Zd)RF?!MnVq^7U=*Y
z<s$QZ99aYt$6W&ECdZ{%KFWWyY>B_3Pr$xCoFJv7`b-rtP`$P8USK&5*3L==zFH>#
zK2i@R(Ha%@$fH5*75pEh@S6?LYTE+J=3gMyX}eNy1rnwnxyK)Yqr1mjUGx<InI!LW
zJ_cTGwq%~2f5z?wq3aRu=5R4C;i#%Kb2(m~jHs%XNEDRjCFsoYb7+I)3MZ6CXZc>w
zGb-k$<3ka@htG_lGLLu<ny^G{cj`5lof*ju?@EL<(Z#r$lWX<9t!O(8rkWmpIRlpJ
zPp5vQF#EvE?X9+{MGYE3v{Y}oY}2BQUC<`r-zsskj>ec;9rKELTf<X%-m!vm7`Af6
z7rjTuK5+1tIewIl`QquW{p){~Hf6tXl)i{wn1EF4=J=b#OZ8!p68#5>atxR_bq=aO
zq!aIRK|5`aIui_4`HiMtyzNRIxR7y99#La*{0|cGCs5%!;y=h&+0B4(0<sfU%bP)`
zzM$0{gdFQ_Jki#+olhk?uzd4Bh{|qt>gSv3d5mfJe~|xibl&k){f{5Nw#tgawO16v
zHL_Pm$_{035yHjI>Y8O<J0lq(dxh-%v0WoOx%O7B%!`Zf@7?dOirXFMdf>dy^YwfI
zf$;Z^;r~H~#@siqP95hX-o(2pjQ&81%sWPUw!qI00~D1H0vTeuuBm9PW&sK1a<sJ&
zTm4HB52cz@@o-r5@IN;xY1)UQDYDQ?5R{Tc)!mY=&BM!2yi!}|TBMA7wpIeCJ1-2%
zy2m!8-0%y3s?k&{k;8<>zfC}CS?b8^{6#gcy3$s|X5lheGfr}3+pg(TkAt*zKX+mT
z#OmVy#=DfZ@-9bqFD7XpF9{Rd!&xoKa4B$V6C>$@FrY+q3r6k{MB1e+u24F;&5Fgp
zku?rgZ2?yEpJ;)&KN|0JK1}u1&EkV^^o;6rpBM>hyR%+c6WQMTvzdL<b~pAEf~CG}
zGAg*_R4?LFZfc2BaVGE~9yrvJbur%GXf(<3NM-y<fB<i+-yzzI1OMsfx=A+cl&l1<
z&5j1C)pIN5GlMDfe3QKf$1mUBNlJ5{+Wu|2NVgx5wvQGrlrw?DW`epUBU9qt??M(D
z7$Z5lh__?kk{;P{?LQ@4QJwDh5t?+>_A7}IlDO)js0p@)wHW68whG{aIo*qwT+S^5
zn_l<`D_LH_jR+j!Em{)6A=^{)wo%4V{w0Ig-aUJI_z=&4TS^UgdiRvEM2#pkQQwM6
zodK5GBZ?s2I7Q@7#Df0zy^#WuDYo?(*#SN^c!?oCGyV&Gi<w>_Ybm?Ob-wObFD=Ux
zQQX7iS5(r}3R>xHy8xXcNS{Jz$xaHxKiBhC&qPJdDK<%qSc}sBYnT<`o*xg$hFQn_
z%Ej4t3aM^i(osz-HVxP-6_fh&vX&_>&?l^ZJ=T)t!};08BVmD5bX4H04Dk`=w$S7I
zK_)9%(Zkx_Dt%feBVxfZrjeVuH9W7ec@Sp}VUq&VAj?1BDDQn%f5}j%)i$aW{N^%t
zs;3ThH7@+ChwuRl9i=W-4Eu^$kBUG<cb}cNe-|<_wECNUvHC6Kv)yXZ^F!TzQ8I&k
zeK1t7*g`}^ko|Nuy}1kbiFUdA%b7rgb3abydu#A|n_ZNa<urBc7|n9ML^da=#VNKD
z(ZC?u&$6@~6%n7=4m;<s?)IiAHWBT(YEbpr?u1ug?fX$ZdGy{mV&Rd+`$ukLcGFDY
zEl3SzhOE`CFE}#PaxY|tB|PyWh%7%;0jw4U(l^7wG%fdi@07w{lNN<keFv?!E}qc2
zAX;KJ@~L9^Iie17xS&fhxl1}uX;tT5_3c#E#YiW~8Zi1!FdS?aE71FVMz=B8Ba=kK
zb}OmKQ4Aa5g3@(*7c(eKLRU+MakGcX`aRNGCbtit(K)r4qgba~)c9gO3j9hnxF@tv
ziHVLw9=n+FN8yeZ?DPdU31I6bac1*9;TRrr*3p&Y52Ri=ZrD#|+FOwUnh*aGNs;}n
z40i&yjkwt{Ib{SwFn<wRLLpFCQ(8+VrI{thaH8C>z?`s;ZfQ=p=9dANanXK<(zXHc
z+zz)V;gRT6%Oe(-1ZgoEvXUN|qB1_wIn*uN>->ZS)r-*Ac4Y4;%xOG$n~#iy>Ai5w
z??b&9*B~?`O-2S~WC0>NGjDL3w8N7^`tY!hhF~;Hx>(%uJHE%2>4OVW>vO4l$0+CJ
z@mqkRVpcuf$eFNeB>Vi{1d3Vg%@HM%o0@pf8Rxfe&*$wQO!i#@I%i=C%WV5O3{iF1
zg+v)uRzC4^q#y3HZhRE@Y-fDT%lkIvysbjjxZ&<rQ%C)l;FU?bvm#fyvy1e8_OgdU
z_0AsQtKo3ztF>$)MhdfCC$1HdK2n_96G4@xBMDuv3KVOf{JcYViz$6U4=B1dk)dg1
zwH?pF;JjN_Q7=9?Gj=|sd1^-eRNDIN_D|(q3Hup$Qc)aK$2fcCMcy=zoiIE>@j7x5
zJCRUpg7#)nU(^?3(=0{U@2`$zSvG7Jm_QZQ1S7eK#*<$hoOq(W?VrFsZ+V%b7J1FS
zYKV;*?<Uoq{+4#z!oaDQh;4UY)lP@BizSeLp{W!S^%>=B{c)4zWf?ohAx@|BbGUyQ
z?SWQ<_Rm-+^(f?x-sFyK&T9EtN<43aZ|zkdkAF8Em229<=ibbQKJM>2L`J3X)iGbG
zb{^ZWIB5^ZhgY3CLKk<x?v7fnaWKZ~5}(LaEkX%CY7-djW`SzxH?R2eWB%1OG7M~Q
z?_CfgzYLsjGUgaCkkIdD9u2f}&~>TqvR-$dLpB>1G`YpX81WSe#^I|KG2sDo)qB*@
z69_Nag&tIO2*Hp_C9hdqNB_sdbe2O~b@|S@Ne1ecNVan0I{x(J7-{T=htxx1C<=Lq
zl+WEUOmQ_x6^Hn?7Sh5}uYG4}UZfs?++w5C#^-q+a!W|bKB03f>_Q1xU>5yFeHz}s
z36>^tkm+ID_o2rJv-o~^nVZ(y&3PQLTrM-&B9|kl>TLwbOy+ryQE?~z5^m{$Riw0C
z)cS3{SU65t%j8y9ZkpFdFxfK;3OjjB_3=6pre>xPgu7V9rxZ(jc@jVRmmHGq5_*nq
zik;3er(<jFb|*nZbI^-j%nVQ=r{a&Y*J|ifv}8QYql-pfdS1&HeyaqBQ11O{sI<(p
z<T$W0))!2nEibON!_*%{@sr;Fep<L#Hr9BMph<vVM=;*6DYn|h-@tT-df$s9^IOj$
zMegYe?zG_+xuo}GMa1i#PO_+vQ&ZP#K28#lj0biW4)y_<j#R1aNJ~n}VIRg-qN5Lp
z&tSgpVW%UFFHK>UA$~b^m>`YVGA8v2C;PLEEaUwF4aSCh2>&pQ+Ztz!?+1pj)Ga*z
z^#^>x2D%M+Lx)c%uHpQJfu)kT5N>!jmN06D>|Jd=U*7xGL7dr_3wS@6z|eNdR}AtJ
zfcQc(yhCuzs|UWSI|TcZAIyqx3Tp%*!mTOlyA%%uGqMz&MC%zLQbVsJ)y<pkYjgx~
zo&+mR@m8rq!xE&{e))2NuGiuwmpTueKy`-!&{~vpF<G}b$Fu)ZfAzczq&S=Ij_aWP
z1v+V|^Rb=e>#14PEe$yn_vl3M_;hv+Hu5$u@VP|Rrd4wP;DIa#4ssq1ZS_E`S&;76
znaH-6?0${Rj536GgyV#9P={UX8$Wo946sDfHj*5LRaU<yLyjYl^kG!$orH2=;9iov
znC<2+!m1-xya%=%q2%7=8Zih$r2b$iRk6-1r3$*Iz3{~`Y7H9K2;&YPI%}C?gjR!R
z{^OV_=(-alXnx`6sH0hR+mc(Ju_`y)WU1~p?lTVolBdCqD(^(4*_kZ#^)!45{e<Xw
zWv#F9LYDOXEZs(vUIBhaWcTCs8)~~h79Kv^j+(;HN&Rb~@qYR6U`qCrED?JRsJopS
zap`S$c)qG%&lode9=6T6-=>SD+y!Ax(SK3}GQ|s_t2-b(s-oQ~vB4SFjVRTyA_9MR
z85oq{Moh(DYIX(wb$s<TMxgw}p!J5&M;?WpJG9&&Z+g+bL;B|)V4vnr=>3F@K*sj=
z*EAre4Bg^V>?cdF{-74){zXqC%dB+ZzF@ianKt6!nMzHB83GTJ;&z0d+e=g6RALT}
zHv+L&Y?l=uIBGv_`Cirl=4fu63!&d+Kefx+tui(OvY`mV6weGW0Jlj8fFpKZZJFXx
zE%|f6CH=P*pOgU}mLY#FkI#rXX%qAy5hDB36qdMJV$h^Bk8{w51q=Z>QV&(JEsow=
zQCYmZ!`P!R9f`g<$7Qo9Y!%Abb}C**bu%3~0Dn>%p|`bG3T_@9rP$1Se_&!D-A62X
zDlso6c;NUtde>SMLbGix+IXPXxxSy!`k1kjf(fpzMWvR|-I!W8sI4U`jPMROVd_xj
zdFiRbWlJloXSq5)BHo###A=}p6CIEwA~5O^T;~07?d%lZ+U^{dU^?|t4_ZdWPred7
zYk9x1ZPc<~6-KP>T0n-b`*T~Dw@NgWb~O6^x3_ksv3wqN&!XvW2XJwcPB;}*^bC=6
z72bBxth-~O@=9(<uw;JO8F*Z7aAtn?QhQQ%xSiLTSQebOdz(y|efpv0fW_t)P^Pl-
z5?SMwqsXsf=Wb}YjBh$EsQ26xpYj#76xOBwG^7yG05F}!KFI^<szNfzSJdJxB|Ey$
zW&2MR(&{d8H8{4!X3}*9*^rpO0%=0j)j)wE?B24}uwP4^%CoAik#NeH`gY*rS~z9x
z(0{h}*R|b(t9!gxy^ib|19J;>qapR-Ww>#I#Z&)<)G^H7=1Tv_e}8K{*8<aK6oD@r
zghaZRxWC-&ulE~HJB0thj<0eC*8T@c3v*kYd%|FG86-9+T!qVtxr{ibUb|Lblyi?s
z``tf(u9zDX`#;EW=>H()9fN%eOGjteK!!tUQtTqT&pa&{firMb-6h1q&o71B#}+Ro
z*A>46`t&VYGRw6(?(765ALm@{2TC3(%;Lwo0%CK5{-h^1?TPh!z%O35#LiXqomVBV
z9=5(~b!Ri!d8MGZuGouvbi{por|fXt#6s%wla;{2HM7s_uAURB$`-W1W<XB&g-MwZ
z`gxYbGEOlX&3@fyr7ZG&>m4-}SdkmM8TEyH4c)bSw6z!c@G|yUrCg&_j{9dZ2BXmf
zFIhcfeOUCUnM3=#kN^FPbR@K1hc#SkY^K9fF#}=CCFL9SuU~!uIwZ8c6r6zG(|#p@
zguz&fVMX^YtilWZ1~ohK&y^&{)qa2Jl@7Q#)}d<Qg;)LS-z-t-_y(P@87)zc{K67a
zDgk<TKYQDqng;=k@W$opPG5`kM%eR|8?m6Ar>8E*3cO8X^Vg5R+x`ottV!*i|Jj??
zj)(p!z6W4qz5nQ_hvhXX0G6r;yzv<Tn7TSUYz~0K3H=&#^WE*H!JLNw67qhN(L9~f
zEO0lL>Pel}WH3RKr!b|UzC}oQ169<2ETnh9J?l_Lku*PueKu<RJ=`1QP}R2Q;9p(y
z-%9@80Gg$sv~>LnmG{zL@&KnKq$CFZr;g~5Q0=dSwQ+zZ`A!4Ss7?B@ooP1_TIZPn
z9~pJQc*SEb_nQ=%HuJ%&vCj6CqN(}Lse+E*%?3g1P29*qB{rDpthjlQ!hC8nDSall
zHzt}`B8jMa>!xkdYhUu28n~zO`mRusQv;7g>Mo&pR^t5hkWh`i^xY44_9E`Ey$-KY
z^-|NB`DT|V^d4sWC4!!c$1GGRmqLY?|F&C*n*DjCzLpC8-Dz(3AA3<(&n|8slod+l
z6n&!3t9;QA$D5m@RQ9M|O(q2-IR!iH;wWbnvGczkoI)WDMQO$l$ogLrP$SEIKS7cR
zWZL&eYd{%|(Lbxe5UinDn@_)Z<3!+`!6gyN;URPI5?Wyw>BbcW{M?Lt#U)0}{bb)g
zKp^v@r~70V%(%f~9+!WYGQFJOwu3@mWZwsFB-Y_h0xoPRNN_g(sN_k+L1~A@Q%vf<
zu&_ja{;Tz>9zwaGuVylH&|C7dru@ZUaK+f^9&Iy)^6k}slI~7c=Q5d}T^~LN1BsFC
zU$c0Sc~y4>Q$8as*LG*2kU$?Y@%Pn>5ZARkW$eUpv>2QM8#kPgQlpu-UL>0<{;g4#
ztKDy@{x>6w#b{sKvqm=%Pwm7J*Jrx$SGyE4!_|HD0r)`+5nLODf@L)5@i^_QmIyr8
zThol$^N0H&bmnijjw%00Wti(X5J`Y_HIe)&`hUGW$M`|oW|T1qG|KatcETx1l@n4V
zT45c%Q15Pfg@iL;YVuts=fXMgztn<R-?~2vQmO#Nzdbfh|4+9kDU1pEIaPr*{cR7q
zj~@8*I71@5RH%8G!nj!0TFCEy<xdJ7l-$%;Z`S`}ryT+-KO3V^)34(2k8hj_*2Sxj
z&W9wj6=ck^3F|hT_N+dob}IvN?B!F}0Ip#ouW!b6+iP9N@<rc>Bl(zYO~NYQl{K)z
zj@ydXZi!H-r>!=b?r{GO5bkkI73Fxr-?*s#bo)Z;T5=xG?tZn@I>wsg5??02_a~fj
zZI<^|8WM5fyDz}UZh8qwBt`801^zGO&$X~zhrs^cRpZ{z{wT~)tI|zmd(g}6Ylh>7
zfy0Y)!4*aKj>ACaOVCOCN_Jkg5obAnfKR`cJoxm)v6k`^i;w5Kvi!U4ifmTCSBl-&
zS!YY^GY9)Y?hSwA`|%w^0r5etK5e6ZZus)Cw*l`nYX-5NLoZ*iCgL8w3ecVKm$upO
z<JeFq;(#e6NF_BN`!)GFk_iI*wV@%En@jd6wMP~)EhBYw?q(9G>*K}nFoqtRIbip^
zZu;o_a%>#cHe<3*>e%8T{Vt|+y&!S@(C^&yL`yP9FrYn2R<%`j(7?Qk_b-Mc)7a+*
z;|#r^&d6Gvj<RdUra+)GeY3Ua7<am>ijRLKi4`z<nFX9})CX|rF(<heMDH{-2B>pE
z*brJTs=?fWCs#qA<Vr6c*s|SoZ4$cihx?o%-%}s)1AD>K846P@G+?lx!aCl9QO1LH
zHyaf*>4s9O@#7BuR4o%wCxc<$6@0NJuqocGjj2GcL<LiR2wpA}Y5?V^d{?A9X0?XV
z7s!d=IKrm&8=`PF3d3$wfFEhhQ!gmga6K@60C1+LVF;|4C)6=Iy(TOOYyXp$dPHO<
zd>=!+7d-alN*_E=oQ{s~=kE(Wg-q0*rU`O$n)LT^q@q0++VF3P%oiPve>`0U@@&fE
zJw>T*C7;L#FQ+$;<Fr3@pQXnV0~^GswnXYnNI;(Xr@Khs2jO80uV7G|?CZRAc1$p%
zhLDDww-(q>({;hAafjM&Bm3=VX~<)}Uoz<7i|)9(39>v0W%r5<wM02g(isSQs}M0}
zG~4c^HFF;DCbLg#83_Au(?NH=D}b6?*jr4Hnrc53xQhBr+>qJ{B=}sQ#%?)IGHbm7
zuJ$9STd<k7EUnGp1_RW|4g9PIl=cA;9u(h0P0onB_3+=|Si!eFBCWuVceU0zP%UJ$
zrP@2A+e${$8~&VB?yQh02+<UYMGGyPXS32#_UX1bInFyl0JM#qF|pf5-!4LcCy6gt
zc9gc2BLIDG^x|4>!k*4kuHSqMbP2>Gn?tJr3>vPH&%fXD*g9-6LO5}sYM7s@BnHqk
zM*|lcG>jILx5tD7!iCsDEE<N{yWn5#x&HeqpaccYe-JB*Tr^pS(`pXB*Rsa{r-T`x
zZlIy=<Q1w-YwvA=k=18c7%=_GS<Hlm?ZT35+`b`y(rQLiu|P#KJ_Y2b%6|>1SGcDv
zic@+d|8pbi!oIK67SK}XgCt>35SSnDdo9KgEvekx2_6BKi4!}~gE(L70A)|&jpEg!
z7X9RX#Y2{sPd{r7uE2wQ3K+Z0`ttVlx9*+)4l5lO)|P(lCtu|03YEn0Z(vc&qIR)?
zf`jiJ*}c_GXo$NdSZ|K9t%Qux!l)?8VfR5L1&N_D{?_@)KP^pFdkpM$XKMNvucDl3
z;!N;~aeOS942kN#)LqW>qVj`~mGu3dP}%Q_-?Uh~me}8PZ}`x#tJ(ZJWZhgAgSPN+
zrsl@<&!5-i;(flR**zMk*N*cGNIV5!qNvul<Imyc*nrHX>78IDM=H0qL2jL(cc_|v
z;bJoX^<TMme3(bbp2W|Ca*Y-gS`CrlvYo85+e)0yIdctT7tT0Gog)+}NJ36kYWHbr
zf!Q}AaF3wi$8P^pKWpdDP~EZye%a@DduvVl7YOa!p<a9p9cpk_RMu7NH)+MUhJw)G
zB+cpZ&%HTVrC(B^_*WL~MdSRVf?MsdU-H9BO)USWof<tB>g2F7;FYJpC2MRHhEY5>
z+8s4(!oAJxHl$&VzYt&m(bB-$T%)X#i1V^B;_(xfwyu6I^LkNIu66-!v9zXvO~!f~
zG$#2z!fVWzl!u(|_IkNYjgRNpBSEhS?p+qY(l+xN%*Y@S_%;&Kp&-NOu-mnO9sEZ5
zDOvKV&2&h!x@FY7kD!wfwyr{*>iUhYMpAzae_FV@0(MiSEy78@o5k|o-5Hr0FEr#S
z0hVk~6DWUBZKL34lyy(-r)j6P-khey;9GNO!e9KBvPc%3WQ;@HlNP#y0^QQ9@8|&T
zV5kVyGP4W+t|f&dR<wsuNt#`c)OC<46OoC-8Ark`-le=c0I6A~*V|}R({8z&wid2u
zl{hZ01pOZ82s~~hXlZMe1;$<QYdfSx407?Hd5H~Z;mLmAPM*w|u%yV^>oiaBAXQ^K
zEEHVZ1+7cLFX7{*`7gux0t799XbWqam>sgf`R%R*S<?9FL1u#&T_hEe_e<l9ew=KA
zCuEHmRrG3~QU&XQekl4?-^AG)JnCFFTY-cywYqL22iw6yuLU0ozR`i%FXG2;Mp}%t
zo15X}2g5&Ydi#)|gNZuZa$!>HrX|WH!jF&tD!2Q<?TDeKGmdoFtD1BB|Dq*;lE^v{
zW33mQU9bk-?-zOESu+Dq(wSP*=Sh26EmeCpw~M&>+uT<oqIIFuALXg<PCjb6W%ppT
zmDaG;j$6^a5h<c2Q1XK#_{@Rjp0HRMbM~4XM}jZoQ^bS^>guXua3FYS*OCU!n&z?4
zI>E&bua0^ZM`BPI=Hm|A8T`<Hk+;dYPn|lK%_%;pmsxFxAvKl1o8rirj?d~!b8}U%
z{Eh(A@sGSp7!M4dA9P}u6_b;F4Esbe3!DeSJpvSwl2-%4c9Gh`P-U!|kLatmkJH;7
z0q)+X%gW8Kr(;Jj!9vP6O1Q}|SjgFJdL#c%JSyujmQJTswBKtwP9^a{$t&)S?-oDr
zKc#3}gsQ6)t8I^(fLb|iU5V6}#RWiN%cR`uWA_rQ+|mQ4CA8duc$T*jJg40Y6^V4p
zXrsxjX3JpXe;rGCg$c|f<u;u9O^2npPTp;HKC#|vdQq5=T4l_RNWE91;8vJLgoTaZ
zH3BG-pTm2uw^tHabL+@E-l(4~1UQUn%PcFu6_vUxL4!rsY>59Z&+5utNoMobwrm_+
zSfJ62k!fyXp!k(XX`(GmU%fa#B>VH=`P6TfRO9e&$zBOTM|^p;pgnJnyDs)o?eRKq
zfwpDp1Kz+nZ7oM|0*jC5(>9OxX{fFQ-K+?lY%Ga{zq)P{spJC<ZJEGWyVD~!RMBI@
zshUpIfsnNK%copHUa4da9J|iPip`y=gPpT?CjOesie`G+<r<h&YoJ+gHrrFTFgA)B
z%CKW7!t_2)=CLkxCHFhEKPUn}prs)F!gr=x@9Yz@(=CkNnaTt|%5<-v8AobcMqhOu
z3<>kUM#W<4hh@iyiY#2%eg6m1KY38FT!ajxSh_2bT`WIN`g+8|vI4yKHNnOQ1_l-3
zW?PIsvG%}9ge9P`Hi;HC=<wneR`;pNuxIB`PVw%=pEZ<pfm`OW)QCmFiw#~<w`FrZ
z6H;Tonx^mt;8WYV?CM%6FT0lqy}$lYMw_*y*Xz$?$1im%kbSvwS=u`J>&lMV4+@EV
z1pSO2%H;TXXN*Aa=~SzqJ|?dlmnp%(Z#(g`8rrLuhYK%^f}jW=-msYq1XQBJb|z}O
z`J(nMW&F0W6Fe$h2&+bAyJrsy*#ls^_Lik$qr1+ws4;Gk-Q<f}AG~~iK)UjZ*0-ck
z7&Da9E8e@$1AAfE>9*coe?J4rkD4;#f9U@UuUdCYrtraOGxzA2@N<TwEdPS2njpQE
z0p2Vo<`3C<k?E9!*f5Wb^n5Q)h+4vKzW3Bb3E-13?2_cRS;OfqkUZO1OgP^&^+<%m
z4k7mwBbhoJ8>PO8Yy@sQDh3zu{y8=`T9QKgjggjBvsP~m$oBSW&Go5DC5aB)ifv>6
zQxJ`cmh`;{yr1<FtE!d=Q@4kLtpOtVhn#4JXw;S9A!-#|aa=Icq&kOhf_tQ-xK)_W
z`k%}5aQ3&iJjrb{GcQ`}RJ)so>HodVqj7B*mHnr0PDU_wEtWBHHE0Nv=Etedtu!az
z?>62rolVY&gFBnR+Qg#ZM8?5y7p;Uxv5ZTIU{ifxjZ*;TiROM(3`RMCiweSf=s<#X
zK2q)3x0C#!WspK9r7r@7QE+ZdYRLx2MW_4NvKY1gAntvCpHuOk(z;DkZsb#_{P+uE
z$c0QOEx|)cC24z4sc!gz3R#b|qQ25wBw;k+#t$VpQLxu)MhPV$=Upo0miVc>T%NUE
zxfA=l-D7H$_Upa7s=lR|q6v*2?HOHfUZNXS(fqeBZRW<s{cME!g}z?#o*<Z%RDg!&
zFnqT_0xkqRs?Wp+<U4mZqvI&DTfy&>D{+QbiQaGDRhO0jocS*4Y5Pa*o`AWZ2|$lF
zuC{7(+#BJYIbR191SDhT{wcz*|FKFN()0>jw{ypc)^6npGw)so4Vmmz73?WW|G66F
zW~~@ctd!a!7DQB4uUvj?-?yAy*XXecky_rTl{z+QIYA0D<n*KGPX0~F4R?rLOJMt3
zFWH+HP8HS(;>@xqy#xcoT30#ZY%Jxf*#FKeE^i!lu&$nGdZD}HrSXncM?o6@gV6sE
zvSV^>R67sU-e_c1!(~SeK`o}!Zm(^wcXw?(ag(8;|Hu!Xv-laG6LMK~Eq%7AYZW_s
z))bgF8-HbYLA|2*XY3;Ra-MCe|5`PGePCVbdh*ctDsxGIB0gW}Lx7wjcYM;t%jLkJ
z<DB(&s>7}S4%e<L6>6`mf;NJBbQqB%tpW98lc|ErOyQPU@2uF-X%qN%>UQ8DS(xYh
zPAh!N{}g`s>|EjZfizi9D0%Hebu6gMDMt4>V^UJa(r)~lk?VJil(y5R&yQE6&L3&o
z6Qyy{Fff-stKDA9?o&pc81)@^qDg&S^ckyB-*}uZxa_3gtZoi5ZKV=?@mLL$UY+<c
zrDna-#~()K&i3Y}q(HWrwJHDhRC!j-vemIZ$eLVfbY5nQq}SA@{!Ad+HgtO-+G)CU
z$HEIu8XpSMrFs@;eGpSY$ZnA^#W^~6-uM?e)!#_8N&-2LSzvL}{n%$)sXxDg(%n(#
zAi<D?fb<)!?_5KhZ@bZndFg;cs(U=?z?>2mVoh>WqMU^cK08EPSLtV~&eI)s(|D?U
z<Ne>eclAq5q}2SKKxk#WeGkA@)s9pW9RCm_G6Ji+OfyuN$dDuT7E!ol+Z2F?Y)}V4
z$0SGW<X#vR`)si9ud6s{O?=CqE%^VusV_DtL!uZie80Ji&@x&)f@VGESZ&6$w^<1^
z+#=uJK2lQ&Vf$<ZtFR9B@UjHD?Vp_mw~eKKdI4-HpmcH>3{ZYhX_^L1R1f_G7=7cA
z=6<1`uzEq-%rvU~V_Gc|exl~BHltD8K*FT%c`+MmG_}onH~R;t+Kl~E$8V3+bowH`
z=pz^<*tR))Sd5j=@_tK`Suah~L+!j&<dW%MX!y1P3Alzk6;<>n*;Kato3~+Zn?$9F
zlU8~2y@xE#Rk;GIzw4zs2Nq*=UNp=@qIpm*7Qyz$9@|kBr|6sU_v}C>M9Z91o#kXF
z$FDC@?m^WJ&?4Vu9o76t#hsA;on;UStpQGRno-4QO$TVXBc;_oFcpuuuqY+#+$^X-
z$%|(oRO>2d2zj0YDfjh!RD}(6rbXF<xOBAMBR?>d_q)ftV7Jy3M^lKsRUWtTGO5;m
zj?&SFIE4o50pM}MB>eyhlFcsCebBJ3qE!h=&Ou^p3ar+#!Ih=eF22@X|ATz2odRvR
zIEW3q*0b_oi?V^AsBYe?I91?a>il3lt6L9PZ4iomf4Z#VTRPf|{3e|*voz1zEfBqs
z;%LU~n;HC?5CbY^EMz{H?HYackAC)NaYF0LAK@c%K-;d6Q9<oXK7B*nq=KnS7wF49
zYEds70QI;x^*nJJBNc0P@h+wShw`;1U*!b;?_b9QAmw_~V)wNed@|-o3tAM&xc7c!
zJ22L@zAdOb=LZ>=!k52JcglYkN~O6FznazZNWHs?It4p(J==NU#Sv!dKXhkt7~%g{
z#|tHT4D?NeqZ2OUs(|@w^r8L=wBC_-MO?$1?P6XmNx%@Z6qZ>Q4v2XO;^cLg@+?u@
zBliUciFwvMa{rW!sW^Oq#hjSGt6;T@SIlhfUchh^VN6zKtFL_f?7?|5W1~1C#zJZs
zN$qkrJGOH?Rc^Y|3nHdfF%f0wwp3x>7KMJ0tM@lZk~6M8brj^j-LKT>b*Rx+;c?l2
z-T=zIj8yEOac4RHx2WIjJy~4vU<rjCuT9l#yxI5zHVNV{8HUc;YGX5l%y!s8@(!-6
z?cCe<B%2Qk4-iBaQar)2{k3apJsq%?CyEqG?hb6P`uR?AN0<6WyCt$}N1pGfYU_WH
ztp7oz!ARl%AUuocpv#CwEWYAT&Sc9cDU>&3c#p3T=AGDaV9eTOARDy~iz5`zcex}i
z?B73OZ0t}np5`V8o6Qjto0;*t441WMxsuv2_!Khm@YvVya!#H*+$z0m%$ko=zK=-O
zm+xi7;1Qq$JH~`BeG@wSq{4ebodr~@*ESB{=woZy!h@f(PMAObbRlKMTi4K(svB;d
zWE?E0?Sjah5$4m9eA;^;vZqIW_FsC&4vrn3sUY6}J<W~5q}r}<aYs7yQ=Dq%+8OvZ
zhGhCRyiQV6P1fspbCKA-3-3kC6jF8{=-a)KlfT%x<aPdBo~XLJ`?P$g?bHo;#1kD_
zQ}HGX<AD}26Ip8%6U)<bcjr<TfsxU;zPnQvyMl%Fvp2Jh!J*2WzcL;e<zfklB-s&B
z`J}#j!+Nh<q8M+)tWWrg3W@uS&ai!(t)L7q&c(4Mth2=NBuXG)u6=QT`{^R>Pzu72
z5qf<Ml6}%|L$)c#97DsQ?l0*Wqr{xqT5rS4<-5j&evC3V(82rFJ~RAeTX%b#&_k%X
zcDNocjAQo^nt<H>A+la5l!M8}Ij8mLUp&Z|ty#l%*+sg-lQxyLIOCh?GS?~NJ}Njf
zHU@;nIAB&<GU-KPbg^I{XHwZsFmH7YJ4hW*LqfiqUi%Z+r()=KU(3WVXlZWeECiF9
zC>Ou>7<&+PLe>Oj+qCB8)N-K{_9f-!aB_N8eV}DogtONXAsZCwQ*4E>cJVM9HRVR&
zOyZ4M2=1<@N8pel@nv+qnI^C%1N?BDJhq$r7h$>`-y#e0E~Sh>I3EsK6<KnpJSZ<c
zm26>MM3Uqyaj!l8i##tQS<sGmZ(`#94Mq3cWlS=SugDhS3+5`*o66aJJvlIDsy#gl
z+YY=TbJ)SioW)i6emLDw7tBD|mwcbpeOd(Nupb%tW5m91-5x)=JGjXgZL5cGpIG)G
zB5AdNNnyOu3%KM|JqqgWN{R9u|K4nb0sR4WD+i8t-QV;_B^U}@T#4KZ)ns7s?y(ad
zINg{tz#nS87Q<D_dI_o~1_>0hf;vucgI5H~^u|kicvM;&arOjf*e5MVM)V>}n?3W$
z$G!slfZ<=x=1qBa#sj$gU0$^h$<S)*HfZt=x+BHTh`b9|bsQ=hHy%q>x!oAC_%<wo
zc%WjirHpxX3^zAwcqfo08Zq5-eZ-=w;cTMW>rb|rsp~|Y9uIyy2d7za^4(l4w7y}b
z2zjD?Pq!c3XCbAjLhOrnaq^*%sOsi)+aRxB)LtycG-E6udoy*hp2MeUe@MwGD6|SC
zz&Z6;G34Z7l>{7=iGIruSNGF&MfG1RSxhpu0++_{Ba=iQ-d7zYFh0gXoXJ+&qEz-7
zXFBA~&D8)A<lw+X$nixCE8-<nzZkY=o{B=!d+<cHSxl-h;GD*DjN@F>@<}K-LQCB>
zn#(H((<cb{Kd{D1uP4|d^Trz}Rb&5x{6}J>WrZ4{FbjAywlG@BAHx{RA6_tx;RM;q
zr0F?`c!z{IaMJ4w-|j^b&SsPAfC0HD2b)`ly{(M0XGySu>@BZEy2#r5wSAx5-lW+s
zlL`}*$r<TXnz(OzVh2YBF9j?$^&M}Rpo1hKRDYiGinH^;B;^;Sm(3Hi1pBY(sQzVP
zkprLh9Bc19?VgsDAM}L&`eG0&$@_w=aZD_Mpqh}#7h&30o!B^Uy?PGmG#L4POG4&1
z*#gQ(HY7r7;`IY2V5Gs;bkk~9+aerFs6PLLj2hh3YD6uc-u?J=ZN^8wk1=c^k(l9~
zW3Kjp2mQc^J~sKDu~>L|Dpp6x5046V<@+wyJhA!B$4bN)2k8;>O=tj?Oa$6STH@Aq
z)@11@1IWQPq=IGNtBrmwgh^dofIT|c$f&)NO}NZ_UhSL=Sa`=eU~rJ($CCXqd;t%}
zSV|cwtQ7}ut)a3ezmt1mNW^vDI+7}EI{fMSzS<BwDk{D8$y#%rvSv1;S`3-b{jPSy
zwznK}7qmCeuMGQR$Ftutq7^2Ix6RfwdX`56=59Le2dZ&_PFYuve+`dS=_pdCvCpis
zGnwd#XalQ^3z=L<XVNIdJtI}j{zBBJ_6za)@i-^17*4a6#<DCw5arMaA2>}D7G(Wo
z_)YelV$5f{bja25;Uy+hb6Lo>)DF7;%9wnB?Ah?@0FGo-ZE*-;!r>E{q`{&+^VO^?
zIorD3>S<o)^S`<vA5##{MLgx3Qdr*P(&e$Nk=|%akwqH5fZ6M|WMS$;8xfH{8cEcU
zf$25q*n*oaWT2k+`MnkB^>4Yao}bH1dSqMP2P@yxc7{hvHYmGzn(9=GE@AFie^_C>
zUV8^kix&8kjB>)q4t+m(UcLrJ2g&6;%NvEoH=gt%3^(Yo4iA|GDxNaz@2^q)EVhJ^
zHK93osr#ev<>X7dVc9hZ%D?N}$G_LeB6P8^Wx<KmdI3i<c+3<Y#k+{gYQ<&@4Y{-l
ztw$6NCk|yUqpH?ffyD`GeUzz94G8WPcks@%wQCpoLUN+ks)9ZAg%Dg%>BL-}?x0YX
zG&?l-G=GI+ggw?x@~wyzZ>7q<n=Df?0=4nU4Lhynh|gTAYfaW|pp!cib<VJ*{Iht2
z`&k|$23K=!)cksaZ?T)@D{L9SL<-C6){v4(x_vit;?okHZ~Y4!v6^wBF_XGj9V<O@
zZ<Y2Z6LN+!UxqhXZmbqoaxS20=KKn)RPbTRi90NGI#IYoc0J?`ZJBPtLs4R0FznSy
zDisEzBWKpNkCDFi(>qZM>G@y`OTQ`YqOeF0%a8zq4|dNVT_^hf>|SzhkEJ=MGi!&D
zT7HFDwsuX8n&-q*t){YH8#!2#fm_{&0s_&NA@WF+n0ip8x0NVj$VcOtdaoz@zAcae
zX%cc$MPM=r0Z+t=LEHTzyXU=2(E#x~(EH7>zfJ_bQKW+1+kk+3e4XYI44pK9_RCd^
ztVsA*;h^aQM7_xdUtQg3*<A_60pr4o`6l#O*h04>g`6Uzjq0*J?;g<h1Pst*WIgtj
zpef)X#oE?f6t|h~4@dNPYde-wj{bD;{#`1W^+n>{9i0&LqfakimLfO93+_zjt9aMi
zN)-Yy>6Pkzgu<qq{aJCFa#I$?wt-GAnghv`JFSl0IxLuy$y$H@42XM9J$pYSgD}M_
z_pOl!zHN+dTHU`2Ga6bdY=E`D!BLMYna*wd41-hoKLEG#<l16=wF^KTd(3l&Xe0)o
z7hUus9J^sClj9wqMyyk|R9qCw*x|#^mJ9qrL(>L2MT@-A0K?hxw-}e{W&SbRuLdF&
zPw|UHkm}r9^+xEF;cC-Vz&*eId_NsIF)E%{D7-MZbi&Vje_<e`*RVPei>NN;y^o=~
z4XbK~D~d)K$@UJ{b44Po+IF)Yfx!rxW_K_R?)2v`eVO|UlAt%1($=cii*EuhAMz~a
zHVNAgtNFg4?$I$|na(()CAFTF*j`N-FGgmmGz-ic(Un<wx4GP0wZV~#aAn?+slsra
zCNum?c~YyQ!2w$KA4!y{i~Ex*B$y&h<K}=_6e>mNH#=b1?tms;r?L}0zgRFv{(Fi}
zS=@>$;GGyVtfE<|n<xYFtbHg|@9I>r3|jvkEi7dBkmHQ@$|g_uNs9x4(wLFM=U!;1
zBTN;hz9PC?r01rk;jLwP*#vo~*Xc+lAl6G^xqOIxXb4k(b?X<1DrL8wo$kN_23Ytj
z(|wqd4IQce+ANP#P$><nFtpZ3ru(2YWf<EgHZ@ec8|S+yU;{1GMbXXaS>5MQ(WsaO
zQXszstWq{%WvR^qMmld*_Q*hsjg`WfB$l+;`fypfRER?gGjj)Kv8?uq7|S75akG%S
zp8!F@#&V?gB%<XRzbttvfi#3NI-0?oP>Hj90cJAz{-#qdp<^CDtf1W)AfV&zP6e9<
zQ@v9eA=-w$LNldhC6REVh`Rzxc7AF)E3YZKlS1j>QpJ<JZG$nz=V7FDOp|z2Pit+H
zro?1?Qh(X6K%Yfdk$q{q>xtTT?mjV_hpQI~vzMRerI?EZ#oX)$JvY{n?qnN&x@Ft=
zAY}Moa6w4j1gW&D%pE$CssM}|a?-l{@&T6M#DQ^L-S|7@3<p!Ck3v-twcv(g3;d$v
zfEpivxpXNKTXnEMfZYq=&v}ClItmC>q3m~ysfr&N`*7UxUpxDHN8vU5$mh)ibdaS&
z8lHVp5mbyXo`L$=^-Bt5!}(S<dLCaSwXxq8jQ^~9o9tojF4+sj{@VGCy&=2vrBQJ9
z6lkf?!8|A(IBJ=Ob2-h40L=($Fj{!pzYr81u$P03)nWFdZi<(qF7_1;V)OcVT-ANK
zAA6`kt&kna(zrA)ulTw5occg}<l7TB;{?rSOqC*aVpSr*s&BM?fODarw}}l3Y~tg4
zP?;O?#b6iIw8=^l_>lyiZpjOkSIV{OuPvOKtRijdy#3C754yb^Bg)n@HhkCO0v`2n
zOZAz#5<E&V2Fq@cp~$Ul%4r4@S^IUS$mUUBCP|5ZcI<CYdw|$l2a==p%f@JiYOYX(
z7}yv*`i^O1UD%yiUax{Sn;;Rb-#^O{Mr!(_doA=0)dV$1j6k-poxW+{Hl}=|fe5HR
zQesE)q{m?;gJbgFmN#Cj*P%|IAXt6_8(})yVUY6PKal8G^3=a%r)yww%sQpQ?qT`|
z@L9a*>eN|2GV^+dmOV<payqPjl?3sFSE4+th)RZp=}*@@g?NcNz>?leC#$O$Xq{qU
zCg8d*ga^2bQ1zD(VB&uG?cl@+L^^_G0d+$8&o4whPMn1Xn!9?@=3~*Z&&C|f8okx)
zvS*^fVj3fwDv*4pcAof*+jOws6uur)e(G;%VINEm2g7XUY~uPAj)LYewG`2Q1AegK
z7Nc?JgDFUqcn&_$8=|4a(`qTn!DJu6)Ei1$+duC&4~U3RtT_{OcV*o{eeEIgesmZ^
z&j&Egc3W@l;Zz+Ea<lkRX%s6t(*DZJr56F+&KvA#rT4|kq_=HZ%(#odbCS7bp`HgJ
z1A>kc=Gh$)f<DFG&<k1x*2*t-`4%oLd)|yKwiK6*`Ak22-N#KGawFj-Ng&DzwfzAE
zK#Ug|0|4cr?lJ_OE@G4uS(4qOx-g_6?LbO7oMQ2wIp|PPg4L0dmn;Mnla4?h4VNz{
z4!jRG%VHiimuAdJfij_rr6B4zG9=UD1)@48>O##w&qakn6tF{(iT3B9+ZB`jLjVkX
znD$7)sq_VWSEiJN${y9lk=o_lgMS{(4R&;Y2;|cJ^c-2nU<_?7_zkQHuslC|BYC7}
zb)EqW5b3Kh9q^EAA$JN0%YXgsv->Il%-GcWL2ORoqxBT#M$<qy{a?7{myiECU!>RB
zcfB2JeOD5<w#dN^P^fHEGAt;UG20BD?UuR}N(IR}qkb1M+D^(e1869mFk9wXV{gS;
zn19szw7SG3Yc=C{c&V+W_FBEByzn@*uDW3-BVBc-@8?BF?0A-|wX(2gGjB6xwLhh}
zeyqDYM2ku=%0gtGCx^$;tefCAaBCMznPdF^S-~+cmj~j~_d;auXDl-QHcc7=4Y**U
z36>0nNYf>oFY@|8;_akv)(=rJvG?vKfasHH!MsMHYH^LLo+BBm*@Ag3u75I{K6{wd
zO~_j={mP7Yq7rW&S>KV`^FNgjLC>g!2m<L)^80|cjx`;_KF(QLvrH?4xodX8bO|}2
zAevC9s=d515RxiL(cf!(=!k^x;}pgYg4V8q?bz{r;i|*o4?O5Hdy6ypq2&)p?g62f
zpC=Cj`O?-8f3L0iS<OkD3y%dIhyM?9>r(y6+&}A(_R?TLtENLodtiTkbghD)he*@m
z8ak~m5WO6vc2r}fD3nv<zjX0rIS3tu)jg^@gs08|DUfTRFgM%eTzvI+5=InHuX$N_
zx6d?QG3?Ae_5k_LTt3L`chC;|r?Epak-6+Ys<Oe1CU3JJu)j=uc(P$0)IJ<Gze`vF
zL4aLM%(X5Xm2{vP<SL>yxSN8c*ZlKC9oQjYm=sUf#?sbtK4#xhA_KCvJ=s(**5B<5
z4|hC)wcE8!XKnn9<6AGv??<D7e5%oNh=PWXn}(~5X$){*OBCi8D3sbFt9spd|9F%w
zYvvfOQuKBKtLT7qKj+7UPTCt>uMvV8e<Vq<PdF*8h+-t<re1u*>@6@__oNG-q#c$5
zLMYkZYq&+ag!8b3qSp3zq4Y(#S**HL(xPBZg|#PV%|nA^$gr!_{l;xEViDHv2h@ab
zI=7?j0s^wWyjr#i%gn6P6k&Q$n(sp@?O+zvizVxFuy=2Cz<3EBlK5&47i-MO##7HH
zMyuSE&D&JFUi-1OJw)lr6CM1wOQd~-b!~njRUtEY50a!E>--^H_H0?!;|`S;`d0FK
zO;ZK(Kg})3MMkPetndPMz%GF?e$$yYmEAXqdH4I6-W@G-NnJ179_k|8xY}5;Bz)jo
zjL%_nihZ39epKf_Qn{7?LA*^E_LJZ}>^kz)5){QgpQ-jY_f)5MgWxf8xLd<sB)VR6
zRoEMRaxt4GVImYzm|j3A49bF3ZQ8OIo02_eX;bS}ruY9qZN#?R0T=7rMCI-x*DycH
z+4W1_yU?-26MC1XSo7Gv?YyMMiVn1h1mBPo*8_&4QIn>8a<y-043+@%I^kNwzc#ID
z*!Etg?w|BeV3aJ5$6mXXt2liS_vALmk*LIra;>W_?1??g^{2a{I6qsbbHe3$HKvTP
z1scfPo?Ye<b6`r&W29A?E-}>7YTGncm6rE=%+KzVsu!4`;g+HWRoG5at`xC~T+SP@
z#}AJR_9%Q<iY^1amET;OU&&nxc?}iTXFhgVjjI8U2))b2pKj~8FG-y9#qgH{{R>gt
zC(|!tw<+<3Lg4Qz6y^@QbUkOKAvlxp!LL``tA&DgipX>yIya|UWAsAuj*wr90e?_X
zs`Ojym18Y)NBnS&>(kf1YD4|FCW;p2!mvTLp*~BTTs767zXGQE1{IF@q$jQ@2?>=7
za0bTRBDp65IltdHh_hb}P!^~9Bd&JhDD0Oer$)kZq_Uvc%vzE9r0KnhS|3^47zdS!
z0_S{l_KldRrhVKE2#%KcCfPUxRN+*a-GZ4TCK%Te3L~02$qD^for8^}3>NNH+jYPm
zWFI6B=;<?1?~4t*j!b)7`eGJ83uD=ED7VLF9;ET{L(KCA4fiwq19gA0ybV*S5(h7%
zI+)^?p7guV@x<Lk*lM)UEL>^KlCoC?`fqPqrG-gaEmLnlL^i=9^QPn=(=Jddw_rR3
zWvvIu+n{)SR?jz%aI(kKGI^GF(ejvZo{cDK2qx~9x*c;%MT|IUs0G-+Xs!k>C>>=U
z2g0OZp?58_L9fg%>Lj(Fn;3oY0lGVggCxPLZL(FAIV4g{SjJlaBXykqe4AFPcm~$e
zfw?Mb3|}!Jen=~d9Gnm45n)VblgZcd3ux_RtXFDc?TIof^u%#{iArkUSBz8EdfKmt
z|6)(5Zb=lPWf|w^?h|^R7%8eHRVDxhPoBbyxy5*clGH3j=ArtW?73aqE8`2+0XSi)
zA(*He>{L)~@>CVM$@fBZam=gb0p5@8k7l)Vi$H}PbM{Kj{<XN!Ri}|!4+cj@txgaH
zNrdMM(EE!Z=l(EaiQ-h7B>BtB9om)lrEa6zg=7R`7{`23QK{$&h=fT4T^V#AtN4Z4
zE{>yV-1)gbAC3%*EdL-7XRo{|6f3>a!eJwAw@aM9Q-ZLy%L!Z*6r+q}?a{ob6EJNu
z!AER+!u=Au^Q!MvXI_mOZ|aa7-i0r#@HoRSzWJ!z#J))$3$-&yVg+wOLI8rI5^6q*
z)$$ztX-Itflu`ETr;jp+?CajwX>z#qN0Ky0Mn+;wwm+xq(pIbM4a?o!6F@@VXohjN
zn$B!Eq!1PJ419*KIJVx`byJRrw)I419w=&Mz-ph_8h7EKgz(<$jrYy%J<81i=Cp2V
z`Yl~3A9IvF9nVm?Eh`2b2WN>0qrh-c<ftkQEcmR4mtw2svIvzsoxP3y((<6a%rT!E
zvpI3q{K4fxP7_+}SATtOO6*f8+I#gDiNVJc`~Aci7)f^Vtgh0&8&s&W`rmBc3EBFN
zmNK>_^Y)gZ3@478=4YeaZ5dz|+vNN4bnJ1Gn2X{9w&AVyhZ5#gV`?v)ysD?J{VouT
z)n5lYs?h^~w$59jy2dQMb!AtTIOn%~cdpk%<~gPcN`OhL;>T6x<Fa0|7PQnD&~~^m
z{mvdtJ+(DQ-T$gnp5wjJ^7Ma@^};N@fY?qIqB{<D7Kp&jfb<{J|4m1zQ>{UJa3=Px
zde|-b{4xOV>tiM16i+!$Zu#!ag2tTfctr7RQVmqOX@T#KPF-?Ka?l#Fyu-6BXXM_&
zV`EH;ohMO{4{h(jW+ekKS3jA6zYBW#LN!4)xQ}}T7_3_wXZK8ablXiLk4!DgaIzn6
zkqBybg*Eq2P!sV>1TPKvx5VGGMJW6a67)4(98oUw-qKevpWEx(Qm)#FZoAfPmS@67
zcrdCB^f}8{O7CUD<TQ>u?g`4|j&X3#ym4kdTj-K}`JzX5ri@#j220Ctwi*in3sT37
zbcDhwsaVf{tOnSi?=?}u3sQqYNgz~MPe;g(YLS1`(ruYnW2npt>W?m)R@j&-GJ^iz
zjEeN4FMYon<niFw<&RyTSSYl+gHDZsYVB*W4W<v}92306Kt5)GwSDrH>qNGuIa~#M
zI;T>y6qQJ=s->{fi`RT_uCOzdYf$XTn|Eib2j5mOKf+L1wM0*X-7QjbQ=DKd&hn6U
zi1Nw4DMS<`!Z`911R|%>CQ+)xmZzVPhA@Q{a2~ukxQkHTU6jSLb3WRQ@-4#n5m4wh
zt3v;oaj1zWzes9i+UtX}|7B+x;#UV$dWDrl0We5kBtpLpGe$yH<iUBO*SSf&KtX!_
zwMixKYB;;t`bHZV-a1XYt1WyNKSz678JVTqRGw$t;ce`BKTElBVq-r~h~0-T>3<Mn
zU|TNSwTVTJo4$9XZeA(o2b2wQm$%H9#bKqyT$M5vk0=Qhg3r}?;Y8k1eyY3q$ltu!
z2m|aARD}V1`#9$WWFY6V8>%wJm^kuOcAw|lHn<u>4t=`P*h7_m34_wC{(?Y_bma0a
zqF$<s*i~f?wU0Wbk{ZIvBGU#0ZMj#8uyP--YP&!+@qzq+sorJ}RZ!7NgNS7F^9sqn
zSGjn7KlT1%dhw^fj}NSx&n~{2zt^&AF^d%{1<VhDFxMc6pMp6;^6ss6_@SlUB)qi%
z1Qc+q5F|Sh;1D+2+J4~$`ASD|`s8ZVRKKqrv^|<v0;i*l9rfd!R$p&C8aJ#~U&%jI
z?ZtOtvYoPYn^`visaApPHsh@gUgXZ20FhFxFUXs4Ph|7J!sxHnT>v3<&8@}_vFbKc
zDdd!ZsBNKEOiA0ZWJ%&U_AX3)`C;Fe|1#1$;G21<$}Hv2>pw^{{~3-tdH2cF^WlTF
zK}{B#cN`_Y<QaCecG`x4SZ3K>H|Yf&KAc#nUfkG$=r4@sCG+g*PvRw$>hQS(3taIH
z=HNn5y{#-wXXz3X0esL6BGbb3A~7)%Z7qdmY<6@Z>tBaWnr^HZXuB~qhLto65y4ca
zT9q3EEG;Bp>M!n$tEnU(-AvDygn7em+>vM)A=#IxBV_a;W9=PnHJl_1R~$FEeQ^Cq
zA1<3Ny*pU=fN#gCJU49q>^v9M?QCd5==AV;2=!BCwhC`2uLXG;4bPLcCu&db!V>ie
z{7thA%^3-QJ>9&mC+Rvh#{>=GqTaq|p<I+<+8nXNG1a4bf0A!#yF7_W)!EPxRA-Wz
z^yl*^lE}HL2$)jXIaPi=V9+laY(<U+xOoh$CA5newmSH%Y}K^2&tJwbu0V5|VwpvH
z5Vsh@wta&*(J?!C;X`5fR_C`zU;3p<83fjlLGkD2xaJGXrKN<mmikUPX0(t`Y<$_;
zdAlO_Hn5#89{t?6*_W@}G!7W%a}Su`NL}>pxUA;*Z)D7GdvE>V;1J!P3L0RkF1Y_e
zR;{k?b&Pb}PF<?MtjDsaUpkSw{|Q)`Z)M{4fyN0ete!9G(9O;Sxg1!fUB5q56mXA!
zC%1or1V|m<vHQV3zU8_IAhxoBON;wkXF+Jk9a+T$qCFOrzt6Yhgo~O};L4y1#0i|^
zfFCILI;bma9iPcJ8xPtL@gTj4xVnnpmoM)3`SnWn+rlqyK~YNmR1tq+w~mK$n8x`&
zwBQv|U<D|vvqoxc;nOa)<NYIGBCVq<(@L<*x$c=udGq=8@4tU^q+;ZFtKWIH$}U9@
zF!a#Zma&|lbv#M-`jshW%NTPP(VZ60h8%Nq@_Xo#vbvQDeX6LDC+7Rjqd51bo#00O
zeP;vu7gRslN^h6O%!M@wzFFU`tUW#Gm_Fe)?V69Iu?Etg!Fe89u3>!y>NJu?fhtB?
z<ZZWS@a~Hi&={kAC~w#Yf|2rS8G^hD9UYT5^IWS1Of#PI&>$n2gWba~);GQYDbW9M
zbl&k${|_8Lk-f6_&d!!iva_?d94Y$Z>^;lginBAaw{TXGy~)nmXU2&{X1}-Je|d1%
z$3=JV*S%iPr|n@{lDB2}-P-HL(D$&r(b$XjdZv#Q^>>4=t~evQgMN$P5_ydT=gg(k
zvDdtI<5~`3_d{cGz`$$bP3s}AIQVOiZ6RUGuBI|?*7S3SL6N?BbSrzU<PJi#5O$pc
z>OaJxfG4ySDqfyC1O{E-nEJc5oQ!4I2k!{kl#j6oXR3B$xZ2i0>JncMk;$n0KmLe?
zmiUju9VzMO&JcJx-W|6D=tx6dqUObAa}6+`Rv;p)k`w{bHr5=&Ck6my9jEl<eczl8
zv4s)coI1bkQ$8s>z72RoiDLYze%T17WMM(?`GcoUU@V{*e4uY8*;3L?Hy7Y?;`yvC
z{`y%2KSX3<8iYCYv9a;0gugtWRc*z~Y2zsOeIS1HjL7${g~L>V$KCL*PeD<OmMuVc
z+WvKF|A#hsnTAJ294*G4CWq(zUR`(eT&Q4RAfHuzSENU8wUqfn*FT6&Y!w(;(dA`b
zr#yONt9%~}rTPY)oGKrG7Wz~JctH<hvaqzB8MG33?_w23GqSn*Ub5}Tz&n0(_u9~%
z@hgfA@TkoPm^Bll(?1KnAaklPUl{nlp+2wdXmRz%G5gMSPkLXg=n*sm;!g>C<jjB<
zmuVzkAK!O>_zpMpsHT9nspB#7EXyXV>c<?$gqIqnetqPVW<3|c)e%|>mj%Jh3Jw02
zeLpxz<8_bbQr`VRi+&Msbf8hCx8@ah`3>vW4~)iM9c~5Gp#Y?_F8aqN77&2eOci!{
z``ZYaS-K)q_ZzDd8crSWR$i%)4Zx(9(Q<_E+<}7rOI5O#rPKs8=#d9|+<n!D>#`pk
zppV=BJN&V6O%ABhL=BcPY>HFj*;c|!kF4b=9L?$Nr{UncXx`v}|AQE6zj*=KFOpv9
zs$*-ptK%didB6&+zBe+Fm$Qu!S8VdGF?9d>k{x_We6|^A*7W|ZDrrf?`o{jTD;6x=
zNG&SpRwUEn6Q2=nMgX$-fY#$7@Zy6}Xd!Xa#J17dBVxAx;P<%5Wns+-by_Vm{ceCw
zf7*NVXFGn<6HIp#SW`Du`J%!dKMDJ!PX|B=mIr;1C|_h(?<eYf5G;D_0}eTow(iJE
zh=y~GPpWsbzid9rX2)htVXf7n@gl@8@f;<T)0xrm-wo)$ygrmeq&f0s_<}|a=B3Zp
zb*mr~73{{fIGFqz433KPw?R$&Dg;E}ucJ2Qnyqt!`Y-5jcjE5J2nUy+wc1pkg(Tf3
z|6O6Wk>EpZUFzy6{Hfhp%>Z?r>)LI(y=!p$@uT*0n_Ckk+M)IRt6$OrIf0`4H?C0w
zXOdpWLp@1*a!lGsUbo+g?dv3w0v&;G{N#0+<k9qBQ+fy^w*EoVsO1oe8`g9zkB&Fl
z`?jwE9rZUl;AXTAq~A-;8h;o%Uy_7-`TE^z{%v&$h?kI{_h3&Kjludgsm!<g>q6c}
zUMu&YQzRhEQq)b;TF3GaOfc%@e+wa*bR!rAW?x3nyzci)F=%x8U{@mhW5HI>VThys
z#!YL%?vs;re7gjJ9&V`ZbM0qvWc6m=8Vl*dfcMMdx$nb9iExI6&E<575mt=PB)n8D
zNC{1c{k|$llvh^ui<Gf`t7#URl3E8Mucg6r$N<C0IVrC=l|y>=fCmFiiW>5mUzyA=
zI5rNv0*oRP77@0k9pX%%Qg(KB59sztH+W8?$SYW}*`DUJrnZcI|D)9mzvt}^zdPfn
ziK#>u9RKwBEcnbU{i2-=T@wwQgI=~opltLEn&>z!pL#$PjL#{!EQyxq6m`}ANSXLd
z96g1cAZ&+`H1oQD|CsxLEgzOAc{w-%QBT|Rc_IE#B_U`UiR~Jf$&Mn&g<r*orDBV8
zjimLdet|Qdz<OV9vIo9X)yHD13CQ$mHa}~6fiTljIzkbU28a|L|K;RA#c3V(c(i2c
z{))<gdNvp>U$eO%eenvOp@$~J#%@(-8KjaUr=Hbq8}V?1X1b}(^4gW2ONDtLZW>F;
z!t*_{o7us0CQS+6d8Zob6E-}GjS?UXYJIq*y8bk7Kj^w0p0XO)5Uxwnt$-j$n$9K-
zO;cHFwe(=dF!ndw!eefR261L9pHdVCos9o3cn1TAnq(WyeW81{QOn-p)&lr<Q=t>4
zoVeJ!VosiX1jOGxbOjI0o6JP<`n%EayMti7J4YBt3>h3Old{$%jfWEKm_6do&L4L$
zlDrIQ8`(edjw)Idrj<W(n~eCNP_AV`F6ef0n_gMMKO?^jVYtKsL4w^rv-j^9kD^_;
zngY7<Fk)AbTFY1gfrV)^k0m7klQS@$26c}gD(IJ}xFWd^Zx#iYLJiBfw<{8~(49yt
zCn*0qHZx!pnb3gCj_AzgcmzaHejy@|RxL}Ypik(d7&kGM{*cZ=N$-2D^tt4Oz48~u
zRD(ZKBNSE@leO=!81?~@%jcWk42l6=EK4Qy*91i2ro!@J=zyR+9S_iMo}0?^TPBac
zi4?wB5m3$%7g&Eb6C1Pw5V{UXaqwK_1ZWt#=>j^^-=L=5s{=oY@4rylFI^@F328n#
z2PHM;5$uqLA!lYc!Hf8I5l6NZ<3x!t=%>OfZ&&S|EKt>w32pvKI2Km_yoEDAgl+V9
zFrz@@!Thrb57xA4{EV`9o;l|9?Gfx}QDupHA6@vQ_asZ0jyPEwCy|v}<>zZT>uc1$
zAg+sd%-;BW!xCzJq&%DB6m(q=3By{|_tNP93D`WE`8KoI?-nljir4xBvaO068^faA
zssyP-&lz(+Zr+c{bdoNHqkI}LBIMlBo!}5R=W#9rPn=ZjTOQM78|*$;BlUQM#1nVN
zF!Ha@M+~A!UZY=084_FS`x^(Ntrj*BHwk|%;+*29@(~2km_zJHX^Pq1iPhfCpMy7b
z0kESNY;_gtsG#n?&==2LaO?4^!8!;zL7u)AZb@eO+g#U2_FNIC>FPFBkp)A~x4e7`
zdw1ZwQu<|#z#-(V^~cemw!Gt*)6e2tN)?V@VE-UPnOxK~gf48{6@NVBcXyJ@Bri*z
zNIz2nkldrL_3Vh?MXoX<5LdQ$ZRjY+vpg1O;)Y65v9n?Dj~@(VP<lC13x7RZ<+rrQ
zcx2rW2NDu@TFm4>i%4B?*-^6Y|9#nhVD7ZX<6ED%&LZ_DVuMg<y9PdSE*0_I1M&pX
zFf}_Nd%I54X#X%z_r8N5wXBbN@T4%-=bp|_9Kty*LSrXgGD<YXj~LC+hiFMd4H3sw
zW5lmNj*J^ZFg=kM1F?B~^FVp$o0k4CEVQT3MHCEyesREG&lxP%l=&!KmV}3Rem{ot
zC(^WA-gC;^+UWP&TK+-v*~e|IiIY>v2UqS$I*xZvH2usM1v%Ydz#Mz|d?;+im)Knd
zU3IG2H@cH^mhOCNt|3f}R@)b!qH>!HULX2Vv2V?vI~tdh|G-eo@e%S@IXmkUTB8)=
z+qJ%xeaA|75uany*D98mjp=^(a7VrkU%?qSShn`>4?b6^k8c?yYDvo)p5w$pzGTVz
z_98E4wS5U^+71LZ9;2wWu2OMNpi)~FPS<fztzcZn@PbOjaq(-gIIvp2ggK&J?xCOe
z*W)0TOJ3feP3}4({AgcTe=dOmOM6g($Sad*!R1n*E1@G=YCSXo0pg0nz(ZI$sjJJ(
z7J~uZ$CcNEl56nH(iK{qu8g)QOMCPYl(CoC*}5_&sSVkOYzt^g(QO^z777GCy0q*|
znCRGZRd<<M&IiR(DeQvcPRDR4+MOm|BUmHOx7K(3QyRmKoey~Hm7Iaxd>Lbe1yxc5
zmD{-&pv76+mgJFA*<A5yBT9D2CytfP2OZKrJw}a@iP3K`CY<v}X$AJj^LZ2eEsERV
zH97z95;I9%uMQJ5e#AHZ#Da;(_D-q+4Su`=e4&i{B}H71Gv3Y>>$c~y#uUDoRke@e
z6wvERZ;NC_9s+O8fS!vF^Q7@ihnv*e>hriLH;FCo+^0_{4b<~}`0a+Oy=G)W;i6-N
zHi+}LIt7FDW$HmIQ{ChhK7?h@r-fxgYc%=7ma#-DOI1jo8yJv+7wjLX$<cN3@1<*G
zTA8>rVq1rIbIp!=X@^wXYFA12c)37-#9@(8DQzAQg5YRq(n(=fuE`^?)*@qB9`1X3
zte+3M<$RT;hB8%r;=s7IJis^p?veDYREoD=4|-#z5Sb#KyLKa`ooi+N5jjd#rnmpq
z4VTm9fpqTQ6f*;zG7bOo%FtCwN#7|e%^q|5BA)vQ3Y|)}r&)GE-&nx-E#GsAW4cnw
z+dlkR*4RePx)LdB{uq?5<d2z0K1^%&(iavN$(bO6OtZ^DKM3#u?%FCtaHg2uP7{WP
z8B$Q1pnN|~-VsY>0MZeSa<AvVtPiyDv%HAaXt4G6gTDQFD~-tosLCeoHv_3LGgvd6
za9Is)>xx4b;PFD+GlBAcCo1Zp@_uoay@NPt+}Lzemx)Tq120y<U;!RjG-U$nwe>-E
zEGHwfNvR@!M05b_`?1VO;wI(Wnf)SBsF>%Rf77`L_T2?0TbJbV0*!oY0T6B#Agmfh
zRw==X%DX4kSt9mkwBp+AZd1k1TM1@Q%T*0gM)bw_6Z<g$h7BvY04GG>vSm)9Z&_Y8
zZM=H``s~?c%2&0*E1?-Bl$A^2D(q4Y5|rZ8cf_U0SDc`=5;XK4(0kk_vlQ>RJ#$03
zQU8~TQRLxO{jv1Hi~9z?yj5%Yz0g%;El{ojrN*FMSLLF3b}xMuC*3D8@N-Ja+Xa+q
zMps!YtX81zGxSm2by-}xX*I(m962*hiY9%+mAnB8PzgvySD_f+G9*WWOHHY9`xw!V
z5uwcT@(1u3c<os<a2Xx3b>3@(ccKhZIhkRtoxqz{nW&6mT88K3WqqQUS&?Oz6Cuth
z4%#t9#U*f`+?RXhajSMV;Z9z}|6R7djzYTg_3g&Y7Nm$|!8=zGI4a^WY!}P9s!GYu
zzM%)DhC&`sE#0)W^x@=%G(J>xGzuIP4*MK=Hexe92nh}$;DLE4){72QGFdB+Ti)mT
zyEv);-g~9mL0m{m(%<ZFVHD2{Ym|>(^xI_I=+q%2%QUVV3i8fg4TXnVc=M(XxC~*#
z4-8sI<P$?Ri0rH>Ss|Toz4Xi8CWc{js%&yhikCA_sYK&G{8_F-gwIVdmLT@_!TOlM
zCu4Vh$!Pb&#`idKo+?U`^+0cQUm-QCUgQlhjcAj8^)%NkspJ%SlZ)V~czaKb(@Ja(
zmxKI$2Ix*CZfEdwbUtr8-hoboqX-|mvl5!9R=?W9gR|WTo$lFkPx^EiGSnQ#jQo$m
zYlLhaw$*(asF2#Yf4Q=B(r*0=vngFF^*iqUTLIuAs|6?@zSCNr`L9>D8%Nd$qAAI;
z&$2JSl#(bg1vhL3fj6A5M6U;~B_#eq7_QR+`R{Brp|j)5cK?5BKgN#b2}+|TMh0%_
z|3TCuPD0-P{VJ2_ckPjJc(!%Dd71S0>puvn);OadAD?|a6WsW6CM5(C>0?6C(3Q@F
z9)XY_{(?RvL;n9D!H(z<$?K?F(S{Wp>XENkewQJ903v;=&=qWOO?}&U7Pb5j@;2b6
z)~8M3it97i;Z+WSfn3!R>m=oAN3b=+&iNZ~29j70tPPu}1v{{)J=dmN`3b=-g}xTK
zX0sRRIE2gD3G+7g$Ja4`0&N2R%8gaUZEBO51b_eH*miBrawFfU6KDJ>i5R3&na4P@
z#^!c^Kl!!<#q=g)VZnAbYUP7}SejQL+>ht^o1=3o4&tpPyO-c?P?`ycKE@cu{05c6
zJnl}oj6Gcw*g)mhDg2%8Q!*QQ)kqo#RP?C_?AAd0m1kj(*Ko(*F<Z*w2bsyvB+D?^
zR|Tl?!!Q0X6`RvK7xOazFnYKl8CqmMw4~6>bEmDR8SDaxQqj+NhjMCJfE&H`H+3St
zK(#5qi37I|w+)P`IQ9w?e$xJ@Ao}Pw7EGYtJWziIa+WFE>tS&zsja9_Bj@^{EF;%Z
z#R}>=@n?h8hEDDP8Wa&NVL%U<JkUKN@+pwJ{1SweHPm^Js!{YefduNiQy{v?A3%vl
zo{ts|cXvfG4_rVJe&W3O2VwDb2Rt3D4wcUaU~EP5Tff?VJ%!j2*ux|vi%q%b8r(X=
z0kYYDWFNTgp$5^S7`(%ocGJbu;NgI>mN^5Gk9%L_+bNX~G7qcmt?Z+T3mcyJG(9LW
z%O}SzU(k3l2#6f1kDhQ#g2!QiDFT3{4L+xc1FL;hSwmz4?DV*;+R2`oy6l1{j&_h-
zqK#jxUW~GS?SX@ROjh7`KDkc|et`1R+nBwq`U&E9%PWDnkzWu*2B!mU7(ugS<e^yG
z^oMG~fYAPc+`m|k7Ivnm>f_D*QGLc<HQ#k|D79aa80sz4zJl&^cy3oXTNSKwxq&hY
zq!qhB)oBA)R;}BxdNWd)X=w_SaD<~lc?3#L6u<|P2`qI660v8i&}I&HP^N*Lg7MU2
zbG1HWbDE5Mp?Rp6bN%ua#<G+S_3`xuA8#g`J~9g|Jy@f(YlDWl4~{57ezQe`(n+#u
zHzgojn>BTIh=gOsxL1NiCX9W0yOOF6+H9JmlvR9JnmNq~2YFFHMh+hCm?w>YfQs{4
zl|y|P8IN~y#aK-QhI3<r82~OXy*wloYZI+LbN1~$xr5xify=Oi3X4Sc^WnO^L<rSm
zqg+?UX1R~Tbg}Hxdx`h*d)dK^3cRT*0RJ!X1ueJ;UHjN6K;((}@6kp);5CQ(<L<^d
zLkY5sz}@%aFyDVrrO1Y9Mb@%l_S2;duyqpUW_D)5=V<AM^a0p8OF>?J1V}prxFr(#
zv7-|<lVYP+SbjToPWJy=;t)@%^6YWuU--PZTjUYfywW|wnkdF*WjD9O;NKh+m!;%a
zwW5;)W=^ZerR=8EYpp-#pu1NJeGE&Y(UX*ML*+Imi@}7chpL5Jega?Wu6;JYQXZUK
zCvCNO1Hz6QNoyzCW55-|f6L$_LB4>?3Ud<b_wO8ESV!$1=RE4`;MYr~kau9<w3$Bf
zclGncZ>F8UNA`f@Q}h(&gCc=Y^W7X(o-yNG(oc+^{a)P6Fa64QEmw50a}jd0bQ^GM
z7PfF6e14_dFX4J-6CadNsIZkRcfrIlyvj@j%!z-Qr}IfR9Ca95Ln<?>Z>^^;9vpf6
z=s8U9+j_^WRB<HhuC}l<eEfB#ZG7hoz4EsD0CwIcwycS63!vZx)`%_+_?#@9<sk!3
z?vG3P3(F=vLvCCIyXOByZ?+!Y^qY~V!?2*yhu>s}ZPZ482eywaju0(K{x=DSKrn~1
zj@@@$J3V`R*a%YTO!59RAHi;lbgUl@VkZ?7*K<W|`~`T5WTDU20UypZ=mvHVV*bda
zkf>xI%p`^-F4;4)+KEKUIyKbf_HI9pXeG2!Yx<s2Mf~8$k%=!v8OiS679Twr)baY!
zQ|s&4G4aOqMP~PEjtp6z?w5TDx&6oye%)LCSMFuZHx}F~13s9`DIraY01D(tiJ|qn
z!^ei-edr1kFIE|YiI?Bi)#GynB0x!~m4V<Xysan%EOOOE7E@`UY81ti_<RK`NF4UI
zO_~Wp^OBy3a$9H{43qZZ#G6R64ME-)yqk!ir!sHHG+H?d%a_@w<IXcuwJ>cB`#u!3
zhrMYSI_|w^jm!3Wd?>PPWoYyZ`bo~}9z^|kk{i?48-?R-7Bkps?N=f;C$s24ZzgXq
z>FsaIEg*vkC4s?Wq#V?Ry6<f9i4W*?WWwr&@nWH0P%`HkT+LB%Elsn50G1xo<-S5w
zCd=pjO#uC)F4td-zxxax@HuEmYD0vjPU>+MCs{+#fVXtKQhb7qk+5QimfeAq&5$s+
z+`Pwz2#D5xY;(nlz}rZ?fN^suM(%5WGTe#rI60Z1m4j@{@>xD|Ye6FrM$xzk_&Z*$
zfQde6N}tUWSC#LpoTI^s&2mv09kpzCvlQw4+d&9$d7ey5G?7!tpY{{&XE@!Fm5;kH
z_bG|t;5~6vkf}^M&J)VM=%7iLQHwTId4yEJ{2(+;us^wmuKS!LwKtsCu)j&<+|+)6
zeb0{#AaoQ~UMypsX-XPYJ})@;%hxC7=Bns4X|la4#GT+XN~5mNXt&kTUDPuFBpfMn
z-fDkg?~8p=B2Fv6!=S<}rw!4vDm}M&akb(?PTh#J42_3eI2Xd5X#;+Zg|ct|f;Vh1
z2W2;2zNK2L0c4*c7VoIw_<dU-xmSYt7d&zlgk=QvZP9<o>0ERVu*Bal0pHI*2!7}j
z5zk$Ce7;vpx~i`2M{)3EaCLwpQIU5^fO0K+*Naizi>;Ij=pfcbXmFUQV2vP^?bgN<
z!6#Q7;<kvLR$f&ld1VsmY0;NeZK1*G61trDiBR`Q212vZ8%R+Nc24Pv@phK8u?gxE
zE4^oHePueI#Cqj_lC42G8sE{S6rkNj4u8zlQqn7ZO_#3-qod+RL@ek1>Vk0WQ&<`x
zG)OUgaIEn86GGff$!XFg0MqeL4-rzB!!eolN`sOsHoYqJTm}&?%zv9Yb{gTpC?0&h
z8SOG9*LQvK@FnNU?Y1dH%>Bi%^2YRcbbU-avZf?ObPv?1XQ>}Kw*P}rdmH&ct@o!>
z-)$NY9o=pdAW>SFLwwIg(=SNQPND?-dhf->JG80FfghL6FC7|2z7r<0=k7RPX&qTo
zExMmi7>k~_LbFr$TG?z;i#My#F5ARPWD8FA>EZ%$l1mIHtBy+^KhSuoYYO3&lEST>
zi7LOKSZU+KuYDWOe@h;_DwZ?+<(-2{x%xnpLMmInGkmtD<V#sTghnbhz?Qn#aFqAQ
z{e(ttnn(DEft|jDe(@~niCka(y`+!&HSr8}wD;%{xDo>q9Ob^7%t-Xc!iEjK{3qk$
znX64{MXnhQ!7*KfBHEM~mL2Ay;`D~r%7K{G4Cf522rKO9T+<O`d~hAn0v$jpx%GRT
zOWBL`b@g?#lZ{R?(v8LMAS}b=lGoyp6^#+}Z`EKd*!M?09%`BtI(7(8w4&;0rRvL+
zM?EGyo2{BIE4G_H*uMrj4(MF!v7ehePvtZYK3L8u4i!dU>gRnJ+(`kyqaSE<+>G+7
z06V_*kn~CA<TK5hOg=8*_d6*^50{J#iexgwx!CUK%v$NdchYYa$Ev0IbgCTMEK!<@
zj)eN<;yDeY#N(S8snZ5;>vLMf1fgZ>JHD;C$ghcdw%|py@ocJyJBP5SJMU1n8LiAs
z#OFMbc(bPX7DX%>ISV5n@@l0_PW56pZOeWgKS|cTJ?V;;q)I93i5Ux;w=+M@uHNdX
zjL};BB&Qt-?3tX^5l2icAIPD;B%+(pdH*1)I=>NYe7vPgRq^$s$-nz}zL$EE$=C4k
zZkH~{UZx7qMxh}x9RuR!ntjAU9W^e+ZC*0J1~DSlm|hQGri!LJHaDD^ESIx$Asv$_
z&Gw^0_)FO^8fb<_7)MvhwT<T5Hl=>*>5H(ej^MJ+YV>njY_hBJav7^Clc`A>_FkbZ
zrnZ}i3(jdUup)*W0n3PZTR<4Ah4NDe=7Sjhc-=2*rA>Xae_V^C>_t;ecc1g0#vm2b
z*2=Rf&=ws1t`rfxJv028slydy-*JNpOPV-zJL4{+4Ey$znsq50NyDJ{XbFtHhw+td
z=}PU-*t|3<hqDk>0)Z();j|ljC88@6KMXAPeL`Br1u0+^o$*So=|UoJt=o!(oHvT(
z)J0CR5E*H_-j?>;Hq&_3UN)^M5z3B*KJSQ&jevJTtXIm8LB_+tgjOnsrKD*_CdrIS
zTc^~G^mxkAgcL=aKyE_3{uHV_O}djnWT4Rt&d=Ql&WvaYj0k*VS91P(Z%!uzV^zz0
zG$j>2$3A&Hi*EEu9OdP{<)gS>;?fa9FyH+w(<l~!tOnMJ*zp?1OG+>4%1sl%d#PaT
z;sGl4S^0IbnwZL2Rp<rS5UD+8Meu-%&C!2c;jbrUA_Pk^JZJV3zwcFsPBh0lK|?$U
z-$t^lh)d7V5>U+cw37?+l$z&mrGeA%OEJ(^2{gym*3wz84SyZAJhrY4(wF4535o+R
zY{fqYTKa7kv&z#I@!diOTEt3vrS@GeLKUy$&Ka~QX8O=k96TjB{18XH5*DPO$y!Z1
zH<FDA%&<yX>`5g7UdH2r-{uLp$9exraB3$qoW^L4E(ftgsjOzsv)7@cz-HyQ4^S^F
zMAKRf&a+_5m1b?ANk_Z!-Ar7N6fM3kwx4^XY702O+bT1&ef06pcYCVy4g2@g)E)Q~
zAHcPCI);NE&OQu6a)XM^>>HK8oTWy={9p_<*yNa+^<p*p{&)<CV@|=y%U=Bb_dc|s
zp(6!~1f2!<NeOn^i(A2Sw*n0t8T?qj@)>NaEdUMfD*s~%T0<&5a1*or$%$s>@YkW^
z%w*HxQ6=npDMYU243du>!|C#KMJ!oxp_H@`K8!mN`|$QSkeszb$TrH$XLWXM|4?Xy
z1`8hl1F!&U1?fX4KVPlbbVWi>mAK@7OsofNA867C{NmbEL3&dolNb<Y=Xz`aZbC1x
zW;awGDOE>AT$3&)K@;4{E(x-+kY`zT33H@g6;8GiOd1X4P#d?U-jWiY@y0#>`v5xQ
z1`&P^V9DJ`qGwebHv{=hJmqocggy@Y+CoR^o-=({Kw0Ibk2qlt2cxgdhq<)%sxMn9
zzV{8d;TiGkXL5+90}U7dtoVB^`8`K$ZGevQ;rjeNcHizia!R>t#}34H_%Kw3UHr+X
z-9h-g+Xq5y2h`G#m6rA2QchL>vcdK|bvR)Mf23eQkly6C=od)eg1B=md;6s*Wi9;_
z4kluKQhPdGN=hC3DC$Cxv<#${KvEU)IT^QpT<i599L!LWIBW-aL^iuw2!<TQ%X($S
zlvh-C;ote?UxRj*z>y7w(O?Hbh92?D3b;af)TNao9y%FSfvC|~8}AuYo}pa{-H-Jl
z)lKGR9KB}XE@Kfoo}zvdqJkB?_j9NwHdB(Acf|?xV1%$*FWB}OV$zgkUr^#<b;U`?
zW|DF7Mz0mn%0C@4A}KrDv`CD0lA^um!uqWI`eVy}1+VwSe}9aivWl_p2Gn{Xn>kjI
zQK%B}MOCyZO2pk$GM(32cseTm_$(l(bmwNL`Hc<wzc3mX-K?FFh}HFrj?&rF&e{vA
z{=F+dkS!pc?1LWOjh*rnF0?K?+pYgHL~e89Ue@vDnO-poW)BSQS=YY42!S2m%*h`?
zW$VxBJrd8x9f^?Uf49PL#+)n!CN!@YFMR*{N&aaaz9T3X-JM)cv;RS4fw*;vY2svY
z{o<&{&hju=Z3>Oezl;cocZj+Uv%Y0c-jS1X$p3LovZZjm+H)b>?%UEca^`=0tGfp-
zE#y4uM)TGuooOV*N3i?W)vcLn{$v^P-%d(16L1~NsoSUxoLpPpwEEx9|6U#b2hq4y
zI$rV*8YjO-28A>(Uy=-mM7#WVcyr)}<0xn>wWf$=7Cq}<97w{P|K~hV(C;tN0U=&+
zft9~wc0%A+kH0ltFiHP}-I|t$FCmC)9f7XL9jV4ru=yyT1@9#Fl#*D)?_;3hvLjec
z(HUnzNI8C1E3T~ZiOXC{<ft>sreTeF6ae5gFIXe!KVW<GJY%hLi2K56ZKjGG7XWY;
zI#CKMs4PK7n1lI;h~`NOKqr2Kmk#2Wt*}e;rvQq4@3+B2)lUFtV_i#_@Kef8L+H>5
z&+=sHVc)^zAhL?FP8rOiyszGxZ-He~^Jb{H%Dimz>dd`6n$42{W5B%;T~aW(^y8ju
z-D<{KHS(&4%3|sR9CDRoGfN9oEcAKnPP1kwULr2C${|AX_zsGL-=6UikZVTB4#v6l
z9iaSj%DOB??saZh-k+oS;d2e%NNraDDkc{9zhL(tfKEtUaNmU(v%Am0b;m`0bb{U8
z3%O-(7NE?GkntFB6g_W%y{1qBb0x7`2|!eKA7C@}1k{>MaTthIVxnRU=(NIu#WAQv
ze`v5$n?lYIwG^+3Stgzr{^VDdAf@QDx3!0*uO&E<p18!0h{fUO`f``S_<My!K>Nk6
z`<A<*fOKHL+|$?{3%edDwun`-^0@1Bx@j?;3wtG#)hYGMLdjl=>30SfL163x1gp&V
zmmWA}S4$c9L$raC-Fwt4n77}82CmTC`%Bf?s^#}~<s(8|e&>?p3ZO;bhn;>7-W{us
zH_bi)!9sm+`{!k{rpP6#qD25acH2H(yTc9#Soc>nnlM;C$>IfB!sAD?WOMykk;KpH
z)7#bi4k>`N{oww)2f40?5tl$~UJ#f3w5s{>Do?2Flz4q8*%Vp)Pv5m|XA|B{(6nJ8
z^E48lv_;Cl>Z@LlAXCq$Gz02#$QFoN>YKsK_SJJ$uW6z>hc-HPfQrHX!JFQ;*#h|q
zCP@j+80Dx+iL{Sh5v)tymQZsVAt*IhczI0(gf?8X2EL}F<;q$DIxY2~-XOgMcf%lO
z0JL6!xH(V>kj3!-GTwxPkr9p3s-it$#XR23DI0HzB)*@RK^PBuII>ynpd4hoCRGwf
zHm?|V5KtsN{~9x{&>8Cb7N+{&s~1T2Gcac&6XP}Zs`5r*xKaS=75yoLp=!TCkly<@
zb_{1pSoHMvWVm4uya>IPzR{2{Qp}Z77eRmI#7L3oKFl6kO2VmKx+07tEU$S7wUX{!
zSvqb{!E6po|IcLl%qDWg4P!|*%S1+JqWVDLjuX@SVl}glIPhLy)wspM)~(8|(Jj#}
z(PxFLt@A63;9ocL(~kcj60Km9baB|qXu=eD{O2qEU*?S8uKys+1dcz0z|u_mHsn?l
zK;E5Cq+GT@X8r9ebIU<9Ob&5%6!Z_0?Hd;8eSB)?*ET@wrvUr)wNO@8F7UdR?-F*J
zKe6&PFC-Z>Qi5HtvzM8JF8)FM+K=Rx&IvpF9a-Nk5e6qqitG&x0Mg8lYu$Gne}Btb
zIwl5B)E=MLV()-7+Fd~DT#nT{@9|N75{a%)hQ~>}h3$XPOe6<2y)DxU)`!-<-(PG{
zatdnM9w$pz11<L+9}D!57(??^6I))&3kv23=hZ-wgfUX%$~tCW)J&eA__khLxSv<}
z<g@8Kjb!fD^aAfum9liDAzuBW?Rc;4On4PN!4=8H^8LxCm)L-%h!ix9X)~q%=a>U*
zo-op0(jCvug6s#Su*FsW-<yZUPlUfSsthP*+6iAWBXT}cZSfdCwvlV_!3<p_3}gMY
z+fbc*KvF)gdQ*ZKy`P>c=6<>vmn@s3Exui(-`Hl+au08qn03K}RV85)A-_#a6&?5`
zr?u=Ok|y3Any4Jk&;#JAPe0CCB;+X(Z}ie82fok+yvg<qkDTbP3@LiIH}79pNeCSs
zk;EgQrnL`A9C|!&%yfX|rgA>k$eHMu2fJH(0r@^FX!NH)h>`o2+b~R!c+27678b<E
z8&Gj`UC){iD7&dBjhFWtBDq(&utnk6igpB(k!^8t=kCGZ)j475!nT8P=RJ>=Bc9Sm
zOFaDY>N|-?4r8-7)`qQoam*9?A~Fdfj}I_5&0l7(YdhPcYi}RByO&}}C~I~0bG7rw
z^bHNx%YB4H*gmcxq0#&nEe~QGGjS2~D@a&e;>J<DU-HMnRUGPvzq$4#a4Yl9E?{wl
zVSXuNLNV#5=a@=WICycGooVD@{G;wOA5s($%e42pUbvlMSn_cNh^9$-lq6ko^2y|F
zx&=9YzfC>)7M6yaA0oep^LZ}Nun(Xq?A-l(sNLWx3az958d+b(`W6OOS6*_&zs1us
zl>g~Q%{9lr7fu4p(@tbPDUGEBDC;M%`<0u@-;CYQr3mGo$bgf2A>vigxT>NZM{Bs4
zK}B8A_#p<&M#F@Xr1eo*`8HhiW_(@vbeEhm3GLGW59Z8Cqn;8uw@4S_#jxGGlP8z5
z;MImIO@Y<SF|q8MVY^ZA*!)h0a{er|s|%Vt5O#a`d3Ku6{;GO|4)VB7K>6xwJ@M&h
z0dnf8G_-_S{Y%ozf~u{rUy-UhC{3f3Dn|v6)+arzPY4TAlF$+hGFIEZ>;|+W$Rm6>
z6~17>%?ert-jV$DMM`|<${9;Crpl|rQRr3m;jrk6DYgkcoakmg(H`%4iK=erAk*|8
z!$>WT=%BN80UGX^lr(gUx|<?1#ei1)7Fy!ImMQ*yt@pPF@wVUKX|Y7tqxZB?RdYKu
z6RXG?tIp3*Bl<HNG@bBRG@%*U7)k3nO+CN&et(5=DFyvv${);JwLhw;WTrKT<iH5L
z7x>0IjLvAZ_oZfg`>frMj62Y*BY*w-4;{kik5X77Z=bXl^EU4T;aFT+;*;zRWy)-E
z-yy~Jl%cf<9riO5`W$naR-6ImVhw+h6yIY@pHkK|GSfLlJ}y<Ay`_Ev3+l&smE>0m
z4MA${Zqsb&gd4)fK_S{crKt3}XV&r{OHofR#$?yztrs1H#vHh>H_&lbB{~K|qes}O
z!Vj{%{y-IcV*1WWs?s?p%hMJCpY==f>Iu3-_Wq|cj}g!IoObs?J>Ldevk4?L9+zl_
z?KqxsgT!r6sGeA};AMjk%vOV)g^nZi^u2XF8WjM?IP0p$YiADvHYm&#{&9;L4Twnm
zsk_WYkT2@Offz-K^{5{>#Z^tI+3*<qW_rZ)JA~uiNl0IlR-8I|c%omri-j%yR#zYA
zm?R}2zoA^16K(B85IC|BWIRN0k_oQR>hLSxK7MI{_f3jn+%yG&Dam^H(S(|{y){x~
z&0aD+_|=CAj{vW1HX3|7={6{rr|t`^=s0raxkf;bL1Ci9pSY<<wY~Ng&fAmheiO$-
zHR^E{Y9F#pS(-KX)A}|(-;EIZ$eHpDS0ZP?4u7^tkAAn-oV%LrIkqy&J*Ik_DlG|r
z+eb#@kG!rG{)~&;jUF21j>$bE_snjEDKFYb$dLp&&~`9vW6Z_iA%nVSGc$^N{GsY`
zgO4!lvCD54{HCmNi_Ehx*w%E<sr$zRR$9Xp3ma6W>sMFgM7WLS{vKB`9Me8FoL8>&
zHFjS?Hzwi_$Xl9?xUY@qRmQ~UBCY<^#3ZJ^ag_UZfVF5ku~fdIeDCiJx#3`LkeQSn
zDgwLMO^e?i9mUSjVU${Bk4A9_6PPy19|caU2y;=;A{-%MJa*Q!r?zPCK?c$enEak(
zt6*a6#&*HO%<28Hjd3$Q_(s!PcvOfm{`!p6J!~`UN-nc1hqQKmGpgRB!;$Z%m7yNA
zlAOMkW+@^QqDqEZN_jpa@R^jn+g&O0KI2+48LK&%l$KVE$Sr{e8zEfdgI8-m_n-y0
z@>ZWrt%*KhYCW$sBj*BYXQWIf$=hnt*|bareFOS$<GdB>shDZ_Kg~)5yFZBSN4c#$
zV^pL2=(AHB+vY{A99!0@x2<wLGfjLl`9j>k)T>)t6SFli=7KYo%i~5Rb*}B>sGTzp
zD03A2$e$J4jS>Mp3G8*x>2l<^x`LP$l_{7^|I;eaun5-rR>5T)Fm5?*zMt<l|M!>P
zJ_DMNGgoixgY~cgmrtw!57PER37n8+x`iCXy3jCG34Ca977RMPV@g=Ya_|~JwS?S!
zH*OaDiNk$IEsT4SzMOD|uySqbkI3O6P;HO{aw@%@0s}2w#Gk~6;{Fj*ZidsCd7s3(
zTpU1|!RO^>pExWaW;-Tq5YJ1jmp=1H>}%hqb4(4pbik1beZo^YbL4klta~u|g%U>F
zE4}?1FWW45ln}@JX^c#FVL($37~<C|^J2in_A)TQ$d;|wwzTxY1`$n(nS&-zaZ~^f
zwvm>8KBc&D@D2^nrwt!+;FVq&GBBY-OHP)QS}C=i<?8L{E&@VMeBA7CmKWY2HBWi0
zsKD5EmX`_E3{MG{r=q8p{I(VhBsbv2yjYu)-OaMQwseFKxh7|>&TbWJEO;vb1_BE=
zf(UR^2?Fps+)EcR%Z(^<qxI%>vO6bw6N$-Qr7!MZHlif^AjhW7EJ0s7QG<1|%Q0<k
z2spcm$_+aVU!Fdi7}5q1=s?p<ZA}W46Fv=LA71ABnfihZH=hq)!T}2xoF#%G?*N7u
zrrgu!j8|%OKih!67#!H=3rh`Jd)i{cq~Rt8)E!M$pn$?Dt1ooqpUG3gxKWb@pAS+;
zWm$8<N==me&@7zr&RYo#E60lSM4!8y#-WNA?lY3QE-qZN%}-SIe|WFbd@7d_ZFVN5
za@~NCrmUM19WAV?A<J&F%{k+t7yql5w#1?}(PJ?y5WAPvLxlQmX8XUgtRDsS6GJH+
zG1`-;L0VXOZe2*&#%26v-La()1TRPc`lAG~31*rXP^PDeV^dnnuhYJcZ5!K|95)Ap
zE1e2a7DRbrTdoOXzra5Th}RG<t*^bzK!=5lsp)5-lh-R3Q9J)KIMHBKY51pD_du0~
zznmpJqv;YGVD$s(r2Sg>dWJrgNv-cL?txQJ8TPmLbjSTx?xP(wyr$67&qS~H8TQfE
z(@g>7OBJ~?zx7$}Gfn}H4!n&RTM=|$OmQ1c4H7+QcP<pDFC36p_AVEbKa|WWStcty
zKFh8(UTs#0KPGfoK^qsarN^vd^xZgQ()RGmLmyrl3EhvlChgwI3dIvMG~r4~4pn!<
z&nhFlbcy5}4-e%lkJ<O({wShq__qv#A5x*mIQv`AJ_9GgQ#GPS{A4#m^vC9Y1MkZn
z+(N-w5iIpu3e#~N8qEEQSn{NkPrekS2p0SpZgwKx!V=SZXR++^1jVokJuf4(n9WVx
zV$xGF$noqmA+y?|vhobKY(_&fy|fs~FgiLBXepDoG@!I}f<E}G9E>^vlGw3LU?U&i
z8rZ*NTD^WB9@5q;`C_#N%Yz{I|2A@yBoKnMpyX=X2LLR1TP91^o;cpYy@UTOsFq~w
z(|M9L(?LA(6!0U^zUUaBMty3Rv(X$tt&hxE2B%#M-p>4kfZvMR^ZJo%#}k<^OH0uc
zKU~wk9*Safxw_Tu#8K`Z2i9^WhWKRs`cfNp5wiC+>Vom=3y<q1;?m~eJOsqI6o6G}
z@>gNd`%3o;^O)-g3dbcR<y!x0NsVtSecZYu<g(^VRNRTIV5x%UP126S2cTxY4WT$Z
zmYU%B2hkPOv6=YswIG<~A0!@}S*|cHY>r8S04A9Iz%=7*3BHxbfk*q|kDW?4!S1id
zoD~TuII0Z)1p}q^lb<{5zGj!;!!IGIkp6}qk)F?fd74InA#BjifTNzBW;w-#b;eS;
zq-?YTWAgnT49{}(udAdNKV;m=Z76hV1$LU=w5!`S)tE#iT3}JL7uGzM%B@%8d|I`z
z4dX{?KM;<uW2ciUjI2*z!rm_gHIQE8-L~#;Eb<jKjd@F-Rcyk=?>Z<-Lf9a<;-g&;
zdT|F(Y37#_0acM#t#!>6cZ;5`p^?u_P9PU?o*6wfG4e`jNg;ME1k9GhWKJpWc}IoM
zW;L&iimc!h{~f;p3m-{riQ5YCD#ixk55hI$euqtO?$qWDjHmNPbU8UEKkBRf+1=~Y
zXCHv+Q8h0`e<>&NJS_IZ-MYwq8C-#fjO%N;2c3@mMCvzKPR7JDR3|`j(QhgorwkNO
z+ulDQFZDa^*Ea40?#eq&H`S(yW*O5v*_9(dUYC90@VF^Hec)8N=>+MR3+_zSHYa}^
ztz_aZskmxW+Pj#n55Nz#P6;|HOr@PbS<Ys!nx|eS?Ea)0$kf9*+t}5GAXHjb4iWqt
zC8p_H+zoXw!gEn+cJoX-+O9X+<N*9aPji>5xYR)ms0>-|vF%pnST`2Ts?2%x=ETYR
zrg=IU(nN6WwLpqJ^Nwb1ACA$z3&La0pSPYT`tZlxy=f9BJMzA8?kkMsx4`TzifSS^
z?<E(Nt^_B2$r!GEu#GWY{{a8o3B1_QAVB1WB>`oHIsJdyHkZ5^X||*Unv0-J(%mT*
zkZWexR1jA$E)?Tj!uBfOe6nxt`~If%<N(bJ{K52=L`pw9f+DJ>M7E-=JIHMYbR-t=
zU?Rn_eNR9#GC-KE#5)Mmi?0S7Jh*_zi*@fi??Hw6u8<VIk?|u}LbVy3Ybz~~M+lLK
zA?|u04Ui~m)c|Qin!(d|CBV{sZxt)vd|`=y5l?{<pkJmLOxyiEskF2`X+qj2D;cwU
zoMtjy@M8QV5=l7xKLf9K4<^SvsuIj{R+80*XaMT=&lova_Y5d&TJ+!$`cb#v*|}*U
z-`?ZbgFVs5jeX8GXvCr_xEAIIDd2&D668L}ePv7V>IKm&=si%QSy-a;PXW;43|_;z
z<8M|u`5dbCePvvz0`#tMU3Chq<8l7ZEU18b_1H65l9=3o<m6VXI{%qNKcdbd&ZKhj
z@FvQGP#KtA_^8@o06n#I{I08SP?pN8dhjx@=T|@`dAed`eB+`NU^6eCeGTn_+Fs?m
z!G4^<{To-7CD$V*V}b7|lz=fUerp_cUOV~^@*!kZ;ZOeG5~-_@9(4YAup|C|xAJm`
z;e>p|$n-zRkMN&Kf}H-)Gllru*o)x6t*r@W<{Pj!>`D6iJ4Ey!gdhBe1ezBw{z1~A
z`3+0UOV=jr9+x+z8~vsXk(o#N*HJ}$k``CYh-=r=mT!OaI^}l+=QCP<Z602)#!f6h
z-VR2gbZ*t!Wg9uRQpCB~A37%y1}EigW`0TAJB>fO8uk7~3;e)+6P1!|)EeEJJHNRI
z_Q39El$y(#Jo$e8$YYw{hZU<#f*B_Y>~eYkt@@yS)a5q;u*5w;6B@HibyT$FC+{O*
zQ$OlLwvbdT3z@3oS={LOQvG7}2S7D%vQ})_H9DITBj5Vx4wdf~SS)eWlM%|x^39rl
zn094@(b|m@Pz!E<oO>7r%L!v|Ln<$-=E6n|UOhH(?>^Ed^`e#FJHbZXr>3We$7fRw
ze3o+Wb<*fl&8D>z{zHZ~gR7XmEiZzK1ks0jhdZiK>st(XwBrnrK~52DQO55eXkw(Q
zQVWCD)TJ0izijfHSQyzAZ^MS+4uLY|8XApw&<yZLxgq$S`6ns5zkUr9{=g7LXz|Ag
z=w#C+ee%{!lQ}jB7PsU05+i&>GhQW59^DTsim<09>XyoQQv;>$pfxjKJW%yTX(CuG
zx+w;bcEU6f0(cy$1ar<C2{kgyUsd@D;Ex91y?15=0ByEK9CvHQ$@>%ozM;ZQ5tf#h
zk)8S`KzztW^j($Hf=a~8ses}rSzUmRpq_2xO<@#r18*>Obr2V|D%O{xbG!B^(hhHp
z_<aR#P`5|Q;5n(>lW5FA?#lDv6-U-T*m5)BG_#8G7xlJSmNJ%36@$!f$_#J^ODD}0
z*%`yD_4az!9!!aL7%F_LeF4Xh>jC7u3!}1D%N4;r%*a?iI$Kv;mKHCyH|d53oyia5
zXwgaG!<-hAYM$iOAGJ(}RyZzgKI1-ifSFxw>)2?@#I|73-lA?y;iMP(iX@23`l0@p
z%0sxK=f7{w{9ROrD|ZLZ`PZn1S7)*0Q7y&so<aU)U*dCr|G3!lab0Euq)zqzFR9if
z=n8vK-9U)A*$4k%<p9W$x?YGS!Rs;VshpejhrjG@$f;>>cNB^pG;y^o*l7cDCQA7`
z#mjy>=qlg-<_erBUnpw=ae@dTi%F^g>oQW{LP`Ox-U@;WQZ+yCkDRi}DJ1QV=$wS1
z{N1>CuxbiYCLoZG1JBXk>WOb$;N?lJ$jeAAf+4$tl!(qu$a#=7r8!`JI7H`EI(qi7
zD=fdnw4JD4)N&dG))zMo*}sJ-j}hdKe9ct1Dh%kFC0>nYD>|5`ie|JSvE)^%PF27c
z{uHtOVg&2fGV8;>^)pPVd<qTuFL)a*dFlSBx4d!+kU0BAlH=w?g68a-NsWUHK%UV3
zoM6tuxLCJCd6`}p4J!L<9`=1XN@$N^QAbnj5}6B$PwisQn<OKa8KAO$nx8y#46ouF
z`=3ZIOjhm1+>A?(r*>)X!V%0c1d@4g^QuI`ZmVPc1oKNDx<pX#Dn7pxp7{z4QDCcB
z&FnJ|tMMfULWAbkheAI(`mz_sfpv@gCKo%Ibq>Y5Nb5Cp$Yu|V5)OKuv_@Kej=q(s
zxo7v%eZyEM+NZJ0-dgK{b+mc}GUxGxn=KQbqkoaRGuJX122<**m-p9M*%boU_xcrE
zlU0_DI!q^)QL5tpa@{;}vuW*llIkSHvuwl49Sq|~O9PWKF~o{OQj|r)qeojQgij!K
zm`@l#nXb~7r@PSOQsP`NJ)Dvj&b#OrA?%W?FwA}qIvjGJj&0W`<eim2j0k${zsUZP
z@~m2QyH|egC7#a^JiU<CS;}=Y-SGh?)th)ly?wAox*&7sXI6ZK|I>*0LXx5WMS7^P
z>TgiVLWI4)rx{DV4bLQ(8*R7L7|!i;5Tp`9W)Au+_9U|WGM8Hz3GjHs3=Sm6PcYl&
zXrhoP<qS^F#P_|lFPHxg!H~T;NvR1sJm(%E)-30`p%pX(D-&!UL<@0=erPm9+@-DP
z=sp|{=qDMpdAleEO8=(v^fOnaCI$;1ISnnE6!lqB&N_CXL3A}!#IG&2Dz7THi!f#3
z%);5g1L<SuF4_Fll)tyb^s1Fmy|-0FdcW<d`2doC0kv3YqlXGGB^717$E7BF@={2$
z(rHr)o&F{`Be<L{uPSHgwL6iYn^D{V4RTp3!>?j4xRPDU1!!U%pVo-Wkw5x|OCr4s
z9|QQ-k$u*;?_<8V=3Hq;FjpI$mWW7%ifi@nRC0NrDo|Sfx@t{U75>FYPEEs+Up7kC
zM5uG%jzf(acG?tBWSI{C4wXB=oK~U2;g63PBKxItP_4<w1~9RxS1)5X7K+%$%}zDR
ze%a@IDbS|WB;9xQ+%#5d=hqU(-zY_nUjA2+88a(qQrMhp@Rh~%sd_8%iB_g^8qFU(
zujVxH7GNU*PvkRb`-fe4OSJniq7liR3rlrRt+H{TMM2yNo_*RZ7|o&pP*@+#@ETg)
zpwaj?<$bd6n&p*jL8ImI_D%Hr<fLk2$|-5-N_)=*xR%Gac|Rk*!g^#F^`+mUxM=a6
z)Zse_(|6{BL|rej<G2h*+|rX_Dmi8{nfRQwMpy50k_XI78hr~!;<CBz91v>X^zH4p
zl@uPDP<J4QKM2dCBMqeskYhiX!v!!!PM#={^A8rl9H>|(Bqj?{#4r1ld(m7p`ww9G
zt!}I;T{{Tn<l#)#6>}|p2VvrE<HER@bp38Cp{po5z!iy)5phti%1IJ4BS*js1#mb!
zb|Y~V_QQ!r$KDI8I&8JFM!{+xI?$qr3NyUCw0y+F3$3|5e97WiM22f<l_=0COgakb
zQor&<Cz`LGv3dA_!SeD~dDQaIjo~w}{}BH`UXDEFMi54e>-9<{zs4($mhhmk&6+oz
zNAmBEi=N{OOh$5#(_|`9Y`-xCF@(C8ZW|2nPLK`Th1NXFAD$6JZa>B8d)jx^<*w=<
z;hRFCROZ3b>Iez|4j+{&P0>zBu+q6$D6@4RBE&wX1SAkfWSQAyj$&uB%O)@f?ZnlI
zl)&>ncozvRebo8iZIrs1k-_A*Eg?$u^lzugj@5={II!0-`X~Xk2F5+1hdOPeA<TLf
zmq3KHeibvTv+k>xV@6+X#tWZX9-O-uGecjeC7#?zo7`o*PgBIM^1SPaO#D92tm?Yp
z4^wWt^Pcc5;DmPO*agRR_1dfw@pH>xQ?&aG*Iqm&;)&~J*^CCy`>x`jW_ih@pM(<f
zf&)KJQn`3ug#<y<A8p_Yq5~}v;;ji~Feq|MUdU`Ll88;1z>>~g$#u!HJC~|rvy1P4
zikYUY*?Z*e@1{ih(wtjgxaML5$gZ~_AV9D_WCZe_!yN}N>9XN(;LZXv2bGhL1c)w5
za!tNyNW7i%uLXr*(tX6X62?TVlPO~7kw2R$6n;+)d@zX=>;gujFU*@`4}}AIaLSY@
zT<P*Z8T&UOpWI8RiRHv}w<0t^5VSdge_orUA>wMr0RcW2r+r%qzGdmoX)S$3|4VDH
zDO%9wnDj6bE@)Htmu&@jl}Px>b_~!Y5w0oeiwnb$EReuy&A#9@jJywCUcx%AahS8>
z!a7@;imG6Tq=^yp9&CXI96y3w1CEm=Y8RiS7|cm2T#I;7YdGhhi}q!++sqzNQ?7@N
zjbL^g_Mrm|Dk6DU;RSIkOo@_}<)MRNCk>op9<S@_xZyr^FRLeFUq=Not%_+`Z$hwJ
z0mwE}qNEJYkcH15HrRnXr7a{iLbsch%6N$Vv_udlMJhWpjREIu`UNgP7CJ>JJksVw
zu7x4@kuHJzU6iL}C>R3eXJ&w#g&^igd)h2EB3Xv}qwOL+g=ONT$_sgx`Nw6G9hRsm
zC_N0HtJ5v3JXM<sq%_vHmkxz)#F1+{JqssO!t{LQEyOld$wsDexSL|e*?(F1wiQjP
zPnOITF{_$MY#Vy+KB}j<{60@dlG~WZP)|)_mQsYHi&R^eLxMKhDz}8?eSfJqtv5>4
zR-`gjk%{23nhTS&95`PnNF8;y|Ccb(HAvq$H77_E&|xDz;WKrXkCI>Y#Y7J*jbA|b
zyIX<s8T!*#;Za^v(c#SkJLAzCRnvLGIw3DCn8BQUOWd~GNl47Wwa*stQ2t%@SK#|Q
zhP?TTs+Z6AIQTu{7(gW~nS5hq!z|N((0Y}9VNF6kync3_<Cqq;H*}+Lt@aP{De0nR
z)BE^rb?eLg5-4^DkS^rTGtI9;ST3V(WhWTIFRe+2%x<NY&IbNp;@EUeK&4;1gg9qh
zy4Eu995K%*^!|e!>R#sG4oqC>_S~v5LoYf&yJUG4%zBnCBuiHP4krFVDpO>sCy%ca
znQVT||4teT(Fs;MKD(J<0)rwGX0w~TiOP$RUpK2Ry55Xm4<EY_wl6|azb?rC1d;^&
zC2z{)4}P7b#^nCRvGv-(4kk$!Nc+(9G!VRN^LL{8!1C48>3jjQj_lhBS!H7G%|LJ2
zt2`twM(Fqb`q>e=<oW+`bRO_f|9>1mn=&)c-X!ac?3I<DQTASk2ythR?6S|^iKy%d
z$qsS$sEo+jGjT@t>i_Y7JbI9D_q`+aet%xC=hN*av`_GJC$K}xID~OKB_5CY96BL=
z#ePNC0Z6Tx#N^Tq_5}Wma}ewrrT`}-@pHJ)B;)qF-}Yow*E=qYUb8!^-_`ST<m`u)
zV|6_13oMcACpvECL(h6NBn|0I<v)@EQcnJ745cTBjvILQ<MpronANUdo{<UFfr~b(
z^7{e}GO&W#A1|s_yweLT5sL;?fNtB2;0JvjJJLV`KrflCm!SewliI8qxJa=X27Df$
zMLBS4n~5S#d~aGe&7@T2Aa4>)E#P2Khal5?2pmfvF*k)8u}(9^G9W@q(7d6hh;=PB
z6~s=IXNf2Zzz4g!zea#S%ExTc{)wvN;o>c)q_Vo&EU7v`O6jraZy7RR;2&3b$2L*?
zM<J1`0_Dc7`l`4HH&0*3Y}734Ny5$MB%HB$bD}DrBPPDGJSB#PHy+;WO)IN*H-TEv
z+2(G-JwEz2q<Qaq<#l&p7^;}<jKTywIHx+h@?#Knj}h~z%>3|ihv4mUC7E9|{#K>z
zf_>2EyI@(-nZjZOLKNs_PO8^#^%Lk~jo7^D&URO&iYkjK=~{38%(nZpal#~O4OPgg
z_<D=JXEAPLc}-cLVeWbwgg2}b#9<1@3s#^5a`50%({-yusUCoh1T!=#cH{%82ppKR
zMN`v1wh9adEV}AT*2Y3p4FJWqL>foNP#u|I*^R3m$N2zwjg|}?-%5fMN2owOc*FWX
z7yyyX+NPDeRZHV+Au$g?3WMocvInOti-`zt?>sk^J%`CNA0`BWP3%Z@p?em7Z#*EH
zG`>RWz^8gK(L!-{m7o?gQ@#)IBArmW(h<;X`Kq!77BX^n)YogkN<AB990*7x(U{mg
zFR*p#CPq5luveB|<h{M$Vjq+6;AZcm3Uo|<Bmt88l0{K52mB~hi<HEK`?KiKG88IL
za?8jS>F%Db>w)m?o@GwFrT^r>cV#8WuRSTSeubdicl5wFpF8-zLJSfgmx!u(q;g6z
z=F_E~`8f4ry{l#NhwU&zowfJAW^MUr=4`6-Yu9qucej;}!`4_&9QGHIlr(l*hwVX;
zu8*x!I08QPMWpBN^Dox&@}9!B?~eXKj+Kb6O+ij0YELQoALOs+`QK@_z&7TvZ6&@W
zOF0UM=+2{6r8COrlg62gg}yLg65>g_EaV2S8<T4UudaV|WPxQy*!04B;YRD3XIR#?
zs{foF^U_W&m)oqJM7JAZA9}FE`N^-Vjjl`QzEeYaMVap7i-T+b>qn^Q#aSgcoPUt`
zx6F8?4w1iqa?K27ll<|R0?k97ozGs<YpHUX+p`YY(h-wB`S%9aFEduee`u!r9~3Mm
zjl4bXPn$0e%DL^Gn4G+ES+IcZEA;j`aY{e&aI|g878$OZO@1}D>b0?J&d2AC>*`t`
zD1ZLOA!(ybdT89xB=~NXn{vd97=p6#esf8M*&ct#ry`GpU8G|9gvYIK<H(j(5D#kS
z=OiQ(s?K~<R6d3cMm}_=2`=v4!|uA9#gIM>Y)$kWQE3zFiAtKLdXEf?DzBKAd$Sy@
z-6~%Aa01Cc;dV!LCz>G_<&iPfyDrUoK*&zg)0)J`BTy}uBiiXm_#|m2@G<`fR99-B
zpmj`9SEKj^zl1muL=W;TQne#ZP`~iQLF|rnn{QBA=?Oy&A3M6%{sGN|Cl-a@$)^1`
zEHbm~ErPjMx!}hz4qOp7;Pk#b7^0!$h3*%G5XJD&YHaqCdL<?%dP)3){L%mK1KFOq
zjFwDLs|vo39B(!I{MTeog4Vp9_=K3bemD*!%ZpsKb&%4^ADJ)8@@@B#1hvq1uo)32
zjGQ$P?2sJ-$VPYC!uuKyg@t=Z-$f~Te{wXt6*S;=E=6N}(LRzS3h}aOo1;}+myXJM
zK$;~c5hPe$K0iC0XrrCZ-YxAx%rOsTy<Q{`*ccn3VLAo>*gzqFaV3>6PUFfvw%^AE
z4Kjdv92YW>WU)LfO+cqEH`mun8WrBPn3N?zm4DUQ^DwHCwW3UFfA^41kld)j3IAdO
z!?PE5@*GOxC^xKuM~TEUX&;O#uxxM2J`ejvN}wjU!d9iNN$yf!aO^!N$glh9aUz=!
za}yT#E6HM|P8fn1?{5EV^Mb)*mdjc}W!~_-@@UbJZ#|^Su3b7H$N`z4{Q9m--C4w|
zyDf&hxmcL*#Ho;K>vL>o6gGVDZc&S1V&U_>AFeEny%a435w8K`7VgxZ;)Rz`KwKxD
z-KtPMytd9^+)L4R#P;aj<0zU62{zxT1~1QLn?WkVV@I83C=l63_fzGTt3TR}=BcF!
z4?izHqG*E>J)Nuu=vfhDru;*(;sLPykX!FdDE`AX7vm5S77sNa!UTozePUaC1E8_Z
z;WKxr%JHyr35g*V?HM*DmM_S+xD3RvdIP3esH&^hb_rqAS4Oh6+0EXEl!0vm6FG$#
z8NZ=$0b#xcLgzchqXPc^<{0`GN$K)2PUi6bDULDG(`5xA;&yYUxsO<xa#QMyHZSS~
z!3K`(CNxI+dunxsLf20AjsXaFZ1*3D@99@pNR`j#xc--v9>12$u@7gNrm-m#<47J)
zsT*sxwoqIQ5!HIvZ+_$k9YU<Vk|B6)Q6G=m{*p*~DI=ROiNFjy%H4i~7j<1>@spMD
z=bUu1G9DhGNucqtGn?=HX`_SN{ub(@(_?LRbJ%Zz%AtZf9(74568HRJwMJlhh(*3{
zVQbd9!l~m7eK>TU!dM}$t6)!TJJc>`U)PfPAEc>AInC2~wNYRYbTpO*=NghFEqaFh
z#|iPD8uRpQtu?p6dX}{!S$A%0C0<?b5Bpu=+8(Kw?5DRkXTHKSbT%|=GiRDkE(4)i
zmrw%6t*&|QATJ_bp6YTgX^*%eDc9GeTM3C*3oF0z&9W&Rv%d!wEs%i_8{f!32nxSw
za!lxYJBiyLmucK$(h8Q|re~KHJkxjI$+UuHWIQo-9>?oZmny@M&+6G7VoovIJLMB&
zVJ@qSQ9TSAEhgUcWAd7A%mI@Uz*ZdtA$dA5z5h~Z9C|T*B5EHVLvGFWE^(vKvyz$<
zLT`}>a2=NbN!LM(03UstKjwQ69P#`RFEBgtC*g_pHLNVKoWYqU_BKp;KUMXES8h&}
z%(6W0m7&61+dDcDd?EF%b+0kOSiT>7ti}m(Cvr|_LJa*2hYWa}P(2M;)=Jcj3<T#p
zz4#>gB3COH^{xFwK?kgOezV(R<8Sje^RZx#Sjflbasy!pnJ0ME=?M)6s@1gx4xI2$
zuY|f``G0#=BAlFHiH*ubD#(h#9=SfjS0eBJpsk!iyaV}ET)jf??mP~pP&eMFH@FYE
zlm5QV_(zY-trzJNDHm`0-<UG?3@PZm=tYu1iB!_?l=50W^IAqRTVrOZ@p4>@ddcle
z0$eHv60$a)zUXyVeMJ}whWrBV<T*13K0$yHSm6={_)Hos`L02!5fr|^n)lO$TqC>%
zPzJ(37)@>sV0wd}n-qm(0t4?PJc&`1pV023-gT&|@GT9Uf6y>_qf%b!xd-AAjktnF
zmC`kH*P<AKmx-?jk}A5XJLp#{&5fM1s;FdR{OKJ42-W-|vL6!@2su8;_=>*xDO{{a
zG8ZMo^WDAt1cu8(T0Xxt@G{>@HHXH>=;DoSVudfcLoqMMFfon!)H~H2iI;DwzdU4h
zy~A?)3WN*vE_LQ~t@KWX)O8eBn^%kC<|s?5iM%+=d>=J`pec{_!vD|Bj5$14mAbv1
zvq4|B(7Q;zXGoNS`W6H8Y+7DZNGB<@h0jRlR3GF*1Z~sY%-%}p(NdFN+T3D@;V=g)
zgjc*JY{&#^0SjNTA-d(fcEc|m%bRe2su5i)xnDl|q8GLNz97w^kJx=?6aO?~4wC3q
z!J@bL*M>N!(92<jzWfA2Z3JKsUc9lsa{KK@FhX|}{OTK;x*`M<R5Wq%vWXv#8rG3z
zdDMghCThjaut-3qMduuW<paA*Q33{XS~g}86*$a!q~99XR_s%Gf&(mB%gkNpE>&(c
zo)Y-Z)lnhM9N$CNd8@(g<=ndKYJZ}VNna63W~fci(s_@6WI4v4@fKiU^m#Kn8h`p@
z0bPM_J)I<9kC5nQ8CN|lDK$w70KpI}`t{^^1sNtH-nF{am<fGl`dwGHCKNEgtJyKP
zwj6AqKkhO#ER(9GbesY2!1PYkwfNes%NtGfhOSEp=QSpn?K&Jz(M|=4U}(^w7ZlKs
zYXy)nX4r%lR~x>$uH13J-WWEceA1s2@=cWu5KS=5vOucch1!UB_0?~!;ZxgcKWzoZ
z<mZE~a8z$NAZC2o9-%fY6Ym3&7sDLSa8pB?C%sSo3=O)mgr`DJ<E3!$!9|u~?0<tr
zgl&@*o5aKx*|6CiOCj8+lQqo<H^&>&hwmO}-n^9(@+Qw4d+eOhdZ;V=NgO?U<{AKW
zLM<SVqoGD8KdIx!TtGkrnl80Y5?iEgbPWX+;`m+_dD-zN(!rq8!@pde9iNz^4jy1R
zkUY2l0>qD)`|P&>2V@t{e7Fc`DPMXU03<~`w>qwTf+^9l)df6}eVnT#p9WoRgh&U<
zuhPvy;imA=RL9DnG~cbl)kZ){3lhm-o9Cur0Zp0;Tmrq7c?P<byTBUFZH}4*s}qdp
z<7YgiZdjtUuKe<<Biklzys=1-=V))PbM<v=!V@oU$@w;%D)CfT@69l2Ys&*S>2Jer
zQzOMZ;Um#6LEGo8C{BCSy>gVpD<zPF!D%|(1IZ3DNt_~5{gi+_8bMQTtq;DSqm#>%
zZh(eb9qCd!4nt8gbqsHLV^ZQ!{tr(%BKrN+nC_N9vN?}P%1GZAzM8HCI}6^-j0rUU
z7Mq$VG&WR4m3&X+n*clwdYLgnZc}j%r?t{sn*Am47>#YN88GU+L&3Fg4)GZFT`h|e
zn_wJd(EOqOIi6TqUfniLl884Ynq!c$CDlpI`$t4ZWn4PmkY#bVK$wv=DP?z|IzD2F
zSe#*x|Gxots^>i&l1v)pOA-&X>aDgO>$E;R{25mq8T5xaUO=)NM`RM;PV;sWznF5*
zBMH1{-rL?%`-a90^?k^o&G+VyOz=q|WQczd0;c@g=@ZNOS*6zc)Na`G+crzulAB<h
zw+gL!yQ4JF*mV(lLe&~xu&p2y>7nv+EE{#$#+JHyZZmr@-#2eR+mItSJ!<CsTk&3D
z)p3X?+gSe9RYBrO-Q3RX+|C$;iwt8${dBSV{JcG1eq5<FEDFpQi(w~YSD-{`dmPNx
z9jbYe{B>bJEE^hJ;|}=;IS6zN-UAVxRSbP)_rclTmu%<XwuP64hcR6sNio0CT`F>f
zIPB;RHa#lbXS+@>JX$!D?*8=;lE1^YzdN)VOn&{S<MiNA$)9R2YN3_E*0k^MsrO<1
zhcJoD(rcx&1*V@}&aaZU57#a`Hm}C66TqS(=Q7~3Z%OL7eRsK$JGk&^a}suDd@_Oy
z9kgA0I&WiRBWx`*Bomtb<BL)|FffndE;42jsq+K{1O_W=wqBY9$n2Dl7uU`^{eN*W
z%&J+bqF$E$qK59IZkV1^Fmv#9{@Iv^YIIs<wlH~MFamD~X==8H9^QH6((rw>SL_!N
z9b*M-#&7@el-JBhr8>s0Su%`j*;H-8Oamz~0Hc16suhr&iTXsmO!dKT=cmfz4U$#(
zxQ2kvROu6xY0B#tuo{CLMI0G-tuNC}q~o44;A`01kOJoFM%Fy%XV5hn^SEoyKT&PI
zQ%g=*_12(1tH0C$<>xhobHvbR43-?nLmkRDd5g|8BfxXDKgAUP$(?oJt#AnH>ik5s
z{uZ!jBk_^-B~n#RFJNizZ^1%?=mQjpgygwC=kWr0Gko-isyP1yD9mV+$Q!wtOQ$Ul
z-&AHk27S{3?G(ScIK^ASpyJYZfAy_Ju028^;T}stwLEx8i#m@Bx!oQwlF=c33+4n+
zZd`br(uX?Mj>~^9(@o8#>DU9xT1L&zAHqf$Gt-D!x^hIf;+<j<TR_qi9jOD>J7%@y
z_yQAUh@Xdlr0eSZy25A~Gv&gvv=nAD&jGUnA!QE=DR|bk-Ji1lR*a)QBswH-C;qW6
z`RwEL<twqGJS_mRQqN<Qipwo~6jg20#HOU3=4M@GtNsKmYUmJ^J@o;B{xH-F9}PFN
z<;%sJ$-d9s>HA<680P8jho$j+aQLiD*MB(<$|H@Gck$H0>j-I-F3=J0@KI$ynuAUy
zak9n(8x9G6jPP%$%d^^NAk9%5l`7f=o$BRTe!pbGB09?+v0Py>&p@@61Y|H8fXsT$
zeXdUR%KHBCaKL}yz8L62_~MLT`*gb}>gK&<0DToswVz$k4=as2sF#8_Xpoq9N|9B+
zHt!FSQv%7(ZOntJ7P9&{3L^(=!Wjhd)prn{@E)Q1_AJsO+tl2XSxkO2@z<2}7$Wj6
zdP&3WO=s*T=*TR)1sws%hkcBph8pndM6*2%P-_^c`hDcOC2q+;<5Zhqq9#V>5P`+=
z>`R!li2i~<ERQTnlU=Gq_b<xwHb}QV3pUJBCV%g29k3VVr;z0gOyYunsvTx_I+%X%
z>~IN4FMga`Jy#stYi<76cL!r4q`0yjDtGDZ?JcMw&0HtZ1FU0tw%h?7gG$>J=YOu7
zheSNDb<dcUj$gsU*tTC`g42AYml*y*j$+N)3N4qy9zE|U91Qs)(|Z*dguD(j{cC%$
zaGk-nW^+OMS*ff2^TN_qiO~tu+?SQP`~ao5cicPcMt8qojP->*cpgSy^D6UT;YSd1
zVHPk{*)lFS03cdvmjb+$!}_;xtlnPrznXXU7S#>bFd_=Sb(Q<&OT&c-MN~}R(s&H3
zy!3Vcldy}hgyE2`ZmKM&I6<*7c9!PqH1V-j#FA3$VPIp2P~A@5S-w?dh_npjMBRes
z&>355p~X_i?p0q?&q|i#vsCF7AZebc+&ukan>)DhNP}>R-67#NCBI>7_u%nS1;smm
z)Bm!V={$MqTj`#gckXmV3Ffr-xi9PBK#<G<<vLTXwSBPI4-}k<D-K+kU>99fbX8;%
z^s}l;k)21s#z(C1jD}`&6kUB;^{c@13!SFy{2aAuPGP2q>B7f9b{tJ=M{4^wQu^y1
zNt_u)&8<9{b2~*)<gX1idN(}8*l?81!cWvy3ZUeex*i82&c&>6TxRn!&F<{f7^UT}
zby2p6e1;Uix;UYM|3I&Kn6wT7P#Q2<oHzQ&x2;Laj%GMT>61EU%^piB(gx};6!Is^
zjYCg`)t>N6e6q@fqUBbaXX?aY^6*CfiFheC_SJCGB@~fd)rzZ>%1}#mkN7L8bAE=4
zM5JP>-bN1k?5i-#RdH!kEyC=J?2NiqV{7fm^iUe_=dDQ8w{FshZ<7{@ry_KWu2&r&
zc~-h#aewpjL8CAFI1(HQ@h0?ar~2U`dowa2_|Oj%XhkeXJuW};?1e32*NH)zrTR8C
z-+B(-^Ap0fUs^giU%dLs+K`0RAOHvsQIwj;NTWTx;5!ct@vql9{mKL4_jIhq=4BKg
z%_f}W#~gf;1?<y}IKLwXQXEAd;8r}t3T0o5x^Nt(lyC#9?w_2U0QS7o5(y`))=(=~
zqG3`>j)vEKKb*upa7M@EQPXfXP9y2>Nh^ly4dLx1P1bdH4U{iJr%~G<m)zWZNylvL
zB(Of(`x;9U4HgO`?L5D{f)S<_D@2$R)u^oKs=&JmiLZa`#34Js+6^oWJNzQX)#UDm
zDlY9qoHo(0D%JLs<$WHQ*%-z-m5Vna3W$zD)*<z1bvofL3Yo};upYHZt@_WwY+!*q
zJ=edK2WUc2s=rs%>4J(*pmw%R%!wm0-01F$sO$-4I$9q<QG~E`2ICo-Xe{-<2<?X#
z`e(uBZ{J1f$&Q_9is<oCWm=U0-?2aE40Apskv>v!g-!<I#y=%qupd?qq?(4i&aw6>
zsvrUqK*x6{6bDvii)~F<RYlRDd-XPa(g>4KBaXY+<+)r!2}8oL<}uEmm`PZb;@O*F
zoT3c3vXEYQE*QXL=CCWmfJ3R&%11v8q&vMz%?zuH#|bS7aaY49a238TSatcy$=wuk
zlpfz)=Q1+%N5X{S>ar^ZSS~W=n_djNo~FMsWZVk#Gan)<sW6);h&W+L3{KM1OSmt^
zSs1|52@Yr&j~#>4FBzO_2oQr#?OE#e+)1~jCKa&@h{4>LXC`ij2@V*)wcq`Io8xGW
zrak>#zrV;7x)7S$>WBqwKl8(&J3oAM_!x7rJA_`gr+H^w){>#e^M;s*PuX}f^JzSu
zk;>saUuuuPD*xcytA`cJ8JZB@+vUh5p~O1O&ZUw)Iji^`m)+Ve>ePMTz0^e9fz6vV
z219O9+?P33?Axn&Ou-$USddTWJ?Z>5cOJjXA<nyaJj55MVZOsCxS$m+AuYMViI81k
zQQDOOvHHnj&t)wPK~yKN;iNO2cW$+s6oHfLzW4PXPh3KL+;0ymrMGp*yys&31Pdvx
zQB(z0ESF}-^UsZ4kt)p%<RN0K=8T)23k=OYS$?A5Qrbl2PL~O#j}xQ*I=Sn3ft0Tn
zX_#X@V=6_{EIZ6`E2u<fB}cFmkE|@$6j@^u95-+g5kz8C*NI)eYE3j-FwS?LOZ?j{
zdcgFb*p%R*gU}^WnUmS-`8^IFrkoQM<b!iwJ`*V^6-j4W5~f6~=ko0}+cVbzF2N9t
z7fbUfpL&Pm7IRc<*ObXK&ty7{0K40fUZN}UQ`t#VdYk01bY=U=#1*jZfXt|$30X9S
zTzdHl-pWs^T5AUTf@H;8%f8-2!IY4C8<XNAvH7oZ$?UY<P?^M9|L~xU^Ven=%oB!R
z8}W6n1Bq*Gqn&Q|tPS?3yyiH+;AEJ8HImDrQ{;fQ0q-!zw&mS)Mbj9j2YPFwM<z<>
zt_e~lr{}C9+w+Y#0p01o+!g_D9jGJZWRvj-T7d;=G)|;_VQq4g`2cdnN>Fi;*Dm*^
zVI`j^*7tFn0_h2Y<7LY|@+zn1gl1|D3qi4YfGk_DCjnj@#=uIB0E<y`tC1N41o~o{
zG#LTpPaxVb9sadVzr2Sjl7jB#yZTA;?W_b&-$UmPM#dz829AaJ7z^e-ykuGfF>!n?
z#0S^z4jgU%Q4?T9Eon?RK|+)y4fYj}W#|L-6MBoraOibC1^gq2i{T+%ZUPhGn4n2j
zism>#vwc0C>-a+zi>n2e5SMb=f;lk=M`@&~j^YY&%hR|M<yU3xs?ERMK|7(u9PUz5
z6_>S0b0@Ek*L=8$;{*Z&Q{-!`)puPO`KHh0*6VE_I`wWWoJSiNHoQF1y0WF10QIeq
zPQ1*!vEsM@{>j{}oH4mo=q1ft14J>%Od-7@3@&coYeQ@sg#>Uf=bZwY<_2oqw8B64
zyCe|T`Tzn&Cxci?HD5s8(}`Wl%{)+~;HMccUqH2#SH{f?sf|-K3C0-7oPfofDHey|
z$?L}+5bJck63fVM0N^2m2Yo~{PPs}m+4-bT-B-2{!3gvw9h4S;(@AJ&2(I5heokU5
zWXcf4rjXf&rsea@Z1F9xjh+ZQ>FR;qhk%>4N^6%Sn9zH`sNF{XwA6^{%dMv%ya4tC
zH-GlnDFLyV*F@HJm@(02<ecyz@3rem6oCYo;@KicYb;nWnqYkrGWz@0Zvg$+FqY`X
zuIL(prb`S0%-bDot9h?g+oSyA)=O$ENDFh9^Bl}};rw}Hs=M|YFX=znwkD~31^tDn
z|6e!W-SWxMbsTWx7#nKPnm|0=y74D3gLyv+W;9OUacf3mun8OPFao*`7t>7MhI*fv
za=`9@Y#18v2ci<;5l0}auzL$&Q%mRQOaVI;r{bnTVQ&nw5A&p7AvZYH7qTD|aj7ei
zm($^M3s6E$qBm&(tVE?bPQ+)Nk!d=%&P^&-3MNsmD?%5&NvH;v1dl!7{3SU*=ZIoK
zWPuP~oCRz*L_zoyz0rF?Qv=|lv681e<rBNKn}(+JSh%5i@0a77$Fj+DIev2yLYY9q
zf`xNfgS`SIVm)unn5ig#QX4!(W$H>!U&AJTH}FImZNyQljhBg&5-)Du&{k15O_fOI
z#{r-P6UzP76`t6&3Q{5~ao}qcJd!!ixJ$nHU*0IoN@f$dI7|+JZ-^s)f<8>g9jgI>
z-xIr#KBEaV(+e$UKV7{Kq@5qq%|9|l<OG7GM3Y)l#g<uzH+AA%x*^aIODhuGd=nsf
z1wnHL^VR_M#26O37lV6g2o@r~&0BFO=I&RY1_89gS=p|nezM9R=fxCKW08HUI_Dc^
z`RjX0QD_{lKB)S*Jpf<1q;+=b1}HG;*hjQ~Ltli`vze6Tw4cu7@=DGnqd?2#l3K^M
z+0Wsk*nXayH-{9xbA!AUdg24qfU8$ii9(4UqoLCDgN8bfEnEf%vsl*k1b0->65UOt
z+H|Vq*y8sfazf0pE*HgHLXOKonjjWU;U>YkeDYY1#5gPXP5XbYOBf4&4)q@IS(-`~
zeS>fZ%?u*gt<4zrhhdTuUEMKPviw>+c@4_XgY#`@zH{f2yQ~?jq*CZz@Dp@#L{N?v
zZ%NC)NQ!0m4_gi8FT=Su(5qk^IwAiK+^;H{xL<Je_4F8^u+h!LG;%&_;nDb-e)&H%
zhNQ&shah)c93_;{6kQ}w1rGmh0h0fxql}}bpPdPTWku$AvYbNYB&cP`?1nUsH_z4U
zjdZRQ-JuIom>0<n_>$ZJED6WCpP4$hSMBh&x_;|BB{f~JQuH66x4%+c;fV2@@@!O{
zl}@Q%sHyx7Oa^j0zimw~A6@>r%)Vp;;q9HU?)K}G<*QSXh3z_UkoqdO&)b=Awx21I
z-j*$EueEn&?2MxOd01gzP5=J>hLWv^;fbyP(eB>Zb@oCSvqJV&`RTTlLOaD;$L-I-
zwX)b?gQqq2n_mi(52$AgnXhUue;)jUoUUXu1wL2e{Ri1z+r5+to4k_SvrYR4A^ivW
z7{(gLbxm<5lsxDTIa{gCzP4@z_|z%g0)+=Bd-WOfQnnFi9c&|eGKYWn+C;!Jk$GGr
z0ywNp(rL(^=m3FU>9eB)g`Z0&$n-ec16`k8HmR`v4~5>a$;`=sldEVm266(zia&+I
zBKNVq%C*#?w+7b&f~40zI<wy+sj?Avc8`)E-Uz78!dJ<zC>!XE!M*;EJa7?1oa9pF
z6#e#4-^p&#)AEIznY1JSQ~3#N?;)J2viXmGA1tQy0Uv`Ty-eRhW{GFLJL;_$z-DL&
zk4^y<QB;EjvV0jRX@VWEjKmV|$?U`@(^uT=Fn(UVa6y3>ha;uDk-60<p=Gu@h)#T-
zX$s8fZ5ZAe=rJ_7G1)w61~OoWooRyz#-HM!peUR3vY$`HX4~=K8Z^IddLR0q)J*>8
zfnJy4o7<drb~V>{Z?{tm=19ubmYYb1^pQywYH&0lmKS}qcUkxJ0V*9qi|hgu{qo1l
zR=<^Tf#W6|`%PaEG*wtjxZ+W6M7R`}sUMu{s-%g4X!wUiIq0c`JJW*pNg@JZN+Ve(
z>JqB*?ZMj#k0OQZv-m#U!r`Ga0>CWckI1?kD(Ynw>c3I5S{X({XG4p)S&`Q|<$RUM
z^SL%YP#~D0|DvQ&J@-zf;Val%gbzRSj2D|m53#z(xtT3$5%sB?gCxR4QWA(nz}Rck
z0RYRAK|8lUfJ?S%$)tw$p4Nwz7kjm<iD0b|X{9}}ucK|zN1U>vePeX_tjt(!qnn6F
z-(dif5N3<IMDONq;t!51)I~RO3uctdjbE5j{^g{zWgqT*Nzj9;U%!)Z)+0B8Z}+q9
zYkgp}S)~4t{8oK+&LTS52%tzil}c_^{V9?2rK`K~=(<@50JOz)Hp=1#ae)sfI6VbG
z(wxQMhl-39BR+ke-=^wd;N!G!-RxAD?4#y>05$JNWx`B>`VYsfWxXwa^bnKHyl<WP
z`O~WU)YgOqUFcMlCv%9N)18JSs5R7+6fcbw3HB7>F7K^?vzH--Y(O7)iZ^(uE%7*T
zvjw;U7CncG-vNy;HI90pd&n1MiTjoJtCn{gcf?{BO+@&#y0&JHp}Ab+#**cIliSmm
z_8ifQ#U<5WO6xAk*O!O{Eg326J;VdQ{H*^6VZ?J5@oynyU2yUD@bsWcn&+~r>rZ^J
zF_f=IpRH)^ICorFd7!jbc*UW#wXk>n58`l&8W|f6eJ;&pn|yd-pUI?z%=c!9e6SH1
zT2M1}EqBhf{ya`5P#g_b7s3A^SBkr9h3g$B;CH##cHYO9Hh=y>3{RO?E=17O(IDA1
z<rxyF#)w;$o!xp)zoPVBk*|BGFB!9OUG06%98wtHb3)XkXg(ps$5**#&>-&>tay^1
zF}LB1+6~*es+IO|JX^X%D9r3Zh)G*UWtY~@#$O!P@NTTvb8plpKT#`K$*#G7O5n}L
zv>N)Tv9xupxudzY(C^rKW_%(z0rAmb`t13&rm$^OpL`wV`P2jS>WbT&`?%IE#v1qR
z`rLv_*&oJ@$HP#G`ArnGxF@OnBB4$R^iPS5#Q6K=<kmFEd^9fVyno@Tm}|s6kHtCo
zL~X1eeBe!bOo*v|te-l>x$u~r7%%;S;pUXgeN{mh=GNf@Lmd}t>1>X71`<eh$#O<$
zYKowqokE?&6IFV$vB$_+iT?Q4R7m6)C2`SxyI)gV0xK=bp}%CXlqz%?W>a!s3cit=
zFQ6tSKLP<vErcrLvozg@xe6md6q^o*v5a2V&6lkx=S|(kV0$PY3Ih4C%|Qat^A&Im
zcqyh$RDLuERZvP*+-JXVAik=2Ew}G;uROuYGR13Kb<)g{MGNb{?-LXoyuHk^`CX+r
z6Ml6thSVU3EJ~L>^j}F*$#-(cA!vT975$fWS%u+BLl&LV&D_N$5P4ey?``^lK2qZl
zzS7F%2u<)VW{5%%_J0(d8^cJ)sXuCu?QsH*(=FFSeWP86Ec@h&noOMa$GsFy+ns9|
zG5qjTaTPxZ=ki*|d~o3piXYNj(c)PKJ&})otmAEMmM0x^Q6(dX7|$KqXz8luPMx=~
z_L&UzzQ*97HCpZ111}{p)(evYW`DdWIY8yW4J4qa#2$y3Q%<^YY>q~=pD^SV%%(YZ
zpy{a<w)J4mTcUR{QG7n|5E;pmcSq_vSL1YiQ!ZL%lT93nY{<C;=4m-XXKr4GQOl;}
zwG{YTnz|!)ktm>FGv4H#v%<DA_qtZi`&`mTO=27evP6<Z@%Nxu5*93BhW=wuBKCEX
z*2kP5y`c_s^AF4HOJb`w+P>ELu11UcKSYT2;MnOKVxunC7>At&yHn>dKh|>T&4&;U
zT%sgP0>u7Z6j?|$nBwAO!*ZqjTDJfAE3cZoC_V)4+{kx2meW?|(-f4N%(I_gi1G%3
zmcoufY;-GCaov%Kog8>y3?4}dNJ1}imesQLRa5%u`<3v~hmOnqq+A9ulw<Qk|M9oy
z_6KP}Wv=vT<zD?DdHVuJuH2sClkcc=fXBL&hH}I6;y!=<nqKcxt1>CJP7Sn1Z>QgP
zdd1kE>#=fKnATKFh!sLe)MYh9j4__b?Q3diT${yrelE-D2qt7%yfkuEXL<!kzRz-Z
ztMLD;1B1=awsz23WFi;PXv_E!4`ha1Q-mSC@y}_wox{~jBXgq*fTeWGk8YRGa(|M8
zT}hGT$@qXoIW$LbQ7-$wd}Ud$x3n;K11J>jdu|`cEyMFiFmFm&@sE<eUEgm9C;Dl*
z(^XdU2RWW_g!Ec^;jMcK7b)149OPE_fB(IRHebmV{_7?#IIruQ6#Qx=+m9zt=3dKB
zbMv`5?D?yf<<)WpXqy>RlAOEnwbnfYSk}5Ue01epIDIncdP?s%&cYA7Ihbr8b0f0n
zIDC38@uee|%td~1uvMgezej|X*dHZK3`4|k%Af1ilF~)&u_EDRlj`~Ij=O%JCTh`3
zl0XqWeW!CvL&~=-XVhkUT}zZ>GIgAb3*%5={bD#qU`2-fQU$A6Jd9&V#~YlJ8)=sv
z{fzb{u<4z43vcTXNx%ATHPLguLaIDa=U}E|F}Bc+2x8V@A&(EHj=#F96L4&D<@9lo
z?^NjgIPuaxU`1wE`monoyVQ{3;w|aJ6oS#}YPfl2RzUi1{C%m13tCBGh-KIA0k=6=
zVe?#0&Jv>j=eJ(HeOhuHL5g0wDzr}H{wR{nsq7~!jBpcwC1cGm)7^E?ZvBL4dC=kY
zO5*Ep5We4(&lU>?c<cP5&J!eF`c@@^AM)%Ccc*yGmxrCWW&iLYVzBQc->pz{uBH$R
z48@pu4ZQ1m`_j>IH>*^xczP`OTyygtHECk~*QSZYwN#?<D=72cE@ENSJaemQ0MoNc
zo9du&B*N@cEmRP90t+S0>4`h>n{I8t(_6}-n!zo?>@1jT1oi>Z`37Hspk3M3m~O-o
zyN{xci^~dNq(#EW?Vzm0KUfBy8I4n8ac#kY<wiopGu%7kCoq~aUAM#u=%U+q#w~xT
zabsA1kIYK863<(`OXXsg$Jq%;T}lu5u(8#6D=s*$fit6Hj5$s8o*Ww6pFl(mO49E3
zLzRpvdv<B+gju><KUu0#=H|Wek9Od<(~cpH=JRVPW_Ud>;JWCIZV+I2J@SyaDc4aG
zH=56f=&ycI42P>RdHGxf2qUnT*<)D$yTif3*n>SnJnn%`m$mCHe)o|r4Y>1&M)vhD
znZ=?w%+iR&<IYt^gBl}lg1el|{fwY4S2UqR9?B1XCaVks+{K!RS2WAGBES7S1@}00
z^8uoynq`C#H=2Fe0^G_^Umdy5_%gUZ-hK5REMf#rP5u{Nyo6zNEPMUf38p5x>+#Tj
z9z;X@6Sct&W69+Wb>u!3KaInXlCaT;1}Z~=6L*X*m~&|^m<C2@Q4r6-+-(d3@HC>k
z=w{bqxPO6)Bm(*=Et-Gm4riN@4xvU%$@`c9+G1Wj`5@kE5ri0+(ApUJvsf0@Cq%Iw
zXhZsDC(0+2#ekpDqqX-ywS~9e&ij5b16ilGlbVjrrELr?sp5L9oj;8BK$X4&mqTsK
zUlb87g6VAz;P+KrmmvQQ&eMDLHIRDnNmU}(K_0>tIvPVT9>ZFA!RULghE(tFxJ3(w
z%y64?-kef@$Sw|b`8+WQYCuzu3?muZPd^!|O>{a_yw3!4>-gl2@C6Ges(92TvGp@l
z5KP}K=IMqs9u6wx)j6fSoR|9f`YpQ4AO%q&j!uPDFUk<;5H8*VsfKTEkK$R3JmBz~
zz<}QMcM_nE#RU<B&~?EZyaP@uK!rB37PxNtx?xvTtZ~6CzuSAwV=W4e(baMB(2iV=
ze~JnjcFh~bL&(MRmPm-_zRA!b-1MB2XtQ8yYE{tv55OPZdQ*jJmEhec4dQ)|BI|=4
z(Mk#uE<R}hwvta$Fpjt!5^#?obpby~2rC9J(Z(Pk!T#t7P&?=1LF)q!wm3NsIprW0
zkRl;JZqVH(p(*JrsGn{U0Z174eWu*?3*Qfvj#%pu+P^}N8!}=ewO&ko+-=Iz)v?)*
zf<FVyO{SL{rt*^$XlV3V3Ajv$z3<fYSec-$!9NP7ZSvk?Y2eDn3`uUVrG35wL7Bd<
z&{a}+UG~nPV}YRsm<}Wc0<{O1;KuTU&)Q7@tSp+o0ifsx!wt3r!}7*W-JmxK(N_d6
zvPs!n4LkzQgTNw?39<LOG3REf#Be!IbhlBM5`(%%LnL@uX<GdwH&+xzVXY6-P>F5F
z1t?ZVFHpJo{%5Z)nq@jxR{W(8&Om8iUINBdyQKx5ACXR8Qo_{~Ii+rxk31^^Pzt>Q
zmss(ji3)og<CnC|v3>%ZcdlQ(pv*xq_Sc3yUYF*F!YD%T7Nz?W))7DC+1BiWq<K+1
z6ip!USTQI`Ou<_Pcr&9P`;+RLG?F!HR5_wWleBpCx5Of~s5uHN?(z}@?5mLQ(X9x_
zQx`rnL#LDAj`;f$=LQs)nCoc&ecVGzI&<;h9ubt;k#i80#ka*pZ6RLvTc)vgH>9sY
zWamH{+12k*X2@DYKhPF-6hiUrS{)KR%qDO(R{;{vmGn_t0bx90Rv~1`!L_>-nB&>E
zd?K4d8Lo68w$A9k(gy`KrXMeBzFeBFA}?!}{To9{*N#^xe78@;W)^zF4!R1{ezNge
z7i5NN_UvC4umq0EpW439yDq<`2FdB4mkay4+a06#{Q#W3gBgP7&yoE3<P<JBM0NaE
zNE0VSgl#oYE5GFW=c1Aj&<%tt<;~l&W$t@jiPW&2_Z=ngEnH|{zx@ZPe{^iS!j{gY
zl+PY^QGbvFT#(rOF%M}hE9M{M{N0y?h2_791KkyevxPOK(l7oi!e?#%HRq+E!J)K%
z9+vSBLbdQ~jH6(t&zpgZU6qx+y7oZ&>_U<6%O&~o>?#r=a>3h*+_<-PQHXv*Lbf&W
zb*iz34lGyxV*8glGAG(XSarwTt)h`%%d4ecBFF6V6Aijd<@>}x9k>Y6Ote`Y{L0!l
z7W5v%UH!^Mgu5D!jqjTMuuWrbCg-Rp`6L63|CE1!yG$}p$uUSiqz6FDDOEb>7L=de
z4&yD`NT4dQ(-XX|#x1J@h)m|=iLW09M}r+%C6aF4NK&jzCpiIG!s#<BiM<inAh@Ry
z5#QKJKIfn$z_MUWsFB(LI|%TaYoAw-`@>OgEJ=)!-3eR<%`C;_jazSn`hF=?4gbB1
z@^cU*vjG=1<nC9yHlncxZb}@74Ihm5@+5tRq&a}p+4v?C)@(N9L70gH76^iP32qml
zqtWM9OA8z3vKZ(z?Yv1gG(U+iaG9uL=1vF1P-j6Nv}^HT-z?{MXE5D|d+!4_MFiwy
z8ZedgP??dVQ=ObY9VacJVILfqA0BKbRITEv0Zj?Dybt(fd3Q{Pxp_Z~FfY?YOa=Pi
z2+EC*Sry#p5Eb8_)^`QfH9zg+@I{`7dRs@!>ObwB>J<7aZy^35QB_X6B5%R7Eb$E^
z81g}#;@!S+f@RO+oC@&|4skf;nyYaimQXn7nP3?I+HD5JvG7r~=igs@Hu4@$sN9V8
zcuns)V8Hq@$k@1AE$*g@tNII*3IYuzSpVMiil)4IIj8xTR!<Im`Uu6xjo<)2QAy|E
zWbo4p;U3{?&Ct*$YX27u>kQXR)rQc9ab_o!{dds0Af&Q31|UlJ$gdqd=AgpyB@Hw(
z7^L6P0<I=Y<0(z=Gk1H{_gcn4@Y;RG_`3`6F=O8M0N&<L9mLLiL4A}@H%WYMhPEXG
zTscS|6f3%hr#2RE@DW0|B%tIGm5zj03fU(|$BSF`QHHwGH73#TY4}!Y`W$UlnDlb%
zPH6OUmpN3=&pgvFNB<<tkAq4)&-ke)&x)#fmSx^a-334JKqT8X9z*40=*%YD92R!M
z=(BXDn<dPro+X!W|AXK(XRIaQ+^zE3*gDU>mfA0TaV&Ff`q%QpW@z8ip;gHrdjk9Q
z3;g{bPUa~X*uM;Yq?Cr(-*0QS)k$|d+dTuOivM=^7P^)S!KR=(B+E7r)Dx~w+MpMn
z_7Sww%bFO>!R^d7&&JA=!i4L{1F!ZkrXr0>;|hVcXPO5hf0HjnE-$Wo7NB97*N?n|
zr{Q{L!DNM(tmEXCa_$tS=J`@TI^Kth>?<)Xg51*LlJxFbO^wI~AjYFvN~yB~N&WUI
zFppe_Dg%Y{14gC3Z*Lq(YhUeJp0{0e<V<%z{fxY*fr>9h>5mL9SU+D#JrmBpG&{Jc
z=?`w-Lk=m9G$NB0-rY|&Zr(hd_w2U`9c38U?)yR7z+`$)D!qGXz_X(=fb@Dc7BNf^
zRCVmtIN64Dx5b5aHwg#v=WRmDMH#8}RsHf`x|7|WlW^65JjN5w8~p@PObcP}D7oeG
z&5Ko!FevJ)kvf(eq6*h(f1dW%dNlYT-TR6L_O?KSVO6JLLWj^}c;qo*+azNjGPmz3
zeg|*-gUFTKGQPLAX$j#Na$>JbEsea3QmRz@A{l9N{zd-Ed9Q9t+s`;*81^Z-KDyan
z7@mpjp{~`VR*YQSbG18o@N*(vE4McNLP};T%J(L%C*odq&>jn)Tdu<~7$r|;{M+9X
zybLX@8ns4FAnwm}o(!0%Vwd9FV_mona|}%(X2%p&qZ}=tGAKcPT?XfmB*8GsXZ5XF
z$f8z%oFs^R2dJX~&B{r};78~!qR?qPwi6Yc?)&ffE3-lhEfbZmZ6wuW{b57&Ma@0Z
zxNWxt6|qE|Dm*}=BL81J*|2t_pW3%?bd72zUJK6by3Ds&T^@qdOyTtxGC%X;Lq?k1
zb4b`pLP50w>~WJRpLpT&&@;$QJ6=r{HE!pXpR_tHf0#A=4%v;AQ)BxFA*AfpyOs%C
z71ktsBmonf@1YyHaOq|0(kDNjaw^cgc;Vwj$2V`k$y2ucnub~gnIrT-Xe_NV$r%Hm
z&(AHsQ+_o{-f6PVRlymu4UI@FV9}^eJo)@f+Xn=xHIBa#)VX{ob-+3t$))4*W*A-n
zf#DsY!G|<PtN-<v@&R`^OHe1DT23uA*RgE72*&rmzw&V!>AQAr+2TeFL*DKh_@ZwN
zO&P|JBN&(X!eDA5UZvu^rl??d>e*EOrWk+Hp(y!`Nnqe)&>nQ{ADbuQ>u;pBAZq%>
z>76OC=D2HT=8(RpZ@9aBJ3q%21^3_C&`D9vVkw=xThTu^bmufZ-PHs2q~?U_1?*1I
zWWi2FGZdlTBNL&zTnq?{$n#hnNo45pOln3MCef+&m+NX-tx^+ILo?&8etL7XlAdM*
zJ>{ynFvWZIe6xXC(MmJ2%a6ialG1nQ`Z$hG%ceB+mOg6)%;?D0iFt1cf^%@irJi$c
zYmHJ`x#m^gcu6ic1U15?(m<p4wC{)a%d8gkMK}AjV^EoI;zoOu%JY2lBABCoa~z=|
zi|CNhM+V$?vQhG(DJIWcZwB}*Sdtq5PeY-NsO-wFyOW3o46Yb6>y?SSTbWc&f9hgD
zi6l)hs;#TP;QQCO?Vr|GjSQmlQ_ny<U7=KPtW1(~>muj%nN;w{M#y{5__Zbt$TA#{
zscLy%I1tNR=N?lsPTs(=o$E9k#n^@T;FjSaw8VuAw|z;o0<9g!h7>Q#4W%_~KkS<u
zUiYF}Z#eYOiYvGY^;;z84gX4mfz^pHaZzTuWt(K;Nh`wPFnm<dBr8bNTUe~8IePPh
z4J^Hx4;v@M8DAflf^(sorbXeQC2-X1J?2i>KUwi^3ivK+6~hCBoUEMX2NEAu{77SQ
zP^|vj%q22o3Ee71_&@5>s3CpSB1SIuJi=JEK5LzGTjYwS(GWT&+W^Z7xf3L52K7t5
zUU}?eQ5J((Rgnn_c&9BfhL9oR9ML1e>IrMgFWcwU`53?P@awhJ+Bc;`#%)4hWqWrC
z`0DLTx84h}=dJUm>8bB2W$?9I#rvGsCKQLk3RPH?V(_TrL}<=R_{;_rempI%mC;en
zP$0rbXG5{*4r7xCxoa3U-e7_B@8n@S5ojx`yj*7F2ZIOwF=E8uVvX|#=6bS(2CS?c
zokSdNO~XlJybX<ddaw+u$3X%PET?Nd++QlghuBIb)et@GV;F|9-x+b#Lc=<(ZpKwc
zas}C=pVfNC1oZ?3Qc}}%$kJ?$^)9^<-6~Q6+4K#iy(<o;he}bvj7U^V6$%t5k)1A8
zTng8vymvl<95rAHBF-O77=FRV8Dep(w5VGMM!ws5_f~Jwar9H+J}4M`z0#05+1;V%
zS|8r;ZT_)Grf@QyRPXnzNghwUEaAZtmeJkA?-MXWjTfi<EZ=;LK}x51X`XnQmr76*
zd5_Z{axaYAihNOGm2y}$#~Fw8KV$V6Z>@vJs;{#Aito-J0R)1pcZMkT9|WmirML9p
zp$a)1^ejkYJJe}pNQ>Wp>ye>kTP%tgcqv;3r>4!MmFuK^A&R}DnHR~t4UDBR>qW78
z`6-I)rNuzF(CMv8-Ab>H#_pMm%4nyLe1~FL^xv!!7>Q!(+Nof2#s9@K*R00HdeKNK
z%K+RzfKcwc7BBAbp>aCj--`5isv(ahlDBb<W?6ht3CiYKPSn(G_>-N^7+}zVM~Q-&
zFeXr}4$d5o_aGs>-%FKz9f%L)x;A`CNpe)Fn-pA1viR9!)H<C|msFzI<!F8kEx%c*
z=u>rS>gMXAm{9Keil+9yJDp{te1RUW!Yte65u<Jbcla@6Xw?dT<T9AFmhbUMpqZjL
zdy0MKYB{<pUW8+C!CCow83vb?+F;*i+oBG{DMlxCY@50!#_?LgFl^+pG7g5g_S4zC
z#HD%NiDP4?*9{<dkGP!%nhe+#V<^Z%sLEExOA&l))7x_lD9Z`yZKp&ty|n<&3cDEE
zV)1yd7c@`Q0TZA(MR+f9y3{u%AKa>@TAKwHCjl@HJ1=R+885nj_m|X9Ku@f1?j2wL
zZe_eU=^DUsE@MFYztl&;(6menCsjz@SJ1Wv3YrOS*o53$fXpfJV-U0;eB747@Xzw?
zcFFtYQg3>=J~-F*S|WAvNF|JSQvmO<9^Rw{hw{k5tjFlxPc9&U@6%xS6@(%@!nuC{
zl4jW)Y0m)|wC5RXLpUUQzii9ffP;8cm%gD2h&r%z9(V#&rdu1G*Q#+d7<2=tbY6gA
zx@gJT862d$d4dZfTvSpwFzSt7B5GkW8YlG*=>KbK06@MljvAlwN?U}{yrKC=sM@`9
zc;eFB%{|FhmIu@XzE3wt%jkTk1{x8~r<3D4iW}P)+6nY7`_B{;6HnTUIDl?Qs`?MC
z13q;?@?Kl?A)s`?1M*gkEP&?6z8iLxl<vD^L5WP{J*m6p4ywrR1#rD@kx_CAks#5r
zh=*#btU7YRGA37oFXOk7gs2+{$bz5_i3gb7ZJRCuLjgROj!Ut`uOBtBEKG0!fMozd
z?fbK0Uz@+O2vwXMucOv84is5$Td{qTBR!!|#Z&l7HmbR@9FFSe<6Km8Ew&TG-&dt?
z`gEYHBewt*FJ@>zp{4)+t#j?>n~n&QQ^AYJ2f2meh(QosQg%0EA3m*n8r2+@_C}07
zeP0*GoQ0nzU=9$eG5gi|G&+QaJ>N1i<Z6^%6XGz|1y2Fnv*(WOu__V8FMi32NO3ym
z%t^V|UGGV7;~66ABL4HyrDRT+UCnEX)V$}di^~|6X)&f|*mPVJ;U49*b_+-02gfxr
z2kuwRJl7Is$QdI&H*c&RsTOy}q-uf_qe;B$7UM@ji-k!l1|>><0HaPQ_~j^|ZfuTB
z+~=BdP(Vg$y_nh%XTcoz58;9XF$}ZQxAMH*mA~^+-?7Jq1t)TR%pv_3IpIH;Bnzx0
z4=<Hc>i^uxPC0hk=T%uyo&Ks+(Kh*A-v?Km0DfTk@<sh5Ca2HM$A5>2i)BE%@WdfA
znG&rx{)hDotBw3sP3iB$(2Yx?e~@?CSIyTrjrH4LY-bOHT`M%k_Js2N?b&rmnl6#E
zSq)q3j!L8N==yt^&(~Ie+;R7;W^*CxZ-_Hn!`PLTLPs*2^RX>B;!iI;JUN@Pv`xM|
zw(MB3U1d5WYr7vNh*bP3KYSm!t`EbGS7?vqZN<@J^G6-;0Yu@f21JdEuKl}KW?x*i
zDcLB3^Ml|H=QFl_!Md3~%(G?j;~AW+`D=WqX!w`>T7+rQnbt<#+H;YRQ<h-`Ri*}N
zn*znBw)ZgCf=d{3@nW~Cmb2M~<T0xGv8<MR_mrNkVU8PJ825}{tpxs^QFxcav|Qzo
zjT#dwDNA*-+NGEOyoje#ES?nhZ1r)m%vw|=DdKMYs3m-5Qsh8=yEoYB6Msvu8KJPY
z;T6pXAR_Iie8lbQ<t!)>**{SoxYG}P`~aMu2LzCSf<d4i7hQbwa*5z-uNhOP)GF#v
zZl}ypF__~UN!{KU(t{!UErYA9gJF7>rTYf^*RGqn+dWqJbbvVn$Vf4>2s5p+B_lAL
zD|}gzsLPpH-N?cz_<70&Dhm|s239w8$c-!vqUI(5a9k!p1vUYKJZpoJ_n2~2KjE$4
z6cc8%YAe80@04UH2J{@{IKK`vKp%mUsUm0UBf`79BJ+c{9J1#<7`boHgAK!4blxNY
zHK2RU<}}uv1@W5HGovDk$}71nM$K@E@xnI~1ehOwAVP!v1q}!UI4*zXcL7!myQ57i
z;P9YJ|He5usw~$??kahY?~Zh4F7}UbhizlRDiM+G110I5B=#TgO$DYq9T(mt{s}26
zOc1MToF*Z72PC1<)Jn$M+~CNb@*z##xKN^1R_cR9HwP-%mKwk)ggj7h(0B$8xDkX8
zs;2h7uB!vd=YFT;X~vVO+Fysmo8RIB@55;7A2b2SC+-hU%;62Tu?V6m0Vs}sn1%=9
z;8Z;D&OZok$um!u;)x>`eK34?-c|>v{SHL&YRK;<0FF?P;hOXXL-_ruL@)VsP7oBh
zBUgil0d@goe=Ph~EjXQ5Ju3z;?|>$PXzy{R8Hg0%IO(?`=%qBCxjzesNG>LVcjH?8
zgKz^0sqo#QJT3>1sQ+&0jyMZlRJBRmn!i&e+x)uZsU(ZSd0j&vN+sd6)|Gs51>Xms
zeoPwbczW7*$$r<hsh$mH4?Aen*B%&8CJVYB@+L`}KD}xs*<|eFz#D{o#?)$G$ISIT
z`Pe>6x#YY&bnEs7YxiX^Cr-b{8*6Q=5B`_`Agdkdj?NBdrF+*-yM9X0?S3LWtT&$g
z!qqGLzXRJ{-fgQVAjy4u@p*FYP-#qG;N1D6(*>7n+iNGVy8G+wEO-@j<#5_K#P;ZV
z_Af^*?C9Br)orjeT=U+ozo=Qb1|$O3{Vdz;QSd*VsF+I;k<z^|kkR4(2jTz!FY%MY
z3(vnI{hpzk^LO-Qf~yuhi3DeZRX+B;G1#B^vvnP{cTJJ7H2Q^=y07oB;N;}sq(&GU
zY$<($T_xlUF-8%XtX@%P_ph+pBF~-^hPllylk1#rH1U-vwag_auU(>6JWR9wG0q)@
zm<2vgWulg+Z{FyQy;?o9I=g!8=*=ZdsZDn#cpSI`Lw61=aIWS}#arH#N0ya);SZni
z3JkiMeC(lkET|TFo914?|2R79fF{=lijR<%knRqV4(XDR4(Uc(kd_i@FWn%FNsGiN
z0cjAB8ZA;HqedeP0SPI;hwq>3Mep8syCCd5=bYa;Kl{Yguo3ZQq<R+Ol&DbFbEI#I
zEtAHJYPTjUKVTfVsz6z{6)hlOGbT}RQ5+$Qee@WaX*atP?sVynfe?qJl+5sOskc79
z03?T))aF>Ps9D-DI`it$Lw2*x6e-Do`(yoI6YLe=_zX032PWJPtbeY?nPtfMm9uzv
zYCkbSLKv5Yxnqx`6>9*f=r>y|Dc`S2jD)VDKMx-;4=QLIl*MeBUBY_{BHIWnikAjb
z-(Yg2?VDKipjUNUpV_5mm7q4;)mc#YA|7B!Xtqu*O9dp|rqL`6QR1lW5WB}^uz!||
z*Rdi#da0CpF;9zfqM|t@oOIlP#8TORw9;!Qlyf6~yzRzQjN}{B<wOu&JHg-L97*OC
z1qyRe-Mesweb3(-Bei5<h^gE%veN4mVIe2hxCix{)i%1yANbAqqodP7Rq+t*xF98R
zKz#x%@Ax-W5QtK=Dz;23$eEeVLA)dkKsVn>uC)2TIQKTAewoFRuyn0}m}0!@WK@q+
zy12j?o-C<yJKh@+w1*;AW<@3Fqx)s+Fd#xHV^n04`q)DLQ||j72XweP5sC!_=TJ`F
zM1=N_ur?|I?6AO&p}2C1E635QfAmep>i5sZjjSM@EW#fj>M^AXg4d(eGB3HxS7Suv
zdT1Z3eku;m0<VJ!Pa4~tM&=5NaHdur)NAbzbvn3ov~oBUd!A>!Kuvm;yydco&>;2N
zu*=?{s9Bftbjl$g5C=H3ZFec0o(2G-3rYF5Fdt!1?ZSUE$XLclAZX%?T%OS5GBu@@
zdEZ;l346$?V^bg9ou1cVe@5`j+Q`$BY*+5*f7Dgnvd2O$s^TtGdVZG?iDgYJzHH{n
z&&7S@(awYt6tjDiNHLDs41_<9O8o=L%BmSDaK<&10iyK^OD@Xkm}s)stmkHFN{FNX
z9vMb4F7@2}2Zqxs0wsJC$lz`hd|w=RaXKE>sCRpd=5?8dfJRdBP7sLGJE9p_Ka7i4
z4on`Vg>po}=8a@JE}-&8M*U3dfzoN_s(ZsyUEqg6IVEi_EmY`_+BP{WX(%taFE?@n
z>jAL)qQkwHOxi1#msX#+ow}em|LpM;1KUdKKC_BV&Heo%eP58cmU^yFU@?<;Ga-gu
zJ$Q*?_LeEcdR@Ix8W%eElvPA_HoeO#bp93T1s>Poxbvm>yeWxK+;D?WL|JWFHLBHf
zJv}MjGt$~7@w_<&tAqOijkSyampHjW0pFZi-H*x754|TJh?36Fa9ddpP3yJe$-H+~
zcb?8L37RwsZ&mQpJJ)po7#DbiXl$f%AXzP^0B18ki<e2{ay+H&^Bq!N`yJr@jg@N)
z`N13*c11D9BQkmg>!)XN_PYs#s{Xh=<!cd|RA@_TecAeG=sRbUvu{t54c*TgwNmXC
zFoKI?wn;W%Ydk2t@+QQGNYdKIz!A9L2!_W?%R2A+JI#lJP$8bDA=YZuE?0S?VN<(w
zCnhvRUAoFxHi=s7oD&Ovl&m@+f-*t#03Sl&R`>Cba5|bWaQ#pI%MAQ;8DF%5QBM7n
zqiMdgp$bgja%|n|{G$}nQ}X8wl#Lo9<>y%3G^r+<Uk8buk79}qDK;YnIF1Y#YLhnG
z7BdM5AIX^y5+4O}X~{eqp$SDca29ddmq}q-7e>X;W@g4vRQfv!(b`X@JAKqW9-{Zr
z5zd6#UB|b72fiuW_0I=i$931T1+2$h%j(p85g1heRX#iFAC;sfCm2b}pO<K;_nv&{
zQ=(Fz*MOa}Hdu+S7a0pAHNz}*`wgb+Nn5H#0`U+Ovw5KA?&oK+1%pPj`1m@pEhL@i
zzNX*#JaWI6D@f#>?(e5%@#QAIT<|?Eb0PO5RAth6CU(7{MgOE9Mv^%pR;%?TJl|gg
z5&9VQUtA!rU!u9Sbb~LKN3V`~KWz-Fm2@$}rjty%Jn(5$jL}sDc}e*<`c$e59^h)D
z;QlVHh@y7bOf2#~rF0EHtlQ`BGYYK%d?@^_a@!>aK6%H@XC1>%g@IXZ-QQ*f`X8-`
zpAF{d>mDV&0pR?NoJ%7i+N5{F#Kz|4q>fHRGCf1qw1$;SyCJCwF(STvGL9AB4h-ph
zbcm1RW4(j*`wz2(@gKKG1)6VC6aPNcg9)&Xm;;f4kTcg2LU(~-h*T9zj4bN(k{Iq_
zHh19df7^POB`k9z`x31D#iw!-$z%x=`_ACC23l__6R)cX6F)1C4S)p|N9TmNQINM9
z4rH1VU-;?ra&h}%&wY{-LcaoAl)7-5lrY!l%M?OVu@``OfQrGD0_gy1N8u2J?6-b2
zLt6jU+nl(RiaBDpH=s5UIQn2~$Ns$ERI|cfY6FJFu5C0;d@B;eI3ZbL#?Z7^vKmNB
zT<*hTANaY#K573QpYC}bOaM!AmK>hn6F(!>caOLd>1k*R_<;If8scY(J?#c4q>Cn#
zc7R|UX03$B8lo>AYV^~Wme{ZkS1H1tpZk`8I>FOF`h8!%!TgolZvP_&gNh09iAdcz
zz(t^kyP<C8$o<KS&jA+j!z(9?GHzoj*!#*dZlr_ptG#8JX0|6uf8=+jlq=7f3e=x3
zrK$9xfl!ZJiWMpYLYf*@qnWSN{^Cfv%KA{17QEcpB07*9SQf(r(f7eJqv@)r!8@Gf
z@Z@Xl_b<S50XZ7??KFj_m~4rIviGwcVBT|q%LoU0Y5*Vn{3;4m1d38K?o=$lJvk8L
zKMb`<I!Lri%dlQ^1-%2|_Vrc+aWKOA$r&^TjOlxS#+MskmC?oQfe#uffPBB1{*z-5
zcm*+MpHU_LR)Ha<&n9X=qPkzjbz=iDyyP<kW=QLnFu{mN7a9bdr@+-bv%MM0auSkz
zt*Y$q>Ik1fm%!#kAG8m^66YyB?H!!))z+ps_(ib;NNb#}7_h+EZ4>`UvfF<m(i}X`
zInI^OhNxKMA#a0L5F$|9&8Gx43QyF;ZMq3K5-@0e5lU_dsFeg4T;Q}q1j!qpxRQK7
z=n;6;>rfC*@D)A=PyRfvt<BUBo)oLZX$_zZ))fG`Ac2+t5}X0h#)2YA#dt%NJ-K<O
zwx9jd-RdWOasKSg-kj7qroc<scmxu3uVe5(qUNL`nC5wZJ${IcvjhJV&lAGgLGQr=
zyq%$IXwSExkBGko#~+2hUt#%T;K>=b;`>Pd2F-!c9y|#h7Ya|UZxS$Y_<(^k>j*wq
zkl@+7#feTFd@z@(NK{tFGlqj`RS<tQK&yOF2}%e>YbJQmKvbyWsWOGj^V3I_3D;)E
zVDFQf4@oAhYu0DF5rf4Rtnr^epUkp0xuca~+Bzu$no9E8U-jAZ);1mGPSRV~R&u*w
z#wQqKMg$t*%Z%lXfe;!po4iI%)>A0JOPHd2G5a8OD1(QH=_fRc7Kgs=9yV<YC3XPG
zgn@lH6~(<tj#)zR-g)qanhx#*MSDBfh$)IH)?yZ1(TGTDR9PfVZvZOXkrp9KuT@q0
zgu%2|tvKAk$N8c-&S&5Xe$R;Z^no`QGfKY*l9@tML=j~SkaRNj+`QlXwh{n?t>0-^
z9CyT^a+EetF}$*$mekqg<w~FplO<E3%iq-CgUEhI-ycPNfisX*xB8%`jj>~!OgG)*
zA=cMna~Cp}k%bJ2C_V5KuWgy;vYY-`^mM-NFtn??sd*vfO*Dfq;}5cuuKj|#59`}Q
z!vR)d(bwd+z+L~O@Jse+^jhM$<ID8XI%{@#(mC!`;gBct%i!)yoUXT&zkXkT2~+sJ
zqWAra>1KDiJoSbPn7~WDTG?CQ9R+j))a~@`{eO^Y>TBE+Td$+;vz+zwaNNJLH?+5=
zKe5o=^tsLEMB&E=3Zzdi!xY~4<y>@kgx6mW9d}=>Y`zH&e&cBylDc~^5kB${g8QfU
zB787BElkk;q;P$C-DTw#7fF1R8oYlp6zDEA(Z|OVL`yg;=R9e4{S>*4+6)SoT$U~G
zY~*{RhX}*+V~E3ur7^Xs1!n}z%VC22o$pz`R_Qj*uC0LFGvaZ+@%N+ooWP$>&)8;6
zt^Rs@k2)dK_x?TtOB2~49JuZ+9QH?kqpsBa{bltI1(qHzuhc{qzY0*Q`Sz|v-No+h
zLN)n-PY+qI05ZKko2Jv4%0#q>Pze+xfsgO)`O?5YskuK>3;baLE?dtlgFD`#-%`y~
zm*1#oH(DGB>t#Mh<O1CsF?Bx`uXycKkG3hbO$WJ7HKBhHF@QcC$glXI8+@RI?SpUe
z4mkge<t2Ax7JFc4teUZ8e~jV|-sn5n0)hjy9_#7YH&$eAW|DZ=;o#tbv8`nESzDgu
zh<No`Y=I{DjYbYG@#_4phl(F8wtOH`zsA*os27fAPY|yTP{fSd6R+@o=>h|=g03fb
z=N3#KE*tIu2Po`C6*m*VLFNPi9(X$>PG#cTui&m!0&S>I8&tocq>uACNPzmYe>kHL
z@fD_s>YDny<UjO4C9DbTK-9;(RDb5}E9%W{Z{V!C->F3R#@NA<hAeIV+&KT`^TkX&
zDmDMkfWF_203VpbR89tnhwk_53~+mR$7`NPXNWXeMse0c?aa<K6vXfR^%#k%JF*~x
z2^POs1<ddtE?pSFmhZ#q$1tdi;%wh}JTzS*S{v;V?FW8)$m9Jw9LRnQk|`5#n~$3V
z{~%80P4kQmBKOJ=U=Cu@i3>Z+e(q>-Yi<<|u!xQiCccBYh_%mJM2^3%KxqGckW@$~
zllnxvL!`Z)isrJ+OIpyeWNiJ<0X$#Q8?r>;%5x1@w>!irN^X$7x1fo{Oo`hOwkrVx
z7ea9NqJcyL(Gu|#j33W>akU>$=&Bl7z3Ovm`_IJRXP(59@p$vb#J_T2cj2s@g<<^f
z!y0F~5T+s7+){@V{X;M)GyVJOeLsUwzD45WkH`O~1-Q$N9o=7f|EUKzEXu^g;ZXJ;
zWJ_V&_H^jR@?hn9^w=`QHmi1WJ@kXu)zbG#db3c$T9tc~Ioa~_sBVmtaQ5(vR-0}c
z)9IvJiCevm!YvTF7f={g5KXa71S>N)1<VoGHsBk_c1I0bfwlGCQTTO;H3qwJfeC2S
z+~6MBep8_D;}%T!%E`HODaXGKJv>v$zB=?j?B@S#^$#NaSLbFW_^(GF*oi@gRG%y_
zkFq}_c9s@01LrZPr(q|3N39ocLW5kG$am$qk8Z*f3&OS+uDo&3TM7Z{L)4=}$hvW_
zq&mU(n@4MM1z;j`d^^4WB}Rk-BIRJ{!w$7>{gG^8`e_^J2jITvzdo5nZ)q%Hecn8M
z@Q_pHOW^y-(cwcyjbL`trvata7AGcWKd8yl#pMb4mi%cQ9rbYwGenaydAC1}{e!4#
z+Zu1pDf!Sus@d&}>Dyi;3_OHa*K$9=R;tL-EQ%me3@+-Lz)@*hG$yB$V!BrwG)2Zh
zy5Ex<O6t0?uZSidOzJaLJmiSh&i^ls_$fntdU_Uz;roJV&CKA2M7Hw??SMW=QQ(FM
zXCZZEylRi<^XPO<Dp6@R#Qo`{oCB&h_6$DQ2cLSmkGrG2YM*3kby;4Ejl-~~@BzGO
zIc-%m#bPJ<`8kc2c5KD(l6T%$)k`VIHWXI2?P_w7OHfR!ppv!ojvq>F)3f84iBQIC
z!X2#{n_g`z!|tWMo*2>v<2LL*+R+du^!~4FR~oj}!1{rKF<}s=x_FpS_{I@(!0Z`;
z32loDtRMXS(&}*;1$bnvcaDQLw7F2zel@hm%RrQM-)NwJH2g)O1V0h|xRqHf(tg9p
zd=bXQy0XBLKYuu5@aG>yWneJ8l_tW6!z{xoYv5OP{!+;}iU-;{dCn(ebw1OGfik2f
z>1s)n%3(441&2D&9v=8eV6UVZWi*5iE*nV&e3tWnYXtyXt7H&mx8fwmgDT0vTuiG%
z=8V=k?sFM65pNy{>|qS+av$wrw%vx0>Y(pAz0z353q3I_2SL9G`RaJ*SZ0c^nqcL`
zk#^;gE40mAeq){Kbx;`q+aFl8u<h9oo5@_z28h5nwQnYt1vcLMX`4U7MS5)h$>8S|
zPs*R`_7qD1@5ygxhxeduhJyYr`V8hH4%Y6>OE#7X_NO>!T)IwKec*(k{!hj|C%Qa$
zsgR;A{JjrACNJ5$@TL0GP}mfoL)$WtMgw`IS2Ybxdv$6eE5IzvUNv%43-2Tb#pK%f
zoOYJRbY}uVBc@*vZjqfXFkc{o5wF@Wzu{14WL52Sh$nO~E?iq7*P}2@U77ux*?`x6
z0=#fmX477}y$PGcPf$Ldk>`@-=i`4Sq_YOwnOB_Bav3Ph!BZ>P0sG1{GGCe5?oHEy
zeFb5+tiF%RXnbOxk_r5q1!v-0&8BZM7o@~Cnt~=_7osgX25kd*H<J(aDCzR_y~fo!
zso|-<^t0SX=H!CjENj*Vl|-RiUO!dLou<o6{z1G6_u&5h@;eb<iHo)Fp88VX?(pBz
z#F<efYC@Krex0N{@gAT1N2`{Pxkms@nCkb=w_m7Li$2dNBu^$JXh=Mz8LYrNp_L|Q
zarNs=E*)(Bd;2dQCJJ0~$*&T{4Mn`|G(Bhz?PXEnyW%!t+9tz22cge7nIgz^cJ#33
ziiTX)VT9Zh{$7oTQ=|Mx*&>chB7=fdVQUof)%LEnnmIAdete2OOb^-1X$CE$eN}6n
zvU3gq=`bh~srCL*JiFwfy`8RE*K^_5s`9Il4V{tJmc;ZWmPDtjj+)o`hH}dbb&!HB
zA<=$f<OlkQnlldVmVo|sgxs?b{?)=)q`lDTgw|%^f}^nrJIq)s7qnA+u4?8t+E#mp
zBa2MhaqR}SZcdXU$HNUJE)6@j1b^Yeb{p)yv`&3A4bC^JdSTJg_U6^n)-FS|6l)ye
zGdBlrpAU3Uq7UX}mbuShRY?;(zTvkTd;T&oJx;OytNaF8<38G}(l6rotop>TKbM^L
z%OufbbJLqk<-MIxd{ik}7Q8WbOKA1Nf!iAv<27AruO1k|5dYX{b0F_rwte=Qw@d?v
zIGGp7oe<+^IUhNqB^^M$z=7L;)~3RjBjffR{vbEfkKntH?qAqWaZ=uB+LUpHjeP8z
zaW7RLK`PyF1e=3`4+=>sgtptG;zpLghj+R9&0*S~I&OJrvFY;VRXF`2fX4caBCSoz
z;YpLs_sDaobe+X6*c{|esEjKD30P-wHa^{m03jO}3;!>EsiaKbrN-D2t1aFxd`jq-
zVRtkoHCA3Ab17?5UY{F~DQ*NM_6&LTl?~YftOx@ADQc27p%`2lqw6VQ8JLlk?s+*(
zfbo>23`$fu?Ftf4t+Wfu#5<1D<XwH>N?Fo|q}$AtM7k%Qab^sEl*v2gjJ_*w?|D|(
zhxU+U2pYEi0zrR<INlfWOAe~k7`d)+x3#5J@Zw%kMT4vVy0{0R_CAb8v;7=1CrTpY
zxj@m!YPK>YYl5OtfPtf7?$!=8f4C}6M7j(b7;7$se$5&&_NtvGu%M!~&>J6&AP%H`
zI)q39@E(y&qKE)DvJ4;q%Lrh0ejrxQGr_ngXe1Q`77tI{xN5n*gDdp+Li?N@rSrcj
zmqDY2PF~Fda@|?mvHl*>UH*Cx1*eHtSW?}~-xM1-{H@Zn&5#CA08T(ygIqlT9L@+`
zr4s;Q3l^Dul*!Q|K!8hg8_B#qR^1~)x&nzV#sdiYiZeX<`d-3Dd*!0<D0C}V22}UD
zLk5UrL%2W*{l!+Sz86EW%1$W42;BT}J|G1wkL=Ed-9*Jtsr||Ux%$v~@wd|DNa9$a
zbX8Oh4T~hyS#@+HmUw{X#j6Bzz2d86bv{W4ez_s~{i8~-J;?@4;_i??<hsR6ay%5e
zMN2PCf#jP?p91nT&{t)z6@39D^;K!kL!h3IFnU1wd|BKP80hiJ6%w_;+5f#)n{RZu
zfe8?St$GjQ69Tosec_DA8oIlqfHeC^;+p&4k2AoduT<~u6*@@?^!U1pbj1?1HokiK
z(K+<aZcjOfy_ixvp#NhaNcH9D-dAqpp%5)D@Tgr8fF?MUb?4m$`q`6GWv~172)8l)
zB%QS(-Bn49MnwFq+J0A*yPT0HV^CG)Y+c8;JOQJTXWOYi5Y5TkZ^1nSz%fQpQe+ix
zPQrToZ&_pKBX`E3?b^6(o@MV{AhvfOXtT~1caS}Uje|3R^l}a$_W@Bpf!kQ7?A|+Y
z0iUGrJK*&(Cje03{jYtNypzVXIho_)($I|~UvQA{4H^8b+?Y1q0<1A4&RRPk36H-u
z00nrjM8kx;N<D|peM;ve`ON`IHnaKg7tmF>a~(2B<ojJuA?{WDY}i^+id$piIX+7w
z$i@#2?*m~@|Bh;wwhw)oz-U2V+F1f_@5*^<%xC2{pFzblHm}vr#e)PRqo6Thh2hMe
z!G$G>X4KjPU{JM;G7!L*b6XLc>2W-m?gb~2vYG%p$tmuQ4rFUqrr0I|=VP8L8?pp6
zfj>^b-yDvn{&t$K307>h_a7x)FU3PRP2lSkqXsTkg`ssv3exRnCIm~)K(~?@!xrA4
zZnN@&nqn*k>Z34@*=Om8o*3BNM3I2R7M0N>yWXp+Zl{q&xztou!u6CcUkB$?lp~~?
zp;Nk;cuTHCXMrxxj3(|x314nZE1S58mixcIENS?Nxq35IZ9>I50&G45jZ05{6x;#(
zvB;R+<2=kq1rDFT2r1*un}en^`Da^NERC=PvlS-KFN>gD=#djJ_ms$rX=L^6zk+)7
z(e)R@v#t(XSYOB#y8b`{xhS7ml~BDxzZ;~$%02(LD@3NCu<Za0U#@h&?1M@E_xR|h
zt_pQ>bbNIwpL3D(H}-Gp1$EcxiS6n?NY*)X+<ETiugL|^@YRX%tCp7W-w66IkLqGK
zd_l@JX8W3<oBN_W`J~nVBxpM$T)^;R()29#x9u&=Hg#pO??*T?JZ9A4)oYRK!&M)d
zMcTy<AZ35`AkQ913Ra@7Q$Z&3SvbwD^<RZ+ztN%2FU;~QS5mKSmjs)_&F{7nLTtC0
z6PPz_*KGbl7H@5T2dAu|yHd7fK9Knou+K(P(?UjfygT1y1}&xbzDZ>+MEUN5DM#Nz
zE#VWe&u}YKAmB~LC%*AfSAorR^gKL%^krU%c`3hp=;`V?bLtrJcaA;yejU?!<JfCO
zpDV8VpjOYTXZwy_&xA*$oIcrt0$t9-o%L*D#tQH?K4|G><0_R$BdL`1srZ(y=;(=X
zHa0O8;QNhw?f^@>W%0%14S@JxESQUQq6RX$J`hM?m(PsVWi5|zA^R%8skc;V?Mkl!
zDR(_QI_WzF{__0!R$_I2b+Rg_Ht^U-UC+9W?gX=r0%B5?eqQzr#R8+ScJX`pxfj&%
z@*01V@F1&Qnm#m*-1X$Af4BYRxwGMagh!}tbNMcw-hXv+x2EvPcgYB7^TiA=PhfrL
z_FaCk7+Q36H@osYw0M&IiyP1HTLpMF-UIaSG9&Hj?m1DLNn$1b2X+nmTBtjvfuyz@
zcLYWH`x2|5B7Ywa$bVAy7y&gDZbqXIw3w$W8XCN@QcRyoqk*0N_AE~Nx6RHqx+969
ztAZ9J;*Wab`PAe7asiEtQ(llzU$Y)t6-S}w;m!c*hUec|<zHWLJre~~yX$-t|KbSW
zTXmpw8H*ezc<y!(zsx~C-NnmeaK<SaC_%xUYT!>v_0Jzau>(MQn*-$E={==>ESQ1E
zEO7rv2`;zzr!`uQ!2tBs^>+J-xppSn1F-gf4V(CX^9UrvYAVeF>^zU8E_+STe3$X!
zf;R#g?V=%UY~EDuU8WW>X#{Nf$BTO;13-ZbVH=ILprPZntsZm)yyF{ll0uOTq#*Pj
zO>m^<|E2dkysY{0FymXP>I*O&5YS0Fxke!D?f?*(?ZDM<+M>M=`uUML6q<9A!EDkF
zjaf})2G#**@r+<0$Nib~!M;Srbkul_|Ley$#Rz%I8oqjWgZ;CAkQB~(CI*AV;XgMy
zYb|~PbI=Q}Hs6gag`|HFnn~G+KJo%JXvBs);p6&cGhn9w9lBWo{qyj-Xa%Rg%m|0S
z%*TwM)WJsKg#3C)tFosj$+e|Jyc{)gnAM-lZoP}}U6TBhldSdWq44p^@8S4|;n5e{
zf59a*6|O|Dr(OJx!Xs(IQ^HfxQ6dZ1!BSUUWA|I+rcUwxLG13shxohOZXO*mPuUW#
zEllPxcT9u^hsR#{T>gVlpNu_Dktu(bnY|TObFeg)V*bFZz&t~H&s0PFGK8D<7a*Ts
z>MfBgj9f7`?jX<`avZDcME-A*Uvm`HDzG101$j@pouF?mm(eIC#PjCgk7J!V-e|U^
z{<n3VBeOf`*gd|Tv5vU`;M5<t>u}{w-z{36GOhiY?l2s7u{!-ml)qFEVX-ID+U;#`
zSva8Lg{d8bz0mzic%Gq<HH`(P+pPA|HE@0R-iM14=eK<in0)RN`SaMLw4=B#)8Z|L
z1isOI7y^+9!2m<1Z164rCCFWyMnxs<JOYc|7;S0yaWS04`o36Qq~L4YpugcIUczH=
zxkjy$L2>Yd8p~w@pZu1}xmDsQYkYc5JY{vsz*T-}gtDpvJdqXbqBmh5=~&6HGK{_O
zr;sTqj%O;5Pzb>`rjN`sf+hPqiC4=E*LESvl)K{ileQf&(3^DWy1z0Pl%6>HoaigH
zFGS(9xOr&ue7ah&4-Hq3LJ@*7fR!Oy;oMKI4tQN)08!~>eF3F@ec0{2E2TJ&?*@)~
zT`}U%-~HV)sIJc6ceOKGy5v!J=x$cG8~mVjTLEI+4AxKw{aH9)?8>4rJDWCykWf=V
zBrwt$LM)-*&$L0d8z8`jFX(6mYVIs346bAj5YoQ760l2Fs+2C~1apC(`!hmxgp2n|
z5V>Bf-?yyjiQ^o&!$F({VKwzPBiTOmCLvERltCX`q#>~0ThW)j9lTM!T1}Z&a!%2x
ziqA&>xa|K%^LA!XWaVd>g2{(nwT4fD0pLf9H|Edc_|(>)<Y_>$e}>N)qStfEKg+Q#
z^U@54bl8gw;^gSuf%<4CIFboP1VP4~q}2XZHM?Q5;~}me18)rX@=p<79z0c`d=GuO
zYQZ6+<fqUH>@=;&BGtXv5GoE*UAUl$UhCpu^;Wrx4M^0_mf~@Ium&lB{run$*7}DB
zDQtTWu$DZS>Da+X9+_$euNwlrbHftElQz2=JoYY1Cd6cZoWIs%i8Z<^#fkaQAkNN>
z+$VOEkZcHSJ}wbYx*5!H5*Joz?IE$0PWD$uKTgV^H3t5){o8Izx)El-&ur$@RkR^V
z%+t6=?v*!#v&TouBpoeT4q3nddt`1t`UVftoK(_(dqM~cE@qKio?<FPH?oJCUtMur
z5^nkvlAy1`n(s~*pqnf)Y8wh|Kc%Dy#Q{H0O*ooT{r+zszn^=2s92;2=HGgJOVFhs
zK9xiR2l6UUI0`vcIRsv7-UlkE`V1;`-#q@!yMe*_a|dP(_{b?q`(i!b%xYl}=HY;?
zf4azdP(YJ7ui376BO21D-x#aXx3qQBJ!Dj0%e~@@Q8UuI(qV>P&vYWNPS%JE%#-xA
zhx?owGJ7j3l+<`7tpwDc2ieOgN7}s*H}9nDbf!6U_<1p}V>BcSB1%j!*t-G)N71Fx
zhn!39iDhcKzkMb6!(`tL<k@d`#Sh|zV)LPVQ-Zx1J3}J>xYjW=<$+nod;JUYRYSB_
zi^1DSyZ?MTxJ299dt_5nIh@^TJzH*NzhpjoX3<pG?mZ~NVVuO<@rc`dI~|fw6(1)N
z(!hc<lJr4pZ_qL#BOF>hHCNIQNGv7)%(Yh?um-b>;jJODL0WjLPz~T%FEbbIz+bBz
zN=tpRcpE37&e*1_)(O#|l>enB&tNn#uH33;$vXgz$g?lqs}#T$nb1njP@h%KHV#77
zayNtyRfedtx@bFe%J#HRg&J+)=pO0siAt6uvER&sEJk<%{76`S>)EMDtujgbnZ1C~
zm|5&&Y}oZo{D`9qT2vupCN9@g^7##|S+|NztsMKA>4SbW-xkJ{o}X}DBOB+ewhP~n
zPdmo$%DFdL&V#zDCD|rdzz9KqC#=B@ujzTmVRXnv1dgVllcD=?`@jf)P9EsC9gDk)
z+oa;=v)hm6jvMY?6vD)Mp04voqmmv1wWWWQvvBsLcxPaNNr`5aNefB2>AF13-ccJt
zylwR&lbTk=alW|`Nr*`w+%tnV>Q>tUqw4dir7sWvLq!X5z7ti>B<RskmtQB)tnnw-
z--dB<hY&B8oDzHWUGhN516NDbbd`QcsSZf>FW{4I`@SLV5BMn79wACfJ0gH3zafOa
zzfqiYE(Ue1ivDC*6sR)%9~NI+^hS&*63>o%HTgMmtzBvr<jPS+z!iRi=l41+UzJ#U
z<vywI>We8=-Cb$W0%wRWe>z1(Y*WHl%od0#r>ffHc&`$UM`Xei6{uVdEuFe#86F;@
ze`_SA{4-y_uPu%{<E?U9Q<fE=G}`@@^rt3o-!DNhl+I#oru84<a_jdv-WH0)aQm4A
zvqra!t12o!*aUi6I))Wtc|+!XD6UL=?#W9d`vp#vSI-+c7Pa+JwP%ZwNT%~65ckh{
z1#lmN1+-`pnrMle87or`2@1_v76l8?ZGTi-@qC$xSiO}YE?t+Gh0q&3?z%~tbVK?{
z46e9g<?_8?wzU;(LY{ae7HM(Bc+o78%`pPXFmTt@H}JlK85m+gg^W1lw+aXhF<SSi
z7^loYMV(bYhG&VAjkHraKmHv+sDry7Vcha^Jw)QXQzmJh$r6(JRAMJeR~(BRKpFs!
z7$vYaagV`(AR!Mh#@T=*N`!*{ke8E4{x>B<79i<!Xi_I6{oE6c4Pw(%0Uu`*&@g^|
zP7IfzQ3X!s{<VR0{^4W-mw3u*5h)p;ZJRhKFYo`JBEnhE_>Ea<f78P@;%0xdwG|6g
zs}}2wOw1|RzpG`-1M>t?Ejq$#t7NZ$p}GgO;2}}b_fPTj)L$UnaGDPikt%ly_#bTc
z$taIe5G;4~#NzOFoB>mMxLk88okm_(&nj{fm0!(W@`A{F@2D{$g$tzJUDBaTM_%2A
zKlB^RE1=>f-VziCeU?y4G6t%aO%nv(eHPlN0Vl3gNr(qf@Ph7g-;7i5V2Iqr^G9Mj
z0L><zf?qi^6hgNQuR(oV5~QeHg$?o`ac&8A6GXi)hm5`t#vH)+M1lAxa}TNlCi~ln
z@RWqc<j|f2pAs$snYS?~Q#yRMt*0QL-tDb$-x!Eg!ZCKq4+<Ny8t@m%M98DM1knTu
z&T2zLYR2U~y?g$G4DM}{^gH0=FZghGNumLwPGEzpt%CA>P}7RTDwqb?lCkQ*7FP4n
zqcpFtJ%8>61BC(!P-tJfFSb`(hQ+6p;HRTSPs_|(Ss9O%`SGpB4U8K+uo<ols-<m<
z+b-cu5cT~BDT3uD#{44Dq)s&3;$v6!2QvZ@JR@9!AsT?x-}NJM5kT_}pUYyE*e6|*
z*I^4uCA)(eN8Aoqxc&L&lW*}6!{aXqXfW|J*7WIP|3PX%qNH|R8DJ7rp-(YNVptGn
zzx`EdQ@R15pGD<+M!cQ2oR6ZE%Cj9iEk|HQLzI*<UXqbN5Y8Nra{Ezq!JJ*eIAJrt
zipgU6S-ytXE&tn4=FV^#NZ+u{rou=OY50_HiQt2E3Jo+&*ol|HC2w=k4{q_|+?mUj
z@C5pHt6^{TKgo^JjMBHmDjfSQ<2rdFu-dVic;T`P1LE~Z@Tx+^-hCX|G?xx`HtY<Y
zbTihzjeTBap~p&Ty@>-fwoy^klAY(%Nxu#B*B8^-nrVj88)iKH9(N6*CsvV*a_>R6
zTULvyB&pG{?rG|V@A`qwq1WI2LEBqzncjQnLVuj468Mgf4i7>FQ~%-*t$YVysilL^
zmF9CA2Dua+^rJ<9g;6>&J1v;3>zf=J{WZF<do2M{<$|~Te-&=dFXlT|uAgqp#MrKc
zNd(H}q4L+6b%9g&pX6UJ5_2!QgX1sUv6~mSD><>ug3RFRBUeL!)&E-$i0t=g?99O5
zcMszx84F=ri@cs(!=Yz7A!XU_I1p9v@-zIQBrW)H^}43;R-?N)d_o~V%<><E_M&b4
z!s-%yE$GSY{-0h~crA1N{uUtgo4R7|ICgak{GiatS)ck3;(YeQX#stv6MlT<F}O6)
zWG`7)i8}T<9$yPkfQIQE6$&18wqK`E#~xhTE``Fwl&{_W7>@1K-k6+jtZ%0Rw$=T%
zW-Y=`{6y8YCxsujLkfqS;y6q4jbE%UpIJg3esX8P#@F{wfbbSBSM`7YDBDs65kqZi
zHpD;v;SUTB-OgU{TuI=P+HM{gD+YCN2ZL9jFYYnU;{IE8PU7*(Uf71a`4yma#~C<*
zeLobd+G*0+jmrkKp>4B?o8KBZ*NYH3^FMdI`>3rZr#n&IR2i#Q&L#4*U!CC&8`qQ>
z(C1fBG4CSV3_Iqf7%b-&ZE=o(&b4hu3QY#8HRb)5vQ4Dt5|?tw4zU{srd;0L<lh)x
zy|x<|A{6-tQO`B#a^P<aub7>xG#e!`7<+P;ac{=(5Hq-o&_|)*;*W4WDlzEh<-cMh
zQ15CS4?fZTHUI|!ZX7;Yo*=K!)MVh~B5UPM5o!RgKp0+e*J8KP2{IP0G?NTs<^)ak
zRV|n~wb|qYroZO>BFQ7Y*oyY5GwJh7SB#x9-4`)HfG>BfNBU&y&=^F`N%_|1moqQW
z0NEOmbI-)%r9E>p8EBZ(b5nL3S4=deK$xan-m}x~#w=2?VV77eOFs2T{sZdjeYl%j
zNr0V?xn5|bWjTcVi{Ngb@4Decjo*twj_)2XVA&H9$*D9n0I?e#8)h{EBJNNW%dcZK
z|N3aAUr;CWd8OuA@TbWQgib6YtrP9{>yfx7B@WU%!uDr(M*3!*(V)jGnsuZ_84&k<
zSSBXG{l>XpTH+qG&NmD8`}&oHpa6oGTnDfIRn(Kdk@U+9rSTdP9dwXd%9Gu0PlM^2
zv~Gsljv|J7Y#{f`YNZbjbXeQV>P%nCeKFZ-boYy%s^4F=SK@qI>24xduz2*B2}yTu
z?vlejeWnnDoMc%Y>eaG36x0c=8wyX^gdX<G)5IdOv6wiZjGFGLUQ>UWPf~BwS5BW^
z5Qh{dUWfey>i!M$Mu%R?cGI<q;{Jgne+OExNJmY;lsN278)p;H!TrEve6y0nEhrGw
z88~MXc7E<t&^^h1(f#-E=IS5BE&NA$;L+{*^7=*H(b!Tq<%P{bo=6{$#{nt~y<wub
z+UA#&Gq=49N+*|3QQ>8`)IE(kB+Q<M*Vi}UIm|C^nl8G!Jq~WNr$&i{7tS1J%!sTq
zxf2U1@<N%5wzmtim%3YSbwdEx&czFyt3B@DZ0|`PM*x6!zs6pR<ZWHy)-|Y@2cF9=
zA0j;uL2Ulb@hF~TQf~cb+~1nlK5x7PCyxET6l9(WFBUj0#0!K}yfzR_M}Z~C9x|jE
z<hmMSHhbW%{JHNlWS+q7^=Bm?q%E&dpyPM(U0O%)`+W&+0^AQm<?g>OOMzY{x^P`j
z8+@|r8f)T#B`^sy>sA)0Z1MeQoXf!ny{{jEH2sSuT;lPpKcm)E$^*+=3xr_yIF%&V
zktqE>zTSb+2M%#l*4l=x?qNc}2*_TK9ZCC1%nRr{Xg^UBIU}JVzwZ~bNOG_jMvlgz
zbfJvfh!ONTwSOo9><ZRNGO4FNf7wpuS21?nRjJ{O6YI!uJN-R}wz%S#)>oQtsQgK7
z%+0vMC8uh9d;008TqIF^U>&Lc)Rp9qYT8wQHv3Gt(uklT+R@h=^`+{94_X*Ryv^8#
zc~3`j!K9QJt?h~>tM$GF6?(16&0O381*Q(Dd)GTC+n>4@C*_ajVJgE+kYv@`H@z%*
z+tdfdf2y%<ikJII={#S>8ft5wYlN+iYmV^61^Ny$l|f#l;5D!=ITLN4mI#QRPrf4N
z!`~~83!L;GQ=+WA0JqtXy#;Mg)=n}|X@+Ecv;8wdGr7c;)tM?b+b{E9^_E3aV$wDm
zhxKHjPlgRKVYB`+_2Yn|Kna2o<#YeOxdMl9bivEjFL(~zYyjpmZ!`<!Bb6i~cCDAn
zN4sl+gngX4#_sT(Ssk_0mXvo@{9_iRG`mVi{nhG8TKj1*rcJA)yvRJ`8iYcJ(-d9P
z3|=>$54wC#aqZGwH^W^8RQoNu1a@n)(ItD5X)%M^>Ox<XkD#MXBsVVxUhAaKps%xP
zI`Qp7WFjTq-tgFip2r|Njz+vL;4MK6pDQYd8`I?(UUk|CXW7JOUyK9qL40;nWUy`)
zd^X<3IQav0+o1=~o2i-=IT!qsDq-M46}CIlS^|>Z0l5Q%aUd@q&H9Awb@60NitLo5
ztJgs~YioOA(q=Z%#fZDvmLI|rmKeLjrmjqWc$Par<%2)OwvU*JTb<yLY$Ef)IqC`6
zU@%v!$8B4r${H+HXj>Tm0s7pWE^<9u5o_93F8n<nbo>s_xRHIN%P$fo#qbcc1dkDN
z+1SQH>D4Wtu$5Ia)XJ&CTl)!~<fPOAdN?^RqTwOJK?6S-5&h<Y(jdj&_w@p)oO`j9
zqC^Inj&sI7b=^M+r(7)82L+dYPSRXd%&x~tbPy3(TPS+2<?_k-8>TY6sxO8jUMFQW
z0_JxA<=)3XZm-3&4;OPzX`Kr>#@(-NRj*p}>@>{lQ*yQaV*6i5**6xpzNus@8$sAR
z4q_eo3x0U^Ik35h))VKk2H^mRo6A=#r0tmNS>*dRB2kY9UN||RN#A@8sm=AWQx`|L
zHW3PEw&P9<v+~WENkM647T)d6xbP1OhH+YvqN62aAobFe)#Q9VFTy0WPlXB7W+@#@
z?)Ro}Y?!&#3KT6>Fzf205>UC${p&iklJDf#xEr;~1^61YB1KAV9r%A7KQe15U+T|z
zg#~CPPT3qoYAW@axdCD(1|mzu<CpC@@uXYCs-2YeY@xkMhK_p`qUbT)-C<Qk@0clR
z^|{MVw-0K-k~#q^={-+U{&YmdKZtlW>4vu1S0Km&`tBKsu(zn)U2Hh=0S}xz9RBQ5
zNo0gQL(f2DlsxTKsdhZt<<CwOL(k2VQdnxbs6|Q9=uDMVLG}651NbK#T^3_OxX6~G
z0QrJp$9IcPN=x$A7IdZVNsfTqBW_t;fosbC)2FQ!sne{L*(%iHMv>#kF&m`)Qle5j
zAK3yUbIMEFzw9EnjJ11zTqh9a{kP$*iZAAjp%SMRD~5u7m*kGco@tVKn@W{6ORTo~
zQS)u9Z`ywT7^jZ0R05lQAe|_-kT`6Kl38<B5$%9Mq`SV3_k3xOt65bkvxl@OP*S=m
zmTm2NhLnoIY33o4?pY+Ks`9%%wNCx$EZn&Y5p{oz%ZKn3reIC1%y9}@$?2#la_rRU
zqWrIss!!u1-YKVhJc+or-{JOlVe{8lPG{pOS=E+l)4_Cz!t)IXa}!|Y#Y&ehi@umr
zWl+e#yF5`0;b9%luX;XCiDQAMjFH8I#fJRW&u#w72pvZT%Ht5pib$RcKmERruOG=F
zN<s+{vEB*!KjSL(ndTMIU9Xfd1p3CYy;Ue7PO{UAj(x+5==+@5Z{m&t%n@VYNra!s
z2sH2kcdnw8?P@W32S2N-Op~c0@fz~0W`w9R@vkhQU?*%e6r34AUuo+eVhdZR!lDAj
zF%toayd<fNQ>@2Xrv%RR97#mS6@iFve-Rr1th?5d%0%SAWJV0Gs1p&6qRB@?F_|RS
zSYvb~JZY5}&a-1DO5v!Dvlhk!QrcTa(v_1B2!UL6d$^LGR_Tq#`J(AYvxO~I`4Kk1
zgurP42I;EojBe%9E&Rp)2U#y;f3O7KUk2^=?P2q`xy6Id2Px<nxnR710&?RAF9vA$
zx>gagGeWPlWhRuq)vK-RbLIQ19Y%2iZ}q(<7vs%0GUD~u58>TDHN)b<b?r(pZ(snQ
zS0h1^JG8fYiMEgNt30g2K6#W(!c>d8s}}Iv7zaO+gL(LEn-|sV%7GSlDevO<yfj(b
zw(a~IiNH7|;fuFF|Ag%ecw~p>t^c2+xAK`O0h;-@j@E$M)+aC&chl<&2k>)j0v|)b
zBnvCyB&YCP1l;`365_QmHaiKLU|={8?#oC6;knt)RmOvK2iW!VxK)^a@?7Not=h)f
z;@0nWrk7mc_63w+WiN=!<&NC${KCm!x>*9Ni`;zg{<NO>-6gq_{$Si8;UMQ8AZ?vI
zrUEoNT4?<hc#Yq=c0m){h2KWQ%^#fmbl$nvt$*Oa!gfjY2B!77<lAX#w44-IBPh;O
z2^pGqQaC-VoUJ`}i=UyjC^z;8!D~Zy7R?v4YI>8vQ}05R-Kk`x_1i}vhVJmWARfE`
z4<PZY%(nP%p3T&UtPSat8&;n4cwLo%syD>JVx%2fE_AJv1se6-{2Qk_LRXm-yyeDd
z><(|oY3i<qOa^j8BEO9AxQAsl8`uP(o2_QABg~V{Gp6+{zKjQPcB0bPP22WZ$4YpF
z#)90Ca%DQycp58B@?06mKv-9i>bsM*5E@5yi$avLH*stS7I&D;c&gghN@_>X1(meJ
zM~%4R_1o7%C0!h+bQHxXbikK4>QPw=tTj+Jp8JNhr#|YyZwjAuwo}8v``$52D32Y>
z(0986jgJgBuiSCl@qf;W5aJp?m5fsN=CCm|$c!64qWtwj$NG7fT)z={@;2P<ZNL|m
zfQ_Xxm5YZjU`apD*S^U)k)_AeNcs*2zi%_vPc@6M(C`vhpRiPlBlBAk_+Xg9bVf@H
z5yH-axIVY^pC8)l46T(5v3++=&)(>rJf_5-vMX|i?b>#HG;#@`>^4j-S4>NF;rr)t
z1!FKAkDsV&)seNJg#(|{Hwx(mdRo6yzN|R-{Rn&Nbpk5ZXW`-p$A=5&x8Pqx2Wc@c
z@&W_m5WYg?OjfPdr#Yvo#iOI^C*D^9x>jC)gLMjj-q!zvScm@^`Uh#~9*kK*b&ubC
z8TxB`@tY;puOscOFsBdeA7nS;%ChD;6npPW%g}Xxrqn;k>#%Oq)o?-JsNFInmTd^n
zf^Q416=LTUn!~}*i=Tz3Pj9|1Dy)IM*FLZ7IPgZ;t2a!mWijljYeMs!QwvV6N5=h}
z>EC}PgPnhOpN2oWZdnZrU+2HN=3D=>DHpV|{tse0bzOcj5fakou^CT`GDE3cP=3D*
z`C^;6scSPCd#8C*w0#Qj&PM(gtp7j<s&7&mPpvPVy*s!JLc(oG9&fh@oK2Z+2T7t|
zrs0=pZU;%Zd{$|Zhc^bbZAWrg;j0XaEb<K*(a1QLYSIla@-)<EFD?8uzhk0PA7JWO
z1G`rCmlNH*Z1d8e@&xfmg^Spd#Jy1<BrOy#4wP>50+p`=e|dCpqMt$A@T6R8fV=8l
zw7Vxk=*9r>)6e?af?Hq`k7y5&`d{yyWX6w(WRTF#U91=Toi*4Ym52Y*?bv8=(}Dlf
zWu}A6ohW@7A2)lqb^mqQ6<Hf>fBOF(ck@F?NB2G$oTjx~?PT|@&xVY@1=cjEr2F3e
zQz+;@ezIn7?-xKvnfny*qbntDt}&Z4apBIR#;P;9Q@Qss!6Kd=M<geRmGiyiD}D9u
zO0JrjH4aPBv{^ywOG+Oh0Xb^aU=WP4MV3i)z=7*azDp5%M=R@1@*_%W7RrvT)32gx
z7S54VjRL!H>%stc{=1JXZ%R1di%1Ehbcq(Evo)qZ8Z}i5c|VV;w%CnfiBPWrWHlQ7
zXiPkCC84hm5!j$1EsHHGLFph6?J1`%C`%Tr9e@yG+%&PIe;o(r-*$vK<H<wGvImKN
zBPm_1g}=U;f-OsqzGtUu76N?&#^4fZB0fw}_aOW4iarD%K|B00&v*^ai^|z&?avbx
ziH<jEU7s60Rf=<_c=*B0?g-T&z1Hj-2~I~5yDgvb$#e`Y@~qFgS`pXgE{&zAKl>q~
zg_Yg@`EDB_a^35QK_&E*nwOyI)LD4U<YR17anXnSo1;0iXI-%uw=^$Z4*ew84$kVO
zygbp4LW_N*40(;?^;o%@>wSgc8ggM^!F%-|WCG9$_5VR;SJt@wj%?QjZ#8Z;nlJJ~
z3v9i9960hygbp*6h%Ms6)+UE@m>aJ3{z#1cec*SpfLaS}nSXbK3@aRB9thtjxf;C%
zmuhSwX#`euw+!=o8&&~x{I$3I%1=A|=SX3>t60O_oz~<0?w#A5i@KgSwnG|kY@`-{
zo^0NrP0vFmK{R?R;Oy+C?pAwH#*&?Chzc`9S2CgI=)LeCslSqwhkBM@_PxUNyuf<G
zc>RGC)<WBRhE}rV_Nt+jkWOayZH--lh3kTsH-l)0ZrRijVJW8lxXy3fd~Z?(5t|d2
zz|)2Z&HJvy#y3uY5rxaFKM<Y6jViH(t4ZDnto?woV&brY14)|iwTbL5e15Dy-*)94
z8=49$;j;aM=n(oE8kG24dWvN}tgb{5C1Z&SRdJ;k`C><F7F4LkD1S-e+uOnH+2N4p
zlwTDP5zi3Y$cDCVDR({-SApZZ@G}s;Qo-4htRL=eYoK8mrdxt+T>O^))k`M7Bcjbn
z=1mLxSxJQBlt1KCB~26BL;na1=Q>kcek}mer~z?J1OqIRf%cLOusK1bSL8Py5ZOzL
z#%oig-8f>K2-9qelQ6>}#u81Y00TKwP;8@$*85*4uuuX<RyeC{vf?1eoxv56Lv##u
z*+FAUX@4t!uj)v*uM!L7o7;MZ8_MB}HW}CE4=lXaP-O1#o40ZgOJM4gOR@b=+=B`O
zTgc*lZ1{G0*Rt2`X_D1>Ux3cC;;GQUv?(dNSspr+nK@2PEAtnZak+%E2mo47mD}&}
zERky~cgGR=aF|q+`4De=+o?~@fc0>3yJ4?A*qmtgEn8&lG_m!RqhknI+Y{SL1d}}S
zMUKC{fPx(gBvO~$WO<w-UC}yW`Jt(!klb36rtnRC&qeR6ti8zqD_Y}0T@VUqjd^M)
zbm!KF;}oiYujtZ0e4blno;K(!K(m1>Hk%G=*#98uWTjlyAT{B8^iu|WhE?1vvx6MN
z>hznkX47MPn6?i_2gJQ)F4nd4#eMQxV$51a-PukZ_>yu`KruQ02N_pGb}bmGz8T>I
zaOf9VOQ4mUf_i~r?M{wnAey`fjuVb29Bec}%a|V-crO@xuDwB5_ttgZ@DM{v^DU~-
zkNnAqJ9v)l`pN34fmlWWtQGS_S64qh&u=jI*>27AxFJ>?Pca=UhV?K_w{==iG0UiA
zb%rB^nzm$?aAvli{?D=|4&`_@O}7sbR@tgOR}qAPUqLkWH5eOZ2}OXWQ&GvO13$nb
z#=kwa0;IIu%Zh4GmBaA`lln^50b}V;>*RZN*vYyqpg}-`U*m6pmUuiCWi+?VD6)hW
zQ{C&8kk_m;l2Vvnh0Y|#jq((M5oH0H*p~()pYu%ld!Zlrep#DKW%v_}G$!2i`3zgT
zR|NXTh&PP8R}-tu!#E;FdE>R{)2`a&Xg($*R+d;WiK^X09dvK2!%7PJlk$;AF@ARN
z1!}Z7_WKGmqOp#=(+118(DINLCWKVfFFMf2Zazv^c<}6XotZ;-jPfj9)`-7$!)uvq
zst=Dve8=<izQ1g&QMr06F4M$&xu(~VHk=e|Dn~}_$x%PWU1BdBFa&$jm~GDRBjVnZ
zX#-+i&JsnF>IeksR*a%brx{~;Mtin80&$k1j^P$kdCoXtt0fl9cUWbs!dcj=hpuge
zMtsH-H<^+tAQ4Cy{_n}!(c0xZYSJwfW|<pNwBBPk3MUc%KKg_z-r`B_*Y92?<ho?m
z>w{q|nS%e`IWadKe}V6ej!r{raOEbGsa|Dp2gAmAp$I-*H8I}eWr&aLjJtfCFQ4sc
zNqa6BAZMCdvW0zmTIAZniB({>PVu+GELJuy1n#K2&Hv=#?29bU{ne4g1mBS_>J!50
zf@ZE;iSbLne72g@Q#0GrKT;&7acus%G5%hq-H7aO;){><xrMi|(MuNKWwW9o35?+-
z9F802pWm7EL~9$Vq#<3a;pExIB*|K=NgL>UBJJ#)iIn~xjHzV;Mnb2U8}%*sG|Xus
z457d<&HMuAD&m~h54oOlmxnpN#p=O)_PxCF!%!4VrIFyo)MCIJF`kr$!oDYtg+x*$
zE0xb4nHn=5%!)DOvWY1c61GQ6pj^o`JV-4xYT<a2-$u*caW}z@N_6hA!Eybcl(D9L
z#N0>46>m=|<;4-beWorDMa!zhq*msniZ9m>eXRPFq?YXocBjq=tU~8FdNl^pO|Ad*
zWe{{PAuHh>Bm;TthPU=X55}|4K<tJMR*w*53{(2Q_bBi=dvD?Q7S>cXzwZ#+XiteL
z8)iP?VX#m<*4LHtQ(~`-ePu9AOo8wAuteXd<e{?@#;AH$Ma<=if&N@|1Tf5vA2d3C
zdz0G3qk_ibDvMO*E~lg**!_<<fr~{dAREpfJ%lb{;cQzn#C#R)L;)kA#LlGBCuJab
z(%ve?IjM?WYORQ!sEIY=Dz8VOBh&~hVo0tiL1E(AM|J#1CX=Wt0AD>Gp&<{_S5%iJ
zHT9~3#ib^bn^GR<92qLo1s6w7CKbnR;3z}1w7H<AyHh$Eq<M?0usKy)@)MO$ep(>I
z8elO2e-Rs|R|))BYebf|qB@f%4OW@}<@bR@30^KNKKLC9ZM>C2TYgJ_#*j#6Sed$=
z6V!8mDgmZi+a9cS3W=C9+Uwf-sM6z-1}esmz~~E5{H=m0`s((4*@NK;z<ZDDNXL4^
z?j&8zseyFmsDOP16jS|u70}QY<k~pF?gVc3`SbD0bo5Ee*GAgJYRzy>`}1*DYpnsF
zr7^mJyKb;3V$aa9+RB$zoX;H%3u2ua@~7=IWw?rliUai-@;-T5i^6jQ+aD~OONg)m
zJ&SfR7$&b$ekD<HWB`oPnT(*aGVx^%7_Xg38yvXBU!{yeA$fU}r;C7Ft$s<cfA3De
z4#kGJ#wR<ppLWg8)T^zEwZnk@EBg*0vp0XLiDykyI9p&FTWitL{z2@(CIpe3eK8=f
z9aLGIk(f+0smt34VB@!WK#txZlYS`PdBZg0u6Nh)?x0ZtgmI1>X|P021dHs62eIi7
z-i4_~@4z!wT~BbANJu)p%)ArgWT$vfj$S%n9RH7_vkq(OZ=g8c(lxqU8tD$DYe+~*
zDj=`{QqoE{NJ*o_KoF1y=@#iwMyDtvr0e&7dH;hw<L<I&;yw4A^En!BvdDl}j8x#6
zUKf4ApRDvgCk(y2?@@DvzclWD8c^f;xjH6RlF8WU$hBQ=)X)m3Zfg}WzX(y3zR)fL
zY_4AyE|GsX%nQcL;29nip9?7e-bv*P1aLO0flMT@I6A9i8`%n~!=myf*1S~<9X}Mk
zr-_eeVlhAiVM}i5DJ*a+X1&W$yvrREqoP#E3%(i?w~QY9vLD*zh;)dQFaUQS^p8OS
z8K>98M;IcNtyUYjszTc_&@hSF-Y!;bcdkX7w~Fi3>~E?A0OI8si81VInF4R1BC?Bu
zT))hTSOQcD)ntnq7m_r~-&z`}d#mB2C+)=`7>aqd%2~%5o;5anqKAs;=_f<HFmI`p
zyTcTxQ)8uk`vP=Y(kJx-ZpDM2U~M2RPv?v6lt>R=seGx3k;<&^HKa=UHLg+NBzIy^
zLImnw$q(fGt*CN`>?^)B)76pT_1P~avfqxU<FCg4P-Vl%Fwajs$BTT-a3mz13}63_
z7=ACt5f2wI!%&N)-mTz*kcu4)eTfP*V<k)EZj$Dr!^ipkmvxY7LVw1#_vuve{$tj|
zL2ewlr`e&SPleU%pu3%>(N0(PM7`TjKRBLR$K|al<R|$?ZNoPX{xE%4<ljI4@^_`{
zd7|34ZH}h*H2fRm3&7%GKBmaL<qvF=4P4mhKzR-#cNzm5eML@CtFXIgfmvi3+=(1i
zd0PYfcd(P@%jV<E__I#!KSGBg+5kGNcx4sx3$TIPWNqSZy1`cu0R(&j)58NKo5kuc
zb#t*^?_W>I+Y&sO@UN)=VL0y5_#ZaQ1;1`gw-t}hyDvqLk3tT;I?HMZLwu(%6k9{)
zJI_OIB|vKK>{{_CX?O!%5RAZ?FGJ8TBhS8pHL_n>@#9Xr0gUZ&yWct^#y3C_am8kO
z@6Pnn=6AtRFrT%xJ2jYeH)Xb#ytq}2`+KK<<0T+A?kYzt+uYsN&CqQnM9(bLd+aRP
ze;yKzTzuW%)ja#S#s>WQBCpGEEv)=~JF*XAq2MFkzW8m0HIvdllZK&DHP!IPAVcGj
z(+5&xvjNebTZ}4uZug}(lng^0FkwV(1{)Y5vloD2r<h4uMV8OC>_mqcz6Xl1_OMQT
zAkc0uMh7^&7(87zCiL$|1#oJ**e$w$!F!%r^SOc!vzWXUUA$vNe{~6LRPI%gMhWEA
z#h#%LK#f&<0|_bjFrE5-m@Iz*Zr)`M4BE!MzdQF~=&oowm4uOP7$w6lz>AUF5A$0L
zJhMXs4y_daa}%JYzdRs!NC%;3(4d-q+7N$4MRWzi*4t>$9jQg~IeS4xI)k;3M#2z~
z#c&@c7ew@c*)y~Hc(;$|KEdOz)T0KYi_9P9pGRX?B*e~1TP!S2wD8qe7r0S3KVZ+P
zaxHUpAOu)&SzGElz<iRTrpwj<@#ID~en&F^?#5&<qXa?b!De|><)aP1{f4qw&?$aZ
z3wwEQ%DUqns)0svFEy!iH`oCibQ5EQya$<OPa@I88PHW0>obMwdeiGsfv*W9ncU-l
z?Fy$*MT5GqJsJvRpZBvtp1RdO6r#?v3-t3!MR|NfB>J5rc~et-M}C>Q5hy9!{gS!Y
zuA;9GcT@QNY`aG|Js9g)3U?pndQxh9^yz)sd(n8m&b8lEi(H89plqmM$}4cOx^`g3
ze%Hjblr%`rLG#5V?uSC=*PBQF$$Af?j=ihjv?tZ<hY;?ARzLElpmqE~lJou`uv1&l
zAsbB%P0<zOazlLr$JN1tmhHJ^#G;EqA3u1Yl6Gu%6mJDO|AZXrc-?qhFwFz|wIKH@
zq?vJ1G2xfY?ZCm(D`6rZOX<t1v(w<6Bj$;39uITxOobYHZpHjp*7gU$Yi!=JgX}VB
z4s@P9zAflTT)6~2*QJ{$Lt70Ooh}N4b&Kq}RV3wOUL4hL$~;20PC|5U^w+*AZg5@r
z>B*IK^8fj9uzwW{g6-SO^9`d!O&u)6NKa<NfY<ACvm1lEr<dOzLxgw_4yp=<!jkFf
zgTlsNo2O)K@y97y<Y&$v->f9>4-ETWvqvv|-&twP9u3-&OM2~i$`#`-$7G|Z$lY;r
ztB^ocN1OW=!&>~~ZmsLM#g+1Y5sUO@iR7%Mv_}am1QKMJ>q1hVmh8kasY*4}X9v(`
zP;<QMi9>OGi)7!g-6HaoIxn^v&}_|g4YO%lEg_N&FG77~m2nvS$s;8aeb^cf)m#}u
zhY0Wm-FFR~lRGO{BbmL=F|^TD5OxoKtnQSQgImJA%7J6C)U>FrUx9I3Dv$quco&7l
z!ITQu0<%~388CJ=Vd+K=atLcE(oYU>V@@{}czi^Vo+rfGbZn>ktxtkKrCXOR4>fr&
zgg~vE3%o-eH-?H&fmJCI>k>Dsuo|KnByMa<>Yia|!z5$^MnW-qZ6d=QVY0`bHlxGT
zst3%a+x{{_2B;Qi4wIg^*_3Z?7Kz%a^lH{cNDjkyp_c#xqXY&?a@aN$y-zW|8s#aY
z@X^7&j4F;}utDQ1IWI)QX-X@L`aU8NbDlLZ^s@d~M}+vm6XJ>ujLbgbDR~)ms5$9%
zT1@2RFZxtL;h+H(ZIQX;YT&?n1u4~w@4bz`z3EK$bV@BT3xO>%4-``n0~1pljm-{f
zT~**!;Nh;LS6tp<uCM{i`|!jhp#FB!!!Tc4YW`_R8<&MKaaG=Jx03Z?wIK5nE-|_U
z5k$2T7nzfs;Nx%|p`(gzTB#T!_bJzk2Ehzl6tK#83UjzF6_`rU!_RCT%R(FKpuN5<
z(Ah(rIvnh%&{}DfQQmFPoGMeORnC$$dtta0{}2d)Wk2+Gt>pH-oxw4g%{9M1!tkqj
zwwLWeAvhugRoHp72BOV+XKK1+75xgAAtpZHoso+PPEL3d74*3W>I%+>C;|&C^!g<R
zKk;$Cjt5oWa^E3A7fSO!1wfFAm6%Lx%f5^5FmT@{^SthgK}0>(+a>3To4MOzVZA@`
z%oD)jS{nI`H*c`L)|IYTl^Vc<Tz}A`*FNb1Y!^6{b-9-WICT`4dk%6vN-jQHbFV%&
zVcLkgHXur}@V!N@!B*BL$Y;b74T)9@nZVIa0*a85MzhHWT=^~%GmwHZ&MM&co70j~
z)8(2n#M_xPRP+bdIjJHTK1v;$((TQAkuusfMZvJ&rdP1QZ6C~>dmuJitr76`I!x(G
zCVaLHrQF9bv3?u%WcuO>j0{Q9>j>{KYd)G#uRgnNgb$$22HLED`q~aTz#wEaw?W$F
z9uJgttDh_Ueo<N>)gU}7kjOI1u@S!zA@|Bq_-WSO4|C=%l`;rj*G_V%9jhhxzG|{_
zU57<|P&P-il#kD6dj!UEZd%3Px5+lA_(bpVNszAAS{tVEsu}v&?;LG3Jf)c`?2b07
z9P>?HKBY<IGT&4v>GvQa4ldB@F&huMy5KK`IOvy$j;z~rbF&r>fqJuZ_JeKgr^Va2
z{4s>Q@#o}y^-mu0YhX$~^sePlQ7#@i)rpbXl^`_CfRE){9_m=4KLEABD0U}rjleqG
zCg?e+mSR`AiXWWxL!A*!8+c6<98JUKhN-#_eT)jc_+rhq>a@sTdiRv7rJ2>$%0r}G
zJ+BZ?DAJMzva&)K@_8B<HV;$~X6ei<MWj2KFJEB47&kZ<yD>O<%o+h#d&~~`{N7St
zP0A258g*h~M{dg+#`RT|{GXPI(SYU)Y6QVfn=Vu#zJ=_)d)VP#BsV>q9meBnqvCaG
zw76#oL99Ir3et$;Fr*TLg3DeJN0X0BBvzWusiBCFVqqM$@;fT}lig_jzu|KEGnTZe
zrv$iOQr=|!Zh%j@YbW;tgZD?1fvQFwx=1&bY_zi~QJoKw%6x|keulYhEKeQQ_r=vn
zR<_~-aWitO^1>vJY)PK-!$NYTxYFy8vvMfbSx+oA1{CV0&63yup&yHTV1(xh=db}$
zM!6D4CnW^Ma{St$D;w^|Qy8Jel4$4&k>@E)R;JNKPe~<vyj%G83JQhIl@nXYQ3`uG
zKsl_iyfLiWlaqtqP?F~3as1&SF_Pi274^H7;giKT_yY5yQ6(Gu1I6XuEKEXsYa*>Q
z#A8Qc7YY~LGg6bLD_+$PRg;Y=6Bj<%7^Wfq?c%9QcA+m$e2q;cn=5ewnz#bzs^}?>
zM6$&$k+|F-oEy@hikSgMymDI%Jr7ig52%Q6d^tfP*}o_%q#~BqS3Aa_w>_+jHD=`&
zDtr+9<T*0n5P+UReA1V`*cM)aPF(o?#Gqd`V-JKx1FTdrQw;WeQ$~Pe7PykbZQL$m
z7*H|Fy&9?HVDV!2htL~gRm6F2G+3-6wIY%o0qVjk9F$AdviV%BS&-Rk1CdTcwqhV4
znlc8Sv-#YZ_;?7^UY!n$9c)^1Dbz$6e~SIo2q+(0)zp>2^o+P~(Qfr{o6u)t^5mJe
zr(si+iw@C(u&*zl3QcUnn9gqeLg9yd>v0$ajJ+K6K0oO3FLL7fo<ape!`X6^z_Q##
zaYDPC(~9kFJY%LPr$Lz(V5L>P+Y~9moYn9`@$+-M4@aiPbc5bM$&X&R(*SOjrLU+|
zPitnJ87e0=1|Y6E0i&%PDS=H6DAiIO7yJ~6+d&Z*A5gCKWxe&|2g+2;>xvH~c}vRy
zA*v1q8mhlV0)a1D)Z8Ci5i5!INva%Jt2sHKmfC`J7_&u;#fniLnHmk$F0n%n)c{f}
zN}du3V?vQnCeAddjCHrDr{DJTc?7^<)^(GAE0@GM&%bUcs28ItF=}y}Tt}7?00`A}
zRLj_I4A>uk{n{kIGSSU0BgjzZkE$qRicGcam%c*{59&y}nr?u@hNQ_D-vhbU&?zV#
zQ#sdt6~u<2dy`1`?zjmGEN#n1gY7UsUq7|Ijy}*y*HA~oO?6~*9y)_Hsiu#?d4zqC
zxFrfY2!%1VT9*^#oi`Yv5?Ch_fsH;i_yTDspjG<<iG(|afujo&$zK$fu*a-z=44gF
zs{R3-NXI)x1eXvD)P|!1>rKLGea&WyLWLDr2{F?mde6a_T55l(rVQJ2<l#$iD2Lb|
zY&F9a?4!x$*tlioH6=futm=naT7{zQYyupLl;~-xlg7g-p0H#)regv&qKGW?jab^D
zq0sFc85v%z*J}?Rz};epxK_6^UD3vUv_j)+Nu(t!l{8zau^fN?OnGC8OJ;5KRwvPK
zT{araFa}2fuTE__LDm)oS_2U6&$Hxje=^@BE5VUPmY7-6jfOGUD7XyVP;64(YVg&#
zml%d)0_k`qNBl}_i*cq!kvs*{5k@19a{I><@4v6E;~Pa$5C$_0_<(8*);n(e5c{9&
zmv1hDSAJS|bPm5lt^GU@akF&rT6|4xwV<6yn50Mzq+<7Ju;k|Jt-E;-*x!zV)-xfL
z$l&s|GbCJAWBY+>q;fRNuCgWk==}7y_GD-Hr!$FmaORxNrD9RYJo7DY2&&-fdU5|w
z40)Xkz&HJmp7b&g-o4qBKbxD?lU2ATJ7+OQ5k+yH1}kn!9~SHtG%Z~K@fV_YBb40~
zf6Z_(pHxF1;=z2S*zzA5I3R21Z^dgbUy}Yi{$pGq`L?c8{zEIixfuL)oz`-<l-Cpd
z<6KVE#-{uDO>oE|vh!1j$j$so&G?Ne)6K>C+Fi9m{l%^GQE=I@;)eMvlyg%)F5`q*
zd{|#%r0KJP!JRiD{9oT6bsVfUdA>Qqem96M@jL(Vk8{ODS_Oa2f7*$u?a%UuSDIla
z0!e~9O@Bq8UR&LxUbdK2bnL|Duf}+>q4f;^x)`FFjYPW_?J+QjozVu#v|C?{F9x!W
zY<q^Q^OQDJF%T>L?w2SP?R(wPrQ>Qg>M^zXB;($h#2mSg(z<O$<Fo>imQVXZnh!9i
zKe(e~@J`a_=Kkw$A-Kn1zY29Kmb-ucs}bNhz9Qbm;MtS-8PT-oA_KTqZsPOn34d_i
z^i1mBw^;uB<*p3aS4cH5ls)P$eXspiO0i~j+~Hs@<E+7|@cxA+q^@enx<T=l82thr
z8w8E9BE=C2t`J*H%UQbjX%WBVfSeTTDeP`d7}?1u?e3y9lKFG?LF$Q%nUHs|`}`YE
zG>N^Zx!~T5rvUaqx;q$F-iYRsDWPtPq>#gNMPxK3O4UcN`D#3Lvlnzx%}3OKUW;IQ
zgsX1eP}}tM^d)}$pF*_d3J}+&#h@DjIo(xmEh-prGrR22Zm|YDxOF@qUA+K9QhsZ3
z?9{FHjqoax*n83x9dl|$bp%=u*E^9s??H4cvOHG?!W$}WfS`T>=BkCWZoybJy>0iW
z6J1@8FKsjFx-V?$zna`HKcS=$3GojM=?7o+O)WtgMSi7oc=x`H%b6){VE?w##LXWL
zF7M)|8}>zq&d>*_AJ;Di%Q<r3ht0AxwEus}2|wfcwV4gH+Op;9TmJlpd}i(0vx4OF
z>kq+;M~m#8UQ2<wN56h8(rx8C*pV;z`FZ{G=O$+G5Hy|Ae6)C7a#?dZ{vVol&7uC$
z8?iIy(|O<z9whzaJi7biy#qq)^i9c8aGdP};t5=;t(~2f!>hY_R0!l2b9-w9e);Ab
z^6DtR9o#61VqUT73mNbHdvJ|=H@Pwxc(ZbB9#~_asQUL#@kNNo-^PT;?gJ~I`kA>c
zTlAKJ)KDx97CT~QJ_6P9h$QWT_4A#O5TP<u*2S}h{cHE7aUY0jUCZ{`2QuqVuJMCq
z!#f*}<J&u(2fkuKdAY%}gln0v9TcxClGHoRZG;Loxk7yB?&irdFx%?M7PK=sXg;QK
zI={bVmL1;Q`f<Sj8NG##=T@!OykTUac@;-KtDqwP(q%WJku4{2G7jfuG21uHKLX1c
z6@tmGG`UJ}mOl*M#zqa%u-_aT*v%bj+Ej-_uiG{m2PD^_4J@L4cnT#f*3w{1!s~Ta
zGjA#H=<HH7@yn8ms<jLU=-|GZCVDohPS`VqUHnJk)cXPEu(r70a>hEw>Ai=#!jKe<
zBy}GVoXt5MAKuD1Bp%#948g?$APbrX18`)_Hex+**iLbRH70RwAKsNDE-al?mL_2c
zQ`mXQ5d<wu&1nwm;eBX>1*V@8&^gfc_bO%;e$!r(O5Z>&iPvbGqN(1RMZsz(@E-&d
z2t+Lpw^@a{ESYqne94((CTC{9tF}?PJ_ukNVw_t2^`pcr%CiYU_>)Ls&2Q?eym@#z
zaT-UuPGXk$@7DVVz2NaPU8Om$p*pT-n*$o&zP>H02*+0Vl`|`tsHZ@sur7=ev`WMm
zz~1A1lET)}Y3dNxr+G)M5&Roh6#<&Cb>!TSL3&vAn<hL+r~k9JbrrKG`o1%+1t>4w
z4g^;-Q<_8WHaF10r=l)yHVx&)Jqr@6J{Gy=cRTDJy1yu`%YA=vPt&zV3J0yccw;+x
z!G6z2rhUlZ1N6>0?OEgVcX+d^mE23DK^%=?Gzdr3KbGFFN|OM;j1-GN2U5#>J@J);
zbrs{epbWclY>0mg<8*ZL?!4OFs-s~gDW!FlBMR*`2*HN5QfAJYfavTO^{XX~*80p=
zuKM@0=H0osKa@w&67+});1(}Rtc<U7@jMBU;CDjBb%EdKc72N1kp{CZ&NZfvw)<Sb
zyhP0%CVH+b05$JVLp>R7qrKpnhu-aGu?|wYBA7izg@OJ9vUrTz6WC`+sCk#d4yH85
z?#$}=@<7#YGczm!(#+$dkJ1x~eh2$jaXXB?HBD1=+a*CBGnw0z+a?+(RdLRWOeEN_
zB0a!-z(8R4Lm+Q5A>E^x#1lP`KW<h7#UV|=x&GtXLQHys4>*9xHGka9b)VL>5$`!I
zfJBxU$AalC;<0`SFNkcR(x+*Q<m*d}fgJWyUL+dEagH93WL)pL%h#-kK(6^5fmkt=
zoH2c_ier9kDrWE)jahSZXF!mcgNvGM3&DJtj*Gr(`?eECogk>KmH#t}G~ZM$-~>)D
zY@F*&&0`(!ZzH}qL^|*Jse*UgsqpNx?qW3)!;ox>nb;0szlB0Sb}VaVy19Pinao@R
z_g;jTK;f`9^^xc(pD;?sP*X(U#ZHo2kj9?*pYm)63$>ZD)<8_w^xUFCm;B0~IF4)b
za}ZR$9af5uOa`DChp%Todp|M*G0GbbnoszG^5R?gjf!IPl1eH?8vp!p<SdYAokLYV
z!tg`<Gl@jLNQH6prqsmyirq$0*-#E;nM$Jo*6+!E|1{Q;J-evaQ#a&_rD?~goWwGm
za8p5KT4qKiqm)>~=&OrkiXyuYUAu96%RgpL9nq`o<_huw{8J2n(P{42YE9ukYFdy_
zo<p_!bL*U`2#tzyrkrB!u8YQ}k^2dx?Vg-n7wMW5e2V=pCf`C)zl#M+vd|&pGo0g<
z{SQ==Ls>pLsg1P1c|Rsbns$}WCYLI+S53~|9{Gw9kD)BQ)=im|58+-kB88=+{2{o=
zQs8liODMjxKq=?RW81!O@zp$VjP$C)y#CU}iZCwO*7EqYhvpX_MevDchAN+mYSSDV
z2{5DvQ(E-Z%H~E%)MeSOep4~z`MXa*bS^$iBaZtWVMlH;N~_x3@C<6HnhvYy%aZ!k
zAfZa0O86cvk00T(s_9F0!5SuQ2KIvq{zEeem(8HuK%jAMHc3!1CB7k5&Il(H_6pWA
z(ObufDO```(cJ&1reX&I8Su#Y&2V3wkXRnL%k*}kFR5yXIuWr-CpJ~8lAMncN2*P6
z(THGi$tV_@E|0(`D2lG!&iv}c0H0_(x|T^Q#(=SRR-JLe;R68=@h<Dgn`E8%%VLlc
zresq{@tReFZ^cm>?P$w{V@hlr>izlkt1gu24Z2E^2m=I-`V{<2EZ@X_k01KL#n7<p
z0~=PHax32E6oQr<pn54$?A)y!DwYj1WW9y5%Z5shpB<^teNo3+@0r<Xc}kLZo)yXt
z$6=9Xy`#cs5q6&e_f05`oAa@uebPM5vdKdvV(3b6B5x%K>DuZn4QZY$Y3L^TOkF5G
zJ|fXv$&-b4HJpM$*PK$CoFJMZjx`4PiUDe{sm*9;3+D)jQZ(D7v-n2Az86LLCQ)HS
zSfbdr%0U`?DwMFiEU<^xm#LM_F1Kiew!o7aEENN|r4Nzp*!Oa~b3!&d1@#l9>ud{3
zOWA$`F2??56D3HVUs0^s6o|i`r+Evbc(NFB=g5eUd2yj4!E50aap&rn#9E+=DoRP|
z;6^D7Asd7A)4!dWBrZhm6J&LIPmRz%7{$^t%y#F=>hyWblf~GDOBxe}^sC^p%N?DP
z07X|<s0eJCh9@)jJT)fnT+S^fbjeRrmC_v}eqjPh+Xlqv_Y>vdT_>6-wSM}V-*_3!
ze)R^2sx&A^6?>(a1Yda`!RVlECj`)N%AdjU3@7@pLo-`n#+_&V1Cq=YMP~w3YJGlr
z)&vO1tk2076*q!*E7aZ6_+C2_258gsWk@9MC&k7u^Dp<XT8R|3y%&s02>OK!@~9mL
z0HSoe{B8>hMC8yMIG|xO<6i_gtUh9m0+BG7!f*i`K}oKcfcOaFL))LVX+U7v?iMU{
z*~WmP>x*soN_h*&1sG>S%KY;Nbynu%dT_`tls>1ANKv!ev}vo0J+NL0M!26wdUef$
zH!yw>gqlGh{q22zxLwirioa@oBa30A0%+{7+4sn3FWhysSqTx?kFG&FVAUqBvD^?$
zO9JN<b7X{bz2p(q?`~-Sfzt$*GaZV(7*LohfP?CbX7=wb@PCp0#>SKmo2umZrYzQ&
zKy{wp@xNzmcITb)CL*x!ik`cmZJH&I(nEZTgq(FXSdkwY=042<>FV8puW+?42Q&dL
zL{`Uly5f3rK<QS>a;bY61;Yp~$l>B0N)+PB>R2TcaLLKS5a1d&k$`D9v}FW@s2fu>
zx6s%z5?LQ1m4K(58_ggEQ-T>w6Y}!L;)@0xLuH2;?nkD5rDyPnBKc#{d&6m~vEsV6
zW8#(`hj~wvf4Ydop+ZlgB!7X~`rZ>3{oLb38U0Q6xMxwUrwOT&6yPXXu&S$|4>pls
zWV$3Ok(bk;WxA;m7RE1RTxCadUSSB9V<uuTbS(l3f@*P{nF2@cYp$Z@F%#&JV>E<x
zHo}!jG%VYF!X-#5%y?ukZI(7Zi)j@r^e@_uBZ)UkDk70ZTQ*Er!od>D36JwAJ{X_;
zOP2y?98JPY2Up{H$a8a&=&XrJ&d)9zAmJm)?93jyDikxghjLQLVM17o-VK)Z9!vY(
zcAf+bZr+_uES@j;+P}?h++cALrA?G@92{O-S-dVVT@Tg@`7nJ)eD}|FAz0g)*`p&;
z;oq;cb7K0BjNcz$*FH3KAw#T<CR~BboVY(13YPWPO*Mb6Ou_Z`pOw2bn{&lm)2612
z&jr5!p{;OVM9!D|ho*U_0v``__MoK=4Ds9Xef4<>Nz=9wY&^P=t=OTc{TrxB=YJuS
z%$UcPfzCgVZT@-YXPzIO-I?8icB^^FNj8{$3fUi9s_DB92`pIc9BTp^xF;l;=(VJz
z*f)h0B*~3zy#`Aj4H76{$=>a=mJsdTJMGKP-Oiz4{-nS`6nK2LcP<2Sz+8V*a51nw
zXa2mS5r(AL!=+%LDLt%Tx-4KGp6@+h30vxck?LDL1sG;c8_AHPLEPx6KN54MalQ*P
z$$c(W&1rF?E&H+#(V`~t$Lkv{U!OHkOn}X@=B=;Gm3;k){;S-ra1A&6hmD?CZEtBu
zG5l|4*ri{sV}{U!WGt@R*%vZzD|-R_!GdmJGafzwl&BwOkFiDWS<7sVlVH|ZzEQwQ
z_C4?((PnhB0SF2{>PAkee94>eL&v%Ct_I88^2dT#AiKp*2D$D9m?9o{27gvkVwL;j
zCwfdMLn5n4#c=!=aBVa*u)`&~7!&^d|1c@{UrThkS)(4L#9!}m&t_jm?-|VBpN@cu
zC&;UFocv!U@Y)QFo`a9P_hDVBRXYm$+^lgj#eKZG+6=DnS#x(&`R~lM36$%9q!nKR
zE;rgs^uSNSu2us~6`!;g-+xZ1|1~?(PA*oRm*^pC0@jim4NvLbkR^CLXtBL*1!&@|
z{XfsZCei@<^(%dBdzoeW;9@##vJcOGEsEdAZWl9#j8r&19@Hm4H-W{0@3~xu%|P|D
ziPFAU%(Yt9Dc@8>qBhLV8#F<IiOGbQvnwpDJ_(AfJOPxtFYJ?@s}c3!MUtOg6<aKH
zb>95H<oZA`<}(rD*>r4)+4DVTH4y$i3f7|i9XUC)OXlF+>sn4)V#V0l(eiL0{?q3l
zBzoiZL&*}%g&)g!&H_DbH4lb#XT92MPdYN!&c)Dstx%;>%lc&vf8~?DoP8)rxk=n!
zX}obClJ*D$3oo+Ip4mdT^4)OzwMW#CE-o+qe=tZbTh@F{dv!;$U9eMd`>?Y|aUc*(
z7x{h(k-dC_-*vrols~v}xPNChE&qEmY}WtM|189J_Btf&7JoChX$uZIp!JE?re_{a
z%o~5Mnfp4&L;mXj8^4x(6S(rvV+a+v^tsMgzOx?fRiJJ$+-Y%P(aqMfWxd(FbG;4R
z?%BQl53Tnim^p5+W^hdoe!Ww}e|>3Vvz2mm9y~CIDUS>#h2hSo(55O4(k16s&aYoW
z02Te#^89wrFRivdQPv|GlO?czh*`ko1Cw5eqI@Gb9*7BKpVf{E&JoL-eE6Z^Q0Xsc
ztuLeyd^S5sme1{(vhV^PC;L@kvHDR{(nmY<V?pyuKV$Q6pY3G3Pg329(k<*Wq;l&8
z*D-N8CbPwB3qAX8tE}EOJQU1vo-G@Tz(FHl#Xx7E{1vApJ1Xr~bn&UsOJLyLpt3p<
zj&j*WSKA*>O75@nc#%vz>TmM-Z8&DSHkGAvsO<-;io(8=k5hV2m&4t1Uk1p01oYoi
zHpI(VF{z9~aurA+(o5t}mG~wsbztOo+&PIwl(Ak_Znv;i1SpCkow*pr_wrUT9N#Hz
zS7$M7eP>>#Y;YiUTP0BhtAWJZrMfa)HJ}Fi<FA6tea@AZ+%+VQRjP3Gt(Cb2;G9}^
z`MQ?YKxJDjVflP7fu`M$*b`o(DfhLj4>C3d^APAqT7bAD>^?UO_(R_HvbYY`Wym+H
zIYvk_2i2Ag9nIaL<_IsY;qQ~_(+I|!+Ee>eQ)>{})NfYGsmHI}L#+FzsJ;f&)4ZQm
zS*|Zi8>GsX1<~piu}u+-6RNRLCISH<nj)XP3Hvxn4Fl$361Q)i%ZX~sk_2@fxu|bF
zmW~-$%~R18q}{=Ic+Sjfwma^=?`DpVeutf-1aL9C2Y)|=lT}wacBUv)+Z4x1)t)!;
zhfS8pP00SF8!l!vyY9;3194XRtz6Qny}c6!6o;hOR=@b(_&Fq2sWqp=eB76zGFj#w
zK!g{do-pMws<@mG-!YFo#-{ePMXjqb>BY_FHr4grS_4E<**Uqe|2h!=YeV%t;Af?2
zPJ<p9HLzoP&QtJywqy2sj}IpWayCNAK2`{d;zCdV{A3u(^2p%S*c9RT&6+@9HOiNj
zok!P|^nm)*pSN;CHg8^|wa$wIA!OWMpQd$h5Zn1s8MgGQw!_iP@dt_jW&<i|FQRhh
z;Dx_>u5oh?MB}P#DMXW}gLIP*M3qqw@ap5ZgSY5*AIyJr0p}!}?UFUe>=(kT*88wa
zHIDDez_Xt&m2l>u6270pdyF^mhd$IW(WOx`9Dynqm;-7ny&caaAi{5*Hhs*M(!)-z
zM-Z1=XqIjucuiWD%ADqa!F5<fzb(;|;-`KyOyZ;>r}+VLv1NPsd8}maxr1dz6ykOw
zNF^pgO*)xrb{+9mvexNaCA9=X>`|17h{js0{l`ezyk6~*=H@a#`!otF^FMJk2SgFn
zSvt?e>7(c}dAX_*9Gh*EIIJy0)UH2vZ<g`EWN)bU5Mo%$#+g)o^ewZ6)_YIDU}@Kl
zNuR<YDaY)IQ8%$asp$L(MRgs+)^TxtyzscU14HuJtQeWXw$-vxsp}IjFVd_r5N9UC
z$a!B~L4gvfB&GhM+#(_)Fd43SN^21lm-xEb=(<5Z8*Z5(SSgj)7lqpmJocoiEz6hq
zLcGy$(^M<eoCU`CEx3Tk_J_2Jq9b}QoS{(KwKav$cT?X@s}giK>5A=A_4N4FHDE)z
zf7E$NoyK3QojK4Xe`P$7tjoZKN##)rD5;8mBDRHJ@TK5K6_%89d0=nH_UWAorUcDw
zEn3KYTBi|E)Qhhpfn0JxA?T+H$>neV&=tSf8dWJDhow2{oS?JFxO`&3<H72cw=&E;
zDYAX}>rD!2)`VqYw)!Sp-_TKM^vfl7rHW_?3`cG9Pl7#&6v3{mud2!^zQsAwt8J%y
zv2W+!r90xYc&=tN@Q5}FniCT0mb#a+8Gh1e5EbA=8(K9aP33#8p3WK9{&rS1xezKu
zMOuu@CF)nM79u_uZuNIJB8R+i^tXdaxWue7hc2ngvy_K;tRuX5Tu{tz8ZA&pQ&E>m
zH$>L=L!r|C2ogDWO7b;I?DbE&hNF1~k6jBBd#AOiupk(CT;7Iyt0S~#p2`e=`qdwo
zWViA-$V9)rFi-B|NbNgOkA~-Ta-#1<jiLW_wT{Jmuv}N7B-x@?_BvDjvADm1Y!@+v
zhO9rCp^2};1V46gSe;n8xI9|(x6%++iacpohGHeplf3Tl#j97v?Bh9n(!gs3T{c}x
z;aMy=hhI5kmlX~1no=a=Bo&P+X;x|v0uTNL!J{MJpv<gFW56J*$Ze<}j(4uaIl5d<
zBI&|YetfP=d>~JXzaefAvve2ToH!xP!cgIj`&=Gs+-BSls7H#kXq#$(h|{CJGX24;
z4aCx7JRhf|Xf?kmUKJIui{uVM7mef@a(t=Q2j^9Z^$qaLQnrNh5UcqZ5~Bp;qF}o*
zF)JX(F67m}7kX75E$Z6yGW7c&D=F|0jI{^a-77ysx#bxXv#dmcXA5T;=g=`O@L($*
z^3B1BWE@x`%XMw;Ebn<a1BsS2*n2P-3ari(;Boo4sQ1x_X4j;0@gS)UWolsM_baTi
z#m|?qU5aM)cG<{jgL;JUvYJttr%$7^6vGM6Il~M^U`WYy0qfPjf8%Y%gt#blEWKDt
zGh-75iDMETOe;MnKT>W6dn`q>we14jQ0H<n3IE%P-p=@PdsQ(67w<Uh5dX)hWqa;!
zAo%8tvgTy7$*6(<Sw_p5XLMxKJn0BDTj;W}aiyvkw{Jed@7bbOwN6wu$nd6g{Xftu
zDqWsc;`{K8$xLlgGad|7DH9m76TqnMzS#(H8{d8{EqnUy4^5@^J!I(bmoMI61qg}b
zVr)zY8JE`8F>F=aI_1l===CfpEeGfQLk#H97w+g2lVI(faTF753`5=N&F@)BLFy(m
z{nwrQ?QHjGU_QH;ii8I}D3h7Jc_fQsI8d)2XvNd#V8NR=;IS2?f*x={2W7c3V-h##
ze8A3*$Ad2Y(yJ1AFq_2LYo2!B*|a6L1kWW}P&}doyFe32`6?1}00f3)KJX{_BM)^l
zAHxQbTEpg5aiEvy{XSO!VH&uSGHa#dilU}Vp9`q*k_uS@LEMnaq`x^?zHxKqKGqwC
z(}=qI*}%~`MH5rNTUP&ds_WDb5d*;C_>wTSE?F<2;E_JTTEG1wB*~>PjLr8ZhoGSB
z$$zPg3!Ujog){T9Jzs{W;g^}fwR4uz%m>=yA_Bs_)%qZ4mRhvc$}kh}E{C5_A5iF+
zN`;SDWMN=R=hJ}M;Q5?ZyLQ>&JzRh6-zmkVBx&`vYW<um=vu_lskF(O18?)a)w_>5
zKN67j6Db#Xh0BY3Pj$&DOUSprh>mEE91Be=>z1f`hAYz3K5dM~fR1K4LtoF&YtZRo
zuMkmy?c;DN%K3r$V<YF=FB7b!Y0V3EHf;7>pMJg@aal{j<Su&MMp4AQS>;S2xO^i*
zvMdVM4V|F!v7>=RB<~|d2ee^yJo?}=ZJDtq#y<LudG+Jem)FUOf7?Rg?w7P;!&5}b
ziyyM0_K6;QlS*4n2~E+)KViqT%))@ALR%F$z8NP?VP@v@mepgrF>Au7Q)u``Rvdff
zzr#`e1E(5h17@Lo>m_04TiimvAv6V<N%IN+p_R-=ZNY~&ZWrj=%#y7>cv7g&y=eA2
zdVSk@6eN^z$<(<H_>U3RJ3oUZ|Ivs1L=goI4E|eKzN(#QX_lP&^A40Z51ju6)sT!e
zdeF}WkGtFs-r9qaQ2x8E|IiSPjfzwkNyE&b{Svny@b3oqlG@yTU6^Wc@j83?*K-YN
zJ8>KB^*jC1jZ}}9S2n)eA@aAZhl-q%naoX_<41>QcXB~BXQt=C^Z|Q8pGfXAwyp<m
z!MIEAs1R`W`GHx3N6a6jo;S5+<S#Bo{z9(eLp*I<yZ^~qduYP%-ruDC>zpi5JTgXU
zp1(1^L4w(0=>x^p+cI!=1HO-P-CyO3ku!)0`Rs1>jQj4qQ3yJ}UktW9yiA~m{ayQE
zI=XVkO|cmL*~BLa(1}+qZYZdak{<0evRnnfH*05rFR(>SQF*mn>J1NQiTHhaJ+xUV
z)xDS!8v(J^XFHCNeucpi0IdXKZ&R5?Dc#CT7Cx9GQRUpYvwC0lT+C-90D><NHqb$K
zuR+~nD#}+&fW^5K>ICL?#eT7j@j*ZT(DS$bDa>$ruR0fr#R=|rgm~={pMjN$V|Aap
z4dn_4T%-JFKDL_VS%6C1XucTz3Uo%j0KbTj-D1G(vES$E`=Y0yCS?rpUB_R94MN>P
zAa@}$#rr;x+lCJ2eZ0m!SfpnT%{>zA<(o)6W-8>DJ`L`_?nWg@*LVkeSRM7pIj%~W
z3^WRRGLN~4eU7(kz>Z!uahzr_kJN~SK)h*1_L&VdB&uK}l`X~PzY`&{!r(j4p-c}$
z4WDTSrU&^ZTFbN<&p95)iaqNkMLCw`RGI1s4`JY%7|mP4zJ%2f^YnW#5H^QaO0;`E
zm(*}A?5lS)ggVwH^htI@-0Yr&Szu{IveZw9m-yM&JTm0BC#8ExR4KJAb=A39!EUzx
zJYugXG3!+p=H9VUHRyCc3EOMUnOQ$*`g+k!_ShIU1p}<#iaUuGzJTh%8v6xbQaI&y
zW!~|VtKiYYOLqstN7622g9Vb)y$gZ*{nubEhx=0Q?6zs+_2bv)t>@+&4Gp0*qjHO+
zAGq5X{Jf6;<;uPB;0H<Bkn|8hpZWqmr_Vy(h9oeq3;_A30GPgkmv7|Rmk-W?m&s7`
zYpkUiiAFd!x~YE*k_o++o&JZ4g>TyH3r4rj&OEH8M+;D$dWwUt7rp>0oOkCB5JG_k
z2a02goGqv`92+m^pLRGaUw^VFV7e}@{eDmZZ#G|)4FE^EqlsFFjg#Q7=g-Ug!*6du
z;37jodDIoBH$)`yU`mA8OAuWlCD>(IufD)MH6Xa6U{ex4*yP;giZ|K}wsKxSyn&@}
z9<PXRcwBa_Zk)?%a$H4Y%EfObUukc0hdMs=Z#izi^|%X_|5O)`7dDs1={Pd?Wpp1U
z)~Gs*d@&FzBj!|18xg(u9sPs!sHFSzsfVuQ_}EFXeIkcRXfG*zoQ1wI;pu1$Gxqx{
ziNu{?ED*WJ<#sjTEfthbiPHg$*~dmE(`c(O=aYJU2`mWFmwhiJ2d3w)+2q&)h1o~0
zQsArLrGQQM*3cPh7DKG-P}Qa3Rggy2#^BK%9RmQ(HQdIz)sbpkmLLCYjdf&)6>`KA
zV@kP$Bfmrnc{hA73Pa-3e4gk<=}WB_#hfdr>2rXISBr<+@1nhif37p8z;Jen{bgL%
zgGQrJfCZ||VU$o(VpibwbyTg~)>nt-F6Og6w;v71DPD&Gifqpxy#>)6)Wy$L2acvG
zs0}Ks=&e{URgH3*qXOATV23U1aZ*LgZV}9;1YqgG`w1!N`$fHecf&jUw6$!7n;Xtq
z8q28P@jm{AV5F#IjPGdLn>3KjwKoU?$zEcx&)|Xycth(jJF7oVfbx^ET5^~U@Hg8h
zGeO+e(a4yL>nQlmZk$wo{$Y~@4ehAB=sGYVj7bk1Ul;}yt@!(jo50fAMcYVzQp3EY
zU+8nvbsaeTRpZkW$eUtFEin@IJ#zZ4P#WD~eDJFCW6C-(P&=}S)jqrj>J|0sKQwkT
zQwv}zQ(;?~_sJ&G^YQrDKm4v;tI=At!p&QnI}OD9QAh#DTrKf$B6w!;OR2J@u77O;
zO@O{DQt~6F5>R?e<f-O9I$XyW>;*w(0CeeA#YBd6c!f_UXC`JPVP>wiXxZcAKV27?
zY8#b$ZzuIV%n17-)VcymSC_C(A)v!<#3e0;>!@SdB*Gf|c6~JAxkhi^l9i=$D+k5l
zy^be<{C`@N%SeJ<{>Ef(Q#HFnG^gU6*c4n0bWE0XG8*dC$u#SlL$2RGFoY4WmGjs!
z4n^=)g$)~%ZVpr@*fG=v6j8K{QV?vs3YtLr=;#nXU!b&f*vhD)iX&;Az}KW3XhVL<
z=Xnyv`X3r#1<6LU{B$A^CBB_3{>-z)SYg+dU73K9Hbq+|#zNU|>4hdN_{mZ=?TC&8
zG@Xj=R^P#z!4;{|0Xeub{?xDv{u)h;As3-1=0tE{=MSZ5@%9aT+lcw}Q^3V!R6r9(
z`|ByE{Ioz=)b3YD<FwMEL<e=P{!?$u9~=rMz6n(C^Bd4Ja40e>Svey8T1S<UT`AEd
zu`^CZS>pdp4TeIkyNfi*a$}@1G+ip=Dwa|NJ%aglA_QzyKI!Px*{!=klO4!K+)76^
zKZ?NmtD{w2+za!5;CE!a^;9#C=dY|-iLxRvDphUPw5^vXH0LaY`*etNV2YCYh`zXp
zV`u-7z({R31DkwFx{1y2sD|>t(=ySb;YCF>O=CnimdNXr)<v+f(>~3Ai`Lh+SNuzn
zyrO&pVL=XAN|&F=HLs@9RT+%FWYfx~xTV6dY*8rMBr`~U$ycb!@%@s8dXUYLoPz*|
z>p8(N9OXU|%D#7jVBu`0Qj4X)8LlYu6sJ_iN0WEoWu2IhMVGTiMQ3B!7GQO!cI_JK
zry3H<2b2~|WhH36fN;)`l9Iq(3O^d{rMoGam;Y$2b)=hx9q(2blRwGVD`t(kLzqm_
zVrrF^>$H4MR^36wk*4Z}p`VHszeo!BiPnu`!mDNbhls6K?VO4p?VVst?0SdZKcQmB
zkHAld_FohxtI{uN+5S5;5EZoSA;T9Lqh@7!(lkctsfG8%7bEyZVNF?1xO~4(D<1|{
zT5*i+IThjs@m%P}x%sT-K8qh*)u2Ehh)Wf85}XX<CvT&0ht<Or>+s;{%{*T?6tPHS
z?0Fcc&V`GjiOvb`!V^ddU%b<KxtK8V(aV5=Oi?SRLWxg8N#Mt6)+81e+gF?sm$#`9
zbrs}^8VMFDcyk18ObrB8hm{p4B_0#6`jxYS|D7t-nTo4I35T}}GYGKIRtCXx<UqTD
zzP@{fQtC@=WkRt18Rc1Ks?J#1uOyL#MTXo}aY+{n;EM4ttmH*NUWXSZiD?yuaugDU
zF=Nw^PZ=vwleqp<W{j{>7v%_ljHOB1e8E%x1m`QsER|&&PxLnJKLX$*cNp}xhHNQ3
zVV!8kEA)M+%|cih+Ae3J3{#*|DU>F7Oi9(XR~oI`hmGy2=08it%M<1)#TvazLk<>c
zGX+R7;f6{eF0H&(RTSlw$de_-M=MX;Lt72BVwdJ;akbv|G)6`u99@;1<{Ci)07Z@A
z1)i7n;s_Y*>6Z{Gv{W`WMl;WkDP`<B2JD!P8_Jokt<9Y0&fYV!p+#T@Gz;-EjBDE%
zxNS0GVc$E4bv21}=H#Y9cQJxm!_!Z|z*3*C^iy1-=Vt3Wu*A+rVcw78`yDzKLHD9G
ztD3GFfMT1)6xF6_I-dc<ay0&@gowr#QxOnC(V50NI9?XBz*hW_i5*i8p2-kd+b>>Q
zlnrbd6JtvEvt<g<NJO<0fYRq67gbWMi`l|=u!U-hs+WHF@18}3M{Zt~lhv_Njo1SY
zU@!`dvUHsm{Dclf24wRB^N~*3U9(hBcIwC8ANgm4u;1RGj%jNp0o=tka2`%c-By77
zV?7L5MX(BG@0l*={yNYft>#0T%mp+oGwFagYZ>@;C7v;Ufb!?cIH5DWzV`>%iEKHb
zjWQo$l#?~FwC9H5DsOT9-d)`a1bgi^*unCwMi5xnp>!UYdkU>BYAM<&7W4Zm=H%54
zoJmke5f7{cyx{?&mr$St=@i)zK(l_u<MI;*!CvoFi3=I6JPX+*YvuQVdHhH(7?BAc
z_hJh$k;pa7osX>m<GVEbp>N1!YW#N`biiUzoB<+3Q2I+a=$?j8@Ko2^okwz8K|#%w
z){ggyiSPjnk>+J-RvC)}1e}!PQ4N(b<u+d19+`-SewR#zEk48ElU2~;4eD)4jQt%e
z$^x$b%g3VpK7Io6+&D8V5!g_;o(>%?t6jKw7*s%Z==r)ic^5;16C-N42>GlT+B=!1
z^RgEme#etV6ipI<MxpbVEAr*D;u=rCR22SfiU5v*W=%h-RGMU)CsaAj&P;d&*EOzq
zp(s+?Rw+OPyAV{rYs-V$QkS)ATDLMDqlaB7T?K%__HZ&UAZfsu#@Cc-D7$PKJAh0#
zjwwGCSfP43$SF2T@gDydmJ$=O4z>?#GK$?TvzM*EE3BmADZ~jU=w}cPv0U@)`<Xtk
zuoG(RKNQso-6SF20&p}%FNQYrymGTQQvxdbeja6C9O%J{%$$k2JQ18&9fn1(G=b^E
zDK?pF84>BQi7s9qVoYu)q5fsCNg#J9Q!4Z@h3`opLmzn`we1v#mGP3Oe9`x>b}YnL
zWD0x&<?y9m5$nGkP6|b$=pE4dpr!U;*TG*K-&Qt##iaJHt2EA#8<E1I{b3KNMffun
zneJ9Dz7-7KM4A8j9a1ZK+f;Xx)G)fp06Vu{u!D^{zj>szE*pmXP+IVj`Tn1RvC|tH
zF8Jwk+f|^V&wprU|Dl~E|A*GBxF^(bG2VaOdpUl%6pwii6$<f^N4`EBxm!d6cF?Q3
zleE|?MdssRedbRcWxs>KsO0f~XnA)j7mBINmd&@F+*cR++SeD?Hh*hQNN&Lu&XoOK
z!GCCtl3?=#OR^rQ)5dL<t&4)OttL>8b_w)=Z@BuVGZF6l1$)Ge{~p*8n(EBBbG}mC
z2^PCP4jQMqYQEYz$UnMP1pBiIsK1*UsGq%$LdS4!R8Ef9oZD9Y+E*&q0}uM#U!}TE
z#gYBa*9<C<MFwIph(mL@8fushz78@lc3N=PI)T>a(p!85t?QO$A%#F4Gvb&kvz`2(
zY}g#7wTb>4@+0-}xj|MvY=*R>=)vyApgbwCGHQ)C4Y9K}w1?Pz*C{cKuf_R735-jK
z!OUJ9zyje3c`22^;%n1>vAr9SU^wnd{cfc`C)zUyR$=p>xyw5C-BW^Au2pyUB>A(u
zQdiYa)aS+Ck{{pqFr{ASNTk1vZya}zC+qMUcL&2{;HS*M-Il$3dAis|l?}#co#mKH
z-m)9Dplk>HGY!kT7tw#E^FIUwdK?jMx{U1A8)qN<h*$qCGUv{_d9u^dklMsfzyDU<
z={DmJ;6Z0g5xSauwbc=B8ULZZ;$)XuSQNx(NV#X@a*;(7Rmv<&Ng|$&LFNv->)6&4
z`XLR|51PcEgW9DBk<e$fIx*M4K<6jTrr>cRTAF(Qdy{juD^KtqntP?>0w!UI<b^iL
z=>MY0s)#O2iC|uuJhh-5#iFN`Mq`smB<Cb+7xphwo@Nlz<LR*S{FPZ=zL_&8`^v4+
zTKiGM?C#IAnLZpgsP-t+ipO73?ypl{O&JbS4$f?1$Gx~&^Et#3TjTi(1B2_0A<X-d
zitGnoz4k|on4N)3f$_DAzZUy&xdo2hRK~XA_2h2a%b3VPrSi1xn*B257L2D(o!^k$
zIJgH(-Zg@c-|b<rJt^$&KQ!Mq*Q2(;^pj~X|D<a(n02tV|DDY(bL)-siBM*4?wyTL
zlj5}en}WgLgBMqw@4#mqfV32MLe4_k!B5{T9zV<f<H``_{1vdeXukgJqjq~Fd_n*P
zp5%_l5%`1CdkF-mP|W&;rHr4SK1150fMakgWN8G*(H;fbp}?Tp+c~SYvfqO&dj907
zE>AXSdw%xlBUpaa`Lhz7vx7zv`HrgVglJo0C>d#eV|%{7z{>pDt>UTeR`RQ;#Pyzy
zX4wz_c!f&kZZ2Q9>G+}#1%wi7uijSws{2qK{CVAs;dr>#k44{OR$HrTp+x4j13e$<
zHvCQoku_)j$ls1N;`IcMM2kVL#cAI7*L6K};X<~)g4hcAuMqT<Q4CQrWFO%T<+QxK
zDZ`Pp_GZslCwa<gB0O??QnMU#p5E{{9nCxSy8qB#M0_lbTSoJA>>@Ftz|2==T3I6{
z@-HpM{Owfft!|t(B-^|m$%-7kRDBE;5&e$VlQf?i$HuVdQ7j1ADT?(1Abe-Hau!1W
zqG+#|Q_lhSLALZ)@dmrk$6FaHA5Z%HjKa#IS>nyeBV$d9j)j=oNg7fV0r@ErSwNI0
z`8bA5X`b;nvy5In0+)5)7_5sN{>o@c?q<#6xEcC_+a}6s((UKpCjk(3e93d`JH;eT
z#WGejlPJ)R@YT{RhK1lF^*-6=Jyq*tFkI4(MW_E%eXqbXe8Gwaa-BTBd#s-8gL5ab
zYq2{I?jh4u67bk#dY?;+`|4U(oTCe9KW*j8GjPvvD`*NAg32~v4dZo~UvE{ibb|6B
zJFF{DyD0Km6zS3w=uk8K_?L8fGz~;o#y=$@!ufEQQ`_r^$MCgK^}THOP3w=w<?6X+
zqh7*eS{W^Tf?R?9+YhWqs@8{B;Jte;fcyFoSx6z14iwfvHf=G8{;u`ij0nV>i#hi-
z&-`CA?jFq2=h`d!3RD7(Nqnbcc~voNvKJ**wY%rC&iFS}NNNdu>s|X-{J!Vt-$p((
z6Q7H08v^;`r6Fq!iP=;=<?c_0RgYcgK#`KW(?mRl7-fPGQj^V|=5T@O9jnSn%w`7g
zH2a3S@-@t+HLvvnHjwY$^QVWSu-;f6Jsz(pKlK4Um2JZo$SACWJG@e=z&ndT$hbK+
zTNQFZobV*uNfuGWy1Z8dULVif{Rya0nt=_PZJQ}j%G%_Mn`0frr)Zz((x~dY{)~zE
z6gDo(Q2ZosGm&RzJ&G$$EzZ_gv`Jluc&!N9$062Uye_LGXA;LEiO0*fe!FhcqYkTL
zR~~AMz;>QdO`}cy%DZ&5S}I5kt^x@Xe0nr=W1a>OCOWg7rf)VkZ|l7xe(!)O?I`f{
z%P8B!S-v6rY|+C6YpLqB#aJu0jb=Rx0<%`4Xr_|&wAs=~Ka#RxF&dwumiJE_VU_*(
zj9p=P19s;O@qPj;>VQGvlEc;d+BhwlQqRm+B+<4q{`ZoRqsZr(Q7)3$tlUB|?&<d`
z<51Z)9pmsBr&9A=^D;!vyI-<*TEDrnDY(LitOerRiU%zDE28@xR`XpfeuVZ7Uw-D4
zEyhZ)a^hkgK435rA*@eRn}(oh=iG0o-*KdveSS`tU+&DT3!QO_G&@$G9l_^V#weSN
zDAik$DD{Cej<d%Q2o?LHX}@q3{#I^*p0b(x7V_n33TxgLb)OhcB<YD0x>&b_P;Jbo
z9)chVjuJ8Qrd7lq6E+rWFYY!KF@vBH<*2&3!>EXQR|-}JlmU~{Fef4HTRK5?A#J;~
zi?9;*TNCo4>|F%c!%3r5rCDV>8onHA+M~MiVIo?6O2f4q6ViW&hIxd?^RaZ1<*Zc%
zR#XohipiF`h7HZpX1~4QST3&=b&DPi<6(hmTj^R7e*L!|olblMg^H)+Mp8*C$&|CQ
zyulzNOqC!nPN)&b*o;Jk(=@oQ$IA6fv4}UIhFFrqc^;f7bAEHd)6WU*!>x0ve?cAz
zk(F*5qvm=Nwk5e<`VP+>UR+c;OU+dLcnmL|cQdC#eu9>TOvocVl*c<A!sLQE5MR7b
z(`raqUyk)<!@;Qg4|tW`w>t4^<>gjA=&7-p2Am6iyhS?s!<FRKLcx44|KsSq<Dvc^
zIDYoXID2$9N3yxB?3GPM$UK|MEF@dFv$rl;m2pT&olTsPkgVjAtWY-DzQ4EMKRtBr
zKJG3(?(_P*Ua#jXrdU0OzsZb9ZH#(Iss<>rO#LzplFivnlfR*ajgmrpQa7{KlJO>k
zC5n82F9q|RH%E}T?6u(Ru=*Y)F*8(I8VkvUnd`emFf-aEC3zik2AFG@Nn(i<6}C0F
zBZ*i!l;0PLLJ_~kqI-*ORpA$7V@a0EDud*-^~20>hx-f&H0I^pCN!ysa0ZxZK3v6i
z<z>5*0#?7B7e>7qT^x%cD~?SjzIETsEeknN!gpX+BA8zxNVKg^7s?y`u0dqGB*d&u
z#Cd!Ftrqcv9XETu_r=W2S&)a&U})<Hw1|vZSFVxc!WpxXUY^iL^qUbp6H|+&y+tO!
zS?^{GxYAdK3}MR^w|87=@s9ok22ivuOB2H^Ea*06yJ?6*wEJGX)?(OPedxF%A&Mz@
zvC#)@yMudHQjK*XkS%NDH-*>A;9LZ=E>CGICM+&Y_8}9*DXUyWj6o?bu%ZhN%rAuk
zAmm!EQ`OANh|5jNt(PQ*fXj{L2JGYgOw@2lG@y?@Yaa(>9mw5Fcg~F)Y@19!nL@)!
zr2abpDXXw9X0+kfuLAv_Pu|ICdc2rtsUgpEK~R+#X8md1<_lrUtS{jKjE8yZ9=ZJ!
zCL>=QiQOgrHCql;DNkb&U}yx$kS`-6K(;9>fp0XQYgVPY7K9oba&95k-!uX)&mstp
zhi|zVd3k~i3Nq!RH-NI*MPitN{kKTY_y%-8S8`<lr<MQ|mv8&G8B6?WDm^$TA+J#h
zF7kP15<K!|rgTjRPdcd~vxh^G<1`3BED{?v$WGRTTnV(EsILhMFSBXKw}NzS`@Ach
z{Qm;=?dD15bA0LZ1h!||_^kknSh$>Qf6GmlDbSOwcLjqc9MO|E01j3wpkV`H>{)H%
zPzc5W1Hxwp%D{W!k>^|fI@L9MN*CLRO!<ZNNsv%{Zka6P(bEPw9Ha4ahqC*CUQD6F
zn<S7@?KG*Xncra3VqWqcLlj~EQI1IZOS!z$(6uXQ@o^56P2W8dEokq_0MiWtvP;A<
zD2e0SS>TB3&osM?za|rI1>F_6LHBD5OKm(8(=-W`;03Cb(A}Gkfr|{pO0$hYNjddJ
zDk79$U>>sG`5{fj^-7l2^E}56x10ghNn8aAH$+u}23<d`t3{IWU|NOrV`-)^vHyOC
zqhP1#^@@qncW+7F;e<BF-EVWi67G8XKU)5=#%ucbb{*`XR~R%Y5dFeWq9x|dHMKf4
zpzeJ}6Jhf#@$rj!0ykUh?^Q8whjCM%GOZ^Hk4h}e&tDabI(E3#=2@bQ8WNW4nHb?d
zGmlJ(mL2$&D>E2pn0IS(KRF?c=PWvZaJMqa({;}(`9zBHs={K-1_uS-Z<H9jDr(<n
z)IzK%A#3^-V_u_xB8kx&X<XPsBXacHGa7xGuj*^v08`#z64AA6uSG6qO7ZoR$7!qo
z?wsmK;t#H$XR3QV?H_Uu-IN1+ZtIcTc3d0!Iej7NnY=P5JO1Tx_O4UbzuAJ{X+Lo@
z9LQTgXfq`6v%S~l4@Wm1{#t5Pyuaww24-s1P7I@FoeuQ5`*(`=cy{Tx|I#VjM$+%K
zK7StP3mw~N@BR-m_|9&wCREZhZujO{i2S>A$<DnebwFepo~aFv5RU#Y<<6r{ai>l{
z*PK?JPCyau)rWJf{~&&Ti$@NrgiewRZ=euOk3au=zx!iALv{8EPg4u`h|D~|@2rG&
z=v7=T>;x#F>FVRemClzJQHy@}PKzWD0uDxhs{B3!G1a=GmCX@Pzo>h^aH29a>T+?|
zt)Zujn`hJMOQVxJD!+d<^zhqmzh-sp;5L3T`tWZ9-8^|qR;$78)~Rm70sJ*)_d&R8
zlGv58kC=W53B?ULM6gv#&=4^Rok6{8kquF;U@aW1mZtG(jNXLcF}X)&e-wXx-Rfq&
zb8|<L?cF4ZqKc9EfHhNCgt-P$W|jTk>{RZ;r_0!A97OR5?3uc!;J9-fJU5=3a~2k+
z&1CrUBA72dy)M!iqN}-u?`OW<N@sQm8YOvr4U``9zOnBpU4~32qVI!E)Da11h3Zv+
z%?X7n9D`_Vkxh&`_-@gxM#+>u_}Stu2ey~KqstHBHM!eLzW?qj7-Gi4f4-P5apmX4
z_Fr|7?wjX639S}Tnq#M)MAv*@OQ4BbrhWDD#)kw5#)_lqi;Hw`Za`{qKRpxWaIFh!
z$+%hI#)mW-1<IAxOQA*@!}8D;?1lO}K4rSw&p5F^V+}k)8}r#=@K;LTJ3#JzarROW
z1q&(SW7<vi$r+Ni+V@=Ka<29eO_J|?M-C&jxB_OuVClrdpAU_k)RohBDm-VilQyc3
zMLvxE{ddtX)~^`fFX5=qqc;<IU2Hd_C+P!O1)Y8MM!0F$V$;UnVR#}}r{_Dm@Q%fB
zG5^_FV*Me&z@c;Z*zF75x>@KkyAM<m<%Roy5EpO_;yoZobpr4=F!_kS{lDrM8sd`Q
zx;f;z^E@mmWp>j~{tN=U^St;|{+Vj$Helftf0=U<%wG;Xbvji!o;hvD0dCdO1=asi
zINyu^v7J|KMjjsbF9jVcUv(9z|9d0x+rLNxz4_J1pY*2og>@=(j)#8#qJ;P9`_FjN
zw-xrcw+j_6I?lGXmbcF8x0U_Bz4#h1BmDK&W<G~=4~NuRoiVuJQ85RK?WYAmf^N->
zGD-`+w_TB`^HMW>)?!%ydpAsBtKzV8{`aBkl<hCnK!^Ioa!vx$;Q3^KvGURZkb<Q}
zw*TVtD;^NBPhysy<kT4cS!MW;bXwXmC%#_2Y&iH7F8jwpxq#>W67h_i3NPZBuT5VZ
ztCT!_dBVTItZGYz57n^H6Ne&+>MN)ocCr46`<^YBj_RK%-hb~E5;;c-8G`7W6G4*X
zfwwxsTx{RT+AWETpzr*Ndq9>1hD$Sf&{tKR=r4?eNVEJI)K>n+D(TF#fJ(4sM5gQ-
zfsb+tuI}-rvVj*p&85jn$D+uPB`vv}aj3^;e~iT)rcLePI1yaLH-8rztrwo-cSHb>
zRSP{vV~V>Kg25ewdAYxMRjP9M-I(Z4bv&23Owaj=r<{dGjRW0Kxz_4xxG;eN?lW*v
zRm~sKQ#l2=t}V;hL(xljtGSlA8U!fe?j`<@1#a^MotGzqj)U?yWkq?>g2WJs1+n`N
zk|t1xS{lU|P_p?F<P4TWVEUNVPl%Wwq2lLO_FA~$80;lzlxJmmO$i($gnOO>tfvDn
zeDIimV36>n6&0Ae!1XmUQ`l0e{O*e9q#lqjA+-9hi13ISx6MMb(48@$1fMvTPZ^rj
zxVJnAlR+efB+-b&j6{LNdzJWz(*a1GU%jT|y<@s9e>fg^jCLaerO*4ETW1_D8-yA@
zNJGGq@NCWYQT)UxeV8P6O`XZE_q4eY=QD`_6Pq%8SmTerpyaplalZTo2w~bE0~<74
zOzVmHo2s-GZM|__IJC`dIfL~ftFB3yTy^by(BOLc3$x|i%*Q1^z^Ps^NY=`^f$rs%
zyIDRXV(!m`{-%OfU?8~?Sn}LlKC5JQEcr382P&8Y2Vm4Q=(F{}L}H}z{o8MZe+)Qq
zt|#7{`3TydvLX#KAu^BRefiy+v+?GSD+mL-y04sCx>GHceAU8vA1-0%C_@?$)X0OR
zAh;vb-9^0WFNR=WY{Xx@0T+GqGbLuFJ`<1CHQo>zKLebb>Mw*YI0!H3r<(k}$Le+$
zPp93by*@a^t71?<lYBhG_C@jP)L;VNXTo(Fp6iuw1E~>!@F{>d+Y}v#w&INK>Gaq`
zC-v9sUp6~qSE{7c2og1~lj!U|y;95h;qJNN#b_w#$4kXwUWA=`TvaXdlO5?cO8V9|
z>zb7^`xNPdvPO`Noel8=C+!D2&sIynS5;04^|;lCuH%K`ZeE89x<Lkev|c{(wRMA#
z3i-Or2s0v3w@>Olt|u;dST>r4vADY$&{<Mjk%Sl<U<PD(>luPSn=KJN?p5;UXY9v)
zOqLp;+>qcbb#Tp`!$%*e+#dEQ#p-0)yx7#%eHA8ZYQ{Dkn=(KVa>Yny*LVt9!mo>-
z_-7P&&p6u1;oD6W)(UX$Oe8aHM{H<x#a6mDmkM(GLF3aTeMpF<xy6?d0Z=4}5$i&M
z7K|sqxD~(G(lS&*6!)Sl--_YfXcUVu%f_RT4`E9RXE~k>C!Mhrk8~>%V{te|Pb_~3
zh0hBX%S}XuVDCCC8p{Gx5dmwMiWolUlM&rz3yO@1GB|nZpJ44!p--ZWJCUMEw}M3C
zdZ`_31d<+mRmPGW#iEdkez9=UEb=xcdbdHW?+Q9^DaoDT0cFb4t=CreGP1B49f?s+
z7KSVh@o;P<O>3yFA?ag?tsJjW$%~#Nv`_3U##=B;bG%upP|-v#N1xZV-fNbEq?1=J
zmZ5?SG`Cv3lkPf^aVp1sgbP$*pQg6NQ*tPYDuk66c|kIG&Y3Cl*Gpp3#DlTv%(=v5
zW}4TrqD)M;u#_%M<ya!=zRFVh5KX?I9d%kk%7wC0@f$R;))Z@F&huYefOqwg=8*i+
zQ<4@g9X;nKE~Id-*IE=}CGj|Pf0iiI$x6u^FEjV9n>l91%#1t3Is$m2o)&Z=M7=4r
z1%0zOevC}G0>K>WA`xvku}_)O!$UE~ELT)n>5W$(NXMXvpNwhR;4K-xC$X$xN>wZC
z$VjDbsZ*SrX}r!6CH5J=X8Ep4^An|w)u<rJemRzBJ=*vtHKoyeG&@^>h`<pu_$`{$
zB2i=*OJz{E-zmdXjbb69lys;vsSTuUh8V4xp4bm46}qy*Kh;v2iXLIE_rQxnSf;FG
zcX8M(aK})D&XlRjOkMpv*NkI~bUsX^M1p4_nvxz%5zrDVLQfaHgf8L4EuobtjV{(n
z284*t4Im-&=p3nN_8>Fm7G`PtpC^?9c^E6At_XwJ*fS_Cv&K=063O$DmvDfh<@!?Q
zyt_=&a(5wtYd7f?A<vCsDy))M=0T{a1rEdp(Yez0ZDTa#=F~#bpG#9|UNEt>sEQQ4
z_=?ctq_C^Z<LWi1ar{#zOyD(@Gi2)oo0b*VTm8+YOPj^~7Ep;{CD;V6-h4SgWQjQ~
zvzbzK3o9mNb~9&#b-gC`v5EM|0+bLHQA-&RXWn7v(&2NOz&7){nc>v@J+us&`gK(6
zj`sS@2=|qj3NPW(mQoxURj#3%a!EkL1?VnW$>Fa)ExudcI9ZQl0^riY-C#q2FMUpH
z1x&^a_G05PG5Zky%>=}u48Q4S%D2uy{P3j!3(&+2r-mHyBU1?PZ<acMh^K_F_C#OD
zFDUP}Za`i08<6mHEo?Vsc?h!UH-0OD&5(M6(nle*yl8Orn{qi>URh~Quyx6Ipwv?E
zGVrP(SO($Ga{1IU47M~Aw=bissU%=)aynEzkPqlj2%m!o$h1D5K`6bGWj`?vwkq^`
zz@2Lh{IHD6JSyGF*MHY8y}4X4dwCq<X>24tdUY45&L010qK2x_x-kA4u-a+<JkD*R
zuXT{SZd%aD@wcnq<-%t)yC#r=Z?mzoXxR*C_ppQ&3N7=(1XVL9PE+wtwBV&cjss&)
zTj#5_Q-0)PW(YHzG3X<HxL)RbC3Y%@`D$J|BkE4uyK@oejh$U93IQI|wJi2#)_Z5M
za1JIE64|q`TJWmS*h6tmbPWTmzF2=7U0!}I07Wi2oEboc{Jy4RL6XNPee&uGoq_jL
zX-NvRJx;QhbcaNr<<=_Da1JwNs9?x#Gfn+2_vAy8^|zkD4VBrD^LJX4Tfu%Lw@EQ%
z6-we)H?1or2aUmA?q8^}Z)=~giwuUiSaaNv8%#Fc*Z43b-t*0Nhkc&nt9`TNEzQTe
zFj_*ZdT+l!$$Ar`I6+-T;omb7fiz85vrnU%lRdEThRyf)^MmSXm#{zGx=$g)eGhbP
z*m(4()+3m*6^S3|&K7;)=KABbUS2mb1Zxn!8J9KU%s%$XVx}-b@&2J%H;v7ekGUS7
z7<K32@s?VQ`Gga`@0&4t85*i#R{SGI(C~zZa}UM@q0$pSRIb1JZPydZa~76%rooXi
z%YdU)Ehv?+_TzBu<QZy<I@y<h^uANzL)vKbY)_Qi3g!17JjYUEzi_EWHGy+ZA1)-L
z5|>7}8)l*!I!i#GkLO%OZNurLW+Rek>(_<O1-p#Ee-QKI;o;Fu6&!g~)1mf@&$@9E
zfA4^*q3Phl{@mVv$KK(c?z7JQ#ICa!r}>HBccZEkkNkk=!Q;0meUS?G_S8-^qb7<E
z^?P<Y6Ara@)K+>`e;*yL$j*L0w1`Mq^owGDLv}zEQAaVj^8|H1o4?<Yd-igV=c|+2
zPTrhFXZqS`dd-EJZB+PyTK0bs?jb+_Uq!&CtYDgN30(AS{S|s)S%=z+qR*RAh>;}o
zXfJ$%Iqvu~<Bsx3Pp(@3GwY}V%-HC`H+*z;s)z59(g5tMv^d%vlZmaFldwfzd2XJI
z+;P1LCn0rDsb|v|6;sN7aBHHb5F&o2$+;2$i8d$z!t5#FC0){Ot`xj==LC+MO&P$G
zD#$YOT?J%SA8InrY1yYJl#y>^QMgOH0|56e0sLvLMX)cJ1xftGPq4y+U67}gt^m6F
zc_C`-Qp|OI$|AG$xg#6%2#ku1ioYj~5e3yjiu*lME(icu0A!tuIw6IYKmYFDjr=g*
zUVr>!|FQI}svMhLKvR8^i@Sw`?yT&DrZgz@8ME{u+8(6}+@1ugD(-8p8yL`-Rb)l!
ziuY~L_BC0F`_VRRY64WveZ_gu59}d&EDG>9bo8;Zpx!seIJMLB_3R!9Xg=x%rfg-Z
zYm8hSGvMYx#$(y%l<llvv+CKaG!M{(4I2A$J^H8oiqgVveXD7s0l{7FGHC2G$ldAp
z*F>Auc^KQE82DRY^;8Y-o=Li()g`((I`pEh>FDRq*&)%WAA1+9Q7F2fA<zhd5ViX~
z>l6n9mQg3Sqo&m6okDha7G3{?beQg@Hs;M~efRu#p3sM+{BfxEInMr3_exubX|4+H
z<mW|4-M0(b6XB(>SIfI$5k)ud<@qU};?C8g#G-)p``7gJ<psFj(9}NdcO2EOcp>FR
z|KaRT6NTrudx^r_KMD=qGyJM$40atuijUs>2XQ@NTkPbTKMR3v`xgowewco7{vm(-
z&?tS#g%H>S7rvJ;#K@J@ySS6Hu^&?S>bZ*O?;-*2J=Ca}v;hA+k`iAm*5s<b?D4}R
zOhwjq^rqD25M-v%$Q9D4PW;56V}vbtdGpzlZ39=ok<q#72>R}A_52~}0*Gs7FT`O;
zsl{{kRc1N?A02xfOBrw$z~VM8+!&tv<4|^RK&4;on;b&gO0eV8Zy3LcPU|7B^*3-n
zf70|L&$!5q^*=~d1%n**AH@@{ziK<Og-)<TUWFUPwg{z*($6XFwjm5j9xS5XsdSs$
zv{$|~KdK<k6m`wui*Y3xuN5t?O_Cu!jA9}-95%q<TnkQsk~9{hGwT|xdM+XpqN2!p
za7igwEqr2(xLr`}|G9H_<+U$UN6(?LG~L5#J!5Ir`A+ya#tz3ts296pWh~5U@|W?7
z`)PR{AfeKTlBibsEVws^tcm&zxHofS>8bAA;ZTl=e_NO3onYIl9bjP{pw;5)z+@d@
z)X2W<C<c5o{|{F_kOCX62S+}Js4;Dpa6|1_m{c8#E<p?%S{l(@LyN(az*ai9HCqL?
zQy57<AW^iCP`u6tcOp@c;4BO__T^B1T6VHpUS~BFFm%UKn3ZmY@AcET@}{I9`Vuxc
z+SjHym;@npHm;ACA&_4Qq^bs`JaQpafVHtN_Qe+px@*;dsVYxDUk;3;75;}~%97S5
z+g=pvx2@Jk=MqR6x*Z&AUVL_DK?KmPg>=MR$}25}vP%WH=o#`90jQt$DhJ>oanC#{
z@QBBy!-EnlC?GN$yvt0CO~eYnRfBOxMe8=`pCm&oV_T-?SFGLuE|a&Is*9~N^Pu>f
zJgNNVD`pCAizM;FG|0{=!olR>mjyH^9=2Tv<QV0yfvhUv$${+Yh;7UboxZ@qV}IRO
zrp>d1fOgYnN(%h5-!;2HGCJP|+l{C3OwIrkyDuYYsn{Ivi-ln{fxJX5+`|I>hNMS}
zFTB{&5^1*(TX?NgXts%&MawJjeYX2xUX52>W7aCo`xPRmQwZHujH611^9{t3HUKsI
zIc91-8+B-ad%^qwX_RxfpJR)EyDBM!QdV0~nQ&ZIZu{<PS)BhjINay_GsXfuuk0ji
z3Ak;OXo4hRRJ(`dnHJP-*$TfYNTJg!<-!m?-1b%UFbiUR?dQ$E30xl&s*=(AO$vhL
z*9Mk6tStNC@m8A>T#Rox3LC~entDUB5AKwGZA$Q%IOcWDK<;FkTYAzIAb!lhDySyd
z&R97f_6e?9mc`Q2W9P?obFyT{%mar@P!rc8SOf7x0(Ohoc(f_@4RvLl0BS#JA@(rl
zxmTm}i(X@5t3o5phlQ+l+n6DP82~X5{GQUNVxj&ZYRtxRplBuS%B_%Sr><)#+s%71
zoU%gdjDgP$5_pHkS?1qI`zwef1p+4Wkl}R_7^=Tz+5icw=j-2$<tew4dxR(Ox~U^$
zEw{&5vNNPaDw{cqtFGY5t;2jP1rj%it?V@;oT`P~xx*hM(5+N)c69MZ>x@am(tl9K
ziP^og7LQRXvthK&&<yl^kZ;+A;YWr@N5!%~j^_}u^xs^K@edn%>YVRU%o41}!S;BD
zri=B#*but@I^XD5Uk8?JsDN&5Jv@$jU#C>^MoU%FMp`U!IcY2vZjwfGLgPx4EhQt-
zGJt)0(TYJewZ_Y0nZyl0N$~P!qn?XCHJXmi(a1}(Nk7d>fNI$q2nX=ZxcjJl7EKH(
zN9jW|#_xhrj3_kqJ>Z^YLn*9SwF5n-h}f8yCEbi}MJ5S3o9l4Rmqrg5#M+?wqldon
zMkknwD3DshHQY%biQSyES5+cof-c`Q9b{#&p{AVIG57Bz({&~%(xDpDBG%$B<tx>o
zprk~S^B0NWZYm{^z7?o6m(FsT8Gd4}IU#QzK$TRnuiceLtRRBRe+qf_YRA}KGq~uM
z^PZd*wPteCmFay4oh~*(A(HF_vtGquN*oVwtbf&*x?E7LLTS>is+QzLJdJ3dJ82XP
z3l$_LfHz2sgp%Pa7CaSV%FVk6lys70T8#AEw_Y~gjZGllawFDK%_>QMZEhj(BuBkK
zGE7HCsI1KjnkO)*sqKHov9emLq%7%aJe`jil?sDdCVcf;NVreZP+PFMy3>Rrg}JR5
zDfW7vzXCs!`(}>44MmcH%!Z1PdW1+!*Uv#COY&v)Qj86j^aL}ngihOEiB%NFK=LUe
zSyb+#V?VPfIpRg=Y)7+5Z(u6Rt-_NuB(=@5{YXh@blh{G8B3Lnu{0<sx=ze3o(X3T
z;gBjJMwr3sRi7~2>45PiEsB5zNdzS`4Zt(oSK{9Iu?1_vlDE~#smxxMw0Dn5lbgC<
zA<09>5q>}iaEviO_?g*SV-rYZtfWGgk`x|&V4-o`Ue@kni;i7zaJcsK(NcLiPY{1;
zYDn-6$`J}Ff>{ra-x*}!{Lr5U+BfW~%eh9>>F`X<9{ulEM??su-Tt8er<{T3py18X
z*+l*W`r?^a89Q!?z1`A~sKC2|R9e^h!)dmW<B=j`&%&F_nwt1&d1GqC7cBtZ^!GBB
z4ln1D1IClfe$LcA-_0TBngicWk|--;4Di}nfCRfh1HNedi?H%bENQGQ5JC1Kw+@H~
zawgjB`UC!GPvHCg?SU~x+t;0ad&lAh8QRCyVf*)>gD2+}gux#qBne_Y|1L)?Na|NX
zsg5JY!kA^8lVf1#8W3nWhc+f#Fu~E86#eFP>LQNH9|NL{XSN72^K9}cgO)rA<>=@K
zVEe+=A2U1vjv~tfufJAvU|wAD?z$+b@(uN@f@O>8FdC!hV22T$h3tbhN6&>fjc9o}
zi3ww+N`ipIPxNI#GfS)a^6>{yLG%4flTAwh8E^~DpJn*!UOqb+Nc5P@n?^vU(TKJH
z#k=3H@y6reZYs3b@D3)W0~+m47{H?mEV~NYg1(!2TiBLSt1V}4V?Knm$x`|xlLe<D
zIyrLvkHU1M!_=j+l$X38T3s&k$rDgrQVMXFe{PY@QIJlomn0Wd3n<VO(I}OR2!1`Z
zFygBBqtgL9(%Doe!AmIg%0q23{=+*uf%EW!m!dtiWMfiKVrbQOoS2PB->#dqQ;X~6
z3!`r2fXT?T43{H*MpzO*r~VXiOBK%f?E=rg7D2Qj17VSUbMUq0uuQ*H00-SyFQgpl
z^AdK2Y(}DIg2%PqyfXbaw-K{}^KGoopD_*2PB(W*4|O%QxYti=K4)bNLA#b5dSF<=
z?)~bTffU`}mFitEb)Q39&2YqzY&Uxt%q>W;FlIn1X!u5xV4tb;78sh~v6dDzyo>2b
z{(~mkJcyRra><a+QD6!-+Si!<E<K>Hm?*h^pn<to?YWx%Y=%P8QGh8UR1oQN@5LLT
z><E%HVVH^ba+=M#&HHrnN+*NoiQ>aA=XfN>_Lm$mYY~{w9VtuF926vC_Dp78Bb<b<
z&(4^5MFq2t-nnsaycD`+U#PC^To@?HD~tAZlP>xk*sJ!Hq%e>a>hzS^$xY$#aYNys
zJY)%p$ufqpg4=qu5J2Dw@#A^<?#5Dr3Wp(L{nu_7@V%xKx57>Rw%%`ZFS%|?;|CNM
zW)?ImM<~(Ip{tP{buZ_SxuSa3qCk#{Vt?xdoG8B@J+Jx?Vt@bd1<x*r%f+1whWF%G
zBYSpdpWTntn{}qWq4FzG{k?MCaD-&?apV(tAPA%JY(zQ%KVppM%5Oha*}unr)9FXz
z=WUV29Z|w3@)u42K>!kUz4Nrfy|X8Z4~zmp={Lb*1}lieWq%upP~ULBTCkQk!&}$<
zYxn4EFVyMRL6q=W@&5GanZt+Sp3`EJpy||N@c&_Y@&Eu&qZJ=VsAp!JPqs-f?3_Jw
z5+Gd2iosHB2Dfed-vs9F9jfFzA5aMC8HdTY*GNOHik>d)ZJq}5($T$He6e_f^L*Fs
zfZPEkIL0HiD1I@`lh{6H0X%$`rmGUO;!mpb20aqW&Gqh5*+F*rSgmDdX_?Jyofl`-
zI6(&T#aqLNx(6w514ah{YgA^|ubg5t83Zlw!x)-Dvkz^M`iJ8_6H9mz^_%*<G3k%Y
zU=ZWq&VUx_18aGypb-vG&wD?TCG!89OEP^_CW65Yn83C^w4T0G{cO)9+mWPOWRyca
zz97aFGoJe<?tZct2YWC(RO8PLKycBWg;E9u4YN<}e0)!FIU_-cq1!8~v71wPZyHc0
zTl?$78Cm5g_=hyIxlb=cf5E&QIQ(D_naX^u>-+f8uY>y;wQ_Xd_BImuUCR~T1_^6R
z*P~Ri&)iu9z{tg0!6{U=LhHugf<-djSC4N*RD}$LkXRww)9<|hXUm#K_ElFgOkg!!
z4gbIc0(oD3TOn{)wSO^+EN@c_79gyY2mL7oqKtZrYJa0Hvi^gB;ZKL=R^Zew9{&f~
zqy5mY)(`%%Oh!hmPcK$G*mv=xWWRTxq}`PK6XgkJ4fWPL+0MCkJ1mP#g^DD(PQY&!
z%YTrKUt3Y`%{;$<o+<<TSMnSrA-$I(>Q>r8L~|ibarR7dG3_q*G?XUdEM{v??QF>3
zQB7FF{(Nh@=;!b`+fFCy=x6%D(V1-Feus%;+vY{~Z2I=Wd0juzvmx$*S$w_g8jXt1
zbF=2Ha+UF%=O?qR2Nwu`0)>}*v|^TtO_r|EkDr5{j}#qk1Dl!)26t2oui*LxlH{MH
z8s^p<1m&v~9?JGQ`;#Imhnjvj^&C}4WEo=v6=B;hambOo0_q<Xu1Pdz1_+2r6Aeh1
zs99v$5ppI!`!NO#Ns(|butS~30zWW<_v&n9qwOu7?G6V+{F2t)M1;6~%T(CXjdB@9
z@?IwTH+Qbff64Y)e(t_c6f-dLQ1+g7b-8d|E9=1Tj6nYQwbU%33&Wz&#ca0-TXruG
z@a8x8=vU{hofdC|@C02GQ!uCEP@E3}yr@21TjZ_1h4@_Q&$_&_6bHn9uxzlCG~-6*
zqnwi0fwn`^P7kgV2{k>Ht5@#s5tDYl5(-BBq*WKs^$IFtC4>p&z8NwgR4L3xF<DZU
zoEQmDobaxW2ik8aS_TZ=M{dh0b%K#W<pzc6vSj{<g>8aTb@ilj5A-Yv07^FnRpqm>
zJ_oA%-2oNMN{xrF%fMs>-5Osdt-e76MIij1<z!}d8@E^%z`T6hUA~+<Y(>F6z?tU{
zUSm=0ufwMuFUv3u!gKv~e*rz@6xU??=bQy-z#v#M#g|H4Vz8wn5Ld-G<?sMl*d<K{
z_X0HK=J5YPZi7{a^D~F1m-h~_pu+(9NYG!nRCU|rVF8z+%1X(ToXJAd7M_-qs#;fy
z;D_?Y_C_C~h5i6gC*2++D9?2!_ox<HfO&~vqHm^hQ}x+6b_I92K9l*uZg3U(Ky^OB
z(+w;Xh6tkp#6>agQabKz&^TWTHe4!$C$lmx<KN3FQQ!jh?p?~?HXwRUo0ER^t<@sA
z{u2FP%@RnGEyO{G?nmIc<z(+^=jQ8iuwSv|YMtYY<sw`Mf_IeA)mqKjI~2me%ReHv
z+{S?gEySM*qD`Qd7r^|~I-rz5UUN19%sGFc22JLTeYCgwezH6aEDj=f6VzyqDbcOZ
z&bToT-bX@T3%n`uM^}Q*AKOhla602;d~Im()a<bOb7tGhKzvL`<-`G<ODUj6&@-!O
zWLsBZLl(YPA?R$19#=M-cTs22k-jttB27pZxFHZ@SJs0g>861xr;}+1=%{DJ$30~U
zFF?dnE|eVCvXh|EAqhF;G*nMrSh}DEHWB?SM)u0}VRtwQw>=nn`E4hef1~Ejk%zJN
z15(|_yfO!@mXrNzkk_aPbFeI9Wj7T=nipchnM2AuO`t)C#B~K2T50sAiCUe2H7-jh
zoMK7)Uzq82kqJzNKb<?{sF}RKyfL%qY|fymKgZ`T_;(Rg>q0d$;6B0yCw9sVh8?%{
z&YHz$;wu6M>*cT&f*kEPCnxCc!HOP~6Ad@GSbN@KJSn$T%+;PKFFP!ZkTm4yCE!<H
zRXuIW(z<QLSffSk6Nxc+mrPh(D3dWvY-n+o@eL52r#S~*(Xs^6G>jm0sry7qCowqo
zLf%sAxhlGVTKc8PeYe8fa;maFbSx&hdNE~YOQM2saZF;Yphjlsj#UjT*huqg;xMUD
z0;Ux6j4`tM7#rh4MJh;5-BS|6{^f}|Nq%M6oRzdPp`CV2N*ZGP$vJ)fsKte;xkXf<
z?K=xYSKSRuZh>qOI--Z>-0*URlEimrx06T{r=F6ALB4`i<JS+`n)e9QVltl$;^VTp
zDfxtc>9{eHJTWs_7=5kD_d`tJgb%e=EGP1p%dIy;KwDJ79SZ-&LTC4^UPLIzEORMd
zuRurZPFtlQb!e64Cf)SHn}T#2Grphr9A>5mmAs-7g3yl`Ud2c+Ix?TKm-uGh_&<Cs
zRP?Yfbb57zROI;ntXRh0Gjp?N%Vi{qNI5Mitn#J)k8oQWli$f?B8>BAP`xPy5z=1%
z#x<Bu4(nHDn`dl9>&$|BEK^k_j=^PUMiDnYVto;rqpzQcT!{CBC#h8QFv$$x#Ux5p
z0Dj)_HPN|*rDcqPSG2dBhH{+mQd#_Wyt;U#PYlW|Y4;O^e@aJvf~TyEH2>G0hFUgn
zZd{lS%yhkyPHQFy`mfQd2F>VjmLnxdLHtg;S9pBrP=~APz9l2yaapMdg|PTZ4vB27
zsSt!ghjjBiP)9knxirZT#Zyuij}I+Tz_MqI>xd{a1zRTXf)Pa`7A(;tcSx~{IkeDN
z@xa#XnU5&xf+-8B|7xXvX*BeDCdIlLw;7Km!<@-G9hl{vShOPVJFgfXAQdxyvdB@T
zv56pIPydh^AoE}jEIj9yOmP3R4Dwro@~a|{HADXRqiwSa{|6#21g>!-B2<wN)f$VA
zd5-CySat<wbGoS8Bp=aCsSG4=k?5oD774bTaSAyR=Y{ynf*0N2ZYSB))e^&bKSf?E
z7n4Vj;FRDLO+<4RmK;*VpTOCE91hD$A(B0;-RtjrtvZ!vF&2y=S{f;rZj|}_B6J}D
zuERZ90ca72-pT@n2xA8SEuzb0AbC|eSN8&{DmhJ^n|j@*GYDWsG;j_d0W6Fh3l|x^
z3J0aOf_LZo<sv_5zk7fl*OF?I&2%K91yexN?Rn>N&fXs0h&&&?@(C^{?+?WkbOteS
z0xfaV0c0gpyUu`E;aH&ZTEPInDoStyf3*O}Ci50Z5X~jPWP!K^j08(s$<^y3v40f4
z5oo(65lWSF%q+$pppbWy`I4H_SN={L-yfFVJqd*1X$;_aiV!-}nE}Y9<wQk5=V4Lp
zd6#MBfw2+!3Ov_Xx+W;7`*Mnru)&>y8D5zF5y5U@1@1&Upe6|Vc#!OqG9R#cPcN=`
zz2?9^ghc0_!6nLtlI~JKetjpp?y42?E`1!{=<!aT$^}}j@G^uEVFr3}P+-3G->8vW
zZ32yna7TCWL<wn}{@Q(S2@GH;Lf0ADrQsgjm+(6vuzv|NYHyBHMm}JWWI64~5K*kI
znyhQNk`4A}Qo3kF&p9mXO}45J=E0kAng~FA)&X^`C}{@^Fm*U&`?5^fy8g4J1MvUk
zVU2?_55RK>x&>U(xSTG3O&^z^YmzHiS1rZ+Ot-;p5?E(>3STwGQnXAonb;wSrOqn?
z*UWKO$3_cV@FvWw47r$x_yZOYq26bAKddB(z@M@CF9kI4GpbiBAc=hz3SabDEdt0Y
z4XVqGVW58#i(Jm!i2TiC79^oSDoE9ffzWE_yKD29<Zp;CWnMSUE{yT;UvS>DqG=RN
zi9u3$)2f3{E;lU-SpRss{|4jyuBKJL#E&kmkiuK=f;=VRtEf$yG+U_p1~1WUNtSz-
z#cFz<u=wW(pZgZGuCAfwl><kbohd<CI&yv~#_gZ|H@c0s@HasNt;(qk_a|lt7T-U5
zze*RnAR83UeN83Jsn(uO@sS(77qP#XEmomi7=EKcVP5*9%wIw0Nuke58O!U<40)q;
zALpNuy~?xlYrUG9H^UK=Gz3#I>Y|h)eeLAqM=T@QrzNFL$P4rylWdk~aOmcR(tCeq
z{UchoM5OFiPa!eQc*|p%`gVi`V{nj>z87=DQ}@;)E#$YxKKYhpT%SfU3>7-0Ko_j&
zQ!(~6(7s_vEPx}uMVLnGy-lnGXi_n^ITrH_bo|u2**6_I-7>J8xAj3l{Kd8j_oA=x
z#no0fx5HRg_qGQc=Kv+xnm#ZmpEBwc7U6!r+gTSi`SV;(?Qi-HU*nPK-bOu8deYIS
zp{FlC-cXZnj4n~GooVYipJ&3J^6>1Q?J16oADnb@9H+0QKmDDbAA4RDHTtx3XYovh
zXH{*R{#5qj-G30U3&0t%bwsgz<NP<ShkGmF=)C)1#Nqq;s~tasCfIutDXjk8d~y`#
zvE6dveN5l;q_b~#G_zm$>*-Es%c;uTpY6rBzmtlEitMFVcFs^vvV=%^DHB^_+PwRZ
z7537}0i#i2c{XSL-kTP~I{0DJ@F2;!`m35bdWn@OXa7>Wz-4^DcpFwvdrHhzj6E#T
z*p*!YYUB8eAugI!s$!63^u3M7BugABTdPFJJtf9RWFkl*6q8e{E7LDAezB@sFhsJa
z``US9>HAQ9S?ZsnP^j`7xor@VyvaAbuE-C(JvKo@&Hr;(9KCHOujY=5(NOH_q=jwF
z{-5PCB{pF`o(fnjOM7PDuW>y*rEO!6dweP898(^Bb{+Qan>GrdfUZdVMA(8MLBRne
zKSOFTyW&F1_iwW*-L*Ql(;9I_QOvG(JyaBBRlem4Y(ci>oc*jY@g3mS(dgMR>(=*O
zkWo)5u)1g)0(K``nLxQhmTry+ZY^z0N{b>30|xFJZgFewUT#B7e;6ntYRj4IZ=5}a
zHSjLLU*)>F=HCoIuUn+k*}?aZBwxxm-?ebHUZ#Ssg&@KgLx7ykf4K)rmU`!lmrU3R
zhq?Z}xxc4%yP4^c)4w{oW?MHyBgXgd(_gqBNvN8tadYQST@>G0jbb~O-0g_sSjw(I
z{|70~f7RI%zI(wleDMf0UOP{Wqh@&i1rW|2sm@>UoXPwDi(2cvT4a;b-HAJ7XvW!<
z+_*`-b9}R{EqiL|T=?wIi5fs$R9r|dE}cFJKNjv(4FvXaYyWJ@#ls_-h)~*^K!~&Q
zza7`_j%um-9Bu_C;9A1t-Gle%eyyR)c{WiCU7jf>ZvVQF<cRC6TaB>h!3f`SJ=)st
z^FGrK${~tE+`oAdMz@2S`^zdS{IGw0-4OR#Nfd(Q+M`S>$wry`zBh~2KICi?n<y+y
zeR@?u)MkDBxE}tva&%%-J#9*iw4S1<YBkTYM@BjT#jAi+))mkF=xZHWd;d2iUlGc~
zM3nH@bx(h_@O5<z&%GtXXNoi=^sk>CkqJ3E{sMNS9?X7TiZrGKZyni*uO0q+BMp#I
zOk!a-b1@S|<(n%KMuqi*&pA0Js_#u?C5nw`ak~6KDGUlcW6{KK-mCA`D*CMkH}+%_
zn9YB*hUS<=xM>v(aQ}SW@lv47J1K<R>DH6@Y#;Ec{B|qKqG*Fe3Ko0m9W6y>@hs~g
zq*XUnrX>Yl@h=KX@!+$K=nlKHURZ3pq~D@>33_VC&oIRus{r!f4>am@5Rca*zUUz9
z!558(5D0mQ2Lgzj3W8uOp4c08NO9lU+lq~8Q_Bg!JQD-r(kl&f5j9%4?uP9>V?nLf
zTEi@2y9Pc2y^RH!viCh%0dlZwBPy!}_<F4<9Jp}{Vq@70N_3k@edl4fse0AF!`e3h
z&V|4oB?zSC9#Xxk48hO!MbthaezNy!@0X94Gw`E^Zealyc9}9i1oSxZmwC|Q<s2nn
z2Mh7}zoHmGmwXuCmjW0Z#lZv|_{`%Xm}q3*;W&+EYnlK*Vl7n6wEOY}*>~tyn0bhg
zn*lz^yJg^_HqJ@YT2BFtOF$wSu<1rwiN>vUO-%T}Yif3NFb|L+^xn#S=;pR!bW~L>
zAS|ZOSq)$@{<1BY2EMuOtzie>YQ;@-Y<bP)u0nI5DI{5;{BA+(AGgW%7e~*S7v6vu
z`i?s#HQ0GYLcdKQl#Ae1#UDX<_*?);MSDKFZM~XKGP{~{f<t`S0&H7iQfo>kFw)@D
z1f5n%yV-$hYjS-VLLo7Tm`|tBN4fc}m3dD&7Pbj;om=FU?RvfO98l~!O<e@T>n-w9
zHsXLCV|YbKtWPgTVvaAAO|vdo6QyGE>oz)s+}&7@SBIf=`I8WgziVm0hDi+pX59@d
zztB$FD;M@szod8sZ&L4#wTscs?Om@Hp)+P4v$`WLDyIC@3SUj26C;*N#kOF(OL-aS
z&V+K!yCl4^pAW#PVqy@>?cv)a3+P@VBt5X(^aEdcQ7~#1$yBYDWbKZi68*^=$`SYg
zB>U0pR2v9olC@0Z?4DAU9gJa3CRtJLBwwB?^+6SqL{qzq)dR*`PHnqX_75wA>^<>D
zSRiV@z2v1vTG100F*0@Q8(u~O4RN9iZvHxNIniTA+8lISGm@p9m6SrYug5%j2Parm
zY_UrmWp8ty!2YP$B!>y0nZ~5kErll><M8g{dJwiNww13ws910|f|aVXce)`^S(Qnj
zT`CgJm(nm<S9cd@AKG+0m8NZBP;hTY>EJ+;kznPovr^8&j6AQ}W0u#XFTyIHC)rqG
zlBSzAH;ByXCwfOQDZLeV;KqKQk@jJ&$j~J1R1)RmYf_Wb7TRBMVEZO$SDuCqkH^R^
z#JU-3^CKCTd|06EA|*_`4=v$|cA_XaL_+`<jaHSIZWR!rl4Qg#kTALqPfGcJuR_K3
zbFymCvX5Diu<w|8^6MEhkmxb$Yfu$&@;@!cBnT=`U?NvZ(+Wd*GyeK8TiYw6x6Q8+
zH{wYHP8+Di4$Iidi52AsHA}yQt;RC4H*T9<c{d$P>Ah<vgXF)L%po-Y#VeV=XFMxb
zTSX$)A;;oaA&21v36*&AMYt9%dQ(xlEJ2|AhR#Q6e4DMhpf5ZnTA%2<SOOm}C|_Rr
z@^wIaAeoz*f$D(b=9k`dGKBfJUQ&CiK>d83l+LP+ZgpbMsxp!oc;3S+Q0*sXmA0?h
zAYD3MC1wT%l?#cn38d(F3bxnG(zG@#EHGtE>C<BoKHlsd5nLKKJ*yVAPAobmHLN9v
zB6A9=ZX?~EsTaW9K;&G)1bgyDGlFjgh31w!u1wIKK4!KQN{dC4DsyNM(M_zBP}Q30
zZR_aae?dZNEw6d5$C9wPL%N>%Wr;EdYEjU#l&CjyS5}5qUIMEup>JhMI9$FEC-A8}
zH2ZkX!k9ttKqW(uas3+W64a0_I+}}GgUOg#RDt$;GRj*z@)n1zu`x4=&1z|k@AsNm
z&IGd<xyU3WxuQ{WNkUBtd1xK8Sr{+5E6w*x-jMS#4Wd-2sbN5gxmCI!DZ{U}F#d#q
z1N|=|e0vv3rQtfUf>)^E$)ZmyMM|=*G?q7$h;5nM-6~6djqRJMyUs^17Y3T&l8Vjh
z?w5<+fkXMrEVYX;yzgG|m-6RVncbPrFs8`U;OQn_LW>CTL1Ql@Vz6FFV?R8?KNJmr
zjb4G3CXz}CGx1l;_2Bj!yeA?a1AN6*jhCe{Lktop*UCxwNv>5n2eOJKNIs%;A?T3K
z7)vS2v>*?0M60Oif%M9cU<^GeUTO>a1uPzdEr4&0cLC+Z6D2Ba<|b5WhUYlqOa76p
z2oN2tui&qf4`FwrsVl6uAdf4+aQSUcEL=_oqG%-@-fxAF+AK!%AI3V!0a;U(>h-2^
zQdeDFviD<xoV=(A;?m6m!OSVe&g(5eLu#(tybOYY!#>cueG>@3t0kkcVA(LH6BOW9
z`Yk8=61KR7vMsQw-PAy21+h&5-vKisCri)z6$K{Uy;-op_VVW;fA~<TDQ!L^^tk-e
zMf56RHTGoopl53Uxype8ZvC2t)Gx$fyHG3W>OK%fZ;QOaDnlU8|D8Cn4S4`W<Co7i
z@N&c<De<Ru<av*s%2=WAro%kE{DwUHl&u3enj^iiv2^6p^f=a6;R}HUQT4c`rJ#N9
zPB1VTgZMQ2q8%In3o}#j$N&`KFe%@r3H^@tlVaps6}jexz8#bc>+4|Ru}AxoCi>A-
zy3AK$I@JHG4_Hd%y!y)RD#lmgrPRVgJSlJp#je#(0vgPUgyEi2dAZ1lVXMU?-ofx{
zzi_mQfaTOZdwK4rB@{9xn)nt-XfhtvH~3g5_$BWc8?v>2?V|z(p{k<N5zbNGGMn-2
z1J1z~J_6r7)>Tj5HT52Y)F#)*g<cu{wq|L+brdtJxUq!=LpRxfkW9e)!6CzwF!Bls
zmU#LU#zhWNbhHCP^pJb%h6<r*OmrOyYkhemERR@61QX7o2wCnrShM6`GK|Y<CtCUs
zV$kwAhIeU0VB&WkI?E-K!%at{T%)Lk?6!L5&y2p8P<6@LSdLZ2tx<uiMH#o~^zV~0
zPmXFUE(HxHou;Q6#&*Y0ZR)S$meU`3GJRM5{h)oUe<81_DC7GOxUw!V+afc#6GA5w
zdgCeIr^mAIq&H?~)y`868Po+aEbfYM#kdb?D@!M?(teBLk6I#kN1b$rND_Gbq-I=`
z86lM{M22b>kNzlU$86HJ1Z+IfW+&G-v<|=M5lgJx_~7M1N6zc7Xz)(!-{3uO!ZFS3
zf>w%n6(mj4DD97i86JI7;`!mDYX^e+Ed|R-1ceM~;mKK4RoHyOUC6wurij>5V6ND8
zg~IS~seAQ(^S+Fxu{!lxGabC|ktOf$W=WKiz@<ovO>|`@-bPzawHN&C7u(qo=IgL&
z7PC<&Q6G$I>VWMX$~JDck1lo!G#wZBZTj7dyyF$O5pf7ogT+BH&?C<n@|N23p}wIT
zPE#t}%8EN}itdXMM?Y;Y0Il$nwF0_L;%BNWY6(EOMRYj5II~t*{E)aDkuWzmz4ZR?
z=_%jaIat8G{K@S|>(elg(W&tNAna#;m(`&TwSkMn-cH~A6Tdp1UqfqW5j;PmKumBb
zs=M>==*MM1ZlNE%cX4N@K<bcUwv+H}AiW~o7d}eU{Pf`H;cmdj$G=gCv&61rwbb2+
zPPHrj`Q!gCW+H0NN9MM6jHvoKzmO&O!`h+*oMeAo$Oci6te5r7_6%MJM-S@mrX#~o
zG=1$)4w+dojPBQY_-QBX@P^^QJspN*SlUb#6CUv#wl|yajcv(OT#nDjR`%IIP46Wu
z(Lf!&gt6#8o3$WqA1VLzSit9uL6Vufdx}wb<B!Pe%>kOTi-;L&fB@i4Wg9CX{lvUc
zW%AcKHkudQIdezFYf$f#CTboyJM^1kQu}YdB`vH@DhIc?#~B-4Q~BW@+3LwisrKp5
zjKI9_SOTqS`6t}&n>gsktJ+I2CZd)Z3HX;8dRDegH33DGcu<ei-?l>3r!cwcc&dD?
z#LOwwi>sq*Ap$7}8g2gGh%&l@MY_-yu%s}fX3UR92)vma|4v=|Fy#BUz^K`(+f%O|
z|5JG;grTV!7?rR&3^(nEHN>b@-Oc>Hyfi)WFA6=J7%8cH-Gl{by1$Y@rUNs!^878p
z=*XWXD68d;a-SFXhMOOrU;Nd$s&LL;eCVNWe^%tEs`mJ#6Me?^=`3esVex!0aId4#
zbLZq@t?42H$Z)k2aQ)%i&z0G$ooW9;XlK<Hix+KOi#YCw-|PFmB)<a^!Y!v6Ds<xS
zmFno#vWJS!g@Hg@y~sc6T=PS1H-ak#lG#5$Tq^|SSU>tVk!_vX$9gV=A@R16yU*N|
zcLxVICFlc2uPJ3){hooVX^akjXlgwLBbutk-Q%8IfA>^sXHB|z*ft+e<`mYA^$dQV
z{hPFj@8Sr7U5UL%fhk%Gb6R*Ar20i#7&_1Jv`?LIk~{S<pr5Oq@IHEjgJE^H5G7Qr
zDjLo<WqSOEV~Ly#_nxBpTZes_C=1F}qx-Y;0Ma>uf-hq$KXy=p_1<m6rHjlT`9b;~
z<P}R;+tmWl!zA0`i0D~cxc47~@kPGc(v;x84uLP~8@+4+Keck7FdP1fIyr|#?L2B+
zkoHi`pgGI^x^o~SS)Zq<YWs+_Z=!@nlw-a1)dJCQ0?9ifCOQ|xhoPtCD-SnFPfF)0
zu6YY%H$B1&**RzuZc129^bSeM3h<Oi*wG3Z8kshyDaR=-C&f6$dgsavEJ0+`1eM1}
zs;c=8^*^ViO43+AlvX~M%v=@0;08w-I8AEAFi5VCGVL@6TF}iaJap6m6_U3TES-&`
z(`g2FnLlH|<InJ>l=F}JzUmQ7Kun<-f8Pe-NO@DaaSpJ8dx7==oAX!NOM-QJhx{kX
zejP?Y;ub}LFNf>R@>pi$P_B(6+P|b;!t#k-wZW`Hx5h*mm<c3gc^R~TQNXgiJ)NG-
z(ejD#oXJe(Q$uPHlvLfzm)je2u*IwX^-iL3vSO=NdvsNRWik;ArjHV6Mi%EWAl8@$
z?}CCk^}yHX)?kl->#OTgK@NyocDXFsBK(z~mPnNbPt_M~?}k?5o_VJ4NMLY)o?=W5
zo?3Al@Bozu1HJeyOiD)?_`|AdO|H#xG?xQ%NOS2nRrMsf8<kj2pUEmq)wVepa9<I7
z17;h3G#*_8cg*`+FN0~f+2U<ynR=^?Yjn>9BNkkvmK<OQVI{Dw`c(>SD|qVFB|s6#
z%+W~xP0U1+Jo%ey2V3Q6%qS^vKT|EJss$?|zr|!LmGcd7E@5;{oXvf~hDH3KNV{`T
zv&gN%&$45ze1u+g$zaEp;t)pOPm)?KJ_*i2dBMR8FHU$^tX&0U_`dA>;{H$yKe}OL
zZ`1%t^GNIhY`4^`&^d78Wne`xp2g<PwgK<LZmFmOqiAM3xt5jfAuMAxT4Htj?O(wI
zW4jP?PwnyMmDPr>j1dEg_@rQEXu?N{Dp8uJ8o73po0uvK{gO<)pmB7F<rg=iNqeG<
z79?^;if5b#<xcKi(wEeMrM<Fuhs|VHF92IGq9f;9&8Zm>Es}*q9(rLP*9C+~SzOJ7
z#5kgoUJ6Ua%mu(vP>v9g7O*~=>=*N`z#Eyl8IHZvy2I!_|Js&+F?Tb0pDO)WR4$N)
z8ugB}(BWK2w?h0*DWaul!|v5WWD$1pdN#q1Ia!5y>GwZ7gswIYaa>c=1-%lZl#4Xu
zxl2N1U|{&n+yj|NpVwmRYpd=!=X3koK$=$*iQ3=zq+1k8CDyDI!m<y%Q`oaED&ZE)
zo10?Su;K8>f=LapN(N)#m;i$h6CA8cWtM@`o3)uD`T`%it^O&;Kwl@N+0|EBlj~|q
zwlI48<eR!u9H^pE+3(UsDveqw^`+G@*@Vq@v~$9%;P@^@?svCv#HK<<nh&=@c2#`=
z5l^h8rlY=O$6JQHYi+4qd&h`j@U;P)LBrBAEL=1tYs|rlM!yuWejx5M)FGrsdV+`}
zzN8}*BT){8T%vXtj?T;7f<us_j#LW%vC?_tKL}v;XZ&@4lN8_l`;HEkidk>iN@-GH
zpz)U;T<701SyTO{Os~UpW`<ugN0rbKR7x{R8rG`x!PrunK-0}Je|YqP222gFF1X9X
z3@tto0bH7_b&*XM1{j+vkrv%NtV_3^s=Av+J%(0EkYR8oT85=^Oh-?=uaY#2eXcEs
zVc{B{=)1WE?)HHe-FhTCK_GdQ+5Ed$?9KKsy=cxc9Zf@pc=OqOGNP{ER-}O=Pt5cX
z+(4~C(o#xeggQi!ZhCeiI7ZH}N<QIpbAQFq^@rxtFcM+3So956a0;1qjx^K5j1KDb
za>%8{uu+hA5Yh10ENhTVOo%xD<(WsPC!7C|qw|i3`hVc~adwwIi|mnP3t7k6TTVvy
zh$wrN?0q(wp>wj16q3C{W=2-y$X?~_Y~SD8?@#U?pF5xP;Pd*tUa#j1?#=VyZGj2(
zo1+Jt0y@fj@PI`mf-B@TJ<U*2v;ZM0Dm#HQoQIJfo5Q2ji7E3tpA_{McTk1sa3ptq
zRq`X^ndzkuApA#WtNR=s)oo(}$yr3RxkPE$L$J3uywbz=4%sD<&*5NE9?82rqY6&S
zD^V}~5><`H_e6$iV@0vP3@{bDq`wgX8WF;r()WP(nl#8Pe}blEJ7-f<IpCuXm$)S;
zC?l`J;Vr)2C<D?G)H#LuS*G+X&`v=Kqt3yIuO6y~%i|_QqL|{e0mw3u&J+=U<o%ea
zyaaSI8=<1MYo=m_qh!l}5FT=6wpA>}lBVG#5z0q^ZRC!iU}G(rCbf%TI8F(v%KjCh
zA+j73E38>O5=X^Zv2Q3>rDv$WcB~yib}V@3#{#qwIXwswvEUl-HcsbajTFNQcoT_-
z>3>qC)Kg<*+v3$D?OkMnc4S~|#jitA%;-LPN|3`HLK37Bk99hd{z2+K6o7KLB6Udu
z$6=;ygcw=YX<)L|IH>vE2iqhjFjFZ8uvJcn;Y|vN2}Lmnpio`_sB#wv18dW6jaI7N
zLR}ws5jR+tG<c@ey@KAPgLo#5YbkcA>4COH60G-@VRutsI#*Jcva%2Z=()|)YV!#U
zEE~}j<vtOO5x~Jl=ZmJQch&q})4Q9G3%R&c+y^5LWA>Y6CU`LE2jm}<J9ZOTYG%2|
zVEyi94hAgt9SClkP0K|u@2i3XQt!p1q%9x%>gm5r8bjO%@kSP$AE1J+xp+SZrkqVP
zSyc{rEdM~ynTZuADn9{$E6u<`D{3B|)N{VkCo&EYEH|URj^BSjOLd9`t9@z%^z?#%
z?g`))7Z<FY0oUX|$U_9ZGvyOUaD+u}HE@7rJ~jmQ;@2T7un|o=K0YKt{gEm5?`c<-
zx?g`J=JNjkveESTo5{3S^`h2`on5f}ho_KP2N+P+)oa9HDX=M_rb7KiwOlS_aR$`w
zSUy=}dQ7fN$!+%jul=fDYDOE?Q^r|Zm2-sd+E!;tO2D-IotJ@Lyxt#>r&2X1D4x8-
zjT9@&APKAh>aJOCE|6OWy*N)Hxo4`z;%Jul>jKPEge*a*4)ZX6F4CUPTLL4@%U=8$
zoc3Wq2vWn?GK>k*o}Zfcxhz)1NKiqwOavr&cdJAR-{zL9bQaEAeuCt=_M?>VmczU=
zxYgi}idFCs>du=W&SO^a-I#N@g`(G3_Z=%P)^m&qy0ZTe*||(Eo7?x%_SOe$J(F*`
zx^eh^t)4_~uCJY52nFip&Lhnsfu4A_q7uCWF=e(NOO|qxu%hw<w5dT+L-yNL8;Pde
z;TxuU^o2u1>mxsgwiZ2Uf84vvnJBKd#^f;*cQd3_U!e&WHkPIEG%qWp+(yJ>HvV)6
ze_u08??9xCcUC5!yywX7AW>6TlagiX?U8QZlc&Rkvs3p+(hH+>af{-Ep7@v5B$E7j
zpVD9Cl5EMvkQgYY3$tKL-X0x@pQR+T(EPM?u;W~YlyI|E=|2iJql*t&m7-HgID;k2
zK88>}YT6>sLq-)Q=GP9fhS{Zh30-^rv54<heyo!xVG80MgU#b0O~S|eiFa?8e()kn
z3_GBq;#0y}OfO}vHOM|D!*i1laXfZRRc%iwD15Jxvg|N^th7h9r?i_g@+>qXH1TZI
z>v((g8N0!<5__Zn{?lh~c85Lt87BHxSC&><JszEop0s!`E$#1YtmHojOY;V|JBI!!
zMV^gbfQ$4AbRxL&1}KUbXNVl$8t~`kT)m$;QBSG)UywV(=57b^kvw}&mUCVx%YP7=
z%g_^>^MJk~kBkNH(Tn`|GvM-E<URiVHhaQ(?D5)3=z@RffKpHJ>L}3fU%<ZQkE6m-
zv8IoKwEVQf*BA~JC)fHKZr1%%$~!50z4%-tVd(SDn!?I~=aEgKXAg<rP&R2<-=5RU
z-_MVyeY~5@4!zdizv<YbBucC)`C-<OFwnFWcNi)rSQjXN_L_&h?L}$H{8Ax_U3^$2
zQ$m(m1_`z%(Ld5U4<qg+VV@)l_ve$+eMre!+U_b`_iuopoF6OPv=Yx*Fne>_hYH%u
zD7zBo4=9&Ij3q41S4<Rw@2xufU}T<D>p?w0p@iL<eunhT9F@O0fm~vfwt4@f6V?)%
zcephFr(K4O!C}|JYsHF$FzNvt(w7+;M_8|Z*OxhY<HDT9w-2VQ?pNLAuHECo_Q8A1
z1|>e$!$L@B)au{6;ji~_r>lMo9WCWGas9PY#f?5oe|Wlr8rVAi<zWxC9<<oto~qjt
z_lJfX&)!V~1e0Fu{hRMJ7e)t96(@H2$Y~xlaE}gUHC*a|z9slvtV8HSQ$q_v5YD@y
zD6xhn{I#{_&|mfS32RN+FqOWHfxbTJ%)ZL`OX=m8_)w3o&-*K93T0ajKMm$Css4jJ
z4n6qxAB6Y3{ZU6aphI8OobxZ#zEt`*x9-q%0{oIQGp1kPNdd7Z!=*hmdv$MR<BQ`(
zNXNhh`|g`@8>Xc-5rs1l&eW>w`*Qhfd-RO^xcaE|sBjzS5i}aw($u!CFk<6_J1aP^
z#m(V{ID(Q_SKYM&Gp_aZO@z7~p0~Eu{<dyU57JW1<$tS7Ig0BO+VAaTcKW%p^Z_!Z
z=k@7F(!5wtawp&k$_~@$#y$0-TYQ_h;8BKsdgPq__)mI}8T3c82yspaYFc9O$JY9@
znx90G{Io<4NtzpKiV4AY%-FjA#XJvPI%sF6#JMY-FjR<4w%0CO-uuGO`Lj=`J*@K$
zG6YpP6zur}-yg{qJ><~ydS#DdbI*<1dq_Tdj|8tk$4CEd)ZnrMNfi6neeUlsex4e_
zNaQ2_$<D<-adO<@h(-rjUm~gLc;SOn;UA-{av|xRCVQvx9MTL-SvEf#mnpyZ*2<(o
zq*!tXYlIGUYlj*>ri#f-Jk1tnIZKIn8x!2PknE^)p-Si|wc=P<?!(X6sm0~ZlO{p9
zSvE5{<hj;_yG*t9)U$M!@9)3$Hc5ldwltm8b0ynTDs6C#9%KN+RtYM25Ej+iPZC!e
z#fhAt-2-~}7lYSG8$0?iG5k29;e<UsOUG>{e2cFhP*uwvyT@FM!2^_e4obccww<p0
zE@tnF+wUBdyn9Y7fkZNBhAj=+f#-_PruSmv-}yP?V-rkI?^FWkf?!T~pp@OyY!9?L
zV|{ho1p(iqV9a(>+x3ugeZ#rgwSRP$uwAQi@~q0O_v+AaF<!~dHvvp7;Xm`*=<xN|
zWkBFj_JdmzatZ(~!z@Zsn}?2T@&3ZU>A{k~{Imw@Dt!4_$>Qp1-J{@Hv7X(*+JHyG
z+WW^N&kaBsl_OT9oau+WM(L;W4c8L7UQL%#FDrwzB%)9<)RZ2`%%LAwFCE!|0#fk|
z9qkK1maSkaY3891&Q2bKaswmqo@D;Od>fd>Qv(54F!8=Zs=BJ+=mNwkbsN055?m7!
zS6W@JHt518zDjwCk4F2NPo?EISQt!lx;|WE^q%8WbHN@u;+KQ@;_O-XAShzsSxUjM
zlZ%nQ%g-mdfEn58YA3}{e-@eUW)|y*et^f0z%J&8^M0$I#bRsU!|^Ky<0kj{aXeyr
z{Pc3E2M<kp@FGY{#pO0_5o7#~ym6CFwoYCZFS-2B&5f*aslXI<r?xCcvJ6ph*|UZ<
zzw@IEMHfwax`Yc2#?NLFMDto2r3KYbnL|@$npC`0tTJ@v^5rnvurD8sZyXuFj@7l~
z=OoLrwWJi_{x%3;*?PS2j2DCGm05ZoIaDPYPp$9}Te1Eg8>UN)WH>=Xi82Jj27!uP
zTq^;NgtLrE#?<#OAJq^Uq<m^qH~8$}A+0oo%aLkoG_Szc&+XYw2Oe~>;@>vT-x!WL
zj5$4VzWI&uMJEPNzNXvu0)u3tI}}1#@q_xmYU38LS?ujJi1ePaRv0eAzJj-l`T@Z}
z9HF0y$$+o`2Fiuky=|h7Xo5}Qx3~q9jAvoVuS7GQu}373DP201JMX_*^^m~hgi*9?
zVbxeT|Ku!#rk<YEDwew+ih*}?>Q<u)rpCBspm3rn5)K7Lzy?J~u7go>eR-p&Dw;If
zTxRm#wKrn<t_L+Yx*j=dx(>~n^a$y{Jus}fmX|B=VY@xGnm62;XHp=s$(Hsuj{W0=
zi78!k$qF5*WKjo^q^C2I3kp;6H)Sl|IOH-;t8Ol>BCi`PPsxxi9yTHegNBFWbcC8H
z!S=uD-(3F25cimYO_0Sf-P7_2S$|>_1{QbP;Y*%{RMF~bLn@ykHW>&J657nP=36_4
zjt!5Rxt8@v^Jp@7i=xVjhO-&rBo4jWaaPAJsD1$Q-cx4HkKa)iQi(HVni4E-47~>S
z*Iwz+HOq_%<j`drnTraqsY$8WtxpNSQ<-NTs`cPGV)hZ#1q4%S8bo1X`|jF;viOjE
zqqqJ%w_1$|Na(3=wCuqH-FD$G-+xt8ekG+9B`W+?$4i-<h#*+W*CpUaG!6Mc;bauV
za+j<zdR?|q5ZaW&L$mS@X$c3tFj?n}0iu`H%*2H0PDGxgC9jY^lN?cL$z_`YMZCp%
zVfxt^L0a=)Q5Ep6Je#}-rm*|FYLupiJyOdtM1xUrD+6dX1H*Y5xTa#YHV0)p1vBkp
zI&W%^_XH(MlVDqoC@60nlCEGDH@#j%zK&sm&-0Se2@#zL6!kX{lYv`<jr3yd{}811
zi*cM0efdIRgWUOCi!uQ((BvO4`?<TMjXZsRF0`b1zJ5h$f9;j(l0BOCcCfY}YkUd7
zna~&hxi6pvyA&jlpoa&n6d~vua|!85-$%Nlk|!KRiBQJ^ws<Iqqs1oK?nVHUn##OF
zhcD?afDBsYWgB@>`Aqw&kP6ZW*h<l#l-nz6@Vk)Fo_B!h_ZO*z^dupi5ZG%}rqNfY
z0}6qE^s3~sOvji~eQ2QzQT>G_J$25KHCbf3f}nshZ;C2c0JN9zE-5NPXOcswz8)^c
zm4tzaujW5AApn(0w!(G(@+sm7dZaf=xv;KcF_4qKq&(3?sAeNAK1j(V?Ow$12(m40
zv`#J2P;YZN2Ui{ksW>mg-Bt9by!CRqWI+NR(hp@OM6IRZCJIIgY50n+@%)t`YuKwv
zYrs|+n-Z`OXeH7$?dXCR#<6{QTTv<!Sn@YM_GM#~rAEK$2F0cbF5a+ro5`?~cCZvG
zJvG+p&NxN8Yw5!i(rWl6`6<0FrFsfE81;EGOLqhBqT1cI7ssT!*@m|QRv6nCaduS@
zUL<N<qX7O~qAwJCwQlY&Dd1qWh(R$Ib0H9=rBDeUrP^jNwO5p%O!372VrEqcY`u?q
zU2WW50Q4pvy0NJZ3_J1NaWF$*-;8mv37|Cwj-Yc2uOC31ur{u5+>t51H)z**2Tb6t
z*4=jntLYb>KsntkYQf6z)diO0BuiEAfbsNs+yAFQHE2Qq&c-v}ju-3^&~gC9R}}yq
z2)SJWx^maV-R=pDPK_>C17nX{70f0ac?GuJL|*Omarv5>*Qh_spsg+y7-j~wyvHM}
zSK<;jmktD#daxvWv%mhk>tA}47Op~@d@)k0fHo>QrVXGgvpE?Rz{eC1JIr$d=~eGU
zx5cWfW}^MV02f%Yc~PJI)C}pT3Vc4+JSgT#()BLfNZ%?5mKNU=NkgRqzKb*>UpJxG
zWZHwVW|YyEcQ!e`WD&4yY_w(d9O&IeZ37{L8{kLn%^meKDtrg)?ER}K4fN~wQ_C^F
z(%ZxA%K2bAFUH*xSeq60`C%NgUOOgY#c6@rIrEh=#aw@Ra@nNxbm*Ppnf}l@e(S}v
z4Z8``fGrE!-MESQN(JRiFC`0R1vm%oGj-N6ql|VH);fwtQ}YjawkoR9!&=bMB=I8A
z?e#^L>)3PdQvJMR1wY2-lyU6@efmzTaf?w;t5+@|G1;gy;{m=pT>w}SMN1#)Xb?WW
z{I&KP0dC<<8O$rTA%X@EMwQRJhY5Qcz6ma_SamDhfJrFK417`k-h0C3jCq!PJjBE=
zRNE&w&9*hb_*?B4i_;H&`CzMB8$Kz@ISQ50`4JY_r_MtB7aq}mxyj1ggHEP>cQHP;
zL2yqh7Zwux>-1$)?{IPaT*n{!W|FiXJKvbHNOzM>jQe{T+)a?t=q0qe;bs}kB-F77
zjdD7Y3;Sfysp8I)IPZo3)#suZn7!q#AUSY)yE3=D8{ggNtx?f~yrmud&_K0k(Hq}$
z8Ut|gw4Es0Ky>s-;8D63Th)%3__p!zowxBvkp5MwO4cBQr-&YY2fAj`=i8KuWwK6P
zJt_zmnz(M-pb?ERmPO_%$+|;B$FQKJa7n0Yy^u5YkL1rmhckJ@K(E*akSs{0eV->Q
zCw6LbmtS-KYp)LFZi+oKC=0h!d!zOD&};wKM(`VhbN2JK^QFs==OZ@DO7raLzt0Vp
z1IUJO&;I@gS^j7J_nOC9@TmIB@3-!B^qpAS5YI6wIe)9)SLE+KX;*64lQH1=_uJk0
z$R_keX<X@0=|6~`&Ccjv!R(vP(4UvMP~iEz0u%4`Cv3F=N>q4n*QD;v@8I86gUkzt
zQ-h=v52ieQ`89nTkWsyuI<MTfIbIswbrzBCS$Wy208opk8Aqe<w^RPUZvW+m3wo(A
z@}p1bNu%QGG#<=>;d(~>W$ou9JKu*Y5ob&t+b|8Td|Am2bz3{@=nMFn4zJz!-fe%A
zFnVV-=uO|Jr$n@?mG=)uO%sBCI<h)ha89kx{`<B&0Ls13_kVI2OwCu<1U5N;!W~yu
z2b;-=c@CB&`Y+<>oid`U6RMmVo)&?EA9NYaDtvef7rXd>=`UERAAJ4kEUt3X4iGu_
ze&OxG7((GKw6O)qe3Cr4qjoc!Wz>Z-;K6<Ei^tR7@pgx9T|wLnf5t?=kQJE>Hrqu?
z^e-k(e}OSySj?tn>w1Zln`C`~=uD|Tbr61HHvaHYACs7sp$A)saVQ(jqhG&DQLanX
za|6#$t#YNRtG_?(PTh2SpdhCRkTlrnm6XSQHQuY5$qB{@Z$$0|Da_6M2%sLL*x()-
z8aQn$T=Lm{v($l_1sd&ywCTq`rKo=kM;F_z!_S`CJsA=RAv9@HxM1o6jnMOqzNMw-
zd+p!!-h+JQzgY0WD%t%N$DQ+E$Ze4}9x<ndogb};K8vIbZTQz)J8G2mREA-G|K+bs
zt#gm_4$}i0Fn6cCv*aw2JM=vCyq)RSe~^whA1~^XfB(F^ehG;DpyszX`qlZ;;L>PY
z`acNgN!xkH-r4(r#()6kxW1>xF!h|Uu9ufS9&Y}Z^=Bzm)~t%ZZ%M?aq%_=;;NLy{
z{o8M4h;$ehEPLc1%aM#je8O5=d|4_T;}2Y1t0R3${?bd9)V~9{xH9<b=Gn<2>oPQz
zAY_r0lLAybS%!p?=d*{GevZlIwAOP<3l6NeJg3R&`C{}smo!nA)7~yiE=UHy!d&>x
zyT4;kls(VjnNUlTLmH8NAMNbaVMemvBWRaW&C?47i=WUIAu*_s_pCgYj3-l}<F)BV
z2L{&JC-mVURfjGmU{AEC;X!HDo8GEqjUXYNRaJ??@eM}mH^vIo?yy32)c{9Cee{o3
zIvu)}mM4W&o_(we9M)<E4@wSgTxW0x5sySP#b18cP^%vHJ4EDiFo`@sJi)l+y5Ab}
zve!V%<>~YW5`Fwbov+0pOJK}93(T|jdHQU~Ls>omYHUnhostKlXtMyn#WlGT4Z3GL
z{YSJv#`_{clg)ef($=rcgb53H9C`5|CMuTJC`L(2gSGH8Xc4+?!+SgN0vE?s8o8Jd
z7vL={u-_FS1!$MnNYE@>8%ko4;%5x`6a0|(N+<ma<ppyGt&`VYO}};CCV3HMT`uj7
zKJ^#}h{So<CLlNQt*@-h=A@`$;sE66ohstT1Z{S8<z)0iw2h(YL7y&hC=(p%V%k;~
zQ~)Xesg9~z7vVzgSAZ{;WZEY5%cU)2)tmWocfU%#K;!IyEl0T)k=JIpYUW~W0nj59
z^wVW@+lc5Zq)M0`sIzsT0T(kkQb~2Xj8T7=H|Z77m%gEot~z|XOlUoTq@-NbxKfN~
zF}EwnBik2Suey4H3NMN#&(KLKKpcwyehy|56z5YD#wqtvAW!PJ9Zs?i6y&!piURW?
z+znr~d~><!U0`Sid|Qlbj13IXn{xN6D)=K0IGIC!34{v|JPlgekJQ(0yunGP@R}AY
z1#u6hSB{<K?ISAr1CzCGrk;iUFxd>A)U7x&yYtRZx!KK0KOA?L0bnR+rD?0*n`}3W
zAX(Dw!FdQ-5O>Mb3|Nju;01jVIh#p-l#VZ_M9(sIqAabq3^xlV7*uvioW94aZPH1M
zBR2yiG5u}(15EUfkzZa+dJg6&WST)Y{G{HSumH4Lo0yQ|Qr$j+Fcibg+G;2lR+2fk
zeGi)u-rsWL4tgJ$$#O&D*kTF&5;0MqAhZP!UwA(XFiBZ!(_B9n;YfRFf(9@Yx@vBM
z<yzNM-_aRaHjT~dkxFk?hYbuFF_Aih;Rs=#{G6QSR}-uWL%sA<VP9u6xt3D7RW0Q*
z9zwasA=-~n#qupdMt(t6+6jCW13l{H_7MaQ_xTcVS}WLeY)f6J$;0kuOKTdb>cwrp
z8?ipLu@%4X?jY!$HiCG|qq=W{`gDD5d4LuZ4VhsMVFjnHH&5egKL=M<IY^Bq8{0=I
zA3ih^BT*0i<!DKuP>&#`!=k-o*|eFXx*78@w%$?=#3phWV>&_uJvv?erDP-IB+A>F
z5Vg1%@B)Li3oP>jb`#`u7gK87^p#@(Q8D|I70JinEC)|OLvc6e$jswssm{|h24gpn
z>EbIbwaB_DZ_$57_se`V(_^>~qA|HF*L}I@L_&#0yS_g0)77BbMJlJEOQ_j<xcCE-
z47<Ln$)FXs9jO&gIQ19Db+9=sy-~zOyl?k*;lcOI`BXo=;NnxABEmz31&s;K&@A^8
z1k@dYnzD)D;M7J^Zh1!#F5uDZWs4EA@5X5ss*^Z9zxFzI;UgS9O2)!@=e{LSXUXf)
zs31-R;?p=r)9pVii?|Y5X*ft3d9miouTTr4lgVCVk_CTb!iC_5DjIA?Z@nGW%ZXZD
zBN!__a>$}r(b2PSFhYp5P$?ojq_GHFnZVPK9;wiK?1D+2dY^9Sjj$XfyB4dap-^v5
z`pxLUIO%B#={-Yj7D>3|0#=aL3cjL7FK?(p-Tf^>mKqazQTiK;R*E<52`Yy+N0e9K
z$UI{xe-jgBarnHV{#IVO)4@P3;%dS`&i#G>K}_%;#8He~dNnRmJCmO0Bbgv`SVV{>
z)e?AIF#3ra!JfNja}+497*d*3OU*~n3L>GMr|y0#ocF|OG<FO%>{SQ`n4m?58hquA
zgltvx%1Oeg6e^>6v>ZBF^D&$^>TnleU?hCu*{hgbt0`4~Va&X*vOwSiBpr7}9vYU=
z>l#CJniG$WAk>V5lLTVQe7%i4dFp22MDb+29i|BSEE+#X4k7z;qSQ+=dpUu4oX5D}
z!u=h1Fg;Dbc=)WNA?>yrbtVxB=ARmSFU%;-rBa1CD$TeTLJcK`v8}yVHOzg1p>mHS
z<qqYA5hzlJ>0`;3zkO08e?^cQB4vp7kp$}g(N}u>7?<sGYzs%SrW3tC85OK3a`u>`
z;ODQ^qVNGG(tE2hM8o^==Lovy5CQw8bViQ;ZwDY^Ne_^VYicldWH((S7;KN>L{R=Y
zj1tqg`Jmd}V!@XK`_7p#2fKl>KPrk1D2o7am3R=uESgde;e=W5-&ik}>F|A&&Zhik
z9e^#n&ai$)O+gGSfL}6rRaQ%Ug1lcX7xT0z@crx)DbSTuoaad3D;2@r1;cOeo8>Gv
z$_(+}A5_PhoRtHKv#So&QslSn)vLN$oc&U>vIno92*b^{HJB^liLa#IxCld^FAAHD
zO8RZc1<X4Swjsb3@%>cVUtn>ws5N!7*tg+IoFP2xB6<Y-9=0#BsP^9caP?@(ABrop
z?_?sPdGuk-I%)J(!gD73F=*Mj;c-{4-RoO6l7MsKNFrDV1RW&*IcH$CT=WI66qqPz
zk+`6_Uk)@=#gzV%9u{k#_><Ue+zM#KY8i77ri}SW_BAQ^%bFSxoYb92<p0<BuAMVn
z>A$yhR)HpTl@9W=r?pkzi@owquljU1-^LaXVf>yx)~Sc-70|(aY`423s=klST}m}K
z7a)Nk<M_-Aa;3>*4oK%p8{hCU!NH1zBeJrMDgAfBop2Uz1&f<eAEpaT9)D>mi7mJf
zL|Xp}-F+9SE9-I~zHswib7`5SQO@&sWb|Ou0LRbuIp1vnS%bDZmp2j<<6)#G3sW+T
zkrWr1jdJ8^X_{xqd=2yQ{K+zTDA?1AbX4oEuMZKhCHE;lx~`W~WJs&pI8qenERa23
zoGWZzfJy1Kl3;3#{GEHyFGOT<Xll$d=qY@W`jvjk<hH_37AM>fP5WC2(e{dpNLWj4
zPj}d&iCQ<81V16diGvy<@|ou8fwK$Dyi-P&N6wyKr@S@WB_l>QLMN^t`UO=tG%G6W
zkdVC8D8?a2$2rGk<eDBtDem9N;-4Z)9&NnosBY${CeGoXbub()c!uPR^%oA(WJ628
z?Ldi4iBn}U(`vj6^G}|mFj+cO+#qEeZnK5P5#%093uSF-(ecSHlJjpeFSE?cgcDE-
zwTt|`$y&=c)<e6;>V_4}ue%wQ4*Baq6sG<_3B&h7e5s+%^WUm>s^-hQ2-=Y8O74m5
zpF<OAiRLviFJ{fJZDA!iQiHAD)_lpE)0Rlg`9%W;-bMm*`(tz6s=n9FO7P3)4h(I&
z84$l3b_`EOd{i!#nHv;pPkz)Q1M%Yg{jD=yEKuCfm`%o~9WQ(K^4}-#?xz9IIv$%T
z{~Bcb{<&~s9FSP<wl^p(UPxa!{RasQ{b6%}znoKAwBFwiO$H^aAED3_*8SP@5D(*z
z>>bW`DR~=30=myrvX@SET0?cV&XqJG_m!fKL$kn>zxK)g2YH`TCbD#}avp56A#z#=
zm@TFkKx#R!)E_JPdxLSi>cAAh+PpNDCmFeXJU4?=m)#RGUB5Dil<rKN%U|sw2wobU
zyk8&9KAv3zM_t(stxReC4}ve;zoc5X-u|%`Tjp~Mmq*OXu(=l~!nE2NDk4(Zg;z-C
zt>x@X1%QwHr?-^SWaS@$alRqi&KHjh?_}4F|1{g#KC`SXUpL8oeamX}St{?)JMG?N
zmS_I|L3S<dzxv3~QMla`%Ti3=EEV^RP*a;!r@Wq$U#!c@Y=C?y-V;6xH!2?qviprz
zFYz8Fi9sEzFUi`ng{7>Qn41j|JjW&tuKJ(3D40k;Ffi4d`SWS#F*GWPsam6Z=BZei
zvgaTDhs_T0*S|($?!zF$h)?As4ap?giUhO`$(*w}+;<ZVv<0P;e{cyRE&aM(rpu1B
zCzHQF4W-4?ztbpl`vvzjch<3POR?8{Bh}P9l%1ymdUITkB+^#=OxfAl)_@p#Jlvx1
zPBI5sD|{~62UE?+GKWJSG{`jh|Kd67_<897K84T&5N>?m(M__w7}_ZcKF9OQrv<GI
zp8ZS5UlZ4Vc#zL>%&;{swp!a1bf+ALwuROmclaH5tlKDM%bvIGT=}=aqjUaShzkuB
z0WPZ?2wJlLb3S>0QM|o--f=RsynocRkox!EZo^jaCvK54hhIzUy;aV4wNEZ>q(yix
z4?%HmFI4l`=34hoU~mT&`DcTPnQW0uy!Fw)GlTEPosQnav?PH}365*6$UV!J2JfI?
zE3s}E&oaqIHS8qq=ZLw+oo5~$G+E4Bi`QsL9>o-*>a}Y_zKDDRVXg-8zq3%KrSGCp
zcEj|~Z6+Cq1|A*=SZ$vht6LVo2Wv79oEHu0tWcmG==fUv#;%(+q;Qp+wljG`h^VrR
zrFn#(zpt)=b%cLXd60xsu)prlA*B_XbwDm9Ue<B8laRyA*Z9}u>rfwq*{1K`^EHQr
ze~A1CN#7RyH<>X3PVD%*T9V_wP22%3BxKCHcuX<jp3pzr)iaF->eaR%GNjF0B3+Md
z44id`HrswUw-nAfcTh9i!yz)CxX!1Jjuc=2ZCir;dV55uLor5S$hX#Pekw33JpPmP
zNr>>RsMmry{X;b^a$48<0kq}z<GML-DD5m->xm-8=E4!AHvyKTr1+#FK5M;yVsh`+
zp}V%*1BtmH&E5Gs^Q9Q4W)glO^npYdSfQ3fx5%sJ)q>*M5cTgnr8!-=>F6*p5y#di
z^!(6QjB<XEBGW6sLBIz2P2GEz?aSgorA%GcPFA^|yQ*9<_v+vikj7kV?BxXVD?CGv
z3YA_Te?-<g1#?_GPt35*o8}PuYYs>qVPD)RTw}d<d2@_lhzyduyLxVPZQb7P<dvLr
zP|#4ha@AhafWF$|hrDT0aSk5=FlOf23?hrM;*Q>{)%9Ef={5s;miqs06d3Cwni8^v
z2LP{RoercbNp=XI7}8&nOw2?@$QmPqXk>CLeSj!>9_|SQ+L|zIv$R?~pjJqY2CSCv
zJXSLPr8<>wyiID)><R*IO&pPYSU~%19@DX6R1euNe!xG+1h%~2ctYvv0cJovK)qVI
z9Bj{dkffgjZi+)k_oJ)W<Tx(L&-w0pq#&F5+4qkVNH;+76ipUzkaZ`JG^t>b>pIg|
z7xY6kvsKZ6U;70oQ%vyM`*bOA`j)3jBcwQwyatuSux0~8OfS}>KFW1Q?oiZo^Lrw5
z^az@g1}mYBLgjCK^fjmXakQ&Om6Y@2CYl37DoJp6dm<B8VYbC0+U`bVWhE1y<hrVm
zaT>Qu;-X^QB&D*+*cuj-zZU&USH)@ST9<k~+Br-Wk;>;1V?v}DeqC%}@SUxAz;XEq
zGT4OI(%bV$+k}X@nKv4f<;bBgG@~}8u`{2L6V*G)qvm;g<ben_^19!H&uCV|G|8#I
zNv@Fsg@5KWQ8(|<z0<amgc*NDvW8*>3%xMZ+g|>)%<}an*3IZx7hm1tn&rZE#o})X
zT#4aPJ%4PiuSfr_K<Q9lpVTknT(1`T#5Q6{GR|}qw(w{(Gn1quspq9v`s38nyC0`|
za6imxs?Rka7m{-am5QXwQ~$GU(Q#C*B=#KEs1S1&vIx6$QZ?=Ak0?p_TdnNxYt+dD
zB7+@jyrVQ2=rG`$<B8fbXw+3BE1c-@-d(>RM4R)*7jj-dVD;vrO_imV$-|tb@I5^@
z(bE?mNf>aogwJDw>U2vb9rloNHO?Q#sSIg_a4HptP%D!Lx|WG<RZ=_UE?szbr1W}4
zW8?-ww*rHZI0sYQX8b1Yx7&_3NS;DoI>MKK8NSpODfP!M7E2EC+3hT*Rcz7*<;2z@
zxm5Xz=BP8}@;`}I{3Uc6-i+4g@^d0nF0vOK%nKmoi?hB>_^Jxc`X-jRoHM8G6$~gI
zr|zA3>|Is;Xa*Sd+7yNh{<cssQtxpbcZBtk;Xk$&ESAS)uD>|Ygc?TL1?Twa3d3@~
z<)WgFU@4F^R58oCO7{)97KLZ*s%r3I$qe?^69`8vcd?Q3H{2^UW(HJygwcfGdnrNx
zD`#e8J@W>;8UuMbG*6f)CJ1p4Yea58FQY2{0#hXHD+L#Uj5F{bjVnV*8AIujLE!?^
zw*xq)RN*6*-{=We1B(oqeF9Nj(fy$jf{a{Fs)BY*bX?|D30x9-RS}5ZQe;t9)D&41
zs-C8b_t1%k{NlSgjFt9C?TghPp7J|8JIcB2rs)D~uQAXbN(vM5l=S$-@69H+ZcJs;
zvrzciN3aMQ1|yL?fIjs^0D>Yg2SUqg*i4|r8A~4G3K82=RxFEOM9FRuPa*@T=@}or
zQXx+hLMJ1Vq>$u1p6?kT1$>)iJ1AMa9jlb#bt@99f|K$)r*FlSS!?cnP$QtaSH@_l
zg^t`&34e`>xFHLVIYwu~aFeh%pOA(HcfG?isH0Ty>zo|9MxNd~9Oq+QaXf+Op~kol
zlN-jQ*1W3acrpZp7au{k09MWUP~`5e#JL1R8YpH*0|QjpBUS2HPP9PLA4TmrKQbzz
z+fGD$n*_0TWE{@L4FklYzVlK>hDwjh%dd}-2R6dz(WD&DUlH2OqoSk2H8Y8dNFw@)
z`frR5z|;ZNIxLJC?7h?OV<R-&YmkPu6n||7lm%EI-=3oEziM7g-X>9DPP5^GfBJxq
zF{5X!B^0K%9an`<l2P7KrN2qBj*iMDO(!Rmr%|R~G$%S<$7D|X!UKaiSjb2Z=!uE$
zv-21&bnYs{Zpl-#cAN*6LpioE%yQXq-ZurQ1U%1qMM<vRN6AX5lE57Z2AKmi(wS-Z
z4FJvN?>g1>xK-fAwP?q%4VJP^G8y*b9l`X#jZNmZ&v{&Sb1-Qp#0^;)DzY3xn7OjL
zKfP+_>Ixuh;-AI{d~M<~o5AsL*-Ctg%jxin8ZfL;cj~X!1WVxda!E)XCVT{!9)o`6
zoT>o$mW0iGg@e_6Z{sUxrZ%*I{Si~Z4#1w+fqdl6jxFTocO2Olf!UTl#Em|G%M-x@
zi$3x0I~X&E#;F~!HeSYFTAn2-EeX7`qSx^fNL`~A_%$pLOrQ3_1RNrui;f--T61&D
zS6RnKqA?d^^WL)z1`GhZ2ntU7`2nfJz*FmLeb=G!Ryr1>Ip6L}nY?CV-F^45HZMym
zdE;@#o{0!!`=9-LtMLiR3q9;HC4jEk1i$TPUh}^3#s@H<J}=>|+Ixl;{a|rLcHx0(
zmV{`INFQAruyw<N?CC(7HCQgN^r2j>=K~vj({k@K!bV<T!MmpN0W48icYZuyS9u;_
z#&o?-AqGE3qf>`I;I{O4#_XF2E~PR#N#(mZZxF7oSb<zBT^y<s3>&b{*1&GxW^rrl
zx<~&^3f!UEjrTV-e&^!6xmAMS?PaMc&Z*YD&PE58=3mL8chsL+FU9APzcbNwaf;(_
z_Pb~Lpwl@%!ysL?M%`}2+?oJ5kixRmI+L57$9GB+8dCdciDG$ZXN-iVUaC5nKS{K<
z#YT4L$kf5C1|@9OIX~^679Z`HnoemEvDU$Kv^;1hb&TnoU>cs%(p0N?S=>&CVzSGh
zdBcQ;GZ|`R^M`3Rh<^df*kNy<>|x}CVXOZ4$jqnkAg?}tQSs9!B$2CFGg4dfr$05R
zdP@Nzr_5i;B{8<R7S7Qp_(9L|P+IAX(IU0;=j6lO&6eo1ULs|J?>7`s@%&h)G;!Sk
z(q&3aw3X!{iCCfxON1H4>y|$Hsl-JCTu;j7KwSSHST8E*n}NS?|BC<;9w)kAZ(WO&
zYJB=5ZjO=gz@Gjv7(~5=d*Ml1ys|v_$y{6qRlX>5v$kx^o_}<1=vCupg3zwS`jEuY
zb(xu0EoD!{bGMtt;pN|vnIEe2Q}Zwt&hQ>*P}WuyBJQ?^Y(V8`Jt`?G+M{w+g36vk
z<09C?I%E+?b-DaBMWuW<v9Ho3e)T(U5vnRm`H@>T`1>Cza8s)rDx;-@rZuctx7jNP
zwl89SH+L?yHN-sP=y+_;Hop|WO8d*YgY?b2+2+e=Fzp(8PylFqplezayU^fsH5qm;
z@eD+{nNAe`b^y|Zvf|9F<1*E;<3g}O^hpYT<XOYnd8p2|lHW_J;ZTiprNO!Lva6MZ
z#Dk6tT<97*&~-zXf39}O@Ol`fp0=5v=l|xe04Z}9pMvp2lZk9~eV1mmOdBC0{X6H?
za^2bQHx5I&&VL`QeLXjoU+W7DmNl@JKE6=$3wf<j6)s{S-rA~Eyb^f%IH=Jhh^=4-
zBJpzO^_vuSo$ft;{@B@&J3?MO=H6L-l@l4DWY>Q;wM2Vzc`a~hsAa2`ko4{GJMFb(
z*=KogO5=uDY&$8|6PH+?&Ay2!A6X?zo*<1-%N&x2HZ3PqtwhzS6)>3%xg)Zu<TJny
z!oP!#^h`j~Bp2h81!H!s&m0T4{u~C$FuyRGsaE7`30ujd$`D*}EB!8VhB4LkDiV-R
z=8~jajC5eSEZ3Zt3E8X%JjyL52a`L-3FGx!1F$Lck9~CxKhw=~D*2lB*0_JvY{j8h
zn|J5;_Sf8Iw-jO?H6^tY4Ed&t_7G~_CouWu<+(C+7@~6tLXaEauA^1xWWn#G^O&Q{
ziSxD;XMp3lnZ<&4NCnQ-+4~<KZ&lkwEUcbbD^ZmkuACZ#Ua-GC7ddz{bRM0L4{TMk
ze%YXOF{gO`9)EE0em~`+2rPV)UV_QOhPt8eAs(UZeW3{w;DwY}vI2t~5@tfhe{8c~
z8li3OjPA*vD9BpAc?-7cPdh3?_;*6-cHhkHc+G|W2a(9Kwz>TKZ{b`a6l8O#DdjX+
z@9B#){N!eaF$aF$f5cz6VI6d~-Ld6=)7&`~cdKxB6M(aV5)`gg$hu{&bad6E-Hi31
z)tC(Oa;<liy?y8A`dFX5SGNZl+ah#et3ui$GyfN0^n8(4A9sc%&%7*O7!kpER7@`%
zZhd+zZucYQTaVP+!Y3_MZtFAd^WT3Gzoz>r{wEC$8{Eb?{yNv+KF_hkeLouEww@qG
zo~8$V@OJ<D^|M%agM?^Eq^^6(a%&)d4gAX9OGXghV%AA9{uiV8{)c3SsaT^o%j2M3
z=4DcxUCIn4lrSsbdE??uW4G`1Z(jM3PS!G3+eu=DYy}1VMgOpVf<wmsRKWuZ?P(Ez
z+f^|kgy<Kg$U{><iEqr*V*Sq~^UDP#mrE1ZQaSATVfnXa*m_8JmJ<}H@rnin1wCOF
zNnLvP!QKWaAr<1_v6Z{(wGu~S-RfC9q|&@;_cz(Pa5{~gpFuHhNT{pljn*10?=e3P
z0*ib4_E9?Md&wnsEngW=n<I~U?2r7NBsX)N6O;?vi~*<dm5a!pp4gkVcz11)hx)du
z2F8w4op{n0Qpl^q8dWEwP?EmT5x6`|$}q(SkU}e*q^i*)n4(LHjd8gyD!)5c=G)Nu
zyf*z^(43Q7I`o~u26(;ZtDoG4J<0=xwcPM`6Z%yv03-u4ke{;v{4yuc1WX5bXC0ST
z#RWk3Yrz9fjWcTb#`vWN$cajR&nW<I1UuN@K$z3{?o371%khd{%K0m5OWEvQS{h)P
zA&lOc_*It&aMkpg6j&mf;>kd%uIZMhpCg{a_#g1oe8R|=2i|FpJPQ8}gljM5hQHwE
z2<I$oBj;2`3l_L#-Z;u7G?*l~J2spE*pk*{(V&Od^(dODlHZ>#4a6^n?H<0TAG#-G
zm`1rSiKR>6_mmu$s;<adGMcbRD?F+ND}UT!$bX1NwoG$s{EZs|jo@q%xY7@aB2M_y
zIdEAF<X4$g5b5Y#RdO<9fijw)oswQ*M*~PKqKtBg2b<g10_#&#{nN3<sM0)zb7MpN
zbt#i~mOe4lhRbbZT|ioJ&qs%IW=?i4`$j)Bk#$oQ@TN@2`>?>Izj&Zx+=#>=zBy{?
zN~y!WO@i3Q1;PsBw9zqomYlD2;Ex#WU4Jm{nfB5d=Ay8!ax7|@mQY?MxN>^D?N;wY
z&u@KsQfSUUWUftHD3^GA@&TrF{`wCl)8@Z9S+|rQ+=*5D$d9sPSkx{Lcu~G!!ln{d
z<5n4E%17*LOk2>qS+3;8F~ulw@7`iGiCscqsSuX@Nl{cc<mtXpPHos{!Nl;s2dHAM
zajFL!akR(#LW6=WqzqaXQ?iaXk!8(|0nHpsB}NVi{<kh@1ueDDcTNRWtv5F_;qxCv
ztIEks+><uj2Ih<J(MVGiF?fRub=g}bFs+XXek!9z^LgP)n>nxJwh}UWrzBnXR7otn
zkw@e%_m%|eDa~m#7mx<Fqle>+NFK?+q9Wd~an3_>qR-9oIM;#7B1tCISRMn%=fH!K
zGSvv3q8BvGs#UFLeNbXDw!HK$p?sc}=C0{Mqsk;7r%8C3%Vk^^=Uqo$jj%NR1$SL6
zrz|ZoL=8guH;>a{e&8*^%a+t0UpOwOn3Fb>j3FFJ8b_&3aH|lS$HiE_8o@>^yn)^+
zicj;1AY18bAfnE7UL{WDVZKhmWf0KMk!+-sX0&hELzE6*?azeHwIXSLGf5Ti!}%y*
z8Byoh4Wz1QrKvFz#W=cAw}`3hR_*L<(!g?GbM?rpVv2`qndyWEiDvq_N_gq<(<2yr
zP5J^F{nY@q9+5ypS@LEw%RW`4r>ajh0~J9pBx9tLBN_T~j64fH##OW=2u(K&^i&pP
zJrStL`lKS1`qPTYd+fPD`RbH1bdL=3!oEn4@W}`g`I;jZVFK8c5d`AXh6tn)evq6p
zLK~$}9R_Q!qYzZAuL?z~LbWlKS>EUfqUT&i;S>}$C1V;CMB!b^yh9wcZoA5Y&X{mv
zwJ~MxRZQ&W3pA2FkBf;8`2ewNWOP_v&fW76#jM5T1ey4TjViPwx~r^4#>Cq?Nwbd1
zCx_oJ)V__7QsxD=8fAzpxl1kaol6vP={oTs878{_LY$~MOyiUzpJ2yGdDa-J5@7|o
z`Gz_!EFDwEK+MGWiZ+53g-N!xoKhCr>SA#I%t<6NfeN#XS0-1gCD_BDV(J_TU!JG(
z&K*#YA=r@Dq<dlHO;|{dGDP@!IpusC(voeSgI3c!Y_&8F-sWdyG^z^k&_>&!!i9Tj
z$UzUV<d_5VZr@O4wVY7Nk(4_xf($F5BicbkD!EI>S$xB=oFti^V#<iT4xUMm=X#mi
zV}~PnXGo;A3XTEkk5ki_j)T-Jm&OJ>%@7drFX!OQ*B01aMkBR3G+9B&)zEtNxF~MF
zi<oato|>Fp3fdA;%C^aMq<8<7DBcg+=<pTh)@~6u!qz$6%+a>Z#tSpb9OPr0mzM*&
zN1SWjR^mAqjgTAbR_`orr=w<&fQYBFvr6w-nm~am-f|*>Pb4@#iAIz~`X;fISW#{u
zfP4HMtVjy(9C1xtOe`BQ{8EF1qIeUM)z0)lcCPS4bsgZ9ls@N7x<39kN~c%d!-D~=
ziKmx>INuFTkRWuw5zfj0ApXy(^)f)aE*wk<T<<!-0*7m!2aJ6u0f))OS>y#VXuG)y
z0YQR))GH;zxI4o7x%n$ff_5L{>R^WVEXmaAt@7cJD845!EIB15WYcK>P8A>^yLu#V
z+;z3T=v+u)7ASahGyQY?RmM@1U>N%~0e7qJij^`S(0c`dRM541_yWK%3U61<-AT5a
zU9i%1WBnddT?%NGJZ<oOPIGfGkKpt1=F2odBm+3mO|!OnQc>3pV0jHg=GCN3?l&BX
zqhNt1v}!D*c8D^f$(rh8e47$j6?oV_A0F?&d1PvgO+2f8TH#q$krbfFZR`u;mrJuf
zvF@lVXAheBz5BaY)bxvw5<~n_1i4Z|y)28~PjlxsKt9vwIa7taiO%)b7OnnZ#399|
z`MYQCB+L;fxr2U-@qyJWk#Rhl2P^u?SaSz6$7}V_2LkbS$<OWLWM%rNN)MOw{HEk$
zX?|r-#Fc1L=8YOUCvz;rs5R+r?T6GdOTh@}7p}A$HGCU!8Ql$BPt+@3=^CZ6^t(Sp
zRL8qM&RMx0FPR;7Lhm{{<>^T&6aJH`j3$Agk|=&aRMshhfUWd{Y)><9*uV}csjMR_
zHJ?glVSB0LN<$ibKf)5FRhytNyib=E<*1Ilxc{kC*jyIMpWmMD++1>eKaYFfyIbN=
zj>Ps_Jn^J?d)2b?7JFv|xp3bp*2`2RF1v8)yoN)*wt`FM<ztAfLryCBAZ4@^7~CG>
zJj_?;MQa5DBFzC&K4?|3n&o&A_dawII?xRk_J%C#Od2ANXHBqT!dBmZuA%b2+B&4k
zK3leKl8L1P+0vOUm7A1*a~xi=ncbwtoRw<OCA5HcV53_TCeJqLjG#npm{!e~uU~W`
zh9ffh-oWk`kxMLl`RuQxL?({Jsv8EpehS5ftKXrmabF4srSD{g%)p9SmA^FRvXz}y
znX?6+Jbiwo(2k#J?4AQ7*g;!~G1k9uXTigt0{(due|Z#?a}TaWpWmd@@<*|5PN7{S
z<Nlm%?b*;D5s(Uea|o`7^=$S=cb|%$+g!ZcN?Ge5j_>mTU9_zjnGg*J0@Ax*Yc_sE
zBb~m6L@tIJ&M6i?`IT~7*0KA>bRkp<cv9`sL)mWtpJd?jb!bbd-_a5Pl&pK~Z0{QY
zhl+g%^m8-*gM?q|IPZl<4{hT9oxJ!rdKTb6<Q#s3x<g~}EF?ss^<|mBrPhf^-+9NE
z=l5SGGeuu?*vtmM-wA5j<!%tgzf@UR-jUwD^oec!7w8e0rN|V$va(cj(D=NJKN5Ea
zs~P?f``9UGBTyT><b!K09>jjhDT=FI(63VttaY7}kJQS)F0N&<Jp2zL<@K6%?{iTu
ztwa{-YLdEmH#=kP9TvOP<2~)>FJ^z#vP!&%ZaQ#SmN9R<pMFL%5Y73*VacIgrfG{l
z)ACQX47{e9I}l>vlFn(;r|U)1MrV=#sN178U4ZUU+HZ$nteu0=(?NH04*#Bsk06q@
zX!p|o{``k#@-T9FwA8h>wh|QFQ75aeLY4kUrZvAwG2mqTBL4E)e-PskY4*X;{Gi>f
z%T<xBwybHTpt+!Q-cO&z4sSWd((j!F20q?z0y1~}Tw@``bVYVfi9LBl@%-J0d}!#M
zjdT9W^CMuI0n`kjj>!K9k?jlEwOPn<4^8|J5}(aN<<UsB9Pp`!y$$b`)DT+cK4Zf@
zy5F>Su(YA{3Cu}c=<NI+{|`bn|6{c9`S}~2!B8JC9r&y7eCFTY!9~hSkj&PzMUt^+
zWqfjF{5~1E{kaT&3!e;}H_qFwEw@_nd+lccGcs{3ojhk2-qN%_%5><+%<=)-;L$Sl
z{Kc|M;-^m+RLL9xG>z;sQiKr=#y?(X)i;H0cl&UioQ92h=GT_o8tvp$cWOWe<nIaV
z3k4FIzny%0#9vGB(X0F8DM{esaX)0<D*Z+MAEh9(Rk2R@2+{A|T(^Hx6}{uN(fT|5
zdSlz;!a~W@R$VM3(d>m!Vwks6Ok(=a_V8c7cwjX!@h+U$^|UA0PyFxyoR;}peGh{V
zJFe99glUQ<@VUv*C2zY^`uq*(KXUx~u9@dR-#FM~bK2Yq_ee<Ho#UQ4S*|FZ-;2wh
zUk>f!bXhWKvl+|E+e}0M9xR^z*lg^;^<TNmTDQ>TJV)jR{&n9Z;+Wm@|AU;Bdu6HZ
z35DW}WObbX+BEhFz4^!*9>(GSaY|>v5s@l$x=c&H&hp3r>ySH8s?IqAhme;Mr+-n$
zv$g%u)l97TJn+t1DnCHtuk9lUYj@V7-U(lpddT0<{<>WXSD-5*w&AzzMo_>S%Ub2R
zrw|ANdILD%NUytG*+p7(+Ki2Q)>TRU5OwaaU|x-NA!-BsGm~{k<n1iywHXTyZ49Mf
zNuck2dBA2`*0LW4IK|PI9h)Xo-9k~~d6V%t7w&Xn&XNBh=+b(bG9UV>?$(I`pm}h2
zPqP6fgtY_+Ft+}nQXrv9N}EB!OfI}g&#jW*Hyqk)0%ig@x%93qtL3CS6s{w;vzEIO
zqNYINFRJc@uU@9qyyoue)hpthNlGa|4-J3AI4@yJacO_@>iv8B%jaHY5jDjQf%cO7
znY9SS<nX`jcV>LmoTJ)PfE3yM<Xq2yX9DZgNap2t)nN1CBbnr7VmZrZczg9`qH<{k
z`mf4w23PKyPd3)IzhJHTMfuFbkR=IIR2gzxL<{gYA8!gv9Fg6~^s6olf}dvSSFt8d
zSbWg}pqJQy2tGdZ*VwuQS?2;4lg)t8X6hR85hZNpR7N5E8$%Kp>RzE$m0ic`-^MBX
z-R!~lS8`6%?yKp>-w)&~r5vc_kmzT=rgvzlB@WyzF4u})r@1`7dYU1rDP5B1etMQu
zFW)n4Vr@?W3RBjdn4F>3$#l$<nAb|Xdg@c0Sv9!b#mA0})e|E_yJ8L0yuFd;yrVp#
z3|`!emDVV77MUn5k{6wVJSce-7evi9eBZ>$g?4gTrkvJxCZa;+8i%|nmNr?(!PwD_
zldt?0hXMmv#I3mYweo2~Mh4sXNE-|WqObo9YlJ{WD-TdTqqZ@QGWrwDpz`-g7lfTy
zja1dJMP^@F_k$t@hNJeJfi&wK3Q~1QVWh6Fb&Q6^1qjKS81{VRD)+ay+%fh-GTS*;
za;!AcXL{*4F*QeYl=TY=vBH%$fpI~!W4|s*Hh>W>y)ArUMG*N-Z_<P~aaS$V>`1m`
zpd3y-pR1Oj!S&IY4)-#~x_Ag%K`)A08H}3|1f0hHdFB5gYK-hdnd@PzF?wu}a29rI
zEcc82vGE7#<2OE5M8{{yS^vZi5`Is;@2ytss2<I@nya~_rTW2Jh1qc#qIVZd;0<@u
zRq>Ya5n7MaVOkuZpp`2zDeSkx<lQcX0b~pn5ifK$O@S^ggj*HDl1HO%cUzF>!+((A
zToXhY3ZXqM<AOaS%5s=eMcgXl%g?l+)i)-~i?TFipl_Wx#k$^Fv>GSu26rXm;IZQn
zuMQK{N%^r`Sn_`TPsr;$wOpi+-KF4pAH9@ei;GVQV^~~a94VLIpA;CXj7kYoXTRl(
z$63E9k9*YeNCF+Jf@34ped5Q!lP$SGmMKPQvA>#yAv7qT?9@ZnK|%PAL_A)_g&xTf
z14vsj+!eRc24^~4s$ND0DAywAW3*&>x$AT@WXt=yb_}}X8h~L4KqNM|2X2>-6~B-R
zn-hr2?m5ALZ31mnx~;ynvBkAIa~g4?8ipdW8mb!{Vv%-QYC3HQD^>E`C}f1iYB@nq
zUip<4<6%E>eMP*YT~2^`WkIf-eb<KGXq3BGm7JblO~t$MU<O4;z3Ci*VhlWex=#E%
z21{;G`DOh>%bW6U0S?}u%^aRaMtQ2~|KsSq<Dvc^IDYoJIGmZCab#o_S!bLrha+T^
zk<zmFCeGPpUFHerXrOXd$j%lmBRhOU8QJ>1`~8vX%IEWW+(Y`jKCjp7`NGjfaH5gt
zpupoR{Z$F{6|1frYn14kPt;P5`VmnWieuN90HDUM*bYhxK^mA)Gkz5<#Kwrr6tYjo
z87l56h*4~wgT=#;EJOPFu3nF!*LUGUpWqhgOe!Z12>s``IC_t43w_?MW}@zd<KkRN
zD${@4+Tt@X6&$fN<UoPJ+)9M<7K%zqC^_`5HD&Z;7}MLBa_T;nq_3!?qc}a`Hz?$7
z_@%i>68(buw?1l<JTtv8hrzE;Yz+xG3SSH*jg~cfB9|5MY@&mJhw6(p5=zArNED)}
z>KIxPrRZ*Id0JlGidZ_dst$eo&;$c598-fI8<h(3jG}uVToF~NgkT_ML-j38=vK@|
zc}ju_v>P|5F`_Z6(Uc`kQAT%GV;ngQV$kGOIP1_?ioBc`#EX~=;8@;gMenRcb?3!R
z>Htg3nsUVR14TyJSEORU5)*8T!7z@JP^_%y`_K{AQGVoQaY>nk7<73|+2dhNO=awD
zM#1tDKI$`SNm4wAa-{M3K))1Ept$FS(s?lEW=V(AE98K)Q*ldCPY=N<Dl`$I4J7Qv
zck%|>p@}JQ)AJn^!^!cIqWQX9P0s!LUOdY)n)EI)MxJn#x5yFV=F)gM#66?(pFZ=N
zmVKNwEf0fFbo03BGJ4|eI0o+ElV<h4Ve={#K5)Nq9CX1CBNPVbm3o>-Hj@`pMmPXu
z5fJnAK6x8lG2`V~eyGg@mf{kdxNyl){N;{d<Gb^gvIX#i+&oFHj-&rZ()Lvo$1>#g
zQ57g2aF{&h8gR(zzFgR+NzD4^$p7?A@3m0Q_m=?H$oWhsK(ge?G?^{&vX-{UkC4UZ
zTuJq&0C>prY2bmQ3Eb^_Qxh<#456rutHhx#`W(rDYC9m(8cXN_L8K*}uiH_%z-j*i
z&_*B-si;hxwgO{ss-EYp!O^2<n}DJre{C!W3$Sk$sl*#_O+Cu-^MOL<?eE3FOx=9(
zc%sW9ndV$rHo#Uw<n}x*<T!hRb$x-0=RLifWf1qzNaJtf6(Fs<MtUs?#P!nZgL%Dx
ziE)0+dgbLlD&wB2s+8mep?e)RUOdg5&-vZ}s7w5&UTsECir=S@McW@DeB;*O;8ggi
zF4pUWyRNQ^Y0oBL4rlBCskr8P`v$A3<%V3Wa+%K!5XEC<^yz`ux5TsiwA0J%c2DiV
zgm*tS_nbM9mGUzWh%Db0d2$5B{6mi3`d*;xs#W@IZI?CqVu3-po$XMOdyJ=(45e30
zQjPo~MP|FCF^bR~PmvPEKRfCe8Rw%LSe|seMmpr1Egw*&E;6nNq4MRcmykQ_GrvpQ
z%A@RcZXYt(4&?!U&eTZ1VYmht^U5tz<Rea&9UBQmOh7w_(8B!gX*x-PCv_1vsLS@5
zdQ4+LUg5&VYbx}lbWn3?Q3dG54fcWxlWtP|ww0y1vwo_1Ua!LVqOfpRwA2>KkS|Il
zIe!}e>r}_S#Y#Svjt<1Z6r;U#$qyyT-bY2RzVwd>&BS)M!|*p3$x9LfpQ)OVw3e8z
z`wUuJePogRXxSqnmm6dkL6`$XnfXW5HmZIsD;1)2<>RzN?!unlH#cTmt$T^$ajVM&
z%w%H5{qqyrP~Xj8%wRBtCH=^hcfgSE;K?%&A$`$Bu~btjilUfdT+e)`y1w4^!)VA(
zQ%<Js!^mY(p1!Zs>4>;pwPz1&Ll{-+#KU<8*mE>q`LKsXlb-zX9g)7q`*j$vF!a1{
zzICJZg0x|ms?VL;NRP6y#U1y(J&#|JPXTrUOv|0Dd_OcexY9O#qIIbM)qC@_`p<2-
z_&;<Xi|9;aJ|_%~bPO~wI|fI3{7!rHw0r*WOsjrd<ywRq7!v<8uqC${2?QZY>*&#$
z;0_OHu%$)Lfa2J%Vtil9^S0qo;hf0i*}nE;^6(AO|5RR1p0KRT31;r?4CkCi4*Z3b
z9X{HVJG->)^<8f9<@Dm-d}Oay;KwItpZDb+ZEC!1`E%@?aq{rbck)TV!PeLP^E``<
zZ<@~i8llv74lKs`>=o7TMapa}9h_{jh}J*Z9auX}SuRqGy48f(@n75ylHUu{QgnLo
z7t%YQw@IyR7yR<Pz}iyw-1k3@1Z~%&Cj8{W_QT`rn#IpdFRH4}%JTfovVgn1xyY52
zYHLz-&%Qg^<FTz58_AW&RZ&l0p<VDy0>!Dibe{bt#xt}w-G}zlH_`nEN38{J4!%wa
z{eivrKg$un+Q>DROvS^+VZEjS9TaiYpO!){{rMs8wf|VTQK0bU?VqNrWtSH}zuBnm
zj!q^|K1w?m+<3V2b?w{N0g?8|MaN307XU<>hi^qPov9wAeBTz_mJ6&u*m@u8b$qrn
z`_Q$aA&pM?DrDJn@M-vkNUqN1!w92=-`*{U-|vcl2QkNum%umsQ~4KS`qE2tYp!jr
zwX8n2u%)d}<Ifk>jF)e|d;mZZ=_8t*u)h$^@8*J)8*ST>`X^eu25H@YA^kg#BAm?y
z&!2w%3;8|(T%)PpgU`Rd_eGd*I~VRBe=j&0A<yg==kD`F9`-ixtK~o3a-Y7JW5)%t
zrFWJ+-gx`{({Y>s`(ZwnUyBj~>fz-60*}q&op&!n)ozq9kA`+=G+O)?u8c(#wBXm`
zg&w$mVd&(fWPr@#y==ZLhJTW8@3FgWaQBe~OOjE8Xr1U@RgPWZi!WUPf1)5GB1q3s
zvGLm=5_5hqy6AjkQSVltd$Wr-bcDcndw{D!knAhsy~#r6rli_e=BtvJ6kpL(D~c}k
zmiY_Gy?W)*Z?2c3DMsMyK6APF?s1;#OxHWne%K%{WVNz(Yc0HXTz)|KzI)X3f|-du
zu}=^xzRLsk8|`Av1-a(8H)hVn?KFd6{B^S5_=2q^#61K990c`u=f6R^n5UGJimENQ
z8a+Nqs=8vS1Nb`=?<0M@W4_?39!l`YoO(06{g^699j8BXo@CDbJo7^970<%Y$r9>X
zZ1fV?N#!{o3-juNtax`_3K(CWD2m<>q&476`f>L0SfMFjKDl8qD*PcbfptjPgL^o%
z^{ZNACa;D$;UCxVhWHt^62=j_>nbz7BWLMk`igdXETk{iS9Udq>TOk}vp(~RUi0U6
znnI_V)4mJ5y!Ihg&;8w&FAdt`>#C!NBd$tT1Mf(*Fiiaku$%&1uOmQ!Q0%$Ca!7?;
zhVw@tyGjRRs#NM{q~)9#rK1OD1>m0E9xZB4{q_asWVQSW2ainvV16Mq%w2S!u&CvG
zfhse_-<)hn{huD_t#!K61LnV9t?zoJ9;k@94uZpP3VZ@tMZf$Y@G;;bC-Anin)FUA
zKo{*jz>|9JF|Qr||Dx<^SgXJvIm9_t<^0TIaRYS8kL(<PcOtoO#<14G3kqBD{2)j<
zGA#{$6aMM>9lXCT8R>r=_;1R${!PZIh%E5GPr9J`Fq2Yxq1dNw6SZD=2wv+%)Ctc(
zjb31Z<yJ8<1_WSypTBN?Rr#1VvwNvEP{n;s$`fjj^DL~YB@~8}Ce)%+NriT*%ND#M
z0P$Ew0A09S)}RB&9U`n!?1OuW5&eeszxJ~b{Lj0hjag4nkC8(!r@us#_O9)?c~s3v
zljb&)Vl%QhY|JcjFcj~r61+Vy>r}3emfV!4&MDdQp>GIrI0daq>va<qy^eksf17R}
zohp~sF*-T=1aE8a&`Pva0@~UNvb|>p59G!fmu%RViX^`#@S7T`!&<ES>GQOX#539Y
z$dpKCcc`V&QdQz*0ylfQ7WHICXnBjH6>%k=m}e}@yxMAGAllWjjajGci9|7V^I0~L
z3atk;GQ6pBWEhB6(aUad9#S=KuF&FY^iR@4|MT=Nu{0PyY1&CW+tZtSmY9P&Gfh6C
zbf1`fMO%7Es&k2PIAEsF;m%TALuGi&k6`XWmI7^cB<fnkrSZ@@;jdisp5`5#sAo<!
ziL#PcK4b1Fy9p>;h%r$5sI&SzQ0{SAxLIxuU>G<^j8JlUAs6JqL}?zS;qD9rRZeBP
zUM}SjTgt<HBN@mY(rxL2#MX%}L%N~&wv-RLJrT<@Q$TWyqHR`h5Puu$t=G&C$yQ-?
zFO9E@GoMwDWv9@YoRP5Z*9ESY#PM9wp?+sEM{?m-6clYIYpRdw+_-#ZV``Yt*vI)x
zN1`IvkIuWpm>jO)W=HMS(ef#}ga11RE4_3N)=Iy`MvAZK(am_8E#n@d@J3KJazv_$
zh7lXz+Atwia+FvX#iaQHZ3tQPCJ-r&7CW@%g|JC+QV^b~IH`UDG@k`+LFY9WiJ?TL
zn<fpU7^1OZKe6s}rL12{a$Vfv5672`2-v|sWNf50hCLSpJHLu!MA1BfjjevCVLitI
zAH5cZsLgU&r>IUEvtS{%)~FCGS4$o@eWmXE&&ZJLF$Y!VCjunIUy7bP96{v4&%-IG
z<8K`?Qk2>E5#3bLIykobQ6}80!2QCRXr${behevzf5}Y9n0b#jh!@XB24!<lDf*#A
z(~Plf%5(9;6a__$QvBXeEc$Rl0vf>xEZ-A!><u)6X!oPNq?q3rRtkjC*a;>5(Jy2T
z4YhZAtQ5kiMM%)9(HBMCP+?*0vr?yEpOB9k%`L(*cMmd4S<*BixE>OP%i@^Ggc$h<
zM2QULTV2|_FNjp9B&jfrMf<X!scFF^{4Zot&k`rXn{q#i%}JJ!i=UwuZ9e}VEGP(_
zW55>~(<200VAs(G<g6Vt2>oM<Z|98Z`JZ-E9SmuaB(wNj;B06p@{}5yXS7P_64HXx
zSAm6eSsh|@$E`Emop;rf$ej7-a14}X9qXcc8)aLyN+?^Kqz)?H)4tY#mLNbgB_k)%
z%#MsWPv`NHsMdQOkj&v#&dUoiW~367rzcLecOOk-yNj%Mi58;JaU%*pVGuzeEYPc1
zEgZ#7hir<}EK-y*U__!jS}?S-F4DN@pR)0gOhAl|q6K9#y)JP`6XL9hL3g1}SfV_g
z;o}n$8O(d%dQX)2(8r8`(|M9;v}sKvnByVq4h}>Y_6{zJoX1ui0|+tQ8Ti#SYPws5
z7``_pPcBjO`lA@6;mGCdr_>I7jFv>^6BWS4JiHoDbwMYdc~9?pT5@TEuaOk@OZXCa
z&Ef&N+lS@uI)F@mBIcEetHZi@^vtQ{L$L&I=={kO6Ry?-P+|Lz7laI#;t|8**u2(-
zB2RHdUuI&`v_U^RfIPbL0&h;l9n;OD7zHwTgIJCQJb)hd@x)?Gpn-x3O2Dt{hq6jr
zWC+LHyDS&l2SRZ0+c$=QL02q`9ai2q|E)_(-fjY((;E!XA3YpkBYPF^>Z-5~Hnnxr
zw>^^=b$$P-7wAw1pf7?V7XP6l%T*8uRFoZAN#3)_N)rQ&MqaEirZ!^9sEB@8d6q@$
zpM?iKZ!!7L!&?P^>1j@L*ckY9<<%EpKwyT2?qfd>aLl|i{W+|Qp1VG^)ByoU39FYJ
zmSD(D<maUIQ{Lmp#Zq7^Q#o~hqd5+UCB1$SngkAFe^ieEF*n&F-$T$k``YvU6z5#9
zvEBOXhuuoG%9o)pe&X$R*`^MG3hZM5aBy#v&6Z1M2~_;1FL8QK+UCuwrQ~y;DnTYl
zBi85hM~g&Oh+yjcN1|MEuJ0ZF`*%FPZJAttYlCU=*AJh2?Wr<j<IBsFt`>bKEN%vB
zksF}6o8CUI?C)RDO|x~QBgq2u4yVXp<FNc58M*#A1==GkA3)8XDxwaOh+7x9`sl<6
zB|CZ}R?RZCYZ@QLAMe?G6ua|>FI9-_s;Ap5A|L3x2GiC3AX-#9cyvumubxQ}_Q^~*
zty07r5=bWveI3RYBJhj4=%>#Si7Aox;zQ$g+cJqRH-{+h7PEeUg0gk7!!OY$1ZvgE
z?5j<=C(m8{3*o$qt0;eZU4q+HU*fzYnPl!gz##bGhm0^7hM$k-&S7y#%Du}d9&WnL
zyqhqpIBktdmsQ}-K=U!xx^u1OvnOh7ax-Fnxx1LVNi-`)-y+*pC~zi;SH5=d4M5Ts
z%Ffc0)pENoU+<L)#t`WwG`{NV0`wRoqGmp$3+lDIH1ZW2xPG_ay50^NFr711+P$@d
zaQ2fBryhPdsP{CL!r1U>zPtEB@*b*vZt1d6q;x6K9`9+9V-PI#Q87^CS*tqRbNLbJ
zdX=pIF1%(;36{<YxpXPa@WmC%qsiOdpVi+U{|eLn5+7COvmD%T`hv%zZmRMwMOr|~
zq>03@&@gAYT*296=e@MkmwzFyksk%N+D_<ZlOv%<1EIf)cHNr~e)d;CXbbqd7|k>V
z%0w4d4jR-0KkmM(2kXjN+kYVm2hO>`7dUnhTi*Slp*pg-cP6*%acTl$Y`tf|cBv1%
z42bS$s5}sh1C;nasCoVVVf04e&gZGn*fpUkzPy*8!n6htH1)4JPcI)iA720c7XqHd
zBf~~|2bRDYw+|{mh4vo@ooa>cMw-v``nt-Fax1n`3O(LcJrGR(b<(`CceC($-!y;Y
z^`h$Dk;QkFNh^<<N7@d4npg8w#b+<KNQZi4UQder>W)o!yN>b@YjJY??&&S@+IXVI
zNltU+BkjYBA>FBV4`MoadK9~Q;SR3qV#%Ha`5e)D%c$z^2fgcW0}7(~Upv0paSQR9
z3d^$xbGTEFruGA(Hm$7x`})Ufr_t)VQ|n95OEvf0U#LIu`LUcaMUj}2zwML?wuy^#
zz6X}Mek*)`O}AM(TyK@;P_`xLR3O6P_sPdIU`eex|HCReZEl{?ohU*h`yvN^OF)Nt
z{+y{zc~orv(K^i%KAUOd*f}#_3JThCQf!m^S^Tao@Ziy^R>pSF@9mT7Fio}p#3Q$T
zifb0n?2dyYB@REHwS$N1T7zvr+df2Yg11!TkJEl2rGC#Sf6?b}G5l`>ymxP^^e?>A
z${HEz56o>?+f7^h3!$11(qu{62#ZjR17MZvTwt@vg&w!Ixh_BWdE2Nf#MEu6R_@B<
z6wjSh^0|8Oo<((K1}exdb;hIy-cZpLT4A|GCA1u8I;0}$s&E$1^MJ2Y<tMcwjIOHv
z*1}WHO$5Yk@ZQw)@Cd2)srY%j<!|0I{dK;H$M+%Jc)Ch9o41vcnpuYx{CNdFJ%M#R
zbYSs{fiU3E>haUBE7@m6qql3{{Rwx$efYqZRrYQ_*l@3=Ue4+Gd2~$c_$E&T^Bq;M
z8qw2`s8VpnNTYWxUX<>2rA(z@BochG*8_(1FO%)Thtg-y%}qZlbh1U1=1f5osn~-*
z$2{9_>n_XK>XZfrRridrgCu4#OtEdp^uRhxva3*(PvX_8H&vpiRY`okU$fTb<lY;Z
zto@AGJx>k{C}^&Oz4vq?-F5en`Pp{rWbko{mcmus!mYS9tqC}LZeOj7%l6M#RTtIl
zFQ%F$Qt{^hh4^8nf9cLJyJIhT>b(MEqpF+u1ZuR``ac6I)D0pl<FZzvpuoYrMDF5O
zmI5F^FZDexF;J{J%00u$D$YI-@2^grKK}>Rwe|T15(EtU`{W-|FtE2YoIKXKXB$4K
z@4$n~$Ra~<Jcw4S7OfL2BX*f_XKP--BIIT>WBR9%rgM!alKG}2&-noyWc=PjMIm~V
zbpihgxI_t7_FX)kGcpd>w!J+b62VIl-u0l07s4}FXZ}r7SK3<Cm^M%>BqbNl=3&h|
zy>%NOh;ix-1Q<q89T9;{p=|iqS}Ouq-ajj*>`lA&yUueVd~SJe2FR9YwCY**UB_7R
z$PBf-<qJCR5=#L0pBXO)kdY}nE>ie(lj9`Nb^f5OHqdehY-Bh6AvCq3AGv$p$pcCZ
zK+De;zOIuMztIY`mgcS=U|$@^nH>lx?zeC_n3H*RUUwZQNO9}eGB39On;5{>vC(-Y
zy&vDx1@#};Cg)1L@XVymtK(GXelFO`(M2e;YqiK8t<D6deOVf)oTfx8G9#&|(wmmU
z6X`C!os<HNlCXAF2@I;Mpb|0(mSTyd{#2`dZskP<q;oaiB^Ge3z72C2KZ{BH$##AP
z&p&d_^QE<_;8)B#x^)k^d6^`O5SyNHL@!@*wYDOWeZ3MHg%iAe{0UOcAt~8#Hy%=A
zlqTYdYJ9a6nUYRc>aK43?YE@&#)0c@gHpC^za&ZA4c^D46?PB@<7%OwF39Q%?mz*s
z-IeQ+?OozFp*Q3-Z)1uPtCEo_nin~@H6*V%>Ck*vGA=sNuPD&~V0Mf{1$w=_ZdujE
zn6q17Pa|$T8DHnT_~q<Fep#2D?gWp(npB5lA?986Op3XtC#H)>euuFJjpVONy2(<(
zi>c=LMg#IOQA)qH>Ynp=(OX%X+Dhz6z0q))h}g3bv!e`qgR)4MhM^w@Q&&%js=bfd
zr=*~)NaV8a?@!3&rtHcXu{P08r!_5vTT?eYL!tL6BEK?S5>?ExqM_51r|CNv=x+i+
zJ|9(UHc9qK(W$ueNBNary7;*foNP$R01uf{?_E@%BI7!`EGx)bo?*9PTU%Se$kgCA
z*FlNftuA#Ri~(zkc?XsB$~{B9E>TJ|TB7!>Iv_Aa&9i?MoD}z~%l4$I;T2{6arhX?
z%}Liyy$Q9)W;19igE2n2{zFoF&}~<YRbw1lhvKGSH<MLklMb7>zV=HoQ-M%3#(0Tm
z?9*7jSZ+E%Y!~}alRl35s!*zo{RdXvsU&fNJ<H}}K^~fe^%%!k3X+v6?uh{$uFb?C
z?>eNUYgd5LQ*g;fKAqGSoG@IvD*V_;G?E0(^4&vF79g-uZF-h=6zx$MDb7}@7`22m
z1of-f^)ZxgRXR2<T}g=s@=DgT+%_LGkc!Z)REXi^F;7G%$1dP%9E&{rB-r4r3BL&l
zKIFqUZg&NQp$wv`D~VXAm;yK^$RitmH4FwN3X74!R+&rGro$|T%^xMX`#vVJD}T~j
z$^?^5O?;#f6B8md5RXHYQ=w<5@%BV!<YNvd-49Va97wUsxj3DfVN*oax<4fAq$&Vq
zl0%|OP~=2YS)SdG(M-sMR5G%Up^z?hQYD-kw<ai_+`+|V@)g|?7Wv#HWG<ks&7`tX
zM-e36f*=%jxs71x8R?wi7*X)g;!LYjo9{ACMu7K7q>Mn_^#P|1D~W6V)v$?Uzh#c6
z_wiEJJLfQtv5o78gJA&O>0%{HGaN&Za)O0P&Z;quSOrdKuG@gxGQ&-8;VPmkW1@TX
zJyk23p*5W$Aea$hB>#X?#C+F6$8{-A$F_}$$R>F=>B$&ha&wpwa+95eRdMCZu-q|;
z!ZDf|BM==(RlPh?jOrV>^|>1&!nFwE-ot2$USotPBiIS}u`<mH%TFAGBmJrPYM7WA
zkb_hm$e=|()*mr6`o(q8ygE{5{3t<yEHL0w=SC2h$t7&dqmnxoltxv)y?VAPY*!IF
zEy0AiX>T{y4oE&dgnaJ=>>(hcR(=O-Gk8lOOt45%#TFsH!nDjNJ8IEwDXLn`xqd}A
zOt|_4eYvVgY+96_0e#ui&oNZJjKm9BNna@z_0Z|M#Ar?Wstjcv{%&2S63$@MwI7NY
zx=m8lpAsbhv%``Xb~RW^)9W#^%nz(-Hd#KvXl-Cv4P25=kO==QT$duptec&yX$8mq
zLaYYpt3D~0*fkdn#nZFCyw=|L(-;(wQ0t(hUi*(6qDykSRukAWd(Q-ZiGSp$Upw7r
zgUyjuZDS{irMTvG83K}jI`6Kr%YM!r0gR(XPhz@Nlam-d6H}mIb2?(4b?yTwhUIS~
zhLx^}rHTHNLle)yM<4KjW3g!uARD1uRvpSu;kWND07`#5bkb2?f1cwX#y-7w4bb@G
z7plNc_cWuYZJVFXX8`r6P_iz#^U(2M&T!LBq60`Lvf5LTj&gP`z7tKUdf-VdFE)J!
zWvF?dz4(>t%U4nta|5ry0oJisaku4S&7!W?0N&&&Se+*GCk7JFNcA8Isf#P*xZTsU
zVmh}6Of{Z&vXTT&x!?=?|4zmHMf8x`^!~$u?PnHX2b+w1w2-{$xaoG}4`!?_$lPfB
zWuj~NroCfX0`({F8sA(PB-O#%1L{j|4VEzmX4D*W?_Y=n+=I7Maz2pAPzBBhbNqf<
z`wt`1scxHGTHUJ$oT|ZOfksS*#FL8hqUuy_yd(>fvMIYJ@EihpPMTypI@F^wd03`W
zreFwBi-hs6mB*_te*Jb+^;t`Gl}ELm>cja!pV3cHl4O59kGm>Eqk6txLVz1zL`~eP
zYEzRN?M-)V#5DG(W+@E#dybXTYyUATC@Teyv9A`s_Yu^M&h6Qm6qB!f&~rz`i;`h7
zQ#^!9B%<s;b~b*}!Wwk<`Ut1%dXM)8-P6@L><uV`&@wj6h&r97R~8{_=i<}*>YXTr
z_j$>fjA5B{Ug7|m(U9f3pM2=){e`T=5|Ox;ii!~7KFZL80ANva<nAf%B6YKpc<8Q3
zi=<_TAVTvRdo;AaMhT6l;*%HG&qY)5)9`sCUh_bUg&<Utqe1wJ+*BcG7y4T6yq^P-
zR_ISoio+*|l7Wyry7Xd+U8xMZnhTJjTJJqUvx^MROzY0<Eavj=sS$d7sZ}y%9SdKq
z#yg|6&{PBYb`^>bXICk`F41gA+0<TOpLTQBUoY4AI;hSS0=qGkp1j1Y${OazZ;V?m
z8tV(`PYh};HMpi;yR`3|_UCxY?!lJpen8*G&k>m3gn74##OKMM^V^N418K976MrG6
zVv)dOI(qitOffW6Zd>qIvWCQO=d8Zd)8vO54UL*5pL!*j)=%UH58r8e|Ah#$j31B8
zIMeMEk84qF7d+@+*#5rbU6cc88bD^L0Bm~X<X_1C^;3{v^bS=lKJaM0u=CV5`SkOG
z#_D;^{i)W}uSW@d4su_@%nRoa3j%v1!`|&2XeFKb9yzZ>oCkOGSNIph8~@e0{z5*q
zS%d7NTdREOO2g7GO|67wo92MPTH&b+yjOqi{Q6P9cJS`nam(zF-^By0$d<F(twj%s
zk$ugPR|RIBP17qQvMl018U_R_lrM%Xx~AR`-t#PyT320u>zy%|=$hXySdrvl<y`aU
z7}cR=;^_Ao=M}2a_Esz@B)RDx$L6222}&R3SG*Vh-@9twco47rs%fjUYkOxWB4s}Q
z53-GD8<ty^1`U3c@hkFY+VQ=!RsgfmsE{~mp5BiL^a>1(>^#0aGW)PI#yeoD_sp*D
z$M!n|mb5F`d#9Rj{<JZjs_tmX{I{@Jr0R318sc62FYIS<IB@m_h%U*$kXs<ocCZ;C
zac=A&?bl$fO5}Q^U_PCnT3h4yb4BhXD%YWi$fXF~;v$cOptGzq|I^4{-#==x{I&}+
zZ(J@us|1Jm_3O{#@#gpGvxv*TkApT`&)c5z$2P!5mE4yK>RkWZ*}m~%``z2)t>(9C
zI$qrGJjT7Dy>H#9gSX_WD=v7vE?iJC!FQ`vAAfu__8D3)8>+A=8k<4IsZMd-O4RvH
zY~Yseu$`Mbp6?ercUSF~YKXRQC%Cb~hGlL$y-T6xSvoJF+N#h8K~|03v&yaK4sUy<
z(1jdOppbPHXMSjP&2nq|-aY=AcZ0sk^0(6a`ooerM<si$vU8^Z{6cT)*!dBEOQr1B
zPF5Fsmpf0-FZUeR=h%f8cx&0%E=IR=K_{T)z)We((F$ZUxxM_V$7r|y62ZP8=o{C-
z{e72@NXO;k3)PbL`BIy#)bd>(iR#c&4R%GaCnoMHs(Jl(l)L7$rx$r1Qly5)@g=K~
zsgtrgJnDuus~U^!7N;`8OrvxeS7nAId&jO^!K$jUo{cT*JzMxu<gu}gmFD&2n|%Dy
ze#9oww-@GYaa~k3$jUx*t>{rB2hGettdp^4|LU+^K+%{pv293c-Mw)pkAqLR7p3gM
z=h60g+AnaMp&HC+oSH(bsuTC24dWpIj>o(_A`5=XdcvNqatBb}RkayC7bU!4?GwFv
zfFpmqxM!_G+%7lIvpA+OmtA^6^tYL)X?-xfQuI@8Y?Jx=+H-%?hKDErcz~N!l>cYk
za|y7L?%9q^mnsne_x=1!kvEdyJoC&@@s~Ccb9_dbAU8OmFb&qFvl^fMJLmCZ@&v#O
zhIU4*RZpnZN=$a>|AS)i+ydbH(wP$RxBt8)a#s@wFUs^mKy)xcfu#eiJ!G}`gLIg3
zh~hrV(ASl4cT!;*UkehC;o~lStyY`tEOUUsNaG;>Lc#aa#6OneD^=byM_uxbR4~dG
z;F9A94x3+pRT_{#PP49q>eN?&RV=c*f_sJy6gLJl(B5Z;fZ1Q@ZoOXYJso#R^~;!k
zZ83RL>UrWm1)=KJtUdA8tYOFuS2h0<b&AXBK=yUm3O$ZMCmn^kwoK^S6rd+piZ2m*
zjA|vhwA0o7>~$MEsZCZZFPO*}*H82{2p9{`c#9BA``B%5#EE@vkE|`DGN>zn(PVnD
z8h(4}eO1y-cNUySX~wo_UE$R_mWr7J?iLy(lC~C-#YouKNz^g9jtBE;@2jQumA+i$
z;^?BdD#9B?fQ)dMp}p7qvaj>SzOTkD4Y3v)x<SmsMnASF-a~REsSpRo-|M`QzwcCl
z(G{PZ#1#&5I6D214$JTo^(3+jDX=<4TAQ(UWC~rZAbK)RJTberXk{X@P8Q*ylTtMP
zSRe&?nvHaW4wM-yB&cURg~*Lj9FX{XoeVF&2^+2SQmP={bgFoBuM~GyA-0E+A2y_m
zE3?qs8ROwkxVu_rp`EisZ^dT!A_Fd<<ZmA>OLv5@_O-IU%SFEAi{k7!RUdk>W`nwP
zv!r$WM^-6E`@jltn+%zIWI2#3>X=KguJ$qB>&z4CXukZWxFqhOH<*3?Rtz7SMxbnk
z;H(|hl8tF*4u?_D;e~#!U@dw#t1LFLs#<V)CS?aW<dzac0&6!qewQGwr$q;F?nR0Z
z??}e;Vx+3P-Pze3NuE|n&V&^h|1?Q#_6U)4LBIfGODQ3|OS&0ln`Wf<=bwHwv(U|c
zVR2_A4Xz`M%dfPyOkJ)iaU3$xvp>h6i_Yg^6vQ#uk156GW?exUaGeHS5ITip<UTEl
zN2^4$Nmt~>Wh7%gtYL4A=&3vD<!*>n$=IVM?cA0`TsraedW~-mgxDNUMg=f>mx2gg
zUV}S+JmGMu)CV_{>o%FLW6-d>*BB+QJRjA$!8<~u#2l}z%>*!d!a}nu!ii4?O6ka}
z(-_!<Cn0VG2W{y{y;_nc?I1#&u+Uafqm7DDxsAHWGDJ=EeDegIoBJE3GxQ57)-J-M
z4gG*Hqz$HFXKx(o7kQR=xw_n9-~>bAXp~LsxV3I=(vc0}^p2pHpr%V`!aZ(GA~G9J
z#EpUcDgw+yyF{W(*cjMF5iV@wrg4*^tm>l-kV&MR$ofUu<!OyE%M)X|ssU7NnFOp%
z_jf9nCDzTDqW@H<6lGe{e+vUEUi727kn#liv?OleE2j*cZI$|U5y;`?HX(wCp1^D@
z3<3qjC<$n7eU2uai7M6)mPew!rh9_HC<GIqHUEke*1y+66!u71hzaDkoq;m+I**~W
z73WHxP3LLT9b>4<N3Sh7P$oqQrSUo<eLi}=7x6wIKI6{Swil)rjen}ZDgajG_$TM0
zhAvxT{er87s1lX4p?v#SiB$i5ra>(Ng7?&4n?_lIkdsZ(!McKD=X;_jZEDTMeB~0H
zwX?B_BFLrvIxa>XyV$`_Io?fET7;8gUBIeFc;V#pEzqWH8`^I0H#54dn^IBNDroGW
z`oS+@N!TL}c6h^{Ho|!>s-3Hjk>;^yNvc3yQj~|=m~;tR%U}VgA|fSA;2;syRV~mt
ztnO4I%D6rq4hj@MB)2%`PF!E{C{iL>I04RdxNApoh7}e`ldAHWL>vDL;nK6YYx6OJ
z``)fSJriXT;qmH52Yp;E3160$Z-xZZa17~DTc=if)Hb_joa^*+m=B134n2Dzjnx=R
zmK!3~X?qrw`^e2ZVo<dgzhd@jZ`TlG6Yzxj=?iaQzRV?obWh|%qswK1J(W6dB9+(L
zejT3}HG<=QmL5#Z2<>(}6uZRp=8m$3e2Fcngl!`;t8iCjEZy1RZhJ?Vs-$WA7Fc($
zO5hV9K>QSHzO;5FaG-%_Ls#c{YhMl!+r!7jY`jCKj>-WSzFVpLI3F_u>?_;6xqo^{
z)Xy4hLn~1O*GAf;6etIE2Kr&d;9D?AeFeh2zV0M-#p$XD=z6gZ5Y4Vt?{h0>gTP&c
z-Y+(QY(!=P4&lpb2)W!5jEH?lasb0heby7)|J!aVCgH^^ZGKPtEW}!ahSvE6zPt|J
zYM}KxYpN=3dX_SBbBBOQWI^tD%<;*)v@wgqbsJFOd;L3cXKR330qs;tmjXD$Uat&b
zfdw_pnqq8Qm4OZQZvNKUw~L@Irbs1c?P+BP#;)&5bYpsYg5836E@a+QDf1Q40~~0Q
zv6ITD^RbPyVfo-Z4!+_F3Xed#?)iMPM4eMIzI*ZLwW6HXiPP|lyiYvoGW-+(BY6+n
zd1Yd<u4x1Tt-p028#$v?r`$khzFfmu*EF;+HuQF>FR4XpSjpGrOYSAel}VoN<CNI+
z_ghtFS6@c@xvPxLl-E#J;S_oI8Kfib<MYM_#5bTmoOi56EgDnpZn8|=yhC|+Qr~^*
zU}kNS9qI$=DDobvW{et{__5B_V(|pzC9m1V2T;BFS9A7Pi|yBVF~~=CL?3mNKA`Ul
zTYoiDUs^K%ky(rEW3`0)g2W>7*U^IO(o=HR$AoK?o?F?at6saHk|?nri;T0#edtmD
zJ{0R`y1S>Hqbt(&XAMG^%P2RdR#3Ds2l&n^>&8_H0gk=R<J9{xd@1ZRiesVC4_9Q3
z&Mh)}R)|ty`wHs#d)Z}2z_a0`#0_b?r=!SC(eneeX3|K8_JwP5Qwp8nNm5bG!#{=f
z-dPk$);~X3np+RPb948IrI`H4)8}?xx)s^c(?#gK1c9(-VIa#n4~%$(x9OzsuJc5S
zK#g-=)@$`Gr+bGLqPi|L%aJw9ZakUPQB%A?#ZGrbEc$s_^_Kqd^ODoC@O-ddMh82%
zfyXVkZuHElY^rJvEYydG&jbZO67<OReKdV+9$bGY=UTMYa8l8utMy<r{GHu{hZ_U2
zsVh*O`ohJ4`)w~L|C?VaIG9zh`~7bFXyD}HvB9YwSRvCrN%*C@amIDFJT-mNHrK&D
zf7o`nAysqdCOv=}zKK0IRwYn=<Q#jd8#Meb((bHk>%@5^QWaFW!USc%OMvwH;__M2
z+4<v_ANQRNj?SO>p2UJ5Q@=u;m%h&z?cdwhT0H*Pu-W?7@yo)!sk|4e=M*3>CxW(E
zt}vh6uir~sa+X^-JY&Hhv`ot}TdhSd9=F{O`Ms~|vMAZT{F8C#FpPIMDB@bU+064|
z?}QT7G9M>_h>N{ncTb!}e1gEtb|-t((;DL~x1hlA;(Lpz#{Pj^uBU-F7wwg@pS!*w
zyEpg~N3L&P)_5x#V^C3gZ*qP^pvC)qkfyU)u$N;{&_=L&k)2$b<5#yY4+K6lGgp7^
zj0;vhyfQPeBba|8ckpsi@nq}Jx#jCg;M}j25&z8{?o^#a0q&UVHwMxeT3+ZbgqdF%
z+#cbIef(qiRN~~(xcOALAP6#T2%hCdrk}*~oSi=-fHybr)j;zj-yNqNh{kNt*q_TL
zDGhJ!H0>epBtD$<UR+z)Ena{37xG@K`i%WAg#SSEisaJa+u-04z#U9ETLP+ed23+b
z-2B_w#pbq6js51C{fMnVjjiBK^XZv=%|-Qwz(Ak7sy{MR1*#YPpFa9@{JnaA_L0W2
zI0(Ou8)X_Di|!`XM-4)MyO?r{s%qlz)C3)FA6?yWkLqofj<=;0kR1e}&`JS&@=?I>
ztey*X)^2ih>^GbIcmG9oavn#yrs_6N!ecC@PgC<YZ(-FQpM8uMTX9P|5PxC)?R<C%
zU*xt{u#DG3RSCk3gD*9-AeRk7TQF|(h|iQF>{s7)5uaYlpY1juHf4$iSFSltjnWa>
z<GF_~Os;@O<s0EQBpz*DUUZFqp&UGB|Kkcf^!Tka9fT~DLi65uW^p}1e5#%PTbM4_
zrb@Csq-3RD=HbfOMBkq|Tj=GUYbMIyg35P2X3wfqb)}EbBl6E-bE{sN?Md&taYOmk
zvYvI@*jMrV$YP#5%L>*~+Lx=B5a&&#PEho!c#~WZZ(Crp7;i1B9nf?)uU}O283Y3T
zGpT&vwC=uvH-uK=!cNmu`wX=o>?y;g(HHE2=qadEbrqXM*eSd9Tyt%S66q`x&nxU=
zy`=8wVWS^9aQJ%;KT9XCSVnZ!n4|0JHsAfnZ}5Nf0sl!MP+by`ChP_R_=>`;Z1mI$
zOQOK@KXT8F^g}K_xE)ni(bVKW#Styn4;Gje1~Z&Il`lvHPEf1@^M?Fy(Rjv3;Da(y
zEFLU9a66vkD1KC!g}3ISJGAo@xL18M*cCiE!Mn)5AFvzz&Y!J&?wK|q1sedZozrKi
zR;40SF=uhl%v0|;Djpzm{^k5y4=+}Okla6g<ZEwX=BX>)rwl|^(eD||zeVRQ*`!J4
zCBPFeuv2{%EBV~8@BkYjwKlPJw~a=rCt|T(njLW5y_YBN5d$ffz-4B4Jd~_XF4#13
z_pedwKFN?*80yj{C5Z&0vl#!g6dt}OS;0RHE>hShvnC<n@=FfCo@@5pW)9kb*%vj>
zp;q>Ia&!y2zP=F1>5)z<6|P1+3Bo-i1!_#1>gEWEXQ&lAqCeHu5VCr^9l?!x2qMAn
zGHLCSSm(v+yV`u|lj55s4n1dF6Mq-iD*kf`UDfw?DSTOU1OiX@d~$LIt^1x3gO6er
zZz`=ezF2xCJ{uKOQ^Lk;g`#O6CFMP%i(E=hz*U!uO+Wdxr++QT!qJ5D=P7Hl@OVvG
zF4nrrB_3u?k^V+1(Z+C3L_+L3(uc2x@VwbfcEDbSDy@31DuLHA1Df3WGwKL=K=|O8
zV&O;oOm#Hd?{(z9ul_atAaT4+gEdjVF6vzWQ>hP&S<UpkL|bhEBBmoxo*=ZlZEZ}~
zYAMy+N8r{a7mK2zxS177k{=ukOEqxzJx5K(iW7%fvRZk2bZX1fmZ@--l$ymH^rZ>w
zB%-9a3Jt>RK+JYjCV9*<?VS3Av%BUwdSlALL4ONO61zPhD;d5)O%mCD?vhd2;IYlp
zeT%BqlEFw6jK5Oi_EnJ?922>Aj3z!GB?NqL6uW`kOt>|rE{c(2qby=IgxEjLQW4Ec
z&%9>^_gXJ1XNpPOMQV4E&xobcN;Ed;OSCmnHyV~I5KOLJcStnYJ#GwxSA6NcA!50h
zQC_Sik&R_i92*_WiJ1^LoJYwU3or^H_7$0oA1A2&*3)^P&BiEgd5xGr_dE(UV{r5R
zV`^z#RX<o%MCAhklF;w><&)_8eF1Gs8fqqCqT!=MA@zc`EOR|r^1Tct3x5jFiD_Yy
zc{yHFilF;0z6H(}V?u~}mE=hfOaA@X%pm3t_F2m)PACCSZ^(TVEkz&dR4^KSS$P||
z>4NQl{$L?SQ$pOOqN<D2ANK4!Mvr>D52h<p79*@n*IE<9&gBNHeR-+G=7AgKLpn&G
z{<X(SOf3^SxHLtKJXJGz<cOzV+9644W=kRFjLOj_oHA~<YP5Axqa$-MoI)uWjLZ#3
zxYkc4(j8W|U_gg==|*7<pPMmC8N?H*U%TJ96LS?uB@=F8Sb`9${)UbFa)iN9JK+(S
zdXaRGb|Th<A;(&0Nsj~ahDMqd^p<{?pre^FB2E^5ht^6u?l0UY=p}AwVlObkE%|5f
zN(s&PX*2z)t!kaHq{4rt_I(bg)YY&+=d$Qgmc+XYsSQm~ih=GBP<w=^DD*YjN)&t<
zqqk&%yp>^Mtxe-1H%2+Eig=|oCqt6r_8?$eM^sHp`W2N?=kU?mOjxBW$N)l&A}31Q
za6P7(gPO{akw$lnLk5mix|dX<T@!|8klw9(!cg;`emUx1vyi)!vV{wK@|#<fbF-->
zX^QqD6kUj>=r3VoruTm9y?+7qLYbR{O*p8;GBVKRU`clY)3IHF!j+S#tq_p!2SK{J
zBd(-zP?xgUm#|-Qu!KWhw9=?8p4CP7LtZUgM$ta0M+ke`meAg&BS<0HQ4~dI&+l_k
z{@k;G0ff|VT`K1cWI75*1?H0Bp%F1O0|x!t{QW2hbuGPUhOHFU@3}q+DFpkJ5)xn?
zlh;cU@Gx<HO1UvJI%H{$P}~TU5NCh{0hfLUkGL75qEG^{E6lJ+z*vTOV&lMfQXIZ?
z2k9mL2`MXSQsUisC?qh(D_LrMC=_37PlTCgN-|^F{g^sXsuM*1FNsu9y3DVzDlNqF
z!VK7}Vh(FJ9}9r;*Fo_kL&MPM8Gk)KUO#PyoDd<xXGW$Oj>j^l{OeYxX!~q}_{G`~
zK|EG{65bWPrU3?;6=C=sId2z!rS7gILksD<of=tIaPC9~V82(7L7i4zZYj&Z_-*O%
zm7S|a3-5Vr)`2dC-3so$?h;{`_kEgK&L<J4=;`xs*SIlo6`$vtN0Yb$*0V~<6fZLY
z^zYp8JWWw4FoBL!tSr0Fm)R}@;04F|w1EW@*Z_NET#;9XU<W(HpJ$>NfmUeqwYu;g
zY(d{XNE>yxI)9AEdzpcZpJSqryR!77&9ze<5c|vZu?4Skof~3$n(hCzyX6Xn`Z_SI
z`jXT@-Dt76yolq|{W}jaw$6CtLVF%^<bwM@xW`6dAvi-yc%M(C4e+mS=0vc&+x7G;
zMyH3o((C3KYlML-^2$*aL=*0*j812+=qd&iTwQ&fO1y!5YCbjnO{gJG%i4~dL)X@3
zh{o8`!wEGD^JIsG`}5?A@`c&+(Z|>d(uZN?RD=50;`JWYwkz~89fb!>;^n|=^T3Kf
z^RfQ~qIt|i%=K17?C=%CAfF-QaR3b5bdTn7-P8MRWcOd`w2Pupe%|Vfipz_QmF4G2
zH7``j-Tyti62t9IzVnkR;MXs7MrcBW5LQ_|zDhD_`mCkZ7S<!`Xag*+UJ33PFIMkB
zcgt>`YmVOyqvXqCb~&u9sIu6Y>RE{SzSkJIC_@AC7LdIX;?L!dCLK-p?zJrEQ^!W<
zmMU!4H05UqHbdKHX408^Xrm+ns_G9V6{{%Ez*Fjv3a>RwkW}JX8G9jZ7#kY{>eSKp
zcCk)oS^TXGp=Qn7aq>!yl2zgrs>uzZ-l7Y73%f#&S^m<y^57;^Tt}_0f0{l{P7oD1
z@am{2)V3ha-@e_~IQ(3lV#F7i0=uX-Tj{`Pr{bSz@1(S)X<Z2X-V;2V+Ib-d7mCDk
zj)|iL5pSMU$PjNPKsD}}Vkv%mzy|G~A0f#3>GV?%rwaly44dJ0uy?ABQ4U<8v+xP?
zN@-Jeg)vSGyG@nlHNk6@bCjH(Zfb^IBilY^PwedW0{gxBM%|+&peDJlRQOoPTiIE>
zvQ$zm<(G*Wy-x~VIpP$H?)bWv<Jm9J;s>)#lpSsU3K~vY8foSS35S)3Bc~pR^=AfW
zG>7L#de6+&qrZRc{Jar9+Iz6|b9rqbujpc1*I|)!(m+G%kDo`*-?@H-X(b&Ba(z4G
zQyVG&3sE}#eC9N=d;Qb^NGZV+mXja89w&iko!<l(i&sJ`H#Rmm-OLwGdqQrt0lUam
z{L7DpHjiIgM0G8Z-5;mJ&R-+_BL&Y0fd2MfV&41RqojeYptJguo&T?J{dahO>wa>e
zH?>Q6kb9z+_9#~9W$j4k%XaS_pGDu?a>q8`RNalOgwHZOK`q7nKoBAJ1xD_L3Y@T1
zJSYA3`8_Ka$s)aUc((Y}JxVk|w%z)+&%In8Cz<aLKZeQ{+#T2Qh<D{XzLY8FzDo{j
zb<RBg)a(3cqu~m}Oy3bi^+%B&RGv5UCbL*z0pH=yk-?7O@eRPVH#kT;u({C|`xinn
zHFfgi@HR{Qk4DkIkpEiW>bxvcY)=2kJ@K+|yG^FEdu?&pp{@4#CAg8$4nD&anLmA$
z&>Kz$UriEn^WiEZQ{j<@poR1o0%BZ6k-3pyBEh>f^B0mAq3ioSbVu!icl_|6zM7it
z(Iw8riI>qo4*5>@gJ;^lYWW_$>^O*EiC#R8U}jG^zg2Y7_DI%g|4guU`_FF|#lfN<
zLVpH+hjXdjSRVMuFW-Cam9w0oa=TIRUHepr=g(Ql8&BNA&8>(~+3LdX_Kl60z?+It
zq-egqbi<dfCE8gk7}yc9M9MMBWKC95`S?(I#jYttypVeK=a0h`3JK2p>pPH9=DU)3
z@(Nvm>Tu*nPrZ-^4SX{5_+<d<UDjKfG*%MprC}e6GW9&Bkf3K|yVaty*J`#8_zdZ|
zd=bu(-<pFLezoU{>;Cq4y^^GITMbFaHs9HDi8Oo_Yz`ODq-xLncxpYN$S&R9=T0SL
z$S!?9Ptb3X9Ln@C1j(XgWyIr+?Y-ls_L^G%*;n4Zx1+b0R@{e_s4^eBQvGRfH<-BR
z5`>u9({7x4OY85Vp|09g0k{f|<V(`_@X4X7qMI(;@2Q${YU1rw7ae(w$-{PZkX^nk
z8~tmhkZ}{lCviKqOjk<~QyZD+-31++j-hs1(i;)J=~1saN_?ICJ_B?c>{9U!4gNzf
z2vk)kFBg{&DTDRl{^@u+9DwE(mv1qbCgudD>s_!^@a3#}@~O69pMK?;9c<~GIy*R#
z&!@SHH$ZmKRmZ{rpYQamXEqm!?}W9Ay_FO!{z4+G4i9*AlYnNYpj+`KaTc=Jt?Zpu
z;7tG-K82ZYKw&KB{hK>3TpBO<$CeoB?bd(BJSR451rC1uWCAet<mT{o3W4WNCLOLF
zx=nVeW^?guip!GbXBXJ7^K1qCeQGKlzR1S`_PUk{M6hh-iLa9gy@qYQws6x|w_2m?
zX;Txq^72Y4822@<xIm5oJHts$$_d_p^1F#yFYLBr-9>fm5h_?ncN3@Yj#<%(vd?jt
z1DspAHN~4z(f7naN9&Fu8g^5L$koKS8H`vpO}4ccT?LW4$o^Rcio;rJ)`F>5S;rZT
zM~F6ZVLHek@=&a&97%Wh7E1^<&p9}fyy*F?$8Ntxp2DqNUPNWBkPs4S@Jn|OOXT5F
z-IGy478py9$Jq?|Iux;;2ogWJ8i9N|Ar*U28uwZX##&bV^G%6S0K%m)$q{O4QYVgF
z_q3u&dS49#og#+}eLqvNsXeI$_#|gq)_ZbZixvus+(UKe%y+ZXO_at4BZhAoHqiJt
zuGb!&;RwlCoC5dV89!QIT2&E*uQ3P4#ij9Xr5MvHdEJv_Ut^nL%}JRmMd}t1vV&2|
zbr_dZQ2t>|F=C}LCPtc*2<hBO^h<;fCe27Q(R-iH*)OvoAtpC4a30a?L;9qc&{k(9
zhCbHYQOY(Dk%YAaVs&DU60ZoF?{V;3EP^Uu!2->8d(|1Wr@pQC<h51Gn6A8&jb3bS
z>0Gq&D=}7v?v;kQ#|E;fY)W0VcSO<JTaMP+-?<d16&Qyldr#3sQ%^~Hn(2T&xSozl
z3_qDLum1QOsYExwl!RFR3t7OX%3v%Fg~qW$R~iK9^XN97evmPM{=ie!zmdhV3ZIa0
zc4M$^YQp0K<||7vs^SuRZj_r0OEFZJ+@E>kIaV=Jl;i4Xrd+B74A?|YMKIs!N3wg+
zi`E~KV7l%@F(MdK;8Zbqbsq}x;GHaBwLd(N{omlQ9C<&Oa<v|85=T_yJOCsE`?477
zH#~YG1Xi@wnG{V0R+tY1YcKU8W$HiHX41+OGP=E^T|oA=xM>(7^hBLe>XO%96E62w
z4dGUeb{+k&>#2p|INTyB41If?kh)O7kCywkf*~k*olaP3V_?m}!c@J978Ysx7HI1i
zXdUI}FwwS0qAW{`9n?2>j)`T>U7jUgDE&y>op9v)7+6Pl`b7WJKPdjGRFcrm-vlXc
z*Kmxm5z2sBCr@-#twf6?lou!DiGg{skRX)H3DhujE9MU5yuUVcJPyJPV^F?~HcUV&
zI(br`jG<r2L~<yxa8Td=kVy=K(~c9XEZ6DPV-S-4Xz0jqG%xo!jvj&ISBKNm?Q5Uo
z%hP74cx{2{zZrY!#IuC$M?XDxAEA=*F~lN6SBh>`DE+Y*>CZYgeb5tU|E|m*G9ZYP
z;(vsK;KR_-ig1)RA?6A<J;ihbUfAGHPX~us8G(wfEMp7>sbfHMBdV|AE+{@DRLSzL
z(`!FpkIxK32=N{gs#yE=3?szRQcm#&XoN#Qmj#+)Oxv+AU1y}95_qBfOTk34IWmSD
zs#@ZvMzZ~a5boZ-_k>+?p-+0EgfozlDySqbq-BQkWWq8VMU?t73Cop@p?tJND5)Gm
z*3rDyR*)VhyeFgtB4rJLy|`YEPT!6(tJY(XSireZk?S6_P<LT*nR;Vzu}04lwE-QP
za>|VNIC_WZDwOIN1Z18#C>>)cVo;;TMN&+%>M;F<Xi7gMbMzUp(s!K1T?pe}k6K0|
z=`feXdz!>!i%5){)^sA*a3ZP*(movBMTauANC&=(L$e*l-c{nQ>Cz+s0-~PiB=61P
zU1IJ?5nNh}JE+Lb47zkxh`f>m8Ze`E0SR=1nW;sAuuIJLjyp_a*0Vw`G>laqP-pnz
z6YFIc8FYEKr0Q|>Jl31>vZ`OKl?yELMWgVpjzgA-@oEj6xq2=3pn<bqj$^L)A4%sP
z&xHQ?|J^WJ40Fw8=C+Xg$~Buy?hG3dawqzfOGTGcGq)MJUq>}_(u{=a<kpGYNeEq4
z?rB94(S`GS_x=5uu<>Z?^?toyujebNrUw61TMJZnaLnjX8w;+5NNv`;XS)g$UYJuf
zKLAGs8&Q?*4~)T>Z!KW(g;oS~gAiC%nVfeLuQV%Qaag;4F8d{EX|NUq)0DTUI)Pt%
zhm5X<w(H&ee6KVsX=zhOkH>ndYue3NYPfmzuTh7DCzk*Kq3LPPJTBU!LVjPq=+GZ9
z1H{tUHFDpt+ZxQFYd#9gn-bYC$EM>A)q8`DL3GT#T=0|M$ko{v#ngx574qHsGs1@s
z{)xQBuIoLi22CMSvrN@OctCi)p+xW0WK&0?(CHf2e*v>k3k);4+-23(zL1xrVMhW2
zB2qNo$j-lzndgBaV*`~}Jrbq?uA%aB=n4JD$(eq3awuZY%e%sAX0@TmW9g5R2Q8Qy
zdeZ}kgGA86&EP`F)F>)!y4Vvx*nGZK1uQQI|B6C{IG28P)ro1>F+`8(M+7w=iR~G=
z4k1K&gW<nO4S#xkt##*NqQq~cdS9(XS=gS%`~!up2G&nrP?}=ZW}rq6B^DbVdadtE
zBTQ-L-6CW1MN@svCiA69a2*5sQ+vC!s+teb|3SR5hiZssFv?_%&hS5Hm^PyOJ;5_8
z+}bnOlRMYD(BwVY8HO}fp!FR&qR^DSP;)yohny$|keAA%hG!e4ZT1P7zKK+M)e(8b
z)g>&#uzNM=FGEpEh|oT6Yq6n8wwvy&iPo~x8E*KEbGnxqu_ke@M(Ea_`@<FBO4dDb
z*D!8a&;5j$N3Ynsl*YyH--jc58lN{?XZ`XWDC_r0R)ldS+@F6CJM47SD6fYe3xVu;
z*+|}u#Px)`q$GT`3p4tD;}(nd@_T+E9jO2kxcREjY@Wp0_9gVUv?!%j`o;}kj8RBa
zB1Gdq_7~?WxBrfK-}>s8c}3Fd=Q5K;o1PRA-;Mse-Ro`ZZ-;hDcRWBTM{*Yo>)sN5
zKmSPiVd;`pcWUIe)xhdviAnICf8Od{e<kl=rgwY$3rM5s-P&&1E#0NAU9sBH{QBt7
zr=h<dY5v>>GMM?-mAU^QpyD%id@Ez;A}BL_Mp^Z4jRGv2MrY#bU9tD)R(?IKsS}AX
z`Ezi%qB{Gd@YjPE0Kc$%XYR(0-QpiN(ieAjEjzBbB|Ja=^D=+u^trA3(<?PcTNbs)
zM|-vpTUo7~>Aw<r`H;|w6Cdnm*MCQjuU&eeoUr}XdDiLi`exJ0{Nj8FNN+vba^H#k
z58^pr+W7l9$i=;147m2|c-rrXqpQD|_HUnDIN0~FcU!OO!;g1*xrN2MTOTdoS#|vf
zak%to;LHB&R+!fF>l+n69ls3ie)#cdcLMCsg09S?6*mB2`1SVv&gtzMU-*OV+@SdW
zs0ZLmVmkYQJ6u8L!>;}4`uWvkl~)}9gIG=NB!FDl4aqghOI{BOEzhrSg8!ITM^8!q
z0`P6w|E-2?=gunDzx?OwVA9gzQ7etNJC`5%_@DbKo2MYgh04%|-7H$o!t<{Wq9Dc<
zx9zRo)hoA^Gjvvy3ZkTnwzNxceT<Zfh*87KO049b341LZ-@sWciPXtaeIR#=Utzl3
zP!MGJrn5;GvI2qH$1YlC-#;=Ro)?#+lG!bnXa?H!cKwIPOH@^Ibj|c9s4~X=cXi4J
zbVh}`v_4ej%v%1S2@e}0Z-M}6xmx7u1f?fL%g-}b>*Ym158UXwyrg_u;Q{hG%oNHw
z@nVCNcj}n}{PmF|)eq>bj%r<qSp0TlydPHBBhGMSD;|3Rva%Zc<(zfgM&#<k#kF0u
zxii#hA7^m+MuLL<&6ko{UbzKNqSq!mx@CF>;b{}T`S~rfg&PGr@NJC;Q`i3k47cqO
z6<Yh6N4+Q&$AW$4pHS5_u*OP*BFR(VpAolmGV4@I{#Q<b5VLCQOd1m+JI`uS`{JLJ
zT>KI18hylVHW3{Kg#X}l!CvbaPyGbcl!POwfh@Ut8;46Dxj2&?;G_#~5;6|`(5TPe
z>W}S^<PjK&d%R)k8pr5{nuWNhI+fk-9|0K6Z8kZWDkEo}ikk~>dFwAgsFfW)ctH26
z!;M%G4;i^HrBcnT=PGYSXJsT;p%8n_^QP<T7r4!u)3N=9xOuB{^Lc0fJP#cq?<0S^
z+*NY|`aj`^e1eT+M==5P_1|-%=MwJ<gIy%Uk@`;SXs|t;A1(v0?DboA7@WqgwGpx_
z7nbXej$Rb(X##t_@~H-e<+!LUMuKL6abiVHgNE-%TYpl%kBfO(>peWz@gddUrsbpx
zwY&AzGDkB}iXtapmANIB!z)v`!4fX<PqGF8xju`r?nfl88qu?M+G}U2!n$B(AYHM$
zwO6{lyX6(cJD6&4*h0z~a^<XDRHg{LB;G~~dpLhqiy42;HoCx6E7|CFJ}i8|m0Y6p
zKTdOv_FX844J9kqxk|}M>S*^;pa@COy~G{s4Z!@R&uAnGP*b`q`1B6KSg(fvyP-S*
zveh{B!vOZ-(;%mDn%*IvRz{)-1WQiv(@Mb_gXXFHjSWhVuKnj4k$B77#8mUE4fpG4
z20hlY4YH34*beY5uoGkJ>mOw*1H`Vx+y!3Hw~u!)!kBalcvX{J)XW*wlT(N;<8Ut_
zo!7%EG&6T8FRAs1m>Mw!-LghG=~$XDv}0;4{-@UdLoSi{1y30B?|#CWPWe{?Er_pY
zobKsj*GSNu2|ukec54`!Ae<3?##32h9m9Lrv%4rqtJtL<tojvjGwgvVe_sOSI`1?5
z>@Gt)ee6fGj&LbbdsyN%HjNMEvu+;_7!5|H3KC@-?%Qnz&O2Ap42cTrHW+Cu3^`#I
z2_q5AQk@>YlAo{@3Yux0+Oul$X%K;61n)9hZfU}vjq<n>2abfJ+~)AAHdL2Aw7#h@
zm;La^Z#^?%VpDEWLMjSsQnu<Tuh6Cjtg2)+_g+Yk|I<5j$-g`D(F@R7AM4_qXSJ4d
zz#VKmWvrcv6_p&Zg9=Ft^-&3>u`_N=sX!$&9%Cj)DXMy6lY$;kwO~u?+T8O+B;v6u
z-Gk)nC&FkEsL|t_2+<QCY^OYJzBV%k^xz<@H1|ITJ80~d#Ba3C>v2~T>>UNXoVfBZ
z6Pd(?lq#L55slJ1+l<<RIM&*T&aK>R<*2?qk4=4&KvME;ZHqEhf7gbEs(*6u5Q^ir
zv7`&7)Dh_(_6LyJ1@m;RMopHs2JHb;C2!Y%9}D@-&5F-XZKX5CwS;wFk7C3tM?9SW
zZDW%zUBDY6x%x~&m8))y>S@m$io{d8jT3&c@+&7@<vEQjP&e_j3SFX_&gBNtzD&7L
zR!gJ~63?5lO;#@=D3Qsw;~~ceNu|<X$zw7KXd6d9Cr4M+R!*l2QhHbN49xEu)H9`E
zpjNEc36Vv?RkJSXa0K1|=RuY`d@@;~oG8WI$1d^YA_acyu+y`zxX>I_20l?J>NWpC
zFtD@#Ftx05(rkTDFKWZkgOS${+6gnhkx6owTG`TArht^ny8#J41dlaiLm&)ft^7@y
z?X`>SG+uL)PA?UEO-ul-^KG6(w_<9=woD0}-#bV`ACW#c+e>ho=q0KtLD;#A$Z8tf
zMn8$P$9Nb=%=?QVV7FJydOFX#o56t^qnPBcZS=zo?&^id4Cy4hl=kK1_<+GM@xQmt
zm?kHh1t3?{<ScI=5z!jHysQ#)ovEYwVAnx4qnb5DAJuzBQVMfNpdU~na@QR)G2cYA
z=+Iy{EhzRs2t^2Sd0A5)m-G1YP3T+{!(N|Raxp4-FaKcx_z`W7Tvo`_9w9j<5J=Dv
z(*VR=R5(UZYq|)YXW>D<>s}x(3@hT$45L+2A?#R^f&us;1S*!;^gFhgye~6!vBO%>
zS+6scL@NZ$Z=L4*l!eXU>uPawX3L>nJF&#rF*?k5(xcn78F2`(4Q#oHo*#IDN|_?`
zV3Clto!&ZG!A~Fn-tw9ov_&B4Enpx63gjcr^2ohss8^Ob!5Zkj;?`d;U~y{SJe;qh
zeXhrHf_pJ)?N}Pimnh7c&yQN>t3$!5{eu))NsI{{GU3dj$|W&!h#KG`<luv+t->W`
zT5=2M?InE1!x3-W9#b?qMgiP7O7yi~?Z%hg(lpEj^Lg9YhYRI8Fe5Nq`Wisku9KIq
zh8CS;B5gfx{L1T<GpXR<pCAuX4XWCqMJ|Cerkv1#?^AN!|DNVlA6*JPwhXXutCuF9
zU*HZMWu4d73b{I>3ko08WeeGxr&s0IZF~Ez=Bx6gfSf;+4={2^X3;LbCk*Nnk@*LB
zMgUtacN?rTjXfQzIg~Sta(~uvH)M;bB${7&@|4Ipr7wLx;PXJ)%jxRlgWhqMXJa>%
zkXbnk`MH|5O-<$TTI=rM!_^g~?M4`IaJf<2KM}%<1kbCts{)e!@|}5hj3Z#V)f=JR
zVVR*vKfGl;^cOf=VeqJBU$&qyXww+>mWkgP1Q@%HN^O`uj0$)J^R!dZN0^^1eOeZ?
zSQRG#QQ_ie*9E`IKYzE-idL@_21li>fB%;mY#4~Et)JUcK5``Rj+jz(4Sp2oenJL&
zR1|r%+Uj@C<;slz+0l)zgL740|D4!iVHEk8PI<R}!Ax9nczFFGqr-Q&aZyn^tkP_M
zqn^I-O7}s6j=_)?(ejmC;u@tcHwjvg%;gu{>{e(Ra=fk7pNnzEEZ9gm%jjtJsG|n=
zg%t=M9Wb#GS-0W0uFfn(bQX-+WNcd@>IaDqJ)zMejjG4_JlV=7%g3q4#w~L-Wi6H3
zX$}%D|NPCF+lmO)FbzEt|NXqHk?0IbE-zl%IAKr{{h>5!-wmHA-N*Nm?0Ua^?x`G3
z@ox&T7gcw4tF6c-6^5(?iqzYb*gu~+CA;@%qbuAWf@lS#xW${^aSB%9vDfTOor=9w
zUiW^UDw!!LGmm^38o%I@U^{x`h^|BMJKW(@oKGf&*VQDp8|Oi27Il#!h<HTT#-1zK
zd&YyjqZaM~`%tNp*_!+eJD4U+o>M3om3l$Wk{yNFvUaN?dW%7+9+f?(F!r(6Ij6&-
z#G>NgH<r0)Gai2bReti<TaMxD_b;bMPbZ@4<3|72EL1S^Dtvl$e8b{6F7VLR3cZeh
zn@8Vh{}S2(S{Nj=s(&9_0YR((Ak#{3tVXWn1_{1<zhuen|Fv?h32ehQCU*!{Pd>8$
zdZqS!?9;<nzPN9?Uzz{;2>#<g$nXEH?Na_do)MWl_ywr>^xaPz|3OlA<aP~q9e1^N
z&u;r$fz!+5{~#(LIQIC|Q}cgc9A2G>yKd#J=8t|9+&$bq@;H9>-0|_>p-aET^1oV?
z_OF`+D%|>H_4EDA_iH1gr#-DdT=IPHQ?b*({2xT&<YJjzc-GF7%we5O)A0P(VV%DV
zdoSy~;R79-@ZrsSuq)HraW1yI9o6-Dh(1wWr=Vy4SAeX<Ou<YC^Y#%!O~?m1DfAe@
zuUIR@Q9Tvr2yP}@z9&z+KRfnMGquR0F!3DCK<uM#eAYgJ+krKjVz+-a1^Mq$+Fx5N
zc8)lQSRl!=?o#TcQ>@50e8t`{5)=SvIQxcb*~ZMv@2#7p(#DyZ^1{Ph^QIn&Fo}N6
z#Ix%Dfxit_hvFZ@=i?_8iYEa3K~w)j$A@Q~zScc*m9bKZnzDL6K{s!oeLXM`LOkCD
zdtikr8V1OTZ1@&yQKc1B6ACK}Txd%jRfXOcYR>0;F3)jIXTzWIqXF+%VI5nzu@EM)
zks4F)(rjYx{no~b)pD(O$xkD*Hbmi#py1I3S^nMIn=Z|JKTebygR#-kXSy+6kw7kg
zHaPc)a2Dip!b^yI-ly!ZQ<Xc_B6bX@^rn)96z`4Z7*Cby68)1~UOsiE5#P={|2y<w
zb9;~KVnTi7YGr10`6&UJI?K&5Yu04;R?{6N$2vwLl3VBrK3y}O(`p9BPDe!^>v_kI
zJk&5LngV4CF<wl7m(HMW2nPJAvUm26XrH$Svpc@#*%1%I0HE3YIF(Q<`LF9P>dy!1
zB_Kca1^W!fYDqbGAVG`2NosLm`4;_wCd(N9G52Rfz$(IpswXVmyye%Ab;%>yN|`k(
z1C1c^BuDe|t0XTe-5mj`DDzP}?>M&~*E6*}H7{PX25UL1%A0mQa-}R@O9u7{D9`V^
zsyZSm+0m@4*vWi7$h+1lW=t_1Z{eLaANfL2vnkAw-qxB-eoF2!okr-JDq2XXSrhAv
z$O{2u-7R;uf{dv6^|xsIuSC;(uL9J3nmBAxCgi|g+)$5FL>+M+J7+(Lh_8Z{5S8iA
z=G`2!w1(_llW_M|eif7B2N<ggFYLnoqgd$ZIurR^CL<Qk)XJ{-uGQNVz~jM>#EJ_S
zQF{tM>hq}m+Po5&-3dG#HyY34;eTo|okQ84T3dp1_Yiq+r)ea|@c>wu;EjUXWF5as
z%+ZJaZ3Xv&r-yhgt7bUW{~-S`n&J+c9jBi0cTmqIcy>#?e6-B*ykB%YWL$+%-I}&X
z8$bDs#Zyg|8W=m^)bcm|jIHp>Z6}<3Qv<VM|6ta6T#&MZD+#!GgP24#S3<xZ@r)`b
zqhmp3n)cnJG{xy+LWO2`dG~|H(Go`1!9TGumrI`BCB;jb)OTYH^QUb*Hg58H4#Q6N
zaFs{HM>R)-DW?$6|6LZ@lSA4*8qF&!xXfDSRzJA^mQFKNyeX~SB6CQ<<051G@l!O;
z>Z~_;OnQdivX`e5Ro=0j*HiDmM)pB}_Xs09T5>l3k}@EPIgMAr+nrzf^uikC@yta1
zb2A=lo}Yyub;<Ar1=7e}(-}XbhP)s_<>7Xg-Ta`SZ^XE_OLC~agmHu}s+%Z)7AV8$
z53t6f7^MQ0&#C&G5=%uYUa&KUCpm%*LO5=vUO03m={CALS@1q3{2|fETAstjMuj;E
zsh6)>b7Ib7vOLHsI&z4OyoJtY+V?3)0a6icY*HMllB%LX<xAZ3wy$JiY>ULntX27u
zGbDvX{aaGT0%y!HXlb<*6r`?h4Pz$bRu7npS!K&}49y*2FOX4=r#^9|<`zA#Jy9Mm
zz)5KRhB3>d2W;cz5OMC4ytG9~$zX?v0safr?s~OQEW<)kuo6>)eX-4hwkL5_E7E5;
z<%gU(>a69ecuoE`Hp8zNK`3j+`Q#N*4M%6#Bd_VpwYnqoy#n<WJ@}>r5@2%W&Ils(
zFAuWx6*)V#=dbZ90=0+8Hcso|Hu%E1YL7ieem98;XV6XjEOdJbhvvNFG9b7|4B<d)
zT|vF@sQ0Mlc@!KykIi`&1Y;A$^ums&b*lVir<D(|xB|6x2}DChJ8S#FF~b<V=te`P
zi?#YSI`ZdxJIrAUNqI^UVyBoZ1sgpJ?YfClVF;hNC4f<*VCe?yJeqGlxjmMczC$JA
z7H}$nv`FTpV<?OhQAp8?tTwj6I3nZXWj-E$g<{<>C(7W?-un3%UN|%)aHA{FMnYX$
zo`2a1??BY8LYHE(sbg7hktSDkolwL7GI)yv52Wzfdmer$fSg*cxI#q;^oz9V9)SBI
z?%u$N?-*BcWGU`6vSASEb`;aWKxl@pc&Z9EvxY}h>;yV+T^ifcWu85yAIalXQlWDg
z31nR=9`EeLys?hjYvJW|jE-~v49kL@I-Y{d)v*b1LbNj1$o4Atck=8pDnu5-POTL)
z?n24(AR-iQ%+O4F^RS&$Z%InZgVg<g<F=ar0E)O+%>`~1u9Qm>R(Q%t{-<U@!uj1S
zWI3GA>6sa)!2Io^XqP6%XJN`q95!|wIs;aWj=v(V#*LtCeufF@KEBb6_uCvNDRLFY
ziR!RxWR=%*1L|VkOq%e0Q%<gD6pd^@i@X(!@hnRo^X#-*Yc%7k{`Bue3W7GjQV}TU
z7o@8!B>xOyiT}b%{E(^P=3xV2OnSorPnq3}I6A~g9+<G@nL@{uHjIm04k%2L8w+U5
zL6LKG2_<#tk_FnwLqds%pRh-Y@q_X3t1d;5z-dfpRt-GQB-X>HO;J*)2>B_3EKJ0U
z_F<qm(u!RImp6$vqFa61A;5AFeF1bkcATRBCCRpT^@NtJ!p$@%r;zNYmEvG5^wAlY
zz^}iNHehTsKV}@@>`9Z8y<ZIR1d!yJEexA%iW{Bi+9QAQEkS=(ryp>}R*}yK${xkP
zpqkw?A{g^D2=9bN)AeG-=L%}{&adW5G~5ME2))O7nNw9|tFg-T7?bCw!<RsCsXigT
zkI4_2uRPrN5mdsLTyps=Fy9kY2W}BsC67h_-xn&@JArJ|)^;qA;70-}m(8?+a4y)V
zs8IC$WZ<e^7swm6s}w)K@ZcQ@o>EsoAMm<V$_w;J78nWOk*|i9CmHSS8{!8Z2rfe;
zZ)8=}+)a9rbGgKr2O>~ogMBxrzapO+8_}nB3SCYscE9PgrTzhfwVb1e#ep9Dm*9S{
z9qJ!|b8O(>qu9EG`=7v&M#RVctmw1P|D7ktHUN?DXMVlWu(lRlx#S<1K7J@K7@Rm}
zRuS=K3iKFDAJk}^%t2Jc&AFC^_|oe@3Ps>YM$cIdDLdEH5YodW48?k=;Ow9<Eq6|b
zc)<5zq32rE2RRwt&vS*G=#cEYustar)|nwIAF?D)`I|P>H{2{1{IGj?9K1WyB7y^s
z0iJeNsLKpm_M2L@$-^(nePyy31w8BQ=HXcrc-FOl6kCrbqe||+m~xEllzCTWD3r{L
zzS4Ch?1n4XPIW0AZsl{1f<hkBJ8B~%`SEa}*Sq}#RJ(3eY6>4=B!n4LGqsfqJNO!9
ziV5b_zv3$};OL*pq64-0J((uiN>Cj!0YaF6v+DkhO77-CLoZL__kT^w-iY}Wh#O|K
zOK87)s-&3m&Dzyc7aCkBF_&>|!o|@vMQ0>_+B!N&xuuEur1XQWLD>^ifhSusg}?Bc
z5xxn!vaw4{x&q4~v&750M>c0nVDG!Lp4pT7<vIA4v~+CPgmq^2_n&T9JNdORUTSFR
zNyu7PM9%pY`UlQ%d`J7glM2Df$}8Ntnuit^|Cj^+{z?%@tNaIfZdC!sMQ`jr+-kjS
zzCN3?`&{XEZUW6HeRX_eL1bm^-^9|n_?7wApQATpK3r1H`f*(5)ej5J!&c6J=_$Yc
z>;1<sKfxtHjnMX?o$C7;+oM08KYg*i1$6wx{rjyIzw|B;8~RpH8Vv86ZfJkEg8xj(
z7@Xhvvbuf)nC)w)`Nx0%@5Apa<_p{3e_T3#_qP|Is9t$`Mds@Wd&F|DOm8kw=tuhO
zXol1fT00zbaop2JGHd*A(pl;eAIP58uM3&MZ?h;JAu9n?{VQIrD^;3K5(K~TxVQZ>
zYLY=K>*P=Mi-j`=HMn@$%))q&R(M%|tZ4}jdTxQ|SR?22>}83l4a=y}%LnrQ*g}G+
zu%0y@!YP=W{8bhbulw`_qo8}lc<9<}=FmOaay3cM!8(&$iFFdF4kH?$AbDUshcvL-
zm~fE8a@)V9Y?yR`H}bbe{rvLaf&44(e<Nex-Qs|H^0jYovN{D`o9@5uhBr(Xpy@?}
z7`}NIbeFR-2NbC(JjdVl5f9|+;}su1>dT=_^(DORZwzy8@4W|-?3E8xCrElALRk4A
zF4D^J@3&yGRBma{p=UwGgj)0$h{6NDq+7k>^yU1$3xBv#Z_i`60t5i0?V9#=jgd8H
z|8}qgGbFUZ+CO6@i86(QU?*kgS&Uy24$M0~6Z+i>zN%^(;fe=Ic+I#T*9q^q!=JyB
z`CV^&`aQ3L06tXQ3k)!to_az8h$oi^dtC*<!boG{zPy5JPmN<$pL#&}{ziPTJpbDI
zV`lWc<!srrSwdXpUFa)9n0XI?Sxr?w*c<bUGnbfNQ3p;QEn4Rh{-TMBiZ*ptv14Gn
z#B_U^bvLslm{2QcI`>tZ;w#n`*dczQYFJi9M)u2IOR49LUls;J5_1<v2w`sDLHc%f
zdanh+2ECv~H4r2pHSqBf{T%HPyNY^l+p{V<ixNg0COzfxtIRg7wV4&*fd$Jcoj07>
zIoeA+(Y@-B>*AamI8IgeE*K+ug*xt_N|DgP-KY5Iv8gi8Tn49L3rsfbz5e}LqBVA&
z6C@Z;jfN9lk>O{hABL?_R7Mdnjbb0W)rmZBqmb??Vr+~c1OGoO9=um2%13mg4dJjx
z6w-(bkeZCvj?rKvaZ$;r9Vuvt8oL3Z#a4MmJ<i0XsE&~1qIg2S%{8=)Sn-?kWHEuW
zQtw>&T)}0si7)vA3o{}82+}}PsS=2Nf)yZszbmKD>-z1XKXalt#t)al6LDsnE+}z>
z9O9RpI4w5{Lh-0(_FOPsRtaw>hfb<VJM80n{HzWtiFaU{!b@qtA3}AJ*I@0ZZ#jHj
zNF~}V2Z%Hvj#2CgSJKca8_)R6AM#`UbO^3`#~NPXR`O>_Z-aQLE-6e1=EyY6(xS_s
z=5abq@dBw(X*;jmigqbY7uhC|4a(H{1^S#TE8IFoQ#8ys|F5EjeRNF1H`0-Smz{+a
z>IHz8g4{ZFpDHzn3x{Q7T`~pS56j3b+(pG_4tByhm^G4l7Kjm|6^AKUi<WP;3dm}H
z@^3e=!XiB&lMfY9R=T1lBG`sqf-Hj}`LQ0sqtq!FDLKkk!4jS34;?|~bd`@OT;T{$
z&*!i>RoiR}TT`A8d{A5%wVjFT#Uwz!F0*r#w<wCEd$=08>V9af+!PUvxxC|Y_jKhS
zAqk&X88f|1PfyVp*q16HXc&w*$72P_8l)?t$C~a?#5+TT&M`z!oMx(9pXTvQV+EYk
z^o0qw_AnUo_#G+o-qTW;1Je#3;)AzMumA>aA4{=~9k=y(c?qVf#-GMSX*zKfFy8Sh
zA6SihKtW1fOLb7%PGbY9M(@HXd-ccDT?Np@zTaeJBD<h>nQksaAksC8?W||-c~OjK
z$ks%?dTVBwgJiUd_{*l76!EL5HtOX0u?nnt_ySG#`3(*`byNTXoOtf4DTi*u@}p4F
zx4)70B)elck^)aW#VL7e!unO{vWPXJuJIVxcA$wxmBJGFv;{?xqP<D%tC%#5nmE6T
zCwSYDY~P0W+o7mTJE%=^Lx|f5&fx-2uB`!=$dt#U=yD$}avL=#=N)XFM~WzksZ<>&
zI!tMQgsn<$1-tM<6cc`Nl#YZ%iHA!?$&nQ4_;@wb0%Ou%`2obev(`cz6m*aO6mfME
z+y#`5lMWc;tA-`qYMkIDH-QrN&pYrll@k9Hj=+Pv(`B}A@5v$s8(%xMyiJm!RWmYR
zj$0LftanU%6VC<eU`(my6CN_>2u3Q9iXC+Pe3v-%5J%o*<y#Ot?N=a&iFb(lYK{2l
ziV<H^m_#v*Z=yy0kiZOcy}&l%FwA8+;3XrltILL=iST}7vO}m1hxSEd84Ldpa+^q7
z5W+F>jw@H_*m&C3wn|FY8Pc9WhL{c~b@wBkWI=}GYkyy_f&`+8e7vwB8jpdy;Z^is
z@bCde;=QTmPKa&x;mRU%;Sqi+X;9$uyGs<?D~Mie?Kx}R3{7;pz*UO)mviI;U+t9k
z@o=VG!2TZ%6cL#zC6G+ckQJ*SrAE;Lh?{a!0a=$k43r$C+5sB(H^v_~hjyofe~`hT
ztq^xPs&3jtKVg`PvX{0I>PugSjGB;D^6bUM!29i%QbR8Qau>l!w=t0Jk4Wy)rmF#I
zAi=g#5JS!zJtNdimnNoS!rZm0f{+~AoRnA^MF`8K4Lxs@O$-TN^unOcoH9eUa6t}f
zC_&P@>2U+c7Vt)#a)8VV+3JwjsKE~yaYC|b__CHoUOIjl%u4C6qIA8S<@cr6umFm7
zOX#HVxNUcfk|W5?3#OgvJmqfo)wZv1w%I6a3;yY=D;Pn^dKkh7)AY&Yxq9FvuUd#`
z*T1Yb@cIMXtr%F4^z2JN$CdumF^)CvnyEVolynH-_D-iu{ojCzrQQr5sLg#vtsj5~
z{_oePD~5x$Qy2T!>Y9AOmwt?5bHHL`dQys?EpV6jc5ZCk&1)!o`Swx^tEOqHs?}39
z#TV3zLt7asr#Js}i515J!>&mc>q$2~ku>fAyO<!ABX;rsboU{Hj9j3V!3P*<OKUIi
z?Pos2wN2Nk26sD<|3ON8%#hyR7w#RBd(DB)WY6uq=-ER_0MGo_wI@m%wxf{DvKP~N
zSIE4hFWwKgKT;J9xoi9U!tT|pPp5mn9-u_RTayJVgILnxE*>{d+5fZj+q&&3Aw5*`
zP5uf*AKIN)0Dj$zB}AkAY(e}DyKbGM=icS)BEg8u9#~L5U)2l6DrHs<2>P3zljOCP
zg_p83Kq%tOh}X;OE2v)&lNyJ2DF?#ORtBzt!|giS?QhHC33&N%)XJPgkDJ-P#~D)z
zBX`dyZrn}J^zj`fE*T6wG&r}SVV*LSdesCjA@;ZEQnY+dR2d0-gPSq<v?I^o$TZ|t
z*uq#AzbY8?5ckN|>+kKh3)dOSXqL-R2wwf@MFCahSBEY-R)IqMrb0G0@zAfzrb!EH
z=?mpV*#glwTarCuEa>nLiG@B_^{bV>;95l@Zm|1-Ne(0Apoi|%Y0-|c@i(y{dOA_Z
zXdaRhhHA2d@1m!NPDH31YVK=92CavGKF_7(S=x2VlR~>(yxqAMPDi_c<_=<EXLInO
z`p;CHF~j$0Nr^(_{OpJJ_wtm?=_6N<#Gh=6513BcAL=#UpBU3x`^pB@{IPGo_sb*k
zm7VXey01V>bmtYg@<q*y3$u5s=6@t+Z(N>7^+5fe)@^t`+HdmnpkqWsh-}jBn1lP(
zL{~0Lopliw^?iL_i)q;BJ8fV}t$e8!gjBrqHvgKyl%!(!v>SO{=s3MDl9Tv-_CH90
zSX@PWt+#8<lFhwEnx>@7)t4{jYwq_Q%`ljbuV#vDczL0h3=ri}5bDO6sZY^~_C0d5
zU~DWwC8HFbw7)L%x{KlYT^+r%gfK(3@Z6}XL{<6;RXwbHo<mbPoBgLmsX5RX(l6og
zFxb`CK*`Y{KY6J3cF5jNVUw{Fcc|B5>MUQD>LG>?X7WbgVy_IX9C$40HxjlKwbom7
zKQ1LtcAd>(O=a(N#vzDO{68^iLp9jZJRnUCr-L64*5Sfi7T=v3B4mfRK$A6U!Jpd#
z-qSAcuQRz@viz6(XAq7Sip?&Q25ry}2RtJFWHM%S?fx%M5g}*{cF%v&H(0)exErm|
zndO@MjD+gvnRTj~@mjxuYigc+wH2hdr$wg-X~uo=(-(Z`hd|a^+!C0xmuJq^1-Qn@
znI>cYN14j|l`5ltb*LFcz3sq6Ud440U8DC0!hO(Ti*#V`#@_1&84c5(>Z8}5$btNI
z89KB;S4j1ZW~~kSL)PFmFK^&n@6_IQ+g}oSJ3q{PF%t|5nF<A|1Bci&Bk{&7QLeM6
zZ-9aM&D>{KL(Cbj{^pO~ETm%xz)Ltq<&1ye7leU%)_p1cgey$hL;)A5-gH4(u1Hx;
z4&5e}YHf2#%0*{am@5$sdBhZtpSve2KoMnf+HbIMHsc=bnODW6SMPWX3u}m)1DzGp
z6lqMAmhS*DTxegzeTFlkh^mIxrP}Fq7LF84JD$R)by-S{wc-AQ98iI+nqjMM6r3P=
zKYZ&!%KS<cI<D?X%Xuq+_KD){ksm20y*${)!yxw?9HdejnMGb11#O~deXON~#D1~w
z-6?>l{Ho)%l<0-wO$I4Y{l{%uItfcOhlg5O%roj<ux^^StiQVk1;<Zi{)nQ*o60Vq
zti|;zjwyvy52DmaG%4%j#Z)f|hZUtL*^+p%TLDroWD;tBFA5eyO^W1;JE$G9Cnk`H
z4W-h4E|%0WT=L5))&Nj>!`BpT$&LmWBxu+{mLLTxeL&v0Miz#$DA(cWs=RD&<6&L=
zcq#X_!_fN4q%awoC?2y}Af%EEITgkG9kLv3bJ&vXQ?RBtf;s;{=Gj1<`fwi)M<2To
zRm`T=Gdg~@Rq0{05TA6W$Ehz}hQ!_DKFy_z`nd}(WeO#ouMMLjgwX=zo=`|<EmFI*
zE_z5<O-o``)jEo&9(J84U2-u_WDaBWgl%!I5U)7iH=qegL&oo=<KXBE*v6UC|9MCR
zp5ztC7Cd2P#=D;0k%BzFvCL7W3vVwoO-l|dpp~C3t0xnl50W}XkS<2|hj`Lb>tvh4
z#`QL6$P4LasE&Ub@Fyp71JHZ@d$;kKiamwLjmg)rOl;cA(%o!Eq8E;0pe<Y8fvYYV
zV>fTIVvwpCE8mD}_lwXYP6+x7s)5$YWU)aV$!lb!;H5Dwe<PJl>?i>)qj3q(PEOtY
zp}rrrc}9HI37UO$8?SO8%U24O$%8*^wJb6)WZG4E2(vYEZtCmINWp3%$#glRDMZ0>
zDQiJnrrA)oZH|MH*-x^IZ@Xu$&eu&XxXF$oPC``mAD(eKM4Go>5pAO~f<Y&fq90($
zT?tO2`#C1(Eb=9OHfu2-3WSqNP9g8rZ?`dW3AY8F5g6t~U^8H%=Gep=QiwS0=0dUc
z9=nqayDw`V<ngu=yUzQr;npe=a}4-ZYx+S(^&s{!oPgzG=jW0~JE!c91j#|}n$eDm
zxaK)K?e~vn%e#_MK6U%)ays<Acw;hF3WMEpR~8`31v}%_;WoJBx1$uNf+IIEh-C00
z!Jv(7V(oOc)=8+o2OidO{9wp{*iS9tyc=06u(?yI$dl!yJ)ZwS5h@=fl?lkaFCol8
z3o=*B?q;5>A-z??!)s!O1_fLlj?jbvCb9Qw$e(?6g*=z+oOxe9r`WQ31FbTbag1#-
zn1;+Y8;7lGiIYtZ5UYq`t#eMYDfdSAu_0%Q_jnQ$Pn&U3a*%X!TXd@^3SYg=74#k6
z<qJ#UtH#`T@K$2%`6O(vkuw*)ieP)CGi1^*v1;SuI(_aNPJfF-A;#iUkng*ED9Yqx
z7s5;u#t?V8z)5>YamaTSw@36b(4RTC9LR7w-A>?)Q!P?Yf}KXYPLcxq^x}BQ(+C*q
zz82eI@l-U|QNTsKNqv<@62z+`N}~lZ|K6fV+#_b>WV1s6pO9a6U*S*!)>B9e8)r4;
zA|$QMsex{kwjteaF`?>waEerVU9PbV9aWP|z8OHQjhXyvm)arQOxtQ~7V29TJ$+nF
za^emYdEl@*39=W@BhoPvC&I~kQO(dLHj#MSC4iW53j_IrRG1V(#1ZR#iO_D&&Hc7g
z!*OkNUr1?hp5HTTBt;mBA;xdI!pK-Igq13!^1h37vDgJl80amUkZG3>Kq-!66r<RQ
zAw=NRK4)nF-&Tml0t6nR{k2)sU1Pod_)uGCsWo17&}=&IMAmzVJg;nQRFdKX-mrlS
zszC6S#6&2jrcO3po=FFuC(|foL+g{ti)rOyVBLlZrw9bNoNoUo?y4L?Cr0rx;Mq_j
zvmBFq0hm+ns>x%Jtyq<gzW`+F*mRHnL%9i%^6s|u0y?jN`rP17d*2_^x3_!P3G_IJ
zd|T@3?-^ljgbKS*QKw`!U5mkfURgo6=0A+G=jKfq&L4r<;tz+x>R&!LPi{F@5OeTQ
z`l>6}ScD&_oiiUgNC1HiVa?imb+t+NbH0iBAfNvs@3bI;fz8|SxeRrSdbaX-n<L!y
zGRR$ANw_y^1OayN-a*B?y#bN(rlrvL$63+Fhb+&|czMZmBueHl*%ts|nX_cCIvu^#
z3`X0Vo|F>u{^v>sN2<y&m)WmAp7(Q>i0HqFg26((n1jYfv5{#f8#vkB!cmET*mFAm
zMuU|Z`U|l#KAs?i;+$d%(dp*2feAqs20`@k$rxKpOu@c3r0!wiT4ww(+Awa&ztGpm
zw`)zQQn3=f^1QZY|L|1Kd5g1`5gLE*h<?j)S^awScsckLuEKFBN}Q{jr7z6(p1l52
zNuE%9yZnsJ@Ph+h<jN*hoKlJgZNiCLS3+EAwfbQYkqq6icBiNvR+YH;DR5Z|5isTj
zwo_o{XXNW@VQ#+2%n+fE%&1mnp9E>_-H~matx&s8lYU%vS;`W{01S?vyI|iNfDV77
z5r?^KA(F-v9vF#sKY+d~hYi($(uTCqj=7v^sc^AdFaR?#Th7{y)XD5oUT~?(EEGIg
z8N!e5^Z)*@v6RI~(TU3I$a5Wb-hO++kKZZ~ul#4N_wBXt_Tx9-JV}OinA~}wtQ2=<
zb!bCA&M#yQcpc*IuTX*O@qF2L*3WBHrU$mf{RGZbf~Def^I40;#Z+)-UiBp9O{U87
z6X7)<@3=9P8>tdD#aegvL7$RdHAFqw)Ha)%OI#pIM`8&M$yy&nQ0XSuI~_irZ)3IA
zUiS^nZo2sFr@F6tT}fE@>rh$rQ#alTljhI;ZuJ56%%{FBvMmWJcjkc98VJw36_sGm
z)F?38+V>ws$z?452i5iTVQxY%|3gk`YH?g)i<{TeXlF`oovLyIh{JZ!CvnL|G3XB^
zSmvVoPmTN8ik)^xUk^n;)mdy&Oui~wUkzZ08&`TRflPk<bcTE`T_-!dLhkM%0cjw*
z<RxVQV%{)uPvI3QU===4dgORL3e??nwE%d&WWGcr8aSURZQ8%X?f5B&OMu|}^>Xst
z58zm~uCcs<481%Hw|9*}uL{-!3d*&SKX?BvV=*xRvS^;(2C8uS33^pvHQ8;w1{D9g
zs#1ZVqx}yGLb^8cZ(aRu%DLPrROG{41Yq7Lzx-oCM)@s2S9u~ph%1OO%n!4vG$3$p
zhlH0s$h1K(K@+IJcl`8`>eurH_ce<V&sw*UZ24sCZ=P{XYtp6y-*WAXt{<P_I%YoD
zE<iD5n&}!%Z}6h3Rq8Q9k9<hx*Dp;;b+=G(r#V8g5gLLF(Y<BfR3YO*iVuTgeXKln
zj2)T9Q5@qo%;p&m_dQY%mvI&4rYv44B6X+OkyrIF%_4i&+oI>_77^4*C~AqxUNz;X
zLB;LJNyTS8gRceP*ZOVkG>2`mTMwtEe6DNNXwQksbEJ~pq^%)OF4Jr9hx#UwVsDa=
z@cq|s`nvc#0D6jNFX9zMMs)u#tm%oHuRy21b|D?wVkzn2xRaN0?&biMz4&aXtfB7$
zyXN*%17jZxqEQrnrdMziA42C|AVzRF+c@^nO@2dJH5U4nN-0%19G!e8wpdCb>A;?8
z+bfDrwJH1)wo|=`W31Yg6yTg#9FFE1;;uW^rtav$2dQ0M70ZkU;rT8X9XVew>Tr7<
zTj{IR#5gI~5<Su0JtE5U&$uRzCN)x&SZg-&tJw66aXIUS!B}R~M(&uaOp8LLHZTq@
zWMXDAX|Xdb9E~<Q1#dB)LJ2=8ca>V%{X*Aj4_!d3)X;qe^e!{e@lSCc4l36kYujj8
zNV#Yo_rt)hgv$rcA&p-wrR%B*J!@bUT~R{TO^*f-q6A%z*Ri1=W1f>Il$jzsEqNEr
z;Qc{-7$zwOVVs3cT|a{<a96bE=4|Nox(bQL-<N{TzOTTV7JlFf38tZS7YdDC(FW~n
z6a~S?YEICMOd{0S+GhQ$1K0^KR&lxh$an&pm(bPa0Xfyc00yPbd?z+nV40DqpW~#f
zVJ-W5pv~mLBqJ;W@eDIAtoCAuimnWF*}Z88)i@A{SIsyaN{_16sH)+r<|FzA5GeOv
zW8rjux{9v-h_R@T#y!slHDhl^vc`iMrbO85fgqPrAKUQ%Amb=(UqP}Bi9mb=;P)jM
zH2Lvy8w&I>Q`QD;dnwO4#9jaet?z8EQT-ICg>*O-rGlH}WF=dm71E=BTWhH3zLrDQ
zViYm9YOyoCTpbSjcZi1<nYMSOi$rJ~M=<j>$ng8VlN2EyPEu50++zThT$Fyr^Qy|M
z07A{?wL1Y*N*vC-j@LZ1)~2B%F%*?L$->R7Kjq}25R=#pd;*E1t2O{7#s(g<6$<{v
z6?{AC;j7+l4ydAuww$1#=enGpi((K~i#Z2UI*wT4(7?|;^hKdaUjbnAo$+i<^cfq-
zu@R@B5BKw|kH*>w2X_%KCUI3%%1DM)*!WUvtlAdd@EeDD;YyfLsWCE`dkY~U#HR?A
zZUfv3NwFo0rpRbxO3V&|v1<3VHDc`N6I7JTqu01)jUyv7Rmr+N0f<BM--z|+<H(LG
z{RLX4hRKOqLUFC&Q>W{h#fwYy4(~^8vZ?Pk_|P~(rj~@?-7fOL%Rpag#G(`4mLP_E
z%CxwjFH-tZ1iyo}`46I3OWYBKu!|~Q<v}5r`A9Va`G6uu1iVHO8ZUON!MYeMkRr;c
zJ$QQvfk%{<BM~K<y;92AT<z&^Mb=^z2~jQl;?hrSS|=DQ^Boh`<d-}`c)W}wi&AWr
z<_D#OOL~c#VE9eX?-|9TyM<U4Or#5<_;|w$&j&&%v3APcc8H`O93dvtvSUm=oq_mB
z5$`MDq`hasM=i;sUSDm*mnh`B9cG*>nj%QyXf7M;N>-dX>jGDqgcm=S&A>eokNxXB
z9y7tA%cT*QF)%xKTaOWp{uL#>7!|RD5W0?pMW4s!irZ4}@oQ3cTk(RLwi1sJQX_lw
zjx@uw@M2-(r1Aw8V{U_(5yNFmsY9eoJs>0n3>iHjN{pEjho)hSi6Fe~3cs<M4tK{0
z>Q8x`)t-VBNp)_DU?tAS+bUBbxEy&GE+z|$Dl=Ns&5XGAxP}`V&^gk=%{X^GifM?Q
z8Z)n8(X%&=*fyd|z>*Bf&X@m{vX2vz7$EQkCoaD)=O~ypt^gp8fHe%*dzL#mE-Bw{
zE_K!*Za_}>&ux4_zZzhR+)!fPy^89TuVNlDj%@qGa$mgOrg1l<@~h?yFZ^`Jq^SRR
zWlRV2j|>}vo$&sH5HYRLt_=-Xa8(Qd%y`$obh0;N6gKs<Usfk5-BSe3zV!I**QLO*
zY?@wCBa1PkkG`CqC;agv6$aUbV*g(yx*aa;Dh6_G8f9}I@@FpDWqFNPKOc&hSNx+s
zZ~Y)F*ID{~LCwiSZTohYYS!x%DG|c5?>DH$1`X@+7bL+_3E|zsL*XAdfEtnL965ZV
zeltd~o1xKny9=ngct{idzzER1r?HOF$_VFu-4<QZ9Z}QN=O;Z{b3-dEfQ8_>7Sk>_
ztV?a>7+no636*YaS7w2kwCSFpCELnJXUu9xYAQ-B`1fnCUO1wugVXu~^MJR-bq$A;
zeamucYhO%pY_bi0W?o*=LzZs}qa5S$3mm&k)iUkQQ`ct6rY4i}lH~I^hp_=vCnTA1
zpbnU;20{uMr;U2xM?5IXzti}#nen7`+floIje+!)A;W$iqh-;bh;4$URa2eO3rA6m
zFH&$<Cv?9N-^yFrVMxHZ9e;GP@O2V&<ZqtlIkl9+?|J^?ckEE^+@|=Rz1m$ULHl-G
zkfQCs^_f{Yc8i_M(YoX&gH1QvLN5-|&}8n2(beSUbfHFC+(JP2HZQx+r0LeLR*kaM
z!<stId*Z{!H3g%hu3g}AFY|~66y6|4?cXD5M>qymHC5863I7I>VZR+wxv(cEyk|bG
z*bnus4>TdXKJ<DUaE`W*KxbICrjV$)o0TI{6A;INvGsp5Z<eJP+BO<18Uw?r{fWcu
zEb?xSp`%Ju?t)yu&=Gb*P<&#KeuT)0DN$b-)F{gYx{LAgk?e51;;stub@o1Tv1=d%
zr1Tr}jF<kvtrz}^P)gDI5eLS9blzyHXGU@)j7nw&M(%)_A2*%s&cS!x)d26NpQxCc
zzZ4F<FZ0v|H-go}3GXAKE1ynP{eesOi;5Y(6Y*>5dMn#y_*}mBcBtv8pAJcwBw=tv
zz4e#Drtq^Ua1A{8MB-_;`&&X>_5;!eYj-Hdiy7YTHui<5GuP)k0QX(^GiX{`|AG=7
z7q+x+F*%iQ_%vd9GW*(~85zxbc=Xqe;cW&W!HrIruAQ0cb33`R1nO1OcLWF*niCaD
zYdM6e!g7-zHTBuo`XrCjS<`dnk>JKXJG@xP_W9qUiG->!U%4-3%YW=c#yM95!H~h*
zA&D%jp8)>-&JhT|LXlSR?Nh+g_pS5B9N8OjDY+Pbmj@7Dj8~TB7u%_xFOwq|z)or>
zdW9!j9yu}vwBoHmM$5I?PlJS5(_sM@x3B(h<?~EaaF3*1Z1TlpxFLy0Zc_8UWZ31c
zmfR=X9|lCXOiK5o??wKCwmjyZa6DW?H>x&BwDNJSy-wf|{)Y&UDZe9~JbD^q?WaXA
zI7a76n7!3E&o<mcNHV6voH%r|^=1t*gQZOG;^wkwQ%<ADw9Q`cJQ)pNl#k9?iqG6@
zt>l3Re6GMi9Gq%*&(RjCxs>V?+J#H~C;MK=&&=Qvw9wN<DgSkcG89|fia>5x=2E3j
z_&sC5vFZT^q+m3jA#_4vh}+=8#N|d_cVd6ZsS;2-#;X$&AW%P>@sfuEX%n2ryw%bN
z7=MLvkK@?DWg1r5<8N#H9>-fF0sj7O_r^VY1v@X?6xT9dsw1zaYfvYoy82mdWu__^
z4U4Q-9&SW$UwwrR4=Km<1S74^RXsM_TSGKpfW|P{^?t^OFMeCDuUo!Tn|4-TP{Bj4
z7m*iOb+m=3#BGyp)>tmf2}FK9Gc}cPUX;f*li8V?>|w!WNP#5X@3w&-RG$>-&*mkc
z^$1MzCFX17q8ex^g!7aWPwr2OetPLk?kUMUBtYyx&aC5oekJmIlI(H&GG5dwvq+|e
zaEaVYNEI1tX)`uGZvhk8yYFMm920hd9DT_H(<47+rzCoHCLRBb(}ul;3(=&It`5p!
zjFXzoaJ2)iIBuG)X9v3HT(Uen(O`0#$p-cDDMUnN)ocK+rRpY7MS1<@OSC<5hG%z~
z+y$9ke31ON5p*qf10Wg}ufpIJC3r|{EZy|{-`Z7~gk^q}ULRlh?dymV5|p4%5z-f;
zv$xui3nBLF#&${yel9o!ZFZbong%HVIzb+%j&*EjThI<@GPPjw`J|f|%e=cy=Zi$=
zLc3&yjiUH;qTx}ta{}3hz=M|(0dHKzK*I%Jm2RwXB}`bKrxO1&mdprzC(o%hTvj<?
z^U=0@(lz)Rgn;(|wO|fy&u?*bp=VZx$VVP>Rg;yL(i<^Ut^VuM1aS@AHIU1AvdWU{
z){<`p#1)WNq%edS4(#6DBsN%9HDgw~<|$rdX|aoTnG7{|fRYYiJCITHPdz;M(ebWV
z$vt}GB*UhU_(nAgN>r+~4TuF+T__j9I+r{oA=N*r+bMRxMLEgRDB_!E$mVezCaoo>
z674zTA?TPgugcUaHQb@tsy))ia~)Kd$SDi)3YQ(4gzt}8N78A?q@{G&><=q-j3{YV
zAkTg>ho=iDujm5=87*Oc8*;a-4Zh7qY)8}9Urad(@TbMeQ~6|;u>efjizigN7p>6#
zF&uF|RLCuQf9Ecp>nIw=#i~>~SCiC;WX;>+=!bhfVjqanp$VhR6g8F$Fni+^@)UpM
zPGJo8GDO5J1KzJ~v&j#@fKk&Xkwiie9+#CBJe{CG<eNRJrm@PdE%>sOkFiOd9Md9y
zZFqS&VnDfOC@*#o72!er0;E}e7a1XAY$GyoOG-+~m!Bpi&!OaJy(Q*T@y?gfj^R>@
ztBWWNj-s6cO8`-b6!S4;QoeE+&MkoEA;sqHzdR8r0=dW$jaIjV)~^$Hb!owj+lnML
z!ALvB6e(NX6H_jj$te2a#$>F_E)PEVFQZn&qDXR%Y3|K{d;COZ>U>vJu`_R$a9E~G
zSBVYU?U_Tp=!LZGC9A`e?+73aesNMrSifbJRe{@7f%pY*04cUUPUPG&Qxm#~O(35C
z!PQ*5$jNA-uygjFV!PIcc^-A)ik(Z9#F>p1VfRp9xd`Dn6pya_pIT|3BGVAPKc%GL
zF9rq9#YTw>Hw&<SOVH^O$F6#i7T68(OVQKfaeMBSAXDD->MJ>r_vw}rXP;Aq%7~>m
z)X>sXC@ADxX0b%_?=dJu;w@&%8X1?kKyMd4Xp1ZLY!Hh9g7sFKL|#QEC%JDxb;N@r
zZ$-zV8ndtmT{wSlBB8yP(A*C{sHDIM24uU+*=Z0GoH5BuE&YL0?EB{y#UM_<FK!GM
zGG8VLq(3yKD&rhOFF}yc37($iovdXV<se70a%{Q)ldc`vCi`%azr=ScLv;e4*~wEW
zuv$5OwZ@PZKu3IN0i(bk<%Yk-4dULye`@_%{kh!&Zje!&W?;sx!VpOsH3y9>>rZqA
z0FCG;(pH*fqyNO2{}Cw1Cyv2OnO74FF45bb8XM+0GWY%g(<$v=b9K9YwR6)V7`S_K
zPy8~$r}kSueVpBJi`uWRAP?@;Pez>h8GaV5#OAAHHr(?$+Ejli4jUF0`_)xXIz346
zzDdp9sjBjR>6Tg`INKkZDT#bCd7l)~+BgHkp{Q%OGANTx4PTR@sUYKeS<|_>`7U^f
z&=|uQOFy~L=@ny;>O2|oBl^A6SrCnVqp6|$zBxMd=qVGXB!BK>ZD`V>W>5T|M@>N4
zZb@6#r_Hr2?Q7#K21M@bSrn6*n((bLFQYBh+@?HRi;B3Y5myxf29;Kop6MMe90aAX
z>hv^%!Q~kpUFZ8ctg;ue0?j{Ld)BBjErkY0q5)}rA^$xn{qI2w$%aLu0tQf@d!JF8
zz_sxNy6@~1rRic;qQtAotvDM@c$T!}X4v;7PS9%j+a1f^L4f`_8eR^+XVaN+8u9nl
z|Hsj}$1|b-e|)peW`>Q;Ei!YPCAk(+ZEU$`V=D?tM06b2ly2LInM>}mqM6$^rKrB4
zI^|Zbp-gqYl-$BO>8AVT`}_F))g!Gv_7HjP^?tpcFN52yy4m4+XCur)ech{xUyzAQ
z3IBd(r8j+EFzAIVUs8;1>pB&_L+?hbCVBD`4WICNYdL+nqI$+2-kz;y#^{Fel)Kku
ztN%os346ZiSDOZ-&%MluH0sC-`bs)vkaTf7%H*L$k}Zm@Retj@=rsB;FHKot%46Hw
zsqZ)0GIlx3ZU!Z*OYsZVGC6W+`V2>(7rm0^;5wmy>PqYD06<FlJiFkc)-`e<Oy0sB
z?jzL4hGJN4-?TSPWQcSzKPt{|+Iq~++Ww1=&9}C@iYM~4+jCyWOCs`vfL<H9Fj%F%
zN6)!@1!O<?Bemwu=KHRk^?52&0Sw^lM^qUx`VOga!OPhRc@O`H1iqegJZoB?8#nB(
zJCdNWdk3>NQ85;+oji4N>c6<n;8eQn{ZV33G%MYFUmYI-HGavD?R&H@f7?l={DT(9
zG8S=r9Mh%aGY`)kwRc~yxn}MOj%4y1N^&jiwplC*$Lr&C2ajhwfB66(4?={V8Yh01
zZoOW<lr%=oRpi~$t41gR31*QhxU*$F`RVRm3;s1tpmX0|e!X)ozF3?}adc`;Q(FWE
zAz*fWe8*Vsf035HELwYL7Aw7R%8>v*G<g6~dFZC1<hBMgA6#{#ZkU7qzkPYQvUt?|
za!&a_V6U;H3V9CLdG76zU<jo>+HdQng!55gV$v7C*62x0Hwmzq+}Tkxb#<u-JgX9C
z>-8@Nen)c0ovXn*<zzS*S21qR%|0HFibyLs4~94G)X)vaBfI36vlC^DxnMO?H{0&?
zdh|`+W>B#IIc~G^t0=))r-}nBIvrC{^|G~LQ_9^Ut@fc(eZ8dsS<aNb8A4BQ2O>~M
z(<+Bnq9JTB978v2EX~Q08z~jp$sfSi{WX|K+8!DEiJ6_4qQ1n2p70{e=NEXpJ<Q9#
zN;b|zwt0(DVzyi*T;Q54k+egWhj_cG$2f%lK~kwD`+^b2GLhB~MI`=K7W37N@Ro?8
zK0}d{6Uk&V$vf_JHi4=>6nmNQfX4o8a6J=^J;`L9-`yc;#~wc9MnpUd<8ac~O)-;x
zVxi|L!nfe9`S*C~$^A1~vLw}?1flEJ7_rt^%=#~_usOH~fpI*I0sTctSue~D+Cnq=
zPAWJfR~_k{C|ucGONyAhi?@YClv=>x6qtmwK5mJkaU-W<f|qv5q|S%kHQ|!0$KyF1
zTley@pJnQfbm*pT24c1SbZlox<?T=q;De5-+4fh~pxX*pczJ%<{WC!wmMs70L~)Nc
z!~q}ZQ?Qw-V(MH^&^I?3p_8cnzsd3>Q;?He61$O`N_xk9ZZ@+y%6hn+ew+NT2J1cL
zs#zAF=`hIaWeFwkM%^lXy>9<{ltqgD@5N1tr`%9U=`44oX(EM78W6sDXT|MFk8YuR
zGY81J+q3$zQ`%)T%>5f3Vm}9KzNX<qpQZign>cLo+uVOB0>9jwo=oVql1_+=qmuO8
zi7|%rgaE=PlHlbt(qh<iNX4rkU=f|Q!q<!;^Y3M2#RbnD%W#wFHv{A@74;O}&$<up
z%%Cxb0?|E&Gt3=a7P=;mlBI9PAQfBhP>@y`-z26Vfxi^shBwV=gvp7&8|CD%Wr?pN
zo^9{UqU|4MndRK=;(iFL!5DlrgIm)Jq$U;C^KJ!uahiofXC(?>lTLtt4JpNze4sjS
zF@{36sUb?GY2MZr@^YFP^=NfHe11l_qcMQYH?&G+X-c*?YcnuN@D&v46XVEqo9i95
zvk{)#$mI4!qA9zr#hJG{p>-Ejz;gXcsb(Sf&GuMWPZ*A=!xihqti3e~f4iCC{zod)
zZQ(tgZ4u^;^Gb^)`o5#7Ryr^})EA^R;P85QPJAwjuSER=&%RMPBdHoA(C?T0&D)5o
zF>e-Unc<U;htdHsSg0ANfXfoZ&S|ZdZiy_Fv<?bt%PFkbrjurx!!XO$F&F3s_KymJ
zbW&j*FJh!##KUy@2ehSq0(V}pC_el5AJ#l}(78==GmlLVE;#}tbPv~C2*dET&i}cQ
zsY3F@h0g^rRU8T9WNFw`l#N@o$kcFfHIg+CE~g1h?-%Siq|u@jlVexwSWU8$NbS1r
z97bhyPcc;gbCw=?2_9%+TP!T&@+gQxQx>GxR|-r-xaKlQHj25hC<$b17p(ig{8E2D
z?7O!zn-!5@ai6H;Iy`E(QCCVEyxYwE*eo?U55F&`xXcHABR813s7i<f|8g-UPkQ0U
zH}y02SbagkE20SMVsSwyA6ocGT>qS)(NA+=t87CHosYJnyzaup%oZ-sfoX7qRC_*7
z3j0pnA%r=kEb@a(nZ-kVonWL;>}75Fo@zVH*p4y=i;+p<v)@TvG4c=<uAWXdy)LRJ
z%rMQqDyXJ|#Iw~b5330>e2QxQZ+a{DBOXNi?)77!%{;2334_+Bx*;bl3bC?GmPBa&
zxleBRh$KatgyQ8{5EG%UCS6#=>zCGW`-(UANZ=JGB%O=nEM`fls+ih=wu|Vi;9mGh
z-5yJPH{h_FS=&A%4^P_6>~#*+K^~^5jCKJ+i6je2B-p%-v`y^iq1nA)QCByOY0Mii
z16Nx}4*kLH9Eon)7u`%>R;lz6d6L*AQ`EG@=LomBI{4YvR8(!J#74|kmIVVmaFA9C
zaMGp@MFrns$5Tnts=ez9bMjAh?q9zqsJdVqE`MURt@npN(O=j3B3rnYA)Kv-{aW+c
zva)WT1(x8{$%YR($Nsa$3;gFT&+mG?bb0pJ$}yK!a1-rL?5-B2{(qWqL>~e~)ocgV
zps82=%Bk*I3xVGu(1jO#FDTzT0d^zzb&P6(d6d~5B~8GLd+QPdU|H+xu!>?}<^9Nd
zgmeI}pk&f|=rUMW$?tr5idB6@tqZe9*a8xYQ`;W>v7QVtVcb{$cyO%#RD1lyt3I3r
z?#8d2KF_*4axUmUwCQP2-gMt&GkMamzNUKzAy8lMTH=Qk5WFnXoe7DXX>xi#!dg<E
zh$DF#KD>|liC}x_>&@xv3vChQ#l3Hd8Ru;#IlCGs)zwX%;5s=-j+VYTt-&qpMU2p1
zcj0ThQJ-Nd$Ns<<6o&CIv5As;Wa0Fz{YBBMir8Aabd$F5*Lva8iHx|Fg+zT7_1M2D
zkJ79DMgB;gSk`UaJ~RE@=jC*k#ZkZKIZI+jVBw&(cJf5(&S*)oU0+71<vV~53EE|z
zM-e+G7v1{NASF9#o}dwTkI0e72FKkaRd=&4*z`nb{DF{8uVzvV`ZRuqJGbg)@&p6Z
zH{HS`k3@;;{-NOPAcbQ^*VQ;(#(m{0cHw~YPxNn~qh^+^JTP67f>y<;Blg*cT7Td^
z&ZWM!zF)59uyFHo#24=KAmrM)+tlS*8bq0MBiS!x*Ut;Lyj9}sLqn7!BM<<9=WPwp
zqzAQo+!=R3J$PMaHnevy2vUHf<otzj-S*q>L7r_eq42(WUEb^JjY~Jany+C)qhht?
zqE`FrMTo8NSZqVHZS}E>IR-(Oo^y)8Jj2m1UIQJ8-~g&VTkNZUaD=llSZ^=^bM82=
zk>Geaa_;%jB9c!-v;7y1!?nrcz&*M@ct7$gdHw$%i_6izGYPJ-RrhU^O$&Pf+qCLI
z-TCO&HEp$x`numQBzogR6Qi{#o!w*s@%qWGwL<pE#!AInW5deq)7ss&?ZLIUelRts
z{%T&peF_@S!Gl}23g3h0e;eU_IIpTJWJ(GMNQrqbI>D%Syc3RDf90S>@(t}fYpZj=
zLcQCvH}~8G&s06VZOhvHc9&J&+=;AuZR1JE;Ya`|n!k5$80>_DZ%edQ_KEeV@w|)O
zclp4gbE*2;YHe|<voyrLx+n!`r$oQqyArqTy!Q4uL84n31%S&{_myQ$HQC2xlDeEp
z;SOqU&Ln`MZtTaXU{<6~zd{}C2DYQcNmR38CXc^^%^|G36BHPn44~XubU;fotWOe@
zhEBQ>Rg<WAR}N)%SFGfm5}&HYVZcA%d?dfV`})`bN&B7|Xa7L6pc!fE2Aw7l2F2$=
z$gCHpZSjQT%bb{#))Fn`=1O@SN)Ap%psjm%?{Tq97L?`X*ecz!j#M<wAI}zZY?Olr
z6^IY`Ob%jjirv}WPNP+VcLQ3$3WBs-F!tbMV0J`HPinFcWkXgRhZV9Hr{pgbd*<y`
za@3y2)AexF3C<}+_g|%Kra#^0w!UP8=sKm1S2@&rSg7jfs9=Sw&<yOaSd;t4Fiso<
z^6_tUHiGTyS7@--GDx|PJtzUxlwm0^2XgHy9Jz7Qw@GZbb(g$eh&f*$4ATtF*e+n&
z63SR!+nW7Xgf7T?B3Sl;ak((bYQkZWUm}AQn>YA=?C&MuqmJg14%Gf`=Kl}U^WxyN
z)MY{{MA-+#A7FA{y_9oRJ;hQ=MceJ`woRr;xKmRX!lP9BxY#n7zQ;&XwwpF9hgA#O
zZjqJlTBbm8`7E}LwQ~|JF+50I@Yvn4N_8&+nB|BxtZTfy@h8KJ4q`mri#02no#)Pu
z^4@U&?c$+akihX|V!I9E_PAvhN4`(N-*R!&U)uo@Nbsh2M6m)*!}>N(fJWmYN!=7A
zK@qZj9TKmqC@S{^11%1%>?p<kePd^gKP{ZE`Sy&E9LATP-9OD&Izn`0A{Q6ADt&$_
zG$Zr0A{6WIc(W;`!~4XUxvMl4^C7MeH_1x9L#n?23uFCZRNndH<<^p>8^MJ2DX%2V
z<4Ig!o3!gvjVrJ&OnL45MPX8bH_8)yK3H6WpG|pjAL3q|xGZBqQuy;s6!Xl6Qsm=R
zCe_Pyk$=X5VLRww$5GXcpEW8r&O<tGCDnda(A~V$O-Hw?9{a%Db&apx^N%CLjd(bz
zkP_Vl@Ix!yxpLQ;0g9K|oiR=I&|bXyp^JDWA2$+p(>sQ@vKgPhqYlp+*%D*Jw}%Nn
zN>KDIrU3^^=>r=3PO_No8Go?CforO~e_t?`csC-OK`7k&=XbO;vM_Q|n$fM~$7ZV^
z7jvgxgYPI)B}x9PUfRafF*UqtaVB#N9==$6J|+^&_cZfW9SUWvKc?#rncL0&tV|r(
zVEkggCu?_lK1&PRna_%`+qlcKV*Rv3hmaeT%uumXOxKV!sgX9WuA^?yjb*8<=$ayU
z-c9N+H$j0~8!696My(_*Y8uIChL;B*wJ0q!0<>T$nWN-cz?5=73&dr3qS}6;^z6{&
z0M~<e7GFF}*F3PY%EY)6OU;R{MAVF%ke9ii;m!T@rvu@IU%WVPukV<S$1egNa$~nJ
zXX!w*oSd|pCv8A^YFQI7cdGG7NH6n#|ItI2@LI$W&5+~LmQ6?Hs(~_Ek;5HHW;fbr
zs{p;s7*kGwe!ZNdhlELl{Ihom$m|C^8mb4%Ap{o)QK7G(&mQt&NC}UQ?Np%bPmiF<
z1`~gIa&Zg%Gw++F1Rgtpcr%sh6tMwCtP7m&g#KNCXFdtw`gNgVw|he|5qFsG51h#j
zArgU(DF;sSU+#-V-i;B9b^f##$Y^%EN~zb!rS<OLI!LyMP&ExasuhY{v&l<`?%7-{
zbbs=gH*$e2Gkw>pGCM{H(HEmXwhBt&xulGa^R0YnBcE)UaI$d2Qj^r=8j~a@`sa~q
zZl*BzjKOD?;R=S|&M>G_NYPv=>@V&BYTXq#ezpOs12wI&g`vwM&{c0prPR}}*my^M
z?7EQ!?)ok^4nzg-kkvmjs5!~Iqu{SiMEt1%$Yv=O{^=_b{2(=^>B%GHu;UMf$oIq;
ztlfd`(uRziF_N>53w*r{8U<OWO<?a|rD^2tnG;J%kl4L)6+s7q5e&Zp*kQcf(!J@v
zWK3tFfh%5p3F>fP#&OC0$nvPPWiU;hPY|8bjdNeDy5l1$Kk<jEIx(#B(%a%R?XhJ+
zZIS}?u}|Sa=U66DouuS&hrbH)IRKE9`j?F)H74Fwf4OP%reip{eZE=`NCKWnQ8?P}
zdNtm<hGB*8o5@k^oJO!)npXr}dHv_l!Jn*qn6$62q2geh*G$vq&2|xoteRWfR($u(
zh(HEVDeRLgpsKFRlBmnC=N3#ua|b%g!LIlz@^Jp_1!eqUpak`*{{{tCKi|0a3S^=p
z2pE7zCLQ+#J^1nBhWzqORaX!UK{|MB<>&{o-=W@h=Zf^>I@v8PZEq$cR3ghR#sM5)
zYO2*5TWT+;cE=e$hzNHnOI>3;!G$JZ!+fW~?H9|-L2WBajtQ@RYJtVRhc@mbe?H^{
zw<Heb8ARDIrUD-P=>PMJ-ll%XypS|oqQ-<EXl#=n^CdrSqrvTrgL|7Op0!&nEJSBO
zXQVE#BBTv-jI{IiNWz`XrMF9g0eJG|*OoZDj*2v75`8dvS_Ed^4^FOXkA4Ds8V?gx
zj2JnJP@mqK3z|v#6|*WbZlA_3twKEd(%qej`;@h|;ca(@6&3hTp8Rg!00C(>Evn}&
zx=t2UP`ku%aB0c9^Aglr-Vj}HzH!C78?^LgU#zQwxK;IN4_x9nY?VOxkgaXMWtP54
zx*0jJ8{?cx_B9KwbE#p}S3ksC8m|-odrt99Ch^RRG0RrBTrnnorylX!Rp(6(9!ZEk
zPeIM?w67WvEgf7wQ0_NXw&~se-LAUNhOSxromSmDEZkz-pPQa}@`<mqJ2t4hZLXo2
zIQeEJHpd8&awqt$VWUn$)bK$*pfYx^bKUkGP;)M|FU1BsHcOMY-F;Tx$7yb;=znD7
za}Ho1FWv%}g~GLUtnCvAt*1dpqkLBRLG>m;l4+@?^(ac#hJTkgnbofiWMu@a?K1WY
zlcwn-mr8(stED{sjE)NpehYt^vAA^Qpi#PdC`@)GHF9Ar*QNukQne}DnP04O1X}Zm
z;UYlGAB!JW{R)n-7KuaMUrBwH(H6h1VgNFyY6J_a7Zx@e9tVF&z@qWsm}6x0#{RSV
zMI}}4eK$3M{nZwi1dhTk=ajA2m^#UMCyS!BPtV0JPFS2ke@wA;dDVZ`@y@PyXC&74
zFJASRB;@8@yuYJitr799Mv!Jik4<zhKZ}W+Gg`>^OtYQIB^h?6CjyZdpG(5bV_eQ6
zaEUJ9M5YH*=)em9d`?hzlUHPuMWGm%hafOleb*2}4YQJ0J)Kz0PWx9b>z8r7oynQ0
zOppHv7q5D7Y?9ujXhTaie4gZR@Oq$z`?^3b;Tz?!p@%z2GwH@O$|8E(*XKd3K@;P#
zP{M%ps>T>b?UD#KAa(iA9qe8ZrbB#RmPOp=V2`?9&LW#-WitYyOyu(7rk`9th>y*j
zO!&D~s;3^;30-A(zG3F(J82SZ>SMSc#yMpPo(hO21_(BZd^z0CR30I?du$BWcEih^
zaGwJ?II~=?9t6j0&vCsL`R$R&ci-e1zlFkonOu@wN_mM#e#~a~CQ`ZcRc)kmmkHjm
z^kR9$oo#$c$!}@xou35cdukF!!}IHv*qJ`95k67Pkqo~Z*Qu>>z#EZb@OXK7Lq1R>
z{(w`S5opGS7izHay5A^d3ouiIyhY|9vo})<jS)#hYel?+uN^q5BgL>01S_OuCxKcV
z@{3Ufp{XCP@dL)6M1FO9OavNh`i>d!<^66nM(+rN3C%{``0eWBjrPjQiz9C+VK^q3
z&&fCJ`E?KP=$|v4t70*XPl`NVlY9ClRs?BDR_Eo!vuUTn0uh=B3#ABPY5}YmRZp1$
z7iJ0jl!DwG4i_ttKcx5}0g=<-V%u&x%5!^-Nk7E>qVEOs%<;c*ZU9Yx)u@#exnB{9
zd-l5uI;V784!Hr0EB<FL)_F|ncqrN_iQ+L#_ZVYp8o0qq;zRM+c3glo&HdcC)Yt}q
zy_wa22hQ*#!}b>&o4%V(!QLMBi^3<p_3;)FHoo6NGf?2qZ&mnVY2jqy-61|sEedWv
zo#ba@-CHA0W*brW$|;&&2RL{e_is&7g9@j2RIUCgWv^c`S?cKx6+Xi;4P4VKvPrQk
z!N!iQDKTHHF-3NmBYHy%d+hWV%&4<gd`(CR9le(kN>g>I*c|1lN&8jgw(@Y8?mqc`
zj_=SS!B*GP$YJ$(LW=h#w50aZD${)5Dj45lsvQF>!+zkhq%0&U>$SU~PB(jA`|w&W
z%-&Bb>{9k70Up!|DS+<l)u{{$DSuJP5nG{+IEk?MSM9Kl(wlBNw(qM{52ieT(?3Q!
z`vR+cj{q53l+?fOAr(*)H7GDqF3HqBm0@~voGtoWpp97MhWs4$u$mc0L$%PT*PR@<
zpI^z!OjEsgO!rS-P^D#<2+uTh9raGWOor_JGA-o0i?K1TrAn)j*s%_=hn-k6otT}k
zB=or_L_KvaQg%e6j9#N^HkK?k;@Q~Ko|)VUhSjT=06o;oFVqcLuCPBiBWw>S%=EJ9
zl>3dUL0yZ&=jW+4vt$eCuv?8YIFJTCUaa@}7)yrS{)y9^(;ALMLiV$<o~?x7jAvw1
z0m`H#PsYxg!7KT>X`0^FMN<}eVQAwWi+rEkq~iZUT2U~q4^$;xB2tMBr7M~AVfi}H
zUdA}{F3Q_j^pQH~4_A7}C}kUes4!p#Z>$-k6;C-4AxDJgzmhf-$uT$Vgv}>H;F?T|
z>pTPX+nA=x73#z&3ROK+O0iEbk}lsCpR0G{K6V6!21&h#64yw=clyVJVa3F&#N%ly
zw;1^N%iPEN`>DxPzD@_%z4GRG03hFQR~J@O;LoA?-`+8IZIO@}g_dlMRhsH`vbH@L
zS#XP5?^+6335IAh)_tZU&ZI)24?j^*2E}~NCuYe0UrY-xR*c_RX<d-FaNiB)adTM!
zZ`+1mI3|2Fly1=dlorJ<@_!=TxDl;ikS=zPq!w)kJk2vD<l56heIzata)9ohc#6X@
zz3#{k^>EW;xQ>Uqi1rm@PvCK#jdocDp`LP|YO;wKbD_7e_wD&eK+QK&Xf`JN4?-vW
zWRHg=zq?1bttmS04sAmvv!n6Rwo$mm{+<+YH#6Ww>p$GCnF9cn7X5m?&M#-OK+E)&
z5ZGxKF0IAA&g7Q>A89aDOJDEK-<R`d@+RNU$iSeMhWu|is1}^M)>m%rat>Xek14q9
zRqX`|y<1E6;enh=xP|)&pfw;i!MD%HJWFt-EFW~=S_TZT*V%B;qX2JF0X#CH!r`(c
zY~#TTM&AfP{uoaDX$GW?bITFg`$+K0k`?$J4ikTBw@emOp^MHSSa;CbZe{|YX&&1C
zj60npJ9z57c`60ef*&U4vD-Ln&!8_fzYh8nzH{r6lbSY@`?DKq{`}a3?#WO7I|Ih9
zk{(+5jJAIR-Q$^GT`xqeouDDG0)L$Kc~78Dd)AIdj_uBsZTDwQQ{=HJaRwI)hbTz4
z5B`t}eDG)4_z>$t)b|{41Kppno$6@><^<Xnd`dpKXwBt>+c}k7NN)xYx>p-?i1zQb
zhU?^V@|1}tt?|Rh4&B;KUb=g)?7711c5N}aIk(3{MMktgX{TMYAUYTv`Re_=k)5a_
zsywJD=g@<_e-9iMY4Q5=DU+0jibj*O;kwdnKVJnL(}`Jq((9;Y@IHFujwbUfGgN4v
zQ{yLhoqM-PX9N}J-~0Ja(BO=3-HZ6g_uCEse&NgtC8c@2DRv*eXn7@~Bwx%mi{7*T
zr`?Xg?>CnJx_ov0mPu%I1ym7rdd0M*1|;;;#gnG(n!}EOv+-Vl+$8^tvbU{&s(;9T
z<;vQ~reV9fD_-&7#56xL2k#fGH<FB{9j-*LUEW^3SuL;;T^B~RslXrKvFrpMl1tuB
zs>iCIZOJ8+!P;3dejjVW3jFn?Nr#pulhEM7<E<-?(V$3h@x$qv`<HkDYk#D3;hrgA
z1zPnb%VfY<y42ytTV8{wyj?9q<`khF^L{;8h#iRi6uEFBW-b==Uz1IA&v|_#%_40u
zd+4$BLHnE)tQC+%Hm^qT@jG`#iXQ55K=D8&))L69*UQO$W)}FjmlWd@?@KC=-h%_H
z%lfq(ApP!SDwe@P?}B-=@uMkrh<j0V3y6^wx@rMEcfqq*)Yd=rw-9s;Zc2)q4TpL|
zgY{NoScxwA@x{$1!16FS>*v(aY?18L(UhH-9>DBbxmT>Kh7?iKoEEZ7es>aFYWPi=
zV=%s0WpSBHdM$)(H4YE{%Tp_rb><v_S~*TqD-S8u%lpI*+Gr!E29=W9ojoIMio;g(
z35?nyqUWLjef>RKu2+NA-^bTi@=UskJ6IWs&T7@ySC(?{#eHx=EQMh_93cZbqOeY`
zF)L%Kwo`<vtWZc$JC2T5a(d^74l0)Ijz6$F0o8<gFhDlQk~;3CX7od-bu5<TORMo<
zQ5iMoAbk{mn-|2fWrX}>>AaFymt|16&Ji)vwqAccnLNCe*lJeGhWKE~se7&V9N6s&
zjQ72wxM3VJp-yB+sdVIKK}VEg<d~R8pD5CWf1N22Q~%{sF{<M+EVkw^c}B_R4hZDF
z>wu))_!*o_64v}Fk_Yp~M)#cib~2QiJtob^jDdKE@SW%pe9p5C&)!ku;=%BPkoI>n
zO!X<k`AJ0p^q)vYNO0xrxn}X4f_mf8WoaEclsWs|5|ISs`NS+{Rw%oUnmi2N!(35+
zGb3%qJYl<qW_+airIR3hPbmuWT){E=K-;-%-MTJgJQ&whUN=mTc&Z=ofL{Vsmn8QO
zS6C5+8lbgqiWgpfe3Gg6K@`ii>isw0LGNpfh<p0Et*r!~Cj6^(HzZs?-|Cq8*&UKx
zxlu0`(d5NZRnBKK*J%)#1?fbuO|b|<NVPD#@ez~S!%N&l-(zaHOL{HAG%!p`<f0a_
z&R%#jPh*?US0eU(tVb`+F5GJm%gg$69m)9M_860!dU&o6%@M^l4RSPt6SLD7$=n42
zcS0b8fVh?W6iu$|@z~4$otyCq;yTzsjQH%-zgX+3Kx!d%JDL&}&mXZl!uM&vhi6W*
z?<CO-G6r5MsMmKmu#=8|6}ywwb)VO?$&Hh1FBNBbX8m<ZhHBr9G-Y1^x~qPe1nPhO
z#*q~LyEoE_V)cdh%t#yc$R<f&_$UsSuL1>YF`^xg==>yuOU3#(;jyMwST}bDnXe<&
z6zjMas^S!1<;DjJ&CA{3zV8=nuuf?bXj9mtN%keFjA!SZLNyyPQx4j@ES<kdW4awY
z%T%ZH{e`+``*K;MsBr3{I8%94vK%>EN7RHO#_Qb1@te#T=Jjx!d55kA192uG-tKu~
zA%r|$xHBqs@jX^XS+<Rim6B}{H^-EdwmoZicp|d0d#Z=FYRF)~O+U49lsfaz;+Yv+
zgUB_mp@rV_`&^$%sau6bfq`aYG^tKFOVe_kn@hcKb7kC;`EpPQbK$LCGE;MVD1;{d
zAk{mOu#pcP39ye>aK2SviCI3v{k#BDNE}mAGWi_{f8ulMj41+g-NvEXQ|5IOyRH|W
zk*h96Jntoo?E~-EV|!s_M6S`88yt52U&*o_U%2A~z59ki!$yie*Tay;*v5(ZKo{FR
zy=*MFPv4QxqN+ku*snSGX4_r*#BAOo7NaLF#borGumeMJpnO)!@;ZLyfso?+9LjY}
z5>(;b3`$N&)n{k;+T!=Ykbl3+^SU3JFG!kfRu?74mqg^?7gwVoJuIr#{puKF^+Q>m
z49Kf}L>IkC)d4=l_l#WfFhHC)o^_WAndx;CLn}CHdk*VlF9^BH`FJH`J}j%rPy>$r
zy!@1DE-57|N7RvOopThBZLV(o-Hn+sTwC?NSjgU330H?_!1PW}yw$4&zpW~1jL#79
zt5=>n&`@w2$4nyC;e%Y5_n^cd&#{8(BUmaDAr@7pvU3a`U9g>8YkRcr1C1Efi)hM#
z4`i4yN1_?K4>X*GLq4(g+@i7leEiJ_stP%8n2u7ui&u)egJWLrg6VuB*B%~V8WD}W
zE&1Aq#0=sNBU2^cSl%|r1&Q%&7^<eykxINS7>yO{Tzf|q5rg5zgB_VQX@>&wg{L(n
zQvCrT`Y~3oZp@F?eRG+QyjLu=-x(lA9{%W!m+%c4IHkGaPt*CdNssSh7hNu1ebn>u
zB5yp9ALF+*g}(k59`ZQs2yfevm5_^`R6w)}3eIMkvgS1#>qP@(YK*uP^6z+Sd4~Hj
zsl^{(B}*1%Mr`Hu=i1D?{edZ(j7nNa@!W1>f=kBDMM-1*f;{&@%`<Z5Cj-_lWl>GW
z1-Nh666nq3<W5;<!Api}xcmiaIeCyccU%I_omcnct>QEx5$?;i4lD6qGNIj(Aa%-8
z{=sUxWAoy0KI}U=KP{I-?|r-JZ!)Mp^i1d;10wFl1K^`oc63xsI4hk2?w5mIg`aOo
z@;2s!tY|OLmYr}eG8yT_Fg;hty+MZ+a~}h^E0@!Bod`|xwPWdQo#ddqZC`?)@1HB0
z`V*9fO(%yrU@%B<#xw^sUOm;roeTl*u%#kl$9X&$Og$7<eHHXl$wTcn)U|vWZRKv&
z8knWc-wPx(fU%Vn{9mT&a+CJvEp`WFqJ{?Yq%%?<xK@BvcygDUeg+rB@BaLYn16ij
zj=G{WJ^J6`IH#w_qV3eIM2|L2)w}ri48*4X**?8l*qYWicy?9Nu;t6HV2HDFZ7e`6
zwhZM}l+T-k#M!|M>$hx~Yp&1DfgGI=NvRvqcGzO=x0;mqtZhys5g~~FbF!g6_k~?=
zi_YSq<pwfIZE-;`7<9<)VaEbW5ak2CF#U1><>wprAyF+oF+mib+`~<>CWSuS?YHY@
zQXj<B>*#0#`mj*l#Nz0G9n#0N2tUGaJYN*m{zdC4x8KPE)e(c+Y1YAS=49Ck&PShU
z?Vc93rD>ir&R3PmGL#Rl=EtEb(hPXkKVz6Z2~SMcm10^GUhnxvrYAeSil@XK-FD%)
zt@1z19wL7aTAOXmKVXi^;YVfMn7cf!JtBIU3^dD})B9_hAj_og-uCG|kZeCP+YCC)
zL2{~n>YULih{$KB<WX;IwVDAdB>jJ!1Xd9;1$m*x_5YXHC;N1H604a<`?5P)Egs-N
zG#~L-BiKlfYNJieO^v0uye#UMegHd&_Fo)j;DWjl;6^_6Xd9WWrTD$l=7RM>fAg^7
zx&HFVnfe~k<r+D$Yo~i)r*~WBq2N2a<X|*Dxh<_UBzgszxi;KhUV>lD_k6Uk_zV93
zkC7%h5&H~TiR$r&0P0bCw@o@>F<EI`bUAXxo|{WD7#?fBocHhI-M~A+V4<Zpa99Uc
zxubQ{?p=Qf9Tn=QFYyhTudm=_y><hO<AO9-;8*1r_Bc;*dYsS5b8}v9dnA7~WtU|L
zAV^gY?keeG&Z>cjwA#qBlS@NfL^s$yX>#4We+LXSXiRgLxkL^`bC}^nn2ExzH=xlZ
zN1B{8yZ#^}&;CYdjNl)W?K{~_&+W}prXB~c$^Af;!wb^r;B>Gkjp5EWEO4mv8tiU;
z^F_#_EJL!1a;aFZbDYj9zXKZY6|MY?S0GNM1ir}5zdK8H#`!xizQ@QiUiNDd`ZU+E
z(OKJLWs`PA`={8wBJ{~o6+^dcd(KOw8q2)2#LiLXA=vN5h}+%$97x!r7^G{YmNGia
z<g8GPddH@i4xry`ZiRKbQZm{y$nZ%|8@}ir8(O)XMNU@kpomwi!(t#M1O-H=P7XO;
zAd~Rn6mqSoNm^FOFLB+VU`nlnLh%;fWe0N2ckCLFci$5Vl>Xqj8HOU&6^D02(q=>(
zs>`Vdy(t*I5jL8GC|;i@*N9^Lw&Ix->u+xe^bKHq;;0T=^YhM)AGz#nP4<S(PuaQ&
znxUK6$l_HxGu83&q(T8r__J0rZ6L6XqX-Q}cnB3vX;PaUju5xT?h}!hg&(+cFMl!D
zU)&xee_cfTb1Y*3cIUWQX=8v$1J3}Y(Ivxlq7sJK>`A23U0R}#rLgW_rvD`ssGU7V
zQXt!uQIPi2QuQ5jRXFOB8Qrvmjf9L4;}?a$Wrx~P#JdCJnT}lop7FDff%Iu<nytVL
zTeO`FZ}~to^`sl{7vvN#*X^hQ>d~eSx#VJeO?~0`8Gkt4>WTL%L!~esjxBPZ=En5F
z<1F}CyJKXNLD9QC^tnkqYp}2nF2qB^s$KEqk-bFcXo7;^{JRRS2Abxr!qOS5$NZ;N
zV}a-S#)MWFis8?+#v1r1UfDrYI>Oysc^t^O9&v%?DJ4{}fXfX0dql$bH>KYEmcWS4
z?q=g>j?~m}AM`_pDz2r_`w9=`)NVP-aPb>c`ZdXBgLkD<N&=I%%Tn1UBQaOyunq4J
znn0YG9+wj#*{wp__jHMI-RXK5#b21|W`1(4Zrjw8R0tMT`D@f|Ti|z8tsQUId3UYx
ze@|lFCS2KL5Nx0LXoZ#7$@n|5cxVhj+%C3!L%@irq$miV&SH4Q0DUKtVxZH){E1~`
z<*%Xu_^dlaX`fI<i3!Qt*vmky^TVo%=w#zU8rAsWQF82IiST4Rf7^gA)^LTlStAv4
zdm@Fl4!4E1D-^r2dqG_MW`;#IaD(6Kg<sxZATYgn8Vc!Kl_HwiTEw{b3>Cr{M*S9Z
zLtsDLY6*Y*#5bZ%vMmK=Y0yqo*$B|Y5#W@&ez7KQvCqu?cNIhR^N@xRb#j$D0Ezd;
zn$N?xJyM{d5f7)cYSzovlRJ=RIak=YPC(lJM)co6GR6I{q@COEh(Bc+>0XA{d@_c&
z9z(<UvEs9NnM#;gp|1U^6tjN@tMMaqsb9$jOurwpC5!nIGdPL&&;gS8$38k*LxG1F
zI2O9agX^=<pq@|C>>S!Jg87ayc52|MW=(!<rI9P(^Z9yjCi*<f^PfmuJ;c*W$iEoR
zb=j8>4sv>uzK&LppB}?BmrPaCxj6B*;X*+3i(L61WHHm-+&UMj{F{P$Hz%#jxwpdK
zUPVA+Kse4%Z5-`E<-Vf@NU4x==J)`w$Zg@VF?PU$0%+Jy(}FyexRc|Yt6(k^cKf$f
za<M}KYp<SQdi12bSvqz=i8&SSnrDRE*u`2`DUbBJa7L)cQu6a96)arD<0`t)ALeO>
zxk94S{u^VEZA+<e^`QpxJYt50Ejflp`SdLcw+o@BIZubNM~O8`Gk4jjG-@oc8EG<2
zQ4KJB7x{Ty&726=Eey;Cl!@f(QM$84P@wmZL^tw}C~dRDZ17KN>N-YE3dWy`m1Xd@
z1S7X;5n#Wpze_UAa}`?9($)qTkxpe%eaM><jIV%5*gE5k^IyexUu-2;q_v!ZN8_;?
z4mLg4l)iu~V(=CAp$E5T=kUAaEBgJid{~ztB5%Zsv#aR~N;8tBxBT>2TKX{(7^SKK
zhSd-rXrLn!QSIi<_NMJ??2s+`f3UaSuzO7K(J>slLvC^!oeUo^1F+^sPGD2$+y}tL
zaGYG1Uu3)UP<PidaJv#-l!2sL57c~lU^w@S=}D!yZTs|g)qr&TkIV#1nPTU0%?JMd
zp=%+r^{?l06ql2UC%xBXm}q^>aQ=Y{<%%HiOWVFDXAr4YN8+`k#qpj%aGmN>MI*o>
zOS0ZUtx{l#f&1j&p?cu=eUMLL&x*0BBD)o5pv-RHHy-2+SnSS9N=i$da58af+!CjK
zKn}<$C$d;qSHO^czXf`m0wDajm3g_37eUh@{seD2D8UT~zqXd?gPpsNge3PFvF&g7
zl?A*HNrPA$)?HKRwIud^E<RRnA^~d2?hQWe18R7t(Wz-j1N>}qzRi1JHMk-BcsEw#
zNv;c}Qa(5HP&O!1oupj`sxt1*1H=z*%*~aYjEvIfAC9IX;DHanH;C;J*LE=5#^GeU
zp3a-bnpcna_w%H`rRBt--7`E4t$bII?bhyFj`~o&h%TFPsp8yj=j%8%)uo5kj^+Q@
z8>Ryxs64Ao^8EyWW6q!N{m2Iz<<vu)1L8zRk4w$+8zwGVd)MrJzDF^LM>)r9<y2<1
zipIg=PDy2T8FUN{<}P86H8tru7x_>(2Pl>w?8`5-SZc}#D{htX&f}aFwxS4FNVd`|
z{57xZO~~C8G?=ECH0;T6FmsHITzKv=ZXyBlW^&`^ogLS|K<tiZ0-J0kPGF8-D^Nl<
zEVZb__GKiQEP)i4bC1Wce$Sx2&zSa3^+WSF{DQG7DB?$OT1zo~EQ|{PL)8BPd9Ghw
zKc9eTSfFK7-o^P|;DwclL_q(jIdT#K)fpt&<FO?0u#1!F-d8+NjT#mK%|!$yNB2rG
zAZ!hdv-G<=uszOWJ!>7w!v-b3?v=+Ez@VJzc{}jdAlnd^s7?(~vNr6xMMj$ZAWeIt
z7981O(?5?$3!p-hMnNlAWm&!<hkCl6d6c~#BQHJUuPU(u&{_3&8i+uA%Y4eH>11!4
zyyEH!354h1j>p=4?GR(`F7pMMV58OfvOIh?8``M~8AeO^o|{vA4YnZmAhqYD;-Y>m
zn1=bq)@lE`G2GzXcUGBiK-ASp<ewtM&rxPbhMSyBba}$2YHuwgB-*{=iT6+)RSGEe
zdsY{jCSNCN*y2sOPru7gSXx74Kve$9<)Va{m>a@Zv&E#p_Q++xfBOh5^%&O}UXYAo
zSXW@o-ZMMQgbTe|b%AbSB#yF);_~Zoq#B!{=alLjFx-pV;C`R5S0&PS4<uJHx@XfP
zriw_eF)jR$wSN+EzHO9pU;^kML<V{>!+%C@lJ)B*8%nfY`0driOE$e*rqfnDb0-k`
zEN0^{$EX*#%T2{~v}-*e$ws%zx7Uw!vUWBYVv`PjZ9*i4O}HwM*IZe6o7avEuefc;
z<idq=M=IiBwY+BXkA)iHLW3=P&jIC_ENIp5&A{^!Tq!Gcu7(w(QTQf%IeBp0OR}4}
z<$I_;)2IE4lCs(G!2l6?J9r8>=#e-wEQl1yW%KN#*LxO)S0QB3M&(QX>Uha!(q0{v
zqYbkAmeAZj7j&!`GaM6}8_|Ye>O{buD}I&P^b~*Ap(erh_ZN2d`W;4v&&}AX{UB?o
zzgre2CCo?#UYl$^+$=YKRF>8Z_G4EfR(tU)*zJyN*gp!*%=5{t-Bjc{pPxk@&=-s<
z`q^hmM1@AmiXDAxeMZ)~x?otFrmMHWx%|o@L-e_W>0+1Sz6{<NJOh>SKgj1ksT0ZY
zse>)bBrEPXDf{AC=ua!DcEN17oaBQ0z;b8fMgm0Yw43X?*+>iPkuk=u*JgLz5YL|Q
zxhgFT<#HXeMRF1~X~^G4d=6JvK(WMkpuFBxeqb2++^4IUGpx|DjrITdk$FZP+=Uh?
zz!10CrluyG4Ed&pvpF`=BQ+UBhoU1q;?JTpyG5eb7)_@Dsm=+qx$n@6W;94dMb2ns
z;~(3rf2KvWQ(4UG=Ov`|TNvBPX3mMsU9@4QaRD$3sMk(NE<G&m;@d?3vWrE?PHC~N
zo&d4U$uAw1P18xW!lg(p;)h6m@-@5ASvucoC9zIiv6_nJJ`*j9ZmhnL<CD9+Xhx5z
z4(>>Z8)(U8gSj%?9(U}MCktXDjw{YLN9jO~n{jj!53JULRS;1@EUZsi<rbWs06n&u
zYCUI%GW>@Ex8Ki)C|yG6P(8I!%Cs?t+s>90K)QVuL^7sWWAA?zXZ@+e3O^FE73EW`
z7CVVmb=e9r>%Uvd`foAG=_n`?9Mn-}ML4zRGZE%K-YW1Ny%51UIO_^pSwy@uE6mu@
zNHzJ7QL*rxz)s+tg8TR5_ef6iMxU)bjUUVW)KWIAIJOLPyo-d@-x|!=dh<EKu2Hqr
zrpXb9xfCXl?cDN_i86c?Nrt{*Yi($s7G_-&c$&`okm~@!UQl3}E-AJQLqlzT>Cp}J
zSzvX7Vp$UKnObPDSAZnmFaFG8z1Q=962LojcN~TE$W--xAXMoc^H5LS+zQeB!i3K1
zi}N6$>Eh~4)ciV(5ubfCMs>{cHg-7e35SresyPNx+IsfG4#Bv&ihQOzW3p89?A1<u
z%~vwfG_XV*prlJRS|_P>iam#b6eHD9weJ`BhJQvuF8xhVsfiatuKPPE`L2`nB%r2w
zM`wPr**MHR{-`M&>(SU*NX%hEVp?P!gpJD-W5{+2`FlkNWwZHBTIe^a@z%!!P;7U%
z+`7g(YzB|q)M!SXxCe;UG}D~|`3IVnI3oHpU5at0ekDL$ycTg@hxBDN%o(ZC2SX@L
zC0<Z_Zj^5Q5&_Ablq`o`6W>u|dfjBBH79k6ygGdaLJ3TnTVmcWv2gb_<yE~ERJy0}
zvRH@Zc7F*4=RS&%3ZhC?@^NmAlWjz&V~vI^yrWDaEa)s_+J2Klr)q=(Zrdm)fSXl9
zVe;2ai=F?l9fO>gqmpWq%F0wQub4-z$u(LgJ31US$=q1lrsLF=h>`uKHVIy_u3Pz@
zro#8`RQIA3g)&{kG(@Gh;ye??nY8K5H=E1wrcj4hY-Bp|+>f0?^a9TIM4#0!X7AgZ
zJL~m2e_HqDr+KJTOtVjO{v(JCdq+)|1l58T$M}OEtqwDC5IL7!EjG(ndq5rxogcH^
zdEB|uUH@T{vJ?>2DiK%ZvWWaa;6d4R8xaDe!<pt_t{bW~rupDOxPWsp>{}dwU|2Ec
z*{lnK8W5CUmpKFd9%JaJzph&17o)lR$dP#4gPXzm@7^j!4i@f~`-EyypmO;z=_MXS
zwZL)$<@Ps9`IfANE?NP381yv-X-$Yg0C&52%tUu|@?^wczF7{*+pg_rfa~V;m72KV
z2R~-69s2(U0iQ2gdpWSYu+(e2ciT39iJ+H`Ke#=TT-@0-9O?@?evHy+e59||mZ$^y
zr^Y5{-Zfu8cyROJW7V;L8?IO9W-SC|C)&t^YLl@az6#HorP{Vs2W260eS#e?J~8Nr
z-_TYUm6Q9s`SOS_uFBJghcT?m^(CvPYrrY6fN7XzMOqQ%PEFDZEWQJL9?8AZ=H(bB
zu+6Jt^9+~?yx5wi)v1M#o;+c1-wDnT|AQn}Gz%d^{NO4<6|?uDae2VWF{{YA?v6_R
z)?DG-_jBmQOm$zCz8wht=4UIn8nuQHtM!Q&_x>osgA|<a_9es}_LHV<-(0m-nsUA%
zzE;#V0IR9;5dK5p9_&i-anDn0<v-_mr<0LC@gVHJl^c?<b}2k(4!y?!0jlzOgJR5<
z&QK7YN;CQvIzG`+GuhW~C%T@CwD~vQ*zvOO_06^Ju{9<Zc5e@?u_BU4_c&m)tbdZ!
za0!eRv?eDSErW|)^#>y#E=bP5SQV}%^ef-MJBu4YFK|}S*bnsD>#Iv+iPhh749NKa
z{ne5Q)ZO*;(;$!Kd?@rKA85znH6ht&)MI{=bm~F>ji>am%NM~CbA0~Hso_oZkX=9U
zVX~LAl1BDhn8Y#XMQ~=Tqsg{0Gsi@`q3V;^LgyEKt;WOIrXemu-KuHHbkf~rF#YB8
zt)ba)fibKXs6IWWfXu&QxZe&O!>s3~Qk{=cHk_xqGzNAel4B?}lfD0D!HCWZCj4({
zDIC`sBi<SysAxVB)*kGj&U_vq&7Jxo&$u>|o4KKZoV54zPEM!wqIz6vlx<jWsITG3
zFa*19m{?1C&#1c}xfsFUegL!HfzfN0y)46?`90C(mHEkC$qVBfL~LkfW@J|j2P$0e
zN^dyKuM$$>Y7tBFtFfB$AW3Mkr1<cHID@Fb+-MUQh)kTE4=)eM?<h+|>d)Tq^$n>%
zS8Qrf(INSZDhc<Oh1z;W{6gzCht3EaAkXI{-19sY3S?rQ6{$ar^LPM;6f`2ojl5&!
z8+TqDHOe#2=&7VE3Fn5TS(YZ>iC#NCu<sYXx0DHg-9vbmj8ze6r_C2PjF0OZa}Ro{
z%b_b#%%d9e!$OQrJ;BBrJ~5BCdNRgVrwb$v8)27BgXrssHADZTQ0E?hh*28L7z%hR
zr`)&W8YEBitUjR^HJ&s9<2->5HFXmkjNYf-sGyp!o0bXvu0+!QzHxM!e_LN5rkaLG
zBHB)cagY(<C5g32cLG_^gtwZ_&E$a)(G-RWHqfM{Y9=#Maks-e>cb8P22_DK<2fVa
zZMx4kCJgPcU?m*2<Aj90G4M85ho(9vp4ypH^XOs<JAgX<9<A$4ay-jE<?jHA{pBof
z-l|YaCuvMabwLMq%yHlLP~hEC%f9Y1U-!bAt0IK)6UOoADr|RKn$77Dj;}!xVMa2Z
z_-DN%UIzyYLm4-T#u&;$_kO1O`9h7EGWF;Jp)PlXz>N6!@H?jUY>nSens)ssw%AIy
z^6`@Rld?QUKXD828=$Dnf4(mZi;;%j(&p6*T_R(%m($!;?NYW`?l%Nvyo_ZqzI#Q&
zC+faJiOu&l2+R&Z@2kJtiohqcu{W#QmbpIKeb+uP1fGbTYBZ(IHQz9lUVURx%<zlp
z>)2i}U<_E@Zqy5stPOrlr{_2*-bN(5ABu&JXo`!SNd+^`<~-7WW_X@ZNH^vjQQS}b
z-N{Bh9md-`GCj_N?w0vIN4A-a1K((`EU35a$H5aBw4JGVEd`|L?_YX2)uLWV(HH}D
zb9CJNmoYrM3@?FNot&aoVwak@c3q1m*h2#SY&qY#Rtnj%b*qG#-jqsEfp5Mh)>6m$
zR`gAC{kD6f;>`D+g)Yg3=V#9p^OA%G7$UkSS<XkfvOJTlahlLS`9kDD*?a0q&($$%
zvVvgX@aQtnG(E1DrlMR*HBI{3LG}UEi2;Fz9QF1WJ^)H>w3Wb%)~7M4U5yfGEHjh&
zW%D_54(6}~<)4t)PuM$iYs?#QmW`Vd<<J*|+w|SI8?^cSu$KLJRFdtL!rt>ISPTy+
zcT+E<u!mT9Tv7;2j&g9{c{hq&rtUZ9rjUI=A)fz>wTm`Xh?#CDDSgJbdKpliyLvP=
zpWZUfpG?HwWuhJx=l)wDb!eBAB_#SIaK0KZ*|_cmrs^#myVG#`abFD+<p^TmUiEB6
z*CR_WYMl!LdOu^A3V*M987+zLS#O9c*pa)Hr+vj66?XRkL|Zc&P}=pdZy5xiqn$!G
z(vE*5%5Irms8<W+EOzG%U+4H;p)l)?H^Mz<hHsnvkqK2s#P*2`KP$Y6n?6K_tUq*%
zqkNWt>8EM@WVu7%bV4c+7*(Z(V`S>*d+<OZ)cAENG2gY6jiDTxha^l0a=NH2?|dab
zdha5^r~^8PGrh)g*ZhNnkBMNT92TU^kz&EwJ2<aj;|h=S2-vrT8G-vP5hVJ|dT&S~
zo2fJ`RMFf{L7!aa8(CAxV`MlC0)!0FO?m%frkj6q30jvsba;Wc!%m<)U&QikF05zT
zpG+5fo-u>NlMS?J7dMwtqjCNsk;%2BeK>Z&@H-|HBVZhn7&|My1pyd!nj%Q~CJwf{
zgD0iV#*@Y7j8WQsDfi7yrI>_PQEjpLV-`9ae947B&9pJSrAo|hZ_pqRR1R$dK2^e0
zAVy_dEMIq{!c8OaG)hK%$55s{*FvuRD&2oz*@|hP?v1uHY&|PTdPnn0*bDkP+!hw{
zyt1@0S(~ix!B(I7U4%B@Fh8cH{zcsz431f68NMB4gSoE528F!<l%8U{^B90yeDQTN
zCl3kCt#gF-H#*EWZ!ubufU}!<)_>M2k~I<ltsS}<N3N*df*7Ja+H99FTWr4Rw7a$$
zUzYn~*ix2{$#(;ytLsxSnC}`Lf`zTO1c@!1e+ht`mH;}HS^t#Z153cYAfqk=iv+nr
zug&JrWou5A79$n(5fgG-Kme?!ZQXf(+!o<%rC4*jXE}M&LNgRx`+hxKA4uzWtiCdP
z(Fx?-YdTUlLE8wy%TK4EFZc(*$J4T5>kt2bLd;@SYi)o5@GSzH_9s6j={a7EYwv$B
zUlr;blBW9CHs??PGBfPXi9VFICwO^6Z$>qWW##J~8`QS&_4>##yX8*OBd@$iBJ=B!
z+o#`5N41esV-BgcsprVXSBOe}Ye=@~XuwsI&sP_n7Xl>*`En-~Fg8{qh8FH<1?sfT
zow#=CoT+cvt0K|+J%Khq3PSW8=)FDvq4JcC{cLw0nCts03Aa1=-`GNCw^r$v@%<M`
z#37^In-dV@6D^Hziat5;CA01+w_;>tr*wN}o=zHHkm>mO`nORJ(r_M(o<W--5=doF
znrD$~@(emPEclM3Q!hQ0>DfSq3?_(vZC>lm{h&H3+JN6PUtw`Wp<lFpHU!iO%OgXt
z0Hsx)I`FDgQIt{9QrFr6p6T?FAv^%`haUiEvo^hIMhFYMl9H0J4VDeYL$?~Tzp%gn
zlj59RZBYMYeG8b0s=7Y{mgZ)n+LSkyK>>zg&=|Jmz%tSNR^G*a%zOFaobsp+g$}^M
z`lUopG-~gnYAb+ja~{!>Yvq)uKhA5uX|nCrSNKF-^j~|w09L}0DjoG#z~p*s^_0=G
zGWtMhZIRSqJlqqo*micAA}nZbwj2P_aen}vvKJZ)FtM?r9Fw3XqLW<eYD+z)DcT^^
z7w=dUyG*g6@7acVOmi;yCZZi+BUN^TI_Gjk8!lY5u}u;S6Er?aWxySF7c>ha?F8#I
z_m0X3V6i_(S)~J)pNSU*0j(#oT%x>A-C4g(DxB~Cj{x$_RC<%Vp+}dh>_ovniamf(
zb}b{vtO&M)Mqz_x;`>y_i5E=XRlIttTvC8{E24c$q%lshWo%nVx*S!n1o`e|^Vv;m
zB9UreDMP;ZBRun#c5HK);ky*cTlB^10_U{<<LK<;ncm+&zFQlHjm=$X7Miu(JBVtt
z&As}J&0Q#WCC=#}Lbu!8&D`XkR%zy@SyHJ^a&n>&N+>#~jtb$(DJRNFzUlnl{r;@S
zgWRm`+I78N&u8bV^6H%v-m<y+iUcLyU?+bBUWDLm91P0M6$?x4WK~n$5r#mrzCbl?
z5(^2AfGM<_%{Oxm@#!F~UHBK|QOGSOzEUL&EJym3vMo0Mvblk4N~_{UjaCJy^Dh`8
z6iEw0jYv9)JCV$c71QL-=rzrF<>GK0$4sEAM7gD~f=-o6lnLo@7T|aVXOcXUw8JCu
zl-?o|6nD&wbU)#hs)FaQxPcNl^UvS{9oAX|%VAXj$FIX(VnzaReejWF$`lX!H0VSA
zi20Xer2Y9it>DN`NGbZQ))cBs-$r(Juu;ea*l`%)Ph%RsH)Wzls7I{gGv4(nFhvCZ
zNO1HD^Jfxg!~i`rz{rc*mOWx%)EVqFBT(O)=b$^v!z5@))u>&4;!O{f_1#=Qm1cXn
z(CXPJH7t>hV9*nGP%XDTYgH7-xQpW@+iM~7Pjd>l>(s0cv{W=P;(7(byDTv>Qci@I
zsFI9sQ#3uo>5Xhy8WpaL?%z~^<u%-l(=c)sWAho0?g6oYr81XQ!)U?I$)Qs8w6KyA
zcu^$D9;=hAc@h-@sq_Pf;TfT3sY2tyA8WYFot0?T9u`AVj2%&IdH5Cb%u;Xyjwh;N
z6FyCK^Qm&popRO8qw@M|+x}FlQA2jL3M|+<N^EGYB4PUjz*PPBh)O67Fw2Dih^pz)
zuX}K+8+P4Iu}RFq4JawPDw(qFSL9f4Nb4L*`&I>1OH(CU8_I-*G;Maxj0}N#?ik=z
zdk69aTR2n+a^(0Z1dccTFaO5Yk+G#8A-~_`=vk2T?M0a(DTidyejPMd)({aEasL@G
zNtrVY!d`b+ndcD+4-(Z#uqO%yt9L}p5oMnByNDV(rsG{qgTIl}2s_(gn{U5fqbjf%
zv69RDxq&01*c|CYj|DsuX=|BrCpTgsRSlwCz{=a<Wtxp(J;Ss9TITM1B0|~;_l^_s
z?G?K3<n>u5N69LeOECXqX5(Y0h6o-}Z#52b)i5W;n^=a~{6#ID9))ScILhq{^=guD
zyu#SKN{NlQzwU!49pHMC%7h2{I%LASLQ2V_dDD6{s{iKhM%Xpf_Cu23s&kOO;TV@8
zD>~W{pL-QA-d7sMfej?DL};*3Ka^!N(Jk`oY&BPN8wncLpCn&!zDcB7ZoC8F_)>C^
zwHFuZsYVTJ6-7c6d55C@loI{}$XT0}o-$LpYDLuE%ERMhmq$79_)~tr$`J_5d%_!R
zkJIB^_i!61fKkrY+0;U1+zOCn=N&dP6))d=@sgvF!AEKMPzZZRxSm!Ha_q;@RP5VS
zo`WWjSc1&L+WmZSg%=QR|3E4!H0U5V+%e2&VwZkrUqS|tv&ED52Q8O48^`-*QNqW6
zl?ekwAfEudZ2#R)kS8jMf!owW&NlpgoyRwGvG5-hF<2gs7vI&@k%L8aXB1{^oT-YL
z!eZmSR3OR~#~dQ=>6`$V`1)0jD$GJ(i1G4lu%^SS7b{HPF#7R+WZlI#2mDPlMwzNW
z5+t<3<1l?qh4SVdSg|U446?z?)Z=p)WS2Q9emD(f(I+v~rQ99WHOB)<ET}$bDm3ZB
zo(eU0!M~7ix>}uVn*q;=U_yg_UZ|^AF(NpU^8?18=%4yUnK19!bX{q94y8_`r_yMw
zj!H)jPieyZE7hjc%@y3PBa<~K<mR&62DP*RL&sB4Yikx6gOb6f>2=L|)DA<(chanh
znhwi*3#PG{435w_cO2fG#X)Qw!d`nS%FpWDrVMep&9yz2^Mw`@@hC&_7<Kk{a6`Dl
z1A+G=ZTi2bEftoYb8TwT0WQ-%oDMjV*<F>JOYD!<CM-mMUdpbtt*d1K8n!_$e4+_#
zS(3Ycn3e*jb>W+czK>4dPjxQkoHSdH1A7BHYDR_%HVlH;c#3arT@au*%s!A>I2IoY
zyE6`G5|7RRC@XGgx2U6v`uN#*RI2fVW`VKe*$o?NN*%tBNlE`+<<q(C%yQ(eZI?jl
zu-4}1!2c)gKWPj~Ze8{=d)(Yybm9@yN%uRyOXJ>GSX-h~0n4f1WjaE;_rc-NV}Lwy
zw}ZZZ1BBf-6sjBQZUPhD0}GT|d}|}OmLuE-R#ManT*`w5nYknVXXATGM>P`iqh5I(
zNL*dWFEYBOXueg}QDuG7FD`o=Xli%E6Dt55_N~sN3+ACJu>+1@ENcFEsBduluv<l3
zUHdVyvN>wvv1$}<N;~@(cHAd%QgcCWCi2h9E%%jR!_*(Ag{>W!_#Dk;)x0<Bx1&e+
zo2>+PL|h}T)(7dwPG9+-b=?*_>R`F2KizfcEgK*`52X<+&BJ%CzWE<0vJE^k*=r7%
z26IN~CiWN6-zD(cmMZ2EV6QUuehzGEs@x+hCc!Cgwx$nf07_^NlkzuS<n-;zc=J{d
zpbrdOHuQaGk;Z<yEBIclgL&gW6pY(F`gH@KkpeEf1_%Ysxz-GDN^3v&eqS364FIaL
z<6#3A_5~0*-xZ5hc7QJezpfL+UR1d%pN=c90Is5aw(~{1sOcIS4jl!~Z7JI>U81Ci
za}7&t|APhcmN@r2_=!qf*R~wTWY-0EtIfx>-K{X2vxX{dT`x$jv=U9lGr1jBn^PBB
zTao0%M|F8e^$}C!7;;jFzRP>*aY7P$+^3;@2UYBAVu`LfN)wvV5L(1>D14cZH&K&|
z%}+OgK65!Qy)@HZB&9vR0^oq9+I$;2rd(F{r=X48McZ;CA`t1A#m8G|4RPbYH{~b*
zOC$5&Mx)yGNeT|ki!tzfP4NaYPD!tjgq0je$bFO6$JI5UP`d<igCS9JBM!PtgzXnc
z_u{^ibpL}bwegS+C};zC{2YlfDusK-LOZT1u0EzI!9b<fl|os`@eAydYq-UWn{c6l
z@X!KKQ2s(g>~B>P3v$q!9~22IZB+F<_|p2gFG&{8$6g&iC4#p+8O&)U|5BVF`|+o4
zW@NZG&j@J($L$$HAocbsx2iu!;Xdc2LUs;1eCWYKENQ}ZiHEkR<a&PkLfguE)h{fp
zQOb_|WFDcCM@yh*C>u&QHuK^4e(~p<7f?tzYmUF^#3h;Of3O!h;o*!cWoVXRJPGdU
zPYgIm8ZoJRz(Zb^6EKKvv`ge(ZsmK2#(roFwNoc8jh8TCsE`;h3^vttJ4>=1dJAdP
z#86_oV)|cZtl%?W-C0hZm3}Sd53z4akb4Zr5#RhIt(HfdvR>~dj(TreSmqhsc?wvF
z?+8p3auTv7cV8qDb+<SD>&Ca_&R}?|;8f~&-CM?}s^tJX<L3?#K&NO<W>C)ebSG!}
z+eST~yUurSn;m0yux}H3xz@Y6{!lE)@Ej}xhNE$&MFoI62zR2<CopIziIpFVo#U~0
z1o4cVOuV8#RMS)$7O8xK>}ujK;tpr{e=z2l`-{+#t==rZ+@Oz4RbwuGDJ6q)p@{*D
z{J9(T>vX9nx%?*|g3;}yDO)JyV2VKfesU_p$fZQ)#&KRHduiMwu$tXThQFPjkqEy;
zzzUuXsve-q=&UdUWTir|Z`hgbqq5Af9!KRS`*Xd2au*u9W5ZRI)Ft97#dMqVoZ!Iu
z5-n|+KI|nbFG-{`m5R?7$Z~O%Vt515raBI#(~}@Dcs_+f*-L5KaU6C1K_xbPs8ykR
z;3S;mzEKEy_D*NW(O@5-L#=C}vg@{LU={3Ycl-<*@sTbQ<poGg=63j~9t1VR{v93i
zbD_lwbjKHkMkC}N$MLacynouw3dk#pAcD|gC7u-oqKBl2$q0hkae`MylLU)Sb(gJ$
zE0iNI%~4fRLyQsWc}O*$shTuzjx{_!%FC;RJkM(tlD+NlNH;FCgrl%d<wvVyEkX&j
zr2&up{i*DkoVs(dKEfWEFB`>BwAB?~m0)dS5o>_FpuIy4e&rvqNEEnKsJG|c<odL)
z`(!y9IZ|aMk5}5@N2X;}oA=NZdoGp<yqeF(i+YTIl;!UHl1Zs2P;*}0a~tDX%|NTN
zfh#2RDel%uVJgflTbmuq=y5*wl^9m`WHVcJKM5kI*2bf!>dj$QJ5hv{iyAz@d%aEp
zE=>){_@ST7?Q9CP-TJMZy5$7{@B6nBI;}WPgoP(Ka&}F=CW~4631skJz<YDCqE0x-
z)4m9T-`~8*mkOxOrCR7gQ>$0zFzKya33gadj$M0BMC_o}9r%fd`7M$rXKg0}Zd+xE
z`#)@GAr9r38u-*ui-hoCNmReqyihdX&w;|q*b(fpA|6jK+lRyTb!k#!(+Em<!b7f)
ztl>q!sn-7#cvhyY<x!{)J9AF3ECE1u2hE*+a`?hiIo0j_m|Em5rt=qhxqF3HnWWgz
zg<`osm2fVLAzzpocVvs%AF+yMk+83l>u9(mzR_2)8BJoGj7RtxaJ8|~QF>4;oh-kU
z(I(nB!c;H&T}hcO;$2cq!rakXMD`suMZ?%KTU7<Z9y(6&sA>~X=gBhyyWFeLz0eYk
z2YlP@qvvtXhSag_4iUJnWS8P{!In;(lnHrH&)44`0aO|tNI+E4l=+8>X#PI%9mH7o
zkP3vnaF4r44<mtt3aXA<Dg?K%0^3=DZ$y_xz-Mvrt@ji)E(_A=La9H#_o$*K-G5O3
zY4!IUlHuu5aI)GgWc%uA?=7>STBCLJZudTSv~5Yj0r6%h-!F2`hznYJ+S@20BLkQA
zpum-AIvyN;$RVo1p?$f*c0K@FeyXjb=8wnGcYqiu`QeT3i$lPcY5M>;k$%s#PY08P
z(#fz==1-5`zvV0EJ#c6`6-OywEVO{!Q$B$=cFiOCC4EN%fPD5v0msn>07tPcc*QV0
zUI~&p2>pTYpM2uIt(t97`oo%OCFsnJzxaL$+fe=%(Ck7+`VF7-7e!rA7ON=#{=o{g
zRjs5|4)$Zg-!n|t9y2pn<st2Vp?)=X0S7m7GExb~Cl|qR9GJMOV=lQTI(H5QBKj0H
zBmH4oBw#2~jsK-AA8`90EFm9-289{)TU75ftF%F%K6r96r=WNj_NG21x^R6L+N|OL
z?AVnEKJtv+r)#4uc%^Rukr-#(xRSGpU%RF!<o{C{ySH6y&!vRO&6y`nSvs9>FZ&e5
zY_>akpYmq2lU8i_fzJCk>O;=#4~rh8gAqe#rtz{@_ryWU!S8aKl$#Ap^Fa18<7hFM
z@Mg2!Ze{g!KiIg;?QWX-ZmKTxe>XAG<5GQ0^+H)e;b%cca4*=aoc%3Fm+f)^HD0QD
z^yv(c;H0mpg6+)NVh{*AK!26`kpmD<+0PpM+SW&7Sr_sH!}^ZRZ2yta!YXYNx7oio
z|DtR^KW3_@b7y55q;kx48T&(9iU7m>mAF06nkJu`_?g3Mm#o$a`wMI8#3^P~ouR}<
z#}1hNM;`nKrOeKZL(hdhM=zQs@iaDc6CxL~Ui710@~j-G!ofIlE3=#?UT&3ONis%H
zbyOs+t$y>J4lJ(h=$6K;wLs31^dRKbW3(-TG`1?G6W`rmI^f9vGoNphgj2hxxZ+ld
z2x(^#ZMKecBj?3m_YeLZA{#Q|NB9ymvK5^@%WU}RvPL5(qHXwC*C<iS<pr--3fGqT
zn3M6c?>LyJzXZCO!VEw-5L>S_e)J#gy*xU4XyXGmyyS8v9f}w0UJRNRiNf~L_I;~q
zRW=6vyjG#Q&gc5t^LfFPT0><PCfhMST5MVKv4i4UcANy~e&i_)nYBhE!Spv}`rb3n
za`>4=WlJd~UXA==g(B9|+S8$KHD?UJ-}z{(n!jL)?LdqrI(~(o%r*^5G|SKg*eNA4
zF^zMBi=QELBW!Y`57L$MQ|DL<vMVR(f)6B^@9h~yI_!8!u=6uzHbSa3Eh@Z2Q-G(j
zbed!efNQ2&AkVyCByXdiOputL%0rp^s_jx40>)k9lk<IliN7i3WlvmWjaPO%u-em)
zLcz84M<lTd3hBhLHLvecR)*`<+6d<Q!0SYe7B<(Zf2>UjA(^}4FCWhYMn8G;{xfrm
z^pK&FV7FFbh>8y~A7~G~ncj#0gXvs`j70OW)of(n9lY&e*!Uqa{MWPxVahFK7F7WX
zub-u`e%t<0Uf1~plQLYJX@}C%Zl-&Q%kWy=f@~iyq1L#h44IIDq2xCje4jU!XfvN{
z_Brzw(FXs|a4&Lo{3V2P&FW@aEIW?l%L`IdxmV(|85?%5FwNQ-=G`%BGQ$-{#t9yx
zyB7$WZA0o9I~Na$#qswC9E@_8u%<fL`n>%h_cct-0itXBY&>_(mPZW_Bl5KT3Q|TL
zZ1aB(xa5=9Cbro>FBhz(I`A};`cN2--?>wK_(bwJ;^5KhQKF0CYk7(1ku!WuVi4rp
zo)xQl<eQ>l;uGX`MTEp7f4Lf<^v$e9m4dq1O}$an4~~YQ6*j9ByV!fWxA`SNIPD40
z1S%SZPK3wvMjE7KL2guBkPLOf2`l`8I4Q3<Pkk$QITS|KoSJ$kVra?vX1T`R%6Oe)
z@sMAQ?*}!4YE8KuFYr}Wih`uFw3A2WvO{+}B(5tRronM4F<(%S%~Y90w>*_FZRxp<
ztY-g!gew01H-$11;G_1<Z#vrkg)U|^RdWKo{+44IM>+`Tuq=^;bzP>qO;&7o!;uFK
zMKMi2GaSxr;$bN~-l=Ue7bQj8nukQU%5yGAkkyGKOJUh3rtvanQeOPvW<Ag51~@%=
zI<Vu(Cw5RT9-e;Bqf@@#mYX-oSa3QqaJ7J9klYN3eQi6tJsOO~@#Bd1MWGeis$(*>
zvkUTOk(aw2E*pMNT(=hbZ~?r&iQEE3LJiV&c~#;#tSgy=vXCZoSiw(P<hjF4tf~2G
zgi=m;`9GO&nOg}pI%|kXJj7ud;k}fV0ga`^YdXgws6g_#dG&QsIYXSNXaFdmT;|^`
zb;!NXIqr{D0gnD>BIbPbf_`A-DEHGsfA$F;1BIAJbP##CVSx4)`RMC2PHR9G8<iqf
z=W~f5{spCeB0$`(4UY)}3QYt2&Rs%Obv9+MXB&*3shdMUP+dbo*n0P}4v+BXq|7Z@
zZW*8Pfn(S7i@QqK*cbW5!-q#1J9%7`nLZ%{?BD*T4_v}*e}N{}rR4iXBl01=5)s01
zD~AZrLm`IdWP%A04Eu$%gQm~06X{!1Eu*{Iz;7Nh=|`7(R=0@}2V(<gghd-4jdENI
zwuzFoIV23qe~wtkn6DROdSTbOc#G@>S?*>DU6r`ZG+iBsmH7p<){zbV;Bta*Ef8sl
zSq;x*H!;)0--$(75meyvtPaWN-|450Gu3e(S$pJyJ6BU#7M(o8AMo)Jja&tD&W*_4
z8Tg!t`VWSePkyEf>>p2%XnO}@;S_Ph%@L~e@1k5&8z!kk|KgU7sE};Q9*H>Cb3k`f
zhT@tkI6}vGdALWoBQyYJQ!YU`oae&8yH76OtM(w@d*ECu<b~voySBY=Sjf+kH9U8R
z^&ib)Z|}R_%NhMcq42F~Qc8UF<)WS3bdFK=I3an*6*F3qr#UJGC9B`G4Vb@gTqZLA
z`j^RcuJK4@ZPq9g72f0nYEgc+FEKWaVQ^IfmK^C)!wvG7h{wl7l)|rofjsi~n-z$q
ztO5*rx)cxuP!cd7%#i@4$$kPhogenV2@5J+)oM)+_Vks%dU?GDJsAytk*nnve1KPX
zPI2DS^2f-KfE4@e#~=5zm5-@I540Qs%*nVnz7QB0tsl;PM`hxs@(+Pj4(<WVObJAb
z*&l5RUv2$-;nFbgS@MyO(f0r(AY=|FMfAP{O7UVg!bG+4Pib>>VcyS4Md-kQz7H?A
zcDX11;P_he<avVaE{L<T)7&rquTxJqId{&eXsG-Sr~-EwHW7b-tk0ugPi=CCdJVMR
zOvX9ddT{FV)A_co|8V<S%>mZ^kWRT2JdkTTd;f6ou`ihLTI^GOgN=Suc}!tNpsV;{
z@4k~pO)&DsX}EB2yc=))+OYA1P5zM&C*C@rpFRKf3bBd$cposgXI)4de+m?Id2L`E
z*|DGi(*j{F7F=*@6qh4FDg8F=>^R8290vMgk6lr(e)GQcUC%rXTq|~i;X(Ngg+?|1
z{tXKMMiXCrq-}PGPc;llLH=fDra%L1QvOK+UT1NN=)<9+nC-)1Jh0p-FBhv`5+B}v
z(Mqz=Kb&e0Br&Fgmn}iK_#HQvRchqCDP-Vr;iZr~*MmVI$Z|~@Vc6pmzr_k<rYS}R
zwbbZzCo458<K77_zsJCEl_D%e1>U~bEFAoXZ5P~*VuuGGzdf(qr+Ro&ti3cX;c>sv
z0&jOyYY=<NM)_0s&}Yz_y;a37?+?SnIfH5h*P=V);qYZK8w$C~hsD8XTkuvrt2E6x
z-QGriEDA{zSPzweG|LvsB+f}<E^rFdHSVdfF>^(cmUE3N{Y*{*FWwg)^uam7H+8SN
z^Zk<x`!cs!ZV%Q0E5tf!LVgYsKTFhl!5ZM(hQrn5?RGBYB!4b=SV-Ot1xAZ?EP6>E
zVYDjpQmkQ%lSGDFu#!eghDP9dd|f1nN)}x^P}!6mX&y_>kkEAFIQa=Rbdhv4MC*kw
zpSMRKmWeVVMo_snACz?0e1v$jGcVk0JwjbiZ%0`aPvN@DdPaV!XD>h1;1Z9cGNe{f
zwZi*as`oTOKB%XXua%bamG6#9qaysYNSq^%lj2sRt4Sn=?QDSLijBEfeQkkvHq-nJ
zfea<{gZ6l?lHI(d7(c`#uO&X>-J2nPfj5Li^xdR28h0I})=#U&U!QnT%G*2JBiFx8
zw~TI8XeA|6=4A;q$<l-ba*=hY!)r-n-Rt(cIS@TH4Np2+$tj+@LKOUaV4P<>L%Hm?
z?C;~MjdA2?Y7tpFQ~Y4K`!_5#CM^D)aIJ!+^VXVuFn*&yKGZ0AQZU;Y9Ly+(Wyrg3
zt&y8TP#BWNI4rP{>mf;IMjEC0W9WaKm9<ViFbmPcYm+s+2--QSh+m480!mTOGDOy#
zE1eX)so@33KYZKF4f^qGU?9TF^bQG$QX?FSXWq?k^p)|xkfT}G-F3<2Wk;shldYq$
z5*Es45moLktwEd&C(x;s-+5Nkm6fRE*pZAwjgT1=o28~`9^?|sFo;&Uj$f9uSSivw
zG|C=V=VcJb?o-e){&?S|2673CN4fMU*j=2X*rAj$lM*Dkoe#RP!iQgID3vX=V*edy
zm74nP*}D4M6%$15Y-+O?-}3-PTBio+_GBRaFwr-pY!dbo%h#c;6K*A5a^i`fuv)3w
z2Cc#gk8`cL+OTZ=RZah!T&U_x{4D%sj?xFcg-=ku-7Lq3U_Qih*Zs%Za!t#Z-8CNs
zh<LXOWEvU^!maBNtMsST@1j4juDNc41sy&+iH!}9?Y2dUO?<m{Q;A9><zUb7-}e$N
z+_4F)07#I&9~sQ`nqH%t8S+tQPSNDWhE&IC**T6HI&qMQFO3uuZPy|9E*Cc*g7J5f
z$nYvh9r1Y-q>GVC<d7TJ{}d!dZLc6abXub}zHVkDxdajA_Tt7;cV-<V21G)ouyn}B
z^z?$vaPN#Fw<|0Ze7svpb|(=N)2c9gIxT7V#MQQ#?pLULn>a8uVi6&`pDIORbm0JQ
zqa2Q?rP1^+zAXt@9OB{6v!(JzT#6d((s779LUz4yh8r*(i#=fVLMCts)vd3pJE?{~
z_cSLI{>O1V(*8IxV4I>v$~mO8w2E1{$_*ud_9NS7=w?7TW2A$OX|9wD#x6Lh^v#=+
zv*zZtA5vh}a9EXAtnHR=hMVX4GGTI$0(E+Y=^RSchL0(<w(g2Y4;?R2-_c%4vaWv)
z@7+d;cHS@M2+8oq3QZ93QLS{`hK7}Yl7Oc+HJPis$QdL4A}>^xeDERfJK<#nuAp~b
z%%hTP0rv+Jt1=GdCQr91mbwEm8+Vpb0DXQ>tHerkuLSG0AgQz-k)Mu^-N~n(j*8qy
zZb9B`WI+TUwGOyoPJ;c|%kzdyDjCN@k$Jt0Bu@>VE%pi59ee$zvqBNt&L1T{Nswgg
zNfu-cxff8{5qW0nU-1mM^<{iWI&r-M=ViZ^rl;0DOHEL*^Hh_mdCT>EZD;$*46Pt}
zP2GD_;XZN6SFU@E98JLIpH1XcA|Wo!V4VxYTa1VDl37d+E5I*U4m0b_Im1%fPVm%t
zD@T^Y66B^I!FE(rf(=0vWhV=vk$;Pi>w2B0C+Ifr(bO1VYgOVmbx`YW#7D9HJsv0%
zy`~hR!kl=XFW&ZYK#rpBrg4tNBYCrMp|iv<yQ#$o1xZzA7RV`@Dz^d&S|*TmOcixs
zUT61=rPuDG55v*rJPuJsPtJMzE8h=kpF{U?KB(?|G<(Aer;;vBXs_d`n-b<Fg=1V#
z&3j7J9h%CWR7NEneeAUaJM(c`)D1+`Zg}`F4&&;?*n_DD4Ab+9xVRLNKmOXW?#uXI
z13*Ut!CTlzmZ5<z*T$ff4)z^(u}>7hLvl0H9jq?w86;3+5&iD(7k?;29us5p&W(GH
zTdu1@S4J0pKMgq*dxP2HP;xQtdUT=uXaOxIV=mP3EHMuEeu&riYZt7k$-!>mf&`T2
z3m@$P^5)2OEfhFHmC*Yne>;ynPIChF_d_Q01={=rmsp?>N0vUeGQdxUWi~Yy72dyo
z50uN=;Zk6M{xLj-9`ZecJayn^<T99VVyfu>L=PrJ7ygfR$|4<Pm+usMJ!@^f81%oz
zL|kF?X9JZzK3l*<Ry?8#PF$V6ulh`GfYeX>?3=7hU}j2Z#W2iQM!^W<?%KYkS>j~m
zEURB)-wD2h<N*a>dDW3>>;KUnTOXdD1-}kn@KA)U$Dz5uB7H2ZlMguDR<m+WzbYlY
ztNfGrSN^xQ%gy<p4gRQZOIX?6@q{J^XdW-nSOd%*<ad#VhDV1J5PEDJpCOL-xa5_O
zfw5w?o%VRSV3SKMpzHKJwB7Ukdxy$o?YI9gKiym?D4eaeT5~^0N&iD-1|WV?VDT*q
zP_9DfcYrAcwInYnJomsK2tqcW7zD-jM-IyXzU^{%VGuy6J5xA4E&?#M)VPhd#QxRz
zz2&5B9UyH#-`}3Ma|2kUXwE5Hgr=+D2IZQy%)8&QU))~&NiHvxljZxc=9dmB^U_7s
zH<tDC=qxL0GxxrKDm!wzg>)a&A$Mj6M5C7Y7?}1G(H$o~^Zh9Yo0LSh`hripWNH?+
z(UF}5ICi$j^4k<xkzfHV4OBsL5I+2_mGW7g9}Zpj_c5I?z9;{6mzU-!k8?ac>5Ecx
zD~I_>k9n&6bxtW9p1lR#n;)enpvWTg^9!I<zNdza4>(^%ynCmOf0r?t`!=1uY@Yoe
z%qqU%?RA}H{=WCHOojDfgPYqfTj-a<&%+XA@_jVxq<OJxmwew&kMR)dftt7|0U5(Q
z=o7#n3pVDG{@6Z9_WCI@Cj#NECh@gjW(QYcVR`R6<b?&d-wp&N8OxsFp;O{my#7(;
z*1gP~O&nt(MNxA_^8;0>Y5jvc9_EA)E9d&NB(Ej<ts&b<L;z*xRANd-XrlbVL^f;;
zj?97axTWcXxA+(hB~3I(u*}!k<&*W6ilc(>>EM%MF>ugApPns<y*^lp%H;%R^*Rx=
z#MdP-`YPMd`ZsZQGQ-bSeE6J5Y&|uOPfnzDw074X%FPyT9pI_nNb~1hf6ZajIr!jB
z)X9FjGv?ELmN=0nGk-G_!O`?}s9@j^Nm_A+Trf9&Ym$PO%L9W?0CDK#d`W);91E+m
z{T`zzs4y(+$tLt#DH`t|=V9WT#Ma4c?QPTr;r>K4%zkJjSfj645y1Jx^0E(*Y5cgj
zkX2hDSDSk0?=Awn=y7hukVOtL{q72v818tenc;s!rbJ#N=w|YEz4tZ2Zn<rm#Z$-z
z3W_B%OZy>o3a~$Kx}Tw_v-r#oNXeM}CTZ~0xzFRiBfwalkI2PQcl`uliX6;ZapP*=
z(DtXvb{65)|ATFbm!0ndwWCmi>MaLkWv|8;>c!M*`8E8_=8qhv>7PRGuD>N@w`-m4
z6fy-nuZV&761g)vVY2KqBVR|8HK7-#q~0+eK62iY0zATxf_Z^n1vFFo$pq7K*OypV
zy{jCrhV5K__u&?~nZY3%hE@SY+5HSW#)q=0>Y^_8qIv>|fwP}o1qhVEcH=%7Mh5K&
z1M3L=o4upw+<R`1@)@6q5Y1#>b|9I@P8mudBVs6Z;O+MW*E5Q!#LnK9-H!b_Jm7BU
ze}9__`*j(?wR3l}i4QGl|Cr3#0+?l@Ma=XCNkB!LNOkKoh^(@thDD3ZvCoRbEZK~L
zP^NM7o@Bp3iWa3QUvtk&EH0mLEJE)kZs4zOhS`a2<P!BXj_=YJvWgvMD^GKBBk&J{
z_tGnn*ZRn=>Cruk_TNgEnI<OhM7ktyun;(l8@ZlZ^n2mi+PGVe$Y0mUSV0rA0&+S`
zB`4n>g3{+cEFk|LMWsv-xcx?_((sGMI2tM!%#>dbrgHz1ieu9_?qTO6uooAm4yn;}
z{)ZClwprerZ=S&Ik-+-PKFdXjCFbRk-O8Vn2<~20amcEY3Zvj|l$rf2APUys_*8b=
z=v<<E29=#@v?IQ`D-aNur<i18db5lihUiB@c34$&K+{prZxZ^{zaC(F;-)JZ#KQxy
z>qn1LReF}08aJ?nj}Wlo5;4X+oz;Fo?H)wE=--rOC{s0}3%m}fA-n0~;%*NSvuC@e
zSkn#C^ha}g%$%1P=|BFoPvok9dqJjca<CVbG?O6<2t}PzL%|;^kq<WH*g`$8#G7&_
z<)`1KaeaTu(cN_8v?H-!5C-;vx$7uISFb}LG0A@m)h?xmvG`*FRge;TTc)z{>ka0{
zv3HWpBBFN14XSlA`cXmw{(3JDacBhZQw2eg#}WfA-ueRvrg?8f=CYW`9fkSI>nN#)
z$<W5t?0{BA3?F7BjvB?A*+%u+dWwIQ={y_6{(BST<CYlxH#6&U$XX=Wti?ZUZPoqL
z@;XM+T1NrK>e*S-;5Y8#;q)>|=TMluUNp>;F=8HYP<ES!U{`Uh2!=)EJgi@3B@K@X
z?DbVEo?J+fmwn<xS7{c7#yLBv8~Ya$V|%$>NvS=%{+gX@Lg8!drkcU~*3%RMoxupi
zn-@~s$Wb(_$zur<CGWX^tg)L+>i-xaJ70~X@8umS=j-u|;_<t8+ezzhg6%2_Nfl6}
z%~1>4YR@?%C8MD8Irs^3&06x?&Fx;bus}^nsMj>P*ookk?F(W-Iig=vi;vJaN2&i~
z50BKHk{BQ?a+W1i@d)e}@|Ad~cd+OK)3kjYy=a9kFa?##+w9&&RB|&Y-TGxxLegQm
z4tB-Vn$A}=i!CA}rNsWC=wMOIg`ccbpCuo=b_Bq(LjZ%2{1)&TEj1XejYV(HG@cLo
zk=w4Z&CD+m_aE$~Z&Rbh{?n81pq|?;I!NBwLcQ(L{9tfjN)^8SE;zZ92rBExvOI&p
z-~Ds2=Lg9`$jD1sD@95h4thL!#N+6d6PLk1)ECok9~!YA5TnZ-tmYs8;AHC-5#g6;
zJgkP=zZ8E+rF=-oaD(vW4469Xi6p#>MPpISuW##h(?Dd{p#8lCE+YZtaaMnw0JpK$
z)t^Vz{&v25gxS~fMw*b8cy|m&DFYp?#h5)H;}TP?NYWY)O7=K;$sc%>JEvB9AoTZ4
zu+6rex*njruI)$k)icUEK6o%DV(#j_w=Gkjk=`XuAn~kGnC!+Yh!G4E`0pxzFWfO{
zw?lfVX>$g8ASW%kyav7`XlfDLpLz~*DtC3yfZfR)<4uyzo<6(b!dqnt{dqgR!5A}M
z`>he@_fd=FkOs~~54RyHT^2XRDYv(~gSCzALF5ppFXi!%I^csNPTK(i?`(}j9T-j!
zUjxHRUByy$J5U(U+%%gSzH8~qyCTp%>K=9miI-i@v}dM|je@!@#S4z)lywnU!(6lQ
z%^vT0xVaJPD&-}39P8N7)QZ_$vcG@dJgTbLN0G9fPO?e=Lea8<dQb7VP|9)?*V7~l
zKa~peyTyqPQPouZazIJxk1wayg*MX!YZ)M4%GI3HbjzTrD6<xXy3C)=hbrBd=7je|
z3&QA#5~FM)2|6DIB@b2V4jrBoybmKAt0@eVc>$l@QPsjaCDXf>CUG0YsL`@yT04oA
z$p`p~N+#~}2!(E6ConJg1a>P&dgEm`v=xNQ<Ct6`ySJ0cGktNHsu?lZT=4d!9+RaL
z%7oXf{rEv4D>=dA!#wThL<RG8JpAwppyF`89Eg%xk5_V1Y|Cl#!J2H}>R^84J!R9D
ze&9TIzxb4;#1{;ebI{926K*y~i;Qk$Gn@y`OJGrfPU~nsv;A@@-f=`p)}5QxF7C<$
z83BIemLL2$m#IP(%~qkqx}99)OBkWR3NmSQKDt9~txk-!-&4ltXoVG^EJ1z+)+doU
zf8?0fyy~xCOPx__;=@$s1u)M1lT;oYo&~;(|6m&>6w!17mvQffogz@zK?$?%6VoG$
z|Ed+kmZozArVT?P`7qyoMkjXkr?>NB=ek_pHg8_AgN-92NlKUinxrpkmt>P?t_(m)
zi`!7dh|6r4S9I!<rF{DJz@H)o7W5D5Yd9hMO=vkr+0fa*GSdUCcL>3gVz;MK>g<95
zd$R=kr<-`nSLaa*ld0PQr~jw{RGzh1Odf}$@(m}>E(o5Jx7={zvA0D=Ir8)yXL$jf
zNC{u8UV|5X-U(+c<ZS%44E?HKGwv&iISex-Lb}rP{sefR$}j%vyQMPKgH=`FWb(R9
z@Q)9gadswrtb_cSI9-tc=o1&Nwm`fn!D=<!KIw&ianMJm{X~6(oqkUDs=Hd)*O$z*
zH%E*?A_{g}DLQ(g-~yVV2ZRFVT(stm91{F}`AjZVU)-$3dd~<l1~}d&);zr&rN~5u
z$1~5v@B;iJYXjsxW^RuqvVSjX=WZ%b=O!h;#1ba<^pG*>jO33@xa|XZE*`eb@qP<@
zRuAoW>hrQ4M*o8;vCIFyfsf?;5x)Sl64~U=M8F?$i+FhcFh$xh7BDY};qeX+p-7hw
zGc+F`Z&&CxkaJ$_7Ksg^B#yhOctMcxiW;qJdL;m_iazbhg|6E5Ywzl)z?WH%yK65+
zI&nM))2@@5D-KlLXe<x3v7bQ(BGIW0Ni&k%Qhx+mI$Pq2U$87~!&|*y@?kq}-9<y)
zHlc39yg2}#oy)#qN!G|Rk@tmSMZM63iij}_I<eK*0SbM80`i18ro|Dh{t0HPLK<O9
z94~E8*JX$n9XY@8D>xqQYL>v}JOM3crdR^I<e17c&U(s$IhJ_8zp%pCxO<~SmHvvR
z=I2w8FXQ8T!UmB(bZklg)vYf9`?;r1+h}G7$T@G{9mJ%$o-G__<dy1i7)HK?X7{R8
z*pSXJ8{Y>?!}<-1hO*%Y-6#jKIX34)2OtX&ZBE77YV21c^CUqDx$uEE=^V-j9&@6z
zrG}SA#H>*+64l_7JJayFWAj7=UF5Yj7SVI9Os+YrkT|Db8?zK8xFKY-4V((Zm;=ZA
zhGAVE@@bjiGwCW53D<>!PFI@|riRNb&}Vvd0m*v=C83nT%vs1LyOUmuR5g6(dBojO
zRKG+LfjrNnB*#+cj+J0_nXpWU4(besa-68Mnpd?-)<sIG2Oq3ZRXmMp@;aM!eDAk_
z2`IJ-EEMt{_lvzs+1iKXS3=o7=RLbg+jmVdWC=2kqKUfe=3TQf)gzQ$zi>UPZuQ!@
z54*iY$Pq%A%r6`9BDvBQTAHiD`-X`%kDWX5!@OK{C9wiC@}Z(juy=s%uP)Cn_kLQ2
zo$lYF5-r2Sk_0Ec%&Oq9Vj?%-V9_PH=*Eyg-ZQH@Z^+jDiOhBN9(K_=6rQsalAW&f
z{`oo4%tqW|f#mQInk6CwjW}2qL>ImOG`~rKRzMzPVfWZo{pue={ktb_+D%_#EyQuH
zJ|XhGL^%}!i9e%l0=IL`Vrv@oJ+5Y?_87UMZF&ZsL;bw*H@WRz^w*;dtrTN|dg4w8
zWaQt;&`251GFMlc9a8dsTGILx2tSX0YL4bhzw+?nGq*XG!y<|38rv`O2PNhKPt`tJ
zrY4uDT6ZISJKAwiUU%fyh-euyZ27bVbMP-msNPvh4l`X-TIQfMu-5kmWPd0$e{PTq
zE>PFU{Gg+ClI4MB3FsC7osciF+qk}0ny}?L%W$!Gx_Jwko<ZUm=&e5m>6WNJ_>N#P
zas*IBV&~k(L7Zfm90JIHkM{KP`f^!@>)&aH`@eUR3Nn>|c=*%;TyAnFvo3@7&TAiw
zw!2Bo4j_gbzrXioP;yJkIuV3)hdpAy>neVA@8~UZK0*ator%6e(5?<y)DEe&`+f|H
zSqGoxT7O{%tEn;m5W7b9y{}YpTnDJ%YI7Yg>H}GA?7r*3jqxDq*O0-4kdenQ^U4E;
zi@I}fX<+?BmV|yc^ZM@tU;8fR@IYc{uR-xNGa1)Z(>}LiAJ_|uO1Qb&5+%5LO{BSl
zDtWPcE4Au+^yiXj)er36^iO|Eq`$bWf6j<h{A2psi2r2iKqsJEM>c<k>A=4qc$P*0
zjd%k2<U@UcT{>CvCN<IEf2VhN6oR~nmI^5MoV%VuqZfY8t@RocA0`r&AZPn<_eBZK
zX!R-==pY79lfc!duZ<h(;+M+lF?czvho99r?P%DyYaa%T9sgpVZBBN6X2ne|FLB`X
zSQwG>Y)pe1c6~{|;1JI6{kD)l;XfAcn#Bah`wYiP2@;$2;GlyN*^W~-Z(7GQSWDx)
zVBO2ldE@D867akb5u#-s$7PyTDGhOTBk)sYPxu)pxUe6kTkgrGep9P^d92b;l|D?&
zeoFc$6@gX=zVey(MdlEC@}(X|ZlR?e6-atJ*-D=KAZd{Ba-htk;R;kiwIiSM+4HP&
z-(o^RewUa<tfke|Z-(=_T<<k)xpTLXm=1!j^<+PmvhtV|-bm0|3Far8U3ku`zd9#a
zU3UitoT#|VzN9~&D#??~1!<kt;|!8tV9COKP3vwHdG+^h2X1v9sU8;6CzkjQ$YGl<
z$C(p1Kp=dDtJxvWOW&wTZEv5|m{dl07G;p#+WEHLx5T{Of;O_hNNpt{`zgXRUCn*$
z0MX!M9E>nA#!R*{T2_-`?U`u|-A2tjd|KY7^I#t_L2niaK2M9vP=@544GV&`el;-3
zcZ8x*RfshumD2RfC>|~2;-I*WTAv!{O*tize_2_2vG1|DN(Ex~Snd{KEG)!%p;bUv
zU!_G?ndT5dNQdLj=xw33UL243bA7N$#VcVOO*+3@LS8d);zUl0PuJTipCpj`ua0u}
zJ-fxE|1}f{a03%yxkV}fI38So4H7gGITjWog<u<>ukLY^>0QmJo=)XsFq8zS7iAbI
zk^dSC%n%ghRzKxF+=uJqx{84;F`LfyJocL~B<dw@HzQYTfFGRPjjxO0aqkcFU_Yh2
z!t#&U?=(YvZT*VRdOcYnnbbbMkZU3fD}n^R`EEyLR~qrg&xhirNb<&ASd6u=NgRAS
zK~y$^-$hkUzvhpqewY;e6Y$lCJUQIWk9>Q<%ukhcQb8X0XB-DT`7sLK$B+uCT3Tt)
zk<2(^ZYuMkKM1TQKdO^>$J_0|M%ye^2Q%+iH%Tnu3bzr}(_`cuX}rJ}l)=A=b3@5x
z2YCqA0$R;#(<&u8?!|64CEtpwZ2M@VB4K*`(#%v5RbgfHjdK0dVk2j&_KOllY*fBP
zq3}X}3&(d=Uz|4;FAg&#ttLRNx@`K1f!e8Vr?34Xj^wHoEWV6_chB-2dNzlwml)MJ
zwMlYL(`cynvdBi}rZbGqpZd*f#`r4?3wO%V+AVC5qMsYocYe!Z{09pNVry`DYBt0Q
z-q~^d@uQUD%yJF^-djmCOg8*mDQWE<f_gGm_$*AUt$y(>Cj98pv)y|5fA4eZU;|SC
zowvl?#D;>XGUlADYMF85&T~$;7>&9yM$YcZq@wQMvocLkdx^3@BeXTQjkB=19J2~-
zqluTFxSk`w*{el~S7Kpk(^_}znnIy^Mk+5}oG0v&o0_To&LJ*-y1iCn=fp^{^p)u~
zzLOPC-LuqE(2zO<h?TQ-`MoUl4_{;=^%VxeD~&{T8PspM5sLHL&qD6f;|As|=Axpz
zZ_E5`b8y?OH+SPaYZ_m2Lph%HU85|*{m!C6Ds5~|1a>D*cTwR?1d*uyY(`x2G&Ni`
zs&9d&w>g5R;&7{*X{36P(?j>oSYjO65ic}5({ye$8Yi?Gy+qyj@uCCV$)-R&)pQf;
zwN6lM5}Dv#YmA{D3zG$XS51dlo1;1wid?pR3~U^m^AHR)=`#gc!)3Xq=}&p2m3a}u
zcs`0zJhx2UoUEnPmp#z1l881-MLI^OVtc!4Dr{`S;sqfuc!+n-$MK#i_tq%q@8Nu}
z%gz}uttwETSa{cADL#2$xBEq8LR}WndO?2i1>z<9SgNIA1U@rIk5J$^>Y0hf>}rvm
z@xxl+g;#X0WKqqhJxxGCAa+_vsdj!2EAigCnFIgBWkICVk`3A03YQ?b<Rc^Flt|zm
zOPKJh)I)?jue-xH&#GbPu(qCz%wsR%z3<iZ1M4cnjqiR5wNX92`fUN3n>dba|GgXM
zA(jiikr*PAIlP&=9X!RwzJsR2fmIVOfymO)Olo^$EfGI6J2cKHS)lD;m5jo4?Vzr>
zx|zCsO~Kr6G-_Cr!bpi{IaR_wC^4!2Td+|oCu#7TB^nnBDtK03jhXtN{UL4%>MXTJ
z$1M<BW_*X+aHO>w>Rqfih{c!u&W6(+{la~1D@poklcIp?z~G6Dl$g0(O|oUa#P{QR
zNng0yvq7r7YXgNm=v)!lAzy%R-L9jG@ZVh~LK0%b1NM+`o>33jeww=+EF~t6>QrOI
zC1l0#k^=E!6fPKxu{6iK_})RIGEW?m%KFDX@+(DdV3Ws?WLI5Efn4i{<;Z(#UKGgV
z2byJl6Ije)l5Msrv^EXEU*zJspl2^h*K8z&NA^qX&QK+GKY%^TKN;*^gXky%Gghx1
zY#MM<RXLbF-T--qek^gnS-CDBRH!fafRZ)iXawLh=Au%9EUXU)puu>sp=b%LLDIMD
zfN|j3zOWo#-*0nP^B@fqe)tgWIw00;&R2F+0Yr^-zVJ=RUr+i$hW7IN(IDHF!<k16
z!9GNzKfMGTqbx2ufW6867sEe*vE)koJ!@q`+TPp8^ueE6msdb7=pR|<q7n=x(H%`q
zKR6+u5y0u`je9HD<7mGAeqpNLX1GTRrj~*H4h!l~;nT_QIOeaZ?5hU)X`trx=8eUn
zCNLE-F1%ztpZzBp#F+m+?I%8*(zjdPH19aSHcJG|P^!)Qq|fZDc5P4cZ<R&^-8>;S
zcG08ZIPck7-Qa()hmwS8ZC16fx4}cpkr!`46?xw+^!IJZ&fm?(OYJ7KOcD}+nqkp$
zS2M_?6b#Wq9c?w^-uHf2YZ+jcf#vh*n%v4R#oi8tQ6}@Wx+qhx*kuJ`uS1rXW46!Y
zJe?eZgLQuG)kAoH0WF(N<*aSg=$-F~;e3X+twd?M11tFt_Fz(>qcNGgbsrxxyDmFU
zii?`Q;K)J!x{;_lV@VTi4MTGyzQjXaff5os&!Rb>;a}O6G2P-`_jSamWORpDqq^_O
z1$k$sYEr+Y8S~0OAVzD@9FMj!66}>Lo&V;+c5eozaxRG7GQ&CJ__9S8(*pWTmlE~j
z7VmQ~HZPT}C9!~M^D7${RU+dTnzsBs8kCfIN}?~TzQx`v!*1mBIX%NV)P1-eJ~gu8
zMB0#v$yXx(h(;g}?x8n&ka$6Zi%A)D*qI7nOXH-QHoO*Ht32w=Gt*N_WYr&o%%RxQ
zZOMF0`VJcG*lmk^d7;3{Z>zh4uD>2uZzjYl4FH2>pjYU}d{Jv20gKCFSMhC?Rlf-F
z>B#%tu=1Z9(U@_IlRgVk6FV3tYW42E&vgQY+S=+1t$R^8U+-3-Baacq;Ub@NnOh&v
z>u5g^slBrhI>L_gZMOHhad`w1DC(M<PrJ)S)_nLY^t@6*#+d)fX5c?Qx@=+P_Os_D
z3S@j7Pu<ibFB@L+#}J+P$r0J7cn4Ib*b&?Pk4(k!%no+X=S%#Zc>ox=?In3{K3;*z
zlndNe$(Xw$`RABz@wxitu+>T*r1m10NMh(GUROp-;~Oyo^fzx<*U=CqsuZDaNBazm
z9_OD^Jv^XNNKhpp%ZW6>&i=<@{_Xc5ew)0qu~~1TM{ojC@>iTpsAStUoJ89|`lDcx
zX3X{8xBNTf$Qz};+qJo)vK?2|thU6e!?Afuj&{FuOelBoy+?K~O$x#~c;o09iZXj9
zOo{ckv$o#rKw8fDMNwa7@NTw6$U;CSMuY=KQ!w4FkV7_UCWPGjVe^d0_0iBcEK-i=
zrZU`NW*<MqLfRN98N1#pm@(Nwh27#a|G*USkg^jbKh53rX#xxNYLE)lVr*cmby332
zYZX}3S~wqNHu6G0nCA!Dr*j2Dd#8?k_&v`BrBeI3f2n#`HsSu~JtE6Y5l!a$bb*1o
zlh4#-5tcbwFD4-OlmjxVVoC}?5$iU7tENI5hxJiVqgF4)YI<wzqBflljYDNF8s!ZT
z`>Sh{n(@0$W^t+(jBHF)51U+k@Mr}x`e#+q_MYWXRqG>HKk_uI*ZCax)jWr%Y{cYJ
zGb4I5jZ4c=s1#c&Rjr9iRJ!esdJt36^uav@$D^j>YS>*$YQ}9!i{KrS;b4x>xWdMt
zw@l}3odD1jm!|+O;yQF_UURQ-QsmZIL<~Gnz#GIICEDnqk^&U7=PP)b2UfT!A)BZ@
zmWHZkn&`hez|q5)d3rGI4kNpX8UMlZJ17Cm^6c7brbZ%G^DjXT>`X~`C}{)DM4aH7
zm(eD1K5;0QtShJXtw5CFZj@DzW{O~!^d;<kyu92WuYQBPQ<S^uh5=xreb{KGnt2gL
zn0n!lr|z#vq#9{>h&SszPGwjJnmtDfN@T^$OFWGAe=sws#+oS?>Dhj575HgT=Pwe*
zQ4(w%x-3%5Oo#HE0~Ad)^N{!K03$hbwN8xdJ&A??Z|?wy;p^|ir(`WaU1hiw79J0N
zik~{WAitviBiwz<&&E*}#czT*z8(6VUAoKcp7MtRZZrZ_{zfTkSHcL!+F~Qjs=EXU
zZ~nlLZQT)XT5?ZRM|B}}<cs%bDVSbc)v(?f&^<c1tT-y8tKYEMDv?F80cV^<0{x)M
zY)q#TZ+>IE0uVQq*<(p;A5T6Be$uPG?OnXwlv24$sRv#=cwXNiQd^MlSMxZwdRl~-
z-s|C0KM~3_%3miT+p!K$6#Jf^yva1VKg2=3UZZUhMK^Nt$(_wu49g#K{}1Ma-7P|D
zXB;2Hi@?KW(Y}utu3p8M6z3Fo4$^``<O;B<WyknTEJG%1-75X<Kv(?YE00jXl*_!=
zE4b4YWpxGHC^D<)b96vO$=K$?m>p%Bym-!n-7iCZ>xXsjo6pJCyWK{teM+MwEpt8B
zQy5bL5_Q8YWsdPMG8O+>vx<pkRl<r0tdw|KC^j1iA&^-lhZ%`0nbFD9DfuGv-Drk1
ztx!ot+QwmHKYbi0?F1~z9!GO@^uGQ?s@>Gvg=rb@0eFOWt}uWl#$OeF-+f;h`?`Xi
z!n!4qWXEl*57WyiQDVrbAl+m$zq)VqChKbthjh{J$4RQS&llZItH@4{#Kn|p)UHN$
z?|%B@#(e149#gzFQo4yH)%-Chcxx~FUzQ?=jyRUcbqK_6+(ElZad9Z(6=dZeOtsyc
zw?i$)S$Ceh&kHEUTP`XVrPA!On6jrCYL8yvHJj)>!Wzm3^*4BcB}BmR_lIzyH}S~l
zsOu=`!Ul57yNA@g0oYv=YP-wDUf9OZd)c<EjZf<o;YpBj;TXA|S`0!h$+#c$1^uQ4
z6PXbNkATT`uB}JlvcD}ev#kSoykfQe@qJexxq%~)oq!+L;tkKQ7*pD#p9Ak#4MM7{
zskbn0s408f3~D(WHUK{I+eT19x^kObaQq2axE#Lu8x2e`heMiYq>mk(Y_AWIfEw$s
zuX#^QzvGQhG#v*Bm!*lH!t0$1Lgv=mpDcjHOur@$tayH~&rJo9lXh%p*HkY6!{8p;
z03}y-V<GIo8c49jv`^!pZv)L4H|$V_%tP3k*BR+fIcev@50?g5_iFcDn=pQ4T$lr-
zVFudK=hA`$i3jKrtzhTmgd7ljM=Dnl56nx4`38FizSH&$hG;p{?K4Z_(v$ILB#T<9
zYVJ81-~KtQz1Kv2e9JiH#Jz~WyLk)7T_4$@I*a9jz!`O*^GglL-2NKzqkLu8GFX+g
z?}6m~MqNhVee8u1dbnGrcg7Nu0aMN_6hF6DpajRCZSf#>67>Q=;2vGql(gEvwmw9C
zM(&sL^>lvQon}=Bh;c*QmR*a_+rd3Zw>G|gV2~79*B?-a+coVQ`L1Z6|G3TKq4=nm
zjiojj6;Rp4Nw1nKn04j#|KsS)!;(zjHq5G^h^XK;s7Ojk<_e8l1q$vYC}ftFnI>X2
zYMNzE0d9z8?ip>bn1onXR+CvyYEoKRnA%KDHD>0R(>S(G%deX6neSf@@Hq5P-sidR
z>pIVp!2*$Uni|!&+XbeBUWx^UhezR$FNt}($~LNA`~h*{X^IN}MseS~@m3oBmVI=4
zDi)3~%CN1sG)JzI2K%OyKD)~OT{P__x7X_El=xX#BeXpRd=Gw$)q2OdlJOLn%{r{8
ztyx3&VfPU8kPnkNH~s0*P|Z7Z0%_zjqq+B&*jTsK?Xnji#l*d)8N40-YnNDsop)SA
zK}3lemydc3`xprbvp@7Yq}5u6I1g9=Jso>yWs`VUQFhNi`F(C<lcnYgHniG||Ba!!
zEo+u6p%R=oo5;~7Yu^_Lv*~bkt%gnxq(z^aKs^*DgVn>ermG}Jw=bm7SiH`5W3=Bn
z($faJnSB#^OUU&Ic)qy!Sk|z}o2CY8rwkxrIQ*Ipt(;RRl0-`fH61rmJj<Hr{i2A?
zZ#Yr&Ri%QrrKaChRXLurKaTb=RJZ~35NlG`xr@lo_2&u*i(?p#T>cj$Y-ew@BVhHj
zpXbLPCGjj#Vw(s{mIj*UgOJAh;tb*XY!PfTUDvt$h(Jeie+=}UZrv;A^zaw=9C#*m
z-y)YZnGVCO-iUpU{n{%?T=tf2ddYQCcjg%vn}fEp&HKE+fPKYzYrmk7sYdhiEWl~X
zA)N@;-8z@g8pP3iG^@nR2S~iUyRInrbMv$12j8a2uoU<Rnrd3gu$+_wr_;V;jjU<)
z$sO?mF9Rw0yasL9B6~|@qYoj&mW~j2ZC^#Vtnb!dV()pxq;!7a39#GpWpi-P&Cy6>
zh{KdFu#o61q5Cb};|Sr7u)Z{M`u$|MgL>pWf*27ajhfZyw!iEhwYjnuvLia5Kom3C
zs3z$I{0&VAd-sOdT8CwEL*qu^U!px4fXN_QSB(xCMf!MnX#tm6qp`+pXB8mW*%aAr
z7kxWw`~5!X!cYl{Qh#^0Regv9f5U$Ny}1-X?pNuY2H%C@uE<nL7NMDq0F3`H%qk)u
z>r>nyuo+4cY&TAz+KR^$#$$|7bzmuMFAq_4RAluu<(-*c02YjPD=ZBd;NMo-EuMrL
zKWUX~qFVL~oFA}r6V_2;F4p2IO%vj)2(}D?<3|e8aspKgqnJWxNQ`mxix;pu6t5<N
z$;=d393o-8>E*na*_y${i*4v7mzL07Gbe$*p?g$BR%|AU@=`z2p~Wrf{q_g9uIVXn
zJuCec6~A|X1G_GiVdqC#V0-nMe{vV8AF_QEfu;>m)aeGqJc}3hcpB_B3G<pM>x_F`
z(jDl|^Ve)xbtZTmFVmBv<ObC7cRZ&CLht}A4+`X&R|>JSishFz)nUM6&p^nq(8+m4
zpx2ig6E@#KL`1S_G$kdEoG_`f{@p|vK`GZztv3vl(vR-dD|~-6RhfN`#?o$KW-bM3
z4s4o0<%QYrV!uxWpw|J0)oLzGS^Zp$3w`&I+Hz)u=QJm1@v;xN>T12AY}_1Vi~J%|
ztONj_T$iFKB`awHa&3r_9pxP_QIz0UoS_RMSbEiow`8H!{*@d$xhvCUf<r`XQec@~
z^r&47R4`1rEUusA5-&4<8;c?CPk<d!ZW?9pt{f$ikF5ET$@X3ca+jt{mx~DX4WBgS
z4s35J)itl5ShN#jUabXXq%}#n&?qpl^LrpnThWGt=ls%zTtCOiE^OjNc@DV-QUXt1
zLJ_+E=;xU~YGm(CfDQ#;G{YA97QmY58=urH%@>7y^plwrwkTkn)N<M2F9tS6_5h~}
zM3yy#uG=q6n3T;!SLg1iN^Z^KH@-Mp8|Al)u6%)*mw0Mq>Ledux1!F<uqPW>Fl%7j
zD`#iGKPMrQK>y<zYWoOs@lmUc(5<fp=2g1rV0+L!W=eC}=;vZ$$DjG35o_2#GE{-z
zRG3vt@}~hL$i0kVP8N(>Pky2=xlOTm>nRCBiI3V-szCvV#;-vqaZf3|JPfw>N3QIo
z9@BsexOM4ut$p=6RTCz!!j4yqWiokvpW4$>B}D4wJ@oE7j#~IzFu;&Pop19Eed$}p
zzP^E@n9`cJ^zn*(9$~I9qOKgzJ{;X_<0R^Hu;KO%kIXfnBbzK5u_I2WoYMN29Gucx
zqb^Ts8G#wA(XjNtp6jUy5wYf8fu-p91HJyL?~HKOAHarzdMamo-BAQb@`Q~Iu`a`?
zUFrDmd5K`8sN48t^HinW?L9E^@(d2Uzz~F~N&8?y1I?GayMc*$c;9b48@pbxxJhII
z=0EumXpLsx02cAU>yDrqyfQ|U_Vwl;dB88VE#ONd2&nw60ZG=UOZ!1+wjZQz!K%9>
z;6ZTNl$EEj-a*>}O45Zfp#Y+C<OA`)&Ct4mo{_2U`7r%|4)%T_z^p`4_G-=@$)4XZ
z%nCZQ+ZMolzx%G5#s^k}-H%s$o6T+7n+w$4MHjwDewzbrqa6?Q=fM*8!<+CelFUun
z`n3H6ua=nB0Z-}h<Ttp3;rg;6aA@B={&m7rk{-3`c_@GjQ#L=MH@~*HflHP2Ca=Gi
zANcv=R{Djbf=pcCsXx~oos80VR6bpqzK$@zMwA5BEHASc{-d{fCjAQ=1spU=LgjS1
z>tpMJE)aX&7LuJ0ioxd>gK+EJBwx=oLf^F8IxZ;lBu-W-V+SR}($<PIvow9-*&nG^
z=@Gl*XU_$f06_pq%}W+<ubl*OS6cEf3g}HJ?9dJ}X@VWrJS~gm6DVfG`bF$PGksZD
zKHCj`b4rieFSMl;ED5bsA{O)v7{!(}sWa=f;k~=^=oVzwCIqMzrK~^T7UP`8Y!&sA
zm<UMl+zXNHLe=38&9BP^*tth~&Mcphc+hG@WN#efCa83pXr%l#+l0)JYakpCJZE3O
z7W<UDFwLfBNQfs=O~=^-=u|s*(VE;FI(0yI&IS7X4*$&pU+Fr9h1u-tnz}$prmA2x
z8~5mBvH|`Rw%Wy=cVWHQ_WcZrEi7Ykl5H)y2*U+OXuN4mO*{DR&7>}1N8vRd@0uCa
zD!R+e`2rh<JGfFS68sR#;<h10P+MtZzSH%%A!^zI?I~9gb%mru5TLJGE=0Ola-w=Y
z^=XQz?ZfZ6tKUbRHX_IG-%??VJ~Arz0i>HyGNp|(tnsYa351u9e{tEewJ+dby*UGV
z6_wdw>ej1QoXxigA&`Ud5_$1SjppX|r+O9c^DfBj=T3p|_dC1`qM^qT{e)_O&WNd&
zUI=tm{zym+8lWV7lUAT$+wLnh-*J&HLb1rY-~^*Ab2S!zjNC&vH+4>KWE0%see|@S
zTRsW}HIs*)aY=s#X>3!o33AWBzY5kM%k?D}@;R};yd;Sc$(MO5?Cy)sv&xu-Wr@7h
z=`W+CzqqjLiw~+8_hm&B1XS)Gvu3DiO0A<0mBRkPEPW{0wAamo0V0@raJqbB=8UTA
zjzI474;H;Kc7w<i2%pNQ<f!uyt_2v|1(AE<6Di2>U4n57@1-I;Pn~<s(g>Ejz-{!|
ztc+aS(j}W|0!yTtnJsgsIq0Vh9mWgJk48*i8h_7&**3jS<n$F+D5Ug%VG{B~#;m>4
zS1&Uk+QF_fPf+MG2-yZ^sOzcUwd~x?(aRLFEabaW8X}G#0xI9#&-0Bzpf@v$&@MfL
zGE!%>L%P(Pb+Xt`(Yi?Q9TJYqz#L{Q>6GT^0JkhQ9A7Z0#O#<EIuSELIZ%mDu2Wfa
z@%jYBUw(v8<gx}fQ=KDHt`8ZHcfCwRNVYUYZ272}jCy%jM;hJ-s1OG)Hi-64&)Td-
z5o|$^F1)D0>ZW6~d<`vH0<1<TAJ@mFEc!nTI&0_04uM;+O$rf^Rk365W;X`fA#|>p
z-V}){uT2o%9`b^3>eM-lkF#6g)Q6%)f*QhghIKR{#3u4kQHi62K)y#Y)NQ?6-%mIb
zbXG{{{Y<U<I!<q|$6cm#57rw{s_|xew+VhBWIXgvv6rgoO4Qi~f`0^yc)schYN)zN
zP-{MRDu+#7Gmut#Za2|-W+TeCrsxyBW2InLk$gY_JN1!H^93FN$3HP9;50h(?oDVp
z@(R5j_lV+vmu=nx!BT24b${p;*3(%ts@yKj)6VCUgp}OnL<h$P*t$uTDMqFwMYrB`
z)VWSM_w_mm@<w^E3P%{!;Ip|#UemVgi7lSYT0!T0O(qiNq}!^@toarQMRK`T30c^3
zPzS$7n*==+!ct%G5<`Y%{073=y%Pir=_cU2?OqUIXQc}3PdSs24aJO7_jfjw(nAFp
zNC{M3M2D?9pwaoJ&C#)&9}I_Pa^de@pAxd``-~cG-2W&dRzn!2$bnZ`vqx$bb=-p+
zwRlot?VMier-J6@u!)X<+TS8)--wwGpq6-6`!w_eVc7B&%~zlbicuI_xdTwr&a#KB
z@7b}vBW57UjWcxD<8?^cPJe2vX`M(AA1F~qYOtYSsi!pBm8&Y*HFwM0Fo$)EY_or_
z^Qe9Imc6X~d^H0Tqim`ZhEXI0`RO%T`PTCuGfKx<ku`Qo71o#8gX|u+5D|P&K>?W;
z&1A@UO`vAKWw;;=Od<nIJ1X5)sw+)ly`xb(=AhvB_5F6%71PAXuD2M9yB#*4n;EoR
zWHKkQ5(y4!$|;-PJ2=wdI9CqNq{ke_8o)$;FX%gu-&RHV<WXgcTHrEvE^xdtxDC%H
z*u2QRED0xhy_~b?;!(s>9!kbUB%yzl%GlIRU?depN6Ep*am^E9xaI#mHMS19lln#`
zC$fpa_)O3CyDv<v-O<3cc>EVj09mc!r7P~HSD}QDjuMvsRsid-=5gw)G7>R1o4!?Y
ze!a&!Y&}R-42_>e`S`6pQcqZ!pibhrIn*>p=;m5DbL>v<yz^;urft&lra~Ua>hrV=
z>-zB6oV_)F+-Jw180~4Xg`dg0&7y{P4`2AQ*RNBg(ZYj8Yp_+tB4Nq-0a~?{4_dpg
z%syEMlP%V(ehdwJX!IC@@=hCF{$cyKV-~3@8FUO9een3K{N?;oG3;!<X!~t7jM`$>
zT{kW-ux>5+Q5d1rD|_#Lc2!Mj!<Egg!Io}dQjy>?TPDf4ksxq5>oz<Jjw4$(jMxy<
z8H~!beZK-a^`?~mV?(B%ycrcB^t)dLE~i4qU8WzR7$}@lzqqq}q0M}8MoZ21fjY1`
zIXvD9Y~sgfbjG{Edf|~RncpfwCgnn7Quh2h!5h$XuC?o;G5wSkj4tEduqXiB^>>4P
z*$G-SJIcKcAl-7jV_MP)P9K&xr$GuO<;|oo6rS7CJ$>N|n8mQKF!mSj>1Q1gb`J!C
z;LFhc<^?h1gUJsh%+o+_qN=X#fa&h3_d(XZ!nxYuk1p>M*Iw`aM(_Ud?vZFOzwOs%
zT`NC?1W>06U#5sUs7@n+)aQZe&-Q7C?(O_q+fJBXYUZijE`89y`W$`_CarKzGe!RG
zvt|m{C(f-ulB=(($RC>2PZh3o2i(^Gwd|`yQTreF=nIjquv<NNaPb4ym_;8roQ*d{
z(ZLFS0Rx&3sY%RonbTYTzzpM)NWb=}8Tjn2R=&F$jA$Ta=q?mFubqRY4*}L2du`lA
zzc6=EThCH=6}{2ab4DdWn36OGV$m|CO1I)jP1LMSxV+2$_^hsTg|u(`S_=}}ZW=lh
zlmk)}ws|_!Un<!q&M!5?FEuSe{0xD+sz>z|UF)-W0})ZMn$d-1`kB4?W~N<o?kh-{
z;CU~_Vevye)DUs99C1EgFGgLU;(04Mq%EDz5mMc#-;~PAQkKO_Tu#cgtx&f(xroGh
zucXTL#rLTdZLjo>8lAW2OU=~a#b_||J|ZNt)yXZZrXmap#1I&*Q!gC0d}e@kSp+-C
z)XkdfV9)_=!+5)>AX*$VHs0bU7sqcLH<&)pVB56`R+pLvZO`}F`9|!!6E$X<Gi!SD
z<A5ogt%GhS;mDO4!lWwoECF5oMIeZJHY~bc$zfmZaSZ+(de-Sh3-kI&P12%Do>Tjb
z-ge^%p^$V?G>|o^=rVipk&znHpYO}~vXPl|dLs1I;!u6Z&3YYaQ`>}@*+Dvraxx*`
z=ZfC?6^fd6ZB~<p%n)Z&l^*UNlc=bQjjejbnY}DD3N|u4;e$F>u-YCv%t&?PWzp$A
zQ%#uG>qrd7^5kcIbFnaII}FnSIn$R6RVE7ZzU-vL<euRQzAHl)AC3_9KLfTl`yR8I
z`}fOHk5({{iezfFbJ|?9^W4Q$H{J5VDrr^e%6|5Cjn|TjAD-V7g`Iq*xH`9X?pCwx
zoU~r#%SoGgEMTvj2DqdecY#-!na=6PgvempM+uZnN2^V^TDi}ZJi+=)eF7q{Vn*F<
zD@%V!x65-F=gcAW*0Dy0GIG<81iu=Kh6%av^(o~+ix=rg&#!?L0aOl}kr7*tfwA>L
z>Mam6-TP2r$yS(BfylWEAL$0m$F#1&OYoZpp<OD<icnt7U@qeEsPG<DbL5K=z7n)x
zQ8|B$%zg`%FTPPmT7l+Zk7a2txA6&q?>IQR<w>p&Ee?1cPVIukusug%$I-a(il5{t
zxkV&zeVVkg^2Q$qlKXG>>X6q*fo;KR8PF*DZqv0$_OeiUvBukwHQgOPTz#DBiyLV$
zX_{Opw>l9o6!xDc`nuOFVO_}O(4G*5$Gj6cfU<e02Oaj(41TEuYRdj1h(f@XWklxT
zX!!SCnDr+=2qS6<vVUP3z#W@Z)mO^lXw>-cTrOaJZF48CoM3PNtph4oYwBa9l`^Xt
z$c`6AxBPPIm-uElz>;KKrtWX#3u5L1=x}+^E!5bQ+%6&3VUSWC;pXe`4DJ0MAFpXa
zC_UeC++VPDKQO7uS)%x^TMUN=leE523}Yh^j~W(mR<qbU3vlM-$mO2;mIpv?5ndP2
zk{WeO!w^APUXKM~OASwI@GW78&4Hn^lqcPKcOXD?`nbSlBV>Qwl{Hu@yeK$#&epz5
zTmojJ2(i&{dW45A9<>g>YGiL-GNq}WY0%hHRy1<Vdt{VL3Yb@<-7y`$NCz#Y%VFWl
zb{dQAesY*z3LI!55olQV3vOifIFI~M3WcH%k(@y@&+7MsXq;O&$dNcb>EQanC}#8t
zrxMtlCaD1#K^!H{GodiVy`)L#AgHT5H9H=ocL(fsx57D6OCPpaSw#;Qz)U=|^jOsL
z*(#AOyaG*tHjdg6>TdiCW3sRK3PU#n;DL<`(HDPkN;c^qVL`NfQ3#2!2ZgB<yD*iA
zVo`k3UxqN!482l$*B+>Ywr_BYbq*LM3f$XpPP{>Cc#T|xS^v{0`whc{pWq&kcTy8#
z&I$w@|IR0L!Kf2Px_djB;Bt31^{p8aG~wXSIOd4In6bj^6=8_JZ*!hrzi^$Ze@YiV
z(k(X66~J>@VTAL&M)q1oD4mQpOP>farjOUSV<MYg3nSe8WRaNeYUn#cP=ochKtF<e
zrQH>3T8IwXb17bpT}eV!?bIB7NKX4H+DWwB)Q#TbGDb1Kps9}|9p#5_6R}Z`j>HeP
zEV4KAgfA1H@YyCWTyWGaeKe$mHMI*&c$0M8BycF4)l>4`EnI0)$e$2gN#sg;iTc|i
zJJaDW<KtMT6%x|4yf90c@9>>g?l+^PyFTOu@6XO4k`uTpK+4=m$O#mp9e5NP-EVf^
z)X&Rff&1hn*Ec*ah|%0hSN0Bql}15oW!2LmfNU+nOWXDrX0O%Ymxd~hkL}tHfv0}j
z?CmhOSmDuo0Po=6oAe(nek4%ew9L=MGB8~FK~?nxG*Z-PkSBe{oc_<r>|Y0-=D3ZA
zJ9+>X<SAd04|1TJ$$J3o6)Z}AQZ_ODw$A|K+T+_%K|nkxJn{(`e*Eh0kBh;a!v3-b
zys3Jd^E)u-0xg(jCl!D-(&zF9WLGT)SfgYAm1mZfnLFeEz)O4mdJloVi2JuCYmqsK
zKMsR5#9;8(ND#`rB1wo1s}FBKq1;|>U_4(OB2$K+3qF-4%69nMo7hh8CRa$LLE_r_
z`Zt)aMfc{bDsr<r<-FRu%<c(01iSF9XfP1AhSSbZ4nB~r{-hbIi8F_idHL*l8hW-$
znSZ-RB-=Dd!4MmWflJdd=wtdpoyl==<C4$_B8x1)>u$B)9;><U93~?AQxHp6nQ1-T
zUXF^Wmx~39T6oJh=tPNLGpe~%+;S^ozzGr${iGw48>~F;Ht`{8ROE<n#8yVEoWN)z
z3=a;P=3w><?UbELi<RyIlbyHB6Otx%ro_Z(fpz(T0Yn;}Q;?tZEyV#zmXH`F@WBSQ
z_2{tRyxt^p7!cZX*ZOXt+Plg#?|(kQL)nuXiT0xQuxTeW{uOW@H*&lTNeM)Uty=_e
z^sR1W%$&?mWWe1?x2&TM<B4M8)J4cy)pa6!Msv&mK?T>Y`w>&D-qWn7(-sQYD5SsM
z46Z0{9EaS_wr~aOmC$l<j3&hj_@-VGMA$<?CP8@>p}Pp+fYd|YIjRfHQqGIpeo$Y`
zifZMhnrA{zd-d~FC1<ISE4D*iXyl>fW^FQQFl(>Ib+H|ogoN$V;9orvkd<!|W8?pk
zi$bw^GPHh9y@K8ANmz~lV-DhM5GR;qjzg_q&GeW*M7*XQ4OA-w(gv!_tm{atTi8Xl
zI>nGnU5WMKat!-m6-srAu~n~QUQ{O`rf535AEi3~m^f=i#U3I~hsd4;feM=JSR}G+
zCq=`fm8Ed52W*Qx5sEA-d4hnhu#ii1V^@Du=^U2-4mb@nbDf^!pQzR|<<AI)<HKTM
zymXZgauWrHc3e7fi{cRu{sC)#sq=6>P)8j)yiSi<Q@Pn%bx|IpFI89brxe47g{bo9
z+obLH2I=f7wXUZ(kR*)yD~*6#9Y|4|sTzpCynCrHI<{_=vV>V2U3KEu$exyfk)Neh
z#jE$Cn0sZ#R;wxF6NH1?M<OrmZtl{hg*6?NMeBAo5(lSUMS2YSY7vCRjpb=%XHP&U
zLc;v@Wf3DJED7EJmQTEl+oLWejK`+bxUABVr(L703M4))f^qkAZYHj<Sx>!#sa4{h
zC=G${@mje0U6~L|ZNMywIe>x<{7m9SW%{T~<gTdmX4E?VMnd5?71pHgmfrbDw8UB(
zdl(hZ+NMX=O5Spu^QF`l-1=6L?cI?dh}N8v7z)Ag*DfAAGDHO9xA&vAbA+x4`YT2>
z`ez2C;x%{kieq)E;E^%}l37J5yVl51orZEWj-|-Ym_>v;LjWH2N!K2lZ^xyUH*)As
zZLElL&f<3Vvq|WXPoBHhD(Z7_3gL_aJYb(!8M#y&ZyvGztkfO3HdJ8~)U?39dH^LV
zAzCtECsrRZMxpoDa31+))~3h*P(b+Ri<s4A&CT6{e~+O-nDdYwPBNr(`!-v-mJY!m
znqj^36yI0tJ>rM#{~1eClyO{jS$aA1txz~*ZGS;C+28!0kGyVxYl^yL><f_p{Vh=S
zhER_YvD|QvLGP(uy)&PEZ5_pDuUI5<xgQU`y2llze&Gv@-G5{XzPtNH(2{5VeoDsP
zTuQahI8jEt%CVl6Z_Wf0nn8e(SH=mpm6|`*S+2lqTC>oIBB&%R!AB9Wnbf5^vF^Jk
zu_>E>;95R}HNX2v*Kv2qr^?IpQfX<ZbHl{A$#S3;Dxvm`8j}jQ;h@@~Ty`q=BeV}*
zv|mJ0ca=j$U6}7m#tZmD*`7yI=zFYRG@7g1xUxs%U^7lP6^gC!Tstd+9j>{?k-#1p
z9YK4q5rn$mdCha57NTr(QwaL}9YK`+<efS)a+!|g(uL*R8fy7@nIJmKS%Ut16~<a5
zGzcPW*|Um(iv<F*d||3FruTqCVM;m{*?N;`IwwnMZJ;aDuR0|Wcc8v0tT2+3YEP`^
zSA@Nd|D<BYDtLW7RP&$mJHu<hiV}0Eh2uv#*yG_CVJ*A6W|ZBOZ!@-z(ur}Tx34Oq
zr-t>tX6HRxLphYy$ko)m%F4$VbjdBJ-BEw#4b)C4&Y?#_8YaTp_0+2ibicJvh=M&T
zbVSE6XUkV2mj+g$b$1nUrUDA5s+=ERS}P{hug<162JN>Z1fTs%Tr0m9tV3Nca_pi^
zI)&2X%qFaY)$#_P18rI*s*d^92p`O4ppZUR@s39X!idd{s3Ex+L4Y?=rDY{D_O?hQ
z_`fdix~uR{pV^fw%yRu=Wz+q!csvSmhh4MZ^`s+IpAZj5F?WMp)2_QB6B$-?xA=9S
z?NF+`F{?hZ1zJ&ZKqT7rjGKh1->nm<YDbNu`&-3FS?JCBW|7a_`HdUd*9{!^?j@&R
zCFT%Mjc<|&sdhH`+crMVPA%s(_ukh8+nr0m*<Y=UK8et(+0$x?^EY=~=;DfDQUqR}
z9*V`2CL&-|4=;DFxo8|JJ3w4>eoSnE*GX+LJ=iL$<>xDuqNL82)<GSV>uU7_lNa8l
zs<0L@r*tcN1(Jg^kR1MKox;p-D89$F3bt%DH#sKhM!T-paO{H^-oU!Z0OJD3U5vC3
zCgE%6<(=(X?_E3JhUfA&t5km5qx3YU|6;xWrm)<5x!N)t$N6P?FfG``>W*wYl}EW;
zrv^T03*Sr-BdtwCfY&;mqPem>h5uDhZj>ke$h<M9WqqJ_fpZOK^Hwh~F9`G76sL-A
zHa=c3GMazc)9dbVqdfK4bMR@eWnziew4M%t`$!xt1z^~b>BMRE$o}U?kL?5mHQa&M
z?XAs#a^kO8M+`6LT+AOoH~IGtH}BZpIl-mr<NTm5|6MCJ`bqy|nBIh|{(FJNuD+=O
z)J2-!=Vc`7$v3kXt*OWn1K4Shr!o&log(+MG^`1HnBKlHc?`(#zLjdG3gg^-<}2sQ
z7uA@~5e$K_Tg^vb1-Mq^cQF*W(&*}?8`Rn*w+}GK*;{sLRTRE>5DBo~Vh5AMt}-wC
zB>461J@+?0ezPP!TwaP0BiNgY7*+Z3+CpZJ*0TpDJ&t1A%6ZU~z>vdzFsm}Tz-{f7
zoPw=WYdtSC_-<@|%U0+L?ItVbszc(mE9+NaN*=DU7MeB|hywQuF;pGlX|(FEei2-u
zrh6#_EaqBLKi<kV+Ii?Nhxksh-MxP}u?tv;|AjQlF=^l?dXFY^extFB6jQTV=v-p~
z+_g+ZdN-|$KPXy5FFPiqIOZhs=AjT{qRAFr?s6xa)ooU5_vXV*ZmI0kZ(ItCj^Ya2
zym5N_iv&H6Yu;d<JHZl3NEutcMVA>WP_||N!fM6zn2MzaE2-l4h`?oh=7PvTny}jT
zVM^xJsbWptRho#m3c{%NSEAAx3QXlCaVX}!&}xfCH>I3JdJJ_=EO5Q_@*~W5+{CoI
zHC{7%m3bb-^~I$X&;_<ZewzM4_@vworV6uV7a!&n=!Q6{OGTrr1gtRyW!-cYQTEIt
zrngh^`=kwfVxM}6=81*<Pbay|Yb4&@Spvo>fP#e!n%K~@yiUysPO7#o@sfxCRH<n~
ze<2yWi*niCF~6v@I$$H>P}wJ1)oW4ETed|Uk%@aOW`$iMigRNY#HJTJ=TJbMh{<A<
z{H~#Y?c#^jVpbA`8U`Ve!Xm+`U~VErOkLo|J5>0oQFR_PmFmS~=V<sc&|yuUuqDpO
z2iMOoD!I*d92+5^ewoyl9kF~Nieg6;&O;X71-!jeZ)D_Sbjs2w4(EQCnJy+rBb!o8
z@P!Aq_0U?P*<e8)SyUFrxV$`o%Kq&$weK1aW@j2#2PjsvisqKtgfI@L-y)PNRZ=Pv
zY}wZwA)7h1F`pL!yI2!#?Q{#48wu*eg-v_R+}UBQc~#t;N@Km|PEu`H)Ql_!#tYDt
zj?QZ3MJX1X&Ab47UU?1f4H||1Ig49py+&JwKodpe7qAJA$$m5<vN>IF7XLcj3~O3*
zNCd7lD_nWu+vt*%DT^A9m<d!pCy7s}c_oD|?WhV8#dJwbkB`!wKuNW>Dv9L84|Nz5
zT~cF`dLz;Mo=-xK%Mrl$%Q45&R9Pn5nO8K8LA~9SkrVGY{5TToknKlG&Bj?x^ULSM
z2zDvqEx3wUx1OL##z%P(S&P*sY%A*)LK8a`H;Mv?(9#bX)?(!QAO*(rjcjDSiUH%O
z8jQpY*sObPv<WA0FLxB|GP!;-4i!abSB`N-o-oivFuYPbtS%m>-2X5ND<2*gSv&l_
zNQGvy3vmiw)dD-)5{>-$lZcP_i`0c#`;Rbmp;&-j;2`TvRVv9&ip|`V{L3K}L8@sB
zpul!_@3-Na*cV%IM%Za1p-|Z)iAqE#)+jRC`FO9{b_2&gI0ZHr*kWeiW<>GE??VT^
zMWUD~?DP12D#F(Lv+iWjua0}!AllXpm0uKKJxSbUSrcqlzR_#`U)Zd|@v0x8MU})!
zzLJEpIHi#hB=RROU0?7Ck(q2swyw=YRlbUQe-4vn_)>!@vj`LDOAn&iInRt?Vnpd-
zsPtS%8Sy+m0|m3s7gqU{^b_3AU{3h&(k%-30cDC>K__nH5xvH~>HOAQQq#9$vXXkx
z?i_Pw17ag5;Lv3eMrPn-)?xb4w&-6~lnUWpVbmTo<g83GpmarzTCD$5c^0hSN+@xn
zc=R}dpZz}yv$qpMl7*4d0cF&mB0^E_S25em@KO)O6<SN?JeH1d@CUx<M7<VNzPt?R
zrlI!Ml4vY(fq|^trbM~auu+xFPddCgVpl2Qq8>W)EOSzMBuG=*fN>uoS}uWXDzB)i
z{VxV8m8ugJf>k08YCAj6<#wH-koi>K<d!cKo{~cN`TJY+Zp=KP_`uc>!h^`~g`(q;
z824Se5>`#L^Rn;?wN3^bX-L6ED`j`PHItz%svYcbgYhu5TofB#&WNuV8;uPWwuAKL
zhSZV`s5ma`qqehE?dU3BN?&r&Ek9{+kgW>QjYD0?x<@U_KQ#8xg+^R-r3Rj}@<l(7
zo<hibKcy>lEo~&3moNohv);KimC9G^`r&_N5Od6l#P7^>r#_fSTdFd%cuQXkg3Cs8
z0$HTk#69`kKEk?5aBHy0x9ffn=IdcV3%~dEa?nb-GF!R7P?M&JbMxK(n}+7S^T)Ni
zX5*c!`n%pa?#H6dAH(;Wf^vn!`dcsm!*6Ypg0cUd^G`q@WOn0!(}ZIoHt~k}1FZjC
zzlcX2?Nv{{{fz+of#yA@)Zp=){U$MKu9XVDaLE0e?SIO;93aIz{N2smH`VO`zu^-I
z;9lVS=7U`1W)RbF>CV--PyIO1FFJRs5H8!wV;wpDyxBj0{ATGiNB{0-SNNVugx8wK
z16rqV)@$!-FH)WQkioxpv6TKx#fgN?B%eUo3Nmq`w!V9RB)Qio%hRi~dH9Zh3acG?
z*x3xoY4Op`M?YLvv;pSld73`3okzabFPJZUE{eqqco)M=J)O&yZK+1R%8%7UGxeYz
zO44_hy&&kyC-qCtsb_0~Pw7+p-cHH>xkTdC(e%)>i#)+rjdaO@C&1C!zXtW_(GuNC
z72|V?2wiL>hwRjQxZWP>%7P84p>rqn8^oxGBBWIx7%Y!4O0NIL;|wDJfM8SEA=r6Z
zl~tRWyGyAaB%t`o_A6cLbe+yC8cdxTnrpAxWv+jYFip)K8eP@5`tt7W2AV)ALv5?k
zG@YrUlpom>srO@PRp-;bUF0N(e1y#EU#}MFUCX4MZE#0DJ>a}qBaxUW46A^%=pQek
z^X>gpNSuYl1bB^1=zEfQiAWgRKcMNo?Q_y?+_05I`WlBXhwHYf#X0kHe^T6Th&j0w
z>rmKcS-_kcR%4!@m_Qn=$RUjpeQ<Z6Li~f}0{x_N`jqa(0Q8qvsp_qcMaRE*x&_p4
z><x`PlPHovkO9WXgU%sh9uD+`P$T;T^h*ZSq0vbC$0|*lq1}M&x%IO2e8B4Xj-S2L
z?hvqJb;w5p4mL!qBJ<KQ{2%hrcGdL3y|cOvDr)z<d#eG)tMKWRWs$goR|8iQI1gvU
zqwv9!1MG69N0g&$816-xfXoD4mv4s$vMS8Y(D@#BB=X#ucO2f{7pu)obI}(?$YvHR
zBVP|x7RHK=w>2=YmH9+}&i+th(=q+aGK-zGmL1HV9uOk?K=jcCyx7b)#sAYo!$&jf
zoZ~<qw{)Gx43%U&fnmtp?DjjstQSpnf~aUwsWIpGF1>YRP9Jto8C=N<LvY%JxtzuS
z!uGq0$nQpZOTc-6rt84q`+K0^ks2q2H_*X)0l(XdlUg}*kffrVs80wX8XbK9g{dIS
z4%-PHyoulm0;yfFw2fwwr<}2x`XA7-<X_&+Wy!v0apBXmdOsrT6isW1hBRX@<vYlY
zyb3{xyU^Sb%Za+Ytx^-WsLe*SST6}4+@T?dB=A-mX_c$sqoFCkwbc?{wB}^+0)3h-
z$z!ph(svVlYpk=Ez|YGaR{O+R`jVP_G*l9D?fVR7#JPHnCV<I)4<|m?NL#y)amI}~
zl2LK|iF22jM%voXQgyctnO=(XT@fwaH{;MaO15G74WU%k(UQ_TcXh4ja>y!5;hHA1
zETtcL|5&1VF@bzJ9XSInU+X-ZhM+G=RWwm0R>DE#9j$zGu|%R?q%={c&Nv=PU|*bD
zEpiKCRN~nuodf~u#~ymq%mt~o5;vuJoDj=~pN=mvv~kG37)u*0H1G1fpBaG)I7yr^
zoC4bbNkjcAGl}iIIt7KQGY2`FrH_B%Tcab~@L0WkICJ;S5e`|9xE^DTd`t<Db_*gG
z)p>ZDswBYnvaZdNX+zz;^O{0li~pmJVdEcj;2{g+{$*U0<0pMmFR~m(UQw09Psd2r
zi@qxm#>GUvTi^rJoDV1I`Z|T$ot-}F=LIKW^pnjRHSTlP2uom9Wn)BL=&Sp3F(EeQ
z+fi0r%)%$F#w6YR+^n|b`QFh{W~A$xR27WzNUI6))u^IMK4So`No4d3&^Ft^uM&;^
z>*Xjnkyf|Hp{*hQb&SUKYZ7tSsRa;-gS)MN!~ju>$1Qw<Ql%{wd}Uxc22ivi#CT}Z
z2jI^Q%&<ijL_tlukdHh3UT;ON^lVY~**!3%m|8kBB*g;PmuqS5iAE1i+PjMnLrX63
zx?M~ExwM9FdLztmh;5_7NGwJ}ljG{(UVleoYB9S)#;tz6_IgTT?-@kXHx>3s7r`Vh
zGn$ex5gdJ55A*A1Z`wHwiz&5w?8~!2u8m_c!w9LxjYdx+)c9GV)&C|-6yogYClFd?
z|6?(`MI3FPWc*_oHRyZ%U1*#6ryL$Ub%;Vi*#@UsqM4!a(g|FVtWDstKGH9o`qS8C
zMf=U0JmL#J(YW-96I0|zi9Fq4^)+sCmg0ZCtTqDnWqb_2#{=@y<$J=*iQx2r9{in~
z9Fg-F7KRu!^&wgwAQG;}{~T$mrbjyLX+d5-a7a*#J9veH@#Qf=s-@ecOUBwyh^YP@
zl}vV2d$h|pMlt9Q+~HG<%2FF9$GrL)8rF11q3#x3OyXb`H;R#KfSU5mYoV`)CQIZb
zQP>s=I9`^OoDKIw?bR>0d9=Lz;Ry%(u3K-fty??f&UPCi#+MD{8kl`G=4*9!CrPk6
zoGpFPt#W*DGj-Bpz0w_XURqAMXJwLvi&(mNqMwIB@%Kc^Pg*jmHffvZyincMk#67L
zRFq*UUv^O{XkK3l{S6(6yU)<*s!#Op+f%P%pV*iZyY_Ql6MmnS;aHw+$&oWq_4WN5
zR9<d1<CxTsN78!e$4)S@!mQ}L9A(JDC>WmmrG!~M)wN{q1uiE)N7vLz+vP%dO>+TU
zjbH>Wx-`OQEni7$XbYua00c2_R~VrV3W4d6Iojp`vR4X@9d-u_WFS>GB2!pjRZuzX
z&j|K7Rp-iaaaIhq)kbi!BnF%^K4KLb_b2#G>pLrQcD><}9TQcmV47;$!53W9*u>cN
zpBI7U19msngYs<%xg4lrj$<`6`cR3h2sm|9ZocChzH0*V-hk}m3L5>MN7FKX3~{r)
zs>8<dW<WL#^f<2l$sIq}a)^R1Xq?BrpOltF`0(mMC-uA_4-6S@<RQR1#5(FQ@VY$S
zgmpOAQu`l*>$|Q3fcZLAXwe8T?c4Xi=-l^f@7tSV@HUgG<q3cWwv4cHlzZ;nk&gCF
z1OD&+`4{H?@<66&{_Hkg_t6)>^VZb{zxo>Lh0H-(cb-|jd;jGwb!1_;TGYd;{J`*P
zp9nTs*d*eoK7$zK;$<JBSrx?#Vfc?zRn)*AK!b)^091ZKS}or49lL(&R>gK_>OPry
z6Dd)c_LGsCI(Z9uZg&SRdBdQ-xq43rt+_R39K1NGOQT(K{h_GuyA6t-G*yoEzWev@
zY4kB)fG0`Nn7?KrQuTJhOoOe_cR2o1C&3<m&5wrEfLJd(gXZDywsh=U;vs$~_Nj5a
zRpCt>W2Yq8O)9lzcTSkrL`x78t3}rjg|TBE8eP^dtSx8SN6OiqE#E5jW&x*-g0&YD
z6M%-|ex=q^rFSZFEqR#YQ%II{Hn;sR*%_mXxo&8<4?FNM%TtgpE%&@;TfohIqE{L_
z4zSu|k=IT@!Y>3t7zn+_TY}vPS=+f}u&+nbwMRW68r<!?MV+QF&*l4WW1SWI6y?^m
ztL6p$L+w){+j3H)FZVE`IW1$}6>SoE(|}|Ajgk2hS)T2xDK>wV{_g_}eRHIvnWlOY
zp-ww;QI{Ai-ROXY^}Zv9TKlD{yCFsP-1CeA-(<uedK&B?L!;`F9!R?CT2*O+W+le=
z6*@Ne^mIcqDi0w|yY~ZJV}E2z`4WS8%<l3{|7p<PZWtpvoP5t6SR1E*2IL`*Evjc9
zpD+iu0?w@<Y)+kuODHJ|U8jOm3N%?t^DFU3#S;cA6ZBYoUk15A>>GPeQB}ocvU4XA
zNRJn|{gtp|I;T5p4(?U-^s*<e5o6aLG}+@WqVJs3Oirs78hjkmFr>s-AsbDKUHnrV
z5%2v!Z71HVNPE7D*08f6e?W>84oItEh1=iqeREy=iC6T^_!-M}P+0lTKk<F?%zDzg
zTNlh;%G^KFnz0q7_xtQ{X7-&VpFO_)%>Ku#ZDJ|U4GFeUpQt9@!}TJ!?+s(@X<Yp%
z4xKD{qfUEWBxdFOm?a9Wk&5wu9II=Q`;l){YAruAUaGdd=fh$qz}Vn{(3eve+G7%R
z=!&l8U)aG}$fTN-k>CGF%lA|$#=nknx1WMK4PAa(E$moy=aLH5(FDO^N+EI`b@Gpk
zPnm3!8)~iG`=%nRB7ebAsziEdkzV*!UHZv2bi7UM;?qefK1-z@8gkniUVi_dzr_S)
z$)Aag?&@_4NrflpaA+8^K5DMLbmGJ+J!R^^oN>0Q@^Lw;T-{Q7#oU;aDD>q0EM?&2
zglPLh#AC51J0?GjaOY}P0clm-wk+-9TowQ{j}2oE_;bKdJAXhS)e0aRzYXD{nq9j`
zaV!QS@Zz{B(F4L?Tctl8K}AVhRFfu?<%@nzP}zr|Ci)-qJk`y1q@@`^Nqc)n-Lcd|
zYq=8Tkh4&Z_YU&ts3^>zt5g-ts{JPW=+H6)-<RyXk$L^{>ux)~uPY8Se{=FB^tYR#
zVGP0E>Nu=jG_{NREN5Fe4oBp=EzjU5qX9xUD67(PrFe|<@x5S>Y{Ra(Ia5_>sthw-
zem;wlrOZsEqt3s`AYr8qK7Nl<a1m%(JKrZKy}zrfM7F-Bv$^391J6mN2!Q+q$Vy@Y
z$I!+^?sZItN?wlhg`r`w=8ep-aAHDa@JQptKo8w@&knF?clOi~q<|<2#!9EtW?Nqd
zy10!Y_bL?e6153^*M$K|>8H{0iN2f~hLUY9QM)le>P+uCFliSr&^l53Q;QQ~8JxGk
zz1`HRZT2mM^y;&V_kC%Y7|i94A>+rpB=yqx1a^~)Ufa27Dt)iM-1hh=AMq;XJqQJJ
zCzt~m6)zz+{3?q`C_zrD@#N(KOzQ;SMEa2?_nXp7TV~b7<yuX<rrf50$>|%w09Iex
ztA66rNB<<mMy4CRMhch_66Pq93g48Cj-^_>7#5fx%j6nA#|6<N8$I82mIhZ>LfqFH
zwcGg=q6|F9T5n085wW^-`(5q&ro-A&tG@FLw*eWCJQCCnef)(NySRdc<0Q?fs<9J%
z-yfW_w2PQuY{E9E)ZP17rA7-Wq(F@_%?Sk@znW*ZsBx1F=D?cbdTvl~Qhg%gF7~Z}
zIe|L(mVN4~uKS=$D__)oDV*;EKas~luknDKx?l5?J#6_tu5t%<0nw-2<cR06Zr_*M
z(7P+hqEReDUt$Mm!>-I~b+Hrwf??G4meR{?N=4Er-0~67n5%qVbExCzABI-j+pN>$
zzf-GG^|yw#l%mIC-g?t}B40An?}4E2+Ppj(s(vxth;y-~YO5<%(yv78iuZa30;SI3
z8eqjK<Ku(yK_LpdFR3aSpe+d~E|O}d;GEC-#-WN#=&gW^VqbM3ijJ#Q)~I@#P3)q}
zM&<7s8KwR{A;M(qNfNQmBY(^~i9mC{u29t=UFC3%l8am|5%_i3^wE^Tn`RWC;d}6H
zzA^JwwCvgVMA%x$gi_65uy#t-78W@5;#FpJNnm6`g5Z2~gVA`R1G&!63hVWEpGQZl
zEaNgIf(!ewY^NYdLr8we8)t!>^TUuQOg4HJL?=SCJ(lrKTq53g9dC~B#II<8&Hp~9
zK~b%jh#4pB-sC5*yZG0L4dF_(JmIDY@m0u9`=U@Iu70r*a=ve?7vm08(HQY&x2i3k
zF%2e;v&~W8bP!GoHD1t64V@Iln#7hnU7s#r@_DzOpv>F!Iz4&)haWxX{HvZ~vnNt~
zcPqnl!{cY0d+*pk(53C~-`-~B8~y|0s#VYhf6ouV_2K|K7unqV@qzBBX!9Pmv~p9}
zV$ZMQ%?5|=-2Bb2g|(FjRR6U?oIodZ-`({mVh!_~nE!=1x36Y_4MzC$#D1HOu;q(X
zJ@;0ZXH5V9P-Wfzl+{HS{5FNSg5^lW%X5CAAO*V3!P?+(_VmX8Fk_R*_{yC<IK!*T
zP5n=Q$?FZt{w?6--rSrEmn(A6o!X0)PXx2wg<(ju=A#P;`x4jN>itvXN=sh;^()ai
z{NxCyowQD;C)dl{H8y-N=uGBZXS2ylaI3hpO*X$d@C32$6nDold3~&4km0@E?qV$_
z(j)tQMuE*0jyosHwB%uyFUPI{_N9@IYZ!;NbO?EDb*#o#jm|JDekfW$$wn2`QGcmj
zE5F^3-o8DAWX!?sq^mFlIw>0OE=Gn0r!WPfZK`0YwAFO>H1lkP+c?sJG~S^<v3yU>
zzW<?al2R|bn8QUAeHn2dQq0Y6wU;7UL2m4faFHR^#U_T*IrG)?1RrklXN>HJ6XF!A
zA`dTVSN22ShV+vM$#r1S;$FbG)~0ALDF+=PfeELL3Ew_A(34h&dQ_vt$-Ih672R27
zr+rK&@}pZlaxL^UdTQiPs<~<$YRvIQ+;!1rsMc#}Nw?b4&4_;dB*9i81!A@P1_fDz
zx^R%bq-<kVp<ibUY*tODK=vU*qHWG=O;4&LSF4(;A7L7ByOx})o=R;OC#&;C>jIh0
zeC{P1eUFMiw<7Dr8pIO4^hi_?K*#z?&VFiLhD%;9*bw=>+Y>aZkfT3)*5ch0rhs<_
zoNB_puY=v%!ze5Ib%Af%+c=Tf#Arr*H2e#jVEHDy#4Eb3--}kw@O|^#ACF&n1neh$
zo;Ey(@5DB?F8c+@m0S5^v599HbD|v;Ax>yi%B`NXE9D;Tm6<d~DC6_GvIMsMuF1~k
zfOda<d+BlvXI0Ov+GBa!-<m8}{5KCk$BTQy5?NyoO?PUFBu{J9^p$^|R#4?tmpf1X
zBZ3$2q0?Q}t&?gR?Q^ks%=Yf0DK%lD!MM9Qk%!w^r<VWKC2_p$K0*1CtZhC^OJR~j
zKIvg{yB-Nb(h20IC6|cf&h`n@szQ^E>`pE0&v&Jyn{HOa_&v4T=xOzMsXEnuG{uf~
zIU%yzBrabpPY@Tt9swq%BqF9=Z&!FZF#%6g(^N@1wF?o!+c2@2FMRRJm1&^n59^f;
zSEvy6{Tn{fw~3wRfo-vyQJ+A(*+ttQHug0kDe@|{OtZnu1ODsJE90ddfM0eqUR~nI
z02vFtgkuxk6yI6Sbu&f9@e&X~7*B`X>}RzyS9x2DU>>d>GNtDg!PHi{nH=(W2R~AJ
z`<S=vhleNk^70LyXm9Q~d3g~91Q~_-6S{1-Ke13ABIe*(KD#Es6+e?($xmhvtWOY<
zgPG<H6MCGOetRkcWlYV!Ya_@Zgr<zls$7;QL^izNb98CK{eNN3bW5ZG$DV$zmmWwi
z<BP^EHpHMNlrfkB=GuFI)?p$qz2lJ`nuvTKsP1!n3!+$jzjW#Y9M-QYV+m}pnp2HF
zkXj2puWunVXV!y>^L!w!*}A`nR*GQH?9{Yg8fMwZ>eSr<G@yYTH_vv@5cai^uv9P{
zb#*<$o>FVMEAO;xQIA(uYVm0D22ejpyTJF!tyC=}#73Y7B-XyJ03e)(2DWsh^1l<Q
z>aYe~Rh63{b|Ktot?OA+a_IuN;LDtz%lM-5A8pu#jIn4kn8>tL){8OLH+z06ov10^
zt?TDoU0;Yqo!j(2g_+UcvVD)4bm~g|Z<Fdp6{%3|nUmavIaIWCGH-C?)SNW!s`L>}
zxjUOWd-8<c&pkR<??G_hirD(7nh=S8T+i0(S5STB238I#kvo2tg7KbUMWTN<@J(@Q
zz!-?qx^9c6Of~Ye%pHE=8a+L{^VFr-odm6NU1z&ynzyx|Z+hST6HRYhG%W9DuKH7u
z!}sz0lE8DXa&_1tU#DvcBC*&b<of6XW$xWiEEBr(!>n%TrKfz|-}AZ4Pb#D><$JBQ
zx;!VdEO{zfF{~+Gr83<?sY`E2jvx|NFr@5%Y*^P`sc`3<k8aUw!g*?vk#?S$AS$MZ
z0S7(&(DC6VQA8%6sbWfH#Y}E+8IPD8aZwLMLTdu`S<1}_b&KoFNj~^+jZu9OaR&4F
z1fP=%ItF>+mOAZ#Ap1L-a%y}E3J9n+)05R-iDRU}FQM4=XmF$jWy~6IoHj|}hdRA%
zv=L+Bzt6n^f0SXPFG|3Gq$7UT?o_+J+G9$+@x95p#IP}6<Va?yyo@x8y)h05YK4b|
z%)xo|k-liuf$2<<$Ssf-D(Qq>$xq-`|FL6IflS-{QXha;UgI(QuMbTMtx9~D<BKA*
zi9xhxNadTrWoA=sU7u2wcvCm{Nfe<%O>ap}R%=Usy#;2F+qsc4Q@+sfnWl`KiI#oW
z0Zxbg{CKAdwc7sdOAH>jiKEA0LfE_bHr-a&0k;V>BfPX40^_fIVc*i)1oreo`I6_q
zQO=K=NK+mSM+Tb|uvR@Yf<Jk5Tgy1t;>_m;VW0J04$Bk1-N5Jc`%bA*5%b#i$8?)m
z7u!5wiSzOQjMd}LIRt;yf=PKB(I+QdZe_9dCG>m)i4}VDc|Yv9D0mL4=9;}Uh(mMt
z^luf7nOf=XtwG$EDoPytAHDrC16(&hggH`avG+Kug~C4X85OzY%UEo%+|ED4#>T@7
z)Z+JnGv`4||6yFB%LJ;WB1trlo0w7CU-X9f$&LXu?a3VtQ<};2fRnFOiq1XYco&@;
z_QYH?k?~_F;6L)*uRpX3s8h*gv?D-@r_FfB_f6`+>VVVbsBvgx<<5>aPpVql)~+jV
z7&QmP(xEV4jr=iqcHnTvk5FCA6Mjl*+RAiePTY5zRL&l=wOMNq>sotJdvyA=;Oz;q
zCY+<%s{}#5#(8MlEl+HvM%{XC*qqc4Z53Lb)>L7qh3uUlX{FyYeNdGct5D5-tbCMZ
z%L{x%cct(Y(xZ3pjo6U-C-d1fiowdR+w5I_azZ`reC1PTFo1D*I@=7L%V4GLd!*8O
z1s0?~ke1*`<HB0k;i}RxJMys$9_^b_Cd-+vOHNH4DQoZNhnEX^1-`i>Raebv&E4~`
z>-tlhQl^~CE8F*Psx34Dy<CUE5hFMpK?ncipB~D5n+V1|PhMhy+-BZ?)4Kmsu+_Zg
z{|N1NWW$|@V?bJ?l4(yS#^y<`5g%+Re%5fdt~amu*OQAL_ow)v=77YOu>JvW?&wWQ
zgi8FUa=Vwh`*KDIlkdi<-7IbIP);AOlb+7v6<EEWEqA(M&pW2<j>M_EtM{glOBkvs
zQia&pB>ll9zGpnPejUoVnDV>(MiupFw62iEgm?9*Ow<hF?JKL~OgPPvbYIsHy-C-0
zLF`FBzmgRztd+QoiU#h9uq_(<wjr_K|5bD*ZcSZV8_$GE7()i8f`*Vl49H|?MX+X6
z!ejy`A_~eV5WH3fDT>t)0)#{nkjXe5Vu^<^SWqgaaEoXZP!xpFqIg9FOHrv(@wUCi
ze&_oa_Otf0_Fn6Ke=qmNfXq8cCdcOx+Z>WJ{RUdV--!oHHCsjvXwQuit=3sXO8-0W
zDw&%2OaT2rSncogpXPj1Zb0=OBT4n@)cV$9dU-bmyMI!3wmsxF&#6){8mM2NaS$q<
z**sRBL!TWzR^!w?na^oS9YUn<s$>nAoE@cjj~lCmZKnejC!5Zap!sj}q`+XM2tqv=
zIN)$H=0ld9(3-i|TqjBB#RCIeLDrmxl{~J1mqdhw9heC67KC6Ei<#oO%2V}(;N2(z
z32J3UNe>49%HZvAv=$Yis*8-v4(Iq<(j|;eyxwnFOG_@!HCxtky&5o_;C6~5@x>I;
zWO|Um@+hk|Ike6{jW*IF<G#>QUlgapr`#Uy^ld}(Ze7w_uVTQ2`LF+6g|gQ|XtA6u
zByxz0hS`Mf9z&Ab`4IOcT(3cmckgXeqnwvuAlYSBW5}k@fm<`SP~%uGK)i(RXRW6@
z8TdHxmBH^&A?Yy5vFE<GQu$cr)Ue^HWe4(s)f9;=)}eiEMx_0YSY<dv{o?%Oz@Woy
znJsLPjx?myu=8|kt2Nn%#%q8-<8<b$#Wu||e<vF8%`}5k6)(2i)=UZDHj*0zoq_?(
z@(<L|D2hM!aYDYq^Jv>S>ZY|nBsvnSW8p$CIxDZVY{a<|SYkY)|4@tC>Txp(@tY&3
zq~P8jFqk;nqR~7#S?cplYUM6n_1u&vu+uUlei|VZ7Ob!?-?T9aG(tFHj{lC8*|E&`
z#4UmumoVasj|al(>S_C(`xGu!Z`@WmMfR?v0~_WPib&g?oMSLosl<z|TYG;)5I;ur
zn%UFA-QP!v#2-hU1h4uW)zNE4XvJhqc^6`{ZFCvh%SLBZ?rau@oH_tG*`hKX-TNDi
zNb2Vh_<56^fYbNYUuh`r+4=lkq@+-Be}ms#i#rW&b`BZ73s>@lZz_sC@kd!ugrkJ*
z>*0a~2&9T6P04p}At}1{hJc36KoPi&{)0W}W)zJ?bVohA`-E0b6Z#JB_xQIjytpu7
z%`=8_8bTfUUU18_Lqn^a(BWk8jA>nWAA3$?)t^n>`tAWwZqu){{pEwM(&{$ssi~$3
zKxI{#ZDiHm7vv*??MEa$&h;i`rqbs*gJRYB1+gXi<yX)^8Szt?N1q^8t7IBVeAg{j
zR5)~x@<R_cVXc!Nk+C_UwLtFv4*-55SKOcW_vlCb1k+Y<-)zmdhha)~$p7GBjaOuD
zl7UJ$K{}94b+{q$VTJ6`l~JmE7NAI&VqaMB9(H7s1ol&Eq;F9-?8*tV<)i{JwS<RY
z<zB+}lz!UG{6jbfAl$uT8lU7U9XnK12qB*kpqbNB3<Q1B@|-$e4A$XM3m&R1_HFBw
zQxlPHH#LclX!i~!R3vy*phko`FUTL=uW=j;xw#_t2<JJKc$L8w82MBs=6m$ON)mh)
zO>8>;TiiCjWqBVVvh@zsxt4n;n3?n@c@&@R-?BQf>r~P@!1mVwhBY&FMsetdNk|V{
zdyYYJJ-<=n=<sNUEP#rX0HcI3W44YF)i}Z6<mG&Tja@PGER0RXXS29gWz5U>E5kiq
zd1`q;E#(ykXJO4<gE_=SZg`S?1tT%-&Y#iQ5!Sn7ZX6z_M2p`j!?6ct==!BTOWC(2
zLK1>w{Qx2e#<(`S8-#IWRFEWKZOR5=jtG0bUnlq3GoD6pbc0&s#XQ%2JB8bAwmb42
z9s(l5XWe4%y&C2lw9@}iCcRI*&32$nva=Zpt8xSD13&7h=zD5BZ!QN(CJQ<l7a(0}
zzt*KmwR&r+O&z*5ij0~(BcO%sZs0r8#^;p$P&F$NktTYJ@;mHE{0Ff-%5Y$22{A>*
z4t(VK?}!X*Z-LGMx!g^TDSlMJ`9@$!0tlmPlcU_DGogq*6Pl9ih+7y~ax9^B9-rnh
zKX#L`xg&VJN9WN}GG^7YlnCYxk*}I}>nahx<VaV-ytPGP9VXd)mVClZ;{UZTN*!Od
z?Rb|wu+v(X%of@m-XIJ@+)ng_cA=*+yfRX{V6t<=|CqL{GWP;Lw$Do6fw|aQi{k93
zC@R$ZjP^OMpB7S_Ru#Tp`8O7rje7jQ4pgaf+RvFV&INNLBf|b@pT`PIVpB3bpxcfT
ziA;7MuI+Ddd%{aralcY%RHB2g#|W5Bh;S!D>a5<^_Fv-W09-0e`=Itcj9y<3RM(Cx
zG|FC6Ee&U%9*5dBt|O^YX)dQNE?DKXVs;OCxyIkr6TN$u()}MWbc?h!t1Sz$K*3B|
zW&#-o(>_+yd7hc-ueo<{;zf~9p}YL0tsY#bq0NToK*G+DiUpnDgxgtw=ai#U2M1<q
zihUU2jir}P)dF;L6Q2U7h&O(HA7i?6<qf#8{tsqX&GYx1r7c;wB-~}1_aa#Q#y+|i
zFuQIXb_({adEwvxK;5h(WT!j0jZpaH`k4xvBfjZtgD={v>>Si{H5m|L1O47bp>{Qu
zA7aTI^G2*gx>oBpn}S6wSyJHW2yBzd%k#JNWO^PK!Sk5|ctK~*U^P1mZrz|BYU~@;
zK4d<);j-Dd>!+NSP!de^3Y*h5j?cR+XzPVbes|T2DHrYrj1hAVWGrUG<Ns;y;lt-8
z4Tf~<Z0m)IS?$Q|Wbiq$x$gf{^Co|7o*kVYR89u;iWWZMTTY$2olfcqrQ!P(xJvJz
zf+IfPa;@~`H&V!_TfbOi8sF)U^OTxnYr`Mb1SZVBT6`_4Scy8=VK{qgXMVL{5CkTY
zqK+8c9)Db|LbfnC&Y>jX&Q|zm-B|}VuAUKNu6J2g9n7@&U+O9a>$?cPcp5>w{_x}?
z$)^pGv0^!vvpGi1aM|^zH?HZ4ci?qZXzjLQIt!p2k_KgZn-higslN+ig8r(Zhd&D2
zEnQj`ghY#UH!W{vy+0hztqV(yJNhhPx9&(H!EO&-m=i0MfVo*Zr%Dc1$XRrUv*GS8
zR;3;mav1+0@+otLtkNg9KZbD@AWOJ?Zyg6>OAK=VXJRCBsF{F~FCbs*beHIyo_p%d
zj^i@*fydC9BHhuJ+yv)uK~Vmg{j34;<!-=eG=fhC<rWN<+C&kq`L6(39&oBE-u+aJ
zRR-HXUgC8_k$Dxd6=1|k*<jmKg>UPnwU%9^Gjc0$(4!{Hfa#96iOVAk64HlwkA>EC
z`B<3G9s^Yf(AW0Nwvi=EiXWS+v9yB{=~Kd5;jnvRhA<8|v;7<|Frs@UihN<cNt_G2
z>x5V{IgaDFG0GYBU5mkbtD-bu^SA=)dMK+x`Y)TM+q-)y6XNJ9bw}2+;7O$&BM$h%
z`k;N#wz%(AYPX+T!Q2BE2(}BdlbXAR4tenx0_36JBA&%^L>9GUd)<IF36kx4m8>M?
zSZuuE)oC60u@e|=2$0%Ib73H;h%s_FZA*i3mjw1NfvHs|{ur|n?-&8r#DRZ;sQ2&0
z<^qcgX2kP$!sYsc8L1F#m*o4cQaC-o4B6oQ9?hzP520kY=3_-VudbV(OfA|Y!c*-v
zXOLNIP6)$0I7^@0ZP3NHhZrzBLl4AN%$-vyU(e`T2A|JdFDZv*tfIDMNqWfnk(9yW
zjrQsACAbeHhMaz*lf5f!J61Q&i=YM<hLtp=VWo%DpGI4vYrb(kYi|*D1Cy8_s(<gm
zj|^+S>Aq;)RalGM?)szIkz4(m46Nhcu2EgB_Q`G^MdnS*Un~t*R7%)?g6P<TVSYJT
zye38u?M?wHTmtN!MQ49%^+rjtU;J2u9GYF=#2dS?dBfn_9UnNsB={aAqJ4UwA?C93
z?O#zBTNcyJf9MwGoQ}izdH)k*n5BB0?R>eK2o8Vjk}tnfn?iJuhbe-(wfPNHPDRHH
zv}wEbG7ZbM_c0{$@!JcjmIn>F-J`s3q*Z$_hGTO+ZQRd-ksmiK$VGcb;G-9=;g+)v
ztP)rDPUNub_-t7vr!6<0aOMdfSizUQX35GUrU2WhhYRjQv(vyn@m!JIlZVYAU(uqg
z!@5|(p$d7Vk+77EGnRWP`Njl3<Tfn@@^(x><%bIOs+N8UyEZpNi2S7tY6eC<?-~}V
zzS)~0qpPM12yXygJfY<QBZ$o~D&X{7>Ky9WCTd8z5PIWmkMAYr!@NEgnJ{%`r?Vsc
zKy<?|!`e=@zOI-NC4TO*b5OOkW8DNb<>5+~I@q8H?%Tuy{Xu2@yufhP<x2xDmwtR0
zNnaxzHO9EpB?w~VqaZtRH9Aa)-15AgOsKaXvKD2Q7&5OG=~Xswb@I7fF0!mk176%m
z=56zrmG?v*BU^(}g%WARjxe2EG%4mYt_}=l#;-7CTU%<y^8rHyN}eF5c^t6B*)21v
zKIEAAMG%W#!C}t*P2m6PrthvpJlZ$GYMvKRb6nv7lgkuDz1ZrKbY)f%nqx-v=Ojub
zKSP+?7_3Kw3A0&E`<0rvEMYktm<g6(`YSD;3QTOHUo%r8W5$>zk!B3NSBkJXCboz!
zC7Y&(2QOYRBf(nrDZBi!?N=P$u_U-7%%(%$zJJ@Nq*;9q6@PtVEerQ(P+vmb*zl!H
zR<ls?bWXFFFn`s=kta%M`C{v`)j)ffFT*Yiq+DE}jT!Y@kg7`yJ#y&U?eq9A@Z>KF
z?a`+3Swjo)C$XsT3I&5W`v<MeI#G-YX#*=0M-j<ElCX3hdTN3w6XOo-nuIW<2T)5D
zJBWvYNrh)B4CN5oiNl1vr3kBM;o#A~$@Wh#EvYu{xJ91b%xIz!RS6ea1cd6EQFbbA
zV)WLDF)n6Ud)eV^6vFC#EH9Rma$+os@WcBkF`T4!nR~H`jkx(qomqpWOMS6g8TASo
zcI>_ruQ-<+ixrOpW>wO?I8H`rqfQxI7lcZGn@>pj{inb5?S8mY^fZ&+#mZjhY+V31
zk-1J5i2j#z3j0~@`tR1kY0a1_LSXA@HbJq&f_wrv0yQF@lg-c$mthP3l<>CkTX4|*
zTsZ9{Or-xV6#iM=rk-9FI)8GlZ4$Cl_G#;+ul5hBtS&M~->#z&h$$*rXuXlSZasNM
z4@T4wO5`E!Ld#2HF5~<Zt-oqIR+9R?ft9lWI?9)I9>L1V5;0pxg*W9bt#%3-Blj>{
z?W^86oCUhv)>nL3)@e7K5wPE~b?fW3Ejsq5sGuy4Rxr+O9|tz@f${ArdN5jbR1tBB
z5!4<WLdhR3SdChiuytAMZ3>LC1>3q<!3mh&I$<u->NW5>j*SeWM6ph4zY<K!6bM*6
z_OdF&XsqKRge1u}es>V-{8NW7qG-LF0=0D=|1B@UL*w$F^<9^J1Msq<tN8;)H7;0K
zH`a7+-V{{dIT-eR3pBdH(|9E<A<t&7;dM}3ZdO;#wUn0)>tgyepWWN^GFRW3svmrm
W=YB)El>R~aZ;{8b!rw0cGxdLk<I5!g

literal 0
HcmV?d00001

diff --git a/php/public/img/background.png b/php/public/img/background.png
deleted file mode 100644
index 1d4d5e8c3d61188efa62e22174ff15c5f959ef59..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9621
zcmZX43p|tW`~Mg@ltU;IM#OYjbd=Lba!6*agUWg7fC@P^hnYiioKvO3G(snbQVpXy
zE=nO8#Tr92hYd4_ZO?x`-|z4L`+vXx*Xwyb_jO;_eZQ~weeHVg-OsfpyExm)$*RkO
zKp;5>`{SoUAn{lbNJ3EpEYifD<y{vw+g+T_*os<EYzHX50~FT*!hHh8b%NqWmq_j~
zJoLn0WR(dy?TiBHLnODTZ<diO-?GO81lp<XaNPP##Lwx1&pA0(ib=-FdUj7h9X*_C
zj9$;YQ;nm=hTl|1aVI+J0rk~c;qP5ve^M5|bn8^Td^AUtzS2QesJp7Y{o6>OiH3Yq
zi>MJA-<><o_F-wtFk3$QZ1^ah(Z(3Ra+>Y|CM{KE<!Z?8IA#78+Ov0|<7s<n<t>jR
zgOgJB9*0bJXxBPccz~QjKSvcgXGU1ue%o~Dbx6JqOa6*>a>z^F;owM|z^?mN6>m3m
z^Tor3jMDAHm-_cE;BMm?J8EvuYwjBAA76ClP(dHa!SdoA8=LLSOS>w{)4VEuzBNnx
zz3S*{1Pv`mvk^fpcL?H}-}TCv=uR}KD^2=<Z~u~X8E{tW)95@|q-P4j9r%83s!-he
z{QlSC54%S53ldSePP~1Y8QR(-ILVmUM>}J!GF`-S>#qu*5>mO((uI5A<%{{^n<Osf
z#F)l)8^wX94~dt40rhTn%YS}oqlVaC#okWqL;K&#CKOnEMY!NB&+eLH-D2~P3f(V#
zJX~lbqhg9f`s(W9+!;e5ex*q&CRVr!B@Odk&Q{iQ5)U%oanw!3(<z<1<0R{?2DVAu
zO;X8Y#->i3d65};Fbgw*!9B8ONHtKdkI%$N$$i-3t+&wLHu8Yjq1sgXoT4)zk#Z53
zDppUY40X4^0=?g6b#Q|WENQ%;Ku)q-527w3aTA;L_->qEAE?G)vaV@c)XD3AQC-*e
z?LE?K9AwffNePiqa+B{gt6z9f$Dxc-#Gh7N2j%U0Nl84#I5w5<d$_c2#||L%eL<eE
zu(8=R_4D}a(n9^X<PXyqy)u&MFr&BcCTf4a+taa|^C<guc!$xh`%>t%u)x|kXNmrV
zyF`DSI3nOBr8+d?RLBzAPXX|2nX+0v4wC-B++rVCyTj%2X=&L?&5a3hSHz`UIj2x4
z<NKWj^QY%OtvFKKqIJttq#21ydA}q)O5+X|m0ph8v%T{key^hYW-+pTS(VFI#C+=z
zvYJeM;zY@ECI9i#^nEUN@JO$P>SoV$nX~HRy=!T88WIk798GWNxFl<v9+IA}PH)m`
zyO>}Td>39?Dp%I$ezei5@0moE4UT^TBYAcQCUx8WlNVW~L(!f$bQGfv#ikv#vCtzm
z-^OI`ywj~n6T9E<zLJ;|CXRHyaP5z6f=_m~Kg=fm%ocn7>sAOAFYD8?+dQ?^TR`%R
zd<odG;4Y~(^S7^Fm8@V2&x6=CXR>TA7TFz>X_fBm$u!xA6F=>j9=ofWcC2Wh;|KHe
zHza)|et?$t1xhF?`$v@rJxiqQdnTn?b>B}%QTLwM^w}ap|HSd+Ah&e6lU_x&T&)`o
z-gj?T-H>Q5y;l@6Wm74>P<1ZgM)*jN^v8Qq2}(V*w?_n5Zs7*b?d8DwUm$RnRu@mH
z7blOrH&*UuzbT-+oBrmDHv5b6l2<(U%eNi8edq)RWa^w9E#U+DXh1*xAV)c^Xy$#C
z8O~L^*U`LB<azHc=#k2u+4@dPs-z`-Tb&0#E;G|H%J*(**!G0uGBb}pGCG?f>5x0E
z>#~7;X6xuNbeaL`k9f4k1ux!nDHmyf(~XC=ORtC<$6|*B)%P|}dw6B6IlJAN3V!45
zTwdDQfR>{TimYvek#nblw15n+e#B<Z$@pKWw^rnirh?wz4}hlQnN^aVAR_S0y#3+Y
z<~-)qfioY9_qKg`;%NP>T<yYbNgvQNU`MQ4(@n{9bALBImL+$RUvEQk?@jDFuf4%V
z$leJ$Q5A_hT9J1C9Pae;gF9$}<3ic<ifJ9AOtCYiX2*Hr(Z9mZoYXYdnsM=y*YMCT
z8Dn2L@K*<S^kmVVcLyd~Y^$!v$Rc=~)v}*ic!cijPKuT&O{4zG?Qd6=+Ip=>gl(g}
z6e`0K`;56v<uy@WUBZ!~KsafH*O!RahZ-yCzb$Jws85*Vmh7VTJ*J#&r$#;O@|>%=
zPnl47<Y|T5{@n_Hg|-}j+89wJK+CJ1Vu&MTPe{-nZ0Fj4Qv9?*#dPZ@;8mAPp8xLb
z3zD)86vpo@5h>SqY}-~Du(a8s?^>Tmn4yc>$<vXzOZ`;$TD-hudS^?`NgTxb^WMm9
zt(5LD9hRzczSI7`W+#SpO^K%Tbn=hfg)BgMMMdi1O?1T*jpA|ad9U~0{N7}{wo!kK
zswcSVMhjQP0r17OzccBJWlS)S!(z6MF~;A563F#255IV^DNOHM^vJQXs*i8WcT7Cw
z0EBnpE{y{9ts7(gX@w2In5HCke)r>lf3N&!laVan2r$bV;cfL%f!Ig<a$!~!K;>mL
z!gns3^8}FBjd0(Y+Bv`lQkrt%H(^vX*dQ_-|HMc!!8^j{_^}QG*0H?&`e~c{{f)RB
zWs2OVu3|+)nSm<}h1=c~uF#b!2L6c>(>C)cXL+F=i7?ORA#UjN@n^abIKX-l#lVIv
zq58GpZA>ir1s8rTCM5<y2V4Ga6R3OyjA?(d-F%g0$kUk4*`;ly8xW)KQ&>fTNTUb$
zo%*r{X*_wDALBTae)+u6uJk8Rv}PCzFayW28VA=Pg{gPVV><h|OYp7WdH605xNqOz
zvTgzXRDh7WLN=9IHS8DQz2G}PE}}$82jM%zC)WGp^K~bdA;;m8La83a$P(ObT4=X9
zkP|V=6OolzF@zlYmkG(lrackhlc|8TI{Vo~S&6(*>IY(k3)crP!tG-^n~q)*+QArQ
z<!pE-2+&<br~O7$&tL<W4G#inV+}wzYaX>{4YDVulOn(yHvwMrs7-5-VSerr0)aRT
zm?-4Qt{UDI;GJU}rxs9mr?I*20(_3Y-?z~+wI%rDM%T*MZ<gfBhk<1b@=*!FrwM>c
z$E2KRS5ITBmJJ^W6t=?KY5;2<YX8-r0E3NkT7zh;M_2dZBI<OR$idf?K)A0uqfCtl
zR}-jw_%Vgmv*73Y{^4btEC{KEf6Msi{1)L$XY&a28k1!dplHRA4ZjzYB9vV=G+u!$
z@l_HOk4fwN-`mqQQw@BeiJC@6?IX$Gi5eNL_s~231ilI|(Z|VC_ftlUM)K@UHGX^?
z8riod-D#$wi*M1f^wJ;A3;2m`DExd>V}pkBg(Tf$)RG-W8bo=!!Lh*OlX)c#QfVzC
zq*QeFZ}rmAP^ZG<ni*=EIW=>!ND~cX6a6jTR(Fz$NhaXp5U1Wka62PV<Cm0Mm8t&o
z1avSqNf$Ynw-{~`R-hrz%}B0kX`0FVg1+sPpqU~00sSWVi}6Z~8-grPjad5bSdX6X
zpbt-%%1L^wSsJ!=?UzdP-sbr1rsne(bqB*0d9r_Pc_pb8BVV7Kd96{!UU?F9W#UV{
zjd#mKlWL6?wCUv}@PP3k^0pI0Gvn{jNak#wmzhSdrm{p*aZI#BUDiMSQBCE5B%3<)
z{t%PLu?kflBu)8i)XOKn7>k9O6v8y+IT<qVTXg8ghT57LK8(OzAB`Md|AT&YS@|R=
zRbqI=q}fzo@(}fMgc5i*@LrhHY0Zp8Q6QU*R}lML0!{Re>X*Lzb6-uK`eG|9&uJp?
zG9!;+s_{iLM|fmkVM~yDxJj#-{>0Y7b$WVc8j(pYI>W}sw(wqG&4iYw0b@g+V8Kf>
zqaGw_U5ECW_#~ecLLHlnJ@u+(#4_QbXf+}0?Biww?Zcg_G&9me)=7!5ivC&Z!ev^X
zyq%#4u}m!qJvFyJs#{ZjDkFKS(<n)o-TyQ(gxWe27;=3bx3xx;83B`lX$3LUC1&~q
z@<|a?iQgl6bmQk~yF*Q+CFcU8&Lr7<KX~fDt_8;i<sF<QXXyydR}IRt9#Z~u39+=M
zUuMQjU08`bkp}JZmxvLX^+(vw59r|iOQzZlIX_1DF%`R_tfDH5lgIThV+=+-?6#R{
z>(1#7vRv_U-;W0?N0F5;R~DyfWa7i)W<n1JfwS4p7e9o@&4uO$f#*5S+T;v5GR?Zl
z><-D2@v~~t)E;AyPnLfee%k480jWX$WEYFVbv{fZ=LnAq&`f6N^u0Tp9J+(dTtVQX
z={1Z&8d?4^T}HPO+-5d-0%NeLLH_bw$$o3_{>62Mcix0Ice7#_ot;F&H&)(Y>VqPB
z2Q1Jk#v|#M+4ZtT=jA(^XBw0bdq|y~OCZva7g$Tqvrox6Fh8p>52@^Mag(AO9+8?K
z`pEJMbC+3aihX857){N+mGKqf&8;kU?MP8Uui3~%sQEyu-!8h0a;0vM*>g&Ra=QnW
z6z*dO(<e3L#PedK8sz=xGG>*`_~@I~R5R~Cp)L!~19vq0$jXi$c0WFnB<3z3O%89S
zvD7%uH}yrlFq#Xy4U7dx&=!g7>Y|B)ss+<_a!%P4S-H_82_NpmX%Gq2^mn{mva*Qm
zp}B+tn(=HwK-s+Wa<FoKgR&Ahc*)s5Let>VlPuXzx{OR^%Xk5Q$8<qvw~|Suf!>A?
zjKPNAW*5}j!7*2-3rw6Xbz6AOF({6+eF<I0aBl1g#^7=3_5Zs5`fIP~-SkA?{~XtC
z=>YV@v7WkM!q}hBA1yuQPx>^rKVd3vwv;jSjE_Z}RzLq%@Cb3NlcqSH)Ax`74OBJN
zZbbBUa~&E3X3AFi!k4EeW0x%*9Qq9$<`229>9M2<5<h7!1ie9;G}|FVDLVVIC$k55
zjozMY=}=dhRg1`;^*5iG$yr`g=MKgSn4xq_nb^v#4+wFFe-+n3ow|9N?Ldr57tRF$
z15|?x_qYzAsC06)63A2c7D1wqR`tzz-a-DlWk)xyDyZ?qzoyqBeCUG6!ODygYLVCh
zp2L?tKWLwZ4IGvZ1@j!Tqve_{9X7La0t8V?YM#2`>+C)a85~_Wv}6qK<vL9CKajRe
z{!A+umnvc9gcMqK7zbFDRR-B>b_*G^Icb|nM(3l`D@ESgEoIUwt@{nGBcrnK<CYGU
zuj)w>5u;0o97Rz)K)8%Hk52y?ZdGmB!S*=@gxGt=mm~JuEjTcu<vt+Z5a<R|-BC){
zJmYH-Z)CU*l<4%RXeDjW_zc9GxsR^zu35^EDs_4d?gTFDWj5ZuOc+}zNBCUK6kFgr
z#74<Ivh3&>$pNjZUs%?QM}nf$UqvfPd&a**1gEhbilXJX4#KMNeGR9;-YR#cPHUgc
zS2R2M<<y?fw)b{!Q3{Ze9?&m`YiEI~_3khKK6th%IcnRlh3K3E%mvu4vz?`7K`_T@
zY7b5NA#HLh$7@+#8oadVU=)>}7o}w98E=_fT)DYIUS~Wf?{$2o@y0w_)tcV#7g0)^
zJi*?St(F~lS%O3h&5G?%s2*9ofL|#@%==~a(lWUYDKYMid%sGJ`)?XoI+bSJu7>{K
zn{f#P<5mYn++E1(*~<|)UZr2!p2FhX93Hv#I5ZGBi7}~zTGwkGK>OGHgm2O4v^939
z4RlwKQnd}HyqbD>_oN#Qz1TcmH!@0`tk*Jp#o{p4^;qLXi5bk7`g$!BSSQCF|2mVE
z6&Zqj1*Mpq(`<TexBYTfOX=YTh9c=28Y=0&`X^|`&r-8#awe=%Vynn!J@l4o!F&IP
zAoa(rp0BopeF_l~n3eZEw#hwQ_88Hr!cE19#*B|=J)Iz$zcizV!5q^n>_iaUP^8x3
zdZ-DMLi)hUdQk_>xuPnW^eiyYBE&s6i3^kMi{1S>b}P;1o9&~%dZ<fMRX!`IKH^T!
z%X%oXPHPLS)9tfuaxWKJfi#C@c<of(=}c=WPE{&nA%l^#FKeOnvx(JrS-26R#t-g*
zY@OCB%(1#mG=WsNqxC!jmV%|}{s^=1SP4N!)oWeaLIbzhCbx3SLy$2iNzk?jZDMHR
zZ3}t#T*7HsX9HOES;P;&<{*pURMt}#kz6Z0^3YA?V+GZ<gG&iS5(6#N-Es$icG=!>
zog%hQU=G$n{Uud*9;UU_r;dvJ`_*dE-E&tyCTS`^VT}yiCU<e!)5J*yQgFD%G{irS
z1Vxgx=x(_y?^2ciXFzu#viHX69)1Aty9hBN9NFy>o6YhD;(W7lB&Z^IDcHiwO(j=M
z(@o*JYMXH9ZPL0ZsoECv7_4!!=i53l?G4j^FkU364oS<v;q2{Asyn4=Ok(iXO{$W|
z&QAVgQUw2W$DiFzLo>&S66RhTX-vf6`qa1}3)pWzy~qkG&%8~96dY)=2i6&&2urDA
zaaQ>Y@x!(lEroVl@BdBFb;-tw4yd`WLOdt22_slgNRMCcZ6^RsLCE|9Kx~xhD#Y*s
z5EKR983^c3MX4t6;5RW`cy{pjD{#p{AR^@Fcfg8++Az6(xPQ<KzL~(sC*A{|&Xtw4
zOUz)&uNs#GzvP9~Te}-G4|S0b_N+mklvLL~A!Ms7R{_=K+XH)>fWSr6gS*0{976Wv
zmSgkq!XKif+{(7S1hioCehG5D*C66Cj`>3BLLCo<9uZSkCIZNz(&cF294ZyiF)iAt
z75E1#w5$FqoRj+SW*I^RpP0fru>=a`V%`FL2_1+vO=uI~hx?Ng0OQwOcxK`8Tmk+}
z2cX!lTExerZU8pkR*C?6tPSW^bLj>?H7~#=HuNpRx3YyvlpK33fL6u<I!4;r0LS4w
zpf*lbXO}z!f@t29UzU7@0<m#E-Zxe>G&X1rvI6X-Cilk1bKvJ3!50Pi16u&}Xb13V
zBVcpg${0YW|G~c6BTSNRjGe*e*R4RlX9G_U7GVKh|0!&~=?cW51IUDQk7Dy%XRy+n
zpkr7)wvajtE9dC#7{iw6EJF;`!ScTVMXjo7Y`*QRXpD(ApnFLFA;hH}_~iFqashsD
z7RMIa?Q0yRAASz~5wS_*y@))cN}wPXWt~t-+WrE-?Pn-;00XXk1(KNP&8D>;2%?T+
zDROFW05Oi9lIXslVd@IlP!P$jz$Zn%%08i;=~o<IL875~7Mmt7z?;bmsd`?*mObK2
zaP19I!BGG+`cq5_5iouV^fY+>fmHJGQj75acSjVZTioQnNM0}V;3iwK0i#FVJ8wKb
z{CPtw`htv%tNyXL83~Di?GkI}D2?L}ZIZ$?t|@=481`Q)9R87Z<wddi>YI-wH-%Xu
zrB3V49=R8_&@oK@SZbd&_Xd!~64vO^S_W)&XiP#0>ab$t2f5!KdY5U;H?YoLFs-<m
zMdU-H11(CgxvO}(;bn(xANiA@TJ>6}5?IRm-pVgrnj5Os+Ty6%HozqXO<<gmb<j5z
zcF7cOxltW-qJo-!fQC-#vCRs%cmQl6wT@v(VaTC+Ep!A8oRq3`kM(q%c%}}PGQfqd
zx+%mEEWX&gDLjOw;8;!P4@0i*sYu%O!l*Y4S?ctgyDWU6wJ?44U_}y2b?0%K&1c&S
zU=oyFL1lW-z~2o6#)t`%7`JZQkqRkz(k=3Bi~KsMPMwysyUJ4*X8=xX>9+02eScfN
zhdX%`f|66UB|jxa(wM>lU!0Gs@6`#SNw`IxCJmgNs&tptQ*XF%rrq{J`4%-ItLIU6
zis$f7_uSVPamQ%r8G=aT$AYCq({#gUF>J%?IpRRL#m)SBt*93(w&b2bWGng7S2vQ@
zM~!-|a8xs)|CuPFr-yAfi$eF&4PXB}jImBuqpY<tHM?5T9nU<oK#jT4Wh>LeHF0wI
z({^L`6wxWyJy&FEIU|aB;)_(J5*8=iF`opruG7Mn&7N=GF0H!L><>|53Nz%KyiwJ+
z3C6_e$!Ab5CUHMu6uw4J7$7d3lPzQ0Ska2#dwPk_64{W2kBvT}`D@SLj}l)AU-~u0
zg;-3Jpi$dLAqA&Ja?J&NV%@r{r|yh%E$eiuMu@r5FvolUj(W@UR3#$o=_N+CoZgn9
zZLx0nP4O(T3F18<^6MvV_ibch#^XkwLimOXyIJFtIw8n959)WOJSfc#kES2+j+x)$
zIb@3qv7j$cW6ZCPx<yBOhPmZF>`HS}h)_+e*YZ76VYlbfK_pZ~Hu2a~m;Y#5RW=H#
z4}<3q7UCaNG_5grFZzmh7!J1*z;z*HdVp>Yio665*6%#~%YA=FC&HWgeVK*5wq{r*
z`8BCAn<UPIt3v_i-!{PP#N~F$<~7KH8X@%?*sXtf=|Y`Vr2v0y7@#oA+~~l-^;HNv
zCWX_i=3zZT0K_KC?mfJcIEl?$HQbUq1Y|Cv9*e<u-UM0(5YN@h0po?Pb=~U5{I?{5
z0tnuA2|$-q&M>f)RYM;Dt?>#FW0Z-uCeX5>XtR@z>0Gt$!X|!8`{Vk<q44P<{5?h}
zMItDD0D3qm$5Zf~!2mOjaN6jZxGoP~F?W-u8?#~e7PWf7d%CQ37Ms6pxUo%q^BP3g
z9Vp(s3@M69!3wGEp8yaKwL|n(6P~dgFuLxJJiTi8`W)^PAD`>l9VV*gR1m~n8Kk-*
zpy${!WZVjO4DS2VwWu2?ci)<Kkq4&;RNRDi{=a~{*fqm)(Jc7u?HA_P)n`QNVIa?8
z#c<`~ORKN@oM23BNv4n*!RV5xCcJq7Q_KN+>ez6GK&2Y!A=M_A6sUeM^A}2y2|JeH
z6~ih6BBKb$Txciz2b(JnfO`>5Ol%E|uMh#3Ob4>WS0TJrOINJ)Tv-tZelb!gg&lk!
z$3s;uL!Qe4=(g<^d#kp^vmvg0{MJ5TARoZ|iV&MCJ3fLPI(sOIha!qLRKChQe3Rf`
zH|&b61prPW#1XCjX_ayT@5!=Ez<Z)B;?=&%6^IF6MMd)13S_&ksJ15ldv}0olR!aK
z0Qw-bJK8c*R&=id&{;ywL-{IR0Fz6@<CmT+nkTm-{wpW{m7z^)qRjjdJfF;0fQz<!
zBpXgAF2EI+4P(|I(tMSV0{rJS!@@O4a7@Zsp!oeCtU1{pcf0)<2QK?TGMF64S3tqr
zo&wd@q6}Lz>{)@_ay2L(NwmGB(`a;cj~`%DRr5NNgF42AcQ%UOz6RfU1pv1qWWECf
zi>i6JRYS?tK|qa-((jFtRRVN_{$N3ChStlFg#)ztS1fGE)opO!9dl)*Ca~5uQPST4
z(1RDO=><4JZk_<|4VOHNGZEn9L;G%nh^C260{kdJs=jZZ5sQm58a|%63i(j{oG@Ad
z1VO$6B+Uah@HR7m+1UqxmQX%Ra4WuwhR|-R``=w>b!K#@>SP(fX&M3)*9>PjItfFV
zeL#7rtOO4=v<BJj0-#G>wW|nmEx>XYeR%P(oP@WAXV#I73kG4qt;YLkJM<W?1cs}w
zm4?hH#aJ@Iq&Fs5Po+9Ewc+dPwgZI)!0Q_q4V4YTzRw6RZpiCify{2687XU>#txua
zb%ZwxYTB&;6wFrue4QNsU`a1uJSOaiUyn6jgY<K@jKs)B0_a~|fXPPDIE42YmcQ1O
zuq6vX@=yU)1n~uUDRTjSbJg&r%X*lL2N8ze2Aj!17Ka0WEXcji6Wh;$PX`L61`uK^
zkPFFdc!~~Rp^DJl3PhOZ17b_4yk*GE>r(vy8-j}#s8|c_C?K&ISyh1PX9R$!%K{hR
zO2O-bi16}*<zNklowG3M8^ZetB@AehpT+KZ5e82j22n+IN|R)X705{~p&hfqcMR)v
zbPbZudyoSJ$+6+&vZNmooWvXfK0ga+@`?2T&~GYNAny)!37H=!=P%}F<N<2$)-8Cm
z8<F$vbT+*4HV1C9Y?vUlBMPZg0zQ8N4^*Ro|G#{+SG!S2JuXm)1+q>YXkulQr@gD^
z{l%68BkJ7%^apTn2(UUni_JUmUMNLD-0}G&zz<oPqyJ*9_@azbxJOWWD>@OOT-P9#
zMM7$r6?|M+C8P$3mOod<UV<yt065-y>S)Kv-UiTME_}cEKPf$0c8?7&lvsw8r&Av-
zL!Mj`Qtx&HMLblq03TWf1d&9A>uY=k^F~TLu)IX9p$<`1gi;oOcf}44+yz|1gYVA;
zkOx;G`Gw7`Lc1%?Qh8o{1-?T99SHn3lBxx+k)!|=k9JYyWBDpT|DX#{%wS@@L{BIX
zr1Jx)l3u6Lvg4msY+OWLeE-UGNsW>J4%lpB6^^C#KNhX-B%`c*4I*VJl%gYo2;nzs
zS0IKW)D=VPjq<y``EGg*1R;6wQZexHWyAaR?xI5?;}6yi%~v23MmMk=4f*&(3IKSt
zOkxf4{vi<5-UP%h8!{K+DOLb@qU_7i%uj*B?!k4X5+8qo0`iV={34WkP6+1T_1uf?
zcS|1zq(wgoh@eI4M}$%5El(!m-wJ<x_U7YnCji!>=UmLA1_lfMGc*PL=fhxNNnqGf
z`2b7jb-xK~kel_xb7A?Sa(q8;mY4o4008f&h*tIqWFx>wMF6_Dc<=!^cJIx^HAtpd
zoB;nLkFPK<rsZ^UfwKmwiAfnOD}7gK1Td$()`K9n3c0@uF<6C6pt^uO5&V67pm=}b
zP-pyc0p1Eg&##<{X#pZUI7{&T%u@md%Mk(IO`!1KCCl#z(|tGc5&T>Od@<5O+AWt)
z(lS<}F;PcUeQATXhCqdBatl{GWc@wV-aS{%P2sevZ6*tuSr5&*`r*ia*T>Rs3i+wQ
z5*>apM~MolPTNO<@3x|os8ubrmTJqX*BS;!67RE&t5WyhpTK;%?yj;@Ayu8a<2To;
z9{Pt%v*J`py-O7jx7c%l7T<4sVLOS1G`ek3?ymBWAui0KP}C*E90$jUm%Csox5DXM
zZ{$xj6>rDFxYR>Ow)+?`11*+nV4Zfl!`#?<=&!oe9m8DhFy#9abu3&s((jf7AvN5B
z0dqu#BTMSFT49}F(MS@Lm``93OJY<dXE8(Q35=I}?n^URN(3$br)}0O=1Uf=bHNPe
zcttd25tb6Tu3qs?yGCody*WMzsaLO6C@Dq%oR<Mh5tTons<y9K$U%(1tm;k+weO#~
z_9sR#HTBTsxe3G#mc)3yRv%2Zn_KQ$rxop<+wg7O!yeHhrz-3`RiDk*LVMluccSgX
z@$ZRc>-41qk$$L-XmIW<#_5Th%7>a_!n!)IHs{6FAY{?H94IO@+_{vwE>4aT^`hNG
zV4}#rG46F&2v)VNWA)4u2ZXSc5E`@hCe%Imi+#8S%*HKuTxMO@!X!FH)~~y5_|x=p
zHiB|6PWgW(B3IpVI~pIR?x1taod-fjLsZ9Gut65@Hz@YnUg&erh1>~OwT%gZIj;U}
z?QYVJTv-{ud39#C=hr^Yw6H{QbM9uC(gvc@CWO=32a8F~TZc%kts9HB)B1PE9_JA~
zVuxz=9sP8DOKrX_nk`0#pK>kObmR2hJOB9tc6TzA+|4q1#v(LqiGNh|gvKG?W45*U
zZ;ZdZUvchuH%skq_~>Y80H2&;9brK9uv>mBoH?mTXOXHRG)G;JVTR0*bD`Ri2GJPJ
z9-T^Xx7mg5E|taRW1%37L9OwNhKxw5xyvDZycOZx9&b#*7ysfxR^YsI7?JL9GtH;6
zSc2``zhRIS@oE^X(~vXN_kApMC~@BT%3iXvS0%c)HauH8!r(DkK4eaU&Kg+L|8X^@
z(wdy}l`Oy3bofy!E$eWE!H<v^{swbnCz{QA#zKoC4X$}mJAoqhl{tyOyZ4NSo;i7S
z3Qno%F|)?pyBDb`1gEv!F>vvqzL^LuUvS3oOnZM;2CtHpBPzkeW-?QudSR6|gz(;%
zwCZ;ennJq6Aw-s#-@GZAoa2`tEoYR%G$+%t3>Tdl4gX?g#S@7cVc;*#5eDZfixoMh
zO6MzEu(2<V=*jw(#jnHP$cz+tMQVOVk#k;Z(;Xrz(X%6=5g3CY&|K?i=y7`wsk-pq
z99s3;2+iR;28m-ft-o1nGLh?@tX9w(&r~**_LOS2G8Z}~nM=dX7Dz0bw$Ii-Z^w|8
z5tYn0=`_y7NNC8P0{cp<JC)2A4YaJV$pZT!@S!`Jlk{XV&6vkAU5qfu^PoE6!^P*;
zW5ix}8aEYsS%l$vvzf}WA8wGhpv#cg@e>wJhd#*fbguL$lU`Q^71EOp&E`$tFCBT|
zJLE#lV<|3~-uy;43*wrN!ab--^|T-%J-LXM6@`cbh0cVU&opF&xBNTRURCcS$~e(H
UHD=7#|6k=`>wLW8m{;8Y0U5PrK>z>%

diff --git a/php/public/style.css b/php/public/style.css
index d4c25a8e..d4482197 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -11,24 +11,23 @@ a {
 
 a.button,
 input[type="submit"] {
-    padding: 6px 16px;
+    padding: 8px 16px;
     width: auto;
-    min-height: 34px;
+    height: 34px;
     cursor: pointer;
     background-color: #0082c9;
     font-weight: bold;
-    border-radius: 100px;
+    border-radius: 8px;
     margin: 3px 3px 3px 0;
-    font-size: 13px;
+    font-size: 14px;
     color: white;
-    border: 1px solid black;
+    border: .5px solid black;
     outline: none;
 }
 
 a.button:focus,
 input[type="submit"]:focus {
-    color: black;
-    border: 2px solid black;
+    border: 1px solid black;
 }
 
 summary {
@@ -97,7 +96,7 @@ div.toast {
     top: 50%;
     left: 50%;
     transform: translate(-50%, -50%);
-    border-radius: 16px;
+    border-radius: 12px;
 }
 
 .login > .monospace {
@@ -110,9 +109,37 @@ form {
 }
 
 input {
-    padding: 10px;
-    margin-top: 15px;
+    padding-left: 8px;
+    padding-right: 8px;
+    height: 34px;
     margin-bottom: 15px;
+    border-radius: 8px;
+    border: .5px solid black;
+}
+
+input:focus {
+    border: 1px solid black;
+}
+
+textarea {
+    border-radius: 8px;
+    border: .5px solid black;
+}
+
+textarea:focus {
+    border: 1px solid black;
+}
+
+select {
+    padding-left: 8px;
+    padding-right: 8px;
+    height: 34px;
+    border-radius: 8px;
+    border: .5px solid black;
+}
+
+select:focus {
+    border: 1px solid black;
 }
 
 .login > form > input[type="password"],
@@ -137,17 +164,16 @@ input {
 }
 
 .login-wrapper {
-    height: 100%;
-    width: 100%;
-    background-color: #0082c9;
-    background-image: linear-gradient(
-            40deg
-            , #0082c9 0%, #30b6ff 100%);
-    background-size: contain;
-    background-image: url('/img/background.png'), linear-gradient(
-            40deg
-            , #0082c9 0%, #30b6ff 100%);
-    position: relative;
+    min-height: 100dvh;
+    min-width: 100vw;
+    position: fixed;
+    width: 100vw;
+    height: auto;
+    background-image: url("img/Background_Light.jpg");
+
+    background-position: center;
+    background-repeat: no-repeat;
+    background-size: cover;
 }
 
 main {

From ef66df0f08e1769eaba9409ad6784a906d38b1c5 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 8 Aug 2024 19:27:14 +0200
Subject: [PATCH 2412/3949] Proposal

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/public/style.css          | 81 +++++++++++++++++++++--------------
 php/templates/containers.twig |  2 +
 2 files changed, 52 insertions(+), 31 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index d4482197..d0ce3e63 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -1,9 +1,22 @@
 html, body {
     padding: 0;
     margin: 0;
+    height: 100%;
+    width: 100%;
+    overflow: clip;
+    background-color: #0082c9;
+    background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
     font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen-Sans, Cantarell, Ubuntu, Helvetica Neue, Arial, Noto Color Emoji, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol;;
 }
 
+h1, h2, p {
+    margin: 8px 0 0;
+    text-align: justify;
+}
+h1, h2 {
+    margin-top: 16px;
+}
+
 a {
     text-decoration: none;
     color: #0082c9;
@@ -18,7 +31,7 @@ input[type="submit"] {
     background-color: #0082c9;
     font-weight: bold;
     border-radius: 8px;
-    margin: 3px 3px 3px 0;
+    margin: 0;
     font-size: 14px;
     color: white;
     border: .5px solid black;
@@ -108,36 +121,20 @@ form {
     margin: 0;
 }
 
-input {
-    padding-left: 8px;
-    padding-right: 8px;
-    height: 34px;
-    margin-bottom: 15px;
-    border-radius: 8px;
-    border: .5px solid black;
-}
-
-input:focus {
-    border: 1px solid black;
-}
-
-textarea {
-    border-radius: 8px;
-    border: .5px solid black;
-}
-
-textarea:focus {
-    border: 1px solid black;
-}
-
+input[type="text"],
+input[type="password"],
+textarea,
 select {
-    padding-left: 8px;
-    padding-right: 8px;
+    padding: 10px 8px;
+    margin: 0;
     height: 34px;
     border-radius: 8px;
     border: .5px solid black;
 }
 
+input[type="text"]:focus,
+input[type="password"]:focus,
+textarea:focus,
 select:focus {
     border: 1px solid black;
 }
@@ -177,11 +174,28 @@ select:focus {
 }
 
 main {
-    padding: 20px;
-    max-width: 100%;
-    word-break: break-word;
+    padding: 0;
+    margin: 50px 8px 8px;
+    border-radius: 16px;
+    background-color: white;
+    position: static;
+    overflow: scroll;
+    height: calc(100% - 58px);
+    width: calc(100% - 16px);
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: start;
+}
+
+section {
     max-width: 500px;
     margin: 0 auto;
+    display: flex;
+    flex-direction: column;
+    align-items: stretch;
+    justify-content: start;
+    gap: 16px
 }
 
 .logo {
@@ -199,12 +213,17 @@ main {
 }
 
 header {
-    background-color: #0082c9;
-    background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
     height: 50px;
     justify-content: space-between;
+    display: inline-flex;
+    position: absolute;
+    top: 0;
+    width: 100%;
     align-items: center;
-    display: flex;
+}
+
+header > form {
+    margin: 0 8px;
 }
 
 .loading {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 91e18424..4d14de6a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,6 +16,7 @@
     </header>
 
     <main>
+    <section>
         <h1>Nextcloud AIO v9.4.1</h1>
 
         {# Add 2nd tab warning #}
@@ -674,6 +675,7 @@
         <script type="text/javascript" src="before-unload.js"></script>
     {% endif %}
 
+    </section>
     </main>
     <div id="overlay">
         <div class="loader"></div>

From b892917671a1cb7e8ddeb246e2cb7325c459ef66 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Aug 2024 13:17:51 +0200
Subject: [PATCH 2413/3949] Revert some things in "Proposal"

This reverts parts of commit ef66df0f08e1769eaba9409ad6784a906d38b1c5.
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css          | 65 ++++++++++-------------------------
 php/templates/containers.twig |  2 --
 2 files changed, 19 insertions(+), 48 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index d0ce3e63..3d77cdea 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -1,22 +1,9 @@
 html, body {
     padding: 0;
     margin: 0;
-    height: 100%;
-    width: 100%;
-    overflow: clip;
-    background-color: #0082c9;
-    background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
     font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen-Sans, Cantarell, Ubuntu, Helvetica Neue, Arial, Noto Color Emoji, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol;;
 }
 
-h1, h2, p {
-    margin: 8px 0 0;
-    text-align: justify;
-}
-h1, h2 {
-    margin-top: 16px;
-}
-
 a {
     text-decoration: none;
     color: #0082c9;
@@ -31,7 +18,7 @@ input[type="submit"] {
     background-color: #0082c9;
     font-weight: bold;
     border-radius: 8px;
-    margin: 0;
+    margin: 3px 3px 3px 0;
     font-size: 14px;
     color: white;
     border: .5px solid black;
@@ -123,11 +110,16 @@ form {
 
 input[type="text"],
 input[type="password"],
-textarea,
 select {
-    padding: 10px 8px;
-    margin: 0;
+    padding-left: 8px;
+    padding-right: 8px;
     height: 34px;
+    margin-bottom: 15px;
+    border-radius: 8px;
+    border: .5px solid black;
+}
+
+textarea {
     border-radius: 8px;
     border: .5px solid black;
 }
@@ -140,7 +132,8 @@ select:focus {
 }
 
 .login > form > input[type="password"],
-.login > form > input[type="text"] {
+.login > form > input[type="text"],
+.login > form > input[type="submit"] {
     width: 100%;
 }
 
@@ -150,14 +143,12 @@ select:focus {
     display: block;
 }
 
-.login > a.button ,
-.login > input[type="submit"] {
+.login a.button,
+.login input[type="submit"] {
     margin-left: auto;
     margin-right: auto;
     display: block;
     text-align: center;
-    line-height: 33px;
-    margin-top: 20px;
 }
 
 .login-wrapper {
@@ -174,28 +165,11 @@ select:focus {
 }
 
 main {
-    padding: 0;
-    margin: 50px 8px 8px;
-    border-radius: 16px;
-    background-color: white;
-    position: static;
-    overflow: scroll;
-    height: calc(100% - 58px);
-    width: calc(100% - 16px);
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    justify-content: start;
-}
-
-section {
+    padding: 20px;
+    max-width: 100%;
+    word-break: break-word;
     max-width: 500px;
     margin: 0 auto;
-    display: flex;
-    flex-direction: column;
-    align-items: stretch;
-    justify-content: start;
-    gap: 16px
 }
 
 .logo {
@@ -213,13 +187,12 @@ section {
 }
 
 header {
+    background-color: #0082c9;
+    background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
     height: 50px;
     justify-content: space-between;
-    display: inline-flex;
-    position: absolute;
-    top: 0;
-    width: 100%;
     align-items: center;
+    display: flex;
 }
 
 header > form {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4d14de6a..91e18424 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,6 @@
     </header>
 
     <main>
-    <section>
         <h1>Nextcloud AIO v9.4.1</h1>
 
         {# Add 2nd tab warning #}
@@ -675,7 +674,6 @@
         <script type="text/javascript" src="before-unload.js"></script>
     {% endif %}
 
-    </section>
     </main>
     <div id="overlay">
         <div class="loader"></div>

From f37b474708ad9319bc3a83c3c403ce9bbd255035 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 Aug 2024 12:17:39 +0000
Subject: [PATCH 2414/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.3.1-61 to 1.4.0-1.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 6120f818..7e715297 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-61
+FROM clamav/clamav:1.4.0-1
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 12e4b0d5612f2b1f3190802ad80a747dfcaa4e36 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 16 Aug 2024 16:40:35 +0200
Subject: [PATCH 2415/3949] Update readme.md

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/readme.md | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index cdd1db04..ff37e744 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -1,23 +1,17 @@
 > [!WARNING]
-> The Stalwart server is under development.
+> Be aware that the mail server is the most difficult service to deploy.
 > 
-> The stability of Stalwart services is not guaranteed.
-> Do not use this feature as a main mail server without a redundancy system and without knowledge.
-> 
-> To learn or use as a secondary server enjoy it and please report bugs at [docjyj/aio-stalwart](https://github.com/docjyj/aio-stalwart/issues).
+> Do not use this feature as a main mail server or without a redundancy system and without knowledge.
 
 ## Stalwart mail server
 This container bundles stalwart mail server and auto-configures it for you.
 
 ### Notes
-- This is only intended to run on a VPS with static ip-address.
-- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 587, 993 nor 4190 yet as otherwise the container will fail to start.
-- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
-- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
-- The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker inspect nextcloud-aio-stalwart  | grep STALWART_USER_PASS` to obtain the system administrator password (username: `admin`). With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
-- See https://stalw.art/docs/install/docker/ for next steps.
-- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
+Documentation is available on the container repository.
+This documentation is regularly updated and is intended to be as simple and detailed as possible.
+Thanks for all your feedback!
+
+- See https://github.com/docjyJ/aio-stalwart#getting-started for geting start with this container.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 1792d4c2fc6ab654d327e40f80921a49f9c7c9e3 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Fri, 16 Aug 2024 16:41:41 +0200
Subject: [PATCH 2416/3949] Delete community-containers/stalwart/upgrading.md

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/upgrading.md | 29 ----------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 community-containers/stalwart/upgrading.md

diff --git a/community-containers/stalwart/upgrading.md b/community-containers/stalwart/upgrading.md
deleted file mode 100644
index 958f4355..00000000
--- a/community-containers/stalwart/upgrading.md
+++ /dev/null
@@ -1,29 +0,0 @@
-> [!NOTE]
-> Unless the starting script tells you, you have no action to do to update.
-
-# UPGRADING
-
-During a major server update, this message will be displayed:
-
-> Your data is in an old format.
-> 
-> Make a backup and see https://github.com/nextcloud/all-in-one/blob/main/community-containers/stalwart/upgrading.md
-> 
-> To avoid any loss of data, Stalwart will not launch.
-
-If there is no update, delete the `/opt/stalwart-mail/aio.lock` file from the container. Beware of data loss.
-
-See https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md
-
-> [!CAUTION]
-> Before each update don't forget to make a backup.
-
-## Upgrading from 0.7.x to 0.8.x
-
-Before upgrading, do a backup of your data !
-
-```bash
-sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /usr/local/bin/stalwart-mail stalwartlabs/mail-server:v0.7.3 --config /opt/stalwart-mail/etc/config.toml --export /opt/stalwart-mail/export
-sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /usr/local/bin/stalwart-mail stalwartlabs/mail-server:v0.8.0 --config /opt/stalwart-mail/etc/config.toml --import /opt/stalwart-mail/export
-sudo docker run --rm -v nextcloud_aio_stalwart:/opt/stalwart-mail -it --entrypoint /bin/rm alpine /opt/stalwart-mail/aio.lock
-```

From 108035c7209109f4cc01ad794ce4f572450bbf6e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Aug 2024 11:48:33 +0200
Subject: [PATCH 2417/3949] update bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index f0338b79..c1cdc826 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -22,9 +22,8 @@ labels: bug, 0. Needs triage
 
 ### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
 
+#### Docker run command or docker-compose file that you used
 
 #### Nextcloud AIO version <!--- (see Nextcloud AIO interface) -->
 
-#### Current channel <!--- (see the channel name in the AIO interface) -->
-
 #### Other valuable info <!--- (like logs, screenshots & Co.) -->

From 22aa12d8751e0f3508886e5332d11f2d6441cccd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Aug 2024 15:02:10 +0200
Subject: [PATCH 2418/3949] increase to 9.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index bb0248fa..14b584e4 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.4.1
+version: 9.5.0
 apiVersion: v2
 keywords:
   - latest

From 6587f9ff6852a13f3033e6d692407a728def2b64 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Aug 2024 15:07:40 +0200
Subject: [PATCH 2419/3949] Revert "increase to 9.5.0"

This reverts commit 22aa12d8751e0f3508886e5332d11f2d6441cccd.
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 14b584e4..bb0248fa 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.5.0
+version: 9.4.1
 apiVersion: v2
 keywords:
   - latest

From 3ccdd332a99307a180816280279847549ebc44f8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Aug 2024 15:08:57 +0200
Subject: [PATCH 2420/3949] increase to 9.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 91e18424..a95106da 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <main>
-        <h1>Nextcloud AIO v9.4.1</h1>
+        <h1>Nextcloud AIO v9.5.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From 50acbb62d86f69c81ca7e0fdf27a68f27512b52c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Aug 2024 12:34:28 +0000
Subject: [PATCH 2421/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.6.1.1 to 24.04.6.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 668457c6..39181a2b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.6.1.1
+FROM collabora/code:24.04.6.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From f67015732f0aca7046775ab4e64bc63d12a69dac Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 Aug 2024 12:03:20 +0000
Subject: [PATCH 2422/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ecbba1dd..26289263 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -997,16 +997,16 @@
         },
         {
             "name": "psr/log",
-            "version": "3.0.0",
+            "version": "3.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001"
+                "reference": "79dff0b268932c640297f5208d6298f71855c03e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/fe5ea303b0887d5caefd3d431c3e61ad47037001",
-                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/79dff0b268932c640297f5208d6298f71855c03e",
+                "reference": "79dff0b268932c640297f5208d6298f71855c03e",
                 "shasum": ""
             },
             "require": {
@@ -1041,9 +1041,9 @@
                 "psr-3"
             ],
             "support": {
-                "source": "https://github.com/php-fig/log/tree/3.0.0"
+                "source": "https://github.com/php-fig/log/tree/3.0.1"
             },
-            "time": "2021-07-14T16:46:02+00:00"
+            "time": "2024-08-21T13:31:24+00:00"
         },
         {
             "name": "ralouphie/getallheaders",
@@ -2027,26 +2027,26 @@
         },
         {
             "name": "composer/pcre",
-            "version": "3.2.0",
+            "version": "3.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90"
+                "reference": "1637e067347a0c40bbb1e3cd786b20dcab556a81"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
-                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/1637e067347a0c40bbb1e3cd786b20dcab556a81",
+                "reference": "1637e067347a0c40bbb1e3cd786b20dcab556a81",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0"
             },
             "conflict": {
-                "phpstan/phpstan": "<1.11.8"
+                "phpstan/phpstan": "<1.11.10"
             },
             "require-dev": {
-                "phpstan/phpstan": "^1.11.8",
+                "phpstan/phpstan": "^1.11.10",
                 "phpstan/phpstan-strict-rules": "^1.1",
                 "phpunit/phpunit": "^8 || ^9"
             },
@@ -2086,7 +2086,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.2.0"
+                "source": "https://github.com/composer/pcre/tree/3.3.0"
             },
             "funding": [
                 {
@@ -2102,7 +2102,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-25T09:36:02+00:00"
+            "time": "2024-08-19T19:43:53+00:00"
         },
         {
             "name": "composer/semver",

From d7caa2a7b4520738748f065e805b322adfdc13ba Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sun, 25 Aug 2024 11:54:52 +0200
Subject: [PATCH 2423/3949] Fix

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
index ff37e744..b34f04db 100644
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -1,4 +1,4 @@
-> [!WARNING]
+> [!CAUTION]
 > Be aware that the mail server is the most difficult service to deploy.
 > 
 > Do not use this feature as a main mail server or without a redundancy system and without knowledge.
@@ -11,7 +11,7 @@ Documentation is available on the container repository.
 This documentation is regularly updated and is intended to be as simple and detailed as possible.
 Thanks for all your feedback!
 
-- See https://github.com/docjyJ/aio-stalwart#getting-started for geting start with this container.
+- See https://github.com/docjyJ/aio-stalwart#getting-started for getting start with this container.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From 7e9a39a0746ce96f8b23c1285a954138634c02ad Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 28 Aug 2024 12:07:03 +0000
Subject: [PATCH 2424/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 26289263..55d02eb6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2027,16 +2027,16 @@
         },
         {
             "name": "composer/pcre",
-            "version": "3.3.0",
+            "version": "3.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "1637e067347a0c40bbb1e3cd786b20dcab556a81"
+                "reference": "63aaeac21d7e775ff9bc9d45021e1745c97521c4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/1637e067347a0c40bbb1e3cd786b20dcab556a81",
-                "reference": "1637e067347a0c40bbb1e3cd786b20dcab556a81",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/63aaeac21d7e775ff9bc9d45021e1745c97521c4",
+                "reference": "63aaeac21d7e775ff9bc9d45021e1745c97521c4",
                 "shasum": ""
             },
             "require": {
@@ -2086,7 +2086,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.3.0"
+                "source": "https://github.com/composer/pcre/tree/3.3.1"
             },
             "funding": [
                 {
@@ -2102,7 +2102,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-19T19:43:53+00:00"
+            "time": "2024-08-27T18:44:43+00:00"
         },
         {
             "name": "composer/semver",

From 8712b3fa1750dec51341d4d58816a61538f79f6a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Aug 2024 12:16:51 +0000
Subject: [PATCH 2425/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.18-scratch to 2.10.19-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d3d3e623..7c5ba98d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.18-scratch AS nats
+FROM nats:2.10.19-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
 FROM alpine:3.20.2 AS janus

From 95e8a461ce01a7814beedeeceb508075c742ab5f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Aug 2024 10:56:03 +0200
Subject: [PATCH 2426/3949] update bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index c1cdc826..6d5a1b0e 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -20,10 +20,11 @@ labels: bug, 0. Needs triage
 ### Actual behavior <!--- Tell us what happens instead -->
 
 
-### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
+### Other information
+#### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
+
+#### Output of `sudo docker info`
 
 #### Docker run command or docker-compose file that you used
 
-#### Nextcloud AIO version <!--- (see Nextcloud AIO interface) -->
-
 #### Other valuable info <!--- (like logs, screenshots & Co.) -->

From 03c900ca093cb55bd2799ad6adf89cfc1b46b009 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Aug 2024 11:01:24 +0200
Subject: [PATCH 2427/3949] mastercontainer: add warning if snap install was
 found

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index f4121c92..f87527cb 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -91,14 +91,21 @@ else
 fi
 
 # Check Storage drivers
-STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
+STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
 if echo "$STORAGE_DRIVER" | grep -q vfs; then
     echo "$STORAGE_DRIVER"
-    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+    print_red "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
 elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
     echo "$STORAGE_DRIVER"
-    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+    print_red "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+fi
+
+# Check if snap install
+if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
+    print_red "Warning: It looks like your installation uses docker installed via snap."
+    print_red "This comes with some limitations and is disrecommended by the docker maintainers."
+    print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
 fi
 
 # Check if startup command was executed correctly

From 2f70096a52c3b5fc0cbe151bc1b982c23152bd4d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Aug 2024 11:17:42 +0200
Subject: [PATCH 2428/3949] migration: add hint that calendar data is excluded
 when only files are migrated

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 migration.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration.md b/migration.md
index b8bf8734..12488b17 100644
--- a/migration.md
+++ b/migration.md
@@ -2,12 +2,12 @@
 
 There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:
 
-1. Migrate only the files which is the easiest way
+1. Migrate only the files which is the easiest way (this excludes all calendar data for example)
 1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
 1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user
 
 ## Migrate only the files 
-**Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well!
+**Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well! (This will also exclude all calendar data for example).
 
 The procedure for migrating only the files works like this:
 1. Take a backup of your former instance (especially from your datadirectory, see `'datadirectory'` in your `config.php`)

From c2744fb788a8469f5b4808ec06fe6a536a86fa81 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 29 Aug 2024 12:02:45 +0000
Subject: [PATCH 2429/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 107 ++++++----------------------------------------
 1 file changed, 13 insertions(+), 94 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 55d02eb6..2021f43b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1554,86 +1554,6 @@
             ],
             "time": "2024-06-19T12:30:46+00:00"
         },
-        {
-            "name": "symfony/polyfill-php80",
-            "version": "v1.30.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/77fa7995ac1b21ab60769b7323d600a991a90433",
-                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=7.1"
-            },
-            "type": "library",
-            "extra": {
-                "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
-                }
-            },
-            "autoload": {
-                "files": [
-                    "bootstrap.php"
-                ],
-                "psr-4": {
-                    "Symfony\\Polyfill\\Php80\\": ""
-                },
-                "classmap": [
-                    "Resources/stubs"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Ion Bazan",
-                    "email": "ion.bazan@gmail.com"
-                },
-                {
-                    "name": "Nicolas Grekas",
-                    "email": "p@tchwork.com"
-                },
-                {
-                    "name": "Symfony Community",
-                    "homepage": "https://symfony.com/contributors"
-                }
-            ],
-            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
-            "homepage": "https://symfony.com",
-            "keywords": [
-                "compatibility",
-                "polyfill",
-                "portable",
-                "shim"
-            ],
-            "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.30.0"
-            },
-            "funding": [
-                {
-                    "url": "https://symfony.com/sponsor",
-                    "type": "custom"
-                },
-                {
-                    "url": "https://github.com/fabpot",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2024-05-31T15:07:36+00:00"
-        },
         {
             "name": "symfony/polyfill-php81",
             "version": "v1.30.0",
@@ -1712,24 +1632,23 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.11.0",
+            "version": "v3.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "e80fb8ebba85c7341a97a9ebf825d7fd4b77708d"
+                "reference": "4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/e80fb8ebba85c7341a97a9ebf825d7fd4b77708d",
-                "reference": "e80fb8ebba85c7341a97a9ebf825d7fd4b77708d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea",
+                "reference": "4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.2.5",
+                "php": ">=8.0.2",
                 "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
                 "symfony/polyfill-mbstring": "^1.3",
-                "symfony/polyfill-php80": "^1.22",
                 "symfony/polyfill-php81": "^1.29"
             },
             "require-dev": {
@@ -1776,7 +1695,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.11.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.12.0"
             },
             "funding": [
                 {
@@ -1788,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-08T16:15:16+00:00"
+            "time": "2024-08-29T09:51:12+00:00"
         }
     ],
     "packages-dev": [
@@ -2781,16 +2700,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.29.1",
+            "version": "1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4"
+                "reference": "5ceb0e384997db59f38774bf79c2a6134252c08f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fcaefacf2d5c417e928405b71b400d4ce10daaf4",
-                "reference": "fcaefacf2d5c417e928405b71b400d4ce10daaf4",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/5ceb0e384997db59f38774bf79c2a6134252c08f",
+                "reference": "5ceb0e384997db59f38774bf79c2a6134252c08f",
                 "shasum": ""
             },
             "require": {
@@ -2822,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.29.1"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.30.0"
             },
-            "time": "2024-05-31T08:52:43+00:00"
+            "time": "2024-08-29T09:54:52+00:00"
         },
         {
             "name": "sebastian/diff",

From 43e1dbb1079f009886de1331e998c16cd22727ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 12:54:32 +0000
Subject: [PATCH 2430/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.1.2-cli to 27.2.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 0d86164c..a19d6454 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.1.2-cli AS docker
+FROM docker:27.2.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 7e8402aeb0d2c38c89f756aaf9f395a784b0bd63 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 14 Aug 2024 13:51:21 +0200
Subject: [PATCH 2431/3949] adjust redis connector to point at correct db-index

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 3 ++-
 Containers/notify-push/start.sh | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8bfc7d6f..fea2ea14 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -5,6 +5,7 @@ ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G
 ENV PHP_MAX_TIME=3600
 ENV SOURCE_LOCATION=/usr/src/nextcloud
+ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
 ENV NEXTCLOUD_VERSION=29.0.4
@@ -131,7 +132,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?auth=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:6379/${REDIS_DB_INDEX}?auth=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 6180162f..1f77b0f1 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -48,9 +48,14 @@ echo "notify-push was started"
 if [ -z "$POSTGRES_PORT" ]; then
     POSTGRES_PORT=5432
 fi
+# Set a default for redis db index
+if [ -z "$REDIS_DB_INDEX" ]; then
+    REDIS_DB_INDEX=0
+fi
+
 # Set sensitive values as env
 export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
+export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \

From da3d20d648ed85785e2b1c74eaa4c48b170b244a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Aug 2024 12:20:07 +0000
Subject: [PATCH 2432/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.6.2.1 to 24.04.7.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 39181a2b..703a89ce 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.6.2.1
+FROM collabora/code:24.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 2d8b8ab542e7605c6d7a9d8ed85f2a4548479a04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Aug 2024 12:50:07 +0000
Subject: [PATCH 2433/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.19-scratch to 2.10.20-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7c5ba98d..36fadc71 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.19-scratch AS nats
+FROM nats:2.10.20-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
 FROM alpine:3.20.2 AS janus

From 91faf2bd34a88743298d5897f0af2e645f435c5b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 Aug 2024 16:56:46 +0200
Subject: [PATCH 2434/3949] nextcloud-entrypoint: remove richdocumentscode if
 installed

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index cc6289c8..f392dac5 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -597,6 +597,10 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         COLLABORA_HOST="$NC_DOMAIN"
     fi
     set +x
+    # Remove richdcoumentscode if it should be incorrectly installed
+    if [ -d "/var/www/html/custom_apps/richdocumentscode" ]; then
+        php /var/www/html/occ app:remove richdocumentscode
+    fi
     if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:install richdocuments
     elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then

From 3ba0995dd7249d922199fad07cecc47b4e3cb52a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 31 Aug 2024 12:02:10 +0000
Subject: [PATCH 2435/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 2021f43b..9ac6cde4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2357,16 +2357,16 @@
         },
         {
             "name": "fidry/cpu-core-counter",
-            "version": "1.1.0",
+            "version": "1.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theofidry/cpu-core-counter.git",
-                "reference": "f92996c4d5c1a696a6a970e20f7c4216200fcc42"
+                "reference": "8520451a140d3f46ac33042715115e290cf5785f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/f92996c4d5c1a696a6a970e20f7c4216200fcc42",
-                "reference": "f92996c4d5c1a696a6a970e20f7c4216200fcc42",
+                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/8520451a140d3f46ac33042715115e290cf5785f",
+                "reference": "8520451a140d3f46ac33042715115e290cf5785f",
                 "shasum": ""
             },
             "require": {
@@ -2406,7 +2406,7 @@
             ],
             "support": {
                 "issues": "https://github.com/theofidry/cpu-core-counter/issues",
-                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.1.0"
+                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.2.0"
             },
             "funding": [
                 {
@@ -2414,7 +2414,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-02-07T09:43:46+00:00"
+            "time": "2024-08-06T10:04:20+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.10",
+            "version": "v6.4.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "504974cbe43d05f83b201d6498c206f16fc0cdbc"
+                "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/504974cbe43d05f83b201d6498c206f16fc0cdbc",
-                "reference": "504974cbe43d05f83b201d6498c206f16fc0cdbc",
+                "url": "https://api.github.com/repos/symfony/console/zipball/42686880adaacdad1835ee8fc2a9ec5b7bd63998",
+                "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.10"
+                "source": "https://github.com/symfony/console/tree/v6.4.11"
             },
             "funding": [
                 {
@@ -3030,7 +3030,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-26T12:30:32+00:00"
+            "time": "2024-08-15T22:48:29+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -3100,16 +3100,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.10",
+            "version": "v6.4.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "af29198d87112bebdd397bd7735fbd115997824c"
+                "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/af29198d87112bebdd397bd7735fbd115997824c",
-                "reference": "af29198d87112bebdd397bd7735fbd115997824c",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/d7eb6daf8cd7e9ac4976e9576b32042ef7253453",
+                "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453",
                 "shasum": ""
             },
             "require": {
@@ -3144,7 +3144,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.10"
+                "source": "https://github.com/symfony/finder/tree/v6.4.11"
             },
             "funding": [
                 {
@@ -3160,7 +3160,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-24T07:06:38+00:00"
+            "time": "2024-08-13T14:27:37+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -3406,16 +3406,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.3",
+            "version": "v7.1.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "ea272a882be7f20cad58d5d78c215001617b7f07"
+                "reference": "6cd670a6d968eaeb1c77c2e76091c45c56bc367b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/ea272a882be7f20cad58d5d78c215001617b7f07",
-                "reference": "ea272a882be7f20cad58d5d78c215001617b7f07",
+                "url": "https://api.github.com/repos/symfony/string/zipball/6cd670a6d968eaeb1c77c2e76091c45c56bc367b",
+                "reference": "6cd670a6d968eaeb1c77c2e76091c45c56bc367b",
                 "shasum": ""
             },
             "require": {
@@ -3473,7 +3473,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.3"
+                "source": "https://github.com/symfony/string/tree/v7.1.4"
             },
             "funding": [
                 {
@@ -3489,7 +3489,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-22T10:25:37+00:00"
+            "time": "2024-08-12T09:59:40+00:00"
         },
         {
             "name": "vimeo/psalm",

From b252bc7730567dadd8202b3b38f6a783de44ff14 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Sep 2024 12:28:17 +0000
Subject: [PATCH 2436/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.2.22-fpm-alpine3.20 to 8.2.23-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index fea2ea14..f6f84d8b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.22-fpm-alpine3.20
+FROM php:8.2.23-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From 52fd6d63c73c016fd7726d9774534a7474826fa3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Sep 2024 13:02:14 +0000
Subject: [PATCH 2437/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.10-fpm-alpine3.20 to 8.3.11-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index a19d6454..12b8da2a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.2.0-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.10-fpm-alpine3.20
+FROM php:8.3.11-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From d791161357adfb4c72c9f4a265420480261f42c8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 3 Sep 2024 12:36:17 +0000
Subject: [PATCH 2438/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f6f84d8b..b228f537 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.4
+ENV NEXTCLOUD_VERSION=29.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From e53ffb85a4006283a4d7bd8120918ef48531ec33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 12:38:38 +0000
Subject: [PATCH 2439/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 1.3.2 to 2.0.0.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 36fadc71..5d697726 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.20-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
 FROM alpine:3.20.2 AS janus
 
 ARG JANUS_VERSION=v0.14.3

From 6737c188a3c7921610e5d88a80b154b4196e46bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 12:45:52 +0000
Subject: [PATCH 2440/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.7.1.1 to 24.04.7.1.2.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 703a89ce..b819ab2b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.7.1.1
+FROM collabora/code:24.04.7.1.2
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 84bbc6d93608b72731ef733d675d9102f7e99ece Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 13:07:52 +0000
Subject: [PATCH 2441/3949] build(deps): bump peter-evans/create-pull-request
 from 6 to 7

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6 to 7.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v6...v7)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index b5f907e9..b131ab58 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index b8d26dbe..85c64a6e 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 6535d016..bbe6cae8 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index fbe362c1..f4bf7198 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 15ea5fad..ee366a64 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 62ee2650..43b37c8f 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -20,7 +20,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index c241708d..93a560fc 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           commit-message: Yaml updates
           signoff: true

From 0be1f9827b9cb37af7c58f62b8196716cba6fd64 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 4 Sep 2024 12:04:31 +0000
Subject: [PATCH 2442/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/server.conf.in | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index b748cacd..85630d5a 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -55,6 +55,15 @@ blockkey = -encryption-key-
 # value as configured in the respective internal services.
 internalsecret = the-shared-secret-for-internal-clients
 
+[federation]
+# If set to "true", certificate validation of federation targets will be skipped.
+# This should only be enabled during development, e.g. to work with self-signed
+# certificates.
+#skipverify = false
+
+# Timeout in seconds for requests to federation targets.
+#timeout = 10
+
 [backend]
 # Type of backend configuration.
 # Defaults to "static".

From 7a3bcc73c6fdce6a12396a3b7768572931504aac Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 16:01:06 +0200
Subject: [PATCH 2443/3949] fix open nextcloud-aio login button

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/public/style.css b/php/public/style.css
index 3d77cdea..f430c9e7 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -149,6 +149,8 @@ select:focus {
     margin-right: auto;
     display: block;
     text-align: center;
+    padding: 0px;
+    align-items: center;
 }
 
 .login-wrapper {

From 0db3f95219ca1990618a609f8ca7167519e27603 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 16:06:20 +0200
Subject: [PATCH 2444/3949] Revert "Nextcloud dependency update"

---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b228f537..f6f84d8b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.6
+ENV NEXTCLOUD_VERSION=29.0.4
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From ba4446f56578508fde2e1b120031c9b09ae39de0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 16:12:53 +0200
Subject: [PATCH 2445/3949] Revert "Revert "Nextcloud dependency update""

---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f6f84d8b..b228f537 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.4
+ENV NEXTCLOUD_VERSION=29.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 4c162237bfb1ea22ea7cd0b191bf50e12eb4a78d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 16:22:08 +0200
Subject: [PATCH 2446/3949] fix styles 2

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index f430c9e7..9af75a0e 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -150,7 +150,7 @@ select:focus {
     display: block;
     text-align: center;
     padding: 0px;
-    align-items: center;
+    align-content: center;
 }
 
 .login-wrapper {

From 2af1eaf20728eb33b0b35ea8f76aa09ac1846949 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 16:23:18 +0200
Subject: [PATCH 2447/3949] nextcloud-entrypoint: maintenance-repair:
 include-expensive

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index f392dac5..0d58d02b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -436,12 +436,14 @@ DATADIR_PERMISSION_CONF
 
             # Apply optimization
             echo "Doing some optimizations..."
-            php /var/www/html/occ maintenance:repair
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
+                php /var/www/html/occ maintenance:repair --include-expensive
                 php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
                 yes | php /var/www/html/occ db:convert-filecache-bigint
+            else
+                php /var/www/html/occ maintenance:repair
             fi
         fi
     fi

From ed857db3c1b914f711044ff2121f38fbb63cf2af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Sep 2024 17:23:49 +0200
Subject: [PATCH 2448/3949] aio-interface: allow to install nc 30 directly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/templates/containers.twig           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 6d55bc94..2d536738 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -173,7 +173,7 @@ class DockerController
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 29;
+            $installLatestMajor = 30;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a95106da..2d630bb4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -31,7 +31,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 30 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From c701ae38f887500405391ab30690ea9e263b91fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 13:04:31 +0000
Subject: [PATCH 2449/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.0.3-alpine to 3.0.4-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 2a0a6a80..0fcff3f5 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.0.3-alpine
+FROM haproxy:3.0.4-alpine
 
 # hadolint ignore=DL3002
 USER root

From e92cbc211b4e13abb407eb704a2fbefb73cd7a95 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 12:12:59 +0000
Subject: [PATCH 2450/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.0-alpine3.20 to 1.23.1-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4ddec533..f094c168 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.0-alpine3.20 AS go
+FROM golang:1.23.1-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From d6dd6140c36f5c5b48de5608f309d782247e9426 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 12:46:09 +0000
Subject: [PATCH 2451/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.15.0 to 8.15.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 9289608d..0aa9bf11 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.15.0
+FROM elasticsearch:8.15.1
 
 USER root
 

From f17a27b80cbab5de9b64798b2f392c1b9d46f88f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 12:57:15 +0000
Subject: [PATCH 2452/3949] build(deps): bump onlyoffice/documentserver in
 /Containers/onlyoffice

Bumps onlyoffice/documentserver from 8.1.1.2 to 8.1.3.2.

---
updated-dependencies:
- dependency-name: onlyoffice/documentserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index e32a0c05..ad694376 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.1.1.2
+FROM onlyoffice/documentserver:8.1.3.2
 
 # USER root is probably used
 

From 26695effa2763bc8bde57e946cc4befc3b1acf44 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 6 Sep 2024 18:40:15 +0200
Subject: [PATCH 2453/3949] update bug report and feature request templates

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md      | 2 +-
 .github/ISSUE_TEMPLATE/Feature_request.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 6d5a1b0e..b7808e1c 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,7 +1,7 @@
 ---
 name: 🐛 Bug report
 about: Help us improving by reporting a bug
-labels: bug, 0. Needs triage
+labels: 0. Needs triage
 ---
 
 <!---
diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md
index e60db836..2cc54fb4 100644
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,7 +1,7 @@
 ---
 name: 📖 Existing feature/documentation enhancement
 about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below
-labels: enhancement, 0. Needs triage
+labels: 0. Needs triage
 ---
 
 <!--- Please fill out the whole template below -->

From 939e5fec8a5dd51e3413385f37e5fb0448a17d47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:36:31 +0000
Subject: [PATCH 2454/3949] build(deps): bump alpine from 3.20.2 to 3.20.3 in
 /Containers/borgbackup

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index d46eda1a..2f54145f 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 
 RUN set -ex; \
     \

From d2e330a78fc755ad942d16b58263fe4e4fce1e77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:39:31 +0000
Subject: [PATCH 2455/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 1dae9f9d..130a0001 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 9f92af0259d16105fa601a476ddd2af58405b50e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:40:01 +0000
Subject: [PATCH 2456/3949] build(deps): bump alpine from 3.20.2 to 3.20.3 in
 /Containers/watchtower

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cacebde7..33e5f6db 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 
 RUN apk upgrade --no-cache -a; \
     apk add --no-cache bash

From 73ef6db4cf5de69901a37fc36bf25febd9cbcd3d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:55:47 +0000
Subject: [PATCH 2457/3949] build(deps): bump alpine from 3.20.2 to 3.20.3 in
 /Containers/imaginary

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4ddec533..0783d977 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From cf70d53c5bfc8a784427e940b2d6c4f92b95e9f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:56:14 +0000
Subject: [PATCH 2458/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 2da52eef..b0fc0fd2 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 347480111670ac6ee37a284128b9dac67df9bdd0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 21:16:39 +0000
Subject: [PATCH 2459/3949] build(deps): bump twig/twig from 3.12.0 to 3.14.0
 in /php

Bumps [twig/twig](https://github.com/twigphp/Twig) from 3.12.0 to 3.14.0.
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](https://github.com/twigphp/Twig/compare/v3.12.0...v3.14.0)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 54 +++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9ac6cde4..7c949864 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1397,20 +1397,20 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.30.0",
+            "version": "v1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "0424dff1c58f028c451efff2045f5d92410bd540"
+                "reference": "a3cc8b044a6ea513310cbd48ef7333b384945638"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/0424dff1c58f028c451efff2045f5d92410bd540",
-                "reference": "0424dff1c58f028c451efff2045f5d92410bd540",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638",
+                "reference": "a3cc8b044a6ea513310cbd48ef7333b384945638",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=7.2"
             },
             "provide": {
                 "ext-ctype": "*"
@@ -1456,7 +1456,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.30.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.31.0"
             },
             "funding": [
                 {
@@ -1472,24 +1472,24 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T15:07:36+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.30.0",
+            "version": "v1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c"
+                "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c",
-                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341",
+                "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=7.2"
             },
             "provide": {
                 "ext-mbstring": "*"
@@ -1536,7 +1536,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.31.0"
             },
             "funding": [
                 {
@@ -1552,24 +1552,24 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-19T12:30:46+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.30.0",
+            "version": "v1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af"
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/3fb075789fb91f9ad9af537c4012d523085bd5af",
-                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=7.2"
             },
             "type": "library",
             "extra": {
@@ -1612,7 +1612,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.30.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0"
             },
             "funding": [
                 {
@@ -1628,20 +1628,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-19T12:30:46+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
         },
         {
             "name": "twig/twig",
-            "version": "v3.12.0",
+            "version": "v3.14.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea"
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea",
-                "reference": "4d19472d4ac1838e0b1f0e029ce1fa4040eb34ea",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
+                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
                 "shasum": ""
             },
             "require": {
@@ -1695,7 +1695,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.12.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.14.0"
             },
             "funding": [
                 {
@@ -1707,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-29T09:51:12+00:00"
+            "time": "2024-09-09T17:55:12+00:00"
         }
     ],
     "packages-dev": [

From 142d3e89972a354f061e78ef729126e8c9082c19 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 10 Sep 2024 10:19:41 +0200
Subject: [PATCH 2460/3949] ci: Update workflows

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .github/workflows/command-rebase.yml | 51 ----------------------------
 1 file changed, 51 deletions(-)
 delete mode 100644 .github/workflows/command-rebase.yml

diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
deleted file mode 100644
index 2a4125d8..00000000
--- a/.github/workflows/command-rebase.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Rebase command
-
-on:
-  issue_comment:
-    types: created
-
-permissions:
-  contents: read
-
-jobs:
-  rebase:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: none
-
-    # On pull requests and if the comment starts with `/rebase`
-    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
-
-    steps:
-      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "+1"
-
-      - name: Checkout the latest code
-        uses: actions/checkout@v4 # v3.5.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
-        env:
-          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        if: failure()
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "-1"

From 473007f4cdc7cd5585c1fe3258c631f00fc1550f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 10 Sep 2024 10:24:09 +0200
Subject: [PATCH 2461/3949] update link to update docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2d630bb4..638b629b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -298,7 +298,7 @@
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
                                 <summary>Note about <strong>Nextcloud {{ newMajorVersion }}</strong></summary>
-                                    <p>If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/4542">this documentation</a></strong></p>
+                                    <p>If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
                                 </details>
                             {% endif %}
                         {% endif %}

From 9d0b52296d115f70f7deb549ba14ccdc62e90b0e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 10 Sep 2024 10:26:18 +0200
Subject: [PATCH 2462/3949] increase to 9.5.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 638b629b..1160551b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <main>
-        <h1>Nextcloud AIO v9.5.0</h1>
+        <h1>Nextcloud AIO v9.5.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From d1125142ccb51c066dd140259eab90c01f82b0b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 12:45:37 +0000
Subject: [PATCH 2463/3949] build(deps): bump alpine from 3.20.2 to 3.20.3 in
 /Containers/talk

Bumps alpine from 3.20.2 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5d697726..b09cd615 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.20-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
-FROM alpine:3.20.2 AS janus
+FROM alpine:3.20.3 AS janus
 
 ARG JANUS_VERSION=v0.14.3
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.20.2
+FROM alpine:3.20.3
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From 0800fd44583b2564630efc75b8eae01bcb0924c8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 12:51:43 +0000
Subject: [PATCH 2464/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.12.5-alpine3.20 to 3.12.6-alpine3.20.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index e13bc9ff..0c98bd59 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.5-alpine3.20
+FROM python:3.12.6-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 

From 147e81c5032bb382eb101522b386b07e2526886b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 12:55:58 +0000
Subject: [PATCH 2465/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.2.0-cli to 27.2.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 12b8da2a..ba818cb3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.2.0-cli AS docker
+FROM docker:27.2.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 5204ea633f0d3cf4b284852a5843f16ea8df5245 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Sep 2024 16:37:59 +0200
Subject: [PATCH 2466/3949] borgbackup: also check for .ncdata

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index f2e9d04e..739d5f16 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -71,8 +71,8 @@ if [ "$BORG_MODE" = backup ]; then
         echo "database-dump is missing. Cannot perform backup!"
         echo "Please check the database container logs!"
         exit 1
-    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ]; then
-        echo "The .ocdata file is missing in Nextcloud datadir which means it is invalid!"
+    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ] && ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ncdata" ]; then
+        echo "The .ncdata or .ocdata file is missing in Nextcloud datadir which means it is invalid!"
         echo "Is the drive where the datadir is located on still mounted?"
         exit 1
     fi

From 4e11ae3d22d481d55516979cb1791eeb6b7d6b29 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Sep 2024 17:15:39 +0200
Subject: [PATCH 2467/3949] readme.md: add section how to contribute

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index dbcf8306..88e4bfba 100644
--- a/readme.md
+++ b/readme.md
@@ -129,6 +129,9 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 ### How does it work?
 Nextcloud AIO is inspired by projects like Portainer that manage the docker daemon by talking to it through the docker socket directly. This concept allows a user to install only one container with a single command that does the heavy lifting of creating and managing all containers that are needed in order to provide a Nextcloud installation with most features included. It also makes updating a breeze and is not bound to the host system (and its slow updates) anymore as everything is in containers. Additionally, it is very easy to handle from a user perspective because a simple interface for managing your Nextcloud AIO installation is provided.
 
+### How to contribute?
+See [this issue](https://github.com/nextcloud/all-in-one/issues/5251) for a list of feature requests that need help by contributors.
+
 ### Are reverse proxies supported?
 Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 

From ad93ccd4767bb50af9cb8d36a503859b597cf3bd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Sep 2024 17:48:02 +0200
Subject: [PATCH 2468/3949] Update link to cc requests

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 0708b60f..83cde58e 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -13,7 +13,7 @@ Afterwards, you might want to add additional community containers to the default
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
 
 ### Is there a list of ideas for new community containers?
-Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
+Yes, see [this list]([https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop](https://github.com/nextcloud/all-in-one/issues/5251)) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
 In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.

From 281c276df08381e7115e2a9fe1d04b4a0a10795f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Sep 2024 17:49:12 +0200
Subject: [PATCH 2469/3949] Fix it

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 83cde58e..0c82d6fe 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -13,7 +13,7 @@ Afterwards, you might want to add additional community containers to the default
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
 
 ### Is there a list of ideas for new community containers?
-Yes, see [this list]([https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22+sort%3Atop](https://github.com/nextcloud/all-in-one/issues/5251)) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
+Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
 In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.

From 7a39ec46c6d87a8504724de93a5c0f8a2b7f5bb2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 12:36:49 +0000
Subject: [PATCH 2470/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.7.1.2 to 24.04.7.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b819ab2b..c67b24d0 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.7.1.2
+FROM collabora/code:24.04.7.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From e8215a112b353d91a72f2979fa7bbcf3e52e2562 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 14 Sep 2024 08:43:13 +0200
Subject: [PATCH 2471/3949] Update update-helm.sh

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index be2d968b..9267ab07 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -103,7 +103,6 @@ cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
           image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
-          {{- end }}
           command:
             - rm
             - "-rf"

From ab1fc6bcbc9008273a84fd6a5421eca9d85dcc04 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 14 Sep 2024 06:44:44 +0000
Subject: [PATCH 2472/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index bb0248fa..84e8591f 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.4.1
+version: 9.5.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index a9c83d3a..2dd3d6d6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240914_063340"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 4592f89e..2ef68d5c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240914_063340"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 06aaffc0..de3103d9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240914_063340"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index cbd61b3c..76e2726b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240914_063340"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index cbbf7168..e9f5b5e8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240914_063340"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 62a6d035..eaab51fe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240914_063340"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 8d526c6e..dd603c2f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -169,7 +169,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240914_063340"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 05585df4..19389991 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240914_063340"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c574d17d..1334e074 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240914_063340"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 55a0952e..985314c8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240914_063340"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b66a1b7d..30e1904d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240914_063340"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 24e6e975..cf5a3424 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240808_083748"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240914_063340"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

From 9982bb2156714c1f8700196553fed91c7f9aedc2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 14 Sep 2024 12:02:46 +0000
Subject: [PATCH 2473/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 88 +++++++++++++++++++++++------------------------
 1 file changed, 44 insertions(+), 44 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7c949864..b866b3bf 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -997,16 +997,16 @@
         },
         {
             "name": "psr/log",
-            "version": "3.0.1",
+            "version": "3.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "79dff0b268932c640297f5208d6298f71855c03e"
+                "reference": "f16e1d5863e37f8d8c2a01719f5b34baa2b714d3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/79dff0b268932c640297f5208d6298f71855c03e",
-                "reference": "79dff0b268932c640297f5208d6298f71855c03e",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/f16e1d5863e37f8d8c2a01719f5b34baa2b714d3",
+                "reference": "f16e1d5863e37f8d8c2a01719f5b34baa2b714d3",
                 "shasum": ""
             },
             "require": {
@@ -1041,9 +1041,9 @@
                 "psr-3"
             ],
             "support": {
-                "source": "https://github.com/php-fig/log/tree/3.0.1"
+                "source": "https://github.com/php-fig/log/tree/3.0.2"
             },
-            "time": "2024-08-21T13:31:24+00:00"
+            "time": "2024-09-11T13:17:53+00:00"
         },
         {
             "name": "ralouphie/getallheaders",
@@ -2418,16 +2418,16 @@
         },
         {
             "name": "netresearch/jsonmapper",
-            "version": "v4.4.1",
+            "version": "v4.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/cweiske/jsonmapper.git",
-                "reference": "132c75c7dd83e45353ebb9c6c9f591952995bbf0"
+                "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/132c75c7dd83e45353ebb9c6c9f591952995bbf0",
-                "reference": "132c75c7dd83e45353ebb9c6c9f591952995bbf0",
+                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8e76efb98ee8b6afc54687045e1b8dba55ac76e5",
+                "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5",
                 "shasum": ""
             },
             "require": {
@@ -2463,9 +2463,9 @@
             "support": {
                 "email": "cweiske@cweiske.de",
                 "issues": "https://github.com/cweiske/jsonmapper/issues",
-                "source": "https://github.com/cweiske/jsonmapper/tree/v4.4.1"
+                "source": "https://github.com/cweiske/jsonmapper/tree/v4.5.0"
             },
-            "time": "2024-01-31T06:18:54+00:00"
+            "time": "2024-09-08T10:13:13+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -2700,16 +2700,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.30.0",
+            "version": "1.30.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "5ceb0e384997db59f38774bf79c2a6134252c08f"
+                "reference": "51b95ec8670af41009e2b2b56873bad96682413e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/5ceb0e384997db59f38774bf79c2a6134252c08f",
-                "reference": "5ceb0e384997db59f38774bf79c2a6134252c08f",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51b95ec8670af41009e2b2b56873bad96682413e",
+                "reference": "51b95ec8670af41009e2b2b56873bad96682413e",
                 "shasum": ""
             },
             "require": {
@@ -2741,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.30.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.30.1"
             },
-            "time": "2024-08-29T09:54:52+00:00"
+            "time": "2024-09-07T20:13:05+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -2886,12 +2886,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/sserbin/twig-linter.git",
-                "reference": "0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb"
+                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb",
-                "reference": "0b7cc4d61b6cf423ec837a0969ea5e0c8f017ddb",
+                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/c4cb0d08c8290d8fed541eb027bd85dba90a5914",
+                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914",
                 "shasum": ""
             },
             "require": {
@@ -2904,7 +2904,7 @@
             "require-dev": {
                 "phpunit/phpunit": "^7.3||^8.2|^9.5",
                 "squizlabs/php_codesniffer": "^3.3",
-                "vimeo/psalm": "^4.7"
+                "vimeo/psalm": "^4.7 || ^5.8"
             },
             "default-branch": true,
             "bin": [
@@ -2934,9 +2934,9 @@
             ],
             "support": {
                 "issues": "https://github.com/sserbin/twig-linter/issues",
-                "source": "https://github.com/sserbin/twig-linter/tree/3.1.0"
+                "source": "https://github.com/sserbin/twig-linter/tree/3.1.1"
             },
-            "time": "2022-06-29T11:06:19+00:00"
+            "time": "2024-09-09T16:51:23+00:00"
         },
         {
             "name": "symfony/console",
@@ -3164,20 +3164,20 @@
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.30.0",
+            "version": "v1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a"
+                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/64647a7c30b2283f5d49b874d84a18fc22054b7a",
-                "reference": "64647a7c30b2283f5d49b874d84a18fc22054b7a",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
+                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=7.2"
             },
             "suggest": {
                 "ext-intl": "For best performance"
@@ -3222,7 +3222,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.30.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.31.0"
             },
             "funding": [
                 {
@@ -3238,24 +3238,24 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T15:07:36+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.30.0",
+            "version": "v1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
-                "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb"
+                "reference": "3833d7255cc303546435cb650316bff708a1c75c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/a95281b0be0d9ab48050ebd988b967875cdb9fdb",
-                "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c",
+                "reference": "3833d7255cc303546435cb650316bff708a1c75c",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=7.2"
             },
             "suggest": {
                 "ext-intl": "For best performance"
@@ -3303,7 +3303,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.30.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.31.0"
             },
             "funding": [
                 {
@@ -3319,7 +3319,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T15:07:36+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
         },
         {
             "name": "symfony/service-contracts",
@@ -3493,16 +3493,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "5.25.0",
+            "version": "5.26.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505"
+                "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/01a8eb06b9e9cc6cfb6a320bf9fb14331919d505",
-                "reference": "01a8eb06b9e9cc6cfb6a320bf9fb14331919d505",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/d747f6500b38ac4f7dfc5edbcae6e4b637d7add0",
+                "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0",
                 "shasum": ""
             },
             "require": {
@@ -3523,7 +3523,7 @@
                 "felixfbecker/language-server-protocol": "^1.5.2",
                 "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0",
                 "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0",
-                "nikic/php-parser": "^4.16",
+                "nikic/php-parser": "^4.17",
                 "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0",
                 "sebastian/diff": "^4.0 || ^5.0 || ^6.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
@@ -3599,7 +3599,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2024-06-16T15:08:35+00:00"
+            "time": "2024-09-08T18:53:08+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 343db3de13837843a2f2ddbb5ffef83c37fe9288 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 14 Sep 2024 12:03:23 +0000
Subject: [PATCH 2474/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5d697726..e077d48f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
 FROM alpine:3.20.2 AS janus
 
-ARG JANUS_VERSION=v0.14.3
+ARG JANUS_VERSION=v0.14.4
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From 8761289d0684bacab7e9d9a2d0394b408849ca90 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 14 Sep 2024 12:09:16 +0000
Subject: [PATCH 2475/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b228f537..1b9d1d0a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.6
+ENV NEXTCLOUD_VERSION=29.0.7
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 50b56ed3636f1b48e578e250b9873b6650f282b7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Sep 2024 12:43:39 +0000
Subject: [PATCH 2476/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.0-1 to 1.4.1-5.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 7e715297..318d4e71 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.0-1
+FROM clamav/clamav:1.4.1-5
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 546f11a654da738da25d39032e841a6d051caaf9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Sep 2024 17:59:15 +0200
Subject: [PATCH 2477/3949] add whiteboard container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml                        |  9 ++++
 Containers/apache/Caddyfile                   |  6 +++
 Containers/nextcloud/entrypoint.sh            | 17 +++++++
 Containers/whiteboard/Dockerfile              |  8 ++++
 Containers/whiteboard/start.sh                | 19 ++++++++
 php/containers.json                           | 46 +++++++++++++++++--
 php/public/disable-whiteboard.js              |  5 ++
 php/public/index.php                          |  1 +
 php/public/options-form-submit.js             |  4 ++
 php/src/ContainerDefinitionFetcher.php        |  8 ++++
 .../Controller/ConfigurationController.php    |  5 ++
 php/src/Data/ConfigurationManager.php         | 15 ++++++
 php/src/Docker/DockerActionManager.php        |  6 +++
 php/templates/containers.twig                 |  6 +++
 14 files changed, 151 insertions(+), 4 deletions(-)
 create mode 100644 Containers/whiteboard/Dockerfile
 create mode 100644 Containers/whiteboard/start.sh
 create mode 100644 php/public/disable-whiteboard.js

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 16e7a8a1..1fb20f98 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -183,3 +183,12 @@ updates:
   labels:
   - 3. to review
   - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/whiteboard"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 8e7e4a21..d635f329 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -51,6 +51,12 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
         reverse_proxy {$TALK_HOST}:8081
     }
 
+    # Whiteboard
+    route /whiteboard/* {
+        uri strip_prefix /whiteboard
+        reverse_proxy {$WHITEBOARD_HOST}:3002
+    }
+
     # Nextcloud
     route {
         header Strict-Transport-Security max-age=31536000;
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 0d58d02b..c092d4bf 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -851,5 +851,22 @@ else
     fi
 fi
 
+# Whiteboard app
+if [ "$WHITEBOARD_ENABLED" = 'yes' ]; then
+    if ! [ -d "/var/www/html/custom_apps/whiteboard" ]; then
+        php /var/www/html/occ app:install whiteboard
+    elif [ "$(php /var/www/html/occ config:app:get whiteboard enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable whiteboard
+        php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
+        php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update whiteboard
+    fi
+else
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/whiteboard" ]; then
+        php /var/www/html/occ app:remove whiteboard
+    fi
+fi
+
 # Remove the update skip file always
 rm -f "$NEXTCLOUD_DATA_DIR"/skip.update
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
new file mode 100644
index 00000000..d854f53e
--- /dev/null
+++ b/Containers/whiteboard/Dockerfile
@@ -0,0 +1,8 @@
+# syntax=docker/dockerfile:latest
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.1
+
+COPY --chmod=775 start.sh /start.sh
+
+ENTRYPOINT ["/start.sh"]
+
+LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
new file mode 100644
index 00000000..73a6dd18
--- /dev/null
+++ b/Containers/whiteboard/start.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Only start container if nextcloud is accessible
+while ! nc -z "$REDIS_HOST" 6379; do
+    echo "Waiting for redis to start..."
+    sleep 5
+done
+
+# Set a default for redis db index
+if [ -z "$REDIS_DB_INDEX" ]; then
+    REDIS_DB_INDEX=0
+fi
+
+export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+
+# Run it
+npm run server:start
+
+exec "$@"
diff --git a/php/containers.json b/php/containers.json
index 4d447d83..89d23679 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -8,7 +8,8 @@
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
         "nextcloud-aio-nextcloud",
-        "nextcloud-aio-notify-push"
+        "nextcloud-aio-notify-push",
+        "nextcloud-aio-whiteboard"
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
@@ -37,7 +38,8 @@
         "TZ=%TIMEZONE%",
         "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
         "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
-        "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push"
+        "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push",
+        "WHITEBOARD_HOST=nextcloud-aio-whiteboard"
       ],
       "volumes": [
         {
@@ -148,7 +150,8 @@
         "TURN_SECRET",
         "SIGNALING_SECRET",
         "FULLTEXTSEARCH_PASSWORD",
-        "IMAGINARY_SECRET"
+        "IMAGINARY_SECRET",
+        "WHITEBOARD_SECRET"
       ],
       "volumes": [
         {
@@ -224,7 +227,9 @@
         "APACHE_PORT=%APACHE_PORT%",
         "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
         "THIS_IS_AIO=true",
-        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%",
+        "WHITEBOARD_SECRET=%WHITEBOARD_SECRET%",
+        "WHITEBOARD_ENABLED=%WHITEBOARD_ENABLED%"
       ],
       "stop_grace_period": 600,
       "restart": "unless-stopped",
@@ -746,6 +751,39 @@
       "cap_drop": [
         "NET_RAW"
       ]
+    },
+    {
+      "container_name": "nextcloud-aio-whiteboard",
+      "image_tag": "%AIO_CHANNEL%",
+      "display_name": "Whiteboard",
+      "image": "nextcloud/aio-whiteboard",
+      "init": true,
+      "expose": [
+        "3002"
+      ],
+      "internal_port": "3002",
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "NEXTCLOUD_URL=https://%NC_DOMAIN%",
+        "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
+        "STORAGE_STRATEGY=redis",
+        "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+      ],
+      "secrets": [
+        "WHITEBOARD_SECRET",
+        "REDIS_PASSWORD"
+      ],
+      "restart": "unless-stopped",
+      "profiles": [
+        "whiteboard"
+      ],
+      "networks": [
+        "nextcloud-aio"
+      ],
+      "cap_drop": [
+        "NET_RAW"
+      ]
     }
   ]
 }
diff --git a/php/public/disable-whiteboard.js b/php/public/disable-whiteboard.js
new file mode 100644
index 00000000..50e1215d
--- /dev/null
+++ b/php/public/disable-whiteboard.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Whiteboard
+    let whiteboard = document.getElementById("whiteboard");
+    whiteboard.disabled = true;
+});
diff --git a/php/public/index.php b/php/public/index.php
index 1c997f3b..9614419e 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -125,6 +125,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
+        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),        
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index 1b70df98..52f3ca74 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -66,4 +66,8 @@ document.addEventListener("DOMContentLoaded", function(event) {
         dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
         // dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
     }
+
+    // Whiteboard
+    let whiteboard = document.getElementById("whiteboard");
+    whiteboard.addEventListener('change', makeOptionsFormSubmitVisible);
 });
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 57ccd205..1cd4b17c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -95,6 +95,10 @@ class ContainerDefinitionFetcher
                 if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
                     continue;
                 }
+            } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') {
+                if (!$this->configurationManager->isWhiteboardEnabled()) {
+                    continue;
+                }
             }
 
             $ports = new ContainerPorts();
@@ -200,6 +204,10 @@ class ContainerDefinitionFetcher
                         if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
                             continue;
                         }
+                    } elseif ($value === 'nextcloud-aio-whiteboard') {
+                        if (!$this->configurationManager->isWhiteboardEnabled()) {
+                            continue;
+                        }
                     }
                     $dependsOn[] = $value;
                 }
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index e786697a..835d7b62 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -120,6 +120,11 @@ class ConfigurationController
                 } else {
                     $this->configurationManager->SetDockerSocketProxyEnabledState(0);
                 }
+                if (isset($request->getParsedBody()['whiteboard'])) {
+                    $this->configurationManager->SetWhiteboardEnabledState(1);
+                } else {
+                    $this->configurationManager->SetWhiteboardEnabledState(0);
+                }
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b2093839..527904fb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,6 +164,21 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    public function isWhiteboardEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetWhiteboardEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isWhiteboardEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
     public function SetClamavEnabledState(int $value) : void {
         $config = $this->GetConfig();
         $config['isClamavEnabled'] = $value;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8b2e8a3e..6bb7f70e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -417,6 +417,12 @@ class DockerActionManager
                     if (in_array('caddy', $communityContainers, true)) {
                         $replacements[1] = gethostbyname('nextcloud-aio-caddy');
                     }
+                } elseif ($out[1] === 'WHITEBOARD_ENABLED') {
+                    if ($this->configurationManager->isWhiteboardEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1160551b..3a2eceb0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -597,6 +597,11 @@
                         {% else %}
                             <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
                         {% endif %}
+                        {% if is_whiteboard_enabled == true %}
+                            <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
+                        {% else %}
+                            <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
+                        {% endif %}
                         <input id="options-form-submit" type="submit" value="Save changes" />
                         <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
@@ -612,6 +617,7 @@
                         <script type="text/javascript" src="disable-imaginary.js"></script>
                         <script type="text/javascript" src="disable-fulltextsearch.js"></script>
                         <script type="text/javascript" src="disable-talk-recording.js"></script>
+                        <script type="text/javascript" src="disable-whiteboard.js"></script>
                     {% endif %}
 
                     {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}

From 2ed94446d7c12f12111b897afc9ac2958ae503c1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Sep 2024 18:05:46 +0200
Subject: [PATCH 2478/3949] add whiteboard also to manual-install readme

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 26e802e9..26aaabf1 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -30,9 +30,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
 Now you should be ready to go with `sudo docker compose up`.
 
 ## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
 
-For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).
+For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64).
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.

From 3218e429ec457107543bba9dfe5b30786c56282e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Sep 2024 18:08:35 +0200
Subject: [PATCH 2479/3949] add whiteboard to readme

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.md b/readme.md
index 88e4bfba..e02f03ea 100644
--- a/readme.md
+++ b/readme.md
@@ -11,6 +11,8 @@ Included are:
 - Imaginary (optional, for previews of heic, heif, illustrator, pdf, svg, tiff and webp)
 - ClamAV (optional, Antivirus backend for Nextcloud)
 - Fulltextsearch (optional)
+- Whiteboard (optional)
+- Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi))
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance

From f803cea6f163f0e3154e5a7ab0d9a0512ef7c106 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 17 Sep 2024 04:09:35 +0000
Subject: [PATCH 2480/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 7bf39a80..5c064bb4 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.25.0@01a8eb06b9e9cc6cfb6a320bf9fb14331919d505"/>
+<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"/>

From 8d062f7461aac8a35be672ba6d330784299863d8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 10:10:54 +0200
Subject: [PATCH 2481/3949] use exec for npm run

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/start.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 73a6dd18..8816ee7f 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -14,6 +14,4 @@ fi
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
-npm run server:start
-
-exec "$@"
+exec npm run server:start

From a2f7a221d7f9e85b27dd87422ef768003005c2cd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 10:18:35 +0200
Subject: [PATCH 2482/3949] increase to 9.6.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 3a2eceb0..586857de 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <main>
-        <h1>Nextcloud AIO v9.5.1</h1>
+        <h1>Nextcloud AIO v9.6.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From f529714a073a03c2af91a7e1eaf5b6c0d1d1aa6e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 10:35:54 +0200
Subject: [PATCH 2483/3949] fix whiteboard container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/watchtower/Dockerfile | 3 ++-
 Containers/whiteboard/Dockerfile | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 33e5f6db..076cb0d5 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -4,7 +4,8 @@ FROM containrrr/watchtower:1.7.1 AS watchtower
 
 FROM alpine:3.20.3
 
-RUN apk upgrade --no-cache -a; \
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache bash
 
 COPY --from=watchtower /watchtower /watchtower
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index d854f53e..ceec39d7 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,10 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.1
 
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache bash
+
 COPY --chmod=775 start.sh /start.sh
 
 ENTRYPOINT ["/start.sh"]

From 2aa8aa7dda57318b43f9b90d137910a0a5333713 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 10:40:03 +0200
Subject: [PATCH 2484/3949] change to root user to install bash

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index ceec39d7..db6a7ef6 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,9 +1,11 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.1
 
+USER root
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash
+USER nobody
 
 COPY --chmod=775 start.sh /start.sh
 

From 6d6f50c9662b6ac2faed908969a788f129648874 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 10:43:22 +0200
Subject: [PATCH 2485/3949] always configure whiteboard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c092d4bf..1abbcd5e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -857,11 +857,11 @@ if [ "$WHITEBOARD_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:install whiteboard
     elif [ "$(php /var/www/html/occ config:app:get whiteboard enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable whiteboard
-        php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
-        php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update whiteboard
     fi
+    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
+    php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/whiteboard" ]; then
         php /var/www/html/occ app:remove whiteboard

From 2faf4f2452115d52b99a6507ce61a547dd694c8d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 11:43:44 +0200
Subject: [PATCH 2486/3949] whiteboard needs to have a trailing slash

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1abbcd5e..ac3044b9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -860,7 +860,7 @@ if [ "$WHITEBOARD_ENABLED" = 'yes' ]; then
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update whiteboard
     fi
-    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
+    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard/"
     php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/whiteboard" ]; then

From e09aacd29e5ca1aca3a8f04d4b1a52230cd285e5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 11:44:17 +0200
Subject: [PATCH 2487/3949] Revert "whiteboard needs to have a trailing slash"

This reverts commit 2faf4f2452115d52b99a6507ce61a547dd694c8d.
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ac3044b9..1abbcd5e 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -860,7 +860,7 @@ if [ "$WHITEBOARD_ENABLED" = 'yes' ]; then
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update whiteboard
     fi
-    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard/"
+    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
     php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/whiteboard" ]; then

From 89984e6c92a0e735e2161910eb78ccc96ff649b7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Sep 2024 12:11:44 +0200
Subject: [PATCH 2488/3949] whiteboard: make the container read-only

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/containers.json b/php/containers.json
index 89d23679..a107df84 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -778,6 +778,7 @@
       "profiles": [
         "whiteboard"
       ],
+      "read_only": true,
       "networks": [
         "nextcloud-aio"
       ],

From abcf8bfeb9155da7518c79b81f6b37b11ef175c5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 18 Sep 2024 12:06:06 +0000
Subject: [PATCH 2489/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index b866b3bf..e8aaf0be 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2469,16 +2469,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v4.19.1",
+            "version": "v4.19.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b"
+                "reference": "0ed4c8949a32986043e977dbe14776c14d644c45"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/4e1b88d21c69391150ace211e9eaf05810858d0b",
-                "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/0ed4c8949a32986043e977dbe14776c14d644c45",
+                "reference": "0ed4c8949a32986043e977dbe14776c14d644c45",
                 "shasum": ""
             },
             "require": {
@@ -2519,9 +2519,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.1"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.2"
             },
-            "time": "2024-03-17T08:10:35+00:00"
+            "time": "2024-09-17T19:36:00+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From eacca1ad5e1970e538d18cf65e52fcc61876c663 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 13:29:37 +0000
Subject: [PATCH 2490/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.0.1 to v1.0.2.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index db6a7ef6..1ab6d7d6 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.2
 
 USER root
 RUN set -ex; \

From 24357e34b2af70c746dd62707e80a5c046579c9f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 19 Sep 2024 10:51:07 +0200
Subject: [PATCH 2491/3949] aio-interface: setup.twig: remove whitespace after
 br, before span tag

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/setup.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 3ec51881..9f75fdf7 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -7,7 +7,7 @@
             <h1>All-in-One setup</h1>
             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
-            <strong>Passphrase</strong><br/> <span class="monospace">{{ password }}</span><br>
+            <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
         </div>
     </div>

From 3a8db483223e14faabc10503a8964ddd3272bda2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 19 Sep 2024 14:36:54 +0200
Subject: [PATCH 2492/3949] docs: remove hint that network_mode host does not
 work on Docker Desktop

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/dlna/readme.md     | 1 -
 community-containers/fail2ban/readme.md | 1 -
 community-containers/jellyfin/readme.md | 1 -
 community-containers/npmplus/readme.md  | 1 -
 community-containers/plex/readme.md     | 1 -
 5 files changed, 5 deletions(-)

diff --git a/community-containers/dlna/readme.md b/community-containers/dlna/readme.md
index 7a041b5e..47502dc8 100644
--- a/community-containers/dlna/readme.md
+++ b/community-containers/dlna/readme.md
@@ -3,7 +3,6 @@ This container bundles DLNA server for your Nextcloud files to be accessible by
 
 ### Notes
 - This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
-- This is not working with Docker Desktop since it requires the `host` networking mode in docker, and it doesn't really share the host's network interfaces in this system
 - If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index a3d5aca2..9725251c 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -2,7 +2,6 @@
 This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
 
 ### Notes
-- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
 - If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
index f744069b..b277ab46 100644
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -3,7 +3,6 @@ This container bundles Jellyfin and auto-configures it for you.
 
 ### Notes
 - This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
-- This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
 - This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
 - In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
index 654296eb..538e511a 100644
--- a/community-containers/npmplus/readme.md
+++ b/community-containers/npmplus/readme.md
@@ -3,7 +3,6 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 
 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
-- Only works on linux since it uses network mode host
 - You can ignore the NPM configuration of the reverse-proxy.md. The NPMplus fork already contains the changes of the advanced tab.
 - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
 - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
diff --git a/community-containers/plex/readme.md b/community-containers/plex/readme.md
index c9553645..7f8434ab 100644
--- a/community-containers/plex/readme.md
+++ b/community-containers/plex/readme.md
@@ -4,7 +4,6 @@ This container bundles Plex and auto-configures it for you.
 ### Notes
 - This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
 - This is not working on arm64 since Plex does only provide x64 docker images.
-- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
 - After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account

From 56f6934263282b555fb4f8ed23ad7ba3e55a2cc4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 19 Sep 2024 14:55:31 +0200
Subject: [PATCH 2493/3949] readme: update screenshots

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e02f03ea..ad6ccc68 100644
--- a/readme.md
+++ b/readme.md
@@ -77,7 +77,7 @@ Included are:
 ## Screenshots
 | First setup | After installation |
 |---|---|
-| ![image](https://user-images.githubusercontent.com/42591237/232849125-30e24c85-bfd7-465e-8310-9b69cd9666fe.png) | ![image](https://user-images.githubusercontent.com/42591237/232849036-28c38d9a-3151-4cf1-97a5-4d94c1f0eba0.png) |
+| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/5f510667-a172-4841-b916-89025debef3a) |
 
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).

From 8e24b06d06f2709814816ef6a1f86783cfbed919 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 20 Sep 2024 12:09:05 +0000
Subject: [PATCH 2494/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml  | 27 +++++++++++++++++++++++++++
 manual-install/sample.conf |  2 ++
 2 files changed, 29 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f92f0288..e5d876ca 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -16,6 +16,9 @@ services:
       nextcloud-aio-notify-push:
         condition: service_started
         required: false
+      nextcloud-aio-whiteboard:
+        condition: service_started
+        required: false
     image: nextcloud/aio-apache:latest
     init: true
     ports:
@@ -33,6 +36,7 @@ services:
       - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
+      - WHITEBOARD_HOST=nextcloud-aio-whiteboard
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -152,6 +156,8 @@ services:
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
       - APACHE_PORT=${APACHE_PORT}
       - IMAGINARY_SECRET=${IMAGINARY_SECRET}
+      - WHITEBOARD_SECRET=${WHITEBOARD_SECRET}
+      - WHITEBOARD_ENABLED=${WHITEBOARD_ENABLED}
     stop_grace_period: 600s
     restart: unless-stopped
     networks:
@@ -369,6 +375,27 @@ services:
     cap_drop:
       - NET_RAW
 
+  nextcloud-aio-whiteboard:
+    image: nextcloud/aio-whiteboard:latest
+    init: true
+    expose:
+      - "3002"
+    environment:
+      - TZ=${TIMEZONE}
+      - NEXTCLOUD_URL=https://${NC_DOMAIN}
+      - JWT_SECRET_KEY=${WHITEBOARD_SECRET}
+      - STORAGE_STRATEGY=redis
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+    restart: unless-stopped
+    profiles:
+      - whiteboard
+    read_only: true
+    networks:
+      - nextcloud-aio
+    cap_drop:
+      - NET_RAW
+
 volumes:
   nextcloud_aio_apache:
     name: nextcloud_aio_apache
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 1f4e6b48..e75f5b1e 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -10,6 +10,7 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_INTERNAL_SECRET=          # TODO! This needs to be a unique and good password!
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
+WHITEBOARD_SECRET=          # TODO! This needs to be a unique and good password!
 
 CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
@@ -18,6 +19,7 @@ IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables th
 ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+WHITEBOARD_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT

From cded2dbb8632048c384af5325a3cda8f59fc5a35 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Sep 2024 12:49:59 +0000
Subject: [PATCH 2495/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.0.4-alpine to 3.0.5-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 0fcff3f5..a6e2a10c 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.0.4-alpine
+FROM haproxy:3.0.5-alpine
 
 # hadolint ignore=DL3002
 USER root

From c46b6b13a7a7fdf0d4cd9afdcd9db98b7d3ac85f Mon Sep 17 00:00:00 2001
From: Basti Qdoba <sebastian.chudoba@googlemail.com>
Date: Sat, 21 Sep 2024 13:26:49 +0200
Subject: [PATCH 2496/3949] Update containers.json

correct FULLTEXTSEARCH_HOST resolution to get the fulltextsearch container connect to the right network and the nextcloud container, fixes https://github.com/nextcloud/fulltextsearch/issues/831

Signed-off-by: Basti Qdoba <sebastian.chudoba@googlemail.com>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index a107df84..b41db30c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -211,7 +211,7 @@
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
-        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch.nextcloud-aio",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",

From a319a671344c43c019e34879f52395c635c905e4 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 22 Sep 2024 12:02:44 +0000
Subject: [PATCH 2497/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 64 +++++++++++++--------------
 2 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ba818cb3..36d86719 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -42,7 +42,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.24; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index e8aaf0be..858a696b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2025,24 +2025,24 @@
         },
         {
             "name": "composer/semver",
-            "version": "3.4.2",
+            "version": "3.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/semver.git",
-                "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6"
+                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/semver/zipball/c51258e759afdb17f1fd1fe83bc12baaef6309d6",
-                "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6",
+                "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
+                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
                 "shasum": ""
             },
             "require": {
                 "php": "^5.3.2 || ^7.0 || ^8.0"
             },
             "require-dev": {
-                "phpstan/phpstan": "^1.4",
-                "symfony/phpunit-bridge": "^4.2 || ^5"
+                "phpstan/phpstan": "^1.11",
+                "symfony/phpunit-bridge": "^3 || ^7"
             },
             "type": "library",
             "extra": {
@@ -2086,7 +2086,7 @@
             "support": {
                 "irc": "ircs://irc.libera.chat:6697/composer",
                 "issues": "https://github.com/composer/semver/issues",
-                "source": "https://github.com/composer/semver/tree/3.4.2"
+                "source": "https://github.com/composer/semver/tree/3.4.3"
             },
             "funding": [
                 {
@@ -2102,7 +2102,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-12T11:35:52+00:00"
+            "time": "2024-09-19T14:15:21+00:00"
         },
         {
             "name": "composer/xdebug-handler",
@@ -2700,16 +2700,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.30.1",
+            "version": "1.31.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "51b95ec8670af41009e2b2b56873bad96682413e"
+                "reference": "249f15fb843bf240cf058372dad29e100cee6c17"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51b95ec8670af41009e2b2b56873bad96682413e",
-                "reference": "51b95ec8670af41009e2b2b56873bad96682413e",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/249f15fb843bf240cf058372dad29e100cee6c17",
+                "reference": "249f15fb843bf240cf058372dad29e100cee6c17",
                 "shasum": ""
             },
             "require": {
@@ -2741,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.30.1"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.31.0"
             },
-            "time": "2024-09-07T20:13:05+00:00"
+            "time": "2024-09-22T11:32:18+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.11",
+            "version": "v6.4.12",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998"
+                "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/42686880adaacdad1835ee8fc2a9ec5b7bd63998",
-                "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998",
+                "url": "https://api.github.com/repos/symfony/console/zipball/72d080eb9edf80e36c19be61f72c98ed8273b765",
+                "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.11"
+                "source": "https://github.com/symfony/console/tree/v6.4.12"
             },
             "funding": [
                 {
@@ -3030,20 +3030,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-15T22:48:29+00:00"
+            "time": "2024-09-20T08:15:52+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.1.2",
+            "version": "v7.1.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "92a91985250c251de9b947a14bb2c9390b1a562c"
+                "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/92a91985250c251de9b947a14bb2c9390b1a562c",
-                "reference": "92a91985250c251de9b947a14bb2c9390b1a562c",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/61fe0566189bf32e8cfee78335d8776f64a66f5a",
+                "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a",
                 "shasum": ""
             },
             "require": {
@@ -3080,7 +3080,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.1.2"
+                "source": "https://github.com/symfony/filesystem/tree/v7.1.5"
             },
             "funding": [
                 {
@@ -3096,7 +3096,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-28T10:03:55+00:00"
+            "time": "2024-09-17T09:16:35+00:00"
         },
         {
             "name": "symfony/finder",
@@ -3406,16 +3406,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.4",
+            "version": "v7.1.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "6cd670a6d968eaeb1c77c2e76091c45c56bc367b"
+                "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/6cd670a6d968eaeb1c77c2e76091c45c56bc367b",
-                "reference": "6cd670a6d968eaeb1c77c2e76091c45c56bc367b",
+                "url": "https://api.github.com/repos/symfony/string/zipball/d66f9c343fa894ec2037cc928381df90a7ad4306",
+                "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306",
                 "shasum": ""
             },
             "require": {
@@ -3473,7 +3473,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.4"
+                "source": "https://github.com/symfony/string/tree/v7.1.5"
             },
             "funding": [
                 {
@@ -3489,7 +3489,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-12T09:59:40+00:00"
+            "time": "2024-09-20T08:28:38+00:00"
         },
         {
             "name": "vimeo/psalm",

From 70d166fc03b1a03bf227c1670fb801cfc2f5e88a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 22 Sep 2024 12:09:30 +0000
Subject: [PATCH 2498/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1b9d1d0a..25b929a2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -79,7 +79,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install igbinary-3.2.16; \ 
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.24; \
     pecl install memcached-3.2.0 \
         --configureoptions 'enable-memcached-igbinary="yes"'; \
     pecl install redis-6.0.2 \

From 42ab59dfe2786e0487d47681cd80fada49d68084 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 13:07:51 +0000
Subject: [PATCH 2499/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.2.1-cli to 27.3.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ba818cb3..403e8c82 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.2.1-cli AS docker
+FROM docker:27.3.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From e52e5df09b5e5c3ed900f7c7dac76c8c692579e5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 23 Sep 2024 17:32:57 +0200
Subject: [PATCH 2500/3949] helm: adjust initcontainer: use fixed alpine tag

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml |  2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml |  4 ++--
 .../nextcloud-aio-database-deployment.yaml         |  4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml        |  4 ++--
 .../nextcloud-aio-notify-push-deployment.yaml      |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml       |  2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml  |  2 +-
 nextcloud-aio-helm-chart/update-helm.sh            | 14 +++++++-------
 9 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 2dd3d6d6..724f69d3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2ef68d5c..87896471 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - mkdir
             - "-p"
@@ -36,7 +36,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chown
             - 100:100
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 76e2726b..e34ad74e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - mkdir
             - "-p"
@@ -38,7 +38,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chown
             - 999:999
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index e9f5b5e8..dc0991e8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index dd603c2f..d5447ac5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - rm
             - "-rf"
@@ -36,7 +36,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 19389991..523031f0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1334e074..f78a8fda 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 985314c8..0def6e59 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9267ab07..31111b71 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -59,7 +59,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"
@@ -68,14 +68,14 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
           volumeMountsInitContainer:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chown
             - 999:999
@@ -85,14 +85,14 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
           volumeMountsInitContainer:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chown
             - 100:100
@@ -102,14 +102,14 @@ EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - rm
             - "-rf"
             - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
           command:
             - chmod
             - "777"

From af72da74f03c90f15e351206c614056d61d4b6b5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 24 Sep 2024 15:36:51 +0200
Subject: [PATCH 2501/3949] aio-interface: use Nextcloud Hub naming scheme

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 586857de..561e304d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -297,8 +297,8 @@
                             <p>Your containers are up-to-date.</p>
                             {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                 <details>
-                                <summary>Note about <strong>Nextcloud {{ newMajorVersion }}</strong></summary>
-                                    <p>If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
+                                <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
+                                    <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
                                 </details>
                             {% endif %}
                         {% endif %}
@@ -343,7 +343,7 @@
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     {% if newMajorVersion != '' %}
-                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud {{ newMajorVersion }} (if unchecked, Nextcloud {{ newMajorVersion - 1 }} will get installed)</label><br>
+                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersion - 21 }} (if unchecked, Nextcloud Hub {{ newMajorVersion - 22 }} will get installed)</label><br>
                                     {% endif %}
                                     <input type="submit" value="Download and start containers" />
                                 </form>

From 8b19e456fe5519c152dc4aecc05f09990a330033 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 25 Sep 2024 09:54:12 +0200
Subject: [PATCH 2502/3949] dependabot: condense docker update list

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 179 +++++------------------------------------
 1 file changed, 19 insertions(+), 160 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1fb20f98..a1bb01e2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,7 +16,25 @@ updates:
   - 3. to review
   - dependencies
 - package-ecosystem: "docker"
-  directory: "/Containers/apache"
+  directories:
+    - "/Containers/apache"
+    - "/Containers/borgbackup"
+    - "/Containers/clamav"
+    - "/Containers/collabora"
+    - "/Containers/docker-socket-proxy"
+    - "/Containers/domaincheck"
+    - "/Containers/fulltextsearch"
+    - "/Containers/imaginary"
+    - "/Containers/mastercontainer"
+    - "/Containers/nextcloud"
+    - "/Containers/notify-push"
+    - "/Containers/onlyoffice"
+    - "/Containers/postgresql"
+    - "/Containers/redis"
+    - "/Containers/talk"
+    - "/Containers/talk-recording"
+    - "/Containers/watchtower"
+    - "/Containers/whiteboardy"
   schedule:
     interval: "daily"
     time: "12:00"
@@ -24,171 +42,12 @@ updates:
   labels:
   - 3. to review
   - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/borgbackup"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/collabora"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/domaincheck"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/mastercontainer"
-  schedule:
-    interval: "daily"
-    time: "12:00"
   ignore:
     - dependency-name: "php"
       update-types: ["version-update:semver-major", "version-update:semver-minor"]
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/nextcloud"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  ignore:
-    - dependency-name: "php"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/postgresql"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  ignore:
     - dependency-name: "postgres"
       update-types: ["version-update:semver-major"]
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/redis"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  ignore:
     - dependency-name: "redis"
       update-types: ["version-update:semver-major", "version-update:semver-minor"]
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/talk"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/talk-recording"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/watchtower"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/clamav"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/onlyoffice"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/imaginary"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/fulltextsearch"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  ignore:
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/notify-push"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/docker-socket-proxy"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
-- package-ecosystem: "docker"
-  directory: "/Containers/whiteboard"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies

From 848195c8fa029c2dfcf516397f46a5d90e2b9a49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 25 Sep 2024 10:07:33 +0200
Subject: [PATCH 2503/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a1bb01e2..8e4bd202 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -34,7 +34,7 @@ updates:
     - "/Containers/talk"
     - "/Containers/talk-recording"
     - "/Containers/watchtower"
-    - "/Containers/whiteboardy"
+    - "/Containers/whiteboard"
   schedule:
     interval: "daily"
     time: "12:00"

From f8dd3abd2023ce7ab0bc06c84b38c67a50c57544 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 25 Sep 2024 10:12:26 +0200
Subject: [PATCH 2504/3949] dependabot: adjust time to 04:00

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8e4bd202..dc4b2021 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -37,7 +37,7 @@ updates:
     - "/Containers/whiteboard"
   schedule:
     interval: "daily"
-    time: "12:00"
+    time: "04:00"
   open-pull-requests-limit: 10
   labels:
   - 3. to review

From c4d4aad4159180f413d7df2ca49f200a254bc395 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 25 Sep 2024 08:14:31 +0000
Subject: [PATCH 2505/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      |  4 +-
 .../nextcloud-aio-clamav-deployment.yaml      |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml   |  2 +-
 .../nextcloud-aio-database-deployment.yaml    |  2 +-
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  6 ++-
 .../nextcloud-aio-notify-push-deployment.yaml |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  2 +-
 .../nextcloud-aio-redis-deployment.yaml       |  2 +-
 .../nextcloud-aio-talk-deployment.yaml        |  2 +-
 ...xtcloud-aio-talk-recording-deployment.yaml |  2 +-
 .../nextcloud-aio-whiteboard-deployment.yaml  | 48 +++++++++++++++++++
 .../nextcloud-aio-whiteboard-service.yaml     | 20 ++++++++
 nextcloud-aio-helm-chart/values.yaml          |  2 +
 16 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 84e8591f..655b0e57 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.5.1
+version: 9.6.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 2dd3d6d6..9fe50e25 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -62,7 +62,9 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240914_063340"
+            - name: WHITEBOARD_HOST
+              value: nextcloud-aio-whiteboard
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240925_080419"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2ef68d5c..75908aa0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240925_080419"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index de3103d9..c349aaff 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240925_080419"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 76e2726b..7e1643ae 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240925_080419"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index e9f5b5e8..9374c201 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240925_080419"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index eaab51fe..20421b54 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240925_080419"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index dd603c2f..9d4721e8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -169,7 +169,11 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240914_063340"
+            - name: WHITEBOARD_ENABLED
+              value: "{{ .Values.WHITEBOARD_ENABLED }}"
+            - name: WHITEBOARD_SECRET
+              value: "{{ .Values.WHITEBOARD_SECRET }}"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240925_080419"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 19389991..901aecfe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240925_080419"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1334e074..e60c2cb6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240925_080419"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 985314c8..972697a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240925_080419"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 30e1904d..d699cf03 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240925_080419"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index cf5a3424..6dbd02d5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240914_063340"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240925_080419"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
new file mode 100755
index 00000000..f0c022da
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -0,0 +1,48 @@
+{{- if eq .Values.WHITEBOARD_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
+    kompose.version: 1.34.0 (cbf2835db)
+  labels:
+    io.kompose.service: nextcloud-aio-whiteboard
+  name: nextcloud-aio-whiteboard
+  namespace: "{{ .Values.NAMESPACE }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-whiteboard
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
+        kompose.version: 1.34.0 (cbf2835db)
+      labels:
+        io.kompose.service: nextcloud-aio-whiteboard
+    spec:
+      containers:
+        - env:
+            - name: JWT_SECRET_KEY
+              value: "{{ .Values.WHITEBOARD_SECRET }}"
+            - name: NEXTCLOUD_URL
+              value: https://{{ .Values.NC_DOMAIN }}
+            - name: REDIS_HOST
+              value: nextcloud-aio-redis
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: STORAGE_STRATEGY
+              value: redis
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20240925_080419"
+          name: nextcloud-aio-whiteboard
+          ports:
+            - containerPort: 3002
+              protocol: TCP
+          securityContext:
+            capabilities:
+              drop:
+                - NET_RAW
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
new file mode 100755
index 00000000..b0fbe7bd
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -0,0 +1,20 @@
+{{- if eq .Values.WHITEBOARD_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
+    kompose.version: 1.34.0 (cbf2835db)
+  labels:
+    io.kompose.service: nextcloud-aio-whiteboard
+  name: nextcloud-aio-whiteboard
+  namespace: "{{ .Values.NAMESPACE }}"
+spec:
+  ipFamilyPolicy: PreferDualStack
+  ports:
+    - name: "3002"
+      port: 3002
+      targetPort: 3002
+  selector:
+    io.kompose.service: nextcloud-aio-whiteboard
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index bd482675..4d483cef 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -10,6 +10,7 @@ SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
 TALK_INTERNAL_SECRET:           # TODO! This needs to be a unique and good password!
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
+WHITEBOARD_SECRET:           # TODO! This needs to be a unique and good password!
 
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
@@ -18,6 +19,7 @@ IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables t
 ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+WHITEBOARD_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).

From 6ddf0fb077b32790b3483bf5eeb88f022d9bbebf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 25 Sep 2024 13:00:27 +0200
Subject: [PATCH 2506/3949] also add the other services that use direct
 communication

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index b41db30c..a15a48f3 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -196,7 +196,7 @@
         "AIO_URL=%AIO_URL%",
         "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
         "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
-        "CLAMAV_HOST=nextcloud-aio-clamav",
+        "CLAMAV_HOST=nextcloud-aio-clamav.nextcloud-aio",
         "ONLYOFFICE_ENABLED=%ONLYOFFICE_ENABLED%",
         "COLLABORA_ENABLED=%COLLABORA_ENABLED%",
         "COLLABORA_HOST=nextcloud-aio-collabora",
@@ -206,7 +206,7 @@
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
-        "IMAGINARY_HOST=nextcloud-aio-imaginary",
+        "IMAGINARY_HOST=nextcloud-aio-imaginary.nextcloud-aio",
         "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
@@ -220,7 +220,7 @@
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording.nextcloud-aio",
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",

From 6756330ec7ba02fab2db542454ec4ea1daeb7811 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 25 Sep 2024 12:02:53 +0000
Subject: [PATCH 2507/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 858a696b..927feb77 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.4",
+            "version": "v1.3.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "61b87392d986dc49ad5ef64e75b1ff5fee24ef81"
+                "reference": "1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/61b87392d986dc49ad5ef64e75b1ff5fee24ef81",
-                "reference": "61b87392d986dc49ad5ef64e75b1ff5fee24ef81",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c",
+                "reference": "1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2024-08-02T07:48:17+00:00"
+            "time": "2024-09-23T13:33:08+00:00"
         },
         {
             "name": "nikic/fast-route",

From 26f76e95b103903b1119960e58f1786fe3b5dbf1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:03:02 +0000
Subject: [PATCH 2508/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 927feb77..3949ac20 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2301,16 +2301,16 @@
         },
         {
             "name": "felixfbecker/language-server-protocol",
-            "version": "v1.5.2",
+            "version": "v1.5.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/felixfbecker/php-language-server-protocol.git",
-                "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842"
+                "reference": "a9e113dbc7d849e35b8776da39edaf4313b7b6c9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/felixfbecker/php-language-server-protocol/zipball/6e82196ffd7c62f7794d778ca52b69feec9f2842",
-                "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842",
+                "url": "https://api.github.com/repos/felixfbecker/php-language-server-protocol/zipball/a9e113dbc7d849e35b8776da39edaf4313b7b6c9",
+                "reference": "a9e113dbc7d849e35b8776da39edaf4313b7b6c9",
                 "shasum": ""
             },
             "require": {
@@ -2351,9 +2351,9 @@
             ],
             "support": {
                 "issues": "https://github.com/felixfbecker/php-language-server-protocol/issues",
-                "source": "https://github.com/felixfbecker/php-language-server-protocol/tree/v1.5.2"
+                "source": "https://github.com/felixfbecker/php-language-server-protocol/tree/v1.5.3"
             },
-            "time": "2022-03-02T22:36:06+00:00"
+            "time": "2024-04-30T00:40:11+00:00"
         },
         {
             "name": "fidry/cpu-core-counter",
@@ -2700,16 +2700,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.31.0",
+            "version": "1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "249f15fb843bf240cf058372dad29e100cee6c17"
+                "reference": "6ca22b154efdd9e3c68c56f5d94670920a1c19a4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/249f15fb843bf240cf058372dad29e100cee6c17",
-                "reference": "249f15fb843bf240cf058372dad29e100cee6c17",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/6ca22b154efdd9e3c68c56f5d94670920a1c19a4",
+                "reference": "6ca22b154efdd9e3c68c56f5d94670920a1c19a4",
                 "shasum": ""
             },
             "require": {
@@ -2741,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.31.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.32.0"
             },
-            "time": "2024-09-22T11:32:18+00:00"
+            "time": "2024-09-26T07:23:32+00:00"
         },
         {
             "name": "sebastian/diff",

From a740c10eddf0cb6d12ed09478a1f16662be049e4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 27 Sep 2024 10:53:48 +0200
Subject: [PATCH 2509/3949] adjust readme for local-ai

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 8fef4473..c74ebc9f 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -18,8 +18,7 @@ This container bundles Local AI and auto-configures it for you.
 - url: github:go-skynet/model-gallery/gpt4all-j.yaml
   name: gpt4all-j
 ```
--  You need to add gpt4all-j under Text Generation (Default completion model to use) in Connected Accounts in the Administration Settings in Nextcloud, the default does not work.
--  Additionally after doing so, you might want to enable or disable specific features for your models in the integration_openai settings: `https://your-nc-domain.com/settings/admin/connected-accounts`
+-  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 460791c51641a6f0da5045e01456d2974d336993 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 27 Sep 2024 12:02:57 +0000
Subject: [PATCH 2510/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 3949ac20..11fbd00b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1265,16 +1265,16 @@
         },
         {
             "name": "slim/twig-view",
-            "version": "3.4.0",
+            "version": "3.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Twig-View.git",
-                "reference": "1b351536b9a07ed90a3563ee9d71a987c5d74610"
+                "reference": "b4268d87d0e327feba5f88d32031e9123655b909"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Twig-View/zipball/1b351536b9a07ed90a3563ee9d71a987c5d74610",
-                "reference": "1b351536b9a07ed90a3563ee9d71a987c5d74610",
+                "url": "https://api.github.com/repos/slimphp/Twig-View/zipball/b4268d87d0e327feba5f88d32031e9123655b909",
+                "reference": "b4268d87d0e327feba5f88d32031e9123655b909",
                 "shasum": ""
             },
             "require": {
@@ -1282,12 +1282,12 @@
                 "psr/http-message": "^1.1 || ^2.0",
                 "slim/slim": "^4.12",
                 "symfony/polyfill-php81": "^1.29",
-                "twig/twig": "^3.8"
+                "twig/twig": "^3.11"
             },
             "require-dev": {
                 "phpspec/prophecy-phpunit": "^2.0",
                 "phpstan/phpstan": "^1.10.59",
-                "phpunit/phpunit": "^9.6",
+                "phpunit/phpunit": "^9.6 || ^10",
                 "psr/http-factory": "^1.0",
                 "squizlabs/php_codesniffer": "^3.9"
             },
@@ -1324,9 +1324,9 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Twig-View/issues",
-                "source": "https://github.com/slimphp/Twig-View/tree/3.4.0"
+                "source": "https://github.com/slimphp/Twig-View/tree/3.4.1"
             },
-            "time": "2024-04-28T20:36:39+00:00"
+            "time": "2024-09-26T05:42:02+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",

From 728f5eac3a29172242e8dce60c788672ab4d5023 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 05:21:35 +0000
Subject: [PATCH 2511/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.15.1 to 8.15.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 0aa9bf11..873e9ba9 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.15.1
+FROM elasticsearch:8.15.2
 
 USER root
 

From 40436549e710547ac96603d3ef5a8e0235a16b52 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 05:21:47 +0000
Subject: [PATCH 2512/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.11-fpm-alpine3.20 to 8.3.12-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 677dac30..ecfb35de 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.3.1-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.11-fpm-alpine3.20
+FROM php:8.3.12-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From bd43ed3b82a9a127c40979e10274dcd6c44a5711 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 05:21:58 +0000
Subject: [PATCH 2513/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.2.23-fpm-alpine3.20 to 8.2.24-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 25b929a2..94294073 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.23-fpm-alpine3.20
+FROM php:8.2.24-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From 35011bf58bde5035ba43ef0c4258bffce5459020 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 05:22:07 +0000
Subject: [PATCH 2514/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.20-scratch to 2.10.21-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index aefaac36..0d0631c8 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.20-scratch AS nats
+FROM nats:2.10.21-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
 FROM alpine:3.20.3 AS janus

From 9ecfe60b3b1e95944fa5b245467b4cdf08dfc16b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 30 Sep 2024 09:55:03 +0200
Subject: [PATCH 2515/3949] memories: add NEXTCLOUD_MOUNT to CC

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/memories/memories.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/community-containers/memories/memories.json b/community-containers/memories/memories.json
index ce29a558..0c6a8e65 100644
--- a/community-containers/memories/memories.json
+++ b/community-containers/memories/memories.json
@@ -17,6 +17,11 @@
                     "source": "%NEXTCLOUD_DATADIR%",
                     "destination": "/mnt/ncdata",
                     "writeable": false
+                },
+                { 
+                    "source": "%NEXTCLOUD_MOUNT%", 
+                    "destination": "%NEXTCLOUD_MOUNT%", 
+                    "writeable": false 
                 }
             ],
             "devices": [

From af2cbb5a88fdfd4298a72e386a0d7e607e2f22be Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 30 Sep 2024 14:13:00 +0000
Subject: [PATCH 2516/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 11fbd00b..a272206e 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2469,16 +2469,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v4.19.2",
+            "version": "v4.19.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "0ed4c8949a32986043e977dbe14776c14d644c45"
+                "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/0ed4c8949a32986043e977dbe14776c14d644c45",
-                "reference": "0ed4c8949a32986043e977dbe14776c14d644c45",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/715f4d25e225bc47b293a8b997fe6ce99bf987d2",
+                "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2",
                 "shasum": ""
             },
             "require": {
@@ -2487,7 +2487,7 @@
             },
             "require-dev": {
                 "ircmaxell/php-yacc": "^0.0.7",
-                "phpunit/phpunit": "^6.5 || ^7.0 || ^8.0 || ^9.0"
+                "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0"
             },
             "bin": [
                 "bin/php-parse"
@@ -2519,9 +2519,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.2"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.4"
             },
-            "time": "2024-09-17T19:36:00+00:00"
+            "time": "2024-09-29T15:01:53+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From 6365b86107bcb306e05dd60c5d16c0e601c2603c Mon Sep 17 00:00:00 2001
From: Ikko Eltociear Ashimine <eltociear@gmail.com>
Date: Tue, 1 Oct 2024 03:06:04 +0900
Subject: [PATCH 2517/3949] docs: update readme.md

minor fix

Signed-off-by: Ikko Eltociear Ashimine <eltociear@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index ad6ccc68..5fe8331d 100644
--- a/readme.md
+++ b/readme.md
@@ -623,7 +623,7 @@ password=<password>
 ```
 (Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
 
-Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above above this one.
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one.
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.

From a901c08702d54a5985ec6b94ae5142c1634c8f9f Mon Sep 17 00:00:00 2001
From: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Date: Tue, 1 Oct 2024 10:16:37 +0200
Subject: [PATCH 2518/3949] Use GitHub Markdown boxes in readme

Signed-off-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
---
 readme.md | 56 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 18 deletions(-)

diff --git a/readme.md b/readme.md
index ad6ccc68..84828dac 100644
--- a/readme.md
+++ b/readme.md
@@ -81,12 +81,21 @@ Included are:
 
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
-1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. The easiest way is installing it by **using the convenience script**:  
-    ```sh
-    curl -fsSL https://get.docker.com | sudo sh
-    ```
-1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-2. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
+1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
+>[!WARNING]
+> We recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can use the convinience script 
+
+<details>
+    <summary>Using the convinience script</summary>
+
+```sh
+curl -fsSL https://get.docker.com | sudo sh
+```
+
+</details>
+
+2. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
+3. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
     ```
     # For Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
     sudo docker run \
@@ -120,12 +129,12 @@ The following instructions are meant for installations without a web server or r
 
     Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
-3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
+4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. `https://ip.address.of.this.server:8080`<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br><br>
 If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
 `https://your-domain-that-points-to-this-server.tld:8443`
-4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
 ## FAQ
 ### How does it work?
@@ -180,12 +189,14 @@ nextcloud/all-in-one:latest
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
-⚠️ **Please note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
+> [!NOTE]  
+> Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
 On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
-⚠️ **Please note**: it is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
+> [!NOTE]  
+> It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
@@ -327,7 +338,8 @@ AIO ships its own update notifications implementation. It checks if container up
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
 
 ### How to change the domain?
-**⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
+> [!NOTE]  
+> Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
 
 If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, substitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
 If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
@@ -340,7 +352,8 @@ Additionally, after restarting the containers, you need to open the admin settin
 ### How to properly reset the instance?
 If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.
 
-**Please note**: if you already have it running and have data on your instance, you should not follow these instructions as it will delete all data that is coupled to your AIO instance.
+> [!NOTE]  
+> If you already have it running and have data on your instance, you should not follow these instructions as it will delete all data that is coupled to your AIO instance.
 
 Here is how to reset the AIO instance properly:
 1. Stop all containers if they are running from the AIO interface
@@ -572,7 +585,8 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
-⚠️⚠️⚠️ **Warning**: The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script.
+> [!WARNING]  
+> The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script.
 
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
@@ -583,13 +597,15 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 
 One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 
-⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
+> [!NOTE]  
+> None of the option returns error codes. So you need to check for the correct result yourself.
 
 ### How to disable the backup section?
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to change the default location of Nextcloud's Datadir?
-⚠️⚠️⚠️ **Warning:** Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
+> [!WARNING]  
+> Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 
@@ -639,7 +655,8 @@ You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, ac
 
 Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 
-**Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
+> [!NOTE]  
+> If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
@@ -685,12 +702,15 @@ You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick exte
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
 
 ### How to enable hardware-transcoding for Nextcloud?
-⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
+> [!WARNING]  
+> This only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
 The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. There is now a community container which allows to easily add the transcoding container of Memories to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories
 
 ### How to keep disabled apps?
-In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ⚠️⚠️⚠️ **Warning** doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
+In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
+> [!WARNING]  
+> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
 
 ### Huge docker logs
 If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.

From 0495efcbbb2cf6a83f50fe8936b732f5e41dcd9f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Oct 2024 12:00:29 +0200
Subject: [PATCH 2519/3949] fix typos

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 84828dac..6c6f6bfb 100644
--- a/readme.md
+++ b/readme.md
@@ -83,10 +83,10 @@ Included are:
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
 >[!WARNING]
-> We recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can use the convinience script 
+> We recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can use the convenience script 
 
 <details>
-    <summary>Using the convinience script</summary>
+    <summary>Using the convenience script</summary>
 
 ```sh
 curl -fsSL https://get.docker.com | sudo sh

From e72163e731f55ac95ae7c891a29ea891a5924a21 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Oct 2024 12:14:08 +0200
Subject: [PATCH 2520/3949] Revert "Update containers.json to fix
 inter-container-connectivity"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index a15a48f3..a107df84 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -196,7 +196,7 @@
         "AIO_URL=%AIO_URL%",
         "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
         "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
-        "CLAMAV_HOST=nextcloud-aio-clamav.nextcloud-aio",
+        "CLAMAV_HOST=nextcloud-aio-clamav",
         "ONLYOFFICE_ENABLED=%ONLYOFFICE_ENABLED%",
         "COLLABORA_ENABLED=%COLLABORA_ENABLED%",
         "COLLABORA_HOST=nextcloud-aio-collabora",
@@ -206,12 +206,12 @@
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
-        "IMAGINARY_HOST=nextcloud-aio-imaginary.nextcloud-aio",
+        "IMAGINARY_HOST=nextcloud-aio-imaginary",
         "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
-        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch.nextcloud-aio",
+        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
@@ -220,7 +220,7 @@
         "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%",
         "TALK_RECORDING_ENABLED=%TALK_RECORDING_ENABLED%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording.nextcloud-aio",
+        "TALK_RECORDING_HOST=nextcloud-aio-talk-recording",
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",

From b5f579d0f900aa43b42836f485c7557a63655559 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Oct 2024 13:21:02 +0200
Subject: [PATCH 2521/3949] adjust text

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0fa0a488..dc1cc7ee 100644
--- a/readme.md
+++ b/readme.md
@@ -83,7 +83,7 @@ Included are:
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
 >[!WARNING]
-> We recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can use the convenience script 
+> You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: 
 
 <details>
     <summary>Using the convenience script</summary>

From 5b35c443e7551381b67f26dc4a27d82a67ceb6f5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 04:26:42 +0000
Subject: [PATCH 2522/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.7.2.1 to 24.04.8.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c67b24d0..cc151fab 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.7.2.1
+FROM collabora/code:24.04.8.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From bb07424ae6bba3b380dbdd257a27582e64067d63 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 04:26:49 +0000
Subject: [PATCH 2523/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.1-alpine3.20 to 1.23.2-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 86a411ff..165b528a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.1-alpine3.20 AS go
+FROM golang:1.23.2-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 

From 0ecbf79cf23dc3ed0875dd46544f74d8c049c46d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 04:27:31 +0000
Subject: [PATCH 2524/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.12.6-alpine3.20 to 3.12.7-alpine3.20.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 0c98bd59..a9e3dc42 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.6-alpine3.20
+FROM python:3.12.7-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 

From 7c61a2d3462b133eee8f8fac298395ad00ddd10f Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 2 Oct 2024 14:33:47 +0200
Subject: [PATCH 2525/3949] Add docker

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/README.md b/php/README.md
index 70028349..285530f6 100644
--- a/php/README.md
+++ b/php/README.md
@@ -33,6 +33,7 @@ docker run \
 --rm \
 --name nextcloud-aio-mastercontainer \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock \
 nextcloud/all-in-one:latest
 ```
 

From 0e99adeb94d137443a681e688b5e3a9ff3ec5918 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 2 Oct 2024 14:04:13 +0200
Subject: [PATCH 2526/3949] psalm.xml

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/composer.json | 59 ++++++++++++++++++++++++-----------------------
 php/psalm.xml     | 16 +++++++++----
 2 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/php/composer.json b/php/composer.json
index 3ac4ea36..17fa5097 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -1,35 +1,36 @@
 {
-    "autoload": {
-        "psr-4": {
-            "AIO\\": ["src/"]
-        }
-    },
-    "require": {
-        "php": "8.3.*",
-        "ext-json": "*",
-        "ext-sodium": "*",
-        "ext-curl": "*",
-        "slim/slim": "^4.11",
-        "php-di/slim-bridge": "^3.3",
-        "guzzlehttp/guzzle": "^7.5",
-        "guzzlehttp/psr7": "^2.4",
-        "http-interop/http-factory-guzzle": "^1.2",
-        "slim/twig-view": "^3.3",
-        "slim/csrf": "^1.3",
-        "ext-apcu": "*"
-    },
-    "require-dev": {
-        "sserbin/twig-linter": "@dev",
-        "vimeo/psalm": "^5.25",
-        "wapmorgan/php-deprecation-detector": "dev-master"
-    },
-    "scripts": {
-        "dev": [
-            "Composer\\Config::disableProcessTimeout",
-            "php -S localhost:8080 -t public"
-        ],
+	"autoload": {
+		"psr-4": {
+			"AIO\\": ["src/"]
+		}
+	},
+	"require": {
+		"php": "8.3.*",
+		"ext-json": "*",
+		"ext-sodium": "*",
+		"ext-curl": "*",
+		"slim/slim": "^4.11",
+		"php-di/slim-bridge": "^3.3",
+		"guzzlehttp/guzzle": "^7.5",
+		"guzzlehttp/psr7": "^2.4",
+		"http-interop/http-factory-guzzle": "^1.2",
+		"slim/twig-view": "^3.3",
+		"slim/csrf": "^1.3",
+		"ext-apcu": "*"
+	},
+	"require-dev": {
+		"sserbin/twig-linter": "@dev",
+		"vimeo/psalm": "^5.25",
+		"wapmorgan/php-deprecation-detector": "dev-master"
+	},
+	"scripts": {
+		"dev": [
+			"Composer\\Config::disableProcessTimeout",
+			"php -S localhost:8080 -t public"
+		],
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --monochrome --no-progress --output-format=text --update-baseline",
+		"psalm:strict": "psalm --threads=1 --show-info=true",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
 		"lint:twig": "twig-linter lint ./templates",
 		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
diff --git a/php/psalm.xml b/php/psalm.xml
index 59601afa..e958843f 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -1,17 +1,23 @@
 <?xml version="1.0"?>
+<!--TODO: errorLevel="1" see PR #5369-->
 <psalm
-	errorLevel="2"
-	resolveFromConfigFile="true"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns="https://getpsalm.org/schema/config"
-	xsi:schemaLocation="https://getpsalm.org/schema/config"
-    errorBaseline="psalm-baseline.xml"
+	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+	errorBaseline="psalm-baseline.xml"
 	findUnusedBaselineEntry="true"
-	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>
 		<directory name="src"/>
 		<file name="public/index.php"/>
+		<ignoreFiles>
+			<directory name="vendor" />
+		</ignoreFiles>
 	</projectFiles>
+	<extraFiles>
+		<directory name="vendor" />
+	</extraFiles>
+	<issueHandlers>
+	</issueHandlers>
 </psalm>

From 4a7e6ba6e00e6ed37e646dc6ea6eaa621fb73298 Mon Sep 17 00:00:00 2001
From: Bastian <48765834+Cloudboom@users.noreply.github.com>
Date: Wed, 2 Oct 2024 23:58:50 +0200
Subject: [PATCH 2527/3949] Update readme.md

Clarify th location of ect/fstab

Signed-off-by: Bastian <48765834+Cloudboom@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index dc1cc7ee..88972ecf 100644
--- a/readme.md
+++ b/readme.md
@@ -626,7 +626,7 @@ You can configure the Nextcloud container to use a specific directory on your ho
 
 ### Can I use a CIFS/SMB share as Nextcloud's datadir?
 
-Sure. Add this to the `/etc/fstab` file: <br>
+Sure. Add this to the `/etc/fstab` file on the host system: <br>
 `<your-storage-host-and-subpath> <your-mount-dir> cifs rw,mfsymlinks,seal,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
 (Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
 

From 593dfe731aaf0a58a2f461687fe22cbbbac8ab7e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 3 Oct 2024 12:02:57 +0000
Subject: [PATCH 2528/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.lock b/php/composer.lock
index a272206e..01271b47 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3742,6 +3742,6 @@
         "ext-curl": "*",
         "ext-apcu": "*"
     },
-    "platform-dev": [],
+    "platform-dev": {},
     "plugin-api-version": "2.6.0"
 }

From d7428f042483e04d3dffe625ed20cf33773e837e Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Wed, 2 Oct 2024 23:24:51 +0200
Subject: [PATCH 2529/3949] fix(pecl): configuration options in the right order

build(pecl): update sed commands in workflow script to handle module versions dynamically
build(imagick): update url

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 .github/workflows/nextcloud-update.yml | 12 ++++++------
 Containers/nextcloud/Dockerfile        |  8 +++-----
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index bbe6cae8..4812a68c 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -25,7 +25,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|\(pecl install[^;]*APCu-\)[0-9.]*|\1$apcu_version|" ./Containers/nextcloud/Dockerfile
         
         # Memcached
         memcached_version="$(
@@ -36,7 +36,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install memcached.* |pecl install memcached-$memcached_version |" ./Containers/nextcloud/Dockerfile
+        sed -i "s|\(pecl install[^;]*memcached-\)[0-9.]*|\1$memcached_version|" ./Containers/nextcloud/Dockerfile
         
         # Redis
         redis_version="$(
@@ -47,18 +47,18 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install redis.* |pecl install redis-$redis_version |" ./Containers/nextcloud/Dockerfile
+        sed -i "s|\(pecl install[^;]*redis-\)[0-9.]*|\1$redis_version|" ./Containers/nextcloud/Dockerfile
         
         # Imagick
         imagick_version="$(
-          git ls-remote --tags https://github.com/mkoppanen/imagick.git \
+          git ls-remote --tags https://github.com/Imagick/imagick.git \
             | cut -d/ -f3 \
             | grep -viE '[a-z]' \
             | tr -d '^{}' \
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile
 
         # Igbinary
         igbinary_version="$(
@@ -69,7 +69,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install igbinary.*\;|pecl install igbinary-$igbinary_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|\(pecl install[^;]*igbinary-\)[0-9.]*|\1$igbinary_version|" ./Containers/nextcloud/Dockerfile
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 94294073..95c6e119 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -78,12 +78,10 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install igbinary-3.2.16; \ 
+    pecl install igbinary-3.2.16; \
     pecl install APCu-5.1.24; \
-    pecl install memcached-3.2.0 \
-        --configureoptions 'enable-memcached-igbinary="yes"'; \
-    pecl install redis-6.0.2 \
-        --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"'; \
+    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.2.0; \
+    pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.0.2; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From 63bb1d86c17ef968456d4027eb6d49d10449140e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Oct 2024 13:08:49 +0200
Subject: [PATCH 2530/3949] aio-interface: invalidate cache of
 options-form-submit.js

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 561e304d..8a7012be 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -603,7 +603,7 @@
                             <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
                         {% endif %}
                         <input id="options-form-submit" type="submit" value="Save changes" />
-                        <script type="text/javascript" src="options-form-submit.js"></script>
+                        <script type="text/javascript" src="options-form-submit.js?v2"></script>
                     </form>
                     <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
                     {% if isAnyRunning == true or is_x64_platform == false %}

From eb7921c9f9d640d6c267108410e05496d15c25ac Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Oct 2024 15:36:59 +0200
Subject: [PATCH 2531/3949] drop the comment - we know that we can improve the
 errorlevel

Follow up already noted in https://github.com/nextcloud/all-in-one/issues/5368

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/psalm.xml b/php/psalm.xml
index e958843f..7a6ca595 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -1,5 +1,4 @@
 <?xml version="1.0"?>
-<!--TODO: errorLevel="1" see PR #5369-->
 <psalm
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns="https://getpsalm.org/schema/config"

From 6e7f547ccd6207d7835f8dbfddf6c35b2550735f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Oct 2024 15:38:35 +0200
Subject: [PATCH 2532/3949] add psalm:strict to the readme

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/README.md b/php/README.md
index 285530f6..29ade4ae 100644
--- a/php/README.md
+++ b/php/README.md
@@ -56,6 +56,7 @@ Note: You can restart the server by preceding the command with other environment
 |-----------------------------------------|----------------------------------------|
 | `composer run dev`                      | Starts the development server          |
 | `composer run psalm`                    | Run Psalm static analysis              |
+| `composer run psalm:strict`             | Run Psalm static analysis strict       |
 | `composer run psalm:update-baseline`    | Run Psalm with `--update-baseline` arg |
 | `composer run lint`                     | Run PHP Syntax check                   |
 | `composer run lint:twig`                | Run Twig Syntax check                  |

From 4aaf8e90671df7e42f2f4e97a0a903c3188eb75d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 5 Oct 2024 12:09:56 +0000
Subject: [PATCH 2533/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 95c6e119..2fee1af1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -81,7 +81,7 @@ RUN set -ex; \
     pecl install igbinary-3.2.16; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.2.0; \
-    pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.0.2; \
+    pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \

From 505e2dc2ab4ba26a7f71557254bb18e2e6603b5c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 04:34:27 +0000
Subject: [PATCH 2534/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-5 to 1.4.1-7.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 318d4e71..b2636f44 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-5
+FROM clamav/clamav:1.4.1-7
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 496ec9ba1756d5bebf65abd1eb6f732af3c5c3ef Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Mon, 7 Oct 2024 10:12:43 +0200
Subject: [PATCH 2535/3949] update constructor

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Auth/AuthManager.php                  |   8 +-
 php/src/Container/Container.php               | 109 +++++-------------
 php/src/Container/ContainerPort.php           |  13 +--
 php/src/Container/ContainerVolume.php         |  13 +--
 php/src/ContainerDefinitionFetcher.php        |  19 +--
 .../Controller/ConfigurationController.php    |   8 +-
 php/src/Controller/DockerController.php       |  17 +--
 php/src/Controller/LoginController.php        |  13 +--
 php/src/Data/Setup.php                        |  13 +--
 php/src/Docker/DockerActionManager.php        |  27 ++---
 php/src/Docker/DockerHubManager.php           |   9 +-
 php/src/Middleware/AuthMiddleware.php         |  10 +-
 php/src/Twig/CsrfExtension.php                |  18 ++-
 13 files changed, 84 insertions(+), 193 deletions(-)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index a4bc96b6..925ff89f 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -6,12 +6,12 @@ use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use \DateTime;
 
-class AuthManager {
+readonly class AuthManager {
     private const string SESSION_KEY = 'aio_authenticated';
-    private ConfigurationManager $configurationManager;
 
-    public function __construct(ConfigurationManager $configurationManager) {
-        $this->configurationManager = $configurationManager;
+    public function __construct(
+        private ConfigurationManager $configurationManager
+    ) {
     }
 
     public function CheckCredentials(string $password) : bool {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 9d598b4a..24d94d6c 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -7,87 +7,38 @@ use AIO\Data\ConfigurationManager;
 use AIO\Docker\DockerActionManager;
 use AIO\ContainerDefinitionFetcher;
 
-class Container {
-    private string $identifier;
-    private string $displayName;
-    private string $containerName;
-    private string $restartPolicy;
-    private int $maxShutdownTime;
-    private ContainerPorts $ports;
-    private string $internalPorts;
-    private ContainerVolumes $volumes;
-    private ContainerEnvironmentVariables $containerEnvironmentVariables;
-    /** @var string[] */
-    private array $dependsOn;
-    /** @var string[] */
-    private array $secrets;
-    /** @var string[] */
-    private array $devices;
-    /** @var string[] */
-    private array $capAdd;
-    private int $shmSize;
-    private bool $apparmorUnconfined;
-    /** @var string[] */
-    private array $backupVolumes;
-    private array $nextcloudExecCommands;
-    private bool $readOnlyRootFs;
-    private array $tmpfs;
-    private bool $init;
-    private string $imageTag;
-    private AioVariables $aioVariables;
-    private string $documentation;
-    private DockerActionManager $dockerActionManager;
-
+readonly class Container {
     public function __construct(
-        string $identifier,
-        string $displayName,
-        string $containerName,
-        string $restartPolicy,
-        int $maxShutdownTime,
-        ContainerPorts $ports,
-        string $internalPorts,
-        ContainerVolumes $volumes,
-        ContainerEnvironmentVariables $containerEnvironmentVariables,
-        array $dependsOn,
-        array $secrets,
-        array $devices,
-        array $capAdd,
-        int $shmSize,
-        bool $apparmorUnconfined,
-        array $backupVolumes,
-        array $nextcloudExecCommands,
-        bool $readOnlyRootFs,
-        array $tmpfs,
-        bool $init,
-        string $imageTag,
-        AioVariables $aioVariables,
-        string $documentation,
-        DockerActionManager $dockerActionManager
+        private string                        $identifier,
+        private string                        $displayName,
+        private string                        $containerName,
+        private string                        $restartPolicy,
+        private int                           $maxShutdownTime,
+        private ContainerPorts                $ports,
+        private string                        $internalPorts,
+        private ContainerVolumes              $volumes,
+        private ContainerEnvironmentVariables $containerEnvironmentVariables,
+        /** @var string[] */
+        private array                         $dependsOn,
+        /** @var string[] */
+        private array                         $secrets,
+        /** @var string[] */
+        private array                         $devices,
+        /** @var string[] */
+        private array                         $capAdd,
+        private int                           $shmSize,
+        private bool                          $apparmorUnconfined,
+        /** @var string[] */
+        private array                         $backupVolumes,
+        private array                         $nextcloudExecCommands,
+        private bool                          $readOnlyRootFs,
+        private array                         $tmpfs,
+        private bool                          $init,
+        private string                        $imageTag,
+        private AioVariables                  $aioVariables,
+        private string                        $documentation,
+        private DockerActionManager           $dockerActionManager
     ) {
-        $this->identifier = $identifier;
-        $this->displayName = $displayName;
-        $this->containerName = $containerName;
-        $this->restartPolicy = $restartPolicy;
-        $this->maxShutdownTime = $maxShutdownTime;
-        $this->ports = $ports;
-        $this->internalPorts = $internalPorts;
-        $this->volumes = $volumes;
-        $this->containerEnvironmentVariables = $containerEnvironmentVariables;
-        $this->dependsOn = $dependsOn;
-        $this->secrets = $secrets;
-        $this->devices = $devices;
-        $this->capAdd = $capAdd;
-        $this->shmSize = $shmSize;
-        $this->apparmorUnconfined = $apparmorUnconfined;
-        $this->backupVolumes = $backupVolumes;
-        $this->nextcloudExecCommands = $nextcloudExecCommands;
-        $this->readOnlyRootFs = $readOnlyRootFs;
-        $this->tmpfs = $tmpfs;
-        $this->init = $init;
-        $this->imageTag = $imageTag;
-        $this->aioVariables = $aioVariables;
-        $this->documentation = $documentation;
-        $this->dockerActionManager = $dockerActionManager;
     }
 
     public function GetIdentifier() : string {
diff --git a/php/src/Container/ContainerPort.php b/php/src/Container/ContainerPort.php
index 3ecf56cd..ff8a6250 100644
--- a/php/src/Container/ContainerPort.php
+++ b/php/src/Container/ContainerPort.php
@@ -3,17 +3,10 @@
 namespace AIO\Container;
 
 class ContainerPort {
-    public string $port;
-    public string $ipBinding;
-    public string $protocol;
-
     public function __construct(
-        string $port,
-        string $ipBinding,
-        string $protocol
+        public string $port,
+        public string $ipBinding,
+        public string $protocol
     ) {
-        $this->port = $port;
-        $this->ipBinding = $ipBinding;
-        $this->protocol = $protocol;
     }
 }
diff --git a/php/src/Container/ContainerVolume.php b/php/src/Container/ContainerVolume.php
index af517591..e28145a9 100644
--- a/php/src/Container/ContainerVolume.php
+++ b/php/src/Container/ContainerVolume.php
@@ -3,17 +3,10 @@
 namespace AIO\Container;
 
 class ContainerVolume {
-    public string $name;
-    public string $mountPoint;
-    public bool $isWritable;
-
     public function __construct(
-        string $name,
-        string $mountPoint,
-        bool $isWritable
+        public string $name,
+        public string $mountPoint,
+        public bool $isWritable
     ) {
-        $this->name = $name;
-        $this->mountPoint = $mountPoint;
-        $this->isWritable = $isWritable;
     }
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 1cd4b17c..6968c4a5 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -14,18 +14,11 @@ use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Docker\DockerActionManager;
 
-class ContainerDefinitionFetcher
-{
-    private ConfigurationManager $configurationManager;
-    private \DI\Container $container;
-
+readonly class ContainerDefinitionFetcher {
     public function __construct(
-        ConfigurationManager $configurationManager,
-        \DI\Container $container
-    )
-    {
-        $this->configurationManager = $configurationManager;
-        $this->container = $container;
+        private ConfigurationManager $configurationManager,
+        private \DI\Container $container
+    ) {
     }
 
     public function GetContainerById(string $id): Container
@@ -103,7 +96,7 @@ class ContainerDefinitionFetcher
 
             $ports = new ContainerPorts();
             if (isset($entry['ports'])) {
-                foreach ($entry['ports'] as $value) {                    
+                foreach ($entry['ports'] as $value) {
                     $ports->AddPort(
                         new ContainerPort(
                             $value['port_number'],
@@ -212,7 +205,7 @@ class ContainerDefinitionFetcher
                     $dependsOn[] = $value;
                 }
             }
-            
+
             $variables = new ContainerEnvironmentVariables();
             if (isset($entry['environment'])) {
                 foreach ($entry['environment'] as $value) {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 835d7b62..c38c1bc1 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -9,14 +9,10 @@ use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
-class ConfigurationController
-{
-    private ConfigurationManager $configurationManager;
-
+readonly class ConfigurationController {
     public function __construct(
-        ConfigurationManager $configurationManager
+        private ConfigurationManager $configurationManager
     ) {
-        $this->configurationManager = $configurationManager;
     }
 
     public function SetConfig(Request $request, Response $response, array $args) : Response {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 2d536738..28462752 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -9,21 +9,14 @@ use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use AIO\Data\ConfigurationManager;
 
-class DockerController
-{
-    private DockerActionManager $dockerActionManager;
-    private ContainerDefinitionFetcher $containerDefinitionFetcher;
+readonly class DockerController {
     private const string TOP_CONTAINER = 'nextcloud-aio-apache';
-    private ConfigurationManager $configurationManager;
 
     public function __construct(
-        DockerActionManager $dockerActionManager,
-        ContainerDefinitionFetcher $containerDefinitionFetcher,
-        ConfigurationManager $configurationManager
+        private DockerActionManager           $dockerActionManager,
+        private ContainerDefinitionFetcher    $containerDefinitionFetcher,
+        private ConfigurationManager $configurationManager
     ) {
-        $this->dockerActionManager = $dockerActionManager;
-        $this->containerDefinitionFetcher = $containerDefinitionFetcher;
-        $this->configurationManager = $configurationManager;
     }
 
     private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
@@ -48,7 +41,7 @@ class DockerController
             }
         }
 
-        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down 
+        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down
         // and try to mitigate issues that are arising due to that
         if ($pullImage) {
             if (!$this->dockerActionManager->isDockerHubReachable($container)) {
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 787ec6e1..196e7138 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -9,14 +9,11 @@ use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
-class LoginController
-{
-    private AuthManager $authManager;
-    private DockerActionManager $dockerActionManager;
-
-    public function __construct(AuthManager $authManager, DockerActionManager $dockerActionManager) {
-        $this->authManager = $authManager;
-        $this->dockerActionManager = $dockerActionManager;
+readonly class LoginController {
+    public function __construct(
+        private AuthManager $authManager,
+        private DockerActionManager $dockerActionManager,
+    ) {
     }
 
     public function TryLogin(Request $request, Response $response, array $args) : Response {
diff --git a/php/src/Data/Setup.php b/php/src/Data/Setup.php
index 2ab87e36..f8f43e4b 100644
--- a/php/src/Data/Setup.php
+++ b/php/src/Data/Setup.php
@@ -4,16 +4,11 @@ namespace AIO\Data;
 
 use AIO\Auth\PasswordGenerator;
 
-class Setup
-{
-    private PasswordGenerator $passwordGenerator;
-    private ConfigurationManager $configurationManager;
-
+readonly class Setup {
     public function __construct(
-        PasswordGenerator $passwordGenerator,
-        ConfigurationManager $configurationManager) {
-        $this->passwordGenerator = $passwordGenerator;
-        $this->configurationManager = $configurationManager;
+        private PasswordGenerator $passwordGenerator,
+        private ConfigurationManager $configurationManager,
+    ) {
     }
 
     public function Setup() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6bb7f70e..5df9e6f4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -13,34 +13,21 @@ use AIO\Container\State\VersionDifferentState;
 use AIO\Container\State\StoppedState;
 use AIO\Container\State\VersionEqualState;
 use AIO\Data\ConfigurationManager;
+use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use AIO\ContainerDefinitionFetcher;
 use http\Env\Response;
 
-class DockerActionManager
-{
+readonly class DockerActionManager {
     private const string API_VERSION = 'v1.41';
-    private \GuzzleHttp\Client $guzzleClient;
-    private ConfigurationManager $configurationManager;
-    private ContainerDefinitionFetcher $containerDefinitionFetcher;
-    private DockerHubManager $dockerHubManager;
+    private Client $guzzleClient;
 
     public function __construct(
-        ConfigurationManager  $configurationManager,
-        ContainerDefinitionFetcher $containerDefinitionFetcher,
-        DockerHubManager $dockerHubManager
+        private ConfigurationManager  $configurationManager,
+        private ContainerDefinitionFetcher $containerDefinitionFetcher,
+        private DockerHubManager $dockerHubManager
     ) {
-        $this->configurationManager = $configurationManager;
-        $this->containerDefinitionFetcher = $containerDefinitionFetcher;
-        $this->dockerHubManager = $dockerHubManager;
-        $this->guzzleClient = new \GuzzleHttp\Client(
-            [
-                'curl' => [
-                    CURLOPT_UNIX_SOCKET_PATH => '/var/run/docker.sock',
-
-                ],
-            ]
-        );
+        $this->guzzleClient = new Client(['curl' => [CURLOPT_UNIX_SOCKET_PATH => '/var/run/docker.sock']]);
     }
 
     private function BuildApiUrl(string $url) : string {
diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 36f46982..9bf4ad29 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -6,12 +6,11 @@ use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 
-class DockerHubManager
-{
+readonly class DockerHubManager {
     private Client $guzzleClient;
 
-    public function __construct()
-    {
+    public function __construct(
+    ) {
         $this->guzzleClient = new Client();
     }
 
@@ -59,4 +58,4 @@ class DockerHubManager
             return null;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index c0c814b8..f8d44857 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -8,12 +8,10 @@ use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
 
-class AuthMiddleware
-{
-    private AuthManager $authManager;
-
-    public function __construct(AuthManager $authManager) {
-        $this->authManager = $authManager;
+readonly class AuthMiddleware {
+    public function __construct(
+        private AuthManager $authManager
+    ) {
     }
 
     public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
diff --git a/php/src/Twig/CsrfExtension.php b/php/src/Twig/CsrfExtension.php
index 6df974ae..feac9c72 100644
--- a/php/src/Twig/CsrfExtension.php
+++ b/php/src/Twig/CsrfExtension.php
@@ -3,17 +3,13 @@
 namespace AIO\Twig;
 
 use Slim\Csrf\Guard;
+use Twig\Extension\AbstractExtension;
+use Twig\Extension\GlobalsInterface;
 
-class CsrfExtension extends \Twig\Extension\AbstractExtension implements \Twig\Extension\GlobalsInterface
-{
-    /**
-     * @var Guard
-     */
-    protected Guard $csrf;
-
-    public function __construct(Guard $csrf)
-    {
-        $this->csrf = $csrf;
+class CsrfExtension extends AbstractExtension implements GlobalsInterface {
+    public function __construct(
+        protected Guard $csrf
+    ) {
     }
 
     public function getGlobals() : array
@@ -35,4 +31,4 @@ class CsrfExtension extends \Twig\Extension\AbstractExtension implements \Twig\E
             ]
         ];
     }
-}
\ No newline at end of file
+}

From a0ec043c49e4965ece031b1c1aa92098c66a2d0e Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 2 Oct 2024 15:00:13 +0200
Subject: [PATCH 2536/3949] Add Enum

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Container/Container.php               |  9 ++-
 php/src/Container/State/IContainerState.php   |  5 --
 .../State/ImageDoesNotExistState.php          |  6 --
 .../Container/State/NotRestartingState.php    |  6 --
 php/src/Container/State/RestartingState.php   |  6 --
 php/src/Container/State/RunningState.php      |  6 --
 php/src/Container/State/StartingState.php     |  6 --
 php/src/Container/State/StoppedState.php      |  6 --
 .../Container/State/VersionDifferentState.php |  6 --
 php/src/Container/State/VersionEqualState.php |  6 --
 php/src/Container/VersionState.php            |  8 +++
 php/src/Container/WorkingState.php            | 12 ++++
 php/src/ContainerDefinitionFetcher.php        |  1 -
 php/src/Controller/DockerController.php       |  8 +--
 php/src/Docker/DockerActionManager.php        | 59 ++++++++-----------
 php/templates/containers.twig                 | 14 ++---
 16 files changed, 60 insertions(+), 104 deletions(-)
 delete mode 100644 php/src/Container/State/IContainerState.php
 delete mode 100644 php/src/Container/State/ImageDoesNotExistState.php
 delete mode 100644 php/src/Container/State/NotRestartingState.php
 delete mode 100644 php/src/Container/State/RestartingState.php
 delete mode 100644 php/src/Container/State/RunningState.php
 delete mode 100644 php/src/Container/State/StartingState.php
 delete mode 100644 php/src/Container/State/StoppedState.php
 delete mode 100644 php/src/Container/State/VersionDifferentState.php
 delete mode 100644 php/src/Container/State/VersionEqualState.php
 create mode 100644 php/src/Container/VersionState.php
 create mode 100644 php/src/Container/WorkingState.php

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 24d94d6c..e2071362 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -2,7 +2,6 @@
 
 namespace AIO\Container;
 
-use AIO\Container\State\IContainerState;
 use AIO\Data\ConfigurationManager;
 use AIO\Docker\DockerActionManager;
 use AIO\ContainerDefinitionFetcher;
@@ -113,19 +112,19 @@ readonly class Container {
         return $this->volumes;
     }
 
-    public function GetRunningState() : IContainerState {
+    public function GetRunningState() : WorkingState {
         return $this->dockerActionManager->GetContainerRunningState($this);
     }
 
-    public function GetRestartingState() : IContainerState {
+    public function GetRestartingState() : WorkingState {
         return $this->dockerActionManager->GetContainerRestartingState($this);
     }
 
-    public function GetUpdateState() : IContainerState {
+    public function GetUpdateState() : VersionState {
         return $this->dockerActionManager->GetContainerUpdateState($this);
     }
 
-    public function GetStartingState() : IContainerState {
+    public function GetStartingState() : WorkingState {
         return $this->dockerActionManager->GetContainerStartingState($this);
     }
 
diff --git a/php/src/Container/State/IContainerState.php b/php/src/Container/State/IContainerState.php
deleted file mode 100644
index d93dab65..00000000
--- a/php/src/Container/State/IContainerState.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-interface IContainerState {}
diff --git a/php/src/Container/State/ImageDoesNotExistState.php b/php/src/Container/State/ImageDoesNotExistState.php
deleted file mode 100644
index dbef10f4..00000000
--- a/php/src/Container/State/ImageDoesNotExistState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class ImageDoesNotExistState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/NotRestartingState.php b/php/src/Container/State/NotRestartingState.php
deleted file mode 100644
index b035377c..00000000
--- a/php/src/Container/State/NotRestartingState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class NotRestartingState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/RestartingState.php b/php/src/Container/State/RestartingState.php
deleted file mode 100644
index 9e94637e..00000000
--- a/php/src/Container/State/RestartingState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class RestartingState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/RunningState.php b/php/src/Container/State/RunningState.php
deleted file mode 100644
index d5cc1915..00000000
--- a/php/src/Container/State/RunningState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class RunningState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/StartingState.php b/php/src/Container/State/StartingState.php
deleted file mode 100644
index b2e35725..00000000
--- a/php/src/Container/State/StartingState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class StartingState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/StoppedState.php b/php/src/Container/State/StoppedState.php
deleted file mode 100644
index cbc62885..00000000
--- a/php/src/Container/State/StoppedState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class StoppedState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/VersionDifferentState.php b/php/src/Container/State/VersionDifferentState.php
deleted file mode 100644
index 96ac6bdb..00000000
--- a/php/src/Container/State/VersionDifferentState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class VersionDifferentState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/State/VersionEqualState.php b/php/src/Container/State/VersionEqualState.php
deleted file mode 100644
index a4b221f1..00000000
--- a/php/src/Container/State/VersionEqualState.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-namespace AIO\Container\State;
-
-class VersionEqualState implements IContainerState
-{}
\ No newline at end of file
diff --git a/php/src/Container/VersionState.php b/php/src/Container/VersionState.php
new file mode 100644
index 00000000..8eed9301
--- /dev/null
+++ b/php/src/Container/VersionState.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace AIO\Container;
+
+enum VersionState: string {
+    case Different = 'different';
+    case Equal = 'equal';
+}
diff --git a/php/src/Container/WorkingState.php b/php/src/Container/WorkingState.php
new file mode 100644
index 00000000..3b4a24cc
--- /dev/null
+++ b/php/src/Container/WorkingState.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace AIO\Container;
+
+enum WorkingState: string {
+    case ImageDoesNotExist = 'image_does_not_exist';
+    case NotRestarting = 'not_restarting';
+    case Restarting = 'restarting';
+    case Running = 'running';
+    case Starting = 'starting';
+    case Stopped = 'stopped';
+}
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6968c4a5..4e2d6a41 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -9,7 +9,6 @@ use AIO\Container\ContainerPort;
 use AIO\Container\ContainerPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
-use AIO\Container\State\RunningState;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Docker\DockerActionManager;
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 28462752..db499b10 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -2,7 +2,7 @@
 
 namespace AIO\Controller;
 
-use AIO\Container\State\RunningState;
+use AIO\Container\WorkingState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -28,7 +28,7 @@ readonly class DockerController {
 
         // Don't start if container is already running
         // This is expected to happen if a container is defined in depends_on of multiple containers
-        if ($container->GetRunningState() instanceof RunningState) {
+        if ($container->GetRunningState() === WorkingState::Running) {
             error_log('Not starting ' . $id . ' because it was already started.');
             return;
         }
@@ -254,10 +254,10 @@ readonly class DockerController {
         $domaincheckContainer = $this->containerDefinitionFetcher->GetContainerById($id);
         $apacheContainer = $this->containerDefinitionFetcher->GetContainerById(self::TOP_CONTAINER);
         // Don't start if apache is already running
-        if ($apacheContainer->GetRunningState() instanceof RunningState) {
+        if ($apacheContainer->GetRunningState() === WorkingState::Running) {
             return;
         // Don't start if domaincheck is already running
-        } elseif ($domaincheckContainer->GetRunningState() instanceof RunningState) {
+        } elseif ($domaincheckContainer->GetRunningState() === WorkingState::Running) {
             $domaincheckWasStarted = apcu_fetch($cacheKey);
             // Start domaincheck again when 10 minutes are over by not returning here
             if($domaincheckWasStarted !== false && is_string($domaincheckWasStarted)) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5df9e6f4..89257df5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -3,15 +3,8 @@
 namespace AIO\Docker;
 
 use AIO\Container\Container;
-use AIO\Container\State\IContainerState;
-use AIO\Container\State\ImageDoesNotExistState;
-use AIO\Container\State\StartingState;
-use AIO\Container\State\RunningState;
-use AIO\Container\State\RestartingState;
-use AIO\Container\State\NotRestartingState;
-use AIO\Container\State\VersionDifferentState;
-use AIO\Container\State\StoppedState;
-use AIO\Container\State\VersionEqualState;
+use AIO\Container\VersionState;
+use AIO\Container\WorkingState;
 use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
@@ -42,14 +35,14 @@ readonly class DockerActionManager {
         return $container->GetContainerName() . ':' . $tag;
     }
 
-    public function GetContainerRunningState(Container $container) : IContainerState
+    public function GetContainerRunningState(Container $container) : WorkingState
     {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
             if ($e->getCode() === 404) {
-                return new ImageDoesNotExistState();
+                return WorkingState::ImageDoesNotExist;
             }
             throw $e;
         }
@@ -57,20 +50,20 @@ readonly class DockerActionManager {
         $responseBody = json_decode((string)$response->getBody(), true);
 
         if ($responseBody['State']['Running'] === true) {
-            return new RunningState();
+            return WorkingState::Running;
         } else {
-            return new StoppedState();
+            return WorkingState::Stopped;
         }
     }
 
-    public function GetContainerRestartingState(Container $container) : IContainerState
+    public function GetContainerRestartingState(Container $container) : WorkingState
     {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
             if ($e->getCode() === 404) {
-                return new ImageDoesNotExistState();
+                return WorkingState::ImageDoesNotExist;
             }
             throw $e;
         }
@@ -78,13 +71,13 @@ readonly class DockerActionManager {
         $responseBody = json_decode((string)$response->getBody(), true);
 
         if ($responseBody['State']['Restarting'] === true) {
-            return new RestartingState();
+            return WorkingState::Restarting;
         } else {
-            return new NotRestartingState();
+            return WorkingState::NotRestarting;
         }
     }
 
-    public function GetContainerUpdateState(Container $container) : IContainerState
+    public function GetContainerUpdateState(Container $container) : VersionState
     {
         $tag = $container->GetImageTag();
         if ($tag === '%AIO_CHANNEL%') {
@@ -93,28 +86,26 @@ readonly class DockerActionManager {
 
         $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
         if ($runningDigests === null) {
-            return new VersionDifferentState();
+            return VersionState::Different;
         }
         $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
         if ($remoteDigest === null) {
-            return new VersionEqualstate();
+            return VersionState::Equal;
         }
 
         foreach($runningDigests as $runningDigest) {
             if ($runningDigest === $remoteDigest) {
-                return new VersionEqualState();
+                return VersionState::Equal;
             }
         }
-        return new VersionDifferentState();
+        return VersionState::Different;
     }
 
-    public function GetContainerStartingState(Container $container) : IContainerState
+    public function GetContainerStartingState(Container $container) : WorkingState
     {
         $runningState = $this->GetContainerRunningState($container);
-        if ($runningState instanceof StoppedState) {
-            return new StoppedState();
-        } elseif ($runningState instanceof ImageDoesNotExistState) {
-            return new ImageDoesNotExistState();
+        if ($runningState === WorkingState::Stopped || $runningState === WorkingState::ImageDoesNotExist) {
+            return $runningState;
         }
 
         $containerName = $container->GetIdentifier();
@@ -129,12 +120,12 @@ readonly class DockerActionManager {
             $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
             if ($connection) {
                 fclose($connection);
-                return new RunningState();
+                return WorkingState::Running;
             } else {
-                return new StartingState();
+                return WorkingState::Starting;
             }
         } else {
-            return new RunningState();
+            return WorkingState::Running;
         }
     }
 
@@ -628,7 +619,7 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $updateAvailable = "";
-        if ($container->GetUpdateState() instanceof VersionDifferentState) {
+        if ($container->GetUpdateState() === VersionState::Different) {
             $updateAvailable = '1';
         }
         foreach ($container->GetDependsOn() as $dependency) {
@@ -789,7 +780,7 @@ readonly class DockerActionManager {
 
     public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
     {
-        if ($this->GetContainerStartingState($container) instanceof RunningState) {
+        if ($this->GetContainerStartingState($container) === WorkingState::Running) {
 
             $containerName = $container->GetIdentifier();
 
@@ -973,7 +964,7 @@ readonly class DockerActionManager {
     public function isLoginAllowed() : bool {
         $id = 'nextcloud-aio-apache';
         $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
-        if ($this->GetContainerStartingState($apacheContainer) instanceof RunningState) {
+        if ($this->GetContainerStartingState($apacheContainer) === WorkingState::Running) {
             return false;
         }
         return true;
@@ -982,7 +973,7 @@ readonly class DockerActionManager {
     public function isBackupContainerRunning() : bool {
         $id = 'nextcloud-aio-borgbackup';
         $backupContainer = $this->containerDefinitionFetcher->GetContainerById($id);
-        if ($this->GetContainerRunningState($backupContainer) instanceof RunningState) {
+        if ($this->GetContainerRunningState($backupContainer) === WorkingState::Running) {
             return true;
         }
         return false;
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8a7012be..7a47460b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -40,19 +40,19 @@
         {% endif %}
 
         {% for container in containers %}
-            {% if container.GetDisplayName() != '' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %}
                 {% set isAnyRunning = true %}
             {% endif %}
-            {% if container.GetDisplayName() != '' and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
+            {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
                 {% set isAnyRestarting = true %}
             {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and (container.GetRunningState().value == 'running') %}
                 {% set isWatchtowerRunning = true %}
             {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and (container.GetRunningState().value == 'running' %}
                 {% set isDomaincheckRunning = true %}
             {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-apache' and class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
                 {% set isApacheStarting = true %}
             {% endif %}
         {% endfor %}
@@ -261,14 +261,14 @@
                         {% for container in containers %}
                             {% if container.GetDisplayName() != '' %}
                                 <li>
-                                    {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
+                                    {% if container.GetStartingState().value == 'starting' %}
                                         <span class="status running"></span>
                                         <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
                                         </span>
-                                    {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+                                    {% elseif container.GetRunningState().value == 'running' %}
                                         <span class="status success"></span>
                                         <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
                                         {% if container.GetDocumentation() != '' %}

From edeb5ca40aa3186a05097e7f9527c6b23f41510b Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 2 Oct 2024 15:23:38 +0200
Subject: [PATCH 2537/3949] Fix containers.twig

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 7a47460b..df6d5f4c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -46,10 +46,10 @@
             {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
                 {% set isAnyRestarting = true %}
             {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and (container.GetRunningState().value == 'running') %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
                 {% set isWatchtowerRunning = true %}
             {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and (container.GetRunningState().value == 'running' %}
+            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
                 {% set isDomaincheckRunning = true %}
             {% endif %}
             {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}

From dc209adb843b4503434a3625e19e35fa8743c53d Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Mon, 7 Oct 2024 13:20:49 +0200
Subject: [PATCH 2538/3949] Update php/src/Container/WorkingState.php

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Container/Container.php               |  6 ++--
 .../{WorkingState.php => ContainerState.php}  |  2 +-
 php/src/Controller/DockerController.php       |  8 ++---
 php/src/Docker/DockerActionManager.php        | 34 +++++++++----------
 4 files changed, 25 insertions(+), 25 deletions(-)
 rename php/src/Container/{WorkingState.php => ContainerState.php} (89%)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index e2071362..0f9e9de5 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -112,11 +112,11 @@ readonly class Container {
         return $this->volumes;
     }
 
-    public function GetRunningState() : WorkingState {
+    public function GetRunningState() : ContainerState {
         return $this->dockerActionManager->GetContainerRunningState($this);
     }
 
-    public function GetRestartingState() : WorkingState {
+    public function GetRestartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerRestartingState($this);
     }
 
@@ -124,7 +124,7 @@ readonly class Container {
         return $this->dockerActionManager->GetContainerUpdateState($this);
     }
 
-    public function GetStartingState() : WorkingState {
+    public function GetStartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerStartingState($this);
     }
 
diff --git a/php/src/Container/WorkingState.php b/php/src/Container/ContainerState.php
similarity index 89%
rename from php/src/Container/WorkingState.php
rename to php/src/Container/ContainerState.php
index 3b4a24cc..f6481027 100644
--- a/php/src/Container/WorkingState.php
+++ b/php/src/Container/ContainerState.php
@@ -2,7 +2,7 @@
 
 namespace AIO\Container;
 
-enum WorkingState: string {
+enum ContainerState: string {
     case ImageDoesNotExist = 'image_does_not_exist';
     case NotRestarting = 'not_restarting';
     case Restarting = 'restarting';
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index db499b10..840985f8 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -2,7 +2,7 @@
 
 namespace AIO\Controller;
 
-use AIO\Container\WorkingState;
+use AIO\Container\ContainerState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -28,7 +28,7 @@ readonly class DockerController {
 
         // Don't start if container is already running
         // This is expected to happen if a container is defined in depends_on of multiple containers
-        if ($container->GetRunningState() === WorkingState::Running) {
+        if ($container->GetRunningState() === ContainerState::Running) {
             error_log('Not starting ' . $id . ' because it was already started.');
             return;
         }
@@ -254,10 +254,10 @@ readonly class DockerController {
         $domaincheckContainer = $this->containerDefinitionFetcher->GetContainerById($id);
         $apacheContainer = $this->containerDefinitionFetcher->GetContainerById(self::TOP_CONTAINER);
         // Don't start if apache is already running
-        if ($apacheContainer->GetRunningState() === WorkingState::Running) {
+        if ($apacheContainer->GetRunningState() === ContainerState::Running) {
             return;
         // Don't start if domaincheck is already running
-        } elseif ($domaincheckContainer->GetRunningState() === WorkingState::Running) {
+        } elseif ($domaincheckContainer->GetRunningState() === ContainerState::Running) {
             $domaincheckWasStarted = apcu_fetch($cacheKey);
             // Start domaincheck again when 10 minutes are over by not returning here
             if($domaincheckWasStarted !== false && is_string($domaincheckWasStarted)) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 89257df5..12a641e0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -4,7 +4,7 @@ namespace AIO\Docker;
 
 use AIO\Container\Container;
 use AIO\Container\VersionState;
-use AIO\Container\WorkingState;
+use AIO\Container\ContainerState;
 use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
@@ -35,14 +35,14 @@ readonly class DockerActionManager {
         return $container->GetContainerName() . ':' . $tag;
     }
 
-    public function GetContainerRunningState(Container $container) : WorkingState
+    public function GetContainerRunningState(Container $container) : ContainerState
     {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
             if ($e->getCode() === 404) {
-                return WorkingState::ImageDoesNotExist;
+                return ContainerState::ImageDoesNotExist;
             }
             throw $e;
         }
@@ -50,20 +50,20 @@ readonly class DockerActionManager {
         $responseBody = json_decode((string)$response->getBody(), true);
 
         if ($responseBody['State']['Running'] === true) {
-            return WorkingState::Running;
+            return ContainerState::Running;
         } else {
-            return WorkingState::Stopped;
+            return ContainerState::Stopped;
         }
     }
 
-    public function GetContainerRestartingState(Container $container) : WorkingState
+    public function GetContainerRestartingState(Container $container) : ContainerState
     {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
             if ($e->getCode() === 404) {
-                return WorkingState::ImageDoesNotExist;
+                return ContainerState::ImageDoesNotExist;
             }
             throw $e;
         }
@@ -71,9 +71,9 @@ readonly class DockerActionManager {
         $responseBody = json_decode((string)$response->getBody(), true);
 
         if ($responseBody['State']['Restarting'] === true) {
-            return WorkingState::Restarting;
+            return ContainerState::Restarting;
         } else {
-            return WorkingState::NotRestarting;
+            return ContainerState::NotRestarting;
         }
     }
 
@@ -101,10 +101,10 @@ readonly class DockerActionManager {
         return VersionState::Different;
     }
 
-    public function GetContainerStartingState(Container $container) : WorkingState
+    public function GetContainerStartingState(Container $container) : ContainerState
     {
         $runningState = $this->GetContainerRunningState($container);
-        if ($runningState === WorkingState::Stopped || $runningState === WorkingState::ImageDoesNotExist) {
+        if ($runningState === ContainerState::Stopped || $runningState === ContainerState::ImageDoesNotExist) {
             return $runningState;
         }
 
@@ -120,12 +120,12 @@ readonly class DockerActionManager {
             $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
             if ($connection) {
                 fclose($connection);
-                return WorkingState::Running;
+                return ContainerState::Running;
             } else {
-                return WorkingState::Starting;
+                return ContainerState::Starting;
             }
         } else {
-            return WorkingState::Running;
+            return ContainerState::Running;
         }
     }
 
@@ -780,7 +780,7 @@ readonly class DockerActionManager {
 
     public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
     {
-        if ($this->GetContainerStartingState($container) === WorkingState::Running) {
+        if ($this->GetContainerStartingState($container) === ContainerState::Running) {
 
             $containerName = $container->GetIdentifier();
 
@@ -964,7 +964,7 @@ readonly class DockerActionManager {
     public function isLoginAllowed() : bool {
         $id = 'nextcloud-aio-apache';
         $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
-        if ($this->GetContainerStartingState($apacheContainer) === WorkingState::Running) {
+        if ($this->GetContainerStartingState($apacheContainer) === ContainerState::Running) {
             return false;
         }
         return true;
@@ -973,7 +973,7 @@ readonly class DockerActionManager {
     public function isBackupContainerRunning() : bool {
         $id = 'nextcloud-aio-borgbackup';
         $backupContainer = $this->containerDefinitionFetcher->GetContainerById($id);
-        if ($this->GetContainerRunningState($backupContainer) === WorkingState::Running) {
+        if ($this->GetContainerRunningState($backupContainer) === ContainerState::Running) {
             return true;
         }
         return false;

From 386bab09583d3e348f06c93d78ac978c2e7083b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 16:08:00 +0000
Subject: [PATCH 2539/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.0.2 to v1.0.3.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 1ab6d7d6..2cbb371a 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.2
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.3
 
 USER root
 RUN set -ex; \

From 966e0175abaef189ac09ab9a53e6bd457efd8a02 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 05:04:09 +0000
Subject: [PATCH 2540/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.5-alpine to 7.2.6-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index d8a97f33..f5fc22e5 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.5-alpine
+FROM redis:7.2.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From bd9070ec6a455df60da290d13b3aa0dadaaaed29 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 05:04:23 +0000
Subject: [PATCH 2541/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.12.7-alpine3.20 to 3.13.0-alpine3.20.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index a9e3dc42..41ad1c14 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.7-alpine3.20
+FROM python:3.13.0-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 

From 531104db66b9b0467b6620caa9b8929600ef9d02 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Oct 2024 11:08:23 +0200
Subject: [PATCH 2542/3949] increase to 9.7.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index df6d5f4c..9bcef1cd 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
     </header>
 
     <main>
-        <h1>Nextcloud AIO v9.6.0</h1>
+        <h1>Nextcloud AIO v9.7.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

From bf8395c62efca502c5955d311d6925065800a28d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 9 Oct 2024 13:51:29 +0200
Subject: [PATCH 2543/3949] nginx: radjust configs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1ea7b179..f986047e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -353,10 +353,9 @@ server {
         proxy_set_header X-Forwarded-Scheme $scheme;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Accept-Encoding "";
         proxy_set_header Host $host;
     
-        client_body_buffer_size 512k;
+        proxy_request_buffering off;
         proxy_read_timeout 86400s;
         client_max_body_size 0;
 

From 1ea728bd2a6e2589811337d61c5c151e53ad6c8b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:10:45 +0000
Subject: [PATCH 2544/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 165b528a..f07bb428 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.2-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \

From 0051b04683f0e1c7d94a0568a187e01fb0b2bf91 Mon Sep 17 00:00:00 2001
From: pun kyard <59349105+punkyard@users.noreply.github.com>
Date: Tue, 10 Sep 2024 22:03:58 +0200
Subject: [PATCH 2545/3949] Update reverse-proxy.md

59349105+punkyard@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 reverse-proxy.md | 116 +++++++++++++++++++++++------------------------
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f986047e..64f67e11 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,24 +1,25 @@
 # Reverse Proxy Documentation
 
-**Note:** The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
+> [!NOTE]  
+> The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
 
-A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a web server that enables computers on the internet to access a service in a [private subnet](https://en.wikipedia.org/wiki/Private_network).
+A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a software service that can be thought of as the gateway of a web server. It enables computers on the internet to access a service or web-site in a [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.
 
-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to <br>1. specify the port that AIO's integrated Apache container shall use <br>2. add a specific config to your web server or reverse proxy <br>3. modify the startup command a bit. <br>All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
-1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
+1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
-1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
+1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
+1. Optional: how to debug things? See [point 6](#6-how-to-debug-things)
 
-**Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
+**Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
 
-## 1. Configure the reverse proxy
+## 1. Configure the reverse proxy 🛠️
 
 ### Adapting the sample web server configurations below
 1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
@@ -39,7 +40,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
     For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
 
-    Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+    Another option (actually the recommended way) in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
 
     </details>
 
@@ -53,7 +54,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
     </details>
 
-### Apache
+### Apache 🪶
 
 <details>
 
@@ -132,7 +133,7 @@ To make the config work you can run the following command:
 
 </details>
 
-### Caddy (Recommended)
+### Caddy (recommended) 🔏
 
 <details>
 
@@ -147,13 +148,13 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** Look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
 </details>
 
-### Caddy with ACME DNS-challenge
+### Caddy with ACME DNS-challenge 🔀
 
 <details>
 
@@ -181,7 +182,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
-### Citrix ADC VPX / Citrix Netscaler 
+### Citrix ADC VPX / Citrix Netscaler 🔀
 
 <details>
 
@@ -191,7 +192,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 </details>
 
-### Cloudflare Tunnel
+### Cloudflare Tunnel ☁
 
 <details>
 
@@ -201,13 +202,13 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
 ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
+1. Now continue with [point 2](#2-use-this-startup-command) but add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command - which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel).
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 
 </details>
 
-### HaProxy
+### HaProxy 🔀
 
 <details>
 
@@ -304,17 +305,17 @@ backend Nextcloud
 
 </details>
 
-### Nginx, Freenginx, Openresty
+### Nginx, Freenginx, Openresty 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** This config was tested and should normally work on all modern nginx version if you configure it correctly. Improvements to the config are very welcome!
+**Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome!
 
-Add the below template to your nginx config.
+Add the below template to your Nginx config.
 
-**Note:** please check your nginx version by running: `nginx -v` and adjust it the lines marked with version notes, so that they fit your nginx version.
+**Note:** please check your Nginx version by running: `nginx -v` and adjust the lines marked with version notes to fit your version.
 
 ```
 map $http_upgrade $connection_upgrade {
@@ -392,19 +393,19 @@ server {
 
 ```
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
 </details>
 
-### Nginx-Proxy-Manager
+### Nginx-Proxy-Manager - NPM 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`.
+First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
 If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
 
 Second, see these screenshots for a working config:
@@ -423,34 +424,32 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
-
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy
+### Nginx-Proxy 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-Unfortunately it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+Unfortunately, it is not possible to configure Nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
 
 If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
-Of course understandable if that is not possible for you.
 
-Apart from that, there is this: [manual-install](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
+Apart from that, there is a [manual-install](https://github.com/nextcloud/all-in-one/tree/main/manual-install).
 
 </details>
 
-### Node.js with Express
+### Node.js with Express 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 For Node.js, we will use the npm package `http-proxy`. WebSockets must be handled separately.
 
@@ -527,17 +526,17 @@ httpServer.on('upgrade', (req, socket, head) => {
 });
 ```
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
-### Synology Reverse Proxy
+### Synology Reverse Proxy 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 See these screenshots for a working config:
 
@@ -545,17 +544,17 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
-### Traefik 2
+### Traefik 2 🔀
 
 <details>
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
 
@@ -632,13 +631,12 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ---
 
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
-
+⚠️ **Please note:** look [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>
 
-### IIS with ARR and URL Rewrite
+### IIS with ARR and URL Rewrite 🔀
 
 <details>
 
@@ -706,7 +704,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-### Others
+### Others 🔧
 
 <details>
 
@@ -716,11 +714,11 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 </details>
 
-## 2. Use this startup command
+## 2. Use this startup command 🚀
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
-(For a docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
+(For a `compose.yaml` example, see the example further [below](#inspiration-for-a-docker-compose-file).)
 
 ```
 # For Linux:
@@ -737,9 +735,9 @@ sudo docker run \
 nextcloud/all-in-one:latest
 ```
 
-Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
-You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
+You should also think about limiting the Apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
 
 On macOS see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos.
 
@@ -773,16 +771,17 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
-## 3. Limit the access to the apache container
+## 3. Limit the access to the Apache container 🔒
 
 Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
-## 4. Open the AIO interface.
+## 4. Open the AIO interface 🖥️
+
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: get a valid certificate for the AIO interface
+## 5. Optional: get a valid certificate for the AIO interface 🔐
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -799,18 +798,19 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 6. How to debug things?
+## 6. How to debug things? 🐛
+
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
-1. Make sure that you used the docker run command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
+1. Make sure that you used the `docker run` command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
-1. Make sure to follow [this](#adapting-the-sample-web-server-configurations-below) to adapt the example configurations to your specific setup
+1. Make sure to follow [this](#adapting-the-sample-web-server-configurations-below) to adapt the example configurations to your specific setup!
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
-1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.
-1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below.
-1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 and 80.
-1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain).
-1. Try to configure everything from scratch if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
+1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel!
+1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below!
+1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 (and 80)!
+1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)!
+1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!

From 6b30744fc3a38e36c8fecd53c3a0c50c72ea858f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Oct 2024 12:40:17 +0200
Subject: [PATCH 2546/3949] revert headings so that old links still work and
 adjust some details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 50 ++++++++++++++++++++++++------------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 64f67e11..1e0231d2 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -19,7 +19,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
 
-## 1. Configure the reverse proxy 🛠️
+## 1. Configure the reverse proxy
 
 ### Adapting the sample web server configurations below
 1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
@@ -54,7 +54,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
     </details>
 
-### Apache 🪶
+### Apache
 
 <details>
 
@@ -133,7 +133,7 @@ To make the config work you can run the following command:
 
 </details>
 
-### Caddy (recommended) 🔏
+### Caddy (recommended)
 
 <details>
 
@@ -148,13 +148,13 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-⚠️ **Please note:** Look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
 </details>
 
-### Caddy with ACME DNS-challenge 🔀
+### Caddy with ACME DNS-challenge
 
 <details>
 
@@ -182,7 +182,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
-### Citrix ADC VPX / Citrix Netscaler 🔀
+### Citrix ADC VPX / Citrix Netscaler
 
 <details>
 
@@ -192,7 +192,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 </details>
 
-### Cloudflare Tunnel ☁
+### Cloudflare Tunnel
 
 <details>
 
@@ -208,7 +208,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
 
 </details>
 
-### HaProxy 🔀
+### HaProxy
 
 <details>
 
@@ -305,7 +305,7 @@ backend Nextcloud
 
 </details>
 
-### Nginx, Freenginx, Openresty 🔀
+### Nginx, Freenginx, Openresty
 
 <details>
 
@@ -393,13 +393,13 @@ server {
 
 ```
 
-⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
 </details>
 
-### Nginx-Proxy-Manager - NPM 🔀
+### Nginx-Proxy-Manager - NPM
 
 <details>
 
@@ -429,7 +429,7 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy 🔀
+### Nginx-Proxy
 
 <details>
 
@@ -443,7 +443,7 @@ Apart from that, there is a [manual-install](https://github.com/nextcloud/all-in
 
 </details>
 
-### Node.js with Express 🔀
+### Node.js with Express
 
 <details>
 
@@ -526,11 +526,11 @@ httpServer.on('upgrade', (req, socket, head) => {
 });
 ```
 
-⚠️ **Please note:** look in [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
-### Synology Reverse Proxy 🔀
+### Synology Reverse Proxy
 
 <details>
 
@@ -544,11 +544,11 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-⚠️ **Please note:** look [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
-### Traefik 2 🔀
+### Traefik 2
 
 <details>
 
@@ -631,12 +631,12 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ---
 
-⚠️ **Please note:** look [here](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>
 
-### IIS with ARR and URL Rewrite 🔀
+### IIS with ARR and URL Rewrite
 
 <details>
 
@@ -704,7 +704,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-### Others 🔧
+### Others
 
 <details>
 
@@ -714,7 +714,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 </details>
 
-## 2. Use this startup command 🚀
+## 2. Use this startup command
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
@@ -771,17 +771,17 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
-## 3. Limit the access to the Apache container 🔒
+## 3. Limit the access to the Apache container
 
 Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
-## 4. Open the AIO interface 🖥️
+## 4. Open the AIO interface
 
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: get a valid certificate for the AIO interface 🔐
+## 5. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -798,7 +798,7 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 6. How to debug things? 🐛
+## 6. How to debug things?
 
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!

From ce29c17ca421a67a1c896f2c7dee77a7171ea28d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Oct 2024 10:52:10 +0000
Subject: [PATCH 2547/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2fee1af1..90fac1a8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.7
+ENV NEXTCLOUD_VERSION=29.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From e4528678b179ff3a4c4441c6a9ea81e1035f4976 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Oct 2024 15:33:29 +0200
Subject: [PATCH 2548/3949] adjust description of reverse proxy

Signed-off-by: Simon L. <szaimen@e.mail.de>

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1e0231d2..242130fd 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -3,7 +3,7 @@
 > [!NOTE]  
 > The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
 
-A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a software service that can be thought of as the gateway of a web server. It enables computers on the internet to access a service or web-site in a [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.
+A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is a software service that acts as a gateway between services and a client. It is commonly used to allow a client connected to the Internet to access a website located in the [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 

From e45bd1ef2d172556293dfc7ec9e6c122498dd03a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Oct 2024 15:34:15 +0200
Subject: [PATCH 2549/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 242130fd..a435f2da 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -7,7 +7,13 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is a software ser
 
 **Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
 
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to <br>1. specify the port that AIO's integrated Apache container shall use <br>2. add a specific config to your web server or reverse proxy <br>3. modify the startup command a bit. <br>All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
+1. specify the port that AIO's integrated Apache container shall use
+2. add a specific config to your web server or reverse proxy
+3. modify the startup command a bit.
+All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy.
+> [!IMPORTANT] 
+> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**

From 9b25f8b061013f57ed1e24a70b2cda619f290c6a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Oct 2024 15:34:31 +0200
Subject: [PATCH 2550/3949] make wording consistant

Signed-off-by: Simon L. <szaimen@e.mail.de>

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a435f2da..205d7892 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -207,7 +207,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
-⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 1. Now continue with [point 2](#2-use-this-startup-command) but add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command - which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel).
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.

From 1f144b9ee77c2671117815c1c670422d057739b2 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Tue, 8 Oct 2024 18:49:37 +0200
Subject: [PATCH 2551/3949] feat(ui): introducing dark-mode and refactor some
 template details and css

- chore: increase to 9.7.0 - reconcile with main after rebase
- chore: reconcile fixes to containers.twig from main after rebase
- refactor(layout): increment CSS version from v2 to v3

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/img/Background_Light.jpg          |  Bin 676856 -> 0 bytes
 php/public/img/jenna-kim-the-globe-dark.webp |  Bin 0 -> 180762 bytes
 php/public/img/jenna-kim-the-globe.webp      |  Bin 0 -> 98876 bytes
 php/public/img/logo-blue.svg                 |    3 -
 php/public/img/logo.svg                      |    1 -
 php/public/img/nextcloud-logo.svg            |    4 +
 php/public/style.css                         |  351 ++++-
 php/public/toggle-dark-mode.js               |   26 +
 php/templates/already-installed.twig         |   12 +-
 php/templates/containers.twig                | 1232 +++++++++---------
 php/templates/layout.twig                    |    8 +-
 php/templates/login.twig                     |   56 +-
 php/templates/setup.twig                     |   22 +-
 13 files changed, 988 insertions(+), 727 deletions(-)
 delete mode 100644 php/public/img/Background_Light.jpg
 create mode 100644 php/public/img/jenna-kim-the-globe-dark.webp
 create mode 100644 php/public/img/jenna-kim-the-globe.webp
 delete mode 100644 php/public/img/logo-blue.svg
 delete mode 100644 php/public/img/logo.svg
 create mode 100644 php/public/img/nextcloud-logo.svg
 create mode 100644 php/public/toggle-dark-mode.js

diff --git a/php/public/img/Background_Light.jpg b/php/public/img/Background_Light.jpg
deleted file mode 100644
index ecbe6d0b897064ec992d01d0de6500736cff0a19..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 676856
zcmbTd2~-o=(>U5mItw8Q9SB=QY{FuQh=4&^wVNc!BHEEeMMYVH25<v$0Uf6k7DI4}
z2ri6ECxV8!BaVtXiUSJHFeV5(Iy$4c3^MA^bw>SM{_Xsh_r3SN^PP9z%}GwDyXsce
zy>+YZt*ZX~^XIz&l#-a72vDd1pdmlN=O+MPzC5?E6rcbg003(8);*d|TT-$#X3Uty
z%R;j?OLFo;bC)a{vnqS(nDEfBF+kkJRZFvT3-e0goV*43i{nNAICEYE=WF6cGa}Q%
z(w55dwE0P8#d+yvQ&hQSg}Koh(ZmUG+^U#Wi<U0RE6IjeEn2vES<I?<(chiNkk?;s
zj}gItgOn7;i_kAr;hAX|EL&2X2S<m7kIoGXi-5;Rhh~q<9yd06TvT=l91#{F9TPTo
zOxU>5;o&in5iwzr@V}afBv`DOA2Us!_%Cwgzj)EV<XX9MW$4PWp-YMvj0um9jvf;h
zF(x8nGzl?!S?S`E>{X)|FZ2I*5AwWaxyAWQOY)a2hQIWfowH<lNxX<;_McKLTAG&j
zpN{{>0b8`_i)epCFDsdr_kXeRKSD24l`hR2Gc9k~lI6v@c_g_1zmdt|``-zD0VKJJ
znOdAr&P(<}`I6k_i}DtiB+KJP<daZMz9wc|bXYDqe$k`H=Vgx{Esd0hkB-V47dAR~
zY);hJoCr;xG&|?t{rpe(k>jJn!)4<YV<RHQg@-E=QAI+uJX|J=j!2Y_9TyS)Z`|a?
z%Sy5r=jQ#Jc0Nh_U%2xB6*op!oR?j)q*%3N$-;jt0;XM3vSgWd$x=8XGBg?%r)B5n
zFaB~T_{%K)Q)qc!asG-tO=9tqMeyIl9FzY)u<-v){D0zW{{If&7?P<mUv%Za>CV4z
zkqY_c@;{4#{PUmXl((2%L&fA``TPvv{k;SL%>{B%Qa=9zQ~*@Umqz|lX;kt{qmqsG
zuSTbVWTVmPbOwV#r!$!>7L&>T(m4NV6cQe!flTr-o5f`Pw<rGr`QI--UjX<l)>0RM
zM&ScgK841oeC`0w0e|!L<%eYT??!S5(iu$Fe;)k5o<IPF6aWP2G#W^y08}>$!1oJB
zsY+UQk<N9qSp*(yk8q<ucO={sFkVc{Vfwolv-D$YWgeE6^nl!D(m=1?0ePfnIsXe;
zD%lx@&LBIZH~|zs)s^NK4x(;!CE3|#hFKJmFimi*-Qmu>m*fAuc&zM&z9qfZk{jUh
z`4+&Tk@$QXAD9Sy2878!KA38~E;)aFY|V$%AL<X(nBF_4kILMkye+6cVCWi=yp%tB
z4jT8Y8ok}0qx(5&j7IuK>W!|Rs=9`)-|!9|n|e|z_4oIXsi*;7s=l06#yV-Pp<E?>
z+SOepOY8z^8>c>3^*59T>p8^{t0V>AV#Cqcw0r4^UB)(`L+3tF)$Bd&Wx~jOS59Tx
zv<M~d_Azn(FI#7Pr7WSW7usrWZVuI&_iCI$=>Covqom-^hxz_;X~%qyGQoa-bKB8t
zNB>Ys7w%C5Iq2Qyy{=CcK#u$ze{^iIe}j<l9*26}?rry!RWmpz_>r?iABlbUk97c9
znYuJ7uzMEFNlSiIwZZg2_e=dd^InhYKp-bE)SVRQ1;!XT)F$*P_S4l#bHsS!<mIg4
zjlzrjb~Swl2F!#vtA$8R3|U;YUhx1v*Ywt+y&0?3a~8kMJ6tMh`|j8*Yq{o`1Qb2K
zm3g?KVTB3qG&x#a^*f7K$kJOM+{)x)tPngrzIRaD!8m;kc^Yt|R=A>pT1{N`4{C~B
zKGVPuS2y2U((jqrW!Nnlp!wijH8=fsPS?o%LoV)Vtbnk#nghR>cq40r%-+J}lE|6&
z<<h4CSA;7}RpqXeceAt<B7&qaI#OlV(^rY}f7TYN(}soqb`xD)4Dc1{>3vI7=^;t3
zGYxft!{Ee9dY9%2NpbF3M@fz!H#Rv`CCzbX1e}&7N>>*8S;Ln;vKDMMoq=~%+-MNC
z*yq&(9r!&i>q>dMQ~I~hdM3#dxLjzuf32`WQwm0|PKvY%$4v^h2*)MRvDnn^p=P4P
zz}Sk}X|rwGn`7H_Kd&ul7&rM%e;uVpnVt|K9^RO0HhW_q;{=g2t4Gk&vHM#OceQbn
zOjQRoX?A<=*0AdRi{-D<q&(PH2jp(%6*Ls!%aNz?w=qX`n4z48tWhriDsj*dK2hDD
z$%u~4&mz_4c8Ltt1;qDD7vcx4G}i^4>9UQ;WqG9RzU-qLWh3^CEgUD8KPMG+F6P(}
zW8QD&iJ6>T&l>WFEEI3mOSxVD(dJsAiMVSU@<|R!gZguvGfn8mNkO4kgyW_SH=1w#
zu95<d_jDkqutd7hI#m60#+$m#=>hR7S?lptW@}N<8h(j?2vQd0d(S)0Znkwqj{xOQ
zgIe#_?9boZEkm3RVf}AFc~nDPCNME2+gfyGUz?vT5jozX`(=wsEzS8UkapD6F2nxP
z4DY8^yXG20*ZCZ_6ujR~RlBvG`R1mldSi5CpR9G~ev5FgD=j8y|Kh~OHGBC9Pw?=F
z#Z|lat*qmHzqYt}uSQn=fH=2LcoysPm&`N=-|GDkNREd}iq+5d>vmJNj9;N}7((92
zru0s2wmWLz3e5tG@SxWDgsIPKYw1^{@LsWg%|9=ZOBe3wAXb<d#s+@90Mm1>spV1I
z8rG;HXZy{D*C!vi!%fV+HOeB<ZH_Pyu1Tv<AV2`H-U=uiGq@?jNY)q)Lv)nn?1)}>
z)ASj5&}=T&-IAXNBUz!>73tOVC)MW5q9liB;?}a8K=jydia~GKwLkbAzl7$OoJaS1
zpt)`>NJW<^WUaSf$y9#<11jD%PP28+g-9$mX<LIto2Y8hA5W`~9Ohr<w?CiJf?aFf
z*~Ing9UOkzyPpe$%t}!*0(TF#we){u8JV4vT#*?++2WmDpH|;rACSPl^hk>rO+4(>
zX!hppGk}^hKP#o|qVuifLUI1BjKj^%x29TODjXXqg9c7oTKbGc5!<lB)yLLWc4kfr
z-l-cw$9_2Vo2AC>L{op{lxWxMN-2EZz&v9`7V7kWk(1tS6!L~Jf)pxl^KwK~DF?dN
zO`LYXTvQ@|^3k#Ut2DQ6#A_>9TAAj&eXWrnyIM2Coiva8Uyy<rm8!m|EoI`igPl4X
zu=X*sa5L|QqK`+L6Xd)xV54|eIBf$I>-^j%<ULyb9C-@ANRuu+T(x(E^}0cuDBA|Q
z8^i@GwydPc&>A#iVKV{lsN~L@Zms@h^Ojkn!44+Fz$pyHJLY1sE<N1%g#)GV3KOl=
zY^MM0B_5f7xWO{Cv$$!q6s~R&ZrIwYxYnw_8c3RqvGS@7b>%8XU`>0Q5YUdSWuZTK
zp3<l{yNIiArMl)cAJ}ir87LL|(RIF(hDM>YwE#j^=D1TMR!A}9Wj86x3VL3(tI?~u
zML2G%RF=#yVRY@z_e7kJO65R68rHk~5wT*6dIl1)z&EMfqv$zlbd1o`tbe3oj+Q1<
z|NJ<%uwn$58JiTB5`??XY!ik<sRBljvIJO1&2U3ECN8e3d~;WKYqB7dxh!gT(z<+#
z-CmyC$%1;*_$9F2!kHAnn80dVVJZxCOANRYx;|fywnUJN=?i*woZbH2StvGHU(<N}
zMy=m1q(u77DtJXJsh9o|k+!2ag}Y53x~oyx-Txo#>OEkl*Wc7h^xozFBpzrfg~KTh
z={NA$WU0cw-deqv-%Z)rYWsg8e?v}3lxtT5hjde0j)1)0EX(83ZsdC4RX6_p8kt|K
ztucEm-4aQ=J8sqmawf_%#0}x3z`6f-zI*%sMR@1b00tZrv_-?a{@-yYSweRmEDY)*
zaY=70%%oJ;&p=p912+Rs?9f`flGj`4S(lkelBVbUB(64t_IAaTYe&chF9{Mt^7=F&
za8I`^F}IUD<@PS_^w4(xF#qR@{-+|arHbe<J+d`4b@sWP^k+8g+r6(y0$gbQvP2m+
zW`1*sz1a+Qp1?@pg;jesxpMyY>sGP1+fdbBKLT7T_Rp(34`NjDyjnQ?%D(1(wWL2u
zJ|wBxe~`61MY%eao}NCk;4`3_xx(|SNEvo-bI2N%6vki6umR27X2~Bik+Z!D9#nXb
z^v;Yb9W$&2FT?LXIJ~+0nBi%Wk9+RyhpFN#N#EEGaTX1zI{Imye2%*cTCJGdgk&e^
z@s8G;*ZAId9cu6bLUUakNU7m+mCh3d${&^@Sq{#Rx~;p}jm}PIM7tV~j<yLYQ^O4W
zIBeoTv}paPBDrU);c}<jl$(oL1x`9NUhR3(b(K38b1AS&qx-?FC2D_<&}cu}44;`d
z!`b0|YUF9hSVgL>0AG|qtbfL3JFhqgC5}+D+2PdPl6%d!9vQSz;xSr{)J>~~dP_wI
z+=d1X<TgtAN`VFbVl;GR`#0G3dihI6ypbU^+H$_^cnJz3>cpbk@(Stv{Z4ZF@(N&z
za;h;4aCXJJAh6d;owP-=U#mUYu)U$tV}Ah6onmKsHes<EiVUk-?*v{S($U%q<#@;L
zC+D?;1Scs}JVC1kKpX<VNZW0-0AE`Wbig%s1C-D&cCW>I{4MP45A_{MuDwPIxBibF
zE=Id7xB$N?MV@{VMLwu9Q@^9osn_L+W%kP|b*<PBeA?liyF#X-{7`Ec%Nq#1qYnAK
zHfx2^xG$&~Tw_8Xx3)0z{aTjX;f4!UZ31oKr!MXX`NVd0tW2xD5@cm;cYsR<@;j-l
zyZYn!Ys9}D%-<vB7Ec_st~kDVHl6GIRtdbHKL~qt&$2O%2L2&+I^J9f!sAJG?%4z)
zn|R`a<R<WqT3xQ+2X`EIU{S`KebPM#_QTdNmpD^;wabI5y%doZkh=Xy<k0EZUXT0J
zbQ6=ZCc_YGceTDXOe*%fY}H7Q_{C$>!7Ev1+Z6={NU~fZi9JQE&`mKEm<kI;fzC%)
zAk<-@O<^>udwbe^8<4$)p<(b=n*iP{0~gCz$mcKqRXeIMJ-}@J$?G$403Mt3L^mfH
zHxer@)ycj1FVNs206taqeuqtcaXWr{Ey|wZ(XZD7u`|&Dy@?lEfXiH_$~hGbQ*&^A
z>yZX1YT(|`KA{h)t*VnQD$GE=f7tOb3oinqjtC;tCUErFIlFiHhyV=WD7mb#H*FQd
z47^^R`{wIWFcF>Ak-?8G+N{ZBtyM3=cz)l%8LT?keq8|J&hLn@#}*=dLEoCb$fR!#
zBYTHqPm3>^%mnal6IZe}iThzv0G0BM1y?sZTe$O$mh~)dM;+r${HAUQuA@>y^Gsf6
zetrk9XUMCsHRK%d9BYG_3-5qWrSa1aABNe}2kUaKP5TM|tz&Ks%y%*#;%=}SHaviO
z4-s`rUH8>#f(}Qu51X<hhNxYzU!g_{O40%2V~y-_Yo!`E_NZ>or1f>;ThGy9Z|}P>
zYblid#AGV0n<DmRx}`;#886=wKC&AP+Y6>o)e}hI55wq!CF#{3?DBDPF+fdyC8owF
z+HkJ--1kj@aG091t0v7ZE)o0fsoTfyh`Kauco=J+P8o24*lnW#riX7d?K5|~{1;KV
zvlbfG_tBkak0?@3v4tLhrZP2hsH0!tWgIbl+CDtLj0o2-mR<}oLT_IZ$b8?;6sS-O
zO`s~L*r#@qeuL``99y%|+Vo#-#jJHp7R&pLqQ~&IgBD6f>mQwh%WkrM=XCykl{mAl
zg28pSu;o!LdLIPLX||#vF1=LSekiFVjTcpGHuDne5P0Q8f$N-yAH9Oa2zX+l-gMjh
zCf|$Ezj?|H4t9+nKCRO0*N5O|VB_fha>1sld<~;YzydLEcf{{;%4QqItJZ0#ORJ#Q
zQJuHcnpX}&Q|u8-rFq=By}x&Jljs9(ipyRLk4)R@v3-N2pfcbMI&ol_obi%CXX-pq
z;idJuxd~;Kis-Kj9sHR`4JfNLhM0Hi+g*_N`dQ?fKu4y)b>H*@Ip4Sb+7u$~nB*<V
zPK-QmlyJaY9>G7Nr;XiN29JG-dJpsu8PAy?z0crIkLN?zmC1}*De#@flX46dMJfSC
zko=ES5dof({2c0^dbYXJ>*P3+74IM2(VbKEdOYJ8=^_}bj>G!=6k>&b!Rzj-1753d
zf*}tc=tc%Vc7Oow`8SqU%8C{dz>Kk!LqD3EZ{=00rSmV9wXtMXKAQrt0iIA>wH{b1
zHZ-Q+H6Ju_#epXzww)+k@3+_WQkO1wD8{1eeiqjTQoYXW*>l!xb{qW0@?X2Yjl07I
zULe~UCrMqb+K$eWBEa!n4ZCv(ct{*bk6H(Q+QIeO+B@h+>T=7}l}Yv>rk38huxd+n
zP;b}B-cGvL&v$|eVdgb<8qZA5mEp98QS`-hZ8&?4whnY{CF*6Zan^!kAsBDJ3V85W
z3ClmcXttlN!>y6n^vifOG3+wwnwlO`Gd5sT-x`9TX|x!C{*4fn-kXn(N^x2&S*I<<
z`g3Ly>(Xst?Z+58iieKM<4%Wn1%hjP|3bXJ_iawYq-WX$n;F)TALMSVU~<D!Gj1Gm
zuN_>OogI&*8%kw~fkxKy7$Q0TP7KJ%8TeMFHZ1EgO?o<pJj#a;)%DX-&zO@Tl7pJd
za)CjX81l1S!1K_!9t;_2V;8wh+(-7XVFwtq3mY|Zo1O;Dnch`!j91#i`gr``J)~@#
z94w6_XI7F;e+tG3fsA9vkbemw4(@Q9xNovFXXZ^4XWid?h%N-Nek8jISvS)1r57M%
zNr{w}+6JunrjA`!v~HsT<o)UwR`bi2u>Ja~%JW(JuuXb#(JNcfp(wa&i=4gt(V1d4
zPWd4@ou0#X@_My^G~c7{0Nl`r?8ycApO>6Ml(OVQrePmj1#*94gn+q<bFs{_-f6cj
zD|}E%?JeGG*;_m3CA)%p57oG}-vrk$jJ4s?iNp3WV2t!-IoBq!=*@<^7#Y5r=%7=7
zz6pA58fDF&ZcnjrijF+)%ba|yZ&_W&<c!x34vtlgUDtb{Xc%x-h53(WURr2qta1F&
z326(K$+=T1=?y=F&d1O(m-Xfg)4Lk~7`j#~x_;h5te-2kMr#i_5<gih&zdr_AL+St
zwUdHHKR-=LV`#CA1zks3o^RAZt~h^+)@^QhH|AbgNq<_!l&3l6hozjN+$!4zVHBTx
zXdoVs0bi#cV}aUvBVQt2t*tkw1-k|Ib@=U_DrIkdp-2QSBl=_XgVtHLnfQU50E6SM
z{6`6TR+54TM5(;mzsdw$+%%p$^Ou7W!|vNCOW(uHb5?8POe>hWF~#tJ=VuRUBua;g
zsTE$G%2hDbzCkhs0KE&XjeL<3!kAe`;&#bov?2!7iQP)vBvFrQJYqLovQ`%MQ-0ZH
z0=!vUY_y^Ziu<8{59F?d7<>P{MHDU=G+L%|mCR)V1rOdRkUI=VROx-Ax>Xam$droM
zS@b4u5+r%9cK@NY0%1<r>zPM`W^c3|qC~pO1H79^UneSii7d3~#t>-or)s>2zt38b
zaWxa8bmfLQSXrNeXM`;ah~2pincw_CzuDyj=5-on7+i`}?ejPFgn5OpwfYMy0OzCo
zyMf_L<nFqBl-2)@9td$Mn*X+`QnUj;7`uDWe}uD5ynh&v<+bhiJT^yGrmbr1oBpBS
z1HD&rK_B&7Ei?b5TuPHum+$YCv*@kw>XaMnZ3LXGd!!RYTC(^7M#87~(pIx<YI^(@
z{wx*5GD`Noy%Xj%=3<3~%e+*AgkDUi^Cs=nQJY>`Xt_WUdBnPYM8ozxN41#dm5br`
zmYr%3^npHyb?}>g0s#66|9SJ{7Y}riEbhUoy7pNE)`m6wX-&JA^aHHo(&EVsaFX1;
zMt~%J6%~k&AP0eY4oYfzqn@7hO35mHG{|`#XdgDR7=L-k4Sa37d?Zi+|3av|E?hDI
zf21_=>=$OwEfDhSAHW+^zmd2<v~3^d``1UMl1_<N&Zy_vasu3*D}e3$pBR!J+3G5x
z@|oimw4-Hr0H@cVPE1CU-WDk)H&REvN(e5Wn2fmm60}FaSi!VWTnDWAaF5A<t`>-1
z0`hmFNNG{oD^!CvT?4fPx`~%`K)wdZyigDPdGuon(K9O(8UEu#dW>5;C`vvLI?+B&
z7u$Y6lmL76^t-iU;`~VWHrtV`dGm}0Q_*fKXDxvb|M{zl0ZuPeEc!RERa9ZC#QMNV
z>IjR{Sh!&^lIHoRP)*MjgK4Tug9I4yhHZ?kl;ATn_jV$eH$crH+|39jM2yj+yjb+R
z8_PG?IjYM&)Pnq1lVv)KSia?hDS@?#YHhKrE*O7%r28etOzda_V{fP~Xve6WJ57wb
z(@4Oq*Cp+-tBC|*s=ly9fUd=1*;REI;(R_z#Zg?O_#ZkQ#D00-!U~rPNGrv5ratRO
zy*9r<fL3_An2Y(c&TXN+<|prhDC;7wqbz>Y72NmmqjS(~#X>c0t+?96SuJmz=@kkM
z>vx1@;8Ud#YXHAFBaMt}(cUW}6+SKOj6Ifs1lA$05=qP45f<fZ<*YtMgj0^#n9Y0C
z^sLDx^2B&P^0mzwIC>&Q^tJ0}fG|P@!5ZKng2~J}>TnYa?qP#E=?KAvd-ZOVn$ChQ
zKgPBe_QO*@2hrdD(m-=d5eM|Cm8tq0ZCSE3%nN5>K<I^wme@*KNXbV*V1~OHrRgSG
z4$})~zr<K@#~|dqVHC&K9H^7P*Dk=guVK^=Mk6tIu`XvY;H*+W8R$p8nZ8TV;eElE
z#h75r6bKqzj5$7Beq!inU>~yCvxS<aI(G{KdJO@)wWA;dz}juKb`BVT=%+(nqv}D9
z_h&#svHsqW6>jdgdtWkGWxJmg%Kf%%G@!4Kbcgx<Mjk*4*YJ}|ZIp2%_9IJ@5e;Sf
zaU!<I$UtveE37^9UZZpHWaO+B^t^Aer2mC#6hB-9wtWVcn-cG{3Vu*vPWMS!$9IA`
zF{On0&O!ViT?F)`4~>3<&Z!QhKEV>4PaQUJ`d*-OZ#aPD`x?lZok^WF>LWDczMKKB
z!4fC709&a$p&4rx06sevt{f_}SOdzcD-xclApJi+*sfH%Tp(IR5AS`!<{uQ};u~%3
zKOGd^2myc76MXphO8UwN7^xGcgg0U_iCKl*BO^L1KdCj0+~?vD!|4`a$2k+ap%Svk
z7JV{|YSrRbH+916G1}GwKlN{$5jb%x$~z4omOYpp0mf?d5c(O|Y7mTGE$~1JcW5Yc
z$DzPci;$^3WS{X8S#Wv4L^90|p+mzjQ*mT;(`jP;l74!zPc2>|20d2~>c>v|Ry=BJ
z;UFIHqJ?#x0g=0g$(=h;;e@z)#&~jnCy1@u4>H%LP<S*XFD?1}T$Z@3J}jC%9L^XH
zd6%nh(zks7C+gEsf=~=2z-e;}ZE$K{Af=*)plnG2c-J}z&y$KU&he5*)+C-RUWq(;
z)K%VL1?MC?1fl-z)Ww>cSaFJBLwH)LXv>ZFaBE}}HaZ?lj9=6bP_w+mqt2XEfd0cv
zm#d=f1T*qvXBe+)8!}q<CKI?&Cx{M-;jx`O4w(|@X?*3LrUc1d=hH{J;hbm87j3sw
ze)ae2o2i`DqfHy5;IE=|tI`A9RESm3)ka7oEx^42+_&O~sVWL2!S8;+ykBIelbgUt
z(4<I4sJ_j7sh!pU1OnlY@U+gG)EzOFv&Rkz<ji*>Ymsn`gOb>0IqkZp&h;=;&R$1X
z=J)RcLw_ubpgl&@EjT=*frvXr?CpUb3dLqPZ@k62?13)i9+ID{Kzl;*wD-i+4G`zN
z0Rj652I=pgqp2zfLX%VOz$I*5M3fpRcMC+!acX<93&jSm6LZPU?d6y5$g;jQkZ3nc
zJYMcIq?d(Xho)tXuchp5*nkbMsh8Ck=*B!Ej{Mha)amG<9h6&Iy4|byFLc45YT(jy
zqf=+4im|jrPKjjkUm~T9KE$tljs$F|b3S?q%Xk*D*c%;lb-<cBHNa`Yfjf3a#6`s}
zuFJXrm)JUwj1x%2t8VFtDOS%#+0-%+-La=fQ2Z&|L0v2{dIq-Zd##%Te3OFLZbPiA
zjaw{O{_9>{pHq`?y+QV(F1_9^JecL6T!HWX{8BL?N$569;B-Wtz!f-+cbK?uKd9No
zZNP%x+00I8>-{MP+xu4>n|~CHIncs^dtk9<xoU>s*gE7qK#ZMYvX<#k_%%B7<PK!r
zQl02nv3}At{kou|dZ(ol{nfdw5za9G;D#t7dj5+CR&=p+kbuBBO2AlXqy4a{v4Z{5
ztWqLV`wWw7KA1){w>Zz)`4SDibdnYP>RklOch$9a02_GXuJR=??5RM>JavvudkeZa
zkdC}1@%;RG`^>6nB@*Z2YjsOgGr^U@A(981epuw%6x+5JxCPwi7}N`Utj5D=2{W{#
zvtQommL|Y}-wwd$-*)l&-^(LQE!$QT5T`KC?tfyFoOz}bny8@l-Bv&mRe>yz;UyU7
zyKfPfdDm>NvSEXS$0`KI|3b{Gl|a}bNoBJ3V2rbWs5WrBW#>Y}a4uigWam}%WK(RB
z7JBts@rXf8JZsSHo{Bf|%3$E`-vR^^uib@w@4jS%w5yM-(__TL+wX7~yT^18OrNLS
zSW&v1A?-&NFuyq;z#R9$8her1jWqUEqCNAB02-ZnwvO$N_Qb&Kc$3#_^H91foOE!|
zww%(7p`aJF5?Q%a&3_au_sHB-OMg2^%yh$Wr!qpfemU}R1!8_RWK0czpmhHX)SH0N
z+haP(!`6n2wA-%`X|@W}1^jBDbTufcE)mwWCl;RrC0NwKOknbIjdST+*wcz?)*d!&
zD>kwTCPh!v&+o;55)QhT4(i4s=WD?mDMS+Gj}qXu03DG+H1%)<(CyieNP0~-q5F@p
z04uM3odWr$Ru?ks1k1XrkQJ<d9isbi))ac72TP?EghC_c?Xv=(2Hl<`A)kR3CaoLf
z1a%Q*zUQ#0c~e-yt440uFg(l_y#H${+Pyze?SG~lS+KMK^2YD#^^4?kS7VVYp4F2=
zZ+wopk~$W9l-wZWQ@%^$a_{0D<rZK}6oH25F5Ux90d>Gf2_6uJ3`B_q!DgkHlT;+9
zFu(0`DYSuat>A1Gzj~!bdtBK~x}vEDL?9$4OzXF??>Er$FP4fKF0O~G=MNI*0~-FO
zfAj-#c7^iIBZD+d!M&=7og$(|JGmG|Ts}UgM1iCok$YIQ`q*C=8~L&_4>{*$8-5`T
zN`XEDX%3l%^}g47Dx)%u3YwC`Rm^e7yAP&l436|U-G(qnO*7jiMB3qBlOP`(Z&oQ>
z^p*(!ZjU=vKkB8*_d#bi^~X@cyR=#5n`@)kuNz#4ShTTy5^<2;0A+yi9{vOUg@8X^
zAjJhb-u)i1V8R{&o531&d;39H8ulDxtz5nBpQ!!Rd3x55w<-i~h>i~CK8iEVq`&!s
zmf<VrPP#Tg)N$P1pG}?)3H{p<zdLW1TBA>@oWpJ4c{&IrTHODMw{<Aa1Sgr%ISm9_
z3<)>w??lC3lE2B-LweJ*_iePt{nQ^x!`O~`e}h>MPbRAuOkVFc1yU(rshL4mp7Z7b
zz4rZhBU%6OH@VTCB$ES~Sn-R$@j?e-&aDdfZXCb6wT*=?-rG$b{sfy5WQFEbF!nxv
zL6U=y6z3epf8FYdan8HqkM5{>jMlrlRagqes+uvToeBk_@G^8xtAn<w!AXj&W)olk
zAW>6xDkS)WhL=dh9MUl8=|8_ggMWk%FRuiBv(-Vj<2JiAzL02D;U80MvD*X|L-@xc
zWNWrc`K*+XMo@U~)s&t|0j|L|XR+WLB6=+gwyP<-qs61ehYfT30Z22=;F>DTlm_X~
z2hcL&b^yo6ccvWNUQFZ$X>PVoA2svA@E>#4r?yIey71E)_q>BL27iB`_kn~<b*kx4
z2fFZe;7jEFc4Gks<X#%2xkc@+<ian4Fq!WGGBl)1B~$oU%Lr<4uH3_XSQoU^mK8>~
z#nrR?HXQ1(24pH_>+DwmcZM`YorQ>~ek<F8*9w*z80QvSv6E~VxM$UwBT+=JSCP_u
z7eAaHI#L2N{0@9nQ8{k&YOTJ-dBDfCF$<9O+YJ+2@L%`4pN~ZM?7B#AqUQv>%prj1
zV(adG_e(rR>=F=)xd!(MyHhGZWm8*iH0BN@cl6h_!2D$e@KXDEIqO9~fNOJfw8vY>
zVzr3;X+)0Kq-a&EOP^(wTnR?FEMFzDp~oKf$YW=5K<UCcv^U8}cAZ;0<wTPm@H@e-
zoJu40cA0w%%@bD65ipyu&<8i`fRLE)jCFwSg_zHkBRcyP{L&q!JJP=F0dX+%EnIc3
z@rs!`RmE1=r!SjzRj;2n?~YQoed2UOz^5*8wJ5kBq+aN?hO~Z6a_8W*jqY{Q0|I6#
zA=cUNT$Ff#@$xWK_TlC%%Cmo5?g7^EBm{QOT59u*YOsK^xD4w0G{S-_+lai|SC<JA
zpl2L+{*)MVa|XNeSDhg1(}X~I?A#NI{)Gn(IMc@NWm#CXQ*Gi{gAd;W`~V>%D_x|3
zSJ=itEHsb)`p&HjFn9DT%)8=-(Y&{gr$X=qnu<+SUVV)g{!|H!CBj9ufoPWJiF&#3
z*0M}N2jI1=PSRb6u=#T5Z>{?m77?;(6Sth`=c$h<=%vdhZ7e9~?GYqY%rRPn*FM_&
z<DfolrAxbV(FL_B>7#w_&#zHQ!`CCPuWxj_mMWA0Y@t@Kdz|}-*uZsAuSxD6<Yc14
zd4aNBAvi$U00~D7gNsi017~JjJCKaT6}%ioHvRc-kl>@Mm#LgxIkghPCwYmRQ`P!U
z2PX??mtMR=vTqNpQ!!4qQ<?oSBE0Mrygn&Zf1}aWI`54F^jo)Rp-U(2?O!SE<r7%d
zD{NxfF(lu+ln4(z)K0?(bpcTp{CWv3Y~Cp)6?jG-?g-awOKK@p%RU1~o8OKtWx7-F
zZ8gLOfZZ<${YM$-lD2*+l5<U-(DdR361gnZvi`;IJrF#8M6GzrRQDF<{_4vKI3@eS
zY2;ISsnU7H4u=}<yWT|g(UrmDQF)~E&t1)E_RY_LLk@4!=j{2grXPq4)y*t@NAM3R
zuwjyhH70NKJ9tC(EMg7DdX5CJ`^lmiv!Gv{;Is&vS#-(Z*Wu`s<~)m*Xai2YpJJsn
z9gt*^xk+H4&Sp7rNMoKJ<v{SSC+j`~ZX@-8=yV39!Ra`>K6t=LExXPaBo#f<FKeSs
zauz-24H$xr2_h)+8_Uj5EXw0agi6A47c2+5Rug#_>ndO`W}K0t|44-|Zt_&nemx7(
zkl}n+LZ5ffy>!|}%)9ZLim@pz5BRe@5&>Q#)K1#T-alnZ%P0+%CtC;7lE^64{15?)
zIFYFi@;#|R^j}F!QRiW&OVkUxFVZ7cXM&fUT`Px8!#kK8we<DG*sd4Ic`18(-BR3n
z`bp%eLzZ|Vg~)tcL#V1EvD6)3F$L;v_iWbn=xTxb(mi?OTr9~o|2@lgsS<27)Uj5&
zra@l4=bMv8?|Nt9p!X7pt=WCH#=aTkx!=wULnCDgaZr>|z&H^5X^>k?q{3qrQdP)X
z2Li{bDF<~6;xj0X@e{N_{v+Jy6)JKb)c>ZlfUOS7{!_?=NMs#+?Jv~ZMx3?kl1|i9
zd)Tb@fo~Dfuyzxsm`w5s>zW6QWjlIS!IPdCBE-I3<*62Y>b^?K#unUbT?>|Ttppl7
zQBNVB)mZ)ZFG{x9;-dHWP%28V=p(@x@#NDX3!(Ti%d#M^u>!*9r}*KJd5fn)A{>G*
z4ietjv?1L78aWhg<tNr!$H~L@gMi|X62`XU5jxIATe;?^!geZGz|j9y=X5xHuT3yk
z&RD8qP;KSI(&ZF$1TH%+hCZZN#-&N`>MJSxD<M&NC)Thf4x+8S!m`gb)<j;4Ca@kz
zD6-KgZ{Ts$_Ze~f4g_u>(bW8w#XiuCPgYLm6JotMF2y|5d<66u?Lf3+<kBrs@BSuN
z)QMzGuo2^?&v#%#ApyNcvOZvm-KUnKbJl*adyy`^W>vkcKYcDMWVS^w^|UxgUhcun
z4e)Fue&H)Ml3Sp)a=B}hz<2>;_`gUpfA2wZK0t{A-$3lm4F5Q2=EOiy8{db{KlM+d
z8znS~%0<1SRmG^XQC#E<mrmudpu(kS>6=G{^!a=w8y!%)_09hP&6KblQgq6xcf?$+
zPK#vEF$EMmFg}|Z;2KlM2)VR~6}<SyI2+BSmetEl?^d(A_YWzVy!&LT2;O>xX9c=`
zczZ|Se*eFku`G!-+-(sg3^I($pY#$-+<s_tV#uYPd{6Q$KE}~TP_jzvlpFq7A!mYA
zkuu@UC8i)@xZQh~O$QC`<zKl6XxBjV^!{NVl<J!BUEY9_vb(O$iR=E!>P<#^S}GEl
zsdNuG{%kS36PvXsHRX2VU4z?mcFVP$`Q735+}m-OvN~+Ap-79k_;)Jl&`dqST!s34
z20}B{KzL~jsOzR2hIrq$uqD?mKuii9K<0n62ia=Y(vkc;)Z{f}n3{|TH(F^wr8wt6
z$q^w|#TaEbDr-$Q(oc*>7reLleOyIGPQIRFaz0PRXSVZRD}Y=9Ix9);^%~)>R?~K2
z!mhvq{f879RkxPq`by3&X#<uC356BU?@(iB)#$8MqCnU#Y0UGPL*%%;R!VyA+Gr|>
zDl@jQFX);#8a%*$WZ<?t+Y=iG&FX(-O-(Bl(>6Trrsy^rMvY5P6~QYNqN-l~v9}f=
z*|P;O4bo;ifbcq}rvngcQ$OS+T39g*LcTQ=tn;zULOH?`#q@2g^4OXR;Qj;r{ikYV
zK?QA63!J<pfOYnY*zdKgZuBo2r?Gi*=~tsJVbbyLFVNJ6J7oG>3k7%c3-pmDNi-Y@
zVSy(spy@T4;c?Il%US+mN2DI3N~n-Gb%=Fos6qJHC^>ncwYSUQ(`lbxtiVDtsbruk
zJF$W>pvUkVsD=jV>Rz!BM`sjKdD|`Zt!-2)owDHr<dpL#3dZ&&qXphO`(LA_4hT5=
zwN1j_cBsB7<j)rU4mTy+thG?Mk0YCr9N9aoaM))+t$2NDj{qvaKFDyH*g#Oeo(dC3
zUrjX<p<F7!qrD<a_l9&u2SKb_m<iy|4TMmyFRlYPZ{e_23gIB`D{e*>y8}LvgG20&
zjY*76tBD=XbI(CF_0u5g>(eq!|4PMR);Q={Jtff29fQ9~S@fPUmxi3si&it(<*5ID
z#x?B8LSo$HTgmbSQ9-sl5_-Q@6t*Jron>>%F3kB-C4IcOI`D#3!MU1%1?2s5SC??T
z4!8sbVL*|<K{-&2PqYBVK5znlm5!CqvT{;b_ip#Ay}M#Wqv3vJOE<W7-yqTVMh?Gx
zCt5$NK+RJ*C<Y%DPaAUGU}zU?CilJBesp|QrafqHC-5N;JWkBhp_(a%^2tiUT`Z9D
zRKu@qgTwuXATH#rrfh$Xh_KWb3YR_{B*HDAAq)!lO;T37l{j~@sZKwb&<vWMl|=bK
z?t9siA8RZlf4Ga^=o1|puo}>Oh1mBVR<kUSo+HVVC$Q>OkqcgL75ljtI_O&$7{w#_
zuT-P2942N|+F8w|Na->;t1K=I0nWIwRJ`w19)&h0xvNAT%AJ=YpUER!6?vf02>L;P
z3*`XF*ez90pUZUT3x6`=b1<8@tP(ua2j?b)Hcu*w#72up5O^;R4Vx{hdust<ICk4P
zC}<NaaL+rorD~!E2%yYrVP9p~L@BoOgBFoZ`j%iKG49k%%E3V&Y@&l^1N-e_9PivQ
zL`ZxDJPg-`Tq(cISJUq57O8<}7Y%-6!1p%GwhH7-j59J|v2upny-wuOYH_QW^X2;?
z6z>Wkifweeuv1X*SdI!V<?J)F^>RYG)`m~mUJH3a5s<MesEd9R>=KYsZk)2T4-w^j
ziwXaf!#uH>I}TZQ7e^Nd0?!e7<YGe;8?eI(U>!G;S_+S=N07bjI$j`cn-M%Ipv^@3
z1WqmVw=g%(9)b^l3#T_YErQ6PM2YLghxA9fZt83!eKNch^}0zn-^Ha!3$XI8&IW#K
z@Uh{;!K0_q#s7r4M{8hRvg^0ULFjw&XcO%`2)fRedk)|fG$a(8tMxgH1)d_j#boKj
z>I6!8JNPli8T&%8K%ZKSmcjs*T7b>ILj5OGi?ATOPSy^@|IHOm<@5kwV+X{-xH_j&
zEE-Ooj)hv6qa$mbLkEm3D4K8?(p~5yrYaIfO(UdyhdNMagP*hU_P3(i{#{C*8u@*i
z?n;R6CFbS8RtyqLEoPf;yu#U6yH4PgZ3`A*qT5$!t`gno2Y7xvI3Vg86<z|(__j;@
zsvo4hBUwzYcXu9<K4GJN;OZ?hu%)FwX)BtP6m^cS4?E3(D$?gaQo=L&ycFxcLmyf(
zXWI92=N4eW1jssmkeEjQPRuwg!To}fC-W>8CztnZda8ZM+PKXq_FGf<!+YB(rVj+b
zpMh?GXxasN-H=N+?r8ypHxvrM6I_14O6khdyGn4T0WBnB8X0fo5d)?Q#&ttu6r2KI
zd<eWF6-u!LgtR&rsT7r&E;bPBbZGWRF+aY`y#baUMO5+d29;;)cMX<;v=8cOoNqFy
za|7vTmdk<MTYfa*2Rq@yXt4U1&0MCMwT=#ciZj#UuV#57+Cm`=ElScbfF3L&=Yqp#
z798_Cq|OQ-D!^ZMaaW6Yk%-WQhjww;!J`H8C^c=KfHArgKvz^yZoN>s+z8C_u#V_Q
z{N73E2Vn<7T~qHdMh=8Py^a)uucp}I+?|&p)*>aO$D&(_u=h(;0=40g2>{>0?5GnC
zXNzfVlF>m2kKduL$A+~_r&poAU1FdZDd1TJVLBe}5ZGwrGmtTe9^IT8<GjiT60=zD
z;=o^jYXRJP=)9*6Hp;`Crw)TND>F>OQF5x+=`_ZO<P#Y1>LtRF5o8|P8dlsd0l5Bk
z1=dW%eHJ%drl524ltLq!TV)6dCm&24TV27juy2?hfalmCoG{65uW>`Iz51hpCZQ4#
zPTcfHg*ja*CGb>D9qo825fydLE*ws;#bt9b=ko&oK1>(|k6kD2r)}6QyBlJS+@MNh
zZJR(5@MO#7tdS!ozDBygOCswR_z3~$B9Z*Xta9c(jjQPsVPxQi%cYEQf%Q_#N3xba
zgxGj*kSaN@$OxzU$OUYe@(bf@i<9Am?`*xAa2sF2Cfe8*&MfgrJquX1@_?m^hU;8z
zuW3yKSYttg%0lo?GX)<_264MLl%SJ9et8=p{GPB()X4KS{lZ}Zu4nDjfzuWpd{hNr
zRx!X6_P!ONg*JMg`vSMaHoxa+^bEBs@-A_(uhvj+3#LwbPb4ujG1;Y8lFF-I9HOaH
z3nc>22Xx=toEM<OWaj5c(a6g-!X6?fJUA)DDl4;&7%L<^TPQZxH5Ep=t-!)LGyNuG
z1X;<)$LaR;2%QUSIF`g&tiNta0flfy)LkRA&@eAE#(Kb)u1YIWOelc8fA0}2_?Q84
zm4Rxn8#a2k)<T;s<~F$lH=ZMXg|AX{xj_m6mSLMvfYWz?<pJ;4x8bsfWEO6dbrT&3
zYuqR)kGhL@d8~%v$Y(^R3F%bknNc=~DV3{;s^fX|Ga$b*El>cIODz`Z@JOuJvSFjG
z;<!;v`^mU&p*WxOnzXf6Kzs#YuiI@D14H$!5{4;-mDa#@O!u~75#Xt~az9r}(OtbE
z#87eJD`lbwa=eau2Z~ybkm&>ohwvurHFfPYBgJih00W884ad9@)tCt^ca9j(Q87r*
zch`2{hm1P;Ld_h@5vi=w?gv&OUy1d)>=Hh`2}&UtTC|kdte_3xcDzI2Y{7G0>Q%!d
zktLJg5|jGy-yC6_i!`=?eIdzj{<2KIj4bdo?+qWYR-NUms_*4R^0%K*D}R89*+wGK
z2D;n<YVmeEsU^B}F=w=#3XPC6`Y9&AH%N;UXHdfO@)ZXoS<i9Yi-DXaC>qE?UuxGc
zLl^49O3}g;c(cm=tR1<C&C>&Sb^Smj9h;&Rv;0`2YGA`Cc)hPyf87uOAJj8kv1xew
zJqi$3L+rF;P=fwc3rl|!%z8-z_%lk}O~}O*_8OBgn?@EKdZG{sGMrwd;nTBK{PHW#
z-Qa+p3@b9$iplU_2>v7Pg^>K<aAUkZ8eV3jvMx5!9}egf*j)kehyafe$P0#3udps$
zWVhRhrEN~rI<bRm1Wx1z()+5d{84>M=aAY_FkFs^QYaS5uc3xr2ccfFGzwU1ffI}#
zC)`<LZexNUaK)I3ar+UCJj<9tCyN^V^{kn>JyhK@{ZW*+r;DI6tuFln{;!;f;0j+y
z+_aE6^1o))6gAkhg|-dM#c`@UM8yrNM+O4<+Pl7zYL`d}`==x}UcwBLB8Y<w#RUG|
zz-r$p8XT>`hIAoT5C0xC!ysx>g?0f`-KjBLcZPtGB0RC8X$|DJXP?18`XypK0maTy
z)JKxfy`htWY38d^DovrJB5@AH>!RpH8yV5?v+CYgF#2g0x=B0}9_!HttTp&hfkvLB
z^0XBi<OG)}=I<=9&Rry7YFD_+CY50}&ZR;*01oPp!BrN0EVNL~qgs8Y8u3B_Dm&T_
z5W5@lB{fsD>jGF`OQG@PXxZT9FA+16??10r5_`;{OuEvL;*@a98a%!QzSysteT9~Z
z<mfu8kwSuf^jwSt_%`#h4G-VZ1lcEfs8~|ukp%C(UrP(?2WsXX#*|hiUA{1ZDe!Ql
zz|wPzb<_G$_@eE^h&BWH8W;$&`f0DD2u~J7LcBCoHm5&Va6H@Suu(~A4FpAV((LI=
zHAN^he@K7q5V==l8o?V1V8yXMt^S3;Vs*W7pCzbZRO?hu!!c%IizJ2O_rU~ukrlrq
zJGr#j8sfXXvp@8smQr!!^m{6AiplHvrzU!+Y&$ZcOyJa-K{@s;%?&~dH@Hi>xBU28
z30!^rV8}S;h&z}w$;D`?f<QHx4d0=9ZApbK>k!?7A-vth;tUKjHfg9-KuG8}>Tf`k
zmm+V8$_CAL1?|l7rK?2%Ff$qAD?44J?&TI&jAs^@SF6EKa&{2{K;O?mmiS75)xUZJ
z__NXoc0e&I`e5=l!5hV3*heJ=?*sYAo?kOcPLx|f-}(gC1kg9BNv?##$M1#18QEa=
z7}d1BII`*)nMw@38mbQqJmH{W0sEXsHo}#g0-RqV`4d<We#u738fGz54T2CAZ#<b`
zDPai603JFEnl!(gcH-0;N6EI|#q_2j%zIEb1;y_5S^a%~H;3t{C3^`9*FyY6W;5>+
z=#cKitoOcbYyO=C3td-sla+~ushkPZ6MpJ*i}T7B7C=0}FTgw&SHq}dY(-oUJQ7*#
zCg-2UX2m7FBTQL+qAf~s`Q$EEV{8Foz8Wg7_Zn-lzGN8!iq(k*^E(ST$0(}ES5qCO
zstjP5qfU-%jgg&H^NJHGPQo;3b}{O0rk}C9QyPwIfca`Vt%1@<tY@LCi1mqcG2P2H
z$zvPbs}Cb~i|Kc+(8ivyi%zzQ0nphS4c{9WoP*~_lGaf0tqo_>w0N8;PS3moiC4kg
z5d93j1b;0@U5$+JM5KlO!yClak7B<1p2$Fu3LcAWbP5Gg2|&<Ukzz&$xnlp7RLCj+
zxdI!#oG-k*Ljmvd^`m|{CW?JoF8oJ0l@_(u>Sv>y)D-Y744*Y6iXr3l<??8yV3AfY
zb*lyZ2?cG%IX(QfjWu)YX+^qqBg>G*w7ybI;!zH%1pSBC)VqG@W0l%yw?Wc?{A6H!
zmo!E$|6Qe|eZ)p-SV$XFz|*ogxUPpnF-5B>dMe!{`C=#`C{EAPw@~SYD$u2mh;d?h
zpx6Xf0Bj9}(jVaZOnRHsECRN=G+{~TLR|M8h2bX9!d`U&K{U?9bSrCwub8J#pqrrC
zut{IXhJC{zNbWJ{eo(-tFL59bbYF&qwEj9duLOmrYXDsj)jC25&xH~-o<>><c~q&D
z=sQ)67S<}s=m8t6po=TcU#s0G`c7MywU$Lxw=t=@e7RQ!^(bx}|HQ(w(BQE%8mM#(
z2&6(3gvGrJMfX|*Wo$xC_q!~R)rhLr6Wz^M9^F=^3y<!zbryQA{bO`u;mjZNfIF%~
zRciz5F6D<#QYeNKrw(m)R#3AlQs0aw!|3BrHaNQv5=jpX!&3+^SX!*0^QpN#;L@x+
z?l~uxCv2H5HpI>q^VK^enwx&>26mLNJ#PFi2CA0LZee?QvfynaE_IDAs$luu1OR&0
z8f;X}=FW?B#O{EC`W0-y;aWTmnohHjCdUprRm+{nW(YzC9`ZA32Q#P>Ev#qQ?B_{t
z%jK`n5{NEEbYP>QA_%0uW&t(uk=0`ODY&jOVM2lPCqu<w6HW|TH$5&k9x6g9VB@e9
z=izL+gQ}wbg#SZ<91YWvp={3}Yj7V(U8q;BJ%I$tipg+lA2BvfZ#gx8e~i^_HX%!4
zh8C3PE>lA#%rOsa`1p2cE7&)&L7cGzh~B)KV4Tw$m`|5T-M{Y{!i9TlnF4nEBb}T&
zNzQbkVximlWds8`9J&ynHRyU<f_I)G&Ru-t;LwEAx&pJqW{-udW_mH&E;1X})p?XI
zOTtaQpMe0#1in^W3<)05MsxMOXaK{C{U2d8P1$+9^GtI@3fyt@93L}DhD|~<e>iDt
z5OKWM$uHb10Un;k;wOmdhL=dt94A&5(gv=v3-7lB*K6bKGxO2VM;JIuY|YqUf{CW}
z#Dtx8f45h1O7T?{%}-E7r_MuH$jAH_5f%8sKI6NIQ;g-R8FD728Yd$rH})85<>Sd{
z^8hxo^;{g}6E?D&<D5bH4A{U`p9VqW9gg>|LEW4M?UcI(BRj#aa-o@X!rc)t(@kL3
zFgr|&&CVy&#p1PtD8RdpKvC5SpYN@B&VpUo#3^ddyoYSTY9m{ucODNW46C!$W>dLK
zRETjrY^>7=jyAO>areWJcg^)dDB@Y02pQQe0DKi#=%f*mz<?9=5p?a$J1CHY0Gxnd
z<m&nSA4QDty+s51SbR~td(ydxM#6OtWQgA+<t6#QKd)9$D7Pa3@&%AjT^`%d1hN);
zBBPg6sKbnm$zAdgo;8>|o1i|!W0Q=aYgh0!Gm>3E)KwKNwnDPyih%3S@wdm{#;`5`
z*T1uBpNKDf8q)2Y^Q{TL>m9lZ-r3ygKA9|>i7$;XR2`dbv%T`wR!pR*Q~|V!Y3VYL
zu(;O=+v|ckNE75#^qhhiH-XeQs+r5f61SBioacB45ij7~oBm)h3!rzjSomB-ted<(
z$|kuqsYgy0dY`W)T-X;ea{%GQ!IBCt3zY30a^kF#IV5m9^RcDIc%ed``${eQWz{Nd
z`gWdLem7OzIKC6uQZ|Suxi{^g-Nk>rH0XI>#awmH?oLB)*SVxVM{1NbJ)!wD<OC?1
zu27xd#P3c<okC`%d8@@!bWO;%LJ7Q>%vybbIQPZD3rh4JAeAhcgrg4IfPQSWh80lb
zUFS@&KVTE>qWvpL-4l1YA2ile&r(!A)PdimJn9hb)I-+rC|hvW%x)!L@Ic=t5*a9f
zl{9>0B%gii7}CYSDkc_#(JZ(j34-QTViUB~)Cx%R@Q^Bu;~<^m{vYLH-st7>ayI+k
zoqFdm%$t0Dp6UxRYn@nb1!`KQ$@h1YA|>g;|6%Q2pqjYaaN)TnnIsS<kZ==l5<rIt
zC>Sc@Z4weitUAF&Ma3&BqMrpt>#aH&ZZUWXh^Vx+LzFtkTSfU))G8>7Rw}62YPChG
zHu70NudQ0OXWQ>`&N}NqYyD@fv)3Y-OlI}~$-MjB&-*;jW}%Pt$lF6!;<GVvsgEra
zHhi5{lyS|*9JFVn(+S_4i|B?&X;Bm1pT*i20$9<4tRlkA8s;UX?67KEc9Jw*(rL$)
z?Fa$jK?Ea{X)tU_z?jvhftwJt2rs~CI*+}BggoSvt?&0in)k<&$zD57SVhKoHU#-r
zC6N`8<~9NaFcS%WQZNeaNTv_nK)i$<2UJ1~^!~m(n&Wi}aDFPdSVWG3&_GEpk|Zs3
zemj%**e=6#1bc_BtC4|U1s7L<(IT8NhA!Zq?Rv!d<DV3C+7-WdvJaPm&hy9WPZz`Y
zm^|M2ub%B=(g?en4rqm&+rkE@7{bx-fEC}Nb!s3FEDTmj_N=vK&`ulHQW7^Xc5lL-
zS<m;Vsvf1pon6pBckG4np)SO+f6!)FnQdN>!=Q(Bf!jT@KDZ;IW!KO&Ss@m9iOYmq
z{>I>?4KRiqa#JsudZa(0uVpfa%8cl5t*+o8q!|5qxM6A*fwrmwp3;X&W^CjWdivED
zSisBrwh31RY%5i!Xo*Ucr{vRg8EHe@F;<+WIEveP*FoIs2#CbLiaJFUWt_gK?Y9Ij
zu3sZE?*}^2vrSN50UdteE*q8PVupDf61rqYyQ=Tadlq?rA%?&1C>mB>GZ81|czvdj
zSr0idGM@(Urxl*MCQ3@j1%(mBR1vt-9}+|2&UuQq$|PzgE`uMjxWG0%u9@%;Zqu&o
zJd)_BYw?NY$85H0Xjih1um{o}`4e1&RMDpf(z{nXRNrv?P#N^mZAj;T5&G!M2C{#~
zX4=J$>KQMPeZy8Y$-bQ<gH&xz&=oIS9p}Sd(rz};b3?O~kk~iZxmSK(O`Km(?Y4ZM
zbTMYfBD{}$EM_!fm;|Y;gQ{QLXP;1n-6Q&p1ZkU`3?YO%F1Zdse>US)E0TKDBwx3z
zd$&Z<<)nT(4+sQ*6q(5rsTa|K6ufqYCzzA7-b!A3OF2T_Ao`*aw)=IeeYXANDbjq}
ztoQBR-HxR2&^=J?VR7OXlluH37B-Pr=1(TWW>!#THC5LvM3S%7?su1+e5@@hLd`^E
zseB%>H<!@m9YmNV<8r=Rezt)AE@1vM1G<dgQ5t0o&9OHFjkwqDi-%cc*<SwFrAZ>p
zXWAuFPv$+QbMmxyXziWxG`nn7TUx)Ir_Q}GZ}zYKa*IKlZ~(IbA%|ni27K4k{1yD+
z-uE4Fr<3i^!y>O;11QGHWCju1!welFT|@>)W&+}cY)U#t7WL3>S?PwLU`x=5!S#k<
z%&)7}Y^+<z(mh3L`OS;YXZPJv5i=b%dly@yTU0-H*+t(hrl-rDB!16>4;d^L`lMzW
zCST!3<ic}`K+;XmC;jOz4tjo<$RL8B(sAP^3)o=~!H+c&?DTirn1t&+s&h^hG~`sq
z&2$paJuv$_Z!jD5CL@}tyZp$l_UH8Ool~o<mgtAso3Z&*i$zN}SpY%61druv=6Tr0
zZAc#vAiHc3Bp0AJOj?2Z`%T&Y#Q1OmZIC|DuFw{R-cZKvD^JrBA#6AUN+6$ue}ME5
zKf)@_mZ!iA1rcJEJblGiwduY*aEUi36(ih?&A1>GBQubL9f*z~`cgP9L;lsEY~pnx
zx$|HbGkkHg=!6A^v7aB)0oN^Q9j4g(e?ndlTQM+)pJY)4o_Y^b^Ez;*^keH}Axh_F
zlXPnrs+sWfdK75vGIx2n?7``Kkcs(WL`G9Oes&Nb9o2CWKi<vwrB62-**ly`*pSAU
zmXVn-L}KRBY$e=WZX@zIe`Q)7BJq;`vcE!WDNQ?hBlIZ<k!TrjHX?8lejns!)7gi!
z4VsspIDk+j*Sf$IBbhf!gFLdEBpFQb{sTR}Zj2npN&WD+f#6(cC~05s0=KhD;+tgE
z)PQews1eQ<gD4*E<WfE0AhGBDQQ|s@9yf&PJ4Dk>B!<FR)M7B_5!0YI3&gf4A{guj
zLNUY$aXmB1LC;uXbV>sanGhs=(QOU%`q-Nx((H<ck!J+~TcVJOkIliuaz&q;e3yB`
zu8HWA);7A7E|P02fr$lf4tB%fLqjNw;hX~&nD--&*rBQdIe+}O_B4Q}`*lUN8>HHt
z52>TvUdb-*pfx1;rtBxxf=}W;LF!8!k_Y#B|NNQXem7q0UEny-kJVi_<k*8=?{^G*
z>l#yF8z0a2tKaL<cw#={;DxuDaZSa<%ASDYlkaa2yNy<od*x*lJnq4yJG%odr%UKh
z$<$SZ2vA%{6GMaOauE?Rg^`Ly-X2!wAmnT(jyuUy7spEI={_XW<dAukOOO!T_y~OM
zX>G}8M8?_V%}i_?AMnvtk7T`-I9P76*~WIXYKeDKDZdqe7h<@VFR942S8e7+A&AOY
zY>RX|z+jMRkoV8BjpIEI6^@4uc6yTgcMu0A8m0`|;DH=g`Zm*ZY!qTB$KeC5@Qb%t
zAoQ~p$clkDn|a<&<VD?pS$nqS))P++<Bc8k^O_3Bns}T<_qBNjdIIz8dRnOF`xoJy
z-S~noRMBiNA;>T~ms@<FZTw>ai$^#6@Zy;<3kA3+LI}jRHGpKs6+8$Jr047!(SdAw
zY#8yTzJO+b-DgGK^is?DeoHAu&-?a|6A9)t&xOOq4+^CIY{=K((+g{pI}7Ng`v^$=
zgjUg&c(xcP5P3L51TXQRDOd>Q^Q@g=m*D7VN~u7qF=mV3*xL~MY=y@e8J~;&Zmdx>
z8qB9{&}lOwUAyRX$F{(&-xQ9*YN2LVa9G;g6!H?46s_7jdrgHr^Oy-UN(1&;=!Bz1
z@)S`*^<#R!){7NljR#cFwWG$uR)`o%MT$2RL-3W8R(U;w4LV^#9E#8dY$hN$WO#Rm
zj!;4K-$T}e_zgPFK1*CH;>BJ^$jytAT0YG-Vrv80c(a;>elD(0O-p3)kDr;*f(HDo
zSWo%AB_?W}WV=jAO^DFo8{(7sy?wekkoe!c4gc^nj?8OslP7^97HQZtinrDi)Y)fv
zPfQVRRbB|aZPSH)!|$5B)dGeuYSmu$%x`r60rc|*3=?DNsMta4>1gOi+i;c2@Ha~1
ze}`E#q}LV;WA9+{x>00uGqf><NBh}D$WRX}z;EU);>5Xbmtpx~Dt2~RHJ>`fMH=xt
zUtaQxHpH^D-XmMmAYIV}M=kE~(Vj%mL{yey4|B<nG(&a#L{PMbjt)~vzUXH^Gm&1E
zd5NFaCCFN1dAMw~SJ?qskWfZ@v;!-DP!|(AnwbQ!PFAc@eeBl`|8gJXb(cU%7iH-g
z*|HAgvHe_2)Ih_E(L{)l!^)K&Jftv7rOb7Ub}z<-J0%lv3~BO)jPBEj_ef&o!$Qd;
zo3T!2m=mt6na4;e<z&9!oNz+kfi2r+j#W_D&7bsQ^u9fPH76TeTpr-?=&FUa%gn@o
znx67WAz7DwS~u4$fcj1!9CB&sysMWz`01g=Fj9HXq_Q*=;qhKPU<u4H1W*>R9GP!U
zC%;<3muR4^+XYaY{IE6FS?riG`32yvz5Ww&i>@K5k8#c1b|^_{XnG8CRVoxzdyqF4
zxu8Sv#_}}Uq)|EfER+Muszi_B1u_soF;eV?=XA0lNoF{e`VK;9uv67C&IsUVmOE+~
zLdDHD5vsrtR~V_1;F5Z{31=pB=s}9?qQLuFhYpv?RkX7RVZFU;MP+1((5H-ddHY8B
zKjxZn;J&o&E-S+lF{=&YS95SSZqT$%1aTE74^+sdHMnRS+zl=lNK*=sN@EHS0<vS7
zE_?=E0Mc#-AnP9fr*l8K*+(lkI;mi@3QN7hdSNgq7@=7E1DbOhHLt0iWU^q=T!YN*
zBZ5q**6teS)CSJBjZ(_AK?^muti=9LElAi`-DN&yk~(FTFhu#`M4Bz15ZHahzrNq!
z{@CH`_uHra-QaGRJ=~)e>?<nK33yz)FGB#H9NGxGjGd#^w)}Ta^30JVot{lMz4qtp
z5j0)?&2z8l3l0{wje2Y_tX@GvxAwArv@lZ^9e1u}C-Ge!3Fo|3F;xMh8NV+u+Wxv7
zVNj-B^pf8j>qr2_(|Wp#HP!^VC20ovhBVKwk{vk?{nD49Xh;uE<x`sp$nSMsjaB}&
z6CNCT4{BNQX`=g$N(7)0jiD7GVueuBns1KukeA2g!c<r$^Yon~$eD>;a~kDOm{E1S
ze6d?J0v_v>o&UUTR01CNxjwXq328l>PMXebU{lZSRT>xOR;%;=HldwyE-5BH8k<Y~
zE-O5<wWnTXbY!~7RUOFOR<x9}pZ55-DA2K3;EDYln51!{+oIK1maS^{AFLd)!|_21
z-|wWSrRSk{EdifIR>&qg-M-^CZui*jXE?jhxg&JS`<a((VnM)N?hF{Eo!e;0P40B>
z9YiLX8O*8ei81L?kqFG$+yL&1^(u&=YC}wr!QkT!3l;q7h3SQ7ethH@6#S*&)3X&V
zPM2qNl{kn+J9U)5JNj0;Xiv9LwRC5S?CmL)IH#T=B^}7w)!PvK=WM@XBDqreGS5Ko
z1)}xx@pj^4B`C6t{<Kwflqw<7h<Rl+{tuIXFTn6y$M5gygtlZ8AM#S?JFidYNsqnT
z=cAcyh}%&E|IiE<OH6X};W}u*5DSDocuM#EA?%uZz0LoYQCAf^FWbaUX@`)W0ha8*
zw6)p(HNQSH_x|0~lcQdqun@<|vGXTtHw^25>L1#hySy65v37bz{tmCu;}x0rGMATq
zsDtF&3dGC&9}_;MUKZ3I1H)WtA91=Z*`|aRs@AWO$u}e6`&pD9Q^EHBLWS2!8tK`_
zmY{a{F#VAVg)ibJ^XfDq=Ql#FE*&LAnOob!jsuGO#9k?6>BeaD?nV6in<Lv%<;`W9
zaXm+Mtw20&WBRwJi_z^lp=d$Srzs*P8uL%)GrR3MB>?q3DkuoDgQ;UDec564Jy*eR
zyt>`dS9xFXKVN)JvQPw(VtOc;oGR>3=(u)JyPh%PKDUAe+6;;Bop$u)F;FVaO)K)N
ze97kzVSF7lU5UxtA!!kGxe>C0FNYmq3VdM^|J8_4{<CB58Z8H~GgMp0GJ1;WhMv)h
zf|c@b>62PSJS$RT*>W-u?>!%OcsCcUFv?E9xn|N7ZnllCG?@W6<-ZNg?v4XCV<#)*
z%S3k|Kt?_fWKKoInIjc25YHC{#<Dz^od4CT==m?*JAZPcsoU+y<!s4XTK{t+RP_-i
zuJoUtNacFfcjF2qetH8MpaMjcS2}(+a<PcQ`!*A_0hALso{AdO$76H|S}ey?-VW3B
zdbJ3|S~)q~L9o~9^#pkXAqWlfSFZeire?%)?4hI)cp;kbb|luW0>`8oW?&_TDLG)C
zUxe==jUZHm9ySmY!OM08pa#PoN|4=xQvqfHW{`9p=mcDSxFZ%o@RCsQx4gfcy%Asp
z8ngm=k4uRD!a6V;LZrIoA}p>087q*%e3`Z|bu!<dPulNDmzcn*M!T%2S5Xdc#B{Ma
zeECkE0K_|Go>NTwv=k#q%tRAJDP1#Kp_8kWqwF8u5RY*mNfSbT<adrg_`2%op~={D
zTUFst2UMxV4Q1zU>mb4*BLfY~+;KALQc6u5B9h%3A1t9O)w?<!BS?E}M;$z$JhF0i
zi*mkBeBiztJGhcuqfPX<CCkiNV7AdV0RaD$H*mvLJm998nLv!BU9&2^y#I*PI;g%a
zQ${{M(~5SoUP8#Eml$p>GQ_>EgX6<3%bYjpB4qSt<YB~5n9rA3PL1NuWKHov8xt_;
z2{SQry94&d3erT!sBkOPDiiQXqXUS^tl{7E+zpM@OF&WgSfv7B9FLZJ*A|X)-Vl{<
z`r!qog?Iei4g~_b=y*jJCj<tVBwDvpg0WYa33-bB+~DP8pfB%<={|JQ1zo9DnLimZ
zz|iwrfpzk4xA@NnBkYr5Zejl&WPzRX`y)lv+k}{nXh&N_(`LHGpKyM7vK+}ZO1~9&
zdt|ljbhAZD7iP*>$<#H`P{u;;=&vtHeIEVAI}iFpGt%OR+s)E=$KX~aJ@JV(VvbYO
z2>50oSID{ze}54@RtW=&qT5a+nfvNWqZBzo+0ZH`?1;+Tcc(zEQCmw)lk1&ud~hb#
zQWd7b_a~KGrFq{~N~#P~m+9EZV=mNEOE>V*jr69nWuTxU+n|B|kxf3n-T~EN+vvqM
zQ{Ls->LoBy70VXTznCP>G@3kK7{-j07;~Iir`DItg&n1DUFh$tTw%va*<%_HKA!Zj
zm~K_Q;_J|e6P1#rW=rt#a$NBdj+|JX27ljxKK@d`ZdR*6&EVr|Qg-qvUsE#Wxgj<+
zsST}O&JSMJ0lD%QTl<|_gdSYOp_hszhe%8k*Q{C|s=}AKVQ%z!%<#Qyh1+%Yo?Cjc
zipB=`5;4!{BaQGaARO|t1ra%-9nDz$3{_w82KLT9`1FOnTcHbL&-5W2l)@*|+db$@
zkND7C_9@%t@Mol@k5h?*zS+!)o+@d9?2QZB9%hkjNYQdO;v~oB{5p}20-91rSwK`Z
zt4AV2VX0aAwp`+O+Fe=OjxklSOvFT<y+PxU6T>eKm6h(<*B0^J&u;dK%zl^*&><-I
z>m+_KX(hv%uoScuV1I0Ai@!vrZ01$AvI+McRkJ!&Yr5u|P>thr#uvR}cV+I-M)E4m
z^8Fj7`VC>2VCHG;gW7)5Jg*{qfYslv<H~nkDNGoh?XJ2*6A{Y<(Jh31dYuB{;uIFZ
zVO!}_k2rVad6mrobm37?25O6c;AHpQTTFe=IHf`o?$NpZDDD3mNx25cMv5mxXk0m;
zM+yw^TMqIwa>wSJYzv2P)BkA(1anuk5G^EYcKH&DBZiS3*l~>5bi2kp&0`_H>O0v;
zJ)ClbR$E0`hHw=I*dh51G6xB`4`8azm<z1!Dk;6(3|m!(JE~8ZaON(bf_h{qc)W=6
zWD2Bl!9{X11%1h<ASj;<DtX`+cuvzx4PoSdd$t5%xn5ks-htb~UEy#W5e^ZoHxOi!
zV5j$A`@vf<d;>fpEeiG>^?pAA_O$ghNx*TSgL?=Q4)_*czb-J6cqOCAlGJ6G<uZVJ
zoUke80{qQizYWM``UsI8g-UU^-)dYzOlU`h$Zk8sdSmPGr}mz8kVn@0cjKY%e$M10
zKn{9qKnRm<{WNE<4QlK>A~7ICEBD4pbVZIMsLgDm7)zcbv#4_1OLwTskArr$Gpbi)
zX1xJDh<omoG`OLJUn%N9H6BsL8%!nb=w>B6oUYDs4sOtdU-59BXz><Z5r`}Ec|J97
zwb08EduUQKT$Vw^j3U3RF@-YmEzz4*Tba=ALbA&6x6`~N_%TK11!IAyZzE7Pp732G
zqxrr_eQ6oF@z%NP%=lSNpLGx+Z5^U}Z7PYvh{1XjI&2ULjX;>5Zb>uTgn}|bzc16#
z0qJixTa;4{U-3pF@6uxC>?9||51?lbo&k~lpEZ!puIPqW+D)B~MJEZ}`CV2^;i3HA
zoThuusYcP?D0T|DCYnx1mD+A7nhBy02Klhm<Z4;?(N%4t5Uc{$$Fo$@PW}{(voIj>
z6(~RZxWF7zD{_sxIZ6wBU9we)l6h#?+8y<lQCeSI1dS@=2Wi>k4VrBEkn$0wCh3Md
zV4{yX`Moz5({B7plVhgchoFB6QUeUG%}27(p}4}`=5TfyX$2Yl+no3F!LmFUBBDi|
z0ICx<!-uWFDy<0Zw}AVm)D*#lT;eD6rg~m@VKAvp%?+!VFSQXJ#p&++TC1t#z7zW1
z%rCnQoqnV@%-LcH4*d!Aa{sWe2UJZuh2VWwNv?${xy#O6P=k(7^1zB{=s0+p-K+xc
z5yShY(WM2<RVQ|sRLK^((RrOLnP`t@4i&>Mtf5`Rz^O#=DLqUu!Nfg8(YGDd4cUYT
z1vf~ZI?1KoCAAuae?#=Rg44aP;CM}8k|~3u2e+YIE9Dn}OD6L>6CN2Nmb=*%o^Kt{
z#OhkB&#hQuoNVm}Z$-$hba`M6OQaVRK@l?ekPWHjsBa_g5GgmXc`LNVd(5IPM~H!x
zm@~YQBdSG2{BJaT5&DD(X~MHpsH`(T%C*FY?eyG)3!A0OK?$F^DL|{e<a|DKNRw=8
zgtzws<qFO2A)n2oPT4-t5OL4wO8H~D0hZxUf3uA*$zk0=R&B95SVkU>b=dDNSxD_s
zw2+G@g&3wP6}=uiH?{HZJ9H;YapYj5=yOon=k-Tx3HqAaFnc?|(1$DDQMK-(lT3#6
zr4|s&p+S6}ms@l3=ljmD5>2|uYCQNN6-EM_hqMpAhA%AW6lmb9rEkaDkGYG#Awz}8
z*RBaKNI#+2<Y9x`p;u%BxdmVZ=z164+g=B~cBLk4dC+dW<jcw3Go!z^naACAINbk2
zWdC{;-J^GR**~TmAY~)=MJRc)?YC5%UNn##^u9XwpQeRqp<SI!?w#!=#$M$^@DLQI
zx3Ny<NCg`7(w#W?9kqw?Mz_HO%n>R)TY-ngvU-zM1nU9UKn+t4g);>qohg8Y5C-BP
z2!zP{nDsueIl+s8-S6WTuA<kdB;X!R0nrnCLAz1Fe?#Duf1NN0yfF~OL>b1XqkJX|
zzn}{+89A6A#FG{fH+y?PM<fWe|9%(*HXFdM6!ZoNl}09FhG>x&*PtHJk1gm}m8G<m
zP%+Upwg{EsjZIS8fC_#7VGTIulTlz8<ZAqdL;1nAP&cF#D0XP2oU-@x6mKK80HVg#
zXw|%2KX2hcWVk2RFmULw?!Dtng?dkYbJh7a^=$Wz_2JQDr*my9)YI!auX5TmP2`8I
zL_GWSC!YPq1JOaW;(QlN+2fvAC;mEwkk-(hj(o2Z9bAsj!9{EHP4Y{;q_(Zs#ofMo
z!Vz3gXnvShA)m`=cWm;ge6w)|oBapr_H;*^u4x@{_e}8@*>)O-8C41|ONVya;5+Ec
z5h8k%_@Zppe#d8Dc6&-0<FxM0W~Iq+-zq=Z29w8i`~j8m3TtFXKNJQ%HcYV{r6OOE
zL33n<We(c@tq0w5pL3orX1HZ;`&pSgtlgmUL^I5AU%XGk{P#?~Bz;7VhyD`yF+9LA
zNg0{p%k*tTyV!d_w)FM4D=YzBPV4eSx3f9kfi!N6%IM({9ZT0Nr5Alj4q96Y;)c(*
zns)eLF92b2rQ#HKbS^MJ9taANA?qmCF#9N3HRC>eANQb_+W1lDqsBFa2gvA3agN>t
z-5bor-XzglM!HN-UmPxc)pA*%#$O(3&=<%LrO2r7aMUEpW2ZhPiv2L@DWK=ff+Rd$
z32PZEz5KgIi$1PVb%@`2>ncYsdqoBwE%F=ZBnRfbwW)7%zv?uL+HB1l;GaS)p2m5^
zk_r;dqu{eysOx^Z=+i!4dv0nwbj4;l?B>!crD6?4?*x7YH|Rs;fSoDmX+4g|9#><D
zYYJquhvGrACh>|SUC|8#RL@x4P&rP_#<n=gERlaEHrK~8KJ#UrHv7q$-_0c%^fP17
zRj20kMcHYwtmw04PnZ#F_Yv~1+5<)Q^@RLbE)bW`(v2sy>#fSINk@T@Lfx4Nqpx`)
z9XnUjg6v#|No(8SI5nL@rY7I#2Ok4s^=ND-KX9(u=VrR*EYl?IJGe$Yah!*QqwAlV
zN0LK)5@9l8>3ueyNLHl5w;nT)_zDqs--#JBRWIFs+15@rnUwQY1?oa0)T>1^^SmY+
z`Q@%Nt&6~}ug)n;w_wrs^%`|lhSLfCEs3F~$Vg@E9B*VQ889Zs-uHA9`ubB-;0nI#
zbEapnlp<>ZG9``UDyCh4n=r)}dVoPD6-W|exh=CHkG(6|U3_7>!?0-y{LglERFK}V
zkdu8aFgdv_>Y!JaQxxKMMCY=(_aJ+EJ_uRj?KvXHeY@f}`qLJA_e}BzCWh5&^F&}c
zG&9c1RD2uHVk$*A<I@@;M1CRQ?V@8V_)#kVoNKTuszM)QZ^jzfr=wkyE7)LuGjKeS
z!F&0y9&&l~k%#Qa96DAvbd3Fz2xjb6_ugwlA;0;5Vxj;WRiP8;<?~6*Uz%T_e%j66
zT}1u2+Vxj##aY(5#*I%2rd@>O+TBDHnYcmNaoVJ4AWOURHR@^c_v^IcXjKqwKyRQy
zbIrBrZK!{a9WoP2H4Un?G;ILa0rxG8tk60@LJv4yn9(vO$Hyyr_?|1~QeqiiAC?UR
zY+xc9YKL+`92FB#wv^t|$=>8M!Cu%Ef-pKF1Zu!Q+6lX&+kl=0MgU4Xl=8m?o<K+r
z<@3PB=H7h|L^#Own0fReJ{`M(+CeRe&q4rp$%OIw^cF*3%IBV|rzzv=Yl`)8PKtNr
z84TcyI)q6EbU_6ZCMYtY3g^Hj%pxmDiAlB!FtlJ3Y^K|x7P`e4>jU3+5U+fR%J^I9
zx>Q$uIRnfYq6#M-vM)Kh`M@hbZ0})sHR3IaY?Zl3L|ak`dyWasLN6e>1bQTtWQMpP
z)G33%sF21Ahsj(vr^Oe#4cD#CV`l>C6N%F+-zaS-r|uV6Y|9=HM!kaTqU_3~7UH2=
zoTFx<KjX(A1|$HLd0v4+#0WsM0>T4w%N1;cj+6P_Y{Ygd4iDw~mmD<&A9fnuf3Nhg
zVO0-grDIjbok<kmAAAOp9?UBQV?qF_i)+5-cek0@O@@H*hiw<cn=ZiT0knG0^3iEG
zI_`ofKFWfW5K+MlHMg0W@duyTmRy8}(Upp}RGi9Lxjl*mXxU&>C8CyoTz^evYarR6
zMKM+=xPG(BW<n1RFxMJTP8hvA!&&hrhdVUVtq}v(9(wq@$(q`@wCx}s_ly$veM0+N
zplBDm9rwv<lZ4b!=!WrzNn5h%^NL)2RfjnK9qxa3o(Vsqw?=Bu@_RcY9EB3+4R|95
z?_<WlAUC=^fDP$Nxax_+hjrU0Yh#ztT@GcubDUdtHe!*(<s`g4Tapw)Ks@*3W)l`p
zjH>cFXFhXBLn_(k*}Ez@#r2ul+Pycd(2Se*Da^PWI{DMppZh}4V{6;7&&u)W)_FJt
z&=B%jE~zYAQlNIiiz42oMTTTUu~+80WzC0=aPZPaoUFYGI+2e06VYGC7*0mbWI_kG
zGp&6Kg8ts)f^W##n<_JTw1{AzbrPwf_S6@@J-5Cl?tTO2i(WSTD4*YD*R-ibrXd{*
zsn~U&KKDWce=dNe9?^(K=)_|>Fo}-KAn=n!C<AE@H=xVfvE6g*&&;8k*8&vuY3Vy>
zbx7P|JShJ@doHyBth~X5PP0n$actBBH`V}sObV#ui`$UMm|3ca<k$Ce39v|krAy}w
z;OsNa*TiJfOWn>v^C(v0@`U1^nDL#gsdS46nstfiPJ#eERe)k><j1tA`e@taVP<7=
zhkA}%SWE4CP0lKynjOmw!TeW0?i4S_{r{OQo=5Mr1Mz1(mypf0pWd|J;hV9X9F<(s
z4(~iUtiZIev!#ac8xNG)!GIYDJe6^u6&H00F0L6N&t3#x9|{@d>S7Z;>oU)$3w?;G
z0vm8s$gHnm`b=tvPHa!ptlQe5n*Pv72(SVjS_>}Tfbm(P8R`5wW>Ryx@{5oLYFhnk
zFhFD?hRD&&_<k;8B(%LoJ%5_YBsjH|&3Dd{d*Np$NDoZ;({+zkl*82TuD3?A)gs<i
z?XjM(mg-=|$Q&y*#}iWk-MI}?z7UKOA>Np|2E0<e4g2T@{9_*{Dh4j$WzU!%R)h#1
zM1H0;y<d>!uO<`X+QkNRTSLs7<D=W46{MeDLW76}>fb3K&HGQQ0<;<vQ)pGLSNRA{
z9#^zuC7<wU&Uy=-?1m!Jpq^5?biN=!`#StAOBwokhYB1oPlV>sU<@%>4VZy3{rigG
z2{01~8bn~QL4ct6ehag_-+KQ7Y`<^+dHt`w?+=Ov-aMe0KsbHhlqMqx+p5a<2ZJXm
z-5_dH1-u&SDU^`p%r0M{W;o(;Uc`UI`|9Pqq=2x|cr3rpPQ?Ptz}2`9C#!_Kh=b`*
z@`)(vVi8`irz6vOL(Rq;>ckxn6g#!Ers|rRZv(qN7<MZpWM1J;T0B_h?wWjeEnuuU
zGC{quKQF6ti{q#D6s053Co1t{Yi15Z^_txdJ(ulX?iQtHLdVM5fEF~5ouz4nHr@XA
zVllvZLbf3v-nPuX4Jg@5J5|c(2Oa^(%!@5lVXG3Jc~Lfyl={3!8tl+l^gL_4H~4tX
zhYJ@Lqlc`#-|rs))4pExheJJcgSr{*?^fTH^%m*UI#h9lUOJQ8^2h)JQNR*2C{gu#
zDkS^!q5b;V52%f&Fl6*Xd)ilS>9jPE`EGH`{)B!#(h9GaIPK@$wM=Pling_FEQk>F
z(w>+t(E>lIMDCg?A}XKO_UbNrLD#tLP@Vj=MH#xP$+PbdH~d-sRp?_YpLIUUzryK0
zvB0rzM6-JGpU~gk8f}3aOO#EyB1lX~)T(l+gp=Lni@ReQMce;bjcZhje|8X|0p9^d
z(a_SnO6l|$^qL#09ET}%r2kL)j9;@;4_}>B<7qd^uC%e?KVLvhz&B~6=HaSs@YZI5
z`xX>Rmhzw1R=4DSZPS31xb1gb>|%4+<+qt3O_>0zyrIO~uC(kJ0=NT~ptXkJqsy$l
zJ-TaOnXsVRwy=SJLit59TyR5k=g+?nXm%>3-0uZF(_n>$ee*d3=Y8jfcY#@ANk|^8
zn4aM!cli>`FCj(BlL^^@lUDEs))5r8Ib$-1HQ>!WzrT+MKj*&2$PbZ9zsGb<5EXlz
zEE>G5=ycQz75#;ub9#h^a}L{+;fY$i+#J8kg<j>@C{p&}7dN0|iWrmPRJXm~DrN#2
z$BZ#ULx5X^C!n2P=FEa2K4G5=ec{HYxutI=PBz)9Zwih{-Wt&#rJP6xRorGm&Wy84
zrvo)AG1EEfn8H5fEE)}2n@LjE&p#U8esY-(s>-)PTsv^A89>i39AE&;YQ)4%1nf5G
zBqN>qJLNkqO3%+~RV9w?$ze{w6$u_jF|=>rCC2$i_WCor`G?63stOHV)hTQ#R;Oue
zl)jeX+bQ4q<Y>Ihiw*wK5ilzdP<(>uIrll-Ee~qILqIvKEWzv>0+$`5B1fKdO?WJG
zT%JtDuJ-nZM}ZIS#Z^zdaA01ok;JNYS8(fnFy;68^o)4`0lrPO_|SR7%%VKt|G1b2
zshfv<7p+cy9_E^qT>zk1Y1#GPja(<WxVBB#>$)K~j1pIP0%w^r!q2*K&7xo<_4NMK
z9ToV8%{i>;fm>Hr__~0$c^9$~JM(BRI77gY2tjoFjf*S_c=^~YKU742K3g^Oj@uh~
zo7SB7Yqv&ZLEn`nI@7+H>?W7avf4s58J9RGS(P0af|V2m=5jqYiU1u%!~9K!{7U)%
zb3UK?SK6BVpJ1782O-DQMag3H*Bzp2M%-|XPluLHx6cM+KtTNa4Di2=%LMvOcEJMS
z3oko|@NwDS)FR%1B~VaBmKx=5c3{okq^IWE4SxsqPmwDE#J!=Ejsztt$A5r>|7Xu`
z()s=`7|dt6Mv?innhsORjq<bPq+EM5jC3Q=`{)arK}1X_Qlv#?!4^YhK;Y_Y)MZ%J
zMH_sUWf~IZ{=8(Sz^24K8Q!>R+Sxvt;}EmnqP^9lhiCoZCX%4$2)_Ma<H+GkabgD@
zyj{qN*kbLo4u}@kwz>T}o%xSxmtzp^fkQh)n#+wCd31o)caDG!&1wQZ3k!}?YlSCP
zi({Bxujq4uo=MI0Dqa*m)s=q4x@vZO*yOHoq_doTwkhBbGTbP6`qn1$TTw)e;-P7!
zD%jZKAEq|@#JpvOA9`w7aQ?Yf`fCBrE8_~#I1l`>LO4>*gZV{qrDUGonmhz}ep&st
zMI)Dz)42rnm}S;|HnpeLzNUg~+&W6TzbK2yFTg2fx}5)f=YT)fX}h^w-62*8GuqPu
z`=f@Qd5iD`tUeh~^Nk(%N*9E^FicwE&bjmBBi4ZE*qI{Yy}fJI%JoFZrHo7LrPS7o
zvbo#nk|KoEVsr<zt<xTTj>7!y%l~nSKk<sJ3W*SWhwb54#U|?{eO^*W2XLhJ#06^v
ze(^9f{^&ke2+vrUvg^Q5mz~;zNj}1$VXFoIp*hOF({2z8wrW3XNJIxOq32jdlbh*J
zJ;gWZRXGcUlRHZSQ;jhfoNUA}MzCQ~()zaO%fQqiEW#ivS(!&`erbjf6b!yIAkhEu
zFTDJq?<(M+$JwgW^K%^u)4ef!Jpmwtt0qTXPGldYC7p^A=T2%S=1q6%zqWntV10hQ
zpi*Ya+LS>|CV*i5IH~Bg$J5_@4GOiTUhDN)yD{P<F=~XD-x=}!E)jGTA$7#Vc@vn>
znG4w8)L$7wJ_9SO*oa?R_@dBPTKm~4<jyg*${0hEnVPSIkg9`LDDFN_tekkwD+~rX
znIz^3eODMdVZTH92NgbR3<b@b#D^x;TXpbt2Co+8)x1rF`>W|3O;-(ag$o_h8W0$h
zH&CnbP5QK(bHOib1TbI$Hy$5HZMp5#6pR1q>L<4G`Q&Yr=2km4liIrT;D8S3XXPl(
zF8`l8ATL-Y;2+sRcjlOeZ||vRjvsFVDdQx;|7ol@GPwu|H7{`1R<9~2*m##>yN|O7
z)j*9edAe{iIk^I>dPdVnKVamZsCA#KmVU!QNae+g5H_B>BMP{nq@3j9$Mj6VSZw|i
zGBD(O@?8{8$DdvkZCzXz_^Ajkv}dUy^eZ=eHn5)YP4;L+U(4iUC|?Q+ct-bb^@$t<
zV}`Vx27F{Ta!FB7S8s5r8st>u8k6*6l|l4jv(jqN&_IbF`yK7qfwZtYNHP%`l8&FL
zZ6B^Z+`ymZygtv?$MU0^hvo#$=Le1dJH7YXT6*TM`_j>>E~dxS)C&AG@ai77HrSo(
zpQ$2;r95TAxS!opB+dh&uhcYN{X>PQJavKv-fc#2K!ZpQ=#==c;{mh$^cpADfjnGZ
z2Q3tQ<2reBTQrOT2p|>&NbU!~)-e+?I{6}r$<*tP$_f4xZ_l{V()py}6%R2nR9L*-
zrwd55QU9|_lWwfl4-i_K?*Q4rzZ*t(QcmJ$C&mtAIDg3nWKA}3!=U`%5F<F>h0a43
zn=-nceut9^<*0BXx?GKwb~?pwh*+SM@q+fhQTpE-PVK*gt(*Mc-}?XY8k`NzbCRGF
zH-e_X9ax^6Oj-{_-5OJb7v9Fq2Nn_t$ce9^e_bXBgxXjZc>UTLApn#sL`9W>r5CU`
zhdFrA-6?BKCQ?7iqmx8G-H?8+a%AU`=IS4N{j^_pXwv@v(L}5vm#^<Tm2#RI$Xu@q
zEWyDJ-H*p7IcpeXhA4D9potAjx2Ch#%~N|laF5P^W*FsMPKF{Y+~Th*5jJ)F7ON#M
z7a%r59qaRiQA_kp=oE6=HDO=AndoHyggW4#yVxaGIp8ApED_>vV4w0x^N+sFX>l1p
zqyy?YHTsPTeh&DYy-u`EdR@O!gj%wJ{RhmizyJl~*KPeuDumi=A_HxW(INb#TDoti
zFcNlR(De?aaHC4q5|QReZF3j7E?;xUc%+s|77@MZGO)B=zk*jptRMk979D`WW6M1L
zZ>&L_)@GYjjKyEhUo9)!g!opb5r(;CI)&*4{mBYGsQ(*R_--IZH7%jTTcQY{SW$fp
z-)BG6#<_f0AWShnd`o1cUc^%a1L?jUfbj9|sHdj4+p)Nt6@S5dgy>(~+Ws3~wi^sd
z0iK%E9in*_rBi0NVp6(N>LtQXyf6&Z3VFX89h<)6<id43wrr(#?+a73CF0zc0+pof
zHY9Q8uq^@a909wMki&&ft<bD+!ZLoDL4?;B=G0<y4HF&o$3EF_T)LhS4(HV8bnN8<
zbns^65vUw&sYD*#Jj3r_dAYmg3)B4-JDKp9*_QdQf%j$yycTFm)Zu3~=_FH~h)CuJ
zFtv1Whs3AA4e0qhhzL8OpHX1V$rHW=b9?&uTC-1it!vB;PiUR|N3Z6<yp!p0K&Bbu
z>+tg)`4EeQiTurGIVw<liikl6-OwyaW;Psu5AwhCtN@CzNhQVCpizg8JmkJ{aps}8
z?^`CA_g}$JjbZG4Dc|yPFd-+1#5p4OD#i|<uSWe1M-N;;dREtrtzaXn=#PE7sspo8
z{XUoc)5r8)UT+@Jj7%O6G;}LC_NE0fy-dXKK-WLaN*F#&FMXTCt{gKum1fUoR2jma
zqpiqZ=`W2?0Op6`YhDVwqXyWF(~gp>WWcrZ2K0|B{_vt1P{%d#7K0p3GG~4)&IKzb
zZnl|HRTk^<Q`Pu<3VzUK2k?W*KXV<Q0M;2XWlZiA0&`^GCfV`L4dN-aV_rLa0qqpV
zpR_8pp28{%E|?Vu@W>wIs^mPwm>ti(8sL8hY`<Fx>DG-mFg3ZQ9ht<y?*suos&6->
zewH@)1{CD)@HGO>W-pMi1#1hB;)(X<rr}Y>nAm%w6U%wYa<|l<NUqLd!?yy<q+joO
zq)AWAGI$sEUH}mPyTNA>6a9|?wh6Da<fEm84BDgJ1bEhxd1et2y$w0am*3=mC}vWJ
zpDZ`7aeb=w^T2y<BUzwyf?EAS@ky>XjWmNf{2doDF3mz*=yC?X&9yIXhA$|<I39Jl
z&4`v(V$eell!bWnV72A5L`OX+27?0YxC#9||4Z=-XRXLEk8WVG;RF%S2Q8rkzbREI
z*ZZbZ(dQ1+@!0s!8Gy`%hG2D~@=@e4C)y+-?YNV7{GZa&|BKN1-*Aho|BVW~#|!Q{
z0WD$-?r-9)C);{CMYnW)glN}9THVPbg1u5=$b!MzgmG>0_5#An%aUB8XvhM6qANDq
z7wYV@{@_E+E_pH?dF4k+nEts84}ZCHynUPdC)Gab7x$Vj*0mKjH7fJDmd$1yEMGNi
zlD5xk0DC>NVj=sk(F3<sS`PoxZjCBYYv@89E3RsgJef6FyZ*sTlIT>?rO%xmDst`P
z>}%7~`HR@b+t36K$_{j_m6Zj0SOZ{nn)m@6rh@`n_=FmIZ)MO6Jo5GSYu&<BuqtBe
z#8m6ZM>{-@@WUle>dWo(xPx;}j>O?p9nir5tHCW`%K$B6w9D@!lfjY5eoJUvv0jx~
zLoBVdkp-rhsY2vL4~4CHLiaw`EpqkwLl+qkr1zGOmlhcIzVjqve?l*qU`3A4&%e>+
z5llk=jatBx<eG?h?z#oR?=>=jP4t`=oguE%)xe|dTl<;`UUJ{c8!oJ8ArC#eN1W^O
z9`+BrT1>=#`%?oN_~}@)#T*8fb9#_1+X_r8AJd7wV(rFPOX#Y3?;IFd%%$(2kW+x(
zJmM4P^yKYEN57#iXM!oy+UxIh18}c+OT-iqjc>Co6P;?`UOfS{JMWRoimMt}Fp{x;
zW23S7*8ygOU0qUStGAxTNh3e0%ZmD|5r~3DkqN-zK*C|ex&bmBk*12bJ7(##V;pPU
zaiKn!RR(vQZuj|#7V)7b`NFh9wYAr5xbRrHI~1B8%Ae?VD5$X4ydi1|53QU(SglA4
zWO^vYhGH7IMCo|LdB=88oeRr?&zo@JNhd#YeGc2!^cgcU*!9S?+~fP;Q*xJoYT<>{
zjBhESc4M~}8^_`FGNVs;W3g&x;vzP*gbBVz_QTNtlO8(cw;K}^<KK#~xjmm+gP8&b
z8)@kK+Cwz~zj5ahLjtnJt)ALrBpnT{6+0s6Hm&b`_pUc<3)Hn7xx{SL-{-zsde8**
zv(R^2Hdf<jfJ&I&Grt)+l_4m*^Dodfd&#Uik4!Z6RFv|EO-5*sj87%aDNE>C^GRhk
zuDK1JeZy!g>+q{nKQ_=q7IGslz`Gm`D3}}hgm%2r?ikeV^-uk=MXjLNyCF-DlS#X{
zn7MOv-I2^GJ@dGRjt%u<V}~#l6H=y<J(Hn{NKK=8cpiI=iq-axVy@(}nXvnmm+i4l
zPj4@=V}(mUFlYFETz=m%;029LA-TOd_6IflELL>%IAsLooalUPic_2MygNu{TU<{!
zo0{~ZfE^Lx@R{o9{U@Z`=H)KL_nAu{15$P_Xm`m5!FOSRF4Sjq{O;PXWifM1MCde|
zaa*GOg31(Az;tU|^1-()P>G%iK9nV@2=6zBQlCpE6Am;YlR4>|N#2;+*-#S^=U+oy
z2TTd5Zf23vN*s+9>cOI>{L-t=Q2RrtUlED>0Q)V#S5gHUfV)Icey9BkK{mldwZNSW
z2sC5}Ot87^70#lz8a7)G@%0RT-LY2ToWc*Q5ZyrR`|Wdu2K@Jh{`OFw&JG;WjIG}I
z*c|dpzy}4YjtY0e(gyDMg|{m4yIKH>g5lv`&4jQmHHJ_o<3$H{s?jA0q37R5DtMhw
zm&$+gx(1z9TQmYgE_F6xMKV$X*q&sJ;opeqUz76xCl6+&%%-AuMPZnXOlQ53le#&M
zCymkzNVkk5g}*|2Pe3X4Z=u|hDBM7(q10TWhAcv`0IRhnP^T14Zk@OfT|BlL2%JWb
z-D8=ZIVr)rZcn;AwUt<ISjb}aF7&3LkecGo|87lwZVqu`MXHKhGA*%^@hPSIp?vBy
z;C<I_3g%BTx~X0nhsfUH#iO!lJaDB)wU3Ahvq6Ur-Ur;-FKz%X^-(5Ozt1LKOvQaD
z6l-qV#;kF(l1JP@Q&_zQ389Z*=m_ih$BY{FARt56n+Pk!&KZ^=q}H$Fvzl|j5b=fx
zp4t-jU_vLTt`?XJFCc$HfYk>N-NS?Wmp&2O=3%ox)J04O6e?dOPLihC1qj;=+13-#
z!kI#!W&BXVXQYOBW`=z3FhDUm{T2lXC0SOqU9^=k&@G}9z!u<GJ44(g_3ykfOW@jn
z&Nk1Qt<*UaYm!Vd6m1Q%nL;DF9jn^Y9o+0T`FD-Vg^if7^4&#DYPCw{t|SRx2CU$)
z`T}<d0IC`6=}NU*C`@&iY_g`t_<q8a7>7;8>1#?8c_|BVMZ<05pBR$K$r}V{Fb4Ig
z;G2)~6GBcDsqjv~#Ma+sO-<x^0Cy~6bXlT#E5~_io~W5%XP^$O^~eML9OQQaYWEsp
zEc*rh(Vb2f_H$1cCu|nELUzB#bLJ=YW1AvMTBvg?jlFiIxJzc>;ehMO?<GS|wvm<M
zEe+Dwn-TC&ZEqi5QU~MyEny4T56Shu9@&puDGd|07WlIg;@GRyJfo92q!o_<#<z{`
zznc|;eJ(xsxx1)pvDF`_NY0Q&sZM@pkcpZT*@|uKb^>bsF&ddj1}5t4+QWu$U>>zA
zh`tzhqKPPihER%-+vwp#&YBuE;vk@;*`_@FCAstvSm^nbUe!!-;l4Vn#jRsBw-(XC
z<*HN~7{22uuswTFVb8fsBx2WF418CLw)E|F-hhV_@iLS!$chs?c^RKL-50^XRoN6R
zYkj<X&Ut+RpI<fK?aF0a!Wj9}0=zfFo}K2F=mW|+kTsKd{X2oxMr7=^8bRV&yY@co
zQ-3NO47)E51AmZhv+mo$@|hV3*|M{n_2Cm{%`juJy<dR!8K+-Q9ZrsJi))0wO{x?@
zCuKF~u36~dqqS|pZJwxY%4{^VQu;^(fss!d*8vSmF!HaLt+%R<;r>_ba~fc`y%O3@
zoKZ1rQLC7IB?Qf~DjV<pLGHcgk>=SLdGMA><;Hp26<>;KL`T3~EJ-yf&|Oi;<FQ_T
zRXpR{(<*}aQ7KrZtOG`JIqmx-F1B5%V)$Y2&11I2a@Q+sT_cxvu}x1Alzx^v0eCPR
zO?n07Uip-V`VACFo0%|6&3~rfe?4O~07A!|)dh55ns09LBR-aqYkE<>qE-UU1R`l|
z4SghVwu$_$zLMEEDwG6T14K@yQH3u_LCgK0^T@w~(f{Sc``q&{jFTkSvCCRrD4S}O
z^x%Dg;l(u)P_>1)m*f^^GQTBT^&SZYE#E+h2#X0r@kkG~m!J91Rv9-ItD*m?Hyf|l
zehv!9%@g-Yp!xFrsx#%$<E^KGj>8;vPUzzr?r>(dQInn<Le`OObIEkU)wo_ItFom5
zlsk2bHeeDzi3sJM({p8Z$Y~Mf%$H`sFZq52(gLH`bH!obY}-qf_RwJwg;vEuH#<F{
zpP<k05VfF_YltJcuwksqbfPjt)a#-%IKxBE^tC~~tK%yL=Nc;n%`%M^H3An7GIfAe
z5s?=7p5~BKfI;8`n%$P!0PS}mjxfr8mK-#JwWfu6xP!!CCw~7+M;|{-48wK1p6ZGU
zm@K^#587C(gsZNrZJ^koGWn9rJckh+k5B1dOUoD0VDZ1qISVz|tX$v;wHyqDu}xl|
zo=2Y=CL(g47*y&MYA$@##c$sf4aq&k^u=^|BYNfb`9@K2y{=^afeN&sKpG9!ZW8Mo
zPyh)HjFkiTX1@w~Bhi(^_wx$U^$al_1D4Iqueb`Z9*L+A9Dcsj+0!3T>YacrQTTxl
z|NaNyU$}4jY-DP7mWzSQp3rk@x*T{v=ZSWLMMC>8GK}~mmwnZr%mYPKzp%DoCFK)A
zjIX}PPgz8NG%j>41F7lhuK_73xI?sH{%lMe+T<yFuvAUo<=g=sP-z(9hsm4Jk>btt
zyyv_$YNpVS1oW}#+|AXLBWv4B?Yig#*<#XsqC;H^U=dSD-TWHf)$~y(3+=cF_ipm`
zUFgWorbadpbK)i#hHa$od)6<V%S_pGuEo^WT`6B<LXw!^OlCHwxvYnPt$ULoUYD-f
zv&cL={1B*Z{qo$~$4@2A1}u(|h9U94j&koYXWQDv7uu-V$bJ=ac3va2ag>Y<xo1W2
z!B=mkd8p8DLsL9`0+$dZ*Uj#b6^o*dR7;o8sP+pWMb4Aj#_KyBa026I2j+Sl=w*ya
zfd4Tvy-z>M*da>g+OqE&)wB-}M}Q@_b39-25aHgtHR!1UkGnT5$-qW!a0J}?PGMiV
z!e-ExR-=REUT59qg_MJyTPHi?mi`T)<Xz_u8-fpAX~FvWeWZsXOyvI625fx{75;T~
zjqv?N&-h787{6;RMEZNj1Pto01+}<c(aPl8>YOPa2U$loc_HAb3k<^gw-UYvdd3xj
z^i9t<q`fm^WTLKhqsf#s)2UPpB=Z``OEa&qnrdO!w=EDf#q0|Cye-+wP6?_%Mvll2
zq~Ud1B*!@uKH^jfw02A_gftt}es-EnL@lqD0SDG#*E9}3Fz_+0Y50=$3CnOm^Q;O=
zgRD|n*z)v5kR7*#f4$8U3M^rVJ7G}=!iCUOjekT2`hf+wxc``m%~zXMMgG2bTnT{-
zg?coM86O#;+N{LGg`G>kc1TJ&IBIoEpHW#D#+?%sciJ+fG8|}$X@r65AO)x0-OIt@
zPMb(?LhN)SppqA_&$Xl-R@48O4JB^`I_%d1s@!|q*SIEIeKVAR&TdWQm3uv6D>9NU
z0@d&THn7-9J44kxHThIBha8<;f2JK>U#T+IkQ508J+)bCIM$Sq?$e_c%jtB6rog^I
zrg3<bdry-VWOp(Iu&Lg+|2gme-{R~4=iD6x)W2ZSf4>RjLI2)*-%Xfu6rV1^q(CnQ
z%(EtbXC)dt*{c+y@_SBuWGwsiBETAe?(|>neO`$V-Ao@RLrMRZSoHJ_>>EQy87?`h
zjh^n*@`Z^ReI{~=kCNt0?%I4%<ZNi_Iv<GJ<`RzDcGcQWmR_wN53O@M3I}dw`jm%y
zfaV3t&NzCV5QP(Uk|$>UY|HR3y^#}bh6S&6zQaV&p_7~C{1FrF6xM3L&EeiKu}eBI
z-yiV4Pkihjj==C<%lYv{mhWy|VM4XrXCSGqK_7fA#MK~I8He~WT?Y|>LEzKZ8Ylph
z7zD9TrOHT8Bv`zS+AT7OzSr5pm=OzR!`+N;*kr4^u)f=Vt_H5JLuan0{3$kVIbBnv
z8edsSBn(cMJ?(ZRK;D+zvXeT;1b;8e*kgg2hex6#C;Ad0u5lRIFT@D1eq=5eZ$~V{
ztM+)<eT4XPhWXti6^~{tt-zE@tUAd|{lJvAl!E$Y+u~b2<oCtML&2AjG(u7botO1F
zCfc>vy{^aMN_AnxLPvgQi_iZc?ajlQNY}OBs!CN-8Gs5TOwCY<phZLk0R=>@ghUY>
zDwwFCpdu=wt)Mu&v{Hb^I3W!Vv_la^W7Jl0MqP@EA}wuDv0Ik|jc6m?x*WUJt*rCX
zYk%Kfd-%?|&N=l5LtTlI>8a;^-uwRDuRM#3E|NPpeKV6fVAb<z@XiwCgmziMLV2B6
z>Ln~7xEdNx3rw&sD4sVdpo>1mk_|Cnaz|)eS@lV6x`T`Ktb~inLz3cmp6uNi2AXFv
z4$ch(zNcD2fk|49((D5!UDl$Ng1E21-&nn+jUBx2>L;g9J1<-W0v!V?hnFiv>zNUg
z<DCjc-y8*0&`MbuM9NzB)eAD2v0I+wJ!DLV?`o~v#n;-Tm?h+T4?FA{tst)UX}9e`
zt}M`}5LgN|D`i$aytM|-bAaoXabQxvhz;Vun2;ck5Ip)d0Iw;uzWpRzDnIzIx$?Iq
z*c?r<A0yUSqC4%JFci`*pa*?amtC1iS*99I3hApkjvnclhtVV+(u~^fTLT=S=7HIX
zcSZ_alMFh%trI>_!~gg;Df#80LfQv_C#GvO13g+?%#|qppg{~ibBMyL$Y{>MYt_QT
z^@?0Dg#wRU>j&(JE9|jg4exjT1GRhU)?1d-cKI@O(dZcWT#JjR?V2QzMHGaGg^bpF
z1`z^C``Uo1ITgIEq?C@Z2-9~mninI9VFJJ7Y5)W*(uunqyZ_e4y*e)^hJU$}MnLpt
z${R@VhPyYYy!vlcxC<&Zug^b}`}*_#>P@rkZp+9(!tIxLOql=jO-ZVa&s}kytiaRN
z;k`2%ieFgl(VkWGj8$WV;P^x0myz-6Y9KHLN)QClGKbbe&{js{+u>N{f0u>^+Q_KV
zuc?q6b+vMKM={Cp77*VCza}4b3RW!wFjk}BLkH^u+Kf?FTut$QeG5fXFOuu~q_NPV
z0VaXJ5#G&B&Zk%H%+pM`j)nig5f5Dba#Y_}N;2;dxolygivTO`e(V*}dZ3OlB!f<-
zojYn28%D2J3M&vj89$R|Gm$H~tfdbXI>Rp2Uu@&MJGXy1thgH$(9Epv+YDQ-yHM{M
z>Dn^-wT|B{t|=epc0E>0$C$!;p2%lk$Lyg{D1cmDuV~yAlAPO6<wQ#@IVe!m=>NS$
z{kLy|XaDRdmoo$ibwEWqD5`}OK&B*5?JkVFd6LWo>iBN46VcjT691)$0*a2lTf;=t
z#Q>GaaSR_ru2cw|@XvbGy96xaPH7|fQ@{s>{If7?7`g-5(7h$(NF~!tduNc<4O%H8
z)xp!DSH-3%&<>#|Dr|R2?vL(yrgif2mMK-^`i&~Jo?eral8&vl>IE6cO<9R1&rMS_
z#hF-kzk)=D{(6jw@;glmeH+7=w#{bA)FJz{ss0}vnB|T}k&q5W9XnO0_gAMld3aQw
zs!-hN5H6;{tn1)CG&^am)xG}x(IoF6k-Js)wOh``%`aY=`mt^<Tiw-U^7IjAOw4z-
zs?UGb2%?--&!gs#xlYe4SfJx((p;P2jKd_;*^ks>-#SIr)zHztPF1$$l_BJk>T0Jn
z*+j@5qHYB$O!=0H^<PD|O?lty5LaIq#nyeBk{}r7m=FG`LU)|#=-Wx8=6|X1R-GXe
zPaoCelOOM=SJP{|Z0N143X!swhm_ikHVZoW#u9$tm%Bi{-AG<EGLub$I^&QnUWq%D
zbl*#5*8U-ZjBD$B14b%!jZk)+Mm9J%U>GMY)K7j5q_#yTxejN{etj4&`@#r@G(qwQ
zm#k9)8NtQpAaiZb4$L*`=Li3Q_8aOUH7fCc?3AXz*7o(}Hj7T_I<1#J-|@~YX?BmH
zH==lqHvJ44Stu`xTxhp*=tC{E6zr|5$2WcUg6peV`Q5`u2vs&{$}OA7-4S@HT9#~?
zGPKQcYKs0!C_?4h40q`0n<2(4o2Jo`vb<0z9t4B<#*DK;ds^iBwqKm^zRwP}6+{yP
ze{;bAy4RhL<614y>798tsqf};UFeOj256E0-6}{x_q4i0%Xlb3LPo;->zVJo+SwJG
z4wd`#-Q!(kKVmtt4Qdles&=0#FcTY&7b3oC)~Zj7?-BuN=a`{KXKtaVPDmq?dEVfQ
z3><-%3+}gPLXm(wR;d#|FAbjr8vdK#Ie2uQ+2g%YH}nYS2|VFRpBY(-B+<$BkL<#G
zi;6EQi<2r8^3Klv&l}37+=1YQBcNFKTu0TRX)%Jd203FTC)h*~o7;u+aoit3;F;^S
zGKARLc7xmI&eDg>>geb@I*H%o0}c`@T9Lx;x%*cM)b|Hl(NdF0+0UpQM-`15I!D7+
zP5@RjHPm&>wr>21Y9v07_X(|Zvg|X$S6-(b6cYOZkh`+3I;<-n%rY^@<Rh7(^^Z-8
z(}|1@C69l<MhmE~x_ZTicKy3QbYa%n2OGwCrmh`d#Vq{&^QPq74z6<0Cc@=qGKYw%
zHH*v5zoa<WS!U)L&uur3tF-r9#iPQ!OylIwDXjjaLt78T;#G*9QI%>4L_8!!bj9bD
z!C!rcwt|s<V{EMi>a;X&XGRa_xFa=UpIU*GoW$A%OHbgtZ!|xJq8)1%eXy^4)7wn1
z&cT<|a@$OF6Bu7XF&C~wmoG%jvC$pYNDvWQ7jVZM8FWV*5IMjJPu8%hzH}^oR)KIa
zHNaEf_n~n}o6Y>_6s>+zCVqZG@8}(wJ-G#qn7EdwWqHJ)LAy<3bh(@Y`BA$vjq~2n
zSuTo5e#?kwTPb*dA^wbwp`8#g$@2vOhbpPTZAS~~Xx>D*zo!!!Yzm@viZ^UF0LIh6
zVxgi28x)`BAau}Pt2fiV&Hpb4uOT@3WZ=IP%0P<uLPIYnYU0cL<`4lHx#4zB55kic
z?CNkF{7Pq%Uyk>5c)K~-VU>8gqSX>ZE846^r4fVCKNX?qe?3G7xjViO?VfCCEI35Y
zr#Dyf=@72~wH5TNK6EXjdS!^`Q7LIgZgl@qIs|hO5tcfb05$v1BL8Qf`_G=($3O@e
zQVR&VRKRR5lMdau$rJ$K5-;{_tQ28Lm2t7dlTAlV9yX>O+y?jPz8jdG$}v#w%jHG`
zGh))v7+vv|djc(ZD<2D7OgZ3%im{sYa}9r`I>?28dv<7wJzK6g#u?!(3@h#NuCoep
z5RY=Jht<O;oa%d)J*03^tQMNAr4`GZ-cR(fR~|p$b&Yh&;d(T@A?!!H;OJH=yv(|e
zyEDiY$J2dh@$0b;8}8BOq*mOLmE$u`C~$`fS8eQM1V-rMlSvBY<#mUh0^tnMvpy&Q
z^7N!l!<<micN7FRN}(U=RkM0xr6%Ct2mBJ6a@G-3o1rDVkAsFh=|e=|O@v$d;SQZ2
z#@P1ACv{qr__QJ$|N8*O-GLS5ah1+B!wqAzFPEw3S5GlRDCoeHt$+rgk$t`+7^Y1x
z^^Gwj%ce0sQYxUW7!$j!Ttak|<XWcp2Ot?AT`xVHg$p*uK!6M(v&^Bq%f02qscTJ&
zm^Kv_GO*IFvfh4X+cVJ)EGuqa%}8%!A=0bTf5Lk`G;tMg=b>C)JNjyh73yV@K#sV5
zX4tYX1_?=LVwnJ>!N<g43iv)-&tUM;DRqzs8bc;N)RLR4v@_L8;gC@HAQ7~Byrc-e
zMSvGG`1&O>`0UBX;zY;3-pTZgB0YX+<8^4jq=%B2dAl{<ZT7Ia50RUDl)B4$(D&a`
zXDzj_l1OeDC8=-dJ@>HeVW?PXho(=X;rqWcpn(I<Us|7GVXjWSuB$-(I~>b%*^oiy
z-tkUVFbI+;di0=F3iik0*N2}2_Eb_<30(I+%NjDEGORznzlR;DdtDG(G(CrimgkJQ
zb-R`Q0S7Y`uy^H&FTlb_4=J<zlhqavlL$oNtqUvAD@O1`&n@Kx-3ZOZH5c?kC0)6g
z1b|$CH`e>DRbn4CpnZqBs%TDWv{cK*D}0zB`ycJj-9bNfaNj0C^MM#E3XorSg+g&p
zoRZj%hR|NaP3Xny6k%mKvuiD?3r+)}GND==HphybB2Uoj*YN&Ur1x-&Bz}~HiF`U8
z{;}nrRW&6BGAK`|ldHW8%@MCnayA+detnm53;Mmyrfuhfl)K4lCpVxwN}BjO2YUD&
zF;sR}<Is<*WD9F0v_2WTq^VIgp~v4C{9jPm^BjC8-8YW{2^nPMLfVOLqGVhYPcO5r
zG59iS;>uU{3a<=xc=rXdp1?BdB&Cy^k$Ppi+&{n!ujhn@wTkft=Uu}DtpsX)#z(I>
zZVJ8%Oe;T`NTG<s1)GESGJ@mH%&NFbh16^1J;9emCN+P*F$wH7c-(qQ_s4~GcrH7O
z!qEM6SMr`k-n3630a_DiqV%zy1G(ruf2;+By)sR%p;U%plnS(m@%(%sv9CyB4W)6s
ze<LOXj>}EMyS+(7Iu2yRD!N!aLqQ7}1U>50jJOfK_Mtcv?*s(D|9s%wBZXK?Xq;v3
zJbN@pN+NSXHZ#9rnb};V*T+m#gx_L^R@m`8dFm06M1eIcVfddWsDIyy`j2lB-R<h`
zRGwT8${+^pPk+j?tYr6Gm;(+|^?C~Tv_!C0wbc`tn$+vMtETl|8gFn*4r~6i!JP@D
zOd$pYwhSl-{>WZuiaRWI5Y>lBwo4184%`b&Cp*AD0>V@QW)zs^yJb%~;u_f0w+_+*
zokZNNgWR}V8e7iXVLH<7n{@SwwPo1d563b^uGpFr6+Mg7I&3pRjkKRB_?i)mGy@+J
zAniiEVQ9w2N{8TJ8QA4C8VzcPi4SMr{+m;<9;^nLz+w&dljk%j`if0NW2aYi1oSaM
zzhN)AGk3v+Ot`4Sa;YJ}%}@bN90wHJ-cD$rQu~svJI!mo4A@g#LAIDk??3{6xi($l
zmJ6;vaT~1R{=6W90OGF69BBQkcF2j0VpJMS3?4vl$wAns56E>1=_LQUi1OXG)5<`u
zDPXldt#sHL?eHZ&W`XLv2zJ7==a!0$T9p9g+QlsrqC`V=zqfkQD+juAwAuxM@NoHM
z8`y4nK}`mxy;GeI0-H6ynOHp4Y?|fI|0Su!=#8Fxh)D3nzs}@izVt(n`SsThSAJK@
z`X5qDpw%mKp(KzOIBOTGeH<KO&KDHZ7u(tK%ZKUR)o<9L00@+LrnAAFdfdTgIOGY-
zT>)8JFnC{A%3Ad<^EP7k<e8(Kkh`h^k1N4GK16Pq1;cIy(jf!i(>*>Ei-cy}!KfbF
zp}T+3ve$a|KqE4DfeHD#PT<T&zkfhsd$RU9orXCk!RV2*oncEi=g6Nr8}>i%X{EN|
zMIB7A54m;s>v7n;(b5Y_!TV+u%{YnksvWMho4N&h-$d|Q;7zGxD(zc`y#Cn<J!x?r
zP}Y)kKHy+G(3|y0^=bg?ftHU}wObTjDr_SFO5I;MjUJd_rBQN2-H8hG_-$wGDqR~_
z%nOB6Mk=D4A{?CPE4W@!v<}FDr>4B87f)@lhp}x=@#g(&k(`-MweZTZm8P^CBg0wW
z`gf*5vYWSU+>mPPxAroSoQJMBO)@}#J7U75k*cs^8z@=d>x!=MJa+t(1It}%=o~MX
zUnfov>cPPW9dhj$uX+V}{fVULoIeFS9{_3C9vEMn3Pzm!P-dk42g?kK-FD(3wt5*@
zxz`~@*CEi?gS{On&*Jk1m9LIS-mmCSI}R30L_y{p$+0i}pMfrpiYoL-eXR`ww<9K<
zbxJN?{G!8i<BZT&VS}*Wmr{>eZ@_GQm&xPl{oZd3bm4i0$h(GzE{p|CqeA3ruA2k{
zTdP|)te{jc_IKI<jXJQaoY^Mptz(l{-X_=enP!;(;7&^^Sbv95#N@l3ju$O*^=6~#
zW`Ls(jlSD~tiBFi+(!3V;Sg>IX;t1!=(9$IAd4k5lNx0n8wUC>N7Yh3>AXv00Y&rH
zyK-RxCERo!ffC4#hi2Ojf05%=om>V=e)qNzY4Kdp+TEvCRi>k}4Y`AJiKKBVYWL}t
zA#|xAc%LcFLy*QwMR_y@A0AzaZiujC72@(doZbM8WbuViOAQ1j`wmmmeQjPo-PO-T
zd`YlxqYIuDyOl~an0^PVkcUi&PK0`DY)L$xNYFQ~HECyeQDjs-lYd#&pI$Y+jh%GD
zIosw<dYPenXZVsLf*6CLrNC_Za`SoDCD-%@^cn`prt{13Ie35$9iWhsNu&<9k$at_
z#<D~kP=r_IEhY_f*olwp;JWIOF5zZ+^VfvxG|-v<*F%DUOvuiXpZJ0gYJNr~Im{-E
zVfHAbxvv~?(D^--@UF(1d7<6*)q+>Lo`!AbOykc)Z?uIBg)V^z6EGH`|J7mjU%KBk
zM($2^4<7zhpZ@FrY)8P^KaYP3Q~%d*;FOI_03el86^ynLfu)&DijXd7Q5aEazp5FG
z39-}zk#)a+-q!+F;V`Pmf%S@H5V2$R2B4)vZR(FEuds0W<PnQzjpo!NHe$-CDeo?V
zfap`V7cRKHHrD0VD@dH~j2VpE{7jiyNBBYhgxdZo&k-fewTCZ?b&bf|KYZ$73fQ2I
zHyfw^4q5_R@jFICHkl;@%Fq=Zz?ceD@(eYh4g#W9(cuu<i*Z1~Tsh`ZCkU7~-E=&7
zgab(`G1y4|5fzZt8emT9g=?Q4o<W~8V!@pNvnZcHZgfh4&6n_l4;AXFu>EZ;3f_-#
z<evK-!ecrv?!29m`J8kR0h!R-T_HZK7t;Vg$Yb$byP&j}6FW^F#{-l)4L^7v$ES|l
zPR0O<L-T3A;#>P+&Fw$**z^sYEkSHk8hSd|$w8~EyDzI1oNZF2kUY1y8qGJ2Ef&om
zOYhD2wF&9)De6yGQ&a==;62TUVw>|6+9#G~<bgyGmv@dd35L-zIf7@7(R~!Sdn%tQ
zFBG2mjXOF=!p?e6Psz4M)xfPJg<S+Iky|%dS*$DLs80*Jr4@iVlKh+L{J-a0A|5LZ
z`7A&1X`~hLQ+W4@DTnAquW6BI(358lKI4H&pZ)Lxn#Sci=sr5Ru<~+0L8RcYp7{g#
z_$6H(#5BlaG%2@!P5>I&OdXcf#ff8S$YW%M_XCDpO}V8d%-5!F(5VQlXvZ{H#E*3A
ztQ_wk!lR`b**o(Mjbz=WmD#NCW@R(u-l*n&zJ%A?N28J_u^%<N1#4}t`AqolrZI=h
z$f;rUe43z>K-|b0`6sFuu%k_J;TxJKkkiOnbq4G3f+@q=O4EA1r$X;<VChAQV|kW&
z;<fyM{fFz&sdKh((q&D!B_)X)bx6<=6LRtVl1|5}o|hceKV7Xt?w1R*e|M5GcQ@FA
zIn_f|n<6s%GlKpR`+*cLtfhc#3vwGBtNq@PmrkQ+Jz^kjfP_p2#CS_3wpe{|!xX~*
zr$!M-FdIe(4WNqxiD5fiRZ2loXR$*1I16{%bDjvuI$4OYx2y#<n!x3mAcErP);7+~
zV;Io&K4bGd>J)t+{H|9u-4V|xl%_qExj^3aYdzt9!&X7O9*n#HmJ5=8h>LR~8}XL`
z*K3`7lg{zJA5dw%p^<Ifso^-k1b$`2-`iNtFcUK{4n#hUDO%2q369Z?m<d>{>lvNu
zFwj60%r`6g1$9Ii_OeD#)qw#D^JHt5e3Xw9f7L<>lREhkU%7bC2+&o!On{19NxbA-
z{5m2O>2RN5!~L%TD#ocM<VCY!l@+?|RR=ZAW|!$D#YjMXS8~XOf%Z+&*OAAs>HU=t
z1z(KN)ePhCIl0hk`U2|thPzV^3v;KGrh1wr^A8r701q#$#W1vs^7hCIAd=p_){f?M
zo-)$E5rj-!=3`4o`IEaRP$6R80I8ux+Qc33R$mhqzg!{YPufaOQ&rl~dvI|-!RWp=
z_}~XV6TTuy2N9oqGQA2s)AgsxG$s_{IHN+lSS<k~V-07Ll^BPfDE;bMJKMe`rbh5w
zk7EBxoAB?ypujuYJT&`v+6xb@hE|#ZE0))w-rAsm``_8TJ7)8-8%HIpeyl@Cb?IjU
z$a9TytlK2}f0zo3{%L515l45Mj3Cs1>WRCX;_kEm?Vzmc(hi(p^msQw1-<d!fMs+P
zf!bz-5}+u`dzJ%);87-T8NhbKg{Z(J1r4TzCpjxc6Mja2KjZ<x6U_+9#eQw&<^}V%
zRUu<Lan0{zdoMnJK)O8r&>1vWIqe|8oiz!PYbE02wIn{%2}Zsyr_au6444@`_8-zi
zHyR=$t}fRp7FTYpgd*8rPT3^C^|V?l&FJQzr<s#{Ph3))<{5(87EnUodO@G`(I6kY
zZMj^!eU1b1dub7s32U!aT2hkxn<f<KLr;@_QE8Sr!Kk1PTOw>w&9ISPRPUlKU`w5p
z57SGpo+Bo_qCyAb*uxg(vs}K6Y?NMoT!Ss`<jiZz2IGJRGR$=k-RG^HSXp=BI$D%c
zVV+TG&CX!>nYS8Q5IOwVrxu=$nz6;p9yTNN;UTE>N+!Is@3ngP(H!nGk-U(e<1!R3
zpnbFBdHeVuvyw~J)UXjq81uVXIz(rS>R}^a81b+HD{}qDTIo9Mx}@Y@x%5YyfXftg
zX}f!`%ID9xHEY$-k@+SVF3AN%1n6j`InsUIv&PlWUA_*V!vLRIbkimpxW*`Tddiv=
ztw4x490bm5W^-q6Z_^47c6dB5&?|r9H;s13z1$YlOQr_bN?wd|1m1ck@r_?hhx{>e
z4vQ}Y5t%lnZsIN!%J4tJ{(L&POyvn&yS4C=D>iabx@<hq4NjjL9OC(PuR5&2jt%#w
z4<(SymGw$E&8<}MkoM`>5VqJv|M+QSsZsTvwSOt&@ehd0WnXDOaqzqw-0Agl2wzJA
zILL!$@X#dqM_y8EN0LtbjIC)#^r7<0eAVR>F?7-M{<PP+>-1p2U963bln+C;(8{@-
z>f%krmVVsy)jCJW{gZevFEHsz?%@=C@2`Z`6qt}{z)K%L?>!KWognC!*X&eR0-!j@
zgHT}WTdkPP!;EA9o@Vq6JjhpD=f>*$(|zrL1I}0`*~pwf+#P+SJhE)BqRL7h<@VDr
z{%t=uaP^5DilR4qaX-U~T+#Xn$B`Fb6rT8$NoDZM<F!zacKO&Lg-Pr)&T|rQRJ8Pb
zX&b&{1#SVz-MA^$rGe|f+*r_Q8<_6{UYI?gD2_i9g!d*|4Yx{$p@QsL3(&Gm#^Yfp
z%gWM#{HaOVZ%SXECpl_YX`)N}&Fa`Bf#(nd#J#AfMpw<U7jJOQE+Zn6+t}oVwa`H$
zwCy9gK|4U3c^yODe^5XM2Y3A=zuLqY|Ne?zxM@@ZUq0A@q=;ove|3UkS-@w7KBR8<
zrLe$Q?Huc>QwG7Ag5iapH@Gt@PIM=+T=3nNv2eaN7Kb0Y;wUO2sI$ssT3iX@r4Wk=
zpRTaOA)~D5O@#<R)z0_UL!(pq!~#QrX@Z$KYy0eS%Xpw*qW+R+Ra-8pniSzc+z8Y@
zXgT;2^*Y5A_;CH_6NXPE>x#uws#B~b@10KHm~eg|@i`Mo5l&<*(Kx{lcZ%M$GVpvK
zVBzm@a{BAEVyX#BO2BZHHt+#?B()6?YG9B)8gaQ&sQ=L}7YE*uk(tOF%RI{h6!J=J
zHpL%mh9*>lc?QS@xNU=Rz!uG6R%t<BVGBOcW>L_=FW=HY@q{j0OrE3_f0ohz7&-j=
zPx1V!3z(n`y~m)gE?d}`K}=8}y?7ZZ(Wv1*O-k7lU`BNN#ctWuqoq)tCL(Qq(K?Gq
z9nyiOi0b7Gp^*QlGOzd#W&mi6wJ_X$A|8w}xPKO5s(XY1eg+lzf1mr0@+_+BzIlW#
zK~#qTO;y%*W|Yt&Oe!7&XqM+osY3b!1|`@_08Q>BSn2aR4t4@KEw1Sv9}@)4`jwi*
zrcs4j9S*lhMq;zs*O!}=;{0pd9X*GPxnRgXvGz{KuglYFv%k9a{ip>=m5)r`Z`-YW
zOdcyyud4c@q{Z~YrX~RNKUxEA110dvaQ}`H=C`L14n$qbpVV#(Xzer3%Zrjl_5F*S
zesRB#NwTZbew3<YBYh~df3v^`dr>DD&k^ZPxXWrO0xlqshn>I+55d}0zT{`DpH?gV
zBi}UXX&s<7lpAWGAY8Sl1v_g~YS;GTaEQ<BNReE**2$!hcCnxiUF5OAFnLBY9s3Vx
z<5&E|BB8@Aft-4|OyORS*mGGBQZNb_3I{nXo1eTf`E><R*siuc;)T<6Whh0>m||w2
zvyyW7y=Ocr3MtYvQLpp@S0)sPBS0=`{Z<XlGAXOTWIul+DxjAF0-s)br$w=UnWp4^
zCk1jBP+NEGZ0H#~{Pd#((hBOC#f*QCcV_6f-|^nb>S`3E|2k|_*QVgZ_9Iz^^Xm|C
zo2~W~z16BtfkIt8(rL@A*2a;k3Te+G<ce?s(Bq<uSL^_RN_O(;vns{+lbUrh{d;ZJ
zj7oK+r7-P*n;d?CKe1E38-$egVDG#IboNW2aXt5iLN|3;l^!kd;hc-$Ye#9u(^&mb
z^pcY~e;kki<%74)b(u~5OS!0O*ZB2v=_~Do4}2Nd1Xv7pMBi3+7VZ(96g90t`+iA3
z^&0m#d_fJwIpX1aF8@o`fD}nql^lN`?+p7~S#M(gUZ-ORF+;6};3`@@)L`;k>*#%>
z+2|Xi)A+~?)Lw`jS-LwN=zr(^tPKlAWRE&_`{AmE%gE*KR@gch<d^>N`mJGTpE|ff
zZj!zRBCocFz~!Yw2ls7;<hq}+n7JT<??ep@gn_BcT~gr(GCF7}A7AYf?jXL>OU71c
zpy)&w?WSMRXiNN!uPH#kXzbB|3<`oqUjaGZbTGj*$s6I#{k2QXXk@&)_>yl<He+!V
z;*06qCb3<R%jM$%1OuLi?b_1iWrqYiv(1Ru<FL)5IKcO}!Ux%QA1yww9^!6Jb{;&P
zN3AKSS1gL)CVr!r1mEFLuW2h090m9-D0-tpemy`UI9=InaEsG;wDHLyKN*?nJKg!R
z7cES*_LI|+_KE-Iz5B$*FkKeM44gi>ieI#rcTX&3RC2!^;O%79&iS3LRVC94(8<ot
zbkQ4ncIjvU$l5SoL9dFQrr4ow5Exsn$MoVkF<R*zvtsWUZ6VC`HNm5()t}UChb4(p
zL<1#n2ef(_pT>mYJykm-9{V_r50qbyTq$5YTpif`FelMS6vx$oksSQXb?C~>98b$T
z!^Gmo5ZaLIwrS{K4RpASf3=iPzLH-qn6V!id<$c=sUU>6di^GP_?KouKcdH(=2V_r
zfh$0=a)!>*PK<3vITmoI!Yw({1hKpQU;?SH5mziu2#2~TpM1-rqxAF+R+fT@{^yPt
zM8njwmhqDPi?mU~KdNt)3ssmRrN@zZY}QFeTBdd4^gfX}6~K#H6$JR~6(+S=W*7)r
zib}_U*@gN)s^h=@^j{iXpntG(f1dlF%IcqY1U%UnCO~9&0DG%T_d6Yqx3QQG!oAB8
z6$YM(VpNHA0C{>1&fcUnKwkk0EDBk22qR>~PAT=_-6^S`nW0maG#K*_pBmg@EBTul
zt=}+uecS>6S-ugP8>i}R9quDyDrRYB_Ol)}84{OoQf#C5f2gUtI8O_cgK(Xr2mpiv
zf!^qvNnfM6M_?SUFQ7vJO#2^DEv|Q)b=7R%GEE*(VqRH(Gn8<9aOrmwcC8+)>Ds1&
zcf5YzYx+1j?-}>lSPvadWFTlcQ0x=E&AO2e;I89TEAL@z=V{|Im5XgYUn=yA+lVpO
zDmmlD{UxSv?-8rrm_RL<+Xl61*uNW1(j#w7A>I;+rrrbvnoKJQhdtqvDtitAO{QtA
zC=;smN<6LUeTO1<rW7l&t!)<fpXJj)fN<(VrYnON?W<P=w-D}2Ka#>ZFSiqu%J8OG
zy!S2z)Iy(Gss{Ui2i<1cRUWu%Q4VxRn~|E<0BxCWYvie?bpB_h*e-cCuw)9_HB@a?
ztSbrCX4HLhR>sc_QM9<E^C$od^-3h9=UN0^<C>uW4h|(`Z*gyG_vS(|jNEv@Na2_o
z>;vf&m0XAjNA9PW%rDfHA6J)!jIl|h4=u6xK<FIht_nu9AR{-9T$G>WPEl@!I(p$w
zP4PKi(8mm=+BDG4pDLg;?T*|x9YpFWRA~)=1)|3%+3Z8s%gy&k%Hij$+Spg@iqaG~
z?=4+Ax=fm7g}Q929~!DYEH~2wPl<}n1?5{496K-HXoOx?7-U!M<g7<T=ozy@ahBgx
z*3)H;oU9Xh7lW+`avtpww;^xMI)LBz-t^NS`zpDz^mlskc}55C0v~1UlBDg)?Rxki
z=l+Yjr5N9jdsLeQc1><(h4l3YDzM((F!^cS8(?B+xPS`UIM0lud@VJCtS<6yTjRc{
zoG5y5HHHHI&b?L(;CHRd?LAyix1FrfTrc`suXb+>GnvR^wui2?r^hL4`h#)$v<DP-
zHVWQEoL`D5RMk5rc3a2K`qa`{Ib*8TN@A6qOaaM^Xm0fi7(1k~EY_ekU_|iFl-5qE
z^5wc0xW#2JvBFh?aK}iZbcl(@eV~WPXUd`j`l6Fmk0bl^klSt(F)YUHs8*p<{K@z!
zcT?bAPI!upt#1oNk1oBeKJ-|xdwqwuJYQ-rI=#Bl5ui^H+?=0AXp>ic^G2N1vRM1|
zaJ!J@D->m1LCzTRJxFg$eQlSMo^-MF_gxs3xjK&a5n5&9WxVLbZ-6{XyrXyd^PBRv
z8Ybjgjfz5jj6H1pkL{L!Ks`(@OP^#q_yu^%1(B~bVLqOgK8nG^t+fLx1zXC6@AafN
zI*1rX#(N$#x7^X&Y{%>yte(&2*s@eaEj4%#oW_R8Gv%JAFHuQ#k%e@u23nU)G&p7u
zUzoHTSZNZB?f=MMUzixG9Nrfu!e{@zQ2zASoV206IO+51&JN4MN+sIv+#hPUTEU{*
zPaD*$9y%6RMMw7B9$`zIXU6^Jj}$MgwXEoG7zTie3GBe!sX&hc{PIhe6GSjrh_A3A
z@KVZy3I@R52o9j|i*j(V<#?<Snw;IeYX(;8|KkBP6IueW%H5?g3h9al*a{39vu`2r
zipOP|32of*j<>jVx?8q!O8yE8ZRCRYEB5E0fP3YA3bdp^P4J)E-2YF%C;&Y7&!Yh(
z21pX9Ct=>T{0~_z8rTbGf#nTq#&S!5*Jeh!d#)PccwKkh#sJ_@!%0X9DaNT!W&+?k
z8N3<#=~0KshxAubnWxK5XYd|p%59G#zMSe^Q2CSS#2WiShr3+4Jvv=JvrhnnM>G_T
zxaBNbdYb1yZJkG#O7Fp|NkYJ%)FUAM1rQZo4*%7Mh(Z17*@yDTVxOLDiv4vb3w_`6
zoee!}(@^;!C0(Mvd|C??IR)Oh_bvbpDD+rUj9jcQmHukdu5U5JmmOB_a~v5-Z>Ifu
zdA7y9twYwF=j^cv2Z4p<!hDPFlLiT(0$l1U<fWtLja694<gwZ)9A39+NR7h?s=<lV
zAIY73JV``2Jfby%!U3jq1ta@hAzWUq?(^{yv~XFmP|znuydmMOt_3<f@e+O`ur$ku
zhFH3q(SVN?@I$t0EM1NwAN6tibRU!A>X<3dEQ1~;he{t}?!g>XHXiiio68ZgJX0cp
z`a7|t4I|{<ODPrh(J4ATuLX*}6-!Zl{mBKz@^u%=?5k!_N_U0a+IND6a=VdYov+n@
zKemC~bD1AK8%;}w?A`%^SZP9y_=h`MIwW69-W{%;Fe(|1+=#m0YREfr*hvbvZ1JYw
zo6L~F33<3(;r$Ej@EUhBA`v+lGS0JiJ>&s)cCYZFnc#U7tWAJ+0+-vS3|<_N%hnfP
z!t!2DgN}%7&`uLQ{oBvX*q-6m;0|_{x*YgTr{u(Bk9JlRduMS|AjwZW-ZzslE??d(
zTd=TJF*$%7J+r6P`vYHbjgw3iy)m(}$!USe2n7Uki-j}jGME|om+*-Fjuoq-awa+G
z9-LMF%}4brH;TP6tPIzNZtT}k8@=mepi#W&6&~P^eRS+0pz0LCi51^bz2=OIeUmh1
zjeMTbw5=GJ=7fEeqIx9PWl_|0qi=eIh!5M)tPZzC@Gu@Z5OL4@yl`%eQ1u%t8dnRw
z#RJapVvh0sef>07jJ6-T5d_>uv}n_7*i8Ar3_+y9brt|j?{*6L=aLeN7({<&uwHej
z;8q5w5ca`^>-3~QgccY)-s>%g%czG7ZkLHiR9Y}-U?LA?F+EQK4smT*aE#Z<n?6aY
z$v{;jwDK$$Eu2GDy^LE#$qYRofyL6vOG}-yDIfXNRhD{`^u4ZV@QE*k@d5j<ML6Jp
z+h-FF$g83=M(Ut?$12vl9O_}?@->!)A&aTq(M5go9e{@uN=M{5h~Gw#tG>InKszFs
z+$)Y4_S^++o@o-?S3tk969JOon?-TDkjKM{$Fwo<pqoyp?Ba*2lp#2dNTj4fpAR(4
z`TV*!OPyg}3XNb^8+*kFfdDqP?j4O3(zA;{lItE^b?mh}ivMZ_F+Fz%F~D;##^|fg
z3codl?!ORW)alqwNNbaZPe0)d3%9OrQZ$#6L3rT4=SgXp)3U-SwpBmul*=!ye;=!z
z4z_!5I3aEDK5b~ZunGtCVyoRA^{dkogA28E>?XZ*mBII13p$f7WBh@+33Nyu%4e3D
zG~LG}&<mVEav?Hnj~kg{DbQZQ4U`DPrL};GZ};xl|8!{mATnJsSK&#MKXULJ%B`C4
zyS$>B4oATrR8L~)QDfS^^>W>p2c=NC_PwVq9dHZFl`#FMEaSfoE&lIL02{==h{yii
zfU7R`C<A|4Ey|NiNK)ao<$0+9x>N-r%|95E`vGl!2e0X)fN`jk&Fu&Ps1dMYb^LSd
z&a(q2?GnPD@Iy_$WR-)_#W=AYUxt7cKtOZy(Wt}9>{Dx?BhKgbl|Q*{+LEWZnsMdK
z+_rTtM7^q`_n>O*qdK@zDe*}JX};H?A@ljEXmQwjk2;Cy1!WstF3?Lg?(9UM-qWzN
zn$YPgfL?1+Cbmd_FIPS?FoLrvcr6iF#@^u0DkNi?n1!<LEXIX^oe#?=)?zADI~l~*
z!0r-W;Ozt}HXj-;9@_!iurR$4bH#&1b_w=4g^aGR5Y<W^eMf~{sFYH^*K<<V>Dzl+
z4{WGS3H5tTHX~JktAs;VcUZ{No2MBf(@WK-=!o8*$`NUiQ?)44<h`syj+Nunb8AJp
zvHNTN;a0Z2Ez1EnfN}q7uR=j15u5^U9DkON!S`r-|JqEDXS^lYr?Y$z<(ae*(@p=4
zYmgfVXrNOzfrA#7D;jLg$g;(J$vx<F-({MxegK?v3C?FipH-4W_8-<mJ$o;J;yN4y
z41}W36|hkJ)u}Qn>FRjr?w=ebqX8z1e50LMwATvY?2I7st`(8-`_AkjYykBtQi#t0
zl$ITRYsy+)Dzt{2QXt}Q7SjtOL=jeRD0L>F{!gwUre<`qFTQ!y0c|OdoIF)8K5*<F
z6gik-qjFE4Dj7Lx+}wIP{|0+8xjli5_C8YUkUtO7NUkMoWj?P=X`!y6WK%nTq<x~J
z@0*2YnO0s%1#C%lf!&mxW>oOy$E~J5Kcv9hN39}oH3P0b*)nq7)!ue#r(N}V#0r}x
zy}op8=^d^A)e3r$YbiM}m;(|~P3%|O=zh7D5o;-=+DyZM$gAA(w?DK47gW{kU6<Z4
z4X$(Yx0O8Od(PJ&Xf_4@H3iB+G!57dKJr4W;b2xLK2Zeb5>G*(h~H;d$}0Nc@m*!;
zoq4!hbRWti+X7<GcI>quH?&kfB#!(H^m5=5I{uaeYnWBZm*v<u1ckFfdrvXGzmBt4
zMPvb(vAdb&2%7RTrl^a9a{b1<5AzhR=u>aNLssuj!BhRtAE&px38?Vi=FN!iWLO2G
ztbztIo7i)_1uij|2y3>ZSeS3CzSvv^l};F4iQgv^H^zu&7mc;Z{MM4|I`{z;`*Kl>
z;%cy|S^#^0<b9v96Tg3rhq!<r?eDGZ$H)eI$+|>8qZ<=&tByGkzm|t#r+uGuZ<%A_
zrU*+9%_XQHgM$BU!cDt<T#!c7@QX?B$nI@2+wM24saNLaSvO4Er#Ci)k7VE@`{~Iy
zbWl_sWSs`uD33D9B&V9lRGclBHlj!yGrE(V7|jR!7^G)naF0GYI94j)EDLGJ9EWGm
zI~DNdM*G4eQ<~fazn>j>2g#nprtbv#B=%hj!HgOa#KoOU5Qt_SBa?Rw&K2hI!@Kw4
z8pS!ncg^NrCn-KiQq&2oJmt{z2Sf@0i;0^RGgQZEc^MwGy3-Jqo%%+<w`T)GJXVNG
zfSM2<N<Ra#)*HaI)~^%H0t^Y|W7gP3a2p_HcOU;#mHqQvEzWB^+HEVH;v6J7fayD)
zR!_IVd%AX*N33=@bo<KiS)PC!@!ZokdJ!rstW^kW$(RHX14ELOy1V84|98NEDMm<Z
z(ORs76WT@Jn~;}oF6od3E)d(T!08-mKcLo1!2XmD3s-gj#UQt~n{*h?*)%<Dd;)YJ
zUEp0>;`g(n@*`Ptd4o4IV*Jy8K%v>k1#s8XzlPV2c|M&uAW4PhfxxFzD?I__xzG?x
ztJX?*4<|vEx#cwoH{@{_zXhStVTKg2SSAGb7#qou1znVEawhcqAEaz}bkmsOg$h$q
z7S3Y3>Y-ts4Nw_(JfE(C7tU{H9JBb6AEHf&IDi;4Y;cOYT&|q<Y`a_tz1H^X^b|EA
zRPRZcdGW(?z2%#8Mq?8DV=FI=YVB~di|PffY*Pv^I27)P<n3tX-Hvbss+J3Zx&o0F
z3+IMFPw&4W!XID9R+rFpHVaKZPmFqSHmlM9%wH0f$#QuU)}u~^#MHnC`RE3^vPDoL
zQ86ElpukPAan2q|>U9}I49INjQY+-_jl2NJ(I1!qkW97otA~PjMA$!|dPubC{qj-<
ze=cFGQfwes0}yBx!a+6MkG_Xm#B(IL;ha)&rkz*P-&T@Q3u$-qZX+46+37T$Xe4{%
zl%>90UcFlFsCfY5xs*pKmF(>m^?@W!5%ST$LU8;nuv_2KyO*&eFY&h?<w<puQajne
zztt1S%BKtHxP$!C<Q{9w;RkRypa04v$oL0Du%kI?$Z2|}x}k?e!q-SQT}LN3Eh7*5
zC-Bi*sF{66qn^nx`@L^>931|aLL(vW!GrPoGn?%)kcoaO*EJ9~7Z?)K5q}LI)cS+N
z|EAu$N3xiV+7H;)4nju8ocUBbHWvZ&{^#F}a`MfWIsEEfr{>e~$wpwFFOS*$VYv%u
z8BNa$ddA@pA|_Vntf6A&*=10h!*iKQ(B!RB^u5SOA6voU6U&l7Okux1)6f{3y%?;S
zq6l7iAqGOk8$zx<ujmu%uy5|0K}J%6r@oZldC{ZNza}`9<jmeC`Rd<@(7kh5-$x@f
z;REm6#38Z%qhq`?n^q)yHk$-l-g^A1V>hwV3`ETSJoF~dOyHdl72YK;t<l0RYTxUG
zV!`MXeEhCTK~$gS=3zXKTcN(cG%29SrIqir!!>rI*QRL-CH7z<30*$9{T*Fu!9!M@
zpr`k<r8$ZNz5^c;g?m?C$uD-+t&zOh1ecV8HP5`nT6NX*HI(dYy?lLy?TqifAm=9h
zOk^J4f6GU5^lz5Mc4!evrtTn;k`Ha7CkNl=V@|AJN)}zbht1qzg?xU_a(HIl=hw@d
zv7Wp54&B>A`PxlR0WtDp72j0?mjKZQekFS;ns#*QYkFIYRwB6yf_IK>um;!!-cxBd
zd5#abM?p^7y7wPR;%lmhGi=3kJ9p%SQC?*jtJmEHDvB~9$2-BUGDu51g!*QPy;(@C
z&OxZ<jCf0=IET3#rib5?!g(?^IrZirh6!WKbC4?_Br2<3i=QtIQX#k4<)xv}B{<t|
z=QDQO1yKc~sNNE#U}HTxSpvypXnJz9US70ZKJ?vDIzMUG-VQXjw_f1YYUx#m-%+13
zgg)T=gP`N6{3`lpJtnx+0R|ISit(4NAR?Bfa|B=zg(gy}MP<$dP}a}-6de_?xdx&^
zPDyG%fj7OF4(CAu{hyBQ3~Gj&xiF7<ly7AxopfM-<KS1?QBLu~7;T6(dO<;w-=H9;
zz^B#njPXxL-3RCLK!%TYE6o@$w7Ww7|2hnDz!e9>$PYjUTq-CRdR%gl9=P{>lkm13
zk?`Znc#DD|RG<cjd2915fA+lqh)9FR7qVj&pxxKIQ+=dl$x(cFROL$j&}27n=Xxad
zX#nuQ!8gov*D7xlm(1A*bK>t|>Yk1Eqy1i4YeHI(7t6@egNTSWtJj)VRy;Fm0X=_L
zndDi+Y9)*`TArB13+b3yEzq6d802D6n<MxDCxNl`a#6^IGO;@i;_KaSE=9HP%6;le
z1CLT3Zq-cuTM#6%Q!dK4AKKMK#I{;+&)4+`+#`dGKjg4<IZNj7$)$saI*W&VMQK#8
zwbJ*7_`-IFC%1LZ03$N-vr>eNB;Y5bIf1vjlf6?wyDA;-lUg0oFeue-OPscq&GcrQ
zMzvc3;BaYkmyvLE94~@Ao))?f#+AiBcW&9qLrQa-)p8>N+irL4&LrGh09e+fnV3mW
z#XY9wqia|YTx0+BFkoClM<b20i9R|GbEOXn)m6QyqoMb;yhWxEhPOFT4-bz2<tlUO
zNM8xOX#NDdPe3)J+?ib6m0R3UEBP{H0Tfk>9ycR<mulRq2j>ao8JSF?hWD9r__}fA
zq*l8R3Y<Ib?6v9{Ch5s>CchhnTK)9#Z?q`57zXuf=e}2Xo=7Z(FI+Pz8m4C9&}Q_$
z!{@fi^M>qm>A1l$w572D^8N=@rb;~mNP<V5cy8M{xry^P!;?5`>_P741U}0wt}gY%
zLXO=dW)=#BfY%XKZ6ohqXi`KMzc+hkUeerdweDU|(1XHrSvW^D=v*BC*JMwWbi>TT
zof?o-0I$KGFVKf<?`ie_Dib=Z{Z_sCYs#*2U#s8-4f|fN_MA8jD8^nfzO@kMqF>rT
zgW%Q1HF60kDW3%#S{L8YJ5TBZYWWp7qL7~W&9>fYKmVegg%-x{XK2;x4iaqm7fpR5
zp>F*H+NTfkqgB_Re8N@PFBX_{mMe6pT5ZdX(gG)@@8UF(ap!;IjxMe)4Q{#ojDuuB
z4hT#~h99Q6aXuhe{#l2g5j-D6WP92V>{L7Kh}HTAY{M!abqM!V?&8GI9~d-rRH6$T
z?-bbB7~InqM=#cftS*#{EDf;6%#D#Bw0W-l)BrNnZj5h+cS_K6g@vBlS?Q$$zdm2m
z9JhK^3N}~n0H&5#^iC_93fgO-wS!H4qm@C;IkIn0C)UVwg47PL)NOQlJGg7{7GVE4
zke>rrJu}iCvohrYKV3JPR(~YRSic9E&>&auI`mkgegC{nIY4q(Tp_sEO1%`2m}W2@
zoCtWFcdJA0fsL$m==^L>o+DnO%{kJ^t?adw2LeobQA8duyqeqSP;aj$P*%GSHC=n&
z{yqi7$NM|bPk?Ys0>{=HOE|a4r)}-(2y5_H<l$u$8PfHgC4=<c0vu;5bXl=@x<R&z
z?$w7$y5vAd8b>YCQ(x)R@+`UrYkXta_m$`|2dJQLEQKhFWCG@mLv>hTo)2Od4iB^!
zmCSaC&I37#4M9(ZxMT3oF#S{ygaiNmAk3vfJu0c&7kLTTN62mChU3CvsO-XnVyTH-
z-}wz_+D|D2?+d0u9%D$+3W}VU4yh|VSzwL&lefVAzvkQ6$v=m+;7hkT0~{h7#e%tu
z9`(Gz$T;AZ_!6PSJNWnj8&r-;_!G}KgOlF}KJ5{J>rI5BmL`m*?P&KkK~gRyxiYrf
zP7Js^1$6in=vFwJehDTXQTyk;8=w_jP}m-YzqoW@pZBb(T?6cqw<{|d9a*G3Jkt#I
z+dU)(nN;){Y)(SRtpsP@#{EqSJ(T>q&B<-dWYRy)vBu5#z>ik|nl_#Pg9W+{NXK8B
zy{mz0qAOQ1IJu98XGdsyN2x(^3Rb`=e9ZEA9^m!UTMQ~KG?h|lY*f7#4$S55oVG&;
z`QaXgINnDtFF~mKy(#uLcB@jqWMMIL!sWMqX?khM=X5MP`z{^p-%QLM^Tb7pmYg?>
zUt(>uK%DTCia0QCaK$|^Vv`>bzK^g*^&K(YMfKLHy_NQ`-8{WMpb@nk4v}n@FQE%E
zyD?GP@#oZ#A4tR*VuHfM{*46j-n|EakLdAv{k48Yxon2r8ny=LoNfY(mo?n!yJl9^
z(D~P~>{naKgJuj#+<_872Z5%xk*q&sHpev+j;|Rh2#zr%DroNF))N}Xz`RS#ji$D1
zzZ+v_T>s51-};9~Go3BF)j@f-Rnz`|dj`bJPp<0@<cRz$7_T>U?wd}Fwm*X}NIFrU
z-H@BL_qaAY*e-CNLT5h?ai@IRoPrEKZRIFiq;N#$J9_gJlPJ(Fo{X8fn@4`RPV8}M
z_C*h1ped8Ub>P{_LLF{XZ$C87EEze}39pH4>2w^VX4*L|a<0W3kwaN$#b{PHe#bQ}
zcV(S0LtjNmAmQrk$OFdz?|9gcV6x)-w$^dHac~8^@1%1L(`fTMlg9~jwHf~JL*WCF
z{K)5KeK;M`f=zxIu@w<F3(6pmB+6Lqkfl2vqjPxT$!R|@q9fQZSFLVQ3!uyKt%xQ%
z>h^?kA$k6U1Z$vVSv@!?Fc58(4+Za`nK>RdahJ9CBm+7n?;i7|pVR<Xc(rn+9--(g
z&Osl(WgDAlqO<FF#<cFQP9;w;U~7DZKW_j#_Lo+PLQUM`7atvLR18h9WR!L`7d73i
zi*u}<F=rY>CQ`CtCNHo6Ncu3}(2IA%L9x$>q|qET^gPqgeMK_eIry7GVRlxfm<kL5
z8xQHFDZ&fC*^tk<mT}XNqS{8wj2618w2t`r8o0~~wbD}|h-*Zrt>i)O0`0`E2AOQJ
zCIo1`9cYRmml3t3@Rt3b3K_}hewOg3#wBTuB>SUM>!(~&tnZT}Snt0jDakX>micTD
z1^ItvCZN033fTifYMaLlg*qdUTDa?*M8fa2tppLwUue)t0Wm#-AJh4?MKQC;r`?+G
zW5=P=FuTU`{KXeD5uBRH`&GMSs}=NH#t#;>fxUmNA8<~xd3dn^9TZ1;I0KQ-vSQER
zHQ_|S0My&VlQYG-e53O0#j&$MK~L)-bb#W(#Pi9CF$VP(ZAb$4JSLF9vKq)+dpoH8
zEy!(}7yB!9_Z<P3U|JoD_LC<m>9x(!`Y<Pci|wtr5aUsazYNYaCWmzJkVEiXSN4M?
zoL6sehJFBh?JB56PzEf6%S(0bukYB`8N#L(iY9l+o|eS%{WsIuZcF&&8i8#qKKX}q
z`j<a*wEkBq{NLX#!?pg4)s+^8wLqi^xI5f2h~HMwPFNtH*TzxE$P`C$;zPrvrxI&@
zS0429Qj(30*YH**gp6BkC%dH$|0iw3|I_@TTRX=6d84qL?h6G#2x)VJpMZ@N6T|0m
z-myFl*t1lC*?T*o_paywTt(C@D6>#K_~nF2+HE$D0FMLkE&!(*<=t_)Ue3_yd^$v4
zhe*5eirTpt&VHXc{?L;zV?P|5pvXTo<xreGe7Oyp@xfXA$f5LTwS3;L>C>-O!$&H=
z^b>5cRp{zn>9U7Q?a=r!di=#4D)_2~O<IrGbJ~&kD#cG1^xm29OCu!UM`!SU<;+=w
zTw%~?Sa69D#*@&`m#_+<%#LBlcz-7bJQK{~CkEhB$Pv@+tRs!c!i#ILZD>Tn2FG3#
zI@VdL{>F^;O|?Ta4ca|lS?QVUGwJLQXZS!~mLcMLZarH?{~~ZI<_@Qn^*8*1{IAa#
zGhNgI{{ynKx9i~b*c?kw3h3U21=mc<9T&~SNE37?Cen8LY`%WqS3KkkEP*|mppW1!
z1Uf?^WLJo{*yB1eeYz9=RGKlZof9r<hO#rcy^b@T<xzpeZtq1jbev2i2fbtsg*D{O
z)bH)<-Y(S6GU?qPD}+5qj*KVys5dlpySEtx&nse0G<{GbqjN-sLJtKcu!%yDI6f-C
zmEKGo<jIxxuq$S0)u7|e#HmUOdr>G&QJ*cAZ!a)}H8vDQec&U9#0dMCF3yd?!G=;(
zrc$veI+v3S0W;x5fI#I}aQ+pCnDI1Rl6|2Dgbf&a_xOh2qp?h1VUy&=4dc`+uf5ke
zj|FOZ{luZAu9BhdPqC_eUw;yBC~9^3UZ2|Jy>)ewsTvwo#)O_Bla>>H*S3Usv;p^$
zs_slVA}exVwP_Ekv*%jA#u&H6QhfQudy2^5I$XZblaXGiLuG(2Urm2I4_w*(?YrIg
zniNy*{+5lgy4}z0CHER(7sJo9W22nb`&3wPCr3nZM`aBGU<f9+!=DzD(`W$omQ6Hc
z5dyHK3ee)v#rX#4<{-1YQZy<#;0#$+<V8|sJ+H}Yptbm7X6!4iX1Z;)G?V_h5OsGA
z`?cODZ34qS+BtxZdWEZI9F8%gx8CRIXSLgM=Onsh-Z8Q59Q3(a>leq)ybiBx%LQm8
zW-r-rp4oG%9s<R(@i;vraSmTmWT1bDNHm$$+caUap*C^BUZ<@|REJL1B2Kt<f`N|f
zlLI#@2%+4RA$rl*q}*Ph4`&+?2i%n$;EGfHU!=WxSQF{G_FGk{Bt;US0tu50l>k~q
zL{U&g)GA06LE8!j8&n(+6|vi?alo-sGQ>CqL{yxLC|Vt76bIB+P!wrVP|?<<HquB(
zT5ZSfmTmVsuY2w9+xt6bt^J+voc9m(LazW9@YM4@&wc-H$s5{d;|%YVAalMKy$yzI
zO7Xj%om??o^M>y4_c~s+&QDt@MI|AT-Ht}s4rjSNm|s|Uh`ob(19AfHGOf+JH{Kl5
zpP0}kejw7zRC0c6KGOmgs6kQqIgr2jGlzxLKnG1uuISlRP7<IqZ}9b6zucsJ@T<LI
zu2v;?3yKoy8L*Q8&W59?M@9jTsX=6Ku8UL;3y1GQQ8mzf*H&r1oD@G~<bzarOUr0J
z9`ExAADwT`C33p?Dc7M9lWaaG{OtU`KX~|n3i9!?V*%UMv#Rx>wqc}yyy!8EG++uA
z_P^_)_>m)fdsj(CpC94wB^a>sr&9~>0!OsF?4L~t!21fIE~{S^WT}D<l(@{Ili-bs
znyC!t#rR)TQ=_JPJGq3&8qyFi6}8aAD(X|ie`D}a_?dFr=RxrQ`I77(3p4=40fPY`
z(N)HquR}b+^he;mL`kF-P03Hv{#eiq64ejX;^#o7Amge5;snG5GP)twsYPV}{tBRs
z>No(b(vu|jpgBGjm8n!insl5?9G(EbvU&-C+XxfK$M>d?AFNl7>`c#{`bb%532(dY
zxH4hjnA&POAyyM{)v1|&)9U0Stu2&W?<{z5&Z1QJc5aQP@EFIa#_f~a!%s`>Vu%!P
zQz8Cm3#fcAr^3I>;_>tad+Rx!kV|@)>0vVG5El$NeAotYO5Fn+1oo*7eHb@~xqkrF
zcOpN<T<R8}_G(0jt7xPL2QM|@J}3C7VF2^0!J;>XAg~GA>P^kg<SgPN+zOo09I=bW
z%t&QAMwV-nN2iOYhVK1+3?v$8$-Y#0FC9K_jGkDF&dFDKK{AYjhU<8IBE$Hv0Z8rL
zI_X==6NX%7&i^|krlcV~z8w>upz|+<fKt5Cu})g9`P(e8kd7L9(<$DT9nKYNkbnZ6
zu>M(n4u5FK-sd_t@BpCcEhJUwa}tuol!IqfZ_jwko-1?S($mc6`2k=oy3d!Y*zthM
zBs4s9CfdPEEM!SN?(=;`<&$TC5^?p7pF<UJOYgF+*v%|$%~i#a1$o-_@B5ht>V4sY
zJMqI34@Owlr@uEq$SH>;qG`Gz3Gy=;ssMeqPBb9Ltf~<w_uvPX2q$v3D1(E$s~iiT
zwL<qxWbYon4OO~d?y!y@Es9_R9~G-N<nin89?wcG)7E9+;A(b%ja}SOo^Q5UUU%lF
z3>mv<<V#ttMDv3SmUFTx3G%2jLfT_oArLO#7Ed?OYrHG+@c}?b;d3G_nLo8Gi^Ji7
zd%2MRZ);;62SY~oRpa|MZZtnM{E%I^*Q?nfwtSPqD<`I>riAK;7~-0n*^w%bwhspE
zc;Oaw4)1-m7D{zEh1;u5AOY5pB$ga@)k}`Y*(l<pwqVDZJ0{UaTaw@Ym5G+xXDuVL
z2U1Uy`Tp=?YI+JlK-NNQ{=~tz5Oy6!;%%Gm=%C1F?<k+bmy)2fu73V9Ug>5enuaP9
z6)akZ-E(k7&&N|2W2kcu0{G^?@7LLdT`KHy_Su<qCipLoO}k%0((^bXZR0{~{-9c>
z!8N9op#3vwtp2Z24nFEpHV4($@KxY9&C-;l<$CF%z-Rz~T#<IUE-XH=c&rMZ3Wy>D
z0%a(%@X!ACsHXSSwB_2J2R2%vqo0c5G*zK#YzJIvq(qB1siM=0y{ov?C(Ta0g|@?Q
zDXI!2nU8U9Lxy20>I7k$Psh%uzGBzFqLWZ-+}w5iZa1#@u+jZ4U$Cn_o?KAa^~`ld
z-tI(6LbK2EQl=f<IC^b`wbc+0wX>5{lG$(Roat+LZbL2>T(c1f8(vdZD`CK60Q!yv
z(N!NPI#iu}j@XI2d;_cpOU82I<aG~FeCF!h6pSoVnF1Bu11HKC-Kg-6h_vU&56==!
zYlR-Pi~-~}rs-4h`2At8X>l~!XXhpAJZ~GOlP4JgQ(T-!lmfF=msyX4N3%+Ena3X>
z5v&O4hEZv|Q!{J13Q9f$GWIH45_2J+c&x$mZ_!LR_a=<XpgIK+sG}0WKdHifAmam+
zZzj2&|5HqjPN#h@KNeTcPHY7QF0>NCv9ruSD&zn1Rs$rw<!StYB;CT(<uZD%I$!pQ
ziN6}ogzjw;-^sue#xukgYRw(1=+xv%@#H-zryY{(AcO5}4=`oID8UeV1_fUgn5lx7
z*MDwV|Gyn0ZjhmaP!t06hCcOZ;WCx#7su41E`s;KW-jM_?V=}6_k|pf@I(e^@B^4C
z(B`rns)mS?1|5Px-?qX}n`u3qNC~D;8<vlxi`tm}&8c3>wXcBs&2IVDLfqILranL7
zWC3suAD_BxZy%S<etR_wdwtMtP$qO(l0+Bshygxy@|uHr4$Cc)7q@ql?q&4B8T6aE
zoqER4<sC@lVtU+WM^;{B1m7z?h(kJda-kXTxnX!KysfwusXW42%jn3q0^@LCfspGs
zU2~NM&hmKJU;c)gb+{Gz3E0eL=|pj*@-rrduK+xT7>t+?u~=4$A+AL}u!L>0qF&T&
zlf3)^lJSDke(2A=QQ0ALJ)&cK-!!U*ezHMQ?;0qwgRQkOfG?3y)PFcgr94>A0CLHA
zWQ)oO`9#}#_Z0kdNrf~@ZT`lAJ#^M0Pb;^$<kd`F021(ODeESb;^SqLh~jbA5i(pj
zy&TY#tBBg|PP=&*Q$|5v(h}6AlSK#V4cbrH?29jA`N-ln_6H{m9C2&TQd8eh+?}2d
z;>I*Fye=w-gPz%3G0g2Yd#MDE*>RovdN2Vz;g^=>#D}%Q#Zr0-Cz25xmXt~WnWI1^
z6OX83aRPPcP_4qRw`ts#zmn`_4wqcjX1((AnUhQH8`h7(8Kuj5f$`aGdP5UlTFc&%
zGDn}wc7F%IKEcuV(<+jLub+NlvEw5m9)h*p_9}TJU?6X5rl|`cKW$zKbf^V_GLVTI
z)X=R<B$SZHul7iOXVRGCY(8F5)U__Q;tPqv#?a7D8Z_d?TeCWhM``NBV`OJ@=#Rj2
z?%Lv|2|jy;kF204WLnWRk6+Uz(j_Wp`1(4LXYDKV2dUZ)M-2}oT^Y`6)){(2jFZjS
z{S0laKSNT#tx+4sNBsD0D%5+w10$`2DjQ*tS!|`I&SmL7?QFtv=V##*!1;zFqR6=d
zpxFdPF{7jBvTx#=edd_l6G=3HWG9~eAVY^_M1?-CF#63ZL02?GQTLvKVx)-Y(qCCC
z*XIajRvz!2E0UJOL?e4|F{#O1YCpJaoi_9jt$7zD>aK$Jmh<_Tik{Y9iT*r6yYX#<
z;^~oaZUz*M;2VGLV(IQhRQT-Wr1w*U2?!WnUiDK#?>%Z;n0}>@1X$B~zrhZ4z$aWW
zW{Zo8395y3URm<7(Ma{TR69#k8<z542)zPUC4Q@T35#bcn6T?GA6JFdo^@IS=IN;u
z^`*=YNiMlar{Mm}%yI&SkLq0xl#2>i;^7Y)&7e;JHzbHPrUY@Y(8i8Jv!_9E8$!`p
zKbu4$yBK2tPEUz~iFKu><HSOmn)=WPAvfGro~Q3zvqt1!evF4>LsiU)Hy&(GLw=3U
zH-ZsQyp9~}`<7Z5xl#jPY6O}<2B0K}^zTTCMY9&bn}_6By@8SU22b_l`px_^Ns22+
z9537Gz<i&NGKrW)Ai=S#QB>Bph$`gFCYLVrK*rzURf^RB&FWp;RY{pM8*r!c;WMP7
z84m|H?|*R;zkO$bvOH#8A$*UPqft}zs@6}ogvu*K78Q4BolHeLJ~hYJKlv{E;F1eU
zWt9>TI%j~<szEg1G1B0f3nfQ4185!4E@0aK-QeKA`FBuOjSvsWl7opfej)Yrh!7n3
zgYeE2GS+|uHL0@P2Dace(h&76lY7YjUFN2y5eTfxAbZ73@QfWrmEivXMb1qWGQTq6
zE^~UT&ks8Q&jT2Sai<<S>elw1=vZgj6QZ+7VqyuGmlSvFx){KdVJBN>!Efrg=+!0@
z%DD>c<?1eF>dS?eDvp}-hF%#A$n_zymW!T~Eupgvlw|?Ml?@&p3vMz{0-yS+6|PsN
z4G_TJ1Lg`DFBc(i7R5i|&7$@$$g}DE7HLnbOypUas(&U{=h<;!XCcyCjc+t9$~A~W
zTdEPb)4!Ax6y)|D7B($sqXltk{+ur!Y60=JOb>6p@dFUST^VB5>yFtJ#A@$A3|dM^
zX3+_L3-t<VsD&z^PB&3A`xy0D2TCxXm<d@Us#3uWS^j*n9vwh<7-o3m@VMDjtji!e
zVf-^ZauX_1JcUkxu#Gq-Ma~Hx{?UwFafXKiY}#kk#b_pKZX%!gA}!mz_I=rH{NN?6
zXu~ro`k-DWJ!KZhp3Jrw!gbu@Ysi#(@A3J5T4{B&7Q{*v0;5VmQ8~11qY!d2#+0V9
zawbDHJ=!a(#WpnLLZj&PbzJyHFI52<c9jbj4#=u5X0b7(sD@jc55-keiaAU3N%FTU
z-UsQ#dv6F8FL6Dj4gTpqM<(1^=LnPdsVKidi+Gp7Ns4pg9ft;!Yg}jNg2e1*mn*m{
z%0uM5h{ByKQlU7$KQ+zR)SQ<0b1Z-8SwRv3zzls_AkRlHlXc`3s;cMK>F`d$du^4S
zUFNdG9xUJ1W_5}5D=@g-F({?8mC4%tY+;}EgMOs+c3%g1>HATw;=Zn!S@Yy6I<Gym
z!@dRmk%OlN;6!voi+DPnOj_oO;~i&BgF+H*e{E3{9ry4U`}%-`-x?)%YE}JypH0i*
zztuBSlUtsRj(XP1DxE{`|8@*@W$bX2Iq6|WPYE8k;@S2`w)iyHoM?KI7u74UZQko~
z$ntGB1vgl`k@Y!40d>qMu*Mj=kWL2s)PyYL*LoX~^>_y4-SE)?Esf{gn$zs&9h^Ex
zYc?f$-7}>eXo61E&n6Y3zj4rX*F;)-3Ui&+#Xj8)ri)7-BEVOX_ER)g;kLZGMbz_f
zvlZ|*Si=T9`Aiq?Q!-^U5fgmINS$YZ0wC7Gz~LDNT03PAs(f0H_p+%>a#4TXeivMt
znwlp_i^BBrPcTQ5!aRXr->1VodK=&x4dg!+n^J2xV{0LAu!^4x%;oMJ)SWfPgawz|
zFB?{8c@}js!2+pJ_$=QKF<%0qXbIS1UA4d$bFocQy7!3IRFU<^4mM=rUb1&IX(`xa
zg{S_C;nW=MzIy*#A)<!~!d`hgv%51;=CU}ho3~9;jqB>0$!&_#XU@5<n*TZ0Q#rx?
z0}Y~I3Xq$e-)QZ(;j6MW17=a0O;H{vySUB$S$Q2aYnhV`+>HfKe@G3mhmHMG4>eeC
zL^Fwpy9BSr4YjnNv_7$7?-Q$#c*II11SWdO!WM(d<hh~Q=SMr%_P#WdiaMZ@-E)X{
zKP1k_SE!lL=21PfZ*W5*O=-Iy3ZXyP_ZIy$lTH|tj&`u0A{xX6eMlj53+CBJFAX>`
zQ3$?P;@IzJqFSLdq)0D@=F{3nM?N6K&x?Y<(!ns8kW_SnRhI8b5|dsBP3=E982m)X
zwikfy0l&EHX;##nD3H#cuqQ-x8234~-x9omWSbFSfM#d<jV289u398VdZ|%&?cH3{
z`zH<|>=Ka>Yu4qrQhF0;m6iYGBmBRAm&%|Oz=)NgNH9=3S?7{oCGRU+J2P5FPKYx~
zXeOBl257LglL9L<W#t7A&@=mfo{Ip@M35E1NRUWO4Cn0gX|PrNX0{!Uec0em=XG#i
z(~knqj<{`E>i9PcA8k!+%9TX7AD%Y-ccWK#fnlW*b_+LO;_b&Ain+W*49#vAWDBST
z6Zw&I+$=#?S8Q?ZQA?+pubbe^pB)fl+28XC#z2phDlFDiBl@LP^ic;%w?Hz-xByiW
zAgYB@+0;p$S1DjrQgd=mfq#XY159p{TGjY;6W}$%kP&7T0!tgxUgjtKahy7|Rt%*c
zx&iDEikGd;>A;RWt3^D|M3{HyaGQiu=#m#zFU$tF{vl&gdzGd59WZIuphI#5rC%2N
z;+mbSw%Tb@{roxAXX08QoWvDP&66`?2{vYv%DZw^B775DQ<yJNJmk|nQ-N;oFClDm
z7)npCiNnPc9mLJ0yzIN7c;veZgX7(|e-_K(EcquUWKYjF^VbGuoT|%W_?1*<d1W(+
z4!Qd~N~wo58*IcoGQa#A!xx<cOp#ObKd(>Z8<Q%s?d&3IposudhJ2}8H{b6g=|5(R
zWcqdFRW^&3VQXw|rW*3{^P#xWBf?_5%qJ5YpB{SaIEbXR>W6%#D=f{N_u8bnY=k~;
zV|;YI2h}Sj0}*5H{5whcDo9Tlp6A9(W3?Lsv-3x)R42|l#NrrYAub$qnx{^K_KbUg
zxQ$uJzFl~_#HYdptpUXDcnrdmz{;mo|JQ&CpthW%hANh7#WvUTcyBMh)2#La+LFge
z)*^t@F{JnpK5P`N`%}v_SI1WAvN~5Zn_s?iohOEO7E)8ks+9XhY{lNRJ65vp3lN<f
zgMtmksJS_!W7AqyfNfU$hgOlzrIY~~>z*w(pOcrGiR5_fi}UM<i`ToD@n5Y=xoNf>
z3nWXSCrWU?CER4|LWZZJYo^?BxONQ}C?wP3JuN985`*lS0Yh5o!FRO>BU2?Ft|sM$
zjP@=e;I71*nwo^Yb_i43CaCn`mp&NWN~I=59^KqOxFcUKs)g8>xspK`o__W{9kv<#
z7@xeaH`cl@Qu<|{Oidca5UaY@jI2c?-_fJb4mxUpZ6iqK>Sih;)M53zMzFN>mILh1
zIn;kgz3S%-B|M;wfv#|m15`2h{tmTxCVx{%aXo)T84Q!Tq(zzJ1FXF74kE4zs5c+k
zG_^nLvN!qzACkoIR}%Ke=6Z3adlWus;v$-wn@ZiWx-7XD*OL5Oxv$B0f4j;>a*XSz
zh!tGBF=0-pFv*HygO$q!pEYr~(Aa7`%30R`n3$hoT#d%(;4$gwJQZ`!_3P^xz+U&A
zD}w{S?I)yQRsp`=&c2#%7xf$L2MBv>E_V~#&MBv^8>z4?OIylUK6qim%Zm#1!5&NP
z>!&McQ^z`auO-o>YgdPrz7DONgpat;3~9dx<op5E4(s7Z!L|C3jiJzh`Bms|)vaEM
zOgv!6-a3k=jX8sgz6^yoeB?KF0AU5g^UKzyG!P4#R6jd3iZP|8IT_5->3Otfmmwuc
zrH^X2?gOB|5F$woJjwM4NcAXC`SJbi(l=HD<Pv24D;qKlKTJZ24R-XT9q1zHC<nHH
z&{PmBY;ld|RWkFiBZH`DBRxM>2So`3*3N5ftrYc#0yo>iwG3(K3t6OKVfO#m30D_Z
z3&Ri}k3N8ZsB^j03bizg&Xr=|7siXu1L$TZybIpP`(^<x9C)%gKD&_raR7h^1fRir
zSR>|5qpD!)9FGkcgQKH5xdGi&DYK*HvX*z<YzpadHEpuybF00wPut15vW8`bSq|;i
zsRqMUOIRT>!eKA3u`rjq*w0=@93CWNwY$<q%DEQCBcT)?Nfl1J4nen;ZFH>jze_a*
zTaS<WGuz@z710w9H~ZJ1zC%-?87*p7CraB!o&57lz|2G%+|pmLN#dRNZm?-%0i?za
zr1W9lrLtOTe!RG61N?mf{mM*tun*rUxaNMerrhb~9?MtmX8i7vYtD8S_P#+#UQt0N
z9vPO6%rO`#SJfE#n7ddtL&iL)HU;)<WdeTb*=4<yQb6@r;}1i{A!oG(N-h1TiYXo&
zm`J)$262fg4e+IY=5?AR1os*AN>~k69wX`Gg}I`be9_N(Y0k>j1bLTp4FXn5A&QGX
zjYZ)UvLW<<UDj6HIaVc0Igb+?#5Tl!tWTqgGTH)rE}|JZ;Q{BmP(AlM19!i~MME=J
z6hrq7e)j>fHuNXE506MJ`D>zT(3JO1&g?l4B+%yYX=_rclY^p>r(0wJx%!FDw+-;F
z8j@HWl{y0LcS0!KTx--9{@EX-^&WB@3M#SmJLw2t^R@N}UpVJJR}-FkRxn?CA7yGT
znQcNI9-}8udU%MpEzAL$Y(FcA+wp1Vv7aeUQq3@$HIXLQUd2p|TcWE|`$1-Q*M65M
zb}EU9LaD0w5hBW*4TEq(t+yC@U68Arbk9ld*yQ9y0HF{|j17UB>MV*OORcEr{qf3H
zrNx}FlsMuqM!!mjoGZ=%cWwD?z<Ga5g^ThLjk&{CaIu|Vyym&7xnVhPs3A26H=e(v
za(^_Yn$abKpNiH$G-F3G^!qm^UC%OOa*)bnNCsqk6!Dx**g8B#q}<C4O&5KPeqn|D
zZnI%&q(@|XNR`W{N#HZOJ>{-t5_tTH46aBjl~GeAf_#kh*KhPecXUEp(ab@5tYwED
zxoopzVf}_>?@jhyRwYi5ZDZ2z;UhyEhUv`H5U^Zw*~R#*ao9x)oeGMC<{Lta;vPCf
zFPf;(D|?JA`$e>h(mqN0w%E<}T5Y^|r(rIutH)n?#H#xB{JknH;4ui?q?OacS>H2x
zJhQlZ5v_~Kwl1T<Qs%GlN2${JZ*=gSBzTTdw96JK0h)3iB;A=Ro_27xy=qS9N)ArO
zi6R!k(hQ6S1Z~carb8Oe4??AGZFT5U5+6pwdl(ja`E|IX>~NiS=t#yo7+T7YAKk^i
zpCh0}`v3+ZL|RrO-t|MAPVC@I19wa*Cnr1=$F<<>w2P?**U>jEM72%s&XKNkR~Poy
z2?502qNL22@jk8bEC{|D0HLU)Mf8(iG|Jr}DN{2e7s!Ofq7L@<h*JN%c#*P=+tzo^
zJE~~;<K~E3XtYe_F(ULka6!JiVkv)eenZG_C%}3f#j(RS1?IGFd~y(Y#czH9F8g>a
zJen$ET+@hDRiDR!*}=zFnc*uv?l{m)AkzR;{_tBFxVBK}+cz2wSyO8iO?ht`cQU2M
zk%Lct(j^}k9qVL$|E<7AOTzwSn48m3m4#ZP?kNjXtErw(vP1f_%SY$&IFOg&V02_e
zz+A<o!c0N6bof$jesL4xo{qsgtY~qa)2)XUo-4?}_u+Gc`cDr!|3`1ifYGiSnu*=H
zRKBXz1N#Q7yIR$gmy&DK{%{<4L-+7n1g#7=E369~P^U!z>NbEk{*O>1(Et92;tjm}
zzn=e8#C@JC|IY*dvt4Y%0kDTyRe_whg=|a=eWXHWT-?w+jO?rO2+NWYf>!}@n^UQw
zdnN#MI|)WC|Krf&Iv}H_RJ0++p|Qhuco|>W#%~|Yu0y7uo3KLZX>7Ca4-bRWj%;f^
zQnMiQRLn}Uv8a2@76Y{7EuAo9ozr59)$WNhNBnMr+#dn@f`{Om4oNBjr7Q9ZPzzSw
zU?k<Aisd@BLkwI<fXwLD5Po3>t~T@zQZpw6pc9d%BHj5i#Qf%{f$BH(biY^vY4a0Y
z!&7C2(N$6>f4bcgD}Jid)044-ttNPO7w_5^#P8*BKlIy2lpc+em0}fUlggTb>{m)Z
z^p{WK_d(YpFsS|4*%Xp)q?R#_gzjn=Cf|TFx8lw-io`gZt4|B_^qa_9@e$&EE|yEL
zUssE{VO}k2pA#RtfLFg!=(7t~=gaq~6qD*yi-9!YF8$TxR5_%Qi@?mS49G77epy{2
zviD9$w)iunLVs*Esa)Rw0>JG~UV1thAkts3FRill-Ig`_TzYH>(sWhOJSFjm=}3^p
zA)^nJLwU>AQeTH<(Z9|s=WqAg;j|83%@Mxa+lVR!zuIm|a;#v))0>bjdU)9cCPl%|
zIXnXi5Z;3FODa>JjCI;k*BPKiUw$N<z4UgB`XunI4X9&Z`6rUf3A(+b|HwBi9DKhX
zK3PGv^_?t)KB*KJ%~3&p+RVXEv0!#cxuv&hsSa61Dta#xs}Gs%!To$5r%o2_wL?S0
z4wt&8&W&iyXNd1?-Kl3B?BYJHw(*70HRhmb%6JXzp#68PXqMhiM{b)HPRXx1l__Dl
zl5h@ZCTmMgehQ&LTCPh@x#{#s|5z&O<ep8w{ixZJc(@Kdr%cC`N!eW9UrxuB6N2T{
z@<Z9y$s<Wh*{ehnPUPn5kRI{M<iV9K*u}vuYWX10WcHaTNUj*+@849RD~Dl<P@A9M
z`%ZHoZG>5I%^}`4z5(@~xdT<cdJCW*N}2L1V+^&83Z9I4<$FEk*DIp<DQgX|TVQUM
z{zG<KstRuJ67Rle(*9lr!)HF(de$A2acRd3OiL;&AU2#IP+w;c>|959eS5eW-DXS%
zbMOV%p^|q%24Gl)d6g4!=Tu6*sLhyqGw#*eSB5@WCjK4O$s3;68vXp7VX<T)i_F|=
z3T=pHVDWi;{AsH_awfUY_rhIR(ies=<L2<DP~_$(n<4;#05=z!_Q0lhlbm$2qqF%#
zFtF*YuBnb|^*A2C3fqT8Q5U}kl%!MC&soTo6-lBe1z;)4u+4WFx$@z%T-v4IL||_i
z%D9yVsVK|*-m4OYG|xQhB5cC9hg|x0rE-M(H4eJ{8&#~KBr-J0hkDwbE76>+5ie*5
zj$1Ua3@BLs&=#Jb%O|v+CB|)Sg0A?qA~`Z>+VK6D&qrU(bggyMb=gt(ENm7Ty5l-*
zx%!p)QfUe{-GspYjOA6PLkbeA68X8E{mj7Rqa0X;D*vsEZ8ihoYPk;u4D(H3K<v*1
z*P=ef?-EADwTypXsxPu&d@In8CE|JlGq;;RfiD(5Tq+t-gC+d*j*4<Mi8@(E2HDLs
zC@>uc3JJqkoVS;uciNp2(d=Ym#4!-_S`J?LUmme7KG;ew(#y|lD^@>%Y7Y@{RZ!nj
z`{pDuUN*-e41dH+W<{BjEC<v`!`>eNnZAwX?Eh;m{;zfRKR?jFsKuZEvoSGCKA$?l
zt7IyCb{o40^KP5Q9ADjHj87ZfWgb_L4|non!w#ZYuLjq4N{3~L^Jsi>B6x8(*7@%r
z!uzu!&!~r9G+LU0>$_CF6NFD3<*>X(9bAB6uAM*l0Mz5c$PX*Fei1(YNg%KL-n5S_
zkb^PBC#7O)Xj0{l>j>~3L4iMtDPIzKwYpWTU`CQ;MUCi(R%NC$^sgkVymlQx6?SnY
zFB+)r0InmrAMD_snDnS0Z?_<+qAzsN606RAZUJ@ZF;c*6m>nu!{a&BwU;JgcW)&9t
zhh50gS=>z%D!$8JJ1LQLy#9-1L#~;m3vQ;1Ki0u(v3$6{fsqdvCxkUl!;XTa956}~
z>+`I<z4Q&WWQV<Xm$@Gw5MNPuh~F>bH$8v4q{Rrb7h18x^{l+CwHXdLn#-&VEmpTP
zf#7!Qx(szW?F7u65sk8^JD2L*{TER^1CYIK=71yQszi5aw*lJJW%2G+A{#ZI37q^1
z7uRB9i|Z5)UF(4}i%!=AV`Phn!QppX=pO^4=$znsniT!D3u;D$F%?c$KCqOYn<Q$U
zluAYPpQ8)<enYVruG2cC(e&kkT7;0630@0KseMiQm15(Uy`o6lvOtR_VpJnDA$n;I
z_E8>dm{4A&`8#yY4)!+kUvgDLbSk&~#Oup;`<@VwTUnxUINSEk>L{<{%imBDcXFvN
zMY?LCkl<uryM8cYOJv_J8xQES6PzA-kL<*2$<AU^zn}V9j?_N1xOM@<&P?Sky<{sa
zzG9nY(;rmSH3VJ1*6k>o(>->;8$+wauK-u?R#V&0(r^*AG#56+FQ1h1s{<ZdwM?k!
z-a@%qp~Z&4pd_93ZKoBRy1*p8{bPWKFw5&Z!MsnS0yL?<fuyF_nMj8tM&;x))&osx
zan29f{NMqMC-Q1eH>sJLHaO4VO5V!7G<z);JkbgtobbvzI5YPnZ$O7Keh(8nIB%hZ
z``z2m2QQRKwU(0J`qYZ)Ch%0ej!ceghHqCik0`>zzR_7mf5HPZ%P{E1ZHqgAh?ob~
zu+JVk)l~F1PaUG}ZLJ91N-ZUHg3fOz6F9Rh7f!RIk=7f08I@=C!73D>_;qkuZ~Et_
zIl0IIcDR2%mG?@W$|V0(si8jLPI&!p;4dLQ@?QO&?h)af*R(eVcNK^aNnA%1Kl0)C
zv7pbk;V~1spjjV@@xIV}2h@UI-E1OX0mDF#(v-^DcBh-fV9vA*o<#~v$5)CMzGvdE
zI8&jtYbNATqbSgf{<P3~!nh2TW^$QM#`9rk1=IooGdGb|w2nl#DrJ{8ugVeqlI8Kz
zE=#aIY96`u+)3@;vc<)is0$?TnXV<Tu<-}fkmr7f1&g_4n3yLNB)q5cmJ=+no21(F
z><Sn6F(!}Yc`d5<=eBBZn7gFyY}6Zi>egs-?Uyg#8OV;0z;1Ex4TVPW>7Q^wvm56L
zaG*9abIUG#RJWmpvE9lc@xRJ35JGaJY@rEH1%Qf_bg{aP%VhX{JWxarzL3MZcM}&u
zWDvSChaa*VQ{2fFU2VYow{fEe&{@VuJd(Jt%N&RW+x#3*_=<GK?T)u0ss090y(Go*
zbUPAFg-jOIlwUfipQQPVB(_;_H^H@NnZf1H8o~qydSNY47o+G8G%*aAV*K+H*oeTk
zMvJ*g1(sMIe}{%Ly*KB}8=)ms=%b~?CRy01;|_beA>0YzTt+00QL1f#4D?UXK%Xg=
z|MUEZ%I^Qss(%iolY%Z7+_U&oxynOo`GR)9wu7fmN&#QWaFwb?8YQLd9N|D*uERhl
z+`%Oif;aW=Wt!z=rK-<7VmpG^35i`2oKnzpYZZ|6{&}<<ODhasFAxU-@$$5VjR$NB
zXTbRx<5gGV*4ukG=$REv+G3IgjL$mg+d&ju$t)g_3+qwUr4C^Xpx3)`=UgWUV*5>Y
zvf$PM1RTqYJziP&br%DPTr`D&)%Hpm+^dp_QHf!*X@VQcwwXhbfLG>E`@0IRQ*O_i
zMZnG#sAV7mmx*rN@8C9pV8VNPS8=oa*c?a1=&>a>^Jg7#$R0I)VOm!X8+2~X7Pv_!
zgMPVYV2CQ#_q#;+VJfVb;w*W;Mvj@4wU8H3%O_&wJ`HW4e~33P2H4nC%2+2O2HVZy
z4IZLJrYIoeQF^V)Mq@?WdIEEmhuW(pd$i2=Ei?X9bQLjdA2bR>4i$)gJ8KG&rQi|w
z9HNQu@c`%0Q1P^<DeRR*CrdUc?6M*-mY)Nb56HEAkR09nx-$F9A4Ft@U5vo&Ln1nc
zU$)c01bMj$ho+Qpkz0TEBkakb$)EoG0%Bnw@rNBQ7SrDDNgFM_Pv%mYH`trL=<ZfS
zPj`f+{6RS1iTNdhchpfZwqKPaymhWy_}&vE5D8gR)sauhRq&{zFG>S0pGH*|Z1H|$
z#OdOqpG>r!_|lGETzqUBxt=xod$r)2b$_j;^<LGCXlss>9sW3r?{Q|19)`NOiB`U2
zf?_ET^{DQc=wS9oBn+yh6Au7+Jjg|pzM30NUFn|Fjiq4A`F+*H4(=EIawFgCuZ5N^
zg$B9*QlkHwL75>&^{9v_ef+H}jpWT_Itr-A^(y(4R7qNSo}E7qz(_mPNFi#3&N#5%
z55|E=GDs1WNM%0BM&(QfbTW&*nU^nLVPdwrXMuEw!^+VWe`sV{Q9+lQ89v*4FYkNp
z?B7C=_8cxHg1apgiPhoH#BJH;aTrEy4+7f9>pyj}H?_h(_GKDHJV59F3X}>(U^K_I
zWGT0A`o+ZD-^nK*)4Ngz*IDIU-03LE2hSFp^lqBg{NrIy<j8N-wI-Q)yDik*3a?xI
zexbEw{>CFkcf+%YtXIQR@)cmLGZr@wt$n|cr%8`jLO)+`>O>BR-+9W&T;9?k)stB0
zzj6YggcsP7wi{AH=2MxUaJN%*n6@Fziwt((-%5odSEJq;z?HBMx_|B0c<=Wu(3vG=
zEl{;eo-gNZFZU7qycc-WJ?^@s8lS$H8AB?r6f@@U%XQG37RcNEa4Gh3&LV1_3VCsl
z^jeAg#C+|WK>2Mkg?9dx6t*f+gL?I{+8>wF2lUGQ#u2BtQz6H{uSNXV5d$_2rbBIC
zny+<mCZcMvk(P6gP4iH^5TK*t-{@1i2%WQM&xVs_By5Q-h5WuU(}!)nfpkyhMv7l>
zJ!0Xh(_qW|5Z*iQl%QF^^R~c)0IKfY4L$o~1LMsPiuxC5K<x`*M{75XNn+<XFmr-K
z`~bmw)Wa3c7}aJb;Us~(H4pXJYZU=9u4@dhY-d@X0LAcM9wj6i1ExR+dI-U{#0G{M
zldnUZ!c9MCaJR|jWlO3n!e;e{vp+BV#IRANM*qiv;Q!=L1IYgTOb-6C1o9(f{Q9R>
zG7C{kRN17$I_$f|B7}{Xld4Yk8T^1+&Z|M_U#=%7<D}F&{!|;=-0&aGFGYtlVh~3^
zQKzYb?c!!Avt969{}^5yKKoB4b51Vw3}3inc758NrT6m}WyBoM=yS<YSF+HkIycg6
zN&y=U)5IE!vTOGW@FV#c7k_ac3=%N1r(p5@{`L)P)sL!#pb+xsQ=1(Xmmb6II_}&l
zK~hak*Gqc};epu}!68LuAZ4s<kf{%e9MJ&_LK5VSFe!|TNG6i`t*NQF>r=Z-2Y`Ss
zP#4aK))BjKW?_|hcL_Uo{|cpOM2k4&vBEWt-)9HBb9L(Te!j}E#H`flmDzUWgdtvG
zY883&=X<JLA11;48ESQuy1^B!iB_lDd>9u;ShU{%;Tn_r$-=jk+wd85CHgeii;BYu
z?+Z-iPq|^1yg@ap-S;mjMPs8>;6Cg=dP58`r4b+A3VB{f3}=#LkM|wV(sw#ehHyrl
z-U21ph>ooiyon6)iC@UzviTb0)Vrz393a+K&Bj<)y%&%QdFol0E*1+1YD^0$eu`hQ
zy_}Fwy6?L%4R*Ai*1IjqcTv5j{CqXcRBG-@mFjHYJKcQL1wje<fTzImF80?_e$ZPb
z2nRf?{u(D&G>6^d#Kbrgv=k6V7um%M-zuyg;EX#J`Gz&<7?3_E(J`ZDEfTZ!d@C?L
zpz@~gvZ28ivH0$$sQA&S(kZ{ORC{ouU6?<R`LYigqBdwcGW6K+F6-b0osO`G+$zlX
zhg>@0{0D0F#2?=)hq2<D(WxWPbTW|=&N<HaYKF4_Mq|aRU^GJXLmt0xB*^TUOrpo_
zkocKs4=|y(%jCC(wZ%ol?fK&}5cpmN-M{#HswLxUp`b3@$^;dmpDoW)kbAYTq1P3j
zQ_k+yMG0?9z2og6AW&n^^&4+#!{wA`i0(EH5z#iNPhACC_-eL89#Vah0;G#O*P)g-
z@94zxRy2AW<6?VH<*aLAR*yzg%f4139YgUEp%fy&*SKa+X?{wO-I7;DzL=Sgs^=cC
zS6HfV2#mLX_EWS<S5kXpRYRt)TZ>)<$kyBD3cf>z3JrQ~fJ&QyVW_uXDs+9hFNP$a
z@ZelcFuI46K{)3<{fMPv0b;=)5<98=mhkoa8G3|&vrEW`lWo@ZuV*Jx{qu~-yDZgN
z5c{+w+8{qhL{hQf^3&iuq;8+<Qc`(9Otn6=ik2NEgLez=PxYyb%Qlj0FSoOyyQ>Yl
zkVbgbUHk-oGhQ}*GqDSp*AD!N`&29AXBkcU@M~6G_1}S`LMwGWY&5m3Z*<AS`3$J!
z*EVi-n1Oj$IZiqFZmSwzdiG-_oY=uCd`g+b<$~wK-`cp5bE@p+qPa4cPnFQ@9DaZW
zICQS&teB>r*U_j+q`tL+0cNQOLc%zz!nc-+MxBfooy<>3-%u>OyuhIN$-BgoHMc@a
zyw<VPMCI1O;h(lB{|?!{j#JKee?(VV+@mIJT-_o@ThW>M&`U9L-U)a$*?ieddeUhX
z?qt)-iHzpJ2`9y<s$Drk{RfeVTN2KtD48LKh>DT#>+!$<W>;_j;>4I^mG~&Z!6y4s
z(a<FaEVKaASg9K(vAFTx(Ud>QrK`vIDx<(QktfDCi2nxA3W$usb-W+{ud20Mw#trW
z^Ewd8d~q-hZ}-RHvMNagv#<QEAxRnlq*_e?iFk60exV3Jxi^6jxa#7BN}GuWE$;u$
zjPmczu!{Px{qesy%F0m`MS^5daWlaeY;T?b>_iJ%p&LJ%+=SjhnGkWGDgZ*1NgzhF
z1x7=G%<d2vCIelzL)PG729FF>LeUYQ{ncy;vG=(t0qg)M;JKXrhSD@hEZMWK*ee@a
zQT4}=FGuU3fG@$&q8?WAx~hBH33d6}ab6WQ>V(B_Q`HrE?8JhC_|fkHu-3+e+_Gxn
zoCm6(?5=qIVTU%d|5w&it1N3>yKDH#H9S7=y4Wfw_61rjpIdmzrVt>Ahu0G>Axcbq
zH9{B4%#LI3taX?hOHIKJ`D^_bVpS|rc|AY=tz*yiCZ)?_C+C`-YsiizqAQ!@U93BZ
zQz!w=YeM$6TOwaB*B!L!LR_FR6*jr3Q&_fp>fa#)lI+=Pn)rsAy&a|?yspxf%&__7
z2+(Mv-z+r+uSp}SJ<OjnOd6h4ye(vtcPGx)e5isvMwZK>W>BjQ(40!Oyvyv@UzD&h
zTh%AaaHYrPe6qg$elB$P9Pj<2z3A>o9}2k12U5qsvv}VrmjMre<%?nxk^%ps8v6ar
zDgla<*HUFF>ikABoXs^#=HE|^fAJetnQb|37fDMY^Xt_iaC#^3Hganny7n>(>A5gV
z0;JKu=R@vI@a`K<)ccz@w*D3(@S->Q^tyaWND9e4VS3f%SWHdX=Bt%Rg0@fxy6G_w
z)XNjC3&?DLvwt&jk(1HFGo9T(ad(uVb!Op#a?OYkBGUgB$3WbqI#EnJcQU35yAhID
zs)BB{;y*d24jciOM)Avc04+@iU$bC~zPwcRqhGaB^1eF4ym@zGLiP7D>SM*hinpe|
zjSvPU`-NHHkpYN9dgZKgtV#vF+-Dzm^8DoU_+4oI<OaTbk~LL16`-6a9^|9?LkF_+
z@vZL3_9N8hz--&JX(m|PM^Vs6bppg-4XQ_n9<Eg<Uw)@|i^!=E7DPOB)QsI!!rqCq
zjkx%hn)5dfUGY@yr(^5CXN*vupM68%zW65wD)ZLr5)4)e`Kfx%b3JUC3O@F>w%6-;
z^ruJ%v+;-hf^-5ZY48R^2S4CC@JO4$_-r0jhM}!pj9+e)3@T}bA>>^vqnLK4k)@zm
zKI0EH5~NpFp0Bf?ta9lSZSeOTmT0c8@E%DFA;tObPHsR<)Io<Pa96Z(#I%v~%Kbpe
zV<*@At#g|i<PQ11z_Fo=NKJPG>41I>pP{F)xGl`6ISZ)zhIjG%`v+gD7!fYDS_ip+
zMVBFWFEL0$nh$=$<K1tQPqHf(yRqq)iS<)%b!!ig-k6>LU4ES?ca91lQeXUqOuS<h
z6)~aRDc(~Kt&GCl{<v5>36a;UJo5PC%Zc@0^qpoGCp>Y6O?yrE_}*l+c$lYnQ`<`=
zB@Yw$Z)&jm{Tx84l)!#Ls!PQ2rw2lmYau2>HIRyU`b#}@HGW2^%i`!zba(q)$KeKt
zr4*0Vauu&QXokZaZo+bOLQ5?*4O7Ei=5OkO6y9ncWb*k^kMOHQ=}M}`<!DJ*)I8u{
zJxvptqYUyBR*ce^U4uK>5#bi)fOd04LxsfY@oScwM9d_1<x=elu~zA;aEtlZ4y*eC
zE9^(WalXy|QG9CQ#Sko-!TR<OlUe_QskvmZtkPvbcMJUe@$-b?U_Cnh%ToC2S9VTR
zpr8Kz?@1!hzsUf0as#6%YGwLL8p#P|m_|iK18IRfP^)Qd;je&I7{oF^!Gh}1Y(wZS
z^n+AVZ%et`WgY>f99jP~f9XG_5KupoxT81jLbgXz&r;E!XBb#BNhl+ya1s3eO1K6@
zHZLP3C7d4sNHU+xD=Pl)`*F~C|I-7ult_d7LY8GvDXGY)rgb<rkP2rncbFppAA=cX
z2U&dX93mUZf#oM?xn(Y3{=gFhfTA0m3<Rh35O+dM+w>BQoSDffE1B?~!?Qd!Zu`=>
z^Qq%64>9Jpe_#1;?3>g=_RnG!y;jeN-smIDeP#JWh%=X9nKXP%7aIiPp^0RRUD^cO
znNXXnW|HbWknrw|6%QlVkx(f{Q3reIz$c0d9`W+a4m)wet^wpD{G-E>qx5*H&QdmO
zCHsJ};T!9!hQfZ`6{CVrri-tXTPxyS6f@vP&D?Co<u*3^u4!EH;;uqTx|4kp$FywQ
z-QO~7<UXzN-X<eDTA`tb4dOOo`g5^Id48?*d5ftBYEU>sn|pZ8FtkNcgh!{K357O|
z^UYQ72zyPbr$Tpm>4joAAXF?mbG))S!~%qN7T_awsQZkhGP~7cs9`9Gendv+SbQV(
zq7P$QC7FxtG8fcyBG2|nMFI!^K|qtU0hO%i0-k=@7Guq}5GN>hQv0=Xe(C~hcvXJH
z%T&Xeh0pY3$K481eQ8BE+SsTrLGkrrrghu(ZGvlCsL9p;ZYzf8;27x}<&iI6+aFlR
zwcj_1aZHSie(12iNO-5yeA&(=YIr_*A#0soXY@Yhqq<Cgzkvy96`hK4WM9d(%P-|q
zC&or0f#JB%nRl3oEfEHI%b@vb7Rn<nl_?{LMPD<L{rlr^qZS_-e)S=7C~>3U32A!|
zB{`2;<DABNsuRHe3qvj$<y$))hkr=L-2wU%aFAwsJIwD)C<sO^Ea$zyt;8dokoT$r
z!1p1b_G4`4{{4ca;4CURCbU3h=T|f<3agWNgW~Nt=)525N%qam_lbLNjQ_QsLD%nS
zB3Zn*E-V12K7F8q#>_yNfQGYw+T>phBKNwT)cf#3PA9m(OZKkX)vpJUjs!I2aDyA8
z4MP^}P4eTjpwl7JpcZ`ATyLuUS@L^I$U;KvM9R`cTC@K*LrRB>K0&$x#IMA?5(bA}
za>&wVT(zt}zOeO_<@SjgBmWZ0xn1_#0b;k99L_YD)@eXay|o}_s0m3Pt5>jufALg$
ziD1VvOR=!2BT<j+*P-Z2<H%ljv!2(A4@BwPjq&Y_FaHP6`njv5MbRndr=;imjXELw
zM}dm1;oyl6m?a%J`6LJS9l}SwrZSz9^<b}cL7C{aaNcz!%^A*i+L@sDjL(3HMJV#3
z{WOCSa0}c}DF`f#en<eQfJ1fMm$-A^>G@9F<-_Rq0NewrZW-B%did2bAs=XJcne}@
zMiqLnQRnk|hIwQteO2147LQj1KY5G|fVa8C%p9v}myEc|9qzQQT1yXKzlbVZty2C;
zI<jT?@mF{}VLlc9lL<-VGmxTkbBYklf}Bs^I$h+q9<yr2^B+A`jK~?^Ac4NGSGAEA
zPycvw>Y6Mhku)F5HH>{WG>_+tW}v54Zn3SZz5KRIyXO|r@823G4vE#!v4j_)k}P)N
zC%MXC;U}4B>##)k;V9BpBeLf48%O`rVdV!Usg;rTgQF?p0?vN}GH5rX%C0&@*K>Zf
zqwIZ^VI+TyI)RGD)x*!AbB*Fgcvdc!P4zR$Ybt8tMlM~IohuvAf`qk_{ed__g?=9O
z{<A~lz}iV@54@dk?kiNu7t;Yy8RZts7c{h~m@^f*(!QNSseg>%7;^~NTx?c>Ls;$~
z)$#x6t#&79v`N;S<)(pu*<|v-$(bNMl*;uk!MG;GMZpOn{CP$%=SiJQu3E$)E@a;*
zpw;-tp`(F9gU&~lbv&!PN7V~}&#BvY|2lML!OSWy^YM>wLH6B=G2UN<-=|g%ZSK0K
zy0o`gpV-2=7JEHaPDn+3?7^dRJFTY)tru7%xo-Z3R8>%5{4b@a?bP*p)6R}O(8g^S
z8K@?c>a~Mlr+y?R>)3YzVCZD@H#Ha18S5Te{8uzHFY1-y)>FAxhGG6&5H`n52KiD5
zt)i?xBy@bW72=+WulNS3NS7Q3{BK6D3V6+eD)!d|nYnw?U6o}1PvtTy?*JM<t(%Xe
zrY}p9%~8`alN-pslUEu&T*LInS32&j%`EM(ETF#-q&2N3MI`Cn#wL`;zdNwTz99nd
zara7pXvszk=~3@t{sH8LA=zxewv8ctRpZ(zj>!&r-$$`%d?6`h#W7ZTDeXFiq!glT
zKDyh1-+0YTxK0y+CSdisTjN*p;H{^F=y948e@FJI6j`W>rw;xJhDgh0SBAXSV+-4(
zsK3U}D~Fck^x&n^HttMx<uZQy`syQVbBbm~Q>Sa;O>+i$w{v5&?^(iam|Y_Yw?;-L
z#0!bjbK%Mt7Nulrq9NTwpMiJp>IMNS66o*Hbvj|~1q4F&?}-MNmGa~*(D2!kB%$9&
zR8oWk-p*5TC$~Z-A6JXIy}98CKi^9IWo&}RXAA4+&JY7~tq7E?k6)@V(0nH)2C0n7
z39B%LGjJNwFYc<temsxb_}n21blS0|kh8gfybQ(5I`^AR;vThkQ%3)gjs}h2|1BG^
zBW;yzjdIi9A?tp4?)~akmFUrLHERWte6>Ec-Z|LLc-(0h25j(!*Ln<ZrTY0bt{L8%
z!sDn;1E0~BtV#@?u2^li?pt=I+#Won%U<~iJ8hEobQK$^KJ5?tOCs)O>5>PP!0KG7
z`V3WxOU%%a1z;#PTc=4)#VXWZjC^B2D@C09JERj+gI0^7%*pdi(e%6$QF?O^l9b4I
zXDD&D#ZP5CS-A^-f1nAeU^X{VFZTv!&yMc|;nMTD)#QGF^Za#km|5MQU!VM2g#!*c
zNSbB^p+<X{y&_~jgGFOK<FyXk^-F#N)%rvLHOADhI~6+f^qX8s&=HW-v6qKtXW`JY
zX6^c?SNsS(qfw+>D-l9|tEHj<m)DDN>-Brry8VT}Q8B-KLCy~UYEc`9i``KOA0K(R
zdDL^g1T1nBvyfZfH7=RqR_VMFxXo;56MP-}%X@sX_2?$ijyLfF^D&q9i}^uYGC0TH
z_ev`oA?-mdKGRmnTR#{kxHvSk4PTIo8=q`}OVdTC|GbLd-S>z6aOQ6`wlz=;U(0>s
zfYgB`d@ZVC@?v`X%c0fzso`(NFe8xj&3?Y>9-4K251=wn8GJD9dwzTz?(R3mE<Q^P
zw~FMXYn!=AWW_Gq$s3_a;+|#-xU-byVqE8c&nfkAX45rc{a&l+o%c#jiiv9t@yR=n
zn4d3=h^8vqcpn3_(T}%~V91k#`=>Z1dkzwDT_m^gbiH^<q|qcPTZC$t+x+8he`<z$
z&dX&2+(WRfN1OD1a>h|vN$u~mNFQ-&yG9h|z6e`Q7E{(qW{_{YFOXDIo!s|AuPBir
zz7d|ItE{sGML{x@pAT5KG5KjR;Ym_~pr>`3bLCDj*Zx<>(x(pV@S(zAc5(wPd%dmM
zOyn#=Lrscq_TRab5BeRIV8JmFR_~XKP~upws+<TIgX4jCVwSPu6%gIY{!?)GS-0`u
zp3j-lcH*<t4o!vOX42e*1mX%e4Qkz;=ssPqHh<)I&gEWH9PYydFbqAz1}4QIlaYH%
zS&1!l61Iq<vQW3|KA_76QavE2##27exI@K4fj)|gqMG^B`S>Y~YG(hbs~XnZ{7Bti
zs^sIy(9D`?%vauDL@c`FxA^gR-E|LcyZdW>MpUbEwywg>x$pc4VGXXhDL4Y!EtZh}
zBEM4TJvILpNRh5S$&7e^q0U~-p?0iq6biy@(+cQ{^UdN+3o+nkya+&!Wj`Nojse{_
zHzZXQY?Y0gYIIqJp*vEcKfg#4w~EGcY`0OYo?8jU_%mpdrq5NU=(z^I9B;qFi4p<}
z#NV{waXDab<k`S`_I02`2t@ygfQKLCkv_v42$%E3(QlG@&vrJ*E-V?R?^ib6q&ocz
zhfThZg_UW6g|9hXe7*$)&bVxHWHcBYSNB%vLlP-=WeVQg9rIk}Sohk9%``8fHn@kV
zwu(B~uPaqDu^x;!r)+ituvZ_?y?nJ^^cW(}N3dqsfINQiy|?Cv6WhMsd)3}x{wDan
z2_QDrbkmhBNQLnAb;f_SLF{%TM`wp@)0m@r)nH&7g}PVRLXyF6$lsx_4`RXna;k@A
zyRW|EP-Lv_<i9&|Pgd|3ra(6VILZs|vTZeuLmb<?6G#6#!rjuNU~6nv{7$<a5h`w2
z155~mDS_svS2<)FRg%T~Zrwo~BhBGXQc{|$SM_x6jaf2HVL93NaufP@=vk{cs{DcY
z>o7gtu-j^$nwKHctH0mH#NTQXE4LnaUL_&^Bum{5hQJ)GCk}-WqujDu7^Su}!aS9X
z!2Jqeu~LSGGXYYt&d!RX<_fML?k=)2$>m+C>fD7=d{38<&rWJJ_%u|{fIfaI#qa4H
z{QD9yi8C|5enVpe56cOk2$r~CZjJn<7C*7b(05o8(ObIN!F#EyFk%dF#@Bj|vdiF?
zIpspA{(gep{`d`}NX5U#$Dg&^Q>=3B7&Y?HK=S#KRoJ!aC#lvGbPLtqdsVi1PK(Ot
z|Dx>OqnbGT_3xR<Bn(M_Nk}+E&>?~j5l}EF9+?RVBAzA~6i_@MBI2PQP{CTA!~ij#
z0^$i<J4CQCo)M~|R#8!;qJW^)))o<Mq}6)BR(;gIx6iZJyZ8HB``N$!&L1upvVeu~
z&3#|r>-t<ZWMRe0Kn?fDjVd;!D4$78DwNP8uh#Q`rRejNDGj~LtYk3o@<^#;dd*m`
zE{6h4?G5`aK@|p7`Ql%ngT6DsaF&hoDp97l=^uew)F}~0W%fdo5UA}QfqH7()D4vS
zS4^rU3Vr~oioEl6RPgyaq!16ULmnI^`5hwzB}vsT*8pXRcGr0|<2O4U5BTjG((!tr
z(|zdXR9VE$&xs0q-=R%9bt~W%f%CXW3mUzyht|%+J#e0-3Xr&fUH45Xvud!SRQCmG
zk{Q${mR62zjw%#b;^KAg4T0`S?vhH_;9mu5A_JMgjdR=4l5rmr$o%IN$X52NQUSBb
z-I`)ri(B3hKJ%mz+>X7q_96iFM86tFjPR-Ai?1EfMYPFXmbmvg!iJ!Q<iUDLh-}DW
zeJ6Y6D@N3ghPOHf=+?EMI|0UyuzQWdsm?HN%nYI9*NP}pBxMzzu<t{Z)l>=l+(?gN
zLiRiQM_59KO}i$B`$RaTkFKZlzS5F_btPT9?S>>F_;2VGhb(Bh2!*FjcJcuLin1vh
z-KoZcxW6HSQ>>9Bw&3OKWQHN6@1nWL%yc}0o22C%v@%|@ra{`!cSnbHrpd^(QM1O>
zLpLVpN?(lQzUiiFk$*o&jZJ7U&3Jy5Z1}d8I8xtC`ST>GjBKXtP(~lEyHe)$ur4|7
z@F@rXGErblGL5#_m0<e+|A?0Vvx5(m@nI$sKss`T#CEA^8%TksY;<}qSORwP1<e7~
z?TFAQcAUk-?$85TC@`vJ-X>8t?N$PjFq8lq?hM4YbQo(g|4UK<Hp*-^^iw&to~eS1
zLGzv1s?Zf9H*jpLRi*gKqnY}nURgV9oN28M7^G|6c^`g~&!#iRmRE%^B4_wqNruC?
zB>ro)R}VekroL*${CogA*>cLjeG>wAJ~N8{G=%KELr=i{ZBzP}1m!zXBAxjrnrHlw
z$UUfQZ-$OLc{@J`RQ~g>a!M2pJRm@gBl}7RsH|g5Fn>4x{Y;d&KBF8yywnM=+SOkx
z@S#(xxWG&8l=PiK>Br`Pa`3e|1<a@kB+@Y8jIWu}X}KtNq2utqG)Ldj6FQ8m-*mIV
ze{Sm!0=A%RcnMaHvwnMn7zMH`?1Us59OAI`KABMbgc3gS@&%Rs3K*$H?}fsfv8Xm=
zYdv&*OLpkHT|c{!ql=^k`|lA;<@BWNJu05`cmJcg6Fh)mB<%dt4qtiG?vXTd7-4>o
zr~JBA=50LOJZ1QeA}uzuML^Vt720MIRX2>+5SKW@vY^wsY2XFKbmCpHG-bY4X8Z>i
z866j|w78v|0k{*o@8(<V=k}kZq3_>Zs}e%_dq>*FXGRV-sHy`NTaL}NLi^9xmZwIy
z!}|lRD5dTr6YP93UdB5r(*&Ny{g791Ef?tu<_ybQplDrls=UjTFOwswmvdYmOM{r|
z`eyZM24pOcU(+w$cA-V+wv6OxNta{DxiK>BoVYtBsto~PMO<=6tJtS#fg-mNsLXv9
zOD0es`|2MX#UBD0q8ON9bm}+Dn4;c7D-|v#jaSFDD18SGc|m2&*Q<(p-EY<p(>3#&
z+o6P67QwvyDi!3Br{}{RYpu|`)HfXRyRKO=uMXV}HErXsET&gb(QZ2U+@QQ#c;9_|
z)u>w6u5!S>$P~*6-N+!?GmL(boVzn4^NHOQcOnO(6=|-(iny0?iM_KqpKg{{IMRe=
zC$iC}oaHyZ4&l8WY7qG7u!v4QL@B>+hmWttpv(bjJE%Z=_(1@*>7|uk%yRiW1lEQ8
z7HZbogT$C=P7m)JmS7Sc(@PbwDAT8R#v|Il&R0!^y#`&5I=?g0E9dZWzu8$HR%s&_
z+`uVbjZkIQR+E*R?lbE*<}IfOB!YTW=3}|6{7@hhan)&@H(F@9a&%I(>{Oe}0;QvJ
z;EZdJEO}gO4n3I1tq}v%g|QZr2MXQwR~(hL*zxRiVL3)U?fWOwwy(O%?M0bWj6KZY
zDh6j4a{T&69uKLtvvVh>Gt~8mrIql?)_0uWVJCn>?>MuZ8G{Z5)e+<TY0r@6_DF?2
zq$R%QV-EkTN1tr+*+dyJ#_SBXQBLClH66dnG(A=g1?`p*>Q|KVPfd^`7x@63wQQA2
z0W_%Y*r#^h5IwlO)O*mLGAO><NutrMM*QB_!4Nos7hDD13ns<V0|0&76PeoLp?PG}
z4D4_@bJFw(eYDNks0Qb3R@I0$LiA{|d>^;2e+?c3P$$>fxE5+7SPbW78>3G#*ls$u
z*q~^rkjR;_-Z=zRf8L6P-pkpZ%)Ow=7-DWuEndFZ2sfxVE~h-&c_+6<dkn1Oy`6#w
z{n%+ze>YU87&pTRjq*@a8y#}oky^JM?F!<DHxQAyY49s2dVK9xCpo)$T+w$HbhUj4
zB`Nlyq-^j~W|#^$c$wfVvxrEWjS^e3ozwoJ{f<%U2N@=&31`~Q2mZS~=D((=^mij)
zb~cxy10+{mBslbF!P*sZ>+ZH>Kem$dqYauyQg`$vH7Lu)Mm6l?fW87=LH@T23z+m^
z)LTAHd`xT{g@Za$MM_U5%qszg^g$%nM~2bNM5j>2nxF<`vw_d2RVK59k6|IUa8iZ6
zBNW^+`k!ZVa4e@MVq~W=n_A+qU_2t;F)N{OK{IipT^@x`tJ4rsciMsLdiUpR?o14u
zn)vFDE@l4R%`Jk!2CGsoLxS-0b+Rw!=hAz8YC{L!-=yT5Rpe1Vy8NC)NVv_b63wGV
zV@9yKrsL9K3sthF-EGbbki7AZV7r#tdF#J7@idUVJnXg;-nZvIUrjZnO9e;%_zbn`
zaqvTO!&w?JjAXrs81z$c19aVT>bZgA?`~EEaJsEP4Jbl&4>Lu;a`B^so{dJlFz}|R
zgKW$t@|~85uGc7bE&=tbYYcFg1JXdX#K)b$d%iCfx$yBT{sPOdcF`!k$Tl0A<8|n@
zp%rHM0sd6jvk12S&2TQz!c0pxpc9_7^P2ddb<Uqc6NSeq#1%f86u;K`SLkJf))}<^
zjgU9asvH>}jRmP$wfwhE@vEg1vm=Viwehv8V-9CfT&$hFKCP#LT(yT|ILSaA^V#Hd
zN;<J`Poq`Ujq$LSS|_;}U`TFtS$bt>14>mT9{OZRDTt~kHJ}L7wx>B=t{0T(yy}sG
z?eN|&o2ML1s@DhZ8F&kTBl6qvSxs{d`_7)Tjm>J|b0KQ1Pc-glRL0Jopqk+b7h)QI
zT`Sn5{Uj_O^$WxjZ^?t3eDSBkO6cPdMs$Mfqcp-7o_9Lj79$ehlW)ojJfI~vuQ3r>
zE=A6DJmp!b&Nfpk4cvMwSqJ%f1A~(uhaDL%>6k@PRV4Y?%8Jz|xC-qqu;d!Wsl=B`
zj6W_Y=RC7M#o+swSQN1u)8J*X(bW0R<ovuxuV|4^yH9Ap+Pe}DJ@atTY!A`dyq65N
z)7PmQw30dvK+pcL%xfkv_jtuoCa6!LV*uXY$*Q9%{$m%YZzHoTULfav*{`w{_UXTY
zo@ft5V-3yDfbhBeIZha$EqFEe_GtxS^-u_)(Jy=vrw3lA0h44%ifL|fybatRu!xv;
z==MO&qx%a9UKo~Wop!Sh)XSKod%aUt@Ddn>qTLV=ynk9=Sahd-v%bS}boCF!&JU?_
zNY(<|t2h85`R<r?oUPg7IYbxQ*NKVh>=2~E=xE&x-V>EQdX3e{bT;hMz@9fVkzmEv
zG6>ye=a1{1lU?*=xSl`!K02>b$Qw$q{H5(4Du{H%xyj#h2_Bi)5sSE<?(<hcazZ9`
zW(yheKxUh+2Nud~Om={YEVP#Ey8$mF;BK-)@t#Ti`9ur+O9ywj%c3k~;*ORH5;X5)
zb3s!U){lLyg9@W5X;(Ux_ma9i$kHcRl_1t9?*k2mUjiC{f8c(XTN}RDh;B*5)*jG#
z7^%pesHh4mYlm`FAO;OaMWqaaF)8G>n}(NO=1wk6Bml<FQNg^I34uo}Ay;3t{66w5
z2%3V^<&WB_ura|xU!S*juKsdvoW^S*XI?$6L`ctSKyC0joXjJ@)`frRJ{mg}^?i%a
zH%Jb>v`#pxb({5W4G=Io3KagxPtA#)oOeKMreHqCucHQCX>c^%aA4@j`{<mX{?fU%
z53Ley{NB!tYK9AIc^e%8+r2xjHR41|DihU+U3G@en1abNVs)rI6SVmK`-di1P&)r|
z6dmz~(?DM`l^VGCvIA1z)qBL<3}!w=n0%^O?N%AH-V<oOn%i_b{y$Lk^xz-=^ZDma
z@}F<|R7nLcQ+V$@A{{=2PXz1H4iMe>+)A9x^e$)yHSO=2lqxrzlL-)ui~;cL`+N#U
z0q`TFIRzMfeqz#4oICU%7YkGBr=vLk1ZS?|R#3IV0U$~r{G1k#13Oy#CKEzu6sJcn
zxnqA)Z+-GU^KU3QWx81>QI^0<b@80fxm16wL=1qkwvdCujVm23wBHC~<qjfo|Bf!U
z<*_T=%|iweuMM=;zO@q9rI_RTYrKH<POgF6?EKIs5F&m<%t>dQ5<IfR3e{CRg*W;%
z8F*2=-ajXxImRD78?v>Lk3sB59-b?E(p)Os=~lx3p&=Pgx?&K2X0K#$MT`<TG|YaO
zFOhszLnpNEph7MR$BLQQZK-%9=D76OCCG9O;O*?~qxE~GgA4QR(3?buTF>9{>nmEo
zHk4xXKMWUYms3%=CoyD-wmo{WL!1t;ufgJ`0IK@D@ONF#O%INLQ%6)>=&z*&BXLNa
z4rK_2qv{iP`Qo;{m?SMkP!;sO6GrQ5g*-nyU(1;j!t3~cJA;~UZI3qiUqT`N%}QkA
za1SO4h}c&O*D&GnSL>OlXIwv>a^y5@OCySKuQEm3`DpN4$+t~80UU4(&#-2}?&>!V
zmiMO3xo_v^U#%sr&_M!9-ORKcS29!PYf%l)hdN;;26Z=(;^_n{c{0S{jC8fy=U<a`
zGLRPsZY<9Ay>`bX9MuYzbPNTi0=6H*uhF@0)puD=56ZxeySvSr$Gz*YBQrr$tN4u_
ziCp3=&y;`lJJ2&{{|#lTWe>GJsBwZ`@NEfup`rIa&?mfLJY&60_uAucn9<rkPp^K|
zFlxIDc~H))PI|3veY$|NFAM%69`H~t3^aX3t{`09>7XSoaK*Vt@NQ`9xRz=va)^fi
z)u~#y`F6#G2m=DG6tbQHaZ$V(m1<RNGVL+K@z)0%cFx7c2hRs)M|*{$*}mx|nyU3X
zEAy^Kt{8o(n@#A`<9idb18?%F3@FTSaG&4{eDdK_O6ep%diuON2|7GsyN`B(P>F|U
z>dQ*9S(;bE(@t^7J!kh&gc?;ZyWimN_1BcMi4~sCS&EY{02S@S-D2Q-V`d}-x844_
zJ(<|iqV+o|V+1vNpYbl!pev$19Ka&?TV!C0B)PaNdv+<JYCC2a@Y+D=hUbw%9vic*
zE1S*H{p%sqJ-Zp+Hci|7aXe{CKby#gVqxr`^gyM+5m-?u?{}oIcyhKbKDtUlRougS
zH6{xL+vCO_U=7$>H4PE()>c5_xxyRUI;>Nu4p-pGV{!U|hzRRGeO!kna!@{rUMyc(
zg<U)+Lr4!?<=1TA2M!cv_bh#*n_H`^cqne_(fMy^b-;Up<@O)ogxj~E6pB1%PK(Tn
zPL=}^7X)jP7)67Wy=7Oed$E_42X!+MX*(&vX+b`BSlCGpJ3BI(=^HjWTfS`t>e1Lx
zA)ZAf*I+>y-_gH|Q<#x{!FG=S@G|kmjDsaEx9;Uy(Q!)Q2xtb@XpegNa01T}x~aO^
zEW3uE&`ym^MlPF-lP_8b-#lu5r***~4m1J|YArSRH3QO1h+$S+CrdrG2x0sI13dEm
z3cx#_Y~mH1N`}URIxr{^^~WHs47&P`GxxsdvaX&$mi4)+k@2(=yCYP#+<>@({Yeib
zbd|18noQtUhCzKNs@Ubj9WXSej>=o1aRIzxyYPbDn8W!?O+JgU@~5l5v&dY=h^u9w
ze|{_pAK?fUNRR)wkDE;Tj8V7(^zqOsb2Ky$gYWW*m7E#2hEBe()hhEG2eL+oK<qs=
zHwff_ubKe=_0xz4Ltgu@^ZWnt=fCFpf4WV8!2}0`UU)GySHyiPy0Z0m^0?y92?@cS
zmE$9lG*)}2vVRkT8+dXi5XE5lHR$nhNZD?5Fp<jdVvX0(Y<f{WpmzsRp8qntpeSrW
zaXplT^J7%}yC74wgL)$qSD)6Ic|S?;CY^+d862Xl?f7v2PF8x%)!{z}SuVeIHZfOB
z`T@z9bzavYs{NT!N-}|6gs`TWKi$cTql}iqfMzFY)YpANg<CVD-1>n0T5sIp_gOpR
zzrpX0);%Manmy6MGx)d&5<!z0*@tv~;VrEu4Y(ZOBXVA&v#7%NoD330ngwC5FjHHt
zL$E^T`2q~tfh%-KYBT>eCCyw5Nci?3y1a`2W!ptQ(DqeA(7|A|^(lb~Uv2+H0?srX
z8MxXR{($12Zck$s_jzwl16qm7I#m1V_CTZ>$%-{Ch&zx+fX*^vKIRpvT93bTr-&IY
zX!OK^b~$ysnu3xgi|SB1pO|C--bQ|a(vfkc&}HT}{S8%#G!_6QPU?7)tjhw_>y5sP
zvnTiZ){+bt=%FqR?~<Za;4$UOCVcWl(ztT1wJ1A}X%9Y?bEh6yS<;?2T2uO{J%>;W
zdaX%RWQ;iQ1@6?|4At_cYUP$5J07=-;@$G0XQpw+O=c|XR+kY4^n|~`>p;T(sHLDg
z<Q}<komxtoKy|^T6sMhCGaHK5Kv3amGH0D4kssHy78}42n|YV&p&#aJed-wHnzrbi
z8FLMx+k7^XgkM>DG82M(C9&{l!9K&HunQyOLFa?Ubk`={P^*0H+9k-$<08W)@dm$`
z2U=amb8z$X^S<xozfs9L+<s@HWlZqJa=~g&@s>yshq3B|Yd|I{pjn}Gg|75SOyrA|
z1VrmnVTqV7=?CJ`B;@Up3W%E5Xw0+oB(-x+JM?GC3f+da544g)_JhfPJhJoAw1$2Y
z`k+c_Z$x-K<&#e*LDCFrU<&Oj+lRRlaf8!ZF*#1B_xrKLTCt*5DS5J|8bqY2Ie9DS
z!>cu>DPRpcg;<K=nXQ$O`%-~La3WKH@qh40#;biQxU&Ou;VH+@hafob%soq=Yu!fp
zH5Q_>`UY8yWDufQ?T}3VhbkzODe}GsSsrt}rP|@xbtAW$z+X(&ZO2}(g0X=wM+<r5
zQjvzfslN$}#?m8ZZ;kdfTw7|;?u>9ALUOh75Nx;Z2)wgBIidWe9=Bnip~;eMsP?qL
zA$`_t9b{vm&7d1E#ok|}EOdzLDWoAdk1&m&v0CX^&3(yF=ZAIubn<tTB;<EiP`JJx
zt;~O=XP|MG6*{=;3nqA~9qVQ1;r{g8OIHz7+_A%W$d??UET27!nY^hUZ;J*EnI35;
zsSdsVep4XW=O|ZK;%<Qsq~Mam@y(017D0(+^;)kMncBlHFnFhGf;!5P{w7uW;aqGb
zl5JF4f_jq&Kf9~#|AA59VJ^>+_&BBQXUsdm7Bd_rrWu4jjOPANOyASn8FxLLgrH>r
z_~^eT*}y`Ks0}oe@=6WXbY20I^rur9IN^{rwE*|r@8sPS63haQ`Z)d>XgOM~y!D8L
z&oW*@!CWMBfogpmXgY|jcK}h`HvP-xq&8$%4>b!wth2h<>AnuC&txG8y9h7JJXx|H
z)lGY$ch40yx(l7#B?GYXj1agIeppPEnR$l)$rA{pOiXHW{3_5hdJ4qZ3h4lwaeF^z
zL)P(3=B%WP^L<O$#L5Hf>m`0?hLc^Tx?1--U=LyN|9(*aA9EW8gWIeJvl^VlBY-si
z96&(w@1iG&5yvs~dJ7`<%m%efZ@49Ih(tG;ypjgQKBdL%@X7^kfelI_kYq+C!h=|M
zUD7AoD|pf&!ejwa5xX6<<g#72EuqW&(P+L+G`KhR|AJR<LG<#JPYE5Kz^!SD0{(t)
zwzc)P-Em}q7P{zB?7nWi*<`(~GR1^EsppHw6N1l*DFx7)2HDFqWlOZfxS>{lMgw%p
zAZlpD1Ejr5FghR}U@H_k4A0M(*7+^d@`X^}nszLx5lwP<c;@s6hM<ChO$gu1Djav)
zB8DT5V4Z3Et-{=(d)?*e3pz#m7qtz9B8HiTdodqv&>ODW&MRC%_|$wH3$?C2h}NY&
zz~PN4_u>0MDCS9_T5j|am2k9Ojwi~b7^XiL!ao77(ra+Pw1t68#<P6KdZCD`h?&#j
z$b^1n%8`*VPHHy@()yevevwn|8-&8oGiO>IpdSbJ&H-VKB~F>R0lKuEF@;daKuhRl
zJ{1|ffW+@SHWiX&r^N<{t83-C4BTcPQ0NcDqJh+P_Khhjdc1)5S6p)WGxm8pUibxa
z3Kf)b`~550h6^->znh~D?seFTHd1sP=0hto7=54QBP`VSAXkZxsvcyV*XJ9m2LN{9
zk4|$^gLGaxo;G2E%$t4euzMEZXXL;Z$UYt7be3=O%q|fByotS#hOhz44M`0ff_~`H
zO*`$gN~@tgmRY};^r}UYVx6$h%3=INBnR<$`azDBZ@UXO^*O!KpNf4N#5Ya9Z6W;5
zgP!nrK#OhHgJ?Z<sz~6F#iDNFE9-T-d7IZJpu)0UT`oLykzO|6;C35_zFGK!M2)52
zCvrDE+^+GjcK0+EjGq{hrm6IQF{kMbclNW&Vz(tT_GvMYqKvwCmx<u*EhF8kCB+|P
zkfJ6kv3w)m=YxTKc(TLjfeC_hsfb6rPBvky1aS!OMZ$b9Iqf+xaZO9^S>_ru@mKYJ
z$868rSl`t1w62}K+UeLF-ikL5o_sV!KA?d(6rL?K!q>c43f<#IXY<-$jKZfD-IiXa
z9aZE7FDozOS?~|!fWcRNsg3U7b?(V&D(K1NOek%kD34g3l1&=#`B!?xXJ_TpGtcaf
zyGvZUiXwO2j_WWY=5P>G)FG1;9CB0?+lCZ%un*6bEq38vzjH|_Do*Pm8U0l?&bAse
zbj@)+$DN^+IGerT?)X~fP57HO%4|QuT1D34hW-_;uXXTzWL+*2&64;APpI0lPf@Hg
z5^l$DX$5l<HJIRAfF(XuAqXh5uJ>IqwVt=37LHIeaX+?NxYa9E?7&Se)DYr=`9koj
z)kjC#`qvJGQPlgAA^Gx%Co>Xu?Eel68!D5wXp^3?IZt&^%hp!Y>PZJcQMZ5D-;k4+
zOMwyKSa7+C2`wJd%=z@0+G^e8zOkCv_q|rj-@lpMH|sj1@^r%Ody_@4sIz2$0p)q2
zxDLYCk~nEC*vuq_T<u54el6n0y`oUxR!eZ?gD1Lv6CjGq;7nr_!%;RyFAIyC&Uvp^
z5Sy;rQ7ZZ%DURJ*rc!V|d0pndXPT^-+l$6>Ii0T^=716K1%(t(i21D!+Vwd%*l!<!
zTu(&T*^S9mBirf1vrVe-_iecPT%M8}Z7`@`6rjpp>H6efd`YwhH_~7ps5yA_!E3bg
z*Cu|z{)T{V&Mg>pX=ll)m1VM|@R|1^%bs-Thu73>P_yWnN&^ccH9Fh(p_YL`HCP8O
zO0y8lUr<qj2&hXI8V?pAE<RjGHGatybUrsG(0wo1zkZ)jM0!`4!IA_<fnNmsH;-=y
zYg$TmHUs7kgvVPC59bE?HM$2n#GQR-SortW*v6Mxj)hNahnj-3ImJcyT=y2a9!!4z
z|Lhk3r$(cb2x>_dNaqFM)DBWh6qx?Rws!u?Qtzp*UCzI>iKyTcjc+ah<}u0887EBb
z>@evfOfM)}=85@&cQ1$0Qnz-PU*(<vg8wY;{~vb6+W(-os`{hA95?6wK1GlwV<Fq)
zdlbb_1RAWY@9ZAukzMP~6x^8slyt$!)?>E~59cmb{?v;sYJc(}$8jVl!V-D-kWur1
zpVeSugSqt|<i7qZgprGdoK;PH3tE3fQQU;)kT<0F&1A~g%^)~cX%qX~g#+rLrOCKn
zKIdD~BA8Eo9BD%%F_}0A7dN5|m}a9U=ejME2{Ib(&&dFWhp_JF2tojgF<Z|Ei^pvZ
zR)MZ=jfqiQH67DOW_md$7^sqY3T{R|5e=$!%bC!fa;?0K6NJ1gr=VO_C#YUMK=%Oc
z=+d|OQM^A{%OR5SlU{tuirOaN!IoF_{4~P7LP4@Go#pR$U4)=V(Nz6ARK*S_Ad4WI
zI?1OGnZB+>g9i=wp^CO-lZb1;3T#7~(+R$kD^{ZKD3y`X;eJ5pltWa&LXPwN!5%a;
zAQ@XUmZsLk%@~OX3~J{UX*EY5lAc$uI}dt2*8>Ghk0XGLdHEFUgph=C29~nq1RGj3
z^sTDzn=0_3fw&Yi%^+XD?Jy%UUa{aGv&CYfYWy3O<>kW?<9mB)u8cRZ9fF1vgRhnl
zGum}Z_ZqM0xRdYpD-K7X3WxD%32#`i6B-Iw!I504uZg&M+ak^6bPTpPr*QoBb>r<9
zY$?Ar;j>#Uc+1TD{6*QO^!mk)aa>%J%XI1!mF)IO?X<$fZwD9$)>BcAL+QU;Je%`4
z5RN0Q<4pObark?j`vTC6pi2N~w<&=X1NY?i?Yxbv7Z&b|Q?zkQ^WPHV_xxyQFL(;g
zEB{&of+9=)5(*3tUXfHoo5JZY6lR(OPJPy1ia@b4Y2oVaa%@@Q&Rl_~i$hOw6mf#{
z_2<QbUg~eH!iy}i+0KLYzEsij{9N}+uWRs^OQ_FcOZa0{${ky>jm0GYD=Vh`ZlsAE
z*V{lrR1}-TRrLNP8F9bTlZjkv1vj;_wy)&wzs^eJfeLLgw>iUZp3&xVOzuxD4S{H&
zi_Pn>8h>~TqGDB{)Qs%_rBn}GFqihDY2Q*2jgqLg8G*^x^lMehxDyV?Jx_9gG)BQ~
z-Mo;41FPq1>?iDGT(S2=EQkQ#!DHW)nS2MgGvOQFa_Xk$k*v+tH^04D^Q`Aq2YdUU
z?4=eejJS&wok`7wM&gO!yrP%=n#Qep0Kdq$n}A2x4a!&UEqO=899%~ITEATyK9uQK
zDgcF7$6qJ^agBx+*2r{y?a-Y%xZDbTnL^WHSIVh8K0kU(f?EMT$qF**uFAXUMsCbB
z4t}6z#xBYv`!DYASG#{xPP0J-N@MC<G+?%Txv5lKR#dDJkbQxr(WYu}EaYf9wo77&
zU78buN8?VEWcR5ME5CW%8j0p|BD&2NWI7KI@5kGj+gw4)%%0gW)Q&!=#Cy%q$?`f)
zgQ$V`9=9IhH7s7tt!bGIE<|Qo8)0@c<AqUH>8%Ca`R}*Nw4P9&PA?>40NE4{)W@Ss
zs`x0mzV~fi>{c0X42bdsQ6yiM-(>+6K=w_mIb$tH2r`&3mpB!+g-}$Nvz)<fMo**X
z9ja_2VN*81P5Gt3jQsB{iRsXYi|(Y?2bqEYHkEPE>6grIrQU=&LIZ#1t{d0XZNT<B
z3)-+e5Y!C$*XdpUznIk&IJS!~e)6dU{~;mcIe7{NF*bnFe4apU>5O3S_<UpV6j)%(
z;z|U>YeZbtA9K-K;a_w_BYKxlgK#*AEKO@f5O_976G@O;25=v+gF`*=$bgsobl^mE
zYc<`~d!f8~u*E=ogC@RhO}4~$x?Ek<(0%22`~(Jw>Yj1!D>~~}^cm-`I(9k|-xoQq
zZECWv-^>dyn4pG`o@C$F3ubBQW7BDV(_+^D0VEZ5JLdeDOOg%vPX@?2;4+bJ>o+jV
z5CHziPH0mRdRaa<^7*5=)RIb#$vDbx<wQR_c<;bCcCmsJb;!MHZYikbQmoNn)5=6L
ziIdBLh42ZLTX(7M<Mbn}iv7W|-@*?1b*EKzs+NF)pNyq>t*&s}r*aC<;lOY$yKV-Z
zZU0cg#tk&R`VFyZxDKD$^?)k>e7km={|Z{WGX#pZHy{O0BcwZIiA&@auH3Gh{bNT%
zXjZOtp#K_MjF(y_o@oubX%eC5n(5RoHoDP49=v6M?hLX-ai+r7YU<<#V%XDMH}Rj;
zD#@5vRQQzFK&lxDm>mXhH<Plc|D!s@D_H6=Z>m{-E-BUtT{+CNDv;H8C&NF|6Y`bt
zKi1fo3rn@4J|&_2`XiwIyHq0tRSy?=yytUuStKjH$HkrDbj^Bc10;G?Dw?p^lv<0*
z_jNRQ<UF~~O<AFx45QaJ4-1lgxpeT&dQkJT2=5!Q_yH4^^(Vk0Kl_~7K`%&Y$8*$g
zHNu!4P`fmha@2Ufv`B9KMV*}gnDLwPNLD#NldkDDdU%lGofb%#)=-eqePFt_sr16%
z&?K2umo1mU`4}=!`My|yH&mR+G}5sXni;=kcQh8CtRclM43u~64JR2n+m<xry9Dd_
z_e}h5s&}F=ple}-V-vq$QysteO6oNf@8s&r*l|&z=%~BMDO0c0c(`w;F{$k|h5WK#
z$Gh`38|SH+?gGEGEv}$h_{@iD+!ZY8K75}dCM}v+OY9H6AbX(+TKw3Fjho`Ah=nn)
z?yRDD48#NJ*YzZURouVV(0eEFl!KQDj9&&Aflr50E9Wme!poRVdGdqb+lX6s*eB{8
zv19j8>S3<D`mkGYbku{yV;XVL9uxes!>GBpMxUfEl{GwVG@_$dWy*f|xEtNF<1tJ1
z3pYSxzuy%nkUeL-{!z_MrT5&@;@I-lRcwTwcJeZsgAn7-jOKbfRxt&PJD&hNWo3tp
zcur%I!w+P^u_Ly_kBqa7Ue9UXEv=6#zZ6oJZ)g!3U5h3jFep}(V(?WHZ(4^bwxD^6
z4=s|YJ6UZz^xM)(6Tp>LS#Z@FQ14VHTL9W3lCn*@-$S5D0L;{EPAb??rsN+^ma&ST
z<oHd;?&uD7deRP3!vD>a^HcBHLr|kBZWK^b4t#m=r7qs%-uzh(D53aTDPFT!GR1$>
zo+`_iT3J$SKCy+GGmeu!_~RuN@$>E>IuDDT|1sO>3{6oGeGb$!WBMxTp7+iA*AgwR
z?yhu$RuM@9GYvh}ejH`$^?~tfZRr1eP90P|sM9*)JtLa?SVR;)HexeEYM3#vy<|+J
zm0&yPp0*!;SYmO5i*$6S19b#^qLV<Df?ct}jEgi5WdcUz6Uz*-+iLmu8u`t<SX3oI
zB;&`P!z;PT2CzN1joDDmX>-`@zdEdQI|fM2<1J<)_3{cT=4Q83fnWV<wNtQQoe7q{
z>ET0w;cFZAnhB^*Mtf=kWwUgkMr-MZ7GC@dn2N9#?3+{u&%;6wb{msSQKaY^sONov
zLZ-Si3yquCJQ8MHj>IOn-e5;>M-t1|3K4Ein;UpN>TsHQDzIuN`!o`qSFku`8^$EO
zCETUPf2YSI$fr#!JHKxi=f>BMs6Je4?+CpFsxVSMT6yoX96tWZ@O9tEE|qvkw{<_~
z2$sGhydw(nN9c}D>ojW+>9i1}Quu$j#{ff2Kr^7R;6U`b2uS6BVORiyO?Q)PLg$sq
zq)F!3Udr_a67a%mgXp=?h$#2@%uEx;az0ck3TWTNciCX^eV=azPKQ-x$}fv$#6O=z
z1dG5wu~`70Q1?&c`n7Iz>UyX9wq4k<ej@<!L91=cBM)r!+K(JhU*h;1S{`xyMlII0
zDSG2AZQ_LM!1l5f*<`ADGEb{qV~e<5ZUBdlc1qsC_Or6DsH&hWijKF0q!j3edxjtd
z7ap{u;_KrH`&p+k`1)7OK!eXSxfU=8cb_bS7H`*+>UM@-<c$r82lnJ-*dnuw@JCJU
zo-;WP4^V+$A+#MDy39TJFHcKo(c)}m%W4j=XRA5=6$|f%BW$qJtB+bxUL!2uVUiJl
zed}bs0poY(=C?%7;!l^4wNf_P0Q(h<ECsa?O2j;!5H2;O5FQ5Y5w$r<{KhFzHVkm<
zu%v@~+?@}2L>iN}H$WZ-;35dFN+Fig`OB!TSpaNR2XhPR;MYf+kPZOAmdFbGr57Vv
zHfv<wHpVg~{2wYWPpgL}XoG1%E?IARPSZ>B8u?>nf+2?yu({srknMa7(u3*Lo?L@c
z?G(M#y6=>>vbVFHylQY^ffRo@MfFIIZiN<})l?@7|Nfma0Pe&mLxljNnNJPwU@2pB
zE)~5lT6gxs9g}i$7gv#|k_?<`Go4t*QCXw2&EJ--&_NzAwP78va)t4ZJ_F16KRCmZ
zx}nQwe?BKyuLC$sq}}Br`49Km`%hhj^S>OyK?=)&F;bKEx=eKbszJYTNrz>@!S9{w
zOGnOvB=9#bRr%_N*YLi9bBco9|Au}un0?|WhEAo<%=IPxHq2??Cd}x${gXUVc)Cl?
z5Q*i98j<Fg%iN&FznI+Tb2=}D6(IivruR1HPnw_7vw~Xr=V==^xJX__#=#$(jj0D}
zVQXuHao&QhCM%xMX^N|9Si;6z<YCO%e%Ukh)P)IJ2Z1iTV=5<NoYv!t97{SS9;fPi
z>T^<lNK{}@E8g39XWaW)m3QBRP%^qsEkrschGT`=v8MNU$lYRQyq|Ild*cXCar+Uq
zV|f!ot~Tq9m5VL-{B<Spyi)JNzGY-^)1*3NAHY!J1C<8Yi4mg~y7pZasyv}XOircH
zgBcg)Og&;L8wM~a-D^wn>gUw52JwqU`lR05lHm>CpGwxpZd)fc)fkW!)F2|!J?=sa
zf1cPhY+j2zEv4BWoK#`ov1=sbH!1_n0V}tTqd)t#9c}$05q?RXz3m9z`B`+%-u)~0
zkg#Pvkp5zlWf9N7k1zctgYL+u6nV>NWiyi=&BV)xP{dh#@$eP|MDVX<-!Nf1zW*tL
z_WDAG+yog7^Nu<3%eZ45B4=OkC*N8_FS-iefYQ$UJ=#%Pvmxv`dmT79p0T{%zkyFR
z*f)91$SN9Io#YT~ONNRkWE-<;SvqI9eeU5f`$co2T>=3t%B~2RAu68`3>yw@tAmgh
zgWLQnmUN`bqF3NHYf-0hUNx680p-@usO+KEeA;?HoRJXr%Oxw=n4jeY<xcl$O7?04
zCm5V5Xp#7xQ0{ovvZ0%8djra7m)<d9W2IJ~%{V&u#bd6|0mk(C{A-A9I5BK(8cDn?
zr?s9~(8?egIyg31@a=h-XoLfR4FU%m@Y8m99^kc%Ci!)_LMdtW8=lRoF-0jZnrY>O
zcEBBmams_ZB^@pm459iph(iEGNH)2Xy*`VwV;*&nP2ZJLeYk&r6Cg<8hUdC4)0p3l
zJ|AQ}u%O5z6dL25GHx-nUGDCIJG@ocs~5W70FQ)u*b!iKCzb#04)?#l5m+6EgAnPp
zPaFY+G-grre$C|#V$;7ukvsx_7+*l0TVt49@bnt~0TmL<X@*V!7W6Pje?H8od)4u*
zB2o;@l@2k`^J$9mG;zBsRV|-B+9wSNBkV#P3i|||U5rUhC$_4Q=WB4yyD`82Cw2Ce
z`*YAu`Bm<fn408_YOy)ahjSG$J#uw2wBVv8RB3m>|0r`o*Y{@gu0hERW+v=5HuM{{
z+sa$l;NA6rrE&s@Niok`7_sOF4gxo;Tmv(=6n^Yr-w>SDWpOvdWBPnUuk`^dh;K`&
zYl3@9^Ce-M)0ivUZ5Gu+kPmf+IQF|`{nlV6a*5^J5abv@82OcPqUBonaHFu*6ce;{
zkYiMYv3MV)@f=ZOnE6N+M7y=Iyw#JecGLT@8urY3rjRUl5`I8)tmdlEt|@jq_&s4b
zu0!j)UB;Cgs9@aP4j<I>^B3uoMVE;g^XqWA9hwt}>%A+uUF&0h*^G0eE;3V5{b5qj
zU|elZ4yim(<D-2IX<vsR9rl2B5c<zHUXR(goTf_rQ9<uYKL4$rbgN<DjnAp$F3X8~
z9WB$5b^l1(6}obZV?*g)#&vw`-slgufp+ZW-_SR7!j5B3Vn8ZAo#~;DHW`AqsQB~1
zwYi`1%|Z5K@zG}-kGDx`a=B~!6`<-_P7}6j=e%~wSd$A%dF$FGezkd_>8HP;8Yut1
zBrky~nT?kEs0L8%g*lfdsx|~q-pCp9IBv(<BkWjE?ggFsZj<SBjW@nzRyuD(6x*!(
zo&Dn)v<hq^2Y>BJk`}n>8XdF;<XsadI>gl16=Q?+GwwuLqzN8}meG@X)9A{P4#%OM
zLZ@YX>=b$~leb(ybvxw0>f=cR)u~&UM;xEZ8sEL3_?H1zi0gCkl+HFrt<II%;)I+}
z*!@Jo#G79*W*BoD<3!zfdzKnP1y*?Aw6!L?kH;FP!KdTaG|n_2iN&5|nEb=rWtA#!
z#w?;lR5M$q@XKDTf>sZHZU}2ci!Ud_1G~@R?!>lPCgDjd<oR$~2sx2jm26{fms9A8
zbPDNvz%Z#3C}1kpnHS`)Ef0<^79QAEhmhU4n?za04ef2+KoBRcjYlR;VB#J)h1oGg
z5nvy>yuyF2lLaf1jL55rSpPm<Y~c4765)D=T9-@ud4?L+jr-Zr_bnHbMfDq5%JUZq
zRh8rT=o+WVXH;mtd|c~#lhP;46X1dOIGj(1Cr1jPo>Ki!g2$F&2k5A$p0{=DcYYl#
zisD_^O}l^gjom5S``a3Wu=ugd_v-_Q|9gp-DOBe9XA2r}$y*D3s4gSXjA!##BuB1X
zusfpw-dbWDbqJh>uk56wLJq(_{0(%<`Z}$qv1o*&Vq}s73qAu*EM}3duT~q`?_vXY
z5GtVJCOnXN{rJwwM4&IJ;1kvsjaywgR<J&somDS{XC;PuT_*ZCWUyN`XEMkPZ&ktm
zuP9px9Wc~G&J053@IH$ju4sYGZei?4EGX(8Sy3{Y433>bEqg&p^qZrqp#G=M;bA&p
z?w+rX!zWwxpT6}npI%nwFePE%Sw_(7Grcvg0pI7z+{!U=dJna;j1%&5MQ4ryQgh8~
z3dlW6N7@v5%E})v*~|4;to&(py!Li^?{DpJ20Q5hXafUXrL7Nm+dX8GpT^_XBRQ76
z`yb}&FU54>7sn869Ms6O-i1zmNX8TeRB@lDDt@!qljbqCXmU&3lp5RE^CfUdH5uSA
ziaUr@o`vC^B@9F|j4X5%+}~=o0zC7}M*#fzHp;z!hv`lk4+JwVTL0@*{{Q?P3NuBa
zRXpn!T28ECJn*TrOn@7)pP#eQt;lY%d7*|{zDT)c#Qp}~1q5smntj1-h$AfjW(DwH
z-Yf+nRKAQ9IQY;@%8Bsas9^L=D%CGws!90Jj<FA&ZgohBsnPv8RcpG>vm(YcZbvE4
zjv$|u9#fQv1k`R06vmt(K!6ztL7yIQ);C$gZMfXKgH=;dcR~Nd#bdU<dCQqk&A9<+
z!R^*3#?vi3flkk)L~lP7T5%0)JZ_fJzh>%Is$IsQOG{}KoK2>p=K`Uz+o_o*sMeCY
z-KRk|ODltWs`wP?A&xdE=0Z;@UgZh~`ckXHjIVv=^tx?ARpIdR_>)>S?oMaMU?E!W
zaPLGronb#<w||dF@b(hnq!NB}tc~n*4X^+03rUW(HfW=@oYC8+5X0@w$5gzg0H=BV
zeY+8Q>kN;1NgZ{gYO%PN2GOcvPT|#Bs}Qvl8=li~TTPWz*c#iEFc+i{a!39w)t1>0
z@ksD9j`S%*>oDoVi9-!(U6)%R_u113ch8Y}d3l{#D1!o<KQ)gO+KgGpwSE$LvSDK$
zs>}AchWDG^R7^dC*Bj_v?@PS~T;)@z*WMjMr@q|a?!ZbJM4XOZUeF@sdQI&FtvQYW
zheNRVM{xQbi4Y6q)ZjECvakwX)v>08$5Y}S>HLyBJ5*+dZg*`QKi`n(_H;{*@rvIy
zyP|q!^?qUOk51yYj8VSSaF+|+*;X&D&$HNeTs|ik>eFQ^oV5^m!aD#^vZ@j-fFE2a
zm9^@<PwJ+Q-32bQJ=$?+=t4@K5ex?4?{}Qo-Gq_N4DI`c!l;jvO!Tx2s$%1(EIweI
zm(M-6>bkO>kk3=40gGyOtUR{LKAU5&I0k&lDgz-i-5HJ@e7~>EF=W3%ox$s!vwrl9
zy++747Y4B85wZ1=uzDl+)v-Hm_9tU8vbav-#p|;A4esGGrXT;>Xy9J+`MfJPEF(JE
z#R%5u`2EUXwfrBxZ$z7aMqua$P?KqoCd>{G?rv$UHqPs`4k~`hXr3?9VgVGeOPY~O
zB|JqwvGURam16yqGOK;d*o^+5muBWIa)V`H*TzJa8G}swt5haHMLFz%d-J>4XTO`K
zz1AY4^F?a?!vYD<kTidGs4*o|P^jS2OWh-vI5u^=g#x<|XoBO`1xpk9xej`~(1v_}
zUoQIdtp<LunqzynM!p~qOz&grGnq&U;>~`{;U6M4dPj7^8h+tKlAE-ANv(ZJ^kAXt
z&hBK-(K=*x3)R6Sem??bc-}(|Zhu2&)0Am;;W(db8g$TXEiXatgatjCAd^2(V{dgD
zFTB$AYp>$}0Q${t{y|QjX(iM5JKd#ioop!Jy`qt6w<Y7EHOd`%kBv)A(kqg<V9>8U
z(7~X+6Z-Q~b-bR(#)w=xYVDnV^Rc+i2qY$+4=1+$IH^Y$2f3BXb}b;m@Az)RlI>Fl
zFxF6u*>@QmH+QP;)?3ndIM79lRy%@s$w=beSb3G|B>>xov5cq+rlZ0xyis0guc0F@
zI)#rebTf0md{LS-?KFH(1M!<3!O<<*vl5Mv_PHTEP$u7U%u=cgg3C0(ttVPr?veN^
zM4q=RPZ+ea3IZLOMs*e7b3LU(*1y&%3N1lPxBbASoU=tB=#`VyX`R-M5AU_`FRXwD
z*GI@<!paFrsm6VAv<~CfPy;7qv$`V@tO1!>20L;=ZO}2}y*DT9uJkXL(F3n)eb!sC
z`dyqyG~h0JfHW10u)#rz8>mEqNC5=rNhVUT{Vid>S%SiiXZ412#ejDOB1Zq_;Y#UA
z{P?BltIV|63N7&9GiD(v2!Ub-v02|HGiTN>eQef<&cAc?`QAjn!r-r(L2gw0$=UP2
z(D8LZfe&M|0D}MzImKxZHyN+IobJ{7PKAg`p9~`aBg|46>-g2&cBiQw-OQvB%NZQk
z7-j#;C<TGfvXKL%cIkEsBpON8f4uTwVnRrK+vzB<g}K7taL`q&drTt$(_Oe@SNSe7
zc>53B9CJ{yqOQItJ@52X>Y*>+?=W4sz*z)0364l4Y|vp49G!FX9Uy6^Ghl!VFOoug
zr#>_bP-j%?Q--7oV?vn$2KR3!$u-7%z{U}D&6k3H*-eId*Wn)%q~nvB{8>29P)^(7
zL2QgOZ17J$RP_yuwAr|Qucde_#ik=R70W+t&{SSmuJ6`P&ze~;<Q-m@>+83TIY4XN
z+MU?gS<AYZlpW<9bpmYe{#0={t`zY4SK*)sW`~&>=53&j5jobQ-DRaz><kiq=VxGE
zp90|Ii3gbAllAC{1rxK&E1HQT`PN1v^=Fr_6XJhdt;!CK<#3VzVwk^wV%V;MFP}!m
zD2ag{2A|Y-gc722%*i%vzBXL$ET1=YmZ<?g+br7g5aXYfh`&5pBAI?_2<d&>Qt(rK
zu|W`J*``H$Tdloc%`zq?0gbY+k@g$RRXx;dicZ}zp{;GyX3{a#GMWEbY_QxIWig$&
z2Kg@=#zFN*<g&OoT!!j(kY>m5Zij*T=Bhzr>BN)Ta=I-Q2BR!f28s|=4S^?XnAX`i
z!5cyaZ`#{HX3X!mWfxo*V|6)U*_CHGfvU-h_s#ph?o&cO__+skD)-ZSPpwINAWuts
zRAJ};=H!W%)1OapKh)T7pYrgLMtl2xRAy}%6!Ew;Q|9A2y{5UBVsAEtkC+f)F-T|g
zgEnqZ)BSdWTE0f!&|vrSvt($FwSdWrG7fz~?R>TvwuKfi0{}0So5Qcq#<{ZP1}GNb
z+^WIv@5r-_CiMuNJUP-r2(<nFY;}25tZl?DBd<H0hxV4)eF6;bbE(z=PWSh@ImG_6
zF=Wu!V<pLks4G7ikl@i<SXEvlcE5GjS70NP3dB}Xf}SSVi^fvchwn(o1zsJ`Vi(1Y
zY>v<GUq|g+#s>JDNAc-*-l;fSrx7yU%&Il6#XOcd)+r<ACc@XKS*<ZZa8t}HQ`JSO
zEYhwTH7$;}_zUK|GpDR`Vwa0AGFUL1tzolP0G9ibF6%nwOMwO1oMah>4AA0zy7Utf
zQzBgAUJ35JbJ->1l@)&$cMAEH(CG!FZ)b)?^SG@X>@Oc%2DntF@wI>z6|(E+Al_Ch
zdbS06*ygAmc1~;$Iql@cer-9Xix%HOChg^J>$vFc(sHVzn($fqK`-yeMOKNRrb_g3
zueU*lgbGK{!_SHFchT%a%96+}7<yif1pUsY4B4KEx67!Yo69HI%%?vjVyZMJ^e|^l
zG4(fK%x8S~=37US=kPNj9%(VemNdO4L89RNX619z(B)yfq@o_$gHf9PhN9&G_nJ+=
zn1}$MA-Z^AaZpDuZ-`<8hCO!fTb;ul4UkA1D(6Dnh-pr2u3U6%nQ2?FRUap<lzH4w
zbXiPCR92=p=Ce5viYW#{Z2d(N%VvX+pJYA@o%}Y8#<22L0M6u_jd`Y@BH*0uyv?>4
zKx((}8`?oRtnsm{?~pLky6J(<YYAkQ?Q|I8AUV`F)D#+lU}MoY+^}Iwm}xKQ$VL6F
zvJ+g~F+(`Vj0s*=>Qhte{$!rgQNB;XhgzD#93y-|k@7h193H##ca!=B<wZ}`h0SR2
zJ5ElC`}2-fRr2|Cr4JQ$q1hogI+td<I01EnFeXnOqL)^-OnI8A-JuIODI^4-qDqJl
zm&x=<!@n2l5qCA?5t8hoboKo<_5d}69{Zdb|JB_jq@HsSd$SKj8v^cArAaFMlWg;U
z=M#LQ5&+ssGadqi%_b1P3N@xnRd(JAc>OEtL2h||Eh5T=0gADX4j?q5AjBo)p^~!<
zE>dt&pU&>!F^yE3EE_%Q(0+IjZ2ITw7I<*vGy>U$fV=D10et3QRg~>zg*_>CoaX6e
zmvv`f13tB@IQ{sSMXDobr~j6BuJXI=rtBp(!b8o2#|-IQKUr*{OA##G4)w1EY_A(D
zw3MmofqvM1KKq{G?X`$672xq(W~ybE)0rKs37IFaVm}O02Q?$*8a(7DB12T4UBD|#
z0!1qua^?2zlr5O5<;9uZpK7tfBhKQy6k@x{R1%QGUXZ!x+ugjiI&mK19tpTq0jOy5
zHZF%Rfx-_t%a;X0BL-<b;6cXi`ImyQyz1CsnKYx08LWd4adTt&;^B63jtY{Rifm4g
ze<-(oCX2%<jk)(-%9Dp8UBk?TR?oMlG6W|$@QsW%UfnE-FKW@J+~nipMAXIpKBCNO
z6&$d*En-q@-DOgZQ0K5j=5W14#D2vSR@;OJtQzIqwcaWBT%eQfTwS22a_%B&_o`sA
z-(;;D*cx!qh|jc|Q-E&$Ax0^lQB1cpY-&Y1AK8-ih$^LSOrHN-2Q81!7ut)4`5e&0
z(K__Q$g|0w0Zc#9)H(?@&qD^-GLcBSZ*uw36->kpa=&O^PQE=<p@&WvvTU3!TTa)0
zJY_eH2d>r6&ump>TbPqt->)NEP~MqNP~FUS)+!Gi{Mk~p@YG?vb@u`*Pq2WiejRU&
zl(QqZ<ATARY=Gs6V}QT1jhemWaixd<Z>u>RM53I~((BWoYndA?oC(XFoOZO0z2#_u
z9c~6*OcOK3t{v7)(C?TupHWio;v-)M;qA$<wO=}2YwSk1g~P?T`=SsN7(cBhV<oT-
z1$#Z5m@Ro(fD$L(@F~HLVgtMtiz+;@q;H)BTb-Z_+S?urU}iEqpSJ<?ScH2h?s1Cs
zxwug?eK(+2pWBXz-V#IlhBB1sh0g!<T`F?^Hzp3owaJ6%#9Q_BGy*hz^Egm){Fe^v
zXRo2M4~kIl>aw8nc8(kDd;S><ePfVp@Lcdx2OKH<Ea;XgNX6@I>C0=9Wr^AO-3QvC
zjXl(YDA-f!2#UO)%a{cb4W5C2Xr;Xm$snwHYZ)2yAvp|0BpA)ORqAGxF$L)fclicN
z2})f%?~1$Knmh*HBUx>9_dPxu;Sc?JMtIl9W28jb<g(&$8y|-+Cnv`(!>6pJ;qxuf
z`b_XGnhUvAW*3&+QzXL8#JGGCe-(gFa;mxyOsrz-cP(S6U(1}5!w2fAid2+nyU#DT
z5}Q8XO%dmh)GSWuA0#}WM0=6Q;Y{d`6Y~5WAJfmV?+xIbf9L3P?HTx10R%$6I_bbz
zZDj8q$8<GVz@z3EVIUK`apnX@6X#}5$!xj8Sm=<=t-=*dVsV{p*6Z~okFv~IQz{64
zK746%Qc6uZd|_wC=o|=IJ;q1noV1|KA^3k7dlRT8vUc6Ss!~ackU#|!CK)Obw1|L!
z&;kuw35g;&R4{Qy5m6CsS`-!3)=DwOI052>QxQR9oKagvZ5tH@+5r%>+fQvp+m3YW
zhl;k+YX7(WegC`ex#!$-?p{j<*MbC$d++yspXc|irJeCdu%j{Hfv>C+$2Onb39oi=
zg?-I--j^F9onqoOPG;9Ji6?wwxNsmM&f;_jhU@iJfbhP)(z?Gw;9@q)z0Dpf=apo?
zRa$sB1*FYd0Og$2k}&VS%v-S2==5wBIz#=`246fSf=Qd#6^@XWl5l+}7rBXwIbu+$
z(cfU?t9gsmX}V_S>Ph5UqhfaD?((2uhv4AN1|)Gd!%$1<KnJ6K!iwHocfZnl=e458
zUg|KalTQygRf6)gE{TCZ>g7{FFazjj*C44DVWjg#OiKOp3G>jU3+NSv&lb+0YWX`$
zfdKx$T3(ckZBrqyo<B30*sRxdnR6r6iIS%*KD95m_6aikkv#EDv=z&$N59rD=DnAp
zG%=a}o4Kz3ufE;?|9AgNAClFg+{h;;(uD@<ds|cmu6Nkn0Y`~TZBdzk!X8HGSQ2M-
z7Ux_y12zZX!dM`J|M%KNRTH*;0*YZT{_DCA=)-_Z&*0-{Y4G7x8r#sKiL~>n-D7`e
zXN_o0JQjXLo?iFxhSS5kmx~T>J@aN*&-mk$=hi4%H{mN<(9@&^_XI6C0dIg>r-y!_
z(`Q;Sc3WqoWH1&GxyUdn1EV5(DCK4)?(-$Uw`P*I!|!7iqqaeDYq-(0vJqrV@bfy&
zsB35YV%;ZFu>=!d=abZCf=eyhhD`fbE9@9b4(zS;><|O$=IlXPs)5H|>77apK3v$z
z`NeCO(-KcTKN3~HvwJ1WF?W80(KM>mwd1gD(5tOv;W<K>XNOkL-NVJ4)Hvg2=<80?
zY^={e;&F+mLc9aEjhBv|in^<JWttP3th}4?G_*@)f#=ewlW5JF%Eek+Kn}<U@~lwX
znYnSz&i$9E+$MJ^U)I9acJcDPm9~PP?pZg!8K=`vTT#j@&+CAqr5PfCFu80zT;!*0
zl)DbECXU|w<vq7<{Kp7uV~@k^_o78bI}51BSZTI%u6ELk$3PI1dfg(rysRXK_Fe7L
zRg_;@;q2}(pY)MKS9Fo%_-_Wk0gbOr^Px`<YznDrjbab$oG^HSb->({n<8i4k5n`}
zUtG`pe5aIhaen!=%xQrH<;2s1v*;G_8uvrXR3RhE&5=6Nq|5@hxGR4csK=G4_aZ9m
z-d<-HTU9-8lHM&5puRe&EjfcR@zo-^J9f~ii}Q6VOlW#xXX0|HQa^`^c*F}5FRK!T
z`-#>JsPT5l0Bb?<VYd|u9_#uO&1-9f>sLKt+je1u=Up@0SP0}0R7A8My1beMnmJB8
zc@gc|ge0{~4~j|gqk~50d5dMUT~tv3j~@b`pyIrmbSC~@vnh0hD8TLYpg<kAOI38Q
z3HV>VIRXEgtxwNRU(|25!*;!cKeYd+&w_%gc_e|Dq41TvJ7g|b8jE&0q*>^=F%h)J
z^TI38f?U6p0--^$-86ynPr_!p53!TlrKyzS$4T(&HQN;&`y^bZ_Ifv@*IGWwk!6~e
z>G1;5U{}u^WLYP|sOH^0LAm6s`Yrn=a=%YSO5!p%8xGAv7v3<HmPG0b`uf$8=mJZg
zs^7-HppJb8IE@=p2`!Te^C>*9Py~Rg<5ug2zko}}J;}m}1_w)byWyw~4}9Ow6<7Ww
z9}7mn%IK1GYw@Ud&Tw^rns=@VFfa3lC9wdpjz79D3r+rjn}1hEQG*9;(c)*<9<&yH
zN-_l`{sKfrf~oEGF_rga@~3A11I0jqFB86~z^LtHze@%VZvgqP&-Zw1u*`n~z(8pK
zPh_A%76)>;BVt@gMTG0K3g?Egz<=)9t<Ii=qA}<#9TW$H1dY`nONSmz&Ql2v#}J9@
zT|4At^v`yuvKV1z*c$N;OKqWetX6_cMz~h;zDVI>-rG@xNMhZxn8gQ^(o7~{XyzXG
zd0h0INNPcAhLZxJ=Ghec0*p&%W>D50NlK4y6*=mRwQ9glAe;Wfz|SLL7}Ec4LdVl%
zI~#*mwy<<luDI}GuqH8m;42`hy!4*fl4B+P&uoJX*EkUf(DjJYu!RtdvDO32CV!B+
zjft>SpPOgU4o>Qj58b@1(A{TP6r%2~K(5$4B&5e6gWD;pJVqmWhy!kBUvF#m1vy-`
za})kCxUs5tqLHV3)Uu`wVy%?Bs_2~!69ipHQqiyU6ytN%!cVB=7H&sjsr~=n<xwEC
z4rw+W%LPA128!)7;EXy~xN8X2S|P3R0B03R+;(u<pg>rr*8e}K=}C?P*Y64^>Zz#-
zpnI*xbrr%lVO55Z25MfRsD!Ga{Tzc(fiLZa7@QnTqS~uvd^ZqhBA+AXGK8SH<Mnw0
z3!}gXNGni2;M4rQJU(-OK@WybtOMNNM$eP@p18nq8_Kb%y2@s!H9i-f9GoyerwTN6
z?*6#&%Lm4TkyBlWi^}q;Q<cGS<1BFR4lbfUljQv2I}%=J#EUCrU+yHCFDLzuC%Iaj
zLubnoDD(r%7xCcRH1>r$^;a&jKnT;bqb!^-kpF4yJZ^1Af?=4BiV=Qm=kqG4l%wos
zBvu7UC762!4@N%VN)vSadaIyZKjD2Warw&h6zlQtinIxokhNFGxa4!t%qiABQ?`zl
zb;SbE9T1k;#bX0_M?fL)S^>6@s@<s5suU4=vQ>IcKPt~(p2U?6sWpoyhFiUbbJVkH
zP?S~$x!1uj=J=8PDu-DeM^7pEaM%?1VDl4G$|Wrnzrbvbu@e<Cq@j**xvl(Q6og>p
zS}<6E;*Tt)L1ghUgY(&+5S3m~rJF#!Bulb);<rjHXq=HJ4ap$Ar*PDYbwRJyU&ZPB
zeCy?~cQI3@?8+=Gb=A=0bP(8nUmAvD1N|$Bh97*rkXl^q9#2mj)`Yu0I&6c6UFUiH
z_R7FPA9nKLiy$>*m0VZulUISaWwOU=)=32b%b_R}fC!mo=ioqI$Gt0W$bmz(QF@#=
z_h_#19iN8qA8*?R&RPtOLUHB>dtEr14t7a3@@!pib0xk8TC)EYmF~+jcQ+rMr2(#@
zdv;J0Ponn?B!-m8U@*~-C#3>jzXcC62RthqPklw&(Q<g0)$|X=4}EP}XVS85k;M+S
z6sR^!!7%Jg6T)1y3IYmJ4IbV{k2F?|giaXN87cZ^|D-+9MbcTtr_`7@VRYH>e$TcO
zp1itjP=qCYkRflh@ru3kjruisTCBG?Ib72=h6jRDK%P?gN((Hx)r1b-I5pSK8`ijx
zidqe(WYEO+i{6`;i<HG1b&$E|w%xR}9fsB7wo@4?>Sv_Spj^T2Z)ZWsC<B-Bior!v
zGM`JvSE-G`5h7SJJ(4<26e16=OH&33Y~r^SPLX@Kk&+CzFBdnjwd{Mg7!UTWmj3$C
zqLTm?0}v-Y@h^SChVj?Uw+PbSQdRAhHVB{iS`7_w8}!P+TRYRP5<aiM((bijk;mSX
z3W!zFldqOU;v2KpNfUm2F^UU!@oGn&Pe+vrr#BnCD~a@fdXsvFvB8^MhpKga&paZ0
zcIPX*aLR{@aa$6pA;KPdcutfR3Vg2z^7F`T?cBy|%60dzIXFoDkn#V+px&o{Xj=2O
z^eeh%GBhT<Lo_)Hm{V<gmV%U;%o%zua?PoCWoDU6=#(qXq1EM|G|jfGE}n3uUnZ|>
zRfiN>qn@DV=^Y%hJo%gPlq8Et0lMEXMd7eY`{2$iz%ek%!MT^%gGUwA;^4n(1poUl
zUem*&lck{}?feJLBHr1NQEJqq>X=c_6eI@<#B_g3H$oX_5J;}RHDJLaCiNXbL~>i!
z16<G)gT7$LsD)}Mqyec~&9KYNv8}SR77I5jzlUn)q%O=A+kkrAbXMW|)I{Ga9l112
zpXA<lu0{1Jo5QnQS)SpY$~D%8GncG9jZ+41xZE&BU}XUluEOnTFhi}&W*S=Q96N6m
zG1EZ$o**UbMhC*{+VMUJs3=obW$5x|YH?!K<yS9tA(sg`;tLmCgnD<PpHfV#7v8N(
zDgoHDej{@QO56VaX1NQa)yZ60ZW<0G?lR~27H{C39)!UTHX=xQO3m}mrNs9TQBV|>
zxd?2z+`sSA|K~d((#a6Amn^Dp)a|n3B`R|o;r|D50@#YL%RX0!Z=YHcn>Ilo!Dbud
z9+@=GTN9$f{TpEXA;a2~|L(s3x9`wac_825MS+;P)WbG`qM5nuL3yL_6<bK914cFh
zSGbDdJk<C^2h*rDHSsIlhGy~+^WUv~lp|uDg4v(YT9go|6DA=oCi3&a;11%U`GHWP
z0UYZ9CTvs8*O0e{jqTCSD$v>g%?&;~W8$9Bb5jp+#MM`-qbK_e3zUxb)#rk{Tk1u4
z<%{3CwNs8!a!PK1BP4j@Zw6VrV^SSa0nArN(>rl*ACOk{Vg}TD1c-n$*<a{U>x_xg
zE{qKPF~t_JG<-jGq8sygaqNyo^knFsPA2*d<)gBRa<qZglj@PdCQME>dRsnhQfz6D
zI8(RU{R2+U0|6xZ5$&DD7KJj@gvOj|pwkmlWuTq!;Zy1prfl@?b6ua^Sz>VUu)_=S
zh~-LM$j>(%{HBMd_#4Z<v+>T>1(8VS^3wz~xm?jgk3?lu7On>s&|SO4wVInIb<XF;
ze`Oba_0*Ku*2ph|8}#ac(<CC!RcBy8Mu#{JUTjncHxom*s=unIi*vk*<C0`+0BvZM
zt#Ym8-+KdOIe!vIMM~&}<wVm(CFH;QfYnsL!Nr?9efE@oRtgh6XS>ZME7m^f5{u%E
zg-3zh$)28Pb!~gb{n9dYq0}k*ro*~^a;&}2uzz-%Z#CX-=0#h&scjtwy`mHvu&D(K
zzD><(XckSwsxLH2CA;kPQ`_~F`|ajJbxSfy3avKh3)7O|=lywoRV4alN~5P^PNht;
zEER9~Grh{aIHMaAe#_+KQr&|y#xcEls>11$)RW%dPZ+Du_UBV)zq{Z7<owj{GW)UC
zLj78MkYMX=pigS10?xi8(xIA-qC`nMH~7JP+i`tQA@cp0!{$Tbt620b7pBgfQmz~w
zN{7C=Rmt1^i^M=jf2sqO6*4db%al>v8o+=g>=GY?+x3SwL$TF)N&{%WC3tt}RsNs7
zxhbZoE~ftOT`p2W55@ZRfrvi+25!}9paNZ3&<`N1$ARAO`~}(3jy!b)3>N)l#12;m
zVc{zQ4Qfy?<}qUo7J%_(-Y4*SL^o<hJ2a@%mh;^?9QXEo4dN-9MSnr<q(b_XNocF+
z*7aX(@G1SLay<t$t@qKYTT+7{VDuO>I=2<tIE5<|LMaY=!@b)M#SuRhHr2zYm-AS(
zx+V#Y-j<({a^V0mQVmg=^SY^Bw{@D4SL?cX#~zYQLQ`BS1h?7HIKpqfqn}{?TFb$?
z-P#fT=Uvx<4c&8n>?;~-HtnPza-&16yfItU<!{b!GS&zK;jKHfdjY<jcgY}q+{p}2
zU>>sbHa4rydVoq9Y8%*~8-A4f3Lnn0XLx{_7tz<MdI{Vp3C?=>K`d9X`<Alkw?pkn
zV_?gm23hdJVF6I~e4x-gwwUKJd#HzIlM6w7$vf2ITiw1wsy8EP=Lq)<-XR;KUYU5z
zDL<+fH9k`N%|4}0o703M_0R&Hs<Q_x^wP=PZjr98Gx%~MvFuNf-nP3hQM8k<ati1&
zrktdGmM#_LP|(`5nXKS^mg5Be>-3+{*{F-z^ZPlP4bRkA&r997;k9N^DkNcf6AURu
z_aT=<B)U}rH;gs77(WL-qZL?~3B*0Muo}LY@Fo`OoGxhbj%H|?p+g?}xE|T2!voy+
z5KxC5qIvl3Rz2@jUt4hLiZd!C=sHzNl-y*=)OxMr<8X2r$-Pra9%m=<$5x`}XF+Z+
zfB{|2{|id7>~_K6KZl=EuP6nP*~8Wl$wVK!$ybiT8k5*G3%VKUcCK}Jt}sfD`Ew>{
z6u03~uE$3@hV1iiapT|D>;LekMF*V?t9h^5FX_&ZR~=+BnW@EUr<WR(mt2c3jV0%*
zltXQM#>$}I-;f?^UTu(;dZ{zw1{o^l|L2wu=<}3m)&J`Okj9!)gx@0UB_#NWTB|AB
z)~_7*yJ&%z6}pfiEh9Sk7#IM5o6D<*Y+^bP@uHIYao{|ID6&rn@Pz?ZJnEF;)(GVO
z-bqf_z{1Z`9TbIA0Q~H4ZoJ$%;%^jjAuq8OI2R=TGDB2sU(WQiMYrUV?hX)WUOwxy
z!tIzrH`i*b`Y=mm)dccR*b6)433UXMe-U*$-x8B@kn!BSg@V4(n1$2KvIaV2a-m?6
zUuICBu0s=5g&Vu62zng9nL4;Gi%Ia~qq{EDI&Z)o6_Rle?QB`{Ui9rn#i%@)$GbX^
zXK>I@j}x^s_BKj8_!(3_NZgsCA`f)2(N!A?IKg>-KC#NPoc*B>H48n_Vh`bxU@jL4
z=-X=HMd{`1dI^xpLA_Ws4GU(?k)vtekGep}xXzmne`gep$V!8s87459(VYGm>0Y5;
z^SwnC;_PREv#T~CH+s2KU*ED4OTUsDglH<56BknPV#vN%`FOwP#MN&N6cAxN{!=CK
z$u!q${bdM0o4L}SM+Hpp8AqA!yJh!KRcdNbqta#gsH{(k#N!mpp=Hi0rqr{|PCgJ>
znPm&8$d7vH_?JHe6`(d(J3jBDhHrAG;;WBE+66=@5{N~0lhq!?C)RqbH%YlJ)SQly
z<JzvpFl@miJLF9pxP(4APC8<81I{maM&b#n^qe@E?2jP>j5z+dQ21JJU_{#S;rC|$
zZo@({g6cmeBHvXi2afHsN!3ZjmgT94E-ToiJfBaDFCGo%r9D?!NFv;A(9N^lr$a*X
zT@q!7N@)@wtxIzL+PJ0^A9FXt`{2TJO7XnWG1hAQX@#1adGVk2D(cE6hiUS7hWIY;
zC;V*Bj0TE`UZyIf&fk(}`#G4UzZ#rRf%|gF*LzLqj1Oz?^XIJ1N?9{ZzbjEZ(Hi)5
ztIU?uzKaaO+HC!%_X(uDJ>8$$!hBvB<h8u*t%l)lx`aaG%ztqENwL=pR_d~{8u96~
zE|@I~v100_YESAAqfU-~PppOe9}xu+-)(+HLA<*e4(5ie&#mM_S)%I{ATi`$WMKYk
zq=%C4`UVF|%x>MtlPy@k258CcJz&<rdWV1As&*YV!B;wb%N6*{5UON3fh|3$F-@EB
z#Kx}8f5%PiE0@jB@0@$kUU=68wbcUp**<N80&;j^MY}ST#mAnSh?msqyyYZOy%6J;
zyqREux6E@?B=kGDkP4Z?jh}Dv<=g4uS(`hkw6Syd@wIar>gp^9Rm`+El%mYde}a{4
z11eqWtR)pGI-%wbsU$OdwBpePF*>oghM3k9t6V?mI$W^p$5v>AGjP{1zb8TNmvcH~
z;T7$z8p!KCSCWc*o}~?7^qaMDM52AfVm-cjzYZP$mWD!-?22^123e*B#eWzZ#^ty)
zAYf*HpeljBeHgSr3N9I`xxbPTcm1Z3_FwD1!}=t143Gbg6F#4}X0Hg1h42QnI2Z)y
z>5^SwRLP4VlNatYC|qAA2CQGEEK4zcf4fU4!xlF3SWE%Aj^)dp@h*$krO`K|&^eM^
z>Bsns6*||gb~uun`;?_$w#xFqW}!Lnh|wxKy7DFMJyl;xdwUY=`b@DFdZTWW)=szb
zq8H1>Y@D3;70DgxC0BdsQiT1ro&|prTV^I`_4keg?qw}&d8JjzabY={VwOK;R)DbR
zK6Xq)Qnp&`$)Y;Ak1y{1(U*w(KqG8;dPl9@{Qz)qOtA0W?*lTes_s(-fIZDeqtfjF
zRMqGfbH5#VM2Fm$sf4dA+|>IJVY+a~AT>2KNR74?bbuOU0o-6lSO6-=ruMW6ER5BZ
zAuL21;WGpyqxHzOEEB+Wdpt4CJxK@u->L+{?4k2%u}X4U$eO#&1;w4rodGO11A(`<
zLPy_|9NanCw))B)eyaXyCOv$iP9|uTxiAjQg|&hi^Z%4GVp#~_32`l;ioj+;+nbc4
zs_Rr5NV-4QqLqP2beXdX*MI?Vqdy<DqOm-JIBLS&!4dI!)jEkSaj{Bnk(x(T{p<8W
z955<VkB~WQK$4-FhJ9KzY7C!PY2B-F&Lg#g$-M{U|8URyA~pKV?FJ{=z)?}=+1Wa`
z10EmsQms2yg7OV=?Sz^2VE3hy>VE<Lj413t7jAaq*YP#WXWQ@`DgxDrM(oYEo5WWe
zWT9xT7IKvhb1=P5(hlgyjA%|Y@*#V_1%|fR3Gc27#FG$u?xgjEKL|6stqz!ZSrv4<
z3%)bSFiBPiW^nk#Lmkew#0^|rtj-WRSTPm;u$ak!uXGjkj*L3axmM$*8zNC&D(2;v
zIgl=-nn1^FqL;gN%+O5ka*I(iWmtn$gCU|jc`7r>9(Ss%%6^D@p5wfSOwdlTiERhX
zTb93kXgLmgFGh&>+bas@^de4J5oBJVe!AMAZ-&6D7iRidlshA8CKBtuMr9x9NV#GB
zE|n6WmSry%|HPNi&$mjtLims{IFku%V_X9Hr)2QUP4w{|+UrLL`x2AhyV}!bf;L33
z#}p^EF^SaNuW+w53cLTAN~w7A75acV^wM~zBG_%Twn%MiSmzw1pHh&{`0g0@)Rqi7
z+(TzuEO*W@W(qv~#-0Z&TD+$>NdiVY%&8!Dgd3bo`FGG8r`Y<<)b}{pW8z4I*M=_h
zK;DgeQl~jG^~kw$bv$vAC-`b;X3*uvm1Jf^hhYA$JKDgz4v9BklG4kW@qCr!PNgW<
z!IizCSHCn&-By3<MWH09fj*F<m$9!hxaq46k`<-XpIpCGPQa)GZyD0Y!282rQJ!Zz
z_uG8d$x?3IVBellRr=SgGvK%CO4#%R$72=$2>H6)8}D95j9*M~U!{SUNgf}z5*56M
zq^Y#cMqP>rO|x1|SD`;YHJG_Zk6a2^L}vtT(&0H*pP2T`)m~TD0vqR^3fYC+2lz<f
zpjgZ_3J!iXCUZaEy4c`(N7ZFOlt)d1Emm0kX?i5`2=!TJT{|=ra>EXA1?%RUu6lMZ
zR*(H~rb2pfXtn<E934*bTQ$xF8PdH;7`0HB^}=#6)nYbvsj@8-Ju>=yQkh+sgyb62
zM&!`0i;$Nog-Jq89!gX|@u?)oL_d#c>#{e&cvhdqD2TnDyCReIK30crNn@i{S1UKI
z3)D~aUt<m2shbw14T_J$HHu4h<ZHn9M4KmPs;LF_HVd4#j0m@yHv!~%fc|ih76*w_
znRQMNZQo4%Z83VV0#mejy>FEjZ}7!6zekfnv$6ihg+N+(^r?RM#shV*-{IgJ%!7Tt
zGF;!#I`Z<yeGO2$Fa&Qwc&P~2MKTSifwXyOrudDu!W+Z-Zy{@vU2k#8CtDKpYRZyN
zPJ(OJRoeoiD@3~kL|pn6^9kEx^!TpCkiJ^4^lN$cYM*?Y7w^qvQ;I@-9VEoC-ewue
z|8pm@{Lj&NFM;1ts}E}|e5(nSXaxb|PwHv<w=tHYga_s-bfy3wW&JJ*A0#Tv@TfJf
zh36?ZUgwqbKeV7PRnRsnonaPJp)X8Htw^I_J(EBb9-nK_uZ_Z6ZfDVnOIspf_BLR^
zCDkc09lD-`!V1Vf{{a2ua67AA<E=U{V5=VasN%MHM;t)DKiy?osp0`wEzqli+qC-9
z8w@E_)|7$>BphTK+JZ3tPZwd9qhA}M3DgOweq>H`C<p+w3VB*VE0hIrIREQj{vSSo
z<R}LJV6WM2hli+@wxHXM{C3_xV`5Rg8<TdFBIM|*aXm(Z(QIXtb1(upYcwSIy_W`q
z<Wwz)6qNpl@AhAO!s`V2)iNMU1tcoClm}Q%`B*`wDcID2sKB3Qp<GuW5(c;op`!_+
z#KLO^vL06RS=;k@u?uQRsT_Tri+kl7v5H#Jzh=tnTv!W_P|tTLiYP9X@A5jSiU#|w
z=avfkq^+@k01L86I)6?)81by(Mx9})C?u@abmgG=*lKU$oMhA<#gRzStOmUfxE#3Y
z3H8vW?tNP5UMaWGvje^tLmltn2S2Ex)9%rp#!Z5wb_gV*x<6r$aW$#v48U%QmaMBI
zYMxo4A#HLh>|;K0u-?Kyfr(92r%iC!NF6IsWgY_R%9;&PX}eMRi3`{9v@u2ev)+WL
zqeTdiP0vRO({F!a@NCSMWC-F92D8z#yKL34N_pap9rlw`bLUmaOBMk>WmGKz;SPAi
z{-2;Pxf7_t4heHb2`LV-Cs5f*L<P|gIo`7wZ$$QiG$%v6EXuO3bhf1pSe0g6mx)Ja
zZK6GIqLJdMhKU{O9Q>c6inPmpInJ=ksubnSN_gi;t&o+J@%jA{L{%GiX;!qDsSQ1L
zRjE^YfK`0uLKkZq45JWp(F6&Cv+!HEe`kdq#G)a-xZ-M{F7uJW?cU>ZQ9?;rG-nM;
z)tJM=K4AlKUUI%l;TA~_gz~JiINW<?1Ap#JjSW6*4pp4NwEGlEUF^|MhWAQwTQna&
zAN-ZdByHdm+iveb_};@NbDp!0RBFdVuMM7KifMkoa-Q_ob&xJ`I4WUO=Ecy}6QqL{
z7J=z32o1eg3WfA`Q-iN@hZMhs;laZuPyx)Z6-u%Hn+yi>@wVIFUcKR{6xL)jEv^Q^
zwsTxm{gbT)WkamwM33_;M^^b^ZZREjO_}T)Ff1+`BE`^&uc@!%I^;hzNTFLbEuLQA
z+2FG~Qu)w10(x@(7v70u@&Vc?&%wX>2ZBpGoyt##0vejr@JZhn%(L|i-)*n!Hh5kA
zx{@vH1Ma*}5bozIdu<XcQNI`H6GL(Z(26p#?bq@(c>SwfS(7>%cw;pD?Bp{#r+(y1
zYW9)xV%Bq&-MXZG;zjRaHGcs>r`K96LA^GtYqbrH-cTOOMElNd;JrIdnb5rZ>Ms|U
zv>H3U*55HAUq7^?(QS=;;5E(VSVDN@N5G^y9iv&dw6kLPfHsTTB}Pc=S0f?5`Y5l$
z2?nELyK0gYa=mJxk7u#Tbtq4y@(jx-@Z`Us6Ir%|-JYF*??l1%SzZQ>czce{YsV>y
zh3V+^SoQHtZt^^X8wdnA)Z$rCH4Lry+FgGYb=GM_dClSzZRM88UNFSJb-I<3HWK)y
zC${j0yQz_a05`ntvfK4s<l0jWi+|d=GO57L-_yTU7wr4M0fpzxd!_ceDh2<pH|CDe
zxeWG=QB>`}+$x32`Rzs*diY#B7T)O6>iW?BZ0?3<M(CT+JfdiQFtB^Q`<~pBeAlEE
z4_>Tuj^ox*X&o|R>#^Oa8_zUojLl;Z-q_FWc~2qq{m@M`@nNK{?{x&rb<Uw8TZp0)
zJLweO>sr?DsV-q=FR;R*7`A5_<E@ko%|wm^5?s4pm*jCvJMLNRLdud)OuXDpg~k4)
z4yHb)!uQQ<2w;$kG=#KMUF_!k%@uBiJpF6kly1HA#XV7#L$+HFy8V8c6J2+)^Wsv`
zPXS!i;Xbnd8#Ly1{Abz}@I)AA8^5<2XEI*tQaaTAD^pvPZw9yWZPj|<Q0`e4fyWu#
zqzU+ZQyz72m<-lBN3YKWJ(a?lK7m9kw7OEJe;QicZ$dp%^m`;#ia;~SJy8U)b_&I`
z@_Fs|3^?}K;NJJG!N=`s7ZBc0-5f<_5k(Kq$><FeWWqNqSl+jZo*&2LS5Xp464rNT
zDU^06Ng`zVJL;{f#L7aX2SA?g)6Q8S1a~SIQ^(&%*D`k~s}OZF$xhr}Z$jgPnQ419
zP8Y#=7o)*t|359Lm6E(t2ivlMOkm^!n(`S@DVqDIgYy<r^H7k-#{OK1fnspUu@G(X
z?xveYBjjqM1;t5np0Xto7{oBQMt3lS24~p+<S)=kQ3xTK?!#=QPZE|^S4F)2WiltK
zq7(qZYvncZkJ|zs*#4d?2%T;HCV_IXl;w!hMxNzgM-C07*W3|c5~J1i@)0r}hM2*u
z0f6B;&|0XP5UJc6Q4Jgt%w905BbH4wYv364Zx}NoZc04-qi|sLqC@LMw<N;owoJWz
z2T|=VY?|0)5NuIrn?9^J`v$$D4!9R!7!m};uA+YKb+)p*PcPJwi|;&PE0yApM&1Z@
zGVe+~T*<HDy<bFuC<#JkzvcF_qczBkM##0D3~4sRi^viCwxdXVq&nFt%shB=2h@7l
z<}Oe%4-!K<i*VU8Uz|s9Wld6O!D5}C?<S9A5x9sc0Qm%oC#;9ZYfI)=RcVC%n=V(C
z%s*BbHKIeNg<KkV-WO|lsUmA3;hU|OmtqTSIdtET#+FFUpn9ol${UPanL$*Uj>zfd
zl}03P5~N<$$(kP`5OiT}Cga>jsVB#EP#2PIV4lF8bbSe8US&p+*AvE*?V#50dCDFi
zUFto>&I6HyyAmN~$bIx7+jYyz>$7^fN-V}2x$1;FBed8BEmkW^FIla{=2td~{m5C+
zf^e<;oE*A_)fVaZ+ByFtC<d;WX)`TETTdj+{}@4h-_T69n5*5FR1#tQi@YIP-gp%Q
zH(u#xE$3MUdVOW4C$l)KLe&|isoAmG`y~YzWwK1WG4fLgm_ouO0CR?l=gF%w$nV)t
zS)zgN=1$v^OH(X+*LJJ86N|nA4w2clqPy+ai10XEd`jl#+dEcfRMe>olJjkn6mq^T
zG6y%gK(Y#X<)DdLmw*n*1lPpiN%XUa)`2{wS@MvD_#DB3oWH9*jfB|Adj%~RaOy-#
zgM<*sTM=q@C4i+ytEtk(bYj1b$r|ogPCe1xg93t(3n{|+RW|i(Ij<oRjef7%tNEvl
zHmCI_lr!qt;b|r}^jot`qMi<d>P|21ra&?S-~ZhP0ZoN7!A!y~Idvh@-MNd_{INaH
zy2pKX_4yXhgsxY``_bbM8Uq%p_(Ng(0&K;;clo(pxqsiHV^x^qa$+3oO-I-ABJ&ng
z&u1JME0+Y{vBT2dT6oDyv*P)MNW;9T7kNKe&@k9MFViB;x(Dc$9ctf#9|>mVM=8Yz
zUlu@}eVvdHKi@=bmTKK7+WXbxr<P429egFA+3<Z*p*4NEvKl~d_WdnG;MPHl$CTOz
zpW48}F4KO|VK{$NAHvT@l{;JX$cO-exbq~P_+rry4f44Xxi+!teA(~{X`$r@`#xU<
zB#^4(4bmc3)Nt=UIwL{-lo?UeP$5ij($4dW(nS+t8B#7*U^w_%)8CLa$=z%4X%Rj<
z#0uv%7qCwM=$c8^tsOpQ)tF6&FKYv-s4D%ak<ptqY^jMdPXS#mN&lUAVp^NV0$|#P
z<0-VJ-yiRYu%)+Wq51k`4iu-O5y-Vk#=n=z4smeS-L-6nPmBil-_T?n$=R8yrsbSF
zrJPDsG%DBsw4zkCd^AqM`~$$2xjqRhXCZ9ns&b*Xl>uQ}Ifq(?@{ueRGm-4~gR<x_
z6Q!Ou-@H!TZ3%-d&>}sbs`N`LFnvKML_K8B*l-h3D+Jwmf+z-if?dkv%ho@Y+c9c3
z>3W|;C*Cs9u0O_N<m5I^@Z2!qTbWY^eta<T<rSNKswv&<QH#yf3TJ00k?73;r%WJF
z{bYwq+2~rxHN)8my*y_%?W>21{p+x)n5|YY%Io0@+B`W<Z&=-F&Y}A^7i_ly`xoya
zNcZ#sETY%C#FLNYv&!(Z3w2X%k`r1Jf`cOAKP`wwVXI{#Zo?Z6Sxrl-0Hh|k8LoBO
zRBB>-1CaOxBXv99)=!jb3}`lm{#uTGsSCD<z~DULv#J&p9{*$IA*%(a5MfE?7N{kj
zTpvqNJ-l^cLL!ShrAwVJI@d#~fWpDkIwv6vr$I29KMBeL2Z7AF?q8>uumP~+7<Re^
zQ(3B{K(Y!}D1)oDuvVtm2Qw{=Zuvw_V+MYdsD)?Gte1;NTUa<`R{Gf)^n_`li(4XH
zJ&Z+Hjx3_Vg>_h6;8dM1+HO42t`wULqH#SA<Z(T^`7`XH(0PG@k9(H>;Z1NSl#n1x
z#tXCU-H?kd44yawb&h8h#PMcw;x?8oj`6QlW`P`&PpUO*rkQC0N{AL<17X1U+~lGk
zUsdL6TR?>;0ntN7E?IC^g}avXM|JStQ|g=p3YxZ)>>vBep(=MO?UsHh=JGHLu;~fF
z7ZaY`^@z{HGP}Zc@`uua&DU&U#ic4PI={rAf76Oyu^ByJXhD}5S)QQ^o<u=YDn)id
zIg@9E*eMpir-eIqzjqcr=zhB8RP^>PbNWw-_8Dp!#W<0cC!Vh<$(>FHg4Sf2;%f&^
zvzunF{ox|JQ)BaM>1%;e5B1d3h7o9m3{p@FR?d=YJ!FRA*(kxW&l6O_j<tNsyRU<3
zapKg8=>Qtggcsa22)+g`#=8TjqaIq_+&w&zxn~G1NgFMfg*j4@;=@vRY`IJl$lvZ{
zC6=dN%WTAjrRo`5xkTt>uwAfrK&7bufkSW(u%<_iN7%}<uZ{TTgM9!}UGqFyNs6bu
zyHly??bapEiL^@uJ4y2nNA7U~fjVu{nqa1F@??7aCx1Uo^36CYMO^-e7OH=vhWrnc
z0|lm!llb!2g&MyZZys9KKWc_0NuWsC-$|3y{wQi^|6QcS$C}L^4d`s0W;4xM?yyzk
zzK2=AyOWQyyPV9)r`1_`93&Y1tKBwJX&_ban(gVh-P2qH$a`V)?3m}a!{$B9W^bM#
z&3M@JaIZgoe(wvMmobsP1EhO5+Vsial`_y}oIUpY8&Q(YJ6a^rU5c#gvvuQMbCp{=
zDb4EQ2D{xc4DYW)7^=7>g3k|>E&OMO+9a7J$3X7yN+8h`W{Wuh{?>45N9p0NUsUJ|
zHdoa_g@Tnv3KD*$VrTZoN$0LDc+^?s895Q$gObNuoV*qcp$^{r3F!{{6W|BO^~rUH
zvaIWBMt4x=oqEkhixTGtn6bTS(Z00#O7vbbu|VtQl=D66<kH;;{ZI(qZ&k=3Pk9|1
z3n3fiYIw!mR4L{2<wYicSg!&<JLHwY2}QDU)rl9};|*@;Gc35}MCR53zA7$kb_X4r
z7&gXiTlEi`J+VRq*Tn9^<R<lNYWax@Y30IV>Oh#DZd#OLi=!-caM=x+%R^_AHXPey
zUH>G4m+tJ68R(i*qaVJ)9QH=5PkgN=#u{aKv<xr3{-GROTr4wc(nwj2gIUp{d1O9>
z`&xor|1o2%g^laY;G`3%cSIsFk$_%hTe}kbzcoaCC4)ljSkM>}-MFSlH@3&cv^oCA
zYjG8U5y9|z*~E<R&tEYooLr;W@8Y))NVW2G^f!8=H0YK=e`FqK>S}}!7zAmJeP*G@
z2mfrh7cQN7LuL$4{#1i2&M=L($^H|lD9c37n=4+p(uN$IJ6uO>w6mk$Mg0O_Ev)eH
zTu1L0JH+i3&O;1_ey3M9@^@YhK&WS!g7xolQ~_p!ku`nKoqB<pu>s#US)gtiJUuXJ
zJb%P>WT=WaoFS%Mhqx6j;zAHhFrU@v0*=XBl=$-u{iU6fu>sPW2Aq-%OxvW<t-#5A
zJv8KNlzUL&c1!#qvugL6g>>M9r!mASi<J*WIq2CJAj{ETl>ub%Yi#vp>-s?k$R~kg
zh8g6Ki&`|7!_O&;^-eymDLZUT=kCiZlK6LfZIWO-0ECs40uv)8W<X|iqpNHUSF~ZG
zPJGirl)K8@O946y*c<+C{Qn<s)H07vMk$l?)bh>5ZZ{@lG*AWkiHKBL!1QvAwFfGw
z!2!gy0HS;*=#4Z6Cj3lU3>s(&Wuvr)|EaXl1)FGwp>dE104CH}qT-c$w7Dh@ALC7g
zg=f&s3QUD^lWB>9`W*giTR<nrB0?PSvv8nlEd^l%U^Tk2vEWDn!_){RC;D53l|!k6
zSqu13h4mk_XOgH-pA4Y_{C2J_epqdQE_^Urep^$27ATm0+as7YPcrFUwXQ@v-K3qu
zEwozWPCBV+uxn6rkX#LOqOyp>iukhSs=#xllb&xk;{B&NWDcA3n^{n~Gj|ZCkY6i_
z*Cem2Uju!$OLKULhVhnZVhiO3;nV_c$9=?z70e?cVO9|pFHx~9w%)Gr8!9rnl86ny
zf72kFV6mp(n7mnI`tg+3T8}|tB+pTy>!m1gl9VhFS&_b#L2GZa^2uIOYD1)OTNfL-
zrHkEQdkZGtG!!pSN+6DWw!`X_{mmt1hLA64PkPZPS^Om;Gtw}At6e#&yTaprgrNUa
zeahCh%p!gaaS(fKC7f*MY5h}nl3Bfy!+_Aflwa!X{Yn#*PAjgK^O6fiZg#OtDhCRv
z62EGg8ubB(9s?i){1>$41$%ThR<vU=wcy$^?%X)&=o32%1HJZYzbrWWDOrNp*@^FR
zwLp`xa%U3c+JB^76m-SREE%8`xdOb(NeA<2?;q6Ct7{?iUQ;j7j$E4e3LB_@VpyyN
zE};&mWux0=#*zV)IHLatIb|#&8SG>*11bK3%ts;xoA*ay!KeCQzQ>+OBZtK64JXBL
zAP#1hK_I;zJ4=-Q9;>p~?~vo2q%HC!un}F|W(fYH7cfMRzO#u(y}N6%+)TM$1dKz#
zJ`z1MSJb$l`sE9eDesH-+|hp5wO+sKG{>ulpaPf9$&Dd{l@7)w3UehKjCWzfNXl(M
z4-N<DjP5(iaOUSgSt-_L=C7?ZaLCo7Qm?D96$%}G%AhPL2haDg%@F<wMnS-##_UuR
z%t>d2z(!@At)IudBn~ZIrK9GJ>jm3fhRpetwt-6U;Buk(;5gvToX|@Q_T%$PUa3@~
zu3+W?#4UNeX_h2vm<#4MWqe@@^b0KYEcwDihn{^yA(u816@zAIJx)MB?@Q2hW}5c2
zP--XHJI=3#cl)DW)BQ)ex$I#4iVD4H9X;~Uuu+!CSB2Pu(JF@b{rP+&a{3I#PEA$w
zT2Uy{D0`gSk{14u9eH)rIN9t|0RqbU+4ecgIVWnA%McaZQ~xBN*qnV{I<`|_q}HDy
ze7!SS_c`)+6+9seWjSRCC~*+QQinn<QAI5yR#`0gy;NE`tzGZlozIoHt=aF=+X0DA
zit{+#a~M9UqehkjE}#6f<Jn?MoOA0b=M_w2#aYc*miL7Y*)Upx58il|tcl3#qNz!5
z?EJKrKmmGm|0Y!0t&0zK$f<8)h;?EnVYQWfn9-<sfu{|AqmJ(%YpXg)1D-`U#ZIw1
zU3v3TC&|m=B-vS}k*#oKveX(B5R1*da@`I;R{+ykhb;JYf(T26Z8}~D^b&Ax60Doz
zvTcz1u@+JVbIitM5cLy5wqE|BhB_NVdya7Z$v84C+v4WEI9J=R?}T3KHm3!JecK)W
zKXh`ZI?XyDvw9k88C3}BXipmk$($n)-Xtg%o6n3CgfiI{x?8Oru|X?ZUGS$}wsWXR
zD2i3N_sMm^#4<33inogRJGes;rs*~4lF+#ti`)CCHxEshSF)yyZz-4G!CaSz7kM75
z#mH%9JVB0J-DBV11e+zxYT<8f3O8xmhy$JM<`>!k4_X9MQH5A74-5!ytNq&?)u376
zNm-uRQ7_8+c@zCli!0BvO_l=0ox4_sSOB2Wtr#CxK}^GkD}J`xqnCbB$6$v_DW0#J
zZD=_@Y&DpTfOuWT_CE!xLpli_@>ym|k?v|alCz(q{g!Vq=$S%I5x))*qTmrJTE<ta
z6?`D{{P&tmfiLODNk-EKgvChv-yvbnV1i9213HBh=IX*s)zc($Obh#*privTv765j
zz2@r?Vhi)dXu5RCm5U%U4M>;f51HrGI=LaUG+_gp=>LZ*vOR06HKf(KJHz!!1N>1t
z)nUp!1gu+6D*!=gl7?X;4f>=U?XWew%r3&g81VX)t97%B8{nHtxo}auRC+>}wS4yh
zC2{b+KCNj#CC`O%vd9M}$$a<NZfyvLEW3!HrY8MV)=`MPvohVgf5J}%r1;-*GK-Gi
zybcZCiNooiLV@q9Ad*C)InLc;MK<QbNeig78|*n?5Q{SSu3bpUXQqmHq7O2e@bOJ!
zf{Dr(_9|i1BBR02h%r)ZP`z3^({9_Wo`w@QEzZ8zK1{Sr_joIPMpq!;zx>!CJAP6l
zytQcxZCdN*Rk=)-6y2d$&%I4k19moxh*<vCt*wZ63|EV_ISNjym`h2-$qlzQ>C?Yc
z!E>krKOdmyTOieGHZFLY$06Vdu!sbKZ|anSnRXHRbow;Ry`Y{<2oIav$<|*z@iEqp
zx>q^?y7`mQ7avE>XA;WdeDP1z1INJ0Rdw9pE!dzK5$APx3%xhYDU3d_2JSX+rpHfK
zj~$z-Y_aThrj=6lHBcSQ7)_7&8X26WQ3O_A2!P<3kFN96hGsG==i8#s<MgckpEci-
z%wQ&5MoxwweW+80oS#}czG06QJ@E}$KzU7@xIpJT*wkeu5*A?|EAs0&^@{-Ri$O>h
z?i>kpX>L=&8UD);Z>Vr(x#`*dE)C??fmwpC8r<e+v9J-n%Kgwdt8MKa-$Spd;<RbM
zx2v-|U)Hyfi{(M))5rgUet1#@Nn{4z*;Z(9S+<`@BwipWF+fmfsLgbDU@nw7(gFkp
zOEw_pNMvXYRCZ*qCdiGSZHp-`w~D=EDx5;cverbO-UwA=sV6bmJwqFO3;yMuavOx*
z{=E>3ntLh``Z!gW*lFS)ix)YS`s*tuM!(2O=IG13KRLmYV_{rbBR6>THTi_Z{Z>XC
z&UZArrw3)=*GwwDxD^^QWRqde0xiH^o2tIhQo>~ATCeY`nW`$cx2?#aanmf!!Woq}
zL2m9ul6bBZf+5tcafWeiH(Q8>wDXPryML&`N7){CY4|-)Xy<>t)j9u>qcu|}r6UDF
zd33+i8{ZI9PvS`~iTi5q0YgNH-!j55`k-~A;7}ksW7$@!_#LruuURpBMyqVzhE}Td
zpGmK&joA_GxI^@mV-YJwnCHfv{YFZ{4{C+_PUZ-~?3W_A`p#RbG|ziGF=A2W55)SF
zm07Gu*7Z%}`p*&JOCq-uP|M4wCMT0Vu0ndXJ+O?95*iaUW22zNMG0E#LN~p!zVb(6
z3MF%k{m`OuhCgK6cl@R?h)Y<!f4W7DLDxasYQeo<&~)cr3+%Sutu)6p@hN#(J^Z3O
z5EWm~NHM)BLaya=#abe6NSBn}+QmM(dAZ%DZQ5OqhdwUS(;vs`bMXr~ZDzYuOjxi?
zTRc<QSnW{@E!m0l7K2n-roeqwq~TZ=>KtXS6qFgEC&aoHtqX!*<hz**g&QJM=60Zc
z;-wSbFVG8I8i^wS=yZpb`7Oy6NMrzO_w9-n&%q)+8so0;keWhrg)$&ZAzowELoK4m
zy-JrWbaY?9VY<qa>0kXx>`5w88CZ+eyc#=@jjg^e0}h=Vv}YrRMpxh_{X@&Rex>Sx
z6|H=4tiLTFJYNPR@$ZOXHO(sTXex5iWSc;nn~Th0Vcs9WoPflQF$WDHwQus0n32LF
zk^Ku0p|L$T7Zs8&Er3Hi6jQ>1-+$DQ&%ZBpP25hf)sq{2f=!E&B7_bBmIx}8c}s!r
z3w44h+O}4?)-_TzsVDBgY*(T1Bub4ES<<8uUzxDYQb5RYN+%a?qeoC~IQ9Em9Z@bq
z@t#<|#&pq14u+N>%29=V#>@S8Ba4c^gCxPpp~Hhs-D+1<H0)0r4{3t9y;YyXXzCz}
z#$^agoC0+wLFmDB9rVi!L0Ca0Po%Vg{1>fsr(6%L(_kUL|EoI%>!?<!6*^D<Z$RpO
z_0s+$Sj*O<)%^6cX*a<Mb35jaTGqSRSmc_Zr_I)tiEHRid(|ZM=xL1})ZF(RIPrPk
z46!@MA2W!|V2{%4(-vx#B2n5&#5!20UR6PJ3zm@l-9_&>55e)pbp8Uiotwm4tqpf;
zq+?t{UhDM3<650#`8)Z8z_qBka^d)3Nh-SV`9sIR&QVFkjoILCePg+)!oBcRxfOZ6
zDbzvEYx~`NdcE~SDd&!Pek4;KWDXR}vkIRrBCF7n2E6G~zCw6ex;QQTg?i4J-4=9M
zIrqZF!i(O(*RLAI_}+COyX%~L3pHM)V-)&5`1Oyt^F^lx{vT=mq(iOlz1)gSb5t|=
zr2M5_dDQliPYIXMdk5)~AZ$576Y#U_NOkJVN^4MCS5bv7_yrAZmKpjx*-^L77Ur^7
z%?v0e^h1)YX22LTIWyJ@_f$aN4AQ5uN1s<{tmjID?sOX6haLg3nB0Okv&C~gV(YVN
zKNMc3l{vk$k_S^7iL9Ua(Am3|f}^?A>C5ZO8u)wGcy+7!Q8`a+bsldP(9@=mE`zUj
zowbvKcI}|5PVOWi{P{cB^)hKJmzB7ko2HV=qV|nZ)86-PRWd<g>?LqH&$pGlTyI$u
zh(6k+q6LKup0W+o3kY_Hj;5Usm-Z5+H$rXaY%=xwUF5*AmE8T7wC;o-i4zkHi0Y|~
z*KMQZ#1(r95aN&M8Rb;`ODp0TZ^Oq|wbiLiOBZQaCiM`#n!2Cu;OVvSB>B)xctcDL
zaB#rov%;Vf`BrLnL*3prbL6!!zUr=NX?~R2DXT>TNs#PDkcNpuzj_#Is;~R1M}N7k
z9Y5KD^sC!Jn|>9kJc`fNilA>II$53WPy>Hv&sKSG!Jy<PmXS3MZvEt$yX=-rThCDY
z1%J@ae`GooU)viGM26RE)t@X6$F|35EGaopx=idU9iCMrOK$`7&EX|ytc>m_*a8CL
z??X{Iua-Bn6olpA!$W%Q@a*~fK{h4W)FwApFPz5}@98X5Tq%;x9NR*py+ua15AAT2
z8VUq@siiCMv5C7oX>Tl&YKHn<$5O;ot$X68-6h8FlwnkQ{efHq^K`GN)Z4p`8=uYG
z{aNcY=R!Sn@6Hw$Sfz)m_Ji4Pj;JU@qw<S42(lIWeow9I6M?9IO+y9L1;4I!8eCIG
z8$gQPhtl!=N3@&dk+qorv#46qvrv@YQ;SV?0a3jM<hj+UbinTNV5iV1JANyf8@pgg
zEK#)UJ5kWIfMhOeT{fHk>wqwk94gKRGx<wDwZo(7q?vsA=s?^rGh%kE%|5q-US9$H
zb{f^(i?sOmg#hU<S1p!tAg)mGlGf)srSp@pu|3o>|MfOo+BL#c{ArIB7GYCgy|)&v
z{+bm{+k5cWCv0L<DX|626Jyz_U3kzi8OXU0+*X5#*Km{mg2rqOEFJcK_=SL!{M`Y#
zLq!&X!1dt2AUA9AIegegZh9r8JOzw3&#b(arwI=mbpds;J8RuYaFK7sTw;kGAeF8{
zf2q7t?29gJZH0^GGvB+{27Smks{MRa{2#+Np<k#+osOz=BI;Df+svz7qja7n5*^;>
z#tVy1m&D!GgB{#Ez7z+EHuzb>U!|;h&sG1Xw>pK!wMb}5E+znG?_Rr)PKN13M58}S
zW7=Rgw?>~-`I<W8=W6|24E$FMv0x)>?MR#fQdqbfQCgME)q=n*7%EJ|sc&>;DbH78
z(4{gMiu$!L2Td$6E}%Z1qkY7ayMkuh`5Im!NXh!|4gfH${(FIqy^$)!>aaVQ;KIu=
z)3|tja`=%Zyh5n{x`Aim--ls}9x7r1v-;mp^Rt)>>IRhuMIEBm1|!CPo?7r*_<4Y2
zihNd$=)LifdW0UI^OTwP9TxB-QKFw>v#H*WANVb7{tH_88xTez*H`F_Gpa7iGNhX=
z7T%Y3_Y7TaRRe&}rXoB3f@V>}7PZ|{K_X^HUX{UrWUl7RJZ_b{$nwYv2w|)Tc!4~W
z=4$-#3B<83o9lrmjB1)0-iaJGC%Qgm&n~8L?;c=4G|E<;s>gTTZUtGAp4P%iP`$S`
z;l03WJ(~ftW<AH%>$4~45lD+(7Ctz+MpP)A8wv2bAivzpmZX>flCYoUB49=m8AZDA
zB2oFru?F~!%I!sr4P_FW`IGbs855hdZ+$N^ztBr6bh23B&Z0x=dGES(bjp0vRMs+D
zue=p1G7UImV-i<l1*IQUUBDB0+7QqPa55b{KY6WudYgIZ@djkxrR#{+&xKv*+g$Zh
z+poX7Rh0R3j}}JPn?q(QTJc>wXy=8EcYt;HhNk!my|01q0TdZyNamA$&4;{?q#JL|
zRIaA#b87GJw5Qp_Fky&Yk#GbtE#dr8_jA8*CHF5=_S+nLj3kE)+e^77ZLe^N{6d{x
z41lipH6pc3u-VwvK?da_H=3l$UlP$@r00I7zQMf<W%eq;Sl0QAjjy!Bo3^IPzX@@-
zD!wQ}ZrDzQnqA)(ri@mZ!oH%6@IS7(ShT_gU%TPsSwNt0d-<@rkhzcie}ugYR1@dF
zuRoJak|Ep%NVo|y2^WXRU9hOAlaMG^nP8%zf{3UHRl%a7wK@qGLl6xJDtMbj&=Ap9
z)T*de6cnwt#Dc9>TSRJ+sy{DSm8$)}_ILK$|8w@<=ZtHi!dl8&x@PA6em|e*;ZUAl
zoqL?JupsRO;|?+=FuqM<0KAY^9Keja!1G?^?mk4hS2#v`VN`nwn4s568!uH`I0Imb
zKT1u#a(gn!X#IMkhqSa$zb>*+npFUdB6GE{X1oRMhL4{V@abITbnfx}lF`if{S3>K
zpv2@i`#2OfYQA1G`OBQtx{)KA9l3b@k8-hk*9~^aV7&~sj8SlE(v*#bQm;wHCgYA=
z@Q-~ilLc-4!vdNNfm$p#f0b&>?<c(3x;oas*442xac?yiAF>uV?&{ZsTWtIl?48E9
zxX*!!9P+)dR1G(&V#9kP0s~f+av@g}k+fDUTCF3Rc)OWgo62T-dGPW$&aYRIg`soB
z#ub(-G&rKRofAhoScB*bZsQM$k8K_Gt^XWj=Z0pbgg<+mX;Z+l9Xa8)Cn4=;p><Z(
zEK!e5F;F2onxG#f5|;deMPI|d^Bb!p)66=``jIq37gh|?qjyNhJ}6=-mTSAlN&UkT
zUJ}iAFqM986*=+2D&Wq$O-63Cl4mKCaS^-6CMpMztLB=H;5CDF9PxQSmBGgZEnYCp
zY#dD>t_xRoHNtV&?|O9ZYd(5MereEBYFK-LBGTqyGd$Fs->xD-FV>oN1W)aiy2n(I
zjw;MuB-#3dmJ=?OL~qpwUh|gDZ+G&4MI6|gEWqB*t0xPdt`%>|EUI<3!?%8sCDxub
zBAzh>Hbqjlz+$S}<~+5VL9gflRT=l@blc?hN_}^t{&Y>R!hT+PzsB!8!rgnv){KWl
zNzDFM=*ozh`FvQm1zk;kL101jV<_^p)HX~ZTb?Uo!F?YAr_z`T<@5$-(r6SL5b%})
zulJT*_;!_ww^o&=be8DPR`UdezjAsTn~67QLL;T#fNUSBXH<o9xVq1Y+F^GS<8ySk
zl*&tS<kTd9I^20&L@)NtU_BPtW6&$S?5`7jrn;+o)A3Ulo%XB~I7kWtgETqVP0+4z
zPQMuVL08KD%T&Hi<@|z~Y=B!CF<(P<f%#59z23l~WOI%yqDSS@*@|!YY+hcB1x4Ea
z%d81}0=%aO6D}{wprsr|U|g%Q9aF{v0FQvJmY)$oeyy}bNqKy+KsnD%>AbJag3S?0
z9cze;?!c?CmHQE3D)=80vjVWz#{2~&IT7^2{9%?v>rKtV!=$7CY~%a_P;{>>gzjXH
zgBxk#`SB#+$>EU4f<Dfh{^Js}5p;E%?FQ73L8v^P`QM-a*n|M;G@;8LOld;dOv+sG
zmQf$3<chN0w*YrnB4|SRj0g0L9}{IK%KSIE)#_Rwq=MS6+Lj5ABpq>_yMz=z)cB1?
z1r8X;V-C^SZDLg|l6j2ajhBST@K>t2FUf$-I&4Oq^jGj|0ixcvOxsq3bVRrz7YDt%
z{r3Pq*|w_yAOUc(oY?gk7@UO!X+po3JDRTuvs&T{T`7;&&lCzw2|bP@JJuRO(s=C7
zb^97bA?>V}iOl#`HFS3m)W+|;<cIC>Rgi{6=H%)|9O?jX);*b2xZCL5?X*-ezkiVa
zEYX5NZYJBwUk>anPw7S7I@V)p0R%l=x7TtZAhQ$JgeE(2C*KYHi!pga<F^3hk*&K$
zzzfLMZo<ZB{dqTs$q%8i3dKpt6p~=@c?v}9=Ue$+7ieAistxGT1^*IV6rXI?J?w%;
zsWIc~BFeUwjP|0uOAHSbiUKeAQYU;oLI?hTq;^@lFDHl=VCKdQY+@yop=GCdz6s#_
zoavpZRyfRPAavrQQo*FtN!*Z54qPgsa|Ce<RMK;y)5!2(pSG;Vv>pkU+rnV;rM!Bz
zK>J+Ib?o?{g$v@nYF)Y0=GlYzraIPjT#lq)Qp+4DNp?2zCnZQ4!dgXS=1ucqUp17%
zQ+e!cII~Kc-gn!{A<W;pDx+%5fNpjJ+q3@#EytY}lZQ?=WU)evQ9>~OO)a*zmm~OM
z0XA`0u0E;_%%GMC0{%=w*9c6a)Q4R`HJk>DlWdr8k&AsHU;{PTdVkt1Rj}qrCQ4jB
zXFMENXgN!}m_?Zc$%4o4)qBECy>mzpe9HDV{IQo6;$d`bDrw<v>Lh==L4i%7)^+8w
z6^OEuS1yexiFu%P+PEWsqXM}<QtG5zc=(8(QiOszTHo!n)U=RGL)#=-VNuOiD(dq&
zL&S?4{t&OS7rwf;qJnnrxPn+Vw;$0<W1PYh&pS3D3;jIP6{4>3R%%Js*i`MfU(9xW
zK8QmNedYL;*77EHEkFAgqFLDqX{WQju{wLwYm1q)+eslzJF|+YSZ;1c&W#qb@7;Yn
zGet|^681tRUyf1C@U79*dSIV6yL^3Ty($W=2UN`|)$0ITZX%pDzdgx0d2FY^;ocR{
z&=_HAc-$iXz>m#2&UYO6mSb*bdgbUdq8YB*EMeE;rLp&V*v@pKs|8w8ConHt1picG
zMa~F#0KN1odO-7TXESY|PQ>0g+nqE$)^vy}XfA948M+^1JU9#Us8*9>)1c|V40glx
zh|>9b8-u|Atq5yyRmvtO_p+W$Czt9okhOUOdLAGeL99#<X|%mJvVFmq?ShkQhRi|7
z%EEFk$1G4sjAZnPs<Q@T$GCKhus?q(<a0w4^#_7e4#n5<znAm(Mxp^a=GF+FYQ|4_
zb=zJ7WiQ7?f<B!m?zys*s(FUVVo#``r@s*R)b~dj3$b{GTzD?2Ys?=t+U&SJB3F9D
zQ0XzCIW}XT&uyj>Ka(z#dtANk8tiexNM6eysTCP&GF4*d4n<w+Al<B_R+4sW8P5r=
z96Ke;dz0M3%}Tc5U+2hw%SnCL%|ebd<6e+pc$>14kSwP|qGa1w(xXi1^(bKC-L8lT
z@04*jYjb*H?xlSdg?O4mU-UCN<C@QLlOx{@PQ_+7QlQ`=M&HqKqJGU{3(PS%#ZE^>
z(P#1bx+Jzofd#6eU=$c;XDNhAV-GpWpKIR<*oy38ye`xd*bV`NTG>DImjChrp?uV;
zM^^zAQ3yk(GN>0i!>kuNKV?$ZJf^*W(y8FWm|8A-i&5yVYh#bT87ZBrCyGBVBR(>k
z{;xJO@piJ61v}96pcj^ir-Gf+cm=BIr*$VwoqprAAxwrr0Juv`s*bDskB7m(e+ICz
z9H)a?DCgfpA_I8Be2g%;Ueo1*^2Nu{waW1T<z91{H>{97v6Lp|d=uH<vh-&ceAP!v
zwsiQJ<mj9!%*ZP_8r-Rxi9``y!F)01^QUxvFBly}Ge8glU)+mQk(wKP<L$R5*Uz6x
z6QMs%Y{LjpoknITv$o&LfX+wSoKUi<N1V0yO`KldtMO(UKs*m+2kFvT=HNP#6hFNW
z{r1RE4vcnUdmCw7Ei1{77b+mTPS=+Dp1Nr2(qt0!m{Y9+Ag+(VlPTr%Rn)QLz0#DT
z$rzc&9i33>;oGA<n){H>Pm_=GwX05T`PAH~U0==i$X`rii)Hrk?8!=m2Tf41wZ+WY
zOFuD*&nzM|_!JWlA6i331n8^d4a+*?O3w(hMit{T|0GvWya&yjuW|)oCHRQ~%Py=}
z%^r_^O0&g5(+Ifh!CwsK*tB1rJll^uVB%hp3vz+&>_;^zU8CfBe`hw?;yd@`feF*(
zMSSB<fGuJsNEd(27m*&y^gmt^n?@v@O>#R;K*MOWqM3VVrQ9(D4H?Ha2}(XuO;9>*
zAVwQ+VH1>`ZQp8f#gleU17CvS_+<Mdy0fEbQWHSAzw5@k@s`i4p(Gdf4bCSwci%&@
z9Q_r7{CXwi_~QIk^{lnNTHPmZ%a+qW3M15RqA!&AjabJ4`r+O47LKi6qae8@3C)_J
z#%VeS6uD&%g4;1iXq5urg6gI<RlOD0t{Hs@&}1vc!3XM8)3OHbq|2~bXL{kCZxLR|
zMGfnMDR51nUs0JnVo4{*NBPNkFASK(2sL83Y^Ikl-rapb>}v^@PLGl%?w$uaxD5p+
z7_-ICUj-DrjYYzK1P|XoG>GqxGxl<{K7I7U8us=Ev541Pn!3FKAI;)jH$uFdd5cv}
zmE=Md^~0$P<is}-u=gB2`wvn(uKjphNWDX7#Zh_Log01n9gSAbj)8K<Ypp=JW%}`X
z8&!}L(R9jVJez6TdSe1N=S5bfapX+tgTkT=KbI<H;E{@Q2Gng3gMOBRQ*0^2;+E%e
zf;|zc;tAm!mdDKQ)0Zz}{RZ-+D(acbl2-h>-AyNQl+LY}%$}>lqH@O)Q1n}-4jSy*
zAND&RvJ>k(QXJysORG}=1kc^66B<mabsnvQ(pHwDiiGau?o|I5)$LN-o&3^Bp!<<j
zI)6yuci`8tca+zkr|k8C8$?*-f&`|XwQ;sW6V%DvmW95Uh;M$G<9x8nN&0G%n&Tk7
z+%64zMXvTD%=~eL2tKe}U!E(W=bzLmB1S09_62;jxDnIm#q_E}Qrwl;`85S2x%!O}
z#^EIS>AiV};dS{|S^50L2-GpZIw+=BmCc^{UU0$LZ_>B;<c8yvj2&Td@2q7n7LeoL
z5TZkK^%5ShBqp5`Kt{IUCC5n%^4fKf4ybdJjut4-E*ZgVeERiLwq!K133!14Pbqzm
zAViMWWBx|et*MrBev(blG56}79RDg)s@}`XxUm)A=(}OF$-L>7g~`1y1@0q>XCWDy
zsp<CrjotG&SMTC=f;0m1v~wR`9!FSS42k?0jWGPTc7Egb&^)}*%KDC=N6djeCXrR(
z*UGs|l7%ZGS;^gA=}5?+U>ul5=<~GEE+e%Lpn|(i4ZX3L<CpW{An`Q~JgA8r8sx_2
zf#V2=wZ08!2dmg7Z91%uCQwd2eE+f54XD5TS@0h4iV?h0Usk2!WAn94*2nXU%iZ}V
zXuv4Fa+QL~R^u`Owi7Jwei`(L%P*9<WNy~T++}b{Cu<0{e4NSr9~Zia^P3u)BpGLK
zk~BOcDSwKJX7CIc0a4In0!)3@N*$X(W_8oW_?C9z#!9g-^G_F!!T)DDj){fSv|eD#
z2y7?vCgKKgp7A=%$Us|Rb`9T#K%G>4F6zMG&LF|6S;PVZu>ZVx+es;Uu3P2AX=OpR
zA3u+&7<(YLL`wgOx#rSKLB);N@G)3HhTKh%%&VfL>CZsZ0ZW{#{;{&I2)pgbNzZo*
zULf22gRB1um1T@T(Q=P9wO7g6T7rM|G*1QDZdW1fdrFj800M$@f^<~jCj|RZ7JX%?
z&DMa28`OAu3GTM$6M4EnauzpM<Xc#j1c1=Isc=n#%wKs8n>Ah&qW#RmkAEvEaT}9R
zs1Uug+OEE1xd8me{%E*=9rW9Asq|<mJf;exJnuQdnM9~JCY`_4PcWfl$fHhn-3~|X
zZZ3k(Oyp0iO~NW3dT@gC!Ni5PM~UUGc%i~82DHad4bWV&mW-NX(C?StP(c%9wv&(W
z+0Lj?ZntSUVGLSp(JQVKV@FwZ7xrqTImaw6v#Kz>-U1=}?s2kh_SJ~d2*P4^>9yJ^
z7VwQfgXKh#;(QI;$Gkm9(B2~{fxneI+)RI3uCcKAg<ac;rLzLcyJ&~(<I=R#6AAms
zYEXLnRy_8TNQWPy&*m$VrSU@Pf#Fk40`8_(GZy$cgC$SdUZd^Z1L<wmPAic~!!q8`
zQ+`R(ODVan>Zwli!Bi6K>Xlo*fAmild)Op~fgz*3BVL*VR}YvQoqUG}HHXq6U9GU`
zLX$wc^#`@W+3O<bt{6&L1~wjDZeXvv*rbLl%U8$Fc02W~RbW@R3;((TltapyQtog`
zj-bT;a}K$!j|tP{UBnCD3o_hGzEev#gM?SHjb=_gmG)?cS;VWAjNQ2rxd5NS!;FXT
zMWRbd(a>Ehix*4SE%UkwE$r-0+b~hU8bg^On~7G=KFeJtK(OBj)D$clxI1zrp=%B-
zH&*=oD5!k%l<K+9$gVKt3L^3(Zw<A$w};shW0gaefV9@~=AQQfN6b}DSJ_TZOR4>y
zo)Uz++=9>_;&{$4bE41&Vn0?i(PC$vb&BGK-^q*V?#Y%*`?b|YPDhI^nmdX(#m)3@
zThY!px9vSz*D)ubyfGOIysE>rHZclpQe5Sb3S^$5$Q%AfWC@miR~41M^UW(MND{#g
zW7P`BzswM~Ukmk5cq6U?R->&cR~0f*gA5jkN5mXZpz?~{WbvevqrvQYQ+Te_ebTWi
zKKjGYN(*T7Y=5B)<ZeTac5^(C5`QRFz%3SjZZU7zzV^)l*pamxi+~%4`A!jzvKvR5
zU8x$dL&%Qi>{SVy&UzysLh>~4vVT;d!BbFqwnxXfTF6GThCC`Z3)YyacxGU5|Eg|*
z(>a_{)z18Z(uJ=+-3GZuDrKB^RLXCch3r@EeFu;&xDtX^zL%lwsaFNtD#SNb4t{2Q
zB&Afm8MVOJE2+onQkB>})f`m*49uH<nsv=)!}ubqB43U4YtNqRo;EpM=!b`$B}ANt
zJEqOk!X$KVZjjb}pH|Zj5VhYU><apwwJ6`f#Km|Zhw`YDw;96p)_yReNlpmd`oqH}
zNzN02%)#Tv(BQ$4IL+#Qy_>UUL#{8Yc&?r<jBNAtjw>-CEObD#I#TL>TTstO3B75z
zP%a^^J61^XEddj8w<oTsrFg9gS@c0C5^U{O;9;&N_V}b+ZHmgajRpa2_IJAdY0UN_
z;T;x)UF0@F%39YhzU~*xEN{|9NbX|tegqha9GeI|&O3+2MZYtk6E7l>DrVE8@vK41
z(sp!{o*N7H^79BDNq-;ThO9}#c}w0$aPE_!A?Aa)^y~RzgsX7>^M!PRqks*b{2|q`
zcitt~2#jP5p@kIrY04R^q{R&;vE^&I_!^7T&?_Cg`32Bp4)RWchE)4yQ14>ViT~V$
z|MLd@&#xdxuSF=U!2ZsUsACaJ2b6S#m%%gJ!nwzKLFYu+h@i-AR;0qtvhC+~srxa;
zZH1ml(IU!!ni3$Q1YZ09hs#NhAf!o$+G*1{<VgXx-HWodA%T%p*5%f(y=TB;J{~Q|
zR`fy_HJABF<l}Yz`{=_m`(|)Jn#vRJYB3%EU#kodb=pp%gq6zDg2`1Z#gr~p*-pCh
z5y~Bz8YIn>bgu5)(-8G>+(g=*I&nf>mg^}FY7>_u&!4LW^U~qFr&^IoI5$Ty>9wsX
zV4{bBe|UC*2`Wx#n!34{YS4R{$A&EvvcACIv~t#}p{)WIuwyCwZ}MKSJy8|xZM^~U
z3MgLB-%zvMVgp0GfigcWmif@pa=<Qbr3v`~H@m^59MbSq#hzs`wQ9oy^!g{<<8r)K
zc%?`Q$sjl14<Hn^qUR80tf2!hA7PGU)NzMR9!gi_QnrP=zfI?T<ig9iywm=#TG=D@
ztmkUQ%BN!#n1hgiYY=jk#vb+ggHLbhv3arp-SpfGn~4|7?Hp8OORXT<FJA?%GE1d5
ziwL^rwTbPvYkhb4x>c(EHqQZlNoW$qx7h~$g4*?+kL3PvLp3Yt;;)hX7i6e%evQ4)
zp+4PaX@0Ku_&4!Jzw=s9^H6|N2D$GCT)Jyt1ACAz48Lq?Fb-Sr_Wd;+aANhe7rF&H
zEPW;e^spSo*^621m_hn`e~!a@a6*yUR;4NVTKfQ9$P~K@^8MawNoA1sXQ@iwJ*SNG
z>XT83eNb26n$Kd3WHz6t!wufbC9joyHGEmxo$jTkBTvLKcJo|Kp2xTi!}5S$6EBxF
z!FVVXEk9MK$_3Het1O?gYW_H;CF5*2I{8NRgR97gly`@$(21nKAr;TJhJX3M335sE
z5Pi9H(z`m>dE5A+m7>All*Cx^Zk51VuZ8P@bxCG_{T()!)iriUOF9O2O4~By+{?pp
zW$KZrw<gM&`?aS@(>fq<@O&F#X07$n>S3{_&L;YK8&cs6FcGXvUka%HQB@cD9aZ+n
zQ_=1>JG_Jmlh)~$)C}4sjk?H=Ri5qU22CJxFBzS6i5kFCAQwC%qh9biKPS%=y4NpX
zZ<u@9g0g4!<kq5Feg?91W`o)M3wQrCY2uE6vjU7BiNz`T2_HRs)GLKY<4Tz9C&tvP
zX55Af3uvoIQ`5xd{JKNV6&JRec3h6Jk>bfunbkX%<(ai`MIRG6Q=#ykW925536>TH
zPwzK}2Ui)!3eGYO&P>>tK7E|jmfg|8c;1P!NMcX-GvVfuI*j#a4`UaLjcr%lWNIDv
zbWb~dI2wm8`{AkHdWkChA^lz2_D_nODpOB-ImO@qS!x0BuTcTe=mS*z;xJ`_T?&9Q
z`P8r-bj^MfTJg&Uz0>4Q1VoOn%muoL3pbBi(AesS^bcYS=PvH~ZkrH#HGPC(Q?z@z
zP)Pb!9EdZsFM-m@IJcVROm4Dq9;JKsTpBUOkSV}tY$wI{(p^QKD+lSkPp1HFp&`L@
zgEsKp77KDygLs=k^tXn+ZF4&E*&@V#Zm*zxui5X<cgm#QWvGvz?IshNsdM|?L@$3=
zJ-tTmDs|W1a_B@H9l@YgJAZQoZxmDF9Ih7~e7-VZaQ~?y@+IZ4Pe9!n6fJR}lgc=p
z%6a#Y?ZF@gJ!jB&R69Tr4dS@7KKnXl9^+~y%^RAO@ddy_a7~YVMG~T@@o|n65v1R4
zr-=){L9U4b4?-IS4;bMg$Jd$f4ATn+gV@(}f^jOh2NvzhTGr#=_3UqVl6pK>OJ4Km
zINohXggI_*LuKTH0X=P#19=RS{uem}?aqo+*c)u`SkSzOo`cw93@UE5xuD;nnA;}C
zq(y@0amgxpK&y%X%5p4LPMw*mwW-7O*;Fh~uI!j9clN%B*zMk+hemd8v_KIu?vy;R
zU|UR$7NS%L?OubC!wP=`pKbo%=RN=NJ3iV?zgBo(&!CPGTp42mJLElrs8Z)lOsPVb
zO5Gc77^aV}5mN0G@xWr50M}C1&7&B1FUrOnoApn<?*B^m5Rmd{(>{bncX@RO6J8Yi
z3?HxUG~h2>dRY`UmjMRM9Q0#&31pS_V41`}-xerQlVlN=#ALv~8N3lsfg08S$BKoZ
z?Qp!hmuiC!;n_X1&ClxMzXXKumH9+K(D19V0M@iv?Dnx%r|cBAL}nE@>%t0#OlJ%-
z@wPDfrZoI7CYFId?`n1X36c<np9sjy{e!j8>Wduw62lL-n7)mE4vY&u7LF0aWAN4|
zee{bz$*dP<-dbtw>jEq0bOW*}g&xmIu$`Vj8&^p+@aYKTPk@Y$D-wIyH(~QCkIs%;
zt&2^pGzE9FC*k}!5)8h_c2+|$xrEOAg|B~TKd4E6CWn0dxaDp9>5XgBsg~pEtod?w
zy4?Q*-$HlFp-2_79kj?jEd2H+%pvPz4o@`~=Pu{4MRr+6ZqT15vEhE(8)kJEM`W?t
zKwwY$)G}`nvY>rVKc+{W<}>5;VgjT5O<$SGZB_&2xB^yVA3_UL&EvX4uuLvb5PJjM
z><8$}(Q0Vh-4VRS#%gs=%gHk{;p=nKyQ$$5)pi+`w`Fv!jYL0vm@Mzp3@rz{>N9+a
z#vwX`lNaL$-%W4sqaU6u6&?hj<0yjIUClkwE10n1=WCGNNGtT>n`X+PXJ3uvc(e)k
zIKb&neHA6Q{Tq6vX4#+Z*5`fT!*<z9`wVKYwkb>*+k6O+ngoZd;pPFMo2x|NX>(F*
zg!h_*-GOMySLJ%})GFzy9vS;h`b=S!AQpe9%;H?XYr<9pe}Va>YIQ=F;d{!o4UdgR
z$IOJ1d^vaL9!m1B5l<$0`V1o2mM><_8=d3XhF-iJpQO%C_MI&UAVQV<>!{?@L{Q8u
zV0Q=|9<mS*dZp~1S$e&DeABvGShM)~Ksg=z2KQVuG3%Qh`Bvl=JXw$ikGpO%yTw$X
zI(L?1crWGNZtv6TT4iu_czKn|`u+zKEq}f6p?2IiwY7pjvKH>+z-4_A=;OH2x!f(w
z<R<U+RHpS_R3l-I-Gg;!PoK0>^?J&_0|#QwS?r4Nl~IcLrE<#+KW6g>V~ka;YZ73a
z6VK1QD){t}=S13FbwM>P=vRR{`}c1j>Z&TWkvWs6Wqp{gh8qYW^!QfuC*+FTr|_*_
zpHiODVte~WQ&l6YOElVGUo5U4HxVyfdTSz)hi%NE+PRGq`Qm0O+Ve+~zIO6Y-|1<)
zwA4ZP?)S}7cXz8A3L0K#hBmw~S3UZ?fb17IU)UC)QQI#dasH**4MEb)o6Z&E4u5dJ
z9nk!|H4zleH5~%yxHS*;KF!bfc#{S)ERqb)^N^H;QAxB<uORo+6H;63%}os_i2Yly
z)V3$}8uPjQ?D`(;!TnCR__dEZ0U|%~hBEbog*mqN6N>y-R2wwr_!~r3A_m~j@By04
zeJ^PDTlv<seF4xej4atD34}IvN^Q@r!^?E`U8b^M<=D}2^J|DJXHEgi8~X<2oMcr%
zAI!QtJKJ_PH6{cO;V-wu`EGx&hRPsqmnc^ui`ak$9;&t3z|z}Hme3h{2b&gm`LY&3
z+=C6;v@+G=Aja{)#3tua?a(Q<ocbFw@g~l;z&@>>o?1q8k6JPFwp3iCNcD3{=A(h$
znBDnh8*=TV9)fb9%bYq@F&UgdhzcZ~^SEZui`pF}a;&D0@oE0j!dvQKGu-PYJ*aZ2
z80r!NOiYB$!o$_^OUU4vz3@-d2LZ%-t<}l>m0}8?tI9j8jMOE%2_%)VQNXeXm$cbz
zK;2LK2TD`4L_iES#-t3A4rrD{$l$y?W}x>GjANZ3rzF5@z&qK`fn>qUMm(~REHAYQ
zH=#@ah9u@gT~hgsFDNRTiUSP>w3Iavfl}Vz>P?2&cUVXl{y=4WniMYLb7Wl{t+o}V
z{O=8ExgOF|Dw=dbIo$%VjQFn?BSHP^g<~sgT_>F)-12cnx05aKGGz}k1shO2qRTZ%
zvo`3JBIN<$ywneDcnjWBv1Y~00bO|)2ZWR;3<Kwk|Nc_KAWQpkG*tw?&J_~iRN?SE
zR*tz1x3al_o%@5zCPxUp1vzg%htG>dY^eB;dvt#gc{SUC#fgB6Vp?WL5u|sFRD68I
z6b$|Y2Nyx96jDZlFf6N1O38jIRUTOS-pM1&nrH6zJG~{LbIqk8pC^lctgQNU=@+b)
z6CO|kPKsk{eC5=e2(xnr{BxM1{w<SKIqEGF`Mj5NWoWXw)}ez#DzEXL<5nWh%P{-V
zUlPC|9%fv%AZv>GX>Ba#!$bLm^V5lzU@P}rcSsMY$<--F&sIW-VP?ezNeO^Ax%~W+
z9JiVAoU9Ovf7NpERq~lC`oWq05yr8(+iNo&=Ff4ONzfJMgL2}}VwIA8gOy%q%N;av
z{+f4{UplK3s(f&j<5$YxqeNWmWytH48urNUn?rQTUq;oW0&r8_sY+-{hs@4WwpynB
zN;Aghu)!u^`b}Nylo@o|Ck^n|CuhUoo_;}w&DmNc2n$;)4z(}pg{G>Nu@y&}Sl2bT
z{95_nO`RnV^tJF8zt9AIe?iP818%9(?TX$I2y~HQoPwSgRl6$G{2SdKgEU9;Dh5BX
zYrPc;UpzIrd#)Scw8brx=y)RK#!4m)(-f;xM{e{evU7S7TDz4cgr0U*St0imH}x;Q
zC{HL#?seyDvgK@sA>HY7#@KPES?3nbL{4te{&qD@w%~dMTYDpuFG}riQlmA}O7U1+
zRg=Gl6l%5lu)%Alo}+^_itmaeXt2{tt658H4HInf^s|_I4`p(GnXrls8r4ZH`0E@s
z3Ln!T*)gOGi+t3}YI#ML>ua<}#}y^p=RO5#SF1qu?dZ6&pGL<87Ixv)@0vd|v6qgZ
zfoH6&JPWr)Zsjbv=XDVRvd1Y0dilJlrfm>3ec2I!d6^}@XbirA9IMFfGab5QW$iwp
zfR2t-Wspn8JT$ZGLUc8`YfXn@kDL5YWe8WU*5AfL=WEeqJ~wsF2es6(0Pn7a0{qtZ
zq?%Gja5oDInVV~)7JQp|*E)R)>OaLFMDprED6CzGaNkdakq6@~;`%W_CD7ILqlr#w
zfY*d%56VAb8HI5IuS+-&skXk7hqkkbb;kWUu|<QG&DU?1R7l;~N6apFI=)>iq4&Qb
zjFHh+`0xN-{23+VbfY07rpC>5vC1Yi42VceTq)5x#WmtbuS?8kf(3K-41l)xNUspe
z%_YbEg>P24Lz)Y32=f=xst^|JBs3i|8vlm!=*LUtm`*XaGA&)<xF&xxp_X6EDNRq>
z9WGR&izD^ogM}a{5VKcdAp6GG0kMES$+Y=W)i<c-g;OsUb*Q(8d(&)QGUkYmd)CwJ
z|KNrIE8;_IS2QD7<_Hs>9c8k)(4Z77_}R5y>fiW$Q12YqQp-E#q<}hBNde3X`zpqX
z?4NiIZh0Z~)rs|icqfAJ+ohsYy@EG{FBp>8UC>*FOI@X7j-QjEbFRUDUzhaj%kDaF
zv~oZ`Dd#@&VICH8L7`GXx()Lq`P!aV&R7ZvSmEP46#fmbsL@kU;ES7<_4uJve8DfM
zZcdaUt(5ij^=a}<9jkOLQ|g%^lsuU^T{<UYHvm67Z&bj$oP%mf6yck;+`p)?8<>br
zKfq_l^3#|Dl#Kp#ki0zKV%mG~NiQ}!&U}5o1vp{xk`YtMK0gT{i|klVIJ`R9&e7}5
zx-Mfyne@gw5Q~DqaLeQOqEz58Q(!9YPAL!JeFUaU^x?ov>fPgXXCq}E#~rV*_Z&oG
z$`HSMO8bUua6#s4h1Ypo9K9A}<<*<Ox}(kHzSXfNn0>UPh!osk1^+9Vvdz?a$<P}&
zIO7SwQr36Bo1pu0RX;WtR06aVd`pMD!#JQKXk0=~K?7t{2Z*k(0=%r8aMqwsUjUZT
zpsDcjHvE5H+xr;Z$JwkU{7EI=cwsUXcolH#g|c@78RnG8X!*=og%I+K!e&QBwV{zf
zp@}%13)1coRRO=l$Ls$A8x)XX-Y@_#zF}ejsS1m2>Yn;;S+TejG@<Wj196Z&V2Vz{
zOPK?D78{RkV`(Fq1Y2TEq>z>I?|~L{qC1f>qyB~&MGDnFPm&^AM%x5|;vV?%@kZ~f
zhZmyU>KxX07`jz2agVX@CjZqbK9lvu{O4e#_0yoA<LltCTVeCx3|6S5*-DA_fgVq9
zf-BEI>gEXq@da}mM9}s@8ea0o0<lnO97eI}dlWnJ#{qNLlOi_xsV?WeQ&tgLS!jXR
zSbKqSrZkow(5!PKy>hksuiKjBSzU*S66t9HzjWMLre)L!;~LXKPk(IosG9N-pII^i
zG?JK>D|*zce4NEz^->NFyTZse6W#u05jWV_uRGzG<3Q0FJ1v;RAfaQoh&WSc4(T!|
znxcX}rIAyIs|k-?iUPJlTQRx;r>4q<CZ$6rinzEQ$79%;37UM$9O!=LgVAN?bn};2
z)v5OODeX?_-xrLdH1C*pIc3{b3jKCP4)qS1&mACN%6s8Upk1-fWQX6qqUCr0cBd=Q
z+gm02<%W!jP4SnS=YufPsvzxGtKB|g@{R(|Vy=agZ>4+=5j3RVYpEmg@v0s?3|Qc*
zP`%05^~t&FS>NYKH$Bx{{!=x#a}aa)>~&JiyQ#AeTQ!BC*^ksJhu>TZ9KKs77w&ts
znPTg2HDTqe6!6cla-4QferiZv*mjXG@)>tET*V7to8<)0dRD|;dnF}Oxb<ll?HgJ_
zLT9X0N1DpYZ@K?BGzYg2QVOVDOD}f`>?ERYkZ$ivV#a+JCDBWd4_3qW&eYh<SQDB*
zS?zk~L^`NS18HpV4_fKQZMQL)X;2lCt|vw$E?o^mmc+JlygBf1NKI;=bFYbFhwQ6_
z!aY}B>=Up&UtsRzcJ|Yq4|fpkio+8E%GTcI*x${-@-!+44oa+rr!yiYDel&WJtG%)
zOwLnf*kZ9GEzPVBg}p#<%CQP)Y&|oh#Ri+dp`{1gG1jd%J~4$*<$Ko2BVb18!-0*R
zd}huE6ruQaNI=}JaIacCRyq+(HfQ-}=8kR{CUJ;^lD^019{?kvuz~6;YL(r}KFJWg
z-y=ZB-3^{a;Gj3E4SvEq{yvU9bGXACWJMM`<bXsfFQ3cP(ux;{yC+Y!#)4Fa<Q|q5
zGlwsLTmsFT+uJM$n+`tO7X??Go%ceDE{N=ngbJU*>^IL8=*<xm;-I(dk?)cmn&yu@
zRu)Cyn)l8SxAIdpt8Y7?&-%I`*Mer`5|Ar<xJ%^u%N{4{r?b>^@`>GClkH`z0>O1g
zp(3uMjrqax5MK2zd8Qy2m$ne*G+kIOi{Jj;ff#IB0XMZ6hpXB0*nR$<(>nSe?#Su>
zly=OZ&<?PuES=|$r3kpEkX_qMlHD1{l^#JPS8>{67qWm9>Bd;t9~C`_Q~T#TvaXqt
zQ(NyzLz~;6WpmX+Hp4xk27A9O0)M*jS-*aJJ{WM3Pqr=hG?jKYtnYRlG-9{b5}doO
z66$KhDl&AIo~e1&V5)8EfjX<UHgH>Z;z;>u2~m6xIWp!I!MQ)eYzN7$IG5p4mwIJt
zpT5wlj9YlfO4d5KNulDXTYBPVzYfn+;jNj`c-<E)39o5@QEf0Yv6ES7*496-Va&d6
zh0Rh6e)HFZ3bfW{Naqw`YV^{b>xKe&dLlCpIG1!i_8lhLecfqte;sVxsy)!e;|N3@
z9%T4Tlml%i?3d;^$Mpx%i{tAcZfO2k0J>4IC%JrY(ZUOR1zi6yPw=3zbfJN030nah
zm9{@65OIq!LK6?hhwynYWxi8A8)OAib@*aMxc!{GGEOuexgLv6xeYUwr7W=k+hno0
zN36v^Iiw+>V;NF>`)YtLbP{0kFDc}v*>8^7@_AdH1z)~Up8ENm(;NV7VmapFOHtzk
zLS%t&b-9U$$roqDwIB>m8I~4d;RSi%)=E-AW<uz!NyoHvfmH)k=^n^g{=dE^&)`s}
z!QJ}MjQ)3wLXN@jg*4<A(KIi!i<QB;TkSybS%~Ez#*`YoiY<2VXT$dtGu)iD4bi1y
z&u5W~WJBmGX&m7raC%H(EI!TX{+V+9w;xPkZSucdri$)3a<O>r3x(~YDEX{{e%%<b
zqLt=?ZimY%2*>dV4dKTCk2AAFN{Qg^j}JcSLrsp&a_~1n_mpbv-_KP~264U%sK`*N
z5S30LP+~GAlX`_{I29I24*pIcW(Pk6Uc8ke-9Zjm({I__pLZzOeFc)Uscc$VW>=Z*
zJlx3wmCQgxCJt7RPhY?9MORKN6+}B=?9^-YYF<Juo0a!5jCz&2dK>jb+$2W!ghH~-
zw9j0OkT!bUe!0fsm)xLnKh{7l*kGxZ^95n9CZlo2wG^C!);rDC;*@<c9`;m^hp%a~
zeYfk4rDT<akPOV4XrUcYY1#=T^o4&nS~1WpP#V~m&D>TEzFr74&H`DM5*RHaTcOd7
zt`12{S5ff(K8-FErLrT|CwT6ER0J*jVGa;Y_9_-T<`Z7awR?nQ8(h9l3G2ejcP#wg
zWTJh_Fl8k<Skde@q}9cokk3M}Tn*2}N7NTZ%OR%a%{w7W^s9<Jy!lI&p#7;ZOxMzR
zq7@h`TO~WfXEpcf6m62wre70rNLrdq<+MScp^z)y1c{Ef*`^EC&i|_800x@ARsmO5
zc#65dLiF`{y_87jIy%>~!TdtW#+GXqHgXj1hA+Y@nC{_++WuhyTD!z?)=Lul^JD`*
zu(w;{^ETZnF62*>3HBd~5eO>_RA^Uqg!Y0+&JEsyL~7G+S@b@>f>tqiIbrdBQ;<aR
z4(DO%;uR)j#&&>dP<&l(8T5)>87mWivkO1%f>zr)s6@gv_6(g}Qm!uMx=#)Nheuzw
zBYhioNyf5bRq>SjA2CY%h|?OACGynGuF9axaTbj-T}5!)8u?u`H7l1dh7Tu}k;epT
zZuXDz$Q<n^&R~$44&R###b%F{e&3MQ_D8(jtHDHjyd+t@c7si(CYI)JXzNo33hbx9
zbDw3g7+!9W;B(rn5clMG6*`_mSN;e#3j8ZbZ^ZtFnGFE}(#E}eD2*M-lIY39$v#>-
zvpfTUfRpgL%Xt$0>PiRsAf2z^<hP+4Gf`2^t1zJrvWpn&Hr$K&&JkB5KLP<p5zHZL
zM*jxc1Tteg+29-Cl26!U%;N_%8)w&`;pKz0{c`y$#f+QR^K=-x>p-a*`e~7UkiHbW
zGh3lb8tgXC_r@u+E;u8)QjB-lFzttF<SXc3^0dwHGD!mzc7LVbt!b}-74c=9V!Fcv
zu;6mlCwJS=dr6gqFO;j`Z#^yelZf6r=ydb_8$vrDy#=}*rPrxDv1w<%GaKQn*r55l
z#YWO`g^+^#o-3t*fFbaI&Ve;cLQ2hxj$2_(!Po&T>CB-#JoY)6J%maNG?U*+Du-wM
z>=CQH8k$XW>RD-z<f_s8njp9bM5Ndw5_rWy;CNtNLzAnjWpGx$#irIUgauUf)4!M%
z@f&nlN~hE_F;mAt^#(2f`FU*<^5CLH{Sj@=P1<z2OqjIr0>0<CZ@ay$UzyYu<nXo3
zK4b_yHKG)YuMy0~0MwTir%V}0#!}uiAh76cx2@A%jc<+3yt%_&#?jkBAJwB{R4I#)
zX|@^JIeH(n*bUShg)VOs=$q{VWOS2r*}xs0dD66b2FULdmF?6QQqdm8Op#tJpq_zh
zL;Z|o6Ly~Ejp&QTTH8U)^A7G9{Tzj6>$SWkU^qGal>}P-Hzenk3NMPTfxey8QJ~t|
zThICc#A$oc$|x&Rplw5)q%#Osb&j)D&PracG03<ZBob_%z>Z!sSSoukMlthMRD%=b
zca(HO*(6h<w*Zzlyf9M4F$C;TI?vSxf>^JP^aW$8BRXWRoa%k7v>ndUe^P@!o}gxx
zvE6pawBVp{PwCx%S(WOsNg=%lSH3Leu8rdJI`D9?+`97)8*R2*XRqQ3fe-1wTu$VN
zFf&=3TGrX^-Nv9)wAjlqwI=YLPNMVg?8X`Ah)#uVh1?TZuw0{0naOKgi^MsVZla<%
z_lSRre&8YXKUp&XF-i=cGbW%;1#=Fhmg_2&;?FJUg=w`4PV|s&T&c|vojVvvhAx77
zaD2SZwSf?scz$dPUsHrJv&_M_!I1~DB1UO3j@P`y!2So*nZf5+kHHwu7T4-ny5K!X
zm>JK2X00_!f$1X)ywwd{v#G$3f(oHn`^QN)$)hoDVZSUtyvTGRtVy*f@ghSa{C)SF
zQhIKYY;1vYn#rD}J=y%^p>8u&u}IO$91~3g4wvtQQsy3c{4<pumn>f}|2A}n_r6dy
z*X$9#K>3$N;rChrPI6zUZQmyFA^&=${4h2)p-z!qIH3Eou@ohvIINc<NL}V6sJUq_
zA9Iy!j+Kd4zcDqgS?dR&=?-xX{FSn*(CI3wPX;CjCV*57GPnK`hqGI$nTLbAJZ9xa
z%Iu)UCR4o^A1BA0=7iX8Xu@e;j&SF>YJp93I?^$rP$fC04Qgge$%T~>A!g2A4d#BS
zNY%a2p}ZL&JIH6`HAg|I@9FOwOuN(f-c>~!3vi1*e4?>2zLihtrkTf1mg9B{$qI{K
z@)2|5C)#W~cNg@K!>`S9_eFqUSm@R3IevVY$roBMbJ~jdug!V-*HAl9k66%Al6bXB
z+3Cb`AWN<b!Li?`29Lwm3*oBRXR+ic&zUzkx$B&1#nW6165i9pG(sd_nmkWs@|6(K
zhe5X|An%X0b8`16xwr0f+^bz1#Y?}x0avD|a}PU#qRsp1kFaZcPT7i1>`8ru(a1Sv
z37QDoWejAnK0kOBWA_HYCT{40ITE#9&V~~t)csk}1y<%mCs*SWlPwuDMinaqY*PI-
z9^1-#|6?QW`OK4H#^G2ekXzb4i?Dbf>HA{(RYh;mokltS^9|*KzE;h;)FHZhKkhZh
zPT%Hv6514_boPu<&N3vWW4?*;WXJ@8?TKMBcwGi%FBNwYjsfAM%Z!z@bfiL$+kFc1
z6TRi3;0708$zR!mCt@EO@r#$8;_Z?UDgDK#cYrW05uX#RCOenYAn&2MvtidQbFQK+
zq1*^RJU*rY?r^(5+X@?p^qalQLLTLg4{Zl5)|F(<jNmwOMUwklKytOvY2~YbZ)e#Q
z#HdwXgxCcx<yF?%D`Van5|TS2i0=UCVp0a8ol0rHIy|bMo)_OlCH(gLw_5g6;Xyy>
z=_m`E&uo77vK`jE;+rj(drZDTZ_XLrWbDWr30QQ^L)vPHKz^B5ipx7|(CO@ZN6bM}
z*~B=%?F0I-r!VSJ=M1w6nbcotzIej5Xy$P%V&-ZD3%?vO0tVNq_Yv8p=(X~8s26bZ
zP{?5G(o~D_PO8);n<-|qV-(pAgqhXzwfdTlpStnv?|SoEAqc$eBU2(R4P$JDvPp@z
z&I+6-%`3KWZ>!1#laJVJlG^3;4;Qi4nGiRi#uG0u#=RC*P1kysCMgwm9tO;#YHh7Y
z=kC|GCD)t}BYlaV4QhB;vH;CJBoTd9*^nxjNo41iMq{r-K(>eY>QoL!^R=GeQ2NGA
z7360))0I6>OmFh*HnaSiFbKKgXIu)RSWO6SxN}jWDx{;u&D`>$D7nn*li7h5_Zp_2
z`z;;!6<98)5tmvV8k;F00(7Oi!&WLTOXFgJc1%S)mOv-QbPB}L`)UaJMEv@VF0(~f
z>a0PuH}!5$KUX^0vd1fCdEYH2@Rd2w3Am!4YTUh8C%S1iit7RZNBu5v)lB3nrzBw4
z?ig9&ngKeq7xhhCwFTu=6ao|5v2(yI7?K-FYKl-ZX*ag73FF!&1iqtYmr7re7O)!0
z)vB)!ST+xr(|62v(|Z#b?idv`O#ZGyhqU}$Is>fb$U#vdcL%xbQw{2y(k@IqFTg7L
z>F;Ya?@lw^HGIg8)PTk&JAaW1V!r@q*u^`D+}vTxZecsC3)!S0eBJsrp%wxLNBFFq
z_wyOOXPaoXRmh1p%3*Qf3(Ef#KFJ1P?_a-9KrigrZ~9UtKdTf#MJ9IfGZN)49^@X$
z!TCcNT%5!C_hjq;_mOp%!fbXBq7_Yo&^sXI#ksWB!r2?+#L^T&{v>9h6YoJR8#ie<
z!uo|!WpxOJpN^^l=XZ<#lLL7n8oO&YKE1+xLW>T9C>RT{N&fpwtkZt{GH5-*tci>g
zMuK8JakpGD$OHcAXd9T(wJ-%LOn`0xIW|n-Y=meHA%Ouqk<EPk19wv@=L`r>WLiG1
zqBH~wv+jcC3m|CmH73}^Znb?z1k9Odx(Mj&@~k{UuW7Fj^jvfC+~wmL#iwpPFCgb+
zAD^7osyngE68I&ii~5KnFz(rdL1C94JT$i^OSB%qig>|bKD=Z}9kxor4A9n*HXDbL
zd(gRNmEinU&VwBJsXoi0ErSEP!xl8fJc=2&x7%A;h*eO9YfIHg^;HZUQ1;zZZq!L^
zt9QsZwNt=HkmGI8)Y$9UP~5Yj7Qr;7(vER7>&vJsiAL4BL&YTK?IdGI*GKhI#uua@
ziw>gZp8HOx+2V%_rH$v3-r%kG4=Jd{;fq+H$#Fgs0%b~)Iv1sgJhR>^U?-}nmWCcC
zx|dYV6z`@yH(hl~)*_S2lq))+W6yx6<VL@?JR(=e%MJ!L-UQujS4riS49cVQHm034
zy|<GS=2h{7S_V6%OVidAw&_ylOf+ItIya!p?xwDo9s_EK-@a0Lo~2-)nUm5v9X<!5
ziV~(TDYVm8uU>58ME_zg9XHPsSX^O2VtPs)+~ndmrgh{tYqyq{ySoU)x}plR6EmDQ
zk4=;i{j~Jlhqz6cKS#8sh5qThv$nd&#HB&6U_g6Q5u%xcM?RDD_#Q>d-N$B_OR&s4
z9L47R+&-;teTx$o%>(&1EjCA*ZFe$~jN1|y=tS5TWDnwnGvb01E6@_?LcMD4g~KYB
z`g}b0T(2v+K!ra1)ejEOW8BuBqbT-sx#umQT(}DshX*@h`Y;e^W1edE#V-3CA$Yge
zjmx=3Ug??J$v;(I<DW{$dRW=J#VpQ(Y5MGk#}%_a%rc4H;4(#ItwS#3sDR=&`U$wr
zb)>`HxMz}vZFe4D%W9;js-<YK2|l`10{7{n%|n{tb_8EvEpy-2*sA}Q|4F2p6@PT6
z99mvfWIK@^o)@*wRAql?r~GEqW4is1F)GTffdiM|tG}Ih5%x<qkW;0CC%RV8yx`en
zi+&U?U9;V!^c<DQOaf;XKmIMvyKax?E#`_P+g8nv6_q6r7hlV}yCby81{C_E&Ptsz
ze5!T!?nHoX_D-Nb+|;7cA#d9x_CA#_N$-|8P;T_AI3eUh<$DB?_*ttfKC*DQ%P*!!
z78rDox>@#gV-98`GP+H>AIF=X%yM7d0P+O!evTY@*6?a&(Te13v+@qW0#qh=ZpmM%
zS^A7*o-NNcX0!BVTR|Bz1n_oP&|ymEt|=0nEK)Ogc~cX)Vs-<{UiWE~0`gcTwJn8J
zsul4?wv$T*PCLU63Wc_t#pi`7&DC_$N~)Zkq!)K|MK>HUh^OsVvHD)tstlPu<cgUB
zc!E$E-Yp`hr5tEuH1#8IOeMqAsJRJByQ4#l2d#<ns;1}(jx{v$_4%mSmS>dAzgjj%
zQ|mm*5VFF;sRWz8EeR5*amkoiYi=AiiK!`i;)27}HZ-@L)3uJ$h~D6C#bh5fBSb%;
zDbs?EK42a@s~E4kufo>uLZ}*_1RP%IMlRMe`#37#Kbhp{$FD~@dNkvm0lx~g?i{5@
zsj1HI73r{01>HMh+D@LV5#`t{CGC4*vX+l0cTaP;W)2imHU%S$I~i(4$X24gnp-+k
z#+2Qorh@ep16uQuXJqi2-z4k=P6D)upMbJCGLI@*VAf3m7eD$?7agVt#Y=lCX(tBG
z&#_9Vz1Fss@ZCusjKty_1xC5uf&|rZ$)Vs*`DhR5C~ymQ`$NyA_6tCua6T|cbUA;I
z(RqXa&HM}4%BPcI`q<MZ9G+5}Y9vb}n*<6<ZYwT3l*8R`8S|(Xg6vI9?n8^jIX|10
zzs0MFCM-nP`tc6U{Lk%_kMl5N5qNTHa`;vj6{KYsvEx)z))9>{CYG77Kt&&eVr(4v
zWkq1b8VNli2-C-B$G<ON0r-f~`gp-A>_1j9Aa)#I3GnMuTb3>Ex;RGkpZN7<+KA7O
z+@1G_xttqqd1(6bGyiJg;k*RfHJ_9!yfE>g(>>R>61}8Q@RICodoE+_mbP=8Q7dKl
ztFtcJeX0TME={3<z$IlrO&X6lL}-4-@4l7f=4?g8_j+XZ%lP`f9Q$-+!OwRLvo<PA
z+NmYsp(s5?OtHhi>g78&U4J3{lrV=aK1aE4=6)@Ww|n>!)wp!xani)ICI=f{N)5Cm
zOXD|Xc3DB%7!BEBmx2VA@>+%ShSe<b(jp!b{!ruSCY_--<~oZwS2cPiS{D?gwKnMJ
zCHcM72c=w~2HVkyq*}FSgA(Ho+J82KU$#4)Q@}RC<)H<1e9J@_@{q;}-Y3989g<4u
zYn_t{a=$rM!Qr`m)?*?(Q!P4xE;@BnS667~)h&v9vUjt&Q8T7p?(r7Dxc-J1xh#C~
z(e1s$IfGR*gQMiJR2P)}cx;Za@wi6P;I`JpX8EXu^$oSzI`*N09IoAWBSwp7@}qto
zFx1ZPf08Cm>WR0?<G!#LstcALGQpY!GgbDP`&EL~XZSxIz@Z|+6a#(fJr$1c_z)vZ
z$o@5Q4ilDFrG)R?&DA8$i#r)92w!5sQ<`pX0V~4?%k}!3?^OysGYPRfaiAG3Jvw^D
z66xHY2jIRJ-!U_jXn?#n=f|m(1;5ln*MAkXFC98RD25zvc}Fv3xs==#*<C<}N*`*Y
zGLyBYeeoKF7|F&j^qE_7x|#WDz=C@$$8U(fuqmbu$Fdp*weKSZv~G3H_tNm9$Wu?g
z(Fp|&VWhDH6^6%J_#Hl4k?1kUo7CO3SdN|>Ry#L!5OzMt!HoFARzv{#>wF@)9=Bc*
zpA$Q{;ccSI?}vm0!9==x?due*%{L70kFCc<&~1a)%SBLLe%kE2v$8vp+*QK3eGTT)
z?5P=4&^0t?QVORa!VdPCEd=uDBGrY8?g;vEafYHS<IB;6Xvx!?I&;Q%;l0X~+--j5
zvEyfc&^45HycpD%X%MyR*m3<tl)8o~xuKACYAiwN{x`ZWaP8+BWsw$mig8<lHVjGo
zFxZykS0a^n)IM}q3zj$@*5cNb8DC4Gb)+S51K|BRa&xub!7A2!rs19S|KscJ<6_GH
z|Nk>HXQngL)tQ><N^xdXPSb^AS|OY>7rJtBCNoq-5|V2|E|xQ=3u6kEkQRFy#WdI@
zvV=Dwsue}qW!X*0Y@cO?cIl1%z3k`n{@%X7&-e5Gy#CPbCfwAm+j*Vm^Z9t*?~}^A
z--9;~hx%&5Vs#?tc4|A;m3ZK?5za5o+k1^0`(|htSv}UkFNVaPv1ZQde%^q1p+TCY
zj4o%TF5P3DltkX{supn`r<A#4jt8>IaRH6}+C;FM*9Z?i8@>QCcnsYO&%W9qS<#bJ
z2bPw4?K1A{S50n#O;}obtP?%)WZ@VDl3m`{TTpzr+xS5q!gzR;aa$i`&HPiFpV6S0
zJ1uYsEO&!bwsBgOWx9e%_lVGk5AMSyve==<Qk>Ulv+n+?JcBZs`RFAcU`PJqk8bt5
z(F}vtqMSz_{wF#77DXj`BJ4AD__mf?%!uc<Moimw1m*?2K%mj%ovQW5KodIgaFeWa
zKwiY<g!n<mUG4^F)w`y8JS7`7CEU+zL1O1>B^T$yVNMUIsR<{0%!e*xH1;K7)I!th
zd!ohD@-JmePdaxu$^0)flyKn@1H96qQ5rb-4}GE@?U)1}=zK>IC|q{UTIE}$@H!#Z
z%@?WHA4a-XNC@Tdp$wD!c8|z9Wq+GGzPVizxrRH3;pC3W6M_w4WX=HV3&e3UdRb2+
zw5U(Z!-^VzJW2R~$$`y5g8rCiu*g(q%EGO;IvJ+*SY$uMAnf>RlBPK0P`-~Hx*}Xq
zPfbYpp_Ee<uh`;IM<u>mLt-QEn0(8o8TAQg0oACE@=4lZbrBMc|1n?Wj1ERsDZ4**
z>MB7oHS9?@9Xqsw*;AuYPxa?!>ZbVUieuN-#dG$bEfZ}x{joi6t@TuZ#+l4c{N_V(
zNZc!GqLb~|37G~3UoziDQ$h>JgSaGOJpcrUe{)6`eKRMI10G+jk^i4_kN^AETE=HY
zWoD1rZ%v+PMK-L$X%_Hg`14BfKTZ&Hr{1%oEy$X7URj<+x%NMf>r^iyNk=d%fgLiY
z(L_C5F9)>-F8|j}^WQ$gU@3;-0!*1P5=UH&GOm5-AA2L!0uBx>*90wkYUGo13?zi3
zv=PjcgnV8X%>XFd=Xnh{8V?FhU_~HK@b~ehxCqXeRS@w`;fs#Pu`dHnF3U3<*h{5I
z@{S7<b2;-D)MrTT+wf}sPhhF?)aJ_Rl0CkgN%3qF#|4~TQ{C`x+mPGar~#=W_xpXF
z#qd)g>{c5aVW)&SfJj(8vy~D=d4sjeigxN#m|pTzuxka@cJCNlYjcXDWd9f^mBe*Z
zF>{sV;wH9e%&)Dw%+Ycj^CY-((@?=zS1db^fQ7Cx@{y^~NvEJU+C+SKc5EGJ)V#7C
zJvrW2?2uD0y6klTjWC^1SyvC#%el~Q?Rz#N3mac|M5CSepx2lwBQR4fyM#|Au3WJU
z1g6ZhN5k5~amEi{_v2hJjkTCDuU{IdxBKTpIRNW<lbzw&XSW{vv9C68AH~tj59p+a
zGby=|yLD>sXKND{7-BuMx|Qb<-X5#5xn_Qe%J%VB9+T?4PgdmlSS#u|A*N~l7SX+4
zTKlbbh3ld)vGm)!7U(ELj|(gY<Pd3wS{zNW3)XfP>r^3|WqRJ)b59xCOPon$F5WJd
znCA6kgQa?8?Z<egcq2VStl$}>$vZhB`Q?_;tjFrj@%eGM^F~<9n;l070Zr@WRU}c+
zD~4`fKdmrdqg7bu4HfHsgkh1K<HcUFIrWYUA^~QxK{I@W)d2Zi9E|cJHl*_5q6Jp^
z#(>P`clb4ZyRh>ys`U15Z&wpbH`^>H!Ce0NO<;H(<p?g0^y@`-=j9UVfp-m0O;pqY
zbb3~b-P!bx)uG2n!yHp)iC#IP=lNx9mN=G7S(AedWpbR?0B-lmUL6lC)9~{%M`Piu
z?kH@b!ZoVuog>?c#_dOEsI1aJQ$A;dJondk@;&31cA3TB20qP`-^pRumY)!z%%*nY
zQJ7Vb{`M~8b=-F!k-0L(W+E|1pV~}xG}skUzopcng_rk`gD!U-D?jr3`9?q-cI(%P
zi|UTp6yZm9>LsHK6E2mqm+yT?@wx?*aY(Qnri^f61BzXY>eu=YY>>FDQ9v74@nP-+
zi(|+$IAjc=^-2HJfOc%n_mr$XmsUnZ>%_UEd(4*O-!{9kY@3d|wIAWNSgqdYwa%1d
z(QLc7(p|L)H43f(iP#u}F6!6$lH83L*~Or7!-89&uMh8NkVJx>_=3=l*2>b*Bl-vz
zndNIG*CpywqPe)+?vz@T3Zv-6jaOUn8}Yw3NJ^t9%ww&`Rt@2GYMRz_;-Xq%WON(i
zzENf+YOKhilzSRgE2tX9+0?}+awam*ZkNFxXfvlrkwq_#tY<huL_`6IkX=eMjyt~m
zKAhWo&la@aVo4u2?$Fm-k%O##DscT^YgzF|v%J!|#V#|6i}32C6b+#DKDyQ7KXGrZ
zZO244qksf4gTG-Ti^s6rQzzkU_`s&N*ab@BQ)o8tt!3ZZ({EI=g89&$HQA`SZkgHB
zJ8H;b(g$q7xOO&3YQl^kw$(#Uk73%kUCTSAAM{F3kYX*LEk}kDFL&v=m<AW5{cO-<
zo6q8CLW)Utly%Emid6riLAEHNmkk7<)<I;z*<@~7XD^dwPOgWTjBz1_ytg~e0`k6!
zzdd-lgzHEfRnKk0l6~5(uQz@uaeew&a_xIjfI@if-3Z5ZRO|x1tP+4t6pdmu&u}!$
z<Z}gQw<frj@<#Vq9TqA$Bc51zB8*~1BcQciOw8h(!})4?Y12@(h|PFhr{dedo~JHx
zxPdIUdJ;}Kc~BV3vGB`nL%~Q$cL9i!?$|@T-r?JBnT|NJ^E0p%5fW3w4_TGxwr>T&
z_Uq-w1HUn@{?JfH!TD9jA2O+3;X(Mbz#u-ZEzYL6dIife7dT=&{JxpXKWN3!KUo4%
zd@f=B|HqhV6E<==t1Ly6_^J=t#Ca>iR3>T1D_|es;s$~&DG@rw#QE`^O}1boeqv<2
zL@WtKj0-bFWrhVf1MZUl73l)nW4I|EH>Ln<>#HS<yNp}1QC{kFAC2s$6(Fm|Eds_1
zBklrdVW-LYq=M=EKP@~i<p%<w8I%E%E1<t`Ly~urkPt)S9T$@RpV{)?pzvTH4B6FM
z96zwqhEKLXE}<p@w*0#5hs4ugr=C4GgOL3`KWU~Gw*-Z1wc%H+=7x8Q+}n`dW$eMG
z;QQry?%U%<Q93+5cI~$g`l=zN(Ei1bHO_;;*9s)t;}QPjwv;mB)aGw!g|+sf2GAEI
z<U`+8|Iu#Xr;1npqYME~d31bi=($e4D&hsO(am}ChVYMat|TI+tZW7EwLXJvd3!ft
znne>y^}0wUaXnOnJC>R%zioxNl}DYd7q2~$An7|+nFPzt@TdmrU|Sp4v1D7H%5yND
zD;gu3#DpCa@SEGuVrmALnMK$i59QMR^(@z~zbXqn#A5sv1zrGZpWM!U=uGiODLsn0
ztR`ZQCWRflMI#ujB-JS?R(jx2gHG)>YldF!5zs2C<_TMx43~u-V=M;vR1OAte?WCp
z%~%&9C6`>6ay$EaE#4!6L#pBaSGVfrA>7Uzdg;lJodA!&l9GQyLiBg+m{05kSTcPv
z(Zc$)O~{sT5)9m1eOC?IqwlSSTiz>->^m!(aj&<aDCrS@+{N2VDWS`zHpRp<*_;PX
zo;S>nru09%w-G;ppZGbc?tIUzuS;bgW_>!KQ|nVu7#*`4b-DZ0O6JD1v+6d-4(~`i
z`&}zHcpgv<f3vt#td5@X2kB7Vm@oCHD#Yo(pf$ZsI2ZUn;Zr3_JU2b!OPOI#Rpc7P
zIFPhj#Gz*mtRbwcQ;KOa`crK1UWcn)HovnwOqq9tOQ(jHdzNoxtAyQmo6!q|A-3{)
zgJ#ZKB8-b{B-d3z6(RTb%6Q*-zF2TquUtOK^9%iSxjK^8xz#Ruqn-V5@l&_J?NcK4
zUSsbyK-|75I9_z9$l@Mg@EYsmC?8(ssr(i=cT9`Mf$&x9Z<eD<A8#V<*5)cl*C7)0
zlxDY&Io2t5BOAW+kMaO%(t`?%<hlBvSRSY4!)_G>Pj5-zJ{Q?m=AD-375xTrc5q*A
z4y#=4f5#g{D~?R;wG`bSeFRok>FP8SJ!{HRr+X~77tn4g&$wQrV%`wglu!hoGgV1-
zJ8#~lS2iDbsTVA=qrS`)tCNC;vf`13udj9$6mfQBW<|c#k+X*=RmfuV8?Cd~ohLLI
zH4YCk>0`|Np88j0@bEyB|Jc7EL5A-5M765%f^O=&ch>xbiq9fyCN}U(B`$;9-LmY#
z?y?G#_1)<Q$tCJ3TLNH)m)HQQ*x2V85hEh{D3kX0m^a#>mWORTw<ha=p8X=+L8Hkm
zuUM&dvFt}lZ}cV?zwF&(=k9l@mtzA-4$6ZfJb8a}6;|fnDt77))2Uh?`P~D|Mbo(%
z)8-@11sfDK0XwXKKa~JPyS6Cr4NGN{L<d39<GG`Lg>DhG<`CxK7W&CF^j+TNb=Q}_
zB9tqdtgi?orMC>em$qJhnNh#v#};=zl;<IXMR3$OJ-Tg^mHu>OgvwSFY@_|&Wzj>s
zS!0DpVxy*`UeLAhQKaMAlTW=R{=VrgoaMg&3*ixlGocffPrffHS1Nel=efCPybv}m
z-KgQMs<+XivAGCTk<W!zX4n!_#lm@qt%n3&c|2ME8q(=6XtG$9YU*x6-%Jsu6%8IX
zL+jXIqX|4rO?&V`BCc1sY`9N4&i*A*Ur#6X>!$5wSVF!W2_!~IlFlI&W;sbBe&V=w
z^~mDr9VXXtt;iuLDWwrz`#ziCY8pu1{5-Su$e0y+^;=8X^^8~K)H}U$k6zGWJJKu`
z?$Hjmhuqi1W+$pR8NB1gh|6ORv8UUbZ_=qBz$$j)!3|i!rCQ!ycX=~J$1Bhw+aE#K
zr!HnE9AgD9<z_)>1}+H-mFiswunkLfV9Eqm<Vq%nbTt#9Go=tM;)C6mWei|r#j|n5
zid#cYTXt_(Fq?9)<VFfi^^dX1TodOY6-oF~vAyQhE27u-Z31g`!q0Y2&9n?o3?<wB
z|BiP!yxph}UTH%nn$VY-y0}aWHp}~|j<|ZD4Ei0RvlJ}$rk&)8UlR^@`t^QSt*}vE
zmIlZQgJDqnc2Xk(jCFI7yml!-CvMCBPkzAvx(UkRNC=_~bmtsGx+|fRPjN=aO>Ik}
zVm$Q}%U4lRp9`c{B*tnbk}>}(v3P7QAR_~MLdo=haRY!H#?A$)1Fre=fQPezt-dO8
z9~Lf7n>1l-gE(@qNRfV}SZe+~ciqa*HyG)L9~C)8SZ#8<-JCL(n&v;~kz8=0Q&>}{
zcRY2XM$hxAx4eJdPW0>7D_jP38U2o^XuqSMY#lRkV9A|o77@<T?U3&kHuWJvZrRJr
z7UX6l6Cx?@Txi@<KvTK5m-HQpS<LK9<cotQ+oJ0x;}KZ$ad@{0^#ig>B{5;zyIP0W
zvfYl2St#}BnRVOS2%A)MR*^^lNo-y013)+Eob6&q!Xmo!gTdXXO_VQT+AeFzfi>E*
z5=~f&O7wD;H_7wlzSZ;UKy8?X$}HB<{f|(|QM>ibeD2Tjmh%ln)z3R<zsFS9Tyav<
z0>HRC^zllLJj9_*0l6>S!T@T}i4fB<sLK@ng>}f~0{y^oLSBtVTy{0{lJ-f-j1!S(
zju|~H<njR<_GWfgp_Y3BUt)7`yE}knoln3<7Pz6q{={*#dryz)#NAGAQo`4d^zyy6
zqTji-^FhYy?IhJH4RtBu4YBBnbF-KT<VzjaS9c)Gd<~Kb{as>??CpE@k{i3HE7Mxp
z^teWY>;+ngCtyeN<dCECkn^*foGW+W@b}wr@xz~E@y&l64vdx(c(C{RO=wiVhT_9^
zl&=)!o$e<W{{=ORy>mglSpMy(jf^S6IFJ!J|LPl#I97tPMeA$Xm$N?3@%I>iY>`H^
zsSWvuiGNiL#%Mk(b<*P-u#tPCi(}xkD0BJ>RFREf72HG-=T5xkbc?Lz7cf5{%b=&d
zHDq)zQ*f3@kIC}ca8y;nX5mM%k(hD?DGZIQ7ps42@PURu*x(X5jfkD_Qe+>wb$mR0
zyT~GgwvOrqsM+qrzSwaQlKIOKVmM!~dddXZ%tS~VO+wwtr_Wnuba!W$xoTwYOt1xF
z&NM!V%ff1Ttg`M3v<KT$kKd$lZ_akjYGTYF+~I75-bby|MvaksJH)TihxD}It-D4l
zWKK~(06-X5C|*PG5`gv4!QpF$zUgz_FxlyzO;P?lV`A)33;y7qJ+tw_^@rkVm^!yz
z88zD|DNTxbX`1|@%zay-&BpFsyCBbPCEpXwzw!rI?=FRT_xYzfu;(~CmjCv+m@8zv
z^r@=Jo7%khr!>JOjm6%#7ime%Z}BVQ=*3KGYGE`c%Cuwrnq;kY*@h7e>QIgDSqoGg
zQCp9<IeIwEk)S5bAQ{^6@&UG^@jw1)6`a<po&-j0-++ng0d756a&3q=qIWNfhfk9J
z>2uyn*c3mh>mAO>2F|vxw(Hb$BC)*GN;q=yc0*!S%FiPH&n?KTsI~d3Po$Q38cE6f
zt8iB<8H&_U^Ly+*;^#K}k5A(%y6<`~XIVX4Q1^;BScliBR6H@_`vNTIYxz`M-DGsI
z<LeA+R6aE>^?0I1=5Qv<T-QG%kdzsTp+yq3)U`pfBne1Apn79$Htd$nugG&#ELsC0
z%RRLdLmopnSG^*g<=>c7g5FFL+Ub}+fIu^-u79Y<w>C=B9ohVb3b5pq@Bj_9@uq&Q
zara!XNU3Ghhgj&=c&y;-zD^0tZpQh=D6)A2>$whh$(Y?FJ-EG*T=og4pLD`n@2jkS
z49`z52x*cXl7D^umcp7Lug!COaE5d&^|_#nt*O*FMq3V*2x4u5Z)esUUF=@HIK?W!
zhALl!)kz$>8w`%f#WJohXlf&HnM0X-E;ifMi`cpx79IgBV$B3MCl%7!67x>^unAdI
z=yj76Z0NIDH0sq3*V}vm`#)I|`yYCWJ1!pbsAZL}|K8C2&(78V`Bi0nMH~>v%)Qct
zy7t=A%AB*<Ir;IH?Gla~>L9|lAJHILS2$TdgD{kMhS$t0|G7r>+ay-(^QlQ@!)KPl
zV;^y<+ohmzA^tsoMyw(Ku52U(7z3TLIx$f4H)zO{()6v(=!9OTfyfXL^`Hd@Y`%08
z24VnBf5#3uB$z8_yV<>JLn)Kt^S{8gV>VF}M$<TB66LC~JzYjTIO+{Cd=BiE1~Gox
zWfu16{iJW+(ZA<>zCdEadMXrG)l=Iw)8_bV0h3fzkcWA02Gw2l_T_yfxtDL$a0UMT
zwV}S^XvP{oVm{|kKTuaPoQNJ~j|LG$Q^JrDHTwM9rJ|>=mSY7jf;ljBvr)WqU3U%X
zpND#NGutktQj)b~Dte}x%dR9-f6|zyUR$Y`y<15sWLFjZhl9!_;)mUK-2Z93JX(SO
z&<Kq^_yz8|VU;Gyp#n}kqE+3&=><aYC-StUa8y2dx!cXr<zB7){QN*JbSzuX`@x4r
z0_^$J>}WAGbqUKuLJt<0=_*467zS;&;+YPmpi-C>@AzS>guI=7nbbUew}&KLT0Lf<
z*E8DPcD72%y!cZ;xlw+<CYoGbq75FqEyk;@dS_k>ncy?M>OOz(7Dgs%*Ddqy)5va@
z;=+OL8ack;8OnsG@&4RYO!b^<6lYwv@r<Lwne7^}i_Pt(hIJddvzfm(Jy^qWIQ_2I
z<PaV_ot(GpKIC+uQ3@^GVdeGi^1-2wR2{j_PbUN#N73u28{&Cl!gO%~%_dt>$5UoF
z*2ANRsj#EMwSoIl-wSuAWQIOy$~%|U$-m@2fP1b2wwT7Od`?J@k@NZ+nHi$H&phv>
zGSit7-=z)WNvmpQ3!mVJlEt$J+M(~(!9xG^5AU&^pB~)j`#o}KgeK_^P|!N>)EbK}
zsrX(k=h&?;GK4GmVKzxvU@y;e9@p;S^Ap4W=Rqs)+<P|GXRxR+9w5D3Inc?F;aaV9
z*RK{@(PO2Jsi}1-6o-o1&HwJ#4o>{Z`6;e<`YFW!RlR(Rr{^Jyb@jJWMdJcG{iYcr
z3(^bn5BpOvSu5_g8o$~pu{`Y>AE}w>bj5}$K`j%)Ps8>cJRqJv>DTOtLGS&d_1vMS
z+0vLnw#rq?>klP{(3C6k4f_Q)j#8V5tk{H3{0n+<j5*0Kg3<PGSRVnga78BS%HtSh
z-KO#{rrdka(r!_YBqt`c*f~#)5<f~UJIFuFdhlN=n20_L{Yg}Lwagljlt=XqWD`}u
zLXmU>2ngr(*29elDd#yX8Px$dI-ZlrG+yQBEVlgC4XY{WY&YY%RH$_vos}p~oTFY?
z&mR|P8j5!5ps^Q$v%K*~{r7VA)DO)B5uUymhxU#SViG~DD(%Db3a72<{3SU7x~uM8
zW>_;iW;8W%=lf{`Hd&VNn!Hpqy;rzfey0)1c-gO#y>NMJ!>`jisCna6cIU=NQtzkK
zPo<DR`!vTY-UvG_;3ifT|Eb00HY8!k^RE<DukV@}5Jk*t;W${3C4Q2YdTt(XtgA%4
zlXS9FfcI-o;ur~a;!8NsZHYfS?m5A@S4$Eh3-WXMI4bcmUCfNZdy&|W#j^K?@W8>Z
z%{%?gI%12i2FLCO%b8(~(2z&)wF}C<91%s@*+U8KDRO#p?TA2eJTrV*tbawk!<wIH
zwVP|WrRL2!gIn-%F*$>GCz66aA{t<~q)x6yK?{dAN{8I}3zG6*W`WR51d;<#X?+>g
z*OO#Crx-b%dKH(+_vokZk=Pij7JqjCY#{RN88q@_Ep=*ktvOF3y&6j@99Q)khx!qu
z?;n?5YeyWB$jeI%ZeTYvA@W*F5I%%8uHi=#^_Y?bn&;E_P%IfL-=J{F*G)2lV2%HI
zc8A|33S2IgOxKE@HKhN1<qr()RPst6QA4rVrBZ0Ift%a`m}m=zGQtq#jLn+G`k_K1
zoKkhMhmUQ*_J-<3rS!96%=35)eoa6+p4LG({9OcQ{*Uh!Tq~D?0(ce1970YFZ-Ccl
z>wa5g5jwB)JcWVAzY4U+{@Y=FMzFJJ`_N))sD+o{+OF*wuI}Um?;}WW9Ww(MoCtZm
zUm*a5{>>uZnZUOO)iQ~@Y>W);fRUU^5GZnKLKN7)Pa;?_^XJU;=W_^)=Q@;fg=@5n
zaqN(cSVqmnRJ=?Y4FIK#YXELi@Y_CLgP>eNentS^P2%{9K+TmUFsG5j{Xl*G9I27$
zxGmdo$x|8xZhP~G9WP1Pa-$XG+{D-QXxuvcu^F4xbc_((H7Rz$Kd;LVyQ(pPD#x6B
z1LUwsoUY-_f(AP;V;<GzLBh2lc9G$f)kF=MWJ}{c!JQh~W<qr4b*r%|SvOhlBB-Ro
zF0&S3fCr?oBTIIeEwEEk>?_qb;qj96MsBixChY9o7R0^D{Bl!4mpqTw^W=-P+L|w^
zDe!1g&AeSK7jK&fOfk^@O1+}{rrjmYtO#A)uJJ<O&L=L$m^tP*dD0TcI<6?S6Feto
zr=y9^QymP@?^0sj@XbhYoJ14iTntU97buq+6kA_Zuv;X^iwrHB#d^=RIVOE!5VYJu
zofmLL8RzuWxLLTxDZ~7!m*zCp%DbH@cF~xt;0D~Pu(&}cJ+z~}Rn%s3)8Scm=;XZk
zd~K#+XU61dS4>hcD7sTF?N4mVbK3T4LcIw4KtX~0Ru>Z;9_K5SG>qA7#}_P?bMC*;
zdw9R3Tn_!JaWPwywvq`q%veLW8PIR$Yu7cmLyqU;h-<f3=g0^o;Dt*haV=7T9tCi*
zMV)8?z(4-FSfWuPT4gt#-Odlq(IBh-_@R_{ZZ#g-Q-Ot#2%2Z%znA0d<_b=wSs}&x
zJ}QELesa5l_Wr<y(tIB4lEjT-kOUJBJ0SH4vhcTTQSy4jmS)Qb3e@LILm&(Ua5MUk
z;q;0RVN#?{0!>(FP?R{`jOv7b&|}(Pw|fKVL7BAh-0^*I)Ky-JDyyi8F6iEt{(Yjk
zA%rONIHG}IpFT4ANP`p9A5pW1K)X62fv=8~h^#lhJ3V6nZ1Q*4ZShA0C){k^zJgv0
zGbp~X*p^DaQ-vrt$mar#Ry*2WJaL6j7=5FXMD|=PgVfydW#Q?5@7G(3E^h}vq)5o0
zqX#3{w@c^#C@*b`x&(9m-M2^tK3bG=wxK@sD;z+*!j_q96WZHU$g?R{NgbMe*d`y@
zViQN>v|m#l1C@J%4BS&X@ZqLnVlZ5v7T!X6=RP8Rd|@7R0lq9_g+7*|gvj3*pMi5&
z2J)U2y{Z*nOa7o!K_kA5%#(8#fXxm1PcyqKF$x<wjm|(<sRdZ(@O4`Ca~mggSaUeR
z+fF&1pG{3V7<i)m#1ZRsqhwK+3{98+5WkJz|B)|Qw?a`aTUmG?5^hq@YfP*iU!G`0
zuOGHsiFD^@60AafTW<1nsImn7XsHw!0fW<S_L|$xpv$w9zHS*`1_jU+*vcHl>%!Vj
z58CaMLI=JtRT#7Atz}OayIs=NYgKm(BD>kV6Yyms<ds?cPpe78h*dX&F0e${y*H$A
z+@or(YUmD=OV-0^N_Eu|M7$6h8>D=&4aM2BEu5i72&PUJ&rN%z=icHXv-a|#8E1Mq
z`?T@TT01ZA-N0pwZkW0F+&a=L2di4#O8OQ&(YxTzz1`*l;bs!@2nj+CGyOWw^l*bP
zy2I^*c$#~6zAllO)<t{oWOftQh!<w7EdAPb+qRV1W;}~Rvbk-`Sf4A1#*!D$*^nmy
zvQ?<+HHi;ylC6Ehm$dmvxIceE`F!-I!df%9{W>b|4tz=?@cYFddP`<mhQRvM*h#(k
zbRG~`agN#DA6N@=4U*9L#DzS!1RAGr1y;kEueH2dhGqPq5&XlZA%}@)lO^uk#gk5-
zv{d<bvp(Ec^ki@79u?N)7B6)9lgyeWV)xD)z@;~uCEH}2V+u531m_SNHF6DSx1gQi
z9y4Y*f~PB=QlsXC6^N7H2a@E+)<fif1;9Rs!2Wgk@LIjFOmN6R$d0P<>NfZapcFtf
zo=<9^anT0XCkg>|b4<P1@sE?WLAxFJu_$<D2u#eWl6@$d*dN)(ry$UQ{<n5Utr-4W
z&ZtGja3bZ$MZK`1CV>e4^N+mo`E3#1mHI@3n}Vt3;l5~~RnBGV|MSWKH$xl<GLv2w
zBj3%0Vc6%MmoO6uSV)ZnSgXUp3MJ$;%fMY(CJ4J8^_FxzV^ho<J$`)F^#gswi}Qaf
z+@9?;#KTZ<v}l@E95<oY7PQb6F%A|P;o^9a(_JQjT4+Wbjxu-{|5-aUx6`n<T^wBK
z!*215B<I|H2qYmc`TM8|@yxj#H5$G~D`~H!{Of6%K4PHwa3I_IC=qCoRWycGK9KiT
zW^ksg0DOU62EKppIG^4;#=><}Kx!`;|EtxSFniS_@zTi#j#CHWtdZVM+qkJ6DYb6#
zxN(S$ZERfJ&Tq-GX~Uy%fi3s@q!A#ZkZu)4b~=v5Mh`3r9FMp_@Ot*pWvNapBMh*|
z!^u<#>Q6Tm2i`My<c)#%fL&T9!Cjr9bym>(>K(&g=+&O<p5{~jm%>fagZlIi|6D`3
z4Ymhg_(~=Jbs&!;t+o90Je%102szxUQ60`?b}0{J>wS_Qf%(RFaKmz?%}Nih4xg1=
zG*)3~ydGjnymfmNnXzda*R{%_lR9Xux8MVZcN3hyAR8a<Bon?;<efcN3tw7U%kx}0
z+n1VIEav{!m8Bzu5q#9?Zi>ngTY*S@(dl(1yeS~QzI><Nlhz2&xje8OsJdJ?-+j7M
z-4Y;MAB!CioR9KbQTFWhzV7^_p^V(@DuHC2X2@3PcZ^Ol6~zm8b<nq3zm>>~vHM`1
zAga9QrVVv<mT(|r{2}eTau?I_z?3FzMd~+Ak=BtndKhTwqI@X5Cv%R)+7_X4i(JFQ
zUDK?z%g<N*Wk*wpF`4wreHT^{;#;P~;EC^T=074yte`25oaG+VDB(1F{Q%(8E8|=!
z>Sh-~aBNm#_dKwb6V_FMZD0Px5`+y#g5A{G4qfH`7LIhWP8Q_(4;w8>Yvrq$w4Zg{
z9u4cO9q*y?hLY`hj*J|aFmvcU=ywmHSy`tSjQC@>211`srV@omOypSgr-x;!5paLy
z(?ZsN>-_kU&cs&Dog=N#tHUNuTIbiLK@&g57Zi6@thYIbm}Z_k)J2nZ6td}Dt4>$l
z`Wwoh+Q=QWy=|g$D8qNgu#sFmQY4>IqJ<9c&DL!jCP6<&t}r@vP16hZ+-(5ho_APY
z#PE0(zv&_qw5zmdG&ag*1bf>$d3U2@Ie;s0y_*i=ytB@Tn)(<L{F)3h<Jp%a!l(9a
z02Y7VCyVj;=7b&IaHv@8TXf{I9CIJY)<aHJ<1SElXILqo$+%|4{D-*i(2i<nmBaF-
z?Q2}y2AklMTO#2Qr#$zGy|(;cDrm<u)o|o%tzz~b(z|x;ZpbG$bcHcXCxtjaZI=p{
z&7f3+6|c?O4{g3iKM8tO&~3M-Zl#G3$KBF^pAy*7>wCd#INiiOUHz`cyc=pObMeO}
zXWEC3)5SrXP}S2Fx;PHk3oCuer<|rILuVIr@WV;xL~aG&eq;6LT{rm~o3&m7BtWyR
zKIjbr-m{PQFqHD*T&?Tf$a-EqmH@@$Jw7{{0yP~EOay~0ufn#-8i`MdQjr@!$9kw)
z&{R|y`45B*^Igw6fPsQe)n?ZaVOJX9RsP^nug-8*y0M_(Qc&Y@4qzyQt^fJ3lOvl{
zS1lPOgO8OVi=NV%f2jCGAgc0xFE2<g=FA&Kg#5<5x8}FWO}@H#EU%6drnBl=(7IBl
z)9RDjm~^9xpn_9uFf><kJ{bb$1JWSk{@zCnnc50(NqEFR^&^fxl%m8+-5afA^czC5
z*w6vJG)}vrcWmKpEoR~h*{lx241N|{B_jghQ+DHDP`6c3OlST;gwQ#xfT)&o_1yVw
z{A5_mPX%4!Nqyu}kG%x33RDOG&)Hwbjc3h%+DzkAs+Q+K$(~dIlVUZuX{cZs3HL*P
zwnxP5drgGQvw^Wh*qml~o!z*OTxLf=>Wlr~cK$)3QQd}u`-9r+OR1P^?AB(Ead0O5
zh`+wfy+VYd!$n+vn_yezd^p<$`Ma$J>WvtND`LWJ;M1Rv>>Zm58DI&R?*oaK)U8Qi
z5|rq9(0Ueq%F`(S1>~Pos$JKxKV5Nt<*IKOx_!D2FYc5DUo9{dQct>VL2fyfsB^kK
zw2k`MDE1lLAjO76YF*Z+@^=;fq9K6H%=$zR$#Lu9?R`2()|zQmvM7LEaFZ^VF~;7-
zuV$d1bc?amO?hZ4$OzJWN*DK96DlEGZd%XG(`Z6KDP-c<WV(cL@<SE!J!=)fnOjXo
zYM`*UBC{fraH7@c-;yzq3F3qWzb3eYJMvWz;XI$cUfcNS9<FJaRy(1Sf4)4MEWEAc
zPR(`^<wk^dQBY|@sXt~pX5${r#LMgX7OR=FpssDu-8dU(W1{*nPs{~HvON+v9)+ca
zeZ-=!V_K<;*rOWalI#T7@j~4`ewSi=e0NyXg`~<%-)6Ub2Z?rpWO12m_eb!*-FaAr
zO+0;+J(;yq<Jk6-#$!^MV4RON&nvRtk$kP7&k|WB|76+Ir{7~|yVW}*6Wh2Cv*<Q?
zttqmpLM2jrS_y2LM*8isdYLJ`r%XkArqlO^UNwS9U8uq=FnH)7h*v67d(_?Moi0Z*
z@viAoX$8N7EYDhI9aUuwx*k=Yp~Q-vt61-406;MILa}-~Kd17zci1oO?ScbKeXx-m
z@*eRQ_<PT%(tkh3y4)+1aAP1#=vkYapaAU5j7>okWo<~-ts-M_V9-K+sDigB3u8UA
z3bGTC@&NveO<%ul%3XWijE@U=a3EC=9pESP=Vg!;r-{>)O2MK0*^vXWa=RgfbiIxu
zVb4(P>Yc}&`>%yHM!^!8pEfxXkb}rI_{ip0y=G|E)vx5VdqWARZZaW31c}@+0$0y|
zt)92e`i9)7c5y2d%o|mvn71=q)PnmbUXn9Lapv}En#={7MLQRFsE`iltBqpEz0TbE
zoNco9>=E~8kp#v(eM@=Y7IU0cgXDLz3I%%tMZ7388(!nyfJ7Mi?K*m-gGTZM)?E-m
zE;DO%g1un$rHFWyuf@(U!iQ3WGkNZ=Yn&rTMJO)62<h%1G70$~q~kXC5c>9HbmGvs
z<85QrjXCloi%xvZq<NPwVDqIGnpk+&Vp)4T+}8??n;a;`iJ``6aOMhusS<7ijp$g1
zB&`ZLuJ^3_^{H)f$dJNp-Nc30rTS09cjw4dye!jJFQ9;kJv*S&ozE2k6~XDkGRO1U
zGO9q{BTgJrs6%DtuFA=T)2lMQ?6ur}NPH7FLH7BEDL;NJQ@Vd)kveilaD@mgSSn6F
z_;a+u$>j7WfVGS)w##<il1$rn*d%ocx;nt_7_wbFF){<PV~eP`SMM!H3AhtpQhqh*
zH7Num$!Ri<YABB*`JPtE77ms{AV>NS8zNk*d?(NIT&WjVT?ty%nP>`oTs$@*T-&jr
zH~<m|S}5q0qk(g%6_$_HE;H|o8d9qYg2TDR_F+}yjpRZrIV8nW$$2=vX=vOc?Hzxw
z0JyO^)K8E5-US`tg^LK@N7UcNHwq8fXQLmV#YW!fo0ko8;`0478QEo>R0#beRvKY|
z&VzVs<M**cBvfQu6eU4pKkB$`#!wMw!MtqhQK282!2}$6t5XpecrGSLoJIUc<Y@Mb
zG7>OCC14yg`!rEi%kxMx@A|1{1K9I8M@)!2*-bBsq(&UAM9+@Q(aJ!a%-aXkb18>X
zrUkTr<W(5@nocf8wvtE&ugjX>S~d+!lg9d7<I-!~P^4dySdGqG&X)#-PNv|A-*p>r
z)u^Cuc2BoC1M%ge3!GPevKdd_({ue(DbqWANK+O)=e$`s>0l+N{8SFB9|0E|8!t{L
zy^t@o!9~f$o;AdI+*6NXD!v|eWdODJXrhUh=uyA3Ihf@nP%d&7SsZnZ#Q$)@?AZE`
zItg&-%3I*KNOf?JjdP@tC^fGlPRpGg;%(LiW)9i}WkhsGw^M)Q{u5K4AR^P5REY){
zTS7p@3<tN&zdaTphB0PSY&=Awqp^`OdJzCmj$spU2ZQzky8;YWXjI}78vyS2e_cOq
z#zsEr1&9IofBkpsL2#Kyr>9v*aFGVS(;Y@!O@$_XES_Y27JHJPb5#0^$6D#aRp(<A
z_6bk26j$}n@xm3K;>3iDw$8T%dM;jNjc#nyC0QUF7ObG}#sM&*1;b<G-G7QCm;O@`
z)Pb9>_Zy}^mHQ<_f)NV(J$mmH))AEjwNy^3gapkzpLP*9p%6=nMw6D|bn#|I{z2<-
z=PXmi@%IW}MNl`p!b3le;&Pn#m`rzw*V>f9-PY(c*21ExW=Z3<NB7;VP=S(I{S)rw
zjAM%6@C@x~w%{Zlv>~%M|LPsQ+^Mg-Br>4^WFO{JOJ<2N9Dljl&6NIfz&6c$m|1e;
z*D;kd#1c(aaZgid@$|RfO*9B(wRLSH!fPZYd?@!}i~RQLU$pA?lb4uSx13(4qp=<8
z4wFLHPZN-D!s-kuxD!o-cdL)qF!Yr%wtQfIc%TS6Q?Xj-;NsjVJ<>z}@cn*PxN<|h
z2tHdUmW*vjuZ<d8hWn#dR`dws-7^jETizk(HFIw&0Fpu{aOr-{6vrc3!d>H}9;CaH
z@|pbyu}2Orgmr>mgU7AlG|O<vIHR45%qL<u>PRBu$ZsYqoRw~Z&zZ66+~_jR3+zN4
z+L;@;dmJj*`>}1@q(9sFK0<E3IA**F_ut#D_sXXDKE1gf>n!qS@muy7I-+PnTb?Rl
zAfC5>!Eaz2QCbeR{4T~G102Z;^*dYP1Apo&R=zFULeEamhtq-*b0-bSH_N#id7jHt
z;l5SONr!F=Gy&kEy_D)^GHDktw@myOwCjubt6T@NheGbz4u{6ctxjPy=T5PCRGHN!
z$@o#c;>C(&$%>5G23~AU+C8d7D=#Bu<#%j~GX>c;#i<Xdzm)P-NT65fWvG``yMPFK
z24@sGp<SABXM#mY-l8r)30um6OQy_~$f`bllLs~J+e$dyZSD};x&sZ<Iy4WO!pQs9
z5Son0&_pr9T^4iV5_44wEgve(>85YaoQ|^#E7}zKQJY^{ijp8^$e#++r0=%E0?(r#
z$|%vEW5Jg2q4XhaRDLo#vQz85qmB%Y$HdMvv$ek5uEeITi(_V6Ya-7QzW7VVNwalH
z4Px_}Xp(VqL4IoC6OmJ0)P2L?SrcPsVwAXQjC>{yqGNwSQ}Gi`(NFIVV>0t|e@50o
zX5JLUDO3K75<TaT$YcbxYWURQNtppH<~{Q|p)V&6{uy5!(l;09+23|bMqbA9n>r*D
zSMdwW!wb2c-v+=72xXT!pWSt>lBXMCIr7@PPe171^Zk`?<Ih^m<go7=Ima?(koUVB
ztbAvJNT|!2T&#=?w933rdF5!a?m?|^n1kms5uVP+#pq4I`dSjLn>bv7{CuR#81^(?
z81{?_+7?EX7(_JW(@%US<w)x0TbYE|9!mXXl%>EC=KeOM0iX-sVQ6YmJ>%9<V@NDr
zOjJX|@;6wj=7IDFkrq&o83%kUxnPz@->734ch@R5g2ULxZtWz-+(W~L*f=>GJFvXs
zoH9XrdM2xEEcQ3RZ=VG|Ymc)*X2710Nn?dh>*bY3lycnaQHv0Bt7n>n%Gz4cu$L0o
zeiAnrYA}oc^j`eoT=@F_kbGWB9gw!1AVX3)4<|1JEwgp5QsQEWrLs*2oxjPt`C_wi
zBlHG5<3rm5-pM)K7MRUHAR(+II>NKQ%2}mA(<UgTKVEE0ILS0QB(ghPtv_2?<|E4g
zc~3SvB_u$aC3e_KIY;jnoBHLuqa}!iAJfbaY!nB3XoclAsHhmm=v2=34e}jNrV|kw
z#G$oqiYF1)!fS^BfRV)v+*d}xg8vPuO2q0Ox-0g(3gjL&$NaA})&KPop<GPR;+vKo
z&w#OW4^jEG($Pw5`6#cLeu=8)wjt}mtFz}9+7TgQxzE<uAXBgQj?zv5AyYGSRBjYg
z|5i`@x11PMGa6Eo0mIyvpwI#hsW}#;H3fs6sOn6nkMQTxdSN#7djp5Sk$|?D>|S7y
z`Fp$%7m$-+H*aulf&QH%3vfq7z0d}MM3ol^VMt+#9`Gesp@*Ua^cC+hPw|3UCjE9J
znAR7h1zTP;w$yKPU2#;TiR^7Mn!hx>G5Cbf?pT9Xj*({b%Izri^a{+o-b6E#0m<%_
ziq^mqgm6*A9%DBnri}1jspnRPQ!rXbr1fF8;Nn>VT>MB+2oGkNgK^GFnjSZ@&)|vj
za<wA*isfz>5T|z>?b8JOLt%WZP<+p)BFlIm6S0Y3l$wVejnTl<&4o!V{e-*RZjL_2
zba&`k3pCe2W%^vOhPZ6Nl26xL_Ex^qsN@RsxfvB2dfj}jX^aZPjsAO&w?XsVGNm9!
zU*@FVXA96peKwH1q<P%8R{iv0rP$4`Y+{uH%d{TL+$5I#_>1N;=2R`7Icx)a>^=q!
z``BXHYJ(oPDk0Zsv%LF>`_q~!cbc-czIX+smnK4)Evd({{?Jo#E2l32jFUBdfF3PO
z=I<)&_#o!+Ut~yx8N}$dHWB}&btG5OR5$?K4WY_T{;C9XpN99gmea;o=Yn2Y)-R-1
zJll>P^~#pa=*RI@v;WjUN2eR1(N0p1jW_>6M-G_;-6+>NM%mGj+eolaDw?MLX$n3(
zN{RDQzG5RTDJ7jdfdpEZvx?b{@|w}NJqGO!b3SLgNdBF%p7s06CdnidND1gyLR%S%
zdRDl_!gEVTA{_31|CObNcXr<ez{9@jJr1z-+OIbd$2Y9jtKd<3m+qwY$L}l6>P==k
zxP_7d+kwspI$wrzHZ~9&+wxpxHcL3niGL##oGk6>f0_^ZM=A}RfJPKrwI$J<{!|NI
zV?UhM5|9f9Prp>?bCoT<y@8Fq!6*uO@%<D&o9>kO%xdRuq>f%YlUs^uCKQ;QS3Y+$
zu2V)Tcmmnsv_R9fSVmc{N3QJ~m$RGm006X1ZG#f5RXbvxy#IkXb??msK`Vlptlcyp
zIx(TIQ>Xq~NW!&d*FV~Xh*PqaLRMb4=JNDz>%FvI+<T+G1S=dvEG_0+-Mz>Qxz<6C
z3JP6KlLh-O0zRzsr`VbYV-n;}Kh~{kr$z*R)1Y=kvYyz&aCguMI+feNot%+``KpZ@
zX=d>A&}?jrB}_K3%?%(ky>Bbsx64Yn6E@qzw$JEg;&}PH#ks;SllgMrdkt{GyvaIs
z?C}n@!r{;fy(z5`i~({V1)}htE>j*fM<X^xQ{K&^aJSAfbXK?7c)xgRoVXqS&hZWD
zdbbg7A>L?_%6j9?D+t&e-wHw!-rMCm$_Uy%Tf*eA6m({r#^rY#gjraNIS$FcWB`iU
zNcU#=RE1BTuCRa#no`7sFS2pmdKD3v@<*G0(OGNdillxrGK2R`j4kL3JG(QT^3nl%
z^Na?`2C>>eG##|@GrVgR9)cjkc<UaCghe-&#2lOu0MR4nY9dRKb;ox}ULKSLIPs9a
z00JxmK_(k+%m8EzW9SWrbJn5MJow(0yB3G1W^pv|Dn#Kj2sjKxWA}Wa9~|cv!Z<`!
zmFdoQ5>_*tg42CHjK|V7UrO}ycb$Bws4%ffHXe~ouz~8R$K*7(%<*DdR0XC&E}yLr
z%9@PEeDR%~<wPrq7ojor1v`%zW(Xu1D09<^&EU*?_1;Qs8)8)j8juq!o|xf3C!@hB
zR^F~mrZu`)EbL{xbP0XLR?@}fWc8rb;kKG}q<=#(eY^Jtt0X54>7*76a~IfIcxxZ!
zZ~z^x*Kr3i)F}~0HbN$_o=!zJid6|kJBJY~K1jF=&@cdG<GmjP4eZCt_l97SAS%Vi
z!Q#4YrRq$^b72ipu(1<rzm^Yub)N$4A>0X-_mg2}i#2x=D<FAyn%GSzm!cu`v(NF~
z|9()`LuuiigzpW=^AB8_1iVDG{2#%{1PuGE$q>X59L$uVKg$4FR7n*;zpmjAzhf;r
z;GmuEB0|{OEJnV632isi^uHh2|6SHtK#L4TMZ7XzBhc>|<tkXjrt&KZ)VP)a9-KS0
zA6L)P%*wwTa^P>sLHCR#mw>|Nzq)4}&gbq~8AnS15dhEZs6o%jB#SDxXeP!wd)T&f
znl~LPJvqBb__FK!?>t5Jpr1NyEp*q=;01w7!bzRV_dj1~w*}{Z4hXxVH0N4llm%a5
zfGARJp(Mvq-COoTj8grs-r=&%;p2D2u)ufNw_z_$>MOP_VZXbXTx)<A7XiYG6?T&w
z2zJjr7jB(i3I+>j^E7nIt0vpCvwW%mFkKFx%;r6KNzvY(i*3-Z_3ttE``m65WoP-i
ziB{;uj(C94w7{p6QKN5kr;yVsFby9l6A5jOt`eIpR8q?(d7dQIO`1SEnt*g$q3c0F
zOLU}IV}rfoxjYJE$K}{6k_M%6!xl72!f@-U1bGNHa&WdL(f4Z%l|6i<Q=2q10#8uH
z<?k5h6cy%YF@v=rIRKaP60m=)H3(>DeoU#u;%&-y=V{SxAfalLx7|a%+Sn6QB?P%*
zeK2EwMYv3`L1#57rtQE{V?uAQ)H{R*Dj1*~y_Pt$gTA@G*QDRSrCk>nxGakSP?KKv
z2ncyx(4o>iFm@zH^xH5$)5Q`}_CY7wB(j`bxc&r{*s3%@$f6wz{(E+^-!atTz^B*{
z(B!8&aHqjzK({N*WC?bmVLuU6{4=lADi~US96vs3bY-n<X>1vBx0Jv5?T5DMP+coE
z+7i5Hxqp(|@b(g26X+T<y{mSuYv=aaM8Z$XaEZhE^?UTZ2WvD{B>}BKE#MaFX7ube
z)jDCE#T5#d<bf$R(bYMV#$ZmP2Z~4MC<Ga|VuR0U;SyJk=uOQl1L0hsb(1mr{`y8o
zPM6ek_!qv%{9xBo1)4HujPs@t%l?>NDslOG()(-os6K*o6*W3_pD@=F>oZiuT}JM8
zV6n~2i53A3!K@fqx!OT5-uk+_!hUE&(u0er8q0_-ri315urfx)7Jjn(9kObjKD0%3
z6qfOhw(vS@G6V%4YU<r5yZ6X*%H6R_WH-NJ6B>UI$5tfh9=FHe+Y8VVyz;JXHU5z=
zz$D~LHNzQkrJ&cM{A9CyO}VVk*N5CvOQEwR?d~zay45x2LrMIOFG#HW$sx>hAuXOi
zLK(QKUKsW}?)&Y~E(TK9J@!;Tu)C{FCAw5y95zm&Le@x65P>&}HL5w~+5%#oR;y1+
zeR&j*3%J5euq^@-v+35FoC{pjgd_QFWb*TF#<lv}3|sy`Q|zYHk{G436aGHIdcyyw
zQt|LW9n}#@Ij$RhsTscX)oN|vUSdZ#K<w<h@t!Z)L-;VgLdsmA?(a1wTxOcATb?=3
zDdl-}LI-DY8SOHr_*SRFY0v6U*2=Z>QqkC#tIQ5gAF24#O>IMpK9uR-B}4x(x$Yt#
zw@U{H4~c|+e8++jw_#Stv>vu(gNU89{zGxX&0m{|^FVRAx1RUT4^60(=yzNS(9Z)K
z^!uYMrA@L0N6ehgrxpg&ac)noFuA?81???a?jO5%b*E&>zU{?BI{qMvlR7yK(H$r+
zL(jh<g4xUCP3-1-HTBr$Jxj%jthgT}s5+zrg;?2Av3fZl-aE!7g2yUE!tHZzS~^@c
zkXFR=h_W2}qp<|NL%GyVs24VCqeRK@@ODX<UAoi7<UirsN-}fy54h(W0-fC=x|!0%
z(`Z&TRSvPUsoWRYs4Zv#j1>SOI@oez62GHHH;M8e!A^Y%I15j&kdYH3+aX;ZmJn}T
zppSWbv5^{cqo4Q`aod8=jxOWP0J5*`VYD$Gn@tg32bEghUdfSP+hX?Ou1=J~8`|1v
z<`+9lWPA#DRdB#Y&uti@BWo4Y23TTv2K3t_J+ch{AG%a1vx*9|dm9GEgiu{}lTjjF
zj7@HbVWFFpcm0)R|I%#qyn*xh+hy^lIJYoMf#vsX$3_K{S~C4Nu?rGFeV*TQ;Qyho
z_FuoH{VbJ%ZqY^##8NC(i)6ndGDFs5NxUo;TSbrwtlBCimZDxPnBxEIU@Wl3!~;F3
zTm)_>a1;!n|HnfX$WocXn}YL;FduEPV-z7Dk6W{{N0Gcs67$>i1&hQVXDkbgY@0NP
zIi~a~?XY2>J5PDF;v3|KYbU;1p+Dqia;WZ<OlT%KXX{zHQ!@Yheu{;3c<oJ-8auPR
zO|K?iQ>jSxS=Q&a#*x+u`d8?wz$}{cvdr}<6)|tU$~uq+L`4D6o?&|<i3peAMt<1C
z9Jwsrzt6X1hRJRk64#Z7&{m&wHc^gB<9PlxY&qszK09ALXo}ekD&l)Oj_OL*Xl!-#
zR;jkY=Mf661>cd}A*{7(&bvp@`$uTVyvs08KIy}5Y2md40G1Smofxrtwutp|Q?y7|
zZcrE6DB(^Cp&e}^GZ0ce<DD&^H%63(fqcXl2c+6DUtv|T1|B?`!Ul`XJa<{UXjLbl
zbKp~z_WH#urfEKPyK(<Gl5n!;dc4ukoZi=5B6P!<fknsL;9@O09sN*m&GY%G%jy(2
zZ^Ia$W2r}*_0-is94qd6P0szN&ZF|0o$lHs0;zS3*Y+K_7)p8!D&*)GrWkReHIc`b
z*u0&C2lC`kmo4v8d7V&NBrm@1ESs!5oJjeWH0n}XAP>Q$JaT8>aVc`VND2v7E*+1g
zu!HZ_NHZj(`;i`#FX5C?X}jIhWGrX`D;Vg+-IF0?WM|uSHgYnu#a}z`7>0!XjQixy
ztYsU^r+>o~Y-klbdRCIe4qqL&`$U*Z)OO`em$9;z?SA%~1y4(U5dizO{RJgD3d%Bl
zb!qp<dUryD+Iv4C>E?WB%Xe>E%nt)wgu3uQJ;|9qGyf#gu{+<;ISG$Axu7Yc+c?>_
zs9D3?bVT2lo78RWt7rMgGMQ6}Mwt71e3?XO9@J0#5I;fB`E`L!QOtQ~ImGp9;f)o)
zeOL|M?Ee1<dlRT8@~z#wl2k$w0#q<z60i~hi-^dmsHjyTk-4p4qJW}^pn%;9inFar
zm|_qG1Vx;R5-`LWwN=y>5NyCkLBXljqlh-r-L|OM>QVdqd+z<d_1*V9@43ZVvS2N<
zl0{PczxRHg-%~r_)k65*RuRaEZt;fD)(jobpMg%UyKvJa2tBLjguf!==DuL0sGp6o
znw|bnyu?ZvG|CG2)Mp-6kU5uPLYbnC>o0Y1{r8(-KN)AUSh3^)t2HS6^N!G)BqHcu
zx(ye^Z|685>B9j|=8S_0AXt6Zs0Q>Bpb*q^-5(8DKQ;u_wZiG!Yee2ZU(e89t@Q?5
zhM7Z3q}`yvdOAyDU7N<eA*4|WA=La|7R{O#!Jv-wPSIuHxOYEMgs$sm?YkR0TCHF;
z@&LkX6fo>;k6Fu9ElhxUw%=3Wh|k?F8u7#BKNwDE<$IHp;-P9s(*rs$Z<$tcn=cD&
zDU-7vZ%V`1XO%ajpMK0nuK?F(<U`np^Pw)kYT3YR^~hVzmqboUijYQ4*xL)i1r##j
zXqSB4`d3Q1D}&SaL1q~`ldUCJD2$V3K|cke0e>Zmvy$fF<<O#U@}TcS)asq%ZC7RF
z9evVDj=Q3#zj1fjS`MAX^v+gHzW;G0+qDKxx7LWQrtE2k+x^+N;^c7=%1&w|9V^y7
zRf<^sJy>ZQx59NHwEau3*njc<Be{-ue`+VvHegPAZ78<w!^RF-%9wYmq(@Af#QwNQ
zy>`Q=F2`VYkp!|D;X%q=ML*OUL|2!pQE;p&WeHrn<u`^@mb{I{$calrxvb4yQ2lC9
ze{!@D`5QV0a?BPB^gwVC>E-F8Cu_20e6Iveap+OD7iGweO;r|7s5=Xz?Oj8}(`>XJ
zkADKDH9Te4xK>g1&TI(&8PipcQ;QE?N1d)<1!r=y2lNi<;4Jb6<hhJ^P03$A5hp!!
zXh0rL8q`mXaFKA2UJAEg9t3uwhDgh76@hc1eH!$vl2x4nloZA!Cm%G@siw;j7$nPh
z-d_;+Rp8CRG|-{JzFMb>2!wl|vPR|H-#W$dIfdOqm)VyayjG_W>(Xcw)?LFg;;Rrz
zmV`Al0%!?}3j7Pr-;|GOhYQH~!Wz^B%N&Sl8QgER$tKSAHir$4q;!{37E+8=4C*HC
z$maCZ|4kAAej&2sT||S|GI}}x{(Ph4Bj3RP3NYIyt82kTU^#BqHZ`rSW~zTMSvSGn
zGhwPd(*RB>=Lw~n{EvngP-cV*9-)|qRAU;b7b^IGvA~nf3hjj=VXU5(xqJ&sb|Q<k
z>QzPRooRl(RkmF`iw!i%C>r&OT*6ppv(%!0J?F_^o1-Y~ppjce<&Nmn>h+W8TzzmN
z+iHYb-9|3wBHC*UG|877ce{-}>)<>fnA&_K5QO;JA2j3M$v-Hlm+@$EoQyL_d{L_6
zP9oU2K`|K`@*acko@wUpZ^OTsaxCB`wUlrv_Bh8?9?qn!noSPbI>4zsI+$YnERYZ@
z<}GZKSL__Diw+Gw-5k4f&r*f`qws>EMd?I`_Artnc}e9j=tZheg5~~+&vJ7_>Ek`L
zuhTSN!>NbA?7C^-g>+{W{F<r)VSCxWkRTk%EooOJxL;XEZ$<}T#XtHDwK<r{_hn@w
zbjhc9))+!%H?-VnzTB~%@y;1@%Y);XxkYVz2Ur0@#IpS04ykr-UYBW%LofGi@PJq;
z(LUBLco%L=%)tU%dquna4WXCiCfXsDd$s1b>@zsG911I=&jA&Fq$ND+mW(y1*FH6h
zzJw?kpZo!*sSPW_i~AH)R;kl?ezA<8zkxY5%E*17VNW@iseq-rhey)Pj;C85_Q;yd
zRyQgo;nymw=7=Xe)?ZUf%9O&nnBQ_xsdFZzkVOI<E|?r81Lh{q`fcvmB8fSb&lIJE
z_V#p>iUKwC`nbrR{2MA#lY9M$B?5Hz9Y)e}+u%j3bI@gU*vd4sO(Gfp8UyJ}e?!r_
zZ927?(^TWZZTUEVpp4Da5oyvvV<%v3X7pJySm=Ia+zv&$bwZiAc9~x57P!4syJ#F}
znx2+Z5#wuIq$cY~Ko-)!(pmQhOIb~u-7*UHlY}iNl0NdJHHerv{px-k3YtV$nG{k%
zIzWG||5)?^D-TKU6)!R6FrI=d+J=U)mbN#Hj;y%82(Sw^K@?DbZ0J^{>L@F;?+2ya
zC1&hvWjr)erHtcwAr-7ol-21s%CS-1=wg>N-Ssws^e<ey`a4SAi&RxyDn|ANJ=by&
zv*pa$yOhx1(DFcj*IGKkXOIQu6KPIs-+*MAwj*Yb<d1aBdd#o5){JiSP=(imebXQ(
znlBsWF3gc0xzAFh46Mt{)_A|1TqZ2E>C>Mbst37C)=En9YbD*Jy?IF(u{nGRBb~pL
zY!WS5lohKFY*j|`)X8sf#d3AF(rs~Xw(lvdyd+^q3cDXo5<@!5w6kBE;X>zzS+h}W
z_Fts){M*@fdEL=fTWW5>HV9%^H0BZ&I=dI%a9558OJ;4KZ!kc~;N^Rq+tenJ?0rp0
zVBfg?zJ+$<z{kET;$<OIwdgh9%hy_|L3JzRH}R212dOGDSc0=^yy;w!&*67yNEsPk
zk8}8^q;SwWlj+rcnS`@jCAR|k4Xn2(#dWyE<AX`?tFCNzxNA$U27A-P2o@h>s_oZX
z62H!$jQOQ8`h<Gpw)a!f(6D+u@q9g>JUT${_I+Q4tVVdFu2RwanzG~a_IstMt7LEk
zG^(XrjCj)k)W49>gQT;XV!<|Cg5D-1jX3Y(lR!KUw+>jRjGQv-x%Orob~s+FDD_tm
zmN47M`QED+W;;LO7K_lE8Gt@-O@LSUVo-m6*<(}=wdbJ`RmxyYU%f5T3PeUCl+*Ga
zW@j1S1`*!ZTETY2Qp{ErX#$Y}TzFbq)tY2&W9dH_oo5-bjzH;5GPT5xZ48m|x%*hq
zWrdJB2ZBxk#WnT0u}IDGz**zWdEj}-YRAl%i8(G*JRpahdI)txoiaK$5{b^T)6P39
z;_o_1cy272`K*ccS%F#RqLFZl2YdfvX;F$|iHmCXK|M0BgSGmxHYpFfqqmS@lQ{*+
z`f%$cBV)z5pXZql9r}w9J=L(9T&VxIVfg=j2c~wP0d7+z&OWMOMS{%@3mPJ_N4#h1
z7MF1V4WaIA6Z^YZQ)N!KQt%c82y-TTWfPhsMvMQ9BKuzp9xnvRVGJNdnH>26yL_z@
zvFe4g`nAqy$<$&IVzzMSrNHQvNNp;sOY)FCFh0;$4}&uCmE+$4rGSdT2R|jUI7YB|
z0nLn63c6DbwAS+yf8A3>MF8NX&1>T*Pl^cl))@aZ*g)p5dzYt@#sm5@*N+j!i_0wS
z#%_%(+*rKyMH}Gy6qrw13<nwcV{j6x0~!Tr2{^-_Tb3GoG|TfoZ7UrpEIeJMzSoNe
zC=<Dr24e4umHlRi??fV&z!Wt^I=x<@?`np6x#DcXa&cay#UJA%8(0}zkP&b1p8yJv
zKK&Jc?8f#%F^4SaH=S3zWAi-}ju&L?i1qZ*O$KOU#1Of$Je2=NuC@D9Eed~Zpm{5F
z%RRuxJ5MQTTr0zt^nH|B{KZ(Ul}Tn@d8c-?dmNRhB1X$zd7vmowG8G#qoT6Z^y)2g
zQx(Jr1pWHfyoKudH@h<?JI^iBILIsxwb}{#U8&i0gJew$Mn}@ER~X#mxk1~b5fk2h
z+ci}1xqx=-gmBk&wBY*?VW7!rR2{cV3WqHpkRA@n=`#bVY02`vjHno;JiP~uw?sf2
zW)eL6$zON>MsesImw5xianRIy%GugT-w6V!fS0$aSx!sA-o&DCBjtGh>33rLxRFu;
zD_2|_?Ju=)3qL$cBZN4A*}BuvYMPpTavv%ntL50wQEO!)>*`mj+@R_`bZyi<6gmTP
zR9~59o6w{lx%81$8E>Dm2MT;{U}}n?q+i=X4v7SXiXY0WY@WZKj2-pCPOa*N1a%9a
z8>*G5q*W6DI5hgA5-!BHF=AK6nuQN}#T^jqL98*yVdLV@s##|Wos@pb(zPbdsNQao
zUDoHD<xb=`2WhqQs*ctXGj{umM79>nmfb51M^}<z8ab!IJ-)6+C3k7vlwQqQ<FrDi
zJACinJk|cmAEZ9gBk?^{a-6P{f>u{7A6CtHJ7glpi9?EWri|j%%TDcoP!vYc(5taw
zF^Mih#$svb?*oOSZ)O<t?v8jdkz4_}{r0MkC|>p5v@~7o3-MGm(ji38x_bBPQ7!IN
z7mdn>^TKmko_^g*$-{P5;Ov@vaFY8?8m26lmc>Z+)rb}gQ|t<EFf7;WNs~Ezql$X_
z_LfHExC`TXz{biCvhf|FZUlPw;F`?Z?>T^h_l!6lz_EW^cd*#Sh^>C`CRBCh-0`OH
z!&t#lp|CP0c%>%dV@AGsaxJsE#Zk$Ecs3$la?AC-UGi7+Wp(Vv7G8><<L=9Ys;F}%
zX6+xFht)G~PES!Mb+ClBW*uu=op6Wa`7>f9DJ?iFUejHrmXF+WSn8R0Lo7RDBKD;*
z)ze)ysg8SMdJ<(Db||pEnSec7U+lpnhJqd+6D_>|sf%z#ZN;*l6^aj@2(iRBO<&w>
zF-*zbM<5c5=g&mrt!E)89fOxC;l(+_Ty~;XY4z8%o#f7Ci=G>O>s)&5;<sp`>mnXk
zae`|178~Xn#9NdS=5{ZP-5FC9Y!W;eCIUD4w7DMlX;t<}{|fhr?hOQoc;{2Alrx4i
zM0RtFx@XhRil!lk)_=5%9Ro&apmo^HZ(o<GIk&E<sRHPQsuRXm;a=>m^lppyRqU4^
z=>ym1Bc>*iSPyQpIRVXxi;cs8o|PCWyM`v^@iKy~%vIK&<$3Ju+W5V+FX=BFl*5tQ
zFf+f3gPV=3PaZpwPj9WT5Ur7y!j%}07jlt;9CD%0C+K2#Mmxb<fbIAt=(F5w*G+3z
zB+O_)lP)W;E9cK>DBUnVI$c4X^wDp|Ng}y55?irWM2)!rT*r1B%P<f$Uc>qvL=;b&
zsAez!SQhJY2}Q)W+dPmIHh?p~Qie_nCTbO%MXVV?ILnZ0naTx+e8i5a>eEp=OwN+&
z*nva{8al@fH>F&<oNZNN#z8ibHt3wctSeImafPuJ9jr}{aQMn65vQt*t<-be`q76s
z)UhC$>KeUEiGS4sv**faW}BWLOn8Ux!2+3GKn}JQfG4T(00if3w)Ih4>?FBPhdwfO
z>p?oGVqvd1#a<$Go_}9jDjl%7qWgD+3y}DSNZ`v*w^vNWw`AMz?E&jzl8<+_*=JId
zz(^Kk<9W!fCY$Y8#xy#>o|JUW-AVHFCQhelZMG83+rXnL{_BqD|NGfi4>+1yZAvDQ
z3&VEWSHy`7`s{OhZ?6aoDxN0eV40w*vH1Kpcc4nkQj6hiF}rO{6SOlI<WE{CIF5v!
zz8CshzSsk76M`{NHO9|We~q`cNGBIG(!0}F6e1Sqr0$LxQW|zDElGTZJpv0I*`VxW
zm#n$Z<Fvv&l_*j<>+P^r;@PYflx@#2sYoFiDZ8ne(XuvZiv8?nn952$#G%@muzboG
zGk4zIE8F-wwAr96F&NjGVKCoCUDlaxuA&L{h{I&s!bvXutw;`O5j6{H1=*QFd0kGw
z_3NL_oKxxU=rZ4EE*`s7N?ZaMT+1=f4Qa!gIUkhWkVQ6D)wJ7L>ZpyZiA!$NW;KCz
z*%O98+72+K!Yb*Q5__lP|CB+FQgnu>j<K?FUWXk?RL8BWQ*akNHlBLWY|!Si?g#tV
z%s$Krmu~D*36IoQ!IN?r=~<)nv_FUApq}OOyMee?L^)FTxSR-$D7a9=eM%U3^_-~P
zYSpn)hFT;TtPJ#X*bLjZ?2pX(IHt6qH(Xb0Ix<r&pJ#Ow<*)~E`)>A*t>+aB`ma{8
z_R_S40$TC59$HHKx|NBy*aZWM=qc<dQi#<v#e-PqbS_yvwD7Uk`8JtwUpnr+24-F1
zi^MtsM#ul5u+Pi&Rk%0-S7boKAS=_Y7l)I>#LD#V)g%{VM0-@+3s~_d6FNJ{WM+Ea
zsGwha!_@O2SBZk2yh}s)Bt_ubj}cV|b47&%`qM*)aUF{>gRr{+)F%2yXYtb0=T0hm
zc#CTX@Qi!J2qk%ADOfHduIfZ;?2?K@?xN{HiiVJBAtf^oJS6fzFgUi$%x7hz;X@j=
zpM_k=3OYmii>9iQoAyzh(!Pd!oKa>m%g44($*FL8s0yD3Hq6kUa#b|(ak(OpHPokF
zB8uY$9u8N{UcV<^!17+C;S9czYa5&FOsu69M3Ub#GbHfpL^IC(URAZ5on}HeW-ySi
zk7I^Ww^avLk_%Nh_bT>ifCr2LVSR<Q3trj{gpPT+M`p;%(A3Pxf0?;VyK1q;H~h)~
z^%O}Je6^fH1gt$whh686*&TEXDq=s3?m(74T*N;zWB-FXvtDbX>MR*C^0M(T@sr)S
z<CSo~%RS#Z*JIJJRq%7bEgL%2DbnAI8!${XTfmK#*jBf(GTd)yVkp&~70D$|Tzjm2
zV^2a3rTV~?Wwm9Z<DJToKOdWR0+NhZ9AfzCG-z24zQ<DUhx0-u=oZ_^W+ZB2rDd7(
z3boaRk&%X7*qrCat=$aWx}_IRp5_+my!Tsu-~{O|^$a(EI=(@g&(^0%W#*RlV`?lE
z*hVX7eS;tLM;`Iimd8wW*{EQ7s)(JEMM9aTgbbz@n^45W?yI4P@pNos4+l))B&?&L
z%GpJ1?n)JV+@1Sen`QgFu*N?tk}eutq~^KD{K*)%ewK8(tc^qzF*0Vi-;U4}sXu3X
zzqV_ND)jga3Sm>>sD4zpQvR@8g$Q`j>5P$o3geHAhtmqBHRtIpvp#?=3}tWZ8rK9F
zh-qmOJ1v>ZagyVT)-pxVfgYy319ld%2H|XqXwKFUE)x%U5o_Rw#EHjx;Xj$JP9;bR
zm4~|Lr^FSUb~JOGo|t8teGs-klKYjPL~)*Nr5$%<qoHTrMccbc_eJfnVasQ+=y)r1
zp(wH%*(HPHp%2o7GhvG#P3+@l%7)K(-3_qCxIrO;QGh2ia};){FoLm^@*&n~WxUTF
zMZ{>mjv6>9uSx|7rFc=jWm1f44i>#iB~4w_t<iZeBvbDRkzwi4Zo7elY$sN$9Jzl-
zZL$6z{n{vt0ps3cXJ=3=IAMghqlpJHww$YZK6)n~<K=cCo^ZryiP&kIfhGYcj{n_7
zm*Hs30*!jZJ?LB+7bOT0pxlUr1<ST0+<TlYYUgm3eBLBdfF^c+&0*O*hMZmkhFGyG
zF$+|V{}~PgCS_mMVpya_;MebattpFJh>iZ!x7sHxwuo)YqWIbYf!-gcF%wuXjkZ^g
zR6`*Yu41XF5awSB<}&dAU^D>qK8$foij_aSKiq4D6YPz6YvU_k<*NNA$PoBUIauJh
z>V!7`THt&yq0OD?TQVlim|=G_M_zMSA%A5?hsz)&q&Uul9pPj04c<w{O@zs<^)NZ2
zlMCy~A5EC!-nHFaX`b5Mk};>;R!J+oLwebNP78NHMzt5rAr~FXLwWN(R78M{la6#z
z&sE!WcbGCj?9|gXsp@kGHOl@wji{09Zn@4!$cfXa@0zqp-_%gQ_G^Rq%p1xjz>MFC
z_psagDy5sdb~OO{(@as1lzV~j9Sfk_9!0%8yWaQMq$DMq-#q<3KFOT3{zu$fa1l(z
z0I&>p^4Gc@G12E2b#_BC>#l?wO{flhR48{p&$3)++Av`i<v(()M07$gL7nH<a5Hb;
zGP0Iv?A>JO>_vl!7HX{OW$D%|mgP^YB!#$!?WwaX6DFc6aNd)7EerxXe49Utx}1ZD
z$Z&0!A<Jc-Dx7Cqs^9JR+^~S~V7~!s`~AOsX*Znt6?kf{Ia{OLCI)kU=*ktUc^en_
zd{gEqm?!l<+evxfe+b>pCL<(<H#ZFx>u1CO`an8I&0BGwKC`ln1L9`a${_3XgJzq?
zJp(kvJwH(-uG0S2jsnoA;ORuYc9koD7@SvibDR|Pk!XHd;2NKd44{ax;0iaD0$&rv
z2|j%}NGYC-Yi&Ntpa+&CaIYjAqqOnypkdms$pLR<{72fi3_rA8V|jKA!R=wY>TCC1
zCs_y7VncgwWoBsDk}eh6=VdO;n-{1aG_sw#MkaJ~SM)q@69u$G1%BVD)ZZsOM3Zkk
zJq-88JN{*p$k&D1F9vA^t{UZ~F@I4|5^<)(Ic?#4nYr1&1B3(L`?)ZW2%c8L780Bv
zx5Z&J6s)F&58Pw#sAjD0=${Um2p_nBXj`2hq?BF#NhyxAqbL1g(Vif1lj$0N?$A5g
zt|sG;4k|qFl(Cyjm*TKP8E+>SUAev@#8oh3*O@ahv-a^FgElNjVAA0|UAD*Yituf0
ztWzS3(|fS#t7rBWySExGY6{)a3re}HzbmF+I$GD(jIZs64AQN+)^P#d9bDHo>pnn~
z$cp)z`+#m)A5yDb;o`>?hbLE#_SMbOsF3uvB9=Hjf3(@So7L4mVA|~*)a^by!-g*l
zXarz;p=`@C7qzfO(Hq$KH+1e%hweC^&db@q)##YxI3Pqr)?&nE-gCVxAtX#&T{sgr
zrHiW76)AGM5JrE_6ARp4IbH6SN@$x7L)funGVRsV9$oUdy+@3`t2cQY+Ml$GUiv0v
zPeYOgM9vb$>BX%#f*&(g$r3oN$6Qsy=<TPA)c!wdppzKA^<IFckSS~LigY@}g{GVn
zpH-_@Vw=rLZuj%VHUan3G=V!;Q!`wrmGOlAA}S|TZMQVk%#sW%ThiYU{>{%jWTEE@
zNDimNti9UPP)Pq#x-m9KL3QXuBZ0?w6>`TYV+qQl)}Lqcu8%JTuzG&ueh+->RmzIf
z1hP6K;Tg3HHK9jOlaLL-3a)r=tT?+e7k6CQpyvq>Gv#*aj2@kmu2j3*Pc(Brn0OZ{
zzJ<HR8*(g{$b9KhCAwf^8hrrfff*AFoI3F$kNzH$^}+;;&>2{8%{tn5@xfl`XWCh=
zcO0Ls_I~PUl)+IwSt{yw8YRo_*G@Ygi8yDS$P<~obs$p~+PZlac^Nb_XzS*xYz`?@
zBLLk0#b65GgxlO>t)*ssYfw5qP*Rq|{?MVRl=nk)&h}D+!EEr?n)V9iE?GpMZq`4s
zkh2Q(b9mjS;)I=|>F(%Ma|I;qB)GX4Wq-`%R_kr98VaH?koQ}vOL}k)o7qV$S%!Fg
z@zDc8g0cQ@s9w70voOum+b$<quirSRjW2v8jBM-I&WokwNTxP!8^SYlyL{S4DEP=u
z;<5<3{sre8Fj|7tn15HCfWj>QglWX!AGd{sd!b4Ex!fZ6YmItrRBD7dG+1dE?L#O>
zi>Hh%FwK<CAZ)FW7(o87(liFsYIReEavg&5xm{sCPkcFRGC$BfAGXEhZZ6?XW0;If
z<Z@vnc9!%3*fQi9_iM3}={}a({4c)^{1(Wdfxkv?#AG)5Op+oW9)c|<)^oam&D8s9
z%0RWc#o=$rXnvava(Vu6S(>DutBFrP*j`e8>um8r&NrPO%g9TSjnn5i)2FW$HDex4
zzjbrP8rdRLn8xW-+n4v5@t1#0#<pP>=;MA$qM1c^qmzyC+;sH}+o{y-MM3@mLCqY)
z4OU?A;(l(E5yEx@BL7IO!cm8hYGt1TXM2l44m5(&W_ZfXE;4=3PYU}fj3H-2IQy78
zSK0c{${eGZgNAK0;WwYD52pj#awStRx}irQZ{p@ZwHY)f$Hb^O+#+1BwPY80ut)uD
zcKG!hQ{kr?$kHhDj+6+VSF!VD`V-P|-<a~Y8=0TJ^PrL%)%S!47k<n|>ddT~#ruS!
z8Q*j-2N*We{7Hz;4mO+LU%2q2A>Z4|N-_ss(7VnnGU+F~Erjj%c9o*wCJNM(irFvs
zRx=>Mmd$!>ItyWEYSi-IwU5{b4Wx2yncV$L%{<nedc85LK@ud^XbOI3;CNNSAlCH^
zI<?L$vdyy57k@IB@OCzEE$|^SVPiAAgOL`#yB0b`xv*QIsht_RE!*tnrp1p9d|$%)
z8`D_cA~ljmwC_HaE6`>asAof+8HOVYT(|5`J=fouNLB9KB;z~X4L|it;d8Y%lJDiW
z+#QOO!;`H>HAqkO8S*^_a$_AijMezTqrEI&k?_%JI#sDF0}pEb&}AbvXLw@|y7|3Q
zyzs_9qqoC?Xtz0XJ!d3su~_`YWWN5%3ItnsZB|mpX0D^42|Jp&qi+Qs!RQw$s6%C8
znSIRCZ0KglI*?2H!|fDa)`)Vw`Os&S1--kpP~d0;X4PI-b!<gjt-<`etSvlKIYXRY
zH^8)xTOjh=5OtteDAYasteV|(W-=g(O<86*(v^gjw=Df9?VwHb*}`sI$K+Zp&dDa4
zRwBuXl|+hW@!LwZDbMNwT^6DW%T%&!1+0ZVZz#fNb97;3#aGkzi9dQ3ffHnA_GIj|
z^}<y6KxGwce>iEy<DGd$jrANf{k%cDn&IBp*4QDFO>jZq=qB#spvrQ^_d@ygmj?b%
zu||b<9aurP1ro~y3fUH{NUbulcH?!k#CQ@QiV8<>AsxF;-_b*!Opn6kx8eqBg5Krc
zq(3GPREgJ1NAJHafxnFJraV2(EbAL@H6vsNb!Easx}GZ8oH0T5m7@_i+f^|UA+Eq0
zcG+0rX)wz=#e;@6`++(tcIjeD!Wbku@eRoJAiU1q%2H`tsZSNrAmy_tNNJr)j*XHd
z1owAP4FmV4Z3=h4(8E;dtYgr+VRlFv+VWJRmTY}PIeVVQC0kYDqBDWzaKARDSkCg6
z86AB(Kc?7OIvepr!j>}DBs(-RwYiN|{Z<+As+@gpxJ=!bL6?2N0y8x;`>vXixn@>R
zTAL{fMI9&WqKhN*l~%VuVtF;nK+j#|*!f4aP>NmnhKHivr<(O@zeDY!(Kqh^sKqiD
zYV=XcIuvuJxBJs%&PT-LxWz=A%C*%)Pa~OXf5@Y@UI$M#(K8inNzqb(COcF@NB|mA
zb>)O<EwO~vAkBNgxKCl|wb>e%btZ#_SiS$&_aeK_$EIKtqd$#>+v)8WpCdX(w%Vg_
z024sSGqNo|mCWo1Jw+wP|7%q?r1hdf93p-BstN_xtw>9`uEQ`ogii}URmM=W)Icgf
zP!olzepd^dEF!U)3jUT?${7V9DA;)bK1Za3_O_-g@OB3$6t;_$0r4on@s|U(fCfc8
zxXC{$EUbrsh@8nCVZbH5gkO6s51~NuC?JCRblwA!rP941@U)rz?+Xan$7}4ar_rP8
z2DI3x@>#CHCkMm)T=kfn+9*HV>o`0D!$V3IKCt8s){aSAU0+!9jPoH9k;RJuuu|6{
zrGfYj2x<T0g==+O_J9i&LGa?)zpul<Wa~^9mTP}qr?6oW*=+iN2zD^CK|lj{g$`iG
zfb?0W?RP^!e1S0-OvbP%8rukroLChg1$;X&#)B9l#6}DOT6E!<J=oSS#U3Khw}9|H
z+OwYghgI6Ov(C>Fmkv%>y`FvIs9TABuaJq;r%8n+yZ7t{cdmR!`mP|99G=X1`d~pj
zw4h&Kq!J_$$3?iy)7fgtl`<$?u&!LrY^oM@syN}~3hz*}+-0rFT9&h82Ov~msC+(P
zoVIJpsCs70_@}+-V!s8Y_%nvtW(agez21-uhMTBucW^YCVq8K><eV&q>0;2|mw<4y
zBL<><0B{HXU`#uQ=e$!=*B^%g^sxRl%K4!vRcYN0)YX19a(Y??8GZGKUex=#O#h5}
zF0Z!j0SN_bdbw*(7iAL#+ifC^&}s$8@;zp42`I&Mi>&;+Ai~bIMz!dNC3@`Hc~5?*
z?L#!_k$H}pZmbCS-icRuVOy?rRENh)6Wg_jE!9nTcR;z464}&0GL5%<vnD7U*%2Q#
zN=V!IW|=Gr3Q47SV=Aq#{t6;OqhxTxfLB0Ah|r#;aCEGPIn9SEb;GGaYSpk3tzlU!
zc&isBeCmcGfV7*(+MA)*rU~swhLM)g#6c7iTs39<oVLU)ZL$W(gBKfaDSUOyVaRGi
zvBA<OC08W)ZZdZKF=IVzo{|1zOgqE@{5hu(HShd@*3sbyQ|^P#NPg$csciZoxswdH
zcpPa6xitSr91a`9;$CoO;W_Is_b;gddL5B{(f5-v--E4PtO+2pCcp?Q&yJ+4&X*~Q
z!EAl(<=%vH_Q7GL@{qYLmwgARX}VN=a~z<AS_~E(kHpy*vk8crqkwuRystI77GnIL
zZr1QxW<?I+=FtvP?hTRX%uGQ3OMXXYS%WcA73H_x$3v91atWfOcT@8{_Obf`m|N$K
zYezav^c_J&k6_P@-KiA@HFzaVv=)-=@?Eh7L+b~Oc28c1*us<xxj)=4g2(Ni?X-{3
z&kHph7nu<QI#MqyHf(hs`<WUkRm5<lyzOMF2wUUFn2G|Il&Ovla$X%TWeHn=0u_~|
z{G$@Tp4K-Y;a<qdM$%tMB?H<wzkG_8@Vd^|;{x6C%DMuJrR4&`?bfpJA3IXpE^<lp
z^I{>YP3V_f_$*_pXV-{{T@JlM@0Ql`Snk6?XD|Y~*>1|!z5N>k#)6lH>|tvM+@b3*
z6VTJyW0mRG2_)R_rT!^H8ad><K(B4=|1z6M8s28Fi2RW;>i(#!=_2lsmhdz$02|%T
z6=FNtK^pX(c6gP@-TCIHE;-jaEs{a|mo`~rCttnC%0k#k{G%Eenp??#BT^jMxoq$O
zvo#|Bi;+?N{_VON1{!&$EcPE}I`_*ly>fiAYL?_vj1SXz$@*fKoKwp>qJAhwt`2|=
zdiivBo=rj?A)Ja5%_=I$GE>{g<I7ZqF*5`C!?;aTr-II%Uh_;DZTMm$v<qSHp&q6=
zf10z&f!r@;bmE0~Rd|Kos=Le7wAXYH^2`I_zA-(q@m)~>UQ_LR{&P=bU|(+Z(f(Zd
zbxX51vZ9Yc1u0L>+D*0R5ffpDdv!v=FZ%VC<AzjJK!&!__WfWPhhnO#J9NBddbbtE
z)NqjXBH1zJ^kA+Jij~7^t2NW*%=X_rfiKi>rkGeX%y57^sS7ohjp!I5xA6``>AZVQ
zd$5|L64;#;t}LEVk41^7+iFx;gHDRA5>GG5P_h49KBy~7Ym(FKof`6m%QEegr%i-#
zi@m=d4A^UO>6N&|uDMwInJ*LKP(h^=C1{py9__8Qvh&tHK38Q&O>(-BrmqYhFl=8X
zUXFO2qkqUW?CqD9ldcC8Ec7+%VxPiqSGs+{(Lb|U^PgZX^maH73!uY{GU7RHH-+*)
zSXqU3W$1Tis`>W4s;T3_QR@$0xr*mXf%|s@64Fh)Gb5hkQ)Ks8RTrtSbS~#+KUVH?
zIfZKDJ%LUE2~UO{w}TacIAAm|@tBW~H04erB_+y#nJoX?KLqJxiV*07ga2~I4}ZkH
zL!_VzaZ5rKBV<|XeD!HL>YGSPeu><u3Y~*$LsR;|3=o;*P=j*TL}PkYG)4c*ugU!n
z5^FHOBc7zF*i<m>oJsl&fC*t=4V?VDZURY(5Vgn>Bs$~PII!jX%aIeFVuPEVgwA&e
zj@s&LIGRHru<CHbiLW~y@I|L-)4|N}ExDL)xuXI(;W_1uA|_04tT<84{i<VI^mgDv
zR@O27JnG@>1pC$xqdmZ##uSj{#;>1EsXSP<ltu3qBR1;XMRs|H5xv!fiZe~VP|jnW
z$}Ph<&vKBO1cNT<AmE7VcAQ&Z<?vx8Ax>t-fo@$sV-^dt3J@}kcGDs71|%l>>e2{k
z>&(h3kieqnKPt0a_<axqpUaRsBx^L@pUj5(=w4y!`*_surFr|OqicwCW0ry&h>Sh4
zA(7(NzWxWSEJo@O_)CWoe}v@rp2MQfpkrTn&M+FkGZ8^qAiS}+(SU1rxS|y4W36Hh
zXZGoJ&2kz<W}A$dyvqT4P(;P1^#BI+Q?td;+t+=j-o5uPcH1ne#H`-#H+Y?j?Jzd(
zvNOypv+qwcWRan9Ju(}om$lN92i$p|xk?+By~6d1(d?xYe#{o{u0k(}#21$t>{qc9
zPpc`HOSrCT8M0+vkz95H#K{=lUK^OKTua9W){3zc)N?aGcezxm9}2^7nz0)Wgk9qm
zN~(9fm?(_XC}t-=ip;YF9_h^{GIbxjDi3x3i?F6b)N*hAwRQB7DV2Lwym3Q=+O=TN
zAiGTzlgCWs9>f}Q*6&fUn;!V~LKCwPyIVlKsJC#H2#E<tDL2p8`g3%@!6C^S4RSb7
zY#x4Wsy^QfT{zzW`G@)8Y)4}npa}HJ2M+puyIjc?zCv>MM!$|c<b|`9iw~9>nUodE
z*}g*l4WrfJYy!K8D+{GXz~d(<OmBtQKU=W1W6)*#{LE;WwZf_apAvWARyWty4;cg2
z?&+b$${11al&DN+hPUm(Ct;Yx;Iphyr+3>WgPelde?weN7~iDZx<_I6`({#2jk>A5
zKE0oDxlC!Z_D@g*^2F*z&a}P%%LVO9>+1mr2lJh#4j3H2XLDGQ8WC1}PuPY_xOe9p
z^P-*VIeumAcV<~&XQcsO0+uB<iaGrzr$tM#3EzxAOh=vJE}*omud3{4dYmT@Q*v$&
zVH;-=!5_?{1Lt8;S(Mzewe?#QnvtGO<@|CykQf}F4DPS!xB7s#^V#a@vxEyO8I+W^
zjcWhG=idK>(zj%?Efn=lNVAuBSTQ+$YdcbIxlLvW-8|%=S~ae&0mRF-Y)h*;#<U6r
zZXWQi#raCt&Q#vAkM}6s@kpmUE<!n%Aj_c>t$!@m#CEQNE-!Z^ZASw6#e=~93~f)U
z7@2z0vxD2JmpNbZH1Qr|!ZmqfzdLb=>hLSlc8pTqyLK{e*FPtQvOd#iyuNo+xcSBn
zjnIm^BCUysdONh_Cd9Pq7~&q1tqi_PZylv(hxMpb6|J9edRv@BzcF-_I~#d1t`+uk
z!i1pMZwr^46MycqUYl4##bnUs&y95WwNZfzKOP%*9;PC1t5kiPqm53x2$5UbmSbkT
zX>T?u13(~`E+#jJ%}_RGHr&liK2wiJ_5anUb%`nFpmgl%ZcQXxwu}ymnHDZdp443&
z`&e<4jU?V}#{Y&|df{<%2hn-edUun;=Z%dkeDuQ#rKBBjk;^R27Gjw5b}eRiw?j4^
z<o4y`qd$5@HsEVDcJRquWVOFA7A#Bi9=MSpT%}3q^F-;^S4mgg>dT{UT<O;eq6c)&
z_;_1)g;K)0NO}AM<Oo+PrFB`O&C*GpCyc~_TXc?r;oo4J+;s@Fi)TW~UUr99bVT4`
zI=6AXh~1d=o)(%d%bg7;CQObXeELSKIm2v`!-vdXlub#xIJrWRGo-WTdFvwTk<E-{
zRmR5d*#(uBHeoM{ozrMF9oo#Y1@MernM$`f`rM08#U^bqje+jv-&}k|n`EwK2E=@B
zF=&TiTO$hyK4ngPTt2^iJ-rPvd&PrPgk+P4kerYF?|It)6chcw;mi!r#OnG=UxSYa
za^h-=Wu9%kb)QP28YC(9BCgzEH~6(fqoRQBn@ojWP_+%>p2#H{5DE0J4UhofZeUae
zskow4MH+DHAa?pw+XLCdugEboyGR@6tcue7eq_!;`!#`rhM}xuy2qubThn}nEXAxu
z_DTDUVGY!b#=g?6BgqvYAWW|v8w4_TNpJ0jq+j$IkP~N*jPqg{Uj2^Y?lJOaOJaSL
zWx0sW5yYc|zi5ohK9u$Jv1t;7x|#>X*Lw82EgROEwY#ik(D=fNeiQQ4%&lu>RXw6&
z6TH(I-ppUxV{IH4sFjN)b=mf%OPf%e2xr;YlP_C)i0L<b%9UyQUt_h%h<*dlZ`>;7
zj>39qOcn7ZsNeL1p<c3M3kwNm{k+FK{zfMXUErtbZ&PlY)#^FWU-4)%t95rVuZDYd
zrujfntgez$u|8?6ge&n}f9qh$PrY@DSjSf<8sOjt=8a-byAZasRch!3+HUm6DwH>m
zrZ2RV6C?MB8{OwHu;t*)Caz6Oz(e#x#kv90$(V)cF<}fk@4yeJZXp=ug(AG@*tW5|
zY*ikpenAtY=)z7+>g7VWwG6bj3;O|V@gQm9zyNe&>6QW0sr#*D;+5(Ch8S~d@$?Ti
z;Ud2j`?RHM<pp}zCIh~vqF$P~C0{uweW>5yx0ug=eETioY*f9cc@2Ck-eIYb{hWdy
zp|iZlrw|W6p@L4-GWlHtpOZGgjw%=W1q4peqycJZ;muDJ=iNK{#P#7rFj*K}Bo;S@
z@D1rT_t*w6%mKhcbA^yf95w0G$pL1&@9)Pj&Kvr3kH$tI#gpb1R6_0Mk#F113FekR
z<erIFVz2#yo2wO;9)JBu2iV3WH9tSzh>uW3Vf2LziGaHxs!a5oYPE8DiG9EqQ{K9J
z4*c6yT$_<|axJkEP4+B#hFVpNQy%%|j6SDp4SJ&~bOw12j{BZ8FK3L^Q%2oN)BZX6
zA@uHMLZ{kt@gRj*^t_y<GCK+vh!p9tJ8@~$EmaeHE`SI=$J@qmob7Z8xAzJ&zde#%
zPp>w*`RHEN)6W-_BE;I~5lXprSKNslC2MO=Bx<Nl=faakv-)I)Tr}vEx!NJ<1ey9C
zRs`+ZTq+B9&y^RHcWW-25tiq2e6;-r1|GRi`l2!RVly&td(5UZYjG9>>jL?P#{9uZ
zt8(b1T#~e*$ogW5s!#_8EJHqOMe<9G;%ZV-=3BsWzp`5oiydG5q^E{g(|HHJj8UK=
z+NrW~@9Vm9R*+mWz7uX^xl&dask>FCl=C4RNuAHrQf8FtXCzw^n{b90Us#fXwLvEX
z%$Un%5q;f#n#QFI?2j)(#@u-`4jE-ooS5BYrsRu-p=%f<EH4tDzw?f<LK4)=`ZaC^
zz15bJtv+zi@0%b#NB2)m*Vt1F(My!k2lv$H%EMQ0N~_v%OKov*_5imX#wBjG4YG(4
z7JAkbgxiq8RPPqoBQe$`Vd;Slh~PwnEW{y11V!y6MqhBadJy24wfmK<YfC><@~hnF
z*T@N<O}i<1OqZa-v@G28nrnnZa0hG(R=#vdMZA2Q?c~0V_p>oMuGNDNWM4IVDVR9D
z1~<K1^UP8^_YC~KFoJZ8qDPERg?4sCW1PW0Z(~_jk`~!Cy&mb;zcSVwF_bo5{0C#4
z`sX(W3rd?<ERUP1iMFixVupb&)#@UB%(W#CUT4e|mPCQpXx>RB>m_$kx8yx|-HVCL
zEaKTm8Gm8Z$4$6ItKW5Wtx0k?Zl<wn#T{kj8vu6C)X#jYit0qej{cY$*y?<FVmGTT
zN6lV_S_aX?D$X!s_evM~T%ULmb!}bJXB_cVf$IIoDcCQs?jjd<ajoX>MJ+S+v%g))
zp7e_J+QP09fv{3`l4}r<^j~V0m5%Q>_>Sphhd)iRHEO@$wz$o3u4O%9oRW{AN;LeB
zN&p~e#^3#LNhs`Fnhgk2cH|1c+<|TTb*nv5nbqtL-NZDC<lZ#vTUk$pLWLD>|Fz}#
zuh(UmUqOy<BE)LAl+hmuWPOd5xe|$+Kx&VMcuTkk0JU!rVLRPu)Q9rTqg!y=M+Zyo
zmBF-0&t~hf|M8N7q|SfQ1blRjSgAI+hL!a(B{qD!h<wsD7k7_W#ocV<v)Q^<)?0Fv
z8cgWEUH}5e29?Z_wxX**SN7~{X9j;ocv2oJFSRHLjV3P}Mf-nHj`|xq^M<rSTe8aG
zmZ-~0(BqtgUL~G8cPA|K-lmS*&S`_6h4veE3ztdM@h?e7wz8ON{DiVf2gW+_t0sJw
zb1a?di=c1%x#a*%vZo}Qybg(poherJEIY#q?Fgv1nZ8QW-CyCl^C#fiHQ!N0@_NW@
zs>-lpytanYbL<C97JqDh_o++rsLpgIf2n!wbO#l?&E{&xqE=Pt`K9p+KmGih8kx@f
zroNDI)F+zL>ZkyRpo5ttS&$(cM||&uE{|k+v!rP3LN((4jY%1l%}=?HG55<U+oc%9
z)08W(9udl}?@$Y}8$`mbvj>@iq&J7LAHGxZ#_$69#_OE<&)DIcx0gzr7G-f&%UH)@
z@)@^aQA7&yy{enr+CKfIn*JMF!N*#Y#8iv+*@3t1k>~ngc85pxyHAvA#+~Qpv0)$`
z9lOk7AR(f${suA5J7pl2*bXT?kGp@sPR-Wp77rSj&_TU6gmO76QnKgGQrHpL3NoRw
zgVobWZdRg&w}01?%kxcc`*ANPwh*|RmgL&kq8Ld6m)phhY9*L!d0#aFr-S_)eC({P
zQj0HYg5K_i2#_qq%iT?sBL5wxSs9Z#S8O8rZ)JvrcV^v$OOs?Q-T3wx5qqfTlUStC
ze2T?fYfqD#3*FLmu#G+8d2f@kT9SXpgPhs>&9aIdyD@{f`N@M>{pRK=6$1~-lp{)>
z8+C_glk-j)RemhbvXe0y$33@SR)NmFH`U&2{2OOkJ#IbW{UFUU4bL;1-585@LSX62
z!T15HYZ$ZFTw%Ry8txSIo!M$lixb#|I9$31@t(JtU1sgT0+wc51$EE9%oRK8JVWjA
zgZynvW{Nb)f}IEyf>YsHl(zMp%<;q0CNjZs1>xy-v6svPU=@gk7o@MQN0hG5r~((c
zW3}I+R5*QFcufQrgEkdzI!#LV1yA-tLx5o!x%x(o<Mge^`PSLQKnO7NHR=}hqAjeg
znII-xSBg3|P8^^UUT#7Jy@l|+&=$D~jTyTrh28gU6r0{(+|Q2}v7JB4B!{<!6Mgsm
zULol3u$`Wju_sR%v`8aF9FCUvA{9lHJj`FaRwZ;g9C=ycv_v?Zs5!i3(2#d!sRC8(
zr}QWRRDrvp`{x%c1j^Iu8QX4~S*x9~-QgCkLWHqgi)xeFN&lBCoW*vQ*?x|bjE%_Q
zl}*Cpao~voeX2o;ynQb@a&ob_hdDN5RE$WP%G$ckLAj+Yz{WdQu=@=q?`LwaRo*KO
zbrPm>^p^1<B?RG5Z|^gfhR$n-`Qb`O9Up1k{Y-4d%j^U8+;zF=sfkWXfsV<Y8P#%6
zB<>UPq_%<Tb)Q!#quv$Qaz;ebd3X2WMm@(!(PB2PpI#$!5B;*6Ra7j0e0`@X7K@YS
zwJ-ddP39d{4)2zT>bh!#MYb^_)U5_y9yPKV9|8}dU3krma}auWv@o9-S!S`3_6?-0
zmz3hKQP-b&r1N4kH_A9@9CftWGTY*1rcRuO&^FRDk%p@Vddv?yl$`fNxtuUWG5rwH
z{)^Gul3`7&C0*Ny;We>n_~IXp`0uW?CpQ?=<=%r3Oe}W1`AKa5bDEmBun8U&-LtVv
z&<%A-*zVC8dNgW!PoY(_#p`7V_R)w>W9a00AF5_#Ql8<&W8J4z(%Mx8J}mdK{B*GO
zp@LS?q~!j<*fc8A9z@rdtfzAd0xgL(G~t~=PuTHBE%zt_k*mGLm|IQIwY6A2%d@R!
zv_f24%%HDyKH4XMO$K+1Kq4_T{abo#0_q*~xjS;_vTy?#{0eOAw2B7S5o}c5M-XDy
zJ!9ehZ*_3cpw3fnA%efc1^)X5Q?Y;IP!v`ss|z(le33})4S2ltPNlU6;Oe2CpPir+
zAzdE#pAqZX#yp*@;I$+Yt3w=z<T*yK$ZoCz6>-V`pn3ZWSW^Jq+t>M+1_DKOK{ugY
z(8?~RrXjX=+AhEn7hj}MR|3H7?fdliKw)_g25C~Oc;YPR!oFTSfVu`P3$C43X5V2*
z13eMsc+L!OA(EpU0fEV!8y&an>RwIJ)L@IzQ6O<3Z@KWr@}6;i3H~l#c3vCYmA(WT
zI9qxmn-f=vQRgNQ%V)WzN@@e#Bf4Xcf~n)!QzO&pj60<FGSg8c_Z{ubRr)lUbvsT~
zW8q*4l6RM8j&Amlhn^`OkK;QOgo7ZY%l&D;38Q^MTt&InbS0W(Wj?&@b{TmP5aN&c
zk5)Y}%^y48lpE|xsbZ~z&5nbgdLnIulsgZ=mM4b5L@rJj$+!pfc6KL-7ACBf+H6?-
zD5HRFsJ{D#m<+Q5l1)crIjAA<w`|drGsddIJB}W9$ATvI<#7twXB3ooh{mgEJg)I?
zQI;!L=Vud~HuJdOnusI*OhM*%GZb@%Hw_qXn$$N+x&Per8I4c2%nmiEsp%lHfp5mM
z+V}A<x85sZH^!ijtbdxvHK8B940dVjuoG6N@4}%yzaQfZVq<#PJ}FXs-~4*5yDu54
z4d0fg-JsznDKgc;cRLI}y!O%0T#lM*+BTFU$HoI=?Igk26njSnjOu?6>AHDn|4wq@
z3r`{BZ+qVu&@8>i>(_pAmyVkj$#MgVl+;ih3Z5_>w%;2MP0<hJbZ|4YZmz6Dg>=*b
zG261bqRisQ1wAyS^wwWNbkEJ!DfZ=g+#`>SwDV4ewG~XABqo}5Bm~GgX2!`ibvlGK
zu+-Fmzj~ZSspb#z0q*AkMO&~_ZkdDB5euz7P)=xPPZN<fYEF|fL2La)wExacm1dt|
zP}^L)KYZMKsZHX=wNjJYA+gya{Ud2)b}sU4vs)nfF4EJRciUuciBfk%$mBx$Osm-A
ze6O<g%ea2M!?NF`t$tFr%*H>X(9*@k^j-UMI!2N7(}*6XcjeqfwMXRx5qS5p#l!{7
zDIgW<bl=V;3$OXzY}2jWnlED=7scft@2CCrV%3rKCTOqL1^`X`k=9>iS!9Omp8iU=
zGz;)Y0^ww?f_og9w5~2i@#M&B;@d6zBMn_Qte;m^8-MBSI%wByG{isHLQ^tUhPt<F
zMq0hq7)OEW=hdfTmYO*sU5*RQtk*vIwcAxLy`l(qugdP&o7aFd;lT`SEp<!5EY>ts
z0n@y6wB}+rH9>BnmTh)AW{S<3VMY=rnLQUob+hiPI0;h!c`KEci>C3n$eYblWxx7B
z=~0_kii$UimJLQg7Mpiwnin;yS8P$qm0K<b<FB28)QtR5wVE)kT2SpT^na4B+)|o5
zr{cFJ7(fPIH0fD_C<-fsw8q>Kp2Dy$+!h$$rI0duYZgwF`i*;gPi%Rc*{kNvIfdo@
ztm+O8*wt%BlFs!r1%uBBJ+-S?=c7h5>y&=_yokkblwnhk>52=M*;H|65I)^eK;FGa
z&cc-YKA0q>ZyP{7i*?2Tyo*?23y|@<f~e^weR^nVjnTNZiM_Ww_C_c7%spPja*ayv
z)M|bPdp`hVqM81hSw6p7KdzQK7lFM`pi=V7H6_~MHMJGCad}G!rpnvcoK?7cuXx^D
z+>q9)v`o^E7_H!Niv=ZzM5_J_I+2$UH6%0t4f*icQVaJy(TFW~jL-o+G9*@dMT#um
z{_G`}X<u%b+X}B#iz=S9@}jr*s=|`{@;+jdMjHs9fl=+mN;SG^x5%XivTucbK2Zsy
z9zvUcXtQ~5;_WT=*IUXZYj^{;q2Hn5JV}*!SrZH!NX0JPad%;jjKjUy#i8}3j=AQ`
zt=CNw-#!EP-b;FfcbYb_hAlbo&l2$U0T)*C&AaOQ83$rzClpX`X=4n@BmgXd4P`iE
zlXAWZH#J>*P1JMmv1@ubbAWK5!BP&YX_q}QVsZ=3j%((e%eI=#siapBeRS3!7;F94
zOOH+M!2eP>PUebW`!@G_TxBKW-pw!;6tU$_AyBU6ey->XAVDty%3#^=x+2Qt0r??j
z188ON{~$NO4br_R*32yiJONyXaF6IGeZYi;AWhW-oWI2#7EP)s9O0UE*;b}8P298;
zP*FIe^%f!&q_J7z(AR47^>QG@Bo~EqSrV>D9fdhhW(g6V_Wl16Oc1uxOZ=kw$c3!T
zW7_GaasG6al}Z>oj|5Tm_0mr&@gA=Ur1PO8(xdl3%Cs3q47wLhvlg|pK4YIWqRk51
zK7)EP^J*;-lBRtSjM=Bx^E3L|(RA3&m``rKJ{ecqxFk}n=erbLn$|8q!JnSSGVA-B
zydtZ13n^zOYNyNmi|EL!TTw@zwChueeKh*momVrgo_l5z<AdGflUTVDn$(MmvmwDJ
za4%Rd^T}Q7u6%BS1Sa0mWiq<O2pT<c<AAocG0<!k>#BDAYYxNn!AO(Z>{8$x(-q75
zK2S08bPTyzjk})f<t~zHAF6w8W;DE2NQ!4qrT2#y?pVn$_Lbf@k9FYXnzU<{Vn;gr
z&DMh??Q(`Sq<{>8y+rHV71J`xi9l<!DZI6jqBy=9tC?z%ie)mK`WpgPnK0CJI*oF?
zTCNda`hVy;^ROoFcKuJ1$wJsBF=2@alL$COKtON>orDAdK_{9ZASkklU==8?wVH%&
z2rhuQ(N>258X~A5RK*Px5U?mHXtmlRZb+-I3w3+d_xEkjb)9p5=e+0p2Ly64<d0l=
z=6Rm`{@lSWVdjF|^8ISU@sA!!kr`zlH3-^$EBY4=+As!jIx01EoRM1y+fA6=$`-Ej
zUr?;X#Z}P$C!Rh_vc6R~Xs>SVQ%S5Wyi>`^p<>8ltpSDK5Pj*M`iAvyf;HdE-K#9p
z4=AHVGF?A%@Rks#rb`eMNu$o!{4=aRTvYmT=$IiQ2zo<A(w=BL!!D45x?;2re?*?%
zkvO8tmBV*O4eN5`FZGvC91-viITV?VCo;oJY0N&3{gCPS=r>@y7EST?8d&1<(;^|}
z_WMFya&v)cG4HX5GVyLYbs_Y~1YRQOIBU3rw4FFD1T$ZwF%1sJYco(@4b|xBU{#o#
zBimNmhcn8s%j5iR%%ZCJpD$p=<i5`8`w(&Oj=<qcir?`vsHE2|q(Hk`3~>@>@U_87
zmp@8cAJPI6WWR@Sv5+ZFpHx}V+v_@2wDqH7+?vAG%46j8n(Z{#d>XY%8L`NLcDoIK
zUh0!hs`-7|j;<WV7b&Kg<t=Vs|FX}F^ybhl3v5&1x+1z}@bamqQ+ozzlMd-?#zZzh
zDxBR(w)2Baf9NRutFN$1Is%K{OF)uz{Y_jyU#A}Tfv1Mx;_u+vFo7VCc<7y>35nU|
z54kw)Z+K795@(e2?|mw9%*_RkG51e|sTF#B&1}>@Nm`Waep$L7@3MCvNKv^AjG!Nz
z8(ztv)z#g5<y5*w;3D0X#p-yeqnZ3^T0MvF-czw-zHu}qBnNM(;qe+@q)WxA2b6xt
zFB=%5K8f2rk)-nD*&PciP_2D>KH;p%A?B_s8k8X%@{!&b@xp31x6t67LZ$rWy>i?6
z0E)x;+!wH|ItDJjtvBp&niCFv9h;|K={n2e3NKX&X9W--Wq9pEF7-oAtvcS1-P}=^
zqa^PdKxVg~Q9JMV3YztFObi{AO2fQ86l$B-`rxh-!@0CkNfc8>oShq@^ay>TU%$Hu
z`jhA{&Xie;1^X(j5lg!(W<~~lNk0`>RNc?><PMarsdzBF?nJt8pHX}D9tGX;y+AU~
z{^;?Vn6K0jw7YE}neG|x*?Q=vu_i-K<v;&uVc^wcT0QHcg3TV%b>m5DBFc@s+grDi
zwNphbnptBxJsS7UGU|4R<PS=cgM2l1jse@0ocwNEg<xPjy1b0W@3DGiG{@sEi@)nm
zM(C3<hueAOm~7RtN~I+*e>s$Dpu+Dm0hm<3m-ST+&os+e`8DguP*IS$FTh0reNNMD
zo~?rI+p!uziXD3+bGRa~J2ubV!YF#(&-6*YWKmVXF~{u3a_9EKf%8CL!joHG5qGPC
z-vyO(T{LuyP+WL0jh~<rl)1lEgj>$cQ=Rt|u!7E&So+va<-qpCc_H4k$DC@lGMA#}
zFC9}WPR4a9EhgE&#y@XD`EAfikV(co{Zi&IwUKt9g(bJl;WSvJdN~o|%LCw}?l(32
zPhVhKDPi;)EH1SP^hsvj+)-V~tUHWooZ0Z01ImWyW2k5)F;m3=SvmjnaIUGjd(~b6
zh}KX)WTf>iG=K&yHBUx(8%q0`fdZqNiZa0u28EUbiy!Gj%LSuExT6^(#|5f12=I|A
zK*9O9XVC~p52_dG)Q9Oa8!cDKEYUFBYe-KOH0r+`fWO&7sJWN4AtXrVf$zh^2=P}%
z)dz!mg>wEj1A(bw3ykVXIyu>o>XI;EJ1~r%7!J^xyY9eU!L@ei(fiTI7trI^4?kSW
z8rH06u;wXJ=3h8BC@eIH7m+@@4Ccz;^r-De6B6gb#D6kSjgvm}tcf7c$3)UE9QHGA
z;j2d#9$$x}{5Z*EZ8YlNkS}kyS)=bIoa4F_(AS+Kv}gT$Y=-X<9rfw@B86;0fGo^M
z!{~s(qA_{vF|w&^+&bCz+(-pF`(%$K_xEA_4r`v2duET)gi6QNXLLij8}s`HFD0?j
zfL`pJfr_k3INpCAa#cR4K{!=Q-l-jnSiXwbTQPl0g6>MZ=c<^C_Mbne^4NYkTYZ$w
z>>|FMQ!$dS8V4>gF&2!&=9I>7lon5%076mi0xpn-Eb9({Q6%=}wJ&{bq!cZT&HHbw
zm8+)2nxSO0TR_CE{9(R?V6U$iikPo5Nn%msh}CeKUiVBSap|}|CaY~k!w?PRluuu3
zFjic*Q>a+367NX^gK{d{-NMXuI=k>0NU?drJb=76Lwqrww)0z!;9^F!N%t>kgTn6n
z!VY?vQwlwI=MjU+#}Ro+se5Z^JC(+*9E?{fkj*P2{r8%=qEnpmL`Dqk9BwYM+LWb&
zXf{9u8rR^=!K~?BPS2K^X`YO$RNnRR?zv0DaMv51rpcB|9%-F&WXh#xF=-aGUlM$~
z3BB0SV%BYsht4GGKjhJAJ52=(BJ7%lc}qMWg%Pc)G3`B7&EW-Zb)>E7bgs0I{v*IL
z(k0i_8XiWciO}X!koO!s=4tR}bjAqWmt7e)HQWoUi3&y-7bjunE0}<P%pmIct_{i}
zmi~0&HMf|Quzl3RhGUCABeKO`cSudnvnWK=bV{u<uF+Xt>cQemL)QxsKoK5pe4eb@
z5xLQHv^W{{6FTk^y_Xu|57e}vJ}X5B6mI9|8qHoaDzJ%Gxjg91dv_i31@p$wCtV{;
zIY;Ec<(qEU(=M=-WzLdXg|0ED<+Y2!fb~d))pY~*^Xav&b_Zrym<nb$e8CcnrhY4E
zS~PZY3xN+Ys-+WIkCW-iTMsOzr{0w$`oD5cJKDj6ZiEXtpD#I-WO>a~T6jOy4)QoQ
zKq=Xn*u%lay|&$ir+b&X@|XD%_xc>Gyo=8UZ3n3BgNl_uXt*8k(ZDQPNjrM)<9xmu
zg&!_3c;|hGmb3>-T(|UDWCFtV-hEM4k7&Ei)tv0k_)k3g=ik`!iM|<B!Te`OTrEqj
z*5<HX7GQoHmnHhjqZ=h<{Tk>7As<jL2*{8W{Cr0y{`H+o?k{uBuLUcLH;Q=C;2BJu
zxll0ZVAbTmsOaM!c#Sh<KsE#3p}|<CDz{luj&xxrW&4OW{<P%4_zFzn>DQ-%ze#bw
zW++spaTzvG9{@Y+o%EX+?SB1df<jLV3D0*eQqJfIJl-U>p?&s~iWGV3F1r`adn9G|
z%8|ag{tVR+mFHV6sUC;fb0PNW(my3tKT$eT(jknz3)CA=%%xupaEy@S^+eC_vx*mp
zFRvpaavQJ{0rpROiL0aQNrGHxUb_g$Ie`5$jKIR7tZSs{T?+_UAB3N$DQ~{NQj7+o
z;}!<MiU0Um&fq1h{{=nlWuE;#nLlEmPhSQPYJxM>)KDG_P|Fr;q^1W=jqFz`u=v%m
zsirj_+Pf0bkC)_ktkL`LGty>JGh9d0snBw@mDM#99Yu9#W4|X@)e`-tK8b)AZrrs3
zx;3Ip1cQh)eBwvSzQyA{!G;RN>BVxURO=6N+xnpsBZfsF4=_<#D!+8DL_TO|q!o?(
ztfv3;YpA1TrS0N8`t`%)BsW3D9Rvwg!hoN=x)Sf@Q0p-vm;xfUHw<>q;ZOy~N3H~*
zw-twWsp*d>{^LID_`dN2@A_eHv`?}VY><9yVL0V3FJl$9qjN}p7rSZsJDFEITD{+W
zl=&Fi=lwrhDBY(TK(5=MX1p8U;zipi#7_oNSbk|(vyeRqJO}op`gmxsC$(&~4h5w2
zGoPnRkMV#Zlvx^{$1rnAQVJB||MzYP^j?3#+#s#49YxibI1W)JMmLmYgi1T;AgIj+
z2KLr+9#bX&4`?)cmw>}z!v9%`fJ;{9si#T@iN6I>9j1K82h!@>-O%Yrw}^<CXQNS*
zZ<5vle<y-wU-P(B9O1uB84@*H=T}F=yA02FQ~sq#%LSS%^AwEP&I?S5c=za<d}wNM
z#~|jg6T_;0U7=v#qz(2Ryq#kQ0r!db4Q;T_PaD##h<z<k1MEjF)7y_!FzDCYQI6G$
z65rhcEj7^StA1$a5rwew57O4(B4J>?wD3q%F;%yEl|t~!=*rn!*+Qic4~BYJm%LGc
zcW#cwxFKBxDbNTqhDRK<A4fHq@3zo6SbA=WO>Y@G8{bk-+XHdhiwCF^mo6)0g&FY#
zdLsR0KUz(8_4A@jZpmP+xBhBtS)DzoVlHYG-;@w4R5O0+XC_#d2P4tN8Ol{*skO4;
zL#n`85>G_*BQ8lKmN1*P1*l?^e{!`Bs8mEjW-R+3DuvtyDCnkqD^wzJ7{7yni~K*s
z_B?p0I-H#vL=e4K3}R1_&^|xE->y|e@tv_WeSgz*#rQ$BFn33Qf*9`s0Azsc;~h>y
z!zj00u<B#7omK8qBaKM9`y0$jO%K;MB$$O`uT^Stn4Ee57yqG+|CxK+EIBc$3uQS5
zou+J_Ja5q#t`vSQ<p$p{xxwFtn$t&gM*%Kk`l}X88{DkzxWLgR&KQKgKk&lDTj(ZO
z75Kw@K=6oE2{zrK6AMCZ@Ju3&HB4H~7gOsi%=}gW)%<=1vm`DX{}Qok8G!O7W~ep8
zzz$ZhewwaMN^76)j7^^Z*jvkZe1FG)0BYYTDUmToRZDjCTg^M{>Al1Ag6<Ck&52ly
zbJm3OLUm7y+51N-i%FZ6+a>$A*8=F!{ouvRZ1N2F7hp7ZHvSfw!nB_MWyJccDcuYn
zPn8j>WH=?xFxDp@OiSoEo1_$qSn?cIxK{bR*B+<^jouU0dBSSO6RpcJ(~lms{e2R<
zig^ap^cs^qEp)=Kq5G><qba!LU}z$b^hp@B8ZX&+AegmxJqU8MGffRiugq)p&GAY6
z_?;<%y~=PWo~J90qu6T#*J!W&7&wc{@7hqBthqpK8Hf-+ZG#isflZKVA2+O5K+kh5
zQddpwpzYM0FKM+D#S=OZwAOL1Fkiz?9Omdi-syznmp;X)ps{8fvw$Di1AkryiHjg;
zmDyqb%=$JBa=!Mp+QQpbi-FzJ*JiyPv&U567pjFEO|Q(-sr)|`;d*P$IQNwoNbLr&
zh5_$}fm0ygWPgs6MltE;{ZA#jqg=GGsk2c(GmzbGX5JhBTbV`X+oLLY?qb6dJ$j?F
z1~$D2m=j*R5j3j0`~=jtx;QHzrV`D2cgp-jf*NjC80=Pj8AZ!*piW=`Js*H7`6&bY
z7pl<v(1|JgFrp~vp2Aqg>tOEN?c(pq2m=r}C1Gum%wHO!l=ogTRViW(7Cj`a_*JbI
ze*koJ#UymuDE9NY8)g+}?sRpyM(OqpqkY_J)?4IWH+!rl3H(vknTSQfAIf=`1K1r<
zp*5IU#U;IzvZB^t_?d}dg>-XQ8I}xutEchru-Z>Wf<`DCe8#!nYv?ZxORF=vosJ<;
zNUbhmRYLs+p2arRD^<wcaFM~ZY>WsyUm{J~r&#ntYP9xQ0YhgcxjkK|tNv}H=1BFH
zJ_laR@n-`TiAt%^s#eg#^BdTR1)~G?NUkrZlGYc#kHhlI2E*N}X~uGZkRFpU?=w4g
z&XEeoODuPOD<sN-?*fX(d(7I?6i`0SJAi|~9MP57_S;Q#e)>w5T48cirf96=jBcm%
z1>PU`1pg?J7gT0Ck9hJQmdK#FzP*rk^6g=r_pl28$1mw)D#+Q}Fn>`FzG03GPW8pL
z&v%y#rf=wgp>zEV{^l621wg=M*I&|It5JvN5uXEBYm@0|RB{)7hj!I8@v4B}%;8vV
zrBJDT-$qkD7a9~$K-mlfq|{~<kdb-eIeGFo!vV^Lksx1|=%YZ2oOT;U$m5h!b1hdg
zy-+~VnKP)Ug|2iF$&)R-PtTqjtfn&p`lL?iU*+TfJ0;RMYO%LHVWsQ~qm8UK#rFm%
zA-d-ZNQHkZ<PdJ1`*7b_%03S{dx;ASTQ>SQV}8*=lhrq;DH_n@1eGwFBxdxlYDxWj
zMc!Y@aRyYvF~XDz{AZB$%7y?F@LR$m*Mvc5GN^ONLcL`w-uU-5!a)lN<=KRC+)6+`
z>25WYh^V2zo&o1?c(x^BDj>mAQazR5z^RJ3`BCDBr!}jnFp$2W+<ao?H-67Mp4RJ#
zr~|RuwQUNJ3_!frh<r=jTa0`zZNmy+BRW-k#m8vvMr<3^w@sY546rFZl(-$AjHxrR
z)5B@sBOhxY<ghl5lJ?YVS(wdRBisi<KEIk~X21UC_kP62lA5u8kRh@=K0zqmDa38>
zUc$7mT8&W0Dz4#+J)U%z`5vvlWIEiwj|-P|lG^HZ8ui%==E{vK!Q9^s)EuLbCLYoE
zF0T;p;K)l{H<_i9fviU6p<XDrE=>n=GWU01SL1;OYQFDrA*f?H3Idu7+uLvD*7){+
zxG2Ep>~BV*H*D0{+tXSOhH9L*<Y?$YUfm^L_mIU`Z@$skfdSl$TiZ*mIrTRz9rm5K
z^~Zy_#=;jlO4vYw=&In8u-thw#eTlxC#v~Fw#M$8jA^*u$>_1cKsC{xMQK=q6lU#v
ziBqH_lQHn8Ko+c*OQ2xgQndbFMsEqNyP_fhq(KjUA@jD5OpZtP?zT^X$YFi&W;QO~
zUvZyV;eh3Xn63$J0Y_W|g6Rxgfj_@Hzg)v#@S|cfYmf_7HT5$Gzmy~Rigc<j=GTqX
z{BTLr*&Z$03<61Al(4OMXsLmMXy9#ChXaRv1tTAsAwn(mTG#Z|`du}jc(w-1X=(@5
zG1Z91Q(Z?O^RbWvLOz4fnPTs@cwSIzGhuLYIani<dEaUg@5(5-xhx$b`-Q>kTNgr)
z7N1P{$)-pFy)CJU(s_d5NB-=hjUyvwCv6Y5JbKV>vT{>CGaCRNh}HoSb?WOJ!HltA
zYsQpB+^Y{_*^14DgG^T3fncHbh#k(Dj}k~aW<2C-4thT~KyYv$&~`BnxYyWWo^dXb
zZUV^R6ztQmCLKOxUNcKd+c~NE4wHE%o?rH2%SMU(P53Fkc3|bUGRE(*u%!~4NfnO%
z3wm{CkGw$fdmYCA#}35t^R&~$z$o^)oLW|=pYGso*u#8e#<m>>S_7NgjUKM+4-8St
zaMa(o4emNoZLZvqo%l%%?-#r`dotK%q}@Is@%q(VWMX~Q&2QfT9k}vDn*`Emb|)kK
zJCvKH<V#@g4)aYWIzBIPQ(N8|;Pi&jn{Jw^SVveA|Jx%%{;vKG4@BDx3Zc}qqqX4z
zMf>F(U<cU!Y#dlQWx^6Q-yf*@;!k5~vA1P@+1}YvoG|uwX%X`Dvnr(Y$;h~F-eh;9
zn{dJ|OLYE;5#hK(hoLUF<anBnpK5?+PG_q5PC1KoGPnJqjU3ftv{lS_s)T(qx&@wd
z%#t!Oys2*BHOR@l$Q1Aqd88TiLArzKrpISYlcaZqUVs31dcrlTAcSP+b2+kCR>qyO
zidFsa&3x6O*{3C1-cpRTIBL|M)TVYp_i|nmA=a13mV%5L#PX!G$rLg3O+WN@VCxUi
ztu(6eqp{$4Jut||oPyOW`Y`(kIkcz%vq9JAywMHe>aIR9@FNbvypH!{O3{qjJ$g}4
ziRH;VaDb;F`Gti!FPQl+s3>2ZZK=Z7PgNkd<WNHF_azWLkcYo*(JQa}>F8c7%^L9A
zd>*6Z9l{Ga{aFZ|^`+EuCk*~sVD-bjC3;WG8ME%g-;^^tyMR)~O(}i9(~$qY$;vAh
zqYL?pjg8plXVXDK8Pxwm8^ajvhl{DHTl$H!J&Yd4=I_yRx7uWaANDz%W7$Ti7GV6l
z<=lLFtXa3ysT?`aR;o8AuLP*r<<+AGHZo#ky%{As5R3>vP~Yd)EyQR2riV9Pf;xW_
z#JlctmD66UR9!($LYcVYE$*HVl|=lROdR;;9<|Mz3)CBLa4;%?Pd^C7H&w*rrbH7r
z3l{({>_0eeTRHp}2xljacJ%}%P6{{XkKWL}VM3n?-PcB@hl1AG1EsD|vvL-tlQDEf
z9@`5HbKm$Gh>Loy>3?g*g<!o^s5g&uBHX)lgF@HS??<SZPl(fWX7CQVt~9-$Gp?S9
zk)bz@7Sn6r8~0q=BBUoEfokyvp$wMnKW&8-&39X@ld1mJWBeN@lJYO{`CmnfPJ;Ya
z&I4v3GXIK#VPwA=Mx0zKJgR#?pkKF$ZGkv2MJdEZF@QN#4x}9r*ps2?zH&<{Ot$7f
zYSrIa4}MTJ1p*(WcDUaR%Ff3iQkK%MA)H+XsptpmKKvgYlJhehZO0m)cXYNSxkr8f
zd-N?-$T#Ub)aKSVvUHi0ivLYouDzM5lZWOB^RyEPQ&RE(1JS|Cb+{?VF6Ji~5+BpB
z#sDa%@UtHZ_-Bs13^TJ};cyoQ^F2v!^UO4GW8cDI+%OwDQyBJ?d?(a*hwjHC%pTS?
zE@nnEu{2BJ@^O~srB6cqgm;cfhEK7_ZR?)3sqpVc_7{@^H$LSRE~Tu#2}@gJa(K4+
zu+UWh2MMh<drqZ%84A{6((6!%+F=}sLpjke4E1(?rx8S9Yjg1FUmK{t?FTyzm1skr
zVEub3hUBQMaIvmtP+GV$AX)a{*Cut$XFZx_+8So<87LHdX)#VF#mpI3mm1vnWrdqP
zzu({HM_OB_Au2zD7~tjLw9NttfEtXR+cSQm>ev7}maZl1+IG;zYc+DN<HPTb@Wz+8
zUe-`4i<^Cimzqz|*GWZ2lQvPzgm!m!sjYftxL*6hlf2l`eI9W&$Z60UmF3J5{VQIw
z)qWoqQm|8hWdn_iGTQ3<qPMycX-NyXBEUbMcK9c@z&7lVzkso(k_TDcuBJ}hQ`3`n
z^jXI87?+wfp{x?h$0pq$Ph@}fk8WBU5?6u7TEzfk2!bYVR56i_R3Z}y<~7BUi1<iZ
z<s>87kUl}f+SL3Jow4ROrgDZpP90}VyB;G;56;XsK#|E*bG^3~K7VvbZD!LMOP5y7
zf7XntSaVy74ddS`<AOIXU!uaD60I|^qtN`f89Bn@dABpw8u88+G}v|yIhirt>IrF<
zF?%C(@YV78&jy+8n~QAk?l(AIeXR;%-$)V8e_Qtas1#yv9zJYh;ZskX%@-sD7o}P0
z;^My48B(^-!*>Y2iz&&sysv~NUdjgmsusV~XSn51G86#rLm0zDi}jM%LKS_&uZ3zv
zi$4eIIS1}0)K^@b@lT1B>$!o~k?M*3rEMi``&$V#%5!sNkgB+JkExbu7)RVdI9q1|
zdeiGo4~<w~D`xPP?W*A5?K2x1shml>H2x8}zGkHkQX5&eLgMU2yA*i!@}_=b*Ox|y
zXlFPXeRh7P%tGidkWCqW^g$vVx9JHYrxjPAd%so^eiJKbwj25-u6-6#3eQ}q*Q>tk
zB?5F^#)%8fCNcSCnhdhKWHx=?mJ_b4Ir=R!&~yOIE2CK=qbo1wD1b-)a({>CsFdf8
z2^ABY=#!SbR*U-sEDKo1i>_&juRO_;h=HqLD@0b(s-4XT{iq#tD(<K_hK3JDZIDL}
z%ky@>%<`n!?eLzF8sef_cjf&Zs7RSIR!*GUHAVy%6+9R&$Zwd6-ZXQ9UmFe6j~?oU
zMdMLf{ghte#F~E9{(vuBnvEE^gt*4agq7cI9jQ!g)yS;fe+23mI7Oah#&E=~j?%KT
z4FP#2dWT8UM5zwi_vEk{YU|h<ilo4gyOqJes1%yj`!mbP0x^IcRc)XZeKaFh59gcU
zIA@Nc3+X(f_q1J`(=UUl7Add3PZ#jxEXrpiG1-1l=s5JXY{KQzXFi4<s$|w!bGA#1
zbeqFoVzC))3T#S4`Z`Mb8gxqqNW*TznE%5V9*`8ZK_<TUbveuC0po`nCEl*secZsz
z`an%s#sk{U8E6ddJ%{Smgy!cjHEQup)52HvazkGKPZeAGoMzu){1gWOM5K(i-nGYo
zkG)63Y=^WD&K^YMmwzB8qnA8fTrJMab)f-6I%`Z^G>2oY8bBROzfy&*mz+|B<f%)=
zz*IaCP6Bd<4M<&ZI{*u0+YB_V<r^aOypUjTy<5RVz>RKR;X2vDHAZ2HVS<Y7GOD{J
zm(mce>t6y2|I8(dy~%1*cIt@7m4yM;7B5dJcy)m0+V(Jq^(V&ML5H><8rCfgEAz)U
zzDQ=V3eE7a^KHC=1~+d5fU6w)quDZxqpxtU2Wo=;xVBOT=ir&K4yeD$`Wq?>Z-H<t
z-AgdB^ZKW;jyuS6fQhm%IEF}W<6=7UzYml>3X~Nlqw?1-G+Uth?avgsql{C~yhpq0
zpXm7HO$$KiA)gx$;}Z?ctLWY&+>onQ9VA3(kGLB${?(dM=)dpGfb!x$nllt^B8cHi
z<~Ltz=%4yz;_X?=@gJ$L&5}<77FYXsi364HuOs^lt<=K(Z?6)-1JGC@2Y*kI40L0q
z4&BLN76$>-IP)Ag4^KH(x8%q;^cVd<K#7ZLjyltn_L#T)l)JMB52qth2NaGy##ai*
zJ7!gw;~cY*<GD(qxqS7bgkb!lhCZ9Mb4rM%5;m^i=ZQ?9V`(P#ic61~v(B#}1234c
zk9)@P0_4Z0bBNGcs1e+RuC&^0MtlwE@n_$tn6CGEVF@3l)?}bJndq9aXmrnCwFw8N
zKrrI#9mn{veh`|QPC4pc$#4^=cn!B01#71k>d+NZ7CarcD@b~$;XAL^4_lt7*I;n(
zNdBr%X*_7WyGCG9B;Oyr$*eiU4A(xNI;g@uuLt0aE8vzqdqQ1#EVQ<R7rDzo^W_T#
zS0&7%r2dk*CDVn9G`cBinba-jg+W6=vxO=J*`l54R~3P8$mc<$T;R;GcJC_o;uBGY
zuX5xKi=$+r-G}vLuJ2T#Y>mteI~8cWCY33oygLa3P$$q!&@mlWc?n8gJ51WRF&*x~
z{#I=tsAj&=1q`HVy_F1YqrRfKpCvpQPtTi0i91fC)IuSBTe8y1z21ZJ$HduJ{^WRW
zET;t<wK+EkhwoE+@=m-`5S<YQKW!&q`-LWL=ohAoh68z!Z3Y(&6NxBM_8xl7C1dj+
zq=nTMAu(GKPrnyQM4PNI9)qTezG&%Q8TN9mA&ofkQWhKiE7`EE<Ob<7Umt@*7stD4
zXuFOs_a~-BJyE6q7+<A<d>^SbiT&ZIaUL+|%`i@mm{T<vNmy+2HhFp6HgkVnk0(q{
zjyhb)_%VYk0nW}{IT~JQIMr!WA~)29COy(GT~rm?Ua(h~g5$0l<sv8cBP}~$B@fLV
z!ipttOJbB0M}^hq^7OeME49`F!Apf`QUz(eo*{MmJ?eEZlJ%Gi!7P`^!M?o%6z=s1
z2_Ah)7`Nk-Tn_h;5OQM<CK?Y!CO+*7;uC^9pId5#*S{0=f0OhjN;da#I=cPUW~%1S
z-E@7Vp7tlGKHnTZ?5=sBloxC?6`br=iMI43xoZXdYnvsNEOT!3FHguFIr97$rh?Y4
zP%-^!n|ewW$(76~sMIXz^Ls=dGLj$;Ip~F98AkTbeD=r;`9qf<fnd9_L6x8ONet}y
zt(P56Wuz7C2qfeyNuyDu_gFMyzfxv9U=v=nL1090x~mth%HeNIW<%#&b9hBofSB~8
zz~q|if4jn**K`N!zcS#8!M2Yh>72CZLxzH5t3bAAKof_uBjhvel?zydV4ts+OA9wN
zmn*D8h7H>vm;gXlX$1{%Ik)`#S@Ey3)CBngQOT|4xvovmJdRrF3P6H}r(afZvgK>p
zfekH&*?^|zcz2|BQ3sqD>`Yd%yoRXlOG%~m9E`jr^x=ABzHQXoNmO!<7%Jj2{f2-w
zCts!db&YPr#a^7DP&abi11H$+<gBCLoKNM+r7@6BWMW5#n-9#LRJ1s>a4}Y$i`iTm
z0?`rMjF4TwlC{UkvG_q#S(G+C-;VMDxgqZ;Tr%0kAKBaf-EVJ|7MVuJrM-6WqZcz#
z?c2SAM&{iSH|sRRHg|sjH~w;ffCfY+m+o_jO#IQf<C*w<t=!=}m7{j}oy&3jUPEN5
zG*HQEExrK{c$h=5FmnE_MpftwV1o%$(sqh*1IQPLx`1@rG7>1+BW-||@e2lM1}M9P
z1o$3Xu=O4nh4Y?hX{oj0;*uv^DaD?%mypjcbR9P-VRbS6n!iG{6{|dYAOE5;P=|!d
z?9aU#*v6v00=0Mwa(b{yuVx*kw(bM?#*Jte?w#=w_@e;SO+f&=W4Z^GOmWS8%Gy)U
z)CBvH+hc@jJpNAx`U3PGii|M7te{W+N&v>{|K{jvQtsmtS*Wqnvj_9g$aG0^%4aJR
zKKEM90Tm!2Pn^T*7XmYHF}g5^qQ~WSWBPn(@e@M~z3VSKE(L@V|Na=oIY4W{WRx-P
zFe*5yd(?}UaXE?BB^Uy--rD2gM$2UWJtCHZnGmGI{-erRC&MuNzh6!SxT~tZrL&9<
z_$-Q`PM^I#T~6(8gMFu9mFag%BI4{qk1z0Nl>MXQQVaCHciXz?wB}j0ro;CJ?VQFt
zX!abA^`Pei6}G$U9i%9oDTl_Y3HvE#)WaX3*b|ARDuS20?n&W5LaTtCWq(AW^tPRV
zxP+;l=!~2p-QD2Aynrn7pwpfj*L`yjs|3@tBqId@nl$*pcT}RqF6N@04}L|WjSMaf
zILgMmhf!ML(_z!O$ydy1^2`HfZdRgYkEqGV%ow#MFdfvw?YPJ4lai2Q1jq`~w4X+=
z<*QG0mIn5jJ$#Mm_~zb{C7GXvt^N$}bn)HGKlXIoxGZ)bDYmhm5XUI03<yonUC=L*
zU~7i_`{@=R%!WCQ>tqVO?Ray6TLU{3Tn1vHTbg7zI`u@klJA=N!JNw#p>?xkh?O={
zGT9PrZC<Hk5nKg1+{(dIr%HD)ypn_M6i2roeBd;iA7%To1!WFGmVOC`8HZqD9*B<P
z0fd5L(NH9hZrj7BT@j@f9JRN$extBD=-xGXrh4waX9G%p%=d>}Eml&W`-p)P3I=5?
zPbi<*feb#V5zc>q2~DSnSBTaPACfjrb{SNdtfNfcz{Vf^>xkhtRfSI5hl`L$eo%W!
zYuIqnQFaAXRSpGKLMPVz9?redMLOQQFG~(tWb#*7n$p_dm(!o-%C*5rxbbAN>`9lq
z_@P>=d!h{thn+9FLPHx?aj91Bjf2?HPtj4wNRb~Sc<ULd=ec-97lgzjIj=BfVLA+X
zDF}<_wLYIpaS>A@(AaiLc<bhoEvRo$eU?-@EEBot6YG3Dd$_Bn=f$v6UmS-uXi4ll
zRTRGYfDJFo8LaqXO^LfArGa#BZ@1#{;d<SttooVgk6TIzhai!gvNh2|rdAa(+xhoa
zSh2i2^`8dntw~{aqSSzdPVpZpa7-N9yRyY|*^TQ}OuLD*q~C|`i?q3S^l3K&Ay0e#
zqXyh5#d0Gm6JMg0KJ)vdt8#@`B;i<~UAWUk0^ALlv;weN<-Ybo3*M14--%$nz_ZUZ
z6<Yl^cwF;kQHIfjwX=&)n`T4@gLo<}niAUx_)yxzxvZ!0DnxO0(BQzMnY67p)QTw!
z%(*j$)<s&r^M7WpNnPIbMuA_cfR2b}Q+b=y5|5M_m)KXuBmSF>jtsm@Y?O?*?2i_Y
z4cv$!ygB{&s&TR91Hn;2P`|1q^y=xYb)}YXscrnn6&gp^-ADWt-oCD%{gn<g*N&Jc
zy(+|jXXd=M&}zi*)R;;x+Jn0mT`89q?TIy+a%2JYcaQYb|1e$bZo!Ji4t$;^g_vpJ
zmj9PhFoBiR;Bwa31u)LG3+&Egd0mcF5#+GD0KNM)-qU_t5nWIp{1JmQh6y?2#I_1g
zIn*=jYncVZTdb6Z`f2;`PCgFlr<K0}gTal~#PTohL`XtxGq782a>r!O5vHrad?sir
zR63j;Bjj#HM2OuFJVO7E6=siZ{zkPgU#$irHfS}qSPeNzs_5(h#=y;RRBM;i3m|y^
zh$pN`v##7Xu#!_aI&9eEt7i56Nd*77At12-FS5ECiHN%|V6-TVXyS8_^4>N2w9Lr9
zY9F9lbd3-R7^pL8YR$9yLD&B4NAWl;=pKrlki?Y8qCU&Lta|%6e~x>kXXns5!rf^7
z!sws3Dfo^%xWx0!SeHoEI&0u<)^1r~CO38yiv~vZ$m3%MN1I;(E2J&pW(5OTJwPmc
z^f5wecGz#$2jrAnhLBcHX)Ao@9chy#?loGp4@fKhp2wmy;ZbT6b-*{Fm_A8P29Fv5
zhLv}*1W*mj|Ky<JpRe{{j0@8T<sd4XvA%`->s}B`)WQu*fdLTGC({rWfP)=R31K-K
zL*6JjIo#Lk5H37TM@ZbD8`7j&B^=sFD{{{muH;W>$+KC9_jGXb|EU`kY*S;b`aOvF
zpUSOVa-Cq9N?ckqPZ&<+2nkW=$V8LWVnUsX_bi98unbEl*Pls!h_xW;kqKyCgLOE%
zT(6tZ0jUjUhn{>U!YI++!nMe}&61-=l%`eAVA45#{RGDSpAtjxGusVTd-hmL0%UYE
zi_rvveH1c{d=PKZ#(jD(MZznrcYQ_tHP$s?6CY_E`xw4<W)5c9Ca{YE@K-_shKB$4
zfJq`!&s%`mCo{PDJ<N=5_yoR}h|1xcAWIbH;IfdtvdId&W@0ATj6tUVsCX>$ukS1p
zA^vW%Kt!=s7oDUVKuEa+nQ(x4k*-gn%$}(85Lu9p8FXz2JcOg|3)hXDeU({H@{d~6
zirI~%ab87LNc328azLK;X3d~w?q)f6PPMEkQwUkw)s!#<w0Sb6)D**b-zX`ypcy@~
z^%adqJJiL1yUq}Qq?)cbtH%!v4pH@^V!|p6uLgG+_%yffo!kPn!8uKJd8V0rZFYUA
zEHu%k;x)jeitb81+}aQl?;)ZSyiHXD%hd|uYjygoVHK|sSS6bnkH{uzQL#M;s`K5W
z<lW*y4pSTOwGp`=8;$LvKsmbdotiV<Y`JlSJRCs<pVkQXzm)mXwC6RG<=Ib-s73df
zpNV2<5ZiCeSZN278YYhnk5URm+d7>itG%I7jEezSDh=~+1lc^5<2g4|L!azJCHCDq
zX5JGsbf1^z41||yW^Tt}5#7@2dVnH2!5{aLn2IY$No3A$*Ds^Gvb;sEs0~n!H<z+@
zlGGex0>sWFjoWQ5a1bXm?GMLtkG6v&R^z{fOG<6DX<Y7tA5<L2pa3a+(?eQ&B~&Hg
zBvaV!0300zEQuo(((UuN^atP*csA>%<4N&iYp4L9b(rjHRT43^k0}3+<7N;<&H<8`
z0fkMzKp*BDS~zYR!JvPXS}9y^QnCrgFwH#Hny=nO+R5rHB~~cf^c_e*o^teNS;D+b
zQH-1LY{a+AINs+b2<QNtEBsnc#Nk`RrG>QKF(qU9Zp>O#X%}1-4jp+-DPtU7A1c#c
zbC{@#of9X}^dIGT2D-q462G;Bj&@2qG)+mocvzu@+;(gf7Z;D?dSm+o`mJWi1q{R!
zj0x*B;Sc$fA1LjGhn$C~z2EHM1@CNDLIJDZOUi6a5K9+rW2lo$K312u@wc~q0&yzA
zO(&aGbjSP@J*Ln-B0?md>Dn)cY1aili8E-){F;_LI>S!)8F954#<VMniYcCy?DTJ;
ziQktF6^N~zuD~`wry5LEQ=d^9`oju|%feZ+Jmo7Fr9c*6VRVTvU6HQ$e`Tb3b(Hd2
z3yg=w>@w7{P#w}-VupQ=nXb;9jpotkYLvD&hMiUPw1s7ofODEid5pj>PNj}GbY_QY
z+z0S+%6f!|(#%n~%Z#WS`*ja<JXT6UTO`<1owDDL%k-UtwP<~idjjNacA?r5M6HW=
zJu3;nvPjRjuBNtM0dQi+VsIOL;u^D0&Z+Ou(MHydQ=}!WlA7mbJm$b$0~0!nn5%Lf
zMI%(Tv;2kL-hB$&Y+-k?Tktq757AizVc@{dP^JzDVW1m(b|Cna>=@e5{8h<BlJ$xw
zl~s(O6>w_jMp%uekS~egd5FPb4=3NW7F4=pH}V{2hzM9c5zJGaLr;w&DK+`31yau4
zn{9%sas*=2a#U3}`|(--f?UyH$M2}CGg8gimJur1!&faq9&O<zggW9QdSp3p!ZpLj
zJyQl@{&F?%98Ye$rb#x@=n+(34VM12Q3K+*OV3QcFXN1+=>u9WVe<r*4OQWKb!iTf
zp;A}~kHC<g{lSFVaL!K<2-XkjOPnn8_>TGEoaId-m^eF2@7x!ijeBF-n7g->4&>=t
z8C(c33X8+huNyU?)@}HQ9`;-T@7_$@Z-SuUwM;6eXJm1?>1~|+K1<enG+xi11EAVZ
z^f6aJN-Lg7u|XI;E=aaWRmP<7q*@#Zs%WOs5g_RVw(%K42<5gwb^R&^Wnse$O~XxF
z&60qFn0d#ujQhCj3IE2*-LvvS;19<95$)sqct8$|?H!0rI^DdH+GUfbTkCH}2zXFG
zL(g16NDyn)qCiZyjAXV9LK!c?m{4zJ)VndA(#c(eg7v!$j9_%BfpH(wVmi!;0FK}P
zbvPS{1@>w;Mz=7|q~~bk1p#=nh0LmaT)_$RUW18!I`Q3lnWaWR<-z#utiQ8gY5%9W
zS1f2@py3u=ozF+q|0TYE6Ye^55HwjW5P_iK%sVs)RT63z!N>sxN-m~%0r?@F?aE{R
z#~AOguR;LIO9f*{rI7!VE|tS4T=VFyXXUh1=<h6xX$0<82ZndFeH+$=|J7LSirAuA
zL9Kg2o*L#skn2*tWFRvX@tZI~m9Tq9pVY<J00pTqXzK3@XoV{H6iica9}4if5&gUs
zS}rT1cXMOEpn2XDCbH_!MWcE588`j~9d)I-PmvZs6B`nt-LojAi{3oD(C&7Hq_+<Q
zw-eBW<LPK+1st!A`XZTw=@J93Dy;TT<>DiClG4C%?rXX@?z?K~<eg9Zk&b_oofT;a
z1+=_Y^E0`UR&S{ga^Pi@(`K9*<=Jtv`c=u!H&>M_9O<0SQy@?<t5k3HD0rw)mV}sG
zde)d&U$Du(n|}~04=W^4Zt+NdT=2d?ES~`_BMl52p<3!5yMpz-RJ--|OT{8rQ65+J
zM5ya}nQT|U9+7xGaYVE$&_=%m_Yp&{y9tVzKNYPkN*yp47d2GMkBNV{G9n@PH@`v%
z#@t+ET5A%bKeKA>m|{7IykJl~D^IgmcGDKMF8UM`htOqe<?iX#Xj9jD&#t^hB=(%y
z19cR~T@nQb^|dBWS(=4aoD6Bv>zvKy3cZu0Ho@syJ~Q3fECIVkGo735J$7=FICr`)
zZge=?YWP#Rh<)>Tx0+#bdY1sQ7QrU0b4Rbbsh*`LT+{+?KpG{Al$&;w&(rK14b_ZE
z-=l{p{oZ;yIU9)Cgwsf+_gg+$7Y8HfBl}{qFW)pX)DsZrZNnM;Dk$@bC~#1C-fCuc
zInAN#NN)s9d`=~>9iPV)WpWL+nM1P#zDp6@?u@d(xED31cQ<k;uf(j@WV{J!YL~e@
z-zBtGeG5}3AeO;1Bx|(klK;Tl^PUD(LEwNt8aDk|SV)zeBf7MIvQ2WlFy_vIe?iF_
z=Ffdus;HNfx0<Td_ZD|Boeo?`x15*p{zyv)v|w)M+#FS|^RHSH<``S3c8%p6{j|p5
z!#rrvxLsVLN{HWovMfatvj13tI=b5bWY(jy<EPslr$%dpq<fO~2oo7QfvK9Gd=e^G
zZ;!s>%4?uq+*25$Sa!qJ0@=3CI?RwhYEsf(aSAl>=c$~;^;(EOm=o{N)qLMyy3Ca5
z>ob%~vvS~}KH1t^Ywx(R(13Po$L@vhkv#2i08n#y#o!YCzRWV};i(^P?B9WIs^s09
z!C66f?&Y}Svx{UCPk*=H+su!nb@Qy9ZkWlXqe2Wln)9fOe0u|-9Q57;Ps~;>dbFeB
zqw%CyXIEF`fsQRg-r<ZTGADh2l)9Oqa`bs{*fe=zM)<^uODm|u@xxtyvD&m&bFO`P
zfU|R_N$gw}Ath6ln7P2P0y(|jTPY;2fS@v`3=O1}jBYOt6p<~WuHAq60Z&zq=-H!M
z@3{ua^gnnZJC_U86Jwb0KHbcW5RJTbgNO@T`Z7mrkp6S?T=&SKpw6&<tnkcbbeFvU
zwNiZ5)&`rDVHX@8D;<>*4Mzm5_6tjDhYXu_b(sp8-GO8Rx<}VVgvtDX&aOckJABMs
z$vk6f;6U~@6X@|KnA-VgfhyEggM=jBm&sfQ1+IsdnK{38g1ihj;^1$pdc?6Lgkj&0
zdtRGqtnoeKB0zf6wuWOHPYK4|@M@zKmoAW!^G#LrH&MG??;dg!t{JpYm2|YWc-U(V
zxzErWb%DerRLht?LCx1*bX{~B_}@6z|AHh2dnjW;IzzYnKAh0|jj_sM;&BCXC~7AL
z@>mp19!swuX%fZ5nb(I5Hi7|@>tZRj%|0Dtc4gPH!1O4@b@~A_miBa%h#<2lIm}K{
z9TBJ{%UW7+7xlU)<&X(T@*9$E>{NuWbviXwLysjqc8KAiI%EFz+A5{u039%(4}UMP
zSU(8Au=<sg@Y{1GP~ga%-r<7`707DMA;NcZs!M>zx}i)zm5n!YS3sESTyK(<KVk@a
z)&~2`a~0g)(KojYGDFk2oVhZ{uEgX6X2)t^e|@qr0BYzyrcoyi!v3~0-a0|1W33w3
zf9en2n$EODA&i)C)$kIxd7dLp@|V|_cwzi5w}V}*?Yc@#;ANI(%GOqWD#7oonYgB$
zXC5^LmJ3wK#vJPv@U)jo(ZjJWfFFk0R=2=Ptk2}6VSBaxSMB-FN3t1AFfdrU07FxU
z49DRZg~F0T?UmNVlnz2z&QJM3?X*Z*%%RFwYj1RZHB8aL;yDO&lVjM36a|CK|4VZS
zB!}6!8Fc6P)E<3w(;hs_NE4qAQ7<}j=5&q*wiDQ-q5V)-j_pkpJ#jsmgAY+K)WsX5
zk6Hk>QnFna5Gp3yne6b!|LPb24%a}XPRK$7E9kDTQLynlG>G}BME=w2jUGa%``NRo
z$%DDKbG<*sO{R8gGzDjFnZ+^ODn(biNa9f|C9}uQ-atCO;2Z%C(K`<biH>#~l9=5n
z=zQM0NOzW4KCJr`tzrV~m3*QB@{U#!rgWDIu5!u}#T1DN-j}g;#4CIA9(i0d4{B>Q
zV;1~-dvJEHyfR|dmA7j13nvwC#lev&uU_I_j*c2y)E5j)B~;NOta#(?A=5k{|E9;S
z;&`PXw8kwdi<j85hw_2vT4t6M96p6ZZ?7*{V~Q38k6x{iwi&WD!rBDV4i4aR(;cHd
zH!K_=eVM8R<V$Qh9{4OrVC!c}oL$J|n^K2O$5PBm9csshgEHodUpl+;8NtP7&lwM2
z%f4CWU39b(%Vo<p`%1MLw@3rD^+6<0u*zt;80g?1p(n19EEzub30bVbb+gPK>kW6H
zQsj}zaD5?ck=auWkcfDqGcss3OQnvB*dg$Uy)`1R(J~5}<=nP&`z4e4Gqwz{T_!2e
z-f;HXSN^i3N&<*WZL+4s(;cd3fcZoj)8fOZ*1h?nhNoPvj+-s>PVLH%g9Y18S4dZ&
z>31cF(LRrrba(4_lI;(Ni)!58;&!X>O}p*!4b|gpbS7aVHzJZ{U<3sYB7GUl{pm8X
zd9-$-_d1n8YnyH9L~8g}+s40<g$kv)o2$z7U30#hj67$Vj$X4N%@c+P6%&ff1>2e~
zV^GABcgpy9f%W28>U0AyN~I1`_TvoSdY20Ss`>GF!ndxs&WnYIy<)x?0)*RrPR@c1
z>Mi{>^g+M{XLioNxg1_a1;viaNh&+B!dns_5D{$ud1I|6%WB!V0Ri3DkcB^gtsH;T
zX&^1tcNs_A=^pkb#5mO6m&x_GyC(Uvq|QPhN;gf7Jl@7Xo?-9OKaTYSdrZ-)8Z{>P
z?joEtjHk&y^b|%@gU?vxIPLj<x%5*EoTyyKfy3-SmpCLzx+by{qwlMjP86k_(Ww3H
zgkt6U6Bo#Y;9;7dd3$`jiL|Eu*h2XTM>Ptlgrlr{*v)g)0R|(#RVcKMk0yugkL9b|
zkLJ!dtE*$T2x#Kt3EpOx_7BoMfj#K9$2q*h(FZ({!<})&!<0yldm5AHSRC4Nn4b-X
z2$w(68IYca{!HcZ-~Xbg@Rg@SU6;gG%cCQtiAd=FSubT)(3)Zr|Cj?t;>-5-D;EB#
zbeJ8Za`-f$URAM&sIBOS+7zMqfjJ!0>@^i`KM0yAU8Tto)|mpG++4qowmtr_s*Isb
zGv>E_D@5L&+nY>i|3JJS8ubA?ybao!)7<Ex?wuetDd2=r8vLb)!O8$H#_r%6LqWzy
zW$=?mmfOJ|GNW@8Q&7u?^u8PH4#Da(G}->ZjT3{nwjm|Ul|sf;LPGg+Jd?N<Dxu8M
zV$KAfoPE=n7jfiS{U&CV`+}kO<*4H04zQOFi~x~L5o&zIFx8=kkhiss827<cX#J>u
zp@QFMEO*|@nb?|^vj`YYSXE05oGUegagz$3{bX!C+5J_FPsrZp0b-{0E4;2^L?5?X
z%{#tSvQxGVhFt7ac$gD`vSs3Oqzt-s9{{L1v+gV856iGyL4-W|{PRJ<iiI$8yRaAf
zHf{|S)!a`nr;HrN>kq~fWh%)~#iH3naL6mA<+tIvzC%C<9&9%Ht~F@WpHEvNt2rmI
zY&ILVTRi1Jg)iLR_n}Eqqxtyjv4~i%^9hQ}GeXWq@<Sbc)?(R=JJ3Ge^82)Ze!Ju|
ztf~V{r>RAa+!r16)zpMY!h3|T^ZUX<6KCWx#Fsdsv^~VBjB<Kwt_A`;Vz>FuX_frj
zwfGkT#A(nE*vkNeY)rOh29>)I7R>e&G6hCz_g#}HvxSzLvsh|7AZ9ENV1+`j^VcOU
z_%NeI0{&|D4>CA8+?>QxV>Fw5MkD+8URqZt;rRe+zuU#jVKw);{b#NE?+=*8CREKR
ziJ|q4S1=hvTCEDCd6{y?eejWO+l}@vv@{={S{~13OpV3dr{`d>fHvcjN3x~lFBjPV
zZ3B~#_P9anRN_4{(Ge^_N(k|}a?XlNCfY|TQ)zM9j3xj&Yd*a<CHMzox#6!%X}jzR
zI)sB4paY<dlK;|W$P_e%r4)b$2xdGq&y~jC)X2I1jIN5<9%NxvjIg@vN;Wri;w_-F
zyLF}SNsIJy%7x1A(7fWz3Br(zyMyMWY15WKQP{UKW__}mR<tGgP#L*pk034%&Fvr>
zxtPvsWb%n!0}`>TjbzjiYjLQ|5^6+mbTCijo8BZt?WdHuZ$&vxjZeEcVm8@)G?llv
zHP#T9`D5?R#h=t1q1J3?*mVc`x$NnX=@>1~BGYrtIz{yQ%^+Cp*&NQ~gHMsyB+J{Q
z$82!_EP(L!8tC?s19Dxbs|#eR8xFt|Ec28Fsj0iW>Bfx99n7(F8~5Nv$;#}9OQk%u
z()07Ba~eC=+7twNe-egh^=nL()o+rOoiAny!%tsa<-9~urFW@HGu4y4ZeH4qL7LWj
za1T9!>o+m7_Rmawm!l%;AZPNKd;;Dew=4$hVZQFd@d4^2Dw(XCiCVK2$}dxL1SjX|
zCAw!%mm8=rB@v_A)ns;6yW}W)aA*%Na%DGip@763&Uker!f)M}36D}Z$eUmvy<XAu
z8F1JGk=Vq6!6w4?BN`ZRtjlBf{p=#y;u=P+ddh2AX!h_e1<jV4E{o1_5yCbD!{Nr<
zuLmsMd}F#d54<95sz!ZgqBQSU1etk(oP3USH!+_i8CaUEt8GXndIz?)UhJ(eE_UGL
z*?+U8kEQiFOYtAJd<lnV8>Dp0#RB#~170xp+D1oQf5vAEg!#{n7RU|j(EQBksozMf
zmVTM*r{9bI{#mGWeG78kNMMPd!Y;~J))x0seAkK?JGyNLv!nRkw@YL)5W}bG&~6(*
zGihyOJ(`%ZuR>ZNs~U}oI-rW0z3FyY#(cu!<8DqmoEE;r(_sQ(cs<<oGGtHQu7_{r
znERU&Rc!n07-iIi-n9n(iA1Z{N^J#aTw7@@t@>7F`Aw@V>$|Hua0pR4kK8z!cs~We
zq3wOwt<%(8o;?pSKCrrDClm`r+RM9uc9|cauZP&Df+<B*k#;MVe`fw2CR*}t4o62H
z^d>7raNpJO=@o1qpzVI|aYPX(XXiNPu{QNwG~v@E`9yl5HrI`^HJcJ*?s40m@YwVk
ztC^ds`9_l~{r#;j>!bx7WTHnvvH~U0y!luDA6@Sr7t`MN|F1c=nx<M)Go2Kx>0la3
zN0LKpPDweesTnGjN|9_7Ior&vPSbQSr9w`tl~_%Puo1SRQV~UQu^p1bP8-{yHoCBX
z%XQt4?|t8o`}%$Un8)(aL&M<xdB5MU*YmY<RP1`0?Bk7%joA-5J^hCRem!`aFMsVf
zI@#WW9uSuSh9{)l^AiOVAJ$y0l7KUg^?&U{nrx|rE=}cED}H<E<|i+WE;r(fckfR2
z*_Ntn`+DDh&Y{Zz==V9IEKj!=KrV~UuvY$a0=d8HSFuC6)daO{*Pz&$XN5rw?tEad
zx{1Au771Ml{_vE5sd|_#9p~;|AsMS#qp<A#B*vqkMD0hBmQoK<^(-i7o@;x>pl;Ef
z2uvj`((!tj&PQ5-!floOC=KRh@O^V8En6DZNV8I4Nr$W$^Iuo8f1d9iC@k^`hYcSW
zHE03^lBp4;`l7;j6_W91i<GkO{Ye@)y<Wf!o}X7L_P-Fpq0uYq)dD*dc6g6U??N}I
z^u|XvJ6wgqWT_sw@2#nUB6F0H?$cFKGNa4Ya{5Ch+Oz^jeKBi`%|v!IbCr(@DvY0A
z68hGJ>PH7{GgMTxDkyMW?iS{@PwH{4i&?C5Hu*)RBA47EMA2H%+$TJUSq#8Am&<Du
zQkK7Bw%b+uRx4VT3Wi$)ABDkVs}sHS0mm`=3RyD1n5EZ;L(3K--@P@-L74ZEEOR;$
zNGmFltwg>2dl1)iBKM+p*w1RXUWMM>3Q3}}`BqPuJdNXud3q4owwWkD=KowXCqp0+
zyZ0fU@&z|EGWKm<mGBpIQZr2zVi6>&@lDJGnN;%b)inq=yt0x6c(P|iRR>cW$q@lG
zgF_%bKMl-8?I!0AGIq$>76TV~$gS!}wCq>ZJhOqCUAW@&Rc1a2f2K3)B`3*6qqIX}
z=7|A5_rO@4ETjgNp~x}?{Nf`8K5~U5{rc&KB`OYhtXp)CDpUP1T-uG@r`*#>(AZFR
zd+np4fn1vIGwg6qvUCXi^g%>>EFzT>fW{|)&3tf`XyWc3p4mFZOc6VcQVagy6Isa|
zK^Ouivw>9}ahq@~XVDBCk4%ONI-99vHG=QH8a#I17uf%rmL1Uv+8fXrBAetNBTyFY
zKj`d#R8obPM!QM`(nxZOEeNv*Cq5Vg&DMOur?npc3I*!FmJ5C>#W)m!tvCoji)<4K
zS;LZz4ltjgrVoOg|L)5E>j{vsAQq%l$o&!jZ2EW5i;^SXU`AP6K7A*jD;cCxKSmQ=
z7uGqP{Sf#0+(OB`r^7>a9IlTq&!H%emqb_?TR>qnJkIFxVFAQ_-^BuSC*(dx3Rhht
zd9MA6E}9Dk7p2gj)DaUGjoBY4HhHzi17ug{p!(a>Q=l2Q{s{-Z-64>CQ;v!zUROfw
zoIcbv<L69C1`|1kxy3GTwxWU>vAorNeI|L9M1t+xouKxO^X2k5W%xA%lKyO@i}h>c
z*K*ydS#l=jxKu3l65+r~1;UFb^&pL^`iV0|^t?z)qZkmQw9c<mM6~`5JT!W|O|7vK
z8pdH&liJ7vKA&Q>ehV|3*nw7+J|ILE(X7_ro7SjBPWz%+!^8bLBHLfB8gu8kZo=l+
zh!?a1x^Ys_@>W)&!##raM5Svq6HodOl&0gnm&i5*mMQq@nopB4jN-Bf3C(wI5Q>(x
zM6>wc)I7=X4I@i)r_>o`+`PzBo%idRD;<*q#Uwk-?XmfqrWH6|^H%`V#wyT+moMa~
z|1l`&N-8cJk<(}+gdW(EG!<{Sv2E|5t|AS>G%k}&dL+?!cPDeVZ8oxNKg?7^zwdn~
z0%j!sPH^njP`2{luNgHr=2i3wq81y|tY9^rwIbP8*Fb5Ub_7VPI?CA7sSA*-E)15?
za<0R&o&D|H&?Rw@=h(~sjHFqwbFE&~Z6iej%h`??hniATJ7+*!C${OO40e*}tI-VS
zdf7Xvz>!gGtcA}Xc~xR_J_F?5o<5?8Nr}2ZrDgb?YvhRU^$6toC2D`Pe=32U$*67c
zs@Oubrn=u#5;5B)tQT?0Bm?q=yxqH|wnq?-IYiIsi%HT$23ec?U~lS*>0{L8sr30P
z=ILk;vuFZ*d|&w1GOpb004QQ->BYIUuGEIR+^fYkHr$^6N+#X@ZDn2Yq<MzQZrNqa
zM{{H2Z#UP4aB!d7!-Lx2n3WgTgeG+D_|tf_|E9y?OZ?a|l5QgDx&47vk?7KraJ+-*
zE%+>~WfPKYd6Jkid#ykJac&eh_B@wUi<+2kZq)P2^sicZ6*KC?rwCMUD(H0BQMb>i
zpg>3b@%q$oxtY+#+5w**tan4kUZRU<uT-EQ{JyTh*vUI)Ee~)F<6gg1?(HaA4t9la
zg3BnQoe{IQc2)8MP2DtVx^Lj$Kr3^6TMYzX+=h{R=zmgijzGjAqf5z7cVR$Gxn#nm
zA!Hnywp|6$zvC^<a%#uyo{W0?^r;ZfuLfCQ%l$a|jW$b)YT2UCP|EV11d#UbPy_V6
zQeb0mlH@Yskm~#VV^hUC<o3iqAm25j-Ta?dybk-uehc=Or}no4lChvm@DW1vc=tyM
zn9cqkBTj=n?mZ_8pT0qKh3^TG#674?mAB!T!&9!^dG=k2-QxfRS#{{jgz<~E_Npo$
zE-YpEy)rWBfq2eudXdcMyPHC0l`^Dhx*966aMKF<v#XY^-7F&ICveG_PAXJBelu=2
zqn&KB<$$qZO^Gr`AsVcupB8y&a7vEHwE&p`iHArNhfP(~thmbFBv;}P&G($&0hhjY
z269*ORs2bP283~GRtEqmmCdb>kQaRd?(7;0cQs^BQ8%*09%Uy%c}ML)w%H|d0q?*t
zN;$8NefeQpD|UK|d2ehiM}ynpsvJ>{ov)_5-7VvTLS|Q(6P(FNPkIg)f&=<PR@83?
z{|tNkQsLZ1Ml9Z=-nG^7I*gQAJQAV3Gj0r4*%e&T`J6?Mi=8+cc}73BILBZf^?g4d
z-gX+P{S5nLLbrlTHMgG~@mB>e{2D23iB%iyHLJT3_wV5NF~TAXe4Goxg7LKtn%nIz
zi(E~Y_Rx>$X?5A`GWI)#9l<3kwuoKv(4uV|hHRnS>Q<~&^x;}1twew<=>qQcqw|E2
z*Cz$wH4vtYHz-jR7H!m+=sB(XnWw2Wn^`N6iwZ!A^Y5(!$A>T*zXUng_0TRtmX+X5
zLSN7&mqjVOK2dqNv?&d=wExK7rRID7TVUdhBv8O2GkFY*sv{nmrmC=A9NOrCPA$_)
z6S~}xqVV0xIV4-A2&2}C<PTv66;<;8bM!DA&FG+A6i{*ZK5h&>%hbfEaYK!oKzOqz
znS=Y9Ek$Lp*yAH&q~x1H6y?2_X$HeV3>;=sVi4|s{j%bJ*_>gbko1QukiGbVAiU;}
zer)a-qu5EY3gcWVozSNlVa(aJ%}dZd>u&(6GdB;q;(L5?C1=7vjakjTa81*IKz`xw
zpb@^y<NvHmL1OteNNhm2Q8Z{nm>en=>A_SgS>!fj6TaQuXPX6fA=gUD_A)J_za@{q
zI87}Ezi+D>)PU`N3)G5IXTYk>iRD1ec>}X;fC0?*O~0#gLN4|tj+anUPLaXmtz0AC
zIm~p6Vl_K#MQN7Jtk%cV1z`kS3DaFwgk9-RgKE-K^KP9g`Z<qof3ch9Vo&8s)deUm
za|}_%<NO5=E}5`ULE`Tntlf79voD*Y%Jk$bRqS<gW%S+&8jqpp?V>}L0%dq%>;Z6M
z;a#2fEo}$J$>ghPzlA?yEt_;qpeUK*k7!E-Ht*!on>0==X5c`(#^f&*x-^`{lN}7t
zNRdHX;y6ThknT9O@~h~_t_B>}75ArM9eO5vsF^2m=KyY1ELW>h8II3Mmn+Fq9&I5%
zxDiPIa|KLzbjgDY%M~MXNiEt0JRH<V#kXtMgx?#$+FNtTOb#^M?5MXpegkT{aKf74
zv^4t;v0?|wnvQ3S-JqQXUzMtJKb<`G6%xx1aNsX~+g(s{`+G-cf6H}LNV(*o8>3iA
zYSRvcBG*Di{D4GOxv3*1IWe8cyei78Z5OCe(_?(q#tfCu@<5$iqgdk|-W7yTTUf8M
zk-Xs(rtbDRi!mbi#E5mgE@y`#^z4#w3$Y3J*GdBk+;G$9)_Tq7+Z?)~65Cx~U&9jY
z6xoeN=_B>}sz+bg3YOV@$<K4yN|g`mcs0VR>tdy5bo4CH%uq!gz0n&|{;*w{G~j#q
zas$V0zarYo-&pzBa}S+N+7~)-r^9sNxY_zgcVp0|^H2R0imO&hFT##l+{vFDiEP;P
ztI<>MlNb<!_jLF>Os$SupC$MrYz21L>{loYs5~!#vgRMJi5ckPFlI*f58*ebT`qDC
z;AXGS60?zA!Xt~Eg~_H#$zuBr)AV!P54+Gt?7?%{^!R}e+-H|#pDes`kT`U5Qb*jJ
zdAHvbtsnr#kf4w0+;X4_$b~s+l`s<_+?^RhMi;g4^8}02;EYRyPkF)0g%aNlyKNne
z<HtYiP=aSMUGeHvxp@1F<_J6^#*!6L^(<MQWOC#dMwYf)^zvp8=&~O_Ae^6t9ULP4
zz;Dc@Irp!CE1uVh;vU?kgkrvNrK)A)*@;lXw`v?2m@lV2t(8_Usd?UmCf!y+XU?0b
zp{&SoqpN-G$sT^v<FO*{=U?Nb?8SXO_Q7uzX7nrAd_E^7U_g`h=?4kx?vXAV+ja7U
z*NPP864z#A=kPtfI9QUb1A1$|5Y;x6WM8qghEWcMg-|;BmIsi-&6gJqvkTVBWe<LL
z9?)NI*Oytvb%*#qIf91HnBFORKAW<K@%mAa`fEmZF)H;HZ!Q_k>9j+=QVdEcUS-U+
zxJY#r+ZBqCB^}INly@q5BVN8<8JYjCftF<Xs(T)@{RmTas<_^$&z9*QzC${*<j&P2
zO7vt#{B+2dmF3LYMUAa6Tl@5Wy(WAkZn9EkJdpI19y|0C=2KPAjJS;#l{aRqj!%lL
z>Is-V(Kn7Myh>=|H82&nRr;nMyN+#FFyX8z{kX>L`bMF45A}xTP3|XZ!XMl+itO~T
z64E=QqvHuNkNX`YMI%!(`MoPXNXEA^?~U`-pDi8Ce^tMWkM5UqNZ`7|pvE<zdv?+)
z4fj$HYRgknaQ-bMA9QxpUg}AZ!?xU&ACbId-ow0OJ>l;pW1~oO)akY6-J1}w`g-#A
zKIS+o`t=K3dW&+sy(dh+E|y0eT~)(~OiaRThq5D?V??Y`m=aC%&U}!pie|1v<2aZY
zU$PvuF`BN%n3qc#K8eoEjceTptLgE718#tgNk6uEUv7f__!o6)m5gI*5kel)j36K9
zLZ)j+L3LZvqAIGxmO1ckKa<W&S*Xau&XUirJnOI8<%v(v>p_<%%4rKku*hhBoKW!x
zjKvmSDCoUaMeRZGXv0`&YA1tq?Edco;D0~ytxk~k7SO_T1SZLNuEC5#YFtSv9LF0?
zm!lSEKxS5vh|JNLQ_Xa8kQV(*!g6B$d+kMejQ;nb5=`iHkq#E>KpLZ8qiLo`(|}8q
ziolFg=)+2SRUy0x<7iN5dN&P0&4T$%nwZX_5cB^7IkJZ;y?lwB$&xUsI9&(`s+wK%
zT0ea|)z`P53*0|eB{cPVPn?Y3Cs}sE_lNMLr($>N`D5`E&3hImUudvbEg0`!O~9U@
zT4mxW(pB9*En$2>08>uE4yI^k1;Ur3iF;`ItvP{4x5}pik~{xZiQ!(q!0aP(cn)@J
zZ8Y8KI5yibzKgAK5gOe+KguUWT@b4I4zOiWx%8nVnenPz@i$OJ$pT+P5$2Hdizw#1
zlCdHWCZxdU7`4olA(5A-uWlTX<CC%Tj8X(2Eagzm9eylY6+&TDqMe%vVt*J-uuL8i
zvl7uHoTcnwi^7fkC6Pvs)BRY)w6aQNJ6$Q(tW>1iKTds(Va-kJ<)|<JnHuH#3}Al)
zcDV~#<H8F>+7GHoLimgGuM$RYKP`I5I8M36)!{<6bgmd{YB%P3UBd*(xo=XfuHH^c
z&fLwfS1U7^<}g_<f7S|=_7<m3GGijoLf0D|j{ZJNZht+tNwTV63beF~D$iQRgA>B}
z2>s@SRu<R2_oa6D{QCYh9nf@kiUYo6{z9J)MH(>`&S`pkqFyD`*w<$&igTmqr%&NN
zRI}fX0C-LRjVjvIQo3Gs@{E$7G<zTs@VS2BbB`ot_kCI(?`w(F?wu$rlSMoH0<tr_
zCac@G_VNm8F^xo<q=d0>`8QwcQb)6xcCui9BJ<ocvA%7%2bk;JZFlZ=RwdwkDC3K>
zp5{HF)kpN!iSl8)(W-{a6p44^=+UjNbr@yExqALqDX{jvgaD?Op&2z>m8P9peajk*
zXWbvFfTkImkBZh7z-ezDi+`#(Onid-ohG0h%J3DA%-i2eIosv5$@Mti(fE4~ESmuK
z){W%JqgiW|2|l~uEA))KRmKU3#UCG(^Zv0mUNCpT;l4W0qsnW0g#(31`pSR8xc#{6
zIVBkx+DG}h2ToK+O{r;LDmHt7XhjXo?KUOqfLeai)y6FK0;gZA$CijiK0rVxKtDTh
ze0OiN()$gpP%?A^!}!YOy8GU@jk}Ys*`-?=GLc*_kA5sgSGsi&D>-tfO6s!Nc!fh2
z)$@JqUk)qmx+y2boq!`IR1BgZ`3|jUZ=Z^{FXN;H-254adPmcAdGou~)^MnKrj?UM
z!ae)Xye=M?R%v8z-lw!`c#O|3lN4O={-{dP%s9L;8mb>d?cTtId8g%e+o7kt3eQ`d
z8tJ%kZj#*=-h+8OmE0Bm0vAq_s8Q!VU+`?(Wcg34sXgZfQq%h2s}f-Rb(XKP4%kA#
z(ESDNf{|EtcT4JU?{p(~N#hxb!?YF-Od0>&Ut^F&+syQwi14HyVj}!T5bG&d691qK
z3_MZKkIA{;%7hD@av;V@lgg^3zOzhg?a{OTY?q;TO7w5wY$Yu%w!KHm^?TsVFFweZ
zX~}T{0Wbwh7AM^OfXZr%f{azPF9d8c+6p0`>RIA$Q<pA*oiA<pLSLvGsmZi04m}A5
zH1Nz_<57pGZJ6mO#{;EgFllF*t+F^3djwjU3{BCCB}&x9aqDd@oK>zw>CP|7@pQcs
z$&g#;n4XwJzw@X=;gKo<liF%AUN@D)xdApEZ^TrHLi)O2;pA<3XjJv1=i4`xl$d%e
zBew1Qz7I0<R-zr+sBAX>EYm90^Koi*cvL4QDWT>llOBQjb99~M3dD0lyxwEOs<EN8
zD*yp96=x84T8hBbvtI$3VewgVu4adC0Ygb7<TNwlJT-H2KOn;J7(SH0lWru%PdbNy
zaUCdqn?xc!Sc_De5%^5Xm1F&zO%6pBL4=GeUR5N!Vn`FWuN%(x`4*-yd!S>Vlxl8&
zBCyzkbi{mo*f7;=T^ZM(iyIz6ls=S?`{-nm&z@rr+b~i0*l5Ol0qvlXh74dCj4b>p
zCiPH5>ae*6Ae-}y08=Sb?b)?y_6!%pHV0vg%UGfYaockT_=XH=zwV)*Pe()6gc?O@
ze<9x1h-Nevr_`DFRuzv{b(FMC=8~q*3#>(}$N9rc+yxZSuKkaG65@V_XKml<JRDrg
zcInLl%EU>&C7E?0#bVl&+omcDBP~7l4#vbC{soQtzYQ55l2#RUSGQ2Dey@a4R3euE
zL~a$($9SrO%q(=2lz)`O4U|-2zkvDd19FxRJR)r>|Etzfi?#oAXbP&H+EaS|mwI2;
zkB4r^5#CSan2X|oX$=77em;Rh5H<e&G1{b_{`*j4&YL<Lv4#Le_%AAHyNzTO6tYBs
z>`S5LdnRm`t2)~Ir0$d?IjTM$cFdg->-9B$^FOvdsk{?FJZGfXr(G=9L2tYbT8oVt
zp%Z>lscH6UC|+35$7(zLB4T&<PEX4108k@pAAJvWa0kYm;aIL%8zgj-iVylDrJ<^b
zWLM4$an|U*O=Q-X9@M-YKOV<w8>b4Rf8JG*qR2~(_tyEXvzW!VnI=)0L4yYWWPY=j
zQ!?9Y905B%AMIoCxZ+huW0tsd+_5?~`v6G&gR*sk@Ty`jvgX1%QTDV`zmnXWj#qFI
zO_Ij59sepNG==d=Uhp-mSY-X(sE^&%Ig+dxx1d6@xOZ*|;IK--_iLxJRkQCt<q+w6
z2;!V2q+};NIij`+wY$$4cSI+x_a4jwx%bv7;LB62lXX>%(JXeH3cV$UU3%#p#}~fj
z?vvc9jX5i9&y|JY>JpKqp3{AgsG5QQV-s26O^#Dm$I10g>`Q9?IWG^R&VEv|AS<`V
ziDeNUXQesUudz%1{kq;PC_+gaTlKOm{`RBeRrt~sd*3Od0^d>D1AzOiR+iV#6f%rC
zYeOE3^;3qhpW_s%S~8r=CN<6nMlx-sEWX<5QCIm(9^Lh{1&D8`J}FnmA$w2;aBVMB
zJb(F{dcI)9Vy-<plF8#F*rv-L(f2scd8AT4Tzb%rX`XlmQWh#$N{{5GB|&k@;6jmy
z<*VQbhWgKBc4FJLVq+!M9#PZ(B@b?5ErtoR<g=X%8#s>5{g3&QWvBh86Asqyc>{Xy
zrA}^2xn2offDg%@bn$l`*xtjFzjLS73AO0r+FK4E6sR2}raY4~DX`zP!6J{09fwY(
z5q0z)fimHi@E1jq!@FwH$<U0@K1F;t*ga&dCC7SJD~~vRoM$#6*Kg$K&|{h}-qz3Y
zgp`wc)wMCpchA2)<hdZBX|j~c#KmV1%mkCL>L~VV-SpmAaQIRV7NGC_8%Q&=^!uiY
z@;2XPlcTa5F!N#V5$Z%)$Kylo88badUJ@*1$_75Fa&rzv{U#4Rb%aKM61RVx-nNH%
z+>@cT*q(y?^=UFi*3ET2Ewql<n9VDgo2HID^BjGmu%Ep;v=YwQr=8AI<^*NPq)IU_
zacb0{AmnH1P5EJwY!{vEgaU^IRuz}-Fn#1u-*2Phn=U>pDc8TZQ>Hwn@UqGz5i+Xi
za_>{(P6>0H9?VE}d#h8}cc>?LBF~Ki%D+D6WN{`~iB8sO%_lcjyUw;5FigF-H~`(0
z$*a*)D9E3n5OVURK6%0{OH4Ck<}dYn&}Ws73AHr?@%Dcbgm<c<S7;}6mj;TF=FMsZ
zp32F_+Rh>Yd+|K$>$`$Tmznd1DlxOv0-2Wx3O%8nfr7Z2r!|QQRLFMJ45kip!OvwX
zxP(7>4&5$oImk4j;Zr5kGW}Zlt0Q5wC}z;b=gqRt9IDg%8wf=_6I5~h73^dy!nK)`
zP&#Us-5Ok=?_*L98#b~pT$)HGrFDwrkLvomdtn*HREw6n-DlE|bqLJzf;MF<vrc7X
zLP>8;6EY(zvn6TWBHUIb38~_U{RT{tQ;(ktOofU&!1;6xau5+mZeP3hNwpy9E*hfo
z(ykLYv@)}X=wy{uW(A5cA~q7$@`ypf&VEhnL1F?t*%OjFKS=x9i)w|}<lNfY(35s_
z7mUVs>`FueklNMHGVK8>5j<^bquyudN`CWH_#zZi2m9q4F`uPl(~LfLpJ5a%=R5c3
z*WuZLl}6SdNx0vGnIa}VevrKVQc9!n>y6^CX&7h01aU&?vvUg`xQibh*X7g_q9%(w
z3g$8{#rhhi04Cn72Ra}cwV>cVuV0e9L-@``@2Jn+7D?!NiBC1J5%7pjBKAo{AMR@!
zfb?%7$F*HlF{bxf&~+S88IJRRur4e>7kJiBc(h*Z^V-PH9jr18)ITSj*Qe{xo8H!!
zcn#=jN$axNBi7VC%-G2&bvUZ!n$yJ>(3`cogM8)nbfiJsj7m(PHx`<vTz`eb1cI@v
zUnSpQxlWa#qHl#9bG!rb+!9fpWoS?L?5dZj!?bnCf$m;{8filP{+lRs+FXMZfdB9Q
z42C&4c2umV4`L#Y4&<i%=(~VCg_kxHD*c|8HF_aTTj-3WQ0#y?ijq{zLsiJnt~l)#
zLP-UGRIdNzW>ZogH$(ve$d7#<8zB*qMVe+5FGd&7+Yg0&K(_l^OeUB;ED;OnqdU<l
z8(t>0_50rkP@^2s6(*#hh>Qj(MJVD4d{lvJXaq&fE>kUs;o_GOTk84>f>#C}r{t4$
z7kHM&b64_siE9eUvz5faYnjrj_V!a1SVH~D4r$s8yfDyD<ONR~8&(FH-X>8nNr!`(
z!0QJMz)ZvP4pb8of_eZ7wV-IyHjePd^5!VY0{>6qbeZ&J3QKTkMHgy0pzWglBZwrp
zeXP~<Y01)ePJK2dM%q%az<&W}si!X63fR!Ycj<jIuHnSu7v6*VG3SqqwYmzhJfoiP
zF;O(}Nta3@ZT|d0GONx$S7o=rXf`ycW-Lk29gUy5(Ks>b0bz3cnvvM|^W2yD#<9O3
z*wWKTE55@u47XiRLAwmkjKl{?)vRR6zR6`N>CWdng@(|d6IsG$Xld%9Ik(k(+E`C$
zf!n#ygr&4=sU&8jQSX?1@6dgE)OiACNJuo*WcnPVh9bH0b9f5jE`;0Uu!pjJU#fx5
zuIS;#_*14mx+|MvnCb^6n#D<C(wccp!z5#BcUCJ?kU0G_m7=!yQ5YpX9+r<kGu)$0
z8Rl@h*nxy*a}uHS55$=3A{EZhK9@0k`henkE`HcIeSElkNr-3YSw1_VYl<ZL+J<>L
zKE57Vo+QFUKjYl+5+kt0R-{hq?^e>XQ!Aa0oSwdRE^u?ysBf(<BLQI5NWX4<ak+{K
zjMmPX7T0zH^M13It}Pd2wQz1>z_kf5zV6}>#zhLA=O~MAh&3$$?GQ|RwWO=t;n|f3
zLT+f%LxK9I#o8XLT8mrPainB&AAMZWd10+R=Ydq%a*@j6b1?5w8+=+8SBf=Fe<*C!
zqbFfu(=>JoQRM%)biOL;)Nc=~1O?tlSPqmpD(qy)<i5G;Q<W}Z>{-1(y{=XsUFIby
zQVFi^D`dQnII8z?YqgGvm6tM3vjj&oiUqK!t~l_oifzWU<M65KaKE;|!@B{A-NOvU
zw4cWw&QzQ0=(|=|79|<JY%R$M)l6ECwAfBwb0;Ok<F{9P`{ssmk;Fs`H<fZn&C%C4
ziGj&3HbT~$mvw<D1-pX0(K**X&~&9|_}6Vae?1^7aR~odY)S@9bB$4{5{qY{uo&>!
zvZ+zHq<F@SeB}YwPuO}a_}NSkVtwwCu0A>Aj!jvU^VKrzU#?biD`y|z;P=S1w8|uE
z*qxg-p^_+k@l{Y*)k+pNC_a#1@cqA@Kr+SQXVgopOitf;ht&2QSEo4Z8U^5ZTQM<3
zjS3xJ-jhr1HmI$o+;Pu7sv*sCw{EF((||rD-z1NjUj-!3AEE#?8`LP>aicFIluhAb
zVWv%|X?fW0Ta=3asiK-@8-loWaI!Zq>rjI`4OAxb6-h-8<23NB5_}v%LSM_+lbQyN
zzBl8(G%~`(j^Sc%ENxb@)f+TGGHvcHtDp3KCr%=XBa5@~!m(4~!hUR)Kb>XN#F|_<
zJEBGh80qEAz>~Crp~|C(j=EXFJ*e{wDk)T7$d0MPnWI~~L$G#DE7b+H_@KSCYa1rr
zSA#{YAYpaVqbn6)YD;7*5_qn%kLTOAF<Oyd5rhg`gcAP%&^-8qmLpzoh_;SA-NOfF
z9+N{!(TdvNj1GlS!5W1_P34_dcIb)cO6iOMLhP;S4v;L`xnG3m6+v@OZVm;*{2XSn
z_)8vQwBSb2M=0(tz^&Vyk!7EWBR}~K<>IzKmT)e*2%}GWAfCNZL|(zFyJD63JSo9?
zut}JmUH})yy%CF{El2hsN!!2JeMD#<g8d<OP^Ad3<MZ+%7Zp7q06A4aGEI_IE2npd
z<epQ2>#6-y>>w{>3c(1kkW8B14FrX07cVUJaH)a9FJwrj#X4>#2HU8~jy;Wv28XY?
zLIp8{T&LGW&SOX#a~g5(7gf(e3GS+HO7yx?4ZJ*&hSRo%!oa!BL{SM>Yc7X^SN(!=
z2L_qTodsMqO*6i=m+dzyvbr&hQ0QLnQvsLsSh`*=ovREr`6O{wvX;1XDfy~R1&8g9
zHfO>6)^Rt&=qV{{uiP5*xJ77L1!1&}6Q@J&jaM+)E`{4Ub)U($FjfgO0-8#>+~g>g
zfin~I*x;CAK;%V<u&INuiJE>}!<?nEx)VvI>AeX>y`DAG_XNb~SigNjJU^@;Xj?=~
zqhl{sv;Oxn!@;0(02oBUY~GGPFxFvX?JAD&loZt9V$g)TK=)(7i=K$smN2trGgEbp
zlqm|-z8h)s1qwI9(e#J^YVP>F|6Sky-;em&|Nd^4dS)XanTl6qU`QE)(E>!1yh7d1
z!H3&fz^)&mGH3ZFR9Sug@A^%J==|$28>={`l2(*shLFCXrWr_0C3!U}j=ptNcv!W?
zjFdz1L#><NFIyq~lVTj}H&~i4*ppTo6jXS|>u<nlEQominQ+G!HmhT|6q@dq<8@Ck
zv#*4f2e{LXReOt6GOZ?2?N~Uw(QL_jHNC%e9nuS<a=0EiKx*sxHnC!6UKwz0w`zhj
zPf|LT1n64bq`E6L3w3g3NCVuT%g`IA2ByoSoVz21JT7UeKg9KGHAEY3G6|cya>*fH
z*e*%@(n>yUYLM_5`(pQD*r)Yzb42M)F%+?Md8YK*x8C=v@h2&%$iO{$q|1PSA$iW@
z>r*uo{8h?Ty|S}?Q{Kr`YBG&7U&|xaGTW0>d&hGP%~7=M3=eZt2I3sQ2dHxRte&L&
zUhpBCx8K6x%ri^Wiiwe|A*JmvG590%XxB>$fkL=_p4P30Z81X6tK>MgvgXVAwDw8@
zsOTm|W37y$ZFib!f2Q#jT!tBC{7ctOE;E`fmoI9-DN^<&gv#-pS;e9?B(78;^rUwD
zr-Roq;+fHnWv(@1`PcNETSIJR$WP}Sn2Hr+SK-lJRV=^vNHsJSr?t_s6Pg|<w{Chg
zzlEclKAk6i_7Jg^W?|I$y<d;Z*MXj=KP1a;zA%t~-Gy2ceBb(_z=>0RJkd4bi%6TU
z{!R|H|F@(IqyZHv^la}w1I3rGLSF7d0xZLPIdM8jOKUr>^PYH2O@IBTiQJpInnbaM
za!b8PG9@vpPZeAF%Qq@0@N9FraQk=xZRbKk?)W=%!!TV(%iS>2#I0<B#yS~X(*I4V
z{y_Wl2uE~|#=61TE{{6b=6Qo#s}3E$)EjjqX0X8a%++<u!@9$jwRN`TqE3<1;~a+~
zE&|6sN+ItoZZ1*Z&uTM@3ukZhj!s#E#1q2qq7aR9Q(mn?@5Al8>}KQTa;D|HQnh4G
zCa#o)<Qa@vv~H>RS+SfdSH6|qw99vhtd;q$&p>C|i2KpX1V#Ol%-*YZT8F#^SwLWS
z5C&Nu>Yh-mM@m=JQiy-=Px539E$y~4V-2h0nn8Rjze1Rc0m;0qDJbR`yyxN+CVe2!
zKvk?04QWYS#78E6;IhcWqelAYZ2yIk_HTezF{TQ(YA0nj6K8>)$->oQt)K-Z^Cvy!
z=w!V2@{lt<5HM#%&8y1u58E#?!a(xCh^QRkcH*<WR#!=;Wo#Nfv(UcRy1-oRVKP=Y
z*vYHuf!+=3d53k{#Iie>5MVIoISOLJL(b0S9ryT###r^r&FyX<68dH&Hus^Gg-Hx&
zU6T!%-2k>#d=XaB4tAh{6^RHI`+O?wH@kGak)q{}{D|_BFCBOriR8KU?^ez0Ne#yJ
zK5zC?Iva7jbDMB`rZS(u%*a^YDX{(}FO0<xY%(9$h$}|wP$AP{xdo;$YBKgvGp9hJ
z+T>@*VVjqBie3tE;|$3_S0-w<R^kA|wzWf0NZLJ$7KrgxLti0ZtByl5r4e(K2xG`<
zQ}fnaOek+(ot(WHLFe5yP$dOFBA35m&LJE3pI9fcJ8uq>i_bJjz)k*y7`ozCBBfk{
z$t_kv<cZzFD#mF=$vV5MBNA{e)#1I}OjgrMC|#=kRWo7H8q5a`$?z?g&CWxUH8Oq_
zG>hWCfFBwa0f=EEyua$2sdAl##X6toxwYv(s{+ul15+g2yt|#^Q)_UEM|&6uR1Fp2
z&o#-xrQrO-x@wzkI%f`;MlqIejz+53OSfAa8Do0(;W>}fh+JR25#~lkv@&d|n@yHc
z4^0@QZb+Fd+mQBW&PCnkfvK9szld<&6-XyZkLUU#JUBvEJ!O6+*xYR%t7HbasL&93
z{^YO;+pTMQt*#=PCM$FEXy%gN0?>(kBuOSFWBW~&+o({0PB@C4>R>$KEgKPot)J7h
zlR!rUD+-PX5^4)A1<alARIbCj5kC<(O5{w{1D~Zf3OgyAI4iLrSr4rvF!ZwC!>g+c
z8K<N-;u^mJvEF3qpbkIlEQi=!zUeZF?6i`(Mh{a?dMw3N*i=E?;n#nZBVa}vVR&Pu
z{aQ@gHA^)VVcj8ByGlfguwJRob{SYZi>(DNY&x7hy|3F2Qy4hRf5};XNLv2KvB1;)
z`;?xYl+5OrfgjsH5vMkjr)P{BXvall>L<zUrIQ;8J2A_W$@#B_F-(a4XZjZbyDQ~P
z37;x+{TeDhTZ94jH2R%BT5}nb-$<K+Na&oV9%^7(iQ6_%@8-uBQj#4y9mmC#z7xkd
zQjS>;qm-DX5&-rRpJmA+R!PK)=bHF^o><bOCm%xV7r?-{tVy$M4>aZjPxNPUD>Vn1
z5-qQbB^+C!=9j)*rR9GMf*HwAj!0&ucNC$F=|&(e5N4DWqJd-jc#1$HH}q#qDycb7
zOJV-+%BO~R(yVLBg}d@3j_1Vs-_Oe#^EqP1;$HkRpU;RFR~738+Y6qdWay+6lrd&l
zf{Y*AYjZA7Zpt0d7nH44WpAKU+<tAmIIF_1gEej;U3aGaJBbA>qH?FNojVC?Sh|Jg
zsB_Ln+$!xxrX(uefiJk^x(>{4=BsTrJ4RGykIztR&wi!ZS&SpU<%?-%?`a?{y5lc~
zaTukK9eZfJIDz<CXR$<7jtrmB90z#w#uGw)kePR{+{3a%x#*n9J4*QeEr=6)@(3%5
z_wWUaR*<SYR)ew@U9IG}bsXzO7^~t0{Artns1JmquEA=a>})0eTt|u22IlF74_r!x
zCj~~<Z_Oo)@0a=N)xnj*lg>BF7*><|b!h8P1X-t_R^-U!FF_X-2pQ*z6Ie0mspVH^
zDCZCO)`A5It7}ol<*#!}HO*f;M55kdbj-*)Mb;Ft$IefI1D$#oAyTB|EWCy3P2LvI
zLtE2!t(u-nB{5E(=|-m*6CB#|rL`~hz|*3k%H5}V4x-)r>n)GCDRxcFV9|Du7OMRj
zwBKrYe9fb4d3w`ZrL-kLmqwz<dk+G^6O1~K=r6+KQ9CDr6KuBg=YYZ^7!GIfL8lWw
zYSV3Z=$Fu|^<*=>St8kbP6sBm%nczYuDEA}qik*dpwV>t?=^zs_v(GMx+GJpMXiDi
z+V0&!q|s^bVk*jpskyRCEWZBk*W&C2zGGx!|H-==^gW3;n?s0?r!$mEdjp07U6j!`
z)^a?RUh(nz$-UftwwKkViWZx|i@gT~kufW5XX3)@zZ5HaGhBNV`X)o$#4cM~d#AS3
zTSRvdM!v1sANPLl+zn3VuA@SMumYjx&Nly$L%_i>uYgyM0d8C*P;~`Hj?MGVr48nC
zn{y8F!vJ$v|1)<Yng&8G7L5y#dq(*`Ojk7(>@aGg{hPB+&BV7x+DlC#=fMI^%Z_>8
z=JT1oEpJj&x1>``+({_j(PkIz9}?iKk}|xrC-_zPZj`z^vnza!&a9&^?Mu=Vnm#wU
zOl1r=H0B%DcuE_y=4UkMIw)55u4DJ3$_*x&-_Hr1*DkK>H^QvX(N@*dN?saOfYz22
zSFwhFA$4s7Y3i`TaBEdq%0xZ6{>hg(X5db?PAA(RdR$ktbXYzu%HS$?WsIf(9Dn+t
zi$XnTQZsMQ@5|LSi7_9Pbl-1%a<Abf9~#B}b1pJLzCR&^`llk3f!0k#%ZxMcRc=pq
z;#2Chk_m!f*Eu1Vw)gQ@D?60T(y4f?bu#szh+5=M9NnEXo7eFf&h}1>=a6z=O4X>E
zqqXh<@|jnK$hpoyt3h&>aWm{cEhCwCDYB1VbE|KADcE{C*tH41kekdqCNY8zgVk2!
z2~a+lB(i6?wxY5tKb6cndHAAQ9$-N=js^p8a7e#7f5oCw44Mc8zSKNEGK3;#rj}lv
zz&Uc`I_b`z1IeQXi<zO$CZE0tbM7Df1}%dpF348ysig1L#R7v>%=YsKK$khg3UKWe
ztz=9u=6yKC5SSgATgqYZ+~<zsz?>DXIiikVf0>i&8<1?B*F48`l@LunZ&|MwAuGAk
zq->jV;AGzNHG|GnT$ES8ELy?kw4$M`W7|>`=Hd7B3|iQIx_p>pY75q`)|=EG7-T@)
zi1sx9fHR74zhQ&~8j`A5pYITup(Pk03oR%3Vm|JR3wnI!`$-{S4fqn{)yvVq8FvS;
zBnQoz{WcmI$5Ibe%oHd1uvbB|1JCLi$p~G?q`T`)4Zd4%m3sQJ9#(+Tu4LY2g0|y6
zvb++{J2&^WQ9HV=ool+1igI$%NZDMx$dQj;fD7%j9}25jdsxeMb{Ucf%wIkhHS*vO
zgjxDr72S=bu5Uvm+e{DB()hr@8AM;kEAUoI-@L^9@|@_L7WOX}QS-5+T$tSlOoK4l
zR$hqLC)Dg>A5G^Mf%z?L<uh98nFwlcfMyfoUCZQBU@x^fCp^JDqbP-MJ!qlVt~fZN
zM82I$!vmfF%rr+NZUFs;<`ZG!Mu(;)8hWcLqxt#4PN<#X9-_M^2dOY88$#3a?^ceg
zng4wzUxLD=;@!akJm<sY#46>#urLvW<3Au2L{P$9h#5`OJ<u|-!ze7V(8T6(sDbke
zoE-O~hy0Jm2?fto0XcQ^m`X?ic~YA9FdSxoGlb|6w}Q`j`g@7O?ryuwM!ccj0)i-p
z7*6pytte+8#}pKsFsYAeeP$Dq&651+SDBzW7d!0>rfO0(p;l-V1)rfk*L$;<f8#+K
zIR)Z#JzpGp=U)Cu@cWd(9RZmppZ6NCB7y8zJQ>!W>uaZus0-v`*Bi-r)cFzAV*9Nd
z$B<)ErYf7yW-@72A5`$?DJs*zA~fRXN$+J0vc5^It*@m04eU^1k2>MBL5nT>7Aq9I
zl5wpJ-cYuP>Ex;Fc3-x0$Oz;vp{R+Mrc*Wei>i#Hd8uyRs25ti+d6{4Q^tamNS~SF
z=6Q3J-T>EN(icDpnqCINoIZ@mdi6J8keda%?^Gk)-2?W>8p(EZwarAfu3$A*wVFcK
zVDtU?vlHi+!Y?fmQkEz3cT9fJ2{%7DY%CZW<k5VopH8}YRU@v@oY+E$XnoQx(Z8u2
zPQ|p3YngMOw|I6d%RBIqO0;6Nzpc%-C)6zW1Q~p+byz+Mn3PRG?5=r{nq>o6-jWY;
zpZd2sD4Zpy%?q7yc2a3!?W)_sJEi!#ZuqeF#vgsqi|yEMFGZoLzmz|5^?hE-H+3V&
z&hEL6<1>VxEB(5B0Q*PLc%vv_n`^o}Hn#P(#!iPuTWzX902Gcv)0+A&_aS~=j0=;D
zFP&MM6@A=Eosd#3ptX0*JiiXH&j=R<1fLktv$sv@&zFX04P@J0$Tt_&xn6!%Ml;Fj
zgk`NSu8=V^>((furigMRgE=64S<lqbcY5fipRYQg<Hj16K8%ax(-WWN8sRI)S_q9#
zuU$FfH+iyj=d%bSmsu=fe9k-89bq=D3uEYCgi|4Ye|=*DFU?5^?QedGeXQF`Sz&zI
zDbQ=Or219|kSZ<`O*K7ZXr;B-QMq=j)RK))5Q5xx*E>yr%(8A+S#xUp7|{v57#UF>
zJ{D6hK6>G?n_|IkC0Va4=1dVjGs$B)tgv;vf0{B3GIm;p4=a<N7VJ>XtWQb%#kAda
zteN=u*S8x*cRiaoKApi!Uf~$N!R#T~^BZ?&^(@J@!`sOgP|<3!Xv`XAO%iQ9#<_VT
z#n$q9Q<sR;@M2=ugs5z-;s&9UcDc883HPD?(Yajl0RucB5qyY%X^_`(UBYPXLK%C;
zjb6D-XFscNfyB(F<@;%g(>JxFl6`7MRuI`0Qgfe^o7bqB<u9KRKcr)0(xVMgCV~c$
z#PfZ;?x?{&N1fd9W---`TMLlRO%sS@voF=644VNXT&O!NDlA;&m3iT?8@HpOHhO9L
zCSygZgxTO*IClC1{9v0h06f)6CSS7=8IpQBx@84^<J7m9?4PuQx)jv+xK0<}Za)5(
z%8#m$HEXQv`K@+V51;Y^$Lg~v=<y~|ev&8VXWN6qf1TWS8f-LJXra~NpbUEWjGCEV
z-SZsdNuG8Ac_U+{;e|2F)GD7{!I&$M^rZEvcL?k~i2!dd);-tU9H4@4rt2N{A8ETJ
z@E1-iyicnvxsK&lL;Y)qYO836byR!Z>keLF+~$}p#}e>>91g=LJ-2$ry;i342jQrZ
zVVe~u#Z<hAV|24=onZ9-r#|zhQ0B;iE8|M_H>1uCxcb)F$exRc@vBENRqZi`u09*|
z%v@u;(@|hDWsmai*^wDh#j6<d2dfz+{yrRl^^mBht@1O1&3g!a(hxLnI+d{SWo($1
z=VY%)9spM}<2>HUrSN<!{bc1o!-dXP4%!~+_y`JZdLc)Np7RW6xEaEbmqaz{aM1!h
zbb)fY78RKXs&F5d)7^c&s-&*f<=s-pK+A;PRjhq##HWMloP|CaC9-V}c1yt9oeZBf
zhiRKvxC!7(9TJD|%uICJnIe8zWR6};+w#a~UMjyOYq`a4?dB1X+*Sr@DSG+JurOVz
zaFC=FMCM=0=%CNI24I;7=6|+S99^HR4u1PBNa%f8?IV+k;4Lb(x2f<n0;6}^f#p5O
z%H<yw$tSsDeND^5L0w_8s#BCOgT9+hWvMTR7qnN);-EFlM@23`V7kKLyVzs9KFN94
zH>oIY|H~T~dhL$q5W{=LBmMw7d&v$B>N%<eI^No-!<OL`6xi>U-s4)#UfeJEDhA$%
z6i+cQT7aCS;N-1*uWrpo5wp9PWczM-i2+eXs59S11xd0^*NXw3+!AB$ovm<_*gtHn
zN=1auh}TUl`JEb$YgU-fxQVh43V`#5jrgvKqax=?9elPcZn>iwm<ET3vE-yB!TO9(
zeU+?iXDqH1$~s=^gMf)nR5MY@dNB0w3F-fQWtCa?8~44&GeDay!XGu0p^6yF>E+dQ
z2bbYf4X-iT`$myz1w|C~^R6j1=DsPDpAs3L4~#Ry|56P7r?!=#z%f)*9ra38@ij;T
zjS>vur0X=8en&-Dj1s%#tRx+T;W4O-f__t@8Kk<_O^7GTH^a58WG2&sg;LU42EG-d
zgC5N+K7v!YWiUB|`Vw<tJMSSh=FWQw*Sbo9Jb&LOytMJ|w%zf?lV)VnI@lKliP6oe
zJ-k%OrS8<=Ow`!nUyTQDI!MLwO@pic26}jmaJ4|z07G<IwXPiLJ>%Iv!QU)e<+j(A
zqv0B~H#47O`mc2Ou4-Xry2x=A9;Z~qy@0NbDb~gOS`zIjK$2n$mlF;|b{uMQr%eaU
zYF0&f5N3j9eNfWN798;CP)7e_2i565oKz>Yo%B0_-&xG!$=CFuf}iT&BdcDAO5(1K
z!OwLCcGk`xFoUNYCiTlI^jR`}AL`mW*RUXoRTL!jux?WGkWIB0jGh;Ca$uF~Aa-Ui
zhPP>Mb@4Km6qD+NZk@@cb*jbTfu|{srqkIIDv^8NknZe?J)T(Qx^>F%3;!S)L*M#j
zJ3dGflApc$7AD+57L$NOwpdp)sEZn!DVm^-NgvSa;3>ZO3y3+dn%U<xS90tf?C#0w
zG{<$4(DiF+$j@6L;rKg*5OdO?=v&>Xhi$u5%up<dwEOF#<y`1AHl~A}6Bvba(j|*-
zUn|8bHZ`ygbh7MkjMEb*zX#)ZmFB>HD_qv}&DX;zOkefS%g@qv{*x({{*BpIo`lvo
zcS2X3+R@{hyvbbV^`-|R-@4_Lsq-@Cafnmw>qhvN$<PkhxWL^u2<?(^ogBULD+hoc
zh2gXEFEgcgMz*VzMH$7L2~SRUlM2}QtB!9m^{~dI6#}e6ef8Bg7M4ef$ueNd!SD(A
zE%@G|AX<|1<D=~pc&_ijtN|gJq`9*KKiXPYCVi9ENo{C$@0mD7f}5SFMHsyjyho5h
z&wF)L6j1D%G;0@=t>bP_R<}%^aW6%%C?|=pPF%RR+#$=v(jl!TjY>2Bq@+LyGurMd
zm&DbNsA^-%@x|lY4!Sv@)8;JfxEm8SvvTK$kV?Dr8yxuyawi89htJqr&bK)ydvuYJ
zBs=*xutKzoG|v}urX1tFdea_KAYNZs_`yY$w%Mc2E|+e?>@9fkTC6BnzcKN87O8gV
zgP&i8ot}TGIy5h;eRFD#UN+h5ZInA<vUDk<ybPf|Xl_&YL}X93J9xOZHs9bnGguwE
zz_uIqt4uGWr?i#Nos&GU#&0BDVKKAnA2dF&Rh?ow@`-(U5H9t1ofFMX$%#ENu6AK0
zuV8~epK{*I@vL!kH#Ihv`<A$$@gN{tztL6uQEX~=>wOTRN-Qjw3qOAzBXkBTmO2<a
z`OqHi6m{8*hWUM&a^Ec{wJ8x*=K?5YteI4}d2!{@?Ae<sr8f}p)7QRUDVGOwnH%vu
zXptiou(wpxKm&GsiR=RYDjleW622;V`)(nco7?;U>Wd4on{hK0Z_5PB0qd6<hr_va
zvAks1n2?ccQ!AMk9xyaj><SH>DF+5z6cp3BnP(@Tli$bxY0LhB9A@B&okR7C$PnPt
zu|9#_^lveEwf*og8q(G)&Zp0EWw*_Gf8m2dQoyD_*$>R8=AePa_l>F0mGR?W5!9!V
zwcXX)8K{J9sJMkYdySrP5^zK@sY_|$+Y)MIY?!S?f$x>dJ_wi!iWp<2@Wtx~9*0(s
zz5VrfIZr!Q!pwa;c0AQ$IzFBiz=WZw`5ovRh$zCd-b*Z|h@4wCinylz7|o4L<|_|R
z6}qh$zGD=7C#`H&NQy3&tYcojhGOfl>Lb=6Fo$v^7H&R9z{qK9Dm49x2Gwm@yn_jV
z324ZEI`@8&3O#j7$^(uEUhPg-fSVsU+|-x1Ucn+hP?7cZDCT|1UjnvXNL$&X08fst
zy9gg`o3xGzTTD(y|5!oUEODNi=@L(}F6_<`Oq;#NMVec9XXQFs1oQEqM)BkTDpz*m
z%Q$o?RRwHNS)t`8=W4p$?atZ?=QAm$k)hcZ-Ag`Kku4``&nfJzDDpis$<mB;F|(T8
zC}Or+su8xU9cn^mD3*fmonp<hkYA0&l$y~X{UMtzdQyi_A<+>mFHMsz|FSEu(sYd*
ze_1l`h*D*B<AXj90N+%7fs58&uM=_2@(2-gD?0v+#B$|kn73@e9?*6RTl^F>gLL3S
zD(THP5are?pe=qINIRrQ;T+uy(5ibgX{mGmTo!reAO!W~?;^m*LD}pX4V&Spu{vhf
zw*X10Xf+kt5`N*2b@Z=Lh{Y#Dbf=Y81okjjjL93q&9bN=T97e=!<e-)fV%J1{4{87
zSf}_ba=k}6hL<Ws;7*|4A3DX`0#B)J9z^X6k{#0(%$@mMg$e?fAwUVpU6e~wKEg3D
zltv+7k(U_c5>DjY??O!&poOKs**RoGiQ@k)ME~nyKaI&UI6w<__(OgHJqvCUppbIR
z*ed5gAEc8)+IP~$#2Tz}-zBmLPG*}^ks%MEMKj8Il7DYong4g)`XevhiF)D9LJ*Mh
zz3`YS$^2oY3VZevi@S)%e3aM&Ll~Yx&6JZgVGPm=^`eSCZt2Qo$tsz6+`rxzm7`v&
z(SlYQ2)R~DgY(Yxft~{@RlCj1Fdi%FbDiLimiEd2s?Tke+tpFWHplH99?S~V_bEf$
zHSx<|>JDAcL3in4kec->x4=nbdE$W&?J8O`g{a=ORt$2dTBMS{I8x}dM+A+sepXD8
zn`No^y<=QyBi?E{m=#ur`qYF8HBNi)gi7Qy-Or|=+(g#6Igx7AMZD94mHyh5&-P4I
zQHv%IDzkh4;a-(CK~gJ6|FmsjsNm_XRVpP@qcJ=1baA%?sY6i$veV<|?mAm(Hb=9P
zXsWUH==S-T5Q}o~Wm-K*#jXbq8a+8{hOo1kd~8%7TK5qD|JXY7u%z<;?H^VVw}XNU
znF1~$nJbp56|1=i3g(_`xm2TNPTLgVhNz{cEmn5KG$gGwO|zP`q|`Pvv9it78gs^`
z&8C`ao-^O)_w3L41M#|0;gXBbd%5rX1;uR<6TLlofJ5skdw#!#o!TLe?LE|?w(8u@
zs`>|L7MpkHr<zyE)1QiE=TB78o)1vCGWj`}0r+iL6qw8HAm9IsyVjDhuF65MjiAI*
zk3+O@`1L^jUM=zq)yR1Hm0{vLmX}~%Nj1kl<)=r8d)c`}H}^gs)VyaEk+^)xUV9iu
zD2QWsp2>yTL!HBPKu<khm#)^Rp@x5eYb@2ibj7nnW9vQ%q5K$gUN|t|MSX;<`R-%T
zYa`_wB-BEX&8xRO7+L)1<8PU&22(D*$NNAkA2?txV%V;!l1bk09?rg+UCisNHLQ>g
ze8C80$<k`Tqfysum^eC+1_Vm+CF8!kqVIHP$_{;P1=PtSMlM96*vh|66zipuAYipv
z_>DpYT!#rH@qd@sgVKd-6b&JFPQ8)u9`*<NdjQj$eb}?0H!TrUEr6NvsTN8DD?PqK
zbNKoXST4IepiQZOmhr@M`^JQcIY4GZc&GD6tip?!pPoi89XIBcXjP->#*O374WaHk
zY`tn~>X%zfYw4px$+=3#GV)Dx+M@l$Wide4sn<K{t-<_PF3N$11rPf&Rp+0wa>n%#
z%4LVOH%F{{Pmz|``*Mwp)`>FeOOo%GTqTjhoDs|J%Q6RA$Kz1Jj&(nZGeF+qoDW=Z
z%6MKvs$m@a#UtSZ&&^wA>^w<{HdBE96ovhoXBU%ME3O$WBw!a7OV$RZNu6=WIqAnQ
zTkEXCZlVcdaovN1)eP&vd0a=s$^m}vgqmu!8O*mQn15h<kVn<>+i@&jP*^qFm@qyx
zM7^<+UQ$8XGb8U8YBwxNPbZB<P<~@E#PTEhsKvUd8sMPm=!9BSWjX5T**u=4R*Mqj
zD+wjWOSXld&Whj#l^=>ZPK^{48>#92OOJ_p)SC;1hWW<kGpYmogp-h`Tq5%vd?!Xa
zjEe~Jp$K4kg`{^mQN$r{l#a(sU=m;Ivsn~qP_y<aE@kOwnvpX%9!<s%qvx`piVd!Y
z!M$VgPcUlp@uKguO2akpPs4zPOJo7fZYA$2sw3g9kFp`AD-_$Xn_zrDSd30g4OgpJ
z-d6;;H<~|FQRNzZ4^>mTfSVI4qKF1eXY|M`48PE*`E)(=MM27jU~&N#-No+1MtPDA
za>V{y9=sI-MjU80Pn7k1T9((B%Ji;C7=snVv`%^^_^c@jRZA|zh6zP*#YzQZAvP}a
z(KW!PsYm7xaal&{eCO%kzY|WXT<wL3W8PH^MOpCA>n4cIxy)fB&I(WGqI#45YSF;z
zTRfz7el&;LuNe6*^74&p$FcV~3I)<9H>*&l>w}8w`z8G&diL@D?})DyZdV$$EQ4ih
z*(M`@2?di@Hy81B-fgA5@Yn$sCsRVvSbmMmg6}Z2=@bnDH>aV!B_if$C?A}l%_8g<
zbc(`H<`1G<zCf+XI|>NpD{-FR5(<gVPkZmG8W~B5@&Y1wC3inllsK0ZE_Iv5^Ez7w
z7NxIWD$we*95P8{O%Qnf4o48q<I-~|?#*0bxwC>0&ykD|1Lw;_krkW;HCo>oKVfdt
z&PQnXm^}jkGNy+HX_|+P&}-N_bP_x^JQj+V++gnupdjQrxDp<dtL|c(h)6s(><Nc}
z13v6Whuc*505=e(1L>=q%YReK2v7e3h6YY=8EvOthpU}z1>5Lk4~|Xw+4QBGNo6~o
zm(B97E%3rig-g{qcfBH2kLM63U>YXvc2lI%FO;}~@TkrTe^RFw>pb~Qpj~d5xW7uw
zN$DQjCp&6D@!HP^_Rq-3-e=KpXIKUYw}dGYKoi|7c^MtXd`ab-YpD?+oocQ_5()Jc
zOEmuqWVc8)tZFQs^570pW>Y440Oy~>#!2`r`#&y*L;|w;MEfo@pQVI*V<jDjRW)i?
zvsAT|0_<kBYTYb+@QtzdhN!3ndSmTC={xv9gf9WegB#}m=K|p77ls02DwYcoND!nA
z*e9s4>t{^gOFl4JI8*5z%)v>?TWP8RN3RcooLR)QD6imSSU9{)+J_W?WHAN^Lh5PI
z#8d>&d;p773ag2c0{5Re(4?xGR73O`_0TUlAzS>QTw-Q0toiNC;X|4~NXcCRR|pl!
zHyEU%Gmc%fM5XxBo=#D~o-H$U(@7PqIF|sJGgLy3IllS^J5xML_YUw;(^0SU90wd~
zOeS76`B3M>zn>X^gM#UNIQGK{XXQyuV_jY@peGlLg&QuO^=BEeN<^qMKBAc}2P(G^
z))JBzB?L9bNOHvnJ5=gD2X!@a??gd3%EUvhm*Dyx^uQY3)3_-<SIvp|ROo%8>gte_
zQVu-I9v1ZPJf&`Au@_#6$2K;?C49ILhL7=~TACr3h%-{PD?9QzLW|D!DV`U5YcCDh
z`)Nq=pmR?^elY$h)LmqcVy-nkT%L+%NIdj{dXx(9#$j{Rw+e$UjKJ>uz+!wfA(IxQ
zJTzAeOF0l>>GW)Pjss8bi4UsM16SOr$NUHp0ydZsO7}m&MN`$+!%sYb3R(H;byXCq
z2G&Gfewo0a0HA};eAjj(ArW})1r+e@xgU}%EdK(u67oNAT{KuBhiu+F*AakeZ)ZgV
z7>EvWAmv*XZ6j>#Ls}k4pf`9fF!91<qrMSH`CaeBTL9yyu{`nmoBM6j3xl8Y%>Vcx
z#w=f+ZNIL{nH<Zg76V6wrtB2fVRdZfgDMtsw~joQO@5Z{$nJl(n;5lo%fX*3W}G~p
z0@ehQe9tU?nS$Ku2P;FYwUJx?Jzw0%zr|xbXB#VGY{O~5tHnxn-YqLC#*}<gd|xo<
z{7H?!XQxJxt=d%t=p+RCZI*qy^?O(Vxw!I`d@o@_4Q_eA4YNMqLFn&J#Myq!lvrDx
zhf>OG36bnwwvX5?t21`RmeDLHKbLJvz%#XNnb+{ZK2Ui!V=gJ`XFg!R_71-^f$y(8
z=jwJoMsfe{`kB!TIpuyrP_icZ<D^wux7Ki1Yorfs5ak(`$$nn~YYX@GAJ%W}Dy!|j
zr1C#^)2>wKf2iZr*A$uJVeh#Ou8pEh`i-VT!v})NbI!ez%?+7s0@<;O-k;aq(A>I4
zJa@a2u4XTt#{uc3#T&ar*Q7XGetN(-S3MlCmBtho%nk8FTWUMJtH|4X-0}$vZ-*&r
zJTT9D^Ks|wzF#pqf|vNoyPX!(S#M6Ao>Vs&XhVe#X~*0a8dW)jNHg{^&cBYJYIko}
z+nK-F8+x35uvw2EbOec7rBD^5P=aXS`yd=ovYay5FNESww?IIJj>kcmx=g-6dl$Ey
zz(j|Q<r&@_%=FCkx=j)Sb+bOrf+A0NS+=0ARz2W0LytFz-e8EN2AEyv3n(AeH0!v$
zQ38)u3}@ibo~xl^i|o_Xleg9=pq!yvN5{tC$nQd76C(-L!T!y<q9NodnBk%*Sn49+
zU>C7S#@f_e)*R~OUijRW##D<`Nij-2bK|*{K~hW~R^Yz_K?qm@a{4btBaXqJ)ai#a
zJ?kbDA>dJhpH_?Yt6-PjtRjO`3YFVtg`8(>>p-N0f0`&duBbhJ?oJ?AAnThCF{8Td
zAc?~~0t7H-kt^7*)B2xDMzq(DKQ~rgI+c+b8l*ptYZdnow|plEepxh+E6z%>4aR3G
ze_xIO?p_h*dYk@skI%FFxF-N@_WJb)7PaxRNMt!cTbZ7jcXUKmTWlfS)evyKyK-$8
z#tq2nbMt>MXB$&u4_m|K9%@7|I%gCXGbGEC`vfJ|Yb2;r_=MTuBFV8FQ4(?orSA%H
zN0PB|-^AC}@w{sde0vVJH!S}pO*=Yw5SQsS&$8_JDBQN_Q!dP5s;yGiU$fK>xs<(l
zwYrK1eqOO(LmXh)D|@GuMFq@#>vU`nG#EHj5T?bY?<ZNX796T2d#;;@{Z(5_1Nm(E
zz=4oZ85z7;%>hvz8l-F)>{`w5Rnqx)R=+-go~!(tTs`W2YuQKs{R<0%o5%#~bSt!U
z14<Opd81rxM79>9J>rq?Ou%a27`#hEl#|S}3T-laS`l^NHVI83yyIK-(@^HEbmffZ
zW<OMb&1{$CeC%u~Q2A4?R`Rh9<K_0V0`2(^J#e60^Dik1wcDHbX=q@wmyH8VqbS9u
z+_Yf}K_^QnF5TPDF`TyC_uD@}ZZ=2Hc9OB7%B8Tsa<I~PIHu4d9K9fTt0)}j@-`F7
zC$R4rncx=+aP#idiZb0xyaDAMk41hG<TUP8RRkG+BLq#pB7@xhP4K&>?dBz3U#PzV
z$I4p@$NZ)IbU(eQLC;=?P;F$gGJd0{Bi=0GqX`-!m^7%=$KKNr=Smvms+m`PDL_;y
zRHNyI-=^4ovW~xUS?>2_@*~(y$kW)34M*vwcvRH=*;TO0opp9bITL8M8D|blv(fL>
zG62Uyyphlq<?zQ|4t&aMy;W2b9Hs~IWKSy&ZrmtM=@T&J+i>6uoO!#!Hi97$CP@9S
z3prqm1`NC^f;||I3Pn8F2`XTN3q;|UwX3TJfQOI-u_B0mcZHW47uX|v^rr^7fQMoQ
z!ImW@<3D3_xN`Vc(nX=r3Tx9P68V4bQz#yE_&yx$@E?mSS%Ac3%FtM6$+JTkqC+v7
z^#zKfbodEi)N&U5SR@iniLZdURd8eOS7C*$N2$@v&{$Zvg@&Tx{;M5RkN!c&%F*Yt
zrHBsJEw(s-wc`3b9>@L2XW={@qQ<Ulw|WC-@Lkr80(P26M!C^T7zvpTn|GL9GD?=I
z>|U-hzT{g|4LfQ%0%iIkHK-nCj`_%u9Z2I8{;9!GOGyGmsSjcp_4yqrJCc|#ZP>=6
zCwvna=!8+G-**dy%MbE^F-7UOgli-`Ifor39}^-tdQ8&2EF&@ZbEh`Oc%vNYEB(x{
zEZr^W<h^6>{j!BePTmMdfCvK$cyi|_-HR2_@}DVY&hli(ed&dQ35&DDASEIbCP=PW
zxhFjz>BSC^Id4-#sX4=hR1aFE&j@IZT_%b=;{bj=HKFRtmUpx=Sw>G1np)J0**Ln9
z{dSF*m4c0KG!lNiuP_k&#fuQkR48_+oh{*EwGR!8`!2>Ld(6$s@n0Zi>n{S-a&vlt
zXA}hrhB4~EO6To69LOectl7Q?o*QNr^#gC#x64n>KJXV4ds9wBohhq@2v;07V8=29
z;ye2?-Uz{P2&5hRCMMt5;#|YP_1~c~I%v6tAmu#Sw#xK$iG7d)+FCB?Ogj!T>$Vg`
zrK=SYi#oxWZYIw7<u#e)IWa0M4sU?ICPSozG1Mi7%T<f7kIRcqiZOh{yXYUYE{1eP
z!|Rb5X+P`oAS(}TQzH8YqAQ=suAbgk2xcV1OK`ws#Nny1sfs^0h^QsYf$h~WK@1L*
zUC~RGtPffoTnNt9J?1D4<3h#csU%}1V2SjK1ggf*tA^SVzg4cDhx@!sd*>UC9AINn
zRQRebGRYUvrIDGwsBbt%D&%3)+YQPTVt!=et7?8Yj`A=%EoLr}S~r_{ja=1`6C*lJ
zw(Gd^k-==?B}~;uHgK)HCo}vavxJb}H}jadxZ}B5&Zk*=wF?|CJV*<yqk1*H>;JXK
zKo!`UQp*2xJtMOAy2TcDvAX8$`l988Cr*LF)Wau@2TKbr%EpQuq(LK7(w|OX7|kZ@
z=5ch59GO2aYQ&nPJ1~daDYXP{U*rz%xnsMoo~BLYNLUkvB@aW6Hk}tpuCY5E!WTl;
zNs@;8vT37Nvrx_tp9bIABYKYGcy$V8Ib{b!zPh=>AGrQ&q1WN#?bEB6)hXsTO<B8q
zEW=Nn5)&@vP&f`McE;uU=vx;3{Ak?>6*S?L{k|M)c$=rLO*Jwa21`l>i&X`tq1325
zEz_vZ(|G8{cBP%kym*QKjtuc}|0}a4D%8|<F>eFt0It7AS5v`HYQ2ql6{-TWSY>*Y
zynsh@JxKvy3J;XIx06qX9p)3PQtbCNm#Xg(X^jM6uO8d#sag!Upbzf}u--{=n}f?g
zJFY?uQufy>t+_kuPs-+^ey9vNxSZsty9M_<whxg{S**CzC&VQ`uz(qxwqg4eWi0G`
zF8lc7LwAJaX;zIJ)~>ULxxv_{3AGxP3Qk#Xudg?oR+W8xH3J0W4~K}5zO{U9*o`dw
zR&lQDQ_npDWsv6yh5jSARcx^y47ryO7F9TvLK+><yW34;!6C1<_YWvJ+Q9Cw7^l{2
zdL3snQ;mq=WZ!=947qrLg5Kk~aMR=&{fgxA5Jv*e_3LGo%6+dG(LjazS2h~?H~Ssu
zhj8T`-D(nc<%v+FOTlV%KgV+UtHauy?3=SXwl7mnw&okx@Wuix2pV&0zc==3k4rH)
zy<n(7mE-Uvn=6zKE#{eZEbkZdwb(7`beX3+gW)zkaB9<8H5m+&mjSi3`hMUJFW%V2
zwwGFO0~>=)rsCoDyMM*@nZxPNRA&?}^_tRch1uH4>B*u7WMH_;T^pLl71kMrP%01<
zz8@Umm^4Jl1<of!#e`6SR+eF+OfExY&PdoqmClHpurgfI8(AdM083|Nw)Q5|p&jfB
zs{Dsa{h+NKMs3R65aZ_vVPlP}?-*H1dxMG^c=5!Hlj#yf<IP%GuqIuS+Rn(6u(@F)
zh6-xEncpZlIH{1VAVvI02udvA=CW2Ex;3fDH!okAN%lIErVX^bIxFN@udwkWB3C_5
zpkt-;sYvEqHqQ93RSv|A_dJ6xC-#B`&(ery!O;1L!D@oUhX$FW6w1n0Jg&FcYY?62
z-9an+aTI2}xv2!<$yrS*D&hrZ32djrbgR&Q%7&ed$hb~$%_(@jv2X1UdHOXGb_c3Y
zj9b6+#}I-%qT)@A2*|5)^$nkkSE<pya60YdLai{W2e;0NmM$~@*%5xh3w!A4)`!Lf
zz&;|&Xgopgpp@&Csf>QZ7tmE;EagBdY6TqNH5|BtLdo_Rr$npZLlpY2gY&<>;OX}3
zZdR%NcF<h=ShO2bA@vbkz-P01>W!5r&DLQ!@c_3<#$Snp>Nl%I)|t6{8}GvcBX|?s
z2MlB2F*bbtD-8R;XWU2vkBvYOSv&%~9It>Mghb*pCFJ}njNZSgEJV(WitxMAJvdP2
z#)dcQxg?Yt^Ga?<*$w)9hWOg3b~L48z&TUKF(Cch@3RBhd<Q^?9B|-Zl7|!-Z`nri
z)ySmsWF*7VH3jELiy6}Fe5=<@@K1YQdM`e1kkO`?>;mOyMiz^OA*lpn*B1TltqX<R
ztA9vVp5h7a^1CT`&>&~22nEc+ArWSnLh!VZiHCSud#j|`I?>u}8)G?oHgSl9DN{g9
zNmky3+M-%^-|?~!+7E)zeA3RI=8(`ZCd8;lneAUpv6$N$5yr+gwf2b^R-Yx3+icSj
z$wW3g(9oJMmbbdN$e~qz0Qg55#^@=Dr?>T{0@63}CyFfLbJ9~z5D}5LpW#Z4yhIDg
zW4Gn!u7}YV^AzqF7}~dES~lgP$E4qw*V33+rL(;5(9cRWR9P`swM`6*5NIxbbP%HD
zboz;5KhSHnLHYItN`Wo=O=D8TY<<Hk3EI7s=7c)0LplhI#xd9MX=TeHTxAHD(V%3G
z+$iSp)CSpOhO(PG_M*98EZ8{*P*p@5h+W@9D=~Bu>E*1^@}lOp#)CG=r$ktJiyNJJ
zr#GJGZSeaYpf~TGC~`&L9T6-38s21E29IC73vK?#j&`cx2ODGZWUfJpD81?iK`~#y
zsMArB+(NQ$15lElT;Fu4hjv^K1~m8CxxypfqIDA@<eF?9__69o5-I5+^2rWb%Qr3S
zk=y!-eD+`tm&(#em&Eokw$74>c~g6wSEe&9OWxu!$Fjl|apeTk^&C3Dx8L!U6jkxA
znO<;g`woslbZ3$v(a>0-hZ=a>(<3#Vw|mjY4`1S=E`1D~K<hWY9tLZr2`fP1w7rqQ
zVChN70y8e=pb?XDLhD9ZMN+YiDt}oY@`_oAv8Q>%Tam!lyV)4(db6Du$1QGZRwpkS
zvDR)Ash#{0_e>$!%Aj@@7<Ne}mAxh*;n04WLRrSr&PT*(rr6oU)8%<^k^Y4~8g4=v
z6N=V$%iRLtq;d8&w~<?3-4D`#W_HaBFI@kt+fWqMEwg*=QzAU;--bTOoNNeRCf|x>
z3Y&TtEp#UeQ&<bSwhaom|J~v4e9zX)LU9iHj?)lx<-Bdc*x+eL<|72;K@{JFDL_FL
zO`R*o0Yl|Sdb{i9jZ?214+I+D|HhrHb?S|M?bCGr&Ed(<l4r`dW^1;d*V0)^2X5I)
z^{iljgktz3zA<&G^5cmGH6b2WzDLFLyzasNzdSX;_RWJ8@CpN?<8~Bv4)u84yfi||
zg2&U6m8xyqRvZ}+Pd_r!+lIz3I`4e$5)ICfDAwzXy3LvU2cVS7xw@FU=R=Y`?!zcN
zi}OLAnVz<k(_RLqLrU9!0PJkPzt@=hyz1GhD@VM{E<`;Nb<%@PX4H1>ltGay&L$Mr
zC9sWyTH5=L)B`C{YXs{r;1jH<_IW45xrIP^hmvBDC92ew@>A)U)@CtSN*=AYqP8!8
zImG0zIzZ&7MD3(_E`VgnM%E4VFy7tNN$I%oTrax^VROiyMt!-aR_*@2^(ms;7b@C6
zq4G3;>+io)hd8!s4N*(c<-=5}WCMK~f^~HvP859Qjl$E^>OI?+RSwV8A74{t2od8m
zqSI(3*=2W)>4g#;I^i1VFTc=JxK>!^T_tNX+YHK<y@LeY(ya{X4XDVuk7V^q5-)1t
z!5etXP4?7=mCWN<RZp?$okO$W=&dfQ$ILnJgIT);qttR{F4B<!uS8d3*ti#@NCuGc
zOOT8J)6Oa^#g*HfVrCQtd51i7vjt(poNa8Z>xQ9UL5N_?e?gqX8ijtQ96@5`K^3Sd
zHjE#Dse##JHXaf*(w^Q@fo0WRV|W%LjTNXcxyS+#!rYqQjg=7Uwcj;5UxUPSTWxbo
z?R9o+Bv!@1tz@Q^;68=5aEwFMtLVY~H3kdIHO+_$ZmG><dOGiG{yGh@IcIN`;bHr_
z&^yjTxnG4p_1RzHYX0wDtU395bDfd@$KFIyxWm_vIKv4uotWdueZ+dnl6itI3b!}%
zb}ILA>@~%qy`zx(A{K1jU2jjTdLsy8^Kofz9Gc}*bXlSO5It_{-gFaU!}khY63~fc
zrD%h2y}goEIzFXh;~u(QS}g74cKX6AcR#KS=t;j`MFU2V4BsNUs_)o#YCQ&Gv0mOK
z3W}|_L$#TbOfP{Yze0aI(nZGAgc1cs_5ubKe1v6Zu3J|n3vgK+z}L5wee5C<8VUng
zwTdSc?nPKUV2Jm6UQ7Qa>Mt8X@wvpyYpSryNrV7~P<AK_j3;vFwzs5gMieA1ciKYW
zZlO!apN3gL28oYCXb8ZVly8}L4YwnQjwy>%o(`Us-y$o9iP=kn&{z|?_0<q5=PNX@
zK55OY;_Q>)UOK30e$PhjtHU#}KNX9B>*h?>fr2m8c>}hGfU0%X@K?b=LleBdDIC-x
z<oO#<s2lXMG9lzHC0k@C2G)t-xL*4Ia!Vlqiq{+I2OUCcZ|Q(8-NMR#&P1(ZqDg4j
z$K;g9_NI7_RU1l?aNd)lLeIo~9UA<_Ggf7LbC4AHv4@hO`Jb&l``;Si|GD7vp9nY9
z6%JZB*&YO8613uD0dnGPI}+xMzEdMUu#>brb04TeHYDRfNJJ`5iPR&Zsv*A4TnkmG
zIKYIo57PtG1%OFx1P-^Po5E2pQ{WdffC<@hI1<3*>!d7oY+sOb2z!r#FyV5by^X=}
z4ZrzO0|WK7M`c%rNl)f^f|=6o6D?rZF9PBG4yao;Q*F4YPw1W)Cz>r31bl%SkAE8m
ztUVwnGGrQt(0)DR53BF%;XizqF~64I7_6Vm+N%Uwseo9a>e>~LftGAYW52HR$5YFb
zHx|aN>kL<|ALaooE_;b=?_Zl?@>TM}9<|=O`;=3&Cd0zGs>#=&Te9}B>xcJ?6qE&*
z3QnUe(6T~Q0P!r(LLY654r+M4mlWPowq|yQzIA^U3UIvIt~xkf8Ix(<(@sHa=<+s%
zFwlcP4A@muTHVxi8|4c^PE~VATHobrM#qX8fR*#DgD0fCPGcAHI-sjVt|G2rvmEmE
zN|!xqk)P!({u?^!-a-SiI5I^$<&Qu&IPINe$7@8zbn?`TmlYUTy#5ZN$^yDOhb?Ar
z79vsjsU<wJ3q$GT(mxDRkT(jEhU<9dDI)%&(Qo-s{IJ2VDqtm?kF%Jk!{q3Ak@<dF
z!Tr|lDhN?qg@h1)Oc~0~OQ3V{e>#xXEFTU;9MfdVI*Qt5&#sseDabIn>wDURg#=*A
zCQ``u*sKu?EKM^QKyelXA#DELMrXqqPq#{vU9C!MdZUY{XZtcz7|^&%4cY0mM1&l3
z*;`3Bx%Y{$r&=-ONZ&KI5O3KD)W&-unJ?*90Pw>7j=*crKDqgZA3iw|q^M5=Vr;Pr
zl($47v&0-}89hJY;_k|j(lqjJT_CaKGo`_56On~=8JYp^8rX;g2`lh;#9mjl1?VCz
z?T9Dw!q&n~dR(tk(USgTGzto7Yk4bd{5(7wb)Q-BX?jRp6FZ8!6Lhze49K3X=6f|2
zQQU~p8LZK}^<K@feNQUc>RX{HB@VTlYoGjN9Z;p|G(LZtY`GIRR_heo*-*-lolj%j
zczbO}VE9?}RM}rv_Y?~4^+=SWJfzjoW>X-)(%&#K;8#UfXx`3UYMTXLo0Z4gfq^!!
zO=gj-Dc72WW`@|?9UVq9iEVfIUf*{zSG3{Wezs>+Xh53OXs!0-`llY6TMEmGGlvKJ
zwN|GYb+?a2&7LV42PlWXb3EnTy78dqH-k4eyw(||7B4c5<%rj>@ed<-c+=8zj!4s#
zW4l6cD?J|*XX;g~Ifq+c7>hFIsz+hTQTJ2b20_WWCH&~lD(ZE2p8sKYjc7ryx~2+u
zR9#ZBv93OH8!&Gc>qFta6N8A=RjRU3q$AW+tY{V_TeX2D^|k}^-w&{4X=rH-P0y4o
zf`1CFA%h&dZbteuoP3xkJl+Xelgv6$rlW%UU9mb;ho8FS@l=?+f&4kn9?JPC#HZ<0
z`g&MZO^Ata6#7PedISOomcbq-kNp^SNk@bded#kLPvRX7Zg9=4OV4Dw^NiglKZ?2g
zE?2_I5vOX&d6&|2Cz@4v9r!@K;R8nT#vZ+_a&|k-n*I4RC6)QL93H3@o4(OQ^9GiR
zwr-Igq&3Og>(L7tGlq}4G!X(I@iT;2c^rlmz$<b$iTj3|{<+Kz2jY>`$Hp$ZD+N=2
z8&$=Yb5!$1o1+8&0Yt;b%YMW-k_psC^iOM-(^bz@N9#|ezy7;kb+2;SgaY1UCHV(6
zKaSW;2U3G$MGV8$DV2DadZb{~yKcl|MwT}|xm%zu?q4w+?VJ(8i=b1a4`e0C6|7lB
z0g%SFdi6vc?_Xpg2zws!dSQ5_$);K5@hWByd9YuS><qc*z2cB1DUXT5ZNA%HHLKWj
z^Vx+&3iu_EWf$}aO_7sEhk?oI%uMC1Kof$-0#|t&|ICOxqo`6-6LF~j&+q)IMaZcN
z_F_z}3hFnzcg@TqJYaG+h)W_u5$FuRMeq{Ess{qU!B59L=aq!z$3YmzPRO|4<wymX
zK$o~D$G)}@j3!RkDkUqN;Msy@Cz8D1MCtTczA>boocHo^zm6NOnZwlsu*Z&?xSV!m
z1%I2C&U4$dn}{lHYi}w)HAAOv{>{u-D7*rfPJngkgFX}(x*Q!-VD(-Q=4v-7^hbjJ
z`>Po4a}6DzAuu#uge6`PkZ)+EMC(z3B<eGz>^lXGHFw=2bzxoEL#L8_lx5B|1%QS<
zh#Pl_geO{kC~GZ<yg<E4g*6x4`H{<Auf|+%B;ib6iSXYl!X6}pBZW6ts#GJ-Z=7J_
z95kT&!c#TX3~r_Z^1PTRb6el_MxyoaVB<b^{-H26roI^ho$sY0$v!ZND05MJ^$L|;
z@P4Gq?dMtef5JwYu2Il2t4p|okUd9$fGGjNUoJ2VxFQD2E=7$EV6)#a=qxoNlj3f_
zOeV>kp&%Y1I$lX#893iGBBJyW3cL#^DN+%1kHr7&jK>*DZhU0xqm*>37lbIuO(m+R
z8gA9A4Ze{KI)}sCGkC^yx)IM5ZplGP?4%4#_X91@E1t5A2mxXP4~9ziUv_5Xf2Qv$
z+J7eT|Hlm-Muzjy`YaqUBasP_xGX4`LZ&Q)VFqXlWh;v{DY<h8@e)bIDWMq)R)-FO
z`Yxa~Vqnkg7FH<)H;uMReG4@bXov>FVT7nG23#4i<OLd2MhOoE0~$vKzvr<r8&r{t
zAC>P~gZa0&chB1@Oi+(8u4{Pq{2gaee4$G6PQ)GAG>B*-;iq4{l`9+Z$eip^xk&gA
zFi)v58^-LNHjD@J>I#LiW!bDm6#fx<RWRZ!LlKxbAf5AS-FXswuuV;d?wR2X*)B<#
z9TNoLmyp$7e9fO>_-fgNr*;c(?SP&+o4ZaU0*r`c=mKw*90PzX$I#CVAQ*W)3`ZZ<
z@h9OF%9Fz)OJBJYqORe)SkE4rk!$hgXTPVzhHTq4l-U|?$@g^GR2Z%%sRE6iQJWJ2
z_oO?Wwow^cU9EI!Ar`N1G^JgZIR)@~txyd$e3Zqmw`|st@5G?<Pd-?P0fgrRm?<+-
zw1Ed$=XE9%5S5AXEzOFD=W`bd1XJenItKLPNas%IBKT*El7DDBPY`tulsLN3OGJPr
zns{|<UAkhC<1!Xnw7pu-IB@oxkhuEP=K{mTh2Hg|9fg9eF$+bA$0O2;gc0{FbZDgW
zm|zLLRH=OCDkfwd>O+^-5qLy6iLSHK!uHd*ToH88eyCb)^(6GNKoGSYf)l$!tga^D
zjr8i91=M4?d;~I-E`UEFmu!)wo4o&C8QDbt>2D|5K;uT)!8bnH9CWOPFSJ_CBYKGd
z`){CN^rs;D!?vB2`iG@a6a*1AJoLJ~;{zpTN>%4V4f19E8K^PeVpiRX!#2f(9@e2m
z%JqwXZc#N#lgLEiP0p>uEW^?AZK?i^bu%Sp2ippObyh|1b1lHtbO#ZZ7WWLSw>j8!
zg<#Qn(jv(u*T`0-!vNae7D(@lbc-BO3ef2?X%-)}B=>14TfYjj2#4OaS}FlxLX1&4
zwx)^=ZE5g-&iL`ZOy+&R{azSD)Q(JLGfaLMXxkO%UbeY0@^EfdLy)^8KU5PLQ=UR<
zl-+3!7^5EZwAm(X%>woJ;l0S3wuPOGUJJXmefKtnnny0%N15FFM0BQVstNdcC$Erv
z;&jx+=Q<y!lQ-UKZZ2d-cQ$*m3@w-Le-|3})A^BCmtF5{h|&Ck_SKl4W+mTV+`oIY
zb>Iq=jYMXyS(oMwW~I-TN97p|*letgvi8ky(-TL-Es5W=64RF+{fH-qf*h{92OLzY
zZi#TutJ)hc1Sfq@EJKO?J#K#fwz2kLQ`FbVO^n8}V>v%~%U_*oSaB{mtU$SFlm1b4
z&4F?jp_y^Ac^uI)Q`YV-Unq_#@cwv@80c=PSZ1TY*trsYf1kQBM9Q@BBNcM`O`no(
zED33&CH<;z5bg6&eaF~-_Z#)1lc9y)Iby3h%Zs0%n%3XAsWOiVvfi699Cb%^I}S$b
zOdt}Sa@mqreo)J)O$9k@ocY&KtybFdO~5hoix$k0m_3e-M_-Cr$%w7U7J2#WB->Lg
z>TU9gd6B<)D^_mg$x>z#TGS0p?NcM)V2yS(B{)L^&fSo3n)0m_6ma1ifq`$#jNJXO
zx=Dhtwlcyxf5qnZ57&0$<=1fEVIi9Rz^f7n)i|7+{11Q*<(A4u7UOHJxtF$Y;f9SD
zc%hi1(P%sKt-)x#$x?Rg=mUK1@%pCsaA({*eEbybsis`g!hO5v5-);UX&AMm>Tr6_
z#$R`9x$-Mc!$y|YB|lcnni|ZP4EP`jDqA8m>+%z20kB5l*pR%s&wU%N8x^fHvMR+{
zh_~SkZzKqr6z?zT1>ABKVVkkDCAIk=rS8Q5qo;Uwnb9wz{^E2$m(rH&2SQ-OaQc<|
zMjXU}JMO~c6BpYLXR=M$%I<|w^gxd+?`!M;-7z#S^~Yd&kQ+ALNf#0AJq=UD{}Or`
z)xvs_rZxKnmPd8&iL9UDHg?r}t{~+fU|hSEZ(ld=6@j)a!hWUq9KUb{^;uP0cD+0H
zmEw5!NBGR{{yq<vC+DUD_@mU{9jB_CDo_@w*Q}ED=guh$S}LCg>BQmorg3<>ogNSi
z>!WuZMMo6FsB-k7W?hJ=*xuI?haz}Cgw+nnkww!AS=O+-|Hp1vHE8dR7&UW_a$k8s
z6wR@Gd>JZOO}nn3UmNA&n6}{xz=Q}&ep%x~tv5RGaBZ#PcKrCvsdR@kMaR<N9F}ga
zayB@Jfq%GPCWJwxGY+2v_+-mrpxEeZ8oKK+-^EMErcm-~xh4vihQOUL?+>PzU5e!U
z#+_>fM~Qo7jOAW4-~s|tijePX4Dqs?SE@l1H^}NJJi%vB9VR~tg^j5DL0cvzIyuh%
zAlCR8VYOzkb7c^)zBV4w_BO;c`VsN$AkqpbGSj(*)WV6fpe;uX79(z}Fwc45rFWUi
zG9MM%AVSRU9n^H_(6k#}X~d$vBxF`9DA7Y>9YY1)<i}MER!%15W>Xo4qY`el61XW_
zMTY7J0(qhY#2HVjVfQ~JT^`?0S4|YR12;|M8?~drH+amwDy9IqLu^NEe!4f8(0dsV
z_h^5oGeg1s!F#Fnrgd*f4fV+Dt|dJEgLsD3*Pl3&=v$U7^zzJ{i>x0!TU|9`f}@X8
zGm4Vs{_u#JK=cs&#{>?~`*A%;fW_9Q<n-X*?Akv=$uX7);4?o#ZozhuWZ@RQ&*6z*
z@buX>*Oj<{{H(2f^7eREojSkn(E+6-c=9h1N7sXoRZEftg8x1`AfhpB*8gXe@SiyX
ztodUVfH>CqCz;X#SO#xQXTSkt2(8NijwCQ~U{!t>7zsqC(HQnh27ZoFa%}*-E0Mlq
zO~@eRjPV%TS^AE>5h_x^ct3>OUlXd1WSP}Q4*l)qOvzac2}qtj{it}<Xh8X=P3A)w
zV4%r3Shz^-5LN%47t=<<Ls=i#S=B_&I}xd|0Bsm(Wtzwkm=G{{<Ost7)Affu`m5S$
zJ*<Sl;R?>}5)=1z@_ZOh<n0vS51{Oz73wDi#m-TLINbbw1i!LbqPFy1+QCt|B?OVU
z*6|{`H_`k)z3|u;kv@$KQmkB0Gw44nXiFX;-{}a!zaG;`Ow^r9yuGc99LY0IryE*Z
zhz$e$M2r%=vJC}C31lt*qQ<)KEd5pP>H|R;x0EWvwCsokPesdUeNptpxIGHx)O@zE
zw&Pe2q&#UkC}J6j#c;!|r6CH;deKDSF13cAj2>&Ouw1rjb_eDDN(xztDNCrYv2b|>
zQ)ukh8oR1t!`))26^60f;0yytX}0ed)iO#}5&4y0+bQD|gR89E9=tu$S=QnG?v)%2
zn3OM1WKBTB$U<OrfkKHc)|-ce%CZ8hO(L#ziiw6rtIfFfZ&|>2u0X)wyT72FHi-~2
zq?L%_+@h_6B<{yADsvN-bT(t<>3Z{hPi=Wot((BuLPUX=7iTfEE|W3fS0R{kdAwE$
zn52>7)*Yj%_D(qtnCG>E;apq$XzYHSh_qk#ZCfb2m7myR8GKZtXnhj9PFCDDYgDNk
zj%FY3JUuC^%!GXk!0$_^YxBt^Jt}7BX9{Gt2<nlbij}08v9q!kiCM1>QF3f&9i5J}
z3Cv}ekTHDbn}zX!<juEHlH4vjS<ct9$GXvHC8kpiD#c<)f=HhSB$0aTSnhju1eOP7
za?eSkZ{&rD7@>cEcr-uZiF^_k?;$ZUE7RNR<=JbTbn82bEVCe08-z>DRKjz8muHN~
zMor?HKg^eG-qn**I?b~Vku_#Uo-+;;U5`;c``WqBIYtrL-IIu2p8Y-OZdYsa0@K_g
zq3W6UQq+PKqgneKq9$1Lk*(@mak1X1Pfwj44BZ@;p7>^OO)+t_roQCw#G}R0nSXbV
zPy8HS=%sG3Sh8Q&Tu~#Em}Hw&773H~J>23Uy`lKs%M#oL32S_c%|6}Snsr}Ud;1d{
z?tB|hi?WWBr{t}TerYv$X_s`zd+{%3&hQ%UvdrU%WKE9j&6%bw`@I*=v;+-)J+@qY
zBA`rP);rQE`naL}ski-_^-;#`tmv^QMPy4!^Wy^n1#8yF;NC`BcY(#F`qk^B1~DC9
z)OVZM*TK2T7O!J%7bT~i4*En6oma6P?ugfLoi~R@2&({xrrT<&Mc((Z3h##_jg??A
z^;=C4ke*0P13nJGJ8#$5H}8o2+s?>~H--{G*<DJ3K&FROdvGI9O{>5}C2PtZHgylA
zMc9jLuoU?;Jb`{|2<6>4%R|2T#PiK%QGO3#`$k=;B8B<}=Wx05^~;8h{AqeC)urQ_
zvK2dNnR(L!-+)f4U~c3P+jmPVK0WVX13J{$;WI5`JaE0DFx0>91&{7lcV9?f*z}iZ
zbdDnEpcR`Mq^!9Q9Y2F3-d7;{pKasa@5rZT<~<H#=$XZs)as9KitS0fa<aIce7r19
zU3<LoX`=<ZWc`fL%kt{Cnuv23$DR{I{hQCo8@MML(cVW(bZ*1tNL8`ft}X>L?~-2+
z`ACY2H+stylVQ?lE|B~Kkj$w!T_4rJd8;;Ku%z&w&LZN%-j{*_?uGrkw(!{{zvrGC
zog0z_?kg!eesS--s<e6BH!c^J{ZXZttK<FU2Ur7+QB{s=(<XL)ZG1$8^X5@qNK~<f
zbNZ$}BV&6DulAzz<CchEMt%QZxyi~!85=xGRehJrH_x2Ps4p}VOe#-pN+xXcO@r42
zll;~@7GV!xY;zm+exf&7bZTP=P+CuT=OnWh2`1B@(KD?Ry!fL@G1bQRDZ}uC4*f#4
z@V7hsS(V9zmoCRIGQ~!|X-6!=w8NbGmI}-AJq)!w?O>|$h$tRMZU0GE!Ev}O@W9&O
zoyq>i8n}3Dya<)M%+jB~Y1LX@f(`En4>wlk&N*_5>QOPn#N<I482x9M3T@tKHHs?N
zZxwFCEt{5b1K;yGWUK<q`Z*GmKl0w$0p%Sh#{0w6Yee&pY0YTzyPXsX_x@@=*1jAw
zM0Quzpea52AC&YPMMz1GJytO4Q_H9~OfM=n`{};Wh%<3dY;Kg}I6!Ud>O-8Gx`Vp#
zya|>hpbiQ~ljq*?BfHr!$rQJ)tC$#G|7R|e496VPqDIt=)c$iS4(3EjJ>BpXN#k$7
z;-g^kQaZ5Xn#|ky6CXGuci=u{O`_iMx&Hw49W%0bFcK=|^{GK%_$*A0eA`3U{02v|
z)>78Va4-KZMAC16ekew0{G!>GyqhHU-74r{qJm&+oKBTIqt|bp-NB~L?Ai!Pyn?+h
zDw_{le1UmWKlR}%<|ZI3S02`79Lg67m{-LpNl*O-fi>mafLy_a@a>X?-TzZs-~mI9
z&3ItC?7aLq2;%iL2z0j8SP{Arbfuerf%fOI;pC27LE8x#!O&JGaA?Lk<)z#S1&7b5
z&d@U<(*Ycq_Fwx2_~ifpR0VL&01I|$QsjU+?4y^aBI$g=N;uQ4_9>vld=J76SZj@T
zKzdy~L}LZ4LYT@{1bYn|2e>l9NKj-dHxf=rK-X!hBgY^p8Z{y1A$Y(HRY1ZQqCO54
zCJ$gHo+3|mY{?b5C0(i_xNrE^>|XlJq5&R1pl!t`8<U`5_Uvg!>{)a^3zYk*!Ecr3
z-#~kBk_d5;&AX$(O<R!)fZJokLS9P$>Sa8{#@Il1rj1<cD#VxeZ((^=BZuF!Gh+ry
zT8Grot^G{?2|R>#e(-=VjBbB%MsC^5s9`&^XXGh%KiJySaVZ+m_3_tPF~~G58{IEk
z?7zt&GUQmFn!^lyV-zYxCE$z~3B_y;FMbH0;sm?8u#W2#%E?!ocURL_9-2`zUmT+V
zy=q0GcO%HT{Rn%J9a7XBNqf}%x4rqAk%fe;JXkr06O*LwY5bo=gBNiMFD9qSOYv^9
zS>y>4%&oL*(_alpsQZc@u;V@zO~;GY9%L?K6(x!IE|%|5N{mM`Jpb&LEcqa|_<~fz
zwM(OlVD4LD28jgRqaTETwU~)LK{RhC=w;u4lV6-~X9lYm+l;*xMEEnH-Ga4=pM=<2
zHanzG1-k>`RA4aq0uJ%s<UlzriJUisgDmS;&BCh6;&(hDjPuP89;NBdtQciE6k~<N
z`K_*ln1g5medPLJDZEDcIdO3+n8PoR|HE$xj-cDL8Fb(C;6_(&O#SIh5CVQwV%rsC
zb{=q&3t%gFtz&P9p<Ro~h~f)e?p4tSJsoEZQ*G^u5*Aju+Mbw<qv&DKX7iCl3j2M(
zO@bQB6DP;5*t-%@o6H33O>*$n_1Ur9S90Kk(jju+X1N=p+)(18xN_2T)jqjm4Aadx
z%)BV$!ybc6woNID9*MD~7?YT)G@Sdu8ZB{oKFk!@F1jF>^j}KdAj5lsUsZ`H%eMF8
zoT$pz5q#r!N<0A5+xyE>uPIvA^o5GO&zVrx@uJ2kcbE0lsI>jP&JHiqlDn2pG=%20
zz2Gy3##{nW<(nHbyCjQdn<vi4e9R(LCw~iUFaNqO^1{31Pwh4LOPlOEj&(+_d-%G@
zVV}=^*_|^77F~)zm!Mr3n)M6$rtK6P6EwOpdEw=c(XCNq-m`C6c;}DlQ(p7>jn&Z$
z`mL{6-W8ARR6U6(tJ1SC9{mGRwCuF<UaB|hzyfS$)A_>}ktnb2QB6u~OD2!gbKyHU
z#rlJHl{mH)%zr$N)_q(X^=tD%<LC(^vyg{Jl3z5J$i=Yk-y#28Ri;`*(OqHO$TE7e
zs~l4^I&d#z^VF(#^Gxeqp}#l|osaf8S6ePFNwG41u9^>BlX}aHyDjd|OCC>KVeBE{
z@x*M?jer%5nA0ImtW@u#cFrAM^Nhy%kRp!sh-mbd)ucM3!evZ-->2~C34H-KO5%Ll
zY5Znq!=ySrA)wq_Nx}TRMl8f_S1sfF5B*?3<7?)5{>zs9tz48fWrK+b8v#)Fsz^+`
z*-L8ajk6yM2qha{`9OpNyDPB={J^l`%|Q|?>&x2F4Q`pz@oj~IWUXY^vD=T}^vM$c
zwwHKi-oYdtJdVJ=qq}A-t14<BthCnpt`6>LDvK@`@#ZcqhawSZx0IhV;FxRK-R+B&
zZS@rdtXDhE-Q_PP3;7bA{7gApd%PGVW9185Eal%}$JH5GWrdskc>TkH)3k;KV-Uj%
z6|64a#Q#HPbrd?@I7qyp0`|;mQ(|Uig0Bt5JVYrs;CsawYsLP`YQ}k_jT2sNvHsLY
z7NsnfjyOV_%{z~b5Lzh%S=5JnPb!CsO}}x-Wgo4FBRUT6NzVjA(Qp7y-ClImt+-#j
z_`U&^=3Jp<S0NFWPi8J_EXNnsqvd7W*v5{)SCz~<M&*&c%sq9i!+RhzjzVz0|EkHc
zz5ifCY?VtrQ1|DU9J*=uu~}Y`amRv%`Z-15@CK?rnlntQ8$oY>M5LaW$2-<*4l8ot
z%z*P`D`UycE*S%Kja50azpqFlQVw=jgdCrTDPu>!;AzL3^6zj3dMj?g2Dd{*_JS`9
zb_@KyRxaX+D6`4~i4xW-7o11p*B!Kavop(5<0HyGReSkun}({Qud3<(Ud<M8eRn+b
zTea7LMLquj?P~YS68oHJV{8}O>WhweXjj%SI#U+YM{>xgc;d&95>4%Z>bVX@1xrB%
zVO5U|v=uRvV=sLdhCQIjfATW2ysW)VxkankqkaP2^3xufCWzZr$2N)xg?nLyiE*6S
zQohqt9UxDMz$4xuG?@D&Bl4{NP|={wqP|f^UoT(;=*fV?w9U%;t#;p?WnOAH1sfjf
zDeXk#Dl;P=WzE6U64?#_vcO@U$_qr_w~08TSCaV5VYHo{1&jQdR<Jw=sX$-+2~8+j
zWpA3PRp5+<IdXfw9lK~{{`UBIw4?U}C03LZrA+R(FIoz*5)JEiZ-%_{M2qUwn47jF
zp4Xl#W#gSkfQ3EL&BIz>hg>sA!mT)y#Y0}7fS4f2iPCEfrWGKQo7VBsE+&1%?=YJj
z<*vs0{(7(lN{8EEx4riGsx>n7#ccriO=~L>_L{+^xOX8j`#uksisW{yF$RUeG9DW7
zKLiC@I9%!gS0@&%2ZQ((@Ih}+NdUPHTH8?#36V?mg`|%~dd1y647S-YGWsdH%RU^K
zl$*2T{~Z#rME`w2fq@g^{`39+b;Ea&z)D0kbPxukAyKRO+&k=zFNDigco{4JcUsD}
zx~MEZzFEq|nV1ZNjdXZykXEq}%}%5g0wY;{ZuDfi$=?vWlw!gpp(dpov^6M1pg%*M
ztZB)rQ)0A(z)>=cb`B**nE$+^J96=u?QDYl!v%fBWpR=+O79|X-86wbtX5-Hg-<9~
zZ%s<PdJMwh46#&`jYqGY#D*kUSV+&lQKC$nRky7$#yN98f~0voL(M4hyxK`kBloD!
z>?&Yavo$U%Wyi#fp}%J;dy?TL61oQ;;$`lNo3928h&&|j%4!F3!@?wR>nRb^Ae63l
zO5DbBnbOc)8=pyqaoyI(f#l$+TxS2*xIVH{Y`s_wA&hr>(~BHmscX~)e1eUGfFkL=
z2<P3w{N`ViM7YF1r)AS`zOPc-3t}C~425lX0bsMdhA-O_pfG7IA6_XLjhsRBZ5<*p
zCauP0>Kg8+A7_-V2oX!z!u_IN!dp8b$!$~8;7)`iI|M)1BYHjZcud^{AB`q@UQkI~
z9^rC{t8z!q)fh&9`v*`G`(`q8InqmkepF1wxIjriKcWH*#KWW$7Co4ay(%XYjmV(F
z12m-boecvZUbyi-9)!P!H@+YQT*So4oped^#GQ)BC8QoaoB=jd4(uh@iwuiQlyYX#
znR?PLZsl4*r2X>W7z#FJ!HFsb=-W+it1od3c?u-I%9Ishe(MTrfx3^-ruY^Xgk3w7
z5<uU?O;()jC$ntfjTefkmo}&I6GnJj3i#BEnF=G<askuToE<P=PVy57FwqiTBs>}B
zy(G~WTkMqLBvm)7X@@Ue{(acAck32;-g!ds_>AkuOMD&Q@}P+r^<_l|?Dk;l%iY#%
z=f%XytkqrcWadYm%Fy9A9_e^VixOqN@;p{$Ik|gdZK;XpAm1IG!$S7!ux*%QgYWqo
zVzzQ}66LO%t&S+2)cK?<JJ#=&x635jRcYj`4*xoaIC9?YYeGjF2Cy#qta`E$k==fO
z`;C;<8-|0PTRyV{f`u=}vKnGj5G8Y`$j+S$-7Ke3_hq$Da{G5SMK0d+uEkAH|K}-A
zV{6niAmQ?!V6X0ny=_a#&1)C0+l=-4-12*b?#yuYp`0eg@0-fjqj%JJ#duF0bg|y6
zR^&|y{q_!f3Fb;155AZ<bAISZ@*ga_SAt(FS3Ut#YaQEYc{~00-Rm>&_r4|R<ub12
z$zuG2W~1AT7vA^(jtTeQqB%DEq{`7FCploxeCzsqx&vi(fBty5xcQeORC&&8`n~f@
z%1+p&MSn`oe`1u&I3G2auk5Mu<pwpkQ{^9&ZMA)fOKWOd?uon~>P@z+e=ZvAoX4*q
z1q&vBlfl2kn_#4g+-6KuHx-ysLXkc4<Upylm`7V*`_!EY_z`*3NuAiZcV(?wwAq;e
zCNH1a0ZDASvKVr1@~e7a#MM-uHz?w`#8+Tf9=0B8R^@ED(I!T94p8`mJ&hdPCIZv@
zp0PP!oAi6;)O8sx?_%Pr28M+E%rXeLDMXT(mgkbam980tw_L%kN)f8;Rt;|sh9dN#
z=QeJK-}I$rJ$EXNpH0Iq`zK;A-vrhK(fCoyEm>3X#*637UX|2q&Zpc#&s|6eD&EX$
zGtE^x9*2x0;pS40Jf#2d+TyP@p;+|3rQ3|iHagK*nA@}T^z5ZZxuG66ioa);GOPpa
zzV|FppUSZEa-Wo2uiDOyo;$eou*lbOZ;0A3?Q;<~;zF+=-Xd(|t}BkxALY#ryL~Bu
zWco59qO-s6flQHB3S3vvz!zs!|BbD8k7xS-|NnQwFl%FTSkla)S;%24(P6Vq&TZL*
zC^;WGQ0VlkX2fg=Ij;2DRx~3;lvJ;hV|s}>Mkg=S3#C^|y?S|9ukWMx=ll8o@w@yU
ze=u{oxa?vVp7-bNe!E?76_IAq1tm^h3v)GEyfCMZC2%*thd4|H(#JX(#>Ac1vwnNR
z6920IpszL+6n4GtLwWDL#5)fx4H5Bg6mM;VHqDo}LLkXrvl*M~pH$I6tN^qoL((_w
zM7X?Q`ZfSB<nNnyN+aG{V$0ez7VIZNdJ;EReRX?iUs?TOX%W0qPYc<Ob`GG0WwZvh
z=05otZ|a_P$suB+EX~1@6&8DQ?L0T-u|8Z*Nh@7XP|Ou%<G#CNFJz$KC?XzAg~I!Q
z;xH4_S=>1=J^#MBKz&76ZlSdy3fpArO-alC<=S#on5JdK?)z#+=~DI~Uw0eL(njr4
zD~bB<kRh)pZIsT=PBa@D1ICj3T30M-NJv8lUFLXETQI72<YYVV(m=!??!(<%OD3Yj
zfo1r}X|bfH_cu@T)l}}?0=k)fHCeqKhaOcCG7TOTa<U_7Q9R;CJ8A+Dkl4di^M0Ix
z`TPk|$9@ft8)zFDrB|G1ufpNdJ1!zKlDHmwalSy^&kQgZg~!Zek)?F=?l#2UQPHIV
zkg0dx>@GG;lQ{{U^+)KjmSV&MgFZH0%SZu1yLeg37%N`4A>vN_qUM$Zkmy`0Vk_Pg
zTXLJMq^B{ErD{i>TQe3UQ59|JkKQXw3V@FP4>2R}l1h7#puDt)1^bIyD>uk+myPNx
z<a!caVsznw#)5){g19fkq<KtOJ;!+KgAeq3)*}6xvk3i}Jwh^~Rj9Ly%W!|C5I|!X
zTXSW_okFomw-}lX@{7*@AsU_@R$K;P(GP|UWQ(#@<M1TM<+<X*FlHl<Vo}4fs>E-V
zj6>AJuy9SfZ92LKB^da>s69B54;@(D37Rf}{s2P;<L;;-LZ?WU0oE?Xh8_%YMgAzg
zr(eSe`bV}s0eY%$OWer-Qs$1f0(%JEfv4LD@3;KP7XUj6aQ=UI1OJn4#IOMm9dXSP
zWPmC0A2`AED{Y8y!32?3mrgq%POpvT$ecBi`Y}~F#KTsUf&vdioaF2R_J}QH%nAhN
z{(1nhqQOR5H6G#UrkoI>=Dc7aJqm#~qQg><kg`wUa^9%TnY9kjw=%T0JtTesbO_;J
zX+NPpsU1Zc7pnp(V?!!ZMF)-gy@Y*C1G{Hfgq<&OuOP~nrAp)G0okPG3vOruRtrUV
z1c7Kr8U9kR)>@eXG0|vJAsh%q{f=KSA%=XNio3-iyU0+Of2*c9%EeV&66s?xN4rD7
zg+2i7zb_P|cITw;1KyExgFX$>35C%WJo_~dS7ZaUep8iR+H|MJ-WSgL!W`Reuv%(Y
zA}>VV-pn;Jf`Ec)gwZv$j$}DXd-f$oU?t7|tV1fbi{<SwgAqe-@E$6PLgN+Y?u3jt
z8O-@;ZgOp^``K?wE__Fq?Yu-3KWHr9X?$*l!YVZW+2QJ%9VLWuE>rMOL|(>jksq~~
z*G>;DAL6mES+T>n)384Gi!@M=SUZWWh=zeUVHRo&pb2c|<J?Ga(FpXsKJ_2s^(P~Y
zU$SyUt6gQg>f+io(C-f@$VsOI=|`Henu6Ee(*K70W!saD6eI+&0vD#>^w-YF>ga#G
z$tuBM0%JaSYhH`iAf9R=)!25us;v<u>@G&q-2cGYFC3he<1^!IRJ7XDFUPph=hjyT
zYs89OOoeSC*7Ak{A8t?<;;v(I`OuUEvQi(mmI10<t9$mYYAOO2$>aO^8s|aO2ST$K
z-Y5vUJ_ceccKITE;+Q8#J4yShIg0b56HvEDG{?Rw^f&WTP;9>gH9Sp?x1IVWA7_L&
zo_?4YnI3YvC&lA9X+P$1`x=)%vjUU5{)Jd}Krq2)OrZ6aKjy_6^yO=coJ&x>j&m%&
zal=MP8>}cnuMjsCEs2cQ3-wr!B%46DjR`5~&OPHcs#WRD$H;4qtv>)6;+Bq9>st49
zyYNOY<Pyx^|JaU}HJ`;^!;O?w6FX*JCT!?RjMR4`?zkfD3wmkMMDv%}S2ourcRqI0
zpw+B=*1jhE$==Vwsf9z3seD@S)%B2-QS;$(jl(I%Q+s7`2d>Yp?8ZJlkt-^`+M|Au
z)ho0OOue>~Av(=@Q<d<O9k%r`Ly@)KF}Zu!dU4=l{kTSs<)PHdL|k|%>Qwcq!JeQ;
z9lvt3T6mo#<fd_xE`M552REd=B4V44e@)G(yo(sHtJe6|sVu(;bVzcbbFOL79iy%I
z!0Myfa5Ggy>G2z7moqL?_IMzj2nqAIAJyeDn>*Bj!4~|zksFcr;mi_cXD$SpFs-T!
z>5q^2p#zK#@zkuqHRLDmZh5e}15WG**VxLwzn!|Y&he50*Nn;$W%j){64zjZ|JsV6
zm8Kn=syCmY3@)Vx*OVfV&gd`v%>xmdzAtNwz1O>km3U{K#=K|q=~{LJnHVjMD6PnN
zRB3KN(ko%!qIXCX36McDW|#!Mr4hi)LCk_V<MwT)I}IHt0OkVkYI$d-*RV2vq9ebR
zB6Wb)C<ql=ke6~jcLX&`Wz+pPlQUgtmzqpnIQ%>=tFjuH0`D~t!1}(U=cfvPCneCj
zT-ZU1e`YX~RVg#HC<5uf(h=Us!nzs7d|C#cSWI<c9>oXvk5!ALrhc_COhApn0B9f2
z|LObn<b(pGrS^!!aH8N3hoPqOMsVxiuD7RJEKL&^fPF&$<lGr0o7M_m^ygJnrpM;K
zC>na5p7k+Gs{m^0Vn~*zwYcsS69l{cz3VGw!3|)1LG;vGTj$2TQsaxhH)%K&_vl;q
zO0mhuW{a%l9a~`l)F|Ea$T7v``EcW2CDVAP0atS2;Of>$@b1_ZW;1<RV3+IA452)2
z6)-e^^A2jw(0`@$wR2x>HvI@R`j86BTb~3KnazQ)qxrX@dU=N?p_fnrnQS`MOUTxD
zf_GR0Ou=8OtZMq-Z1y=ly5;N$)4$!>kedprCWa^jf#=7Ux{&nl`EZzrodftC-d{7K
zPDR_>P-hH`+;w5LBfbXB`B&LS0ZmUGnE}mnZzO;&Oe^kmO9=5bmv?+CZs*?f-GuSz
ztyW%%KfJ8UYJ`h0V{8xV=$u4`ndBM{-LfAw%=V>S9AN5(F+D7dfz=gfAO4AfUgy2@
z%T7HH^Kv$>bNBd)$*e2!8pAZV(8WfAb3R#au#;gt|A!+dOW;x?QFd3o6Y_*?E+-?Y
zeJU%{@KP}N4rJWd{8>yPk4pTQ(uTH;$-<_@OB3YELEu$#Uy<_btkBs||HC7pBf%k)
z7tRV1AqZmfnuFOIJ3UJkTJdOTwJKsBJ6Ei|u$PZ8pOl#%KV!tn=m|rZPb+K|Yh{?k
z!^kxUYo28wYU^$oIbnIQnZS9X=FXZ{KBT1#pac;RjOLco?mi~>Qr<tL3O6<<i}BrV
z&fOesUBae*h(?fDOQ6v06I+*G-Qyg*HBc$n`dZ#7pdyJ5T{qb-`AUo9o?6|!Fvhlo
zZv_EWy@2Jwrs{|~7ZhS6`xSuT|Gr5(DO1~i>qPn5egwAay%4(&_}aUApce?PLMZ2e
zczc32DP7I{g`L832OV<DNo?=qDfD&FmR13?K)4Y_`${^KE*@}2^r*pozR}fUZKQI>
zgvT*%)-FMG<*9Io)J{F-xk0=7*xE~t&`VU}Dh@f6$c57XOVUlIM<KN6DL+REEkL{%
zCbJP5^qnmX22D+GB9&ZyCrZC_RFPE}&8D8w^fM_4SjxK8s>zZgkJ4MyPjW1afA*~X
z&*89s{*?dEfr$<2WW5yF7r^m7CM7z5qR)dZ4xk@-hiNnscYx4LDG#DqXfJF0tNtbf
znu)d*ex%dC61C`Hl9IV2!xWt0e`F<kDfnu#Ko6)b@S`%HWV&=5E``QK=~FmJ%ZA^?
z8Ck>RHPuXSN(B9}n0>-wO-st|e8)HS#g-KZrFHc**h4Pm%df8y;D5!rN7#gD?6zSc
zwO7%w@yJRU)D~FkN@_hAaP)Oo3b~NphKak1*|mkHl0TFwY&S>4vV|IZVa*t21K|ZG
zg26axyFf`llAOlkOp_Iw5V)!;G%knX!Pvinuf5fZUIZ8G;c)pw&r-QT!!p9+W#VPu
zO!tLU#^nrenaow${FzgXuj)`hoafD9^s^dlOiB%Fs|5Ty4*9Yjb}1Qg5hZ*Gd=%5{
zVf9Q^Ba{B9&_EqSXqMq%^OxvmZ??{gB1|1@`IM>8?&W1OIea-cI5Ut7^|+<S*<s#G
z5@3wKe7vcWY?i6Tq=MD8GD4>3t<Nd+8ZJ(_q6nf_NFZwVIEc67aKLKK#lZ_$!L@u?
zk%;Q3B3wE{k=;tfbCik644(qQsp=1094f3*tVu$~(k9OYTa57BwU4CW?`@A_V#129
za)uT+aV%jg#3I>oPeV06w)rX_50u-wZDQj4@vn*+1ba7(@~dwltP+QdoL|ugfkcLs
z;DfRU>&5V&STM1%40UKfHU!$9N=I+|mfglq#5#7;al{F+xIdR$g{QAEf>E{?Nj!cD
z9cZH{+F_AW9TtQlyMpOY<;o>R!wE{%2)oloIFZaau#_^~)<}#_-RnOJ2It%K@V`Jg
zZLX&!GD*cjGI0^7qu3otm~w5@6Ok!B<FK~kOOs??ba^{KNLaMAT?hS}i<8oIiM(y^
zWi3-?h+uEB#=G|4Yvm%yxt+qe-Z)wG=025fzRL{*ACSJVYCRVd!1vIQ<|qVP3ioK>
z<sz%}58Tw`j+O+SBE_h{wyT$47P4@7E+bhbxtf-n9WPVPR2>|@xiRWkYVhdg8zXhB
z)!M;VA2(dRd%$w6*?X>Y2<2(vW4pmFr9(e_Ik$Ajt^3|{S?1#xa)RqGoQ^y?`SRLS
zYGdEQk-JcwJ=HuK*eTwul$KoW5-fF(Y#UPa9SA+xT)rtsP5rIDeBlNhp^h2zLO<Ld
zFDZ&syrGp6^HAF!4eboLo-2akqZZ&sny0+2>T-4cb~ouv6!hyuiN~dn^xvDeopD`h
z=iM8f&vQU|CpaX3#+D7C0u`}C^A(Ya2{lKbA9iUGwbt!<`h;F&hI;TT?P|oKE`LPN
zdCHT&ZkR-#O)90X<z_xMLwl&YHW)wF-+V09Ji+<cTU*`cO)mlu-dVFMq1NRQhCW|+
z`1Jvh&hPr$Drnbyri<kOrGEtNpven#%3i%%Sd)Mmv>b4%X|0H0RNPwP+c8D&&j<6G
z-Fz{`Uh|37ob+*fpH=vn#$<>=VFpr_WVL9hAVsEEZERGebp+1lJc~S50?_+nV%oou
zm6<HJ7>#<Rsi|9=rzk18N=z_iAfC>u5==vfilA*5vXWKW6P@Xc!0Z6~@CW>cO()NP
zfE8FLypU2i!XawKE3^_hgP`kl4pb*L3NyZd>*d#vtUWjTFt(y>qu47r++<ii7pNb-
z=^ab)WVivO&5<mvygE<A^t4{m4#)d3(&G#i1e7TTRq!!O*1-jT-W>&fWb+3p%N(?=
z?f}Uo@|odxJnOLzL8nH~-JXwXD78+=x{{dxn&X1)?N8|(4Q`A*9K>_m%-TI0H&nyq
zgm<K`C%2+}SUR8iG)?pTqBELA=s+u|V=efz7+k@j&&lsP^_aPS5lU&L3>4Sp$h(+o
zz9<O|b(PDz|ApLCljfr(9Qwt$)<<1qltT0t1!$(zi~s@j%KTklRSBr@hL{q<z~q$H
ztd*Vr%RgXfWrC^2Blhq@hhPv#J16mc-DkuUWLIqiuF@5|4|W=Hrrs2!+(_mOyF9&7
zxetSO3K}$3yxpAME;Eh(1B?JxXHsV*N=KT}MI;e=z7Ow4FiT|u9%7$g7@L{tmV}bX
zVb#B?^_U{asTO5Iv<RMF$}Vww@EWGoXULiAzIXvgLt8q3T;vViGKxQKWfbgEHm$JF
z?U1IYA{HQnqSi`b_3K_j<(V^&7TH5hn?7;|rh?C|2XEL?EonZ=jro-9osA)lr0(>+
zo*%7_X69IYc_UXPpQ{F>DU;+*_VB?S@Z;s9Ieg>c3bsdr4ru7>I|gRV;LCCuBpV6L
zCr7~?k{tf!5@~K6f}j#dftH~;km+veGKB@^6W?lE6=La-ysj{2iZj&w{Co##-ju#h
z&Kb~jR1bKNngM*}!I`+n$!BSfjJ$qom@!C!Oob~gGz%6!aopnNOiqSRP883)9}#f#
znnwyv&$P{v0*8c-ifW#!ld>vXkw(Dg3)1t3@4I>|BIs&7;Wx4c7@Kg8l37Kr7EzSv
zZZFRJgD$=d+onUZyeFN98g$~_{QTl1%HLBDN&|MpZB!JkAdrdBil^i7TPgx4DK?5{
zF+^%kftj&UWNSt`4Qhx$dFsJBgNO!ywlTdP8?jCPR3Q^d9IK^C!9kD?rZW%*)ygVn
z34%nDscMK0pmDtEjY{sQ5Ei5Y-}X1<Y^&Ly(gfw69x|xCie-Dsvqv-{I9|~ZK@=BZ
z-fhJz;6a8t9#kCLlA(~(M>#G;qAO(i7dg!2Ay69r_aFfu5sW8cxNyMrwB<712qEez
zp=0&#P%Q6eNv7sUK5WgIVS^Fynrg#1q*4Z`m;V>ibxe8rHqZ3#KP1~D04{0Vs{_=Q
z|2YN-4i7*f0OMGP3|LKo&;*11d|;Bvk>L=!0AVbIBha1(DM&TURpzdRK*vGQB9iX>
ztYAV$BzhxWKw+S{)&%BRLT^x|cjF*`(?Mhv9B&Aub6~)83)%b=JvLG2D6zstHYq`o
zG>X=ao!Rq``%?0;T3Hq>JuITB<LnONkeN=K%vg;Ly+bnMfi6SznkCF05o2A*H$1*4
z?P?)pP$<&6#%7_D!#SMIwj6Dsr~FEV#Uuy^I=zVrN*&N+m$zb;0y$0xfZ-`V&IoK4
zJ|Ve}DP+5xuL{)HmL?(+<07lhi{=nh$@Z))+nz$7zqP7L;5$9ZcIAU-u*_WPEKK)2
zg{)OX)ILR{OhP7=Yh7$f6xF)aex4)T^cNAMW&vOp_&9Z44lF{dvQgTL+@iiT0tZtu
z-|!%-Evj_u72cXVE&h8bByvrMC*T9l=jkf=`YZOQxHsFi@od`Qh6kNy`4LQMF@3lh
z3$yr4k%ar*9f+4SC`1O^7~%b%EJA2V4{BhWVUtXD@y|t;qu#C;HX&U!axuCuso2co
z5wvYeq_)h2Z<ms!Eq95Y>2zV+-pc|JL7--7n;ieG62l29IIa|%it^+1brJ3xUo8{m
zxd!cTgctG-Ru%IXV7m)H(a|=)%kJ8F(Hrt(3wG26hd(bTtA5~-5nnQvTMGu3TY?SA
z%jt16Hh1G;PN+{*@>hU-e(|a`&z?knLno89JQ>NCvX0-U2ADGRqVck=MLOzEY!HHx
z@9uk=kM|6pZZov$FxbE+6dmP4G*L@n6j?##tbF*K!`YfwU$1D&IDUvhzkTUGl|Hqi
z`YtB$UegF>A=@m45u&-hjb_wzCqoB%R&2fMs<jty_rPE7qDv-!TA_@k4%A|`hea#d
zKF34Uj0sI%_w<K1pVLw55T(E&o_9PHr<rA4=8p{0@*TJ1sd2~=8K~8pn&~U#3s&9M
z!v*$O`~3ls$$~-NRgZ=a7mHfuc8)gfgze2)M@wO1bm`yfAybH|?8UvMP{(?g@Aflg
zrx-qAE@OUmyNtS*3@MBC<$Bv;wt>4Y)(ae5lY;YW&kn4d+u%K%+N}?1?`Nh;=Pa-O
zA?P*Dg>@d-9++iIKj_uUFKH0{RXB%L^(DTzo2;ZNN1|^NjBj$6Q=CT*wGS?CC=1wy
zepS;ATW(BTZ~h=|^tkI9g(+NcN_tMw+Ltr2y>{-XHae&>Z*HrP(-8hb!|(&t7@y{3
z{3rj2Nw*W){{XqE|1aN$L$LthP~O;Z(f{Oan&s@Ry8VSk(Ae`|En{AJ9D?6zIk`<1
z61h3J>_kbmU1W2mcxY3_V=QCDbm4Ps)8~Y%&UF{I?<-dTm!a`gGIhSzZ~<-Y2oqng
zl>f&!k{xiW?m}pMQFV3D--dWsV6M0=E=et3fI$y;0z&_wN!-e>H(Yb)CJyeXiJy4m
z3fgFwZuH8>B|pK0<%-tq_}JzluA6x_f}HdV#6re5xQQ8v=x7G$<i2b8RP=-s3ANi#
zqkx$S5@AL0S0XE7??aT?hL<fF0-!Lj%J|1?=T47sdVLjUfo|-uKbq<mx+S#SU1>@$
zRI91)?4Hr_)P+$9%We04Uo(JAENUkV-`C*89XHU4Gd-=Su58@hx(K=ee-pv=;nEK*
z{{c94Bp~2=YAf6@8S$C!@{HaqatwEglgl~<9rW8f8M0%=n8~F{25Z>mZZLmf+J1m*
zg)AF-qkQymN)$h_n=?$@xMp4rZ+;8V-U%i&hKTlorOrWPJxBsazR5cr<R0c7W^kBY
zf;MlH;iveRDc|U0DR9xIS$R!?<&U~LjNq@|5$N$*N!=HzbQB-vKS(jT3(_#2k;5vd
z!HID|w1YhFkkJ|xNM`mdsDRLLxuck6PQ&yHqJ%C_$?+2hR$?S|7ZC9HMYj6lKnlYx
zI?pp-MaVXsbCO&+s9ZF-$_;3`|E<_$LHHSvs!dm=AR8-heRmaSqko;xx}<M0FP}8v
zn>6fYm@_#7l5mzG-Ofk!&^CIrMac!*e>NSx&do^GL#{I_4)lCfen>}U8pMvnb!wu#
zVqs^P+?=JapLk4x!)J=UfH{qLs}N)KY@%4<znh5HTEa|6q}YI_8#$Al5u!2Kyz@tb
zy^NrSq(i^+L9<3&(V6EN+W@z-E>4_lRv?7L6H4?v4C~YJZhP+*rbNU7^UQ_g$4Ije
z&>I-YJBmw=5_bV3o(I-TrBjN^8+~A?YxwSzmH&~<4R#T3w`LExb!uQ%w)oJ-8OHaT
zbX3rp8S<KabhcU<(in#5arqN@-6b1wC|VEsW6j*8kl+f{C*XJs&2?Zxxqbd4d-!WP
z!_8fCiIyNVyj!fTtW{(>x+;m7u|}jiXi|*TKPJn>_JrvnM@!hKixe!mV@Hn#XC=4L
zUBgZRMU=@H5Xj8}#r#HmBL(6Is?_2oN{e<0mk(L$#KHc|nJhQQ^dMj^8hGO_ar)p0
z*x77gyGVv6g^tH$3i37_CSuPIZ-V179K&(_J#PF?x|1&P%&Q!(k6{&rVTV*E%pwR-
zQyv_NaC4>jtN^I0SKh=kZNq$a=52y(h4PstW@FXeVXaIAHp6VI<qqF;8~{Tnu`L~e
z+p>wHE8CdFS;ImeQ^7O}%>P%m`0r<iy|5KYd?;VmSxZBpbySNEv+0Q+IaUQu1+xuE
z8iTyiU2)D{mOl*ee8uz|LSch)k>x(Kk!|&Y#rwZA3TzgMv;=KNGH=1pmLqT!Fe1pM
z{ybtLctQb#y92<Z1D*aS3rUZH%z}wV<U~$K33`x#{)_~MQW%E-T6|~qL2ZL^!?k%#
zRXk588)?lF-8L98w6@fLNLR3rH^geu?_vL}m;c907E+&BtW{g4V;T3IYtHon)i<+}
zRQFFj$R@IqAq*dZz|>$$3DQ#*i6D9uVc7v-Et#@WC?+<3RoIwAGPS|JVX7x%R~skd
z(}sDa{6C5hT<8v`8v0%)N7?wCJrEk|S38sA8$a=lPszT;V~4{a7lL`ZX?gpEMSTi}
z&)q?>+~d?K@>(AP$o`%m=LMECwhhN{G1w7&aE8tYz9H)cM(=pS7EkC?w`4}lfNJeF
z0~X<&h~>VD>%VTf(Ym&rYRC)H)F-~Y@|Kz+%*LxodFxWNh1*rVV#ukBaamYH`N)p?
zt=kXsyqyK>q6la;`iY3Sk>QJByIf|J-<I<>b`~Vi5udr*#~AFR<NA4f@azK98j(vx
z@I#&UJ3@0Jd%p@2D^ZbSh~Kv)=x8sT=VR=ib@kXRhn|vSecF(ksE>@W+yONvF{B6K
z^YS}}<K^l~$~rt*C8T~^L0yT7Ho)FV+&(Lu(lzzd7sMs<hxuscdD->0AHTkEx8L*r
z82S1_+=mlq@U?<)ZKMSC&}><`t_|QMygsmjVbnk&6eO0Bq@bIvRos$wS>h^|#e=$g
zj_Wv{?%FxTKe4x>fi;4P;%bn*ZmO`?JeO6%FAXEZ{0htCY*$r=V`N(|=|<V8Qid3Q
z<VWaiyOhL|J-p=ck>O!|2+s*zeU)$2wDid%PNPC>kD6}rE4Oq!v3)=3x~R@43VNQ5
z2+4a>=ezs4;4sS<`B}?hOPoz|AJ*UQoVGy-7h}A9LH8Hz&ZZ++mB{5<C!w?3P;VF{
zUXX;ck4*HSV=`<j+xx16X2XA!#@Q&Fop`=cb2i>^JtJvaC?PuDWLMAAmi9&F>^-48
zpGc3=y@gIl42_J`cV39ADJxmKqdDKQD7dfq;P_p~BX;Wt4OjLKbih4pW^d&6Z}Ynz
zS{@&Kwd>2`L9Usq?tSZjwsFtK4M<xb2Sz7CGw8{B1|!i!l6vCk!*9HUFY2K1#?Udm
z^m)lZ1XOEX_47cx10gS6vSNgLmTeLPBu5u|(g`(*ht(%`I}sOkZ1d85u--I-o#SrW
z4ba!h`Uc+y#~;00pJ4aZeM!$b)Xs_==z+Oy8w#%hGJ@rL<~eRq=jfsCmKz(d|8u4~
zIQH5wmAU!pV||~usOEQX`uEcfI^!?yF6<|2_<Rb<J@h*HLdJ47t=euW)-J@}<?1%K
zpnm=MzJx$~2S)5yyJ<st=LM;gbMISA7Cvay-zDoTzQ*LP%DD_am~(QSED1;RNG(Fa
z`PBhU#<2Gwe*NCI{|(5Jkd}@lDV-mn%X<OR+RR3kYvyxNM>ZNinR_M9qUEb9{@LUK
z0o3?+u`9`W%Q*^gZeE_vs=V1CZ&jGm?Mi4Y|FQ1S61e2LTxFeYq@m)VN%hN=oM(HP
zV2x20`5iExa@19j>@=QR1ljTv{oUv7dl0PdmAePZLoR8hFIAN67;3tx)DtaT^j4%j
z(A=)U_n;ns;T!FiQl+Mnh(~3nUiNxQJoTNu?qE;Ov$yYY7(Oo2ZkoI%p0=r-#EF1z
zKn%aoA8HH@;6c+XG5*g8<0HI<vz}Et)|HKa*YF0W{%HP(Y#nqT9%#fXj!U-~0y_g@
zl+}dqTC6cM)t83ea!qP8@lVnb-f;LgknNoF0U!Y*>Sa}_OtWs{H)U&vA?iIP41SA5
zqk%$$<e*0Ff~;FBG?J+<8Q$Ch0Nf5Gobd{<O<7h#-8oY;$7B`SIYv-z&h%-tXKO{|
z{9(W2l*TLZhuD4vZYMp$K~+WPn~kmZvaVZWZF-E1h+j-E1!iO5=Lqw&qNI$xE$b8n
zQ0M%K5-}g0<FcqCq<uxSA&su|IYyYWK|q9J>UDlrG4G(UjA$c7wE4y@ocnVT7*%M;
zY=o#7RIr*M@uQvGA##MIU6j`F-Mk359{GlCSKXC!FFu`9JD}|e(pCv(dM;VRVaRrm
znTB?NEi=#ER+(&hUkGfgCZ-TJGk^2%2`s#0>dFz11oN7S;A<YfVVdTj%e)iPZv0bi
zf635#xms&qvf-O*`z!J0qUlL6=9q@z3H|GRIoS{b$c0L(37I-(VLU1=HA%$!sGyi`
z8@4rJt3{h%f~Kj_)^F$ZJUT8O3BWBR1v?B!Xp>fVf_2YtN-gXJP`qvudPe1|7nIk5
zxKkSGk8H&thbtJ)oj+EOxO0S)1*7~3OsLYlqtetJP&Ln{`W*%0)b^o7L^}uRDkWle
zpWCKJ)UOjM$iE-85jw`ReKV$}awM8|s0VyVRy3j~k;x-r{sp(%*X=z?m)Z~xr%ZXU
zHC+aHLg<QB0l4^LOvGRGgClzM70Wi_j62Qui=YrK5UxI$@!1!1$MFp>V9o1(R#4_v
zli6|;<exhF@?SjjJ(a%)>zSNIi>!VBT22Y_>GR|1?>m*Ce8_0cunk$u;*T*{*o^fe
zh)ez{9c28&Dx8Hy(CHG4kN&p;C+KZ+jBxwqPrkfIUH*Fw*J^zQ4I+$+`#cQ%IirSW
zlDovEZ&jhPm;H{e6>E3qh7~KkI{)GWX2}l}2=3hX7er#!YWLSUwmf9TNsPOB=TXIj
zmQ&M6VnMG?mo*;S>=Y*x_+fn+mKnRMC{#lg*)(HH1oJ$DgJ9J^yPA+$4pgN1^loHr
z!6KJL$mHDVMYQUC>_jv|jp!U5C<KSlB>x;ZejZ@W;LtH-JhuvA-WmUqy~B?lt0Hk$
zVSFou64aT8n5F?D#uouQ0Lbn^GgxNMTof(-K{9Ja<wGqiDD;2ht{AT<?M7X)dCCs1
z1`NL=0LlVE*Z+sq`pM1wN!9rIq#87w5s3`2NYbW*C%ouyeiE;Xz|;e(k&*g6rW_qD
z1D5vtGxY0U$p|gW?^`^b!tU%7N3IcMioZn6WG{o<O5ZNjtB;iHBh0Us^m|I>NT*sS
zsu0)Gt0P~fK8A#5v5*6@h=`*UzW#eIL<i3-E1eWff)Vu$<N5mg2+d#UEIrH)sJ<Wy
zK7y=zypkJ~={74YkGZ5uxA(FdfFIdHy%NUZe0?qBRXc`=tGwms#X74lP|h$?>6_VP
zZ(Z}3RoJ8PENz!t{P3#Wy9ygLqpHBF?cPZGsX>tfU9B`#2`C-Qr-A?Dkk9CxH|%S#
zF8BEdk*vVwMG2C`HGG9&e_9`?v)cL+3C1KgM^56|d-X;%R=hA(Yac$O9B_)2lC*G)
z#E(2U^)rX#6k&ISkK39UO2T(86@W-D0W=HR_fLv$B6f2E_Smp=c~S;1IOBwpY;otZ
z8S;!8=U_QtPDkXb4Cnzr(Up8IYqYdcIQ`;)vbag6AU-%w!ff0BuE*ANPn$;k2^{k~
zM)wHp7!EJ8wc)Y!_fQ57u@j9qHFKpARyhhh6T?u_HD)}jG_p^4aU-%LD4?1t_LMpF
z5hnD|JswBhc6gag9mA`HuXh@BYOEpkX=ZfdY@MuoZFf(=`!rRd6%MkN2BlC@ZyPaB
z5$PS*VsoZ6ws_h*OX9>gzuwZo)03R6<2Djyr5EvxAnc;)2)kD2`3k9oP+%t3q35`k
z@wLi+uu&WWtx=bWFJ;j8Js+LTvIrp4@>~e6>5{&DkzP)Y3necCNj={xaExn?=!qwe
zocWsB5ol-nP^m^~yAC8&%O}Dvt_99x2TO;~2zE_5%W6s(%?P>ti4OgEdL{->$qhAS
zb4IIP<~ItCPlsW7k$<!iTSO-wEBWaDRrOlHV<IqnDCWgMw7%^VKh+cU^icR0^Pm&V
zd`iN9>RmE|3CC*0Lo0uURk!YBoK>z+2h}$wMiM58N!-{QbhnJHt(^ys-@57eDE&=}
zUG$c`t}X|kz&u6A)#;O!50029k6T<Z3!2v^p6f~0#ozq0_)DbG)|%k@=SLH-9lVVF
z{czAuy7`08TQ#Jwj0ZXwQQdilySlo@x1_^E8aHf~zO!stBkc=z^heP<8rHM@C+^u8
z@h=R!Ky&t5?=`?o(Ul~5V3LdI*j^2*t{|5!n-ZE0OnMwXQbv>Aw21~I!L#ibr!ilS
zu1!AQd0}y%^zn|w%D<NmyIh>zZ^N%UTvwni9l+OpK3s?C+b2qmt$B2DjCyeVfXleC
z%fAr$u84_@mEsYTTfxK|&aDk=*R1wR7*BA>G(hw^A6T<*BJkYMi;L=K&$Wz-a~=<n
z;1#V6TVx%=_A5B=Tz}U%uw2pZom#^VU`k5y|ClSGN6`~<dDo9ks{;4?KMG$pNMv5f
zVFvHD9Bd29fRhxhl=x?>KMu}Hv-O{|Tg>HH8AXAu8q(WA$oOGnz!4zV6al7|4?EZ(
z;8re0iX!ZHPxYn7*a0!#A<6MrV@m?$b)J2W41Ls^fC`82DYCAtU-gRZ$AL!V$U3h~
ztE%%Np$6cl{4}XXzQVg-n3btN*v4}Uk>2*DhFcl<5BYephMF&|xWf1IA9o&{jf1yU
znd`ZEWh|4WsL)fl<ux5+LIn!oLLw5H4uPa9^M#)OK!-#fN+rFYev_%B4;tt(B}QX2
zHPu07V=P*c@r{-kiZre8+^d-^c~_ZDmaOwli_~1!`J#O@V<f<T=-k_78;SDC%-FK3
z6rjR-ys#sB1nAG2sdc^wp7Yz?wF`F$H(WqaT^>t~!KG)UhCLjA0(mM)=zwsLeYGZ}
zWkvqJR#Mljnvh@8nogl1MQ?r@C3Z>o*5&TPK8saF%x<gdAND3ZVcs%4+Dga<9*vUX
zPIqeU!-)APa!P&;5;L<J*C|R~2h=S4sV@M14Sau&sZO0aCq^7fkn85IR``awd7j?|
zs<iICnajGOO7#uPZ8&n|byUM;WzL|vFAbS*${COl6qh!EKCO`y%=C#5zF|(9RqoEu
zIA9de|DmO@ndm4yp-f1-HMGmM9FV~YcoX9btdk*&>|tX8HpRF!a>NFVG`G#f_L(r!
zy!J%!H;~9>vIhn-IHXQJWXtOjyi-@`&?D`Dn;_1rkqw%z`Vy6E5*s$K2U$pn6S8A5
zinox|E(h=B=A8<0WgTIvC&4-A4Ub2hfj@+ACW|w%LsLTRb|;CvYggMa4S675TmgOl
zH#JcX&HbQ|C_4f@YZvL=hK_!m=F)YTB{sz1CpCx%6&SUa!rl5#AuWROXe;S#tDlm_
zafd{Ps=Vm&*QmV670Wu|*(*;~7`a=0{$Ah_5%Mb)Jt~kW3BTFPa-m-pd1fau1VVK$
zl9~TjA=fA`2js2NdXXH9!*O=3i!vcTzr##sJH@W(sK#zQ%;k#g5@aPAyFRkF9a{yX
z+z3#RJZXRS;f;5v`as}ut~J0FGoVJSn;2~su3~eyMNA1r=HPv`UoKt&jCrWc5Mb?^
zrVAo1c@gh8R>RnTA!A}>*9aSFdx9eV1rz)A5Z5bwx4j@z0IE_p{qVf>s;!s_c$;{W
zMX}8IP@K@MXGW3V+0D{1BoocZmnu2lS$GwEs}*$m%z*VR`g)Q`8KlKQnc*0E%woR%
zq->MIqL=&!M5cd`1(O}3-<5g8{@+1TdI0dVO3rZk#Ivwn%SQYls^pg0DX`yV231?)
z=ubf|_8TY1y+_YMT=k+5fq?uE2;3Wn?74)ayCc-lJggUsr_c3bnXs)mjp^K<!wy*5
zz(B#q{~W;6pwm?_Ai8ip!K42UEI*4Z!HfcWq>-Qw$yN|tU^Yf?3gKhE)ALnO%-^jt
zuN{<dFMHRu_;(#s-^`CpecI_^SAE>h0bEfVNiXV!ZCBh2OA=dU)3=vhwLYF08Gw|n
zzQTxX$uQzW9goW(Ags2tyLkkni^0P7YJ4TS+`}M6-!(Wj2LU?zq`OY{6$E6)@oEXS
zi`f#`L+x{=2*P7T<XDy?Z0X*+VwDX|N0B}kO&3L^b6-dvlFIE9lnrPRBxEZCHe=vl
z!bl8Q4~&*htLOQ;4S5{+)`BQD?y##2(p4AsC!5`2Vumc%D{jVbE=B<o8_4;(g&tx=
zXv<i(f9r^uUM$Y{CuC&<P+R&^8PV;t!B{42<=j623bqFzy=Ni;{E(pi>kBM1T2o3P
zV|T|v-$t=T(+b@L62c{UH`%7TWt@0@#k^8H*j2{zu(Nijw6}cnqdWiTA!|H8gv@9-
zJXH)aE^SfiN}2+1D6A3`R@i-i@iBGjI@y<XWz}7IpXf2?Np>wJj3CZ1XpF{8?N8yy
zA2|#RH1LkYT*J&_sJ=@t1V?hbg2Stv9n^h#aO@&Q$E}<?&kZC{!u4f05Bt&F*L{p!
zD&}USRjg-o{+yqY-5Mz%FjE0-+K7OsD3>LxKQoSw;o(MWet7Za6M8NsgwBZ0+wR!v
z2gA$3#YRRk8?IS$(>q_+Jy(ZBK2xIRut7ur5QnulRnZ|x>#ZtEL+mGy!0_QDKJTPo
zxNHb>bY27jL~nfX*($6Iv>!`hsBAjS#gjo_YB;nP5^3N=3*gp2jWFG{(~o^%>J8g0
zr{<jl1bu;r&*)Wrxks8)qUc0zg0*BK4Df=S98WL#;j~W>k^+1k^_?KII&moai6GEf
zW)ihs8|Uq%a>(j9?D{cySnPPz7FLT};Z-zDP?k0&Ow`nlMKUojN?D)#c8_DXTb170
z6(_a1x>zU|b=&EA-LMM23Vl^>UVG9o@lfoYNF(b^j_u>Ck&*k~lHR(`S$ljy?S0ef
zv+MIg=&JS#)QzyCJ#$&F($b@2dSB|jz%;&{xFt!u<FX!XX4cj}O`oue82#GqoA!Vx
zo~s>+-IX^9>3p=`rEV;EcGlnC__(+DrE#R_eU~B7cw#ZmvErNZZ9X*<o@>6gN-vxQ
z$c0C!j(*H!UXVtlOYT~RXNj`^hVA<}8zo<odtsaHQOmkRv9`!5Ct1iyq=TE_2h;1!
zEt^CwvnkIiSY7aqpnk1F=BmJ!(T#y<7h%|olrfw62PPb;ons%;B>FkR*{^8hsMCX?
zC7tIHU1*|ySMkXHJmrf^XSnB6&xx)}9}eNqW%SlviL-?Aef(ef7;8=CE>{PEv1TN2
zf7H~PJADX?(HAbYSJa*zM(g?K=O1-G=(rPTuZr8Ib)rW8G%Pn#QByN6`Eo;EGrq3$
z;x8lgNLz$TPjqCyCubr~gfe+HHzu~e5;=VRtBTl>cD*QSk$okuYNM)$1>cs%aO&V}
z*WeJfX_JEFtv=p0a>%Exh+_W%OFqxdYH@J`YamN}YCdN|Z%aLnqiNYze~WK3@%{jX
zv-@e1MZQRyCNy;m=7htgFA#e*%N1IhzXCJunM|-X>3lxevo79DiY2GFO}?5GrZpUo
zRLNdmX(c+?C%5?d(KVI)j*a0$=WKz>0{(!H2nW4D0r{ojy^1tJy9F}AA!a^@dp{Hp
zKYLJLxPDEBTF))$!w5fGuyiN%BLn>+b5=0;ozyFWchT<53)959-nvgsD#i`C>F107
z;Jd?3@8_-Ip$A?n9p=C)>^g!UB&~=*EI|#m4A;e^(9q@&?BDQ7rgYl`i8A@(Gl0R^
z1{i#mjSPkCLHnW88hRd<+wI9U6DE0feSEs@V1@<el^)K(c9$W^zPG+QNZ@id9b{i1
z^zR_kOKe(ol$aUueBGi)vvJf>@n;3Jqh+Mnz?Q8oF~>|n_T{#h7y%Ntgp}LA{8iQ+
z9-)Eyh*HfaclrBw!NmQE`jAYjah91kq4HwI>pI0e=IN}vI2+^1aDrsxY=x%56~L(i
zjZaj}J68F5mm{<ij5mXQh#{yPIq9)iFABByFS7cXGqa5u4DD8W+vlCO#7yt2RHqOj
z0J@!a9hT`$$i$F}(c&n`vWkc%vtqU+klPd*10Dq_HEiF^qKNM}5}|pwJB3<WRY-?F
zsyZgGnIQlCVEni7I<}Gj&{FyqFw&vdB{YgL6k)W8nDC+3wq|0#4<LrESpqF3uI5UQ
z4b2>6DW1#8zK|fn-r24yu@yQT(mNn_PXF;Xu2(xa3bK0Wpcwc%Oh>rJ8w#TFCgqQH
z6qVH)AnE-^d?q6*j)zHq(us&a&&Ms;_ph0h$RV9AWQ$N{`yv}j{J^4beE}iK(OY>O
z<b5&4;WBX3c7L{^XF;SoO4M^F6*AfOC9)NpIF7K3VY@>gpBdH<)!J9cNso<>;kv`m
zsS(BvE(1E|mxA$x%ZrPkZQbGRBO`bC##vxE!eNAK``9Saa_$)x_4ITUKPxYq<-Tr_
zovvp+LCmwOt41=8r10*;#MM;{h}O_a4x^(R!SOuor^9vgLSa)aACDk@SkKB2OFnaq
zP0Zp<HoIqfB#;U|ZKn_goOr8YYOF2OU^AW<qo;;G-nz)qh%sP6R*$Rc=7@vd=`nAS
zsE?SnEd8KgTol>8O1-Ukgu~HURc;s^79?|g!`HMVYq~=#aP%P-JV=pFoCh8h9?{L{
z=Ya9^5cO38vhlsQ(cT5gLqeSgXru*`BtJ0D(OU)iUCiZxTru5gdoshujI8&4BT)sD
z34|oEIS*d|G?Z2yp(EQ^<}FXf#IudX6n&XD5ll1)4Gee|;IMu!imEs(zz&Iln-K{9
z{_orZz5r4SE)${ib8iHW2AE^4fatPO0emVpAL#mL923<#CiGbQ1YwLG%$7d$p^<%j
z(Y#HbxNe(~wAC5C)|a|C0~8c;p0m*iMi9&?y9WBik*HNAxE+W=E>f#qrAfM^!Y8Bk
zi_^LeDCww;MCa*FtiMQ$qck`qYT88U!PzY<6fMVEHC>84ajYi2i7_7M3(~e?UIn=>
zCPJRzDOm@|888bEM)bvpJ>n04ku@(QD65a**i~y&Irm{QCq-7;rf(c5IwTKSlG@eA
z!D-&IBwpHuPX=uw7`utMeOMeM`By3k&3<5o{;Ig_PCR<9&HSqVsah^C$OOt&5c@tc
zdD@$zd4U(-zJN`RYZw=t@U~8$iC9Z1q1(w6q#S@*IccA$(m}fXMq&{?RiyS0jk=^}
zmTtP~2=00h(V?Srm|Yf$Bp=#~J&0pK1qla)>BLMhI3*NQvf*bD?5w(R%&iqto!6NU
z5{PI1b9yFP^ZpE0>w^NSzm?B8eQsXV_%6PUVg6OkWe`ixle6q~2}7NDR?B*1I1=7J
zBa*i-assnxjTGU*N#VJ<M6y2OPF8WykfEUlaz{zQHy(c<qrxar4nc1@7ot>|uoD)d
zNK@_hYDP4r-m0pc%OrF-E_Atk<EAp3`yb(xfrFA0%I<R)4`8xt`LlzV9TuOX1`fVf
z<Ew8RX2swC&%qHM#43*ypEoaXT&1Q<sV^1CodHIs5nI)M6v3xAG6j5z$IZ+`B(VlG
zO@UE7_oTf>oJ<Dk4{21U8JdNHG|eA<Hk7!!)q%Xg7$a^8<g>l9@)FU^M|l-mmYlGI
z3vs&`R!?Jn;b?C3$-3m1>K*Z=)aB*EcN{Ib<1F_|KW|Xk_V|^%a0+==134DI@cHNq
zgAiheL!<Nt<x9j`-pDJ(Mf)!le&OBZ_r#SWF{76gO;_8XV5Q#)iJ0*%?)!Mn_tUbd
z5Wk$@)VH&9PhbD)Q};da_%>e$)Ctzg!@&pk#~s1^O&BXWH&S<SpP}9#s=m~VEpz#p
zK3%)<`KKmP@UOO`f397XjAq!k`_u(aAJyzA(n`9;uN>PG>znj>8fM-c9C~$9?|C+<
zc*mI6{9OJs&BwD}ZA0d|SGt^bEvmjns%*%&(4XYiNn3Km-q}jqo_@Xa!7I2?j$TQi
zJaN2;e)=n5n(dpYh;aMOp|@+}35Vov{Zz&C$lxB+JpmSzO@Ag{q-Q71+;AOjm;+^D
z&Vi>AlOLDespx=A0eA0iV8we9WJvlvb8BtMZ@E!U4y?tUHw<r-8sAQy!$&LoYgY;A
z20NNfUOx^#Co&qidgAs(1w3SJqNCHZZtIS00^aNJ$jV?tet)v2!>H@!CI7%-myF^a
z;_7AR2^8iOgEt^B=>{|}`;g4|6l%<&@T(SU^ux!*kOwY+t-|#0{zX8<2XGc1-M(z$
zYHHjWCy}+cT$g?1qaPlVCPn%A_rE?auX$!x&WC61c-UKAd3mEu#&9$4Xuqs5_1S@<
zNV5+Jka&=Dags`t`P2mj+pZ1XbbEC-i{%pXFGPbLftcH!Q2d{hW^D%k1JKPTRBn3O
zqDQJ5qdSNGZdJXyGk}?m^z(DuTW22N{}k<_Fn@6OrHM9g$~8`!^YnG?Iq&O3O=ht@
zq&NqsF$EznFC=#+nZ6LQtdeFJhZBqK+!$JZew?93v-#4>%tN<la<A;$tO9}H&?5*`
zL%8SLPM)v8Kn;q)P`}oa;*xLU%Ye~jJc$78mO*LKF(J5=huw^#E)=o736CCn(sZP0
z!!L9Lt~)n{=>{|!zla+)7LszauI<eR$>!;~KNbNQr25soGFqgU*qBuv<Oy6d#63B{
z4-(-yil-qX7*hF_#Hj5;LdMEaUL~;i*p89c?6thLhEgwsUeMtwW|Qs630OzweoWL<
z(EY)LUi*rOujBthqJ{!&bzL&Ud>ax51#4?5ra`yg$n@?{(_{3dl?|O9&B)EqUu)7=
z{hkmGrphL<yX5k2zq>et=6@l9?5K$8;FK_C&RJ@h|I_3UvN_1ibyex1*B|eH2P`mQ
z=~s_w82M&wr)O9?e*CUxN(@2FVAw^v+ZT*ITf>EEk5jlQ3*~YJA=|WEq6Wf;s4120
z0Yrm)+<=CA>w)6*9e7o~+@q^NW%>23zdr`K<Cdxd5fg31<p>rcDN?Kx@hQ3HsTbHN
zX-Ut22;du+^#qC#T8BX6u{ie?9<dNU+nRx`veHAZ`G+G{K0$+CHM0s81v~d1uh68!
zzUbJx+p2d+mF$`nc<u)ZA#-Kv@kUkds;l9$!ULZ26<ZRt;t%IHAzKShA&F>H9v5#i
z$Jimm)|o3=8}E`jNXsO-9*g=YJxS3K{w_}FuzCX<x#8Xb64C9@i~Qa5(k>P+Mnbye
ze~S)%F;m5Z-`#-QEHw27^DqOMk0UF`@U8Zlngce1$Vnll6OX3;5df^dRR>kjy3-2b
zhWI~H`K3o|xI8%Ed^^mg1O_>3x>IsbOFUV_5x*~$;0d#+KORILl-fKya>l@2gUaWo
zZ{nc`7f1Bm|5i~Pjw&dQ2|Y}Y1P*b}86K~c_<(G|@-XMC^WH`yer(d<a<a_-QR;n5
z*e9fJXN94>6q&vkFg;A`_y3UEB#p?#i3Gt~Go(}B9Mz-D%!%h+z*tP-Xz4|1X6gsU
z34)%epaxVm^y)UY|0axkSF?h0-oR&(<q_G&My}JzI9@=Xwg5hZxO6gFke;I3E3g&|
z|Er7$!!#H$)u~Fz{e58|46L=Zs37~oqYNmn7!oGk>LE1CoS_SE!%1;Wp^jh-0L_d^
zDv{6}7tIihoD>D~NV=0MSI~o!Ir2=PcR670FyNtIA*eA(l*|d}E&sK*fH6fu6cfYX
zQVkCFe>^c<44sWdaG{w0HQW66D^O*Qz(F<n&`r$@l;$zc3LPhk)*42X`15qN_2Z$=
zH}&#6yGu)g0`{IFi=#5s*l^4sCpb02=rs~Go^(yD;l<l^E<&UkKEeo+<#AK}f)2!?
zPaLIwVg)QE)0Ku~ttl1$E3vwthp&do7$%#WSjI;-zER4uUFL&zbbzl^I6^$*-BJen
z!SO*3_J3d#bRSRza8S}S4ftJjKR&Ka`b<UiF|6IrW}HpJP0FtO{-_AUX(xxclU`t;
zxg1K|N?`Y$JB1{tB?60!$vdIw0u!1-hdkILCVja$dW<*dcJwkn{qm+pW!;{$IJWa=
z9oA)tv83=5gSj=HkAs8<)+lcM3rX}=00SOT(G2t;qw5tsm8lR*5!jrf(l5TEYIZjl
z;)<A00eJjDQ_EQ#U1Ac2<IrHl<jYT#iR}Me>`6DfvU)pC^V&Jt^(dm*o5M&6eM+lS
zGo84NlPh!=(4l!0rGxodDs8_)r+r4W%2lTSk!<|WWq8mVQJvS}fK=G8zPolSZI)Z&
zM94ydlU~GWW+xnrA$rXyl*@ef2_-<d1jbIzs!WP?ZYmr6NtL|7oB}^`5Bne|ZcLR4
zIZ7iBJo)=Lf&f7tXW4jM816=LIHq5QvsL1jj0x>a6SG4>S?2*yDu&99Wb`|$AThsM
z5^S|JG!~B17&6TwsY>l6UAt8?y^|F;_J&V<$fOOcWyWnkS`|a4e(+YSILIOCDlAUx
zs<$RY8q!L<cZq0kc8fi7BRg_NTHZ4C;nN~ZWnt9SRD!W+4dD}DD<HoMo1v3)b$RB%
zD;u=@YwvvF35GSK>w2_-uj7h*{$svjlf&nmjL)y5hWpvZ%fXdDJmCghm^n7NyUE}<
z+1?mE8vD;t*;o|vthi(Yp<91&t7->*@9a`Lf$w>9U1Hg(=lkZ%U%LEe8?Sm?-87su
zdPbXeH+l1emwBJKRmO!$)ZnhKw{B$=EvE#(PHuVHu_5_maM`ZHyN*xVx2f}0k(ckx
z?P}Mmdvj`YVCwznFJIbjrkYWLZm0($PSCZ^k4J``eAbaRliYJ(<NW;amu_Fj&G&9@
zSW6rAOYJZf^<xQyx(zNjf8R4NJtLj7cAd^=RK6^@kyzcjf9k}&bz86z4T-;;+_f@N
z|F1c<-)KYfGrJ%MFICyOooD5x<0yiL$v5vrm+174qVIekW0!`7Nar3q$CJS>V`~ST
z5;xUebcc@l8Ts398h>nJ>2DpDuyNYLz;Rw*XK=Ue>l~NgsHrW}y&EqCIbs5@*d7{l
z&UHZT{aRnN@nhYx$O3<OL~_#Pu@+)=Ejv|W>@p#>i@Z3!M*l&#RrRss%kplE$9?gV
z;Dxl_-5&sbwWADXSn-^h13z=D+F9Ol4*J8h<2R*8Q2v{%!j@g&Zkf#9LOx*LdCB4d
z<=pUsa?5(wZ;zf8niW18p}H*R-gV?t-@zKX`5-KEB+~m67*Z}SY#Q-fY3|K;U}mO`
ze9mkSxTS9sqT4#CWlZE_ks9ap+~B6MGdap+)bEpP(<hd$J#rXc!1WH|{|{5=9?x|D
z|NkAC^Ty_|&@8m(kYhR4#wIznu?eM|4IL1Y>S~+QjD#eK+LptN4h|JMToiIhkx@t&
zI$Uz4t3+4naQ$9=zTeOH_Iv+>y>Gp3bJP3b`FuR?k63rE(c&rqo$?m2V?msx)2bmS
zQj@f9Y8_;3FcSAJr?|JC4SOWxB&z?tV?u3D-=dwuZH)behn_lLYVnt?2vc;%A^_&>
z$%9{GUR)(toP2u@s<rdxm*>;)o8BkDZ44;ko4d$Hoh8->Oarw1o)!^#T7Dw|7LxF~
zxVk;@T!hY6e`4CT3?tElOrYHXNriIEa$mmm8Bcn`&Uep~bzRn4tr3QDy4)eX5O7yT
z{g@st_snZsclKMk7jWZKnrp?Kw}i*Qd!jxKfF(O>+v97A`U#>DwtNw`Us5AYBDflj
zs`>T0ywg&nSnOmu)A)NHa^0<;?kG`u23M{AN{(0E7f)of77_NI^&ajgPkNPiM4@ci
ziQ|6It{>PQ`J#qGGnihf94RWl<Y@ZfRk@Mco`Uicks2i^Ba&~qkY@LVM^E(Y@?OZV
zOPHHg@FPHz*w{fG)eJ%|<dcR3B$J|C*U2pd)O@a~I@b(D3}h+3Z~sbaLakr|B+&cY
zle+>Kh3{@<)8#$m6!`iEzxsR;Ldm5RM2w-PBO}(S&Xi2AX3OS8gnqnVUcPwkKo4RO
zHqzrB(E7tZL$l0Mj7|*zf#$8X!&yF=)|-mw^40qz9}CM9%;h#uLF@WlUQXQszo&Ar
zipq7dqs!mHQZ!$XE$hM+3Vup=>bPfF-&P3jk;hsZpU1J)O-|*qeBA~6Ls+5eke91(
za>Q7BI}kgyUznFBDXv^DPDK@^=8kMfI1HYh&nMBY>4V@@^BaC&$HNvZGp_>v$p=$W
zGN8Ec=}w<eieZSaoSC~!^BcFyub*6p&$dp5PzH4osf;s~*>L$+Q*$5gar5uRVGsYr
zbd9*_W@eZwxphm|b0n5^2T!^br$TO!2-U+(>|!n!h);x1=slpas?aF(Pcl%&w!X*E
z!~DllX#UJs;{E2(zu0Qgw|#zx2z549sFRu?mY$cjpqEeDZ{VlpB?D>LS!Go0H+~p!
z^kMR>&ag>4U{lVVY%K54tBL>VX*)^6fWIp$2FRN3TjxoN+5?x9w<zNW?akP%0hxKs
zBZMg_hVJV?usYJJE;TaTNs?M8PP0I2K3{Y7CL(m}m*E9&sKlI)o;Zw8WO|AyD~5`B
z)RIM9UB!mC(s{J*???ne^JN9uu2iLXKf}EM9k-1>!mYR=Gc!j;hOAJjdW!Z`z5Bl-
zLcLJfQU-UX9Q%=}xA+@pyuJ?W*<T=jE)^SIfzud#6{R?U>;GuO#~4phge~#GG!MvF
z8<Cq)1Uco;#2a8^x^gR&*6WBV*NB(iNOG?51}jjJjbv5*zv!@egT`GlJlBU<U`P@{
zEP3(wz_yTpRW8-}>PWM0G-4KeFmM3b2AhZB&>GV?s8N>;zUm<`a}OFM47w+vYLaFj
zP`DiKZ^bj*T{IZ-*svv51xO<pS6T_U@6AFRxI4iHIjm~~<Bq3N!EOXj2DV>i2owr=
z!Z3nJ|Fg;ZPXGxdh=_v!Y_>?CH~xP%Tmq+GpZ{8RfpynBijS<qQpmh)*o@35Ls^Wy
zW}FQo?KD=m;aku{b4q?ke^1Cf)Ue_syR13~RN(>VMWot{pw|2R80?&tOl4gW8wEHb
z(8ecH3wKck+3Z{b!4C6AZ~~tcm<?ZRk1QOOh{A<o&EGLFmoY_!7=Pv0?d~#-6MW+B
zJ4M!sd&I1UbtNhVfH1=9-f3{KpM8DzHCGJoQa}6)um}@u<E3`~{>qc`0cpG9#$85=
z)pWS1al)#>%7gOKg0c6NZ;~bsvh`#S1ET8Pa`x3_tb?JaP&Ff0NSp(AX*;*e#qcYY
zZ1|p0qLehdi!6jF97(0pI-8}e4`AD7oL><y_`Sb_NKzX?;v$`h5IFq2NJ5)tF%(w`
zPRj7WzRZkcCQy-+@^9s(bndZX2K+_`QO$~f|07f7PW>CH)%&BhTt!bCK5yeLqJ6&e
z+by1@y*dB5U9KEM!*m0s=AqC`w56cAOY;1S$esV_#Xg?k=F(M2p2zyjEOsW9nL-y%
z3b>~yUA$EMx0S#jU{pZ|?^guw7S(`CQyjJKp$96WeM;FYwoiuYX#uAr6oYP)nt~im
zaK}S9EI8%ULAxH|%l2*(NxsBPYK)(DL0c>2c=APU+YhM=$1Qj35!VR^ebv;^jOi=G
z>sk1oK4wUFM*6*cmcxFgH7&269vqfb(@zzvO}b#sD1(wPq#|E!Z|g{n4pfkKSEiD;
z&T<w`Pqj|!)lH-}QjA~ESc+Oq=5A~GFd#?q4fT|@+BRFG70R6}MwoskmBU^I=OEp$
z>}0hY6OQjuW+k*bPZv4wDpuuRLsl)#2<{ZboN)r-atm(+7M2|8n8X;<ZQplnpY)RA
zq0;Lx+q>NRZC2(7QUgNH;^DW}t)>SsMXnnuCZRE_((bg%-%FX%w`?b_+#@JiRSZ<3
zx}&0kPw)EY$0FKO&0!%m`1&Ed?(iVG<-lhA&;3WyXX@XE=&tszKVKiZan0XrVh3+8
z5fu3Ce~etQ*_>lJcf<1X<?XQz>F|6dhbw6vdqT$LC5nH^0_*U96)K|NB)13My?)nX
z5%?W1;ws)g1^Uf8Ub|2Q*B;uWPSIQre(E!Ed2vqZ1b-;#ZJ{GQ?^AF}DvS$z3eXj0
zE2FWP=W`Wm4vjna>Zg9&M_u=%dC{1Y=^^+{78z(mD?*F}9<eQ3hqlI!#XBa)F6QYz
z6>MTxhH>51f-Y}!>Uv=LLi2ms%c@vY=+Y`ByKZY5{__6RkVDN)WhPw;b|J~_1<^ds
zxM(1uTFM}={)JpIOUj?`hwTlqa9sM`!=^{r+&qZhp=|NMwIGd)|7WM}&H0P_Z1=K*
zrAgzr125S-??^xf6{O`rSh6$8y&cR@4?na$?S|t1MXaSP@F+cHC*47F1gXV%d6cQ;
zo@4n)7N53SG0#bSB5M(K-|k<F=u%jBne9u>(j?(56pZJV(b?jjE*SAh18~MbUecKt
z9$?&Z>buVZ<Vmh>!Wn>a>Hc0MUxfS%>3c}7$W+pO$`9~+u(3x?!MMU|GrP)pcTVwD
z6JG_B=c6=VX9qgwS2|Z?42PYex?t>dwT;Tb#v}N#oGgo*oXsAVJ7gSLki}PShX|Q!
zs2J!Q7xeI~%v5yGU2)9XZgJnAMJSFn7Rr)4oJMt|eH}2Z+yA#GYxKtYi&%SSRE<=|
zu^znMbQ`3Qw<YWzsLj>=t)RR@-%xQg@C+O0jHj|UYq^9P2M3r#Edi_Dp!oyo3Ld@v
zIMZ%%<#1xmPNm>?`_4bEh?uu-x?NIUChB=5zt`50)|RZN6|h*O6a|bf2BH`Bfcvi|
zYp4y%h})nP?9gIZ01Q3l>8Vy{)NSsyf?e0vewpm;v!3&OQ?dGPvR73*Y)Id{yrUno
zMbMGPak?n1mv+Op*<1Tf$C2k2(#ot!@yBnRrb3J44x7x0^8og<_0<*=EBT<V!smn7
z`vK-V<dMRNg|v)v6zDn3d3k0nUx*$Jhwe6UKPA0GX)f;o|7#&}3ffS9ZL{_J6(wcM
zm##(BSM}mvC40%qg!OvWr}W$zGtY{tJ6}gz4bOQ3zMW6z_76TpeP}e;bcLJ&XI~{Y
zNlwP6-QG#;<7{haO9t~UTkR40xTpF6sb^ZoSB)nR&(g<_QuQ$@4qfIsRW<oSlTZ-E
z4h3&6dWaS3X8BwXac~ZaVF<UrE$vaa^Z=LT&b}9({5d5`yY;~w0Azf#O2E=@dN&A6
zKQ(2H6bCONhF;!drWn2J0d2$xqdIWI#H89_1_ZRl3uNFEUKL9x0|nwdn^C~wPl)P;
z;j>geF#~QK0~2xQ?HhM`aS%TjaHyxHL@^`;1Asn;p7Hvg`smRcL1W;ReX%9QTgRfy
zrS69$7+pUh=`ocSYAPwE0V9?+s-wWU_KC1yYbq9U>o2kd`cp<uE656%15fnRRulN2
zC?i!zCJqR?_mb@M9nZBu08CD_>!kZM(ytC_BfJT@dKI9K;H!0!s6eIJ4$>z`O1HDg
zuUCCdr*2agQWqmc{V{a+yv1-<s0!6;m4I<k<|k>>J#wy5!sC+X0gMaL7>v_vCqPZ!
zMzQ#K9#w4%l<lyFv`*m@-KMy^w%Fvll`y;Nu?h47vWBX0K`28jP>ujZ&Krj6gWf(u
zJcrA9lZ}-M*;E_k#h@so<sn6^>#zz(7(7H4<$yaS1cxx!TgZojid^G(u6N7u_ae6^
zltz+xwN1bZdQYQt7MV+URSRgu2^Q4j6U$MmVZ*iSK)Q?8zSU=J!2fUYF5xgs4YOSt
zHGG1_GFOtp6SOJ9d7h<E^ZBr63Mxf`;TcQXxQ1{Hy`~?Lg##6alq`SJJeo&CrJyL3
zFdj-@2!jKiROFD#BA#U!wGnIxqF=3izmnDedxZYik^`JM|Nmj~>v1$@yB+1K31tLw
zo#FNn`L0j#B$m~!Q~tY2#GUfv$Mntur*J4$fz(jN)FgAAsd@2RWD@QX8zRrW5fsLO
z^0|jHv_W4OmxSz<YE2q~?Wc9cFhPV0htm{tSiwdk@S>zcEUU2Zui+&ssBC3rZ*8`!
z&yBm)Bs-i{Bi8dMnWU;N$lOMvTye5dfe>L-gJU?{j3)oKmsBAZhcd@Z3ea2Y?86!j
zI<FdFl+QIQLlU33DUaThax=CfDbaZw<Bf8NorlP05|j02HKit%d9((|5rX=Q5fIV&
zGV%aRzljzYPOceb`){y_lc=58P>{*i(;L)NklLAb4oJBLSH|g_%}IhE#i!SL#z?TR
zH?POAkJht1a_(~SVmBSqN1Lj>&)kV0L5t2AAy0R`hTL=}+_|TlOzRv!R@%*UjbUtj
zJ%iJEGPDX7pGGt|-xE#1(Nz&sb7w#)X);BtU~Gh(8+#qSH4kqqLEOF|3%hLh<27SF
z)3Vgx7#`ALBygQPovK`YgH?rIBfs~%L_k%KO3cDq_jgO~YbGC~>%DlbEapPLH1oTP
zO_0gP0W&$~LXo}Q7?pFxRQAv2I$8cYU%yv0t<%t5l7_N<8L9rQquw;HoO+|@_n)!p
z4Ci){__DVeE3gTojfPdooVn}Rq~CqylGc&VP%0G>I*V&`f4Nm8Y1NP+z7WmyV>*tF
zgk0m?l5R}=E5#?U?leK<$eWYYzc(olR%p_Q^18J9cG2#n1M40VL@mPGgx`(jCn3FN
zMndJJ<-UjtA)-fblnxp0vjhLwPFq-8Yo?ktGC__6K%JlK{FF^0w*}hB&|O$)0c$TC
zsSD=yM|@-LDO=fHzSbV5?c0fb&Cv-DLXp86dtaXwYqjT)D(sWq+$WGXlN;*xjx{DN
zBG%RoZNNW3L(RK;0(PWAb8E);_rBUQB1r1DE57n*_HBI_>v_uA<5LLOn#cUCv-5Yj
z+FRM)8*Z}iG*StQ4h!+$S*b4vdUF%aAC0LvJ>5PyF+AfzfpoKkUMD}^dOzItqA{-j
z&}~`Yix-5s7aOir?k{Z1=_`r&V=N{#VV%1s#c9Y=JN3rL`<9Q0ew$5Vp8DB1?VtOi
zw1OImxoJNfVZKH-bb0%gOPV&i1B2D)LMf)9eL<g7ik~Lv^fwt6J?@FPm3XGv8p1X6
zQ*nAXYB*UEXJ*P;OimdI^{a0~qSV6-v@cyWFFbnEV>yR_Yx}dm;M=X|JLxyocaHI0
zW7}5aUwHLeL~a^D>`8eN_@i<a<Ud5Kg=cpqUx`r~SRILXTx!bPso!p~%`)JCZIN`X
zUqf|rW97cziai3Y`zxDFljn?r_1<;qejYNYI^ejn;x0&+G}mnqSP9kG5iOHDq)IJj
zW)6>nX1j60s|HzTyRDwCS|lh<sktzuiSK#3!?H4?Zu{6*1>fp8vFmb;;dy8WcF<9S
z8w)@@dDsoNyF>H0v_`ZVbadk8FKw7yLj1PC>z+$Tv9+${#WfPry!R|fR4Fcw<n`fO
zJ!MTBrk=z5lnL}P+Tw=}rDsvaUH6P8eV%Q$Pqm6WNRX}HXPZ6^Z~eznqV&w<ii`vs
zAHg^qB9&{auIP7av$a}j4z$3G7Yx5A?$<!t$+O~omKW5@M6)izU>{EB2DfJ*9uZtM
zqbNZot!TzwBJ&<-$MB=1Jdm1kK(f`>&xa`@z>4ml-M1O!faamJEML7l9^*??=MY2s
z5L((f_ca~Ka43sklT6X=98p6hbxY!-3!n)NN=&W`iJ@*>s5m3Y)l(1$_~gn2&CT?G
zA*W1sGG=DrIskE_^~WAmd}JPGKbvH&iOP4v>2;5(sS_f#F9EKJ>O0?i4fT`euAZDk
z<4w&V^?-swPVaXR<!a7wxk(0pEalPVgo5%wQ0|jI$qNY9<zaiJBU1}uF6qPs*V?*e
zoE>a;t-v~*=&&G!_y!;xwrPSr6+N>RXo7B~Q}*G~L}PoU(_osTZuR-n8ZkLG^V%pa
zo^k6Rg}-L1X^RkOt+XTS$b=5_q^`A;G0gv)*@L^#88$qv!-!D&>ZDX?tns4nM$44@
zaj!FeqxmifJ%^lx`iA<l_01(4lXJ4*k7TN^TzpD{87~dR_q*`U-kSH;faO-F^BSYZ
zO3D__xVZClr<6naZ8pGz8PFVbd`pN}x=kJ2l#9vaG=8d6?Uky_d5|O|A|h$wg)$jU
zGHxLh%mt}@A&PsSMg=pt)P)5odS>SesqVnGYJ@#Xef1biPxm2H$0IERzfAYI)%6Kb
zZH!4B{NfN|0qq5av<`D>zryWOt?YD(7=FRc#oye+)TtDmqahPo=QJx}L^9#YljQh{
zjsjoAM@q~9OIENFhD9qn-C?t!v$aJPQiF?KE0ma5TgZ%y<vx0LNAprR{2+f|&^fyO
z%uWV>s8*(gz2hwvYibDLJG!VP$dEENMaf9Yx4k%4D$8;fU$U=9)w`w0HuzDgx@p&I
zirk0@CHjsp!catl%78HH-3p1;$DrMp^zQg3B}pnRDD%?b<%1=tdr6%71tF{LPD(Z+
z?|lsfWdu<tb`ZtJzVFX?bW?1<N!P1OrMu_istKh@Nr^)Adn6g8&e!N&B6i*qoI!9S
zZlm#gbO|R<TCj1Jvuw*DWk`76u_CHVfuvghIBQ09;leYzs)Fh`)nY57oUZz0L8<J_
z+Gcb2`a8q!{XH0e$$mf1rMP%0@4%l6LRc?}uYe|DAyCyge<5tSL-oE-1+f^9qM-3(
zl$<$+=Ycee9ZC$BmGfrDu*M8gb{@*GB7Z<hZ5nuozN4|q0u~}m!g62)+kRkee2#^y
ztDz0oRX{hIE>kES|5==orI{rpV<#92vPc-^!&f6$qF_|Ds3P}mbPW!n5cD5FqW}rd
zYFDGkp~y!Hg}ZSg&;*YXZtygP<w+;=bYuv^wtmQY5xS>{D1(WIU}&_8ItR*|5xEn5
z87h0EDE%T96+vZT{x4evW72^A2Mg@W|8W8R-{ZeN`K6J_LWxvh=7(zi>Lns|e*|u}
z-`Uy(<nspHyUyWa)jOCsSBl2YB&gwuW}`hUjs3EC{!JN2aNS}Ant69qGvNtcafJnc
zwF56Z3bD?ZK;GN1%ZM_4B^wc`EV)?&eQ*$kQlM<6m^%^ZOdX>I$O?;R86h?M{0b0@
zDCmzvm~9+$^zQgPpZJB+?rTm)EZa@3^D@lj3N{K7v{|SYJU}c0vltb-3D|4CWU!go
zc9?S59HvZO5C!R6qnwTOBMUqGWrDU$mvELyqP&<t&leyJLvhqg4+#=B{ZKqX&E^gN
znmKYoW;WO=v3NcKx_#|X$typlB;(%!v7gy!pjng@9*SP;Eg^BK)(5dzR0@5-!3f>r
zI=qKKq3Jz7xDbuJb-zN?JkPb<&_gNF?d*`WI>-bP5o|!HR5pU4sTrX0ge!P+kxrPo
zOhbR4uvT{ggFVTS7>HKs2kNVDNzJ~x5bO$H2(nZwMqhD1ti}s(Zy!OTm1dDtx+$bc
zD%xTmhJ!dlcn@9)N54+cdMv#e=SiMa)uq43@cxRsL?Z}HG-|I0Gmu0g=d?cZURlV;
zZg<3AG{GgQ^)Ws%LlmZ2*sW|_yy<5q3p(j3F$=>C`Lb^&T~^kuHXMFUI~jO!1Q$Nj
z?nJWFyC2jlx@34S$;<3;v;mq~@UT!>jW>O^RMeKcTs}6;ur_*344~iF7cJ8+TS2>O
zoF;tf;SMWd`~vsHGS;5)d+_1SERW^~qwDVT<Bz*RRO6_f(vAC0{iCNWPq^L(q2ikP
zt#`M{hy}h#y#WxK>e}yM6L?5RpBQFb&*>cABqFv#-ji+G!lLroKx!FO-&d(`Sa`~T
ztU)Dat#HC#{S<pIJYDM{2oD@MHDn}Aa-F$Q)Dp=I?q18@D!IJLI?Q0PG<!|u9ej7%
zgQcMBu?jhA3LfGuvSD=(dw5^t((+0|el4NoXti?VU)6Ktx^2e8qyKnZIlkt;;p{~5
z>r0J0x4Rlx13n4-dHi42ji7wEZ;<Fm%&Cdp^>TjRx-a5>9j@Z9<c`R!h(DO|3r(q4
zT$<!t56xSWT6SGnR7I^g-^pnFBd{t5-rmjA-_sL4@-$)J=T|3+gI<SzPm=GyOVKb9
z{!Oghe(c;boL@0ztZ=bb`_kEsftw)?|5V&kQ1Nd|UWuAj-BQ;fPilI6Xzi{O1pUNN
zhqh0RuL~U=v3BI%BawRT%TF!rLLJ(773d#w+$xkeE;UBy+a4$O#Ai4FxkK&GuGOxI
zER8kyocp}1FtsxC^l@c*MDw=lm#5JoZq~uEz|bvu(USfn;HHtILWWJ#qw%9EO%2pk
zX%8qRT6eCwo{{@w{M_@{8-}+rRq7ME*VlNP>D?9I`|}5Lqwzb;)C#9wJf$kvXKJ<F
z`rKhs7dh-!EADDQD7|8nHa$-Nk?L_&5%TJs8O@!mY6-~vd1JH622Jt7_V(%qY}&Ul
z-GzmU+<gUYAK7-_qO`Y!5Z6bK*nJDX@J3c~ym_wE@i)%_eUstg#oHmjW=i{7AJuVw
zQzO+)tr+;84q!z5+1jE^=5{*%2-X}9_csfx;B0zkVKg=We$y}NOtCjX-&#DvlE2H1
zb$2i5(E#Bqb49cy?wOL)u`yr2dk-DI7&SZ#tvJDQXN0?UxB(}&`hk2=r>1-@7Vz^3
zZ3p0VUu*QAr-`h^9!U}ieiIz;1P4`ANi<MC_DA)tez=*ol&!l!5AbP<tA9!<_sZ2K
z2;;el@Rbp*fEy8DYj(Nx&>LpTn%^XfPb_mpy}s8|Q~bJ?M@#CZn|j@70iN{HmRs5f
zcxuk!Z=-$P3yF50NFc`6&8kwygWxwmN_d?gUSCFJ$lnQSpkrX3qxdH0T!fN^w@q#H
zqdmRs9{D@$leI#8T1IPcLP}_C%OgPMgN$Z^V&-A0+FMdbTG!EZFcBMb4|a&KMhyG9
zpyls)n#*9Tcfag7Ce>E=W-8slKfqk~r0OAGlc*VkrpxkBzhTe8ufaM2*IeT?-qe%R
z+8tgt*5}tn6>X4N);eUq#YoCKGIeST`Z^wSEX}8n7}Y;psp%<_6ZMx-fb6F~bU&Rq
zzpXkd!A}-;F8u99xjFD|&&8$g3^4cIHnx3)o>%5t(-TMP01jzWkeXVtOa+L)#VzN{
zk^#F<q$Lxo27P|^>v@|+<4_N3iW!gxS~OOy)+z{lMUMH{JBPnFDo!CHXkUSHa|9eC
z{JDq_RWTXe)5Br<O=PRN!IxxY#{Gm(AjHU{1Lfz?o&YYFA|x)PP4aXYFn2uLYK``c
zs7j*LoG*QG4ke{7!k7C1IY;)iOFMv|*R3hmb7)edh3YLOtw!T?C*KH+pg;D0cOzSw
zJXm1)LrwqaKy`0%azjC_0Ot;#Cn<GyPn^qdZ1t=tW#%K$edjx&)?w~_^P+S12g2n+
z=M?CIZBkKzIWL{=fhhJD8Dc@%WEv`7$&ge3);5D!Lm8u3#ysjX!mKZ%yBRgFU65oq
zB=a%9@o=Z}%rz~=hxNd&;4Y7<3wwH%Av}5Za0RJzyf&C>J?kB;Eou|Zl~Ubb33HN!
z%ETO%#0$zOO6--3SQck?FBaCFag~Hn@f0x`fPtf(rYVG4T98pb^Z!EZ6bv2-FCsKw
z|7}RB2MH_4qWT%nJEg3!(IJG*n!PJ@^A%v(VT>RM48R<oMIy}qg=h+GfwOrd+s#=_
zhm?@el+nXqrK<P2RHO-R&8S^7^1^)0?IINg9jc1$1a?59M^mBk2tmuFgH+#1kP^Bn
z25335({vlcUx~8(7=eZ$*brMA^5?te8N@h?H@uBq6n@OS_KcK-LMg*wia6Sw5b{_I
zE{`-8CQ}K=igclyzRILQ7wsYC2Q5iR@dCeOo`{T+>L?nL^P;hK!eDgL={3X#R}2F4
zj+f#ODw`oZRS?^{Eus$-`}EO}4#*PK0!&#_8DvLMFvD&}gry>X^&5bL_CKB?U?&28
zB48x?p95HoDF6LRodmr14l-C19YQBb)$JMxS&;ifbeql9On-uw{U*<=VUSh&ue5on
z*{L<bfjXuKzf^nHbU!EOduUUmA5<89ZzGe!O9Zgc+ib`mgJ87OyZ$q!cdn1I*4Idr
zYdA)iW~p$<+&Bg41`&z}xwgQ@wiR&`OwmTt)duA4rFntkdm5wj1B;n7Qmh(MJ)*2k
z3ucB(azY_n_wS{<e@WtvVJ>aM(Ui=WU-kfAkF=?d)(wU9FoM%KpD3z6Z(j)@iUet6
zQof3am2owc5k!Qwom9Akf!1E*ZYkH4ZTvVki*#*#S%O?c{lwPJ9AjxiPgVD^ag{)5
znI_Os3M7JrbhTj{m2&7ljk5jxfXYel@uGSkcPA4@GGv~+9{t$|3(>>udh+zzC)!Q~
zY(IlLIfB_yp#u3`C@4}n#%8O&CrL;RTWQeA9dY^wtlc5Mc`_g)3DT1a_0lpLg{uE{
zgzXQ08{icxUQ#oK12Tyg_Ejb`M4}_uOt~dUMe>6f(`XAuOrQE_!gqOR_m*w?mzb&S
z<K}OE2inJ2IWfhDaX&wuAa8xzk5z@}XOY%+!=hm&j_HzKsr#5O*6Q*Bz943S6<Ddy
z8;3GNO6*bsv#HkvGorRUf(8!Td*>;gWA`tlbs#f{4}D2LW36~2GJ7PXTOnbM^m3S8
zY%D!aYG^qSZ+Gwae)`^@tY%CtmXn2#4RhmMajyM`k^gpN(g;_(vOQcMYzHs?L&_JN
zs}rh03<)e7HHd~h13_0$Os6-AjWz7t(W<9vf8eBdnlSZDGvEAcHk^49wD#=Sms$xg
zsUgK}ypT||Rxsn0v!UC09G;ui*rU4RkZXsSl|$Hb1*WDN_3C?un54+7*Y*HQyf(S(
zv<}BgQ7e3PgmyQ760(>EtNyN~y}6Ls)ucIBRC|T=K))&C$MsmB;K8RM`;z+~j}FL=
z+COE@t=sT*!*Qm_Ix&8DAZGKLH3x#)N7?v=wwc$Hlk>Iazk6iIC<!XE3d=lS=t58D
zKC$a~aI@WY*8|N7#WPhaDU~6B)2I7`$~*4ga5PA9Jv#kkaLU<{QAko>n7-pr|A>Xa
zx`s&gciYci%Ff;0w_vSSXobI8o3G~avHNpD!Rs*dOUzN#==;~M;&Qh!xhC9j<6NWh
z)F(-WZ8Lh$<KA`*9dO>ydtswVf9mvi@6AF}ahLY)#ltUk7I~)*l+528(P$t(nmhGF
z`%Y!MZIMIa?19a@3SI8#e=;oDTk`zK*W?H5ZlH?(g=}d!V1GIb{B)<QExfNBD>rI+
zzkc*hYwDTGrj<0sxacPi;|dP{Xg=!dXgIt3a?~7Uao}@E!P13-O32Ms&h?e#s7S%R
z`0$j1n7RZ*9iw%dek*vL6HHx=lgJA<HFwU<+}(*!3^Zx-Q=cw<x^pBh=O`+3<=9wE
z%ja)dr}P4C<Mkm0oW{ngs-Di3BuVX@{x;6X)S%I8fazF8%`Y3Bsop!Os()DbO!e^G
zu<j{Eru~-ZX)hY1{R6J)41WEKTs!-@Q>ca<%a%Ulr_>Zf^KxRXaCz~^n_ahs7}bSc
zhsYXVYzzM?iBF?7=zuj<@h%(Fa}n?s8`De}f~h%v6eaqr`!XR>UE^2Xafi0N*0k=x
z#!VMwwO7N7*!HJ$JhqVHo`v?M*GkKz-8;R>18Gsu!KQ?swWikgQrz-1XS8)I6bUl&
zgw=7jorCgD49%BfR9{=8!aijj%a~KFzOY`{7GDh5K=47g@`^`<c0}RS@BQGOOt8K}
z58_w@>k)CwC1WF55)RxJbRRp-<9hc~^XJ|u@sEh(CaqN!=S@xP;^3`MF8yGKI){)P
zLbU=~o^+pJ`>GRjkfruE-MX>lS-`I8D*?petKO#gs@faB);7^gr+-tvlBxNAOSP}x
z5IJAmlPUbkua{bDz)IO51itS`t*NNz&k!&uf;j93&XhUmk9*<ulOW-Z1S>(sgy8Ey
zC_&$X6Q2S;u~Qrjug*pR=<>0manB=~M!Q3ueIXa;a$26<TThm}om>+DK!IP*>URP$
z6L!CT2H3uGMK2{0z#pz)NWRiiX1ZShG>_rN`VR0-K5Xa#?*ZiXdM>!U5-%!Cn&cQ|
zSj)qoaW*+=LYH&i+Z<f-38nJV9-O7wJJZ$3E?9fr%I#d=P~b~~RIKG&)<t?)5z{vS
z?|6>ILx8=Rvq<+z2rxepQlBHn;J$)KPBDn-QhC(Ogq8YI0DuL&`g;MqqB-wdE;bPh
zs=N6{;;8YX^!SsUClN(3&?A8k@jQc<JMb2eOIp8rFn(*y2h+bdCIdNHyOZhef(Y~S
zcztgNFp*Q@Sk;oF1-E&wj5Da-3+sMKLS=|UDR7P-QT-Q!uy>B?4lYg!k5?uU5Y7Rt
zp7Ene#r~x74nT&^SfP(pz4#Ym0?9=?bYvQ9;qQ?#c?cHsD^YA{w~-ZK9;8sfGKtDe
zxVNFqoch7#0Dv7RG#hnn5N27c6BHN9*T=mdsR3F3B1i^Xdko?t7d_syLsAarhy=0p
zu_qk`LG!KP0|7YQ2;x(Q+r}{AIc4}`nYkOhX@S*+$Nxh|oz*D?@nBR(=0dpFR)`SF
zq(+mVg7pC?TUaTm)<hxJj@B^CF?*C5VM!G>na0}7dDs*d0fvN;wPR|ARS~Q{$7pR6
zpYcAUFntD5jGU4{abMyw%*?X45@7)~wuo<aLI@Vw9~vd12ikObL{c*Gau34pqKt=A
zNo$gDW2=UJDs5Q-MPu5CT#c7K2m-T#jWhbgs~KwiA-zfqr*yRlRpX6UVtAe0BQ=W4
zAYOWwM_r?pFGLxV#E5O6mf##SxIcfZ2b~vlK?cpleI@im#?LGW9WqX^5yEuPMj4}w
z+WNYm&qkCD{4T43?8;rHLbUJ7P#@mh#(0Y6d2cUKscJ68ZbO~Nm@tc1!Yr8X_#K7~
z^vj4gf=^`_O(6IT!_O4%(U1xP?=I(3?q(!}aXJbz-J*<06YbO{;WT-NDagAV5POdT
zG6_u}=A25=47!s-^-g=tLJReeF}EK#ut!UBuLEylcF`_Eu@?!Og<7nbW<(;=34GNf
zL~h&cCtBdzTLj+)5tWh!dLDA9aAi?Qt3(tp$r^GH(b0%fbx^JBC_)_;Q=$Amv(>%c
zgb)T93-5wR$p0}b0c7+4uKoUNU;6)7f&V!bjKv<6DF_re+}9W85u-$Yl>YUi{OKf(
z9emyFD@RE6`Kpzv<esBer*WWG$|425`?#4;qb)wmBkTU-evIdl5zN5`j$n7X4EgO=
z5#d$RW-8Uu#jEZbY32!9v4l7QL9ui{f216mTB02E5!G^u8=`5ZQMD>{71tO)Z3G%l
z1gjAiGgzXm>t$jsj!$yqXPqMpUspH7)hD~yxXV%651A<Qmp|C5+4jT6#FFs20TGRt
z03bfcec(R_B-heqP@C;r&Wn^=tZ}SB-eoo&dS6+(QJPDGTb~#P1=A2W&?~7;k)B@Y
zkUY5%FRAzlbk|25ZRac!0(Uw#g8Mrji`_kqhQ*<!5~WSlq!Dre-qxoBiv>UjMWN&|
zDBl!Z{nce{(5)=PV|H~2YIy2gi+c>EzA6JukQR2UJ^ZVa<dlr5qc=b*t+gv9&n@C;
zBJP|QLLYcrqW*=ft&rT_F`6tGk&n;ke%~H0L1;ehP#$N(gPSG)LdaBgJ<8S5Rg%T}
zbwj5aYAbm64k5}o<s;R->A^a@sc^$bYFwUzZz)^B0ip9R<fIRw=3DAhe(?^0lv)q3
z%tnT9?v-)$EIz!-$DdWqc92L9NBYv`c*Lz~ueP?9Dm(uMH$<{B`IhH-sinjDKql+>
z#u{u~ySNd#0U%i>sKE~q*zR4dvEqi0h!LvjHKw)?qbiZArX$u-b|~NDh<OObdsI?n
zP_F2Ll}H5Lu~4!7GNkJvVpIpC=E25yYq`=k)Q3PmyI2=hgioqsOi!kG+}dubSbfT#
zdG&_gQazvbBx7Sj5hrfU9{=vTrz|hNRgiB#HrBIv&=*=hSL1m}$2{z}8ok|#`?v=e
zDl*1&Z>{cKJH|{B^RTDyEf^K9BfiP(vb!89FzS3Ns~Gp;L@2D+G|nimJr|-2GY|=a
zRswSzRrP;_v(K}_-=?i7^DACFZlGyWx-+^RvN!u(PW#6$L#lbbr_pLf>#X3F<XbB=
zyX^IN&cypL!t>qr9d94xbfj6ohmmS86pJ$r-?{JM1nzqI_U|?KVKc9YGxpl?y-i(R
z#*B(H=dJJRr^+F^O$i@@Q(u~PL}qT;_7<bE>H6Km^2G};p1csv#)cX{Tg)-&wm!sY
zxl(DqFX9kkt@2i+wo}B`N%)<!oBoAF-gxnXEp)L=ou4)E(16j$%|;Yd@1On`B5S*0
z>d;Pn?1z`VJYGHslUvws8#&<e{jUqVjvS{@Lk*7xITS8Ec;aNS&1}`N>Q?Hmf~oob
z`($T>RCfM=_0;#<XSc1<bM`1#xAYI(U+_9BFm>dB<5F9H=gX~wU*Yt&o?>UE$N6JB
zoy#8u?a&Z}oO#3=<ZPnfabZXPB}lt<oOmYW&~<f41*L4K|HIhD3zUY&jIgw4=<NwM
zqna%fr`?^un$^!6+%$(@FEQaw64L$<HvSRie4y)%tcA3xYoQ{hZpt{}n^-*MdT%z+
zf_g*Af*!rzoO$EV6*6}!`6*5QZr`mi6|F>e?6kr&xLg-hX=|e^%0yl7#y<v{Y#HCC
zoFQY{t3R`Pza$5<sy4$4-(rpHMe2Ip%WS*B16<~e1c*e-V_sf*VKE!m??p1zpS_Qy
z?geMR9dS{>OV&>vdAULcjvw`S094$kntw$0NHlfrqr2b0>%fm}`z;e6#WQ(3ZYU*?
zAJrYKcDXI<IDW(R_kmw_Dag6aY>O?=n?8W2naf#gXXoH~z{7|&JewS~Zc|-kNs@Af
zYV?rWfoy4#x}wIiJC&!u{Vp&w<CU4LQGFHrcRAuN-V%5wvDansd38|%LVSN`Wx~SJ
zPONiGTi)hjquL;CH81TJiC3<U%Nh6$&wRF8)U4}+Iul=Y^&JU!Ow^oReL(9(5rdjF
zbU+qYs5bC85Zu_c4<bO_rNP7;dbFuh`IkLi>A~!f4r3Ow`}-L!bDLQ3@}|}Ro4ZLX
zpbWu&mcyi+M9Z0L<cj{D$BEzqoBZ6N(V%|hmTtF^)GE@|3!e!O0WHUJT@0*FW_fY{
zTR@89-5De$xE4=tk&!!cVMzw-s{(X_2T?2j^UdOJ&B?P)WP@|sP0E(yPP{rNUVr@x
zT_^b6VV4PDaZgU}ee%My<Kq5;&a6;(9<u*@HmWN7&blJH{995NDD2GY@v_W?LB~OR
z76vp}fsQjJ(OG8d>Fn(4g?#b7N}zA%e4;R*A?rn4KA=Bb9!XW-a+zKl8hcX?&6EH(
z<Zh33{G3b$^Bq7b0h76qa&+vRPVgcD;}(%_5~^+-u<|QGr=PB?B+S*Cz$xX3dqhua
z=<YXiay7y0aL6x2)LM!kSm?bMlQA1-glR*hS?kmbPu@R4x|D|c-Fq`*B<ek~{S9DG
zoRLLJEH6>%eqB3|<b^aqtfm3>kix$Z&##gN%+3V~=<NU(afz4IfgcQhPDn~>Cv_AY
zWUIMBEysXLJsGU#H%b@-%GaW|ucH7@Dvz5yl7CkQFp)sE&_)oP#?nwXr)&hFo0zL9
zmIB`LsgihLs9tN=<6-)wPx^4TRQ16nQ4+~^GGp30g|G~&HY1Z_7;dgEoIarK{m%l?
z`Q?~g%P8U4NQCVNx(|;(oQ03bos-mp0QZph9QThOS6Aqe1|i8NDF@Y&V>|{ezbC95
zfT9}D0!8X2)Tvvtr>ayCa&{P!s`Z*tJrfPaNp$!1KX<3lE$0-mm>)D<ZMuD`LV74&
zU;YKm2Khp~u6mS2T*#5WINL^5y&)rkRwkQ>-$+eL8^t6DOBsnEUGf$ZhBk&s8Z|=^
zX&PhDlPH;zF$guC+MWelKRd)!e9}cHJBYM@l8nZR)Ie~M68Dk~LCtaB@0mAtW@3+u
zN)Z)=yU{RbhMKM@N1(9{w93n&)+yRP%M_<)A~zV94<&Oy(5>qb8}7{$EFEmWiX0b@
zO3tCXG)?y+g0xj(P-;jpqVNVo8A%v{=3B``JruR4Z=`k~I*<u$7}}f{r8owKmnh-b
z9z+>I=#ZlFwjW~8RFF2&HI(zHYdc4fYp-wsw#b3Nq!~fM9PGbMpG-6z{oeuD|IWew
zzYprDOL&~y0Up8)no+8dK7I=9fhnZ{XlTV)(A5~YeCzbmf0UHs6=H)=tEx5gj1`+6
z<D$`zyv;;IZp%ccUkQ{Q)F(eu;`YZ62u;3>@>`(_UIOuCaVoVFrRk>9k0BZ04w6Mn
ze;|NFkrAG_Pv4h`j4x~kprSdc5Mp31RS=hAb&Xh1O`jJ=6gU}4(QSMd%%o#<zVI3T
zpC!b$I}T)CgOI@BdVipLJ2xPcZPW$Oh1n>LuW<m6zN0~ABuLl!f+f!xZP=-$j`Ip}
z8Np`m8e@9%mC~rY1)pfB#6K1qaWDAS=gRXlHX|`7&MtH@5Qmj4Xmmt7><k6@0O!He
zt|^9i9~*)Fs2-`G<CpYqNM%xW#0(^A3(6u%J&aup3)8+L-O#oLB|OSO$VJV*EVtKx
zMbnS`XyoVF#0$7N?=@3N=6n0$Yh@h&nq63>n07CyAmTfWpBr;W*@W>YnmqQ3_xwxV
zidy_Yc}>R{X8WN|Dc5AGAK8KWTj395JU5+4IJ7KnSW&2VpK!lMY)xS+LW3XdF!r(T
zX)-)k8p`mo+IN7-(nbfB`Y=B8V#jdD{S1ZSc=bsi(83DPk(dLYvlXg!n$3gGOJ(n3
zWhxuR0qmqJnRIfil2Ky{Q!3KlswK&!u$BYps$F+WF8M-{4Iim8$g(D@n!_b7sO0Bp
z%Y?(O!w0Qtt`!>*<(oECbEwP9smR{sn1s#7uIGEC2LmK$LJY?2MN#r)hobMZ?A|7Y
zr{`pO3GVuWefy4(?4BgsTRGI$k_^l2pUB=;j5~Cug`4*c$*fO#+NO+JUm3PWe|8B7
z&}mK8>Q^Wieo?9S_sCh-Q4-CsI4h6SeQJRn>&<b}@XQN|_Q0ig3r}i!TZ{9p>R+<$
z4@wo|#!Al|!iHJ9K79HnV7n{+KKg^<!>p64$qt`iO+P<?-PPlvzV@r~GJWokxW!`A
zt5NdXNghN=azp&3W0tFdx03sLm?h=FyU$NruWKEf=n>0rctj=WNA1v?YdO;%qFa_s
zF?CAxHaMu=bpKz7ktjydP*7<Wwq=LLTD<wx$<TfK`&FH(!HXd;=Z8D{%m<uy1b&zT
z?(eZ6=H=p1eQ(|K{Fa>t)>G@`oGxC_)7`x}dTFXjv3>W3#%t0b+<W5K>Gq^ieJCH^
z8ExN~qN}jDc`11OOGo(4Qh&1c{(}W+Q{DQxhsQjyyZ;)!cXQ#r-N;Z`(rCzF+amAm
zlO6NMyH;(>VAg#OqwL6&ZM{chuP;0?NGa5RX;7Z4HO26n%1$<)ZueA4b_7er?fpHZ
zLFNU2+w#qK6iw>&-$lAW*BOc|Je(u+cmJayni6*WnRM#L>@(-bR@W~SZl5@}ulY<{
z<?oT^D=q_5C*2F(b=A`)!S?Ekw-#HI%>3J*^>t>xaD;&3^HoBpE_`e?JN2=>v&}mB
zaTd8{!1MTx{?15gN5|>2!{1UBR-i#|a+QQo1!0Tn#RJ<F%0z*-^`HAyUz|QbTDvc*
z^UHjmMczcixSlw42W3&XeV{2iVlQJ+M`7u^rs>6lV;;DU#)UMP{%}J>_qS~~%p~>4
zAKy^-A+5h6Et%OgF*Jl5yDQz)uey$3F<?-OeRI8DeIREe#jD2I1_r447v6q8C$c)-
zV-LS6$|QHIPrbxTOoO&i1)M^!3WMeoU;gSb@ygxTmShsl_!f-XbQOrR(F+z9$F<xS
zi;#I`JA>8L&K?%xtS5{=&uta`+RdH)y(FIXE#_p<dUi@(xNXh%Gf~b*Abvof<i_h#
z0$J`nXhm@Uf*?)5oPn1K(w2^xr|$GsN6$FS398y1kFpT-Z_!_On9u;7#1|)zy;dge
z8!Zv)J2!ZD5UdxA`<zgT2ad7bukqmW$RBL?#cPp|(4*$wab1`TkLPF{X{P4Gu~NoN
z_<guKu$db~YcXa#d`}sxKeY%)C9Ky>cI2*-4KmwXOYNQQZ+FyIwI6re_Zp#V<yJm-
zzb#}h&8zBifxJxlinz0>`{xxfd$JP1s@V4G5QxS~N~k*G2Jt#ckobe|&X_f6Z*CwZ
zCd)Zs`{;P|4+%a~(Q=Cn=rz5xH`1!=ik)xr8w+eUzVgMSyd!uN2&+Uexrnmp+OoF-
zG^1MBjShL#xaV(Q-QVNSdM7%_K8BVL>gR<+`seb^93ze90h}ROyjooe=8?vkiZj6H
z-F?AfV%YC_UXlf><K#wY4e)V&)IB$!Ul#{?&6HWTOx{xsRddhTr)1sb4#*6)cVOm?
zl`7U*!9Lf*3~L6HnbAHxaVar64}KDs6>Cm)L8f}t_}zPFCW-jVwdG%knNvO~>4-+P
zG{Lp{)t5&=sV;6*z@$3I-g?Y0^}9#i)C3-ZPSS|;Np{MpBv+Z)dNe`~?pyX?zes$^
zvK!QD6qBRYS78JFY<hwCgI#r!avpS;10i<-)!Z`q=iOzGRtLxq6(F)dtn4iTXl?aS
zcc$Q#upe1DJZ8>#IqRWp3Gng9Zp%$<5DLxaprX{5;if`8G>dAiw7CRknS=PLH<EdZ
zeGQCk%?qf*Sy7ZM6=|%v!&JS@6*^VWP5Bo>HxKoQ+v<x}w~{kcQDL9yZiHqO&2~H3
zx7uT3s5XeTMnm+xq9wZEH>nSU?=wa{op*Rd$K#mj`hXIrzDNj(5|WIPW@#({BU_h{
zL8`t+tYqm$x{-yMXtOc<RJ-^w5H?iXTLPfs{WFg$F{ve6r+0CL+9rL~ph!b#pI*=3
z<WW}2ig%Qdk73n~cl6^F5AS>NmR+Ls;Lm=#Quwt0JG9$kKWt5fFiShbNQ;o9O8k3?
z&XWS5m|mZ&J$(mra|)xS#~g<0sc01Sr6Ih?T!S7j)uCCs2jA=i-ObfjohR)+AtURA
zPty_BG{zGPWt97c(IK2_3meihG>`EQmGbc=SVmiNygBa?@~0=EWoMzF-gr%W81MTY
zAag&=8yQ_6frZHwPzoiYGLrbxGRkBE>*!cvl<o70lKX{Z@`b~lZ4<dpAQFwsqZqqW
zm#D@siBhxsrI-itP|!lMx{DR$7&|YbxPT(7WNPd=yeN=?MPL|oYqzrV1YP~29dknp
z43A^G?(<3B0;;b*0?z0|zF=(ZqB)S)N<`L&*?w>dAAbJ_8>{9d&5Hwnt)Sj>x$|f)
z*OO#2ya6S{Xx3om_zCEH4%grrfxA3{e7Twmk*&p|C}e^xcZh;S(zXC<0&1Nkd)NS8
z!kyPI0_|u2K|X2zPlL#>v;TLHl~R}k;*;r;03F*uyOe`*Ytaq_?M)R@0>p50pxx(i
zmx+w@+hfBZ%sP%Y$(q2NC^e>^g{^#~`TuxW41-#RotJ6a936p0FOs<@ce5eEnW0Sg
zoA#Kn_NF>IMf<9;Las~EhJ4uuB+YI2W;We;SBc7Qi2(MP?Utbx%?y4>$}f0T?-Suw
z!w72cAi$R{5g0J3sD(=ufOT^-fnc49+R!q}m*Q<HCC5sXcPsw1QzEqXsVFTJE4MIy
zE_BAtRaopu%4Vj<;YD0MLy{eF-#(nX?&W*_SBMUrJeKOM-$*$G{R7K}<TF%Pk?<bz
zw9%?aJ57I@>1l6*@pd?{9r<&IgkbPI*jnS&*F&fHDtU;}RdQfcVF;<T=jtFRV@)5?
z%zXQ@2jWHS(x6BiJ&Y&$1H`lN&u-dyk&b;0Mq5AL1bJv!n*F5#;?p{!Jo=o8#-A{O
z4!Sy$g$SwUyMr`ri`Fp0ZOwJ2PhbT}=<~T4FEcW{umNcUQwX4Wy5xxIanG*(3wb#w
zF}zGLMRvJ_Qr+A0?4VdxSI3>YLMJ9I3zzSBeV8$0H7B})iVUFP?pU#~R?F@0QI{D*
za<*mUc7VI)0ljP)^B4K%NO5BV+PVBI3F7eHiiNNH7h>T=l5>uOOt-L&=OfH?Gy3y$
zFk6!(9MwUr%!#p9z2x7NE$!l-uVXOcxXR}HU~@+#cGku}t9<dW7aX&Q>Dwo$^uZA5
z(s_3d77sZcbIpwo@vKMLLH<6ru$7S+G<)odZZXKVy3gUaOUj3qIdE0MCGDK6-0gvV
z!w(F{GrU1z*G<fnIF^Zxn9z?8@etg&J~gj8qhl$kTR_;h5@Q>DoCQlGp104omcV^?
z8;yw|L(Rnjc-g?q{IfSM`Kg!@=irsI4{bE#XRjNBVuuYwu1_Z@Ynh-5>$U>Hv2tH|
z%krK-eAxC$jY)8r&pa@)5ACt{n}ER9E&E%nq;NEh2hK?Eh$2vz+l^v2B_g@?Ch{kw
zZhfwK$eRnE&u_3Fz`D7QFT3@w-aL{ZeW0Iz-JDheirB9gT7YV*nAOIE`r9Jso_*l>
z`y5ONip>B0qo$nn$C}96ap<i~3?(q(_~nE88vF8)m4B4<ob>uDhcE{z4v-DjUAppO
z9r|hEZEZ*UHM*NNmOfW$KI!o+f?~L}qww@;Y1a}l!Y(@JAA>|lgu3zJUBNRgpe4;G
z5#pehmt&V&kXD%~=(SmG#mg?dd!6T~>4b}IxVSNDTK6*_^_OVZnZb+i4h<?;-(S{#
znH}i@u_&tXcDbC<9%$3)-N~8ja0~=d`{6^Zcl|v}byDU^NYeGf&i6YS`V(}o+ji<=
zEDeJG9QbSN{^#9R7Ci@S2cOuaoreon55!;Bms(wT6Yp$Rm~k$=;Pq<s{#d<l;cdsX
z?>u`^7inb<{p4XG*Dc^}?LJ}=iAqZAL$&O_?6H6EjiW0a5pmCStF~|kR235{a7k4P
zQ!&W5hGfyE={YmI?Ru}NH;Xl=*@CJpMXB9SX<6<*YZ#x$_?BJ}mT~1+afLzIIxVN3
zGkI~JZ?zsE_xun~LL6TC+j7!6A;M`{eecEnm7Ki#&+aht2Tvah^^wCr?dRUf_H}==
zdiI08cA?SE*_RUOeaXr>^wKRtXLqpLjvHUo^0!A<Z<*?A{TH%LNwaQJ)ugMmd-&a#
zk0Wa8<Kj5<{&o}e8k?>u5VT9{Kfgp9eV57HH9t_>@>$GH-X9%7m^zlueaE!>=BKOk
z5-<f8VfgBFa$ec+mQ$~atJFtV3zRn_eRs4vXD+As?zjQjter}8*tDY*$`0_kG1+Ph
zT=LhPTYsCccsym{q42$x)%q>EPh*oTB258a1YiT-`85htMJLXlMFs>Iv=mi*N6Wt@
zqEvm1>ZZ)q-ZL%SZ+uw|pJe;`d@w1r`$R8&httoL#2efl2k<ZZR9|&H*efeTkWajQ
z>*AMZ<hakTUOg|8ui5`-J|t6dunJaRUpNu-=uk11J{*n!er5T$ea<J&q#MPnx>_Q}
zIHN72Q~vK3@aMvwm3`Q}6F|trf&o#%m|YR7<9_2!k=dA5fVoDZ_7-wUUF2CTSTL&3
z#huhsbLTzSP{SQ932*$oiRL1fZUS@0xAdKiFz7i8TF*2!lkNvpj`muF-M5HcrvaLK
z&2MFE18a7JaT)>YRIk=OsDG|AA-y3-Je8*Kgc%(*$JuXH-f=Fh+g>%vCpe&)3NxQ?
ztX#8x0Kz*Q*mFkRqVfme`Pb)5tq%9p0DqvtlK4k)ssgglHugH!UIAGMtX@_IwQuxF
zcQIyyCj_};yY1Bti$HSn@L1)w<(vKsfEe)_!5+MT65oSbM_Y~iSyF#G$(mcr5ZCNC
z<dZ?SZ!1+I%-#2oeU=Rvw>2LVDP=VQ^$9;Q?Gx%Z;W{P*-!`;)Tppmq2s;}33b4W4
zT|tYRd{G;>M0d|rxBCH*82u6dkFEEPXG8zn|09A}5hOOX8?jYds|1PK5)xZmtJG>K
zx-}>w_8u*bC?ZB}nocdXs-;DZYE`R;lzyti>C*FipZmVQ_v7(<e82hQbV_QRbFN;m
z>v~>hJW$^p-i~X|X|C0}m7!evfTE$~7{%shNvTdb8#MZMzWHm|sMM^agrNY4?I(+c
z8(J#?F5?*%pd7xmvO(}}3K(J$Vo{#$O|hIy;j(_}N<!!SP@Bpfnf2#F#=%nn)hX3@
zhH<z-#ydgaK1wGC`S8FuQEZm{n=n8It5rp5fsNz1wn16))k#T`aB>L1t^T|To~aWz
zjne2fatI!ZY{Z7i*#PiH$CheuDXt_p`Nw(=n;_`wn<X1A9+qyO_$bXlNC4WX#i`UV
zccpBFtl5(UcLxBP9ZiMA`@dv2>%RnhrgN9TkS}t6+Y2o*Y-G23yOg57s7X<;rp^xA
zlOBlUNC=B>q`8D^44fp``xYrSV3d$2($ZwWAYm8Z@ZevwC{zY2<T<ppGWR7^mvUTD
zBj+Co3LXwgCt)ku7mED$p^laED+Q|86~CQ?X^PSJG8p@$*0pK;H`1^wky=+VU`*<s
zqWWbc*q1PQ(;OZ{!N}k^m|x-17zfhQ!Z|HaiBplxTorn~RKzYts$rPy`57r;W{Y76
zLVhD{2@<R0@Iy_5D6LNML9%Efne<G@b6sG<M9}qPG!b_++LYp$47SK9(mu9o4QSsh
zXIN?i`CL{hOP~&L(^E_EcV^TEso*{5vUM5j99>5XjG7P&DnetXl4Oa>4}+jW6e+(d
zh*KCm8P1#=)m#>^P)9K6x<LdTiU5U0<EZPX{R<oi4<S>S<n*CZyrmrma+=F8q(;`B
zCHZ{9C>3ImDrQW1d?GPXa%vBSJVUfqCMEGbz_K)0`LuNetr5z$_<xAK|5AN2L^KS6
zk>UxMtg>xlm`JB!kM(r(gP=4{@C|v2<`T~vBOLa(8hXf<b3?!O&W7~3WJN6#JP(?%
z8|&Y2)bF)qW+Q>oCL2EnJ)bjbYx}VPXPZ5Ijm4C|`h#g@gw#T!tg$)Axv4N5n{Ceb
zk>2&6GjN@Adr(kcOKGBAl@X183PkbEEwQ>kN5SyCOZg47bEs*R9XmuKhsDRnrg)|m
zuSl^e1E>sgP<j&S$XioAjt=7RkO@SF5^z#P&5KveZdWO$<NU~eU78m`6D35s^KOG@
z55`{z<n2jC@982(2q;fUSv&{1+%GIpJC^x{BAP&m%4kjXHIkI!F$r}tjdV=OvK^g?
zyl5TiC2QrZ#gFt5BnBSY(4Usd_mzH6Z$p~Gbzq?=8LDtyF;X*=e;0**b-M^P6NyyH
ztz@>pzbc7t(L1B+V=+L`>H%^3$LgwuM1ux}(+Ewb(8*CSR-++1P>L$KG&`-DVuJJ)
zBav2mAActBOFP+UqNKJXd9=Y@&u3{g010pt#vhYljk6_DDU6()G2S>OFrfQcIF?r!
zU9hfN?|n2alNPN;6y14>zZ|95dtJRndhY4~TNmmwT{WX{p4FQ6-ma3P`H2*b{HvCM
zUHuQ5Oih>1$|Cy<A%|JHjqRqw(8%cFQgvF;KM;nlZ~qDDL*%I9&ymb2lb@t!hjc|R
ziZ|`(Bm0uEndUqip90^kEk5M_%~^EkVN!$dz-(@Ln8UWzw5&p1)G8dInyq&^TFI7X
z_GMP8pZ@4PVWHfm4Y8trwQyK&BvzTyCU()lp@Ng$CTRNk2EpV}7er8C{xG}tE>GOV
z<g9L#<DA*mgaozQrT){(sTq0yK*EJTtiOo4&*DA-9Go;Wo8p`;MZQt>>KaMxs@MR7
zS6*zOMwdy}6g*nwgA^|G&qoDDhPWd`GNxtw$$JA>Pm_PyTL;e92SxHrKeNjWWeV{$
zW<O0kzi2ct+u4_02fZL^a^u8jllXc;ajIg)^i*)ZIpY1f&z`dr-vW(?CpP@|vD!7H
zf`3IGp<cnUdB$qPb3xj#9XcP1P&tmCy^nDDa!B`z?{@xO(d|#PR~?fz-gn0JypqeM
zJ?PWxR<_`VW~D&7A&PWe>q!^IO>?O21-wia`KGd<c%Or-aeiFahF*TX7{U0ALH9-f
z$1%Zb6CWgXb(IBS?@ZJt`TdUde@hwxF==sC@-gn{^oT~qvB1C#Mb2Pmf^Bwj?fW{(
zMaU|&^U3Gj_r^zEL@l1@fet`bueA$#{AH*f-vqZRN`kSWbQUPS5Md-te{}ep>!$=k
zwJ!E)*37BiqRYdM@7ue5C!hy4RX%X%e83Un?uz4H;Ph?1u2*iOsb8+(^($?4m{me6
zlw_*bCi=O`omwqwK86I#g!@DZ_1664x}l2}(MG+}Wv?k_VwJ0!<jt0v9qU&F^Q=>I
z+0hsy6$Qd4|3{V~yZsVH5MRa@s{SrwDy3RkcUrEshV_agk=D?%Gx|+_#d)8slCF<+
zESsve>(MKA>E~4L(B{^+prvbCo^y9c<Fl`FGT(Xh7Y*Mye4*@^*Oto$#l@prd!-xg
z)scMb>f!aCi3qO0m=HA&@r2-*mSb+ed298o(F@jGH+z3iiP`|K&ZAetmPxr<xOo@)
zG>Gcv)dTCHjaFZa*0b+atLyQRFGD;wlJtsn3qs7pHbOZ5$~Q7R7{GIU`n+)MItTnl
z?NiAj4a_CY(QiTPg>w$eY++u@{>nES{KBJwb?ju?*HMee>?kF1qD+aGp4gh3pR{Y=
ztK+QZ)|xK<Y4H8+A)%AXSEyb|h$X-6-7=8+$7daTUaj49G}(q+JpRyYD{D*RFkrJs
z7@k?1_D-^X`DZ=Zqu+h8pn4!#@MZqAYL|kNixean+t`)-yXd@7jFQu%FF(WmHnZXm
zS4nDsGC;AejF-6k;1OM2#MsU+k7O!SWHs5+(owKX?g}r5oxJ7nqa`a$G2}%_g{J$+
z5(=lyt10N`9dor*ThjWYlXWa*dGM&lFyj7wV>7_buwKY9E#VAAi3N*#ZH>sDw(q*w
zj|eSp3fruMh69y%%#<><0y$Iqu(KRi{>RjgV&(+#<lQ*tj{0ct(YN3oFzIS(V)U&)
zo0=r3m1^Xy@HDg>wL2SR>9^Pi#I2YM6<jsdYm<Spe0H+@9KfILK{^Qowe{F#hQ(8|
zsjq7;H~OQK*>w`3GzL_dl4fsAQ4#_+bFh-beY#}e&pbjI-b~(?+3+AM%uHqdYAYHD
zu5U^)F_qC~tKaWDSLn60hekWRYshKz9n%zqN87~gc>Csg$#x}sD!op}M1>hPlz_u8
z)HpxbI6~755>$J&#x5c3%_&)M+ocN@M-Lh&A+#Rm1Cti=#T*vhmFzU!;EJmq?+KA=
zZ(4$Zc%MPn0-s}(X-nNB->={vTJUqdQ6ISHk386RAsglTIkc5C%{jVz<%0bO0p8+3
zoe`wVAWJ57s`R0sfiLng3-IVjxRuJTrkMN#Ks>Jg*pn7qH!^#l^<l46m|&7|qTEeY
z@c-hDnXS`t41?|^7}$G>kDvq9Ir8Alci=}B8V&;G&6uIex-Y4J*ek2x0$LsuvIZE+
zzsmUQGkTO#-1D#?``pP=@X=99114ex4mhXL016LFjUc+urLR<SbA68|0YHUJTMg`(
zq;tujD<wkQhl@pCSVs*a4)hiQixnZF2Rfe>#Ybz}P%9|#@o69@iHCU%!VH8HJ4wO}
z5saF+dK@ENCO)w<Npbg?)Uf-rCsBZ>5*rPMe@{4Lr5rHwqR)7eSF@-JblZ=$BI%B%
zV&hmz{ht{y$gMzZYc@YtijmF>)gmg03eLg|_`BJFCf9K}$N@CzKq1mKUDn!JPhk*d
z^AV#4mBW{k^5WLDlsTY2`o3BKt@8z+Jeux2jx`Pqe$O03>oFksh*~)NX(n9*@$3Z)
zE2*F&LNZpTcj}<k&tL?fPNGFCmAznk$FW#xLp%-t@q91Yd2QIXFiz6e0G^Cb`-9O4
z7-FTxCqgF)$QLV&%-l$(96~Qm=Hwb`B~8ldlsjCu<^)H;V-juPNK*P61xd1F#_y7;
zOR_g$geC|>!T3Eh-;dO;pD1?Sh?uIy;;6cEP)1A;b>l*si2^fxjufU5kFSbiw_1!;
z{=C8{)2i1*5t!EOG_2|kxC}laO^OF)6}yoLC~lfF6HL~)#DgO(7j_RO`5R5Dm;eLy
z@M-*crdy%%!%~<q{t8poSq*cYX`#A?IyDO=DdQ7pYkcGUr9yfD{cb=zJc^*vcp`NA
z|C)aP^BpV{&hSSHphYgj+X~_0pYcrmcs)T~!EH+2*O^gS_`9wQZ0Q|39r>)~`S4nM
z{q6%Zv@c0?xScMT{GHkUX-bRYUDfbY^?DyUnL|(@!3_YunaDqLXqarAHB;xKVtw3M
z&}_H}B1)!u-go2Cjm+*1@~bJCVu})IxaSo0Vm<-V2``jw>dyvM^OW~jELd4W#UhVW
z;2FPemqAuZ{@(2LaMfKLmZs79S&HPRdIc^_?-J5BN-Lb=AYc?K*>UXQ^RyzA(6L<;
zzUF*)cF+1Zg8XPa4x{VA|A#}90{K)TUzh%S_Q3tt4+LixpS1{6L*^5Pe`7^j09Hi^
z=%mOg`Mx^CWQD04S_G<Nic=z$u;Z+3DNSbG)y~t?NMnrd;avLdA54gE)@8_Y#_u8&
zd;^TJd|(nZ-yZnRY@na7L4r%~6FL8LKumwvl=(eu?Z~ihY^PxOK3w9l<g%mVov8wy
zhLLc@!#t$7K0F<w3)g*>&Y+7JGbxaRttoZyH(2FSU?0%xCsQeKm^6D%IhLi~9k$1T
z1XJ-$qXl&}bFgo<RY7vDkT`@%2j>aWZ{(5dy<ctHUxSv_lw$;g)gm}mF3jrXI;ZUn
zKs-5|LUB><n8H9L8<9p+;txmTPaR59h_tLgyAhG+M}rekoH_LrgRT}j^pY*Q)z)bB
zj`Jw1>;}MR3=b=<cRhD2+3Bjrz#d_X@Rc_N&>eir4YsX>)Inlfr`DzwY3KMI4}7dQ
zDe5xLZ=ks)Ps|PcHB>VinbO+gNa@4no0YU@5v6|ahs0SlH{$Y5hRnZfI&=&b`g4eD
z>vLu!in1(jUTF4J;x{i(utPH$i#p=}BKqgHG|{hHL9T=Ejyjh)HC#!DiZ8nb9)3<2
zd>AC{`8I;@l{WFNv-H$fXyMuBq@;cRa>ce28?!DBnF|v-`BdQ+0Om^2yhzD7D8>!#
z`v{v2iZ*T~+Q-{;9d8Sz@efqJ;pBwmCddut=rrRxQz2p@YY(;iHM?iqM;R8?6*)n*
zwJ*LYW4wIy^OD8FU&<%MvQE?~jELoh_64rjUvJB6eQWtrp|G*{%%kmxbN`8Cm3|9M
z-iS3sbhaIG6}tW|X!}LA_xE4@`Ag>#3L^&HqD{E5o3(F?u15VX*N@gZA?BpYaEcT0
zpGh2v$*r&JdcyU~dz)$IvEApbEEDZjQQ!FLmA#Vv*h;s5ZF}Wb@saoDdcBHrJL&oU
zLh6*>n*mEp5T#gBL)+71+j1{dpImb7_MiJDoc`_Ei51pTTe3`oqGXeRY(Fd6^7KUu
zkstcz6tkDt+%tcB*DJMD4H=(w49E{`t$iFpLqJ08C(G+AES>}ea{~39|62MQu_e)d
zQ%<S8*RXr<iPZlX|H+B-sa0E)mt#)HKKV1}u6n9=#nb%rE<HJ4t0Udhd^y^0E9P5R
zZ24F&uRriK;;GLmqNB*8vkBJ-mS;**mc6TP1HYwjC5(R&o$ph2c#zbxZ$|N`*=fF@
zh_aFe1i#*SqG%No{laR3cP}>mHtxC0FR|p85SV;fQoavm>u0K|5%t+<<<>dJu}2wl
z-@ts%gdCeGdkgFO^IGiV!}bgEce55B8Sn86sjfQFoc}bjM?xdX&#N16dhm>Pxz5sm
zLabZ3To>!6g=3J3yMfSX*|}@6-7u#fT^-)Vs*fWZI16;rUPBMc$Wizn?{1yeE$cbW
z^xrAMEys7VzZP&bA8<!>*~z}H@x4*hXMct*HMsdnKdv|I*!C7gK6=pfuDzR=6{>Ec
zRR6Q3p}F>XWzk78YV#k6hCjW_`3h<4bOo+<u0F`mD_-ysH4d++9~GrsuC;a@Ek*g|
zcA!pZwUsatnS1`qOzbX|E?%;{xOym&Q(d{08SipIgj-h9=dKA~jTse+D@;oAV<#6J
zKX)WeUAY7zj9W#|MTxiG@?%mm2$sQvW3Ro4UcM8txihuT%!34;#uSSsulfokmAfxU
zxdMZ*!{lSVD<^fS>ULMN->+l1&v49ePH(s;b5VauT8QG}wKe1fY7w#W!D9m)(9}hK
zpK&(07I%N(2E~Q6b?&^IL1MU<eZK+>SJHR1aQ=2wbJG&i3aF$LGeTu(Q!{I_R~X12
znsOB`-u%d4t&kpL9?T=m{E9o4-`upw|D0nO_UrVn5qO1x<mRKl!4(<3l35ij5laFg
zI(6gkEnsnz7Saw}*H^FLk;&Vd=7tXMa$0Me_DvVgSSD<#LtEG<adoBwMl-+8{4F_k
z8F#G@4@8C~LFNPy91xgD)iyN=F|U^QuWz>VO|BGpiC=4A*v^tvGpGhB=bNPj{1X{h
zJKEI508bTDJ<1L54}t=Ie;{~6>-mq6Pf0)}9?_5F@Ra-865&x7JCstL)j$S8{}kY{
zS}Gy$tADVGNq$j8PW%--f9kKne|6;3ShG?bf-k)i<o){OM+{Lo!~$CO5-iI5yvpal
z!4h-d2}78G4m<hxvJA!Y6fQCxbaU{A;H<q@a9pdAoMgT9#S~y-j~W<q6h`ld=X&yR
z&GRPGUY|)bW-cNCv1?|J;ew>)VW>eCUl0ad;gdW2u9gm$nG8XN8+?O^;ERMW8WrR|
z8h>7WJ$Xs{4pge^WJnl>t9(<hu5|}@w=~ESQ9=m{3yr3H$8bjn@1I}5uAejjdRy(X
zi-p3NN{MOy@jQYVLvD{8cu__M2ox68S*Wi&cr<E&w_8<G5tvT06gr6p8Zzt-_?&~t
zCTI=|uYd|~zSSF9uRbesQc*?<=pbiyXNcQp$00$AF!v-^k8LlUNd`g^sZeG|*{VGa
zm~ei~Wt3S~s1{g#wvPm#ssKU|{-CQ~+JTsNj4Zg?D#xHHh8QkOPM4aBWJ0j!>RkjU
zlAXYzG=q8t)@4z$czAUW$23d&l>aBv6udIg+p)qbUG*~ZFxWN9)TGuAqvg_!QLU^-
zjes%FHrGQZgC!`~<hxdh;P|bz>QM|QoK?^D*BPN8d(`V-B1DSsWe=1u(zaT)_|1<p
zn1)Lw)vNc-uCqatqB?DVpxGBfI5RES`I#(=!!KmQFb)^=h3`$n;8h{%T1yND3YoKv
zIvzZ0TYjL}858vKSq+*5O?Vp)t2nO;8HYbOM5UUoGWqo`{6@-e=lG#@3Pc|0ROC_A
z6$)L^1l0rB47fu2Hqri@P{}8}{!1ME`soA3s#rz^iGLXar9qG(4X}vej3P30RA7-L
zQOuA!gjJO}N2aK!jbnmd`{4-+JP3y)!dB(h(XBC_qhiMa^48=WtHp7Gf@G2b7GL>)
zVITiy{qXowDPGp+5Ec!hz@t@dduIGqEKmt{rl54Ns$8hVv{1uHvGS=x|1BbEYsfN6
zsSp;%wBTo&gP&W6i~Qe85(r6J8uO~8L#;@rNwA2J5$y~WTK`9zYioP;sz1dy1h1#p
z>eG#Q5lsch<lgDLLusu&uuG5V<Hfd@(+ZWJ&JI%K?nv=zR&m6=FuNw~%1lYpIw>lW
z-FuRBC>SjLQqF9H8*ZmERR{mho8+H;Ta{~~hC$jVh1;tU)C>ML-Sd@-9yGkJT9-*S
zW62F1WO3_U2_2M{+`)z-ojfEHhA&KUW(dD?`@w<;=E<pcFNiQ)P1Fhttl30EDITlh
z<kTo)?YF$7Bji&TbLu_PvNMZqk0M2KFttR8P@5^iN9?aL3Tg5^lH{oRjUb@S)=RyQ
zMVeeD?wJ(`T^^(aWZf7PfTY7|sxlY@W9VpEd<vbMD)51&p3BB>+avaKMMT{mpJ9nX
z)`&#S?hNF)bSsi-fk`@X-j`0$7ywI3ws_6SHKf3I3-ORWD=d<T!iO-Vgx9`m8ys<{
zP&6LvNwWn^Tlq>78}a597BELl%++=Dy`VhNY-p*9PBUd+w?l>`L>%308++h~YL`dS
zKM-5f;RMks5ttwh6#iw73<%rC%d`Zt*oN61P&VYQk<J%eUp~Nmg~+V3@(=40UCCZ*
zt#yp=JHLzkj~T!`IpVJ3NVS*#DDQOX`;2%p#rrJVl>gAM8&&KH#dqp-#ELvI&==~T
z55Y#Y^Y_TqQ;BV>TXidSD9DKOIAf~*g&N<~&hci(c#pB^AC2L{NGacH-&zsL+x9ZX
z|3EZ@0`ZYN=6om4-njGf=#}P{yLpiNj04r0(F*+Z8q`cTXqvvefQ;@f4dA_qrWc*`
z@{E|RqYG?i^IpgP&O_d83lR%YENsln>xAK(lu7q`8}AG`%Uw_IG*C#D?9A4x@B64V
zqm6mgIbnC5+j~Bt-NEg-_c;qOxk6EC&+JCCtSxB1?P`0C|A^qD(k7}5aYW_qqV6tA
zkDPwf+Uc8uoHZov#jH&HT&9q=*?sAU9I%_*nI4LpYi(`B3_meHb<#VoHRh=BH^}p!
z!tJ%&b*UQNqZ^;SL6)#HtL1hURQsij{%Du!{`q^KyUz8ShuX)O>21j#a<AUVS9^NA
zi0`9}d)3GF{axp7JzfYub|4=Hjf%4OjckYt`aAkWjQCC7qTb?b`TY6VtBNL1)c&|g
z?aC^Q93OjLGv3!fSl4s@tdUsP?6)MjLI*eP4;C-`_V3?TDY~xLniot9E|NM%f0<|*
zdaJL>D8yPM+B@{j%8`EZ<gxxo=X4Oh;wl}i(Ro<yTVDxxfudy9`=J#l8<}S~YZK+h
z70<$QU7u5%6hFvY9_4%amx^pazIRiobdhm*ljVr-1b=SWe;#<ht!dr4d$DQb#h!&|
zr5~z;*_!()Ng)YWq_;#61c9XSU+3zUv{=Vy^hb1kH}#xUIJoid*;<O3%-1>5oVN4c
zXI&8s#iB2<lefLPCFzlZE-mf*gAj9s(~8rK7q_gs_QaT76yx!3z6N2x-l*Up7quPN
z5RIR+K`!Bc3r>IBy0a&(J<-yfB#oSO$L?kAHYM-Hzu5Ml3o~B0aLY6#&`ruqqPOS*
z=M8POy-7!Q^XiS`v(NqBs^`_yPlboioj_T?)*gcXRo;w!+$LT)Vj-DwGCyK|?h@50
zaR)J|Qn$~cu(zf7QT{`t#=QXvjw4;lY4StYyb=gs5%-zNvP=PQ%I4LCP3f0=(i<E1
z?yUTD40T|&GzN(C%f@97JT9)A7qb@W_UO1&27~Buj-UJ`fmq9q&X25}E$LVgl;ErV
ztD5Vzx%L_wU-ezLc{3|i`^4MB4Y(`0yM<x1(VkT6mzFqjCsq_iQAm|=;A1uA7p!>t
z#!r2R*s#q^t0+?^5AfcH{O4OrYinzF`Pg7ah%@)G_0#5pX9n%LHHF6Cd<at$VWwI9
zRKKvzj)W-r2hGhpft@t1<N6*w9_+=)>av0!2sH4wlxi|vh56R5)h#SmZj1L5Th3hK
zH#zb=fh@h1t+z&bzV$HRut;NiOyRk7c$7GcuRtJ4-=kkroTb&gvo5YSW>4Cxee%rr
zPCJLE6i<txD~Z|^;N0x{+rT2?)?GZMAJj1V;}O}dHQi^}N@*A)e*H7sgc-~5vD=)e
zi}xHm20#^g=@ftZMv}Cj-2T0NSQica(pb}1s&fr3bl)PdGk2|ofsINFxkTqiX$Qo~
zO+63{I6Bb#+=;aH+)x=^=CxHRm_`GT5(GZqxxH@jn<6*{&z~(;7PqH`a=4%@{c*Cy
zPGMwG+>aegiT3Du>)qkw7ST}zJ+jgca*pzBB#@1eJWLLdeF@K`0mg&?f|OM&!l#~`
zVU0fx{`h$X{09F1-8mc0e|_W3Rp3=>>u6QUc&AJW<?P$0CMt#we6#o3dRTM-&aFw!
zQDY~+d3u-*z;HcaEPHI}D^U%YcV@E<Y2a{cD|2)8GW+D%uX{xm)5Hk<j@3lKfZH;!
zRxFe4QU+ll1R$7fO-POj`&ovq@p7=-r^oj4OvVlB1|Np|cjdJ1HYp{F7&H&ffC2|W
zE25+G1X^LvK~SB$0N!qBln=B>%m}i;yE7T-^IHNT%&T%c-Fz4q0LsgODuD_wEq?NK
zH2~NR$eOHkvt$j<CISh_2Xco-l}hBq%@B`a(1U>?3CqRpbxVw|KmqchvUzpQi@rnP
z;(hef<)E+?IDr0#r$dMhG8D5;#s#2+^9l}x4bM!7m}g}G)thYcub91=d>d4vrCjf`
zfFJo$zs!#Td|x5$wEG~(_)tWc2wKCiE1y7lmT=JyidAwdKK8~rN>b@JG^e%j`#_yT
zVJi6#L(sQhQ4Jd=eB&8w{E6@M4`q3U(vY`fu&qd0@DhL8b6R)u-vh5x?(_F?EF>ty
z4sP7p4F1r8#6y+D8MTkVe3gVpDcMt}li*@+!Ss`0FNz#)C!g+MYNs}22G+20rYymP
zLC|{SI6S_57BGyDb4`P2mnG9>-&5q(nh#^9q6Y=T#1#qT^n|X=dLss)2fIz%JKipX
znWzamR{bP1vrd>w1#PAwg+r+zV|kasA%7J3hQ&<H-DU3`CPwr~4lbt|Tn_Y9v&HVM
z#wy^1Il`rgH={7$%f_?qj7*5U+fOz@70Rj-R!A8yyvBJv4kwsk4<$N*m{XXSEE3D2
zyggU%_(X0R*1C*3`l_;rdHGzxAf&)0l2vD_fE7QCg&&e5ie+uc;?L!%(!ejdksU}*
z$Iy7w)ifyrgH>RX<`KhGCfm70jS8j~W_rNw8u0O9qCc2N7^<JgAw+>7GAxaz+yL<;
z+r1-}LBFE0!eU8yZDq&=8oyxcGGO~JJmvp9P)sllB}ux`jLLdX7Z<{zBtGL2sTe3y
z0I4~OFNHx#2OXt7Y3tJdz_ZliTLV9KhIPT1vg@fBSgC|3a4PZl&;Y>lKac<Au%Kah
zTawEsDghNwaP`j`l*#=>TTA6nldCe*f4F+t)wQF`q4x2iZNQ{^-(E+*a2)#rH%?oY
z(ouWJ?06&T%VqDY#Mfm|?f<SZpwswdDMv^)U4oiDUkUa6>3(E;reM^aLZyAnl8!W5
zlE9R&z$V)`l+F&5`F#dUi(5yR3Y*Y-M{B^gqcN2v`FTA9a$pxtge8CGK<d9Uy94}?
zCtR_4QlSK)M->zWGnP)vvg+Y;>IV8AXy<y~NxG1A30QXs3?dT~-vKn8MIHW7%q)fM
zzTcMc)<>jH41v*sp-?hS>nwqcDE90_mgX%H)vjaLsge=g<M#EcE_ZnJx>Q?&2Y#Jz
z)DX|1O369d63xcxmis){g*I+*#xrh`zL26|)zvJ0*Gtz~0;^J@zwc2A{I@;Vb!*o-
zF!N{QsycAJ^yRmcs>}m?c63Yl&zAjghzx^i({TAP&X$8vBM3(#$1_PdgY}}8TWq=+
ziN|18=m%&wnraQcL&`y!18Gk3-YZzDl)`Uw3?$5a#FRQRUNCG+82rhi>!&AJ6;WK@
zIwumnL6R3mRO=D{Ld-K38mMMnM*3dc7$Y2?Pi?)2L)(iiW1mvXf3R`%N<Yq2$~#}a
zV3`awQ_eDy)s9-z1N)xJJ)<51SG{St>rPxfl3MdGOdHYU6DgL)+$J%M2c+!M@ludK
zYSUq{ogW1sPi5<#;a~P}b71J_y)B3ra)Pet1jpg>wcfMy-q5w$!->%`(q<i2UdzU}
zjYAOvV_o7aipoSSySYvnRA5+AK~7~#zyJUXJ`ESdtS@p7<ZFg}n@ZtnwJ9CCzK;*U
zkqtNcMcA`>V(xgW8WFF93Uak8Q^zqAzANWPX?kX#y!->>gL!T)id%bU_+I2<TJrTA
z2*&kaEVT2);A3A;9brgehC1|YwM}EGfuI76LfK!{tX#Q#Lb-3~c7WOt=J}Bm8aYLR
zeXL>-8oa2G6W(MxTXgr;%Xo8P6}ZDM6PkUA<gml_xlHq8_b=MJooQ~-I1;0ji5siz
zq&4>Dz3nr8{FZjkB+o78sC!Tw^!h2kHVd&m`^xZ{N;3Ynd0Sh>PIb4mduQ*|bhw0m
zO+9R(*Q>mLXF>*v{Re`+)^f>V`=MTk#5aBjuRidivhhQt<*g{cYH$C%;I8j@&0Bmq
zDQT6@Bc$FzOofOwb2sWQRtZ9V4{-JpvD=ZM+2(Pk!s3MJ{Qi9OejDlV^6xJr-)@*K
z%JGPl!oMcIdgVYIFJz0$`cEEv>Hcan7a12q-8t2}ZwT^pN)h{HU#;4k>aKo`3ha~j
zX1Vi1@lm?EWgdNe7YNmf{v(#U2M7K(H;8&zy<GiQlv4ctTR-FPdUv;I$h<X=z3PIr
z%oBNaNYS>S<(96X)py<84`y5M;*-DL+}Fq$f8P`%yRHA(|8Dj~d81;4p&u<~d<1)^
zN{NQR3I0V4%k{q&x2194FUr_8xhrDa;G2ID<6g9OH(Y;}w*P6o>VAj(7E?>a5momC
zW(!iiJ6&2MGf@JOGv3}Yf=_H|7ka0?eZ;S3tH1MY-o#~23+e!qm^*2^wTNx+dNDt-
z-n54S&a&x+`f{mwj^Vu7N<svL;9Na<WNS16b`&%FZoF>CDf3w4^-|QY3+bVy?=U*k
z2%nIeqI~yheQ)8`rkx*>i?;Iq*_&hKj|luOwc^BZg^A!V^7{r(Jx}ZE_WNaU(X9Aq
zfr7eF=<|Gt&-a&gylY`%FQ2_5EgU&!$dQQqPtN_U<16hA_8pifuwES<u6BTICr&Bc
z^lsD6$MgP?Jx`bme|$QyAB1-rTH1;|AGr_RPshi#x_E64eB9nedzC#U{L))y7Hck)
z&1u-ggy!}<{=%gE?A~$w23bJ*&AQFGgZiPB%56`(*Cdcf<(J&3Zjt)gm29FJ`rEm6
zSKiX|hoE|06y-I+@{qhj|4()8^Z5PH%zzy#?rNWt=1t9gzPj?gSNjTPb7j<gvv<;K
zVoY7#!nS%-_MpAIwq!p_C%M`7JP@LKPQ{8=)?uDBEg5gS>bsA|xL%U|x9S{6uT~N|
zecGK=<Y(!p1Pn@po~ZD?we_e&pilftt7`doiL`y6-{M^(kgC({w1TVv;X87Q9_D8K
z@&FxlcT<}5{vr@Y1o!GiMxJ0b*!JBw-CoU1kG+GNX;i2w_}3L&cqjh-->uWMqxYGs
znOQNZi+<^vz~O`8u!S?5L*j=)TUkIt%cu-7EoIHAm7ykDhR;s{R^ZMZcfvBj>b-8k
zviI+jouS$6{rBU2Zo1-%QqL$Ud-n>yZeWM8x=yC4Sgm<^bw6L6Ouh{|&KC|}_bW=;
zH+cWnh!;n%xqQLMQK`(&Z$gOg!{Kaj)4nBn8Y0f;io4oz;abT_ptw^DwQr+wh?h4b
zP%EtQEGf}~gU&6@3s%m-?ERyAu|;l@z}x)k)CT;lU^V(*Ex@>YHbmDJq5yBT<4`Q*
z3&<QMzm`&5(*jS{r*F$&ZP0x)UFb8h3?XyE5%{Z~!dC97u3Gl}tyfGyt40M}thYL?
zw8`NfeGXm$;2K?X^Poc`om;u(lHIwNQI;gQB*ZH>=$^-@3jG_6bgW(mS7<Z*NE0C_
z?9IkjuYDAliU?nXq}pY%!qaI9%^=^YXZyZUs=ItaKiYego2B$CM_KLy+0Qa~@!=|X
zrz<Y0L<J*P4_n_Wu5^C76!M@{f)na5hBt^l?O8oKc#jjpOCJ2}IXrjX4SNab&Q1NH
z-^e-lrBysK?|8Z9TRvCcu?I@e*v?feeCIvEk=$f(LO}%P=Vw+Sp9u1)Q!9M1>C$1a
zMfN@b1Qg6FPQ3taoM`E#e`moCor=!@RqB_Oh08CKh~NZb`J6Hga5Qpf%0N;;`}(K%
zmE0`IWHFG|M`TP}gMeXMXdM-@9)HrT!b?1CbxoG^R`n$w&NZFXYlO$YD6ZsA7%TkS
z-2sUQh;TL4-fxS2liVimgr-FFGIe|$zRr%?);@cwyP6k;^lOcxP*i&ogi{NTo37-@
zk6QV^oB@udh#h?K884(x;l+wHx>zXQ-~o`kzR<I*R30`>@-IGO*r=vp7uNK53cOit
zR1K1KZ_+i$&O}V&`JfCe@S83Ctpdh`VD^Q2-C%7aoUc75O;(__lKpU?mrR1HucAD=
z&K9TZ@u;>Bn=P>H;YJQtLFUC*3bIqo>MPN;QV88ayj<B)XS*-+{4y~$WkuXN(&TYy
zGjW<WHcArZx3FLt9}7qG7iq_(UYbQ((dyZ)9Y!|pjQo|!xKaf<2AIb9`VVB{eI*Q!
z!w5pO!GyWoY4XcI<Mf~vGb|+j$>{Y%Fe&8+0#gn|{*WMBV{rf$c*Z)XTKK9|wsjVk
z`6iKcD`gbvf`OSua}f3zL2hI!d=E-E1)e^R(S@tdO!Lc&VRPJ9pC-9FANfi_yg3{0
zdPu8KtqPqY0;qz@z!?4iJ>aFnDYCZmS5p`QLMW1X$t(e?Lx8~~()d-4+X~G@R8`#=
zFyN;iU!eun@a2)T_@H*Mf8{K`RMd_cgfA5;g(spVQTP9khy~x;lKz`7NT#4j9As*W
z63Ko;l7h-kIGQqQ68WHlXv{_pkpW?O6q<X->ahO@dZrDvtd(k_^2mY(8;H*4r8_V)
zNPj#Fz5L#B_%?!&*u(D|1olwQa59ZVP>&=&X7DFh(DWE>8_}hBat4-7q4KM~Wk|XY
zjG#%{8Eays2e-#V5SOOO(G`PV!APhg3~!Uh%1RJX%WnDd$u2GQ1_OeIZd;*IQns3(
zMHq5fXe8amLcNAKiykGY8gWEk+?m2qiQi7E)(ye%$mJn(u83|OonqYl*|{uUZ!fDM
zC)b)@3X!a{^-K4^O|}2t&k%Px_>mqKb6G;<1<TegFo7y_KD8glCvc6Se(z+=JzI(J
zR>lGneKIXepr+?Nhre(40!mg6*@i8+{((jJk+EU2(+ct;l?9t+R#^I1a!R33O$mNY
zq}0!!ZBI-hxwOr|vmA`p6H{3N`Ri{KWH{%6$oqbR_aoDK=02NZb(&*Ws^+=g!gi*A
zinFNXzR$K73E+zj52UoX`mg{L-=o65{wj*%kghaP%I6hRM3MfM2=|hSTV)JX2G7pu
z;?vI(A^ge$MGAXdd_5S9hI#jPMnFc5ZR0^x3`cpQ5@M1zd)4o5q(kQc)BWUl<_GM+
zXhL9i89II+xc%w4Mw(q&D$aArP+rZ^$qS~ZOj$5l`5rih=mG)3LG%bONme03ERy+L
z<%Pm)qAYJpr7p=!*%%;*HFGk`W{1pWM%S}9=LLzSzVpzT9~g^}cf|y?N724n-{hw4
z7j7GAcBVR&HhevSJk)re>mh*CoZE&y+)q)RZ)~f4C5MDZ7<`+?Rq>`CS%ctcXsDuu
zfb^W<v4gF9WN|J|igFe5m0i`qhAdgC*oQSd;gDWUpAB*vPFb)Susg6gv{nFBxr2(%
zoi#(AKP3D<dvD9djIk5MUP9(81j3Dn16IRax8lPX!LPMX7u@{T=Pbiy|M;taY&VN2
zKe%9|8t6qdy&ZqA?|d*_Pp+lWbpN2BFGDBliGHrjUE9wV(-A%`N1_ecl8bR(P71&L
z4xAiHQw?WDds@8dbFiE5J<}R`J?KuC%g!Lp%cm_-F=FpIL=C8UZ!f7WZP>6q=bB^#
z!F)i|v+xY>*tq!Ut@j>rB-_+oyS!gN_wRRt(S{tY3>tf1XtXOHQr#RHP~x^OcAe|n
z|HQY~Wl%)dUgqF`4xHBsc<u0LDI{J-%9c~yVjnYLvT_j9;P42x#>25AvEHn=bh%<V
zKaN~;o?o7L_sjjwr@Kw6d)uF^x(STQ5;#VNJnJ^=s0Q%gey4vRr?b*JtCfUv6$fgk
z#FcBn5~*TruF!!x>O{$2p%7T5E_tH7?tbA+$o62|A<OZqkn<PientTa-gs{D>C(jA
zuupX|D?M*VE%(ZvJ7~7-=iAkI{*;th;!0~LL%Fr<sL=6xZ|@y&dzzM{tC;X^E;fZ_
zN-pn)AC#Z)(l07frHk=-dz;5|=K|#4!-7UvTU+Oqb5mpNZLU|R4+bP%k=+x=XC5Nv
z>r-9ZjEt2O|K=C%_rd?qOB<GBR;SyeQ~rNm8~lCX=9i>!t^2>?b8>Bi-8mZ<L+zKO
zzh-LTo*K7a?DKFMGkqL*u=}USwDDk2DC+!$swdiAZt_n4w^KM5`@%-Qmi!d?Aj7{D
zrkTFv*DM_6kkykMuilh)Ty6K}$EXq>OvQ>i7vr_nZQysqg&TGB;!UaNUvm>>-Cs3_
z6vQm%1zsQ<3-ynN&Ks*f!;J4Z4cqjYWi{IUzU$QJzvo27sRFjFX4K!aLC3Zw`bL%V
z^(G;+&pm(b3DwBdTW(Z*tlO-uHvd#?`HsH|cKm5T>)O_>sL3YNvMcmtiDcD~`#!qI
zMTXe><$pa)A0Z|gvXpawWvYt!WKie)6d~of{n)usn~3;-AZtvijfS_#n82B+R(IFk
z^rgk!!IulZ!(p*zUoV<HJo$z*ms@kSas(nUI~UPn9#i|wCa=1^y)i1hx5RuK+t^(`
zWR4V_WbA8Q>pJiEa?SLUe*|xA@oa?gD#yPn_85HckO;Ocx33m=(;G0QM+I8gTp&!}
zF+xJK!#%y-Uj?tEHgdY7_eR0@vl{D`E?mJt2jyPdZ<XY}c(5L&JYe`cM5e@R>)m4l
zD|&D2cJ_WBaRf5Eb*-OY%_{+zlV_m4iKb@Az>_MX4pp(8-&x6FKqW@i%>!x5w?KK=
zrF_FDb^`B%7>z$CybBxNycTz!a9~inE7>-x(V(W<D{UZ3yixojaw@j`Qa(M|eH3=_
zz#m5SlK^5)0dE7SU{g5u&HRK&@-9Uzv%8#cv2J5nhB5&^_^9+90AoW$;gP36hBQ1?
z(k}3dwp0!6*rHnNZrAcnue6rd9rK8g%%;$rkHi@R+?tN>Q-O^@E9#TRGTzl>-jEGH
zIrHmq?Q`e&3~(mrxAtCX2a~MF)xeCeVVGI+vjWZacI6U1M-7cu6RF04qcT>%$sonK
zFAcB?@#EOnFfEV%gN=uj$!!r^BH>3CWILBk3#x;g=fgy-?$Ym+blehIqCE7I6O4Bw
zw}D;WN4YP7Mt#%V;3Xchm7b#@@*AX0=X*D%Wl1ZdR*ZhMc!YkpK<x+v1Upsg#MYh1
z2I+4Q_5NAVt#ftQi}%PQlg8ks?lj5+QnhAHWMy*1*1D!W`*qkR2v$NBvSRp5rxj*4
z4_=o&*{Co!v@;CG+(6u>s&Vv1*n~_&os+Pao+G4|IGqG2q);#LBZ#_rk{2*ik^Zl{
zDx(i(G*!h)wvWyKFf)k*m8NUo7mS|wxeVTFebc%lqrqy6-YfT6nG$55F2OKpifFV0
zABf-wzy-xeK6(SB>?Oq+4gc`$h}FvCMql_}?;CNt=75+_@gu!i&1ronx*g%_oBKoB
zGp-SQoXeF_K@Jri#E7oRNq`38cWwrv*5nut;D28K!6XK`&kHnTL2s)2UJC=1nuhM1
zx`KKU=%w2V3`bUK`?|2Zx=srA{=jf0dC6&vF)0T&x2EA`q6pCE&)tPH>%$B&t%aB{
zzi(u6+bU@4%e~62YrX1m;);fU6~uShRb#JooM+`+6?E@lsfMOy61a=!NV9UVj{Blm
z^~PV;(=}yZRG3B{bxt$pvATwcn;<{%w%DMaFxP;#48GycP{`WjLZZr&S(2nrbw5-u
z3%>C{qu~Y;)xwL@p(Z)($7I)<_aLJPpOC$@78Yr+W)z;<U519Abm$ajT(&K@)oS7}
z<U`KF<V`~fp6SJmF<5sgX`)vz&FC^kJ;j+1&JKE+M6pxc+evnS6%v@KlUS5=UJ_A%
z5QdlxLQ(QxAf2&t@1oeUB0_^Oi#^X-m#06ZI3K-S0W^O#Ese5G;Y)(Dn-3yY4qv^E
zbU?g9Fmf#&drQ4`$^3^*iS}w!USXmSU~GXK7`}DdI+Wz`E;Vn81s4?}YE`cb+B04Z
z!ZdG1aq@*Vzq17)7Pff9FsRcBluQPaEAah)u!!IrEijnIM;0v_NBSr~K@QzJPGdN9
z(Ui7j@cml+tErPnqVO~yOE(Pa0zIo5#Q&9~1;LSoev`zcgb1S6bg5K|$T)14kC7_2
zL(#&Aq++B&uoU2dJjwq)@&7#j3mycVV6^9`1YCd~{Rz*G599v^r3Kx^s3lVF7Y8Ql
zptpvf*ze|m{Ak-)NJ@imwA6bYCZPqVktSjw!tVG&q1)fvm=zZ6Oyu*uBf?^gL(YcT
z-j}%kK;%*SBv~w-BO3L|mas}k9wn&?{dDE%rXP+(<E~uCr~UrOzQGH2h#-)5UsbCz
zg(5P@#_H_ecm>Z|Y=h8)b*X0_KRG&b{ZKknCe*o9Slk$+le}f^%#1Yr1w&6{A|pvh
z+;4;to0CJVo~fP1GD7#RY_Lr`^>7qY;K8qW$i63c&<?b7A}qwi0n!6esb`5I%&A4y
z-b^0NFB50eB@&d{i>51N8N0LfWZw7?NGh;WBJLw<h0VO{5t<|kIZ-Sk5U-3R5u`0R
za-Z(x)5{L+Cy}1nu|p-FAzKdSGJVYnSb)E5`eRju>Q7`M0~rUUiDJ9KlEgqVen`^g
z$fQ(}z=!i3%*itfh$u)*rxnr%M<Bb4sClcyIiij&>ul&Sy&l7W3$4-~ET2{Fa=D~)
zG>vAFVd|T*qP`};Utq#!j!0_F*vqsV0Wi84{0!VcFYxf~8LGsg5K^E$iw%)c!C<Dc
z&{m}=zOR884&Tw(Fe;#EsYL23z^$>GQA*XIr(9Xm=>M7Q^TXWOGabMBm!jTmplt-Q
zG4H6cKx!VU*I&F)HOrz*c7gdA{QK2JiiTkLGtluxj>eeY0rj4AQ4Lqco?UN@!~K6C
zNrD`4LFqbHdF$J@-1GK(9Gx!)K(01E$RbKF+&-xa6>6A1oAAOlfD4;Wo76aeW}ryM
zMpI$Pp0VD29h}S&_YdPKwPhW0gdB9)tssCqlIwoU{@!>!FLw3gvM$9?Dds5L5avjH
z>J}NCt-_WN<QYc2j^0)8I2?|%U=OF8P8U8t(F0j=?;-si8M1Y#MVnzXG61zW1p){(
zZSypd;~KszPWqaImx`-jcl&OwDrKeIq0UA71{*3!e(~}i9+3(hEWgIc#Ldr-Xsp(I
zMn^!^3xaR(Hgq0E+&U7L+;_yO+RLtbt~Vc{vT51t`CM_+L_Xtid-wdK?Zu-%E;@Jx
zS?=He(nwIXvF+{Mwl`fG>N@VrBIDZw8~wc=f6Kx|b)r+g-9D-O#8t#zG8`A7bV9i+
zAtE78XD}kjZ1lqpT)$ve$~r0ztd%SXsZ|bVpIrP5HgeZry;}NIUKA9BYu|U{R%nE}
z#&deSsKqjOBY)1`(CtHnmsdg4E#IwBn@!XAjlEYk=PW7Ws?gwhGS>H%9JQe74>hCg
zab#?t;KgH?ml(KT9({;Vl^0@vWfS@X6x|VS8;}=4e#F|gWc>XZN@+x&a$dpp1KXjW
zsOL#X1w%`aEful0eUOAL_cUIomvSp1bai{ycf`Oy`Q6#+_6he3A5D^(nbqm`E4><d
zjRD4oBDFuZuO6BCg%`A$7>x5Vc<rTJKGHKIp=-gdsI7{TK0&GzB|q7=9@~n#C99yT
zd$5Z=zjcsl<E-2I`ahU?ZN=Gll2;<+b9Qe|z+aRgbk6$d$Qqvb5Mp+Z*gR(9d?~hM
z7*X!i6@V>>b2*;O<;LVmoZzLZrJ}5!cPpJ*IMhEepkS3%9a&wGf6?cckLFw0^~Oh8
zeUIN;*6%T?sr=B}dhtelf~x)A@U@ZW)2$Z=q@J4K-nF(G9G>6dzeu>7YAK!jQ)sFC
zp|p1bL}wwt?NW@p)|MDXk(lJOC+56F;_Z&V2y=Q~TM^yJ@6{(`DVr7fSxbi!g;Zs`
zj%yy-5=H!W<a-&l<Ks2|XW>5o9v2zyNxkB?`(s@%c1-M5dt~&V*`R%>U#Cb1aTjh&
z`*m7B(a=ff&&+M_-ppDmN;m#^om}?3y=mu>fcTll?%>_-k4U^3ZEL!$?23kYjC7x)
zVbO8i>0>@5>(?`T6yV|^?VTDnOFNZPk<p0uZu-SLi>?E*-Wu|oKI%5js}o)&2Xbtd
zey$LY5OK)O<bg-e?{E9~@y6!)52*4d^kM@xa`SFpj2Rz)I$hE&@nFwNb#3liXNg!w
zWJr!@cj(?oh{tw|NmsY8rG9!ypyD20uP!>hYe+nLGTN(b?$jdUz3F-F#_rmu4PDAF
z`NEURPc0ZkOl|I+^eqQ9n=y|6nUg+#{k*XS*cE9zGku4o^wjZ(-0N~aRFlO$Cp!}~
zGy5sI0qai}JBpfc;W+Dg&HUTnv6Hs_;`C2to^vVlsv;pV&Rlx(yjiRkPI`;KFv4uT
z`71)Q(a_y7dqMf(q&!%?IakoUXpLo`6lYJ9O&$bhxS1?<8dhc!=G^C#wa?6htM=Yo
z3bV7wl?B;e;4{zcD~?8mnQlrp_Sln-et-9%?I3Apt4^@Yswi=Dc;aw1w)$F3axISx
zA_ih_I>Bs8KuVEB;peVSoXOzRmJOt7qLzJT*=cIx#0l9U<KSS9LRD;W_|*y2<<=dK
z6Q5g@(b0atPT<br%J};8;*qTAgIOSa3;q}adT5-WxKMxw^;-YN2{cGj<lu~3|IJLA
zNUR`tBJ^COL|74hhG#!Ja;suj9Vaep;w-hJ9pKz+afLrFw5~@f@lU$<07@kPHws{r
zUj3paON#vmBKa)}*pJ!4C?1D*@wVF$PY`z4)f;Y6f#0bz3yD{|BHcimTKS0!CeE4M
zN3NWtCT=!*OU{aitqk^nFy{kEY6>0Lu&{@d=IptqNCQR|<dZq*!>vvFjS=S@_&I=a
zc^%f+Wi(Wdh&SZ}^7kJ|q5@jnHd8}oX`czMS5Q!8Hc6+s91_ZFygd$*uwoZ<K2h7k
zR(8GxaIncx^>UJH2SU!=1_i<eVqf2Z%&W_f&s{~~ARzHkWpE3`2!!>_EP$$%J$TQ{
zh6)_%$6k!AFge6&qWef_2;*s-k+><E+~~d}+yexrTK3UnD4<kf7mC8|3;uz`*z<#S
zRJsT#<A4{yL|G|=7M5vp$r#!aX38TcArQwJ0LMzmAmUxU|Jab#MI*^1gp|WUX@FI?
zgd;&DHnWJ&p=#@qZ7vm9!4MF>od=?K@cu<@Ha8b>a8ienC99MOI$4m(HWaX#x3BYo
zzag3BuPg)W*v#cqvMa9qv>;a*6=`<!q?uat;=5jJNA9S!k<P3$HyxOoTpA%$Nz$wH
z^0R+|pyWGxCk`URRu#uU;u!fn;FN0=#jL}Ego#p${heV4rjAE1JqNEW{12pJm<aGL
z&%#(AG(A2tF1wz^um^XIvspTe7G!(B7ye1ah<;h)jgTC+@z-APiCP?dN)&e}0BMoc
z2NoAVt|aq3Mw2wNj5Zlku>r~+e;NmGF6?M$=-Fv4;xOz0={-%ha+D)~lff)b+Bjz)
zv2^yBLOx28b%|q8t{pl!BX3%IT=YOS+#f~iWBOVMCz9v_Q;y*4x?U)B3S<$SS=R@*
ziE5)ZPNhhf+}jp9RK5!?FDTFlan_Ob<_%$(+`&iP;r=EPIgIJ4)bALz>WWb+Ol?=A
z8Y`<AK8@1*`DYDgTp<9F8BLExljOr8WS9vO;b5|!sRmJz0sB4OHd3kL96p4?D>yr)
z)=`IGz`AZv=5JwIb>gK+unIU-{46s{ndow`OqhQMznv&~)n{1NUMwa}`YlTYk5RDT
zJB_a>6X1gV8t`!buPQ$H2cK9lBr;9V>LbJSt_?G@)CR<JaX(4?w2|u6pX;<y^c7|h
z8>t3Vy31GmE=mxOmr__)ipK-Li~+aer7=z8Nf>$3^#$lC@>!~%EJ>c9AtZ#qrAp;5
zh5^fyRw?{1*BmSxW9aPvZfJ?nKQmx_K}i0<kx59QLt1<4;Ye-#f@7!g4FRxSyteXm
z_T0ejJ`3>^VZkhyvxx-N{mu0RdP)?lGns&f%r@JG{bbWg!&H(9YDfyPAKRdtQ%Z$F
zc37&fD)BaMByp&1LcBU(hNr;gxe<nFj@a#4%p6xedzH@od36>d;mOL@#LC?|SfoQ&
z#*C6o|ABDNVRh3aWnPl_bIIs*A(Pbosh=sHe>W5cL0IY!GeY$KHoh^4yg4f%=+wp3
z{Y(h-ziiiFoLqvTJ}Sm!Q}`D}zhE!JU#!sUH&)Y13T<F^wxKRq-E_fG{h==ocJI14
zb=lw5`NrbS$y2`a2aCk)?NAbG_lTI*?}cA)5=izIB03K~vOELQm{Gz!l;Ec>aoJ-8
zJIvSb96czcmqNt7PfIs;NVIL};xU;&v%6IJLWBq?L4)6B%#c0w8^sikGM&r+w{Wv<
z_|^MAn1`b0BUw5pmT!~1#E6oDV6H~g*J|qcZr}{qb6zg=m$7kE<CprObfFa)jr^n&
zVH;nxoJY~gc{YP-6V#y33iLHHu&FAMI>;U3;kj|Ob!La=cMNg&Y$K;*r0hHQa%3nk
z108qxGpm<=&BL8-YFV@HO^uftdT5Dh3(-^k|EPNJaJKjVk2@iV9eWddZ)uGpMvNK_
zVnpe&SG2Y&)f1tlu_@J5HKHXV)TY{=Qkz;eYIM@7D!$c&(^GBF{qFC+?mzBaR~xIz
zC!?<C>-l-Sp3jmkR2HS%9DJ;pgSVmSq`^I#f?th3k72uB)6BKICkxrUTGLDnu=Yr2
zQD4MGsc@#l@SnF{E3uzrdL?#4_P7*3)g{@qWev44sqKWcca~jRsx4I^2}oQFF6LG8
zsKm4EI1MkM=0^g4N7S31tmHw6Y9r?4Li4*^{0XJuPw%haSey-UG9$w};yrP_b889t
zo&`Rcx2n5lgZS<=kXV~0Cteyh44}fJLJz2kb8b3>-Txp*l~+=D3W2NBZ`uJm2ah8~
z@<$vT2SlU?&wnjuTnfZ26-kdc_$zL;0BGQD_}V&`7`N#8Fu^DlsgdY0jrQ&nf6S37
z(*EsCJ(<jbY>BL&LV$b~Mwbp_o_TZ&2=H#X`LTwQWiEtdm3{A$9u;&}7#oV$SUil|
zEpbm<osd{;>lAnwv_4Yl(I_KxNn|x>NwZG#Y*9m`lI%6Lz=);yadPFaUX_wm0Hm>D
zIL}XaPEb;yPPN>WOFhbHzX|c2?eKBv?)JM8b^3+)QFohw!7014x{HhRf)}EGHHi$k
z_{up9=$1l>pWb(9Cjs%-iYyg=*{j-gqa1%;c)5d|VWG3OHMLRE*5L!Os^B36q|G$>
z?fl{2zwc(|P&7U^R^pehadYcQP!&pPr=_M)t|0GjZj`x0BkOSZm|ZHuTp4v`oX=hk
z<?E6lFyeS3f(-c)=&Q}wZJnPURO+2lFnE0N8JncIWvBbI#7O-M>;-iak=^aSZb?TT
zZLdmDF>POcUB<b3Ag#iq3aEg;=N!9@^V#4Rn$EUd?ybrQI_r0%m+7)y_TFok2s=k?
zCfv~X9$jO<mi<!iigR=(Rfa!bW~|1jse+Q(bNp9jk<s?hAG<b4!~dyO`tMXOTFncc
zVcEPjs}o24Y~d%5TwU|hq!-5|j1}A^?m9Wd23X!SgBDD^Z*$(7Hdl!L4^ldo&(-Tb
zzJxwDfUZT3JP47dOjO+8`Dq4KnVT7KNMKpE*gWIAIq910|2$pKYUX)@(IzG45C12t
z4?}{^Bp@8cQYuDQ$0z@tNqDHqE1D6)yUR1EmH)G8V<ka7TfMDWFqS~3CY`v#&HB1N
zbCg3uD}T!cPHCY+jD?*b?zK5Gd^ft>z<_^z5v6lz-7U-?h7ns5IgZUWyC~?ay9)Nf
zKHcb!eXPIckH_Obpai>j4usSeF1WbPI3ynJJ+nmEeBka?TvoaG!rbkN4J!LM)&>&l
z%Rf%QcPtkC?8fYeSOg45c;djuS1`4?!t{%OWk;ygaU_HXH~naF302<utNYMqxRKuX
z>>$!Q);;WfW(wCofEkJ02@AWH#(zQEf0Anr`YGbXdclTz7%@?Kv4K}>(kwQdy!XrZ
zv-d?I!JZQrq2$g*pG?`W%e!2PJ~YvaM*Ii-WbnS4dtR1*#Vx<d$bXCJ#hGGV<e3%I
z_fGfJKw|4NxhfD>^f~5Q@AO&eC7-Usq+_f4C)5}pqvfQgJo0vzz_Z);eS<Hoik*+Z
z9S6=-IFo_S-kLre>x8s2zp_0+omq`mx>~%Yb)$^GflqUj)fkg`-z79q=yupHnytdy
zB1RSpdp$~Nyd-r#cW&OxOSfZfz+@?LH9{@h&8KsAr`vteATP{9_1{aiD*|sArI&Ev
z^!wQbyJSEO8_s1LNzbf}_Lk~;``UDs2zmYedoS$Wt=~&xZJCOm3&-cLsbxucwL?U|
z=C}#GX{gSoH!)IY2tucR$Krnw@zU)}u*2^xZS~1ox@$TEX=X@e0?FI$8pYOIUIxz2
zJneo<-{x;M)_0^gu?l<71MPL3E^q;agDqRiiv>pNws}obL5U6<B+-h83RZ?+*<ekt
z6TEa8)Y`_HH=pfM#{C^7PqTlDsYdEPvPq?s{?_r152##@wuu6YZ!PAD0EIYT+WiQ-
zGqb8buMcA7FE}Ik!BX0Z-DFg0UcBxY1K7(Y=aT0vsSC$JA>ZJLj}-CRHJydg?X4VE
zwIE?ddS16T6g&N0k#)OQ;^(|iqHAlaiW|0~y8FY|S|xIO?P`c&6zH;YN}c@Dmv3g2
znx&hhKOntu96W?k+R5!$&L~pf=Fz)da&F;YO#m&+>jJD8L=v14_MXQdU%9!z=+I@g
zAYeSl4>*g|*yx|41lQK0?aQ-EiTw-DDLUX3L53fo9wuXX(v&8^MqsJGKtZjxb?in7
zXIcJ=g?izY81JPkvwORY5-<|HzcX(xooZ1-(QB(*86Tc&#P2A8YLhK+mj^=&-!#Ap
zEyM;8{O)fWdX=`rdjyn~o+pO|M(S|ZP$5F$u5E?q;ivOB^_f86$C9qVJIds`PqBe?
zeEyQ$WIW#DN?j2+rl0NHC)!c0BYzNKuyYY?nAP;#=$eE1M4a^se1)9l?Ta@ZT=}h~
zx%!hpGT7Vn#kmxte&S~C??6|4r$@5IdCuR1!XJeJ^ljNNPLiU8SI5E<qLx*_uWujd
zzIKul0yg>*-r@oyyLt1X<!}VAwyUOPxeZ~azkWO1miigy;7UpRJ}l5^sN)kboWt`0
zeZzXM3Pk(d2AD6_1MdThxJ-pj3wX$&UHTe(=c;g5<ElnnhDMC>wVz^Ql`1II769J^
z%uWF}{u&Cq<gSl&6KXa>94VM6$+~E?x1)s}#e5WpESBjLw^?=`m<3b@EyplaZ9=cT
zUtCel!cX=bMX$~;?Ya<2>yN_Il-u{MnE*xJATueG>B*hnluG*7RbgYNsysr%*io1Y
zznf5>%ygxpAYME=(l`)@`0S!oOZv#vGO6~bsv;g*-%-Kom~uckh1`U*#lvuAqlKm#
zilifqRL)9?L*huc1_$}7n9*LUm_eh6*F8B5U&jhe|8I=TKODHM^4D8zZRs4aw}b(R
zQw%K^=czjmGkHsl9)`5#VCQD_dEo20wXlw5Z!zZ^U0D4u_WA=52ojlK!!bg>SHfFD
zvOB?Sw0wl%mPcWYY&jVm<AONeKG3A7qz$BTFpl#JIw+U?yY!Kk1(!ghl7+YQd69*1
z*fU1ZAid2Q+CqoJ&cLvAQH)gnMn*h3arbRjGB+JY3oJw+(2I{}RghhDt^sH-4dSLk
z6W+a12H~V4i;rm?F*FScoZglMIvjdchm6?L2CBM%)JP;5GqtLec!)%X1`mk@<5ep4
zwtGt?@`^$^FVVQIO%S~h5e=@q=VOie<+OH8MnWsw6_-U|T)&X`d$UQ)4o)Y}cL<7N
ze%atWCHH+4^%h0Zi;&A!Q95>if5EX^6{mPsZJokt72i9g*Xpik{kS{}=Y!hBzM(NW
zR;IB2YuWW#b+1+ZD8CqJzI}U)z?MWJqc?YaNc40lzS&O88+LR@DeFfH2SQ+h(oP=`
zz{)&7n&U8%{?5#{7v{(M=)();co^qm6d{ne`B!dxxGKyuh<mWdEeyIDUC;ET-5r>&
zhg~KY3JbCzdRs?_J)3G?u_<D?D9C`|{>zK`ho0zg50{0(6?;z=SDM*HEzr`V7(qn%
z?S&rPw0FgjbeVfwdGl6IC^E7&pN?gNa<I|E7sMy%#rN)i^<ZN+wAJZhheD(XIhd#<
z^(l^TbeQWUTJ3Fw5Sy*$5AwumB@#SHRP34vj1CE~BhYy-C@dm^*G}3vS+)>o^55jC
zV2nl%z;0N_s1d?vENqjZL;BzMa5#+%;$;t+xl3oHXRW1hgzQ{tYO_gzeLZp7k7kqR
zCLwZ{MA}ds5=x{q*qc>t?2i5_*lG@wYlr@&C@R1nqPES?*}R>rA>Xpvm)pd7`7UGL
zmX~;hEv@xY!!c>;E(@0$v;EdJU_)T3jqRUrI)x#YN~cQwcTaVN3!fw>zI9pz2?&sm
z$5PjycE`s{hc8J3YgllG+O5*n${i84Mfdq~QSfYI3SeaU&ZO{9U-L`{aZk~)f8C)_
zUQ2$9xqQ9p|L9qU-1P&a7p@6o!u_Twqxz`VrsI2AAOt{WZB#8}=AvgqN4;sODN(sh
zAe*f}RIPacxT&GV@pVI3B>*3j;@|s(jXYjE&RpS%mzIypFi9Ps>}?$?+vQ8sDrF_m
z2+qPET(%buKz2Zx;Jy-t=fwCp?fok;hliGqigvct-sQDJ%YwXrRq@h;aSwikFuiMb
zQ^PAGwd{o~15vRPOQs<o3)+od%Y;GDi(Og-za<&>Z!i2jK&ZgjyO%KNG-6}ae{JpH
zyR!1Wm#>V4dJp2t!>X&OhBIxI4k|p!b0J@29QIe_h{U(X@~K{DN4~5|mc)5oW4QRZ
zC9f^VK2~fKi^g|77=E#HL-MT(`Gq&?QQS^>?~VgURb#W$=iHgpu$%n@;kN>N$BS-d
zTuS{X06q3MzN>LGF!kpHDMJGt(~4W;51#h)>^hHS760-rzYyJ|9J&@_Gqm8chCwAP
z#1;fHW<MKsNyz1UY>9Z?U%cOnhLR^X>qyas8?7!T`BcjlTZg=EWyKoX=&6MY^XyRd
z-3hg)KKERP>vq?kzsx1p-`nt)UsGR_#H&U!|AP>2NggJ<;9KS2JXA9-Wy=CJYXjEZ
zd&;dSo3YaiNo@&7L(?{Un|GTD;u^~rO|LOB@QW4sBMnC@Cd4=UKE4*xgR2q`4ZiqS
z<nup?5C~imbh>l8Z>lhKx5)1=oxcy(sC^&PvR6aGAA5fq4vdukwMhIQQidom;w7OF
zWwoM&Mj|j1-5oE^{+fN*aRb`vjDO^Ne5zU&-yG?S9~tf7WM>Pju#h{m(@)4!+!Lz?
zSkDnrvbJ&JT4U%RD`A#MiHmzDxZdB7b4c&Bq{SQNKRk8!1M9U`X02HXTJ1kbd-M|O
z=gksb_A{`h^cML^p>l%^ipW5qD<N*>A1GN5O6!qwbFY_Q=H}#GHxEQvQ8HU>9tL1f
zlrp0i9ou!5i5ve4mi5he%da6Ny9#`sh@})*cPX~2-h6q><f=)320mVfGosbUb3f~d
zgucu6^oFlrtJNFD8>z{LA^%HW!X5|Y>e)Z6{Nm=`-f^Rge`T!PQtYorORW#Po01|v
zzCc}9cN>jWNy|$cH))&Zt%Y5w->Y3{@2kpN`v;nv7~@oTlEPY^SvK2CuM<y=^6`mN
za0}WgFTVI6B+2N5-<0d)zrwoq<pzD$yR=Ujq;g7yS6*i9c}HF!aqLl+Y}6gzYr0)f
zSmv1O_&n46*S%=TW2x}`fPS@cR$@V9>zfX|U!v>d2hfK$MgQ~3caIHk`-FUf<hRnO
zDERpRS*rFi@bY5#vmNrTPLx@*gVu%Ensw<XxH%ug!l|2*RBTs;Ytm#;z;k5`V=8oK
za*Z;7J95`5^X~HK_a>>oSaQ_&yXj}j+RS_skN&r<_%&+mO_i_IlGQBaAMD(r{|!9r
zL+jqVt8&{cm+|V<Ol9rciUPii<sGYER*SSc;$|&ep*0^;Zb$0U4EZG>OzOaD97AiQ
zc3FsA4-kp=f4yu5a0`>MhHBuyn!v0Yh_6ytu?Ui4)KgjjA2D@+Td=s&AP#_O&b1rz
z8hv+Sjisx8$2M^3@dI;vIWh5jG<QDhLwA2}#8tc9ZmcEyI-pU$?r!cJg!AHMf(C7P
z9kMS#x28cd*PDjyMel{l=;8W5=)KhNt0s3BK?0cJo}3&&q))g%!=%;gfyQ=+LXF!u
zkApv{{bpf>UD#~uLH6nLk0J^%%4Z}seeuU`eozVbv8-byf?UqV$-dsc@Xn`Uytn8R
z<7=@2H?>;o{c2{v!q~FS&M(ZZ9SDWn^%QiWAD79M>{jP<pFAZD9P|L-NAG5rOb~gs
z`ZAej``GI8-3Q9|RRZmDJ3(W?n$efsh80NLJwL1}z>bB1ZcCl|Q7+M8S@nEpqby`Q
zv-PRAbiLlqpl^p^gI>DrXxl{B?swzAC?ONm8No0AY*L!I8LStT59WTj5k^FMC%pS#
zVOR|%SSz#jOa4mD1X1#GAh6R7p>z<@x_0@DoG=LA(i3oFyTf6aQrbP2{<kYQ7M-K}
zBp`X$iqcmk@D}H<T{+VaoPB7s-3ouCjwIVW#xUIVXr<<EW6t|L$otn|3esWU2ayg$
z)qOq@K&IRSNKV5VXEe~+SC;>SY~M-(%Yz1nv)|OfNOkfHkA6gkp#dhQqS;nKm|se$
zyodiieLI{O@zb`V8Qg*J7oqS-9rnlHVpxH$tsz{1eJ;=Gk{NadONK=u-y6a1q1>F;
z?|g}ivi!J_dy&9Mw;x`R3Erdvvb$ttpWA=-JayTBjGzn;)!hfoOt)0~e-K<?&^ux9
zuoSB+69>T2<~Ww2SRaVc&tbn~DGr%c?e%E_AB8U<Dg;(IsF$ygbd~2dwuFIo!|pw4
zMqeJ6O4WN1P2o4c2~HIpH->D>TI8{T_%lHvI@oL+-6sEE;6>hVvpnxg!95_(Ihu~^
z{HOhXeFd3t(XXb!li)}Ft=;{40l@@1FS<^H8B4M}-AIqt&&5{z5`ZUn(*sLWYGyy4
z1}POaW&iX6vs+rRtR=^EJ=-kwO7*-n$VyWfiyj8IbpYPRPkxi%ZV}+<5PX2lHca~-
zMY$Qey*{DC>S4AjmU>WexDe$0A%+wGX@+ES`+;GVdA+o(P5Jk53G9PNdeFGgIpIP@
zm^1Bfut}I{i3=1^qfS&2%miO}``{*p4=coRN=qQ57Qvl~bwEYmy+kKIVQy>LwJ~xK
zE=4UAqLuz8&CZk#AFet08zT+vpxxxWvq0}BfnVVyakaQGze1fz5;We=^PM5yBtwSg
z^dICs$WDtXAzH5`2v8vJnlUg0e=v0NG~DWjCnN9<9UfRSCaNIH?$Ztn6oX$miN5si
z#yCt+*IQJ<C5p6Q+Ke@$L(Z6R-7m$sfRBjDI9^dU_Djf850JN;u5?ofHV2nxilVT3
zV_Hg=J$$zEOyKAo7~}w*i8ZAGRc!<jg2Tm=Is4$GFX-T<Eq)$2#Ym}@Nu!xyyoDdl
zD%E1(a|m?QI<st#Y(t_GZQ0m)u5;$F(_v&2xKIYtpt%Vy5(e*spwa8Z0qAuxAuD(t
zQVBspCfVa)@c);kwgG#DI$O0%TO4d;#M@b9*g+qH(j$t<+oDuGN&cqvxHmKK1^r;O
zvRkpuy8=2YN}i)G;sR<}rAl`iaeQ|~xRHMvpmMhuA#PS0Sg4!wFb6F-3~iHvq)Exg
zTo<80l)E_M?4Kh2n3_M$6}RINTrqSSP1xC6z%m#j=mo`zx5RpIQNG}?{k`pQ*om@j
z3i}Hxdse|49Ojq)9ET3U+aryAjxC0%{U}+3@?J^~5fHRr$KlC9qtfXb)%j^OZWyw+
zO<-1w>5*^vp7eu<(Y<?W79aV=UJ|>yoo$EpUKCy2BiFl`sc<E33W@KoXXQ%^z`c`R
z?#>|~4~E>y-a`+G@>*B5$r(?1*6YfZLJEZ-nF8l=qU9^Ez=B|75Wg+y%Qi9OhmaU?
zj0U%?e_@mM?K)a&kpsrINmY`}jcC8>@y9O*$}CNVyPZ6LaxZJT!d~(emx&D;;>I8y
zRff>DO=G0#jS`pUAO+{D%^K@mZS1-K^pL%T7Znca#GErfdt^hChu1MQN@v_PG~|Rt
z*)STk=EOoh9ot-Ogz4D<asB;S8DytG*sM`b)W)^*qJDSbQJjw!lqluo>|bP!#1MM7
zYxE<#nNe?z-cU>_%O*A2C_62+1V7H>*BtV7sqH;&3Bs4jW~$M=ZnT@O0Xo8eT7^9J
zkYPJFA{Q1Xo7jL0965%{-@ofJXA8dh58t&ASQKvl#K~NFs+E-r-Mm1?Oq@iYSRQey
z;TR=N`l=)k@<KK!*YvkO^%U7@@R!=A_YhSmt2o1XKHkT+l-En_@~U^caCp=_pNuev
z{<sZIFf;_i%-?!#>X3a1?|p45FkckF7d>D*Sy*5=L?9FEd<d~_&Rg1xTBssO>8rZG
zH38VMhP)W=%lGm^eq~RQB#E29TBE(iBB?xAsW9vx%Ud!*@-L{vxW(<)uV1@<8^PJP
zu}(~uyk=yYgXO&YoryOrd-(Nq>dsYtDteK+JSrVUPa(*atIS%+V0<!!PZljByQKTR
zx?ONSjFW39=u2|w`(H=e`4Z{<_w7AJ=5h_Jtr-mJ!HD@rhwaSwMYp(m^Yc4-+1ocV
zf0slhkA^16Z^|=tI+~}gT5e@PN)8*91930#gM@k+mBa6j^XnZe^Ys?NyDzuDZ+8$b
zr}YKzj_KYC4~pY8|76;eJ6i83U0<CR*U>G%@aU&61<VF@e#a34XN(6d)P4RM++A!p
zNhewnPTtsRH{U%zkA#d~V^SacDqP6Obl<#e;y&u|b(sqRO>**b@0&Yn*t-~h@TK-=
z#opB0*`wUE+vZVwqB|geW7RR3<M3Z?;O{o9ls#Q{{-(W>|CDj`z$|@n%GnoRZL`yE
zTv{V<;@ctnZRG1wT$PeTohPg1;#JyFo@AcTGu_nChV4H?uG9x9>D`aC7-nVONDaJ8
zltv48nVG#-vl>bjAtSGC-H(VX>dvgeb7kKc`|9;jPH?BaEB%!A%B|trormX@f^<{$
z3mrRxUtQDDi``D_`&cL#{c==tYIEmPbJ+J5t7oC5Gm;amr`Mx>5|ch`#2s5Z?N)0T
zHGEfTO#3PQYZABtx)F%`5$34kj(7)y?|B>cJ2xoBq2>Qv;7%2E2L+Iv#chYO=z}Qr
zsdLYgXES^X$g;m&?}vT<y!~Xk%-zgW6Fa`5FZOFv_RH>gb$O(f=88H$;n+4&<)(<s
z)eO~lz!VP-`U=DS`UH;Iv0b(Ji-bBRPGvi9rByI-N2|l^2IWqadN=>2eO|9}Igw)r
zNZDI!4)6m{R=eLS85*0byr0^TvYM-Y($Z(jfp^&u?1D&?pF4dNvfrQKr4yKAxpzNo
zd;DmKuU*Rc)<kM#o%-t0cW2ARtBvEg5V0Zg|GUU`Z__J5XX($L@msMyDK=pE8Ls}>
zEg<_K@<W9C_@dF#d$b-m<82GD&b!0d&B%G7+WynPEe{~>mhq!Ek}GPw@K$dSf3B-+
z>wfWHB1mPVCOR@C5>is8jE+9alEoA(#qWhm$}jUh%o)%<qsOyWu-Tf5tZurfz!4tN
zRx=P`?ZoTZpjmJy*6o~a-{$BtpUZ<rW27!Y?^0}eKF>AEfsYSCDwds$6mO7^86imR
z++pAbpm;x4c;~kQ`$s}3kgl;&bJp}xp7A2V?}PqBv)CI+=1tmS)km&~Ocz)GkCii*
z%%uK<TqvQYJGj3#tx44AVue}<$yUvK{S+(s+LqNtR&iOQwgcJJS^jFqV+xN46=S!!
zB<z0zQ+E)-x9xK?a;ICzipiV;+ja?ACR!Z;;3iry-ihERAqgDc^0lG>@TM&6?cmNg
zl!BW-1<8-cEhVn8Yrp|-9r|eFhy7I_uiZ&d7y(*eEh!)wF0WL~&Z}*-#k&c_gk3e*
z8C!#Sc+T&3tLxB*m;`n4VTMPtscb7J&5H?y{DzGupeF*WZz*b4^0S`?J}q&$^QX5L
z-XgU3tYe?_?VRvcF5z<&>g~G{s-2)BJ@#Vizdx`GqY#X&hxby3+&Xr_BBY)JNcrQ4
zT<tlD4%6MgMAzMF#TP8>5O1L%zRmPpeHJ()@UV-VgEH#R6*A%ghV#?h=b%{i=^sKk
zl+oJml~h}t#TABpWnXg)=+|8gs?|yr*cAO)0q6<7Yk8usCq+6>{U(r$y`dmcx93yp
zI@s9^+IfZttqp4ycf2&gwqj4e=^YY~igwva@)}X8)GVOaOj10;?XrZYzqaTwQkQSD
z0k}HNb#@|H+cLXPV<C(H3O{6Hgi^AII(moi>p`%ZzCR+jAvl@_O1`XPAuj~A^zOtS
z4aWkE-GIAHL>fHxeEgt<_1SMqJDf3tGqFhb`R!7-@@CP1eC<I$2LW$p?9-=1J}bvu
zQaXxkf3{QAm(8~0$OhD^%w-i15c$jT@fIC4sSK`wy}_pmS5Aj)hv#@+1u?v-V+V)u
zzVWB3*`uT?P$>Ig?)o71T`1TZj{gr51IDm|Yh_gncHJxJpJD*@V1J2$H`otX)Qk#2
zX1u{JqTMgnZ(81^XBP)bT@Tg)guN!kX`&UfXS}K%M(}Dq`Y{pAh=1ZOy=1heVu)&K
z1y*+6*T<qj?yn9`fp&-?ud`|>t?=xd@9RNIT%}PApj}i~dffo_j#{t<x7Y7a?z`RR
z;slKNF@68*f$sA@*TE|ygfUDJ(9Z{tD7*OH0x<cx2)JS@fXRbhVkUIz{mKo^_g(RR
zrj*xYkZU}w1)O;6MKH_+%mHaVS<E55l%Y-qz>W(eCcK!0(pDEQQ3Syv!SKFRC<W;F
zO#Sa*+0uxEI>HnZFb9v-2yv+VK3~f8&0Fxkuv6HsVkCS4d!DlAF#Lg-g^2O{_C6Ws
zIHKxNtSry~*SM@1hLV<@!z@J2iNUXJf>}Z`okwXKR9cLD%CXf6#u&-R=deoTR$~j5
zIrF1v5*%ViAX&A_zUZR|{=E7*GEG9c)<)`{800_5If{m1t{t}H3<_SbpRQD9$bbF<
zNj&Ha1))sIiA0`jXZB~kT(8FAqQg+8DH!AoiTfgYNP?p1tVb*3;>PeAz5w~W<A%-=
zHhdccV%)Vhu7>R-!%PIXVPg)iXbbE44m$Ocj@Y3T37Rtn90wqFPf6?uhTz>T;=5AE
z#}s%P1NKOZa~M*xM{D0wv8M9;YKc<q%@I9mFTlYjjX-d36Sc+!Lx@M;XpHQu{|94Z
zu?WTAA9SH};2_~m$Qxm!MCL=7(TPfM1ce8QpXFU-`<nIXUz$5Zc8fU3<d}t2wzI=H
zu|jYSx}uzr6Pl?+BXh9Hi2~vMe-{o|CsVfc^l%A3g5L&>G(Pu?Bm`9XkObAY44C6d
zH{#E==<CLw6>j2(X1pPhX?$mRv@~u=I8oMnc(R@CrACOL(EW}t&d{n}bk1{7;t5U@
zmSFFXOujDuQd1)bI)ub`;=GirX<-VtrG&ZWRpP(k{3V`?uyLZLU*Q6-)PJi*ue%~h
z#91a*BFmp9EH#yEgJ%CngBTD08|QJx8w=oErr;+j<h?8otR9)}7DCo&LTsFKB9^Up
z;-ZYFgi3%@PHAyuV?xGJKz~AtQcmX=Tz(~-b*qeC$Z-hQ%u2IAhc#uYu&qw;dV9Fu
zDN|ay-p65dXh)+vFOiACE?yMgXUR4Zk3b$TJXLV?Di-U^h0Y3^|0#-rC8}bx^OLd2
zJQJ-#iJ){NkX6fpvT?IJd`lKyNoeP>liDO(C#2i*C~G{jR<RRTBP5O6l1xjo{f46|
zG^Fa8JaFBSWIDY>=ApKohDMqw7#8CFihalVe4;pQc@!RIVL9!;yCvMA)@$bxu26D(
z)Mld>MI&J~SlaxVctM(dMS@@yi_w&C7BilJIo;dkdfSwtXSys!_x9j(^T1t{NcZT(
zVt3y5i-TT>PPm&l<dDsjp)L8z-jMe8A7~06p(`H_b@P_&fSA)ep?hZMhHVl=t6JA-
z%aB7dHY)Vggnow~NgX31Gb;NKD#mieh&$S3-Mv+z*&Kpg-+%f}<F%57i$OUJ+d-g>
zDp!pS5On5~<{lXe$EENm4_!1sc|K1_9u*(6jPcM-9u@xBm*;)Ue~KXM!tN2mMWI@R
z2qqCnbAI5O^y|(Bu_ct8mi$yC*PC8V<z(je1?SymOA~)^y4{>F^axL|b{J6+cq=0j
zI;@NTv^UF9B|jg@et_#Tok||%Y<3lQ(>q}xh-&-lk=j#aS=U<hC%wMqgu$df){3ZH
z&sZpZ6t6B+Qczgvd6%&J)@fwHOi;=r^R{9ChdWmsAF9>9qwClGaefl#d{yaXT+gD7
z?&)?=Qz7G_;8gz@<&p3xb=rPi@Iw0K>q~tnd%C9+vm)@1TB?>T>_27{pAk!GJ|M_-
z5AT=x$v7~DV^c;6%0$uHLO$~;za@+F=VV3vi?U-oN5YwMZpq0qDj`EoETFZ$@)@h@
zoI}PX{d19l>JovE%UqmC2%A3o>h7lk<5v%Jtx99A<y_qU)U|sYAS6Atl=46)Wo@}=
z-BKwLhNbEp#l3nFxAu>OaTfU`09~F=ZtZrom6z#%;&Q-u{Z(}9tYqgHgKfx<wfjfJ
zum0+St=XY_AM#tOV$&V&K54>IlUJ8l%(#1WeJ%>`A12E{k7F)fp7(JW?GYqf`#se8
z6yE$FB(Boia>OQBw){+_&2Dit+y1lmnA6Kg4-kfR(tnG3dCvI!2k8ifb+{MZuH271
z7KWt1%r9adh4cd(TQa}UduK+oIef>3Xcv6Reecin@keK#&1LIOyMFi%6!OJMq=jR>
zNXH#L$<Q4aLs;3S?s!b%3mKqmCw1`uT61KC8W%VD9UHj3mumP9MEc0W=t{34D_>3o
z|6x?U37>I7uwpC$nFr3NS7vA&6=!FC7C-5e7<yk-erA?a@!nvSp7*1wzfRROD@2z6
zIb03>l2WtcnGlr`fQ|@>@OgNf;J7MMqEs-<C@+`o9h*JMytg*1dNo~px$V#PJ;^Mv
zr{0U1Z%-$Lt`_}TI+$fQ{^~yMTg()UT;|HCj^;Qw8IkTV(>cCU`&P(ve5Lxj{6er4
z1pU=qbZ6*Yz11_)jx$YZv*mu+v!j5_y6P;sm0ZD46Q867re&Q8j{!S1=9~id*z+9k
zWR@d0EBI&61$pXZmV3;^w4T+%(O)McPMJ2RYAM9p>;|Fr-^GEph#R6-3m@`d7N4=b
zT~#e|oHk^A_e|3>Z7us>FSKU8|8fbu`9bQ}n<wG}okct`Vc+Yoye<~kAM|dH+`bd^
z_;_Q4GBI2bzMH?kDVGKPQTfog>gI9U-jIE=vtL{GZol5Cl<;N;!5+C;b?H~HDWAoS
z?{w>ILY2HLbP7JUeNJL)e&6{q^yVs3;Ygb2Y2Tz-Mxv42{Fe|`?+tCPAhW${Kl0p#
z#H6<D&UftvO=@CGhUFbK>Q9hEh?h(EB1TW81{JV}`n<5OplqgQaSCP@8Baw65?tbY
zOUs6FQCrPy2s$>mI@oWj=+druh$U`QyescicYwgE#cvj78^~h0{`l_&e+;Or#fb~7
z2`4;vRP7yp;&|#Pko+CZ)mQ$vkB^>V<+ODoCfWam`NyOEQTAUiHn%6L>(t}A_6_9S
z&XQRE<7<<>xAyzyEhLZQio+G^v?Y58>O$4hK04kmhULX+i9t_Q!*(erziao7?1pE-
zmd{ca!n1omsovaXg7rV>G-rUA{Uk&%skc*Wx^}P=<LW?Rxwa}%l@!<5jm5<LD|Ewx
zk@0CZ7JjMM)LNN&u@~bTPI$Sw_dE0ZGa2z0*=D9ZYDPkkoa-R-c-pW0hpn`%N(mA<
z8VoUOV#dhY=y5Tee$Hbo5=Y3V$4Af3z;KgnE~id0?b=z$!FuXU(9k~8JJ7^b;`xAx
zpGDADQH>?qS}2rQBOgQM<8^Mf)s1YW4v*v9S2AOX1|y`}Wkr^3Mr%gdsfs95>Ed6y
zOzCOA)b)Y-vA&zZTS;Ra_LGu=Q(!O=x?aRBuDB-o$gMPahK-*qst4ta-`O2!@I3`~
zt>{O(UcKGo>py*P#Qq0-7WhXMfswM%>}NFrz;2ztPT;F`f5~J&`CYwzJ3Nor*Sh4+
z-ZkZV9f&-rlG;5Ku#kth3FG_%9Mr`xHq~v4E#Ead7L5khtAPDK@YutEBFo-eg8VI6
zi#CH_HG-sMsUWoa88eJ)tLdbz^mzXbQI$y#%xuV4;LfKCJpJmz>Cp^YljG&Q2k|?p
zkC(Sa3E16724EMq|EH3`qf-2&xZEo#V0piN4)ge}fl1QO*>q|Lu4P<4T?IBeX|v<u
zS`#CFR>@src(2y#`h6a4br~ucnO2>U0sv=c$y(Umf(6<Yt_mgZD!y*U@P~Ho7dL@C
zlXaQrN=#H^r9MaX00w-&3;6QWes)opaWUY2jAOublK)TmM<$p#_6Rvmtm<&u;8&0O
z#G%j|35<4aW#~Z`x35?0L#otoKb*K1@KD)*yx-%oQ(vBVDjn2*=yGa016@5S{i>zT
zvpoTJg1QJ+Q%A3T1qpq2{Ep8-Dc&C?-|ph=$WcJaThYJh<aR9U(+deIA-ohGrH07H
zJm70bvgCxBCs3?cVl_)#-Jnkm<o?MXf`6dG#`e2m7!v~ovjq4>C*m#c<BrT-lwO!r
z_zzM6KG6vRpo(dS_5Uq=mVd!4AhGn060!7tkC4;?qFN8g=q3*Df4c<g<2b%+v{lM}
zHP~V#^vVjQNRkl;DTa8{)(xg!Eo78K41UR)2Hph$tz8Rv?8XJKEShkswOy|vDzytB
zGljn~m|P~<8cmFzlRhnV?>b^V@H^mNq)#1siIr#Xt4c3aCYt3)nGW&}GWv25vOH%{
z30UHgM!jtzF2@#LlZCOBmKhK$&p${_k?>M<p!VrB29TBXc;Nlxf01cyuVeVyB2l#%
zvpHClhZixzcw7`jhfCeeeg%uXjPU@eCguy8@Eo%*m<l-8JrX6yrHH{8eefvF9KO+K
zCW__E;XIgt^^yFehhYh?#4rw#;!TXZOo<?pu??LV7LT#z)*<?FMVr&_xh!)+kp7~g
zmZ~`CxL2aWX;SDWiaZM40VV^X(`1^4*e2G_G<%Z*0)Br>^L})bIn12+jBF!t8S5E-
z*bbMzjm5r-$`VUO>n3yRoU4E<mcII8b9R&hU7&d&HYpenxTYA+1`2fl|9epy`@NXS
zPGN(I!eBy!NIRshMwUI>Ga^=zO%9!h1AnuL!tG_X?rQKM6xpP9h|jX%kQ~6Gdx*hu
z#KDa?wQFinNPmzt5FC*M2(b-&wlfD9cESl8BgmtnMsYRd!zRnc9T8PPoOjJ-8~!xv
z%4KcfFnv64pKs;=xaJM{;;6z2X~St2YLF^hY}gSWuFh!|s+ZvICA=j~Vxj<)&+G5G
zT|31=T=h_bC^Td<HIPK^LMdpqE$>Nho(~`9II?eEAVUz}DMk!PoZD%L3hCujb~YId
zCQ|+iJU?;?fxqwv2(|lD<PQoo0x&l|dm%!i)95t1rh1<+uiPxdOU-a-n@p>|HvHf#
z8v0-h;58&o2Zxwk!}o}Qfc1a8H8h|8#gi}hc(ja^t%#^hWMB>2!sGq&?0p2MnM#vo
zU&J5-Bp!8*M!HfS$5o9gw#N(z+kcR~Ib49VDD$e~bqt#T<*MDyF&CJ4!Ge~eum%<{
zlFo&WVGG$JBFFmp?Je2ck<ZZS-W+Uc+hk7FT@3Wq<UpPcnqeR$$^}!n$5Z!-`sFQ|
zTa1G290B{rJVQl0Pu%IvS!xUlK@>qMMVoEY>eY4y-{yFbr5uax*}_MaXteaI0A%wg
zWqCP9GiQ*|eGZOMi4Tr+NXaW($t4{#Crm&<$cuk9G}y;WqR^ZZT4dxa8)yDik5D@i
z7Y4!h@ko|feaJZ<r=Ez<5#BiNgj3gLMmuHieDYAXlOXM;NPx}D$}cJW1U{pn*{=#D
zYQ?;)k?z2|y`1LYYt>&3=$~n$&o}w6pFAsBViA-lIAHf`URJ7RR?fa>@lkxdp-|~b
z&#tw_7qZSluVS~oWCjU(pE&kJb&IOj-2*f=$)AeYzd5l+y{V5f0}cCyKW>S0JH58J
zBra~`^smmui;jAWEBC)`S2Qnw>dHOE8fmQq?mV&_P;(oh1hrkgLqXfRvn|<>Odmc7
z%JyU~B86WTdqYMBxgmm){wJ<gZu;ZF@^*XkMz_XHMOSib#iP`LUC8&&K2$HbXIV1U
zxral1GUQ!nB9eEo*u>E_wK`YFW&QIhD)`Aa>g)^3wrA{Ht8dBJJS&=gws?gn<g?#9
zfoTjnXRsqJ_JiXcqGwZRltfG*E4MGS1A@zw?F0}=^Wz(%k4RH6?2X^yCH$>0_xd4L
zU+Deigo#P>mxb>-id4rR_Fu$z%@@~o%gC)b>5H5}Q9sMIttyPLclfO=$&|i`Tnn)@
zvp7{I+O<}Yx_0z)MTko%q`n9BLLnA<Is0)MYxR?I%Znb--9+6KRD<h@1eMPG6>?u?
zSJw+dsIimv9v%exJ#H<zLM=V5K$#Xd=cjDiQ4wPJ!1$xTDs{MpfAK``y?)be7BaBv
zlHX2s`kdD-x%-z*zC}B=C405H?Yny|&CEk3d31GmedQrkrE9CQ`7lL(EX-BLqLKOO
zCoKYU4ip|{U|kGNzw|L)TNguz3(Bmb8+`VUELZrx@|A%!-y>xBt4ckc*QYNm#c})^
zAdln`Yng9iBb)5@-(@NGUX4^Ui|1+^6<&T&XZx^4wpZiGP6Ybqs`$Oct=<f-wb(PX
z?UuV6-?Nuz;yD;*P1?8DpR5GgTx2K3;Bgtol{$eef9AH+?2)dS<VE#yRQ~Xv9eRey
z%A{@j>8Zl-9e1}<l`1}IfbQsv&ve8(-p#gQX#T}I^x7eEA?2g{>+2O(Xa9p}9JKdM
z>z$ixhc@eIq^mUgTaAU^Nf6Mwi~?JZGe>n*OCJIweo-uIIrDn{<!PNmRa<vSu^GZ1
zOPZ`KF2#w-PYnz_)?cSq{TX3%kY_#2Xt}qpKp@9L_|T_L6C|@&kBZi|?34UoMItgH
z<^IJK4=mctFPP*>NnVUkQ|pLOJNHs(tt1N}hxco%{@E)4dvbgg?!Pbs2%~GlcH$3s
z>a5ppKFf{#>ib)W=lZqgljQ&L^=rJ*T?;Ynt!omh{`r^Lv_Y~pM+$Z1%9~D9L0+Bu
zL)m)6%Gsgbzv%f1)9slLbl$kV&UXfW`jwY88E3MiSS-Jh&9Pth5W8jv?K{gM&z%^5
zb3_-1O%fg|R~Q;?KBbHVd|ehPx^V)K>WLOc&Z<)fZ##!Uq2T%@kAS2lt9}lu?b3!>
z%byVf-eAE@wHdhYGx6lSw=CA`$XUy2&Y~{KmW*3=LNDzF#eFlqP8imVx0VfE4GZn4
zIs50NbfW(YZONG^ZqeE0?Jn8fq{&!IOBF+>8*?+3-7}pAd^<gD(;)h-G$yQbG(uoj
zN+P0T&gXonZriIhukRJ1;>$CUx1TOVR<H_mqM2<L=?3xa5=`UC#XH>shK}C1UAtGN
z1e!c_BXw&hH9+^?hitd2=F9>>w4h>{r{($#E+qq7`dqD$z{=h`Z#O%l6l!$|tV7l~
zwKuFaq<EuBd-Ag?oUc$?XajeUh%U|*A#!sdV9uX#xP`rwZ*gvFSW}m8NmFdBl&^eX
z4>;t&#$oRYqo-A!%kg$zIx5jAZbtnDHF*ajAUK;Vcw^2B`}W^nkp@xF{gE+7Yv6FR
z$$p<w#FU;1s@c2eJ$wF%lSbc6WYpfNQSW4%Zpq?xS)(R`GIW(U!Q;GLw}Z~?0I<`a
zI9ZQfo?VzEbp8+naPzx@tnKx!=t@pSPWR<YkLcT(9j`7#MWwEtU~ggkcI^$I4CZG`
zQli1H-zL6`-6ANvc02#Y8=xo_0rME}nT6)*oZn^0Gv}Bs9hGbEtazluvvwK~%<b^*
z^*B`^j7MB-*m&}#CSymsyu*$9`QEp-ZBb8;t+5$)0`EKP(tR-ruifu&WIX0lO1n;h
z$dY)~Wv7eDC;=f$5V7oMwr-}uy3KOXiP8bI&3OMP8XzKX>eIoxrjW;>q`A_zToX<V
z!0GI^!0OJ5KfDCa3IH;WBYdtAM2D|S)%2YP`cU%0Iu|mx-B7SL2w3WpE+#yncI5*5
z&2Ql9eEpK0mt1Rn@jZvG@@`2>e$XCs!2+DOxOu*kx<&tN22yeupu?GKTdWxNJLj)h
znhR4=-KxiH`oIH_Fz{z6|85}4yX96(gd)}4Uv@Ds(WjjZl-2my7Xfar=YZ=A`OMCT
zUm)NmPx)sL@Vh@7Q32vOmh-1KW@p-u^IdRaR3XTj?Emw@kBR)1>h3pOlTFG1O~F#`
zkb<?%&Qp0vgJt<zky*m(6yUUjx7&5qu(xtezs+m7@w4BsP;8Y4@V+_5A5{RjKjZ}n
z06cMz4aG3H_8mNp>}R9_kMop$4gf+fhRnj#(`o&GHcD3*4-A5`1U!C*$Ed0uR1Z#9
zFM!Qbi2sY<q28)LN>eN{-Oc|7T0N`OdKggoD#9C7J=*AhkS@^mH)(taSn%$K{z}`a
z*}ns~M>RnS^T5!H@5-JXm3op(6dgvwV{oD(vQVBW+@7Fk5mR{jW{@lj1jTIJV*@iy
zTRLNbRbr!b<F-&r%^P-%1R64y1IB|>r74w02kn&Gtz%$j;k(4>8)sJp2RiJUb6G^(
zxFo^SBe*2)7gp47oMWWxJ=hDl`ad2Wi%hq-xvdyCipDT;0(2b0o=`OA_OWQ$ZOu6`
z$pZHVH(@5G4|#?_#fz1(qqgWd=tVR`aB`CrCbfD`+_<9azP+EwcE$=UC~h2-r^GjI
zl8l!aw2(juyERy1VlaZN%eWCb8WbTqG3MyuH+pT%lan@J?Vg<nDP%+F)4SU-d!183
z6<X`<pk~WX<BSlyPhux58n`-Erzy<|*%z0=1FvIef8F!YE>Oy~_lA(}ni#5RWz!p9
z&=m(@5&Q}ETnHNNPaI?mF7S*f?JYDuB*vjfbnk)-%~05Q@g6X)_Wy5llnv(n+nfKt
z%TqQs?r4n87D;oE2{T3_F?w0z=!Yw4iWVYE;yv*lltg6M!jJ}{9&n5-_!=7y?#(4Y
zXN1`zWKRNL9zi=NWJ}b#3JoDj`c#A=x)4StR$w7i_#+dT@{FM<p2LJo1X^f8^1sZd
zA58y)jN-0IXcb;@hCi^5w@mR?8q9snqbRb7{pI0qPOBZ*ZRZyMYI8+N4#)l<<dBKL
zzG5k|!9x$OqaAe9Q@kB7NBBQNMBfLwii6xI>^(<Xy&)SK@3+|J1$pRgwP?BfaEPl-
z2W_^Xh*Fzx44>HYrcmk1J{*g4c0^CgyKFkbFuxUNGB%D#r?GxfLzp^*VU8Q`!fZh^
zA8GKJRvx>(xRJ_-Lj@9#)Jz=4v&8_cG2>46e(7dh=bJ|}Xb{OnbkN)s&i9}s8m`GU
zOGY@wabQqAhiDY^2Lk)r*nsSsjT2A&7>3CzjhjQ~UcO7ALysSuoHW<cGpUmHSkTPx
zkWoEdyGEYl$ffj5A*@|#;z5^jqFWjsa86j&TT17RdqU#SU|nxSW2pbIm}t^_y2kUq
zB=l@l%hl?lAWbrTe~}|1Gj>d)6p%gVu5&WHC5u*?t;3<&W@Q?B<V9kut!6xXWf+@Z
z)*tT!IkF}wTBRx}7!P063p8C%F`oxN3*tmi)G?rIzkHJoX%M}zB_SM_fX>SjpQ<NQ
zHg=qICDC*(je5N%^pFO@b)eY9J3=H`njPWt`jqGZjkmQ#6%$QFRo2!aUz--Bg*vX^
zb6aW~TK9A4)40%8q?4i#Z|0MoH6Fy<1saY%l&q|Kdd*TsvSX+UR>8mgspusn*o8k%
zHh7=EkbMje^zTb3nlK*Ld}JnQnys`|IvaGh*ZD#CEg$oZE}aX*f5A@{@db|ky?xKp
zswn&X82RnJb9z;wugVu0;=X|fYrA*(IXtUA_2iUYVFm95o(W0s>FVM?TT$^MApYQp
zdx9?1Br^zIdHp51J!jO_fKy}f2}%E9+OBxK4E_pJySBe|=mzJ;=G}Edy@mVyR_ptG
zZM*1xwW486X<N6UvQCbv;&3TYyKO<x%MM*N+9pNW0?+07x}L^#9kCy+a)-+-11#t3
z*;&aGH0gT|`>O(W-Tsu0zU#?@gdSa9DJ@iA@A-d<eyAHcL2Bg;mm#ueXxZCh3{0FH
zE5jw7cv~%B*PM?VBJzn((Elp6ZGNX<0MctD8Uvo00J96vg4;x%^%a%A;IH{Q_-XOh
zaAY9Bh$4GQzl!gQ<pE><=x6VwV#TNXWPHnyw1>OL3B`-fJ!K<(PXFuLMO#kqDwBUM
zyl|FF{rSMm0ul>y{%$9iuJISdBiBD#>xp@J&l6TVzMoZ;O>2zld$)Uxl$asoJCo&C
z@>~B`B2R94cxARA;_jolZ<@^Ap4|k=Bk1-?1-AO4s*E#d!nuk^Cj3KNtmfG)3=`SY
z?QxAwMZL!X*Tx{<3ez-tKmEK8RpB|&!=x6~ty-ONjgmtJwjJTa92`13QQ|2Hk1}tS
z9qAg*nWT)alm&!HZx-O)C&P-Wjt%~UBsQpJ2TfXBQ|l^jlX5p4@})e^SFQ&t*_49i
z_rka9ANds&80tBky41vat)164DkM3ST@i^b>!_+*4$ZHrU3zGkHaxog9?1ps@)#g=
z6t3qjlla(zBxV!+cSbS4Mnzyk9Mo$q7b(SI%Y5mEPekWgf9xbkI>o~ie8R(%9-Y~7
z(7zU>_|oHF?UkBl!H8!9DsN}{E$2Hd?RLJzpb=c3G2sB@-^q2WK?Rwo0NpMaVPwqS
z(^;BoK%H8DapWlM^prypj|aE(W$e+>e-J$%0E~+$L>ZLGmi>|yTZ$7oKI8I1AjV!{
z&dt54xMQtTB-5+I5}RT7+F-2BNWjDw-zL~OVx;<2k6n<|H<kahMe!;u$<li%p*ph_
zFuDyy$35x{&T38e5215yDd8c5`f;lHy|f+$vF3=8Kf6sr{!zUBO(ha>9DAkI;G=iA
zi=>5Wzfu&&=jKS#(WuZ`7MF%)^Tn7Z*7E4lw`rXW8)T`@Q?agsNXx7exvc)$h#*$P
zRAf?6giBchpSjG{Mts|hWzl~SwA@<S!FH46^tm@ehivPIDU7KCx$<0hrzB-ecv4$&
ztC6}g#8i;Ez*-(yH7z;2=&-Q}7G1YL-swIpQz^B48PfvxRfEYx>wJ<zNZrpBMUkQ6
zT>s8ypE>YfimQ`~75tzl&-?JXSj8>Wq%KK;FWPs*yTL;8<r=%BdTE~jl3~FSdbE=}
zX0c|VVo4`)GI|j5R$;zL`-I_xu0n;`UjdaHVue#JU;lMJfsj<TemtW~+tXZk@(-2$
zdv)l0p_^HvZ(&4hY5^b3CFXPD10Sn5tdA9gTt0@G0qtvLdq4C}FR*-19ZgAnGiq-e
zFYe~L`_tuucg@HMtV}!AX)0+Z_PqsKb|r8mHfVR0kk0bC2|`d36xW{XG@0HEc9gYy
zF^<QxGTTb1x}oOdYeR_0Yg!}c?XuC*ZNH(Ko-Yzw9jqgE-7&htg)rZ<%osi>C3?<t
z$zAeE!gmG>5wc$X)y8TqSGCX_L~+Bc)lz)1K~OVp^(mmmxDI%zd5G!rv_`FhqtN2J
z++wQ2^Seap)-8fM<mG9-JmG2fJ7w^AKKUEC+1=L**HPt#L%dA&pghJMQJkqY)E*_U
z9HO^prWKQVQdoBi==lBeId2={g^g(}08{jnhXL80s7CI)8N{6-!|c0Vx#e~{Q0h1t
zHF6brzVOI9EBtm>IY{-jPgyE&y!q|2v)==}Bgg4rnZtfZK$)ZmnrkE&>55u>Hq&PG
zj%5h@x79tclIYi;7$M}<%B9M0*FCE=1kjWVU?c6*(Z;o6Dga-W5#}*D^=HEiY;{<2
zt%`T;x0s(QMfdddK(h^ylcclKf>3a578f!KEK5_$i7KC+fpZMKUA1L(nmWD~Y$pou
z%Y&{Dg9JoKQd2vMk-8?Y(3j6Tk~WcH60GCI52(FBTOSA0oEE+3Pn|_*r-C)k-N8S*
zf6Rk;#m8ohzPt;g=rJISmpa1$tgrVRBx>_sj;#;Yk`+u)Z(IbR56^<|*Lv^(o46Y&
zfD<z9?xHAtwj@#p$GyO|r`kp`z}ts68oa>^B^WKSF=bF8@Wy7?;a=EoUKjyy>OVLI
z;%ojW3<XAW&Kz?a+ypH50?0D#e@ImWpZv+}kri!X9ff3iU%C#ijfXtGiGtUIlNGA_
zTTHKUuLI)8@_w{62RNAYOap$DcS?2ZbHi}MMnH10pY)2a*I~q0LV=d86kvZo)?V9x
z@lubNVM=xPZrs&*>FS$1dYd~x76Ju?|M28e8N{1jl=1|DU?x-m$6L5TJ`C%CN8ZfQ
z+vtmZt33to#0Ja)$__Ud4O0qQDbD-gp}d8}{&gD+FS$MU2QW*CgK8JhR@d^iL7$k<
z^%&eFcQB?}HB!egm91kD9F=JvA@C3!x>fxzE2pJ~u%2rmzQ~z?KLAfy50d)}yl*rp
zLbx8qn3k;vxRkpfK<|f+vSKvz8%y#mZ9_&9hp_$Nh1!UJU$s@$cQa&D)0Zb?;$~?6
zJix=l)}i@;@yT?HQ4I_teLSc5&Y`@UhW$O)z*5V_g20IJ2FxAflBG|XTC(TnF1iLf
z=={>sRyk>*#i~AA^2CII%@rV|K*+bf#El$pU&i6_%8N#}l-snEaqi#^B|e^K1x6;w
zim)|CtTJiMCfTb;#P5_Ss#2_7iwk<ym0pK_K32<q$Ry{8<jb=P6@^BK435U{IZ{aD
zJ1SU`S;DLatCCZNqEuLjiKXR)S*cT**L6RR!>-6{X+Y9$m0=xz_NgK~3r<rk@}fKF
zb?n9QTL^fX4oO5{toCp8DTKp3lNk8wU*rj8y2dkvgC#45_^Spkf1RD&u2(0u@B_h4
z^_j>5#IRnLts8Ue-nT&5TZ*6w`sQ2GD+<u|C269Z<So)la|F5&p+tdyKg7xQ+_V$h
znt-yUw9_q!ZhADQQ_*uAx02C$=o}6$xbCd{7#s*kVC?_@F0=M99+(F^g*^?KL}#ZU
zZDBm%4;UU!0V^M&JIp3E0gIw(ag->c`RTNGhy=RUQ!=uM!r9IXzXqlaB35@8LKP;5
zTb0@}`|rG0{PYFu9&sJxioPi4O*vYhQSdz22U7#ZU8|M$r2d@{;U~g#j`2;45=3^&
z`}+S7_2%(V?tk3yF!n5C-x>R4jVMbrmO-`#W2dZPkR>G28T%M}vW6JN7|SsjYn>=-
z60)0;J&8^WbCmRZzV7?=JWqdE#x>V<&Gb^A_vgJ4Bn6X`E;m-QDs^9jvDT}Lkwr!e
zC-_>lLuxDojpOiaX?jkKqB)lXOu8eDZCG2K7)4rR$!GfKU>QxyI`=M`U48&(S4T8p
zusEm`8$nlDD4GF6R)vg$=6G8)CpY6iY%1u&i%tSiDJb6f%G(dxCOc;frR$u8uK4;7
z_yc7pqrIx9@$Dgp7TM;_OcyZ$glHw^`i2ogEghd?8mEk?@O~w`>6YmXi{h+qGOAR@
z!>;gPgu)WYsoGH-9FpbLaCXHlj1u*r#@LwAW;c0V#*94FfRG{lN#<B7{%YnNF#t&(
zc>FtGVt}e&-MS%`2FinE2HxesJa+Ka@p;E+NOM}gXW%MwJvsfEdUdtbytLCSN+8mm
z73Ca(ul97zC20f~*O62hb>d0PnPJ)(^w&AGeXd!Oes$B;>&fNhH@}whgLoYA+sQby
zXR8gwq)Rug1YjFK?O7<WIG4@jq(X!aUSfcayizP^WW_Ow*SXlnMX%}%V4K(Vs^OS=
z;hM%3BB7;Y?=F(@g~~9^lCH#O!?<7`19si#;U*Jq9{oYGyI5*h=as1$VYBEFMpH3K
zj1Hv}$?&(MkiA0m%h2_p;R?(}xwuug${*iN-%o}4zkMCh(iR#m?#+V<Xr2Q7ZQZMb
zeQfuXgCB~Iguj(YbZ`2uvmjX`IXgSe?jbVXt={(B#U@gZcNxkiJuT$dVi1ShJZIms
zu=F(cic)xL+S$@i>5Eb|A_T3m-cRY=G4WXPaqn7Ju`M?$uBqthg~^bO1TXXM#T5gj
z_s@%d4vx<He(hP@0)NQdpja*{@O8W&-To<1)9*ugYa1Fpj&HIa=NwF1EdW&zO(G$M
zJ_5*?IqeA$h<IlG40`uT2-wTBj!qpCWG|-A?W;}ecttGzJ6$e$qiY_h<~5cL-Ok^g
zoh@iG?78<AKKI*gcK%<XZ~f2}_|jgxSfO8wIPVKfTX|5F<I66Rhhof$T>sp)KL**9
zndDZv&~>_>?_rwHZ4YT$2b1_$qZFAzFW&_>g?LSRwZB+&K$chcx7?$I>%U811|Fp4
z#B7XseWjOfJrow@(4S~Ikp$m7a@2i(vr&I`L$dQ(i=2{9{n(9}Jjoak!<X{u<HU?h
zV~f;G=#``&ZgU5x$NPObZ)<M)psl>eC>JywTw=RK;&+scpyT|RxmwyA{{>$r(GbF_
z<(B(hdn2J4EEThR?YX@hdr*c4o@Pz-Yb~V-myGwde&mqqra$ob<+{bL%d^^sG*M<k
zmi~bxDa{-=V6PdqbRSD-F?@S2H*sUWU8S0?E0G(zsdIORGOxd}XFM3<YJ?3gn347$
z!rdCOJ@2JS_gS^YP0fM8L&rT$k$-$Tbn7a;E*~B-+8WPaC&X%qbRVm4EJtcxVIcq&
zx&5ALr<`^4m9d8dHAlY_Mq;(pzy6J#q!m5dLm?yFQ9|{Kcj6v9?nMN14ksxoof-Ty
z$PW@^-mmSwdgDH{hNCm|S^5<w-PCs9n^^rT0Pj0VvnM|*1;$veR_UK&*7Y~yck}!|
zcKBWHcD`l(Qs7v^c;p=CohX;~i^)8`5HPfP?mXF^bk1uZ;n%H5Fk`$9WHV$Q-*XV&
zcea*ovzwDfB0UM0SgxiSN0Qs`Uze((%dY-6%X)tsWPAU5wDgZx2`NXlywWF+IwG<3
z%t^XSp}}=<a`_)^eoJS^lAOZ5Z%W;{@5lq!-rOcgV<BGxZ~K|FQ1FS3g_(TDDVFO^
zn-$%!y^kZbn4h`CG~arPKDIFp$j^VFG@)QUtXa}I$OdB<>?F|bD3z08%iK!hxGNX_
z2SN3Oh>Xy?{aGNtBJa)49t3KH<pry$es=$uEqznMkH%u`QIsVzNyCcZPYT-&T_<Ub
ztalFGKA(VKb-z8ovi*Ls+Y#VB$Px|BjuQ11VQ2b3;Ncdnz4&hB&Yb&#s^2YIn9%S8
zxlE8HBQhTF{R_i~U6wT0mjz3Ze4g3u2LU~<Eq6j^aoqZ40S%seerma|6DT7oSukpo
z>&L1$x*6&bvK$n`R@GpvKSRHRG93v2CEkqf=P!q>cQrY4kB&q68Y`pTEf1pak*F#{
zfD4fC4r2#K=JPbc3)5I<mEwdz_|bgEFO?A0z_x2<ufMyOc>dJeO4*D`DbBKsnKY~(
zd{jRWO!!zekNV!|ME>nu@wtrl$K?JQKnvyi1zovu;)Fd9x?xH&09X4-l<N9N#fC%&
z)Pc(S&>7wn-pcHc>89JxrSsg=GG%Q+Vn@wpO&?R@#hPBVWiVRsa{y|<MvTzg1lHbO
zd1mIf2423q;({3u%kq`%a1uSfDqF6?H*Y5@e0~VpI?EaZswK<+;x$JF?ic7e?2$(M
zQ+TvE1jNl#wd(3T+_Y!w@UgpRZx|P*C!r1eS%QtVXlhq_*<xQ`6__@nO-)WX%^KXf
zZE>G1c59eWUKaL&$ji<A;b^Kx)ZmU@pYq$pT2nLF>J=q-<@5C8P(n&5^%9WO^XCP;
zo*V<YhNkYXJ~hzC4G+P2U$GL{V#gT61DruhJlaHAvd0JAU(>L7C3c4(`P`9!ZVP&Z
zW$&p~ET5!}20-$4?FGdB#m+l9&9f}spv(!Sa4*DrlnWM8OM(S29Fcn^pIb{G7(eP<
zZ2i>)QdCgSH|2<8W3+RGHy*K<(f2=S2W!3TtMoI|(OMoA0q){yMSa9<(@B^764Txt
zwkEpp7w$+SHqwRf!>x?$^l|HwIk6%mT6`1G>J#5T{`Ek|=sjD~i&5ZsxY0Zv!%bVa
zkOxeL>7_qAW(MKHAnN5&muB!L;0Wf;z)BK8i%v^F4`r-`qJGj4K!O$UO(x)1=o}8M
zQIWo>drGH_WF}2K@Ct0DOD!|lA$l`{-tK^e^z<~4%@e8w;$1*2(Y-Z?Xmesfr$=TH
zJ4m|eIu*Usn5ctAVntfCLx(Oju%s#oyN*k{#JF>SNgrlyVL$@5=yHcw>h1I~nb#aY
zz|gGz4KsAL>k{gek6`DY7A#D?Y<U_d=}X>~>`ow%dWT(w?wS<|IU2TKXDkJT!;(N6
zxKMu|0SnS@*h>hC>NPKXD^B}@SlnyCN4|sY9MC?xiPlyC$jAZ&t(#_LHVc5tqBCsZ
z$23M15HnTCv;aN(R%W2zgji8w5)@DNeI=oTE=oyhwE=pf{(jjGNANNRoz{~;A82?1
z_AZAGxIb>_;x_=)u3Ub#3%tVqjldQA3S0!H3)K6gpo}xA=2xXTm0SL81xUG9wTAhW
zy%#I0pm>Yu1NfNUft7tVHvFLu+=X`fH1I6rnwwso-o-s>ZQvG8QYZ(x^O5ttz=A<P
z5CEXW@|6l2d_58_1UQ&%{s;gAEct-Xm4$PftRt#h?6;alLM_=~#$op)9=N&fDIJ2a
z&CJ`_DS!zwLIAhHeFqD)HF*kx#U<J(gBXXF`ruQrY5ezqpa|Pnd;1ErKRY$BZ6aAL
zRcfJ4)g}oRTEnk;O~1$)1LtF&9kQwXgmKMQO_m7z2C6&1?8w<1qQqXYF<{%2&s&xt
z39i$c_L+k;;~_yd)olU`h6h46&P-!cm8GLhaBd9Ea}eB|y(3<82(8INfR4jR7xS2z
z3X~hzSVyaq3ap%&XBoM!7|XniM#^Nr#dE19MYAARlMoW2xFkyss8d!dd$<Cojg@zr
z;kP<Y@2j%xKToGj;^5blIo4*GSUGY3Awf>KiEK4o|Nq<nGqNRD=dBYu&Fq4nERQl}
zEirO3F|jxFLdTaF4~(Jq%wU%18wF>4X~ksED4xua%ETCrBs?U+MpcON$}j;zrU-&N
zS|(qHag@arehZl_0{8!F8zd;}%=+m8Y%rDJ3+>r1xc1JdzRq^@ndde4oqZvv^rY%<
zX4kEsWAIHDawrq&a`<}J4Gh`?ZUWWZKc`IM_;yktEHqjPtB#f7fU=H3k9x=)HcY6f
z*G?=uFlDjBRYAP4&+3i}Zn!zd-t~46%;8LOunSvC?xw)`p->o0I)Rw1F@ffuS;uk0
zYaS9vJWsNo5f~oB>)=GzSrO;I$LynSi#?Eirw`wIr_)R9lVagz)#$f6lgRAD8;MnR
z8p$@0bsCnOQ%)ZEf`_<f$1{=<nr>b4LQVFJXNrl$5}Bd<Ou8&JyhKhhLwguSft;_L
z=+quWs-{Gm|1ge(2)%B<!iE;!#uFvBejyMA%LshUamZ^DzX!h^M-4<*LV~3FvO2!O
zAKA@?WfHD5C#fBM{btX`Y4&-D+3?K@g7NR6_r{S;C+_5;$iNKWIeRhgE%HuveI1M}
z{qv42LaJ~WBV=GbUb;%8B5ld|*wM(LeEUDNh0UxidFr8<tP1}povAzU^Rqjn%{&ch
z%os7qZN~z%y)D`^<b6VQ_qx{*%+u7dPzK}cmdb(9X1-Pz!-f!KDL(@uAC)o$YP}w_
z;{>M7RYk5{A#>6Bu<QE)TtR+C#zFh#-Nuyc?pxl~)d3IqhFFH*bvj;joAEmLB?`$T
zViqpJE=jB@v(cfXY>HRR&8mfjOIYW#2cvVl*SOFz=$6t|kxSe<4v(ML#;r+KpQ}Bi
z&>+dO$behl6S7&bi5(c-GQnoiW+czizCeWz%c6E2di^@LgJezKG#AWp)$39YX{A=N
zATBcMZYmowE4MqWK>qpzRV<(r<~82q?qPGEhXO^wCP$9-uimiz0Y)luOfGJpd&(xj
z#L)$e-!yiZe5#wyR2UR5k}m49+U}BF^`;iu|BiZeHqq{)_(-VrO2xbfJv7YJ+t9bV
zY`ZbmYLWJ3oJxFo|4oS2M)kn=eUWj^QpE@6|9P>{lG1i-c7bSUbCo5S!JIM`wzYCp
zs^yWPJ^w7kFP!yD10ySQmW%kyF#3n1w}O_yNgK&}l%ZOCx4YM;>-YGj(Qj_l!1jcD
zD>d1lCuXVslm*G;Nba)-S!bK|ecE^)Uk<tKB^1*jNk93=jR#$TQj0105JHoBtIUJ<
z+>faUna=1?Qsn2ebbVUc{Vg60^GZrWt*+D$895(9mKm8~^Q)AQzom2!!j4@bEaRvw
zuaJMF7G|LrvNfWo7s8kPQj?|{nnOB2w9CiNwsH!EfnmRLi80YNGyk^;DYwsPru)B}
zJoeT6+jXU%+xHGe-uf4^H|8GSn^bl6!^gAz1bcqky@`KFuZ#n9{G(qkakj!)7@CG|
zytTNSSSB8LLM*T1a9?PwGkU`UM<Guh%*DQ3O0TtslFR*Cq+aVXicAq6?6n#21n$NM
zWOpe$*?LC*nG#a9(_p$gAHBO{SS_B?3&C%U*<NejKfZLmn`0N0C{0uL#*?9Wn`g%q
zG-r51-am@tW|lC|(vP`tQvFi6?l0y9{#-y|oEsvKG^!|{bk7?tKv^PVxqv$VpG*D;
za8u43&m6v==IjLEvnlt7dK&Natmr;p;>e72L^f@H93S~-?4%5yFQ4ccr)Fo9*l@_x
zmb+mM1<u%OTGGn_c*WPok%pM3Wls}f$EuKh>^SYdo!#x^NB(w(BYfM<TkLwLEB#BJ
zmZEH`H@oV>K}O}&%6$*}_2#DQyeFkh68?nB>xb-3*HlWV_ib(Tdn<hd_qpXejSBc1
zRhq788@=+vzry7JMq~3t^bf7Wl+KP#izyr8=@{u`t)J*tq3X-fvt3zKxn!^|2C(D6
z{NEjNn=S1H6(@}p#xC2yMkShVY)18Lv)+ahEno%tS0~~ZI5DuH#%r;7jX=DDv;B{q
z88XQG+U`aA!&>xO{uPTSIjWcET!(T4X<JoFj0{{(&Axyfc-aZ<vQYkfA*5=1Kq2j8
zs#=I}?zz}=ay_)-CUOX?A0O1*q~Z(p^yFc@kM0Qm%{b@cx-}y4W6`ipMB2zYisClu
zy>9Gl*)&4{PwlCEntnCAJaV(EC01{%P4l2YM+k^~ZjA>OYp%fKnnw&Iek>XOgz$up
z_0FEo_cOkcd~r_2wL*F~_xTHBUpoFeow*Ypy0wl<JKC9oVL#W-ZJ%*9W89wnE{Za`
zFQhhn&)R|FSGB#U7jMHOJdM@#e8bAS`>S%e9>gBGj)y`nuXIe@0)bZimbGf<J-aS^
z*Mjo%qHaqxmMudnkOICsl0vnWe(mS;Wv7ttxt<mO%=rBeA}o8EJm2p5{l#_;s_tHP
zKwgl~;mEm;4cEyK)kZyWVu+r%TQ)(k$CZ*htX8Qi=zDxFc9iptdE4%A;>)D{FMfmM
z;nqlv6=hqiUS~TRYarBGzX8N9y11EkzKADhpFDlkCA!_vP%NlhcDAnOrEm@06x%|S
zU^^&hjSz(GcX~DtaCxsnD{ApBP6h^TxP?tYXiDD$Gx500KNse_lsQH8#EMaNFPAqp
zO&!}uFggaD;wr$AJ7v$`s`+*oAHkf&WytHO%C#F*PKvli`+W~wW@x-U$;qBur27tn
zQq^x=BJxnsOyo)=2VPTm+zI8sF9bJU1#aCul5>`O!=lJ+f!TCn3K#nkF$2aFakBxD
z!P4+p_&dsfb=BJ}Q<YQ}Rv2W085hFc<wdV@yXUg8vglJyur)NE@3ydY>puFD4hWY2
z6sS1>a(MdgvkR>5DADAn52Ky!culq|VY4C^6dD7Z3}m*IlO>?YCKK%pu27DkNk6s>
z)#cPv!B2zQDj*0TB3k7XZa&}qa#E!4a!_*O(~2&Tt2kh)=3HZ|Q-~Y2ZCpc847Aj*
zbwtmZrmMS;)he;U{xw20EG`yABnRX@nY;*I-AE9hZ3mcBg_u~mp*ujFKM;>WP%1j#
ze=`J0jvq6%m{MIcSjUEHhGv};l)AsGxdPH4yd*fCoZh~?_OCxim!BEszgB2;en`;h
zJxI}%Y#S7>buaTah!caPw?)Eli=D5EwvW*oNSS&x1yX4`5zx!2h~6^DBGql$PtV&2
zXeHS|L(yUE3Yhha8L^QtRsq+_^l}W)&R2~a%GZ@=Fn-^-PnZn6g;N1JMSD7OGhvce
zy%~&?>v3}KlR<$x?LZ5}%40s`f#`kX+WM$&2Yfmwdk7@s6`e<&7wmllQr<q+2TtFY
zT|0>0%Dh6%2hg)bFO5@tR87bTea;bM)z-fFGeR2h2>ZEmC}B5|V8tyEkq<XOc{SBE
z#kS_6K|Lz&H-H25&Wr1|ubk$i25|?Qpzc0y@C4wm3ite*#8+jjn-}LCbOnF}h~H`_
z8gS(EYQIU^fM?m4|0c}@oC#OTRzdL1{SW<e?v+WSz3T0>NN}}1eD!l?7srmL(aP$S
zWiiuSWt|3^Wc{zRwkBuvl74`RK1YfQNSF;@cn}fTmKm}Rr-2JVVMJUD+)(bPUrncp
z_~H@Z@3AD|?sQDm+aFdy(iB=O^*F?B?~9^xQH<6gB?deN&RTp#d^H(jYEl%#Et3lb
zTlddI1fv2~Z<+wD(T(`)<?3x_LviRd!3v7Tck?G~^K}HanE{mlhQ_q88@xpKfQ=OS
z7HLj3aK~B<nYzj3N$Utg<V30vBqZDv%E1~M0T3YHM6{O)+y<eA^re%}R;j;Md?Ms*
zsi|Wh!=^4(mn0~&o(^`b@&u3aMrBQYXEFjRbb*|F5p)0$vX!fGFkRWAS}g|Qn{09x
zSmi6jye5OX<Ya#(BpPoj#a44W;Q{PSj6^;c2x6Smmn{}UhzYQPJQX&K_1$TcL4#`R
z%T7#<(gNrV-e}IY;7j=hvM>z<*Cm((%#584nrDH8IP5Siz5a$mBw0+u5(FXmTs$j2
z)o}~MWGrw*JR4uF%Yv4i<+c>c2e2WPiGj#$FZlm&{+S+}(L}bLy~)NWQq6CN;Em=m
zfpi~L^OG5Ty`Vq&7$H@b3@gAdM0&udnw-kP#Bl|g2!kn(ax3F@e8w2o7^aL6DZ9KD
zU(pO~Fx-h1v=@?cTwOEvlZYvDl4)RL&K8@;$od*O?KB1N_gfgFKCORWKqkt`nSAYd
zQ3BC+eQch^CxGt?$#i15&&ME3d}1Gv$HcBphAWyeqqvjssmf39wczh^p^@Tz8UZM2
z8yCWv2(XP<r(=+u&*I>7ZcTU?mSn=ks%Kbm<{O6fzU=y$BN?PJ@I5DZVeAjSBL5%+
zhSgUPDtN^m!g6U0vTwM788`F{L6{-d4A<sNLs`?Dgn3n2cgYIwD?Im!>C7$o+6jzj
z+)T1S{^VSdK*T1#`P1L>C?9@hTqEzu1at9*8M6JmnTz@;i}lJbVWj6n#vxMpf|<Qr
z8-%em)vCMu_Jgxo8NvuBfvWTVCN*jK_6PsqRZV{)Qf$!GQchaQlqfb|3@Ss-3ZDOK
z>!zjlYrjuy1jUN?X7>DFL0ZoDAe5&m<L_BgweiJN!O_QUBGoL@JJpXN&`AiPIsDMf
zLBdR5)e(L-u9_;7$EbG}U;QqVt^2WXXrsRX`wi?c9>h;tj4G<Qru-pr%v`E5jvTz-
z@8D!k8H{~D-kU|%l$(W?Yo#EyrRyG8X-9@i%$}D~34}r%2Aj&C)v+X1!>2~Xa!EO@
zOggA#0=6rcUrPUpPRp3lxtf+zzpNcy#2ad^T+ig&Ndbq(gt&E^H?q};kh&GxtqW{L
zPtWahdemhhKBYq-4Bi@z#D77lpKvftAmC|)Nb<cKx(exiVf)<&vvI0(R7%qR;JLUH
zeZ}65^ve+`YcUl=)EP-4vKEjLxut8gQZBV^V4*!n6Dh>=*SLkmEJ%31Y>&^73bHWn
z%DeS8Rdudtfs3*`ikl@ok#k+k<&-+SxLc?GxkUu?((iJ;Tgc9eICAZ(eJ-26PscWw
zOmb1ch)wLb5k9}9zPW(r1>>$lBc!bfVdnxnq<vL;BRcq>e$6QLcLHvbM&rEqKE)OZ
z0WYpWDel1Mn?tYF&V_G-^i8QG8=aZ(Ac<pSxi~l3X&=PgTrC~{>36sL?t{7L5!$vj
zMD7GL|2SsE9|MV+LL+AC-i*YU`Z@gPHdjCkq2+#@TC%+v8S|1Rbob#O;~VoIg~R^7
z!J-|ZotEWZaV_WXAn64zsKvHWSnS5oF0i8>WNNXgIlWo9qw|?YN8un`(oR`kM_=P3
z=w`9qk_TB$fIm3!*~`lPef6&D=f~^&8SRN9ucBD~+pTLc*x1X;vsB!E?;H~eU;?xh
zVwoHY9^OBe`%hX{;*+Gnd@qm~$zFYoS}s4^klS~y|5q-Y1>5h~w(-wGJD0_)_5LU~
zY9uXiu~SJR_=(?jK?4n!u;>1ZRa4^0lYWvEy1aKnl5WFNQ#81_Bsgbab{$o&(`Xd8
zIKh0K_@>g!f}+aKn`i;@H5a6Bcn9phnwoR813ZG*e>`r*XPaZ9N0tKL?JX`n6`;oV
z{uMMqJ9NhE#Q+GhXcy1%U=9RQhWq@7SXVN6(l`h3!c;~}UW|dH$H=nLwfs%vojMTh
zv($ap^vqX|PrB5M4iPH%#nidsR(ewc&XDN;d&X@yV;SOV85j_gHE1-N{S0ZAZ*>})
zxm1u8>eUEZi^d6ldwtD{$jiOp;nHKR>mBEw$9U;H9O7vg<;>NY0%Pjx^X1J*9;SX!
zG8!&u^!lam5SiL^c)7zz{#@&7aeG`neXu=UagM<&kd#<wp&VO$8rV6+LyhvJZ=fOH
zTpYgHJR`}9?v)RLaQPaLV<PP0`qWV)Z21O+o3VEYtoEfw4)2nwDi^c#5{%y+wT|w#
zP~s>j?VG-lob-U0heNDXy?{@QTVu&o;9vNd*EO6PKZNWCTm6`a690pA@h`h&m8?y;
zxo(LXz013H+16y9;wPG5U(8f6x(n9p+p$o-$h+DC?l*>whL!l<BA*rciA)A$#G=x4
zo2`Hwc29&!YU%I7X1&FaJ+1wG?>kl8C$a<D?RH)-oY;ev{6ICsV>PRx+&iHc%=|6x
zstto}e?Z&8fV4e;6nd5UQ3t&5pcHrC5xMq~Xoo6m_bt!1ezqVfsWUcuTOA+!j=cUk
zV?QyXR=d1u9ML5Lc!2yf8Pd%4%3H;Y`wCU7MWmrzxBY-+gPnr_(v~OC^qk{rRMYhQ
zL4z#)JA~C+P<t(fvh7f@Cw%PdxZYv6_BXRziv=g(nl4Y@)SJI};bp&CU@zrWj|6M1
z>l|6AR&dg=^?KK*koR-BF|XIT<<k>|-W_JQw%GjEj`0)BZk6M+Vc0&kB4~=FJD(3>
zg(-APIyY93B0{xK=Bz#zuP8l`;%ILuUcx#B6UG>-C-hY~%DgqBf|1!k>%8o}3uM?`
z)%Q5sGD5R)0_V9nK=Qk=nDY5zhDC>u<@F8pcZJ>!qPpDMMhNL}zN^V9a-7!rawyZ*
zDGYpanRC01lo2YCfPbJY*~$DnP8kSWxaB<l!Dkjj@D0xuoVaPNI!fKuWnnfG4Meus
z0l06n1cUnAYBGqpIUD0-z@Rbh$iI&hAt02z$3}a}pfaiFtF7o>@KZ9Jrn<levKL$K
z5ZmcAY3(Tkzm6nDL4H*@3Jccnw>FalI$r>uzs#G(9%4lSs(V}zBh0RU-`Hi&6uti`
z#z~9jdj%$jhYx)3d!DSF61IADMu1<EqVdaLMNazaE#-zqB+k2yoj%HHe=bKcAw2uq
zsJR_ODMvf8F2S#UfF-K`k`#6q$bMe(Sk5u+8TPxA#U6#~F&f=0C&j+}4=w1#Ek)E?
z6+xJZFj_yGb`y`!c+TWyOyw~N`HM-XFlBuebyqN$8<KHEl6g5J2F$}jTX<Psx5-e}
z3`QfYstvvLqVRUA%~x(_vb~>PSYdwT&iU)wAbmcp&FAX0eSl5p%YvpOU}SjiAtGS9
zGe(2l4<>f^j?$tmN&z*{>3aY22FQwh6m*4=smIh!{9c(<1N>p6jkBGoWEZ0iE7(^r
z5aqvtdH>~Gkt;uCKkKdiP7@f)tXg6o5uI{kcO4HA=4HI94G^C(6WdQgF#Adl{3#=X
z*?gRmcVHi2H>Gv!VCO;L{+4dRt~5~pob-5yZ{~oc%P2i&L8EB~+@TAI31Ve5R^$N6
zBf}Qx7BU*>Zb14y;rV@^rpo$3mO@E^5Jy#YCZ1Cv71I?7h~QbU|7Z1PGSo4rR&-9@
zhA3qM7=RP%`G)|U%l|p%C1-(VgWJ#;_oAevC}d#u7TJe%PUge-FH-MlfAX-cEM}Nm
zkaR<ktrt+`j0lj!KYmW2#8KE)H{L=z`P5JVb^hVjsG{flcI8odql)PM*PMHnvzul6
z$-X+Ly|KR@@y?v~L_sX$^8nnBqA4kz%Ah(O{4yp$I~NxtskidJr^A3ScuV6Iz|fxA
zkkNqvBfKszh{D|Sp3{~Ff~#?sVKoICH%GNDPRUo`s(40|RA8+cAnE`&_CC6FwxL)X
zZXw9-rrYBm;yQk&{Qarq=vQBJ_%7fBT<?Qje-aiW`x(lj>Rsj!Bu>hI6j1Z762^1N
zHACOBmcaWsL<!+?1jD){#nrrQTsVCfpc?Nr&456-+yOQVmgmS^l-*j<F(=4<J_>0A
zAj$4goA0jXuO<wJk$rcWSTmR$1)iTEK6CZJJ_aI8M!cjhcTKa{$>)HQ-7-J1uXDij
zjpNKD6EgUGxNIo*e1Qc-=Ci+BBJcYSWo6AT@g8Ny+*<wJfQn+aLiGRm3D4f79?7;%
zP6%`j7>h}jzkj8yNk(|^?>@m8zK~x}hOMRXI;sRrvt2{LcwX$t%n88fkg~2n;rBg;
zm~J1*HZx5#<?Y}GSup03?Z(Ooe=|OuvA=>1@g}b~7D8lmn-YP;pEJSIku^RD)#PM|
z=f*0I6@#|lF=3U~HqJr`aIhjTJHmA`A3*&DtgDO5s|{F<Z{kL!wILW*L$pM-K9s0(
z8oc>`{{W{i6D$>KhJJ>I&sU(eXO+3Ms;!vl|KKI^VcaAZ9s{^_8>=?sBm%O;NJ>WF
zHZch91B}d+ViLmv@)m~GOi}<X2;IabT|~xSLK~GCizV1zCMFe*$h(%pzVKdq7bsIr
zEosae_tLBnsvjsWC0~)5Md4OBa)iD>kme??L!tSs;>ujRWxZ!I|FYdCJ>VcH(`W9p
zTwJgp<M2IclKGOR%rIte!7u=;PJ}tPN8VGe_B<qVh`1XC^CAsjqcv9>+yzt3$`@^v
z)t0w+7$z~OsKHO$Bx0{DJmPl{d5(Lf{HFrykJ>8kBX#Hr>;~5_jx1+IJpT!=z{|@D
z#-+LJ%n@fGcq04AS!2%<)*%dpMNpV;Em=V#`wHs`46D>}u1yxt+~|ZRF|CYB%GldV
zVjQ+Ix5N-B428Vf#@@wPWd@)rVTKs&$`lAaFupmbPlOasFvlst#L)K41$j&;wYPZT
zpKy-zR|SwKnnLz~c<!?_lR4r-yQMeB$*P<eGkkF7J_7gJLmkV7+bYM}7eS;*WCnE*
z$}by-P*<Oc)(q&DZGp%3Jk^_Ku7h~-deTSplUw29qBeqAJ>T1sDbEn;je4=|GGYuF
z1u=rvB4ZDU2(CP_o@e>*J<VQm`LcD0s`(3dTx`6b-l56R7kp5}k6}DWdSa#Gy8gmC
z$<WKxLxcsQtMCycCUOaT8D%y<d|qNn*h6G+MFvQOB3p6&2={roe?p#^J<B(K#<)s!
zI9PX8F$(C+KoTrMZeQZCx3M038u6E9Af>I;BPW|dDqp0~>J9?5hjL|iSIvX1nU^L_
z=`D2Y7y)Wnb@S|bk@mpNOT%4Z%9R%61F834I41`J0v@>-cS=Cj5P@?G!0O8FH2Xh@
zlZxjZ{jgPo;UeYphtV&CW?Nr9AivQG{iVOr$>K^dyz;Elw7pIawklGhtkK@GBFC2y
zeha1Q6-`^Nde=KJXI>dW8)d{Y+c;vxX*8z9wsAFU$#XBC;^3k_;mm^1p0#S~L6&$O
zFEi=PhH>K3Yj~jdC$JZDAsI>9h}q~77{fX1t`Mg^VpsaS<l<Jm#MLqL$Fbu6!tlP<
z)m>*AZFx{w+C{7_M?dU1R*PLxW+~9=L%7cvXXwdtgR{O*E8^|zYmFDWa=R1m?e!rE
z{#XpP0qA);QOBkMr&Up{be#83-@W$c(S7QE8l>H1sHHG#x@+%5jkcrNXf@m$nP>L_
zh*2zFL@Jp&J@kqjX$)DCh~S2gKbmtf@TwPX3|}%r(s9PH<=vizYnLK-m+7S+_<hE1
zEZn;kxihlNd0QMlvMXnIMrYnoB;m59LQ8*DOM8d|fC)&E@*R}hjrG2;<BKB_=7u&>
z*x+&?4*D+0>2FTJZgfhG3x}GOvHS)?|2*>#9f!z6L+3CzaL<0CjQ<yOu*hU%@M+ow
zJ2bjCWbs$<E1?+DXX;+&dB!GF#TF3h2@B5qqfuU2Y!RARg^XV`N(uzJC8JTHP**cQ
z%LYf6##VY<U%UUmd~UX$p$S?R!AhzjV+QK_c>!6%gUQ}}>h%G`^pnOdTCc>{-pPRB
zuk@6&4B3V|l_ip_6g__y*TQ`6bqSE83ItQ>!J`pB&Nc!|g56@vRzjM<jM&K1M&69V
zd)!f7Y4<VsA0z#-KK3wN1Iw;zsAEXotOSAdfw3aRTtA#K!x<e4i@f?yIuBt9Hr@rF
zeq1>n<AaWHW)W{+eHJEc?Xw0CzHv`W&|A?Tr9bpzpTB$xJ4R^2``%xMQZMSn<l+-+
zHwP`>RtoNwBya6&u4`p#LBU`Ra6vz1pPB4l@04&p4nf~^{8Xm@U|xeolfHyk43d31
z|HO|djdi1NF8>A%tV3G#qmpq5yS8fiM0RD>yS^V1$-N`a7F{xLjK6im!N&a>BC$PV
z(3(d9fQO3CgedtpH{f1aXAL3lVI=ZU<ZBxxYbcw3&M!-UzGp=>5x>ve^m-)(tlLFH
zIX(LLeq}YP2m`54kIW<9SfKg`tU$uOeYWm(Dp>b_q~>!%{qWynPTd2yydltYC!n=J
z<lUlt`_Od)un25b^$$wel#*w`!GW#Z*GO6r_j%P@lYub*?k7U0K|LUpKdF!(8SP&5
zW<;(l^Bltv9=C>dR`pY>m+R0IYwvQ3$&zS$!KP({f86^H@CU_HvJdXKc<$XYxV(=$
zB!cdQ!TsVV?6*#wpZIofb%KJRnEHw6qVdAqFSIc(zIQ^kB}#@96#Q+{O>2jq1=X)i
zjG_M4Y8FOz1`q8SzDWqx76AnFeuRYEC(j6u-v-%~nLf}H!J-nw*Lr+G&Rc$ktk6vD
z8^vw2QJWid3OB;6cZS>T{C^DUO}>;WLEYIneOeK~ESsJ>>P@#Old6$^W!cdIT?Qh$
z_t^yW$wS!^4C#@7E0Bi#*F_{sBc0N@;jGRI*%e5}f3J~;(W~(CuTBqlL0>DseRk(q
z>vl_N06uPq>^e5cH>imj1R<LFikZq_ye-M63Ucc{=f%ih?UY;^?5itHtj#eZxAkgW
z7<}e6WjB&2$u4>vo+;xcQ!E7&d|)>$ki^zqnQvUH%l-r(`!4k@sEYc-fsg%mLvX#k
zTSDH<aK`4)fB#p`3gJ@~DVD<ACYU-`U^F8{ow6HvcZJ-0o<5-o)0ohSI1c>OO$IQA
zkDXfR!oQ!R2Op#1iBEu6LyyhY)27wuT^O*S^;1P1`Bk~@Ca25LBqy5`OEbdC<xuAL
zXe<q&Al3jMtPMDWglf0U^>oQ>_cg(S&acq?7Bc4<y&5vxg>B}wDNrhv#8&S^6`U^Y
z)GU1b1DF74I59H75WaQGirImgKO*>@MZ=N`wcBNsV;{1UqJfjRtQT8N6Vv;th>uX8
zkQL<LF99~)-B>gBpTtk}u^S9ipmi6X9oMGXP|Urjvc}P5nr0~>XOe%lOHMq(3ix2T
z@z{W_O!X;kl--!OoD)mbz*rB*5I*8!Gtib8gcV)~vY-7j-Aql;ZE(|*rQ@p=Rsyma
zpczy3GN-Ik@KG1ftuWZ^p2pk*XFG=4YB1Uwm{*=wh@JbQ&1WGd`&sEG+({V3m;QCC
zeS&n`H(%`>dYy|1Q3`rna=O+3wRsmvj`mAJ-h-!lZ(Zpv#m2&P|B!%O2l`d)G&m=;
z1G58m+(IBrr!|7plDpPDBivmDSe#S7D~pZ2;4}eb!%|Whuvb*5dILohjtRyO2ItoV
z$6|t?`=n1~&g7V8Okt*K@Bmn=Yt|Mt^T-bsJ?gyPS#R$PVnS~|o}FUWOwfwmnDM{%
zx*{A80y#V1AUO52mQs@Zf$_mdyEjXP6_9w&z$74=_T(pEMSP5#1r+?$I-7tsU|+**
zXx>h#`!X5`j_f!$XH9gPD*HH`z)-!W{Qx|~+?UG54@d|BEC2%D>%W1;cgFmY(pg|x
zmYV}%oZPU`SH7Q>ppiP@DeG&gfCCs#KIKq&Pn`zikRR6ir#^&&^9*7|$*i+?gu&MS
zMxH;2W4cHzoo`=`{{xgs!SZ>hdMCMx@Al1s9qpeb3WeQ*aK!dyF;=FbS>2b{PH*lU
z+cvm4y0*CNt^|8J8N{%<-lw;zHsxQ>7_h<UW&!7TMZkVQWCJ=gLIovw|4iX3u|9MH
zP((ETJK(C;=b8ghv%dPo8lLRTb2XxHiMVNy^y$lX!Zb{TMKY6BhK#iscU1%7r4+XD
zZU=0%4JMo;3T=wN+^a(}zI~Hxfaxg>C9n?!N&N`Ykdr0o5*LtLovLZt6c-ZUXp(0Y
zOoQMo<7caLBy<%B09MN(FW8&=4lv}+tm5Q#rmRL$iYSw0m-3oCj@_c5uUkyA>qOWU
z20_>MC}UZk0UMr$PgABcWdh2n2q9$p16Z{vmp|i#R1kATTy=&i#wlr($j56<xsT(@
zXFupWs^%MFfRwSNQ2bd{UqRx7$c-dCHn|U;i*{*)lH>;AEjTM^HM|A?|AK;B#%cos
z2!4-g2&Gw&1vZRfM^=&er-E>vCM5kNCe2L(zd5N0+4ohMLEkx(NyAG}Xb;0}$;FNH
z#d8~P<FtO5a#W*xWwcSy(w(FW+ez{!N%kLC$wJW%qdeR=FJ^gmGn<rr)htGzFBsm(
zsTdYd^53yKK1ARkP^raC{ZxLn&eaUdw3Fl&yAZFOdT*4|_$OKQc|;vvC7vp+gC4%M
zorb(lw-Ipc>8@_J_r;e^xA6ryG#Y^<eRw-TmKk@GOnAG#!<v)ttgcHuOD0{7;*cmZ
z;liTPBKKd_;B)1itYAkZ!e+*xRrSOL<1iL=yxT!O36@}r|5;t1@rwy{$qH8T7>RLk
zt0JWsdVgI{o_ZFitit_g29d7*JNgNL=|+!tGTjF~h)<aFzH{T77E9{)@HO~tQnl%U
znKKh3S_{Uy(|A^3h=~#3#Dd&<!^@&^J}UWn!^GLM3=b7sEK}Rdb9C#tyr%hul)z}h
z(fyvh667=}<Og|T#R9+dsGOr87@0w&k#8{53wVrBDg;VRn-#3;?Ul_JZK>8S!8M5a
z{tv>f%mPndSWU5Qim(@kZR6E-Q~n1T{XNyJ&7b{f%GjJUA#6Ld8g^wnUbbT*^9#=B
zRXPMs!0+G}!f`d|YaguL`<2g13EjhTM3(TG3J9zl)TPz1&9Hu<n0ZDVGTcKnGsuq|
z*o%#@!mm5jH0CPCL^9Ynx3U>N6HpEEMTOK6xN@GG^2_|5ny0*g-%D>WPiIOOPPR%(
z%oWRN#st)6B^AC;R{1NGQRG~gnfdUdJfHXM^aHB+ag3Ixu*3b%3*VVnS-cm3r!}0%
zg%tcN^@j7eWk{bb($N+;4l)#0X@v5dUFlP?Npbcnbt@vHycbc_8Hq%BUu*ukKs(I^
z$yVsI&*aR$y%iCQ$O^MaG}!rbk7Qn&_3$$1$<@tZ**6a02cF}Rr<b^FXQ?r>VH=0y
z7U!Nkrp|Ce!o+sn6G2X9Fooo{yfR{+D^fN#`8!3_(PeH%vXf8ZeL+CXNO+&d5!>Uo
zH}`wP_Wm;%ZS8hwiXI92y;n#549Z{!##`gQI(nU-rr^Z>yZ`N1TWa~I^fxvP1#VSj
z_XUaEK39657sb(i!RA7g9?JB<z5y^A)gBT7Tcf$w`t4p3i%g3mYFSU6ti2RsUItJ^
zF@^Q{ZjB{goryi8oHw^G2dLdN2s^%QlvkHC=R5xk?D9?jOuyGj)A>ge=!@8u#Nu|w
zFHj{rPZ~=zNMaFStv^lOd-78A#A;~s^GL2mZQ!yVtAr<}N}^ap>B{iNKa=e`5MIp)
zN=UuPVd$|25*}}>kEPtvf5UTafdc2mM?_P>k+pfOe}^xLLDtHAzeiVGt9*XroMi2%
zWD{`GIWXtD-A3Q*ZgT%r@PQ{7FA%G`4iL@Ihw!EGi+O^T)&LwB59_9nAN_uBi#1r=
zd!%?HA;Qr)av|~gjjgtkSyO!A8U6b%iO&P7!z67zL2}Wv$zsrFy4M~OWw4(hOn81(
zU@r!k91^FOKCOLs+j|B)(=~&BrGqxAD`xATGuj66LtlF~rmZ~+7Nq@G9>KL8DRM0z
z+PN6jKc6r3@`|LF`nvk+u%>4=#&u=1f8mdLXxCD^4ExJ|y^fljvQ*4mTJ~T@d}Jxv
zT=gB*Zd@+z`271_rcH$zJCIl!#K6SDvXS;+@0o|xYZj%4uqT`CS=X2U3wSp<>ZYTg
zvK)H>={TXiGev*)7HVi!zM?^|D!b9({RMbmhyJ3*NuOkQSoM|=Ks#7ge9ER`k^g*r
zHN6^IW#UErq;iq)R|wkM0JIGNC%`^dax_TRYT<@n#KGkbP!^h_E0wvFTSFhfZv_Ni
z2xl6nK}1uQ8{H>1GD|u+_jelSKZQJUwj1n(^Z&N$opioRHSC|lw1W7Ra3&*KH(yw+
zdj&OXC~v=lp1&Z>1f)cW#J;M<OYRLz4_};1qy#G7WF5QdV&v&IPRl4*KqY9#IRmJX
z|9XV506Gr}DaD?+AMW!SLVtB(SJHYxg~HJI<(u4S5qv%s;00-4JCjG>NsP|Gs@=1-
zU)|pGRSW2_;#y-VHL=X4%+0<ds-2hL|G@!%<e|u<5Aox0XiLwEx?3oH<9`q-C-((|
zq48Tmev+)r4X%`&iQE;nGwzd!jjEY^El&S*vF6W}xo&%)(suM$QVO2p92K<%%50V1
zP8RqMqzN4oHi~BgK<S`Gfm6d+mI&Ayzq4uYnNqX*=$D(|Q<{j{$T&Rp6#Q6<SpB}P
z-yBjI`EGfn!-D%}7my<9?f<i3U}4gwQi9m%X)nCZB8pNt672D80*-?oXs411RpO_G
z+63{;Un&m3VeDc!(P}B*x=EGTiyRNF=$lmc0U9oF(KALGtGg7x+-<%{S*fSaPj2*l
z?DRiKBYk`YbW#cB;to_5-K|AeD*3NK_gtrO%8|J4|4~R4Pm8?1*FtTH+oD&%B*{V*
z-zw;DWJZu6WNBdeqJ*u)E%$8KktI&|>!T_SetN4OZ^cnDS)vB=LWU-7?b($ic*ZyI
zw(_)H?_hsg_c!8=hkV9YTbn?&`cUyC7dujfY;;@i#Kvx7VG%T_{25j<*)wbUz4q?d
zlHj1ht6<%ky^1W{tKBy;iy8t#?2iE=-QbfvzS*=HGx{j7Gg*oy&C8DZsP$gH+@bO(
z-AA;7>q@rQ8t4$N5~-Dj#<*WfOK@0Fc}aRk(7T}W_B2wg)@_l-#is(t@#_m+3Oez#
zf8LeP8EBaOdADUO_F!*r^^v#BPnE?_Zbr0OO9{s|JGR805yaQVMm<TlW2R*HIF-c;
zWu8#4oZZUY?3@&Qgw%)G$B#Ec1COKNtTD|>JZ46V&%xctpD!NwwTq8a{QLTJVXFtV
z)+r`F!zXq2F2747t53!);Wq3w8Tv=_M}jf>?Im69uYzaCeT{2~v2Md{u_9UijKT9Y
z^dBQ;GmT0&t^{A$Y$?n!r4$$v_3B#Si+lqU{5DtHBG2h7)<J3cVjs85yT|BjS&3&G
zvrqCPIn}?E7i+~{;bRu{(&Qe4b7bY0H&s>!e~X?GH9)I|e0Q-q)LP_bH`Hq&O4hf#
z6}pHTSp0NBwv=YvH2#E{f$jAq3EE<g<ym!X`S&5KS5N>U&<H^(*cAmYQE_DYI2|=B
z?wY?~D{6r3|6z+UaCnii3DjBXQFjGg!6)WD<y6or>~2FGGzb_IXk&}r4w^^J+pTDj
z)7xS{$gWj7nWp@>Fby!5#Md+~fA6)y_o%BK8y!>DpwJ-%#`LEW98K#UuDj$k=f9s`
z$XGEeIv&oe^y!EBlR!1n+A-*6qruohGI~MBZwE&?=q><hdebaXv|!L+Yv8jo3qfEd
zTer8XfojPEZJbO7MQhyaXB0aommz!_%Gl3JVMzjt(xB;=UXx=x=LNVK&5Su)or=zJ
zvn8=v1ON26HqOe{t5^VPIxTN8nLP$k|7?m$a~OcYPMH;8SOn2Wld<`Fvad2&NB=wl
zSm|~nfMj7=EBixS-fP4h8JhRviVk=o)5%t#Wq3sunSAQl=sN(*e`x(R%ighpRqIod
zp+n@{<Ga%hV-;UnPNSR_??iAa0_b$<uNdH3==@iV8#E=qoJCmx4>UK!;RVonyi|LU
z58PRrrK<L+v%DKVV@;YRMRG>LzFp!4wh}SUu1s)YZe5Vm6nBY60HLohWB@<Y%F+Q4
z9!0UEu@<Btar^&Rtpkk)ekLHc75M${D0V;)Z8fye@r)DTYu>+jid)(S9YNx0g+^1c
z{i(6y+o@tI6J8)O3!E*GDS$3@b#X5-A?Q^xJuQ%|%DLiB0+kf$f1Nf7PoB0Eo3cG5
z&DV$Io0kBUldfi%ItC!Bgo^nfP)|0jxYL`xMJ*C6E(F1;d+GNAgdICN@(%cNu)N%N
zXGL|pbHUs6;>B{UL(O2<?`}kJDFZ6IBFI(+RQOdeVKHtd2=`8u4enO64BObS4e-jC
z-)HK?H!Mp&Xe2S+0(!-b%`DQ;^BAUm&fyoLpx0QGi%k_ZjZT70zdM5SZW9M(UWsLk
ze!^h<?2U;G%<Fy!0y2gmWWN@Qg2Fy9A*5o+Y*0K33AI8D;+tXSZ_y&pzu?@9$qeNf
zV!aez&czJPb#{pH71Y#=slB@OH=489SQ%=<5Ow1ab=8Vh^3oKSDCFX7@BpLn16G0E
zq#sD^Cl_SXPV&=168E(@ve0_9ray-rnRr*gsXUbtk0utHu_B|{%&sXjGUux&A=s4R
zxMYlMv6;9TI})V_Z`;9Nn?q@krWyB=ZXl1UAxW>{=O=cOVeSYWW7kQ7%)Ow;*Y7hU
zq2+9YRa%F}uEnajjfPZ+Y*Ugmf{z0dfs-9&%!Wb!#v_p-ZpgM8S2HaERLW&}ewok*
zvOb6Ul=?2QXC?K30}(q^Zk?;c6R=Gv7{2}8ZuNGRf~GAR0>4lxh?GR5|8?z!NKPda
zbe$j`|A9I*yee)dso<p(s+j3L<R`rOs*e5D+3if`KXz~Nj%T+?ESk3v>N=n_xQ}Y1
z?8vv6FFzHDCZEaBCX!r)1bQKwgJT%<6&X?xzW$_+#D|QN6%;6Y%w^9gnT|P`g$(vI
z{8UyONtR7gyB$HgGJIE$Oo-MtHZ54kGx$N~SW@T@qoy$uIQ5&EISgw7Xn`ahWAFHD
zyut@g0zYL{tUWIhn5}c4@j{0I|AE4=_(IP~@Cud|R~IonBoZ@5Q;L+`V3N(+XnVZ+
zpGyTgk&(MKR!)QQ_6VfR>#t~T;v-?>=)t!nLW0>*5p$qE&kjyXXO4M)q&JKK6$CZG
z*HF||vftoyAYN&4@b2|(RspeocA;r2w6E6iWinT6^76OUhH6;c>uKX^x!z8*AU|6H
z9k=I+uxnFt12guK!>$7-Q*$Hyv*V-?Q%3LaT<o=`uzjmkF%ilUf}qJ59z7T29ieWz
zHN-;c-xX`C@1BR#d(QtNruZ?q<6ftCp5qY+SJ0mCV=t}MDJVW>o!x8z!{ds%_>7tO
z$QdYf$kbybl#g9KnvV!1LQ(s&)<0#M*RnP@f91RYQ9_~kZ}S-2`C+~YUoH{F$KjH#
zik4@z7mPd2R?=p#eEFPC+k|k(^wxu5qr$w$7a?s4`Wsz$O-sKzG;QUUhVfo~T)JMX
z|2cP2&oJ@^hsN{_NFyxXN&f|+LeG@K&n?^^UfbEdkjZ7ZqI~o3_PUi1kqk+)sqbw=
zv_7|p-!U>Pd~eU=B(@bplhFDyl^)157Z50H6Kfiu*{pjO`|g*%Pp6&yN(H~oh}W}p
zRikF1u$#xg!I9ASjbTUjZ*oe@$^e|fozH7%x2|hgf30H>3ZLn$QqgG`nhE!&ifE?9
zsCmY`^n1&Vq_=ZoiuwQo>CuC%t~10`f|p8fkr#FJ0N!Q?wh@)zLSdf3d@y_e+@+-N
zpsrUc+py}c#8lAuh2A$B<_qnKFL9g;I^YLGw7?~P&l_o{lBwE|CH_JoNW^M;$m8_`
zzzVp=zMl_QvXi)$^XSIrwyCf7k?J+O_Vm8J1lD0lAaSDkjmY8NF*H|W`7-TH<tg?t
z^e}q)mL1|&tOkTupXq-FDmu<EXN@i73D@)Z(Q=^ZOD(qxpI^7A4_`X3o5x29aRB6q
z+_C}giz)+XH~zP4uYdo}Q`hMSPmA6qs6OgWir|=N%so1m0P)fI?e@mG4<U;<w}u!X
zd<t3ikNN^<40&vC>voER{I!y@LXOXZLjsp{<*03a@9icm_o;g?E6Q?^f4vWEcinH_
zqlo+uvH?>JZO3l3EVLcqIiu%nu@<3*`8U5TK;5GpExeuwvB1k-EOw-wYO8{f5j+7>
zdJT<o)$}{D$$_{uHSEaMeNLdM2?8yT<v?h){2y<waesI9DUBk_dJDz8WeqGX%iP=E
zCfJR*WAs6R9XWVzMmnU}3<eoX@|Cgbu3eV6dghzmh|{0fHxhNL)_ll)!U75Q_$SNG
z(Uhh{lBj`0YfHY=o7bD~ZrP2yOU+6ob=Rsi$Y1W#Ee^Nqu(fM?6#V|v$WGI=&cne!
z3+gL-k3W&0RqO%xae?+-ESogbye1Fz-_bKs`P3(C{2JIJ%QaZ}majB6q3_n<TdB{t
z3Ju-<%zycf2x{J(RM))Rsq~g%kFoWByW99O>y1igrv)SXg4U>!-e`}as)9%R$L4Zp
zd9If0ea{Zq->k@B725&5TA~S|cpiJFm|Xh`x_HETq8U>2j6=`ja02sE#%&J4x^N+$
zu2Fy2uRH+(QItuwl-w3mlq8tu0k{}sylE(Z@6~5uD7LdX8?W~2WA2><zkxk!Q&etX
zQ1Z3McU4<@06Vgm`xZh-x(2itSwoX*M1~80G{c0R_>QQ3xY?fpO33sgZ%qc}p&528
z|1>)Ee9zSj<DOzuvpPMW$3uAt*V>R^c2urjC``0BWBU|?03Fs(I)Nw6`N=KH_^sfS
zBwGZaI!4qc3X8+aW*)m0SNycN)H%kywR1pxcZ)KjhT{n_x-6yQ{(pp2`CFpyL2IWk
zA!>PaeX+R5V?o`1M6DvyaPIHA@u;4~jpBhl+)s7@#NK=ZD2P?adpN}oFeNL%TcQIm
z|3i4!ayz9e!Ng80XcmaoJa1oE%KI*SN-U`ccG^6A9}XUCTRyZjBx*Z5YY3}NWHc2v
znanmt-!jk(C_LZQ@cNWk;<gA>Jmm4rA9tv?I8V_)D*r|7{YYONr)~caV(7Ftv^uaf
zPNfVoe4L&u%Ij*{+8@{B>2J1r6js=3#{E>cvFU@jk~dYt#>>n1sO*@@Z3y&zEc@^I
zTdHx;uXg-(^UZqa-{rAJGfK1)X5xFNy+^@3UHUQXi^s-`uL(|G;E+&rOakk<%96cD
zG(Kylit;KDot5<>He?U{Yp$pDo1a2=JhrJUzY@LI{vu<!SS=4CSdrIOdTgqC=KE(<
z%NU(!pFQ93Vt|3P&*cs{x;~(a`Oi3f;PH}y#?sY&Edll=qqpF9?}l>h_15~OO*1?P
z9UBKbHrcar0!J9{s~amANPCYj1xCIaTWVOly01{~aqx<Mz3t7lNjbG$EskgRk6;NV
zU&fa1y;NHA=X!6T@KuH$*vTre_sFN>*~9ezho!TQYkGgU_(p@o=#XxahAAO1Bm^a;
zksdvyOOaN(Q9z^w>D~xIP>}9MQjw4xR}dyrJ|Fx&{&8Qh{B8{H&dxdS(=8$SXk`$m
zI3%#(AS>Z>XzZ<9*K0L`W%RCfI3o#uOAh&|)AQ3<x1m3pC!#$gQ19$6XEG@`sV=xi
z`>2m@e{5b7_n6>T9Jo&qK3vzPMF+=4FEB8r_6s<i!HJv3xL0&uSnXZJ<uB|gm|My-
z_LyBxV{n-?xyg;-m#nK^08wifSP|;RBH{B>XZWIZ)M{y>m0&NpL2((Y7R2#5vhIle
z#(c;!Rr5d&m1aau>7vaZ6yfsAM7L?wYCep7q153lZ~%8Kyc#<%kW^wdhj6atbK)tH
z!jUJ<mrCyiw+`SoPj8m04mrfcmE?j1<3#yAZJpSR;g(hx8MObk{_M(9!!y2h&x%$*
zd#r?i5I^`<1fokYvoo-e;a+Sh2iDKJQ#c1*5^~YDg$eO7o-ByBD!?KN!)nuNIo%<R
zDmO8q6_zAGL~+rm>)=Vh29A%N%*l-st}Y(OKsF;_JAFSq)He_oLWI4v|4y*{-Mnfu
z3Gp5s;m_=9kS2nxi?TJOt?%HK$75D=!swP18`*!SsGc^Ic_8Uhl><Nh_=-q}TGRVU
zMSXgs@Y7fH^6ciALv3amrTcPm1B*V!etvq`Owa2Pk;K$;{XdG#a}#=6j*Lv@12JrF
zpruYFqJ)mGa!Ath6$e>BPnYt7tw?4YeDTzsJV6kLT81Xc3Em$=K6o!|T>-?<Cm}B&
zF6z8jkGBd3qwyZZNVBHQ>MRq!cxDJfSN$W)fM+WJ(Zt`bH!?d5$)xrMxhb}#Wi5Dq
z(@Jm6U=3z|+mlaidI+CLX>o$(RpfJ+?A740Sxj|w56EYcQL;PN=hRKtO9F&zoqyMd
zpMF4MC{f#k1&eiM7V%&@GgEmt)4Kp}HL&zqwA5CX+5wbJq*HI0&xXv?6@oSgjMZcm
zNE&Px$FZQlN^`s{B?>4qVNKSZD>*~~zXj4&-k*s8_jNM{a*fPK-vKEMDa#C4&6=*t
zZ4!BC4~#CF^|-=aVo28mkaEl52LcB>O}3m0{GC8h^zIy>12MStSUY#ymq7Y_-;1wG
z`E@r`Cz0P&QA$J&lthGCLHWG1NYzp$Ql}LtCDZ;uGNAP|q((qtop$Ld*HsUl50v4f
z%i`F;vDUYO&Ibv~8E$Xs5L*fdsth7t5(8==qw!_RHlG{K!0HC<w>X#{>~8jaBPm*9
z+6^ituP7C+n**Z`#{4JE0EiytP2l)7)jqu(G%(;2Fb8PbZY6fX*;1F&P&F0(c(qhB
znfRRzK-9GjpQQubD)5Jpfbz>v@cdz;848U2C<Szn1zV}1TlQuA2u6VmYCG5i>2wgA
zyUX;x8owX`ia&yo8So)-m5LH<O<W2})ML?CPn6bEkBE?ph@++yvB%q6>m)#Mvbze|
zliJanCKg-}5Fz1cLMnQ^7s=AFVR}Q+U{y^7jC;J0`WM2czbfU&Jv#kwub&e!jqHVu
zFc?AzU^k8Mg47!jMb3iZ`V0uZ<Q`~=P#Di@cn?JWgAoKSS4Qql7I*kt2>;q^1Pw@o
zMcfb!(-ZE8zKJ8_1)CEvuni{+@?%8GFyje=m!Nf$qK-&aWw0d3M37M18)c~K@X=wO
zlL8JFX-fs?XE9%chM0O41e^g8aKiZvCKK`&?=kR}P%nu?UMgGTRPR!x-uHq+Xs|P|
z?zzdTcmz8hF&(Utj@)zu&j>(a@Sy`>Ibvp9!)w62%j}UQHTQ;|K6hI89Rf9*Ys`kc
z>M<1JF>kxs<DS!zO=`~*Qtzk|GEL~wAv{&}37wy-*$wM*(!=W6=4O{((RF8Y-_#}J
zZ1z*j+k^|ou=TgYjGyHUl&@Ei3o2IZL=0)Wh23194iqwgsS8|xR6&o3EG#3bu88RD
zCQqg#yWEPK?2mW6HKE6EL3)GG$KV0)U8tA!Rt*_POA9CD8?Sn_Kfj<Ty{-@J(9gTv
zkVH6@zOZcun(A0ILrb4Sz+kpzC%P5)y~T*y_0b<AeeKwq9BKwu>K@2+hOMu1fBdqM
zDL>OsaNuQuWl^HK^!F)eg$oL84xisIeDx+QVk(;pz7sACDYm3Gr}E&VNBnBcrPknk
z5xpPxPJ{hEr~F3^QEruoB`{~B5p6?8>eOwMyN&T5lFO+PNxC=U#wmFE;tciUiRwS`
z-UrrI7##})*BrAGQ^dqHF8{XL|D!0X;7>sn`9ew|N|k2J)l0c3j2UlSDCYgz9id3e
zTBlojvr!V;?B#-j-3~_?B-O~6L3q}mvY^{BKFi}WdMH-q?xpJo4~qh$phWfEjoiw2
z8^rOc;$l(3k-`>K+P12`dp^7XyTXTJ`?w03I4MJw$h5F6wY<Ei<(XCeIkp<vbfa@c
zG7FsSa4f+~1TBhiZACW5rzvx<sb!BgN3nJM_H`-}beFS@B!Vs^!M>SjS1G9Qb6R)O
zrWY*Atdh4xPYVN^#tlM*2zy-0M-$X)+k{Y<33T-))DrQ(?oAxcPIkQ}3(NjZYn_Q(
z4%v*)>fu=kgp<nqdv7c7f134xj=Qd>)6{91ylvCtX$>>?Z}+s@3-+kqSq$>}FLst7
zSgK~1Z{aY=WhJcbW4cN<&v{vgWX~hmW{>0SyDx6H4);0d`}PXQOth=h=Z=Z4|0vR5
zq;d~pd9h!7g>!uylj&GcY+7af&aZ2M)r&Vmd%$Hz+a0vA-^<i_V~JzXqs=@Y*{2gs
zsWe|#WHj<L<DzaYMUn^pG;M6Ts*NNaq)^4$VV=n8h@J#VrG~t4JoL)}t#H!-iPOM8
zFLGV)6?x3(4)^lS`M!uBnDl&ltNk^>DzsRe`8>lzK(l9i9w(~I6%_@7X)^8dibEf0
z9u@rWg2A8anZigOTixS(Gcc9RScIJG7<^7*do8zSDycn4v5On(LRSckpoyJD9Ctgv
zM(ZYUk7SM?2T{j(E2y>Yfnz#I)?x4C4C+ekL>3#vr`U5p*(t*|t<y#-Wj@&MQF21A
z-)zSlZM?FQv>w6Ou>}T?ax8J}Nt_*?*V@C(W_JEdMsujpirPA%M@8p?7(|K(v%i?Q
z1;-G4Pk7_$m)8w|T6>xzDeuzg_Pzik$wt%edr6!>um9C^X@gJdBZ`^-2uQeN3@IH5
z&y`%dwhS-eCpmn;gozC9xE_OYJ4NTx@WPGCFKpsCw|SVg8oZ{aXdZ8dnTXa8{<KLU
zPln^cZ)az4S>MaCdNkJyB5_0DLrLI9l3ik*Ts=Y09l4hr2$9z+pMTm)<w^=gyT&;B
zPE{i3v&oEh45unp7G^gJKzoIKWQb#@q}E7r?0pzp#|vLjcxl1w=?G@i7H0>aj*_6j
zd3_7F%c93k`HRDFeOz8n+B)SIweF(!Od>s&a^OuXWNa@x6EsKe1$lm`tg;ePD4La6
z1w+&fR82e#aA~1k#(06nId9P#OyKLF2btMW$t$x4f04m4TiXbjIo`OAXlUa7){&Ut
zhJ?S6L?d9sjERK(Abk=KTH<l;K^85`mOgE!LpF>yV8E6GM7)4Z2nv~ZXD>gwa#z4i
z+k@K?v-QCAY3K|K6xszHmApPL7K77j5N+$6^ZMMzQ0&uY@v$?onEQpL-2qahO+y^<
zHZ%hL&;4=8Ab{fiHh(qt5~+|8!Pe#nP*gpA3PmaVeV>PbCJ}b3JE<caOS{UU$-3oS
zSbtvrcYDA6KX`}zF+y4Fd5xj!TD<RUfU#xPfLmVsSjZ)~A}F&ocnx>WyUTj7u4Qyt
z<kVc9xb8`SlVH|&|0j-kc;f4)22f^g7Ke*&8uXV4;0l3*pC_0ARuPa!Lyx0WRYV4R
zR@d^zyq;c<n*mn?9u-RT>&|eZZ1w%kK$*=3dCib}*7W5-68*jvEb0^u+^aTLpSj`s
zOFp2JSVud%i2^2v%r^sN-5>j>F5kb&)W(XLQ#j-~_G>ZS>J1_mek5h~)8ye#pP@y2
zT@=mrPD{I=H9>ic!sryMymXMWJ9FE>#^<Vf`hf`1=0(Z(eq6NOS|PxiR^>bD1P^x&
zRMa|#0Eyt(vvbf*=%6?y8+2!+;6bN}!Csw0o{mOzNE}WVV{mpSO1kXJO7813;lB`M
z%R&e9$EZ4R&4EnJ5Rdv=ArK=do_XqR=)NC#r~e9wj-!6M8}qdo-97I?3C4id_T+lq
zJ@iC<QK?;^phA*r3*id{cnkl@p1nJ4E}3p``e!*#{`CVy-71h=VmM}83;pDGdH5aD
z%(cUazNS%dD!+BI00Yl!jusR2MY<R=OJRg4ZuH(+u+s57-X;yjXMfG_x)=UG)OsZf
z12n%|?@7`V?&M})9q?|f!f<Z-9{eK8G3e>F!1B3&CpHu5Onlw}s>|gsq;_C?<VxJV
z#mR?9GK!zO<|d;<cQO843k3xGUlvqO_VTBBjpR8TsMZeq>v|3&I<1E82!?XJ_LMj_
z0RxbVLrSOEzEkU$VY$imNToUZ2jmYdN|Ae*%r$h#559e)oXowq=l;77g_r2}(>prP
z-QB#M`b>Xm4xb4IM`=?hhEB-W&f8x~abAc0cVp>{B$Vxq!PH};{e0W>lfAA0I|QB1
z=A8YdJP)GQ9;|;~9UJPl!H9hAoRe7Z{)gs@6#@G*@MK|l>rmi+XC=?wb-7;f-dt8%
zL|+{yF=3Fvng6}D!+lTE-f*h{9PJs!XB+KnrS>1meuQ$oOyP;s(Y##Fzj)%*3x49b
z?Tc6}SGydzDdW)NKe*rivwtC5xl?<Rq3j6QNp`9CGk>4+5N)m(GL>`Scsg;+L~Q6<
z<epT1UB6>cw0Wt|#Ru6S8qPnJ^KVwF9QJ$&lcWk-!OP^P(%kxr|B?OP*j&}d9{9i6
zYWGg9{TY4u9>yOJ2yut}y~82y&!izjILE+Bo&`;a<rLbQ-u_H0{-Zc}#mykk42)S|
zwRR`-ieLDTR##(X1s1CuuxN;Qd`V{S0InxW4fXJ+{n@i9VN<GkdA^n2M+DK(p4XOg
zQW;(5I0KU+*&v?@OP#8XI!$Qd;Py;DCU@t887}vBL7MyJR<v=*H+~Wz7ilabxn_ta
zPUBpV91ic-kCo_+yRX};Z45?9;m}M2D?3aB3*;U52!!pisj&x!-D7yeDxUiGND;Jc
zs+Z(q7!_RId%;JINQY9H4#2vaEEfi;0qsknoTMuElR-+s*kT%jZ%k9o{&D`hN#VHu
z4q5)Z`wjhzLk$fyB0bVo7lrr_(fVfcAt@AoWFQ8}!%+Ob^`^k%pZM`Gdgd{A{3N9t
zSB<59PU#qeK(JG|kn+nHRGCQQrRM>AOy$#u6`%~m_XXbRGf4VhsD7=A%XjOLo}jR|
zJ<mdcGJ0wQf;(A<)Wqz}26;Mh(|m04XlnA=mD-|mn@zZK)q+^QYyo*kA*|?p)wB7z
z4#rGulwywQ|6#?pOJaZu3n%Oh(Eyehd!g32?-k&{N*b)_l`i6QYbIxdl|qWp)HIyF
z0XEEinxKTGZ!v)3?f!F=-s<-w;C?}~4pI_P0(cU64j{z0La9*N;S551k2@%o%Je~q
zkBDkw8ayOoR)Qu_a+F<RWi8gaq6@q<{1SmQ@9Z^u2k6CMJ%<s<+0M@Qc|b2A^Z(ER
z8rugKF16VpVgt}zN}479kv03a1KQyXhRPRoq>dlb0(;O+J>qFOkkFL!?x3qwl|xSJ
zdL{N6q_44or?sx7*s$kSdKk0p#t6tkCj5FOQLPeQ0<5mCnI!=LYm<RlQ2}1?n!%5&
zjd(^7ny|H7dSAH1hH+rjTO$P5iL~p@yZ}i??+(oEivH=h-5=();5pAJSAT;M7FyxJ
zhje@@vF-oTi#>xtD(?8IIW^B_eb~w^X;f+j6NKV&k{Q6SbK*HNv{a6ML8>;5&%YY?
zT<gSBnIsWvz^I>1tlD#zulkJpEz9I-D~U?#$`gLk^fN&L)TDU^SVheCQDge;sm$_V
z`t?=;B&6i$1c4p?wa<cVS;oBs5r%>k6e?iUzA77!_qkpa-DORfWnUc0g5eB3xl{*2
z(RinTT4Dk}yCPvDQIE2W)eyh1V1e_+7TrUVH&M#hmG5&(y}ApXQPWKEfa<HaKD+-C
zU&@T&Qdo6{kZXN5GL3LaA1_5P!koO|U9&U<zg`*A_!nZ&cxifw@RuwQVx=Pzq!Nv}
z8&;9Bq)#VE85Z7yzY<Z%sLVyLPe6)5Ae8y=^vn=1fgB{Dj=LtvTTolAr=fNogc^-h
zUQ95!MJPua8bPO3ZQT0{2m$2wFGN+<OU01r!V}@Rtx5!My{5tj<F3UA6)BfsYP~d-
z=Z3wK-w~-+d#vje^G}fjmIRdF=u3<X4b>#O9~KD3sid5zac7p7R}`EM-!IDunxKDs
zO#Xrz(ot_nXa`47Erc!~-mU5{j3Lt&qK5>F_%Z}JjvJ|sFXK7uma0;JCA8W}WO=`p
zO0plsOP}+p$IvV^j$0nTc)-YzcDV;a7CvE~h^ITC%9X?Ul1;3l$YAl#;9IJ{5PtWV
zaM)Lpn;n2J&=ptk=gtw>-e6F*P~LKQ7-{08sf<t<OB5z6d)uq(z%&E8M4}H~GE%R`
z8o!O!i$Qm{ZFlM=jT3lRkjWS%RTQS3M2o{7syx$Yd__$^P|I27Jktu1y6rC*cfFd9
zP9E<uAq-|=sjp_0HIGkQCC6vs71cPIQC1iOAqmKT$Jw;+p{M$gQ|`Gr1@R8dm}+N+
z(2+CdDVP|%2L@!dW@FT|rYE-&A%9LQAHF@ZfN~{J+iRn!?VN2>EG*+2Z;TK^q|8$s
zs0*0ez8S(z>plIp-d0209lIj9aoxVkCAKBf<gsxQjzrpqH{Doi6bw~on9>PbILCX<
zw%IkL32=XY>a%ncqv9k*o0AB;jAKwL#BfpJz#H0bb|f~uQ`s?dRNh_}FSVVK@q*Qf
zZP6v!g@Cm6VW)jBwi=h|b9B&}b$_k{_dY=Ni<T#x2FI`-iNy03&{w0LVk=S16lS-b
zhL79ote7q=)3FgvboWh8%e~#-x^;1nCM0G06|)CLGh5BclJKi350IPYt}Su}FoNBv
zuLuQg6*E=P6N;_km>_YNqo}YJHJQ<7^IX_hELhit6=0)ARU-&!?=bkGYOagKbW!`<
zc~bVF=KWrZx@lz5^o<g^wfYpu%HfWYUl&T8`0?k#GZPDcavQ;6Fm1S$ROBQa%xf0u
zT<TcL0&u^Fd_#>fMZybcd0XsJL29RCqXJtKPV%}_Gb5x++ZZI;9-p~&*$_M`s~Bzm
z0{CFH{+xzy%2D15*R2-C`67uNn<^R84dOq3!|<>MG4G45U~1A7n9j6fk4bFoQZOi=
z_>YR?34YxJuI;mav-gi|u~LL#N4ctmZ;ZX3`d_?-c6f_f6TTUk^a2tu?}sqLTQwWg
zzjLL+){@o7F#N=mD)&d$w<p`Lv-e35mJ?qvi1BZN&d^-?OH#O;u$BI#SFO&MdXWWu
zJOE^3Os{2!Z!h9x*IASG<c$6o|EsmpEslnOoAg>e+6y8tkU}Pk)(^dDW~Z|1s}p7N
zaeXm*=)2aly?Fja=JX)s8e@9ZDo7U!4{xYDycuZe+3K28e8|r<KN}?H_f#DB#GX=B
z@vi2kTGEJ)=vhdgSXFfY(W|_nWSuW-D@4#Acq8lI0E7UUq11EKtOkGt!Jq6NkSjCk
z34hhr5nT-FYQRa4Wsf=R>^ASAqq`~N{85zvjW+lkk<p_wH1h>Dx5%oIX@Ie`Y`Tao
zU<IyYTV`bq`<QU@)cpwXb7OQ<Nag5D-Y=;&QQpgG=^1!`by-i`9|zt5Wbrhh6R-~n
zkqoVuI_!K^91~v&Uj(1^n`kM#?G2M~1sTg@x1fhq0WSH3@?yq)=ziuM+WN#$mp4x%
z??CRmf-~<jNt2;nX5M1grkU~|?CiMAgf_&<YRff7H}03s#%+h;-ih}@^F&LszTlR7
zy-?Z)S}Is{0B5>a#eLh%rvA8FRbVI39bv;Cw_~GF{sbnpJy)NP9inyzWqh!x?GL%t
zO7Hikn|*GL6Y(4fJf%i{9`vsH$m*!oG)4+pQ~9ty5YvJkPEcu325aVkGPZu1GUl0^
z1vK7bj)jTnO>lv?bK;Oj_IUH2)ph>|nN(wm#vnPEgOlVcgMWztsDzfkkjIO=F0^vq
zS3=2W2+2)y$;|*Rla98`Zk_=u&u7S{foRjH+~Pk*DQx~pT>1<Oe0itI+Yy@4I0~YG
z7#iaLsm40zZZdkXGt$3@Tid4Uncc8E@E$^OGndy?nr|XAf*`jn(Se`Q00tHW88}s~
zyZt}gY7r&X__)XYpZ^pk&IRgC#3Ca(NxJ7iKmzSH<{Z9L4E;pYc=OfjM#dBa^zy+|
zpw~7U*3-Dd!J#ln%@657Zr;2dnGqywuj%yuvGIma8!LLQAMX)BgiQ>I#6$Z-E0#cl
zQPv5Q!nX3@Tc;VoPLGLXtDb~`%;3se3w8u?ObF73ont<WDW=F{qLs#ZvBV)UH`AU{
zkU~sK3d;L-leq8x{pt0QgBB;OH?ufQaL6E?v3E1GN#SEE$37k4P#>U!Yb-n93-rL=
zayk>P2#LP)YCqp4f6p@7<JhDg_xf@eJikyAv^A~3!5<SYu2=iO2Rjqa9=$r(OtH89
zvy7!Y9C%se`7O@{eD?C^+{JmNx+|9z2OUm+#bRYf!>zV)dY3Z4#qo;`T7#eeg?w?3
z;9wYAt@>dNA{x~LVO+&iAC$0T7yep0+;F;`+=V<y$nD!$u88)ry3pPDoC638F)47V
zOfPS7K2?hdQ0xSHi&saK;Bx?KuSO|xh+1Rnx6bB*^@YtK#M3uQXBVe?;kZ(V67b6d
z0B%za-Z&FoLiySSs?~n>w`SBj_kZg)aP&Ir`f0RUa|ahI#eY<p@jZ*4*S*k$L6F}0
zUQV&PtA`#XFM~>#tkI!6;Sm2Y?fdzjXF{QLRFik;&*H%Y5|HU@Q1~3&bH;V9&+TPf
z7+|(awW?f@Ot6pX0rzUS5(Rx<`I~XCTM2j&KavT~q8IEh`QmYPjHJJ*8V1fy?SdRD
zev3t${e?`glG^k(nCx>nC>@*Keut;qDWCp%)H(*s8~%teWc4B=^jKz*x|>jO^&)HF
z{DJK@Ie8r#(;xg&DGqKE>U$Q8GgFF{IW_CK|H<?0-sQWT1f{s(uDxE}Rdh)2VY4)N
zXij3?t5Y#6wLVy`b4}P(?OyI!L*M1QnNr?=XZFyh!xdeB>!SNED>-eTuT}>~U7l&>
z_xwf>o``^(stct(?{NDl6rhV9IJeT-<S@=YG-(aa>O8knp+RI8nVAir3Fr4@L7u9n
z7We|^&;C-_ZjbXXgxY>TI78~(+S&2Iqy=X>bdbPGa)&-=3_ZHJ#`F=9YL`13Xf|~4
zI#_t+rwKYZgK8~yF#LsvNy{^Ghm)^MZv^%Wgnrwdn1WZ$`VU?e3jzC$gM-MES;>{<
zBNL30L*&V?Tf-AIjmvMo+g!@?%dW1J0(t9E#nDH76kE|gc_INWkr1y!?{rHnJo4nc
z9>%2KQYqW=EveT!N%;HG7H$3IJoxB|;|-$B$FF8PL_W`|J7q<Nr@#cmfnEBAlZ6a_
z&o>GxKG}2FOAO~8#5wKB?gw%6G&EI#54!pq6D~5`NA9F!7`rUS8v7Z!)#$-5m9bL8
zKnHXm_@r7JSRdH{xHI_R!*tYYQS`?jGpm6+ZuxHR3b%Fo7HrP!G`$3lNy~BbXY$Ww
zYsL6{&)hiNP4g0a;Bu1wRFc=ivV)s+Cb$;NX&;`<4LLV6pj{>?zp8$CYQAMf>Es+<
zbI(w&B*<Y~LqJsylQ$n3faaIVnDyBHv86Gv;Ff%LA5`PGUuLK<$vb*Arg|xU)g=;+
zPr#{Oz<JW5Bs~M2r?QKb+){5f^8%`Z&2NA*Bm5T4%PeEklyOyc)BD5St26IwDD#MC
z`%l3@X9DTPIJgLfw!Z0}=(ldIox)Pv*G`cG^pwQacgg)_c{SmrNX_|lHGxykfiBH{
z^Wj3Yr-(*9h&AFB7A7U4WNiujgn%0+U3|9^D8wf}!8Z<JfDG{(2~W-jTDX1&=(@R3
zLr(yUK*By}m$eS`YCMqyxMn-$LU<J`81w^3Xv|`Yf25Y53565(ThH-TY*D7}`IS_X
zq9SAgIKKQVS{%Vuk4=*vorq$#>G=zZ0ZG!$NW+2hR`^W;$}5cX7_;{ymb>6PJO$xR
zHDEwOms#$qx*7-R`UIAU*7=Vpr6un8%LW_5(_g$OC^8>=JSJ`FgjN&+y)hUuFUo9)
zJX@DN2B=p`+14yT;hWqBGn(-O1ppE^8mPg0gL`n)^uZrb{c^q4dopa)e(5p$z@*Fx
zHfO^FH^D3n^yGZ;y&jg?AlJ#eqNR4=JojSoP$_4n0k7`+wo+wTYcxLPBj(UF@X&2*
zAJZ~w)swFtf}1xTae*=z4pA92OaLOps@*7<xOtXWcE7Xt$>%H(#?$~*Yts)8VY5My
zVj)1^BbuxbMfWwKd<`Me=G1;91jheOD3d6>Z3R6w&Z(1mdP!&_e@$Vx%+MWv7U@J#
zA(LsbrMjy(&5761W2>ed&!9l<$Gm&2QcU#p<VIYWQ7u_mNg`C4iPe-}uv>eIKy)fp
zJnp#)?MexWs;-(L@~n)2n!6$<q#$gv@GZ^hxgOs*e1cvCK-!5f3~5zKcMES2pt(Bf
znu-a0fkC%Ym`tS#!QMsyOOF><z!1=iA2JxdB^h?a1;tj63zFeyY#0*T{s_~a?$n%&
zp$z-?k5rWnI!!;$2HlK+AfD4xGpDKx#)bP*r>d*M4Dr~YczVoudN3Fp!G@|q9Cs^_
zE`)j-O43I7R%I`q6g&+>s?v}N26B^=*cux7BgeV9(mM*Duj2!58yBanz+`-sk_lbp
zV(hW*<j@Se>vHs2a$1!%ugu%Rm=fMUH>n>a$LwUsK?q+6mx&XP!kF&(kQMN{K9I!!
zx@1JBc0vdFtVXD(x5*)mka8)!rnd?`DNtzjGa^nhQbw8xLNun<%iex_@d_a!46|N8
zJ=bSYwIs;j(6>%242P>q&@PBt2pJKuT*g5hS0chM7c3_j#w{z#s7lDcr8zTGvQY<)
zU+2C-bU`2P&;R%xXLGzzJY+0J6<^*=A3-5`mkiSKtR~jbs5AYiA$|k1P?7SxF;~v<
z1<pE^q?kCCae5;1{y1l8`kgAeD9UqYRXs04J-gwlhwm8J_RU*wmer9X3S){IPw16n
zSq)V(dFkw~#m`6^Khqq_;TD9DuIuTM)JhvU(U>|Hl9LFp2@w|-)(vFIt~n6J?AsCO
zaSL|Kzp+k>Xc8MB>Xjr}*+4K|Cey1&iKJ7NBt0`!2TObD*-ZCesS7J}-?-2R%m=e<
zCG)o?tje@U=MyY_<gW`Ag(&<D@4z-1v{{%U<NF>7!WSrnkZEP@HP?@4s6T$&@aa_c
z>cE2pyOtC?+p$_KS43L7$z!s6()b&b7B$j)_p@(D5${5i+6*VE{QCl~dH#rM5GU|I
zXm8Z>?Ry+fKDShe3dD9YO(r`KMNuWyLv9oWVk1~Tm{Hd^b&e6a5)vIO1`&%Gl*EAT
zc%mQr{HBjaoYZkR7YSSYNuUowCoD^nALI}zRUWlZz}q}sNgO#RoWLM5#NyD8#(cZE
ziFBV$V?tZ|RPOQj<jHZ=hzO`>U09|p?4UE}zj)Xw7{aIPA7<@FO<*~hrMD}x!CGT|
z6wt%Pl{N3N3^Gjbye70I7TLlV))~nysv2wFKejV%Fh*ls_digiCvif1`LrdzP(99&
zC2tHbx`A?kf95$g{w(7$&&RK`1PR%Mp$;OxZ$P1Ih-Zs6oDqa#-<U`&dMw)i<N_rq
zY>)+70LF8JI}tc%+uMKw=OzJ38F^^g_OkI~>wg%mq-+a*gYn1!@=-eSV;_bu0b>OS
z4e#Et=jJ=B^L{Fe;>z&gUq1p8FCDoA-KWs!=|p1Qt<|ct4<}et!&W=CuB<>R<8SCe
zQ-wJ)Ae64EUi~(6(R@0iXa$)w{$Wxo?mKrkpTK9f=WxOn(R7h&z!&uTQi_`2%u~VR
z3%{7RJG?^DE#NHYDSz)}3tMTA-ckUfQDBeju>JMRwp;<?O5|Lsdr_xPTdv#}0HLr)
zF`NH4Vt44b_PJf&s$=6h*@KDJt6XL;umkTLKrjxvJO8?6K-it#3qY|9So|kob%(wE
zlS4Y*Of);4SzE5m&wzQH4hh!*{WOrNOKX62Q7=m65!G7d@4ExIcZUSD@nlIi<-UMu
zWQLB_-O*eSAk88ti3gS-J5Z1PWMoS>s(t+zaApQvoriU1ZP{14P#N+>c=w;IR_Hl!
zb7sAtn^{!yrJ<jQp3L9X%b&ex=ysW5o7~8HyXCEmqFCa#;gB7F;QM+k(8zy4{(gAq
zQB<NhbRAF9Y|_iGZvo?!bcd91X0}xhiFLb%FETi!kOUxi8jd2MXVO!TMHGa%y3Wnv
zB55GeX@mX(41Xa_kPf#eKthh=QvS&QL|+L*EnhcZpVcd*-6F)Y-HLQxu0f$i7C(j4
z0%S!)o1<VHozgp>78y!wYI4&nl06cBsHQ%M$hN&`F7aB;O)pcZOHFB%HqoMLrrNx%
z(<_A&zNwd+RDMy16-aa)O)HMa@e3V+y%fq$E;P09;EvS|9F@oUdw!q>Gn*-)6q%&g
zEMK>oDSo3qTJ5ThYtO1rXm8>UAFa9a3k7Ua<)roBgU*<!(?Zl2W=aQFV_7e!Jv+p$
z@9rqetoq1?xn2psY9QUl>;rDyjmq&gxzbp;?>}^D8f9g_3Om%19vc9`2Pks*>C$?x
zSJf{kCuaVg-P`ebLEyb2(T2Op&7S@}<jZg1Vl$Cw{B_RdkFL8wzU9rzGD=SF0$uuk
z-;FHH`r$6P$1xv!11{-Dv%+3OHfxS_KEI4j<bgVi;L8`=xjN*${jL-Q@vt1oGR9{F
z;cK=57M_*d+6U}cowV`6Q7vDevBlFDMcGU1JuBbyn`PF`+l@B`z)dK*0V1S=*_DPJ
zTcj~1{q+c-I3#i1>4}8l*RB+CFlKc=*cg0%?o^Z!GM=wT<jU|t3b!=Y_$2A8HPC~3
zNl(sHj?EK{O9kZDkV;M|lmrKt@s?>nkGvI!!|`VVu0&sbCVC|CKu)>hi=#(k;+R9q
z&_v*yN?FV^H}?>kbxN5F>9~L2h1&G7qF!h^W$U9_t*;BrIq;7z1Aa&^M;~5ylz^Ge
zHZJ`y#9CINywhrP(f(3Nau`mqY&N2}5W4$3QfAvPs1!I~Kk(l_t(q44t+*&~FfY+h
zTFxb3b&!9$R5q+71Ekv6g`;Rt_^toxw=m+}!T^wK?7ahnP7?-|E-D=d=41um0X~*n
z-+|5_a%%;H7Tk1*bbz9A@(yjQuky(-;y<Rm9lTnfBJ0yG_B@*0fllHz32#V>pGnJ1
z?S)IFav52GPDLnl3~$(|pzHSB&ZpB^+az(<(;G`Wp}V&d!mv>JT*FIo@xIPttL>Oj
z7OLVb$pEX0P_`xwUIYW_)fGCI=E9y$@8@cLVh$He`KdW#uXOw-c)D1o)YUGzFCo6U
zY)4vWC_Z_uYf{NiUX<gsjWvzWYCT5jdh}FGcBam5Tqs9;JwAqk{l;9X<hipyQ(e8z
zn(U=GjRsY~$>;WAU=ZrKq4fSjh;+8153=knb4vZ3{zA-2pGAx3_J$tYNc2mz0`&jt
zPwX?4)5Y|DStx_61T8GLS9i_-fO4uxvVBJB`1w;Jc$JZSVdzdhSBy`meAcLSJk#sm
zz{;gY$#W}dTPd>N%zq)XOxT`|?-lLcLkBYBu{xVG=_hYr6=zj0TO6Jn&A;Eu?WJ0+
z=S7U?2Hso(8Zt_4Q3qY?@0EXH3Wqq@%(k|VR&jKHPp+lDtQbWB?X+WVdQDtsJHg?k
zfPiGeYBx3K6D@nV{z~p>)y7HQ5><&bm(}h}<Vg+$wld^p(&~#;>JH~so&hJ0iFMz8
z7fmmAiVo08a5|}ntgd!{#=H*PeSL1gKFMaacLXl`VFlmW9sGRrtm8%3;rZ(SZlQ-Y
zUi!6MsdwO7o^_lojW>Ix<QM;^;-U1ZZZBN!AA*<W(%5RhSn&eThEFv*&z)TU>)Y9=
z67Ub1u5viR=qVVA^jK{!Bs~ccjA`s(T&eXv(;rjng|URqy>OB|aR6t4?O+b$J3@`i
z@heGYA<_{XTUC|IViB_YA<~&dlN(n10c$OrCri&An0BOr7>?P<U(*n=(D((msycaI
zpFb%lY^-MZAp0!|xV2_bomK4FyC0creRn=_WH{-<Ylg=XdaXLvj(wl+kNnh~7(T-r
zGcffFl6uC{Yt<+EgQ91@)?cxUcwYX8dXrAye4p^eYkY$Po#Dd+0M&mJHgd<c)=7Tl
z$Y*E)7lC*c^zV;=v)ms6B-Yp)*FrO#3phLNEnL}bt)-4~68TM>+Vs;qopbd4@9FIK
ztOWh>6+Y*tSIV9R`aCMN2f-a1ow}M*W5xcev<F++@1xxUsKYMO4M5HFQ5ctWFXcFX
z(>LjvUY+qkhE`We|L@u32I@NVP7b~{*zg^G_w7nBK}9vmv}~l+bVRQ}2Wocbfj_m4
zDe)TdSF-s{q3Ph`HImUsZl+uNuRynsPUxn98;$8*67lZNz)H{iRji!pl%T@+frOvd
zC_RkZ-lfloKCfd+pR}U0L&{stNu=(c&pkSTN3mhZD9|?>B0=g|8i6b-(eMtClTd-q
z27qIqZ#MwdvlX^hZ@q*Z1;cQVN*yAJe)<#mnE^Dcn&_yO94G-v!_1WVv`n~%Mp~f0
z5fGcuDj{&K@BVTB{5vLsPjK^ujj*A=kXOk)43eI(^Ve6QS6g_YFrapZ8f1XvYI>rG
z_YV9fG3}TT$j{~|$G@SVuD1UU>V{zEmGlU7=Jp5&POtK!i?rqHjgc{2^Lf<OD)C7q
ztpgolUxh^Lyt?gv6~f>4HOQ9L8UZXn6LCq*?AzW)W#BrUL$m`RV;YtFR1l5!qSOqS
ziUWA@x<-A!q>cw`CVni_SjL^gT^`uE5SeM~KsO|)nh<15MTS%@of>m1dBII|i$DE&
z#Wf+4QU+&9e&&6e4x+RVD3gE%Yo}&2?z{z5E1k;>$gA>40g*|)bU|l%7g~@~a#Mh2
zUyggne`o<<+D%CYXVg@}0`gPTW;J>>VTL^_@%S*HP!+0Ag+wtavDGa+`jofWm?`dZ
zyQmt<L?a(12?5WM5^OJxuWEq7;A^zq9qR?p@qAaaN>TQ!2PCZt-I3%4iR!h3TjdK5
zwd!iq5OQTSlw*dTxqc?)Zim*d33`&e-E2YP>ttpW<k1&$LNMqt=PNEcNqgm1QaXfV
zwf;j_*8<2!wUKf-YoOp;!pO-juBXd-aId46q|Iv3a6w6GljQ9b^;?J!e<3tsg5frX
z`1FN0CR&8>!d?($J|~{7h>V!l<Ghbwhq8p$pXyGB>&@srdIsYGe7gwFGLnD)@XF`~
z;|>cbU^3||VPWBd5o9oRWgsU1_m7XjN!j$>wF)v~UIGG$OaTD_nX<AB9Ua7FHH-r%
z$d$TXaf4o}R23FBR-hLJGe0&Cs+^C_DmJN%AF%|P5|9^FXUd*XWqI~WJvU~y;;mQ@
z-f5zq{;@<&HvhHw7Kevn518#C$ncYwM8qpq<kpQfunM?fc#dO94(yR!fg2ewsY3P4
z3>_w7>t?^Zb0o2Ynunp)RvatG%=k@aeM8O+K|z0~7YJETo>+T`ib)z7FZa!i@2X_6
z)pxn;u^!`w<k74%Aaoki|NK4EiIB+G9##E^cyBpBR3u8VkFCbM|HGxFq8!y)t`%BY
zVH~zkE~-!T%sQSwj@OHWK+Sd`V&pD&e<a!4gon*PvW*@;R#gjoNFXm+)*z=+Q1E~<
zrQm&{vjKuw%D|V7a+6WjT9eX6X+jyn*QPHB!Fn10Dcsd!KG$c#Ml+_wv=<DLjZ?${
zt?14C#*hUXfAU;CiWdg=nINi%E;Qk*k<H4?ZyGw8u&Vec#Ziz$1;`u8vfqD?eU^~j
zGNTP3<2k{WBo7nUqTLp@;>5k?mdq$n%^w)xE0LCAnbHL$iT*OS!>)iMC`Ef}uim@(
z6j5!aIvcgj(#&5>p&v%%Xj+mK`529L?0%@9YvFm6as%|}y4;!W7+ty=&Hh~UhQNO*
zxA||3loyp{&n-S9_wtNtPFg&?n4Si+ohrE^hLg=n<D5j*WxISek<Jq(=hR>$h_znU
zfoE+*Iw=b)K>%ICtrW^38-ApE{nEb~_?VGnpX=mC#m+5n0;-LNlO;tZ*R_vkKzq-n
zUA+!#>pT0{e_?@Jtp-#5NbCdXy$KTvof6VIO-y;%CKy!=I%AW1Rpp6pzay0X?YB6`
zteNY(f^o)1H*u23J7cP!0=F<j>qqf)qh-|SJx;`t{H<_pvpztqzz}=P7(aHuXQ5CI
z?FwKNLRkVt_aY<ywXuki>b@c>SDkH6@wnZJ(OTedp_U#jB%TQ`d|?KZJq*6+<bNg)
zXWs?jF8k9L@Ye}5MBMKcA?MS1Z#ivLjMShN9)%3EDkxW)-&O-5&B}>JED5x-H=+K?
z?Op|WtNsKX5rJusPRB21@SS;FNb2Qx_dCqM%3JFJowXc|{tGoErX(a;{Y$;=eERP@
zi2@NL>t7Y*L&m0JJ07y0&%!~(6v)7Ds;#3RJXen%2SE@|xRzFd#MIom3VJT%H(0Kt
zH=o?TijH>Yg!e0Q|6uSCFzeY~z)6r3HM*mK1GvWCUTX&xV8lkS>@ud8vWppi!DRNw
zUPx{}k=FsmKlEUWapmpwXMycOR=pNcMT{UwDi0cgWA)w0-dARAZ?0hJ_G)aOfg8wl
z{P;{9pIUm{&$O`(NIlyarX~;F9Sq76Jkfca&;(i&xB&)usv*MxL}@JKk|P_{$dBy9
zv|G?d_zq^?iSe02Q5|tO{(4EH%!lt-w#Xav<u_~C$B`KsBHqS+HDJ<I(rjqbI7rOI
zLg8)8%3i7CI}a*nrgkNxD{rt4XBw%C=Zbl^`t@5AY$GZW+|JAtl`}`I4GSO?w60;9
zyPg(6=s-kN9GAeFJg<$aEWj1Mds<{_pi_;+5=q4n3q<pYnDu<ZR@uIs^zz_9DZXwf
zul6&*b{=IiTfUm!`GV_N!fYAT1K*J8R4%Qg);PME2x@C9UXp7V<oV0+W!ITAQx*~U
z#JVxL=>zRA`>9Hv#gAH8@CIF{6!%BTAI>s^YS5%TbJL<CXp6_Ma}_f&FreL&rZ)T3
zW2vQ!?a~Ur2gG4W7xgm3^H~qNGs3e-i0okNNWupCq}u-hlRQ!Mwz08XeP(l8!g~-j
z6=q9tc*hQ)fq|I3QMkJ@3In2(`OWq8r>{|_eRpv3PSj#OX8(M)+a)EH2I)ZNJt7$8
zWRtxK1X<oAXuC?65r|5f4mn4h)RBSIXm1d~)X}a!K>y7_I}d@0*C&jFxG#92(ICs2
z*Oe#bT8(0i&#?MBd(}h(RW*ARov`XFeVEzYy{f@}3mjgH1I8?pTt);1?(M%O;$omA
z2W2<wf_!f~TqQIyxOa9ZNo>9CS9WH?MV)B3*4=44U=}Xob+bIWIvmztxYoGAuUBbS
zta9_ae!x2+lESs*a?g?tj+uyI!@`fgWrMq?d=exsIla|fb%YdidHLIZ3GaSpWS-R+
zjon9-`N+xuPKRlBAFR<{DM!_@L!n&-=F5Jma7_S4ZZlOJ3`*2yMj2EJ%;n^M%qYL=
z*d5~N`&ihondcga*+O$`fU!ZR*g;j{rNlekW^hJf8J$$I<EMKO)a;prXEePNJxA=e
zk^wQiIkyvia8Y1~kF01NGZ5=LeWyfrqlEK3C`w?a06m+<(YGGVi(stqmk2%X5*@cF
zwd=X;65T4VBXiZeyz_c!o59fp!+DN6jqz~^;w4@?gfzN!!r}MUV%*R@AbD4C?&MB@
zla(7wYfm@f=%r4Vo=-;$o?BU_$FIBRPMH9253$#+__TbkG4$9Tn#Ap@sk5eX;Gwaa
zJEaxM5R}jA%KTcMER;dhlY3pjE-3%BgDL=ZZcv9jY5SN{fAoAG|KK@Eb%#NH!MUa#
zWFWDu)+_YbOXeq0P3{QQ>Y>fa=`f|{(s+n)QYKXAN9|=<f-;`+rz4$h=TQ0-iFjH{
zgBEwO%d$*j4xM_d8_Rx5$EvGAkqVDg_x)8)V*KAw80}}j4&h9ZuYXtSWAGQEpXoy0
z^M^3#U5Ry^I1`Mwd}%NGfE?<QJ$`ekQR-azsYXlqi2S?t*CD*|Pisp3KX9EZOZObY
z1x^LL5A84c<voh&_cJp}tYbKFD@;fem_f_D(lMn1XNu8&fYv9fRGA3gVB?D5E{wnd
zvGD6REVAhK*<Zl>V|`sFD)a2szK+)BNdkJHpA~BCqqE1+9iG~s{GdbVH!As-($OX(
zuNSMOe5t)sH0Q_l^odvd0XCO>^{G3G_i^%1B|~9e>~D7%$bQS$XRb=Xyq=Z6tDFx4
z&R}X!*l~7xg}*#dUzsT7Iw73Z-o{DV^7|+;gI_vB%Q>Iug092ZtcK<j$9foTn6AAF
zV#~pRAA|U^t<_MK(+OG&Qnj9&^XuG(S2_NAWqFNRh}5*jEg_sGQmH3;UsQT`#HzPt
z<7DBt-MpDqFSz?e4f5P*sgsWjvCYRObw5IxRMv^_im8?N+lSneH*F_#1($9j{8%o8
z<2?l$?L!Q&Mvv8qh0oA|Lq6jwiLtlDkWw$zI%`%8r*q?6(vwRuP6EWow&^`9$uA0H
zJxRSZ<lvK+CtjXQ=Qae8i{@m$nuT1RywC)ZC8lWC8?pvf;HC<?#2@YD@_ihA5+cRE
zN`9x*QE|yzDbaO&yi%6$pgw<14U%*pSB_iD3r&XiXEMxK4PVsG0hOqd);UZVgv_7!
z9-CwESQiGV)M=k39P?}VR#nyEPu-#<>ts%OjZe~ho6kg_oZ%lM?@K^I<kk^LPo;*4
z&M6Gz=Z*Zj(Feu@Ro}?3u8H>}y2sMzBjcU+4C~%Q@cRo`LpUea)o3-p{Dw}T7T=Q#
z*}}zMB(#^9u6wx}mF?{21M|@>a&@UgTX8WjWKjU?p-r-$9sEfhG?JsGwVjGy<Nlag
z>Llc*p%6PezCJ_t&1Ao{A9SWSJbGDD4EnPzp=knOvscS+Dy`KIsZdor!Jsa=;1Up}
zEg`wc6<+KBmq>3?!B^2M2YU`~rP-j4m?v#wC~vRbcPg0R&@@v9Fdw8MiFyEaNulv0
zZfubokzG<L@c2jPGOz%r<t3yhKunT0&J~k4hm})#HUR)8*T0W$Rpp{j@8k(qIW&u>
zB;;b2;F7QOu%~az^&M=m1B_P@(v27&mD^xw%Rapvg!(G0a+_J^K-13&J723vR)ZEl
zN(Z$!c~B=dx<Ykg_eo~!GuSh~2UGjy{8VUDB)CGfENXx`1eR9`KOOtWcTLobwSKxi
zH$3M82!6NUF8>C2McI$_%S~nKZI#tb%!a7+nO!(<B;E(H+)0-K@Bj#7>%y)IiFSqh
z)%G?kb1kp_MPxr^gUl$!?Ft&Sr?4-8TK1Z%Y$e`*{dkM%wZ0SY7~bd&RbWiQ$alf~
zR(kUe3MfF&Od$3IJZ9E@B;FtB4v@wH;C@vC)ztZm36Lp8rj`N*eh}exfP)DlC4UO;
zW}qYW%4S4H0CdiCiFI)Ewp6Hp4~j(Xm1Kt@2>X5xQyCI$jb>0fPX(0D5C#A~r5(5e
z&+`L4n;@L%N^U!X2NnXjmpH(k;qXpp7!B&a?L4eOd)7pQG2E|N(a~xu2{Q45V76}h
zrI`U|C)U^1ScmQ1J!wly;vNcw;Ixns>w_^~IHi;{4B$~Q-Oqcbu_2+n(lR@)g*#A+
z6?)pnuEOm_NL*YQidUJt+KQ}#)k0x#a1izlO`@W`oF!C-@UPQgYtd6KCu50fn|Q~m
zq)tLNFfMPJ8g#5TZs+{uZ5e)&a~Xa#oX${>%80<OJCKuFD@CI=PH?iHJc77TaH11o
zN8AHVgdw=bsaTc?Y<Q0PD=hI+A{5$SLTsOAAj!vwP&z2#_5h--;O!vE7A#^0I{r`M
z3C5@t)D_?h(me<Jw_#y1|1S&wCl3GjUkEV*QB`0a0d+#Syo4Ivk1!-75|4XL8YBtp
zPIG$m&IALyah^?f?DeFw0J8eqxUPkWTo$|}Uva0a1ifPk3l>kv^mZ^McjK;zgY3u6
zjGM2U!Fn~J53@48`0j>9@ZK#93qolMK5vGrOfCFqc*7}WhYQ;h4x`ww5Dw5RD1=Zl
zzb`0WGa!j)`}zujlq%#ei)1q*cQN5oEui9wD5=y$fo(|$^xfi!r3f@u**2%6NGS47
z9B12p4Ahf(3uZ<Td3<f&(2C_IBx21<P*@#w5O1j{v(BhN(b#gKYw>HTj2vY~Lc6i(
z0!Yj|bgL*gAalnW;`PTTjQgq<JvE(L6N<M`2?15V=-Dl?PHIQtu#R&!YI|}1P(K8+
zbT^K|?z&*{Q~vBKFaNfrr-EVK`42c}g;lL}NFerho2m~?U?l#{YBXi!@IM9P1j+n&
z%h>ZIRMi}jPoKQ4Cik7ChHGTDfATfX`VASLj2Z9k%LcUgUY*;S>yd~6_V4(^Wh2g{
zo0Ku*J+VHjMW(Brk?$wz;8mXFd@ZWnC>8KxiZopz*~jz!M8JZDgOxPx3Anmq9xS#x
zf%967s<WN$%!c`3B+_l%=M6W?GLpxeqUSZxhI0gU_VD^}CmKSS^W#i`KP=x0`J2R_
z#o|X=s-nmxQ@smYgX_%glJ5b@22ISGNI|ic5auRE6AGaU7Lr&+G1>sg7||=X{VPNx
zd+QcjB0ZH?p@mP|_qy(@>pXh=h9#{?3_KMj48ZdP<=$>0Lg0&jUYTR0r=J1!xLax}
zuXq~A3VNjaJ9;IRrR<B-<LVR=TQg!S!8bKoZnFD>-}+I7{ku`UYCYtc>L4e$e%tRs
z20iQ3s+m`d9yb1+RekX6S)c)aQA*Gt8obHOQx`cN$8=~=5QOXZJTSiZOrd^=Q<CDI
zoEM;+fJvqGFcRWiK8LD+MO<%Zy?f(INmbHZ(8C}#Z+L_7!qOFIT|jh_dyG?6xS1ay
zAKmu`Y&;K50Tu;}weB<jVEL~$E_)haQO>yK!zgFp(Z6|=V^y8(-1mWVmT3o|9od13
z!Z;ErhC6=IslC^XLo$YHu4Af!>Ka2U6s)t7)%_7R-|bZhQXHa<_CTc_f%VxcuogQW
zP9IJ1=z_uHDj*6N^IpUdA`^H8uq<WTnS#Wxvwkdql5+uB$zJ`*e%&Fac)uR?ZUyK=
z=uyL)`M;3Dp6XFC9rmdYoOAWlC?HK|K}0n;W=xR1Wc_?r1dt@#Yi)G2AUshK#$rG&
zZq4E3pExaf9xYzoM_>F5X75lIfsaqbAO>tgtJ=qVUhY3AlnZYD3zY7i3E&GS2@8qt
z=GL@10%vl}xy7jxZx1L>%`3fXmHJgg{iF)mkMUsJswcdklF;spCJ3L-M~Sj+yfD1N
z%6KfuuoXH#5Jnlq15oCGQyM?~;nnl1P-H)c*_p(E(?7D0!-$<%LkmGc5wKiRx?oHb
z(_lvHJJ!<^K~)O}xm(aBOk=uMwd)gK!#+e~LBilC#<zowZse|Bz)`ILiP?%h(<Uwk
zBf0G3q%xn*)H3{Ps@JgB{6E+^<7K8D14A)sDwZmd$EpHl`KW6lY$ZePB^Xo2b>@pz
zjJ$m~)7#gGml6F6UggU^mxF*FR{k{5LUDL39}&yls76{Zq%hUVd1_14V>`t0JzHJk
zFRDk#83FD<4A;@;_OhY(Q*(cpM*EZrof|ZTW9a3L5{^X-9uo(jpF}OTtDeg24xlES
z`Mk8&%g*9(m$!eGZa{_Be5X&Y)kJj&7=cJ0By9Q91YBI6pIz3aqBSepetzz{zNKTY
z&UBh9tpU?@ohcgD3V@~$6B3AM&5+2O@X$DZWCdgqILU&Tzu3~QS89GAn!7(_-jm?e
zKuR8LPG4@ZXM?3#5kWD?I$#g#U-*so`Yd=})N6uSDJirvw)fSmva2vCQ%fdZR8mbn
zQoz1V-t2#v7O^hlE3)HgAC+#zEYONL#4*d8e}h$fx8%ZHX8~D~6@!~wi}}!RY%C1&
zUN**EYAqIf-r&!&uG=PXEx~y156RDkmHIiLgs1orGT4B=+O5rOrl&8yO0^F8*iad%
zJs`VzlL;g@?LKE;mjk4G@MRzM62VfmL(3Hq1y^G+SqUDI!`^|cg#QXXpyDgeUC1rF
z8oMEtoV`1sM<Kw%oXOua!zdX>lkJ#x;)1`XUCiDDC+1wliY)8<`MqHtn`gu#mz<AZ
zfTIenmr7EywEj_pK@!j9REkbjOt1Gu<7CsnvUNBFNg?x;l7+iJ8d3acoX?Rw_g6*}
z337l50W*%oK}bP5d99-t)tV1hfSd595KfC~O~*7LPxNkkTGpk^YEXO+p1))1CB_H#
zC)kWdz@BOq!>^c93q;d!_ZJ@J(+PPMx)3p+_jsG^?5+X2;7wfl&~@f%*W8JFtIb3z
zu+f`crvibmyv~guZid^pO#$Ta_HQOTwq?b&Togw)P0(;0v{p@V1$mOw%Sof7*6$Hv
z%~|xb=L4@5{aKaiEJsv7`(7+pg`%sq;HOh>Xo^hZd%Cl7?&L1ku<rt=<-d&^lqfa$
z+W8_f2eZb{6%7eSruMTUe{MGBcPefta&+0Rv`OFit)+kBJrb+%g->x?=CnpBnlG|r
zLbvscCDnIy$ah+YkR1o`m9PdX!$EORBJ^mU1|)4=1-@$1g>Xi>K5Hpm)+sobWr!p<
z*snGJbn4b&=c4}bPlEo5MIPHpjKP0wh9TDlHp*H*JrUpl;!*w4aQW}pZjR_7;aG8*
zYo%W;bT7ED*(~ulf4|Q0<apjsg!*K7HXw7#Z~bD3MRz|xa5wfZq^KXcfLP6c29~BT
z>DnRq+d>!XgV8^uEIh^3b=$J?PwyTmS9}WW{tKC04=GyD53E-@O8G;)d7#^d6!<wW
z#b#;Un#J+i-h*MfbeZ=Uc#>+8ryt9IXQ=*#Ok~-tdz$<w#qDsSvx!GIZ{4ObcA4^9
zGmMJ&tgP=co-5wYKFh^qzjlIZ1sx(*Jag8SXB`<NyV`iCf8d-!6*Kb3xpo=M$Q_ye
zA6I7`*5n_y{n4nDbc2K_Afcf2K%}IlRYF2iQaVN`-6#zMlrHHOkQhh|q(kWt86{E+
z-Y>uBc#h+JU;a?p#_sJ##;)@^&(A4|!p|{44}Oh>ccsV&Ibb(tWIBn`3D<`KU{17R
z>r9bJ0>Uy=E&ztC`xth2r$bvqUn|oL<bmWVYfX}!p>O`&0PY4S-r&aYd)trxU{InI
zHRh2ZzhVA%cLToS!FZCiW4CUQtMuPzi2K(vRdyRr8R~LjVZ(S~><d{Ds|}|Vqbdgr
z@4G4c%utT0=8?#@W(kMx^YWk4lJH(@6}wNpCXO|8NNDfYPpDy~fxob=OeZLmwucDJ
z`Acq`wGT?t+|GMCW4*ftU#%4sC7}<ay(=j$39cHB;_dbe7OJ)ZM_-*4E1$FFlj&r3
z&wk0$81uXl45&Sd#|w`eB$?OXYXmjhT^Rl8wi&P^VBxz9Cn{C9N;Qw~;UrcpofN1C
zv+4s*^|s$OUKJk5L)!*Kw{(>XxG61#mfNd5BO_0+#H>lPskCB6uD;7Us`cvq!<w)<
zn@G@<+4gx2>@fwJXvlJEvU*;6VC-Jshs{5pTt_Z|X*ThB>orYv#LFfq)4Z&FR!E=8
zpd500qvfp5P<F;apu&u!1_AA7*1ktK?GlIdIJEAfn357$cy{)88$9aS;RIfP(V?Cy
ze|Q{EjV*)b>$9!xO&F_|rg2#-U?SU`El)^9TMy2D<&y!x-IvXrlbwU0fk1L=mn?;3
zJ#*^>yoOOB1_TxuzcL7RL=n!;@xDIGM%E7r7qx;cc<*{(hV5BV-O0b$jw;h?<yuGR
z8zk_$(=1mNE^h{w(opf-uA7R*wy;;&<C&Vp?)m$Yu^NRs${Ncp@gG~OU#&s`+{Q@5
zYPV)=mdn#twpx$5mT~lj;*OmH#kg;SPl1S6x&--s9oyYx<7Z!=W_Hhq*~S?fWS_j>
zu8K;XHm$T4k3ESuOYyh+q#IVRdetF49_$cav^f;M9RnK6P9GTNfDu!+cwiVeP+RL2
zlN}sF5d)%{`sO3oOr))85^05EDzJHkhSlzIj!>sj4L?pW@)AA&u4f{x!2z<Cfq5fF
z2g>zBPA8WT#2`6nG=HG)c2#pm-8F#d35}VHZH&>o8V*TBBpeF9_Zw6B%oze!>KBxk
zFL1!VpFdUl7~9zM^&#MQ!W$>l&j92mr%|{n`|8TbRq$sME9OJr?qHW!-(9eW?2*UN
z0&0)NPsvtbMs=C!1w_)VNPF+HxTm8pEZ>85p)3JS*;UU2wES)iKPx2E{0Uf-N|j94
zdUXwi6aot?TL!bfFDOn}aM2aiH`Q(uVVmrm4qE8!y$d=Z7F?C0!RYwKpb~&bUCOfc
zK@yXgj33++$wM$?ZiHB<9cVb{50Mm$Uo#oPmpZ=<oVZN>hhU85-IN*kq!6^*ORvrE
zj(Yg44~*$P+hCiEaz}tTB?Vs8IB*p6gmRQwJ&#~?y$e`75y5)b^aMGmgC4GfwmJsL
z9N2!Y1VzOZ86QLgtM4vP-H6|9p<?IGXX&l)Ugl+3URwoqc{4+UDFB|+@4!=HCsNXK
zq%>*kRUjb9vRUxy2`J0kq@hcRBnbXsdcUvNNY6&(BWc=!lG@F<AiG->w$(iP63Gzp
zYQny;Ymu}H*<ra-hq@NXlw%utY4`FwYz0JPlMqS24?6h0zD1;?w+Hg+%SeM#a8aO5
zq(r`pdRjvtG@f$O2!>G1kdhm1=7lGW8xTMTA-L$^@hM32om*b-NPLtSNv0qjMEKY4
zW4;qvhDGaY<J}Ea{Yd1kc#}xp|EeEBieM;Drdj?iNh{~h^$omTyWrr}ZHmxVPB66o
z{~uJW9NWRc8c-vBPLkFTOm1-5ZFAH#)jRy<pbSu)@`~W*j>Bi8Cgv8ilB4Oa*S%%m
zgV%DB7*=&0_zfOAB@sK8-Fuy;088fN4~cpA)Ur!bzl@Xin!SAZ8ymcjv}bWr{2?Ov
z*ZY?AX+=aLT_=>3=-gD^MN0CtUca%vT9(gHK==q!l0WcQp2~-VM*-n9xszE&s8msQ
zk0h&rXyJY6^^F#OL3~!X%}C1V8@gK83qZQj*MJ^7yqH9<z@*RFjMWe*D^(C81NB?3
zWp`P}X^o7|IrB3v_+wtL{!+cebFGfOBm`en&Q5?Gyzf`ieQ{z#Bu>d-Ko`RM?!&k|
zXZLdCC#DTjA&HaVlk*aTUW$-AdHQWo<)_hjsnvu^j2#w1146fIBp+S-z>I2ppi6G(
zHt+kM$<C4o@6&-rXsq3H@+4-)4fVE1Bjolmp-ST8L<oqixZ~WD8D-hwJ4K%zSxLNI
zl9`*ARb#jujV(y=ays9tKS$8$DZZip_;qwe=7Xjq>r1&vF_EE$g<vpdk}(dHV3Wl2
z-*r9<Z<y^GqN%jtdMJY8%=}#z=7UP3q!g7ecs>mp=2>cQH^t8}g<q6O(z38vwbe^d
z;b%Jfys^GPx=O45yvJ_+d9_<5RYUv3L!Q`|3`K>qN$n4F25uhO+z4c037l;xQ*AO3
zdy8<^Qf?w00$<k^O~R|(0J#4md!oVR4pG2w+BMMmM&fB^+*$)f?=GG?@S>8~xhi61
z3^l=QVAu30R~2s9Kfrv~u#G(Q8kv9dOy5(f1ZTCdHFu|?PgTDL+?QS&4vDRT{NXm`
zj}h-{g;fBs$(o*^TjEzSZ&kI_6i|;4$XKo`@&ndWcVu23-A8!2?hK{lZ;2IMo~R_7
zdwdLm)h>%~p?&k^Qj_ruW@GEDo#B}ke~gc<P|`IdEL~GbUh#Gi*7I2%l@;~OaRh|V
zBH7;LMIqkT)5QRxX`4dcEvfgz>3;y7XrUi$;WDo*kDRY2zNFq@g>`Y0=?ffSfQqJ&
zqQt()J_Z>?ur4$k2t>&6#m6wDfWZ;v&zciERa`c*KA8Z<)WEzOld_=zEhEwKLauLp
zKF$-w8eKuiF$&3OOTJt)_rncQZabUIytz>bOsAliAi*Yzv%W6PxIM?`V5Zo1?)th7
zcnGeDVwc(Emk-V>ygjqobE++rb(l(yZ-7G{0;YdonSjCn#3iwjucA1!+<^(z7Ca$q
zcMGQW8R@GdHU`E}OpNaV>ngC+&eROtT$HE1I>w=2BQ~<P@m1||%P;3epAH{?PNj6!
z7~ptK2?OIKI>GM3Y1#x-u$jemS})5wq6L3xrNm5tGPGvD1n|Tb<J*FUsj+zAh<sN^
zROXBhDzyDCr<iwd9!m>OY=CT)JZlZ-Gr$_<Ze*XJ5_B&EY*WDaQAi9>PfM%KtObEm
zg_xwrpe}AdqT%>UO3Bs0`KO3|l9W1N+FyKX0sWj{9E_fF)4_corjo||wbtgxBuYW&
z8Kq;?P(z3E4%nJPn}k)Di>jp7P%&P?Bm@PS&CO_|ijz5M#$R%i2|Bcu`TuP&e@+)Z
z&TJk#`PunUQ^U^Rjcyrqv4wXtc6%u6)x==GN^~b$-%fAdm59zPO7FBO|93k*Fqy<I
zB5yhK)rqA;X1Z0qOLvZ`sNA@whTIrxPkcQy9d2LarfD##STFCmT~(;vsDa;ATB>&s
zeyUdQQ1yue^vE`BSJh@XMW7B_9Ui2P`cj#v2$T%Y_omWSi%mP(qNGhr3#RMhZ5><j
za_Ac}BW(F~O|K?Mf?z(7MclQzm;AHmH`WBSjalr5a!@r?c@CpsC-vOXtylfVHEv4(
z-6&h7v>~hV4;}Jej=eD`9<$v|qAv$Hn|Kw6=?Vu>!yIc{<Fa7`Ml{MMA%#bIM#eS6
zXdh1EYJkT9wP$<&9*G}YjB8@CZGLW5z%TA4xq*r!yyqyf8QAF>5S9x@J}Z{o#pG4O
z`LgeT*$EIj!9B6}{?G%D*kIHsk-^94&A=wKBJ-CQA2a*SCS#)><r%tLehDnRK@$~R
z{aSztt;m?pOjK%8v9<dr-Z&*PKeJLx!%(|cP#zJ*ZQw7$VU=Mq0vs-8!*$q@fkZ@j
z_SD{p;@R4VCi}XDKC@jNob&_6&=s>QG|0Pj_Ix2Fy1h{VQ7I?biFl~p+-Hu};f<t>
zTlmL+YO8P-o9?G=pRBj{zyhqAvLinCcM=7y(dz`U`^*2k`B~ufChU0YzA9}A!H9Ni
z1nv{G!s_9xL+$3=VjP^)Ldh7bcB&`%5=QpqWco&E^-o*cAjS~Jb6xG$90z#MMvOOJ
zcNrMO8dO$EFBId=TLUM7-81%UYJijcYrVZ3{)C<$uXu|9y}iQ2Da66<>x%BqGUP8?
zlwrh5aMc438@UT?<~T-u=n>74c6(j7HdgtGC_Am*e$TFZA4dc&B&1t?3%W3cI8<bL
z;Hv$#6SWOv5PFiu_e&VD{^^is{k}vR)<nCL0o%mO5jD6@Edb^!HwJ9=?TD3ArhXwx
z%4j4ya`CJk%zuZN+vgMyhnRwk(YeqvWW+j_Ht5Dr8v>`DVVP;zPdB(>=bW$bxXN<i
zcu1q=aN&6X%m7X@7!*g@<=^B|Z@H|ieHs8W?3_J^{ph@)^x;F<jNQfUC+uj4Y+OQ~
zUP4Yg_KrBPu_s@nVeM-d)o4n-?N1p0UrdbbL?138zJ1VHU#QY0WZ(a1Fv+XjYq-Br
zxSqiajtfd}xlp3-@O_DDZ0F#G7!-k>2;}Rw#ct7eqHx;a0m&lKH{7*Pli+9=bPUXm
z{vq51^myi{u5beQcEo|)dcx->NHMw@ws4M%hT`oF?jfk>A>a<-yE1U_7T~mV58UeN
zfFRp<6a@bKbqQ&;@2Z8hufoB*WxnkQjQ7vBZ0(1J0i$>SuiLaxyUG?N!uN0ecUdG9
zAv^R{f*Sg~9Cw<q13%g4+vYe#zJ;PQ0uA5~5_ZxKznUCt<4&-@c^gMR7-6?Krr>Dr
zG%UEwUo&k~UPw@q>W}!RjduB;%l2DcaQ$y<JNG4Ug&1&|;08{5Pss}@!fSGLhO1aY
z_`-ffU|<2TQ<;Vkeo(Nwc2NvY(br)c9JG~l+0Vq}Xce}AffvBGy{kjwh|A6Qig%D`
z4!-S-AQHDWe@cbx$d7==Y_*PML>`#HSB+m1s~uUIzaK#gcPH}E6w+@E#CxwE#crMH
zycBc0j!aBjbGODZ(2$vb5I6-~9T(%FgP)T`%?WenrzB{9W9YkH0R3vft;DS4V_30#
zNp#w$*8&XSSdJsa&7Xsg`-O*q{BzTrQ6<XIcWAA3)I1o9;u(J*I<utpG3<;in4~_n
z#%RCag{8_j2(rp(u`iQaoIP~)NxkL%;|7`anS02?-AHGof!d4QxBuLRFhLwm-?|<5
zc{W})!4NT8_ddqa7w42Zroz_d(s<;=DCoCx{AXxza`LZYjY5}xz5eTgJYXXGnmQaU
zo$G)Um0SxqU)yx+cb|M;-Cj4a1z*<E-Y&|lMDk-t+>i$%yFG)BdvLcQXg5JrB=sxv
z)=tkJXm_%7di%jngG^;0QiToKy?HAg@9~d@Q~Gl^gvY_$Onpk>ba7J9TKwsXw<voO
zaV&quk>F9YGmb@QyEpMx`nSo=$s@<yt(7ALmq{PU_hp{CA`h98dvC_6)y{b4s(>AF
z?%t1UMs0cnV4|-jib*x9GhIBwyiiu0QsEy}|2d2k#xCi!cEpdG1l=37mkJ)HsnbhI
zHIHQ?=8p8ViD}(PTXX1cH$Yvm$NP82d@mSV;o};Gs(|;kOv172ymO{e>04>5SfOD%
z<yJnIG2|2i+Bd){DFViIvztR6hr#TdNiPKEd6&V2j@16_r}5FBPpuhD;t(OmHC03R
z*Jr^0+@G6JMpN^{2<QXMW(oOPzXP02a1sex3h!T5dc8hyLmnpf>R=y7pS(U>OWj)Q
z;A?)MJK|IPI%pyumcT`tqGV%v*3cu|pZkN{bOChooPf+h_we-o<ElCtEq{1|XyT5<
z=ZYob=B?fPRy2AA9qAj(2$_y3iLSN(*3p94B*H|N5%H`Q59FL;LQ!p|IZJNPaDSS=
zz#Q^w_CE?WX%;9AaQ5|=XFT4?1jz(=BljlVv|q~>%Dqtj(@#^W{s*%{X4y1)pEwp0
zmlcO^*ZHhT?q=*AX-c(VlUYF))YE$ROT|usr!5MfJFCQs#IA<cQ=JN>dhdxL#n_=v
z?~q*&xyFH}D7@aZ<ljzYcQ-;p_NIxn2fJ!TP793JAf=u?5&A5@f|YGZ^3k|qA}UdF
zTp_G+xv?U8)EM7C(lQK`A?ng)H&*)9iUW*M#LQ-x<jVaRMrnmbyWxUAOm7lLnb*rJ
zm9-YA@Wa2jqK+vk?0|>2){*Ob_q?U01OU&@&atX0Eh$SAt`gCjDl|Eod?>H*dICJY
z6okpg)B~*u#|RN6u*_{FTl6hy?Ovdx1B30Tu^;G{_((z6?xq2tO73|7!U4QiYk?U|
z?GhpQovmQbb)i<J0kXnIB+>3L4X`CQ?O55zy#@2KKhLUw_cCB3k$~N?Y!!R=6(5O^
z!ucaGAwT}Ffe=r86+n-=j6QQe&#?TVo=FJ6NNl&jqWg=*1~?3vRUhc`_%a3R)7cIs
z?b1O<$Mf$(#kRq@4xkazO<~d5z)@=f5Q)Nqg~$OBmqLgw$rIlA1F8j>zp^q{`Bq2|
z_w!HBieA9F^Ga&-yL3N25l@NYPC5htV3JqMpFu22cs+)u@%4vmz);L{n5svvwWK%4
zV1f_)(P8u-Ol=#jGL$A!g5S0sc_ZC<O2+43Og#0}5T_92at6;ihWP3ku$q0i8=lW3
zBJT4}pPNcvjDCuq&z?N5mHC~<ue>`YPtucj%i?z2o)d}O(d<%4#3P@gwZ)Z?#9a?n
za-)uh*cVv53y3c8x-h=eO0|+m>i5^0%leLXs32)Gs0x|=t8<Gm;RC0eyvrOd*JA=^
zQ^Ks0LNx_Rclkv1iBJ$HC1@o`)uEzd&Ex!E+b~F`Zd2&6QMren-my5?4iStl3B~_^
zKOp0Hcm$z%7tb#^6CQsr>2A|}@<rz{vkhS{L#BaowX^UdhRM$dU}YJ?G@n-7K@lM*
z9SQ^@qHL7<dT%~?`l%6Np!0fw+-8ba@<A_Wb0UYroe!bXcKDEdXI}jLPOTFBWeF@H
z9a=%G{_sf`m1s)0t|I+%q$*xn3G+?F2tHG56Wv=!J|6qGs($`?YEzsQeLvHE3h?W+
zO9_}79Nu34s0hU)DC1l^e^!DQxni^$LKy7eB*8D(z|)%tx&#gAdlI5=*;U;Cr0K}T
zNANtitXl!vmNzCmPDRwy^yrD5^dHL${$PloGt~>gq#kjYH26q{_o(25(fy?Y!{7&x
z7_M82N4d_A>(|IzOkOLPi`((#>?p8w&a1F^tFQAyNOcr1?w+zj)!5+^P2GfYGga~U
zdub$^id3YZ-4xz#cGFcTsS%Vpa`whr`|NyhvXa4!i@WtcqNZhLB&BPO?5Mh3sBgE-
z`&9%ikYBwQ2RmLi<TU_*H4PVMsO7ezMp^RMMSdc&i@qIa6}El~I)26DWxFvEg9;O@
zkOBIYaq5PqV7#v7)IvvAca#XhcG0K6U_<Q@a@{ZmYQ=93MjEaImeVUB!`d?y$sLxV
zQ%UB|8HT^PBF=(v!bkcpV<tu0A9nNIdO<7v$=E`Dt<d)q2#4;;Hc_xCOpq5169<p?
zJ%uZO>6(P=BOpb<ADk-e$T>SdHB_^l`l(3T-A!C%TBj<@$66F*+C@|Kz$Bi<2zC><
zKlwOi>en-!-EnSRYnbPn=(=0nRwXSj+9s76-{X|D*xT~z(4@ZqU>?zIDW3N_U6aSN
z=d~JCpQJ_a*#%nq%^NwbTlF`j9E;?BsZ$zle-wAwL4|jPsuM@(sqQzS2ENC-HIx(<
zN$u|9MTtSnE9S2*JwgX1-BvXL#$T`#w77UP=}^>=4tgU7_fU8%h<k=_?3WzpLy6^8
ze+<#rgR*dGSB8O}Su_3VI<xG+3_%fw+hFKkU-JG$X{UBfVaWnux!e;?C{h$Ewq(=L
z<#sW{C)+vX+nerU#tncM<b}-@j<RsGV*^)R0N?Piw_h=}uuaVOR@Zc})a4_=)&p%P
z=E`7Phr(m)g{?8ry$3v>YOSUEfGAECwA0n<wFlr`U(Y5b22_@9fwGQ&{xIt~FGkMx
z$O5D-@E^~g<REYA4FdP^?<DYvc06x-jO&!;jFy}%PzrKyhdKobfkFFl6&Q;}RO~1}
zc1M6wyY<gRL>*BW#2H$Kczt#V9%=>;nFZKwH!*>M-e!kMk<>HGRN^23EV>cYNU=N+
zEY*@>uS~ENl#qNwFFq3shWHYq{J7|ms=DwFY4)LsSsoLRTa`GN0gTplqI%C5Q@*Pu
zw;25<{Tr`r?uj~-e;D;V&3~uHyJvy2=(ACXfNa(_ATGJ1h|cku>EFCv>t5inQ{5$q
z<h81M28d5JUYw_q793zzeB~-uWXOM{2Z*(2XlL>?il=}|RK@-yB+MS@8%st3vTf_6
z7wvZnD?LHu;qrr|ii-beMrI3q9@>z?<{6`x519$^402wA?ed&h+L|`c)XwjSCM%iz
z*VC;{@m(mcX^?q)6hA;-Oay4P>Hh8t(WT{66@eYODOlQxa+oE|UQexW%!x|&v0di0
zIJS+#z((9Hzb0N;pj%x-w{C#}K=I>3t@XM!Mf2-Q;`x71N<Vad33kD9!zXJDeEJim
zClMZB_ExF7EPk-YJa%|>68Vn`lcGn1k~niW(xXBVL-Y;AMJX1jMx7{$JhP}!4>jGC
z-qvI{s%1wUYueK6t{HN^ReRR2)rZh&sF;ng!++aEIN2XG73RvnW5s93cz>{Bc5rTB
zZJx;4VA{zVr4Nw~kN)#eG<8}CC9_viVI}E=|9q|Q3fDS1Fg$$Id}_L3v|kSClW_g<
z)!H|AfW4vw)Na(|&U~(8seHNt>dezP>k@?2|7$isVc)%k05TC6*<Gjnbsdds!fK`c
zLFg3p_Su5kP`|jHs+w3^)FPR@>+O2L7y|F2nr-pPrwc7>1HYOpKKpY;BMMreW|h1B
z2dsHFQ0_$vwGJNv|Az@Tygp~*SocsQuw;OBA>F8sUNo&%lEIe2s7|8$L{c8r_IAAi
z^d(Y$VH;bI0So_8!&?~N`(4yOzwDg8?sv!7L)NXcg1V&vcl2U2kx!Gpt<EPO^ZN0f
zgKq(J=vYs4teJiT;^OWp6W9_?t-A)ZPMJ3&pBIA_5Ub)iUsBe$l}kv4?C15}wHUs|
z*N1v%?U7b7<l2LBYmdSs4sFnFs{MP_i?0vzFwXaWF3`GHdkNEVBtYo-j2w=&cFpiG
zK?Jv`0g#3gu@c31Ey`$*p)UmE1yP8me}^tT5hVH2>*rRICvGGB0ZofI%$f63kjbTY
z$yG5qlr*>E=yj=!)wYG`ck+Q|%P(7C{=BxQDx2k-ElCHzns>L>T9yi-$3cI&*2qQ;
z*$Q7{Mn%6uqmN#oo^u4B&SE93PhD$p=$K-To^ue7SLh7q*<xI3WhvFe9=k-W_yVu)
z!ook>wqWvr;PcPt{>N|E&irL}Ep~BGyq!~N3)8>7k22w~j~52;sBGKnyO>$z&r3)G
z%CAXwZ=grJEn+VRlZL5>Cmas``3`#|iyXa#MC_*i#KaHSbJ|9o3GiiJLQ<>I+LRoB
zRoIq}kO!I|RhxE{r4sD1`5nmsuKj>!zqUUrX^Zo~5d`xDJ+X$K(b*#YUP1~bT@L~!
zVOAO7nRj-HLeFJSOx)+eq}d3rEJi;&JP7oKSxLg?VE?8isboh_-rTJJMO}@CCIzLO
zS8g0$LSA69k=RlkUf9W=e{5vaJVDMBm^ZgNi~pKzoc;ZW(*V+d^Cje6f+3@S82l1K
z_PFj4=Q5kN?!$Z1IT+iy2Rj(4F1A`+CkvFoug2C51%0`Mc&?<)x4_Xo7;VOdlic;6
zOHTJLA@ePlkTRHqcE;M$!P2e=5_fzFVeO(o+U&WLn_-LoK8Htb;Yu-Ou#Oez&`a?6
zJ36mLjGtkzhW^~y=a-PWrGLnE_<r$3ob`VKKs;ewCt@!aw$T!qD_D&M=cyb`gS~{{
zCZVTIO*px(Lq69D1K93gtePAQw}iU-ss)J)?X^W>PVBdU(9RQkTp4Up_(D$@y~J#F
zcEW6vtGAqTP=_^uqu*abG(3iIr@t(`u&Ik+beH)D9zrcRV+O*=4ID_;o_4m!s?^Q*
zzTC*&NbTHhhfV2$gA4!Q0}2T|NCPdK%%d<$gBwI(focF7!iqvKAp!oF+GBsyba=UY
zW;uXau7L;8xp5&6Tk1@*WuI6`Jdkdp!6ACE2GFG=EKn^D@y@vuE+I8&Z!pYzEvugi
zaqN6P$8@Sv;u1L$IlcYwMTq@#=EKHBT$ElyT)_kDyo6B6{R@#p*fi`d7Arw_Wnfck
z=M?6@W5B&#+w0=My{eVmYOcG4yjsJxcAm2T&owu`;;Q>m%}tAo6z~%Y=$~TjP}+r+
z;w9v>+>=K0*l)Mu_m+dS;3wB`ZJ3yIA@kpHR=_eKK)R1HcGJep1$;|8puu{d3t|f4
z>+q3$aGmr#Yq(?(AD<ZN=XoMH90q)6E+M-n=jK@W{L&?)*LzLjACAwX>7{oKKwRx|
zTtZUN^g+PYZ+ij<u|1ARn9-{DOZ~uIR$m~%yz2ae>jSC}xC`8L#3e+{{BUy*8hI+@
z^vJ8z2D;1IiL=HTl%AX5qNkx)o=Zp{h502U=2Y`p(B{l;A%;ZwA9BMm$SC20AG}=s
z(8j26DVxWgrf<)o7>=Id2;di6N99lf1XjETT&<1~2_HJd9quW=P=}rf^Zj?_-5#ts
z495-azJCcpbNCQUHBQ5JgIxY;qfE|)>EJ7sl(;15zda4g`qN<79wO*&uFF3+ZFE97
z`1uARl?LoW9;B~Z5)5ZLfT(kk=r?7H8`;A8Tta{=vDrru{6I}`p!acAgCRpdW3|5i
zk`sWQB&1wIn$D}y`w2m5=TfhL4hNf(Or&f+y|p!kiuDEGb%*l@zoA(&UyTr*)kkkR
zPWiB!EoshXmk=3wI;0inAi(9F>tX87YXX+ov9Ovk*nH=|hbX9U80G1kP0}MhY{K^x
z40IkTaJWAW<9i9)6}~|Dd38QOWt(%k$&tZPavGNqUfVPd65+qf2bU0`O9=i_9DK<C
z@e(eLDqz|r0tp>_b{6om15_IvT|!o~{x<Dns~)2|oBs0Kroz(Fj?@nWUUrT^vl^in
z=58r(&^htsolSD~r;>*k<{KuR1Q7ytA8^jiI6lXKl$zXM<`|D&%ylHXT<#+XeW&h$
z@B6;LzpxG>EO_S<@-+#Gn|WjmUCZjyqIo6YvGueMV^r0$fs<_KS$?S-;@R@o>I25S
z97s%Up?R_OmaT5*RnU{xE%@2qo5z@Z=Kur;`V9hzB8a1V<h?}G0ZkkytQ9~_Qeko@
z_pL;Jtb*;fSjBIxh%%oVKK?DIo^zI6_wq01p^$26?c(2-qq8Pf56m56H-XQ8Tg(%z
zfnwEsef7n9gUn#SLrL4SmrUW3Vsj3@8DII>kl%uXLVe%2Y+_4?5WsUGu)am1t5n^N
zR3YF0maq{uCZ1aSp|*MJjMcn;`IWP83TqvPLfPNKvD?8nb$%sn*&QWGjJNprIePFO
z5TOp3f;CBme>(f7x>rep-!k<3D5)m#(oK`^&3mwfb%LhPU1SY12uInMk6?(daCZx_
z%D|26!y%6Y#w<TO^6BD?>gE;rvb4KnuDag$$xU#8PYIBwQ+nS(R&OY=TK3BW>WZUB
zGVv_%a3qzoMDDyUkkR6he4oJSsQYBp?bv4S*5h$VhD(M-OjdfEj7sbU-5Io8bk0fJ
zlXMQc6N*QoJI=?ux6yXi9<z}upqD)A%mR;fQRoXXGHOeO#Yx!gP$&@?IJm110j~+O
zJfk&N(T2D!AL}KA{%)#BwawhI`%jD=p{0_2nf)BFoFv;}N;fMin)iYv^f*x-HdQ_G
zTWg|RDQ})WwFatOf_*_pN_n_>JXsID<NK<?ti83iv#vK%4w;@G5yJheK_NR|a||XC
z;Qm=jgO|kpdDp(~NyB4_(p4~^_j)dC4VYh!v?RL9F(0R0m^WH>WuNh>->#cDk=R3%
zJttTzHL8<of7oJsc9O_hJ{PkJ-kJpyhTl_J2h>V|)UBFe)vD+dkFWe2@LDzm>pLAb
zy4}7*74F?I5jw5mC6-*X;daA!z>@Tfqdeop8k*dZ4A>s?t6j{ryU6GLLG#uC4%Z%N
zJY;o`KOm(})(v1pIHT%r=NL=V%#Zh(npNaf>qid}Hi!ZRDp6N7tdS`=rl{ya>ZFc9
z(S5HS$bka#-j`Q-iUQ@a*&JMyKf*|^{nKem=4WL(5+i*8)bU6$O-3uJ;2oj+ZZQp0
zhFUkBcVzVp!eT{gL2e?M^+?A`(ET=KirGpKZ<Q^{O48zh;5nV~sBy9yK1_j_V$RCS
z+VK823zHS)PbB!-&R?p^`PkP+DW7oj;ZG39ULn0%Wj`4(Tde&4)KVa5E66xPBn9#c
z^pp-)*Qt(~0yT+;otJsqeIaV<DoLMa=WtcVBs2mFWCzrn_;juK2o^`48gu<&vSf?^
z^}k<6f;s2_#x1$)8!(W-?!fspOf6Pbc}ta;CwJ{#RDt*7riyN*Mh&Or4iLfcyN-kC
zlpA7e5>%7;1xr&O)~1612V^An3X{f~4>02;3bEnQ{H$t1jP(!@j8N?RV5$*J2w&w@
zie+WZQKtqxw6x;g=$y~bBU=X{^k1XJ274b!gU~|ejj2hHqBlwM%swO(Ej_<2Sel4?
z>|0Vp@eq*BHxl-Mn?)-YU#QseX2}t#VOlmt0dU)Df08+EjVFbW+H@InoQHm&)}n21
zN$Wtr{cX_QE34Vt`$=_}LzQ)G((aWZ4Ai=kq8cXc@AtCX4&35rbx%zd1f^1}1PX^r
z(!6nH`liafk(+*;gUO!7PjteILk<)eLw$S;f@K}l^I|zNL&c;u@swB;R{Cgf)x_u$
zS}Cvk<s~I<9VwBDOihG_GAi6Kpta`;!HYpabVvzqi#@m-Dk5y*P!Q_4Sps>H97@F>
zJQn;onhFsg$xXr)K0p>k3Q_-{PiuX{E<~0}Fi#x><@4OHh}uBu`ri-y$S)2+>0(gO
zy#chZ|NXdgJ(OrnXaK)9Bqj>)S-vnyH__28V2x>W(|r{w+-+QKb{lWG<E5FyZ}R(|
zhF`{cM7Im>rmmJ0=8WUrmg2uFE;JlTyr<wso&v~c{p~mTukmgNGsQ<oOGn<Ks^ZqY
zlP@REA7lGO&ys9TSCQf|8`b!Efk3cj!&?Hw0~?E*q9Uk#QsJYlcS<BvT}#QtLc3*p
z^ht$@pCqjCbn{Ti^+*!?dQN#rl!CD}aalo9rOthE2I?~9JkcF0M(LM}Wif=!3i5Kd
z^jVqn#w;!I%I@dc>qD4HmrIQpAO!{xv7x60kwh4&f;&lkX^{82s@pf2IZ0=<NTZd-
zzW<ZQ2UWF2B1$fUL`Cv;iyxKnaR9V_pR4RTBQaD}lbO9D_w#UBOeA%`V1bat*9XUO
z2H&Q7Rm#hF?JQ?G(!_7(M@b|*9HfH~LSsC4AJcR?{^ry0hLe>c?|_@)Rr9d6WOA=D
zT!uo0s~2Zqif+3b710LG3r0CzZhcMNMnC%Nw?S7bg<_vrLuE(HaR?ddCa{jM*xp?K
zDBkYXFA-59CjOzQ@!_oAl!`96WXO;|s&!_;$+D2RjrhKj{^WH3glM?X@<Jx_?0nGl
z>b@t<3s6dAI8Fm9Wm$v!Rl{}Jh=&l{4*8X9wJQVhq*7LOKT{HR3dEc0*jnT(rWi~`
z=3FPk*Yh2VevR8+IA1%^R6dwPv312MPCbbSWU{V=pRYm6VVX<*B%0jk9pG2{i~J*L
ztSFFL`yw5#f(RW2fdltFzR-8;zvH{I<=uVmYIyZ53`dqOj}>Lb&!Sz-?J1tSFzC!U
z$$nwF{sn}?%Jw4~N#w@Z+4g)&%h?(OKPBIHKUi$8_@yq(cG6K7|4kP1RrAQ?>rl1w
zOg)9i(C;=^laFnl3odiXtfcLw#cjZo@1$+_u)*++g9?C-g%XoNsKul{W|?w>__`Z}
zn)`P&UCi?YKs3`Wf^hwj`X!A*8*y_n<%yV74jiM<3aOl4UrPNe=6?fCYqy&`=ms;$
ztecH0hU5480HZ~+A8?mUG;z99XdiA~wYjp$A(~^`Zm4e8IaVYnBWiu|hQ@&A0+gm*
zv_jM#-dSxQKy9-x&3UaZ>2iq2m|9IW?1uALy9IgOjt9Yp1f!;t2vp<!RZn37`d08|
zPH0wnLQ?!I@5u=02rBlq+!Y}E^RN|Au~BG2QEr;pKR^PjHY&E7LpX|v-2;x3V#eb&
zlysKhyDKW%l@sKh40tDZ6>b1vH&FuO3x^dTN?HG>ZzWUuUF9c0On&dd%H|)bKZqD0
z-UU9{h*>`(15Xh18btIbSj2uXNWaK7>vY-ex^NS^w+<fZDj>+Y2c2N2-*_f%_bhOH
zCc%|6q<F+MvQJuCOI+plRsST^xoTO|KfMYyIL;&9KvEFVfIJW&`z4=_st`C#7J|m`
zApq|)QmKlHXgUtHVsj{5?*NTby(bB)b#tKjm(oGh31V6NdW*p+u*9V>>MtN+zeOy>
z)+VV^)Kz-EWns)zlL`P)iPl#r%^o^&zovvHr|{>dwnpVeEcn6N@MteHkb(&QcawE;
zx8pg&f>Jj>Dw%d_XIr)fU(q@hV9_i{`ZQnK`CHx<b_E8KFv-eSnxa8nR8KO1`^3re
zy2J8A);3q`$vzgYkWl-mlXoXS21`R`B|`sJ6czE!OUmadQr1GOf}%>TBvF>UrOOqi
zF((SNR%MQYIbZh2qg&H6oRYhAzJWl)YYV08j$%XBmUo7$K1u9SmgbF{+N9Lty=Ge~
zHPTI~`8+paQkvRBZ&%wIiw%Cc#`&#v#8x(jIq3WM5!-tu9{6-0GrQ-iBodB+q-2a-
z@LJ{goop80Bq=%DAGFj)MMOmR5t+g<AAOTu{du3&y;%2%&sQ3jyA{+yowZb{YS`UM
z*g;F<$B!rFl9JQV#yzMj$!fz~s{6@^tqiY&yGKn5O8r#CEf3V`&JN9e;Z5IoR<Yg}
zOKFFPf~01exYW_zKe-ph<1rRbR_!I}ro9^ix|M$a%vRXd(prm<i$1k2fw8fDmNO&o
zHW`VpfWL}=rt;afpkp)=#;#q?*(Y5y6!D4gaEoCeK{wK<jUoOP23Gtf^jZUbTaC}H
z6TD&hFU)}BG|%y>=_lUNly+;U4eXyYwmEkaJq%{0u^?go*g#^niQK4w!;Hhygq725
zFAG&Eor<L-?w3Klol0Q7bIFik^C`vcJwhB}zJf`-L=Z@?i`n+8#psXVKHQN;GT6>9
zCx}Z3v}GQFcQ4f^A#?HQ=<APSwBTvY<}Xad*>o4w|A<9ml_wsfP1GXOv=FC#@>NpS
zci?az$Tyde5Ht)oa?T3+8AyhfTip)M_s>nfQWEC2Z}@t5?wVihTT7m@w7q-5Ry*|h
z49<n+d3|uURN2|R0lW<j(C(9BN5{oIovvQrkEI9gr+=90*3@whM|+o$MUJ%>z=zN9
zWod{8w|j^f1gqQjrlk+&9m~0kj!1yKd5e4G#8G#)_&#FsCkH2Rbbm+x#eKuT873l5
z+S`^+QxABYf}nOb%0n_yrhKcNW(HYDTNCemAAvcGa(Eqfh<+1m*B6yQ*K$?`t+d6W
zau>mn%9rMk12QH*&stsTG$qDu-s@1{GsY+Zyu}o|gaoc%SmP)k?qf%Aju~${eMAsA
z7UR}MjCln1E|~j=jyK@l8$d{DxP%PX4K?Fb-kO{&FdyD9KiOxvuwvLahs~J1*++9@
z;O^eATYI(N;3n(>#T;R4@Qrw*^>gS9ENi3<=W@Py#O?hHoqRyD_+Z&c?a)WtS#)U6
z<Kn1uWCMxGI(mVO-*5gkIN+ALsX^TEabkB6#VsAwxU{+sd$bp?*d{ahNRs2Hc@xtg
z)+0>OA#~u72Qytv_=lSVEi=28<iQ(T=_v)G;T{mw8slOx|L-5-6+m*R<BZ=Pi@5fK
zw+e<P8zoQTy#Chcv#rJ@<W>fvt-0lEY!26nt?)o1vEl=Ft*EixQS+n$h}v*;21O3j
zZp2bD2Wy?+ot@(dYq{gl`+Gx;!eyZ63hpa^&Z?o{>cgj3gWZ$;S=dF~Ps#rDpH}zj
zmr;iv<?H`675Co}{N!nQplPtv3SWA)sFpuAK0$82FVY)`B$g^-w%I@E4ZgMq>Ft>*
z>j1YtkhG6X=8d%R%N#g83ubJtKR(bP*nik#vGpbGR<(~2jUIFW)u%;qW9-Rop*r|F
zgwXcG;?L>NOwdHauTH%W7`6=DsBntJL);R<iXB|tBHGw+iBX<tgk((7O_Fsl@C{_O
z$lZBt#t++lSYzuEQaAHBoezh!j-MOi56FM{bO4h({lt=+C5&i3J73fde936wJ4Mza
z0iPocrlBK$18O^-3-eG<ymPjSBQoraRZ;0AP?D@dz>gY-8*jJ72JzrHkP%pnm(_TC
zNyM-drFxeTn}!f3_Epk=^k%-?=(jZBg4+8MG--BWQ6l6oiyuD#3K`<gz&i4=g}@JS
zymMjolqCB~HmS$AFy+V~KZxe_z~(O;DMLU|n|nZrZ`~T$TsJ#(<eRN-lQbGKPxQ3Y
z`3{u-K3mUyMLpqPWykP*A2?cWg~FXUhoetQ=?}rVUPf<{&=wU*l+kDPZ+9?N*4a_7
zgJ)N7NiiUpIWmUo8G~QFH?1gKH79#}30ZQnAWS5{htNH9(=wwFuYe77j6xDxa-oL{
zJie_R{II6Asy5grNAetGZBKSoiuF+~Tl*|X{_p>Q@uE#ojuUm@jKGro-4~!qr)@rC
zc%9j2ANw&{kCqZR)~DU!o7IL$Y#Yv|Cczn+emYBP@hIx-<0uY_fDIzfg@6QOfOFAW
z!fxSwYl*p!a0kr6T1?&)`Bu28l};R-zRexn!mkl_@#GQ$U+w{Cv-!D}be6wKXRvYS
z`vX`3OseA?Sw3+kgsET_DKS}RwlKqflI0p03DC~8Po}bW{Z3#PT0t;k+}48sn>CMF
zw+91N-Uo8f!VS!PuG)o4og+}E>3y0`IU;)=V8W%rl6?b)2c3DbkH88WB7xtGvd{U#
z8%B`sxb~G&YPH23LwOgqjzeONI-}7C)rLSJRHHm(UAVW@gATD}Y34}Yf>CbdE^ZxZ
znL)`fA@}^efQAMHwHcGGg+1Abj)hg?U*_U5XVpo^8wj-VS4tA$LNDL}2d{@a9Y^S}
zpQ!6{n`17Z_O=wpa)irqIrP{#z{z$R1y-Z=aAl`3Y{XJFJBzoAjG@c7bG@a6lYYq{
zXpc*w-$U3C^bdH2W8p|S*?Uzxytex15#mVV5|Z3}gfYMI&#$ow+J~L6L4lV8)X>Bw
z<e|_n0oL}fW^x#pBM<PBr~YO}8_ThV?U!9(Uvm+?gs=@mJ>jRA<|PwY%6p9L=`>Ij
zX?`wJ*3NbKdmv6<z?0!dlxXcFq&G(KXC1b{Cs@1NbM2fRS`N;f(@{_Y(BRI#p4@B;
zVg2d3_P6lF4W4jhTjARTMZ|Nt4faahs6S7NIXEBu!}<tzEnXZU^ao>PawOi97C!KI
z564ZW2L5}R@?{yf-v^=%$4zb$Kq!@2s;@zK95PB{n^$?AePIq)5?EUYAEnyl)5W7Y
z@gDDk=9U4=rCxe3Aa#8PhAt>6g$fw~IsW2NwSU4x^H3&Yd`hB;J-GW?I4p!Fl0B>L
z@yt*4jcU2AWhGKhpLlhT?@ixVTFy8X)s1f+KF`(LZ$A&ZL2a$X*q4f1(_8mzN5kJS
z*?2?-L!Rd<Z{+~9R)!6s*b`7eus;K&H0v!vcw2N`wuA5DBPe;wscp<gk6F3tPri&E
zkAow3iJ=3dI&;r0<RK5mD*qb+y%fEH75Hi-&xAm5wN3WoeT<PK#hm!<q33m3$d<Do
zH|mlZZz|ci)P=+1$lM}6n;Pr_?P&Tq<RR}fcYyxz;oMm0Dr>7^fyei|qAYEAp96Tu
zq4SBed2Mq}wl|b5%3|Dr_Xny<x-)^$+bWJpe*?kl9T<t2?8X>8Y;pEyRq%>@Z+s;^
zaYT+}^(j03_s?J^YZCFw*KUo#Hq{MZwOJT6F=@ZwvIp>0v<%9=Zt;@-x8~L8{;J4T
zNupVWWT6FBH341{aBJ3Pzy|>Zm}prUnwR?t<3qyM6k^AVJg*NCGT7p{(28Gx3}kGz
z^~APFatkFN#}7ce;MQ*l+l%UaE&x3#cx|d%T$uj;EY-vyO?mDMYUb$QQ`sjk5;ZkE
zq@PXpZ-X^wgcRu}a64N{n}}JX$YP&GeS+GF+~yw;O`X)dse^iXY*Es^@aZogFxs7L
z>sZM)CjH~q*lO(Cwqp{TcAvkM-3?Muf;S?Px#)~Hy}~6m?SKmOMy>gJMFqArgzJ^2
zcx+=CyR(5|(5$y8;zVhhcp;1oG_Ij8wBL%GFkE3dI2*)>0F2+|2g~o0$&%Lo7q$&M
zW#32r&EknN0FmS5(5JnmHDmb(-c!KWe_^w%c^z;r8kH4#!F!7WaRDX^V!Z)?&G5o%
z@LZFU5}%VM9ROw`R14P*Xj(%NX6^uzzjce?05DpSDbRZ|??#Y1SnGPio2UeYk90j_
z8<&_WnM6x<me0Zp0fDjZ<hTJmKpB?oE7gkZ$zR~fx|b*h%>zmj$wOVw`&|T^1K?KJ
zH!jg}j@(r1A*{fj6ifO*9SBJHq)ou)mHVUD!vdiANu0Q!N8k_p-395fr6NbIlF8Ck
z2+4zT@H~v6paFY`#tvATBACcQv$y0ju^zBv*)|Phs3xUftq!z$+58mY=mYU6NEj$|
zi$ht96O)6_CwB#PJ#&AE29$jCq+qO<x0AhMV7>^3Cky5G^)Q<kIPBO&m5YLwfVJOI
zLfxXC*<n;CAL;dXy~ah~N@VqyF%J^9OatU2m2|dmd32nf&Ox4th~1v9vPb_mCm~){
zWC<~}HdF)^y+if*2FXseHDSkCRH9w0;A7^u2}HD9ilEI~m3h`xzBEw(X2n=p?73tC
zbLi)2roT@a`)<E_oQMDT&aV$QB#ZY7X?~2jZkP1zC_I1pl+=w&=LhFUyuy$AuQx-S
z`3dM(tceAK-^!omah7mh|1Y`}atDAmAhn#^cK{9}kEE4r@_&`4|NbT<!qZs|HibOc
z3Fd4dj>MO{!=t07q!H=OMitIwE-=T{5fa6CWR@%ZATQge(vWt*@ec9)l)n8?cv(r)
z(Fbb6`3?iRp_+T8Pjs|Bpga&2?{2ETvWdRydE&mb*RTKe)S(zQ$j2B@uMk<dxrgSm
z(J6VX;6c7*6$r+D<&XGW_rnAq@72=}bVD6Gn46^DB#HV)83m9iv9|AA%c8$G-|O6W
zi7o+w&6_UC1*zco!^aHbOxW5JYdfozDIM;A-MVVR4Ed``w81yd%A)an<2)4<{wWcC
z=QbYXD%$?gOX6TxFNC*voyq!X^D1MQsno5q8>`3ey<GQ%HaCdKIL97^l8fR+h(vx?
zB&C0HgP4=yQ8~X@mndI|OXv;PZ_ZD-ezpXM$rB$ZXw-5)eh^5db0ewW^rrk_lc_E<
zV|{8I53%BN1gpykuut{pP2vWhO&=14jZJRv@Ro^ux~_LomO0kl^$0tuX`fBz=#F3V
zi<@RgRsnpic9OMteiSu7z~`?CNg@XoU-Xi=4JI-75D&aCT8?t`vG`%%{iLDYmH5Sk
zwwQQ+ut(H|BkN7^nsC$VMEs+INAY;Gl)AwKsZH@qpQ(Mmy{~-L6nQ&u45qLC0s-m5
z+bIJWMVH%@h8(RR^)x<^%v25)2Wpfho^2C#epQ%*k7@anUI1qFa5q`G+3pn?+-qm(
z@TW-H_|((&JM*t!6Ez~vcHR0Q4FzYWe!IcX{EJ1QC5`KgzW4%Lg>hYK<#~x?-U8J(
zp?ThSZ`qd`4!Pv(Ye!xKMM~LRy%VkRUA$^`7cVR9_mrZk=zNHA`QIsPphU$+K3E{r
z%GT!v|8C@Dbl}J;b!MtU`xCzQ@O}kL9#Ju^ezWjF9eGjl$7~N|pRRYW_&%EgE5C+b
zf+ULJ9=g;D5NaC#WO^$+MyeT@nRFPb_aT2qYz<XDInKw*-)gH6yh_m2?M6&Ic04p`
zXaQ9DPiymRxl;mClYqd{(AUN)N^n~$SKwh2_jnUZkyZIVray-Msx3PR*&Y`2^Z3oH
z*E9B4T2#MME+OTZaYHG4T(y0ItDp3r*R3N!v)V<gQ7}F#Y-p?a<6CVwQ_CmZl9f0W
zy<Ov21n3oGfy(4Q1S79!G(gJAg4&&M&Fj7);5=3@pbe2Nt)$`qd9-9Z>vpO4Py!EI
zwS={sPJ*qJCxL90?bGqXY^WhP|K0<{h~-t_sH56}(W_;^9@KQV`*g6FP1JkUovHzo
zlPyCv5Zj~)l4~5R0T*PceyI6PU3kJjlZJUWzY}a0q^q$Vz&O+Z8gf21(ziE&K^hpN
zid`01_vyxf+Y2B(8Urg?f%i**86ZQX<%X$ADdVek3;L>3Vt_A9#oLGKj)qh}czodO
zr`_lOL*EKStfdBb)bD$|0KfrGiqn{4?a0;58&FwOTEykx$pF1+D&t)SY`X?r{*`@d
z?f1j0bM~hJH7`QcT=D11T{U>@OKbu%QBJbWp9xGp=3KSBH4Owan{|qdm$JE@%!W!o
ziNA`k&7xhc+lXzzg<dB&E);ES?m4Ku46KnWT`#P(Dw4*_wqm87{_Kgc$bqZ?uT~tT
zOC($0f*!wpe7X~vwi|oWh`JFo!oqq_vV(SlO>~a2=dr_TTm&Kh$TQlh{{F6u=i>bK
zapZ}dkyB!QEZkteVG}G$|74#j2`b!XnQYX~iqgXzb;Kw#qrKig7w#6L=;zU%w4>1@
zs7H~}=uz#iZk}*O0WIo~q#pe4Y`y&gl4?tbD=mqz9?~%p&y296x`gmd>!I|;ZyQWn
zqby|~7k#hOuH8~N(0n>L&)AzQZe)@_-_dDkWMZ`&!t<<bM{hTN({8$3JXLF2LQdPj
z^KNQ4_ZNz&is}2azDbecTn5u7xVd*45AJDcOlvpw&1D-3R#X^jH}<!X^Z|~eBC2z3
zhuWun4w=H_udwiwt^dpS6OZ)_f6;|`MT)1Vwjcf}?$%r=i<WgPUVI6R#7}e{GM(Fj
z&yua{em0qC^_&lzl|Bh6m|3)RQ#d=Vx&5<VyBYq5axJF+R-eRMqdid>Ps$oT_RZsT
zSZ2rES6S^{dGg3YA<5!Jxp8dNt#r`*8+8&$ixb(LJqby!8;S*T(6L76&1RnEdFsc3
z+i=vLzr?=3CK$aiTmCMTxEJY^nRSCM_2og*h|Y8KL%7q6MKm^1!Zy}N>Ng@G8SPea
zba=MadFQ~t^Dpec#h&HsDeGvP&qh*wOeaU&W~Z{G`vKZaJ7*7y5<aM`#`VSH4#%t(
zHjPXU+GmdAW!iIv=MTZ$val50^{5dOv}t0z)e?F10v^BdZvz_-+mq0C7GFK(I8{D@
zo?)A678soV4m5@SMjU$l`Cd1)8I)}%45kndoKyJ1{M<Yrjt65D1dUnwH@^{ND?EFS
zTf;4Yd1{g84La7%gTTdwVY?04f3`I~is|IrIsdhV0~P}QQ;J8jxWh?H`7@&V01oh$
zR?vOpC;+}wO>qf1kJ$9?L_ca>8oFhUX`#&gBL`(Vh7Th4jyj(o?!yxOJ5HHwT2hwo
z4JVAeU0Y4c8pXcxt;H1iUZX7K9W>>mzZWmPl*r>}m19^;F9bHq>JMUA^A6Kq>>%q>
z_t)J~|EL$q%BKL<!5@=NB1xdFd-h(6ce8)14Ivm~la%Mp|4(bzX73BfK(ZYh(!j6S
zTc!iI<Zb=yafiw7;HgDw(Sv#I=nk!6+r7gJ_aGEudF-Ez({R-QHM0Fzqko>!e+k^=
zoz0H)W7MiRu|Q)~<w_r}^qG|c<tOks_I8yvPw%ulCR~$n?NC_2RL=x=iY*c>HUM|s
zd=ly*dE;O^{dvR@`=^~?JRYX)hAHV=ryW4@s<&o4Gmy$jM0Y2#7u{~fWvG+eqKApi
zD$pv_dzDcYaKCFMG4Ko{8WY?xlegdf4o$s%(LKV~Q!(Qj;_&@ZYIW-FQZt8DFKhIo
zJa^}mvMB3BnFEJs@NqWw`7_wKSy64^$!uT^CzUD(&rVL7FkpSSNkTS*+aE@&I!gL?
zK?okbs;Hqhab&2q*<U}|`28h;&aWy1J@Vy#uOyYWqvS_Xamr4DDPYbz)s%P#u#rcK
z!a5h$SqFa&-J}VQD1S?mloQ8a|0fN8$Ak}d*({>1Yq-z;?&R3dJ;0<p)j03Iqh^IE
z`Q;?yRJic?n(zq41N6#HY`u>pGB<D3Fq!;{G1aschQ*t(?*@12Kv<KgE`ZpT*4aa)
zY?G1j`BZgGU^;WuJkhCU0FFt1t>}Jt%AerZTE^axsH8~mSmyb5j;7){t1{23JW960
zWjWo!_MEi~riNsNCAm&*>XB;%;w0Ba7vw_OYDJh|Vp7Nz&qd>*XR`9m{aqUATJ_T^
z>#hTV!>6hP#9ZsS{Qtz*(PVi4$h?;2c!#!$qyL#0BYv$#BHC^Xs$D|t{9W}*D>(u<
z+GN_;U)<7s>}hJ{eZ+X-wbVv^&6_A>N-8r0r_DwD<f4WQ@tZq>&h0Hbnr(Fam)5<X
ziTA9m`zD8$C=MIl*_O$|6799rVoKqiLtLwBLfvc0%^bhHw-Wc#j!#*dX#2bO1FcAI
zN~ME^@<Z&2^he|m{*9M<9Nr%ycz%qgJHULFvuiE598T`Wlw;S@B>nP;xhsmU%WldR
z3)Z>g-S#QsrwowRQn~wy!9t?a(jI%j-M+pt7cvoQVS7$<+-WMNM=OU};{iXoo_<Am
zr_KF=!xPlN`^p*dE7k;;^+2(RxpRp`h$otyhC$yyPo7D{Ln7-8P#(bRL}V{b*1EPG
zS5=iz>8X#!dh))NfmCYAX$BQfO=9oSd#RomxW7Wbhr=FAm--7#2Sv}Eq7xR~c_M5F
zXKU+XvDe2i{rh&ZTOc}hyj`qnRRzshV!HY31|FSlEmE~5K0V0WZJ@W=F_TS3AFckt
z)a??&`D=j#n{o?N>l8h5=%5Z*&aiZUR5cFK*2<Js=Y8w{aP{8dRQC`3|FLCD_8uXL
zD6&U(8OfHFSqO)$jAN9&6|$o;Bb#Gq93v~6V{bXOb8yh_<^Ej1@AbXD_g`@i_j%(w
zj>qfyd_0fLeEm%V6U$_F&YS0FuloK$xTZQUa{_iNI-l7zCyQ+xQCP+=0ZfzZ(Qm0X
z3j>&P{RMg4!s;XUU%B?v^>jiFmYqK3XEv-0PiFw2%UNTFHZ;_=3MtNZ^^}#wUhu_l
zRh?!PY+{^Y$Ke;z-hS~;6={X2&hSsau4rP=YkD7-2Hzd{d9|J^U}XU@+mMg!;C$|e
zbg2Xg=+Pb2V8cTE^4gVAiPP1=KM3jEKL|Rfd+&{%f9)ZHqXI_1k&RsQ*w~k$-#kIV
zW-L!y;SO`iX~NlhnvH1iEK_wR6PQ%*eqkB6pjP5=k#T`H4?_$0I)^7B-C22VuWYPb
znJx|OBVB9Wd7(jzahF@(X%GE?Fy~B!a{2MVnVj}DYVvIer1^+GabiEnYCc0xFV(lD
z&JNMYlE9F*m}6hprHkavmDVf1T@fO|+TQV03--j7z;b!vt~0(S-v{8OgX5x-zUcA6
znfs+hpe1D{_?_T3e?jjQ*D-tb2V|&jURt<V+?D&ZF?Ye37)NkgmOLbHD9qw}biw)X
z*X!*Zf<L}_CT8C9WG3BY^DHR^pYK(GyYkAGDlXT_e4kosJk?|%>wqH<$53(1t?xT?
z4CU_X^#%O)#lY}BbY!G_C|Y-lPi1?v*S=zC({^v@uD^e|IA-zZd1Ys|fjQr&GC7A-
z?|p_OC508vx7lhM>z}|m3`bXRXG;F7I>|bjJt53u+p$;g=NFlCa(@SMmT^3$RxMS^
z`eiBrx>}@rZB*saceERLSNvQlmUhx)b&`Cq>*2Dja=4)ZiY;KMYk3cdSw{4#QeZLf
zA|9%4@a1?MOrpM--@Y5RvGOx}m}z?n^cLfBP4@FFRRR5CkLZh$6X=+o?(mqxGep7t
zcqJTml)R}Jw)UUum84j-$?^;rgMgGDM3MZKd;0ai$c&TluC}Iy8O^+9-#>C5F}Ep`
zbnzn#OyZ7mVm0$Xb63YL7}44ZQ;zg|Oa+b5j$2H19n64e5iLrlJF?W083c|9206tt
zR@{;3AbP}B(OuK713-HSRD}8}d_dJ3Z+}F23&^JD8oWtJN{Yt8JZx|x!jwx}$k)$}
zEzV%9Tf2k7b^^qV618rRNd5GJ$^^qfoM>w6EvU#5M};ff+$%Ndd8u!1b1#=kRt)TP
zI4*SQ1I-NHtv|r`N-JE%Np6J-J)x-9^$e}N0UHA+AF{1$jvvjfmW+};wQTPF+?O@u
z&o}Lvas8h6f!r1aksJegpx4dZoyE;*{VqVbZ-uhPdwVT4b;fx-salg+n}*|d?YGJQ
zr~}GvL(WIE@53s+=8B!$L3W5%H2SV=+96jTXy4VER5E32fXvSgp6i`R%88;_C)uy+
zF5@De$>Gk7m&r`P6l0Hfe5-3hnnL@!mbUP<;-$UHglOCIT3g^JCFfCx0|DzTLjA5!
znH9bdeU{V4O4mNT%;qfy5GmN3SB2V68);q&*p9s(DAdK@AhG_-N1A=ZbZm#>WL(K)
z=Mv6sI^_DO5J%uI9|hU1uCbk;Kcc{W2w`%sfuFT2l>Ixa%9sQR@g2}=i+c#TO)miw
z*i~$oW-Qsh0olyaNJtv|vy~rQ7hD{q0f=fP`lC!nJPGk{^7HpGWd+Bm1MAKVUNXza
zAC4>vVHx10W`=><(F64682l`Yt^0br5MIv%ali+LA784_>j^4SD0B6FCKN&@#AK@S
zRT~+IcoKuxW!q5>F%=_G@4-NckX#A3X;zGNiqbP{GG=;}VH~+v9Qbz(Aay}1s%~gS
zGMgV!f{*dug?-Xhitf=ABX<1rJL*00r3L`ESpvE@4_D)&tlvKk33h*SgHoe0FBUe+
z&p~c#kU&5zuv~E9H?ANm$IpFk(euUXR@>|7?>H;UG&)iIk0H1x&s2%;P(M^8tuDr=
zD7=|l`b=XpSX-U=<|Yk{hcfDaoCm<38^n;psKX$%!s7p9S|wC6$LV*66MkkZ#P@!u
zLPAZUlAXeiFCvy!c_#u-I8wdbp3pep>1fybkBCHx5)<94QQc<|c}l*;u?7*<a1N&8
z5AJ~!$j2l&BA<36Dt9Fb6dvp=^YazzKU2tHI(Y_3V2|`v@!&Bn3@1<tTYgFXrVCF%
zGfE&qM)&bzU|I2<^8{0RQLV7zAdg#*RwKwo$`2Hs@XrlyJ)kx#!{xa3Brnc@E{Sik
zkn+rOF`~7r+?F<4wuq$DR40lnoNv_g@r4SN;X7SwV~pe_t*!#k&?ZOzwoL%FK<)E+
zfxIflvL>o$qOZ=2sc%^mFWIRE@xFNr;f`ewaWu^Mvs@VaP>OU0c3!(&e3yjT$b$c_
zwA1rv&nY=xZN_><y2KW9E8RRYOo%jPkkfL%o5yV&DaC{vF(E-EF%njY$F^vy)2{!@
zYB{g~hHuvdwbGzaV=mJD5{!C7cJO$jF+k*zOEI^3Iaf@v_<eg?c=|&T+?wwZv5?>X
z8qZuSjTy!hnGvpIBM<pwV;gSf&d*C^VuPSuFgwtXt8I^PA-E0(4Nrfy47u$}rs!SW
ze8y#@>DAkr*;HRTlRhu~GW1W=h*(A4#{@}yE!T?0L9XRKZktzeDaxSnrobavMEnSS
zfY{2k9CK!BR~%*i@)FnIId^JW7*df+^13Ya^`<0Df7G0C%GaGkY$R<{JhC_9R?$~}
z_*U5O$x+40=T(JUb=5cy_J20Z8vP`a?+XU1$7T2lu{Atkv02Xj8`p+l{Bn~(e`MCl
z?yAf+vQ%)UtkD8#D?MFvcIOo;4DqKO`#HEW(y2ubDa~S+*|2q2s<QEopBqDb!Smav
zMI}O${<4J+X##vpx13rgYyCr?c8Cs?u*J5z#_<y6c7L$10~Eor6X#i{%!vu`m}*Z}
zcY<G~j9CH|PG;sn9OK@;&sUFVx1Ts209Ms0LIj_~Ptr#q0yA2Jg5W0-(%o~^@}5G+
zN8B`4d_-c3yzaLtw7;i!-2@Z}G|vQIR1<Mo={tfZ+6l17OfMtg?$iVJ<B6Ly=(l9j
zc?zJDCUF4tFDa4^+-i~g#ycnpz(R)T$6_Cv)Re|+FI0AmxEdhRy8!ob_ESXqDKhk=
z<PDT%+Kg8191!9Jt3;b$`(v6v6JVX(uFW#S;A7ecl?}TMuf?cY@%HoC3+mQ(Dc3A!
zYZ`65?Dx4>#Op4w)_}m0A4g!RF%fv9^_t;SF)aUH?6JGvZ+wRiNLDpY3FG{4ym4z5
zZ7k6_@uS1wzuRgrGtNz7>7@b00V9i6_qoUJ79$+~3m@5U{MkeF+W*hjlW`w!41}bX
z0kOI-%4j8>Ui-g(U~^I5y>I`)q0L!zD97o{u;D$R-H9!C;^vSyEuHyaLdo48!9WJE
z#`Q%BVJ&|9gQ_98hFQutbID#UxTPizrrW4GR0YoNs|qJ~z;(VW>Qz0LLSb!YQ2pmc
zKWu8*rp7*GT_c-Xsdx27Kh*z*b-Xh^06j=g#O(cDyX=1MGG?+n0v1{}Wo!!!9QR4Z
z%O1szbB}71%BCaC#EnPNjf+ZRV?%t%O~jxTsN=wS0ml{NowZLToMWTR%rxAQdX+0m
z&PbKVUS^in#JDp>Q{7>`IAf#qC=C0v#GBvKSifJsD*MhqBNBVEo^E4li{tTjtWf-S
zeKhZPBHOV@U#&an?3ZFVKQ(s4MR24!ydnx?4aO?u<`t2+uaKj9j9B~|H0>6@$D~aO
zxj;^1LaEv`4nwl7FRe@{R-|Q@T&=?1l6l+Q{`(7pHXkZ;=?98cDXK(}bH}ouLsR`+
zZIVWM&#=}?vj%>mFxOdLR<UHPgEii&Ue%*#e$O=(wR>`=6KUm0&`;^H4~|1w^cv~d
zr*O@173uQ4pLVjxKl<^_vc7AnW#g(jy6Qb3E5BiE8j-U4EoM4Z`hk4BeANZ>FAiJ^
zFT~MH$15x@IlDY22lrZj?*_7<i01mq<j*$Z<ZtD0>!7{-nzH}S!D9V5=k{RSsM<;@
zzq+5W+q3Tv-O($q`wpqm;p~BWXDzPayjS`kr0lXt-s3RC?n^DUvH(<Knpx!7d%z2H
z3JXj8e~<_3ey!N(D>yngMsyy-NQ~$DD*SJ<uo`=}?_P_VkmcQWx!UX84hDunEQ-J`
zy_dZoaZ#*qwt2vhp%?P<M;=#*?2BER*;xMt(98+A(v(NTV$fKSl4+DhR?6X|y0C|@
zoUA!zU3@r)#(&<0?O7h8c3=l9D0Fa+>THf^GYgDnIj1CCxW`xCW*s|(b-I|H57B9n
z0AYwtXb0ZDMI3wFKKNVWZmRI-wN|5EOwPLHsvP*sf2esL+1VTLOX8W((Tdv&iaTET
z(cL|#_Qtb-xuJ{3pjFsfigH<1=Zdd{%ax7?iw056Hq-HoOcs>e(4k#>SLSd(@rz88
zntu7-o3KM!;{-!Ep99U_K~ICA7VA#Asw<!DkY8w3YN14biA04{+(s+;jQcBxPeonP
zW>uI5mPRPP3uR$aokW#WiUpS5&F}3y+OkqfyS;YSwSIa^+fMhPLq^cG>IN*wxPReX
zJI{3c#J+xQuirbAH&zA8Qi+)k|7|Oso_;r`VHbM=z0zi!O`mvB=8N4IrA#fF{(xJb
zzLC1>4vE_UDAL-AZ$6xe-rBj0wI-%{i;>YvI3<#su3_yA0!8&82Aqlk9yz4^)|T66
zu$>B^;ov4uvzhMsch=0Irri@AZ)~v5dJVV`Nk2sIeDLa%`hnFUOlOjG2H%%_4<p9i
zc1%V%eS6!v=CFLPS>#;i<x(e^`ylj-Yn10G9QN*p8#_Oxb`-Gj$n9IPE>OK|2{!32
zKspF}d5G=|T}5(Pas;fK;0c<FJk%~g+G0!bcIo;#H8`WJ1G+sf;+=67Uw3Nx7HH`-
z#@L;a9UwiDNmbt6gD!2R_Vr@Y#<F)ZZC8J;W-(&FZ>);&EV~OjQ66Y4%l#!fBoYj_
zS6)jLBLD1EkY_0XgXPSj7+F4OINlwR+kS(+P?i1cu<hkbu>ExjDtAcP`x2==uNCCJ
zluh$R=J(1Oc^id!2aWd5hj`k+g%V587#Noa=rK}0Ywt37v8>Y+dZ=K7M8)2{gWku2
zyNkN*&h`Z1l(cw2?ha?`%O^?uXb0rqvAWw?BJ&z!B6ryl^Hqcg;Y#a(pRM12$oko9
zBlVTM?#-t+qNJLcvO&jfCc8bMpL6CkNO2Q9(`*LJDeh7D#?)bMFpP!bljFYCShKx)
zdawDHJMug?_~pAFZ=H54<!^^AF+@<bk;G`ZOYtdZzc#`mEBZOZ-Xu_n(jW<xz-HU3
z4P~DTi<+0^>F+^JoABM5ak<R^v~;PPO&CY24-<8lcC-vU&F``fYn8x(A>teobBzr=
zr0f&-b&2WzY<=~EQ#*W4tF?#i_s=0N3NvFjit<^$Px5FJN*B@281YDyEC!r9VI4p`
zAk|Aa%+_|kbg&3Lx%*dso~{$~53&*yDa3$h48FM?!o8QjiF-1CS}Vw9Z;Tm83D3#5
zFeG?<vAW+PCvf?_AcYTu&G1c*TjJ93+F&kF!N%DfzGx6Z2<;ro7I3Gz6b)lr!mkiy
z-6ky9I`*2M_r^!__4@DRv`G81sH)XF%5s>?&0KbarylNXABP!rSECXk<U6xFBMyl~
z%^lu1{RUr#u0+~X3L3tfC`ba<<9E=W>~)^{+q2Q1%3{4EFV`h)Qf&CZ5Bnp+vjU|S
zUJHyX8Qxj~t`KB3%g~nzF-M4X5Kt6aeAwq{GKe=PM<L2NPfoh2SBw$GSV5$N8I4oC
z#`p}d*^#NO48d{AA!B0nM#bLaa(g(LYvKfpha?s}>#Ylr8;m(xR~qAfxtO%j**L3o
zLLt*KgYD)~>^hIt3ZKKx3(4=S=~u@wsy?g7l&eqgL`#arw@R#vhgl{4qWrx2BYIi{
zvq&A(+go%iKtI!{${2g0(c`TehQkf)o^F_iWk0Cw_g#y}FH0`3Ovox2C8&t&^S?i=
z$F2m6PLr7Lq`}$WiF6(IDTW6NbdAd=P{;d09iByBUg@`09O{woPGPV)2njL!=#uDI
z${ugqGY1OfXpumCF9t;D@NW*ReixFW4Aj7x6=3Bx7hz&g<j6+mKdqsmkNp7)2;-nm
zEmW)v@pOC?zuM@I$5Nt`o@JtYM)wc0^c>NjH>6t%<A(}!c;x1njGL>i*WC|yUW!w$
zA~`J??wPmDoJVZQwmAEgUe=q?vmde?^oRs<B=($`w6Ho#zX4UiD>Vns*@kT9_lOx}
zkHU6?W$fK|=N3a(BLKLdwa~EJyCNVAH$lT{#AX?L;Eq`VR4e1JA3JvTVrANHHnkZW
zdgC8tAdHb_jOcE-@UK(XGo#(Wp7Se^4f+Z@lbe#*dxM2RBWl;Dy6ecAn*Kp>R?c6@
zM+ekf28y<X*8y2JgLkvsKgj;oEXPyu13o0^ep)VjaeL*8osTcRcfU#IAEXcM44an+
zjy9Y<dDiBN#FoKz>ExbD#AV|UVm7n2MJDqf1aEl_1>Hq2p!qHx_F!0H_#FDo%mtNx
zY<McC!|nnyP4pS5#|xxa4ppv)@{5)U99Z`LH#DkqM3nT#*!e*D<s}Q@N5?~wf4l#d
z$%kEd!{cA?dOey~o0;p(iGsCM&6`}X%lDpIK4Q;jURZ9~xPfJ4@uXR&*OpIMf(@|A
z!Qu{w4kzPb7clP|{Z1S{A&m!T{;m^}9;YoDSEh$9fn0M{-6c&&I^*k2&KLll!uqDp
zoeekAA8a4FTycyFzVysC^a7!ya7tAGm>i_}N`@Lw&FtTsgZH<fe5)>a@mUo3*l)MO
zTi-2|3^bg|I4W6>nPPujVp9Ds{Hew~7W+N=wh*fzRU6V1r5?oS;%n1%MhUQ09qGAk
z3JRP<#a?b?`0e{9g6-uIlT}CG`8Nx{GCg)XDV7`w%FefB_Qb)@Re!@b<M^bi449V@
z`A{cysuyQ$Yu=>It_-#{N_LQ8xxnl62$bEPt2xt_4Y<@hoc_9u9g!A`le~I#kCbmL
zv!X*D5hloDlKk8bSe;6lYi2ZzDlHg5)@mmj6H)lw{g0;m&_NrnjJ%!QQ)vm8K<WBN
zuHVe<_Y*;xudBnlQvtXCc~zVwmfvsWv<N=7k^{V1*3wz=dyB>H=}V0$$jPuV7*A_2
z^ULnJvHcjnhR&=++ps^&SJx6|g$~VF^T3oRgu@yfcG~*nNdD4yZ{$>`bcfLxV?FzY
z9f$P)Q#u75uRN9c0m_N-b&%A+aqUueSEujame&IsAp5FP4I5Qk_XIk(yI(xM<OIfl
zoT#Yxnl`c_$DgP}t2IXq9PSmB6F%#v7<qW8-z_?my&lCe_(E^?lO|O(1NQ#$QoCYK
z4Gq2luru!?6OE;9Lld)Z8M@DKRf4ixwKh-C+K6Xn?IBmyTSJQJS8f=9kH*g7@6Byd
zra0rYF+X7iy-Z-kR$C#M0Pv~R#Xm@(AfDcpa)Se^Gs~02zxSI9B$?`6@w<R$N$54$
zT1BmK%z<&&T5VpiC)7`x9RW~Mgrj!80RTHhHPbUs0I{kg*YmzkMDgA&j=n2trE*uH
z)X~s=wt4q@ww8cND;=1gdS^XwsX>mYapvNQU@2NVr&6e3w(g+vlV@_!>suorKlBTA
zFe2ia{mZ6987P~{P{csT#D1ng1`rx90Y3m*IN!DAfV-(eCJVTfUAW}<uOCX&dlNlD
z_4@)~@25?x>m3j?F|>mGAkaA3_5cghPH$QV*Iz+_cZEgMw}&VE%%1E1P>NH1od{IX
z5wE@_0?%?p%^aXiKl!@IZC5;O9rY!cLdiDagT`s2`X<ko71u$+$;YS|4897>^pXe_
zxE7Ta6*$qc3Vj#Kr%%ZH%R|BoGDzLuH{mg;?g&ntXub9C0=C2~#nDu;{v&#v`IEf~
z!DNb?x2Ox2qo_0}UwmhZv2fj2WSXetS4>`|dd&O!t!^IcDL-wlVtU9}o<M@yZf*ka
zU=JtNLZOQ4acxr6Lr4U*JU-sT;wb93)J;@O61mirw)%oS)Gs)`64~L~Fy%57;}7R@
zs4INL$G`D^HP~28sG9ii);z=G_`m#2_#a8y^KRgSMx1$OF00HCzJ5=P{kEV8gfZE~
zkkX#ZC#YG*!g2N|`EhZ-Vi)VKr>em$pUf9s1&2}P$FB<WPX?$6t`A*?bqPKx;Q1;l
zhClvl%P>Olitw=TTibesyZ&<&f7GiG`mnWe-M55=(a*OdUN)V7rA_;JZt{zSG(}9A
zU?yd;@aNGzi^#k%qQ_;qcrsegN|Xz8sfZ15)Q?68l2}wDqN!l9!=`bg=bpO8)j7uo
zOcckuctr_?KSZ9eIY!|RI7Z|J7)RbAU}~_6s1MaOfAZ}WF3xMG!l>VD_UQyFcov1R
zWV*KqQ>+SeB^WZEkmGQ!Q5#E(jcYm8-8Ed?j4T#8p?dRJm${Qh%}tItmdq~lN5VKm
z!kz7#y7!!@l+)u!xx^x@j|rk~>xL;)ab(^6UK4kJD)95ox(Gq_FPHdFhTGq7c8-(3
zvbMRaU-;=uFhea^O>K*WQf<bPF;x|Z)rHL~SI~U9E|%e56)t`g8@6(%q1)F5vprE-
zt#;2RHN|_ERS2{6wPIh^p4N>gKKrp!8<@)#N1gSy16R%;q=Y(Nf8fzM1`(tC_mFru
z@w0A?{fMo*Px?R`p1T#t2stCBQeV!KB7-=-XBC;nuahdu_d%(Vi0J8f>sD%640!21
zuZx>36oFwVWN5)sk7FEX#2fOIr=Y?1rB4BZj;1AlJ3Hl^A!k>@pTT;6#;R+XUF+6(
z+0>gBt>*-tPeQ*-%kPdyRFJ#|*$!qphu!;cNE~g-=G)>X7;kKOW*AkqO!P~W8lCfg
z1Nn|+LXPf&<*Fa{z{aES{XU-Kw<1}K7}<IbYxcNMl`N43@{mEbZ)+2tMWEPpS!${f
zHvCB#812DssZWT)dGVDK(*&rUS-J1=O(=heeS2*z>Rj8xUsi5@Rpl$jJyL-RGog;~
zcw+Lg#uluzPI;|FL^YO5sUN?=T8kV<Q}E>t)`9d;6%iGImgjY<D691~TLDA$O@2dR
z-cv+@!wg;oE^AM}0?;PMYY)}%2Dg!Uz7w3+0>h`1Rb-S-B&-iXvL-bSRJ~?t5_)h&
z>*$O@CdgqXGlTbpN{0@9jg(p@t26y7xN%v?O>AByUqAY^6&@vN+N{Yy8Bg$#?WU}E
z@uQoBylN%^Lwg;^HwJMy4pl7%a0-;zp1U(-YIGu0jcb4<DWJ6qkND;e*#AjC-tkiy
ziR7yM9|`hP<tB5orn~2v{iwug<})A73@^OQs}Z`g3AD{-FIbdhP2;M}fp!_(sywXV
z3usgeXtlLEktvD!NOgH80v46lguBiTE@w0bQ9$`7Sz5oT)D(GLmQ&+cmF02!4>E}d
z)Z-kG`3QnqABYDvKDCQc0;*)MmFq3p2AeI&as?=-Vf`RU?rb?p*VDJs7Goqg3TUIv
zB@Vo2(95by_0XT!p9yfkwudyab5DC4Sbt8j=Al%t7n97(T{=Fcym5qrAlbR?O)&t5
zYMCJs<;+Fk)28htu*Ov^RynSeu_2ijdhI7xJrOTMZMdSvOF=ZqQCg#%Rt!4InvSFR
zO&?4*L8q;c8yzbr9)%6J2I(2G%8l$&-;%$bW#-D7w`23{TS@FnCF2K)J0-E?4U7=j
zr1B^;!l7X&(2*hEfkWMDhCmD&IQl2gt|<{(QA3TR+-Bua`^i>Bb^HdICYAnJ7giP8
z`FwlZ`ZCQg{mv9&|Crl9i2j7LWlaK}IgK)wE6j(4_gm1+Bi8z=yQPi+Nxua=N5m*=
z)q|N74XAc*T39Nif1(&7>TC`q`71^^`0STpS%n_f-MT?`w32fwNoTy>+&**`RxP=r
zyfY9b`-Kl49$MffqE;<9wp{S`uf89Zb?9=ATP8T3w%Kx1SbAQ7)Tt{#2Yvn~QQ+~-
zEFi^1Ric6A<{5o_{0sJYWKW$FT|&RS=O2Ht_USi^wR{r~Yn+>zZZm2Xgr0ugaILO^
z&1&o=E@I@@V2jypb&VITwFur!C~{Y%gUZN7o_(l)_Jc=LlNoG){q8)7-sGIrRTHtc
zdS{=FIyrG4*ljJH4kZRA!RXmw58CC*<IgCum<t=LOnK&0kn)5kT=^A{iJX<IQFizW
zpEjtk3>~t`A0E`5w#b8*<6A^$nK|r;EBTon8`tKP7vZbTGV-JyfBPmWU`cDoE8MGo
zd*H=BXnM)dVqQq|G{$CSD*3?CZWn4Hu#|t0M;WO@hnGTf?5pxSdq=Q<#H)?N#>F-E
z(@KVTGNY>S_Wc9&5?dhbL4UxRQ8xybg}GYIY~HJ%o9_Wx9dl$QOl&jzj_h|CWP@vK
z38Hb2{SJb<Q_`G|h&g?uVNcy#_UmlO0-K<FWfQgq1bvj*pKnPt%&dT$tdKhHW6NEu
zE2+&LH&r?7$fT~{+GseVlg%AE>;`Kh%c;q68><BIkb6a@+g)WQ*sJAVC*rbn1$6h^
z`wxv9dT6@(noVjD^1XHv%M3T{N*&BFFwRtGyRCl^_xkj;)YZG&eAKr~YsRyn03=cQ
z#pgn^qk7Ue8uv7cj)$pr^VA2*eElvCdoXtFPt#wOJ#dN(JgrEp8h25>=W%tg!KH2Z
z37X|DcTwkYK2Ka(I<t|}`a8hnU2q+rX<`OISSJp9w{ANzG-V!PrsKbp&*0sv$mor^
z+`<X7XxJ5)jzPQ29bX#Tp4E_m_YZl@yWsv}YckBIPiDmad5Ls1*dFqFB)hA%DSx{A
zu(I;OT=Jf}%T)Ea+0%jFSY%6rCACg^<?Z#H`ST2!h)!ZdEugfO!+Hz0lxsy6SH)Ff
z7>4F|9TGabr{dOZt<M;)_5|C9xHKO6e2+FBI24t=Qn}Rne4lx_bfwI@uMIQ%`KCv2
zJ@uhcaliy+v*b(6gP79EO7K-bEWk7_ReA@pMVm8Xi{cx5@KTgzDz$H5^n_t>5eP#m
z&tmHDc1%O2tglRH1l_tJ`~k)UiTQl)z8j*LTKGO&^h{4aAdSx6!GpjlKkG;&b=8|i
z@`q;5h#sn7-a$T~{stZpNqLsnrVfVByO4FHbboozr;J^<Oc)aEy-zAxO>DZE6Y$#)
z^#{UNeQDmABA)kFrzK~O`A@?GxHhfaA-fldcJ$7$(^>NyH<gSyWF_y3_TwRSJd))(
zkM2n11c+d4LxcNA$#xi9Zj26R+YTX@HISV)f=m6>huS6ny*Y5c@$m7qxW8^Jw40Wq
zFwYc|`?8lUd7>}r&tKtsYOGzBy7<Mob+Z1BytybT)}Rd!SVdx#C^l?@p|Js+OHs{+
zX9<3#KUvd~(Q8#Wg9#X;BAL>)UD2LY*{&Y{p~A2Rk`o=cL(5gtUK+lw&MWc&y}Si3
zc7JUi5%0`c<7ar-X(@K!oZZ9r1);eL$bBK0-8;b}%W+Z6w2rqo?0_Jv&7nUWf3t2t
zPuRO|F2y+hBB%k$(;$eNRdK-eokoD?4$k;jC<>e;<^I36n>r%#O>^yyjd^}hJi4al
z(Y#BvC}!3cm%VvbCOT8ejQsh&+&RoMTY+XSIgw~Q(t1o3x0$k~7vsA$FA{gC1X-ba
z`*u6vykMTCa<}7=M6e_g#UA92PmRnHrZG*jU%nwILGx#0b)~0e)5hf#`{jGDwSSPc
z2Wd+M1n+VJ<Qsb1*h-<oxx*AvUzaE6MKNi1%ng{=(=l!&;3LA3doK5HayPOpx<~N}
z9_C^sQC=|&4hmY5S|QD**y$Hno2wLl(-@n`Abfe#A{&oB;O;`;U_=FN*g9NKv`YXc
z+@x>2*^b5OBYq@oqFpdY)P%uf8~9y;9}Z>X+CFjJ!&`7j+@0&~fxI*fq*Rg0@iUV5
zL`r)=6VJa>;%~S5W;U-cc0O~l^OenoQSsAm2dp1rOqQZo6*$yI*K6~#Ok2!EF`tt$
ze$A5l8azclrAG|d<!OibqW&1@EyQQ-5}Cq)btTS7?w@Q$<K^&rYzq?GE_}j*m)t8%
zSMagpP&)3+ZcC{1r^7h7Z%KGl2%&Nki`L20_M$bSM%J&(N}oHQ`Fva4l8FU)jZe@W
zsyOg*dlCt9W=m~e>;~rfAB&<f%>DE0flXOk5oJkPFZSrMmu)Xz4RYM1XgV!0$m}>H
zN9uUqNFrq?kg7qXQ~E_)lh)k0ikiQtt!1;PAQ$q>czfdcffx)e{WV1{GlPm$SJSC3
zZ)Fde>8~;yY*dV%s`oocII%suK~s9Gb7%M>%>Jp@emt#6b9co>m=fRbgHqrcF#^8}
z6WTDTeW-yXs2Hr}<%yhX)wgMbSAhx@+-LXWlhRsHupQ%fPc>_!UScPO`)pB>$MMU1
zy`#kJy$)n%dbLm8NS1B|Y6gkiZo3j5f%9^$oN4AtFV5diro%h*T|Hc8QSsD#{pHMJ
ztN#%f=_@(Ml@})<hx#UxGR`6q?^6>E>3OX@FPXiWBif|G28I>yNwBgEF;>%*7fygi
zmc$s(h71{E(C{}`mTq3P&O{gAgo#t&D`x|TLmx?-N-b}>xF35@fnxCjbufzkpeKUG
zP#6&lJ(LTtxc1q}?<n+7U#TJApi>!Qk=??j^=7^ol<dO3!u#GU8|5`S@_VjFLv~y2
z$wO~RU2NjiViKAFl_EVjgC*TQve27&dckfq3)aP={z3QyhrDZ0vOS@RL(aHFG*L&E
z?WY?xYx2<pYo}MjJXe?-<@qSs-d>k0-34Mv=>Z0-h2EYnGdc*=mR~xwT#?^AIJ%%j
zY#bwo(XHt6OPjp{<kFt(mxdu0Z}2R6qFHJge|YNW**Ykb+4?Q;k+6%QQLDodxTT<_
z6ZYn;x#>nOM%vfvUFqdsGGd|YqNIKODt_%shvy2U)0bOm_Cl{7EnqF(wdCfnI8NzI
za}ug9%zSkg&#o-DV9AI-c8_44@^>U(qT&=_)iL2oTZqFz=BroxXYvF`e8BZ*Aq>5e
z-SrBV&XBaRnTxb&k>~q>UIX-O@zAYxe#HjSa2n<@BLM~=WfD88!uFPW-g$x@wu<J<
za`C+-cl;JE&h`+)D-Z}1-&m?h&K7-T@mH^>E*k)-_iX{j?F~7!MXQ$ZBiBG0qFq-b
zI<h*MSe*y`t*3$vnNSa$@UFMlg}wEK3kH~arrl>pkGCruzI8CXjEc@zCME-u@t@b`
zF4#0X#ZB*dd1hY+xxV#>x}k(>rW@Ac#rKvYgCnBn%w2bz0Pw2vF?ibd*aPIkXcFD=
zV;{R<#pXaUu|ZOj@Fx?&x6F!l<b{jEb5Elupssf)tBF*Zi1oz;1b2q0l@x@ig47wB
zY^~YgqtoV6<BmG(qR7M7M$im|6Ua_E7m2-}a0b1)2XQ(PA4gN!M-blAF%DE>)+A1{
z_uPkOL^z0>?%tJUaYri<ch`{g<+z&F$>v%!kGj3mGduGE8))`jX<|{J?u7!>i(&$o
z7Y?@37&cO?IrM&vPq@aLxubJ$kkOcx$01|~5=c$U%Bs+RKTlg}S3c$P^ys(3n{&}9
z@&RQ$4zWHbaY@!MF*3xTJf*<kv|5s|(Sy2J(e(EY3_~suTH5XO(oBwO65f19E0I(?
zBZhuwV|91^k>87f-!vUi4=J=miJU742;FBnAXbc4*Cz5X6fQX}aCfu(kr}pK9{bU&
zYurz`7AQ~yCa{AcK&{=6i&86i@}(3l$!h{EN`ybSXq~_~Sqk^q7?{sqKD)`ga9h=n
zX!M&D|ETQyxoS{0yOF3Z#r2nuipL%7ST9j<Y)6;c)lLl=FaeWOSj`hhuq91cI8l{C
z6F90OQe+|_5@qHHl205#9M}3M9!5HrTfi)Cr#Kk`LQ-@OPxkX-9la(wxB)-=Nz+GZ
z05-mD5&cPGg>Cf2@b*rxi?Qw+3aTl@Zgi<bG||Hb5;1;gz04D)Zl5W~C8kdl!U!-(
zohb_K4hC5&0Vi8??FH(xVxcd;{K54}Bw3z8fiv7){Y!<eXUeV{{)k9G!U~0q9=!<z
zGvZhmNSSWan{XmjHT5M@vShC1PQUks5nw<pI7UYl*ruZ2uBO4WzRkY41O6|b4{V+E
zYWkxBd*I>BOk+i1m4BRd^{PYEH<qIdmEG9vRFrV`p7%x#*=zo)T1<n77{_HMYEMDG
zwiGiB8Yjk+el&T8z;%pbvF0$*6cg<Xy_Ku-5q0Y!EwPjAceXl};Ybfy2r&ZA9~INJ
zohx2jEI?*+Wx6R8mP>!DD(@4^Ey6f{Znmin0e+<*t>MRZe<P0+iEFl_zOtn#63fCA
z74ak~=~NhGOmGW7e4!<$V!{zWEy^7@GI&g+AM)^5us0l!Lqy>tBq(U$$^Q|Q6O#q?
zkVTZ`LKSRPfYj-K|G{w~oNEyIp4?CGAttn<!lq-KWX5*gTeN?>Gfm#rH=PW#KmFiD
zVxFB8QHP`aik<_;Y49xRnSlQ|-35O{eK@Zji4DQ{6YKVW5bX~lj#YCZw4hN|Y?@n7
zIHr6%&EVP9J-3jAWm*-UOxTJoE)eqalSe#^k0Qab65a>vTq()L9JT{1QF)_W{vjMZ
znOe6A$W-e-sib%);V84Sn1qJu8(Mc4=M8HKgiL>M>ZP_-X`w0>E(~&ZjQA4GQ6u>0
zO|QODKCz;oU94)<_t5QOeRsuNa>dn%2`>B1Fd;qxe`-^l%nv3d5%)UBH>oB*u#n^#
zbgI1>S4|`H)x1bBd`Qs~%kq?!oKe^B=~Z#$kDwd$ww>b)J%nfjv5NR&l(B9~1p@9l
zPBPrtAn2!(m{QU4Wc=|&_q^umwsP@cVFzPxCODT-W<sz(wbL`l<*gMV>n8BOrDf(8
zhIcMtIyKv~!jk#@!H<;>42at_rdaFJZKkPTA%D!tovl`1o6|5(?6>zkTr$)ncV%HN
zFwzCNDcLrq(GcFcu*s4-zEoYYNvAi1VKJZXIkEm+T;)*0gG}F?)M{?Mn)$W;02r5s
zTm&Ur34z#29N}7gBa%c2$e_^f5Z5`vgBjKsC0pLN{2-I1%D!Fb=ff{$6V!(zq;<+K
zwNlMl&U3*?q*!g1J<kKg+8=91S;Kw@u>cPIa8lE&g3Fq;(5Y;`m#>kU>UZSMR^87t
zO^Jg$TAm$t!4h>=#o-R-&1I83A`h7a%NuLi<_<W6z66q(CN;isj;Z3f<bu+FqM4p`
zwOy$tZ9lFuP{9BqvQo#^*2c*DWT<l96bQzVvhkw>Uq7U)IR~_UB?~XBxTJgI_)b;=
zYyK136ESA-SF9kQ+-Y8wOXrVvNU`GzD85<VDg0R;)m;my&2v#AoUwMHDyIM_fHPlu
zLQEnM%N3@H3l1|W35rxVE<e_^h=5zl{7Mi1UbpCmYWn%xV->~$S9vGi+#;c`E;?ph
zGohna;5vh|4V@Wwsd9P_7Rod$yG?@WuM2cPTHk0^#z_1pc?z#)2*deVgxds`qpxXF
zD2Jd{XWu|s{qYhoa*vTaSAZm#;X*Y^VlCCx=_gkn5OgPkN$Ji6{G4yQQi7(}dt-sW
ziF;#yU5lPx1WpP*U6obIHL(T{2dKwI86=X~*qp=x({ci$CHC=;sh841UUl8FFXSe<
z0v;5BRqSdYj;itZGsaQ6&T{!QOUunjS6C?vnxeqxW*cRxV1dg;)4|n2gv>0+i}j1g
zHB<8ns0z17oRHErLgTe3>v-=A$7g`Blmw{dO>&<otUPO&0S}GYV#-$W9{98XX$2zb
zxVPx3WkD1y5qtqB9{yLCYgwpcnhe>v4raaav*)P(?3o3UVzI3*tK`=s+^lFcF+SC_
zuTSaql`=S|N%YdWCIQ9=X5o5eOZ%>~RzC-4et}vYDy+wW-ejU;lr=<_*M-%79N{d^
zo=SV2xe^Zw57YoHIcBb<mb>CLajh@Y>E0qVy;T18YB{QDifagVlHPwlo;XUL@N~f-
z%ZZu!xq7nQJ%GH*H5iUidIqIlAHa#l$nYC7<G(D1o<^(%xp(qyoahoCjc6GU&vt5a
zo`8FOsT^6l3C>u?j4NLSGzfBRri-Bigp`Nj=>yT|Xq-=PZ-RH=Ro$<?Go3+$l7Z~%
z>CKgTnf)Xyu<evqRVVq&Ipu80-=N*Q6Z(3swb;?5IG`b)Q2Y0^9@ZwM82uCnWe>~q
z){c@bFAgjd@Rl;T8u<2kY&QU&KW#%MRT<FT((eb0>zDtE`_QDt%w%z*60PRScG-5n
z)1Zf)R&Ko%)NS^$3q!Ezz(>3n;j7}}5#?T1iNjJTM910&s(V6scI8S)_waJzvK;7~
zvG=F^N-;;HHck(gpB(RBIP|O?C!f|Io&~bW*BrKjhM*rT($84~osEEb-}Pp>Pt<Kx
z629aQ{6WA9(%`dE$81RtR-icLxf3L=qz`7L#Ti}KJ-Fk)z4HN02+W#Oyl}5&0V6xj
zp**JGtQ8Ke+x4n-b8vO7#$hpopMV4u&C<%1`Q^#l#*u$!OKUGM#@+_1V;DI1c8>Qx
zV?7G~IaCch6>QFy|FE)x>XvD`Qj^~6Yk34992~>5v0LYX1O*Qdnaa~oTiKGbnUe0G
z){&UT4+q>-t~WtkT=))9m4Yx^PbG43!&hSWN@X2VDD`8I%o_kBiN+MXSO=A&_UM5Q
z`M#H>^j{fXY<8^z>4mbviA}o;)cO$IOPC>*jPZgF-Y|2t26_$o!aB@9w1vErQ#MxZ
zkkqeDK|Bf}-19U^lAuT|+Ux;lnk7T<YomY4R}TQL0zUgUMqdhgn*Mh19P(Iz2|l$|
z$7eOH$evjZ_$$W|npVD36Jw#xh+XbneN9%wO`rT3QxS<zhL`=p%>K}$f8LhJDMV<(
zh_NXXBa2pI_HyJrFNvAgmd@T|O6GaUn9X$02EZo2QEohZqcfH9&L(7hlYg@>A-jgS
zodcaKP>2U4_TVZ#ckMD^SX=cNn#)Ehq%78OnXX+<d-XOd3M~+ndhDzQtSdM6lswxk
zq0h(;Jc%UYc&Y}1T9-rl*%n8FwL?%FHJZETCQTp+=9}2Lx@>Huyxq0lZE->U4-(Ux
zokdqby1V8dXM%02=%}aTIJ@WR-eM?<X}B-(d3bBUqR1aUXtB9G7(grgiZ)X(HQ9J*
zj-Ej}DrF7F1?tfPCX&42%Vy@I@pQtUGB2lndc&UG;~1B6&8Po8gfYqNy}eJL3++&O
zcl+o;DjbO~=@>3L`6APJZQX<Ii2E~<s9PPc>E@dM4h))lIMB`$?7pJnz-oP#j4cgf
z+`TC(O4-iG>ace|U?lMOA^2I)c_d~B5^5VZ?4HfpOtyFOnxQ#OIdcv{nVC)fza~Wd
z+c4&7wY;zhQ4@=p%XLb4e`SR#ugPYX3ATHqfd?l{>qE_mlZf0A5z-dw;1NS7Pf%96
z@PHAUODJJ)NzD`M4DMN!Q~&#C=dY?L%e#C?yE#cEs^!~%+#Gfb7WxHa&Xt3UJ-;1p
z+wDF;NZyMU7gk-(qHG$p*x=*l>d;j+-5#2gZ}`2Itmq>#B9;8RZC={XwgJJVk#+Y#
z`$qthvSA2k`Y{X6xADz^qjy!8-D(do#CxqDEDhe}_)={3JCm8wy}mzrW4vfh?kb>d
zQQKq{has6o|C*UxcJEpwrb3h0@_+oA)W@z{?6|yxp4he}2@XpZ`IOI%3RX&bt;{8O
zaU>eP&wPGn+>hL4H^fIb+FIt44D!uC@~-N|3Yfy9E32X|Cn#1@7{y%`U<n!9w22vO
zo!GObME@bH7<DTajm<2>Gd*D_d_~aR`Du`r6rf6eG<%tqLxPPl+B)Q2Pdl;mMJecY
z{LIQ+3S$Y1#XIAHm=bxI2TiIsRCHa`!+5!dQ|2V6wK-UJ`aCG%Y2AqdUxwnY_B<aE
zx5%yLu_jaO?|6?iBG)&A`r^q(p6`->hkN@hO$)vvP?<Z{G+BFqdGP`HIY*zCk7n<_
z?C_4uvUxDm^08n|G^Uwe*rPF$;E+SyR{|0ZGm!dmWac36*_cRSR<#QKQhi`V+2qjV
zZ6zs>BEUv8-WhlO6u(P6$0%~OKp*UXS~Om?ZYDdi;e!o@6Yte(X+N14O8uRKT$fgr
zgjm+sJRKQ~(!T3IPE_AxtEz0PG2ZW=Tzt8gx3=r;-d~ABM!}`3SFC+6VBKS3j-zQ=
zku7EQ=@id$tN#_|?YgvjkTjHPhvVaB&hA6R+(x$fbk4UetHIrJ1MCJSdqq&&hf1{f
z>oAle>jf5_gLJX0f8Ze0F~+gkb-(2;Vt!+rk!>-s^!<%EjWO&J<};aMXZG+wL}R;N
ziKTxB(iOEX+8G>lqI3AivD`>o&V$`MdtTCBRx%m6?)Y}O;JJU0Uwudi|GE!_<6D!B
z2Mcp3A}&J4ZjQ12RT58xPP1n7go#ZYqdkPmkMvk(yvdv|4KZgc-rITJl7N4|5$<WS
z=IVi5UExrl!k71W`{{F6YZJ^Hd{cjuRo3b=`S2N@p2hDTGT3|`sJxAE32B#-3Rt^Z
zt?zi#(ZC&Kyg3GNq6sF+-C6A*w0%C<5$d{Ib2+$(M-(b)4s29<C3^kfaK{%e3b9oe
z`=)hkv#$SGzNz=HgUinmS`--N=@kDN);N&Ebw(1Z+ivkgN6;()y;Y_VOvKq%I!`K7
zKhK8s;Imfm0VjcaCI0>`L70p<>F9*Tn$omM-zeEV7e1Csq6Zw|`v6nQMaQ=e#Cs`I
zv%^!QygzT&V=uHtQh&_9{N?#{4Rkn@ZXg5<xx1vweI0ZB8sc9|iX^C~dfsnQ@H>j*
zCaXN5_qr499}D7~L97XPx_+fKuZJ!;AQk&6C8Gg16}#MO%fw6ayc}i1X50#V4B-w<
zgnSS*>3@L$=NX*??c*XDgNESHhevw#od=0n#g{X(j+;uv(C)!VC#6Gz48aduZ=*5t
zs)#iY9<LNvHVtm`n%2v-^M&ogo0|);e4i`hs2ofAIZcxRw~Lg=6oz49zR$bskDS<h
z660Ur-+>-|f;J3Fy*yLBX>95<?NIXd5TPkA(h$^17Qq|D>bdxB*}@%R29s=<LlR3e
zVF;ps-Td3Ka7MR2Z@x$b<w)qK@3{MQBR+pe9z@DSPA@9@r~R5yl{{pRJjxl({Buad
zg?;aqvnTfX8O>k7E|0EUQL5aohmwi0g#RGrY(m5qa<GVf@U$#^c<i-y_y&`7b$Z?c
zj9y>8&xD|7<mIn-Kd2AAvR(;y5~AO~b_<3b=5(zb`orP@t_FvA`vL60ANKAaBo6zX
z{nN#L{NACNJw+M9r!p->Iq|3dIfHWEspqgI56p^PfX?fG5PJ}qn?J?LW?PwcVG0rH
zp{O&vTIgFjHww);4o9rXH}<p5l@I=d1o^EaX0D7}Sq4NFh$v}P0{=lW;#(<K&sr=u
z_XJN?`i%Tx)TqnFy^BCJqJFmEN*4L_*jwZ1bm+kOiZXTWD*en~zP~JR<-+LDI5Y>n
zOPs{xD}<EiTxnhR2iLoNr4v1|@8jKiqd895u5RWHJ?SW7_34Sv8FWo{U1qj5vWQSQ
z(HcG^@FrevZ<+EB_$wrr)T3vt!6IOx(@LYirlMwILoD;}K;vmZoim;-|1dnDyZ+4C
z*Bf>tGy#fF$!Lm=YlV%h&0jE3Oi@XI4MIy_@CJomBpI<Usa}Rh-{D>$afQESuZzdq
zZ0}^h{jYS6vP1+8y?=bO-z;=6Q)rgk7o^De{ewhVyT86A&<H(jn$3yk%^x?q9IqLT
zzvm0gRtYKT1crxhNHnB@N+n7o8V*R>Azl;SocoW82cWx{Z@c)!8db*Vr_M963Ub^o
zesmni0<XtAv3ILhw2Lcbkq^*cB_$e9OG;N#EGDGY51yp0G@uxPtaN#$VP|O?LG`tC
zo=#!|6~Oa)<n`b_s51r!bwY_#5um%+l@{lp7~R$HF;hQ0$JoSjh@PsBax8fi8)vd3
zfs^K&=h?TG-Sh6Tqo<8*<X3^TwUmx*7Trt-*)OKW^&9AN>qwi=Gm$@TG4{U>?e$a@
zow;Sb8IzT0nEW`D@l8i%KI5AzoD*7llOY%BSSlOY3e_lJ3V)%)6|!AgnpG<#SqSf)
zwaNGW0zj8#?eER8LN5fgHj`@dK`6V?CqTihUPojJ=>c#>cssAKG^+)v^EM@S8KkhL
z?Sp7Qc#I7JGGmBY)~4?+-$0#_o(xHCBe_VPei-{?(1$_Bl!gu@z&;1BU;CuUQ$5^n
zL<`tO?5+_5Yxyi);my3hq1jXsPvF9`qJKCH+J-hs<nll(Zsod~B36n{j(oXYKqO#T
zlii^V(rcai`ut#Su!6&IHQ)5Jl{!wdiU`P?v7;UNE5E<+UY?`2bGTP4XQmG*TqsvC
zXbZl$vzk^}=?3Y7gzMTV1$oJgcuEVuHMg}98rJnp47L_l&$BVj`tkG`KRlf7Mpz{@
z;#!Wig*sBLNshp)El@VsJa7ZeOpmri-u-LGx|R=A_1j~J$Z=ss_OK4W5&g3e4RI3d
zFWr^{AU!6sORuDxZu-eqpJ6a)TEsK1$92`Ja3UWkI+*xN`+MCCAfW2>l8cP~(pf?O
zY)m4we=)i=QH{3X;j^F}weOpJuY()~(%`W|HiNiP;mp;;QcUkDmQ`>CaCpRc3R%nB
z7z2snL6TmJl9d9u6vEFwGMvCeJbt|6irp%pQ0G+%o#I!BA6C%}%N!04QxJWv<x^O=
zu-lYtmiU6hEZ3<WN0FFbMKFZ17+(_nLp4Q#7}u5q!iW>9_@D4x;@UJt59jz3<yILX
zke^G!A4MjG*D+0?{Qs-aDIXGXz#%c;3vc5k^A{_6*%QaCuA4p)qakFxUs$Z-hsP51
z(;DQ)j1+!@(~i8-A4;>zD)M5wT1t6$L_6Abt?2MVIK5%&A0cxC#d%S1u4T=+vJaZd
zoCZj(CnTgq4-JT-x|pL#bsxbCjc7*m@)9XWaIM66pBeI{7k!l!+*78l{Dz=~LI&11
zg*a!cpV0b@92*cOoh(M=efS!kTNC!uy;P->gvs#(9y%iRqiTL#L%K;w-jrPw*S3IQ
zPiWw7;kYk5Pv<k<J9&k<&p=hOlm0<FbuKfn=%27qdVJ!(+~QcG5_jcSkOO)}Ri5Wz
zYd0qv&4`ouiywB?b4%skk9%c0=`6Bd>}39PJH39HsErG}eXhim&7VHiwee+yaUx9a
zd)Zfk^ilHy6<{on+bS#ooAn6Ngh~GN35g)HOVwQHvx#nA1+o(HGKs`VeJy9}fyndN
zgo%UBL{;49-)qnZ4l-tiS?Q=GE#kZfWua93x0Ri(Gzcf3^A`RJYcL}P@yuMr<ctI)
z&*{6gD+g57v*|wVm6~M|FZ|8&O1<JlF<o64L)D*+b1u`ZIPz!RyZJ()IJ2{A&*O4j
z)NfkrYq^p!K>Q!R{SLSpOEO^)_+Ev<$&1rauSyEDG8leFaD&}|x6A>#BnfSIUV_jK
zBqElS2VgJ<Ty1>n<u`Bdy`7zP7cCM?(*>EZh!A$^1U^vp{Tnt4(bBq6U6{Sw_~PLX
zbxGp~+EG`l2Z@`6A-IunR80jDWYDQ|TmRmPH^Ry;Qa1lnUtgn5<!My-@yYW)YWc1<
z^+aq55Nqbe+`Wp*8~%am63JS0k4%4GCyVqcSjK8vz4KjX@e+Q=m5>~xoaHoaXO)Hp
zXU2daDR+-hTLy%f#^SJYvoza+$GFXgFRo$KX$p!mmGQvjhdKagRxGQWS(~08!ZiU7
zYlJ8_c#pmMkAPv_0tl5FWN-%n{+UL1)ErRThccBq`5ZfAows6%Ic`cNRGB7jPNPp_
z6#MC^fC)L{TGB-6d>Ty8QT_P3bcn*b`5B)RlaGd6i<v;}(Z#+UNS+$lGG$wx?2;c*
zTh3Weny|&@fTP6(DyF6&a9bCkYKPKoE(Rb!rB-e;n@YiA%m7CAz5;Yt2f<~A4_+g+
z?J4vGmm_H)5IX^$wNUfAP2BaGRApNHD0hv#9lAzm7j0gT$ak1k`zmRCop~#F{Po)4
z`h5jXvp*Svnd%6l&95EjjZ_>rP9Q);#Q+|zbNnzH?;I!;UK6j4Gs-DJ(`&z!#Vk#7
z&G&0ec%A54n@Ve>Af<y}gTA`k!MB>hMQ8xud}AV#84d2EmQNn(ulD|b>9Gp7qQ0M?
zg{Y3It0v9NeL?k~_??+BPqY{SKxx#@$|u7&E^5x=kaMMG@MTJpep&HQ7JkPGI_qlJ
zlGtuziZJt18ck2BVZA@yLoX6pW9Vs9%Y47PVDZ}zK+23Ex5nQh?AEdhtDJO4S&Pz3
zw^zPPD^7t5<9ARkv77LG!K|Yw_357R)J(sSgG!d+!3?6NErC;u8S!elEBA){h=XZ&
z*lcowH@%)}H$Jq#S4*U#S~`uW8%bmMC~iJ9sB)krO5E8sFI{-1(*{DN%swZ^gnf$(
zPcO=g&C_9~hdbgq%LF|B27Ksm@S>?sBkX{XicfhbOW)acwEs_m-FE&gUC_eKthnr`
z>qf2Oxq!ED+;WZ+*<P`?aMYsgm)jN8``Ule8U5265kQ`^g)obz6#Kk-$%NHi0W};j
zamIS_>K_E0srpq^PxQ-Jwmm_0bgTjdHYv|1%+Bt|z2Y~7wYh3W<1fmBKf9%3yu=Ut
z^HWI2I}Wk~Ej8o=e9!zBZlO=EC=>Tu_j1}$H$htKa_;xHIJEK7zUTJRsfG82Sw7%f
z2iZtVQt)zhVPVy;fkigH4t+I?_t?_ytlWX}*Xc%cO-Jf#Q|gTRX=?(oLxC>F<>{M+
zo{hTT?132QEZ#4p62$2OCA$mFX%q6wC^@y2uM4xV21~+B=j=64?5<p@d3cCQg<A}=
zQ9PJYKXPAl9Y3nN2x6pSU^VGIFn=ex6Zaw~8QCv{tO}2o8awC~mIa5Qw-fp5Tc5o$
z(&*|t^nC;a@;SIRnFUzaNf@erXl)1=0foOnrT>qmvkq(Of7tNokZy2vDGiE%w6v1a
zNJ&c%q#KlOBqS9O>6C7X0V70dMvg{Oy1ws+-}U;J8{667LOI;$dF}@qwI@}h->OqK
z89yd<uof{P+@7|HBR<&Ubu6=bNiA%YZO{hXrR<;Sr}L-v_(cfX?=~G)?f(*$X~)nb
zy(G7ZHk<G=!LMY1ri{SdmztTVyLzxn`mz8|^M+;THH5?hROa8@<m}fSvwDy!i=D}9
znX|E;-hs~jLbO7i$8BRhucL3a=N_*uI*aF?OC-Ewv9i+WvsV%a2V6wW8(4@{sEdvq
z1D(^~TKcAu7$lZ&^Ac;C={Z+yYfTBq9IuDPCA3j;e$|X=NqY+`t)<zFH7)QOht}Gr
zq@i>a4>1H@;u#a_lsI$RXwx5r%!XAChC3a5)zYq}#n;`&7OgO81r7=;Oeyo)HUehE
zV>QawM@(avo-i)jm~o!8H*<^Xbl7dCx6%K>xyTd4AEg|<ETFw^L%e$Xy8k@2GIjJa
zJE#qk+aoEX=RJFUu?Y|r;f^iPQ(<<ph~>RkXHO`~m_wKdj$YOy_&s7gJIUrMJYXHR
z61OOv-hqj!*RJJb;<SFrZ>Vhrf9k8py8XMV$!lUuyUK~_x&QLDjr#Z{EkxmbnKX7^
zU$^CVlP!CiR%=Ste7hmtJdmia5t}AZ@6EYnEA0whd&E+Da#iEM@8hzb#PhZ+uuMND
zebM$h?<S(@>RXky_aVSyysK|+`yzL$6a&u-q`f1=sQuchT58S>u4gSH3L8)L6!}y0
z+GYvdhZZcz6X^Pm>(1Q~WH6W}2j%Xm?LOxME5k4EMoJj}Ga=;Ymw52+O;MkGUjgAx
z8gs5Uvq-lcd)u#W9xG!@@ctuAyvVPRhBxjWTE5Hm$qr{4pDm&O)OWBo>J!=<Y->bn
zU1ZBHo-><#mzj$u`P$9>IszKi+f%~`sgGTJi*$R!1LH9LQJPGh>9uy3(LWaW;FXyC
z0fJcnz11oYskr<Bt(1J?N^7T8zY7O!By47=_Q`Cv+W_^b>|4ePUHF?JPVb(bFSbm(
z?_Uiui$T?(GsZh*WJNN9bEFmy662K;$KR2l%IM#<_x5FDh~oA3qAiu%F9tEp-g;~w
zD{Q9FS2Dpre`Vy%F!!@cYxT`lGwf=WtcAZR%+oKIE*@_piu$<GjdWkMbs)#!ZqB#x
z(rQkrc1GrrIjAt;F}oD7ZJrWjkZW;d>+%aYZ;Fx5H_9fmZjU#CGKSR34x6RcclD@<
zcjQl6BdY$y`{bfh4czpJw$D|%&YH%v^?bM!|5~@_vNpaaW#OKu<kijQWTUl#VQ^jt
zr?Eu`SMuBS``Ad5DZVyiQsMYE&Te~PxjomLl5tY~FZE6KnAtmv8=-1H3UT>`fz9n8
z<y_<|*i$|76tT@D91#MH2Bqy^Li8)=bt7F@1x>$l*|buqe_Yk2sU;4NGG+K;{ydgz
zf%OWeJ0BUQIW&~S_|z?>DeV)NT+4Fy)>953HwhX=1f^X`1X&wfvE6Vm#Xq~Or^zG>
zVnzN<h#L=F_1bU~yMjTcH5Gul<T1+<E6tiKERiM|?XOp~$bLouLg&EwZGxv_@=T&%
z9PM9nyfy57!_`?|vp<~M?}#!w-6zG5d#H!QGB9&D1QEJ|fhcMJST~xw{~#bn#`j&X
zV{-@E3U{=4KpH97ONig(6_aazWr@znw}~$8R>X5Gmf(&fwZa^UbCGLbFVQrO{0qrN
zIzMDl4$!9F#}SZQ4p6skRU;>Ej*369B*Srag$+cx+tfBqgNvXvAqz36T{jsbg0N$4
zy6b_vWZaWAGm?E9B^Mk(7Rz#%5oFI|L)hW38Fo-X{!*Lc83WH|A(puc$I!(cOYO0!
zv;!AUTI(1RK~W^O7fz^UP(b<l=;Ah_2_u|&?yW6d?t26>Byw)(63@@>g@?;+mt?n8
zw%aMA7F#pb;p_hI1ButSV48{Vl@<4>ZXXB=3xC}gvP`4(T$MEGiXdX1*qOK_SlNd=
z+ER*<`-y+o`#vyM3T7ksy2N~w-%jj+rrFT<g=9&wXEax;$k|ujRp;cV#4Teyfz`i;
zm1(_sPT!-BIj1U3|2gm*vb2|<lkJ%Df^EUP(mbC$SF!0GSJ^e6$KF+p61SSya8A+`
zYpfdS7Sjh3|4xnDrvkd`%xy_jNngCQxV^mke%?Rp8ym8A{B3pmIy|9um}G)Hv7F&`
z-DKd+*Yo-IE>sp8x><g^p3ic?k(XFs&(x5Iy-$9grwok+3hhaN@8ii1DbIusN3c7Y
zHW)^2*uR-(4?Y)Jgv4=j-wEENZ6^PDp%l?974NOiu;JQN&3R92^RlK77LT*fGfT52
zsLKxFxT?z7xKf85&Qt(X;9#7(DIj-PHCP!xGmsloQa3fHWHyBH#f_N>1EQGZbNeRB
zOAA9YH!<WXBL-tzrFFSagII;X;TCI^j8OzCham~xy>EV)T><t5;;N9}`S69s=C>;>
zFIANa(|QeVCgT>>!;UZU2Kt)Iuj`i{g4{Q4I-3NIhd|q{@E@1sVMWE@YL1d=qg+*w
z`J1J81O{S~`6Dlio~x_R2dzB}R<~^!efzh@yJb{s3s}ZD7JK-nvom}@r}0N?CnUc-
zy*4{;AITSS9cy%@vrul+a_eN!f46qay>};mHvuGQXJVGORc#A|vS~h~>g=vS7v|sb
zaowdufBwwueC$$+jqvtH<idF`RE&%|B^~8G_AZ`5Bkbs=b9IH$44Cd0I}q<zrMWLg
z+9Hk-wojrYLW~c79%~#PR}o8ZFGV1>EqDDiuJ!La&NI&aDk=^f)e59T^IX<oS3{Rl
zF58UM{D*FS?cXnnFBsPb7!b#Ayw?J=CA&mvHopD4^u9j2(@0&rOS*)*oCla9rSTdM
zf^Jj1EPYXR5*l3<8UwK0Yeo^ot@QClP%6Uj#%##~&YS%6J5-k8RU>20&s#I;!NZ$H
z@!Ngjm4zE314bPpW?#;M)b->suN3#gLUcKD5F(RD4Ot>uFEmY#U}d~x%(Fo8CB;St
z1H&G<ir3RAKtWH<N`mzkq|K^Qc8*={9+1;l-A}VT*Wi;dMIF*Sfd;&C&uU~8hwn?H
zrMvq>-eeba{_hrE8s}sbY|_~+Zj5`d{ldRyY@3g5!NDk3Dc$|Z$5IIGyDOI7rbw38
z(Px71{X>2tEubSR{&?iesnK}X_2a<bgNCrNnQERj{bc(qAo_BHhfQsh_PEb_MoV#Q
zmw*dpW@-;+^}ssf>>7rKbAf_|!FuZ+p`XRjyGgkF9L}C3<;=)3fM19P*;>Y8HQV$A
zaE?>nj@wA-5z`0ff0x9^-Irp}2CY5oTcjsDtQ60kG9fQW3!D*)fGZeZHLve2AWTE>
zpa~5askpk&o2_eMPeXW04dAoXB&1o;QKTjq*rgKkTs8R{+niHG0-a#$_tWS?GWEZ)
zsCe`wZGLu)Qa3C(<W-G=YV~KzBZ3S8&z_MW56bL@*}2ecUE#1`@+si-Y9zoBQ8lrx
z8T{o9exf-g;J=qM6qSAZJe6)rXdY9uSz*e3zE{o_^d~W?&?)TognC$Ld=3>`pX4qW
zr8yLl0f<FIFn0uC5r~j@q%@d({nR(*C!H)@o>RR^3%Z33%FjT!>P+M}6RXkS&%aRJ
z`$OTN(ScRJ%9i^m8N)kZ{E8cF$=|UK`(N9V$3cHw@tf7k6C*-W52AS)(Ar#`3N8{Z
z&&K27{RbG6T<$l8DYx#NCJ?w<Rk74DF-N_o068)N(-1<{8hcE@zN!Ve`08flUmxi7
z*Ne*%xnO~Mry%+xP*SwQF#RfMC`#qvS_&d+XlfV*Mmf#mBKt+4*N8oF2;LpTms3Vy
z`Vv)*EYb3yMUY}qrU@C9#1v5T0Uf(KhgrVGu4MTG{b;@dbk17}oxKRoZdDWYpMq~q
zxhlaiR5O2qL>!fzYDj5DO-jr$er5z6e&dK@Jx!~o5E`*Gg)os+<;F6FiFHi&D-lfX
z9}-&BhV&!C%lW~g?i=CX9d+lnV+v2~oG8ed2)XP(yyy~t@krL@9Rn^VzELSDE?c$2
ziw#ZOG9qyMm+K^^#Z`3im%vqmFL;C-8Eo?-lo%OPTSUhpjBLcAcsjb29+;H50lJXi
zU*vQlPhdJcU*wpWXg5N?r2nrT`6zfD4GlsiuRkeAv?f3h$%F|BjgtBCB~7L-KRohd
z?iOu;>@rIaCyP}M&j+isK^84lW!k{fu<004_{e=!Y(l@Oo2$AhbWiUqKD*XeUCKUM
z7T(-}$D!;x5T-iGAqdmjG*=8i<tG`?BxIu|<y6xwi3&T?DSb>&q6K>s3MA_%JCWsq
z1yD+SO_@-iFXgwS*bI-jC1&i3Nzfp_Ya_o<f74YUTmNZZ4vjG+u@DSlp`<41cj774
z-8-qfiw+NI$<bAy@WZ6Q$M8+nGVIBJI?SXDDoYA9!3O_6D(v|%=0}yvCDJ{W*8^A3
z!{kWz5^^RLYx?smUa|18_|?BC?kf`-x-T_~8-dRtibSduro}Bs&E7U?{WT0iAIFsc
z2rGY5m+r5(@JFr6aiiASs0z<CI&M<MMS<V_k(o2yaWo60HI0HJ<VJ9`c(Y@>tx^XA
z)O-@vBx$)|jvB?w8TbXtXbe*^m{ORdo%A8x`HQ}e&D2p(D;-Rd{Pk4$)4^rz4-er^
zT^O{&9QP)5Po(^_QjYqw`7l8VE#W`ajGDNBoKfS@^!6NUP91eEWY8*l{DDG4IYtKM
zr&V16gN|k`TEuBTIOz($ALN^-W;09Hsm$^gvu_LgXZUjQq4Qcu(rQ@IqEx6rR`3vO
zk+_vb?_AHhCJ23n33$F`2IlkmUg|q^<CpI$3*J@xGEVBKy?-c1&?5ek&;xGsm}nVq
z<I}XGXW>J-l7b>}?`EoFZRPEFnjNfQeBSsOM~1&D*eT`3AmH^w-Ri{QBdy2WOghf*
zL)xkLo;_9;L2IYz;Md#JQ?J=s96lD~xO-2RRW^>Dqn)tF(-u(Y3tCU~e@6;T=lAPz
z&xF`B6{vKVT;_u>tcMQ`>YGlT{+brbe9T+~ajMy|`9ghQxdJ%LPajS;lJdtCJg;BP
z*R#C|79(a$_~KrxUca{nnTbwzt^<#A^7D^ZbFUcM9BKjnt24~(K3)&t=MJcHRt=tg
zBA7o02IT-d^7RXbc~zEC{m-@@)A76sa3A^{PU<p;`DMbW2hSQsTlf6@zf2dDpShGx
zHr8T)NGhPcr%iEr_AY!+-vL1vc(BVn>ZJOq+pve>J?pBnXI;6wKP13m-(oO|`|fq*
z6?yh<@0MSJRMe@Xqqv1FmsV4yCs3BFPuGJ5C_U!rk;--uvU2GjZ2-r#y+5X}aj-|w
zR-KOsh*|mhyCIrz?dYkwO$vP_I~xc#yB>gXzGPqno5(|M4}x((VDrjz7JPg2gQX1Y
z1}3O4cA<rlSSWxl<^4zO`Oxm0mjG@RLb_`tK%B086?}y)P*jjvcR;;PJm+T!u-SWc
z?_+8LXA?f!CTw0kmNfCe0k3>eU+ZR5wWBW%?wg;bRr!{{p7TCw-o;`)Z?z5pt(Dro
zWl-95R`P#la!i``^`4e_o*AhoOx!EgEo(JO;mbuow!^!~BMm2kI?JykHEXbVH@p|)
z)3ITF@%EWPtN+AgeA6C5fOLO#UFo8@{8XDxJ?KDwMT>#eW>&<d*!V5j8oBHR=>pZ(
z4;2_7lV$OFwj?&ZxA(5}KkKBCAno<zunv?Vf0#9u6v$c8OXp|S3dc|JKg&<c_%(0g
zv0N1WEIgQ`s8Tq7(B{tQu@Ao<yuofjqLW>m-`IuG@$g-@ZL4;liQt(`Ybg2%7)q8d
zD*}bX;(n|VD*iMPcvmj!n%^?Qt95B^u1iHcD+6_;pWtlzd$P^@=)5+Fy8kBO78Fa&
z0=a=NN1DAp_XUwSag&d)ejWVcKS<Kpd_1@!sg#vId<YtrPwyD2qCm57{^r$uhjjc|
z*4=Wnb(-kjs=u|LM9_z0vm>{ZYjCOc(+cOg_uPfqCr~X!yR<+ZNx?168Q0s>4A<8m
z%%g4?6K;?dckryiOEdQWAjGuN^_L(q6NK#CWH|i~a=UUSAPt|}L&bO`w=YWfd5ePi
zx*)%iu}z=mpe$+kl{>kc#(z>L(yixN^Rqetm?d=8o*f>-R`%HLi21>V*mi%Q<cb<d
zhD!<AMwvWsz6P5@O7F30udLyGFGoo$M;~@3!pu~z%1XC^nkIg;qgSr`*O;(x4Y-ha
z&iBW|mZH8#dH@1Vx3OKlH#LO=6B5pZtrkxsYfdG2?r?|LXJ4g0L+GB*x#Z=Yb^&EG
z^nf#uKLCelYAhNV4-6h1C+P?>#g)(vs-w|k*uuHhsG)D{=fv`Ouax+}6Kc^3Jiban
zpQe4kUxLL0Ju^bcc(1JZ&9;3$A&1Ng<-U#e*8O9gR*Y>Q$e~9w;A?JU3lTOj;CC7Q
z2aaa$8x{6KV#OW?u+)?D*E7ii&u8n6vW*Xt;C_ogvU3XsChhMtPlQX}DucC-3OGa#
z?lC#XqMHY>-m?_ek_RRZ>HOSjfq&Qbtp|y*94g$e<INVrnygR!xZ}MBHuKuBj@ZuM
zF}>#waL74swmy(0rPW|B=^IN=MexH?pi!r!vQn=Cj1N*{+kf?vtgOjra*NjZR{~<C
z&e_U}9BveCHsj7UT}v`_MVJ_L=<_bQ3NlIOe~(tF^lyuGzD}8ib~C)Xe^1S}`?74%
zgn0;-Z;gNX<~}2{REp(t{bbg<`<P$rvw;QzzWT`+5Gq4P@Oe*nv8@8U=HvHuakhz7
z{egB2^-%XBp9<S&G%!V!n$WW01$RghVoYvIALy4_iP09?2r6CD=U#IcUkghajGup9
zTPf&YlD4(C-;22VFvFgj*R+{-ZGJJ)?Z>OU=^snKtUR(z@*f1Ngr-A&%ww5qIvPZ^
zVspmlu6(`gL8R`l^Zx3xj$te$`H4@_n@T^~y}ouXlt`9jPt#aYu$u~P+w7Rgkkyo(
zZf{!(@30%EHq#N5vfqz5l1Md@sdTi~oydMJ-_vR{iWs?R;$0RsBPMV{n`|cEQyVb+
z$dVbSG8*+fXDnvTyJlrXx#hESo#%uS<APm1k$DnZk|s0l1i~F!ODNj<>8HVm?3mT}
zu#M8cR>@C}tSz5?Mb48c6~gl6>#@z(RL?|mOTU#YM1{VZu`4OT;0V$pA=U15AQRvD
ztKO)bIVv6|u!P8t$oH)mxZ^uWHT(FeRKT6w-7|AiCtPgx4fK^>CJ`20RGRl~E!rvU
zSxXGbW(ez#L}2#csro*dP9Kje68ck&IdLq=?kem|W`bny0|$qhL;avXtgMN@C;xka
z*gk<(#*>)WWR%(G(1}=?J>uThT>GCH`;ME5I4sI!hXd0ElGn_~wxBqcfsXuDV1Z$o
zV*MZFF={z8xnJ>YQ4AVF-%HKZZgHZp^V!*nAYA<8F~Ks;T8RLy<?P(jB_XtidH<`s
z;TR9LJV8uwFIwq@p(U#qY2>`CI-d#^rEUPldbns<ylH_zkggV=V4A@i5&stZKsEFt
ze<;rz%7`QOKq<7zmwDJ~Z2(5aUc4PQ9KP{J1GyI&CFIi(?Z+`Rs>GW%#<R&-7{dA0
zDAn`Hxo5vYEFwoHX)wu|eg*^Q2Pq^9s>8=5O3;PmZ$4>az~A{R9*(ou!OF?{`tO!w
zxw&j_teYhds+6y%lYl90peCFJzr{gxy&8saaO_ZDwq{^sxs{t!G&omNE<Vy$v3lW3
zF<?zbS1GKo|AT0sc9jSlW`2T^96d<0hPHna9YT;<+c&UB;CCze!>>cwwe*U4%(1~d
z7BpLZoES16|IPRePTH^GHm}Vgq9xpcQ7tgI;OD`k;_$5ZMv}BRgq<o(t4~SbnZnze
zIkD~-u4gHpSWy!kMU}L%(nsgP3K-qO3V#P69aEbQ<YcIB-M;|~*}>hxLm}-lr(ASZ
z4S#Vl8Bp=sFNZj7)a7{d#cP<N;F|k!>N29%F}8Eqgem0z6#jm;5hQ{H%c8sa$9)pV
z@xmPtr0K~krq^KW+b6G|ahH|})8g;eYc1N}XKsxYT~qqQK~cB~`~<PVZ1N<%_@G)C
zxKWJk7Yf`Z2rj8B)!;12-MS8=5zEuZTm2TN!D5|pkT_e1lSe7oye@$3r6!C---tG-
z8zwk%qhDwZfAQQN(6?VM7I>n0iUR$LAH2&^K><?dZ(%o1sf$A%X6Fy$w}}&Z)=-8b
z!8vbG8_`}hk~5!saR!pd<=c#M-%D*WOphkLEI;+kwfnw+mPDH&r0`Z92*xS=zOzCf
zc+O7jApgB=_6tdp>?L&JGT4<!esu2L+M1%o<6SaYDdll@PRrO;&prO?VXncH)M|fv
z7SAGIw$GR~d?BXQ@S9Elcj>u;rPX~2`5NuAAa|Qb=QB0?WivM~3_9J%m4Fln&Spo4
zB*z=mxn4y2)jF}<JrG^kECV$}91O=ewAwf?vx6g&Qw#KrZJ&cWvn4A76y~23o&L?F
zuLt2`t`j+0-v3S<u2&(nw~A);<PWm}|CvFB)xf^@y%KCjykR)`(?U+&YH<A@WEG`r
zlwDsQ#1xqB_Q<=uao)reB%~u*$^4wEGUNVMX58sCNiJ3>Q1*Z4shqicyX{N;8m=y7
z0$LL{Jz>vSd1-BqJg%1tfL4EuKyGae-mPBC=r(OEE#CA1m45e@R!kBMtcJM{a*x;F
zskF%8@ckuZA6iFrvvv~mZ=GIi9FH8>E54y!50OT=uqGJX&rzC4f$Y-cximmt;2S$F
zP}DNv$4&Ug;!H4+y0<9z$ofrCJh-2IQ%tqiZ21-k1*R9}|AVABp=K|klAUct*h*eR
z$OvQo=)30{hw}{5{3~~y={LsGDf@sp?H)3$p<Qb96Sk?IJMK#-8Fo@5;PYvB=L7$O
zlx|!&FMK=#_?`ZP*al6RC7v+4x9+K`-_43PSBsW(I7@-{WkTxa-N$3KY_XxMz$NLU
zPK3aX**Xx!8QzM<4J$e!I8^?*Fdo6y895QRjQ_lS2WzJNZuA$e6Fe7b_EC3x1@UHg
zTzfsoQsSrZ{!7N#OR0z1P19rNW~kY{uydH`x)&qm&dRa%nYRmr_M(0SpiHBpiN?dq
zCYwo|VlJ(S_6y}~W7h{&jI4zlN7o5ISE8J!u=nzj$0A~FfI8*NK<FTHyko3po^64s
zL!8I&>aa>iI;8B6T<##vqWxbYxdTqOP#fNjotT`BWd0DNwC5U60EBYmj(Ywki}%cM
z%v5cx*IGMP|AgE`^j`ws!RqHhoW%V0%rr}|R5<+M?1=7IUk#l8gd3m>^^VM%aF)d%
z)DFlJNsx9b5sq2R)R3L7<U2^zZ2`c<9+{sAmK<lB_8iigO;laSW@)g6D0FkRK-baw
zHOF@ODVP`(b!Ftx*PjGkNyo<^Oh2yj`Y>}n??-ZXSLfh6#5WjXu7mBYyVOCFJI!>a
z`2<c#RUgw0mv#u8>Ko^$=4o%VOQKYSjqy8oU0Ivhf-yn*f{*yXVP7|M@+Z{ZlGf1x
z4_LZpB7(3;W6xxwWMdo9R^HPhY^vuzzBm7yUYLq4G{?H0Ut@5smg0>$p53rpwI4k=
zXQM`guzSu|>-lyuQFDq2xUa%~JZu2Hy_6rcA1qhn9K@UwN`W3d?H4u{$StM(Sh`W_
zqtYXq7=D^uW;8fQ+_m+!JR90+hUs94aBPw!1zz|P&~!wqlz(v0+>2nJFtOyJ9jyU=
ztelozeTAt&q<ryIttaY-UL;6;QQXVu=NTBE8fq?E%zzwNFUf*6(7-pWN!4q4WFNZq
zn<-G~h+^<CbX@=&n7LUhy|E!EP@Yl)b=C)P7b^sh8tW6--?RP(8i%X$uZyR?Th||b
zq&D1>EMn`SFp&#O00l%*LMuT6ps|PSj|WlGO&}m$a^gn{z(~*b!O##vtXXIX6k-@U
zF<j7Bz4*l~5sdoexGfQQ{8zPnwE~%<_`nE1kp<*iZPH|0EjbM$+SHmBv|qPKJ+iAK
zym4#6?w|1jm?>l$iUCsl1a>_g1gTzd43}pDe(l?0SRz3RXMRkv40~`&#U~w6$eIpw
z$sGL0EVXvy=ngP<9pkpdj&=W1pCULUr`F2GaMz{84ZTU67@&f^LeKAtbNDC2r0FiF
zxoT|hp)mfjnMrfEG}JR9I)4YvQU^k;qxob+HJ`cAn?lF(ZMQ71%A?ZZ0ErZN7PC^U
zn|1KBRZi?1iIPPyItEoV6Bo%4rVtKU@D@o3VgwBhOO`|j6a2xE!PcU1)ntcIKq6Vv
zW$2jjf8s-bvglG+Iu~<T1&?s_vGjHY8|bhxR4=I%@@r7%OlTdz6%6zUNGTDQT+vV}
z{Ae15B+80O5~3TfXi~|dbX^KOUMvy{hmQ(O@UTZjXqb8<%f)ElqrZ%p+C6>vqw}ft
zD>^O6FZ<HRkVNOuRuY9%U2I}1Pg$8~Q(KR)Hj0A@EM)%aXmO&(b&S2cpR?%pZ>1{G
zE!BSIF&*G{DSB)uKNU<cLV2W1`E}$ZpC#Ry;^@Uw#-Hq3G8kN7V9y}jmoER&?=)xo
zZodHaH^IxKba0ZjCo%52Sw?Vb98&Bp2N}BX{V%u(IT{CDLI;vn9AOKirq$I)Y#-Dd
zEw}w>xxSSOO6$uYN$K{`I(50~Dm?F^IqGMAT5p%JI0RIsV-tke&-t~#KGV%{fnrKZ
z>&j2nbdim)>XN_dA&7D}d3yg!(9Gno6_$;f4_<vzbD^*8)sDzyuRtYuvc;2l7d&f>
z$LvlD(6KdwJJzA~Q5!w<fd;5LvW}3OU^5P@b4XCAIXX3HXsN7*HwcIh5@45tI%5O8
zp>QH|h@-`_KHU|9Q}JFN6d95DIy~Pho19u<;pm`|=(-<cY$9hOFb_$;6L@&`x~PS)
z32o6i)4>uQ*FF?Uq2>Z*g2t>exj!!54If5JsVSzw*O@kcrq)|m43q&4as=-LhU`F+
ziZsTRz?n1oLuH0j#HnWYQ^PXwBA$bFPac<40yq%)t{?1-Q=3%JbF$cbzf2XL-b>HA
zDBl6KGI3jO<N4?)?uO|`%*ZU5U$I~NLqE(lb%86M9iV*oVsymljXvUjUZu!@JnMLE
z_pJgzjlHf@k#8m1g_K!(fTPTQgrcqV*-RCJl++j7r|(v4X3GIN!b^#)#zuwa)VF!{
z%rmMj2fP9uL(`?ky<-1jy2R#b6=7g0FC>j3J6+b9D)^JoNDL9%K+w$tt<>NUw>p;1
zw7MYRTfxS1x*+KTW&pF@9PD0<to?7*Zsy#Rt}TUBH|q_GAuhosO;z<t^|*BjLr#K=
zY@~$;aBu-eMLRGE#`ltTX3xG?qYdXuQgN4``92G1L%WfGB54N_THqtivFdsxq5zxS
zC(7m@US$p1+(V~MheTF#te<^wgVVQrua1iCy~{=J3z7p@H3C7%I*0ExK)&vnEkMvb
zw+rrXaO?kH334)`aqszh<@e-1P!pu_Ge)9Y>0TT?pq!4qFD8b8F4<P|?tNUVp849`
z9%ui5TCwRyPnrSWNl+042+S!F7QN}v2ohI*F3JTn_~rVB3^^5{`+fcC|NkBl(RP8{
zpu-6Ip#yX=V4bi$9%a><xKv~aJ_rA258T?yciqID9DQZ&03-UX6wsb%cd))(z0KMn
z&KID2KihW@{)eV2dbCB!sXZBs;SeOqJbSE5iCqmUTAltTo2`8_*bSdjA0gDuc{fd1
zaLP!`9;2sZ?D^qAj7Xm%XeEB<@h{GAv8+oX)nc|aiqCLL<lHUPvegG$d{2v8GM^KE
zPvnSsKIuYVKztYSN_l1;U1?HASzE8+Sxhg_uIXM}(f6y80)stqG~KMh642;Psn%BM
zYx5LBB#*33tj?Ux8Z$hQoXe&cJo^x>*JtzZeJ<UWWUktLq(@%U(oAJmV9)cKz1Ev4
z{-ov=pWB0VX|#(rm79o;**T0I+I^q^ZrSbu0;W5LXEg}KD(YZJsqeh=?BLetFC#&~
zl<B6xQBBC;RhsFjbo3>(BRTN=!6iQqV?}3+lynEcMR*qh<$gi57bC+XW58v>n#Mhe
zx}oO2;|m(x*u3=NKL^=-k?xzk+v_{SeMVw95X(9`#8|iw=0%?!-f%`FbWEqGueVLl
zv;ON$0y{=Q!_r*1=Rqk;qRF#we*`Wv&{Vl3EPFTk!4f#7Q^EV>^X%YnzG*mb8qR|?
zr>#8MMeww|JUc?=jtLL_vpzV&ta}Si#y9GJ{YB+<B0p!n`uRVjRN&Dt4W&n$%{1ZI
zfT$S8GmPvqRzAb)owWxTZ<Y0N$PZuxdb}fo!f<|HR1=jG;m?U!u$t387_Y>+2~WOX
zYYsSY*teRr*nJIRQkw^_vRliX(F|$YK;mhh^b>Rk;U@OKuo8~H>Oc~=c1#|h^TXVK
z1g>v6nI(9+UyGT#NSPi`*{8YbZBlcO!2K5Ry~GDrx}BB44flm$@n?uIrpDxnd#rTO
z3|bpBvc#HzJ^{$ox-amC`GNcW5jhvglNhX;06D4x)7}f>Ue?=`wj1^LkO_HikbWRw
zC;TQUW)0jh>4g}L-;=0Is75mlMw%5V5kfmA^;pby9~OA5<iS2`4|7{z11E&zcAW8`
zPUF_0#5?w0h%Ic(c7+7spe5FD)7?LFLKTKCW#DP+opW!v)BR&6?UlIK+{Td03*Yk|
z>)rFLf9IH%w30KE|6kg3?b(wz95C8hM+|JHH}wYNd<(-atpngljM4Qcad8(%Wj!mn
zVcpTM{8mitO+SB9?D^=1fb%l0ep$}3Ah45}<B-8=MIM*{I)>o=t7tMh{n5(epDpj*
zpG7weTIt$}SW`#(1AW-rEUjhkSW{;+*H!a=6TO<Ok+_lZ^lwXOmbzB%ZODEw$F|3_
zHnoGIpGEkD^eq&9H_NPx2G9Ky$;xSNDxteGveEx0LJ;ZZA5r{pt3KW<nSR<)?M=#p
zAkcX=s+*%9O6V2Z*3s^V@yyzDQ1<hxHWJAWCcW~|C$AGb@Qg>Dw!gHL+?DofeMCT5
ze(GUmGo^0stl;s~C`xmG9XU3playtM2x|TP$Z}(^bV5yVjO*?*X;L%tGKfy$1xKw2
z7fqYspHL<tres24U2@*P!8XL3LR%$i0mCP{pB@%M1WB0t6hCTfv=|P$^7^bsv`Vhx
za<-bC$^*_cRxzr_(($tPvvm^TTiO2NlH5ZAH9VUQQSLDME@iJWLNa#kHW`YbNL^Zl
z`@|`>1~Fz*$yNj`uIuTx&Y7OuqIACyGa^Da>ye0C?u>->XlbMu8rw9zLJ}-~<%GOn
z^e6MVI`fAR^{D92&g+S%im%l>9!<n%|D(xPBS`<fB5*3(`MEE|(J%~G@5NUHPvkxo
ztUI+={pMI0B7+_lTWH@a{y~LBif=zE7L}{ywQsR0B8+l=nL&sQm(ihi)eW_7ZEg~G
zt0LtRX61Aj@Ef4-CFy^o@b;6~0d3b+1`%s!Np7*%6Hl56;#U%pp4xN>!-t>GJTrP*
z$@Qg$Vb3GzhgBIhQ_>VxzOk&?9@q%bpiU;9z@tkhMV^R%_Dq8Rkg+yGk#F-0YV73C
zgn0?kC=60?jP9&@^p5cy59Is;t_24q@Bs@USYuo)(II$mR-1Ewt81lR$7o>d)JW|g
zGRcMd5<$nGkhi+7;*e=MTDI~$;UNy-K;?6r%ztj`C5>BU*h0`>E<eB<P$}iwY;Ou+
z{u*W>TEvq%aQzYfPXJ=8>QXM(p35F`634MbmN~o%ZG>Vwa?e|oUe~HyT}2e9|9Wr5
zMsy~}<ko9rhy8*zIioq?542G{WayR55Sq6tY3<+=qaJhFs)=4<zuQ1;xWXy)&aR`>
z%MFt}p^^}aefwJ;Y*&KqNilM7!5fn|bi3O7&Ug{cO<OvBwHfP8a?@mM^G*Ns>H6Ik
zuAS}a%%yQlEez#84+LY2f`Gc(V6zALBpwri5bPrtW)7Mj-}tdjk+kx2!*zws0VHAz
zos(Oc#Kge&`r|nstpyChgo0x9*nOx^c9U%0u#`I`AE%!D;!aBtBbvxU2zi^&Q7db1
z#+m{qZ1&j|=Bb-PpA3L79_^Q3U+3!1YvJey1PM6K3dTZ}hO`4JU%U%bCV31?kTBk0
zteK{#bYg~m4FiK?)t=2XbZywU4Ri6F572RN9!;#Zk7TV{NBS`+JJ~jc_GQtqnMJM^
zaoQ+u2mYja)$Bv|GNV16U_?c9yRTR`$!|g|{tu6;AXRCGXUREi;4GQ;%kzwhO>>cU
zB^LW0?o+KlE&oAWFZu&!Mww5&wCQq<2>(Rpm~Mk|>}|1E9u*Kd?wInW3<qq{ghK6#
zo@;R39-}6ihj~stuJ`g_pQ!yiiW`M<GqxoT8CK?@$~NI#rhM7{i{H<gk!$12FVbVa
zGd`7WCPv<sHW$?Ktd2dt{e^k9_H%pkw@><Y$8X4B_YsuJg<4%onb=cNJ`C+u-)|oZ
zzk#cqHCMx(iQ~Sz!-w(nEgl{#YeVDbj)vR1&l|;lNUqR&5qw@VQFUoEI}q0>?wi;(
z5xw*p2T9YbTKYL8W{oZT{CThSsp^p1>cqw(!^x`hekSSr{_kRM7!!G9c$Nk@ECbr9
z83(Qcu%c49Y)fz9szEFUDCFv>_9vHwWZ<h86g~4&Sp4{^uc|d*LGY#o&fJ=&E#oVc
z=3wmqIl$x@SaO989tl{5XgnQxpR3YWbD29XmP_=!WQyn5XuJN>Ka6alg`DXdsseV5
zYGBM7$+j{3*f+(G^KNsxz~P^d#U`|!O@L)6pz+<Y?beA?P~yITV?{aTSbDU+;YOZP
zmBUT!+Z2>oR_}|knfR2kApNNuuiLoGJh;G_)VZJSkFGf+^E4x8FDfv}&(!p;>en5(
z6jn%l*;#WE6p+w7OLgAry-!R=KOK>W@?I(mJW%2bO1N0mIPylFNGE_(7W(*oR>sjl
z{<#CECHMJrCo3O(KIt=H5qo&M=yh?`#t^i<6te!=+t5rOK)40zQ+PY?fn;OznZDR6
z_P!Ka^u)?0>NNeDG51pX*PVFKMKd_XnL5kM1fKkxMT7q!yV7Dc@f$kx=a9WMhQ%*c
z*JGT-N8SgA{#BeO8iS}ihS%*8H`++QF84DrC%-l<x3lYv^+OZUI}P|=0RNu9i}Z4b
zZN!c7GbtBvibXeOp4Z-(D+a>?*X+0x`0XzP)uC-ct0>Fv_6t>&2;NFzlg-r6YY9~U
zL6+mClEP3nq?7M+4YtMFKt=B(OU4sDKH%CK<A%3iC=HHEl?s3))MhGb=?13|wMO+_
z#BkmF7QPIjUub){0cH@-feGwFqSrz~?>nc;y7zeyaT7G#dP_m~Z#xQbtjbv$v17F|
zF?hP)k(FSt21#YTSle}8Jc6u;%C{6mp01&l#PVS9u$Jj}y3Pq`0Dc^7YI&C+bx_X%
zIo19AbPJVU&(;N5igpl*i4Xk443Rn3*RE{Z+;dNcIFSR>#*?#I97l6q2ZOEky!wG<
z8PYFbUR<of7S8&XUk8`=t;D~{U3x~^U);9>tvkDv_+SZ^5|@6T*OqSPc5(jZ%FHqT
zH-n(<CyfChs3)Sewn)G;vR)G|(ST5{jEuFe=NTfP&u1<w55uu*v@c+^`w>;nG&rB!
zU23Rnx!0qUp$Xb<X&{v|%k)BbO6Vta99XX$v*jWcrk>36&fn;O>K$d-;C+bcFrTM9
zr*=8y3Ksw%1e_^`oAxbd$^9%LI-XmPuD$^c!~h>49gM<9Q`G_@>62W$(vBiHz+VNG
z<WEeFDTm@gCh$2x3Q1Ce1s&A?khqhe+4qwhz@^QwV$kLzd)O1oQ<5eo!7|j{<t6#a
zL3<COuLHza1W`i(V$Iwoxnv3#3l0Q4qXx@@b~`#14vfx3@qfW9yn<bV`W+6jjdSG7
zQ3JUdL&b0Ad;dWm;^*2;6&b9Lj9aVLfLBweSGmA6v1RJ@@zAp5q;h4-DxLZ||9Jx_
zzS3C$8mhIRC@U7^%;c+el~njt;UMiym&#79{o|~iP|HII^FoL;cjhDAglPCOc>he%
zpfYHX9^fAeLR>s@Cx9SP?YxXBncIv?1_36v83`ig+5!z&n7p3ftFw$=@BAGCC<)WT
zgs}K4J3CSjjs|=#PizOgLxta?zQxR>-Jeq^vp*=5$Dq?Sbb{>C-<y>eoDRSLgJ7CG
z@bbaLKGpc6L-s8ymBM15yAPA*hYmjTcc)IxnBxBOP>AxsmtWC3jfz>HLEk}tT_txX
zy^PR8f6$!&m<1w>)t87F**HQ;M>p^oE2|Vw2OAd`mqNxy=HkmEuKY)6TAHAo_fQ_6
zR-OVA0%fWW8S6tou)<}BQ1J!RFec+*;uE6dCB^^I%<t`ut#$O_#;Jb5SVUbGGxmmJ
zHTJ2@9<?;3g~Hcm5_<+qc`Nfh2W~79n{bV%GI~BtUpo`CO3@#DkR#o3LBSPXHbsz*
z<D<Jl=DN{ogwczC5U&pK_al?2FY3|ryT1vqMG9C^0JP3c!f{gjz&LyS8z~H<#pnHt
zN~SQLNnNgP0#*2SDupC$O^oG{J5DzVRMjMv&W8NWsXWG6$0vC^X-6a9(iqZ>$oASd
zJF==GDR#xbQl8r2Mq@^N(@@a*g6CB=NLqvr<28>gz$mn{FLm$^-8bBivR|bsi*hiC
zefOr8<A<O(!=pG<lr3Rt@vq)GI_>-?4sz7}+*WE1wUByBz?WnUJM2b(2r`F_`~*yi
zY3AXP?n9banfm$Qxu<A>&j3s6T_ncrojU41W|Gy)ae&(Y<T+J+2uD}8;mCQ-USS!9
zHpY^gWg^(aLYJ?V<LFfVtk=8P!FyT$7fgPtf9a_5`OPQcnh?=eB7&&OJZE{e7f&h(
ztKX=jfwYn*5H}7~<0NM~c&{W4B)MRMoRLLMcQJ+9`yRAZ%<1H)$|lR5XV~$n!sP-%
zYOs)>?=?Mo9HF0^$X&lI(%AGSPvZ>YsI@nSoZ`pk4_P=gEOzmzW;WfX>6^gjn8NH6
zDZsDwA@pC8hlrY-u+b7cb+O1zU_XBXDMh9?Pg&(dK0Cuz7LFmRmc13Ecm&LC6zAPP
zO;5OuJXMF{*Ox7O;j`{b*tJslde$JVWFd~US1oqv7;AK6%7*rr373GazfMn1x3g8M
zcU6j0gMs5OOl+o5fbd+qB3QKq{dnpb;@T6G2eUJAUYGlNHi#P}?Fx*P_SH1qTg$Kg
zWGp0xM(mY<jXc4dmB9k>4A|PI8<{-AI6kI1XaRiF-OmIq<oTbks)lD2qocgWgcVq@
zj@ZI^zkUP8DNwZYb9EP8Rf`g>?f+j^Y38hMM%)w}39uq(Wy$UuhD3A(Kvw|`92sd-
z2;o05e`@yn<q@kaR30Tj$L_Qc8}-G<Bj(LLEjk<??gFB!d-b^@f0}%DTm<Osfi51g
z(^lbR1Z5oP1NO{6v696Op1sd5<#ak?$ZnwD>#QCI&i`SqB`+fbbvgzhw`_m}voC+l
zGGX(5c3WvXF^anjl24#Fr_M0DjG^K&dJls-9R(3TZdq)vc;<HRGg1ATQ?SANh|pO;
zyTXr_d&cxI5c!V9asxmh@P%m*W-dn1frmC$E1R>g--9e*pSq|aQ2RK=>j6Mno-@Rp
z`EwdC@NUhWE#pWrTTGh@E;-l-NGnqUg;lNiN_DSh8(nbo95VjG5sl;1|B84{dl7-E
z|3N12V@i^(R)nzHzWWT5-Nf^e3b<2yD6Q?A_-ntnvuPeppvh+{f7sFo?ysm^QqHd2
zrTVcOKI6QyT=yov)lbYbo$Rln%~X!(S%RYsSPU#^c=(K>Y>Udn<k?xcZ1CC<kh>3U
zhj+Uun_JsVf`xz(rAUulL>#L6gy5XZ6IiUi#t5+SEXsNRUGu?D35*6CgGJ)BPsjQ!
zj$JC=Gfb>`NW2{L{GI@^NFOHexe?cPMBRQ`a*a<5>~Pwt(?Xemd(h&N-Zmt`Yrm8D
zqMY&A^uXcmmdKM{hUEI52x-m>?>V<k)DiFi3|s^Oc+>D7q)VDceNk%bI%k}|V+kYu
z^T)p{7gf^IK6&jM>z5jsXAO5-7kQxbw*BC*rx|1Koe0lI?9FB*O~e{?75w61P~X_4
z5;5mS&^Y{Zy6dJ9m?7RAV9U+Y=e=t%zbzM!+;B6KgI{P6GX`|FuO0{Lk09m-uk$|N
zd<TJ~OX+nt&ZX<y+hJ$H;Z+Gi)BhlhJx7Q4fh7hF&VkLb>2z*0ey`*C&*@{FJ_BpU
z&EwNWFxRG)=1b`8s637hwR(gt^!6xOh%+axC9P@mV1WKhbs1Teo|F67F{bag6JWP7
zTF+a9o`vn$ID9Mz*UbVCzJ{7c52Q7(AGqx?rNoL$cN?n#{9-=6E1WTz+V6pIUwDea
zyt#rGyBlx1%M(&laGx~Et~+<0iEjMOuxkL=TV5Lu)s{+Yg{4SJ{6VWDk_ac!C@E$H
z;kAIaD<(h&53Ln5brxUTveGEE4>ICa=P?B!=-g^Kk>TO(aJ?uf$r)Z(Z!({>wj(Q)
zQHZSgz%>hT6-QOE+o?6ccwEO8p2@GDM6xkJsWzz}uEE56EiTF6f9&-@V~-IAcSmMN
zk}+ieoYt2zRf693^KCwUzNFjS*MA9hKj%%D@4AXHi}_#YEZ#5cqA88RC4XWSh@Hf9
zm&rz92)U>K3o;?xk$<3S3@yB)eEI{Zyk=UfnKpF5k=y|5X`4-B!Fh-EKga}a%;K!b
zQYh&|q$j~8FOx4^R{_7egt{%VokL!|7if&vAK37kC&QJjhgm3fJCuQHVA_H8d<*f1
z3gu0on%qnHPMHwUmv5}3?XJvc(0>i<1aYpaXYR;5{@!P$DDe2)f7qDlR=Kr+G_9@Y
zZX=uut=AMxfUzBUjJ#6_m(i_n1>i_^vpL-MXI|};ppRg4o6#fTmZrY7{x_dv`wb${
z+Sv_h>tm1i?df6ne;eK>kVT*yjf&RmWwd=paAIz0<fK|mNv&WeiCS9@8jaSaIXbF*
z5!{H?6Q2S9=R*7R3T>u@hL_c?q_5T5DAmjpJ+Har7{aUY3rmm~gc=jVcu`HConx~|
z0?U$cx{dq248@=&n13R0b#r2&xe^y;wB@%$UPOOhYmB_v8S;`+cRPKP{I;APfkRB+
z$f;}LSu9l0P6Jei)>*!J6DLsbGP1hQ1P;%OIIfs@pj7DRFSL2#h##-wBhynjC5*GP
zyDex9w?<wVefp<>B-%m?iDvMh?ElulJa{C!Pc^Wl+|tzB@cn)KLD3l&(QtOH^X~%{
z$rs=4N8hCNLX{Jp4au%P+nzrZTD>93uF0-tdh$zvRoh3WUVKy@FUG!<X?P`N%(Ys%
zF-F=oS((KD1#d<YlKB0v6Hvg>JRmWkU2P;RR`ZK(vv@ZyY@?_yN6nPpo93%VX<VO@
zV!bWg)H=j=qUt4oHUcB}l%Lm8muz25#5i)&HsRz@-=JCUP5!+ZS~})wh>ew}9H>IG
zZg>#?Ypq`<o)Wjl3o;-!*e9VoiPDyc=d;7~?Ld20CU&p}<4{)>#Qbwh%9rPw>?Yd4
z9PE-@8bJjDZ&4tFGf+!6hIIVWVPUrZsL?R+Z)+_l&Y$pX%8ApkzE_{q-G@Ku9Ee*o
zv4su8xMDk)Vh7o#e{@Mqpye9+Vw{hkP`;V$m4s9Aga7Rl&n${E27b5qe6g|{{KxZX
z{n{V|uOv049SLz8ok+wkE&sD`BTLjP$oB5#R{pZ<;4N8S$Y5md%d%X<b<WGnj*=1&
zGl^O^aX|=#sB@?E3l6ROOP$&n!-358q&>7-KHTRopJ>znq-joE(`^Bl@k<4ftUp>O
zg2B|d)m}AyA&NI<GO6IeI@nPyfXRYyyM$ft9AaS%kz-s6&1AKK<DBBxm^)KWCjZ%{
z4^C$ZJ&v=W?f+u_Mo6}R?vWne*mmC_k!csL9_?1sx$Q$AFJ;HthSEe%o?0*u-Yxdi
zk7mr9p*(v%7IjxrSg+_qGwfL%%2699wD1QhH^?hVs=r?&W{K5f-zEE)%eO9R!E%S`
zGgB5<G453@Z%m!F!KAH>)y%ooh8<{dkZVtIdU{*Vxkb=q%aZ-$?bD5P8;)dKm7X*B
zNUTGf_LnJ%jg0;zRZrpCoHUZ5?d0O3SWjIB9SxO4LSx{ellh$m!ro>6$8yA`Jkl*G
ziaB!s34!QNsnMuy8~vF6e0S-vKhMV^B^Q3}rXf{tEGne<%#|6>Bja7ZsQN^8)xK_G
zYG&H<Pz*d#vi(QMUwek$u5TQZ`?D!cd#P!qt#gOii^b(>?TFX*zw*lF%AXCQhcm_G
z4+W=0;!KRo+`Wt2<&T5LmZEjCKd&-RC)&K7sQ4;Z?e3^TbW+Y$`;{rY;1?E;y_?l$
zeBlXEn(#tF26K1YY;*ak!#<9Lv0&JDjQ1e1BtPayUBVi%bDsc`I>c!uyU2hkEf<NL
z>mNW2yL*k(+{d5SOH4{P5nXEP7+gG_Y~Bz$$3mt#80qXRF>+b%3z{>~q=;x2lwUqb
zXzs6E$<+&-FTaGG8ze7JX%`g!%R>@%Jpj!)?5{RQo~UEGy91Xtv`_QF*8BiE1?k=$
zU?g}NN{M+NYgc&Wu_!PcP`NG}@>5-0e)2;qy&JBU)bn*P3!>{mp3y!{^nM(l=NUkK
z-35_6^bpR)M`@3g-R`3`44SiUSPNEOO-UU-IVVvH9o4H6qk}I#V<TJm!)~K^xBuw8
zDNkLDXf7nb%pb&-{g+j{F+wvYj-6Z>eX$87pEqmMwf&o|I_NTYPeG5vH&|liyKYQa
ztHxy5q<D_mznRYMeWwhKu^u*5JP<LK=4LwgRg0>gRJHdxnszvz$<En%e5eNxWU$+f
z*bt=Y^a84)(K1P+Tz_9r0A-?l0u;cNFX}*PR{Dlck$Cogt;5%__t$eLPJ!<3<frR;
zPvmS2+nzN_fRH=mnvaF?I!oo_uOAcYA7<B|v?pA`*8&pv&lXW$cAo>Xk9)l>Y7pIY
zsP*-$-IKh?{~+z1qn-3W1mMSp&U-R@=LT`VM16~?6Vg!^ZmlU7zJhBPi;Vmi7cXzA
z@AFPC{Qk}p16QX@n==gF$hz`?dU<xw0p*{tT@|r@is-+CPoGJjb6#kyNdp+Q=M|7^
zNOheR(3%m?hL?&+C*~)1sEXRWi$Ed31+LM+j;fNsodca+L4yB5{syJZ5e4Qfdm`p{
z^!zLR11>r=vaUGSFK%tC_I+!C`C$Isfbig5bNJoh*STRbe`;rGsld(Ne|Owt%fRj)
zl+wK)1XmXmn;)=sW%q5mi3+UB*_BG5I={Fxh=3&A8J(J3Tw0vN6M_!KgUM%Ks4IBn
zD%TCdR+erUmib`73c8Sw+*tAjc_qAVSE532iE92jf#E;M#a00|in)asXiCo{#DPDH
z$yctunOEI8W$0-Cj@%tjG#66gP=2hGfDB}HB~vFNAT)8P9n}C&UG;+Ou{aNkDXve0
zg57nj8KW*$`;@Q5d~Od6McX8h3C`U99<wFVm!iKmSjqdr6r0J1U+Dptwv+lw_dyi|
zkVx3nqcczdA`Os4S;3+0xt8Q4<i-co(A%%J(l5V10`)pP>7#Ms_)0@R$9>MwC-HtA
ze>fdK=w5tHLP$HM;x3noZl*U3&Y+a#JK_!f+!xgG3UUJ%y$e+>d21F_UXBWQsw6{8
z1w3Uu$*rKrvv&3qg|y;6kazj4I1bEF<CG~sAaB_eNI(wh2c~fL8CWmp5ay<JN}<OG
zTYh_14<Dl8m6fkItdZi#8ybkaqer%M&!1{{19Ov064QH-)$z>Yv|)T|V#(VUB}OZ9
z-+g;LDvUc-cZU2)2cP#>ZU(ivvt#t<<Qs7goGzp>@3BCQtxII5!~#tA338Nz0l|>p
ziTA^S#**BtATWf_$netg_1CT*QyE;~aB_Q?53*3RUM<4hIE>ofH(DOKzpZW+U&h(f
zH@Mmz?tore9cAGpwc%f(MK0Y5Q7d#ns~|WjLHW9%)t2$&9#RR6&+FLhsZ-ZxfMLH-
z>{Nx+ln_^^K;@~gSW8_T035l4Z$RKrM?eTdPnkjb>8c4NlE?_OqxotD`AbS}KbfeH
zBbB1TYgI42t}oAatA80&?20K5#swuia#RI?8Eam#=&PUy?$CK@M)`V79S2XbOsI#J
z=IYy$K0K}1U2DpeNS`ti%KrM?CEdsB_7*#y^$u5$?9pC0cu;-mKfC1MD^M&dDCP2e
z_o_C-o;0yH4123s#=<^2f@~}S8#-a~f~N8C1&5qb@;VhWHZ2vV7}{#LES-gi0xrK`
zDIWda3zshD6B!}2*oTkGsO7D5C6Z*oWMCWt{#Q?UA7;2U1#{Q477Tw1^mA1*$7n8A
z(F82Cf>T|YR>4EuV)I877fkN5c6J%ewlXdFbX%++aCg3NaRslSY0AVG<D!vxuYOUI
zM`MkCph=5a7hn8Xq!#nZ7d1!c5J;0Ou3LZRm(S8HCJPGTLI#>L%2lQuw%gXb3Bn$9
z;`U_^jHF?QTGTs4>}}t4wAtup;lf(>#-?}5+>?lUQXHby5G^ZF)~L161W7Gy2jC?7
zg4Vc0Vyr5-6{TbM*kDqV9J52QEs1LMIa6W#Wi7Kg=x>zfH*-9eDSd2<c^8cV`58hg
zBQ2~@f*TWOiqzs-T{&$n)wI-PFBv2^T8(U4#kD;d*QuB5Z<O`V)(>SSq^vE_!MN>s
zS)lrgTuU?Ziwx^mU9O&~M_+znZRjfYKS${5c_>Y+rfz`*6YZWZuN|7-SSYJOU6_qU
zsa|zg<W}t5lqehmI1~zI^~wk$LW(=ufaZjy!S+hWyys)8nlqi<eryAVM?T#zva6rv
zyC$)+!pHJcU1>vGnTw*A_W4FrG|88ELn;!aS^r1UdB;=rKYsk$4SSDki?T;Tc1A=-
zMr4FbWM8tg%igkA$(|uxtH`)??QGY&_PR#0`TX9#zyCarbI-kxYhADVd_7+#NIHv?
zRON{<wtccWD24bR;@e&ECkm%uAAJ|WlFon9FhSmtFaXMQ<<%E<!0fakLi4a>Eg$4a
zN@d*5meHd}y5hqy*2WOA${05vL4ewVbMK}ls*Y2DvRs|2=xfZEs&p&AoUgGr7bkg;
zlKNtzXBzj%=U#^@$(5DS&$$jjAhm0y07-RWc;@Lf+fgGW8nM|}JD-`(rvH)7Om$dF
zDK)HEh0NB}wV#lKp(u*edsieXGQ+sip+Q=KoM_Bm;Y~`;YcKz{)L!Le!bN6Wd+FWX
z)eKy}5`O(L(22_+?eS*aDoSnHb;4Dow!<3F$>zpZJHzoIe&M5hBhQV+7ho3F)8yT6
z#(f_(ko_qn0)}i^CUf*^B$8i4K2IeIU9H7LzB+IA(Wlh@M!Dn|M9d6Yct)*RAOM-}
z3x3GPKs{VBQ3F7vcEC0blnqp>{adO@o1EPuICVFg^8nj`jk)dv8iqiDK5H9^#rqTg
z=Q^4>3v2;4bc0!N9FVavA2*01If<?x^Uuu7GMP}CDk4n(H35XkCHo}IZ@BbE&oudc
zx2u!i{P{t=>U>8pGw028ov){C1B_*1)fRJOZ~_+;oQj}51KWZ~P+_AwijorQDW^;R
z-)DLgi3u!k0;S44NBHAAaK0RnC;{+ly7V~^QdQh66WSv?U?5ELY-=LcT&@Old)7CR
zmSsyZmD-=R|D6LOrxON*>8{6(n5tcm@^(u~w3!G9f_4;sL<3h;-04oR)NNS?+Z*@O
zF{!2|u)6oi(mN(^Kzn5*LFWz-M|FuLPq*rBgiub7#!YDl|5G|Sz!;Y~fqcCn?!v@u
z!cm#dboVA;n%*r)Hpnuw_Cmgi1#lD^WJFwTu{Q##1(M`Y{piO%jm)mI*vAbu<IkO?
zopz8Vk`ImR5!;RRc+LBFK!oJqRy9g;TCokEh0;^Rk4aT*>rN7rDt7U|LVI@FcUXe7
zDTtEKKmfo>Xk3O}lZu(y2Jkvx>8^0|x`P(Nam7L7`vZHxxb^4^jvLiidzn6peI;38
zt^q2Yq>64TMk8+yo#7sxvsBI+bXo2ns}O#UN6U95k_!$dHD!yGzjYsCXoV!qSxDXu
z*}`V=ny`P74vy+5cYZh|@LyE_s*m6EcNbzYvm0lxlK>MR*db3gcZFPe^cUTOaExyP
z;nA+8Z);%u-!plX?cNc5_3wKb*}cPm?^y%?g9HS|U06NE_{Z%bek0$-wg%YvNd{2m
z0MX|IdH12ALo`UDW-qQ-?;gIsVhil^M=hOR<-|LZ&@=akn|_&W={}VwK51wT(Efeq
z((rUmUf@3nXsx7PYjem>u6V^UymWDl!5Q;?Iec(QMn~o>vb=tHvjf!q`^TfbRWAv`
zr~I`jPW<)6-nc^FVq#asa?2TKs_f@)zJaU+w$zivSN}o0%Be7h%{keP{-<K`<SH3<
zlh8K6pX>#+-a#PCQ`dh&TAGHV?b4fpcc@pYh(y;$&-Cv}P7^KHvclWjVNL7UAk>(J
zJi|+do%Out-I#v(OUgqx)Z7V?(BJ<ZYhe?M+jXwG2d46{HCz}h4y1m(M;er|T5`Jq
zD`8-*(T9@vN?@t_z&9QZM(5C8bdb<|#K0OjKN!m~LYP_UVf7b2G@r=fy!X-sRL>;%
zujbjVR4VS&MMGQTj4y)7yxi>%neAQSKc4cpO*+dWQVEp~z?s#FNO=!pSekfgH^^yf
zPw=R=LiJJx%iW_vCoRtJ)E_SoRLzhe&XIS;C##B~EdWh6fw{#Y7|jU4n^xdMXkw(}
zx5eT5@te%Y%jZK{uMXAIS~O<Wr^$Km<V}x;l!JhW`|1En;8IA(FWr9pe}EH8_HQb8
zdy)^;+gDrbz$5O0k&x~X=E@=g1eKsE`f$OeeA5nC#R2OhHrJ!>Lw<atrUJ*25N)sg
z<R0F7&J>UZ9gwP!yuV)s=qzLGvMiP*h`}Ur@X+l7fq~2>VPETB(Im#1W*;tKk^D;8
z_9&xu2d1o0iW!Yn!=LvmfNp)r6G66eJN{m=wCUm8MI1!7Mgs&<4yk@$$#EWjn^dUh
zd{mRVCS}8wa93W%bQk9C(Ic6i5iM6yC01dZjuL80vETW<{I~~{&-z*ETFWCVY!F1{
zJY!<dr;VZ8xh8R{)-@dUr<Jfrb*Wgb#UD!{^8_Nf{i_J>a0)Y;u1S#$`lf*YAQ8<K
z`b<Ac{uzEhe92HBcc}WLV2r&c6d}@Gi0yV@s82>{$%XGy%?)-WQyHTqfI*>6PU{7{
zLLcQ$sfgMtFvZlzZ08zV4?|g3;ej-k4pJ-9Z7MYdW-tE!kzG!3YhQ>RcSpncJH1v3
z&#Be*E@E(!xwC1yZ22$T80h%_u_r0%33R3^1RdeyxRq`Un&gBH{qyDve|J%kpy~P%
z9_c>C^qG)4G0lwXw(-SR9C^+3w~J-R6Mh}CXTGnGe%I(ExH?8+BRn1_EqXn5u<55-
z`CgYQcJg#oiIDyJc0{N<G<wCR!1xdC6m!2~xyAi=_c&=qy_i3rz`6}0Pv9I~rzx&5
z>{22mnKC{7!*ZOE-hl9qO|zDA8mm;<pBL8^Czy4PH$iskCgjc-(TM9unyLZETy4rx
z^WCOY%sV2)QiwG0-{wD2v=@rPWdBZ&9=3tacI0E#Z;Yr|cLt`~?!gB{xH}XLHQ{kH
zc(<n~+fP=q;<qMuE7K+`lq=KfRcS=H``Z>p9!@i&f137g6<7UA<ad`VA|Dy}2`$Xt
zyJ#`33)&q9P>S0;(fz9o5k4Lnq7nq@C@A6xefByIve2+vIwXZ9!Q4~By`bv<bR%53
zvFQV=6*<G2QteVya?g5GCjy&0dWdK_UNi7wPDIc%IAO1K-+aCE8)jB%?d-H7YfO3j
z+ow*QJqwNHdsB?GGL%ZS%sZmQ>Li=Q57Qo4O0l|IJ0WD7g=>x4GOm}Ihg5l5?&A{{
zj{kB~%9TnLgt$|usQ>QqYiQ@!fW4$!iAKvUyHG{mYpEK-JAaUwmilE5>87d@jbPEN
zqDr!93Lj(T&>&*`VDCnH%*i7NiBTs__abY8{IE{sH_|U1+pU*d>w6!}!>>XAmiM1Y
zpWNE~2&bqwCG_y4YxXqDI;$=zM&0(Yt}u3ZepVoE$x4G1{SLUgb8Pt!P?W-gT@XR@
z$jE82`GMIw_6&Z;nW*w;Da%|x{|YsRXi|CV@)KU$pJ|p|{)#0GLo_1NVyW1*MOJr;
z1l*AIwF-4tWFX5@?Cn%5_{NLIg=3+)+5XVT@Q5!^>R*SpvM0>lgQ^MbB458g9y%f7
zk6X@NC_Li+T|XCaEjw&_>-=3vucs}mtMV>J%*~0j+hAuBP1GV&i~Wi_F1+>HpmiE0
z))*6aiIY3rukxwuI}*JbA&5h=-H)?%&!{e!9&1TNDT)?i(}8?78{S(-h+w9zp8vA)
zw8a8-Pp@+m<Sv2M;#^;-1ez=8mfg#jwJ@x7n-Wgk6LpEYFUVA(KsfuXAV+3Owh*`5
zJkH>~L%i?ApP7E84}gJ5HxzqQ{J4mc1~2<Os<Gv2p*@zG*MDYhKJASsUWYE>DMQ0F
z7sQ?+_RqAKj_q^;il<j>Q;Yheh@Ys|Y|L#pUhPP2{YJf3G9^iYtr1hLz7x0pN3Wkt
zfB9tZ_OvJKL-M7vhic&%n3MO*RI?uK+Kb>2ggZw>xgUjS1|50uX+pC*9OHGK-lHM)
zhMXd7an`RWw01OXG!a08p^V~J^mI896|YauN(<C&xj!r+a&PXlm@W;ek#uGneo3?c
z=v^vn2jh#qt;PqsO})~H`9_OqDON8!?mYt4Vy=q{^)`mYrhcaW_KbYMP({Y=@9xqu
z8rU-BDmX7k&_}_)K8PK<4`im@n-ZEXdt=hSKGWyg!vcK`<1WI;)jhJhn-2NO5X_yL
zj>U%SeZ?n6K?<IacwxmCv37ouk~Ybd%pyPJ*`GEMHc7SYzc}#7<9vmjC*3;Nq|YC~
zOwQT)758FBALJ)V$dt)WOZFw26g?i2_A}prC6isxls^)m3vA|ej<NIMZ=9>ac06YK
zSYf>C!20esws+#$;N#ca67j7#GeukCGL`Y*s}j!iweZmY74i_@W=3P-XbZ$xVnwWp
zg6bkp`tL4s<I)3EYWVHPJVbuTc{%+=t?jRtc4oo~{@RxRm|Ux)JXE3u8u_6|vP^-w
zzeRd$u5_)C>W6@EAA-%y&He0Yt~hdjpH^&p8R}|%>a3x~HO6mFdMPuqJ^LSoYlvLi
zed(pBHj(iU$vtH1g{fa#+F9C)Y}E$(IO}W|d@n*9PQ>s@Kf0}ArZ%0=O@FqXzwQEg
z&BEG`_T>iIgE?G6>C@!|&WdWGiwEW|63f>T$(QC*f$m3gNB~yxG|#n@^<I$V!4<SX
zO}5C)_Ns09Uv=c6d_e$f)`ZC~kh4u6%ij>=XB@&OUjwII@|I^LMAlBHd6N5juK2ID
zKOV}1HwmR1kt+b2a+vX3*k2eRynMOR&?x$7NN^!qU?{`pUwr7{&q6ud5Z{Bw6W`{G
z>I0|FaL@TEG@)YW*sV1>XI8P;^B+W6oht|ERe<*L44%j@^EiskN(L?GA8E_{d?`0X
z2EI9=Xb70<#7nQ;mZ_<3+PyF*^Ef40ynW#jkuu@#><$#`?x&QpQZPK7MyX~k@BNGT
z_Ql&MwqJ2i7CehHz@GE+z6l+sQR?x*VJi#xI9*OzOi!iysk7YE=)nDp5K{3RW}`_b
z9|=Ix<g(O7<8+u05BPZbhbaTH>N=#rr%^W7viDr@)=S+^`L~<Ht_Hx-RG^b>|4w-u
z><o{D62GRh)&SsA9Gh@0H_(@hmKJ`pg`W6-!ATTB$~z**=#4%W@q_Rxt+-TWTVzPy
zQPC543_)g9KjY0i5ckx|j0$=<C5SmT$c70d1ytuJe2nvPvc~eMsyez$tDrsfEp|Qh
zD6$(gM85o^RWg$HF<3YT?YZ+$hN2yP;?0bMCKiNb;`cN`s8svlxj~{w%(wK?W)RIc
za4`_62v4}pUh|yiZxcCPJu>hJ4ZF9P^v3&s^Uxd3SNoE<=^&tDcn8!>jqh{0DLg_O
zI$z`;D}7LCIZ~OBzLmK-z&N2bE6hy*x^4~gqJ_U=pM~S-$gkW4S8M&2pl3%^$qsHE
z{JGg`Tgp;g!1-<Lv%X(nyGXqNafPb_ru&jVDpV$VkV<KVVp2SEJM0NWDq*|dVB8>z
z;=wa71gOzF8gTU*?jrkWJ|YsKr<x9W{7O>riyM(RqfaSNq${E_XjNjeRk?LNNVy1w
zo%2DAR9Xq5t=|XvhTl0BB`2SJ;p1T@VF$6+H`V$i0+mFaWnzF;eIITI@fmV-W(2|U
zJDhxwvZ}}^f#Z`NfU*eA2ytk+6<U&UM696Cx7an!lp?Tjpp53Bn!5nR7g4B5Nwcuq
ztHLqhZCa0c#)u-n>!z9^8GNf*j8wu#SQS^G8sE^ZE89UF2T<FDB+j>#C7Uo<-~4TU
zr`JhVABgY`gP(Acze!VhLL6#xsH8JNd<jfYcpPJO`C9`Ud;^3=B?Waxy7;(H?|hah
zjLAGwxy2vC=sAZk3LRGodljdqFn;S}$0yzLYHB=oMImbayK~fDcW|seJTd)(r;oeR
zOt8o%(@oCWflFc+{5BtAjgL=*uc(g?d6lB@j)-_dnLkSDKB*e+)@P4Vo!g$Y&G#KA
zs{8O!&HC)YT!;gZI`O<N4EcB9Q(na-%^=QSP6H>Hdbbk!3ila%#XwV8)Kb1<2%_ys
z883VkJx;B>s(X)sRhL08q#~qUy*!6PA8#^*9VfQp*`0ott^Dp1&b8o!a^45zJxA6`
z4Zj+AGmG_A-ZHl)(u5-Fjdj)74oZ~`AqQm~;r9*_6-p3|?o<-B_e|k}{4%-%4itto
zL1hNS@IT6m5d<6Lh9q(_G^#=H%?h!th)Fx#{)f+1b|Xr~7Ap++Z+SNw7~8p$x{OnN
zX2_u^Vjgjcd=)X=9qDcVBVw>V0#Q^*`CTM|;Kt1KgFCOb=sOOKKL%*SMZPtIW?K+@
zWpRh$EBbS*&@JUkScHfv$az{7*w2C{RUOR28*HlcODjDYK^d+-ozyOtn2@K50o+)|
zHNXyJQIuxsW~xpO#BlJ7_~T=O7n7P0EXS6Z36hB1hQxunDfAIAGYP+E&L03~BqU)}
zH0JB$c}dz`negtrfP@-lEE98pQ7Q<?cxXO<NB=GTO+o%6;kBN(282Dt3KOB3kySbA
z*|}i}kyW8~isD}bwv<ddoqL{3-M~rR5!}>3J7_1uaX$V0MlBAh$I0=%pSc%?s}f7!
zH2&OZJB}>0ChT*D;v`fQ?|aQ-d4nv2)<=01iC<gpmfFv3hYi2^y~FaL<5N9f6_bT$
zW+v@vi7fr@j~CpDuHOJ6HRLR+#!BUundLCjSf6N@nf4-XmIX~|A>GQ)1SqBn+igl>
z%{U;g0<I*l-&gf-MxKGTnZ?htlx>@=mvbOpSy{9=p}f{Nss}Jp<2NO8*_Xraz~2M(
z+DT9aN+NOK0NR?Jf}^>j4(RUEHUdh=WiyI`Gw19<8MvlHrl~$aiIBy%b_tfXtQxv+
zCcXmTXc=lRPGfZb2+Zjny7I;7^E(t|-VDt_$l<o|*CDBmER~g^(c(L_LfrGQ)ef>h
zX=0skVyl=&Qe%J3fnU+ka?o0Ha<s;?f==n=(cG{{-;R;|Eefu9=k<&g=FfY9zZ~|0
ziJgBNsEdvq9o2-1y7-TspO(XBkS>nz@7>TsTQgHqFpdW!?f`oNt|y#`fg-G-6M&0y
z+7gJI1tneozoiCan+oPJ7&5b^`|4oXF8L=7XqsweO-$(T%64Xf0X)u;x|$fVdT$^R
z2coE*r1p>=yz6ZMKnY%$&r(>;Ydqct99M%KALY%)-U3PRr#>2w|It#OZh|}OeK&Ux
zo^u?U1`u6=Xm3YBGV<o0ovNJ)iY{qgcmVp;7NmeJxdJY8F3;K7H~7Nm+8~YsZYFDO
zvKvxsmZa42ZRxnx#PSa&$&lmb!A9n9vs|8a7#^^)_;%98S~|o7EbM`Ui|wZU{M){p
zjdkH77$AUeu?$V)z=u#*ZdcLEm*^cER{}}-dW+OZDr3rmi}hb_F!6`>nw{z;cku*H
zD$XB+?S!!@lX9k6i9pk(!5Agzl~r)C4LCJ-o>6x9);aIf@*fMe{XuGufh(Y+^po{&
zTH9s#Vjxv~;HoTku$|^2D?OBvpo&GFC;3vw$^2z_{Cw}JJm@2U7YFTu^kh?W=##8;
zq;t=-mCs6tpLYPy5Nd%lT&VZd`?~&YuNTZc$ILNL1<)NJoHB{8=B@LtCuso1Bq+bO
z>Vow-3(!jq^oq%AJ6k{n&b?k+Na|Y3YrBx7=bW(+mJ<aT(luX4=WP7ne?C%|dlEtc
zulvr1e9rd#_iFb}W-qeN7=Z1&DOG!|4gKCd{yQ>h?xguJuQwaMLo5nr(*$!~ObQGI
zh<1*>7O+c>a!3Ub6D@l$<5oS}YTi#GI!}WvXx+(DcHUjEm4=#Mu|{ymzf=akYFMgJ
zMn<TI?vT8vI&+oVwSry<B6B^j$;~g?9@okt<AjrHb6?KBuEGY(%HdYMMMXI&kEOR(
z^eU?rtMK24N-vR4yy|gsm!2a3mxgawCFUcQ=bre*2{?YLM8M5?gbX!%Sd%8e@%7dz
z&9I56WxC|lwKKMubY{njn0YOetf^468z;Mi^)Hmsz)eggir2`2Q!e{11rFjC^!#I-
zG^$^5V9hQo)o=0qz=Gx64&X>Ers%&Xa>ZTe)v;edgRB+pzJMJl&p|@!B@y$^KF*=r
zzg-c5G*wlg3Fo&Mw|o>bk^EIaOYmh@s!3OxnBlVBT{kJWwH2=e`oy547OJlTYRf)N
zwm;x*TvsBZKnCR_W!p3x?=^b#wy4}27^!UAQrTc>BkX-8oFQXzFO%c2ezp#c40JxQ
z4&WCD$r(IajLQE#4akUGhvd*clM%JR^^}~8{o7*@@l&`y#%*Q2rHQja{bMP#(rw6{
zQdNqO6nRciVRh(^Uf^Vpe{z=(U`Ok@wgO0j`7t_J{#eYb)e|Pp1iTmGYv8#A29nhv
zOAPY(Rh(zdTw?FqP>QxwYI^+;c6ny-bS%}z+G<j$iL^6IK&`vVhqilmbkFEjj{r<y
zaM4tlJ>H;{zCPwJCslOKL9YGsqbA#CH6pf$m@2Wpn4tqCxxi#*t<=om+M*ORX6^YU
z`&;ptzyFAZi5E0XX<(0gj4kJ=BOj>>SYXNh1)`<hF!c--UZGj5OkvpuHsPJnY{N@3
zuC5)VPj5%2_;_NpF$45zq@|5+cB4oa%gAQIvs$q#|5IWGg4#!CyqVAeRiQ+D$y6I-
zm~6Y}h4!#gc+;J(iuGJV730EHh6=1RrJt&(xB(x}eKNc!_`HKfCP7fQUbSrRPv5Mu
zKg{a6<-Zt+BqRL79qGa>o=@w8RDcTqw!pw<eo3B3t(5gG6#3G3Fy@l|jVuQb74W+U
zE`1Smdsy^K+yPc{MV4!Lgd(pcjJqqXpiI<#cIOM5o=#-+i6}wD`yVO~d;ErAZ`e%B
zc;>sl^~&}X5(ccXY04bwYu4flgFx-x!!GnZHk5(T@~^(Fz`h#3);HFuB5srPDNXo0
zO>1o2p2AV2P+1L?ko$}}Tk3bwvJ7Wfs#%wp<@@^^q7rbNXkxX`r}=F2kn9hOw<^fX
z7QH+>q->+f*h@aj&h*3ftl;ukk>3WT#C3wx@oGVeK?cefpRM{8sI7Q1?R)e5Nasga
zqT4sSc?WqsNg-YKw*m82pA33Q-I;qY%8I=u5l8FhcHb^$T@^Sv)y~+4=4ObRm&eQ~
zxlK+nCf~m$t?MUx>0qt2uN4$RRGuEaBAR9kBJ)tAGyZ4qZp+`$j-|iSnFx5c>BH)E
z8^Y50D_CE#r9OhIyFmN)OI0mDBfL#1D=sPn*;m;k$KhjdeOaP*?aidW(GS;Hxp}eS
zKkGxcBOWF&qG{gfOQ%B?$>Bk8mylR{+m;}?3R%luZmvq=91KrmqrlU{MNks7OlN=^
zr3IKi5w%H`cAAa0?x%0Q?{&Zs8WGE6Mp3Ew1M+1TnsFpUAufFpEE~6`)Dx3bDYquC
z0abZ^%SKPfHZ+NKZ16VO$aDJ{=7YJ}1lPbhZ5lo8wm6GO2r0`m%b8-hK(5hp>T?D>
zOm&@JlGiZ?f)BY($oE-q&V@G}Ym>`y*I%LDz(y2BFSSUj&@yLa&)k{H)5wC3P7{w~
zENN!GoLa-9voOxK&(GMC#8SG&e2@sSEKS8)oQo_fg|W>UlW4c4auJL4!VJIL7nmuv
zwc@SdAfE^s>C3GtNV9a<kjP=N_!#7F$Zc0P8p{f3&-0T<Jx1!Z0)LdF1%>9&T!cay
z_$$PO2we}kr6Ec;Qhf3eI)nS}Y{$phmfuj6JCY@nEb1qJC8fYnGOHmQ)ndB6*GXJ|
zXSULLfL3IQ7yS$6ka?BFchVmc(YJ6Fan&F1KYNye#d<DpTH$SC3QUYI5(rnUvC>MZ
zG84%!WtY;*DYmLzNc6=+n-Ii=ztu@pb(L~$c~InTUpTI4o@?z~w2{pb+L2I*=aoQP
zOl`yyN7N=Q54(FLs`0hoF=dEA<R0>V6=eO6H*3IWszdJ^N_oGCzht$X<8YDS)%YI2
z+cn3^`%mPnkj7VlVTfU}i{|xW$h&h^(wt!(@a3gFN0G6$wx^B?;}#VI>Vcs5S6x!`
z&x7Ocx4w>A5tlp*6?T(KLhBa!6>fPfMt>ea%|?aQp&{%emC{JZB$i8XIm-6hSS`ig
zZ2KWq-AZfhBYtaLO$Q~!EgYbg5wYcL`>LIp?x|Ua6PN9nj$UEjgfJ`?Mo&o><mqmp
z9`Ubzbu+tqZXh!1!y7xiBUA=^4OiXyRu_H;rq^qUwOj}l*KajLoWU#nd$@w|V(p5J
znR!wI5j^y{zWh_$$lpKb%rU>VV5Tyt_$Dr|+ca)P4vllMWFE6y#O91!Ft34)krN+Q
zeL`xnkvH|o+$y;}Vrx3u+puC%C$e{n_d>&PG%5#Q=Yv_1R4K7K#2uJ>U+nT8k=NUM
z5xV7r1}x_+IpY)5u_rEM@73s~F<f+IH|;>aD%MZFm-nORDgwC)N%t%|m;=^c>YeF`
zr1xsWPakkMzOO<AyoRa@q`eizL`!a-)Gv??t}LFMmy88G7@rL9tyTqtd$x_xT1y{a
zdqAsfEd2%hG>1?LZ8X;PeosvH=@m<yJdb%>-cWET@zQ*q=#u+|%hQFF9S|FF&v%_i
zr@}w8yRTzXMt$U;oi6~MsW!0pC$0R|>|Wy)A~aRfndMKf^?vK+55bAE)5`$$Y{bE;
zykkK50qYeT7+85kD0wk3@YAQh7}0K}ZEEBGllI`fcJh_j{`-^3kIR9uBUXTX-Kepy
zmMzcrkT#7uC$gz9zzWT*pmMTLFJ7;m%5#FB0&k!HAfe!GKmVVW*B)Sk_}Y&6k^h?c
z0@~)%zlVohDpRmE;HlIeE8c3L(&bOme>v+r)rH|pS7|E^KlYX-8rlZ?2tD19JeXfE
zjSv4WjGW~q@5?<60bh{t2bU~D9@l(LA99jzT|GWJ09(E0Z(SzjT$=uau=FP>L6vj2
z-T|};X0~2_gFrRr)OH+Dc4R);lxl{roy{-r>u&dW*zeyhSlO0|Cjze_S-Z|_s2--2
z4wSBV%OX#&m$QSI$30zWO8Z9LZw?%<3Bz+WX<Hr-x{x(p3c9dC1}>hAmCwldEySQG
z)w*Izh4u~gtK|ZaZVitOfLsZE?6bt$eH2Ketp-pf*@0pLUQ>7Uae<Wr%cs%arIuYh
z&$E1AFm<AFi*YN?8;s!HBKFx=*^Xn%oucf5D+6{(M;&(*S446<)qFT%7Z~l_mVpC&
zklsLis5~`bmQ7tgzrIMyX1ASr{7+d{VT{c;%jOi1EczkK9}mE~o*!G7e34>yLr@aE
zU4GMQt%4PIRAS6=hfo3JbB_soUP!aBXY|m+aqHdNY}(ZHC`WmZ!E9<U92cYs=TSEA
zXRZ@qq>QexsTD~kQT+r!pjp!4OrS#QF;b0iU~qadc^_awgiD7vCMMBnhG-C(IO;~z
z=iU+gGHV~9lAVEaWEg#XzqTfI%6A~e-q5X+Qu@1Ysj;+oObn2Oi_WG&K<I4Tm)x-L
zbPqVbr)AXlRqLf8BKu(Bj$WiN;QmCdD|6u<dHyzo1qAj>P`6YEqfC!9pff^I%q%gc
zi2f2n+jeLg8%c^=b&OQn@+(leMDbUw22p}D7g>W-NUWFmm4QmUi^Ug!Np!#QZ^YfX
zOG;oJZ`p}I)`1I0%CMC|MXQ%hr<=kfcUak<SFqU5nWGSRn9zSWK(mbm*Acu*!HI`N
zm*$dkr|N?JJO%cj@9gy@iGGrUD&49^27j!*Fn8VItr9q7-inGuYs5rXWo)N}E+5=b
z#f*2GpU;MdkmUC{#}?FtwzLd9f^bngTtTo(LVtKQW~>zL#&XMnhtA1d-%KgemyTOp
zWsJ@4_*UtRU+7y8l3Rj`BYn4Ol8D^zOegAC4L<#275&-DwnRrYpyVqqj{OKeN8#dU
zi1GK+`|MqAx0*jFa6H9-$f+@{qWKw8N*?rgoEkB%V1>2BhLH1H(%i=!zoU-FCydm2
za);L-K7;^CeJkJ=ox)lW1I{qZ25GQ0(M>^4Cj_?_hk(jjY1vEV@e{mL8VIuwFFR+Y
zjv=-z#QJvei!a1xM?JrXJpAy1W69Jfhv&ZhiweHFw+a;0hEmk3A8_azsa4X}DwOKy
zweiIj1W%gpuw5FAL2?6|^J4<4A(5X8Ug_8c<aO&qTu&60jxTi~IAr$l{QPh9A$Y9R
zDi(WBg4JtM4XAOYa>#WEN+N362Fvopu)B}hCfM_5cn3_)(<AR2Kzfx$n1}gZ8t^HR
zKZR3SKi3g;23DcZcs{)L!JC8|nSXGnNuTA{h~o2wDv(L7MGS)%tKWsY(x|Q|#J@zk
z{$;sm=;T0gZ)Hv&7?F~Co>Pcdz+F4Pa=e<Smjc>{njV(2!ph}ft8%b2FUUBP|7xo1
zIK(1(rR>#&<hfrB3Gv22<#8kBgWh}xB^>naa-Vz$BaA}U6d;|ZAmo~D6_J&&Q1XdV
zRVPPS1?4Ih;71rz{fLc-d3wBLQVvP3Hxv6vHYLT+yhV*+Bz9$y4&IhzTKAOeD}?d2
zNBP4V<L0^&dIzcy7DvRo0xnRfbd3!|{jdcTmv1E!WLRtzBM&DP8;oN=v)tis5N7V@
zy;nbO4J6-q0xILcodg+b<QO~vYjsP(B5HP+d<Q>23(5tx8o@&GSr>;9w1AVLJz$Ys
zr^3l?F$tcX&c);q;bjAw)<;Me67!1u?W*}dVfN^{`^}s6K^&p=Uo-n08knAR)VloP
zAM<^5+!9`VIzA@8z??2XR!oqk4*MbfkodMZGqnWY4`~J~MOMT7w|DPVYfUzEB}Y&>
z^BN-1094}ocJ$rekmMgIezk^IK1prlDgRUdjnq~CU_(a#JMaWG?vkZg@AKs}qkS8$
z+DKLF?#gDyYxRss5#LT^Z#8r%_yH)QP9hh5(7$?mGugIVWX?yL)F$mm3~il_u1y7D
zLL-XSO;Y(|&O4y9?vYYp$zn?VpBenZb9eVVJ_rh&(}0wk%6b(Zt6z^evfQodizJEo
z2F?LqBlrUQM+B(3f&QAad6=L>*}%JaLzd~-nQjofNQ3U)K;nuA=)K7@$xY%!A5YlV
z03XsnP_%=wb?jE(1TMe?g&>Ak6^!3RM%%MfVQ<TCLLbm!o28`zV(i`{rwjYLb#Wd>
zHyyRM#Kb7YN>EWt+?buhhmeU!n|Xt<40hl0A>U291N1r?D?<ErRoSo~6GI0*v1?5;
zo18!9JIP6CK{~WKGleHMjj#V~;D4)eo@uNGnIIKX1Dk(g|AaBTHD=acGgG8HD`#ML
z4%}N(K#3DAGiSqmuWdChz?OiS8;`K*YlY!*!~6)Yz4LQgurNmwsxkd$Vinww4T2{M
zXe38ZcnL|;K;^ToN2ps_B@@lC8U^LKHxq@PNXK>;tzg?%DYGOQQTDU~E@t13r)lxX
z2_{_bfiLnGuU=^}w+&Ee%Jw(UskT<|2Jp#j{9W_Pc%(DdpMAjCZFMzqV`-^=3wh9l
zkw0v}El9;HTYmrZ>xi7V_fO92=hvL4ny(M@5~n+g>!4xA-d5X<@ykA~c}vSi>njJR
zS33cIhj}Myr{T*7^5+9N3qFVk30;=afBXDe1H%pv|AWu~BX+>+<R#g{`m=>TkOqO*
zMI7_2E(hiduo*nfT2^=A$G?uf|AX9K&clGl8!TMD?@Z`>;@MDt;Piix)x7kZsF%HE
zIt4z9+Qr~3MFEDIEIPcA{?PsJnbgH$^~bg|<^lAf^fdJE591YgQE|RMl4AVs=*zGs
zmW9F`<8D96)jbg&1WUA0P6leepOwH87?jsN14h_Ipob@e)_>WBC*<4Srzg3dZKP+e
zUrj?|3UEg#!{5j^<>@9uZfwfQL~~Xe)<(k;;Gg+5|LI;Y%Cm>ELCuJvH=-vv3mhz8
z^}BZZ7VgFIuYtx(*Q8i0J1Ui<_GXYv(*}EsbYFuGQ!bIrgBF9TVLdIiS`89&2W`<5
zX--Avt>a)-i}a$0OD@#>t`X8!rtzZ9h?Yy_ItpX1Y1`^Xd~~BlN*_XNQcSV18k91$
zX1mXKwS+@(zNVP&@dym;9N;UNG8x;eO1ZhC-jVdVD!3l8XV|L>Nysz?r%?e{(jmZh
z_VE*JgR4FoL#rhO21eCT@DHcK|BHH7bB~SUhP7So;2sE&=dAvmRT5eP*$qH~yd+Fd
zD7cZp=xy56<cwX}RVyh2My2G`J;csGn`F<;X9A!?Cbim@=J<1V%oINE0IlYcX{_;_
zwR&#z1@yzRMbT8(BYOTyV3BU6XB{E+=DDb-N@@Wt#cjx2;;n2y{X=bo3io=XyB`O=
zIq|Ov5x@ZzQ_{C{B{*-tkeXRf-GES<H_P9vu$mB^!?Fc+ok!5zHR`UCa<<J#V*L2K
zX0U0!Wk!_qzCbjCjZuB<z;%DL|N9kVd#Oo*{?3elx~4WLcXuAP_G@MRI1Sz3O{>lA
z38o>)@56iyRkl8#tucid+H?!7%?B!CyxEXH;wXWB4f0N>#bnB=8W@9%&FpMsST4cl
z_}i%U6ZU?hH+Od4oJ*}Y6SCpr5H--myy`K*(x-JkfGuKadfbhqF!Lo|F)45QVX_!F
z5iPdTIOA;?sRBi+&ibpLeMSQ@>us}A{=Tj+h;4pMliS`Wd_PfOD+@hD@3KVc)SEmh
zmvxYL7hLO={Mu{^n-G?Olk;*l4jAVtSL9&2V9#QGDxd6I?^(Sj&e-9~qk%_@<h4bd
zli(zh?ng#=spC8Q3zwOThqgr^CyzqU?-VRMum+I126f~<p$jjUa#oX?h%c*!(ZyP0
zG4s`x{d6O*k{JAA6x;>pEa?iZ_g1>bW(^I5SPcWNB_qyj;<O@1>vA^<%B^I^!v!TX
zTyT<YBC-4)VT+O6MJAo!asJ`Lc~&Y*BTv4>V6X~{`mtKl0CO@8K1ySzjmDICxfLH&
zphpZJ>q~#e7zN$;;ols|Zfpt0!h?e0BYK5$$Lzgd-y1xh2)Iaf(MfGC_tw9d>$lhl
zf0pM-Xw0lYAn`)ede3r3gwp;o@1%w?3N7in_mXBUW`UV>B|B!7l4fk%_+qLBNBEK^
zcAn7&u`5?57tys`5$MW{NRu((D)A~j2-$gU&g)>tOM>*w3+EcYczeQ6RJ2t$Nxo;r
zcl3#eG4DOpghQ3i<5jkUJlX<>t4$_F<JaeT8hOL83Yth1GI$R1$bi~<)b;tmjvBWA
zygd4u)j#WtF!&3bcKg4E)hw)~C!s7D76xo@HX<Mf=z4?r?=p2BcxYDSxry}Eo~MWW
z!K63FemRkBC;IO5453Xg+ar0!@Q5Ske&pzt@dd(iqXT8Iu_WSHydXt7j~UhEiw2L*
zscuzCIDP2V(0nKO-}QH5w=8i*&OwT(<Gm#_V_yGVMAAN!z6&qOj!2Ndpwh#St{Wt1
zcl;GodOR@pPS3n!dXf?KEOPS5+697VLrtXp&%osl35Lvlh}2M9sgelMBZ3lod8w1l
z%RKCc^(n<SpsOT3raxEV!!v;U9@<{Sh~m>@l-Ng0=eq_4+Or;P<k*ueRpXHt*bj)#
z%?!+k>v|OV8u}e{5q}FNrk<)bxLE3;Z?pbRV{N~$)D-C+r+k|}h@XmKQxAI3CGVa9
zl{KR()H?2782?q9Y5o9=7m}*96XZ@CJU4!DA}nwIJi#$eL8H=Y{=V33j9=MGSX|r}
z(AGjBewf#hwQKO?bDR7`@kjQCu_viklz6RwBfp!$Y4%KQl0m!G9oa}Jt%j#SB<_|&
z$A9%a&aC1zh*(6=cq{asghhf9o#kTwL1Y}3K?KPeCwT=~U?;n?Y-Uef!})z>m&<;%
zkcR*zmUjKbqSJlVTB}5Y^LrX=?->D|EEN_@%*vkyvA8o)mZO8+?L+sTOoxt$8N$CT
zpdJXXj|pC;{5l}jy3ODl%hDm9TTiM?hfmz^OYn)m3$VKCNNAquC~1`afGu{e*K!8(
zC#uq%F=rIsH7w~D5;>x(o#rVeLcVO+Y;R7Jm~pNMf3f^eg$@UyfCt^u=zPXwlv@!>
zxcjJ?KOGuZ^pNZpOx}yqxWm@+>l_WKP3IvFEpvBEtmM>)5`)x3jL*hKjjXb)+FupT
zI?f2;s1FSaGr7E6Pu#k0$LbcKIOrLD@_STOFV7!@KwHWUt@Wjn6EnWLs%S0yk|l)@
z58(XcR1@QdSLTvG9c)b1V;sX0PnJcO&c7lCt4|qtx`zf@Yt#`$s(QDz_N@vG8OyAW
zl@f)iNPFD{@HbUNN?&5<iw#6<<hEO+uS2Z1{5#NC@K-&5AXdwE9uoN`GvGJuy-)Q5
zSD%ZdroB5Mmg{wM%sudtE*8Soaz|K?nI}=ci5@dLjQI_#IIO>F_w;eNafZJ~UH!ok
zB#bf|JKVhLdsx{AcI(owmuYd9G?)=*HQLQRDfX1bz;!f!z17TPxSk|*axbX2rqm56
zlZLp(ujaXi#$VPLx0)=k*!c}B;<rDLY&H*wlAT7esQ`4&e}?5^d|T$$<ATMXaQMmB
zZ~d*L>{2S(vn-dw3~AyY881@4oRP~V8KL$uu~$Pc70<W@a4s3ltFqspZicU^ikfvx
zJ{TW;A9dt-?YL+Hjdd=58NkZjW+K0$%y=H2^=n}9*!9d~8>o-ikb)x_JVZWR{70Y?
z_WR#XU;-@0%Y41h>U6$Jp0jQm=w$jDML2P?c1d1E%e20zzna}Txt6{}E%?a}{oIvs
zo0|I%;@M+MgqQU9@9E55&(1&8#oABZQ~8UZm&hqtoHWScW#<}5!kZiqR?J@tzGfV<
z?LW)=aGJ++8Svm@{p-;}6p#hnk$7smeib)~06@}jzZb5(M}5DLT6(juGk}3fo(?77
zG<a}zUEOlJaG`zu<FY}Z?L;;g`}+DNIh^&%qUGT5Fu-dy@X7mXn*Sintv*B3o3Bk~
zE&@BiUi9wO!Y{vpc#n@^^WKOY-s+30JWTqjJm3CLvE}o_gG2X|K#X5{XsU@BVhkFX
zzlU5w{d+%%F8mjtf(`76IREjrBxNB!QxAJC=hbvcXbla5sh8SJ#wV7pPKKhd@o?{A
zR2Rb^nej-N%e@Rm2jC$RgX*BE>k{g#@4?e|u!tAD<@>Q}z<<CS>;OZQtpal1mNmD{
z3+#1bAxhF4?A-O!EAy8QGVYZ1Uk93YM5*)b&t)!h`=df<cz+jx5nZRZiYiniU?5J?
zu~ny5%67L%-Cf1FcfDy>{pj@LL(s*q&wDv;XE2CZ-DT*liUNahvz&vy>C0)2O;@5~
zrhkujSWZ+O-B1>NG@td6GRJC+Y1Se`vZ1>An(jl6LC1a^BDq5jFb5C@ss6iPVe?(l
zwp20ZSml-sZl(j#+pVx#PwhXKDdO?<0xxbjAB_`xBxrVd#woOEKE(%=QPDq~Yhc2j
z7U)*l>6m%1-YjG-tpa3IH<=OVzjqTY+<vMX%{?ZL%7(yNEjs%TM?u$5)N|<FKh;8*
zz-Q5LT|bdyq?eQ82M1uv&iLe@<CIbNC+J1hH_!Q$eDR7agkX9zayE`*^VOK7f-$&9
z#2TQ0OdMHGxHraD2K`)*ff@T7xks*DZLMc$9H>q0WH_xVy~zLFV<gqgUphsAe+zW#
zrfwd#D|>fHbj4Kzv7Ov~aA>1>Xx3}unP9Q4rzo|9-uLfD&lrd7c3flaZGt5cBe#uF
zx1vhMN>g#raiC5I7i4S&$=Filss)7yDb+)jF%*u1z#aaIY&EVZV1kmZn=SOt-<&>Q
z1nTXkLY)bt<NlIAvZ-4jLULXEdb0&5yeOXd4n;X+d49jPR_Xbxk`lQ4n!Y$G7kw$1
zsf&oXy3r|_9aTRxQ;L>+D83R_tCZT7`CGi$wsbe2(KDlKTFIEcGa!Rbhp76gfdW)o
zgihy{Y~?3(2|FZSI4aEcbVT=-fC@Fo#{{Kl7HS(>eYTLGKjLR><Y#RlIU*E$s|dM%
zY(P!DtWW6sPLW~r+!~iBDvI1}@10_sTH#Cy+wf;L();9tI#9Oz&|#Kdnp?L75NwIo
zbn*Ilh8v%Qr#tfRtQIGI-m$9Jg+TYk74Hs@Q;YO{qN04QXk&owZV%9DgRfQwVXRO2
zjP<leo}F@tbAQwP%?4o*25&k%yq2L&G>esFt02_8N1@a^N<r$&OCK&wUdCATDXJ{0
zi%5PesH2cVnN<81pYoL{#hsdB0+qZn3=MTK8fSfgLX~T@KE>)S4c!^rpF6=9U}tS=
z;u{Eb(#G}62)gf65EF7R;=Ahu-4I#4;kR1@m5?PA$9-l4)sGKZ?DK<hb`O+Z?H+9$
zIq+t-)sn<K12~XmBjrs3lTLY3Te0mQ^NypkjJu@WsO?v2C5C=TG-lgqX^ZphwSk@q
zlKk@aXTbYFpD&K`mjfF%LAqg#BqvCP$RZw96TFx>KxTw5mEEgcit(&#3D`)f8Wnlp
zieEO^ApBKBmtmsib`le(kRixyVoVWf6Tm~HM2_{rw>3dJ<)7f{QBL%TZ9;uY09cgd
zSJQU7RSsYw--4k5V9ahOD;oY-xf}}FKiBcTfryy&i?|!(*ur;@hNP5Tpkxl}>raaA
zRfQ7CS>W565z^X1b#q*p8_6n%`jkv|;&92_!WzS-xFqkD?MH$_n<5@N+pqy5h1a1<
z+5)drS$x=1pt6ZSD=y2(TK%o>)|aXl?{|JUUz$_IXGw~=7axASzZnM!o#_fs$ZuYX
z+-0s9`SnmGE)+sg)^UA@akH@=LcaWrA=0?UW0oX;E<=PG=LfHtl&sMXRRYBf9!5QF
z+?K=>X-9#}k<eclZu`~6B4=2{LW8#MWAK85ZOd3EHx)T_MALjoYqF6Xa#VLbV&gDU
z|4r5Gj0j@><;{6@9SBV>w3_A8@>9(7Tx!*%#2^Y1MwLK_ZHe^H+mbPSl^bt3)JSO@
z?0Y$30P0*T7(#9EXYT2pipGCH!!1gGvH}tJ+t?OI>@|K9VJ;wIpE7vU{IuM~I_TG}
z(&kRx1u~cTkwp9sh@rC~UqQ9`#E29jmCT$?qyJCm*WZI_hAU>qd|juny`wsR4^$;?
z&VupZP=q*;4#794r%6=>rg-;jsz9r3rYm<Vm?vt$SytLasx@`f>PAbX-FVziPmV>=
zHa{)4wW%N}jwi@6<NQ;%+apD3u}~D9b7L{`<HAgf;KtN}<jB+i8%y#(x0}s1P(%Bu
z;PnR-+rasCagyyuH&&#|?D9mi&v*Y94DG}(8~+DUi2~75V@<4(LAWtX_M=F=23HKN
z6X=;aSjLw<1zk8v@N8K`Fu(g>F>Utvv^A}q05Dh^owodP<)F`Y(_AC%#1Tf(G%@c_
zyQx~p2C7(1g1%er>Ib@3&|L$APJEJ_!0HXIY12urz6cCSUY!o%1syVm9wUGxdLMl^
zPUG>P1||qF3^@W}(-^3zF`Z_mM4NbaI?!7FiUyx#S>S!0oRag>>8IVW(td6C3L5nF
zvS5b3$N>NW*)o||=2@cYVOn?7gg6^nX{yax+IKBP=Q){cE~6pn-^=f_c8(7A1FFeZ
z0{a6yeu6g;F0}icEa2DlESK?`(5hBBp1i(mmWQjW2i{j_PuG9){09jPjP_FqJj(s!
zhsNH4&bkmz*rc@p*$|Hqm`OYFMYvrSGwdQ?XIxhQ2T{xWEAJ6Gb7?nyEdAIr0*%g<
z(gg`p=>CxZ%JR@*uDKpJJg?>~4;47Yx)PXyA7FCGbn*EQ%ioA)`s%OCr`eK$;W6=K
z@)Cl9n1&y!fr)tX&sVp6lUm;KJdjOC9r~<jmv*$-hIn+=r3NNIa+hbGt81F~=k;0H
z1!#Ab#(G*@D?K8Z*;Nto6Aolg4vo{{B0SJ4pEX9!OA+yZw9QB4q@(6nO}X~Lt-xzA
zzw{=&7;fea)SOM?KiaNVCb*_XUnsVwE76VqA!w|)pGbvDv^_%%Szj;ytO!vW)&~c*
zPIoVSY{YZ)C=a!<p)bdtlidPcv>ua{MnACy1GuzE>QRDr$zvFJz@A~@dSK7M$Iap*
z^in%zyvI)@btgI5YuxnB*hTTTq;>_F+l(9akv>iS+pq)%Q5bWE^fVRwK<s_6=&t3n
zXQgCAde8LDA<X@Kqo?Y<P{6*dtfp@8Ps<VBy-d03YoYvWfZ>f^C(+Qa5(dyClfqyc
zw?V6NVAj@jc3wrFjfvHptN`N=$d0i0uK3^ZkH6}Xmc+WGmC&>N&;XDSxZoO|7_2Dq
zH9-?}*IjxP@=cKF-z%haA4&i{RN^l1bfq3z36}~de*GY%9)v;HSOsV>iE(+X86bm9
z>*lb)^!HxfeXt5N+(2|QD*Hsl6-rbmpeo=dodsh|4b*L}6>-R$8xoeTC2|b+D3&uo
z$&RF~roTnkbJ8NP*p>DbZ_mpoV=*A?si6<DJ9^}Er-zRzBRPRB=*U3;WI*V{Ub&|e
zW~U#E0Jnppl}aOn{sI}3$xxazc&C(&5-i%$Hsy?7O_pczB@Q;(G$kZ6uwnxEG@I5_
z6<Fpy0vyX}rE+@iwLd;yh?)?q0R1SQ2Dm4_IHGJI&KOJVSJQreL_3n2U7qI$0l?Xg
zmB*brL<brtw>?NXRKg(3v{53WBRD)drIfw`Yn$gykg;+En6tn0^ymDXp=F&6d*n>+
zJZ}#5=PcII(lxMXB$p7agao~YSd%-!+n%};CT^A@5-MY5&~m#iHM-lU-#C)fe?XVa
z7L{T=vwq?($YPmc$PdF(YS2&SFzY6_MUsTRrL7f11yuN>TiUqxNz{No`^_ow25~e(
zINgC2pnXLmtQ0F%VpIb2!){{|^ae2&Se)pf(**<9=Dr2`JTncj6`&{k%T~UCh(s-q
zS_<AfXi{|wN&=;rD&agYv2;8ZkvlOt!|qs0^&rBi%7!l|veQA=wah~gyS5$VT@%z|
z-uY8ap}OUcjn>qYpN>Unj<vg3_4B#sk5DnsE~^J-(s?AdGWX+H+wUs2M9Sq=JbjXw
zCCK{DQ(UA`#n=MdI4&6tf9Dbw4jLNhUfim(!z0*Uj1qZIFeSWkN*X&fB7E_ZK{__(
zl8Zybm<h4E`A5a@kHDUuL}^KkQMk<W0(AqMimOSkpT!2^6^W!zDOc0~zOuz><_e}H
zGho^^mRlxHx1>J*;h^rlE$<PhOp9BanaYE<7@)Y0d>LP;+1Rjul%SADS@F;Lxn?6C
z0;js7-9TU>V85L5t+87LjNDo34JWUN@)q+b6Qae`E~yb2%IWuZs-vl_K}hg1SZj0E
z5_cOhf4h^z3+>^S*0`gKXs)fZV%~vfhv&SCD=ycI)y6)$FvS(;4t-G({w&-(Rr2iP
zyKN7`(>M42-l<s3LtBX)Ek7j5x16ZEn&{v<P8h{0U8yinkvsn5YbR(Hsc9ZQ*M*su
ze_O6dTqL%)6YgcpS&ESvE0>(|-~GG-VSPGc&+Mesj7JXDjUE3}St2pJjmN>e+((+W
z5gKSs2#IkNe|%q?S#E8X($xJ=zUuiHD$tgE;-O1s#o)t>DamBpN4mZ<Fzln8T7kqG
zB1{$kqD@o7+%E@FNp89bFOjaqPv0R@a8<W4=~-nuHzqaKaZc0s9=B(^wji!u-yT0G
zOr^&<S#^pU`Icl9EGxFuB`{bRWko5AzG1e9_Vrzu5P2>28TVz?BsT>gt*GI*M3t9z
z%dPQuWh<7#?71In(R{%^>T|R~>3-2FTykK*5~DHnba>FBPl8o--aMZ48IlOv3|>zz
zy<9wsxO<0ew0~lX(nH;eHR$<`JA@qW*~5$Hrd>+pAqDma*4Rb*6KGx1&`f>v07!$F
z+oc!pgL<S2($6|{3I{D{p%*e_!nj#vk`6mcat*h0rYskWwZ&TTuvUzJXb3MWeiiyI
zWSU6EGWVWJw*H=l`tI+9tEx-=MBgnh8-!-K%%y==F`Bt6aT~GtTWCZ&j*ZyJ3h!H~
zjq%t;iw~~o`-%bn^x9XFT)0elZrXkP4!aoWzQy8mx6gW|6XEVI5=2|zsUPGv%5&#A
zN;s4ft&teJ2yHQqrPrT(>pO<^jWP`l;H8Dh9+M1|L~?&v2P9U%SV=7&4<1!--CqMZ
zsdo(<;r<7HLZd{S;L+l!Xih0HF-Zj>nkVeN^zw$SpG=jK4}Ws$|90qmXq^#XzM5~J
zsCV(XuXk0>MuqHc@2Y7%bv{Ls8jYp3KD_(dUJ#OCYJL~4qL^6Nt<$3+e1{kMtq1Qe
z_xF#30`{MwKc}Ml*mM=urBqs{^~jUds$B>OwO$-E8q*57y1vT1{{{R$+#c5yPfqE>
zP-q>C;P-=p?l3_s-v_W4#jfqb!stXlJW+u^nd!|r{fv^ApL$w|T#40P4D@?0m={At
z(lYcIvCN~L?8-gG4=*|ySX-LYq6-cUq<7VNq9vjO-=RFdOrLX$%S2waW8X?9;w5=_
z<T}t@r1q^V8a!^+7R_@Vh}FKA)%`=xNf-P2T}&jF@qu^qkhsW+MPzcRCa^d$A?NN!
zE*4^bdL!rYBqtJ89#_xB!mvTU?_R*|eJtZ!=$k|m+RPkouee<F2Ygm7mo@V~%S6tF
zzklzzY2y-~(kgqrk*&Oe(MPJURW6+o*La8f$Qr^omJUT9?_R(5BX<+eW2Qlx%X7Ev
zT>JSsDh2kfYI-gmI{G%q_qrj$(x$%7^qT`;#QSZzYG>pbi{Kf3wQG6BKVR?nTSq%!
zffg1gc#ETbU+?R<oc_?ua@b`u`*x@NWi!=Xy0Gd1ncV*%F4wwkVgAdm%PFKL%9z*x
zLCX2!r{kZJzLfnBl64gL@jpmo;O{`HILQl_z~)CaG4MGQ*7CDJ(vT3@!TX_%)9U!c
zz{_00N7p}w#%^YC3xrl`@Erb{Pueb6@#QXDLl<I|1nJ@*_{*~5tpq-~1PUf0LDm^C
zI`<RHdj22e(1`2`z%wX#n=!dqI|~s_)5@xBUN(r50s@$ho8aqLDaZarua{YY!e}Al
z<bnyy%J0|SD}NDe)eJwAa6_*BuwA^i?QU$0|CHAc@*(MP7lhUF)l{#|=JFwI)dUs2
zdNFj69LE*>Oi2*^ezg9Cr*8cs@1XUd$EY=T%FOmru>^>M@Rv=E-dozcdtmqd@(wO<
ziO^swR?vrXUH}1wl1@!VS86>Ubjia8;x*&+5_OILA4z8&*96;e;n9M0r=)=NKuS_+
zK|(qOMoBZeQ@RmEq)}QVq+1vrqJRjayM`b#`uT3&??0Sl8~f?TuKS$pWHolp|2ev4
z=L`M*_Rs(}+J3&vqAdOFmy6k8ft*$9?Zb}Dejp<#)mSTjli~e=5q=hxzx9ua3JjUF
z9)4DMuKz-9&<uW7dZ~KXNh_79VJ#;J6b6oMcKV(Z<zPn7v#1D2WMzeG>-OQje+sXZ
z@c23#<_U<6uY&5H)EWqH7c}!1RubCQnzu+rz3`M0RwYwZ7XF=GWljVb59bQE6SJKe
zlRiJ}AQg<J)#Grp>dk5{+jg=prg=x!f2+pP>ucb0GNGb|+Z;+bIaGnOC`AZS9!Tjp
zXP0q^g1(qnM2T(&-63!hNxEFdwYCY=`cyjJ3Rmt+y5w)~0A&)L6&~wp>D^!BS%xYp
zw?oem)k#irE-|=Zp>65Ke2~Q56kATFNH6_C?}8s?h0;Nca~)gs9?WF;8~33KxEAIM
zlN}(qek@XkLt`}Q`0Ic9Bf>bh8A^~`5}}SVSBR;6kq7mTjA{e7>`ZJ00z>uO-@5P<
z%6<OD`~i8SZ}bDK>hzh!SX$2kE{YxnuLm*YhzlNoe+oO}vjH@sdrzcM=RUqib`RK*
z_;rWh4t!Eb7TAzi%9Ogd`|{3`6i{|UW@}&T>v7I~r`VSGqcnYGr-V5nXs0PxtM8qP
zB^96yWJLqj*=<p#JajJ+01UlK2X{xvhA9w3K6b5Vu2DyL`tA`hJ7G<K<Eu_Zv|$V@
zNd>C!l2r;6A#(MJo-u;om&@BG9dHm5#$erzP?Q$|0!Ptn*AetlPQGqAJQ#SZf0P)S
zDM~+SP_P90U6Wap$_Jdt57Fe5*BAAZ_I)TSSB${qR-msVuuSwf#~!hZt)peE;G{y}
zXhZBtdY?jOAedvXjh+{!7OEr`#$57zBJ|S5CcZ4hvnIv*4WX5z#EZg<f&}Sd+J0wB
zn8ESn#?phRD}85gOyM9$rs}d63_m089l_&J991ty@ZAr;EGA6-N2w!^KhzyjXK|p0
zZM)IwvGF+ur@nB;z@%S>?N4UT=a={Y@bp$hlX)q1Oo^s8oA6R%zEUNu<n`J3$J|Eb
z^X`x>r!vPHBc}Qf27&eFLPpf{S=Ml?%X@D#6`CYjtLDEWbwo`hD3uO<X7hRa^e|2n
z*m!9JGIdN82oxMrExzA32O%Gvp-)phVe5HQq9zu_@g+tv(cuDdhKvscY94;JW})5z
zUk7EX8#1a(Tt1Bf1|!%tiG(4A39XkuQ7=@qP|y@o#qX0kg~$Z8uvmV*0dHmY_IQ9}
z*i%7U%qk9bNItR-s1R$H^pt3a&|@0lbg1^ABZpS}S_9dhnEs7N<;uK%>&(Y9;K7h2
zY(9NR4p<KH-eaC|5a%IWav1;Yv+>QY$DG3S5F;+_*p{rrX9(!n0b+{g>l=-@Gblmi
zsW5vLe?1MSGc~vYcjH0zm>l@LU7`;ilwG_A9~{KeWZ6_4EJ+3Tw)BC|d&djz>w7}Q
z7Mj^s?3_8zMVtctgs|j)Rz9rBUL_7GDh3aqPdPv<9(2u|AyTd5I-)-hGfb!`K$$J*
z1z}rcnJq$tJa$KHKoTnS=NTYAO>ln4a!?Z^*GR`E!W*~w<t!E^5MVydBzE?JY~lg6
zVX!$aM2wS2ZA!2bY_zGAhaGJ#5iqN~_*|65RQH9p?d`7;Hyav$W!8VjFM#Cc9c4Ol
z+T_%#F2$Ky+m-i`Q`3W`g2M<4$~)+iyuu=kFb{B_V~uU~TleM}EOWDGgwxr)a(hZ%
zS9#ah;yV9e{(KsM9^!OvlTqq@E#=wX%QudYmbFix??%v41Mw<yF}YRrKX{b?bG`~v
zR-j2cHUf>Z=6YesyR}g7q>(!e(WF8uTpc;{93+&2n-s|v!Y_gHIz@99A>7lh+71v1
zi1c(yMP_`79{?c7&04CWXV$<46wF{Y0Y<}r%=SOtxrcmx``-~ZIC<>+{@ri8IPn}z
zj8(b8*f3(GL3s=$eLm*~W~(o6G&lvp0M?rPahtm2bO&+{4#M&F8jSC*lPl9@^B<(&
z41|h+(|VvUnoYCuuGv-QWZx{XWEl_W5%3fF;PbKkuY(qxmwL(z!ao13YVYA*Q%gyK
z;@SZkkMhCYg{LkqHueMrZ|-bJK0a@%Jjbo?2vTSI{eqIq|FzJfhc08|LDY%q%qLOn
zW3v1ISWuu}9OA>cy*Y>&{S3dI2Ulb|I~#adY2c)@%v8KseO*&~M}HXMKKb{>+CcZ~
zgta?0kJTFJte3Fg=Z5NmXXA_V(p-P~6ObHwe$?3b&Y>TV=*c(W%MSkHs*#HCa91ol
zlW8*68K&srgKz9U{9-Uz$Dy<2(0a19EA4$ae{F}NZ6!*;+@f>uGCGvjU%yVd&^q^B
z@dzCYQL%SkCWO;%QajsvuO447Y5h6=yc8n);7m^D;?>pPYxUn~*twQdJMb0lBFBiT
znXA9NO8B#+`D$&G>#X%v!C=a{T{rZ??KZVw%VH;24*0~g#xdpxyT!J1(BKp1{nh-d
z&_K{0yAW*BLS9d9hE9N2-B7{B0?<Y~1E=fO!jr5C;GAcG2H1sM8Rh!!Chz6A1VYY!
zjZ7{R3QI=ddO1y!w|m(cO5c58UGYnHoZ$UEDmM&a;Le8sso|@(zo2i@O68+<>MyHv
z%6gSL+W3d?HK&zbpV8!!Z8qESZ6!=MU*uhf+jZDq8Vx})I9jnmnbR~nZu&_3sv}(1
za>qG4xbLbXHVAHo(6HE%89t;X+no`*iVYr4eC?j?D}t7pKm}Ggtduf)WT1o{KE+&C
z#dyhX5QzKxy~dC8FG4ddE5ht&pn{Jlk<Dd1e+<ED`e>*G-YzA<n#JpPtv$UYp*R5z
zi;*Z1ItFWc-ieC1Md2kN(_r5dmj7emp+272+;dsS#ezljG-@EQHn^w1ucIsJ#sI8q
z;Vt5wHv477x4iox7btFzEe~5)@<={FxgD+-9QK;o{k1&WfIFvD4nCc_`@>b3f;BIn
zG+-P4AQGL}RXvwXtUur;4M#51X4(1l+i)6u1TC_OGvfzaD@xqei58lHAJ*>6vY8!&
z!qy>taY@Rm`TnNns)ssnvQMk4n@`r`0TTIUP}y3~x>mFNg9Cy|{GO9RE64n-jw*oQ
z@c$8(h+zm5x45g1f$UJr#yXU3Z)n>odAn_pHq=y}e){~gD#G%}Zky2rA9X&01h*UN
z4$W1>JaGER52Knqa>ZZZo7brZ6ZDcOSH@b}4OtAQD*E+;mKtTB3tjyR#{I0V^Fcgl
zv{Gvec$E8esNB(ehyu;$Wjt%X#|14b^yvbCbU~}_Tjy~l160zc4BU7&Tif&HZBzd-
zf22+Gw()G7<p1tTo2n+}0RLjZo4>W1e*OBXZ3V68WFRB_0HYzLV)OL}K$2Q*3tXA?
z^S{?f&Tokz1sK|g&Fp@Obn+)TS|n3{9N>Mo$bp7goi<etfv8eTUz;%f^-QA4;37Lc
z1S<m>qHZza9oafBoa|mB;*@XN+uqb?6&LYH+@!w)*(@&HPpU4#Mg>x2=mO2B$*kG-
zCcJ<nxnab(u0kA??(3Un#t)c&T*Jzuu1iT(JTz-ql871lI=~_0N?i<=no>gTSeqfD
zM1Krv8z*Iubs0JwPBw{PtW079AC_9kjN_h}(FR?3&!$;Y4C;+&;alOqKz>w#rmeN+
z=`-QZ{akI|u~cYJPgXo_o7gO6!jbOr@JL@#>fnCboWxUo+EMQlNqLE-E{ArbQBP?W
zYB5an*OA@r<ow2@s~U8pURkJCJSGw<_xTCadMInXEPUkCeD5Mh{yL-;OJ75F*N)lf
z-J@vE!2GWHtzeUGwy3%Hr~ozAq^Ur?t1USD%!!6Q1!_afXL0|&4m7Rv{iQm7=x?a@
zQFhEoj*>2Q8B$L5vXP*4R&%u<ymYIRTE5jF-aRb)I2z|*gZNi{a}amfFFB((pn2P^
zT6GRkT3|o!kk7h?E<Jcen;&>G^k0rEbf!MM&eX7RvqcV4X%M3;^PBR^tMg9&#(I33
zg37gw;bOe`q)QqYnG~!?=!G9G?3>H13VZCXOC`KKNDg7N(Jm$Y4+59VqH<q#RJ0xL
zUlV5JiRLsdBiqAh6x^ucJ5@l{5kvbO6etn@ikADh4-aX_+F)YV_T8zco3Rvl5v^?F
zmZ-yY4~X@*-8b_wl0MiveU&a6=!Eb&T$Q+sVq1moCgygUAp(e_Yr5!Oq%SEmqr!A=
z*~4m)DUx>Ipr>;E5sLqGsh=}@G#%ho9>&#EfM68q!IP>P*Pf%pY3qB%Fxl#xqcdxa
zsyPq6`tNR=*%^z;IlMF}3`EEQzVqa8D1bOyYFN3YT$Lp7rF1L@b7)23av#e&b*=Eo
z+9t6x^H<S*edq@#IqxvKFdVljBkx8{d+H$!=@IJ}amlNfnyd@)?>`4rASK=%5b|JD
z^NeEoC*&%mRp{H*NNsa*VEJSl4|TOLjcE$F6HBB$DW!mMA@f(GSqSzL-agn|+=%;t
zefs1lKT<VhYS}@E%JF$9+?^u!5EGxXbT@9cY`H%g1*wSpNxF?@CnYvhV=^epOv}>j
zBQ;WmPfk4|>5RK&f$7F_R5#D0v?i}&u`Yb*b}=XaQ+a`w{mt~2454mVx!&S|$Jl4h
z`cZPL8n_aLhisEsFr~6-T%Ia|B-!r*m9pCQxLtiI#l3DXM!Y}_ZD<^6!i?0PkubtU
zEWS;>QPS;vl2}W*jEDq*8mady>|Zfqr0A{afU@O2W-W)9={BVfZaAH_Fm3b?hoU&N
zl+T1wY%O+Mg*D*-|GcK6reg89#dQPF(o?8DBJb-C!sYXzA!vy89Gl?!8fzJ3;Qd2z
zQKHH84Z?`CaX<Jy14zC)YtzzxZ>wGsRYoa;P;~irtT;aN1=gS2A`M3q+x*qjP60B{
zpW0jUs3BR-#O#Ubt5&&GRJ|zHd$#;MH67b>Puy$-hSEQUmXIRd0O4516O6Czl?^k(
zi!xm$)b>0Ac#<U+r2Udxi$xu_PxIGSC#9rHzcMxpGGcOy2$DX}o-G<nUxVB}y5~zR
z$zz2y{kiql9woz&lf>m=|5#cN0-q%_mL!+aQ_@^n%Hm4TX-wC$ASj0qSFUaAD;^EM
zY1}EK;15wP8p^`WVI|!Z>Ys{;@TI}&n9|&a$`|GhoK8_mZSEDuuy7<>zD7`)Sv!bY
z7l&mzS5=i)=a!O{pd{iN9w|za)1JSf){}&i$e$!sqrWD*J{K<<Nx}TwYwIN$VU*0K
zQ#0f%EUY-kL{>A5Cef$Qed`+Y#~WHPjC+Bzr&td&pLT;fT{8hCk^&0v7cciR(urvy
zK4|Jo3(=B@wvK(K@_`JhR9w1I`Lw0H{)ra5ig(K<!uE$hOd*h4BFEewIu8crB52=u
zbjd2mw6LUGQoXbIO&J(DPhYZUNPqR&3Uxo-l0b4sMN`&ZBY4R#=CV$7r2%xI7TwVc
z*-ZvB(4Q&8b<0jC?O|wXBV+Zw!@iBp03SKgEKHJ*$Hs#tF%z4-zd(jXD%BYtvJmv%
zdax>G;)@%Iv9R=8Lm$@vHR`a)XBK<q+W`A}l}(mBtHCFdz49qT#v*QGb)>UhZbNEu
zynS!vw<Pw?ebNqeubk)1;OOq|tI$8)XJ0P3)>I$#oiMcPoo*H&5i!TkNWSF<fdO4^
z!`E5^7tFU>Gz{HlgZrTr|3Q8To|IuUUxdD{L-mJlFrU|B?8v+CzoQ#Xy6l!a=`IQ(
z$#Nq`3jR&`5h8cH4q`UfMYJL6Ov|v&wAX{(4{TQUo0-MAuLnnNBQB)nuFYEh7L0Ul
zH}+lI|20~Fw|WDJ)N-H5E|zp)3IJduyXzOh1(_G2Q5W6hp(p1TYL{CB!RYfe%RsZx
z7Gqz)fVN+8!Zxm!kAq^JLrM%O!ISFUCHp$~mEdA%5(*Pedx@<`HS5o`eP=NWAD&y=
z%Hh{^k~Ew^hpxAT^$7jw#%Uc9m+T4!Ej8vzI;=L9$P?2!<i?-Cls@}J8!qiHwtnbt
zx(`AR>J$%*z~ma?;K!S%2G0KI;4~lyPp<$fMn|Oz3!eTCvxc*e0}tuy2IX9yY<@}~
zfVbKo=F)DF$>e&T{UQLr=q!*j50j0`IV*}&>4MhShUDwo7tew8dKFRv_Hq5w5M+~r
zu4*6kDidw%GSmr^v?xUj>X7Qh_i}pYMQdWAS>GM1OMyaq7&EgK$c8vDO~||xn^xu#
zREbTII%z-y^r=U~+@8Ofo)7RF7o-l2k(9F;ekJftJ4Ze@;%*zB|L5~w)XT|8N|z0A
zqee($h-%xUy%N-W?2zKbDax&Z&hj3|jPfUY{uWOfFGOZWloYg#(g}>RJti=Q+QRso
zuz3D#mAq`oT4)GEQ0tA7_av(&Js&U<)6s`k7)z)d?6ggodh~)@;Cq-uIKo$brp9R6
zOJgMQYnXmo%8k10vAN~iJ$DHl;4b1bFVuPomdqAZUINa<REQ^p2GGQEMW|Sy)QFV+
zn#>l)C;!h&r$U#%PWkj&$JS=`$*VAs%=sCg4Ooj0;}lR6VYgB!8f&kelnRvDzQM~$
zs7`zuKA8hE$t(S*A(}-Z3QR=bJY2{=D<t5RfLqj@8W{m<?W`=m=!PtD0={zhV^UBG
zGbx&XCd$KT=Nw(;-2Ae5?=gaamkXkX3!kB%rtLEC(bsrvpCmv@cMyS5q1?!D$uj9c
z$tbPk#ggc!uVDbkYH|}!pkO80$W~w(yLVg3_l(fvEosbWhvHKCCskN+A#8i}Hq4K@
z)5#vCahF3=7KtFK+7S5DPkMSp3-{Qmm3Slz-+aiyxQ)LzSo}!wK8rCVNSm7#WAqtD
z05{e|d}N(ARs#!W7=Ghp`Bg81n0l=IqNlIoaTZgbeHY-yyyy2(m+ZTKdSHqVOXRZO
zn}fBJUuI_1qy3Atl@R}mw@O%_GL@r<skUOP&2x0_Uz_V`^GWh>Gar(QDm?%7MM+1V
zd`3|&C4=P`1{grIR)2h6Dd=Q<$y#OCs6+Er*Z85{jJ5m}3#7N2O8Jc`y~kQ?p~e)M
zJm0jyNIdkP2YKA*Fy1e{bY`3pRL=_u@<Q-|r<!(Aud$GDexyWR$V2Q{pVFEZ;=F#Q
z=m29X)Hlld3WfY|sCx397~-HW+BM7nGoD?6!J11?c|c@T$#^zec=~nTvx?8K6i>!N
zD&xj#ckH1otU_h)j;9Ygf+W~XzV~DPrkOGD?!ch-QFiiM5tNoFZTP&JkOd5&2GJ~X
zlkp;^v>6FmR)mR7P})=;(R)d-luw^+K>g~ewX|OUY-HAO@dOYL4V+=-PBGBl*ZgQ$
z8TWZL7G*W8*Z9-f1}=DtWEcNkmna5EQncV>#m3GKHNn_$FT3U@8UD;q<ZV{5Z2TuW
zqIHRw+}du8Mn188lf$A+5Nu3GI>ldRP}XGD7VfO(Xg)l8?B{bm%xaM@_vrVV7;_tA
zw7nMk&w7HMzWiz4bS#AYAm5<n>kQ2zDJk4<Zn|LDc!aP^Z#!JWj`oerROfEn5o@ot
zyczgXnb307(71<U?WyY!Hl<qz%kZ!N*t-+9T=1EI&-KW}H^zl>@tnX*9iX7BiM*&b
z`8n0xoM7#7sYuK#mI(qfBB?}~25yy;;5%&~e2mreAmSp^V=XU-#VcA?<>u0W9XDjO
zOWNQs3OZ4>8=+qfV~v^`ALQlbYATS?-g`NdqB-&NLGM4qURb89jHwhCct2qE@HKLq
z+W9@#FXzosN6&YMWPIjTJ$1+Jnh`s{&yK<y8m<j^?=m?Y#3T3kw*a02-^%hrgxbgp
z$d{Q~)O;-e@d3gCI$=M<$qesPH?q$(G`#aI&8+}h8$eqoX1N4@a+qCI8v<67S9P0r
z2V^?)QdJ)i-#Mz4m!>3XVv6rfK2lN`y|~_0|MN`yoYCg01{(oGG!O_Kw1+!_@DAWL
z_LgU3YmY!q2jpm)2=PH&2#BgdZ;d7V<W3u1=H%3x|NZ}Oc2)p9vv;d%jmTh-S&97)
zGC80Lw>0O=sr=RK&{d_x$>~Dj_4DfaeZY_kh1Y-xsj=lK`uk<LPpU&b68L=vS%h8L
zIQV8khwC@983kX1sn0@h*iiJO(g%~wWha*ye-hhxr0@K^M6*N2rR@h(aG^~kNd|qM
zp%j>mYdG{QEO?k;ngi-@rVKQ;ATu-`*x9^>ZVooG)+|Gt`TN^=udizbUoiKCP+%2o
z$(&8}P%LEmp}p`2|9>@Xckl~y$V*w0O*z!jAHjh&_iI;%F0c;rRKi*al+zFEEmD}*
zr8~M2_RNQxp<Ib)|3aMp%H6Pb4>ilkMbFKheFz<7yL!KVVzJD;Chd7`YIZcSeL8eq
zw%L8qeX=}ZqqPD45p=dTg<che+KGVU6uMv%n!Z)=)=xsmD0$HeM>loJzDhqDJ+fJL
zAI-@p?_@Ij1STJb7uYm4j`<oTz68TZPqb&GomOf%s+oslAd>w*Mnpjk>$*PC!4?(A
zi?{5WdO^-BN3&JDUx2n5O1CcevAJq4^n?{Ll1T}o>C%NBD>QHg(a>!Sbm;ZfivOt~
zmDVL5T;ig;^jgXG(dwYfJ@fdZS@FB5TXXpPiG~!XRBv>2#+q)$9K&4V*NL028Wsne
zU5ttO8j*_qDEs!jVJjjn?7n)UZL35K6%EZ@bhePdGK#srQ@4RDl+Ru~AlIsxs=p%@
zg_h*{sr*+%eVn8PMMzRUH1xeSxpH0R{bY!gnth7~$nBiNL(*XsapeT-VhuOFk`O-L
za`HxrGCTMp(+^V~#kNl4j%?W#Utp#rVxypF!1GG?#3q$Z6#!u!jRJR!5eFNFszfI`
zw*XC}YyqQRpiI`gbc(jNYtX6UR~@hMcU$w|Q}wf2sZIoysK3@5MlDpf9tlR19z7)g
zL6Y)$MqfhxCEZ*J11&-`c-d)yU1taJ$6XP8=KSAeS7(PX(m8ej#xFMmV2sD&QreOX
z%OFh=$m*D#EJ<#t33#^xv;mL@vVrfm<hqf{ByHjsV{>3V$5U5lkgqWT86f_&hYf(>
zNSRHXb9~(<ce|nfX#I;19oxU5N`uH<bX2AtMfzF>I;j1#)%8^JNH7x@5A2Ev<bF)L
z3GNgovjW8)z{Qz}2aX*kWIZWIPybI9;NkH^BD086q1X}CFf+7xFVQtNhKsF%3oJ0S
zHZ2V`AoZs8GmN?wbribsFAJ{<ZlKJYY`VJ4=Op|>gIHZ-emx6?C#Y0(P@QN};C*t)
zc`w~h)c|Uy(keXT`a{2eS%tlY_AF~`nDf!qXBD2w5CO0~xACRn$@aSza)sJiw1Kiy
ze&EM7=vc%?`!i5^3T&TC#mH4y6++!5gErf(*D1_isa96kWvyG%H~(nV=Ya7a$fJ<C
zii+<kZDEY1lJ@P3yTSKDXCkWgCWRMk&ZiJLu2rIm=&O?)qY?po-<gGinQsTc3k0s1
z8WiJytK_JxE3=xc6$>MFyya2NYGpd{3@w8fy?MO%WyWUu>SIQ}Bt~jEYn*-pG_qr`
zgB)d$7T%ubV=usI^r09ga}lP{O7Yg5&G=FzAMI>u*=haac^x#PW5J#<B&(>Qh_ehi
zT35&VMu%?F9TVtv`Zm5M+O{t54s|`IrY|k!42;T>^d%#)H6%rC;8h2_sP^X(_HB<F
zxO_WZof|h~ci)cND@r-!@8(B!$I7+5#fcSvp|wg8^r)})ZFL0ESZ*qWhCG^U3DT(4
zYp7q)`F=pv;~AM7qe6EU`_~_JU;e$YCq3Fs#u@y$2UtlxrYqAxPG#cF!EM^<Zcinr
zX<lFLclienoTe9Xe73p8LlYM3Y!LR0DQJb9-c|p*maYVy1UjkT)Et+Umw#|{gwb@l
zVV2XjG@Qb|e>YP-#1)@*=YHpP93r}|9q##;ioq!PD5w3Q{Z$Mc3uCL=u3@>=41T)f
z+(;I3wt^9fJGFTa^mYQmm~sf(K10#bq@1gnJSp&gSnKmf$1?7;$Tm1r88tTIhrx*g
zUn~~m5a+}O&Wl7_l-PPZsb`}@4S7Gq6&L5F=X9x+4X)9K+;QrQZM6Pd$<0MR+DmX2
zRmGvz`Sle`u%2+50t$M-MJnY1Lpo<yWbL3V70idH%#>wsG2$Rr+MBNpQPJ)m;#T&$
z6bkL(5T7n~1q9Sqc<5cC*)-2Yt#}}YByLYXc@57dN^B@7H_2SXNjoqRYv_nLJ56)7
z7B8HcTF=t0!BPPq93fQ(Z!IZyiKuehu`KofptqSJ(rTIO67i*3iK=?nI*(KT4f`2P
zH!J%psUxLK;G1au`^4`@Zq|&dYoZ(3&h|%8Nk%L^Qr9d|XvnQ(DC^#T5U;m=8qJ<~
zjkT^1%d^#KM?)dOeu%kJQ4WpZ$tJkgH2ZYWPkPxcNil`S#MTD{rNC|7Jl%))quh+7
zWggPvT;Aa4BtnW>O?Bx|uKr>s7Oc^XF(hY?6!(o1{H(d_4wZ;G%%riex9y^9=pCx=
zsO*YaUVsPUie=b<xDj+L@hQ1fNkn!gvC=5SL@jWZbePmNu{-vVd1$w|GIG%+W50ha
z{otA)iwUOSNe#ysP#`~TV?|pXA0Bdswf`oxL2W0Xt?5-h?UYvcxURs1!e|>>d9^#V
z+OxuF;HPgy{f1&Z$pI$huqQ#`vhNbxjO(f)ly4cLgq&UBtxC05F>L2y?&To_x}-<q
zKWrEC%=^c++TVFKyGIxo7`-q{NZy6bLkd1>v%#}tyn2LREDc%vZYM|byXH)=E{<N1
zzIZwN(X1JNAlXYyr$eLR(8E1(`e^ulr>MR9Uc;2^Dmet@vs0p@xr+DGMWPrcX=9Q$
zPN>jgK8K;wCV=O@RLZKPc^wst8Os$~sW^kp@Ln#zyv5f{zM7kLWaF41ZqYuIDu0bJ
z`uh_;g)~UEYh}f36C))Bo5mnsC6Izm_u4838FA0%^=`c&B~}Xi{FZdXf-sL%DzfFc
zm`9TI@t0G1lymlnM~d!*!94VmLXJUcwos8$&cygg77zC)pW?&9Xh#w%kQ35x&54!X
zFDRDQt6Jk{(*NWOzo)Ee{#`>alU^ZB<l_S#>pkClY$YZ|WuD-pKy<w@?%TCe@!y&u
z6_-vo6x4dCofkDlzol~DRa#Fx7bZs2fG7{qC~-W@JhFwZ!&|wG1%(Gc_T+)-=G@HX
zFgau+x2BdnzJ(`NBu%oSPwe}ZWAt+!{e`aj$rdKa2VG?ix?6|vzQt5#J<(!I@l58!
zcjcAXl^#V8dMZafO48z4M`=om3>0A3&B7f5bHm@k5OykR8%|fnjF^`)dTtFWi*q-)
z*0nX_Xw$ysTzT5}jRrEjAO9M<-IV(KBqls~sNs`u7~DPPnpnp9c)+4!<_^{@IQ<2)
z2L1UcFXIl2E@t7uFR<$ra%T70v4)xb)xQ?wDJM)F$Cj_iv=8cjK3HZROR)#E=Ha3%
zQk-R)WD)i**|6Ai)#AwIRxN9G2if1WB4>J*<ru*s@XA_7rd?z4CiC*HHHBQ>1jZhT
z6xapRa&uI0-Yjwf)+hPb?7|Oa6BL?x&K!5*1`e|llDZqFu1LOxp1wr~z9;HFAsIYy
zJ0xAaMdo$1^hSK48%;d>G76N;JAz5UL5xTDFJBqmh_A~XYF#c|N1eGIZ5{;wl(TQ|
zNer-I6v!AaFx(8WKh@fh4)pWL-QFMQYWlSnN^=n$-g*ATqY>3acPwRWZMiqv@wZ#@
zL{|LWy4lHbhudLF!4Yt(1;V*%*JIO6YC3{WT7%~<LiRzaO3R%jcU0i-(C%RVAV~78
zU#y&OhFcl=nA?kMPUZociA{Uy*M{7h{*njeKs}sV^7}6vC8cH8|JY;9tBBRlRw262
zOX66bRHX=@*C+pj7@8Y2=6?|g8GHm$(lu^dEohQ3j-j-^Y;_Ivw{uF>(*n~PEpTYD
z@OoCyfV{q7RlWt1mLjEB>6i3Plfdos2DADzwC>AGVCxxX$#*Q3EO2Gqng?&oc4V}p
zuTwmQOC@iLFp6;D^QCPp+xd$hiX-uyW`wB>G=IzZIe@bjPXsP88DpB!C<My+r$i^W
zX|$0+NtyUN&g4THvk78G<DMyl_Yz_zVF}etWr)VgBquscBJ3zf1J8N3$Oyh_Mj|6z
zCCkIF61D(_h_i!DE;=j9&pJSwbKj?bIsI-`%mR#x*++Uj_5!M&Z-x56jocH#2-m4F
z8g;E7hnE7ePQp8J5P7lx>MI2>&4C>xKnawhR(dCQ)4Vg{{DErvEZX()22e~>EMR3+
zE*0TXP!?O!9x~PN4kDBriRA_g)qzo&3ENT6SeMV${~HLoSmWD&o(6Y_*uV`1v+@~n
zl5nMI*0qwY_~CxcwOq2#%EVg7PxF5<hH96XBuTHP8MB0`zj$k)N#tJ!c+R}MYX?{v
z`#!-#X%74PSY0c=s%QW!*|~U+Q7xX~-!lVMpA|hvVR<2GzZn|MUtj65&FxvtM-oV5
zq^A+K;W9JSO3H^BjzQYWg3==b4fek_vMc5XV~;awv|*0%<!w<C4tdU%BT@1^JY?7W
zS1eHqGeFNXeUC;-0cxd)YlSOOUT*q)tdiaP-p6!8=+skDe0@SZN5?RX?>N|Ygq2Cy
zw77btbwplztcUuTil<MFKN@4Z=y=l&Vq>s$KErv2WsIq+O}929FES2NH~o8Ih_w;i
zLQi>5?JyqGbjTFshc@A<&(nL@qHm30hN1=}J}m9OI7va%s-_svCDW?>bITuP0|gI7
z2a)b)l~@QJqmwqa7N1TX>iU15X6_Xg7h>;z;ZW*VG`}XT<WPA!P8KZFk=d(ohW1v}
zVUcl;{q$k0k~fs~R|LTrwrX;?o;C*SI5(!FlLmeo4MAyz@4A-~vG5z6YIzikDh+;|
z$so;V9({E~Qo;{CQ)#?@5%W04l~9P22^(lMA!c4^vqUhy(KS5`GC9-FYIl`<4p!oE
zwIuXKYX)5Wik*V%rC{;Z`wG;fNh8(!ek<mOS8Ps3DMm8-Fw;I7E|xn5G~rXuV6Nio
z`6b$3%0cyFgW~}Pp1Y=%Y`zZ_kSe<enTbQH#F~U+JE!s-tdj7i$BLa`%&HF_RX8b7
zC^)f$ij*WouiznQZIKImVp|jel;hKv7<BJ~J7=yZ9YRD5%sJt;@z1N9qlp!M#8Wp%
zOSBi8EJ@_rex$w&(A;~E8BikD9L=BPA^<LD5qV{C4@{Qrh7+z7JC#b=Mt>y$bt@W3
zD3hMb)2P-HFegUT3^msSz=zRi4V!M?o5-7%)W(E3o_;@iRz7;0fc~(#nI+D}TRU@^
zP$4%g;Yn8Vhd|p>xHq+-hI{|!LK^+h$+PyuLkYMHr@`G${G<<SpL$pbFO@BrgpYp7
z&gk0k(#&^Z{`6hN@w55U)dq=F#vp39l9%m=&bjVf+>my<mv{ObL2*JzQ&pamMP6R2
zFh;rUzq_nQu1EjI4<58PeL$0#DGQ+;2eG<n`9BxucPL6I!ZT_AXG3F(dmlxQ1b{Be
z1EVp-D_^T;mp&(fgTTEylT5H<<qprEf|gezyi$}IWX{_q9upX>12Z%~i?;0+;4OQ<
z=YnV@2cxT~fDk7TA~lWl2g_N2>(r}TkBKq^nav&8h=Zi|Ddiwj48Z<Zdu{AWD<CU*
zd08M9P9S}UHS#`3%NEMtWZg+{=I61vUW);HbRrM{wd38s5dYuKmYZ8k1oX~l>^E3q
zZyO1*qvpL!$oz7`-Mgz|E&QgvOc)cLy<6uxbk5kd<4OU(o?i)5jbGU*^g$8_bk7ov
zX7al3i_WT)5Y^1d85jUiBSY)r<%Sav#5kYJPh+cpjoZzxPbCkBe-r}L==|^{=#3pF
zFUncmr$^SDA8c4HD+7(rQoGgRXbVou2=L(m2en3AP!#p&MbC~8Yo~{S(s_d^2<zFc
z&iv)$3)fV!Udi9@WX+BjQiuY4gR=(L&nD0tzV37L_FTTul>QpsyzS6-e(zn0t4mpx
zjnIST%cDOwhp4Ltlz9J5w==QQX@H;#bIjKE>EzO{#pC14{lDFrpg)ZtN9S^Te-768
z28u*WN`@GHF-$oYxki5W?B<dwIeC=>4mjk-LxtcAXxS@IA|Ojf-h8>0R+0T}am3tv
z{O4?)@ggWWsB?eiDrNjAFmZT!w42?m`F;U;r|!UJ-L~xYMzHPNS@flqqlZ-M_606~
z%IxOx0}y1H2P^6g75u6B@&C9u;b_EC&FdSA`(|J|b&`uVtE6!&Ht+ZCMueJR2#?hw
z6wPTI*N~G5m1?+|@XJU@%kwK`n(Q*K<H)e!D`on5v~|<-ayQ0nFeuWv!jO2!w~mC|
zL6@Rk#g~PaW?=hFm-t}4>wc;qW_B>*YRqiof;O_UrNI4m<M^=H8cht&Cg&?=qzV`1
zP$>~sNQQpfg~W~5rSVpaaxI|-tO&L*xAFg^n0;BC)Ue{?7NLtVKf2pm%j`7&gV<Lf
z$M4Jhygw$@BNY0As{dfZbOn$7rwY%Sk47^B!}m{sgofr=?ujMy*BlupGtIHQ<Cvc%
z(SP4~ND2EU8~Yqir?I~=2K^?Rql`32@&eYdndXGQTcWiZ-`;@RW2rJWO%5SAmX1Zm
z?-Ue1BJa3LuNlXKA9h4|f*OFd&H$m#+^A<qm(sDQ00Mk#C{ikYkd&^*?~TpfZRY>X
zI18uE&<Ar>9+SR|tQ(Q4rIo<XoNu~;@fH@%hEX1j*@CDsc0Gg5+Zb?P^1~QgB~fnF
zOuvOzcpC2nIe~pn?lvKn5F)v!0Did3u8@vDyn0bM<3#sM8l7w-KF#|BG_6jmUEOGC
zBQEgZMxwKIqYcp(t0{I5>-mCBobDTq*93mJaD|d2Q;>WFc^CkJ>>cdsbVhe-{#Rhi
zGRBm0e3f38v)PUkqD|in+cO(7{GGEEJRy?m&J@O0-I&u~<A0QqY#gE3<6xg!12sEY
z%wMswIqr3Y8jS`@lZ41aHWFq>HGc6mhs-&5DmG|HePhqxZW+qWuKPH%uWvjk(#j&`
zD-&e!$?o`{`)CkpkF3g%6SlAV9}r37+x*W~<eQ3&%?@CmUeP(^kG+isL>B+~1RF*4
z<dE8$jOA?k#yw25yy=ZfcC0(-Mbp`we;wu+t)I4k3m^3r+2g$ba#V*eGqE|>cgwum
z_I0vZFk|#z!Uoua+v)R317h^Y4XjAa3EoF^b(5%#mE4%XUH4{o@#Kaqv?WTmIviGA
zxe1eWwZXCrR-7N`rAtd}HX>CIV;U+dZu5pudaYp(lV0<Wo1a<_2rmv<&wc-zu=wys
zja}-)cE@@~BMAfl8oa<jWRYD^YbKGd%}K^+)O{mR^OahX7JIJ~xoY;2jaqEQlu(Co
zt+=LfKL$~8J(qx_kz~45`MtueA0PG;|0%S8@Wn4=WjFJC4&+ZKZt9AqOg1*ITQ}d-
zVpgg|2I&R^#RKrA&EWd}9+?F|lr3p5AV{z-9<{6tUmmiAQusaLNB~Y8VTtgB@Qg_T
z{HS%hs|!-vh8|Wk^}%1@D1WV|JqJ@CvH4H~oosy5B>mj#ryZCzGd52dWAiGgWI`fE
zE#lPH`>&#K1$vPb<k{_X3>UU(5V2SNywf|wi(J4>&H&eIvL+fE%_j|co@Ynr${6D(
z8m$vI;K+2sm{654J1f^RoZM`ay8Vr7k#uu>A!$bI>x5}%(`Rp`ofyAdsi!lKBpR~*
z9oJMA7-(+!ZMcsV>gmQ;%?gW8`dWF!RS>KhQ}ACWekIbSDB%iZ3k)*ZTbrQ3>P)TR
z2zk#=6Du<;r@cZ!-z6rz#L-Gv5#$#cDvgzHul1YUBQ|(ecQ+6R_EI$x8HRrdGsFQ;
z{3IIdYqO+6(anGx5`h@zONW{3GJB>%5*5rk^#v)eJ{L<V^T!Fk%zhWagjD8O;aD`v
z19G7CWUU2yvC8VTf+d&QAPBvrh9I`=ZeRGWuVv~^!6F{hc{=vj`l{~?b6;V5!h3pq
z?*pUx=U3<-^HNlC1rlzo?tkRzq`3;GO$-*t*gA<(4s9idOJKU%LIaqW*0w1kGu-#`
zD6hibt|$1tp8-GWBE#Clyn*<}DY=#&TcmqFcDV(Q%swVA2d3@v2iEToP{9&mkBQ^X
zzF(!^R=?8a?j${0;cCnYA6C}{_7UtvMFU%k;!uyY#A7@PL!i#=mEGybnpZZ%SE#sI
z=^~!yvHCt5<VqtE!G{&Cw+{fCN9fZ%Ju@AY$B-)PW)ds)A2W2bl1i-MOOHfmk9lHt
zh<W(K9rEVs+kLFmqkajT?04S8(G0zVuEJRAVEUz8W<p|JLegLOz5`iJVu5!Uv<X*?
zb$Bh#FJx8|HN-S`m_Le_Nt~48orsZu^;)=;N&70*w4E_f=@W6{c6Z~unI`;3bsX=2
zkngURG77ku>3d8d*@SYgW2zp1ti40xuHH2#M<VL|BxHIr(3xfuq8#?k@n7FnBGg)J
z4&&v{`_c#7jP)J~WE>;e7F<h+#&=Zu_7s9%z3nQmKk0p3gLOtL+92L|d1+SN3_1uV
zy|Bw+of1ZiOLXP1`V}n^NsLFmQR}~5iAy5En9@?(twJNu(#FT~x%0GIUOaoV&PMbN
z;y)T8fajHL=B-c(YZJz9#=-9&^uecEx0&hC?Pg)_FMXF-h{P6=kDA^ONAfejOi0Wd
z3yWV&bH9q3r;qymvj3`c?E4Enp{qnwMJTa9eaee?THlSEfpTlc`bN_JtE99T?s`_F
zXnRrQC^)NFBTRU2rDulgfk8ueG+eg#sFZam^@x(bjhfR~OxV2Wg&DE&gCHs>{&2Pz
zqjt~xzq$sB@D<Ex?DWbZYlY*ohlGq0R5aTCc<1LuvA~u$vQxx@WuVPyi{0`<kIq-h
zFozILE|Ezod0&saV)22}V}-QOlt#Tn+SBY$IqL9cJPH-@A(0b$Mia&qG!Im3C26ug
zaPp|~t5dSvqa)9DB!5~^q4b?GFZv628)4;^;|P5u_eWZR?AgMhX?<v*pl?~EaCT>8
zi}Avz>AIT1K<iUn^@@bKt0k&8&>wKwRhAvmO2B5yg4QSEMI{TDSkm5#5|!!mdFLxJ
zAU<#&7SjAN247z-c5Ay^g3T|1E5YT_)~~ws`SNZy__&Q;X}{XmQOy|6W${^}l8rHK
z{lq;-b~AR$U0aPQZDaC#pAw|s4ldh}*wF}#%q=sEeoh&3T`_u*<uU7TE_7XEY&S3h
z96+)!fM{T=`9m`W?(;#zhQYsl0Y0H}X?710NpzYiZX_Q<G7siJPG(flfHR9~r|#_E
z(Vy!@bihsb1+}rw5vE$p%Rd3zBkRFS%Wk&{?O7~06Z<iCX8wM*mol<)T+AiAw<6cg
zOMyhatq164nXbQ@A<NQr&_Sw%wMjR{zkYrfcAmNZlMAAE^kunw3mm#E(7Iktp@P3s
zqqB*=;YP9`tTjy!uK$CK-KJiL=DQsK>;6K2<GXgZQy)UJl;{Bt(5`)qY}9Sr4~6L<
za_1WeuiS?Hl%eY{JH)SUW8Q_@bKfwphmOhZhn|oNoiV@dBk_12+K7@n24`<K4kqi{
zU&gPOcjXF>Lpw*`H2ll|Vgc6RyOvw~j{-v$7po)DE@Y{}3IcyO<m5*4jxXWwL)}U?
z0=tjlj6SJ$vlhv+<`Nf8PFtWFb%=aLmiRt(67kD;!#iJP5-s<JPuY)@P-k|Vb35&C
z@Z^enMzTyB{hJ?fuiPaPk8`fkAB>JxGDN_~ye2&OGwWdtj?TvNwH4|gCXy=i!-E$`
zuq>90gvTP!UnkRDS^Qvofg9g&uwKxFILGk-lcresY~_<x`P<F?#^i=~zy=K_1h=zB
zwf&1FZELxbv^^)S)lC&uq?<4(PTyD#m~yPCvl&V^DLCv%=9MCF;R_f^<78%k=jmCi
z?Hg4pqwDe)NWJtyRHf*2X$P2avRoem70&OV{5CjHzAUp)nR{Nzrz_!qX5!hGa~+^G
zw{+2KAQnpUfgKXhVmjhXJHjmwF*mfA)2piUy45eZfh{K>t~)}sdb>G6OVJ!AQ;F;O
zGD%azz6m?!JE$~Gy83HyPj9?;!7F%34K#}mdU(wBqLLz6zmL;*z_AIl04|w#@|b;d
zagt+j)25BN<zX*2yZQS=XZ7Ug28{(xJ&{i<1%Q$HaMP7Xl$Q$+bE_6aQb-&Kf%qoO
zW6_@nV4hgk-W+UW<4MSh1#(gOlR`{IpNs^s*0>XcpRsS+WEoJOHC!`+q1nO(b~cCT
zhTlo3Bqy1o(IFmzQi-hWdrkH3kmm{I?hevZ01QdAe!&K<rqc)~TfmeCY1R@RWzpX}
z2X_?b!CVL!5T+LQy=l$f#hMOEQDPPvrP)B*>~NvtJwo+HOo1{t6nKD78F|2rS7YJy
zH-Qp)FudN6Nr{-2xU^5RK}-)R#7{p-pkpn00Wvb}B;_N7?+8^iRVx+}lAMcopjn^4
zPqTFUD#j-wzD`j=FwVIls*h=&=2|FKV)8RkByyKX7e?oTnv<@d(lZP)-3J5&3N)1W
zu*LTk$->z6^w?G*PJ!hme#LB$20BPt?$u*=W9bowWPEz|GHr|s^Ap0ER6r@z3sWGx
zNFJwEpWt3ROWJGhiZmul4s04xF$3P6bvmr;9GV(w@7fj7==j>Hd^rv!G0sLC<!rgV
zy+XRvfJ`NS&!NhMy<j;TCF1)q`X|LL|3UWV_J-nd8@tMBBh4JWr^w4ONyNY)SU-kl
zus%;bnF?6Z0&(Aw@C=-S+j3?7$kueHUL6Hmo)R<p3>DQ;4W@(gk2aSIZ<RmL#5dsS
zXZGV+of=Q^JK%HiOl2z9x%-DiRG83OBQDYt_tr>+U)wzY-v9LG$qy$OZO&p^o`bb%
z3x0h|&QDQpLGZt10lMa>|H8q#w+2<|1fz42#t>Hye2kT4=k1Z_07K4e1Jw=FC@!Uj
zZBa_)BRfM1Q`%^crx;*8i_tsnul@(qJ_eKByYf=+C^!4_k%yq{R7gqrSDD|9^gMD#
zud({6i!dl6&EJ<H8CG_2WAw0h5CTqRSEHV;$}+p2JQ8fXUm8%H?4K6gIZG01qHK7w
z1e}f0GJWyZPNlSUTxuFGoERA>h%UXroYn>dt1gf5l7zL>i)XMWa|5))MIraV)v|Cu
zf1(4f9qc;43pSHIAzYQG2o3NE@jO)-4Rp=j`!Vq`8ntK7{=^YWOc{9pa&vq2vF~xk
z3-5*bA=^Q9?yR<h6~eH7dE)vu0CW-{V`|-0GI8eaJ!k0moMb?M)2)7w<42Vk=Oth{
zxxp+CNZ_SbZNQ-d|K{XQSp}5HT9Io<u|F>Pe#l4x8?34w3$eO{Q`hX=c!H)VX9CaZ
zp^G)$L5V)_;_PztWS8)v@+S>uhbLLKXj_cB4z=vd>}~YF=0B;f>6DVf;~uHSnz1ea
z7Z_YDEQflHV>gpx@T-|n728)QF>|~OxMl`DzToh}I~h!ET1N|p?ZC`dUjFwr5(Ykl
z4Pcfb^u-%mh<TU;%1>uk<@Xnwy3_%{p>=6F>~C??^XL0@*B*jp$rR&c@dJzU?5G%R
zD<7{uxPH@_RMM-M1CVC{Hs`p@`wyh=EW~^BzlBt0?o>2Wb#<|$UtiV`CV{c@b#Sk>
zD&9uAd0BwgXb#MAC_WB}N8G87fBV(&$?yUgQ)O>=Q}?aN6Qp8F+#Db)<p0~>0`}q@
zhDGby4d5WA6fk|YX#L9waI08Je*temnoM1G*r)66*i!9zgjV@8gg40eSZ1-tHWNEh
z0i*NRpP#($@D4+u<+z>NU0kNQmJcHU5F4OYUckjN1#?@?U{L-w<)>LeFqf5AV6TuG
zPc<>S5g6ROF1$#VQg%V!dUB$=KbYLHoN<jl?>^s=y9)JhY;GYuOpG>mI$hg0lQz4~
zpQ`wkGIKFG61pt6{$R*9W;M8UyKQj*7iHtJy8SSqB}Ak^@Yw8CrwG_E7!O?v-Msw|
zLOl7pGp6Be`S9#K83b5ng*&_C2K>%%#BOH=hqh&E<am#|fv1@D2wjhUa24no=#_)A
zfqTx<G^fOS<R`x3?D)`~iR2R=4&Tw=r#niPDoBN;4b?UvPfhkZkqy@gIhWlFvFCp^
zG$)LKKRHaE_2y;vY+XUusK<n2Z9Pop_wAqdZkHNAPQf6Xt9)d5zpP(Fs=61BW(5Ez
zLo}1@%bZynnyY9$Qetgrs^6nH<W*Rc)?WGBzE<=^fRb6?sfOl&X<k=4zLiN>p5`Ib
zSn`V(wqfqO)2Lx2-Gm<B>hxY`Uwf9;JmXI-(SS0qt8L8l_FpfJg-|UhpN5tSR*R_3
za^GYPt!W+xrTkADWnQ`Mbsc4T2W4WTEe-mE2%&>WKS*!8)<{K+`;n~I-s>msnq^=x
zY1vrXqBh$H=wsKaU(b6L84~v_N`>LBLX`xm4q`kT>#gA>c?7CCwyi9r_a4;HS49_%
zhY9o#G`{Vtx9`B!_ZVHPj&ZT)Ke3D}nQt;A2Tos>07)94&LLj6@sRY{;9e^;GRal*
zPDIyTwrhFIe|$V8LN^OvL?MMO_ST%_0_IXr5$F0N)+XENSY~G|++qz?+iH7V{*_lA
zM^3MbtxbBDWKK_qf#JYR-Rug8R!72KWhEHpY-ioFU?px0a*`S8Cm2ihkqYBPN)X-<
zhydU4;Me~kby0fnvP`Uh$&7>jRgZQD1$br!9Z0tX;<Harb9|c>0Uj6H3G)_;c`Ib5
z*&$qVO_+pO!-|9Wz77b=bWUgns(5B3G^o}i!EG#Fw=mYfV-_uCY!;Uq#umbOv#jJ1
z!`^1vPIA_aVO!ppWjY=%(K-U9^c(}S8&9ciu|Yyp8a(ntepaKc_0~2xmoPI8Q4de%
zq^Iu>VHAo}9oM?*377!GcdiAq;qgDI8}hd#$u(7)9_kJ9p^ZeJb~WoKFru54v0CV-
z{uu~uXQAyl@Nsh~f?ulep(j09gvdG7ihsC(u#L5CoGmQV5_Q=%=PAoptPe)aw{DFJ
zR5=69jm)cET_^2KOylb&GqR+jtl=XLbc4Mv35*j*{zo`ri7vX&sO&}tOryFaqA8{C
z$>G4n6W%XlF{`%A>?^@UC#8FXHrAg>;CLr`P72{6GhRLpP_3_faziJz>@l2J`Io1D
zyR|ctG42%in4Vwd$u?TvLog(LUt`U-{deqe7~U?dQsG^ViZpt7K#h4+;0cayspMws
zyk(0heW-qEK&@}=Dc(OQUc3n4K4%*~8!)O$w+e}UJpbD|_UwnR1!?436ksyldhe@v
zPc<t&CDQpA(`M8fL!DC5bfAr!1XD5f%H_DM_r=c_`SRFfvyYA;@4duOI%gdv`Ma51
zn<L*fUk@Kd36GN!Lv{hkL|{xrYAqTBK=b#pB4^FCXbrdoBqmJ5dl3WA%&uq7)cS#R
zJaFe9C%K`<sSRo~4l`mCoNgDifY%k4bR(0{%4(wm@1ZL5B*{|Rm>_G*2d^38^3N;-
zDhhuUSG@yDn~jhn${2#7&1r_W6)z1w+8hyv3$G5j8^8W>T%C7)jD;5+>{#+nkKs4X
z0V0OHVn%kC1&!%N{K*)qe2h5Z=tN}xm{gH&9xk%_tDmcYB4+=o@Iuc?3}kD7LggIC
z+wXi6?52I;uB`G??M3E4aIBk_UH2p-3)XwvAzPhyP+v`9WSZHUxY>a%$#Fd+$fSjW
zr{dl7X7gBM_R`QLTdQGgQ6_2QK&wep#^~MtmECe<``XDC>b2d@XGCCNu5j3Qw6?6{
zF=f>4lG{09gC^xcnd{~A*<TF~pOB=8nGBTSJlL?IO&4B&6r(qa+<cpgUpGWLObqfh
z9=@Y=cJ8kcx&VS?3t;fe>u_NS26xVnVKsCV2e(8bH`E|vVpc2;6|;1KojtU~W$X7E
zqU^6~c1CHdo-ol}eF`5X_ZH#V^Tz8$Vok-BSYx=8g&=iM=s46Mfur<H|1JsY@8RL(
zgRfqQeGF9S{CTq6<Nn&wP(Qr>mWMlZuk><Za>ye?X*?C>w#gZiP8Ofda3X|4*`ZvA
zj|Wel;Z<UNTC}23DVN^uwoeRk;!wTPgLQTdqvPTjqfpPz#Iq#k<WDr!Hdh@VX5u8B
zfDlYCFs~1bu<T_G9qExB*4aR_21jNAO8Az&naAl^d#5bWo%z#A_0%QXFomGU`^czc
zUk!`8jFyef1v~_C;S#O<pdiJ)PA!z_v>DTb=-mVf+N%ha5>A@7`iE=p-CU(Fzd-*e
zR4bq~?cC`cW_4-`8ns$MD~V#!5)?~+gp>!*J|o87tPsfVBmtkgL%$mJ=jlArno(&*
z#`Hvo*}ms{A}li@k0wQ15m@;(pvMw@3SR!xcrrN?+O{}+Oq;7@#Rmk)aM?m(@D{lE
z){pHc)9v>@XF}J3=UiIz-AI(Avl=y(hG5EBjIUqZB~SnLTVdhg2|t*``hp5vC%_Tx
zLBGdik8zqxd(wA=A}Ri?V51QSY|j^#OiLg0xjRE&qjTkc+!6>V$!<$ws!5M=eq3b<
z9@ze&<n2IE`kd)H+)h`s4)@mBX7O|8d^k<DR(nP#^rODwe!2LNJ4W_ajwap``z}`t
z`^)D<=N}%G>2`!I2~--Fi<^1g=qTmtqBgMbT!o_Xd|GlsYKkNZJb9b-pv0@VW_x~|
zHOzsJI%j@jz2~2OfC-H0syuvazDv1sUQpQ;)|!g&@yG}*j-RBc_vEFG5~aq23`MMH
z+L;(Cpy9`$Tq~{NT6CqxdEAG3J)z?+8E>&kLArIVjX?G1JQLsw(J&!O?b%Kk7Szh2
zEpUJQAeX|hV)1d7zqq#U+dWYQx}#9dMjJD!NYcOG08GkPaxIGSlBjfC^M%2lJ4E>6
z#s^Ik*7Gs{A4lgM5B2}RaVw*2$>{8vJrX)IBV|M=Tbxa@&&V$G?3|GmWgbE{A>+<Y
zHfL{fA|vzrd;9&xgU@~LJb1Xf*XQ+mK6}-)s=LlAUVRimCGV$=1}De7`}xj*?_a0|
zKgVD{_B0<8&dxnU4Gq;(P8oYjs?mL<gd_i@4KtuzBztwNr-!4ad^9$e{|N(mB_p06
zL*8`rL!O7*TF&=dGF8w7O{Xt$?W+*K8-TZAa$t37*z<*QNjUI@%bNslXn6B;`#fXx
z6P4zq2L$EGF#SYn38v$k9I`karFo3T1VA*Wki*l(*YGs~d~d!B$(MFR++NJpcE+><
zQJ|lJ+)v8(bJKG2V~4+E2=&tfwVVX^l;&Rq7TgCQ2ys)p#oUk&1FA0H^YXrwJHmpp
zf^BS4al7YpBV3&5{^YdSHmW38-NNdLyGy)H?d{D&x6=gm;q~f{YF^hdL5A4L&h?<w
zT`&XB#nQ|Xzl3)0?q5B+9zJm+Z^W70%w}C+7@Dk^y@Ipb-{Y!p$Pt7zw7v~`%=#<{
zy>UQJshm9(`H+e}b|tp})h{oiFuA0-Lp2b@<@M%DaPG~HYnb9W>$(!_t7JKF(eTZ$
zma8|R%YV=OWZXB-SB@=#|7wfj%5--K8k`JO_z!P(bun&-SoW}=E%OQNFI(bO>^}=f
zf6bM)nh8b2e{JXe7gPtn2u0c5lQy>RL!Mm}bKjMg6rNu0eBbMTTX_+9(E27em(_CG
zGVcNo-gZ)f;?OkH)vbfO&{JxvSy^&VDp+*t_R0a<htsyGQ$@<@)%}CqPV0dG@cv-G
z@*GE@L;NeS3aXVK(SwJVY+UofF)XMjcwOQd=0(8qk!*CDvv&~ycggbjk;C$$h)-uY
z4X1b`Tu0i&am2aCqlNYNADKq{nZ3(9U!1)c7cNA6(-<4XI$ZC_v99bZZ!pprd)uO>
zS<Q#hNx~4rNoaSc=QPfGHN*s!T;nTu8ekS87xc6y-Z;P>mg+@12yn+5Hri;e-S$gk
zgPjc|hO0Ka@OB5{*o;$l<LeEcZ_2~MNl`G8u)->2`{w<3K(tWC>V&ZWMt-!J?@VHI
zhX`5#05;scC8J@?J*F@3`@GkN38Rz`06(hMjoa<tJ&?xOe*5`L?s@{%4yW|eGWUeO
z=r6VYP2!T$H3C*p93PqaC+&28y6TSuila}b6i$XqKSg%;D-oq|A5Do7R4GSyD^^y_
zXR7YG!1c#oszjJ8kX`vqjc5T_%{=D^8X%9dt>^g-2mmRvuS1o!UBGCG>2+0%X(?b1
zb2_@kIg^m9IoXPr+w8_r1A{tC!n6B5wGtiK2))z%zTVk-r7xfX1Qy)jc6<=ck8=#h
z{e&7<QDdmJ@N5lMC$L4z$h%DPj_(soEHH^=5M2c!i;$xisPj+}1{#2NkLQn2ac}5r
zE9Gt=!;1DJ>|ik7CDM3{0==0rhd?hio297opq!|tUUJ3N+dYYZXhPZ)$>drgr8}V^
zE|LC=27&)GlUI<BAq6yMFs6r?>QCLnaHT$xYNgignCw~#jeQW2;awW&c_*^(=dH(N
z=S9?}FzDB|^Lnl4Z&P<9aKF$v93I;&NpzRU@9L+qB{Rl|yXzO-Fp26wZ}O9Dr`&w?
zj>I{?`q!DjFLT7L;=J_lQQQUw{Oshr_yX_5GB^lK$E=i-2fJ@O60xU}KfCkvlLy<;
zpqN&8{r0wyL^#@j<FTh|2N~riTc1NroUl@e*;ig)i7+YV%GH<(bshF;YU*~zae{}Z
z_d<PwkCZamH6`;Lp5jv)vD03a%2RjoCGgOT6E*-i-^-sp5=1W;YGTpmO1b|EDDX5m
zH~Z>RDtXk4%^PkQi@v<GiJ~uTG1@N9V>o*Lp2ozw(3g{+Ncp|4)5nWM-OV_BJuhut
zG8)qx+C<S!oQNls59#$yUTeP7*5%msD3zKSgV1Xm`PJT5j}TH~305{3hpp+N)I-us
z^0|~Kx6T|DoK}QkvD(4{T>v+Oyib4gOF1kyUOJHGqX}b9X(7NAb0P`DP%{&pU<4(o
zLZxDXr|$iI%0IT?;m__xQ#HUNrlVK^ScXZRABW}R_AkHwe2&SSLNh#cyIwxIiHZYX
zIjHNj3wHxy7CB*^E?6nGi1T_-hybk3;*Y12<>X`#s$Qnr7WYU+gLiiI@%K4sCnD}Z
z`XtK{9F;cqraK%7Z1<m-FltOJM@N@0lUh9m)t>eiQau15rm{nh)0uWDJdc`}!B6nK
zLkfyIjkr)Rd(%#r7Z$@s+?wX%?Q5};Yq~VqUTBw}WO`C9KEn<K5q->4oz#m_q|SL=
z^>-x@Gn)?vh`(_<SI+ikWW^R|Zbe|hllFChGb`U^n4wxb%Tm2VB1PfT>B8(tQJVhH
zDm=rl_~)mJS<}~Pul~bZHIQ1ccd#YKhsz;fvm8ID4p%6(?0z&En2oHt=^k`TumL0@
zF|g<3MLa3qTeCCdgwMmzP!(VX_1HF+p?V0Qifg_ys*tP~3a=i%-X;GC{b+8T2_lQL
z*Ol}!*N~aUer7kW<kah04}M<IOyq%)vqgDpJ}I6|Z?}RVh$FIFvy2#HLIvf3@M_|x
zgsRE)hUqTU=tK+>e9fbI(KGQ#M@;VNHHeoYk1$%K{dxxFa~y(!r4lhMf;AC{WQf^Y
zU9O=m;B3|IcpVW}u@6DJB|8+`ldrjXJve$X-w&fQyoSO&s52t3?j9t)UMYcIQKEG_
z_1p_lzW*~~Y}0|9ynB0U2KGs@2q0u&--qU3QXV$}%apu~%Pdp0H~1Q84@Gm)5FkJT
zl%PH_N~IK=dab|m@mcEB0yhU(nJ9GqKcE8#?IW`qf1*C{$hW3u+`!d@0fXzu7}uKC
zjUe6zLaQDS)ljdxIbR?Ap!K`!X=l4X{Se4}b^;^@VRolN7TQCimi5Q7j)Y^svsbsc
zrX#=3&b05n*@&3`c?5U05hJY7%-%RW@y=r7I#@V<`Hx`{8nM@SwedEX%?Y~dPTdMo
z;7iLLRrDXo*&DdB2aq}5{jS~Mgmdx-?hbP&Opw1DGaUYJgJW~o>+0tf`A!$kRW9oP
z4h1f>Vb6&b<~z=PCH1O6d!}otb4Jo{_UNtLe|YzrsC=r;d*z=Vdf6Sg&0U1D+b1<A
z)=o0DU{B;v(Hz@^d?8++3jrm>{*?DHbbC_dp#)3TiTu^N5`ig;6B8H<4J-PR;rN;b
zl+$0RG|QeRJ0BU2GT|bzcJ54&&t1HHHsEsn+UY|pEObMFvB)Vsdq!dLE0YGVI2lMr
zaO$$ON<!&A&NymidP-2J5nhHsb(5va>AP@6Z&P%85{l@>cHki8C;CQv4A3LQO9M#_
z8hxXSTaj+KkS9K{8RF<jue*&|recgw0-su)FtDs7zS4OVS1>2GlfL(aYg>wYN+nWD
z=l4kz{SouBZ=tAHKh}nvpga79K0{UfR_AzhW``D(Em#EWK?I2n<1ZA2?ExxnP+=Rr
zTULrN+Fs)5_PCZs$HD;RZVgsDqSWfsJWtUG>_E$0VON~7PFnO)dTRzcSmBqZVY;QE
zjTGgv4jE#gtwU@Kyi&!Ja=u9In(#Qe8yaCFo?bjMN?|X&lkwYr#e|o)CT9^E?qY+!
zCt|4m4A=b3ak$<i8S=!|T`IgSYw>aA<&R9kXcPtZMDmrXIA`cE7-XuS_?S0P6KY^I
zUeXyUY;Y=}M`uo{ZFlZeWqU&B{-sgngxxK*20JJjSv!pf%wJ0zGJ8x<18Z_U*NEhg
zu663e!EpRE8#+8P_xy(Ig3Kxj?Knd?2l)TVGKl*j!BfN5J@_A<H_$~%o^TNmGr?P-
z4bPIttS2dkJriBAr3b2t^zI*f2XGHykSL<Yw>F_Dpr&$%ZpbxzirCiByJ|iccP7Ew
zM(++BFWPn`P8i0lq&0Hv_j3|9@@e}D%l<~1u1HL!b*#>z-oE&3H_6qa<42cPeCNT9
zRO_m=2F%(5mIzKu_?%E!yy9_SJ6cj`K9iRBlR<@LfMnEM|3lfM40rYIGD^Sm_zOy%
zuE@o44riv?tomv+U1J=fSb5MB#7oKV!RH+E?E^~bdDUZpHi+Cu6C$<tC{%3SvpvqI
zL-6_}g7pkRzvh6*Mx);?>dr6P!p5~$Bstrph*qfGI?B2c=bAigzF@f9;h5PIFb!#T
zr*}LsL`n|d>x$rM{zjtbg_v4H8Y!WFuN03sA|>W!lktzj%uMKuH*#>skdVVr_`!M^
zxqZ`cYFi@jGy3Ae_+YQZ#WOXsm>Y$HBv`uWVb+GsQ-MJ+EXsBK56`iJeZqVs%X8QZ
z0qu<}>UL5$nmZx4<U~aqVFzBrwto8%)7$k(%)_u6Vk0#DhBi+-|HGqmqp-Gl$m4n5
zm=)<N)E;)>Th2ISd_wtaH6t^}smDEgaG-;WmvQo!W~vrU=m1kEp{kf!C?-wmYF-Ur
zCtys+WgYC2<2p7UNg`~UGmebpUkjD4aCvfyTW#HTE=|W^k`|)N(1IM}DH*#sc(d+1
z@vItlSpaFayC5h*Y&55%oB5ek9LG4u`r!}WBFuvGo2+e-zA+6PXzsBdonstPXrc$B
z{0|XHq#q<=UJVf`#_3doSWA+X9usoBcW<2XF_o@x5&*9*;TXe4MN6G!!hP5GvclHW
z48i-J1`mo4MkRD*ig2ONwx-+kW<Z5))q5Bpl@6{S<;dzpdE2*1MzaG9_Zt?&QO16`
z_a5-@L2|A7bhvFIY_%i`-mF5fnEBAeTdQ6g-_6WyT&m(bA`lySK<Su2Dii5@LhjL*
zzzI$xJblDkx;38Em?Ju4S8!;sU|93>ZgXqv)T-rhhvUPVlbSwCwZ*?0t=1Hye6(HL
zhMGMRaE~rPiW^IP1ColpwS+N0c|#}nC^)=5WsACROQ!Q2^*7AOQ7P45opSR^Rhl3(
zTfgB_h5a$1pvi>#_fvlin5(f&NG3weGk_VsUSqdCyugP32`9@gR^m1K!*~lA_J^``
ziW+8Bm!yNnk7+aCcBE0mo}CRfT3-MaeF9fLTlnzFMkRyeydhAl)Y?XxPsk(GQa^vy
z!SziI{KcPA3&}$mS9BI)U&9&^L3C_K3JLZqi}5^R>&jTZEg=D~k2+$wx%G=>if&st
zjow>a!cM+9bXQo_DQJad!R;0_&YTV<(Jxn`!}GK2JUy~KdD4j^!gz6RZmk4g+sx+J
zM$>LxKtnr1gfAFx%7%GBFOaIaImspA3mxi-eNWRv5jL!k?JUyH$((%bZh?pU00q8~
z{?Fr=CxPX$jX#S%B}put+{cOu*-F_nzFSElkG1crcH9ZP+`&(F`(pm6_ZiL&%XTWU
zgHeyNlaTOnIsZz#`00Z3vL*XKeunyyqfEqCOJ0#_hs=iT`3>S-K3WH8iq&S|g8MAe
zSW&|GlsALw2__|DMc<H)Nfs7@hm*$JDr)<Qqesh?y~?zX>%53&meJRuT(@~3>m0zF
z!NhXRbL0V5hj8(&-dTgOZJSGUjpv}YSXa1+eWs+<Let8(9*(@xZnZ3(%SGpuZQF@j
z_aNM{mb8TU<Fb1$_N5d*HfkPtjVA@I?~6$AG2i4Z(xnZ`f0!!e4m}{M)B20m?Zmn2
zrZeam^4)e5&~&K&g*Y!(DR-9X-#8-Atteq2Y;M3kBT>8|%}|0=Z|xoqb7Y50T5seU
zSQLBoQ_C6oa#&~mz0sR(pi_cfiw?MLrn8KPm#Es$xqPyAfiU_Yp0km&B_P7*qb-Lj
zVb^5r3&K~SYD9N4(6yB^!fo|UIhSSV#XTaZ-2Cr3azf&s9Pw7LjCl@lE_$R<b&PB2
zEdMk$81D|qHcmF^f>T>u{A{PY(}(&}3TN>}rIT=(mOH$Q%~<@vAF%ah>=)1&Foc#m
zh6*F{t2KXRa*}Y$^8ya>L{g_>H<54oePuG|M$!`G^LhM79O1^rHsfS@59RVg+D1*-
z;o?WWdGV~@KkN01_7XN`Cv>an?0`$Kp^4CCs>1hr(6}uDeh+u*M=_9$j{C_mbP!#Y
zw6N4-$Y;mL%hkVVyQ71mBs^;d`>eY>7L7lr3Vts35S3!kvn4iW6m!~&E%wyEqiY9g
z6}jzXaQ9sVTV9-xUW4|M7F2S6DbCBLXM^3I-uebjfM~FTB94FI)w&U(x!T0bCPajC
zw@iU&CSt1haEgD@7VZCzsrq4H-vo488GhS4b4#v#38$_6QE1Xa!D(LMD7=ld(olRM
zp?B>NK6_D!yKx@7xi|7qo>lQ9Y#hL7<QoyI@<iJ;zO6Zm82j;S2H&btM2|On#mn&N
z<qKq>rHcJu-;G4}$osH!p~FBnw$+9OcqQ!M)JkU6Vn@>xET@LqdY5{CPlHSxV?)~C
z?4~a*v&H~k!=iu7v$Tp9?pz8Uv8^neSe{NUM#uyx_PS;xh+G1~q`y{PYz*2X))bvr
zFZQ<f-XGYXT<8ZIZ&@~8DE^1{B=<E={BH1?Wh~m0&V0`{ok^;<Q*=&YEw}35aK?Xl
z@h$NG@H*FOjy-~M_brd5FD<X0&jyVyP&wnO*(oaDQjQ+*3V_$8k9QN$S1M=EHZBxR
zS6YgGqsI?hC;ug!1P}(#ki+YqjW$-hV`v5*{zk7p-thC2-EXwBoZUQS{SWU#UpQY~
z24c|@+s4N2v$DPb?**HukLmF{?jBa&S#u4iJZ~4g|A|M*Wcfk9nP$yS4xLzr|1iCC
zpF+pkGkIm>JfUNqt=j$5<e<4uB~`<Pj_;Y0PeqxYP;NnQGibcmy!RgZ<M;R2#$RRs
zX5ZS|Hwr;x<Or?@KuUG4B6pxM<eanK8BIw&@M_0;hbSSrA>MCCnKP<k4cU?WYK~@D
zKHBTC+%ZHk6F`QQE4d*DGY-|v9n(nsR4GJVQ4^CIOgMjc87!AdoGE+-oJpL4smZoh
zNKqLugq?Z!ZH$fj9VBl8k@pOHOY^h)=APiIc6`wzcV6fWvJ_vlg<rGQg6>R!DsfL6
zH#pj*-c#usEYqfc^ZlI{lw)0TKsjYETrJ^$YoC7%#nKcJ*@`PL>1eNd*HfEPM`j0d
z64Yh28Dq8eZ?-qQJnGF7?j)?+v0Nq{9SIi=+t+Ac)*0Ex>yv!{c}xHQR2nAQyW35m
zzOp!?VgOcAU<wGRy-Z6&Bp}qxssgq=)J9Z_;`lYHM)o0pQzY4L6R>9u4if`R%ryH<
z%NR&m_8abl6omK#=)Am28UfQRu^(-~02NB>SPIlpuUHt2IlaIEOuB{uMKdrFz8>cU
zvF+UFGo(;K)RHxc)Xa*HfbT!}S}IjC!wOvG$6J=k=}mD&iGK}BBX9oWcji`6<WsNB
zne55k24{@Ct>;b2Z6FC`<f;UI#m++70_ne~FYW_-IeY7Omrup&=2#kIJ4~%me!+bk
z+0s0;$Yy1)iXI|do8~#xu8*|KTTT6~Md3h91WA%op`?vorb!H`3gf2_)Gbaly3@tF
zFQ{(os^8~F#U%TO#e9iY5FqWyGSqdr)Kf}Smd+<_SNg(2@8rcF;*s|x$>3Hs-X{j7
z2mBDxlErZD5Xz_bq9}W6L1ktUkLz-vHEFq`As%ZK#bRh(OUYbVv>Jt4Ut7FkeV>p-
z>W-?(xWS9Jd1p>C0wF<7?4Nd6$~p}6O6ir_((bFFyUc0JSSMQhIDg9DNWIf=oOHv$
zVpREXJV~n1;h#X9PlH`dpJb_c=8S9^oe4qM0!UW4Q>~p4PE_M+`X&Uv1;XUFl10^?
zPgHf~q%1}|E8X#&1j8jGYkx*VVQ1>mkucQ6es?J6&uC{A+QGo<{6izL?BP^b1ckOC
zuslH~n-&wKjK_B|WUKV{=1g&#T*BlwXan_jK8}K*7?jgWY<hBdp-i%MX6YaR2XpcX
z1HU&lQO&-(DVn_Co6eUPuN|!aWqq?#1>hLPmwK@#jL46X+odK`-Qk8bKVf)LcLXFx
zx(gTXYdcfl!rQ?`O`)54`7X6-?lOMt!~i^SG%lg&MBN*u%(G90M5@+~Lf8b_N5B{g
z55L<f8q{Hooc7ua9yD1YzJ7Q*!AKZi`B)dgWZbz@zo?jtb!{<#EmSA*5x!9OQxK#~
z5z@{*jjkwg92V!GGZ&xLlbVDuWfycjZ3f|qs?EtMzjGZU^<6r8Ct}@6^A@t+&i=3C
zq<i(XzYAjaH>)%EY9gMmRo(YT%{;RYEH8+1bM0;@HrcEBMyWGj85x#pdk7+t&{_G8
z{a}UITh3rzlmeCXHZEgDJlOAHdT;%iUf}m=eLWZ3q*V6HGK!Q~{KIGp1wr~^(3yFD
zik6D01}TgzYZ_j?ZsE71*RQP=K6?KX@!hI?F)?pGwI6@;MFF_^^fP=rvmGb-yGC&T
zYKRigO8%hN3Rodki+d`wP}~s&;fYW0TWu*pDPRHLMHsz&{10{Am8ok>!b`5Y-W9p*
z=1eb*SNx_2r4?rzh|;H()ob_n;qLC5bPt*F^<wG4amc!QS$0JWY_z@>$xYqKj4X=j
z2AK)el>Kb@V7veS;-=RO1Yhi~$uQMqo`+=n)$6~x#%t@kKmG!GbNKXhKSZPAQNk^7
zH%0c2o!GQ}V<0Bq-34<|U=%k3^QL5|JALW(S?>m@G+5*N%YHVto>&>LsX`hxbeBtA
zi=MWpkGsD1WqOQHLe2TgrfYWM)uyx<1+&-UvtV<(!Ssy{?XVkZB4(>TD}wdS*b9aw
zvGd%ICjkmmH{-DF@;6>8$Tyz3BbyHokAPnLKfDvme~*_s*y1}q7xoe~!A69|LvS3u
zf2Ct_!i-cDKFz&KR9yYO$5rz$yF3@R+nI0y!?}u&tx>lIDfawX*{gLvU`zWCPvl}_
zLz;49wRL{4p|89#V`q~{^bH#otHLOSujd6aSc4A|9Mz?tza_)75f9KTp@#{2Ws2NM
ze8K?UBF-0b=fLD^OIGzoeBk%+Ib_9B6R+efBlaR5_Y5g3>%eF6giAhMVM8w5V$m0b
zF4giKGT(WbEwc&IhrO;A1G)GJ@*bx9IK1&`kc@jWsrLLp;TT4jk)p1pgP!jileJ$>
z_tF2jGDG4(d%Lqb4y!H|8k`W;kex>5HXx3$Z%7r}p>lIXq&e0UvLv*|8729AS~Tq1
zDRPVYad7fipROvQ0m+VcZ?S?8wkI3i-cKsxqPr80CC+p5iOJng_o4jDNN4ReA~x~;
z4}LH4s?(n>t7+n6E{^!eW1!C}9>DZwEpcZce66c2qG(=d2fU^uus*hI+j9SqveYZK
zlktW;kA#6F%=%d2*f>nvK`Bzes^qd=Jj(t`y(G>N`9}f*^Vo_lTIfUTCDBuOi;bNx
zLPL+c=MB4eBHxDNM;Ma4e+0Cs7fQT^HMU}@S@lDzH*Y0-kC;Ju16Cl-c}7&+ow|D@
zo`=%zoMs9o(WqQEVpz2}FJ#~%wbK~dG3@sC#(38RRYTW0v9Z7VukB?gHczBNHrg(p
zM_dYXo-#B0KJ=3xC!)hl+vXghqsrs}F9t=zjmvhKL`@6&9`6(!>EWtT*oY;Md(Mzw
zK-*fv=VkJ@{^c5(9di`ZA%T5q;;ZS%Mv$N67$GIqsaGs+t~^`~Y{v_%VV9=A=EHc-
zS*3i}QL+;)tObDe;Q(x#dm-;M6GgW(<0P<6cxH%b?lusyvH>-<8C<>}M}u9(5ae0*
zf(?{M|69VO?yE8KILuWkX0SpLyB2zwgC+dxA1?@m-eA1-%#ZII)sx^zDL}TtE^r?&
zEB<L95tgk6=?xpsWB5Nj-lg4sKE}~+RVB-14;t56B)XDPk^{o0Q-SlT`8<7PHbbUW
zY5(SmNWjOF-Uu6a5w!^rEP>KN3dDBqQ%?*SgD=P@n$?#9y2DE*PwWXL9)71d7)=2M
zI+q9*_8`mSi<P;S=llY;PcmpS3o&BgiCrMFoq@=NS&e&o_WKRndq49ruY1V|u(*(f
zr8uRi8i}t}i27%qW0W~>=@FB1^}+LjygE9M%TytM=g>l$QLYnTP2#-=0>Y;}q$4Mv
z8-m|Wc#=#qB(YsL-{Y{t4~KXb?9Mcyjx<3SZRGqTWZe?g`(t9CzycFqmSVyea-exQ
z2itof9IyJg^ayZ3MS`(5nu~MGq`tP^IjFU^G|#Y$oikzXW$?!7I@-7)CsUd&FO_xD
ztTZgws;@Zy;$dU<+*d~3aFf<?z>^8cT$&yjRUQA$h@JOX{Vu$UD!T5pG{4GOw()Pv
zchX@VGCieURxZMQ8-AgHlcmX)2w-LAEngfC%z1Xuzi1fkTMbu=gc%z?tjReok>H=a
zBVYm+5qPv@xYi5$U+$o;<vF8;{(;FB<a4uuEgRZ1L8l1kq7Tyv)wEQyLgSmNQyb-_
zB<2o#g^k*zjH<HgQG4%I#*M542PF6!a+&YR3N7~pbgyvDjFOJ8oKxe>8tZTPd`Zvs
zA>(-$)c0FnANQJslk{Gh%tX*8C`akG2-)mWlj3rV<$QU|mq0fNPK?>=l{K?-*Q%Cj
z)(<r-Nuu0mO|*X=%{$>S&z&=R8-N_$5%uCs(1t1#oljWqhNN!wjn4oCd=|B-PpfU?
z3QObhemK>Oo!zz8SVa}`noiYU$$j3}sFMinF=iNupOwEkX55|heOb$?qR1q0Q3XDT
zDg-|;*AbnZP)?m_HHblsRE^5+u7%7G^Y6;f;H&nyXZ`&_DN3&;p4-^KN3HXax)cMj
z*22hX;XJaKM%y~gERC4;Xu5A?U99~O&C=q>j)msmtcw%sqg^{6no~ooSUQ;*Xx|~?
z2Y)OktA85j4^VnN;Nc&3<HP4iZXP;(r3KtLyjeeLuN!9Okv{8|7V<sFmvkc%{qQ$i
z?O}rIYRN$*C-K1+HwMu==~lvXA-#?4bkRa${q1FC;kZ{pVaipyy=Rqkv)`Gl(_unH
z56r*Z#tl;y&_2G%aN=bPp!pAP+KnqplXiF{rEzzz?m!;<C^ofd0l$hnR?pz@SsRWE
zl3T`+q;UM$tO4(KcammCKculbT-J3b0hNS|h-%boecbHKr{JKDo)b?L@#8JXQ6j@I
zHa`ShhD1v|9e$V*E~`9|P*prD_K9fpwr&@Wk9QX5PNVih4O+A{$3(kBW;|NCNmH!^
z50J4L9j7!6IkDFC4CWrU$Jx!Js0_sJHiwCK@}i2fLC@rgXok$6M_o)whxU-0PAe*4
z<oWw*-OHZS_B+V|J9b|;@%(BrLUJgSffH_HmOwP&qHv63O_`e!iA_9T4cUu+z;6v}
zj)48#J^y6=U451Li8UfOz>}K9abzHsfy-!bb#i}1wH+sWMEkTf*VF6gBVH98c$)2{
z5V@~{-xwv|kRd7{s*kguS#6%;P0yZ|aj?;P%;}D)77=yBk25gS`Gd3im+!4}PHRq1
z{944!n0b2yi}VGLX#uXlpAMhfcofSq@0=9R@W@?Z34gbUhqB~^JJFHON3B!%*DV|4
z^{8q-tUM-}1B(f_Ds{q;PkohqtU_%c+aWxtLU|xA^42MHg3Y7p&r5x(#uSH1Qfn4W
zh6>@wuXTVb(^H%dZ=G>0QK7?W&Z%{_F!}qHrWf3EcKQ@DAekbigv&Vd@*07zYh7Wi
zupPrux|EMX`a}phUL*-^74ms@4tJA7Ls#uPl%b!x6bhpnB6(wddDA2B!JOG4;lVw{
zBz!{Q@*V3)HR$_+3u={=^dwa=9A0u5oW}IgeOOuyJ6Y>y7+i%AUyV|^kVa?I8U!T!
zjqx}6JzE?3i#?c&zxIpXQ;YII{$7rG7p_k}kl#1#hD+IgaEElF$USJsk6|(0!Q;q3
zPPHVq*h9o3Ed2e4?o?u};1$*GpEgpl9{QBM3rTDTS{A)n7o!{E6=*L4FZE`Y{WBn%
zVmYC9FerkxTs}I|znj&Oej_wDCVjytVxK%X+x$b>)Omh|AOF~Tn?EO_P+B(E3sLYC
ze9T+e<*Q@U)@vLL`m5CEtrxW7dp_7_^XxU5w~$xPOYJtyMide4jO_cI_?lJYBd}4D
zY^_a{Syjf*p6k#r813Bf$bEUukdcGA!C9288|SIMEM9y$Yn@-XNO|Lp2;<3#W#~D(
zV(Z%vs8bY=Fou)o-m#}&t@51&wu5=d{P62j?0#4Le!7IZR%bUXjpa-p;*aY)XM6V_
zp5n#H;sIK;>l|DFap<Cz|Guum+JNDB($l{c{BiiNBHPj_#Itv0WhiKR`*IJs7C?j&
ze9-0`0S*2*J9Uv($C`5Der{S+LG54SH@$b6(0wtyNfo`;ywcJFKScvR6d*zRgTgeh
zN)5AA_MHd*hlhS+!zYKv&Jyi+>S$IbtOiZ4eTN^C^#A+&_JyDQ&SB-qxuWeA^h&e#
zav0oW%hXALwl?aIEPfZXQtL15z>=$D<6pg8maKctQ3AuNVrTsWn0#F%x7i=_4Wwje
ze`VZWTMt~kzn+HES7h|#mjms$!`}adzVbESG;nGHIw!rqf#@YS@mVSE$6=GUQ>RzI
z{{)32WfFZqmt_7qPv~}i6%b&Btc~qh!ye0$bR}q%*n&u<Y8?y*@pT3)D52k{euZv-
z+n8wBs8&mY{GBC|W#s@Mm?@r|{hNU8R%h1A&qN3D?1){^)_t`rPeL2jW9s@u>OqrW
zj*+-CST6OG?cP?-I_`y^6&J6&;lhPS)Ii{Y?x665T9ZntXABc3tf(@|m`_&%6bqv6
z=*v?n6y$EkCj)!=<{EmS=k91Q;(A_%q`ET>zW=p~zAgrZVre#-R?p~ndP3lE4c?_2
z08|*txzeAVF`$6*x?_xRHFKiscx{lV0rW>M>u7mEg29nR3baO)(|!I0=IQ--Dy%jj
zamm8(x#6u|oAs5`;dXawR^60X2<XwQh1(p9<@XI4>E36)zHgaECdx1j7#fMFg%?kJ
zb*t0;rB|*q?HUitDPDAdT%#eht63<>NAQai4I-i}Gle!HXWbALFMay(XaWcBY9UmT
z(q8J*`|ljjY{jCH+@qDZjg9-6-Z>et%e>kZ5agrXd3Hz78|p-w3l>+2PXeYW42<3p
zXyE^dMOBFh>gj*`3w9jH$X^8ad(ls0QW^B?M(?kFDt70V<_6%H4pf{f#uQboI>5+w
zlfNn}G>^h+<V68DiS^~D+s=5W?)t<Y3~e21smVMSNuM3L1Y+_K%WO?8VFFG{aR%L#
z!VXQ$aaYB~BU?o*2Gj|fFAWTK{aQ!7I42hKXvneD>Y`7o!)Ul!v*`_9X=cX!RU_pS
zR_hC6@U)J>TWh+fYA>nD8KP=P^k&uBhG6bC!Q5~u5nO^$mV=PCd+c7+AA`>$L;-*Q
zs*#Z_=cRY>oz59meu<*IvBOX;XZRC8_K#sidQO_UiS?oN+f?-kcBL;PQm#FHT|6^q
zH`HhYnm7f;<wv8Gl|;IY;_%G2Ul&Gw=u)Yv`=AQ44f0=#pmowkS*W&TP)fK$|3KA&
zxO-PkFOMHPM`OJBPat#BMU28r+hN%}Dj&5SB7vdv=jE*<DZa%bR3>Z<NzoKYMY&U+
z6q6z=WO`d0n*iSh4-zdm{<L9*_N*F+v%{aKfh((TAnXpd>LB{SbEda8`Pq(mOXOGD
zQ$O_+leyqb#czm=U~GAjjQ9<s)==y+H;N-CW4{~u&fbLaW^CFE$%=5Qm!1-mp!>3_
z?!8#*TqyHrAM{kjNY=shh*5IFYUHCyC*$g$Qb2o2ij65AEGH+Wh%*G%Y$B_6adq#C
z-b+K}syOD<hf3<EgiRK5G{|#GRr#ezA~1boYx=Rx<-7bOX7*93v+wdL1yR1U@2iIl
z>xkbK^TgI#(l~_4JR|;*1_i-3^Hu~!YznUt7r@BOYl$<<>h5gShezV?3IJl>tEtoP
zQOG8%+6!eQrGmpyQ(X1yEpp!5+CFF(87CA7TV|2B%krJ;?&{w9{%~Kf9Mo5i>hcY=
zL2V_PAn`;O_?8mfctcgp>yC}F52ij<Be^Tip(+rFu24DXoxBo1lJeF~+XM-QkM%m)
zh}}4RW|~`aFz~+dYSq@v?5op2-hQbPi|p2XqcJxlbAPef*7DL=P{c@yV!-Gjg`F)>
z55nUYNtcX`ui+-IS4U*@>Ec7}YFW$6(-}j0P*T9YT?BKGrCi^sGELo@nZ6NnW_v31
zQsZ#v)lxf5*)|gtIF5&m@nJjwk~dQI%{b(hfa-`fSleWmFfDRD+pM{s?Nl=z+@hb1
z9j&d?;k_sS6yRlE3=L_|HE@%HOyx7YlX&>6<zkgNY`p&KsSJU@m1ed#K;q8Jro{Du
zV|6A*lUS2p0x%2+R#ZcjifuDN;iWur5wAT~=%vx&YnPl2u9WxJoteq{H+tmP)tEXT
zvflS$-4$6Dah0yhR;D?E*%ej4XO1I2fLe_E@9AS{0@4CK&z5Z8!G@E7H)xyH+IuN_
z9xZb+PtmKvidVu{@^u~;^{q3rb9Bf17~71+Db)V{-;F@7QFOQa>F~gRcniUi7Xdr}
z;U%04wf3y2?={Ic{IwDsLGObntQbH~3u018=)Lm10#9TT7w!FTJm-Sn?EZ}(b|Id6
z%?UQee|+7}q^nMYJx>$7arKnz$Lpre@2dJexsWOqn&UFOn5DF~fp}~*BMHfR?Krey
zZEwGG>`9Q6z>4(8jFXj3p8eYyUfUKfRG6$luK)0=q1q{s4L->|4-D&0t19weY4&~!
zuKAVCa@Sp6$+saVOrQmWpq7BAIP>y(vbm9lv0}eH?}6q9h)i%VbHt=)XLfoI{DnMf
zXicM7HX|VBtpsh7meA&CbUoednOE0Nf#;iM@B${wTMH^WKM=n}$&%1s7HNBqfQIrJ
zibMJ4WeL=urO0-t4?MD(*4gY5$J2BZNzYFB&Qc|5e2vU)jn_|+H;EghtG*nG*ON(i
zvy1_e$QA}qLk_hsur#d>F6_%H`BGYQ8jJ0)U?W_N#B!WKfkb|TEA7|5^%*Zq8p{;!
zl@Ruu+D<xd?eJ1Xn*&UTf*D*iEi=GCv_C+CwGp}1YX)WWWr0?lz3WtNOZ?%4D-?aT
z2b((8H2=pdHLcj_qS4;KDv|D^jJtJg{~@LxEKIL9PU&W24ctF;kDdQ`r>!|X);)TT
zC<`CNOd7feNJ#e>of!P`D`W;(2oX}8kcI+YA#?8nMja5Gd7_$sSpSxN^OZzE<Kx{_
zcPYh&2qKzF>cTr!IajjMw(PP(%1a$)PmDk=AQRP{UD07Qh}vk|rr(u}=E=hMMoA$q
zCx~8tyIaL8a}SJTf;KbLX*rrCCU^j?7!e&fai6B#%9+jxx@hM<2glq5muV$YZ0;F^
zLa{cCG8t=sUs8CUZ*ZO9@xl3pZm9}u3{~Ye%EI9cX_&W;x`v>`f?e?GWP5^1eo{=b
z3b3_nX^jIn!BsWt!L68K9vdKnoVM<CITM)Hwwm~C2YMZ`VxmzY5~BBCRfw&Dh6(a`
zXZ1|ejLanI8nOGe7n>!<P9DmAmOY+?gu{niJC0ZQmuM@*dx0x^?gZbZSPL0x(j%C3
zLfHD3uco<y+)OfFpn7;7H%lUmfBqzz@35~19QzkbX#)ul8RL6m(gQ?9|CZ8Re>aPv
znXHpy){s}DS;R`T@<O|y+2O1h{Pt3HrNy6kvBGHuxqc;I1j!gkq#*obIMj%HLpeW~
z-#w*}@H~C6!gw#MipwRE-fxky>>Y?YTzwE?eYdhY#4g64_Rc3o@Qvi<8D{VTgl;G|
z)haW2s@V?0zAeK;(~5|0xn#@i;6yf~J-qtfnZT-MAmjkswfcvd=M>DM<W~@Ym^ii2
z0E_;VUj?cFRcKK?g^ZZy-j|HkphkQe<~h)C8>1VU|M@cBcn^<KHY1JxJ3#o1{%YL#
zE>5)QfQP4%;_V)Xux(9&G>6RJe`qv9AKpYPvYW__yqw6obY}CXluf6LjWwfpL$Un1
zyPJf))fMqVvVT151T#zGkP;oV(WnCXi)AM_pUIk@b}SP|oLKVqxO+fMGn)pNj$p!z
zB<@yN^phLOukFiZ-@sSR+9~h9M<ta=&xN;;5v7N*sW(Z=3$ppr&FpBA>>JufpLp_A
zi^ox{mTXR1jv(rFL_9e5N+)FJ83HrTrx2fqqUtLoPxiUbLgwx;*Xnc51J>$BBJM`D
z;-=w~o@YkGSeIAvOG+|@$$QOw-iS=*Y#P}=(a06p=9?=NnjXfYi_5`qWJk5qH0BK0
zw}wAZ+b?k_r`P<^1)WOJtdc^NL<1t}6Cq`^O0h}OcR8LYPYg6y>AjAg#N6OC_UE&1
zEf~sX?+MOz*7IqW?^%)0tM9smVXmpa+>$8$Wc&I1V!o`PC{Bbk-bR!zUjlY(){^<-
zo8yv<HM-~FGnWH8sV`Jl<aO;d`$KqyyuQmFd-lWSf<D-PxU^=u_)4HO@W)V;G;pwI
z>93YhvUtvgVZsd^8pH|QyjaBC*yJq3PGgs+ds;sqQseN&z&;HENX(&cdjkZ<R>ZUF
z4-^ow=1#Q!{vy!!oRu^@q3BdZ^&FlLo#c(|JMOs#{hoobKf!KW?+s~hzyFiavci<x
zwm7Ef&xzYVFf7Av&gr{SEaQK)bZWqoYuzFE{JFW|7Sqm&&_A$*Nz%4d#hfENJd`-e
z>%+bt60iROSzAW4aj(H|0R>~F-bfPN?Qr4F*p;-xTG&mbnyf2B64uGwV7s>;+aN#B
zqn6Cxk7eY(v%H;#fVK|dhoI}TO0!>`U)HV=<*zDV4)pFW8&j$FyQOT)otqV=#8AvF
zfj{uShfyQu4~GFgd74}@rrv`|Q5|~OE~2r%Ca}upo3_W|p?LoTrU;H*4v2VN62NJ5
ziI4MCyiAjRU=3KC(WA#C3R~!hFG|QSL+0mq4>yR{%)z(@6n<q19B*iuMK3fXR^4Nh
z4Qu_cx@Gq?NN8njBGh$)HvZY0Q{iHhJ~i)A9Ta}1m#Fat2CaXQ==$g2A1ql9#~gO}
z)cT@NI+?$J-WtX(URlI%DD(lEv;Wa8CHm4>TL&1ulah_b8t+x1y3qmi)_hzu><p^E
zy8$$;kyskvnO5)N@J}!z@vkPD_%b!efFia*c5<wo7Z<^sd&J!ijK)>YOQl=KtJwoB
z@-f*!6}6W*?Hc{Lv<7iWje|tXQv0UeD~r+Dq(CGw;~9)$BIOs!Fgd@13Q8Rl&vTa3
zbD!N&#jxydyu}ct28TIL5X!G`<mTeO6sql=5HfOoV?cZuMG>DgQL3x%^BDZ5YR%F0
zKsW2DQ5H+gabOuf_wlNSF0c=a-PA`xPgL6uwI3Ek3-`L{$%#$NNd{>#<R?mRhbjSS
zDn@cxnlbZG|78WodEWc`nC$bAIHw3T+12?HIq)|jR~@SVY2?m6v>L9c-K#>mQ+({9
zyA7!(86+q6BNn~MqO)vgdoL2(Z`4TYt<sp7P2>Lwi}@fP5KW(u8No3SJ3U9Pv)mPn
zE%nwpFtLw`4Z#kbJ$3RH$4vj@Tt>uxmF!lbw$TW*?_i+&UPIY&zkMy$B4#VJ&nSIF
zQ%mQx)M-(&Pc&{+pP`MNQ#_xSf5@4vkPC?_tYFzOO1BrvOfP`m{Fur>xvVr!N7p<y
zlxdAv*p{{#rE4DbxoOz7N4b&j7&0WqNmy3MWW!e1XynjGOO)|oQTK63cZ!w-Cu^v-
zIGLS67hgkdX(p8j#dRPQRtnA8mJ<Xi5tG=q(<14Y?X6Fby~IRR(~F3x(<r&kII{s^
zc$7B4VzW^7XU1Y-G}gs#n_p9-oW_{D>!^)K71J2=7FYcXPVI{BB@(%yd8CaW=lbrk
z=L|2lFDAP^SsTYgM3i2WXYDlcsCuLBnYpprXd~J!X#T#fz$T9KrpWtq^Yxn|@A@+x
zz8EWK5Qr3*z{UMOZWc;S$x@FFsuyuJvpW^&CzH<zTn9k$2cXd^HH8xiaJsMM<N@s$
zOB4Wy-hKCrfF-m^$xRzXMkVt{ZpHd{SB7d68l;E|3+Y&VPhHM{)*FaDQsT{sGK*do
zMfR`#U*k=AOqc7}J6Bxg+d40bIY{`l+t%xoPIt%6+~d3S?7xMKlsVk-LdMh__eu^o
z_HK3e;#rm=PiM;9Zkyzcx{-~M5#!2;XNyJbaHRCevEpjL)q>}F!t0Eg6T(xMRkz-6
zZ;d^(gubWB{@aj6>gXTVSb`SeT|fbB8&V{RfI@@*1thpI2Il%JY*JjP>m}}+E9~9d
z+rF3_x=Q?K$p=UOx@rmDysQNOW6r><ytu1p^;8Fz-D}@82*G6>`?MfYP@UoJMK<`Y
zo=jaNfNL-4w;Pq{10Bnnv@ch0MuSBEDlX=(O=SfWp0XfL62NA94)YoppCNHL4BZbF
z{L`km?C&S{!hXWPr}gBY>t^6kySsR-#>O3>ZYorG!zP?2xCDGo+1OjlOzG4wUFD88
za~w{C_Wqcrf9Ja?e`kZwc-Rt(y@KRwP>pK8_%;dr-fWyFw|z>hk#ZI*`vK`ptRJ0F
z)m6T7rt{r-@4aJJDiuy@ijv1X*3hhh!>;b~T^>M@P$9dU`=t<9>fg9gBjRvd*t6eu
zYNjGQX{LK-Cu##ZIuzy1^cv61n8EC7)TBCUc(#=V1UF{not(c(T*){;7#c%u!U-Ex
zi^Y+nux`o$mWEdlP+769HgfLi14WZMRu`%m<_+W=M<wYPD!YiC*(nya_RY-w6r8}t
zfNc4C)Z}WP1%^l@4sfZMGC>m8FX{Bm6G77s<ogCaMSOB~i?#gQFkoAnqI5L?9U51v
zv>PT960<DdG9WbNpi85jE|Fdh&@uQOm-N7A7GB4(6Zdq;REMcd)wnmSZrFqxsJ1;i
z`g7?)|E2Cy=h_Rk+doDIHcbJ1%C^AE6wC`Kz}SZ3_u%s&%zVuZVdg>!sILe?wGFx_
zbQIER^}NIDDf|!h%7JIQ{YeoKIAIU#55<u?2E)Yv`mTAwtXcX%1x1IQ`3LOSS;|NE
zjnyVRx>|mL$C915s#N~L+-8NBCCQt4S4z!h@$&5lbM+X`-|}%WATLspsqAIYXIIco
zuaY2wDRnfJ#4^b=+5k8Wu@H!%9wm{*Qm@F#6g;nX=lyyBMo725X5xi&`)7eS2*m>$
zQuMa;P_MQQ3Y+Emd_fjHuU!f3aIf0fYt>B7B9~`eUByn+KVI_}t9*5o=MTL~EEKR|
zrADk$l*Zofq~;)!N&73n{7xLEYH(%n&Y;-+d00&AJ0hBpOgFvfO3J>|O5xJV6y~*t
z&slzji!WE>DH@Qn7O1Hb7<E(<m1exPdc;U9#3xurfB5GtXQ#Erf_YQ$b}8z`%($bv
zVKjt=ri_Y;!cdL98DG71oIZSjP^^@njxh2_RhMz3ePT0)Xjn?mz3WJNM64F2Lb6G3
zS0PjX?B}C##%=C=XQS`~!^{a8By2I-ss2m*VL6uyjr!5ed}s6Gp>N`pyO(-WpQ3Tr
z-!gypScD&I*_)u5Acl4m5eh~9DQ>D0RYbJf#5qsDI79F#+yI+bTqbO}YS2v6gz+nT
z8mF9I_8W2|nJ?pZ6IDIDg<035q|W(75TYz{(Tp?IRz-7DjdDGlqV*~(mvmNwOM6##
zi%WfqU1dW!Ab$HUcg$W%ls%l6iG2H>pTHVqEP!2SW;fBpGdREtvYt2(kVZ|Mn=;j=
zYP(qfeD--<{Td=nz_g8+nd)k|qv~S)=f-wA`0-|!(}(KBJli!cQ|L_4grb9>$kO$q
z9kc|dTiiwO7x41d#?x$9)B&fGdrDrh7R(gwTEuumOWO-gg8yYZx*~lyk^e{3P~C$a
zypT23Ni84DH%mi0bFo=BARbGh0Mn%JQA15j;cM6trQ6_Eu4dy?{F%G)3#IX@n7^u%
z=H+#?ghu?%74sAy;?+B2qAQvMY-C%CoAx3m#FS7%%YD1?Kbd@@9!~K*@dnDCDsJM8
zl@Ys4uqDEeH8S8g-3I*=C_Zl{s_gqb7Ow2XS_*0{5g6GA1aG?SP+)Wu4ofP|7(*Fe
zb6GHQH)WdoO%7kLyxX9oyCqc)zL>s}NcpE<$|AcwkBsSgix%p|7tn6mB!6+oS#N84
z>PRgJKMiUQq(~8bTU5z|u0V5Sk^JO{4EE!_HIN(a?vl4kVS4{hRWY^yhBve;NIwDQ
zNlLVAzhqDoD<H}tjb+4h0#ugKh@b4tRO5H90Whcs?ac8IaN_H|Q7hdcsC_;GaZ{6W
zu2jr#)-16bRou<fp4V6w+g53?L_(Lnai(RA=$$*dPIpZ2%EB?O#6W`tx;o{RZ_J|n
z)yo)CuG1W1Rcb~d6KuePz=}s29&abW2Fbqu_)S#XQ~JIGuY@4<ipMJtinw08eX~kw
zSINnd)r;KIqJPi+{arbw3XBNad^|G+#LkZ;5qxY^DY@Sc{TqD!jCU@E*A@2$b6qLf
zR<1f3kaH)-py(MMb2uE@w%pb`n-D7xa4^G{wO5v>$?hjXCmeOk=-mLj8I~fQX~FT8
ze_1l;kNsrO8z+kQ8XL26mYv8%{F2wpMt+GptfaMJ?J*x2oqicseH=t92G+-GC&{#G
zqzrJw+RBi@$t>Nm%QkT6WA5Ky);H4HFsl;7{0@YM{zX_s0z5s@CX@C^2W830<}t32
zePfW02^YAt&qc10;{iTp*?U%zo0pzFNrCSDN@L#y@|Ja*@2}NY)3ZN9(<z3qpKzSx
zH;;5M(xH?=Wm;PT-q8DS51E`5F^a`|k+!o~d%OsmsB!{to&I<n{?Lt@ue7p)V><;N
z#Gg8-o)_tV^~BUWTK}lIqfgn6m1Q8Jb=n3}>w+e{LuoH54m102D$Ua=F*i%zuLk~@
zTZ$^!PKo|B7t)hxk>^y%TZ!$)*3aGucQEW8W%;dG_>M;DODrmG=T??RI9|w~bY~-+
z26seLgA?ecyi&qog2Sx0+1#TaMg?zfTYZ}AZN2~NgO)ilPEsW;666!gtx-O2qvANk
zy%pBA0u)l1f`F+H)^I8-nkpVFhGfq52L^<NM3CX{t+o?D$;0k%R)~B$Av#0QL5#(e
zoABTEvgc|r$bs&rN*nerE&nRZeJv@)#@_Sh&q@RYuoqRxV{_DwMqZOuDO}Uv8cSRq
zJ)L#g!w!GlL5%-v>mAB<Z<TF=FvLtVhq6M-$-XrwC`&`8IjOijg$~9ROzwH4A+l;X
z6tir~*dO2~X*0Bb@8&WX6@@(U%@gGq@7e*z<gBbr{QLfR6_OS90n`B!LYnSmfJU>x
zCmAp64^+Ok#hF6^(>`?+Q4-wAa{9Cr3V#Ur0FT5y&T|+`%_X6crABBGYlN(7ZT?99
z$|_DNWku~d5GFMb&%pzQWXgc1sktrua=;^RSLlfyV5;|6EMm|S9>3T=maD&ZAI8F>
zNxTp>mENqPy^h%)b0;K_fJ#SpI)6?x&+~sL5K5i>`I*R%ZYBt4<nj6{e#-0Bj-4L`
z$1fy}`+dpT?hSM%t3v;k4!X1ce$y;e#T`XtdstIj`;rk5fAIqNl|!^y1-)TX;W+8|
z6<3>O2!0Vyp;^tsOqUoRn?ABs<pWF@>)sC0fJTnTb%^xq4fYHFP1;3^>^#o1e*9V9
zKeZ4(9^RtE4r7FEC&^?=Sa}9wTYHXY>6-SG%;V_eeKdNG_t7p{8svnnj;gkZlj8_N
zq5h>*$yQFV<?^`NkgQ{j#K=0+^pzGc0k5*W_9G2c*?Z6Pb0tKagVEg53s>>nreWGZ
zJu^+>%qEQt5DtZC)Zimi)LxwRP+k#AP>rb&aE3Wl$TntQ9FTBv<0;<}wzbg|A2>%;
zbwvj489aMl;n)ByPVEG2&3F!2`W}}V^c;@cs4<86;01t|C|qs4@sn>%;@0>hP=#=P
z^NPJ4zj14^gexa#rL{`-PNGhvZpzOV7?Ud<qUuI`1fp(WIWj=V-OcvAnmNAZc6W=1
ztbH58P76xzTERWlV>*@G9>1b;|Cza&{T}UOKN1R;7p=WX;jQT$QM)zHz0cQ9?1h)&
z)%s7!3_tF4V7sXPP56E}(z4mZ;DqL#CF9;5+V3f&Imvj24O^WSegT4y9@73-5VDzz
z0Z5fXUMX|E8|MC@uKs72PbjmZ@3&7^zpphT`e-%1$C)pHE|zeM%JjYa!)kbkhpS%M
z1OHERi58aQi%9Nd60Ue%Q&Kr|v6anU>|ox|C!-<p+y;ydVffW9hv7EMg}QlO=kwkO
zj=@1?W>4d$v1Rb^q(Z}9B>VH7$V%CFi=F*e3_RE!=&biBv$p+ilk-7iNc^N)a*m2C
ztbQ!<JhHaiiRGC-z~nx7TMf%I$!r?3*dRB<*$y9qr?*fXp~BqJ14B_F=y?K@a<!Dq
zfJ$@gjD`^LJ847OeMGQ(u5&V_piu^+!d4U|9!gk!Mb;IUX`}Og+EQ(ZZ($%%)dy?i
zTF7^gZf`v(3}UXIa2s%)A&FOxWl2fRICn}<`LGZM+b=^x*%$W`kIcuqhDUO7)oeN&
z>@F2*EsECJS4+T$m*N%ed(}1ET;Gs5AyZZ+#=2+)7$!!W247a%0L&M6R&V}Wm;Q&_
zWh54>c$wfv?VJ2Q<<Q3UIAad>_-4jAA?`%^a8FT6zjEgpZeCiF=s&#udy&tkh8Jce
z<5xUx$dk9_|A*&?<ftBo^dP#$w$7Op_Uy&3P=2HaSx%P=Z_-9mSlPoOj4<=q+jCX}
zg(7c8f;NFawh0lJO%CpLVHP3D?!aGaV-t`_b!EPg2{RA2%DG}<U<#oODb99Q^j)@O
znb+AV$*l@*?TWz81-+_fh}<E*lGS(f_ED+ad5Nu<utJ}Mj#_R334G29u$&)fve;_1
zc7gnOxY-CCLee<ZzttO$=-u?Hdfdp^6EJkYcUtXtn|gCyO?FG?1P7I6nJn&DeO-m)
zi|%h!;DU47dDSyDun+mjb!TSoe=MDMJk|f>zK;;emc6$)#xb%<cA42T9I~@V*}Su7
zGBZNi6vDAW#vwZ#>)0#nh~miV`}Fz!{!-`hI>S-NIrr<nuS=xJ;k;L2J%~(im{|3g
z=#9$tp<9ZcPZggp0fK#$an3HVczYiZc0RR}%024rlL_sUUVn>SPm_GdmlGQxN#EAv
zl<OCVt;a=RK9_j@Oqe+(SWIO-w41L}F56eaMAYsmUMd+(yt?j>K`h)nHPWmYUtz}c
z`%7cwXL&(>#JR(3V_4Zph2QsFZ+;At-v1z&TB&mTE2=|#jR8!|8pyR|uKTXH9sh2K
z$|Y31UN?MkK(Ied0>`Skbryp{)p^6#aYEte>vgv)?&NC2KU(h>G1s=cOvNWxNdX?~
zDIb!ah>E2FZJGR>BTp-PVO_OkuZA>{Y*A9k{@l?33Eel_*nn`s9InMjD#$Q8Cl2y<
zi;EmN`jt2i=KcR(Y^<xAkRkpEPCxIu$l&GBj4#h7LCaKj=(Zt7S4f=hm8x8X$H^1X
z6?)Urkd`(kU<pkOa9T}=Stt4Pl?y3Zax08MODO9V-Xtya+@Ep7(rl(<2yvBZWi)T-
zo9`}bA?UN_L93fmT5bSi(Uk0eUv+8f9^3fDpBn>Vn*;u)nU;QwJHOFXox*xk-aV1S
zZB<&b)}WmEK>$!jn0u)DL7yQ)KgHY=xya4svkOQi<d*OXT@ekQG^kikEfFc#>t(E#
zbx8Ww+F^bu-U=u<xNmHpQftW$5c8FO(!-<<>k@#lYdA6g10J}K4V62ULhQp5mVAhS
zC6@0yF(I1om2nXQM=D*<HIp9;v7vL`yp9Q$A}g5#d%%9du=^9@yZNJsN*|x{FprFY
z;aF_cR&932m<E}$5fxP{+p)H#^_85sHduN^KR3~my^_QG9!(&ES5Xx)_TQeLk?d=Y
z7ewalBOq0R{HQGV<`9Y&Lo@BX)Yn-dHoUD(x*zrPTB9!gEiAJ&9@n@i^PUpU2C@%Q
z$MTSmox4k0k8<=9U1Wf0*mS2boK2I|o5D!eFw^j;L~fvR%f~e-U9Dq352W3SHslmi
zQ}3I4p||1eUkrbmA`&*mF{+`NLd~$Bk_I7sX-n7<kw&U5bw6R2euIhVm+F2%D*L<m
zBqyKmuhq6Wnd(`p?()z0Cx?8H8S=?V#+YhEb(MTLmTW%s>5b&o&3-xn=rxiljjuX7
zw<Mb$(y^e*_EZzPF-M{5S*%q*gPt8H4F{?1`7;zeDHLYh4OA3%Y}*OaJ!Z}WMn(K0
z@6GN%m(Skj6)MAjtMB3;mk>#m*JaB89_z_F3Gxq<ELfqZymQY<NQl8isKE;HO84=V
z<Qej+^V;EBG8TE%nTAHr+dbRAh{84v&>W!sCOhw+%=G^K2bm0`+B*Lm{Qq}U;Dni`
zN9SDQwf<R6&5_m>vTm$_lcq<K1>bjdd+$)-Xc@c#X99H|7R%1E`#YD*HJ8GFkyp;w
z)@n2BSJw*5OB<Z<C9=jWHt#=$)L=$dSasAXc5ZR3NVSZd4{Z;D&tW=yVQ4^<o@oxU
z|7vxiVo#>mVHx}>W;yF_UWf3(pHB&gVST@QcpwqnNtxSx=-=ANA*^ELnESERE2{_r
zpY$)A!d2Trg+0WH>ovH7uDXSoPC}+s!rQ?1`utZ)Ax4q5Kw3;YThkmROpp>ZOK$oN
z)$)vSsAWG~GW0&(W_ORzLY{rh&`EK%wFFYWcJez#mfWdn=%o<=%oK5ve$)bAvjVT~
z^;nKh-ZGC!15t<&+K5ipa|?f}$MSeStnwJ04i-`F-F3=lLmn}B5@UkzNn39+l7&@Y
ziM*yp|6|p>yyN*y6s{Qqcz0=|=u{<Eyr<}d&1`&ATbGHJ-UJ)`Vdgru+*UZqgVY>V
zTpQ@!?Rw*E%osq@BTl1=BE3~izgsFX7uB>PPnz+BVSjKTJH1<Vf6Kp*u=<;1b$<Py
zd>{h<EW!Eh|Aj>zmsAXS*+cFtq(l+|(zY7W#n5WzdR`51Bh{Nt+fB`i^*{-J%O*u1
z^<APmPcikk7D#CDH_M%FMpY6ZGSb2QMg*d)IGWcC8R=2D#X=34+_|y!_5N!h`>f7m
z<OeSCo^A$|ci)v_sYZRNX~7I%eM6@3k6pmFp?droKx@{RkM;csIfA811>`$~5-Jw>
zh3b_KavHdu(^K53X!X_@;JMNDo;F=2=7U{0M{59f9LGk)(E49Rs{FG-n1dsm%>Ql@
zPoouDuH<QGD5WVW0s<r4cfY|{3l&gvR$`w2N#ph_j$JR;=E14YI^$@4Kf3bru3!p1
z1ejDNBy$7G4IN*dD8*y;+i8{jR&nn{Bgw6y@%G%8<FP8~m(|53uM&#NaU&?>3G($G
z9<bK(vE^A_=ct;;G?G8kb^RG1txn-fc>B$JB1OY4$0!wCb-765H$1%Y@pfJHb<a$g
zOe5BOt(RacV8~-Z_lwrt4i*04k?4D=RYPs(4-5*G#fd7kF2yd1rl+}6m9AQ{WpB+W
z9%iu=8MksIx{#<&13<22dSd&x3NU7R+iz%VORH=MXS%ugPPQ%6^z&&XQ;>NIUuNU1
z>#gBRSF2=}LJ44UQq;Q=6|0)R{V>D8{J<>_oMx^ew#T)o;c3G04%HYkU1P2*1KRAG
zcCuR(Aa_w0(Fd^KyJVG?KfjDrC36>&Zxx+Yg0@SO3X#!wF;~+ShL;?meuEo(>myxb
zQNr4}$W|>+lSnu^!_k5+6;I#Tuc+CMP1n%Tg7JlF_XItvpK^<df3!In7r_#nJKh^J
z#6Ld{7{p{BvVSJdFG-2Zft+WFPDHp5P=x)57~fITHx@;An%t|NU$$Y(6f`lCC<>=T
zq$+dD{1get7Y6EWlF!OvjZ{{*Auy+gUtl5i;3BbE7VjhIAVs8!_=4FJoiv7U6xgA<
zV7-g<wFsL#@t$pbBemJ?;Wz^&pwdIhrxj~J;@fjK`sxudd4CzklgCg9^IH1X*)DQ}
zP-$MsQXLcL`o7CQtIZ%Xaj!{MXPBebu%dR>J?lW!X;Y<fh8U_WF(onO9@aVtdOfZ}
z`^xcz6VIz_0l{`_&6`3(*K5Jm<@ue+;|6Vznan17MbsES{^RDZxe{#nH5zQ4;@9NW
z-YXrMxi7nVFloGWkr^=qsZL3<;!&u8IOyao;OS15o7RACjQ&=A>tSOPtECpDVE6N8
z0kDH&^{863tD0>5B5LREm-+G4g9ly&h%4(SG_C4o9!~Fc@=yXFQmj!kRo4plZo(c}
z3#;LYC^6^_uBGOauKzPt&euTHw9fo%fwljIDYzW?x95Wi#cwb&CvNV|<*XIY0Y7;E
zfI<;}bjBJ6U^!g3RH1dQUw{F7*3P{c@PC(GUH(fk>N>k|Ma|S5j6@Z_*#>MH0C+)u
zu{HUc*fPI|OqgjrP`SnNKDA{@=Z$=u^+2A|a~9YCv0o0ZqE*6w2n>3+=fjr|IvIk3
zjuY`U!x`f&J<?kGHZRNmc7mX1h4a|@g6XQObgT(fq6<Ncb2m8HS|@a3Z}sT!ap<$(
zir6JtPQlKjLg#RrC9LWIlL)PKvLZoPUs(Fg`q@)mlMO}5e-MX%khj-?d10J~K123}
z*L^7^EZJ*A;DGkP3-ziLQn`>1!Sc%kj%k7f0=M|vM(@6q-agc%mD-7OcKMj-?*-;b
z;{yTqe9kpJrN+WQNj;FB&1gt7#aK{z;&YMw@?vB-F?FiqlS==~msG-@Ht9Rg*YR-L
z?2vw8JlN-E@m@^G<=6HPbRLVaf|W7;waEZ2oe|;&N;adV!5ACN1FJ6NYXhnVWv>cw
zy0*Ww2B@16TgWL)Fp=%-!eZZ=#{(165qM57A`h?IrIgo!G3M4>7Ue@~(rkZAN#RtX
zkcU4E>w;K4)BZuyg@6%c65Lk67Z`*gnd42izry;t7g>wWimev+Glbc$vRqX{71qm+
z@8P}av-{CG4zVt`aNAnpG9=yUd9IHPXmzk+?j!~zmd(0HJH0*zw0ei`>q57+x~uvo
zX_Y&?($|peG+I`qryLq?ImPak*{v~wb->B8_!VkEV$lBZ5GnjbAi4<42&d&9zIwVT
zf(ktwOh&06=pi~LNwk`^2&LwdUZ;}~wDdZh4(Cd>+U+`Y#s>Qgw3KpuLr;?Ewg$E7
z{unDM6?%^)OXCo=&17?ZRmxBp#Ila?7UY7UCuz-CR{Nz=t_Qf6Oy79}2+dh2dN4p(
z;ZAe|b`aUdF=zh|^10Y<ml;d1po>t3vEf`9kZ6xw?<^2d_6Eou`St-C%|n~e*#QjX
zE|Q-|sG;E0w61sJKf2v)7l+PhmNt3O<6_%tht32*QZ>!TU$g{$o)J;BLe`dr-W#3<
z>~&h4Tc{YcmKz)cm>%`+K<Q@L0(dm&Ma)RsI|yrvO7Dy!h5#*wI~^+;3>H_S%YCEL
zC}M*MP?LlUuFpQfZQU0oSgVe!g`;h}-SP@#zNAolNepj@etUwEV9q0p64)Q9cIb$9
zWa+}8i|j%h7PtWE^)`l7$1|+s?fHA0E`hk(ptg;~Hu@t<oLAjxzUuM^6XBr;@{b6e
z{AtY7a<>bvL4}NGNt-!_5*a^9Jroe|MQR`<^_$k4K@Mrm;R+oND7snmXi=AE3<*vw
zCbKnh5qwB>AwrD!jJ<5YVB#C^G8BshL~nGy7>_Qm;n_3o^SVe%qn}NW9q4qrt}KNW
zobqxe+auTtMyyQ7?k77g;wIa`78SBO>^CP>fR>xSd0g26@={%*)DnqU7`6|)D4|IE
zyjDe>c-0NrZVEd#`jG5kY^Jcy+$<z2I?Iq~9z94gaLDB8-o6Xkcz4VnZ)a{X`Y?Tw
zsm$)j{F1uO7Ns6JkEAxMcI-?iY4`r~4<eW3c;cWx6yR6y1OD@XhAMw{{}x7S<H3-B
zSJcD1Y5WbzFFi=tbaZ3c5|qj_^oKoKPUr)1w`%FemWH6o>g)@l^CC@gWhSr=sNw}%
zq6U<H)7Z^tD2)7X!0l8ztzBu}Y1o*s58z<Aov*NnJ^hkCF??u;<BgtYe(E)K(Xq0j
zP{iXR!9=ae)Q|P3ZIMtkHiC@_E)9p%Kk)Xx9Tk~AQS--9e$CPSLP?0l%*rBDG=R?T
zPQ=d6#cRu>L~PJvy_-#-)fYoxzH-Z1hM4<FL{@7#%6Ew#^q!lC|8Ow%1FUSiH>4t(
zh&xZ!MA42uJECL*m53;Bt$xAn`(?(Vm}$*a+n>4CbV&5A4;_qDRD9Vv&qaxKo!@7C
z1SR=|P1&SZGH?4sx1>q;;Q|5`ahY)XAznqmui5Mj7rM(r87&$BqmAghLyif9D&*tx
z``KVx+(7V=iZI+|9){&<4!yw4bDTH|t|(+aFL})kwK*g>DCJR{HlV^Bq|alfgev`X
zJDa@OvP95xq~+cxR2go7e!55R_=SMw_D*lR-bGTT-TEVbFbC5)U9$V&@Nl<!Ek;BM
zmksONOj?~+$Tl)BX!y1tys8jPJtvv~wATriH*-$D2D=SWTyJEN<HFu)Za%Wv0sX3f
z1k6W;EEYc#a;)tt17G}lvI)D3L?Vz26@EZ4g%v+;PD)IVAQrXl7L1`IS(=nqco0Ce
zXA;jm?0v4SIB)34&+64AFZ*AT@K$w=X*LF)=>F<-Zx@=|kW{HLERAeVK$sZ73Okc|
z#E26Doin%k!!S(B_om+T>l`-XPHBz{%sDbdp@V{T{iP+vr*}*)lJZuzSE$T(?3kKh
z!pSeBUIz(V=v@?gTo$%&Q#<HnD7K#_&*64YPkvO`>JROx>7L>#eO66+I?K{(x@MpW
zC<Sa-IO3V|{kiJS;-tmA7~27wY4IJcx>-lSgnv@nn;R9juzK?R@|)nQ3-du<)Ebj(
zf<T#h*V23!>2L}((&ePFsIv}17q_BZQ4whR!l5n}A?LVK`ysOo%Q7RZIf$rtv(8J5
z9zR*Lbjj7W56W-n6j>GDsUh<@D2MSHvrn4s7+idE61CHj6J-_uV-0FJGweG9osiOe
zS6*Rvo#V@NxRsMUYDrNa&%$u(!vBlpRe?j>fDBL1C%&B3MtyCo2f|gHVUBe8qlLSr
zA6H5igX}CM2@>&rcg&^T=#gybMQs^?YM<*D6&?`vw{A@DXpHkpaPXbpGiNz;QtH}V
zDJ^?khQ6@;+V0)^t~CFC@^%CMufe{bxtV$wDQ<8MH9s4A@jU~%CXyi+gZe=;#_aXC
z&)3xqOoV^VF3t_Ss^d(E)^_CcnP;hfm`!CrDZq<9Sl6>C_P5SR?>z9iRwvESj(Plk
zJuRdi9X2RSf8O7Aq3oED?{&ZWL<uARRj8{YucGWR^Rh<^&fjn<+f3fTuI_^%YI)+u
z>VPBYzIJwfYu0Nge|v$o{B(W=lmwor%cg#3EX^1D(vNGMVQyFQ)KfbK7(0^g$8cql
zC#FW)GDT=4`2oLk9Ja26b}iQrHbxv3#pI`LX;8pM?4l1-IK`{;G@L9KV;#Sz2dHNf
zo)~!1N`BV87j}0EOblqhChr$<u*`~dYvZIdYgV>0pUoTl_FlAe#u;|mi>8y7W|y&H
z1iHDkbP-6sUq+JzHp>$EBA9$eBR|iJ$mx3LX{#Za%UjrOyVTniS|)u{<j=`i?w1N6
zAk*SKt(H+^#m+Hk;t?yOsdl9nHUt!!FddXFA0OM%y`fW4%8Rzc^U~ImP3ZWU5HAK9
zX5pv1C2RV0Ki7_VSm`*!cQ=6IdrhA*0m<W{SnpeMR3@Y=mqNMO@;L3KwZcKKa`7o(
zIK3$u<lS8gm8NU~x0wuI<21#`655=s<k}F1=#=B7l<pMg)do|*WFtO0t|df$wpBXP
z*SXjvSc{7gPDqhZ!QAUGBt6`mn4&n!G*owzAT0CO85vRS4Ptmtmn6|jXqiqFdlyw^
zbSrE^RglE`Bc6!#iNQTCv8idpDeqtMd_@BcGh6RpH-4>@AWyfDm{31}R|m3}YkGdm
z(64!9+Wq`JVSN<G#?fn91HKUY@gF)W+~Nu2ms2i=^b{!+_O6dZYh&#3VyUiZT&-fb
zq@y0{S3Gi`D(^_%{_~n);*aQ0^hPp{*LVHe?{~=W&Z%Nbd|(_!?Gr5<zCGy8#H9j(
z2eO`jY2+1_kFU4wQ<~o~z@8qxLIhvy-ym={86yK8vV}o8*IJfozQ#ly&!n{dym)r3
z>)dXEIqi_`5i&uhd|JIkU3`rm+j{Vu6Dk@qhPCsk>^D6R4)sU@8BSBDJVNs#=ap?+
z_5HiF|DAWpNgw@#2!<RUja>*_CR}>J{y{3R7fZvjQU_b!3mjw7y74ov$oY0w#a~Ng
z?>d8!$gG3&e-KFw_+|SK^27BvFOz@gKu1<H_5x^r13dmgZl4;j$1jt~uOBL=9~FXk
zn8-rLtWQz-t3!XjHe7$23FW;8jmWC7!DSC&|1d^OJw@|hVja3{@41-1S5lWbAyuH|
zD0wb<9LDer6R>`MbaIVEE&YSgoi1S)$o$UsPp`)623`gD6ArPGcTf$Ue<cgGR<L^c
z>e-KT1<9}Az%iDUzFv*WJ!C=KnE0oR!!Z1ogP!gGT$<-5p9!F^>1cc8=unBR{+7Tj
zwF*0b$eBQ0Vb(6Of@O_E_oku;97=`bR+mnh!_yOIYov~k<Q58smHM-|CBFYcGF{bL
zO?g)pzzc#%4_4ynWl00er8nygY+m~e!5N<pmiJrm!3xGIzYVw+1Zit>^pV)?chR)o
z5N;@=>oUhV6sG|+*o;Lf<qxRBOlE~T)wks5J+ru3PdT;4%G|TEKcLhU(Yk2@Va{&~
zJkAN;l?ehl^Da+HUV)UyuHULK*Z8BOV08iH9V?!hsjQ8<8X@Yle+bu|=j>{YQO!Ge
zW(*loje^BDeI1)<1{r9zLj>1Lzy>C8KUbGvK#`)}5=qSEeJ&uZ|LouMjt|w4xm=yw
zcoWVrH`arp7}V7O<TA66tt3}o_u@@(qp<*&s{gdQdNU>x+zbIOBTB!<eq|MKh9LsJ
zE`~#Q;;BKd@<nd`o|Pk1!fqO%bD&JWDsB|tSvbSq;NUgZwsekNV#q*z0-r1IEw4W_
zhOP$9k#>9XiHv;!h@+-7uT$Qd1E+WlBCa43&Ro!F3U}s*R%CJ)N8B-BXJfddR>Dj5
z$o{)fnVUkTP`wucPX{}o6=!h;^0g-Ru78}e(&-u|GC~EByq}<bTI+SMRX~u~ncuF=
z$z=>5q(XpcEcI2;$6(NCQW$F<57i3qxX0m;{6#fGv|7*QKgMa^KZb^my!okW(DlB1
z?8)VvVp&gXO9(;<d7X=eBJ)V%A$>d2gvw?dEX9@3GG`Lw>Z13gV<Yz<4!3^uvq>GP
z+7ra>6!Y6#P@cf}p;j$}uQQ_dZ0NA!4Z;DmW3`De!L6#?@Y$|3U*Li=QE|Gpy_UGA
zOkH9~zzJA3Noj&kHX5$KG%{;BEnMQvZ?%WIG*rSQkh{0Zr|G2P@ABu)_Vq+?(@)by
z2Y7<WXSK1iqK4SR5R8>@f`GuND8?C%d!yT?GSGhc0R%k^Bsx`^t`BKB{sVj)?i4O<
zC%Dj$Dw*-_LS{Z^BQqe^{tVL}kq`tctk0y0^W%Mc=XbUC;H*z}3_<0Grtg#ebJPWA
zTel&qU!hz)Jn@SN6v`jwU^b(atW@J*hN|l!x89hhM;&z~zU!k$MdR5cv*Igi))VZ*
z&>$y?vY-9qXVzHl`9?rO0t%`<w!+ovBb2DRzTR(Qu5ikSY~vs*YD`{wNJY{gJ5rNK
z=CopVgA|VV24WWCyRyed5)H3OzY>?o{DiS5iL3Y`?@)1r13bMsz7pmx$*Rsy-KPhh
zD4`jZ8SRdGQIB;n{Mw0Ld{H8^mrQTMfaB|EzR+VPbghxu>V6PT2t3{h_a@H7UpGQ;
zT%}R!Z!?w;y4}=8OB+B`lO9XD^a22K*1uftbSqocEeweD=kn!uSoxnmclWjOpYKZ5
zQFAec*3_Q4W3>^`Z!;yXFA9VxKY;5tsch;_(>Tv9JCZ%gxg8E&HvWh#A!e?-EpFxl
z+)ZYb>w`2VB_1B*;+6+4CMC@EI`Tj8Q7#>ffmG>P?lc0rYD;s(Q>}e3<fYsr-d>qk
zqYCmn8b~?%_KgMff6jKb(Hx|1uQl9EnwlcS3@W!>KQa6{u+j8V{x(GYL*Bxa_!-p=
z+$L?=!<B!11SRl^w#<V#Nxd>3jS>Jwp$8<a2@yCx0L8m7M<12ovULEkG8%wX+;;m9
zS{!PA&@V5munY|!CjDp!;+x(1)5U{p6r{ed_J@2B%M54Qz<hYEe>2On$9{+CHh&$p
z<sq->Im_~#y=itQbwB9dgnhYm=IlsuA2r0yT_1Ya{7hFp{kU+ebCq=+{tvPg`Wuwp
z0bb4HGADBr$82qTY+k-VIAthPQTT7+#WqxF9t8fUh=X+I>%Ey&phJtbIt#vk?fNM!
zWo7X2S@PxbRob=w-=)>R!eK21b5YI7RtTK37Z0q*X#3ZD<~2@qm;$dj*D#?^puaK1
zQfqE)IwS$fyvw9Zzf(Esh1M>qN9=xkFI{HhlI{bv4btGLMXnAsWOlpd??WIo>^i8v
z%-G!?`raRUC>O`eSwf2c9iDM~E>>_&KqL9`e&REZ{9iaD`^eN-{es<qrdb-X<JRmk
z2gY~#9o-3m()@O(P8W$@ye$zew6`Ke_Gi%Ha{)wzE`wS+L)d=xFCs&)eY3P2m9i-{
z{&Y`9Xvs<@?+gj;@0k7gZd+<G`@+7f$)QF?+m!@eFaK9>P<8rZPSaB}d|G9n<aBrg
z&<8~s;BA?+1Wb7i-tT-3QP)`4DLbc)C*`g1j#&BkKkqo>MrP-d^!!P`UGv^>8i~gJ
zc`eQpmr%ACh!geM<wS4%(B8`hvR%wj5)2b3Hy}~?h3@+gMm!i@hLy6hImgFqDE?mN
zn}*)!w@`)o4lVlUxO;!Uq9Rf5%)w=PVz)oB1|Tz7`JxE9GajKbEP>>{VAuWVhAaeE
zrr^M(0j*X?zidIdt)PRpGUm=u$Cb&gO_A}SNP@5<2?r5W7=r!dFA0X9wG1(f@Ho#9
z!_8@tsUfsOqMQUtI<46lx@{Gdc`e$$gX}0M%>Z()e3Zq%TAkv<Oa9kjXUYl8tgw%A
zrs%i^1=a5)R1~%yK<u2oidM2+dC}_&r@x`N(iIF7mevCy-9w}kT$WZ^;@9i#xVUoW
z=a!`sU_n()>Yhj?XgB5OB_WDc=UnRf@&u6ll`#>_e`z>Mk`uFCSr<<!EnhK|_LlN|
z4jJgp@76p|?wq#Nwz)|A&(2cpNhV&f5eQ|lxRAfJ3(pUNTmZ6W6EoybwKEWoQ%7Td
z6WBmPI)*<CMZUS&Y(**&2<@io?$?S{J7SL6;Atm?dOk`I`+y+oH<oTKNc23sT!a;C
z-a8}LG3Lo=MoyT#>tn1^8?>~I8^=6MR?_-Drg0ZsJ0F~`wjf16{PXHA9XUZCiMQ;s
z=eY}Ai=&_rO<gXqGaX5R#t&pX${@gmZU)+c;uTBnBAr~$@*V9k>V*sbTD<D6dvmAd
z0RvbtVVLA~=wnIrG-KD&nCh{dh|?@-yJ0tRKYLwuxvM2<d*#!ELLI4Jtn~;`#UMP8
zc394|E+}p+5ujo^UZR69yiNR&_6UhJhJD{-EZ8GwWIJTfWwA1&-(=ElImBBFc}V)r
zw(wjK7T4C2O5l{bqF`>f##+oH64E7=sPtm|AwzF5JZH(17`qIu`cD0P7!;fG>M?YA
zA7cCrz&#+Ltk7^I<%qWnL1g`>XKG^0*Y@EfJnhsv)vW%SMJ{=&^u`{v!kwuniFsxf
zF!rav{(w%A2qzy~tjkD7hK#fWCOd-pKTT1#MWekxaQR;_w{>WT4b?Mz(X6PPrM@G2
zT)=FzVHz)ZJeUY42<ciF;vGg4Eu0HN*BhhSPKWF@><$x*OubhDjv0>laUzxL)mm*$
zH;Ba<HG`~(6s6f$@R)$tIp^Ltkb<q$<-QD5*=@09dJ-lvSpljn8XZiuSsjzx;PX;g
zOJ}kVCz}S;7L~KxZ-HQBQnem?Qep+1(Q9|cAV_AXts;qn#1yXth8T$CUi{~Fvmw8F
z%HK+BX)nF{eU^J^DRnBUb-=%TI`|GwH`SoiE^?_K5^fsvx!8P$<vuoAnpkuo^$$bw
zaV9FP6^|l8o+#IvvH|;Rq@)s6HeaW3&HH0it-_hNiZ_fRuJ_03TkCh=G~xS=W1>3g
zz<p&5<C;e0<MjWO+r>8fT5BYOUrLBAF3?2^lu=70XCz(?QJNA+f+^8ruW6#Mi@^QB
zBJ{%T^omN?kmvM=t8tL5S0&7fYNSCgu=N$w>0cpkX1hP(ih%(*X&(uns^!R@#q<tV
z`xsUAuk(g6{ex)L)=BX#b!GZ9J<6+?&TCG{s}tgDOghR0YWh)|#GJ@7A-cjKw~Ze=
z)uV*oy)pD6YwsE>kf2P*+$4YKP;G4~Xn&D)KG#y-yAl=PHp*R39+cKrg;k8><TQM}
zZZ;Mm{NcI80nyq(_C-y1I&Op{4orr3k)G_bE1}!Zuet&&Umo#}s$AuJP7rWlW#SR~
zdC8!>hd8C{nE30b>>VObh%W-kjZ3U+z-El=3avR_*;fcCO942+KD|I8WJeYhYoozy
z`LyTbvzCUObEJ`<yqyCAZ?ynYRmHnsUFg>meuA+X$agr$MY}&Y-N0GN?Qps<>seiJ
z6nI)1dg|Rn>_`>+eZMx1phXIFq2RsLw53<H7w?s%w&PIMpz~80=#Y5TO#AkS=hc1z
z_*^#oyO$`R%0$u31jMpl1*YWuo1ldAQ908Bj&K0OY`)@+&c~gL?hevSL5T?8lPBLk
z2lzK!E5BD3VY~n(#A9t?W>QT5&NbVv(R7}h^74O4!xrkwXMBr8e;p&3rsl`Y&W&|U
z$=9K(Jv@ztpXpD}gMJNosf^7jVUk(LNS9Rk|15uW3aSnu`!y7&I6+k!TD{ql{0^Sx
zJE<6?7(_%B-gx(8jjs~I>a^JlWhir9r?a&wI)*R4r}#Kz<~*6CdwOc`VjOc21%hJ{
z(T&QJ8e2@W?(eSk-q-wog&)aU1{hYpGl#um-d4!_#YCmkSzoq{rbc(mn|!$9^Y)Pq
zXGO(3g9rAaxh#MZx@jdEngqv)EfD*36>zJ)I{Z;;z1_Ae^_$SQ|Cw7dw%~qc(t?y@
zY<uO*VUle}s#r_1nf`N>2kR{J)%d;$$H!RhGP4V<s|khto*2F3|5h*NWV7QI21qp=
zcgL6LZx4L|pMs`#StcLBcvJQxQd$?jG4IC(I$w=SXZPAkXv^3H;PiXHqqrjPV{Cz^
z_HK}VD(1C%*4A8*Qq1f|YAXIC&3+Q6Gg(}?>%Skrp0y?0uD0LPL4+(KZbNr&fK7rc
zrTNM&uNU-occvA#*hHWPS_YkQP_p=3KiMNZ92{ch_BBV=TxRnNgzRTOTAY@MaChHH
z(n}R9ZY>3jI7Fb7)oWLvPg~>yF>!`3-t_`UH=Zs8ZTSy^n0Yz?9$oa$^U_jWulG*H
zD`LGs)7DFmlO)5F-RZ-y^xa&8xI3tk8(fRPb>>a0pFV<%A&1|^?yAe3Ux)x!mP^NU
zM1A$R)g}NhAwxpsB72Hdt2UdY>oU~2RCo~;n;o*W?@FyL^Jy`4i7>m+6D}@%r&Ktw
zg~Sh3fpl*HB=ib*{&?@<i{SA-*+>>SfWMB~8n9hbOk&BS@FG>dzf<V~x7tK!Mcd`t
z5g*Zg7FX$${?e0aqNRh40Z&9G`#{CpNn&rVt`#ahq?{@nPd2>JDSkKl{>bpS9^NGR
z7OSP%LaY+07SA0BOGQ-z`e3ElF5s5)G+04PEDu`26xPKX3@URG0nShAIRbQv(gyF*
zTUEY~;^)YpW)7whp_fa+gMk&Ce_lSZQo0@N=t#ADfa=z3V&(K0RZ{JgYzI8vrg7d%
zD5>pMhQ8kBZth%~-<`~ond0a&uVzDoR#y)4Nkkiab-G>gPf<~KXmk{Z>ol!83G(!Y
z_p|EY>rcf~3Aai|qzxKPb1^il(s(~I6*+(V!dn?C=<DK5s`BFpy_WURqTS1i7~8%?
z9?99mf^F6PkRKQs_POeiQPbQ%Pn+ek4;ubLn+9a<*E60mo5*(W99@334E^NM_z%K`
zwQx@k%0ENfHw1eCj8B=6a2U9ldv-ATWu910tw6@n*O{o_vWL&q9e<nB_kPU*rF>yV
zRtw}`R#wG;W}vC!IXJ|0bt7e5T9#z6p4-T*vlj}>D~kJyBVoxN0I%~cXmQ!G?c_oK
zOJY%ul(;{I_$?l+E`OKBes!{LY5fj7JHBS=905D3e~|0+!i{Xl<mJD-O|zFVjlpVW
z?h$qE_`?cZ1vg+GYlYuoKH#u7;2rle?M(=DwEW{7x!(zxK5k*tof~b+tUeggOUDk-
z2&xMjChX06KP&~_`RBZNeCaWGop_mod?$rX-$P!f)U{np05UZ90kZwlKQO4!Id8qK
zA$5Sos%mDL_1)&^*(Yo7p^Fe!#-*?X41DK+ttAplt2tcAq42Ezl5}fweU4{%w0XhG
zBkgy<KM1*HVibdcYVA<{*MOEwY4}1c$C!~Lj|Xj3(2?2tE>3tkLyeA(B|@(4D^i5M
z>VB<c|8Go?LF{u|Bg;d^TC;tJxL2M=1^PpRd6nZECo0vBU&8z-TQ-|Cf)dy^3(!xg
z)kNo`JMl^2P_Eo}GNdnUwD~H5@+l^R1TNS{Aye7fZ}I$_p|RLJ+v%^?DqwqxVe1B|
z30&~=C_V*Hj916Hl1SYAy<R7>98h->q}OTmgQPc`)?6IB8K-WT$DTN9jbrkk#*J#g
zQTBsnC;EPgr^om-#y$%z)1}|x-Ywf-`ni@<!L2}fv<Qz>GoqTT61?;)%!b^6U@on~
zREh<AEiN}@^~YvKBlj%;6myM8-K0U2ku#M5*u%uX3f5NL1zntACnhq*Ls4NlO1?I5
zW0iW9IDfODG9|}*^$4uU3h)>nYD`r-H0daf{Q-Fj5=9m<q4v>!#rkD>Wpurl=(?ec
zF)2$u9*qOT)PW<-J=LiLwrEw9tj(Ih(~KJBSi37j(CaaOqYn(?ViUA_>tx^JK{JT_
zT3+Ab5uxo?aYH5-2e`kOY@`v8$UUeUD&B)y^*K@KzYC|<H<PMcEB@&vZf|89WB%5V
zV~JltzE+@uuXTuq*N9;}Hi*#BKDHn@U-c1_d~I=2Z{*rIV?4AX)k&N(fxO!QY_;s3
zsaUDy8XFqgqPM;nPD!OqPx#`ryvE7(tBiv3_8G}4F$op#iu?R!qagdh_PU?1TuEx=
zQ9N^)`FjfXDHZlHaYK$jgyr7l&NAf)TWhov`*hTv9U<FdxC17ou=c%w_wJC6dn3V5
zzVA_TP-=z)ykUXFy@zx>%_{myNlqZm`71|ds-;SI9(Qd7P&TG<DW!dsjY*a!29?#Q
z&;7_M4s*nsnw&>vg{v|xixL&sRNd*bd_GP0%5pkG+qFqvUXB}BxZ7@pNN|D-$SMNy
zOOwj{Age@O)eKa9{tI;F{|Gq6DO~-2b>a8}wxKQ`tHSY4L9WUTf*`N&67}#0&B=m-
zPv-u&+nP5@1MME$T(J5&>g}GUuSu$({09M@o1$d-{BPRn^r#EIk&D*qJvdS0VKGQ^
zXi15KGafJ71jsxz1`epZm$yK1NV)T9+yzLU2ws4A2Oi<AK2>|;m3oF%a|h`ZV<PDJ
zM6+ad6j7pnEeti`F@my9GE1honmOItbc3G((UMfOC&z308KsDbC*k61enm}NJi%%2
zz>KRc*NDmj=|&0pt<pGdvyqj+$?)^RMM6A7F(4gV4&4S)abo6b-8Vd~tKlF`80Q<Q
zS#7!#HT)LLwA}M@0K})1F|>duxs<2XHs)huj>8S)_&p`QZJHp!?nIzNi+YUcXY{|o
zY%i0(m`N;?v@sC9y%9@sX?f~1`~NC}G{&5l121^vuC35v*KfU<kZRe4FLtADrJowU
zF3~?38p0RkM!I*@acS0Pw*sopXE&Y|nL$80jvJZ|C*?l@f^QuV`#|hS_4`mSp`X-H
zD7L$Is6^}FuRyZnwcxd>N&}?Va7sEajs)r!>pV{sS&nJVQ9zHA2t<3)uKxs-e&}A{
zCWfCwfk!H-JuWzEIda<~MXi6KiO1Zr?|G~GCr9uMr7YUD9=-Da97#6CyHRI_0C^Pf
zgTJN`0C?kzkQg{Ghx?U@%mL`+d{&GFMyWD7AYgjB!diJQ<ll;HaGa+T6h8uEtd!@-
z`ho7g>OP;wnS?p;Qp}nvUqV%epD_4CA*Si_#Y=!{oAXBe-sbc{NrgVSth&^_^Z+mP
zjo57BUx`gkDd>^Eb`5gDEf?x--A6C~it(2GR?Pkf`PxxBc=2rgda_yj(6{f;pS9Ls
zXC{}^C&AB>(`PcS$&jHz*JI!u#pRM&*nS7b@p+Jc)7U}}xZ%E6?O}{5tWKxDR;5B%
z$pVgZwt{pX%HN6frZh2I_dR6N-B5!=qxA#)U$~YT3ulZ8e_x-6;3V4N7b~shGaY91
z2oG)-SZz<by`I&#=o>l|3E7bvbnJNS=kwK<Wn;XhKP7-4#6b741kDX<yy_pH*1c?!
z)VSyKu$1@t=S92_tM`PwH-A1_9NLu{Npks^z`xq=!sO^2)eZCe)UN5nn2~%>OX5>U
z0Z!t?S!;G~nGYfyFGhh|1XZ_)7XZ2Q!AMIY^w*e(;)2(j0f{x1lYKWR*8N`Z{tTA>
z;Vt_AbbppIkc{-C;&fLr^6(V;%Ek^3#*;_aGUnK+ss9vOu6ty3(IUI_{^zfRN-;XB
zRPMzxHDCk`IfFVR&Mhh%Fpsm?W;aHE<?k`U*bi@iY4+hbRR9Bn(wO+Tq9rydVn*|<
z`skRKG0v$NT^6FXUFJbtXl(E25NfMuooOU#-fkZy3NbM5zOOEng<(ylPx{(3030Xp
z+1e>T+=4tP!e?j7=%>B}0fHFD6^W1dmR%q7a^-16rJPZZfjpK#XqyA#A#SDBF~}D0
zKvJY^aF|&CRVvnJE!&0pFTJtTuaS$Yq;nqYl{chncRbHadHO@oq?v{`e8VC^wzFgp
z6H-$-&z`BYt<K-dVn4|iFm+W#+lkt&4&YaQV}ILs@N;m9jhKnRpZCeV-l^-ACvUi#
zzEle&NQ-45kW4zvOXX>TlZJf<R2M}#KGZ&&&`jayq}S4<6KIiM+^tfsjTm$yVK3#w
ztQeu}sg0PBbzU2~n6;g$#-wFW%wLw3;eB>c1_Mqj`J+q~xdzzRxP+G?A+yYLYffFa
zlu!J;xDz)qQEe?;=gPN_Oe+1oFaFx8?Ueh!tSPOS&W8&Jgb&znY%FVcBTVkX3$b)7
zNVn;Jp-}>0gECb(WWuF<5)}cnCgUFfTBX51biFea21Wl1o$_Fq-t>91WAV7=K394a
z09g3AGksbn=WqcG;=(`?WCOXb*P-{63B{PA7Z%QDikrzxL%f;2n<fD+h~8STw;)#P
z)s07iG^<~Jo#|_-)CyJ&pl#HBpz3Zovko1Pb~vORzlte(+LI)4B@+!yH_$CEAvsK`
zS{>`(wpHB_g4%Hv+t6yi^Ac$9r3+}aT<wbuGify>YF2SqxU!<%6QhW0&*p<Sjs4Qw
zahU&$!Gpb7uCGSjzGig9xWg9C)n2As6z>BPa#REX%f1R_cj*;%zpQjV8t0(kGS^$w
z%y8LIVdX(vU^fp8(_U1|8`jLK!Di1X;+Ur%Uv0h>uuM8G8)Vvf(MS&(S1m0~nr!Le
z#ALF9YN5$N1?yDFQgqPSHILp5O-rogn6vcgGfmg3Tw_Ves+@2Lel{LxI~8mMU?Ke-
z#SxtjTENYP`@m~glwqSX6P~j4mHqfbu7tx=l`%B2PsEOR2SvrVy38{SE|mod^*Kzc
zh533o@0PESOsU;P-PKTb=paGs+O)Yf0=ewwJ&`j~2xv2AbE3<)RMO4t0t+5DNJ(#F
zp7`5YN~Wpg(T|B0@FEl*px){XNr9Zui+CoYhTdv=FRlRmBw5y08ss$?cvwKuX!mY>
zln~i|qi*xb6nG?-S!`djJ=ry%jv)Fix>#0?e>Z?=>gTA%Sr+aNM3yG^k=-*E*cH;(
zb<MC*W}xs@6dw<LkCBEK*6{*_)J!A0ff=oUoOz;**o<)Z<A;kSi%1^z4ZoupG5a}n
z+Izj;NtGbdsbTbrH;`?p>cgAQ0sRm_N2%1W`W6#}7!1L!;H^qp8(d`mvb$$hVrh2K
z70dZWYf{ysJz&0Q@zut9*$CZUMmpv;o2w_^m+9|0FA@jPLMN{!at8-)ou$Jc8d$6&
z;RLS^cffBccw&#>vHj*Cs;=dmvCcYWP?U>spPIq~L0I!H9<yOWY)C&ZBk}8$6LVuV
zj7-7amp`D!M2@jd(qtR7sr|%itd3X!&ld?Xhnd+}7*!O)C!k)n-Q8yUdd*_cN{k)*
zU>Ap@wzm4jaTjOx?6rWE-gazTggtzB0NrK(gh`#c!WdH)$~&EHTlJx4HB&Yu|19sx
zu7PIt<~*76=)<ORmBV?;p!)meQ9cW|u3GFQpcM}9mrwt)RwIdcc+GPh8~?1gEGEm)
zYXGg(gZxpYJty<&`H}_-u2YoR6#v&bt^hmjE2Y~(J?ElGL3RA6M@nt=teuoBIQ>S@
z_vq7oS??1%TppG0G0>RlSX+ZQKNC()=ESmg2(OBEMY1yF?2YON{>GvL=|W>}1ced(
zDP-P}-hWrr#C%aJnv<4|;(Fx~IBR^}k6(}Ekr5R#AGP?p%ywNXLTv_>{fr-#_u>v=
z5^IyAh}YD&+}s#9GUFwiUtIic=S2f>*`n7>`YK}+q!v6mfdW;#QG!KTA6VSTTMK>M
zyV>OPUTcAXLd1(A_;Fku_JQb>!vwL(Ew&^}zUs})AqCT8=l|rDIvcdShH`AEVV`uY
z%W!q|^ttV~V+B*`@1DMOR&43L&FE2;8dvy*altH(xg<g#T9s*G7sDYX3a!o`iMo93
zvU&Sdd|!c`O3~?pRz7diWLjy#v3I>dQdm_&-r%BOOxH<XZ#U<~YTjlPi!E{AKS(cE
zo2Ok-qrzeHJ$fH|R2id5r{jIbhNAzb>c@(izy?!Dn}<q^l{g!*s!~kW94E9=cv}9o
zCSX0a<d}Uz<l<dm!MHcmq!z0a(lhMuy{Yf{XLfMuaeQJYk97miu3~Fm|G8?$Un+f=
zd7KD#3GXOR9P909?tBT6Avqxc5++%!WA6J?7MTkVIivlm?VXz)KzuisC%Z6MgxI{^
zK&J}(pi;ClS`UMx(^{Hc7)H+1Y9;<NWLO)Yk4j6wEu4)=7DX@KcY%;g<?bylWn07_
ziqt0H`f=onfoC`$@jHj3yYxoxR+I|Kc5fpA$VXvIDmoDOt!@#%yi*bD-IrIOS;~j*
z9hImDO&gr3|E78{cJQ@aTP$p4O55_b4SgFqk#oXwjHl26kuz9P$@!!2m-3BH<(O#c
zXA^r@x~wK|wDnCj!qjYVk5;0YyLvtEl=22s)|T>(0kh)M$$J}j0yc89LxwG`6<cY9
z%%Tin_EWvmCfWvC`tP3frR$UhazUQ|%ns<u7GKLn5a%2*{Jme5rehk#^wCO7w#(Dz
zwm<0j3}H=7v|+M2bGgg)E^F9<0w5S*{#G{l@Rd5I5|;x*e+?eyVgiiAXc9Mlp<7!d
z&ndTHl><kf$eANA*SV68sSZyzx8a9@)@@zL#MWr8E&8^eqv0g!nU6(BYS#uR_5IAw
zUt`$r;xr8ixZQ8sRiB%kj4{wMfsm6-Pm*rq<+8_WD3ra%<1X#2$Nk9{DN8D$eXp+4
zsUSV*NpY^^wC{Mc`=>#1<=bRsk%Y|eIJ#A}W>X2c*x%Mo(1^Xw9ihAb{!T!I_`{e2
z4K~-}|0MUraY)DU$=}lza9YUR>!nCMTQa1GlE@_zN+PzOQpBe<;CarYMXFJ*<zHBJ
zsyaRypY%BTzWL*%$FwoKg9#<sEc_Dh2LeROJKom$-4XhR4^&#4yx@(X?0;#G*-K{4
z2U^1m*YVZLc#f6_EW<Npj<%EEDW)yY0jAf>JU{oBP;1JLP~nWBgoT67fvbKpEa9-2
z1fk_&+(|HN#%4D__iS8`_pc5S-TwY)J2>$Cnrzs0=i=Eg{2i04&ZW>^{^~OW<X<7V
zj%DSAQ2WR$j7!kRc^YBX>D~3Q6zLtW(=g;e$ml<a#I=08{Mc&961EX5{11W_lUnKj
zl=36++mpZx%fPQDYwfK3j_+bv!oI!&MVv!Lq~iJGu(XxiV}DstW1A1Sn8F!l$A(`$
zKJofXo6>%*+k0&QJ`4nV2sU?rKRetBfuDxO{ev`x?T#HQjC6q4@51#E%)_STj_%I{
z0OV|UR=?M?p<}XmHdc5={g*YN|M#BsQK7ZuwQeIOtgor#6p2;nfyyJB*q8zyc+<zF
zZqr$RYDpP+CU~@fd|N;E@lUWv$o2h>xI~T7Lv<@hUL6H@#9tOb@mc*P^?1h7Z0MQf
zVkpURqJ<UpJ_7KVd!DnhC&oHd48H5J7W@b4e_?lD?osP@pzBcEenW3ozqCLtQ@h{R
z;%UnoZy~kiIRfMMIgQ4MsbTJb;TON?cIJdL(;R`^>9JF^3S7P{_EmqmEByhZ7zia6
zvg=Fe-D&l}p6aDs1W}^^;O*FZ`COE@j#`*WI}ugahB;TA7&+7qUwvjfQJqn2OzrD)
z95ikONsY_#F2F2XD5p(TquOAZvo5N^X+f}p$#A|vfJZKv?7Cv%n*zboM!?gLh!Oxy
zCf^2=!O#AA%||V**)z`-=FU^}C>$IGKVPnZhK<d^lsS45G=G{!Wd5^)H<%wyKX0rK
zX-cpJ$&S=*pOGh^cx0VM=05?e9cE&ARen?Z`EZvK1U<~nxc6MmhHkwqdD_s@q;+`@
z0D;`kzk$Kkt=~!yDL^KJmjM=8-<-Qjq1C6uGaEO<su+%VP{LuB`siwQz}8VX2#n!2
zrhfO$r=&Ky=%RrtOFmLF%@@>xp3#!?Cjc1pVyzSil2X0oU)@jOcS!2Hfi=_AP&jDS
z4Y2Ul*DKpg+yhAtEIGtit&vbs^W!zY0Mx~`*tBAvx#r?NkX@x7@PqCTt&!iGJ4F2C
z^nEe8b`6=*V&+$dW@ZEGRL4f;6h&Tk-wC})6kMRyn+XNaT0zJ|%3&_2Z{zjmPJFp5
zm$RAb6z3FH^&w`8R!@z#HnxOW+E-88$nf6uLnqf#LgkoNK2`D7J5U^8&r4jzytgN0
zo1<aJ*`wBb<o!M}-j0XwgY)TwBhYE!d2aoe^}&pm7n}dMT>WHz&FLGd{}T7KnG%6;
zYM^h&$P5)OgjJb7fb*9&#@h9yOQhwNP+om&By?3~`3UMdabeR&prvC?W~|ca)%%%s
zpbFTf$d!|mZzwnqJ*b~f)2%OjyQ0YV`0}M|!ctp5+;tcvE+Gx~-h+`-EEmz;%F)JT
z?ruc`4)gKu&f<!iM3N0WM{`_`unpz!)s4x-PaZauJZMZ7{=sYX6xGiOQV-KL=OBC#
z_^6lG^}*g*AaO`sDl?m4f{NN_B@E-e{TcGqKxgF?Op)(qXPs4Fy=NmvwL+2E4_#TX
z<}Yo6aivXhCGNrL(|DS|lFHL(PW(+3xCidiZ}Y`q=0(m#u-a`5u+F%P5n*_M7(_u$
zt)(-Xy|yK+0xCtg`hOZm%QIU^I@g?^g70!&*+8!ZpnksOlEs4{rfHm0y%_dVGMeY@
zgI%Dkl6A9JO{Z_1B&nY?=K#4;*KHf#D}6!V9xA017sI*)E3bv}&k9+U;0_znI%$<W
zt;Ba#LtVfZ=H$!?`WZ{lAK)^0culs*+Ur`xL8@FFkr?1CJ6uG#ed<;LT;;w!^%bB4
z4{}(byLwwvD-|8UHGWrSNT<#8fwpTaHwa}2{`&SpGZs8<#}^P8e+-yk;0hn99Fh3B
z&_m9uBVi_Kb=riM1}&yfIw*1C?LNEe+66cwV7f##bA7rw*2YD(%d|$l3=+ES)EUDK
z;KXXE+0flw))P}8^!B*5mXt;gZE*Ga+2bBtaex@#tpoVtQMxt~w>t9_oqpyya#$2z
zA*za|%?sdfF0ym=&uabKyudL_DvhF)WYh`P$*{fIIgXNPg4}J_FF_rhO#}1Z4r3X<
zDIQIyIa0l3_%~#nu;x?xyl7=cNeLk94!SB_7aN8lqpPxnw7oV36yIJRo{gOi6%Jq2
zbaaf%*3T2Pd3BzxZ5an1wO<vC5%e9u4C@gLwE*L(?e$YnS;ckhF=&H_4rnHbZ#F0W
zt!-D}UN*l_VC^0IeLRM~4BP$(Ibc059NqH2+WtBaq|6GpxoW>(D%!ymDp#mJc@*ry
zntVui7F3uuCaPvO2-PuXtX+2hc~MvuaT$(R@RRgXymCgJCDa5cYx!{kTq3)0Yo>m#
z4vjE*WB<|;?6ODE5<9q7<^P6Vp<b@fa>-LM9p<RFM8eKhEuMg~4*z;bhGm|nw=L5}
zWArK8sfokIKqobQ`#WR+EPb2aNopDBtHmWDcn#rZfHpHX$vpZEHpJnz+GE&b=z&}G
zJv@CnowmXB5JKjoDmq@hI#<+@K&)vusy%Qg$=@>I^9%F<L6cOS0qIB*W*noYZ$MP$
zaJ`a=NsI`L;-T!z%fckqANpjP+<ToTD{(da6%r}nGp*$ay559RvQxJzPhBq}y}i=c
z;W}XNjUcAyNca6C`)Qf(4eW!7QJ$tbV@KH+YaIW#X@DaP*^BLv;*sFb9~Q+Q6xQ<P
za4BUd3k_%Z3nsO!zH<TY(Sa$8FmcA&%u!1xKO^8<f{`pJJG~&f0okCSw_0ew*k2S(
z@J>Etxs~lCKZGFjo;`y-GQ2>nkvZc<@O1!^#w~}cBZC{uHmUskS2p3=Rw8d1XA93Z
zn6nq+CFV%4*^$31#38@5#K+L#42kM~8xvX*dCeDJ%Lw!<>m2M4;X2#Bq$t$xY)8@6
zfLFeog#5i;ln+*lT#a{9T~6ymbi)-2XYkMJpU)+N(2cRBUOP<4!<Gj=mDw&~-U?08
z2eDU=?Dn-f26~lZ*-o@%)kLv$F~gfYsL4SQlzPkldCK{ZB1>K#Z!8@QuSLP+H85iZ
zwQIuZQpdb^SLdQIuzk9A%HMhu_I>+<SW`9TkxcG6k-XH4BCQ0vV5O{;T48&IZ6+@p
z*}7g$VJpM${@{BR?X^u~i_h|$uS%FBYsKa5PPo%v%A7rfPK?GC+Zi`4&}6SJ^ocgh
zYkRLbFabX9yB3755GR|)VC4Iju>W(36aVII<An_B`;D>sHOEP3BRSD4+0&M~YGf_+
z_G+fhK6&unAWwe41R7f+uIFXDgOlw!U0o}>ebtXLT}PWGz<WU{Y5<Fin>o(%`7YdA
zq*iQRy6|NjI7PLec$GDP58T^}*mofxXY(pjJ@IG3G7KKJ=)N5{B%(pQewLNM!!Wwt
z!u%onkjImnLI=kg7_Sy_!h78ENuQS(X@bB<D%EEoEe)K>6Lo;SgJ*8H%p;-6HmBjg
z%%a3S{hp!%Li%B8gU8>iS2_tM44cGSFc-5cIDO$HUZ_pV7DtTfCYE5KD~4V|rUnjW
z^%WWRmmV<SEq78N`e@@}cL%RvEyxSWuT`Ru$m*48<`4x=ukNryD&Pecvl!B0ro8v@
z59FZP@5qDRdr3K@=cbx#G!vRoIe5#yv)ANxljiP%%vSc$2UXV##!6#fWh*B=g6o)h
z<ee@<H3GciP&q!JTBY!Jh+HI~R%L--hS_u|a684Hj63CaIldv13HurcaW&`E9}w_M
zI^h2}I?J#o{{{+=1|_7s5frHrIvOMlkdT%xLApa4l#m9c8>PEDBt}U{!^lyBj8GUb
z;Q#)7KM`ZYd2MXZdG2$c<Rv+?zSaq<fuTXa1;?yr<`aIcN@n&Xa5or*!JA*YP=bk!
zsSy#-LKD>d-QRBztE1{Z>TlsX%Bt%NOIp!Rv?)wq!A(q07AFkTe`9QgLWU#fdAue$
z=>|=ZOr5YKlL)yJ9V`7oKcwu7#}*zsTq9uU3=-bZET*ekdefIgHnY;b_f_0AaYA}f
zFwQq%y@%r6u$`(UrSzXj7XlGd?SVMM%+B7P<X6w|ioV^%+-xM`IQG4-8!^`PeFYwq
zvMc=e*IT``L;($iAbv4Q2hUXclBG=6!j+{UMkJQ;=-m-&V)aPCutAP%v`DNp<(4f$
zAxs{wkv6b7yhgS#rYbw2b7m=xIu<6F#MQ0(nbs-a8De3ytDN`Hd^WK=9D+;)y~i*f
zj|P@MeiCycvtcMaVUkol!-zosmAF?$ktxnor02^*Pqd^B_6Pl9Ax+huWgTzX5iVQp
zhQW%1L9M-g?_JtQre;Rn?M2Qc_v;_})TXTWqrD$f?U!p{T0#j0qyA{ocNpF7@b_sn
zk_rzBuMFfRi?VAyS&?m}XVuyp9BK|_{!u4cS5<1^3GxIlp4Re$%9G5!uprxrQI1!!
zRHf5kc{;Hor}XdJlRm!l<6y&r+Agtp)Z>Wa*4B>|)5+q_ma1;9I-J>?y`z+Z!*=h*
z1}#ky=5%4n?}&6yDz;HgCs!fZ<8>WA_2|dV1nyTJy1I3PK_}K42KE-C>fLcvz+H2e
zE=_UVAhUg&ziwb;Q^0&!QJKP{Eu1fD*1k1UXZJ&)wdStX`d^*$(v+RPUY-JxFS0E?
zInyCDZaNZ^HwA1y99Q)z=W}c2^?Z?=L!OPYol6tbiz)mAv+B(@v%-u9?`!XWG&azh
z16{f0E380qVL?MZR`15#`KbN_?Lp_e#Ld$6(*o1pR?+umc7_uXOE?e1wI$nqXRLci
z-U}MiV=~QJ-~#FXl(dyM+I}$vvr#xvZa}Y`i|~6EmNqdUdN7>T?A4n(Ok9z@uHdyj
zQ(SOXx_3WZ9H+cEf4>EjRU=&xD?KnxS=AuD+ME2rKJG>I+->R2MDtLLp^&GCT4PrD
zFe%e!DS*5dvD#lS-4T3~>uxp8)bffVUBk&dVz$XJN^3I9d4HAhcKMNY)Vj9HU<9AO
zO5D35p}-%8JUcnD)~20}ADD!lZ(s5l1{SZJe^7UMOnUonFMT*GZo1tH8EIwkFz%La
z5N73@k?(Ufn~!Re&7rsKr`0$J(m*-9Wn_xZ2mQv!AES-O3bqw;#@WZkQ!2^bW*Jx4
z*bH0$-d8-(V-LR{mZco22=}&hXn)K2w76hf3-u!FU4K#iY*yWJm07laXvSK}6R5M?
zaQXdYgAQAf@2wU}Y4<c;I|Am$WpWVVve%yl@9G`-xdokUCye(d3Ktp9jd{91P~*c1
zf&bj4nmsdZb4?&xe`zlb+Ia=LLdr=IZ%BTWS-g<BL!-ljbW!H{X?v%1HgJdj1>THm
z@f!RN&Sq)GBwBx$o=D?Y#L5zfaMve#y`%LX;Yuy}bLq~>+A~>NsQK2FS0<G~t|9Gs
z9tV0yNX^feMa9~fMN7zEjeRnAhpt$=2qjEQ2Kx-A2S4&eV?W4!hJ;ykZxYS(P>5=}
z;O3ezc|deOU~)>K7<Z<}FIn@kmRi}9F!B9+9qL^Slxq2F{Te-m+}R2pCmu8VBnVG;
z?Vl%F9j9ckGd#80n0{){?&td4J$YEHb)=uPExKRmL(s;fBU$kuMD(Wus<phde1@?%
zD@k;xs#pip(vZe$=V{u`#H%x17SN-TG+ZS5<YDXucah*K@%hZZe|aIx<7_I42yfa?
zxYM+#Z9PXywLAni7EeZ7wjRntCHej<iR|?N9<b82P|F_)K&7;X+}H1-(M0@sV|K%(
z!3b*KS3-=z_*88m3d`BBFDlkK8q64Z7vb^bw2rRZwfa}VyBWsN?UAS%$(FedV<Gwl
z-4gxIi(a3C3^R9pzHnC8(037jCNd98BYZk}we(1D$Vj7#aNHl-o`6^?syY;u=dhfq
zxJc#CTBI~xj`&;~r?qerxqV@;gy<=_z5~)KY(D*!(2>hv-59vZz_$G0q4Un}HyjpB
zv11y4Um1}qPrjtf{yrkWZD4i$v@OkB^)pm5I+&B8VEumV;;Vc2)P?s7Ga?zv^AXdp
zHSf+VVQs97*Od|M6>yGbN_r|0TZ)!_3RygID#?eCJum)2p2VKmVr4Y!c3+8o^Ayy`
zRIXo!N3_MwD}7;-WG44~#I7{WL-N2*JpHpa3$H*NV>4*(P~29_JV$Je8{FI8Mkd9M
z+sB>z(7H_#86vkl7tt7uqIGkQenu~{U;qgel$ZW3ovZWL(Fn)*>(yGleCvtS*uVa!
zpX<+M;v2vU$@#b1iFSzN7yP8wH5Qp%`1K%W{wHXZeZdr>9Je+L`R;039M_(81SM?@
zqZY2Kd@Ps4HT~UEeSHo7UR`w}oLK_vkiP>7u6O^eAv2Ld#{leEII7QTdO`>yol;oh
z*duWhnRyn|FBjeMr#AmV1mojn*QA3o(f>h^tT*?&ho!qXmxGcp0l6cX=RAHii)(bN
z3Y+RmzjApee6MrEuH$cIE^ZCGNWI}fDhI5M*UxTh|AXiRC8LnwOmpkR$tuRZnLMJa
z-!j7WR@OyE+W5VcDQCQ3IiQOYZ{vVr=#JL`8g|<e5LA2K3BL#gXF0*C1JB=*((p!T
z9IBUo(=*H18<SK0!&D6UYs4VPxo{H$&V)MtsE9nYhuB{M<<C^#=%X#a?q1XoOfGa|
zH*}`bb@$P(Uv*zhjHLv>n#yQ+mv_sxGBRh1_O4s&8sh*eh&h4JHBq?y%ZXIx>Q5um
zPjCSfDKMRWX<?-M@r(N&GG&-mPupTpc-f9{R#jPe+16H%JgX@;)V#{Z0Tx8n2h2Y5
z;4QB3k{gi_?@$|jnU(^mlSi?>A-Dx<yujgvTj87CoJF$I0x`e{#S=2?*y#!{o3k&e
z=qUXL7d&x41%aa5_hNFI04*9_k!6dW&-;b{CenqZo6G<INve0kSS;{Ot3;68SGCud
zbhB_mXxe}g-4txQJC@)_%`U~iKuh%{ofvsXga0jk?a3B^4-UHPrQmvIeX&!e`lC4f
zcFn-_oE+XL#1aYGW}xa_sJ-z29~gUudr|nh#)Yl33gkk);US=BMQdru`DRf6?gbtg
zM8^a^2U!!Y{C@N!0$SozTS~ASCcK%V1rj4C3lKcPo?Vwk^D?P)b|iX+d{8d4d=o+0
zBb5Y<JWgjJ!{CRZV8tsr_5&^mjIb3C?tpA3wr4B$WxA!i5*URS{MCBFv43wq%IQHx
zmUXOC5!gw8EqhfmS8U&V<-=Z4<3=JtHJE<L`RghfkVRV8wp7N-W;3lHv`1-~Kz_!y
zF`%tKE?@nUO8*1hp8#$B2zorQ#O@PBr41X;Ggg|hxMDn&XRxOMq0^bvl$<cBHoZMP
zJ2eBj@{>*t<;LG5ywJB)+D}R4C^XIFGD~m+M~D(q9_v`#yBpMo0$yqTgAxtnX7Ojw
zo=^Wak7e99eJW#J)v|e;DDmb~>(U&X6_YW2S8VXzJ4@8c;ZIJ$Fx51fvCb>4NbxQX
z>Q{el2?XC4@<ZU$PxU!;Yv7lb0n{pbOiH#R-zv?6zg3k3XhwjvSP^{BHQ3g62#_|x
z7B_+b_c^~(&LYpYZ|qdq2NBfLNl;SDc;k}3ESNl}i}++(0Dzi!tupQ=9J(;j<_hOe
zB?;uMuOzm&5J=0I?EUHi#=~96m=I+t&Eb%^W!`~GV#}7v6+jss{LLr>qG$&nTpL4J
zjr%(VLyTF<<AjmgN@TE&v^Z~U43P!zy8>t>vHXRHj#!7Qz}fuPzf=n=w=Cv9d524_
zZC%BiIXZ<qixhJwa8@Mb65RSmuwX%{y^kd+n<l__Nb0zjim!OVy=lhg{B>CX^g5!i
zLlhhH!(bfb*&d7mJv0G)!!b*1%lNz|*vg)h=2G(Szy~wDHV*r|Ws8}^e_s%ZGcIs}
z!LP-!+Mi2>62IceWnV|x`<Op{^n<=}##~DS^vR~3ozjAfz*3iEDANNl$A#4np#AUM
zZHI@yusUW`K*~g2n`4`C5WXN<YEaa^5zgF4!4;UTVC=dS6%bVL`S)QQ0k?Ms-z*qH
zhrWNW4QQbnwg7EjhQsDy`tB2&t#1a#=f?w)Z~Kks-aVRX3{J63EUaj(!uVLIhWD%M
zWJn%521|Yf4xaaqk5N5VK~rxVIp>=jF5aV7zS_0UfkE<PPMS`SVjyUiL^jAD=G_NP
zuD#`Dhv0q}0}s&YTEdlcaAl9`rv8N31Y6;fQX)O|K(hmnUaUWK8$O1J%?s%4AqNi6
zZ-4aUK5xFN(o3F#N3R^-B<8auV$Jb;#d|kh`;N5^3=k-doI1VlN^Q6{v1-z9sgM#d
zYJDQjlIs;jdm$Z<k`?K0JoMVATbp1~m$Mmm%c_2qJiB*%A$}PEJ84GCid}YN=C8F*
zaDN9fF7F<7_PB@ubcbb9mZEJU*0~eDczk<z*y&Ga(B`%CCD{!eRJz6jS7i<`rp`Qv
zpd99t*gsQ+kdcaS27lKXH%{K~tj%=`=I)4$a;OD%l;^1L@2FO*FZ;E+*H0VOUx%~b
zI6-_OZORbqfBu}pnI}ew;FJi%))NQ~HY%G*+&>Bw56%rxHmNp+_H1;~u+7G_KWmA=
zpyCbL{&S@|_Run35Q>g7XkxQ+XNwR0;ohZOyMnhICk0o^QaeDq^ttvph(6)q1B}n0
zW5U4Kp`e2SsN|C<6oQin6SC%%^fS%g&o6CL*+m5k-_q`%tDO*R!ROFV+PT6NtL&VL
zWUk{i0rjOhdJ9)^9E4xF+^^`$jrJu|hxc8H*ko7S3?vBQWdTFFhF8q0V)>n^4p`^?
z*mmsOs`h#)$MYEDKFLpRTC{IQUF3fBNK789zB27z(Gqgqobe>F=O3#d{v&M5u=CHN
zgJsEFW&KUn*d9fm8^|+%ETu)M#k{`WZY`6;m)6$p!>X&p{~XXnEk_XRD1r>Ir^S`Z
zwX6JT7WxKrv3aS@aDH1+Bv2<ke0V7Pf_y@|Poaa<c(6ud3hF7_emGpmgA#+@8!^vY
z<zdh4axl$~eiWYT6I0<9xI+cRIYBNW?lH;x(p|jf#cTaC`n6cO3{eVNn3!>4v(*0}
zx~hN>>c?r0*@PMGX_2V6N1ibZ;caJ7(i&iHT5emp1&RW<tfLqcLn0o}3QZmn2je#7
zf`}=mvv-2*#o-8?@lo``1Y!n8I`Gj1++78fD~f;+`@^TqHghmWeSMI*3eK}7qR3YI
z&D0%gMm04+uH<nU6C;#ZPVE9(TjIp=whk{69-J#^V1l=h;$qn56|C;dDbEOCM8Gp#
z5-?Hx@G1&rj#FT9APY3f>^Ha(k7<aaD#%<D`p;{9z!h5T$lN4dF#}-=zT5(J0W(bU
z(m&n;Flif=OTLD$CN4%vt0m|eZqrPQ!upsk1kx|}#psy-AWK}*^wWUJMbn8iJDKNc
zFB*x-wlgDn93oCeh&4Dy1`RR3<l*3XD|&+m1qc1+ab__F8|7rWO7kKpuRe>LJ^`w>
z(!Jf>_Wms}v)CMYe^gzrio5Q~DV%2P1#5phjylx~eU<|vc<V_BVj#Gnj(?D>9qx>?
zEKW$KTwgW-`e*g<CkXT81k^_4&k$YDkj}>Q9<~r3nsS#1KwHJ?%$WcuKcj?)J&K~6
z@ZZ8`4;dJJE04p;`JtRZs&k0!eAEfTguUJw{0}zr!ePp6!a?dvlt<~WpjlnWTW$)c
zQ=}@QjL@BHUdCXphlW_y!nPNfjnHyT%DAa+FKPm*nPwwFQ_T%7v%WH@zvNg@n@Kkj
z#PkO!y8goLS&`2kw2b>*>>dRE#)8GXc!&Mfw#-jF-aQ4@bZ$~{TT$Dx4l6J+JK9)P
za=o|J1+{)XG-$FH!$g!f+*0^h*n15p&MLMJ*)-5~R}~14uqp*!ZGI|(rl3}LaBRgn
z@`8KbyuRX#+3u2KOA=;DX2ZGnA7qM_sSW{Wsy$?GZ&9^Eso$*x*4m5gYSXVj8(F#R
zp7Bq(AemO>4{;bQU}b82HmGK|p_mNL#>Mb&+8suJR^ja}knt^*1VxFbgTkxK$R@YR
z(b4Bh;3709tFCB2Q@ntlwM$IE>hW{wr4S2ehVsZBG~K<;*2mIq88z1CqjAu<%Yh-X
z1`_j&dljmdC}gCpi#LIpJib%enHg$hfo;`CQXRKpQ0AO28I5y~E4nOg`(}_i9d;-p
zL2g}0KjD9Gu7smwCgS1VpyA5E7&&{R)bBC{>1#QQn{oC{9s6S7!2X>T9U!Adu*aQE
zKkCOf42$Ay9yT!OFdEz-zPNh!eI(7gGlcW!g;3z;{gR@&YI>$qG+m6`sOi^<r#d#}
z^iD)P`18-S`!Q*uF9OHX5;8o&K^eBR&@oYp)|-PE=3@?%i68f;tDq@6s_wXyHhG5A
zCEn`q;8KR%p?BW6=2YBVGd6^gfBg@lB<75-b}ODU7=ZO=&Q*9-yvB^4l2RI>80=H?
zN5?g$b7##yi_EhGSb^H3hR^|G><T5`wXiO}@1N{$+CcbLFR-zXaOT={+e}C8{MO&J
z<7?!#lyzq<r;YaiW-O79b_)=M7ewd=-g2)d?S87O+#DVwXQk%htb(HPaciUz&I86K
z?Zn=L=6kB%K}wElCEku{0dMw;bzi{6;gs?Bw13Z@<hmfwQk%<+O@^nkPJ1)?6qxUH
zcD_Ll<Q#S^hO2K<su@vsvjcY(;Va8B=1IC5er2^ECmUr?2HE5IDBpBRTS~7vkia2{
zRZ(l<^2Y=NbXj}~IqQ^>oRPXZ`?*1Ebcf+@zBog+n-k97x~^B%&yu20bAsW<S1^SN
z&>us~RMxo7(CEGSm8->c(<L7{#PY7xXPQsRHM6EH!;&Y++u=$+kn3LQPj+-#3S*|(
z$(^fe^`*{b`f(Vu3bki6pJg|5-Gya>)ZL=}v)S8=8}6XXyJZ1i#T|EUlQyM^77jxC
z$W@63>$J3F?OEL+HcS!JVpWw)wVdr(1TjU~1`{jJmbmzv)IWWYtSeS3Ho<$DYPpTo
z*9NkAVa~7L<u*uWW{Sk!Z*BX4d_=Ie?a!1M?r~<?NadH^`CYOWwq^U$&SL<!osb91
zrF*3sW8E4lQ(0uI_Crm!v3P+4YtOdY>OfAUzl(>>qn`U)g5-7?(Pa3;QkeKQicq9s
zbBkK6E4KlTFjIiiT4ZG3+l^vFMxWq)o-T)>wuE_@o<DJm(1o{(EANo?Kk&FAYmEzf
z5r6)9x=JMXt*pu7?205s;3QBLS%N%Pbg$dp+5MMqDN(VJ^=Ua}&u0*6^o9fuwNrZ>
zVBWAGu^FYFPt8mhpcxKR@wHSVy_=yq^QW&Q2A_2xir<;vVRd>Ew`1@h1W$B7LaJ%Y
zY(-12qC^@Qp#QM^eB)+e2u;$wrKNRvJI%b(5$%<jD>{3i$EzkF{&^-bxrNxv6I`za
zQ_*|Kelj^LigB&(jMHFc+Mm<XDi`;Q?bRTh$)BU!5oXDocrB3OX=?=~b>;u@N>v@@
zTKuA}&E)RQ;4VNX1PE}y<RoC0i}&G_lOJZYEN-U!AxtyV<@zWy7%Nvphk9$Wh82vv
zhycvCvx@~H<WW(~6^NJ2IBlmOipljYq2tbebBp9Tqt+@2Kx&NGoylBQGAd4&{ReT`
z%IGwwEI@XVNmDhxj|d`{rsAQ#MN+cCxu#2=)aBgSH+gi^k8O5>r%)Df%*CCpjT)tz
zE{i=U!+DBrFD>6iRF=`HcVt=iZdUnNrob}E&J+KFTZYh62K}g{Q@w+sc9=A8H9@VW
zC|kWVlH@gShNu0}-OTCGVjac~f9*ygxc3VxqEesgm8ktYZQ1G_bP%J-r_6e&8b92B
zQI?{~xBr*T@Qimx_CZ^XMZEJf$ef73exB(c^^nT=qowO=+Q!mBFWQHCBK$AE3YO~E
z0mZe{aF9FYqJ)aF-!R6|^_3U#1XLDt0g?(fQ<T>2mMR5MtrkfmJ+*hGAqZ-Lmv$D}
zJ-%(x5kBuvU#Xg0hOJkn1@zqQC@Nw;UDQcdm0TPW$}nHiJAH-I@-RSKh+fjp(F^R^
z<3iOO^hrz7vd8!f+RQ{Ob!f4z>s)wW68K)dICBBrHnNZp)1=7PHi}TD^G+wZrxBbO
z4s!%u@ZUPR>R+^0ilYx^=I%XXs|_!B;Kp%Orl|0_NwhtWGBKx&m%_BgO<V7A>>ZBh
z72$1nwrJn8mpZ?)YU7P3@1+P1l`<x|Up6987@nac`c$5Ym?QmOKM__aMSiJUtRk0C
zxF<DH#<7BSxKlMS<w}OtmR=U*jjE}Ir}C-Wg@2XQ{$|V-3XX!G8X!vM@`xEyUfRj<
z_mr#_y9o1_MSp8=P;MCE`nj!?75p6geaXxga1Y?pa#K~Fdn}_3GYw?KnbcZR42F*S
zw!pG{_fk-@-%1X`+t81uNJCeUZ0fI+>E~_u%HNynOYa6&6LE*cpmN$h5SScXJO2or
zpZXU(Ev+&y8^oN*9*)?Aj?2K~PyK!UIt@)zC!ASU_n;~CB6oH8Q>R%_BJr{Yrl!ZT
z=VajN0Dls=yWWXzIcFnZiEly-S-g#)?~nU*+|jc3^2C2_z&|K?aDoR!Pa6l<Ym<QV
z3A)k<1in=1=F6b^#p~Q=yt=g|XJ-`Q6S1DUBN?5miLGlgKt#b=SiGCzr*0=})2S7K
zYv8vz-x%K7K5IVD*}9cHRl)>xZv`)lcVpbH)Ia?_zGU+C)7$K3zYzrQU|54Xk%xl;
zK3DK*5O!^}r&~O!?YC)65RV-r<Ye!Od^82mM5-qqr0!jqV6JVvvE^90*gdjx;#(hW
z`&EBOne*UNOX+UgJ^O(+jp73CM#C?HBtG7tOpzcHvgh==vC61Jod#VqX1zr4l`}$+
z2H1#ZrZTC%jHVJWovYoSb?Y!1pQO%HhQ>EYmOcPmT>7dd_Bn=6J<Avd4J`^HE36wf
zx$bftq%XnSd<zb69Q!|rg*7Tn{F4ji80tPrvfW_JN*{H&cW6v*?LO+j3=)|MTUp1K
zd{w@Vtr>-GwK<bwl~e{`^b0=Y0D>XgS}`$phA$KR&2>-y71y{3n5<QShscVe=RZi<
zzo;ohwisxj>CFUxFwDs;a6jS|s7;x|R?@BnoiePLz``x^PD}m{=Vx_d;?R_p^v}R)
z-9z`Tj<3R|Nxk=9U5#;F{2%ZHYft@2-l}n!B*u}iG$-66X~znp(Lwz%dF~jn4rT_l
zoy;CUHB>{E^9?A3h?|<G80IA9DTgmg=8E*eGF=%M4U>ybBWxQUWcsBA{%ztA#x@3Z
zuxsxI?_bgVX0`bO#f%MZ3PN^WGN%-ir61m?Juq{axKh{#P@|TD=n5vIMpUewXv()l
z&m<{=0VTB_i@`erb&3@GqS<+Ld7#L~1@%o`53f&f(N_wMRdyrg?ylo2akcvitVU{r
z`tuopl6rjApftk<laRXuZZ$lKH@ZaePtGSk<umU)uJV%lwWmrm*dFg6v}M;6><dv^
zE9;++eDUxP%(r#>lx|tA@u3u7&`PuMTRJ56ktgmDIcE}|4cnslx9`#S+Fc2YAhOp=
zR5^#wmV2=K*1JCVS9;PV!T80O7T|B__F@i<E5#J&!m;rmj5jWeOo8T@I*@xxw5+q{
z_Ojb6&<r)o5Q2@XeSQG$7(of9uRgw>tNm_T2AW!%232KmTGk0&xIxy0j3|;-0<z_h
zc#08_61^Ds&fU03%C0>Z&PiDgup_#uJu6S0Y+J{OPb=V?q_#$p`+z0FIsRHGF$W{v
z5$&e_I#=5hvh?T~h<BJ+np(HOO#3Qs&s8k-+qvW36Sv<mz!1^F3RAte%4wQ}ToD3-
zWr~fp5e2+vWf}9!t}CijfQ1S}OtR~Gb`1&u4hdgC3Y)v(aWI>uN?paOS{U{TX$$~`
zm?Qu8{EMCL!%vj$^$%yufyn4&3DR0#Pj=rk({Op&+ZAg<dk%z56$Vwdp32VLC(ArE
z9CqhmJ>G>mFLD>$c}vGym%G=AV$+AMID%#QB_O^!O!u2~AslZbDPjxmDSVRbvo4P{
z`*vQlNis?^+k=ks%_N|d99edS@gpZ}RJ}S)tiiOH*Vgtc>@Tq%eGUykG6xV82+Bs$
z28@USZTeW-zezCH!aFA#9of(&R;>|{#d+p-h7$WKI_!l++7r+`b0#he%zR+qv^trm
z@%x}TlGy)qqvyP{1NP<&p4ogr2NN@P2Dp@z<r|G&KnH|aAvRD&^vkk60VG7qp>D2I
z(uXPSPO?tMOtmr{gcT%2?;m^h*)o>>n_nMf`>{tWfdEn=6`c2VeP83%Bw<27>F)B)
z8?a<&$L);LQHgyV2VVfO&puu*C6)#F{K)>dO8EXO0=&^Lo=8@OWego%ja^q<E073v
z#W!BR^}W|aN@6{l`oy8_N-`+^{C0FX*Yn8x@p(X#u=kTXII-Mr(mz8`bcF2vaS{8C
zTbtX}{~!e5sSIcTT_>A}rhBi<vNj#z6(LpFYv<GIhW;BcL9i}$edDW^3|=~>F8)uk
zuB~mee(wJr$mVz}yO<1Op7reS441p7#y<WAvd%{V)dU+-ERxN>reG>_(C_G!%<rgk
z(BuelWYgK2$kXn!olME?W>O_3t2bNcvx^Sk`Ryxm9Wor@y8evlt})Z?b)4VYm*pjv
zj$95a8s9mZwidTbDBS&YF?+tp+Y*v>;qqqxkK3i|7-nT`BG3RPpe$IHBGu7xUL~_-
z87T;j^iD#1a=C7A&&zkY2}W|M$&@owRjfM3ZY)PpIZZmyxcpvR>5o^_DpX*dso1Ez
z`3Xh}Ir@jORP7BJ3meyBW<s75g*T$>z!b^H-m6%unz_LZH(~zdh!IqpUxP@$l|lF`
z<?1sP^4d1PkAAuN<~mR@m(?NiWgDA20woA%HJ)kR_b12!>W(Lau(+SxdA&QZ`yuEk
zINNR=juO_*%)ngS$!P0>x}4ICG5+mB4@J-kjF{JlBD~>=g(n-%TP^Cq<FWU}l+Vnx
z$X(I*L%?uK9X(De9@JCq!aThkmYZb8>H!hHytn?LPY)B5Wu?EZw_fxxzNH5$l12hA
zgP^&P2tqQ@antb2y4!kYEoG54O)lGll@{_$Rfh%4xfhtM;SNNg>5?QfnaY$43)0xo
zs&q8Aki-*JZOJWh62x=P3XWWa<*O35*%jiFfT8@WI#JrTw5a%20eoEABoc$!J`KOH
zM9Y^4Knrv;iEIAx5sj$TfQ_IBT|MdkuVGcFFxt#w{9-ES>d^;zlxuh*2;d^6huG`B
zBBQj3)lo0lV82_SJK;!iOog8*=Nr+FuBG582)*eVQ^o%xh^l{N+ysSFpMW|o)+B2i
z^Y-q<bI=(WbVnQdAbIA$?L@Jo(m@w#FK~TAmaR$vn%WAQ?K`LVSu_3MI0A=Q`Toj*
z%l>-q3aw-Jw>ZVq4}JPFdo*;(aa`iq{?o)}paYS2#rtAbNVRiaFdBV#@<pB5Fgi}M
zo<FSSHbTkOHLG)Sg!CDoBI%y{u&QoQ+gQj-0xT_sX_lVl=v`Jad*Me)>a5NUm}LS*
zzbxh%?ttpeD%;gU3yJXa@H-YmyEi+WwD*UwNh-$DN~DL59Gfx0<T)`uyw*0d?(x3f
zM-Y4ly&upbvR1mC1y%$8a>fsX`Z8Nv`m7}r_GCrOy6y%nyX{PYlMcecyob+pm~L;0
z7rK|r(;YsrF7WCPn(ShQ(8*oZc|Gy+P_=Ylu|y~zWZ}r@uW>%nqfwS^J)$Q*K`r%r
zou>udhl0?@oA12c{hlF(8E@K-_j#OtEF6As<43O65O2<y^^wac>H5XaQ83@bvX<1T
z3GbDd$3sIA!)ZAWVysavZ-?Y?aX!Al*-1;=2^hyZrA#zmwh<~r@~j-jgu_zS5|fAe
zU+eU5(;?8RM&bQ&KOtTcMcm@7uHhW{OZqCav#M5@4nK_7$yus<Ot>RCG!X@bI2<a|
z;2)BzXA~Qo`E|IBHajH2<`W)9kA~6v#SD@XINLfZnUvN4Y`r;2;crtRej!ds?aQQN
zB4u#9ZYA7;(;)UXwpXhn&IUo+Ba(@aO>(a`3*D8VZp#g$f{lUln`0K}N}y?)UsK0=
z03*?w+=ygIgItBNZZWZ?tOsyt4mrO}vFe8lqC{X6H;c*wBp`%0=<tkbzER5LJB^#7
z{6TYaZiz`iHilbCO=eTuUF-;XM~9?Aenr{-6rf%!ly;vT!o+sC!kJV;<y`L!ww<4;
zqYU|iuf)XO2omn*woooD!Ki6HMJNV?T8dri4zYW($?&oadnfphkVcWh;yri2@(>QA
znfqJ*PP#F0N=pMrvK93ANN@tfT^8Q#N8*^Q#d=UNl)<AsoC8WGzI9ln^^@6B_*B+S
z5B#7Z`f2-%K9IDx!fs?L@&*`nirQXAAdtysf9@A)PNcHxs<((+{f1H4jZ~h1Fcz29
z=uW~<bt>ohSlL#Qg&%<NEZxt(?=G{RTQV$E5#?j7&@~Bhb+eY%JwCJYOHymjk>G6(
zA9P!#Baf<dy)COhNAaNF7Vk+vbvw5y2iDnVPO7fhS;jo&?(ou^8JGa7p`*jJkY{Dv
zMWSrrWFZ&P>oyXg-jt5X*|4zNUkYdg3vRNSTNO57xoM!!r{dhC^k%5%#Z5|P2OD@~
z)%IUi4?Mj9-XcCL8c)x0S9Q<|OorK5Gh}HAy2pt^Ldpd7q&i1?nF~W}1%cU_DUx~O
z3*Ge>HQ<zv8f|7fGzV{W34pkX{gSF9eQ(@k`$n-T3e?m5I#emt#lB)}19sM?;{>#2
zW^DxD&k)OQ>cmbk!Z7K7TWH;?c$S?pW3H6JJUSvXIZs4T=Vbputa=W92{lIhd&=DQ
zLSi^G1YeGu9N_TDF;H8{ELk4a4xGTYm*1(%EGw)!Sc`jGBu~k#xR1Io?`%)#e9LlB
z1*R)D^TfmHhj*C8DsFb0IA^1C@Psg)G3c8n`5vxS+Xgl2Ea|~H@{lpBwA7FPCdWMM
z?9;i|KjoiK%X-&;CN_<(YYAwJSRvMTT))`g%XL1>N9)&bM`3Y{6H2c&jX_bHI~!Wx
zK&5Y7_W6)29%*ATDj2J7j6V56r{HgUOov<C<}*S?jDvM&u=Hy2x~5wi<`|1U!p_^U
zEb4q-FraP=iW9~g0K^y=E}VUW46(T)nS*)(gxhFSh4qYtz3IyDl%uLbB~j3ZTs9EF
zR$>NjAxqg6%dlpb96O6uvFe*}<tiVl!N6r6#P1!$83waTyR(Yy6Nh-m&k`UODm){O
zr;?b9=<cWKPoWvYBWoHr!BC!sDlOFL*u)ZaEaxDeQ@t*JIf)Kj7J_r!$?&KdbvMr*
zK7FAIa2YSC)70=-sa`=)Ksrm_23a#1DxfwdTpk#vkNk{ySWZ2H^HZu!6Gmwx;GcMw
zCvO!fjcb3B%d8#R0I_%anT2O)RpVSgrXA<k5l)(>+wEWtx+NINA)hy-l@YVbFm)X+
zjt%uUDEXO@>zIog6bMi}elV}Y0-hZzt{UJGGtoG)PmkmEiieRB<)^^Ov6J^SrAlYi
z+d8|BGvnQTRq4s^LMWV=4}#3LfpUrb>oGTtGRIcZ`WFv8Y*4?qH51mUjVjHL9@i9}
z?`dX!FGW8kC5Q^zi%?`aVl#t^eIbnvIINtflHe{jytf;Um)2Dkl@a8#`DcK(P+@hk
zEnQP)A)seG2@OhXJ<eJ3bTsetXM<X4$*ankHT+_T&R%!C)+*P>q(ORLsYRgag9neJ
zrwCdJerf4}2a}7u;9o#KDPZy|in3{s!W3urbNymU?anm2JU1hBZnrc}9(c;Oh{<Xy
zlt}jtlnhXo-E7Ls_JhrNQxsuN6__L&pZ=j$7Vl0{IWx0I<}y7v1TJB@&Id@7AFtuL
z0$FE(N-3b6M%&stwU6{}3V%?R#iG7^5#6_JCs+CW^F*^Ve|BbOzZ*eubY&%xw?_Pz
z(9_l_S<KoqvmaAI)c&yOA)1WoQ|UZb7fUC-LRswQqhT>1JF+AK$x>$pB{+QC-#nGE
z_0()%&+wFQwV%)6(P8Z4gd0-}QZx2PFnv}lUSWpi&jy}(A_qu|S0Y90n6;g-S$oAK
za$PU$iXN`A$M0*a6(df{K*&WKx>c4I(5p2H;<LbCfoq?*Hc5J6jSl(2h{lLsEh;C~
zho!Ul8|*6~+Jo&ociY10c5weH_H~AFY?7=<X$(ky_){hl5%juj6P@BprbBrTMSFUp
z)Q2K|s1g2PsFm(^ET%YMPt%1y!d2I)tmwgy^^!F2$-DWHB2nM&^`wS>9VuYSak9;0
z3KlKS;3j<~>Va+KJMv)N8o{QS(7Sk6!TSld9+)qWFE>;`*EyxFDw)4W?wb5r=A-<J
zTRm-I*{KApv`C;=iBw4~k@K_rlo-X7fF(xN_KCv8o+p$dkF)IodjgigUr%bb8|{MV
zub1HTBH6cVimE)eaHh}YU(f5m$J((LRm9r9>rn?|uG;5`9NM+kL{y!ve2t|D<jmV%
z8r>IeN<Uy?S`3rUD02nU5&gP0M@(P1aqr1^=R(RCiDyBq!`twst_Yw&;zS!-H_M(P
zab|VbTUW`7*ROL0WRCI=Wrxm%*{m?)Y4en`7RLeI@t5g=)m{@_xWvbt+(r7d`tXJ0
z>sw$y{1HFqWEt6Gy%usSPN%XDl%j#DD_5*1&KQ;J=4;C!$_w=&=ilbhF<x$?C<me|
zHTsq>T`VU4($#<b<410BHvND72N~VW>UQ|sJudq-C_d<K))HEh6L3grfr2D|=yJU;
zuG`)GlAE)9sMp|sq=P!47qXfELE^qHpIoQ^2Wd{dF>Sc!xfHw!xOI=W0mnJrODq?`
zx6_Ek`VN@a&cu|TkAIw0XZgvR<T0q`Z8#%NjBacyZU+J4b<5gXFK&ic3me+KJ0&h7
z%lhTfrr*)Y3PPBN6=~Ke-WG6aD!3BJc~~<9-6(7OwWK$JW{s37V6iV)t@nWg?~z|x
z%Yay4YV6j^xo=F&Gpc#ACS+>!kT}(SJ;{Ml{z9$*3EqLt9j_27cVlw;Q6~fP3I4Y3
zPtjGrhZN5V>sq%zs=R6|s7;w(N_@~ZvHY&{J;y<gp%W9?*({idKOfa9)hq?WX7891
zONV357ySQOs+*ULl%_nhnqGV(<``G=b(CTpwgw~?y+iAazU{vVXf!iRNlvF~jJaG#
zX)bWVeFyMR=c5niYEy>UkZu|CZ-tj^%n8AZhI%Xvk6}(^>2GI`uQI69E%E|UwQU%c
zP^_1wbjzm9gPE;yeL9?s*q6OaT)}DeK&(AV&G>szUp5V#@6%OVE7|@|?imIwG&;%{
zVXw0~f%@}RF;IJxS!6#AJyUK>ZYCE5X=+w&#N1w8jmzIo(SL%Y1sEv9rJK73g@P1m
z^I3VGm4N{)<~a+SF@U8$3;<~m6A6iWC~z5JEsTIP$|zwHe2b6=)aB?@^fK(<4EI}4
z=l~Kb;;|>-rk-U8<oD3u2!qVXoci)#ij^~Odr#BaYEyCTucjv{oBxclLKKPRzu!Wd
zsx$-3VE967;6(aYNg)!oPGzjNXug?WasEpn)=s4T_7fq5<I!tPwY3a^Lduw*XaxgU
z->>5bZA?K+bQurY((x-3LddTQLREg&Rq@^<5r0szC2?#`L)S8D^wHz_GRi!d3rio+
zN@{H}Ml#X*+f~_Lp`HI1`=E7)GUnfrAdNM%?HgcmpO6xT_<tL;!5~d-bdD@YgRr6=
zUleibn?W6)mfBmgYWjHC=rPITUGf6qvxJ6+PNpFpjh`lPSwDk-buR}|q6ZlZy%7m_
z>dTkNgie!yJm>{hIRKRorB{BuaRYs~FuIbIRw+%f8Z54hBJL(gNuiFB#Vn&mjsP%D
zN0g+P*<wTO^*1PbUXzPW6Z4k=zDUx{g$5t_2{1*DeMA?WkDC{syTAEvDX}p4rlXO!
zzU*<?#>F1Ebp0>IgO^bIA{gzbOI#ac=y!!te`-)ybL_qZ%{mYknQE2CfQwsEosIW_
zaN28VXsQF4k!qKS7yczy_r@63stA8nrJ23=rLvf-T{a^)y#yCXnzz3?JOvb$SM>0i
zCI#rD@joXVs3a*0J0s)j@5q*!J|4I#gTFmlPMB3}oMvw3st2i372|8V=bJ@PUkUTD
z9OUyal!kpy5m7o~(@c+2w6y@PM9g-MxK66C3bWNZ14$CJ_aiT$qm~aLk}P+av!Tm2
zke{01zW~Q;o}WC^*agnxszl-mhx9?XgwwpdmV1~|UU|U@zVM076H9A3<7KoRgmbpe
zFxU3n2;O~6(QY11fNe`v{-|knilp+}+r~#z%}rQbrMi0lSTJwAj5XR~dxx5S&94=D
zCeXd5g;BOekzBk_h<_ckDgxUx5<LN(<#^g=`z0$kCR<pQcXBg}pwmP>ZcSbiSoNw0
z*ikp@FNcqMlEYJf19CUVUoBzpjwXK%kbQR{Jv`ir?N>QgrI+dNGams&&AZ*}K}fRN
zOR}Km&LbE1bLre$qbv>U6q$spw(a>`!Qwvw6HyoHiMyloJcoY+CI775aCGyej{==^
zG)79giXNX4^P|0EDIOVR%rlVHd3GfjdqGAUJwNOhWEIHyr+eq0f`|hkNT;g@(l>LK
zalRBd3wI#xC&%M5iRb<%0xaTLuyH}G>nM8SyItYFRoM)f<XD&0>!MY<?Gyv(pvARv
zLbH@FQ>%X(vi-6G#5KR2Q#jrdFYu2G5~Oa;Gu@zm@pRNsTl6&Jy}#<n>Oe1MdAA2h
zS`Q0g)s}r3{4;mEqbMYkEFkvip|5@3*ml@9ENR_VG|F2G2&i&?g~FvGDY;0DRmD2I
z<@>!@uY*%~)K`=|887P(X>7R=nJg->x<<53yF^C<p2r<a@UXw6&<|%x;f^?06`OSO
z_R6M9c0+5C%*7p#vbnzfH2*`D0kb^tr$1B?ZRGhH%=fv_v7hp@I7OE|L7+Fy8Z2Kw
zO<^cRynRB{_uwrqA|oE}pRQ;Kx!g?G3W-m$e63r%GJvTQ0_RtjbO%)LLsu!I>%}(*
z$L`JcA&5hu1=%{TtIS0T_vFKv1MisY9X%#sLh@pj2{d@eiU_btq!A#r6(SwkNv28G
z)twTzoe0}Cjw~Q>h6u{zt!Qmb!V5u({~!h7lg>B-XKc-SR+6m#OfQCW)rj;!Ta3-|
zClOE9%ZSpHV~3_+UwSXuL4~813`&XN7$I|6v_u$}yjmKeG+@lLSbv=tAx%j_dP}e`
ztb|of{pNQrf>;rMc-LS`!Bf5U{!%ClDlMmC7lqH&O>kJw!EJJYkMd3;e7ps+lAZ)%
zbJBObN%c2<VR78_!wf{=Z-3`FF4_u0{Y6(Ba}kw5gc2+ew3=A4n5J8ZDqv2)RHTQX
zNa!Y+U#6vkS>@+r@0A$)%fsuWhrG-T|C0N08y>Giu;SREel-EBJOFS*(-v}gfv^f+
zf%9yOZH~I%3X}BPlJoQaKN-=ArF7Akg8_wlalbriHW^*pjXRqo<AF#f7gYX0uRDWq
zT1GEg@%`gd9vW=igevBAnFF#iHEg3(P|fQc=ckNHUZzTYFb94WtX8zd??Ycb>&juI
z$j4fSq$=iQK@Y}hem-8lB7t<jtT;vDXYX9&f-^q!+0$cUZo}|GZ2grh$iW@%s~HRB
znc*{Fn7Q4f6(9*$4mNsVFYcE%N?|Gy4D0*cXCQMxoOyWVhIh(s6IxzzvjYitIZ8_&
zI+dTm#Fn7U6Gr#B6P0y5WPX!?rO$K(Gsy*qVU-O+gk^UbLW@6JRPw{}Xg6`_u%<sj
zjRW^p;LGxKv_1t`_G@ResGZd^K%hCB+bJ;O<YtqJ*=`6l56!4gm&npMmcXjYoAEjK
zRRr8|qTGRDQaXfCC}2(`6Y?-l=*_l~*o2@5DR>a})V_7r`LMvATgce;#|wW)KU5lK
zB^$fPS7s@W0f1}nJKUCzsS!>b|E<7bwjHL<mb!4jBe)}mo)kVpSqI`(G~`qOi=X>;
zqGapy!e9JbQI_<Wtj7~x#61BPFKX}8D2t#ajXUQ^rA?=Gp6}kQPWGQC$dTf4?<dW`
z5y`2y91N;A++2@d*QT~COwc8|CPzRzjtSov`K>0VY~VPg_u~`1yyUHq&M{ov2!V?)
zw|E8NLSvdw9KyGs(|2i0wLPqSk(kvvH-&5V`&gJ_>C{uNx-cbhYtxje*K9se<pob+
z$_`3V#VY|awD9SpwSnuCC#Qewu_q_r;|emnub^QB{iz6NU5*Klh==>TDaR;I8e+DN
z9Nxyk_aZ4fJJ047<jGTUhq8^v&x725A|LjLj)`rhCUVmICB`kjjYyy$%4336B_M$<
z2qR2?m?kPD`#RP{V)v#mJ&7sH?z|vol}6aR>6n1lfn+SA%w`7Unj6H^fA?X)z@r9@
zLI3$pPYb)AjVRumK+}mCWg54Yf$9$Ww4eB0EZwS)F=bVKYRl*ox`QPXg}`4HZ=tCz
zJlx~Z1QP1L{c+UE6?i519fNGz{M27>Ah}ZE7HYmYk(AQd{!3rx2rw~cWaw9Xca%G&
z(<B$6zu6nb^t8UJHp>m6>r-++b!ONIx`!*BaL&B3A7cN>y@S$^;7NqbB?5W~v894N
z&$VLcD(lCI*kr<@vAp9~t)K3E7=raf<(1Zc>Qor2hW@HA8n1Qq%@^oee^fEGgRn?y
z`!ZG@iS`#h!1sAZUOjVt?Db}ahgluvG86%^@%>P1LkJcMv7wyCG_KJDWbMlky8C<B
z9r_)hkEy>Iz(+EyV?%X&jFy4vVm-85+yfE!XDgf)yRT_M-gPW0o!`?dJ<fnqe^qr+
zT#7fXImQYTTXXZ>u@{<U<~JQDR#Y&e6Df_Fvp(&28<;&PpOS6;UifSBqvexucC;VP
z&wy9&J#^l0dLL5$>L(Q_u3HFl59b*FHeF7z=12(h;rFXp4_k5A(vKVGe){dCdJTwo
zPPRy;sH0<cQ8j~-l6AH3xdrS&u9`l9|Gvb7tmVA_`5B^8p;EQ^<Q5iZtqtbc;(ju>
z3*MP7+eUe%BiZw)40vc|yX#cfVIwmp4U8BFJkO^EFkCga^s+(`ijswNuuZkkdRnD7
z@P=Fc_bseqYRzX>nC$A?-9#p;2whjSKK;<(N3DWf*Tcm+X1LM4EL-V`Ci(zH^Frgh
zgP?HL+)msJ59QHSZ#x`n;*{I3HYV%pzcItAdXVcV+q%GEqmlo!cx|~Hf9{*u``i_W
zsNtNhgy^{l1javvQvgvx|4KsFZAFTV0x)K%Z~;1LoQHZv)#$V!w0hC*y{M^Nlyog+
zI*El;vdUmJn$d?$S-zF4bT;=$N!T);PEXgxsB^v^AqvZ(C>a0uXjh*G16{?dOR~Cw
z>^5qR%7(tr*-mD~_(0zgev@}*HJhb%Wa$tm#Y-j8cr&;5XUN-4;hQNcpd%*64o`df
zn?ieSGQ=qVOLCh~;GFq0g{m-+V`p;qM!H1(Z16r8X4Pk=RBQe#bIajMm*vZyZE$<A
zoFMOicLApPeioDIORzj-9nYomh{xZ;%5q>o!&4J=+>gE|>CykNSPA@bHA?WXnmsVM
zMJ`j))2vg?9%!K)W~|=+P_nbO$5d9>Ck7Z;W!dGr*92y*u{(ruXWL4Tb97d20+0s2
zg7J@bl4~basMPALPtFo{?^W!_^w5NQ@cx=%ya~y~p9h-k?p25F`xp2czYJuMwzU1v
zBt8QIiuL{Xt_Rr+G6%MUW@4HW(;%2Gra*u=<>q!;W91IB2g^xJ@Y8pbj2Pe4dk%Y^
z`Kz`=viH7NskcT+Fal(%(2vdH^G=xwe~_mIf#;$^{>{|wQ%@|~vYTUhH%0{=kfr#8
zBCn&4L@}D=SMz<^vUu0;3?nZ+plkG6Wu-nPt3t<DE-yU^TFmeNE=v6ryN=_pr3Gjw
z*G!eWxDusk;p^;*s2Rpd!=%pxm@#dMFn?x~ZF{Y<o9}iuaz$x{2xhjS4J#qZi@B>(
z04n7a`OXwoJy;!mzLSwH-yPrqf}y>4`%$yXzX`C)^udr@q1Roy&njfC#D7V{aa>^3
zgr24y8&PpgATYYwtLRP=nGHPQBC?9mVXWD_S|ly=_Kel&agqxCRXXcB?x${2TJ&JW
z8(WkxTiXe|6E!?n>~X4{Po)Bx(l~SBYjCyNo^Q}Vq{=a`o%w3-c7KA#0R1OZxvFm=
z2>xEt0m+Qs5=G#TQvQ;GJ5BYL#MWH2uPZ=Dae%RbgMnUj-<xckGfHvb$ens8!%QUM
zPvi|Qpr2-bYN=qgh$6MY=LC$ORq?$%pnli384*6MvE-_CIG?y8d}<2lytP_RUg0Eg
zS6vmD$C-y|Ome3@I<N;t#J9{J?+qMLifBYdAyD*x<+u`pMS{M%dCc_oc^eQvRoWl1
z+sw+Pk;+ukB3;LcQlQ#KYD0-gQF)*epaU^F|HPKvvp62vBCW>$ksRB?Q7CvLk`OPZ
z(VB++-Fr5v;Jok-pMw5%-=t46g5>;DVo>JjoUAGJug9}WIJ7e(#NjqiB9w!b2)H#$
z%%IH!)P%&dxuK(S|3RGU%HoiXS+ra9)WZI?xr=WH3&j~kRVYu1K&MWSk4k%JlKc*@
z`hGt*FHNUvtESvc2~aZK2SQCcWeFYVPj`<6bY{CaanmrIT_&03jsZ(G>nMnrI&asm
zlM$PK-nDRdA}GDYz)4qX*lB9)+5F^r_m<4EM~vIV;g%J$^{r8LJgal>rSVO5VeKWc
z0<D>S3VvS2c6?#q_VMX^y?UF|#jQRH;ln&%{ui@0PiB`ROi$+zy8F9P-G9_i90Di6
z!o9(*)Z=GMen;2KR**5t=#ZhR=`DBUp*Ol){8IK8>&HJ;mr}3Y{)6bTzPydPl?Fp>
z3fG3Gi{`brrWe0E<6Y@;eSb%-F5z_*hB)+?RMU<lZ=IiQbc6StasFMhrqL7Kzq?W|
zWUVi5s!yE3i>sY9{9<BDy1Qd(^x_a@;f`w`;t&yfe$i2%TX7ahyL~PD<+$2Zmefer
z|L?6c?G_NVJ!y)D(yJuV8pBCtx%Dqr|6F@}lWvZ45x$uZlzB0H+Bv@gp&-MqsNAZ?
z2V7J$*54^(%hYHS=_9yJ^RH0~g8QEE+_;WKjB@4de9lR=%uX+)5tnxyD6Zvj$_pQZ
zj}SII@|dP2KJ#P}_fhLG2H%2nV7eZ|3nVIk#Pbe*hvPu}kiY`uPmX>5<Tl)-i^2H$
zAZcpKYHb_=RwL`i6@vXTvBj}N0)Kg&bpQ_eIh}~!u>>;fWf>hTs11+QdF^0ODk^qd
zmAR-PYKzL)>`(!KSCy{^+eK2QC~$oN`?j01@{w#9>IVc(PRJ|XCxBR*#<wlAILPr+
zk0zHmRdsT+k#2@6l>Lj891lhwfcNgZIa9LK3|VOt4iqTAXiku4IgU2t4t&X~vA_Y)
zAMj)^sy1Ad#=e9vvqLKtLVSb$wQD^m_*)*|B(@HR1yhs7MgR&+(&6C%AeFwuUovol
zew{f@6R5@w_eS5_Qoj$fA~Cc77xGg6=y+z;Bm_m~NPPwcxx02?=uJ8}ne@C3^yrAV
z6rP$t;(;7)792?Du{0<*O8VacYE?qJJ5R+b8YmQ+I<zZA7G{#a|B5bMrb-56ldH2H
zuCXN_&U3HJ!q-Lm$-kT))TLV@!1+BLA_F!{39x#Px5Ey4cOvDp3^Oon6~ebnRANco
zTtv!^DLHeAuRn!R3PPq82WH+jvekW>uymW^-Rt@EG}P;tt<u~ZNjnE}jo^t&O$!Y?
zFy?CWl-rCkwT|!UY{}P>5?5>iDq~1L^J~9mR&QdXkneY{peKi3IQRU6b$-;w{swbt
zl=48V6pl4&Tns`Y$WQYxVE)W6n7?$tin}q6eQ6(T&LgkwR&@Ho@R+#5i?)iTNr3wg
zW`XsdlRi!CXNtf|#1amwZ;^-o)l%u&bG3tPy0Sp4ZAqaZKglgp2BoHnr?#*Us9+og
zGiY>Y+(6P)8%gqp>)$5Y2(zxEg9Vlu&cP4BII&bsX@ZS0IM&}p&dq=8^c1_){|3((
zTmxSMU@8Rq>>paxV}-A%(o|Lt5~RKiT+26b2t-1g_suE?7T~Ugutf`iFB_74T>;}4
z0oTEve*N#3jLQjtRvR?tLZd2?Q3MTo>*YX{q+pvi-WX24U^|Zd)RF?!MnVq^7U=*Y
z<s$QZ99aYt$6W&ECdZ{%KFWWyY>B_3Pr$xCoFJv7`b-rtP`$P8USK&5*3L==zFH>#
zK2i@R(Ha%@$fH5*75pEh@S6?LYTE+J=3gMyX}eNy1rnwnxyK)Yqr1mjUGx<InI!LW
zJ_cTGwq%~2f5z?wq3aRu=5R4C;i#%Kb2(m~jHs%XNEDRjCFsoYb7+I)3MZ6CXZc>w
zGb-k$<3ka@htG_lGLLu<ny^G{cj`5lof*ju?@EL<(Z#r$lWX<9t!O(8rkWmpIRlpJ
zPp5vQF#EvE?X9+{MGYE3v{Y}oY}2BQUC<`r-zsskj>ec;9rKELTf<X%-m!vm7`Af6
z7rjTuK5+1tIewIl`QquW{p){~Hf6tXl)i{wn1EF4=J=b#OZ8!p68#5>atxR_bq=aO
zq!aIRK|5`aIui_4`HiMtyzNRIxR7y99#La*{0|cGCs5%!;y=h&+0B4(0<sfU%bP)`
zzM$0{gdFQ_Jki#+olhk?uzd4Bh{|qt>gSv3d5mfJe~|xibl&k){f{5Nw#tgawO16v
zHL_Pm$_{035yHjI>Y8O<J0lq(dxh-%v0WoOx%O7B%!`Zf@7?dOirXFMdf>dy^YwfI
zf$;Z^;r~H~#@siqP95hX-o(2pjQ&81%sWPUw!qI00~D1H0vTeuuBm9PW&sK1a<sJ&
zTm4HB52cz@@o-r5@IN;xY1)UQDYDQ?5R{Tc)!mY=&BM!2yi!}|TBMA7wpIeCJ1-2%
zy2m!8-0%y3s?k&{k;8<>zfC}CS?b8^{6#gcy3$s|X5lheGfr}3+pg(TkAt*zKX+mT
z#OmVy#=DfZ@-9bqFD7XpF9{Rd!&xoKa4B$V6C>$@FrY+q3r6k{MB1e+u24F;&5Fgp
zku?rgZ2?yEpJ;)&KN|0JK1}u1&EkV^^o;6rpBM>hyR%+c6WQMTvzdL<b~pAEf~CG}
zGAg*_R4?LFZfc2BaVGE~9yrvJbur%GXf(<3NM-y<fB<i+-yzzI1OMsfx=A+cl&l1<
z&5j1C)pIN5GlMDfe3QKf$1mUBNlJ5{+Wu|2NVgx5wvQGrlrw?DW`epUBU9qt??M(D
z7$Z5lh__?kk{;P{?LQ@4QJwDh5t?+>_A7}IlDO)js0p@)wHW68whG{aIo*qwT+S^5
zn_l<`D_LH_jR+j!Em{)6A=^{)wo%4V{w0Ig-aUJI_z=&4TS^UgdiRvEM2#pkQQwM6
zodK5GBZ?s2I7Q@7#Df0zy^#WuDYo?(*#SN^c!?oCGyV&Gi<w>_Ybm?Ob-wObFD=Ux
zQQX7iS5(r}3R>xHy8xXcNS{Jz$xaHxKiBhC&qPJdDK<%qSc}sBYnT<`o*xg$hFQn_
z%Ej4t3aM^i(osz-HVxP-6_fh&vX&_>&?l^ZJ=T)t!};08BVmD5bX4H04Dk`=w$S7I
zK_)9%(Zkx_Dt%feBVxfZrjeVuH9W7ec@Sp}VUq&VAj?1BDDQn%f5}j%)i$aW{N^%t
zs;3ThH7@+ChwuRl9i=W-4Eu^$kBUG<cb}cNe-|<_wECNUvHC6Kv)yXZ^F!TzQ8I&k
zeK1t7*g`}^ko|Nuy}1kbiFUdA%b7rgb3abydu#A|n_ZNa<urBc7|n9ML^da=#VNKD
z(ZC?u&$6@~6%n7=4m;<s?)IiAHWBT(YEbpr?u1ug?fX$ZdGy{mV&Rd+`$ukLcGFDY
zEl3SzhOE`CFE}#PaxY|tB|PyWh%7%;0jw4U(l^7wG%fdi@07w{lNN<keFv?!E}qc2
zAX;KJ@~L9^Iie17xS&fhxl1}uX;tT5_3c#E#YiW~8Zi1!FdS?aE71FVMz=B8Ba=kK
zb}OmKQ4Aa5g3@(*7c(eKLRU+MakGcX`aRNGCbtit(K)r4qgba~)c9gO3j9hnxF@tv
ziHVLw9=n+FN8yeZ?DPdU31I6bac1*9;TRrr*3p&Y52Ri=ZrD#|+FOwUnh*aGNs;}n
z40i&yjkwt{Ib{SwFn<wRLLpFCQ(8+VrI{thaH8C>z?`s;ZfQ=p=9dANanXK<(zXHc
z+zz)V;gRT6%Oe(-1ZgoEvXUN|qB1_wIn*uN>->ZS)r-*Ac4Y4;%xOG$n~#iy>Ai5w
z??b&9*B~?`O-2S~WC0>NGjDL3w8N7^`tY!hhF~;Hx>(%uJHE%2>4OVW>vO4l$0+CJ
z@mqkRVpcuf$eFNeB>Vi{1d3Vg%@HM%o0@pf8Rxfe&*$wQO!i#@I%i=C%WV5O3{iF1
zg+v)uRzC4^q#y3HZhRE@Y-fDT%lkIvysbjjxZ&<rQ%C)l;FU?bvm#fyvy1e8_OgdU
z_0AsQtKo3ztF>$)MhdfCC$1HdK2n_96G4@xBMDuv3KVOf{JcYViz$6U4=B1dk)dg1
zwH?pF;JjN_Q7=9?Gj=|sd1^-eRNDIN_D|(q3Hup$Qc)aK$2fcCMcy=zoiIE>@j7x5
zJCRUpg7#)nU(^?3(=0{U@2`$zSvG7Jm_QZQ1S7eK#*<$hoOq(W?VrFsZ+V%b7J1FS
zYKV;*?<Uoq{+4#z!oaDQh;4UY)lP@BizSeLp{W!S^%>=B{c)4zWf?ohAx@|BbGUyQ
z?SWQ<_Rm-+^(f?x-sFyK&T9EtN<43aZ|zkdkAF8Em229<=ibbQKJM>2L`J3X)iGbG
zb{^ZWIB5^ZhgY3CLKk<x?v7fnaWKZ~5}(LaEkX%CY7-djW`SzxH?R2eWB%1OG7M~Q
z?_CfgzYLsjGUgaCkkIdD9u2f}&~>TqvR-$dLpB>1G`YpX81WSe#^I|KG2sDo)qB*@
z69_Nag&tIO2*Hp_C9hdqNB_sdbe2O~b@|S@Ne1ecNVan0I{x(J7-{T=htxx1C<=Lq
zl+WEUOmQ_x6^Hn?7Sh5}uYG4}UZfs?++w5C#^-q+a!W|bKB03f>_Q1xU>5yFeHz}s
z36>^tkm+ID_o2rJv-o~^nVZ(y&3PQLTrM-&B9|kl>TLwbOy+ryQE?~z5^m{$Riw0C
z)cS3{SU65t%j8y9ZkpFdFxfK;3OjjB_3=6pre>xPgu7V9rxZ(jc@jVRmmHGq5_*nq
zik;3er(<jFb|*nZbI^-j%nVQ=r{a&Y*J|ifv}8QYql-pfdS1&HeyaqBQ11O{sI<(p
z<T$W0))!2nEibON!_*%{@sr;Fep<L#Hr9BMph<vVM=;*6DYn|h-@tT-df$s9^IOj$
zMegYe?zG_+xuo}GMa1i#PO_+vQ&ZP#K28#lj0biW4)y_<j#R1aNJ~n}VIRg-qN5Lp
z&tSgpVW%UFFHK>UA$~b^m>`YVGA8v2C;PLEEaUwF4aSCh2>&pQ+Ztz!?+1pj)Ga*z
z^#^>x2D%M+Lx)c%uHpQJfu)kT5N>!jmN06D>|Jd=U*7xGL7dr_3wS@6z|eNdR}AtJ
zfcQc(yhCuzs|UWSI|TcZAIyqx3Tp%*!mTOlyA%%uGqMz&MC%zLQbVsJ)y<pkYjgx~
zo&+mR@m8rq!xE&{e))2NuGiuwmpTueKy`-!&{~vpF<G}b$Fu)ZfAzczq&S=Ij_aWP
z1v+V|^Rb=e>#14PEe$yn_vl3M_;hv+Hu5$u@VP|Rrd4wP;DIa#4ssq1ZS_E`S&;76
znaH-6?0${Rj536GgyV#9P={UX8$Wo946sDfHj*5LRaU<yLyjYl^kG!$orH2=;9iov
znC<2+!m1-xya%=%q2%7=8Zih$r2b$iRk6-1r3$*Iz3{~`Y7H9K2;&YPI%}C?gjR!R
z{^OV_=(-alXnx`6sH0hR+mc(Ju_`y)WU1~p?lTVolBdCqD(^(4*_kZ#^)!45{e<Xw
zWv#F9LYDOXEZs(vUIBhaWcTCs8)~~h79Kv^j+(;HN&Rb~@qYR6U`qCrED?JRsJopS
zap`S$c)qG%&lode9=6T6-=>SD+y!Ax(SK3}GQ|s_t2-b(s-oQ~vB4SFjVRTyA_9MR
z85oq{Moh(DYIX(wb$s<TMxgw}p!J5&M;?WpJG9&&Z+g+bL;B|)V4vnr=>3F@K*sj=
z*EAre4Bg^V>?cdF{-74){zXqC%dB+ZzF@ianKt6!nMzHB83GTJ;&z0d+e=g6RALT}
zHv+L&Y?l=uIBGv_`Cirl=4fu63!&d+Kefx+tui(OvY`mV6weGW0Jlj8fFpKZZJFXx
zE%|f6CH=P*pOgU}mLY#FkI#rXX%qAy5hDB36qdMJV$h^Bk8{w51q=Z>QV&(JEsow=
zQCYmZ!`P!R9f`g<$7Qo9Y!%Abb}C**bu%3~0Dn>%p|`bG3T_@9rP$1Se_&!D-A62X
zDlso6c;NUtde>SMLbGix+IXPXxxSy!`k1kjf(fpzMWvR|-I!W8sI4U`jPMROVd_xj
zdFiRbWlJloXSq5)BHo###A=}p6CIEwA~5O^T;~07?d%lZ+U^{dU^?|t4_ZdWPred7
zYk9x1ZPc<~6-KP>T0n-b`*T~Dw@NgWb~O6^x3_ksv3wqN&!XvW2XJwcPB;}*^bC=6
z72bBxth-~O@=9(<uw;JO8F*Z7aAtn?QhQQ%xSiLTSQebOdz(y|efpv0fW_t)P^Pl-
z5?SMwqsXsf=Wb}YjBh$EsQ26xpYj#76xOBwG^7yG05F}!KFI^<szNfzSJdJxB|Ey$
zW&2MR(&{d8H8{4!X3}*9*^rpO0%=0j)j)wE?B24}uwP4^%CoAik#NeH`gY*rS~z9x
z(0{h}*R|b(t9!gxy^ib|19J;>qapR-Ww>#I#Z&)<)G^H7=1Tv_e}8K{*8<aK6oD@r
zghaZRxWC-&ulE~HJB0thj<0eC*8T@c3v*kYd%|FG86-9+T!qVtxr{ibUb|Lblyi?s
z``tf(u9zDX`#;EW=>H()9fN%eOGjteK!!tUQtTqT&pa&{firMb-6h1q&o71B#}+Ro
z*A>46`t&VYGRw6(?(765ALm@{2TC3(%;Lwo0%CK5{-h^1?TPh!z%O35#LiXqomVBV
z9=5(~b!Ri!d8MGZuGouvbi{por|fXt#6s%wla;{2HM7s_uAURB$`-W1W<XB&g-MwZ
z`gxYbGEOlX&3@fyr7ZG&>m4-}SdkmM8TEyH4c)bSw6z!c@G|yUrCg&_j{9dZ2BXmf
zFIhcfeOUCUnM3=#kN^FPbR@K1hc#SkY^K9fF#}=CCFL9SuU~!uIwZ8c6r6zG(|#p@
zguz&fVMX^YtilWZ1~ohK&y^&{)qa2Jl@7Q#)}d<Qg;)LS-z-t-_y(P@87)zc{K67a
zDgk<TKYQDqng;=k@W$opPG5`kM%eR|8?m6Ar>8E*3cO8X^Vg5R+x`ottV!*i|Jj??
zj)(p!z6W4qz5nQ_hvhXX0G6r;yzv<Tn7TSUYz~0K3H=&#^WE*H!JLNw67qhN(L9~f
zEO0lL>Pel}WH3RKr!b|UzC}oQ169<2ETnh9J?l_Lku*PueKu<RJ=`1QP}R2Q;9p(y
z-%9@80Gg$sv~>LnmG{zL@&KnKq$CFZr;g~5Q0=dSwQ+zZ`A!4Ss7?B@ooP1_TIZPn
z9~pJQc*SEb_nQ=%HuJ%&vCj6CqN(}Lse+E*%?3g1P29*qB{rDpthjlQ!hC8nDSall
zHzt}`B8jMa>!xkdYhUu28n~zO`mRusQv;7g>Mo&pR^t5hkWh`i^xY44_9E`Ey$-KY
z^-|NB`DT|V^d4sWC4!!c$1GGRmqLY?|F&C*n*DjCzLpC8-Dz(3AA3<(&n|8slod+l
z6n&!3t9;QA$D5m@RQ9M|O(q2-IR!iH;wWbnvGczkoI)WDMQO$l$ogLrP$SEIKS7cR
zWZL&eYd{%|(Lbxe5UinDn@_)Z<3!+`!6gyN;URPI5?Wyw>BbcW{M?Lt#U)0}{bb)g
zKp^v@r~70V%(%f~9+!WYGQFJOwu3@mWZwsFB-Y_h0xoPRNN_g(sN_k+L1~A@Q%vf<
zu&_ja{;Tz>9zwaGuVylH&|C7dru@ZUaK+f^9&Iy)^6k}slI~7c=Q5d}T^~LN1BsFC
zU$c0Sc~y4>Q$8as*LG*2kU$?Y@%Pn>5ZARkW$eUpv>2QM8#kPgQlpu-UL>0<{;g4#
ztKDy@{x>6w#b{sKvqm=%Pwm7J*Jrx$SGyE4!_|HD0r)`+5nLODf@L)5@i^_QmIyr8
zThol$^N0H&bmnijjw%00Wti(X5J`Y_HIe)&`hUGW$M`|oW|T1qG|KatcETx1l@n4V
zT45c%Q15Pfg@iL;YVuts=fXMgztn<R-?~2vQmO#Nzdbfh|4+9kDU1pEIaPr*{cR7q
zj~@8*I71@5RH%8G!nj!0TFCEy<xdJ7l-$%;Z`S`}ryT+-KO3V^)34(2k8hj_*2Sxj
z&W9wj6=ck^3F|hT_N+dob}IvN?B!F}0Ip#ouW!b6+iP9N@<rc>Bl(zYO~NYQl{K)z
zj@ydXZi!H-r>!=b?r{GO5bkkI73Fxr-?*s#bo)Z;T5=xG?tZn@I>wsg5??02_a~fj
zZI<^|8WM5fyDz}UZh8qwBt`801^zGO&$X~zhrs^cRpZ{z{wT~)tI|zmd(g}6Ylh>7
zfy0Y)!4*aKj>ACaOVCOCN_Jkg5obAnfKR`cJoxm)v6k`^i;w5Kvi!U4ifmTCSBl-&
zS!YY^GY9)Y?hSwA`|%w^0r5etK5e6ZZus)Cw*l`nYX-5NLoZ*iCgL8w3ecVKm$upO
z<JeFq;(#e6NF_BN`!)GFk_iI*wV@%En@jd6wMP~)EhBYw?q(9G>*K}nFoqtRIbip^
zZu;o_a%>#cHe<3*>e%8T{Vt|+y&!S@(C^&yL`yP9FrYn2R<%`j(7?Qk_b-Mc)7a+*
z;|#r^&d6Gvj<RdUra+)GeY3Ua7<am>ijRLKi4`z<nFX9})CX|rF(<heMDH{-2B>pE
z*brJTs=?fWCs#qA<Vr6c*s|SoZ4$cihx?o%-%}s)1AD>K846P@G+?lx!aCl9QO1LH
zHyaf*>4s9O@#7BuR4o%wCxc<$6@0NJuqocGjj2GcL<LiR2wpA}Y5?V^d{?A9X0?XV
z7s!d=IKrm&8=`PF3d3$wfFEhhQ!gmga6K@60C1+LVF;|4C)6=Iy(TOOYyXp$dPHO<
zd>=!+7d-alN*_E=oQ{s~=kE(Wg-q0*rU`O$n)LT^q@q0++VF3P%oiPve>`0U@@&fE
zJw>T*C7;L#FQ+$;<Fr3@pQXnV0~^GswnXYnNI;(Xr@Khs2jO80uV7G|?CZRAc1$p%
zhLDDww-(q>({;hAafjM&Bm3=VX~<)}Uoz<7i|)9(39>v0W%r5<wM02g(isSQs}M0}
zG~4c^HFF;DCbLg#83_Au(?NH=D}b6?*jr4Hnrc53xQhBr+>qJ{B=}sQ#%?)IGHbm7
zuJ$9STd<k7EUnGp1_RW|4g9PIl=cA;9u(h0P0onB_3+=|Si!eFBCWuVceU0zP%UJ$
zrP@2A+e${$8~&VB?yQh02+<UYMGGyPXS32#_UX1bInFyl0JM#qF|pf5-!4LcCy6gt
zc9gc2BLIDG^x|4>!k*4kuHSqMbP2>Gn?tJr3>vPH&%fXD*g9-6LO5}sYM7s@BnHqk
zM*|lcG>jILx5tD7!iCsDEE<N{yWn5#x&HeqpaccYe-JB*Tr^pS(`pXB*Rsa{r-T`x
zZlIy=<Q1w-YwvA=k=18c7%=_GS<Hlm?ZT35+`b`y(rQLiu|P#KJ_Y2b%6|>1SGcDv
zic@+d|8pbi!oIK67SK}XgCt>35SSnDdo9KgEvekx2_6BKi4!}~gE(L70A)|&jpEg!
z7X9RX#Y2{sPd{r7uE2wQ3K+Z0`ttVlx9*+)4l5lO)|P(lCtu|03YEn0Z(vc&qIR)?
zf`jiJ*}c_GXo$NdSZ|K9t%Qux!l)?8VfR5L1&N_D{?_@)KP^pFdkpM$XKMNvucDl3
z;!N;~aeOS942kN#)LqW>qVj`~mGu3dP}%Q_-?Uh~me}8PZ}`x#tJ(ZJWZhgAgSPN+
zrsl@<&!5-i;(flR**zMk*N*cGNIV5!qNvul<Imyc*nrHX>78IDM=H0qL2jL(cc_|v
z;bJoX^<TMme3(bbp2W|Ca*Y-gS`CrlvYo85+e)0yIdctT7tT0Gog)+}NJ36kYWHbr
zf!Q}AaF3wi$8P^pKWpdDP~EZye%a@DduvVl7YOa!p<a9p9cpk_RMu7NH)+MUhJw)G
zB+cpZ&%HTVrC(B^_*WL~MdSRVf?MsdU-H9BO)USWof<tB>g2F7;FYJpC2MRHhEY5>
z+8s4(!oAJxHl$&VzYt&m(bB-$T%)X#i1V^B;_(xfwyu6I^LkNIu66-!v9zXvO~!f~
zG$#2z!fVWzl!u(|_IkNYjgRNpBSEhS?p+qY(l+xN%*Y@S_%;&Kp&-NOu-mnO9sEZ5
zDOvKV&2&h!x@FY7kD!wfwyr{*>iUhYMpAzae_FV@0(MiSEy78@o5k|o-5Hr0FEr#S
z0hVk~6DWUBZKL34lyy(-r)j6P-khey;9GNO!e9KBvPc%3WQ;@HlNP#y0^QQ9@8|&T
zV5kVyGP4W+t|f&dR<wsuNt#`c)OC<46OoC-8Ark`-le=c0I6A~*V|}R({8z&wid2u
zl{hZ01pOZ82s~~hXlZMe1;$<QYdfSx407?Hd5H~Z;mLmAPM*w|u%yV^>oiaBAXQ^K
zEEHVZ1+7cLFX7{*`7gux0t799XbWqam>sgf`R%R*S<?9FL1u#&T_hEe_e<l9ew=KA
zCuEHmRrG3~QU&XQekl4?-^AG)JnCFFTY-cywYqL22iw6yuLU0ozR`i%FXG2;Mp}%t
zo15X}2g5&Ydi#)|gNZuZa$!>HrX|WH!jF&tD!2Q<?TDeKGmdoFtD1BB|Dq*;lE^v{
zW33mQU9bk-?-zOESu+Dq(wSP*=Sh26EmeCpw~M&>+uT<oqIIFuALXg<PCjb6W%ppT
zmDaG;j$6^a5h<c2Q1XK#_{@Rjp0HRMbM~4XM}jZoQ^bS^>guXua3FYS*OCU!n&z?4
zI>E&bua0^ZM`BPI=Hm|A8T`<Hk+;dYPn|lK%_%;pmsxFxAvKl1o8rirj?d~!b8}U%
z{Eh(A@sGSp7!M4dA9P}u6_b;F4Esbe3!DeSJpvSwl2-%4c9Gh`P-U!|kLatmkJH;7
z0q)+X%gW8Kr(;Jj!9vP6O1Q}|SjgFJdL#c%JSyujmQJTswBKtwP9^a{$t&)S?-oDr
zKc#3}gsQ6)t8I^(fLb|iU5V6}#RWiN%cR`uWA_rQ+|mQ4CA8duc$T*jJg40Y6^V4p
zXrsxjX3JpXe;rGCg$c|f<u;u9O^2npPTp;HKC#|vdQq5=T4l_RNWE91;8vJLgoTaZ
zH3BG-pTm2uw^tHabL+@E-l(4~1UQUn%PcFu6_vUxL4!rsY>59Z&+5utNoMobwrm_+
zSfJ62k!fyXp!k(XX`(GmU%fa#B>VH=`P6TfRO9e&$zBOTM|^p;pgnJnyDs)o?eRKq
zfwpDp1Kz+nZ7oM|0*jC5(>9OxX{fFQ-K+?lY%Ga{zq)P{spJC<ZJEGWyVD~!RMBI@
zshUpIfsnNK%copHUa4da9J|iPip`y=gPpT?CjOesie`G+<r<h&YoJ+gHrrFTFgA)B
z%CKW7!t_2)=CLkxCHFhEKPUn}prs)F!gr=x@9Yz@(=CkNnaTt|%5<-v8AobcMqhOu
z3<>kUM#W<4hh@iyiY#2%eg6m1KY38FT!ajxSh_2bT`WIN`g+8|vI4yKHNnOQ1_l-3
zW?PIsvG%}9ge9P`Hi;HC=<wneR`;pNuxIB`PVw%=pEZ<pfm`OW)QCmFiw#~<w`FrZ
z6H;Tonx^mt;8WYV?CM%6FT0lqy}$lYMw_*y*Xz$?$1im%kbSvwS=u`J>&lMV4+@EV
z1pSO2%H;TXXN*Aa=~SzqJ|?dlmnp%(Z#(g`8rrLuhYK%^f}jW=-msYq1XQBJb|z}O
z`J(nMW&F0W6Fe$h2&+bAyJrsy*#ls^_Lik$qr1+ws4;Gk-Q<f}AG~~iK)UjZ*0-ck
z7&Da9E8e@$1AAfE>9*coe?J4rkD4;#f9U@UuUdCYrtraOGxzA2@N<TwEdPS2njpQE
z0p2Vo<`3C<k?E9!*f5Wb^n5Q)h+4vKzW3Bb3E-13?2_cRS;OfqkUZO1OgP^&^+<%m
z4k7mwBbhoJ8>PO8Yy@sQDh3zu{y8=`T9QKgjggjBvsP~m$oBSW&Go5DC5aB)ifv>6
zQxJ`cmh`;{yr1<FtE!d=Q@4kLtpOtVhn#4JXw;S9A!-#|aa=Icq&kOhf_tQ-xK)_W
z`k%}5aQ3&iJjrb{GcQ`}RJ)so>HodVqj7B*mHnr0PDU_wEtWBHHE0Nv=Etedtu!az
z?>62rolVY&gFBnR+Qg#ZM8?5y7p;Uxv5ZTIU{ifxjZ*;TiROM(3`RMCiweSf=s<#X
zK2q)3x0C#!WspK9r7r@7QE+ZdYRLx2MW_4NvKY1gAntvCpHuOk(z;DkZsb#_{P+uE
z$c0QOEx|)cC24z4sc!gz3R#b|qQ25wBw;k+#t$VpQLxu)MhPV$=Upo0miVc>T%NUE
zxfA=l-D7H$_Upa7s=lR|q6v*2?HOHfUZNXS(fqeBZRW<s{cME!g}z?#o*<Z%RDg!&
zFnqT_0xkqRs?Wp+<U4mZqvI&DTfy&>D{+QbiQaGDRhO0jocS*4Y5Pa*o`AWZ2|$lF
zuC{7(+#BJYIbR191SDhT{wcz*|FKFN()0>jw{ypc)^6npGw)so4Vmmz73?WW|G66F
zW~~@ctd!a!7DQB4uUvj?-?yAy*XXecky_rTl{z+QIYA0D<n*KGPX0~F4R?rLOJMt3
zFWH+HP8HS(;>@xqy#xcoT30#ZY%Jxf*#FKeE^i!lu&$nGdZD}HrSXncM?o6@gV6sE
zvSV^>R67sU-e_c1!(~SeK`o}!Zm(^wcXw?(ag(8;|Hu!Xv-laG6LMK~Eq%7AYZW_s
z))bgF8-HbYLA|2*XY3;Ra-MCe|5`PGePCVbdh*ctDsxGIB0gW}Lx7wjcYM;t%jLkJ
z<DB(&s>7}S4%e<L6>6`mf;NJBbQqB%tpW98lc|ErOyQPU@2uF-X%qN%>UQ8DS(xYh
zPAh!N{}g`s>|EjZfizi9D0%Hebu6gMDMt4>V^UJa(r)~lk?VJil(y5R&yQE6&L3&o
z6Qyy{Fff-stKDA9?o&pc81)@^qDg&S^ckyB-*}uZxa_3gtZoi5ZKV=?@mLL$UY+<c
zrDna-#~()K&i3Y}q(HWrwJHDhRC!j-vemIZ$eLVfbY5nQq}SA@{!Ad+HgtO-+G)CU
z$HEIu8XpSMrFs@;eGpSY$ZnA^#W^~6-uM?e)!#_8N&-2LSzvL}{n%$)sXxDg(%n(#
zAi<D?fb<)!?_5KhZ@bZndFg;cs(U=?z?>2mVoh>WqMU^cK08EPSLtV~&eI)s(|D?U
z<Ne>eclAq5q}2SKKxk#WeGkA@)s9pW9RCm_G6Ji+OfyuN$dDuT7E!ol+Z2F?Y)}V4
z$0SGW<X#vR`)si9ud6s{O?=CqE%^VusV_DtL!uZie80Ji&@x&)f@VGESZ&6$w^<1^
z+#=uJK2lQ&Vf$<ZtFR9B@UjHD?Vp_mw~eKKdI4-HpmcH>3{ZYhX_^L1R1f_G7=7cA
z=6<1`uzEq-%rvU~V_Gc|exl~BHltD8K*FT%c`+MmG_}onH~R;t+Kl~E$8V3+bowH`
z=pz^<*tR))Sd5j=@_tK`Suah~L+!j&<dW%MX!y1P3Alzk6;<>n*;Kato3~+Zn?$9F
zlU8~2y@xE#Rk;GIzw4zs2Nq*=UNp=@qIpm*7Qyz$9@|kBr|6sU_v}C>M9Z91o#kXF
z$FDC@?m^WJ&?4Vu9o76t#hsA;on;UStpQGRno-4QO$TVXBc;_oFcpuuuqY+#+$^X-
z$%|(oRO>2d2zj0YDfjh!RD}(6rbXF<xOBAMBR?>d_q)ftV7Jy3M^lKsRUWtTGO5;m
zj?&SFIE4o50pM}MB>eyhlFcsCebBJ3qE!h=&Ou^p3ar+#!Ih=eF22@X|ATz2odRvR
zIEW3q*0b_oi?V^AsBYe?I91?a>il3lt6L9PZ4iomf4Z#VTRPf|{3e|*voz1zEfBqs
z;%LU~n;HC?5CbY^EMz{H?HYackAC)NaYF0LAK@c%K-;d6Q9<oXK7B*nq=KnS7wF49
zYEds70QI;x^*nJJBNc0P@h+wShw`;1U*!b;?_b9QAmw_~V)wNed@|-o3tAM&xc7c!
zJ22L@zAdOb=LZ>=!k52JcglYkN~O6FznazZNWHs?It4p(J==NU#Sv!dKXhkt7~%g{
z#|tHT4D?NeqZ2OUs(|@w^r8L=wBC_-MO?$1?P6XmNx%@Z6qZ>Q4v2XO;^cLg@+?u@
zBliUciFwvMa{rW!sW^Oq#hjSGt6;T@SIlhfUchh^VN6zKtFL_f?7?|5W1~1C#zJZs
zN$qkrJGOH?Rc^Y|3nHdfF%f0wwp3x>7KMJ0tM@lZk~6M8brj^j-LKT>b*Rx+;c?l2
z-T=zIj8yEOac4RHx2WIjJy~4vU<rjCuT9l#yxI5zHVNV{8HUc;YGX5l%y!s8@(!-6
z?cCe<B%2Qk4-iBaQar)2{k3apJsq%?CyEqG?hb6P`uR?AN0<6WyCt$}N1pGfYU_WH
ztp7oz!ARl%AUuocpv#CwEWYAT&Sc9cDU>&3c#p3T=AGDaV9eTOARDy~iz5`zcex}i
z?B73OZ0t}np5`V8o6Qjto0;*t441WMxsuv2_!Khm@YvVya!#H*+$z0m%$ko=zK=-O
zm+xi7;1Qq$JH~`BeG@wSq{4ebodr~@*ESB{=woZy!h@f(PMAObbRlKMTi4K(svB;d
zWE?E0?Sjah5$4m9eA;^;vZqIW_FsC&4vrn3sUY6}J<W~5q}r}<aYs7yQ=Dq%+8OvZ
zhGhCRyiQV6P1fspbCKA-3-3kC6jF8{=-a)KlfT%x<aPdBo~XLJ`?P$g?bHo;#1kD_
zQ}HGX<AD}26Ip8%6U)<bcjr<TfsxU;zPnQvyMl%Fvp2Jh!J*2WzcL;e<zfklB-s&B
z`J}#j!+Nh<q8M+)tWWrg3W@uS&ai!(t)L7q&c(4Mth2=NBuXG)u6=QT`{^R>Pzu72
z5qf<Ml6}%|L$)c#97DsQ?l0*Wqr{xqT5rS4<-5j&evC3V(82rFJ~RAeTX%b#&_k%X
zcDNocjAQo^nt<H>A+la5l!M8}Ij8mLUp&Z|ty#l%*+sg-lQxyLIOCh?GS?~NJ}Njf
zHU@;nIAB&<GU-KPbg^I{XHwZsFmH7YJ4hW*LqfiqUi%Z+r()=KU(3WVXlZWeECiF9
zC>Ou>7<&+PLe>Oj+qCB8)N-K{_9f-!aB_N8eV}DogtONXAsZCwQ*4E>cJVM9HRVR&
zOyZ4M2=1<@N8pel@nv+qnI^C%1N?BDJhq$r7h$>`-y#e0E~Sh>I3EsK6<KnpJSZ<c
zm26>MM3Uqyaj!l8i##tQS<sGmZ(`#94Mq3cWlS=SugDhS3+5`*o66aJJvlIDsy#gl
z+YY=TbJ)SioW)i6emLDw7tBD|mwcbpeOd(Nupb%tW5m91-5x)=JGjXgZL5cGpIG)G
zB5AdNNnyOu3%KM|JqqgWN{R9u|K4nb0sR4WD+i8t-QV;_B^U}@T#4KZ)ns7s?y(ad
zINg{tz#nS87Q<D_dI_o~1_>0hf;vucgI5H~^u|kicvM;&arOjf*e5MVM)V>}n?3W$
z$G!slfZ<=x=1qBa#sj$gU0$^h$<S)*HfZt=x+BHTh`b9|bsQ=hHy%q>x!oAC_%<wo
zc%WjirHpxX3^zAwcqfo08Zq5-eZ-=w;cTMW>rb|rsp~|Y9uIyy2d7za^4(l4w7y}b
z2zjD?Pq!c3XCbAjLhOrnaq^*%sOsi)+aRxB)LtycG-E6udoy*hp2MeUe@MwGD6|SC
zz&Z6;G34Z7l>{7=iGIruSNGF&MfG1RSxhpu0++_{Ba=iQ-d7zYFh0gXoXJ+&qEz-7
zXFBA~&D8)A<lw+X$nixCE8-<nzZkY=o{B=!d+<cHSxl-h;GD*DjN@F>@<}K-LQCB>
zn#(H((<cb{Kd{D1uP4|d^Trz}Rb&5x{6}J>WrZ4{FbjAywlG@BAHx{RA6_tx;RM;q
zr0F?`c!z{IaMJ4w-|j^b&SsPAfC0HD2b)`ly{(M0XGySu>@BZEy2#r5wSAx5-lW+s
zlL`}*$r<TXnz(OzVh2YBF9j?$^&M}Rpo1hKRDYiGinH^;B;^;Sm(3Hi1pBY(sQzVP
zkprLh9Bc19?VgsDAM}L&`eG0&$@_w=aZD_Mpqh}#7h&30o!B^Uy?PGmG#L4POG4&1
z*#gQ(HY7r7;`IY2V5Gs;bkk~9+aerFs6PLLj2hh3YD6uc-u?J=ZN^8wk1=c^k(l9~
zW3Kjp2mQc^J~sKDu~>L|Dpp6x5046V<@+wyJhA!B$4bN)2k8;>O=tj?Oa$6STH@Aq
z)@11@1IWQPq=IGNtBrmwgh^dofIT|c$f&)NO}NZ_UhSL=Sa`=eU~rJ($CCXqd;t%}
zSV|cwtQ7}ut)a3ezmt1mNW^vDI+7}EI{fMSzS<BwDk{D8$y#%rvSv1;S`3-b{jPSy
zwznK}7qmCeuMGQR$Ftutq7^2Ix6RfwdX`56=59Le2dZ&_PFYuve+`dS=_pdCvCpis
zGnwd#XalQ^3z=L<XVNIdJtI}j{zBBJ_6za)@i-^17*4a6#<DCw5arMaA2>}D7G(Wo
z_)YelV$5f{bja25;Uy+hb6Lo>)DF7;%9wnB?Ah?@0FGo-ZE*-;!r>E{q`{&+^VO^?
zIorD3>S<o)^S`<vA5##{MLgx3Qdr*P(&e$Nk=|%akwqH5fZ6M|WMS$;8xfH{8cEcU
zf$25q*n*oaWT2k+`MnkB^>4Yao}bH1dSqMP2P@yxc7{hvHYmGzn(9=GE@AFie^_C>
zUV8^kix&8kjB>)q4t+m(UcLrJ2g&6;%NvEoH=gt%3^(Yo4iA|GDxNaz@2^q)EVhJ^
zHK93osr#ev<>X7dVc9hZ%D?N}$G_LeB6P8^Wx<KmdI3i<c+3<Y#k+{gYQ<&@4Y{-l
ztw$6NCk|yUqpH?ffyD`GeUzz94G8WPcks@%wQCpoLUN+ks)9ZAg%Dg%>BL-}?x0YX
zG&?l-G=GI+ggw?x@~wyzZ>7q<n=Df?0=4nU4Lhynh|gTAYfaW|pp!cib<VJ*{Iht2
z`&k|$23K=!)cksaZ?T)@D{L9SL<-C6){v4(x_vit;?okHZ~Y4!v6^wBF_XGj9V<O@
zZ<Y2Z6LN+!UxqhXZmbqoaxS20=KKn)RPbTRi90NGI#IYoc0J?`ZJBPtLs4R0FznSy
zDisEzBWKpNkCDFi(>qZM>G@y`OTQ`YqOeF0%a8zq4|dNVT_^hf>|SzhkEJ=MGi!&D
zT7HFDwsuX8n&-q*t){YH8#!2#fm_{&0s_&NA@WF+n0ip8x0NVj$VcOtdaoz@zAcae
zX%cc$MPM=r0Z+t=LEHTzyXU=2(E#x~(EH7>zfJ_bQKW+1+kk+3e4XYI44pK9_RCd^
ztVsA*;h^aQM7_xdUtQg3*<A_60pr4o`6l#O*h04>g`6Uzjq0*J?;g<h1Pst*WIgtj
zpef)X#oE?f6t|h~4@dNPYde-wj{bD;{#`1W^+n>{9i0&LqfakimLfO93+_zjt9aMi
zN)-Yy>6Pkzgu<qq{aJCFa#I$?wt-GAnghv`JFSl0IxLuy$y$H@42XM9J$pYSgD}M_
z_pOl!zHN+dTHU`2Ga6bdY=E`D!BLMYna*wd41-hoKLEG#<l16=wF^KTd(3l&Xe0)o
z7hUus9J^sClj9wqMyyk|R9qCw*x|#^mJ9qrL(>L2MT@-A0K?hxw-}e{W&SbRuLdF&
zPw|UHkm}r9^+xEF;cC-Vz&*eId_NsIF)E%{D7-MZbi&Vje_<e`*RVPei>NN;y^o=~
z4XbK~D~d)K$@UJ{b44Po+IF)Yfx!rxW_K_R?)2v`eVO|UlAt%1($=cii*EuhAMz~a
zHVNAgtNFg4?$I$|na(()CAFTF*j`N-FGgmmGz-ic(Un<wx4GP0wZV~#aAn?+slsra
zCNum?c~YyQ!2w$KA4!y{i~Ex*B$y&h<K}=_6e>mNH#=b1?tms;r?L}0zgRFv{(Fi}
zS=@>$;GGyVtfE<|n<xYFtbHg|@9I>r3|jvkEi7dBkmHQ@$|g_uNs9x4(wLFM=U!;1
zBTN;hz9PC?r01rk;jLwP*#vo~*Xc+lAl6G^xqOIxXb4k(b?X<1DrL8wo$kN_23Ytj
z(|wqd4IQce+ANP#P$><nFtpZ3ru(2YWf<EgHZ@ec8|S+yU;{1GMbXXaS>5MQ(WsaO
zQXszstWq{%WvR^qMmld*_Q*hsjg`WfB$l+;`fypfRER?gGjj)Kv8?uq7|S75akG%S
zp8!F@#&V?gB%<XRzbttvfi#3NI-0?oP>Hj90cJAz{-#qdp<^CDtf1W)AfV&zP6e9<
zQ@v9eA=-w$LNldhC6REVh`Rzxc7AF)E3YZKlS1j>QpJ<JZG$nz=V7FDOp|z2Pit+H
zro?1?Qh(X6K%Yfdk$q{q>xtTT?mjV_hpQI~vzMRerI?EZ#oX)$JvY{n?qnN&x@Ft=
zAY}Moa6w4j1gW&D%pE$CssM}|a?-l{@&T6M#DQ^L-S|7@3<p!Ck3v-twcv(g3;d$v
zfEpivxpXNKTXnEMfZYq=&v}ClItmC>q3m~ysfr&N`*7UxUpxDHN8vU5$mh)ibdaS&
z8lHVp5mbyXo`L$=^-Bt5!}(S<dLCaSwXxq8jQ^~9o9tojF4+sj{@VGCy&=2vrBQJ9
z6lkf?!8|A(IBJ=Ob2-h40L=($Fj{!pzYr81u$P03)nWFdZi<(qF7_1;V)OcVT-ANK
zAA6`kt&kna(zrA)ulTw5occg}<l7TB;{?rSOqC*aVpSr*s&BM?fODarw}}l3Y~tg4
zP?;O?#b6iIw8=^l_>lyiZpjOkSIV{OuPvOKtRijdy#3C754yb^Bg)n@HhkCO0v`2n
zOZAz#5<E&V2Fq@cp~$Ul%4r4@S^IUS$mUUBCP|5ZcI<CYdw|$l2a==p%f@JiYOYX(
z7}yv*`i^O1UD%yiUax{Sn;;Rb-#^O{Mr!(_doA=0)dV$1j6k-poxW+{Hl}=|fe5HR
zQesE)q{m?;gJbgFmN#Cj*P%|IAXt6_8(})yVUY6PKal8G^3=a%r)yww%sQpQ?qT`|
z@L9a*>eN|2GV^+dmOV<payqPjl?3sFSE4+th)RZp=}*@@g?NcNz>?leC#$O$Xq{qU
zCg8d*ga^2bQ1zD(VB&uG?cl@+L^^_G0d+$8&o4whPMn1Xn!9?@=3~*Z&&C|f8okx)
zvS*^fVj3fwDv*4pcAof*+jOws6uur)e(G;%VINEm2g7XUY~uPAj)LYewG`2Q1AegK
z7Nc?JgDFUqcn&_$8=|4a(`qTn!DJu6)Ei1$+duC&4~U3RtT_{OcV*o{eeEIgesmZ^
z&j&Egc3W@l;Zz+Ea<lkRX%s6t(*DZJr56F+&KvA#rT4|kq_=HZ%(#odbCS7bp`HgJ
z1A>kc=Gh$)f<DFG&<k1x*2*t-`4%oLd)|yKwiK6*`Ak22-N#KGawFj-Ng&DzwfzAE
zK#Ug|0|4cr?lJ_OE@G4uS(4qOx-g_6?LbO7oMQ2wIp|PPg4L0dmn;Mnla4?h4VNz{
z4!jRG%VHiimuAdJfij_rr6B4zG9=UD1)@48>O##w&qakn6tF{(iT3B9+ZB`jLjVkX
znD$7)sq_VWSEiJN${y9lk=o_lgMS{(4R&;Y2;|cJ^c-2nU<_?7_zkQHuslC|BYC7}
zb)EqW5b3Kh9q^EAA$JN0%YXgsv->Il%-GcWL2ORoqxBT#M$<qy{a?7{myiECU!>RB
zcfB2JeOD5<w#dN^P^fHEGAt;UG20BD?UuR}N(IR}qkb1M+D^(e1869mFk9wXV{gS;
zn19szw7SG3Yc=C{c&V+W_FBEByzn@*uDW3-BVBc-@8?BF?0A-|wX(2gGjB6xwLhh}
zeyqDYM2ku=%0gtGCx^$;tefCAaBCMznPdF^S-~+cmj~j~_d;auXDl-QHcc7=4Y**U
z36>0nNYf>oFY@|8;_akv)(=rJvG?vKfasHH!MsMHYH^LLo+BBm*@Ag3u75I{K6{wd
zO~_j={mP7Yq7rW&S>KV`^FNgjLC>g!2m<L)^80|cjx`;_KF(QLvrH?4xodX8bO|}2
zAevC9s=d515RxiL(cf!(=!k^x;}pgYg4V8q?bz{r;i|*o4?O5Hdy6ypq2&)p?g62f
zpC=Cj`O?-8f3L0iS<OkD3y%dIhyM?9>r(y6+&}A(_R?TLtENLodtiTkbghD)he*@m
z8ak~m5WO6vc2r}fD3nv<zjX0rIS3tu)jg^@gs08|DUfTRFgM%eTzvI+5=InHuX$N_
zx6d?QG3?Ae_5k_LTt3L`chC;|r?Epak-6+Ys<Oe1CU3JJu)j=uc(P$0)IJ<Gze`vF
zL4aLM%(X5Xm2{vP<SL>yxSN8c*ZlKC9oQjYm=sUf#?sbtK4#xhA_KCvJ=s(**5B<5
z4|hC)wcE8!XKnn9<6AGv??<D7e5%oNh=PWXn}(~5X$){*OBCi8D3sbFt9spd|9F%w
zYvvfOQuKBKtLT7qKj+7UPTCt>uMvV8e<Vq<PdF*8h+-t<re1u*>@6@__oNG-q#c$5
zLMYkZYq&+ag!8b3qSp3zq4Y(#S**HL(xPBZg|#PV%|nA^$gr!_{l;xEViDHv2h@ab
zI=7?j0s^wWyjr#i%gn6P6k&Q$n(sp@?O+zvizVxFuy=2Cz<3EBlK5&47i-MO##7HH
zMyuSE&D&JFUi-1OJw)lr6CM1wOQd~-b!~njRUtEY50a!E>--^H_H0?!;|`S;`d0FK
zO;ZK(Kg})3MMkPetndPMz%GF?e$$yYmEAXqdH4I6-W@G-NnJ179_k|8xY}5;Bz)jo
zjL%_nihZ39epKf_Qn{7?LA*^E_LJZ}>^kz)5){QgpQ-jY_f)5MgWxf8xLd<sB)VR6
zRoEMRaxt4GVImYzm|j3A49bF3ZQ8OIo02_eX;bS}ruY9qZN#?R0T=7rMCI-x*DycH
z+4W1_yU?-26MC1XSo7Gv?YyMMiVn1h1mBPo*8_&4QIn>8a<y-043+@%I^kNwzc#ID
z*!Etg?w|BeV3aJ5$6mXXt2liS_vALmk*LIra;>W_?1??g^{2a{I6qsbbHe3$HKvTP
z1scfPo?Ye<b6`r&W29A?E-}>7YTGncm6rE=%+KzVsu!4`;g+HWRoG5at`xC~T+SP@
z#}AJR_9%Q<iY^1amET;OU&&nxc?}iTXFhgVjjI8U2))b2pKj~8FG-y9#qgH{{R>gt
zC(|!tw<+<3Lg4Qz6y^@QbUkOKAvlxp!LL``tA&DgipX>yIya|UWAsAuj*wr90e?_X
zs`Ojym18Y)NBnS&>(kf1YD4|FCW;p2!mvTLp*~BTTs767zXGQE1{IF@q$jQ@2?>=7
za0bTRBDp65IltdHh_hb}P!^~9Bd&JhDD0Oer$)kZq_Uvc%vzE9r0KnhS|3^47zdS!
z0_S{l_KldRrhVKE2#%KcCfPUxRN+*a-GZ4TCK%Te3L~02$qD^for8^}3>NNH+jYPm
zWFI6B=;<?1?~4t*j!b)7`eGJ83uD=ED7VLF9;ET{L(KCA4fiwq19gA0ybV*S5(h7%
zI+)^?p7guV@x<Lk*lM)UEL>^KlCoC?`fqPqrG-gaEmLnlL^i=9^QPn=(=Jddw_rR3
zWvvIu+n{)SR?jz%aI(kKGI^GF(ejvZo{cDK2qx~9x*c;%MT|IUs0G-+Xs!k>C>>=U
z2g0OZp?58_L9fg%>Lj(Fn;3oY0lGVggCxPLZL(FAIV4g{SjJlaBXykqe4AFPcm~$e
zfw?Mb3|}!Jen=~d9Gnm45n)VblgZcd3ux_RtXFDc?TIof^u%#{iArkUSBz8EdfKmt
z|6)(5Zb=lPWf|w^?h|^R7%8eHRVDxhPoBbyxy5*clGH3j=ArtW?73aqE8`2+0XSi)
zA(*He>{L)~@>CVM$@fBZam=gb0p5@8k7l)Vi$H}PbM{Kj{<XN!Ri}|!4+cj@txgaH
zNrdMM(EE!Z=l(EaiQ-h7B>BtB9om)lrEa6zg=7R`7{`23QK{$&h=fT4T^V#AtN4Z4
zE{>yV-1)gbAC3%*EdL-7XRo{|6f3>a!eJwAw@aM9Q-ZLy%L!Z*6r+q}?a{ob6EJNu
z!AER+!u=Au^Q!MvXI_mOZ|aa7-i0r#@HoRSzWJ!z#J))$3$-&yVg+wOLI8rI5^6q*
z)$$ztX-Itflu`ETr;jp+?CajwX>z#qN0Ky0Mn+;wwm+xq(pIbM4a?o!6F@@VXohjN
zn$B!Eq!1PJ419*KIJVx`byJRrw)I419w=&Mz-ph_8h7EKgz(<$jrYy%J<81i=Cp2V
z`Yl~3A9IvF9nVm?Eh`2b2WN>0qrh-c<ftkQEcmR4mtw2svIvzsoxP3y((<6a%rT!E
zvpI3q{K4fxP7_+}SATtOO6*f8+I#gDiNVJc`~Aci7)f^Vtgh0&8&s&W`rmBc3EBFN
zmNK>_^Y)gZ3@478=4YeaZ5dz|+vNN4bnJ1Gn2X{9w&AVyhZ5#gV`?v)ysD?J{VouT
z)n5lYs?h^~w$59jy2dQMb!AtTIOn%~cdpk%<~gPcN`OhL;>T6x<Fa0|7PQnD&~~^m
z{mvdtJ+(DQ-T$gnp5wjJ^7Ma@^};N@fY?qIqB{<D7Kp&jfb<{J|4m1zQ>{UJa3=Px
zde|-b{4xOV>tiM16i+!$Zu#!ag2tTfctr7RQVmqOX@T#KPF-?Ka?l#Fyu-6BXXM_&
zV`EH;ohMO{4{h(jW+ekKS3jA6zYBW#LN!4)xQ}}T7_3_wXZK8ablXiLk4!DgaIzn6
zkqBybg*Eq2P!sV>1TPKvx5VGGMJW6a67)4(98oUw-qKevpWEx(Qm)#FZoAfPmS@67
zcrdCB^f}8{O7CUD<TQ>u?g`4|j&X3#ym4kdTj-K}`JzX5ri@#j220Ctwi*in3sT37
zbcDhwsaVf{tOnSi?=?}u3sQqYNgz~MPe;g(YLS1`(ruYnW2npt>W?m)R@j&-GJ^iz
zjEeN4FMYon<niFw<&RyTSSYl+gHDZsYVB*W4W<v}92306Kt5)GwSDrH>qNGuIa~#M
zI;T>y6qQJ=s->{fi`RT_uCOzdYf$XTn|Eib2j5mOKf+L1wM0*X-7QjbQ=DKd&hn6U
zi1Nw4DMS<`!Z`911R|%>CQ+)xmZzVPhA@Q{a2~ukxQkHTU6jSLb3WRQ@-4#n5m4wh
zt3v;oaj1zWzes9i+UtX}|7B+x;#UV$dWDrl0We5kBtpLpGe$yH<iUBO*SSf&KtX!_
zwMixKYB;;t`bHZV-a1XYt1WyNKSz678JVTqRGw$t;ce`BKTElBVq-r~h~0-T>3<Mn
zU|TNSwTVTJo4$9XZeA(o2b2wQm$%H9#bKqyT$M5vk0=Qhg3r}?;Y8k1eyY3q$ltu!
z2m|aARD}V1`#9$WWFY6V8>%wJm^kuOcAw|lHn<u>4t=`P*h7_m34_wC{(?Y_bma0a
zqF$<s*i~f?wU0Wbk{ZIvBGU#0ZMj#8uyP--YP&!+@qzq+sorJ}RZ!7NgNS7F^9sqn
zSGjn7KlT1%dhw^fj}NSx&n~{2zt^&AF^d%{1<VhDFxMc6pMp6;^6ss6_@SlUB)qi%
z1Qc+q5F|Sh;1D+2+J4~$`ASD|`s8ZVRKKqrv^|<v0;i*l9rfd!R$p&C8aJ#~U&%jI
z?ZtOtvYoPYn^`visaApPHsh@gUgXZ20FhFxFUXs4Ph|7J!sxHnT>v3<&8@}_vFbKc
zDdd!ZsBNKEOiA0ZWJ%&U_AX3)`C;Fe|1#1$;G21<$}Hv2>pw^{{~3-tdH2cF^WlTF
zK}{B#cN`_Y<QaCecG`x4SZ3K>H|Yf&KAc#nUfkG$=r4@sCG+g*PvRw$>hQS(3taIH
z=HNn5y{#-wXXz3X0esL6BGbb3A~7)%Z7qdmY<6@Z>tBaWnr^HZXuB~qhLto65y4ca
zT9q3EEG;Bp>M!n$tEnU(-AvDygn7em+>vM)A=#IxBV_a;W9=PnHJl_1R~$FEeQ^Cq
zA1<3Ny*pU=fN#gCJU49q>^v9M?QCd5==AV;2=!BCwhC`2uLXG;4bPLcCu&db!V>ie
z{7thA%^3-QJ>9&mC+Rvh#{>=GqTaq|p<I+<+8nXNG1a4bf0A!#yF7_W)!EPxRA-Wz
z^yl*^lE}HL2$)jXIaPi=V9+laY(<U+xOoh$CA5newmSH%Y}K^2&tJwbu0V5|VwpvH
z5Vsh@wta&*(J?!C;X`5fR_C`zU;3p<83fjlLGkD2xaJGXrKN<mmikUPX0(t`Y<$_;
zdAlO_Hn5#89{t?6*_W@}G!7W%a}Su`NL}>pxUA;*Z)D7GdvE>V;1J!P3L0RkF1Y_e
zR;{k?b&Pb}PF<?MtjDsaUpkSw{|Q)`Z)M{4fyN0ete!9G(9O;Sxg1!fUB5q56mXA!
zC%1or1V|m<vHQV3zU8_IAhxoBON;wkXF+Jk9a+T$qCFOrzt6Yhgo~O};L4y1#0i|^
zfFCILI;bma9iPcJ8xPtL@gTj4xVnnpmoM)3`SnWn+rlqyK~YNmR1tq+w~mK$n8x`&
zwBQv|U<D|vvqoxc;nOa)<NYIGBCVq<(@L<*x$c=udGq=8@4tU^q+;ZFtKWIH$}U9@
zF!a#Zma&|lbv#M-`jshW%NTPP(VZ60h8%Nq@_Xo#vbvQDeX6LDC+7Rjqd51bo#00O
zeP;vu7gRslN^h6O%!M@wzFFU`tUW#Gm_Fe)?V69Iu?Etg!Fe89u3>!y>NJu?fhtB?
z<ZZWS@a~Hi&={kAC~w#Yf|2rS8G^hD9UYT5^IWS1Of#PI&>$n2gWba~);GQYDbW9M
zbl&k${|_8Lk-f6_&d!!iva_?d94Y$Z>^;lginBAaw{TXGy~)nmXU2&{X1}-Je|d1%
z$3=JV*S%iPr|n@{lDB2}-P-HL(D$&r(b$XjdZv#Q^>>4=t~evQgMN$P5_ydT=gg(k
zvDdtI<5~`3_d{cGz`$$bP3s}AIQVOiZ6RUGuBI|?*7S3SL6N?BbSrzU<PJi#5O$pc
z>OaJxfG4ySDqfyC1O{E-nEJc5oQ!4I2k!{kl#j6oXR3B$xZ2i0>JncMk;$n0KmLe?
zmiUju9VzMO&JcJx-W|6D=tx6dqUObAa}6+`Rv;p)k`w{bHr5=&Ck6my9jEl<eczl8
zv4s)coI1bkQ$8s>z72RoiDLYze%T17WMM(?`GcoUU@V{*e4uY8*;3L?Hy7Y?;`yvC
z{`y%2KSX3<8iYCYv9a;0gugtWRc*z~Y2zsOeIS1HjL7${g~L>V$KCL*PeD<OmMuVc
z+WvKF|A#hsnTAJ294*G4CWq(zUR`(eT&Q4RAfHuzSENU8wUqfn*FT6&Y!w(;(dA`b
zr#yONt9%~}rTPY)oGKrG7Wz~JctH<hvaqzB8MG33?_w23GqSn*Ub5}Tz&n0(_u9~%
z@hgfA@TkoPm^Bll(?1KnAaklPUl{nlp+2wdXmRz%G5gMSPkLXg=n*sm;!g>C<jjB<
zmuVzkAK!O>_zpMpsHT9nspB#7EXyXV>c<?$gqIqnetqPVW<3|c)e%|>mj%Jh3Jw02
zeLpxz<8_bbQr`VRi+&Msbf8hCx8@ah`3>vW4~)iM9c~5Gp#Y?_F8aqN77&2eOci!{
z``ZYaS-K)q_ZzDd8crSWR$i%)4Zx(9(Q<_E+<}7rOI5O#rPKs8=#d9|+<n!D>#`pk
zppV=BJN&V6O%ABhL=BcPY>HFj*;c|!kF4b=9L?$Nr{UncXx`v}|AQE6zj*=KFOpv9
zs$*-ptK%didB6&+zBe+Fm$Qu!S8VdGF?9d>k{x_We6|^A*7W|ZDrrf?`o{jTD;6x=
zNG&SpRwUEn6Q2=nMgX$-fY#$7@Zy6}Xd!Xa#J17dBVxAx;P<%5Wns+-by_Vm{ceCw
zf7*NVXFGn<6HIp#SW`Du`J%!dKMDJ!PX|B=mIr;1C|_h(?<eYf5G;D_0}eTow(iJE
zh=y~GPpWsbzid9rX2)htVXf7n@gl@8@f;<T)0xrm-wo)$ygrmeq&f0s_<}|a=B3Zp
zb*mr~73{{fIGFqz433KPw?R$&Dg;E}ucJ2Qnyqt!`Y-5jcjE5J2nUy+wc1pkg(Tf3
z|6O6Wk>EpZUFzy6{Hfhp%>Z?r>)LI(y=!p$@uT*0n_Ckk+M)IRt6$OrIf0`4H?C0w
zXOdpWLp@1*a!lGsUbo+g?dv3w0v&;G{N#0+<k9qBQ+fy^w*EoVsO1oe8`g9zkB&Fl
z`?jwE9rZUl;AXTAq~A-;8h;o%Uy_7-`TE^z{%v&$h?kI{_h3&Kjludgsm!<g>q6c}
zUMu&YQzRhEQq)b;TF3GaOfc%@e+wa*bR!rAW?x3nyzci)F=%x8U{@mhW5HI>VThys
z#!YL%?vs;re7gjJ9&V`ZbM0qvWc6m=8Vl*dfcMMdx$nb9iExI6&E<575mt=PB)n8D
zNC{1c{k|$llvh^ui<Gf`t7#URl3E8Mucg6r$N<C0IVrC=l|y>=fCmFiiW>5mUzyA=
zI5rNv0*oRP77@0k9pX%%Qg(KB59sztH+W8?$SYW}*`DUJrnZcI|D)9mzvt}^zdPfn
ziK#>u9RKwBEcnbU{i2-=T@wwQgI=~opltLEn&>z!pL#$PjL#{!EQyxq6m`}ANSXLd
z96g1cAZ&+`H1oQD|CsxLEgzOAc{w-%QBT|Rc_IE#B_U`UiR~Jf$&Mn&g<r*orDBV8
zjimLdet|Qdz<OV9vIo9X)yHD13CQ$mHa}~6fiTljIzkbU28a|L|K;RA#c3V(c(i2c
z{))<gdNvp>U$eO%eenvOp@$~J#%@(-8KjaUr=Hbq8}V?1X1b}(^4gW2ONDtLZW>F;
z!t*_{o7us0CQS+6d8Zob6E-}GjS?UXYJIq*y8bk7Kj^w0p0XO)5Uxwnt$-j$n$9K-
zO;cHFwe(=dF!ndw!eefR261L9pHdVCos9o3cn1TAnq(WyeW81{QOn-p)&lr<Q=t>4
zoVeJ!VosiX1jOGxbOjI0o6JP<`n%EayMti7J4YBt3>h3Old{$%jfWEKm_6do&L4L$
zlDrIQ8`(edjw)Idrj<W(n~eCNP_AV`F6ef0n_gMMKO?^jVYtKsL4w^rv-j^9kD^_;
zngY7<Fk)AbTFY1gfrV)^k0m7klQS@$26c}gD(IJ}xFWd^Zx#iYLJiBfw<{8~(49yt
zCn*0qHZx!pnb3gCj_AzgcmzaHejy@|RxL}Ypik(d7&kGM{*cZ=N$-2D^tt4Oz48~u
zRD(ZKBNSE@leO=!81?~@%jcWk42l6=EK4Qy*91i2ro!@J=zyR+9S_iMo}0?^TPBac
zi4?wB5m3$%7g&Eb6C1Pw5V{UXaqwK_1ZWt#=>j^^-=L=5s{=oY@4rylFI^@F328n#
z2PHM;5$uqLA!lYc!Hf8I5l6NZ<3x!t=%>OfZ&&S|EKt>w32pvKI2Km_yoEDAgl+V9
zFrz@@!Thrb57xA4{EV`9o;l|9?Gfx}QDupHA6@vQ_asZ0jyPEwCy|v}<>zZT>uc1$
zAg+sd%-;BW!xCzJq&%DB6m(q=3By{|_tNP93D`WE`8KoI?-nljir4xBvaO068^faA
zssyP-&lz(+Zr+c{bdoNHqkI}LBIMlBo!}5R=W#9rPn=ZjTOQM78|*$;BlUQM#1nVN
zF!Ha@M+~A!UZY=084_FS`x^(Ntrj*BHwk|%;+*29@(~2km_zJHX^Pq1iPhfCpMy7b
z0kESNY;_gtsG#n?&==2LaO?4^!8!;zL7u)AZb@eO+g#U2_FNIC>FPFBkp)A~x4e7`
zdw1ZwQu<|#z#-(V^~cemw!Gt*)6e2tN)?V@VE-UPnOxK~gf48{6@NVBcXyJ@Bri*z
zNIz2nkldrL_3Vh?MXoX<5LdQ$ZRjY+vpg1O;)Y65v9n?Dj~@(VP<lC13x7RZ<+rrQ
zcx2rW2NDu@TFm4>i%4B?*-^6Y|9#nhVD7ZX<6ED%&LZ_DVuMg<y9PdSE*0_I1M&pX
zFf}_Nd%I54X#X%z_r8N5wXBbN@T4%-=bp|_9Kty*LSrXgGD<YXj~LC+hiFMd4H3sw
zW5lmNj*J^ZFg=kM1F?B~^FVp$o0k4CEVQT3MHCEyesREG&lxP%l=&!KmV}3Rem{ot
zC(^WA-gC;^+UWP&TK+-v*~e|IiIY>v2UqS$I*xZvH2usM1v%Ydz#Mz|d?;+im)Knd
zU3IG2H@cH^mhOCNt|3f}R@)b!qH>!HULX2Vv2V?vI~tdh|G-eo@e%S@IXmkUTB8)=
z+qJ%xeaA|75uany*D98mjp=^(a7VrkU%?qSShn`>4?b6^k8c?yYDvo)p5w$pzGTVz
z_98E4wS5U^+71LZ9;2wWu2OMNpi)~FPS<fztzcZn@PbOjaq(-gIIvp2ggK&J?xCOe
z*W)0TOJ3feP3}4({AgcTe=dOmOM6g($Sad*!R1n*E1@G=YCSXo0pg0nz(ZI$sjJJ(
z7J~uZ$CcNEl56nH(iK{qu8g)QOMCPYl(CoC*}5_&sSVkOYzt^g(QO^z777GCy0q*|
znCRGZRd<<M&IiR(DeQvcPRDR4+MOm|BUmHOx7K(3QyRmKoey~Hm7Iaxd>Lbe1yxc5
zmD{-&pv76+mgJFA*<A5yBT9D2CytfP2OZKrJw}a@iP3K`CY<v}X$AJj^LZ2eEsERV
zH97z95;I9%uMQJ5e#AHZ#Da;(_D-q+4Su`=e4&i{B}H71Gv3Y>>$c~y#uUDoRke@e
z6wvERZ;NC_9s+O8fS!vF^Q7@ihnv*e>hriLH;FCo+^0_{4b<~}`0a+Oy=G)W;i6-N
zHi+}LIt7FDW$HmIQ{ChhK7?h@r-fxgYc%=7ma#-DOI1jo8yJv+7wjLX$<cN3@1<*G
zTA8>rVq1rIbIp!=X@^wXYFA12c)37-#9@(8DQzAQg5YRq(n(=fuE`^?)*@qB9`1X3
zte+3M<$RT;hB8%r;=s7IJis^p?veDYREoD=4|-#z5Sb#KyLKa`ooi+N5jjd#rnmpq
z4VTm9fpqTQ6f*;zG7bOo%FtCwN#7|e%^q|5BA)vQ3Y|)}r&)GE-&nx-E#GsAW4cnw
z+dlkR*4RePx)LdB{uq?5<d2z0K1^%&(iavN$(bO6OtZ^DKM3#u?%FCtaHg2uP7{WP
z8B$Q1pnN|~-VsY>0MZeSa<AvVtPiyDv%HAaXt4G6gTDQFD~-tosLCeoHv_3LGgvd6
za9Is)>xx4b;PFD+GlBAcCo1Zp@_uoay@NPt+}Lzemx)Tq120y<U;!RjG-U$nwe>-E
zEGHwfNvR@!M05b_`?1VO;wI(Wnf)SBsF>%Rf77`L_T2?0TbJbV0*!oY0T6B#Agmfh
zRw==X%DX4kSt9mkwBp+AZd1k1TM1@Q%T*0gM)bw_6Z<g$h7BvY04GG>vSm)9Z&_Y8
zZM=H``s~?c%2&0*E1?-Bl$A^2D(q4Y5|rZ8cf_U0SDc`=5;XK4(0kk_vlQ>RJ#$03
zQU8~TQRLxO{jv1Hi~9z?yj5%Yz0g%;El{ojrN*FMSLLF3b}xMuC*3D8@N-Ja+Xa+q
zMps!YtX81zGxSm2by-}xX*I(m962*hiY9%+mAnB8PzgvySD_f+G9*WWOHHY9`xw!V
z5uwcT@(1u3c<os<a2Xx3b>3@(ccKhZIhkRtoxqz{nW&6mT88K3WqqQUS&?Oz6Cuth
z4%#t9#U*f`+?RXhajSMV;Z9z}|6R7djzYTg_3g&Y7Nm$|!8=zGI4a^WY!}P9s!GYu
zzM%)DhC&`sE#0)W^x@=%G(J>xGzuIP4*MK=Hexe92nh}$;DLE4){72QGFdB+Ti)mT
zyEv);-g~9mL0m{m(%<ZFVHD2{Ym|>(^xI_I=+q%2%QUVV3i8fg4TXnVc=M(XxC~*#
z4-8sI<P$?Ri0rH>Ss|Toz4Xi8CWc{js%&yhikCA_sYK&G{8_F-gwIVdmLT@_!TOlM
zCu4Vh$!Pb&#`idKo+?U`^+0cQUm-QCUgQlhjcAj8^)%NkspJ%SlZ)V~czaKb(@Ja(
zmxKI$2Ix*CZfEdwbUtr8-hoboqX-|mvl5!9R=?W9gR|WTo$lFkPx^EiGSnQ#jQo$m
zYlLhaw$*(asF2#Yf4Q=B(r*0=vngFF^*iqUTLIuAs|6?@zSCNr`L9>D8%Nd$qAAI;
z&$2JSl#(bg1vhL3fj6A5M6U;~B_#eq7_QR+`R{Brp|j)5cK?5BKgN#b2}+|TMh0%_
z|3TCuPD0-P{VJ2_ckPjJc(!%Dd71S0>puvn);OadAD?|a6WsW6CM5(C>0?6C(3Q@F
z9)XY_{(?RvL;n9D!H(z<$?K?F(S{Wp>XENkewQJ903v;=&=qWOO?}&U7Pb5j@;2b6
z)~8M3it97i;Z+WSfn3!R>m=oAN3b=+&iNZ~29j70tPPu}1v{{)J=dmN`3b=-g}xTK
zX0sRRIE2gD3G+7g$Ja4`0&N2R%8gaUZEBO51b_eH*miBrawFfU6KDJ>i5R3&na4P@
z#^!c^Kl!!<#q=g)VZnAbYUP7}SejQL+>ht^o1=3o4&tpPyO-c?P?`ycKE@cu{05c6
zJnl}oj6Gcw*g)mhDg2%8Q!*QQ)kqo#RP?C_?AAd0m1kj(*Ko(*F<Z*w2bsyvB+D?^
zR|Tl?!!Q0X6`RvK7xOazFnYKl8CqmMw4~6>bEmDR8SDaxQqj+NhjMCJfE&H`H+3St
zK(#5qi37I|w+)P`IQ9w?e$xJ@Ao}Pw7EGYtJWziIa+WFE>tS&zsja9_Bj@^{EF;%Z
z#R}>=@n?h8hEDDP8Wa&NVL%U<JkUKN@+pwJ{1SweHPm^Js!{YefduNiQy{v?A3%vl
zo{ts|cXvfG4_rVJe&W3O2VwDb2Rt3D4wcUaU~EP5Tff?VJ%!j2*ux|vi%q%b8r(X=
z0kYYDWFNTgp$5^S7`(%ocGJbu;NgI>mN^5Gk9%L_+bNX~G7qcmt?Z+T3mcyJG(9LW
z%O}SzU(k3l2#6f1kDhQ#g2!QiDFT3{4L+xc1FL;hSwmz4?DV*;+R2`oy6l1{j&_h-
zqK#jxUW~GS?SX@ROjh7`KDkc|et`1R+nBwq`U&E9%PWDnkzWu*2B!mU7(ugS<e^yG
z^oMG~fYAPc+`m|k7Ivnm>f_D*QGLc<HQ#k|D79aa80sz4zJl&^cy3oXTNSKwxq&hY
zq!qhB)oBA)R;}BxdNWd)X=w_SaD<~lc?3#L6u<|P2`qI660v8i&}I&HP^N*Lg7MU2
zbG1HWbDE5Mp?Rp6bN%ua#<G+S_3`xuA8#g`J~9g|Jy@f(YlDWl4~{57ezQe`(n+#u
zHzgojn>BTIh=gOsxL1NiCX9W0yOOF6+H9JmlvR9JnmNq~2YFFHMh+hCm?w>YfQs{4
zl|y|P8IN~y#aK-QhI3<r82~OXy*wloYZI+LbN1~$xr5xify=Oi3X4Sc^WnO^L<rSm
zqg+?UX1R~Tbg}Hxdx`h*d)dK^3cRT*0RJ!X1ueJ;UHjN6K;((}@6kp);5CQ(<L<^d
zLkY5sz}@%aFyDVrrO1Y9Mb@%l_S2;duyqpUW_D)5=V<AM^a0p8OF>?J1V}prxFr(#
zv7-|<lVYP+SbjToPWJy=;t)@%^6YWuU--PZTjUYfywW|wnkdF*WjD9O;NKh+m!;%a
zwW5;)W=^ZerR=8EYpp-#pu1NJeGE&Y(UX*ML*+Imi@}7chpL5Jega?Wu6;JYQXZUK
zCvCNO1Hz6QNoyzCW55-|f6L$_LB4>?3Ud<b_wO8ESV!$1=RE4`;MYr~kau9<w3$Bf
zclGncZ>F8UNA`f@Q}h(&gCc=Y^W7X(o-yNG(oc+^{a)P6Fa64QEmw50a}jd0bQ^GM
z7PfF6e14_dFX4J-6CadNsIZkRcfrIlyvj@j%!z-Qr}IfR9Ca95Ln<?>Z>^^;9vpf6
z=s8U9+j_^WRB<HhuC}l<eEfB#ZG7hoz4EsD0CwIcwycS63!vZx)`%_+_?#@9<sk!3
z?vG3P3(F=vLvCCIyXOByZ?+!Y^qY~V!?2*yhu>s}ZPZ482eywaju0(K{x=DSKrn~1
zj@@@$J3V`R*a%YTO!59RAHi;lbgUl@VkZ?7*K<W|`~`T5WTDU20UypZ=mvHVV*bda
zkf>xI%p`^-F4;4)+KEKUIyKbf_HI9pXeG2!Yx<s2Mf~8$k%=!v8OiS679Twr)baY!
zQ|s&4G4aOqMP~PEjtp6z?w5TDx&6oye%)LCSMFuZHx}F~13s9`DIraY01D(tiJ|qn
z!^ei-edr1kFIE|YiI?Bi)#GynB0x!~m4V<Xysan%EOOOE7E@`UY81ti_<RK`NF4UI
zO_~Wp^OBy3a$9H{43qZZ#G6R64ME-)yqk!ir!sHHG+H?d%a_@w<IXcuwJ>cB`#u!3
zhrMYSI_|w^jm!3Wd?>PPWoYyZ`bo~}9z^|kk{i?48-?R-7Bkps?N=f;C$s24ZzgXq
z>FsaIEg*vkC4s?Wq#V?Ry6<f9i4W*?WWwr&@nWH0P%`HkT+LB%Elsn50G1xo<-S5w
zCd=pjO#uC)F4td-zxxax@HuEmYD0vjPU>+MCs{+#fVXtKQhb7qk+5QimfeAq&5$s+
z+`Pwz2#D5xY;(nlz}rZ?fN^suM(%5WGTe#rI60Z1m4j@{@>xD|Ye6FrM$xzk_&Z*$
zfQde6N}tUWSC#LpoTI^s&2mv09kpzCvlQw4+d&9$d7ey5G?7!tpY{{&XE@!Fm5;kH
z_bG|t;5~6vkf}^M&J)VM=%7iLQHwTId4yEJ{2(+;us^wmuKS!LwKtsCu)j&<+|+)6
zeb0{#AaoQ~UMypsX-XPYJ})@;%hxC7=Bns4X|la4#GT+XN~5mNXt&kTUDPuFBpfMn
z-fDkg?~8p=B2Fv6!=S<}rw!4vDm}M&akb(?PTh#J42_3eI2Xd5X#;+Zg|ct|f;Vh1
z2W2;2zNK2L0c4*c7VoIw_<dU-xmSYt7d&zlgk=QvZP9<o>0ERVu*Bal0pHI*2!7}j
z5zk$Ce7;vpx~i`2M{)3EaCLwpQIU5^fO0K+*Naizi>;Ij=pfcbXmFUQV2vP^?bgN<
z!6#Q7;<kvLR$f&ld1VsmY0;NeZK1*G61trDiBR`Q212vZ8%R+Nc24Pv@phK8u?gxE
zE4^oHePueI#Cqj_lC42G8sE{S6rkNj4u8zlQqn7ZO_#3-qod+RL@ek1>Vk0WQ&<`x
zG)OUgaIEn86GGff$!XFg0MqeL4-rzB!!eolN`sOsHoYqJTm}&?%zv9Yb{gTpC?0&h
z8SOG9*LQvK@FnNU?Y1dH%>Bi%^2YRcbbU-avZf?ObPv?1XQ>}Kw*P}rdmH&ct@o!>
z-)$NY9o=pdAW>SFLwwIg(=SNQPND?-dhf->JG80FfghL6FC7|2z7r<0=k7RPX&qTo
zExMmi7>k~_LbFr$TG?z;i#My#F5ARPWD8FA>EZ%$l1mIHtBy+^KhSuoYYO3&lEST>
zi7LOKSZU+KuYDWOe@h;_DwZ?+<(-2{x%xnpLMmInGkmtD<V#sTghnbhz?Qn#aFqAQ
z{e(ttnn(DEft|jDe(@~niCka(y`+!&HSr8}wD;%{xDo>q9Ob^7%t-Xc!iEjK{3qk$
znX64{MXnhQ!7*KfBHEM~mL2Ay;`D~r%7K{G4Cf522rKO9T+<O`d~hAn0v$jpx%GRT
zOWBL`b@g?#lZ{R?(v8LMAS}b=lGoyp6^#+}Z`EKd*!M?09%`BtI(7(8w4&;0rRvL+
zM?EGyo2{BIE4G_H*uMrj4(MF!v7ehePvtZYK3L8u4i!dU>gRnJ+(`kyqaSE<+>G+7
z06V_*kn~CA<TK5hOg=8*_d6*^50{J#iexgwx!CUK%v$NdchYYa$Ev0IbgCTMEK!<@
zj)eN<;yDeY#N(S8snZ5;>vLMf1fgZ>JHD;C$ghcdw%|py@ocJyJBP5SJMU1n8LiAs
z#OFMbc(bPX7DX%>ISV5n@@l0_PW56pZOeWgKS|cTJ?V;;q)I93i5Ux;w=+M@uHNdX
zjL};BB&Qt-?3tX^5l2icAIPD;B%+(pdH*1)I=>NYe7vPgRq^$s$-nz}zL$EE$=C4k
zZkH~{UZx7qMxh}x9RuR!ntjAU9W^e+ZC*0J1~DSlm|hQGri!LJHaDD^ESIx$Asv$_
z&Gw^0_)FO^8fb<_7)MvhwT<T5Hl=>*>5H(ej^MJ+YV>njY_hBJav7^Clc`A>_FkbZ
zrnZ}i3(jdUup)*W0n3PZTR<4Ah4NDe=7Sjhc-=2*rA>Xae_V^C>_t;ecc1g0#vm2b
z*2=Rf&=ws1t`rfxJv028slydy-*JNpOPV-zJL4{+4Ey$znsq50NyDJ{XbFtHhw+td
z=}PU-*t|3<hqDk>0)Z();j|ljC88@6KMXAPeL`Br1u0+^o$*So=|UoJt=o!(oHvT(
z)J0CR5E*H_-j?>;Hq&_3UN)^M5z3B*KJSQ&jevJTtXIm8LB_+tgjOnsrKD*_CdrIS
zTc^~G^mxkAgcL=aKyE_3{uHV_O}djnWT4Rt&d=Ql&WvaYj0k*VS91P(Z%!uzV^zz0
zG$j>2$3A&Hi*EEu9OdP{<)gS>;?fa9FyH+w(<l~!tOnMJ*zp?1OG+>4%1sl%d#PaT
z;sGl4S^0IbnwZL2Rp<rS5UD+8Meu-%&C!2c;jbrUA_Pk^JZJV3zwcFsPBh0lK|?$U
z-$t^lh)d7V5>U+cw37?+l$z&mrGeA%OEJ(^2{gym*3wz84SyZAJhrY4(wF4535o+R
zY{fqYTKa7kv&z#I@!diOTEt3vrS@GeLKUy$&Ka~QX8O=k96TjB{18XH5*DPO$y!Z1
zH<FDA%&<yX>`5g7UdH2r-{uLp$9exraB3$qoW^L4E(ftgsjOzsv)7@cz-HyQ4^S^F
zMAKRf&a+_5m1b?ANk_Z!-Ar7N6fM3kwx4^XY702O+bT1&ef06pcYCVy4g2@g)E)Q~
zAHcPCI);NE&OQu6a)XM^>>HK8oTWy={9p_<*yNa+^<p*p{&)<CV@|=y%U=Bb_dc|s
zp(6!~1f2!<NeOn^i(A2Sw*n0t8T?qj@)>NaEdUMfD*s~%T0<&5a1*or$%$s>@YkW^
z%w*HxQ6=npDMYU243du>!|C#KMJ!oxp_H@`K8!mN`|$QSkeszb$TrH$XLWXM|4?Xy
z1`8hl1F!&U1?fX4KVPlbbVWi>mAK@7OsofNA867C{NmbEL3&dolNb<Y=Xz`aZbC1x
zW;awGDOE>AT$3&)K@;4{E(x-+kY`zT33H@g6;8GiOd1X4P#d?U-jWiY@y0#>`v5xQ
z1`&P^V9DJ`qGwebHv{=hJmqocggy@Y+CoR^o-=({Kw0Ibk2qlt2cxgdhq<)%sxMn9
zzV{8d;TiGkXL5+90}U7dtoVB^`8`K$ZGevQ;rjeNcHizia!R>t#}34H_%Kw3UHr+X
z-9h-g+Xq5y2h`G#m6rA2QchL>vcdK|bvR)Mf23eQkly6C=od)eg1B=md;6s*Wi9;_
z4kluKQhPdGN=hC3DC$Cxv<#${KvEU)IT^QpT<i599L!LWIBW-aL^iuw2!<TQ%X($S
zlvh-C;ote?UxRj*z>y7w(O?Hbh92?D3b;af)TNao9y%FSfvC|~8}AuYo}pa{-H-Jl
z)lKGR9KB}XE@Kfoo}zvdqJkB?_j9NwHdB(Acf|?xV1%$*FWB}OV$zgkUr^#<b;U`?
zW|DF7Mz0mn%0C@4A}KrDv`CD0lA^um!uqWI`eVy}1+VwSe}9aivWl_p2Gn{Xn>kjI
zQK%B}MOCyZO2pk$GM(32cseTm_$(l(bmwNL`Hc<wzc3mX-K?FFh}HFrj?&rF&e{vA
z{=F+dkS!pc?1LWOjh*rnF0?K?+pYgHL~e89Ue@vDnO-poW)BSQS=YY42!S2m%*h`?
zW$VxBJrd8x9f^?Uf49PL#+)n!CN!@YFMR*{N&aaaz9T3X-JM)cv;RS4fw*;vY2svY
z{o<&{&hju=Z3>Oezl;cocZj+Uv%Y0c-jS1X$p3LovZZjm+H)b>?%UEca^`=0tGfp-
zE#y4uM)TGuooOV*N3i?W)vcLn{$v^P-%d(16L1~NsoSUxoLpPpwEEx9|6U#b2hq4y
zI$rV*8YjO-28A>(Uy=-mM7#WVcyr)}<0xn>wWf$=7Cq}<97w{P|K~hV(C;tN0U=&+
zft9~wc0%A+kH0ltFiHP}-I|t$FCmC)9f7XL9jV4ru=yyT1@9#Fl#*D)?_;3hvLjec
z(HUnzNI8C1E3T~ZiOXC{<ft>sreTeF6ae5gFIXe!KVW<GJY%hLi2K56ZKjGG7XWY;
zI#CKMs4PK7n1lI;h~`NOKqr2Kmk#2Wt*}e;rvQq4@3+B2)lUFtV_i#_@Kef8L+H>5
z&+=sHVc)^zAhL?FP8rOiyszGxZ-He~^Jb{H%Dimz>dd`6n$42{W5B%;T~aW(^y8ju
z-D<{KHS(&4%3|sR9CDRoGfN9oEcAKnPP1kwULr2C${|AX_zsGL-=6UikZVTB4#v6l
z9iaSj%DOB??saZh-k+oS;d2e%NNraDDkc{9zhL(tfKEtUaNmU(v%Am0b;m`0bb{U8
z3%O-(7NE?GkntFB6g_W%y{1qBb0x7`2|!eKA7C@}1k{>MaTthIVxnRU=(NIu#WAQv
ze`v5$n?lYIwG^+3Stgzr{^VDdAf@QDx3!0*uO&E<p18!0h{fUO`f``S_<My!K>Nk6
z`<A<*fOKHL+|$?{3%edDwun`-^0@1Bx@j?;3wtG#)hYGMLdjl=>30SfL163x1gp&V
zmmWA}S4$c9L$raC-Fwt4n77}82CmTC`%Bf?s^#}~<s(8|e&>?p3ZO;bhn;>7-W{us
zH_bi)!9sm+`{!k{rpP6#qD25acH2H(yTc9#Soc>nnlM;C$>IfB!sAD?WOMykk;KpH
z)7#bi4k>`N{oww)2f40?5tl$~UJ#f3w5s{>Do?2Flz4q8*%Vp)Pv5m|XA|B{(6nJ8
z^E48lv_;Cl>Z@LlAXCq$Gz02#$QFoN>YKsK_SJJ$uW6z>hc-HPfQrHX!JFQ;*#h|q
zCP@j+80Dx+iL{Sh5v)tymQZsVAt*IhczI0(gf?8X2EL}F<;q$DIxY2~-XOgMcf%lO
z0JL6!xH(V>kj3!-GTwxPkr9p3s-it$#XR23DI0HzB)*@RK^PBuII>ynpd4hoCRGwf
zHm?|V5KtsN{~9x{&>8Cb7N+{&s~1T2Gcac&6XP}Zs`5r*xKaS=75yoLp=!TCkly<@
zb_{1pSoHMvWVm4uya>IPzR{2{Qp}Z77eRmI#7L3oKFl6kO2VmKx+07tEU$S7wUX{!
zSvqb{!E6po|IcLl%qDWg4P!|*%S1+JqWVDLjuX@SVl}glIPhLy)wspM)~(8|(Jj#}
z(PxFLt@A63;9ocL(~kcj60Km9baB|qXu=eD{O2qEU*?S8uKys+1dcz0z|u_mHsn?l
zK;E5Cq+GT@X8r9ebIU<9Ob&5%6!Z_0?Hd;8eSB)?*ET@wrvUr)wNO@8F7UdR?-F*J
zKe6&PFC-Z>Qi5HtvzM8JF8)FM+K=Rx&IvpF9a-Nk5e6qqitG&x0Mg8lYu$Gne}Btb
zIwl5B)E=MLV()-7+Fd~DT#nT{@9|N75{a%)hQ~>}h3$XPOe6<2y)DxU)`!-<-(PG{
zatdnM9w$pz11<L+9}D!57(??^6I))&3kv23=hZ-wgfUX%$~tCW)J&eA__khLxSv<}
z<g@8Kjb!fD^aAfum9liDAzuBW?Rc;4On4PN!4=8H^8LxCm)L-%h!ix9X)~q%=a>U*
zo-op0(jCvug6s#Su*FsW-<yZUPlUfSsthP*+6iAWBXT}cZSfdCwvlV_!3<p_3}gMY
z+fbc*KvF)gdQ*ZKy`P>c=6<>vmn@s3Exui(-`Hl+au08qn03K}RV85)A-_#a6&?5`
zr?u=Ok|y3Any4Jk&;#JAPe0CCB;+X(Z}ie82fok+yvg<qkDTbP3@LiIH}79pNeCSs
zk;EgQrnL`A9C|!&%yfX|rgA>k$eHMu2fJH(0r@^FX!NH)h>`o2+b~R!c+27678b<E
z8&Gj`UC){iD7&dBjhFWtBDq(&utnk6igpB(k!^8t=kCGZ)j475!nT8P=RJ>=Bc9Sm
zOFaDY>N|-?4r8-7)`qQoam*9?A~Fdfj}I_5&0l7(YdhPcYi}RByO&}}C~I~0bG7rw
z^bHNx%YB4H*gmcxq0#&nEe~QGGjS2~D@a&e;>J<DU-HMnRUGPvzq$4#a4Yl9E?{wl
zVSXuNLNV#5=a@=WICycGooVD@{G;wOA5s($%e42pUbvlMSn_cNh^9$-lq6ko^2y|F
zx&=9YzfC>)7M6yaA0oep^LZ}Nun(Xq?A-l(sNLWx3az958d+b(`W6OOS6*_&zs1us
zl>g~Q%{9lr7fu4p(@tbPDUGEBDC;M%`<0u@-;CYQr3mGo$bgf2A>vigxT>NZM{Bs4
zK}B8A_#p<&M#F@Xr1eo*`8HhiW_(@vbeEhm3GLGW59Z8Cqn;8uw@4S_#jxGGlP8z5
z;MImIO@Y<SF|q8MVY^ZA*!)h0a{er|s|%Vt5O#a`d3Ku6{;GO|4)VB7K>6xwJ@M&h
z0dnf8G_-_S{Y%ozf~u{rUy-UhC{3f3Dn|v6)+arzPY4TAlF$+hGFIEZ>;|+W$Rm6>
z6~17>%?ert-jV$DMM`|<${9;Crpl|rQRr3m;jrk6DYgkcoakmg(H`%4iK=erAk*|8
z!$>WT=%BN80UGX^lr(gUx|<?1#ei1)7Fy!ImMQ*yt@pPF@wVUKX|Y7tqxZB?RdYKu
z6RXG?tIp3*Bl<HNG@bBRG@%*U7)k3nO+CN&et(5=DFyvv${);JwLhw;WTrKT<iH5L
z7x>0IjLvAZ_oZfg`>frMj62Y*BY*w-4;{kik5X77Z=bXl^EU4T;aFT+;*;zRWy)-E
z-yy~Jl%cf<9riO5`W$naR-6ImVhw+h6yIY@pHkK|GSfLlJ}y<Ay`_Ev3+l&smE>0m
z4MA${Zqsb&gd4)fK_S{crKt3}XV&r{OHofR#$?yztrs1H#vHh>H_&lbB{~K|qes}O
z!Vj{%{y-IcV*1WWs?s?p%hMJCpY==f>Iu3-_Wq|cj}g!IoObs?J>Ldevk4?L9+zl_
z?KqxsgT!r6sGeA};AMjk%vOV)g^nZi^u2XF8WjM?IP0p$YiADvHYm&#{&9;L4Twnm
zsk_WYkT2@Offz-K^{5{>#Z^tI+3*<qW_rZ)JA~uiNl0IlR-8I|c%omri-j%yR#zYA
zm?R}2zoA^16K(B85IC|BWIRN0k_oQR>hLSxK7MI{_f3jn+%yG&Dam^H(S(|{y){x~
z&0aD+_|=CAj{vW1HX3|7={6{rr|t`^=s0raxkf;bL1Ci9pSY<<wY~Ng&fAmheiO$-
zHR^E{Y9F#pS(-KX)A}|(-;EIZ$eHpDS0ZP?4u7^tkAAn-oV%LrIkqy&J*Ik_DlG|r
z+eb#@kG!rG{)~&;jUF21j>$bE_snjEDKFYb$dLp&&~`9vW6Z_iA%nVSGc$^N{GsY`
zgO4!lvCD54{HCmNi_Ehx*w%E<sr$zRR$9Xp3ma6W>sMFgM7WLS{vKB`9Me8FoL8>&
zHFjS?Hzwi_$Xl9?xUY@qRmQ~UBCY<^#3ZJ^ag_UZfVF5ku~fdIeDCiJx#3`LkeQSn
zDgwLMO^e?i9mUSjVU${Bk4A9_6PPy19|caU2y;=;A{-%MJa*Q!r?zPCK?c$enEak(
zt6*a6#&*HO%<28Hjd3$Q_(s!PcvOfm{`!p6J!~`UN-nc1hqQKmGpgRB!;$Z%m7yNA
zlAOMkW+@^QqDqEZN_jpa@R^jn+g&O0KI2+48LK&%l$KVE$Sr{e8zEfdgI8-m_n-y0
z@>ZWrt%*KhYCW$sBj*BYXQWIf$=hnt*|bareFOS$<GdB>shDZ_Kg~)5yFZBSN4c#$
zV^pL2=(AHB+vY{A99!0@x2<wLGfjLl`9j>k)T>)t6SFli=7KYo%i~5Rb*}B>sGTzp
zD03A2$e$J4jS>Mp3G8*x>2l<^x`LP$l_{7^|I;eaun5-rR>5T)Fm5?*zMt<l|M!>P
zJ_DMNGgoixgY~cgmrtw!57PER37n8+x`iCXy3jCG34Ca977RMPV@g=Ya_|~JwS?S!
zH*OaDiNk$IEsT4SzMOD|uySqbkI3O6P;HO{aw@%@0s}2w#Gk~6;{Fj*ZidsCd7s3(
zTpU1|!RO^>pExWaW;-Tq5YJ1jmp=1H>}%hqb4(4pbik1beZo^YbL4klta~u|g%U>F
zE4}?1FWW45ln}@JX^c#FVL($37~<C|^J2in_A)TQ$d;|wwzTxY1`$n(nS&-zaZ~^f
zwvm>8KBc&D@D2^nrwt!+;FVq&GBBY-OHP)QS}C=i<?8L{E&@VMeBA7CmKWY2HBWi0
zsKD5EmX`_E3{MG{r=q8p{I(VhBsbv2yjYu)-OaMQwseFKxh7|>&TbWJEO;vb1_BE=
zf(UR^2?Fps+)EcR%Z(^<qxI%>vO6bw6N$-Qr7!MZHlif^AjhW7EJ0s7QG<1|%Q0<k
z2spcm$_+aVU!Fdi7}5q1=s?p<ZA}W46Fv=LA71ABnfihZH=hq)!T}2xoF#%G?*N7u
zrrgu!j8|%OKih!67#!H=3rh`Jd)i{cq~Rt8)E!M$pn$?Dt1ooqpUG3gxKWb@pAS+;
zWm$8<N==me&@7zr&RYo#E60lSM4!8y#-WNA?lY3QE-qZN%}-SIe|WFbd@7d_ZFVN5
za@~NCrmUM19WAV?A<J&F%{k+t7yql5w#1?}(PJ?y5WAPvLxlQmX8XUgtRDsS6GJH+
zG1`-;L0VXOZe2*&#%26v-La()1TRPc`lAG~31*rXP^PDeV^dnnuhYJcZ5!K|95)Ap
zE1e2a7DRbrTdoOXzra5Th}RG<t*^bzK!=5lsp)5-lh-R3Q9J)KIMHBKY51pD_du0~
zznmpJqv;YGVD$s(r2Sg>dWJrgNv-cL?txQJ8TPmLbjSTx?xP(wyr$67&qS~H8TQfE
z(@g>7OBJ~?zx7$}Gfn}H4!n&RTM=|$OmQ1c4H7+QcP<pDFC36p_AVEbKa|WWStcty
zKFh8(UTs#0KPGfoK^qsarN^vd^xZgQ()RGmLmyrl3EhvlChgwI3dIvMG~r4~4pn!<
z&nhFlbcy5}4-e%lkJ<O({wShq__qv#A5x*mIQv`AJ_9GgQ#GPS{A4#m^vC9Y1MkZn
z+(N-w5iIpu3e#~N8qEEQSn{NkPrekS2p0SpZgwKx!V=SZXR++^1jVokJuf4(n9WVx
zV$xGF$noqmA+y?|vhobKY(_&fy|fs~FgiLBXepDoG@!I}f<E}G9E>^vlGw3LU?U&i
z8rZ*NTD^WB9@5q;`C_#N%Yz{I|2A@yBoKnMpyX=X2LLR1TP91^o;cpYy@UTOsFq~w
z(|M9L(?LA(6!0U^zUUaBMty3Rv(X$tt&hxE2B%#M-p>4kfZvMR^ZJo%#}k<^OH0uc
zKU~wk9*Safxw_Tu#8K`Z2i9^WhWKRs`cfNp5wiC+>Vom=3y<q1;?m~eJOsqI6o6G}
z@>gNd`%3o;^O)-g3dbcR<y!x0NsVtSecZYu<g(^VRNRTIV5x%UP126S2cTxY4WT$Z
zmYU%B2hkPOv6=YswIG<~A0!@}S*|cHY>r8S04A9Iz%=7*3BHxbfk*q|kDW?4!S1id
zoD~TuII0Z)1p}q^lb<{5zGj!;!!IGIkp6}qk)F?fd74InA#BjifTNzBW;w-#b;eS;
zq-?YTWAgnT49{}(udAdNKV;m=Z76hV1$LU=w5!`S)tE#iT3}JL7uGzM%B@%8d|I`z
z4dX{?KM;<uW2ciUjI2*z!rm_gHIQE8-L~#;Eb<jKjd@F-Rcyk=?>Z<-Lf9a<;-g&;
zdT|F(Y37#_0acM#t#!>6cZ;5`p^?u_P9PU?o*6wfG4e`jNg;ME1k9GhWKJpWc}IoM
zW;L&iimc!h{~f;p3m-{riQ5YCD#ixk55hI$euqtO?$qWDjHmNPbU8UEKkBRf+1=~Y
zXCHv+Q8h0`e<>&NJS_IZ-MYwq8C-#fjO%N;2c3@mMCvzKPR7JDR3|`j(QhgorwkNO
z+ulDQFZDa^*Ea40?#eq&H`S(yW*O5v*_9(dUYC90@VF^Hec)8N=>+MR3+_zSHYa}^
ztz_aZskmxW+Pj#n55Nz#P6;|HOr@PbS<Ys!nx|eS?Ea)0$kf9*+t}5GAXHjb4iWqt
zC8p_H+zoXw!gEn+cJoX-+O9X+<N*9aPji>5xYR)ms0>-|vF%pnST`2Ts?2%x=ETYR
zrg=IU(nN6WwLpqJ^Nwb1ACA$z3&La0pSPYT`tZlxy=f9BJMzA8?kkMsx4`TzifSS^
z?<E(Nt^_B2$r!GEu#GWY{{a8o3B1_QAVB1WB>`oHIsJdyHkZ5^X||*Unv0-J(%mT*
zkZWexR1jA$E)?Tj!uBfOe6nxt`~If%<N(bJ{K52=L`pw9f+DJ>M7E-=JIHMYbR-t=
zU?Rn_eNR9#GC-KE#5)Mmi?0S7Jh*_zi*@fi??Hw6u8<VIk?|u}LbVy3Ybz~~M+lLK
zA?|u04Ui~m)c|Qin!(d|CBV{sZxt)vd|`=y5l?{<pkJmLOxyiEskF2`X+qj2D;cwU
zoMtjy@M8QV5=l7xKLf9K4<^SvsuIj{R+80*XaMT=&lova_Y5d&TJ+!$`cb#v*|}*U
z-`?ZbgFVs5jeX8GXvCr_xEAIIDd2&D668L}ePv7V>IKm&=si%QSy-a;PXW;43|_;z
z<8M|u`5dbCePvvz0`#tMU3Chq<8l7ZEU18b_1H65l9=3o<m6VXI{%qNKcdbd&ZKhj
z@FvQGP#KtA_^8@o06n#I{I08SP?pN8dhjx@=T|@`dAed`eB+`NU^6eCeGTn_+Fs?m
z!G4^<{To-7CD$V*V}b7|lz=fUerp_cUOV~^@*!kZ;ZOeG5~-_@9(4YAup|C|xAJm`
z;e>p|$n-zRkMN&Kf}H-)Gllru*o)x6t*r@W<{Pj!>`D6iJ4Ey!gdhBe1ezBw{z1~A
z`3+0UOV=jr9+x+z8~vsXk(o#N*HJ}$k``CYh-=r=mT!OaI^}l+=QCP<Z602)#!f6h
z-VR2gbZ*t!Wg9uRQpCB~A37%y1}EigW`0TAJB>fO8uk7~3;e)+6P1!|)EeEJJHNRI
z_Q39El$y(#Jo$e8$YYw{hZU<#f*B_Y>~eYkt@@yS)a5q;u*5w;6B@HibyT$FC+{O*
zQ$OlLwvbdT3z@3oS={LOQvG7}2S7D%vQ})_H9DITBj5Vx4wdf~SS)eWlM%|x^39rl
zn094@(b|m@Pz!E<oO>7r%L!v|Ln<$-=E6n|UOhH(?>^Ed^`e#FJHbZXr>3We$7fRw
ze3o+Wb<*fl&8D>z{zHZ~gR7XmEiZzK1ks0jhdZiK>st(XwBrnrK~52DQO55eXkw(Q
zQVWCD)TJ0izijfHSQyzAZ^MS+4uLY|8XApw&<yZLxgq$S`6ns5zkUr9{=g7LXz|Ag
z=w#C+ee%{!lQ}jB7PsU05+i&>GhQW59^DTsim<09>XyoQQv;>$pfxjKJW%yTX(CuG
zx+w;bcEU6f0(cy$1ar<C2{kgyUsd@D;Ex91y?15=0ByEK9CvHQ$@>%ozM;ZQ5tf#h
zk)8S`KzztW^j($Hf=a~8ses}rSzUmRpq_2xO<@#r18*>Obr2V|D%O{xbG!B^(hhHp
z_<aR#P`5|Q;5n(>lW5FA?#lDv6-U-T*m5)BG_#8G7xlJSmNJ%36@$!f$_#J^ODD}0
z*%`yD_4az!9!!aL7%F_LeF4Xh>jC7u3!}1D%N4;r%*a?iI$Kv;mKHCyH|d53oyia5
zXwgaG!<-hAYM$iOAGJ(}RyZzgKI1-ifSFxw>)2?@#I|73-lA?y;iMP(iX@23`l0@p
z%0sxK=f7{w{9ROrD|ZLZ`PZn1S7)*0Q7y&so<aU)U*dCr|G3!lab0Euq)zqzFR9if
z=n8vK-9U)A*$4k%<p9W$x?YGS!Rs;VshpejhrjG@$f;>>cNB^pG;y^o*l7cDCQA7`
z#mjy>=qlg-<_erBUnpw=ae@dTi%F^g>oQW{LP`Ox-U@;WQZ+yCkDRi}DJ1QV=$wS1
z{N1>CuxbiYCLoZG1JBXk>WOb$;N?lJ$jeAAf+4$tl!(qu$a#=7r8!`JI7H`EI(qi7
zD=fdnw4JD4)N&dG))zMo*}sJ-j}hdKe9ct1Dh%kFC0>nYD>|5`ie|JSvE)^%PF27c
z{uHtOVg&2fGV8;>^)pPVd<qTuFL)a*dFlSBx4d!+kU0BAlH=w?g68a-NsWUHK%UV3
zoM6tuxLCJCd6`}p4J!L<9`=1XN@$N^QAbnj5}6B$PwisQn<OKa8KAO$nx8y#46ouF
z`=3ZIOjhm1+>A?(r*>)X!V%0c1d@4g^QuI`ZmVPc1oKNDx<pX#Dn7pxp7{z4QDCcB
z&FnJ|tMMfULWAbkheAI(`mz_sfpv@gCKo%Ibq>Y5Nb5Cp$Yu|V5)OKuv_@Kej=q(s
zxo7v%eZyEM+NZJ0-dgK{b+mc}GUxGxn=KQbqkoaRGuJX122<**m-p9M*%boU_xcrE
zlU0_DI!q^)QL5tpa@{;}vuW*llIkSHvuwl49Sq|~O9PWKF~o{OQj|r)qeojQgij!K
zm`@l#nXb~7r@PSOQsP`NJ)Dvj&b#OrA?%W?FwA}qIvjGJj&0W`<eim2j0k${zsUZP
z@~m2QyH|egC7#a^JiU<CS;}=Y-SGh?)th)ly?wAox*&7sXI6ZK|I>*0LXx5WMS7^P
z>TgiVLWI4)rx{DV4bLQ(8*R7L7|!i;5Tp`9W)Au+_9U|WGM8Hz3GjHs3=Sm6PcYl&
zXrhoP<qS^F#P_|lFPHxg!H~T;NvR1sJm(%E)-30`p%pX(D-&!UL<@0=erPm9+@-DP
z=sp|{=qDMpdAleEO8=(v^fOnaCI$;1ISnnE6!lqB&N_CXL3A}!#IG&2Dz7THi!f#3
z%);5g1L<SuF4_Fll)tyb^s1Fmy|-0FdcW<d`2doC0kv3YqlXGGB^717$E7BF@={2$
z(rHr)o&F{`Be<L{uPSHgwL6iYn^D{V4RTp3!>?j4xRPDU1!!U%pVo-Wkw5x|OCr4s
z9|QQ-k$u*;?_<8V=3Hq;FjpI$mWW7%ifi@nRC0NrDo|Sfx@t{U75>FYPEEs+Up7kC
zM5uG%jzf(acG?tBWSI{C4wXB=oK~U2;g63PBKxItP_4<w1~9RxS1)5X7K+%$%}zDR
ze%a@IDbS|WB;9xQ+%#5d=hqU(-zY_nUjA2+88a(qQrMhp@Rh~%sd_8%iB_g^8qFU(
zujVxH7GNU*PvkRb`-fe4OSJniq7liR3rlrRt+H{TMM2yNo_*RZ7|o&pP*@+#@ETg)
zpwaj?<$bd6n&p*jL8ImI_D%Hr<fLk2$|-5-N_)=*xR%Gac|Rk*!g^#F^`+mUxM=a6
z)Zse_(|6{BL|rej<G2h*+|rX_Dmi8{nfRQwMpy50k_XI78hr~!;<CBz91v>X^zH4p
zl@uPDP<J4QKM2dCBMqeskYhiX!v!!!PM#={^A8rl9H>|(Bqj?{#4r1ld(m7p`ww9G
zt!}I;T{{Tn<l#)#6>}|p2VvrE<HER@bp38Cp{po5z!iy)5phti%1IJ4BS*js1#mb!
zb|Y~V_QQ!r$KDI8I&8JFM!{+xI?$qr3NyUCw0y+F3$3|5e97WiM22f<l_=0COgakb
zQor&<Cz`LGv3dA_!SeD~dDQaIjo~w}{}BH`UXDEFMi54e>-9<{zs4($mhhmk&6+oz
zNAmBEi=N{OOh$5#(_|`9Y`-xCF@(C8ZW|2nPLK`Th1NXFAD$6JZa>B8d)jx^<*w=<
z;hRFCROZ3b>Iez|4j+{&P0>zBu+q6$D6@4RBE&wX1SAkfWSQAyj$&uB%O)@f?ZnlI
zl)&>ncozvRebo8iZIrs1k-_A*Eg?$u^lzugj@5={II!0-`X~Xk2F5+1hdOPeA<TLf
zmq3KHeibvTv+k>xV@6+X#tWZX9-O-uGecjeC7#?zo7`o*PgBIM^1SPaO#D92tm?Yp
z4^wWt^Pcc5;DmPO*agRR_1dfw@pH>xQ?&aG*Iqm&;)&~J*^CCy`>x`jW_ih@pM(<f
zf&)KJQn`3ug#<y<A8p_Yq5~}v;;ji~Feq|MUdU`Ll88;1z>>~g$#u!HJC~|rvy1P4
zikYUY*?Z*e@1{ih(wtjgxaML5$gZ~_AV9D_WCZe_!yN}N>9XN(;LZXv2bGhL1c)w5
za!tNyNW7i%uLXr*(tX6X62?TVlPO~7kw2R$6n;+)d@zX=>;gujFU*@`4}}AIaLSY@
zT<P*Z8T&UOpWI8RiRHv}w<0t^5VSdge_orUA>wMr0RcW2r+r%qzGdmoX)S$3|4VDH
zDO%9wnDj6bE@)Htmu&@jl}Px>b_~!Y5w0oeiwnb$EReuy&A#9@jJywCUcx%AahS8>
z!a7@;imG6Tq=^yp9&CXI96y3w1CEm=Y8RiS7|cm2T#I;7YdGhhi}q!++sqzNQ?7@N
zjbL^g_Mrm|Dk6DU;RSIkOo@_}<)MRNCk>op9<S@_xZyr^FRLeFUq=Not%_+`Z$hwJ
z0mwE}qNEJYkcH15HrRnXr7a{iLbsch%6N$Vv_udlMJhWpjREIu`UNgP7CJ>JJksVw
zu7x4@kuHJzU6iL}C>R3eXJ&w#g&^igd)h2EB3Xv}qwOL+g=ONT$_sgx`Nw6G9hRsm
zC_N0HtJ5v3JXM<sq%_vHmkxz)#F1+{JqssO!t{LQEyOld$wsDexSL|e*?(F1wiQjP
zPnOITF{_$MY#Vy+KB}j<{60@dlG~WZP)|)_mQsYHi&R^eLxMKhDz}8?eSfJqtv5>4
zR-`gjk%{23nhTS&95`PnNF8;y|Ccb(HAvq$H77_E&|xDz;WKrXkCI>Y#Y7J*jbA|b
zyIX<s8T!*#;Za^v(c#SkJLAzCRnvLGIw3DCn8BQUOWd~GNl47Wwa*stQ2t%@SK#|Q
zhP?TTs+Z6AIQTu{7(gW~nS5hq!z|N((0Y}9VNF6kync3_<Cqq;H*}+Lt@aP{De0nR
z)BE^rb?eLg5-4^DkS^rTGtI9;ST3V(WhWTIFRe+2%x<NY&IbNp;@EUeK&4;1gg9qh
zy4Eu995K%*^!|e!>R#sG4oqC>_S~v5LoYf&yJUG4%zBnCBuiHP4krFVDpO>sCy%ca
znQVT||4teT(Fs;MKD(J<0)rwGX0w~TiOP$RUpK2Ry55Xm4<EY_wl6|azb?rC1d;^&
zC2z{)4}P7b#^nCRvGv-(4kk$!Nc+(9G!VRN^LL{8!1C48>3jjQj_lhBS!H7G%|LJ2
zt2`twM(Fqb`q>e=<oW+`bRO_f|9>1mn=&)c-X!ac?3I<DQTASk2ythR?6S|^iKy%d
z$qsS$sEo+jGjT@t>i_Y7JbI9D_q`+aet%xC=hN*av`_GJC$K}xID~OKB_5CY96BL=
z#ePNC0Z6Tx#N^Tq_5}Wma}ewrrT`}-@pHJ)B;)qF-}Yow*E=qYUb8!^-_`ST<m`u)
zV|6_13oMcACpvECL(h6NBn|0I<v)@EQcnJ745cTBjvILQ<MpronANUdo{<UFfr~b(
z^7{e}GO&W#A1|s_yweLT5sL;?fNtB2;0JvjJJLV`KrflCm!SewliI8qxJa=X27Df$
zMLBS4n~5S#d~aGe&7@T2Aa4>)E#P2Khal5?2pmfvF*k)8u}(9^G9W@q(7d6hh;=PB
z6~s=IXNf2Zzz4g!zea#S%ExTc{)wvN;o>c)q_Vo&EU7v`O6jraZy7RR;2&3b$2L*?
zM<J1`0_Dc7`l`4HH&0*3Y}734Ny5$MB%HB$bD}DrBPPDGJSB#PHy+;WO)IN*H-TEv
z+2(G-JwEz2q<Qaq<#l&p7^;}<jKTywIHx+h@?#Knj}h~z%>3|ihv4mUC7E9|{#K>z
zf_>2EyI@(-nZjZOLKNs_PO8^#^%Lk~jo7^D&URO&iYkjK=~{38%(nZpal#~O4OPgg
z_<D=JXEAPLc}-cLVeWbwgg2}b#9<1@3s#^5a`50%({-yusUCoh1T!=#cH{%82ppKR
zMN`v1wh9adEV}AT*2Y3p4FJWqL>foNP#u|I*^R3m$N2zwjg|}?-%5fMN2owOc*FWX
z7yyyX+NPDeRZHV+Au$g?3WMocvInOti-`zt?>sk^J%`CNA0`BWP3%Z@p?em7Z#*EH
zG`>RWz^8gK(L!-{m7o?gQ@#)IBArmW(h<;X`Kq!77BX^n)YogkN<AB990*7x(U{mg
zFR*p#CPq5luveB|<h{M$Vjq+6;AZcm3Uo|<Bmt88l0{K52mB~hi<HEK`?KiKG88IL
za?8jS>F%Db>w)m?o@GwFrT^r>cV#8WuRSTSeubdicl5wFpF8-zLJSfgmx!u(q;g6z
z=F_E~`8f4ry{l#NhwU&zowfJAW^MUr=4`6-Yu9qucej;}!`4_&9QGHIlr(l*hwVX;
zu8*x!I08QPMWpBN^Dox&@}9!B?~eXKj+Kb6O+ij0YELQoALOs+`QK@_z&7TvZ6&@W
zOF0UM=+2{6r8COrlg62gg}yLg65>g_EaV2S8<T4UudaV|WPxQy*!04B;YRD3XIR#?
zs{foF^U_W&m)oqJM7JAZA9}FE`N^-Vjjl`QzEeYaMVap7i-T+b>qn^Q#aSgcoPUt`
zx6F8?4w1iqa?K27ll<|R0?k97ozGs<YpHUX+p`YY(h-wB`S%9aFEduee`u!r9~3Mm
zjl4bXPn$0e%DL^Gn4G+ES+IcZEA;j`aY{e&aI|g878$OZO@1}D>b0?J&d2AC>*`t`
zD1ZLOA!(ybdT89xB=~NXn{vd97=p6#esf8M*&ct#ry`GpU8G|9gvYIK<H(j(5D#kS
z=OiQ(s?K~<R6d3cMm}_=2`=v4!|uA9#gIM>Y)$kWQE3zFiAtKLdXEf?DzBKAd$Sy@
z-6~%Aa01Cc;dV!LCz>G_<&iPfyDrUoK*&zg)0)J`BTy}uBiiXm_#|m2@G<`fR99-B
zpmj`9SEKj^zl1muL=W;TQne#ZP`~iQLF|rnn{QBA=?Oy&A3M6%{sGN|Cl-a@$)^1`
zEHbm~ErPjMx!}hz4qOp7;Pk#b7^0!$h3*%G5XJD&YHaqCdL<?%dP)3){L%mK1KFOq
zjFwDLs|vo39B(!I{MTeog4Vp9_=K3bemD*!%ZpsKb&%4^ADJ)8@@@B#1hvq1uo)32
zjGQ$P?2sJ-$VPYC!uuKyg@t=Z-$f~Te{wXt6*S;=E=6N}(LRzS3h}aOo1;}+myXJM
zK$;~c5hPe$K0iC0XrrCZ-YxAx%rOsTy<Q{`*ccn3VLAo>*gzqFaV3>6PUFfvw%^AE
z4Kjdv92YW>WU)LfO+cqEH`mun8WrBPn3N?zm4DUQ^DwHCwW3UFfA^41kld)j3IAdO
z!?PE5@*GOxC^xKuM~TEUX&;O#uxxM2J`ejvN}wjU!d9iNN$yf!aO^!N$glh9aUz=!
za}yT#E6HM|P8fn1?{5EV^Mb)*mdjc}W!~_-@@UbJZ#|^Su3b7H$N`z4{Q9m--C4w|
zyDf&hxmcL*#Ho;K>vL>o6gGVDZc&S1V&U_>AFeEny%a435w8K`7VgxZ;)Rz`KwKxD
z-KtPMytd9^+)L4R#P;aj<0zU62{zxT1~1QLn?WkVV@I83C=l63_fzGTt3TR}=BcF!
z4?izHqG*E>J)Nuu=vfhDru;*(;sLPykX!FdDE`AX7vm5S77sNa!UTozePUaC1E8_Z
z;WKxr%JHyr35g*V?HM*DmM_S+xD3RvdIP3esH&^hb_rqAS4Oh6+0EXEl!0vm6FG$#
z8NZ=$0b#xcLgzchqXPc^<{0`GN$K)2PUi6bDULDG(`5xA;&yYUxsO<xa#QMyHZSS~
z!3K`(CNxI+dunxsLf20AjsXaFZ1*3D@99@pNR`j#xc--v9>12$u@7gNrm-m#<47J)
zsT*sxwoqIQ5!HIvZ+_$k9YU<Vk|B6)Q6G=m{*p*~DI=ROiNFjy%H4i~7j<1>@spMD
z=bUu1G9DhGNucqtGn?=HX`_SN{ub(@(_?LRbJ%Zz%AtZf9(74568HRJwMJlhh(*3{
zVQbd9!l~m7eK>TU!dM}$t6)!TJJc>`U)PfPAEc>AInC2~wNYRYbTpO*=NghFEqaFh
z#|iPD8uRpQtu?p6dX}{!S$A%0C0<?b5Bpu=+8(Kw?5DRkXTHKSbT%|=GiRDkE(4)i
zmrw%6t*&|QATJ_bp6YTgX^*%eDc9GeTM3C*3oF0z&9W&Rv%d!wEs%i_8{f!32nxSw
za!lxYJBiyLmucK$(h8Q|re~KHJkxjI$+UuHWIQo-9>?oZmny@M&+6G7VoovIJLMB&
zVJ@qSQ9TSAEhgUcWAd7A%mI@Uz*ZdtA$dA5z5h~Z9C|T*B5EHVLvGFWE^(vKvyz$<
zLT`}>a2=NbN!LM(03UstKjwQ69P#`RFEBgtC*g_pHLNVKoWYqU_BKp;KUMXES8h&}
z%(6W0m7&61+dDcDd?EF%b+0kOSiT>7ti}m(Cvr|_LJa*2hYWa}P(2M;)=Jcj3<T#p
zz4#>gB3COH^{xFwK?kgOezV(R<8Sje^RZx#Sjflbasy!pnJ0ME=?M)6s@1gx4xI2$
zuY|f``G0#=BAlFHiH*ubD#(h#9=SfjS0eBJpsk!iyaV}ET)jf??mP~pP&eMFH@FYE
zlm5QV_(zY-trzJNDHm`0-<UG?3@PZm=tYu1iB!_?l=50W^IAqRTVrOZ@p4>@ddcle
z0$eHv60$a)zUXyVeMJ}whWrBV<T*13K0$yHSm6={_)Hos`L02!5fr|^n)lO$TqC>%
zPzJ(37)@>sV0wd}n-qm(0t4?PJc&`1pV023-gT&|@GT9Uf6y>_qf%b!xd-AAjktnF
zmC`kH*P<AKmx-?jk}A5XJLp#{&5fM1s;FdR{OKJ42-W-|vL6!@2su8;_=>*xDO{{a
zG8ZMo^WDAt1cu8(T0Xxt@G{>@HHXH>=;DoSVudfcLoqMMFfon!)H~H2iI;DwzdU4h
zy~A?)3WN*vE_LQ~t@KWX)O8eBn^%kC<|s?5iM%+=d>=J`pec{_!vD|Bj5$14mAbv1
zvq4|B(7Q;zXGoNS`W6H8Y+7DZNGB<@h0jRlR3GF*1Z~sY%-%}p(NdFN+T3D@;V=g)
zgjc*JY{&#^0SjNTA-d(fcEc|m%bRe2su5i)xnDl|q8GLNz97w^kJx=?6aO?~4wC3q
z!J@bL*M>N!(92<jzWfA2Z3JKsUc9lsa{KK@FhX|}{OTK;x*`M<R5Wq%vWXv#8rG3z
zdDMghCThjaut-3qMduuW<paA*Q33{XS~g}86*$a!q~99XR_s%Gf&(mB%gkNpE>&(c
zo)Y-Z)lnhM9N$CNd8@(g<=ndKYJZ}VNna63W~fci(s_@6WI4v4@fKiU^m#Kn8h`p@
z0bPM_J)I<9kC5nQ8CN|lDK$w70KpI}`t{^^1sNtH-nF{am<fGl`dwGHCKNEgtJyKP
zwj6AqKkhO#ER(9GbesY2!1PYkwfNes%NtGfhOSEp=QSpn?K&Jz(M|=4U}(^w7ZlKs
zYXy)nX4r%lR~x>$uH13J-WWEceA1s2@=cWu5KS=5vOucch1!UB_0?~!;ZxgcKWzoZ
z<mZE~a8z$NAZC2o9-%fY6Ym3&7sDLSa8pB?C%sSo3=O)mgr`DJ<E3!$!9|u~?0<tr
zgl&@*o5aKx*|6CiOCj8+lQqo<H^&>&hwmO}-n^9(@+Qw4d+eOhdZ;V=NgO?U<{AKW
zLM<SVqoGD8KdIx!TtGkrnl80Y5?iEgbPWX+;`m+_dD-zN(!rq8!@pde9iNz^4jy1R
zkUY2l0>qD)`|P&>2V@t{e7Fc`DPMXU03<~`w>qwTf+^9l)df6}eVnT#p9WoRgh&U<
zuhPvy;imA=RL9DnG~cbl)kZ){3lhm-o9Cur0Zp0;Tmrq7c?P<byTBUFZH}4*s}qdp
z<7YgiZdjtUuKe<<Biklzys=1-=V))PbM<v=!V@oU$@w;%D)CfT@69l2Ys&*S>2Jer
zQzOMZ;Um#6LEGo8C{BCSy>gVpD<zPF!D%|(1IZ3DNt_~5{gi+_8bMQTtq;DSqm#>%
zZh(eb9qCd!4nt8gbqsHLV^ZQ!{tr(%BKrN+nC_N9vN?}P%1GZAzM8HCI}6^-j0rUU
z7Mq$VG&WR4m3&X+n*clwdYLgnZc}j%r?t{sn*Am47>#YN88GU+L&3Fg4)GZFT`h|e
zn_wJd(EOqOIi6TqUfniLl884Ynq!c$CDlpI`$t4ZWn4PmkY#bVK$wv=DP?z|IzD2F
zSe#*x|Gxots^>i&l1v)pOA-&X>aDgO>$E;R{25mq8T5xaUO=)NM`RM;PV;sWznF5*
zBMH1{-rL?%`-a90^?k^o&G+VyOz=q|WQczd0;c@g=@ZNOS*6zc)Na`G+crzulAB<h
zw+gL!yQ4JF*mV(lLe&~xu&p2y>7nv+EE{#$#+JHyZZmr@-#2eR+mItSJ!<CsTk&3D
z)p3X?+gSe9RYBrO-Q3RX+|C$;iwt8${dBSV{JcG1eq5<FEDFpQi(w~YSD-{`dmPNx
z9jbYe{B>bJEE^hJ;|}=;IS6zN-UAVxRSbP)_rclTmu%<XwuP64hcR6sNio0CT`F>f
zIPB;RHa#lbXS+@>JX$!D?*8=;lE1^YzdN)VOn&{S<MiNA$)9R2YN3_E*0k^MsrO<1
zhcJoD(rcx&1*V@}&aaZU57#a`Hm}C66TqS(=Q7~3Z%OL7eRsK$JGk&^a}suDd@_Oy
z9kgA0I&WiRBWx`*Bomtb<BL)|FffndE;42jsq+K{1O_W=wqBY9$n2Dl7uU`^{eN*W
z%&J+bqF$E$qK59IZkV1^Fmv#9{@Iv^YIIs<wlH~MFamD~X==8H9^QH6((rw>SL_!N
z9b*M-#&7@el-JBhr8>s0Su%`j*;H-8Oamz~0Hc16suhr&iTXsmO!dKT=cmfz4U$#(
zxQ2kvROu6xY0B#tuo{CLMI0G-tuNC}q~o44;A`01kOJoFM%Fy%XV5hn^SEoyKT&PI
zQ%g=*_12(1tH0C$<>xhobHvbR43-?nLmkRDd5g|8BfxXDKgAUP$(?oJt#AnH>ik5s
z{uZ!jBk_^-B~n#RFJNizZ^1%?=mQjpgygwC=kWr0Gko-isyP1yD9mV+$Q!wtOQ$Ul
z-&AHk27S{3?G(ScIK^ASpyJYZfAy_Ju028^;T}stwLEx8i#m@Bx!oQwlF=c33+4n+
zZd`br(uX?Mj>~^9(@o8#>DU9xT1L&zAHqf$Gt-D!x^hIf;+<j<TR_qi9jOD>J7%@y
z_yQAUh@Xdlr0eSZy25A~Gv&gvv=nAD&jGUnA!QE=DR|bk-Ji1lR*a)QBswH-C;qW6
z`RwEL<twqGJS_mRQqN<Qipwo~6jg20#HOU3=4M@GtNsKmYUmJ^J@o;B{xH-F9}PFN
z<;%sJ$-d9s>HA<680P8jho$j+aQLiD*MB(<$|H@Gck$H0>j-I-F3=J0@KI$ynuAUy
zak9n(8x9G6jPP%$%d^^NAk9%5l`7f=o$BRTe!pbGB09?+v0Py>&p@@61Y|H8fXsT$
zeXdUR%KHBCaKL}yz8L62_~MLT`*gb}>gK&<0DToswVz$k4=as2sF#8_Xpoq9N|9B+
zHt!FSQv%7(ZOntJ7P9&{3L^(=!Wjhd)prn{@E)Q1_AJsO+tl2XSxkO2@z<2}7$Wj6
zdP&3WO=s*T=*TR)1sws%hkcBph8pndM6*2%P-_^c`hDcOC2q+;<5Zhqq9#V>5P`+=
z>`R!li2i~<ERQTnlU=Gq_b<xwHb}QV3pUJBCV%g29k3VVr;z0gOyYunsvTx_I+%X%
z>~IN4FMga`Jy#stYi<76cL!r4q`0yjDtGDZ?JcMw&0HtZ1FU0tw%h?7gG$>J=YOu7
zheSNDb<dcUj$gsU*tTC`g42AYml*y*j$+N)3N4qy9zE|U91Qs)(|Z*dguD(j{cC%$
zaGk-nW^+OMS*ff2^TN_qiO~tu+?SQP`~ao5cicPcMt8qojP->*cpgSy^D6UT;YSd1
zVHPk{*)lFS03cdvmjb+$!}_;xtlnPrznXXU7S#>bFd_=Sb(Q<&OT&c-MN~}R(s&H3
zy!3Vcldy}hgyE2`ZmKM&I6<*7c9!PqH1V-j#FA3$VPIp2P~A@5S-w?dh_npjMBRes
z&>355p~X_i?p0q?&q|i#vsCF7AZebc+&ukan>)DhNP}>R-67#NCBI>7_u%nS1;smm
z)Bm!V={$MqTj`#gckXmV3Ffr-xi9PBK#<G<<vLTXwSBPI4-}k<D-K+kU>99fbX8;%
z^s}l;k)21s#z(C1jD}`&6kUB;^{c@13!SFy{2aAuPGP2q>B7f9b{tJ=M{4^wQu^y1
zNt_u)&8<9{b2~*)<gX1idN(}8*l?81!cWvy3ZUeex*i82&c&>6TxRn!&F<{f7^UT}
zby2p6e1;Uix;UYM|3I&Kn6wT7P#Q2<oHzQ&x2;Laj%GMT>61EU%^piB(gx};6!Is^
zjYCg`)t>N6e6q@fqUBbaXX?aY^6*CfiFheC_SJCGB@~fd)rzZ>%1}#mkN7L8bAE=4
zM5JP>-bN1k?5i-#RdH!kEyC=J?2NiqV{7fm^iUe_=dDQ8w{FshZ<7{@ry_KWu2&r&
zc~-h#aewpjL8CAFI1(HQ@h0?ar~2U`dowa2_|Oj%XhkeXJuW};?1e32*NH)zrTR8C
z-+B(-^Ap0fUs^giU%dLs+K`0RAOHvsQIwj;NTWTx;5!ct@vql9{mKL4_jIhq=4BKg
z%_f}W#~gf;1?<y}IKLwXQXEAd;8r}t3T0o5x^Nt(lyC#9?w_2U0QS7o5(y`))=(=~
zqG3`>j)vEKKb*upa7M@EQPXfXP9y2>Nh^ly4dLx1P1bdH4U{iJr%~G<m)zWZNylvL
zB(Of(`x;9U4HgO`?L5D{f)S<_D@2$R)u^oKs=&JmiLZa`#34Js+6^oWJNzQX)#UDm
zDlY9qoHo(0D%JLs<$WHQ*%-z-m5Vna3W$zD)*<z1bvofL3Yo};upYHZt@_WwY+!*q
zJ=edK2WUc2s=rs%>4J(*pmw%R%!wm0-01F$sO$-4I$9q<QG~E`2ICo-Xe{-<2<?X#
z`e(uBZ{J1f$&Q_9is<oCWm=U0-?2aE40Apskv>v!g-!<I#y=%qupd?qq?(4i&aw6>
zsvrUqK*x6{6bDvii)~F<RYlRDd-XPa(g>4KBaXY+<+)r!2}8oL<}uEmm`PZb;@O*F
zoT3c3vXEYQE*QXL=CCWmfJ3R&%11v8q&vMz%?zuH#|bS7aaY49a238TSatcy$=wuk
zlpfz)=Q1+%N5X{S>ar^ZSS~W=n_djNo~FMsWZVk#Gan)<sW6);h&W+L3{KM1OSmt^
zSs1|52@Yr&j~#>4FBzO_2oQr#?OE#e+)1~jCKa&@h{4>LXC`ij2@V*)wcq`Io8xGW
zrak>#zrV;7x)7S$>WBqwKl8(&J3oAM_!x7rJA_`gr+H^w){>#e^M;s*PuX}f^JzSu
zk;>saUuuuPD*xcytA`cJ8JZB@+vUh5p~O1O&ZUw)Iji^`m)+Ve>ePMTz0^e9fz6vV
z219O9+?P33?Axn&Ou-$USddTWJ?Z>5cOJjXA<nyaJj55MVZOsCxS$m+AuYMViI81k
zQQDOOvHHnj&t)wPK~yKN;iNO2cW$+s6oHfLzW4PXPh3KL+;0ymrMGp*yys&31Pdvx
zQB(z0ESF}-^UsZ4kt)p%<RN0K=8T)23k=OYS$?A5Qrbl2PL~O#j}xQ*I=Sn3ft0Tn
zX_#X@V=6_{EIZ6`E2u<fB}cFmkE|@$6j@^u95-+g5kz8C*NI)eYE3j-FwS?LOZ?j{
zdcgFb*p%R*gU}^WnUmS-`8^IFrkoQM<b!iwJ`*V^6-j4W5~f6~=ko0}+cVbzF2N9t
z7fbUfpL&Pm7IRc<*ObXK&ty7{0K40fUZN}UQ`t#VdYk01bY=U=#1*jZfXt|$30X9S
zTzdHl-pWs^T5AUTf@H;8%f8-2!IY4C8<XNAvH7oZ$?UY<P?^M9|L~xU^Ven=%oB!R
z8}W6n1Bq*Gqn&Q|tPS?3yyiH+;AEJ8HImDrQ{;fQ0q-!zw&mS)Mbj9j2YPFwM<z<>
zt_e~lr{}C9+w+Y#0p01o+!g_D9jGJZWRvj-T7d;=G)|;_VQq4g`2cdnN>Fi;*Dm*^
zVI`j^*7tFn0_h2Y<7LY|@+zn1gl1|D3qi4YfGk_DCjnj@#=uIB0E<y`tC1N41o~o{
zG#LTpPaxVb9sadVzr2Sjl7jB#yZTA;?W_b&-$UmPM#dz829AaJ7z^e-ykuGfF>!n?
z#0S^z4jgU%Q4?T9Eon?RK|+)y4fYj}W#|L-6MBoraOibC1^gq2i{T+%ZUPhGn4n2j
zism>#vwc0C>-a+zi>n2e5SMb=f;lk=M`@&~j^YY&%hR|M<yU3xs?ERMK|7(u9PUz5
z6_>S0b0@Ek*L=8$;{*Z&Q{-!`)puPO`KHh0*6VE_I`wWWoJSiNHoQF1y0WF10QIeq
zPQ1*!vEsM@{>j{}oH4mo=q1ft14J>%Od-7@3@&coYeQ@sg#>Uf=bZwY<_2oqw8B64
zyCe|T`Tzn&Cxci?HD5s8(}`Wl%{)+~;HMccUqH2#SH{f?sf|-K3C0-7oPfofDHey|
z$?L}+5bJck63fVM0N^2m2Yo~{PPs}m+4-bT-B-2{!3gvw9h4S;(@AJ&2(I5heokU5
zWXcf4rjXf&rsea@Z1F9xjh+ZQ>FR;qhk%>4N^6%Sn9zH`sNF{XwA6^{%dMv%ya4tC
zH-GlnDFLyV*F@HJm@(02<ecyz@3rem6oCYo;@KicYb;nWnqYkrGWz@0Zvg$+FqY`X
zuIL(prb`S0%-bDot9h?g+oSyA)=O$ENDFh9^Bl}};rw}Hs=M|YFX=znwkD~31^tDn
z|6e!W-SWxMbsTWx7#nKPnm|0=y74D3gLyv+W;9OUacf3mun8OPFao*`7t>7MhI*fv
za=`9@Y#18v2ci<;5l0}auzL$&Q%mRQOaVI;r{bnTVQ&nw5A&p7AvZYH7qTD|aj7ei
zm($^M3s6E$qBm&(tVE?bPQ+)Nk!d=%&P^&-3MNsmD?%5&NvH;v1dl!7{3SU*=ZIoK
zWPuP~oCRz*L_zoyz0rF?Qv=|lv681e<rBNKn}(+JSh%5i@0a77$Fj+DIev2yLYY9q
zf`xNfgS`SIVm)unn5ig#QX4!(W$H>!U&AJTH}FImZNyQljhBg&5-)Du&{k15O_fOI
z#{r-P6UzP76`t6&3Q{5~ao}qcJd!!ixJ$nHU*0IoN@f$dI7|+JZ-^s)f<8>g9jgI>
z-xIr#KBEaV(+e$UKV7{Kq@5qq%|9|l<OG7GM3Y)l#g<uzH+AA%x*^aIODhuGd=nsf
z1wnHL^VR_M#26O37lV6g2o@r~&0BFO=I&RY1_89gS=p|nezM9R=fxCKW08HUI_Dc^
z`RjX0QD_{lKB)S*Jpf<1q;+=b1}HG;*hjQ~Ltli`vze6Tw4cu7@=DGnqd?2#l3K^M
z+0Wsk*nXayH-{9xbA!AUdg24qfU8$ii9(4UqoLCDgN8bfEnEf%vsl*k1b0->65UOt
z+H|Vq*y8sfazf0pE*HgHLXOKonjjWU;U>YkeDYY1#5gPXP5XbYOBf4&4)q@IS(-`~
zeS>fZ%?u*gt<4zrhhdTuUEMKPviw>+c@4_XgY#`@zH{f2yQ~?jq*CZz@Dp@#L{N?v
zZ%NC)NQ!0m4_gi8FT=Su(5qk^IwAiK+^;H{xL<Je_4F8^u+h!LG;%&_;nDb-e)&H%
zhNQ&shah)c93_;{6kQ}w1rGmh0h0fxql}}bpPdPTWku$AvYbNYB&cP`?1nUsH_z4U
zjdZRQ-JuIom>0<n_>$ZJED6WCpP4$hSMBh&x_;|BB{f~JQuH66x4%+c;fV2@@@!O{
zl}@Q%sHyx7Oa^j0zimw~A6@>r%)Vp;;q9HU?)K}G<*QSXh3z_UkoqdO&)b=Awx21I
z-j*$EueEn&?2MxOd01gzP5=J>hLWv^;fbyP(eB>Zb@oCSvqJV&`RTTlLOaD;$L-I-
zwX)b?gQqq2n_mi(52$AgnXhUue;)jUoUUXu1wL2e{Ri1z+r5+to4k_SvrYR4A^ivW
z7{(gLbxm<5lsxDTIa{gCzP4@z_|z%g0)+=Bd-WOfQnnFi9c&|eGKYWn+C;!Jk$GGr
z0ywNp(rL(^=m3FU>9eB)g`Z0&$n-ec16`k8HmR`v4~5>a$;`=sldEVm266(zia&+I
zBKNVq%C*#?w+7b&f~40zI<wy+sj?Avc8`)E-Uz78!dJ<zC>!XE!M*;EJa7?1oa9pF
z6#e#4-^p&#)AEIznY1JSQ~3#N?;)J2viXmGA1tQy0Uv`Ty-eRhW{GFLJL;_$z-DL&
zk4^y<QB;EjvV0jRX@VWEjKmV|$?U`@(^uT=Fn(UVa6y3>ha;uDk-60<p=Gu@h)#T-
zX$s8fZ5ZAe=rJ_7G1)w61~OoWooRyz#-HM!peUR3vY$`HX4~=K8Z^IddLR0q)J*>8
zfnJy4o7<drb~V>{Z?{tm=19ubmYYb1^pQywYH&0lmKS}qcUkxJ0V*9qi|hgu{qo1l
zR=<^Tf#W6|`%PaEG*wtjxZ+W6M7R`}sUMu{s-%g4X!wUiIq0c`JJW*pNg@JZN+Ve(
z>JqB*?ZMj#k0OQZv-m#U!r`Ga0>CWckI1?kD(Ynw>c3I5S{X({XG4p)S&`Q|<$RUM
z^SL%YP#~D0|DvQ&J@-zf;Val%gbzRSj2D|m53#z(xtT3$5%sB?gCxR4QWA(nz}Rck
z0RYRAK|8lUfJ?S%$)tw$p4Nwz7kjm<iD0b|X{9}}ucK|zN1U>vePeX_tjt(!qnn6F
z-(dif5N3<IMDONq;t!51)I~RO3uctdjbE5j{^g{zWgqT*Nzj9;U%!)Z)+0B8Z}+q9
zYkgp}S)~4t{8oK+&LTS52%tzil}c_^{V9?2rK`K~=(<@50JOz)Hp=1#ae)sfI6VbG
z(wxQMhl-39BR+ke-=^wd;N!G!-RxAD?4#y>05$JNWx`B>`VYsfWxXwa^bnKHyl<WP
z`O~WU)YgOqUFcMlCv%9N)18JSs5R7+6fcbw3HB7>F7K^?vzH--Y(O7)iZ^(uE%7*T
zvjw;U7CncG-vNy;HI90pd&n1MiTjoJtCn{gcf?{BO+@&#y0&JHp}Ab+#**cIliSmm
z_8ifQ#U<5WO6xAk*O!O{Eg326J;VdQ{H*^6VZ?J5@oynyU2yUD@bsWcn&+~r>rZ^J
zF_f=IpRH)^ICorFd7!jbc*UW#wXk>n58`l&8W|f6eJ;&pn|yd-pUI?z%=c!9e6SH1
zT2M1}EqBhf{ya`5P#g_b7s3A^SBkr9h3g$B;CH##cHYO9Hh=y>3{RO?E=17O(IDA1
z<rxyF#)w;$o!xp)zoPVBk*|BGFB!9OUG06%98wtHb3)XkXg(ps$5**#&>-&>tay^1
zF}LB1+6~*es+IO|JX^X%D9r3Zh)G*UWtY~@#$O!P@NTTvb8plpKT#`K$*#G7O5n}L
zv>N)Tv9xupxudzY(C^rKW_%(z0rAmb`t13&rm$^OpL`wV`P2jS>WbT&`?%IE#v1qR
z`rLv_*&oJ@$HP#G`ArnGxF@OnBB4$R^iPS5#Q6K=<kmFEd^9fVyno@Tm}|s6kHtCo
zL~X1eeBe!bOo*v|te-l>x$u~r7%%;S;pUXgeN{mh=GNf@Lmd}t>1>X71`<eh$#O<$
zYKowqokE?&6IFV$vB$_+iT?Q4R7m6)C2`SxyI)gV0xK=bp}%CXlqz%?W>a!s3cit=
zFQ6tSKLP<vErcrLvozg@xe6md6q^o*v5a2V&6lkx=S|(kV0$PY3Ih4C%|Qat^A&Im
zcqyh$RDLuERZvP*+-JXVAik=2Ew}G;uROuYGR13Kb<)g{MGNb{?-LXoyuHk^`CX+r
z6Ml6thSVU3EJ~L>^j}F*$#-(cA!vT975$fWS%u+BLl&LV&D_N$5P4ey?``^lK2qZl
zzS7F%2u<)VW{5%%_J0(d8^cJ)sXuCu?QsH*(=FFSeWP86Ec@h&noOMa$GsFy+ns9|
zG5qjTaTPxZ=ki*|d~o3piXYNj(c)PKJ&})otmAEMmM0x^Q6(dX7|$KqXz8luPMx=~
z_L&UzzQ*97HCpZ111}{p)(evYW`DdWIY8yW4J4qa#2$y3Q%<^YY>q~=pD^SV%%(YZ
zpy{a<w)J4mTcUR{QG7n|5E;pmcSq_vSL1YiQ!ZL%lT93nY{<C;=4m-XXKr4GQOl;}
zwG{YTnz|!)ktm>FGv4H#v%<DA_qtZi`&`mTO=27evP6<Z@%Nxu5*93BhW=wuBKCEX
z*2kP5y`c_s^AF4HOJb`w+P>ELu11UcKSYT2;MnOKVxunC7>At&yHn>dKh|>T&4&;U
zT%sgP0>u7Z6j?|$nBwAO!*ZqjTDJfAE3cZoC_V)4+{kx2meW?|(-f4N%(I_gi1G%3
zmcoufY;-GCaov%Kog8>y3?4}dNJ1}imesQLRa5%u`<3v~hmOnqq+A9ulw<Qk|M9oy
z_6KP}Wv=vT<zD?DdHVuJuH2sClkcc=fXBL&hH}I6;y!=<nqKcxt1>CJP7Sn1Z>QgP
zdd1kE>#=fKnATKFh!sLe)MYh9j4__b?Q3diT${yrelE-D2qt7%yfkuEXL<!kzRz-Z
ztMLD;1B1=awsz23WFi;PXv_E!4`ha1Q-mSC@y}_wox{~jBXgq*fTeWGk8YRGa(|M8
zT}hGT$@qXoIW$LbQ7-$wd}Ud$x3n;K11J>jdu|`cEyMFiFmFm&@sE<eUEgm9C;Dl*
z(^XdU2RWW_g!Ec^;jMcK7b)149OPE_fB(IRHebmV{_7?#IIruQ6#Qx=+m9zt=3dKB
zbMv`5?D?yf<<)WpXqy>RlAOEnwbnfYSk}5Ue01epIDIncdP?s%&cYA7Ihbr8b0f0n
zIDC38@uee|%td~1uvMgezej|X*dHZK3`4|k%Af1ilF~)&u_EDRlj`~Ij=O%JCTh`3
zl0XqWeW!CvL&~=-XVhkUT}zZ>GIgAb3*%5={bD#qU`2-fQU$A6Jd9&V#~YlJ8)=sv
z{fzb{u<4z43vcTXNx%ATHPLguLaIDa=U}E|F}Bc+2x8V@A&(EHj=#F96L4&D<@9lo
z?^NjgIPuaxU`1wE`monoyVQ{3;w|aJ6oS#}YPfl2RzUi1{C%m13tCBGh-KIA0k=6=
zVe?#0&Jv>j=eJ(HeOhuHL5g0wDzr}H{wR{nsq7~!jBpcwC1cGm)7^E?ZvBL4dC=kY
zO5*Ep5We4(&lU>?c<cP5&J!eF`c@@^AM)%Ccc*yGmxrCWW&iLYVzBQc->pz{uBH$R
z48@pu4ZQ1m`_j>IH>*^xczP`OTyygtHECk~*QSZYwN#?<D=72cE@ENSJaemQ0MoNc
zo9du&B*N@cEmRP90t+S0>4`h>n{I8t(_6}-n!zo?>@1jT1oi>Z`37Hspk3M3m~O-o
zyN{xci^~dNq(#EW?Vzm0KUfBy8I4n8ac#kY<wiopGu%7kCoq~aUAM#u=%U+q#w~xT
zabsA1kIYK863<(`OXXsg$Jq%;T}lu5u(8#6D=s*$fit6Hj5$s8o*Ww6pFl(mO49E3
zLzRpvdv<B+gju><KUu0#=H|Wek9Od<(~cpH=JRVPW_Ud>;JWCIZV+I2J@SyaDc4aG
zH=56f=&ycI42P>RdHGxf2qUnT*<)D$yTif3*n>SnJnn%`m$mCHe)o|r4Y>1&M)vhD
znZ=?w%+iR&<IYt^gBl}lg1el|{fwY4S2UqR9?B1XCaVks+{K!RS2WAGBES7S1@}00
z^8uoynq`C#H=2Fe0^G_^Umdy5_%gUZ-hK5REMf#rP5u{Nyo6zNEPMUf38p5x>+#Tj
z9z;X@6Sct&W69+Wb>u!3KaInXlCaT;1}Z~=6L*X*m~&|^m<C2@Q4r6-+-(d3@HC>k
z=w{bqxPO6)Bm(*=Et-Gm4riN@4xvU%$@`c9+G1Wj`5@kE5ri0+(ApUJvsf0@Cq%Iw
zXhZsDC(0+2#ekpDqqX-ywS~9e&ij5b16ilGlbVjrrELr?sp5L9oj;8BK$X4&mqTsK
zUlb87g6VAz;P+KrmmvQQ&eMDLHIRDnNmU}(K_0>tIvPVT9>ZFA!RULghE(tFxJ3(w
z%y64?-kef@$Sw|b`8+WQYCuzu3?muZPd^!|O>{a_yw3!4>-gl2@C6Ges(92TvGp@l
z5KP}K=IMqs9u6wx)j6fSoR|9f`YpQ4AO%q&j!uPDFUk<;5H8*VsfKTEkK$R3JmBz~
zz<}QMcM_nE#RU<B&~?EZyaP@uK!rB37PxNtx?xvTtZ~6CzuSAwV=W4e(baMB(2iV=
ze~JnjcFh~bL&(MRmPm-_zRA!b-1MB2XtQ8yYE{tv55OPZdQ*jJmEhec4dQ)|BI|=4
z(Mk#uE<R}hwvta$Fpjt!5^#?obpby~2rC9J(Z(Pk!T#t7P&?=1LF)q!wm3NsIprW0
zkRl;JZqVH(p(*JrsGn{U0Z174eWu*?3*Qfvj#%pu+P^}N8!}=ewO&ko+-=Iz)v?)*
zf<FVyO{SL{rt*^$XlV3V3Ajv$z3<fYSec-$!9NP7ZSvk?Y2eDn3`uUVrG35wL7Bd<
z&{a}+UG~nPV}YRsm<}Wc0<{O1;KuTU&)Q7@tSp+o0ifsx!wt3r!}7*W-JmxK(N_d6
zvPs!n4LkzQgTNw?39<LOG3REf#Be!IbhlBM5`(%%LnL@uX<GdwH&+xzVXY6-P>F5F
z1t?ZVFHpJo{%5Z)nq@jxR{W(8&Om8iUINBdyQKx5ACXR8Qo_{~Ii+rxk31^^Pzt>Q
zmss(ji3)og<CnC|v3>%ZcdlQ(pv*xq_Sc3yUYF*F!YD%T7Nz?W))7DC+1BiWq<K+1
z6ip!USTQI`Ou<_Pcr&9P`;+RLG?F!HR5_wWleBpCx5Of~s5uHN?(z}@?5mLQ(X9x_
zQx`rnL#LDAj`;f$=LQs)nCoc&ecVGzI&<;h9ubt;k#i80#ka*pZ6RLvTc)vgH>9sY
zWamH{+12k*X2@DYKhPF-6hiUrS{)KR%qDO(R{;{vmGn_t0bx90Rv~1`!L_>-nB&>E
zd?K4d8Lo68w$A9k(gy`KrXMeBzFeBFA}?!}{To9{*N#^xe78@;W)^zF4!R1{ezNge
z7i5NN_UvC4umq0EpW439yDq<`2FdB4mkay4+a06#{Q#W3gBgP7&yoE3<P<JBM0NaE
zNE0VSgl#oYE5GFW=c1Aj&<%tt<;~l&W$t@jiPW&2_Z=ngEnH|{zx@ZPe{^iS!j{gY
zl+PY^QGbvFT#(rOF%M}hE9M{M{N0y?h2_791KkyevxPOK(l7oi!e?#%HRq+E!J)K%
z9+vSBLbdQ~jH6(t&zpgZU6qx+y7oZ&>_U<6%O&~o>?#r=a>3h*+_<-PQHXv*Lbf&W
zb*iz34lGyxV*8glGAG(XSarwTt)h`%%d4ecBFF6V6Aijd<@>}x9k>Y6Ote`Y{L0!l
z7W5v%UH!^Mgu5D!jqjTMuuWrbCg-Rp`6L63|CE1!yG$}p$uUSiqz6FDDOEb>7L=de
z4&yD`NT4dQ(-XX|#x1J@h)m|=iLW09M}r+%C6aF4NK&jzCpiIG!s#<BiM<inAh@Ry
z5#QKJKIfn$z_MUWsFB(LI|%TaYoAw-`@>OgEJ=)!-3eR<%`C;_jazSn`hF=?4gbB1
z@^cU*vjG=1<nC9yHlncxZb}@74Ihm5@+5tRq&a}p+4v?C)@(N9L70gH76^iP32qml
zqtWM9OA8z3vKZ(z?Yv1gG(U+iaG9uL=1vF1P-j6Nv}^HT-z?{MXE5D|d+!4_MFiwy
z8ZedgP??dVQ=ObY9VacJVILfqA0BKbRITEv0Zj?Dybt(fd3Q{Pxp_Z~FfY?YOa=Pi
z2+EC*Sry#p5Eb8_)^`QfH9zg+@I{`7dRs@!>ObwB>J<7aZy^35QB_X6B5%R7Eb$E^
z81g}#;@!S+f@RO+oC@&|4skf;nyYaimQXn7nP3?I+HD5JvG7r~=igs@Hu4@$sN9V8
zcuns)V8Hq@$k@1AE$*g@tNII*3IYuzSpVMiil)4IIj8xTR!<Im`Uu6xjo<)2QAy|E
zWbo4p;U3{?&Ct*$YX27u>kQXR)rQc9ab_o!{dds0Af&Q31|UlJ$gdqd=AgpyB@Hw(
z7^L6P0<I=Y<0(z=Gk1H{_gcn4@Y;RG_`3`6F=O8M0N&<L9mLLiL4A}@H%WYMhPEXG
zTscS|6f3%hr#2RE@DW0|B%tIGm5zj03fU(|$BSF`QHHwGH73#TY4}!Y`W$UlnDlb%
zPH6OUmpN3=&pgvFNB<<tkAq4)&-ke)&x)#fmSx^a-334JKqT8X9z*40=*%YD92R!M
z=(BXDn<dPro+X!W|AXK(XRIaQ+^zE3*gDU>mfA0TaV&Ff`q%QpW@z8ip;gHrdjk9Q
z3;g{bPUa~X*uM;Yq?Cr(-*0QS)k$|d+dTuOivM=^7P^)S!KR=(B+E7r)Dx~w+MpMn
z_7Sww%bFO>!R^d7&&JA=!i4L{1F!ZkrXr0>;|hVcXPO5hf0HjnE-$Wo7NB97*N?n|
zr{Q{L!DNM(tmEXCa_$tS=J`@TI^Kth>?<)Xg51*LlJxFbO^wI~AjYFvN~yB~N&WUI
zFppe_Dg%Y{14gC3Z*Lq(YhUeJp0{0e<V<%z{fxY*fr>9h>5mL9SU+D#JrmBpG&{Jc
z=?`w-Lk=m9G$NB0-rY|&Zr(hd_w2U`9c38U?)yR7z+`$)D!qGXz_X(=fb@Dc7BNf^
zRCVmtIN64Dx5b5aHwg#v=WRmDMH#8}RsHf`x|7|WlW^65JjN5w8~p@PObcP}D7oeG
z&5Ko!FevJ)kvf(eq6*h(f1dW%dNlYT-TR6L_O?KSVO6JLLWj^}c;qo*+azNjGPmz3
zeg|*-gUFTKGQPLAX$j#Na$>JbEsea3QmRz@A{l9N{zd-Ed9Q9t+s`;*81^Z-KDyan
z7@mpjp{~`VR*YQSbG18o@N*(vE4McNLP};T%J(L%C*odq&>jn)Tdu<~7$r|;{M+9X
zybLX@8ns4FAnwm}o(!0%Vwd9FV_mona|}%(X2%p&qZ}=tGAKcPT?XfmB*8GsXZ5XF
z$f8z%oFs^R2dJX~&B{r};78~!qR?qPwi6Yc?)&ffE3-lhEfbZmZ6wuW{b57&Ma@0Z
zxNWxt6|qE|Dm*}=BL81J*|2t_pW3%?bd72zUJK6by3Ds&T^@qdOyTtxGC%X;Lq?k1
zb4b`pLP50w>~WJRpLpT&&@;$QJ6=r{HE!pXpR_tHf0#A=4%v;AQ)BxFA*AfpyOs%C
z71ktsBmonf@1YyHaOq|0(kDNjaw^cgc;Vwj$2V`k$y2ucnub~gnIrT-Xe_NV$r%Hm
z&(AHsQ+_o{-f6PVRlymu4UI@FV9}^eJo)@f+Xn=xHIBa#)VX{ob-+3t$))4*W*A-n
zf#DsY!G|<PtN-<v@&R`^OHe1DT23uA*RgE72*&rmzw&V!>AQAr+2TeFL*DKh_@ZwN
zO&P|JBN&(X!eDA5UZvu^rl??d>e*EOrWk+Hp(y!`Nnqe)&>nQ{ADbuQ>u;pBAZq%>
z>76OC=D2HT=8(RpZ@9aBJ3q%21^3_C&`D9vVkw=xThTu^bmufZ-PHs2q~?U_1?*1I
zWWi2FGZdlTBNL&zTnq?{$n#hnNo45pOln3MCef+&m+NX-tx^+ILo?&8etL7XlAdM*
zJ>{ynFvWZIe6xXC(MmJ2%a6ialG1nQ`Z$hG%ceB+mOg6)%;?D0iFt1cf^%@irJi$c
zYmHJ`x#m^gcu6ic1U15?(m<p4wC{)a%d8gkMK}AjV^EoI;zoOu%JY2lBABCoa~z=|
zi|CNhM+V$?vQhG(DJIWcZwB}*Sdtq5PeY-NsO-wFyOW3o46Yb6>y?SSTbWc&f9hgD
zi6l)hs;#TP;QQCO?Vr|GjSQmlQ_ny<U7=KPtW1(~>muj%nN;w{M#y{5__Zbt$TA#{
zscLy%I1tNR=N?lsPTs(=o$E9k#n^@T;FjSaw8VuAw|z;o0<9g!h7>Q#4W%_~KkS<u
zUiYF}Z#eYOiYvGY^;;z84gX4mfz^pHaZzTuWt(K;Nh`wPFnm<dBr8bNTUe~8IePPh
z4J^Hx4;v@M8DAflf^(sorbXeQC2-X1J?2i>KUwi^3ivK+6~hCBoUEMX2NEAu{77SQ
zP^|vj%q22o3Ee71_&@5>s3CpSB1SIuJi=JEK5LzGTjYwS(GWT&+W^Z7xf3L52K7t5
zUU}?eQ5J((Rgnn_c&9BfhL9oR9ML1e>IrMgFWcwU`53?P@awhJ+Bc;`#%)4hWqWrC
z`0DLTx84h}=dJUm>8bB2W$?9I#rvGsCKQLk3RPH?V(_TrL}<=R_{;_rempI%mC;en
zP$0rbXG5{*4r7xCxoa3U-e7_B@8n@S5ojx`yj*7F2ZIOwF=E8uVvX|#=6bS(2CS?c
zokSdNO~XlJybX<ddaw+u$3X%PET?Nd++QlghuBIb)et@GV;F|9-x+b#Lc=<(ZpKwc
zas}C=pVfNC1oZ?3Qc}}%$kJ?$^)9^<-6~Q6+4K#iy(<o;he}bvj7U^V6$%t5k)1A8
zTng8vymvl<95rAHBF-O77=FRV8Dep(w5VGMM!ws5_f~Jwar9H+J}4M`z0#05+1;V%
zS|8r;ZT_)Grf@QyRPXnzNghwUEaAZtmeJkA?-MXWjTfi<EZ=;LK}x51X`XnQmr76*
zd5_Z{axaYAihNOGm2y}$#~Fw8KV$V6Z>@vJs;{#Aito-J0R)1pcZMkT9|WmirML9p
zp$a)1^ejkYJJe}pNQ>Wp>ye>kTP%tgcqv;3r>4!MmFuK^A&R}DnHR~t4UDBR>qW78
z`6-I)rNuzF(CMv8-Ab>H#_pMm%4nyLe1~FL^xv!!7>Q!(+Nof2#s9@K*R00HdeKNK
z%K+RzfKcwc7BBAbp>aCj--`5isv(ahlDBb<W?6ht3CiYKPSn(G_>-N^7+}zVM~Q-&
zFeXr}4$d5o_aGs>-%FKz9f%L)x;A`CNpe)Fn-pA1viR9!)H<C|msFzI<!F8kEx%c*
z=u>rS>gMXAm{9Keil+9yJDp{te1RUW!Yte65u<Jbcla@6Xw?dT<T9AFmhbUMpqZjL
zdy0MKYB{<pUW8+C!CCow83vb?+F;*i+oBG{DMlxCY@50!#_?LgFl^+pG7g5g_S4zC
z#HD%NiDP4?*9{<dkGP!%nhe+#V<^Z%sLEExOA&l))7x_lD9Z`yZKp&ty|n<&3cDEE
zV)1yd7c@`Q0TZA(MR+f9y3{u%AKa>@TAKwHCjl@HJ1=R+885nj_m|X9Ku@f1?j2wL
zZe_eU=^DUsE@MFYztl&;(6menCsjz@SJ1Wv3YrOS*o53$fXpfJV-U0;eB747@Xzw?
zcFFtYQg3>=J~-F*S|WAvNF|JSQvmO<9^Rw{hw{k5tjFlxPc9&U@6%xS6@(%@!nuC{
zl4jW)Y0m)|wC5RXLpUUQzii9ffP;8cm%gD2h&r%z9(V#&rdu1G*Q#+d7<2=tbY6gA
zx@gJT862d$d4dZfTvSpwFzSt7B5GkW8YlG*=>KbK06@MljvAlwN?U}{yrKC=sM@`9
zc;eFB%{|FhmIu@XzE3wt%jkTk1{x8~r<3D4iW}P)+6nY7`_B{;6HnTUIDl?Qs`?MC
z13q;?@?Kl?A)s`?1M*gkEP&?6z8iLxl<vD^L5WP{J*m6p4ywrR1#rD@kx_CAks#5r
zh=*#btU7YRGA37oFXOk7gs2+{$bz5_i3gb7ZJRCuLjgROj!Ut`uOBtBEKG0!fMozd
z?fbK0Uz@+O2vwXMucOv84is5$Td{qTBR!!|#Z&l7HmbR@9FFSe<6Km8Ew&TG-&dt?
z`gEYHBewt*FJ@>zp{4)+t#j?>n~n&QQ^AYJ2f2meh(QosQg%0EA3m*n8r2+@_C}07
zeP0*GoQ0nzU=9$eG5gi|G&+QaJ>N1i<Z6^%6XGz|1y2Fnv*(WOu__V8FMi32NO3ym
z%t^V|UGGV7;~66ABL4HyrDRT+UCnEX)V$}di^~|6X)&f|*mPVJ;U49*b_+-02gfxr
z2kuwRJl7Is$QdI&H*c&RsTOy}q-uf_qe;B$7UM@ji-k!l1|>><0HaPQ_~j^|ZfuTB
z+~=BdP(Vg$y_nh%XTcoz58;9XF$}ZQxAMH*mA~^+-?7Jq1t)TR%pv_3IpIH;Bnzx0
z4=<Hc>i^uxPC0hk=T%uyo&Ks+(Kh*A-v?Km0DfTk@<sh5Ca2HM$A5>2i)BE%@WdfA
znG&rx{)hDotBw3sP3iB$(2Yx?e~@?CSIyTrjrH4LY-bOHT`M%k_Js2N?b&rmnl6#E
zSq)q3j!L8N==yt^&(~Ie+;R7;W^*CxZ-_Hn!`PLTLPs*2^RX>B;!iI;JUN@Pv`xM|
zw(MB3U1d5WYr7vNh*bP3KYSm!t`EbGS7?vqZN<@J^G6-;0Yu@f21JdEuKl}KW?x*i
zDcLB3^Ml|H=QFl_!Md3~%(G?j;~AW+`D=WqX!w`>T7+rQnbt<#+H;YRQ<h-`Ri*}N
zn*znBw)ZgCf=d{3@nW~Cmb2M~<T0xGv8<MR_mrNkVU8PJ825}{tpxs^QFxcav|Qzo
zjT#dwDNA*-+NGEOyoje#ES?nhZ1r)m%vw|=DdKMYs3m-5Qsh8=yEoYB6Msvu8KJPY
z;T6pXAR_Iie8lbQ<t!)>**{SoxYG}P`~aMu2LzCSf<d4i7hQbwa*5z-uNhOP)GF#v
zZl}ypF__~UN!{KU(t{!UErYA9gJF7>rTYf^*RGqn+dWqJbbvVn$Vf4>2s5p+B_lAL
zD|}gzsLPpH-N?cz_<70&Dhm|s239w8$c-!vqUI(5a9k!p1vUYKJZpoJ_n2~2KjE$4
z6cc8%YAe80@04UH2J{@{IKK`vKp%mUsUm0UBf`79BJ+c{9J1#<7`boHgAK!4blxNY
zHK2RU<}}uv1@W5HGovDk$}71nM$K@E@xnI~1ehOwAVP!v1q}!UI4*zXcL7!myQ57i
z;P9YJ|He5usw~$??kahY?~Zh4F7}UbhizlRDiM+G110I5B=#TgO$DYq9T(mt{s}26
zOc1MToF*Z72PC1<)Jn$M+~CNb@*z##xKN^1R_cR9HwP-%mKwk)ggj7h(0B$8xDkX8
zs;2h7uB!vd=YFT;X~vVO+Fysmo8RIB@55;7A2b2SC+-hU%;62Tu?V6m0Vs}sn1%=9
z;8Z;D&OZok$um!u;)x>`eK34?-c|>v{SHL&YRK;<0FF?P;hOXXL-_ruL@)VsP7oBh
zBUgil0d@goe=Ph~EjXQ5Ju3z;?|>$PXzy{R8Hg0%IO(?`=%qBCxjzesNG>LVcjH?8
zgKz^0sqo#QJT3>1sQ+&0jyMZlRJBRmn!i&e+x)uZsU(ZSd0j&vN+sd6)|Gs51>Xms
zeoPwbczW7*$$r<hsh$mH4?Aen*B%&8CJVYB@+L`}KD}xs*<|eFz#D{o#?)$G$ISIT
z`Pe>6x#YY&bnEs7YxiX^Cr-b{8*6Q=5B`_`Agdkdj?NBdrF+*-yM9X0?S3LWtT&$g
z!qqGLzXRJ{-fgQVAjy4u@p*FYP-#qG;N1D6(*>7n+iNGVy8G+wEO-@j<#5_K#P;ZV
z_Af^*?C9Br)orjeT=U+ozo=Qb1|$O3{Vdz;QSd*VsF+I;k<z^|kkR4(2jTz!FY%MY
z3(vnI{hpzk^LO-Qf~yuhi3DeZRX+B;G1#B^vvnP{cTJJ7H2Q^=y07oB;N;}sq(&GU
zY$<($T_xlUF-8%XtX@%P_ph+pBF~-^hPllylk1#rH1U-vwag_auU(>6JWR9wG0q)@
zm<2vgWulg+Z{FyQy;?o9I=g!8=*=ZdsZDn#cpSI`Lw61=aIWS}#arH#N0ya);SZni
z3JkiMeC(lkET|TFo914?|2R79fF{=lijR<%knRqV4(XDR4(Uc(kd_i@FWn%FNsGiN
z0cjAB8ZA;HqedeP0SPI;hwq>3Mep8syCCd5=bYa;Kl{Yguo3ZQq<R+Ol&DbFbEI#I
zEtAHJYPTjUKVTfVsz6z{6)hlOGbT}RQ5+$Qee@WaX*atP?sVynfe?qJl+5sOskc79
z03?T))aF>Ps9D-DI`it$Lw2*x6e-Do`(yoI6YLe=_zX032PWJPtbeY?nPtfMm9uzv
zYCkbSLKv5Yxnqx`6>9*f=r>y|Dc`S2jD)VDKMx-;4=QLIl*MeBUBY_{BHIWnikAjb
z-(Yg2?VDKipjUNUpV_5mm7q4;)mc#YA|7B!Xtqu*O9dp|rqL`6QR1lW5WB}^uz!||
z*Rdi#da0CpF;9zfqM|t@oOIlP#8TORw9;!Qlyf6~yzRzQjN}{B<wOu&JHg-L97*OC
z1qyRe-Mesweb3(-Bei5<h^gE%veN4mVIe2hxCix{)i%1yANbAqqodP7Rq+t*xF98R
zKz#x%@Ax-W5QtK=Dz;23$eEeVLA)dkKsVn>uC)2TIQKTAewoFRuyn0}m}0!@WK@q+
zy12j?o-C<yJKh@+w1*;AW<@3Fqx)s+Fd#xHV^n04`q)DLQ||j72XweP5sC!_=TJ`F
zM1=N_ur?|I?6AO&p}2C1E635QfAmep>i5sZjjSM@EW#fj>M^AXg4d(eGB3HxS7Suv
zdT1Z3eku;m0<VJ!Pa4~tM&=5NaHdur)NAbzbvn3ov~oBUd!A>!Kuvm;yydco&>;2N
zu*=?{s9Bftbjl$g5C=H3ZFec0o(2G-3rYF5Fdt!1?ZSUE$XLclAZX%?T%OS5GBu@@
zdEZ;l346$?V^bg9ou1cVe@5`j+Q`$BY*+5*f7Dgnvd2O$s^TtGdVZG?iDgYJzHH{n
z&&7S@(awYt6tjDiNHLDs41_<9O8o=L%BmSDaK<&10iyK^OD@Xkm}s)stmkHFN{FNX
z9vMb4F7@2}2Zqxs0wsJC$lz`hd|w=RaXKE>sCRpd=5?8dfJRdBP7sLGJE9p_Ka7i4
z4on`Vg>po}=8a@JE}-&8M*U3dfzoN_s(ZsyUEqg6IVEi_EmY`_+BP{WX(%taFE?@n
z>jAL)qQkwHOxi1#msX#+ow}em|LpM;1KUdKKC_BV&Heo%eP58cmU^yFU@?<;Ga-gu
zJ$Q*?_LeEcdR@Ix8W%eElvPA_HoeO#bp93T1s>Poxbvm>yeWxK+;D?WL|JWFHLBHf
zJv}MjGt$~7@w_<&tAqOijkSyampHjW0pFZi-H*x754|TJh?36Fa9ddpP3yJe$-H+~
zcb?8L37RwsZ&mQpJJ)po7#DbiXl$f%AXzP^0B18ki<e2{ay+H&^Bq!N`yJr@jg@N)
z`N13*c11D9BQkmg>!)XN_PYs#s{Xh=<!cd|RA@_TecAeG=sRbUvu{t54c*TgwNmXC
zFoKI?wn;W%Ydk2t@+QQGNYdKIz!A9L2!_W?%R2A+JI#lJP$8bDA=YZuE?0S?VN<(w
zCnhvRUAoFxHi=s7oD&Ovl&m@+f-*t#03Sl&R`>Cba5|bWaQ#pI%MAQ;8DF%5QBM7n
zqiMdgp$bgja%|n|{G$}nQ}X8wl#Lo9<>y%3G^r+<Uk8buk79}qDK;YnIF1Y#YLhnG
z7BdM5AIX^y5+4O}X~{eqp$SDca29ddmq}q-7e>X;W@g4vRQfv!(b`X@JAKqW9-{Zr
z5zd6#UB|b72fiuW_0I=i$931T1+2$h%j(p85g1heRX#iFAC;sfCm2b}pO<K;_nv&{
zQ=(Fz*MOa}Hdu+S7a0pAHNz}*`wgb+Nn5H#0`U+Ovw5KA?&oK+1%pPj`1m@pEhL@i
zzNX*#JaWI6D@f#>?(e5%@#QAIT<|?Eb0PO5RAth6CU(7{MgOE9Mv^%pR;%?TJl|gg
z5&9VQUtA!rU!u9Sbb~LKN3V`~KWz-Fm2@$}rjty%Jn(5$jL}sDc}e*<`c$e59^h)D
z;QlVHh@y7bOf2#~rF0EHtlQ`BGYYK%d?@^_a@!>aK6%H@XC1>%g@IXZ-QQ*f`X8-`
zpAF{d>mDV&0pR?NoJ%7i+N5{F#Kz|4q>fHRGCf1qw1$;SyCJCwF(STvGL9AB4h-ph
zbcm1RW4(j*`wz2(@gKKG1)6VC6aPNcg9)&Xm;;f4kTcg2LU(~-h*T9zj4bN(k{Iq_
zHh19df7^POB`k9z`x31D#iw!-$z%x=`_ACC23l__6R)cX6F)1C4S)p|N9TmNQINM9
z4rH1VU-;?ra&h}%&wY{-LcaoAl)7-5lrY!l%M?OVu@``OfQrGD0_gy1N8u2J?6-b2
zLt6jU+nl(RiaBDpH=s5UIQn2~$Ns$ERI|cfY6FJFu5C0;d@B;eI3ZbL#?Z7^vKmNB
zT<*hTANaY#K573QpYC}bOaM!AmK>hn6F(!>caOLd>1k*R_<;If8scY(J?#c4q>Cn#
zc7R|UX03$B8lo>AYV^~Wme{ZkS1H1tpZk`8I>FOF`h8!%!TgolZvP_&gNh09iAdcz
zz(t^kyP<C8$o<KS&jA+j!z(9?GHzoj*!#*dZlr_ptG#8JX0|6uf8=+jlq=7f3e=x3
zrK$9xfl!ZJiWMpYLYf*@qnWSN{^Cfv%KA{17QEcpB07*9SQf(r(f7eJqv@)r!8@Gf
z@Z@Xl_b<S50XZ7??KFj_m~4rIviGwcVBT|q%LoU0Y5*Vn{3;4m1d38K?o=$lJvk8L
zKMb`<I!Lri%dlQ^1-%2|_Vrc+aWKOA$r&^TjOlxS#+MskmC?oQfe#uffPBB1{*z-5
zcm*+MpHU_LR)Ha<&n9X=qPkzjbz=iDyyP<kW=QLnFu{mN7a9bdr@+-bv%MM0auSkz
zt*Y$q>Ik1fm%!#kAG8m^66YyB?H!!))z+ps_(ib;NNb#}7_h+EZ4>`UvfF<m(i}X`
zInI^OhNxKMA#a0L5F$|9&8Gx43QyF;ZMq3K5-@0e5lU_dsFeg4T;Q}q1j!qpxRQK7
z=n;6;>rfC*@D)A=PyRfvt<BUBo)oLZX$_zZ))fG`Ac2+t5}X0h#)2YA#dt%NJ-K<O
zwx9jd-RdWOasKSg-kj7qroc<scmxu3uVe5(qUNL`nC5wZJ${IcvjhJV&lAGgLGQr=
zyq%$IXwSExkBGko#~+2hUt#%T;K>=b;`>Pd2F-!c9y|#h7Ya|UZxS$Y_<(^k>j*wq
zkl@+7#feTFd@z@(NK{tFGlqj`RS<tQK&yOF2}%e>YbJQmKvbyWsWOGj^V3I_3D;)E
zVDFQf4@oAhYu0DF5rf4Rtnr^epUkp0xuca~+Bzu$no9E8U-jAZ);1mGPSRV~R&u*w
z#wQqKMg$t*%Z%lXfe;!po4iI%)>A0JOPHd2G5a8OD1(QH=_fRc7Kgs=9yV<YC3XPG
zgn@lH6~(<tj#)zR-g)qanhx#*MSDBfh$)IH)?yZ1(TGTDR9PfVZvZOXkrp9KuT@q0
zgu%2|tvKAk$N8c-&S&5Xe$R;Z^no`QGfKY*l9@tML=j~SkaRNj+`QlXwh{n?t>0-^
z9CyT^a+EetF}$*$mekqg<w~FplO<E3%iq-CgUEhI-ycPNfisX*xB8%`jj>~!OgG)*
zA=cMna~Cp}k%bJ2C_V5KuWgy;vYY-`^mM-NFtn??sd*vfO*Dfq;}5cuuKj|#59`}Q
z!vR)d(bwd+z+L~O@Jse+^jhM$<ID8XI%{@#(mC!`;gBct%i!)yoUXT&zkXkT2~+sJ
zqWAra>1KDiJoSbPn7~WDTG?CQ9R+j))a~@`{eO^Y>TBE+Td$+;vz+zwaNNJLH?+5=
zKe5o=^tsLEMB&E=3Zzdi!xY~4<y>@kgx6mW9d}=>Y`zH&e&cBylDc~^5kB${g8QfU
zB787BElkk;q;P$C-DTw#7fF1R8oYlp6zDEA(Z|OVL`yg;=R9e4{S>*4+6)SoT$U~G
zY~*{RhX}*+V~E3ur7^Xs1!n}z%VC22o$pz`R_Qj*uC0LFGvaZ+@%N+ooWP$>&)8;6
zt^Rs@k2)dK_x?TtOB2~49JuZ+9QH?kqpsBa{bltI1(qHzuhc{qzY0*Q`Sz|v-No+h
zLN)n-PY+qI05ZKko2Jv4%0#q>Pze+xfsgO)`O?5YskuK>3;baLE?dtlgFD`#-%`y~
zm*1#oH(DGB>t#Mh<O1CsF?Bx`uXycKkG3hbO$WJ7HKBhHF@QcC$glXI8+@RI?SpUe
z4mkge<t2Ax7JFc4teUZ8e~jV|-sn5n0)hjy9_#7YH&$eAW|DZ=;o#tbv8`nESzDgu
zh<No`Y=I{DjYbYG@#_4phl(F8wtOH`zsA*os27fAPY|yTP{fSd6R+@o=>h|=g03fb
z=N3#KE*tIu2Po`C6*m*VLFNPi9(X$>PG#cTui&m!0&S>I8&tocq>uACNPzmYe>kHL
z@fD_s>YDny<UjO4C9DbTK-9;(RDb5}E9%W{Z{V!C->F3R#@NA<hAeIV+&KT`^TkX&
zDmDMkfWF_203VpbR89tnhwk_53~+mR$7`NPXNWXeMse0c?aa<K6vXfR^%#k%JF*~x
z2^POs1<ddtE?pSFmhZ#q$1tdi;%wh}JTzS*S{v;V?FW8)$m9Jw9LRnQk|`5#n~$3V
z{~%80P4kQmBKOJ=U=Cu@i3>Z+e(q>-Yi<<|u!xQiCccBYh_%mJM2^3%KxqGckW@$~
zllnxvL!`Z)isrJ+OIpyeWNiJ<0X$#Q8?r>;%5x1@w>!irN^X$7x1fo{Oo`hOwkrVx
z7ea9NqJcyL(Gu|#j33W>akU>$=&Bl7z3Ovm`_IJRXP(59@p$vb#J_T2cj2s@g<<^f
z!y0F~5T+s7+){@V{X;M)GyVJOeLsUwzD45WkH`O~1-Q$N9o=7f|EUKzEXu^g;ZXJ;
zWJ_V&_H^jR@?hn9^w=`QHmi1WJ@kXu)zbG#db3c$T9tc~Ioa~_sBVmtaQ5(vR-0}c
z)9IvJiCevm!YvTF7f={g5KXa71S>N)1<VoGHsBk_c1I0bfwlGCQTTO;H3qwJfeC2S
z+~6MBep8_D;}%T!%E`HODaXGKJv>v$zB=?j?B@S#^$#NaSLbFW_^(GF*oi@gRG%y_
zkFq}_c9s@01LrZPr(q|3N39ocLW5kG$am$qk8Z*f3&OS+uDo&3TM7Z{L)4=}$hvW_
zq&mU(n@4MM1z;j`d^^4WB}Rk-BIRJ{!w$7>{gG^8`e_^J2jITvzdo5nZ)q%Hecn8M
z@Q_pHOW^y-(cwcyjbL`trvata7AGcWKd8yl#pMb4mi%cQ9rbYwGenaydAC1}{e!4#
z+Zu1pDf!Sus@d&}>Dyi;3_OHa*K$9=R;tL-EQ%me3@+-Lz)@*hG$yB$V!BrwG)2Zh
zy5Ex<O6t0?uZSidOzJaLJmiSh&i^ls_$fntdU_Uz;roJV&CKA2M7Hw??SMW=QQ(FM
zXCZZEylRi<^XPO<Dp6@R#Qo`{oCB&h_6$DQ2cLSmkGrG2YM*3kby;4Ejl-~~@BzGO
zIc-%m#bPJ<`8kc2c5KD(l6T%$)k`VIHWXI2?P_w7OHfR!ppv!ojvq>F)3f84iBQIC
z!X2#{n_g`z!|tWMo*2>v<2LL*+R+du^!~4FR~oj}!1{rKF<}s=x_FpS_{I@(!0Z`;
z32loDtRMXS(&}*;1$bnvcaDQLw7F2zel@hm%RrQM-)NwJH2g)O1V0h|xRqHf(tg9p
zd=bXQy0XBLKYuu5@aG>yWneJ8l_tW6!z{xoYv5OP{!+;}iU-;{dCn(ebw1OGfik2f
z>1s)n%3(441&2D&9v=8eV6UVZWi*5iE*nV&e3tWnYXtyXt7H&mx8fwmgDT0vTuiG%
z=8V=k?sFM65pNy{>|qS+av$wrw%vx0>Y(pAz0z353q3I_2SL9G`RaJ*SZ0c^nqcL`
zk#^;gE40mAeq){Kbx;`q+aFl8u<h9oo5@_z28h5nwQnYt1vcLMX`4U7MS5)h$>8S|
zPs*R`_7qD1@5ygxhxeduhJyYr`V8hH4%Y6>OE#7X_NO>!T)IwKec*(k{!hj|C%Qa$
zsgR;A{JjrACNJ5$@TL0GP}mfoL)$WtMgw`IS2Ybxdv$6eE5IzvUNv%43-2Tb#pK%f
zoOYJRbY}uVBc@*vZjqfXFkc{o5wF@Wzu{14WL52Sh$nO~E?iq7*P}2@U77ux*?`x6
z0=#fmX477}y$PGcPf$Ldk>`@-=i`4Sq_YOwnOB_Bav3Ph!BZ>P0sG1{GGCe5?oHEy
zeFb5+tiF%RXnbOxk_r5q1!v-0&8BZM7o@~Cnt~=_7osgX25kd*H<J(aDCzR_y~fo!
zso|-<^t0SX=H!CjENj*Vl|-RiUO!dLou<o6{z1G6_u&5h@;eb<iHo)Fp88VX?(pBz
z#F<efYC@Krex0N{@gAT1N2`{Pxkms@nCkb=w_m7Li$2dNBu^$JXh=Mz8LYrNp_L|Q
zarNs=E*)(Bd;2dQCJJ0~$*&T{4Mn`|G(Bhz?PXEnyW%!t+9tz22cge7nIgz^cJ#33
ziiTX)VT9Zh{$7oTQ=|Mx*&>chB7=fdVQUof)%LEnnmIAdete2OOb^-1X$CE$eN}6n
zvU3gq=`bh~srCL*JiFwfy`8RE*K^_5s`9Il4V{tJmc;ZWmPDtjj+)o`hH}dbb&!HB
zA<=$f<OlkQnlldVmVo|sgxs?b{?)=)q`lDTgw|%^f}^nrJIq)s7qnA+u4?8t+E#mp
zBa2MhaqR}SZcdXU$HNUJE)6@j1b^Yeb{p)yv`&3A4bC^JdSTJg_U6^n)-FS|6l)ye
zGdBlrpAU3Uq7UX}mbuShRY?;(zTvkTd;T&oJx;OytNaF8<38G}(l6rotop>TKbM^L
z%OufbbJLqk<-MIxd{ik}7Q8WbOKA1Nf!iAv<27AruO1k|5dYX{b0F_rwte=Qw@d?v
zIGGp7oe<+^IUhNqB^^M$z=7L;)~3RjBjffR{vbEfkKntH?qAqWaZ=uB+LUpHjeP8z
zaW7RLK`PyF1e=3`4+=>sgtptG;zpLghj+R9&0*S~I&OJrvFY;VRXF`2fX4caBCSoz
z;YpLs_sDaobe+X6*c{|esEjKD30P-wHa^{m03jO}3;!>EsiaKbrN-D2t1aFxd`jq-
zVRtkoHCA3Ab17?5UY{F~DQ*NM_6&LTl?~YftOx@ADQc27p%`2lqw6VQ8JLlk?s+*(
zfbo>23`$fu?Ftf4t+Wfu#5<1D<XwH>N?Fo|q}$AtM7k%Qab^sEl*v2gjJ_*w?|D|(
zhxU+U2pYEi0zrR<INlfWOAe~k7`d)+x3#5J@Zw%kMT4vVy0{0R_CAb8v;7=1CrTpY
zxj@m!YPK>YYl5OtfPtf7?$!=8f4C}6M7j(b7;7$se$5&&_NtvGu%M!~&>J6&AP%H`
zI)q39@E(y&qKE)DvJ4;q%Lrh0ejrxQGr_ngXe1Q`77tI{xN5n*gDdp+Li?N@rSrcj
zmqDY2PF~Fda@|?mvHl*>UH*Cx1*eHtSW?}~-xM1-{H@Zn&5#CA08T(ygIqlT9L@+`
zr4s;Q3l^Dul*!Q|K!8hg8_B#qR^1~)x&nzV#sdiYiZeX<`d-3Dd*!0<D0C}V22}UD
zLk5UrL%2W*{l!+Sz86EW%1$W42;BT}J|G1wkL=Ed-9*Jtsr||Ux%$v~@wd|DNa9$a
zbX8Oh4T~hyS#@+HmUw{X#j6Bzz2d86bv{W4ez_s~{i8~-J;?@4;_i??<hsR6ay%5e
zMN2PCf#jP?p91nT&{t)z6@39D^;K!kL!h3IFnU1wd|BKP80hiJ6%w_;+5f#)n{RZu
zfe8?St$GjQ69Tosec_DA8oIlqfHeC^;+p&4k2AoduT<~u6*@@?^!U1pbj1?1HokiK
z(K+<aZcjOfy_ixvp#NhaNcH9D-dAqpp%5)D@Tgr8fF?MUb?4m$`q`6GWv~172)8l)
zB%QS(-Bn49MnwFq+J0A*yPT0HV^CG)Y+c8;JOQJTXWOYi5Y5TkZ^1nSz%fQpQe+ix
zPQrToZ&_pKBX`E3?b^6(o@MV{AhvfOXtT~1caS}Uje|3R^l}a$_W@Bpf!kQ7?A|+Y
z0iUGrJK*&(Cje03{jYtNypzVXIho_)($I|~UvQA{4H^8b+?Y1q0<1A4&RRPk36H-u
z00nrjM8kx;N<D|peM;ve`ON`IHnaKg7tmF>a~(2B<ojJuA?{WDY}i^+id$piIX+7w
z$i@#2?*m~@|Bh;wwhw)oz-U2V+F1f_@5*^<%xC2{pFzblHm}vr#e)PRqo6Thh2hMe
z!G$G>X4KjPU{JM;G7!L*b6XLc>2W-m?gb~2vYG%p$tmuQ4rFUqrr0I|=VP8L8?pp6
zfj>^b-yDvn{&t$K307>h_a7x)FU3PRP2lSkqXsTkg`ssv3exRnCIm~)K(~?@!xrA4
zZnN@&nqn*k>Z34@*=Om8o*3BNM3I2R7M0N>yWXp+Zl{q&xztou!u6CcUkB$?lp~~?
zp;Nk;cuTHCXMrxxj3(|x314nZE1S58mixcIENS?Nxq35IZ9>I50&G45jZ05{6x;#(
zvB;R+<2=kq1rDFT2r1*un}en^`Da^NERC=PvlS-KFN>gD=#djJ_ms$rX=L^6zk+)7
z(e)R@v#t(XSYOB#y8b`{xhS7ml~BDxzZ;~$%02(LD@3NCu<Za0U#@h&?1M@E_xR|h
zt_pQ>bbNIwpL3D(H}-Gp1$EcxiS6n?NY*)X+<ETiugL|^@YRX%tCp7W-w66IkLqGK
zd_l@JX8W3<oBN_W`J~nVBxpM$T)^;R()29#x9u&=Hg#pO??*T?JZ9A4)oYRK!&M)d
zMcTy<AZ35`AkQ913Ra@7Q$Z&3SvbwD^<RZ+ztN%2FU;~QS5mKSmjs)_&F{7nLTtC0
z6PPz_*KGbl7H@5T2dAu|yHd7fK9Knou+K(P(?UjfygT1y1}&xbzDZ>+MEUN5DM#Nz
zE#VWe&u}YKAmB~LC%*AfSAorR^gKL%^krU%c`3hp=;`V?bLtrJcaA;yejU?!<JfCO
zpDV8VpjOYTXZwy_&xA*$oIcrt0$t9-o%L*D#tQH?K4|G><0_R$BdL`1srZ(y=;(=X
zHa0O8;QNhw?f^@>W%0%14S@JxESQUQq6RX$J`hM?m(PsVWi5|zA^R%8skc;V?Mkl!
zDR(_QI_WzF{__0!R$_I2b+Rg_Ht^U-UC+9W?gX=r0%B5?eqQzr#R8+ScJX`pxfj&%
z@*01V@F1&Qnm#m*-1X$Af4BYRxwGMagh!}tbNMcw-hXv+x2EvPcgYB7^TiA=PhfrL
z_FaCk7+Q36H@osYw0M&IiyP1HTLpMF-UIaSG9&Hj?m1DLNn$1b2X+nmTBtjvfuyz@
zcLYWH`x2|5B7Ywa$bVAy7y&gDZbqXIw3w$W8XCN@QcRyoqk*0N_AE~Nx6RHqx+969
ztAZ9J;*Wab`PAe7asiEtQ(llzU$Y)t6-S}w;m!c*hUec|<zHWLJre~~yX$-t|KbSW
zTXmpw8H*ezc<y!(zsx~C-NnmeaK<SaC_%xUYT!>v_0Jzau>(MQn*-$E={==>ESQ1E
zEO7rv2`;zzr!`uQ!2tBs^>+J-xppSn1F-gf4V(CX^9UrvYAVeF>^zU8E_+STe3$X!
zf;R#g?V=%UY~EDuU8WW>X#{Nf$BTO;13-ZbVH=ILprPZntsZm)yyF{ll0uOTq#*Pj
zO>m^<|E2dkysY{0FymXP>I*O&5YS0Fxke!D?f?*(?ZDM<+M>M=`uUML6q<9A!EDkF
zjaf})2G#**@r+<0$Nib~!M;Srbkul_|Ley$#Rz%I8oqjWgZ;CAkQB~(CI*AV;XgMy
zYb|~PbI=Q}Hs6gag`|HFnn~G+KJo%JXvBs);p6&cGhn9w9lBWo{qyj-Xa%Rg%m|0S
z%*TwM)WJsKg#3C)tFosj$+e|Jyc{)gnAM-lZoP}}U6TBhldSdWq44p^@8S4|;n5e{
zf59a*6|O|Dr(OJx!Xs(IQ^HfxQ6dZ1!BSUUWA|I+rcUwxLG13shxohOZXO*mPuUW#
zEllPxcT9u^hsR#{T>gVlpNu_Dktu(bnY|TObFeg)V*bFZz&t~H&s0PFGK8D<7a*Ts
z>MfBgj9f7`?jX<`avZDcME-A*Uvm`HDzG101$j@pouF?mm(eIC#PjCgk7J!V-e|U^
z{<n3VBeOf`*gd|Tv5vU`;M5<t>u}{w-z{36GOhiY?l2s7u{!-ml)qFEVX-ID+U;#`
zSva8Lg{d8bz0mzic%Gq<HH`(P+pPA|HE@0R-iM14=eK<in0)RN`SaMLw4=B#)8Z|L
z1isOI7y^+9!2m<1Z164rCCFWyMnxs<JOYc|7;S0yaWS04`o36Qq~L4YpugcIUczH=
zxkjy$L2>Yd8p~w@pZu1}xmDsQYkYc5JY{vsz*T-}gtDpvJdqXbqBmh5=~&6HGK{_O
zr;sTqj%O;5Pzb>`rjN`sf+hPqiC4=E*LESvl)K{ileQf&(3^DWy1z0Pl%6>HoaigH
zFGS(9xOr&ue7ah&4-Hq3LJ@*7fR!Oy;oMKI4tQN)08!~>eF3F@ec0{2E2TJ&?*@)~
zT`}U%-~HV)sIJc6ceOKGy5v!J=x$cG8~mVjTLEI+4AxKw{aH9)?8>4rJDWCykWf=V
zBrwt$LM)-*&$L0d8z8`jFX(6mYVIs346bAj5YoQ760l2Fs+2C~1apC(`!hmxgp2n|
z5V>Bf-?yyjiQ^o&!$F({VKwzPBiTOmCLvERltCX`q#>~0ThW)j9lTM!T1}Z&a!%2x
ziqA&>xa|K%^LA!XWaVd>g2{(nwT4fD0pLf9H|Edc_|(>)<Y_>$e}>N)qStfEKg+Q#
z^U@54bl8gw;^gSuf%<4CIFboP1VP4~q}2XZHM?Q5;~}me18)rX@=p<79z0c`d=GuO
zYQZ6+<fqUH>@=;&BGtXv5GoE*UAUl$UhCpu^;Wrx4M^0_mf~@Ium&lB{run$*7}DB
zDQtTWu$DZS>Da+X9+_$euNwlrbHftElQz2=JoYY1Cd6cZoWIs%i8Z<^#fkaQAkNN>
z+$VOEkZcHSJ}wbYx*5!H5*Joz?IE$0PWD$uKTgV^H3t5){o8Izx)El-&ur$@RkR^V
z%+t6=?v*!#v&TouBpoeT4q3nddt`1t`UVftoK(_(dqM~cE@qKio?<FPH?oJCUtMur
z5^nkvlAy1`n(s~*pqnf)Y8wh|Kc%Dy#Q{H0O*ooT{r+zszn^=2s92;2=HGgJOVFhs
zK9xiR2l6UUI0`vcIRsv7-UlkE`V1;`-#q@!yMe*_a|dP(_{b?q`(i!b%xYl}=HY;?
zf4azdP(YJ7ui376BO21D-x#aXx3qQBJ!Dj0%e~@@Q8UuI(qV>P&vYWNPS%JE%#-xA
zhx?owGJ7j3l+<`7tpwDc2ieOgN7}s*H}9nDbf!6U_<1p}V>BcSB1%j!*t-G)N71Fx
zhn!39iDhcKzkMb6!(`tL<k@d`#Sh|zV)LPVQ-Zx1J3}J>xYjW=<$+nod;JUYRYSB_
zi^1DSyZ?MTxJ299dt_5nIh@^TJzH*NzhpjoX3<pG?mZ~NVVuO<@rc`dI~|fw6(1)N
z(!hc<lJr4pZ_qL#BOF>hHCNIQNGv7)%(Yh?um-b>;jJODL0WjLPz~T%FEbbIz+bBz
zN=tpRcpE37&e*1_)(O#|l>enB&tNn#uH33;$vXgz$g?lqs}#T$nb1njP@h%KHV#77
zayNtyRfedtx@bFe%J#HRg&J+)=pO0siAt6uvER&sEJk<%{76`S>)EMDtujgbnZ1C~
zm|5&&Y}oZo{D`9qT2vupCN9@g^7##|S+|NztsMKA>4SbW-xkJ{o}X}DBOB+ewhP~n
zPdmo$%DFdL&V#zDCD|rdzz9KqC#=B@ujzTmVRXnv1dgVllcD=?`@jf)P9EsC9gDk)
z+oa;=v)hm6jvMY?6vD)Mp04voqmmv1wWWWQvvBsLcxPaNNr`5aNefB2>AF13-ccJt
zylwR&lbTk=alW|`Nr*`w+%tnV>Q>tUqw4dir7sWvLq!X5z7ti>B<RskmtQB)tnnw-
z--dB<hY&B8oDzHWUGhN516NDbbd`QcsSZf>FW{4I`@SLV5BMn79wACfJ0gH3zafOa
zzfqiYE(Ue1ivDC*6sR)%9~NI+^hS&*63>o%HTgMmtzBvr<jPS+z!iRi=l41+UzJ#U
z<vywI>We8=-Cb$W0%wRWe>z1(Y*WHl%od0#r>ffHc&`$UM`Xei6{uVdEuFe#86F;@
ze`_SA{4-y_uPu%{<E?U9Q<fE=G}`@@^rt3o-!DNhl+I#oru84<a_jdv-WH0)aQm4A
zvqra!t12o!*aUi6I))Wtc|+!XD6UL=?#W9d`vp#vSI-+c7Pa+JwP%ZwNT%~65ckh{
z1#lmN1+-`pnrMle87or`2@1_v76l8?ZGTi-@qC$xSiO}YE?t+Gh0q&3?z%~tbVK?{
z46e9g<?_8?wzU;(LY{ae7HM(Bc+o78%`pPXFmTt@H}JlK85m+gg^W1lw+aXhF<SSi
z7^loYMV(bYhG&VAjkHraKmHv+sDry7Vcha^Jw)QXQzmJh$r6(JRAMJeR~(BRKpFs!
z7$vYaagV`(AR!Mh#@T=*N`!*{ke8E4{x>B<79i<!Xi_I6{oE6c4Pw(%0Uu`*&@g^|
zP7IfzQ3X!s{<VR0{^4W-mw3u*5h)p;ZJRhKFYo`JBEnhE_>Ea<f78P@;%0xdwG|6g
zs}}2wOw1|RzpG`-1M>t?Ejq$#t7NZ$p}GgO;2}}b_fPTj)L$UnaGDPikt%ly_#bTc
z$taIe5G;4~#NzOFoB>mMxLk88okm_(&nj{fm0!(W@`A{F@2D{$g$tzJUDBaTM_%2A
zKlB^RE1=>f-VziCeU?y4G6t%aO%nv(eHPlN0Vl3gNr(qf@Ph7g-;7i5V2Iqr^G9Mj
z0L><zf?qi^6hgNQuR(oV5~QeHg$?o`ac&8A6GXi)hm5`t#vH)+M1lAxa}TNlCi~ln
z@RWqc<j|f2pAs$snYS?~Q#yRMt*0QL-tDb$-x!Eg!ZCKq4+<Ny8t@m%M98DM1knTu
z&T2zLYR2U~y?g$G4DM}{^gH0=FZghGNumLwPGEzpt%CA>P}7RTDwqb?lCkQ*7FP4n
zqcpFtJ%8>61BC(!P-tJfFSb`(hQ+6p;HRTSPs_|(Ss9O%`SGpB4U8K+uo<ols-<m<
z+b-cu5cT~BDT3uD#{44Dq)s&3;$v6!2QvZ@JR@9!AsT?x-}NJM5kT_}pUYyE*e6|*
z*I^4uCA)(eN8Aoqxc&L&lW*}6!{aXqXfW|J*7WIP|3PX%qNH|R8DJ7rp-(YNVptGn
zzx`EdQ@R15pGD<+M!cQ2oR6ZE%Cj9iEk|HQLzI*<UXqbN5Y8Nra{Ezq!JJ*eIAJrt
zipgU6S-ytXE&tn4=FV^#NZ+u{rou=OY50_HiQt2E3Jo+&*ol|HC2w=k4{q_|+?mUj
z@C5pHt6^{TKgo^JjMBHmDjfSQ<2rdFu-dVic;T`P1LE~Z@Tx+^-hCX|G?xx`HtY<Y
zbTihzjeTBap~p&Ty@>-fwoy^klAY(%Nxu#B*B8^-nrVj88)iKH9(N6*CsvV*a_>R6
zTULvyB&pG{?rG|V@A`qwq1WI2LEBqzncjQnLVuj468Mgf4i7>FQ~%-*t$YVysilL^
zmF9CA2Dua+^rJ<9g;6>&J1v;3>zf=J{WZF<do2M{<$|~Te-&=dFXlT|uAgqp#MrKc
zNd(H}q4L+6b%9g&pX6UJ5_2!QgX1sUv6~mSD><>ug3RFRBUeL!)&E-$i0t=g?99O5
zcMszx84F=ri@cs(!=Yz7A!XU_I1p9v@-zIQBrW)H^}43;R-?N)d_o~V%<><E_M&b4
z!s-%yE$GSY{-0h~crA1N{uUtgo4R7|ICgak{GiatS)ck3;(YeQX#stv6MlT<F}O6)
zWG`7)i8}T<9$yPkfQIQE6$&18wqK`E#~xhTE``Fwl&{_W7>@1K-k6+jtZ%0Rw$=T%
zW-Y=`{6y8YCxsujLkfqS;y6q4jbE%UpIJg3esX8P#@F{wfbbSBSM`7YDBDs65kqZi
zHpD;v;SUTB-OgU{TuI=P+HM{gD+YCN2ZL9jFYYnU;{IE8PU7*(Uf71a`4yma#~C<*
zeLobd+G*0+jmrkKp>4B?o8KBZ*NYH3^FMdI`>3rZr#n&IR2i#Q&L#4*U!CC&8`qQ>
z(C1fBG4CSV3_Iqf7%b-&ZE=o(&b4hu3QY#8HRb)5vQ4Dt5|?tw4zU{srd;0L<lh)x
zy|x<|A{6-tQO`B#a^P<aub7>xG#e!`7<+P;ac{=(5Hq-o&_|)*;*W4WDlzEh<-cMh
zQ15CS4?fZTHUI|!ZX7;Yo*=K!)MVh~B5UPM5o!RgKp0+e*J8KP2{IP0G?NTs<^)ak
zRV|n~wb|qYroZO>BFQ7Y*oyY5GwJh7SB#x9-4`)HfG>BfNBU&y&=^F`N%_|1moqQW
z0NEOmbI-)%r9E>p8EBZ(b5nL3S4=deK$xan-m}x~#w=2?VV77eOFs2T{sZdjeYl%j
zNr0V?xn5|bWjTcVi{Ngb@4Decjo*twj_)2XVA&H9$*D9n0I?e#8)h{EBJNNW%dcZK
z|N3aAUr;CWd8OuA@TbWQgib6YtrP9{>yfx7B@WU%!uDr(M*3!*(V)jGnsuZ_84&k<
zSSBXG{l>XpTH+qG&NmD8`}&oHpa6oGTnDfIRn(Kdk@U+9rSTdP9dwXd%9Gu0PlM^2
zv~Gsljv|J7Y#{f`YNZbjbXeQV>P%nCeKFZ-boYy%s^4F=SK@qI>24xduz2*B2}yTu
z?vlejeWnnDoMc%Y>eaG36x0c=8wyX^gdX<G)5IdOv6wiZjGFGLUQ>UWPf~BwS5BW^
z5Qh{dUWfey>i!M$Mu%R?cGI<q;{Jgne+OExNJmY;lsN278)p;H!TrEve6y0nEhrGw
z88~MXc7E<t&^^h1(f#-E=IS5BE&NA$;L+{*^7=*H(b!Tq<%P{bo=6{$#{nt~y<wub
z+UA#&Gq=49N+*|3QQ>8`)IE(kB+Q<M*Vi}UIm|C^nl8G!Jq~WNr$&i{7tS1J%!sTq
zxf2U1@<N%5wzmtim%3YSbwdEx&czFyt3B@DZ0|`PM*x6!zs6pR<ZWHy)-|Y@2cF9=
zA0j;uL2Ulb@hF~TQf~cb+~1nlK5x7PCyxET6l9(WFBUj0#0!K}yfzR_M}Z~C9x|jE
z<hmMSHhbW%{JHNlWS+q7^=Bm?q%E&dpyPM(U0O%)`+W&+0^AQm<?g>OOMzY{x^P`j
z8+@|r8f)T#B`^sy>sA)0Z1MeQoXf!ny{{jEH2sSuT;lPpKcm)E$^*+=3xr_yIF%&V
zktqE>zTSb+2M%#l*4l=x?qNc}2*_TK9ZCC1%nRr{Xg^UBIU}JVzwZ~bNOG_jMvlgz
zbfJvfh!ONTwSOo9><ZRNGO4FNf7wpuS21?nRjJ{O6YI!uJN-R}wz%S#)>oQtsQgK7
z%+0vMC8uh9d;008TqIF^U>&Lc)Rp9qYT8wQHv3Gt(uklT+R@h=^`+{94_X*Ryv^8#
zc~3`j!K9QJt?h~>tM$GF6?(16&0O381*Q(Dd)GTC+n>4@C*_ajVJgE+kYv@`H@z%*
z+tdfdf2y%<ikJII={#S>8ft5wYlN+iYmV^61^Ny$l|f#l;5D!=ITLN4mI#QRPrf4N
z!`~~83!L;GQ=+WA0JqtXy#;Mg)=n}|X@+Ecv;8wdGr7c;)tM?b+b{E9^_E3aV$wDm
zhxKHjPlgRKVYB`+_2Yn|Kna2o<#YeOxdMl9bivEjFL(~zYyjpmZ!`<!Bb6i~cCDAn
zN4sl+gngX4#_sT(Ssk_0mXvo@{9_iRG`mVi{nhG8TKj1*rcJA)yvRJ`8iYcJ(-d9P
z3|=>$54wC#aqZGwH^W^8RQoNu1a@n)(ItD5X)%M^>Ox<XkD#MXBsVVxUhAaKps%xP
zI`Qp7WFjTq-tgFip2r|Njz+vL;4MK6pDQYd8`I?(UUk|CXW7JOUyK9qL40;nWUy`)
zd^X<3IQav0+o1=~o2i-=IT!qsDq-M46}CIlS^|>Z0l5Q%aUd@q&H9Awb@60NitLo5
ztJgs~YioOA(q=Z%#fZDvmLI|rmKeLjrmjqWc$Par<%2)OwvU*JTb<yLY$Ef)IqC`6
zU@%v!$8B4r${H+HXj>Tm0s7pWE^<9u5o_93F8n<nbo>s_xRHIN%P$fo#qbcc1dkDN
z+1SQH>D4Wtu$5Ia)XJ&CTl)!~<fPOAdN?^RqTwOJK?6S-5&h<Y(jdj&_w@p)oO`j9
zqC^Inj&sI7b=^M+r(7)82L+dYPSRXd%&x~tbPy3(TPS+2<?_k-8>TY6sxO8jUMFQW
z0_JxA<=)3XZm-3&4;OPzX`Kr>#@(-NRj*p}>@>{lQ*yQaV*6i5**6xpzNus@8$sAR
z4q_eo3x0U^Ik35h))VKk2H^mRo6A=#r0tmNS>*dRB2kY9UN||RN#A@8sm=AWQx`|L
zHW3PEw&P9<v+~WENkM647T)d6xbP1OhH+YvqN62aAobFe)#Q9VFTy0WPlXB7W+@#@
z?)Ro}Y?!&#3KT6>Fzf205>UC${p&iklJDf#xEr;~1^61YB1KAV9r%A7KQe15U+T|z
zg#~CPPT3qoYAW@axdCD(1|mzu<CpC@@uXYCs-2YeY@xkMhK_p`qUbT)-C<Qk@0clR
z^|{MVw-0K-k~#q^={-+U{&YmdKZtlW>4vu1S0Km&`tBKsu(zn)U2Hh=0S}xz9RBQ5
zNo0gQL(f2DlsxTKsdhZt<<CwOL(k2VQdnxbs6|Q9=uDMVLG}651NbK#T^3_OxX6~G
z0QrJp$9IcPN=x$A7IdZVNsfTqBW_t;fosbC)2FQ!sne{L*(%iHMv>#kF&m`)Qle5j
zAK3yUbIMEFzw9EnjJ11zTqh9a{kP$*iZAAjp%SMRD~5u7m*kGco@tVKn@W{6ORTo~
zQS)u9Z`ywT7^jZ0R05lQAe|_-kT`6Kl38<B5$%9Mq`SV3_k3xOt65bkvxl@OP*S=m
zmTm2NhLnoIY33o4?pY+Ks`9%%wNCx$EZn&Y5p{oz%ZKn3reIC1%y9}@$?2#la_rRU
zqWrIss!!u1-YKVhJc+or-{JOlVe{8lPG{pOS=E+l)4_Cz!t)IXa}!|Y#Y&ehi@umr
zWl+e#yF5`0;b9%luX;XCiDQAMjFH8I#fJRW&u#w72pvZT%Ht5pib$RcKmERruOG=F
zN<s+{vEB*!KjSL(ndTMIU9Xfd1p3CYy;Ue7PO{UAj(x+5==+@5Z{m&t%n@VYNra!s
z2sH2kcdnw8?P@W32S2N-Op~c0@fz~0W`w9R@vkhQU?*%e6r34AUuo+eVhdZR!lDAj
zF%toayd<fNQ>@2Xrv%RR97#mS6@iFve-Rr1th?5d%0%SAWJV0Gs1p&6qRB@?F_|RS
zSYvb~JZY5}&a-1DO5v!Dvlhk!QrcTa(v_1B2!UL6d$^LGR_Tq#`J(AYvxO~I`4Kk1
zgurP42I;EojBe%9E&Rp)2U#y;f3O7KUk2^=?P2q`xy6Id2Px<nxnR710&?RAF9vA$
zx>gagGeWPlWhRuq)vK-RbLIQ19Y%2iZ}q(<7vs%0GUD~u58>TDHN)b<b?r(pZ(snQ
zS0h1^JG8fYiMEgNt30g2K6#W(!c>d8s}}Iv7zaO+gL(LEn-|sV%7GSlDevO<yfj(b
zw(a~IiNH7|;fuFF|Ag%ecw~p>t^c2+xAK`O0h;-@j@E$M)+aC&chl<&2k>)j0v|)b
zBnvCyB&YCP1l;`365_QmHaiKLU|={8?#oC6;knt)RmOvK2iW!VxK)^a@?7Not=h)f
z;@0nWrk7mc_63w+WiN=!<&NC${KCm!x>*9Ni`;zg{<NO>-6gq_{$Si8;UMQ8AZ?vI
zrUEoNT4?<hc#Yq=c0m){h2KWQ%^#fmbl$nvt$*Oa!gfjY2B!77<lAX#w44-IBPh;O
z2^pGqQaC-VoUJ`}i=UyjC^z;8!D~Zy7R?v4YI>8vQ}05R-Kk`x_1i}vhVJmWARfE`
z4<PZY%(nP%p3T&UtPSat8&;n4cwLo%syD>JVx%2fE_AJv1se6-{2Qk_LRXm-yyeDd
z><(|oY3i<qOa^j8BEO9AxQAsl8`uP(o2_QABg~V{Gp6+{zKjQPcB0bPP22WZ$4YpF
z#)90Ca%DQycp58B@?06mKv-9i>bsM*5E@5yi$avLH*stS7I&D;c&gghN@_>X1(meJ
zM~%4R_1o7%C0!h+bQHxXbikK4>QPw=tTj+Jp8JNhr#|YyZwjAuwo}8v``$52D32Y>
z(0986jgJgBuiSCl@qf;W5aJp?m5fsN=CCm|$c!64qWtwj$NG7fT)z={@;2P<ZNL|m
zfQ_Xxm5YZjU`apD*S^U)k)_AeNcs*2zi%_vPc@6M(C`vhpRiPlBlBAk_+Xg9bVf@H
z5yH-axIVY^pC8)l46T(5v3++=&)(>rJf_5-vMX|i?b>#HG;#@`>^4j-S4>NF;rr)t
z1!FKAkDsV&)seNJg#(|{Hwx(mdRo6yzN|R-{Rn&Nbpk5ZXW`-p$A=5&x8Pqx2Wc@c
z@&W_m5WYg?OjfPdr#Yvo#iOI^C*D^9x>jC)gLMjj-q!zvScm@^`Uh#~9*kK*b&ubC
z8TxB`@tY;puOscOFsBdeA7nS;%ChD;6npPW%g}Xxrqn;k>#%Oq)o?-JsNFInmTd^n
zf^Q416=LTUn!~}*i=Tz3Pj9|1Dy)IM*FLZ7IPgZ;t2a!mWijljYeMs!QwvV6N5=h}
z>EC}PgPnhOpN2oWZdnZrU+2HN=3D=>DHpV|{tse0bzOcj5fakou^CT`GDE3cP=3D*
z`C^;6scSPCd#8C*w0#Qj&PM(gtp7j<s&7&mPpvPVy*s!JLc(oG9&fh@oK2Z+2T7t|
zrs0=pZU;%Zd{$|Zhc^bbZAWrg;j0XaEb<K*(a1QLYSIla@-)<EFD?8uzhk0PA7JWO
z1G`rCmlNH*Z1d8e@&xfmg^Spd#Jy1<BrOy#4wP>50+p`=e|dCpqMt$A@T6R8fV=8l
zw7Vxk=*9r>)6e?af?Hq`k7y5&`d{yyWX6w(WRTF#U91=Toi*4Ym52Y*?bv8=(}Dlf
zWu}A6ohW@7A2)lqb^mqQ6<Hf>fBOF(ck@F?NB2G$oTjx~?PT|@&xVY@1=cjEr2F3e
zQz+;@ezIn7?-xKvnfny*qbntDt}&Z4apBIR#;P;9Q@Qss!6Kd=M<geRmGiyiD}D9u
zO0JrjH4aPBv{^ywOG+Oh0Xb^aU=WP4MV3i)z=7*azDp5%M=R@1@*_%W7RrvT)32gx
z7S54VjRL!H>%stc{=1JXZ%R1di%1Ehbcq(Evo)qZ8Z}i5c|VV;w%CnfiBPWrWHlQ7
zXiPkCC84hm5!j$1EsHHGLFph6?J1`%C`%Tr9e@yG+%&PIe;o(r-*$vK<H<wGvImKN
zBPm_1g}=U;f-OsqzGtUu76N?&#^4fZB0fw}_aOW4iarD%K|B00&v*^ai^|z&?avbx
ziH<jEU7s60Rf=<_c=*B0?g-T&z1Hj-2~I~5yDgvb$#e`Y@~qFgS`pXgE{&zAKl>q~
zg_Yg@`EDB_a^35QK_&E*nwOyI)LD4U<YR17anXnSo1;0iXI-%uw=^$Z4*ew84$kVO
zygbp4LW_N*40(;?^;o%@>wSgc8ggM^!F%-|WCG9$_5VR;SJt@wj%?QjZ#8Z;nlJJ~
z3v9i9960hygbp*6h%Ms6)+UE@m>aJ3{z#1cec*SpfLaS}nSXbK3@aRB9thtjxf;C%
zmuhSwX#`euw+!=o8&&~x{I$3I%1=A|=SX3>t60O_oz~<0?w#A5i@KgSwnG|kY@`-{
zo^0NrP0vFmK{R?R;Oy+C?pAwH#*&?Chzc`9S2CgI=)LeCslSqwhkBM@_PxUNyuf<G
zc>RGC)<WBRhE}rV_Nt+jkWOayZH--lh3kTsH-l)0ZrRijVJW8lxXy3fd~Z?(5t|d2
zz|)2Z&HJvy#y3uY5rxaFKM<Y6jViH(t4ZDnto?woV&brY14)|iwTbL5e15Dy-*)94
z8=49$;j;aM=n(oE8kG24dWvN}tgb{5C1Z&SRdJ;k`C><F7F4LkD1S-e+uOnH+2N4p
zlwTDP5zi3Y$cDCVDR({-SApZZ@G}s;Qo-4htRL=eYoK8mrdxt+T>O^))k`M7Bcjbn
z=1mLxSxJQBlt1KCB~26BL;na1=Q>kcek}mer~z?J1OqIRf%cLOusK1bSL8Py5ZOzL
z#%oig-8f>K2-9qelQ6>}#u81Y00TKwP;8@$*85*4uuuX<RyeC{vf?1eoxv56Lv##u
z*+FAUX@4t!uj)v*uM!L7o7;MZ8_MB}HW}CE4=lXaP-O1#o40ZgOJM4gOR@b=+=B`O
zTgc*lZ1{G0*Rt2`X_D1>Ux3cC;;GQUv?(dNSspr+nK@2PEAtnZak+%E2mo47mD}&}
zERky~cgGR=aF|q+`4De=+o?~@fc0>3yJ4?A*qmtgEn8&lG_m!RqhknI+Y{SL1d}}S
zMUKC{fPx(gBvO~$WO<w-UC}yW`Jt(!klb36rtnRC&qeR6ti8zqD_Y}0T@VUqjd^M)
zbm!KF;}oiYujtZ0e4blno;K(!K(m1>Hk%G=*#98uWTjlyAT{B8^iu|WhE?1vvx6MN
z>hznkX47MPn6?i_2gJQ)F4nd4#eMQxV$51a-PukZ_>yu`KruQ02N_pGb}bmGz8T>I
zaOf9VOQ4mUf_i~r?M{wnAey`fjuVb29Bec}%a|V-crO@xuDwB5_ttgZ@DM{v^DU~-
zkNnAqJ9v)l`pN34fmlWWtQGS_S64qh&u=jI*>27AxFJ>?Pca=UhV?K_w{==iG0UiA
zb%rB^nzm$?aAvli{?D=|4&`_@O}7sbR@tgOR}qAPUqLkWH5eOZ2}OXWQ&GvO13$nb
z#=kwa0;IIu%Zh4GmBaA`lln^50b}V;>*RZN*vYyqpg}-`U*m6pmUuiCWi+?VD6)hW
zQ{C&8kk_m;l2Vvnh0Y|#jq((M5oH0H*p~()pYu%ld!Zlrep#DKW%v_}G$!2i`3zgT
zR|NXTh&PP8R}-tu!#E;FdE>R{)2`a&Xg($*R+d;WiK^X09dvK2!%7PJlk$;AF@ARN
z1!}Z7_WKGmqOp#=(+118(DINLCWKVfFFMf2Zazv^c<}6XotZ;-jPfj9)`-7$!)uvq
zst=Dve8=<izQ1g&QMr06F4M$&xu(~VHk=e|Dn~}_$x%PWU1BdBFa&$jm~GDRBjVnZ
zX#-+i&JsnF>IeksR*a%brx{~;Mtin80&$k1j^P$kdCoXtt0fl9cUWbs!dcj=hpuge
zMtsH-H<^+tAQ4Cy{_n}!(c0xZYSJwfW|<pNwBBPk3MUc%KKg_z-r`B_*Y92?<ho?m
z>w{q|nS%e`IWadKe}V6ej!r{raOEbGsa|Dp2gAmAp$I-*H8I}eWr&aLjJtfCFQ4sc
zNqa6BAZMCdvW0zmTIAZniB({>PVu+GELJuy1n#K2&Hv=#?29bU{ne4g1mBS_>J!50
zf@ZE;iSbLne72g@Q#0GrKT;&7acus%G5%hq-H7aO;){><xrMi|(MuNKWwW9o35?+-
z9F802pWm7EL~9$Vq#<3a;pExIB*|K=NgL>UBJJ#)iIn~xjHzV;Mnb2U8}%*sG|Xus
z457d<&HMuAD&m~h54oOlmxnpN#p=O)_PxCF!%!4VrIFyo)MCIJF`kr$!oDYtg+x*$
zE0xb4nHn=5%!)DOvWY1c61GQ6pj^o`JV-4xYT<a2-$u*caW}z@N_6hA!Eybcl(D9L
z#N0>46>m=|<;4-beWorDMa!zhq*msniZ9m>eXRPFq?YXocBjq=tU~8FdNl^pO|Ad*
zWe{{PAuHh>Bm;TthPU=X55}|4K<tJMR*w*53{(2Q_bBi=dvD?Q7S>cXzwZ#+XiteL
z8)iP?VX#m<*4LHtQ(~`-ePu9AOo8wAuteXd<e{?@#;AH$Ma<=if&N@|1Tf5vA2d3C
zdz0G3qk_ibDvMO*E~lg**!_<<fr~{dAREpfJ%lb{;cQzn#C#R)L;)kA#LlGBCuJab
z(%ve?IjM?WYORQ!sEIY=Dz8VOBh&~hVo0tiL1E(AM|J#1CX=Wt0AD>Gp&<{_S5%iJ
zHT9~3#ib^bn^GR<92qLo1s6w7CKbnR;3z}1w7H<AyHh$Eq<M?0usKy)@)MO$ep(>I
z8elO2e-Rs|R|))BYebf|qB@f%4OW@}<@bR@30^KNKKLC9ZM>C2TYgJ_#*j#6Sed$=
z6V!8mDgmZi+a9cS3W=C9+Uwf-sM6z-1}esmz~~E5{H=m0`s((4*@NK;z<ZDDNXL4^
z?j&8zseyFmsDOP16jS|u70}QY<k~pF?gVc3`SbD0bo5Ee*GAgJYRzy>`}1*DYpnsF
zr7^mJyKb;3V$aa9+RB$zoX;H%3u2ua@~7=IWw?rliUai-@;-T5i^6jQ+aD~OONg)m
zJ&SfR7$&b$ekD<HWB`oPnT(*aGVx^%7_Xg38yvXBU!{yeA$fU}r;C7Ft$s<cfA3De
z4#kGJ#wR<ppLWg8)T^zEwZnk@EBg*0vp0XLiDykyI9p&FTWitL{z2@(CIpe3eK8=f
z9aLGIk(f+0smt34VB@!WK#txZlYS`PdBZg0u6Nh)?x0ZtgmI1>X|P021dHs62eIi7
z-i4_~@4z!wT~BbANJu)p%)ArgWT$vfj$S%n9RH7_vkq(OZ=g8c(lxqU8tD$DYe+~*
zDj=`{QqoE{NJ*o_KoF1y=@#iwMyDtvr0e&7dH;hw<L<I&;yw4A^En!BvdDl}j8x#6
zUKf4ApRDvgCk(y2?@@DvzclWD8c^f;xjH6RlF8WU$hBQ=)X)m3Zfg}WzX(y3zR)fL
zY_4AyE|GsX%nQcL;29nip9?7e-bv*P1aLO0flMT@I6A9i8`%n~!=myf*1S~<9X}Mk
zr-_eeVlhAiVM}i5DJ*a+X1&W$yvrREqoP#E3%(i?w~QY9vLD*zh;)dQFaUQS^p8OS
z8K>98M;IcNtyUYjszTc_&@hSF-Y!;bcdkX7w~Fi3>~E?A0OI8si81VInF4R1BC?Bu
zT))hTSOQcD)ntnq7m_r~-&z`}d#mB2C+)=`7>aqd%2~%5o;5anqKAs;=_f<HFmI`p
zyTcTxQ)8uk`vP=Y(kJx-ZpDM2U~M2RPv?v6lt>R=seGx3k;<&^HKa=UHLg+NBzIy^
zLImnw$q(fGt*CN`>?^)B)76pT_1P~avfqxU<FCg4P-Vl%Fwajs$BTT-a3mz13}63_
z7=ACt5f2wI!%&N)-mTz*kcu4)eTfP*V<k)EZj$Dr!^ipkmvxY7LVw1#_vuve{$tj|
zL2ewlr`e&SPleU%pu3%>(N0(PM7`TjKRBLR$K|al<R|$?ZNoPX{xE%4<ljI4@^_`{
zd7|34ZH}h*H2fRm3&7%GKBmaL<qvF=4P4mhKzR-#cNzm5eML@CtFXIgfmvi3+=(1i
zd0PYfcd(P@%jV<E__I#!KSGBg+5kGNcx4sx3$TIPWNqSZy1`cu0R(&j)58NKo5kuc
zb#t*^?_W>I+Y&sO@UN)=VL0y5_#ZaQ1;1`gw-t}hyDvqLk3tT;I?HMZLwu(%6k9{)
zJI_OIB|vKK>{{_CX?O!%5RAZ?FGJ8TBhS8pHL_n>@#9Xr0gUZ&yWct^#y3C_am8kO
z@6Pnn=6AtRFrT%xJ2jYeH)Xb#ytq}2`+KK<<0T+A?kYzt+uYsN&CqQnM9(bLd+aRP
ze;yKzTzuW%)ja#S#s>WQBCpGEEv)=~JF*XAq2MFkzW8m0HIvdllZK&DHP!IPAVcGj
z(+5&xvjNebTZ}4uZug}(lng^0FkwV(1{)Y5vloD2r<h4uMV8OC>_mqcz6Xl1_OMQT
zAkc0uMh7^&7(87zCiL$|1#oJ**e$w$!F!%r^SOc!vzWXUUA$vNe{~6LRPI%gMhWEA
z#h#%LK#f&<0|_bjFrE5-m@Iz*Zr)`M4BE!MzdQF~=&oowm4uOP7$w6lz>AUF5A$0L
zJhMXs4y_daa}%JYzdRs!NC%;3(4d-q+7N$4MRWzi*4t>$9jQg~IeS4xI)k;3M#2z~
z#c&@c7ew@c*)y~Hc(;$|KEdOz)T0KYi_9P9pGRX?B*e~1TP!S2wD8qe7r0S3KVZ+P
zaxHUpAOu)&SzGElz<iRTrpwj<@#ID~en&F^?#5&<qXa?b!De|><)aP1{f4qw&?$aZ
z3wwEQ%DUqns)0svFEy!iH`oCibQ5EQya$<OPa@I88PHW0>obMwdeiGsfv*W9ncU-l
z?Fy$*MT5GqJsJvRpZBvtp1RdO6r#?v3-t3!MR|NfB>J5rc~et-M}C>Q5hy9!{gS!Y
zuA;9GcT@QNY`aG|Js9g)3U?pndQxh9^yz)sd(n8m&b8lEi(H89plqmM$}4cOx^`g3
ze%Hjblr%`rLG#5V?uSC=*PBQF$$Af?j=ihjv?tZ<hY;?ARzLElpmqE~lJou`uv1&l
zAsbB%P0<zOazlLr$JN1tmhHJ^#G;EqA3u1Yl6Gu%6mJDO|AZXrc-?qhFwFz|wIKH@
zq?vJ1G2xfY?ZCm(D`6rZOX<t1v(w<6Bj$;39uITxOobYHZpHjp*7gU$Yi!=JgX}VB
z4s@P9zAflTT)6~2*QJ{$Lt70Ooh}N4b&Kq}RV3wOUL4hL$~;20PC|5U^w+*AZg5@r
z>B*IK^8fj9uzwW{g6-SO^9`d!O&u)6NKa<NfY<ACvm1lEr<dOzLxgw_4yp=<!jkFf
zgTlsNo2O)K@y97y<Y&$v->f9>4-ETWvqvv|-&twP9u3-&OM2~i$`#`-$7G|Z$lY;r
ztB^ocN1OW=!&>~~ZmsLM#g+1Y5sUO@iR7%Mv_}am1QKMJ>q1hVmh8kasY*4}X9v(`
zP;<QMi9>OGi)7!g-6HaoIxn^v&}_|g4YO%lEg_N&FG77~m2nvS$s;8aeb^cf)m#}u
zhY0Wm-FFR~lRGO{BbmL=F|^TD5OxoKtnQSQgImJA%7J6C)U>FrUx9I3Dv$quco&7l
z!ITQu0<%~388CJ=Vd+K=atLcE(oYU>V@@{}czi^Vo+rfGbZn>ktxtkKrCXOR4>fr&
zgg~vE3%o-eH-?H&fmJCI>k>Dsuo|KnByMa<>Yia|!z5$^MnW-qZ6d=QVY0`bHlxGT
zst3%a+x{{_2B;Qi4wIg^*_3Z?7Kz%a^lH{cNDjkyp_c#xqXY&?a@aN$y-zW|8s#aY
z@X^7&j4F;}utDQ1IWI)QX-X@L`aU8NbDlLZ^s@d~M}+vm6XJ>ujLbgbDR~)ms5$9%
zT1@2RFZxtL;h+H(ZIQX;YT&?n1u4~w@4bz`z3EK$bV@BT3xO>%4-``n0~1pljm-{f
zT~**!;Nh;LS6tp<uCM{i`|!jhp#FB!!!Tc4YW`_R8<&MKaaG=Jx03Z?wIK5nE-|_U
z5k$2T7nzfs;Nx%|p`(gzTB#T!_bJzk2Ehzl6tK#83UjzF6_`rU!_RCT%R(FKpuN5<
z(Ah(rIvnh%&{}DfQQmFPoGMeORnC$$dtta0{}2d)Wk2+Gt>pH-oxw4g%{9M1!tkqj
zwwLWeAvhugRoHp72BOV+XKK1+75xgAAtpZHoso+PPEL3d74*3W>I%+>C;|&C^!g<R
zKk;$Cjt5oWa^E3A7fSO!1wfFAm6%Lx%f5^5FmT@{^SthgK}0>(+a>3To4MOzVZA@`
z%oD)jS{nI`H*c`L)|IYTl^Vc<Tz}A`*FNb1Y!^6{b-9-WICT`4dk%6vN-jQHbFV%&
zVcLkgHXur}@V!N@!B*BL$Y;b74T)9@nZVIa0*a85MzhHWT=^~%GmwHZ&MM&co70j~
z)8(2n#M_xPRP+bdIjJHTK1v;$((TQAkuusfMZvJ&rdP1QZ6C~>dmuJitr76`I!x(G
zCVaLHrQF9bv3?u%WcuO>j0{Q9>j>{KYd)G#uRgnNgb$$22HLED`q~aTz#wEaw?W$F
z9uJgttDh_Ueo<N>)gU}7kjOI1u@S!zA@|Bq_-WSO4|C=%l`;rj*G_V%9jhhxzG|{_
zU57<|P&P-il#kD6dj!UEZd%3Px5+lA_(bpVNszAAS{tVEsu}v&?;LG3Jf)c`?2b07
z9P>?HKBY<IGT&4v>GvQa4ldB@F&huMy5KK`IOvy$j;z~rbF&r>fqJuZ_JeKgr^Va2
z{4s>Q@#o}y^-mu0YhX$~^sePlQ7#@i)rpbXl^`_CfRE){9_m=4KLEABD0U}rjleqG
zCg?e+mSR`AiXWWxL!A*!8+c6<98JUKhN-#_eT)jc_+rhq>a@sTdiRv7rJ2>$%0r}G
zJ+BZ?DAJMzva&)K@_8B<HV;$~X6ei<MWj2KFJEB47&kZ<yD>O<%o+h#d&~~`{N7St
zP0A258g*h~M{dg+#`RT|{GXPI(SYU)Y6QVfn=Vu#zJ=_)d)VP#BsV>q9meBnqvCaG
zw76#oL99Ir3et$;Fr*TLg3DeJN0X0BBvzWusiBCFVqqM$@;fT}lig_jzu|KEGnTZe
zrv$iOQr=|!Zh%j@YbW;tgZD?1fvQFwx=1&bY_zi~QJoKw%6x|keulYhEKeQQ_r=vn
zR<_~-aWitO^1>vJY)PK-!$NYTxYFy8vvMfbSx+oA1{CV0&63yup&yHTV1(xh=db}$
zM!6D4CnW^Ma{St$D;w^|Qy8Jel4$4&k>@E)R;JNKPe~<vyj%G83JQhIl@nXYQ3`uG
zKsl_iyfLiWlaqtqP?F~3as1&SF_Pi274^H7;giKT_yY5yQ6(Gu1I6XuEKEXsYa*>Q
z#A8Qc7YY~LGg6bLD_+$PRg;Y=6Bj<%7^Wfq?c%9QcA+m$e2q;cn=5ewnz#bzs^}?>
zM6$&$k+|F-oEy@hikSgMymDI%Jr7ig52%Q6d^tfP*}o_%q#~BqS3Aa_w>_+jHD=`&
zDtr+9<T*0n5P+UReA1V`*cM)aPF(o?#Gqd`V-JKx1FTdrQw;WeQ$~Pe7PykbZQL$m
z7*H|Fy&9?HVDV!2htL~gRm6F2G+3-6wIY%o0qVjk9F$AdviV%BS&-Rk1CdTcwqhV4
znlc8Sv-#YZ_;?7^UY!n$9c)^1Dbz$6e~SIo2q+(0)zp>2^o+P~(Qfr{o6u)t^5mJe
zr(si+iw@C(u&*zl3QcUnn9gqeLg9yd>v0$ajJ+K6K0oO3FLL7fo<ape!`X6^z_Q##
zaYDPC(~9kFJY%LPr$Lz(V5L>P+Y~9moYn9`@$+-M4@aiPbc5bM$&X&R(*SOjrLU+|
zPitnJ87e0=1|Y6E0i&%PDS=H6DAiIO7yJ~6+d&Z*A5gCKWxe&|2g+2;>xvH~c}vRy
zA*v1q8mhlV0)a1D)Z8Ci5i5!INva%Jt2sHKmfC`J7_&u;#fniLnHmk$F0n%n)c{f}
zN}du3V?vQnCeAddjCHrDr{DJTc?7^<)^(GAE0@GM&%bUcs28ItF=}y}Tt}7?00`A}
zRLj_I4A>uk{n{kIGSSU0BgjzZkE$qRicGcam%c*{59&y}nr?u@hNQ_D-vhbU&?zV#
zQ#sdt6~u<2dy`1`?zjmGEN#n1gY7UsUq7|Ijy}*y*HA~oO?6~*9y)_Hsiu#?d4zqC
zxFrfY2!%1VT9*^#oi`Yv5?Ch_fsH;i_yTDspjG<<iG(|afujo&$zK$fu*a-z=44gF
zs{R3-NXI)x1eXvD)P|!1>rKLGea&WyLWLDr2{F?mde6a_T55l(rVQJ2<l#$iD2Lb|
zY&F9a?4!x$*tlioH6=futm=naT7{zQYyupLl;~-xlg7g-p0H#)regv&qKGW?jab^D
zq0sFc85v%z*J}?Rz};epxK_6^UD3vUv_j)+Nu(t!l{8zau^fN?OnGC8OJ;5KRwvPK
zT{araFa}2fuTE__LDm)oS_2U6&$Hxje=^@BE5VUPmY7-6jfOGUD7XyVP;64(YVg&#
zml%d)0_k`qNBl}_i*cq!kvs*{5k@19a{I><@4v6E;~Pa$5C$_0_<(8*);n(e5c{9&
zmv1hDSAJS|bPm5lt^GU@akF&rT6|4xwV<6yn50Mzq+<7Ju;k|Jt-E;-*x!zV)-xfL
z$l&s|GbCJAWBY+>q;fRNuCgWk==}7y_GD-Hr!$FmaORxNrD9RYJo7DY2&&-fdU5|w
z40)Xkz&HJmp7b&g-o4qBKbxD?lU2ATJ7+OQ5k+yH1}kn!9~SHtG%Z~K@fV_YBb40~
zf6Z_(pHxF1;=z2S*zzA5I3R21Z^dgbUy}Yi{$pGq`L?c8{zEIixfuL)oz`-<l-Cpd
z<6KVE#-{uDO>oE|vh!1j$j$so&G?Ne)6K>C+Fi9m{l%^GQE=I@;)eMvlyg%)F5`q*
zd{|#%r0KJP!JRiD{9oT6bsVfUdA>Qqem96M@jL(Vk8{ODS_Oa2f7*$u?a%UuSDIla
z0!e~9O@Bq8UR&LxUbdK2bnL|Duf}+>q4f;^x)`FFjYPW_?J+QjozVu#v|C?{F9x!W
zY<q^Q^OQDJF%T>L?w2SP?R(wPrQ>Qg>M^zXB;($h#2mSg(z<O$<Fo>imQVXZnh!9i
zKe(e~@J`a_=Kkw$A-Kn1zY29Kmb-ucs}bNhz9Qbm;MtS-8PT-oA_KTqZsPOn34d_i
z^i1mBw^;uB<*p3aS4cH5ls)P$eXspiO0i~j+~Hs@<E+7|@cxA+q^@enx<T=l82thr
z8w8E9BE=C2t`J*H%UQbjX%WBVfSeTTDeP`d7}?1u?e3y9lKFG?LF$Q%nUHs|`}`YE
zG>N^Zx!~T5rvUaqx;q$F-iYRsDWPtPq>#gNMPxK3O4UcN`D#3Lvlnzx%}3OKUW;IQ
zgsX1eP}}tM^d)}$pF*_d3J}+&#h@DjIo(xmEh-prGrR22Zm|YDxOF@qUA+K9QhsZ3
z?9{FHjqoax*n83x9dl|$bp%=u*E^9s??H4cvOHG?!W$}WfS`T>=BkCWZoybJy>0iW
z6J1@8FKsjFx-V?$zna`HKcS=$3GojM=?7o+O)WtgMSi7oc=x`H%b6){VE?w##LXWL
zF7M)|8}>zq&d>*_AJ;Di%Q<r3ht0AxwEus}2|wfcwV4gH+Op;9TmJlpd}i(0vx4OF
z>kq+;M~m#8UQ2<wN56h8(rx8C*pV;z`FZ{G=O$+G5Hy|Ae6)C7a#?dZ{vVol&7uC$
z8?iIy(|O<z9whzaJi7biy#qq)^i9c8aGdP};t5=;t(~2f!>hY_R0!l2b9-w9e);Ab
z^6DtR9o#61VqUT73mNbHdvJ|=H@Pwxc(ZbB9#~_asQUL#@kNNo-^PT;?gJ~I`kA>c
zTlAKJ)KDx97CT~QJ_6P9h$QWT_4A#O5TP<u*2S}h{cHE7aUY0jUCZ{`2QuqVuJMCq
z!#f*}<J&u(2fkuKdAY%}gln0v9TcxClGHoRZG;Loxk7yB?&irdFx%?M7PK=sXg;QK
zI={bVmL1;Q`f<Sj8NG##=T@!OykTUac@;-KtDqwP(q%WJku4{2G7jfuG21uHKLX1c
z6@tmGG`UJ}mOl*M#zqa%u-_aT*v%bj+Ej-_uiG{m2PD^_4J@L4cnT#f*3w{1!s~Ta
zGjA#H=<HH7@yn8ms<jLU=-|GZCVDohPS`VqUHnJk)cXPEu(r70a>hEw>Ai=#!jKe<
zBy}GVoXt5MAKuD1Bp%#948g?$APbrX18`)_Hex+**iLbRH70RwAKsNDE-al?mL_2c
zQ`mXQ5d<wu&1nwm;eBX>1*V@8&^gfc_bO%;e$!r(O5Z>&iPvbGqN(1RMZsz(@E-&d
z2t+Lpw^@a{ESYqne94((CTC{9tF}?PJ_ukNVw_t2^`pcr%CiYU_>)Ls&2Q?eym@#z
zaT-UuPGXk$@7DVVz2NaPU8Om$p*pT-n*$o&zP>H02*+0Vl`|`tsHZ@sur7=ev`WMm
zz~1A1lET)}Y3dNxr+G)M5&Roh6#<&Cb>!TSL3&vAn<hL+r~k9JbrrKG`o1%+1t>4w
z4g^;-Q<_8WHaF10r=l)yHVx&)Jqr@6J{Gy=cRTDJy1yu`%YA=vPt&zV3J0yccw;+x
z!G6z2rhUlZ1N6>0?OEgVcX+d^mE23DK^%=?Gzdr3KbGFFN|OM;j1-GN2U5#>J@J);
zbrs{epbWclY>0mg<8*ZL?!4OFs-s~gDW!FlBMR*`2*HN5QfAJYfavTO^{XX~*80p=
zuKM@0=H0osKa@w&67+});1(}Rtc<U7@jMBU;CDjBb%EdKc72N1kp{CZ&NZfvw)<Sb
zyhP0%CVH+b05$JVLp>R7qrKpnhu-aGu?|wYBA7izg@OJ9vUrTz6WC`+sCk#d4yH85
z?#$}=@<7#YGczm!(#+$dkJ1x~eh2$jaXXB?HBD1=+a*CBGnw0z+a?+(RdLRWOeEN_
zB0a!-z(8R4Lm+Q5A>E^x#1lP`KW<h7#UV|=x&GtXLQHys4>*9xHGka9b)VL>5$`!I
zfJBxU$AalC;<0`SFNkcR(x+*Q<m*d}fgJWyUL+dEagH93WL)pL%h#-kK(6^5fmkt=
zoH2c_ier9kDrWE)jahSZXF!mcgNvGM3&DJtj*Gr(`?eECogk>KmH#t}G~ZM$-~>)D
zY@F*&&0`(!ZzH}qL^|*Jse*UgsqpNx?qW3)!;ox>nb;0szlB0Sb}VaVy19Pinao@R
z_g;jTK;f`9^^xc(pD;?sP*X(U#ZHo2kj9?*pYm)63$>ZD)<8_w^xUFCm;B0~IF4)b
za}ZR$9af5uOa`DChp%Todp|M*G0GbbnoszG^5R?gjf!IPl1eH?8vp!p<SdYAokLYV
z!tg`<Gl@jLNQH6prqsmyirq$0*-#E;nM$Jo*6+!E|1{Q;J-evaQ#a&_rD?~goWwGm
za8p5KT4qKiqm)>~=&OrkiXyuYUAu96%RgpL9nq`o<_huw{8J2n(P{42YE9ukYFdy_
zo<p_!bL*U`2#tzyrkrB!u8YQ}k^2dx?Vg-n7wMW5e2V=pCf`C)zl#M+vd|&pGo0g<
z{SQ==Ls>pLsg1P1c|Rsbns$}WCYLI+S53~|9{Gw9kD)BQ)=im|58+-kB88=+{2{o=
zQs8liODMjxKq=?RW81!O@zp$VjP$C)y#CU}iZCwO*7EqYhvpX_MevDchAN+mYSSDV
z2{5DvQ(E-Z%H~E%)MeSOep4~z`MXa*bS^$iBaZtWVMlH;N~_x3@C<6HnhvYy%aZ!k
zAfZa0O86cvk00T(s_9F0!5SuQ2KIvq{zEeem(8HuK%jAMHc3!1CB7k5&Il(H_6pWA
z(ObufDO```(cJ&1reX&I8Su#Y&2V3wkXRnL%k*}kFR5yXIuWr-CpJ~8lAMncN2*P6
z(THGi$tV_@E|0(`D2lG!&iv}c0H0_(x|T^Q#(=SRR-JLe;R68=@h<Dgn`E8%%VLlc
zresq{@tReFZ^cm>?P$w{V@hlr>izlkt1gu24Z2E^2m=I-`V{<2EZ@X_k01KL#n7<p
z0~=PHax32E6oQr<pn54$?A)y!DwYj1WW9y5%Z5shpB<^teNo3+@0r<Xc}kLZo)yXt
z$6=9Xy`#cs5q6&e_f05`oAa@uebPM5vdKdvV(3b6B5x%K>DuZn4QZY$Y3L^TOkF5G
zJ|fXv$&-b4HJpM$*PK$CoFJMZjx`4PiUDe{sm*9;3+D)jQZ(D7v-n2Az86LLCQ)HS
zSfbdr%0U`?DwMFiEU<^xm#LM_F1Kiew!o7aEENN|r4Nzp*!Oa~b3!&d1@#l9>ud{3
zOWA$`F2??56D3HVUs0^s6o|i`r+Evbc(NFB=g5eUd2yj4!E50aap&rn#9E+=DoRP|
z;6^D7Asd7A)4!dWBrZhm6J&LIPmRz%7{$^t%y#F=>hyWblf~GDOBxe}^sC^p%N?DP
z07X|<s0eJCh9@)jJT)fnT+S^fbjeRrmC_v}eqjPh+Xlqv_Y>vdT_>6-wSM}V-*_3!
ze)R^2sx&A^6?>(a1Yda`!RVlECj`)N%AdjU3@7@pLo-`n#+_&V1Cq=YMP~w3YJGlr
z)&vO1tk2076*q!*E7aZ6_+C2_258gsWk@9MC&k7u^Dp<XT8R|3y%&s02>OK!@~9mL
z0HSoe{B8>hMC8yMIG|xO<6i_gtUh9m0+BG7!f*i`K}oKcfcOaFL))LVX+U7v?iMU{
z*~WmP>x*soN_h*&1sG>S%KY;Nbynu%dT_`tls>1ANKv!ev}vo0J+NL0M!26wdUef$
zH!yw>gqlGh{q22zxLwirioa@oBa30A0%+{7+4sn3FWhysSqTx?kFG&FVAUqBvD^?$
zO9JN<b7X{bz2p(q?`~-Sfzt$*GaZV(7*LohfP?CbX7=wb@PCp0#>SKmo2umZrYzQ&
zKy{wp@xNzmcITb)CL*x!ik`cmZJH&I(nEZTgq(FXSdkwY=042<>FV8puW+?42Q&dL
zL{`Uly5f3rK<QS>a;bY61;Yp~$l>B0N)+PB>R2TcaLLKS5a1d&k$`D9v}FW@s2fu>
zx6s%z5?LQ1m4K(58_ggEQ-T>w6Y}!L;)@0xLuH2;?nkD5rDyPnBKc#{d&6m~vEsV6
zW8#(`hj~wvf4Ydop+ZlgB!7X~`rZ>3{oLb38U0Q6xMxwUrwOT&6yPXXu&S$|4>pls
zWV$3Ok(bk;WxA;m7RE1RTxCadUSSB9V<uuTbS(l3f@*P{nF2@cYp$Z@F%#&JV>E<x
zHo}!jG%VYF!X-#5%y?ukZI(7Zi)j@r^e@_uBZ)UkDk70ZTQ*Er!od>D36JwAJ{X_;
zOP2y?98JPY2Up{H$a8a&=&XrJ&d)9zAmJm)?93jyDikxghjLQLVM17o-VK)Z9!vY(
zcAf+bZr+_uES@j;+P}?h++cALrA?G@92{O-S-dVVT@Tg@`7nJ)eD}|FAz0g)*`p&;
z;oq;cb7K0BjNcz$*FH3KAw#T<CR~BboVY(13YPWPO*Mb6Ou_Z`pOw2bn{&lm)2612
z&jr5!p{;OVM9!D|ho*U_0v``__MoK=4Ds9Xef4<>Nz=9wY&^P=t=OTc{TrxB=YJuS
z%$UcPfzCgVZT@-YXPzIO-I?8icB^^FNj8{$3fUi9s_DB92`pIc9BTp^xF;l;=(VJz
z*f)h0B*~3zy#`Aj4H76{$=>a=mJsdTJMGKP-Oiz4{-nS`6nK2LcP<2Sz+8V*a51nw
zXa2mS5r(AL!=+%LDLt%Tx-4KGp6@+h30vxck?LDL1sG;c8_AHPLEPx6KN54MalQ*P
z$$c(W&1rF?E&H+#(V`~t$Lkv{U!OHkOn}X@=B=;Gm3;k){;S-ra1A&6hmD?CZEtBu
zG5l|4*ri{sV}{U!WGt@R*%vZzD|-R_!GdmJGafzwl&BwOkFiDWS<7sVlVH|ZzEQwQ
z_C4?((PnhB0SF2{>PAkee94>eL&v%Ct_I88^2dT#AiKp*2D$D9m?9o{27gvkVwL;j
zCwfdMLn5n4#c=!=aBVa*u)`&~7!&^d|1c@{UrThkS)(4L#9!}m&t_jm?-|VBpN@cu
zC&;UFocv!U@Y)QFo`a9P_hDVBRXYm$+^lgj#eKZG+6=DnS#x(&`R~lM36$%9q!nKR
zE;rgs^uSNSu2us~6`!;g-+xZ1|1~?(PA*oRm*^pC0@jim4NvLbkR^CLXtBL*1!&@|
z{XfsZCei@<^(%dBdzoeW;9@##vJcOGEsEdAZWl9#j8r&19@Hm4H-W{0@3~xu%|P|D
ziPFAU%(Yt9Dc@8>qBhLV8#F<IiOGbQvnwpDJ_(AfJOPxtFYJ?@s}c3!MUtOg6<aKH
zb>95H<oZA`<}(rD*>r4)+4DVTH4y$i3f7|i9XUC)OXlF+>sn4)V#V0l(eiL0{?q3l
zBzoiZL&*}%g&)g!&H_DbH4lb#XT92MPdYN!&c)Dstx%;>%lc&vf8~?DoP8)rxk=n!
zX}obClJ*D$3oo+Ip4mdT^4)OzwMW#CE-o+qe=tZbTh@F{dv!;$U9eMd`>?Y|aUc*(
z7x{h(k-dC_-*vrols~v}xPNChE&qEmY}WtM|189J_Btf&7JoChX$uZIp!JE?re_{a
z%o~5Mnfp4&L;mXj8^4x(6S(rvV+a+v^tsMgzOx?fRiJJ$+-Y%P(aqMfWxd(FbG;4R
z?%BQl53Tnim^p5+W^hdoe!Ww}e|>3Vvz2mm9y~CIDUS>#h2hSo(55O4(k16s&aYoW
z02Te#^89wrFRivdQPv|GlO?czh*`ko1Cw5eqI@Gb9*7BKpVf{E&JoL-eE6Z^Q0Xsc
ztuLeyd^S5sme1{(vhV^PC;L@kvHDR{(nmY<V?pyuKV$Q6pY3G3Pg329(k<*Wq;l&8
z*D-N8CbPwB3qAX8tE}EOJQU1vo-G@Tz(FHl#Xx7E{1vApJ1Xr~bn&UsOJLyLpt3p<
zj&j*WSKA*>O75@nc#%vz>TmM-Z8&DSHkGAvsO<-;io(8=k5hV2m&4t1Uk1p01oYoi
zHpI(VF{z9~aurA+(o5t}mG~wsbztOo+&PIwl(Ak_Znv;i1SpCkow*pr_wrUT9N#Hz
zS7$M7eP>>#Y;YiUTP0BhtAWJZrMfa)HJ}Fi<FA6tea@AZ+%+VQRjP3Gt(Cb2;G9}^
z`MQ?YKxJDjVflP7fu`M$*b`o(DfhLj4>C3d^APAqT7bAD>^?UO_(R_HvbYY`Wym+H
zIYvk_2i2Ag9nIaL<_IsY;qQ~_(+I|!+Ee>eQ)>{})NfYGsmHI}L#+FzsJ;f&)4ZQm
zS*|Zi8>GsX1<~piu}u+-6RNRLCISH<nj)XP3Hvxn4Fl$361Q)i%ZX~sk_2@fxu|bF
zmW~-$%~R18q}{=Ic+Sjfwma^=?`DpVeutf-1aL9C2Y)|=lT}wacBUv)+Z4x1)t)!;
zhfS8pP00SF8!l!vyY9;3194XRtz6Qny}c6!6o;hOR=@b(_&Fq2sWqp=eB76zGFj#w
zK!g{do-pMws<@mG-!YFo#-{ePMXjqb>BY_FHr4grS_4E<**Uqe|2h!=YeV%t;Af?2
zPJ<p9HLzoP&QtJywqy2sj}IpWayCNAK2`{d;zCdV{A3u(^2p%S*c9RT&6+@9HOiNj
zok!P|^nm)*pSN;CHg8^|wa$wIA!OWMpQd$h5Zn1s8MgGQw!_iP@dt_jW&<i|FQRhh
z;Dx_>u5oh?MB}P#DMXW}gLIP*M3qqw@ap5ZgSY5*AIyJr0p}!}?UFUe>=(kT*88wa
zHIDDez_Xt&m2l>u6270pdyF^mhd$IW(WOx`9Dynqm;-7ny&caaAi{5*Hhs*M(!)-z
zM-Z1=XqIjucuiWD%ADqa!F5<fzb(;|;-`KyOyZ;>r}+VLv1NPsd8}maxr1dz6ykOw
zNF^pgO*)xrb{+9mvexNaCA9=X>`|17h{js0{l`ezyk6~*=H@a#`!otF^FMJk2SgFn
zSvt?e>7(c}dAX_*9Gh*EIIJy0)UH2vZ<g`EWN)bU5Mo%$#+g)o^ewZ6)_YIDU}@Kl
zNuR<YDaY)IQ8%$asp$L(MRgs+)^TxtyzscU14HuJtQeWXw$-vxsp}IjFVd_r5N9UC
z$a!B~L4gvfB&GhM+#(_)Fd43SN^21lm-xEb=(<5Z8*Z5(SSgj)7lqpmJocoiEz6hq
zLcGy$(^M<eoCU`CEx3Tk_J_2Jq9b}QoS{(KwKav$cT?X@s}giK>5A=A_4N4FHDE)z
zf7E$NoyK3QojK4Xe`P$7tjoZKN##)rD5;8mBDRHJ@TK5K6_%89d0=nH_UWAorUcDw
zEn3KYTBi|E)Qhhpfn0JxA?T+H$>neV&=tSf8dWJDhow2{oS?JFxO`&3<H72cw=&E;
zDYAX}>rD!2)`VqYw)!Sp-_TKM^vfl7rHW_?3`cG9Pl7#&6v3{mud2!^zQsAwt8J%y
zv2W+!r90xYc&=tN@Q5}FniCT0mb#a+8Gh1e5EbA=8(K9aP33#8p3WK9{&rS1xezKu
zMOuu@CF)nM79u_uZuNIJB8R+i^tXdaxWue7hc2ngvy_K;tRuX5Tu{tz8ZA&pQ&E>m
zH$>L=L!r|C2ogDWO7b;I?DbE&hNF1~k6jBBd#AOiupk(CT;7Iyt0S~#p2`e=`qdwo
zWViA-$V9)rFi-B|NbNgOkA~-Ta-#1<jiLW_wT{Jmuv}N7B-x@?_BvDjvADm1Y!@+v
zhO9rCp^2};1V46gSe;n8xI9|(x6%++iacpohGHeplf3Tl#j97v?Bh9n(!gs3T{c}x
z;aMy=hhI5kmlX~1no=a=Bo&P+X;x|v0uTNL!J{MJpv<gFW56J*$Ze<}j(4uaIl5d<
zBI&|YetfP=d>~JXzaefAvve2ToH!xP!cgIj`&=Gs+-BSls7H#kXq#$(h|{CJGX24;
z4aCx7JRhf|Xf?kmUKJIui{uVM7mef@a(t=Q2j^9Z^$qaLQnrNh5UcqZ5~Bp;qF}o*
zF)JX(F67m}7kX75E$Z6yGW7c&D=F|0jI{^a-77ysx#bxXv#dmcXA5T;=g=`O@L($*
z^3B1BWE@x`%XMw;Ebn<a1BsS2*n2P-3ari(;Boo4sQ1x_X4j;0@gS)UWolsM_baTi
z#m|?qU5aM)cG<{jgL;JUvYJttr%$7^6vGM6Il~M^U`WYy0qfPjf8%Y%gt#blEWKDt
zGh-75iDMETOe;MnKT>W6dn`q>we14jQ0H<n3IE%P-p=@PdsQ(67w<Uh5dX)hWqa;!
zAo%8tvgTy7$*6(<Sw_p5XLMxKJn0BDTj;W}aiyvkw{Jed@7bbOwN6wu$nd6g{Xftu
zDqWsc;`{K8$xLlgGad|7DH9m76TqnMzS#(H8{d8{EqnUy4^5@^J!I(bmoMI61qg}b
zVr)zY8JE`8F>F=aI_1l===CfpEeGfQLk#H97w+g2lVI(faTF753`5=N&F@)BLFy(m
z{nwrQ?QHjGU_QH;ii8I}D3h7Jc_fQsI8d)2XvNd#V8NR=;IS2?f*x={2W7c3V-h##
ze8A3*$Ad2Y(yJ1AFq_2LYo2!B*|a6L1kWW}P&}doyFe32`6?1}00f3)KJX{_BM)^l
zAHxQbTEpg5aiEvy{XSO!VH&uSGHa#dilU}Vp9`q*k_uS@LEMnaq`x^?zHxKqKGqwC
z(}=qI*}%~`MH5rNTUP&ds_WDb5d*;C_>wTSE?F<2;E_JTTEG1wB*~>PjLr8ZhoGSB
z$$zPg3!Ujog){T9Jzs{W;g^}fwR4uz%m>=yA_Bs_)%qZ4mRhvc$}kh}E{C5_A5iF+
zN`;SDWMN=R=hJ}M;Q5?ZyLQ>&JzRh6-zmkVBx&`vYW<um=vu_lskF(O18?)a)w_>5
zKN67j6Db#Xh0BY3Pj$&DOUSprh>mEE91Be=>z1f`hAYz3K5dM~fR1K4LtoF&YtZRo
zuMkmy?c;DN%K3r$V<YF=FB7b!Y0V3EHf;7>pMJg@aal{j<Su&MMp4AQS>;S2xO^i*
zvMdVM4V|F!v7>=RB<~|d2ee^yJo?}=ZJDtq#y<LudG+Jem)FUOf7?Rg?w7P;!&5}b
ziyyM0_K6;QlS*4n2~E+)KViqT%))@ALR%F$z8NP?VP@v@mepgrF>Au7Q)u``Rvdff
zzr#`e1E(5h17@Lo>m_04TiimvAv6V<N%IN+p_R-=ZNY~&ZWrj=%#y7>cv7g&y=eA2
zdVSk@6eN^z$<(<H_>U3RJ3oUZ|Ivs1L=goI4E|eKzN(#QX_lP&^A40Z51ju6)sT!e
zdeF}WkGtFs-r9qaQ2x8E|IiSPjfzwkNyE&b{Svny@b3oqlG@yTU6^Wc@j83?*K-YN
zJ8>KB^*jC1jZ}}9S2n)eA@aAZhl-q%naoX_<41>QcXB~BXQt=C^Z|Q8pGfXAwyp<m
z!MIEAs1R`W`GHx3N6a6jo;S5+<S#Bo{z9(eLp*I<yZ^~qduYP%-ruDC>zpi5JTgXU
zp1(1^L4w(0=>x^p+cI!=1HO-P-CyO3ku!)0`Rs1>jQj4qQ3yJ}UktW9yiA~m{ayQE
zI=XVkO|cmL*~BLa(1}+qZYZdak{<0evRnnfH*05rFR(>SQF*mn>J1NQiTHhaJ+xUV
z)xDS!8v(J^XFHCNeucpi0IdXKZ&R5?Dc#CT7Cx9GQRUpYvwC0lT+C-90D><NHqb$K
zuR+~nD#}+&fW^5K>ICL?#eT7j@j*ZT(DS$bDa>$ruR0fr#R=|rgm~={pMjN$V|Aap
z4dn_4T%-JFKDL_VS%6C1XucTz3Uo%j0KbTj-D1G(vES$E`=Y0yCS?rpUB_R94MN>P
zAa@}$#rr;x+lCJ2eZ0m!SfpnT%{>zA<(o)6W-8>DJ`L`_?nWg@*LVkeSRM7pIj%~W
z3^WRRGLN~4eU7(kz>Z!uahzr_kJN~SK)h*1_L&VdB&uK}l`X~PzY`&{!r(j4p-c}$
z4WDTSrU&^ZTFbN<&p95)iaqNkMLCw`RGI1s4`JY%7|mP4zJ%2f^YnW#5H^QaO0;`E
zm(*}A?5lS)ggVwH^htI@-0Yr&Szu{IveZw9m-yM&JTm0BC#8ExR4KJAb=A39!EUzx
zJYugXG3!+p=H9VUHRyCc3EOMUnOQ$*`g+k!_ShIU1p}<#iaUuGzJTh%8v6xbQaI&y
zW!~|VtKiYYOLqstN7622g9Vb)y$gZ*{nubEhx=0Q?6zs+_2bv)t>@+&4Gp0*qjHO+
zAGq5X{Jf6;<;uPB;0H<Bkn|8hpZWqmr_Vy(h9oeq3;_A30GPgkmv7|Rmk-W?m&s7`
zYpkUiiAFd!x~YE*k_o++o&JZ4g>TyH3r4rj&OEH8M+;D$dWwUt7rp>0oOkCB5JG_k
z2a02goGqv`92+m^pLRGaUw^VFV7e}@{eDmZZ#G|)4FE^EqlsFFjg#Q7=g-Ug!*6du
z;37jodDIoBH$)`yU`mA8OAuWlCD>(IufD)MH6Xa6U{ex4*yP;giZ|K}wsKxSyn&@}
z9<PXRcwBa_Zk)?%a$H4Y%EfObUukc0hdMs=Z#izi^|%X_|5O)`7dDs1={Pd?Wpp1U
z)~Gs*d@&FzBj!|18xg(u9sPs!sHFSzsfVuQ_}EFXeIkcRXfG*zoQ1wI;pu1$Gxqx{
ziNu{?ED*WJ<#sjTEfthbiPHg$*~dmE(`c(O=aYJU2`mWFmwhiJ2d3w)+2q&)h1o~0
zQsArLrGQQM*3cPh7DKG-P}Qa3Rggy2#^BK%9RmQ(HQdIz)sbpkmLLCYjdf&)6>`KA
zV@kP$Bfmrnc{hA73Pa-3e4gk<=}WB_#hfdr>2rXISBr<+@1nhif37p8z;Jen{bgL%
zgGQrJfCZ||VU$o(VpibwbyTg~)>nt-F6Og6w;v71DPD&Gifqpxy#>)6)Wy$L2acvG
zs0}Ks=&e{URgH3*qXOATV23U1aZ*LgZV}9;1YqgG`w1!N`$fHecf&jUw6$!7n;Xtq
z8q28P@jm{AV5F#IjPGdLn>3KjwKoU?$zEcx&)|Xycth(jJF7oVfbx^ET5^~U@Hg8h
zGeO+e(a4yL>nQlmZk$wo{$Y~@4ehAB=sGYVj7bk1Ul;}yt@!(jo50fAMcYVzQp3EY
zU+8nvbsaeTRpZkW$eUtFEin@IJ#zZ4P#WD~eDJFCW6C-(P&=}S)jqrj>J|0sKQwkT
zQwv}zQ(;?~_sJ&G^YQrDKm4v;tI=At!p&QnI}OD9QAh#DTrKf$B6w!;OR2J@u77O;
zO@O{DQt~6F5>R?e<f-O9I$XyW>;*w(0CeeA#YBd6c!f_UXC`JPVP>wiXxZcAKV27?
zY8#b$ZzuIV%n17-)VcymSC_C(A)v!<#3e0;>!@SdB*Gf|c6~JAxkhi^l9i=$D+k5l
zy^be<{C`@N%SeJ<{>Ef(Q#HFnG^gU6*c4n0bWE0XG8*dC$u#SlL$2RGFoY4WmGjs!
z4n^=)g$)~%ZVpr@*fG=v6j8K{QV?vs3YtLr=;#nXU!b&f*vhD)iX&;Az}KW3XhVL<
z=Xnyv`X3r#1<6LU{B$A^CBB_3{>-z)SYg+dU73K9Hbq+|#zNU|>4hdN_{mZ=?TC&8
zG@Xj=R^P#z!4;{|0Xeub{?xDv{u)h;As3-1=0tE{=MSZ5@%9aT+lcw}Q^3V!R6r9(
z`|ByE{Ioz=)b3YD<FwMEL<e=P{!?$u9~=rMz6n(C^Bd4Ja40e>Svey8T1S<UT`AEd
zu`^CZS>pdp4TeIkyNfi*a$}@1G+ip=Dwa|NJ%aglA_QzyKI!Px*{!=klO4!K+)76^
zKZ?NmtD{w2+za!5;CE!a^;9#C=dY|-iLxRvDphUPw5^vXH0LaY`*etNV2YCYh`zXp
zV`u-7z({R31DkwFx{1y2sD|>t(=ySb;YCF>O=CnimdNXr)<v+f(>~3Ai`Lh+SNuzn
zyrO&pVL=XAN|&F=HLs@9RT+%FWYfx~xTV6dY*8rMBr`~U$ycb!@%@s8dXUYLoPz*|
z>p8(N9OXU|%D#7jVBu`0Qj4X)8LlYu6sJ_iN0WEoWu2IhMVGTiMQ3B!7GQO!cI_JK
zry3H<2b2~|WhH36fN;)`l9Iq(3O^d{rMoGam;Y$2b)=hx9q(2blRwGVD`t(kLzqm_
zVrrF^>$H4MR^36wk*4Z}p`VHszeo!BiPnu`!mDNbhls6K?VO4p?VVst?0SdZKcQmB
zkHAld_FohxtI{uN+5S5;5EZoSA;T9Lqh@7!(lkctsfG8%7bEyZVNF?1xO~4(D<1|{
zT5*i+IThjs@m%P}x%sT-K8qh*)u2Ehh)Wf85}XX<CvT&0ht<Or>+s;{%{*T?6tPHS
z?0Fcc&V`GjiOvb`!V^ddU%b<KxtK8V(aV5=Oi?SRLWxg8N#Mt6)+81e+gF?sm$#`9
zbrs}^8VMFDcyk18ObrB8hm{p4B_0#6`jxYS|D7t-nTo4I35T}}GYGKIRtCXx<UqTD
zzP@{fQtC@=WkRt18Rc1Ks?J#1uOyL#MTXo}aY+{n;EM4ttmH*NUWXSZiD?yuaugDU
zF=Nw^PZ=vwleqp<W{j{>7v%_ljHOB1e8E%x1m`QsER|&&PxLnJKLX$*cNp}xhHNQ3
zVV!8kEA)M+%|cih+Ae3J3{#*|DU>F7Oi9(XR~oI`hmGy2=08it%M<1)#TvazLk<>c
zGX+R7;f6{eF0H&(RTSlw$de_-M=MX;Lt72BVwdJ;akbv|G)6`u99@;1<{Ci)07Z@A
z1)i7n;s_Y*>6Z{Gv{W`WMl;WkDP`<B2JD!P8_Jokt<9Y0&fYV!p+#T@Gz;-EjBDE%
zxNS0GVc$E4bv21}=H#Y9cQJxm!_!Z|z*3*C^iy1-=Vt3Wu*A+rVcw78`yDzKLHD9G
ztD3GFfMT1)6xF6_I-dc<ay0&@gowr#QxOnC(V50NI9?XBz*hW_i5*i8p2-kd+b>>Q
zlnrbd6JtvEvt<g<NJO<0fYRq67gbWMi`l|=u!U-hs+WHF@18}3M{Zt~lhv_Njo1SY
zU@!`dvUHsm{Dclf24wRB^N~*3U9(hBcIwC8ANgm4u;1RGj%jNp0o=tka2`%c-By77
zV?7L5MX(BG@0l*={yNYft>#0T%mp+oGwFagYZ>@;C7v;Ufb!?cIH5DWzV`>%iEKHb
zjWQo$l#?~FwC9H5DsOT9-d)`a1bgi^*unCwMi5xnp>!UYdkU>BYAM<&7W4Zm=H%54
zoJmke5f7{cyx{?&mr$St=@i)zK(l_u<MI;*!CvoFi3=I6JPX+*YvuQVdHhH(7?BAc
z_hJh$k;pa7osX>m<GVEbp>N1!YW#N`biiUzoB<+3Q2I+a=$?j8@Ko2^okwz8K|#%w
z){ggyiSPjnk>+J-RvC)}1e}!PQ4N(b<u+d19+`-SewR#zEk48ElU2~;4eD)4jQt%e
z$^x$b%g3VpK7Io6+&D8V5!g_;o(>%?t6jKw7*s%Z==r)ic^5;16C-N42>GlT+B=!1
z^RgEme#etV6ipI<MxpbVEAr*D;u=rCR22SfiU5v*W=%h-RGMU)CsaAj&P;d&*EOzq
zp(s+?Rw+OPyAV{rYs-V$QkS)ATDLMDqlaB7T?K%__HZ&UAZfsu#@Cc-D7$PKJAh0#
zjwwGCSfP43$SF2T@gDydmJ$=O4z>?#GK$?TvzM*EE3BmADZ~jU=w}cPv0U@)`<Xtk
zuoG(RKNQso-6SF20&p}%FNQYrymGTQQvxdbeja6C9O%J{%$$k2JQ18&9fn1(G=b^E
zDK?pF84>BQi7s9qVoYu)q5fsCNg#J9Q!4Z@h3`opLmzn`we1v#mGP3Oe9`x>b}YnL
zWD0x&<?y9m5$nGkP6|b$=pE4dpr!U;*TG*K-&Qt##iaJHt2EA#8<E1I{b3KNMffun
zneJ9Dz7-7KM4A8j9a1ZK+f;Xx)G)fp06Vu{u!D^{zj>szE*pmXP+IVj`Tn1RvC|tH
zF8Jwk+f|^V&wprU|Dl~E|A*GBxF^(bG2VaOdpUl%6pwii6$<f^N4`EBxm!d6cF?Q3
zleE|?MdssRedbRcWxs>KsO0f~XnA)j7mBINmd&@F+*cR++SeD?Hh*hQNN&Lu&XoOK
z!GCCtl3?=#OR^rQ)5dL<t&4)OttL>8b_w)=Z@BuVGZF6l1$)Ge{~p*8n(EBBbG}mC
z2^PCP4jQMqYQEYz$UnMP1pBiIsK1*UsGq%$LdS4!R8Ef9oZD9Y+E*&q0}uM#U!}TE
z#gYBa*9<C<MFwIph(mL@8fushz78@lc3N=PI)T>a(p!85t?QO$A%#F4Gvb&kvz`2(
zY}g#7wTb>4@+0-}xj|MvY=*R>=)vyApgbwCGHQ)C4Y9K}w1?Pz*C{cKuf_R735-jK
z!OUJ9zyje3c`22^;%n1>vAr9SU^wnd{cfc`C)zUyR$=p>xyw5C-BW^Au2pyUB>A(u
zQdiYa)aS+Ck{{pqFr{ASNTk1vZya}zC+qMUcL&2{;HS*M-Il$3dAis|l?}#co#mKH
z-m)9Dplk>HGY!kT7tw#E^FIUwdK?jMx{U1A8)qN<h*$qCGUv{_d9u^dklMsfzyDU<
z={DmJ;6Z0g5xSauwbc=B8ULZZ;$)XuSQNx(NV#X@a*;(7Rmv<&Ng|$&LFNv->)6&4
z`XLR|51PcEgW9DBk<e$fIx*M4K<6jTrr>cRTAF(Qdy{juD^KtqntP?>0w!UI<b^iL
z=>MY0s)#O2iC|uuJhh-5#iFN`Mq`smB<Cb+7xphwo@Nlz<LR*S{FPZ=zL_&8`^v4+
zTKiGM?C#IAnLZpgsP-t+ipO73?ypl{O&JbS4$f?1$Gx~&^Et#3TjTi(1B2_0A<X-d
zitGnoz4k|on4N)3f$_DAzZUy&xdo2hRK~XA_2h2a%b3VPrSi1xn*B257L2D(o!^k$
zIJgH(-Zg@c-|b<rJt^$&KQ!Mq*Q2(;^pj~X|D<a(n02tV|DDY(bL)-siBM*4?wyTL
zlj5}en}WgLgBMqw@4#mqfV32MLe4_k!B5{T9zV<f<H``_{1vdeXukgJqjq~Fd_n*P
zp5%_l5%`1CdkF-mP|W&;rHr4SK1150fMakgWN8G*(H;fbp}?Tp+c~SYvfqO&dj907
zE>AXSdw%xlBUpaa`Lhz7vx7zv`HrgVglJo0C>d#eV|%{7z{>pDt>UTeR`RQ;#Pyzy
zX4wz_c!f&kZZ2Q9>G+}#1%wi7uijSws{2qK{CVAs;dr>#k44{OR$HrTp+x4j13e$<
zHvCQoku_)j$ls1N;`IcMM2kVL#cAI7*L6K};X<~)g4hcAuMqT<Q4CQrWFO%T<+QxK
zDZ`Pp_GZslCwa<gB0O??QnMU#p5E{{9nCxSy8qB#M0_lbTSoJA>>@Ftz|2==T3I6{
z@-HpM{Owfft!|t(B-^|m$%-7kRDBE;5&e$VlQf?i$HuVdQ7j1ADT?(1Abe-Hau!1W
zqG+#|Q_lhSLALZ)@dmrk$6FaHA5Z%HjKa#IS>nyeBV$d9j)j=oNg7fV0r@ErSwNI0
z`8bA5X`b;nvy5In0+)5)7_5sN{>o@c?q<#6xEcC_+a}6s((UKpCjk(3e93d`JH;eT
z#WGejlPJ)R@YT{RhK1lF^*-6=Jyq*tFkI4(MW_E%eXqbXe8Gwaa-BTBd#s-8gL5ab
zYq2{I?jh4u67bk#dY?;+`|4U(oTCe9KW*j8GjPvvD`*NAg32~v4dZo~UvE{ibb|6B
zJFF{DyD0Km6zS3w=uk8K_?L8fGz~;o#y=$@!ufEQQ`_r^$MCgK^}THOP3w=w<?6X+
zqh7*eS{W^Tf?R?9+YhWqs@8{B;Jte;fcyFoSx6z14iwfvHf=G8{;u`ij0nV>i#hi-
z&-`CA?jFq2=h`d!3RD7(Nqnbcc~voNvKJ**wY%rC&iFS}NNNdu>s|X-{J!Vt-$p((
z6Q7H08v^;`r6Fq!iP=;=<?c_0RgYcgK#`KW(?mRl7-fPGQj^V|=5T@O9jnSn%w`7g
zH2a3S@-@t+HLvvnHjwY$^QVWSu-;f6Jsz(pKlK4Um2JZo$SACWJG@e=z&ndT$hbK+
zTNQFZobV*uNfuGWy1Z8dULVif{Rya0nt=_PZJQ}j%G%_Mn`0frr)Zz((x~dY{)~zE
z6gDo(Q2ZosGm&RzJ&G$$EzZ_gv`Jluc&!N9$062Uye_LGXA;LEiO0*fe!FhcqYkTL
zR~~AMz;>QdO`}cy%DZ&5S}I5kt^x@Xe0nr=W1a>OCOWg7rf)VkZ|l7xe(!)O?I`f{
z%P8B!S-v6rY|+C6YpLqB#aJu0jb=Rx0<%`4Xr_|&wAs=~Ka#RxF&dwumiJE_VU_*(
zj9p=P19s;O@qPj;>VQGvlEc;d+BhwlQqRm+B+<4q{`ZoRqsZr(Q7)3$tlUB|?&<d`
z<51Z)9pmsBr&9A=^D;!vyI-<*TEDrnDY(LitOerRiU%zDE28@xR`XpfeuVZ7Uw-D4
zEyhZ)a^hkgK435rA*@eRn}(oh=iG0o-*KdveSS`tU+&DT3!QO_G&@$G9l_^V#weSN
zDAik$DD{Cej<d%Q2o?LHX}@q3{#I^*p0b(x7V_n33TxgLb)OhcB<YD0x>&b_P;Jbo
z9)chVjuJ8Qrd7lq6E+rWFYY!KF@vBH<*2&3!>EXQR|-}JlmU~{Fef4HTRK5?A#J;~
zi?9;*TNCo4>|F%c!%3r5rCDV>8onHA+M~MiVIo?6O2f4q6ViW&hIxd?^RaZ1<*Zc%
zR#XohipiF`h7HZpX1~4QST3&=b&DPi<6(hmTj^R7e*L!|olblMg^H)+Mp8*C$&|CQ
zyulzNOqC!nPN)&b*o;Jk(=@oQ$IA6fv4}UIhFFrqc^;f7bAEHd)6WU*!>x0ve?cAz
zk(F*5qvm=Nwk5e<`VP+>UR+c;OU+dLcnmL|cQdC#eu9>TOvocVl*c<A!sLQE5MR7b
z(`raqUyk)<!@;Qg4|tW`w>t4^<>gjA=&7-p2Am6iyhS?s!<FRKLcx44|KsSq<Dvc^
zIDYoXID2$9N3yxB?3GPM$UK|MEF@dFv$rl;m2pT&olTsPkgVjAtWY-DzQ4EMKRtBr
zKJG3(?(_P*Ua#jXrdU0OzsZb9ZH#(Iss<>rO#LzplFivnlfR*ajgmrpQa7{KlJO>k
zC5n82F9q|RH%E}T?6u(Ru=*Y)F*8(I8VkvUnd`emFf-aEC3zik2AFG@Nn(i<6}C0F
zBZ*i!l;0PLLJ_~kqI-*ORpA$7V@a0EDud*-^~20>hx-f&H0I^pCN!ysa0ZxZK3v6i
z<z>5*0#?7B7e>7qT^x%cD~?SjzIETsEeknN!gpX+BA8zxNVKg^7s?y`u0dqGB*d&u
z#Cd!Ftrqcv9XETu_r=W2S&)a&U})<Hw1|vZSFVxc!WpxXUY^iL^qUbp6H|+&y+tO!
zS?^{GxYAdK3}MR^w|87=@s9ok22ivuOB2H^Ea*06yJ?6*wEJGX)?(OPedxF%A&Mz@
zvC#)@yMudHQjK*XkS%NDH-*>A;9LZ=E>CGICM+&Y_8}9*DXUyWj6o?bu%ZhN%rAuk
zAmm!EQ`OANh|5jNt(PQ*fXj{L2JGYgOw@2lG@y?@Yaa(>9mw5Fcg~F)Y@19!nL@)!
zr2abpDXXw9X0+kfuLAv_Pu|ICdc2rtsUgpEK~R+#X8md1<_lrUtS{jKjE8yZ9=ZJ!
zCL>=QiQOgrHCql;DNkb&U}yx$kS`-6K(;9>fp0XQYgVPY7K9oba&95k-!uX)&mstp
zhi|zVd3k~i3Nq!RH-NI*MPitN{kKTY_y%-8S8`<lr<MQ|mv8&G8B6?WDm^$TA+J#h
zF7kP15<K!|rgTjRPdcd~vxh^G<1`3BED{?v$WGRTTnV(EsILhMFSBXKw}NzS`@Ach
z{Qm;=?dD15bA0LZ1h!||_^kknSh$>Qf6GmlDbSOwcLjqc9MO|E01j3wpkV`H>{)H%
zPzc5W1Hxwp%D{W!k>^|fI@L9MN*CLRO!<ZNNsv%{Zka6P(bEPw9Ha4ahqC*CUQD6F
zn<S7@?KG*Xncra3VqWqcLlj~EQI1IZOS!z$(6uXQ@o^56P2W8dEokq_0MiWtvP;A<
zD2e0SS>TB3&osM?za|rI1>F_6LHBD5OKm(8(=-W`;03Cb(A}Gkfr|{pO0$hYNjddJ
zDk79$U>>sG`5{fj^-7l2^E}56x10ghNn8aAH$+u}23<d`t3{IWU|NOrV`-)^vHyOC
zqhP1#^@@qncW+7F;e<BF-EVWi67G8XKU)5=#%ucbb{*`XR~R%Y5dFeWq9x|dHMKf4
zpzeJ}6Jhf#@$rj!0ykUh?^Q8whjCM%GOZ^Hk4h}e&tDabI(E3#=2@bQ8WNW4nHb?d
zGmlJ(mL2$&D>E2pn0IS(KRF?c=PWvZaJMqa({;}(`9zBHs={K-1_uS-Z<H9jDr(<n
z)IzK%A#3^-V_u_xB8kx&X<XPsBXacHGa7xGuj*^v08`#z64AA6uSG6qO7ZoR$7!qo
z?wsmK;t#H$XR3QV?H_Uu-IN1+ZtIcTc3d0!Iej7NnY=P5JO1Tx_O4UbzuAJ{X+Lo@
z9LQTgXfq`6v%S~l4@Wm1{#t5Pyuaww24-s1P7I@FoeuQ5`*(`=cy{Tx|I#VjM$+%K
zK7StP3mw~N@BR-m_|9&wCREZhZujO{i2S>A$<DnebwFepo~aFv5RU#Y<<6r{ai>l{
z*PK?JPCyau)rWJf{~&&Ti$@NrgiewRZ=euOk3au=zx!iALv{8EPg4u`h|D~|@2rG&
z=v7=T>;x#F>FVRemClzJQHy@}PKzWD0uDxhs{B3!G1a=GmCX@Pzo>h^aH29a>T+?|
zt)Zujn`hJMOQVxJD!+d<^zhqmzh-sp;5L3T`tWZ9-8^|qR;$78)~Rm70sJ*)_d&R8
zlGv58kC=W53B?ULM6gv#&=4^Rok6{8kquF;U@aW1mZtG(jNXLcF}X)&e-wXx-Rfq&
zb8|<L?cF4ZqKc9EfHhNCgt-P$W|jTk>{RZ;r_0!A97OR5?3uc!;J9-fJU5=3a~2k+
z&1CrUBA72dy)M!iqN}-u?`OW<N@sQm8YOvr4U``9zOnBpU4~32qVI!E)Da11h3Zv+
z%?X7n9D`_Vkxh&`_-@gxM#+>u_}Stu2ey~KqstHBHM!eLzW?qj7-Gi4f4-P5apmX4
z_Fr|7?wjX639S}Tnq#M)MAv*@OQ4BbrhWDD#)kw5#)_lqi;Hw`Za`{qKRpxWaIFh!
z$+%hI#)mW-1<IAxOQA*@!}8D;?1lO}K4rSw&p5F^V+}k)8}r#=@K;LTJ3#JzarROW
z1q&(SW7<vi$r+Ni+V@=Ka<29eO_J|?M-C&jxB_OuVClrdpAU_k)RohBDm-VilQyc3
zMLvxE{ddtX)~^`fFX5=qqc;<IU2Hd_C+P!O1)Y8MM!0F$V$;UnVR#}}r{_Dm@Q%fB
zG5^_FV*Me&z@c;Z*zF75x>@KkyAM<m<%Roy5EpO_;yoZobpr4=F!_kS{lDrM8sd`Q
zx;f;z^E@mmWp>j~{tN=U^St;|{+Vj$Helftf0=U<%wG;Xbvji!o;hvD0dCdO1=asi
zINyu^v7J|KMjjsbF9jVcUv(9z|9d0x+rLNxz4_J1pY*2og>@=(j)#8#qJ;P9`_FjN
zw-xrcw+j_6I?lGXmbcF8x0U_Bz4#h1BmDK&W<G~=4~NuRoiVuJQ85RK?WYAmf^N->
zGD-`+w_TB`^HMW>)?!%ydpAsBtKzV8{`aBkl<hCnK!^Ioa!vx$;Q3^KvGURZkb<Q}
zw*TVtD;^NBPhysy<kT4cS!MW;bXwXmC%#_2Y&iH7F8jwpxq#>W67h_i3NPZBuT5VZ
ztCT!_dBVTItZGYz57n^H6Ne&+>MN)ocCr46`<^YBj_RK%-hb~E5;;c-8G`7W6G4*X
zfwwxsTx{RT+AWETpzr*Ndq9>1hD$Sf&{tKR=r4?eNVEJI)K>n+D(TF#fJ(4sM5gQ-
zfsb+tuI}-rvVj*p&85jn$D+uPB`vv}aj3^;e~iT)rcLePI1yaLH-8rztrwo-cSHb>
zRSP{vV~V>Kg25ewdAYxMRjP9M-I(Z4bv&23Owaj=r<{dGjRW0Kxz_4xxG;eN?lW*v
zRm~sKQ#l2=t}V;hL(xljtGSlA8U!fe?j`<@1#a^MotGzqj)U?yWkq?>g2WJs1+n`N
zk|t1xS{lU|P_p?F<P4TWVEUNVPl%Wwq2lLO_FA~$80;lzlxJmmO$i($gnOO>tfvDn
zeDIimV36>n6&0Ae!1XmUQ`l0e{O*e9q#lqjA+-9hi13ISx6MMb(48@$1fMvTPZ^rj
zxVJnAlR+efB+-b&j6{LNdzJWz(*a1GU%jT|y<@s9e>fg^jCLaerO*4ETW1_D8-yA@
zNJGGq@NCWYQT)UxeV8P6O`XZE_q4eY=QD`_6Pq%8SmTerpyaplalZTo2w~bE0~<74
zOzVmHo2s-GZM|__IJC`dIfL~ftFB3yTy^by(BOLc3$x|i%*Q1^z^Ps^NY=`^f$rs%
zyIDRXV(!m`{-%OfU?8~?Sn}LlKC5JQEcr382P&8Y2Vm4Q=(F{}L}H}z{o8MZe+)Qq
zt|#7{`3TydvLX#KAu^BRefiy+v+?GSD+mL-y04sCx>GHceAU8vA1-0%C_@?$)X0OR
zAh;vb-9^0WFNR=WY{Xx@0T+GqGbLuFJ`<1CHQo>zKLebb>Mw*YI0!H3r<(k}$Le+$
zPp93by*@a^t71?<lYBhG_C@jP)L;VNXTo(Fp6iuw1E~>!@F{>d+Y}v#w&INK>Gaq`
zC-v9sUp6~qSE{7c2og1~lj!U|y;95h;qJNN#b_w#$4kXwUWA=`TvaXdlO5?cO8V9|
z>zb7^`xNPdvPO`Noel8=C+!D2&sIynS5;04^|;lCuH%K`ZeE89x<Lkev|c{(wRMA#
z3i-Or2s0v3w@>Olt|u;dST>r4vADY$&{<Mjk%Sl<U<PD(>luPSn=KJN?p5;UXY9v)
zOqLp;+>qcbb#Tp`!$%*e+#dEQ#p-0)yx7#%eHA8ZYQ{Dkn=(KVa>Yny*LVt9!mo>-
z_-7P&&p6u1;oD6W)(UX$Oe8aHM{H<x#a6mDmkM(GLF3aTeMpF<xy6?d0Z=4}5$i&M
z7K|sqxD~(G(lS&*6!)Sl--_YfXcUVu%f_RT4`E9RXE~k>C!Mhrk8~>%V{te|Pb_~3
zh0hBX%S}XuVDCCC8p{Gx5dmwMiWolUlM&rz3yO@1GB|nZpJ44!p--ZWJCUMEw}M3C
zdZ`_31d<+mRmPGW#iEdkez9=UEb=xcdbdHW?+Q9^DaoDT0cFb4t=CreGP1B49f?s+
z7KSVh@o;P<O>3yFA?ag?tsJjW$%~#Nv`_3U##=B;bG%upP|-v#N1xZV-fNbEq?1=J
zmZ5?SG`Cv3lkPf^aVp1sgbP$*pQg6NQ*tPYDuk66c|kIG&Y3Cl*Gpp3#DlTv%(=v5
zW}4TrqD)M;u#_%M<ya!=zRFVh5KX?I9d%kk%7wC0@f$R;))Z@F&huYefOqwg=8*i+
zQ<4@g9X;nKE~Id-*IE=}CGj|Pf0iiI$x6u^FEjV9n>l91%#1t3Is$m2o)&Z=M7=4r
z1%0zOevC}G0>K>WA`xvku}_)O!$UE~ELT)n>5W$(NXMXvpNwhR;4K-xC$X$xN>wZC
z$VjDbsZ*SrX}r!6CH5J=X8Ep4^An|w)u<rJemRzBJ=*vtHKoyeG&@^>h`<pu_$`{$
zB2i=*OJz{E-zmdXjbb69lys;vsSTuUh8V4xp4bm46}qy*Kh;v2iXLIE_rQxnSf;FG
zcX8M(aK})D&XlRjOkMpv*NkI~bUsX^M1p4_nvxz%5zrDVLQfaHgf8L4EuobtjV{(n
z284*t4Im-&=p3nN_8>Fm7G`PtpC^?9c^E6At_XwJ*fS_Cv&K=063O$DmvDfh<@!?Q
zyt_=&a(5wtYd7f?A<vCsDy))M=0T{a1rEdp(Yez0ZDTa#=F~#bpG#9|UNEt>sEQQ4
z_=?ctq_C^Z<LWi1ar{#zOyD(@Gi2)oo0b*VTm8+YOPj^~7Ep;{CD;V6-h4SgWQjQ~
zvzbzK3o9mNb~9&#b-gC`v5EM|0+bLHQA-&RXWn7v(&2NOz&7){nc>v@J+us&`gK(6
zj`sS@2=|qj3NPW(mQoxURj#3%a!EkL1?VnW$>Fa)ExudcI9ZQl0^riY-C#q2FMUpH
z1x&^a_G05PG5Zky%>=}u48Q4S%D2uy{P3j!3(&+2r-mHyBU1?PZ<acMh^K_F_C#OD
zFDUP}Za`i08<6mHEo?Vsc?h!UH-0OD&5(M6(nle*yl8Orn{qi>URh~Quyx6Ipwv?E
zGVrP(SO($Ga{1IU47M~Aw=bissU%=)aynEzkPqlj2%m!o$h1D5K`6bGWj`?vwkq^`
zz@2Lh{IHD6JSyGF*MHY8y}4X4dwCq<X>24tdUY45&L010qK2x_x-kA4u-a+<JkD*R
zuXT{SZd%aD@wcnq<-%t)yC#r=Z?mzoXxR*C_ppQ&3N7=(1XVL9PE+wtwBV&cjss&)
zTj#5_Q-0)PW(YHzG3X<HxL)RbC3Y%@`D$J|BkE4uyK@oejh$U93IQI|wJi2#)_Z5M
za1JIE64|q`TJWmS*h6tmbPWTmzF2=7U0!}I07Wi2oEboc{Jy4RL6XNPee&uGoq_jL
zX-NvRJx;QhbcaNr<<=_Da1JwNs9?x#Gfn+2_vAy8^|zkD4VBrD^LJX4Tfu%Lw@EQ%
z6-we)H?1or2aUmA?q8^}Z)=~giwuUiSaaNv8%#Fc*Z43b-t*0Nhkc&nt9`TNEzQTe
zFj_*ZdT+l!$$Ar`I6+-T;omb7fiz85vrnU%lRdEThRyf)^MmSXm#{zGx=$g)eGhbP
z*m(4()+3m*6^S3|&K7;)=KABbUS2mb1Zxn!8J9KU%s%$XVx}-b@&2J%H;v7ekGUS7
z7<K32@s?VQ`Gga`@0&4t85*i#R{SGI(C~zZa}UM@q0$pSRIb1JZPydZa~76%rooXi
z%YdU)Ehv?+_TzBu<QZy<I@y<h^uANzL)vKbY)_Qi3g!17JjYUEzi_EWHGy+ZA1)-L
z5|>7}8)l*!I!i#GkLO%OZNurLW+Rek>(_<O1-p#Ee-QKI;o;Fu6&!g~)1mf@&$@9E
zfA4^*q3Phl{@mVv$KK(c?z7JQ#ICa!r}>HBccZEkkNkk=!Q;0meUS?G_S8-^qb7<E
z^?P<Y6Ara@)K+>`e;*yL$j*L0w1`Mq^owGDLv}zEQAaVj^8|H1o4?<Yd-igV=c|+2
zPTrhFXZqS`dd-EJZB+PyTK0bs?jb+_Uq!&CtYDgN30(AS{S|s)S%=z+qR*RAh>;}o
zXfJ$%Iqvu~<Bsx3Pp(@3GwY}V%-HC`H+*z;s)z59(g5tMv^d%vlZmaFldwfzd2XJI
z+;P1LCn0rDsb|v|6;sN7aBHHb5F&o2$+;2$i8d$z!t5#FC0){Ot`xj==LC+MO&P$G
zD#$YOT?J%SA8InrY1yYJl#y>^QMgOH0|56e0sLvLMX)cJ1xftGPq4y+U67}gt^m6F
zc_C`-Qp|OI$|AG$xg#6%2#ku1ioYj~5e3yjiu*lME(icu0A!tuIw6IYKmYFDjr=g*
zUVr>!|FQI}svMhLKvR8^i@Sw`?yT&DrZgz@8ME{u+8(6}+@1ugD(-8p8yL`-Rb)l!
ziuY~L_BC0F`_VRRY64WveZ_gu59}d&EDG>9bo8;Zpx!seIJMLB_3R!9Xg=x%rfg-Z
zYm8hSGvMYx#$(y%l<llvv+CKaG!M{(4I2A$J^H8oiqgVveXD7s0l{7FGHC2G$ldAp
z*F>Auc^KQE82DRY^;8Y-o=Li()g`((I`pEh>FDRq*&)%WAA1+9Q7F2fA<zhd5ViX~
z>l6n9mQg3Sqo&m6okDha7G3{?beQg@Hs;M~efRu#p3sM+{BfxEInMr3_exubX|4+H
z<mW|4-M0(b6XB(>SIfI$5k)ud<@qU};?C8g#G-)p``7gJ<psFj(9}NdcO2EOcp>FR
z|KaRT6NTrudx^r_KMD=qGyJM$40atuijUs>2XQ@NTkPbTKMR3v`xgowewco7{vm(-
z&?tS#g%H>S7rvJ;#K@J@ySS6Hu^&?S>bZ*O?;-*2J=Ca}v;hA+k`iAm*5s<b?D4}R
zOhwjq^rqD25M-v%$Q9D4PW;56V}vbtdGpzlZ39=ok<q#72>R}A_52~}0*Gs7FT`O;
zsl{{kRc1N?A02xfOBrw$z~VM8+!&tv<4|^RK&4;on;b&gO0eV8Zy3LcPU|7B^*3-n
zf70|L&$!5q^*=~d1%n**AH@@{ziK<Og-)<TUWFUPwg{z*($6XFwjm5j9xS5XsdSs$
zv{$|~KdK<k6m`wui*Y3xuN5t?O_Cu!jA9}-95%q<TnkQsk~9{hGwT|xdM+XpqN2!p
za7igwEqr2(xLr`}|G9H_<+U$UN6(?LG~L5#J!5Ir`A+ya#tz3ts296pWh~5U@|W?7
z`)PR{AfeKTlBibsEVws^tcm&zxHofS>8bAA;ZTl=e_NO3onYIl9bjP{pw;5)z+@d@
z)X2W<C<c5o{|{F_kOCX62S+}Js4;Dpa6|1_m{c8#E<p?%S{l(@LyN(az*ai9HCqL?
zQy57<AW^iCP`u6tcOp@c;4BO__T^B1T6VHpUS~BFFm%UKn3ZmY@AcET@}{I9`Vuxc
z+SjHym;@npHm;ACA&_4Qq^bs`JaQpafVHtN_Qe+px@*;dsVYxDUk;3;75;}~%97S5
z+g=pvx2@Jk=MqR6x*Z&AUVL_DK?KmPg>=MR$}25}vP%WH=o#`90jQt$DhJ>oanC#{
z@QBBy!-EnlC?GN$yvt0CO~eYnRfBOxMe8=`pCm&oV_T-?SFGLuE|a&Is*9~N^Pu>f
zJgNNVD`pCAizM;FG|0{=!olR>mjyH^9=2Tv<QV0yfvhUv$${+Yh;7UboxZ@qV}IRO
zrp>d1fOgYnN(%h5-!;2HGCJP|+l{C3OwIrkyDuYYsn{Ivi-ln{fxJX5+`|I>hNMS}
zFTB{&5^1*(TX?NgXts%&MawJjeYX2xUX52>W7aCo`xPRmQwZHujH611^9{t3HUKsI
zIc91-8+B-ad%^qwX_RxfpJR)EyDBM!QdV0~nQ&ZIZu{<PS)BhjINay_GsXfuuk0ji
z3Ak;OXo4hRRJ(`dnHJP-*$TfYNTJg!<-!m?-1b%UFbiUR?dQ$E30xl&s*=(AO$vhL
z*9Mk6tStNC@m8A>T#Rox3LC~entDUB5AKwGZA$Q%IOcWDK<;FkTYAzIAb!lhDySyd
z&R97f_6e?9mc`Q2W9P?obFyT{%mar@P!rc8SOf7x0(Ohoc(f_@4RvLl0BS#JA@(rl
zxmTm}i(X@5t3o5phlQ+l+n6DP82~X5{GQUNVxj&ZYRtxRplBuS%B_%Sr><)#+s%71
zoU%gdjDgP$5_pHkS?1qI`zwef1p+4Wkl}R_7^=Tz+5icw=j-2$<tew4dxR(Ox~U^$
zEw{&5vNNPaDw{cqtFGY5t;2jP1rj%it?V@;oT`P~xx*hM(5+N)c69MZ>x@am(tl9K
ziP^og7LQRXvthK&&<yl^kZ;+A;YWr@N5!%~j^_}u^xs^K@edn%>YVRU%o41}!S;BD
zri=B#*but@I^XD5Uk8?JsDN&5Jv@$jU#C>^MoU%FMp`U!IcY2vZjwfGLgPx4EhQt-
zGJt)0(TYJewZ_Y0nZyl0N$~P!qn?XCHJXmi(a1}(Nk7d>fNI$q2nX=ZxcjJl7EKH(
zN9jW|#_xhrj3_kqJ>Z^YLn*9SwF5n-h}f8yCEbi}MJ5S3o9l4Rmqrg5#M+?wqldon
zMkknwD3DshHQY%biQSyES5+cof-c`Q9b{#&p{AVIG57Bz({&~%(xDpDBG%$B<tx>o
zprk~S^B0NWZYm{^z7?o6m(FsT8Gd4}IU#QzK$TRnuiceLtRRBRe+qf_YRA}KGq~uM
z^PZd*wPteCmFay4oh~*(A(HF_vtGquN*oVwtbf&*x?E7LLTS>is+QzLJdJ3dJ82XP
z3l$_LfHz2sgp%Pa7CaSV%FVk6lys70T8#AEw_Y~gjZGllawFDK%_>QMZEhj(BuBkK
zGE7HCsI1KjnkO)*sqKHov9emLq%7%aJe`jil?sDdCVcf;NVreZP+PFMy3>Rrg}JR5
zDfW7vzXCs!`(}>44MmcH%!Z1PdW1+!*Uv#COY&v)Qj86j^aL}ngihOEiB%NFK=LUe
zSyb+#V?VPfIpRg=Y)7+5Z(u6Rt-_NuB(=@5{YXh@blh{G8B3Lnu{0<sx=ze3o(X3T
z;gBjJMwr3sRi7~2>45PiEsB5zNdzS`4Zt(oSK{9Iu?1_vlDE~#smxxMw0Dn5lbgC<
zA<09>5q>}iaEviO_?g*SV-rYZtfWGgk`x|&V4-o`Ue@kni;i7zaJcsK(NcLiPY{1;
zYDn-6$`J}Ff>{ra-x*}!{Lr5U+BfW~%eh9>>F`X<9{ulEM??su-Tt8er<{T3py18X
z*+l*W`r?^a89Q!?z1`A~sKC2|R9e^h!)dmW<B=j`&%&F_nwt1&d1GqC7cBtZ^!GBB
z4ln1D1IClfe$LcA-_0TBngicWk|--;4Di}nfCRfh1HNedi?H%bENQGQ5JC1Kw+@H~
zawgjB`UC!GPvHCg?SU~x+t;0ad&lAh8QRCyVf*)>gD2+}gux#qBne_Y|1L)?Na|NX
zsg5JY!kA^8lVf1#8W3nWhc+f#Fu~E86#eFP>LQNH9|NL{XSN72^K9}cgO)rA<>=@K
zVEe+=A2U1vjv~tfufJAvU|wAD?z$+b@(uN@f@O>8FdC!hV22T$h3tbhN6&>fjc9o}
zi3ww+N`ipIPxNI#GfS)a^6>{yLG%4flTAwh8E^~DpJn*!UOqb+Nc5P@n?^vU(TKJH
z#k=3H@y6reZYs3b@D3)W0~+m47{H?mEV~NYg1(!2TiBLSt1V}4V?Knm$x`|xlLe<D
zIyrLvkHU1M!_=j+l$X38T3s&k$rDgrQVMXFe{PY@QIJlomn0Wd3n<VO(I}OR2!1`Z
zFygBBqtgL9(%Doe!AmIg%0q23{=+*uf%EW!m!dtiWMfiKVrbQOoS2PB->#dqQ;X~6
z3!`r2fXT?T43{H*MpzO*r~VXiOBK%f?E=rg7D2Qj17VSUbMUq0uuQ*H00-SyFQgpl
z^AdK2Y(}DIg2%PqyfXbaw-K{}^KGoopD_*2PB(W*4|O%QxYti=K4)bNLA#b5dSF<=
z?)~bTffU`}mFitEb)Q39&2YqzY&Uxt%q>W;FlIn1X!u5xV4tb;78sh~v6dDzyo>2b
z{(~mkJcyRra><a+QD6!-+Si!<E<K>Hm?*h^pn<to?YWx%Y=%P8QGh8UR1oQN@5LLT
z><E%HVVH^ba+=M#&HHrnN+*NoiQ>aA=XfN>_Lm$mYY~{w9VtuF926vC_Dp78Bb<b<
z&(4^5MFq2t-nnsaycD`+U#PC^To@?HD~tAZlP>xk*sJ!Hq%e>a>hzS^$xY$#aYNys
zJY)%p$ufqpg4=qu5J2Dw@#A^<?#5Dr3Wp(L{nu_7@V%xKx57>Rw%%`ZFS%|?;|CNM
zW)?ImM<~(Ip{tP{buZ_SxuSa3qCk#{Vt?xdoG8B@J+Jx?Vt@bd1<x*r%f+1whWF%G
zBYSpdpWTntn{}qWq4FzG{k?MCaD-&?apV(tAPA%JY(zQ%KVppM%5Oha*}unr)9FXz
z=WUV29Z|w3@)u42K>!kUz4Nrfy|X8Z4~zmp={Lb*1}lieWq%upP~ULBTCkQk!&}$<
zYxn4EFVyMRL6q=W@&5GanZt+Sp3`EJpy||N@c&_Y@&Eu&qZJ=VsAp!JPqs-f?3_Jw
z5+Gd2iosHB2Dfed-vs9F9jfFzA5aMC8HdTY*GNOHik>d)ZJq}5($T$He6e_f^L*Fs
zfZPEkIL0HiD1I@`lh{6H0X%$`rmGUO;!mpb20aqW&Gqh5*+F*rSgmDdX_?Jyofl`-
zI6(&T#aqLNx(6w514ah{YgA^|ubg5t83Zlw!x)-Dvkz^M`iJ8_6H9mz^_%*<G3k%Y
zU=ZWq&VUx_18aGypb-vG&wD?TCG!89OEP^_CW65Yn83C^w4T0G{cO)9+mWPOWRyca
zz97aFGoJe<?tZct2YWC(RO8PLKycBWg;E9u4YN<}e0)!FIU_-cq1!8~v71wPZyHc0
zTl?$78Cm5g_=hyIxlb=cf5E&QIQ(D_naX^u>-+f8uY>y;wQ_Xd_BImuUCR~T1_^6R
z*P~Ri&)iu9z{tg0!6{U=LhHugf<-djSC4N*RD}$LkXRww)9<|hXUm#K_ElFgOkg!!
z4gbIc0(oD3TOn{)wSO^+EN@c_79gyY2mL7oqKtZrYJa0Hvi^gB;ZKL=R^Zew9{&f~
zqy5mY)(`%%Oh!hmPcK$G*mv=xWWRTxq}`PK6XgkJ4fWPL+0MCkJ1mP#g^DD(PQY&!
z%YTrKUt3Y`%{;$<o+<<TSMnSrA-$I(>Q>r8L~|ibarR7dG3_q*G?XUdEM{v??QF>3
zQB7FF{(Nh@=;!b`+fFCy=x6%D(V1-Feus%;+vY{~Z2I=Wd0juzvmx$*S$w_g8jXt1
zbF=2Ha+UF%=O?qR2Nwu`0)>}*v|^TtO_r|EkDr5{j}#qk1Dl!)26t2oui*LxlH{MH
z8s^p<1m&v~9?JGQ`;#Imhnjvj^&C}4WEo=v6=B;hambOo0_q<Xu1Pdz1_+2r6Aeh1
zs99v$5ppI!`!NO#Ns(|butS~30zWW<_v&n9qwOu7?G6V+{F2t)M1;6~%T(CXjdB@9
z@?IwTH+Qbff64Y)e(t_c6f-dLQ1+g7b-8d|E9=1Tj6nYQwbU%33&Wz&#ca0-TXruG
z@a8x8=vU{hofdC|@C02GQ!uCEP@E3}yr@21TjZ_1h4@_Q&$_&_6bHn9uxzlCG~-6*
zqnwi0fwn`^P7kgV2{k>Ht5@#s5tDYl5(-BBq*WKs^$IFtC4>p&z8NwgR4L3xF<DZU
zoEQmDobaxW2ik8aS_TZ=M{dh0b%K#W<pzc6vSj{<g>8aTb@ilj5A-Yv07^FnRpqm>
zJ_oA%-2oNMN{xrF%fMs>-5Osdt-e76MIij1<z!}d8@E^%z`T6hUA~+<Y(>F6z?tU{
zUSm=0ufwMuFUv3u!gKv~e*rz@6xU??=bQy-z#v#M#g|H4Vz8wn5Ld-G<?sMl*d<K{
z_X0HK=J5YPZi7{a^D~F1m-h~_pu+(9NYG!nRCU|rVF8z+%1X(ToXJAd7M_-qs#;fy
z;D_?Y_C_C~h5i6gC*2++D9?2!_ox<HfO&~vqHm^hQ}x+6b_I92K9l*uZg3U(Ky^OB
z(+w;Xh6tkp#6>agQabKz&^TWTHe4!$C$lmx<KN3FQQ!jh?p?~?HXwRUo0ER^t<@sA
z{u2FP%@RnGEyO{G?nmIc<z(+^=jQ8iuwSv|YMtYY<sw`Mf_IeA)mqKjI~2me%ReHv
z+{S?gEySM*qD`Qd7r^|~I-rz5UUN19%sGFc22JLTeYCgwezH6aEDj=f6VzyqDbcOZ
z&bToT-bX@T3%n`uM^}Q*AKOhla602;d~Im()a<bOb7tGhKzvL`<-`G<ODUj6&@-!O
zWLsBZLl(YPA?R$19#=M-cTs22k-jttB27pZxFHZ@SJs0g>861xr;}+1=%{DJ$30~U
zFF?dnE|eVCvXh|EAqhF;G*nMrSh}DEHWB?SM)u0}VRtwQw>=nn`E4hef1~Ejk%zJN
z15(|_yfO!@mXrNzkk_aPbFeI9Wj7T=nipchnM2AuO`t)C#B~K2T50sAiCUe2H7-jh
zoMK7)Uzq82kqJzNKb<?{sF}RKyfL%qY|fymKgZ`T_;(Rg>q0d$;6B0yCw9sVh8?%{
z&YHz$;wu6M>*cT&f*kEPCnxCc!HOP~6Ad@GSbN@KJSn$T%+;PKFFP!ZkTm4yCE!<H
zRXuIW(z<QLSffSk6Nxc+mrPh(D3dWvY-n+o@eL52r#S~*(Xs^6G>jm0sry7qCowqo
zLf%sAxhlGVTKc8PeYe8fa;maFbSx&hdNE~YOQM2saZF;Yphjlsj#UjT*huqg;xMUD
z0;Ux6j4`tM7#rh4MJh;5-BS|6{^f}|Nq%M6oRzdPp`CV2N*ZGP$vJ)fsKte;xkXf<
z?K=xYSKSRuZh>qOI--Z>-0*URlEimrx06T{r=F6ALB4`i<JS+`n)e9QVltl$;^VTp
zDfxtc>9{eHJTWs_7=5kD_d`tJgb%e=EGP1p%dIy;KwDJ79SZ-&LTC4^UPLIzEORMd
zuRurZPFtlQb!e64Cf)SHn}T#2Grphr9A>5mmAs-7g3yl`Ud2c+Ix?TKm-uGh_&<Cs
zRP?Yfbb57zROI;ntXRh0Gjp?N%Vi{qNI5Mitn#J)k8oQWli$f?B8>BAP`xPy5z=1%
z#x<Bu4(nHDn`dl9>&$|BEK^k_j=^PUMiDnYVto;rqpzQcT!{CBC#h8QFv$$x#Ux5p
z0Dj)_HPN|*rDcqPSG2dBhH{+mQd#_Wyt;U#PYlW|Y4;O^e@aJvf~TyEH2>G0hFUgn
zZd{lS%yhkyPHQFy`mfQd2F>VjmLnxdLHtg;S9pBrP=~APz9l2yaapMdg|PTZ4vB27
zsSt!ghjjBiP)9knxirZT#Zyuij}I+Tz_MqI>xd{a1zRTXf)Pa`7A(;tcSx~{IkeDN
z@xa#XnU5&xf+-8B|7xXvX*BeDCdIlLw;7Km!<@-G9hl{vShOPVJFgfXAQdxyvdB@T
zv56pIPydh^AoE}jEIj9yOmP3R4Dwro@~a|{HADXRqiwSa{|6#21g>!-B2<wN)f$VA
zd5-CySat<wbGoS8Bp=aCsSG4=k?5oD774bTaSAyR=Y{ynf*0N2ZYSB))e^&bKSf?E
z7n4Vj;FRDLO+<4RmK;*VpTOCE91hD$A(B0;-RtjrtvZ!vF&2y=S{f;rZj|}_B6J}D
zuERZ90ca72-pT@n2xA8SEuzb0AbC|eSN8&{DmhJ^n|j@*GYDWsG;j_d0W6Fh3l|x^
z3J0aOf_LZo<sv_5zk7fl*OF?I&2%K91yexN?Rn>N&fXs0h&&&?@(C^{?+?WkbOteS
z0xfaV0c0gpyUu`E;aH&ZTEPInDoStyf3*O}Ci50Z5X~jPWP!K^j08(s$<^y3v40f4
z5oo(65lWSF%q+$pppbWy`I4H_SN={L-yfFVJqd*1X$;_aiV!-}nE}Y9<wQk5=V4Lp
zd6#MBfw2+!3Ov_Xx+W;7`*Mnru)&>y8D5zF5y5U@1@1&Upe6|Vc#!OqG9R#cPcN=`
zz2?9^ghc0_!6nLtlI~JKetjpp?y42?E`1!{=<!aT$^}}j@G^uEVFr3}P+-3G->8vW
zZ32yna7TCWL<wn}{@Q(S2@GH;Lf0ADrQsgjm+(6vuzv|NYHyBHMm}JWWI64~5K*kI
znyhQNk`4A}Qo3kF&p9mXO}45J=E0kAng~FA)&X^`C}{@^Fm*U&`?5^fy8g4J1MvUk
zVU2?_55RK>x&>U(xSTG3O&^z^YmzHiS1rZ+Ot-;p5?E(>3STwGQnXAonb;wSrOqn?
z*UWKO$3_cV@FvWw47r$x_yZOYq26bAKddB(z@M@CF9kI4GpbiBAc=hz3SabDEdt0Y
z4XVqGVW58#i(Jm!i2TiC79^oSDoE9ffzWE_yKD29<Zp;CWnMSUE{yT;UvS>DqG=RN
zi9u3$)2f3{E;lU-SpRss{|4jyuBKJL#E&kmkiuK=f;=VRtEf$yG+U_p1~1WUNtSz-
z#cFz<u=wW(pZgZGuCAfwl><kbohd<CI&yv~#_gZ|H@c0s@HasNt;(qk_a|lt7T-U5
zze*RnAR83UeN83Jsn(uO@sS(77qP#XEmomi7=EKcVP5*9%wIw0Nuke58O!U<40)q;
zALpNuy~?xlYrUG9H^UK=Gz3#I>Y|h)eeLAqM=T@QrzNFL$P4rylWdk~aOmcR(tCeq
z{UchoM5OFiPa!eQc*|p%`gVi`V{nj>z87=DQ}@;)E#$YxKKYhpT%SfU3>7-0Ko_j&
zQ!(~6(7s_vEPx}uMVLnGy-lnGXi_n^ITrH_bo|u2**6_I-7>J8xAj3l{Kd8j_oA=x
z#no0fx5HRg_qGQc=Kv+xnm#ZmpEBwc7U6!r+gTSi`SV;(?Qi-HU*nPK-bOu8deYIS
zp{FlC-cXZnj4n~GooVYipJ&3J^6>1Q?J16oADnb@9H+0QKmDDbAA4RDHTtx3XYovh
zXH{*R{#5qj-G30U3&0t%bwsgz<NP<ShkGmF=)C)1#Nqq;s~tasCfIutDXjk8d~y`#
zvE6dveN5l;q_b~#G_zm$>*-Es%c;uTpY6rBzmtlEitMFVcFs^vvV=%^DHB^_+PwRZ
z7537}0i#i2c{XSL-kTP~I{0DJ@F2;!`m35bdWn@OXa7>Wz-4^DcpFwvdrHhzj6E#T
z*p*!YYUB8eAugI!s$!63^u3M7BugABTdPFJJtf9RWFkl*6q8e{E7LDAezB@sFhsJa
z``US9>HAQ9S?ZsnP^j`7xor@VyvaAbuE-C(JvKo@&Hr;(9KCHOujY=5(NOH_q=jwF
z{-5PCB{pF`o(fnjOM7PDuW>y*rEO!6dweP898(^Bb{+Qan>GrdfUZdVMA(8MLBRne
zKSOFTyW&F1_iwW*-L*Ql(;9I_QOvG(JyaBBRlem4Y(ci>oc*jY@g3mS(dgMR>(=*O
zkWo)5u)1g)0(K``nLxQhmTry+ZY^z0N{b>30|xFJZgFewUT#B7e;6ntYRj4IZ=5}a
zHSjLLU*)>F=HCoIuUn+k*}?aZBwxxm-?ebHUZ#Ssg&@KgLx7ykf4K)rmU`!lmrU3R
zhq?Z}xxc4%yP4^c)4w{oW?MHyBgXgd(_gqBNvN8tadYQST@>G0jbb~O-0g_sSjw(I
z{|70~f7RI%zI(wleDMf0UOP{Wqh@&i1rW|2sm@>UoXPwDi(2cvT4a;b-HAJ7XvW!<
z+_*`-b9}R{EqiL|T=?wIi5fs$R9r|dE}cFJKNjv(4FvXaYyWJ@#ls_-h)~*^K!~&Q
zza7`_j%um-9Bu_C;9A1t-Gle%eyyR)c{WiCU7jf>ZvVQF<cRC6TaB>h!3f`SJ=)st
z^FGrK${~tE+`oAdMz@2S`^zdS{IGw0-4OR#Nfd(Q+M`S>$wry`zBh~2KICi?n<y+y
zeR@?u)MkDBxE}tva&%%-J#9*iw4S1<YBkTYM@BjT#jAi+))mkF=xZHWd;d2iUlGc~
zM3nH@bx(h_@O5<z&%GtXXNoi=^sk>CkqJ3E{sMNS9?X7TiZrGKZyni*uO0q+BMp#I
zOk!a-b1@S|<(n%KMuqi*&pA0Js_#u?C5nw`ak~6KDGUlcW6{KK-mCA`D*CMkH}+%_
zn9YB*hUS<=xM>v(aQ}SW@lv47J1K<R>DH6@Y#;Ec{B|qKqG*Fe3Ko0m9W6y>@hs~g
zq*XUnrX>Yl@h=KX@!+$K=nlKHURZ3pq~D@>33_VC&oIRus{r!f4>am@5Rca*zUUz9
z!558(5D0mQ2Lgzj3W8uOp4c08NO9lU+lq~8Q_Bg!JQD-r(kl&f5j9%4?uP9>V?nLf
zTEi@2y9Pc2y^RH!viCh%0dlZwBPy!}_<F4<9Jp}{Vq@70N_3k@edl4fse0AF!`e3h
z&V|4oB?zSC9#Xxk48hO!MbthaezNy!@0X94Gw`E^Zealyc9}9i1oSxZmwC|Q<s2nn
z2Mh7}zoHmGmwXuCmjW0Z#lZv|_{`%Xm}q3*;W&+EYnlK*Vl7n6wEOY}*>~tyn0bhg
zn*lz^yJg^_HqJ@YT2BFtOF$wSu<1rwiN>vUO-%T}Yif3NFb|L+^xn#S=;pR!bW~L>
zAS|ZOSq)$@{<1BY2EMuOtzie>YQ;@-Y<bP)u0nI5DI{5;{BA+(AGgW%7e~*S7v6vu
z`i?s#HQ0GYLcdKQl#Ae1#UDX<_*?);MSDKFZM~XKGP{~{f<t`S0&H7iQfo>kFw)@D
z1f5n%yV-$hYjS-VLLo7Tm`|tBN4fc}m3dD&7Pbj;om=FU?RvfO98l~!O<e@T>n-w9
zHsXLCV|YbKtWPgTVvaAAO|vdo6QyGE>oz)s+}&7@SBIf=`I8WgziVm0hDi+pX59@d
zztB$FD;M@szod8sZ&L4#wTscs?Om@Hp)+P4v$`WLDyIC@3SUj26C;*N#kOF(OL-aS
z&V+K!yCl4^pAW#PVqy@>?cv)a3+P@VBt5X(^aEdcQ7~#1$yBYDWbKZi68*^=$`SYg
zB>U0pR2v9olC@0Z?4DAU9gJa3CRtJLBwwB?^+6SqL{qzq)dR*`PHnqX_75wA>^<>D
zSRiV@z2v1vTG100F*0@Q8(u~O4RN9iZvHxNIniTA+8lISGm@p9m6SrYug5%j2Parm
zY_UrmWp8ty!2YP$B!>y0nZ~5kErll><M8g{dJwiNww13ws910|f|aVXce)`^S(Qnj
zT`CgJm(nm<S9cd@AKG+0m8NZBP;hTY>EJ+;kznPovr^8&j6AQ}W0u#XFTyIHC)rqG
zlBSzAH;ByXCwfOQDZLeV;KqKQk@jJ&$j~J1R1)RmYf_Wb7TRBMVEZO$SDuCqkH^R^
z#JU-3^CKCTd|06EA|*_`4=v$|cA_XaL_+`<jaHSIZWR!rl4Qg#kTALqPfGcJuR_K3
zbFymCvX5Diu<w|8^6MEhkmxb$Yfu$&@;@!cBnT=`U?NvZ(+Wd*GyeK8TiYw6x6Q8+
zH{wYHP8+Di4$Iidi52AsHA}yQt;RC4H*T9<c{d$P>Ah<vgXF)L%po-Y#VeV=XFMxb
zTSX$)A;;oaA&21v36*&AMYt9%dQ(xlEJ2|AhR#Q6e4DMhpf5ZnTA%2<SOOm}C|_Rr
z@^wIaAeoz*f$D(b=9k`dGKBfJUQ&CiK>d83l+LP+ZgpbMsxp!oc;3S+Q0*sXmA0?h
zAYD3MC1wT%l?#cn38d(F3bxnG(zG@#EHGtE>C<BoKHlsd5nLKKJ*yVAPAobmHLN9v
zB6A9=ZX?~EsTaW9K;&G)1bgyDGlFjgh31w!u1wIKK4!KQN{dC4DsyNM(M_zBP}Q30
zZR_aae?dZNEw6d5$C9wPL%N>%Wr;EdYEjU#l&CjyS5}5qUIMEup>JhMI9$FEC-A8}
zH2ZkX!k9ttKqW(uas3+W64a0_I+}}GgUOg#RDt$;GRj*z@)n1zu`x4=&1z|k@AsNm
z&IGd<xyU3WxuQ{WNkUBtd1xK8Sr{+5E6w*x-jMS#4Wd-2sbN5gxmCI!DZ{U}F#d#q
z1N|=|e0vv3rQtfUf>)^E$)ZmyMM|=*G?q7$h;5nM-6~6djqRJMyUs^17Y3T&l8Vjh
z?w5<+fkXMrEVYX;yzgG|m-6RVncbPrFs8`U;OQn_LW>CTL1Ql@Vz6FFV?R8?KNJmr
zjb4G3CXz}CGx1l;_2Bj!yeA?a1AN6*jhCe{Lktop*UCxwNv>5n2eOJKNIs%;A?T3K
z7)vS2v>*?0M60Oif%M9cU<^GeUTO>a1uPzdEr4&0cLC+Z6D2Ba<|b5WhUYlqOa76p
z2oN2tui&qf4`FwrsVl6uAdf4+aQSUcEL=_oqG%-@-fxAF+AK!%AI3V!0a;U(>h-2^
zQdeDFviD<xoV=(A;?m6m!OSVe&g(5eLu#(tybOYY!#>cueG>@3t0kkcVA(LH6BOW9
z`Yk8=61KR7vMsQw-PAy21+h&5-vKisCri)z6$K{Uy;-op_VVW;fA~<TDQ!L^^tk-e
zMf56RHTGoopl53Uxype8ZvC2t)Gx$fyHG3W>OK%fZ;QOaDnlU8|D8Cn4S4`W<Co7i
z@N&c<De<Ru<av*s%2=WAro%kE{DwUHl&u3enj^iiv2^6p^f=a6;R}HUQT4c`rJ#N9
zPB1VTgZMQ2q8%In3o}#j$N&`KFe%@r3H^@tlVaps6}jexz8#bc>+4|Ru}AxoCi>A-
zy3AK$I@JHG4_Hd%y!y)RD#lmgrPRVgJSlJp#je#(0vgPUgyEi2dAZ1lVXMU?-ofx{
zzi_mQfaTOZdwK4rB@{9xn)nt-XfhtvH~3g5_$BWc8?v>2?V|z(p{k<N5zbNGGMn-2
z1J1z~J_6r7)>Tj5HT52Y)F#)*g<cu{wq|L+brdtJxUq!=LpRxfkW9e)!6CzwF!Bls
zmU#LU#zhWNbhHCP^pJb%h6<r*OmrOyYkhemERR@61QX7o2wCnrShM6`GK|Y<CtCUs
zV$kwAhIeU0VB&WkI?E-K!%at{T%)Lk?6!L5&y2p8P<6@LSdLZ2tx<uiMH#o~^zV~0
zPmXFUE(HxHou;Q6#&*Y0ZR)S$meU`3GJRM5{h)oUe<81_DC7GOxUw!V+afc#6GA5w
zdgCeIr^mAIq&H?~)y`868Po+aEbfYM#kdb?D@!M?(teBLk6I#kN1b$rND_Gbq-I=`
z86lM{M22b>kNzlU$86HJ1Z+IfW+&G-v<|=M5lgJx_~7M1N6zc7Xz)(!-{3uO!ZFS3
zf>w%n6(mj4DD97i86JI7;`!mDYX^e+Ed|R-1ceM~;mKK4RoHyOUC6wurij>5V6ND8
zg~IS~seAQ(^S+Fxu{!lxGabC|ktOf$W=WKiz@<ovO>|`@-bPzawHN&C7u(qo=IgL&
z7PC<&Q6G$I>VWMX$~JDck1lo!G#wZBZTj7dyyF$O5pf7ogT+BH&?C<n@|N23p}wIT
zPE#t}%8EN}itdXMM?Y;Y0Il$nwF0_L;%BNWY6(EOMRYj5II~t*{E)aDkuWzmz4ZR?
z=_%jaIat8G{K@S|>(elg(W&tNAna#;m(`&TwSkMn-cH~A6Tdp1UqfqW5j;PmKumBb
zs=M>==*MM1ZlNE%cX4N@K<bcUwv+H}AiW~o7d}eU{Pf`H;cmdj$G=gCv&61rwbb2+
zPPHrj`Q!gCW+H0NN9MM6jHvoKzmO&O!`h+*oMeAo$Oci6te5r7_6%MJM-S@mrX#~o
zG=1$)4w+dojPBQY_-QBX@P^^QJspN*SlUb#6CUv#wl|yajcv(OT#nDjR`%IIP46Wu
z(Lf!&gt6#8o3$WqA1VLzSit9uL6Vufdx}wb<B!Pe%>kOTi-;L&fB@i4Wg9CX{lvUc
zW%AcKHkudQIdezFYf$f#CTboyJM^1kQu}YdB`vH@DhIc?#~B-4Q~BW@+3LwisrKp5
zjKI9_SOTqS`6t}&n>gsktJ+I2CZd)Z3HX;8dRDegH33DGcu<ei-?l>3r!cwcc&dD?
z#LOwwi>sq*Ap$7}8g2gGh%&l@MY_-yu%s}fX3UR92)vma|4v=|Fy#BUz^K`(+f%O|
z|5JG;grTV!7?rR&3^(nEHN>b@-Oc>Hyfi)WFA6=J7%8cH-Gl{by1$Y@rUNs!^878p
z=*XWXD68d;a-SFXhMOOrU;Nd$s&LL;eCVNWe^%tEs`mJ#6Me?^=`3esVex!0aId4#
zbLZq@t?42H$Z)k2aQ)%i&z0G$ooW9;XlK<Hix+KOi#YCw-|PFmB)<a^!Y!v6Ds<xS
zmFno#vWJS!g@Hg@y~sc6T=PS1H-ak#lG#5$Tq^|SSU>tVk!_vX$9gV=A@R16yU*N|
zcLxVICFlc2uPJ3){hooVX^akjXlgwLBbutk-Q%8IfA>^sXHB|z*ft+e<`mYA^$dQV
z{hPFj@8Sr7U5UL%fhk%Gb6R*Ar20i#7&_1Jv`?LIk~{S<pr5Oq@IHEjgJE^H5G7Qr
zDjLo<WqSOEV~Ly#_nxBpTZes_C=1F}qx-Y;0Ma>uf-hq$KXy=p_1<m6rHjlT`9b;~
z<P}R;+tmWl!zA0`i0D~cxc47~@kPGc(v;x84uLP~8@+4+Keck7FdP1fIyr|#?L2B+
zkoHi`pgGI^x^o~SS)Zq<YWs+_Z=!@nlw-a1)dJCQ0?9ifCOQ|xhoPtCD-SnFPfF)0
zu6YY%H$B1&**RzuZc129^bSeM3h<Oi*wG3Z8kshyDaR=-C&f6$dgsavEJ0+`1eM1}
zs;c=8^*^ViO43+AlvX~M%v=@0;08w-I8AEAFi5VCGVL@6TF}iaJap6m6_U3TES-&`
z(`g2FnLlH|<InJ>l=F}JzUmQ7Kun<-f8Pe-NO@DaaSpJ8dx7==oAX!NOM-QJhx{kX
zejP?Y;ub}LFNf>R@>pi$P_B(6+P|b;!t#k-wZW`Hx5h*mm<c3gc^R~TQNXgiJ)NG-
z(ejD#oXJe(Q$uPHlvLfzm)je2u*IwX^-iL3vSO=NdvsNRWik;ArjHV6Mi%EWAl8@$
z?}CCk^}yHX)?kl->#OTgK@NyocDXFsBK(z~mPnNbPt_M~?}k?5o_VJ4NMLY)o?=W5
zo?3Al@Bozu1HJeyOiD)?_`|AdO|H#xG?xQ%NOS2nRrMsf8<kj2pUEmq)wVepa9<I7
z17;h3G#*_8cg*`+FN0~f+2U<ynR=^?Yjn>9BNkkvmK<OQVI{Dw`c(>SD|qVFB|s6#
z%+W~xP0U1+Jo%ey2V3Q6%qS^vKT|EJss$?|zr|!LmGcd7E@5;{oXvf~hDH3KNV{`T
zv&gN%&$45ze1u+g$zaEp;t)pOPm)?KJ_*i2dBMR8FHU$^tX&0U_`dA>;{H$yKe}OL
zZ`1%t^GNIhY`4^`&^d78Wne`xp2g<PwgK<LZmFmOqiAM3xt5jfAuMAxT4Htj?O(wI
zW4jP?PwnyMmDPr>j1dEg_@rQEXu?N{Dp8uJ8o73po0uvK{gO<)pmB7F<rg=iNqeG<
z79?^;if5b#<xcKi(wEeMrM<Fuhs|VHF92IGq9f;9&8Zm>Es}*q9(rLP*9C+~SzOJ7
z#5kgoUJ6Ua%mu(vP>v9g7O*~=>=*N`z#Eyl8IHZvy2I!_|Js&+F?Tb0pDO)WR4$N)
z8ugB}(BWK2w?h0*DWaul!|v5WWD$1pdN#q1Ia!5y>GwZ7gswIYaa>c=1-%lZl#4Xu
zxl2N1U|{&n+yj|NpVwmRYpd=!=X3koK$=$*iQ3=zq+1k8CDyDI!m<y%Q`oaED&ZE)
zo10?Su;K8>f=LapN(N)#m;i$h6CA8cWtM@`o3)uD`T`%it^O&;Kwl@N+0|EBlj~|q
zwlI48<eR!u9H^pE+3(UsDveqw^`+G@*@Vq@v~$9%;P@^@?svCv#HK<<nh&=@c2#`=
z5l^h8rlY=O$6JQHYi+4qd&h`j@U;P)LBrBAEL=1tYs|rlM!yuWejx5M)FGrsdV+`}
zzN8}*BT){8T%vXtj?T;7f<us_j#LW%vC?_tKL}v;XZ&@4lN8_l`;HEkidk>iN@-GH
zpz)U;T<701SyTO{Os~UpW`<ugN0rbKR7x{R8rG`x!PrunK-0}Je|YqP222gFF1X9X
z3@tto0bH7_b&*XM1{j+vkrv%NtV_3^s=Av+J%(0EkYR8oT85=^Oh-?=uaY#2eXcEs
zVc{B{=)1WE?)HHe-FhTCK_GdQ+5Ed$?9KKsy=cxc9Zf@pc=OqOGNP{ER-}O=Pt5cX
z+(4~C(o#xeggQi!ZhCeiI7ZH}N<QIpbAQFq^@rxtFcM+3So956a0;1qjx^K5j1KDb
za>%8{uu+hA5Yh10ENhTVOo%xD<(WsPC!7C|qw|i3`hVc~adwwIi|mnP3t7k6TTVvy
zh$wrN?0q(wp>wj16q3C{W=2-y$X?~_Y~SD8?@#U?pF5xP;Pd*tUa#j1?#=VyZGj2(
zo1+Jt0y@fj@PI`mf-B@TJ<U*2v;ZM0Dm#HQoQIJfo5Q2ji7E3tpA_{McTk1sa3ptq
zRq`X^ndzkuApA#WtNR=s)oo(}$yr3RxkPE$L$J3uywbz=4%sD<&*5NE9?82rqY6&S
zD^V}~5><`H_e6$iV@0vP3@{bDq`wgX8WF;r()WP(nl#8Pe}blEJ7-f<IpCuXm$)S;
zC?l`J;Vr)2C<D?G)H#LuS*G+X&`v=Kqt3yIuO6y~%i|_QqL|{e0mw3u&J+=U<o%ea
zyaaSI8=<1MYo=m_qh!l}5FT=6wpA>}lBVG#5z0q^ZRC!iU}G(rCbf%TI8F(v%KjCh
zA+j73E38>O5=X^Zv2Q3>rDv$WcB~yib}V@3#{#qwIXwswvEUl-HcsbajTFNQcoT_-
z>3>qC)Kg<*+v3$D?OkMnc4S~|#jitA%;-LPN|3`HLK37Bk99hd{z2+K6o7KLB6Udu
z$6=;ygcw=YX<)L|IH>vE2iqhjFjFZ8uvJcn;Y|vN2}Lmnpio`_sB#wv18dW6jaI7N
zLR}ws5jR+tG<c@ey@KAPgLo#5YbkcA>4COH60G-@VRutsI#*Jcva%2Z=()|)YV!#U
zEE~}j<vtOO5x~Jl=ZmJQch&q})4Q9G3%R&c+y^5LWA>Y6CU`LE2jm}<J9ZOTYG%2|
zVEyi94hAgt9SClkP0K|u@2i3XQt!p1q%9x%>gm5r8bjO%@kSP$AE1J+xp+SZrkqVP
zSyc{rEdM~ynTZuADn9{$E6u<`D{3B|)N{VkCo&EYEH|URj^BSjOLd9`t9@z%^z?#%
z?g`))7Z<FY0oUX|$U_9ZGvyOUaD+u}HE@7rJ~jmQ;@2T7un|o=K0YKt{gEm5?`c<-
zx?g`J=JNjkveESTo5{3S^`h2`on5f}ho_KP2N+P+)oa9HDX=M_rb7KiwOlS_aR$`w
zSUy=}dQ7fN$!+%jul=fDYDOE?Q^r|Zm2-sd+E!;tO2D-IotJ@Lyxt#>r&2X1D4x8-
zjT9@&APKAh>aJOCE|6OWy*N)Hxo4`z;%Jul>jKPEge*a*4)ZX6F4CUPTLL4@%U=8$
zoc3Wq2vWn?GK>k*o}Zfcxhz)1NKiqwOavr&cdJAR-{zL9bQaEAeuCt=_M?>VmczU=
zxYgi}idFCs>du=W&SO^a-I#N@g`(G3_Z=%P)^m&qy0ZTe*||(Eo7?x%_SOe$J(F*`
zx^eh^t)4_~uCJY52nFip&Lhnsfu4A_q7uCWF=e(NOO|qxu%hw<w5dT+L-yNL8;Pde
z;TxuU^o2u1>mxsgwiZ2Uf84vvnJBKd#^f;*cQd3_U!e&WHkPIEG%qWp+(yJ>HvV)6
ze_u08??9xCcUC5!yywX7AW>6TlagiX?U8QZlc&Rkvs3p+(hH+>af{-Ep7@v5B$E7j
zpVD9Cl5EMvkQgYY3$tKL-X0x@pQR+T(EPM?u;W~YlyI|E=|2iJql*t&m7-HgID;k2
zK88>}YT6>sLq-)Q=GP9fhS{Zh30-^rv54<heyo!xVG80MgU#b0O~S|eiFa?8e()kn
z3_GBq;#0y}OfO}vHOM|D!*i1laXfZRRc%iwD15Jxvg|N^th7h9r?i_g@+>qXH1TZI
z>v((g8N0!<5__Zn{?lh~c85Lt87BHxSC&><JszEop0s!`E$#1YtmHojOY;V|JBI!!
zMV^gbfQ$4AbRxL&1}KUbXNVl$8t~`kT)m$;QBSG)UywV(=57b^kvw}&mUCVx%YP7=
z%g_^>^MJk~kBkNH(Tn`|GvM-E<URiVHhaQ(?D5)3=z@RffKpHJ>L}3fU%<ZQkE6m-
zv8IoKwEVQf*BA~JC)fHKZr1%%$~!50z4%-tVd(SDn!?I~=aEgKXAg<rP&R2<-=5RU
z-_MVyeY~5@4!zdizv<YbBucC)`C-<OFwnFWcNi)rSQjXN_L_&h?L}$H{8Ax_U3^$2
zQ$m(m1_`z%(Ld5U4<qg+VV@)l_ve$+eMre!+U_b`_iuopoF6OPv=Yx*Fne>_hYH%u
zD7zBo4=9&Ij3q41S4<Rw@2xufU}T<D>p?w0p@iL<eunhT9F@O0fm~vfwt4@f6V?)%
zcephFr(K4O!C}|JYsHF$FzNvt(w7+;M_8|Z*OxhY<HDT9w-2VQ?pNLAuHECo_Q8A1
z1|>e$!$L@B)au{6;ji~_r>lMo9WCWGas9PY#f?5oe|Wlr8rVAi<zWxC9<<oto~qjt
z_lJfX&)!V~1e0Fu{hRMJ7e)t96(@H2$Y~xlaE}gUHC*a|z9slvtV8HSQ$q_v5YD@y
zD6xhn{I#{_&|mfS32RN+FqOWHfxbTJ%)ZL`OX=m8_)w3o&-*K93T0ajKMm$Css4jJ
z4n6qxAB6Y3{ZU6aphI8OobxZ#zEt`*x9-q%0{oIQGp1kPNdd7Z!=*hmdv$MR<BQ`(
zNXNhh`|g`@8>Xc-5rs1l&eW>w`*Qhfd-RO^xcaE|sBjzS5i}aw($u!CFk<6_J1aP^
z#m(V{ID(Q_SKYM&Gp_aZO@z7~p0~Eu{<dyU57JW1<$tS7Ig0BO+VAaTcKW%p^Z_!Z
z=k@7F(!5wtawp&k$_~@$#y$0-TYQ_h;8BKsdgPq__)mI}8T3c82yspaYFc9O$JY9@
znx90G{Io<4NtzpKiV4AY%-FjA#XJvPI%sF6#JMY-FjR<4w%0CO-uuGO`Lj=`J*@K$
zG6YpP6zur}-yg{qJ><~ydS#DdbI*<1dq_Tdj|8tk$4CEd)ZnrMNfi6neeUlsex4e_
zNaQ2_$<D<-adO<@h(-rjUm~gLc;SOn;UA-{av|xRCVQvx9MTL-SvEf#mnpyZ*2<(o
zq*!tXYlIGUYlj*>ri#f-Jk1tnIZKIn8x!2PknE^)p-Si|wc=P<?!(X6sm0~ZlO{p9
zSvE5{<hj;_yG*t9)U$M!@9)3$Hc5ldwltm8b0ynTDs6C#9%KN+RtYM25Ej+iPZC!e
z#fhAt-2-~}7lYSG8$0?iG5k29;e<UsOUG>{e2cFhP*uwvyT@FM!2^_e4obccww<p0
zE@tnF+wUBdyn9Y7fkZNBhAj=+f#-_PruSmv-}yP?V-rkI?^FWkf?!T~pp@OyY!9?L
zV|{ho1p(iqV9a(>+x3ugeZ#rgwSRP$uwAQi@~q0O_v+AaF<!~dHvvp7;Xm`*=<xN|
zWkBFj_JdmzatZ(~!z@Zsn}?2T@&3ZU>A{k~{Imw@Dt!4_$>Qp1-J{@Hv7X(*+JHyG
z+WW^N&kaBsl_OT9oau+WM(L;W4c8L7UQL%#FDrwzB%)9<)RZ2`%%LAwFCE!|0#fk|
z9qkK1maSkaY3891&Q2bKaswmqo@D;Od>fd>Qv(54F!8=Zs=BJ+=mNwkbsN055?m7!
zS6W@JHt518zDjwCk4F2NPo?EISQt!lx;|WE^q%8WbHN@u;+KQ@;_O-XAShzsSxUjM
zlZ%nQ%g-mdfEn58YA3}{e-@eUW)|y*et^f0z%J&8^M0$I#bRsU!|^Ky<0kj{aXeyr
z{Pc3E2M<kp@FGY{#pO0_5o7#~ym6CFwoYCZFS-2B&5f*aslXI<r?xCcvJ6ph*|UZ<
zzw@IEMHfwax`Yc2#?NLFMDto2r3KYbnL|@$npC`0tTJ@v^5rnvurD8sZyXuFj@7l~
z=OoLrwWJi_{x%3;*?PS2j2DCGm05ZoIaDPYPp$9}Te1Eg8>UN)WH>=Xi82Jj27!uP
zTq^;NgtLrE#?<#OAJq^Uq<m^qH~8$}A+0oo%aLkoG_Szc&+XYw2Oe~>;@>vT-x!WL
zj5$4VzWI&uMJEPNzNXvu0)u3tI}}1#@q_xmYU38LS?ujJi1ePaRv0eAzJj-l`T@Z}
z9HF0y$$+o`2Fiuky=|h7Xo5}Qx3~q9jAvoVuS7GQu}373DP201JMX_*^^m~hgi*9?
zVbxeT|Ku!#rk<YEDwew+ih*}?>Q<u)rpCBspm3rn5)K7Lzy?J~u7go>eR-p&Dw;If
zTxRm#wKrn<t_L+Yx*j=dx(>~n^a$y{Jus}fmX|B=VY@xGnm62;XHp=s$(Hsuj{W0=
zi78!k$qF5*WKjo^q^C2I3kp;6H)Sl|IOH-;t8Ol>BCi`PPsxxi9yTHegNBFWbcC8H
z!S=uD-(3F25cimYO_0Sf-P7_2S$|>_1{QbP;Y*%{RMF~bLn@ykHW>&J657nP=36_4
zjt!5Rxt8@v^Jp@7i=xVjhO-&rBo4jWaaPAJsD1$Q-cx4HkKa)iQi(HVni4E-47~>S
z*Iwz+HOq_%<j`drnTraqsY$8WtxpNSQ<-NTs`cPGV)hZ#1q4%S8bo1X`|jF;viOjE
zqqqJ%w_1$|Na(3=wCuqH-FD$G-+xt8ekG+9B`W+?$4i-<h#*+W*CpUaG!6Mc;bauV
za+j<zdR?|q5ZaW&L$mS@X$c3tFj?n}0iu`H%*2H0PDGxgC9jY^lN?cL$z_`YMZCp%
zVfxt^L0a=)Q5Ep6Je#}-rm*|FYLupiJyOdtM1xUrD+6dX1H*Y5xTa#YHV0)p1vBkp
zI&W%^_XH(MlVDqoC@60nlCEGDH@#j%zK&sm&-0Se2@#zL6!kX{lYv`<jr3yd{}811
zi*cM0efdIRgWUOCi!uQ((BvO4`?<TMjXZsRF0`b1zJ5h$f9;j(l0BOCcCfY}YkUd7
zna~&hxi6pvyA&jlpoa&n6d~vua|!85-$%Nlk|!KRiBQJ^ws<Iqqs1oK?nVHUn##OF
zhcD?afDBsYWgB@>`Aqw&kP6ZW*h<l#l-nz6@Vk)Fo_B!h_ZO*z^dupi5ZG%}rqNfY
z0}6qE^s3~sOvji~eQ2QzQT>G_J$25KHCbf3f}nshZ;C2c0JN9zE-5NPXOcswz8)^c
zm4tzaujW5AApn(0w!(G(@+sm7dZaf=xv;KcF_4qKq&(3?sAeNAK1j(V?Ow$12(m40
zv`#J2P;YZN2Ui{ksW>mg-Bt9by!CRqWI+NR(hp@OM6IRZCJIIgY50n+@%)t`YuKwv
zYrs|+n-Z`OXeH7$?dXCR#<6{QTTv<!Sn@YM_GM#~rAEK$2F0cbF5a+ro5`?~cCZvG
zJvG+p&NxN8Yw5!i(rWl6`6<0FrFsfE81;EGOLqhBqT1cI7ssT!*@m|QRv6nCaduS@
zUL<N<qX7O~qAwJCwQlY&Dd1qWh(R$Ib0H9=rBDeUrP^jNwO5p%O!372VrEqcY`u?q
zU2WW50Q4pvy0NJZ3_J1NaWF$*-;8mv37|Cwj-Yc2uOC31ur{u5+>t51H)z**2Tb6t
z*4=jntLYb>KsntkYQf6z)diO0BuiEAfbsNs+yAFQHE2Qq&c-v}ju-3^&~gC9R}}yq
z2)SJWx^maV-R=pDPK_>C17nX{70f0ac?GuJL|*Omarv5>*Qh_spsg+y7-j~wyvHM}
zSK<;jmktD#daxvWv%mhk>tA}47Op~@d@)k0fHo>QrVXGgvpE?Rz{eC1JIr$d=~eGU
zx5cWfW}^MV02f%Yc~PJI)C}pT3Vc4+JSgT#()BLfNZ%?5mKNU=NkgRqzKb*>UpJxG
zWZHwVW|YyEcQ!e`WD&4yY_w(d9O&IeZ37{L8{kLn%^meKDtrg)?ER}K4fN~wQ_C^F
z(%ZxA%K2bAFUH*xSeq60`C%NgUOOgY#c6@rIrEh=#aw@Ra@nNxbm*Ppnf}l@e(S}v
z4Z8``fGrE!-MESQN(JRiFC`0R1vm%oGj-N6ql|VH);fwtQ}YjawkoR9!&=bMB=I8A
z?e#^L>)3PdQvJMR1wY2-lyU6@efmzTaf?w;t5+@|G1;gy;{m=pT>w}SMN1#)Xb?WW
z{I&KP0dC<<8O$rTA%X@EMwQRJhY5Qcz6ma_SamDhfJrFK417`k-h0C3jCq!PJjBE=
zRNE&w&9*hb_*?B4i_;H&`CzMB8$Kz@ISQ50`4JY_r_MtB7aq}mxyj1ggHEP>cQHP;
zL2yqh7Zwux>-1$)?{IPaT*n{!W|FiXJKvbHNOzM>jQe{T+)a?t=q0qe;bs}kB-F77
zjdD7Y3;Sfysp8I)IPZo3)#suZn7!q#AUSY)yE3=D8{ggNtx?f~yrmud&_K0k(Hq}$
z8Ut|gw4Es0Ky>s-;8D63Th)%3__p!zowxBvkp5MwO4cBQr-&YY2fAj`=i8KuWwK6P
zJt_zmnz(M-pb?ERmPO_%$+|;B$FQKJa7n0Yy^u5YkL1rmhckJ@K(E*akSs{0eV->Q
zCw6LbmtS-KYp)LFZi+oKC=0h!d!zOD&};wKM(`VhbN2JK^QFs==OZ@DO7raLzt0Vp
z1IUJO&;I@gS^j7J_nOC9@TmIB@3-!B^qpAS5YI6wIe)9)SLE+KX;*64lQH1=_uJk0
z$R_keX<X@0=|6~`&Ccjv!R(vP(4UvMP~iEz0u%4`Cv3F=N>q4n*QD;v@8I86gUkzt
zQ-h=v52ieQ`89nTkWsyuI<MTfIbIswbrzBCS$Wy208opk8Aqe<w^RPUZvW+m3wo(A
z@}p1bNu%QGG#<=>;d(~>W$ou9JKu*Y5ob&t+b|8Td|Am2bz3{@=nMFn4zJz!-fe%A
zFnVV-=uO|Jr$n@?mG=)uO%sBCI<h)ha89kx{`<B&0Ls13_kVI2OwCu<1U5N;!W~yu
z2b;-=c@CB&`Y+<>oid`U6RMmVo)&?EA9NYaDtvef7rXd>=`UERAAJ4kEUt3X4iGu_
ze&OxG7((GKw6O)qe3Cr4qjoc!Wz>Z-;K6<Ei^tR7@pgx9T|wLnf5t?=kQJE>Hrqu?
z^e-k(e}OSySj?tn>w1Zln`C`~=uD|Tbr61HHvaHYACs7sp$A)saVQ(jqhG&DQLanX
za|6#$t#YNRtG_?(PTh2SpdhCRkTlrnm6XSQHQuY5$qB{@Z$$0|Da_6M2%sLL*x()-
z8aQn$T=Lm{v($l_1sd&ywCTq`rKo=kM;F_z!_S`CJsA=RAv9@HxM1o6jnMOqzNMw-
zd+p!!-h+JQzgY0WD%t%N$DQ+E$Ze4}9x<ndogb};K8vIbZTQz)J8G2mREA-G|K+bs
zt#gm_4$}i0Fn6cCv*aw2JM=vCyq)RSe~^whA1~^XfB(F^ehG;DpyszX`qlZ;;L>PY
z`acNgN!xkH-r4(r#()6kxW1>xF!h|Uu9ufS9&Y}Z^=Bzm)~t%ZZ%M?aq%_=;;NLy{
z{o8M4h;$ehEPLc1%aM#je8O5=d|4_T;}2Y1t0R3${?bd9)V~9{xH9<b=Gn<2>oPQz
zAY_r0lLAybS%!p?=d*{GevZlIwAOP<3l6NeJg3R&`C{}smo!nA)7~yiE=UHy!d&>x
zyT4;kls(VjnNUlTLmH8NAMNbaVMemvBWRaW&C?47i=WUIAu*_s_pCgYj3-l}<F)BV
z2L{&JC-mVURfjGmU{AEC;X!HDo8GEqjUXYNRaJ??@eM}mH^vIo?yy32)c{9Cee{o3
zIvu)}mM4W&o_(we9M)<E4@wSgTxW0x5sySP#b18cP^%vHJ4EDiFo`@sJi)l+y5Ab}
zve!V%<>~YW5`Fwbov+0pOJK}93(T|jdHQU~Ls>omYHUnhostKlXtMyn#WlGT4Z3GL
z{YSJv#`_{clg)ef($=rcgb53H9C`5|CMuTJC`L(2gSGH8Xc4+?!+SgN0vE?s8o8Jd
z7vL={u-_FS1!$MnNYE@>8%ko4;%5x`6a0|(N+<ma<ppyGt&`VYO}};CCV3HMT`uj7
zKJ^#}h{So<CLlNQt*@-h=A@`$;sE66ohstT1Z{S8<z)0iw2h(YL7y&hC=(p%V%k;~
zQ~)Xesg9~z7vVzgSAZ{;WZEY5%cU)2)tmWocfU%#K;!IyEl0T)k=JIpYUW~W0nj59
z^wVW@+lc5Zq)M0`sIzsT0T(kkQb~2Xj8T7=H|Z77m%gEot~z|XOlUoTq@-NbxKfN~
zF}EwnBik2Suey4H3NMN#&(KLKKpcwyehy|56z5YD#wqtvAW!PJ9Zs?i6y&!piURW?
z+znr~d~><!U0`Sid|Qlbj13IXn{xN6D)=K0IGIC!34{v|JPlgekJQ(0yunGP@R}AY
z1#u6hSB{<K?ISAr1CzCGrk;iUFxd>A)U7x&yYtRZx!KK0KOA?L0bnR+rD?0*n`}3W
zAX(Dw!FdQ-5O>Mb3|Nju;01jVIh#p-l#VZ_M9(sIqAabq3^xlV7*uvioW94aZPH1M
zBR2yiG5u}(15EUfkzZa+dJg6&WST)Y{G{HSumH4Lo0yQ|Qr$j+Fcibg+G;2lR+2fk
zeGi)u-rsWL4tgJ$$#O&D*kTF&5;0MqAhZP!UwA(XFiBZ!(_B9n;YfRFf(9@Yx@vBM
z<yzNM-_aRaHjT~dkxFk?hYbuFF_Aih;Rs=#{G6QSR}-uWL%sA<VP9u6xt3D7RW0Q*
z9zwasA=-~n#qupdMt(t6+6jCW13l{H_7MaQ_xTcVS}WLeY)f6J$;0kuOKTdb>cwrp
z8?ipLu@%4X?jY!$HiCG|qq=W{`gDD5d4LuZ4VhsMVFjnHH&5egKL=M<IY^Bq8{0=I
zA3ih^BT*0i<!DKuP>&#`!=k-o*|eFXx*78@w%$?=#3phWV>&_uJvv?erDP-IB+A>F
z5Vg1%@B)Li3oP>jb`#`u7gK87^p#@(Q8D|I70JinEC)|OLvc6e$jswssm{|h24gpn
z>EbIbwaB_DZ_$57_se`V(_^>~qA|HF*L}I@L_&#0yS_g0)77BbMJlJEOQ_j<xcCE-
z47<Ln$)FXs9jO&gIQ19Db+9=sy-~zOyl?k*;lcOI`BXo=;NnxABEmz31&s;K&@A^8
z1k@dYnzD)D;M7J^Zh1!#F5uDZWs4EA@5X5ss*^Z9zxFzI;UgS9O2)!@=e{LSXUXf)
zs31-R;?p=r)9pVii?|Y5X*ft3d9miouTTr4lgVCVk_CTb!iC_5DjIA?Z@nGW%ZXZD
zBN!__a>$}r(b2PSFhYp5P$?ojq_GHFnZVPK9;wiK?1D+2dY^9Sjj$XfyB4dap-^v5
z`pxLUIO%B#={-Yj7D>3|0#=aL3cjL7FK?(p-Tf^>mKqazQTiK;R*E<52`Yy+N0e9K
z$UI{xe-jgBarnHV{#IVO)4@P3;%dS`&i#G>K}_%;#8He~dNnRmJCmO0Bbgv`SVV{>
z)e?AIF#3ra!JfNja}+497*d*3OU*~n3L>GMr|y0#ocF|OG<FO%>{SQ`n4m?58hquA
zgltvx%1Oeg6e^>6v>ZBF^D&$^>TnleU?hCu*{hgbt0`4~Va&X*vOwSiBpr7}9vYU=
z>l#CJniG$WAk>V5lLTVQe7%i4dFp22MDb+29i|BSEE+#X4k7z;qSQ+=dpUu4oX5D}
z!u=h1Fg;Dbc=)WNA?>yrbtVxB=ARmSFU%;-rBa1CD$TeTLJcK`v8}yVHOzg1p>mHS
z<qqYA5hzlJ>0`;3zkO08e?^cQB4vp7kp$}g(N}u>7?<sGYzs%SrW3tC85OK3a`u>`
z;ODQ^qVNGG(tE2hM8o^==Lovy5CQw8bViQ;ZwDY^Ne_^VYicldWH((S7;KN>L{R=Y
zj1tqg`Jmd}V!@XK`_7p#2fKl>KPrk1D2o7am3R=uESgde;e=W5-&ik}>F|A&&Zhik
z9e^#n&ai$)O+gGSfL}6rRaQ%Ug1lcX7xT0z@crx)DbSTuoaad3D;2@r1;cOeo8>Gv
z$_(+}A5_PhoRtHKv#So&QslSn)vLN$oc&U>vIno92*b^{HJB^liLa#IxCld^FAAHD
zO8RZc1<X4Swjsb3@%>cVUtn>ws5N!7*tg+IoFP2xB6<Y-9=0#BsP^9caP?@(ABrop
z?_?sPdGuk-I%)J(!gD73F=*Mj;c-{4-RoO6l7MsKNFrDV1RW&*IcH$CT=WI66qqPz
zk+`6_Uk)@=#gzV%9u{k#_><Ue+zM#KY8i77ri}SW_BAQ^%bFSxoYb92<p0<BuAMVn
z>A$yhR)HpTl@9W=r?pkzi@owquljU1-^LaXVf>yx)~Sc-70|(aY`423s=klST}m}K
z7a)Nk<M_-Aa;3>*4oK%p8{hCU!NH1zBeJrMDgAfBop2Uz1&f<eAEpaT9)D>mi7mJf
zL|Xp}-F+9SE9-I~zHswib7`5SQO@&sWb|Ou0LRbuIp1vnS%bDZmp2j<<6)#G3sW+T
zkrWr1jdJ8^X_{xqd=2yQ{K+zTDA?1AbX4oEuMZKhCHE;lx~`W~WJs&pI8qenERa23
zoGWZzfJy1Kl3;3#{GEHyFGOT<Xll$d=qY@W`jvjk<hH_37AM>fP5WC2(e{dpNLWj4
zPj}d&iCQ<81V16diGvy<@|ou8fwK$Dyi-P&N6wyKr@S@WB_l>QLMN^t`UO=tG%G6W
zkdVC8D8?a2$2rGk<eDBtDem9N;-4Z)9&NnosBY${CeGoXbub()c!uPR^%oA(WJ628
z?Ldi4iBn}U(`vj6^G}|mFj+cO+#qEeZnK5P5#%093uSF-(ecSHlJjpeFSE?cgcDE-
zwTt|`$y&=c)<e6;>V_4}ue%wQ4*Baq6sG<_3B&h7e5s+%^WUm>s^-hQ2-=Y8O74m5
zpF<OAiRLviFJ{fJZDA!iQiHAD)_lpE)0Rlg`9%W;-bMm*`(tz6s=n9FO7P3)4h(I&
z84$l3b_`EOd{i!#nHv;pPkz)Q1M%Yg{jD=yEKuCfm`%o~9WQ(K^4}-#?xz9IIv$%T
z{~Bcb{<&~s9FSP<wl^p(UPxa!{RasQ{b6%}znoKAwBFwiO$H^aAED3_*8SP@5D(*z
z>>bW`DR~=30=myrvX@SET0?cV&XqJG_m!fKL$kn>zxK)g2YH`TCbD#}avp56A#z#=
zm@TFkKx#R!)E_JPdxLSi>cAAh+PpNDCmFeXJU4?=m)#RGUB5Dil<rKN%U|sw2wobU
zyk8&9KAv3zM_t(stxReC4}ve;zoc5X-u|%`Tjp~Mmq*OXu(=l~!nE2NDk4(Zg;z-C
zt>x@X1%QwHr?-^SWaS@$alRqi&KHjh?_}4F|1{g#KC`SXUpL8oeamX}St{?)JMG?N
zmS_I|L3S<dzxv3~QMla`%Ti3=EEV^RP*a;!r@Wq$U#!c@Y=C?y-V;6xH!2?qviprz
zFYz8Fi9sEzFUi`ng{7>Qn41j|JjW&tuKJ(3D40k;Ffi4d`SWS#F*GWPsam6Z=BZei
zvgaTDhs_T0*S|($?!zF$h)?As4ap?giUhO`$(*w}+;<ZVv<0P;e{cyRE&aM(rpu1B
zCzHQF4W-4?ztbpl`vvzjch<3POR?8{Bh}P9l%1ymdUITkB+^#=OxfAl)_@p#Jlvx1
zPBI5sD|{~62UE?+GKWJSG{`jh|Kd67_<897K84T&5N>?m(M__w7}_ZcKF9OQrv<GI
zp8ZS5UlZ4Vc#zL>%&;{swp!a1bf+ALwuROmclaH5tlKDM%bvIGT=}=aqjUaShzkuB
z0WPZ?2wJlLb3S>0QM|o--f=RsynocRkox!EZo^jaCvK54hhIzUy;aV4wNEZ>q(yix
z4?%HmFI4l`=34hoU~mT&`DcTPnQW0uy!Fw)GlTEPosQnav?PH}365*6$UV!J2JfI?
zE3s}E&oaqIHS8qq=ZLw+oo5~$G+E4Bi`QsL9>o-*>a}Y_zKDDRVXg-8zq3%KrSGCp
zcEj|~Z6+Cq1|A*=SZ$vht6LVo2Wv79oEHu0tWcmG==fUv#;%(+q;Qp+wljG`h^VrR
zrFn#(zpt)=b%cLXd60xsu)prlA*B_XbwDm9Ue<B8laRyA*Z9}u>rfwq*{1K`^EHQr
ze~A1CN#7RyH<>X3PVD%*T9V_wP22%3BxKCHcuX<jp3pzr)iaF->eaR%GNjF0B3+Md
z44id`HrswUw-nAfcTh9i!yz)CxX!1Jjuc=2ZCir;dV55uLor5S$hX#Pekw33JpPmP
zNr>>RsMmry{X;b^a$48<0kq}z<GML-DD5m->xm-8=E4!AHvyKTr1+#FK5M;yVsh`+
zp}V%*1BtmH&E5Gs^Q9Q4W)glO^npYdSfQ3fx5%sJ)q>*M5cTgnr8!-=>F6*p5y#di
z^!(6QjB<XEBGW6sLBIz2P2GEz?aSgorA%GcPFA^|yQ*9<_v+vikj7kV?BxXVD?CGv
z3YA_Te?-<g1#?_GPt35*o8}PuYYs>qVPD)RTw}d<d2@_lhzyduyLxVPZQb7P<dvLr
zP|#4ha@AhafWF$|hrDT0aSk5=FlOf23?hrM;*Q>{)%9Ef={5s;miqs06d3Cwni8^v
z2LP{RoercbNp=XI7}8&nOw2?@$QmPqXk>CLeSj!>9_|SQ+L|zIv$R?~pjJqY2CSCv
zJXSLPr8<>wyiID)><R*IO&pPYSU~%19@DX6R1euNe!xG+1h%~2ctYvv0cJovK)qVI
z9Bj{dkffgjZi+)k_oJ)W<Tx(L&-w0pq#&F5+4qkVNH;+76ipUzkaZ`JG^t>b>pIg|
z7xY6kvsKZ6U;70oQ%vyM`*bOA`j)3jBcwQwyatuSux0~8OfS}>KFW1Q?oiZo^Lrw5
z^az@g1}mYBLgjCK^fjmXakQ&Om6Y@2CYl37DoJp6dm<B8VYbC0+U`bVWhE1y<hrVm
zaT>Qu;-X^QB&D*+*cuj-zZU&USH)@ST9<k~+Br-Wk;>;1V?v}DeqC%}@SUxAz;XEq
zGT4OI(%bV$+k}X@nKv4f<;bBgG@~}8u`{2L6V*G)qvm;g<ben_^19!H&uCV|G|8#I
zNv@Fsg@5KWQ8(|<z0<amgc*NDvW8*>3%xMZ+g|>)%<}an*3IZx7hm1tn&rZE#o})X
zT#4aPJ%4PiuSfr_K<Q9lpVTknT(1`T#5Q6{GR|}qw(w{(Gn1quspq9v`s38nyC0`|
za6imxs?Rka7m{-am5QXwQ~$GU(Q#C*B=#KEs1S1&vIx6$QZ?=Ak0?p_TdnNxYt+dD
zB7+@jyrVQ2=rG`$<B8fbXw+3BE1c-@-d(>RM4R)*7jj-dVD;vrO_imV$-|tb@I5^@
z(bE?mNf>aogwJDw>U2vb9rloNHO?Q#sSIg_a4HptP%D!Lx|WG<RZ=_UE?szbr1W}4
zW8?-ww*rHZI0sYQX8b1Yx7&_3NS;DoI>MKK8NSpODfP!M7E2EC+3hT*Rcz7*<;2z@
zxm5Xz=BP8}@;`}I{3Uc6-i+4g@^d0nF0vOK%nKmoi?hB>_^Jxc`X-jRoHM8G6$~gI
zr|zA3>|Is;Xa*Sd+7yNh{<cssQtxpbcZBtk;Xk$&ESAS)uD>|Ygc?TL1?Twa3d3@~
z<)WgFU@4F^R58oCO7{)97KLZ*s%r3I$qe?^69`8vcd?Q3H{2^UW(HJygwcfGdnrNx
zD`#e8J@W>;8UuMbG*6f)CJ1p4Yea58FQY2{0#hXHD+L#Uj5F{bjVnV*8AIujLE!?^
zw*xq)RN*6*-{=We1B(oqeF9Nj(fy$jf{a{Fs)BY*bX?|D30x9-RS}5ZQe;t9)D&41
zs-C8b_t1%k{NlSgjFt9C?TghPp7J|8JIcB2rs)D~uQAXbN(vM5l=S$-@69H+ZcJs;
zvrzciN3aMQ1|yL?fIjs^0D>Yg2SUqg*i4|r8A~4G3K82=RxFEOM9FRuPa*@T=@}or
zQXx+hLMJ1Vq>$u1p6?kT1$>)iJ1AMa9jlb#bt@99f|K$)r*FlSS!?cnP$QtaSH@_l
zg^t`&34e`>xFHLVIYwu~aFeh%pOA(HcfG?isH0Ty>zo|9MxNd~9Oq+QaXf+Op~kol
zlN-jQ*1W3acrpZp7au{k09MWUP~`5e#JL1R8YpH*0|QjpBUS2HPP9PLA4TmrKQbzz
z+fGD$n*_0TWE{@L4FklYzVlK>hDwjh%dd}-2R6dz(WD&DUlH2OqoSk2H8Y8dNFw@)
z`frR5z|;ZNIxLJC?7h?OV<R-&YmkPu6n||7lm%EI-=3oEziM7g-X>9DPP5^GfBJxq
zF{5X!B^0K%9an`<l2P7KrN2qBj*iMDO(!Rmr%|R~G$%S<$7D|X!UKaiSjb2Z=!uE$
zv-21&bnYs{Zpl-#cAN*6LpioE%yQXq-ZurQ1U%1qMM<vRN6AX5lE57Z2AKmi(wS-Z
z4FJvN?>g1>xK-fAwP?q%4VJP^G8y*b9l`X#jZNmZ&v{&Sb1-Qp#0^;)DzY3xn7OjL
zKfP+_>Ixuh;-AI{d~M<~o5AsL*-Ctg%jxin8ZfL;cj~X!1WVxda!E)XCVT{!9)o`6
zoT>o$mW0iGg@e_6Z{sUxrZ%*I{Si~Z4#1w+fqdl6jxFTocO2Olf!UTl#Em|G%M-x@
zi$3x0I~X&E#;F~!HeSYFTAn2-EeX7`qSx^fNL`~A_%$pLOrQ3_1RNrui;f--T61&D
zS6RnKqA?d^^WL)z1`GhZ2ntU7`2nfJz*FmLeb=G!Ryr1>Ip6L}nY?CV-F^45HZMym
zdE;@#o{0!!`=9-LtMLiR3q9;HC4jEk1i$TPUh}^3#s@H<J}=>|+Ixl;{a|rLcHx0(
zmV{`INFQAruyw<N?CC(7HCQgN^r2j>=K~vj({k@K!bV<T!MmpN0W48icYZuyS9u;_
z#&o?-AqGE3qf>`I;I{O4#_XF2E~PR#N#(mZZxF7oSb<zBT^y<s3>&b{*1&GxW^rrl
zx<~&^3f!UEjrTV-e&^!6xmAMS?PaMc&Z*YD&PE58=3mL8chsL+FU9APzcbNwaf;(_
z_Pb~Lpwl@%!ysL?M%`}2+?oJ5kixRmI+L57$9GB+8dCdciDG$ZXN-iVUaC5nKS{K<
z#YT4L$kf5C1|@9OIX~^679Z`HnoemEvDU$Kv^;1hb&TnoU>cs%(p0N?S=>&CVzSGh
zdBcQ;GZ|`R^M`3Rh<^df*kNy<>|x}CVXOZ4$jqnkAg?}tQSs9!B$2CFGg4dfr$05R
zdP@Nzr_5i;B{8<R7S7Qp_(9L|P+IAX(IU0;=j6lO&6eo1ULs|J?>7`s@%&h)G;!Sk
z(q&3aw3X!{iCCfxON1H4>y|$Hsl-JCTu;j7KwSSHST8E*n}NS?|BC<;9w)kAZ(WO&
zYJB=5ZjO=gz@Gjv7(~5=d*Ml1ys|v_$y{6qRlX>5v$kx^o_}<1=vCupg3zwS`jEuY
zb(xu0EoD!{bGMtt;pN|vnIEe2Q}Zwt&hQ>*P}WuyBJQ?^Y(V8`Jt`?G+M{w+g36vk
z<09C?I%E+?b-DaBMWuW<v9Ho3e)T(U5vnRm`H@>T`1>Cza8s)rDx;-@rZuctx7jNP
zwl89SH+L?yHN-sP=y+_;Hop|WO8d*YgY?b2+2+e=Fzp(8PylFqplezayU^fsH5qm;
z@eD+{nNAe`b^y|Zvf|9F<1*E;<3g}O^hpYT<XOYnd8p2|lHW_J;ZTiprNO!Lva6MZ
z#Dk6tT<97*&~-zXf39}O@Ol`fp0=5v=l|xe04Z}9pMvp2lZk9~eV1mmOdBC0{X6H?
za^2bQHx5I&&VL`QeLXjoU+W7DmNl@JKE6=$3wf<j6)s{S-rA~Eyb^f%IH=Jhh^=4-
zBJpzO^_vuSo$ft;{@B@&J3?MO=H6L-l@l4DWY>Q;wM2Vzc`a~hsAa2`ko4{GJMFb(
z*=KogO5=uDY&$8|6PH+?&Ay2!A6X?zo*<1-%N&x2HZ3PqtwhzS6)>3%xg)Zu<TJny
z!oP!#^h`j~Bp2h81!H!s&m0T4{u~C$FuyRGsaE7`30ujd$`D*}EB!8VhB4LkDiV-R
z=8~jajC5eSEZ3Zt3E8X%JjyL52a`L-3FGx!1F$Lck9~CxKhw=~D*2lB*0_JvY{j8h
zn|J5;_Sf8Iw-jO?H6^tY4Ed&t_7G~_CouWu<+(C+7@~6tLXaEauA^1xWWn#G^O&Q{
ziSxD;XMp3lnZ<&4NCnQ-+4~<KZ&lkwEUcbbD^ZmkuACZ#Ua-GC7ddz{bRM0L4{TMk
ze%YXOF{gO`9)EE0em~`+2rPV)UV_QOhPt8eAs(UZeW3{w;DwY}vI2t~5@tfhe{8c~
z8li3OjPA*vD9BpAc?-7cPdh3?_;*6-cHhkHc+G|W2a(9Kwz>TKZ{b`a6l8O#DdjX+
z@9B#){N!eaF$aF$f5cz6VI6d~-Ld6=)7&`~cdKxB6M(aV5)`gg$hu{&bad6E-Hi31
z)tC(Oa;<liy?y8A`dFX5SGNZl+ah#et3ui$GyfN0^n8(4A9sc%&%7*O7!kpER7@`%
zZhd+zZucYQTaVP+!Y3_MZtFAd^WT3Gzoz>r{wEC$8{Eb?{yNv+KF_hkeLouEww@qG
zo~8$V@OJ<D^|M%agM?^Eq^^6(a%&)d4gAX9OGXghV%AA9{uiV8{)c3SsaT^o%j2M3
z=4DcxUCIn4lrSsbdE??uW4G`1Z(jM3PS!G3+eu=DYy}1VMgOpVf<wmsRKWuZ?P(Ez
z+f^|kgy<Kg$U{><iEqr*V*Sq~^UDP#mrE1ZQaSATVfnXa*m_8JmJ<}H@rnin1wCOF
zNnLvP!QKWaAr<1_v6Z{(wGu~S-RfC9q|&@;_cz(Pa5{~gpFuHhNT{pljn*10?=e3P
z0*ib4_E9?Md&wnsEngW=n<I~U?2r7NBsX)N6O;?vi~*<dm5a!pp4gkVcz11)hx)du
z2F8w4op{n0Qpl^q8dWEwP?EmT5x6`|$}q(SkU}e*q^i*)n4(LHjd8gyD!)5c=G)Nu
zyf*z^(43Q7I`o~u26(;ZtDoG4J<0=xwcPM`6Z%yv03-u4ke{;v{4yuc1WX5bXC0ST
z#RWk3Yrz9fjWcTb#`vWN$cajR&nW<I1UuN@K$z3{?o371%khd{%K0m5OWEvQS{h)P
zA&lOc_*It&aMkpg6j&mf;>kd%uIZMhpCg{a_#g1oe8R|=2i|FpJPQ8}gljM5hQHwE
z2<I$oBj;2`3l_L#-Z;u7G?*l~J2spE*pk*{(V&Od^(dODlHZ>#4a6^n?H<0TAG#-G
zm`1rSiKR>6_mmu$s;<adGMcbRD?F+ND}UT!$bX1NwoG$s{EZs|jo@q%xY7@aB2M_y
zIdEAF<X4$g5b5Y#RdO<9fijw)oswQ*M*~PKqKtBg2b<g10_#&#{nN3<sM0)zb7MpN
zbt#i~mOe4lhRbbZT|ioJ&qs%IW=?i4`$j)Bk#$oQ@TN@2`>?>Izj&Zx+=#>=zBy{?
zN~y!WO@i3Q1;PsBw9zqomYlD2;Ex#WU4Jm{nfB5d=Ay8!ax7|@mQY?MxN>^D?N;wY
z&u@KsQfSUUWUftHD3^GA@&TrF{`wCl)8@Z9S+|rQ+=*5D$d9sPSkx{Lcu~G!!ln{d
z<5n4E%17*LOk2>qS+3;8F~ulw@7`iGiCscqsSuX@Nl{cc<mtXpPHos{!Nl;s2dHAM
zajFL!akR(#LW6=WqzqaXQ?iaXk!8(|0nHpsB}NVi{<kh@1ueDDcTNRWtv5F_;qxCv
ztIEks+><uj2Ih<J(MVGiF?fRub=g}bFs+XXek!9z^LgP)n>nxJwh}UWrzBnXR7otn
zkw@e%_m%|eDa~m#7mx<Fqle>+NFK?+q9Wd~an3_>qR-9oIM;#7B1tCISRMn%=fH!K
zGSvv3q8BvGs#UFLeNbXDw!HK$p?sc}=C0{Mqsk;7r%8C3%Vk^^=Uqo$jj%NR1$SL6
zrz|ZoL=8guH;>a{e&8*^%a+t0UpOwOn3Fb>j3FFJ8b_&3aH|lS$HiE_8o@>^yn)^+
zicj;1AY18bAfnE7UL{WDVZKhmWf0KMk!+-sX0&hELzE6*?azeHwIXSLGf5Ti!}%y*
z8Byoh4Wz1QrKvFz#W=cAw}`3hR_*L<(!g?GbM?rpVv2`qndyWEiDvq_N_gq<(<2yr
zP5J^F{nY@q9+5ypS@LEw%RW`4r>ajh0~J9pBx9tLBN_T~j64fH##OW=2u(K&^i&pP
zJrStL`lKS1`qPTYd+fPD`RbH1bdL=3!oEn4@W}`g`I;jZVFK8c5d`AXh6tn)evq6p
zLK~$}9R_Q!qYzZAuL?z~LbWlKS>EUfqUT&i;S>}$C1V;CMB!b^yh9wcZoA5Y&X{mv
zwJ~MxRZQ&W3pA2FkBf;8`2ewNWOP_v&fW76#jM5T1ey4TjViPwx~r^4#>Cq?Nwbd1
zCx_oJ)V__7QsxD=8fAzpxl1kaol6vP={oTs878{_LY$~MOyiUzpJ2yGdDa-J5@7|o
z`Gz_!EFDwEK+MGWiZ+53g-N!xoKhCr>SA#I%t<6NfeN#XS0-1gCD_BDV(J_TU!JG(
z&K*#YA=r@Dq<dlHO;|{dGDP@!IpusC(voeSgI3c!Y_&8F-sWdyG^z^k&_>&!!i9Tj
z$UzUV<d_5VZr@O4wVY7Nk(4_xf($F5BicbkD!EI>S$xB=oFti^V#<iT4xUMm=X#mi
zV}~PnXGo;A3XTEkk5ki_j)T-Jm&OJ>%@7drFX!OQ*B01aMkBR3G+9B&)zEtNxF~MF
zi<oato|>Fp3fdA;%C^aMq<8<7DBcg+=<pTh)@~6u!qz$6%+a>Z#tSpb9OPr0mzM*&
zN1SWjR^mAqjgTAbR_`orr=w<&fQYBFvr6w-nm~am-f|*>Pb4@#iAIz~`X;fISW#{u
zfP4HMtVjy(9C1xtOe`BQ{8EF1qIeUM)z0)lcCPS4bsgZ9ls@N7x<39kN~c%d!-D~=
ziKmx>INuFTkRWuw5zfj0ApXy(^)f)aE*wk<T<<!-0*7m!2aJ6u0f))OS>y#VXuG)y
z0YQR))GH;zxI4o7x%n$ff_5L{>R^WVEXmaAt@7cJD845!EIB15WYcK>P8A>^yLu#V
z+;z3T=v+u)7ASahGyQY?RmM@1U>N%~0e7qJij^`S(0c`dRM541_yWK%3U61<-AT5a
zU9i%1WBnddT?%NGJZ<oOPIGfGkKpt1=F2odBm+3mO|!OnQc>3pV0jHg=GCN3?l&BX
zqhNt1v}!D*c8D^f$(rh8e47$j6?oV_A0F?&d1PvgO+2f8TH#q$krbfFZR`u;mrJuf
zvF@lVXAheBz5BaY)bxvw5<~n_1i4Z|y)28~PjlxsKt9vwIa7taiO%)b7OnnZ#399|
z`MYQCB+L;fxr2U-@qyJWk#Rhl2P^u?SaSz6$7}V_2LkbS$<OWLWM%rNN)MOw{HEk$
zX?|r-#Fc1L=8YOUCvz;rs5R+r?T6GdOTh@}7p}A$HGCU!8Ql$BPt+@3=^CZ6^t(Sp
zRL8qM&RMx0FPR;7Lhm{{<>^T&6aJH`j3$Agk|=&aRMshhfUWd{Y)><9*uV}csjMR_
zHJ?glVSB0LN<$ibKf)5FRhytNyib=E<*1Ilxc{kC*jyIMpWmMD++1>eKaYFfyIbN=
zj>Ps_Jn^J?d)2b?7JFv|xp3bp*2`2RF1v8)yoN)*wt`FM<ztAfLryCBAZ4@^7~CG>
zJj_?;MQa5DBFzC&K4?|3n&o&A_dawII?xRk_J%C#Od2ANXHBqT!dBmZuA%b2+B&4k
zK3leKl8L1P+0vOUm7A1*a~xi=ncbwtoRw<OCA5HcV53_TCeJqLjG#npm{!e~uU~W`
zh9ffh-oWk`kxMLl`RuQxL?({Jsv8EpehS5ftKXrmabF4srSD{g%)p9SmA^FRvXz}y
znX?6+Jbiwo(2k#J?4AQ7*g;!~G1k9uXTigt0{(due|Z#?a}TaWpWmd@@<*|5PN7{S
z<Nlm%?b*;D5s(Uea|o`7^=$S=cb|%$+g!ZcN?Ge5j_>mTU9_zjnGg*J0@Ax*Yc_sE
zBb~m6L@tIJ&M6i?`IT~7*0KA>bRkp<cv9`sL)mWtpJd?jb!bbd-_a5Pl&pK~Z0{QY
zhl+g%^m8-*gM?q|IPZl<4{hT9oxJ!rdKTb6<Q#s3x<g~}EF?ss^<|mBrPhf^-+9NE
z=l5SGGeuu?*vtmM-wA5j<!%tgzf@UR-jUwD^oec!7w8e0rN|V$va(cj(D=NJKN5Ea
zs~P?f``9UGBTyT><b!K09>jjhDT=FI(63VttaY7}kJQS)F0N&<Jp2zL<@K6%?{iTu
ztwa{-YLdEmH#=kP9TvOP<2~)>FJ^z#vP!&%ZaQ#SmN9R<pMFL%5Y73*VacIgrfG{l
z)ACQX47{e9I}l>vlFn(;r|U)1MrV=#sN178U4ZUU+HZ$nteu0=(?NH04*#Bsk06q@
zX!p|o{``k#@-T9FwA8h>wh|QFQ75aeLY4kUrZvAwG2mqTBL4E)e-PskY4*X;{Gi>f
z%T<xBwybHTpt+!Q-cO&z4sSWd((j!F20q?z0y1~}Tw@``bVYVfi9LBl@%-J0d}!#M
zjdT9W^CMuI0n`kjj>!K9k?jlEwOPn<4^8|J5}(aN<<UsB9Pp`!y$$b`)DT+cK4Zf@
zy5F>Su(YA{3Cu}c=<NI+{|`bn|6{c9`S}~2!B8JC9r&y7eCFTY!9~hSkj&PzMUt^+
zWqfjF{5~1E{kaT&3!e;}H_qFwEw@_nd+lccGcs{3ojhk2-qN%_%5><+%<=)-;L$Sl
z{Kc|M;-^m+RLL9xG>z;sQiKr=#y?(X)i;H0cl&UioQ92h=GT_o8tvp$cWOWe<nIaV
z3k4FIzny%0#9vGB(X0F8DM{esaX)0<D*Z+MAEh9(Rk2R@2+{A|T(^Hx6}{uN(fT|5
zdSlz;!a~W@R$VM3(d>m!Vwks6Ok(=a_V8c7cwjX!@h+U$^|UA0PyFxyoR;}peGh{V
zJFe99glUQ<@VUv*C2zY^`uq*(KXUx~u9@dR-#FM~bK2Yq_ee<Ho#UQ4S*|FZ-;2wh
zUk>f!bXhWKvl+|E+e}0M9xR^z*lg^;^<TNmTDQ>TJV)jR{&n9Z;+Wm@|AU;Bdu6HZ
z35DW}WObbX+BEhFz4^!*9>(GSaY|>v5s@l$x=c&H&hp3r>ySH8s?IqAhme;Mr+-n$
zv$g%u)l97TJn+t1DnCHtuk9lUYj@V7-U(lpddT0<{<>WXSD-5*w&AzzMo_>S%Ub2R
zrw|ANdILD%NUytG*+p7(+Ki2Q)>TRU5OwaaU|x-NA!-BsGm~{k<n1iywHXTyZ49Mf
zNuck2dBA2`*0LW4IK|PI9h)Xo-9k~~d6V%t7w&Xn&XNBh=+b(bG9UV>?$(I`pm}h2
zPqP6fgtY_+Ft+}nQXrv9N}EB!OfI}g&#jW*Hyqk)0%ig@x%93qtL3CS6s{w;vzEIO
zqNYINFRJc@uU@9qyyoue)hpthNlGa|4-J3AI4@yJacO_@>iv8B%jaHY5jDjQf%cO7
znY9SS<nX`jcV>LmoTJ)PfE3yM<Xq2yX9DZgNap2t)nN1CBbnr7VmZrZczg9`qH<{k
z`mf4w23PKyPd3)IzhJHTMfuFbkR=IIR2gzxL<{gYA8!gv9Fg6~^s6olf}dvSSFt8d
zSbWg}pqJQy2tGdZ*VwuQS?2;4lg)t8X6hR85hZNpR7N5E8$%Kp>RzE$m0ic`-^MBX
z-R!~lS8`6%?yKp>-w)&~r5vc_kmzT=rgvzlB@WyzF4u})r@1`7dYU1rDP5B1etMQu
zFW)n4Vr@?W3RBjdn4F>3$#l$<nAb|Xdg@c0Sv9!b#mA0})e|E_yJ8L0yuFd;yrVp#
z3|`!emDVV77MUn5k{6wVJSce-7evi9eBZ>$g?4gTrkvJxCZa;+8i%|nmNr?(!PwD_
zldt?0hXMmv#I3mYweo2~Mh4sXNE-|WqObo9YlJ{WD-TdTqqZ@QGWrwDpz`-g7lfTy
zja1dJMP^@F_k$t@hNJeJfi&wK3Q~1QVWh6Fb&Q6^1qjKS81{VRD)+ay+%fh-GTS*;
za;!AcXL{*4F*QeYl=TY=vBH%$fpI~!W4|s*Hh>W>y)ArUMG*N-Z_<P~aaS$V>`1m`
zpd3y-pR1Oj!S&IY4)-#~x_Ag%K`)A08H}3|1f0hHdFB5gYK-hdnd@PzF?wu}a29rI
zEcc82vGE7#<2OE5M8{{yS^vZi5`Is;@2ytss2<I@nya~_rTW2Jh1qc#qIVZd;0<@u
zRq>Ya5n7MaVOkuZpp`2zDeSkx<lQcX0b~pn5ifK$O@S^ggj*HDl1HO%cUzF>!+((A
zToXhY3ZXqM<AOaS%5s=eMcgXl%g?l+)i)-~i?TFipl_Wx#k$^Fv>GSu26rXm;IZQn
zuMQK{N%^r`Sn_`TPsr;$wOpi+-KF4pAH9@ei;GVQV^~~a94VLIpA;CXj7kYoXTRl(
z$63E9k9*YeNCF+Jf@34ped5Q!lP$SGmMKPQvA>#yAv7qT?9@ZnK|%PAL_A)_g&xTf
z14vsj+!eRc24^~4s$ND0DAywAW3*&>x$AT@WXt=yb_}}X8h~L4KqNM|2X2>-6~B-R
zn-hr2?m5ALZ31mnx~;ynvBkAIa~g4?8ipdW8mb!{Vv%-QYC3HQD^>E`C}f1iYB@nq
zUip<4<6%E>eMP*YT~2^`WkIf-eb<KGXq3BGm7JblO~t$MU<O4;z3Ci*VhlWex=#E%
z21{;G`DOh>%bW6U0S?}u%^aRaMtQ2~|KsSq<Dvc^IDYoJIGmZCab#o_S!bLrha+T^
zk<zmFCeGPpUFHerXrOXd$j%lmBRhOU8QJ>1`~8vX%IEWW+(Y`jKCjp7`NGjfaH5gt
zpupoR{Z$F{6|1frYn14kPt;P5`VmnWieuN90HDUM*bYhxK^mA)Gkz5<#Kwrr6tYjo
z87l56h*4~wgT=#;EJOPFu3nF!*LUGUpWqhgOe!Z12>s``IC_t43w_?MW}@zd<KkRN
zD${@4+Tt@X6&$fN<UoPJ+)9M<7K%zqC^_`5HD&Z;7}MLBa_T;nq_3!?qc}a`Hz?$7
z_@%i>68(buw?1l<JTtv8hrzE;Yz+xG3SSH*jg~cfB9|5MY@&mJhw6(p5=zArNED)}
z>KIxPrRZ*Id0JlGidZ_dst$eo&;$c598-fI8<h(3jG}uVToF~NgkT_ML-j38=vK@|
zc}ju_v>P|5F`_Z6(Uc`kQAT%GV;ngQV$kGOIP1_?ioBc`#EX~=;8@;gMenRcb?3!R
z>Htg3nsUVR14TyJSEORU5)*8T!7z@JP^_%y`_K{AQGVoQaY>nk7<73|+2dhNO=awD
zM#1tDKI$`SNm4wAa-{M3K))1Ept$FS(s?lEW=V(AE98K)Q*ldCPY=N<Dl`$I4J7Qv
zck%|>p@}JQ)AJn^!^!cIqWQX9P0s!LUOdY)n)EI)MxJn#x5yFV=F)gM#66?(pFZ=N
zmVKNwEf0fFbo03BGJ4|eI0o+ElV<h4Ve={#K5)Nq9CX1CBNPVbm3o>-Hj@`pMmPXu
z5fJnAK6x8lG2`V~eyGg@mf{kdxNyl){N;{d<Gb^gvIX#i+&oFHj-&rZ()Lvo$1>#g
zQ57g2aF{&h8gR(zzFgR+NzD4^$p7?A@3m0Q_m=?H$oWhsK(ge?G?^{&vX-{UkC4UZ
zTuJq&0C>prY2bmQ3Eb^_Qxh<#456rutHhx#`W(rDYC9m(8cXN_L8K*}uiH_%z-j*i
z&_*B-si;hxwgO{ss-EYp!O^2<n}DJre{C!W3$Sk$sl*#_O+Cu-^MOL<?eE3FOx=9(
zc%sW9ndV$rHo#Uw<n}x*<T!hRb$x-0=RLifWf1qzNaJtf6(Fs<MtUs?#P!nZgL%Dx
ziE)0+dgbLlD&wB2s+8mep?e)RUOdg5&-vZ}s7w5&UTsECir=S@McW@DeB;*O;8ggi
zF4pUWyRNQ^Y0oBL4rlBCskr8P`v$A3<%V3Wa+%K!5XEC<^yz`ux5TsiwA0J%c2DiV
zgm*tS_nbM9mGUzWh%Db0d2$5B{6mi3`d*;xs#W@IZI?CqVu3-po$XMOdyJ=(45e30
zQjPo~MP|FCF^bR~PmvPEKRfCe8Rw%LSe|seMmpr1Egw*&E;6nNq4MRcmykQ_GrvpQ
z%A@RcZXYt(4&?!U&eTZ1VYmht^U5tz<Rea&9UBQmOh7w_(8B!gX*x-PCv_1vsLS@5
zdQ4+LUg5&VYbx}lbWn3?Q3dG54fcWxlWtP|ww0y1vwo_1Ua!LVqOfpRwA2>KkS|Il
zIe!}e>r}_S#Y#Svjt<1Z6r;U#$qyyT-bY2RzVwd>&BS)M!|*p3$x9LfpQ)OVw3e8z
z`wUuJePogRXxSqnmm6dkL6`$XnfXW5HmZIsD;1)2<>RzN?!unlH#cTmt$T^$ajVM&
z%w%H5{qqyrP~Xj8%wRBtCH=^hcfgSE;K?%&A$`$Bu~btjilUfdT+e)`y1w4^!)VA(
zQ%<Js!^mY(p1!Zs>4>;pwPz1&Ll{-+#KU<8*mE>q`LKsXlb-zX9g)7q`*j$vF!a1{
zzICJZg0x|ms?VL;NRP6y#U1y(J&#|JPXTrUOv|0Dd_OcexY9O#qIIbM)qC@_`p<2-
z_&;<Xi|9;aJ|_%~bPO~wI|fI3{7!rHw0r*WOsjrd<ywRq7!v<8uqC${2?QZY>*&#$
z;0_OHu%$)Lfa2J%Vtil9^S0qo;hf0i*}nE;^6(AO|5RR1p0KRT31;r?4CkCi4*Z3b
z9X{HVJG->)^<8f9<@Dm-d}Oay;KwItpZDb+ZEC!1`E%@?aq{rbck)TV!PeLP^E``<
zZ<@~i8llv74lKs`>=o7TMapa}9h_{jh}J*Z9auX}SuRqGy48f(@n75ylHUu{QgnLo
z7t%YQw@IyR7yR<Pz}iyw-1k3@1Z~%&Cj8{W_QT`rn#IpdFRH4}%JTfovVgn1xyY52
zYHLz-&%Qg^<FTz58_AW&RZ&l0p<VDy0>!Dibe{bt#xt}w-G}zlH_`nEN38{J4!%wa
z{eivrKg$un+Q>DROvS^+VZEjS9TaiYpO!){{rMs8wf|VTQK0bU?VqNrWtSH}zuBnm
zj!q^|K1w?m+<3V2b?w{N0g?8|MaN307XU<>hi^qPov9wAeBTz_mJ6&u*m@u8b$qrn
z`_Q$aA&pM?DrDJn@M-vkNUqN1!w92=-`*{U-|vcl2QkNum%umsQ~4KS`qE2tYp!jr
zwX8n2u%)d}<Ifk>jF)e|d;mZZ=_8t*u)h$^@8*J)8*ST>`X^eu25H@YA^kg#BAm?y
z&!2w%3;8|(T%)PpgU`Rd_eGd*I~VRBe=j&0A<yg==kD`F9`-ixtK~o3a-Y7JW5)%t
zrFWJ+-gx`{({Y>s`(ZwnUyBj~>fz-60*}q&op&!n)ozq9kA`+=G+O)?u8c(#wBXm`
zg&w$mVd&(fWPr@#y==ZLhJTW8@3FgWaQBe~OOjE8Xr1U@RgPWZi!WUPf1)5GB1q3s
zvGLm=5_5hqy6AjkQSVltd$Wr-bcDcndw{D!knAhsy~#r6rli_e=BtvJ6kpL(D~c}k
zmiY_Gy?W)*Z?2c3DMsMyK6APF?s1;#OxHWne%K%{WVNz(Yc0HXTz)|KzI)X3f|-du
zu}=^xzRLsk8|`Av1-a(8H)hVn?KFd6{B^S5_=2q^#61K990c`u=f6R^n5UGJimENQ
z8a+Nqs=8vS1Nb`=?<0M@W4_?39!l`YoO(06{g^699j8BXo@CDbJo7^970<%Y$r9>X
zZ1fV?N#!{o3-juNtax`_3K(CWD2m<>q&476`f>L0SfMFjKDl8qD*PcbfptjPgL^o%
z^{ZNACa;D$;UCxVhWHt^62=j_>nbz7BWLMk`igdXETk{iS9Udq>TOk}vp(~RUi0U6
znnI_V)4mJ5y!Ihg&;8w&FAdt`>#C!NBd$tT1Mf(*Fiiaku$%&1uOmQ!Q0%$Ca!7?;
zhVw@tyGjRRs#NM{q~)9#rK1OD1>m0E9xZB4{q_asWVQSW2ainvV16Mq%w2S!u&CvG
zfhse_-<)hn{huD_t#!K61LnV9t?zoJ9;k@94uZpP3VZ@tMZf$Y@G;;bC-Anin)FUA
zKo{*jz>|9JF|Qr||Dx<^SgXJvIm9_t<^0TIaRYS8kL(<PcOtoO#<14G3kqBD{2)j<
zGA#{$6aMM>9lXCT8R>r=_;1R${!PZIh%E5GPr9J`Fq2Yxq1dNw6SZD=2wv+%)Ctc(
zjb31Z<yJ8<1_WSypTBN?Rr#1VvwNvEP{n;s$`fjj^DL~YB@~8}Ce)%+NriT*%ND#M
z0P$Ew0A09S)}RB&9U`n!?1OuW5&eeszxJ~b{Lj0hjag4nkC8(!r@us#_O9)?c~s3v
zljb&)Vl%QhY|JcjFcj~r61+Vy>r}3emfV!4&MDdQp>GIrI0daq>va<qy^eksf17R}
zohp~sF*-T=1aE8a&`Pva0@~UNvb|>p59G!fmu%RViX^`#@S7T`!&<ES>GQOX#539Y
z$dpKCcc`V&QdQz*0ylfQ7WHICXnBjH6>%k=m}e}@yxMAGAllWjjajGci9|7V^I0~L
z3atk;GQ6pBWEhB6(aUad9#S=KuF&FY^iR@4|MT=Nu{0PyY1&CW+tZtSmY9P&Gfh6C
zbf1`fMO%7Es&k2PIAEsF;m%TALuGi&k6`XWmI7^cB<fnkrSZ@@;jdisp5`5#sAo<!
ziL#PcK4b1Fy9p>;h%r$5sI&SzQ0{SAxLIxuU>G<^j8JlUAs6JqL}?zS;qD9rRZeBP
zUM}SjTgt<HBN@mY(rxL2#MX%}L%N~&wv-RLJrT<@Q$TWyqHR`h5Puu$t=G&C$yQ-?
zFO9E@GoMwDWv9@YoRP5Z*9ESY#PM9wp?+sEM{?m-6clYIYpRdw+_-#ZV``Yt*vI)x
zN1`IvkIuWpm>jO)W=HMS(ef#}ga11RE4_3N)=Iy`MvAZK(am_8E#n@d@J3KJazv_$
zh7lXz+Atwia+FvX#iaQHZ3tQPCJ-r&7CW@%g|JC+QV^b~IH`UDG@k`+LFY9WiJ?TL
zn<fpU7^1OZKe6s}rL12{a$Vfv5672`2-v|sWNf50hCLSpJHLu!MA1BfjjevCVLitI
zAH5cZsLgU&r>IUEvtS{%)~FCGS4$o@eWmXE&&ZJLF$Y!VCjunIUy7bP96{v4&%-IG
z<8K`?Qk2>E5#3bLIykobQ6}80!2QCRXr${behevzf5}Y9n0b#jh!@XB24!<lDf*#A
z(~Plf%5(9;6a__$QvBXeEc$Rl0vf>xEZ-A!><u)6X!oPNq?q3rRtkjC*a;>5(Jy2T
z4YhZAtQ5kiMM%)9(HBMCP+?*0vr?yEpOB9k%`L(*cMmd4S<*BixE>OP%i@^Ggc$h<
zM2QULTV2|_FNjp9B&jfrMf<X!scFF^{4Zot&k`rXn{q#i%}JJ!i=UwuZ9e}VEGP(_
zW55>~(<200VAs(G<g6Vt2>oM<Z|98Z`JZ-E9SmuaB(wNj;B06p@{}5yXS7P_64HXx
zSAm6eSsh|@$E`Emop;rf$ej7-a14}X9qXcc8)aLyN+?^Kqz)?H)4tY#mLNbgB_k)%
z%#MsWPv`NHsMdQOkj&v#&dUoiW~367rzcLecOOk-yNj%Mi58;JaU%*pVGuzeEYPc1
zEgZ#7hir<}EK-y*U__!jS}?S-F4DN@pR)0gOhAl|q6K9#y)JP`6XL9hL3g1}SfV_g
z;o}n$8O(d%dQX)2(8r8`(|M9;v}sKvnByVq4h}>Y_6{zJoX1ui0|+tQ8Ti#SYPws5
z7``_pPcBjO`lA@6;mGCdr_>I7jFv>^6BWS4JiHoDbwMYdc~9?pT5@TEuaOk@OZXCa
z&Ef&N+lS@uI)F@mBIcEetHZi@^vtQ{L$L&I=={kO6Ry?-P+|Lz7laI#;t|8**u2(-
zB2RHdUuI&`v_U^RfIPbL0&h;l9n;OD7zHwTgIJCQJb)hd@x)?Gpn-x3O2Dt{hq6jr
zWC+LHyDS&l2SRZ0+c$=QL02q`9ai2q|E)_(-fjY((;E!XA3YpkBYPF^>Z-5~Hnnxr
zw>^^=b$$P-7wAw1pf7?V7XP6l%T*8uRFoZAN#3)_N)rQ&MqaEirZ!^9sEB@8d6q@$
zpM?iKZ!!7L!&?P^>1j@L*ckY9<<%EpKwyT2?qfd>aLl|i{W+|Qp1VG^)ByoU39FYJ
zmSD(D<maUIQ{Lmp#Zq7^Q#o~hqd5+UCB1$SngkAFe^ieEF*n&F-$T$k``YvU6z5#9
zvEBOXhuuoG%9o)pe&X$R*`^MG3hZM5aBy#v&6Z1M2~_;1FL8QK+UCuwrQ~y;DnTYl
zBi85hM~g&Oh+yjcN1|MEuJ0ZF`*%FPZJAttYlCU=*AJh2?Wr<j<IBsFt`>bKEN%vB
zksF}6o8CUI?C)RDO|x~QBgq2u4yVXp<FNc58M*#A1==GkA3)8XDxwaOh+7x9`sl<6
zB|CZ}R?RZCYZ@QLAMe?G6ua|>FI9-_s;Ap5A|L3x2GiC3AX-#9cyvumubxQ}_Q^~*
zty07r5=bWveI3RYBJhj4=%>#Si7Aox;zQ$g+cJqRH-{+h7PEeUg0gk7!!OY$1ZvgE
z?5j<=C(m8{3*o$qt0;eZU4q+HU*fzYnPl!gz##bGhm0^7hM$k-&S7y#%Du}d9&WnL
zyqhqpIBktdmsQ}-K=U!xx^u1OvnOh7ax-Fnxx1LVNi-`)-y+*pC~zi;SH5=d4M5Ts
z%Ffc0)pENoU+<L)#t`WwG`{NV0`wRoqGmp$3+lDIH1ZW2xPG_ay50^NFr711+P$@d
zaQ2fBryhPdsP{CL!r1U>zPtEB@*b*vZt1d6q;x6K9`9+9V-PI#Q87^CS*tqRbNLbJ
zdX=pIF1%(;36{<YxpXPa@WmC%qsiOdpVi+U{|eLn5+7COvmD%T`hv%zZmRMwMOr|~
zq>03@&@gAYT*296=e@MkmwzFyksk%N+D_<ZlOv%<1EIf)cHNr~e)d;CXbbqd7|k>V
z%0w4d4jR-0KkmM(2kXjN+kYVm2hO>`7dUnhTi*Slp*pg-cP6*%acTl$Y`tf|cBv1%
z42bS$s5}sh1C;nasCoVVVf04e&gZGn*fpUkzPy*8!n6htH1)4JPcI)iA720c7XqHd
zBf~~|2bRDYw+|{mh4vo@ooa>cMw-v``nt-Fax1n`3O(LcJrGR(b<(`CceC($-!y;Y
z^`h$Dk;QkFNh^<<N7@d4npg8w#b+<KNQZi4UQder>W)o!yN>b@YjJY??&&S@+IXVI
zNltU+BkjYBA>FBV4`MoadK9~Q;SR3qV#%Ha`5e)D%c$z^2fgcW0}7(~Upv0paSQR9
z3d^$xbGTEFruGA(Hm$7x`})Ufr_t)VQ|n95OEvf0U#LIu`LUcaMUj}2zwML?wuy^#
zz6X}Mek*)`O}AM(TyK@;P_`xLR3O6P_sPdIU`eex|HCReZEl{?ohU*h`yvN^OF)Nt
z{+y{zc~orv(K^i%KAUOd*f}#_3JThCQf!m^S^Tao@Ziy^R>pSF@9mT7Fio}p#3Q$T
zifb0n?2dyYB@REHwS$N1T7zvr+df2Yg11!TkJEl2rGC#Sf6?b}G5l`>ymxP^^e?>A
z${HEz56o>?+f7^h3!$11(qu{62#ZjR17MZvTwt@vg&w!Ixh_BWdE2Nf#MEu6R_@B<
z6wjSh^0|8Oo<((K1}exdb;hIy-cZpLT4A|GCA1u8I;0}$s&E$1^MJ2Y<tMcwjIOHv
z*1}WHO$5Yk@ZQw)@Cd2)srY%j<!|0I{dK;H$M+%Jc)Ch9o41vcnpuYx{CNdFJ%M#R
zbYSs{fiU3E>haUBE7@m6qql3{{Rwx$efYqZRrYQ_*l@3=Ue4+Gd2~$c_$E&T^Bq;M
z8qw2`s8VpnNTYWxUX<>2rA(z@BochG*8_(1FO%)Thtg-y%}qZlbh1U1=1f5osn~-*
z$2{9_>n_XK>XZfrRridrgCu4#OtEdp^uRhxva3*(PvX_8H&vpiRY`okU$fTb<lY;Z
zto@AGJx>k{C}^&Oz4vq?-F5en`Pp{rWbko{mcmus!mYS9tqC}LZeOj7%l6M#RTtIl
zFQ%F$Qt{^hh4^8nf9cLJyJIhT>b(MEqpF+u1ZuR``ac6I)D0pl<FZzvpuoYrMDF5O
zmI5F^FZDexF;J{J%00u$D$YI-@2^grKK}>Rwe|T15(EtU`{W-|FtE2YoIKXKXB$4K
z@4$n~$Ra~<Jcw4S7OfL2BX*f_XKP--BIIT>WBR9%rgM!alKG}2&-noyWc=PjMIm~V
zbpihgxI_t7_FX)kGcpd>w!J+b62VIl-u0l07s4}FXZ}r7SK3<Cm^M%>BqbNl=3&h|
zy>%NOh;ix-1Q<q89T9;{p=|iqS}Ouq-ajj*>`lA&yUueVd~SJe2FR9YwCY**UB_7R
z$PBf-<qJCR5=#L0pBXO)kdY}nE>ie(lj9`Nb^f5OHqdehY-Bh6AvCq3AGv$p$pcCZ
zK+De;zOIuMztIY`mgcS=U|$@^nH>lx?zeC_n3H*RUUwZQNO9}eGB39On;5{>vC(-Y
zy&vDx1@#};Cg)1L@XVymtK(GXelFO`(M2e;YqiK8t<D6deOVf)oTfx8G9#&|(wmmU
z6X`C!os<HNlCXAF2@I;Mpb|0(mSTyd{#2`dZskP<q;oaiB^Ge3z72C2KZ{BH$##AP
z&p&d_^QE<_;8)B#x^)k^d6^`O5SyNHL@!@*wYDOWeZ3MHg%iAe{0UOcAt~8#Hy%=A
zlqTYdYJ9a6nUYRc>aK43?YE@&#)0c@gHpC^za&ZA4c^D46?PB@<7%OwF39Q%?mz*s
z-IeQ+?OozFp*Q3-Z)1uPtCEo_nin~@H6*V%>Ck*vGA=sNuPD&~V0Mf{1$w=_ZdujE
zn6q17Pa|$T8DHnT_~q<Fep#2D?gWp(npB5lA?986Op3XtC#H)>euuFJjpVONy2(<(
zi>c=LMg#IOQA)qH>Ynp=(OX%X+Dhz6z0q))h}g3bv!e`qgR)4MhM^w@Q&&%js=bfd
zr=*~)NaV8a?@!3&rtHcXu{P08r!_5vTT?eYL!tL6BEK?S5>?ExqM_51r|CNv=x+i+
zJ|9(UHc9qK(W$ueNBNary7;*foNP$R01uf{?_E@%BI7!`EGx)bo?*9PTU%Se$kgCA
z*FlNftuA#Ri~(zkc?XsB$~{B9E>TJ|TB7!>Iv_Aa&9i?MoD}z~%l4$I;T2{6arhX?
z%}Liyy$Q9)W;19igE2n2{zFoF&}~<YRbw1lhvKGSH<MLklMb7>zV=HoQ-M%3#(0Tm
z?9*7jSZ+E%Y!~}alRl35s!*zo{RdXvsU&fNJ<H}}K^~fe^%%!k3X+v6?uh{$uFb?C
z?>eNUYgd5LQ*g;fKAqGSoG@IvD*V_;G?E0(^4&vF79g-uZF-h=6zx$MDb7}@7`22m
z1of-f^)ZxgRXR2<T}g=s@=DgT+%_LGkc!Z)REXi^F;7G%$1dP%9E&{rB-r4r3BL&l
zKIFqUZg&NQp$wv`D~VXAm;yK^$RitmH4FwN3X74!R+&rGro$|T%^xMX`#vVJD}T~j
z$^?^5O?;#f6B8md5RXHYQ=w<5@%BV!<YNvd-49Va97wUsxj3DfVN*oax<4fAq$&Vq
zl0%|OP~=2YS)SdG(M-sMR5G%Up^z?hQYD-kw<ai_+`+|V@)g|?7Wv#HWG<ks&7`tX
zM-e36f*=%jxs71x8R?wi7*X)g;!LYjo9{ACMu7K7q>Mn_^#P|1D~W6V)v$?Uzh#c6
z_wiEJJLfQtv5o78gJA&O>0%{HGaN&Za)O0P&Z;quSOrdKuG@gxGQ&-8;VPmkW1@TX
zJyk23p*5W$Aea$hB>#X?#C+F6$8{-A$F_}$$R>F=>B$&ha&wpwa+95eRdMCZu-q|;
z!ZDf|BM==(RlPh?jOrV>^|>1&!nFwE-ot2$USotPBiIS}u`<mH%TFAGBmJrPYM7WA
zkb_hm$e=|()*mr6`o(q8ygE{5{3t<yEHL0w=SC2h$t7&dqmnxoltxv)y?VAPY*!IF
zEy0AiX>T{y4oE&dgnaJ=>>(hcR(=O-Gk8lOOt45%#TFsH!nDjNJ8IEwDXLn`xqd}A
zOt|_4eYvVgY+96_0e#ui&oNZJjKm9BNna@z_0Z|M#Ar?Wstjcv{%&2S63$@MwI7NY
zx=m8lpAsbhv%``Xb~RW^)9W#^%nz(-Hd#KvXl-Cv4P25=kO==QT$duptec&yX$8mq
zLaYYpt3D~0*fkdn#nZFCyw=|L(-;(wQ0t(hUi*(6qDykSRukAWd(Q-ZiGSp$Upw7r
zgUyjuZDS{irMTvG83K}jI`6Kr%YM!r0gR(XPhz@Nlam-d6H}mIb2?(4b?yTwhUIS~
zhLx^}rHTHNLle)yM<4KjW3g!uARD1uRvpSu;kWND07`#5bkb2?f1cwX#y-7w4bb@G
z7plNc_cWuYZJVFXX8`r6P_iz#^U(2M&T!LBq60`Lvf5LTj&gP`z7tKUdf-VdFE)J!
zWvF?dz4(>t%U4nta|5ry0oJisaku4S&7!W?0N&&&Se+*GCk7JFNcA8Isf#P*xZTsU
zVmh}6Of{Z&vXTT&x!?=?|4zmHMf8x`^!~$u?PnHX2b+w1w2-{$xaoG}4`!?_$lPfB
zWuj~NroCfX0`({F8sA(PB-O#%1L{j|4VEzmX4D*W?_Y=n+=I7Maz2pAPzBBhbNqf<
z`wt`1scxHGTHUJ$oT|ZOfksS*#FL8hqUuy_yd(>fvMIYJ@EihpPMTypI@F^wd03`W
zreFwBi-hs6mB*_te*Jb+^;t`Gl}ELm>cja!pV3cHl4O59kGm>Eqk6txLVz1zL`~eP
zYEzRN?M-)V#5DG(W+@E#dybXTYyUATC@Teyv9A`s_Yu^M&h6Qm6qB!f&~rz`i;`h7
zQ#^!9B%<s;b~b*}!Wwk<`Ut1%dXM)8-P6@L><uV`&@wj6h&r97R~8{_=i<}*>YXTr
z_j$>fjA5B{Ug7|m(U9f3pM2=){e`T=5|Ox;ii!~7KFZL80ANva<nAf%B6YKpc<8Q3
zi=<_TAVTvRdo;AaMhT6l;*%HG&qY)5)9`sCUh_bUg&<Utqe1wJ+*BcG7y4T6yq^P-
zR_ISoio+*|l7Wyry7Xd+U8xMZnhTJjTJJqUvx^MROzY0<Eavj=sS$d7sZ}y%9SdKq
z#yg|6&{PBYb`^>bXICk`F41gA+0<TOpLTQBUoY4AI;hSS0=qGkp1j1Y${OazZ;V?m
z8tV(`PYh};HMpi;yR`3|_UCxY?!lJpen8*G&k>m3gn74##OKMM^V^N418K976MrG6
zVv)dOI(qitOffW6Zd>qIvWCQO=d8Zd)8vO54UL*5pL!*j)=%UH58r8e|Ah#$j31B8
zIMeMEk84qF7d+@+*#5rbU6cc88bD^L0Bm~X<X_1C^;3{v^bS=lKJaM0u=CV5`SkOG
z#_D;^{i)W}uSW@d4su_@%nRoa3j%v1!`|&2XeFKb9yzZ>oCkOGSNIph8~@e0{z5*q
zS%d7NTdREOO2g7GO|67wo92MPTH&b+yjOqi{Q6P9cJS`nam(zF-^By0$d<F(twj%s
zk$ugPR|RIBP17qQvMl018U_R_lrM%Xx~AR`-t#PyT320u>zy%|=$hXySdrvl<y`aU
z7}cR=;^_Ao=M}2a_Esz@B)RDx$L6222}&R3SG*Vh-@9twco47rs%fjUYkOxWB4s}Q
z53-GD8<ty^1`U3c@hkFY+VQ=!RsgfmsE{~mp5BiL^a>1(>^#0aGW)PI#yeoD_sp*D
z$M!n|mb5F`d#9Rj{<JZjs_tmX{I{@Jr0R318sc62FYIS<IB@m_h%U*$kXs<ocCZ;C
zac=A&?bl$fO5}Q^U_PCnT3h4yb4BhXD%YWi$fXF~;v$cOptGzq|I^4{-#==x{I&}+
zZ(J@us|1Jm_3O{#@#gpGvxv*TkApT`&)c5z$2P!5mE4yK>RkWZ*}m~%``z2)t>(9C
zI$qrGJjT7Dy>H#9gSX_WD=v7vE?iJC!FQ`vAAfu__8D3)8>+A=8k<4IsZMd-O4RvH
zY~Yseu$`Mbp6?ercUSF~YKXRQC%Cb~hGlL$y-T6xSvoJF+N#h8K~|03v&yaK4sUy<
z(1jdOppbPHXMSjP&2nq|-aY=AcZ0sk^0(6a`ooerM<si$vU8^Z{6cT)*!dBEOQr1B
zPF5Fsmpf0-FZUeR=h%f8cx&0%E=IR=K_{T)z)We((F$ZUxxM_V$7r|y62ZP8=o{C-
z{e72@NXO;k3)PbL`BIy#)bd>(iR#c&4R%GaCnoMHs(Jl(l)L7$rx$r1Qly5)@g=K~
zsgtrgJnDuus~U^!7N;`8OrvxeS7nAId&jO^!K$jUo{cT*JzMxu<gu}gmFD&2n|%Dy
ze#9oww-@GYaa~k3$jUx*t>{rB2hGettdp^4|LU+^K+%{pv293c-Mw)pkAqLR7p3gM
z=h60g+AnaMp&HC+oSH(bsuTC24dWpIj>o(_A`5=XdcvNqatBb}RkayC7bU!4?GwFv
zfFpmqxM!_G+%7lIvpA+OmtA^6^tYL)X?-xfQuI@8Y?Jx=+H-%?hKDErcz~N!l>cYk
za|y7L?%9q^mnsne_x=1!kvEdyJoC&@@s~Ccb9_dbAU8OmFb&qFvl^fMJLmCZ@&v#O
zhIU4*RZpnZN=$a>|AS)i+ydbH(wP$RxBt8)a#s@wFUs^mKy)xcfu#eiJ!G}`gLIg3
zh~hrV(ASl4cT!;*UkehC;o~lStyY`tEOUUsNaG;>Lc#aa#6OneD^=byM_uxbR4~dG
z;F9A94x3+pRT_{#PP49q>eN?&RV=c*f_sJy6gLJl(B5Z;fZ1Q@ZoOXYJso#R^~;!k
zZ83RL>UrWm1)=KJtUdA8tYOFuS2h0<b&AXBK=yUm3O$ZMCmn^kwoK^S6rd+piZ2m*
zjA|vhwA0o7>~$MEsZCZZFPO*}*H82{2p9{`c#9BA``B%5#EE@vkE|`DGN>zn(PVnD
z8h(4}eO1y-cNUySX~wo_UE$R_mWr7J?iLy(lC~C-#YouKNz^g9jtBE;@2jQumA+i$
z;^?BdD#9B?fQ)dMp}p7qvaj>SzOTkD4Y3v)x<SmsMnASF-a~REsSpRo-|M`QzwcCl
z(G{PZ#1#&5I6D214$JTo^(3+jDX=<4TAQ(UWC~rZAbK)RJTberXk{X@P8Q*ylTtMP
zSRe&?nvHaW4wM-yB&cURg~*Lj9FX{XoeVF&2^+2SQmP={bgFoBuM~GyA-0E+A2y_m
zE3?qs8ROwkxVu_rp`EisZ^dT!A_Fd<<ZmA>OLv5@_O-IU%SFEAi{k7!RUdk>W`nwP
zv!r$WM^-6E`@jltn+%zIWI2#3>X=KguJ$qB>&z4CXukZWxFqhOH<*3?Rtz7SMxbnk
z;H(|hl8tF*4u?_D;e~#!U@dw#t1LFLs#<V)CS?aW<dzac0&6!qewQGwr$q;F?nR0Z
z??}e;Vx+3P-Pze3NuE|n&V&^h|1?Q#_6U)4LBIfGODQ3|OS&0ln`Wf<=bwHwv(U|c
zVR2_A4Xz`M%dfPyOkJ)iaU3$xvp>h6i_Yg^6vQ#uk156GW?exUaGeHS5ITip<UTEl
zN2^4$Nmt~>Wh7%gtYL4A=&3vD<!*>n$=IVM?cA0`TsraedW~-mgxDNUMg=f>mx2gg
zUV}S+JmGMu)CV_{>o%FLW6-d>*BB+QJRjA$!8<~u#2l}z%>*!d!a}nu!ii4?O6ka}
z(-_!<Cn0VG2W{y{y;_nc?I1#&u+Uafqm7DDxsAHWGDJ=EeDegIoBJE3GxQ57)-J-M
z4gG*Hqz$HFXKx(o7kQR=xw_n9-~>bAXp~LsxV3I=(vc0}^p2pHpr%V`!aZ(GA~G9J
z#EpUcDgw+yyF{W(*cjMF5iV@wrg4*^tm>l-kV&MR$ofUu<!OyE%M)X|ssU7NnFOp%
z_jf9nCDzTDqW@H<6lGe{e+vUEUi727kn#liv?OleE2j*cZI$|U5y;`?HX(wCp1^D@
z3<3qjC<$n7eU2uai7M6)mPew!rh9_HC<GIqHUEke*1y+66!u71hzaDkoq;m+I**~W
z73WHxP3LLT9b>4<N3Sh7P$oqQrSUo<eLi}=7x6wIKI6{Swil)rjen}ZDgajG_$TM0
zhAvxT{er87s1lX4p?v#SiB$i5ra>(Ng7?&4n?_lIkdsZ(!McKD=X;_jZEDTMeB~0H
zwX?B_BFLrvIxa>XyV$`_Io?fET7;8gUBIeFc;V#pEzqWH8`^I0H#54dn^IBNDroGW
z`oS+@N!TL}c6h^{Ho|!>s-3Hjk>;^yNvc3yQj~|=m~;tR%U}VgA|fSA;2;syRV~mt
ztnO4I%D6rq4hj@MB)2%`PF!E{C{iL>I04RdxNApoh7}e`ldAHWL>vDL;nK6YYx6OJ
z``)fSJriXT;qmH52Yp;E3160$Z-xZZa17~DTc=if)Hb_joa^*+m=B134n2Dzjnx=R
zmK!3~X?qrw`^e2ZVo<dgzhd@jZ`TlG6Yzxj=?iaQzRV?obWh|%qswK1J(W6dB9+(L
zejT3}HG<=QmL5#Z2<>(}6uZRp=8m$3e2Fcngl!`;t8iCjEZy1RZhJ?Vs-$WA7Fc($
zO5hV9K>QSHzO;5FaG-%_Ls#c{YhMl!+r!7jY`jCKj>-WSzFVpLI3F_u>?_;6xqo^{
z)Xy4hLn~1O*GAf;6etIE2Kr&d;9D?AeFeh2zV0M-#p$XD=z6gZ5Y4Vt?{h0>gTP&c
z-Y+(QY(!=P4&lpb2)W!5jEH?lasb0heby7)|J!aVCgH^^ZGKPtEW}!ahSvE6zPt|J
zYM}KxYpN=3dX_SBbBBOQWI^tD%<;*)v@wgqbsJFOd;L3cXKR330qs;tmjXD$Uat&b
zfdw_pnqq8Qm4OZQZvNKUw~L@Irbs1c?P+BP#;)&5bYpsYg5836E@a+QDf1Q40~~0Q
zv6ITD^RbPyVfo-Z4!+_F3Xed#?)iMPM4eMIzI*ZLwW6HXiPP|lyiYvoGW-+(BY6+n
zd1Yd<u4x1Tt-p028#$v?r`$khzFfmu*EF;+HuQF>FR4XpSjpGrOYSAel}VoN<CNI+
z_ghtFS6@c@xvPxLl-E#J;S_oI8Kfib<MYM_#5bTmoOi56EgDnpZn8|=yhC|+Qr~^*
zU}kNS9qI$=DDobvW{et{__5B_V(|pzC9m1V2T;BFS9A7Pi|yBVF~~=CL?3mNKA`Ul
zTYoiDUs^K%ky(rEW3`0)g2W>7*U^IO(o=HR$AoK?o?F?at6saHk|?nri;T0#edtmD
zJ{0R`y1S>Hqbt(&XAMG^%P2RdR#3Ds2l&n^>&8_H0gk=R<J9{xd@1ZRiesVC4_9Q3
z&Mh)}R)|ty`wHs#d)Z}2z_a0`#0_b?r=!SC(eneeX3|K8_JwP5Qwp8nNm5bG!#{=f
z-dPk$);~X3np+RPb948IrI`H4)8}?xx)s^c(?#gK1c9(-VIa#n4~%$(x9OzsuJc5S
zK#g-=)@$`Gr+bGLqPi|L%aJw9ZakUPQB%A?#ZGrbEc$s_^_Kqd^ODoC@O-ddMh82%
zfyXVkZuHElY^rJvEYydG&jbZO67<OReKdV+9$bGY=UTMYa8l8utMy<r{GHu{hZ_U2
zsVh*O`ohJ4`)w~L|C?VaIG9zh`~7bFXyD}HvB9YwSRvCrN%*C@amIDFJT-mNHrK&D
zf7o`nAysqdCOv=}zKK0IRwYn=<Q#jd8#Meb((bHk>%@5^QWaFW!USc%OMvwH;__M2
z+4<v_ANQRNj?SO>p2UJ5Q@=u;m%h&z?cdwhT0H*Pu-W?7@yo)!sk|4e=M*3>CxW(E
zt}vh6uir~sa+X^-JY&Hhv`ot}TdhSd9=F{O`Ms~|vMAZT{F8C#FpPIMDB@bU+064|
z?}QT7G9M>_h>N{ncTb!}e1gEtb|-t((;DL~x1hlA;(Lpz#{Pj^uBU-F7wwg@pS!*w
zyEpg~N3L&P)_5x#V^C3gZ*qP^pvC)qkfyU)u$N;{&_=L&k)2$b<5#yY4+K6lGgp7^
zj0;vhyfQPeBba|8ckpsi@nq}Jx#jCg;M}j25&z8{?o^#a0q&UVHwMxeT3+ZbgqdF%
z+#cbIef(qiRN~~(xcOALAP6#T2%hCdrk}*~oSi=-fHybr)j;zj-yNqNh{kNt*q_TL
zDGhJ!H0>epBtD$<UR+z)Ena{37xG@K`i%WAg#SSEisaJa+u-04z#U9ETLP+ed23+b
z-2B_w#pbq6js51C{fMnVjjiBK^XZv=%|-Qwz(Ak7sy{MR1*#YPpFa9@{JnaA_L0W2
zI0(Ou8)X_Di|!`XM-4)MyO?r{s%qlz)C3)FA6?yWkLqofj<=;0kR1e}&`JS&@=?I>
ztey*X)^2ih>^GbIcmG9oavn#yrs_6N!ecC@PgC<YZ(-FQpM8uMTX9P|5PxC)?R<C%
zU*xt{u#DG3RSCk3gD*9-AeRk7TQF|(h|iQF>{s7)5uaYlpY1juHf4$iSFSltjnWa>
z<GF_~Os;@O<s0EQBpz*DUUZFqp&UGB|Kkcf^!Tka9fT~DLi65uW^p}1e5#%PTbM4_
zrb@Csq-3RD=HbfOMBkq|Tj=GUYbMIyg35P2X3wfqb)}EbBl6E-bE{sN?Md&taYOmk
zvYvI@*jMrV$YP#5%L>*~+Lx=B5a&&#PEho!c#~WZZ(Crp7;i1B9nf?)uU}O283Y3T
zGpT&vwC=uvH-uK=!cNmu`wX=o>?y;g(HHE2=qadEbrqXM*eSd9Tyt%S66q`x&nxU=
zy`=8wVWS^9aQJ%;KT9XCSVnZ!n4|0JHsAfnZ}5Nf0sl!MP+by`ChP_R_=>`;Z1mI$
zOQOK@KXT8F^g}K_xE)ni(bVKW#Styn4;Gje1~Z&Il`lvHPEf1@^M?Fy(Rjv3;Da(y
zEFLU9a66vkD1KC!g}3ISJGAo@xL18M*cCiE!Mn)5AFvzz&Y!J&?wK|q1sedZozrKi
zR;40SF=uhl%v0|;Djpzm{^k5y4=+}Okla6g<ZEwX=BX>)rwl|^(eD||zeVRQ*`!J4
zCBPFeuv2{%EBV~8@BkYjwKlPJw~a=rCt|T(njLW5y_YBN5d$ffz-4B4Jd~_XF4#13
z_pedwKFN?*80yj{C5Z&0vl#!g6dt}OS;0RHE>hShvnC<n@=FfCo@@5pW)9kb*%vj>
zp;q>Ia&!y2zP=F1>5)z<6|P1+3Bo-i1!_#1>gEWEXQ&lAqCeHu5VCr^9l?!x2qMAn
zGHLCSSm(v+yV`u|lj55s4n1dF6Mq-iD*kf`UDfw?DSTOU1OiX@d~$LIt^1x3gO6er
zZz`=ezF2xCJ{uKOQ^Lk;g`#O6CFMP%i(E=hz*U!uO+Wdxr++QT!qJ5D=P7Hl@OVvG
zF4nrrB_3u?k^V+1(Z+C3L_+L3(uc2x@VwbfcEDbSDy@31DuLHA1Df3WGwKL=K=|O8
zV&O;oOm#Hd?{(z9ul_atAaT4+gEdjVF6vzWQ>hP&S<UpkL|bhEBBmoxo*=ZlZEZ}~
zYAMy+N8r{a7mK2zxS177k{=ukOEqxzJx5K(iW7%fvRZk2bZX1fmZ@--l$ymH^rZ>w
zB%-9a3Jt>RK+JYjCV9*<?VS3Av%BUwdSlALL4ONO61zPhD;d5)O%mCD?vhd2;IYlp
zeT%BqlEFw6jK5Oi_EnJ?922>Aj3z!GB?NqL6uW`kOt>|rE{c(2qby=IgxEjLQW4Ec
z&%9>^_gXJ1XNpPOMQV4E&xobcN;Ed;OSCmnHyV~I5KOLJcStnYJ#GwxSA6NcA!50h
zQC_Sik&R_i92*_WiJ1^LoJYwU3or^H_7$0oA1A2&*3)^P&BiEgd5xGr_dE(UV{r5R
zV`^z#RX<o%MCAhklF;w><&)_8eF1Gs8fqqCqT!=MA@zc`EOR|r^1Tct3x5jFiD_Yy
zc{yHFilF;0z6H(}V?u~}mE=hfOaA@X%pm3t_F2m)PACCSZ^(TVEkz&dR4^KSS$P||
z>4NQl{$L?SQ$pOOqN<D2ANK4!Mvr>D52h<p79*@n*IE<9&gBNHeR-+G=7AgKLpn&G
z{<X(SOf3^SxHLtKJXJGz<cOzV+9644W=kRFjLOj_oHA~<YP5Axqa$-MoI)uWjLZ#3
zxYkc4(j8W|U_gg==|*7<pPMmC8N?H*U%TJ96LS?uB@=F8Sb`9${)UbFa)iN9JK+(S
zdXaRGb|Th<A;(&0Nsj~ahDMqd^p<{?pre^FB2E^5ht^6u?l0UY=p}AwVlObkE%|5f
zN(s&PX*2z)t!kaHq{4rt_I(bg)YY&+=d$Qgmc+XYsSQm~ih=GBP<w=^DD*YjN)&t<
zqqk&%yp>^Mtxe-1H%2+Eig=|oCqt6r_8?$eM^sHp`W2N?=kU?mOjxBW$N)l&A}31Q
za6P7(gPO{akw$lnLk5mix|dX<T@!|8klw9(!cg;`emUx1vyi)!vV{wK@|#<fbF-->
zX^QqD6kUj>=r3VoruTm9y?+7qLYbR{O*p8;GBVKRU`clY)3IHF!j+S#tq_p!2SK{J
zBd(-zP?xgUm#|-Qu!KWhw9=?8p4CP7LtZUgM$ta0M+ke`meAg&BS<0HQ4~dI&+l_k
z{@k;G0ff|VT`K1cWI75*1?H0Bp%F1O0|x!t{QW2hbuGPUhOHFU@3}q+DFpkJ5)xn?
zlh;cU@Gx<HO1UvJI%H{$P}~TU5NCh{0hfLUkGL75qEG^{E6lJ+z*vTOV&lMfQXIZ?
z2k9mL2`MXSQsUisC?qh(D_LrMC=_37PlTCgN-|^F{g^sXsuM*1FNsu9y3DVzDlNqF
z!VK7}Vh(FJ9}9r;*Fo_kL&MPM8Gk)KUO#PyoDd<xXGW$Oj>j^l{OeYxX!~q}_{G`~
zK|EG{65bWPrU3?;6=C=sId2z!rS7gILksD<of=tIaPC9~V82(7L7i4zZYj&Z_-*O%
zm7S|a3-5Vr)`2dC-3so$?h;{`_kEgK&L<J4=;`xs*SIlo6`$vtN0Yb$*0V~<6fZLY
z^zYp8JWWw4FoBL!tSr0Fm)R}@;04F|w1EW@*Z_NET#;9XU<W(HpJ$>NfmUeqwYu;g
zY(d{XNE>yxI)9AEdzpcZpJSqryR!77&9ze<5c|vZu?4Skof~3$n(hCzyX6Xn`Z_SI
z`jXT@-Dt76yolq|{W}jaw$6CtLVF%^<bwM@xW`6dAvi-yc%M(C4e+mS=0vc&+x7G;
zMyH3o((C3KYlML-^2$*aL=*0*j812+=qd&iTwQ&fO1y!5YCbjnO{gJG%i4~dL)X@3
zh{o8`!wEGD^JIsG`}5?A@`c&+(Z|>d(uZN?RD=50;`JWYwkz~89fb!>;^n|=^T3Kf
z^RfQ~qIt|i%=K17?C=%CAfF-QaR3b5bdTn7-P8MRWcOd`w2Pupe%|Vfipz_QmF4G2
zH7``j-Tyti62t9IzVnkR;MXs7MrcBW5LQ_|zDhD_`mCkZ7S<!`Xag*+UJ33PFIMkB
zcgt>`YmVOyqvXqCb~&u9sIu6Y>RE{SzSkJIC_@AC7LdIX;?L!dCLK-p?zJrEQ^!W<
zmMU!4H05UqHbdKHX408^Xrm+ns_G9V6{{%Ez*Fjv3a>RwkW}JX8G9jZ7#kY{>eSKp
zcCk)oS^TXGp=Qn7aq>!yl2zgrs>uzZ-l7Y73%f#&S^m<y^57;^Tt}_0f0{l{P7oD1
z@am{2)V3ha-@e_~IQ(3lV#F7i0=uX-Tj{`Pr{bSz@1(S)X<Z2X-V;2V+Ib-d7mCDk
zj)|iL5pSMU$PjNPKsD}}Vkv%mzy|G~A0f#3>GV?%rwaly44dJ0uy?ABQ4U<8v+xP?
zN@-Jeg)vSGyG@nlHNk6@bCjH(Zfb^IBilY^PwedW0{gxBM%|+&peDJlRQOoPTiIE>
zvQ$zm<(G*Wy-x~VIpP$H?)bWv<Jm9J;s>)#lpSsU3K~vY8foSS35S)3Bc~pR^=AfW
zG>7L#de6+&qrZRc{Jar9+Iz6|b9rqbujpc1*I|)!(m+G%kDo`*-?@H-X(b&Ba(z4G
zQyVG&3sE}#eC9N=d;Qb^NGZV+mXja89w&iko!<l(i&sJ`H#Rmm-OLwGdqQrt0lUam
z{L7DpHjiIgM0G8Z-5;mJ&R-+_BL&Y0fd2MfV&41RqojeYptJguo&T?J{dahO>wa>e
zH?>Q6kb9z+_9#~9W$j4k%XaS_pGDu?a>q8`RNalOgwHZOK`q7nKoBAJ1xD_L3Y@T1
zJSYA3`8_Ka$s)aUc((Y}JxVk|w%z)+&%In8Cz<aLKZeQ{+#T2Qh<D{XzLY8FzDo{j
zb<RBg)a(3cqu~m}Oy3bi^+%B&RGv5UCbL*z0pH=yk-?7O@eRPVH#kT;u({C|`xinn
zHFfgi@HR{Qk4DkIkpEiW>bxvcY)=2kJ@K+|yG^FEdu?&pp{@4#CAg8$4nD&anLmA$
z&>Kz$UriEn^WiEZQ{j<@poR1o0%BZ6k-3pyBEh>f^B0mAq3ioSbVu!icl_|6zM7it
z(Iw8riI>qo4*5>@gJ;^lYWW_$>^O*EiC#R8U}jG^zg2Y7_DI%g|4guU`_FF|#lfN<
zLVpH+hjXdjSRVMuFW-Cam9w0oa=TIRUHepr=g(Ql8&BNA&8>(~+3LdX_Kl60z?+It
zq-egqbi<dfCE8gk7}yc9M9MMBWKC95`S?(I#jYttypVeK=a0h`3JK2p>pPH9=DU)3
z@(Nvm>Tu*nPrZ-^4SX{5_+<d<UDjKfG*%MprC}e6GW9&Bkf3K|yVaty*J`#8_zdZ|
zd=bu(-<pFLezoU{>;Cq4y^^GITMbFaHs9HDi8Oo_Yz`ODq-xLncxpYN$S&R9=T0SL
z$S!?9Ptb3X9Ln@C1j(XgWyIr+?Y-ls_L^G%*;n4Zx1+b0R@{e_s4^eBQvGRfH<-BR
z5`>u9({7x4OY85Vp|09g0k{f|<V(`_@X4X7qMI(;@2Q${YU1rw7ae(w$-{PZkX^nk
z8~tmhkZ}{lCviKqOjk<~QyZD+-31++j-hs1(i;)J=~1saN_?ICJ_B?c>{9U!4gNzf
z2vk)kFBg{&DTDRl{^@u+9DwE(mv1qbCgudD>s_!^@a3#}@~O69pMK?;9c<~GIy*R#
z&!@SHH$ZmKRmZ{rpYQamXEqm!?}W9Ay_FO!{z4+G4i9*AlYnNYpj+`KaTc=Jt?Zpu
z;7tG-K82ZYKw&KB{hK>3TpBO<$CeoB?bd(BJSR451rC1uWCAet<mT{o3W4WNCLOLF
zx=nVeW^?guip!GbXBXJ7^K1qCeQGKlzR1S`_PUk{M6hh-iLa9gy@qYQws6x|w_2m?
zX;Txq^72Y4822@<xIm5oJHts$$_d_p^1F#yFYLBr-9>fm5h_?ncN3@Yj#<%(vd?jt
z1DspAHN~4z(f7naN9&Fu8g^5L$koKS8H`vpO}4ccT?LW4$o^Rcio;rJ)`F>5S;rZT
zM~F6ZVLHek@=&a&97%Wh7E1^<&p9}fyy*F?$8Ntxp2DqNUPNWBkPs4S@Jn|OOXT5F
z-IGy478py9$Jq?|Iux;;2ogWJ8i9N|Ar*U28uwZX##&bV^G%6S0K%m)$q{O4QYVgF
z_q3u&dS49#og#+}eLqvNsXeI$_#|gq)_ZbZixvus+(UKe%y+ZXO_at4BZhAoHqiJt
zuGb!&;RwlCoC5dV89!QIT2&E*uQ3P4#ij9Xr5MvHdEJv_Ut^nL%}JRmMd}t1vV&2|
zbr_dZQ2t>|F=C}LCPtc*2<hBO^h<;fCe27Q(R-iH*)OvoAtpC4a30a?L;9qc&{k(9
zhCbHYQOY(Dk%YAaVs&DU60ZoF?{V;3EP^Uu!2->8d(|1Wr@pQC<h51Gn6A8&jb3bS
z>0Gq&D=}7v?v;kQ#|E;fY)W0VcSO<JTaMP+-?<d16&Qyldr#3sQ%^~Hn(2T&xSozl
z3_qDLum1QOsYExwl!RFR3t7OX%3v%Fg~qW$R~iK9^XN97evmPM{=ie!zmdhV3ZIa0
zc4M$^YQp0K<||7vs^SuRZj_r0OEFZJ+@E>kIaV=Jl;i4Xrd+B74A?|YMKIs!N3wg+
zi`E~KV7l%@F(MdK;8Zbqbsq}x;GHaBwLd(N{omlQ9C<&Oa<v|85=T_yJOCsE`?477
zH#~YG1Xi@wnG{V0R+tY1YcKU8W$HiHX41+OGP=E^T|oA=xM>(7^hBLe>XO%96E62w
z4dGUeb{+k&>#2p|INTyB41If?kh)O7kCywkf*~k*olaP3V_?m}!c@J978Ysx7HI1i
zXdUI}FwwS0qAW{`9n?2>j)`T>U7jUgDE&y>op9v)7+6Pl`b7WJKPdjGRFcrm-vlXc
z*Kmxm5z2sBCr@-#twf6?lou!DiGg{skRX)H3DhujE9MU5yuUVcJPyJPV^F?~HcUV&
zI(br`jG<r2L~<yxa8Td=kVy=K(~c9XEZ6DPV-S-4Xz0jqG%xo!jvj&ISBKNm?Q5Uo
z%hP74cx{2{zZrY!#IuC$M?XDxAEA=*F~lN6SBh>`DE+Y*>CZYgeb5tU|E|m*G9ZYP
z;(vsK;KR_-ig1)RA?6A<J;ihbUfAGHPX~us8G(wfEMp7>sbfHMBdV|AE+{@DRLSzL
z(`!FpkIxK32=N{gs#yE=3?szRQcm#&XoN#Qmj#+)Oxv+AU1y}95_qBfOTk34IWmSD
zs#@ZvMzZ~a5boZ-_k>+?p-+0EgfozlDySqbq-BQkWWq8VMU?t73Cop@p?tJND5)Gm
z*3rDyR*)VhyeFgtB4rJLy|`YEPT!6(tJY(XSireZk?S6_P<LT*nR;Vzu}04lwE-QP
za>|VNIC_WZDwOIN1Z18#C>>)cVo;;TMN&+%>M;F<Xi7gMbMzUp(s!K1T?pe}k6K0|
z=`feXdz!>!i%5){)^sA*a3ZP*(movBMTauANC&=(L$e*l-c{nQ>Cz+s0-~PiB=61P
zU1IJ?5nNh}JE+Lb47zkxh`f>m8Ze`E0SR=1nW;sAuuIJLjyp_a*0Vw`G>laqP-pnz
z6YFIc8FYEKr0Q|>Jl31>vZ`OKl?yELMWgVpjzgA-@oEj6xq2=3pn<bqj$^L)A4%sP
z&xHQ?|J^WJ40Fw8=C+Xg$~Buy?hG3dawqzfOGTGcGq)MJUq>}_(u{=a<kpGYNeEq4
z?rB94(S`GS_x=5uu<>Z?^?toyujebNrUw61TMJZnaLnjX8w;+5NNv`;XS)g$UYJuf
zKLAGs8&Q?*4~)T>Z!KW(g;oS~gAiC%nVfeLuQV%Qaag;4F8d{EX|NUq)0DTUI)Pt%
zhm5X<w(H&ee6KVsX=zhOkH>ndYue3NYPfmzuTh7DCzk*Kq3LPPJTBU!LVjPq=+GZ9
z1H{tUHFDpt+ZxQFYd#9gn-bYC$EM>A)q8`DL3GT#T=0|M$ko{v#ngx574qHsGs1@s
z{)xQBuIoLi22CMSvrN@OctCi)p+xW0WK&0?(CHf2e*v>k3k);4+-23(zL1xrVMhW2
zB2qNo$j-lzndgBaV*`~}Jrbq?uA%aB=n4JD$(eq3awuZY%e%sAX0@TmW9g5R2Q8Qy
zdeZ}kgGA86&EP`F)F>)!y4Vvx*nGZK1uQQI|B6C{IG28P)ro1>F+`8(M+7w=iR~G=
z4k1K&gW<nO4S#xkt##*NqQq~cdS9(XS=gS%`~!up2G&nrP?}=ZW}rq6B^DbVdadtE
zBTQ-L-6CW1MN@svCiA69a2*5sQ+vC!s+teb|3SR5hiZssFv?_%&hS5Hm^PyOJ;5_8
z+}bnOlRMYD(BwVY8HO}fp!FR&qR^DSP;)yohny$|keAA%hG!e4ZT1P7zKK+M)e(8b
z)g>&#uzNM=FGEpEh|oT6Yq6n8wwvy&iPo~x8E*KEbGnxqu_ke@M(Ea_`@<FBO4dDb
z*D!8a&;5j$N3Ynsl*YyH--jc58lN{?XZ`XWDC_r0R)ldS+@F6CJM47SD6fYe3xVu;
z*+|}u#Px)`q$GT`3p4tD;}(nd@_T+E9jO2kxcREjY@Wp0_9gVUv?!%j`o;}kj8RBa
zB1Gdq_7~?WxBrfK-}>s8c}3Fd=Q5K;o1PRA-;Mse-Ro`ZZ-;hDcRWBTM{*Yo>)sN5
zKmSPiVd;`pcWUIe)xhdviAnICf8Od{e<kl=rgwY$3rM5s-P&&1E#0NAU9sBH{QBt7
zr=h<dY5v>>GMM?-mAU^QpyD%id@Ez;A}BL_Mp^Z4jRGv2MrY#bU9tD)R(?IKsS}AX
z`Ezi%qB{Gd@YjPE0Kc$%XYR(0-QpiN(ieAjEjzBbB|Ja=^D=+u^trA3(<?PcTNbs)
zM|-vpTUo7~>Aw<r`H;|w6Cdnm*MCQjuU&eeoUr}XdDiLi`exJ0{Nj8FNN+vba^H#k
z58^pr+W7l9$i=;147m2|c-rrXqpQD|_HUnDIN0~FcU!OO!;g1*xrN2MTOTdoS#|vf
zak%to;LHB&R+!fF>l+n69ls3ie)#cdcLMCsg09S?6*mB2`1SVv&gtzMU-*OV+@SdW
zs0ZLmVmkYQJ6u8L!>;}4`uWvkl~)}9gIG=NB!FDl4aqghOI{BOEzhrSg8!ITM^8!q
z0`P6w|E-2?=gunDzx?OwVA9gzQ7etNJC`5%_@DbKo2MYgh04%|-7H$o!t<{Wq9Dc<
zx9zRo)hoA^Gjvvy3ZkTnwzNxceT<Zfh*87KO049b341LZ-@sWciPXtaeIR#=Utzl3
zP!MGJrn5;GvI2qH$1YlC-#;=Ro)?#+lG!bnXa?H!cKwIPOH@^Ibj|c9s4~X=cXi4J
zbVh}`v_4ej%v%1S2@e}0Z-M}6xmx7u1f?fL%g-}b>*Ym158UXwyrg_u;Q{hG%oNHw
z@nVCNcj}n}{PmF|)eq>bj%r<qSp0TlydPHBBhGMSD;|3Rva%Zc<(zfgM&#<k#kF0u
zxii#hA7^m+MuLL<&6ko{UbzKNqSq!mx@CF>;b{}T`S~rfg&PGr@NJC;Q`i3k47cqO
z6<Yh6N4+Q&$AW$4pHS5_u*OP*BFR(VpAolmGV4@I{#Q<b5VLCQOd1m+JI`uS`{JLJ
zT>KI18hylVHW3{Kg#X}l!CvbaPyGbcl!POwfh@Ut8;46Dxj2&?;G_#~5;6|`(5TPe
z>W}S^<PjK&d%R)k8pr5{nuWNhI+fk-9|0K6Z8kZWDkEo}ikk~>dFwAgsFfW)ctH26
z!;M%G4;i^HrBcnT=PGYSXJsT;p%8n_^QP<T7r4!u)3N=9xOuB{^Lc0fJP#cq?<0S^
z+*NY|`aj`^e1eT+M==5P_1|-%=MwJ<gIy%Uk@`;SXs|t;A1(v0?DboA7@WqgwGpx_
z7nbXej$Rb(X##t_@~H-e<+!LUMuKL6abiVHgNE-%TYpl%kBfO(>peWz@gddUrsbpx
zwY&AzGDkB}iXtapmANIB!z)v`!4fX<PqGF8xju`r?nfl88qu?M+G}U2!n$B(AYHM$
zwO6{lyX6(cJD6&4*h0z~a^<XDRHg{LB;G~~dpLhqiy42;HoCx6E7|CFJ}i8|m0Y6p
zKTdOv_FX844J9kqxk|}M>S*^;pa@COy~G{s4Z!@R&uAnGP*b`q`1B6KSg(fvyP-S*
zveh{B!vOZ-(;%mDn%*IvRz{)-1WQiv(@Mb_gXXFHjSWhVuKnj4k$B77#8mUE4fpG4
z20hlY4YH34*beY5uoGkJ>mOw*1H`Vx+y!3Hw~u!)!kBalcvX{J)XW*wlT(N;<8Ut_
zo!7%EG&6T8FRAs1m>Mw!-LghG=~$XDv}0;4{-@UdLoSi{1y30B?|#CWPWe{?Er_pY
zobKsj*GSNu2|ukec54`!Ae<3?##32h9m9Lrv%4rqtJtL<tojvjGwgvVe_sOSI`1?5
z>@Gt)ee6fGj&LbbdsyN%HjNMEvu+;_7!5|H3KC@-?%Qnz&O2Ap42cTrHW+Cu3^`#I
z2_q5AQk@>YlAo{@3Yux0+Oul$X%K;61n)9hZfU}vjq<n>2abfJ+~)AAHdL2Aw7#h@
zm;La^Z#^?%VpDEWLMjSsQnu<Tuh6Cjtg2)+_g+Yk|I<5j$-g`D(F@R7AM4_qXSJ4d
zz#VKmWvrcv6_p&Zg9=Ft^-&3>u`_N=sX!$&9%Cj)DXMy6lY$;kwO~u?+T8O+B;v6u
z-Gk)nC&FkEsL|t_2+<QCY^OYJzBV%k^xz<@H1|ITJ80~d#Ba3C>v2~T>>UNXoVfBZ
z6Pd(?lq#L55slJ1+l<<RIM&*T&aK>R<*2?qk4=4&KvME;ZHqEhf7gbEs(*6u5Q^ir
zv7`&7)Dh_(_6LyJ1@m;RMopHs2JHb;C2!Y%9}D@-&5F-XZKX5CwS;wFk7C3tM?9SW
zZDW%zUBDY6x%x~&m8))y>S@m$io{d8jT3&c@+&7@<vEQjP&e_j3SFX_&gBNtzD&7L
zR!gJ~63?5lO;#@=D3Qsw;~~ceNu|<X$zw7KXd6d9Cr4M+R!*l2QhHbN49xEu)H9`E
zpjNEc36Vv?RkJSXa0K1|=RuY`d@@;~oG8WI$1d^YA_acyu+y`zxX>I_20l?J>NWpC
zFtD@#Ftx05(rkTDFKWZkgOS${+6gnhkx6owTG`TArht^ny8#J41dlaiLm&)ft^7@y
z?X`>SG+uL)PA?UEO-ul-^KG6(w_<9=woD0}-#bV`ACW#c+e>ho=q0KtLD;#A$Z8tf
zMn8$P$9Nb=%=?QVV7FJydOFX#o56t^qnPBcZS=zo?&^id4Cy4hl=kK1_<+GM@xQmt
zm?kHh1t3?{<ScI=5z!jHysQ#)ovEYwVAnx4qnb5DAJuzBQVMfNpdU~na@QR)G2cYA
z=+Iy{EhzRs2t^2Sd0A5)m-G1YP3T+{!(N|Raxp4-FaKcx_z`W7Tvo`_9w9j<5J=Dv
z(*VR=R5(UZYq|)YXW>D<>s}x(3@hT$45L+2A?#R^f&us;1S*!;^gFhgye~6!vBO%>
zS+6scL@NZ$Z=L4*l!eXU>uPawX3L>nJF&#rF*?k5(xcn78F2`(4Q#oHo*#IDN|_?`
zV3Clto!&ZG!A~Fn-tw9ov_&B4Enpx63gjcr^2ohss8^Ob!5Zkj;?`d;U~y{SJe;qh
zeXhrHf_pJ)?N}Pimnh7c&yQN>t3$!5{eu))NsI{{GU3dj$|W&!h#KG`<luv+t->W`
zT5=2M?InE1!x3-W9#b?qMgiP7O7yi~?Z%hg(lpEj^Lg9YhYRI8Fe5Nq`Wisku9KIq
zh8CS;B5gfx{L1T<GpXR<pCAuX4XWCqMJ|Cerkv1#?^AN!|DNVlA6*JPwhXXutCuF9
zU*HZMWu4d73b{I>3ko08WeeGxr&s0IZF~Ez=Bx6gfSf;+4={2^X3;LbCk*Nnk@*LB
zMgUtacN?rTjXfQzIg~Sta(~uvH)M;bB${7&@|4Ipr7wLx;PXJ)%jxRlgWhqMXJa>%
zkXbnk`MH|5O-<$TTI=rM!_^g~?M4`IaJf<2KM}%<1kbCts{)e!@|}5hj3Z#V)f=JR
zVVR*vKfGl;^cOf=VeqJBU$&qyXww+>mWkgP1Q@%HN^O`uj0$)J^R!dZN0^^1eOeZ?
zSQRG#QQ_ie*9E`IKYzE-idL@_21li>fB%;mY#4~Et)JUcK5``Rj+jz(4Sp2oenJL&
zR1|r%+Uj@C<;slz+0l)zgL740|D4!iVHEk8PI<R}!Ax9nczFFGqr-Q&aZyn^tkP_M
zqn^I-O7}s6j=_)?(ejmC;u@tcHwjvg%;gu{>{e(Ra=fk7pNnzEEZ9gm%jjtJsG|n=
zg%t=M9Wb#GS-0W0uFfn(bQX-+WNcd@>IaDqJ)zMejjG4_JlV=7%g3q4#w~L-Wi6H3
zX$}%D|NPCF+lmO)FbzEt|NXqHk?0IbE-zl%IAKr{{h>5!-wmHA-N*Nm?0Ua^?x`G3
z@ox&T7gcw4tF6c-6^5(?iqzYb*gu~+CA;@%qbuAWf@lS#xW${^aSB%9vDfTOor=9w
zUiW^UDw!!LGmm^38o%I@U^{x`h^|BMJKW(@oKGf&*VQDp8|Oi27Il#!h<HTT#-1zK
zd&YyjqZaM~`%tNp*_!+eJD4U+o>M3om3l$Wk{yNFvUaN?dW%7+9+f?(F!r(6Ij6&-
z#G>NgH<r0)Gai2bReti<TaMxD_b;bMPbZ@4<3|72EL1S^Dtvl$e8b{6F7VLR3cZeh
zn@8Vh{}S2(S{Nj=s(&9_0YR((Ak#{3tVXWn1_{1<zhuen|Fv?h32ehQCU*!{Pd>8$
zdZqS!?9;<nzPN9?Uzz{;2>#<g$nXEH?Na_do)MWl_ywr>^xaPz|3OlA<aP~q9e1^N
z&u;r$fz!+5{~#(LIQIC|Q}cgc9A2G>yKd#J=8t|9+&$bq@;H9>-0|_>p-aET^1oV?
z_OF`+D%|>H_4EDA_iH1gr#-DdT=IPHQ?b*({2xT&<YJjzc-GF7%we5O)A0P(VV%DV
zdoSy~;R79-@ZrsSuq)HraW1yI9o6-Dh(1wWr=Vy4SAeX<Ou<YC^Y#%!O~?m1DfAe@
zuUIR@Q9Tvr2yP}@z9&z+KRfnMGquR0F!3DCK<uM#eAYgJ+krKjVz+-a1^Mq$+Fx5N
zc8)lQSRl!=?o#TcQ>@50e8t`{5)=SvIQxcb*~ZMv@2#7p(#DyZ^1{Ph^QIn&Fo}N6
z#Ix%Dfxit_hvFZ@=i?_8iYEa3K~w)j$A@Q~zScc*m9bKZnzDL6K{s!oeLXM`LOkCD
zdtikr8V1OTZ1@&yQKc1B6ACK}Txd%jRfXOcYR>0;F3)jIXTzWIqXF+%VI5nzu@EM)
zks4F)(rjYx{no~b)pD(O$xkD*Hbmi#py1I3S^nMIn=Z|JKTebygR#-kXSy+6kw7kg
zHaPc)a2Dip!b^yI-ly!ZQ<Xc_B6bX@^rn)96z`4Z7*Cby68)1~UOsiE5#P={|2y<w
zb9;~KVnTi7YGr10`6&UJI?K&5Yu04;R?{6N$2vwLl3VBrK3y}O(`p9BPDe!^>v_kI
zJk&5LngV4CF<wl7m(HMW2nPJAvUm26XrH$Svpc@#*%1%I0HE3YIF(Q<`LF9P>dy!1
zB_Kca1^W!fYDqbGAVG`2NosLm`4;_wCd(N9G52Rfz$(IpswXVmyye%Ab;%>yN|`k(
z1C1c^BuDe|t0XTe-5mj`DDzP}?>M&~*E6*}H7{PX25UL1%A0mQa-}R@O9u7{D9`V^
zsyZSm+0m@4*vWi7$h+1lW=t_1Z{eLaANfL2vnkAw-qxB-eoF2!okr-JDq2XXSrhAv
z$O{2u-7R;uf{dv6^|xsIuSC;(uL9J3nmBAxCgi|g+)$5FL>+M+J7+(Lh_8Z{5S8iA
z=G`2!w1(_llW_M|eif7B2N<ggFYLnoqgd$ZIurR^CL<Qk)XJ{-uGQNVz~jM>#EJ_S
zQF{tM>hq}m+Po5&-3dG#HyY34;eTo|okQ84T3dp1_Yiq+r)ea|@c>wu;EjUXWF5as
z%+ZJaZ3Xv&r-yhgt7bUW{~-S`n&J+c9jBi0cTmqIcy>#?e6-B*ykB%YWL$+%-I}&X
z8$bDs#Zyg|8W=m^)bcm|jIHp>Z6}<3Qv<VM|6ta6T#&MZD+#!GgP24#S3<xZ@r)`b
zqhmp3n)cnJG{xy+LWO2`dG~|H(Go`1!9TGumrI`BCB;jb)OTYH^QUb*Hg58H4#Q6N
zaFs{HM>R)-DW?$6|6LZ@lSA4*8qF&!xXfDSRzJA^mQFKNyeX~SB6CQ<<051G@l!O;
z>Z~_;OnQdivX`e5Ro=0j*HiDmM)pB}_Xs09T5>l3k}@EPIgMAr+nrzf^uikC@yta1
zb2A=lo}Yyub;<Ar1=7e}(-}XbhP)s_<>7Xg-Ta`SZ^XE_OLC~agmHu}s+%Z)7AV8$
z53t6f7^MQ0&#C&G5=%uYUa&KUCpm%*LO5=vUO03m={CALS@1q3{2|fETAstjMuj;E
zsh6)>b7Ib7vOLHsI&z4OyoJtY+V?3)0a6icY*HMllB%LX<xAZ3wy$JiY>ULntX27u
zGbDvX{aaGT0%y!HXlb<*6r`?h4Pz$bRu7npS!K&}49y*2FOX4=r#^9|<`zA#Jy9Mm
zz)5KRhB3>d2W;cz5OMC4ytG9~$zX?v0safr?s~OQEW<)kuo6>)eX-4hwkL5_E7E5;
z<%gU(>a69ecuoE`Hp8zNK`3j+`Q#N*4M%6#Bd_VpwYnqoy#n<WJ@}>r5@2%W&Ils(
zFAuWx6*)V#=dbZ90=0+8Hcso|Hu%E1YL7ieem98;XV6XjEOdJbhvvNFG9b7|4B<d)
zT|vF@sQ0Mlc@!KykIi`&1Y;A$^ums&b*lVir<D(|xB|6x2}DChJ8S#FF~b<V=te`P
zi?#YSI`ZdxJIrAUNqI^UVyBoZ1sgpJ?YfClVF;hNC4f<*VCe?yJeqGlxjmMczC$JA
z7H}$nv`FTpV<?OhQAp8?tTwj6I3nZXWj-E$g<{<>C(7W?-un3%UN|%)aHA{FMnYX$
zo`2a1??BY8LYHE(sbg7hktSDkolwL7GI)yv52Wzfdmer$fSg*cxI#q;^oz9V9)SBI
z?%u$N?-*BcWGU`6vSASEb`;aWKxl@pc&Z9EvxY}h>;yV+T^ifcWu85yAIalXQlWDg
z31nR=9`EeLys?hjYvJW|jE-~v49kL@I-Y{d)v*b1LbNj1$o4Atck=8pDnu5-POTL)
z?n24(AR-iQ%+O4F^RS&$Z%InZgVg<g<F=ar0E)O+%>`~1u9Qm>R(Q%t{-<U@!uj1S
zWI3GA>6sa)!2Io^XqP6%XJN`q95!|wIs;aWj=v(V#*LtCeufF@KEBb6_uCvNDRLFY
ziR!RxWR=%*1L|VkOq%e0Q%<gD6pd^@i@X(!@hnRo^X#-*Yc%7k{`Bue3W7GjQV}TU
z7o@8!B>xOyiT}b%{E(^P=3xV2OnSorPnq3}I6A~g9+<G@nL@{uHjIm04k%2L8w+U5
zL6LKG2_<#tk_FnwLqds%pRh-Y@q_X3t1d;5z-dfpRt-GQB-X>HO;J*)2>B_3EKJ0U
z_F<qm(u!RImp6$vqFa61A;5AFeF1bkcATRBCCRpT^@NtJ!p$@%r;zNYmEvG5^wAlY
zz^}iNHehTsKV}@@>`9Z8y<ZIR1d!yJEexA%iW{Bi+9QAQEkS=(ryp>}R*}yK${xkP
zpqkw?A{g^D2=9bN)AeG-=L%}{&adW5G~5ME2))O7nNw9|tFg-T7?bCw!<RsCsXigT
zkI4_2uRPrN5mdsLTyps=Fy9kY2W}BsC67h_-xn&@JArJ|)^;qA;70-}m(8?+a4y)V
zs8IC$WZ<e^7swm6s}w)K@ZcQ@o>EsoAMm<V$_w;J78nWOk*|i9CmHSS8{!8Z2rfe;
zZ)8=}+)a9rbGgKr2O>~ogMBxrzapO+8_}nB3SCYscE9PgrTzhfwVb1e#ep9Dm*9S{
z9qJ!|b8O(>qu9EG`=7v&M#RVctmw1P|D7ktHUN?DXMVlWu(lRlx#S<1K7J@K7@Rm}
zRuS=K3iKFDAJk}^%t2Jc&AFC^_|oe@3Ps>YM$cIdDLdEH5YodW48?k=;Ow9<Eq6|b
zc)<5zq32rE2RRwt&vS*G=#cEYustar)|nwIAF?D)`I|P>H{2{1{IGj?9K1WyB7y^s
z0iJeNsLKpm_M2L@$-^(nePyy31w8BQ=HXcrc-FOl6kCrbqe||+m~xEllzCTWD3r{L
zzS4Ch?1n4XPIW0AZsl{1f<hkBJ8B~%`SEa}*Sq}#RJ(3eY6>4=B!n4LGqsfqJNO!9
ziV5b_zv3$};OL*pq64-0J((uiN>Cj!0YaF6v+DkhO77-CLoZL__kT^w-iY}Wh#O|K
zOK87)s-&3m&Dzyc7aCkBF_&>|!o|@vMQ0>_+B!N&xuuEur1XQWLD>^ifhSusg}?Bc
z5xxn!vaw4{x&q4~v&750M>c0nVDG!Lp4pT7<vIA4v~+CPgmq^2_n&T9JNdORUTSFR
zNyu7PM9%pY`UlQ%d`J7glM2Df$}8Ntnuit^|Cj^+{z?%@tNaIfZdC!sMQ`jr+-kjS
zzCN3?`&{XEZUW6HeRX_eL1bm^-^9|n_?7wApQATpK3r1H`f*(5)ej5J!&c6J=_$Yc
z>;1<sKfxtHjnMX?o$C7;+oM08KYg*i1$6wx{rjyIzw|B;8~RpH8Vv86ZfJkEg8xj(
z7@Xhvvbuf)nC)w)`Nx0%@5Apa<_p{3e_T3#_qP|Is9t$`Mds@Wd&F|DOm8kw=tuhO
zXol1fT00zbaop2JGHd*A(pl;eAIP58uM3&MZ?h;JAu9n?{VQIrD^;3K5(K~TxVQZ>
zYLY=K>*P=Mi-j`=HMn@$%))q&R(M%|tZ4}jdTxQ|SR?22>}83l4a=y}%LnrQ*g}G+
zu%0y@!YP=W{8bhbulw`_qo8}lc<9<}=FmOaay3cM!8(&$iFFdF4kH?$AbDUshcvL-
zm~fE8a@)V9Y?yR`H}bbe{rvLaf&44(e<Nex-Qs|H^0jYovN{D`o9@5uhBr(Xpy@?}
z7`}NIbeFR-2NbC(JjdVl5f9|+;}su1>dT=_^(DORZwzy8@4W|-?3E8xCrElALRk4A
zF4D^J@3&yGRBma{p=UwGgj)0$h{6NDq+7k>^yU1$3xBv#Z_i`60t5i0?V9#=jgd8H
z|8}qgGbFUZ+CO6@i86(QU?*kgS&Uy24$M0~6Z+i>zN%^(;fe=Ic+I#T*9q^q!=JyB
z`CV^&`aQ3L06tXQ3k)!to_az8h$oi^dtC*<!boG{zPy5JPmN<$pL#&}{ziPTJpbDI
zV`lWc<!srrSwdXpUFa)9n0XI?Sxr?w*c<bUGnbfNQ3p;QEn4Rh{-TMBiZ*ptv14Gn
z#B_U^bvLslm{2QcI`>tZ;w#n`*dczQYFJi9M)u2IOR49LUls;J5_1<v2w`sDLHc%f
zdanh+2ECv~H4r2pHSqBf{T%HPyNY^l+p{V<ixNg0COzfxtIRg7wV4&*fd$Jcoj07>
zIoeA+(Y@-B>*AamI8IgeE*K+ug*xt_N|DgP-KY5Iv8gi8Tn49L3rsfbz5e}LqBVA&
z6C@Z;jfN9lk>O{hABL?_R7Mdnjbb0W)rmZBqmb??Vr+~c1OGoO9=um2%13mg4dJjx
z6w-(bkeZCvj?rKvaZ$;r9Vuvt8oL3Z#a4MmJ<i0XsE&~1qIg2S%{8=)Sn-?kWHEuW
zQtw>&T)}0si7)vA3o{}82+}}PsS=2Nf)yZszbmKD>-z1XKXalt#t)al6LDsnE+}z>
z9O9RpI4w5{Lh-0(_FOPsRtaw>hfb<VJM80n{HzWtiFaU{!b@qtA3}AJ*I@0ZZ#jHj
zNF~}V2Z%Hvj#2CgSJKca8_)R6AM#`UbO^3`#~NPXR`O>_Z-aQLE-6e1=EyY6(xS_s
z=5abq@dBw(X*;jmigqbY7uhC|4a(H{1^S#TE8IFoQ#8ys|F5EjeRNF1H`0-Smz{+a
z>IHz8g4{ZFpDHzn3x{Q7T`~pS56j3b+(pG_4tByhm^G4l7Kjm|6^AKUi<WP;3dm}H
z@^3e=!XiB&lMfY9R=T1lBG`sqf-Hj}`LQ0sqtq!FDLKkk!4jS34;?|~bd`@OT;T{$
z&*!i>RoiR}TT`A8d{A5%wVjFT#Uwz!F0*r#w<wCEd$=08>V9af+!PUvxxC|Y_jKhS
zAqk&X88f|1PfyVp*q16HXc&w*$72P_8l)?t$C~a?#5+TT&M`z!oMx(9pXTvQV+EYk
z^o0qw_AnUo_#G+o-qTW;1Je#3;)AzMumA>aA4{=~9k=y(c?qVf#-GMSX*zKfFy8Sh
zA6SihKtW1fOLb7%PGbY9M(@HXd-ccDT?Np@zTaeJBD<h>nQksaAksC8?W||-c~OjK
z$ks%?dTVBwgJiUd_{*l76!EL5HtOX0u?nnt_ySG#`3(*`byNTXoOtf4DTi*u@}p4F
zx4)70B)elck^)aW#VL7e!unO{vWPXJuJIVxcA$wxmBJGFv;{?xqP<D%tC%#5nmE6T
zCwSYDY~P0W+o7mTJE%=^Lx|f5&fx-2uB`!=$dt#U=yD$}avL=#=N)XFM~WzksZ<>&
zI!tMQgsn<$1-tM<6cc`Nl#YZ%iHA!?$&nQ4_;@wb0%Ou%`2obev(`cz6m*aO6mfME
z+y#`5lMWc;tA-`qYMkIDH-QrN&pYrll@k9Hj=+Pv(`B}A@5v$s8(%xMyiJm!RWmYR
zj$0LftanU%6VC<eU`(my6CN_>2u3Q9iXC+Pe3v-%5J%o*<y#Ot?N=a&iFb(lYK{2l
ziV<H^m_#v*Z=yy0kiZOcy}&l%FwA8+;3XrltILL=iST}7vO}m1hxSEd84Ldpa+^q7
z5W+F>jw@H_*m&C3wn|FY8Pc9WhL{c~b@wBkWI=}GYkyy_f&`+8e7vwB8jpdy;Z^is
z@bCde;=QTmPKa&x;mRU%;Sqi+X;9$uyGs<?D~Mie?Kx}R3{7;pz*UO)mviI;U+t9k
z@o=VG!2TZ%6cL#zC6G+ckQJ*SrAE;Lh?{a!0a=$k43r$C+5sB(H^v_~hjyofe~`hT
ztq^xPs&3jtKVg`PvX{0I>PugSjGB;D^6bUM!29i%QbR8Qau>l!w=t0Jk4Wy)rmF#I
zAi=g#5JS!zJtNdimnNoS!rZm0f{+~AoRnA^MF`8K4Lxs@O$-TN^unOcoH9eUa6t}f
zC_&P@>2U+c7Vt)#a)8VV+3JwjsKE~yaYC|b__CHoUOIjl%u4C6qIA8S<@cr6umFm7
zOX#HVxNUcfk|W5?3#OgvJmqfo)wZv1w%I6a3;yY=D;Pn^dKkh7)AY&Yxq9FvuUd#`
z*T1Yb@cIMXtr%F4^z2JN$CdumF^)CvnyEVolynH-_D-iu{ojCzrQQr5sLg#vtsj5~
z{_oePD~5x$Qy2T!>Y9AOmwt?5bHHL`dQys?EpV6jc5ZCk&1)!o`Swx^tEOqHs?}39
z#TV3zLt7asr#Js}i515J!>&mc>q$2~ku>fAyO<!ABX;rsboU{Hj9j3V!3P*<OKUIi
z?Pos2wN2Nk26sD<|3ON8%#hyR7w#RBd(DB)WY6uq=-ER_0MGo_wI@m%wxf{DvKP~N
zSIE4hFWwKgKT;J9xoi9U!tT|pPp5mn9-u_RTayJVgILnxE*>{d+5fZj+q&&3Aw5*`
zP5uf*AKIN)0Dj$zB}AkAY(e}DyKbGM=icS)BEg8u9#~L5U)2l6DrHs<2>P3zljOCP
zg_p83Kq%tOh}X;OE2v)&lNyJ2DF?#ORtBzt!|giS?QhHC33&N%)XJPgkDJ-P#~D)z
zBX`dyZrn}J^zj`fE*T6wG&r}SVV*LSdesCjA@;ZEQnY+dR2d0-gPSq<v?I^o$TZ|t
z*uq#AzbY8?5ckN|>+kKh3)dOSXqL-R2wwf@MFCahSBEY-R)IqMrb0G0@zAfzrb!EH
z=?mpV*#glwTarCuEa>nLiG@B_^{bV>;95l@Zm|1-Ne(0Apoi|%Y0-|c@i(y{dOA_Z
zXdaRhhHA2d@1m!NPDH31YVK=92CavGKF_7(S=x2VlR~>(yxqAMPDi_c<_=<EXLInO
z`p;CHF~j$0Nr^(_{OpJJ_wtm?=_6N<#Gh=6513BcAL=#UpBU3x`^pB@{IPGo_sb*k
zm7VXey01V>bmtYg@<q*y3$u5s=6@t+Z(N>7^+5fe)@^t`+HdmnpkqWsh-}jBn1lP(
zL{~0Lopliw^?iL_i)q;BJ8fV}t$e8!gjBrqHvgKyl%!(!v>SO{=s3MDl9Tv-_CH90
zSX@PWt+#8<lFhwEnx>@7)t4{jYwq_Q%`ljbuV#vDczL0h3=ri}5bDO6sZY^~_C0d5
zU~DWwC8HFbw7)L%x{KlYT^+r%gfK(3@Z6}XL{<6;RXwbHo<mbPoBgLmsX5RX(l6og
zFxb`CK*`Y{KY6J3cF5jNVUw{Fcc|B5>MUQD>LG>?X7WbgVy_IX9C$40HxjlKwbom7
zKQ1LtcAd>(O=a(N#vzDO{68^iLp9jZJRnUCr-L64*5Sfi7T=v3B4mfRK$A6U!Jpd#
z-qSAcuQRz@viz6(XAq7Sip?&Q25ry}2RtJFWHM%S?fx%M5g}*{cF%v&H(0)exErm|
zndO@MjD+gvnRTj~@mjxuYigc+wH2hdr$wg-X~uo=(-(Z`hd|a^+!C0xmuJq^1-Qn@
znI>cYN14j|l`5ltb*LFcz3sq6Ud440U8DC0!hO(Ti*#V`#@_1&84c5(>Z8}5$btNI
z89KB;S4j1ZW~~kSL)PFmFK^&n@6_IQ+g}oSJ3q{PF%t|5nF<A|1Bci&Bk{&7QLeM6
zZ-9aM&D>{KL(Cbj{^pO~ETm%xz)Ltq<&1ye7leU%)_p1cgey$hL;)A5-gH4(u1Hx;
z4&5e}YHf2#%0*{am@5$sdBhZtpSve2KoMnf+HbIMHsc=bnODW6SMPWX3u}m)1DzGp
z6lqMAmhS*DTxegzeTFlkh^mIxrP}Fq7LF84JD$R)by-S{wc-AQ98iI+nqjMM6r3P=
zKYZ&!%KS<cI<D?X%Xuq+_KD){ksm20y*${)!yxw?9HdejnMGb11#O~deXON~#D1~w
z-6?>l{Ho)%l<0-wO$I4Y{l{%uItfcOhlg5O%roj<ux^^StiQVk1;<Zi{)nQ*o60Vq
zti|;zjwyvy52DmaG%4%j#Z)f|hZUtL*^+p%TLDroWD;tBFA5eyO^W1;JE$G9Cnk`H
z4W-h4E|%0WT=L5))&Nj>!`BpT$&LmWBxu+{mLLTxeL&v0Miz#$DA(cWs=RD&<6&L=
zcq#X_!_fN4q%awoC?2y}Af%EEITgkG9kLv3bJ&vXQ?RBtf;s;{=Gj1<`fwi)M<2To
zRm`T=Gdg~@Rq0{05TA6W$Ehz}hQ!_DKFy_z`nd}(WeO#ouMMLjgwX=zo=`|<EmFI*
zE_z5<O-o``)jEo&9(J84U2-u_WDaBWgl%!I5U)7iH=qegL&oo=<KXBE*v6UC|9MCR
zp5ztC7Cd2P#=D;0k%BzFvCL7W3vVwoO-l|dpp~C3t0xnl50W}XkS<2|hj`Lb>tvh4
z#`QL6$P4LasE&Ub@Fyp71JHZ@d$;kKiamwLjmg)rOl;cA(%o!Eq8E;0pe<Y8fvYYV
zV>fTIVvwpCE8mD}_lwXYP6+x7s)5$YWU)aV$!lb!;H5Dwe<PJl>?i>)qj3q(PEOtY
zp}rrrc}9HI37UO$8?SO8%U24O$%8*^wJb6)WZG4E2(vYEZtCmINWp3%$#glRDMZ0>
zDQiJnrrA)oZH|MH*-x^IZ@Xu$&eu&XxXF$oPC``mAD(eKM4Go>5pAO~f<Y&fq90($
zT?tO2`#C1(Eb=9OHfu2-3WSqNP9g8rZ?`dW3AY8F5g6t~U^8H%=Gep=QiwS0=0dUc
z9=nqayDw`V<ngu=yUzQr;npe=a}4-ZYx+S(^&s{!oPgzG=jW0~JE!c91j#|}n$eDm
zxaK)K?e~vn%e#_MK6U%)ays<Acw;hF3WMEpR~8`31v}%_;WoJBx1$uNf+IIEh-C00
z!Jv(7V(oOc)=8+o2OidO{9wp{*iS9tyc=06u(?yI$dl!yJ)ZwS5h@=fl?lkaFCol8
z3o=*B?q;5>A-z??!)s!O1_fLlj?jbvCb9Qw$e(?6g*=z+oOxe9r`WQ31FbTbag1#-
zn1;+Y8;7lGiIYtZ5UYq`t#eMYDfdSAu_0%Q_jnQ$Pn&U3a*%X!TXd@^3SYg=74#k6
z<qJ#UtH#`T@K$2%`6O(vkuw*)ieP)CGi1^*v1;SuI(_aNPJfF-A;#iUkng*ED9Yqx
z7s5;u#t?V8z)5>YamaTSw@36b(4RTC9LR7w-A>?)Q!P?Yf}KXYPLcxq^x}BQ(+C*q
zz82eI@l-U|QNTsKNqv<@62z+`N}~lZ|K6fV+#_b>WV1s6pO9a6U*S*!)>B9e8)r4;
zA|$QMsex{kwjteaF`?>waEerVU9PbV9aWP|z8OHQjhXyvm)arQOxtQ~7V29TJ$+nF
za^emYdEl@*39=W@BhoPvC&I~kQO(dLHj#MSC4iW53j_IrRG1V(#1ZR#iO_D&&Hc7g
z!*OkNUr1?hp5HTTBt;mBA;xdI!pK-Igq13!^1h37vDgJl80amUkZG3>Kq-!66r<RQ
zAw=NRK4)nF-&Tml0t6nR{k2)sU1Pod_)uGCsWo17&}=&IMAmzVJg;nQRFdKX-mrlS
zszC6S#6&2jrcO3po=FFuC(|foL+g{ti)rOyVBLlZrw9bNoNoUo?y4L?Cr0rx;Mq_j
zvmBFq0hm+ns>x%Jtyq<gzW`+F*mRHnL%9i%^6s|u0y?jN`rP17d*2_^x3_!P3G_IJ
zd|T@3?-^ljgbKS*QKw`!U5mkfURgo6=0A+G=jKfq&L4r<;tz+x>R&!LPi{F@5OeTQ
z`l>6}ScD&_oiiUgNC1HiVa?imb+t+NbH0iBAfNvs@3bI;fz8|SxeRrSdbaX-n<L!y
zGRR$ANw_y^1OayN-a*B?y#bN(rlrvL$63+Fhb+&|czMZmBueHl*%ts|nX_cCIvu^#
z3`X0Vo|F>u{^v>sN2<y&m)WmAp7(Q>i0HqFg26((n1jYfv5{#f8#vkB!cmET*mFAm
zMuU|Z`U|l#KAs?i;+$d%(dp*2feAqs20`@k$rxKpOu@c3r0!wiT4ww(+Awa&ztGpm
zw`)zQQn3=f^1QZY|L|1Kd5g1`5gLE*h<?j)S^awScsckLuEKFBN}Q{jr7z6(p1l52
zNuE%9yZnsJ@Ph+h<jN*hoKlJgZNiCLS3+EAwfbQYkqq6icBiNvR+YH;DR5Z|5isTj
zwo_o{XXNW@VQ#+2%n+fE%&1mnp9E>_-H~matx&s8lYU%vS;`W{01S?vyI|iNfDV77
z5r?^KA(F-v9vF#sKY+d~hYi($(uTCqj=7v^sc^AdFaR?#Th7{y)XD5oUT~?(EEGIg
z8N!e5^Z)*@v6RI~(TU3I$a5Wb-hO++kKZZ~ul#4N_wBXt_Tx9-JV}OinA~}wtQ2=<
zb!bCA&M#yQcpc*IuTX*O@qF2L*3WBHrU$mf{RGZbf~Def^I40;#Z+)-UiBp9O{U87
z6X7)<@3=9P8>tdD#aegvL7$RdHAFqw)Ha)%OI#pIM`8&M$yy&nQ0XSuI~_irZ)3IA
zUiS^nZo2sFr@F6tT}fE@>rh$rQ#alTljhI;ZuJ56%%{FBvMmWJcjkc98VJw36_sGm
z)F?38+V>ws$z?452i5iTVQxY%|3gk`YH?g)i<{TeXlF`oovLyIh{JZ!CvnL|G3XB^
zSmvVoPmTN8ik)^xUk^n;)mdy&Oui~wUkzZ08&`TRflPk<bcTE`T_-!dLhkM%0cjw*
z<RxVQV%{)uPvI3QU===4dgORL3e??nwE%d&WWGcr8aSURZQ8%X?f5B&OMu|}^>Xst
z58zm~uCcs<481%Hw|9*}uL{-!3d*&SKX?BvV=*xRvS^;(2C8uS33^pvHQ8;w1{D9g
zs#1ZVqx}yGLb^8cZ(aRu%DLPrROG{41Yq7Lzx-oCM)@s2S9u~ph%1OO%n!4vG$3$p
zhlH0s$h1K(K@+IJcl`8`>eurH_ce<V&sw*UZ24sCZ=P{XYtp6y-*WAXt{<P_I%YoD
zE<iD5n&}!%Z}6h3Rq8Q9k9<hx*Dp;;b+=G(r#V8g5gLLF(Y<BfR3YO*iVuTgeXKln
zj2)T9Q5@qo%;p&m_dQY%mvI&4rYv44B6X+OkyrIF%_4i&+oI>_77^4*C~AqxUNz;X
zLB;LJNyTS8gRceP*ZOVkG>2`mTMwtEe6DNNXwQksbEJ~pq^%)OF4Jr9hx#UwVsDa=
z@cq|s`nvc#0D6jNFX9zMMs)u#tm%oHuRy21b|D?wVkzn2xRaN0?&biMz4&aXtfB7$
zyXN*%17jZxqEQrnrdMziA42C|AVzRF+c@^nO@2dJH5U4nN-0%19G!e8wpdCb>A;?8
z+bfDrwJH1)wo|=`W31Yg6yTg#9FFE1;;uW^rtav$2dQ0M70ZkU;rT8X9XVew>Tr7<
zTj{IR#5gI~5<Su0JtE5U&$uRzCN)x&SZg-&tJw66aXIUS!B}R~M(&uaOp8LLHZTq@
zWMXDAX|Xdb9E~<Q1#dB)LJ2=8ca>V%{X*Aj4_!d3)X;qe^e!{e@lSCc4l36kYujj8
zNV#Yo_rt)hgv$rcA&p-wrR%B*J!@bUT~R{TO^*f-q6A%z*Ri1=W1f>Il$jzsEqNEr
z;Qc{-7$zwOVVs3cT|a{<a96bE=4|Nox(bQL-<N{TzOTTV7JlFf38tZS7YdDC(FW~n
z6a~S?YEICMOd{0S+GhQ$1K0^KR&lxh$an&pm(bPa0Xfyc00yPbd?z+nV40DqpW~#f
zVJ-W5pv~mLBqJ;W@eDIAtoCAuimnWF*}Z88)i@A{SIsyaN{_16sH)+r<|FzA5GeOv
zW8rjux{9v-h_R@T#y!slHDhl^vc`iMrbO85fgqPrAKUQ%Amb=(UqP}Bi9mb=;P)jM
zH2Lvy8w&I>Q`QD;dnwO4#9jaet?z8EQT-ICg>*O-rGlH}WF=dm71E=BTWhH3zLrDQ
zViYm9YOyoCTpbSjcZi1<nYMSOi$rJ~M=<j>$ng8VlN2EyPEu50++zThT$Fyr^Qy|M
z07A{?wL1Y*N*vC-j@LZ1)~2B%F%*?L$->R7Kjq}25R=#pd;*E1t2O{7#s(g<6$<{v
z6?{AC;j7+l4ydAuww$1#=enGpi((K~i#Z2UI*wT4(7?|;^hKdaUjbnAo$+i<^cfq-
zu@R@B5BKw|kH*>w2X_%KCUI3%%1DM)*!WUvtlAdd@EeDD;YyfLsWCE`dkY~U#HR?A
zZUfv3NwFo0rpRbxO3V&|v1<3VHDc`N6I7JTqu01)jUyv7Rmr+N0f<BM--z|+<H(LG
z{RLX4hRKOqLUFC&Q>W{h#fwYy4(~^8vZ?Pk_|P~(rj~@?-7fOL%Rpag#G(`4mLP_E
z%CxwjFH-tZ1iyo}`46I3OWYBKu!|~Q<v}5r`A9Va`G6uu1iVHO8ZUON!MYeMkRr;c
zJ$QQvfk%{<BM~K<y;92AT<z&^Mb=^z2~jQl;?hrSS|=DQ^Boh`<d-}`c)W}wi&AWr
z<_D#OOL~c#VE9eX?-|9TyM<U4Or#5<_;|w$&j&&%v3APcc8H`O93dvtvSUm=oq_mB
z5$`MDq`hasM=i;sUSDm*mnh`B9cG*>nj%QyXf7M;N>-dX>jGDqgcm=S&A>eokNxXB
z9y7tA%cT*QF)%xKTaOWp{uL#>7!|RD5W0?pMW4s!irZ4}@oQ3cTk(RLwi1sJQX_lw
zjx@uw@M2-(r1Aw8V{U_(5yNFmsY9eoJs>0n3>iHjN{pEjho)hSi6Fe~3cs<M4tK{0
z>Q8x`)t-VBNp)_DU?tAS+bUBbxEy&GE+z|$Dl=Ns&5XGAxP}`V&^gk=%{X^GifM?Q
z8Z)n8(X%&=*fyd|z>*Bf&X@m{vX2vz7$EQkCoaD)=O~ypt^gp8fHe%*dzL#mE-Bw{
zE_K!*Za_}>&ux4_zZzhR+)!fPy^89TuVNlDj%@qGa$mgOrg1l<@~h?yFZ^`Jq^SRR
zWlRV2j|>}vo$&sH5HYRLt_=-Xa8(Qd%y`$obh0;N6gKs<Usfk5-BSe3zV!I**QLO*
zY?@wCBa1PkkG`CqC;agv6$aUbV*g(yx*aa;Dh6_G8f9}I@@FpDWqFNPKOc&hSNx+s
zZ~Y)F*ID{~LCwiSZTohYYS!x%DG|c5?>DH$1`X@+7bL+_3E|zsL*XAdfEtnL965ZV
zeltd~o1xKny9=ngct{idzzER1r?HOF$_VFu-4<QZ9Z}QN=O;Z{b3-dEfQ8_>7Sk>_
ztV?a>7+no636*YaS7w2kwCSFpCELnJXUu9xYAQ-B`1fnCUO1wugVXu~^MJR-bq$A;
zeamucYhO%pY_bi0W?o*=LzZs}qa5S$3mm&k)iUkQQ`ct6rY4i}lH~I^hp_=vCnTA1
zpbnU;20{uMr;U2xM?5IXzti}#nen7`+floIje+!)A;W$iqh-;bh;4$URa2eO3rA6m
zFH&$<Cv?9N-^yFrVMxHZ9e;GP@O2V&<ZqtlIkl9+?|J^?ckEE^+@|=Rz1m$ULHl-G
zkfQCs^_f{Yc8i_M(YoX&gH1QvLN5-|&}8n2(beSUbfHFC+(JP2HZQx+r0LeLR*kaM
z!<stId*Z{!H3g%hu3g}AFY|~66y6|4?cXD5M>qymHC5863I7I>VZR+wxv(cEyk|bG
z*bnus4>TdXKJ<DUaE`W*KxbICrjV$)o0TI{6A;INvGsp5Z<eJP+BO<18Uw?r{fWcu
zEb?xSp`%Ju?t)yu&=Gb*P<&#KeuT)0DN$b-)F{gYx{LAgk?e51;;stub@o1Tv1=d%
zr1Tr}jF<kvtrz}^P)gDI5eLS9blzyHXGU@)j7nw&M(%)_A2*%s&cS!x)d26NpQxCc
zzZ4F<FZ0v|H-go}3GXAKE1ynP{eesOi;5Y(6Y*>5dMn#y_*}mBcBtv8pAJcwBw=tv
zz4e#Drtq^Ua1A{8MB-_;`&&X>_5;!eYj-Hdiy7YTHui<5GuP)k0QX(^GiX{`|AG=7
z7q+x+F*%iQ_%vd9GW*(~85zxbc=Xqe;cW&W!HrIruAQ0cb33`R1nO1OcLWF*niCaD
zYdM6e!g7-zHTBuo`XrCjS<`dnk>JKXJG@xP_W9qUiG->!U%4-3%YW=c#yM95!H~h*
zA&D%jp8)>-&JhT|LXlSR?Nh+g_pS5B9N8OjDY+Pbmj@7Dj8~TB7u%_xFOwq|z)or>
zdW9!j9yu}vwBoHmM$5I?PlJS5(_sM@x3B(h<?~EaaF3*1Z1TlpxFLy0Zc_8UWZ31c
zmfR=X9|lCXOiK5o??wKCwmjyZa6DW?H>x&BwDNJSy-wf|{)Y&UDZe9~JbD^q?WaXA
zI7a76n7!3E&o<mcNHV6voH%r|^=1t*gQZOG;^wkwQ%<ADw9Q`cJQ)pNl#k9?iqG6@
zt>l3Re6GMi9Gq%*&(RjCxs>V?+J#H~C;MK=&&=Qvw9wN<DgSkcG89|fia>5x=2E3j
z_&sC5vFZT^q+m3jA#_4vh}+=8#N|d_cVd6ZsS;2-#;X$&AW%P>@sfuEX%n2ryw%bN
z7=MLvkK@?DWg1r5<8N#H9>-fF0sj7O_r^VY1v@X?6xT9dsw1zaYfvYoy82mdWu__^
z4U4Q-9&SW$UwwrR4=Km<1S74^RXsM_TSGKpfW|P{^?t^OFMeCDuUo!Tn|4-TP{Bj4
z7m*iOb+m=3#BGyp)>tmf2}FK9Gc}cPUX;f*li8V?>|w!WNP#5X@3w&-RG$>-&*mkc
z^$1MzCFX17q8ex^g!7aWPwr2OetPLk?kUMUBtYyx&aC5oekJmIlI(H&GG5dwvq+|e
zaEaVYNEI1tX)`uGZvhk8yYFMm920hd9DT_H(<47+rzCoHCLRBb(}ul;3(=&It`5p!
zjFXzoaJ2)iIBuG)X9v3HT(Uen(O`0#$p-cDDMUnN)ocK+rRpY7MS1<@OSC<5hG%z~
z+y$9ke31ON5p*qf10Wg}ufpIJC3r|{EZy|{-`Z7~gk^q}ULRlh?dymV5|p4%5z-f;
zv$xui3nBLF#&${yel9o!ZFZbong%HVIzb+%j&*EjThI<@GPPjw`J|f|%e=cy=Zi$=
zLc3&yjiUH;qTx}ta{}3hz=M|(0dHKzK*I%Jm2RwXB}`bKrxO1&mdprzC(o%hTvj<?
z^U=0@(lz)Rgn;(|wO|fy&u?*bp=VZx$VVP>Rg;yL(i<^Ut^VuM1aS@AHIU1AvdWU{
z){<`p#1)WNq%edS4(#6DBsN%9HDgw~<|$rdX|aoTnG7{|fRYYiJCITHPdz;M(ebWV
z$vt}GB*UhU_(nAgN>r+~4TuF+T__j9I+r{oA=N*r+bMRxMLEgRDB_!E$mVezCaoo>
z674zTA?TPgugcUaHQb@tsy))ia~)Kd$SDi)3YQ(4gzt}8N78A?q@{G&><=q-j3{YV
zAkTg>ho=iDujm5=87*Oc8*;a-4Zh7qY)8}9Urad(@TbMeQ~6|;u>efjizigN7p>6#
zF&uF|RLCuQf9Ecp>nIw=#i~>~SCiC;WX;>+=!bhfVjqanp$VhR6g8F$Fni+^@)UpM
zPGJo8GDO5J1KzJ~v&j#@fKk&Xkwiie9+#CBJe{CG<eNRJrm@PdE%>sOkFiOd9Md9y
zZFqS&VnDfOC@*#o72!er0;E}e7a1XAY$GyoOG-+~m!Bpi&!OaJy(Q*T@y?gfj^R>@
ztBWWNj-s6cO8`-b6!S4;QoeE+&MkoEA;sqHzdR8r0=dW$jaIjV)~^$Hb!owj+lnML
z!ALvB6e(NX6H_jj$te2a#$>F_E)PEVFQZn&qDXR%Y3|K{d;COZ>U>vJu`_R$a9E~G
zSBVYU?U_Tp=!LZGC9A`e?+73aesNMrSifbJRe{@7f%pY*04cUUPUPG&Qxm#~O(35C
z!PQ*5$jNA-uygjFV!PIcc^-A)ik(Z9#F>p1VfRp9xd`Dn6pya_pIT|3BGVAPKc%GL
zF9rq9#YTw>Hw&<SOVH^O$F6#i7T68(OVQKfaeMBSAXDD->MJ>r_vw}rXP;Aq%7~>m
z)X>sXC@ADxX0b%_?=dJu;w@&%8X1?kKyMd4Xp1ZLY!Hh9g7sFKL|#QEC%JDxb;N@r
zZ$-zV8ndtmT{wSlBB8yP(A*C{sHDIM24uU+*=Z0GoH5BuE&YL0?EB{y#UM_<FK!GM
zGG8VLq(3yKD&rhOFF}yc37($iovdXV<se70a%{Q)ldc`vCi`%azr=ScLv;e4*~wEW
zuv$5OwZ@PZKu3IN0i(bk<%Yk-4dULye`@_%{kh!&Zje!&W?;sx!VpOsH3y9>>rZqA
z0FCG;(pH*fqyNO2{}Cw1Cyv2OnO74FF45bb8XM+0GWY%g(<$v=b9K9YwR6)V7`S_K
zPy8~$r}kSueVpBJi`uWRAP?@;Pez>h8GaV5#OAAHHr(?$+Ejli4jUF0`_)xXIz346
zzDdp9sjBjR>6Tg`INKkZDT#bCd7l)~+BgHkp{Q%OGANTx4PTR@sUYKeS<|_>`7U^f
z&=|uQOFy~L=@ny;>O2|oBl^A6SrCnVqp6|$zBxMd=qVGXB!BK>ZD`V>W>5T|M@>N4
zZb@6#r_Hr2?Q7#K21M@bSrn6*n((bLFQYBh+@?HRi;B3Y5myxf29;Kop6MMe90aAX
z>hv^%!Q~kpUFZ8ctg;ue0?j{Ld)BBjErkY0q5)}rA^$xn{qI2w$%aLu0tQf@d!JF8
zz_sxNy6@~1rRic;qQtAotvDM@c$T!}X4v;7PS9%j+a1f^L4f`_8eR^+XVaN+8u9nl
z|Hsj}$1|b-e|)peW`>Q;Ei!YPCAk(+ZEU$`V=D?tM06b2ly2LInM>}mqM6$^rKrB4
zI^|Zbp-gqYl-$BO>8AVT`}_F))g!Gv_7HjP^?tpcFN52yy4m4+XCur)ech{xUyzAQ
z3IBd(r8j+EFzAIVUs8;1>pB&_L+?hbCVBD`4WICNYdL+nqI$+2-kz;y#^{Fel)Kku
ztN%os346ZiSDOZ-&%MluH0sC-`bs)vkaTf7%H*L$k}Zm@Retj@=rsB;FHKot%46Hw
zsqZ)0GIlx3ZU!Z*OYsZVGC6W+`V2>(7rm0^;5wmy>PqYD06<FlJiFkc)-`e<Oy0sB
z?jzL4hGJN4-?TSPWQcSzKPt{|+Iq~++Ww1=&9}C@iYM~4+jCyWOCs`vfL<H9Fj%F%
zN6)!@1!O<?Bemwu=KHRk^?52&0Sw^lM^qUx`VOga!OPhRc@O`H1iqegJZoB?8#nB(
zJCdNWdk3>NQ85;+oji4N>c6<n;8eQn{ZV33G%MYFUmYI-HGavD?R&H@f7?l={DT(9
zG8S=r9Mh%aGY`)kwRc~yxn}MOj%4y1N^&jiwplC*$Lr&C2ajhwfB66(4?={V8Yh01
zZoOW<lr%=oRpi~$t41gR31*QhxU*$F`RVRm3;s1tpmX0|e!X)ozF3?}adc`;Q(FWE
zAz*fWe8*Vsf035HELwYL7Aw7R%8>v*G<g6~dFZC1<hBMgA6#{#ZkU7qzkPYQvUt?|
za!&a_V6U;H3V9CLdG76zU<jo>+HdQng!55gV$v7C*62x0Hwmzq+}Tkxb#<u-JgX9C
z>-8@Nen)c0ovXn*<zzS*S21qR%|0HFibyLs4~94G)X)vaBfI36vlC^DxnMO?H{0&?
zdh|`+W>B#IIc~G^t0=))r-}nBIvrC{^|G~LQ_9^Ut@fc(eZ8dsS<aNb8A4BQ2O>~M
z(<+Bnq9JTB978v2EX~Q08z~jp$sfSi{WX|K+8!DEiJ6_4qQ1n2p70{e=NEXpJ<Q9#
zN;b|zwt0(DVzyi*T;Q54k+egWhj_cG$2f%lK~kwD`+^b2GLhB~MI`=K7W37N@Ro?8
zK0}d{6Uk&V$vf_JHi4=>6nmNQfX4o8a6J=^J;`L9-`yc;#~wc9MnpUd<8ac~O)-;x
zVxi|L!nfe9`S*C~$^A1~vLw}?1flEJ7_rt^%=#~_usOH~fpI*I0sTctSue~D+Cnq=
zPAWJfR~_k{C|ucGONyAhi?@YClv=>x6qtmwK5mJkaU-W<f|qv5q|S%kHQ|!0$KyF1
zTley@pJnQfbm*pT24c1SbZlox<?T=q;De5-+4fh~pxX*pczJ%<{WC!wmMs70L~)Nc
z!~q}ZQ?Qw-V(MH^&^I?3p_8cnzsd3>Q;?He61$O`N_xk9ZZ@+y%6hn+ew+NT2J1cL
zs#zAF=`hIaWeFwkM%^lXy>9<{ltqgD@5N1tr`%9U=`44oX(EM78W6sDXT|MFk8YuR
zGY81J+q3$zQ`%)T%>5f3Vm}9KzNX<qpQZign>cLo+uVOB0>9jwo=oVql1_+=qmuO8
zi7|%rgaE=PlHlbt(qh<iNX4rkU=f|Q!q<!;^Y3M2#RbnD%W#wFHv{A@74;O}&$<up
z%%Cxb0?|E&Gt3=a7P=;mlBI9PAQfBhP>@y`-z26Vfxi^shBwV=gvp7&8|CD%Wr?pN
zo^9{UqU|4MndRK=;(iFL!5DlrgIm)Jq$U;C^KJ!uahiofXC(?>lTLtt4JpNze4sjS
zF@{36sUb?GY2MZr@^YFP^=NfHe11l_qcMQYH?&G+X-c*?YcnuN@D&v46XVEqo9i95
zvk{)#$mI4!qA9zr#hJG{p>-Ejz;gXcsb(Sf&GuMWPZ*A=!xihqti3e~f4iCC{zod)
zZQ(tgZ4u^;^Gb^)`o5#7Ryr^})EA^R;P85QPJAwjuSER=&%RMPBdHoA(C?T0&D)5o
zF>e-Unc<U;htdHsSg0ANfXfoZ&S|ZdZiy_Fv<?bt%PFkbrjurx!!XO$F&F3s_KymJ
zbW&j*FJh!##KUy@2ehSq0(V}pC_el5AJ#l}(78==GmlLVE;#}tbPv~C2*dET&i}cQ
zsY3F@h0g^rRU8T9WNFw`l#N@o$kcFfHIg+CE~g1h?-%Siq|u@jlVexwSWU8$NbS1r
z97bhyPcc;gbCw=?2_9%+TP!T&@+gQxQx>GxR|-r-xaKlQHj25hC<$b17p(ig{8E2D
z?7O!zn-!5@ai6H;Iy`E(QCCVEyxYwE*eo?U55F&`xXcHABR813s7i<f|8g-UPkQ0U
zH}y02SbagkE20SMVsSwyA6ocGT>qS)(NA+=t87CHosYJnyzaup%oZ-sfoX7qRC_*7
z3j0pnA%r=kEb@a(nZ-kVonWL;>}75Fo@zVH*p4y=i;+p<v)@TvG4c=<uAWXdy)LRJ
z%rMQqDyXJ|#Iw~b5330>e2QxQZ+a{DBOXNi?)77!%{;2334_+Bx*;bl3bC?GmPBa&
zxleBRh$KatgyQ8{5EG%UCS6#=>zCGW`-(UANZ=JGB%O=nEM`fls+ih=wu|Vi;9mGh
z-5yJPH{h_FS=&A%4^P_6>~#*+K^~^5jCKJ+i6je2B-p%-v`y^iq1nA)QCByOY0Mii
z16Nx}4*kLH9Eon)7u`%>R;lz6d6L*AQ`EG@=LomBI{4YvR8(!J#74|kmIVVmaFA9C
zaMGp@MFrns$5Tnts=ez9bMjAh?q9zqsJdVqE`MURt@npN(O=j3B3rnYA)Kv-{aW+c
zva)WT1(x8{$%YR($Nsa$3;gFT&+mG?bb0pJ$}yK!a1-rL?5-B2{(qWqL>~e~)ocgV
zps82=%Bk*I3xVGu(1jO#FDTzT0d^zzb&P6(d6d~5B~8GLd+QPdU|H+xu!>?}<^9Nd
zgmeI}pk&f|=rUMW$?tr5idB6@tqZe9*a8xYQ`;W>v7QVtVcb{$cyO%#RD1lyt3I3r
z?#8d2KF_*4axUmUwCQP2-gMt&GkMamzNUKzAy8lMTH=Qk5WFnXoe7DXX>xi#!dg<E
zh$DF#KD>|liC}x_>&@xv3vChQ#l3Hd8Ru;#IlCGs)zwX%;5s=-j+VYTt-&qpMU2p1
zcj0ThQJ-Nd$Ns<<6o&CIv5As;Wa0Fz{YBBMir8Aabd$F5*Lva8iHx|Fg+zT7_1M2D
zkJ79DMgB;gSk`UaJ~RE@=jC*k#ZkZKIZI+jVBw&(cJf5(&S*)oU0+71<vV~53EE|z
zM-e+G7v1{NASF9#o}dwTkI0e72FKkaRd=&4*z`nb{DF{8uVzvV`ZRuqJGbg)@&p6Z
zH{HS`k3@;;{-NOPAcbQ^*VQ;(#(m{0cHw~YPxNn~qh^+^JTP67f>y<;Blg*cT7Td^
z&ZWM!zF)59uyFHo#24=KAmrM)+tlS*8bq0MBiS!x*Ut;Lyj9}sLqn7!BM<<9=WPwp
zqzAQo+!=R3J$PMaHnevy2vUHf<otzj-S*q>L7r_eq42(WUEb^JjY~Jany+C)qhht?
zqE`FrMTo8NSZqVHZS}E>IR-(Oo^y)8Jj2m1UIQJ8-~g&VTkNZUaD=llSZ^=^bM82=
zk>Geaa_;%jB9c!-v;7y1!?nrcz&*M@ct7$gdHw$%i_6izGYPJ-RrhU^O$&Pf+qCLI
z-TCO&HEp$x`numQBzogR6Qi{#o!w*s@%qWGwL<pE#!AInW5deq)7ss&?ZLIUelRts
z{%T&peF_@S!Gl}23g3h0e;eU_IIpTJWJ(GMNQrqbI>D%Syc3RDf90S>@(t}fYpZj=
zLcQCvH}~8G&s06VZOhvHc9&J&+=;AuZR1JE;Ya`|n!k5$80>_DZ%edQ_KEeV@w|)O
zclp4gbE*2;YHe|<voyrLx+n!`r$oQqyArqTy!Q4uL84n31%S&{_myQ$HQC2xlDeEp
z;SOqU&Ln`MZtTaXU{<6~zd{}C2DYQcNmR38CXc^^%^|G36BHPn44~XubU;fotWOe@
zhEBQ>Rg<WAR}N)%SFGfm5}&HYVZcA%d?dfV`})`bN&B7|Xa7L6pc!fE2Aw7l2F2$=
z$gCHpZSjQT%bb{#))Fn`=1O@SN)Ap%psjm%?{Tq97L?`X*ecz!j#M<wAI}zZY?Olr
z6^IY`Ob%jjirv}WPNP+VcLQ3$3WBs-F!tbMV0J`HPinFcWkXgRhZV9Hr{pgbd*<y`
za@3y2)AexF3C<}+_g|%Kra#^0w!UP8=sKm1S2@&rSg7jfs9=Sw&<yOaSd;t4Fiso<
z^6_tUHiGTyS7@--GDx|PJtzUxlwm0^2XgHy9Jz7Qw@GZbb(g$eh&f*$4ATtF*e+n&
z63SR!+nW7Xgf7T?B3Sl;ak((bYQkZWUm}AQn>YA=?C&MuqmJg14%Gf`=Kl}U^WxyN
z)MY{{MA-+#A7FA{y_9oRJ;hQ=MceJ`woRr;xKmRX!lP9BxY#n7zQ;&XwwpF9hgA#O
zZjqJlTBbm8`7E}LwQ~|JF+50I@Yvn4N_8&+nB|BxtZTfy@h8KJ4q`mri#02no#)Pu
z^4@U&?c$+akihX|V!I9E_PAvhN4`(N-*R!&U)uo@Nbsh2M6m)*!}>N(fJWmYN!=7A
zK@qZj9TKmqC@S{^11%1%>?p<kePd^gKP{ZE`Sy&E9LATP-9OD&Izn`0A{Q6ADt&$_
zG$Zr0A{6WIc(W;`!~4XUxvMl4^C7MeH_1x9L#n?23uFCZRNndH<<^p>8^MJ2DX%2V
z<4Ig!o3!gvjVrJ&OnL45MPX8bH_8)yK3H6WpG|pjAL3q|xGZBqQuy;s6!Xl6Qsm=R
zCe_Pyk$=X5VLRww$5GXcpEW8r&O<tGCDnda(A~V$O-Hw?9{a%Db&apx^N%CLjd(bz
zkP_Vl@Ix!yxpLQ;0g9K|oiR=I&|bXyp^JDWA2$+p(>sQ@vKgPhqYlp+*%D*Jw}%Nn
zN>KDIrU3^^=>r=3PO_No8Go?CforO~e_t?`csC-OK`7k&=XbO;vM_Q|n$fM~$7ZV^
z7jvgxgYPI)B}x9PUfRafF*UqtaVB#N9==$6J|+^&_cZfW9SUWvKc?#rncL0&tV|r(
zVEkggCu?_lK1&PRna_%`+qlcKV*Rv3hmaeT%uumXOxKV!sgX9WuA^?yjb*8<=$ayU
z-c9N+H$j0~8!696My(_*Y8uIChL;B*wJ0q!0<>T$nWN-cz?5=73&dr3qS}6;^z6{&
z0M~<e7GFF}*F3PY%EY)6OU;R{MAVF%ke9ii;m!T@rvu@IU%WVPukV<S$1egNa$~nJ
zXX!w*oSd|pCv8A^YFQI7cdGG7NH6n#|ItI2@LI$W&5+~LmQ6?Hs(~_Ek;5HHW;fbr
zs{p;s7*kGwe!ZNdhlELl{Ihom$m|C^8mb4%Ap{o)QK7G(&mQt&NC}UQ?Np%bPmiF<
z1`~gIa&Zg%Gw++F1Rgtpcr%sh6tMwCtP7m&g#KNCXFdtw`gNgVw|he|5qFsG51h#j
zArgU(DF;sSU+#-V-i;B9b^f##$Y^%EN~zb!rS<OLI!LyMP&ExasuhY{v&l<`?%7-{
zbbs=gH*$e2Gkw>pGCM{H(HEmXwhBt&xulGa^R0YnBcE)UaI$d2Qj^r=8j~a@`sa~q
zZl*BzjKOD?;R=S|&M>G_NYPv=>@V&BYTXq#ezpOs12wI&g`vwM&{c0prPR}}*my^M
z?7EQ!?)ok^4nzg-kkvmjs5!~Iqu{SiMEt1%$Yv=O{^=_b{2(=^>B%GHu;UMf$oIq;
ztlfd`(uRziF_N>53w*r{8U<OWO<?a|rD^2tnG;J%kl4L)6+s7q5e&Zp*kQcf(!J@v
zWK3tFfh%5p3F>fP#&OC0$nvPPWiU;hPY|8bjdNeDy5l1$Kk<jEIx(#B(%a%R?XhJ+
zZIS}?u}|Sa=U66DouuS&hrbH)IRKE9`j?F)H74Fwf4OP%reip{eZE=`NCKWnQ8?P}
zdNtm<hGB*8o5@k^oJO!)npXr}dHv_l!Jn*qn6$62q2geh*G$vq&2|xoteRWfR($u(
zh(HEVDeRLgpsKFRlBmnC=N3#ua|b%g!LIlz@^Jp_1!eqUpak`*{{{tCKi|0a3S^=p
z2pE7zCLQ+#J^1nBhWzqORaX!UK{|MB<>&{o-=W@h=Zf^>I@v8PZEq$cR3ghR#sM5)
zYO2*5TWT+;cE=e$hzNHnOI>3;!G$JZ!+fW~?H9|-L2WBajtQ@RYJtVRhc@mbe?H^{
zw<Heb8ARDIrUD-P=>PMJ-ll%XypS|oqQ-<EXl#=n^CdrSqrvTrgL|7Op0!&nEJSBO
zXQVE#BBTv-jI{IiNWz`XrMF9g0eJG|*OoZDj*2v75`8dvS_Ed^4^FOXkA4Ds8V?gx
zj2JnJP@mqK3z|v#6|*WbZlA_3twKEd(%qej`;@h|;ca(@6&3hTp8Rg!00C(>Evn}&
zx=t2UP`ku%aB0c9^Aglr-Vj}HzH!C78?^LgU#zQwxK;IN4_x9nY?VOxkgaXMWtP54
zx*0jJ8{?cx_B9KwbE#p}S3ksC8m|-odrt99Ch^RRG0RrBTrnnorylX!Rp(6(9!ZEk
zPeIM?w67WvEgf7wQ0_NXw&~se-LAUNhOSxromSmDEZkz-pPQa}@`<mqJ2t4hZLXo2
zIQeEJHpd8&awqt$VWUn$)bK$*pfYx^bKUkGP;)M|FU1BsHcOMY-F;Tx$7yb;=znD7
za}Ho1FWv%}g~GLUtnCvAt*1dpqkLBRLG>m;l4+@?^(ac#hJTkgnbofiWMu@a?K1WY
zlcwn-mr8(stED{sjE)NpehYt^vAA^Qpi#PdC`@)GHF9Ar*QNukQne}DnP04O1X}Zm
z;UYlGAB!JW{R)n-7KuaMUrBwH(H6h1VgNFyY6J_a7Zx@e9tVF&z@qWsm}6x0#{RSV
zMI}}4eK$3M{nZwi1dhTk=ajA2m^#UMCyS!BPtV0JPFS2ke@wA;dDVZ`@y@PyXC&74
zFJASRB;@8@yuYJitr799Mv!Jik4<zhKZ}W+Gg`>^OtYQIB^h?6CjyZdpG(5bV_eQ6
zaEUJ9M5YH*=)em9d`?hzlUHPuMWGm%hafOleb*2}4YQJ0J)Kz0PWx9b>z8r7oynQ0
zOppHv7q5D7Y?9ujXhTaie4gZR@Oq$z`?^3b;Tz?!p@%z2GwH@O$|8E(*XKd3K@;P#
zP{M%ps>T>b?UD#KAa(iA9qe8ZrbB#RmPOp=V2`?9&LW#-WitYyOyu(7rk`9th>y*j
zO!&D~s;3^;30-A(zG3F(J82SZ>SMSc#yMpPo(hO21_(BZd^z0CR30I?du$BWcEih^
zaGwJ?II~=?9t6j0&vCsL`R$R&ci-e1zlFkonOu@wN_mM#e#~a~CQ`ZcRc)kmmkHjm
z^kR9$oo#$c$!}@xou35cdukF!!}IHv*qJ`95k67Pkqo~Z*Qu>>z#EZb@OXK7Lq1R>
z{(w`S5opGS7izHay5A^d3ouiIyhY|9vo})<jS)#hYel?+uN^q5BgL>01S_OuCxKcV
z@{3Ufp{XCP@dL)6M1FO9OavNh`i>d!<^66nM(+rN3C%{``0eWBjrPjQiz9C+VK^q3
z&&fCJ`E?KP=$|v4t70*XPl`NVlY9ClRs?BDR_Eo!vuUTn0uh=B3#ABPY5}YmRZp1$
z7iJ0jl!DwG4i_ttKcx5}0g=<-V%u&x%5!^-Nk7E>qVEOs%<;c*ZU9Yx)u@#exnB{9
zd-l5uI;V784!Hr0EB<FL)_F|ncqrN_iQ+L#_ZVYp8o0qq;zRM+c3glo&HdcC)Yt}q
zy_wa22hQ*#!}b>&o4%V(!QLMBi^3<p_3;)FHoo6NGf?2qZ&mnVY2jqy-61|sEedWv
zo#ba@-CHA0W*brW$|;&&2RL{e_is&7g9@j2RIUCgWv^c`S?cKx6+Xi;4P4VKvPrQk
z!N!iQDKTHHF-3NmBYHy%d+hWV%&4<gd`(CR9le(kN>g>I*c|1lN&8jgw(@Y8?mqc`
zj_=SS!B*GP$YJ$(LW=h#w50aZD${)5Dj45lsvQF>!+zkhq%0&U>$SU~PB(jA`|w&W
z%-&Bb>{9k70Up!|DS+<l)u{{$DSuJP5nG{+IEk?MSM9Kl(wlBNw(qM{52ieT(?3Q!
z`vR+cj{q53l+?fOAr(*)H7GDqF3HqBm0@~voGtoWpp97MhWs4$u$mc0L$%PT*PR@<
zpI^z!OjEsgO!rS-P^D#<2+uTh9raGWOor_JGA-o0i?K1TrAn)j*s%_=hn-k6otT}k
zB=or_L_KvaQg%e6j9#N^HkK?k;@Q~Ko|)VUhSjT=06o;oFVqcLuCPBiBWw>S%=EJ9
zl>3dUL0yZ&=jW+4vt$eCuv?8YIFJTCUaa@}7)yrS{)y9^(;ALMLiV$<o~?x7jAvw1
z0m`H#PsYxg!7KT>X`0^FMN<}eVQAwWi+rEkq~iZUT2U~q4^$;xB2tMBr7M~AVfi}H
zUdA}{F3Q_j^pQH~4_A7}C}kUes4!p#Z>$-k6;C-4AxDJgzmhf-$uT$Vgv}>H;F?T|
z>pTPX+nA=x73#z&3ROK+O0iEbk}lsCpR0G{K6V6!21&h#64yw=clyVJVa3F&#N%ly
zw;1^N%iPEN`>DxPzD@_%z4GRG03hFQR~J@O;LoA?-`+8IZIO@}g_dlMRhsH`vbH@L
zS#XP5?^+6335IAh)_tZU&ZI)24?j^*2E}~NCuYe0UrY-xR*c_RX<d-FaNiB)adTM!
zZ`+1mI3|2Fly1=dlorJ<@_!=TxDl;ikS=zPq!w)kJk2vD<l56heIzata)9ohc#6X@
zz3#{k^>EW;xQ>Uqi1rm@PvCK#jdocDp`LP|YO;wKbD_7e_wD&eK+QK&Xf`JN4?-vW
zWRHg=zq?1bttmS04sAmvv!n6Rwo$mm{+<+YH#6Ww>p$GCnF9cn7X5m?&M#-OK+E)&
z5ZGxKF0IAA&g7Q>A89aDOJDEK-<R`d@+RNU$iSeMhWu|is1}^M)>m%rat>Xek14q9
zRqX`|y<1E6;enh=xP|)&pfw;i!MD%HJWFt-EFW~=S_TZT*V%B;qX2JF0X#CH!r`(c
zY~#TTM&AfP{uoaDX$GW?bITFg`$+K0k`?$J4ikTBw@emOp^MHSSa;CbZe{|YX&&1C
zj60npJ9z57c`60ef*&U4vD-Ln&!8_fzYh8nzH{r6lbSY@`?DKq{`}a3?#WO7I|Ih9
zk{(+5jJAIR-Q$^GT`xqeouDDG0)L$Kc~78Dd)AIdj_uBsZTDwQQ{=HJaRwI)hbTz4
z5B`t}eDG)4_z>$t)b|{41Kppno$6@><^<Xnd`dpKXwBt>+c}k7NN)xYx>p-?i1zQb
zhU?^V@|1}tt?|Rh4&B;KUb=g)?7711c5N}aIk(3{MMktgX{TMYAUYTv`Re_=k)5a_
zsywJD=g@<_e-9iMY4Q5=DU+0jibj*O;kwdnKVJnL(}`Jq((9;Y@IHFujwbUfGgN4v
zQ{yLhoqM-PX9N}J-~0Ja(BO=3-HZ6g_uCEse&NgtC8c@2DRv*eXn7@~Bwx%mi{7*T
zr`?Xg?>CnJx_ov0mPu%I1ym7rdd0M*1|;;;#gnG(n!}EOv+-Vl+$8^tvbU{&s(;9T
z<;vQ~reV9fD_-&7#56xL2k#fGH<FB{9j-*LUEW^3SuL;;T^B~RslXrKvFrpMl1tuB
zs>iCIZOJ8+!P;3dejjVW3jFn?Nr#pulhEM7<E<-?(V$3h@x$qv`<HkDYk#D3;hrgA
z1zPnb%VfY<y42ytTV8{wyj?9q<`khF^L{;8h#iRi6uEFBW-b==Uz1IA&v|_#%_40u
zd+4$BLHnE)tQC+%Hm^qT@jG`#iXQ55K=D8&))L69*UQO$W)}FjmlWd@?@KC=-h%_H
z%lfq(ApP!SDwe@P?}B-=@uMkrh<j0V3y6^wx@rMEcfqq*)Yd=rw-9s;Zc2)q4TpL|
zgY{NoScxwA@x{$1!16FS>*v(aY?18L(UhH-9>DBbxmT>Kh7?iKoEEZ7es>aFYWPi=
zV=%s0WpSBHdM$)(H4YE{%Tp_rb><v_S~*TqD-S8u%lpI*+Gr!E29=W9ojoIMio;g(
z35?nyqUWLjef>RKu2+NA-^bTi@=UskJ6IWs&T7@ySC(?{#eHx=EQMh_93cZbqOeY`
zF)L%Kwo`<vtWZc$JC2T5a(d^74l0)Ijz6$F0o8<gFhDlQk~;3CX7od-bu5<TORMo<
zQ5iMoAbk{mn-|2fWrX}>>AaFymt|16&Ji)vwqAccnLNCe*lJeGhWKE~se7&V9N6s&
zjQ72wxM3VJp-yB+sdVIKK}VEg<d~R8pD5CWf1N22Q~%{sF{<M+EVkw^c}B_R4hZDF
z>wu))_!*o_64v}Fk_Yp~M)#cib~2QiJtob^jDdKE@SW%pe9p5C&)!ku;=%BPkoI>n
zO!X<k`AJ0p^q)vYNO0xrxn}X4f_mf8WoaEclsWs|5|ISs`NS+{Rw%oUnmi2N!(35+
zGb3%qJYl<qW_+airIR3hPbmuWT){E=K-;-%-MTJgJQ&whUN=mTc&Z=ofL{Vsmn8QO
zS6C5+8lbgqiWgpfe3Gg6K@`ii>isw0LGNpfh<p0Et*r!~Cj6^(HzZs?-|Cq8*&UKx
zxlu0`(d5NZRnBKK*J%)#1?fbuO|b|<NVPD#@ez~S!%N&l-(zaHOL{HAG%!p`<f0a_
z&R%#jPh*?US0eU(tVb`+F5GJm%gg$69m)9M_860!dU&o6%@M^l4RSPt6SLD7$=n42
zcS0b8fVh?W6iu$|@z~4$otyCq;yTzsjQH%-zgX+3Kx!d%JDL&}&mXZl!uM&vhi6W*
z?<CO-G6r5MsMmKmu#=8|6}ywwb)VO?$&Hh1FBNBbX8m<ZhHBr9G-Y1^x~qPe1nPhO
z#*q~LyEoE_V)cdh%t#yc$R<f&_$UsSuL1>YF`^xg==>yuOU3#(;jyMwST}bDnXe<&
z6zjMas^S!1<;DjJ&CA{3zV8=nuuf?bXj9mtN%keFjA!SZLNyyPQx4j@ES<kdW4awY
z%T%ZH{e`+``*K;MsBr3{I8%94vK%>EN7RHO#_Qb1@te#T=Jjx!d55kA192uG-tKu~
zA%r|$xHBqs@jX^XS+<Rim6B}{H^-EdwmoZicp|d0d#Z=FYRF)~O+U49lsfaz;+Yv+
zgUB_mp@rV_`&^$%sau6bfq`aYG^tKFOVe_kn@hcKb7kC;`EpPQbK$LCGE;MVD1;{d
zAk{mOu#pcP39ye>aK2SviCI3v{k#BDNE}mAGWi_{f8ulMj41+g-NvEXQ|5IOyRH|W
zk*h96Jntoo?E~-EV|!s_M6S`88yt52U&*o_U%2A~z59ki!$yie*Tay;*v5(ZKo{FR
zy=*MFPv4QxqN+ku*snSGX4_r*#BAOo7NaLF#borGumeMJpnO)!@;ZLyfso?+9LjY}
z5>(;b3`$N&)n{k;+T!=Ykbl3+^SU3JFG!kfRu?74mqg^?7gwVoJuIr#{puKF^+Q>m
z49Kf}L>IkC)d4=l_l#WfFhHC)o^_WAndx;CLn}CHdk*VlF9^BH`FJH`J}j%rPy>$r
zy!@1DE-57|N7RvOopThBZLV(o-Hn+sTwC?NSjgU330H?_!1PW}yw$4&zpW~1jL#79
zt5=>n&`@w2$4nyC;e%Y5_n^cd&#{8(BUmaDAr@7pvU3a`U9g>8YkRcr1C1Efi)hM#
z4`i4yN1_?K4>X*GLq4(g+@i7leEiJ_stP%8n2u7ui&u)egJWLrg6VuB*B%~V8WD}W
zE&1Aq#0=sNBU2^cSl%|r1&Q%&7^<eykxINS7>yO{Tzf|q5rg5zgB_VQX@>&wg{L(n
zQvCrT`Y~3oZp@F?eRG+QyjLu=-x(lA9{%W!m+%c4IHkGaPt*CdNssSh7hNu1ebn>u
zB5yp9ALF+*g}(k59`ZQs2yfevm5_^`R6w)}3eIMkvgS1#>qP@(YK*uP^6z+Sd4~Hj
zsl^{(B}*1%Mr`Hu=i1D?{edZ(j7nNa@!W1>f=kBDMM-1*f;{&@%`<Z5Cj-_lWl>GW
z1-Nh666nq3<W5;<!Api}xcmiaIeCyccU%I_omcnct>QEx5$?;i4lD6qGNIj(Aa%-8
z{=sUxWAoy0KI}U=KP{I-?|r-JZ!)Mp^i1d;10wFl1K^`oc63xsI4hk2?w5mIg`aOo
z@;2s!tY|OLmYr}eG8yT_Fg;hty+MZ+a~}h^E0@!Bod`|xwPWdQo#ddqZC`?)@1HB0
z`V*9fO(%yrU@%B<#xw^sUOm;roeTl*u%#kl$9X&$Og$7<eHHXl$wTcn)U|vWZRKv&
z8knWc-wPx(fU%Vn{9mT&a+CJvEp`WFqJ{?Yq%%?<xK@BvcygDUeg+rB@BaLYn16ij
zj=G{WJ^J6`IH#w_qV3eIM2|L2)w}ri48*4X**?8l*qYWicy?9Nu;t6HV2HDFZ7e`6
zwhZM}l+T-k#M!|M>$hx~Yp&1DfgGI=NvRvqcGzO=x0;mqtZhys5g~~FbF!g6_k~?=
zi_YSq<pwfIZE-;`7<9<)VaEbW5ak2CF#U1><>wprAyF+oF+mib+`~<>CWSuS?YHY@
zQXj<B>*#0#`mj*l#Nz0G9n#0N2tUGaJYN*m{zdC4x8KPE)e(c+Y1YAS=49Ck&PShU
z?Vc93rD>ir&R3PmGL#Rl=EtEb(hPXkKVz6Z2~SMcm10^GUhnxvrYAeSil@XK-FD%)
zt@1z19wL7aTAOXmKVXi^;YVfMn7cf!JtBIU3^dD})B9_hAj_og-uCG|kZeCP+YCC)
zL2{~n>YULih{$KB<WX;IwVDAdB>jJ!1Xd9;1$m*x_5YXHC;N1H604a<`?5P)Egs-N
zG#~L-BiKlfYNJieO^v0uye#UMegHd&_Fo)j;DWjl;6^_6Xd9WWrTD$l=7RM>fAg^7
zx&HFVnfe~k<r+D$Yo~i)r*~WBq2N2a<X|*Dxh<_UBzgszxi;KhUV>lD_k6Uk_zV93
zkC7%h5&H~TiR$r&0P0bCw@o@>F<EI`bUAXxo|{WD7#?fBocHhI-M~A+V4<Zpa99Uc
zxubQ{?p=Qf9Tn=QFYyhTudm=_y><hO<AO9-;8*1r_Bc;*dYsS5b8}v9dnA7~WtU|L
zAV^gY?keeG&Z>cjwA#qBlS@NfL^s$yX>#4We+LXSXiRgLxkL^`bC}^nn2ExzH=xlZ
zN1B{8yZ#^}&;CYdjNl)W?K{~_&+W}prXB~c$^Af;!wb^r;B>Gkjp5EWEO4mv8tiU;
z^F_#_EJL!1a;aFZbDYj9zXKZY6|MY?S0GNM1ir}5zdK8H#`!xizQ@QiUiNDd`ZU+E
z(OKJLWs`PA`={8wBJ{~o6+^dcd(KOw8q2)2#LiLXA=vN5h}+%$97x!r7^G{YmNGia
z<g8GPddH@i4xry`ZiRKbQZm{y$nZ%|8@}ir8(O)XMNU@kpomwi!(t#M1O-H=P7XO;
zAd~Rn6mqSoNm^FOFLB+VU`nlnLh%;fWe0N2ckCLFci$5Vl>Xqj8HOU&6^D02(q=>(
zs>`Vdy(t*I5jL8GC|;i@*N9^Lw&Ix->u+xe^bKHq;;0T=^YhM)AGz#nP4<S(PuaQ&
znxUK6$l_HxGu83&q(T8r__J0rZ6L6XqX-Q}cnB3vX;PaUju5xT?h}!hg&(+cFMl!D
zU)&xee_cfTb1Y*3cIUWQX=8v$1J3}Y(Ivxlq7sJK>`A23U0R}#rLgW_rvD`ssGU7V
zQXt!uQIPi2QuQ5jRXFOB8Qrvmjf9L4;}?a$Wrx~P#JdCJnT}lop7FDff%Iu<nytVL
zTeO`FZ}~to^`sl{7vvN#*X^hQ>d~eSx#VJeO?~0`8Gkt4>WTL%L!~esjxBPZ=En5F
z<1F}CyJKXNLD9QC^tnkqYp}2nF2qB^s$KEqk-bFcXo7;^{JRRS2Abxr!qOS5$NZ;N
zV}a-S#)MWFis8?+#v1r1UfDrYI>Oysc^t^O9&v%?DJ4{}fXfX0dql$bH>KYEmcWS4
z?q=g>j?~m}AM`_pDz2r_`w9=`)NVP-aPb>c`ZdXBgLkD<N&=I%%Tn1UBQaOyunq4J
znn0YG9+wj#*{wp__jHMI-RXK5#b21|W`1(4Zrjw8R0tMT`D@f|Ti|z8tsQUId3UYx
ze@|lFCS2KL5Nx0LXoZ#7$@n|5cxVhj+%C3!L%@irq$miV&SH4Q0DUKtVxZH){E1~`
z<*%Xu_^dlaX`fI<i3!Qt*vmky^TVo%=w#zU8rAsWQF82IiST4Rf7^gA)^LTlStAv4
zdm@Fl4!4E1D-^r2dqG_MW`;#IaD(6Kg<sxZATYgn8Vc!Kl_HwiTEw{b3>Cr{M*S9Z
zLtsDLY6*Y*#5bZ%vMmK=Y0yqo*$B|Y5#W@&ez7KQvCqu?cNIhR^N@xRb#j$D0Ezd;
zn$N?xJyM{d5f7)cYSzovlRJ=RIak=YPC(lJM)co6GR6I{q@COEh(Bc+>0XA{d@_c&
z9z(<UvEs9NnM#;gp|1U^6tjN@tMMaqsb9$jOurwpC5!nIGdPL&&;gS8$38k*LxG1F
zI2O9agX^=<pq@|C>>S!Jg87ayc52|MW=(!<rI9P(^Z9yjCi*<f^PfmuJ;c*W$iEoR
zb=j8>4sv>uzK&LppB}?BmrPaCxj6B*;X*+3i(L61WHHm-+&UMj{F{P$Hz%#jxwpdK
zUPVA+Kse4%Z5-`E<-Vf@NU4x==J)`w$Zg@VF?PU$0%+Jy(}FyexRc|Yt6(k^cKf$f
za<M}KYp<SQdi12bSvqz=i8&SSnrDRE*u`2`DUbBJa7L)cQu6a96)arD<0`t)ALeO>
zxk94S{u^VEZA+<e^`QpxJYt50Ejflp`SdLcw+o@BIZubNM~O8`Gk4jjG-@oc8EG<2
zQ4KJB7x{Ty&726=Eey;Cl!@f(QM$84P@wmZL^tw}C~dRDZ17KN>N-YE3dWy`m1Xd@
z1S7X;5n#Wpze_UAa}`?9($)qTkxpe%eaM><jIV%5*gE5k^IyexUu-2;q_v!ZN8_;?
z4mLg4l)iu~V(=CAp$E5T=kUAaEBgJid{~ztB5%Zsv#aR~N;8tBxBT>2TKX{(7^SKK
zhSd-rXrLn!QSIi<_NMJ??2s+`f3UaSuzO7K(J>slLvC^!oeUo^1F+^sPGD2$+y}tL
zaGYG1Uu3)UP<PidaJv#-l!2sL57c~lU^w@S=}D!yZTs|g)qr&TkIV#1nPTU0%?JMd
zp=%+r^{?l06ql2UC%xBXm}q^>aQ=Y{<%%HiOWVFDXAr4YN8+`k#qpj%aGmN>MI*o>
zOS0ZUtx{l#f&1j&p?cu=eUMLL&x*0BBD)o5pv-RHHy-2+SnSS9N=i$da58af+!CjK
zKn}<$C$d;qSHO^czXf`m0wDajm3g_37eUh@{seD2D8UT~zqXd?gPpsNge3PFvF&g7
zl?A*HNrPA$)?HKRwIud^E<RRnA^~d2?hQWe18R7t(Wz-j1N>}qzRi1JHMk-BcsEw#
zNv;c}Qa(5HP&O!1oupj`sxt1*1H=z*%*~aYjEvIfAC9IX;DHanH;C;J*LE=5#^GeU
zp3a-bnpcna_w%H`rRBt--7`E4t$bII?bhyFj`~o&h%TFPsp8yj=j%8%)uo5kj^+Q@
z8>Ryxs64Ao^8EyWW6q!N{m2Iz<<vu)1L8zRk4w$+8zwGVd)MrJzDF^LM>)r9<y2<1
zipIg=PDy2T8FUN{<}P86H8tru7x_>(2Pl>w?8`5-SZc}#D{htX&f}aFwxS4FNVd`|
z{57xZO~~C8G?=ECH0;T6FmsHITzKv=ZXyBlW^&`^ogLS|K<tiZ0-J0kPGF8-D^Nl<
zEVZb__GKiQEP)i4bC1Wce$Sx2&zSa3^+WSF{DQG7DB?$OT1zo~EQ|{PL)8BPd9Ghw
zKc9eTSfFK7-o^P|;DwclL_q(jIdT#K)fpt&<FO?0u#1!F-d8+NjT#mK%|!$yNB2rG
zAZ!hdv-G<=uszOWJ!>7w!v-b3?v=+Ez@VJzc{}jdAlnd^s7?(~vNr6xMMj$ZAWeIt
z7981O(?5?$3!p-hMnNlAWm&!<hkCl6d6c~#BQHJUuPU(u&{_3&8i+uA%Y4eH>11!4
zyyEH!354h1j>p=4?GR(`F7pMMV58OfvOIh?8``M~8AeO^o|{vA4YnZmAhqYD;-Y>m
zn1=bq)@lE`G2GzXcUGBiK-ASp<ewtM&rxPbhMSyBba}$2YHuwgB-*{=iT6+)RSGEe
zdsY{jCSNCN*y2sOPru7gSXx74Kve$9<)Va{m>a@Zv&E#p_Q++xfBOh5^%&O}UXYAo
zSXW@o-ZMMQgbTe|b%AbSB#yF);_~Zoq#B!{=alLjFx-pV;C`R5S0&PS4<uJHx@XfP
zriw_eF)jR$wSN+EzHO9pU;^kML<V{>!+%C@lJ)B*8%nfY`0driOE$e*rqfnDb0-k`
zEN0^{$EX*#%T2{~v}-*e$ws%zx7Uw!vUWBYVv`PjZ9*i4O}HwM*IZe6o7avEuefc;
z<idq=M=IiBwY+BXkA)iHLW3=P&jIC_ENIp5&A{^!Tq!Gcu7(w(QTQf%IeBp0OR}4}
z<$I_;)2IE4lCs(G!2l6?J9r8>=#e-wEQl1yW%KN#*LxO)S0QB3M&(QX>Uha!(q0{v
zqYbkAmeAZj7j&!`GaM6}8_|Ye>O{buD}I&P^b~*Ap(erh_ZN2d`W;4v&&}AX{UB?o
zzgre2CCo?#UYl$^+$=YKRF>8Z_G4EfR(tU)*zJyN*gp!*%=5{t-Bjc{pPxk@&=-s<
z`q^hmM1@AmiXDAxeMZ)~x?otFrmMHWx%|o@L-e_W>0+1Sz6{<NJOh>SKgj1ksT0ZY
zse>)bBrEPXDf{AC=ua!DcEN17oaBQ0z;b8fMgm0Yw43X?*+>iPkuk=u*JgLz5YL|Q
zxhgFT<#HXeMRF1~X~^G4d=6JvK(WMkpuFBxeqb2++^4IUGpx|DjrITdk$FZP+=Uh?
zz!10CrluyG4Ed&pvpF`=BQ+UBhoU1q;?JTpyG5eb7)_@Dsm=+qx$n@6W;94dMb2ns
z;~(3rf2KvWQ(4UG=Ov`|TNvBPX3mMsU9@4QaRD$3sMk(NE<G&m;@d?3vWrE?PHC~N
zo&d4U$uAw1P18xW!lg(p;)h6m@-@5ASvucoC9zIiv6_nJJ`*j9ZmhnL<CD9+Xhx5z
z4(>>Z8)(U8gSj%?9(U}MCktXDjw{YLN9jO~n{jj!53JULRS;1@EUZsi<rbWs06n&u
zYCUI%GW>@Ex8Ki)C|yG6P(8I!%Cs?t+s>90K)QVuL^7sWWAA?zXZ@+e3O^FE73EW`
z7CVVmb=e9r>%Uvd`foAG=_n`?9Mn-}ML4zRGZE%K-YW1Ny%51UIO_^pSwy@uE6mu@
zNHzJ7QL*rxz)s+tg8TR5_ef6iMxU)bjUUVW)KWIAIJOLPyo-d@-x|!=dh<EKu2Hqr
zrpXb9xfCXl?cDN_i86c?Nrt{*Yi($s7G_-&c$&`okm~@!UQl3}E-AJQLqlzT>Cp}J
zSzvX7Vp$UKnObPDSAZnmFaFG8z1Q=962LojcN~TE$W--xAXMoc^H5LS+zQeB!i3K1
zi}N6$>Eh~4)ciV(5ubfCMs>{cHg-7e35SresyPNx+IsfG4#Bv&ihQOzW3p89?A1<u
z%~vwfG_XV*prlJRS|_P>iam#b6eHD9weJ`BhJQvuF8xhVsfiatuKPPE`L2`nB%r2w
zM`wPr**MHR{-`M&>(SU*NX%hEVp?P!gpJD-W5{+2`FlkNWwZHBTIe^a@z%!!P;7U%
z+`7g(YzB|q)M!SXxCe;UG}D~|`3IVnI3oHpU5at0ekDL$ycTg@hxBDN%o(ZC2SX@L
zC0<Z_Zj^5Q5&_Ablq`o`6W>u|dfjBBH79k6ygGdaLJ3TnTVmcWv2gb_<yE~ERJy0}
zvRH@Zc7F*4=RS&%3ZhC?@^NmAlWjz&V~vI^yrWDaEa)s_+J2Klr)q=(Zrdm)fSXl9
zVe;2ai=F?l9fO>gqmpWq%F0wQub4-z$u(LgJ31US$=q1lrsLF=h>`uKHVIy_u3Pz@
zro#8`RQIA3g)&{kG(@Gh;ye??nY8K5H=E1wrcj4hY-Bp|+>f0?^a9TIM4#0!X7AgZ
zJL~m2e_HqDr+KJTOtVjO{v(JCdq+)|1l58T$M}OEtqwDC5IL7!EjG(ndq5rxogcH^
zdEB|uUH@T{vJ?>2DiK%ZvWWaa;6d4R8xaDe!<pt_t{bW~rupDOxPWsp>{}dwU|2Ec
z*{lnK8W5CUmpKFd9%JaJzph&17o)lR$dP#4gPXzm@7^j!4i@f~`-EyypmO;z=_MXS
zwZL)$<@Ps9`IfANE?NP381yv-X-$Yg0C&52%tUu|@?^wczF7{*+pg_rfa~V;m72KV
z2R~-69s2(U0iQ2gdpWSYu+(e2ciT39iJ+H`Ke#=TT-@0-9O?@?evHy+e59||mZ$^y
zr^Y5{-Zfu8cyROJW7V;L8?IO9W-SC|C)&t^YLl@az6#HorP{Vs2W260eS#e?J~8Nr
z-_TYUm6Q9s`SOS_uFBJghcT?m^(CvPYrrY6fN7XzMOqQ%PEFDZEWQJL9?8AZ=H(bB
zu+6Jt^9+~?yx5wi)v1M#o;+c1-wDnT|AQn}Gz%d^{NO4<6|?uDae2VWF{{YA?v6_R
z)?DG-_jBmQOm$zCz8wht=4UIn8nuQHtM!Q&_x>osgA|<a_9es}_LHV<-(0m-nsUA%
zzE;#V0IR9;5dK5p9_&i-anDn0<v-_mr<0LC@gVHJl^c?<b}2k(4!y?!0jlzOgJR5<
z&QK7YN;CQvIzG`+GuhW~C%T@CwD~vQ*zvOO_06^Ju{9<Zc5e@?u_BU4_c&m)tbdZ!
za0!eRv?eDSErW|)^#>y#E=bP5SQV}%^ef-MJBu4YFK|}S*bnsD>#Iv+iPhh749NKa
z{ne5Q)ZO*;(;$!Kd?@rKA85znH6ht&)MI{=bm~F>ji>am%NM~CbA0~Hso_oZkX=9U
zVX~LAl1BDhn8Y#XMQ~=Tqsg{0Gsi@`q3V;^LgyEKt;WOIrXemu-KuHHbkf~rF#YB8
zt)ba)fibKXs6IWWfXu&QxZe&O!>s3~Qk{=cHk_xqGzNAel4B?}lfD0D!HCWZCj4({
zDIC`sBi<SysAxVB)*kGj&U_vq&7Jxo&$u>|o4KKZoV54zPEM!wqIz6vlx<jWsITG3
zFa*19m{?1C&#1c}xfsFUegL!HfzfN0y)46?`90C(mHEkC$qVBfL~LkfW@J|j2P$0e
zN^dyKuM$$>Y7tBFtFfB$AW3Mkr1<cHID@Fb+-MUQh)kTE4=)eM?<h+|>d)Tq^$n>%
zS8Qrf(INSZDhc<Oh1z;W{6gzCht3EaAkXI{-19sY3S?rQ6{$ar^LPM;6f`2ojl5&!
z8+TqDHOe#2=&7VE3Fn5TS(YZ>iC#NCu<sYXx0DHg-9vbmj8ze6r_C2PjF0OZa}Ro{
z%b_b#%%d9e!$OQrJ;BBrJ~5BCdNRgVrwb$v8)27BgXrssHADZTQ0E?hh*28L7z%hR
zr`)&W8YEBitUjR^HJ&s9<2->5HFXmkjNYf-sGyp!o0bXvu0+!QzHxM!e_LN5rkaLG
zBHB)cagY(<C5g32cLG_^gtwZ_&E$a)(G-RWHqfM{Y9=#Maks-e>cb8P22_DK<2fVa
zZMx4kCJgPcU?m*2<Aj90G4M85ho(9vp4ypH^XOs<JAgX<9<A$4ay-jE<?jHA{pBof
z-l|YaCuvMabwLMq%yHlLP~hEC%f9Y1U-!bAt0IK)6UOoADr|RKn$77Dj;}!xVMa2Z
z_-DN%UIzyYLm4-T#u&;$_kO1O`9h7EGWF;Jp)PlXz>N6!@H?jUY>nSens)ssw%AIy
z^6`@Rld?QUKXD828=$Dnf4(mZi;;%j(&p6*T_R(%m($!;?NYW`?l%Nvyo_ZqzI#Q&
zC+faJiOu&l2+R&Z@2kJtiohqcu{W#QmbpIKeb+uP1fGbTYBZ(IHQz9lUVURx%<zlp
z>)2i}U<_E@Zqy5stPOrlr{_2*-bN(5ABu&JXo`!SNd+^`<~-7WW_X@ZNH^vjQQS}b
z-N{Bh9md-`GCj_N?w0vIN4A-a1K((`EU35a$H5aBw4JGVEd`|L?_YX2)uLWV(HH}D
zb9CJNmoYrM3@?FNot&aoVwak@c3q1m*h2#SY&qY#Rtnj%b*qG#-jqsEfp5Mh)>6m$
zR`gAC{kD6f;>`D+g)Yg3=V#9p^OA%G7$UkSS<XkfvOJTlahlLS`9kDD*?a0q&($$%
zvVvgX@aQtnG(E1DrlMR*HBI{3LG}UEi2;Fz9QF1WJ^)H>w3Wb%)~7M4U5yfGEHjh&
zW%D_54(6}~<)4t)PuM$iYs?#QmW`Vd<<J*|+w|SI8?^cSu$KLJRFdtL!rt>ISPTy+
zcT+E<u!mT9Tv7;2j&g9{c{hq&rtUZ9rjUI=A)fz>wTm`Xh?#CDDSgJbdKpliyLvP=
zpWZUfpG?HwWuhJx=l)wDb!eBAB_#SIaK0KZ*|_cmrs^#myVG#`abFD+<p^TmUiEB6
z*CR_WYMl!LdOu^A3V*M987+zLS#O9c*pa)Hr+vj66?XRkL|Zc&P}=pdZy5xiqn$!G
z(vE*5%5Irms8<W+EOzG%U+4H;p)l)?H^Mz<hHsnvkqK2s#P*2`KP$Y6n?6K_tUq*%
zqkNWt>8EM@WVu7%bV4c+7*(Z(V`S>*d+<OZ)cAENG2gY6jiDTxha^l0a=NH2?|dab
zdha5^r~^8PGrh)g*ZhNnkBMNT92TU^kz&EwJ2<aj;|h=S2-vrT8G-vP5hVJ|dT&S~
zo2fJ`RMFf{L7!aa8(CAxV`MlC0)!0FO?m%frkj6q30jvsba;Wc!%m<)U&QikF05zT
zpG+5fo-u>NlMS?J7dMwtqjCNsk;%2BeK>Z&@H-|HBVZhn7&|My1pyd!nj%Q~CJwf{
zgD0iV#*@Y7j8WQsDfi7yrI>_PQEjpLV-`9ae947B&9pJSrAo|hZ_pqRR1R$dK2^e0
zAVy_dEMIq{!c8OaG)hK%$55s{*FvuRD&2oz*@|hP?v1uHY&|PTdPnn0*bDkP+!hw{
zyt1@0S(~ix!B(I7U4%B@Fh8cH{zcsz431f68NMB4gSoE528F!<l%8U{^B90yeDQTN
zCl3kCt#gF-H#*EWZ!ubufU}!<)_>M2k~I<ltsS}<N3N*df*7Ja+H99FTWr4Rw7a$$
zUzYn~*ix2{$#(;ytLsxSnC}`Lf`zTO1c@!1e+ht`mH;}HS^t#Z153cYAfqk=iv+nr
zug&JrWou5A79$n(5fgG-Kme?!ZQXf(+!o<%rC4*jXE}M&LNgRx`+hxKA4uzWtiCdP
z(Fx?-YdTUlLE8wy%TK4EFZc(*$J4T5>kt2bLd;@SYi)o5@GSzH_9s6j={a7EYwv$B
zUlr;blBW9CHs??PGBfPXi9VFICwO^6Z$>qWW##J~8`QS&_4>##yX8*OBd@$iBJ=B!
z+o#`5N41esV-BgcsprVXSBOe}Ye=@~XuwsI&sP_n7Xl>*`En-~Fg8{qh8FH<1?sfT
zow#=CoT+cvt0K|+J%Khq3PSW8=)FDvq4JcC{cLw0nCts03Aa1=-`GNCw^r$v@%<M`
z#37^In-dV@6D^Hziat5;CA01+w_;>tr*wN}o=zHHkm>mO`nORJ(r_M(o<W--5=doF
znrD$~@(emPEclM3Q!hQ0>DfSq3?_(vZC>lm{h&H3+JN6PUtw`Wp<lFpHU!iO%OgXt
z0Hsx)I`FDgQIt{9QrFr6p6T?FAv^%`haUiEvo^hIMhFYMl9H0J4VDeYL$?~Tzp%gn
zlj59RZBYMYeG8b0s=7Y{mgZ)n+LSkyK>>zg&=|Jmz%tSNR^G*a%zOFaobsp+g$}^M
z`lUopG-~gnYAb+ja~{!>Yvq)uKhA5uX|nCrSNKF-^j~|w09L}0DjoG#z~p*s^_0=G
zGWtMhZIRSqJlqqo*micAA}nZbwj2P_aen}vvKJZ)FtM?r9Fw3XqLW<eYD+z)DcT^^
z7w=dUyG*g6@7acVOmi;yCZZi+BUN^TI_Gjk8!lY5u}u;S6Er?aWxySF7c>ha?F8#I
z_m0X3V6i_(S)~J)pNSU*0j(#oT%x>A-C4g(DxB~Cj{x$_RC<%Vp+}dh>_ovniamf(
zb}b{vtO&M)Mqz_x;`>y_i5E=XRlIttTvC8{E24c$q%lshWo%nVx*S!n1o`e|^Vv;m
zB9UreDMP;ZBRun#c5HK);ky*cTlB^10_U{<<LK<;ncm+&zFQlHjm=$X7Miu(JBVtt
z&As}J&0Q#WCC=#}Lbu!8&D`XkR%zy@SyHJ^a&n>&N+>#~jtb$(DJRNFzUlnl{r;@S
zgWRm`+I78N&u8bV^6H%v-m<y+iUcLyU?+bBUWDLm91P0M6$?x4WK~n$5r#mrzCbl?
z5(^2AfGM<_%{Oxm@#!F~UHBK|QOGSOzEUL&EJym3vMo0Mvblk4N~_{UjaCJy^Dh`8
z6iEw0jYv9)JCV$c71QL-=rzrF<>GK0$4sEAM7gD~f=-o6lnLo@7T|aVXOcXUw8JCu
zl-?o|6nD&wbU)#hs)FaQxPcNl^UvS{9oAX|%VAXj$FIX(VnzaReejWF$`lX!H0VSA
zi20Xer2Y9it>DN`NGbZQ))cBs-$r(Juu;ea*l`%)Ph%RsH)Wzls7I{gGv4(nFhvCZ
zNO1HD^Jfxg!~i`rz{rc*mOWx%)EVqFBT(O)=b$^v!z5@))u>&4;!O{f_1#=Qm1cXn
z(CXPJH7t>hV9*nGP%XDTYgH7-xQpW@+iM~7Pjd>l>(s0cv{W=P;(7(byDTv>Qci@I
zsFI9sQ#3uo>5Xhy8WpaL?%z~^<u%-l(=c)sWAho0?g6oYr81XQ!)U?I$)Qs8w6KyA
zcu^$D9;=hAc@h-@sq_Pf;TfT3sY2tyA8WYFot0?T9u`AVj2%&IdH5Cb%u;Xyjwh;N
z6FyCK^Qm&popRO8qw@M|+x}FlQA2jL3M|+<N^EGYB4PUjz*PPBh)O67Fw2Dih^pz)
zuX}K+8+P4Iu}RFq4JawPDw(qFSL9f4Nb4L*`&I>1OH(CU8_I-*G;Maxj0}N#?ik=z
zdk69aTR2n+a^(0Z1dccTFaO5Yk+G#8A-~_`=vk2T?M0a(DTidyejPMd)({aEasL@G
zNtrVY!d`b+ndcD+4-(Z#uqO%yt9L}p5oMnByNDV(rsG{qgTIl}2s_(gn{U5fqbjf%
zv69RDxq&01*c|CYj|DsuX=|BrCpTgsRSlwCz{=a<Wtxp(J;Ss9TITM1B0|~;_l^_s
z?G?K3<n>u5N69LeOECXqX5(Y0h6o-}Z#52b)i5W;n^=a~{6#ID9))ScILhq{^=guD
zyu#SKN{NlQzwU!49pHMC%7h2{I%LASLQ2V_dDD6{s{iKhM%Xpf_Cu23s&kOO;TV@8
zD>~W{pL-QA-d7sMfej?DL};*3Ka^!N(Jk`oY&BPN8wncLpCn&!zDcB7ZoC8F_)>C^
zwHFuZsYVTJ6-7c6d55C@loI{}$XT0}o-$LpYDLuE%ERMhmq$79_)~tr$`J_5d%_!R
zkJIB^_i!61fKkrY+0;U1+zOCn=N&dP6))d=@sgvF!AEKMPzZZRxSm!Ha_q;@RP5VS
zo`WWjSc1&L+WmZSg%=QR|3E4!H0U5V+%e2&VwZkrUqS|tv&ED52Q8O48^`-*QNqW6
zl?ekwAfEudZ2#R)kS8jMf!owW&NlpgoyRwGvG5-hF<2gs7vI&@k%L8aXB1{^oT-YL
z!eZmSR3OR~#~dQ=>6`$V`1)0jD$GJ(i1G4lu%^SS7b{HPF#7R+WZlI#2mDPlMwzNW
z5+t<3<1l?qh4SVdSg|U446?z?)Z=p)WS2Q9emD(f(I+v~rQ99WHOB)<ET}$bDm3ZB
zo(eU0!M~7ix>}uVn*q;=U_yg_UZ|^AF(NpU^8?18=%4yUnK19!bX{q94y8_`r_yMw
zj!H)jPieyZE7hjc%@y3PBa<~K<mR&62DP*RL&sB4Yikx6gOb6f>2=L|)DA<(chanh
znhwi*3#PG{435w_cO2fG#X)Qw!d`nS%FpWDrVMep&9yz2^Mw`@@hC&_7<Kk{a6`Dl
z1A+G=ZTi2bEftoYb8TwT0WQ-%oDMjV*<F>JOYD!<CM-mMUdpbtt*d1K8n!_$e4+_#
zS(3Ycn3e*jb>W+czK>4dPjxQkoHSdH1A7BHYDR_%HVlH;c#3arT@au*%s!A>I2IoY
zyE6`G5|7RRC@XGgx2U6v`uN#*RI2fVW`VKe*$o?NN*%tBNlE`+<<q(C%yQ(eZI?jl
zu-4}1!2c)gKWPj~Ze8{=d)(Yybm9@yN%uRyOXJ>GSX-h~0n4f1WjaE;_rc-NV}Lwy
zw}ZZZ1BBf-6sjBQZUPhD0}GT|d}|}OmLuE-R#ManT*`w5nYknVXXATGM>P`iqh5I(
zNL*dWFEYBOXueg}QDuG7FD`o=Xli%E6Dt55_N~sN3+ACJu>+1@ENcFEsBduluv<l3
zUHdVyvN>wvv1$}<N;~@(cHAd%QgcCWCi2h9E%%jR!_*(Ag{>W!_#Dk;)x0<Bx1&e+
zo2>+PL|h}T)(7dwPG9+-b=?*_>R`F2KizfcEgK*`52X<+&BJ%CzWE<0vJE^k*=r7%
z26IN~CiWN6-zD(cmMZ2EV6QUuehzGEs@x+hCc!Cgwx$nf07_^NlkzuS<n-;zc=J{d
zpbrdOHuQaGk;Z<yEBIclgL&gW6pY(F`gH@KkpeEf1_%Ysxz-GDN^3v&eqS364FIaL
z<6#3A_5~0*-xZ5hc7QJezpfL+UR1d%pN=c90Is5aw(~{1sOcIS4jl!~Z7JI>U81Ci
za}7&t|APhcmN@r2_=!qf*R~wTWY-0EtIfx>-K{X2vxX{dT`x$jv=U9lGr1jBn^PBB
zTao0%M|F8e^$}C!7;;jFzRP>*aY7P$+^3;@2UYBAVu`LfN)wvV5L(1>D14cZH&K&|
z%}+OgK65!Qy)@HZB&9vR0^oq9+I$;2rd(F{r=X48McZ;CA`t1A#m8G|4RPbYH{~b*
zOC$5&Mx)yGNeT|ki!tzfP4NaYPD!tjgq0je$bFO6$JI5UP`d<igCS9JBM!PtgzXnc
z_u{^ibpL}bwegS+C};zC{2YlfDusK-LOZT1u0EzI!9b<fl|os`@eAydYq-UWn{c6l
z@X!KKQ2s(g>~B>P3v$q!9~22IZB+F<_|p2gFG&{8$6g&iC4#p+8O&)U|5BVF`|+o4
zW@NZG&j@J($L$$HAocbsx2iu!;Xdc2LUs;1eCWYKENQ}ZiHEkR<a&PkLfguE)h{fp
zQOb_|WFDcCM@yh*C>u&QHuK^4e(~p<7f?tzYmUF^#3h;Of3O!h;o*!cWoVXRJPGdU
zPYgIm8ZoJRz(Zb^6EKKvv`ge(ZsmK2#(roFwNoc8jh8TCsE`;h3^vttJ4>=1dJAdP
z#86_oV)|cZtl%?W-C0hZm3}Sd53z4akb4Zr5#RhIt(HfdvR>~dj(TreSmqhsc?wvF
z?+8p3auTv7cV8qDb+<SD>&Ca_&R}?|;8f~&-CM?}s^tJX<L3?#K&NO<W>C)ebSG!}
z+eST~yUurSn;m0yux}H3xz@Y6{!lE)@Ej}xhNE$&MFoI62zR2<CopIziIpFVo#U~0
z1o4cVOuV8#RMS)$7O8xK>}ujK;tpr{e=z2l`-{+#t==rZ+@Oz4RbwuGDJ6q)p@{*D
z{J9(T>vX9nx%?*|g3;}yDO)JyV2VKfesU_p$fZQ)#&KRHduiMwu$tXThQFPjkqEy;
zzzUuXsve-q=&UdUWTir|Z`hgbqq5Af9!KRS`*Xd2au*u9W5ZRI)Ft97#dMqVoZ!Iu
z5-n|+KI|nbFG-{`m5R?7$Z~O%Vt515raBI#(~}@Dcs_+f*-L5KaU6C1K_xbPs8ykR
z;3S;mzEKEy_D*NW(O@5-L#=C}vg@{LU={3Ycl-<*@sTbQ<poGg=63j~9t1VR{v93i
zbD_lwbjKHkMkC}N$MLacynouw3dk#pAcD|gC7u-oqKBl2$q0hkae`MylLU)Sb(gJ$
zE0iNI%~4fRLyQsWc}O*$shTuzjx{_!%FC;RJkM(tlD+NlNH;FCgrl%d<wvVyEkX&j
zr2&up{i*DkoVs(dKEfWEFB`>BwAB?~m0)dS5o>_FpuIy4e&rvqNEEnKsJG|c<odL)
z`(!y9IZ|aMk5}5@N2X;}oA=NZdoGp<yqeF(i+YTIl;!UHl1Zs2P;*}0a~tDX%|NTN
zfh#2RDel%uVJgflTbmuq=y5*wl^9m`WHVcJKM5kI*2bf!>dj$QJ5hv{iyAz@d%aEp
zE=>){_@ST7?Q9CP-TJMZy5$7{@B6nBI;}WPgoP(Ka&}F=CW~4631skJz<YDCqE0x-
z)4m9T-`~8*mkOxOrCR7gQ>$0zFzKya33gadj$M0BMC_o}9r%fd`7M$rXKg0}Zd+xE
z`#)@GAr9r38u-*ui-hoCNmReqyihdX&w;|q*b(fpA|6jK+lRyTb!k#!(+Em<!b7f)
ztl>q!sn-7#cvhyY<x!{)J9AF3ECE1u2hE*+a`?hiIo0j_m|Em5rt=qhxqF3HnWWgz
zg<`osm2fVLAzzpocVvs%AF+yMk+83l>u9(mzR_2)8BJoGj7RtxaJ8|~QF>4;oh-kU
z(I(nB!c;H&T}hcO;$2cq!rakXMD`suMZ?%KTU7<Z9y(6&sA>~X=gBhyyWFeLz0eYk
z2YlP@qvvtXhSag_4iUJnWS8P{!In;(lnHrH&)44`0aO|tNI+E4l=+8>X#PI%9mH7o
zkP3vnaF4r44<mtt3aXA<Dg?K%0^3=DZ$y_xz-Mvrt@ji)E(_A=La9H#_o$*K-G5O3
zY4!IUlHuu5aI)GgWc%uA?=7>STBCLJZudTSv~5Yj0r6%h-!F2`hznYJ+S@20BLkQA
zpum-AIvyN;$RVo1p?$f*c0K@FeyXjb=8wnGcYqiu`QeT3i$lPcY5M>;k$%s#PY08P
z(#fz==1-5`zvV0EJ#c6`6-OywEVO{!Q$B$=cFiOCC4EN%fPD5v0msn>07tPcc*QV0
zUI~&p2>pTYpM2uIt(t97`oo%OCFsnJzxaL$+fe=%(Ck7+`VF7-7e!rA7ON=#{=o{g
zRjs5|4)$Zg-!n|t9y2pn<st2Vp?)=X0S7m7GExb~Cl|qR9GJMOV=lQTI(H5QBKj0H
zBmH4oBw#2~jsK-AA8`90EFm9-289{)TU75ftF%F%K6r96r=WNj_NG21x^R6L+N|OL
z?AVnEKJtv+r)#4uc%^Rukr-#(xRSGpU%RF!<o{C{ySH6y&!vRO&6y`nSvs9>FZ&e5
zY_>akpYmq2lU8i_fzJCk>O;=#4~rh8gAqe#rtz{@_ryWU!S8aKl$#Ap^Fa18<7hFM
z@Mg2!Ze{g!KiIg;?QWX-ZmKTxe>XAG<5GQ0^+H)e;b%cca4*=aoc%3Fm+f)^HD0QD
z^yv(c;H0mpg6+)NVh{*AK!26`kpmD<+0PpM+SW&7Sr_sH!}^ZRZ2yta!YXYNx7oio
z|DtR^KW3_@b7y55q;kx48T&(9iU7m>mAF06nkJu`_?g3Mm#o$a`wMI8#3^P~ouR}<
z#}1hNM;`nKrOeKZL(hdhM=zQs@iaDc6CxL~Ui710@~j-G!ofIlE3=#?UT&3ONis%H
zbyOs+t$y>J4lJ(h=$6K;wLs31^dRKbW3(-TG`1?G6W`rmI^f9vGoNphgj2hxxZ+ld
z2x(^#ZMKecBj?3m_YeLZA{#Q|NB9ymvK5^@%WU}RvPL5(qHXwC*C<iS<pr--3fGqT
zn3M6c?>LyJzXZCO!VEw-5L>S_e)J#gy*xU4XyXGmyyS8v9f}w0UJRNRiNf~L_I;~q
zRW=6vyjG#Q&gc5t^LfFPT0><PCfhMST5MVKv4i4UcANy~e&i_)nYBhE!Spv}`rb3n
za`>4=WlJd~UXA==g(B9|+S8$KHD?UJ-}z{(n!jL)?LdqrI(~(o%r*^5G|SKg*eNA4
zF^zMBi=QELBW!Y`57L$MQ|DL<vMVR(f)6B^@9h~yI_!8!u=6uzHbSa3Eh@Z2Q-G(j
zbed!efNQ2&AkVyCByXdiOputL%0rp^s_jx40>)k9lk<IliN7i3WlvmWjaPO%u-em)
zLcz84M<lTd3hBhLHLvecR)*`<+6d<Q!0SYe7B<(Zf2>UjA(^}4FCWhYMn8G;{xfrm
z^pK&FV7FFbh>8y~A7~G~ncj#0gXvs`j70OW)of(n9lY&e*!Uqa{MWPxVahFK7F7WX
zub-u`e%t<0Uf1~plQLYJX@}C%Zl-&Q%kWy=f@~iyq1L#h44IIDq2xCje4jU!XfvN{
z_Brzw(FXs|a4&Lo{3V2P&FW@aEIW?l%L`IdxmV(|85?%5FwNQ-=G`%BGQ$-{#t9yx
zyB7$WZA0o9I~Na$#qswC9E@_8u%<fL`n>%h_cct-0itXBY&>_(mPZW_Bl5KT3Q|TL
zZ1aB(xa5=9Cbro>FBhz(I`A};`cN2--?>wK_(bwJ;^5KhQKF0CYk7(1ku!WuVi4rp
zo)xQl<eQ>l;uGX`MTEp7f4Lf<^v$e9m4dq1O}$an4~~YQ6*j9ByV!fWxA`SNIPD40
z1S%SZPK3wvMjE7KL2guBkPLOf2`l`8I4Q3<Pkk$QITS|KoSJ$kVra?vX1T`R%6Oe)
z@sMAQ?*}!4YE8KuFYr}Wih`uFw3A2WvO{+}B(5tRronM4F<(%S%~Y90w>*_FZRxp<
ztY-g!gew01H-$11;G_1<Z#vrkg)U|^RdWKo{+44IM>+`Tuq=^;bzP>qO;&7o!;uFK
zMKMi2GaSxr;$bN~-l=Ue7bQj8nukQU%5yGAkkyGKOJUh3rtvanQeOPvW<Ag51~@%=
zI<Vu(Cw5RT9-e;Bqf@@#mYX-oSa3QqaJ7J9klYN3eQi6tJsOO~@#Bd1MWGeis$(*>
zvkUTOk(aw2E*pMNT(=hbZ~?r&iQEE3LJiV&c~#;#tSgy=vXCZoSiw(P<hjF4tf~2G
zgi=m;`9GO&nOg}pI%|kXJj7ud;k}fV0ga`^YdXgws6g_#dG&QsIYXSNXaFdmT;|^`
zb;!NXIqr{D0gnD>BIbPbf_`A-DEHGsfA$F;1BIAJbP##CVSx4)`RMC2PHR9G8<iqf
z=W~f5{spCeB0$`(4UY)}3QYt2&Rs%Obv9+MXB&*3shdMUP+dbo*n0P}4v+BXq|7Z@
zZW*8Pfn(S7i@QqK*cbW5!-q#1J9%7`nLZ%{?BD*T4_v}*e}N{}rR4iXBl01=5)s01
zD~AZrLm`IdWP%A04Eu$%gQm~06X{!1Eu*{Iz;7Nh=|`7(R=0@}2V(<gghd-4jdENI
zwuzFoIV23qe~wtkn6DROdSTbOc#G@>S?*>DU6r`ZG+iBsmH7p<){zbV;Bta*Ef8sl
zSq;x*H!;)0--$(75meyvtPaWN-|450Gu3e(S$pJyJ6BU#7M(o8AMo)Jja&tD&W*_4
z8Tg!t`VWSePkyEf>>p2%XnO}@;S_Ph%@L~e@1k5&8z!kk|KgU7sE};Q9*H>Cb3k`f
zhT@tkI6}vGdALWoBQyYJQ!YU`oae&8yH76OtM(w@d*ECu<b~voySBY=Sjf+kH9U8R
z^&ib)Z|}R_%NhMcq42F~Qc8UF<)WS3bdFK=I3an*6*F3qr#UJGC9B`G4Vb@gTqZLA
z`j^RcuJK4@ZPq9g72f0nYEgc+FEKWaVQ^IfmK^C)!wvG7h{wl7l)|rofjsi~n-z$q
ztO5*rx)cxuP!cd7%#i@4$$kPhogenV2@5J+)oM)+_Vks%dU?GDJsAytk*nnve1KPX
zPI2DS^2f-KfE4@e#~=5zm5-@I540Qs%*nVnz7QB0tsl;PM`hxs@(+Pj4(<WVObJAb
z*&l5RUv2$-;nFbgS@MyO(f0r(AY=|FMfAP{O7UVg!bG+4Pib>>VcyS4Md-kQz7H?A
zcDX11;P_he<avVaE{L<T)7&rquTxJqId{&eXsG-Sr~-EwHW7b-tk0ugPi=CCdJVMR
zOvX9ddT{FV)A_co|8V<S%>mZ^kWRT2JdkTTd;f6ou`ihLTI^GOgN=Suc}!tNpsV;{
z@4k~pO)&DsX}EB2yc=))+OYA1P5zM&C*C@rpFRKf3bBd$cposgXI)4de+m?Id2L`E
z*|DGi(*j{F7F=*@6qh4FDg8F=>^R8290vMgk6lr(e)GQcUC%rXTq|~i;X(Ngg+?|1
z{tXKMMiXCrq-}PGPc;llLH=fDra%L1QvOK+UT1NN=)<9+nC-)1Jh0p-FBhv`5+B}v
z(Mqz=Kb&e0Br&Fgmn}iK_#HQvRchqCDP-Vr;iZr~*MmVI$Z|~@Vc6pmzr_k<rYS}R
zwbbZzCo458<K77_zsJCEl_D%e1>U~bEFAoXZ5P~*VuuGGzdf(qr+Ro&ti3cX;c>sv
z0&jOyYY=<NM)_0s&}Yz_y;a37?+?SnIfH5h*P=V);qYZK8w$C~hsD8XTkuvrt2E6x
z-QGriEDA{zSPzweG|LvsB+f}<E^rFdHSVdfF>^(cmUE3N{Y*{*FWwg)^uam7H+8SN
z^Zk<x`!cs!ZV%Q0E5tf!LVgYsKTFhl!5ZM(hQrn5?RGBYB!4b=SV-Ot1xAZ?EP6>E
zVYDjpQmkQ%lSGDFu#!eghDP9dd|f1nN)}x^P}!6mX&y_>kkEAFIQa=Rbdhv4MC*kw
zpSMRKmWeVVMo_snACz?0e1v$jGcVk0JwjbiZ%0`aPvN@DdPaV!XD>h1;1Z9cGNe{f
zwZi*as`oTOKB%XXua%bamG6#9qaysYNSq^%lj2sRt4Sn=?QDSLijBEfeQkkvHq-nJ
zfea<{gZ6l?lHI(d7(c`#uO&X>-J2nPfj5Li^xdR28h0I})=#U&U!QnT%G*2JBiFx8
zw~TI8XeA|6=4A;q$<l-ba*=hY!)r-n-Rt(cIS@TH4Np2+$tj+@LKOUaV4P<>L%Hm?
z?C;~MjdA2?Y7tpFQ~Y4K`!_5#CM^D)aIJ!+^VXVuFn*&yKGZ0AQZU;Y9Ly+(Wyrg3
zt&y8TP#BWNI4rP{>mf;IMjEC0W9WaKm9<ViFbmPcYm+s+2--QSh+m480!mTOGDOy#
zE1eX)so@33KYZKF4f^qGU?9TF^bQG$QX?FSXWq?k^p)|xkfT}G-F3<2Wk;shldYq$
z5*Es45moLktwEd&C(x;s-+5Nkm6fRE*pZAwjgT1=o28~`9^?|sFo;&Uj$f9uSSivw
zG|C=V=VcJb?o-e){&?S|2673CN4fMU*j=2X*rAj$lM*Dkoe#RP!iQgID3vX=V*edy
zm74nP*}D4M6%$15Y-+O?-}3-PTBio+_GBRaFwr-pY!dbo%h#c;6K*A5a^i`fuv)3w
z2Cc#gk8`cL+OTZ=RZah!T&U_x{4D%sj?xFcg-=ku-7Lq3U_Qih*Zs%Za!t#Z-8CNs
zh<LXOWEvU^!maBNtMsST@1j4juDNc41sy&+iH!}9?Y2dUO?<m{Q;A9><zUb7-}e$N
z+_4F)07#I&9~sQ`nqH%t8S+tQPSNDWhE&IC**T6HI&qMQFO3uuZPy|9E*Cc*g7J5f
z$nYvh9r1Y-q>GVC<d7TJ{}d!dZLc6abXub}zHVkDxdajA_Tt7;cV-<V21G)ouyn}B
z^z?$vaPN#Fw<|0Ze7svpb|(=N)2c9gIxT7V#MQQ#?pLULn>a8uVi6&`pDIORbm0JQ
zqa2Q?rP1^+zAXt@9OB{6v!(JzT#6d((s779LUz4yh8r*(i#=fVLMCts)vd3pJE?{~
z_cSLI{>O1V(*8IxV4I>v$~mO8w2E1{$_*ud_9NS7=w?7TW2A$OX|9wD#x6Lh^v#=+
zv*zZtA5vh}a9EXAtnHR=hMVX4GGTI$0(E+Y=^RSchL0(<w(g2Y4;?R2-_c%4vaWv)
z@7+d;cHS@M2+8oq3QZ93QLS{`hK7}Yl7Oc+HJPis$QdL4A}>^xeDERfJK<#nuAp~b
z%%hTP0rv+Jt1=GdCQr91mbwEm8+Vpb0DXQ>tHerkuLSG0AgQz-k)Mu^-N~n(j*8qy
zZb9B`WI+TUwGOyoPJ;c|%kzdyDjCN@k$Jt0Bu@>VE%pi59ee$zvqBNt&L1T{Nswgg
zNfu-cxff8{5qW0nU-1mM^<{iWI&r-M=ViZ^rl;0DOHEL*^Hh_mdCT>EZD;$*46Pt}
zP2GD_;XZN6SFU@E98JLIpH1XcA|Wo!V4VxYTa1VDl37d+E5I*U4m0b_Im1%fPVm%t
zD@T^Y66B^I!FE(rf(=0vWhV=vk$;Pi>w2B0C+Ifr(bO1VYgOVmbx`YW#7D9HJsv0%
zy`~hR!kl=XFW&ZYK#rpBrg4tNBYCrMp|iv<yQ#$o1xZzA7RV`@Dz^d&S|*TmOcixs
zUT61=rPuDG55v*rJPuJsPtJMzE8h=kpF{U?KB(?|G<(Aer;;vBXs_d`n-b<Fg=1V#
z&3j7J9h%CWR7NEneeAUaJM(c`)D1+`Zg}`F4&&;?*n_DD4Ab+9xVRLNKmOXW?#uXI
z13*Ut!CTlzmZ5<z*T$ff4)z^(u}>7hLvl0H9jq?w86;3+5&iD(7k?;29us5p&W(GH
zTdu1@S4J0pKMgq*dxP2HP;xQtdUT=uXaOxIV=mP3EHMuEeu&riYZt7k$-!>mf&`T2
z3m@$P^5)2OEfhFHmC*Yne>;ynPIChF_d_Q01={=rmsp?>N0vUeGQdxUWi~Yy72dyo
z50uN=;Zk6M{xLj-9`ZecJayn^<T99VVyfu>L=PrJ7ygfR$|4<Pm+usMJ!@^f81%oz
zL|kF?X9JZzK3l*<Ry?8#PF$V6ulh`GfYeX>?3=7hU}j2Z#W2iQM!^W<?%KYkS>j~m
zEURB)-wD2h<N*a>dDW3>>;KUnTOXdD1-}kn@KA)U$Dz5uB7H2ZlMguDR<m+WzbYlY
ztNfGrSN^xQ%gy<p4gRQZOIX?6@q{J^XdW-nSOd%*<ad#VhDV1J5PEDJpCOL-xa5_O
zfw5w?o%VRSV3SKMpzHKJwB7Ukdxy$o?YI9gKiym?D4eaeT5~^0N&iD-1|WV?VDT*q
zP_9DfcYrAcwInYnJomsK2tqcW7zD-jM-IyXzU^{%VGuy6J5xA4E&?#M)VPhd#QxRz
zz2&5B9UyH#-`}3Ma|2kUXwE5Hgr=+D2IZQy%)8&QU))~&NiHvxljZxc=9dmB^U_7s
zH<tDC=qxL0GxxrKDm!wzg>)a&A$Mj6M5C7Y7?}1G(H$o~^Zh9Yo0LSh`hripWNH?+
z(UF}5ICi$j^4k<xkzfHV4OBsL5I+2_mGW7g9}Zpj_c5I?z9;{6mzU-!k8?ac>5Ecx
zD~I_>k9n&6bxtW9p1lR#n;)enpvWTg^9!I<zNdza4>(^%ynCmOf0r?t`!=1uY@Yoe
z%qqU%?RA}H{=WCHOojDfgPYqfTj-a<&%+XA@_jVxq<OJxmwew&kMR)dftt7|0U5(Q
z=o7#n3pVDG{@6Z9_WCI@Cj#NECh@gjW(QYcVR`R6<b?&d-wp&N8OxsFp;O{my#7(;
z*1gP~O&nt(MNxA_^8;0>Y5jvc9_EA)E9d&NB(Ej<ts&b<L;z*xRANd-XrlbVL^f;;
zj?97axTWcXxA+(hB~3I(u*}!k<&*W6ilc(>>EM%MF>ugApPns<y*^lp%H;%R^*Rx=
z#MdP-`YPMd`ZsZQGQ-bSeE6J5Y&|uOPfnzDw074X%FPyT9pI_nNb~1hf6ZajIr!jB
z)X9FjGv?ELmN=0nGk-G_!O`?}s9@j^Nm_A+Trf9&Ym$PO%L9W?0CDK#d`W);91E+m
z{T`zzs4y(+$tLt#DH`t|=V9WT#Ma4c?QPTr;r>K4%zkJjSfj645y1Jx^0E(*Y5cgj
zkX2hDSDSk0?=Awn=y7hukVOtL{q72v818tenc;s!rbJ#N=w|YEz4tZ2Zn<rm#Z$-z
z3W_B%OZy>o3a~$Kx}Tw_v-r#oNXeM}CTZ~0xzFRiBfwalkI2PQcl`uliX6;ZapP*=
z(DtXvb{65)|ATFbm!0ndwWCmi>MaLkWv|8;>c!M*`8E8_=8qhv>7PRGuD>N@w`-m4
z6fy-nuZV&761g)vVY2KqBVR|8HK7-#q~0+eK62iY0zATxf_Z^n1vFFo$pq7K*OypV
zy{jCrhV5K__u&?~nZY3%hE@SY+5HSW#)q=0>Y^_8qIv>|fwP}o1qhVEcH=%7Mh5K&
z1M3L=o4upw+<R`1@)@6q5Y1#>b|9I@P8mudBVs6Z;O+MW*E5Q!#LnK9-H!b_Jm7BU
ze}9__`*j(?wR3l}i4QGl|Cr3#0+?l@Ma=XCNkB!LNOkKoh^(@thDD3ZvCoRbEZK~L
zP^NM7o@Bp3iWa3QUvtk&EH0mLEJE)kZs4zOhS`a2<P!BXj_=YJvWgvMD^GKBBk&J{
z_tGnn*ZRn=>Cruk_TNgEnI<OhM7ktyun;(l8@ZlZ^n2mi+PGVe$Y0mUSV0rA0&+S`
zB`4n>g3{+cEFk|LMWsv-xcx?_((sGMI2tM!%#>dbrgHz1ieu9_?qTO6uooAm4yn;}
z{)ZClwprerZ=S&Ik-+-PKFdXjCFbRk-O8Vn2<~20amcEY3Zvj|l$rf2APUys_*8b=
z=v<<E29=#@v?IQ`D-aNur<i18db5lihUiB@c34$&K+{prZxZ^{zaC(F;-)JZ#KQxy
z>qn1LReF}08aJ?nj}Wlo5;4X+oz;Fo?H)wE=--rOC{s0}3%m}fA-n0~;%*NSvuC@e
zSkn#C^ha}g%$%1P=|BFoPvok9dqJjca<CVbG?O6<2t}PzL%|;^kq<WH*g`$8#G7&_
z<)`1KaeaTu(cN_8v?H-!5C-;vx$7uISFb}LG0A@m)h?xmvG`*FRge;TTc)z{>ka0{
zv3HWpBBFN14XSlA`cXmw{(3JDacBhZQw2eg#}WfA-ueRvrg?8f=CYW`9fkSI>nN#)
z$<W5t?0{BA3?F7BjvB?A*+%u+dWwIQ={y_6{(BST<CYlxH#6&U$XX=Wti?ZUZPoqL
z@;XM+T1NrK>e*S-;5Y8#;q)>|=TMluUNp>;F=8HYP<ES!U{`Uh2!=)EJgi@3B@K@X
z?DbVEo?J+fmwn<xS7{c7#yLBv8~Ya$V|%$>NvS=%{+gX@Lg8!drkcU~*3%RMoxupi
zn-@~s$Wb(_$zur<CGWX^tg)L+>i-xaJ70~X@8umS=j-u|;_<t8+ezzhg6%2_Nfl6}
z%~1>4YR@?%C8MD8Irs^3&06x?&Fx;bus}^nsMj>P*ookk?F(W-Iig=vi;vJaN2&i~
z50BKHk{BQ?a+W1i@d)e}@|Ad~cd+OK)3kjYy=a9kFa?##+w9&&RB|&Y-TGxxLegQm
z4tB-Vn$A}=i!CA}rNsWC=wMOIg`ccbpCuo=b_Bq(LjZ%2{1)&TEj1XejYV(HG@cLo
zk=w4Z&CD+m_aE$~Z&Rbh{?n81pq|?;I!NBwLcQ(L{9tfjN)^8SE;zZ92rBExvOI&p
z-~Ds2=Lg9`$jD1sD@95h4thL!#N+6d6PLk1)ECok9~!YA5TnZ-tmYs8;AHC-5#g6;
zJgkP=zZ8E+rF=-oaD(vW4469Xi6p#>MPpISuW##h(?Dd{p#8lCE+YZtaaMnw0JpK$
z)t^Vz{&v25gxS~fMw*b8cy|m&DFYp?#h5)H;}TP?NYWY)O7=K;$sc%>JEvB9AoTZ4
zu+6rex*njruI)$k)icUEK6o%DV(#j_w=Gkjk=`XuAn~kGnC!+Yh!G4E`0pxzFWfO{
zw?lfVX>$g8ASW%kyav7`XlfDLpLz~*DtC3yfZfR)<4uyzo<6(b!dqnt{dqgR!5A}M
z`>he@_fd=FkOs~~54RyHT^2XRDYv(~gSCzALF5ppFXi!%I^csNPTK(i?`(}j9T-j!
zUjxHRUByy$J5U(U+%%gSzH8~qyCTp%>K=9miI-i@v}dM|je@!@#S4z)lywnU!(6lQ
z%^vT0xVaJPD&-}39P8N7)QZ_$vcG@dJgTbLN0G9fPO?e=Lea8<dQb7VP|9)?*V7~l
zKa~peyTyqPQPouZazIJxk1wayg*MX!YZ)M4%GI3HbjzTrD6<xXy3C)=hbrBd=7je|
z3&QA#5~FM)2|6DIB@b2V4jrBoybmKAt0@eVc>$l@QPsjaCDXf>CUG0YsL`@yT04oA
z$p`p~N+#~}2!(E6ConJg1a>P&dgEm`v=xNQ<Ct6`ySJ0cGktNHsu?lZT=4d!9+RaL
z%7oXf{rEv4D>=dA!#wThL<RG8JpAwppyF`89Eg%xk5_V1Y|Cl#!J2H}>R^84J!R9D
ze&9TIzxb4;#1{;ebI{926K*y~i;Qk$Gn@y`OJGrfPU~nsv;A@@-f=`p)}5QxF7C<$
z83BIemLL2$m#IP(%~qkqx}99)OBkWR3NmSQKDt9~txk-!-&4ltXoVG^EJ1z+)+doU
zf8?0fyy~xCOPx__;=@$s1u)M1lT;oYo&~;(|6m&>6w!17mvQffogz@zK?$?%6VoG$
z|Ed+kmZozArVT?P`7qyoMkjXkr?>NB=ek_pHg8_AgN-92NlKUinxrpkmt>P?t_(m)
zi`!7dh|6r4S9I!<rF{DJz@H)o7W5D5Yd9hMO=vkr+0fa*GSdUCcL>3gVz;MK>g<95
zd$R=kr<-`nSLaa*ld0PQr~jw{RGzh1Odf}$@(m}>E(o5Jx7={zvA0D=Ir8)yXL$jf
zNC{u8UV|5X-U(+c<ZS%44E?HKGwv&iISex-Lb}rP{sefR$}j%vyQMPKgH=`FWb(R9
z@Q)9gadswrtb_cSI9-tc=o1&Nwm`fn!D=<!KIw&ianMJm{X~6(oqkUDs=Hd)*O$z*
zH%E*?A_{g}DLQ(g-~yVV2ZRFVT(stm91{F}`AjZVU)-$3dd~<l1~}d&);zr&rN~5u
z$1~5v@B;iJYXjsxW^RuqvVSjX=WZ%b=O!h;#1ba<^pG*>jO33@xa|XZE*`eb@qP<@
zRuAoW>hrQ4M*o8;vCIFyfsf?;5x)Sl64~U=M8F?$i+FhcFh$xh7BDY};qeX+p-7hw
zGc+F`Z&&CxkaJ$_7Ksg^B#yhOctMcxiW;qJdL;m_iazbhg|6E5Ywzl)z?WH%yK65+
zI&nM))2@@5D-KlLXe<x3v7bQ(BGIW0Ni&k%Qhx+mI$Pq2U$87~!&|*y@?kq}-9<y)
zHlc39yg2}#oy)#qN!G|Rk@tmSMZM63iij}_I<eK*0SbM80`i18ro|Dh{t0HPLK<O9
z94~E8*JX$n9XY@8D>xqQYL>v}JOM3crdR^I<e17c&U(s$IhJ_8zp%pCxO<~SmHvvR
z=I2w8FXQ8T!UmB(bZklg)vYf9`?;r1+h}G7$T@G{9mJ%$o-G__<dy1i7)HK?X7{R8
z*pSXJ8{Y>?!}<-1hO*%Y-6#jKIX34)2OtX&ZBE77YV21c^CUqDx$uEE=^V-j9&@6z
zrG}SA#H>*+64l_7JJayFWAj7=UF5Yj7SVI9Os+YrkT|Db8?zK8xFKY-4V((Zm;=ZA
zhGAVE@@bjiGwCW53D<>!PFI@|riRNb&}Vvd0m*v=C83nT%vs1LyOUmuR5g6(dBojO
zRKG+LfjrNnB*#+cj+J0_nXpWU4(besa-68Mnpd?-)<sIG2Oq3ZRXmMp@;aM!eDAk_
z2`IJ-EEMt{_lvzs+1iKXS3=o7=RLbg+jmVdWC=2kqKUfe=3TQf)gzQ$zi>UPZuQ!@
z54*iY$Pq%A%r6`9BDvBQTAHiD`-X`%kDWX5!@OK{C9wiC@}Z(juy=s%uP)Cn_kLQ2
zo$lYF5-r2Sk_0Ec%&Oq9Vj?%-V9_PH=*Eyg-ZQH@Z^+jDiOhBN9(K_=6rQsalAW&f
z{`oo4%tqW|f#mQInk6CwjW}2qL>ImOG`~rKRzMzPVfWZo{pue={ktb_+D%_#EyQuH
zJ|XhGL^%}!i9e%l0=IL`Vrv@oJ+5Y?_87UMZF&ZsL;bw*H@WRz^w*;dtrTN|dg4w8
zWaQt;&`251GFMlc9a8dsTGILx2tSX0YL4bhzw+?nGq*XG!y<|38rv`O2PNhKPt`tJ
zrY4uDT6ZISJKAwiUU%fyh-euyZ27bVbMP-msNPvh4l`X-TIQfMu-5kmWPd0$e{PTq
zE>PFU{Gg+ClI4MB3FsC7osciF+qk}0ny}?L%W$!Gx_Jwko<ZUm=&e5m>6WNJ_>N#P
zas*IBV&~k(L7Zfm90JIHkM{KP`f^!@>)&aH`@eUR3Nn>|c=*%;TyAnFvo3@7&TAiw
zw!2Bo4j_gbzrXioP;yJkIuV3)hdpAy>neVA@8~UZK0*ator%6e(5?<y)DEe&`+f|H
zSqGoxT7O{%tEn;m5W7b9y{}YpTnDJ%YI7Yg>H}GA?7r*3jqxDq*O0-4kdenQ^U4E;
zi@I}fX<+?BmV|yc^ZM@tU;8fR@IYc{uR-xNGa1)Z(>}LiAJ_|uO1Qb&5+%5LO{BSl
zDtWPcE4Au+^yiXj)er36^iO|Eq`$bWf6j<h{A2psi2r2iKqsJEM>c<k>A=4qc$P*0
zjd%k2<U@UcT{>CvCN<IEf2VhN6oR~nmI^5MoV%VuqZfY8t@RocA0`r&AZPn<_eBZK
zX!R-==pY79lfc!duZ<h(;+M+lF?czvho99r?P%DyYaa%T9sgpVZBBN6X2ne|FLB`X
zSQwG>Y)pe1c6~{|;1JI6{kD)l;XfAcn#Bah`wYiP2@;$2;GlyN*^W~-Z(7GQSWDx)
zVBO2ldE@D867akb5u#-s$7PyTDGhOTBk)sYPxu)pxUe6kTkgrGep9P^d92b;l|D?&
zeoFc$6@gX=zVey(MdlEC@}(X|ZlR?e6-atJ*-D=KAZd{Ba-htk;R;kiwIiSM+4HP&
z-(o^RewUa<tfke|Z-(=_T<<k)xpTLXm=1!j^<+PmvhtV|-bm0|3Far8U3ku`zd9#a
zU3UitoT#|VzN9~&D#??~1!<kt;|!8tV9COKP3vwHdG+^h2X1v9sU8;6CzkjQ$YGl<
z$C(p1Kp=dDtJxvWOW&wTZEv5|m{dl07G;p#+WEHLx5T{Of;O_hNNpt{`zgXRUCn*$
z0MX!M9E>nA#!R*{T2_-`?U`u|-A2tjd|KY7^I#t_L2niaK2M9vP=@544GV&`el;-3
zcZ8x*RfshumD2RfC>|~2;-I*WTAv!{O*tize_2_2vG1|DN(Ex~Snd{KEG)!%p;bUv
zU!_G?ndT5dNQdLj=xw33UL243bA7N$#VcVOO*+3@LS8d);zUl0PuJTipCpj`ua0u}
zJ-fxE|1}f{a03%yxkV}fI38So4H7gGITjWog<u<>ukLY^>0QmJo=)XsFq8zS7iAbI
zk^dSC%n%ghRzKxF+=uJqx{84;F`LfyJocL~B<dw@HzQYTfFGRPjjxO0aqkcFU_Yh2
z!t#&U?=(YvZT*VRdOcYnnbbbMkZU3fD}n^R`EEyLR~qrg&xhirNb<&ASd6u=NgRAS
zK~y$^-$hkUzvhpqewY;e6Y$lCJUQIWk9>Q<%ukhcQb8X0XB-DT`7sLK$B+uCT3Tt)
zk<2(^ZYuMkKM1TQKdO^>$J_0|M%ye^2Q%+iH%Tnu3bzr}(_`cuX}rJ}l)=A=b3@5x
z2YCqA0$R;#(<&u8?!|64CEtpwZ2M@VB4K*`(#%v5RbgfHjdK0dVk2j&_KOllY*fBP
zq3}X}3&(d=Uz|4;FAg&#ttLRNx@`K1f!e8Vr?34Xj^wHoEWV6_chB-2dNzlwml)MJ
zwMlYL(`cynvdBi}rZbGqpZd*f#`r4?3wO%V+AVC5qMsYocYe!Z{09pNVry`DYBt0Q
z-q~^d@uQUD%yJF^-djmCOg8*mDQWE<f_gGm_$*AUt$y(>Cj98pv)y|5fA4eZU;|SC
zowvl?#D;>XGUlADYMF85&T~$;7>&9yM$YcZq@wQMvocLkdx^3@BeXTQjkB=19J2~-
zqluTFxSk`w*{el~S7Kpk(^_}znnIy^Mk+5}oG0v&o0_To&LJ*-y1iCn=fp^{^p)u~
zzLOPC-LuqE(2zO<h?TQ-`MoUl4_{;=^%VxeD~&{T8PspM5sLHL&qD6f;|As|=Axpz
zZ_E5`b8y?OH+SPaYZ_m2Lph%HU85|*{m!C6Ds5~|1a>D*cTwR?1d*uyY(`x2G&Ni`
zs&9d&w>g5R;&7{*X{36P(?j>oSYjO65ic}5({ye$8Yi?Gy+qyj@uCCV$)-R&)pQf;
zwN6lM5}Dv#YmA{D3zG$XS51dlo1;1wid?pR3~U^m^AHR)=`#gc!)3Xq=}&p2m3a}u
zcs`0zJhx2UoUEnPmp#z1l881-MLI^OVtc!4Dr{`S;sqfuc!+n-$MK#i_tq%q@8Nu}
z%gz}uttwETSa{cADL#2$xBEq8LR}WndO?2i1>z<9SgNIA1U@rIk5J$^>Y0hf>}rvm
z@xxl+g;#X0WKqqhJxxGCAa+_vsdj!2EAigCnFIgBWkICVk`3A03YQ?b<Rc^Flt|zm
zOPKJh)I)?jue-xH&#GbPu(qCz%wsR%z3<iZ1M4cnjqiR5wNX92`fUN3n>dba|GgXM
zA(jiikr*PAIlP&=9X!RwzJsR2fmIVOfymO)Olo^$EfGI6J2cKHS)lD;m5jo4?Vzr>
zx|zCsO~Kr6G-_Cr!bpi{IaR_wC^4!2Td+|oCu#7TB^nnBDtK03jhXtN{UL4%>MXTJ
z$1M<BW_*X+aHO>w>Rqfih{c!u&W6(+{la~1D@poklcIp?z~G6Dl$g0(O|oUa#P{QR
zNng0yvq7r7YXgNm=v)!lAzy%R-L9jG@ZVh~LK0%b1NM+`o>33jeww=+EF~t6>QrOI
zC1l0#k^=E!6fPKxu{6iK_})RIGEW?m%KFDX@+(DdV3Ws?WLI5Efn4i{<;Z(#UKGgV
z2byJl6Ije)l5Msrv^EXEU*zJspl2^h*K8z&NA^qX&QK+GKY%^TKN;*^gXky%Gghx1
zY#MM<RXLbF-T--qek^gnS-CDBRH!fafRZ)iXawLh=Au%9EUXU)puu>sp=b%LLDIMD
zfN|j3zOWo#-*0nP^B@fqe)tgWIw00;&R2F+0Yr^-zVJ=RUr+i$hW7IN(IDHF!<k16
z!9GNzKfMGTqbx2ufW6867sEe*vE)koJ!@q`+TPp8^ueE6msdb7=pR|<q7n=x(H%`q
zKR6+u5y0u`je9HD<7mGAeqpNLX1GTRrj~*H4h!l~;nT_QIOeaZ?5hU)X`trx=8eUn
zCNLE-F1%ztpZzBp#F+m+?I%8*(zjdPH19aSHcJG|P^!)Qq|fZDc5P4cZ<R&^-8>;S
zcG08ZIPck7-Qa()hmwS8ZC16fx4}cpkr!`46?xw+^!IJZ&fm?(OYJ7KOcD}+nqkp$
zS2M_?6b#Wq9c?w^-uHf2YZ+jcf#vh*n%v4R#oi8tQ6}@Wx+qhx*kuJ`uS1rXW46!Y
zJe?eZgLQuG)kAoH0WF(N<*aSg=$-F~;e3X+twd?M11tFt_Fz(>qcNGgbsrxxyDmFU
zii?`Q;K)J!x{;_lV@VTi4MTGyzQjXaff5os&!Rb>;a}O6G2P-`_jSamWORpDqq^_O
z1$k$sYEr+Y8S~0OAVzD@9FMj!66}>Lo&V;+c5eozaxRG7GQ&CJ__9S8(*pWTmlE~j
z7VmQ~HZPT}C9!~M^D7${RU+dTnzsBs8kCfIN}?~TzQx`v!*1mBIX%NV)P1-eJ~gu8
zMB0#v$yXx(h(;g}?x8n&ka$6Zi%A)D*qI7nOXH-QHoO*Ht32w=Gt*N_WYr&o%%RxQ
zZOMF0`VJcG*lmk^d7;3{Z>zh4uD>2uZzjYl4FH2>pjYU}d{Jv20gKCFSMhC?Rlf-F
z>B#%tu=1Z9(U@_IlRgVk6FV3tYW42E&vgQY+S=+1t$R^8U+-3-Baacq;Ub@NnOh&v
z>u5g^slBrhI>L_gZMOHhad`w1DC(M<PrJ)S)_nLY^t@6*#+d)fX5c?Qx@=+P_Os_D
z3S@j7Pu<ibFB@L+#}J+P$r0J7cn4Ib*b&?Pk4(k!%no+X=S%#Zc>ox=?In3{K3;*z
zlndNe$(Xw$`RABz@wxitu+>T*r1m10NMh(GUROp-;~Oyo^fzx<*U=CqsuZDaNBazm
z9_OD^Jv^XNNKhpp%ZW6>&i=<@{_Xc5ew)0qu~~1TM{ojC@>iTpsAStUoJ89|`lDcx
zX3X{8xBNTf$Qz};+qJo)vK?2|thU6e!?Afuj&{FuOelBoy+?K~O$x#~c;o09iZXj9
zOo{ckv$o#rKw8fDMNwa7@NTw6$U;CSMuY=KQ!w4FkV7_UCWPGjVe^d0_0iBcEK-i=
zrZU`NW*<MqLfRN98N1#pm@(Nwh27#a|G*USkg^jbKh53rX#xxNYLE)lVr*cmby332
zYZX}3S~wqNHu6G0nCA!Dr*j2Dd#8?k_&v`BrBeI3f2n#`HsSu~JtE6Y5l!a$bb*1o
zlh4#-5tcbwFD4-OlmjxVVoC}?5$iU7tENI5hxJiVqgF4)YI<wzqBflljYDNF8s!ZT
z`>Sh{n(@0$W^t+(jBHF)51U+k@Mr}x`e#+q_MYWXRqG>HKk_uI*ZCax)jWr%Y{cYJ
zGb4I5jZ4c=s1#c&Rjr9iRJ!esdJt36^uav@$D^j>YS>*$YQ}9!i{KrS;b4x>xWdMt
zw@l}3odD1jm!|+O;yQF_UURQ-QsmZIL<~Gnz#GIICEDnqk^&U7=PP)b2UfT!A)BZ@
zmWHZkn&`hez|q5)d3rGI4kNpX8UMlZJ17Cm^6c7brbZ%G^DjXT>`X~`C}{)DM4aH7
zm(eD1K5;0QtShJXtw5CFZj@DzW{O~!^d;<kyu92WuYQBPQ<S^uh5=xreb{KGnt2gL
zn0n!lr|z#vq#9{>h&SszPGwjJnmtDfN@T^$OFWGAe=sws#+oS?>Dhj575HgT=Pwe*
zQ4(w%x-3%5Oo#HE0~Ad)^N{!K03$hbwN8xdJ&A??Z|?wy;p^|ir(`WaU1hiw79J0N
zik~{WAitviBiwz<&&E*}#czT*z8(6VUAoKcp7MtRZZrZ_{zfTkSHcL!+F~Qjs=EXU
zZ~nlLZQT)XT5?ZRM|B}}<cs%bDVSbc)v(?f&^<c1tT-y8tKYEMDv?F80cV^<0{x)M
zY)q#TZ+>IE0uVQq*<(p;A5T6Be$uPG?OnXwlv24$sRv#=cwXNiQd^MlSMxZwdRl~-
z-s|C0KM~3_%3miT+p!K$6#Jf^yva1VKg2=3UZZUhMK^Nt$(_wu49g#K{}1Ma-7P|D
zXB;2Hi@?KW(Y}utu3p8M6z3Fo4$^``<O;B<WyknTEJG%1-75X<Kv(?YE00jXl*_!=
zE4b4YWpxGHC^D<)b96vO$=K$?m>p%Bym-!n-7iCZ>xXsjo6pJCyWK{teM+MwEpt8B
zQy5bL5_Q8YWsdPMG8O+>vx<pkRl<r0tdw|KC^j1iA&^-lhZ%`0nbFD9DfuGv-Drk1
ztx!ot+QwmHKYbi0?F1~z9!GO@^uGQ?s@>Gvg=rb@0eFOWt}uWl#$OeF-+f;h`?`Xi
z!n!4qWXEl*57WyiQDVrbAl+m$zq)VqChKbthjh{J$4RQS&llZItH@4{#Kn|p)UHN$
z?|%B@#(e149#gzFQo4yH)%-Chcxx~FUzQ?=jyRUcbqK_6+(ElZad9Z(6=dZeOtsyc
zw?i$)S$Ceh&kHEUTP`XVrPA!On6jrCYL8yvHJj)>!Wzm3^*4BcB}BmR_lIzyH}S~l
zsOu=`!Ul57yNA@g0oYv=YP-wDUf9OZd)c<EjZf<o;YpBj;TXA|S`0!h$+#c$1^uQ4
z6PXbNkATT`uB}JlvcD}ev#kSoykfQe@qJexxq%~)oq!+L;tkKQ7*pD#p9Ak#4MM7{
zskbn0s408f3~D(WHUK{I+eT19x^kObaQq2axE#Lu8x2e`heMiYq>mk(Y_AWIfEw$s
zuX#^QzvGQhG#v*Bm!*lH!t0$1Lgv=mpDcjHOur@$tayH~&rJo9lXh%p*HkY6!{8p;
z03}y-V<GIo8c49jv`^!pZv)L4H|$V_%tP3k*BR+fIcev@50?g5_iFcDn=pQ4T$lr-
zVFudK=hA`$i3jKrtzhTmgd7ljM=Dnl56nx4`38FizSH&$hG;p{?K4Z_(v$ILB#T<9
zYVJ81-~KtQz1Kv2e9JiH#Jz~WyLk)7T_4$@I*a9jz!`O*^GglL-2NKzqkLu8GFX+g
z?}6m~MqNhVee8u1dbnGrcg7Nu0aMN_6hF6DpajRCZSf#>67>Q=;2vGql(gEvwmw9C
zM(&sL^>lvQon}=Bh;c*QmR*a_+rd3Zw>G|gV2~79*B?-a+coVQ`L1Z6|G3TKq4=nm
zjiojj6;Rp4Nw1nKn04j#|KsS)!;(zjHq5G^h^XK;s7Ojk<_e8l1q$vYC}ftFnI>X2
zYMNzE0d9z8?ip>bn1onXR+CvyYEoKRnA%KDHD>0R(>S(G%deX6neSf@@Hq5P-sidR
z>pIVp!2*$Uni|!&+XbeBUWx^UhezR$FNt}($~LNA`~h*{X^IN}MseS~@m3oBmVI=4
zDi)3~%CN1sG)JzI2K%OyKD)~OT{P__x7X_El=xX#BeXpRd=Gw$)q2OdlJOLn%{r{8
ztyx3&VfPU8kPnkNH~s0*P|Z7Z0%_zjqq+B&*jTsK?Xnji#l*d)8N40-YnNDsop)SA
zK}3lemydc3`xprbvp@7Yq}5u6I1g9=Jso>yWs`VUQFhNi`F(C<lcnYgHniG||Ba!!
zEo+u6p%R=oo5;~7Yu^_Lv*~bkt%gnxq(z^aKs^*DgVn>ermG}Jw=bm7SiH`5W3=Bn
z($faJnSB#^OUU&Ic)qy!Sk|z}o2CY8rwkxrIQ*Ipt(;RRl0-`fH61rmJj<Hr{i2A?
zZ#Yr&Ri%QrrKaChRXLurKaTb=RJZ~35NlG`xr@lo_2&u*i(?p#T>cj$Y-ew@BVhHj
zpXbLPCGjj#Vw(s{mIj*UgOJAh;tb*XY!PfTUDvt$h(Jeie+=}UZrv;A^zaw=9C#*m
z-y)YZnGVCO-iUpU{n{%?T=tf2ddYQCcjg%vn}fEp&HKE+fPKYzYrmk7sYdhiEWl~X
zA)N@;-8z@g8pP3iG^@nR2S~iUyRInrbMv$12j8a2uoU<Rnrd3gu$+_wr_;V;jjU<)
z$sO?mF9Rw0yasL9B6~|@qYoj&mW~j2ZC^#Vtnb!dV()pxq;!7a39#GpWpi-P&Cy6>
zh{KdFu#o61q5Cb};|Sr7u)Z{M`u$|MgL>pWf*27ajhfZyw!iEhwYjnuvLia5Kom3C
zs3z$I{0&VAd-sOdT8CwEL*qu^U!px4fXN_QSB(xCMf!MnX#tm6qp`+pXB8mW*%aAr
z7kxWw`~5!X!cYl{Qh#^0Regv9f5U$Ny}1-X?pNuY2H%C@uE<nL7NMDq0F3`H%qk)u
z>r>nyuo+4cY&TAz+KR^$#$$|7bzmuMFAq_4RAluu<(-*c02YjPD=ZBd;NMo-EuMrL
zKWUX~qFVL~oFA}r6V_2;F4p2IO%vj)2(}D?<3|e8aspKgqnJWxNQ`mxix;pu6t5<N
z$;=d393o-8>E*na*_y${i*4v7mzL07Gbe$*p?g$BR%|AU@=`z2p~Wrf{q_g9uIVXn
zJuCec6~A|X1G_GiVdqC#V0-nMe{vV8AF_QEfu;>m)aeGqJc}3hcpB_B3G<pM>x_F`
z(jDl|^Ve)xbtZTmFVmBv<ObC7cRZ&CLht}A4+`X&R|>JSishFz)nUM6&p^nq(8+m4
zpx2ig6E@#KL`1S_G$kdEoG_`f{@p|vK`GZztv3vl(vR-dD|~-6RhfN`#?o$KW-bM3
z4s4o0<%QYrV!uxWpw|J0)oLzGS^Zp$3w`&I+Hz)u=QJm1@v;xN>T12AY}_1Vi~J%|
ztONj_T$iFKB`awHa&3r_9pxP_QIz0UoS_RMSbEiow`8H!{*@d$xhvCUf<r`XQec@~
z^r&47R4`1rEUusA5-&4<8;c?CPk<d!ZW?9pt{f$ikF5ET$@X3ca+jt{mx~DX4WBgS
z4s35J)itl5ShN#jUabXXq%}#n&?qpl^LrpnThWGt=ls%zTtCOiE^OjNc@DV-QUXt1
zLJ_+E=;xU~YGm(CfDQ#;G{YA97QmY58=urH%@>7y^plwrwkTkn)N<M2F9tS6_5h~}
zM3yy#uG=q6n3T;!SLg1iN^Z^KH@-Mp8|Al)u6%)*mw0Mq>Ledux1!F<uqPW>Fl%7j
zD`#iGKPMrQK>y<zYWoOs@lmUc(5<fp=2g1rV0+L!W=eC}=;vZ$$DjG35o_2#GE{-z
zRG3vt@}~hL$i0kVP8N(>Pky2=xlOTm>nRCBiI3V-szCvV#;-vqaZf3|JPfw>N3QIo
z9@BsexOM4ut$p=6RTCz!!j4yqWiokvpW4$>B}D4wJ@oE7j#~IzFu;&Pop19Eed$}p
zzP^E@n9`cJ^zn*(9$~I9qOKgzJ{;X_<0R^Hu;KO%kIXfnBbzK5u_I2WoYMN29Gucx
zqb^Ts8G#wA(XjNtp6jUy5wYf8fu-p91HJyL?~HKOAHarzdMamo-BAQb@`Q~Iu`a`?
zUFrDmd5K`8sN48t^HinW?L9E^@(d2Uzz~F~N&8?y1I?GayMc*$c;9b48@pbxxJhII
z=0EumXpLsx02cAU>yDrqyfQ|U_Vwl;dB88VE#ONd2&nw60ZG=UOZ!1+wjZQz!K%9>
z;6ZTNl$EEj-a*>}O45Zfp#Y+C<OA`)&Ct4mo{_2U`7r%|4)%T_z^p`4_G-=@$)4XZ
z%nCZQ+ZMolzx%G5#s^k}-H%s$o6T+7n+w$4MHjwDewzbrqa6?Q=fM*8!<+CelFUun
z`n3H6ua=nB0Z-}h<Ttp3;rg;6aA@B={&m7rk{-3`c_@GjQ#L=MH@~*HflHP2Ca=Gi
zANcv=R{Djbf=pcCsXx~oos80VR6bpqzK$@zMwA5BEHASc{-d{fCjAQ=1spU=LgjS1
z>tpMJE)aX&7LuJ0ioxd>gK+EJBwx=oLf^F8IxZ;lBu-W-V+SR}($<PIvow9-*&nG^
z=@Gl*XU_$f06_pq%}W+<ubl*OS6cEf3g}HJ?9dJ}X@VWrJS~gm6DVfG`bF$PGksZD
zKHCj`b4rieFSMl;ED5bsA{O)v7{!(}sWa=f;k~=^=oVzwCIqMzrK~^T7UP`8Y!&sA
zm<UMl+zXNHLe=38&9BP^*tth~&Mcphc+hG@WN#efCa83pXr%l#+l0)JYakpCJZE3O
z7W<UDFwLfBNQfs=O~=^-=u|s*(VE;FI(0yI&IS7X4*$&pU+Fr9h1u-tnz}$prmA2x
z8~5mBvH|`Rw%Wy=cVWHQ_WcZrEi7Ykl5H)y2*U+OXuN4mO*{DR&7>}1N8vRd@0uCa
zD!R+e`2rh<JGfFS68sR#;<h10P+MtZzSH%%A!^zI?I~9gb%mru5TLJGE=0Ola-w=Y
z^=XQz?ZfZ6tKUbRHX_IG-%??VJ~Arz0i>HyGNp|(tnsYa351u9e{tEewJ+dby*UGV
z6_wdw>ej1QoXxigA&`Ud5_$1SjppX|r+O9c^DfBj=T3p|_dC1`qM^qT{e)_O&WNd&
zUI=tm{zym+8lWV7lUAT$+wLnh-*J&HLb1rY-~^*Ab2S!zjNC&vH+4>KWE0%see|@S
zTRsW}HIs*)aY=s#X>3!o33AWBzY5kM%k?D}@;R};yd;Sc$(MO5?Cy)sv&xu-Wr@7h
z=`W+CzqqjLiw~+8_hm&B1XS)Gvu3DiO0A<0mBRkPEPW{0wAamo0V0@raJqbB=8UTA
zjzI474;H;Kc7w<i2%pNQ<f!uyt_2v|1(AE<6Di2>U4n57@1-I;Pn~<s(g>Ejz-{!|
ztc+aS(j}W|0!yTtnJsgsIq0Vh9mWgJk48*i8h_7&**3jS<n$F+D5Ug%VG{B~#;m>4
zS1&Uk+QF_fPf+MG2-yZ^sOzcUwd~x?(aRLFEabaW8X}G#0xI9#&-0Bzpf@v$&@MfL
zGE!%>L%P(Pb+Xt`(Yi?Q9TJYqz#L{Q>6GT^0JkhQ9A7Z0#O#<EIuSELIZ%mDu2Wfa
z@%jYBUw(v8<gx}fQ=KDHt`8ZHcfCwRNVYUYZ272}jCy%jM;hJ-s1OG)Hi-64&)Td-
z5o|$^F1)D0>ZW6~d<`vH0<1<TAJ@mFEc!nTI&0_04uM;+O$rf^Rk365W;X`fA#|>p
z-V}){uT2o%9`b^3>eM-lkF#6g)Q6%)f*QhghIKR{#3u4kQHi62K)y#Y)NQ?6-%mIb
zbXG{{{Y<U<I!<q|$6cm#57rw{s_|xew+VhBWIXgvv6rgoO4Qi~f`0^yc)schYN)zN
zP-{MRDu+#7Gmut#Za2|-W+TeCrsxyBW2InLk$gY_JN1!H^93FN$3HP9;50h(?oDVp
z@(R5j_lV+vmu=nx!BT24b${p;*3(%ts@yKj)6VCUgp}OnL<h$P*t$uTDMqFwMYrB`
z)VWSM_w_mm@<w^E3P%{!;Ip|#UemVgi7lSYT0!T0O(qiNq}!^@toarQMRK`T30c^3
zPzS$7n*==+!ct%G5<`Y%{073=y%Pir=_cU2?OqUIXQc}3PdSs24aJO7_jfjw(nAFp
zNC{M3M2D?9pwaoJ&C#)&9}I_Pa^de@pAxd``-~cG-2W&dRzn!2$bnZ`vqx$bb=-p+
zwRlot?VMier-J6@u!)X<+TS8)--wwGpq6-6`!w_eVc7B&%~zlbicuI_xdTwr&a#KB
z@7b}vBW57UjWcxD<8?^cPJe2vX`M(AA1F~qYOtYSsi!pBm8&Y*HFwM0Fo$)EY_or_
z^Qe9Imc6X~d^H0Tqim`ZhEXI0`RO%T`PTCuGfKx<ku`Qo71o#8gX|u+5D|P&K>?W;
z&1A@UO`vAKWw;;=Od<nIJ1X5)sw+)ly`xb(=AhvB_5F6%71PAXuD2M9yB#*4n;EoR
zWHKkQ5(y4!$|;-PJ2=wdI9CqNq{ke_8o)$;FX%gu-&RHV<WXgcTHrEvE^xdtxDC%H
z*u2QRED0xhy_~b?;!(s>9!kbUB%yzl%GlIRU?depN6Ep*am^E9xaI#mHMS19lln#`
zC$fpa_)O3CyDv<v-O<3cc>EVj09mc!r7P~HSD}QDjuMvsRsid-=5gw)G7>R1o4!?Y
ze!a&!Y&}R-42_>e`S`6pQcqZ!pibhrIn*>p=;m5DbL>v<yz^;urft&lra~Ua>hrV=
z>-zB6oV_)F+-Jw180~4Xg`dg0&7y{P4`2AQ*RNBg(ZYj8Yp_+tB4Nq-0a~?{4_dpg
z%syEMlP%V(ehdwJX!IC@@=hCF{$cyKV-~3@8FUO9een3K{N?;oG3;!<X!~t7jM`$>
zT{kW-ux>5+Q5d1rD|_#Lc2!Mj!<Egg!Io}dQjy>?TPDf4ksxq5>oz<Jjw4$(jMxy<
z8H~!beZK-a^`?~mV?(B%ycrcB^t)dLE~i4qU8WzR7$}@lzqqq}q0M}8MoZ21fjY1`
zIXvD9Y~sgfbjG{Edf|~RncpfwCgnn7Quh2h!5h$XuC?o;G5wSkj4tEduqXiB^>>4P
z*$G-SJIcKcAl-7jV_MP)P9K&xr$GuO<;|oo6rS7CJ$>N|n8mQKF!mSj>1Q1gb`J!C
z;LFhc<^?h1gUJsh%+o+_qN=X#fa&h3_d(XZ!nxYuk1p>M*Iw`aM(_Ud?vZFOzwOs%
zT`NC?1W>06U#5sUs7@n+)aQZe&-Q7C?(O_q+fJBXYUZijE`89y`W$`_CarKzGe!RG
zvt|m{C(f-ulB=(($RC>2PZh3o2i(^Gwd|`yQTreF=nIjquv<NNaPb4ym_;8roQ*d{
z(ZLFS0Rx&3sY%RonbTYTzzpM)NWb=}8Tjn2R=&F$jA$Ta=q?mFubqRY4*}L2du`lA
zzc6=EThCH=6}{2ab4DdWn36OGV$m|CO1I)jP1LMSxV+2$_^hsTg|u(`S_=}}ZW=lh
zlmk)}ws|_!Un<!q&M!5?FEuSe{0xD+sz>z|UF)-W0})ZMn$d-1`kB4?W~N<o?kh-{
z;CU~_Vevye)DUs99C1EgFGgLU;(04Mq%EDz5mMc#-;~PAQkKO_Tu#cgtx&f(xroGh
zucXTL#rLTdZLjo>8lAW2OU=~a#b_||J|ZNt)yXZZrXmap#1I&*Q!gC0d}e@kSp+-C
z)XkdfV9)_=!+5)>AX*$VHs0bU7sqcLH<&)pVB56`R+pLvZO`}F`9|!!6E$X<Gi!SD
z<A5ogt%GhS;mDO4!lWwoECF5oMIeZJHY~bc$zfmZaSZ+(de-Sh3-kI&P12%Do>Tjb
z-ge^%p^$V?G>|o^=rVipk&znHpYO}~vXPl|dLs1I;!u6Z&3YYaQ`>}@*+Dvraxx*`
z=ZfC?6^fd6ZB~<p%n)Z&l^*UNlc=bQjjejbnY}DD3N|u4;e$F>u-YCv%t&?PWzp$A
zQ%#uG>qrd7^5kcIbFnaII}FnSIn$R6RVE7ZzU-vL<euRQzAHl)AC3_9KLfTl`yR8I
z`}fOHk5({{iezfFbJ|?9^W4Q$H{J5VDrr^e%6|5Cjn|TjAD-V7g`Iq*xH`9X?pCwx
zoU~r#%SoGgEMTvj2DqdecY#-!na=6PgvempM+uZnN2^V^TDi}ZJi+=)eF7q{Vn*F<
zD@%V!x65-F=gcAW*0Dy0GIG<81iu=Kh6%av^(o~+ix=rg&#!?L0aOl}kr7*tfwA>L
z>Mam6-TP2r$yS(BfylWEAL$0m$F#1&OYoZpp<OD<icnt7U@qeEsPG<DbL5K=z7n)x
zQ8|B$%zg`%FTPPmT7l+Zk7a2txA6&q?>IQR<w>p&Ee?1cPVIukusug%$I-a(il5{t
zxkV&zeVVkg^2Q$qlKXG>>X6q*fo;KR8PF*DZqv0$_OeiUvBukwHQgOPTz#DBiyLV$
zX_{Opw>l9o6!xDc`nuOFVO_}O(4G*5$Gj6cfU<e02Oaj(41TEuYRdj1h(f@XWklxT
zX!!SCnDr+=2qS6<vVUP3z#W@Z)mO^lXw>-cTrOaJZF48CoM3PNtph4oYwBa9l`^Xt
z$c`6AxBPPIm-uElz>;KKrtWX#3u5L1=x}+^E!5bQ+%6&3VUSWC;pXe`4DJ0MAFpXa
zC_UeC++VPDKQO7uS)%x^TMUN=leE523}Yh^j~W(mR<qbU3vlM-$mO2;mIpv?5ndP2
zk{WeO!w^APUXKM~OASwI@GW78&4Hn^lqcPKcOXD?`nbSlBV>Qwl{Hu@yeK$#&epz5
zTmojJ2(i&{dW45A9<>g>YGiL-GNq}WY0%hHRy1<Vdt{VL3Yb@<-7y`$NCz#Y%VFWl
zb{dQAesY*z3LI!55olQV3vOifIFI~M3WcH%k(@y@&+7MsXq;O&$dNcb>EQanC}#8t
zrxMtlCaD1#K^!H{GodiVy`)L#AgHT5H9H=ocL(fsx57D6OCPpaSw#;Qz)U=|^jOsL
z*(#AOyaG*tHjdg6>TdiCW3sRK3PU#n;DL<`(HDPkN;c^qVL`NfQ3#2!2ZgB<yD*iA
zVo`k3UxqN!482l$*B+>Ywr_BYbq*LM3f$XpPP{>Cc#T|xS^v{0`whc{pWq&kcTy8#
z&I$w@|IR0L!Kf2Px_djB;Bt31^{p8aG~wXSIOd4In6bj^6=8_JZ*!hrzi^$Ze@YiV
z(k(X66~J>@VTAL&M)q1oD4mQpOP>farjOUSV<MYg3nSe8WRaNeYUn#cP=ochKtF<e
zrQH>3T8IwXb17bpT}eV!?bIB7NKX4H+DWwB)Q#TbGDb1Kps9}|9p#5_6R}Z`j>HeP
zEV4KAgfA1H@YyCWTyWGaeKe$mHMI*&c$0M8BycF4)l>4`EnI0)$e$2gN#sg;iTc|i
zJJaDW<KtMT6%x|4yf90c@9>>g?l+^PyFTOu@6XO4k`uTpK+4=m$O#mp9e5NP-EVf^
z)X&Rff&1hn*Ec*ah|%0hSN0Bql}15oW!2LmfNU+nOWXDrX0O%Ymxd~hkL}tHfv0}j
z?CmhOSmDuo0Po=6oAe(nek4%ew9L=MGB8~FK~?nxG*Z-PkSBe{oc_<r>|Y0-=D3ZA
zJ9+>X<SAd04|1TJ$$J3o6)Z}AQZ_ODw$A|K+T+_%K|nkxJn{(`e*Eh0kBh;a!v3-b
zys3Jd^E)u-0xg(jCl!D-(&zF9WLGT)SfgYAm1mZfnLFeEz)O4mdJloVi2JuCYmqsK
zKMsR5#9;8(ND#`rB1wo1s}FBKq1;|>U_4(OB2$K+3qF-4%69nMo7hh8CRa$LLE_r_
z`Zt)aMfc{bDsr<r<-FRu%<c(01iSF9XfP1AhSSbZ4nB~r{-hbIi8F_idHL*l8hW-$
znSZ-RB-=Dd!4MmWflJdd=wtdpoyl==<C4$_B8x1)>u$B)9;><U93~?AQxHp6nQ1-T
zUXF^Wmx~39T6oJh=tPNLGpe~%+;S^ozzGr${iGw48>~F;Ht`{8ROE<n#8yVEoWN)z
z3=a;P=3w><?UbELi<RyIlbyHB6Otx%ro_Z(fpz(T0Yn;}Q;?tZEyV#zmXH`F@WBSQ
z_2{tRyxt^p7!cZX*ZOXt+Plg#?|(kQL)nuXiT0xQuxTeW{uOW@H*&lTNeM)Uty=_e
z^sR1W%$&?mWWe1?x2&TM<B4M8)J4cy)pa6!Msv&mK?T>Y`w>&D-qWn7(-sQYD5SsM
z46Z0{9EaS_wr~aOmC$l<j3&hj_@-VGMA$<?CP8@>p}Pp+fYd|YIjRfHQqGIpeo$Y`
zifZMhnrA{zd-d~FC1<ISE4D*iXyl>fW^FQQFl(>Ib+H|ogoN$V;9orvkd<!|W8?pk
zi$bw^GPHh9y@K8ANmz~lV-DhM5GR;qjzg_q&GeW*M7*XQ4OA-w(gv!_tm{atTi8Xl
zI>nGnU5WMKat!-m6-srAu~n~QUQ{O`rf535AEi3~m^f=i#U3I~hsd4;feM=JSR}G+
zCq=`fm8Ed52W*Qx5sEA-d4hnhu#ii1V^@Du=^U2-4mb@nbDf^!pQzR|<<AI)<HKTM
zymXZgauWrHc3e7fi{cRu{sC)#sq=6>P)8j)yiSi<Q@Pn%bx|IpFI89brxe47g{bo9
z+obLH2I=f7wXUZ(kR*)yD~*6#9Y|4|sTzpCynCrHI<{_=vV>V2U3KEu$exyfk)Neh
z#jE$Cn0sZ#R;wxF6NH1?M<OrmZtl{hg*6?NMeBAo5(lSUMS2YSY7vCRjpb=%XHP&U
zLc;v@Wf3DJED7EJmQTEl+oLWejK`+bxUABVr(L703M4))f^qkAZYHj<Sx>!#sa4{h
zC=G${@mje0U6~L|ZNMywIe>x<{7m9SW%{T~<gTdmX4E?VMnd5?71pHgmfrbDw8UB(
zdl(hZ+NMX=O5Spu^QF`l-1=6L?cI?dh}N8v7z)Ag*DfAAGDHO9xA&vAbA+x4`YT2>
z`ez2C;x%{kieq)E;E^%}l37J5yVl51orZEWj-|-Ym_>v;LjWH2N!K2lZ^xyUH*)As
zZLElL&f<3Vvq|WXPoBHhD(Z7_3gL_aJYb(!8M#y&ZyvGztkfO3HdJ8~)U?39dH^LV
zAzCtECsrRZMxpoDa31+))~3h*P(b+Ri<s4A&CT6{e~+O-nDdYwPBNr(`!-v-mJY!m
znqj^36yI0tJ>rM#{~1eClyO{jS$aA1txz~*ZGS;C+28!0kGyVxYl^yL><f_p{Vh=S
zhER_YvD|QvLGP(uy)&PEZ5_pDuUI5<xgQU`y2llze&Gv@-G5{XzPtNH(2{5VeoDsP
zTuQahI8jEt%CVl6Z_Wf0nn8e(SH=mpm6|`*S+2lqTC>oIBB&%R!AB9Wnbf5^vF^Jk
zu_>E>;95R}HNX2v*Kv2qr^?IpQfX<ZbHl{A$#S3;Dxvm`8j}jQ;h@@~Ty`q=BeV}*
zv|mJ0ca=j$U6}7m#tZmD*`7yI=zFYRG@7g1xUxs%U^7lP6^gC!Tstd+9j>{?k-#1p
z9YK4q5rn$mdCha57NTr(QwaL}9YK`+<efS)a+!|g(uL*R8fy7@nIJmKS%Ut16~<a5
zGzcPW*|Um(iv<F*d||3FruTqCVM;m{*?N;`IwwnMZJ;aDuR0|Wcc8v0tT2+3YEP`^
zSA@Nd|D<BYDtLW7RP&$mJHu<hiV}0Eh2uv#*yG_CVJ*A6W|ZBOZ!@-z(ur}Tx34Oq
zr-t>tX6HRxLphYy$ko)m%F4$VbjdBJ-BEw#4b)C4&Y?#_8YaTp_0+2ibicJvh=M&T
zbVSE6XUkV2mj+g$b$1nUrUDA5s+=ERS}P{hug<162JN>Z1fTs%Tr0m9tV3Nca_pi^
zI)&2X%qFaY)$#_P18rI*s*d^92p`O4ppZUR@s39X!idd{s3Ex+L4Y?=rDY{D_O?hQ
z_`fdix~uR{pV^fw%yRu=Wz+q!csvSmhh4MZ^`s+IpAZj5F?WMp)2_QB6B$-?xA=9S
z?NF+`F{?hZ1zJ&ZKqT7rjGKh1->nm<YDbNu`&-3FS?JCBW|7a_`HdUd*9{!^?j@&R
zCFT%Mjc<|&sdhH`+crMVPA%s(_ukh8+nr0m*<Y=UK8et(+0$x?^EY=~=;DfDQUqR}
z9*V`2CL&-|4=;DFxo8|JJ3w4>eoSnE*GX+LJ=iL$<>xDuqNL82)<GSV>uU7_lNa8l
zs<0L@r*tcN1(Jg^kR1MKox;p-D89$F3bt%DH#sKhM!T-paO{H^-oU!Z0OJD3U5vC3
zCgE%6<(=(X?_E3JhUfA&t5km5qx3YU|6;xWrm)<5x!N)t$N6P?FfG``>W*wYl}EW;
zrv^T03*Sr-BdtwCfY&;mqPem>h5uDhZj>ke$h<M9WqqJ_fpZOK^Hwh~F9`G76sL-A
zHa=c3GMazc)9dbVqdfK4bMR@eWnziew4M%t`$!xt1z^~b>BMRE$o}U?kL?5mHQa&M
z?XAs#a^kO8M+`6LT+AOoH~IGtH}BZpIl-mr<NTm5|6MCJ`bqy|nBIh|{(FJNuD+=O
z)J2-!=Vc`7$v3kXt*OWn1K4Shr!o&log(+MG^`1HnBKlHc?`(#zLjdG3gg^-<}2sQ
z7uA@~5e$K_Tg^vb1-Mq^cQF*W(&*}?8`Rn*w+}GK*;{sLRTRE>5DBo~Vh5AMt}-wC
zB>461J@+?0ezPP!TwaP0BiNgY7*+Z3+CpZJ*0TpDJ&t1A%6ZU~z>vdzFsm}Tz-{f7
zoPw=WYdtSC_-<@|%U0+L?ItVbszc(mE9+NaN*=DU7MeB|hywQuF;pGlX|(FEei2-u
zrh6#_EaqBLKi<kV+Ii?Nhxksh-MxP}u?tv;|AjQlF=^l?dXFY^extFB6jQTV=v-p~
z+_g+ZdN-|$KPXy5FFPiqIOZhs=AjT{qRAFr?s6xa)ooU5_vXV*ZmI0kZ(ItCj^Ya2
zym5N_iv&H6Yu;d<JHZl3NEutcMVA>WP_||N!fM6zn2MzaE2-l4h`?oh=7PvTny}jT
zVM^xJsbWptRho#m3c{%NSEAAx3QXlCaVX}!&}xfCH>I3JdJJ_=EO5Q_@*~W5+{CoI
zHC{7%m3bb-^~I$X&;_<ZewzM4_@vworV6uV7a!&n=!Q6{OGTrr1gtRyW!-cYQTEIt
zrngh^`=kwfVxM}6=81*<Pbay|Yb4&@Spvo>fP#e!n%K~@yiUysPO7#o@sfxCRH<n~
ze<2yWi*niCF~6v@I$$H>P}wJ1)oW4ETed|Uk%@aOW`$iMigRNY#HJTJ=TJbMh{<A<
z{H~#Y?c#^jVpbA`8U`Ve!Xm+`U~VErOkLo|J5>0oQFR_PmFmS~=V<sc&|yuUuqDpO
z2iMOoD!I*d92+5^ewoyl9kF~Nieg6;&O;X71-!jeZ)D_Sbjs2w4(EQCnJy+rBb!o8
z@P!Aq_0U?P*<e8)SyUFrxV$`o%Kq&$weK1aW@j2#2PjsvisqKtgfI@L-y)PNRZ=Pv
zY}wZwA)7h1F`pL!yI2!#?Q{#48wu*eg-v_R+}UBQc~#t;N@Km|PEu`H)Ql_!#tYDt
zj?QZ3MJX1X&Ab47UU?1f4H||1Ig49py+&JwKodpe7qAJA$$m5<vN>IF7XLcj3~O3*
zNCd7lD_nWu+vt*%DT^A9m<d!pCy7s}c_oD|?WhV8#dJwbkB`!wKuNW>Dv9L84|Nz5
zT~cF`dLz;Mo=-xK%Mrl$%Q45&R9Pn5nO8K8LA~9SkrVGY{5TToknKlG&Bj?x^ULSM
z2zDvqEx3wUx1OL##z%P(S&P*sY%A*)LK8a`H;Mv?(9#bX)?(!QAO*(rjcjDSiUH%O
z8jQpY*sObPv<WA0FLxB|GP!;-4i!abSB`N-o-oivFuYPbtS%m>-2X5ND<2*gSv&l_
zNQGvy3vmiw)dD-)5{>-$lZcP_i`0c#`;Rbmp;&-j;2`TvRVv9&ip|`V{L3K}L8@sB
zpul!_@3-Na*cV%IM%Za1p-|Z)iAqE#)+jRC`FO9{b_2&gI0ZHr*kWeiW<>GE??VT^
zMWUD~?DP12D#F(Lv+iWjua0}!AllXpm0uKKJxSbUSrcqlzR_#`U)Zd|@v0x8MU})!
zzLJEpIHi#hB=RROU0?7Ck(q2swyw=YRlbUQe-4vn_)>!@vj`LDOAn&iInRt?Vnpd-
zsPtS%8Sy+m0|m3s7gqU{^b_3AU{3h&(k%-30cDC>K__nH5xvH~>HOAQQq#9$vXXkx
z?i_Pw17ag5;Lv3eMrPn-)?xb4w&-6~lnUWpVbmTo<g83GpmarzTCD$5c^0hSN+@xn
zc=R}dpZz}yv$qpMl7*4d0cF&mB0^E_S25em@KO)O6<SN?JeH1d@CUx<M7<VNzPt?R
zrlI!Ml4vY(fq|^trbM~auu+xFPddCgVpl2Qq8>W)EOSzMBuG=*fN>uoS}uWXDzB)i
z{VxV8m8ugJf>k08YCAj6<#wH-koi>K<d!cKo{~cN`TJY+Zp=KP_`uc>!h^`~g`(q;
z824Se5>`#L^Rn;?wN3^bX-L6ED`j`PHItz%svYcbgYhu5TofB#&WNuV8;uPWwuAKL
zhSZV`s5ma`qqehE?dU3BN?&r&Ek9{+kgW>QjYD0?x<@U_KQ#8xg+^R-r3Rj}@<l(7
zo<hibKcy>lEo~&3moNohv);KimC9G^`r&_N5Od6l#P7^>r#_fSTdFd%cuQXkg3Cs8
z0$HTk#69`kKEk?5aBHy0x9ffn=IdcV3%~dEa?nb-GF!R7P?M&JbMxK(n}+7S^T)Ni
zX5*c!`n%pa?#H6dAH(;Wf^vn!`dcsm!*6Ypg0cUd^G`q@WOn0!(}ZIoHt~k}1FZjC
zzlcX2?Nv{{{fz+of#yA@)Zp=){U$MKu9XVDaLE0e?SIO;93aIz{N2smH`VO`zu^-I
z;9lVS=7U`1W)RbF>CV--PyIO1FFJRs5H8!wV;wpDyxBj0{ATGiNB{0-SNNVugx8wK
z16rqV)@$!-FH)WQkioxpv6TKx#fgN?B%eUo3Nmq`w!V9RB)Qio%hRi~dH9Zh3acG?
z*x3xoY4Op`M?YLvv;pSld73`3okzabFPJZUE{eqqco)M=J)O&yZK+1R%8%7UGxeYz
zO44_hy&&kyC-qCtsb_0~Pw7+p-cHH>xkTdC(e%)>i#)+rjdaO@C&1C!zXtW_(GuNC
z72|V?2wiL>hwRjQxZWP>%7P84p>rqn8^oxGBBWIx7%Y!4O0NIL;|wDJfM8SEA=r6Z
zl~tRWyGyAaB%t`o_A6cLbe+yC8cdxTnrpAxWv+jYFip)K8eP@5`tt7W2AV)ALv5?k
zG@YrUlpom>srO@PRp-;bUF0N(e1y#EU#}MFUCX4MZE#0DJ>a}qBaxUW46A^%=pQek
z^X>gpNSuYl1bB^1=zEfQiAWgRKcMNo?Q_y?+_05I`WlBXhwHYf#X0kHe^T6Th&j0w
z>rmKcS-_kcR%4!@m_Qn=$RUjpeQ<Z6Li~f}0{x_N`jqa(0Q8qvsp_qcMaRE*x&_p4
z><x`PlPHovkO9WXgU%sh9uD+`P$T;T^h*ZSq0vbC$0|*lq1}M&x%IO2e8B4Xj-S2L
z?hvqJb;w5p4mL!qBJ<KQ{2%hrcGdL3y|cOvDr)z<d#eG)tMKWRWs$goR|8iQI1gvU
zqwv9!1MG69N0g&$816-xfXoD4mv4s$vMS8Y(D@#BB=X#ucO2f{7pu)obI}(?$YvHR
zBVP|x7RHK=w>2=YmH9+}&i+th(=q+aGK-zGmL1HV9uOk?K=jcCyx7b)#sAYo!$&jf
zoZ~<qw{)Gx43%U&fnmtp?DjjstQSpnf~aUwsWIpGF1>YRP9Jto8C=N<LvY%JxtzuS
z!uGq0$nQpZOTc-6rt84q`+K0^ks2q2H_*X)0l(XdlUg}*kffrVs80wX8XbK9g{dIS
z4%-PHyoulm0;yfFw2fwwr<}2x`XA7-<X_&+Wy!v0apBXmdOsrT6isW1hBRX@<vYlY
zyb3{xyU^Sb%Za+Ytx^-WsLe*SST6}4+@T?dB=A-mX_c$sqoFCkwbc?{wB}^+0)3h-
z$z!ph(svVlYpk=Ez|YGaR{O+R`jVP_G*l9D?fVR7#JPHnCV<I)4<|m?NL#y)amI}~
zl2LK|iF22jM%voXQgyctnO=(XT@fwaH{;MaO15G74WU%k(UQ_TcXh4ja>y!5;hHA1
zETtcL|5&1VF@bzJ9XSInU+X-ZhM+G=RWwm0R>DE#9j$zGu|%R?q%={c&Nv=PU|*bD
zEpiKCRN~nuodf~u#~ymq%mt~o5;vuJoDj=~pN=mvv~kG37)u*0H1G1fpBaG)I7yr^
zoC4bbNkjcAGl}iIIt7KQGY2`FrH_B%Tcab~@L0WkICJ;S5e`|9xE^DTd`t<Db_*gG
z)p>ZDswBYnvaZdNX+zz;^O{0li~pmJVdEcj;2{g+{$*U0<0pMmFR~m(UQw09Psd2r
zi@qxm#>GUvTi^rJoDV1I`Z|T$ot-}F=LIKW^pnjRHSTlP2uom9Wn)BL=&Sp3F(EeQ
z+fi0r%)%$F#w6YR+^n|b`QFh{W~A$xR27WzNUI6))u^IMK4So`No4d3&^Ft^uM&;^
z>*Xjnkyf|Hp{*hQb&SUKYZ7tSsRa;-gS)MN!~ju>$1Qw<Ql%{wd}Uxc22ivi#CT}Z
z2jI^Q%&<ijL_tlukdHh3UT;ON^lVY~**!3%m|8kBB*g;PmuqS5iAE1i+PjMnLrX63
zx?M~ExwM9FdLztmh;5_7NGwJ}ljG{(UVleoYB9S)#;tz6_IgTT?-@kXHx>3s7r`Vh
zGn$ex5gdJ55A*A1Z`wHwiz&5w?8~!2u8m_c!w9LxjYdx+)c9GV)&C|-6yogYClFd?
z|6?(`MI3FPWc*_oHRyZ%U1*#6ryL$Ub%;Vi*#@UsqM4!a(g|FVtWDstKGH9o`qS8C
zMf=U0JmL#J(YW-96I0|zi9Fq4^)+sCmg0ZCtTqDnWqb_2#{=@y<$J=*iQx2r9{in~
z9Fg-F7KRu!^&wgwAQG;}{~T$mrbjyLX+d5-a7a*#J9veH@#Qf=s-@ecOUBwyh^YP@
zl}vV2d$h|pMlt9Q+~HG<%2FF9$GrL)8rF11q3#x3OyXb`H;R#KfSU5mYoV`)CQIZb
zQP>s=I9`^OoDKIw?bR>0d9=Lz;Ry%(u3K-fty??f&UPCi#+MD{8kl`G=4*9!CrPk6
zoGpFPt#W*DGj-Bpz0w_XURqAMXJwLvi&(mNqMwIB@%Kc^Pg*jmHffvZyincMk#67L
zRFq*UUv^O{XkK3l{S6(6yU)<*s!#Op+f%P%pV*iZyY_Ql6MmnS;aHw+$&oWq_4WN5
zR9<d1<CxTsN78!e$4)S@!mQ}L9A(JDC>WmmrG!~M)wN{q1uiE)N7vLz+vP%dO>+TU
zjbH>Wx-`OQEni7$XbYua00c2_R~VrV3W4d6Iojp`vR4X@9d-u_WFS>GB2!pjRZuzX
z&j|K7Rp-iaaaIhq)kbi!BnF%^K4KLb_b2#G>pLrQcD><}9TQcmV47;$!53W9*u>cN
zpBI7U19msngYs<%xg4lrj$<`6`cR3h2sm|9ZocChzH0*V-hk}m3L5>MN7FKX3~{r)
zs>8<dW<WL#^f<2l$sIq}a)^R1Xq?BrpOltF`0(mMC-uA_4-6S@<RQR1#5(FQ@VY$S
zgmpOAQu`l*>$|Q3fcZLAXwe8T?c4Xi=-l^f@7tSV@HUgG<q3cWwv4cHlzZ;nk&gCF
z1OD&+`4{H?@<66&{_Hkg_t6)>^VZb{zxo>Lh0H-(cb-|jd;jGwb!1_;TGYd;{J`*P
zp9nTs*d*eoK7$zK;$<JBSrx?#Vfc?zRn)*AK!b)^091ZKS}or49lL(&R>gK_>OPry
z6Dd)c_LGsCI(Z9uZg&SRdBdQ-xq43rt+_R39K1NGOQT(K{h_GuyA6t-G*yoEzWev@
zY4kB)fG0`Nn7?KrQuTJhOoOe_cR2o1C&3<m&5wrEfLJd(gXZDywsh=U;vs$~_Nj5a
zRpCt>W2Yq8O)9lzcTSkrL`x78t3}rjg|TBE8eP^dtSx8SN6OiqE#E5jW&x*-g0&YD
z6M%-|ex=q^rFSZFEqR#YQ%II{Hn;sR*%_mXxo&8<4?FNM%TtgpE%&@;TfohIqE{L_
z4zSu|k=IT@!Y>3t7zn+_TY}vPS=+f}u&+nbwMRW68r<!?MV+QF&*l4WW1SWI6y?^m
ztL6p$L+w){+j3H)FZVE`IW1$}6>SoE(|}|Ajgk2hS)T2xDK>wV{_g_}eRHIvnWlOY
zp-ww;QI{Ai-ROXY^}Zv9TKlD{yCFsP-1CeA-(<uedK&B?L!;`F9!R?CT2*O+W+le=
z6*@Ne^mIcqDi0w|yY~ZJV}E2z`4WS8%<l3{|7p<PZWtpvoP5t6SR1E*2IL`*Evjc9
zpD+iu0?w@<Y)+kuODHJ|U8jOm3N%?t^DFU3#S;cA6ZBYoUk15A>>GPeQB}ocvU4XA
zNRJn|{gtp|I;T5p4(?U-^s*<e5o6aLG}+@WqVJs3Oirs78hjkmFr>s-AsbDKUHnrV
z5%2v!Z71HVNPE7D*08f6e?W>84oItEh1=iqeREy=iC6T^_!-M}P+0lTKk<F?%zDzg
zTNlh;%G^KFnz0q7_xtQ{X7-&VpFO_)%>Ku#ZDJ|U4GFeUpQt9@!}TJ!?+s(@X<Yp%
z4xKD{qfUEWBxdFOm?a9Wk&5wu9II=Q`;l){YAruAUaGdd=fh$qz}Vn{(3eve+G7%R
z=!&l8U)aG}$fTN-k>CGF%lA|$#=nknx1WMK4PAa(E$moy=aLH5(FDO^N+EI`b@Gpk
zPnm3!8)~iG`=%nRB7ebAsziEdkzV*!UHZv2bi7UM;?qefK1-z@8gkniUVi_dzr_S)
z$)Aag?&@_4NrflpaA+8^K5DMLbmGJ+J!R^^oN>0Q@^Lw;T-{Q7#oU;aDD>q0EM?&2
zglPLh#AC51J0?GjaOY}P0clm-wk+-9TowQ{j}2oE_;bKdJAXhS)e0aRzYXD{nq9j`
zaV!QS@Zz{B(F4L?Tctl8K}AVhRFfu?<%@nzP}zr|Ci)-qJk`y1q@@`^Nqc)n-Lcd|
zYq=8Tkh4&Z_YU&ts3^>zt5g-ts{JPW=+H6)-<RyXk$L^{>ux)~uPY8Se{=FB^tYR#
zVGP0E>Nu=jG_{NREN5Fe4oBp=EzjU5qX9xUD67(PrFe|<@x5S>Y{Ra(Ia5_>sthw-
zem;wlrOZsEqt3s`AYr8qK7Nl<a1m%(JKrZKy}zrfM7F-Bv$^391J6mN2!Q+q$Vy@Y
z$I!+^?sZItN?wlhg`r`w=8ep-aAHDa@JQptKo8w@&knF?clOi~q<|<2#!9EtW?Nqd
zy10!Y_bL?e6153^*M$K|>8H{0iN2f~hLUY9QM)le>P+uCFliSr&^l53Q;QQ~8JxGk
zz1`HRZT2mM^y;&V_kC%Y7|i94A>+rpB=yqx1a^~)Ufa27Dt)iM-1hh=AMq;XJqQJJ
zCzt~m6)zz+{3?q`C_zrD@#N(KOzQ;SMEa2?_nXp7TV~b7<yuX<rrf50$>|%w09Iex
ztA66rNB<<mMy4CRMhch_66Pq93g48Cj-^_>7#5fx%j6nA#|6<N8$I82mIhZ>LfqFH
zwcGg=q6|F9T5n085wW^-`(5q&ro-A&tG@FLw*eWCJQCCnef)(NySRdc<0Q?fs<9J%
z-yfW_w2PQuY{E9E)ZP17rA7-Wq(F@_%?Sk@znW*ZsBx1F=D?cbdTvl~Qhg%gF7~Z}
zIe|L(mVN4~uKS=$D__)oDV*;EKas~luknDKx?l5?J#6_tu5t%<0nw-2<cR06Zr_*M
z(7P+hqEReDUt$Mm!>-I~b+Hrwf??G4meR{?N=4Er-0~67n5%qVbExCzABI-j+pN>$
zzf-GG^|yw#l%mIC-g?t}B40An?}4E2+Ppj(s(vxth;y-~YO5<%(yv78iuZa30;SI3
z8eqjK<Ku(yK_LpdFR3aSpe+d~E|O}d;GEC-#-WN#=&gW^VqbM3ijJ#Q)~I@#P3)q}
zM&<7s8KwR{A;M(qNfNQmBY(^~i9mC{u29t=UFC3%l8am|5%_i3^wE^Tn`RWC;d}6H
zzA^JwwCvgVMA%x$gi_65uy#t-78W@5;#FpJNnm6`g5Z2~gVA`R1G&!63hVWEpGQZl
zEaNgIf(!ewY^NYdLr8we8)t!>^TUuQOg4HJL?=SCJ(lrKTq53g9dC~B#II<8&Hp~9
zK~b%jh#4pB-sC5*yZG0L4dF_(JmIDY@m0u9`=U@Iu70r*a=ve?7vm08(HQY&x2i3k
zF%2e;v&~W8bP!GoHD1t64V@Iln#7hnU7s#r@_DzOpv>F!Iz4&)haWxX{HvZ~vnNt~
zcPqnl!{cY0d+*pk(53C~-`-~B8~y|0s#VYhf6ouV_2K|K7unqV@qzBBX!9Pmv~p9}
zV$ZMQ%?5|=-2Bb2g|(FjRR6U?oIodZ-`({mVh!_~nE!=1x36Y_4MzC$#D1HOu;q(X
zJ@;0ZXH5V9P-Wfzl+{HS{5FNSg5^lW%X5CAAO*V3!P?+(_VmX8Fk_R*_{yC<IK!*T
zP5n=Q$?FZt{w?6--rSrEmn(A6o!X0)PXx2wg<(ju=A#P;`x4jN>itvXN=sh;^()ai
z{NxCyowQD;C)dl{H8y-N=uGBZXS2ylaI3hpO*X$d@C32$6nDold3~&4km0@E?qV$_
z(j)tQMuE*0jyosHwB%uyFUPI{_N9@IYZ!;NbO?EDb*#o#jm|JDekfW$$wn2`QGcmj
zE5F^3-o8DAWX!?sq^mFlIw>0OE=Gn0r!WPfZK`0YwAFO>H1lkP+c?sJG~S^<v3yU>
zzW<?al2R|bn8QUAeHn2dQq0Y6wU;7UL2m4faFHR^#U_T*IrG)?1RrklXN>HJ6XF!A
zA`dTVSN22ShV+vM$#r1S;$FbG)~0ALDF+=PfeELL3Ew_A(34h&dQ_vt$-Ih672R27
zr+rK&@}pZlaxL^UdTQiPs<~<$YRvIQ+;!1rsMc#}Nw?b4&4_;dB*9i81!A@P1_fDz
zx^R%bq-<kVp<ibUY*tODK=vU*qHWG=O;4&LSF4(;A7L7ByOx})o=R;OC#&;C>jIh0
zeC{P1eUFMiw<7Dr8pIO4^hi_?K*#z?&VFiLhD%;9*bw=>+Y>aZkfT3)*5ch0rhs<_
zoNB_puY=v%!ze5Ib%Af%+c=Tf#Arr*H2e#jVEHDy#4Eb3--}kw@O|^#ACF&n1neh$
zo;Ey(@5DB?F8c+@m0S5^v599HbD|v;Ax>yi%B`NXE9D;Tm6<d~DC6_GvIMsMuF1~k
zfOda<d+BlvXI0Ov+GBa!-<m8}{5KCk$BTQy5?NyoO?PUFBu{J9^p$^|R#4?tmpf1X
zBZ3$2q0?Q}t&?gR?Q^ks%=Yf0DK%lD!MM9Qk%!w^r<VWKC2_p$K0*1CtZhC^OJR~j
zKIvg{yB-Nb(h20IC6|cf&h`n@szQ^E>`pE0&v&Jyn{HOa_&v4T=xOzMsXEnuG{uf~
zIU%yzBrabpPY@Tt9swq%BqF9=Z&!FZF#%6g(^N@1wF?o!+c2@2FMRRJm1&^n59^f;
zSEvy6{Tn{fw~3wRfo-vyQJ+A(*+ttQHug0kDe@|{OtZnu1ODsJE90ddfM0eqUR~nI
z02vFtgkuxk6yI6Sbu&f9@e&X~7*B`X>}RzyS9x2DU>>d>GNtDg!PHi{nH=(W2R~AJ
z`<S=vhleNk^70LyXm9Q~d3g~91Q~_-6S{1-Ke13ABIe*(KD#Es6+e?($xmhvtWOY<
zgPG<H6MCGOetRkcWlYV!Ya_@Zgr<zls$7;QL^izNb98CK{eNN3bW5ZG$DV$zmmWwi
z<BP^EHpHMNlrfkB=GuFI)?p$qz2lJ`nuvTKsP1!n3!+$jzjW#Y9M-QYV+m}pnp2HF
zkXj2puWunVXV!y>^L!w!*}A`nR*GQH?9{Yg8fMwZ>eSr<G@yYTH_vv@5cai^uv9P{
zb#*<$o>FVMEAO;xQIA(uYVm0D22ejpyTJF!tyC=}#73Y7B-XyJ03e)(2DWsh^1l<Q
z>aYe~Rh63{b|Ktot?OA+a_IuN;LDtz%lM-5A8pu#jIn4kn8>tL){8OLH+z06ov10^
zt?TDoU0;Yqo!j(2g_+UcvVD)4bm~g|Z<Fdp6{%3|nUmavIaIWCGH-C?)SNW!s`L>}
zxjUOWd-8<c&pkR<??G_hirD(7nh=S8T+i0(S5STB238I#kvo2tg7KbUMWTN<@J(@Q
zz!-?qx^9c6Of~Ye%pHE=8a+L{^VFr-odm6NU1z&ynzyx|Z+hST6HRYhG%W9DuKH7u
z!}sz0lE8DXa&_1tU#DvcBC*&b<of6XW$xWiEEBr(!>n%TrKfz|-}AZ4Pb#D><$JBQ
zx;!VdEO{zfF{~+Gr83<?sY`E2jvx|NFr@5%Y*^P`sc`3<k8aUw!g*?vk#?S$AS$MZ
z0S7(&(DC6VQA8%6sbWfH#Y}E+8IPD8aZwLMLTdu`S<1}_b&KoFNj~^+jZu9OaR&4F
z1fP=%ItF>+mOAZ#Ap1L-a%y}E3J9n+)05R-iDRU}FQM4=XmF$jWy~6IoHj|}hdRA%
zv=L+Bzt6n^f0SXPFG|3Gq$7UT?o_+J+G9$+@x95p#IP}6<Va?yyo@x8y)h05YK4b|
z%)xo|k-liuf$2<<$Ssf-D(Qq>$xq-`|FL6IflS-{QXha;UgI(QuMbTMtx9~D<BKA*
zi9xhxNadTrWoA=sU7u2wcvCm{Nfe<%O>ap}R%=Usy#;2F+qsc4Q@+sfnWl`KiI#oW
z0Zxbg{CKAdwc7sdOAH>jiKEA0LfE_bHr-a&0k;V>BfPX40^_fIVc*i)1oreo`I6_q
zQO=K=NK+mSM+Tb|uvR@Yf<Jk5Tgy1t;>_m;VW0J04$Bk1-N5Jc`%bA*5%b#i$8?)m
z7u!5wiSzOQjMd}LIRt;yf=PKB(I+QdZe_9dCG>m)i4}VDc|Yv9D0mL4=9;}Uh(mMt
z^luf7nOf=XtwG$EDoPytAHDrC16(&hggH`avG+Kug~C4X85OzY%UEo%+|ED4#>T@7
z)Z+JnGv`4||6yFB%LJ;WB1trlo0w7CU-X9f$&LXu?a3VtQ<};2fRnFOiq1XYco&@;
z_QYH?k?~_F;6L)*uRpX3s8h*gv?D-@r_FfB_f6`+>VVVbsBvgx<<5>aPpVql)~+jV
z7&QmP(xEV4jr=iqcHnTvk5FCA6Mjl*+RAiePTY5zRL&l=wOMNq>sotJdvyA=;Oz;q
zCY+<%s{}#5#(8MlEl+HvM%{XC*qqc4Z53Lb)>L7qh3uUlX{FyYeNdGct5D5-tbCMZ
z%L{x%cct(Y(xZ3pjo6U-C-d1fiowdR+w5I_azZ`reC1PTFo1D*I@=7L%V4GLd!*8O
z1s0?~ke1*`<HB0k;i}RxJMys$9_^b_Cd-+vOHNH4DQoZNhnEX^1-`i>Raebv&E4~`
z>-tlhQl^~CE8F*Psx34Dy<CUE5hFMpK?ncipB~D5n+V1|PhMhy+-BZ?)4Kmsu+_Zg
z{|N1NWW$|@V?bJ?l4(yS#^y<`5g%+Re%5fdt~amu*OQAL_ow)v=77YOu>JvW?&wWQ
zgi8FUa=Vwh`*KDIlkdi<-7IbIP);AOlb+7v6<EEWEqA(M&pW2<j>M_EtM{glOBkvs
zQia&pB>ll9zGpnPejUoVnDV>(MiupFw62iEgm?9*Ow<hF?JKL~OgPPvbYIsHy-C-0
zLF`FBzmgRztd+QoiU#h9uq_(<wjr_K|5bD*ZcSZV8_$GE7()i8f`*Vl49H|?MX+X6
z!ejy`A_~eV5WH3fDT>t)0)#{nkjXe5Vu^<^SWqgaaEoXZP!xpFqIg9FOHrv(@wUCi
ze&_oa_Otf0_Fn6Ke=qmNfXq8cCdcOx+Z>WJ{RUdV--!oHHCsjvXwQuit=3sXO8-0W
zDw&%2OaT2rSncogpXPj1Zb0=OBT4n@)cV$9dU-bmyMI!3wmsxF&#6){8mM2NaS$q<
z**sRBL!TWzR^!w?na^oS9YUn<s$>nAoE@cjj~lCmZKnejC!5Zap!sj}q`+XM2tqv=
zIN)$H=0ld9(3-i|TqjBB#RCIeLDrmxl{~J1mqdhw9heC67KC6Ei<#oO%2V}(;N2(z
z32J3UNe>49%HZvAv=$Yis*8-v4(Iq<(j|;eyxwnFOG_@!HCxtky&5o_;C6~5@x>I;
zWO|Um@+hk|Ike6{jW*IF<G#>QUlgapr`#Uy^ld}(Ze7w_uVTQ2`LF+6g|gQ|XtA6u
zByxz0hS`Mf9z&Ab`4IOcT(3cmckgXeqnwvuAlYSBW5}k@fm<`SP~%uGK)i(RXRW6@
z8TdHxmBH^&A?Yy5vFE<GQu$cr)Ue^HWe4(s)f9;=)}eiEMx_0YSY<dv{o?%Oz@Woy
znJsLPjx?myu=8|kt2Nn%#%q8-<8<b$#Wu||e<vF8%`}5k6)(2i)=UZDHj*0zoq_?(
z@(<L|D2hM!aYDYq^Jv>S>ZY|nBsvnSW8p$CIxDZVY{a<|SYkY)|4@tC>Txp(@tY&3
zq~P8jFqk;nqR~7#S?cplYUM6n_1u&vu+uUlei|VZ7Ob!?-?T9aG(tFHj{lC8*|E&`
z#4UmumoVasj|al(>S_C(`xGu!Z`@WmMfR?v0~_WPib&g?oMSLosl<z|TYG;)5I;ur
zn%UFA-QP!v#2-hU1h4uW)zNE4XvJhqc^6`{ZFCvh%SLBZ?rau@oH_tG*`hKX-TNDi
zNb2Vh_<56^fYbNYUuh`r+4=lkq@+-Be}ms#i#rW&b`BZ73s>@lZz_sC@kd!ugrkJ*
z>*0a~2&9T6P04p}At}1{hJc36KoPi&{)0W}W)zJ?bVohA`-E0b6Z#JB_xQIjytpu7
z%`=8_8bTfUUU18_Lqn^a(BWk8jA>nWAA3$?)t^n>`tAWwZqu){{pEwM(&{$ssi~$3
zKxI{#ZDiHm7vv*??MEa$&h;i`rqbs*gJRYB1+gXi<yX)^8Szt?N1q^8t7IBVeAg{j
zR5)~x@<R_cVXc!Nk+C_UwLtFv4*-55SKOcW_vlCb1k+Y<-)zmdhha)~$p7GBjaOuD
zl7UJ$K{}94b+{q$VTJ6`l~JmE7NAI&VqaMB9(H7s1ol&Eq;F9-?8*tV<)i{JwS<RY
z<zB+}lz!UG{6jbfAl$uT8lU7U9XnK12qB*kpqbNB3<Q1B@|-$e4A$XM3m&R1_HFBw
zQxlPHH#LclX!i~!R3vy*phko`FUTL=uW=j;xw#_t2<JJKc$L8w82MBs=6m$ON)mh)
zO>8>;TiiCjWqBVVvh@zsxt4n;n3?n@c@&@R-?BQf>r~P@!1mVwhBY&FMsetdNk|V{
zdyYYJJ-<=n=<sNUEP#rX0HcI3W44YF)i}Z6<mG&Tja@PGER0RXXS29gWz5U>E5kiq
zd1`q;E#(ykXJO4<gE_=SZg`S?1tT%-&Y#iQ5!Sn7ZX6z_M2p`j!?6ct==!BTOWC(2
zLK1>w{Qx2e#<(`S8-#IWRFEWKZOR5=jtG0bUnlq3GoD6pbc0&s#XQ%2JB8bAwmb42
z9s(l5XWe4%y&C2lw9@}iCcRI*&32$nva=Zpt8xSD13&7h=zD5BZ!QN(CJQ<l7a(0}
zzt*KmwR&r+O&z*5ij0~(BcO%sZs0r8#^;p$P&F$NktTYJ@;mHE{0Ff-%5Y$22{A>*
z4t(VK?}!X*Z-LGMx!g^TDSlMJ`9@$!0tlmPlcU_DGogq*6Pl9ih+7y~ax9^B9-rnh
zKX#L`xg&VJN9WN}GG^7YlnCYxk*}I}>nahx<VaV-ytPGP9VXd)mVClZ;{UZTN*!Od
z?Rb|wu+v(X%of@m-XIJ@+)ng_cA=*+yfRX{V6t<=|CqL{GWP;Lw$Do6fw|aQi{k93
zC@R$ZjP^OMpB7S_Ru#Tp`8O7rje7jQ4pgaf+RvFV&INNLBf|b@pT`PIVpB3bpxcfT
ziA;7MuI+Ddd%{aralcY%RHB2g#|W5Bh;S!D>a5<^_Fv-W09-0e`=Itcj9y<3RM(Cx
zG|FC6Ee&U%9*5dBt|O^YX)dQNE?DKXVs;OCxyIkr6TN$u()}MWbc?h!t1Sz$K*3B|
zW&#-o(>_+yd7hc-ueo<{;zf~9p}YL0tsY#bq0NToK*G+DiUpnDgxgtw=ai#U2M1<q
zihUU2jir}P)dF;L6Q2U7h&O(HA7i?6<qf#8{tsqX&GYx1r7c;wB-~}1_aa#Q#y+|i
zFuQIXb_({adEwvxK;5h(WT!j0jZpaH`k4xvBfjZtgD={v>>Si{H5m|L1O47bp>{Qu
zA7aTI^G2*gx>oBpn}S6wSyJHW2yBzd%k#JNWO^PK!Sk5|ctK~*U^P1mZrz|BYU~@;
zK4d<);j-Dd>!+NSP!de^3Y*h5j?cR+XzPVbes|T2DHrYrj1hAVWGrUG<Ns;y;lt-8
z4Tf~<Z0m)IS?$Q|Wbiq$x$gf{^Co|7o*kVYR89u;iWWZMTTY$2olfcqrQ!P(xJvJz
zf+IfPa;@~`H&V!_TfbOi8sF)U^OTxnYr`Mb1SZVBT6`_4Scy8=VK{qgXMVL{5CkTY
zqK+8c9)Db|LbfnC&Y>jX&Q|zm-B|}VuAUKNu6J2g9n7@&U+O9a>$?cPcp5>w{_x}?
z$)^pGv0^!vvpGi1aM|^zH?HZ4ci?qZXzjLQIt!p2k_KgZn-higslN+ig8r(Zhd&D2
zEnQj`ghY#UH!W{vy+0hztqV(yJNhhPx9&(H!EO&-m=i0MfVo*Zr%Dc1$XRrUv*GS8
zR;3;mav1+0@+otLtkNg9KZbD@AWOJ?Zyg6>OAK=VXJRCBsF{F~FCbs*beHIyo_p%d
zj^i@*fydC9BHhuJ+yv)uK~Vmg{j34;<!-=eG=fhC<rWN<+C&kq`L6(39&oBE-u+aJ
zRR-HXUgC8_k$Dxd6=1|k*<jmKg>UPnwU%9^Gjc0$(4!{Hfa#96iOVAk64HlwkA>EC
z`B<3G9s^Yf(AW0Nwvi=EiXWS+v9yB{=~Kd5;jnvRhA<8|v;7<|Frs@UihN<cNt_G2
z>x5V{IgaDFG0GYBU5mkbtD-bu^SA=)dMK+x`Y)TM+q-)y6XNJ9bw}2+;7O$&BM$h%
z`k;N#wz%(AYPX+T!Q2BE2(}BdlbXAR4tenx0_36JBA&%^L>9GUd)<IF36kx4m8>M?
zSZuuE)oC60u@e|=2$0%Ib73H;h%s_FZA*i3mjw1NfvHs|{ur|n?-&8r#DRZ;sQ2&0
z<^qcgX2kP$!sYsc8L1F#m*o4cQaC-o4B6oQ9?hzP520kY=3_-VudbV(OfA|Y!c*-v
zXOLNIP6)$0I7^@0ZP3NHhZrzBLl4AN%$-vyU(e`T2A|JdFDZv*tfIDMNqWfnk(9yW
zjrQsACAbeHhMaz*lf5f!J61Q&i=YM<hLtp=VWo%DpGI4vYrb(kYi|*D1Cy8_s(<gm
zj|^+S>Aq;)RalGM?)szIkz4(m46Nhcu2EgB_Q`G^MdnS*Un~t*R7%)?g6P<TVSYJT
zye38u?M?wHTmtN!MQ49%^+rjtU;J2u9GYF=#2dS?dBfn_9UnNsB={aAqJ4UwA?C93
z?O#zBTNcyJf9MwGoQ}izdH)k*n5BB0?R>eK2o8Vjk}tnfn?iJuhbe-(wfPNHPDRHH
zv}wEbG7ZbM_c0{$@!JcjmIn>F-J`s3q*Z$_hGTO+ZQRd-ksmiK$VGcb;G-9=;g+)v
ztP)rDPUNub_-t7vr!6<0aOMdfSizUQX35GUrU2WhhYRjQv(vyn@m!JIlZVYAU(uqg
z!@5|(p$d7Vk+77EGnRWP`Njl3<Tfn@@^(x><%bIOs+N8UyEZpNi2S7tY6eC<?-~}V
zzS)~0qpPM12yXygJfY<QBZ$o~D&X{7>Ky9WCTd8z5PIWmkMAYr!@NEgnJ{%`r?Vsc
zKy<?|!`e=@zOI-NC4TO*b5OOkW8DNb<>5+~I@q8H?%Tuy{Xu2@yufhP<x2xDmwtR0
zNnaxzHO9EpB?w~VqaZtRH9Aa)-15AgOsKaXvKD2Q7&5OG=~Xswb@I7fF0!mk176%m
z=56zrmG?v*BU^(}g%WARjxe2EG%4mYt_}=l#;-7CTU%<y^8rHyN}eF5c^t6B*)21v
zKIEAAMG%W#!C}t*P2m6PrthvpJlZ$GYMvKRb6nv7lgkuDz1ZrKbY)f%nqx-v=Ojub
zKSP+?7_3Kw3A0&E`<0rvEMYktm<g6(`YSD;3QTOHUo%r8W5$>zk!B3NSBkJXCboz!
zC7Y&(2QOYRBf(nrDZBi!?N=P$u_U-7%%(%$zJJ@Nq*;9q6@PtVEerQ(P+vmb*zl!H
zR<ls?bWXFFFn`s=kta%M`C{v`)j)ffFT*Yiq+DE}jT!Y@kg7`yJ#y&U?eq9A@Z>KF
z?a`+3Swjo)C$XsT3I&5W`v<MeI#G-YX#*=0M-j<ElCX3hdTN3w6XOo-nuIW<2T)5D
zJBWvYNrh)B4CN5oiNl1vr3kBM;o#A~$@Wh#EvYu{xJ91b%xIz!RS6ea1cd6EQFbbA
zV)WLDF)n6Ud)eV^6vFC#EH9Rma$+os@WcBkF`T4!nR~H`jkx(qomqpWOMS6g8TASo
zcI>_ruQ-<+ixrOpW>wO?I8H`rqfQxI7lcZGn@>pj{inb5?S8mY^fZ&+#mZjhY+V31
zk-1J5i2j#z3j0~@`tR1kY0a1_LSXA@HbJq&f_wrv0yQF@lg-c$mthP3l<>CkTX4|*
zTsZ9{Or-xV6#iM=rk-9FI)8GlZ4$Cl_G#;+ul5hBtS&M~->#z&h$$*rXuXlSZasNM
z4@T4wO5`E!Ld#2HF5~<Zt-oqIR+9R?ft9lWI?9)I9>L1V5;0pxg*W9bt#%3-Blj>{
z?W^86oCUhv)>nL3)@e7K5wPE~b?fW3Ejsq5sGuy4Rxr+O9|tz@f${ArdN5jbR1tBB
z5!4<WLdhR3SdChiuytAMZ3>LC1>3q<!3mh&I$<u->NW5>j*SeWM6ph4zY<K!6bM*6
z_OdF&XsqKRge1u}es>V-{8NW7qG-LF0=0D=|1B@UL*w$F^<9^J1Msq<tN8;)H7;0K
zH`a7+-V{{dIT-eR3pBdH(|9E<A<t&7;dM}3ZdO;#wUn0)>tgyepWWN^GFRW3svmrm
W=YB)El>R~aZ;{8b!rw0cGxdLk<I5!g

diff --git a/php/public/img/jenna-kim-the-globe-dark.webp b/php/public/img/jenna-kim-the-globe-dark.webp
new file mode 100644
index 0000000000000000000000000000000000000000..bd3b0dafa2cda761110a7f8e1827f57d94b14bf3
GIT binary patch
literal 180762
zcmeFYbx<Ykl0JyLyEpFc?#=-k_r@I>x^ZaS-Q5~@hsNC<8h3Yhhdup$GqZam?wyJG
zZN%>UF%fl6RTOn9voiC|=gG`MSw>P4tp^N5Lqhbk`e$xUI1msJ6yWCr3B(QtL<I0z
z+6w^$1k|2<*m-94BkPN=IFz|ZqC*@nDJAik)N@wwx9APBkE>7r1GWvqjqCs4_1LI7
zj{10v{ui4f1m*jV(7$h;CQ}*z;=+G*ga0_s6g%eqI{2@*WU98!{}A*K2Z%cVwUzWs
zUHkv_z5lt`JnMgdu742sZzo4lH!lB6=K#fy{&&Uxxt^zw??03Me_Q;YX}072e(=BB
z|61UGE%3h<_#bP5kJB5%|4$*-Gy3b(e}K*ZgaalQx8DB~Z1~SW@}C3QKS~J>{b#uL
zLc98Z&Uy4{zx_MRr3%yicaW=d^y|Om7XRTSCbhQxe+qPepX?;Knv45y(hfzb<bSYZ
zGK%IuMe}xS?0>j!(EB4`|KH9eL-HT|Cu;q_`BSIMdEfuTYsm;i|0H%VMh&+AQOFA!
z`+rS^{!7yGzZd)~3+VIOsSh3qX7B`|Y+r2=;%+R?IcRN|IDGfSPG6{g3tn9P;W4}~
zxG-sRhcLip;)*p|)ImLBO+RAJ$3Jy#)w|{D$SpYF4h5`Bh`%;~flM8tWP;LyAlt(T
z62b+DqACyRt}^&+yX!OxrTKr{^nEA<2z^j>v>d&BGPJ(k_*l<R*%<eJ`p}PBfqnnj
zd6wAHKWWPBEZMwx`GS(w_yJx3{*DaSG5+Dbggv42LZtrs?8!u9{J~Z9>Dm+UG4k<|
zaJArFwefY02l;X1_2cY?@4R(L$mYZNRsU9K#oPBe`{TghyY=H{?&aiN)Wi1U>9p<{
z`nBq{GyCK5z3U_NgY<pljqGLN<YM+h*L%;Cz?<p)<3;I1e`jz$`Az?`&_h<1VAIF5
zr!fCzC$Av4P>1)@Tj%4acc*v!kA-vOF6fUByQ<AkAJ3hy*dGrs`WE_d9}Dj;rJb?f
zpC+p0ywf*>?>?s8azCniI){Z4ZsA|UpP`@Zc$Z~vwLc5Bx|>YGUl0;JJ8W&bM#Jeh
zK6Ux%Q@~+Rf6fsNgu|e^wF`}JTB@_#@_~a^F@Ct%loey0F<P?1qSvf3v%+paX7sc9
z`%>z6li`*;$2ue6&zPP~3x#~CYD7QoL=Vku6M{^J<0<8Y+%m%c+*s^QW8sa<MUIo{
zL-lVtT!tKFI{A!2@}<}!oPSOQyi&z5ra&#`=$cq6n>C^74$V&;1l~^C2q~ZF1;EH2
zm!l91_j30)SkBa4qfD_U!JvFnK{~~k;;xJ)-EIj)uZu`!1quy95rw#9wm0bZhk}0$
z^ee3v2T3TCa5LU}P3`z7=vpmnEf4tg>EY5hNI@xFK1{ym&qM#E69TlYLO1o#j9y76
z2sjillrS%1w;IdoIYOX*Q8jPK&K25?d1<0pf#F#6h_ik0IgCL#pYuNff6K)zYy$e{
z9${-}n3}}GYS9gb2#d4FHMAINc0^LIE04myU=SP!XITdsySG4{3_*Cf?`<xLhf?Dy
z<&9%RL3foUq0Ye(-GZY+@p8xUfA^Q?vlMPeFeTRF?MG8#PN_OB0!`%1!^OUt&gbdx
zAoc=5w=c};SH2JU^VD&ekFk557jb)}L0Er13mk@ikx-$$aWoOX8+bHEINPB~U$&0V
zwuZX0W@6}|E1KOB!AD$6xe$9i05O$dv(|Qp5_l)ma+5>KhHP*A^GyQ4#X$U8I93U+
zdfipH)e~!<j~%2~((lqfpd$psl^1`1woFXlHkOlZk0Rm<YuK@4G3p0eMzh9fRP7C<
z#*;l@_1yGgqtol{6;{w&%@K(zozvzRA+OsP^x!qo53SmKOP+@ExuOBD!J2O{!|0vg
z4jM;%-O@jm7K6HUT@V9kNMBful3jKz*l=#LZN#b|`Kf(P-zBW)kHVn{YieeLPED>Q
z?a9x~oI*YZe@S|I__KTAGc+*;TSDf12Zqca!$0j~9o6`pm8n<gY&+HC^ZMIusc9zq
zK~OkDM&1?4o^qH{EIh(!+_GSuF$?!y8JReYO#*dY&JH^1K1POKzx}q6svdv{0UGgB
z*cbGU!p1jC`nap?S0|ICboaCw^O!Kn{?_AH@$!qqp?alBNJS^YBxukzZ_;-_8yGo!
zDqrI=fiuq2TwbyIv6>sk2d+UE30ACnb8`u5JrRp&AiO4HPJIfi;hGckX-Tk~b*w3*
znVk{rp6*vF3@0xfYX*ZVDFULrb2KNc_%QB8Ki6f2i+%!QUc2#^c2u)c8(4arLO|}P
z6nsdCSB2&xaNnTGnEj<>r6(lYbm(S>2vQ`fR|oL^KXIOSrg@2p@iYn8#1*Fxc1ARg
z%G0pfG-+iKD0C|UKUN(;C8o8JfbFgtuJN9sRI}A}SAo2fXJawK`wCh7IY*Mx6X-5}
zo?kXgb!Ov0hc3<HbJ{*opW5Njx*IDa5ifmyz+{`LyBdsE)XJm+P4?3BAN$$V+~9wx
zTvUxuGE42%?*j>=RP=mo4AUPD9zZXBWX~g>95mPwlB@93FM%P_>AA@BQ5K7Jw?n8d
z<4JE-!oh>t(eY?a$RfRB_j8}q-9A)XFTl8Pkp2gYX!z3&WiUrQpTb{@IJfKv9t@^h
zq&o+;o8!?;348m?!}S#*T#hV0Yp5A(Eg&+%+3YwF4*lf}Lz5O~sgjth{pS>mco{ME
z=V13S_IGoXYGF@+p^x2wi|IBDX_g57O{OZj>R@bX+(8#H<LSxAwl?zvd?c!Y32gR#
zD{G_{;m@T6VAycV+NNd=Uu=Pz1A|Pv!D`+mnn)~5(HpKj3C8*=9E(#tlQ)Rleyy~Z
z6#uNyeF*bJlz*}FP4SYos-PaPT?hUA%k0Id`UzASg0)}|-VL}jxHpt&)Lj4R2WWaj
z{=*ugm9f0eGd{V@-5_Meq!SSnEiZF_Z)iz8CFyD!f<8z^a;$#C%`B^z11i$VSZF$T
zh_H_v(EUIU{hOoe%+tUi;7Yr}AYlG13pH-G@<ttD`c<aW2zR-&s}vCvBw3r}F;3Fh
zf`}w5W|<s^!O%tqzR0+;jyPk?9c4sGq3-rN@eR9NJ=NnejxzNIMU`)`bmMQr&Iwy9
zoi^t$&m<0OGVWKb@T#6KZjod}G5TBN<cBVRgm1F8--T}lXv*n8bX#1Km2;qo{?g&!
zRDrD<(^vYFI%*>{>)ZAJ1{VhQ2e^j_Q57Bg?mbm<8!NgnFyXKJPSWvL-)k%e8_;;y
zg?5^EGY~$h_V-++8qT{U530eZ<{xD*^rd|bX6MuBPI^SmQZ;=82x%*}!#F3x%@Hju
zM%bfVGzZ(=9xpWyhf-`9cBydlwoBK+c+CCfH#?cf;eN_Q_5aY0qzahT?u`GWHCvJF
zD0_kxPMaGp3}Y^HOr?_n$^tbbY0&+b%aTC$5J!DSlN({dqIg;WDtsw7#B$;gSi)}6
zH}`nIwMA!5?R0hDsGAp?N75Gh(ni!LArg>e=T*ZK?E=wp_G}n|S2Hx6g|ps!G-6j+
zkBv@mFvUNx3QXqSGYm@q2AUYuO0BSe!fT9qaW_V>nx&m*b;^O}c%@zKK?f$8=qKoD
z#Bv(Ne%G=Dl;;^B#r`BJ@RX>TK!l~&Ypn}#nY#?Yw`J}xs1#+oJa4)7U*E&h{^<vr
zhkzATV|mO0!Yw&ogHs<$$%UC5VmKaL-x{m~*MgfWmRvPQt?>2n+VSsv3WKtcQUgr(
zG_{n$jG6oqb43c7ywS_3U7sY*NV<`hIX~YcHcDdjEH{Dm#6inBFE`y)$V#}b2~I_5
zl0BDV@F#Cs_5eO-2^vS1*hCE7uBzECK4QP}vXPYX1tQy@PjIdCyWV&c@w;L=<oty6
zUai#sl*oMNc$64Mp(EYCP5$5^cb|J;frKW+zryJRHOc-bq}9~_kObLowYo7aNrp-R
zUZ+oE2!yX-o7;6LvUd%-GJ3<a2W|47yNpnaad{-Z<;$Nsf%PyP+rPm`R%p7%YMe<F
zZ?GCcrE1E;$>yxsYi!4^$&zPj4<jVr#AUD9Ur=Z5lK_G356VGI2Z`$@vf?ceW%5<;
zY0Rl0&9HRjzC3?_BYuw&4k*Ww!1aehz+ncm5R<>C$lu4QKuGi1^saMiP6d)1N~Yj2
z{?gK;VHf0X^F{g_wQ;XS=cZw~H)#YNz0?(u-%C&5LxTkANQqm&lDrT9{Dec*Y{cyx
ze+T!PQw7*Zuu<42OvxFRCoZU~V8LOxT(`UghH3xlSdFJZ^&J7GHE%qd-S$xADLxoE
z?A6X-Occ%T(k!He+`(UzXN`Wbegzm&Ue#mirGEm=5#1=@^~R}ozjxbRj^wb7dv!Vf
zdr681(n!7yqUO-_2Bw#!G|1HlWWl&SeJ-q+wwW4HKRN?j;U&A|QWu=0L8Unc<MQ)<
z8}oNoTnW&0@MBsdLMP@6xvU&BuH-?i<$%|1>o#z<^3BucV}pj;(`pjv$jf;B!DtA1
zURDniXP=xOgl(=sO{@NVMH2xj07;c35&};|o699xOX~IL2Hk3_ERISXH~wV6N;NTs
zIz?4HF(2#giRpR!CNcQg45e(QpZq)V<HmujGo@-I*{)PHVN2$Z)e+-u*0yuQ6oL-4
z<9JtRO&ae$P{Pp?)>cN7mf&+GDN?;rP5>ZAHJn^_ijD=T=g2)xVU!r8CG+88rxKb(
z{Tlk@lo{0OkC}kR6E=?K`eRTrNuYzFS*wK`LQz-l=*4_hy~_y54ow(_h-bECI<SYm
ztt+=0->*2`&RbG^#V(GqvNt~WBBZ5wjEB#gE=+Rljo&zRuOl^`sI@sC8!kDZ?h)+6
zsD%a*FKL8>PJ~yTLo3&t@<DegfqFXSMnh}@<DBxk7wNPZA~O09v-+FwyuHLZesw%r
z8u*(FK6{7`Y~+hju;j3b1#dr7sdaXxvTp@$1!CNONF=2`FPioCR-`p>^D!DL2P86|
zc3JY$dqm}Kf{*_e2Gwmm2W8(%(Y8QlOjaHHoFnmUqu5JXpl~4(Av3%Y!TTKn6BK8F
z8!p9Nb0D^q&Ox|0qa||>$hw~JNb=%=kp33~{A<@8GP<)LhY*8I#P5d!{Bpf?&EV`w
zS}b8V3e*mmI-?IXh;7$NJWq8tB$tVHpQ8!=D!#XD+s~wse!(~~=4u(QS_4PImpf=i
zrS0=mjJmlnGc<slG4p38QyU)Fv<leq&fAq?LfUyrSOy0(=+2-Y()CjajBv6kL7xCP
z6eVep%E|0V>ha&H-RiI1#MJ@lI%1|somnqK=i<EQqr41G5kRAQku~-Hdt<kv(mYfg
z3?<M<AbRINs1n)+WDi12PUZR%tpQ^7`U{^8;p@XNaG5Wd?uO`soi|WhXmCY`$BLMH
z!PLH^P9M9mhFT8Q%|#)ZDqs;*uLZ4BN)u2tWuiU?vNMaS1<ett-M9=tke7rKY3<V+
zLmPTDNPAoTsg(ZmTp^S`p{kmlzj!$c39Z=)SexR~@lZ(%PEe?o6_o<=1@nlmZYWwY
zC3x*VS#kg3_%}KGKARRQ&@Tu0MGFlR&i-Z-KS!tIJ$LU2reS|lE}V*I0TRUcC031r
z>;Wzb$HibCx^R%CmI1@!hp(H*>FJnGTW6osY;UJYcLhbNS{-ANo5v#*(qCcK#q0tM
z{Ub9VYa}aJYl@+D=WGWE59iMXroDc<Z!OX5&iYk1MhBU*<bV&>LpUL+x>0QCB7Cv>
zIPeocZR{FFCk7ywh#UHK*bO2YQyYU=LHF>q)Tj^o_0&hY^tUvqnB6!3;0=fw|9KFp
z1wDW%=p6@OqYa-`wYMo|>|1$DKI}%=&}MIv=uX`qd;#(~;BN2Vzp7KZO9EZw1=4Y(
z2qCn1tpiJLwzFy49zd5wxvU!n<_Ht-lG3;@i8bm+2~LysozNoml2wQTz=2sgC3+=4
z5Fj>r{~&b>tRhL8BOA-;K10;*lPst-ISHw@2^~Dm+N%*rxumO`u_+n|A~>G1uUo)a
zAM;5)#E4FH<Y6(D;rxXI^gzDC&D#wvu7D@9FPrK6!xb@6wYduBSFPl>CpSdrRJ?Hs
zv=v<)1W67+$jRPtS&WjoWc;M62oP~JBG~pmN6&oTa@8E-4FF#^o$amNg%E8~S2!GK
zPAwEC)-WTc+6p#RI6MODY?aHW2J>AucT*2zE8!$wW?X?COTGDH7iR}Ra_C=0EC+8s
zbPPE`xv>!5VtgDSt9ZHXYQFjC#isq4-Mh__xfw=d>n%4Wo!E~FU3%|YoVNk$`7F}p
zAO34jw*&j)q;S9lgmO|6yOkzZyWJdRQhwoQ+1+z24sNNSP?&D!%}Tfs&BFc^IcE90
z7gt#0UL{9VqD6czSD>mbK3`Y*XOEa90%kD%n=4}`UoklJpJqVxzM8FegQZ|yVUCcy
zo<hcA>+VwArmwg_qT;V4!bAm!xsthKuAcQqr<5_VDOwjjfIt%;BM>#DPH@*9sUA!h
z5U05SOo)?W!D%CAXRg&2&Rt6?G(IR{m?x}lOHQ!KX5J<bWh(xS^U#t?Bqub6d#}88
zvT=d$tr+{L6<k7vfV4qi=J^9BgcLN*9uF6<dgd_UuHNI7-&vDQOrViysa_NU;nTp@
zLgE-+yP6{lPD(9WjG&gBT?J}B8?K29$cL-}&7AKEEYn^qi0lhd&ifUAbAqiH%}ABN
zg>k(QF-p>Pnjt*MmCS@Hu%4J43lw!~4+$e*S!{f1nP7@UY4W4jJS|7)_(C~)3#{S;
z8M%N}d4?HL+Dfy9ro4-3^U3Dq`5Y=m3R|I=q@JkY8a#V8mVd}m=FX!(BtwLsWpy9i
zX)D1=nQsXAr>}NF)k8;H96eGSpsUn?jZzlx7Q&iY+)MffJ!hN&Mtyk1`Js)`CB+NP
zp!K$)6c?oq;<N2xNz($Dvb?<6i*IzZe`6RLXb?WW*+dF>3QGTy4afF}RBRB|I_t%{
z+7ho1Z1C4*B|^f~FNK7AYXu`zLJyx?@=KYWt?wK}a9UE)qm!*^Ft4>JtFpen<g?xq
zIKk(DKKuGTh?;Ko0;EMm!2<z#oGiailU0zP-u*&cz56e1CpPsq0w}+mngs}5O8+8|
zTCBb0V>CsRPlp~-GOOBR5aLc<jj&;0A98KY?t?X_Zv4j3)Z<d0Q&&i`X&B$))dfPV
zef@Azt(|QAaCQ>3&x5HSo_J#BcER(u<lB|xDnkXZyPypn)LXP*Mi%+Od`234hPufI
z3{%oVZI0Swa!;q(0YYkuEM$UX!<Fo{q_o;D<IkCJ5pSe*?3U#vA@mDU04FKR?hBrG
zsKJZ6*lIB3;fB758wkr@_`L9?Cs6Qt;TNCC+931};){*01gVU2pgZN>6};74q=CGk
z;^>N8xN?Dtm<T@NO_5St2f6F_Z(em1X$6W67eDPa0B(!om>xY^_3CXZtB44Ooj3iW
z`w(3DgkgG(>U0=}H<Q@h3<KP}wuK;sUy6H+EXTy}r~(~ba`luib<|MO2+sM*Sm@po
zUJ3Xa!7A6v%Dcl)T|~7`yFO!vI5aw~+##0yN3-5cz=n&{=lr8T42s{a83r4BK3RnT
zH2`)}eTlZ`aD9*Hv}>$Ot9=D~$~i)m9EFiyaT4&=h#%T%5toTbIk)W3YKd!;NhSCx
zNZTL(5utyF*CR69P5M|}UJ}X5VpX%*^9fvsDkU@Zv&5CKPZTm_jAuu1_|&=3lH&Pj
zaRlzb3LQrjzguUtq*k4o28-|)U@;6&IhKU6o#J9Dq)PwP+kih#jMOQQd%EbXdhg>=
zEyh@CDmluQTS!<ym?)0X`&TZ;rC%jXNm663Av^oM2jG)0a{{%M7Y%G_q+JvA2Pt23
z0R=!2X(Dp1-cR$AvB)0H@VGU)_kh0og8N0bedprQoCnxlStowfFG2GSY4Nnop!h^Z
zCQO48bJ9@)TNiFWnTPuWcgX%GER)WwSbOljx=~I;^UKNK5*oAgVO<x$JXjcK`RFQY
zaQ)Pe9cl?oIJ7_grEA+nYl`5jSH#4s6|cF=^UDc9Fnx$bOHuAvW7Co%g{wOaYq;8Y
zoWM^mkU{`kMn<1xE?N9U@rC{#>M(6xagPHtDZ8C!cfiz~<+rbT-eP-Z;defvn(^d6
z9&^3AwCBJ6tFJO#oHn}^va++zoUW|a8YoIXqPVsYa-J+7Y%wTJ6Ko-vkb}Wa5lQ($
z8^7!WZM&v4<w%4SLbG9~$KLuw>{$Pv7Axv?Q7bn#l9*&d56fP$+yz@o+$vXItwmXW
z0hZvzQ3@=~IoI7+rAAU8mB~*OHfpRpqXOYUe4`^jAe;qhq>YMmAM2zV8QPG>e1hL-
zyfX-wyT+5(PvcbocAoocC)5;SXtv59XL_~*q7JGWiZBUgI2W06ER~Gm<tn8$o?xtS
zZsGgKkHOjJ6nB$Ssjcw^)n9yH52D}@3h#5Dno7C#1lto?0@8JS*T9ej<jJp>BxG4z
zncxYG0@gNJ+payG7U3(W+MzS)g5(!f2NX+!y@s8?8=PneAlsnZJr!qS>I_CxiD3R+
zY$fg$pBDUZj)w?FJnCpU`*}WYK~Y@lygz`18*v3%i>NBrj-CB0{z8ddCh9Hj*l_t5
zy->I-{V($xux{=Oaxl!y#+2)fHk8!)p``>Ax9EGqrKHhDW7gf>*M#zwa#4YkwLOKd
zN<x;A-;FG(xzaR3gGQHPg7$T&E-eHh?)=iOxG8Wmj41;-mcOV!7aYg^=_7cW04Eb2
zk6C%z?v2{p;E-iS*ty2sx`S>mRt#IqOiTK+W^}UzPPoCQ)4YZ5;vyT(H6NeUtHhg3
zA#9?NN*7OeKDLY!jI=1gVJmzl@w-vBBVc&+Suv7<U`c>AmvtNkDo~}I=@hF{!GaWF
zJg$Bd)l!gom8DEJ_DdK|98_$*A*CgyhnY)HJ|e_N^2^&RMrb@`&0zWy1p0771Cj7X
z;S0Al28xIMa4+~554Dw@*xfMPLSBfLt>zFQIb2V$4*j|;nGY~F=PT6td0G-dvxc@7
zcWiJz)}>eVg)|!KTrcrcOUxZDK?+|(=DJxcGaHA2J6S8DE-9;S^W$dXlB<{2LM2-(
z%}`Z3uDtAR2!QYRT;1nYuR9v=+kxxTH&DLHdsaSR3iU6xW5lVk^o|RJR}jpIEqN(6
z)9WX7MRKtTRagpH$v)p&|4wVTlU|(@r#h^^%(UXRag+OS8|9D0ls})6;;cq5y4ji4
zDQ;Tl2#e~Msj0ImkSUoraAE0I+abB<_#g>p7wWu<pihCkw&u8aEzA?hwzZ^!EMTMB
zU{CBG2|cy-8|RAxTgps2t#S?-bOW*m;HNEVARx>@%1XpJ=+9W8mO~JfSoMPa5h9fV
zgMrvE$)DoK2_&I_Y>GRRTanX3`|QaIfjY7C9W$1LT1qD0*CnHJ=JQs^0=o2IL>7{U
zEmUJO)!yMroR)E%owe~q$V1BBV~^I-FR0-(lE#<)-frijy0m%q-Y70C?mlq8#cJQL
zi}C~g>Zg;Cmb!j$2kH`X7G#hBM=&}yf$1bcZrpK31An!4vxA+ty|K!cyu(t_F`8zq
z#JHKddNN0H!bl--L#~n`_U~5e8(NK%4}y<*FAi9cMvaPt9ih!ZKYeUY7rxsR8i#q>
z93C>d))!1a_B^T}jm6Rz+&*J+CzM{H;y)i7_FQS0zVToCp6wCNn<1WjTQJn)WUkhh
zBqSf!?;~<w)2J~w9aCx(>f03^Y&Sjn4D3_QkvEkcW6(uSATz6PejVq*ym1R&ufF8a
zU388aK92sR=OnPDr$U(gkSHNK<f1p9Zj=xe0IjEzzMzT>;(*Vm1GV&n#Rci4Bsj#;
zbWE%=RO@X?CGJq{{t_nLB9Zhx;cIK*b;_@h7>6R#+c0!ve1`}0w)c5*g=yK;^&Lq@
zs~k&~^b%m3dnoTHy(A)A1rONIEA)5<;Sc5<PdAx~Zn(VQjjK+Kyd7n5L|9WKe#Mj8
zr?~1)rCML&AI;{kEhJn}snQz(wu5xdDQJW3J==r5#}k>)JCotjAKuN)d3jXP4DX;#
zYpIEMBj0yyavF|HqSbK{=OjZ)=G)_XolPML3uq2YH6lc@D0^!PpB`QdLBB6Gi=E?{
z?#WZXzSW74-#Hjh$Y+YA$5Y~pjz4|6F&k@%4m#>ZUH;_@ut2Ly$NA07afo23L~yEC
zu%1R(?DtaJlZqO*AOf}l5PD_B1lpyLfO|;=<)qZX+v9m~CQLv?SRunG#96gBXK}^0
zTLtCG;Apk2fQf{8Z#yEP1*O$eF{LQ9kMMwpd|)neY#6f-x24EnU5{`<)fj@rd|+Hf
zDIYG2dM>{B16dlZv)Y4`fwM1HnX(8KS-z`v#CuNQndxky-p2<A$M|i{oUw#<J|&{C
z5YSc{#QvrzoNR)rXCL(GW>x@vwXxkKw#mx!Q)EyeG}Vs5d7VFD&yG0%`!lvVW!;>M
zKus}WSMO^}=G}ctqo}36>pVvF0LDRQTg#|$aZAO7KRsK+@d(lO((fd#HX)X<{6aFC
zhWOv#QoCI-d@t1N+FGHdfz51L$1?fyg<|sxyw+MVB@a#}<SsQec!81V23+~W)u+AO
z4_)>_nFp;_N*L1(I$>Dony5o9vDz^(9sYi07-9SA;&~y@pS!NCImE>x3sF_=Q^5$C
z<{ZdeAR8504yfOfamN~g$>kDfiAalHfYm@u5}VAW(X37{1=dZXmm~v$mbkMi>L_?I
z!R!8`fZTD{vw_LwSSXcA7HPS`EF)ir7&d(J^1~^{2X~{mIs2l};>J_G(+njk1#wa_
zX&Xe0vWp)RxKc@$R7C)umg3*L^w9p4V-RUq_gZ;;Uinr2W1Ki>FJ8kfbVAQHMV_l}
zt}`;A;lU#r{^ECtdnc*Wmx|_81vqU^HByzc*KvC+*m`ue*{9uEr)GMiTcCSgz3Z0V
zK}3083*D<?JORKaCgwc=`N}HEMw-J@2&sv${kzd9XL!ap#(r%Ud|5u7GwkOIrou<~
z+GDcu<>h%N_(nk9%ScM>wEIaZ`S2R^o!2B1CM$7o+H^)sinFHwJe-L?(px+&mczJZ
zeYQeGe@hWha`*hKf}MYc(|yNPbpnU1mcE;0QF}Vo*(vRP<D#GlFEiU*l%;msM!}xI
zgZ|2;yu)P{h*|2;8EGKm?4No+Bk%0@snFB8Q>q#tH`SNlRln%*=F;?*wT_JOo@xu3
zOOA))3HR22mjs&@s-`@PwHzA{0V$>mgF(uD7fjUmW7C<~?2UJeI^_e<sMB(jHaXGn
zeSD|v`Tf@oylz3FqG)9tU{Ez1Yfc$KZc1y=PTP7e(^iDl*6+Y>{#db3%Lk=2S(eB{
z$wJ*}Cq-Jrc~a_{za^*9M<F0pt-)&c>|08g>UT6szG)GX&7nqtq}LgGGH6qU6ZPL#
zkA_S7x()L!4?}a^L4^Bo67|Fv>2(O#M27$r3IBT#ccjs<eUj_O>(_2Jen5fKMiDsN
z6;hXcs-%_*DOxX8JOTzQyX>StI^Ek|>eP2A*PwAZ`%0H^BN)SZ_LcI)bMnlQ6pyfI
zzKoP68&n)3jHIumIY%*G3=n?bK)W-=fA$E2*A)Nw^)2rH<>6{z#NItf(Cq6E$zu(H
zCNB>iG*^R#m<HZElzW(GNUaT++q(8S1iOp8`tK!NA;dHxPQOoo)+m#EdOU@txa(QQ
zf(1Yy^Nu6cT6ozN(VveF88;^@As6$WEFvbWd|N+|lDy9ENyb|_mt`xXeM6PXoY923
zI-*%Pnf`uK_$bALaCoP#%?c56Ml2Ylo-Q7GfTJoLd{$E~6MNXcDEen81<!x|EU$2Q
ztIq3-HC54SUi;grX$O5t^U8kX;L=i%@H-}H9CBEC0gbj=1q&(oHxYs%6g_4Cxk1Ey
ztBUKusiusPXdxoZwCS#%62Wh(N@v&6aKF$n!BN_sIhRzcha+CWe)82WjnFI~>+tFg
z^E=4U?+&;O4N;0#9y{qCYoLU#?)LXuw_~@Qd{snoE)kp~4xAP#KFlbZO3<ZKZJ5yk
zQ4cvD*ykK*>kk8@1N&4HT`Rj^4JLI77v%S-#y+pi*|V%UpY(W1bwHt~E-L})i9KOW
z&?@&Y#*q|YYlDwA8Dz7@W~AN6HX6bQFum3?R2WUJnem8<|0~(sxLS1>0j(G7-GAuw
zx!A*v>E>u8oio6KYwnbF+*-9i%?Z+RdrN#=Ob<)!Cof;X`hZ=eS}d{1D~|dFFY%Zy
zo4tE&03u1tJo~^(PLmwbpD_i@`@;3imjl_QUV(U`F6r$b-!5NXarn>c2a5T{R?4Al
zhz{AL`iVa^v1s=PEAUK1o+K7nP$a7$0rds0BBB@-Bw7X-z#UZrrVJT+6|(7TVFrBa
z7R3HQBj^uOke}4BULuFol{O8|%RZ(a5nol1MpMNw5`pcbzW0O1%R6|@S*RS0kqp=6
zE%A37i||}qCB%DoP4|?@C3T08Jmjx@mkg%vktoX&e<oc?{l6D?2-b}bmcAdo&j$Jh
z5XIn8Tsq+?PU;$kq_z|Q_~g!tGJ*i=1ehVYY-+|-qbcz;BOt(``9*Bd1_ulZtOPeF
z{k>m3+v-a+Ot7hPFLDRCjq342v^J)@EFfNC)IYl7oU6l}XF&z&qyoxupqU&`Sq=GV
z0IG^Y=R>cAc1w7oJ)f-nx==}+?$yc)_r&vSU&{HAOT|LXDbvK|8O{;>2IiD}7zR0*
zR$ja39hI|fUvw_ix003LBWwgu%$5=u-RV^xz-%-L2@u;q+*6LC?=BoPowSiCNJjU%
zX`wy#4mDR<2${hV_wOxH>e_}j4A*mFzERB!`!b<e$)mzCsby7gL|pimaS&07LykG7
zTat{Xp4?kI{J=P>kYjA(y4q)eWRsWLw1n)>`%z%u&*mU<fQ#@^oMlYu{Egp#gAl|I
z0tW6L*38wOkf;kr80`y`{79mE!w3|tnl4*cwYz-<(nvuN;UY=(y`J?Nt7e%HXg-DT
zG?}qhLSZcdwe+~No?Jh;Y#^wzl>u#}-xM>y<5+>e2k+=Ndv?=l<Y>m4ittG|8;0uP
z7DFS_j<IWs>L5n9sEc5GvdZzW0DdmkQmk-MhheORz@$yl1ign6vY7lOi+P0x6{K5C
zh4yZw?5oNZDQtyl@5)cvFmC;?!LDpguyYrZJ!^T$5*Or8PD=q-x)hwtAdp*+KYHJ|
zyUa{Y7`OiTc{RM+hOg>AdKUZ0XY>~**(E0>bG|qcT9Tk8c-kXc05m*0`BG1U7~nge
z$yX9I_*60F;v%DCquTGJc=OA4=O{3uuFU3h3h#^CvH+Fi1pyU=ZX2SM*+;aKea9*A
z=U%!s&LR!E_pke|KBgvs%>;DoRbr%F?$0i`ay@WvbE1Lx1(3-(XHw)k6Oaqqu3>I%
zv6%%1_$;m?YM%6NNRRE@M$_mL*SfcE7)WDLMf8xfV=T|ZA8NiBH7KeR=Q#;)FEWt{
zgv&4hdjfSJZ_CyW9sc#xs&mOC!DPUX5wA3IT6-r4C#`nfGS1`@S$vXY-GE&W;Bn^i
zbp}$|3uzzBK+n8<Ra+gD;ppeRST%=5CWftQAdi*GN9gasFSk*VWs%I=hs=dUcff&%
zN|lY2g?STujq5l2$S)h~3xtRD%Gxebps@6%zki@BAdTjJH4%wOJShqL+Hzl4D!<ot
zMtxcm!X;WhZ>|D8Of0ww6(KIkWwZk9$u=&BzN~5BYi~G>*(ADPjw`Ny_I5K<6w_&A
zPq2um)w{MfU<)8b7i&=-ry%+0Oh)pc4Q<0WnxhY|ZuXV)%1_JGNZIOWI)~bj8;{f{
zGwCu>S|y8zvRi;uT5Dgqs}?7c=*X_(=-R#lF3%eZh6^ksmf(5j4sy!S6Fy~i2Wo9@
z0j9r(JG{rKOr$+Uer+OABV$3ZO~}hou(*fC#tIqEssmY~DWDS-Ry-Y3B_Zit<DK8_
ze-QvoXPN}E6IOa$nSLZ3K0BLAQa+OYmV%o6LF&8YFwB07+18CLU9I7J=s?R>Nd3F^
z9zG%e;e8EO?DsenDXA%EgG2X6fa*h_zdjaYd~)j=(dwD&dokWys_H;S?|OxHor1S>
zMs-_d3-qb}JCTaLqGss)4@@w%g&Oa*h@sISD*BgC#yBeJ_;5)*r=PGjb>uZF)kEIk
z*$-KoyiI2uoN|37e}?<mq=-hJ<EK%9M4F<nYO~;~%xXxL%^y~-s`k~@gxQc!l_a(%
z{dP$}#x9(WUCU=X*qX*&Fw5hml9S@ZaRUT~<sQ+Y6=KyVB)@q~hz~=++QujE@ICY3
zIkaq&TMs(m1F-D0(^w9t-eHbi@D_a-aZdYcTfhCV^te4j=Yu_8@iWG}6yBZ~kYYlJ
zi#^shDM&i`tptPO)p>F(F@P~Z#=nBvGoWGw{$pzVd?o0xe!91EGj3Fti^B&U08IO#
zDs+KE9f7k2pKoy29Ggo(CeYscvQ~2}c@)8!Arev7cGr5WcrGF(ed)iVkhHIU;bW}R
z6BijvXD)Gf?46=mXj$9&epTx{)`_a}Bk!}^0G~^M_*@>RrqWUbqO*7H4%eBG58DJw
z*NP8<ji(FUGUpgxo$(Ka_Q+U(-T)3L3JJ3u8^mE1cy8sdLjAe%gZKcrZ2u2;mX8f!
zmIcmWomJ0u?qqt@>HFL$dB%zWLN6zkg=A)Ix$y@Sx+i5JexzsU9%&%{B@~D<NHt(h
z(q#hv`)d9z?s_mpxmC4Om+4N-FLd)I!mBCClmXYDIlmVhT-GDN*<co=<pN9+5NcZX
zWQ`&x1{`#l1RxP)CtKhOoA_FHE!;oc7Pi_91iFhUQId#i5v0j_0SrtA6IY%6bTl)M
zzX-|C9cQ!1P`Xnds_D?>N_Hc}W?Vh($5mybjQJ+0kB-t7qDFW^ycwKWz&g^{MZ&O9
zSFnQ!6O{<B8}G8oB0!Z(0;C^df`ZJAlr6Gm)xQpC4KGapGRAFSfS=$t{UWBHMtVyf
zZcBD~kKReLmeWG97YyBzz3^$zRNGU-{-L|$sm<;vys0PeqOEfhV9#gl%1zk59D`-&
zsE-f=OV%7Qbu}cS(A7RFz}ztBJ5*ofS;y0=>A8O9s$EbErWfRN;sRx_Ay|vRw?qJ%
zl=LRm%mr!GX@fBI{H}c*!gY?2l#BE}qc1y5FiV^Q82-^UfVNzob5yZ?)53te82JO4
zVxz$mwqweVDq>-*6pv<C7&oP>jhToQLD+lT&y-SRZ^K(&jcnxTf_#zIh#u-40p=CT
z;Zc`Qu^;8Syxke^4T0-Nwu7s}DX|X(bC-}CY}B--Sz$;m14~U?>tYtRFO>rN1j`}Q
zl6@nz>AM<ZC_!Y3%u>NEhXBt#LBziLO1%hgeD+zg${@G#T&Q6<p_J(kPl(eBs0wBf
zunF*o64?yz<J>JMs8e4i|KOmSnWltN;_C8%)`hrdA$|x8*G=53dgDNbTrx^_@A#Z*
zpeOIqwGr8|8^lU_NZ};a_N{t420kN5xxbLg8>FRWv!sA7{}^>2&`!k~+TxMxg^RFh
zF|43r#+a0rN+Jin<;3oDd)YWj@Tt5HvUqSuYxS%IAg(2SlNV(8qM5H1Yeu?7&+^^}
zONeIZtMq12Y?M&072+w(tfZt{WVuRcXg?*jq{pEw{j4>+I1WjK9~f}!5HdWd)8J45
z_Jv7?&E{_Fp0EX7jX=dW*914xPt({KWXMR9MCeehITpRyN3J%}=8N!WM$uHSrZp|e
z(DWDn7*paa8C;JMa+8FeXg}7w$1wi#y*u*3l4HVV)a%`c^Op6`6&|(1V9hF6fymT|
z#&LD67zi-M#V$W}Vp*J6GU`WCc0x$cRePeGPMoIgzyIRn<63+|?e~s6&n-8=q2;<#
zLXKBbA`-0qH0DT1V-Ik7)<900iW#t34<TJ7-Yk(dA#+n|rL`&kZm2;XWOe89fDx{-
zO7ddWD?{NE(Irf+5UPwF|Cq0B9WA+-S4vxL8!3JeLYYPTcr_e9PkajE_)4k>-cDyS
zZw!%DAB4FL(|PFMQ-~aWPA4r+KV^bhMe82wRv`2=;$obPLH9EKlZkQNit2j@I%U^J
zoaTJ43*X{+&9Ws`%+YxLp36nazUE*yRGYJMHV+|axtVDgP8;a0Fu4*YR^irCB-%&T
zpVvALl3GGJ>v6-ka|sw17lUUvwma*eVxWV*owznCEf>8|;{<X~P16yFd~>yTw{}O*
z;Z=iFHe9=<DiC4VtiTr6yw4i6k->pfL+VU2UTi>A3Qirfl^9SPJsNp&RS0uYqux&b
zsgO2tOvqf%TA;q{s$*>pa_vV1P^Hr$opwf3x8|W83`39pV)0s6dDMwC>+DxZ;dqEE
z;aW)@b0*W7$XSTOXkv|oLx9cq1=`AFz{R}`OMlKpX%ZE*wfUe+pWcbGiliua$$AfF
zeDPXPpi2d5u~(xw*c8B5S;8JwOTG1YtSP7F+>xjB!_ig+agOlek@IxAj5L_y2M6)M
z6PL#6rIg*?G2oiq9`6(mmA|nV>Z;zl1Qbd!^!G`45qkqjbIY9s0KIAcif4C5ntj$n
z)8(|H`34ePY<N5%zgi4!Wq0_K-U4bo<v@d|hl;yDPfPguPpdrtR-R9qs+D7+a+T=K
z=9T;LNrAO!{J%NBfgFk=PpDpY+#7kJRXOS2mo|+TnUCF$SRYG5&1Q(&bdA&4A7|bc
zSDFmS;my?5Hz?EM;)5NWxo&L7RJ9#FUC-z~i$U_A-c>k##Xm35%CRZ{JDX*2f`if%
zkGV|I=nivggZ1ACLeXTqv2l=Lwb}jVuuP~rI;zw|)5Ecse0$kq@pCSWk$@6|V<1}t
zZj$(&qj@g!5Pe>2avjTm(}bYX+9sR&gd#<YB=&~m=7Z%!`b~lZ1U}V9_es!ZHr;+O
z34)(r4rVIzo+ZYLIqq~6Rza171wkc`ykHMC`aH`m+NgrR$2`T4NE+j9nj_Zq@S&wy
zo{HAf=rLL&Lyo@HNkt#pEZz04yzCR{LT%NGJj61TPEg@`MH^{VJ82!NpWk%U()78o
z04yo|)FkY(Esqn6Q$Go6)cgwrYmv`+EB9GsDCvp)SVzAzHT4%PxLg{&oI3WgFvNFI
z4vC`v+e#-&*W?}q7yC3(=)53WherLvO<rMVj%PyUAC0{+bypuR$Drylcj4i1?$<a5
z!FlF!Vsf3zJmjK*Y1oqybw62iGfFY4JbPv^^;tA-u&X|3*ekt!B5!+aM<SpL!qgDp
z4o#4lg$6c%PqI-bTB?CF+<l+E2uJh*?J%%ww*9hgx($ZxB}`Db7AU$dNIhz(OX5a~
z!Dp8Pa*pkfz(5gP!UT&L+0>#^hY+nXXCw8>yX+Bdw#VF0Jp82xrzY?aTZV=f@Vt0z
zEcZ0L1k-LX09))(rWEH_j|!6@TW6s~NYvkVss|P|j@NQ*cwyTY^2Wr!mDe2CIi2qa
z(`QxoQZOpoSx0*}+j|P+`=2mWdX(K9{aXC#VJc~3L7*bY12Vd%M##KYV$zrEKfJ@5
z4iFxK*p$|s1%{KckCaOfyoG2e{D|0549vX>aB_zEFNBWL1n40?D8!3b`Q<_U3%}dS
zJ76HNGDs+Wl87slQEv<~SrD&y?DK6040w`oevQ;#@Igfi)rEe{I6xaA5dcvzy`nrR
zMPcqNQ5#gqex@R#A`aj-&_Ik_p?$Xq^Dr|db}DyPzxv54*waWI(2WlA!YX}PfuU8i
zu>@GGaCgg_jZiedOsBo1LTod%v2*RIL>HE~m-4STX7DFbn4Ly_dC0V<;6ZNM{KA%z
z*mi9o0;<GA%rzayKflufcE_n7AK^P1zZt=XWzGB6;O>S?x5y19gMRXg5wzpZh;Vqn
zd3WysT6qh_3~U&eEb5aOoRbdPl8KuHVGO>Iz(JT`0tdjqpwmvhcu_d9h`?q~?1VQW
zVFwG=;%g%f-m1U2Zq^UDsh^TdHWB9D)V}JKy_Ek-4p%`GI%JPbqIlI$HSY!R1;>7e
zAyI_v@}z}@XN4VIfob2@sKzc`DD7tz_FmS=tf??@I1l9060|3AKqKJ5ezD~;a0)<Y
z>$<R8uZ2&Z+|O^S=1-bAqW26~AqR!kVtN1M`BUs9XD&IZXSL%Kv)&IJ_%r)s9yTy^
ze_ea!y1EI`@G#_@DTWZK8hH-!K;nKvPfX%EYJBd8r-e*K^a&IN7VpDQ$9HLQ*Dl&X
zsc$q?n<Ll|2m_bj<Vm3NVRyXT0nfVD+G^lFhvyqhQ(WHH(A2E_BnYajx$V~7^`Wa0
zit~({Gn2xx+WuwkVo=9ox#kqHNqaouR$L;ZDe}e=>*FZ&D=u#8mTL!}6%nhH1cFkY
zrxFhipeSow8!(aZ?vqF4)j>!MJ`e;p5ivPN*~0ptTldhUOlPkZyU<wz3Q3mG>&T?1
zK~#GYMX&{FNl<1K&6znjT@H1?ah}p45UAM)WT1Q-P4+U|ec$(dblN&>`MWx7vn;rW
zUFInjYOm$@$(yj(PX^YP)fLr#KXcB^SOg*zvM!{0!@21gO*p8ac`fJ^{A5;`1BLO#
zWH3i1+3F6=LToeA2^J8~IjQEz2PH1X4K`a*V<C4{?lXf7j@_(Jf>1RzmBm*i0R4XU
zVdmuJ!k9#pc?yT@T8#Jmx5Al;Cz9W$aM$x~z)@2{<n3w#Z7oFrs3Cf%kuD*wm6(=^
zxY1Fife<njxWK-gRuKG5W@4qhx|u57l@9hcr-860p3@9s`>r<9+%9MQC%H9q^v2aX
zU&h@mG32LgD78K?_W;Rct8q0gvARV(vMBy<>~2J13by)DYAD4CQonoGY%GhiZ;r@a
z=AmaHRinx&$NWx^V)grPibQ+Sq(gwOsxZN@&0DLC6Tn(<P6q_A;nPxioN>oDpt{!Z
zJYaf<(62yoMC0)!7b+Qkt_|J>izkcS9WA`KDR}M@fn!)I)3@ouR8TlpIGyp3C<@I+
z)%$VO0C_=~wWuWXUfguSWjVTUwaQSnQN*{pe{Y*^ua!JSESWE)7k;<ihtON%5{hRS
z8dGl;FJ;*y?ZD1$WBfG^|JA3Vb`<PG@Y84QDwHdO-8|naB1ym9O(B&*1WVltUbWE)
zjX2j6qz1b}>;|iwrs1;M`e<GG$c12-L7x-}{F_w<415h0@X*Ed#1J7q>*J@!4)_MJ
z;c|8j3aWbB4pe_J@7}yHPhPD3Ao_K6r@=eKdE{oKjl8%(d6E^_0qmql!O8+qFpbX_
z=C2f(NTezSmUJT8h6R1DSrw(|Fc!B0y~XoeZU|WOb5NOWb(5{NUz5fT>XIGg%WREK
zR7{8`Q5t<t3MZPJbt#X&-;!LiZoLhDyh#8iEjVs;RAVJR?49;1n^Fi1BfW|X5!Px&
z&Oe&aF21oTT%VqH$@VF0rg8ZO_&4(qcu1abGX6dv-IFBiazBNDrH`p+vi?%r@qYNt
z<%V{;rX-xM*`oX{WOrj29g)NZTYV|D=iobYa6~!9K(Y;qH3lZZm$So!2|59YpZIU_
z!n>OM*o^B57UPP#R#KwJpUl^Yl`*0jL7}q_LM7dX;L_1smTHDx+?8Cka1zw_^3TIs
z9W>WIqHtJu2zeOBJ3Z)_UKJ^AJ-4hoQ)BHQ$~S(vLkB$UOcPVgbpC)HFZVvh>uvNN
zy3xsU7U1Oh$S_W4TJ3r0JBpZ#>Y>S7U;(9IJ2`I}B$VP<+w|Y^fI3J<<<c6DxZLfP
zUwN*W!(2+LAUN|Rm6HRN*&GHAHbh*wC=2FrAq$RNcp54!4SF5J%xi7g6j|SqY4*)#
zy1r@#^cLJbh~AfWwKIp6#^$<(BtJiT_Qo~L1!&v)oQw@RVNQeBNmzOlu$W&@Dm}x8
zxe8-Q|E7g3M{^;;G(-7nw+vk>5N$6Slv;Spi2D5HV3=i!_IjrQAM_iktc;AjF+r;c
zy_^hj{~0n9-%!mLP<6W$?u<7v($fKFIDfH$>m~xTL7YJB?`mVK3W6LPIHx2x4vBhP
zLS;`eo;d7)C*=B7gO^B2%U{rCq{$hM3`dUgR&HTj$>zC7Hqmhr(C6m%F;uwa5_*g@
zOyiJe_%`~ko51pEv6f^lu$FD8wT+A7RbAO3^~dP>>&#kRpeq&ED0{hwz%$;(Vdt3e
zz-I?x6Q>Zto6=ss+_~(#t5oeRj>ks9{%Hgp1mO@ein`=!8+CNw6TOge<??$wE}d57
z8Ntn__q#d*IKr?Qt)Y)7jnQ%WH0n1?R9QkYIZaRw6iY}G{;#=ls}Lm4RNj^$I}V*3
zY<J#97A;ZTq*2+pUOk5fVv{@1qP-fqP-(UI$EHxjsq)hp1~h%xm1HO8`ax3ui9@(Q
zz0cF8x)3kU<AwubV0RD=k)=Ywni!fBDo{X~Ld<QQexMr1y}VuM-Y~MOEg8U{Pze2I
z#P)h~fJk`e;e1ilA2ZKIq{);h@;&kMTf3KWoL#gSPIzXfG%Mspx(MSfAh37*F_FH6
z&GULuxrwj?r+3||iUXf<dYfyffjxm5L++PVRP1en;0#7KJs_n=BQ{hZ^Jyr-aB;IO
zzjw-fjz(Hp`zsje@mAN5$bO>H@k@v4w0qYX@kC7YDS>Pp9@ieWSlHHH_<1~xPLU}7
zm{dsN33asnX1W-kCt~?Srv2U=id6M;uawxSooM8UCbn*mP?~|dGG|V-WEnWIV9KU5
z+vZxw;ak!RM|mkPLsgR$y>Lh`y(om<U%#la2&Z;wy_Vv)d_Z3tW(P3(s(V{bcZyRC
zj3Iy4*afS=^kmGo%nX)lRU`39I{!M3Lln53+0fDE*pnVXo6#0>bM`S!HNZbC9$DMj
zvkOH#G>%O!tE|_M#N4S~4DxPW%HEAF=R$LXl&-P`ahev7DT}iH?s^4i6sSPh`_WGT
z16x0?06Uxj(G*D-T}~vgEAHTwgqF%JUV%Kt4G;an_!uGMZFL!F`#ko`^Mw`rQM}4;
z8C1=;HHneELI_38UDYvqlyV&~A68Nswy(0;U5)qqoWRV;Ex|G1u!KlZddNb>g**Ih
ze7-9QKH1h~!eeZOXxt(9GrYm3zx8n;sbocJTF73sYR||(>_D2^j@w$}@rjM*%XbU=
z`%bUnC$tVv5Or77OiCAgrXvc7x3sgqa7%|!cl25fii5N01k^<LNiBrLNff{G^;eu&
zt7(ZZ9ghpKuQq^ixe++_lqE_Rk%$70vc_+khy$?^n*|<$3~TSP_O=@3$_NNCuV%sX
ztVJSU8V=L(Dn^>Hfv+m;@AK{WGoRtHd~392<=uyO=ANveBE{P((q|YYxIpY4^RG>x
z-1@@gXh&4o!0*523@U0-q^a9~6?W9!Te(D+6zFZEZ{rz~A;%u((rL~T$@40w7=zm2
z_$DwyOrA?|D&Xo8|L{X%<k5YjeIl%U9$Nim47Ki*kj!(WYhX_^5((_o7x=%nfx~y{
zc5@&DUL6z086~L=CF`gmrl{B-*QEhW1y>11oyE|2Oj34J{c!qXrM)1iq$f$q)(q?~
zUi1+f3_ZayyqosljW9PNpWTO5MH7FT%B!4F{QPz#{JDL0_rp)?o5wYB3Tv4th`~~X
zmPn8oG*R@vl(jWo#b7QJu?)fiu^my+8>(99dWy?D_q$yFw%ji^p(yk~--?O#=2^cg
zq>vsX$05@*j}r@&v!Pzjj_GV${hAl6G&|-zjx~xq4H6n!gJWXpV<}L0BJQxKhce?#
z(xIVXX_=~Im4Vh(tW>}nw)5ous>l3C6iXi{ZD)PV$r*)2;q{JatqY~lO!P&ShMTn@
znk-CxY?nV3#BYCPVMFO6ID2zF|E{oA7_(@(<1S99xUeJd99P%j%ZyQmJrGb$s;1&b
zyc#9N3)OCADt%%Il|t7NW7Gq+4ixs9ui*0LPD3U7Ru}9vHD24IeIq<wE|;Rel8`F{
z&2}xYZ_>X+&3K0-Tnq0VRdX1fETMwfT6D=sN2NWL3wGP2Ie)2rk-5np5sL5wR8pa+
zr&pl)4JI*hrIs)wy8C~MP7O&+Xgm7g!5xXjN>Y7X8HOWo|27*gp(iPh<D%DMN_bkp
zwz*k~vAez4r!I2dN$MD{Zq8^%M4|<H)QAFAZ86EelhNYOW?-B7&5ge6QE=wjn*dV*
zV}{HJ!EspW7c$enu|kJLzz=z4F3AL%PK-dt93mLxM*ZcEj+Zv5dG~EsK2s-R9hu|O
zd#J|3(Qnj(cUikmdI@}xaMKgd_WY`@8?bJ9!;B$)td{>509Zh$zZ}l0mRt&>guLdq
ziXMg9u3d6ChqJ=3f2E)n3oV8LoJlFa)6UB!%OFRIgIPg|O$Fk8h!V(uRrpE86_ZIo
zzP(&fvCYJxY84J6=?N)s2)lH5Bw5(71Rk}l-ZC1yBD@=`_Wt-PI;U^PPpwwWhNf`o
z(|c%qr#q{kQ0#e+*T9G2x3^Plb{l^^L!UVLk89MtbqsuI0^>`1=!AEQ)Ogb9yFY0F
zqk4j-zTwxg@0bbyTU56`^wgNz;<Qe^Fa5LRvWL_zUf&l259Gq~tkZaO`7H=?WhsQA
zGR&wMarW3d_qQxvmTpe7LPyZ>te11!B4GHmHpd|aBI3kTACyIK#NNJ+nZdG7O4jSi
zh%Xn(q9!WLa}s_zSnvNB;h*rLeCYCejMJB$%@)tMAn)#%5H8rCxuZ~?IFzf9lvCg6
z?3qg88c(eP+Hw%t-|a$%50ov&WlEdw^~n9-g*ya*glnqb@{Y-kv0MJkDx^|?ctx`j
zKoX69Xf_|Whd+p9(cTa3n4h2$*^|-#=+*JiL@Z`UQ)?=8`)_z>E~XuoLf~#FW49!)
znS@#j`(<u}^xvGqR5QCnTG<!TDk!qS+m4{p^%#xa^5Q>X@)ehMJI(}A!Ged(>aS+r
z<2w$!AW^Fc>i*7;Xo2uEa|dQ<B6m~Lw(ff%SlPNVOwhB7?AzXJUi&9YV6r`AmmX%^
zD0bl_tq&Tt#CBV0&+CiT^hzSAF~oJM=&dI~pFrj^uw$Pq2|Z5TH#~@$x!Cc!$^J<9
zO3&+y>yS^*K1dB+bj(hZb%$dAcq`oZjtVUkdptD=@Q*1lw0?k`^m8B)4VZ>t&ZaN|
zL-9*78Q3Bnfto|_hD^r*)au656GA5+@;S6+PPL&Zi_C#!ZDHG~unk&izG}4Yab`4?
zL`K#cQ6S!OsH>LFr^c_@AZ=0LAY&~v5aEb8;CCb}O>Tp598sh{vD~P~3-M%K>X7=^
z0YBuwZn#@^>TP{aH4@k%20mrN1R}+#%t7zKyq+$#SJ97(8gfb4Tx0E_#IevJL@;o^
zBatA;1Ty}AbFPF6Te)Qxt^fq9Lb+DD(QsDh9m{8~L(7Y9nLF4moaKo5d9J|(B!n7{
zzS1W-`sn-bbI^yxpC??JZ+B?6Y34r8L!IXXkrPZQhYH2@@ne$2a~j!*33l+2n0AvX
zS1z9%`#i0=4N5ey0IIy&IHJ?7J-A18@kOJYsoidc_v*$QD;lSa+q7q5gg#OtzUYK{
zJcoAqD%CRtc#SJ*%D%EI3ZpRkqsg$+GU+o^(QB;FRFA_y8>Ce=NlnXNsus+!WIyrs
zFz)aMA%31W^$ePf$ecU5opBzG(efv1DHVaj?O;S{hUim4<WQg*JI<wLt0&X04WIT$
zgbLEn3G2qqVJnv5|8QH?;zq-mjp2#k*7zQI8Rs(6)CxLOD1NQdjgiiuUyBN2jXm_!
zdqwonfY?O&dRynGi}{AqQMm}1d$=dz$Muo1J)>&qBPw1)P`<kkW}j3zou~{ol|;FB
zkbsg%PypX{iCr$`^|I(Y>K>sjd<xa$k*&m!{KG;e(u%|6KCVqnk|^~VlYkEGD^W_4
zanGk7Gn|imx%+YGGy6<VZqGTmC(JOwcbve>F9SM<PNGtTd3Zi8kfTYf`qAhq)*uP*
z837`F0B9iUJFur)H6bS_Q&#UV^A_nLK4sRSs|$>W(^<<TzFS7_+~ZyquVHiVS~@^K
zoV7s>zwy?<^|cD5uJ&t3N`1h>$B{FW^FX$3d?bzmnmF7=om(_pPYJ2fs*U%rBE+!Q
z4qz+_(~;7VdWfcDkeT_ZFB_WR(#9k~rAQcBIAWJo#Jf>YDsX)5Y$uD%D4D$BIN(`B
zmJaw-j0wnka~i3UU;gStwl$B+lJX6H`T?Q7TZ5s02juUaUj^$J>wq5Q?YyPs+2Go=
zZ^BBZ*q;&uo_WDzPeLdh`jDiZjOh^<3?n0^a!PGJZ6p{RxW0MVznPTx%`H>|JAU$e
zJG+|zbr@?{@5om2eah`<pW47Q;?BlSc<Upj!!WiPOZ`~Sfx(pOua|K^mdtuECx9~<
z1U)&7hYl_aP>1Pd9<)b<Xc5^7FGUW@n2Q}^#IX=l)gcFE#dK3;iH8eSqynT$>+S~l
z8wna$B1ZFU;CGS<vrO%HzzCy!1#zlu;<Y(u7eNPK3v-USB4<#hP{fV7kZn(?ELPrO
zrjCs_v|r1QtT}zsTNCc@Q-IT(keL_SCLAw?2#bB4TznA-&04P-U3|3(o1;{{?YLzO
zbUpVBMRA1&Y6oqQNHY+DBf5gboS54DEFqm#9%F)eB_CBDpL8)4+jyK`dBik9k(16z
zyq3P4C=iPL$YOQOc7aI%q=Q8GKYtke+A}vv^DkX&t{hF^(IUUQe;+<bAf0@S+SN5r
zSI89@eZ{S2)tQa7Z{tchxxc+2-rwCaU6MY?uZ`IKx+2lt)iwX{z6a0fW)(V9a9Nv%
zA>CuaTEkpgwlxgf_jH0w&P|!1jAl6zC@w{Z!3Kg8*jfCHGCXQ3J~~l=NVCpmBHM+0
z1Bjv`>gZJpLb`=cGsMpznKhLc3r$wDA}8V|-QzJ<+s8ad>ScG5y)S@(l)5e-ro<aF
zblxtx_npm_B59B@0a+xB*86WNig%T@?bBZwHXOb)jimyX&7U&8m=b*S#|}@C<X+Na
zOq@9v$%YetTtW)84hS*Q-sr6R6|>!GRm$fY&fgFm;kh{Ym3!h~60lRAVtUZ81o&sV
zd~8-EiX5Ujtv(Zq8wTPyO+9hjk|e9~duN$U=x1c>6E#MwPO?78I<Ynm55Vb1;j4a8
zRUbXwxnrae``%+IkMkfG?_C4?!Y6I&v%|wPK+JqVwqf0E7ws5#4*0uvOQ|LpQ4?4j
zf)3Z&wt~s5D}`ynruNJ!E^89iSyh9-ExkV3p7qF*mR_e<(V4mzr$(qaGN++I2JtkN
zt8{cv|HIEX;oXfrv5>UCj?zb_fEntmu;Z+W%wVdDEa*T~rOQzp?2d!}@_LIupVm31
zB8V4miy1B(d~!svLRJ-`!2K_zS)D%<=9Lp<IhcG(Y2c7Q3Wt<hW^`RZCCS6#KRy@i
zlgceL#i#Z6ncWmHWW?Doxz9>1+1h6C9`k8bQ}gT59~6rJWfy%j_cIXEE~x`<!KKQ$
zVTv=(UkRG)RJh}v@+}m+*Z5`+Wxjtc=FY5@x}#bXwQ(v|t*zO}WH2Wiuv4Fhf$S+(
zZKRm$9Ahk&H1}B+IRI90HT}8RHrVK?`2LC&^ki!<577;a8S41rK@82~;CYXPk_>f>
zNCIBYf4uZ%rox0Hc0JBj_Rk=fRn9s3*4BIg8;s2#yx(-Dph*<m&yo#kaGlcZ{&>o9
zpTN0S6B4Y_Z+7nWzSn1Q&Nl47!P6k1=<96SD?k8*)AYZWd%v}F#T_x3xRVmQ)Zx0Z
zglQZFwKPDk7LzzNXuy1NQ&!b!0@TzN^{X?ZAs6=hfDWu~V@H<dak|js=Njw8{8Y3%
z*v~hYxu^V{mBW8P@e-xfao${#FS~2kR<JS%%&3)w1B|EAKxa*eLQ9nmfjIl#g?pK#
zv`A&m4g6-@sR2aX6LfE(qdLxH0(~ILjPA<uz8S#ulF(61Kekn;MYX5)Fqn40>NP{|
zna*fTx}9m6`;N<~p?wo1szQ)BOmJjNBpm$~c+4J-wf4_%Kr&%=?g~#_S*Psey_A)^
z&cNotb8*5NZ#F~pL$3DYb7HWvFj?<>f1Y();uWFL+(K%mQ%;d)dz<My_6+iwRUr<Y
z2z&#BUX-yLg}ZSKWo+CkvMBEITMy+2_?%xrB(qtN0vJUh>h|68o<$%yKEq8827@T!
zdBkcsK%Jr3|8eE25R(rtcibz(x&rvQONV?NQe77TK7KJc+Ocqu;GePY`fwGdxDeMt
z${=odWrZi&gxH>RtbJ4uZdGR|?mJCq<n&@#baO)MdjLk7jSh*Y-b{wFjDsgO0;h<Z
z6S%7%r4+tA%*NsvwQ<0QPgNP}y0}KP)5^}gb<x<ix?(8_yH+m3M$9ahbg`)kmYFx`
zoQ$j-(M;N<>^&5Eq+!Vu*bv$gF(%CaLX(gh^@&Lru;^%BBJ&~={@YFqx-5SOuk+j1
zO<tvJM9BOd@b0NNdxu!u(Rq<8rA_WZ$ogzLj&W-xf}Ey+5;Mg*;?=Q8b?`{7&hDq7
zhS{3s5t6#-#njxY%A@7bZK7tYBxzBd8w*PJ{EnZvME@EFNQF~`KK72mC<+iM0PjwE
z@xHw`<_U24$VSf&x{uheseJDseM}51Wl4LSBTnWkB6<?=QO5#~Y}}<r&T#BVk3$pX
zZ1W*H&TRRi^#@&mQywjf;J*+T_o`@AuAUVV6P#VZe+XgF&|*>Z|B~ykgrW^KW^}`{
zrc9$i=YCtgG11KT_xLlc)XA2P0G)rIC?i=B8qkAtF-5eA@(m4lh`5^+N+`kHK*Z6R
zx^S6tcJ)2`IIR2vEZL|-cjJbZ&Kte6BTo>m@eiUa4?f^COas~36Jw-hVX(&V;G`OF
zs!ibTjLN*tM|>^P%?Yl{|ISZuXzo*Bh3EKzC01l=1U<~PEX^8`%+|cPv&n@*Olz@n
zvxG6k_SAkC-JFll?_&ewt8;8_a!=9jkJd1<&4ju->uA3t(7WIr^NBz-Ynejj>|}Z8
z>4Qd=m&+K(hB@L7<n%l#wtvD=C*n8uXus$}CL;5G10;JthNBt#E?MNs^SKi}VxV`y
zX2rtikzv^iCTTNlbS{Ff+aJS1M`^d^HEb0*py8qh@0IHl)>SeflfUJ4Q_;cuBlsOU
z_rtw4wa34|fviHCJ952=(9P0}`?g|#a{8%RBIXt8E}ydKtH%q4G#8I>%D+Vcv?U@<
zV;As3rD{h1yz6E)>kMTwr~%utbCr%{;Nv_c5;sb_zPP9sNVcQ%)CMs5g;QiKGY@Wz
zFb|dEF4~I1)n1e<w@<}+CiNtbCa|05=FT&cFB!~mP}$F7IVylx@ZU0fHZ~%$H|H=0
zbTty5OG8`{yX=-@6^2aC<4q+(dkj0Zob$V2BwT<_=|Y~+6fHx-{9z8l#ei&hnwA$+
zi%vu3f4g|DG~n#IE{0u9NQ7^MK6BeAY`Tutm@;i?$tj;u7ya^G?d$nz>QibRcJ&HH
zurdVkW8LSGYk}~`xZ+uFxZ5c6M!WSMb>e%y@R8q_a!}`sWJ-?L&A{#!I%h(>O-Ju$
zrc3j*=vD*;B!#&4^j$nRN!948ujw=US+X$S-^0j#o%*&veOe+L62$r#khlN)<SS8B
zW-}4QU?}U(e_DIShS!^K1H!uTrrf%Lqhw#Rnv;iQz{IJSGvjc%(KWAR)bMQ+h6dwW
z2Zurtd3I<fEBT9(W^Yk7uNX84j;f0GQCDJ%e4=}^y>tX)25n_CEFF>`o`C#4&74OD
zH6#)a$Tm?bCQ{42c@C3~sI|%aa%Rw&?R-2tCCuH(FJPFT8&ncbKl8+DuNstS7}pk$
zC?pM~XlKjX&R-ECgFQrTt->#-bYbL0g>uQQ(DS3;ns-k+adkd5jBBId{_FWDY;d2u
zyMV(F-{6J)k;2zsoJ!4JG8fh!$A}w^!RNV&Z>G{-L%Md1d<Er&tBUyAqz;L3HO&X>
z;kzcPnzgO!K|}2F+4L-XCN|b9;36r<MMUd(v#TN}>9qKvkQp1@UrGT=tKu@MivnAp
zH~I9d0J&FPB<!%h?Igj^#k=5%?1V*UyppdGc~gDH#5=?fw>*ZtSZIFJc57S3eo)lK
zacuk|f9GluaP%*d9pQ(|jB4)N4u?=mc6pa`_#7v7)Wm;jd_5R?@t*QdNV3q|<D%+e
z>0#MnuzLJ_iVTRr0ul_B`@?9zNLd70r_OaaZvn#Ymrm||lkJPu@5>14Z5&HUTb?Z}
z+4i!ZVgF*c16BdQ57v?Z*KO^sqc4w5XPlV)=Zq3To*L0T_7rG8dqsUEH9FuRd2xw}
zeQam7Py28ki^fLqDLK4Bm1hjZS|GHYw2P#!#j<5zA{KCoh%}j6VVeK=F<ZnA$iQ$k
z*hTRJnB8~tY*Vta{k_g>IL(S>_%HxFn<W!nL@*Qx$0vWPpX#q1RysCffJ}ippK`*Z
zpb6y!1uKC5P<%DS@L%JFJPA2#E<On>n7^nCtGw+wdp^T=rbT6zAHMgBq$!H377iih
zkj2fcZvi%W3~w&G{nc4`0%bVF@mU0$5R`;yqnO^i-)F%-cVw;Un(>RmpOJ>VII5|A
zqT+LA8=%*@e^AO~HY~m5Rx*O8xARCoTMk+W^)(mB*_X;zL<`-3Gs?m$o+39uA2PYg
zN@uX6$s~@lz`qNH`j+>{?b${}+VCHQApkr^m>NQ0Zx=Zn8x?mSw2gV6nWh_O`Zt7r
z$}~<f$iStIc)q{4XVC7lxK%)3_dZuq12kKURv5S9_AiTJC$+oCzAO8;kWp(PqvN*v
z9&R9Hg1UBFJN~mrh)A`sJ-WXEb4eWxvQ`KM^?yYNU<UQydfJZZS8gTXDTis!k*T~-
zPd@>g+5Da;xE$`PZJL5+V?b^GuyEM9_{hoo<2znxly(3oqo{}Rd!b1IBmCKNU@jKD
z64?yBet_V=)68bErTdtFBnmG)85AAOw?c-Y_&5~3I8NGP9hEd#PYIv7M8m8Kae14Q
z{nftYxykz=qH!$)4i>t)jxlvSi0-BC851W3;|}N-+OIy}YH@2jh@#QK69in~LN<~N
z5>}Z3Kgx)djk%0P?czx9Mx6$milr6-?7R=0$SZQ+XU(}6oGU;h7}&S043)P2RHzt9
zul(nt5z&#S^^J|xPCmBh6d_7x)|J{SbV>C<CvSD&oeao*vw*rW*dauk!tqM*h|0sb
zlReCP0v?VxJ~>SB*%`HI?2}X4%k+(K!Q_)l5m|Aaw|u-0Tk(f~I@<fmbfgaJY*s=U
z)C~8^+=;-%#tw?$U_0>}0i0Y+#{i?mA#}CC+{cJJ`cpaGF+-+Z+p)DEJmu%sE7V%2
zB^^iXVW9G8l%+fUHSCbt&sC_(l$nX#Rf6+WoT)1u0S0-=+(yvK{oYWejGS@zvz=Vi
znY3#m2onaBI%_J!RqU{TGtT8w!NZKV*9Gentog`qGRv|dGg5sO0j0EQ9(u_6iU<eq
zguP@Pvu`37PD0PCLgP=csAC`q9mnc5;2XG#37`l190>+ruv*|=IM^oO`h@S3V8M&F
zn!nmlmWh<#)<9Vq4!nzwr2TU|OD!M2e6Mu0`2ocbFUq#NbNA>Tt1jXJL={@DQ{y9-
zuLhm+$)8|I3^z(-G=u2X^|e6TGI0*D?MHHU4LoHTV~t@ib(@|TD(+(4#`Tk#faMtu
zzDIlV;mGYe?T{{gI{SFo*K{-|F8MOFog1O2NF<@lsmCzxyLNN1`h-xjA1)FjRmZuq
zp-Km#s54SEuJU%0;;Cu!WaQU|0`e|T;`8?d0=PFZH0@no@QG-c#BY=@r~FdjNmJ=$
zd6^HfmwRRnn>8i$C<fN}!aIAjp&C86b++scm@D>PzEsT~YcgFyv9s@V+0!+QJ{-^a
z5B*RSNJdZY+<8ja^V@Fj0H!UYj1HlhS_C}+>I93Mpsr1c^<xb@kHcUt4+cSVuZ|0K
z#X6?F@rf=ZVZY053uA*9<8rBfW8=Kjw>-!xnLqMIhT*gM2&pe3dVEg(ylA8rN<2jE
z1P(?D+GjTaNdTt)){{$5L2kcv(?gVc?Q^#jsYSEcv$bM_(?t+^`_FjjlTwdAqVTXo
z>0>VsN_Lm-<VsXdm+XYq`eoPY&k^kJ-DjfRT=p%IdMQ)8-Q&aHa&>&LWh%7p8|k#H
zD0&tdU#rpqK3a`jB+nD2qP)165vc?`nY1EC499B~oYryL<Z3AtIf@5=%g=9FZ@R{b
z7bWG+ryht&N`A9o2#HVO5UIsu2ID{x%OOvzVF!#9s`@gc%%`u{p2L8--PyFo*zdD)
zE^u#X7zwknjhYkSQ*M!LL9T9mM7+A4VXm!ZikMoBF3pd5@kS0&*m`(Y%3zFLK`i75
z%0<76F(MDE)58Z|()b)&0I7o$5c;356y*h}d(#Fk;P~E5Sp>_ZyjtrBq2Pn@z-3Ri
z5NlZPzF9jjZR9Z*k0;BI5}|`!>9`KEZ#<bobe@c1F)f)0*^|EmNgi^bxOZNAv}vZJ
z66PL@-__0Yp6sf#K(4%ix>_HodYgiVj{D3GqRT>`o`bzym!*P|y;U(bG&9s$Hj|~A
z#O6Tp1`jB_QN5m9-7l<ATHeLG@dBF!Tk>>~WC&vlX{c|dZ8w8qSzhz5)~Jo8l6Dob
z;R15)DM_jv^;UI&n@JTAp~Rl_u7~v1ldZnb_ABeb)YhbG)m@M=DGVo^`41Dc)$=HS
zYx$Y;vYkT>|6q!`9sypoNxRN|uVd(Tn`D%v?c4&$xhJAKneF9eVQrN^Mo7Kgc(1xO
zd*!vLaBS*3eC%Q|V}&aTJrW#3UMEIIz9pW*Dtm?>2L_kI@SVPCt-xY@a0ye5^T{O2
z+7mP)FT&hxN}yZ6xb0+W`O2NL{l|7;K5TWiNKl;1<xwbKtO~QzKgdFeSg;3oju=6*
zT&#>E=t>C%n~*t5>bq<0m9znEr+?=^YX+!>&c?BBc4xZCgBo4HtyOTJ@cYJnZ;E<e
zx30C|+X>H}z)Kz}m?yKziWT$q;PY%G$8^?iru7{;A1Q(>&#fLZ$D#Y0K;^93!K)2D
zUBIZ7-DTb8{<FzYjpv^^seARWiOX*8HDKA=)3+RAX!dRxe;=!8w}S<zRyhEPzE;d1
zU1%w9nfOcP7dXE`@Oh})+r)7rerM#!XHp7V0;17CykXUXs>7TNz#e08QQy^{IOR?!
z?y8vC{dPK%Qj~RhmnCH527t-@T6ocR2SkHLb6UIjpG~10f^kz+1Z7h5Rc8&=g#UMG
z;(dol#l<4skaxu47M*}WN4x+kl_mNcG}?}>w*)t*M){%Wb=oEnYo*B5=CJ?>uC)Pd
zu_X~?-YcclL|NK-Q*S23k(4E)vs~p@)?~5@J{)QCN=Q5Y%a3moZ99ys`nDj`aW!cr
zwn+7v!Sebt#&@LJ(bGD27Igd`-agP-r7}WeOcW`HxM;JhO{Dg4V10)F-y{T2&%wSV
z#A}NdygxpVYqPp<^)z(TkmRG}2D?k}c;CEWY2!f7{WbO{;{l}gFjBe>7J3xpS>`?c
zW!t9QgtjcO!%=6Iy1V$&uGlbca<?nTkquCno4Wxwl%CT(PwK>V55KUyjuh~RBKAig
zXZ{PFxdj=3;-mUo_k=E>42VRC5D|yin{@OI!;;aed->!Rf;PV-8Im_Jvx(!uDJ|AS
z#*D*3V^nNy6}_G=wO-)F*c=l;5=A4mp{B8q74{k4=0Tzk)2xknlS5-nG#nXx>Xj{^
zP7xbk2YOH`JRy;h2owV682i@DtFq`1arst$c~Y@HAuLry@(H=xLWoBm6up>krT4CM
zD|YhR=G-{~2Oa_*+FxU(>ykf9Stn-;RAjC?jOdD+=t%@NJ(8v_^F;CdA28R2udCkA
znS8}78mORLilGG5V~J5GEXjc|u}5~DGtOde+mv64Bm@vj<^+QGx>%qxQl$OmV{0`1
zcL~`hS{`VC<43+~%NG|vRR<9WSIWLjs8%@lsi7B+(Qhrg3W#_#8@0&FF^_lxB&wJl
z*@o_9W+60Z&tkgC<WDg>G)WQ0{0l;93$ZgsEdhVn5bBH!*dC=%022=Fq*5FZtFo=O
zyt+Nz#JinYQU1v)&_INUFMhQJhg>7BeMgqZp06zHf-6Kt9m$cXXBO~%whI0U`^Rm;
z`CV>w9V4QYQs)4`cBk>bTv>DTkxiFDX8%&0IDz%!_)m6=@PFL^yM3vIuGl5vZ80oS
z+ryhb>!<mXGbnmg3)OTBM*g4F<Gd#N^tG>38vnuwrEn_O`j!_w-3AgnMVX+RzqI|n
z;~p~>sJ923`C*u}K<<h8#Z4oqMY**5=o(=P1%0*9-|ff?jz>u)b9Pfc_-w^szux%G
zVqCvJD+_1ewq+J{tS$eo{5vTXy_3KjVaOd6y));~evec3tO9=FjR4i1oHQ<O4jI9u
z)+yFWH~<w9?i2*K9o}4o*;;L*5&u{sI^Sy_O3WHNqyMn|b!rtUNpyYkV@EMjQ6z6X
z6-^r^0)eV~W}W@Br&RB18$dw5sK@I)<;BSuF<YT(HYcNSMT_F$#+D&<CCaVAUgoC7
zT9@Tuk=@;=0Oi82g+(snhrc{PyICw)dcO+lRxV6Zh<*)N@QuazPzeUluP+>a@@~&?
z7u&42A~`}`>vy-{H(R6hith*bZ9s=8_7vzN=af8aJuB*I^+O~RUE^2`w@LTkjd<fH
z+E@<<oL%;t2L=)I>I2kDv<n2D0Lx<;I+DzW!s6aKT^cgW=jXoPB?Y_n?)#ea-!L%k
zSNYa?SpxYk75Crs_K+LJKg&Z^H4YRY0MpM;fyXgb35??S*mhYY%D=vLxxVO~j`c`)
zY|P!;I6LZNbCyAi&YcX_@Vcq1@r7NN#SN({pF8U7KB49cp2f09I=xfg#%(Aky;{2s
zzyHO~3BUay7rn5sz@d*MW!by(O?b=sM6dGb5Gjr`!N}~wuZZ3A0Z@iRdeP8+`ic+i
zZkAX^!?tQ0JsbU`k6cJZQhG=1cp;QN&M!&#x=^%M5|ad4Y~{#j^vnmj?=<1?H59F!
z&%c{1`G!j#^~E$86`R*)FBN#;bxjVcO!P_|bpW{0jgGzs)LMsHqkb(*%WNL_BUaYP
zOat&EJ?-dYe)VU6XZw7j+PP0-cfV+g0vilxJy3?gagfdDYqnDF)jC<-rHF2ZZt-OM
zJ?LLt>&Ksa2d|ibO2W~6`4)mEyA3T_zhK3E?EbHIAU61oN);1p9!3wN-`d<E?;pba
zW*TwZjbsp9Ykww0qNXDPYfQ`?--8Y8wr`cv(26PY=q(Bvo0lrv$D-e6!FBZ@^ls;z
zcC2X2l}K$zRy({D=3Af)YDO9=A!@kJ6co364l?eT!q6<D)m5RK#I8POHDe|uAr%=E
z$$oww*6Z1N<NGg+T4L^f<dk<y#JF-S4;FkZd@A2+iizr*mNzDfVUFX9sJ!G#!4<VO
zI0l(`%DLGQZ1JW5|8fHoHNEZ4<x8+4navN7hUT`?IdrE;wJ|HOa!Nz@M^zmyv`BOw
z!9F5|NdlOMU8Fsd<~}*u@J-sTrc7wGl$dvq$YnsUc|5l974(V7%dsMhctjz8hhrM!
z05d;R3st1y@gA(<U`!&{MdN}V;<;5&3RFdm!~U2(OM<at^5sS-cmK2O)mlIN+}?9%
zlARAPsxN_0pUFrx?ta=I{rl`dcIhi<*E-U#4wkLO^e3Unz0Ri_!8VUdTju3RI}gy(
z+zRKxDXj)&341XA%l)1;K7axu8q2W6&DbeRF0W~5I7VS}bk+l~CYFN^@6R!-x^trB
z8N9XGK>T?>LrB)v^jUs|_;t|{6lBUyJrT%(ufD74m{MoL^3N8z^z~=GRg?w@vMf%&
zWt0~)`&q;>2${Pf2Uowb-ztB)e&Hq%7ncGUSs?o+G3QiGn&7x^P2Xp)-R$x|mjL<T
z?*j(!1Ma&{_lhy()GHPQbR&K!l5n2jy$8D~oAgGS2&?({>gG<TmUf+}QeE=jfnTVH
z+T4z*RC^D-pWJ6%tA4=vdQ$*VyFdZC3Q`Xpyhd~-V9ozVGpWWpc(ds^?AorVI1CVM
z4QOhTtt070JUuqZE~*s^uBt4OkRZRMyhIaQT#o#iSg3PTjb8t<L3Yqs;d%q8JSqE@
zSC#{-**F^=2&4UF+#ZsS|8!3+p5m7`IaHg*V!b<pOhOaXH(gTEPYY2GD73(ZaG~rr
z9Gwbgn}!QncULDeOk`fT;iL~%Haxji(L-f-Wn=4u??es*pd*X{kI4=H|MVq>?1!HX
zXujY3zx&PUtu(1_Eo_7q;Txp(obzIXUMMbArsznOd72Dd-yPr~s~yU4{%0cBORai{
zL+!Xz;kA>TU29*I&vTm(gUSZ9QH;&we^ocR{l*VDg|k3#L0bM#sJqKQW4;(-rSs!S
zk78KsBhCfbd0p(~Z2#$n8SPyV`-+Ge{{t`p5qsEI0EXvmj;YL7cr0q{^fe(R^&Aq~
zMdF3P5J-#cDcW>?t}>;C&!1G7gn_VUw@+E7HX@X*0mqwXLctNLB-*GR5D0v>mITe-
zY%%z)WDAb7VB=e37=rOx+lvv>)h97udrsH6bf-F2=vx(>EPVrL$Zn|`Lb%%VvveDS
z_g<96u-)Zz=LFE8^N%U;+?on23kfyhYk@C5!#eJ+FZT}33R^~j@HR#5^bHBB#?4Nw
zr1{M_Ba8<@gsb&uv7_ngoXNZZ<a8_rB)>+i{Wh}qwXKS9t6PQ=-s`WqAMiy1qA2yO
z2i#5<0mvLvmXo?T8$O33OMi9H8Z!x?$;_vOpMppAf}x{>Aw=sOD6asX{RG-!6F7Ox
zeyKN(&g-95p=+;|O|bTdrw6=}kz3bR4^ycoFX!%R9)TYLDE3rSgEgY&PA8E7@PFNw
zEYa`}vDy;dMUbRwgJiIjU>PCByk9pDL(|$OL$O6)Px?IcV^LrM8Pb}f(Zut;HIaPf
zU`@)dYOS(x+0|y%?!WdXvOyc9?fCg8-L|`vy-D%bft9_?S~IX3go7;RGP)&>4Qs9y
z22p7y7D|V;N|RWZz`7~qQ<~smo!lUCh)p)6!spB^s@Td$IEnaPQi-|SJ^z#!NLzr2
zU!5|ZD9&ZW>eq{E(_D-Y{`I$kbS6tjd_4E?1oSSu%;Ln|0e31wihE!oZQ}SNOHl`0
zh@EEUHkzL@3O_bNOWi4zHdHVkz06e@azr2-EkDl9{NrA-4Bl)|z+N>=w=r&@alap@
z{ARxduw@^<+V8JX3PoCqiAldQ<P*(K(=heT1-Y44EnGy0F*uj&mYea=H0lk_l<sz)
ze4M@R!a$qO;6WZhjV}J#*?`6tu~HUVE%rdz^H>HA{L6=OsH^n<v^%X4Ee-xzpzKsx
z!u;p=ES){}j&4O0oOVG-53+WNh$o8V${p8fZ4`T|9DLfihh}2okco;t;99Ys0i;0_
zy^v(B^;<-(U7*g2$P#9odJX;mRG3j-blG+&4o%Xy0n{V>OdPQPY_Juv`}oO{I%|_^
z4)9~7UXGdOi>8U`d&?}1Rfll^|9nx03jUme_^m~EQ(2zBNlz4KzpBh49<lm2n!p&^
zRO0=>R@np9*TE{&#by52o`NU(Kl&b5u;0&N@43#REp0)aZkEQRDhyY3qvQNN3Kbk1
zI(cGgCd+?TR#2DuyGr$!n(}H+L1ET=@d$`#!o9-WxnDBNicmegeW+Hu6Hjgysn^gt
z$d50ycxA+oQ4p>Jp7eh!)3`e!@!B?$FNP6se)JVR^2LU>H)F;+8})Ge)WaK;LFn($
zRuoo?rGQv<+K?Ld^QM0VaW*Y&F#o$6ia1cK!Y-Yno0v!ez8OWhKQB0HiC#tUSDF?T
zxd9E*ppkt2eUipLnIEcSgaY%WeSdl*WgM|4E|wkE%3#cCZT9qU%`~}XzvF{HnX#$U
zYqO*{)@+f%AqXT1)Ge(x4W2Er?W;E4f;ypCg;{P8r4+SUb}Vm~Rc=n7W{{rZdE5Tl
zL9pwm1O|wnpPZV?e@xZ9#8XiFkfxc@L#FDx+w3aDs`Y1aW8y4un`-{hP<R#0cX`OF
z7Gg)_JgQs^=lJ7kMRYaZ9pV%-^K4j0Zsb>gTbu%OvHxO{9ngWHsudkaCk9l-AwVGi
z`%qA2|Ni%s*~X6O)pajcKe@2kL_?<@-Wo-t?9&Gc3;eSvnRv#dHYPy#L_Ma2gzo#E
ze{@N>61&Yl|7r_qKmfR^n=&X%e@c?#(?p5uftS<px8gm0Cua~pbi;-$ckK`yje+5L
za#w*ipvd+KymPoS7CP~F0?5@2i20Q0l{g4o*?gg>m~h-QK8&X%V9MPrlPO}{bBw=B
z^N~ckeLhIqcI<@fe2E)n!k4rUGdI)*BH#*?w_Eg#T|6%XpvSwr#FU#)s9~~O3&l*1
zDB72l-b6K+k!UqdE*g5h#2ylE+{R<yJBcPal+czGyNY$==;mZi6~}{lw~`G>ZFO^*
z?{PG>r4J<%Ha~RXmtR!x>sIsf-!M!ENwABZ43V1du^c2#)_X>ZyUe!6>a{+PM%PVr
zM{ye5vH6X_v{HH)D!nd|W$Yrija_3)9u2E>1nOR|!Qn_$$|AV(!51WE9l;?Zjp<@+
z;6do33}zUl?(FZ8UZt*(Qe?)Mt#z(^k&Nq;vrd3#TqP*T(FJFQwBmAS9AjbHQQL4-
z#up2PuOh>nKb|io8qX5nQ#7GBN;_IIH1Sk=?Ws-FPq`Qz2z_<vO{0bSK5s-=-~Vd=
z+ru_a&<=J9-taU24A)Vd&8X?wHr3fhAQz3g31Gg_NM^3e2=H;y6KE-H1c~`j`RW}Z
zq6s@x_3d`2^uBs0M&8q;K1rSLN@^hCIwF>A<erkBo$sjs+v@-3UvMbOyM1k)+Ma)z
zR}*oNtR=u$@UzV1*4g8KN@LUSMNNPO(W2r}p;_IP<74)8L={sP<hWj=(bwUG4~}*k
zJYqun6u_-mQT$I_`2w!c%(p0uVY?_~W23C^(KlMk*<P3+Qw?-Dr+uQGh2E!7EiQE7
z_Ib*H@jHI;cN8fyt?&}DgLTqWS5J=c*<^Umn^#=Ie~Ml>Rj%4wTY#TPrvNVR4(yAX
z^to#5_95TW#4DAF9h!l@pHyAk+He?9UvSkJy6E|K_l|ogb4x!sjaW?BEr{RL(SRND
zB{-Z%F9c|Z4tDxDA7T3LUvUnaJ))c@1wRDplr+6L-JS-s<K7X4DT7S#$WCo!rbcFV
zG)_n+rfj+)qjZ@6M1&>`iqm}EPFfE|@<hx*)6fJlJ_=L6VlQ?~G8nArcEHaw=1Skp
z@DknSXVGT%ceJds{J-WUJ_I?##rRB+apE~8Y)F=sBMqnS5|{9VT@U~Jbkig8C>U8r
zjT|Yvl0SzK)hCh(Y}c_Mv&isj>0%p#!vRwEYY{M4T#7<*q%%1Ad|mDl;X`v@b6FJ}
zG6A4Ota~LY+`JRv;!(9AnTVH>HxmYX_5y3elm8=Xn^)8#4-P&_`!cV#`=dUbYi`=n
zjElyK4({-mh2oiZQjFeP4o=TLSK63luX<PCu-E$p|E%!A$NK`~m6hOpMYwG?8Js{H
zqak2hD;fn&&&=oxAxb@sUe6Ux2>syhFA>|?cnbm>3#h$dn6yg=^6X8EgWsn7h<T6K
zz2tteWL^S^e!{_W-W2+a9q4h11Mg5T1wT0Vhug{_p32WgeA57*$84_uDg&UwXUiL)
z_D=*6IEHp@2kfJnI9Ton+RR6Gw|;l2TDqyy9Vj-*lLd^3cfOP_K$0HQp9Z9YZP_2l
zffflQo}w|zH!v0ioQNidQJrNJ$p-l87*$Atd6%JTqz2bM`Nv*g=op61Qdp@xOp93P
zj&E$&*e)PNn^<JKN||o)&z<cM66|?jP?G|>8sjP%6>SllOoRzT>o1v}Z`gbFfjzPK
zWDouO9+{FJs}eKQ_J{Iu;Ewh~a5*AAAyi_8%}RfHmuad)r9JQu<mNwz9^tAMEji-T
zX()@FitojPvQl&-gity%&hmTKljbTyse6Uib>0sK(0ySdA?qH$@(ok)GA?toA*WYU
zPb*__W5DkVjtVe{`AmrgpWk_xcY}+fW=A7G2wK~X4#1T|E$xiDddcLz)07m9;Y(`t
zE{PxxC&ES(TYLwTk6yDf!GW-JfO0?tazreUigVe=XM5FVU_q3BzW=5R@3J2_^<|n-
zJE2mL?k2znHpbiUe3w4{xOHaGI}Rf-q?|OzJ6pev3(0I=&ymWlxC1necAw*q9$nnp
z8XiO$Q_(w$8m*JvcQ#Q*(02S?s{FAhmpWi9Ks^bqsvL&7o%ZlHZ*PJv{I{&}6`zQc
z5dIPo&@}@vgQT7<?mo9dYuEEY(A8>L-fSBI0!rmbAAm6TiN-sYA`{Tcys}V%ZMT&5
zdZQLOa$?%fBc(N6G3qM9e%?Ci|C>W^ejeX0fh6VKR`8$O`gTm{ijCcv2K#O>W;Njd
z^~f2Mo)OX^QNX=k5Ds2U|GNg>TNcEqomD;%2JAzzl10c4XtTM1K%25jqvzQItVjGa
z0PT^Cnu;oG4}J7e%6Q)24DvZsAJ=u}ZI&>~dn95a;|ODSynaW7SaF*bgIDVatReb+
zY#n&wrSypoI=xO;pKe;7lH-1&wm@mt%nR96&e>4$EdU(4P`&s_t*kG8(ya$>-52Yr
zQDQCNvjORkusdsLJY`#6i@(^B$pxdMmO|Q;A@4`YI}z$G&maeMQQ>k)o0#qM3zjgt
z)NnS7)%DdeTCiZYP4{fwF_#qZkP(@7sT53|o~o-+R=%=iIi~6Xb#A&Fq#fOH2NR$b
zl?;gMC`<AtklW*|7<zRbHRSTx6GIfJ^Hdlh>NbL)CR$LZJ%ZG9Aq3K!S(N?qMvFLY
zBy7&XKnU!i-pF@&u@zLEQG)5LHVI|vp&Ckn<<OGs!9(^<C|+oYYJsL9ipKok01)~d
z{FSoYU(!6L6uK0TeO&#doy4?s!fk&hhkXgS716<MIP`{E9Vk$ZQ|A9)#R+(<y+06l
zK^|6T{0454Obj3o&<@u6-L$Wpm(|Dar>%b_?^r}`iIA)uJitHim!j&9@NgrO1O!-{
zlRTM6+#SVFUcWop0SzrDx#0SmB+9YE*Uq4$r1e{XO`2BacbZ)tmWc>*aF4g;uCB*N
zeTMeTvSGm{{;yE3)F}^J*!m)U%H-JjIqf~1WrezQq{d41j5lFKg@^p;s^@iy+^)Y*
zR_Ba8Z$^`}3d^$fAw1&`TD3bouXbdvw&*K*0)9XWhagp$%Q38^!rQS)&SFX?mabOC
z`=v<B8<ZdW3vj9gw}2S=5ltXgxm)pPeYF&~cM((1^St~>A|5QpP}LeU=)l~jKJ8E6
z?)thC_~`V86W*&>w9cE-20m(ui(|rH^MDL(owV*5dKnB2G7>r%MI`I_%&+a*t!w;C
z$s@(vj=FffB^=g$88=+@2R%953!U6>+(-aS;-Lqq5YY+4BjFfv<cc@0L{TXmiB>k|
zuD@r?WpQLR<M92B?QE^wuhZxoBiWXK)*38)PC^)ozs+s3a7l^;@HkLQsGY+V7|gWE
zww!4s8H3v12{dJ}cCtSz(MBI}MZ_2&tu4s_qG_K0IMQ!w#Qfy}8V@{Tp#FTtAX>Ki
zT2kUqgi`I?OxnF^1N7|+V6S7eBG#L`$S9{>_QsVt{{sB&IAX^*Ne7A~wr~Y28o?Ul
zbXJrSh79S4ZPJ7;q+eRKJHp%}ZQj;fwuPv<p0CMD6es5+IUbANfr6)&*myYG`ur-i
zsHK^NuUt+N`+QlJAbmPKHB%G*V-(|k49LqUM*SZUZrHb$+*1|RgC%wItxiX+RF!_N
zngaYktrZ}%?1}R!O|yltsoNSQw0me{FBNW5-j7C#XgARwG9ZP!U&sJj`Lrzh(ran^
zSI2o0B&1-DcJvJQ;77N@L7f-bv~kdq%CH^V->6L%esXP>n)A7sHc#A@VWj}gT`*KA
zxVo~(XyL%WVm&iC$zqCviLw!}{SiFt-{M1dcW(Oy?NfrfH7P(7_(w)!9RY3N`8*+`
zdAl<bCcw{prkk7MyXHy3PF7xvPLkX)v<4b{@DW*-#<V<gAt}Hih#5U#V>ZLz1#$#_
zbRz1iJ4ofK@xRT1b1RnT=4iC(qU`I>sZTk)+*Eomsz6`wFZG)jYF#Jguti4(u9N~Y
z@PeK8_XJ&GD6w!$c1{r?X$L;TV>`};3KVX_Y5KanDGGvi^=Pieru$R1@BMAjJuM&x
z0&4|899jdYCdGY0N;aftGXZ>~F~;GfXWrloqnDRaqw%GsLlbq74*-w=8WQ2Pqio;U
z^D}DZU=Dy3Sp=615kc%3u>x;i_?9x4A@29kB0hFKcPntpInora(hioO0yIbnpo(|)
zFEy7%NMonlxDmemX6`O_Zlu(g^v-m5bF=$vKGP5H-8gt0L|?R1aY1!8f9gxT#Bu-s
z{jUItMt5pB{H}O}`|FSHKG($b$Yp68U5SA+EQLH7UX`?GGkD%XLx8k<{x|g_H7jGM
zS=Oe=72`PFK=By@iMeZ)^u_gAMQqq_pKj$ybUP|#Cp>f<Gr3>yI)jLfVFrGn91v5#
zE2c{0@1R&;2f~NE%d@ZwT=TzqIS!A>0}LA@c_K#=#=jQ?dh&*N+<ppI>ybPj&fnT@
z1uYi=BTCc-O7xh?h7AC@4bb>__O4sAiWA})>UFK+5sbibPLpsLad}F|SWdt+1@Iwi
zghFwb8vB&UQiK;{*Id+YTS?ldOiGb(k9AVe-NKy@e40Zkt{0n5m~V&Y&+&9HJgGLb
zC$8DX`?<J76;BqJFvj|<*@miBy2}&j`Yf{c`jE1`5>Nm9-u^ay{9(2VV1VW!3O_;a
z-k%`5gLNG%X0}yZ7XTH#vz6!t!unL|uT~KYKl@m$U#^$CoeO0YL<Nzlx^sKo3ltPh
zeCigidTWVmx8cs{Fs4AoQTXsd)rf8LW4iTY=1GKCnY(zy*vQ;>8n>O+sZhYtv6W91
zSQYc3LWKzxz=XuzWE9yG@&?J;ZA07sIi7Ao@-2!ezK&g(*dl05$0MWi{;^vQ-pkf|
zGmMT*R;TMTH)~Re-v-?<8$l@qwrEEc8|-C2SYEdsoTO$y-QZ!Vz56IK1jV+2B+nR3
z_pc5BRKb@-M+p)%g6lyViH&?*>%)Q9yph6&u6Z;E0$Lji$f|_ok~kyN+a6+C?K~s$
z+>1s}nd2n)*QOECcxM9e?UNC$;)})aZzN9pdwg*XAorm*(Bi1u-`P2|0HJcMGwx7k
zYZcf>XIS1Y1b3EN?!yrhP!0a4EtA@i5u`E63Q|u!XO#L~Geo8b$$H92*c=EfSoON5
zqcKKJJ5H~8b@GpJY7zm;5w!YQNa1E!xR}Eq^Se&dM1$<~aBOO5cBBLazWQ@w?jT&~
zS)Fg+zks@~7<o)4p|<lU)OG{~5vppb<;P0^N{~5)I}+B|NwYRDvEy-_Y%34#dKHjI
zzsxvngDQXS4Ug9I$SSMJcYQC#%8BDS34@NsxI3ET9+YJDMzGHXd7~p0O@i7$hyB%c
z`3@c+l*S90NvK*OE5%WhvrZzNI&5iFpx}N<Jm%m2_jYJ_zc^ozwCdah{AAq9`8guV
zL^&vq?|=RzBCW6gxNgl8wnoxS`$FEkt<_=M(knY)m6ZzUzcE|8A_XYNa>W#m#eWQN
z1TcK1t$jv-gkUNv)Hgi-Bcw{jwL3s6(ohYgg@t9a4@<`NoY5*J9khs>1bzO;<;UsU
zV>1KQ<)oaL$@Ma3CQ6unt`6R!Ga<o({ucBL`9xQ$V38e*--Jw%eqy&!Q)xn>g83s+
zNwJow^l4?y&qNe(fOHPTF|jPGI*M(bD_Lwu-rGEp&67Xw&b+^l-+m<l_A{z&&2kAH
zw;6gD`97;e2au}_8tBF;W{e~D$ju8z%9W)mLTTU6#7sT8PBdO_zG@y~rzkf%LFB|5
znt%E>T$oFKg`a2v*eIW_aGz)9hJ#~PgHXhBzkTO%{QjEzRUz7qKu?E#7nNFCSGcy6
zq_lTd!~*RXLUb9o-AW$Fx}=-xP4@&_Q18dRMMB7(m?Lcs+HfRZ!Y_1uc8e6c!1WrP
z{JNP~ChsQBpxA2FBtfcVi6b1=EW}|LiO2T6575*@f_tdFXIRsu*7>RebUM9p^ReYW
zpb$~U1q(lGDF^#0X@wOAMbpwfaE$!a_c6;VSR-&AsXHOrBBw@hhVs{3>yp2RErBXJ
zKfrbG{Dv`b88h+qc|`sRGoKL4AkSEXIK+~AQNJqz1O;E3k@8-*To~{FRXMTLm*qPn
zp$YNi8V%#}DcPBX7E1`7zcDWcQKa+EuWG7S(uk|cxj`aWmf&)!K|9!z)l}$0L$c~M
zu!Y~(P$2ZMjK3}6-G!%3y`7gm4j!0Z?Tvn2IsjQL*8CYvQSPzOVtQs7#EO`Dg|MLk
z4)AQ*lCOiW%czHCPbSqD?bxPf5tx|m2|_Yc%l%`(o8Cw?P`~!ZI`c&$&9!ju)An4P
zu<)W%5j;oLVTd}!IkDIUqn^lfz5*4N;T#cf4|q!_=xK4h7%(!s4pG|Ef!5x?q8mjw
zDlbTdVQe7%>EBYQiT+xK>gIUS%p19}U#Xk!?bS7J9@Sm>?6Y=t$@aC<5eMs?!+07&
zrbmJH0p;nbE#1-56YYC24s`dZZD`uIMGzENoxl2R8lIvZl}kJ2b^fa&Bdto4Y{9uU
zSrHHCMVgHO{lLIALPbnFNSpRpBE^dqELQ^xVcrIq`Hok{!|Hws0H6G*_=Qi<OJ_vA
zol1LH6h&5)3U=C!j*V|_jd~1>5iZMY9yRM{q~L9spM9ed`4C`ACan!65&Oly^!er2
zN<kz8k@YR9ps{t4E_G@~5I1k%3}3atwME#>6e{V&GlE{{P=Syb%etb3a9U%CtcR(R
zj-etgUT~XS3Pxlj2+9Rie)nF{y4L855dDwGrSXC-s4UB`8~e)yp$^g-2(erT#dy;9
z@_zO>>!&wrjvk!D-nSdH+thB`;fK^8iVPT;$V7qr9@+MXrW+q6Q1C)0=ZTpUhU;lJ
zAS)&lXpCG4?HGpXZi+=<8*2bo?xNjYFceFxj%u9m-%WNBznm*CPE5zg{V|;AeceP=
zV3mF5?C4G$aFwmM^Mx5jUSPX7OQiAH{u;u&W>lIS$r-T;)roKVWZ>&nJGqu@^Em{M
zwqpLVx{tk$-t(=xnn=<g2lE~Ac3n(e&J@cH*?^7oSmT()0pNr6pRjQ@Fp5;jYN^9W
z!b|g-G82r*&S&ehDapl(LIwp%?K!c8Wd)TnsEOMk0d+EySD^VBYY(a1vRX-R3V{I+
z&vR`DAB&=^u|aCEJ}v_WXK^&>1p)tcm^5yESm=#-e%!p@Qh%ma*`B%eyOv(?lViSw
zxZztc+K?ZuD0)5^(FxOHl58II6-;7&9p^06>W*Vl0-2UGS=7U`0a|6O6{guxBy{P>
z{ez4OK=4*K2oM;HEEV+%5wy<ou2qGbA(9m_9s}F8#$yQjYn-$*G;O}wykWps$8vtk
ziQ7RkUH4m7%Nk7$vLJO7j8sNcio=QcK~=Dhcgg!_w77;0R#8{&6^PNO$g9g@Who+<
zyWT$(ogwkFkn4rPPXfQT<!4i`Q4dD|#!#{9c?aX9ZEFuGGPBVT(iY<Lr|S{J1WUv#
z*a#f$m^YWI7MotwC@>m5?%*9DfV19>TAf~`ZCOHo7<Pm(BN**(w2joP@R8G}O!_Jq
zv0~aFa~oaFxF~02yPz{`7s)gm^~^-B^Vq5%$r)e9xOOZlr&l@e@`s5WyB0&BJAa4n
zyNb0Dq;OW7PP~O4i~`1liZOnPh{2p8OV?AaK5-^?nOTUyv16TPos|kYVeB5*Ml-xe
zr0|D_YB3@mA*CA;31hZp*V7yeuJZp&zfFkQa}k9Rdb)FDKuJkr&sl*0AsmO{I^e^>
z#sa>fb56^ZQDVT|v@mE@+;TgSP7@r7kc%_i1+%(S{WBzfR%e0K&@9#fKj1-j-?`47
z(*Xn+4n|8m8LLYCT<w|J3pe6q7+cLduBWNvWB|xOH^2M|bZ*yaoSBeXo=v}m1$zdp
z*tE@&?hz%JLji2Tt2QU+91ov%_V_wLuU&lD@*er_wv`!H5*N2<9Zv@%JojLRZdv>H
z@x_DS+O=w(1r9yWNecyiMd8@Zgsc=X)3ONRi;E}eZoTHyUZJO+<P{G5y_wcVfYn$}
z<q(hezI%#=<qg#CaYna&h#8VtqKv6B`5CfVu^nA8$j*6%3Gl&IwpH&ysojJu5Fc<I
zCok#AqWFffR1L1VMrloN#8qMDD2HW;BJ|Gdv!1;RsE;`^RLM0&Lw^N2bnL#LG;`7p
z0nzGrDtFz3cSs?xBo{(h@#Drztg5Q@e{fgz3Jq+`Sl(lutMLEZetj*wVL$x0Lvc(m
zU%ooP_}a*NIt@#vJ8V684hw2NcQC3Q%dLt_B+TU6NX&IPRCz)5%L@oKW@c_Z4R1R&
z8?p~m$Y0od%}e#X$jw8OC4YD_H%!mU*ShQj!DW-eqB<box9kDoJ9M6uTIKPjsNCOZ
z7HuVh%^8CQS%Ko$!R7O?XA~&JWEnbi#^<ETlrA%;d2?4PatIHvh~Do{%)2!-i7d-m
zj?^)w03=4{18(quu3K1udhh0W3BE&VU4}kG4!IH@!pAb+b{UJQ*g1`n9xifU4ePAr
zk$gJS5bUYs^ELgmgR}$_L))YU)C@1v7(|yUhXldNcJd6JI%9xvHBv1Tn_9<G2Jt@-
zv()L3H{np-EkBF4bvkt)wg8ru3e^j4V{8y0KB~h>)0+=b!Ll_z1&b+S!_Cq?X^b7*
zDGz0q0_fve3`frNE)hq%NQ%VWh8`6`*^GN0pwkDTyuH9`$L)5&^$#)EYSh{fdECs#
z5sM;RukRi_in5}rrPDq<Cl2f?W=vKcnNSVq=uoS6VFNWY6QjlplM)=V=ib?kc?5lW
z(*tb54T^-*`ZCU`SXd&nSo;p_(559qP2$+8n%u=6ryyXe0Y?MWso5MjRYgG;$F8NV
z$jZaG<6d28di;xYnj(~J%Ezo5-K^mo|FRjn`=N*JxHKCrL3J^NVvw%FLDa@d_6+IX
zU7eWd`ZaQ8f%QC{TR={SdwQYmTR^6WhI|3Si*Dw}X-p$B+hWqnnB226kR+OL(bX#q
zK(5%POiQX6H5-f_mpvv-nrQ+b#_1<cY(MsLY}vCW0y`4xtX`Te?zr2%SJU{RAkpj0
zn;gf4@0^NJIZNz0AbFRt?xdX+rX__xd>t{Wlq!D#?=uNQ(9ctpK9i?6eY=+Jgi}<s
z2ag9~hjtYZ?q|<xvycQH1A3Ev<?q}EZhv}?3--W2VedD&#l!~8;H2k}A7)eoR%}Mg
zs0l_RrQLKkK>`Ep2n<uZR;^HpA_e;6sNP=tr|$x2ELbk3NUj@;WjyU}h<2%+eRRVJ
z&^*13ovBUEf`eqz8m#scO9Z)kbmwq|*>p|M3$s%6qQ|pJA>S3n6L(BIEweE7EW#{9
zvZgSnm)=|RXE+(oY_$HU`qJsJ`RW4lrZ1dt??~y?L#eUw`O~IFNUe}N#dPOBp+bfG
zIXM6{7x4#m*V7xAhjZk<Jb)9@?Cph<MAKc;&6{8Oqg@73DNwct@^ooyA0?(e`?VP5
zWyDmiGOBQRz@g~&j_X#Z2ab-2ssvcvNh>kLIfuN>sNwHZgVoL60{p9FZlbhiGnNMg
zbxco)CB379lwW#L4$+5wpxLmtG-o&%n1urnBuvc)Z>bb0Ps15dzi6UVMvy{Q2oNwu
z<FI7A99$6Gq*JMqY1)XknSiY_@8BdF-i@}IAwEqyT0=B^@u~1xL=;ul&C3ap9Gxep
zLwUOY?}gXUP|a&@-f@W&+tQl(Tbo%|>{4#eT3V?M8r3)7<j}vi{iExCz4wVSRmoex
z-jvj{K%qp@(4^hV@tV{*5N#UszV$-fKa6*LE_83qy*fBiwJl_==}viZ)&AlA?(8b9
zOIa(cZzyDutdkN#`5x12T!qPu;+pI#uFl*9t(gN21IaO-JbT4gXLxSDNxMDYik(m4
zO2bY2{2&Ksw{L%F{24YH2V3>AcGLK#L?xl0_;zrydbaXC=V-T&9|&9S{{*G6Nxkmu
z5Eg|KM?#6Cp-0W6`8&x8AZ1Q~j7x7n0wCOUQ&p^)^Fu)bLAXC?PQSZgP|ao)Y10B3
z{qSivcj}-sh9Us||Hf=T|In!a;HdxLsQE;H`0tx1+O4D@0000000002Djsv{-SOZ7
z{2;UpE~=^Xf8#eMT<KfCyUr9rUuOF*61h5|NM1g#>^%dU{n)qYof#R=9t7U7@>iK>
zP@2Tg*HQd?@vCT9bzNm0u&0&FBCeK<FC0DF%)33?H$h=r!BZGch;`Qe)O3@g&OoMU
zRur;$^UIs)l?K085I4b=_NzWp%QNK7I%8Sz#)a`TP3>_3DAE+5At}D(t<^K<2L^lN
zi&Ji^I@kOF87~b9DZGVah1e!?v-!I=04`C#I`YUB`^-#4fy@OzRT#e&`lbs-bE>Yj
zTmtUQz!*Aty$fRgZ+<I`&obkUVH{+O9uDAg1QO?Dd-u=V_kn?FFO1srD%%N)U`D^6
zLY(2dc3xiWIgrdKV>|mx@f(qRbS%BYW-=w&a#vTj$hi+@zcZs(|FGUOHE$d8Ov;9F
z(Z3uNC$MuOW{8S~$3Vufnn?dxFpEp(B@N7GNfSG)hg2O8bV5+>K(o|8sCctnPSU?S
zNa5;M>{0*#001KiQi3llEJBV%Y%~A~+$weBwBD^vZq1UMJT{Nl?$tG`HLJFu=OgM8
z@r-?ihgIDi1EenKwIGE|x%3DP3H#8^{0Uzxc^jFVQl17+VB;tgkNht*k)lI)3z34w
zeDTBK=Aly%Bri^)*0v&9nE7pozp&38UHo_NydIOAc6po-<Vw!p^Np$PF-y<mw!rb8
zgWfY~PkRa>VWizu&Z6J_h9(o(Q#QEwRt&%IeCMpJGEAzA?K0UM)8zzs>Qw|lGj~y<
zP5#&grX<BoRyne(ek2wFI5WO%pX%MPpf3LeFphq!aK?!uy*wJ^cuR5ET%`7Ji}Xp#
zWMSSg+=u`G00000j~>A9rtwkgl4E37UrPK|)`+}y!j(>d4+FhMkwE(0Tr65@W;0ov
zv*7t|r)WK_)85j@%Vc*N^UAXoAvzTKrC}>Mxp-|}dEZ0Fl0nd1MZ7atU<~kdM*l$w
zQIEH9{&@&?zI2@$)eb64Efiw$5lF3!Oz<l%;{fd9S9m(nLWAarBFX^_a<k={1<}@<
zi%ez@K_P(jjTC35Fh86^{zJ*5@zY4OT^4)qH#hwuUuHe%Z^qdP`=8c;02#+ybibo+
zf=vF5t7Y8d(zTcvV8>y#fB*$83GcAXLjIse;Y-Eo6JfFAtOQbfr}6bbfB+QN4D@LE
zFn@}Rr5B%(c#>3ye~&RryVZ(PB$pbRN_@(`^ObchrX8?9zJnCyVQZ~qRK(XjIhhPO
zArE2=6!5Hcu}2aH5V+0&001t)^-c_ML7GH{mgLYl*?_pjUqYzTSsE%sqp?llK*`r2
z000002Y>Q!7h!SzJm=)&&f45pTD>PZLGv})7AIOsz=X;Ock#P6&MTd(aI}@$aVDj$
z=b0ZexNo#F)^`iY?`of^-e_zQ`1PkUBqqa95<ukM-Y@U)a@{&(TRkmis{i{*kvdJ9
zrLJ(6D6uzD)0Bf5Q^IoA^a+4J(kN9=Nc9+1eEV9R-L&O9zdQ8r(uF?~vTeMfh~LpX
z=Q4~oxDM}ObTqhJgHgwP2j4YB3o_qTYJhvQvn&d|0l0zmmaa+v?*2v~n%?p8&v;r5
z+GGmbH-^o)sKbxDKdQmp`rOhl=WH>y!_=SB5RGUwMpEeq=d#AgVcxfhlv9BK00000
z7B!+VQszT{qPl#V(QRt4qASfRmgs5`U(xfI;cZ<zI+m0LraeP};*Iy6lk{hPpj9fg
z33giI?M5O&|IItb5N5U^_A8jPI)T+vV)CqV{q4N%{7{`;2uVx2+x_f*0~v!0bFYEq
zxSQd|BO(v&-^)42Aq`7ernB&w=xf^f^j?lpoGC2HV%7H0wL!~vTQA4}03KC%M_Qxv
zVX94jxzg#xteTC>OCOq=$YVi!KR3v?3?Tpjj0}NgjsAQBgg3h#qIO%)000000xGg^
z3gj2CYhNgZqmV5svX7oD=O*M+IW-F2L@h88VG-Lx6Nt!?G#qHV61(O|2H*ey0Ppmn
zKYJ+@^YR443-3MtZa0P15#sva?@<dU-u!X^06YgPVqn^3nNrGmE0B$7je(LKIVcBy
z84O*V003u8NnF9nRN)kCIOvw{1BYdozyMkh5MQ)L1N<{@$VpE}cPMbL^(*ogp|E(C
zg8-M$=+?8!QOl*^2?hFn^rz>1b%wA7aW;oeBj63nNN3U;q1>w)ei7K)7GoLY*SmmT
z&;ELJqyuouW$})?0XUqouh3XLC&bbS)4zi_s^LlWIPjHp634<X3BqyV^X0E@t94t9
zAgOR~V$Cx4uodm22>~a->wEe{NIycNi~|RlF6*s9U^YM+nl$HETaIF{irQ}c86Z&G
zbA5P7q;3lae`$<(-^YS`=<ecM54zZ9!0r+hH@bKBT*icak!TrJpjslR)%-xxU9%D)
zLv6|UIVB@^;D3fP&0%n*A{g!_(?i6sYYVzfl#MRAUcCeW4JOdi^9y^%Amd2DTCesW
za*B9&p5woGN-FOnhxc%*PFSYMh?rstq7N5z@t_$HU!gDg8Y@1%nE{Qy#JyF!=AbCh
zUrz9)`L`DPE+aVJIMlXNGex(sUQMp#p|*;Fbfa$B07?b?to9DH+Syhuqb^qxmuk!K
zb!Yz9VEU?`pKG`VmPnthbzyF^;5^GFTgre<3A;0KH_5EdF~Wv^9SV0wCOq5`)DtO!
zCvTmpwfrD6sHnU}&0N|>LQkFdqVtZ8AkLVYU&O!SskLRW0B1t4uodIR#e0zE3F=f>
zahlH!>0k5!01~8AwB|N1o#wx5qAGwAs(q>xRJgg6ZI!yJM!s6-(CXFiSY80*&9EV^
zAM&DUm=X%`bo!?DyHk2v?@*W!MICi>I8$I90pY4<x`IriC%0b1iSAYeI<@<(@Mzif
zhFrisj69n;se=&k_3v0u+3o;_$f>W;)gtr&00000000fFvPy(?MX-*SOCkzj)66&s
z#wf}0%s0v(Wf$QXBIu27*c<o*d^>R}1VFWz8!6*4Hl_do000002XlIZEI{|EU>;qI
zPEEUGAWwUbXaE2JB=1>$uPyE-AIS824G9z}_n1v&E7Jt;`fh=arNw=$B#i2a3wJVB
z%4-rRCZbw|yvsQNo?v!Z%WbeKUt$f)xO8*#hNX`{g-s|F8cm)98H(I(@vqe3clc$9
z%k@;Z56YXpF#V5#DzEJ!rzXA}dF`JsxmAKV56!i&RI%IE-EN%7=;)H5pg06)v%B2S
zMSDmv$`h_RC>3Lhlz5K?TBoSD`g64yQYd(HMEY|4tsuuczZ`bpp^YoGN{0^VMCwaH
zI;erR!EXFUeQf_AWn`!t8tBGEmglEg8^WezS-*;^f+C2%?)&oDYjnb#LkRP7P&O6M
z%aI_)jQei&$6|#9Mk+v10is99Z`HeF>mhaYzbx%L+F(SX<+kTF$5fNl6IXP6OXBma
z>L+siXk6_5jC?+ep9d1My}XH@Hx~1el<_v}j-f@6?5{^4!l3x*+jJd(0Y1u;6ayJ(
zyzCDjs>AXT+`XrO`TM_0AV>ANU^u(?<nn^pNjn~)twI;=$#k0t0^4%O%;{u$WeP53
zkM+JQqK)Y$IWCaNglfdyh)$i4%vk?QBRSPzzBEsR@W=ate_}HoM6oZdGhW$O)*Jm%
zP+$S0j{Pk5hCfno8?4EAFhEtuTJeO7mSK5gsMg*M`_TC9zuol;OO%MzjU7^0f3q^I
z(Zpscnpjt<T6v{qJNA!ubxts+e1hqZjw%ye-m+w3=B@`7Y;jwmh$$9~g@trGUvyIi
z<C*}p<G=s_0000000Bx7r_0AOmX{3k&6C6!y4v|k!!PE-X-X!=BsYJvWQv?SBB*V$
zFv=jH00000004KrNMk@l0DkSfO1!9aCFmYW2mk;BxAbGGqlRf7ca3(<he@9Vq&$`w
z#V8|f(!0UdYQ1JUm^~TCS98+mRiyVVWkMR9@3CB!I=+4Z*Yl*sAv?+hz;vzE9MN;)
z<q*O&YzDCXh3_^yq4CfH-k0OqW2hT{fcCdg?Rj}B%)Bb|og=}}zg>V!Sb%7QFMbn&
zJ_mUi9eoH|OCSr7;X`L-4k){N>}f-Sn*9Mk{NuE1h;;yXgZGKhJuN*{YNj>n<|);F
zIp%gip^>`PRK0_BQ}wHee?s77-L?JjZ;!Qz4kr2hY**sKFJH}(Uka6){}+jE>t8L~
zoO&`gmF?5ItdE%OuU}ZR?lH&vI(<VzuF?R4IF@|z|Jygm4m=zv(dq@CIQD9g4(+W9
zlOTF3r5IS13IFlbb9#L&S^XOc^)JvvM`(t&I6imv-#L)Xi3<s=Q+~a`vmaJc;F+{&
zecWglm=0Lg_TbGvwd$xHd)i7Fs2$baCTX5=;=i{5E}NzcyF<oyidJJQ>PB?R%1(H4
z0su5a%d9s{)t*%heoIx0?Pm_S2oLmj-er}~Tsk|Ny!d%AJsQPfAXw-%()LU5=da-E
z)&yy?K8%!^@P5?AWA6^J3#As28N2O3p7XGb9yWng059O#b3~9LvQdf8uM;O0_moUL
zwpHG_u)KDH!5g!2It0IK#gROe)h+Ujou~@#7_p78=-r}6003!|r~m)}000!qvH+hz
zAFtKHX$WL4-*Vt9$fy#~&ymf*joI>788HVqJV`b!;#90`<vGKA<-Py_0002(Dqvr+
z*oW$(CL?8<q~_jh`P+dcu?58d05wptl-5Uk7@SEGhz@@q5hf#N%Eg7Hsg-9l&~Crr
znGU-9lAFzKWwF=#y^tQL>UPxdA|~*J+OSHK2vSn<29@0Z&K8*ikt#|oJ-Xeb@C8pU
zpOT@E3_ZhvqC*xm0CD-YiltyWz!)Q^`uJqpDvK}(veC3)=#G=;<BVi2%*>S=mY^hA
zGthsCIs*J}41D?M1WC8qwgU7dT8L8Y-Ym4@S6#3)*6s-l5mT0wb*8Ql^0hOT#zIby
z4sP7g*_u`Mp^`@vtd3P|HLu7u;Zp1&UWj7)x*hc|9ni5m&0Q5V1EE_M3pq!Vt!`cQ
zV1s5b#I|;QFH1}!=&PcY`$ixQTj|$+U_WCSZRH2HKzdn>$@BG_NEMT{u94Lvggf8g
zono>^{eZ!`vG3W9#@fp~>Ze~#b!X#g?{>m2Y}&bIhKT!-2-_W+?v``gW-Y^+Frcu!
z#?-P#o34VWJgU~{TV_4&Aj-`SCNbzbRV9*-D&Q0{XiU0|Als@$y?W|4t-Y77%`+Wp
z%l$a$suFZ^jw=^{nP>|6No@%ndeyT}@xw8|&R}Ih-`2)$-%K-%qq=);I-rN$@myMU
zus30w2``;8hbF(6w={$*`H1SuCSRgUM`{f+yn2T!UT=N4TTp*iaDK26=HB+0OjUXo
z*kKAq60X*J5)1KCiQ0o+cz|1@JhG^xWcI&*aqJ;A;*@Q_Vce2Zp~G+zZtBbM7<K`#
zQI1QlCsh-SsFN^ER)NT8M5`r^?W?-~oR}Xw9dZc>4UNWHENZGwjQ8Zh)iuJk2?xc(
zeo1ubfGVEguK!>6?s(iZpP*wmJE<`$6x<zP1_-tBouzQ%&RHGN)8=#Z`WVzQxg^R8
zEcGYhQbSQ&j^vPRC@ZE|1|$qD^ruAkFMXAiuGmQ~zrQqIL+A^haD0w9g2(RKz4s<y
zu5>Kjq0l__w4OvW#@xf}4<hI@s-V!{G(`D;XDU*b9hA=pa*#FuGX%(OT5dJOB=G~3
zKS2Be<hxCR#YEij3^^X~`5kzH|Ez^YnAwocN`xx5S3vUi<nGK!(XeBJ%s8S*!%|dy
zsgnS6_5jjpJ0+8T)FrrQc-{sfAuQWYCb69P)zC-=>KzfTmK{5xTw0$Lul01A*~)g6
z&)|}(u9Y@5xiPhs0+=!Z%E;nFYNjpO*vZZBhdBTYypJs@MC__6cA{K0+3L4UZ#(W<
zq#wut000000000000F^)`3YhX(7=u{q*Bmyut`Lo{&=0|!&1B;r*u#}o(&w0M@%;L
zMFj6P<}RF2CP^+`k)9(stv*o663zir;JK8|jY`}$tRvKEY$D~)J)b9mNk{0)4C$;&
zDynyaUgQQ@E#je|g1|GfenwgC_$K3CYudeavQl-o(=&1a%=r1_guf2!qR9uY{XoMM
zHsn}%=ae#XUbW-0?pa{cnY5k-JU*aR^JCwqUj8iF(T{cOD($fhsJBGfyTP!RkXI;$
zGIxmtaCbX4tc75&SxVy~^??ojT>pj|WJy*^AD{Kk%9N)0;OzK(1pQ=WA{`2n!<TA1
zciSAvA^^p-`X37ml?ayLT?LV=(2nrxzfbZp5`bJttBR+dFQL-;`2KP2S^22>p?*nE
zdmV~IoihubT_5l55lK3M&%D9}%@Th>5*H@((a>-F--l6m&Psp)0z|KhwlJr9N1VI2
zcmlqiDvy+fdp>jxMzur(IKft_Z%8ZNeQuuTfH@$Z8gHT#7s1(vQ-KM6xPJqL<B>1s
zDjKTX>E}yl!-=_Mgc6N6yGW|NogqGxuq>*jgF?9~c;Z!D>fOV&LfT*ESf+@w-bW(9
z9jWDnzSJKSa}dnXxTEh+&z&%#3AYSQgMvT>fID{H2&?W*RZtLtjAR;wjK|V|gRS!t
zTnfEc#cSMy6-kOiv@Gr4_*R$m1q~1(z==%hK*qP(`INwZ#9#Y>f~tLlu1J%<Oh`-r
zJ3<+B*aRw`BVj{6G=TZ)jK-P8D5c2~OElaj2EbEK>rp8w*%)@APMM7UxcmLJ;&9tV
ztlw0Y)gHEp3vt?Q@r`Kh{h*=&63RT9j!Gi-2_}$rNs_<JSnRKghBVIghzXR2RyJzT
z)B@~A7G#JvED$G`jkC!#`@)DF*YDq#cL;^dKmd4BEo{Xl_{3ucXJQYWuWQJC00JM1
z&nO})aB{FhO)tTI&d9CPXd{A!aEleoa1xcI%^>fi(bC3xbU&}cp?&}}iI4yQsmK5Y
zk4`Ims1&nws1-Q!n+)VmJ5uTuu!{@wH5uOr65S?BU*l@g%M^Qe<$l!Wq5iX-F)bvR
z7rib94yrj9obM%72iB(=w;S$8TdI?)wn$9HDr+x$i1C=LCllg93zGGe0Dqa2;cv?p
zc#h1O;Wj;ApuRy-6TRm*l4Dc${1l2#h=RSAqq4ctm3P4mX$ms+WxWzcO@&<^-1f7}
zG;){n-2?N?kYt)E-4cO(w`>p_j#%T^h2SVm`UKP<XZceJUQO2$X|Tp}%>m}&N79oP
zSDIw=Vsm5_(_3Q}?afzz8Z{sMzk$o0`$WG~J~3vD-bosgXj)56fopEh|0G(~QANhv
zv<l-=d<U$oryQmYtdR)cn5<(3Dthj6F>ZUmZ2dHl%vlwM-mVz)QJ)*~CBCky1HFP@
z(i{D^jS-kqwi1^FHl|X^3#5raMvuMV+qqNypmgvE)x*p%$Nq@N!Vax|iDztOKS(1F
z`;@@^p3fT>ZSuR+I}x-#W}w3YnGZl`Jhr8&n@viZ5)c)0vr;ABD%*N~K`VvzKmR+*
zJRj_mB%dogPSOYPy?QsWXXHt40|IiBtZ<NES1ouWn-@&ObROpydSN-H;6#ku(67o4
zdeYavIK|E?x-|_oMzq+f{^W$;6TKwEYR7|%eVlB1bl)f<5Og{(%wex(BGF#BLwuJ%
z-Ydb?R_l}yM|aHt9hU`1X&dy32cvrnej;fjE;FeEw-UG_kR6Cf5}}zefr-!M5C<hv
zWsrZaEoH_)#`2`X@{3K9%}V2a56>MT+?`dFeSB0PGYYVg15P8NqExE`d*D<cR|=+h
z?#{VJ)Xa10rr4P0t@y*>#><j3>lv4Do|Dd%H^D-yGt~&6`jue){{^L4UP%*Zb^agu
zY2U8G>v>J=@>y<T=k;+}eMEO;*YH}D%%?=Ad?h_Es@~T5r%mrlW5wrLSFL|x7DLx)
zsUdD*;Nr+}CigZA`joLS5jRLvD{8#}Im+GAEFSdzU9;JCdE`rCIg=RG&Sdz5hl^$#
z>_VUD%66NMibRdT0P0@Z__<R3N&{4*VTDkyMMSzH#Xtp>f`z+qyvKe2H-$(gf{vgX
z-{1fM000006+Ejf#ef+A#AX4em~njFmQ}Hz2~j84QnTU0gh{%!KZ&CLn4l(H9}GI3
z7!^-cB)HK%-r8wpGi8F{bwR;&WIG1<rlz)V5KO4ML}B-!P?#1Ie1~TjA(Y#<6M7e0
z)7#V9{a4ODJ7VG}+h%7}TA`%lyfa8Icq=h>iyHI5?Y0beI4=p-2q(K%rFEJMjX6aA
z5#3M{L5zUEe^SdpqN=DlSAqsl+V7=9Zg@Ynui)^*wxO}3QaW5Db3P1|bYSEg7CDD7
z5mPxaiBDg0riBlkS~I4Ff-rTyOQmybBSQ7LpjMcujBBbhcdst1H8-Hwz3|%<jwb3=
zEW^<b`9ia!d=CZQ7iF1Sraqu;NZ3!ZU<dP3XA>goEN~Qn>H|<#!S@X|m|nAW=9gS}
zpX&i&r1tI1CPfj4mY{Sg<p8wV#W}2FY9{b-pbvZ%TyExE{28s}8|07#@VqrF@?h~&
z#GExk`BIxm8K8!{7%g&_n7giI`Gfo?GV#}^ST}?{l{yp|csDVimIv-h5@C#y@NVYE
z)rg#Sop12G3#wdA1h}*K8{u^+t031CmaRT|T5c3;xnuXFl|*?e*^8IF`UcVGtT&0{
zW+ZI}%Jr}E{;aa2Ig5Fz<XAic-AE}zvsUMwLCFtOcD<dO?s<?t5s0oFj4weYM6b~D
z_x-s{YdKZI0>6LDv7Q(<ez@~uca^dGqM8kI<*BK_+862q7}F{{O)XQ1)j%o6)I6S)
zC{d+a&>oE3KPfDKi{8dJ@0Ojli!Jak%&)?irSr_{bswD^WlE1jtQoURGF>fNmS(gS
zN%pqgiX(4bC2}uCE%8WHSSsp@LbOuHm(GC)Wy83F{2u^5w0=`LhzN#gBn24b?v&*g
z5*yi`5s90YY8S56Put^DCvlE0CVWLC8}X9*&U-o;#NFV$s5X1$olR{3o8eQTA}sI-
z8R}?r2+1z$kS0E`25{I)Vy*|MzP8sEdc8_W-84J|HX1kMUIqeu1Ya%2We`F6$V%kF
z#Pz@c000000Vv4SS!XkTknMRu_7OzTgJB+l2$Ta6mGT5T2#=r;&YoJF9Oro!#pym!
zr!r+;)YfPUrgXlk$NDJ6dvZ?LFeDw!&0y*KNE^SIzDjC2t4-^Tla7%FrTuYNhr(3#
zfUtmRkr<UASoQK<1#%(h`m8`Ssc)dd7X#8vM>J(Hp5@6>q5%uWe(i0D+9B_J!i6%?
znW#J+GeHd#SQt1{2~4yyQAsvAaQ{d;EQQL^S#A^Ek9jAQ;C_GP3a8N7p&j0pKidj+
zPW57r|J{g1Lq#H7^tZX!3{5-!b-BZHr1nWj@%*=g4;&iO^x`b=7L&n27nfdGv7sIp
zvQIe&jAJkQ&QDcA-P}O$$hfY_dpaqOSu`F5)Lf~fN_~afBP;t0CKUC@6)u<sU<QV1
zl=Mj0;tbcuSS<^rcns?7Tt#q;<&i4tn4|I_%hMYH5T9nv)e{qY+Q|~&tcny1J72DY
zzz2uMI6R4QQP>x9I`Lv0ON|*NDlFVP3*tiW7z3+qwjHfzAEE#?834^o)>F_Of4~(Q
zeaEnc`p=%?zv_0uBrdKwB_sbj%ODh1CqeAkePk0$O7tq4XCbulrNiD3z)F@rmb3Ms
zMn^|<^D39&+}#O!4bu+XVGs~R1ty3Zrsa9_8hEOuw8x^=`m$n*u!9=|PolWBHI_^e
zH}i?+F?6_VN+RiSaP=HGsZN}ZdS@S-_rn7<eG9V8z0hcj0aGMgndYclh%aLd-#po;
zortHExyiikwQ5bbbTO1Os%7g;MG-j6kRFLH8kAQ0;of3=_=B9mScOU^a8_TLv%+Oa
zLB%VER-6-+fqyS<4j>81apc<ibzKh$LLOu3hIT`|A}%QgItrHjzMu->lBWIsvD&F9
zM}d2~Bn2z;%yOhc=`05_2bEWJjt7{L5qRI#B*^Rs6rtn*00boq#v&f*&q$QI@qVFo
z;F;f4XA{$4xM2ByypmbRE!8FpZ3fgmDNNpPMCbqj000NjTNdjQk(D+)hB5rC%9Lh|
zUPe(mfGc~(+n5iNro?QrDLHVn+Tp1{_x)JS3xE>N1&_-;^?(1Mw||*Op;+y9Cj75l
z@SVqA%Q~l|ejYQzg;Ys`iC8S+V~r(i1JjCc5Z2R81oZUFt<IFA1PVW@){qgosGiQo
zgR&>Vw|;YPE#Zf-;vgT^J6aAh$i5lyVWJNBu!(Q*TVnhRP6-Xlro~E)LHSWjT<N+_
z7H7+$WJ0(9q9NeLcNPtPV3`Ob4iWeGO65EP2V3jH_BE%J;$L|cO`LlZ0jTOwF_#&G
zCaK-Lu|MI`dmbTkV@XvSKP{h!;mz*XojXSs5dsG+edk?#P#yI2N&&2m27eqLLA2Be
ziX`IS`5eX|xdh2*1{m)i_XOwmJ4IIjn0dA3QdN2X5^r7zLxFVaL|nXNk!IkFja8VU
zlv4A@oue*?$8@VH2?#e^kKExr*_vo|=5OxE`8puj=*_jv8>)zY0Mn#3gurPUa{eL|
z0z{13BV0Xb(v!rBqWeSOE&I>HyVpIrtOsw{PH8B~UQ^QU&VM7T1BcY`?J6VYfn?B6
z)nvRdX~K7=aK#}j7DV9(bJlaKP{vKddR}aen5@QVI{SN=>(905q>hW};Fm8k3FYE(
z=P`n!T@@bV4*<}ln-fc6VUj4Z`<%Wd)Zxr5VYxI@ECRD~Iv)`5cuMa2Op}j3s;fnC
zX-FG|;PSrGVAQKK&oxUlMpbKdD*fkbtLaA?`SgK`=4XwSyLECq-eCjaVWQ`ixK_Ky
zRh8IqizoJO0_092r*N0Y!T<*5WztJ{;RdH*HyEd3SGK9zJ)yXO&U+i?jUq)R^lv~6
zt7qw6ntgKWC)huh8X2jYDJ=1dTy-kz4va^4aJ1Iei`<R+zw^tRE*KG}*atDjReP0j
zh)+(u7h+G&)2Ak=LGX8OgZEoDX2W}g9GC&vVY0~OqldC{lzrJ)*COMX#6+2n?rf(o
zRKInqJ?B$r&oI58Q=Wc?XU<wrUyD!IbAmx*%$eYdx*8;YIY((m!FZpG^BVY$Ou+Lw
zyA9FZ8sG~(&^<2n6%AVfJdKCZ>;6=%|HoJ1Jef+xhLyATrjr<4!rLj2yix|>K~lHf
z@9d?Qd7o12$Zf>n000000x!P!Yb4BEtSqn=>&v6$RRp4xLzfWn45b!>ebUQa5p73@
z1W_;%py-POzHIA1*EorDlg&DGC;bqa%A%R#xT~^o9PwWC4vIs@v2tMImX7O-LE>I1
z0Jy$!zQvk7&?{iv9v{gA@Bd*2zMj|@HVSWL#Yc=eJ(P$v)&j<S`csq6y_8l1_1Ldo
zo)yzRI!XUfNQ(mT80&*Cf;0nHL;(t-V@L=qzfxfz^Sspy0l~8PVI0zmSKCO5V?o7@
zYGVT$VzDVu_<p4^`o4{bj7Q(4aH7jM%~=Ni7XZLNXi%;3jBf_U$9DHME0-PD?wP&&
zm=W-vJ9Moeugs0bJ5(kLmKuASW7Cu@_f>v*yL5O+52_oM5YyiJ!wS67NH;=HD|Tb2
z0I>G$SMk$OQagA2jM2F3vJRQd<r}y252~;zS^@q$YHsd6p|$o=fKnOM3uBkRBddF_
zI7V=r2Y0v4P?p{yM9g%^inS15X>KZdNNAZuvs{tE({lh=7>%B#&?V~OC9=FQ3I{)Z
zd#+lw_6%cTI#IBM3%U$hVJHD~iJ?dJw0HT+%g5C_E}8Jk8&Gt^g>UxyEwt>>?XdU&
zAEQh<$;2$P%+nq0DdlvX|1A^WgyLotwX=&Fi%Xer&0zR$L`N$MaXk@B533O72b#i;
zQ?G#zl6js>ecd}^aAjT4-8rOI3dOerQpDP*exeI1e;%c(V!SHui&a7G=HA{xGSb#s
zEvK^7#I(nC@0t^hh0&2<iJ_IlCJFs)VzEBOIQ8ul6o%aU2}UwBVnZQ$>%D11jRr{H
zQOn(Lzk>#M5bNuTmBx6Y(JR(#Zh{>;H-+7AkI0E^&b2=?aQO5r916{EnV&X0o&(c%
zCo?Tp9WAnO{RzaW@)I{TNhPF$hNl=+?os?1Ijx8eOVeHRCn6Jh*{!{wC53qgyw3>+
z0Vy=ULG9#D6FN8D4<@WRXzDRzXGCjcSRy*Di7wzCpV1g_sXkDBwjCXK2D*hgxl{+f
z>*P}zt##7mdgt3~g+ncv>E`gIuDPZxdtV@?&c27dXvfe_pC=J|lBt;)JLF-?s-hp3
zk7I`vu5;wz^gH}Q&|@N#)=1`V5Iu+~^491$CaT5J@Hy$g2S=jf3y;6{YX}V2;!K$V
zvfOTNS|!iorfc`0QQw7EIsR%G#8&18v-J2d@)pe;<PND)5q|}l8x>dp0005x9kT7D
zDIh);R|$GikFbrLWU*BW^t&(+GJ<ZJOMssYj37}cJJ-m|+g6b;Zw&o#s$M%0{3_@W
z3a3K;p|c#nAtZxb>GVOdYl>{uRZE&9p-dMO)LD-;Tz*RUgNNN??ly&bv}U?S+e~Yg
z7Mc8pB(vMEwg+IYnTxVbyBe!d+`kK3Vys1g3a?ZVZmm-C!8t{6i8aNG%^BQ+Vz={g
zL+59$ty>*&wn7DTO*#W68_vlS_i(m>btuU6Y62NwjtsJ0TLN9@T!oAs{ky8ikZUS1
zb(#lhQs`BLG?l?739a6S+8f0w9)E&TRV0WEylDCLs?D&WDz1R_2ONaf{(|zwx}rt*
z+hj?d6GCO!ewgUuH3XZg7#f}{hll}!LBZU3?~-pO6p?9=4kEPC?G5+GJv>8pgu=RE
z<|U&0l$k`=>HBI$wG>f{*sq<@hfTc=F7E`W6Z;bBIp>EH6Hp-i4bE{?DS+V5se%u+
zY=j0Rnw@qp#HprWnMLY1q47XJQ2+K2936t+YOn<hIbU>gd;oM94bix?RPUTQ?*5`2
zE+(N*e;oS>g2l;pzlL^NOB`U#WQnTR^CHy{?MHIAfdxa!q2mSf#2irn`U^}K)?0G7
zodoiMXF)9udC|=sH59A890a{;RHCuDzPGV`3XN{=#&qQDDqmYKhrujpeioNfmh1q8
z$Sf}x@7lr&w|ZKB!RX)t(_cfb$iYy)c;>9wP5Iv>-HfLR1LzjS`+*_kKap$c18#lV
zYyc*ePA<g~A`8R?*C!61p~|B$(TeFsf|BH&QWq(aJ0SHkh?>}f=f~?&kWnd7=Z(Ft
z@p=brwX~Dq(a>o$P2xn%9mNks{Z#3JQI;V4NQw{qo1`c;bV7M%)X=WWVqYzmL>i{b
zwr+Yv)_HnB^F)?Hs~@~Q!*n7jQKZ$!+RLWiU2OGflcYl=2WgqPy-7A0z2gba-AQf%
zrE4oM$v)C%C@M5^U1?ikxc~hFV~efLk>?Qk-Nj>H|3I|Nr1R%P98mp#pw6g{wIHKR
z9Znx@(n4S9*_(tl0?^PP0000Sy6Pg~GA@1G#Dr$fv2TJd?lLQgqfI?v1>PhLuu+an
zzw#iw9k{~P1-TGo%cT^lMK0CaWAPOYO%z=JK(Tt2UWN?Sr%>Q(k*V8<+2f~CL6lF}
zxDauJzzzbZu6Aht6mwuSkyMabZYd5#sQwdK5XhEo$K@zGfX@J&AyMZhYnVxAIoT$~
zHXE6dBucTgLqRj8HOJx-Qg*#?v(-7=ufg-xg75dX(wvlq5yj8kQHZQVvN_|PtVs}R
zm$~6<=(2oYPkkpl06+*4RGTd(O$U^e2=@A#l+XUiK8d~l-YNK_TSF~CSFk38bPa=N
zb=%VGcj`__Q5>OoBZSlalYFmU4;QLC(G?YxT{vf;YEM{vfeq(aa}5rVrc2-m*|nLn
z|3+zn`n5@cUS!$!wLm+xxx>}NZ0SC&9Cfi17uuI0rfAiFqQzwge%-;Ij_?Dy*`-WH
zC-n99kmhj$H0ml@3r@}br1*9l|7Iu%Fp=n8ZcUML*Iegh5k>K>j`x`m2Rwe^TY5-U
z#kOrMu0(8iITQF4%**~C3P~-!-fssw`D5$eYil7R{d;N){2nQ5-YtY>&S@_5SK|d)
zMv|7j%aGM7+VN={kx;+sFtrFzC~Bh7?qeSvkp-qTol{9)QL`{>8KG_nQv?pip0RGc
z>i*(zK=|J5ILPRn|310Grm<yshzIfQrH@AgKX?^ciNuUysowucJU`J7_+|K08^eIE
zSpbVZY@q-mjcG?yJQmRf`l#q06LL)`BC`;XhriN>;s4C(2x>c{JbeQAWm6|<ee#lF
zjY-~HxMaY%&LA1vVi0l2>uGWZ#z*w>%~Bf=$2Gc3Tif^cnKCk%0p_Y0t(h`|OUxEJ
zDcm~HDstH{f10^0X+xNM&>A75(AW>#kAq1>OLZ@RukaSy13%p;;rowDWT00U;IwS~
zzj-U^^o=k~YQGfgEiJ+^wA|W>RSdgmxL&3>6-7BZiG7!kHq8rTtGgxB<=+n`oja>=
zDwq6ttk9r&R&n8PO_|Hxq}%HsXZN0KEXUYkQU<DH^an2h9*~HLWS+Xt)xx-C!)*0}
z=2?3?+<wxq|BGb1npiV}vG-G)1PRdH%V1QksTs1dLOmbB#|!B|9<NyZ+Ft3orSVhE
zf<a&P!LKfEu}Klwu+8<d00000{o-+^1KL#LL2d96MInkO<BD#s64(rhGo`x{N91vf
z%0(YLjwt)u+E~ecyXGeW4tc~&Z)lBeK{Ha!<33gB(@6Nb=+X6;`4t4k?%^j;9{!Q1
z1JTohe@jL%$woUbnH(J$U!vboL3+(wCa;^F@BRfS^hGm5bLggab;uU}$Dcu-IC7BW
zAm#A!gl)=K2%Hl_HpRfl^Y-9TXzS25biucaiznB<{ln5fI9+C$y+_SES;~hTI*GNi
zqNe$yz+vh9<nzG>+c?Irm4}743s4rctVEKH%v#nlt{fl2#8<i{nN-$hjy<c62sA9T
zgv3m>_EGP4MY1k8qctewyJhqs|82kUpabBPLV^I|DYaU-9{<N|Rh#dpKs!DIGRw3_
zQE@EfJ~l;|c;_W3dN`9$1W$69s~vF$as+dVMUEspzliGc*~9898y0phrVby?u(A-D
zIXnr5+Pr?{!%l+#;8KqKq+Wk7R`xjaYqz%jv0g;w4^U`LAanktLE>v!CGe6i=xF79
zBNBmSTsDlyI{R3C>dU1jf1bxv!L3)J<HOqw95do82~xj6b_ryKYNHPOaoA-Q-t~If
z|B*122LusEFnWv;V!S7o;vb6Ei2sp|TPtiR-ZTP{-7tQB0-r{m$VttWeX`*>A(WkQ
zn=m$if~(+YI*Mk6QR9NPvt`dYGm+q5cdHgSMezSj*K6!##6uS8nJsrZV!#?AfYD9M
z^&9L?6I0Qt>R>D$%X*jK8rpzJi@1$LJq=CMgiCHVl#DV$@N|R<wM9$#COA<WM1XKD
z{;^U;hO4P(cJCv*Apl(f00R;aegj{;i}Rv2yO)BBj%%~>ObpQ!H+Y1*PR5E1!WO<Z
zq3c^MsT-z@#Yr@R9X^~{5g}<^ku^AP<N`H3tXjBP-0>qS=>|^SFQLj*J1=g@b9gtp
z@-i?TT`hsLW~e1P`D%fFm8r6~B;l9|qEfI9x)_sYC$qjRUFfoHM8JDw-Wr*O`~GTT
z4p*YFqMuf;MRxoCP#c=EosT(Sm$;+;C45T1D`pdO({XKhH14Uo(624B!33ZH002SZ
zO^~EEL55+SS2Qn3I!*lm+j)Lj#Q;oUwmeeXht-66;JPnLUBHo7`<$QhKxVnR8S!;f
zCu)azxHAC)TpiSCQtK8khM-ABG<n;ES(mMARUI3BfEVj8{gBovrHvOx>K8gqIXsh0
zHqvNh$ff*2X5N68D~>1|xQ#6chU^mSSpC+&ejfy|NKQVue?-ERTy4@tb6S(XJD(vN
zCU6xNHY9Rp;%Fm|vJic~i6(lIIgiAZ)$`}UOE00~9tL#R<BVj#Z!@ril6;QV8_sPM
zG3OM_`Kq|ch5&daR<hZ0iz!+vW<?)0{zj`HaRNA0o0~DjEiRIC#I=k1C`*`f{{zf`
zaRZ3qUE@#Ve$$pH`v1X;^l-mUV#u;}tkCZHm?-f5(fNe$oNe??K<reU_~v%C=RWJ1
zQ=dVjUTRT$2E;|Q5C6$!#QXmIfv@?T>fntY{FpoLF=E;n)dr&p5|L-`{2zzg&p2{K
zQl|pAlWi~b95{5tOs_H#R18rt(X#tZLD?Y197!%A>znn!{<;}>v6DHM0izxOPTDfX
zD)98~y@;3_vcwLHZdYlY@5ZnTR2SZ)?x_Q+JtKqQt1XF$qtF*#lz_iNS!E3#_3Ocf
z#3$<(jWjj}-m5Ha?QJNYODw8D@jA5tKlXW}J?wOC7AVZD&TjeAGZIXBU&?JNXA~cT
zz89z%gj<Rb=l6ZBqBHU)bOtCX!T<+Ow>ufbWF4R?6WIKq=S{r^Fa>Ow0M?=c*Uk_S
zT@4s5%Ec6|`ws)TVZN7&{Tw?pO1g{Z|J%K4bitWbP<k?+y&agdf)7n{-AIl%m%HcU
z{|2e1$<<rAiyw-Dxh&Hs>Cw(kKWO)W_cR^M{XVZ&I*zWcpEue-e3s_qRy4<+%%Nx_
zisrflz>$rPl$({T(mSGZu%x-bi22)e?%fds-%BZlkG56p)M7Y<P6p2{3ojD51TmdU
z1~3)j0UQ$djuQ)8>Wd9VnjA<1(f|Me0#-h>XMNL1{;x>7t*SaFU(2akwV_rqUn^pV
zsr#WEfA=sQV-CZSeqR^Zf7T###V||*fN+C@yXLj0iIH4mf98OxN_WWkdQj|y;{U>1
zeQ$H|s)z7K8vF1NwMKi~7+HBv1cgmna!p#y&}6mjsyfc!ptHWO?c4o8tESIRGHMDS
z*hNCAMh(5`(SDp@TC;y8Co?x9+I>jmbvT-O+?W6^!Y_f9SN*4q?dtx5|L9rAj$@;2
z$mkWFI`np1B~p1%y97xrDb*}i7CGAa;=SHPZ2so>?Cc#ea}V5hoK0*I7kS!;Krf6n
zi4$BDeylAWbk@JTpZ8sQTdF~L0Yv=)a#WQ;1UaZpyvUPCg<xv)Hg(0m%kS(ghnvJH
z+jKNr;4fVyq`bih-7wE63F*(NCuc(_XF-7Xz^F8fd};>d6T?u@kET`EUB^QFV-I9J
z!E_?(MS2%=fYiaI)f^B#w+<I1uj`laP9Co#f>;tf3qeIkpLRdFT&6<Wl9*pBN&cWU
ztnLZMLFfS+Y+$FGD`Fmr+X1KBf@X+<4OJzX3;>A4w>A)91c-Stol?U2J1!8-&ctJp
z*T_40*^6Hrat~=!Nb%j4U*SPrp;2i9w`qMZntMJUJ+n&RKBVE$Kq5O~MH5Oy=2*yK
z>f@hL>`h3>lxWyl>Y+>=@gHO(IQn5W;vhY9$aMV!8xAIU&LUAOTVSHN-refH1E8iA
zDJaIwg{1Xg6C%njci&F)XNg`2gGLEj+_idrI|9EdW@Ld<cqZ*4Mhvmlmlz^Jm|p#D
z_|E)P1^Lj(*i;?yR&LC9#f<Y=Jd|jGT?ip3c$&lf0v$^2l#w5?Cps@t@o+;OyNhha
zzEYO(F>V3@oX3qVV<QgC{bwzRARfHI-RMbJ3X54O?@5svggn4l*cOGj65!L@&jbmh
zWHkt{1n{+I!>rZHB4s#489o3423n;e3<PlsQzvo+G~U6^$PXOlh0wbT9ws-)(K2Y8
zB~ZiRP>6CwG@Tn`-~a#?b(7^9FgoH`i^lqnWAbea4V5~uU<qI~m`==n;u*??CXPR7
z{)HFT(muBFBgvuZ2*@W>7jYOKaXMzyYT)F!ZSmTU(Eb0{8xYfB`)Qe9^(vkE3B}NT
zpxzuQij0KQw0meAuC<z5pC;~U(M%U-I5v2(>H*Aco&dI)c|ny2lT)RO%;yx3fNAh^
zKA(SMS1oXRCX#*nHzHMQvGR}r0<}7z(FOGoJq7bHoKIQ|lsR{*E9A1GO~0*=r+UXh
zq2teVW2)IWctYVYDf42=sZH7Sp=7sQ?r|4{qIdClD`+dLrGz)KLk;5TBCBlQwqCc(
z!Bh-5WJ>2G(0j?Om;)?{P@DnzWX(c}o`{QKx#jZQg$3^kEg={ZrmkVmZqZWsPR7Y~
z$-*#27{Hc5a%GA}<s;EHOmtg7B@zTOTRU8N*8b8F@KEA7apWPWD2K7gn;Ib-c`_9v
zM@Aa21h&hXc}@M{H1Sa%8;KlvU-0u5Dq}qj-!sDskSZn|%c9u<3{`hVya$z)_|Ffo
zOND#MSgYv0Is>{Cz*v_oB{Mj^Nh&w**J+~B{(|W%08Kmh!OFB-H8cLcCjDSLaq<Mf
z(t@scOkcRdazuDxn`YvFI20kPf72tUyYzIGFkQ+3_yBr*`!E$wt5jL&T`mNYI^;aV
zk)^Cm7(9Axtp_VE{ci4T<rKGkdV>R^(lT-`=cKvJy?4E^cf~)l+vh;j_#%=s44?NB
zQ3u7nZJYoyj8Y#Q73Gl6;|ttMNfD^w`l=1h*8Bh8J<miO^;lQFAs>Q`ZvsvD4MpOy
zc`-#=Qa+yzk5R^*Uvmbda-&eMV`gI8pJ>}yqv>>wtECm_Rs3Y+1y_R-hxv$*Pv#&o
z!=}I);5bT)k@0cmb6wqhQu*x~OOVzObz=QY?*MhPe3I(mqx7cdhQI{2BLVD&5Ac2c
zuBH~qL12(1Ep~;l8f4%!aE@wE3f(Jg_6h`bt%A+s&-|{_I}!X|1B$K^xh4J8$Amf^
z0dlVUqR!!c!f`JJGu?2P4^jF6Xonc>nv2oU!xeLq(PGmVjHWhtP`Q^*H9S9!;(c}M
zZEr9XRox6WF8h<-E(nVFz+s92000ELHH5^w`hQ;2<_Dkg))0`{`iG(+#_3RbsU*o8
zB|`vJ`_|US(Hc{c?EqrCp3g*eoU+;v*XpJ0WE*n=Jad-*uy2k}*F<IYwIX|>PE%a5
zk4~9{c$6nS(4Pn&1iWJf=6vfGl#r)KRV5Jy*nx38d<@q-SFjx>wJ9QYrO6OJr!#ck
zI2MMvnKIA-z4KoV4gJ)W<-mAGDS%&FAVSTWJ8DMqHSYC(mzF~}Giz64Ep?XGuBxp-
z;`zhkF^(`~RQl%CYcys1Qs<IN@l`p<rXBYW)DLx@7|z|KUWfqAe0GRce(K?>d#Y6I
z3=IcP)#mn>wwt7ee)ZD<rg3RgScFA5U`3Y%a87(F-!wChc3{?c<RUe1p!MzBlr*oV
z0{hv&II}0mjXqR$^8I=eGx+6ju~c;4GBJ5SVdKc6I$Njcwd{x3f|Y8k-cxs_?I9sz
zDy^&7ai;V)$WD#kpm!$>0F41*l+qs=;)lO3H|Il$rhpUHrgZvWrl1V4>$T`MA89fg
z*ne9o+R4}ihMO2(@y3q^7vqE9#=(}t$ZR8f7dY57w))=`9YD!yYHknM-CR5A95ANs
zA+vx8X0cN~CKrZWPDWL=&42~#$!!jQbCYMYPZFnQdO@BR2np9>arH;I+-38aIQ*>t
ziK4+R#cv*QP;2WxQlV;Ku4f7xR5dG_^F)2ilqNTqhuc`fxHrs%bvjQ%&XT?H1{8^K
zqwvy_@KRl4K2}h&SoFM?Mt>DJAvx+KWk3uC(%L#)4D@{jwg*zlbjTRln*sBRrVD3*
zcqJqfBLSYhkH$u$5c{evbcR0dyP(QyN^5SqeggnTK)JuCf$<A58E~&^%9xw1)L^RD
z1ccO}r-}VUvJOB3ed0v#=*u{n!mMOO5+P7FGrEv@t1(Qqn0N0DTbH|Nq57~2EBo*D
z2E3}-nkLyC+mW9M&ji{oumq5@YdHXL8#LztA_4;WioLG@IWepvC8Th|yi?~Rr%mqg
zc1*bKU@O<0l8(V*+Iq3zXD9?Zu;abIeV!NG{c|_j<Ny~Ok*)9D0X~O;w5jd0G0f@E
z1{Jji9m>J(KR0w*#sZoT%j#-H)rP|t%^5fMklALJArQ(luaBCZv0VTF04Yz(zqhAm
z){8=(Uy`-=^O6KN@OB&LIXM1Z2SXUO4Y=gKZee&x8^GJ6{MAfnJ4jvfx@PEtTi}DU
zRNgzg^o2Dsj2?zS<gKW&d)0k3Q5uj%2Wnm1A(4nxz}4QU@LkrxN9MKD-L4DJB11@;
z2e`iQdK|lZAU1L%r_}k|Zj|R3bN}VKeEzfer3+4*MUP|+-3$YpOJ5nSFLgmd_D98`
z;~O0<P;VD=52|X1dcC!hV`4lN<qHh6RkN~{V%(=|GsWN^OZ!OCss$+EMa_7KQ+1T}
zg)2Yr1KO`D@-zGkpu;4WB?oV7PI_VcMK*x5*N$OQS}}R$n)|i_9<W<$p64e5k?Y2S
zdv+ANd-J^BH6@mg`j_UeK2A-M*XeV5<<g=Iw#lYnESG_XGhS1S1km~+PtQB7Nk2Xz
z%`PkyRXgiUE1=7B+S#`iMDG7Ieap@6A}y5mH#a)rKc8x{Efp<}U~ssFg1wpF_IJ6Y
zK45(bKwGE3S@5U$xD!Qt3>sbe*8P^&s87lOEdq4Xj5_xKg@qcXzRlzANJw!$b@Llo
zlInY5WPXFJcie1dwqS%I!+Wx!xXExQnY;wgT{U_k3^%om)ie!DblV#e7U7*K(z7g1
zi6Z-z#dS2IHegO_1B|Ke3XS0O+#9N;)ZY-jG!WEC!w;wx=W8SHX{n{1LZ-r<f?7Uz
zSD0;)T^Lw>Z=8{G&n1AcS_ATh33|JnfBuz<$O%t9{#+CG9pKc}A;A<0widoGFWP8a
zt0RnRwGLkaxw;tx<uOg{7VfO@Ducb6Z}{f&BfXGW4cEk3QSjrUSHLo0b3}*yw0=FD
zJ1voKhd<<T&cp;%ydg<Pt-CkO2SLGNW_k>~bO|_?5o6{5Lg3KRqR1qx8Dzo~eW822
zuxKg(vPX-5dM=7q1jlUhh>wDI3-fX8Fc*Xk^5fJgOEVG3cZ<KbSFwf7{rhMaC>&Gi
zN<LKH9n$kk_UEvh5qt*`Mm9KYRU~1^07Qvj6k)qX>}t(ROJq&tIEqTaE>Bp4i5!fm
ziPQy;ZE(v(Ld!VxXTq(#7*gFkX`xO403~IhB`xyfGsdITak=eKeri`b(!dq6z7Q$k
zxSh>zyVI6W)fj}!0G$$TbtUhieL)u>2GK4d2m&F+-JY;Hm5k;W{usivcW~FSXkkBF
zIq;%OQTF&`CF?AoFo38sJ^=+WZK1S=5;tn+j|GS}W>=!n(nj2w{Bi+si}RNg#CG@P
zh|{l!rp0E()1_0k-m%M>kA{<J=yjv*5~=MtvNmR|`r4KQA$X0x`2ID*RiBCY*9LQT
zb1UBwQ3vLa>pN=VNWha&#Uads;TzH+DN><(4;eOCPnRTrv-jUs^iXd--E04KlG1RY
zF^ehuJCGVuHxIk^8<@HPh9+n)ngK&FsYUl&uAf{06vM@li;(ya-%Oin_<WQeAJg@k
zb9ODE{hJMes!N*P$20SxrI@4&{}YT1l*X1Hn(Y*l1$x-G>!@O#Br)hQda<wJopT>;
zVJq{HM~d%&ghgWKQlm2_v7duVS*Vec?KB>ZUu9$#F|Po1-AW0@;;BAo8_)oLDiLw&
zX=d8EE{cQetVv1c)m)p)oW&sK!;olz>T9@zTKw>sS(Mka(X;|d9THR|_3>ilw!hQE
z0hXa-v)+A#bip9J{P@lDa=6^dK%)Z)_3un<`~zmApBDai>JjYU6gt4y0A<uy$|2Q*
zkqt))(&6iqioP%QIsRC7F#iaFbDT#_=@O9tSs?}&@+^?B#=<TREL|dedB=}=g7~eH
zi1bTj0QQocElatwvmU^fT~zSv#1YoCL08FX&2A?dqyhU>S)hXV0u<?s2_cC+B_UGH
zzQ|hK`j-K&32$SN>~2EX$W7l~%X?}g_4-yh*Lp6{SvxvU=Wzsm4_g_xbq^3lTrNag
zhNEakMhJV=0WRqY$(OS~As+Nd6cY*h!3Sb?o`Mg@00}0C<`GU{3uIuCae9pAFTJ#u
zC;x{Ouk`Dk_(YrlZfa|gfJCS|0ZoEFX#WbO19a9G*MY%$b2k;7EW7-U(0MVw0)=51
zNausUD!jXwy)?4SpirqZbB$?TGW20%a>I=%001J`<-VZ)>)@}9?7of%QeXOQ97?)!
z4vZyNisLLumoJqr&xeIvqSZ;mvV(S{XRv_LkoU9pXEgT-H6E6{Niy2T0kvCG!|^0P
zZiRDB)y}i0;b|kQzBbzK{<8ck{}_r*fJ-9vWunT702gSvBv0ic95)^gb_NASl|saZ
z(CDqiqOUH`VZ1ws{5&8E%51upXX>nX9(Uh@aKA%Qb_RR>ed-wbJG-v2wI}$Yq9T2E
z*2C?pTaW$C?sMMXib(_bVO5nG7RsX^n)b-trd9{@?WBzxEFuDLQSmbPk<23TFI<t+
z4NxvGH|i^0@-Ms9OdG|eAQ~CJZ!wzF!Kg~|x{WJ{=RzYl$?+Z@F4_!awt_-51+oYM
zwE@7OKPahfNbl!>#A;ot5JWN|W#bRkH6Bq`P)dk0jNt9J{2W#x1Pwb%OGlMfs$JS_
z%P{1ed;&$!B}`cvsOxzP{p;#PxL5D4F(@zb!&wVOzLl7gJ4+?|fCs1?wvP0B=d#-2
zgd~~+4mZ28G+hsTq=V+<Z19LVnsA}8ChR=+yTkyW?IOJJ&|O(lU^M~7M%ai|0Gf5c
zl%7f%e#mQNrJs%x;0`R9oZC5dRJWJK>MebB62?t-LT}4zog)e^ZEm~39Bg<#_dw9|
zsY<3n*okR?qsRb!==v^_k=0oqUl#<jK2lJTdf)qBS};2up3y(fE-pFLI~985mNB*Q
zBatIXF7exav<MNiA}%=3io0dRNH6dDv#FTri=x)dw1=&{UGiG!jTm!0<W}thL6cko
z3)W)zdi{hsg~wnC%kp8M;(!5V>WHw|2K5O?3FDqIF?a(ei+v?Ka#Ee0S!c_j=KGqq
z6xl_LUFA(11<XnVhe;Fsr>t2^{8OA*J586T1Oy^6aX37S`fKa35fU<{vCn>G0&DyY
z8~^}pt|Sbraff_DVnpLSbIw0bpu-qNsPG%sQbz)RYFBKTH1%iz)nXbOY;U}<=7gB{
z3cqY>abQ&rp=RtzpqKmF04dcY)Sh++25-Kpt*}El(;saElZuemqGWYSp#86b3zqhv
znZJNyZlC}hIEE?(Iz7w-zqHtFTG#Nuy-Vma=1rsZ!s%z(-{B8b*D4`D(3G<XPt_t0
zl$#$-=V4}};49WuPKrN#vK=K=Ze&&n&Y`?)v7$Ze<k1bA*fsXT?7VSmXq~ydDKH$Q
zqyTB2pF6-LMot<<9E2$O7&Y`5{(b1tI`ncBMITEXzN`=8w&?1Ak&<yPUdvw$Y2BQa
zrdVA%&;a52jK&==RIB2d$L|K<n(S&fgaOv`{HC`q0$xGs8|Igiv#B|g;0l^yN&yZ(
z`F|3N4?hsnNkekPkOfPofE#=;`~k8jnMnPqHgbd$#<*ddhS|FFITpqiB(Wc~y9gV(
zFu7}u{U_8VVj+kc5m2tJKCx%I(7z6*#xD*7vr|C)&<G&e|A{iOjz#a%3%ekD%fM(3
z$M{8o7zV<FTEt(09@q0j6Q*$_ozz|oNke7gA}-jLoL2YEe^yWwoL?$M$%?6Znz3}o
zef;jO%7U%YXl;BTGE3j$Frb@bxX*mMx>8sOl+0S-8YkoW_}pDdo|ddl#4qV8Of<MN
z=pm)z=Wb}}LqLl0C~w&x$9UPXU_|}|fsgsj43r0<JevY&5dOAvyG0VMGpnC4!s64@
zhn2qeuin~Vm1M-!(=OBa8QS3rCphFT6L47Qw1jp3f8e99ZHo+>eijCDhS<+%3AGDc
zD!`lB;QzZDtxZEhKG$^5Gi>1k)&j<`08r+>*u@}#2ebLH9X8Gb`i9S*U-9M*zO|%>
z7ZneOSTq2608Q19Bi3owdrLq77dt@TAqCIzr6vbWcvP-OF}sI#9zT)@>EC%+lKUM2
z+w^Gua%8u{+<|evzlS#g>;1NtLHX_dy0863Dm-dX2@p~s=Jyc{$XD7-TU1-2f(KM?
z!{{4R8CQOww=?=;IJZwmM^h>u3@rdQ{~e`+|Fu=ZGX6WEHN&Ty?5_FS33|9<`t(Z&
z!!?V1A-INy2XFL|nedK#e-IU5+R^jw0#7Pg6+Cbd#I$N(IANR#u>QPoZtl%e-NOcV
zX%YUAK9%o2s(*+M=iUJ%GV^;pQ7`y!KgV9TEm?2?03uAWmNaZ**&H4U>Y|{Dk6u*R
zgP|YLsMit>354x@_oQS*2drvN=dwE$h~yh4_FZnxWiphR_pJojmMFJ&%5o5vOn4{$
zplHUN4kMoW^-MwMZH4Hr%J8`ql+TDf_e1bSXl{v$R63`15>Z<q3x!BA3^;SB;nbe*
zn31+i1VT@1Jc(5)UHlEHv>>^$r>3jx=xXK*<HpT075(3Z=!o{ae;4Lu_aQ5h31ePB
z$~75~tKy~E#oq#>?30Q4$}F%60`Vau`xfjo%wqZGQ*&RHodF$m?e&@Ql#Pa&%IjR+
zWtT0@kjS9*ej)(S&AKFG6*{BAG%l~+o?pxZlg;&1K)b8&cp+y#o*BKA31zM7IY&^^
zX7&5ihcX?W-N?PzZmaw~31F*}CUI@4Gv3<D_BT~fTa6@K{m0r4)bh1bue5sj%n=*)
zZe}gs!tx7!2A&o)r?s^Xcd#1k&&D4!Z`Y&jS<(unTHh&UICa93R#5?)T;{{seZApR
z?cIr)qiDgc3cJcBXoOiYOd!I1SD~+6xpNDeNVpHOW-GI}vsbekJ8_c4$+VAvo`Q!D
z2yZ=kzkG5u^aWe@`C$k+RXbg(LDQy}8Y^2i$#(M!nHYL_N>OBs*TB6k{TT}OP^f-}
zxc;n=4y1>gTOKGAni+RFm;zomO>U{ic;Ft|+GipnC`Q~J?hO!Nn1(}&o)6A{PzO9*
zzFw>mGq76r1ppR>VQ$PJZc(_X6Kroo%P?YSOp!LvKN3skhjb?=jF1#bVPF-0pBtk=
zBPU*&6|b5Ej^P6UdN*CGZr-0cP64_MXvq^=tJ*<o^}0&%y@X^dbuSO`-}UDvl6n9V
zA#&hLGG?RO2VNj0Nz2O^fr}1yI2^PRr1orRSK!YPht&A^Vf{^i07H&GeTgL_6=c5I
zll{O#0}NKn8s~Hc+6`<;nUFimKZ_B(<UPwZw_IOKpXfJ>8@7@z|5zmc!*z|9Uwn99
zO(?};&4#n>hI)WsY^5uM+XfZ#)RZ_&=1I^KILrs?CgAHi@9{weu%1a@*I|k<zD&~q
z1r;#xTZ;3R#c&u~quZc(TqvYPkjsK(vRVW!;fWGyk}FCYlld<00`a_~Hhozo+^Zi@
zA92I4j)91Nxc~qzc3;#p95pFNlS0tG`gVu6rtYZy<}R2sf+pcK<z<>>+E+ng%!aq|
zfx#xi$f?0XwPE92DSZvyEHR9l4TWj_O`Jyzc=v92c#>Iz72z%HhbDmP{Z`~z){@>w
zQAzX$5PqsWa{*vdT3+>Z<Qpd^^QCTrfYSC;o4pXlPzyvKNAi!Tyf1(@aFWHgHE697
z4NAJ)8W;>-R=GjHcX{k^e<zXZAX4k%=HC*)S6a9{&iyC)W!DC~QSBm8wLCsm&=qu4
z0y(bu%NG$|5jqW&&lDyWljXX=?Y@UPO19~K@5&_ER9exjoI5I;sUFh^YVH5*%jG>}
z=XqtaRNvil)HDkev+><hh)JT1VyB8DgXd-7oV4cCbsz-`Hvm98)LjUX-?m)+;#KF5
z{ClZmhFx!%KPK)NkcT;R(^pI^4RC1CJ5>omQd*jIMA$4cal+eo{GsxLMDd)RcsY9a
z^LzsOsTxFsp8$zBA3@$-E&AUVmi~>u(VP}L+KtGz!UR(qUlDMF(yq<35OgIZA~<tk
zUc<f&BuIsvN0Hu6zNV;0^OmVz!m2N>#sizVg88b;+@1vN70J$gNr!IxKML8S$*W<g
z$vGghv>5**zU)AqiNpKI;U+Ig*@`o#y}aFeq?l8R>j)xL`ugz;du6YZa-8u`M2j$@
z0gA%{;XFPD51y*9n6_r{%N#De?#JmTF_(=$+#b+s54fGowz;46s2QwWykYN(tAO@v
zCz!j92f5cI;`uy#eSfSN{7gU@ke2lF1sp$qvWQLu-sy~{C&#0LDJ`b+nak?!u>i#*
z;xeLN9O$zif%E_XIB)<|fR@YGtB#4P<2xSeAFdwKEQP3dE}&smUN}vv4N$yOU?co+
z0FNnsgJPy`J}T2(@^?@!)t@RRDdN={YRb?K@wafJ!iCP%u+-dPofrt59(4d4{G}c8
z!kl6a9zKf}T6(#NR4H7`|C-hLVj^Dpb4BywhJZD_;T>%*d-in!V+;_)yiYRb@Tbl~
z2rjC98RD1|vM&W6g^R>m4DBXIb~_R~AgPI$@`Me6wW}AodkzIO0F|Kac2Nnhzzn3l
zVdr<SS%1XaxahDC94y-p%Nt8yY;<s`5v3Ym3EE_KPD{$dXw4eK*<@x&1R0_r>$gad
zdoVQ!>lLD$-%c<R5;G7kTBc=$ZD)<_4y!GBw+!NInRn=I?wS}AXrZkc<)>iB4lUtS
zz!8Of)5^rhz}V~?(LG7y-XGENZ{Xw+(V{OU@MRh0{N)<+)HaP+tSj+$Nn5Ih@V<_H
z-oX*=ywiAgpYaezM_>#b8dWp0NSZ^4Gv9W_pRGeWA{QG!hf9suuu?bs`G0RAQOWBa
z5U};g2Sr!`aTboO^$%o<w8ikQly{v6!vMN58fbF+S}vTnuuhugC7Wx-|2Ixy(Jc=$
zJV8EUIP|s|xK+v`Km!Xtorv5c6t<Z!PhS>$T)2VaYgTAVkz7>En`yCZ#*$k(OllxA
zLYZlCzE2>W#<ul|js}0<*uBz!u!Q_yD95*`6*P4VoZokW0MoEIp;wEd10HZXl#&fx
zI(yUFkiB+J*p6e8^jT{r|8}!hk}}HMTk(}`TT~DE6*$(fByEjr%L~M1nU6}ZXRdG5
zNA?W4BcR8h!J?LVVOf=?ri@9kz9qgiDny>L?kK0nNQ8E59c-%8^d_oMB<<3-JkAPM
zGHq~q`MiZYlSB}<znw+EEtYD0ax#)zoM6pdp)_xf&q&5Th)kjFq(XSJ0mEX};zwGq
z2GzR7;ri;ZGRvaI-ka?B1fbV$6q&5#IxB1kVFR|!&JV!KZzuo&Ba1fC&Uof+&7{@K
zdwHYaQ5)1!4R;ldBWeJ>EKGDFY9n0JVfS5~bg-2MmVLZ{-H^Zd2MFdcO-hAf^pJP~
z2GTXe?C3WB<*~p}DB|Z0o0L>6FVDNIPd-)Y2kj$ObfX%$9s1s*UPW&t1&|KXg=v}l
zq)eH&oy>-rx~`VWep;>2k(wih{u5TZR>-#sOXQ_pAGLtP_~**$-M0}v*A6DmZ+HTT
zAdiG@XPmGWqODc23zYcj7oCgXUa*W(C(mC1ayVI!@|%xo;Fte`FKDSR{gvAl)A0P$
zcUvz~p0gh=)$_TbTMzV~407slbviE9mZsD6@o`+~skJXZVHD14a|I{il-MI?9clJd
zm~$vmzsej4=2Ja3$r{(_O3f*rYaak#d7Vk%U+Juk<wj2V`QqyLV5Uw&#!S+c*TD{v
z=FD*Zj2S*kYh70_@Y9{id(i;-jXn3@ZI02fZdN!fIDemETQvFNOHeqzvfI$920qjP
zPHz|?`4<%7ZJ}DRPT5re9o%-pubai@8rhPgWfQ;GnKB!)Q$Kbi1c*E=WFEF1#?zHa
zg}>~vu>Q&@)?EJai;s%B|E-tvYlra)<+Gry;9}0xfo{`fo$H}`1&0o&(%kCAlXOC5
zR@YdN{;)p^wR$5p?gV%i&lBQ~?)*C*78jPo-15_;9D-8&ACUNf9eHi2K~@@Z=vgME
z49-ZDX?PIF2{Jy>>p>amdR(r<BlMMidr&R8ubCqEK`?G!6>U9@JD|O`rrLkOV#Y1+
zkb^j3>SzIVD*^vsgQPgCL;IwgN`=lOojfJv*Iq?4s2zn<#>3z=*<|(^sPF`163Y~Z
zd5{I70V83HOx<Cq;^4gt<_3fZRhp7laTg^flF(ya5vCz4V`?wy{@ZeGKdv4uNzVT=
zwH5?fLF;AOtywneILdn2_TY(x9itfN08V=1<hi(%1(|K^M4hF<<o{&$0vk_7fC&6$
zqxp^h?44~+3k0twqZvI*L?}!GqHz~0rLSSmTd^(~+6nih<Axy+8-S^Oykqwdrupvf
z+yDirN6hy4xoQJ)^?>PiN0CevW97d^_Y4AhRr}-Ks=)L9=7d+SclU)|!5{)gMC!l?
zb--HUvQRG^vi||n{SS2Q3Fo;^lU{2q>G|+@4<bOnynS%X*+opARM(-OKCdz=w{?#E
zMsQJ`L!J8|VwQf{m--<gDNN$N<os7DmIUHmbnM#5W=y)_gJgWv>qL*)tCxn8@I^BH
zz@zT7$iT6KIS7e(W@Djb!)wf_EfX<XAuM{7VsIpl%_8EC5$az=m)Rp>koBNa(mPo2
znh1Hbc{=W%cdsJoJ5B1-OXMcYs{Pj5)1^#52>c5CfCe8thLELZz+7iRW4o;s5STwd
zjlT1PT)y8<TEePeItWdZT`@3}9P4UvdSFU2GLzT@#dhI%oj_&Gwf_wFJ;AFv$)yA>
zS}DOTR^$|G7rJ>KmmgdUYL`q@Aj><t$_%%N=V^CF#%#JiMt6S?Ol^0UvD;-R4GO65
z2Jv%PPx?NvuY7GakU;2^75%*XJz!Fu>+pv7D;Nb;DB@|y=^9V;G?^@5{1LG-!|VZ_
zCVJkko?nlaDm*N0;94dDK34TBK>9EYD@4C9hmz&LSpz`Wh-V#rXegwBNod?KVE^il
zSk0fd2aLDZ(4Yl|(3}}LzH=D26WcZ`tvK6;vI{)oritI#CZdbpLdY@SP^e~HYHFd%
z_5rgp21Qz}hg-7m^nvRbK+p{$%l%kisOEWV3jVv!=8|i+?X^$vH_2=Ahj+be{2&0B
z{xU$Sadb&IMMU6OEWZD;IBwpCW{%D=HU50@CMvl_007=V2P#IApp&LoY-h|U2|Qjy
zWq3_t7fW^yB{w&!IfX#->|g#re(9FFD`+kz9hb1UeJ*kem-c>M=qF0@PPHui3f9aw
za{<~>)svFz(EAyVih&nU_RJGbK@K_eSPY|AP((XRk=cKptI~MU&E0H04*;DaCBa}H
z-kcsyWu^-0RqAQ`G6NA&S=?C(Vx^rdCWQh5CiP9*d>;7ru0OGH+Q7^EhCJh)mcb@r
zTuOT7ghZ}dY${VOxz1$u<$y2Q|H19>5z#L`AEE^#X1IlELKDix&&(0S`)fnDm?5Sh
z5e<m8_75$6pM%Q9LNpiLJfaIIkJDW~o?&*MHug{?{9Nxsbp-K3|J+MP-+V!~^p=pR
z^(mY-try1!)=zJ3csLOZ7ellu#gpBrD$5W^zwt`tmM;n!etme-w7SK?Fm+AS`eWW2
zbV1xs#(uBoO|v|UrE5=*<XORq%BOULXzO%&>S2%FG<2*i5^}#)a}h1HgT}MLf37gd
zowf)mtXUUw3}PxP1iDWSAchBfull1A4TmXa7W2-zxKyb!A{OH}XN@Eoxs}k8LVLo1
zvO=N2yPp)@;^rreWmIMMnSI?>#mMp-(Dy^dSk$aDh*&Z$OH>mW8l%Tc$!|~4D0O3-
zNSY9r_xKO{go4%mz=!X8Jk7n$oY_{GyTJgo*<X4F&<7}4v~=?zttPQ%MwEn!6N|0~
zN;R0G!|L1?0ttC7dD&f2)jMhKEsnmyj3f(qe55(S#iNG|iT!<v;o&H(5FN<eDc$ag
z(gFr>_27O`)3ZGh*NGG1wC?f}gkcsyS&BOKvxokKkPyaQ(P6~Rz^cV(7M)!fR{90|
z`BFE6dW*#ahH~cT6hZVbF7BU^0}eT(DBZJ=0P9(6dRv1h=-fLrz!cq?Jw3N3{&6>s
z`&cogdIBT=fr!J71qgWlRf(dJdkI>~6M#$=khgJAXcp8ztZOzFso!dI1t|x-WhnJ#
z>Vq^D8x`CL)HLMkkI>Wmx|^D=m&0XEQ$(t`K%E#hS|5aAfKL5*<{(P%GaosgUL#hB
z4p1q@{@C1QeD4tN95bbd$%Q1#-i9zZO>I%7`T$<6kSl0{@Oc;FPz(U1XeM3<T(q&d
z9h#|8fIka5niWJXmU38B;FNm<diP}YkzRcum}HpB8j^lvhJ*^@Vg>{h)ltrLR4wHZ
zQk%%xAAYs(GV4dQ)LU9wOzeYQ@?D>uM;s?x#K*P}BqLC(^5Iip`W)jk*TZy*sFMti
z1J`n^xGi>47#m#QRAlJ+uScqH<X;bW4Rs>)>-Pbp6YwY*Gd#OB*WDn%4;pw<9@Rn5
ztF=TP)B##}G1%z~x`$wPGB%nHuJRs`F2p#~qG5?VvPzK~McjV~PLt*V4CW_CQ}ou1
zogg%&hSqW&ov1J{kB+xEaVZAgzJSA^KpBDDoQY`{K=Kg-+ZgIcaix++O^*59LEalz
z2a!$p<FAV;VISzh$aUBiczRROiVi?7rd61f9esLemTj7h!g_}#_`Y9`!puxNXR(o3
zm<-wj1@osDMP3g|{@Y^1yBrwZbJrlK%U^B}s1SqFN`>V~SloNgiQgFHN^D&zdc}Z;
zk!+y&Fdv#{i`P(1BbVFDYMoPEhh-a2PG(or@$Q|RwT-1WBEQve4Y-45c=5#_Obd_`
zuX0`g`^Faul(@3xp43t%WeqH8?y$I|K2HXa+KnT{ty^)vt;T$-jsLXt>(kp&zmJd$
zLuP^!ZZnFLNp7p+_i1sbqZF)O!GoB#diT`keR(sS)+c%71ld=2{4K?3JfK38aeL5}
zEJeCb|9U)Rf{&*LLlj2hj<g3Yn5?%AIl$8e<!lT%*hPtj1!AXH?K?(ufgb!-o{j^1
z(n15t45_B{Xd2?T)-L&2S=bh=(xp|32#E841+-XOPvogQ@Kw4k*gfm=h55oo-0<-Q
zK&>HjNUyH3N(9OIA;lPY4`-Ol?`XN2iZ}J4Dp7I}vV&$nl#F_MGmfHEU|CkLdnX)z
ze}$KneR+g79C#ze1!;Xbtz;CM;QPULQTnXA3(^lWp(-vwYn-S|r;UPVN~3`r<l#P_
zWr_M9lZsJ7;TH(rhZL0f6j<loj)-fG3E%6ddzQ1bB@D~MV5-9r0uFxANC|qLh0$N{
za|SB?BR{j(g_}7?M)*Rw>SP=B6(nXpuyLcyQ=URLbI?yMvCTaOETsm~e#^vvE<3Zr
z|Imcrx~{Cy$`m&oG|;Qe=6d@j*R>GotY2kU-}!4e<d(?bivZV&C=5+71ev*Q5P3%I
z2h5e@?aTq~Zd9RGT|tIWy{zwjgRW)W6~TH@P|NC$;8hZJ_e(rlZ}t@{<V<_l0f*+X
zBAzFmeHaq@4}%rAO2SW?lM&B!0iy1trHJ?NbRi(8=mo!x%U&HZNOazyP_NLMOB<|w
zCsrTwX-(}^@+{X=B$=ey5h{Ndd&G_9_e%-+AxL%4hn2J}v-T@ct}~dXqe{yy30e(F
zmhS}H4=(Cgq?IB(8gy}{e7|ZL2m>29GD42>1oFZ6jn_}T3W3&t&<kFuB4N8ERZ?M<
zx~!IVSQj`VD4q-*IP+-ymTPDf6`InK!{sUV@Qg>U)2CSrV;O9505h0i19o4t&R*R^
zPiUXAm2(dk$$G#E+G7H)3J}q@AQxukF_d(K)IeDN%Zq=fYqS$%<!#v-dU{N^5}qC!
zKRlj#5{VA$)NE0#6?YwfJ|=#42u~bpkMcLFh6giXImO1XY}1MX351e`ZN33>iD0hi
zHjOc>o+zYK<8K*?jl!`hOFGYl{!BS;aWo#XSMv<X-(83N?S)nx&pO+D!;GM`^of{L
z$6{~Z{5yi!k1YG7{UkJ>Kbt$Ul-+z}vunvMNpnggM%|s<1`yv1R_{5#{u7J(#!J$A
z*%@kxw=(J`uFL%RthC@R{2<B)8e2vqltaAiC)72{mcQ%teOk1%=iv%fX8ncnPwyTM
zYAb22TT4;RMvQb!=sVj<tIEqp%9QWLRwAZ`MbobcKh-CWDWB5R+D~c_C{vi|r=`r`
z(#r2<Q_D`>46TezBa0Q8QP%PzQ0=uUOcW56CN{y%wytIIf*mOv$wd}jrJ2vk53KY4
zYhKQEW+zfnJ{)wo8*^$46Ig^meZ@?3RCI4xMyBsM<s_8hg;E@rMTm*~mL%+|b7RU3
zX}0kE);%hdt<wP(Vm-tH%)b_zWnZNl%Vz@&YNOh}`>rc@E)iNS;U&Z(9%XG(@{m#*
z;?iGZbwVvCl!VG8uGER~(HAgL?F<C&<{CB$#X`SyrT598Pj6JI^8deb;IMjxxh}>M
zK*g1S%dOKmx^?r~A)it^PXK(}3sx#|48kSq^&+?4f|E#;y9Qrdw~r1Z7j?@91aF<;
z<8z@xSN+a(olX!Sq^%7Ma2eiC)w6!z50`9M#xPoklHZ=-zl<KID4lK50-x5$sum|%
zyYuzV($`ns*6ZY67e5EqUx(sZN@{8OX#7pg7YJ>XLJGUQ?3K%CTltPzVK{0JWOF*)
zpg-UK<p<YMx}CL>(W#hh(uJZ0q|hvFM+5&AG#ODtg8owOtdZlXL~oQHZmlM0b3(WV
zrS&obh)%7W52hV}I@nYd-=^R%eFanIOT8SiKAy%JW<^<H5&4mfsSy{4=KyK>i8trs
z*ye5ynXfy|h(QI#niJF3HjkhpL)_I@j)A*FKeYVTvmNr3^Xx^j8Ap-`7eyf#tEHMh
z(g>uJgAGpS>j<jN(iau6T_R;Ii1xI3rm5v9LZtwVhI1Cm68MSrslL|}AU<Y@u;Ziw
zqq{B_<PkjX0PNxnqK65z+gCU(_{d3dLIz1F<dr`>^ylVcqa~(6Rytki(;@sInJFiT
zBZhFV>KYGjU%L<SEtJpWiz`TFd@UbcPi5Jk#!3-Zc?VSufqGmk#6+*h;|XKeDJ1!B
zl%sE_wfOqi$tM#xpdt?;%j!tscW(&qE;eh&MLH|P&4j22l~^e*flU|k?TJm51I|`!
zoU4B1st$}B;gMUkv4#Mg)v++k&r~B0C;vk}Q-X1c<CI<+!iq#$Dg|9Z_W1|1GK9{+
z{^xT%sQ}zcy$n4NgCkOurck;35iZcf3?y^CowKNG-H=jqjV|sUtr>}nVhYTEk)fog
zrI$5xjIByMc3fZcJKTHjwV&WV+WugREgr5)?%76m<{$vhYVF|L6rVfFn1@lB+oeht
zzMOyr{0&*_y7|Y$wj!Gu{e2#k3oY_0P1m#(mc(g>^Zth*LMc34S|>W)$NtHzh4D5=
ze5vStK=Q~Of9h-jVbzuzyi(p#x5F*|{%0|-<6w&R7pg=#p%)~q!8ot|5lVNUS6VZ{
z{)&vYyQirnt&2iAiiC`N+#Di@=yB<mmV3>fy`AX;p?hCG3hdBpOE~>0llDbZm9J4B
z7e3eFJlB{_Su97j(po9aAaNv8Yp*%B3`5;`MwlKMs~6gRq6*XE|JNlDbx_HMg>qJe
zXO=3J=>|26)KBNG_NrMOQ3f}!ebfg`VNRe9rYxv(%F_Oz?ugm=3H)vYBVjjA3r2h|
z-jQVno|`Qq2!K_ZE^k5wm`|g;Sv*tK0S_03d2qS}M=1l~G;@9idG6L`-;oTs3glJ4
zZt(GmfVn?Il(UoxOhX6u2clLs{x5y9CxooM_5#0w?slvB!Rfp1oVL@)s>GJ*BHQG&
zw`w7Nj~t0In-7mvFFu2(nP5-<7|9g}%Uv`;6_#)cxPHvFfeTEA5TJhmh62lsuWjL$
zX|4;94?ftoIM*KySj*i}XAjX3B`tVPZ_m86;ZdxrWfxXT{V#)MtR7mWGYTgukNX~;
ziU{ejjkaqWyUilOQy%x}?ZR!=ub;-1Zw|F?GPQLk7y?%~yJt4!1=7xbKSji0^y*yZ
z?&-XS)EI!C?r{o1orT$mQ~=Lp^|yEVS^0^}Wafd>7Y+r9d_Xa&Upe|v7zNWdnEJ)|
z33SU*9(P079F#MTBk|0jfX%%4`8wF|mvA+vmi5#uM*#1GJSiQQb7(e!fAm&`09og!
zAKV;_0W)7faWkK*Xvns&NS4}!PqdiR9ueseOH8+300*|#NSF;D0ea6tW)3jk5FeD>
zuwTK_uEO3=SxVA!0cx-ZD+Xqr*=Ir^=Zs(?<4&pa)JDM4Ew*FFmC~BAwDT?-RW8}M
z(lg+q)h{7RedV9-)#@!1-6q04D+KP&WWo)eF{g>bTU;<QTEtRQ4f+cZ(D}W03TF{=
z5|->E6PWJDPTJk1;ES9>A7W$~<L13}z7$E*%N32XSZ8igumGz}8L59Iz_$Z|!0Pjl
zlZy6lJF>X%Tohj6yvaHi-_uDt$3}^}#UVIe#Tr+Ds^zVe(Jtr%k0R(*-A*8?)1J>_
zGs&2%Cs0Yzz<NZGcwj&PSxw%)2>UI`78P3ekr+m9DHa#~X-hdZ>^ZVm)`sq3l=P9B
zFk`6+fr30s%!7@jG3Ct3tE6fM8G6h#E8KCLdU8vj&6>%YsCSglsuRIx@eiq9EcL~$
z5mx!|K@d|$mckgikwc%3#M#aeVxf%Zo`c7s1uhaMV3xN-3(fDSjVrH~Buy{eB<jp!
z&vpRj-6I~Voyyh@?%9t1Ub}3%%GUvM-WCweN;l*&faZ5#I$*z>7TG~`vl4w8eUjJ$
za<fuYRUpj}3>6$!ML0rRvnVE&_*kRnN$(h~%b5AV)ttD_%bs<WSqtL!RzPm^Nn25q
zt3_$bm>N+9*`V4TtOU;0)7g;6E>_mqZT+MCzOA^%nUe*H?{_YLr0tQalw+%UY#eyl
zqO57gXSYD(&B4J5pIv`!aa1lNbuEi2sZHr*=O=-@_m~A%1D@^mHN3$r;k#x<!@SDm
znTLPI6*T>?yY3Eo+w7r%2=_O$)*DUiG<n)XD@eaz2fWsC4dz*<V{U-F=ZdQx>$!q|
zNO1iiIeqZ_n-{nf{f+eSm2H)<zXg(t-tXvGlMlVaBMJt`z8v@0v*eH@hK^>%G6!HZ
z6hrE#^TGWt{ZX5^92ry|e6J14Tx=*Au40=0b9Eg=AxW3K`qJ`y^)?4}?y{$$$|D3Z
z5EqSzqHL1Q<4ve|SP&g==P75~v|#*C@K;qdSr=*{eul!Cbauzz6#rv@n8Yctdl4i9
z11PORK-nadsG5X31U5%*2DAijL8v`og;2Re2ot(uivyuqaVT>%m8S9fl`sXP!H%G1
z_%hle@|Gw4?53SpaK(l!xg)GPAMW<j`~*W|RP;_XS7+P$@IC+_o}2v={48*f9+$Ni
ze1qitfki~VQQUQt`^nHw3pCd<DfNP86Y}jBHWn0ZU6c*NmpHprH&z<m)ic${_LOON
zLJiC4aT2?@D(MKws+ZVPIUv>yXsZzs$3|7p9P6rX@(g7xQ`6h3<1n9o+JG*>^BoM=
zuBvA8{y;^7LaWtLT|fp#5md+*#s?2VHy$JXu?)Y%&RM)eY%L`vpA@eOc#D7lr|<FD
z5x2pND_5X~W(DXdojZ1iUJ-`0KgxKu-hxnb3;Fk!Sh>ElS{2!1q>@5Qj1heRHPftD
zh{<QPmK?!+)R!11-$UI9_%40LuEQPC>DZ>pns$-&<)|-4*}`L!-S>>ivPJ>UZg3fX
zrhuvD*o>^(#nPbay8u-&t4+fzJ~??&kkaSihsHOcXpRiWdg<(;Jp^{oJ*|59L}Bb0
zkE(U-!jT{w3uVv<WU2@kOu*)E2i-X!rUVux#;*;Bn`RMHwDf4`;XwJs0wIrT{Z#-@
zedquOM~8DXC3qwdwL~*iaF=_m_Djen#uq33j$}P<Eqfi-VTGzYdiwUk+2CLOJ(Y3|
z;;#q<ma9X0@I*h2tmeK<&Xl+qKZ?6z>9l<Slk2r}vNaaCT^?xNZIP=@fG8#T-)$V@
zhQ7YF9x3}P=y~jgB%oYl%%&h_6bu9H;@QOr%tnjmsF8E>x;%lnpVNf{5T_VNj_R_5
zcBWbM^@18e=#t6(G!^#f?E8{$jI!Nm7_Mb`vv7TbdQEz>g0|t&S+9b2_T-haghTcv
zCPAD)kmP3S^;wSM#v*3L8AcuTY#r_Mv|RVkv&Z!hpCVkWF}i|VSx<*M#(}8@hmB+5
zA?blXA?-+QRjdc#izJhSEF_lQ)Q-irJ)Z2BXBei29oFJHS#~eSWaGDX2VgsHlf6OM
zM>@0kpqJz?-+624uj9kDrB=fvQO8<UvbOq$G_PwoPc!Ud`<<~`rp6`v+$5ogM?B%3
zB2IFaqF17^huxkmk;tI(V3?p>y&>;=UA#2Z5tJA<?ShOnlo%<!F{=)m>`MuoC<&99
zv+6fa?j><4WD`0cGKNOHsoeIL5x6ite^vQ!VW9Mb+CsZD_Ifmm2W!e=KgVC;_-1Ev
zZPL3beLy&5kY#Uq3JP@=+fpjs-2mw(crmU79+GQBB&PxQaWgI|8j@>=7w}^e@TG~C
zk8xyNja7$+oE-}VVjz*#PDTskZkln)Y_({SHk=0}_Rl&VDFHb0^~e$j;x5O2YC^}D
zsra~EA^9nq_rmcAQvO<#Z4xJnY`Mxr7sHrTIVm)gr|Pl!ZLvkCRqt?{&x{i!ZYyjQ
zo5M4!$cokYpCtt~aM&)^Xh%i9_!vt$47|m<E9E7rCr8rXP)8kai2DUWY{+qgp@4KV
zv~B1Eh6UOO7{j9*PLIP}l{j0L{4DgL%M4<!zw|Q_9g`+H+$#V8^>!CkgrEu427+66
zBrH7GKSCK<6zLWTnTU1TKMYjp0^A-z6Mx<%v<a7Nhf5Z8*|x|Q??f{p!qQdDHN;%a
z2`*--dp3R$HIB?bzw!WB=gxUlHotF~b`27zs^&JsdTYvj&x%cy#Uc}#1dBp{@od#;
z+3PaMcuIK}!1(+^2#LFQN7`)i&3&c0D(X~y0|h^y639k~6b)P$K{L^X4>H`jlcx<E
zni@M5ZnYhesyu1aVYvrmU<eZ8x2%dc!qczQXlpW_VU=7Wcf0KZv3z21bT0P%^Y>z2
zH2$7rW3>&m`RYT%>}JdJ6}|e>T($+}9;S%ZfKBf;HPB4g35p;Z%y%%jG9DM86<un5
zyf>4omn!BX+gg4ibfWM)eAtrLvsqv^%VKd|Aj>bNI=^PahUbIdO;v!#rx4&*{;qy3
zWBGzlN9~AF-!E%hc?RKag>Oig<0>}5I0;16Gfj~U91}da1jcHh0D6<&^C&sM>)xQ|
zY8@5j4>rEcmMo%F6gmlABLN6WJ$*|VhtTu(9opE;^VLc`Pri5r7PUlhwe76t^-v&q
zAL>ZlvAfzbtuf~f9_Oe}z~efac14ylCffiSHYjRTL&yS29IRH5U<-~m_8s?7CO|PF
z)f#(97MVCq42{fUGqea{#6W-oUX_~;^X)$X0007c0xF^s<4gn6Sv1&^?^p^iQVX?d
z4}ztTIFP5^ICQ8f{tWIQj3YSHr+(bCL<ifx4Hro!-=PRH8WHpK1yS1WI~$8fObqqW
zYC=qe1~eSOPmkwc+*`!m({fb^r^7qYvyyXPr2MQ4eb(khRoncMIi|C87?1OVW|-(k
zWrQ6FA6MGFNOo{L^w_L0L%<r2+@ESKK14?i${aKC^znDaMy8;prwr($IicVct+zVk
z<X3bQ;2~-@u6Ms>U{-qD?^NzHGL3t>Z>kM~`KXfqvp1c%)1re_;7~pNOSua<LCb2_
zP9Mm^8}=lb>%WH9;M<NSjR;y2KKCjL^7%??hWW93@rR2iJFH)Q-^FyVx1au^0nHJ9
ziX@W=mM@gvvhOp&{?>Ev`g39+j=d%D52?y6i}!lcV~Ul&Mlx%#|Jb`l676kh<?AKv
z)ct#jm)OuS00B?xUT=&Q_DN7zmET3+Gz-<6;))LL^t?Dg>13EHtf+)MN{|3J!%5Ya
z?XN{?e@CixVn&a2t?%sW!{C#+v|JG{A*|9F-H1WIlUw$!p-+g`(s()hmJ_UkaUQ#i
zsiPvQ$qf%8`Y<&@$?zN-jDt>WfL!RH_~I}=Qb;Wg^~Rs-?xxo*L07EUu#lpm^)Ov1
zOV5eJfKEjkL@4_oW%PI#Eo-8@c$mNUPrhAFS4|!TTNM2u=m*JRn)rDXl7WD9Wk7AS
zb*_?Uw%=EeD`@+V68sc=t=1ZnJA$yrMEAx8;4L-oe%8TpRNi#_u>caCz6;l|l7j^e
zG5NYCk?lsTqad?}gwkwPP4uCFAwUR$R)SUQvc#NUEh64?$S_MlKa%=-x=8XV5Ud%B
zGf+z#iHL0UOX<28=a}nc<&1UkB#yk#?OGY-4wn({Ku)4q5;ZGg<UOU=1r(ut4izEB
zmho<}1~kC$3Uj_{KTz6=l3q3z_cJy@vIt;0e4+vll4GIK+ywg_emL=D<2Ee<pxm}_
zh`IRA`T7|_@?g?LBelXWWI`_6irhd1Akb1|24rxUzx9n!81dB+%1M%0dT-E8jM}C_
zAh-IT+XGvik&@0)uPLiFzc~XAFpHAcZj7l{Io7ij0dPxy`9hF&#!gT{nRyIDHW4ka
zutiws)NQh^22|<rKuYSuLpm$7S~S{3%wp*7Ii(2m+Rx;i;yEszc6<0E`+h@tE~*=)
z>-_2+@-@p_Q{kSO8m9$b5ZmY?N8}iMxtiYQ1nsP6L%=7!OB4c?O_6AENjkG0?P;>r
z&j~$(gNKgwq)Nkm*5O^)D-3%{9%J#{OQGs|djk2D5jC7c7JN-QM`r83{kC%4F_M*_
zDR1zSv4=<~TYDZr6sKZe;)9jlsg;ARRt35s?SG2*+;b1}C9I65ct|G0^MnJyIW~D4
zanZ7zz`gJ+r8qh|q?Bgsqq1)<&d&MaFx)!mKxhUZS{1s(Hh=lR^W<=qJ0n_K&?>%M
zb*x=W$iP2&umH2F!f)07!|`(VM%NuF=%#kS03=JdFHByXukl`sgp<-DG(3-#qBHiB
z;m~q}YsyFI4zHom054Havn=Ksam<9swMd7LrgPr*4QHnj%5+)*yZ{;nnKI$#JZNzS
z3Li}i(-L9#ZNt{}%oQgLGf<pc{rh0jt{W4ASn?&(FoGr84~@#G*2ZHVqy#!k-S6~n
zB?%$%e00IeS@1I?TpllT>MR8n4=n$jMLofDGJw9&I6DWvzKiUL%^;Koj4glBHm&)f
zPv%@%1i9PI_%06Zxv3sB!{_b=v^$FwcJi>%Csj$_@(TQHR=X-y4Y5_nQ`zb+7J39K
zyLMwu(O?yS;BgoXnRJ?{J<nc!X-Q!Uv*ixMH6lkdWzMu$l(&4LA~x_8DDE63uuSd=
zN3Pw)F6a8W(FT)QKmmi*VB#w~jvh*)YmpjdvT{RQGvl7|@XG_WZ1-4;Haf2qHDVF~
zLh^>nhpQ&KfB;~He2*3s)Fm%jk`^V$&;I6VbpO|fg&$QXJc<xCvkJHseqqq$<g*S*
zG!eBT7t%Wr=rl&$8)-wfpwDM%TIwEXy8t4DF<#Dl9gIkeMK_wYP9QR2ZKobV9J-JN
zPy&y_p(w^+0h~d_FOpBMRUNNUDk7W={p?~*Vm$CENYszU-;J-!ACLe631pZNRV;!D
zb~@%fCm#18&eiNoy!9BEqIl(!=)#3AUUyL8ZG;UFB>7(Cf=7SQ$rKeQKbzJ>8PDYW
z$EsGh+D^Vxm_By4EK?R=$$xK9LW9IMNKtKm+Tt{vfG_2WL+zkW`Pwf(S(i!W{kPgd
z@P)kUnR()znDmsKIl|Xm#>TzKZ07oq0=)J<x469ELOM_12&-$9gTx>(h90JztLdRT
z#n$pvB#y~NAHP5V0Hb4p<|K@MMm$hyS(a6?s1R?%U*N`AA8I6YSVl;!04+qTpE<xM
zLsx<_ax)D8pSr+`sj(5oRL}xgJC;lo%FK%DO>|i%=W|L6PgUBaw*n4edkv9sk!6ir
ztPk54V-Xc@h}p_poG|<tSY6K-Hsej8*KXltcbU7FF8YRE_^T1<-}p<3goyVjeM#fh
z>vxKe|5I(E-WQ(N`oE|*g{Y*^oz8qa$<zQH<c(Xj-cUi?L~`^<64?W_VJ`FZ#vR5d
zG7o(=F#$(E^z|FC$o9F)xIi!ynsoN*DiC%2_H8S`0@v`jfbd5@sH(Q22|{B^2LxC5
zVf$HWatKZq*yVaAjtwoaBb;;^*N@F<6R-)7#VtaF4b&}422G0kWNIUtCjV7h9a#OH
zkx&CHH`*J@gPu3%H*Jfs&)rA(rpO`-fA5bg)Sxhfb_KHB007isSix74KToB&7b4%y
zJQ29M#br=lf9wHM%S%u#`wLx6Qs@WNLOne;ulZxVE9=wDhEZLi6mjaq;q)-{Rww~u
zeO`vu-_i^0L(8;RlDNa-EFgkgdApQ7888atMd51jSa+FX>~#I1twK4jg1b!Z2lS>l
zs-WwLm7q+DC#<&$a1y6+Cz}t4bZO%CN*Gr~=2jkPr?2Xr&Zz?8!pKX*OhOI%aB}EP
zpa65Mr@4I?rsEy1gLU$R(}Fs4+pS&lvCyvXlFO-Zc0sdXfpy_}3<SB~*Owj5G*5PZ
z$S=oOLe)|F2<hf3Dn0=_auc6rA6jIKLJOI$F@vr}OZ)ymDN5O4U-#)ZWO;QyEi5mj
z*hxO7?J_w)b$uMJceLhqQE@Eey%_lon|yhRQXq5u%#<d`Ye#Ps(Xoliqk^*%HJhyd
zZz^dYmbku}A_;BM%`-}<E94iNqtEz?9xRXS+YAbq7bsDN<-PZm=TH;5<d<|*{aY&V
z00B>ut(e4<!X+MMgN5BChVBc+w1lTtkQ^-qKz;eiQXF!X-^XE`r4>yFeaHp}3Pxxm
z@k7dypG;0bMM=f5{pbLS*-A-A<Q7oKt{+Ip;!)zE&adhz+sv2%Z>%*w3*56IVObCP
zIgHnwmNMxbju}Xkd8bmJTgr*NVMfr~-~of<Td(Q~vL++@xj}%ECjAU-P!c`4B-3VQ
zw1<7-slx}zo3%v6<w>EAc&pGZV~(gOK)zsu)^BasH_4+eCD3B`!O(3qoNMkJJs4)}
zfS6v7M090*PcNE2C9QuL$OP;zUS0~hCj8OcB=M~3#3$eY2@GqfvFC%dRdQf?eIt>s
zOOm7<BXww;PfH^tQ$@z4<;-RBxPakmFoJ3`Dw7XGj{pEEOczl`%LVeiwAt{$FIALt
z`h=(*=0#U30}e70Vyf;22$@A~R!}S<qoI*6;cj9>I?G?HiF-i@<Zmti4%*b`nWjnt
ztYj;1+L^sT1?v&XZ9*n}NQ*rM=1Ub;KEMI%*f;U&d+?exImdw*CcsHcxTM5A28QpX
z;n`p3l9jTbtZ3E0BePeuNL%eF@RC^}V>&1*Ffc4gYZk7<)b2O(zs2xa^qfqMI82Ep
zI@62Z)cjmmWM}_(e4W+j8M1qiK5$W&%G#B=0spUsX8&{yD;w&-WQkTMMv2>zTQ_P-
zVI<ATH~=_6$G?6w(VeEHq$_umtY~%O15y|Njz7w{5O>aer(gI#sB5y_td&_)cb&&9
zhttl5Ao)E@xaV+_8H<Rg3drX-R8QAL-cp-a1<2N=@%dzXkliT@Li`S&{%PI|A<;Qb
z3;7`!d}$78zytu$NV7Sw>TqCZEhx`hVdmUr=8@bl@z()|EW|KOn4(D|m?Ep8W~*LC
zauTN}d}sT7-1FtWXik`H_-+;V`<-yuFD-nPcd?(lK>thQZL2c!sKW^$roN0F9!^HF
zhgHAya%mZdThfL7>*NvNryZ#p7KdDqr(j(0wUKm0v9^zZ&&^V%nx<$*!YbI?GxN=O
z09*y*nG)wpTQHln-K{rJ-5gh7*!fGVoBa`Mde;3dU{{PeUbERazk~CTOdGZ53xShr
z97+RfBk|y6sW|U=LJ@5k&HJk7f<D<g`gqGBbDuo21(^sSOw*WnSl&&P>y5^~(57LF
z_Ac)rX#e$@vA$_(>wc5~01=oZ3xLj%8evV{x&cr`Fkj$sFrkdHR}bR}(8w$T%z6hN
zU?@6xn%Z$oQqtkwpT<wJJimJtXKrVK&tj`h{2JAlYa)g#|C92w)n6fN+VYueK1<uj
zkvNEBO|3I7wQ{wVZU6|t6^=Yma5@j=iz>|5!Cw<tXW5pIPRf$%qQwi}<LP^u$sa8M
zE%il6ghu8;zBqQ*RMLPit!mEQd*{*5xrR<sqWnMehw`+OV`Oi#41H4EexwqVVFj^Y
zc{b@3{l?Uc9?jS$HYW&f-j;B+6Y$q%z^q^<Tt+}ER!%F|LL~MTNB{?U+<H!M=n^W9
zBO+nRRZzPaW2h8Jh3AZ2S_9hK&!?B7k<$f3BU2*>^52{uRV6;O#t^8%ON!^gl5!#<
zQ6Z*np?5y(pav}5K6zdx?~k1MXaddyt-m0VS5KIdx$#)8a%F|cxP*+_8vCWItU4vg
zB?2R@))c3e5J-t3mE#fMDNtfjg-{}Y>tbm1?E}O%Hb?y?P&{MRW1SZCIVh;+JxeEI
zFEF~@KGoO4%4h$}4Z}BUYhf@?dV;GAYvV>z>eESKlz>b-&~k#>q~rHpVFdNgvif8p
zYoJDd@d>o!FcijTU{t81DS`{f?2#mOR5w&PpTs>a<hKf7%{%?xcQLpC!SkC72r5IN
z;*dOjt~~gx44mzX>|1q-0e}%SCVG2zQ!0ryMB1p~BeU769v~iM*=M#jnri|xjzeNZ
z1_JbCMdIu&V%SAke8xtM8Lh(e!=l11B$hbNN$~xoGs6|SSb&lVXqKCKv6om|;aLoG
zG<pG;@u)|m81~kKG?YjHCHa@ZK$07wuG~BK=WB!!M7g1Q!oZY<c>ew1x3Z!wqi1SB
z1x_lZjS*iQFh-IJN%X4c$sn>|0+6M%+ywV@MXlGrSDBIMykr8R+O}S%y8^`LvhK<`
z2KM+51odXKgTb<`uHS6w`L}wzE=lgfUSgr*_;3LmNdRz1Dh|N<qjV<BPVfi%VxWE_
zoT~bcJAcX}Yv7@_mrr*bKyU@Zy_GN8ylAgB;SPUBFpKuLl*4+gq-uMO15m9WrX>TO
z8`^&A<3wtOvknkT?J$dBMkb0eH`B=^%nsLx67$oNU3`gZ4c;s%ip2L_Z+|cUJR3WC
z-`Fi%a(W4Ke0pBA)gss>Hq}Bg+7Ik`!^*pi6GXsd-LlS|%4ePc%65)1l&U176@~@m
zP%oHIk#OX;Q86DdO)0cKi^T~kg{MkV{ONA#q*Fk$j%Mf#p~ALe7RVTACrcfS_v5Ac
zsOuP^Aw!Xr0}Ae9;e#O3bOdKNp?N}YeEg>68zzr4H>d9Cv5CBnVLJN+HqTv${Tsc(
z6x^Y>1e=>pasfTs#@u_Q#Yfcp11<(uq`QYjK{fd_i$XYn$FO_4*NO_SJdhm}Uajai
zC3NjT?wcS0VR=>|TF+1ZcaN`lcwJ$CV!`+8vV$Q1E+K}H0v^G<5y*u=CHf(Ap*nr+
zV&lGtWx@^Lq&W9$y>|bWTgk-q`ZD@Cz%pB;QtWSooz1!Vg3#IF&+)MP@w)_Rf{U9K
zF>8fF>(7eslK(PCl0c03+>|ps$r{*-ckzx`{3S17ALvRd@>VuJFne~I50<A)1Ehjb
z`W*Usr%g+VjyZUt&zW0i(CNbOt}f1i&lW_7_6k%V=Vq8owqH))5f`7BO5vPe!+dRC
zN5AN_-`i8P41NSnT!bbJ65cS91&rY`-LJGIbCVkZZYDO0z0lz<*zf~z=~<C*t=pqX
zm<^_5n;o(Dt9L%?02I`HA+W%7&_RxZ|DeX$Y9b02ykEoB=-RV?Sdfqvc5V)#AD00W
zv#T=GmBkJ%7FB{c4`w9IR##}*QlCyI^y_1bH3YzCgBvIq^n>R9587!~Lrn4dS@RvC
z@mtI8NB{s2#YJL(vF#N|1+L1A()(jBy2)|^N%wu?Pnd*K@JE@s#G#Yh=CRn%nHVJ?
zfo%M{dmeiwgu~-R@w4n^_ij}KN={<3eaMY}4}JJg#(J1zAwpzq%Lj(S@l#eCxwzLI
z(;#S3{<?p2KLP`fpK>hAwG|?9t_P}t=q%+OjcXa=pJBb^EursI-~Uu751&tNE@#m^
z*&k;~GlNXYcyKEs$fgILOsK7&NHgT#$SR&|{Ye~s)i#>X+869sZ&p778bAop2FC$c
zcZf|hHEJ`XnjLyN6CywsR~1Kg!RXo@CfUlk5yb;G5F0I&!u~`=o+|ZG{l1W|Nx7vJ
zfm>-SeRc}S(AaRp@0-BhG2sz(5U5H~%;wf3p;CW)l#B#p-gtcl;#pCT7r5tBhLfRm
zp*2l+!Z#tRfVg&!N_;9U(kNE@K@UP^XCeL93^-6Pc0_O!5lmc4Nastw=|>fdSX6&u
zLxY4l;<-bbe}k#Z+@Kv`+IfJifhg<!sN6-VMI!nUI(ta{vXG|b#KLP!Zw{ptgR;@w
z_*1r1-@qU)2oMn~G#jo93vb6ew@fnhp{Ae@E0@KbaZ*`t_NQ$g#{e-Asp2#KBy;&v
z?wCfzr1iDtee;sA#&5+Ai)g>Zio66kUNZd2YI`ElKUpmw4GbY@&Vj+O6bx_b%Hmld
z3)Ny*5_`1q){nSFBy#5$k7?9rPbT<9;?J-`ttl$H;291^Sg8!BR6_kOGOU7_g^7R}
z*}af&=I2=Md5u1jrt1&BDK*IwI^Y%ZH1Kwl7N^(cIQ&}(;(b}_lsBzzoX?Q&E{%Pl
zD9H@FhU^HXE_G`V7@$-Wf(uKzkS)hotBMC!^v4}GL2078k_rlG<W?@iZ|7a+R*x8L
zt?lW5&_&_^a|P~<wP>~ojC1fomO=Lm9pNAKVx}zRmbuQnUUs96>KlWaV{^=Ah^eSA
zLOLY(7Hp(a?SZ%7w5##3_`ivGJ%~Scm)$SG!RNrvI!ROvqsK>b6dB^?d8QejxjREl
z#2OS)1VTsXTStWB)kva!TvPn+7bG%fKM;__zR{bZK&nQ@W`eVtZ4AkUBKC<8uZE?h
zRdm~73h4j??7fYPB?eZT6F1KnP$-kIUXl9;mR7IJBHWL|^(pj&cK3a-Z<cwM7<PUz
zDMdgU6aip?I4L-&+xbcvF~sT<U<Q7OZQV5o6n#F7h*<K579M4Bn^*E1&!Z8xss*5X
z<55j<4^vG8r7m}|dtl67bOtdp!q3t$gT{I^xZC5gIG4EBA5SsbR(3u+?K}S>BM`b?
z@N^^0qmeD)B(Q%6bw)ux1s2tY3_>02%L@i1W|rxX{}iAzt}E2oU&nPlx1(8f>0I)k
zU^dz|&Y9U|H9w|+L5T?s1F}HD(8I3D4VX)9o&F5Zgf1zp(5ZpI3sl`~jd}0m>j*-R
zhbBKB=_0NwX%sN9URF-rcZ8(NtZ~T0yX<oHZX~{eROn}c0Awy!^qs>>Ky;xVG;xX+
zV4jw)JB42|5?To?8E*3Ip)_z6n38-3v!sOCBO#J+uu&)t1S(%97z{Nd6MQT)x$a8k
zVoXdOJnDv3ESra33`0^hKjd6)IxU5SsD^{EN3`8Mt2069o=op+Y@^kFnP{@b%Y~k$
zs)MhKMQ0nZ7MQ)o6ND>XcVV`-i$CRBXqnt^M{SRQrX2@{4?N=MQY}EIJKYAu1NQtO
zOAb*}$(yoWdxx_QVEKXM$BP~)ju$4g^8h#;=(J9YR=-hAeBLgXw1mmH3I^Op&8Qer
zX+dGD{|*y8Vp4Y>c8L$!@d}_^)0Rz$1QuO@<z$M~d2bE3golC-;&v0L07maKYT?MR
zORqjRWfH}^wA)JaPuEqji2+dl^b3jDI)IGy0WKpa0PH7?jHKONU#hEptgNMo59n9D
z8Dj=SaxL6`I`-X3b+j+fBnUP(4&B0n!j3;R^t+4l{1o>rmH-n5+OyP6-5(&`Q5YaA
zX#DR+izmeep}dJ=!pL{$hk4Lgd}P4B8lr?4^Or6E=H5ovz17%P@Zfq%YLs#5>M>ti
zhLaL>qlN$(msX?ucxlLOl5yYy_}^DeWX7Ik8fH#^hEET;p^w*)MIRyQEB_Qd3e93m
zC*xKATi^yYp;}gh)M?2ID+w|*5f<8Gz47R1aNsG>H(M5kwVo-H6}Ma<Hoacs+>w@T
zzIy=qY#a_7sDyN>=B{E|I>ZjwS%MegWsjP_#UxBqO4)tmp|eib8D1sN(l2F(3<l%m
zzf)u?wIn_z*2<Ji8g?2Bz>m+<>p4pH+^uw+K!))WfydenD^7bnHVm5RAiw|!(Qp|e
zPEV-jNB3@p0E7$L=@nF2R<p?k$!ZSBP;U0*k?-g$oOL)rq8RFnJ#9y}4?S8003tM{
zSU7eG+Gf<;kO1ARXOtTAEGU>tc3l4H#KX0M^o`=X+R(+6V{3Q#x&kHV!GrUAAhl7w
zl4-dP0CFHebt=Lo%;uKxwSZP>2uV0*8G7**K$n~ZI-!$WzBEw~CkO^&&<%Yk<8pZ@
z?;_T1We(|<Rg1QW@ulU`8tEvv)o6xMFh7z6o7sxGvuJaPMr~IOWRK3>Yb&<wpCz2=
z%zmf$+^{Xj3L0cTn^)FHQMX!`wkXD`K+myGSv1=k4$7(c)0}rd{~XvLm8UQV0xCHh
zeN%X;v{E3_1nsJ~^fRJ60PQ!hP5@n53tbGUYglSu^A7NCVv{T5T7F2sl|U`L1sWeY
z_^}%5StyUzF@{Jr2r1aIM^UWUZ(xDT%PvU5|7;9L&d_2;?T5`19_pd4X6Z_zGqxR)
zh@H?YXhLf77bSb`KE^(CXGT8Y^?(DC0=vx7=#X_waVS9fCy+@!?7x~iCALf@E@7L1
znQk*c07-eJh~GG+%p_T<AK3Xn#7Ri;{c;mT*%+y!>oiPT3J3ZK6X%EMc4>Y5`h6m8
zg$S1t>?ui=B3?Xm!=R$}$fOhSdQHg$g{>7NTm_iCNK186<6&0J#+?b?5B7N7S>T9@
z)?f{Q04A9$t|j*Mi&}&6mWrOvcn9Z1Bh&>_+}><$sXQb=0YounM!bMR{eVR>K5$Ct
z0VgLYh<|W`)&3yH=T5&RG62DRQrYycDJju$k!AN%!)Q&af=3Vp-*$ExiuTYxDJ)kx
z3iK^fAUA3;go3(nrBev`^cdv<_oB<t<gXs{`tU0$6yvJQH&6Ru_Q;i!#@mGMgOdLy
zE?i4F`ZE_m3@?@;IA+FR4y=$_T|NmR2OsF*w_{v-Ip2JjthHKgyvudv`IJ?iu^Z`s
z;Cfrjn=2+8p$pLfq4{)0Dus@57zBDm_mq4{&CvK5Y`*dXEfQ!}Fy}2zm=7R*J{tv_
zo`zbR00poqt*mRmcFKj<Z?*~wSa!s1UXpY;yIExL=M1s7A6le?=Jf8h90zRtpM4#l
zf>zN;sUd}sYS1pWpc(j?IhF7S=~Nz{$Wd@zOV$cBY_xtr61u;b><k)ZPhn3xMX%`q
zJIO4ly2M9(7<j{H0>BFDXaH#SM^A%F65nryX_G$-dLJ|vs$9DH0^vTjG72bCSRn)m
z)K#0Y0t_*e6VIdYb(`LvgFcY_it&Ev@PeRft6o<Cf2zwH@-3bD?ve~u1tc)|H29YI
zh=M<qn?tB8=)Xe~%J+XXQ!3iHva0Pj(P;ppZdW<bF&&SGgl&_?{~!o>7V0r|HNcoa
zjzeX2y#@x@^)N|9nblPmGVM<=@>F)WSvUVJE{pd%l~d;MmjnaR)g`$sXM?8Hj!BVd
zPQ5chnd!HNRkzRCub>=QfQ6J8ZbrEpSKp2m6QV&*?_D4ZBlJY;^AvO0G@U>I3&!V2
zq?c%nGEJ?WWhd%H3Xn^Ogo2BH?R=RQ)CS}NC(n7bC%uofJV7rT(!so(1KfstI7i{0
zdlldfQ^zwC=!*$|fuwxk`$Jk94^*winxH{R5${2M(j)^CD$kYM#}vl$I(VbR7h(}T
z5(wMEnU%4q=$8}pWpU8Sth9bZidFy<YP<GkeC-!{TtI{0-wocT%>_#fqG$jE$Re94
zy;<wfR)h$}qyVcWu{|zYp4G_9=cvWxNoOgCr*2O=TFJw?_n|6d#xBSN(-sLQCpX+c
z-wz!?<~i^UPQH-yN}nWr8rB3!Q<72~S{eyZBbr|ii<ls*NJRM$e$&s4pbwE|!>fIi
zuugr@yNVyYH26eA7{fgUNL7OY==Ux@R6o#*1kN@hB--wP@1YsVM|?}0DkP6agW0xC
zt{Ql`5CDL|GvWHwl6VM0M|@$Q_+{8LTra6^uFDfnW$)=WW7P;XoU>_w2swA8F)LDO
z_|w3el%VidDt#t=<fDsN>78B9UV787A@vmZU@867BY`|_#?A#0kRQyi#MvWbB+oAw
z5>munpp_7K^oJN!TkFm46ea*eh)MHXXC(P^v0^f**kk?{a^var;EFU{!rpYu52ifG
zf{cV6PgiK}l$M_GQN%JZKmATC90N0m*>XJ++7!LyQGgJ%#>5r?=y&<q<C*O+W35er
z0BvuXl~3zTX%pdu0)bsRYvjN_iwfn0+`jsK;bPVE^7EzL&#BLhmv;xT({%OrHZX7c
zBEQLaW%mhf3BoEAfZG6I-syl-o=s0zatNdrOOo|HcR37it`!bkp3vi7Y+E?oRj=#?
zk8+Z_CC{eC>#swR)3v4YTn?n~a7iyH8uv=TYJ_`(;W{3W7q5zt+XSLyK%Bic$Xd9T
zo9+pXUfvX+&#0weU1p|A&mYL_2h+5sQ4WG$3S>|yK&%rCwrJ1IXl>61%NYziUrq;*
z*eJ6&nQZ<P00es;ryn*HV2!I*%m@|r?BSTGcbu1>DP;eDId*;hTSx?<MVof>%^@HB
zq3J&)`Wq`8mAP;7=Xbn)RpVzAIv^UrL184AUfj*L+i2WTvCv@gIeNw#ixIpON<VSQ
zyW~ixgtCDkuq3;}Vrp%|XEs)Df2*x8@4iY6zA1uJ2;fe5lUi13Fr-ONe`RSeLG`3m
zGNh4yl4?SWcFCN2p2{*38Orwu4D5_ZTLA}*$1@~^A)E#Ev?8kKI7vZS$BvtoZP5tq
zICkvH$HTyr3RzoLd%{wx0W=lMQ%BeWoYWVsCzklF5rc#j9|Bj1#95QQ0$J}GBBN!t
zkO6geXQss+Y5=}MwSlo_f`}#16FYv`TS@eW`lE=4S5fcL=Yu1#6oFd~av&W}Pd4o-
zzO;7>cM)=Vga?@Mlu{_}yf?WGiJktN-b;p{Ov2*}#~W)qMJYjz9Gi)k_AEWD`g^hP
z8Z90L=p+F6t}xESN5$73=fJGZDIWF&65|TajvoZJ$&FIn0#O?5s)8G){zK*&@-t^m
zcC33Q%h6R}C3T>f#WJ+jBp0g}KI+Y%pRaz;t$WPrRN-~Dwpp*Z<QG`N7j(Nqm0b)S
zq{H4qF2IyRQlXlf_)PH{8;`n1<TiBIGDDXqAZ2fYusiVn1!!N~Mb0Z}^ks-BIBE?S
zGUW9iGI={ccia7Ji})iovpm{X;L!dh-TP%gJOrn=BW)3fW%Oj(52K$NM+$;AKcl$<
z0?(RwjX(a#l({-oj2wY>^4j+08GnweS*V0{FYaO@olse*YAHm`Q;ye#(J#>lK0u1e
z?FXY|TH4zbj@PgyXbub^$q<%+NXiv!NHf{`P&v}p09HzPfQRUukRCBckjruB?6$TL
zd)oj84*@7C=e3UeA~9b`dbX#UA=eWk{#@wGshuwB-~xfwL1*xvf-C4yS2V|8`F8gV
z>&e0LCH;ER*&@UO`SegLYzvlKft;%;-bocyBc^nQ8)#*ybz)CguHqI3a-}ua=~K<)
zfa8z-D!3<5fhV|p=2DD4IZ(lWcm?KQr9mS=?$BkuRSv_Td}$cmji?=5jo;OI2sDk|
z1Ielg0S!U*TLsG|EMx4!4&fV}i!pc~xkSKH7lg!$p`fwh_*xyYz9h$MskVmZ+c%0Z
z01DwBd+QJeqL9}GO^(0>b{@g*l!Ckgcmh}uca-qv=rLKUD?z)};ftcA9#`6mm87XT
zBB7ZsQ}c?lXIHF109m{YBL+LKd=?Hope!818RI4)FK@Y}BY;qu5yN@MQRdi$UUt<p
z{t9U|BZp~}4)Rp})j}@H+LM<5y~R9g8)3?)FUe!@wI$f|sPMhQfhAe;`Gj_A$a#Ye
z({j3IqDclY3J*p}%yMcr^|f(t65NU|Oluj6lp;+$wP?!d3Nfi#IbKwyBmoxYDU+WC
zB=(eF8GQyy+;|Re>2I;4(^id|^j56q9*n!Mmf^7EI$05!OVj;dZk|4q7{r5B74qb$
zdxe;@s|nlo5cAhkNpLO5*vV8JSH+u!qO1L%2T7f<nB8dU1>sZ<K)>Lrl0JVy?MIcX
z{Q1L%#l-dDv*i?h#gvjn#FCeXy}dwVfB+3iT|9#RVA#gnkjz-TMc4aj^^KH5)d$za
zCv$6K&<A}Epl*RY!KMHJ_+h{$<$vIY{SZpr_Y5>wi3X6xXL+gz(h}2@`?~0(RSev?
zq3+Q;j1`<90Y~%IV75aq^#eHCx<4lt^s80nE-sX3<??Q!r)9~asTOe(*X5wk-@quA
zVUk1**j-y_PA*#a-l(r0E)qW@)GQI_Fi36z)L?>D=TOL~pnM0ds<^43+T|4Y76gbF
zN5DgB=a-9@HlpV>ks{k1j)<C?&i(;7Lu-fP9LZtIMF?R*k{GZ=F~t{JjFFh$j@<5s
z2S!F|Z{D7#edMlu!4()*$>h(^pZTjhnkAsr;|gg%KwcD4;zx7a><L*eW(mi2%v9Vy
zvl%_(Wx69LA}eXaKwbaY3MCSt;EadZkth34P~fRF>84`tL<Q}okSuT+-LW;KmQ$(K
z5jF5C>PMIFCd;a7VshZIc-Ptl?JJ_*Z)<NwLup5?oc8A<v+zZH7ge3K4vD+=sN-Ii
zMvxckIJ>M%Iu$=w2M=;g@65MP_Zk3K_T6)p#8-%&0_)hEU9`bpkBK;yfd_bh=DD{*
z#h3}tq~5Tw{WQW&g6QzwJcShDx%?Hc-$k<4r-CYZ{Duoj=UYbvH@S`0-188iYz!$a
zPX7<GtK~5W1N4n@5}vD-VTq5GtYNT)ZfJUfVohwtTu-yV=*4yiBu;U0)cbv|2;w?T
z_+}lqV({@>EdN{j3ERR1SfOA@sMx4VlUeTINW0tuJM$xIBxNFi)9TegMliUb67+j(
zhB7#?L+{j!$Fm}{;iT`BGaF-H%+FU8E$-St^!*UB#p{(mVDZzXj=V1`r-otqf$a=T
z_^>m5_#JPopwJvy=PMZ%%;J=^l}##SMT+gwv_;Lb`!90V_vA!%5xus{yjd<9-}a0e
z(Ik4cTz^^20AUv6T-?i_J#^KYN6gJ37k&Ir2u|V+UrkmBFm<QL#kvZ<9EGeP<)VlG
zac<#8;DJpRDTID~tWJ$W>ABqgVLh+~S0j0KmrgW4a&6_}Rc2>`<Bx_>Njo>jW`?r$
z(HRFQ2uyT&w5W#jH_sr^Rrdvn7`5*o{n1bq+VRl!!Bv=Qhw~6n0RKhszJp8)Y)5>S
z&8VA^KKB@Zre=xa4bUyaa1l$MqHUpbEh%~6OUUaDbFOqZpHu}Va|t)@s}dyd&B{~8
zp5Qy%|B0*MOvYkTgm1Y@Z73FU?io0y_|}UmCnU^UtH!<{2`|lFL>%W~hUvpE%%w{S
z0B*=MSAqNcARpn=+)oU#?st^!0t{7;L5P+sqWZ|=L2Yx%f6_2hDnU~?{~WWL&}j`x
zp8+=kcj&4yFh!MX{GphV&BRi^rzoUoLM-{z3F(Q{x|`<JlOtS~Z}O+ain0Zf#=W*&
z$-W2}7|HyOjK%=GN$CV~IcPs4Z=K|8ziN$opz;a{WdI8BVZJDdbg18ZxspsM^`Bd3
zH)@0_f7J|>J^?*lYak6x3j0sp)dN}&4u0rmC`r1uwpe*&?aec&#m?2<7X4QR4Xe3X
zWz_%+`^vxgOInr3;UIl?ng@5tf?;2f=#IgtZfZ+L4vZ6RRrc_?Z7sDr%QUX_@}`hM
zSz1HCV400RcHDEDO#cC)LhNvn`Dz-3;4H=%)?@IwcAZ=8fT$)DutqwZ5XZ4){Gej}
z#kpZlLL6<_D0Zo&HGp-@W}x}WAouO*d0skb*tkv5^!ic5fF!c|Ps-7BP`0*p^h_ui
zUxfoy9+HBUbCe^nA&@0QYDFBw2H1Re`ixTM2K^s69-cA5B1)_sd#%G<r#^O5s2$>h
zEo2*3shZ)Z^7e3+<;F~BZV|<_;PB-|yHlb_h`P1WCF4uv#S=13U<cFX=>uL5QHB1S
zpp`u_z}&N$<+X>gu)X&5W`kC^Ak%E>3yDy4Mi`!O8OZ^)lmCR|hU^Uzv@IA8ip<pP
z+l(09aQE^!RSMBLcP0}zj{~a2T3eC8{(&RH)c=3Hi5$!WTo;OPXh-G&|CA5#(p`bB
zCLKQcfQmSAWu#TqdArwjgoZM8UDX+IG3oGAokGuubbVEcL<@pB3c2_kk_QX=lZXbC
zd!0Gf<bik7%)C%QGb^T6lzR5Mw&@n*Ui)>)^x$X&z~VE@DDm;MU8<yqhHyqRgUGA?
zXwU@_lFV(Fs1s<)3_?hz?%g4PJl;C2CRw)7a}l5b{ur%y2gn#K?r^fSNM-#YDEPrA
z+!yBb!KtQQVwNys4Zs#iVl>kQ8|X|;$aXY&me76l>%?E!?%jQ8&`RmKysUQWhyqs9
zEl9G1NF8R(o3-(uolx8EGSFVMJm{JmNWa_U4_Z_Y*rX+OcQ&$1K1$}MhvA)`@#OFU
zhfSXz8r}#1L{`mEsMP)zPFsC?pXC4>aj+Kh+4+tEAg*kOOe7Y@wO9;g$tqx3+l@vW
zpTayB)0Po>8*rq|$zKmo{wDX%6vY1kDKWub=oGMC?kB#&(!_*e2C0#31y^{2l<-$Y
z{5X3_xy_r}*es*vB9XVrz`~g;{{XMHB;uxI_*XwpnSMVV%n;LE8SCWo2nqgVF#}f{
zVsUTakj)e}fyl2Ex@)FLUyUCXe!3T6!UPE6HH<MLzp%ZUmyNe;W#sw+C}T6m4&D4f
zz&&Gv=v^au>;)8@X#Ox1Da2X$_gq&=R@s$)8uYt(fr38oN&{&&*EB-pclxkp)V=%B
zvD~X$Lk`8^3ZWbk&)@Y1xrK^2bObeKO#IoOhzjOAhuqy_dfi*PLxvU0P+Ad^Jgr0)
z;ZS=`a=7t9vHCwbD2xtyAVV-(Sc6W<emmsN0-N?4QZB|aJ-`vEgEe>Je;KRVvMh6+
zpRnwfOShZ{(meTD5;{Rf)fD3UN*3Bi^Qwzl6QU6IVCQER5}p#S##y!HOu+<E<Ucg7
z!a7EwN|&!EmPI-RjNkIWaq}(^m`uSkD>PWs1!x)Eyn{`;&-9pWX587lq+)|&9O~-C
zPdH31M<$RH+6g;*jGiF-!7xmMe5N1y#Hv4DfY3OY7fHLb*dy^E17f#g<0PMoUf8Zu
z;4ZA7yq-Jnd=y&sN{wh8vaOwqL+7ld%C|9n6*&7uAhiYbXeF=QsgDXA)HPbB^RM+*
zjWfiDdF^lLNKJ+p{cothHPcBjgL@tDlX`C>|44VnJ3YbGgr%#(@LxvcJOpOFTHFKS
zwsUMAI71Y)dCW169j;`;C3q2F+iRbF1E%00kfVZuNPPG#Qv7ha^j3LiQ8Z_6{Fh)6
zFT|+$?$3YW>jS~&o@>sg0M2CyWr4VaD`6G+%#R{FqjI5yLofaPQB79e*xrxh3Q}is
z?U*(O&t^kHdONmC?5;zteLT^RPnniLbW?e#!k<&oD)T(5wpvsmWP$^DNZBF(Nt?69
ze-%*&)I1>HG(r#^UAuM>7hi*ob;@goW9tjxm8?6NKNi630Wh*7NWI42N{A6Cz0r2Q
znF^<_0`P1=9$US%`<0JtK9Pr*5la9^JYP-ZB=_$gs?IPx!XWY1*fwABTuTDv)JL9`
zK#Z`2WoAcAxpK1QJXYh;tXm}^R~`~x)Ba*vyK_OIkZ_cZeK8q`01AZLBwgM?9-gko
zhm2&jdG|Rk2tpbOoJ}~%NYZHgs!OH=Yw{~&_jT~%B|sMOm7UEi0#FI)FHkfKD$%+r
zd!dFVUTWMTSDxa-E?j;Sp+&8Oz{9Q}M?es8sZC9XEmx|D2on#!FX9M|rn=6Hnm-Xz
ztAlcfYP_)|hOfkp?e%&n)$+@oo&|>@E*`W5U7y#;689qr3@|6_75P3)F4quNBV!w7
zid2>PzQE4G)SChSceyp-E$cqwp1{!)V+EfT<vxCC2bv)in%AO8-h~h~hb3LNT!iXm
zZMD&Z=kb+D5D=Z000B>AV)c$)A+0wCT;vG2SpxE&JA@%<>LHmbdZ&OW&AN|XOCRpP
zA0G00sAz`)_EQ9sxsWl6!m5#ApZGzQFl+2y{~xLSm--t)6=A?BV*ueztABhEr)Qwx
zM}#n(`K$qIrl4tU=5k%AuZ9E5!IKI!BZEkohMz%S$=4=qZJWyTKxE+nx$VR7=WD8h
zgTt>f`oOB&6?gS^Lq}?LJ;POp`B+<=m{bc+N5@Wj$<<XA24wzHs8$9DtUXYT7mf;W
zifGOpbgtk_;a%0yZw1N%ddMFtMbf%S-19+QS4KZHEUwOkn6g%TY|%nsvoF1G{SZ}4
zhycidF9Dqi41(HUKddBcT^#CT3u+vM@1%jp(6&{BR{XH5oj({Nek@ZnaF5H=be|Pb
zZO>1+8RxGIEp<)=qkkG{6pdfE3ZWt<=#G7bB|n&pu);~Gzic9Lmi?$VrlQ_u!yize
z$h|QMDkWC)b6mGjGrLLjedNaogf9KC@Xx6?<7V6u8%)~)F?eee-Wq&5VC)KKrB5|P
zu&(giv(qHk&3g`pVm0<~3Rw4%PNw!4Pp`jrS<8IPtPB+p3Oc0hJf1_q!9jU|j%i)W
z{41KrB_4FsKsvp>#b{U|JkWR+#sCN87c?&^akiDp6hjno**}-=lE8j^%xyA>?)r&`
z#;wSAuj(?Sdf>`7vEJ+<G@^H}Wl7*-f&^m=Js;3CET1FW3`YyirmcAeQ=*(vofTws
zWS?(~08cN4C;7f$Yrp<uVPSEHh>C5Ji8-QfFRNElz-?R3JDKhl#(_c@Ldv^trn&GX
z#D-)G%ZJcK?f6FDg`Ae5<P$Ixz@Duj3D>_O3Lmcrk{gLZ$YMxRj+`L)kVEli0Qf1Y
zcAFg?QUFES3wAjVGetK5Kzc`!0j5>rq=*DwJ+o?UjGs*DnyCIY0C%8>U?+>h0w$T4
z9dr#aon6?G+I5Q+qg0NuD33Qlc-eiUyF3|=lqQZSBUOy;DgmArv0Si4<^w;rU~RU9
zO()Wah%h@n5cA4VZViJfpJ!=(tzm?5KmuHX#cMCX!@($se4uEOIqKn^S-lWNUTIcY
z^yX;AMX&Zq;_;ks(1Vyl^zOYyYbRaUYe9=gfC7H_9x~jELaKs_>w~`3lAf1(J{!8r
zXxOvfbZ%17F(jg^i9xve#oV;}96IR;4hbfVbq`(TUe%J#fMI;R5HG(3w-w)`XY+R+
zX-{kI!Dq}S+@I&K2wKr5j-KB??ffX)7es*e*IhIYM)GG65K0|g<YmIg?a{@U*K4(h
zrZxb*nWz_^>OoD*j6pi-(phbDz~UkYkS_$|#;=JKB~TS^-dB|(S^S(;mZv})KBw{U
z0=pd5HI&@Cmbp1$8Ry}Fl=B~<&grQsrcHjp73`_A&0POGh@vG`Y8r29ho7CNY7cm4
zfKCE{W9x-wqFu_N_n2ML{YRa@!v*8$r={p*f7jt?Kj$NjGhBT_ecU^`r3O2;Y?z=5
zf(CMHbc!tYeE9^{l~6Sm#Wx>caA7!rB0tpbraf?D%xA}LgI*dgL;tC40MD)TQbtiU
zh8HYo{%54<Vtd30G-=yR562ya;FNE7t!JT%$R&K-Y`_?H57NEJ`18;rof|;d<2OMB
zc)x~`fdv<`aLkx#A3vQ|o!wgDkNZ8etzgMq=!Glj6!&1?!lM3OSAuVCRN`P}9S3>O
z;)DZHkY>j|um}-Mh(Xbz$)0C7H)lBA!T(VOqT@g2sQ}j%DLibvodn^GvrIIEcv^><
z-lN3&@kI1+5X&7i>3y(lg>LX+8>MVTCxb`d?I1nqT4JEnRL3;=pghX~zyL~I<cLl;
zqjoWjT)Aw4^7d1FYYD9;Cz+zjt8R8}*7Ole*N*KDH3D&KEsuCO^q)XSWim0D%Fdqn
zE|G*bJrr0>0q#R$iAL0EBbPbViTpvW!!G&;w}QA_-~C|NFf+K5y7aCHo?1vLi`l#s
z)))CR+y;AG_sXUy(uq`6Orf3Cu&Eu2PsP!JSi4O#riVjABN!jYVlA{5<d|eW(Vs?{
z{9rJ|;ox9*%oska46eh4o_c#^(yii$0m<4h*1x9*hat5<=n{`hwnDs<F_4|Y#`_)C
zUhtBjNqF;a9Rhi2PQL*If3lnWo$}&N=6Bbz-$1whVmxXNb>fy(vwc>S=wRB6iA~Hg
zD(M1C(2v5cb5?h^tRLCQ+`@ScNHClBj=f9SVY8n>&ikY**4UYWi_Qt)CW-a#*O@%M
zAfgGFQRQ{22o^(&_rwhLg2JMTY%>%J>kj2(5=X4)@Bjb<cpZ02M_n;T)fUAOtPZHR
z%sT;x>v9~~tpE=o4C^SY-l=B9IuLka><9AvG&nX7hLvz_%;iR1zDuGl5Pi5k@ELXH
z-{6L?jGxds?68oVvs=H40cN}6$eyyww`C!nZA);e9C;aMg0ss9iI`@?F*rvrWX3%X
zad-b_I+U`1rdpRAiX9RSZ_n&EiUqWSPU7Cg7(OD73v~{PA>%M>ZibXP^6KK{N<=!h
zO+g|WZFM~8-d50jSo^0(EDDDd$zA8ed2B#-k~q1Xy%S`beh0uYjcwHz@T?fvd6D?H
zab&ytH<Ow3ZKQ=2Zzs#BHISoa3S2WKzu+sT5Jzk%U#us*lJ0b%nR!9;!43;uc_4_B
zlQ@JgqnGcX=J(k`{sS3aw2$34bFURNNwIA<;>3aW0<A7w7#f*|BCG{3X^lH_(l0vo
z@tR{Dq=XOw%~sqD=WKL&@_?3O<m|Q?<k&QHA6J75yC>%y2<(}e<iArK!)tyP6e84V
z;xK15V_3rzG0dqCj&Wovl#_@HmHr^Z1ViqWRYUNMghZ$cXSM*~0012d4ZAZ@gH?)F
zaGgOPXh+N0AlL+$Zk?js)#}oLS8|^rCLkvdZ5`4kl?B}^y)8E}U|0E6^h!)ABXwlI
zvM$-?3mnt%$~82)G^kWpTY;PBv8bP*48>>(=`v0QPI^azgE|$aQBXtzIN;yQU~awt
z{OuMO01T=bsSrpMn(4Jy8CzEgfuBCGR28Xs%sb5G=#F2ws`#Zt5=x^u13vRUYOdZS
zFuLgxp<H+{51~i>5Sxl1m06{p;k;eHUi(Xb!~PgjWaMzvnR9YaIo2~N03b>oi-dU4
zE6yD8SRje?ZxQrui_zL|0{7bJ%+>e;U&K8{6CO<!z{`~uvJ=@$cRioXVke$}K91J@
z&GLK~{^HEzKRWjskjet<%@q<+Jq-<G&}CCcB*AC+ThuKQqPu{sTXlwk05}vO3eKl4
zJ+hTDdV<cWWlWOcokS(Sh7<CCE@AMr6pxbQ35T3oT$(EQi;bNb1}tkN^}^~|xbW#;
zZ>E}NK{YasyL-(vjs?cX5(s-DD-xTQdIH|?(%3PUfoKO2U0Hp~Puq7DD{8lllwr$e
z(pn;dwj4TX@~b*ldUPnGFae%Cq}KYA7PeTLxKS@-^BBd-0o+wH4Y*HG0^{n4(Je0F
z(gLLx_A+-rImYx}K*VUK$b5%XcmC2EI4^|k+1pq$%*bei<4>|lo&J`lV|9B7Pq><1
zUl{*n*APhoWI&jMqp`AxV*~FqCqh5qsF5JC7Ra;eEN#q^)o`~;W#;W&J+m3mi1l-l
zUJ%ATMQRb`rQfTVROt_WWlh^pRbi#bQSg(HkK{5d8=2570>M`H+Ri}G<$s!vE7PWK
zMjz%Zh2@Bhdo~uAwcNPFyM})lAB14doF1`h#QqtU%Q?Z%_~}kqL|0(ti<47*CxrRF
zd~S@j;YOvim9R)?LiO0ktR!i-BkW@fh*`5qw|Iw<H(ok}y#@mIc9yi%?m3X1CBMO$
zk35SbpXRDZDyL<_215t}kn!JY`bulSLqJwL^iX8B<Uh&Q`wXiL<?Q01#m$o;vz4e{
zSqevNp4I=47E$*Q^f9bREY!M@p<Z|Wg(MZ>t)ktT$XN+#&r^-KLI41kn5>fMk{bB;
zv+@$>hItO6(xl3%kqj1sOylJ$6y#PmRl{VEElyTjQ30(z3%ng5k{MEIcFe_Y^GLyS
zg9jDJF=u#tlzZMNmdcWh`R?^6Q=Gt*s)a55^XNSy=ZA2O`5T7zIbhNQl#p&ejSuh)
z(VZ=I$fv(7MiYmvT%eBLSREz36em(#{ul|Q&jj#b5Kc`b7F~~9mA!@(<BNZNhFJgk
zT!)wUq1k%%nA-P1xV8Nr9pNM>4z>L0$T||AwAFa?c30$3MvjXEAvR;|mh!r&nL61c
zT+s56KufE@2VUAa%tmISZU+Sduzp&pDrf&Pt|6}^=CIr+7{nvGysO%0cZ`J<sJl+5
zy`~>KpMX5Ne1`s4dh8^s0dSC^sC`gR8s)bmhSX-tdipsc+!F+_6r<oJ<tsk}^y#wh
zwglCUbkY^Prp`zKu!t!czobImL#lCEGZ_RdJw9(#r}G^Wl!xy=hCdVzXmN*G-4dM+
zL>SbWXj3TqUf_eDTR|hCgRq19A9s@>#=z?<q@U0B#U8XbFgDOFKDOw#yqaKCabF2a
z10_;l`ITq7X0i`z(b90HBqd@51y%^HO26pNQQ-M&@n2qJrnUt;{z`ER2$(TwQj3Fu
zYjzCe^aAiSi@mFza*zVHVirqbLQ|>pujI#Jw$gti?{8~qGX@Hg=z#?$vBqQp8yNH}
z1wp>RA;Tz7tuAcXTURHUWy&|ek`%RMLEJ~*jZaC%ml9!&z*Qr!lDwFr^mQx89Q5o&
zp&3w#nwHbV&|=n|E~|~IwULt*@QJ{$Fgm8VkyUs5<>!gXc{PXrrj;rV%jV!I)jZ8#
z<J;`)>%{2bBWpc@YWMvg%8}reNvpW<FTTVfM!tcosODvVvi!}yw|gY{u_iZG@|^*o
z@zF+j1V&|22R{t!Sab*SRJq#A@8#TT-=sqC`hoL85HF%ed;X;9&}yG1RY*0OzruAx
z_f|tx5M)$9)m-mMU%fLcm-vWOWALH=aiBC68Avb<E+z-p9l*?6!S@5fv9#O^j-|W`
zNp<b^59BLw04v<LEj)aJK1W_T^maD1*=P-2Nw6U_^4gutEa_oZ03oZ(0HS}95pzDs
zYQ~80T8luSc7l=l&iKC#L;pG4ILQPw=N9nGfP4oCzFQzwyn0OJC*=NPO<}GaKQ8`V
zR@2as2ioC85C?vMY(i3va0Cm+ofF;@a0z-dj5ODX&iW-FnnANjK=RUHKO=6A2fRLb
z5C$X15;4O&*O32<X_AvR6gzcYFz7`hbVk&*N0Yf*pb({_cv9r2Dto{5B!-QS!6BOw
z=46+{`xyYNbiSMb-j86hHj?=Z7Sv7kZV2QcwVlJR7Rp6l<jt(GlngEOgCq!y*~$qf
zq)xtgq3x#t2P06Jsit)51EI(qhT#FYq5uV)f4_XWneVUrL4V@~A~;#yWGuR#d!Fv1
zyI`TSHP?dPkN+jV(1>t~RswS$L_%aI^ib$5YCQ2@@|>)&->`08hBOeZFa+#f0q|BV
zS_f64V#e^cRnvX${rhc*=pIG)x@}tL`B5VTP3b8e@R4X|l8-)q9MM>~y&^Z1e}B#(
z+5QM^W|OH4alETpD5D~+>VhlIs>#FydWMXryRN-Tehf|^yh)6N;(`ArAf@T4J;H~n
ztKtJCQ8-a%ZvLvz_RMe~ycb!Oz2SZt3g#~OWDyy_0U9Nf|0<?Mgmh&?HZi{Iao*Zk
zeKp8P6Qai7k*iLoJ9)qqpjPqkh&jLXX)xw6-mFF{%vV9{=}HCGEG57VI0TGU(~+ZP
zON_%2{o?#|+xtGBLak(CbRNWkk^lqs{t^*{r}T8ArbCU>hR<1nfNj+!l^IibuSyO-
zVE5vd>mNeU3L&{ook?}7=sh9WRg?rBwZ%q4xExfwzNQmWV2-*)szZFVm$H@gneY|0
z#hj`fyd1+ff60Dq93b(PM$a#WFB)R8%~3%Gi!ZDZ2B1|WA*IP6m&=VI2^|!;^X%u$
z`yHv`-?F6K?3WlXMORl*x^c^T%FAw=jLj`Uu|%fT-mDwLDU9^{fR9+S93Pi1^Re_9
z5z0vo%;|9sBmfkcw==-&k2_o=>ksiPNKY;x$)Erk4-~I{6ij*`ANk2^)0ui9DL=HX
z$j9c|fPKu0Nd}3xCt}YywC1Z-m;n-(3C@ZDjO3tsAp=4Kv)O<nvFss2D*#<fs}a)q
zv#DO%@l${zTN8kfSXTGmA#dl%5y|k{_noSRCf7xrOc-gTPn1w42VPC}s`h~kDdd#I
zJq1ctbH8W+v_f6ALHhVpT!SrBzXce5-x>2?jp+vjV`X36nCEn~PQVicHjUL7-Tr-F
zk|w_+e>ct|h#N%PWXJhUqxoTMAX!JMO+hZuF8$L~+XGsxRGwsTIr?kD`uH$+!V*%*
zh~}ssB54W9_^2hcgBWY%2OGiQW^6ZEnZcIVd{;}o99cGq^WL%Rq-6{zuE|cZN^)g$
zx2&;EA;;RngHeHk>BD&t?pIy!%|R+%V^2~f*@H$pWx!(yCZW&?sD+{~_w0~;h_Xn4
zKE+Hov5TexVQgk=3lDc9ubr!6j3-thAU9u{2A8ZuzK~mg+lLAj)HzWF*0V9>9WBM-
z-~a{@^XqLQJz*>S1beMQTAi`#pvfkY?A>c%C0YS^d0I0P4UU7eI&8F<4&E{@$C+SY
zdvVAd-zK%DR+hc=6A?;MVOLKeJ}b|rbepUg3$D%aE2z&uXmVWZ{0+IB|CfW^>_C~_
zS#6VH{tV`mg$U@KAlt^|5{4iI3Ft7#?#!`0FM3a*+vJ4L16i?#bh0e@*_YJKplDI_
zCVh=Ai?YuS!6jvcb}G&is3Aoe%G=in6hOi%Ed#!*xR2o-kVZKC3PgdBTyS~Yi=PjO
z_o`TOGL$IWj9Yn~=I|<j%uiR+ic3GcIH*aB)kiBwU?DRH05YMhf`*<btx<kyTN8o}
zz{?#>h%LHxK#<C~&Q$&g2&}6Fk}IBMk=$S8)r5+xy2^K*bU!HYhLfB6*6g<8cH;9R
z0@44N$weYNhGVyQ_aUDs8!@w^4(Na+IFA5kD2ym83@!F2>88=0DT)i`M6NCnP;Cfe
z6z~LFVrMx@S@uKSr^DKpTMCeWoB%$u!~$B40xbT-?pv&0(kvs`F!!bond>yp)m=O=
z_9IlLoR0?;Zm0Mm$D+^x1WDvWT)y<bf}GWX8`>T|LrgH$HCFyQJ7Lz;5no6nT_S6I
zl8nqyFa4|4^H2jgUJ#DW*0v-6U;qGrWw}g4pg&RIK2;td{Lr4T0+v3?YIvTSUXKuo
zp?y^ORgn(>6n-6IPw#xGtWKqmU1EN}kHIkyh_<a))7wZqlA|5Pq+RA4tVSMzhb!M!
zEUZ^}F^KrKK0UR<oZ1{$36K1SQTcawq9>#<$>Hnfksh)A00a`*(EUDRCKGJbA-&zO
z#{-HjU5-cx`+*)C1Dt`{v60usT#P&u?raAIp9)30wZ0Uz?UMu5BG*C6aHY4WM6~kx
zhBtF0jM)k|T|lNS#&57_$inJL+YI6UwecbaCsv`sm(OQi{8RS3Jr!V0d7xPWP#+px
z6zl<b0viz2tIuJaH@>8Z+Bw`qV(b7Pm&7&sNI`_AbEsCLZf$%#WM*k-HVD@W1&72m
zHkD#xI^}2~UfrO}<6s{~yJPD?8qPe?#jn#I2XzZ#t*OsnjbIRXrA(+4$JRd&O3bep
zBTo$AZO!A~Zps*S#cXrSZKN5Sx_D{xZ<Q3}5uZ2Xy{Q^~|2!da3@9{BU$iF$B#ugp
z!D83A@V<nE7vQe0^GnJH284;t<r+PJHW|=OW^9QdGcSsOe&nKm_Rc9gK-vFX5D}D@
zH}z^L=GgN|BoKgYhKrq8L4op;(eMU+hHL~{zv(>vq^*e$nfMTnm}o1;@g6Tz!9qud
z=koF?1e=qSj;m*#f`aovigZKWpfzv8Krf;q>Fqh%o1xK9a7Ey@<w&)K)Pfd_{d(!d
z^4v<R(gAw0`PIPJvf5x)0J&)qxBN0dpM52Ntn-W(M2{(hk~L(CrF?$J6>!u0;eOVw
z=J{zw7t5t4<Rb47V{Y|zv18P>sj@6rn@gwk(NB3H9UL+e%+R|tI<Q|Wmm<hA${$B*
z(Qpc&Bjx!=WZaN#`Oi1W*X5~7e}H$VQ91TYh}Thx9yT{{k!cd?w)RqH?e-K`%Gcer
zjU&j8Ep=}#jFT%R3P?0CGFQiFkvbTfH4(!%lBU*=z7eeA<te-RWLLaK<bVwSEN-I*
z{NHme4fLM##$FzQ$*X_Gf3u*R_O2Z4w$Xsm4xIrdj+AzngAsV?B=IfMcC)0*Pa^L1
zvu{WbUho^>3qk7&;mPFWn92ap2jbO%uH}FL1;P4<(*V;=pa)^hQ!oLqZ{ty+K~9yH
z?3m8Kd3XaLJPf?4dx~>X-lQ2`_1mdYAF@7ruRY?~koQ!$@3Jb`QhFUS7bkX~g(w~%
zZ84y;+N04*pZ-6LCBhG9nEFc>AMy?Cx3?i=D4Au#b0J7WFvRRm9gqw>az#Ejwl7f!
zpbwbfe;^>|`cE@<U{U4zVjk5sU!*}e5d!aLXqW0SHIs%&q7t*hexS{^6TpuE4SBgb
zZ!h`hF~1Jyrh+r0OX-wM_mcwSm1|5+qHA1G=un1MbV(Z2jCL=y+0QShX&-KLkSP{c
ztlUpF_YGHJhpR)(b~E-iq#mW)X!J0ZzKrf`-SNu)$t2m#u5yW4zH9&<o}^#D28y<z
z2;~n4DFsxc1Jg`T@Q{5U>E~z`|0rJ(jb_OZ7!4i}I@D4Ir-LNHz0PpE0W*FgB(7BU
z>#)wU3k64*G|M1{;t(+41VlCQ0wvz4`4TsJruEKRPLi(*ry8hUbwb5Zx2Uf5sIDrn
zzq1T%ANM^vO@D;=mR9dsYwo8k&KPSahRRy@lg(}FAXPP~QcQ~x<SHcV!XZ?O*NPZ9
zTfW2mu3Y!glD;F~4H_cF%ZWm&v}NuCl~Sk;BJ7VRedZu%<OYqVm}wm!qHI8z=54br
z?w?^tn6x2*SX@<_-C=*_H9P<}K*+z(-6j>tTI<NB=41(s25EK7a2HX8E(<v&J}}(Z
zjiML`BV8&Cf&8r5>lRJWqH9e(*L))*?(pE1)JlI2HUyMqwoyU5+j&;!_j=%r@%!4T
zGvjHa7chJ2!pf_psX5pzN9{E!&7}@lz99v1LO5qIrN)PEd_D8qaOiU*8gDMC7N*Gz
zyFp(kOo3t;XuqJT)j7;TCn(Gul?Ley*gL=$HZNcjKowrBI;S?33?N$}F)c6sjr!A+
z!7KO&g9P{js9+s@3Np!jhl6PkHQ4xTg1^B8QW<&e0=t;T?4tK!x5A!?nJxxeq(SnW
zFLb-ej<1P<+8{=d(VbKdLJ^|sKM3TNeelo4e$?hTRSJ<<C`=!XyJoO$(tMFNW;gp>
zW-nUl(g=L@n+t{Op1GcLW#W*=ZWF#nD&jvA@i-j4{_XbR1$R<#*)!e3L-R2#;08uo
z!SOWdcY3KA`kG^9+!l-p8FAnsSwI#*TI#@U%*)5yjr=V;ls}*AfzH56fGCL;3l^3g
z$4;D<bMO{3ZIrl9lE>}Wc=+)Y9mAp(e&ZGH2js*u5{Mr*s7vm4AJ>#n?eUOy*cA#O
zgm`zOixvL`>~03=MI9zQ9e%NN*%Pchh>~Bla}utbx>@k$>HxXzug#=ThhWJI4+jGH
ztfewL+X{zZhT_{LBk%wm<AlB*Bg>7Q8%g?raiM~T3Z!{qjUNc@wg1rxyrkBBTP^=}
z{U32A!e+`LQa#A9q34<h0=Q?49c#=VAmM;+t6_73*Cu3h=jU?(AX)*ZpqCmW#e|5l
zSA7c|=PYWZxq4&{5tufqZdw!&{xhmObo%>s!_+z`fB*<&u)i@LGY9@_i>5F^EjtbK
zZoW~VB6x_d_!`cb$IT*k5HNBB-Y>PXZhPE9t*38ZA`qZ9;Z7Etndg{)Socci3SOe$
z0^|)Xw>duhQJT>N1RViyU)O8b-dt4a>~cLZOvPEOqB_d4zctdy@#`Y1nr6Q&Z)=41
z9<L-gx%2*ik6GCriB3dBM9XEJDS7kl*GqTq$>!KTx(;}rgsW8mVK^=_g5AFHIuaxK
zlfPjF(E$eV2(v&V$t%6>{m;~y?@cyZxz>fvK6aXs5I`1NbLEis8uxmqeg(ceXOn(i
z&NUBMe0KP^L@8;gMd(rc))%Wz&Xutmhr}kH+W73gMsKH&RX3NA!7Lx(oo)y)$MrVw
z=!7HH$~DJ9_F|}J*%H+?N;QzAQ}A7C1TcfW3Bk{)PAF_(;Vx&4&dkudfQaW55;Q*R
zj8?Qc&p%EsllxJ#fj-*{H6+{=RmX^nl-Ow<pJmWMInBv=+5ndI5jVEJLD#`p2VkNZ
zvF`BM-gE1ExM0dmdlo4g>>BLiNl%cZVitT51L1t$I4pr%0L@yfLiiVKgFSkH^kqo>
zu$XzJKH(*8SRrboVS_NeA1mK}u=k_ZoVRF)UR7OfbQDOeoPIvLgdw^v=)?RmMG#}E
z`PPhUcSt5-;BS?T8^MEbxBTULU}sa!5OxMY3cii3_l7TQyOHPzxAsp8Dr$o2?n2+o
zFm&7QY35lX;Rc01sJXgHG(!UXl(8wK7ws6m=^ZG)Km#ub5j8VVd+rK#b`a#WV&ue1
zln9?(5{%ub>kUk>){2HvHvg$5xPWsR&0ER&DHe>FXN53*lvb68G=k7rkr&Fr4){t{
z3w&IAxR=IM=2e(%eT$3GJUA6SwzllBJXE8&4rNV|!<fR*PfAv^l_%Y(sv3r*za1Eo
zn@Z*$>Kpfy!g@Ul$^@~-3-QqY0$a?9ODCjTq$_3PQ8ef&@*+z<UQ-bxOf1;QL-ty2
z;FnDekF{nt=s@4y7s)GgW{m3>UmjZ}8fQv-T&T;CR*mD<Vp91HPA=sT6TiC-^w2%~
zrEH)uuO)^YinGqp>62D6j_1C#Nj`$D#+r;zzM@pXlLBdHmNKpNb+1n5RS5AIcK&T^
zYEH&tu2l~Ahpv~pt4I!NP_~-Psk|Q_M`Y6#W@?xV(LvVzk2FXZQl~V9yuJP!A4BiQ
zI&pmiUfDztkX>_t{>okz@N7-dnC6a3<+|V~xd}!_PzE!8F`2ggqDZIxKtVR2O7Pm0
z?R5CxJ?3lYYVl?>bt<FfAayB0M*{T)hg4k?oYLUrS%eI)jMor6QoJlo#hlH!AWwy~
zm^e8Tnc;2EHnFCCV$<-ZmNO6DpU0%+p`>%i8*u&K&7=x=XjmTIMYyq3tVC>e!lW3K
zsU1o8Lt~CIqTZTQ$78CuAC+tGQeJR7w^xRHfyZV@6|Z!>H%k@n6)kx&kSEW|CU}?h
zKq+0s5a#AR>lSFnY4p{rKB!6K83G}(TcAArAF`G^O=szNs2Fy!Y3cg|?}M#8bZ>?G
z<$iGKKRcG`c)jF-o1ab;4}d{)KfHl!YXHv5;o1NPsx@5TGeyWqw;5Lo;BRhDe`Z&t
zXq#xt{HX6SPpv4loX?mI?M2=Np;eUQ70eF`#WuiElcMantVdKT1jR7owHx)ns7r`a
z_JkGi?$`09Xg3E3R;<sRdFhZ+%J?VqRMpKG#B>02m)X-d%1Vul1gX({JEWr3&}&Qj
zYK{~U`~syKkOxvE*2MT&+;2FL<)6FI!}tgZ%<uup#KGE1V|i1&5<%^B3n|gs9r>L%
z5p<6Z#i2&SZ}6|Pyzk~-!1r~R%f*|Z0tb8ff1ZWM8g4^6U9ak~tn<Z|k<=My03$%@
zd2nM~w+@LZkY1oKE3r=+l(4SxLE}X@2I}Cz^8Y+B{U^F{(r~1Jw3g4hy(jcC7}_p<
zjAD25!hQ6*KOotlHlVbN&b<~Hl89SB80FTi8a!poU#*wsT4laEVlfQ~NXq9fTQ78K
z(0fXhTr2{E4hXy%j@8YuB(d>}-Pzn!PiSbQCkFq}zf5bRB1cSs!PFvO^n~F|ke~UU
zWKeru+;Iq~I@$0fq5)Q0Nt4$SYM7kEQuxhCj*-`ddL|a}$p!S7Qqyk+gl1(*6kIFk
zk@t;u&DsU31~0~;Idw-i6hhjCx7eLLS3vN${xVx3Q?>D@mcJMQpC|gC6O!@h{Szx8
zb?n^qDl0!&wAC)~K;8tDeh(E*sgW6aI{5I8d`~9Gwy=9N(%Q@gC0VidphNrRMtC)v
zZ0-UI;>-dRnvU)bQEx%P9LLQBlg~U-f(nbmCTQ>h3ow4ff~7#G9>q$t(&E9%ClbIg
z4I9aQoV}}y%}~e*u<lR88T=9TiJFgF_+XH&6{n-W|Br&WHX9Vn#BPghFhKA9z9g%9
zy{yess7b;VgPpI+g`%j{l#8hIB0uwL7aC@B{MIBEELG`1&Pv)gfMt1qQY!j7NRhK=
z6BGvW&8-__F*aJ>UD;u(4EaIx)mItHGD2TJI?WF-O;0Ov1;7UsFZND!cs6(MZuf~{
zBp7VlfE1?S5u&>SEWocvUa$O@gsvsp6vg5Jel{|24P!5^Ty@%nix%Y)fCzqUWpDw?
zl*ET`E*r8|PUvrwf{wtRin`BtQ7}a?%kYzqzqF{#zXr`t=z0J^Q!k3LL_wgAa9v5E
zzKWJ&ZR~SG`}2oWufR)&1iOF%;b<$Vetbbb*D=*%L+RM=fCwN&-_=Z7a^tN{QZ2AP
zW+Mw|$|a@-V!i0s4&-bq{pm)7Tn8w}?xwWoRKXOASX7J}9}~IXnW!XeU;FfeN6<25
z!JTEs?@fICk}-yn!HW^k?Qf2l1obv!ur`<)!gdieU+f5)(>yrarHi3mDkw0kA#Zj0
zva}fo{K2Arwt3Xsp<n~uD4;ZlSJ2+bk!|8}=t>@Rv8qG?&UXB8-}m!UCcgv$HyHB?
zILU7LLzK0{PdJNf8-eTpC-h77v?C6$q;kOS-p;1hF66&{KKWw+qMW;6n`?^V!~VEi
zV6>6N7X}MO;vL4QJ1s<Gi?n|uo@XleTY73RI0kFSJ2Zfxdg{gDMZN&xeIl4TJhaSS
zi$<a*AsR%93&!|I=KuHK2AlO`l5%2r0Ko2NClpv#CEAls9m`#oXW%^j$6&z6`g(!e
zP_<^p4A`5mXpQVz2^GIY{LP(>`iCfS#|+3}wUNyVkd+K*n>oL~DcJP0<Tu|<aUQ}N
zJBR#dCg#F?{ih`rSsaVh%90wVLa|L#3U)%0;S`o`AjP0S^Kg$v5;3%anc_);wbua0
zOHpF)PZbpAR~DVddI`%6T`g1GaGswEcr4F3)T@wUKlaGb?hqz?CcV^trx=A)Dn#{7
z+cSG5n@i0dmms-11^*FQr;|Gt{~5od@)82zS}}8YM*sUrGHF(=Y0$%(cwKn^*x2L7
zl+P6=th8fYl?%SDICnpWo5VO*3<WKXt5lT!piEf@BQTDE&{i!2=C}jJF$aZ;l6bOh
z7jtgS=NOq4JP$Rf*W0e$solt5C}!oOC=4}IlrUl7_RP>r{I2Dia3ef5lvgDywv4-9
zH=VX@$$sR>p$G0p4Z3nbOT0R`b0KKJcuW(OWiRz9C#CZ+4btaiPN75U^0CJRuJN2D
z5wIw0@n0Js-K9E*br9*YG%Y+P`OhZ&`B(tnZQU=3&h2vatNF&ka!tS=^1vN3%Hf&s
zgR6Smw1RD-5ExQ-hq`@(P3P&=Ta`Tcftwj_mH-MSd0fA(V`!7QC`5y69YTl)K`1UV
z(PhFGIw*9NG_fvTu^sG7@duPF<kWfDPXP8qzw<n3V*kqB#|@wn9`Qm8uu>j>m~aY$
zqs#Sw9hHF*J*#4?wk0kRa38`n8o9xgrUVZb^NA#3BfMW=%*6!<Fu}D*rSNFA37Mp{
z*-870ekonQ?X8%B=#5KZ*m_}883Aqd7T|gWc5<WSDgo{0G-%p?c#7|fe#dU30YXj3
zl{-nxI<t)Qd<Vn^+boJM>YKHm1x7%0`x(n7O=&rFGgeOi-3eHsq|J>KiOQ6%zywPd
zcKc3_*!M=m5Az^FvG5|>D-G{~zUMnQ4I-03ackse;}NP1z!I5u?+XP)I$0V#H89y5
z!o{B=$GruaRuPM9X-k5AQ_3pQW0QXE>p0m5Er-;Ga}gy(6%gW4lTLFgXfTM}>8fOs
z@&Mi%e$B($qnB@k|E8o{WFn+qXjNNmIq5g_et7S9_$H|1wd6O8MQLmut6E3h&s9*%
zX||>-+Q*Rkru8YSV6yviU_M#J7N49s2#|hb67~=LX{5wri>6;487e?i$5}|_Wl^MK
zEvKdzI<4<`c&OeE9P&TjVE|j0N3nDRs&D17*f|2Bm!}?cW|3hzUWVwp$HoLyFG_or
zuxOc%!7wGlA9L}c*^N>cuant*PBCFLai$AjN;FZTpXx(1tb(}nJB{;Ja%6@n>zYMC
z-0s*;ovrp?_tEibxoT!!J}D^2hROo6xle@Y4+kTNyP<TYDE|?z7UF-Mpj`ze5XI;t
z64+hJP?8f#P_P+K{68;P54t8?ERL}JtP+7@8#VdAK#ZFw_zf1aztnw!LsmnecJc+I
z<_DETh|DmDAVZ2YI}Zbj(cQ0b!qC5Nx{jEVK1;(`*7d<M?<M=XaUN~slXA4%cM;o1
z`?ORf(^IW~3&3|fJPT*rhcQm+46#k)gfLn&(=q)esc&7i9ecr)^Q<l>%)g}!iB8B?
z;#gRGal$(pBb*V;DLtK@=7#=_;{P0GAZDruKjJu!hW!${=5=IF)^(|<?5y1<LMyN-
zvrXHyv1nh|Rsio`Ii!08Vg(~P`jVq?b@1q|0N;HNn_mIf-XY35w|RGBMz*GR*jrDN
z2TaKolHV9PowQwOMLYli$_J?z<94G0Nj0sUaq~H&(~8Bjb-VzVrBC*goWfqXmyy5z
z(gKK=3_|;idN`x}yIqt|!Mp(`n{}43gy8H#!T!7xXwA>wSuvA^(t4N7TIT>IjeXs8
z#hIAh*qO(cQn(H<T#LP2wxflq85yt#KzV3K3t5TX{}>ZtI9!aF@9K0Bc0~OP&NwLY
z9tkO|+=C7m>vAp8)Z++om|=YQk*y9iyIQ+yD@n3K>0%5R!!oj-W5##P{GKA_Ojr%0
zibhEf!=7VY_TC?{DLF+IN0A}DoW5)0%N8gs5|9e}cw~fQ+R#)^TrE1Jse3#*rDNfk
z0Y*jU;L+s>CnNpJ49-oh_gEa;5^AHAr(%>}m6i?`S}v~lg=xdIjp#wvs}aVswfFeh
zZ_uXja3o`R*II2@nBUlE&aPZqZZ`c`L|p^Q;AJyIvvx=i)yP16smG?J1euPsK|RpT
zJg!+P6woSbe=ZFlnZQ`@mBZ!oDtPDFV<xRqlW2$JiTybZ^x|jIBR;u(QK^-=nHO%{
z*&$M><e_I3QP(#7`RDl;zvyt5pwJldHDDl{iaMR_r|PKDoL<l$?u7vX@QxHNey;2)
zWM&FC-xQFPb<*yZ0PgFYOUx}j2@<&@x~PfH^a7kZ+<;pG8>^x9Rzg`DBHC(FxoZP1
zBWJoE=y^X^gQGBxD0TFWL{h~UXZnk~bz+o4{vVWKzQHh>Tl29=z#II_rS26(egInT
z_1lV65Pmmmuv>ocXgyjiz+e<u=J^N??9}jiES^W_7MUA=v7%tptp2-*BT8#L3by!M
z3>P>5;l<Fvk3lQ6(05;GnIDrk6{bE^sm>n1nD_|juF3)~h>e}k@94f<5@FBDK`!H|
z%g0r({>SANH*T(RKcQvyAcA;;%E^bJH9K23>s7)vlEIQhtElob-@OPt_;)tAM;5Ep
zg60vQFD7D%vlg=WSB#|~Q8_9))QL)?<VbN@cbrd^5eWG%e5m%`P)<@fAZ#sj87@dG
zck*48-m#huuG8OP201^IGQsu~6p)r^DMS>jL{M>)OaB8drR$MZPz~)0!GjIIAFtH+
zu}nqt2V>a3b14QLnx`Edh)teK;o&klQoH4bmvYg!20uOFIf+z)AOVsO>6B(>rL?MB
zFry;9+nOC(_u^a;$fi#jE#$nAZEqQ?YqFy0YN!Cm_(=Bzqsj&DU(D32CO_vqgxz-O
z0cEULSgn#Kii_@~>z;R;WZ*X02{yo2`T(g9pV^uD_+p0CMpC-K;$hI7;KkRJ3x1ed
z%{pnz1NmVGw`T?+HO|R_5{|D_Y3?B3<Jj4V#_%pf3nM3&5Zw2B<{sqeb^)J@+_`|{
zgxA`?ryjah2_MNXj>sSz`zO+}WCzmdCkQZBF0bz(lx2Cj@I>2{9kHlbbUip8LdtqE
zW%Mow(>6f~0;d|i(>h6tM>b>1)x8Ks%^%SG4Et~yo~zB+W)bVF<7ChM6%JSO$(8ru
zVz*lwR4+3LtmSt#e9EP2f26Dd>@Q<&`kAtB42PUFh1iR4RF#@dllTEXqRJ4*H}n@z
zOQL=^TI#>Go>lrhN2<Y$WND@FO*M*DlR|#$bPdTX3}*K}n=}&-)MyB112w)kWOETL
zMxA(+V>AQi+Nhw|;`wX)5pudp7qi3DoRv1+225R~@Q1+X0J;|8fmz+RI1grOFw95b
z&#tJJ#D?UhU;yvz$xxSlcIDJ4PodA9W?bRHMI8tv7i0GU55Gi(ufT0yd>JA5;Gr|d
zDi1Dgg3+Luo_*|xL&bvc%eMEhkcK^Ptugt~6mJg?4@leebjk?#T`~m@C)OwXO&wW*
zxVtu}2l&%dQ81O~9F;$j(g^*<enhGbWQB$?R6-wg?{(U#!2-}*NduS{+>RfXfPKMy
z(Y*_97g|@Kt4+8ZiP0d|`h~ydjG75?+vyLq1rd!f%>V!qfaJa45T5h^WvtZ~b$0z>
z!(Zw44wwTg(R)g!7ZMj0^{=8T2+ZD^XvY=6P-HljAOp+)y^Y1_wZ(Uxv_1@Sq^S*0
zV4?m#Fnd@pC8$%UwI#f@j|jmE9O3E$Bc3^b+?L-;)QP-%B#`-8fby<DlTkTOH0uDh
zD-72zd2cZUuA+J>N3#Wd!#~HptQY49F@0}CeZPbO;BBO(sif1jTf`7VzD@XixeWRQ
z69ZPV2V4%l1g_AL<v@sp8Za@T@|j5*bx5HapJXb*9tEm0(!88a@w9pr-%7wK2Y9`_
z!lZmb<N-i4x@3w&>}iJLmW4B**DYdj?fggC@6-ST#=4nu;g;jmgEnKXOV`Y-pEZh@
z*M4@X%Ar6e|J~}x*TmZhWWvWg6JPbg0An~qD*9cjH|1gwhcXlMq4&7}kpBz5B(x{j
z|9(InS+f*`A!Gd**mqC!=AE%Ie*&VA9A;Ib6F4D8Zjc6G;wuT0d$ZIM6zidd;IhJm
zZ-m5PC(Zj{QNe`qF<#pN0tKlbr?1*63Esf%F_A;;5Q7$FXXnCo_#rP;Vi#$BNiGC-
zWS2$oH;14VNLc8Cwn3(dK==o3xmJw|rjA5`Kw)ClhiZ#c8D1X{Dnk`elQ*QcgZPK?
zp9m*Y2_(ob++*{#p^A1Q^rRcs0XZ>u|8U&#AL$mZ_ct9TlbnIKhR>iWimj7W0ft>g
z_DxT@{a%Ra{;HxFZxNlmTw9AUIEjx=w3|mSZ<X~M!(u%N6y2bD1fezA9_B?67oZSH
zE$RMUePc;tLbQDw`&k=WeHuf$sn)W~$UZD}hwLJ12oVn9Y(75F^XD;WkK|G`6bFnZ
z2%tMMzV$4n_gJ2p^*&#*Kf@lYI{v2)9Ug6f0wP3?#3yM3sX@{jum+>Hre+;^JYC!P
z(uAN8exK$a?93o^Mj}))l;`jlG&5em0v-VWZ`#0}Jr7+`632c1Lmc}@jNFP}aF`F|
zHi#MEOJOYKVg^z0vRgn#vYK0{Q8J#_f?l7b2{1BIK<wT_=x(n4fFZWw9QRa#B?-b|
z#{!DjDS4GQTgQO=RN3cWkhpT%H=`OjRwnbuad1b&(5ngrv&}++_Va<iQ=G^E75An{
zYVWFX?m*QVPV|K89g|=$V%ZPS7S_<iK<p(#o<QgQt!Q%q!G6{AhIuNhQVxq=KV0wF
z`Z<-m>;rr>f2-Dh`On~!eCWg~=Tqw^0e{o?lUjy6BI6(~_>Z7q`9ZhjSP7-VY^)1n
zn*Lsn{Fyp~gK5t-MKM{k-H?kpg-kx4E;ffn$IEn@3{kBq|MDUX1|lkANwV}l9Xp-!
zUI<2gL+eSXZKyadak4eAzM=NOv!)op*pCu(CE_GOV-p1pZ6M2Am$lI|+o10czzhP{
zv?8M$gS^V5n0nf<X11c)SQE|)b1tc9{?u68(q14LbA<B;&vEb)%vdfxrkP0NN%I2i
zdudrf00D<TR!=)EDK#(KfL)BWdv^vTr?p(}eMgJXZ(3@*yhY)qG<BGDAO;U`X7lip
zBQgcN=KV;#R?VXBgV3PKtCk+lf)iXD1gjgv5oLEmF2SFSv}x>B0xzpCyip&O>rPpF
z2LUojZ9Q0pv9bHOH+7{g${w1_1r*@(Ds<}^lD-w(46lY&L$(0beL-uY08Mz&AXZ_5
zU=~2jXzC}(!(!K=)ok6Cc$R#a!#x;pQ$o4QGkrp6W$Nb)N)(!hgvKl?BC{O_2*pM*
zU8(`NO_t!Hyzl~R1YJ#hk*07Mbbgyc3^`9k9f3Uqj@#6uu5N!fi?;NdMFonqox@J3
z8~dn=ffyna4JtCY*+u@cT#d?oT=5ebE(v+P)@?CWm5c6X&au!@Hhqr5`b+hpC59Fr
z+BzK6YO)ljW1G0}v5-)kjp09lgu1PhEic27Ga0!Y61Q`=mpU#ORxr`|tTUmnp6@zI
zl#f69w545<?qT^Cqy35;%SwCApjWojpylakVyP<l*rY4OYnpgbcvALvyzRHDQgXq@
zUp-*oORQZ?XV}uSF*ui2pI~sdTb`i%t})|;<xCJ2_kFeKBpIOfr9u`<({%){7EEsY
zGp90#S!`W2=&pK?0QfYLcDgZB#NZ49{`{Lk%GL_tE5!LN`)(vr2TQkNYnKgHCsyU&
z{*W|wLkpuAw1`i#Z={xq6EBLw{hGjBinU2U%qsYstK+R(%5-kYC5wAg;+#lTftX4&
zJNU6noZQ-i>_R<&?Oeq|7D-p+G@+*zzSZ}>1jdfiPXVRN#;AvUAVhxkX<0RWFeB}z
zWfN)R=$b*Khf8>p>P9q12(D7|4a*C4Su{i6uv$lF@PPFBZ6IMf*|Ef#U7T%bW3@=#
zm|jdcro(G5u=dwb>C|cidXHfD+;VhS=q^6gEs8*{WVpF(j9vFPHdSCV58`HT^z0e*
zo>l07j#>FQJ<$80IUAkyvMAwzrJsziM)49E@ot^h1qk|VsT@Wm;?(i-BYEh?FddF}
zq6AKwd%2XglY7_L&^j?PEHx{)XQhTaY5rmiYkC!+$qAl!F~~PD(s}{lh?n0CT&^+3
zey=qu?S2ceR`EV)bK4Hc?kbw?x)0j2Hnj(QFO|-b3W`wA{Jvzri(M^3P;K~++YJ@R
zBP)lT<trtC5P`q99u_R>$Y~;s6qxlS!?O}R0@2D12U>{om~yAo3JNX8+0uVk=V+Ow
z=y%4kYJgt>2JP1<60sa=L-$I4PDE7upRT7*!~*f)hwDYUt0(M)P#9_zJ9In9=Q@uY
zdaG-?9r#qW1R(;&`C=SlJEB8eQ$y#WW&$$8#}j6qMWeiFtZL^)uz%V4%J?V>rME`5
zR7t^KPAfzb7G*7Bjj(6=;+R+K1C|y4%UGz6MJ%7na938R;}H7m+eqB-ctIk>sMY4%
zFGBL~F(aaaNnZ{x{s#nhpJR<rqp^9!nFc*TO}?o(WhXk5ho~ZcXhj0x?<(zJ7Rc5;
z1il%fAmV9!a>#DN4kkgwL%pdHz?%7{$tpuA=|uBaQ!iubbAMF42%S)nSX21WwDPBQ
zS_>F$d0X!Y8R;nu>_;POE`gJkogS<vQa_t3`cTg3-oqn`Bv+8p%%F4@&MMDAm04tQ
zgFGF0L7Zx6u^IlHAF34E??8KGM&HJN%XZXmuG7Wm8Fv8O9>hX{B?CJt_!4f=RTwVZ
z?T}ORl4<6`hV2a10vVPZmcEOG9G}$bBy3J)zV3((X(nCQ<wAla1QGKt9W$xab?!A8
zTqt(I9Zw;s57@Q#x+VB5;}HHGfSdsD4BuV2<k6lB+KS=<mOgsH1W8_6Q{6+~Ure*n
zK$v13j<A?PuJO2yAp)|QWj9Ny$4rj$Z>5k{Ko^BiK=aff44Ak~BgxFovicO#%aWJM
z{+}eMph`f{`Y9>Na;3TpeyIMf<eYIkYX!{tL|+7er5BRgqHebwngx^5?^BpKx_1W(
zt{uZ;OdI$KcNKa~iO_7n_pJu2CKbzAU|G{+nX+MCC-VeG*}-LG9kFb4l{a7Rp(&+O
z4J9dcvF-v+rMk9$4aNYZHhuAypK$R}_0uglklRKGQ1SAe$|C2Qcq)S98sl3O=uJZI
z#22n=Sb_`PBHWOLW7$HrY}G=&JZux>`AK+8C=^9u{j~v|*a}jq5wZ7PYTrZ5Gfija
z<T8+>tT`k-`xP%$PC7`kXTTM$e$c32$ZrP?muW-}VrQ_4#8_A81)?-v%dnsoK(|PV
z4vQ46mh-QR>N%x4Q<(Kh*z~{h*i%{yEhPLLyR!S0%@Uodrdk?X5RC2sSKk-4jmDNy
z5-MRFQ~Tk$&-)Uu#A>S2DzLu*2{{99$<CjrZM~UrFaZp!s^?`dLootb8fyveIc+^K
zjMwe<;vjG2Tn3vU4x-Yj(dgzb002V?+q0%+$ICWb(z>ad@dDrKeB$)cjP~sqXE#r3
zD(cU5Vc-sb8s<ICPIHXM2Zc=g*g(XkQ(5L}R@+QPgCBhB?Q7n5?~op6=)lA&wH@J-
z>-6MB5iozqi$m{FloPrLOUo^hj-cY`3DaoS$k@y<Us4E73`4mlLLo{SfG=$F52zrd
z5*rv2YJu=!5z#?H+oPD7;0|vwFGkGwb~evUhYi-o+(dqwJkB;y_|ppk;RJ2GI4HMy
zDzDu0M@~5CfX-b?1wj4ae{qbN0Cy#Kz{RghdbVCmss8h(8O^Nb^6I1gvYx@e6Qw2y
zJJlp?Hy~b~l|ldk!zfJAhQbkAu_NPE3FX6yf*zP^!wPIl6p5YS#XjF(sUfcaQK||{
zN8zj=at}w4e~*L<ID_riP?`p~iUIcxS1x)cZi33qNzs#At%s~7uN&?9_734-vIrOi
zpaXxQw}(QIzrWmD<#uV#7+rKCw+SFl*!)n0yFC-wYM^c7O4?FBv7fN0yD%#F1q_zq
zZyEwZBrgSF;04r<3}oP5s9hx!@##h*A_vrF`PHW$pji?i#ZSd}avYH-^Ob$cga47D
zhoesO7!Qr{kg7rnyprV`C=PgCU{p$~mx8o4Dh>U6^Kfn#WECz9*R9R-aj~mVF>x$9
zf<7&(utb<YAu^~S8u9Y6mpO#6FR!)v;dk8MhjTGkaR#Vw^rg!61zsZ+TJFYXqoF68
zI0>4K$nH&!mcTBNW$ME+Yh@wAv0%|^T|($*noQiN*2@3~74#d2Tfi#2zN>q-E)=px
zcrE4*Eo7KqbPlVYZVibkeK`EPtxNSje+k82QMxfXMy0p<N$z!>7h@Y5(OA%&ssu~;
zEY)Gz>2X}kpzcmOg)Lk?N6|yj9zGgDDlk+HHEZR({$>u1W{S4kN_00X2jU3@H*o-(
ziw2~OCZC(|2TrenU-ZTav^^L;RKo5N3Hc8_bi=$A5ERfIpRu}ZH>a8_TfLq=p5fss
zS89qg<Vl(*;!OQIU&XS}cVdmlS%vn(rb)4N)VEQHpY;MdAb3-N<rSgt`U2OpKcJfC
ze@tUClqCwk*G`Y5B`nW7Bv+>$j2oXu#I@S(o!k^46+?4X4lR+}=>fq|t6S<N;k-0I
zG2uVLc_ZPpE+0CI;0?01y>z)G3NhDUn+ibggge?egmUGdI+n6vRnT`7nZ)oK1es)L
zd7lsr`P2R^!@wS_08;HKJ7#dRV0DkEwZAA^44Qu5`brG|j2#c$&N7#TBO&n0MNnkj
z8lwe{Lf;!K%jZC3XSKuo4D_UM1*4tft3)~}bX+5QdRfIjhx`~rC1XY)a^m--BOISg
zB^bb71dG)e30&0u2a<sK{7|0v6uVnWKQcb=<dzAvs$_9g5|dN%K(Voxz3bOvU>X84
z(IGguJu5(9EuG5FKn=9ql)4nVMre@HFF_Tc$PlPQwt%~g0Au*asWg66ID(vCD00rz
zM&eQymr^AC9$eiNfRw-<FOkyhxFR0#6GAR?SFK_?7S&^Tx~`j}0(+EX-fJq>Q!b&>
zIh_>X$_k^|xY=OkHU(gj4=o0AN#(=E=Mz{5^@OKWa86#Df2;S)A9lSIXof1Io<RbY
zzPrC0^*k7ymI99%baA1>Pnr&dEDRcCe|*+eO<E7rGH81j;|o0_-+4DrD}0;mAGvnZ
z&Rv2h$lu8Eo{q{BW;e5~GZh2vUQlvp@@7RyB<k+J_zW!EKu!KHuZA^Xl}--?tatXJ
zk=66rPC6mGrG3bBR3AJ7!b4B2OSFpHM*-zKe|umw38}x+U(MED=vE&yV|Wf=32ZnM
zUx}(o2H(tCAxIt>WMO=-Fi9RsCaN*n5LySWZSVd|>Z0&tM9>q&S^^F>c~6}7EuJTM
z-=IiLbs>uU@5C;pB?}Ud`sn91b8vdW4WR3<V>P)Qoh0n?>mNEb!R^6Xf;rW8BV!)F
za3XS2W@Gkl%Q%tQgHH`un6P1q?x0I%V`j{uz$5@x*=qXCfNqa<TB-#7H1ZFS&m6bn
zg|_dWeZcoCLZYlDm9wr?R|HD(3i$Yy3iHI)bIb9~C;)X}EHO<)$o?6Ht=4sjtHR%=
z8ww>5F$Mx$UqwfKE&BbfKNwsDd6@R{Ax_})DR+U_EVR84SaWQ022$u0Nc*<E9TqAU
z*1X6vtX6>TM!kD-9(~ZBJs`1a3j-7eQhV2f-?^FLRPDQX^w+D(mtFaIwuYMY7p22$
zKB!fHMB2)ckH!Fksvl8R{cphugCKNJr7Le<oyGr!Z2}O`Zl=}@TJKhW69@9`ZS#qX
z7A-XNM7=R3kKTJJ;kC=`vBhV#9MTnvL<xofLACYOHG;5(I6U;&iP9ih83Q28Y63ss
zTO(XdS5r9?bG;>}bY=gwt}&_L<TS!`oy+y5NvQodL)#B;G6?T!_Fq{vu3;HhimsnP
z2UVud?52WSinhs`E4@*yA@mQ^3rzTP$vK>_Y<=~lMo@?!agnmk6tWQ47PKk(ziE{$
z00IE)Ogs|b=rhR9rb;(QgDhN-Bf%qlK+F?ozmGXt5t%XvwZi9bSG(<)fdAD33Ytmw
zl2%LACe@v@RLpCse&dbG;3N?BiTfg<U?vE!npWX1vkIohTXN7-bPGV(2mtJRWQRz<
zOY-rodm;F)f!>%D4-E_;NqO(Z4gjSuN%~ZBc)u8DkrkIeA#nU{LzUE(BRXm9XgO2^
zv04$RY_Y+L5ezgu7*D6FLQi>qYpR~mErOFU44t`+=K2|j(bWn-?Zd0UJ&l<=gnDl$
zsSeW9MfiswSZ~Qq&?*dykcau#QJE0n39Rzpw%JwV6xU|GcK0iH<t#Es^|#$h4Q8Wx
zHsxW}J=FkvBY6Ovp678yq@K@V7<ri+^rny$ks9~}tVxkD#gQ~F%c4k<`8;OwJc9n2
zuhs*Xmi%O=3<03I-g}r0mzQv-AwNJEy%X397(p=+v1Hak(isnq!Go{wYw&Zsfq2+a
z`o3V-aZIjEY#nEkS3`H&Aia^QZtk^&X=`u%s;K-R6{<olPHMB?htFQDEu%zfum@ZG
z+GyW7bz#0=_0lRS3%>5-^%Guy%$O5RUnRt?1nyR!q8gPUI<ci(bkqPf_viyIu}@VI
zj6D6BB8u&!k=_s6nHUN`i|;qy(9G@Cpx@isB&v8*4EYpZdr)nQ+g+p^NR_0w=N5|s
za!J?hC7Ry(Yut;e#GV^dAzl8-#~W}$N>j0kK&Um20sjFFAXI51XuH|XqIF#4dFs)N
ztNpHfXemYdrLB9#rDdcar==qR5Ay|d%!A4N4Fy+TE5O^Hgucc}TJD83xn$zDA*!*n
zHZ~)6&>P9%@(|5vuV%;^0wU7egBY7&SG1d%^a$>?;N?{<pDAI~!hqOPNY#W=3VJMt
zCjk6U`Mz3)ag2SO#iN4#A*Bm87=AoVJekoPv2aYBw_0BE^Ae_XF+TQI{uZT~>4E*=
zlm&Z>W{;)?w`%5kTJ7MA+>X5c(_rv+0w<jh#1I^YXsD0QkM8-w-HBM!))c*(ss14;
zK3pg*%GetmZU`I}=&RP8V6!kFW+W}ky030M+ceAoJ|m+ej2x2&0QYuz`DOg!4~Q{^
z7)LJ`A90yF_5pj9jXv{3)iGZ{oW{@~s$){h$GN;u=0>SZX(x*26`;GCrR|pDY&uD>
zuFbfp;QU3fm>nNhRB{(xbbupFEx`7qbiaWbiZ2il-tGi+k~hig+<K+dX-@E90gYE$
z5(LKz-d<vt#2AhsRWSzYJfQ{qRwDXqEIx~C1Y++8nO!`*6O3iEAM>A(D)3E5tat#b
zCoNGiLsBcKzBP{{|LuZ#c#TH)#g^U=Sn1W%@9O9o;Yc;x4ao2+XJB_rVk67k1W$4{
z-L1GrDBMYMz~$ovQMs)Y4JbCc-@HQgZ7i8B(Tl)4{Uly#NFS>}XDE;5@j@wOO<=$~
zuK}rK*~Fa&PrF#3h6t#{pkoA@B$36ai2srm2eS$}?uOP1t{vPQ@Ii{P)@1F6ZZWtl
zpjggbh9c}G@oq^hWX6jZOAot4#{v<1xC<dG?CpH5(YNWi{pKn|+j73DAO_1li;&#J
z2gmgmimuD8J-eLWn$Bx<4Cw0(EN30?CqNuSy<qs`S9KPYHDxCetVP#5s@xn1mUs4f
zSWzPgmE}o;Fu=~;aZ(un?218|L<Y}}!N=AuS8qIa?v+KY$@*j4uKiKvjwhli+(|XK
z+kOBkUod=kfOXGDe}-t-dq;zkq7cFTlUmAEv(}X1R%9abNnIZ7n4$|7`uSz!M;twd
z@BL=?2E7DCiHQS=7UV~WnZy-#&aPy{FVikT*3dRyEv9p!c?eI}0XvACSD{vO7f5*B
z1|GJvM4mX~rgg>_#{py)dkWs@bhUl%G5l1don#yqyLVoTV?#qjN_1;YRt4=)K(;pR
zou+-j5U;62bvRO<(qaK_2SdBihetge^)3<!VckeO=T7%VJL+y-K}rxdpc$bIxwu4V
zQ5X?+bbqWF?Md{rXV_a$D|Z@8Elq}ynL<H=&UcShyxUj6s!YlqF>J`#^Y@kPlF2K~
z>=N`D>YQF@Al=gN?U|HqXM;X?wtwap(MdqI>!Q|rQxYKpGjz*}g?^_$I#|0OH-);@
z6h&;kVF{q?Wyd&QzI$MQi4rmW065r?t4P7srJwPphI594tsZ!FjB;~@wq9k(d~xdI
z*dR&&B4)U~O8r+Ot)2{`maYzA<DXhsuQF~qyjri#9cV#6>g59P!U@w`__(gl@j~!*
zHifSy?5#WzJ|Cpvz;8}$s&4-IR7QRpyqd18KqO8~p^C$z$J=7gI&$#x_$hmj@`ymD
z;XwIJv<d7%zmd*bY^E^lxuaXHz#g8nD-@xIIYj&(!S<lZu9XL7usDDh9)YH%I30Xb
z8!aG`)dCKvis%LoL#xW+`z$uEQ<CtO`FcQ?0Y^~y5u8kMBsUcXr4VQ`#4;kb3wp_0
zSc^B8yD^2lN#V=V;mBIGeGLdOo}3Ew<%3b?HTy&ZyH9JGhz*O}#ql`Oyohq}$q<N0
zZ@fj6U_x1i-a*l8_9+MHL3Ui`Sal{u4+Yw43lI-t4P<#xQKb5F$+wxeNuit>C;9%1
zwg#Qth9@*`!|&)2yZ}nKkvGRy_a{{#0iX<{*INN&tysgBHQ0YA=*C}K%&GkZZa(4l
z@8GmT1BQ`Lc+>_-)PdU(tB_yT-My0oQc&bRpKoP>*doowd<3^k&&_0&Xd|5q*yUo-
z17bF~QW!yQ|6QDBxZ~mH2q$tSRbQ^|&K!zL9KY3@23C+*C-*_r^rmU<ae1R=b+|bo
z)?jr>L?0j6Ss>}kRHz<#0?E*;8US~l4+zJ}HYS<-c9FiSD^yI+E_ErAK$4W-K5LyB
z6!^?v0KU)VKBNgso{&)<1V6wT)G-T5jVZ`%(@H26pw!twK#t~Iq=ySRnF3%=#q9(%
z)_{p9{DFaXRxrG?$lFlJcaqDWu*1DQ&D@k096<G1dK}8jSa~k)R>FFsZ<syo=P~8i
zh@Ct)$C@m&#1KP#$Ht77a<dYt_Jf+SCS&bjkE@-P`<O-!l?kTJrv_zq{bX5eE5PWs
z2Zq4OX=RDeCj#1>##eBehnHrufszRZ=QLL~Y)UW{Bm-*7k0Uk$?vwt`dfN#eJ31$y
zX&8?cK8{*g+3@dg7o0`_{Wcg1!&M|AjIW>mDW0Lw3H@RQL~YRB3Sj+!PB4L`8Fw_0
z0b4)#bB=P<v?FcV5BJ`iAE((4yp6EK(x+L@asdKdAdcnfFp<AT0@yk}AO~p)<el+~
z^xJ6;Nr9!m8dm%I>t~zy>aj!rS5Sd1F?#EYAqP$>6*sTeIG}3~cXV5EZNl3Elkqg4
zA52hyhg*Pk<7ie^&FdKJmsTfEF^_z7#=JrLK)1zorVRE7BC0JZ0@SK=RHc+wxb>AR
zrQtshIcz*0<)$|0XJ2lb*~VnkX(!L#tje)wej^Yr0EjN$NdGSb;5qI#fG{>C5OYjE
zM$!7H^Ko)y<`g?wpVj_IPJxp3<&2G8wprvvR(0LmPZ*R15nGZ$zj<!Y%j2E4KwU21
zD4!<fBKMISe1SC}-1oEEq^B%v{Wr*~OhMX>--X$yv!Qg1J;GaQ?uo?vLmIVNOHCU=
zk7Y|(p6up>Zqo_|{NmHuqjVKCYoNCSK*H}=yvt<f>BlQQro@t}E7d4W<DoEPKeWli
zP{0SC9(t&PCW>D&-f%5H2rzb|<>Uv60OJSoe>t<f{))DOUQpQs^wYH1;_M2D{4Ao=
z^Cjo*Wzng$EZzo!Z7b*Y%2=ea$OOo?cl5_O6LNv=HcSWu{g`uL-7F~HcJCz6?ar&u
zR&T)dN>ktXlZ*D06eV-_vDXF{mW5+?J-}awJn={kW8UP)q5(z_hlP-4b)LGNl-J^S
z9{^&8s$NL5hfby$()?QieXAw56vc!$k^(gtHz|K87@wnLyWc6r!iP%Q9@9x&$>ztU
z@Mq9(0dg|^x*MfG-T<3U$1;s0v5^r`26O!p?)7)8Zg8|EC^_cFM0X}yIM=U4bp4`;
zWyqeOjR^YgcZ7N1HyTMZ^PK6Z=~CgC9+~F^Db(_VuP&6SASclJ$`bG^XD^FdDEx17
z5V&K+h-Yl)bm8t|K>xJ_@C%HJQ!b50DOHW9ZM%7EHpLH+jOZN3I=yA(g#fH=m6~w7
zc7FAy^O%i6a_3$DLfzyW+btLH_?6{!&$8|)NgB1LH&M(tc^&U>Z*<;zcKOK=m5^%j
zS@dnkkz~@L#Lt$wwvs6|a`Q^${d66!``eIjSuY>G8&`=2wZ&4j!9839<TaK<r*7Q$
zXxrMmnJ?)ADNpg$mNFw!dAva}v|o`;1nFqY!Jv3%`Uze`Hyx}p=!;3+`A$L5Sn-%7
zT}xPxlC`-@vw&F2*eqGs;v6gt-Nbyyfj6U4Wu!rT|7XFGs;q*9eufAPTZh*t^e`Bq
zRe-)77uw7y)}BMO^EXIBQv2sU&?NFHkpo1DAQcC!echd3#W|j=L5fGZb0^X)_XU36
z`q^^`5vi0O%9~o4Ga}QJ0NqlRAEW)rIJuOz_PxG@jBX}FVQ0*$N5xi!`UNMfCnTMJ
zm;cJrSC%kr*F8K5e3*5Fe81t87sahUgC%d%f>Q0OY5~fd+%wpd|I{E^lvfA0CkKRO
zm_TGO=Q*n?D`xcsTXVU!tKO7p0ghNjJ@J>mN(CX92r@%y#yMW(rb#!|Bsb8w<RS`f
z5uGVVJyik(>vS+)f)A(5PIy{PZl4kOixAX=upu%8K-aaiCT(lI+yXuk!veD&B0H@9
zuV(9rQ>Vn8pf3|B6TxxItvjI@nhP5Kj_tgidVvr;l_RM0wvv6$c>m8eyxRZwvc7>=
zQ;lrKT1=ZSTt#k-TZy;iy3;#XYq98-#+ij~aOm0zrIU`#Hm*A;5T5aNmfJ54KN<B_
zsi|0|ArBnT2v3@CB}zh+CUN4Sf2#_w2xosi6jJMos$VRYO-G^~6)sNpxzRMX{;J&Y
zZ`o!+n3WD_C}TyKWrYL1AAI#yN}SBM+5MDt3iBCSqBwBeCOOsy-*&kjEgoJ}Mp`$I
zqpEjJ>QT|z=3q=&dEZIyF{zq}Qa!6Rv3Y^<7;%WaI0TjcLC9CF@>pFi#uan{@4W;D
zTq1So7FDA2r_P)XKK`i*_IhU>*LPF?ZEJ9aHr%UH1yYfRr=&!7v96>`W7WLDq$os4
z2Y<BZxC=>Ik3g9U6r*7c!1ewFhXxM&;<6qcVx^HSgj1>jX&_vBs}pD6w8^cub4{#G
z_#02&HSUkKzUIQufcp8MwhMUQGnr^*I&adEo$wSLd>SW6#pBhV+waMr0=nQ#^3b`^
zsCd@=zOf4?n7aW@!i53m7sGQ#gKa<s|8TN7H}^`cAH_{Jxp^+8CWOE{(i>d!$Yhal
z0_zam0J|Ct5k0T~3?)J%HW8s>1blFA!4^<+=3prnR}N?D3xc-x*Pg?{%gIF)pmW^T
z52Q}3h9*fOQZ@PCmG+E;^umCDFh-H`q|?l2o6Kwz`3Eu0KUD=RBPh}(%T6iy&MV;w
z7Z>^gTl|9oYPH2%9NJSOuv%LIg%}U%WEWuzaY&<Q%2xg3Rv@o^oVg&pD5WqDjVoJ%
z<~>Wrix(ho3o(@tVgEd3t`tJfVj-A%k&;3^^x`0S))<gE!gmq7-%=R3*ZTl6;*RuD
zbJqXtmSR=Cu}sVleszzR!)6(s(UX8@x}TkV8B=`WDqZW2>+WCRj~g`mpRG#<OP*US
zd5rVieLTq4D)*CFBDyg`09Iw+kGYcOjC;G04ditLQzYGV8VhIDt#~bJh4ywD%|GM1
zKl-EYF=aGX1DLDX0|&ioa8oNq{Qn=kHVasa<DLlvQ~>G+2Uk1)g75dS5|5Qv^F1bd
z!|(xFAKf0f2V{diP`^3DOb7W^O&<&O9XaXuG#C>}L7Y^XxE^Cy^fX7iNg3)VD!g!@
z%Z=*=$pdMl^fA@=^D4>olDZz4bT$l(K<49ZC5e+LSkOVx>l#Bb9piT|$8cKDGP2m)
zdt=BRG)(9eMuIPN<q_ijgayi6;3^`=zt@4lIoVHWAApEnw+m&IF{=my%I6+n*z8xz
zJ2gP!z7@7qV2mpT-h+!hynumQ`**TmT7PTnuc0mUmfg&t+AG4JwzJi0hHM?SV%_$u
zDY8(LOzNy<So&qJi^6@}?DoOJ!5u<8hZWK@dqQfI%D~nI3kMBsssvt7>p1sUmT}ao
zhUl^8cKq~G1VArfXGCj8PBg9699pl$zp%5RgT7ZIbnUXWzP`A1VV-)f7XFzyJFFX{
ztDg)|pc<os>aM#O1FdI+<oL|9487XGkn>s=k6II6VFcLB#M>bK2I3S!uv*9?iQZNQ
zVZ$3JFnxzF+>Tp6h;B@L?HLxap$*@ZaSioqNH4`nr?DNW8IfH)I{*Az@jgx6kpq#H
zxkpQS^CtYyfNrn^@6x;EyGGj-A*~T?4Uz=heK))OJRZH<m(!*?$hTW85Jkp-5Ub{m
zmMcXgj@!6xa0|AReWrf3s(J^w|LAqEzJH`oM@K%DOU8}xU#6_;S)&IV;(8Mm5jLJ$
z%B<cz*-!(Zh8-EZfWkP3;vt7@Q#?c5dpYa(0A<qNVT5j%iVl}q_zi-)7&JT);+=?w
z0po7hR?7fX`;$P4JkP@qm909@aybM8kdC``!okw)?mYO@uI+@IDwDm^P5E7=+#|RL
zEfRd{HHoJcgjteIPOA7o$y2%YlH`%Hw1NGWH^6Bkq(`WB#An%BL$tAj!p#+yYW8LY
z2O5f>rq~}WUx_i$6hT_fDBe!G+2%O^yk{43;U(j}dz4lLs#L$?Cd#L|guW=1SH>kU
z1H+T9*Im-!WR6Mb2l?s(c92YwtVP>KdQ9lzOH?kFppz?lzuZqh?1MU79)kKB`qo$r
z0tAx8{476dhB$Bl0LNgjH7EmyQ~;OixKnozR;NQ=OtiMhd9bqcF-U2XdXn-PLS&fL
z2X|772yAa;J*EG2P^cIYh3VHtC5IMOZE<i+uZmmR-1}$PCT~gevT184)jl4}vcImW
zMMULZ?Ah#mA@*nU?=+!q2AUQh)d+Psgo+{ug|}zj;4DGL@H7gvF%9WH%MOKvUJgzy
z6-qUWwg7g=RL$1zY)6|~ZRrxfkH_c5{wb|rEvcwDz2{L2?A9Gf2`H)3UY?QGB?cu~
zUI>PbeW2m+@jx8GJSa7_Q-=%`QsAwX$}F85J0wc^jypgT2>u>$&Elj^C|0dvRk7I`
z=bV^&imLn&P(HA*{OZai_!S;s3Ox>-Mq%$;YYqqxQ*IZmk~!y#-T74~D7qG--@{`b
z0bo%I)IeWtB+TfhQ9wW_OD%g{tx`%Lz{%uTrvFS+r|Vb|pYldwZ}lAHzsPfn=AmD}
z2c1B5P)~niz0-`Gk0u4rBK;lU@thz;aIn-B^c$<P%3N*@LH--Y$4zz3vA-Vf)$WD^
z{Z0$=x!WGtSn?AJ<~`9CSWWBV1Rhh#r%t*MZEx5jpBEY-uBhl~xF#y<y4y9(-!X{J
z%%r%6ipHIC8#ZgKT*X^dw6Jeu=P?E+GV+!CId1?#K)$~;LL4@;!LYt~QJ(V($^9d<
z_EbSe*+nfaqBI3RbtjbS)mTG#fyly>FGZY`ta?h<4dKk^-rp_?V7+e_a6|7|T^>Bb
zr0<Mo*YU~H6sDKL{t1%j)4;-|HYX)0%Jim7dhF81A0snQ2!_}iaM>=yA=0~|u#8aQ
zSRfE5<aTn=GK-=BES_k2ZOM{Zv|;ixu8WP|+4CaYFPDB<5KUxCWB)A2)ux`>gJV-Z
z0=CtD5^fR<6Ds=12y}t3{Oy6ero%x;aWd+Ut9X)rQBXB)B%29G_1J1VSwO09TDBq~
z&Vs=#Bx^N16xlb=>Fi_kfGYimQW;0T=*AnvdIM}8uGpb%NBPn4Si3{t2K&)h{F~x-
z#6_9}ig~N$d<Ab=uq$SdTwZLF*$(me>lN`~%3%nXKgg?M`zVE3HF_)t>aOBmZ^ntS
zS1bhR3Hspt7|Iz#9$<2XxmN(Tpi*i-P#~*CuQfkOfi23Xz*~%U&VeK)kA?@a6Z2Dz
z+-?+rZAY$#C<k1F!-{^>QzpG?&37e6@KJfIi?cbQ*!yIx_@^gsLOEsCMV|5imSKp7
z7}i3>`{V7PlV)y1)BTWpc!``3%JKA<d?yKb7-~$mBJIjjzwp94<(=#<8r(RlK-3)?
zrh<Lzm2ki<Xxx$XY6TrHvoAVAhF#$tTJ9$@#oMl_XQKJ7tt!g2x~CXWREm=3bY(8)
z@o`muiF7wAW<UW4uohvqqPKFm|NKE8o?H=5(EkHolFEQc%EfU(!oLF2P|^k4qha}x
z9>IOZLt<TU)(T*;1G=Y5d>oXAn$gFHK|4{s)H)pzMj!)SHq`A&HFRT%Wx^_e&Xsh^
ze!D5lr6d>hQ-_eT&1&B+vc<Nb*RZ%;0016v&M#YJh$lWzEeO275>eg$@xJVxOCUsr
zjT}r_3qFg6aNtJswYLNGc#(-Q^-QJ!80SrS^P23M-xh~~(DQr}76~!#QR?TC%z?|c
zsE<QQF=$%dyublgMBCUr9!j=-J?oMNVCYpCJxenJiY7X$F~qUju(t>QLgl@S5;#nA
zSp|<o?`qWVtKS$(E~sf(w_;nJ>P%~#f+S8WmW=UJUFn#P{}xuwfk~`hS+T(%MQ+<4
zImo0PQq}y*T$1jgDRuS3&li)X2jy-SQW+oG9F>gLS18QKhVh`bg*rJPZCl7*z3>({
zb>FC~SDqm68a&^ujg1_c|10Vyei>hjrM$$V*6$pNJDxe%y+wVgFrxT$u})Llgw)w`
z*>TS1z}2tEF5HcL-f7WH5Z`D>QZ>Hbou4uM3jDnA`J1m&bTzS%J%n~fX^Lb_Z&gI>
zVejVi9jL~yp`ARwclbOkYm8(lEO?;qQCZ57dC?ZynrHIw!g1vZZ$jR~pZZuN@1G>O
ze9{|RE=>dRXJY%!G<v)D1Uaw~gNQjrM~6O&dTsO=ZF1C3y59u7B|W|3AU?U+PpyLY
zI$|OR!wdz8Ea(wZav-Dj`=VqveniIDJM%&rp=TCX8&bOSHz&o<a0I3ZW>N6~n9nJk
zQR#f;DduT99M=4hJfZC}lSR8a-9|o&n*Y2yGJiotztexUQb*TCW?L)3Fbs?CelW-+
zHsExqHY6MlyjqX2XC&UO(;+xv0;m4^NiPl9c`1K*qp*;8Z9{WQdbyv)2`*Fgnlgj)
zIHzXB3cYR}v%=-zbwR=bSCwB5{iQi0hwJ?#DcLmtvThoLPvK5_OP}rnU!#K@g6mbq
z0)ga=mE}9B6?igVji=amqOo;u0~D+?C9r_O?IwRIf_2RF;{B=T6F-xL#hPIbZLg`I
zD$aRakyH9q&hA2ujXYgMFM)o)2w<j+0~oY-Q@mCJ7J1_p<bym3Z>A!R0~574rx3JR
zA&XFZdS+%L8N5lC({v<GfdG&6$nfBh>d~^PUu7u`YHYfB@ZWSEOx`um17y@rOZ_#y
zEnY`9E5<Oukv69%1fso6p|`yH#07^EoA+18f8x#-49z2JS)7yCHXWGjxskB#{<GWl
zDWT(E#q}9xm&O0BZXOa1gTZIbpNW(s7yy`$;6^j78y_nfMpi32akFHe-h6+Y`aNp;
zKK&p53<{aVd)F11-LC_;St8K4;i?d|g>B-k={tZm853=*w3;aDcc4xCmW7##yk{~}
zhRKImIIy6I_TvIk4g5d6?oIE%WU*82SAAgBEMgL2*FW3w!hm8>rvvxuJNEteLiRh_
z9*f$WEkp+R)124aY7YGjM=LbO4huj<Z4BO6)R{R0R3z3c00jq*rhzY~8X|qR_R$zA
znvTR2uZzZoxAXeIL${@V*sib*S`?xGeyd`~OG&5Yj%elwgOG*9WUPowFPw9{Jf&G2
zoA$J4B)TAppF-#h36hE2IjWnWB{5&R$*pg3<4aopJv4j{y7>=5oj_m{1jsD%MdRS=
z24<*w{(@iIkP=Q=U7yE+_-b^B@R*JO02yuvufpCSR-C&XVeqOn9(FhXYg=d@4F=8w
z;{w(K!oIOTL*i6-iRf+s2w-F<?qr4fs)Ht5$P0J;DukME-4m+epiAVz@ZHlc0uLL#
ziw9)3{oxN_YOC<(tsh&O+bC$lv5R-yi(v}QhP<{3ykdbRoG{?k!yXGWh!$%y3y|#q
zb>)H-nmlcBt8xp+y2ON$wvzK2P!sa2Xfei+tx?=5Jd>A8!-xZ>p!nZi5Ship$M3G9
zW*e*AesqkH)7|Som#03Cnd7bVj8%fu=SdvOWU(HJMDjQDXv#dM_mYhW^22nj4*Z+^
z1WyYKl7dj+ZoJgOUBsX%)snLTVFcp$qGi(f9%M|<Fk@k}S5Dh27c|jv2Cuv<x;VX{
zzRuJLK4_s5R39G+3!~sA9A=O!TP`G&Wn)hoM6l`1Pn`PQ2r4ZLde_hlCf|XV*jGFl
zJ4uJZlKoWLy*B`UFelNF6d6ix6@ssHMr1z@8slJpc`U8pp0ZxMj(fE&Zr6qx?A*=)
zmVfljX^Sn5_oxP1>e<<WDi;ko{<lt3*(Rtsp<FrRT=aicLpt!V{4EZ@m4d4_08tg4
z;FjV6<Io@%tIAw=`+g-aaDyR*;ckuspd{kz2TCn1xW9Koy1Q!W#G1Pzyn$fkI5v~g
z4u)K|oQ|WNrJHkp=*ANjs?;;I3F)`k(1Q#*TN8vphGSwx0<lPP5Xo^duEqV*1T{u1
zmq%=Y=&P{gc>g&|7b)9n#)2Ch&ruR%<@4}0wHPZ(H5||xN<1vwj#W+2N~b$!EvG&5
z{cEbnYx1SO;n|gGk}29<r;|g>1s`JS>1S7dxz~DsG=fOcnK?|7ziimsLpkx&PdZ&G
zpzp5fBk(2|<Z0_(U5Bz$3>lVzn<0JJNE^|Uqtkp@-LguYf5K8|1sEy{<3!Dtq>Vj}
zO;Y0S`l$Wva`?uRnNrd8Jkx0<l)yX8^G)vodXXOxs`Y;wi}$GK=?5%Qm#pvTl)y94
ze?L8>C(+jiL4*KLyj2;f7+^&MGa=;o?JATbHne_Uu@Qy7!=w0P3i-1GCGQ8d4piDF
z(V^!a<p(`#f`@bj?CCevk$5%Ja`g=kSi0{3J|&%gV21+>!Vz|Jw`(3cm-j^C@zRVH
zZCNnJ6J3|;)l<{^p%50Lw!3!Q*c`Qc?i3>fLu9p+8(Jh`V;dZdOsA^s>QV>l$M!ZX
z(}Zt-#z<;IbTDzvMMpLwi}yd{r~Ot)FJ{Lc`@uT~XumqB;J9jj;9g3cZCizyEC?_E
zq9QNkT%hqFA3Bx6*1oq5tj0ndd0YNgb80k!n4u)6pcq$THZ`%dU_zA(n+{49y0&EZ
z`TqhfyZVcZ+M?0~7qXRMg9VrOI1(tJ_e+HYSOzGyqlf#gp&o1tdiUl4ufP>5Y9P8|
z5BdIze4hzVV$sRt>3hhETb6A;G!g)G6}UrkcDq~#TAl%5r-DC_G@F2^28F!2a@yoO
zfT&acvK{FoMd{I>xfAwcxVtX18tY4$qNMI>9ph0=#PGW$NCGSXDy5}8Dd)6vjvF3p
zd^)}8@+gJadc-7MlFew-qTnYGcH7%aqF2H}_bQ*-qP!%x*cG0{QPR=(r2JkAiCJiI
zl#NrOr9FzL*aacdu?RgUKs`inlQSY~>H)SO@?|@U%?s+d4FO>?Eg<O9nB}nLd3_)H
zrKHFg+FAU)_`;)rD#1LM3Q+k#wIhKWG>={V$W1XCSiF5Hgkid3%2bUl^xqJ+iID0&
zrmp=9y^+zcN#RJ;O}QYNeBb4gsLOnXjbTS*k(qA-!V*>_sEdLihXmPp`HViN&etH(
zswFK|DyqOn5)^J6Uj15yr*R;r9zQYs=Ugf$Vo(VQ1J76Iu>!(I{j&()L$ED`W!w24
z>I=QnDJWJ%TD-~3m*-KDdyF@tPqIS&U)8s$?~FP02;4}*EDgLB65Rewp9Do!_zdA=
z6Q2}px!)iPwRr{<1b0)a7dCeqQX++F&{67>cb1VX<eyGhhxe6<)YQALuqM=r*A*mr
zc4#vo5bjwlIFnZJo1xT_D*X>yim^|V{jV!2hgmoQ)X{x>tfh9{-9C8B9)QOEDr4`6
zwoZs2<PNk82d(0XEZv^7_O%O?B6XehUrgV6zbquXgNo}GTP^XH<{2g2ODf!JJ~MK`
z*wck#{%`NZxZK{oRuk81_%5YcZQfRH;_g=STj~$He&Ko^V8Hh?Ei-;czJ>dWm?Bpn
z=@tZL3F_@iz9#CRTeC1+?`3BhkC=xKf}$FQDoUx@MjNo=si?z|^}N|BAhh3~nZGID
z4+J<}Zc)NhaG-Jx<Xs82L7rW?RPwgCUDrl1R-{CPBZi{P&;q<l%Vo0Q1S0azxXT!-
z<Dz9P81jOts>+-w^JH?Qd%7Cul7S@Q`U1;(&NFOZ=%>5ydxM*GH>oNjjFl4#1df*q
z2ra(}1O9q>_*9=e|ILl8O1H{Pi?(*)U;qw|P=OD|m`Ec@liR%7hr$f=L031Fmui+}
z<1)hVxpu32dGpnTk#dtZ)D=QlQQuZ_k*fY27a;0_q$*3U*%}Me+e<4bBWu6xzc}j0
z5V<I+Df%T<0@=(e1y4-?3zh;lJFwLanS~;sk?&YQyJ`uLxTl#`w!}s%$R5fV_~E=h
zCs6xTYFI23CqV!=rfeHNBgrTG4=GUk<Xir>S->lF6Ehi2Sb#0i+kNS&XZqEZVcmbU
zth`XzHG5fWnRP;Pr@bIg%dYqx^_S=m7nW>B&?q?;1HAO7HHcVRU9qA}3QQ|w&QIe)
zkBCcmQcn3R*-1%U??dreQ>G3qLW(`jO#O#cgICVUaERCxoIIdwU`^RMDW*WU<sYgQ
z7UhX_@yEpY$;ImIHy4)-^6i#nJ`IDQ3Rl91N)SIcC0}Oer*-)1wM3#whYw9F@MQe1
zt~<;gC4EX?-)p>PzYuqHNU*T`W6S}GsIlpx$@+?(D9x*)Q~tZ1yoj!~Nfh3M{zMH1
zA)@atsI|j$x^0QS!681bX+?s>RAmwkR*l&wXBOHE32;_Tczrx}`glWbSx$eLk(=?8
zt}$mGaqqbw!-+~?8$d9dnH=Pk5ol+;v>ZNc|G0wiUQ$C2v%o0NI5ZE*Kg-+ZU2sW~
z<JH}t`UiLtOBII{{G5N!p`4@ipO<1QEQAnks7WB<k>!Glc~!fuZ9a8pb@&EFMOWeZ
zzo?h)O9qW}=Z{H*>nu|Pb5v(zE?+QA!+d+aG^E#n!~zl$+iV(9@5_6Xy)#KewRZP{
zKe?F0I99yF2!}@KHI+^J`W)zmEgrX38IaNVqiE2$AhQx&{#NHODuNN_>?d9}v^rU_
zKnN({BjhWKH9KyhuB6>VUM)l;(nZOs18FmmJYSFiMae)h{gVy@p+-nboZ)4%sQ55S
zio>kaCeC*UT{{e`0@l}IpdE}5aDGZz9|EcPQa?9U{$$qG?k;sQX0qC!u#|O+v84&l
zsr9Ub#zVes!5{lDMA9$yFt1Eg>j{3Ki>2^tJQbfmQknp+>tJoCsH5y22&{&6qQH7=
zFU7;MtmVruyzwbmKJHF7F64KdIM%OCx^EePEDCK`<9*PPjVf(ze<b?-KTX7?r=i2B
zt2L(_2<Zr1am{Y}Tq5d`!C~+_MNOXk8CAPVuMep8FQF^P2dMqn;u>oO;^nB)gb`46
zV1^Mq;o|dVZ%=^{Sa_2;oJDeAjRp%Jai0CbTU9S#kNGx=*W96C#ZI!+E$gxkhgYKs
zKtixfj8RDFp3k-gplTJawMCpieIiG}ovSfytMo~-7zBh=gT>3r#X_tqry2@UlV3>$
zA6FGg!}*!xReYnVhy2mSUc8iWJE2Z#jDli{T^zBx>3qnA%G`?lkq<+6(*Htu9Y`ws
z$z(NM1Q@%Ht;@WW_hG|J+lCaZ1)w>6EUQ<nqv#n#(^&zE8MPTjJ{~%qg|4&^-ZK@h
z{2E(Z<VVs(2`S8E+rNn8NS-YO>LB<R-j4^`d-M>#^AFfa+{l6fq=g)?tM63cM3FM6
z?s$ByDiVybRfLATR6LXidWGBWKsMy91!#6qjNhWo5USY|TwWoZ%czPOJ8$PKTSwqV
zD2ZFRRpcJ>YMZ9O;vAS4fe0m<d3D6BGm5XvPZK=QosX<Ktby3qFmCV^aR3PAf3K|J
z2e3NHK^SNuH)OHZJQO9vBZ7X2EmTr_Aq6S$t7K;z*K90rUQ{rS<YYR)AnaBwudCW_
zx#6IplU36mj123nY9JjuBf&zy(a#sO6uNg37U8_aWXUr~925;e6iev6l!;kUtv+qV
zz$XmO?yJuT1m@bJJDFzJmwil@Tf7Y}Eva%Q^MC%pUZZOn+#Y~7)+*1c0p>GH4INL)
zlb1^a*JKLIoZHu>nH4)>Ke56fkdG*_X&yd0l5P+P><le^uO{uw{FQ=!wTFV<UYgOl
z<Xo+QUJ>}f_9B7RS*)fn|9Vgznt=ubF&HZif24vTe`;JO;HHqPv!3b`iDkS+5V38y
z(#V?wmH=@#Yetlv(-tHjM{v7OAW39T1to|o_v*ltP98+tcI)q7g*>~OgD<!C_A@*h
zyIPpVY88Yihlt07Wgf^U%30{c=d@}jHJ+G<gs73fb=?suAig(}onabN++rfwb0CPU
zI*8HdeJe!?mCA9PXDK9!MtPpnMMzk&x;ms4F74^u<i7{(?gyU2nu(yC^{F^(^B3$u
zPQGuQTLv%S@4zCL;hLJ#l+Y~Vd*m_uL=52N#y5tF_ffm8I$Am$>bA-y4vq;Kuxc^j
zjK^hO+QQLTx=QBmfFirwxn-b3&Dcxhsh9zR;>!jvWp^^FNUrsB++1-xzrYA<Qo>|S
z?=A<W2zW8I5G7K@3$-qkEn4^25=WL;b9JDyMO7`$&MaZFU#J}~)pIV;M_1MVpUD=5
zJSEiT^~^p%aBq*mOJ&mOc4huk$LfP}mQ`|~C;cVJ%nGEWIPVHOd$h{q8F#d_qC-9e
z*x_YW{ldEh%LOQjCRrKo5rM>=f#_3}iqbA&=%u~Tw(h@>P;5OA-gT+WpvAuq8l47x
zw2%XooV_}C74YhJvAvEmh(v>%q79;>fZS~|s1|$RQ3CBFAi#SUh|aoKmRUd_*`n*K
ziR!aiY??<iuI>(*zWxz0ZfLlwH`0Z~*o`Scwg|Y!<GMBFEtJyfjPzCvg1{PA4ANF7
zVSYxg2s^RWD_Mn?O^H4mPK|2Qa0<zfiqp6;Po<B=W{%&pT%cGHc5lS6i4vf|msCQ!
z4nPNuvfvz*;9H4rGG%#jfeirvNp`|AJAQB;R?e$d0*6J#P%$!+pC5niKs|r@|NK`w
z{eEmqZ}=LxuXzvt8v6<`Vn>Zt=?-$G$(NrTn9VKaO_X_2K<_-V-K2QXeC$L2ps5;@
z^b?n`3M3@xvZ{X+n73gTqm`VydG|i)J#6=wDw!aU@lD;Oh^rLBEiE~K#t0yeVh>9;
z6l++tX{BYf2CoHmPa+UlOWGp+`z4FHMb<m1VD-?&L!(_CaY|hgjWm*lnpAG;cbSPv
zdD}~;w3Yx%D?X)s^D8UROzO@KdHX~)1EgOY&msr#t&z*qeTMG-CQ(|rZ=>Wb=#9rN
zIPTwrBZww^PfpIM4P|BH#X6b<9vq&wnOpJOH{SL!MMt3W+89og%-gyz1NbLemH=*)
zt+>c0nG)~n1qx8xf*+;l9%>pxF{nf>ZoOZiD1yHbNB+bfUL`lIkGnGjanb2ARn7wO
zFwvqL{;<%3O0nG5j_GluVD@j6_HaffzrvxZ#|PiE7CkR&YIyc5x&AeydZr?CADZyN
z2%H*y>tN}|i+2k|ssGk%w_bR`p($G8+M;CW?5iG+j?z2LY>UHD$vSb1DBq32y<n}5
zuu**9R&ehb@UD4PE#7YvgOSZ7u3$s&Bckb#<^lsEs6OP{fD<@k`cwi~YEfmS5);O{
zjIps?xsmiX+A2gm*VS>6TvhD@NA4ZteCK6%Z&_QJu$6G5Sc~OEF?dfPM64X-p&wWb
zPKnO#<%&qE1&Kyhh6AxpIQR4jITZ40VM=N#uqTV+mrkK_A`udXgB;W%K?OuJatJhW
z6sdw+0HA0RVN0U62{ZQm(M@;fUqvg*#6Z9Az|(M^8DDe7^P3D?0hYhRc$@!VKaw<8
z4i$|g@z$wiBt+CZ7juFIn{rfj-F#DE1ERpJ*mD{rb>0FMsPT~h$5%>D!-P<FNAeTR
zP&{Vs<2PTM-79KHCK00I6I)cTUu0XsZ23L|kUP_ANamW^^53WN*h>AQ6L+-6sin)}
z+s$2uygTc&x|~N2^PmDr+6f|9(vb{eMN^^h^;=CsMj|C`zhPs*XEB_-hHRkz3l6{B
zE??Mn=CGoRteC03qCCSd<A-xr2(*b15#CV?M~41!7vGYp#YOZCsb!5*r!R~_#egs7
zP3Rud@H|Ckg8&>&fkes&)+II>?@6*8D~QGrze4Tg!}-1vg4N0)c@n@Z_1TYEJlu)D
z0>2w3wV(Kt1=5hS$3agv%;}cd?seGM+r9uM5PvL)3!&8XkU`h&jbX#Flv)mYuq&$<
zeZJ><R!zDOC&}Dsrz3C^Ocklc0@*Q<HS0=}P{$fIrzqGTG~xj2|Jp^nh~5iLOtHd<
zZ+Q5~Z40`mJ3<x^U)IAieG%WEAM(kSuKgtcdwXGDNf<6+KnJD#i&oX~>D)FvFgl@T
zL*zfWzDfgSDw3xJAw;~A#6)W7Wg$_tpS>WV+ofCTC246x-uncKK7fnsolcGwwqt87
zktCXGl0?SfTWb>UN@PN+mj9uKKGGXGzGXk&!6Qxstp9twT}rJc1YBPo)~@Vu#=)5|
z1(Rw?zk^GfgcHV2N!cul_5+CoZ4q3oeXvpx^I!BhX(rR%D6q592$$>6S_+msXgRWZ
z+R)A!xLvz<1^&!9)~T?VP$S-rj3R}KSEvbkC*Iy0V?Bi6;2>S6R0oOx>FC`09n@E~
z?GbTpW{SCY=u0q*FQC9JZ%G>urfbP#?KH0iQI%BX_9=&RYFKA^Kl7>g*9N_hBCTb1
z3)zx_h_07M9Rj>6`5jgwkcV}Rpif2|!4PHP7=F^mDE-m~(wrA*WOz9`UEcI%I^>>u
z)|a)L&eL@&hSFq#b)Q9~v?vQTJN#fBV4B*~M~|JGNj*u69=Vs)umB9$qeyDNI67&g
zsgwjixQ7NILPpW7D}B_a?$N-K)*KIRCC31Av2vJDOZ^4h84j}E|7FeZ0LA8jCgjbq
z7SA8O6U&wB0}PDX?#|?C4TgmPpGjH;g8pKX6PAkEwO4)^OBr!!%>qEDffT#S3CIu?
z{2t#8XFCA=eHRLf;)tXXs(AKHSQcTN2nUdbuYiL@86EPr&dI?tQuUt3m1AWo5bE<m
zxMSHHfGaa}0>Cu1iEiYi=>bB1gPYkh4Y@YcPF@8-kqXwgR!3`kO6Ab1oTN5sdf@tC
z^5Cj(QH?T>7X6rxO)*iML7gv4oe!{PAR8g!DTGWsJ$m^AzWK#`3t@bmzVfJkfzR8H
ze1Rq;pbpNaSXaV+N+Eu_HP`#qAHT20Yx-t=8Rqdoy!0S7c^H`Gey@h>_+dxg!BHs~
zwR$pHPU1$N?^nV~-dCB%u#w8?lLEzu5o!xCc2r?61dy1K7%FT(Di-l(+e|ig`Daz$
zEMw}LV-kQiQ_bl+oig^ktLnQ=V7`v3R{O`{v-S?2NqoX786>8O6DCE*Zc*Ja>pzWA
zBkP2otGIO<{r*RWn6cT1f93EJv2c(>8&nqmcK4Y6?@p{3m~3m{FM_7cK<jdNW*xMe
zc7MF^)fXNHRC;&12ZB4BS(=EzeDeN}G7t1>Gw@h#+MUnuAI*<Z#rrr9*z-5v8Ev#S
z3*dbJT&4gURmt6&zQL@7$P@Xf3rA_q-U>?z!#O|}(A<jtzF(9SHVAYk%9{;Xv`K3E
zWdCA<+C&CU-&s7C6l(B|544&+?X33U=F6-g|9$R(^-G~b=iT%p1JRxTqR$2+!{dd%
zqGI@px^D&8g$u}z`Wk{FvkB8rr=d&?l;zvU6{To3G%3P)#WWCWi5*@mb)7Ur?_em(
zceb5bDVp9vVZhXfm<BD<kljjaCs@Mbw;WMG4zDm|z~I3`I%nov1u}#iXh7&a_)o#q
zfz_SKmF%9$*Z5`=*|H2{LFJG7o%m_TThG%xV3zGo(PQQf890f0!t)lRxLovs-DhHD
zLtA878NO();HJg=6d2>V^Rr^2esh|!>L)`eCtS=Np!+(VsKKhl7VC7WU~m6k#(<+U
zu?C1+$O7#FHLYUC<G+f@g-P9PUG!~-aVziZxuK-70(e{rJbR(HVoo=#K3WdRL!yDG
z7}g_4=gX6^jTUW#{1*HdA2fMU1BsxIh4=XfMKs<KMNF+#xtX_zbW6z0=TPKq9d4Gx
zQ+?_YRW0i^7dSduq1qDG6!9B>YTp{!@Qu{lP}C~xyWKbuv;Rr&cguk1ucAQHLdjPi
zX5{%a3XcFj>-#<w3z~Tll?il|*uv#-&Z>@g`&f;$Wz!Fg6kdC@Sc6(d>ZqaN9iq`m
z0!x}|M-x)o$r;lRzWafERVMR`9&X28DS!!mN;-(Vm>zPTc$UE0d~euh)o=X_25_*V
zQJbM4%x`iJj+lYnUwP@c3BMBtnAIc*1NPfmzn2d<zgP@>Ya*r00QKgjPT2F>_-}x@
z^e1m>-A^1vFIr8-X4fOylN_;jR1#>QPQxY%nGr;ne_d9N1Rzu%$mi{$Dc&DE0Da3a
zrm4|fKf#*zgl|8k(M?So9Lg9OeL;Auh*q`(Kq1FrXYwvCI*_2DF>5XL`nQ+Dr)Fc(
zB@f~kSfAQtq}R*_;mH=84Zhq*qxm?tHrTQKV)44Lj>RAv>?uznW~lTdpQu!ep^gGh
zWamzDaQ@=6#8~4@NL;2lFfo9tn0pdtE|XGLWbo7J=;AosFNJcMhYb2YO_zr_`620P
zHnjA4?aU#-M!(;ty&DDkW#x*V4zARkCOW@iYr&n3@ip!+Jo5vB6esUc?A9RkOS0n^
z2A0?4A|DL}U5v>#!cqA_xD5uou*BDW4eFfysy0v@@>2L}zNx{l6D$lpKft9dMSXn1
zbYx=J@2H?dHcV%%Nr~=NZb9lkw27x7--r^3P-_RiH}xjs0)Pczj-Ss`jR!yHA?@nv
zbWOI^+R_5W-7P=#yN6&c5(GdCw3_d|Be<P=AGn}Oa&sij=0`ttgGVTbQHrG?57B<)
zKaZ*BFKqC3Q2eGl$=B`(Zlo9C_#zm-6dAdG>a#M2uJ6)%Pcw&ulVn?p5%~T9?y2i`
zV%(89tP5>TSTznHCH7i>x@>;}`MX4ZBs;2jM>vu(rw>#Ohy(ShVDbYlV7oD~wPWw0
zhDyeJyRhlDGcOpdf%QFX)P_<U{iL6em!8MUv>`+NzxAkI(5lMU0X2^7Z9GU`EMVus
z2*3Wf*IBtQ&q4@j_I!|v&#@iUvErDdCWMR2eH$>s=m6DR&y#MK>vgXNR1cC17DdsM
zkt7Qb0YeaoS>G3hH`R0;zR<`<PY@yZaWAq*RUhjC;YIhH3CzI+p}(=2_E{qYsKt;+
zNLukGDue3o`k_ep?`L^t(pyKC^VY21h24Z!(e=P)9{;X0N<6S`B9ZBzWqDnVaF8>$
zmqW1m;_>&$WA8VKTHuU7=uhPZ_cbxYZzxgekWIeK#MYN6Dy&y(#F-xAZ3e1zh7!5M
zT?(-5FIw?(KUQ(kJ12=dc{=2s;k7lR#7+C;0;wgt?_%a{s<nlV82@{9Nzl@&Jw}pR
z<~#<?dt<W&bv<9?PYHhW!^PH_l5}%_oA<p2QE5<5W9Uanjk-c+XlgU1gJzB7Isb`^
zYtg!J&1WMk#}0bjQ4Pu*k(&vivBwz%M+@Si%kP;!5MgM@65<*Jw+|rq?gHR=3?+8*
zDRI0+V5@qgUnhrFHzNw;=Nal4@_mUeAo!XD9enB)d~j|mgPlSzz_&5@@Y2J;V~9N|
z2xxXM7z9c*j!&zbihuUX<WqNWilWg7qpOBBbobN*am_S68a9;23s_(>3!V+B&h3wT
z+rDrNVWv8-EsOnx)XA^c?UNa65A!7Vp#q+b#6!JF`BncXr8MvK*u~b>1{p#oZDliV
zgJ!o{=gL3UC=iS^JRH@%^WUL@jS7WLa70SYP2Ht;PZCNQWcd(@lf39JO7Y1u+IhwT
zK8M<{o}%0wMk)|-)9ynuLupDM3A{SM5|+sM8_t5Q?yl8;faC}hAo$8e9L@N-9Swad
z-u`^KnT!Q>;hdk#u)lMrj~@n@&MfZ@1MTTpCk98~iGEN{r`{8|V>R7)##Ek2)1p*N
z&pa;=Wsl3#%N~qwCkv1RVXV3BIuBl!u^8E0+BQE}L;Ls2d6w`tP+CPydv1u5VKTSX
z1%7n6*`V2bpPV1Wb<`E0?JZux@BeG_2IYEmf%VLcZcDQBT@hlAA67v0V@?@a;#<9e
zpjhWp1b9~@55vSKRf)4CCKu9zm}v;h;z;3U>%CBK)yR4?XIlJ~SU^_8xTuEIr(^-~
z5g3CJh<iBwKjH;3`e(AHMl3m61AW<}*200B6W}xYKpN=O0?FfFKY*hF!-X0ykmX=#
zR>6pN_0G*l4PF!s<k0}x6le_OR3d-p`6gvJ^>-LhM9TJ7rH(b6GL@c1DzT<h022`j
zU?aROA*PXMS!ISL3a2i3i22+E(dN3iu$Y*}g34^OIjFb$rF%&m!{1*X{fO-6Lp?d|
zIU&p!gv}wVGEuj%BFv=^UwgmE69_*J#}pj>#4aaAxJGa>6LvY$3oHoJhX3N|UptrV
z@&mPqV-?014Y;eYgYWrcbMw!tNlUS+6x*xVV6x)Rli#8mrflohS2WAf?u;i6>xp+c
z|0U$mb?I3H{Z7JDvNz0X!Bu+2!g}w#5ReTH_w_tYB8fdF{|87lyjubtPRYq9JRw{M
zAc`9xLocBm(b78|lj2KNJarcT_23=!IQxE<1B9Ouxm^etX3mL57>T9K<uu26MZQ!z
zzZ@X@yHgqppivI+i5|x}$llc9*TClRKa-R&YD1EaS7`jRh5t4>`6S8qEQL<p-``dO
z=sAF0lxr;tyJ~L0j40|<GrFmqES*-ucYHbP+9Z1$=T=-7QLTt{E?=O|c-H-D;PWIK
z>PBw`hu1uB%R%}ecsW`<+P?+NI@gYf!!YM4Y3?S}Wo4O98(YFC@?0`NGiAv_w76%>
z*8F%|Vhs}+1wDXmo#!9bbwjV$m?l@Lz(Qij^uqE_(AXw`{SHQpPj>a6u2n*S+*UfP
z1%3Wmq#zGaBswy4MzQQ!(5uxO^2jBg<@_82#FN-uo;`?eSTqr?C#R*E)l!8y>QZQD
zHV)LN3=FMR{50H1y$}UKlRY?r42&E<I^7cE_b$7SVYE3;Y>Ns7G(>U9l@EeZM(5Sg
zE2)%{mW9#RfCP$19ku0XFh{q`l9Ec40TmxTvVgNL2qqaVg1EG|KfErS(Hd`7&fq;B
z@N$I!C1^dBIs-_>$xo~1yTdJZ6YwXvl3Ng24Wf+z){T6E`$6p1>GLQDI5gA5+eWS2
zWpW=Tjr2+Wh216)*3tRzW-@`@j}ML0I<EI?KP7DssW1%pM?CDt$O>skXnB^90Khs?
zK}0%*_L6M8kNB7clV9<aux}uT@pR@sxl9L~xtWp*mW0l2vj*RK<f~-f*Roeeuaf65
zI3>~56QyEl=QYQBB_~Y&;ampliDHxUeRHd+@HEoP^4h2$IyuX6DoEN`)McI`48LN<
z9X;)?Qa`WaMikI1OIeJ>Bz<NeZ;$L{rg80l!Gm|k$>X_r0X7iDvp7V10$3yk%vbgv
zm0w{=y6m*C84$y&8TTqbVtZ5ONJKiuUC^dGwa1N2@os=4j=phxCF^B=$`!nF+cU2O
z_2m+yohS|C7~CU>s%~$D1TkN$_s0w_>?Sv;mkOnHdd(M;9#l3y*OMYwqOu?_H3>O(
zw!7qv0k?yX7or2#lpyH)z28+)<(6$(WBmao2e`(+;?yF314o<7rF#8y_^>*->3uVO
z>lICxIaCziL^yXF#<nMnIy|y(&t_MV^`?3+M_7S{oDYj^8h@Yx3Hhjl^>aL&3+CPZ
zn{Z}F-q$eB?hi+YZcX9Al7c~FXcHW4PI4*Bj7x-?bOE1Je;OCdg`^|g4>lSEY8&^W
zia_%hS<&%2GP%`L>?}Y5?fiQyRN}0lq1`a{I6)CUi}itR3!qM<k;kgVd2SG@*a&w%
z_2DL62H8Ts9=e$lV!PQqC}i7BPkyg2N0)S=e$CC(u-)_!*81B%R|M&1q9_gjs`|dJ
zP~@v>?0eru@{g5%)|ylafX;9C0%O7|U~<pGA^;jP5|xr$Pp^r)4nI8P&{b3QEgOc#
zvjM=>nAKlkn4?~KI7EYF-o&rURwF2)mybfS_)vSe9B7ve3U2zJHLVA<2u=s^HlsC0
z@Jl?!sW@`UX4!9!lv%T$OtyvNGQqi|qOH}ObcukJmer!hP_TkpJlNfTnWhl~zp|Gx
zU~(ksrka>7;CKP$NKmk4F1tCYboCCBZ)DW5Ny*d>;fQk>8!rV7yothq&lKn<#Dy(O
z^NcOwrbD+ci3Eb*R7fYTJ!qJLqF5+;FDBk8d)Z-tSkUK=&N0`+n-MxJ1NsZH=k`(b
zRE*qOXBq2<3yM7Cm?Mc-L6O82Ny*6QEiv(Mc|CL2bVFxvm#<(Zr>KKzpsvk%+uH^^
zqbDf%176kpSm*}X{D~k)xqN8tRTxhrixJ26JAUPN1p?knxy(8iYYS!X13k9@&3b%G
z*cb=OGR&`Dbs?SY0S+$*Jq4djER9sYow{{ZY@?y(u-UqV<IS_RFsKrblW@+q7w$ow
zF7L(wfU^Xe+4+cd#FkOp{%%5Dk>MwswK&Zk8#Ae;VlL@ifV>(<qkJRGgYWgymi04F
zLU3pOMI6g1kA+<r@^+7f3GZm5W2;6kGXMgfu-5|1f_i_bzg-lz3lDSMcpkBs9_|~2
zk{0y_O)wU04?WVW*P&+2R(jgDzxVDD6tI$=6E^oNK}+kTG|sFyHw?Kt5Zs@O#qqPf
zB+6_`UbB8S8Dsf(0=_5&6ev1EfVZ)%6Z2e(Dg`+O`H-PFK3_7gi!%nwY4z%r;_Mk$
zP44z|f>V@{s43gaJ`%AYh$o)riV&Xjm)zSo>FwIl>7o^DOf*K%T~P^8AbioW^YKzY
zW6j+ep@`yFIt7SuQlIN5Oaba+so8SSb`N>T5lDD5A2#GiA=pBx**0#&ujn!v1=!?j
z?{{}&*x>*`#IdHn2qFeY!PwFBzZZJ^Rv$h=<>xkKEQ-}^I@UbR(a|ZtFe+x58KB*9
zq4g%N2%Lw%er4b{nYaXn>Sau=vJ5O2te7UW3<&a}W6~4P!OX}SkM8kRlu7H&6iULV
z2sC_De_3^&k40r8;@Dob*W?l+xHmQEi9H%rdG4RgoSg~bK9r>@Bw4}VB}ToT^QF3Q
zk2$VS6eBi?M^1|GcKwt+{W|^$pq|+Hp+bh7-6`uM>Ng52z2d+QW<^;<x0;$I`lcG2
z?uR|0g1;i6fX-ZH7xZ$ASzO7y%iC(b9JwThGSq|FPqzl_5#+063E&%)uEoT`-H<L&
z%z-*K9xf!8ImuoJA7*Ew`!Gl?5Bdj3{*;AX)xXo%)7)3hk!mZ9^JTI-Z}>^YgfujE
zH-87=74dn%=)CSzf-DOmkg3L|CTDwr)}WUD`Sp-aEvD7>${pU4#Gm1vr3op?*v&xy
z3})AQGDY<el&r)uW@?FH0S$km4qJ_`ExG|=J>U!M817BoGISP)4baf^ye`n>EkrB(
z4|qxD-Z=(-8^nqsd8rU<49v@K?3VwAT^7D*XIiQzz0G&6kIP0sgW~iOy2hPC6DT>{
zP||;o)*&j?>H)Y2P&2qn9cwerZD7AT>~pM-?Im2Q$GEq4lCiEqY}!N<^NouRgB+(=
zQo(uj9p6;GN<L^TbHO(Rj%lnJoWCJ{KIR1D6No0@X9S6EDKuo0Pey`EyB_c04+v%o
zFiUDoGkhldO1(;a03w`e2E1VI#uQIP8SEmP_lTdGP(}<8H7@vmujSYhsoOnsIl^}h
zFYP*&5D`ob5x!q%x#U2V{4n5aI9}A~wG!5b8TQ68vx}(wzh5%>DAK;T!2LL(WreU~
zgtW9S^}^sJ_-@T6gI7rCS0Y^^_*UgSUCMfZ3|EW$SYlFi80AWmKtvlBNXG(2Np!cW
zX@jvyj4b%K3aiSxuiCiFiqJsITxmu+?=hh{a|=j7K6KDYO%U?aRJeVGvo)-CPzU)p
zmr<RZNsN|9r=%)GfXqJ#Tt0<?!Y8}qsU0IA<xq~rHh4p+hS18FO=U1`MB21WN-w7|
z#1tzCD!qJI(>F}ctGDEWJOKOZqY7?$@$qoP@t#ia?Xj^1BC!CIs|~5H^tL}D)^sSL
zt>XALs&{pQ^Z@JNvdT?ARmo_R$Hok$f`=`-iDvknITDVi*q}A&Ckup1nZcPOP+3R}
z+OvvDGCu|rIdWf{(Gc%Nl*9+%W`|}9XT4BGBqBo@GMj)#wG^E(tj?@OY4EAvu&SBJ
z&9zL?jWg*R%JR&fB2ySyobve$PVpA{KB~3ob5*~}ek3(DDr4-PAr^aGA@@o|G#V{K
z2md6l6(*Oq_L%;kw8?+5!_tsn;hh+dNRLWkzEta@?DZ1G%X%2Q+51Ww<KG6gw=ZL5
z4sZVh+65EOtS=FF!5K8lnj8OG!(=iZCPwZlNil)VMKT^)RpqFJp+G^rPU5Pb^bU0-
z#>>Wn*%gB;yRPO8QnXC(1}p#BSb?ID9W)sHyo5|<XNM^(ZJV`Pm_P};BSfRYA$_|l
z&C*fT<9zFEwset=tJTB)n*};nSJlc2@pt!Phy$>2x`iChqwyVi>w1JnNnyEQ@-8Rw
zawi5d;qo-h>=+9&J+=-UXsrVyq?@=-0x)A}V=*D*X}`UnZ}z2=sip@04BON30HxTz
z0`((&ogk>dd@zua_0faKyX8TL3J?yguS}+XBf=c%a8g^mW+^O^hxpH2_CZq|uH&x|
zz}Wr~(kgtoo;~++q`<6JApC^z9=hB<*Vi|u;h)`CYZSR^j&2ymN9<kiubg=JQyrm-
zZQX5z@&?ATQ{|b!;upM7X%;>(5|Qa+KV!kkxJpc}tRi7+rdwuu#GECB0unbQFpE!g
zH2VVKm7@`(3wnG2qdH+^FENV;F`4?E5U_JNseDj!#HeP@Su!<63@uQ!WNjkGPwo1Z
zAox&f`HiT8uRUYsNh^+vn~s{mZ_wrJ8<G6%OExO3aO~QpQw6nHcbWv7i?pk*2hRwl
zue=<=?LXbbRRX#IK0BAe8_01tdt%%z4KziiCW?0P3=|8*=AM@GSFbSX$dAjbx?*ND
zE}xBRh_6V&dVc1rE45UarF!Wr)JU`-7U}e8TSp`^U3~Nv&miM5QCB5U4?8W)NmsJ&
z2LyV60KDplrgNz^oyizc3!#M>)$sIc;MyAVTa6S@L!vMyFStT&A&eEr)ULYNFMHIg
zAreWpw4W8!kD!blYk3o}XC%-*?aMRSKkA%s$;QLSpQE5<Z8TrT25n#Os#zS$zVpjg
zCv#!fO$(iXl1QgP46&hj8Vz7H*Qu=x7X<p2W|o_p_uqG`n9~LzmnUMIAq_=osS?(j
z<)4%19($C6eR%T~Lxx=RiXiKDn?!{Jm@6Iyc@?->{KmgT%g7T)j66GxA_PCGB>x}v
zcAR9iP=*!qx#C?ef<m!+Uos3u33qB*E1P2ei0p1)^e)Wy;;lt4AVoOBr{##jkFoz3
z`j28@E#?M8YTSk0rhzx<VPJodexn8wz^+3xS`f-6=&1XF1DTro){RuSv5o8)trS_Y
zGxLJrUDJ#Z4_OoR&%@W&CT|~KP-dHlOX@kAroNm{l)(-|XH_HZzMVRR>QUfhvEK<H
zw0|Nu7`>jz&CM(adm1U<dNjX9rcl*A`KIYO_JUJ-uqz&zNt-xNc{pklqDprk)-Hps
zTBG296|;gLegNNX6rGt2+1zt7<QV{&H$vzm!zdlIETHLQ%Vf|!@B;V}I&&p{*0T63
zc%<d=ThTkd#nKX=aX83RxJx56l$AnoBPnG=+$qQ1WY_D}kJ;2d3eQZ(XgTqz1sE{X
z0lTr!Mg_JY1WZCI_!uEsQ#C@mYx)}6BS25pdkV^>)k!;;`El-*3<~<5=0m%gQ-!dR
z3F#2YIy&0(y|$|F){P>Ou4ptIOY-uUbdv76pvNeO2hw#4n8!qf34(ae)iI_ReE=rq
zZ$^E?_3>);kHwXdxZAquq9s@suk84FQ5iF#3aCKFt3^yR!qJ#_sZtpd8RC~-ka^50
z*V@QDY<A2z*LY*IizC>fF^aK=-S{i1a3LB8J7`xbU`}WGvF51K@lUWn99oy>-#AaL
zQ}Lp%%Ht@`&(1$n<hk6>u7Ge)iu!zT$6b$mWaPjfP+LL|Uv=B+s1M_pGpP|o(DUSa
zk0<=`bKByXjFhgbxM9n3aB54*lSo-cw#VNFHnH9UYjM5p!*`x=3VQ?5mGK*yEN|rO
zeywkf%_9f=#4yU05ZoBIg5j?v0WgWL=Y*z8T&mEZQ#ofW9fCg><H52i2vevJ1E6Xq
z51BJratG6rB}IubK>1I@Y$9&@XS#g7ZR&~Rk7l|0A8%n-pIi}HUON+oO2R>pyFakO
zU_9~zVisFnVEacO+%r^`^m5fy1#;-Z>P@e#kV|7^@A?R-E=0cC(5lMvgvy*a5ES$$
zMYJMx=IjS#<UjYrF&5fzWI=u$KmP<1Cm(_1sWE|UgvMFjwmJ8>a{@fFzf$kdJ&}A&
z@Y|fM5)$&OU2~E8*24R3_KT8+sfo@!)KBvjoTX>Vr>5<pPzaNSU7dZ8-6l#qMIYy7
zg+;(Gto^a)wCusbV&F6r`phLsYV<qVU`D=M;M+c$72x_eS_j|e4=R<g$h^|J!CDJe
z?}Npn1?)Hw1n14L@<PjYg#d`VH${5Pps-kQoN1|*U6+>CoEJD9OhHgmH&p#kdv*4{
z(JhY_SIWe|FFXtTx{~W74s||UPnlm`D7#(@+elryR8b&~bR<tWhq)n?D#!q^s)tjR
z;Oiirn7DHCM0>_D(60ixGz1`^0RtDK8Ps4yUx^k5gb#SqM%%A0?N=@80f@@Z{U98V
zk|wF@q1O#bsw)m|8k6#i=<V7I@p!p2hAqyIiy^$MDOLYZs;r{y^^Fvd+wRLapC<nA
zXRzKEVM;}q&5~SBJnnp@U(9o#-1u&`UN)Jf+-?!n2Eeib42)NP5UY11m~ZBom%M)M
zJ&K|_&h#AV!QvOCv;1U)@#Mn1!jx~($apkPYQUpq3h`kuPoTILgO>()&9g{KPShM{
z6@tie<(^_!UD(&)hI^5=^-V%F0WMYDD1t3eEhZ)JBoe0(tgEgyG>(MY-#tz@a@|Lr
zj*I#=9aHO%on@kG{X|nw-aK*M^}H$0%DY!_9lid)dlhKx`MbH8i~q{e4&ay5i7p5>
zTjle-g{};`YFhH21u>FQI?YuPS1rjfw&9+*bpL(d7Fr8SGOcoyGtYVVoiO7lcQ+q@
z5OTLORp<WsN>$<C0B>+Bt4}=pprDp`g7SH=9li>31Wn3Pv|1C%hzVM#Q*Ppfr{iGF
zZHOm-2imf2Jm#(8_Ee{upzFQlzHU=dC$FTm*eU8`&fYrQ%XIDhZd))Y)>VSZL|ktu
zTIU^wLf#8T+P&^Ncp;ALb0`H_J%i2_B|%BjdJke^!>Y;~44}y9=K7In*EoC?Oxe&E
z0&%MX?P;qweznoXBc34@TT**t`5hQyV_C{H8cAzHoVOLp{y@><PqyAG7|{M@kgNcK
z>ot#Y=PYjU1E3v=yk?kU5wRygHO1Z`6Pa!ISYZhB{P(HGpf*0)hf~2o#8jG2m`;3;
zGEk7_mj2feN4_c^t<l7T6HmBNet3qAD?;W`W)sEl5Bd)tvInoGqzZZ2n(^5)ZInsQ
z17Cmfh>(6UqnL(`h}JJ1j_Ru_{D#R5WKNF=L!#LjF|+#bgjxyB(F@L(vkpp;Ek{}L
zroKPUhK^YA{XTWCkdc(~VV>q$RY;p6mP-@QDd>MqP@nBZiBxIKF!gvAbjib8Wq1yj
zBHU&E8{%_U)G>t->_jl|*8xc?C;RJSb+75Ejo*t5Tyyd9Dh2*Zy`CMB?ZXeir`~yZ
z5x8sy=avgBhHs5zIT@B8JP~b@WL8#fQYmEFWVihN#DC}d@67~PWhV-x?E`X=IL;Gb
zWmWL-+?15Cup=w07>;o}?K7-cBEM4-L9t3WTz0hOo7NoUC{FhNmY7x%%n}}N0Bf)c
z|7#GVz>8+X*Rz@wZD#mN#PiA2ICYYFvNA0yMGD8MWILZrw2#;B8(o!cy#9_sXENq8
zFr$0zNOcOSx9Zcgez4Ga(1z<aN@BiaE2QxFFG1CYr1T7utRr#WtFaGaz*>xwj7jM4
zO>bvq=sV4=Ks1237)iNDb8S0(c{tp&G+4?hpU}=SQH3(lVgi1cu`wFqNp;dTqSU7R
zswNr_lx=cPlch#Q?o1aY&UiMweu_Fsvgq@yz;9C}W51bp)o7xdiIn~dF7K{%S<!S>
zP149X!X}2X*_WYgni6Q89Z`!+Ea~_sUe(JwuX#GXo4_@|Ql_!xt=gwfaQp~FJN%)-
zbx7(!)PtY;;Di_<{^{a*Oa1IL4hucu4v#WP`2!N1qQ+4eWTo0_J;FXf)fI?^0Xc7%
z7>M_poBQzOQPfegv;eJiwq>u>2(tMb5z6ckb8lR|bUO|UC;6=ORa|;%Vy+}l=y%NM
z^er;C3f3Vx?7a=YQiFvuo&vtj4{-^4yM^$s@6$c(5Tp=m3aucU#@{@V=LBV|QDx_}
z2$r!Y+{_l?7r#M8o}~&AAd%U0pbRNVQd3f^lE@T)5z^=hco>E<J$*UI>8Jl_l})_p
zHm$&7KH9{0*o+G(x8Kk>v4L?%gOkKaN1BE9Aa$WUi1-ROiI<h}(Nx;_mQW<!s37{D
z1N|X>59)MsYf72c^8n~Q-Sr`?w!ZTuWVyQr)9vT!cIA|MS2D|~isvbsA+}JGk+nn`
z4MX44$edAZ=3%t~Q?3wKLZDw}Y6K=mLk@OEOSc^)`Y;8i5tM&`z7xc*LUxj1>rJ`L
zWc*_c9^hoks*TBjPNvJoL$JvnXMlx?%+~@n@bE|#EGFF*Sa;MBag>u*!Ze$y&bY~H
z07F2$zeD{FZ^eO&X3VNMw8ex-B8TG~X~>(9&dVK_W`7O%h3u9W%(f8BHp^0|LeyA;
z(bAk-B|EUmYLsr$`?jVGR1o`1zOSEk^H&-=nA@A(7ekPUlu^VI^<DZPiaS1;zp2kI
zkjd(Oj=WbljP(Er8s-0a?rAqDQ6NKfhg=6-xZsd}oj`h~9rYUzWK9vPF4~EH_9Fur
znCQO>Sw0c4nt=R`=HAC87Ma^|Qm7E74J5c=gy`<mJ)3@L>?v7XLIre#Qk=?J5M){E
zpl9GO_uzfxQUUR$?&8_r_w+>jC98#ov&&dBeiOlpi#|RgK7jPl7wdwuH8M=xDA?gv
zS`sX<wC_~~ob%c>J__5BkfzY+`F94UcnZEi9Hwwqe8<=&%zofi${?I0jGjch+`9AV
zytu>#p#-h4XJ~s95|vnx8Ev6R%838rjQyUpWO`iLUCtH%M%da|?dLYFi1kXP2wc<G
zV`hdUW|P_zEiuMn6kG|gjsDv9`a|`gy$;18AI|lh1bcj%^onj@IYrO4Ey%FXe?Or_
zT>TMT@x*{}iDThVsKjYER;@W%=;w+e7+mLN&554E6zQsMhl`dIqI?=8AjA%(NLl7c
z7rpaU>sQ#m@?VQZX)cjucfb1aF|_a$Ypn2P(ZWBL*Q;m{N}Zhg&Jgcp;iMrCV){*z
zbpmXcvBmazQ*oJ!A6*gikfBF%Ll!anQ7DwC`2-mDR4w2mtFMnGbADovy&d)N9)>XA
zMDQ-)!TB6fJEbnYg<LTe>l@boS}M&_oE2_MDm<wT8wwBgvV<$CJt>dfpt4W+um+OU
zJN1D8%^+x3>C5MKjVQiWrboDX*x#n@i%|!PrA`*t<1<iHl9-pwa=Wuv!r;%@p?m%<
zVY}gYtq69Y9b8covU*IVf*_LL!OjD3)L#0>`C7b;N}|B*)+}NNmru$>7Wn^fa3~h1
zVT_sbF?mHW-481G5KL_8TO%ysZo7pz5mNVEiW}GQw0^MqIb#X-CvlQ^Odwi*6`a>)
zUg?5yUL~NBhf(_6neS^>5y*Lc%8^m=ZNX9FYWE47oUu$jnI?A3pG~5F{llEOdxjV%
zpQc}BV2Tp9#&%rC-VnU@A4qJoN5|`WxBct0${;s^S`SM4O@f>nV+)C)Fh#<&Z4l=l
z0Du=_DwoCMG(LT#2PGz*&rb%|H^}JiZSGdE7ih$&ejiu1M)YsgH}e3k$mxxnyX%mA
zPhK@o<L5+Ql#|@>?}UVe{J{?g(W@5@I`}s;bLr{LXL1(cXCbgj>KQ>7+2Og$tx}P}
zekm~>P8w@!uqt9nwY9tBaD-%TRH=Lf<6<jo2GUG76D4f(p52(WVNRSJvhn3JG{Puf
z)-VfEqHoR`al&wDrQqG+gq0x{c|~i#zi0W^CkO-)psVvWARHpboUok~d@@aOx}bF}
z4f=X*>tzSPaP_P=D=ozo*6BSIW0-di4CX@$#~4lz-`)t-H~{rRV3JVQX4o@1@+sou
zl30kkoSF>RTft(MwO6)YYf4>IU=p<d1y5f{ct*jG`fgmCFs>h|oOli{^#-d}hSNA)
zlOru{ce_40U@j-8jmeh`op&1(kDsVb|L94S&6+WBAvTF2nn%j9m)@?8U55_*m=XM0
zO1*v4WVB)UDe9v#=_bi^>I(u$VY&%SrP5=gGKZ<e(Qc+*L)1`ITC49ks!789IjCQK
zcE7wr+SJuv58naIjko!~vt^)Vla4c(07i|}6D#!zhQ{uCEruH(FT5d+W~c>n>*^n|
zkpRCBVm-Gw8KN?V1t1DLB0#}hFNv$~r%Zjv0hU;2tB;H9?g@}CH`j~k2TbkQ+nj^~
zp%nR9e|@F^`^~J?74Kw>W#MmNZA(>Ge!I9yTI`-ec^Xr~yg-x~C)+;riIz@`=(^)^
zKHDd=?&1bbLa`<J^C7P4fth|@p`>Si5lW1sV;>-2P)zhEmivO3VH|?}K8htQqNVPr
zRu>G)>90)~qZc^^2ORbYFtFewBm4d99EDS$NmXiY$kVwU*lSu`q2=YO={8AaSBye-
zRHsV>*U6vg-UQ?H147zeJ+?F9O>iqLKF80sm0;>vWGI`{fF<qkff!~?6^4g;18A}n
zmX{#gUb^km2qMX<bUjCGF~eALw|nid1wrs%2iDv18!Ks`ltI%v+Xafz=A70e%!qN-
zLnT?pYAdg*l>%rskMyTN`6ZDUIAjsTIE?fRKsq;WAniAK+uxL`0PvV0<yYfK@<#DU
zJ2l<q1B|s(^E$}FUG>d^#DS1GcwF_^nJgKq;Bw>SmAf{pxQn|<^NAC4GTWD}lu#bo
z<|`Z^K-vi;7%Z|U4RU8x)c<+M%a{~ow@a}jeBIbHmceYp&gwFey7WVT+y(c6v(l%x
zRJr)Kv}PIkf5e-@;bbZ1WJS%!q-kG}1B2`Rr<_{7@>2H;W(lZ_t`si3iW<UL3W#l&
zWp_mvF6X{+=?_k;&b84#;g8M37mH&a@nyn%{==@9R@WgTxMIHW5nbCdf4**36WM+A
zf3Z$1B+Yx665~yBmeQ!j+LKuc?V~pHbn@rla0QwjNb7%}DoN1AsGc!6QMHTL46QT!
z&Y0UE4jlrMBe(ZVt0j06*aIaMt?BK={MCLX+(`S_QwWPIw<K-DGAU}C0wSPGG3f?q
zLKi^$XY=&rw;S|lK=&h`+sk#ib485}(LF!dftIB<lUu_K?}**~!>Mvm^{CJKkUAR~
z9PCW=VH8;8SS8~6al8<&<r*gHPhn8Rc8uEUdca+gbVymN>&y_vM;w=6`jP>Swa7UP
zCGp=~hWg6=MHcDS3#uaZ=?5d(FgKPS`SLd(C=hPc4_Or<f~=L78^$IH7Ep@WTDxrd
z*7S&e@bZn5imdGn#t)4S{k%fgDxLo*GAKVk*+gCK93p)<QubR06n6UIEOI3=%Xloe
z7zQP-0H`hp!MCEnhOvI_YRKK1c7B|+EUG9`gcG|2N>Zq|+v%k!t6@ro{nDObX4G9v
zF|-N>*YjI8qW3k;lM{DpckVHEFZ$7FEBU}m81{-=!{aoNPLjq^47OX&{+U}zHiaP%
zQZ5TnN&zKVV(7srj1z&mvI^`<mC-|h(Ij*Dm|dwBmz+4)7>R71FT0b@5n%g+WXb<J
z56wR@k3Gg>wci8?P=ar`UnGM`_Xb#YXl?dYubQJ%78m!P{1$&i(KPCNu2=m*@YO*9
zAUCN7GSP9_KUw=|XcOV$&G919u11dYrLjo6%guSW_epGxd7|Im2fq^_l%b#8(ujSn
zB#nSv#ga;W&!tSXQ&Ifk^i}c0GAR(QDcF^lu95K19>BH$@~uIV#9dGUMaX_Kj3An1
z0a)tXnZ^rT4ZJ9U_<|&jShEQ^JO04cJ^+=+1s#@aZ?JH02}>6ZgM6&1OL#x*UZQdf
zj%g9S8vdb-&b0Rm2{d9|Acm`2glz3XG6u%P18(BvzM?<y7`%~oAg*y%>P4CR>4<bU
zLJ{<sC+SBTT4#BWEvBQB+zP{~nijQ=i|lsPsnEqR>WVa7E;9gIe7~vV^rc-&Z{L7u
zaK~bVxBL4T8MBIenq|U!*Uq$dR8yPOmZ-n}FI#;T5ib%ljB0ACxxuSvmh=DV6t#RQ
z&q7jw#jjsHPFixzSKpY-%*HV1=LLBfXDC?@jbWaUQhwg`uYv^NFsddi<emnLznLD+
zE+@v3eKQlLH(c+l@4?08Y9kn`JyI2NR$k~Su>CCNXAP?|DEe}_zalFeWZs#H!Z4}Q
z-h1fj9)1?MB$j)yNt=|mst-}9wjxl;b%G3uN#gJz_Wt0BK+jEnej+Gp|3cA#3_L{^
zyF=kZ!Mk^fC}QRiJgP8qO#{=F+2MWqpo7vBM&U`lxxvAK?%7xcv;Cq1e3B;}F>wAJ
zLJWo{QU6F?!dG&P$0n)NI>+J$YIh!%{3*@cmEik=#BB~6|96jk;>{ZgDrHH|`{~dt
zP^SpZZhz(NuJX>R<&QB2JH&9RNEhLL(Qv5xG9eYM3QmwJ*Eo}{O4u`8m`%+~vPG}k
z7T#w%h1$Q7z1lqFXBahH49^znwDPn-eNkngMn`Um90A6J4^JH)EuB)GHe75`i6C2-
z$V+sWls~-)#3~r3`b8RM^cxLv$SoF|RZk(0g6w<~0ea44-lAVZXX0<3>^riRH7PCw
zLW+HtQ)ijC+nG;VfHPwAq(+AP7M(`01>+a0y2B%f<hY2F6W<R1HTM9k7ke>Wq&Ul4
z8;!xq*nF<j(EM{@^7Cqu<%{OOTpiJzj}@8O-|0uSH<>cv-i5i$dJ6uG-x<XQFa|LA
zsOLG#I_%zl;!t#XT|!IQ9b#HF92(R)KkuAl6&Rtmv|Pd{ZRp0Bl~K?RyLlNf)t&>$
z#x(vLzh~u4^JNA32m5e@^#rFRQY!wUvnzX^tY3;asu(`b0Epj~g0~n!k2-$fPSe!u
z?7z5kPz*}1R_Oy*6f7zDk)&r>{4o(kHF5rZr<n*g6S#zPM6NJ%OS;Q0wm#H_V{K6N
z<81b6=ZM`C_Wj#Iq$((zZS~fc<G4m$vDAZAaY{lLTsUGsuDDTZ3hiOgB6Z9vb2~#q
z48d5YTN9NWsV*Qeb~8s0FI2-FQlLtF(sksBV&OV4SeV7u=tIX^r)r+Y1&k0O9aoap
z_TLZfT>?t(KEumAgfSegC??`b$KnNaW}L{$_;lW4KmdS0lzPY7YA@^#09w#<00xFg
zKonYVY~TOOW5{LV;i6l2sULQ6n8uC_6=*p6cu<$SsTs1JFLphM(~f?l!(mkYg%j1o
zR5w+~3Ub{!-FC8R-%OPkCL#?YZ!z`zjNk}xBJu^HV9}qRllHbwK-sK+<B;klS075K
z(VaRsw^Qx~CPav?&tbgw)-Gq*#l#=KJytTmT?(sc`n-PI@emY4CAhWPcF~MwmGbqp
zV8$u2&eZPX)(pecTaQHGmYv5o(Ocz5W{YS8*J~gig*?BfQGNUT?3dPEXK?7%%aAiB
z8`R^i&n1rCFMw3^1>R-^Iy_mW&R&+S$!igntk#5+g1AA0(}_?`nZUdf`7J>$jSb#|
zi&Q+I6HSH3k=d0%2aGo*Y<qZyp=0ODY?+>iN3S)aWWI|-`qOB7R94Vbyo|W-OE4IX
zion$G%Wt{ROth@awqVqX$hSCg`o*`y|Ke5>Nyd(=A|uk{Dg#+&NtaE|diIA^Are$D
z69-$(MoHmVMx2X#YdZwN<TNRV3SXTHFL;wL=v%5rmrMjZsKmrOV^%k+64(xdjDZjY
zZzO;&Vy+uVCCs{^JUpC4ooReRdFc^xrJ)afWAQ#}f+ruDIqb3h_YKW~1;v|@Wab=%
z3wt)n25d1e<pP~Cvv{F`IIWbADg#0_N05>7%>eM=!|VfB>MRF6hJ9sW)Pg^Yj3LIl
z{A<V$aM5+~Pq_8Z=_2Q0uL}a2e2+QUb4Fz&p3(G;F0U$Zzgz02-<h@V*!sb@z9xjc
zXK(J)Z81Ry4%Eh<t~@~BmQM4HZ79*p8KE|=-&G4EUi4_w7~}`Dc|>&lx6geZ;QyEP
z+aU3Agoo(fUi<8M?oMEcZ_M7#BL7q;gVsVH4a>g&W{jna4OS+~bui?M{R8*cO+0!1
zUqof$$TmCuIMawv%=ce0+}nIJHa#|RsA6%|+Xe<mfDJjD-{sHxS6gZQ)!jtD+NB22
zZ<q*YW7?p40=EAKLS2tpPQ1wjL|q}#rjFP<ik~ePp0`_eAf1RTE6y~YK_`mORBh4*
z0TC4{Qf^-X4zW3@YHmNnwF@q}eKKem5l3#w?3X`ObuxZgl1c>92C<X*sG6C@B<YJ5
z!RG=T_lLJ!VSPl<7R#=|SM=sr6MO#xjITVx^}S~Nd0J)Yx=lv#(9O_q%<|Xst|Asn
zZBphhV+|0R!9zm#1d+e#Qd?gVr{-T4bCDnP!Vr7*%U3?ljUFchO4s{k`QgB;W!c~8
z!&Ppzs3BTNk6>rC^_s?JBnOlX%SPUe-@_{@a&c2yFUw4LBKM=Fv2;Yq>%LhUTUezn
zx~=JB29C!^U`R3aiF}2%chclb!JRqQYr{W5dck3Uu!GTF8lM%mQC0|e2biPD`yOn)
z3=u1g*4&!t(zXAhSeoC#+}?R+R<1GNOzP4=6wQeqY;wNO@S3okLD*nc9azwJCh%@w
zriH>M;zuzs-UhoLYtfoRm|Mqa+YngX1=AXIYiXL&Bh&sM)@>@ih7v|8jp@Pczwubm
z{VAiwjgq>Y6tbo3x}N);Y;wF#dN+CE?6AoEQo5}mLa#?JpUxo;r`vXe8F4VZ>w3v5
zCFg^Jz2E)_?y0DPo%jDUK*!a7ASvIs{2@@MR;<9J3SvDujp<&gp*r;64?`ex7gdmA
zgIJb-TfSiN%paF?8Wl5-{S-loHG^#O^A2?wvpyIxFHL<{=kRVFFv>@Q+q2jB2$P&%
zTH3JU)uFy`QLgT<`+J#_$F73&c6hH3)IpVXf8ErY7K$eRYS_>UB%|Sn#zBqj?kvSy
z*uqeCHW4q^0USm7^|Qhb^{)H$hTt{1`-zN@=0Cy@t#ofeU$po=x{haDA)_?k=^J4)
zR&`Ijk<w+dl;@=X*kW1tUo1**y^ON#lK2SwyGThx{nd;5#ZdK*-D=;X$C$n8M_k1v
zAg&?o=^#0?Y1U2@wcy96G1$OL+j(-H16U=z6*nJrZy--LC0c_i9@BeN<rd8obRzJd
zB<<jkFn(m1m_~8--*YBYe0?!~k~})QW1Nb*6Lr>Cc2~o}0ScFSh48jOsceXY_;XuO
zpD~M~O7XQett=JtH;#N>toJr5dHJhP6m8t-kxdJnsna7_o~w^;J5jSKGZ`UkHq%zm
ze1Le_hbdB%8{n*+=ajno_IGbTaq)FZw+LpS@_WrzZ%GCIF5eBqr_Kbo4*Y8^QV@;;
zEClGPkRyV9&MXINWmkMW^0h+91K}QdL$qT+q=(#nM4CKSvhaiIbH6N^QR(BxL)0)6
z7@J4a%4QY_NIH>xg<iX4|56r@qVVe%*LL-Y$mUEtp1v9Z6v}(SVQ(WrP>N^v#rL7g
z8vaH}Y^QK(qI;UJAYxK&6A`SIPU4&u?$UlVNF)17TAsLNoJKvme}7xz8WF0MIMsL1
zKDFAI@Z#r}gcO5v;|^vbs4Bj&BB={)N&qxl2<b@e&Y#$bXl`7GC68M_ki#9w&dbFs
zWUN~7aSD7?BvjNf%XDJ<oPhu?Cej^3M+EBdp?#r9cv5A7+CWxthSDu`NxE|Y6o|bP
zp4faBMV^8ZUdk9VNdwc`IJh}0KbLP(2d6^_O0t#MA(hGqHT>00b>mQjy*|QBd{|KQ
za4h6PRJBlM%1?w<aj>a*iHFCOe(dLl%qt-I(x`hY3;0uToj?MM)=gh^k)*16K4h@P
zmV5fX8UH%zR!pXX?P8mo;Z1B!X)j%86ZjR$+{OS^a$)=tW^RDK!CJzeL-OIR*>j>U
zAU(QKY&mX2kFRm??^nR~Y~%J77*ENQ^ZBR(aL=~`U(TLmvjcT!b2jQ~Rzzg1Qe?|)
zpjCcxI`26ftjj5DdEP{k7>59txj45je=3v(j0Dwq2RWMqSsi7M-XKhC?YSWUAFo>T
zgGpm^fCZU;Y`hh`IioGu76JQP1FzwiY(DsnGo8*Jw8KD*bEmbmr2zc8V^c!BP=a2R
z!U0s0b+giRg3WS~Z=ke2oiO7NqmxVoA_=QUeDZI&6QNj%W11cBU%PH;k;0Ml%_$lu
zz4>ttBnq|q#tdo7lstz*=8>$V3|xM!n!TW&Xp)x^XMEOYa1Rr<p#Q{_gknc8$+dj)
zdSV|ZcOsY->%sURfo0Y(;f9wBrakeC)}GY3dVuXsB_<eCw%8(al-dpCN{)|&jfCGm
zXtVL*x&`wHj}D+zwAS2x%Ci;mi?P$r4?tO$kNfc|<_XSzks{L+EZ=MXUi!qZAb8h)
z;O{Z}Sg8NVyWVV16KmTCumD5y^mt9SGDQznSFJ||NnBn+24Xf>%y6sh1q>W^miPJI
z274d2@d%(sC|x4P$sw%=`Ku2V3Lt$4hYYdCVa;AyFV!P@4-^`(g?gB8%Et>1x-yK=
z*JZ>1J1t$b=vL74)T{TF77}2rb<Y5;G=)Ql&-o6YV~r=fmk>%#b(eu)3tixMB!)4`
z+x?W^?E78n1Y(!C;5AE>+F7O#ne!qtjy=-A8d6ibWIk4d=ne5tj0!9*(p<<5j@$}q
zu~FNuHM8q}K2pDloYH9b*@AsY9cMgRkgER}4dWbfgoa^{w&+?kIAJ{jMr@(%3G3NG
zX%Q=lCzg{T+zoX;z$cgEy#NMse4_E98Sf;<B_>%&%WF_iZCD;8YQhEa{CJ-DnDT~o
zf}hZxE;Ft2M}j2rWeh3+Ess*eib7?8*fzBWpa<*sA*~u--65KMab{O<psgI9yIf)M
zqujBuy?p0T+HX+rm?xp&8VLaiXd~W4RhBVXpoG~{_p|!VwopgHJ?w<QYrVi2On7h0
z?t`5O{EJRjeKr!>pH>;8S1-OY2_d5V>+Gxq=nIDr^1gAl@?D136&{|RG(ONww89Tz
zIC(Bo_tuJk`AzxhF)*1Z5Wj(2MPmds?%>1j6m0r3Sra+(=KF0rANDh20xL~E5FmuN
zsH2jBYX!BMJMa>~g9))!)>nbMwomTx6uj-O@`ko@-vtDjI^LlyVwrVyh8dWY`?Izy
z1JLg<l1tV(B-;32J)Jkn9i~&}LDYCBAyD$Qd?F;Vwcv7z!3#R)!~ilMurqtxiy(=}
z8yY7QH*vJTwT^#sj@E^pb<i|hqo~>u&7W^vFu2Ih!=DPg)>O`9VH%4CaAY<-6@+%#
zs`vIenezJZz;@OOV0MhL=$9dW#kuK0y@?~gqJHl>OLhq_NB;!lagr5^a5DU;a)LqK
z9TjhsPR9<z6%seET8!=Z-$X1X4wcNdH~CA7ncvz17V(^57zz=6i7PWLAM`C6#&0oX
zp&mW^CEtv3xUV;PB1B%i0DK$Xs(r-)G5z<pD$7r)%n>=K7J~Xkg#$V+D9g!;L$n3&
zaH_j0VzC|-=WWocnaz)vRfTD$Q%um1f+P8u6@qjX*7(@9<HtLVa=_-;y0qISiJxQY
zgmmsft&EXtwYc-B$3NiY`U*Q7LBP&GI0AGuxr3e&Lnlu{<X-Q}NrKb0H6M-Nc+!bB
zFiY4teSDeSnAZ{G+%3TA=)zZlE2TUpx@I=k%K!|aV`hQk$AhAWty?bGqs3s%)h2?p
z>gBGg>%Izjszmk&YP@;5!iPw=-t}$oRVI_ZM)VrKTIHc`RUHe$5+~6nvD&rzFZ-7r
zf<m`!i#8~-uXy3UOWDgDBkH*ef%O&OQ&7-!L0Qo2U;3Oco$Lm(!7;>*qUQ`r=}UWu
zPVYc=i6hnI*Q;rN7R)ZsZSbj~{`<_yB|h2jLNs3}Gvw?XL2E(Y#+G?beph5%c)Kd!
z2PMy=su5RGlWbbsajT1a{<ypli#mT}SKsKQddpCE-Nn|tiRK;oko3ll_iM9S6+Sza
zb0EmgG{j$44-=1Sy<d|scGlo_McShUpY}6Bs4JcRlLIs32_KTzFqac=;R>=r&Sx%e
z;3xNN5+bUXsAKEh#?^Yf*BS-LUeFz89y-sPIo?5Y>jlyE>Lf%H_v`inQ^TY19l3A1
z)uA>vmh&&h_pBraOR$j)y9&rrTv1&rd;Cwr7lGz|N#%3PI}2PUmp}dI=nz3^rPwpx
z&OX1Blpz~1vveY}0^@BAU~?iwJvtOTHoRUJR^^<9BeU&09R_Z3T$P$n4CkbyInyQm
zFpGhv#MCMiWeo>IH2@lWE{_|=?f4=y{2?`+;8&|CyJ^=I2NZvWK-Zo`4FA?GioU5G
z`^7Ijk0_DHz3eo~!+i0nGdsl!!NHYxO3PEXk1nOzV<ANKP;k;}>DQrq)aU>=VP$m%
z`<SMk@0gElgD^iFlTE}hH>2*B4rfh6eosQJEZCv5w!FMqu#5hHY@UoXu=zSp0|K&N
z;lUIU?Nn&C!tQM2I20cnX?zRCmL;hCVEgZVn5&@(dqqzf85@%hBtQ_0=DzLunJoe3
zSA;0{3U-V#aC*fq!Bf#xx>VDyOB{EB3+OkBY<AW{`*eMu6qwj+U=90k64-K%di&(S
zkNsSt(MLOK7O+(02qZ8>4(v7t8IBVV)hy6gQ9obkR5St#FPf`QDJ_7htPVrBDc!P9
zg|z^2vM^c?0KmR<bTGky+RgB_pM-pmPiOf*nhfOmJ-S1!Mjn{ov66v#t|o{%5{L*C
zArd+m)~2o9Kwr2ymD8mh&3ylnRHC}Ym4YbHk^If$%i^YJB>g@upoZMwesz#I=#jp3
zxdb9nH=3XU)>7b67_Jc5=8eVh*DTt@ji<$7%wIF%Fv+GqK<7}>oKc5)MTHM24*%4J
zxHJAV0>cey^C1omt+2j25HGeG<7?~mVX7#*6!OCOGBWP^_7|6JQ53v@pGx@6e^;fV
zYO5$Y<dNM%Z!Z|x4tGD)^4pzudoNvfq@Hm@QUlgPQvsf=b*}I`lQ_4`<>hSyC(#C6
z8+;6=%!Odz-gV3wN6sImW4HU${_kry!WD!c{8dOP(;FzdS8_HnWf`1_dag5daVirn
z=G^ZAYt|AXQKiwgZG|to8@H!$W3cdjX15<}ezDtJ9`8ZB*&RYu>`oit9cCQ_xAxZM
zNUH;TK2wLz1)ZdqSwp`HjtZ8WVJ5{iKyIo&rw^mrcf_^j0`=bk-6Xsj<uv10CVg=g
zYn$csGS1hPK!6hKj_6b9A^+VQ+VLhr#}%w&NdZv`>^6Vc+-k~?4&e^r7xr6-Wd)6Y
z5G>rc;r|?`#t6B+K29imZO?j!@1g3(R4Tb7f)F$3?>ygaxh3h*IEa#=7~;8yO`Mn0
zEd^tld72X9muK%s+=1*8)8GA(!Qrs(G_`$-EEvn0ll|?n?@I~T!N4!xddLe?hEjZX
zihZiHx&i%wmY45xp@PB_0lhp0#}G^E)K2YSEDwTLDR_J;%GBTA-P$Gn*vd9XmD%Fz
zOYffG0Xm1x23;c4^=Fw0R)tiILI;ID%LiB1@q}AB8O3$M!G~b4mzIHb0i_}UlV2)D
z?sD0Y(605p!gk`?>zu1-J|K87+|~@A4+50~RcZ6+vdnLcIPpS@fc9!)wK9@7V?(XP
zDsvm+sbdiLm~u0d6kMKt=!a`C6%dBk`^&tF;ur-~dK-)RN+?Jd1kz|}9x>Af+X8W2
ze%7P~XNaJFqHqA3c?|3R%(f8!{(B%tVZaheqs&If&Xg}~+f(5xxQ#-fjmw$1Y#4g3
zz;6OkJrWL;gr#z9gAtWQ4aWp&D5SqQ-~mmx4|z+Kbt(o&PqK-Xz7Zs)J0{QOl(#Kd
z$R&0a6fewAdSH2v-OXOD^l_6gu!w^D9SJ~D1%2%qE2O6jriP<pxv_Q~?8T|6+6nvF
zqTm0u>XxFcvxwleu*%two@op;YgK{&izK1Y(yShNz1aklGaiCBJj4G(<eJ8hi)~V1
zjW%o!H6vtq>&u)pr^v_0<?Ac-l4}@^KB({RB<-=V@FBoXLrnSNcG^(6>;JLu(YL>S
za6Z(n#Zy0j0M!c=+H&alY9+{_0*+6v>=2a++IHoDF7d!9S%-M-v_np2I7M~zS`lrD
zvJ7lNvpQCMAehX*1ZlZyj%rhn-aKx}4IHoaNxo6{io}aJ<99VSuq>3QIXF$;%w3iL
z0hGgah?-*hu<9p9&|Wl3>231EA9b(`T!Me`>yQZ1j|JcudDN2~m)O!Y##Kc|M4WaG
zTw-dSiSQlsD<LCY-LZ%+aX#epXj#d+6a-FRILknvJ^g3D5)51&R&bJ8xR($Uph>Ac
zAE_ZWlkW@zzEWw6M0&pm>Fh%BDJYcH|2e&B>e?8PGpv3m{YB2Cm|jmQVfh>EMVlSH
z#~R-ej@ETZ*I_&RmRJBDJTa`plU=QT`>Z&q;SlDdqBKa8Q^Vli70t%yUrem~c9a7R
zO-v*Bi1M`~!$NOxVp?W)WH=q={g+ccvX_;I)0Ntyfd(5k4_Q!vS3$h08O3-gRkC7W
zx>RP9!25e`07j+W=W;*a^HuZ5@U=~Fi_6A92HA%-beMz`j0C}PcQ5pDBXfgLH?oCy
z947){$LZOlk~y0A*kQuhJ%!qe()Hblqqy|}i~1XT!_vf?|7pcR?H&t(k)Z~MvAu|r
zNZ8HHit3T#10fK_+QH>C+-&+q+n7^fY%u{;UNPO1MKbOqNwYx$0F!1*pHGmrXe{}2
zbZ<x{8nHG8<c@gAt!x9=N#Mw6g-wYuJvi-d76Y_)$P&lvVV?!PZfzwKYn<(@e7U%z
zCe%vPwA<=|Ph&p5pq+aQ2Vb71*2VJvIsBInIns`lsEp#b%fXmG9K0ditAl#-0wi<~
zgSGk&nHn5_@Z7rnX0tj^uaF`JYIa<zke?0r7U~<q01iU}xg1(o#*q&)g<RKuJ<);&
zS;L+$bJ}NG%lo{$nM2el*CMCItEf;axP(=ywxH8)tmQe#F2J=5%%?MWNpQ{naqT06
z_{fdCNUw|^jWvD_;U}S^l?h%(G}>yPSe9RZwX{`Pu(EuEH_B-#99^{LuxjH&<Y1T0
z;31)itO~{Jr=pO1VRU9_J)#w>M`ci1seZtBMh|i_UNBFQr~#b~?cZ-48qAE>DB$If
z3Mq(WV*C^jD!WO$GpbK02UtGhKhh<^#2K_Q$V@UTABSkCr6Uq0lp;*7|58Fe{62mN
z(xujH9*`M*i&<E*s69tgjF48yTOVjvd1tEq6gEJ^<3;CqVfWglM!2N8iT#&$h%Td)
z+guy=Vs5=MKAU1$=O@wFQ7kO&WBrfiz&GQPawtbjkM5A7lZw@R9OnN1Z<5pTZ!cP`
z{2E@TfdW$4e=V22DbSSx6%>h?c*h^dHRu@D+0y|9vN|i07Kt7hCM>1C8(4ZdK79JS
zp6s`^3_(;X&uOBuO)<bCpA`_Cw8p>@0n{`ezVUmLqsvt94$b^}tiXatBBZ1w&TU2d
z6>|01?ou14+#bq895g8b;@omApK$n_cp$A?tjiR89%2$4a==@XfD7Rj_2w{$q@UU9
zpc1#NkHO%#T)d~ggTYwnC#L~}-i=-57lc6*v&9c_GwKR=Km+k9hIg~Y&P!)r><tq&
zHB_&`ocGIKPu6SzBpvWevnOKK9*pl5Q8>+U>KIP1tQl40b-Q6bMxlkq2Z29*n%fB)
z_4pgcBx?^&gD^O|JMK!vLn(RjO@P5^pac`9OQ7XcG{p~!x%gLnlf4#hXij|jXbku_
zkO#ABi-OT?y7Ei1=gEAo2-d?k?LGFZqK^i<V1sq-V*YH6pwIyNzMw`$h=b4v%pDhj
z{AkBHECSQ2{xw#%S-#)KV*C0j8V{#dXxUhGUbHyNXP+D$pTufP-D-ygB;?rG$gvL*
zRX%ZT9BR8;nI6nyF6n@}N(qh5gsAGWL-5X#+P!0&m&#YnSHrn2$v`$eHCJ=Kv=nri
zT;ZKvh%f{0Q@1K1B|M?_$V%Gs*!1JfDGBL5`|IP8{i~^h_{zo-{|XT3j*smc&yN*u
z23b~BY-CTBjg5<K;#6XxX;P~RaX5&|Ese69>Iac_dqRD^O5ICf7cp<vY*|;qNrFsj
zRgf$1gjo=Vn5uBZ0+II0b206bVab+ZL^W=EPA-Td)v%#5zQ!SOZ3G<lXsrQj%+A;d
za<+(=?)ZeAQ46RdE%E}T`SBrAS0jn;w41Cl)osE#`ueTEsO_W%KzS8(mGdRM!_&SY
zEm#J|8N8Fh6Z(=Yruv5TDr#X)#jb0)=ZPzt_|=Mjv2&^f&<gE%wi}>x-(;ZV)uF$s
z@*GCWa=Kz>R2I#1@mj%$Yi+ToQYX2s55dA9)&4xgKWh3T!@|C9NzyEof0dcj2tgup
zSP=d5>kuD4CTx0Q$8#Nn=~SxGiuF#PoaKi+g+fc0=?p2lU{KO+HHNWdtKOPe;MsPO
z>J*atD)Oqt9H?r+3<?j~ge~tcYU3`Xehq@KD%1MM4}R+)`9>SLJjbb>2&VTiA-nrx
zC%~cCNYk#?7X2)qQulE-f^>nM8l?x<iK-dNs#_xl<*a3C3FYB9th_z)fYfd}H#<|u
zk6VK$EDLw-^n>~_fbl6IGLfsxI-Z|BBO&Euyz-v*Yl5F|HwSmU9TpE)%_vfb+do?Z
z`26UJyV%!x*<(se?4iOq$X6gV%acz<IcG@n_yTJOLp+3CKQ?SQnRQ4XT53r_Bf8oG
zveAzeEHXmns-H2{O&-PZ$v^NdAZNzC5&BF-WB4n0P`Wz6^lJ*jAxl~6?03x*y7q6n
zLPA4s^*h-3$-|Mt>(Xu{d^?tDQunbv!ZlRqv<)>_&tR3!1ZlnPPKLgX4Y(;%|D$$Y
zAZs}*b=&;G$l}Q?>DTwRf(It+K$v54`HcI72Mn{o0(d<?bsI82!nre+f<HJZo2SVZ
z2}7@N*n5^ZdpaJfH>e<YxDwIegYazF1uj!Yz$`dWn4m&PcPl<;yY%9f{$rfnb6dTL
z&eurbst*USH!h4xHLibN*B@OX92T;4<#;L==GMq}H7WL+>P+OjvwByS_Meq_a-ln*
zTCofq2)*tg>TL-xXEbWNl^H~pj}yT_4plj6LjaS3F{)R<^NYu_q7U%&+Y5k^JHZ>7
zP5icVfM?h_)7_s@eAIhpI@Gu@CobBy?4#Bh<w0ZOwy<9epyK3*7Z>owJ(*lblmLTR
zTb58VdhxQp$BcP&Ih3<GOOINVn9AmhjNFg;DGT7613?;A!Y74;`T(N82!Gq+=k{Pr
z+rqx3@I+!I-%f*F3VrU6mhbYNq=*=&22M!>oMk=MEWZj8RjvDP8?5J=0ju~Vfdv|d
z-++M~WWKpIH=vgo)WW}#MA(=$7|t6=#Y2T!!W^#fh=ETx_`dRBe--&&zA}@{iiOcx
z)qcy2@!6wJKx3PZ2c4wyqLrs}E-TR0%Q+BG$OQGY`tLJbNoPV!injw5BVOd7>?5tq
zqqwEeQ-V?uZ*#RFNoHBF9UR&!+X8JIn67K>e8Kub_)tkYyz$b?!>|3}$uL&DV-*EW
zdq6|MQR)u%YAz)aug4jNfBx}~1rINXKNa>y7_Mxq)kVUGcESMm?{SFF-<ebeKP14Y
z2M^nze&XlZ92HcZ-cxO44kN@!w~g8a|Eu!G=VxF<YmSK}B%ECnT-lQ~H6Fya33{A(
zMjzrHG>HDUZP?*d)*d#-yPm$N=~KAe+AjOIz~!t}=zt#!P06!7xnhy1$5Xdz+zPa)
zUA6l~A>5jvGaoPQ-ED@^bG6eO6&sG>3?;DffzIE{Bm>dt<JRYUzA^lQ*&>;zAlN^*
zC_z<y6t22KC`sq;*F_*{DAM{5PX)a;pujjSXoW(Z5o$itZdK6QAC~$g=(CT*n&s6k
z?2Qo86To>jKx$n<hL1TUpe*yS6OIOvsAZ4v;s;LYgC=#a%7JD^7C0H~fzIQ@ERDH`
zc_SnG#6ZS4$}>pkvUGlm4f0}rDyD2Sj}CXTO!qr#i5hPPq9WMs$>Ops99GctN|hu@
zux@=|L>}Jz{fdKk^Equavs5>`jj%cvL*ybrTP#G5Li=^o`aL&sF!!)96UF1L%V!+M
zNk*j2%#sGGkOg<E8|`+v02cedMxLX4r+oZ8SD>c(@`;G<VR6oHQRl7zkCbA>pj0*l
z4LFAV;>07f1@W4EOvr;DZy4B)23}`ZF)2VzCg{^F9Elo-&^D{8U;sHU)-!pS%ms=5
zKG-;T4tam911Hv8nq!^927N@D)Z^wEcXoHAM}IQJ13^Ip-66F{N}*<-8`!;hgkgxQ
zy<dL-x}~Kas6E#e82$Ta$Bo6-ooi$sN@=JSW)mQ0v;#Bj(vLD%b3nR*m`JM^c8DsL
z&|{b3mSGalYQeu>XG0W0dNfsHtuUxW(HzhNVM4H8^#6xe=kRcqhDcv{!?L~vy=PKm
z{d`%Z>^TPDqUV43aa;85i5WPOxD$;Y;iF^xXmJW;`-ndI;WZTYI{>)xHqoNS7Sm#R
zlP@bQYW@cg{+fKDl9q8>CzQCFYzN-*I6F|CC)&49^ug*3WVL0|7OBSlJmP@TW8R6n
zNOc1sndO|I9s8!m27G{js*DZfAA{t^?)vbX;-C1Yl^$HMiG%#mSm7;(5704MWOJl?
zqh(=jB^vR;&xMWz*!odTwkTdKzzu+9%GH(RG7|Vd*?7dUW%Zd0WdY!h<cxRm2;=X-
zVM$ynrjgDmE@tfsr6M^9^l8L_NSU!_x9gPx^RQ$Fgqd4twcC2kexAVy=H=|ySEfnB
z-aDj>vDG&QqsyhOTf4mUiPM8$h}g4mTbf??CdT)H&Y--xrj{WiyP}_kOd^Dufa9h7
z9f4R%$Yxrw9|w=!k|W^P%TM|6#d%|Y`iG50gs(}`B)c?5_$#n$+r#BvoCR&fW<HU5
zI%)NvMKo+vYB8x1x@kQDo1=Ap;uu<F%(G|W``B5mY4zxz&=d5JvNN^&@ghaIdw-ef
zhG+-KNul(M*5Y}uj@Fuk7R*PuQLR{aN@u;Lf9X!UWO^;)nRiYtFfu-zSXE-4>oY<E
za8gT!ROR4nT7gy@o><`;)lJA2LvVAlJemKlWoBocowsJTJ6FxMyN`WmvATe?o8La8
z3Rmp*aDrGHsq@L<c#54Hav&B~h6dxLxlI4Ly@b6!-2ay9CB+PR)Q2S)gAZmlz)7oE
z_C<CM8)6SU+^J<dqKd|K+H6&Ox<Qb8Mg#V}LQsgLo?sHVA)k?D<Xx$jV3NSQqg1Vx
zc{3QE=TjHFd1zz%#r$G0$(_DTWKyTZQMo@(>)<9Y#O;;Q49ry;W;e^MFpKPQw2*4i
z_k_0=N@N3N<8Z6rp+tMST8mX5KTS5e4AdqSUHTFa>3HGBJHk1fQ4Cn3kGV77YnL4d
zKWRr7@$;MQF8Bo-5I+Ke2Jq%HK^_rgZyLr$Hn`z{O(^I7O@S5KZegz1-KNu8!}8-0
z!zIB;rr%Zzp+Kf49kE}^bH{+PQaxI5sg7{1Arr9q)MZF)x|fRX0*p!EWYhOf4uqU;
zpDUhuqRIo+1)d0$=Dx4Lqdw`QX$`Gyp+Gs7hwS-^>V(dAe<pT_`i=W7Wr9}2C!4%r
z4Cf=G-&J<h@bDWpg*M{dSLC{Cr%hkOMtTzTFs)r_tx=m7q>aBP-c(HUzVmL3JO(5u
zY$gbDPALp3%ezU{sl!m3{4<sw(`UI4sh!p!LFtJ2yYGl2wgDmb4G1^!u0sxI9oiNx
z$QA2T9aSh)-MyNdjf_uGp<EgC4jgI=3G?EvDp~qr%3dFIm8PR><ZlvF3N9g`W~sh0
zzX?l1BZHXKrrocP`|NiC`*On~%RW+elHJi;w~AYf7t0p!Me~9q(4*mAkdC&SGSHC%
z8>s*9Y`Rjh@eKq{UtS7BX31o5CXbB6`2Yy@j}3jA|FSkF=FZu#yEvXWHq7`R=NHxu
zbJePR>m)^-+*A2Cy$}>*d>|Y~kF<K}<0M7~?G4=1Dw=LlyEe_ST@P}z#7$;_#PFv?
zelAJBHVzJS6#%WB>O56*#Up;84-Gs7FuDjgK7k_=HT7;B#xyG;9BmKQaJ-fC5n=EJ
z?`W$hMLH5gp8>&{-5)$)uE(iM|9W|fL-i**Qh0UVRisY4M-wF#Q(N(r!X@!z;(agv
zt0eeGPD9O^GeKx&$AN6xM$^sUmkSF-7??cZw2Q7F$@KmyULPz1o={co*s}GpJ;y-#
z6KLudF%@%)Lct$cDANqmF74NIGs(uX5!MsX-9-`C%Ou%Ige(3_2ao`Ck1u<4<cRt3
z!pyh?eW!J1bdAfVn78-dNBiX1=xWVD`FulZ_yC)ZDXH$&q2+F-W}X{sdgPP!XW>a;
z{jpGq;C44l{iSN}@mn8Tr&e_pmqq`8!SP!X7O?E&vIHID*C&#y`BlS=z9v6Q=%pBY
z7})?L?Y_a<Mo_BLIHDplMe$}%6WcPSt8%A#w0EZ>F0iq_HdO}_ndmg72oo4U;%_?}
zDmr4AL%C?&%xrn3z&Us;T7TC*-nu^#CrP0lX3BBDM|tpTqRrHxD@3dN6>LHojTH3*
z15n4-29~#GInR`)868hTc>SpDebYBWjjr!p!k-%FvN?qw@;0J;P?z}-P|Pf|P5y%(
zI%ap%x4-1~7dW9jttCBEt<`OFi1W^T&i%wY`m~zqK2vz`%5i*qNz=yMqb3nrzP;uJ
zy>*4jVKk=Z=EjyRv`$~cSpSs$FD;7)O3uI9tUCxo*;Gj9f{*$pKqE`gb+6dw)^!uV
zkks1Y6Ibp7Wfahjwkrt_5jDbzHLNN)X~|!-$|9y{tpO=UAplc3h!r?#9D8g|I-OJG
zWnfy-YRlij%LHIB%tBdY%8hJ|^@g;!TCiEdbWGSg5Mt2ZYq)pa&v>{uB1YPiwNxHH
zsu#V8<e+_)DLMzm&%w1bxBIgUp}nV06Q#^(m3r(odWMp`!wOTO{M0l2@7kKe(Cjb=
zK?R&B^(ucX99d|}hRy6V44L^8?y8v4o+iQqU;HoCG*K=0+`ebJqtloT2d=Df<uPn*
zgyG<A9K_|`WRBRwbx>O;h&|}P=TxQr`+e`^#}B}>XL0}cq}kCB|JrbBeTZJlw;b-5
z53+=aV4gO*6=q+JFZonPS{oAk=oi)#aab@}jCKWGH)>rd5%U03sUXJp9HPB5o8WDE
z-B=FQ<Cz<QQQESc0bJI%qiWm$$*>)eA{!?i{&-m<pg*%VNPk1`b$<y`1PIzN-RH6h
z1j>!^Rs;h?vdCjaF>FH8R+(R!2d(cB<f^83_+GP6x{!HDm(b`QR9AtvPDzYQpSZve
zZ<`{X%)7=2M&3eCY;&40!X5p`gpzB)M0kSwf>(rj+6Dq5c?t)%`bzjhou2q4yqh0$
z%)dsCWP2G&1_;N-@#?Z#()|kCM0=kyKf<p3KfTmE8EJ0;)(SBHg;Z%TUx>RmC5fCv
ziedx!u+|z|D=|^6?DgMj=%5J6%@^=ij$NIx_^&y7QdL|<s6F9@qzg*9rY98TT6ptR
zCwq?C-$=T>b0;of=$$eQ#_z^EIAYfZDK2e-_zuPfP(jlEzY^%cf~arH3vp6HgGZxX
z5v7O6(F6{%FU$T3;J=}t=q^d@3Zl0azf`n)S$VRKPw3<%dwj|(?sCi0x<gT16qy-S
zpN0drPbnhE*^uDu)K*Szu(_Qiq0n{<NG7xPuGRS#|24yCwiXXKc&XGu^-7vMX*h)q
zlid<mCWG>|+=OrPSIhJ%DH>@^MG-~>ezmgiZDh1Ha46n(jY~?Wav(|u10iFqp=Zyx
zY`L}#+5RR}765wkN<Vl$AP?2xu8W#;S-DX+HdQT+3tsuEA5H1t&rqTzHwsY)%EK#i
z%&9xNw=@``v#{N=%1>KKBwtN^p9R802AcG{5OQVem>c3E;Wu${1xzpo(<sARHn~<I
zJnFFa3#=#ITr7ae4>ByQ2plLf0vIJ=*ixqRK0;ArhI%C5=E@>kLlYWfbbaT`F)r<D
zWZENq9}H8IEEbi>`E!6|<nnT@z8IZBvXY3};_W*e<3NSEuL)tk3+v;}Wl$|PTy>Xn
z-C{v;=RviL?ZO#xK}3uD_`CW?hI-nSJ7B;9q=^SjBxY5e{zo4{wH37eF4)GPu}<NF
z&cZ$!8%-E*pXR;?tLbM{Hp-mYn-A36RN<);{;pz;*b1^l=>Od0<2>|*TVHBZDrePA
zD2}PJl%@NbZQ+jg*F~JdUExP{f^JXR@*0cUW-4%QiI3}qGvIbBSVo-i(pP%6m!a?{
zX<fV`s(co34Vh18ruT5|?`A{G^+!}WjOosue|$dYzZS@@Y^-f5b0llU;!%tgWz#6y
zFtzF$y+gh?qCry{M>mv%Ynuy^UdA``Shx8<g2b1b+|odR(WI=_HTtky^*OJaK2?@H
z1A!paPo+YVcxkS{ClxQXZ9=s(s2xW*XCO4xrn`6LH4{O{ru&yb@zoS5hN_M@S=K(&
z4@e1o+lFfrazJaBpMAr`C*EOOPYls+7|?V}faZASV~_J0tJq@?H`^zFB2BpITuJW%
z*|xz`R_Ui8QkmW2Au@Q;vmT<W7B?Ms`iM~uNc*gI>Gzp)mK#5Bk^H$QUk&Tfq&K+A
z&?xYoZ{}8qdTAn|f+gK~i4X0WOvxo<+LbPO%LOMBGMBbvxI50jOnI~>b5UOH80P<=
zHV6!c!&UxdxRIUzh)k1Dz0L1<Dcj;><sM^Cu3EkY<GP3M_0ARkhud2f7Ym{b(^<EF
zYw;=|Z|Hj=$uKtOp90&K$ramX`aIYmkS89hU$P&lqmDk{k>_XyEL>a%^?YkvKJpH(
zSwnsy%w}ojS{mf7U`K3VzWKo~oz%!Rpi^BGKBq#ywbCUV9aIH`;CQLMmoJuOfleFP
z{IhRPh~r)<h6~Z^tbYoR^Z(Iz5bk*+#d|#4)LgYr&f-IQLj*SPH6O8I^!-_Ss`6a`
zyVn;(N+c6bD#E^Z20jJ>O*2fe1F1!FOs87Zw6fjI4NT%8)8rE$cBTn1XnIkVkPdn~
zF0+`!$o1Xl<`<s$62Zc!DD|~~!BhKxwxajpL*NpJEJJihvH0A1Z|E->3hzP4c*U#K
zg@<a}7Y;kVAN)*)ij?JNGIYTyf&|myS+!day}1l@4iI-&T|s1Q$|jp+inT$_0XciH
zbGW!$`R858RXQQjo4zbt#Y7`sg+ks^owE9#IM%H5HZ}Ig;jP6h4YWn2zc^z-G<4S#
zf&x><Kw6HMNcH1U(Wi0i8Y1?Olng5nv%KhW5pFv+XUHDyu@BCjZ_DJxD0W@kT2fto
zQ<#+DLQ+stGu?EKK{9$ndwfBoN!c2zO;e{jZi04M(<88Q=Pi$_ZwS*Qt)6c)P{n>F
zn+5J&=?^6xFR)bs=zU38iVPoa<dfhh6X-E#NuK!FCRQEG&0$hr^<i-Q2$tzf*(kCb
zjc2^kRVyyD5D{W^Z0MYC6|Z5UGP3rEB{P1O8E%(YnBSy4b^08Kxm>X&S7CI+NX@@$
z>S=t)1z!avmmFp0(faVCXP+cD`jFQDx6u)CCg^ypWYa_tFuU9qr#0(-9MRR-=Q<Q1
zD!Mm54Kno?EzhM8)x?iP507?}txQlHFT%o##7b}LIU*t)+hvr?pqId>^$^@8QfD2y
zs)N7r2!xy=n0cOe#UREadO?iHpN(IhDv>oKTmCag2BXPabwHP~{=GK7<M5>{*+6$e
z^bCa3SEW3FHc3iBngQ{vZ(mv(R?Zud0D?FS$nsfaXrUXZ+e|BWKp#s|Gh@Zvj=%`v
z#r%+PiGDr(2~Qpbb;OC{B6AS|5fEdyJ+-xwJTH;ll5*?#QhWp}k^D=!3E(^9{O04~
zKN7$FrR=r$IK)*-?J&NrrLgoZy*Kiz$s?oY89<RBL)gcI3kA8GM#o?D!`{Q*gp<1@
z)8Uwueh4p<3%ZNdb%ZJHthGdL8ZP!OOX093hM1Jy6+7awWcjkh;QL_HS`TmpJon{N
zq~-maMKH=}zhvXwf`rWp`ZXYTMeYOTJ9dj7e*Ixl+;GSEP`NQP<$QG-ut*_gWWRcw
z#WTMP%lmM(TEa^<v1cF+dYlF5;QX&_P51pRRH*P!Mf|N8fDw?@kd7X?bdk(@G^{ZI
z1b$BrTW6$GXTW3a1dw_$%$wPs7Hf?m075{$zh3ts`w8Xsz|GkkSg&yY#<MagR#+o!
zmQ#XE)}|%=WS<UqJ9$&O)PS-t?s(Ty@lNRaw+Z+sFmuZ4rUn0i!8s-dqB}YY6lPpZ
zxwONBtGqNlpjH0(yQXq{m|l3;pEbtswX-wVe~jCSoG@ghBNZ#-bWmBcADjuOLP6T#
z`5f3+RTSbN!_BAfxDpkK7vGZJrA-BMNnj?~m9uOxWW_1+SVv=cl!f(*+Em}`Yjcn&
z>)O~mhIz49McZDSdf^4{kUfZYHKRxu@SgpeQXr;dX8bdk)^|9xpLa50g*S=!t&5N)
zteoSV`xA4K1WT2kz<)ID5am*rkP<8$1z;zYRV!V>0{kw|@d2JO&=JLkfLR(VYvrw@
z?<~$YQ#{#?i?`wxwQ#C~d)&?>H%7~vomff*eD@htGU4ML;w%v^zgdG8yIg6Iwj#H!
z1hh>Zj)!z97T{kC_DtqlwMvP-0xwXipVS#Vi(6+lr-cS8-aqRJZlUJ$ww7EZ?J;xa
zC&036ZS6hLLR)x}44h~#nwfhWvY0PAh4sWn(kOr%N&Yt(Uz>(LB@a-ezlJ|p*83E}
z_E$){n*y?pH|K3rAbUzsq9z5Fl6q$y5f)C_!0<NYXNs8MCFGmK{m)T`fr;XvSdO}-
zn!TRMZ<Zhx7(%kT>!)iY@{<?LSB(1|?MUQ-$5e@Th|bvu(pvnELwyc$x7@tqWrN|2
zSjjfJa~e%@t~XH15}&BTC`<kW4qE>4=R;S*NpDiYu>GAx?KOhU*h1z&)9(7kYB_W%
z-c&yv&o(>sqAM*@xqVEfKgj+l4FtW8b=WX=;pf7|AvLCm?ORT02EqE9EQlUtNz$c|
zGsEs)i3cL$+Fw7~yiut20SH5YAukZ<xTDLcQMnS15&-M|Ac$a=<G2Qm?1tGjr19Sc
zeh}`o{8}${v1m9g4`!bBlKsWL<rQMsu9MpGmLRPD*ob!RVqy@GH-lzwl-j`?;qB74
zvPRH7@hnx}FAfH2$jrv6)>-=ehqN;B-d{8H;Mw*ZL0+hPdRW_aR6>1!j!Dg@AR8hD
zV06?FarW&Lre>fhDrL8tC2y&53K+B=qj^%ro(Ev0LO~1j>g5pqA4)#Of(|nf7yiE0
zV|XU==u!Rvp~R*HQq}sRSTbt`zxCvz5$<UuAfn&s=ZR&QM!FuF19WBj#GzqpyO{%2
zl9@moYcf;4Rf9e9G+N#B?axW%<K;(;rOj|U$pvXbY<&TnVfI7~@>G%}!iog<C*@BR
z>$ivzl)uOQ%^7*861W&yMNwl-QleymHWEJx#b>T<sv-rT9`x2ULyPWMsy5ft2nJq}
zHsYz9|KUwQ{hhR}25m*VrTjyuV|QfVrn2FMT0Z8r^T)8%U$Q%Flp=9iAlNnCY{zH&
zmN*A)L1ibC_M|Sh<CDB4Nh+bhw1xBy&?r}pa&O>i`QRwHKH(fthTLfJiV&e&{UZN}
zlb)ZHO)|ZHO+Me#vvK)+l2UKSfh$Xf;wo_zTgfkUkKF_>ZcRejeOfKmf{+v+tcP9V
zgq8O(Lb(q4ED2m6!IX+(Sw41E;}nn{?*w97Uf3-LQ5>YaUV~)5aJ$ID?}9D?k$I5c
zjJ^g;2jtYoH}d!Z2=2-(4?FZxoXzFE1D>lpbuL^+n?mrE)^}>es2_XCHtMqdrv3i-
zH$^G<G2!IFkP-e3Ivflcu9Zz_roA?OV?2KD9RCuV31N7L2cvxI0JQL>W+PINUadCm
z$aiwBIKHt7KA~3UrUY7{^IfS!%Og!s6U2wInW17Dr<Y~r&p&OyeU_Cs!Jc-PfG>e;
zgG0wy2%%tLPMf*HXOuC9KqKPn$T5jJZFO!X?d?k~cXEvU9Sf|q560{9B7cL2{5f;4
zFrFsHNh2Rm55*i#Kd8l@4(BAj69^vMdOAG$tjm`VDWh7&$%I&j%Jo^y!S1>V-sg}~
z%h-y3tHt(`iz#BXveE>{%?2gRYCszmNWw$MIvGr6=4j9XCKBX$_jDNrc3rOL3)h2w
z>a*bFe^i0}#SEdNa<m*QP3+x%ijB7SxQTBVotoL8b&R!wx-#YMU9y_mnq5K?Wb=lX
z@_j&{p7ZOluj)nCHnx;2_TA@P(V?CL_^yA`7F%B_y^@ZB*|@8r1TH(Z$lsucD!=CM
z((r%<q}<v;i%bLT+@OeMton8ryFsR@F2LqL9Ws+cG5g$hB>Ts=oHfwe#%F)N1Xmgo
zjmPsatv6(5G1R}ZijIviALvcUe8|4etLVuaN{pE60R_o;TeP7XjnJe$WGMn)g@$kt
z2%&db6DPG8QjfOMPPs9$UOA3g?YS6W&*8jJGjzD_H2H~-+82u+vD96c`V=8rs0oND
z6ND5KN<!Pi5DCEav-z!cbXv6|e0TF(cZeN>zu2u`K|h?~Jt4fm7__)T00I?z)$wOY
zS?}qNzK}A13DARoKqg-0d*%X284D63e^@mTofZYNjxK9jxW?TL{)44m6lStOaVjSy
zW04Jftib5Og6DKl%40>K=sKbB`Vvy!Q&wZ9#sph#2mL$=Lej*raAFK0b<cwtN*61X
zvSx^mx?otP9?qZu+Q>G*l4$z>{J{iSP~v9nW0iA%BwG9T4spkLu4PD$qyC8}C2Y7{
z&P)I=hCu=#68xO_(JU2w!VX%kM#Jbk`nM(4qc)KN2PZE>Hr2@qkuHSizmnr*CZ@R-
zbj&GDjw9Nl4-RuF^zxu%NnFBNT~?aTX?nq*5B2&JVPuq7n2$xUFy&l4l8%Rg2E+KH
zpPbM(<4=cy3?+|bhR6SeGU&8;AF<F%SAr+DC^voH@fD1e|Jk1Dz=W@LOkg-7AcDKb
z8~F^s5?ql(FsN7JL<@`HQYl-x+QCQySFEJ@5cOp*`-pe-^UU>AO-QVs>#vX{74Ix|
z3m{)D1L(zF<w*NZ9EfxHS(bJPcGyV3(0XqQ<NxiUgZL<TJP{BQ^pK`Qs*Ucx-9irT
zk{TQeP90Ic$C*&uJ<u1(Uo19_rxH}k!fXLbQzmrUftz41P(YL=Sw_~mK1+lqbPf|+
zO3(TJyoL>%78;f>)6$x-^`_PNYl0pwL@7n5OP_}#xWO@}z!D;)oqNT6-|}LMbiqE<
zx1%f1m6XoFUL$nv!Dg&3v(Ya5=)rKDoN+McLz^Qb)=efETNN+oOfSZ`v443~PXqX^
z;L3~d*E$Aa1zB%XbI2cY-|PuY3*DNS?anE_jNRC#?v5!I?W!#9HpFX~<M>gz*3iD+
zlhy<`%r9##`es)4*q#qxAT=a4xYs8HPC8zNikaN}cQZW^d7`uiSPK%N@o*%p#zG@+
zBDpP*?RXbNCITMpX=NqANtF9ZEvV}D$-ZzI57v+>iP6i;=D6mSs63-u+nfh785{r7
z&Ek$)Rtsez(gXm~VTNj@Y)Wrm4oH?Ot5dt!fdRy=?UQZAEey2#uVog?2pO!zVpkh*
zMcr>7l%N5Dr7MGu{9~Ar2O!eV_U};$cMa``Gpr`RDiwc)y;?#AAp}s9c038aV1!yh
zC<k=ExO^3|zyEtQ-aD5E?3zx)O`Ttckz$1`wt%z4G(uhg@b%_;LL1W!YwoG`=rLhb
zpoVfieb^l9*3E{|1#R#MO}8BmNou-!BgGw2uit_ulupWrtfC}&OXZ=h+fVaag~(~F
znFCTQe208`VPAHZhZgL<L$a^=$t_s(5tm)jiY^t04+LYav!-)><?P=ROY{)a=+?j9
z9Jxl8Vw5<+KBUQbA8@HX!%9I-)5Z6W;T9iML}e0R!dmxCav$emtQDw;9i@DtjTK3)
z!IDv_Brl44dMPlw(#w!<uz`{?EBznki(1DL8%am=RfKzm-ZidhuBvL;^3B^MhJP=$
zikG5S9lts;_ZVlVs*Xv?8=SYY!{3|(L@C#8=H}pl5x*s%E4xv$D#0$x4+C#Wi(D|S
z%0TJv=IeQss)ujW(#DB-V+r}=CZL|%X0J}YG2e<cSKqs4L297PX9)jPGf%{iyZRpr
z+#PL=8&1=>+r6NRU#r`tGsjk(eM2^e{g1s*>|TPo+^=WNn~jfsi&=qhAK(d~Io%BN
zrBgCUS;Q>CE_B^HBessp3@K`7qCZa$R1P5Ci3oK}jh@6(5lHl#fmKcRKbI7y=NQ|Z
zC8?I}c|v|>Le4v{ENXsG!}n@T;P)H@Fl3d~n_+sw?}X8BK!cRR&mnh-s%>R2vW6h2
zIiw<irWUyB%><}Mc%>iAwR?b>@Slr)V2KP5n34YPefRM-F`<4_e3#C#caDNj7sy}F
z7iHQZF?#>B9#m1v=JU01G|T8K#N8!Ses&p`9(`OrV(RJpk;|#)k$%Wy8UnwdpB(mM
zP;;W>*lIG{8jf{EQ{A1<7kv0EFysIHV?1d|-UlX;j1z{U3TC)RULJFNq}jz`*u#u*
z_H-BnuiI_D8(&{azx0aer-NUPz0ruRus=PL>X&Ph1VY(mI0s1Yh<`0#ZMxe%RKrIz
z47C;;$wX4gXKAk==oZ1pA<Q-5i7_tUBbd?^@y{z~f#z>fWWQWt_b<iZ3IR-U);9qj
zIED1PHP*@Lsx2)FJ|OX}?(sFsjc+G20bdI^d=%fz=~KT0jM>6VBFS&5#%0_Oh7ncR
zv|yFXrHD}9yKqh9l1Rgnd$NR_X6}An(|^Bv0TtRO`|*m&G6iXFB@;ibUBebuT%+b#
zN3owXQQc!<gQyH#fE4e5Vul5(7xJ?&UmH|t1IJG#vSgRhUQV6&7_{XhAz3?Y9*XGK
zx7Bd6M>Mfta^h{`^#gffo}&(k3P6wvZP7i^ixtMON)#Q~iKQfru(bRECmJVGg3IwB
zmZFm;|EjO3a2)elxh3^<9tu0e(p;u(?iRC~=$#CER^OE_7wH}BR=!k#vZSA@aeW9J
z4u&w#+kkr;Wi42UGpK90HA1@0I9-b?0%D=fYG^fNlp;cHl3W)MYJg3GB#8yzv+?gl
z-hesQA3oK5{i=32Rr~fPYbx6&h!*nU1-s8c;TT?8{T5<+<hz;7;bqc@wg+pw{ozVi
zk+(Q>`ohv+=H7yMciW~uCU{W{zsx!{KL1hFKge2dV?;18B9NPk^us{+h%CGQ2Rpcz
zUvs{Se5AjVH4c-=d;VKS_A!Z*0j6VtDBbG)OA!mtOMnAL$8u`p51iImk8<A`OEPzR
zCm_hIeB`$r-{CMX2r&V*fG%F+mTO?Te^k_uRqXRP_x8%bOdhA=_Mj{?C$}qy07I8c
zZ#CTMKe;;Un5WffO#^cbEH;nEIRnYsxE1E7TF(cmX|xomtazXZTIs@^kQ)TgZjY{&
z6zPY7LI$|v0f~()!aB=K>GKBhIjPb&ossOLpO#5MqoYXAVtYv3cPmsOy&mtg0NAaz
zP53({u<o_pRC~&K@)-#bwxF{D#EpAVf}3A#RK}p<A)s*&8p2ZCwZ@hdL64#?%m^0D
zPNL~e;lkXEmu>#+K7Btz88N+0I$!U9*i#Lb=S+q<@AhOlP^HZEVe@fvo3Ilt?hqTS
zsT^7NZI0=@v@qSwFFcvPo;s1ndXb-mP<!fZ4B1ebP~By3ekO^%DymZEc)&{Yc(K}1
z@5oa|V{HTA*G!<72c<BWIj~QY{hWTJ7SN8?TLbCx>!S4r**f?!%;YQF`<Qr<^%RjA
z))nXP&C=)k;Q|&ZGAZpmE$|VSbU+&UY$+M@N`Wx_0j(-efghatK=vOI=gkl3jXYV@
zpL`9!bX;pMvt%j})G2N!hZ$8NaM<sT*svg_u!Z=nLPEGlIt=(^VkRG~cx$DoamVlR
zUOe7|wA+uC+o*I*r5usSIjek_A9lM5ClQ&G{UUkg7_l97ZJ5pX$L7SugPL2~{Is?$
zwQCthC8JHEa+>PUCR<L3Sza~*WhNmDqZk%2e5i?DDGI(TE|2!%6_|xnNwe`ohA`uK
zuru<wE!SpbVb^S)>Th@}G-9toSt*sWC;CPnne0%_rd!yXobsuG+)7usn*)K=UA`cK
zU4TN|oli9cJ$tNmqTJ_}nghFd=D*0=o&#yngcV?GC$Hl4()qn1B8vjH2Q`+2SEJ+n
z%VPo&gAGk9Blf#pdO_vRo;Vna=?>}tC4#xhod-eUqdILiAgfZC^U2!p)qm1B4<N^1
z$9rfQY*UL2WhSpIqcz}_d#sA5iM#bIw?jkH6N-W_^cA(A_V>6^$<*6dWk>dr#EETy
zFy~s={BF2J&2A3sZS#2hn3goebm+nGC}y%&zxRL=Crx7GwroBKA+yWC<~V}<hBvM`
zUs3Ls%g?eStRdx3u}Q=_r+Wd>xlXqm>Wd^&{1tTFr*Ul*3bG{v(;A3UbQ+d7hG-R=
z=6WKqc7QKW?SV}+R%z$TkGf@$$e9ZKjy-4+g6;UjWHD)P(7GvPq#-ooyJZ{8WNEcA
z&aVsoC*P1PExo1EgQdH09eMg2RoS^o-FwH>0-SXQ%nx3YJhx>CtP^RTR762%<mOfz
z#8lXEyiu1pbW9BS@(Q5>T`|A{6`xTxo|$A>1F0n7mxRR4Af`*<ckhA}4y{1z0mo3e
zof?CylvmQSgd~Y6zzrlUt#(3xbWbfDXOm&-HG_4HoHTEX**KNYP^tK^$0Z<j(0I{L
zSB!bIg5Zm+uxi0ylp(l-#r&WoMR^LOc;|M<-*~p31IpnTJA`%ey0m-!%Uh1CVJ#s>
zE=sXPTG{g#!l$oY8{$4FVjKy?$7VF*VA?w8#exdDHUMw?gg`N-f!darrtNf=t5_~L
z&T^hKQZAgmAchjen;9CH@_E=)daPK{hW)IXkv@33-8UF-q@pHj;yAr3hbasXa`V>q
z`-Q&>yp^ORB7UTe#E7K5Ecln*AJ$!5zn<S-|I(3DTw`F%N2{@Y>Yd<K%Nwa%xoONo
z1t(N0)zh4a7Fg;0i$H-n)DMgkbX~_nr#z#qGqS(S82d^|b)1(ta;pbe&;GgA-5ss}
zZb`*%1S{h=rXz@c!`YQ`m^{Z!!Ahz>$;9hJru>2_kHF3c8Hw-P^+y2lGp<!`ojtWA
z31p9fzNW!zF6)<Q99k|}#3--13*Hgm;0*5#EA12tl(J_+27fE?vR5!4itAgW2WW_R
zuiB+ix+~Cc>noVW<TTk1ic-59LF#jo_pLt&C?2~zG;7>7Vd&A4-3+8<FQUZd?K_a0
zy{yAbaw9Y;5t0T|#*ByZZxz?*m7J(M4^W%o<U+)rW}A2iaVQZ~(ze->E3Fr6VOKzg
zDDD^;6;vT4F3Y&|6EN2)@(WH`Qg@Qr2?*=_>4n=qVG(T~yL^~iBBJacQp|4oyFBqB
zIz$G#8LRPr65lojGAc9Mv`E_8drwNYW@BH1d+4c^pQg(i46pnQ?VGFi&BBl)Q$kKy
zwTwLaOG>6eRI1Bt*kS^4>le;(8g<m&Z5*}gu8!ne3ruw6&Enke0*c?n0bJa_qSB=9
zs=KT%ubi=;NC?P&#3`Q#7*ZJx^m~J$TNZJGa%LLy*YVUdTEZ)(Ttvo#o8NzC2ukI?
z!V0DO)3nyC1kT;>HXgUBHF#z4{G_@Sj44A>sbKXT%8eJZm{kOuoivO&fS<Av<``L8
zUz3!?a%0=#Oior0<`&wvE+z|m4UbkP*}dmg)GlBylbNrUi152YEAqe_wb1Dr=f31T
zr_@Op$N3QVi`TDhUh9_0PvZ1_e<l5Dp`sQ|L@)`T+*aJ_Nr|l8U?r(^VL$-TZ7H#k
z^;224jCqvDyF!T!i>wB{DyHPb?AGz00Ll4WKS*XDRU7PTH&ohSkLWi3zirkRj>^A>
z676W?<h#{!9S80W*752szAF;kA7V<{9!L3_6mY~>z4v=7b?xip#B#(q6@J#KcZE!q
zLok;6Y}e@?=A{Lk#(`bKZmFAMGItsRc`5(_tH}Q%mf7q{`_;(M5<{h}G$mAanP19v
z4#*>|?J4`S7Jz5)s48~@2Q^@%sHb`)D)&RdwdT;U8CXVRV{yAez5bJzf@L;<rqg{9
z`0gkhd+u=S6;^|ULKKubkv5#-I&4PF${-XNMjgGkaA!XJ`ZJt2rMJbQU|<dXT4NE}
z*tqpIKUMFvoIH91;zmuSau!o9RQ^LfK~{YQ;I=5Zi!S9c`a?gR=aradQG+95YpDG0
z0~`PwkY-XQdy(u0lvgGd?|l6*;BLli7T;iutgD+G4TEEdpNXcMgp9W>d~glI2?_@a
zZ~~@kfzYxB#PhwIPl(T$9KD}zdMqa&Bb#7hOntda1>p<TR4$0`_UN_v%x^5>!`-%o
zh09+f@?820|4>$6kG2&aH+c8>fM5W*xFpK?nqteYDfBN2bx*P~rBCXg_ZJ)5N?k6W
zF475%{TW56zBL(^Q}(UI(^*4F$l$!taMU*+te$rjf7U=4xNp9mx(@3xyn9A&!vBnp
zD2Usw@UzU6B|5i)>Rxx3=;ByT*9<UrY)2I~C%--F7)Q|16hS<XtkGCYnpNNTxpexe
zAG0k;=52;myM7t<`!jiK?)ij3HE-=}9(K>i``{br_Ps4wCa&!SsPo?_K3%0<$hO^i
zTssf&RbjdT<auF#oE+jHFy7>N1E$UN+h_ZM%SHJqX4G?ZHOFGp2HppLC-!FTNa;;*
zT5>W^n&uaFfq;mVgAyupf{-u${AnqX74n_m6!o}9M!wMZ7vGC?fcrD>aHSwYpKw{W
zd<So?9Qm$g*7w<xFb-)cSUbT$8xQyxY!KPt2>rad5SDq8IhZ$bs}k@lRM7b+rid*{
zVS>oIoVLwH!+66D+l*iN<%S+`3J=2IVT5pKAcQBALZfQ#Zh2ms)6?Cje8vl)1QjVK
z0rhkHXO=-M(V<zbNt4%|iX33IXJM|%tzMAxEoCZ<5blW9MDNr!&1LT@c}~aov1qSn
zjLMEjUpWPMCAr#)tUK7=Q3#0ES9^{B@U$*t+itqG=I90X2n)~>+obd7<IPkoB*nTP
zeFSHU+ZBpwLCR`~4BsjzQ@v&2H;Bjn(V2&yTfL~d!T1zqd-b21*d6D6Eb!@=z%Lr-
zKYde=t!Z_-j`z#Ooj0rvbTF&j$VPd<>XlF#-O1Cs7OxF4-<n(=E9cz@U}~&hyau7}
z2CHA09@er)ko!BKs}f|JYxapCZfWK%Fa~7?3WM7Bt2eOtVrE+QA`fiMQwX@mOl^xJ
zU|&eYu6|yFY-(3vrLkvgJ@$O6|3<JtWXsv=SuTv{BkwHgCMuv}!UXvH?5uk*5u!`5
zF1&%Z4fU;fsY_-yA?}EJ6xP2iM;BIxs3!G4fQ4C=#MYhDwq9!$b}&DS<y^Pvgs;lj
z2zfdg!Kbr2<P@{unIxLT4*8)_O^+m!f9@U}3}g((oI?Y<w{P8qh!%=(^=v2suLKD}
zs`NzsuaF5pt#j>_O;B+t<4$Ha0+ZN+^23mj$s##sy`R%fQ$dRsEbfub5P|5=m{-{p
zdn=0@-xK7U+QL>8W;2@_w=C3wZI?;2{bhBqL353ab8?W-e~~lRvQ2yYyb|Hy#H><|
zTS5te(xz<tJw-_~ocS9R!t=mGUbIGaRU_yHJrCFYevgPgt$Q8!Jt%@+&*od_5Pz#!
z8+Hfof3SLgMu{U;xsWOkLxmVJ0xWY>0bf8Upk#8hZ3aPB{g^P}znPZ|MY*x+k3@Mp
z`^dqM_|ivHH$=@u->CB`UasUMf^CP`9TJ?7B5sX$G;@33;yC0dT{o!&Bb5&3Q8bUG
zSL%6zz<RIO$<r^Gc`Rac?ar0y4uJaGm{Fh5g&ofVYYNn~7?o(+!<xv<LcCzNO&Hn!
z!WhrVq%hTA@zjn2h}4G;!zC6-&$4-2SA24<&VJT>L)kFYaaZ93nLMNE66<OqN7X+_
z>TNa|tcmPqACz5r-X<$N3pwk#ToZqbK+?L^plvAYMh5^hyO*FH5Q7B67{@kJhp^B{
zyH85rekUaTG}mT_ZyX**K4-mytvJv2l`<QQ8d@}X5H_L}7S@NQN%jE!ddv3<#inXe
zhhZ)K1bFHfJOM;7wPoWUv2-%d84k7Ymuz20$prk~sIA5s+>`<zi7P4~H{qt+z2w*1
zqoX6PR1yU|aH;IknaT97{R~7seJ4i^jpnS4e2(V~RU1SDNea~Bu_Wco+gA<>r!IIz
zcS&nQv5IQf;xgES47MBDb%BghUg0AAeSB}Mtcpw;j-FcialzuOM?2nHq==mF9t(5I
zt^a=Jug-r<RJM-a(-3f^)8n^_-3}?NhdJhJv|eDgZrFv_lJ++{{njD1Yhgox;&!X_
z(X1$}!Qij!x<a1MGS!hWW*?PjJ=0_Y;SWL<*_)w7J75tg_PIFgfZ-Z9PLfg)Kpq2i
z(A^jg@$hzdmmAFrL=rq@`byD5#X8_eP+LY9|8Js_MirJ?GY5sRD77(!h=@jpj~HXp
zY{mq4TO4jt!*T*{iY>DWAERkHQ0@qGXlr^`Eop}?Hs_owa7tljz8rOh+Vrh3zK&7s
zR&tH0osvzP=+KH3J;nsS9AZ&nCc(E!i>eo$uoQZwDN05PrlF8SM^Em8N&Vfl+Ouug
zT4G`L1KW+if14InheO~Ei9kK%Co4ySWcK$oWBMX?g_o7?e$z&Lu}C(!sb}iO@IE9I
z$%JfoZ?Sqt!gIeQ4|Cqh9obgpUD(U@e2o?kIZ9ryL7+kCR1q&OvDow4#bfBg!*h$@
zFzWy<3=_mD-AD5zgqDs{o5)L5REPaih*wR1M_Y_luUI})Y{y-cWPRD@H+}k^*kkCg
z$Sjz@J80rG8yT{2*~JMhbAqG?-M<Snh>qd)o{5;6f0}XUfSj%3H6ZplQNkY5`WC_r
zt2`bw?d(4=rmiIXq;6C(3yVv~Y76H7ptP!liEOTQ{D6JMG#(k0Er7J*0%SShl_q)6
zv+_G@6_=sIFZ8}d-T3=VG~fC_QYB7F!Dp9uCbO+pyitf0-1_ehYhGQ*uuU6B@XF=Y
zgxpa5Tt=*LPEw@2kWpJjudNv!g69t&2%WM>N5JOzQXUHIc$UW+lhoeK3NhVb2@43!
zhC$>$AxS^Q9}>XmBS?Uqkr59vKga)w1e98MLv-Cix9Y|_3p^Tt&0l@!h3Rf+b9kS5
zn^tEr7VDu4gj0#WZCy86f9`Y7^tbzX^5en@(NgT9ObDtu8bYC|{(-_*^SQ1R1O^5w
zlZT>J%VWy0VWa%2vLXKwRuviG_X|VKKAgWgajRa>;#g;__5#MdC$AYa3A{-CG}5W2
zTRUyC!EQ*XKY?HkK|F`D=(jg`jp&^>LV#sT{o1nD;T0sUM8MkpPz{zTlja%JBfVRG
zOhCa+<hU|MWWOZRF33fDy)+t{3&e6ke5YN>OWX}tKKnoZ2OFXU?J2lY7kMPRv7Qv@
z3^`u~20j04EgSsVfFv_aDYoyYSqwhF(DlBQ`9F`i@mflC<!`P+qqT_UA9Qfv%Zg?Q
z2t#*RfjLS6Z7Bfq03hUF+b>dd#zN8v=<9DP_=tGXA#`T4ZKJC7`oVub<)={P0lyhz
zkmWc*CL+dijWD1sN#xsYO{F2?k~HynOHzc_4{Wc2PPO{<Yb78zuICFAyEF}qd%Oh|
zc%J9!5A0~rd`<0HRm^oxU~l3WnJI5{^M%3RD9k;ol?z|8!xznxZ~Hi*b@_&%cdAT9
z3tqsW&~<WZG0Ok-i=v<I!!oN?iWZ7o6cdLm6PFD`z;K-8(eo$%{#EkcakXOeEDm`k
zuz5tez^L5H9Avys0ExRbE=<%gKzf?Z*Pe7|))aW}@~qNh6>Ktlx?R|!zhe1DF}kN_
z!+EJsKw)Vo4}elVY|GU3a2UdcPEMS#K!0@z6HoK6<PA~TbdSwi+_)6w^Ob)V5+tfi
zgMhe{Ge{II9MQ&vq}~Yl^x!^5zcbs+=nJId5k}Dtx4UiZ-ix<e7IwLqM}e1E8o$pJ
zde=6!9VpEvO9Md_uxJ?g47qa2ACvwTI0r%2pjTi5K-mpFNjH&nQ0NdgU*@u+`6fyw
zr8;1$^{rx^bGrq^m0n~Jxd{3lc}9<JqC*Nu#>bPO?#*^;sfP>C3Vxy1G8g-yFKQkw
zZZxzVH&h|`XUwyi2T~BBF)|o4O;hg1Akc-<Sbm}s=yy>h4nY{~euB9s1jrGS&`el4
z24a_q6{6(5QeA$uHBr-CVK#n1Af~<_F>01dZHJUkmGkH7PVET%m7d<3<kWKW>E&ih
zAnWMXR+jdG+?UizoMH_8BOc$GgaGJiJa`!AQ;*(+KPRcW$x2`r(f^>a2JvfxP;UN(
z!s`8f(;va9$=xhX&Rco})cv;Z4v7)VFbIc{5RaO0G`MQonwslO)|(BDJiYGAseOsh
z;SHJC0uKZ&wx0KQIWm;k7hRt2T~P>G_jfN`n682P*e8jX!5q<zgR8AUYxpF&PpWdX
zhYTQ;UbieARz^n|**y^!p$T3Hq!8XbhSnoAGcjNqs`OKFUK>EYBDik1^e{=?sak;8
z5(ui}7Oy#aT234G(VwMDMpXnn%q;l~+V6oHpPG!7Vfn4Es)@UNaTFO0v>o;9ZbjuK
z%dIi{AtiPXtMlW@DO;$%8?0d%jR^?)a~^9B<nKm1(uSV{)EEx19CBhi+@9)@_L$<t
z)O27$n+D}o+fkGnl@C-wD^zi%3O3N)ucov_w0T#C5<a#xo&6T>4Wb$DYGdyJzh7;3
zSP-IKL=`+JKn&N}F~qDEKrLH%f7U2~xftWL%Me)UQMG4HI2#K<0)<O(FdYKfEA!%7
z-Xl5l2er|8+ZGlba5`BT;rGpQDh6Sf-Uas{T*8q-OPBm6PF0#UUgM<?Hp;h$e|L!5
zVf>IXl~#ZIH?I;W3XzH0x=66(V|2n2Hsnp_7T2W8mD8oX=k|84_<h1*D3OeY6y>0)
zs`UUhxlrvk2%+JZx1z0~t2sP&0bd2su9|}(SF;eDXxda5C?L-hab~#lK<>T(MY}$R
z0d|Ga+Kda3iuY3~1lTL%fc!U+cW3HT<Z=SGf<=~~OV)R2OhY)chocH)!7cs%k|Nhl
zMbFTI;Ta?(S2l5whR_~l|LxIF%6y23ssF^by`Pe2>+<Ob%5>`~k0cD2LS_}VNl^Wy
zUL#+K#kj|OTmV;(Qxi9>=_tlGdEEtt)@~F^1e7&qBZti-aGUFC|0UFWa8NlQcIkXI
zYZd_~7(ie}e3(J!O5BP3Jy}Za-}Pn8nFUUkKdB!l7;KC!ItQV_O81e^$Thm_mUtjm
zD;0@&jGFe@y`X2^v0Z+OH9WIDuE3*c^tyz6D#C-^(E*mVTuISz4fg>3wMpW`N%e-&
zeF|Ec7+RZ6C-_HUs<@rE>U`Sb1Jx-OLRruVf*DW2*ayw(Fb9N{nlJ6WXDwY7JjecG
zH$@jHN--%)B}!||Ad^v@M1kW4;U*^DR)=dwGF7`Q7N1K#!Kyq|AD8iU7rlwd&?QNE
znyWg=&i*&uLOV@0*R58m8~wc)BuV7nb4$J%jHh2`IIKrew4r20l{)-7#IXkq`ZL>E
z;t1qLKfIwLB15>ZjmN(>xTh}Lk#<&3qsqSC!KPRp9j8OqInu<aJ}1bmF6;$zI@8|D
z8M_$&TJ51-%*O*TZf;Vr=o^Y05<LINba1YOn~E~Ry*7`mPubKQ5;oha^)X^poD#Lp
zM@KBHT#VC(Qzs!=R4a{)cTkMqEN+d}Zht4IeU|eha+JRy4#w=kT*Mv-ibgYmkBxvc
zA~^pt>dUZlkz+rwx^P<L%Q{gv7L4p7lg7l|d-C8V^WX1XgK%wjH@fNJ!}b0E9bm8#
z9+?NZ?(V}DL#JrMR$Yq0Qv*WMam-t6A5QhM{7k?pJA~*<rAzcGuL{IyHyyC76&e^a
z`*6NCgA}Zy*$!3g<yt7;OQ&;fk$aY{W*GsRo@@R(6Z%xbfV#>K8;T;1u$Sr?$QC#1
z>>71PBBLx;z6D9JghPHpo6~;akh?#WiKx`wAw@^e_*88}RlKlXgf0AwTM!({i5MDQ
z<TSE*M}!ErkyU_DVW-wNkB$53XcFM3jNnhD0z`g$y%NF>c}0Qgk3>ULG&RzWxe94D
zWK<zukt^Zo8K*#3ps)i5z!XvJU@h4de8^Hh+xn_u_2^Rpd00l-tl@UTq9zxH_K-<B
z5b{hfOmK4>+zDvr!}Fljl&9MP^c`(CrCfx`LW_#5Nzw8z78CLRq4xAMafzYC#}m_S
zdH;m*0z=0UHjcz!d-qPFZfx=nt?%kt8)CxWUO%S>CDalC0siklc0dhTY;>}d!ys+z
zG7592iGkDxA?9_`#2G-r_FrFHm*DdtC5ZJ^j7OQsD(?YDiQiZUH`De9kNd~n{$6-j
zfHK;>I`g~&Dhps?q+gfG$Lw_d%9Gk7MkvDsQ?xDtf^q!EFI~~r^{!+CE+`YcI`736
zhk3UG(`z#TuUIh;oP7zP{04WfDQ?$Ki`TK)GTEV-Yz7;Bi8E;r&A}UhQbK*a@3$*z
z*?M$HSv-gdw1%JsSMIui0{Ov-ZG3^ZI&W~`L~r2yZYXM4`WXwe$Zv9=Rm05_*|oDO
z%4kvG|0<EiHMqeH4ZG&2jgfPm>8Wgp8ZI>K8&#`tL8pc^fU)huzVCQ|6M(LBq>X>s
zZOz0WkxJCfg8@>{x1em+a{g>59=o>m=U82fSqU4<g~U9WebQBN^`ZOe6NwhLiIWlZ
z<Jf~V)4VMt!T;IgT*&*bQo|Tpc6rn%U1MJ!XQqN9xQsQ9pZkW(z+nfn5o|VpsUI`i
zS@u87fp0kKf}R>7=F3L1VQb6^)3U=?go#s2w?MdwTMSRGE)UqIxV1Rrm}%?cM`;hG
ztQo3OJY;p)3H{lkrKeU3TlDvHM{||2uR1Zs1vGJAnLydb&oZ;W5`hL>zEdMB55Uy9
zHo)A9RpWlm+pDZx;;Q#gc!^SfOK(95rO0kfs-tKx@58?o@J%m;{V-zf4Pc)~@x4gH
z!jPOel-=Y7=T<d9ZJ{(T>c^v`N-}dj&z7`!IbzOESoJmtC0<%>HN<(zBbzcpT^|%m
zA73w)#b5@EC<;xLR~Tw|6rw$8p8dS-51CXIhvwB?TmcUsV_(xK02G4zg*lfAt=!w;
z@)IgptZbN8;r1ch#&ywN=+O+P-pt?weCt=;^#)g?)JHacsw%*6iY%!%bJ}H3ptoY#
zipF7IPs_c{ML9%u^dl;UQAgX`)V9UNzyw}_+gabV>8AB(0+(fyPK9BJ?lgi+?@>O!
z?;@I;w%!LqN^%~S1cDR_TO9BZ${rvX0dvm&**;Z{k~g{QDLT-k6KdF)DSUXIi4fzo
zaEgecDeb|U+?4v3j4hCu#tUb)RNrwB2VD>1WZBb1@h>LmY`pQ~@gQCH2SpFZvOiKj
zT<jCa;Ww7O+0^*oaCFx8cUg(NA(!wKQijafs+Z(Tej}Ip_IZo3ilckX=amXsSFk$2
z65w$?-YEb<w!#Y8vDzV<2@j2U;HSFLt+TCdPvf~%s{1Vm+}@v>xOZCrMYA|)su1O}
zMopiKSPiW~(}m3*mT9_ri27!K6fRCV+K5E-G$KO{Q?j;Bd1Nf~aLGz(BXe}zr4IHc
z&$jV4;<+N$6xixcj<7fV;;<(KxGoA2AXx(p0mu1$?u!7BUXxcQi5*}l+*_CaZu7Y3
zfa7hfN~c;D5#J%k#9bUEdVWZsuCbOz2O9U>+xZyHAt4u+R!^flzk|iD#H=!5eksq1
z&zSgPoeJ`@GWtR%%3@M?crbAn7byL|a9PXEm}P!?cQDPPy%KpdcWgRnN;kt}&dQ~9
zJ0lslXwF#rEGyoegY)ZK__kN1o#MFpb1D_Yj5in;JymlvG4L&D(*Id(g6W|(Dda9V
z#ykaP;JZ=XIOpvOoEAb<iEM=vQf)?17H>0VEvHZ$CNj+68|S{IU3={f7V*OqP-srd
zY&pY*B-@&}jGf_|)_TaMp1Cm=sFiwkKuo7vrRj<nk=FixN?3hP1b;$MrDj8Nll))T
z_6IuM6Sdu=x<#;DqyDOhOjNrbyX?n@4}+C2nR4XC;BUt)FmHs2^Gy69%Fanny+~1-
zpYuW->g5}}sk}v`Ac(6#p-SwK5JSkDb8|*fEN~dG_Y#%;q<HC9#M79gUg%U8{aEAN
zjz1i(k|y0o+;gdFu@>n-^&X5&TnH;B6A5-Td>8bTJKtfvtlYO`Yda>(_yP$3SdwAJ
zIN?o93UQ;N*!1w5*Y|A%(bHk-y}i;iroOp@Lm@3&JS$N_pi1i!_~XG2LZ5)u+68ZC
zj4*=ti|Us|x0{da6SP<b4TRB06lhEW{FU+)I22ilnTT$B|J}f&$VFw&nD4A%Wq#zb
z-F^p9*QsZwKx}NUl0`F@DvvJ<m(Ss3w@Q1JNoO?*bQ)fMlW4TPpNUF=lOE4@wbHW;
zQNfLjqC3E^@2ssFa11>MDal(Q5EN4?ZNs~nH*C<h>hugxe3sgTRq>D5bwTWM&KsC=
zrvJ6IoMb#5h<PG;{VZ%mK35EFW4_@i=68sINoXBbA^Z7liqXRc*GNZhj*?HOEqX*&
zHE#|MMOPbl>#HBGZuB?aSgk<Z=IzE#iIrp*V!u-tQ6wdZ?>I}|BNLHXJVM(Xn-<{o
zzIC_(w}q2q%O>4fS-P%R>&6j|xTgDoRb!!7SDWc4>IHcc%ccJJxtbNiQe6gy+^E+1
z&rUZl5y%W-sR?l#u_6TPqCXKd3|YRXtQuko->t*B*$t{Tj4}G5aQ`Eh$1~u~9L=^o
zmoqncBFzJ@E5yek0{1r>_oBfrvqN6NrQnz8rj2DsV5!AjB~siDi+*Jk>5n4xT=bBp
z3mb;szX^8%lvUI8h$Or9y5Pm!$~lc%e}#=cvU?vrcW;}+S+O(ObQ4x4rmE;Zc7Kz;
zccT&Nj0JdUx=p!m6e4BK*oga&wc$gXtEh7wsSoO8cb8V{*Pe`cN2G@C2XS_-64G#;
zE}x?$#lcduia~Tf1OncRO16I5_tYM#SO63XhI)71-~i&`6hAVD)oJ4x`~v%~O>0|e
z!9aO$&tY1(jn6;EcUDnl(FQknoTv#8;~$y_!KDKpY%!NG;yICT(5Sm10A{X~ScV73
zVR6r(dArBDB;YluJ|W`wu5Zrc^GUcWu;awJp3qwTT$fKz-z8+(gvmn_*R||#UbQO%
zA)2MToP>s}1nKVkv5m&iin_k!s@HZz;M8!hQ_58`pvu9T|2=B_%woeit~A{nD~#5&
zGhZ5oTc|i-=KNJ4O`8ySiAZ4d9744Y#wFR!4+z~X=qxg%4032oO{Y-l6p=!lJ}CFQ
zAuVpq)=A|p4c8eJ5U`U}1d^IW65Ca7X)Hp=-{zNBEE6$h4qy~tX0Me%NZl1_bLg>x
z?DQ&~ZVOvpY}VOkv1h3R1z!U)!+s=2=20svxz<6yO#m|sN<uGK<l$0#kA(m8aG#~8
z%AAe<;9#rFZ*(M>Ra1I_1Rh~0JD1gGvf_%o@M>V1GB?KIGgE{tW3n`SRA=uq4YB}-
zSx99-AeGAT5H;x^N#BXTHs;CpNDFvm5})<7I{1cU7Qonsy-?L{&jrPO<{D<002FLi
zL@E;|XhO0`Ky`>a3IxE{BVRfQXv`mDZ{Hp7^2Q+BxohV_@yPd@uC>v+FE|(>Xp1_}
zj7t~G_3M$4q&25s+)nVbjqT>WpEqbdzLPYI2p^7n1KGINQ<^KJlucd~e1iS0kCc%Q
zogSK~k07b0C>>%3SQc++@AWvwC5zx231n!gNDz!v@`U46cWLF%2M&p?Ro*e}_t=41
zWO2S14G6D_ayPHd_$dtqTkc!!cIYbL$H=_d*}QL3=C)J0ZL+tI@XkDbr(LN$s+faG
zxf>sfRAH01r{n6$2FbP!>+>(=Mg5owY$_6oI6m8X0pfyNP3kXq>?_GgdG|GUC)*@7
zZXO8t*~{|v@C#7%hb`}S)jn35Oel;H<DkeocoJU{N53uR9w*f$YI3w1Ps7MK@C=rF
z>5M-H4mD@CjPeLMPF+JSApbHe&fx(yLJwm&Nh~>$P<YBShtF{V;O+5H)J)gs=d(`k
zZjfy`e{CwargD-B1p@qbyZ1%lBAVV+zN&`k@34}q%7MvrSsA#IuE7Ln1U2ri<6|W^
zX*6S)AWo)<Qg9#z4q`G4zq@HAA47bN1*ERQd7RnYBH(P1(v(PU>MO=30{7Nf9c+p%
zrp0@RgTAH)r9xlahuXOCICd5~uf494kpE&DSeUdQwd>~eFvOO}O6B$&0x(9#S42E&
z+9Gfr!TVs!ReFp^yOM2Tbu(B|_Hzm`p9ge7olZDN&<?_N4^wEfZF_V(trHNaAc5Md
zOo#XG4l{Z0o*z9^Dk-$s|G}gaYutp8G>DMjVl7p((;2Ap5P^OfLHk2Af+k_{gRtuW
z-$Y~c&2NsxZ8*O2dhL?#F3%7QBeld35E|iMeG$LQuIk{m{avC4k<VzyG&)2A7#_la
zL{*iGh0W_pr?g5i8EOlw^)g7*!4Ih#vBE%06(bahA1Y{!!^ht12uqAf$Wq1zgd}nw
z>a!7<MRR&iUrB}Vc8tcc@uz7cBJqSOL}qj8lcBn^c(dcV<{(PYJ8I4gaB2Iy6wY3b
z4^Q*O=6*HEA25Wapz1cNCCp2S?h>eNx$r{63LXx!hW~u%mj5X@9Mv`j)8YGm%#1BH
z7tQJv(PUM@N1iLLOu6(8_=T2>!QRy=nDJbeB99)dn`eA_J(s0u@xdECl%d__p%6R{
z53R}Z_i7k0EcjT9c#153U^Y2WI+Pq1Q8<RgT_BhUCd>1_m_^)&m!~?j7%*`<%Lhga
zBLu=z(8fe$wBCpx5PQ~wqY$d4%DHN|8BQ=Yz_R)=tE(df-Q24azY3n;Q&TxXK$b>z
zveofy1HNPL5?J0K%8FmK1W};yuqM)vV+GZDre4jm<g1}3QN4>PKVZe#wW4gwxxo90
zuqyl-u8)(gMYBwp+oIAh|5YB+Zq){9*Eb6I3sk3sEsWR6r}?@&fqq>G!NFy8viZxv
zG~&K~RY))D+3<wnnq7YhUoozx2qp^$#={Y{$>Ra;rA1Apx#Na&g$OLWrT~fY5=9AR
zG-S-_2<SJuU~mKWE5Gwu2#%*_{?B*CXGW~*zD`%G>HLgrYPfeN_G1MWr)5#RY~9*U
zMo{bZ7tPbYigp%}j7+9Bi%4!y<M%FkM@utrlkv72(a(fBeeU|5Tuo4oKca99GU>^A
zG%Z`CGM+K}lPr_HA{l?JY*Wa%lhDDv3t2{e&8(=jlm!sHjfDBJZi<M&{(#N5P-ZK2
zx6nyg-f0sIfkJSV@KKlH3LSBDYyD#H@bjdd6NDS7eDDd!(I^QS>M(N7(9H!qJih_8
z+1(7-sMsBtzrY`L=;EW<Iws|HHMEeOiI5=z8|ck5lOw6VYc#qDbCS>+|MHve4q0l1
zFo@?K<bjLJz?o_kkmN=_A2|&xnAnanyMrMt)=xCVdl;TpQ(^Rys4H8lI8rK2PzESH
zH#EArV3~vfgHZ%xUbUS|o*n|5$xdDeHR8lOSJE+}-#2MB&Ux#P=3N!1r_2Uj37X@x
zGS42swdvj9Sv018a0|NfbCY%($Mq?YL`AkCAlmRYD}Hn2!cndVu83(aLq+jK!(^M{
zb<1sZiI-Q~d_dpfd?AW@?0a(-*D$W{k86ec{?lT94z1VK*vIS<KPikOdSMHk#)h<5
z^xHWcPWguv8{KM&W8;Ej;@-1LNNSQSgfs;10YeMXFNTr8ClKpI@Z-mzgpOnxjP&9X
zMAn$OXcWCDjS>hv<@FeYiWev{MVZqkoMV)AX2F_INUjDLHqXdUH9`dJ4gX@UO6}F7
z>VdV+v9?BsIMQMIOiB}5t9+ma!6xH<v)DlG5ihccwNzDZb{<s3kf%JJ>)GExJskAV
zm9C-PHYT~QD;3rkhsDDsI+#D@X3$nGwWjcuKYJal@!VEs3=rf|$sA<I+fuPz^zf_H
zq{-|9=Jcsu^rZdwi)CGTkngOxmY=r)Fj<0ueT=+jJeY3PONzv)Xi<<)6m>XA5dc12
z{YYLkU$s}DX7=87MaONi7pT1_koFo_JaC7Pny8>K-vq}J7Cx})T@G|~wWaMo@20T(
zNnG@*D7Kmla`?H9G=7uh<QS+%h}FkTCjbs7m|%$Mx&9R00>cvNwi~(M=o|bN9ro?j
zQoqdQTpp2a`#*oj)pk5xCPf6>xBg_MeR0(e?}2F|#}rDz70}8@el{^kk^;w7-!a{b
zM}Lmwz!jrpNxI?A53o;ZX+P2FI)ptEddmpKV6#~B?$B><w6=M@Pk}JO`0qXquM>i%
zKSVA0*h(?-`>&d)Noj{^P)Ej#yWVpFWNHFOk@lb5BFL6;Op&#W2)8ahx2#YMk5Vs`
z*fd?aRCxA_ZHx=`0914|<y4aZ99=v9O*rC8`jZhwwDhR*i!Bz?72ho;0I&b(+oN5@
zRU2LO*~tLnoUX-!Qb1fBd1$qjc?^u)lpq2a55$AO#MX?v5Rk(TC7?`6E*xU*97raN
z6Ql<{4Ig{KF{gx7L#JB_b~v@*)`dYe>xmMCgsZ9tWE5uipe0VD?o9AaLPRTxLz38^
ziNCh_CGac3L<h{CeW7E6Lt=;&ENA8{c*xl~$0d=XTdz^|@bRe5qhM_Z)i)5W>MM10
zK8Qb-WYZGIAtS28YtTL;NBMmVV&iO;-nvE4H3ny1qg~Klo+x$nX}I}m+M52Ju&Dp?
zL-!0&@_+H}ClX74Ulem*SF*?qfVm9Cm-UP@#_6M2aFKx=7`fld9<{(U5pV6o@8q0g
z!WJM~HfYpCrS9%zJIYH)fz<lfjdnaR3S@miCz{zV!4u*K0qQo9X-)#g3Rx^Rh&Am8
zAfOQVQLW*&-b(F<1<TVu70RC+%LhF19G<vgG#r;PRRG(qQXTF65D;-ln74g{g1SCc
zD&kyVyF40g*p(jy>`i=c2y9iE64)G^@Qe~6RxJUJZz2Q$Zk9$NxDO_B`7IXe@*f+C
zJ#Ebq2W5JPtS;!a3{7<z)WUD~#k$xUs9apTrhYn_gl2v<jVBE@)p05$kwPY156Lg&
z5=@M{PL!g5NuLjA`dM99<U;r<S4y}Ru6L7sR4<)BN2$FC<$Jsjh&c~wCN5z#iwUYM
zOv8jb_W?S8?L|ZguhhaZbYdIS)Iw6tM?!|u>&pZcw0@S8_njh!k;T<?nq>+7q=RAv
zg#7FvQk_ippnNG4kt&SJ;7z5kPt_nqIq*`8Al)8!NnMi`o{(tOZsgQxWE&U}&M({K
zj`OSRk39!hN`s6uRF;Wbnf)aQwfUrC{E)P4?$v0M&}?ub@B;*<j|D3Y_PPBv^8o_?
z+p6+regdcoVH?zl<H-+$r^96dgFdt%jcrxuPS=L7$2k0k{Dw2OpH_{c7lHZ$Rj#oW
zNP5##wYyE>s(NNQm;_Z+avcFX$8D^VE&%i}3$i+3IMNrlc99MKB=(X=dWz*T*n?4n
zQY4X!Bk!i<`MF-GhY9*S`o^w_R)GwqEn>RMl%SRD4*3C+8ib;MJIyg^Ot`rZnk~B3
z3H0zlx+6bKu=C=34;wEhPKA5kc&2g#M>Gr$=QuP)w`0Wlr0!|UX6ns)ZYhkZt?{fU
zSOfzlaG&7DPvEQv>|zA)L%{vZlMb$fo=F>2m??1uOzdO`2SGp+!egDqsVS9H-kd@$
zAD_|ku0pxvP{GIBez>Tq*8^TOn=;-YrLNoEb}`C=<U7;uo_>D?__MDW0Bd{zF+k40
zk=^yDYg>ebcJVEIGrqaX)3o)0veo4&dc1-jDO7{m@_DOzliO<Q%WiI6N_f9BubEH5
zQrg=l3R+^!hPFKr_jpm+-JRXeOaC;|k?=p_XH0|rAtG$dE>eGqlguKjS$A^Sr`Kxj
zSsp@KBoaG)x2C+WVd0+{Z#=qZ;-xnyW-cqci^z9-iG{Gz6L<JOauyH~XRu=D^lUs8
zt$dqZZL0Mfw+v6DMDEXg88&VsTD?Nsgdj=@gKYZELyX_3kCp}B!I%&{AlEjr06oT+
zzK!9P&e*~onio-|sNZQ$pkvGIlU$Vu)gw{^Oa_Np@kAbG+q(Jyzz0B+fHlkh>3QjQ
zSVi8kDUX+Sg7`-TOJf{$j4WTIn-Btt&@Y@cANAF1J?+SD>G;`7Xo*MV7I9Q|ka?9x
z<rwVWN|Qkxx`}N!Ug>OiVfV1sDd-Nv1h9AJfFoO^$}aq=M{xE7eqHoT9n4h{^7iuE
z&EG3TTi-Z|_qd;G@pq)hI60A|#CM)U_w_*1N*>^DI-qRYI&$5x|L|WN)BSeSt$CPV
zZK@i5VPO&lBX~q+w4FG)`uN8fTV~zg*E^ddcXQ8w=TwTYO#%1>kp`96*`2hQzMxj)
zoPKHl4lAojkTz>@On>3*5GEV(Do#t+sV3z8iCdr9&)$6$9;veEy*k3x1X2rF-@D~{
z5vKx^JKrA(bRb9V0y8}W(?i^+ZRaG@h((4X{K6meB@<iopfHgP8(QByMTj>?MgApB
zn;1B<lx3_!*9-+1=hQQYjPC6JNCw+?f5^7&Mh^x1eBnm;>YegMBv9CT!K6WngIWF_
z41UZ$=fV)z4J9*A)&hQ{B|*dezA45wKb~KgP}+IgI|a%KaH?v+^AVe*bX!(en!Xp1
zkw$_D5r=C_q#TE%S?TDn?ohENL?tJddT5<JU1WH~6GzFc)l$||b;NZ%L}Ephk;}}P
zsb7JOIqo(5TokJDdi=6(AfiEro3er@r=2#&OU^^^z&6teJG)Ly+rxR71rT9WC@G71
z6hTv^ds$ZdC@j&Ze0ow8i|98o+Z~P=tiH1VceKuQ=pZT;SqA!GRz0|zY&1(YFMY55
zosk;Tbw1yyJ7eTZ{a(GQP+Om$2zpCq^67<#$T6fTTtI8eCl%z>?@)LhV+5fpTO*h-
zBPO$8g{Stt3%oNB@KNX1tH*T){!I89%7FJ{aqlfd$;d7j5&|}tjKAT#NK_LyK`1s8
z{U2lQmPl#jr2=`D0||)imU_j8m&`%}rduO#P5l|3x$74q8M2~PoXZ+){!%p9Q#dFY
zh(GpTo;<o{joVYlwi1-KUlpAY@&+7J6sty_eOMa}^0iwaO#X%T!CV=oG&=)6@KYd9
z;`<4Wx0byc&D|{O2q>YIa|!}Dt+v|qj+r}CVmikFL!|!%9g_bozNH-xl@>7DNXeJ?
zTVjV_sGwz8Rau`BF%p3VBhdoJf$XipZ*v)r#O4){o=^e3!Gy3b>Wcm3-yxjbEEZGx
z>#>=K!n4rE{6dnz6hx7kz`A0T+jjHH?EN{(UXsE)EufW}12+<2cgY1}Ch%v%^KT5Y
zavFcN0xu$RRfWsV$c4Z=Ro@eUXG|Q|`lN&zC~~E#7U}P~A*g^Ke>bY^;V-h;$Vr&m
zR9KZIujuwGdo6l0Y`syS_!Z9m8H@p}E^?23-X#WL*&Qpr7aO-6OpJ3ee8Q|ul+WEC
zp5e0>ckRHTLBckFLs(dTx!?gr@BD|(OI2I}VZ~fSiRXsp5y~=P%I^S?t)q03eAEuF
zCbsOVI76WP%f@r@mvEv?l2yc7)NeBk64qqGH^9NlNn1s|IZ)<BNjpI^)FS<c7B~+}
zD3rMRAv&yG5Z}-u^t?Q~D5r={OcOW#kYDGAI>+%j?zFAx(JkcoP%S9<D>`(h8u5;u
z6RjKLBph2tWOpFL8dk<iqk|TdcHHQ{8@DnnAERiOR=LaRWOlIIz-~9G^xTkR89!m0
zK`90^y-{!~xDFH@+(ZIdfaVkc+%9H0cpu|4hZ&h(j?Ou)>SGk@yV)ck{}MPxMFIre
zf5C7zNDE>EE8E@ceRELK-U6}SVr?l7?C*%--tkD6e;L>OX(jXmVv*`09r{f54f?I>
zIpG$iSIKgRDcU>RTUu|@*qaFN_(7_H(*_Z{mDk@##9DOUe;zjFqEMw_K@4S4o;J0t
z2O@IGC3QX&Kx^8p1Ot~_RlKD61)1WAoJyc_@PPx*-}LRSJWk8ySAQK5pXRFiQ4cSo
zJkfZ;>yikypQO>uuPe7_%uJwhcok!!!VI}SykbJDr7!Ukbph_sz})`bRRwzDFGi%p
z_fTj(OFajA-KsxZ;0sbH#b)!2YY1&Fm9Rwe^I`i?GXLf>Z%JL(_PvyL6W$8peb%$x
za@~r!lj;?P2@r<utnA``ZG3eNQVQnSUs*aBO)5A;&=p!RGM0K>K=l~82*qXG$FcgL
z()AmD+A68@%BFy3s<&GbHA(iBYLixDJtgL+mpp`BwF^=)3O{f#?*FQ?>5FOnp@rPp
zs<Ey<;Ds3-rerQ&Lf2lte6(+1msTci@bdrsXQ0@n4P6YdtR3eqM2}4F$mfhT@sjy`
zUUZff_ql27Qt~5L>#gH-2%ez&<3@3)nof<t7n5J{o`aDGB0)$o-_N-1sJwW;@``_9
znb%lOCC~S4MHRKnE8_;wO_jD>P_U7zCRCtHe33Fjz=oo8@V%c6w^mlqf77N)o{gIS
zRSCMK61-)Upvib{yi4cK>Xrr@j9xb$hoI7p27I6KH7{MYmZOv2zv>V}(F+CNywYBy
zK-LqiRa9z76Hs&@oKTI)Fa$W8Bx;KG>JPs>)dkODgP~2efD_Wq%3@`IGg1nob2il8
zabq^i+PQLI0j*?OZz{0h?as!sN}D{{Gjh6Sqp^xTx<a2e(XL7L^IMq%;UQyro~?B?
zzJ@B-{;qErrv&bQM($oLrhey$APYcVl%&<{@}&VhT8s5?n5;a(dRA$VWV8<_d!(Yt
znS$yS^d$J_Xd!bFRbG-=#9nt@vBHIO*F|Twj8{g$bBZ-2vdl$Ds5AK;xjzNil+^R0
zf1UnIu5{PSFf@)>d95wC!#>mFmzxqSkbEFq6&4G>aIOOqLz18Yf4l!bgpqrBF3r{c
z1**mdHlbgHgkrx!2~4ms>BvgQHiZ}V>R0%q4kg+y2Bpwhk^2pHr85TnIA6(4*mJQQ
zU2p%|N{lK)V7_2LT@=@gjVdsca_&+!EItaIyTD9)V<1x&D`s#XERSOV^w?<c$g#hK
z#Y~&$vd30Y@XlQKhLGyda{>+Ht~<X#TOycR-mEbPU1{6V*QY+Fe#a;r>0C$aQbH0F
zU<0dGMW}nzQ84R)GNkgL#T&DG-QdIkzu<mX6L{t}xA0?aZj%z}(^Nl}<TlNU?W)3+
zYcXI`rF_g94WLgb>SbA+7pk2Z?V6$^Iy|+Y0$heYmyzlT6JNQqQ(m^KtiT=Fxu_4V
zpzR16Uxg3+fbIn;wR_?z!rSpy!{vtV>pCdlwwB+U<%Pz8(OE-mtzYaBoA^2MZ97^C
zQ=uT67KrLWBYY;kw!0n?Hh4zj_(geWYM$LsO$+in$Pv&6va7-D98~<fxC^8B8>K;d
zLfr`-GMT>BerXCAS|)QqQ4tten}}5X`B?`NbY#h}GYnO1UMO*im+ljd6P#Z>ZuEZy
z(*ruSw1DveKd#+>DLkUk_8$ofmjAJ_Hkv;z(7~GnpbynuvVB!23cE^L@bSwO)4Sx%
zbec~)VC762OYnu0g_&Wb8)gZ84Ucuo-T(egTK_uradbr3bzyReS!{Pc)aRvT&hrI6
zg=Bt{13b^_^j*c&+4V;kDW$&`26>X|13Z9pGte4($&UAqVohMS%@jDX6tpt!Mpu7r
ztQa~4A5s;5F#)h1@3r_>o85;jxNs{%%-<)%k|d>`7;2-mtT-x<ar_Cdt{>YSEXzs7
zIjH<;A*d>Y7(8t+EKVxDKH9eug~Zx<6u&mX6v*wc<)`hz<bkVNAFoC=eG*VMoW85Y
zbYXeG?}~E-I7KBwnQ>&~pmVspNug%B{A+JdGAr!o>Mr_WPwkA`liiG}q5*sP50Xre
z0-M87I#NTYq&>^VUT$j8jh8X^0lL^Zw_aCN54t0S)=JpkCZV-}bRBhL@Us=y(553H
zQLE_-J>F4(^fGh5m-3MMrI#68$hm5Oc?Kp7UYZQC=Q<F#J#?>e!OcTwj`A}v2YOh@
zqL7n6(2mBJ&FH{{bG<)ApPSYRuUBxtgU88b35H0FiDo{*B0ctHh<(8LT{T<OpmRDv
z*`O4oMgKtAr6PHc^FSp}KiAgc5<WA^=cV$}CXtjZ{VHd7I)$cp@)VESqB2ZDOy!kD
zo7IXnlD?zls}p%Nl$G*-A={=e9nl*&s!<lwdvTW(YOiLdvCj=Lueu9}gg89P)djt8
z+yIz1;N;64wTb<pY}{L<fJj$Cd&Dz~;g#TTJ|qpFMXhnC_*h5QS-Lx);J|_&Eb24N
zN16@bJ==1C+5us<2~6r3Y!c$HK-jfSFk5HWPup+~L7!8c;U4u63HJ2wRLyE>IBxv6
zypxE6B)!5+x-LCRFlVyCDV;()3!fw9MzD)vH2%^*=dk4F*L-Fl;-*il=GVAnI!G14
z@JT&3>vi42r6>7oVL|@9)lJ$$(7abMKWB7?*1@DMJcb8|Bom^c*~Y2ZS<}GR_nVa`
z3^2Mc_d_5*9ZX~GOpTx{y|Iwj0`}eft&n5q4svw}CdtIL^P?J~fHeIV89Yrc!>PMD
zef^w=#Oy>{6%pB!W~S-1J}!V}43oS`nElL~SOAo3e^K`;7%?sY!7h)2eX5>?Y6l*c
zPq^rTgZLh#f}kd8*J-EX@XzGhVorCu8;1K0Grv2Iu^wwtK%)}a17nU{wP<hsFxpWP
zJ=P^E97findYe|6i6mH_WaHtJQLhBg#2pT|Ww0KmpTxqpR|Tpj&tm=KDdajsq7<%v
zF%fUy9ygxCQqB`$xI1BieVZFt9mLx~VWN*2DL!g#Q^H^W?tU`_0lAtO{p9UFc^H$>
zR{`3ZxH(Q~irmr+0ha67t0x-af4;xW|GClPT3){kSlfVGjIW&O!BW*?yx@Wh;Qsrv
z@!r&zCkHnIwpmEarI>Oe+fRL^sfjHDX8`_IK>`pK7;01&r*N0@1@_JiEgh&kxp^t-
zTjTV!R|n6~p_Ehrq-E1H!*DiuDt5&<r_3GmP{25~-cqgD2S|hy_ifW&CTOOe=z2wt
z5v@lkVkM+BS9i+Mc&u!_b{1Lwgy(So88NX_rRc5&h@d0@Y%+s>iu+mvr%d8xYhdg~
zijc@iez5!vG04Z>Y8Re#E(`<wVbpoD3#gUTIL&|p6UCpV1UARFWW8*hknYKh2A1by
zPTyna^Z*jD4m4I+v03OiYaOJuSL6T?Z-j|qzUc+Y=L0m;q{&Rhs~MH4i;w(Eb7E0c
zbP?VtLjAqNKp_K*<wGwK$v?mFZh@j0!3uheCZ!cr!<*e4K#0VYx$~I2ffj+j)39G~
z6Rj9b3$lKZfr`h8r$ok({8g$x2|lVr>L^atP)&GC7;N9g(%i{b>nKzJiFM;f@QV51
z<6ViBW8)YqdvL!_nwwlXjn|b;58S>(G|94!ivArxzSKxS8RlDrt}~3xHh|dhtY^~a
zK7k=IjnGY+!Wl*kq#3LI+2yU~*sAdSWpKWu!}KW-c$A`s-H&XeDz-3+o!xz;)Yr^6
zC$-nM9iNre9m4Cb<J+lE+@^5$kF=1lkzZuyS+*t#0#KIxZ@>Ffn!@GsG4cv=G<K4V
zXWm;p3FTuA@&l&E(k=l8<F!{!C0yt8dRPDqj?EyEY<`n3RepBMg(eS(-Pn<lt`6VT
zYKmy+C_B_^a(c~2wh%j;hMu_y?5VVLxk|6EBAJZ8BY5i=`<<u!)Iu-WoQ2`u9dZrl
z-n0@4oox@I6CzCL`(Z=+gxXIv5_17esQ^8|e^zx*d-2vFd4p|s9JWkB86b(KNF}8M
zuAPK{4PUs|o?ubu(<wXSlu%^PXT7gk%pHYIk^6#k&Jf+y3m<+}VC`qRIi~NDy#GvG
z!kgjbBl@YXhW5ir147;UhTtbrq#PZoshIiWsUk*i-_tZ|Kp9JbY-q#0;(=GNG&s?^
zD|H5N+0dV#$+Bw370P^Ao*T4x4?`%}m-<#WD(km0QXPcr6;}%G8l8`f>rFnBVR>ok
z2dR{F&<keF&}=BfWCMd{a$&k>*QV}QZnXUSpV5W0AD(VjTT3-#SlmY&7>}Ti_4bf;
zxkI#?7QY~Y;x;<PZ@3YvLc&||@5#+5DJe_uz}hpLXY1wO@TgnuqnzAA)OY%sBIkGA
zL_yV<ux!Y1D4cV|UNd-7YemQ;gf*{-7Z3NV3eyW!LuNj}FP-*ug9fcLImx8#r~q20
zq8w%!+sowzxonR1KL72{6olFk#0Nm%YwF0An6B;47_kllyA{Od>Xlg2&kaP6@`e|R
z9i7`T!+pIt`I=Lh6lG-xLk;^Z8Hnf`DtnY|WCLsmv=jKw^PavOWF3fNA&o`jvPtn?
z%_7b8u~gb?kk`Tz)eS8&U#v2F|DdF5X?VHR)e1*#+a~Sq)QNx>Fm7o~Nuo_63L7;l
zCEIM-xht|y9w@DeN^4UG{#`qW!miXNNyqr&q>Ifjt8&jzBm#u32T?YWM1a4Dyqkm9
z+E!Bhuy(|s`R`PfI@@#b^#Ee0Sc~Zu;=+9oz)Y_(n2=GIMIb&qG(w}Ya6=P-qHJkx
zLUyHC2=CG;hy1_Oa$aZ3J|`e70c;dp9#x5l27(urNdP$~qQ+geaXUnx3YEEdPLeF4
zr(B-xl!u|g`Bww`B=mMMSW2V<91cdIDPMiT*P<+->GwIXJa6WfcY>)WqQWi4`;0Ao
zxD<xpONq%VdP}a=hh3qO){MRw<p<bylEML%NY5u1<$t8oPz8xc-fLjM4*20)wHv4u
z-zG3oLSRnN!ElmXn^M#k`<SQ6HH&KPMnOB-RcX-JeY#>Z(}-w<yFfG?nr?YLEZpjO
zIS^npU#_3YtpLFwc;Hy6keXVMo69-PIL4S=nZ$N?U6883aQ)cEZ6Y2gSqZZowF{&m
z$41uZn{o<P>A_gA{z<I5p55QGYp2*o1}EWIkErWv$1D+=*dV1SIIr8)`_3RSsRO!!
zs<fXWoYZ$HOguTGNh>*-w9KoFahQ0hWzRZ@t&o8)vy-6?9ED$N$V8Uv;Rn(yxDCA;
zKmM<a)h_)=iGOeoOYzG71Dm<;cTHrK0+u}^3`nN3Xeau#kor?0Oi&j*LUF<e?|Hw%
zYc?ngKp;NFr~#4(45{2^PULVJ>q9t=FHY%0lEY6jQ8cfCHJj~vmdgA9NH`)}L4N>;
z>oe#{V}Q5gPaB{B4&VxX$H!UnI5{!Qaq-qZNZXuZa)gm6h2ErZyxF}#KW~2i6nabR
z1pVb6Zdd-(voZu@?gk1nw`eu1d0$BonRvpL&0>xAWgzhx9F+$)Pb9HBZDthl`l5n6
z4=ce4A;8S#?X4k-43RswQ!|PM8&uAu^`1!iL>hL>Yn|e{QX*c+10S`pq_#2)7hlG+
zbst}spZH~RNsT;P>!wws6aciLM~8BRB4R<_NGCu)Z|Ipq63;Kx!2|#jeDf<1{sf!|
z5M6g1TLf=V=b7i!m`jZl0tQk+ZS8%B3d<IG%`pt+bp5;UOQd~fKVfw2lOd(HySPSL
z!oeN_34E=_EePP=4a1Ixc-OO8b{;!*#E;THv8dK!o|RDQSpU&a!~SdBK`ttwF?-CD
zZdS9Y0wvyhv%paq4kMAI$Cqui$PQ^PrjOWO5^uH_POD<)h1hr9m~zl<dPkYI1m*4B
z8dmAP-l(4+a-{G+yg3mHvVJA?+ckjxo9qCu4owckAI^FNnA-BAM{@~Y4l?%qPp{rF
z6hY2!Rq_DPom~JW199$o*}5};O${0Nm|V}DA)>tt?1#7N1jk*E-;tId-q)<=1w7op
zw`;`Vup}x(y)j@_;|V5=-9x3fhY7G&68%k_nt5tZ0^XA4CkCRrqB?cRXtrUFRIeuC
z+@4!$WNcUsfjuHS@ADN(P73Mn;@R0sNFbM#ji*RhP^7iMOweRb#R4_0p%%sJCxhKc
zcvo)?BN10Km0hRqyynL>_8xuVt{>~lPvWzxL-{Gk?8`dksM-2td`C>0ge~%p=t!Zo
z<^;cC_@3;=^10qh#)*dxe5hjfjofDY_xhrDb!0TN<Ozr>aL$QUjIqGoV>DgjySXeB
zJ{Aw|_%0OxH8A4M=Y`rcUtX)JsC}i%z@(H9QC%A1wT8!jX>d2??!~2=-K8>5>?nnO
zSF+<)Gx^z4)}_e>Aic~La_6V()1Q1D5|ZSYSP57-1vEc%dWQCnOWKA3?Ut5zhais{
zap>s(O8j`BHN7?e*ijn~y52WHiRv}d<i7?Fsgj$FOMj_g^$1D^NsxBEG<Aznc=7`M
z_hoV;arSnW^Rtzz_l#Xh5NayAT1`0xr6~OS&%@u<LB$3pJRq^L7gh|Rhr6*-gV#LI
zffcBh;iQ(@h7?wiK1LXfp_{O=q_n-xC+xZwer42oEH@Q}X?KX+ka7^KGER9e8Oeo{
zY1=;#(CF($bwy881gb?LF9mFLF#91CKY)HVF|j;3-;_fD&K$sLy!kuVs<3NSUMREi
zm^ERbH&NkDpitz%^4nA;%Ur+bSMSrLkU4!%uA{U6@XLU`QmBTc`qS_OxcQ&zmtAA%
z?1Q+LbfEHlC2&EAY*_gJW&_noXAc1(C&dril3^erw@zqbLY$eN%|l&f7e&se@=!o;
z3FOm*+M(p;>K_~OQ3qd7BwfC`sY@B1!KQ!Z`4zw57C~rJr6NM`M2~Xy%F>lW09)zk
z*oxeriVJ)i2cb7ic`25<rpq&3vDQq4XTCa@c@;BdkB!gu03c4RXiV}%`#m9r&9K?R
zncBs!b{ae@Rb<ea2fB*mc*95IH-LF>ST)vwe<ooLD$#8&AbB`)JG_L0zw6u~R&rmz
znJ3>Dv9GP*tp^S0`}!+qa-`4<p+|`T0&?YfElQC+3WM0S0{MEcH7?E%5@3KN#ehx7
zqeYWlVf4KH)5B@&%`1k4#I7*ASY?Ada=QH(7Fdp#w3G_KM`$+Y<mmpT^$G=F!nt4=
zJ`+hFbqDwKhgCs~XYbf=4(p4t9X1ko?h?l#c8_33&k2yhu6r3V{_!0dX;|)J*I_P`
zqARj@U4-rx228oqL4@j103)mi`6v?LL=MSpL=`F3AVDcdAca#5B`%8MoezmX0}@wN
z`ef`S$g>7bS3M+?r`~%Z83vw?Ei|Tr5`Q*<MYLKUh|S};CwY_G_N%?bpxU)P5~inl
zm|WqIGTvdbF7fx{IoINkE@pGpd@p3*d&(m72cebq$^C)@hU`8mk;*98gIA-m1-o8G
zwTmkdZ?F2J;ufR$lN&Dws*?>Mbz<@c@jvSfGj4^0pUmEelSbsY7+4w{=Td5VBLDfZ
zR55Yw#Pi+xA(+^86VH*sHuWK1h&AYtN0n!QU17H#Bx@D>|I@&PxyP4EieZ(voxvnC
zyHP5}>9{j#;!%Geww3Z7R_YaAHrJ97o$n*bmO~dc%F^#`Hu9}2cin7h`Np|zY@C#F
z5?T^v5NSHeOXcT0_nM@I^<@d&vm%4aK?^-nOBe%E19@)%(>9tw#g_gpha}q85;M&f
zzFjN1&X0fNLIXgd65j85x1!~to<&UxVl-6Q>0KPD5$hc<WE>T^RH$L(`yudj3T?Bg
z@IL5K$k<2{GF@0nH1=3bopkU5KtlOZwZ1{A?sxAX^}@)?0C)}KzUDo_#L>>Urvozx
znGKSl+fD;WM$|ZV8^%}G$8HV%e?b#0!sbD26eJ#$&ChYa>Az}R2$j*QCgXb|%a*oW
z_$5D47@`$ppb^+vd3AeBYA5+CyE^&Cea#blu@Tpn#dKmADruhvY{UD2kmVfMqe1S4
zY>VwaaP67sCSm;G8u)Ye-H%&(MI+N#*8@QK8{N)?wiFIA2bJ3mgCFBlRfY4TJON#w
z9#!?Qm(E65HQ<SvfysSd=)S0g^;fD~sHi)ZWy3$IRTUBYBRs^=*N0h`4uB%bPd>bz
z;4CYOzk~d7v*%)3tx~@DXtvoEuvvrWXcpOvo6pU()K&@y`LO?C(0q3t>4%$V^PdWF
zO4Kcr^5O0XO?kZ$p?I}F$YSYf+a{b$dl3`~Z{cPo{20;DHpON^Mrb9__`Z2>qY^&X
z2_Pnj9^KF{m)YG08+yW%&`u(&NbOx$<2yZg{K3pVW9uV#c0B)UiBtVMyzfmbq0Ymq
z^K(hBHr_8ye?LC8Xn6bVMnWKC6U!+%fB7bzKMsj{$&;B1{?P2}t%UbbGpLqhl>pVe
zsB}~jA|5mWT}v}X0$qaU)U+Zb^_y+8?{O(J!*JB40YKUORVo{7nc;F#%RqK#u0<^X
zqrZb-hgO-aYAXT2Z5Ftk(G=(Kg^()^nu&Ds&w8j&^^YlsgpqoDy#Ol{1rDH>-I=D1
zKVxNEfELW{#*!Pd?c?`2z93&giJK-Dvv4tfY;@n&hx%&`Z=wu~@(a&D&A7b-*Ryem
zFFlM#Mq@jZ_9q|sDy=Jt-><P@TIWub^)gLyt~4J_yc@&75PW)z_|7-_r35UZ4O+*`
zq2JF8EP1WF3-WAC*>D~EDrIsL;t=9h`x>dt)Fn$FF7*-IKypsu3dKP0{kJiGEjYvh
zC_0sQKb<Z{;Xa{Yo%VIENLF-D$cmRqHEt5~_PqyO7%0!nyX@Ho_f$s)bgqH7zR!dl
zd0S`e>bFD2rYLSpU=guo`a|yBN;v_z?Cxe0MmM-v)GBZzMB9p>ivz=E(i2iOI!>;$
zL`>svX!+bOV1CBe13qeKkl9}}9|9D+C>r{djOa^~I09TcQPi*I|F#I-I}WcCg?<&`
z7^kO#+VoZ2YrIt$Ndg?#0*1mosA&+U#?rG2XutpiNBUGUKPDrw@K06v;bU%h@|%s;
zQri12ZEy+?Jmfk?v5N}ouE)s$D&;gE7}Q#fU<M1GV2vUu1VfIz35g>p>Nt+z>M<hC
zJotb3m77fb7Xpt396q6yCRfrb>!?oA(8py1M4>YnVH*ld9Pp(oxz+9=f+Ak}8g6-O
z9F(Jgnd~muzB}t}sacmL=e||rI@s>3ni1JP=_mp)NDPJUOves+&NlO;_CP|7Zu4+o
zVbQo9fm8Ml=7)tyQ<-nX?-xdWlZI=Pg5ll?F_6@7P2Du3(s<|FR0_zOpL1ANpsg0i
z?q=XZtyaL_obdN>J=J`#qw~}EqFz}T(K8F-==MhIy2*eC`ubzI9#8FCV3N67;>8Gs
zbs0=$F$D?`K4EqmT%$XfOyXB(d+g~%<(_d>XFr6B3zmC#x*Cg=-?&!Sf7LmYN~$TZ
zX{pf?&waIwc(tW9senB)7DI1CN4~V&@9E_Ow_$5Pqu1+?CWA-wJ~1*n=9uswpn>_B
z?4&&5ld%Wx;qKr%E!M}^P|ihWsghDdl|qJ%E5FL8@1c=l@81XCj~EK}p@>B*jy-7I
zrz?JS%?Kr5eEDO+E<E#PP87%f(;z;V`6`x49Ebz<#K46>`zV1->7xWVAOC7^ZObx~
zoAveZ{Jux}1%5^m?7Lpg(n-~emxS;9;&(qfEj4Ie@Ej;Vfo-V9BPu_^#HaOWQ(xad
z2;GI9*$CD5_ltH{J$1GR!?9cQ3A*6c+XR-&*61?c#mtvm?*2o&t=_VlV9{yJI?+*$
zCgcG`LVfz-&DFf>CZ7!+U)RgRwUL(W1hI><A0P%~M5gRH^sN5HBDi}%bUWBV@SU_1
z2{Drc#n|seL67-A+=5DTTrZF2eI_P#kusQfBK5ArQF-##q9T6z^LR9UMD=!!34tH+
zSFg*fs7>83L>fsIs&wj^ujt_d%QUxNv5OW#Zr(mTvV8;bY^p%P<!h%lK~}gHx$2r|
zJBriSyUlnK=-7;TO94`?t?pblK%Z>3dVhV?g-K>uWN~#&m6<;Jw{;^9^zx3}?Y9oa
zb!6%^<+Sag2wO>ZXnt2F5)7FKG*L~pjU%#WFPJ7q-R^>8C54l=J{}i>(dHv_eh!6R
zggO~dgylq>LknX_I4vLh+dvs)>mwr3T_bX&@wp1Eh|xs_O5!+07%zO@HA-ViB#b$G
zwGONekZgixNOZ(_r5@><0W@egzfd(!j@PVoEGE|47*l)$YpL~$rBQfhcW(p?InNnB
zQoQ%(lD9T24n$U)ecx80Dhfsjviw@t6%bRPI2zOA_uF~nU-;2ri~)Svjr%Mn2T{J_
z0W&M48)e_U_?%uwDHD_kO+wMQgubU5ZZq{*axee17opk2sP0^k%sd}#`ju0#OuzA9
z>E)~Js3AJCWirVR7-K!Ig3Re)l@JZB;syX0BWje9icQthN`&wD|D9F42Q@S=zogg%
z;nqIH$CG!C%jGYoJ8no3k82z^#l3^f51rDXmvN4PF?9?g&Zz=7=>3P7wKlU*r`jKy
zfRn}OS=gTN6)r&!{bQkNtji!7whfq^5^fSwU&drhvC@iyM*1+gwQYVokH*)ZL-;In
zT(+kAGq14a8-%!waNyNiV)}`vp}fAvvwzD-#FuS^M-P(p;rh1Z2O<tS1pv%H<SU>l
zlmKp`n8e9^;$9zeK5Y0n<@r{1y`~hFiDi&+q3q1tiE0MBGao8iTpM_CiH`4_N-)}T
z#>~jKQ~+Z=1*4IW4JFHe9tCxp_2FIyusHlG)x1}D)^dW?eF3x;Jj5KoVyXY~L9Xk$
z8DBHOuLE^Ku@W*BD{J5_8U?cOq0aJ^fq-Qkl2`hk`_SSxpdQ{VCh@Pctp4*XUt&t(
zqE2QPuViWnM$gXzrrg65E#16Z(2$+jNTN<dM=G#9*cwm~11z36x}X(;6!qMw9&mQE
z+bJrtA1JJ^;qWoKh6jvI&LKRyG2CamdK3_9xjU>{Dtpb5x}zBmFVq|HMIuvt*XcTA
zp;{nnqy(YmiP6Af0up8MTEy>RQ6Y17zc=hBBk~s&ZY%y?feH<o*dWj|SV@wB$44cs
zMm~y?@Y^7d9R@h7-%7Vlb%MyM+yhUi-gJbtO+)<ROqsC?zb!m~#y9ld{G+3taw-=o
z(La$jEJi`Q!eI$J3JK0l$0RZD{5In2jx0KfOSjK^@G9$TfoC*db9WB=fuv7JnV{4j
zMH}W2V_yFf{!~E^NMox-tej{5W~Jtmwki3FkA1L*ro#|k(w#69cu*OCGK$&hQg3@<
zC!GAE)F@)%Eeiwa@TW8Iv9x9Mo_t)#n~<k=+ybR}F`YFpEUeSvpNKh0jV#IFNX)Ng
zhOLmF<;bkad^12R!>Ul`2^h=?HAF#ICmLf&bsa7aF^t5jMMn`HFby-mUp`gA&Fqs{
z-s*hi_|Ar|*4}UL;Y5;w)i5D9jaz6=@<=D++djbl?@Ei8Dei;)EzhVi(@7x@Xm2wT
z*8Bm8YQUsX*3{=XF0<UA9$=xd#uYGUay+;?b0&_x5^XAf=~j_5S2)D^aVgmx{AOOE
zy!LvPQTf1Wx%19hg9E<_`0Kcr(eU@gKkS)J;7?}TS}{b^do|{u1o>{*Joxk70-LYG
zlb8})CvKixdMxN*-INXFUjXLvAXI0dH}D)0XJqz&7tF}({<>(L(77oICa~62XOwN|
zCfCc`03DC>7VG|hXwu^!L5omc{Ned~QHDiWGbc&lj8z0?4xZc;0MalXmhrW}D`~&z
zye{GS>B>KEKN5Gx*J`P{^YgW>>*R@Zmr43gL(HC_oc&mTU#e$BU}yR}LiUCn+W3H%
zgO2>N%~xs^XXd%gZ`l>2M?IMsg~xr`stu!}{%H-<UjQ=q{B=@*3;7FOT^!X+u$>O>
zIz=He1ilXF{c?fEfK5&B)Ev^y&8eX>@tfe%XluVck~K?FG>zz7zRrX2*2+Lkwyh=9
za;o3j$zEFYe;TRA`;PeCsOaP#VfulqF6T`e(O+>tdAu*$rm>3~2~^quYFxzsx<IP~
zVes;5`uW?H<!!3s#TbUXb$NNmIPFrq84C9wxs3fmkyE7GCm@A`01Tv1G24T6mFy;k
z?Pc#xF7pamj+TwP;}zoqJsJO^T17!!CTVk2TbdsqXo1{7*dZ(T?j@afxJvAW!qS`;
zXs!|ocb6|DGy6O>Q&b&z1n|COy#z+raE7&783SwNL!OzVsPt#7{><*QB}N!1YL3mW
zG$R2K>cs!-lZ#pF9*&u(Ftm?cfKL_+y0t&FUKqz{j~>yJo0kFdSt-Jtb$bf;4wu4M
zccpXuT~3IV7IBzmIh_dwQTD>-kSxoeGfIIBfEY$p^8AGqsTcxVAn|{y=`rv{;F^HB
z@yq)11Ix<?Xdm!=))ZWA{Bf^t{3=xopl@Veg!t+_qKX}WaW6SHV+5{iQZqD^)mZ$T
zW*sJY!tE7r9+Kn73?af~8_?1#sM6_xBbr@$Q$VYh^V%>Fz?GvTOk~)KkCA&AnQ_01
zo?1_jWpCH<P5SaP5d4RVzWc-VJtR<1l;sY!A&<LQe9yEQeH8tH$)8Sv4KO9_75U@B
z>OCsP**Fj>Ym(b)tFuL7-^5mt-Qh~RMtpW)6{E}3Qq-2HRh~flnr=z|sBkV?%0;`J
z=4m|`p&>j7@C@+tAb};Ou{G;#a&JXuTQdzGc`mTn$9(LKm{0-exgWAl{T$9Kvtq%~
zQO6sIFgX0-$y_*r=SI#hpBMLRVX9!Lp!LE<MHcH`UGFTRBuk)}5TRxpoHOx5AFlhQ
z2jf^Wxhi!d>!bqmvM!vg;Bj<%{{_06hhJ^&I{8lk_GhuFN^Qv2air`H65s6#Dv})v
zo^}URK+K^yZwI4@avs`EqPj%&%aimJ;=b?&R2XikI0xF+d8t#eiBIN~QP#><-U4E&
zScu{Du|^2{d57&lNug@VpWYWqZgIU-P=#Wc^TIff%NdrY<#c9;3p%_j5i=&beWLWK
zFeN5`atA;Cj?U^Sw(tk4M_Dxc8^1%HoP1k$xuIJ@f4`Tu?A|K!nnB2uNvts=5`+bL
z+Zy&v=2aM4A^T3jyv1_$PQe|0walwqr=kKT8aK!+mT4J325A!*E)n>G7Wj9>c@fzp
zMMvP!Lx_%w-SU#<Wgg`HyI5qsf`oJ^@=+j?fLK2@czg8B>VP&D*UA6if{X7ByB8KB
z-h(E=&`BJym}{(yF~eOcsvWw?S1Xu0g<bu6I*Tfgux~hyejao<s>{Z<Y_ITc3*@M*
z>L(1YQ!(T5#106?l27*I_ux<%I<Iv$B8U0f^PYc3{=3*N!m^fNKauZI5LI26@$H+D
zY+$6yU{^YgBRAE%?=(J2Pj}MiIBm~JFRFD%(u0s{N1<dTWa>5bNLSPjlu03Cy9lxa
z@+_pT@O<Kz2YSFCXIU@lp-#t{peXJpM#RaeA3YT+#!nv44s0r3pl<uG1F5htt&<Bh
zX7+uM??E!}_%})Pr?^^B3A-J&x*SW};sE(=A5T56#Kqnmg-x8NcGU?#=4Z*>L-<Cx
z%l~~albCYNW+z&G7}wa`aq_h(2cE})t3G}wf9;cye$rlW^jqElM6%lc=p}h4>rqYO
zj2kG2Sa|ZpKe6fhT-W3a2sl8}_2M6srZpo6+Hj5eQ4BQ)D|>!k>4LA*Ushw?m-K{|
z+bVDoi3yu#<gS9=Cp^5P?ZF355Je9}e4>*4Sb~<DDhVEgohPA>5N2eP=Oj|l?G4(L
zSZtITP8aT%sfHFHsA;5-XOjbPf{$&twsUw7YoA}wqjI@<7^_%~p}{+OP6!6qZn>`5
zrDOMvoR2Th)?M-spq3w$EXJ<Un!~(8f`5A_J#iZ%&R!8(b0W#dAP9r9)b9^dhH!i=
zA0(=@o2i2l&WV|3+*sZYxf|>8e&PFS3?Mg$t4>_HwAd#=h#g3BUOHeUODw0c8|1G|
zk<JV?9A>mn;!g+g$*AZWyfx*2f^X6*vr8{Jml1|%e~*^&(yI^zrK)amEPsB;jAYMW
zPj=Oc_zT<WU{)Qu95fT-!}Id)S<&Dc*z)KP5|j(IZx<lN(3xMK2^Vzlh|&h3*WJCI
zOaUT6vG4KIDgq&<njY0@5c~iF*L6#sZl(5*Ca<ZQz&+fZTB@~&2&FfC!gFtDzq-v~
z<IsCJG9gq<FF5~EbjwMaQjB;nP!_wCj#ZK>+e1<$<$eC#qNAPX=KZTy%_R8R0loir
zO)7tGu@5iW&x)p!Zh}w14%BiM05qAH)EVT<7633?c5&0lbIEz}WtzI)&7Z@bc87<T
z?Px{-ZjZ9_&iH+*$gW<Z7Yb)TjphT|O9_GZpLQZK_ly1hnH%iDMhwZg9;<1d^xX0*
z#i0rrs-H=Z8jH8lvV$sboX@<Buo*S_W*sxBIFo0<5B$=%Nr~a?Kmd=8$9oEcn0R40
z+1H*fWJ~`rN>M?Sbz`5VEzApW8eA&nG0>+POpj(_M?u-3VfRJhK6ToxP-CO$-&i@g
z1MsI$Q2z$%OTwRt?OA6T^Eyf}7@kaV(ScL`ch@Ru7Scei#d=#N9Yi#YI@}WjuRmnr
zXjmx_0sOij7-JM$RjdPUQ;T_uWDXD0@Tox&E9fx)*$@sj!N7)%s_SVbisz2tk1n_x
zL)4jqs%=nbknY9P6yQJt1RJ%ZkXT?=1@e_MZOWP&Nyx`(`CF+t>Vlw#x*}sz7dVU>
zw&;qV_xCqDsAZe)g+1eZw&GC6oZo6bIQn><JLHZV?Un1O56CHTWRmNh<o?my1uJh%
zREab$EBvpU+6nlJ-#Sd^7MQ1#cwoDskd~KWrGCEuGb|&q+?I|X;0PhGV=or(7;6mC
z_14luR3`AX+bXmzGwm~maU{#YtYQdO#xl?0^iQaQ&EXN!d}(HGkBG>lEAAl0TFKg1
zp3#)V;!ZD1;E#ES;fU<rgfo>G-PNXL9sAy#;?v2p9CRjELg`vOiuU{R@JBVVvkLN!
z@O3?UrKy^Td#iE?LW3Yj0IHMc%}TqHi9uS~la5Hv7%}hj)kR|z3$pv;Dq3M7_<F&Y
z*U*mDNcSWh>rTxWUe&zf?}p3gm)-_){c#>vU^N+LZGmV?!ya`)ZY+(nhf~E^28+<_
zQIz7K2>n-}qbq;L%0G_&S$&A~sh&PMv~;o2_c1Fyf1(d6?rwgt^2c6>n`GNI$5>L*
zH(e5>8L!MfRv=s<Drz8!7%!=<LGF_-Gv%*}pJ}BvXKxQZ`}s#z?@`5L;s4;h&*R^f
zJ9z-pf^JBC?2FkP7COJ2>BJoQVZb*EgecFYZD~P&y*>`tcO~zbEW7XDsdXdm>lDEQ
zY~3%6@y#PZlc6(})R+5sjZPIB+K`hN%7(P&4{_iBB5_m;vtn}YpHS6Wq+=^UeZ>C*
zFIzFdTn8U8hgBzws_tJtT=1g_%Q2^H@5Ch#TfUnxI1)01ev`q?yglCQpBYd}s_I`f
ztJ4nw@Sy(#VZzzAnkl2hVsxv(IA?Kf803ivRW7W{Z07!~@1gOlcWJ`2tJcA^G0^a%
zpv8?EAI9*wttOhTPi1b15G{!^*iueI;E3sFlEL!Q{%j40_*c(spDf@aw;-q{*klVZ
zVb6nawZGaw(#5BBHZ$f0jUn+SLbtzqRo;$=gUYbGd#riJ_Ee3+rYvm(A1mfBicB&8
zpU)XhNdf4LpLrj_jNbaXBBGeHw^356=~}=~utuEOr)K4x8F#}O<T`#5o`;C95n)2L
z{A`nXFCXa<{Bvv1s0qqI(u2v?<yfZp|1;1!l$AInIOX0QBeuf=@YPmG&&uI0koLu0
zDe1Hg40wy=4b!F?kK}iFW-|?2AQ87Wlq2AQO!2lXBzLCbTqz`w&h6EJF8rs!Vt^>*
zc2wWVbt=_{(Q+ysI_FIO{9kgvBG|S*yu%pK<Q#saaX|Qtq;S&Gr+HEkU|uLVZcPu3
zsV{vVpnoTz%!313uuqGUGCoSjoorq~*1(qy{_(wzSe=)oZX%SXwU8ZICB)Iu{uhQ<
z9+9Z`{bgf^n-&}Si#}L9St#Rv&GsCp|3M$Oh^wWG&8#0|j{tQT!=;#_KL78lSp&*N
z0rHq%sqj!GO`kXIAqQIV#2z;Bxh5}glSD9#*D6o1I}~NKu~ymnj!C}^(jgquat4a*
z;*q!UphWWC)4_Wlj~YHgN=&X82+f$edOV?Qn%p{#juyLTmmf4};E1H5Nzn!P#X&nK
z_B;RqCirxg#iHFOi|lmG(9K1^wp>819(!k<v=N&j2fhu>LR<F5$Z23mqJMzx!;`PZ
z7VkMT!DBE6boS#V;R^c!5QXo2!f$8bk~7zzWb4DI8n^AIcOwTgQo-xZ8NjOc#<-DN
z<pX4CHCR|qybidgubpMFQT0Z`#8+YM1QBN%L%|1GEZa#Fb^cP#&{?2x6o$ed&x@-y
z99-WGhPAFcCccy<>=%-QsL$&P#ZLEf;Om>7%GN)Q*kP#c%X23XYdLJYYm3mAb{U5B
z18{B$OuBJpz#gUrz@ATZ4JiH^)@72eeJjRZ(7$?}3j>~w1OEak`ZJ3fW5?DOYMRWG
zBDdudt7fZV$`Nm?92{n}HH~#uM`PryMIAV}kYISab}Tbr{^PF)X_pjjbk!GLlWQjP
zTmwFc;5og@i*;;pAQ-Rq#7wuI3BO+d*4i39+#QGwt5FHFc&=eVIhG!LKRW_?jbaY_
z-^!KsY+i7e_T&ZGEDYZ_k6-fM#OsTV0QD6(>!e+Dy=S%}`?kyg|No8!^q%7y6T!ls
zT&WKBt7|}3d}Fz*(!YoNYqD9auDsGJa3?hQwSd5uY{#{W9aHo1phb5PPJcwEv_%zK
zbdw8#3-t8Iwz|+y0qLIjf6nmjXITs8+F<+id;ySexc13I<T}b&#sQrsnRaco=fZD@
z1Lvy&4;!z5Nkp$-RER?9uDX5D?7ukrahdv&=jF9)e9}ABfSdv!W=kpv&i{yjFtX3!
z@R59<;CcM-{C_;VpCM13s31R)s$eOMSbgjBOQ?Z=6^@)dXd$9s^8Z-0mz+i>!vZ7#
z&}{g%V5@Cxwh0c2);Nltuv%oq1^kF(&;8UKr49p$n!0GDJjhy_poDJr{8P;8a}L*^
z8YWQSkJh6~qnd`*=%D45t{)h+UL7$Ez@8rrBNbi!5A&y{7b#sCI%y`=O^Rf=XXO7T
zykk3?J{`pN1wjO4npxv&;q8!y5my7TB=^@Q>z$?_HX?rFF^laJsuY&W$j6r+dapM(
z#g5oo9O47vf!4SU(xJYut8;{R7pEWEdc}7nlNdWjb$2P>{1{ZAsM<vD=8GmZYYRKH
zil8F-i{-}Oj<5a04EIA!sSY;MbPcOi!sVqC|6~9-@r67nY{u3M=dStlh9m`u728jm
z&8-C30!L#uI3<w6?+~0%%UU^)N~p>a@xiR|<1n2iEJtoNlDmnEk|T7BO)~k7*=Pyu
z-pj+zIb_N?if<UHhZ@2pkjkO+U>zQ%r&;$>ihLQUK~(LeIaN~P9mfC7*1c^^L4gzv
z<P`TcuF`==s%d5;zk0x0HK~?2O9z>oCu-BEI$u_mN(+jRx2Li8cY#Emn&olMpSO@b
zMd}9pYbP2Hc3(=O<a}s}BS_M<Xno!LT*V3rJO0-Ee+S5AeRKH31sxe47z$@u$hJTM
zmE1;`sn8TPQ~l+BeH8i(7+F{V5tMtT*ncC5qmNPApa20qHL|!Xfg9}+w(^y1?xTfc
zSk&uU-3hZDP3C-g9LaAMqCuE^S;~h&@PS-qmoSyOF5)U$_qOp`mshF*lBU%XVzA4l
zo`ac4Mw+uOY&bOV&GO(J%@-BZDVS0VHSCT1FifCnH<1bvalO`M@doV^+LYmh6~U_1
z7yvbL=O&s`2mpJ~(>i-zsB)`xJ(hwXrP(^oWoDf)J}^pwHZc(<L4(G6W^m_lgocYv
zeBa7)<LR+=2YGCSw_wB%JO86qFvX(3&Ru=<D{HP&a0^%R_t_r*Zbsii{blc3+5?`Y
zRFvf;1qQ7-TolB6@P^$ErNy^S5Qml@m4tBB6Aw6lO<fm3+%Dza?B1{qT-Fj#!Jm`$
ze65l<S?_uajn95sJ(7#9bsjRk#d`F{1$IeM)k6hqZ1|2Jy<jLY|D<9aGkEz#2+@a{
zT^BK$Dp)nNg}j%J?NZ|5u4(r9&4$d^Vh^4q_pr)he=fj~>FP((<+B6?Y|bv_{)q4|
zYV?K!;eiLmW(hT1OMnWCPPKhDlz1CN^KOfGz;K}bviRb!dz4^;0|f^P8HHymEHg^e
z^s@9-1Mi$`d>Nx&#X*ipW}kg16^h3D{7nu8_J%!4|9MVv*Es`Z*LJ18cWdTll3O~(
z9JfNMAN#pag?fwhK=tJg63X=bv7Jo5``UrBN7ie9?OSQ{6C^!sMu<2L1PCf*M<(PT
z83Y^Im^8K+2^US%J$|}!l>;?TOTG0s8cshT!$>O}?lgApa1chnV#knTUo4REK4~Tk
zAK6Np-XX}<gt(%uv=upyQ#~AcXlGg^S`6dh5c43P4g(+bcRTG^*8FcqtQiojjc|Qm
z&m*R8dKOCzKK*|9JR_D_3opC>$A=EF=@7->_pbR%KpKMB`zc)W>=vj2*;Gc$@Q2CU
zj?IC03q9HEOYjMizT<r1Ic(Q~-14PnLT=qu<iFc`+&XMIgh!Q@m27^`Ci3`5520*{
zrX0VlH*BN#gUP8u;sJ8k^0>;0E@1DIn*56$A+3_NYQX7Es3XW|)t;KQfWYP$<g&yr
z>@_I#p-eH##A2Y}#<DuXTKD-vZ=x%_NVlyX`|5Mfy0B<E4+QyGLNPgltg1-A0zZx4
zQLU5<(1-v1qpJn-#mSq&a^ysT0)Bug^g$-7B|8T2>%pLYGShmLKkyQd3a<8=Itxj0
zV}>-#R+Kh5ShLp|Djd5HD>;LE`Zt78uM3G$Bd*Y;zN`)tx?k_X3$|YQH>IWJp2hmT
z;vC#m+yFloM`}+FGwW9(D8EYp6A&-miZr71+X=HK2q*hX*GvEd<NOo?N_#~yn|>cO
zzjrUC$A(z}lV75>_P~gN6<Wqck4!9pO3@CFjd9f(&&{!xf{=XPPC*Wbk#wTH4Y>R1
z5u%ZaL!S0aQHVhg2%<7o{<;HWes;XYAO$6?I4l3)taPc0*A)jw67QfZ%hjA?9+wuo
z3Fp<Xm)A+#s@YCcB=)-^K!jm|ew$^GHOV`O4yizCY75Lcm&e5UF>fRP#IW$D!J-&F
z<Mf?_2Myzud+URVF$Ivx7?%y<iQoI_FyT^V8I+WR{ULjq=6&Wz{@^a3r$jt6k^AE~
zA${PBKKlbQ!G2Ag^xBcp3my7>1xP=hCFb`2o<hPPQ2U$Ry#d;+Gx{d=<i@wgm1B4p
zt^i7cL+M0I%&Ju6o~n;}3E4aDrn0~W(bBx0?CvklV1A2%+@vT8H;Rpje!0IUwE#@g
z_D4(p5{r9)ZR{(Sg3BT`VsexOSB9s)<?IOZ5%-LX#W~hSHT@aZP)$1vB#}C=^Jo$*
z7yvS-&Ui*=mslYGL8HL>Bf6b~P9Jsmm8tXMbpK?=`w9|JCbpq|c_j7KVgkq%XMthu
z)#QJ>P9I_GDr(cw`S#UReW1db@2|MiM94~MAwth%F0Jr6;8|XF-ZH#rp&*S16B{)#
zSOE(%^v&K!>WHMnAS+e$gm-D$b~5dEf_E{hjdPTcgWJP{S|J1lMVuS8__Q`+_w)mt
zHcn^=F$<iL1MznKW3C9)Hc-T}+@uwSb5C%?abBf0^<bh%L{F`p0Bf8(0W0%&D1+_z
z44NR#>j45ggOhjCZ=@+W?Z-=m83xV2Q#SIY>}S_=`joHl@iTK`*TkT4VHSIA3I=z6
z&L8OWaep3MJAX)-f+4k|{d|DOsgwapzlMkXp{=y3yL2Pz$$KB)i(y|AJ_ry^7a7bw
za>%T|J<d9vY$?xNKt1pAA**5k;B*{~BQVR_w72yB!NU4~L%U?s3u!3t_5b3C|Igib
zGEnWGI1hNUv%yjrfB4rvmpyRyAMVi0<~)Y4%4Z6qPLaUG5tBdv=t%w2F2hm~Pp@U#
zpEL-k7&a$lFzKOqlW=B6?QPsJqFi!v(hr_$kV5^2W9kCR_XPk>#W#c)BGvj&Nqk@^
zzp&goE#i=myo`KcEdSxIW2Aq@ES~GR04EBgU~WlUoohwxUU7;Mfc;TQrSQwq=!Fms
zN`kddH05wFaxM@Nrt}}`5tkzgIx*PGDkv$0ZDOM=4^}Jy%fi81$vcra%4%F%SEt1d
zkH)Bgk+4A;AB|^NvW)tt9{U${b29fQsU%7+wIlamZvM&H1Q3hJ7b$`|<FaJ(Q-E<M
zc=@@raoZ*6PmPz<7yzqZ5=Uy;D0EZ_hYgo_fpv0->^?XzqP=fs>67vjdRbdapjYW@
z#|=-~IPJg~d<+$V!^b=QaEs&D!nQrCutgElg3}?X%CMcA-Ox05XGsVoSuZECHM@V4
zv`v8E%XbKE@SqY<)aseh#fbV=(6@LXVKDX>$yjQK&9Biyrg9=U2n_l&MB#fP<XI1;
zTfZ>25MIllbWn}&hxsSMBb%LD&q#}D2w?8a#7+RF&s>_a`{e4G@EG$hPdTy#>U`fR
z=yoYdZ2QvZoZ&{Qx`pXbifFny5Vhtl$n!VI-c=j&lW-qKwLfPdZnQmEVqwz8p2QkX
zN>PglC_1dR@7ps=_QE2;2cv_bRlW3wR-)VHg5>dY2d=RNH_kqykB4uMF!E@6-pJ8>
zi>#}F)@GKHWhVOCt@clvcoc-ni;aN9evVK>?XJtJD)4JO#a@4u0lz3%#9SISxB=JB
z3l;j@cHX+<3IF5J1>_7>lmvkS4V=V7KUyS;-M<47;mM|{53kD*Fl5*76kGkX#+xKp
zK&UXoMm)*ID4(R38~K<Cr8@tzc?0z9&evG?UmWrGCnZ&GKf_j7%5`XlM`YEfjxDw*
zos9v31z6j3_g4DIe8oIED5|8(M*yK&v(V>TkB{COh!KnZr$n)jr(@27?S=?&B6eM7
z|EI)V=V}ycmiN=Dpv@u}{ebdYC(P^NEY41E0ia@uFAh`P3in=oUfAnQb2NQlV)6H3
z@v6YBX;FZf#YcN%yFS`-hTy8xu~r{P5p@}68;?QnPy3t<y>~4t<&7Pz3e($nbh0Ns
z*(+ZjL&-n;&3?8B<s*y*Vo#EiXl6qIUvBd36wSdzu^1~TH8%4VdQjSx3WCG<E40E#
znanRjvZEj4Lvq|jApgyaEo>{E(vW|dxXZYhaPH0X6YF}tE(Lp=;5yI9X7atyH2BR|
z#WIW@*2l^rRlIv^^wCnCnkLNB*D|{FS%4>Qo@9)CfuM5y0f96TKoy2FvxD?sv%$8I
z?1Bl)CbLeH<FvcjDL7DV<&E_-<#Q#ER%y$j+194CxN=om6kX*fQSYU<2xm`;cYowe
zJiW=ED@pLJp;#UeIy*$tlvcI(Yl&57cl@7y)t^hh*lhJ0et-rAP)@?1Yr}fn-J+57
z<A}5`04Vw&Ur@Q-K-)<5{(E*sONwuUY^Cu_L52=#7~m<0O%;a?iBQ1KgZN#0`#(|%
zL?ivuT&BaXiHlXR2Geb>6`C{;w7m^GozB@JP!WJ3qYstH+9Z5OU5<%qpf0dRsPxm-
z!!l_o*NxDIcs@%1v?hpzYb0d_37Nt=gBBvXZjo+v%=1fwq}eDzFb0<PLc|7mPaKmn
zW;|IsPwRi!RJdk_<kTnBJrP02lLPOt6oZ~{l*p7aA)Z?t3*fc+s%+GZ_`{<?Ae|dv
zMeh@m@OKmnqvWC5J<v*ko@#)1v#BKVd;p$Npg*_u^%U`oN@^<zz&-QoWHA9HRkqg+
z6vt2$`d2Nm00lx9?#ir1>F|FfssT?K;pKD8i9^_Sy#AH<Ds31;<X<8X;H)l$Pafa`
zDXZrEm?HYk*%%t&3)76L-Bwc(*34e6f?Pr^jrG8$kHLaLciJn@{W>%&#@2+@O$XFX
zQPqdyg}#f(JM^MRhZ$+`ltYOY$}l)xR03>CO`5c_udYmF8}~y&&;1L|-(6YcZy^|o
z*qyww4&x#s1<!i^;}@&qOUA`$z|O)Gm*Ke|fTj(UpMA(j0$azmvv6bl%!m*!Btn9{
z{z|T*zJA|IeVsm%B7QUxAEnZl99|NYYIr`Cez<(mJ(EyfDQl}4)au%~pW!;XLax#b
zb}+XqU1L0Klb+9`ph;l=JY=p?4LM9m<6>RpJfp9t2N}bWii;!z)vtne*cVnm<tuMm
zc;k7Sz7CZjge>~Eb0pNQmMO;8Cs~}(%(6y)oSANHl<wMq+L<8xd7!@jl#s|Q$L#<&
zY@O-~?3$!Iy79Txz#I_wZi8O8`Nj_bmuFV|8NtJ{WN2n(jUw%o<1Z7=H(Q>FaZ}A(
zCAxQUusu9S%G#|%Y!qZ5LSGO+3MnY%=GXoq`e+@R_bzO;q@nE<BJ&a{0`Bc+2Tu|8
zTXlDi>r5<7$QgfjTt-XJV9<Ki_|ul84H@ovLA1=reI{7BY92}+Pff#EcXTi$nExnE
zj+NFWm_Us*wZ_9IH4jI4rgA`LXsH3eLkGU&%07BCT~)^8z&XR7Zr>&dSE)F(F<Hp;
zDQuBdJfc^=iIW-Y&~K#Tw1G^$)Imc?2EBEISVcv7mwAL0pRS&Pnn;u&?ue=pF9o-f
z4t9&yjmtiyP}bh5Jk3V;3yOJ&A;pzVVjN+{;IX=%qrHj}=b1{X*q7rxMVRoudA4T6
zB<3|fi~d$!^4L#^3^p*KToA4t5f2b4T<fdoZ`)|w`}6KKB8vm`$Sl}uHrc-R0<bLh
z1O%8_oiBb}Ed!Th;_kpv+*^aH=0{*v*25DA8mr$*C*Bc#5N$-5f-8Pb1ihjaF;e)J
zz$!JwAvpc$)GKig2_9kaODfL01{aq3Z~B@tR}x*+?K1y=B#BtABU4E~+s9#m0EOhY
zJlKrcS%Hi}kj0}C&FhHn$jd&EfhRlq^w|rX%4U&0Unm!V!f(9I&vig6YBN8808Tc(
z_AM>+tz8VJYoGG7%Cx;cd$a*kKZ7VIJ*i-vk0s!X(a4@-@3~(BN1V6iA>o(~eYXI?
z^*os{KK(qJ&%e0!(FIVnXaQZ06-%86%!<)>G=PT`bEv&=76bixA4j}5kCmz1iE##^
z7G{_~r_Ge%uaDSvtE_97eDaN*&9{zN_0(woHJY@Y5uN8EyKrrr6`p4B8jWc7PEpP%
zo7C-KmD}D1m@PRJzyN`eXI6>EwW4UeXiU797DEnxci|ea(@_0g0GPN5p9a&;<j;+J
z$p7k=00<t`sjQ@M3Jr##TVES$X5T+64J6e1vS62o7fNl0s7||qvChg%t0W8Qz`esF
zK&+Ka?oy)c7%8`z-nNN&F+8_U%2lklG<tuttrmEq`@8=&Ab`L5M!V=U>6eOq5|OLO
zI~<te0RnfF(yc;3HbSK6*9%_rN=-_5rMQEpJUltTLI>C$KsmBicy7-h#L*58vo-DE
zr|qUR)b|p7iY!S(D5!R&LrF`|;h^+9c{Y4JeS_-rd5q=w3qSq8qKHOP8lSW%^)%@=
zr;e(125{BR4}IZobrjVWs??bs_X4_oF-i&Wp9R{_ud^?O?-LN3`;S*8t(1j1@V{+L
z!?CAwc!e!w5KE?hbIGKlwmGxc>$Oaw4z~TSI74>U1BnMz`R(5+S5KWp?EsBsaG<OE
z1Z1Gu<n(%&ngcD3Xjj6ZhPrWiGY!)+SFZ*b9Yj9#zC4cXa5_~#;Cc2yv*F8}WL?6#
z6kacje2+rwj$PG=b=*UNk<$2yM=LCr%T{*pMAm(@Y%|y=8-{@RhSdozs+i)~#VY&*
zB}M<?ht6vCIMZ-q9w#|p)Dd?XT~-Ce+2j_O^xUg!0+gE&Bc{za!-W(Yb;QJq?Vvy+
zG^@G`sVp3KBti5Hczfy8Nb`(duu_3wuro8_C;*+Oz}<FEbuJ`=wB{atG<yFR?@~AA
z3%S#OtJpXe@fv?hkHKn67a~I{rsdn`X-c~hmVl>E8f4Yu4?iOiBa$HdXZE9m;VNeo
z!c%Wnd{7+Oj_i_UUl{64Zb_$;aFGr5Un)IFjx|bG;nTK^P;)B}q$lMk22@28226p#
zLmpWQfeN3yVGz{L_~@A;+V+mXnduxT(ZX6hPlrV^AC`X@Ah%^Op_6nmR!r{dc#VNT
zw-||_s*Ul!BLpi_AXibxhs;Q$?HNdtUtl%*j{@T_812+<iIATjSN86=-WvdW#kDs}
zip|%iP6z{Ra>K8~6G~mRYd3wBsU8SM_6U1$C?m*m?LJ6A&3w%tXP}AUUm>wK5$sUb
z6Q6Ta#oq~V0)OpqAng*be5@EW3;-w~LX*K!AL3vSi99r!Xa+VeM8AOfE_q*#`1G4M
zlX1G(R!QI+`AH_hf7N=o>E4C`To2$Z{v7HS*Gn)vP?FmF$czl^>IIZTAOdKo!%ZXs
zO~yOiumHNaeIS|$2b)1i8l?A;+TFAr>GTW>+WS|0)YizXvxi6kjc#Ut#8spq(^_$f
zXvkEED5agsA|5A1Qb#d@WzS>55clPjHDpNZd*gIdIm(72R-9Y(V&x!)a8)ZcG=~?H
z5_b&}QuxW<=ANHu?;eHF?~)PT1SBNVHo(D{W0|QZ5Hg@3Qc)ZVI0AQkE7AldtixTp
zVazeO%`E=E_`HVL`~;R?MtabSmI@Z1)sd0^jB&RZG=1XagSg5K5-hzVHvAYdx`1Y-
zN%NQFP(+k3E~5ckkRI29#?Q9W2P4IX6!EsD$VXwtP)6Yy01Bgo`4Sq*lF5_{9<|B!
ze)x>fD1|cX{s=_abZGArx&~eEG%fT%q%Nv~EX6AIU2f_;x%F@?(Ocp`vB>O849v%b
z{jN588Xp->HBq1&GxliSF;*&ksI`U2^ej$9VDN)|E>~Zh9j#}DmeVw^n$NiFRS=!E
zTZ?Z9x|?2d6qxqMgEiR$r6tVGrONE+qOUH?tx1}n2Bz_eCdNC?T_o@MjV`L>_a9J$
zN3yefoN=M_I>NREHdS5AyeMmOouPndHcMKwcfH}ZL<;XxBC>Ndtz2}4b{cegg&FD4
zQIZ%hZ_XI}M49amhg!6ymQC8V>vj&?Y<^NI*XaQFfIS0Kz;pl*GVFA-^omX_$rCTd
zi;`jYl5q5^Q-L^%Qi3~>>oR4axCy8AC1Pz7-SM^)t%kxp%6;UT+qw>PIWtm>Z%@xS
zoe#GNM`K?^0#j|t6h@^Xdgb;tj#=<xh|=zD0OO>EJu<=*&2g;NZz|l<n?1t{19EF7
z?gUnI3_piR<PSX|&NbQ;w4^8_N>I-F0!wTd4}(eC_i;3^9pcdx(-R}GAim3~E3EpI
zZVP^z%&+<fWxbCFHvuYUBL(`Nllud#S05YIg}hc5R?WTg_6v8KrU;r%SW2wGk*fph
zeaMf{^D$d0=$@94I^(}vipt0Y`Kk;yplN~lk7NVV3gzn;K$Rn`h|%T2Kj=EC+pdAo
zwQ>&eYMOW%O&AE7QXi1lG!<jaGA5CNDb0mQ{R89R&66N&p>B|0!Lz7MEC2ycwsaL)
z&<w8}Yi{|rxC|kXz*GyaZ~SE0zG{E4rYvEYxOwcK6vSW<?XCq@vEqJZN?D|2;!k=h
zO$H2CX#n5N&8g0KDy|AL&#Uoa@0^~5oqIns`VXK(q{lTBFDS3U2Pk5K*1wYlutssO
z294U{^1M5bv(^-!-1$J{kS2I9Z8obMu!my-q>6LKlLDLd6MoSuL&aY6yV*JL$bCs(
zZ#^zUmy^L<e-AR@jddx%IOZ}2(UlP#nMt?^UggcQ9!bLS%y!Zkc>7cG1<5YBi^A{^
zojkSvi_|Ew&J=&N*kfq$kfP9I)pxr>-I^XR!6SBX@E_Y>Av?CN-bUO+z4%W%WOi5r
zUL|JGg2w^}MvPrvxZs8G-03|I>qFw<EWzbSn0#v?@(A&m-TYL6RPi#J?hIh*G)m<=
zD_+MD(qtTX2D4dRQh-|lSVopx<!_M<UrWX8pd)Dx`G_Hxpjr8sShq${u|1w*GBr!*
z1xncPaRHSjfQleRALB|vtRJTzxwP1G=_Uh9=-w-<Ln4$*7L`ajsl``sKYA~3P6M1E
zyW|a<hh-14K`_JQ$LVOsr!wG=%{Y@cjum*c{%{53pj@NE2xE1RNCYW6rkU8WJ^5fA
zV_lqH_ES<I8Fv}G6n)!hhSl<1)s)VK4RS0mzYiLe@(bFwz!&Go@;I@Gb85fZAMV5n
z3@a@H4O;qj^x~|ZE-##MPgY8?(~B!Og24Tk!!(~O3}wwHFC0Q(QYxE1q+lx)dli`z
zw>86K@BV{O|4u+8oK8TXLx0+U@5ClNQoO*%m32>WdspB98ujyPA|wHqcK9(!{t(hS
zq7;dnXKQJ8WAxdG6GlI_Ea}+cp^ibA1T_;i7VH5XZ`7oSLIdB9z=c$!J+fL%qEqc%
zZ|;ACgOHLb{0Cwk7$L4@Nq-m=c51<M`jUX2gfnzFK`;OUTM6(AaHl0|xknIlB|L9a
z#f%1*jRgkQdo3*b95b1UBvH&lxR}cC4eLY<NguBg0!>H-E)TR9wSv9oAnsc<RF4kA
zXbH4LEv0cUs_nDC<#)i=qi@r2Lhq-U?3)TikoqAH?!5z=a@c5V>sj7vvs{CYto(iw
zJA`yiQz}7fjWP90?LaokZ{WP{sHi{xc6N%VX~hkK>y)G-ixFT|Wd)EXl}h|`b?PC1
zA4-&}S}eT)#1ArU$EPT0*ZG_j4&xPE6q$;cE-y26<{-$`)?j$80Q>%ABgq{9<*Hst
zXo1$!p1>b@47OSnzb7H!MRJvd%Bz-vN-j$=6un2e8_a4w>14OiL?j2d&q;*mN$Jw<
zI0LHz!4JYQDTOu}2QjNdjZ=fK<}<rmh+WT+c<48||NR0;=fV-m7Zdtw1rjcfIGCaO
z>aa4`H!9l*V3#&L4tas=wVB~~B%z<K&_rp(VE$qqH4Pl82*h?x#;Zy?#^Zw$J~q2?
zhUs&9g<SPwRlKI&LYM#tyaLEYb(diP7shNt;cM1Jc$6Hh1x_==YMAn|;0+P`5<oEG
z-U_0P+isGNSyWIsH@^M|zFvZU3Mvm(2~Uoi?6dFb(FL+E6)r~fOL|&6+0Cv1yNmUd
zd|V!YTlw@9@)b6H($zRZl<h91O}-8Yiz~SfM`e<nx?vs2f6aQD;pBO)qrBNoV7quM
zU}koq=;!bxv)3bls}Q`&m<<s;!46rgYY4h(d=(fAByxzZV8h`)m0<2mA{H|be!)V6
zRIowikAoOVzNKS)NR%YQy@1s0m775NFw|Md62?m=brzkL5cNgS<FYWngcNHrnA>&a
z*ob2H%QU8}inF+?Efth+_i#X-8K$E43#0+(hQ*4pWjGEJ0#=v#s|yW8=L#=?@$sPK
zgo4kq9UC$f!A_I|*-mOk+S_uy<Kc+~?WNrZPp~cy8;<}LjOjaU3h4W`t=vaD79K8v
z;HE)|a{Q80eJp&>QWTDGSlv$LAU}VH5fII1FNiCajgP9`+x+MNbGk>~n(O_knn7HV
z!r0Y6PG6I1R7eX@I26)LDE>Gm9yt+ezh4r}*{IJ(aL5GM`^c2i03#%jC?Yjfjt^1u
zfVOQXIM?A_&KpnZv=ubq9adpHjTpE5eXQHDK(Eo}X@=w>e$@F*Q9>~;&rB&JtLAlV
zy?E+?Dy~DSj|jEz`vRyNNx~Q#WbfIx1YB<1i@|jrJhw12It{~1M*-r%ht9ROw*wY~
z#L)R>kz()9oWVt-{DyxlQCFiBhL?#)58~-?EEAgvB`~L=cGaVbvw>JpLpFspLw_e%
zVgb-F-eGL$E5hA=uR@Iuz)J4^A1Q_p=)TT8Nqf06B4PqeioFeh=}&sOjN734f;AMw
zYwzv~-br28wX)3Z?{ZCdBf)T&mbB%AiG{fccySv%7wcbYQAf$QI8#l840EaN#33~4
z04zk$biYU3jwnW%d-C9uCVr+jNXt*pG<9_yE+KHR2C8<?R)}`mcyhw`kF^auuVATn
zjewG2f{O~o<ecd)Y?SfXB9c=`Sw&MT%il>mVj{i&^DFo6EHOHc7*zf>MY~Ge8*}6%
zX#I1P+fDF#uyOAaL5CgBY0z6GUcaM34nJUr1X*7HptSF}s*73S0g_YZ<+wuCR%G<Z
z5@})k5JR(5xLQsu2+d@Kk-zOIK1px9UJ7c6O&pM{odFQCeLp;_vf+&_uM+Hcsm?0S
zLo}zog}ihKrHU;%dH&k|oMf7sct^*?!?t4U)<C{7xG09U#Tb?!8j4^&e$scC`?kT3
zNls!vmB?oGddAOlVa<3(Q6ziP?(Olf2~A5&Fz|-@>6C4857W7wT4eQI-(v{{?#Es-
z_F+u%r6!hi$IORm0>H8+-}o%n@bP6{#URt+ppYs2>gg%8dySdMFf<f`&8wSyWC?pg
z^Hdu7)kpzUPFcymZ&IbO)bR(8Kcavi_>nnD>XB1DW7US8-rdqI9*uK@u9z)Eq=+6v
zr6nU83bohZb$<|eOxzRUr<4W-L>BRrXCgKwR|geMph2Ys1sIAtJ@{@<R`ps)|1x|4
z`@J(^6{?q4?#SqErv<x-3XB#|{4Tnv=hL0TR&%o>k1JNC+u}rdBMF~#LA6*(BHnrZ
z8JB+POYiZt7(%a{iAqfR4(`SylBqt!#;w$rZkoQMzpA<nX$#x2X?j__tDz8jwCDmc
zd#)JT3YGCsP-!;8CYgKHiM5zu)0ucNoy1L-;RQ^-Ok0?c@@L5<g6@R$$(I2Gl}4TC
za(Rq{^9CV1jwb3eg!Ol7O(!r~g{=dL3<B<Q7z5D`h6#TP!=zs10oSz*{_ib$uLP|K
zq@XDla-Ce|oSI1*Z7Gfn7L=-<qYYzK-`0p^RnW8xI%m=7oQ<%-hx0JMlsNHJuotI8
z-FS7(5P;Ji0{W8C-qA?wvN?nf!%*BW=)+THf3gXzlDygTgp*W#WSE$OuO5@fj73CG
zaerY`p0Q)MLxp!lVWO^-c8Ac;22JN5n_hn8AnLB}D;idWnb?BZ7=pl;25-d~MkwV*
zN74rN_U59P;37gxRt%!10Qwsv!gJ&g13z<b3+Y5Ay2=jN&8>Yj6BdOM@ILru3<%_r
zJWcjp;zF~H_>9YUD^VE|SPGaZT41D^S-xId(#`Gc8``GUo*)B0O#B%?LLNy~lXlA2
z0a#|blR&|;IG7xjh^aba$=M;5QFrfzkKu8rEQP5|l5UJCqK)DyrS(4qu0iZHGKaDF
zX6x}%hVlv{MQ?Ak$`E9%w#`Ys?RQ0%nsHIMo=f^8FJO!aL+?QI=|I-O6)g&h_aqjO
zS7Ek<R+Vn%gh&$1u@9Oj+ABC_Y;0_bTB;jYfN?s@heIZLW#{UgRUhVIi#_auljl8N
z`kdi2m13wkpea+|{oZCGWSZS5YF|=y*cKb#hp8jQ;BP}Iwd_RWbgif*_YesagU&%&
zRx!skz;4S;k>fDSRii*ukw`Vhw$lG^>`fdrPF@4?U5hs8k?Chf>V?hNGDJHTmR%A*
z_dR$byJ`m}deoE;Xe@7!D_>;~#_yOWmn}aW`%pvlx}t^Er3jVi^y1Xo|A}8m@e6s%
zDoJ++n=)=f0#L8cbQo8?gn6aBvVt%kE3(W111i>oJjND|v@&Z%(w>sl?|=x3u+kB-
zav^tPA-7-UAI{j?n+X324-pztIf%-ask<kc;Jb0q&;@PC7x|_1r-$*%{*6io;G-ks
zQSC5Mu(H^zo)*^nq$QCkYt5cqYzS|Z=s)5to(x(#i+RzA-tS5LV}P?)Wh1cIXdG+`
zoNDSe@S*m#W9GK-`TjziAT*i8&|78<O(^B;slHJVKIhTP+N$_o7?~j7W%yAoSmB%l
zMEKAnuXtQhS=i`9S<pK@laHu&i#xJLA~CLB;7N`|&)u1VS}`|)@?98(O;Wl5(T!RP
zYXN}@HA^9D1n?2jVp}{bu=|H(_Vy}a>k?{iYdnDhb(mY<jLrC?)zINwD!cN6_9m%l
zq}3#Qm%^BahOXu!a|kI6x_P=dNDgr4J{3q`C<vcV=8q!>wPyRUqY>m^n#Vk%QQ8+l
zjZZD~#GGs#fJQBTd;nFFaXHdTEl-UBFfBrloWgOX2De_)Zs7ycJ@NkssDDVeBRo94
zH5j)Qgv4tv<w6z+Q`|VaBR~HfcNAqT9kXwgeX4VsW#OLFai&6sgXnx}m0Wb{P}yDo
zRN7CC<r)h=qI9(?dVIrtut~M7+OkN`%yF*n$?(;#EgVUx5Fh_7&0|<1s1V+>;F_ph
zk!;8SNue|gU#ZPq^so67l!Lt8kmhD_T@~WbN+GDYG+9rz1{#wBwIgRf@;UW!R$~wB
zIBV>+-~A`}SDJCJKCNZ#5&l6PA+5?TOIj+aNqi`{06f!%YQ7Fu>L>Ly)o<Zr@K3tU
zH)SCT!(QQ>x=N~d5Ivlvlx7SdN=8MU))<f1>$@Lak>BqTcNqk{Ldp^?^d5V!@`1B7
zG0o3^jdjs~7rZxk#FLQ1!T#<B8$k;24mr!v0IijI<wIif5hXQwHtS3mvQJ@7WlZ$%
zsH~Z?5hkmG&UmD(#+vo*Rse|X`AN0oBL#WUX@{R4p6Op25#<1rskQvk4dz5LZ890)
zSZr8wB@4wIK3DUN$ktcJ*H%p?QF<HOIHtWwOI90(5D{C)O^%MWNU?!ahH03wg$VO&
zvt~<lSsHoHFkU|P|1v@IbxzRB&G@#Q47&u)KcLAq_IWOHAGi_gO?V!@JzPWN;Hr12
z#cA4L%mH2Fz`tBOkMFd;$u#ZyiiGN}vT<Yy`CYcmkU+d@2MAxfTczjc6GaVCCoubr
zUM!5Sq;kpP?+_02O2B{7zS14qMZK$~;CU81bXMSXry!40xA}fa8!9uQdm7>OCt=;!
zw93m8=^%st#pq70DSTA8Y=hS)M<Y&-kYD$xyIUt=1~w@tF?m$<w>*IhUD#1*>nh?Q
z<ivRgws+Femwv{0yEpH?KuOVi&}v8s6DC{?X&s#CX}>*cESsFtjf3$XOU@8uhY2=v
zFRiA&G?U|z#y&fdt9**naqme>n97uyYy&XnOdE#LoI*NeS@#ykH|OaH(du1~C(RB8
z9q)b??tJ7d6Fft)BI%ChDiz3Mp?|(vc^+eu9-u9&_l*Z_E8}JW41jZY0=5zeQ!E?!
zzZIuI2r7DvbFf7W&W5BEY|KSh5A^&D&=|7*3Ai8u|8;`-Eve%@2)$sfvUC{C{?#s4
z_erMN^=mY~I4^t-e?SD{Ow1ZbwDUU5Bzr!;91d>W3@uI4ap{Ec&CVx{VM{7D@(Y(5
z{p}mtF5ZeQIXbXHTsA99b)8R<q54X5oq@-*#-{InVDCo<s}QQUF8f*5T75E8Yf2Db
z?6X3W(Z$7z5O*c%d6F$Nk$!XVX8GB;^l}(%Omd^s&(+=()9pR^san{&403N?Vzg@A
z8eUi3k(&naL#?Zro!kOC&ziePzS!(F-k_Q*`JPOg44wQpV>Sl?a`m?-`&4be`qH}4
zssH>r@>lBIFNRrTc?{JbL?2z)ZMa#^;H$d1D42{z?q^*OBMAp#io#cEDL2LebRY9U
zaQp+OJb)51G9ox*e+*$nD^nz46TRnGY4vW|hl^j9a#W811R^QNTB|AF4u#`a{P~7$
z#!&FB@<hE3iY}0H)=z-7OX0R}nS#CGn3;{PG1)P$OXT*;uLAH1Q4lX5kQ|pXAEwrz
zrWaF5(WQP&HL20vt2oA;H<%YN02!Wwv2q7cAxM;Mg~!67ZFv!x-H9o!4mki^z!a{{
z4&#P;<qSWJX}wQl8*-NEh=^_%8n%=Yqdcg-Zm&p7)Fd%ib_|xO@<5<OGE1bH@FMCS
zDeFJ7uj0q5#GUV-<1K;2ft<JGK@xI{W=l!lIQhZgAPQr$kj~Gk%r+);LczKDQ{dG&
zeh>E<bHR=yWsR6bWhZbj(q*h-Z#>9yvm?7rlqN3EM$n1a4{I%6IX+F=nwj2bkhO-N
zi?U<6bNG2}EO`|Ag2I`NdbbK6u4hobg2W3@#MthX(Q)w;H^HIaqvB}l#@Wf{g@q-%
zGhuK*F-Z?K!FTaL&_NPXy)-BCCg}ZonGY{SEO-EMx12-@P#<6_k0UkwG872e-)(ku
z45lrymjNl_M08JlE1)wy-|4Zc-bO9`SSbxY8*97&T=ihpgN&uZASuI7OozBmi&P8&
z?n-dt;L3dovCoISrl*&Wi^U{;@xekjW#n8uL#?d0P^<2vvI5!-OaZ@Tl6lQDacjN8
znj6)nl3ZF|8v*EK{#Yv-HcDEmsVc~|wyHtIJkTTR+S=iuIQmY`^oIXL`|IjGX@`l>
zp?;t}xv6}qem=;>J|WW4N}k8$gN{&)(YlZWb#~^-5PvlchV{r#k2Ur~2Timfz-~tp
zl7kJ|zyVL?kcHIh@MR;zHe^tVn@$FDcCrtn`e_xDcAGxfw&`c-&a@mJ{cuICK|Te&
zc>qMpab#-MHv5{O6??3GKrM&(t#MXR+zuOFjcm&?jaQXXONVAX*NSPl-}$zwTk4Rq
zL6&DThBQqkkxE!Tyuaf_SV+Bow#FO5T^Xbg@Y3xUHu^aHG9mB)0!>vCnF$5C*n@N#
zk{re9uqkJjbtws`c^tW&zRI#7*GhwP5J=_>muob$y^ef+I{$L?zEQ?cJbrHD8vOb{
zlzN=_(l`C8q8uMlhP%@BJQUHZacALQ1OOHsI?pw55StT>YY<i>BG4S5szfBi@indK
zVrsjDR=g>?CJf@1C3D{2H7VN%ng$PVi3E3RU&6HVbtEAcd{h@PjMNV42rdN|lU0Gw
ztdP{iSy<Wzbob}_qt#IJ0G(-xi{9&vRoz8rIMXiWmy+z8H$()+cD(bay7FQoW*w>U
z?K4QzrDw8Er{vU9peHwP{gVfj4j0OAzmcLZP`8^1-;!dHQ>Bw4$UU}!tRy9to6>=a
zrG8C<HLf%9A@k7n;~GDr>CR}KhCV#hcj#7YkI<vAK(0sbO%ae}j46Mf!io?YSO?Vu
zf%T$VaGSu}OdbDkQ))!ajY5Z^Y*$z;)gB7$^N|2^_LVUJ=Yz^n3C{)fDLZFm@puUp
zLL)CmV}K$XhuLxZUM<V5-V+dMchUD9vB9`_UY6W^;5gZOT7aMKxzSkA;e)zc?qB1t
zlu4%N+g9qW>athU3vFekb>bK_&H|X7&+tF81DPwLy_2-lxwCJ4>9KrfneUDv^^i|*
zh<s|aMN{*9I4c7rsQ-vxC#gXE)n8V^Mm)F+0sLY?TGnv#9j5xQYDcfd^x%By;e4gB
zoQkjGpua<+^&5M$ifginFsKMj6Z$$nT*9@ge{nx$(Du*8dP5}hL65>P9Zb2>s9BKf
zrW7P-=gc=}z+ne%;G{qZnDn@r@5Y-)FgR8a#+2vRT#d*72Q6M9V&cRrGw+dbg;uLa
zaw6xE;QhUsu5!Vkm^5ss9seY^dG^nCA&iDz4?%XRC0Wypkr)E){CwvI^cE_%T!n`0
z3*GrdcEG_z+N4sDj%r3ddi1UrEHT|A^^6Ug4_0$;WhKqP4!Q#ejyli)1;%F+f6z2H
z+q|p2#fQ=W6-ht_D*vaP@+;+?5DGPNz2or52FaRp@+XK;)17RhiEcRGb*!dT6C-A<
z&3wrS8Kk20C(q?1EhKGp11cuKn3TZ|*+|9ljmSXn11Weo&f@yRivifFaqhTM_=D_2
zS<O!OGZ1AwI#RQ2+r1-=Wh`wRND(#O8>5oX<V1J@hwBcTC9E)FQ#sGYP54U$vO9)d
za&fVve^aSWR;z=THbbgj6peppbQ~(VXhb$RD9cpA|DUmB^o`PYnS-T?BK~WyyF0-P
zZ?aW3DZ|t|T-)nk8Iv<W8D;xH+-ApT>9VF^<u}4l#!e-skoN|`{+3^tj~^tcJj~Om
z{UKBh)ZHSKRO9c_@%xxWM=A))MlwSQIAqP<^%xTR#LVMcG5!at!^*~7Y`1>^q{5E%
z(oF41#;T2bGjYFxO?j_@?f5SuMGQ1QnA?jZtQL6cB}Rf{My}ThgpSsK;RJ=3X?Q@`
z)$I=HEc>LF$Ee;{<&I$}Pj9VWHd5@gi^%zzTGsCt%Bl=*iJ~BEt{sq)Mm9YG?dLta
z#=VLD$~;>j79&~btHy+UTfYqmnkw;d%(t_!1sh>xdVsc0!Wl53&Z1B3ncd1UHE|#J
zzJ_is1bCs;cHCKKB8>eiYd)M+7v^G+I}_a$bvVs@Q;B0(HRhyBUT2RhYJ3G;$_xl%
zr~|2qx*J3bt(Gq~saOM}vRBgOLahtBp#OVh=C0Gna^4@BUWyjYH}(O`sUpXOq*Pe$
zQvQ<xp?{zQMG=VHRLH`-QvOz-Ha~*v93mscc<b6>Xc?xQ{Su2dcQ}54O{QS__(D9&
zSmU0LI$koT1prw#hJ>en{UE?4cN@N!W1r{;MS&m}%O`Sg(YH>=y-(9-kSQ1DUUbB}
zKzNKfp{9=weAIIaqo^T-G@b`85(E%}@NWv_Q!I3#4o$5Fd<TVL@orc;NyyW`K(z#-
zco(vbO8f>Jxv<340E#OA06OT(Y-z-UAvD8-XfMn9E@JX#000CCG+5xN1{`BSEtJZK
z-c9`@hU>s>!yn~<#!di|4O1U*!q~!<$)dSxLC$nNS-CS9r{XC|Eu-X8q`CyT?1Wus
zm<0)jrF*?4%liQD9+zi)wGdChu)Xd+brmbZCO$sVa<^*MQC0*4AI1O=J)k*WA|UTl
zFEDo>M`HFk%j!0yK|jKG^PnI`lxSWi`H0=PX7ufvsij=taj7CvZ6eHJQJY>OP6UeT
z!LSSqO!PkC3V}GZ_^UJZj&DJQK@_!4x0*};u0#YRWDVc%kYZ8ig8OgBh=t9EH)Bv?
zr-Xf31)QWiWSy2Q7}{J|j3RQ8x7TOPTR^QXAw1DxpUl={kqgm=7-F=DloP@nh`5qv
z$42BYMCzamI)G;O>2DXB2mJXOiI${MB*b#k{-?^nu4fm+?Uu{{?>-E;0ec#zp&NRj
zp={h0!q5n2b;N=bL?NcdzRAXHW7~J*Dxa<38SIEFIpqQYJ|2D#eZkHC7_Le6vFJ<+
zgfiMDeUK=#g>-pC#0oAW^WzC98ftQA;9jI8e~5LWac%zh8vrP@ug{Hr-2iDJtSGAv
zh#N<>VvnByb5|P+kpG~>fZ9$f$Pc4YSb5*ftjK=psiv2so>W`bo$&i7Kmu`XF(aCP
zCbL)yaNA>9SxohU0Ub1WQ$AMcEP1rb!1gUCH`;m%em~bx0?hfDXaMw+ubofYjqOgW
zUmFGN_FBt<LtCq7<s50J6}~tSFgu@hF6_bwJs!v)PzFP)|K8GVwhX5KH^SI+Oe1{*
z8*a-B-6iELZ19~uQmUcGTh%rXoWgxyQAkjrLx?EU%=A84Ypb0n83q{XQ$m~20M1PM
zfNN}bYH_pXXQql9OW5A(yExU>M^Ga}z5AaJ%zAs&!DcqVC|>BaLkKZ&1T(x;0hglS
z31!0kN1TtKW?3aut5|sZfpALEw;8+v0yp2MvH~N!YtD!0->B68a?ePlyJ67vY{-wf
z%bnIu$6dZa!dT~r;`|iIBKH9zd~lk9Ok{u$sMUv$B$+RXQIb?mN}FWL$721tFtm0W
zRw)wq24TzV68^q9IT?Jh$2@QV<2Ix!0lX@zlqu#gCt>r#jZsWDX!l|8h0Gz%4Yw~{
zEb6zjhFn0!3+4}TiNwSdwoMn8kG<6n@jgsZg{6>^jH$_+-@@2fBa@NC%Nt!1R7hGb
znH(A`kB%Nn-oVErH}Jw_oi59;+C=>L<1CJWXAjbe|M6_aj;*cqCUH#soA=41kc;)8
z+`lZ$(}bYhIqAQulHcO!;zPzk4;JmtoU$&ytLlP*pyUB2wv_t@hdUoD4_^vr92-!D
zZ4vjAQ@_@e$V+=OeS{f);()9`KbwHpwMRd)sn(AiD3k`r&N(wRAR{Rb=VMfZTUu8k
zFw9OMqH*1xtca9F)juDn8DC5TGR5*QLBI7iS0yo*RVgV^bKXT#d&^mHWmq(tT?cKt
zguz?QvcBF-A(?Gknnc1{=_oVA^F8ipYD~Rr#G0sjA(*l%u=spUOV}Z7(_JnqGdUQp
zFy#H89r&J<XD`>u@h>PzgWeGh9gmC&a~8c*qL<_C=xdy*!v#^j&=g)?51dPd4;V;f
zwx|Qckr-?7?T$Iu3=fJv3)VBl$`+dS8eZ?ZN6${m_f8>+Ram`N)a*Ca?w8*7<Pjkt
zEC?)Vs>Cv#Pr;*1NnT)r4GX_-y`PF$@%0@SxGJTAKFrp88DcKoNqOUl$joDhq<-Io
zu(bIeN%?-m*exZf7n3E}jh9q4OMwTDB*^=89(>aIm;I;!DA!2Y7<QzNYb{#G5a1O$
zw3iHQ`R88ch6*7DfXGc=^RX{aOWLe0#d+Pfqu34ejW}G&s7{Q+z?xOU$?c4khVnIk
zhchY+-u)?s$=3gl?dA&9(xG^#4;=4P8R9Sn^5~UlD$CYOUC`atewe!`Myzdzib<BX
cKj)h)9_P&f8}<b;$5v&4{y2ePsOW$I0KDp3g#Z8m

literal 0
HcmV?d00001

diff --git a/php/public/img/jenna-kim-the-globe.webp b/php/public/img/jenna-kim-the-globe.webp
new file mode 100644
index 0000000000000000000000000000000000000000..909a87615eb2935d70746f7819ffb919d5f7c20d
GIT binary patch
literal 98876
zcmZ_01y~hP+XV_pNT}4Iq}xM>NJ>b9^w3g*gmg%QbV`RPAq{hAX^@r>2?+%RkuE_%
zq~Y8-sNeVh_x{%heHfUTz4sgIUGLiasHG$?FBpuDrY9$(p{pTG&klXRi+3{%9gcR(
z`TG4kq>&GDbD7xafhmgbSh%*1X=4i`9Y~~l&Lk4)G(dNuv6-FEzEGBqL}~|r*=R@3
zUx;F~7as?H>RsnT-n+y>2J#CdPbHE5lJ#pbfj;L?0+^1h&qq3VR@Eym?E~31DKEc{
z<qO3hG^?Hb3QQe4y8Jmi@1C>g<B4=ZE{XaoBQF{G)lbe6kBe7w65GrdO@Gd7i+Y{k
zbPCwG;JI|#x%`Mcy`1#Bb}4y@kBmPVd4B7=X?I{rpxNaalKiv}3H=F|JPla#`HpNk
zLElY2Q9pD#ll&eS(Eiik$tMswvWb2<Kfd%?W%Sx`G7@Lov&ZR>=XZOJ<lcRG$sD8~
z^8E=CIk<ie*-*c>drRt;5t0shvH5j9aOraC^w#OTrEVbdR;T*t$&YQxW$s|)2V_%#
zncsE6%H!-1lc|8)<DSS1a%A$vwMzx0x`}v{Wc4SS1z(N%RT{kxK5n9Of~a4$%G+pV
zF7b|T5uKA;5*s=O7EDoFgW@pF`Jatbw{K0=KR)BIHqv4CjhMc?R}x(^5cmRquxCZ6
zc-b5&XxZMYVa#;85M$gQY0t60V0tFQ^?Dui0iX(YeyrG<c>i>}yo;N$U5LEyoh;{r
z^tKH%W8$|6*`|iTwiV~RVQKpsj76SICQlO)spLF;=Fe75#~8C_xGS4`SPJJN`;RGZ
zS?g)@#Rp+ON)R<&V&^|^G<=&GqkbxmEPQXj<s9&NiHGM>e=4S>pSs>IfW8FD>Co+;
z7V4SnhOg<PY||<wrh$(Z+iD~QZ$NVTy-f-YyFL}1|KbZ^bG~Lb%p+L7VQduHDy@ln
zM-Pl{mD^p3(^oUPj*X1X`OAK9j|n}<(Xe44`&Fov<GR^+=8MQy!OX<lggSv~cM*+1
zJ<#)m#X)~yZ%5NhaE-}=hw$Mv=hX`@R%%J2_wiri#qamInwQO_^?I{(QPqmbc52UI
zKYDzx5jETj^g3xRfNQt(8mqaE9@FC>qYQMd^T0E<PcNT|6QqeMcTqsEH4pkSZ%|Dh
z372FCfTY%PI%vr|DwRqT-xg^b<pStwii#JZae8}<R6F%Qr*+%mCESk7Z?4j}R?L!(
znvjKqqs?zE)|>hFkyj(?$SI;*2%(H+FZbs`lfM@Z$idr0UeBMcn4VWxll6y<?O|;W
zB43GM&)tZGi-_2Rpkm2+uOxJngW$hs(19sALvsQux5VmOfQ}4UJ*$9z-27w+nl9>P
z!37wbpAVs5Li3l;d<OkkJ`*);VzE+GlXoCA>qp;m;(*L$3zAwB)ALW<@z2~?%TV5+
z&TKz<Z1^6s6p05>zq|ckFOi;wDV*~=sOR(WoWurt>niC6u)#FC{}@yAQr-RG*#QmY
zxDq56{Woh}bFI;2^v3vNRk*>`XeRW<vuf1KPnAm|jeATOUNC(Q{qku9dfCOwTkSox
zZD<sA@(-QC-+K|_!g^i#kRfh;<YA(}C-+gt8FDdKLA67nPAbZCf1-w*p=S!caeZ(Q
znI^;th3&~>C=8(Z_;*1U=9U<#mdD@@xf*h2683l7-X2LlvhlyRw~BoHYn1t?_?TXh
z2jjCC)N9BikLO6cqoer`!1$rpH&~VUC1?MI=*kP*h!M@E^qa2#2KZm2K^LyB$Zr7T
z^pPGI{XPCl{y{Y-l&5PydD#;4_2w}EPl+|CoE)rc>|-1~JR1In!s9Pvdr%CGXQZji
zPg^{-GHL{-<V{R}Q9#cstUeJmNdEs{A`gkvKrlFiioppQ#(|BeK7T^3rPV783W=q`
zCZRu(rzKq$hz;MzfB~BLg^Re&DJCYVS}^JaEXDEX+Bazz6`w&azcODkGRRQ30QUE}
z|1SPNW+zFiuqFiSgCPesTFOZBn4)3`3M|~_NDDUZn|sBIP`U=9;>$$Mk{#|UFU;?(
z*tVc~BEP9P70d8Kt8De$21H=c3ZpV{8MSt%P<eC4%D+%>l_~#gT-|yrKu6Z$uC!j-
zo2k$x|0BY4RG2MkGQ@WzxK^VAT=AJ_vGlCm`W#bF^8v{dF*i(^l`=ya_ZwFkdaSC)
zWE+Ft;C^HngAnOQ#W>x{;ZHJN+hO^ufc<~x;{rkq%HHxfB}hIO@~EDW@Jy7E&-Rtx
z3s9h6EseeuJr8iedp-LnnD}lH;Xy!W9@dwL^5sh~)}ZGDsJ&lyg-tqvFY7Zpg59`Z
z{2TngQT!K-MA%PZ4yk%H-jU)r7kO?lmt7&m2Z7O5s+_BYCj8xS--deX{40!R^2*+L
z@k5*2?`vUnDRA&A&nXb{3X{0&--_aX|3$e1%Hj^&cmL-KA^7>YZprs1(_8N!8hQ1d
zh+DHx56h3gL^-#rRmnY_#DzIMn+}D0D5Fu^H_xMfAyZMr#0Obj%8`U>-S<x{T)|{(
zo5xO^UWnTNnIh(4zF^t;U8$sPBxgi8Y7J0kJl&zJ&x4ZpsIsYlsx<P6#e80-yz&xu
z@CuSIe!sna1rK2pA>XZa61M#Kyt;PPy8HzifP$t!c6(TF^m+yFeG=OLfvKphs3W%O
zh5^=#c**<_lH%Cm#i^OTNC);*{uKe>ZO?>A-_iN{g#Zqso=K$j0%flA1N4Frg1|IB
z!tGGKMf}MOjsS|vmbzPio@%N467BV}WapoA|00elDqf&Ss!N1}C1KwTV=xMeWy)(n
zkeNFV26#;BB<Mp`1W;Vj$w<{LccF9q3N!V3N-#+XzKz40R9ML{xuz{u5(&Jz9wr;k
z0YyB#gzg%ClYZCYXAB14ubYfQCh1Tp42*&`B2NQa|0V3d(IL-3K43$49b6*>!KmXE
zd9WT2ng~z@0J41O_!XLNAXot5Apr1AD(1651BiDDrx#R(S)MdEZ<dE$P<kP<K}MKv
z5QD=v=q|!{^jw4cKk@OvQat`Q&FB%RGOH8l4e%Ppz3+n{>T1Bh#m42&+UJg3q4n1P
zumhomK#P@?slw}wGRH5hVE}X=0ouI_YmJeBQ8Y9y9a%rZc8MXQCQeT!(Z)vlNkEnZ
z8xN7vi~%y}1;n-y*vYOCf(RQKuEr}+-`QtE7^9N>e^<_{`uk|6r_3m*5NLYN8>k6A
zB!FcK7U4xE_2NqsD}x|OA|BYRm>@rB)M(5|=kTc4J#W*fqdCd}!}xiaZUEIZ9_=Pr
zpl;EJSqC7DMa-$|OJ~Z*(m*iPf+y+VZ@p<T>-2Y)?Pfpw4-)=O-7BnW*;xUavV<eU
z`u@A_6JmuPu#6f+Q1)wnmbH`h%<Toir0UojMD-$5OR1KK-J~O*R-f{R00v>(FyLnh
z7XI7^$Z*F9yB?i&$ZK{=`aKVJP_=D^pg}q7U*2EQqyGjx^Awa;QgDPWSd!4~ekUIU
zSw3aYc7$@!H8>AC#-r*$4;;)>!yUzr5^bJ;Au9ud47%xl;o{ar1z1gi`|X2iqNQ@|
zkW1vI89%cIUinTj>lH*oP(_s%@ohKHcKh}JtgT!{e={)f9{AnXHy4Vy$S@#I3SJfl
z>_2}|ideapB440VK;rhXeI*0(H8(-__?!FLl*Y*Ttc%EcrJEm0!gf}sw;Qo>XLwcd
zBEyWFa-rfxPtGN0FNK<*#TLz<cps!119j1RHl17`#QDQ)P~70^g6gvwz-%LCSKta>
z#g`@?*nTb81IjUj+%0<$AxVh0+N@H5nwvq>{n*&Ey7&2bAXfimEMF<nVcX&`<iY?j
z5)iC~77r@G*eyCBOEKu7K^T0sT!tUFZi=P<?@<3cx(K@xRm}lN1DUg|%_CG6UO5@d
z2?H!sttJ7YQm7nU{=(s7@RZPzwXZYHVw(L$Lb^gcp;t<TAA<Km91p?wj96}!56~w`
znh=H7|H$tn56X&wp_;X7m_{iFio)feeJCkqaQ*hbQtjXB2fmUA6+Ev6hs2okbq-(A
zf*l&ZTR6+I&M-4!{5@3u$@Wp|JWPa2e*XR#$doWm#>iY%Io@r-WCf0C$3iQ0jY8|X
z@#-F>!%wH0&6-p$Yd>#%RBFnd<)>Bt!N{;hvO7c$|ASpIZ2c*KB}lfMj@qwQD13nu
zU1cX!rh<zCXbJbXgD_+i4?F^EeqewgqhOKQU1hz^l5jf|`^f+OmY=~#%Gb6=89Wyu
z;eT*eQEuu92McL5nqRN)qh_6bpZhP9Babwa@iF|vVXs{O{MjFzS;TEInm*8I<VD4u
zky|i>E;0rFm4g)#aF>|xq}9I#T12$ib&sM*Ro3_-`Y+$P4O_j=Dd6D52eSSb+S81&
zLs0~_0ytpyVttR3r3?gHvncA8$KcP$onB!cj0!N;O;5v;Y7c9XD_8uBxj%lHx+r}C
z7`A$oe`r|-OXH67C++sd+rU8(l%rf%js)Hpu<20V21{OO?|fb;xyyIYGOZKPb(+84
zP8As+6PV&Y+QPq2u1Qrm39z%*sJNa(MgufKzC}g<t9s3*a+uEYe<ggJifcGiI-70}
zoH@8_;lXAX^cW%7ra_d2LVce;-fqW2QHsa>PznJ6i?}JbVnDWZ+DzSdHB%vOh!gRF
zzO4A7mXk>0LBJSDvw-quv<QwGoFRJB@lT*(8DN+`h<k+gk4#?`=RXM_c0#C0<)c`Y
z3qZqV$ar`Fj2_JCb4FHBj$1!0g2hi(na6$rYm`f=p;(^o)KvncFS=>rd3WW-ah9TF
zxYB7=d!FQa=}Fg@Nf`~IqD}9JTmUMNnuG{JHYjke2Aw7>3-~W1jFr9rHy;^yC*Py7
z{zw8D$+^N=iFs#iiODsov7ll#lpwe$xBuh##x7X4DmMubmQkcDxnH{}sf(#Z1OVdx
z>%0w`Uph4tZ2?(VSg$I)!jO0qn&LbQ@Z~uabPufW;lI3EV_Fx8ti<~->1O-OexODt
z>^EBKF&-2py3>F?G-Z6q?NhwNk${y5O@g`0GI!oxMkY}PsN~%7d1S&!PS+DQp@9B{
zxcLV(QX_9`iEWr6y%2F3yp&>ykpWN<5JHt>TrV3K5maSKN|~YZ00o}vX6HGl>J<Y-
zwP`cu|7med2aFdcuf|0!5dIZj9`zV19Xbg=>g>QMlr>S+KKl_A%Lp8a%l??e@;C52
z@?<l39!zg7D5(o(Bl_5VfsIjb?hz*pqVaf@_?5w1D4H-R&6N5CWq=eoc$VDvug)4V
zNBsNt(d<Gb%raGzi7thA)NB}9fwQ^GBFrJ3-W6ohViYn2x5HU5J+TBO08NVIQ>`<k
z&!ldb-yY>T<MLDfhalKj!$i{~Q%Qivc4HYn$^T83xpRBY3=e`TV<77ll*xc$S|Vu5
z2VuMLj55>u0{s5~{db(&noLK}p=2#^t>VVZli8Hrj2ko$hpdO-ZX^tYLh<P3b-c*f
zb;vHzT@$ro{V7x~G+a!2Cy7~vbqhE|c!=6=utKl;9iSYo2$s}C@X;kq-^g19p-CiL
z3zv%{RC5(W+f&koE)muLun%hQ{`Mw%`(oaD4ymZbd$$QHzz5(zOqxzT6~j8?Fq$$6
z-`n->65dyXpiIet_Bz5lMW#foKxOrbgA$LsT|-8B5CD|M0tx}dnnCcSY@SrW;g++G
z;wx+1JCfCa7Mmu~0VCA!qi_HQ=yXe;{*w>>M^oh2qYj6_rYxzVCGdlgVP!Meq0C5*
z4b$yuHbB#+y@NLcf_Y3<<+B`UWe2;m3B$NT>bBBj3a+E8G`7SQ8|VPBgSS|LLR|hp
zMlEwy*!iNZdw?O3-TxAmiFmE-DXlyZA&==v#>XpDthHJ}UP%i1S6%5918bify&{*o
zlDeI`)B3!|>~Lnj-w6muXITfqmzxmLl-<<ak^NH>mYaZH30Cl6UY%&tITXqX20%yY
z++$O7(w%W@2^VB|+I5qWjH%?4mqxcg532mT2M{=;D9(fFo1O6=-lFuM|A<9bUJ#K;
zH-sVpG~X#l^7(-fkTdA+z#NvS$~jrdCV_OIj0f<bV?)OSI|A8^6~21y;UP4oYV=%B
zUamTtnYyBnXpNC&b2TW2O?s9pc+!hMz^8`;rn8vbS=qS(&Zt^&KNMn%F65Coq6{WH
zX8j}e|3K&uFG4Yd<hS3}K48EAbL@BTp@#AOd%YY~683;z?a>erJk-%G2ed>`SP7LW
zE5Puum`?_rf^RK?A=rVk%2TpkhE$sHhSj7hFfW0T7)BV}sf{HoKZs&XM7NsPA!q?A
zZU460;V|G?kE_%_+BxtaR1mW`HwOU4tcOfkfB}n6$~x*oiACo~bR8PCo>!J{1tQ;?
z_z5;Q6cbwL(S^eR7iZ5w3X3<9@!c~?E@6-MjrwF5To%cqqbLWzfra-Mq0j;qD$`Ls
z-bf0EK}_x{0zR1UbjcL{e;Z0Rg#;=2f;d2x%$Hd$kLfuSeD_}n*+b07yoFm_!R8Q3
zZ37mwk#|6PXBhCPFziuQGdV74LC5W1d6ZgXO#QXe!K24sCSkQIOHeJ+!7JG!Z2bmy
z{i?r?A_NNW=P<s8L0pu81828}<R3I&X-0n<)56*v0v<&ONrodIWrJ%7iH@Hd3h*L)
z?!HY>xxJk#ir`5iVfO>#>&6sKWRBbom-|y*EN|E&P1GcmSkG~6I%<_{nbKvz5@ua`
zrtiU<%-@swV4Xe8j4U4o1@Tb8H0PQq4WLk(vGWlVZ0Q;Oe+l?sd+>t1VV|}OF$Ek8
zFdBIWV1TUi>r#@E$cdNRCXfvz2_d#pPx<Kv+X4U(xi&--;dPF}bn7uXb%*@SpZQG3
zaKklO3S>z!7#IKpTY%F1pfk*@Q!haq`xg;`c4||t7zAiCjRDqcVF1+jFRxGAK?L_-
zjsB1N#c<B8f$IE9=b?5lc<|F(sux9dlZd{|g5WL$34$jC4}9C)*3sp`8iC5QdRcB-
zxe1wrAkVpj469f1G%%e6j^STK6p5)6?ZrGC=<Ja|{iK{QqOjqrb5MNthbQTtJ2oS>
zLS6qg!9Hhyb5vb24ayycu;fZhnWg?mvV0_|+Rd`os$~8%<*^q45rH7=LEA^Q3NVkH
z_CCn)`1f@9{BtyMF+C%zjce97D99RKSOmE{W;1MRcX8|*bwLG^eNzTZC9J$WIE5^S
zhY<T5Pm!qL18FZc$~7h{cmIc``v)RPk`t?0;;u@eGYkqi9a-M0X1B~)U<6=FtBU$i
z@<M3`UZnegG6Zj6s}AZ$<8vK9oFNRbYL-@J3_CC>W$zh$QNfb?!o*+E2A?cd3MgY<
zP|$*qk&S(meTNWLC$ip|u<c)U{7;|!&=@3E`73h%kFby|_k_eelVe_EMow4`1}yS4
zMGB%zL{y2y6#$f_R&|aG`XrW~ryz<fO>);CbtU38>%-^mC)%9r>OLysWqN6G8>I30
zKJp>nWZ3>tgY_wU<xLc&i*v>5O^CSxl$j~h$0)HTns&2%iw+V~uY?+uQhOB-+B+E*
zY?{Q*M?`pKj+>f9-IL8fG#NaIN{LmdB4hVepP&Q*a~BAo8kY>$z2ae+yYxXL>tX#0
z+I09%Y)!nSg63GpgKyxP%O46!^T=C<Yipdn^=B0$YfHJX4E(zG@F0MAig}}g3rd30
z+gKrhYtsK$9)*{6&2>Pfatf;1kN}Y+%!`P}Q$RQF+QSc(wyZ)qh&x@^6dMMFGGzI2
z_t46xuWnn{yTdgn$tN#q_Tzpm2H`ePPFn%{*<f@Mu{7bk*&h5{@@JnD@d5M%5&O^0
z5Wg~tE@e1^nx^UN5NdKceM$c#Y(a|86?MO}|AE8#aH)rPv=NN_OkLdx<zwR>3Ck%1
z;J~U6HF3>Qk6eMOX*zMhSXZO09n?kMIoo|fRB3N~7axuOK;7h!EV*8EBD$jRcZ_vG
zS6l(_sE*QT4}AV?88lvpN=BhLBRQ&V`eAVfcEkVirhkGxUfctdNkEnSkzt(?c`n3R
zQB?tW#1vf`jAE1q3PAwCOa_A}fR=?6vlazwrIq0C$9EmVG`yHTx+A)Ufl|9@ZE__H
z_bK?mYczeT7x;8C@Jb(qwNDg*USbkM7|N1f$3)bqJ{iUuF&WMCHzHtk-`f62kpV{J
zK`f_T@^}cncm@w<{ku<J!jepri=$PQR;8g9O}8AX=jSagchavoJ%>QqMF=H+J3*3>
zmW-lqmu}a?f$NcXJ`D(SQ+A@eR$BN-XK@5%L*_TGB_eF)$czne4224~=EN09tvtu5
z3Rp5I`1ZGSQv7La&#NOmh9F7I;N_iB$Ozv#(z^E<DWbM!0RZYDAOeCg0};&aY(-`W
z`^G)|5UNC9Wtn}9{*jv>K&2^Kj)^L{wLPthzOZN7WNdq|mh4Q4uM)`Ybqvr7W86&<
zENJpk(qEZGDIL1!w}TX!KSA3e4t)M!rJ1&?|LV;D3=)`n$)m|br#ENN+4P(dYG4fA
z%a?Kq2R51N0HXDh<Y4(rIHZ^CkgH~Y5{3MwBkLVXZyr5q87w)M$-&-B(e~ABv25OT
zTv_>P&xAhA#V0a$qZzD-J(^qn4ZJt7wK7EkXW5=_oe?S|`Dn~|4eSwrH!W6q{-|4f
zm`kr((8?HYxCa;!Ku!QOiQW>!AyS_>zX@J(TxPXTq;bH=i&k)}*(?G!H{+@|$RcKY
zSLk-*F$IXU2`Yzq4neha5ge7t<s9k6(54xfM0`s5*qn&92-y_h#jIsPj|_5zenu%L
z;{wSato#pF=(yBoupB`E`&coEum{sYFp7aY9{A~oQ4)`j-iCTXJW&=inE<McFu3HO
zb}BwjGi!AzwG1(CEMaEJ4CFubQHv;QSR>$3rVy$E{AcAXc-l16sC)3h?(_(HJVY}1
zRzc(g)bZGlF+YZKl48uC6t6S02J@c|zx<D8CP$ZqnJt3M-y@AFjDvGhqUPIVH<@Fw
zEME>w0#*y-K4B2EFE^}t)$7TUd>S_1+%kq)g~snyIsVKumdht_RFfg**0~gq*f`+1
zh`1q|3jWxQW6qWg5Ed|dXtWTJD2ASr3bFUA{tu-llb-1Fniu{`_<vW^yA^kpczvJ-
z#gv!{x*1S+VXW(iVqmQ$cNSi5A`S%@lNPg}dzmTzoG*LW*SG9t!y@bU0kl>}fnnSE
z-&iFoJC6L*6P{&)hZAitZnAf@?SB>sNznHu*T}&H479<1fyGx~86G92F&zBZ=LX3|
z@C8D}K9ueTmW1<Fyn(h&ukZ^JuOUGj>IV076+59!hgcM#v#iEyB$z4AEiUg4$!+}#
z&=etQtwxovDRfB^O?pRy|DuTV=#%d+B#DjVPwsX0ojD2^jUabH@IL*XR{3CnUfa)B
zT11t{kGTEv3f|<0=b^TPt5i~etiOS0cNe7P?mh>UP#g;btabVIrwO>4&L1hxw)x%!
zRm5g_@PeVa?(F6!RK}EKIat945f44Zm71ET5Zfq8tZN}qWy`P*`l$Nogwqm0KF*#I
z;(zV*BAex|gJ5Lo9jCC8eD}lW`tal;8HtJbkR9|r?&rYU$|j_FbWrN`TZo`C@$?T3
zH_3>k?%EK8s%?516r9cFFKx+)yI_Egq#Tr39Or1W)Vj<6k;(>^{%lODr+@Z|%CC^l
zlh0#F*M@kZc{wjiHi{jMhO}B^uG8}43B^ZSzs6iOewfFPIv6-S7v^nd##6yXlQKe^
z=F8ut5D*u+@p)h)<*N>c1?Th5E%PZdwE)w~8TA%yDZhrK_X^WU?^Lb_=e)31iI6A5
z2V<i~5u|CE*GGp*xbaJp*U+Op@#<YaYLd#rzw&rGlOs9jZlmdop;5{H-CDIp?SPy-
zHV@OFcgBDGb|3`i3jPRT!;Fm_os7jRB|QW|7ebvlNWuy;z8)jwa2tKrWT*QTV)k1$
z=dltnUNB9`Kc(4=SwADk`@zB^WpC$^u^llhBL3}S#NtRM&#Z@GOvYUa>hW+`24y3q
z^@9g*S(kj4Zp?*#)mM3`Sn%tS;{ufUk;!S5v=FOc^kDs?1N^Y~NACh2|FvdeibnU`
z%>`$3NN*~81%4(ZEK`_RSOD})n4k@c$C_D$h^Vyk6wWEiYob=PZ0b|RQTgPY?zp!j
za5WM=94NX2w10an24B04{=_pN8j<`FrXb*AZ3mT<M+ZdDaXlXHSWfZ(&fMJm)nF7n
z!?_jnyLqda>3yw}lpV)>kD=zb4iB~KHc>vYybVj-#&~Lg9t=|!UZDmtvGYQEO`~i5
zQ=togcl9`a8=wrk8hGtJDwpK@@hu*)RCCJy{7tbBCVm%|y^Blo)*;NG>h+ECC!Ew<
zrNo5i5~As_q%O-81MI%M;nC6f&0>~bqAqb|cF73Xn&?gS>@JWPC*k@Ye@&vz%tIfN
zY_@x}c1JU_CqL(X6Z#~JSzf0-eW=Wat{HfqnXmjNtfuHY@l-M=qg?}`mV|v-mf?Gc
zU1!Q5S7ll^>q0;ygWg{H-jm21H*o$nHJD4%!lP<}FzOJ}&>M^x$HtVg{rHJA`scDJ
z#Dki8Q3h8W_yAY%4>ig6^%@AhZ!KJ;vR^GVeZ#l06IVUJ!h5WOB1MV<z1OUb<zUz3
zjooC<A7c9D#L`kR?e{BV8Yfq`XZ1u3-@NhOQqO4O(r?bcDpPr9V${L;e3tgug0YO0
zQ&4X9{hL}W7l9{L#r4M<?Xlkz4VE4f1&KNC@zvR=*<8LZn?%Z22bXcD9kD+=`;^6A
zETJQ<n==G8%T|b+D$e7XM1ORXKN|(hzxWK;Cn3G0QEq4Cry9?|N*)%V6E!iqqe=_P
zS(0r(G`(Xh#k_z&oFXBid4d~zhcCB}A~tJyUoe>u%|_Z3-pw`ROZb?7YVw#?DY#V9
zob`^m2?bY-@wUL7P^k&LZs$(Ss?+9=kD6we>x8IDidOX2SxPV4v2O3(ca{BIsnBOZ
zji*4a+WWP=BSHU|!Bgr1wpWRIRTsGU29n&M6Bm7vGoc4hQ2g<qzAli*exVyNA+yc$
zLQ^!!Jh(#fu{hKen_{Iy+A_a!k7&fiq<U$6p#1j`9n;@#gipkBDt=+=vDgy#OSMiJ
z`@h3satyV*xBU7OKfB@0&XXkrGx}kya&KFj+lc4kCl3%0(zMZce-OxRx#bev2J*V6
z7fZaB*!mN8)~Be_vhdxNenm{S7mp#$Eju(v==6<|0`x=G0F4!YYXlbozwlefv0rm{
zr`F%5>d0cCL^CXXtbUH$8diTR`;|^mUmDx<p_DYvl7oV*JOs<)K2(06QibWVuL^9s
zu_#f6$HHE$q%^?fY$$m6-1G|fbw_!#ldH;wdMqB^pTsm}3p1dy7de~AG1~?%3Gl;d
z)%TFbA9bEu>VK7cJ&S&^AH0=fPgIWazV#ZcN5h1Ppsy~-=bOi2ZJ?*?^sJw%4$-(j
z4ZX?)_TEcrfg8?Ttpx=s43tk<Ibm5^{1F!cw{sij*|ds1yE-hRy5}Ie^vW$UT+P42
zwDc*YyuhPTCky`6y?I5747;fgFj3x`9C)q+L(%6bcV@NxQubxu&&BSuKdlb5WhL6B
z?mD{O@*4LoEtmSecp&PQfu-uF*_4GZ6^4*5i8N?qn$%kmbsx;*QBy9{(F&x#xk$H3
z-~9$DI#KU;s*aw-=z_V-8Vi4X{CfmWiB8~7wSC|Mdp%?-?ln}h^}Oo#hFk!LkSeM3
zy59Y&E>-zwX*agQHy_JJYikeM#M5!75jNqT=(_o{gsPiD8y9qcPe-8Ez_c{c!GN&^
z3B7LtLT-XgBBHEeNPbsu?0wTs^d_t`<aqVY51-fh?#^jh#NSfTUXce7rW;tkd(NJY
z!$yQ_Jv<iNziQUGcCfokC6%EQgH0tSYxXuknp@Imzm5ZkA)~%in<N_Fru5oloFCuS
z@}!Q<n{lmJ?}kyXl+IDx2p0$SYTa-SJG{$T8~HR$K`J}4M{rGDIUxcdw`ct=9b}$O
z`7-0{?uTz(?cyY70s#NSO-6x29AO9Pd+xC?_fF#c1?a4l#h;xq#+~zp#_P=kL^Ty=
zAsLXsiegj7USVBOFOzU9;x*%ZGIoe;+VF+|znMHBXK|w(*JF|U>zipgzo8#^?3Qv^
zXw?jwQXxGfVuGz>(!(m`LmoPxHmEG?A`)1TL_&C-sVq5IaX*<WxW<5{-xmy|u+#5|
z*@WuWat_z#>6I`Rd8^WaK!0)C#p9Fq29`ZS3LP;ntkm`%sd<DuZsg7uE;6*|)e9dL
zOqFa_@(DF{d))<SCon!H5jxpmj`#h$K8j@h=Wy0to~~ffz_po=VN#Y`JiHhn3R4Td
z+Bm(-D6?r+62;>}g(>J1dLFJTY7-3*eGmyECdF`7!?W5@G~J9`|3sGj#x7loSLt=u
zmsc4B#SiY5I2@eb<*)l}T4%UVDiu=RaJa+vB#ENNg~DXAs<yfFEtwpqp-ZM4SCvtd
z=S_^h62sbiy_;rw_I3@kzg_M9M}MEaG@2{szf8?ARHAcB>Fw{otBXmbs!N2uzGvVF
zh_tE{D2d*GzNAC_@bZ(?)VkM$1b?Gmu=(ynw$hbUB{x|J9bPD7F}Ny-nXd-Y3JYo`
z0qt8JdOhCmj4;4z*F4IRk(^P?4OjoGSHF;HJiBVe8@yIR#XajcdfuiQ9aZn%7Le*o
z5NvfJS`t#V^mO7wMkg5*)K+D!qZ9aZ<*n8t(?7{>2r^}Wmjn+UViFfF&*|k9O0lW<
zVzMc92D2c`(1zS8)yyttX7c&6x=NootTEVX`3?CD_eOw2uh;vJV^?!tV;-pAVyfx4
z00>poZwh4RJ>To3oe$_+kR@k1yP2PG$6wZ6AwiDiFx+j@zzoa73Q{?tc00d}U>kM3
z>z^>b{7b;*<$4!HTcNdCrq2P0D-8%z9Y$%&1S$pO9%9q?<2G{nX4+@k5t;mqKS<fP
zk1nAL$s+ZA6IdpLDKpa=5bytZ_?N2q`D)@T5_JT+kgj@>`OPRxQ<FYhiH!GAdGLr2
z=S=q*S(p#%{10}xs0;=@+IB6HUsqekc}c;$w|*_+v#r0-6(!EudM6?>WqJFQjM;N7
zDD9=W{;f_sy>R64cgFsCht+Jf7XQ0@%W={UIIu?Ykyn1kb4i!7XgrPhztHWuR7W``
zXZL>Ge>bTWgP=w2HvvRM%fvR&SvG7EZC^+YS8q$*p1_#h-z<CSqN~CSkDP=gHCV`R
zuqBJPN|&8|G)<(Ki)mp$C8;*$`3NpO_xunWuj$NG-A9~S9QnO0R~7*khF$xlt}wXO
zLc77h{zf-nTX5$5WuJL}_fAA|@5e6^6F2ncXT4T}aYDimW8*9RsBqSU*b~q3LQ8k5
zxzsLH-j|g>|CKat>71CeES+yH*WvuDDCbOnLU7FBl_j}^y})g!XN1cSVKvse51fO(
zHcBFUs;t=k6p?P>y@w+Li(kgR!hBhp)5vi6j!P1Gd4zB~3Ti8|>{l9|*zX)!>T8dz
z=!kXHOPS&f8e1-?50K(2s2Su~LGm)XZsRNDN+xwb9(1Csogg|G@;J2nUrG~|BAZ5t
z@TB~N*O=uaG|{=J7vF1dR4(`ii{l-xRzvQc{Xp`}#^d{)_+Q{1xdpk7qXE0^{2cdQ
z9;Ns8{qCp!m~6XV;cHZb>0Jy4GYPwOKa<nAr~I7r+d{5)oqYU4&Brg_KD2)yd0uT|
z^dvX31UMRe6B>5Gpa~cIv3+ev7I3iA0Rse<vo`Ay*o>Od?lZN?H^zV@pDh&}<TuA$
zmiF>{K|N>w*bl<ojlh8l^+o#NJ6a-2R112Kju20QfoEP)Z-dMQ_ZvN9Sg=2fwbss#
zL!6u#17Ui&2DO`-9^5Fc?Mh~xJIH<yyvl}jE25!AS$Y4POQO&|oIue8xx0L>QysUe
z=Sqi#gvAdf@j8t&WPFXIY^DB?S6_v781-y8gT-$%T+Jr=&~_8?dRrDScJT>eV%v6L
zzimF3lfq`YyZotEBQ*ofUUm4jJ3+2<*b$Bo%JWqhejKdEC=d^Ba}0LFb%#<n9gZU7
z=attJSoc+)0%ni&d&7*dnWR<6DsIF&fb^5iaLbp9+yu4TSRMqL$Ei<_dBRng>8p}|
zDvN6K7tRDc-}CehSj8d{mcQ&|yW7=M;YVw;Kl((WuhtvWJh*&yOtmy{ZSBsax>noM
zr{#46RoIEoL}La&+P`i$)DsUeZtCIj^_P`9*->|`cpsrh2l42ASLE*M8R=|m{VCt_
zOS4AaW=U*Vkj6G8gc@=63!e;#xPq&@&lG(Oj`un^Y$QM24JcicEO$NCR-%(cp2k!u
zIYdT{&Rnw0KS7?7eEZVj6n<NH_2wKp_I<kQ%9Nx8k-FP~Urvg`B&?s&^+XC5n1mWV
zI!_^dGwzC$Zd#xa;gwSMq5iG=qcNMI@;+gDDeiEv`@yxICa}$Ml#{I__F!0u$r7_|
z_x5-(@2dCP+pfA&JfcnQ4L@o_Xx6Vyi@z4<%Xzloeu4dpzME*??}<JWLBDHGZcvyp
zeB51ORr;ePsg#0ti2_r{bRgG});(SG%BU*VZzM|7dnNO5MdsSmJ8rEiJ29+oI5LwH
z;>4}H=;#u7E!PKwOaJFd4yK!Wo@t19La>21t_Mk$3h)a-=N2Ap5NW@Zz@0e|I@aD;
z|MFT2&n7;w@-+p|g}}nAH{z*kFWD;1iAOe$TE5mQq&?r^7QTNg@z&;nfGCIm>7GA<
zTi$iiap@&&Vo7sl9`2WLyC(3&eB>w-j<2qY<`;q8<=3Q_PWa^UjWo3PpNNO{D>ue2
zM@DR>Qb<`^g(|fG=g78h)~Z$h+}?Y%SaXjWX*O$MyCR-d93VgWvk$mEHx_q7@Ht=0
z0=oiD0Tyr>gykMxM(=}%1*hs68ZB(WFFI`}Et0Sao{@NG$ym}n%ez%*oVTa08mSTV
z6dxau;L57y5~yo7iuK=9f>CDUZSVUfvX!N9%FNINzQE0)+GuH|Q-9w7Q5>c>=eXU!
z!DR@Jw4jbc{XGS-*u)q0s@`FdL7#Wpo`RbI+U$_~MPzxhYhAsOCjf)x3VLSbH~ixE
z_Q9~zQ{W5{lVl)syCB(KvULJUE}y>_O}l*~;r>`@e27{aA7+>fEApGfQ-MpOG>yDj
zrH#E~e)MfQW1P}^F-+45ejbI-dWE*t9^d-9{$MP`(Sb>_lbzP&c9w%>!~VAf9DJge
zHzcHs_u^6;bZ_1_u3HG+ZJ&cvgEOzt$CJ7bg&hhpr{&MS_wS~rg{2-(H<sQPi+*!f
zzzvteI^G|h3SX1f34cJEhRAK1RtXvp;7udJrd|5|`PJ@e?o_I~AY*F?rdW7V_)At>
zjnllr_nEnEH7pdcVbTuog_4IQTEAb!dwV0_X6%>iR&-Z!2!E=d4?KSDxgIdEJqGSQ
zoI+bJ4<Gz<ii|Ly8w0uW+!!ZC^)X=i5&uadQBOa-ENRM3s3Qz_Ovyh-+L5p*Wd4;|
z-EP8u$64I_*j#la@@#kQ90z$C@%7-iW^lt~-=54*{5<WO0j}5_QTA^C(uXOodH>^C
z+jw+o&L)@{?oj;*_-wiA?7EjNX0%DT%}Bjk{JLy9UH7LKUu^RwX&N4L?@+szDRtf)
zr?_9`XFuEomL0C|v=p)Z%5;p#5;N*D^uF8WkE@MoEmBhZh;<hTrV&SP;jP&9!fa6+
z$fb-|m-8gy^;r>f<Hi!u#}OLBDXM+-TpGE-=lU^VPiWdn`xe^k`LW(%&We!6qE{B7
z0huoXy*KS=^D*~REcstjOx+7_delkppeu~0FdyR5oUK^u#OJ{x)IMVifA~a`Ivj>N
zA$FzULmvnL08OfPTe5G$AM&V{6bq<6w#xhcw%Q-37|v`N!KIm7@it?{?q9w|S|sc@
zHb_m*Ag&TlyuowRC1OLn-C}-oq~S6Mxf9&mhq1ig`WE@_QfyRr{RZB>_^M~(u1(|A
z1Q`4Czl=W(awyX-_G}rJ<{J=S^f<5;Pz@O6X}Z~o;vkWY%LygVpYI{RgvN%bJXe^^
z#yUifisN^*;&-&o9;Fn?xw(xF1eERG=#G>;@Pc{krFuoYFEK%Ej$l;Y;uQ11XX<Fh
zhKniT5a^|Pdyxl0w?O~urDxFnOf++<N7O1C)JdrK;e9+60hz9+{vMnH?YGC(X((pP
z2wdsj@_M|yL&lz%rDxlc`>f=iUXljRwanY44xYA_t4jNcu+vV*`=&tO1n<qSc4OlQ
zP=)-%1m5nBDHwvSEc~Hqgk@$xG66X@MG&+%KOQKuzJCYXg5x*N?Al=#IP2GlM7n3$
z7CBTSNza%ArOpD^RygS_zWMvT54^a4N}!Q)(eUY#<L-o4JdrSL)Ac)<YRwzQP@J7a
zVctXa)^3uLq60FKj$ym=MQR}Gvz@G5T}1C4728wo6E2lE6N|q%J3j6aFCW*)y6oi3
z)ROl0l6u;mzD3y&G1wvXdCGU!);1<c8l+Z%ev0T3k|C}n!p~<St%UERzIYmzYg#L^
z<OWaLykO%O27wCK>{<(dOa!vONjM8AfTp`m7eZ?`Ytah5j!tq;mNkdv>6lKn8XNmh
z?k{p#tP}X5h3u#6(Fa8BrAlVvy|3AfeBu)KrH!TY>kmuE9*CVV1_|CA9gCNPcM@(G
zH*ILJw5DV|eQe}hRHg1TlQc^`e)ixj0I=_(q&Q3h{v1aq^0WiDNSHR=LLzlBwH)&(
zqCUU7X@j<6`DQ)(UbB-%Zy>UUc2Kf5&LanTNU9Enp=-TNf%lV0zgrC(^ZtAX-@d2~
zhCiEN^&Td|t*s_gq(N7Qouh?>2@O4Z)BjvF?$cnyuThgM-I7P$0nC9al85e%#gD1)
zm;fu^ffW;ANhQf7CEd4)nL#Z((@Fn?1EVxp#IDh32LDZK&~imY!%=j>{rSzR5$p?`
zui1++>KK*qJ*vq}7ilk;SJ+b7v<V}l?<2N)fliYr6o4T@^Zr-qpRk<mh2Pde{_T@F
zPQR_ZQNbKjwUD1WyFtP}zbg?ej(e_0TH!_Tpr^=BhnBFf?i$s?NythEt4{#dVdgpB
zx|1)X{t01Cv}yQ*C1*;ysG0uz2mC*SYl_+6=$S_|*~s=VIm9h9qfWn0-gDW3D#Oe4
z6_w1srg*7#_OQlUrw=1|S2Pyda4?cqPjzD7Y;Xp_MA4|QaBog0Eg?&S5rl;4xweM?
zO<5;D&$<G+6=C!jBS~=<&2k@1e<GiouH`sEpM5(H=zZalfB(h7Vpqj4zsSy#{LNz9
zkE?v~)5X$g^HMVWH{Pn;SoZ4>{DPatkeCGzmva=UkU~@vr`%LxR;aN~df8DF#Dz5c
zNk}iF?_L|SSz3Ngigt>!o~OGuZ^3Dy>IJ7Z<41NfvMh|>^ZAn>+|i!~F0xH?aW^^K
zi?FMsc+6sBxHO=fviHlXah*0W^qyDsO3mxJ9aid+%?4=&W;V@{6S{shfoHFIv`FUb
zspzJdyl-N)?^*aQJ(1}~tHe)Y53Cexm}`utewfIw?Ef1)l%QZaY9+c2m!<Kb?uuYz
zckPV2T=OJcmBIdM^ZV_r%)?!0qli1F8>B*X3yfKHX1BZNIFH9yWQv9hc6l(Mul5Ur
z?}m~;mZum+nBtA57COqdw-!Ret75+_9*F<g`VfqBC$Oc6*y;1F7W4_`FSVTx&zVVb
z32rt$hdm;qS@Gki{C+YQB|8|sYZ9jHk$<VW`&$Za=#A2+qHl=mTX{}UlXi7JOfWK5
zj2JA5O9DZ2^DLt7i7i|a!<umE$AknXq%HS69=^Xgzcl~gD0x=Afkd8`1tO8#(BHRd
z!P6KR13l9BbCBvk2!x~P*ISoIu!5{-%Zpylj14ddP({aWnl`5kytvPlG}wUUR@fxd
z#Nnu{p#FsmNjZL&znHc@=yc8y^(uXcHNeK@4s6NVVmzI~Oz$|$+Xs-s&d{N_w<jv_
zF#V_^CAmrRP3jw!*&VTj23EcFphu!D@ARoqa6`fuh1*(xcHJ2J@Rp)P++IwtEZ#op
z>PTCrO_Vv_ZjEO;_B&CZl3&!N_cZ%S_i}W?SE87BnsBajDSj6!95_~(%Il{_z$Xlc
z3SVn54?NyGnvW8$>C!JxGy%Suu08|~u`G_IR7mopMOlVxh;4?1mKHd!&3<T4;E30)
zq7#p%WZ1;MNGz6kpdIJBTW3Jin}po;Z++w_j2NJcMoR7SpsRW`vBthEiIewOSUgSv
z+Ya@#hF(ZGe^e)aBz-ftpzh@2vt%6HcugjRQuNxZAqJ95tJ*F@yDnVQ1^b%2!$%5?
z&N$!4)UbX|pSblS$=?WL*!I0_qbds+URx2!gA(wMl$GLmf4oM+q?t)PX;Fq>J0+w@
z&ul|ipRC{wAA2noJJY)+f}c>X&7sfg&R<X-KDJEX_<%2!v$hb3{Iu~oPzQ4Wi9D~$
z*%pQezr{WC3i)v~p;~cv?@nQe40=Q`DPc^gYVh)7Q70;)w6zJ$Aws$?lb>w3?+8@w
z(fGVMcOl$=+wrss|FP-Qc#Tmk^CyH;`vdOCQAy#O54gSjt?n^Y_nWGg*w|RG62~4r
z7(dv5D3f96g!ZDk!s*zzSpxBtXGO`Rnag4^Hjb>~@#p6C&*-mW=N+_<YQ<P8PH;wD
z)@Axhvgmi2>eqaK1?O#iVx1U_=q9W$OPyY`Y0KiGHN?%x$b#h`ZT9_SNnHpSE2rv(
zy`yT72=~}+3M<|l7$cllH=+7k^Hka8N%>Zu+>mu<(P%W;HFLFB7%IP<EA?A=H%PHH
zE(3KU*fcOxb6nIlHGbM;THQU}N}4B5rtEuvPd_038%5Rl%7X6Kh;D;;>)$t-yOal+
z>U*BI(mcN1NeGVE7rt5`mYk{5GF>V4^vE-r@P#Lq91ptR_FO<4^vxPmeU}2JDB?jH
zxP!Fj#fqM~Vfid?SL{%7Y)`xmZj-wI-O-maI*-z6-xo_>14$Im6l8BfUPEf|wIk2s
zkugZ*h4ECAT{c|+J}-PV;~TXXhvQDl)?<8Fd4J*=wNgp@nM~8&=8mJ%SG8a9#f>U&
z$8T*4kbgR(9XbtMjc<tILZkDaU%OOyR8k|w<M@qwH`3DOr{L290oGJpyz8|{<q4cG
z$F?>6r)^F-fs=C?TS~91l#h*fG&&ai8&s5Uez?}dBuIkSp%=uQnlV4)^O<kKn_T}b
z;fPsQ=Ccr@Hy>+Fjd(G?M9hsMZyH8IH>OknjQXsTQk3{p2q$ykw%OoY|KuFH+m~9E
zKM5o!GfargroiisEe%}#g!I8~bMZ>W{jkcE66*|{&^30Z0;PJkXWH35BQJlvxltsH
zd${?FjL4{|oBX=7X|l%dso7;;YqoL9(&<}fqwmLq@%TuAScxC7xH9b!9Cc2K;WII;
z?Wp$H;=HvbYH?D%5Sp806k*ETK3(x-F%Od`b9WiUdF6U)zBN8jKpik^l@ghgv^ZaX
zp(GwRxF*(cc1_lq+bnYA`uV3@Nura4wE5E?d<(xUUEVr_&A4UdAUzMEyu#Nvr#o^&
zmNRcYQ@viPs!Qco68C_U<Cx!Em8`l{rPjE|YS^wAH-geV^J0>Tt>$Ibo>t}w<V_@{
zlI~)^=hNFU50SHFm#0z+92XLy#T9q@#zgvjcbG@t!})E)FICT$6!spc(u#lX4dzCB
z7TZ~8R*C+b49g_H_hV{JALnHRXX#AJ@@+1Uyn^$xxh|Ky$)LdMh_Q}ei*EWJx0s4N
zWWE`@((dMV#BRvZ><Xy=tbe=3=pAAx-%4K{&_*a7uOD53;SE~^xPrWWc%H607R-Ek
zBggShMJ1GP`FQAe!DXU9-FPUTb!Q!TOA`+^@bE@@(<al`R5hyFMMk~B59D><$COj7
z_Ke<icC&=cc`OP=QA$IbwJkH)oVgo^&ohUx^oG04Bx7p4?vz+Zu-m@-5xcgducdz9
zX6w$JubKITkjBQ3_jWUAlg9b$0Pu>oej<K(#bO;WMRd~)x*K(7Vc|~1jC}9>Y?vF$
z=%dbq+(87MwjlQ^kPXPT3ma49k>;IGI+XVPS;NXU98sB!)0O$+=?INQIjahbpYyLQ
zihGtcA3cq164xMp)BnrT7py(JO%R<ef}D_``(gM6k7wiACAP(~VyTq&$-)}U<02w3
z=353$=vV3UAEON(&lL7~l?nHb86-mIqOs_Dcw$c+4<2S582AC%VYI7cJv}@@{k8Or
zzd4;A{MJf$`+8XUmXhUB2q^*2=L(W&93BY^S<PtVi;;(^cS{ag=jo_fa4p@wlbG#F
zBKdI~9!Y$&AkUHv7s9iy?CYjRvM6eqUAz?gF_+1kUif2=oB>y{jK>YAAu`(YAG_zD
zu#X26UC-n89{Emr+~w>e{n1-(_LX>|Z+fwRvG#y@Q2d+W@_WH-%iEm<LebHd`y8^h
zO#40v<~VG$kMnRZ)|`b7?d#=6G}u16ZJGl^(b_!T_rK`nItAU#nrr^O5E#yR`H9Je
zLh?_AX=5f`H>MP376K*t7waXT&gdy-RT`}tT#viO@T3750@1ij*1nC)bVlZw(8pMZ
zukB57Q*~sdZ}T?WiW%@&jxo)yWsC9Xq~{cp+AZUby)XXas~#>eeDsujb<#`nA`o-0
zGjq0ktSf1Vd(VuoA<UyS<L4Rn*9fPGeaEu-vQ65|&-@<4&xh|;o%j<RJq~4fSblh{
zb)A2Im?~P9`L!DJ0NpzM!(H*c6_VaY;oe*90oJK*oHu9#3Vn|vYG#a@mhUYWEm!ko
zizt%s#Ly(Hk(DT!l`i^V3yGD5PvHs%+$%G4B9DhYNg%B$Yh4B%OQG2sw)7DUQS2?M
znoI{rIhhIsuL*2*h4%}Qw|tH*f18TN=T$fCwD*8&ebKJ4vGLxs_G(R=9PVi|4Xl-D
zoO#n{>Vh0<_`^>s9#4I&V|kurRi1}<H+{E!G0^4S!<Pc$vRwDdvCU?vCIuJt@Azm~
z4<Fa@h<ixhsvw(d;e4p0#@iTj8dCw;-{b2ubN6)O3vL~j$PI<zh7104>hBcDBVC=|
zeB5G-@aRwVDbFqg&vB;L`edW%*cH=rSkrSd9Fyl<lQiR~DT})7FqJN5H}0!xR_638
zEwUNExaQV%H}1ljDDBWCeNDPm-E{t=^LEHrMDNtkN`<)8gI39y@u$A5FXGRsTBgXs
zBICSju*bzZ!+)DI&2&p_s-R$YHNc2VE~=QFPbKhxj+yGAJhRmFiwnGal`?N?=z@7L
z-U@0y_(7Nt=g|?C2Zt%hAF)$2SD+Pc@1xt6h^xSRY0(l6jLdS^h!_XLrLA<V%j>&;
zk<iV%5mp#(ZBxDtD!WT1kZMG5wD-F8OyMAcnJT!J&fINCO`}VFnzwJw$@6u|lDnMg
z{<R?{qh$Iwgwq8&`bXQCcCZu9YxxJxtr%{4<C2^d$8qVk0S^L1<!KTlOmAESr*52N
zf4+5|oBw>?c*5vY(YESd^jvb>nD$Tf&)nhmZzS_6-G~K4INL@!2t#&N*Gh^eT#Xd3
zh1G1A78pn1F*EJQp~n-J;nrjmv;Xvc$M|jCDAe6$zaUESY+pV*teu6`oK^+@Ktseq
z3G19#ZsNBnkJDvknu4FZ<xc2Owj*-#4YXY#S$nEjy#Lj!l@DAoA~nCOaY#2Jk(4a*
z`dv=uGoB3PY0NzA9J%U;X_qFqX=iyJm-EebYzW85#5Z=Hku}PH?(4aCn92MaH|Cl8
z4}=fbxBV`!hfT@BjF&^bc3exEho`?e&=Z;O=({|#cxy2ZC!cfDzFt=3vnqbA^Gq=c
zxNctY*?)QN-4l9_R5KyZK~`JVmcq8L^)&j%dVz%mFMhQ3>Ma*~x=$Y8J9gJx^_2DX
zKlfQaI%ep%KQJdS#Zef|&qd~sM|+#J%{1ES1=NYncdRkIOhS}x5y#Ru-I2_ZSnWQN
ze)&+Q^18MNewM>}Lf>=Z7@0GLP~sg|tYXacXLJao4<ibf7f(B}g1Y>iWRs^-qlGJC
zFYK<FD~9@QkcA%P>TPe@FR~LEv6*eWPyAWCr{nGSG|$gRpGRD#igkF9RPyE%{e1Ak
zKlI$z#7t<tr+xb<DQWpI^4M3vL(894y!7NTa;k$f$WB4Y2uT`wJ?Zd%;6>=rec{f_
zeKsk%=-pMvPfe_mo3ZPwtYn4v?z1>bc!@>yntG6=U-!jMVkgA;^jmHMvCek+j%M&F
ze;uFbc4y{v+H`+H2iZWM-JZx`!4{Fv*urV_1~-rKdK9eS*RSD;QX0P{wsrhA{Ug%@
z!<>a8f?qcCeIboI)vsnRs|<e0$PANGOWs<!&r7ML;+sA7PAfQ`<a^U4i^J&1bU2^!
zkHd;_(eaYu+8Z+9k4FzkJmE>?verkxuu|1cc%Jpl7x+vBxZJ%)7;}5@qusFN?oT<g
zuzQP%tnGJe&VGPiDmw%d>{vcH)+HM4jjGB%GDnD`lXp%p%=QYoT+e>;{64Rs@4tc7
zQBTF8JvQDJ!Xh8B4gGI9xjIv6PPuv;egd!F`ED*rn~%m0NTC4&TgU378>xeqg2Evw
z3|y+DstgG+;<29Jb#`w?P_tZCM|tiyCC*u<w9q~DK9!o<lc@#Qn@DmIdCa9AK;}Ko
zWhFa~)!q$S0w<T8U%mC}PV8iBqL(G9xxY>l9fn=+vyw-?@#3qNez!w6B9>_4eIWl)
zH}I0A0T1_FnRerA)=u$Ii%iOcQY;G&jq&$Pd`a|&%=`CG&&SsW{k`w9`&AId5Y9aL
ztX4Pjz$q!&_!D{PTccYp(!Lx){HgWJ2wY9Z#&0;(Kihl86l~?Ko!(K1v19LiX3$F$
z8LKw?X)p%wjC@e=P$1UIAg{wt(K~wQnc&HWI@W6s!+iql#NUf@Y>9x@2c4#IFQxmu
z+WP{_9eke|8gjVk;Jg_+!(M3P!uDS;ziGt&$g~KEvg5bCRUca6ET+0{F_fl8&Gm%r
z|KaK_qvPh)h3%OzW5dkM%oAp2Y@iJ_%*@Qp4Kp({GpA{oxk-~W4Z}Cj-tXCGpHDw*
zEqN?oOCC$sTGn;jlSe4KIYnk<prPeq!85oLa*nmv?QIozGE;de0x3@~I^<p7s!j%h
z1A{v$sBtV2&z|??wVq#6><`o;b9<g2pvUIk<z^BqS<A#89QQt&_{uJJPLSN9L+d`O
zf`Z6nk|H`+EvO;_D#KG2Px>;J^ytjuk8vwbCUi+)XeMSH&sFJE3LqQLn^r=2O(_g8
zV--0TzVtd~$zP2~1#cMAy98AGg&O!hr4&rf0vXv^xF>l?3TNjMZum-l|E};lva%Q`
zOH9gzHO+tVQ*6kifxj_z8o@fcR=!`pAk{*|3MlyPvcK`y6&ZoyAusJiwo{ls)tB~V
zE20!*W6J~Kk1W1m$&31%s5>|DS|3DL!)0&y%Jh%51M*e}Q4(CtRHvQ^OpmwMu3r#!
zzp1V^4WJ{ukWX~*-Y7;MZs;5dU5-L)#5`_KA5p)In^IBp5<=m}W#jq|sZgS3=g4F9
zI6IsDkrenTYyp=$BeC>nUacexxr{KAxL3q6prB`vzLhyOYx2*I&7Ug$5aFs2Zj>Hf
z8;RPsoFZI_JA7s)!8WWUU*VM@HX&5vf}a6%GpwbC*Ai2}s#`eD41CPsbK>$|hEG*m
zX`n#9zpzy)EL=83T7wCaCVGpT#l2%@(!buC-ephtk?Z~LtT)XwP_ttVx6FadDJI{Q
zZR8W=;N`A@T0YIz7u9N*AoVZQhngc|VOeJ;E+K8GAT1&dkcMR`o-EDbEvnMX%+R@^
znfL5GGfH=J{?L6wC6Y&?cP_NrA${)pQ<L!)@PXwLUNXZX@;e7cC*I)~Mh`)0dPjO%
zBa6Lm47F9Ok3#M0LsC(2gE|Ga%AsoYwks~*AI)S+$wVyU+26!jI4Zg4+ANZv48x?4
zSbIj6Ln+*qQ)X<QW(~bOo`xmhI8;WBJ}j%2E=wM4dG@J^05fx6dHc?fHF+^E189f{
z@fBfDv=8gnQDlEt<7+19HKs&`_mCHM^*gaPhVP3HLT{uvQ_kcc?<V<l#HeXlTrfGy
zB{IxfeE1<mE)$?QQZ@<i%0|IPjlX-JkET`kZ-!B?>mhU6)n+?Ej;~%B%1o2V$%T)2
z5vY3RC2g!Q@baoX2K0QN6AhOa3t{(EPmBA3`t9Bl#CFzzw7+o8u0^q&cb}5_K|JEi
z)7DxwGDJ5Ia>@(28zdfK2@4y;#vs}jlC(#ud!ID}G|RO(nnYrvk<nCt(N#Fc)jgl4
zJ)U{Ul>K!r0nIv!(`jRsrBO3uYEx?vn_9-tc<`o;_#$;xy|oyz(_VrbvxdF^dSZTg
zR5V;-)52PcNjP1%{I2$Cq)hgns9a$R@U)b;g?3GN@aA1Vz}k2i!eU!|EO^g!saSwM
zUaeG=_uM?z=|sXVDd-vHXhaK-l5XkgIZyhS57QoM!vPx3fXvLp?LUQm?P*L1D>b$x
zz4cb`TN8G0`pXnrW0ZuU2|)an7q7flcG{t_{_O$Rio-6Pj5L0w1f50My@6U1!_*Ly
zjD&<=Y^tW!^5q`xq5JQIG}f)X7-`uPYd^YmB@A3&?m+WjY17}q?6U>qMs$=(c^VGo
zS2@##H$O?{az7aainVR&SN6Xat>~!Ydb6aiconwuD`yU9-tDIdr_=Au;G1S5NnZ9W
zO&bpTk&~Y88UsYxNO;=6G+>J_xO17PlC>4o?3;*^I8Th-6w;s^K=!mbP6#dd;6*5p
zYy5O~o}KNamZbU|TD63|Ppo^=h)1k~d@w;3Plw`~cO^t{csvpT`2H>DCVIapG^~P(
zaUXVVy}Yb#n^Y_8Xx|Rr-iMrEFw=S+4{zP{7+U={pD#CLhelXNqp%fq5%O?VDdP(V
zM<gb*)B3!WyuQmPjOm)}<;TXJkifJc_x!tL%H&f8sd9+M)}k9O)tX<$#7B&5t&{Sg
z<d|wcJR(u{Vqp!2C@T&PM*`o3*Qh%s=}`8!Rd?a($j2?eNgYV^N7F)x-dM<97Ku9q
z-S0;8n<73QB!^G}yVJK))EH>KC_N+TGk2;4?AGeR8TLmo0T=U<wI2fzpp3>K(3dq&
z29C}94*Y}RiJYM?b;q?9cGEvpI?SLYggj_70^7i=jf77o^7YiKuOUdd7`2_%jg(n}
zG9jxz+d0vmm8yE~a7qR1qYb!@^v`e#9bO&Y2i&u4eLnpfy|~^UH}8vElT$q|>E;UY
zg{>3WyV~mFVq1v+w|_$4)~4V^o%zA;;6@`8CCv88#)puhf_m14-AHi8$-_!IvwraK
z3ENd`!A!A;fon;jci_OB|6kDcGpCgy6C_9amQoc_SE{<p0DY<y6sK450tTkMi$Tn?
zQF?S9t(e*)OZIsMq~ptjothT8j@VEYweolG3fcF03)o%N0{%qm+_T;tDY@5QQjghi
zX6|#cD!$YhZiOXtQEcU0Za9f!jZh8kO<U;1K^V9$7~W^e%4Z#t6Zmboifc10j(m+#
z59~}IundT_9nDr=GG79Akn^g(i;7mpTrj~8Jq2vo{KV+>&6x=Uh^rege3Rmi8k)m4
zf;g@JPU=wEH;S)tx5ulkS?ZTrMg}eKR4Y%*Ws(80BQghHhVRw#ssoGfQd0jeU6ka}
zk<qijdw*~mQl#%7r(;<s)y_FgGF%Z(^TOhzhGLzq%5^X*Tg33K;5Q=^*=OcLrH0x9
zqD!;$_~BS%!_J#bawCl(j~649o|oZ)`a`J{oS0~je8ifY5W+Z_O}oLynp78E1Twi}
zLB+KngCCSK)jJ6&9^w?|ia63fEF=OWte#<}zj{mQ-TpB8RIcUO$QQ@aDntle8$41;
zdYr|C>E7vCT8NlP{!o5<`9*2?_)#v;PvG9fgF82yY+n~~q_IJc%X5k#>I^rIyD^1%
zEQC<LHh1^r#u=yq*mS$DU|zZo+J*M|#n~+od7K|IIq+yNbLy)xNq*1uf*RIMm7L>k
zJ+|mDzBm(N!y;={_39Ei*MTRUnI^<Q;eb%;y?3Z{QB`5O#$OHj>@>igVYqi*E%W>9
zG;+Rz(5D{+cEsIhEk;h8zR+sC>lx?J-q#PI-iC)aLxwl+Yd;@lrrUTe{GO>5jzj7&
z6l?zE0DFFSJ)V4JT3pg?IGpBK(p0i&!S2F&U1e#iE3qYbst`Gx3Bys0D_*1YcXhQP
zi8l*t2|~=XAvzk_n~UE?9TLQ^acz6K6?F_VYhp-7^A3>Erc-b<p{18zmLZIVBrYSZ
z&~^@y+6=KLaFZ&2HRupfW!xGQn}*&!8^4K+#Z<M*SoE+jH;l#@{T27f1QljJc_=2T
zSx{|b*X@ew#2<*LV}!0UAA6<1%_4^<XU8GT(YR?XoLQLq<L2s0*;Bg$zwaXYywLyY
zaaTW=T`65D5baaZM>4#oFj*#2@`fqX;bU<CI*)>YXJ$c}-*9x@y@6jWDCxVR<>pt(
z-)SDUY0C$R8F~tGRP?>v(i|Sh0*wLp=^%(*>$qQ1_9Sgv5O1c|79ZP*sN4^kEq84S
zgx>yVZA{M8h<W7t19K5b(EHlUoi<&xbmvL<Cek-c&I?SRWT?`e7YD2HF@8A|5TELR
zzoN2<S+}Rwj!K&?5Le1<5?Oar%6G!e#H-Dc6J(H=5l;C-Ts`{!-Wxa4gr1nhc8~Sr
z_^(N-%%ESBwPoiV{WU_~5S>cqm4vEc3V+u3!5NW)x4Q>(ZO=I?)9*qA2=}L|tK-_~
z@M_isS;KTBQX@ugB$v#;;F&GvYak&bgHJhAmuPV%YC_9Wfs0(@Q0`LsKV&^-D9K?Y
zT=40%s(3ROsBQOof7?EdX($FyB~hNYH6X1a^KuW5m^PG%XONDipj`JYepxn!FlrKZ
zE&erc4^7sY^``R-wWGhYO-jiFe`wXqd{y)fmjylkVeZezM(+Dx^qv_wv%OVC|4kI>
z21<s{zair%?xk)BPtDv-zb&aiQX){V5YQhNpzq4QWGIBx@HztPJ}dTj!f*ZHd42fO
zl@G6rL@w(86_s}B2Fth0<_zFH;a9E=a*EM4OX>i6L}vM(lio30**~K>qcB7O=KJd~
zF%zEfHA)a4OL8yR$O>}<z9|-<cy@h-l`~p@=a6tNP7!4%g>G)NlWIFG&iT=UJ<jpw
zX@Ki6`?^s?x$?W7#1QF3Owa2$g@B8%nEjJiWBr?H+m(%({htb642jKGUfLhVma9g#
z?-Evc!B>ovNu78H*eb7P>fUP{m&r|k?=;u_?+VF5^S7EiFvMT=DJzL?)3=~pB1&Am
zFt`aX+SK@;>=@+;D}%o7bL&>yq?+4l3hG&7__j~2s(6?ty{RhgmU2hJ8z@dS!zE_&
zg~5kilNo-{9N{APRrXf7o}wZcBKgP%ZDFqJ9Lw#65qsNrRdm|x*s+!F=XtTAxU?lV
ziAgT|zwH72)OYEDW$jck@a!<cpH>RBE1);s*+N-)&ilSF(`C>@QX@apSQY(@VgD3K
z(cAdPBnSPWhWErQ75medCF|MU`g9|mbBB{dmPmd1G%v{MocyRK`b?m49LuI7^5x52
zo&mHX4w|4gM?mJ&T*!?h-yD>Q6F)xEu(Nnx^oo?KkBAM365XMuVLxd*Rf2~O`T%|?
zCN_G~24geLFy&3VSia@^hw{9Zvcz8vr7a&^9WxP)*q=7^+2)`2KX&%YAD}o$IpORg
zf3KlJ*7?zNPT=%+j~D+i9SF~RcN`P3KQ4}MFqHM=P4m3oPlx#tFl?6ZnC-k~j$&n4
zh)BgKFP+UKRp!M<`3wGPLplL!YL*>AG*aXKoL<y!t|BKr9**<pqOB7w^MsDv(4-%=
zb+qGbi`Dv_Mi?Y#zu`PmTbF&)$AkL^7UORLj@gqE<|5ez>bp{|FuRIpitEGZlK1!D
zBOyV4J~DARL8J?-*C9}cMnP5H>p9%)e=<4$1oumxC#Z0chso_b-RQAA#OgtqjL~@$
zrY|Pm`^kUYbPFG7lp1ok2vsn2_Z0Apw!yM0sIpkM{dS|W+Q@8vaO-EyNMai7y3!D8
zJ$L-hYJhvcdm}yAYF$n?@u!kJwqt-NGsPnL9S+9GeQV+qq*5voNsW9kMMgKNbF2+e
zdQ5kCnNE{=DOZv*jP2`C)6_!X8NH`2$^8aJp!vLcT$8nqOGvWZ?XIwK&&ThAXq<4j
zX4Gx%s67)}GJ<pIsL=w|&1ChxK;)||{?|ffR8rMYVZwEx3Z9Eki<QuipIBRto+&;m
zN@E=tG{5t1@Kh0CeO<0fKw8_gC5O$1Xm7xoUa5}8R86-3`_%0qZahFN04SS3FV9)S
z#t~d<v00}wa>_>_b*lByDj!SdsfE|9kN#u-;QzKejdyVVzFcf1ZVNYAg-&o6pzi-h
z;NrBeB#t|F(-dwT)EPlRM)EO5*YCb-#lKxgqdVKKuF#87Syf1NK5#Qx;Hs|kO3UO7
z_s6$_gG-5y|B-8J1hIl$72piX$-0=woX`L5q-m~Rq+Alht-HRZMV5a79!Pqwh|;=<
zi=5X)t-IK+r!pSYoA-s@L<%1{C+NlSOqQc%^VQ{Je5J!L&KfUGy9*lm1vt8E_{M-O
zN@BNV4mx>!%uzsMnJg(c;ZgS1zwfAxzk$7G%<}u>kifu1iT_iWH&lNPhz$K>qt3JZ
zF8)3P##6zIG(Yqr5o&&;s=7i1f#->o16Ec6#Xx$Bd_?_|eYTi*jIWU?M|&;pycN`~
zA>tQh&htLDU^hB`z-03=yJsTX`fpOsw=*2<qK-has90^XZ(k`_>D-|oNSc#?j%=f8
zL03(aYwmf_WA?$c4?(}$evmZ&PW|1!VL2u?`u0pYO5TcDqRJ3pfby|F9~!km5<t{o
z=JKgC7xBBuhh?%+oT>wlB?m}H{F*SG%d=EDda~*b2?@bq&G;Nc<PuR@FUclUNO5~q
zo=ZgTcdlH7I`3Be0$|4Y`@BHxqP_;R4?Gom5<}wUq0w^&HFEQ9Bef(tLiUtiX3#Nu
z<jCL{YXM`|;a!)cguptk+B>8f0&MrUyz}+f8li2{DAU*gsoT90Q!5DwCd!qy64(O1
zpTU>=mG>kJQO_+^-RU^8xA%riv!9#1hDv#~bT)R1VJV^7c3zanzYFk)?+<JwmHm0}
z^li3<_)%67`#0KvK9B^zk=c!@6U!2jFZH}UBi-qwe?kQpafPtX8RgRN4z^?!-RcBL
zN^;OI(6;PU1pAISf`8j1k>(=Fbf?)EXCXp6>f2l-h$fSQV2%D^Kx!4x;NEQB{uVA3
z!XSDzloSMAv8tldP~y}Bf1P=IF2J|DFY`#&>EQUoGn8G;^hSUA;tnDO<$@8aUvkFT
zK7Baa@l8mxz>5I&VFcuM;nO4S6J!`=GD%go*V2=dFYp)fi2@6y@;Pog>_|~y@9S6y
z=3NsEKlHc;kgzfojsiU@3%Q~i*i=bN;ZOR#D?AzjZOlbrwJelEcKg{i_Zq4&Eym@N
zw7B(d=_aGXF2fe;(26Z0WoCRNje=c*5hQfqaK_3(j)!$Kv|MePAvQ9ZSi-yH=(9e7
z^g!<vS+8b~p_8&*gtm^sq~U6L=qq{Qib(6iH(sm!{xYif)h=^~-_M+I?6Uv>`D%5b
zV*TgXl)4_>&Jk&U=iMSz!N=Qg>zGEJOg50E;tCSYV~B?S1pu=iRsKM}SJ0Yd!HTOl
zqsn$cTNM4##8gMX-y`MI-B$z2(Uq<@-wwFm@sO^O24(+SfxMi3KdOD!-B>2=EuM->
zrp0i#P-O~&xh~xbDXa0df*pBhb_{rFebCXRkl-27{xSIm{2Z$s$%Hb9TCe+rW~M)|
z$8Nl5Fj5Jv5aNxn`!AewE2S83Zg#x~r$@)Yi-6l$8u>1_iF_et%&`G-HXBoSq1go0
zU+lSKfhV?w`s+%+VdATD#t^1G<d3w6$u79SkYh7g^?RmQeCGO6HhEw7EO%zx5lYLe
zPlqfGB2;^-xjhG`;cy;^^w`D8*i4hfiiIsC0aEGRamC{#y~fw0OY|1%E!F49$tlGA
zF`ZZv2Q2RtQ4VH;m#DM*=9bctPX%Om+4DXLlFU6++Va947e|^)hRr7JmQZR_eyOb!
zL*YJ*zrHH&IOg5DJY@`K^DMSO?L(U&MFr;f3<}SZj-uO&#C>vz1(0LE9^u5%_LZ-=
z4-q$-05}Q}KhP5OWmu6Y)j$UE8)J_RY-mFk*Es1GHhF%}nxyBN7TcL9Uw0|LA1wcz
zH+^R}At8FX(J02wgykSxhu*~5;?Hj2P~=&CYv_%r<}tOmgC7n1O;RkkfQuR_e{}s2
zed9qY1$pq8=#bABT?;GPUCY&SS)U)9oyzAHjAfKPMX7Fszkfubn4o)IT7V*g`-2~U
zfa`aMZV7*}-DG2a%r-<u1L65Em?AB~d03W0*ehoH!}xL`FOM$`31<%EmL%_J%4W(9
ztMt9YxCdSS)oLR`X<mk9@pvibVtL&}8<2Qij=8&cDJF9mXI2kZY;g-ZkZ+t*cn?~0
zwTUV)`*9{bj6Y5-P>8m3VtfNze>2NX=Y}PeN=Dx(1Q9#2<B{4TnU6(s+oT286J{NJ
zt)lz8cW07rkqc;yD#Twx(wc_|!7w_vXr#!G7l-<QkSFcO$j8`!GrjL}KYJ4W2?{xx
zSW(r4tq_*Ey&&a_Ec%J<w&^Ep7vw8TLS$rm6J=p!Mo3A7Un3KBHf;%KKb^sWe%g=c
zJ;dB>8G>Q{^tU<VSxt!&VKWW0$pgAFjyXG4J-&xHou1MtaX!hbSnNZ(xt`Bl*;bj3
ztPW|%eP6H&&o7#e{qQp<8L}1(XCMJ$JJ%!#F$?l+SfkQ2(fsW7LRj&aVVOK-j&}6q
zXF-K4=!@%jNaa3zYUxN@-@#wgdX#~u@B^x+HgE?t!_XqvfYfPADKr9}G`Jp$%eMT2
zxR$A&zW^&-Ye)qOTimt=OSwN6KIfv15cqC<G9LpD${9wmQsqfz`RvNy%Z<V%oEFPL
zCM8%IQa%fcK(Q$2tj^f$+%UBth;GH}G|zLE;u1ZW)~z$Om@<=lUL_2kqhloEttXoH
zQ%K~8QKMdcgVfPeVY~x^(`7gxmF%i0Mu=me9>}I%9IjPrn_<=(Q;jp(3k|0rE!Wd=
z5YGJg23&=yz?)~%H|mq=80z*>h0WBo{%@BQCy899750P;Y=Aw4GB2wU^Nqqi|4Z{-
zRrst1cuq4h`)&7Pv*RSvnQu}Y($b`^2|H9CA>3%cldZ46uN0@Gz_Y%8%H)7CiBqQz
zuhk2v(BXExlW`v#r2DukR8np@g4y>#1{DUbeQR|pkVLwzY>Qm6S)@6Z)uiJ8M5k$y
zfpXt4=gFGon-4AQR(nw6GDOgnvM(0#AhE6)YubUxA3lk!Lap&V>0&uXs0y1&+-t1{
z(J|ebLC^0nSHOPSFVT?$k$Z%(MfB{;Y+JXo|7fm2nLeU8cv>Y3|8m_-D#wSGdcY$&
zG){`&m@*r;o!^@<7|3mwb4BKca$iwqew)6hXXR@D-V<I#@<?IyxnI1le5_^3V90+1
zt!!!l&zAYxvCsH0eKHFdt!l&O_2TN_`cZ4lg+57EMmx?V;bDv+cVEo}Q;n=QPUsW;
zic0%(EQh@zfrmk{pupk{!U7G=GHqWN(t5T$_mt+JT~#66+`oyIRVwXM73umn<%v7`
z5~}C}W=m<~bWYVvAro=U>~SXg#REI<Ge>vm87XAdD@-Y^-H}>Lhr?5In4xDOo*`LN
z0u!1{gcB{WN*G7f{_VDO25NG>0&kaCWNKX=zUvMmGAFqPV-!LAFi;LNllnfm)PfC?
z>0)rT?e7wOuA?*ws<$J*y*`KZ-8R3Gm%@I!=N<^dwbrfX4^HsEn&o`k#m9sEbTfHO
z<q?OWr~1@V!zh#%&U{q9Yg#=}lyQ(KF3DWmYakoqb)Y)WP&&(r+v9edy;ZQRTf?F4
zW_!+bky-c+Um~`86=Kyt9f7b5UCb<Fjtkq7hR*pHGgv%x%aZc7?2|t2Tv(z{RqFMR
zj})-2BK^k#I^JQ6-EdyXd5Z=U;lQ7L72La2gBMsTOxUSMIwJZo%Z;Bq+dI$c>-IVA
zUw+>FVH+uubolh^XWu0Cp~Q*)@#;$-sTAds+R#_YBzHOjbSvTDW{%4YmGx4nBjpwK
zMY9Qq%%!3b0@5mD800BKn?s=<0|pJ_K<8q$@KUHzfDG!3IWTx+pkOMO^m@{9Nj$`j
z!L{=q{^1>6HmH9Rm7S2Tx=FKYuFAIc_aPAp#!GE7gl0$D4h(o~@aMQ9=$kVV`duLu
z`rJ(QSat?N(nM=8xLY<bxof?lVm*fvi>V9i`MRiLr-6$!9xIdRJJ(Jj?A3T)K*bMM
zl<VxQdHv%Z>{eqSk(rs~hk{1zsP@HFV3I7W%vELYFUJfEB!+{jRZba@24VHp+zT5B
zd`regKp5#fcB~GJJTG6%LBini2@OooRy3`}!JfWjZFUqiEcN)oEh|-g)o=l{wT;q7
z3hE<p{Sfi=F$pmKNyUKw(LWCpuxfdQDN-}^s4}TZ3o~xk1UJB{5JOh@!o<+#=l5$U
z_RmLa5AV1`PxOxda`4GJK>;mXqk3L`vyU7HRVWO_5o`plN+4uN;P@i^ck#0`C4`R_
zqi|~aNIeHhl5}Ni%HCklWEQfhRfbN!KbOQh@mu@3JD9!W{MLnnFo-G?q31!#`Vy{s
zLzC2BA5VD4M}z!eUYB+_3GVv6^vg|ba!bTsgqrPL{zCTFsb{ChI;wc;XE5)O9xr@X
zV`#-ytu?<^1S?QWrZ6=czR_CS(CLutS27IaA%N8UV~3mD*>O1j;I6!D*t&5BA3W}y
zo6~A#aOZ!j{Jdj-2uc6@#Po`1?|JicVXrG57jZq&o@Je8kj8AHGZLY-aeq|~v7|75
zEy{iy3{dPOi#yb$k>ej5so-;ZSYYELjV1L}c%XY7-MmcI+HI(2ZzGl?-=r&8&|T96
zO~oUIZ-dV{e5a|*OVOpwyIP86qZG+ZA_4Oi5)j`@RT5hzK0m2RaYm|W7ktNq^!D>C
zn+GK>+w-Jo7aBqpD*+e(9=bTydpwECL@Qfg)?YiaDZxB|gOQEQztH{O*ZX=Y^%*WL
zu7r`l=_6NIgWO;8Io&5JD=f227d5Kn@vOf<EF|-<`uY_J4{3t~v0w8ew3p_uh#<!w
zp$RIz`=V4e8jmJ)pxs^=ov<U}@Og)md||Xx6qcHJV<m+KSlq>rnEi!D%^LL!y`NV6
zYZ?YQ?Z}^LM5?5debnN9@*p;`*Vovl7&^3_r4`PAeLbIwpL#GT&ve`X!!5}_5InrJ
zgF(fcH`3v9NAq6fdya_}jnAsDg<iNVu5Oqgs+YT?dPV8+t8zzwp2G#ANWA}~D7sKD
z6UH3pYBd*~%zwwH{B-So9>t9prNs<is(BIy)%HV=-}{udxs4L-ukw&gLTAKs9&$PQ
zqQT%F6@<jePVx=8CWyhB%`~cOh*Yh(Kk01bPnufs802a?OyY=$;{$2MN+t@rZP9<j
zSB>4=#Lw+r4h<t~q+%dpn}!E8N`+hl*FNtr$O<r`UV!%ddaNx_gEUAjb?k>=RCDww
z#oMg7p5DrstcQj~UZ|o4aldwWPvkZ0O<rq@uhHT@OC@PbdL}m1Irfor)RGoE3_=9_
zDct%BNi+$tP9E*GL}oDZ6oaymaK3^wXs%2=so7-4hs$i`^{P6XJqLTs{gfgMnWl=g
z7RN+Mh(uk%Qai+WG%PJ|WmXcDl{w08c7SriH$Beq6;=F}VU8~&#}@(u<+R=J$+z8R
z@{AfA{I9{$A4L8WKEY7BlF4Cj*i9Y`NkyOZ@tl~}kHr){_T2sFPb3C6esfu2v67Si
zreei>kb~yK3l2tVU1WR8DDTtG{dF!XD!wQsnReVuRo3NX%vnt;zol0ERHq`Zbo8X{
z^M$D{!lk9qd?mG<Uz)&lsZPYv%C4N^CMC~KF!~5=<}+#gS;hR1&{20w`39_WwS|*x
zJT%$Uw2#3qVFeq@kjc=h0uGRjxv(FDa5=wJ@*6uQ(t1zZu5RKW)@$4&YuR*5tK!4N
zW`<}g(Q)+@uzAw(X3L~+?g@To`IB4WgM8cfG2DCXG}xj^PjXW5GH@BSryu3mB5RY(
zy!|^VzRaDT>5Ew9v<`3CRmME7?lwFeBShuugi10C8aL=j=R2F#3XUYFRIx0)HsdXB
ztPI$OrD+Ju8*`c*Qr3x%(B5pKb^V$C7-k;DMXXkLVU?p|7UCkf?App%RaaE%ZzLHW
zhUAAK47L5&Z^Mg<N=<?hwWKetqthW4NURx@`omB7$unzO-2B+7S0WEWP<aylhQt~p
zVl*3G8W}nmkq8Pn^96_!rlXJ$2-x0l$B=_-GVQz+Dr_-&8v0(X(M;OqI_}<IeBz=B
zx+6BwCqEe!c~sf<YcrK)f(?UU!?ET0zZBr75dXOKxX8)UHUlRs;i~{u?$qd*U@b9e
z)guoCk`^d?Wuw{*^(*l0$M3&I@_|J^UG(|pauvq{W=c~l5HI`?eQO?(<LRpAsUYGU
zR^ZMEW2--8ufd;YU;sXCH<ftz3gZnpA9cW@{9zypT4r?+UjB~2JL@L_1JPofVyflh
zdnMa+?m;^HT$_au)moAHIS0<D@v=n|p6s!^#z2p4Ha_PmA`bF9cLunDhbPP9e4dj*
z|M+$Pi9`^k#HL9T$QG7}Rt<6b##~cpjwM%Ks~dcg{Nvl~QWj!2)k0?sfkj6_KeQ~8
zsS`;80R2Ny50aSKCLc)YweyrquE)CSP<?(}BW)PXZ-NT-?m*cVJ_3<WxorK#iq7Z`
z0iTZ}RZWsya-LoS|I<>UKWpvUqWro2&MG8J)|ih*=z_9Pubo&j*tn!QIa*3#6R4@C
z847kAXvFm*fH`Y|z^e78-|!Nms$|8VWfsYKHSK;5#^y6Dd4TvOPsM;cw;JkB8rW*B
z>%wgSb1ggGtIc%PRxAZkoMa&HO@`FKrRJ0@Ftgg-XK>!*B9W5JyH>4bpVYK}#~@VV
zy;8(sG6N_MlT?T#e;?c~^==kWA%9)^eNj2*1Q=ctn}Dvb(#dCN+pajD=repiSwYxK
zdk=JJRh-M`l<TkqtD-a=!oaE)+~Z|jO?~7vurN}y?;%x9%|xd)EkmUM>{QiI^^mGL
z+E|vP7L(LU%Ly#?4i>-ydafAW<{GF0T)3i8zKUKI7Uh<HrAfCyQ|Xa@J-jWjpQuo7
z(Ja4^NS>V__Zs)Hq=05avcT`>mPH+48PV6?Ed2})gwck;IFgmL)jMa43UMxpXCGUd
z2yVwNSaP>Uu)DH}mCwHCb0v7K;J=mim6AjuG!A05blAFFCmnsV^$OTSl{qWkutik!
z@|eP*v8%Vy3xAJg^gGWQAo>Q*n<nyh3($7N)c-o`aC#Zd;fFb)_|#+|g~oYm>QC{<
zdse#O@Gp}6pf8tAh-aLYpd-DrmRCHI;HzoT5Dkj1f+%(cd#H!3#T_-tV}6347P-dr
zRx1pU6+(Na*gs)Iv>u3@>A-SOL$JUq)Igy!Qh+2~R<l(Nye{I7+K5*Da`2DsHxlxV
zDn}Os){@pk)Q6ba#oCWyC4K0JN4p|oNq+y*eL2o@%{yM-tq5!s1E#5IAsWPY(8o8k
zP}wWEC7*amWhK&I_G&-^HMsY+6pu|C!5}liFo;5}12ZwLc^m#J9~)=H{6wG=f(vt8
zwp|=O*zl|DiWR6KU=78>Q@KH3x$x5Zn6{mOrN+Nf8MQ9F8)^v2?VQ^R7IK26)L0pH
za`})MeQA2t5lR(M7T7Sev*^F1606A-fJP$h3Z8{_e~N0==wL0sUQ_G!KGoRtzl;Q(
zYe5A>q)5-TuR%Oj2J$IyRYo_~`lA{>M`*sb0b_@qY-!iInyO#?LO?3*(H(xeyIww<
z4KZt)S}oS@7&NM2g<1UQ0n3DpgUlEKGk7%?7NIreXEr*F%7{2bES~a&(V#qL3AcR%
z9jOY~8#h-CTG53{HN<(P+@p9MS^5!e*V|!I|GByugj|Z6aE@yTh>I}&$i!eM)i72T
zyjse~i0$40_P8;u19FNAEb-4q#*|kl){}ySk!xI9k{!z^W%YNyYt+Hm&(IRkntCG4
zk!D3M955rB%yaDclSP!W84b*(ikhlay$%10RS>yWqQCjod~mH;*3URAFrfpEViIhH
z9lnZ4N>U%?T_6h2;hiPO`E%vhn95k|-<fXnxZz_<_T1crIR?5JT6FQvrrTB(V&7yV
zFP}!YT(Jz2FrX8Mqh-UD{T&G#d?!GD28}3$s$0C{DWXvK>@YVR=)_scBlKSUTu2ra
zq%`C4H4bN(^OrHsxW7PS1isjhxBjFt_4>yjQ4hz$Aqn<cfad6AV#>ahE`;g^9>P{D
z%z_V0=n5{f`oEegwbYUL(y&v$s-SUA{q(~D4O&fu+6qksK|*g3iz}}cj8WY|0O0+D
zXxk_2<HG^-;~v8QeL8RF;Nt^2{A0KN;}x6adiK??rOyX4FwESTNQ~pz>0>y#Xos5h
zkyjo0v^fM3w(Qr&WZQ%k2Wjynv@!!<25>}Cv2rz0{T*c8X2+>GR_Kil|JBtyx@0Wf
z>sJ!Vl#0Oi)V_n(S((i{@?zs(G{NA4BrIn2ZVFz6DqpiHJCI`*ZKU(53f@|!OQpeA
z@z_gr?f9W7zK)3Z?K&zgY$lM+$$6-Sx;@6Z<Ti*RRFW7G<et)uc!902N_*#Yio7u{
z$jP$7p7|(S;+I3RH-a(4xO!lStPXXlD)QLJgOeSjCr&Mk_`FzWyW*(eYubc(c5OnV
zI;q4Z+SRS9^^6JZ;+p33u<qK$!#EM<Bgmdd49h02a(n$;(vywv{6Pgba=#&NNP8IP
z)+<m{?yYx9`pOM@Ylj|sDLp1(vFje!gf{s@N}g$MNIpev@nai@6!6M3a|ShBWX4Yu
zg~9Is)Ivth|Ag%7E76E@$yp2KqRx_tX8n~H2RF&3-k|NN0vmvg)4be$PeKb#M1l>M
zB1(MO{lOADX(N$4!Rv?L=e<6Gi}K6vNiK}okukPoNr=Qv0YZYAb!f>B)8oN42;-sd
z=#-QyBZ!IzC~9gG#<`qRy(uBJawn~RMAygX87)9K9m#4~?%WC|bat>qjeK5hQqem%
zfun*Jl4iK#>-}~8_ct4)-ALTPDkrZm6vATlfPWGMj}HhAuCmM(L*z4k!s72+K|DEp
zXOIuu({Lk~pg|KjR^gb18mL)3wPV~N+IvopR8iRY82|oWnj{zIp9-M-RjMttwgFHK
z;pnGs6Dr7_e6L|ipL5idro>5mR7lcG(tGmzURPwoVvd~OO*?31*`;{Ok|aEP^qZ=B
z*UVp55S$uvRsN|8Qk2T|p6BGQf_=CI!`YKWPe6X+NL`8(yV`D6te(C!Xeo?$t@95J
z!k55~Q7)vd^O0?CH{mab8IAv(4S-&4%+HrcnRX(8&dk-%6X_V8k#KH)zmUVNa|Z?4
zm`~LZ43SiP{nA+o<prC*F7B(Chea32b%qN7z=aUQOI}|Cco>Z|>1Ez_;pT_)mw@<t
z1N4eh#JV1_PHkOI89XTY8fwy24_!_11>VZ8{AzD~icv5=-`Q9g0TcNBOuGP}8;Lv`
zRLq;DF*C~N;j!5u)1C`b`iF7;V8rA#HEp&*(kL@RRLs?Yf)s?-&3Oijf3TrMu=F3-
z3C8RP@^?!lj}+DEy8+|v<h%kn*8|uYcHjG7zJ4ckdyq%_9sq!#AtMu)8%7K-u2+;F
z{H_B4(u#f+=x;o}G)g*6n`=eE-X+Kwoq8teMo^1%Q3UCcAZvQ)VgC3=xaP#|-Wh7~
z69Awp?xQYk{sI7&0RX5FuLDO)N<mA@1s!!WQr@C<2H%gc<vX-49=mSI?cUUVrpz$x
zJ4}g$l^{S*3U%}C!$(D}Q2$`Vxz#zQJLEM9X@)I4ys<c;8f)3t%2*-E%rV8&Qb(+F
z;A*@%`-x7Z3oBLnqxK;Uo&o?sINzf&th3Kne+NKbndVg#{ZQ{catJLJOcM!Zm0l)r
zdX*7-D;2IW*awT>&in;}#9vI_;R)nMb^&4Fv!l!<-JQSr^`RBPxGe^N83_B=fAdYB
zetQ80wZk{prHIi2xkuH?o)R~an%VSDwmoGV`Q><BLy|>6GnwOTg8y*CR!^9WNp#qt
z;&@@IiRwzPLNUK2qFhPpVGPVhzYP=ww#K80|5N$D6VTw!*w?iHR2tUR4*=d7&f|~5
znKz|n&>@)$hLUFN3PUEFl+n4Q<(W6fI3y;1Djoun;{xE|41dCOSB|6x^N?K1w%T*t
zWAtZKp$7n<Ffe!y1IX&~Cj}6G!_2G9BPY9Tj(utFZfrQ|WSmlBN`5^iyW@#<ciwMd
zOh37_=upY|=Rt*1vi@0wqo_q~P$E&R3IY^=D(nA$g#WXHlZm0ci+QC*Rh~BnmqDVC
znX~vC6b4NF>YFcd!V!W*SRtI^KZ8JUPAI5_LE+(2v&aX)>Klw?x*~svhw{dP7OH)Z
z9NICXogb!H*hmQqUL<w|>(%tcs|-Buo`ODBszCr_mo-G9AtkN9t1?oJ7A<3{Ms|Tr
z*vUeG{Up0E)L%c^z_VNG2TJhuk=rJm8OY)H4TxcwtpA7cKl|r)EC*74Tw`zt1j6A&
zbmpZnQ$J+J-H6WPy%e&E{B`ap%WsSoDB#Ev0O0|sejGk~!smLA3I92>rplxLpaD6~
z4+jvkvSY4GI1T&iMkoBYu6x5>KUTKz0{~z2{SH5y8ev(7clXN_9abWe^2EL_H_E+6
zTBUoEsOo1)^7j4NZ;)z#@*y$%;oDfCx%IS`$%+AC_f(`w6wd#F{C5V3fkyfIezk_T
z<pBU-0MMrmQ|u!y%?+I;=<^$YpEe6*SvlQ^PKq7~WV=ufC%}QtlBlRwl6VxWBl(kY
z3k@$ml>y+I5HC_yOdocE77?svTvP|~kHyArV}O?c;JVQ{c5dnWwHpy<&k%L{vcVg(
z_AiGx;m)rdivrAQS`hANK)5+P&Xza=wB)?=A}XiFS@{1SBY>3I6Z~ic5KR<!8$E)Y
zMqZs(|8_tegq41>JjQy2^03M_{fq|!)L~|C*j3FEH@hiXPuyNO2jDX_<&AQV*P|T|
zD9E~I;q*b21Ap!7eDzgp7X6F*2@N4rc%P+I=a!)UNZkyob<+b-kJ<vUIG?ZByxbQZ
zI=kzRFhV=3^#wVZm9lLH?`$8_^lv-lPe8rnN}6vZCDob{CmX_USN{Ly1x|hBX$FAH
ztgW_dV1u9@cY%JxRWJh@B~QWC{1qJiW|Qbz`~U=^%?_!S?26FRrGT}_C$W0$HE>0c
z?-f{D;$%VS6I4SGG7PsN0f;dRSlEc-HKg12jo-65oiC}b2@4tfLmb2V72)wf6v27)
z;+O%}n#&kP%6h904y?}rNIzUNrIEG-UCeKum|zk@SMLeiV9*{iRjm!FJ<~sI|D7N`
zz<mdNcBo7lGIr5>S-aP)#m_xMrXTsoT9><9EYbkV0tzxAe`HCnEZGbO*!+rq0DywP
zmB0Jc;cn5{N&pjacYjCa;8%Vrv%fjGVr<FDVW=3@ljMiG1%{yjstQO^4trYlZFjt<
zcT)bE^_6JDYWGEVhKV8dRh{{K!2mLFg-Cg;&{bw*Rv5Q=?FzYk{~o{pLkSF6Ms{`p
zcd-L_y(9keLmg9aFmnnhjgVGZ`~x-T@O!J*4cP&ZsZXx~b8U-?e06(75iJNvYe8Vr
zHcWHAB<PXPsf%3o3jL?U@N${8BTG-g$5bC6000JX6D&;}2WSI8o*4%K6S-J`tDG*Y
zQa=2cEsGfso!EsU6Gcqu%S!Q<V4B-I1?k5bL7O?2LA{(Ioq+!U{wo84^j(z<3BZJ;
z1(!e=5?E>cSH|kM;<TFQCh_M)!X676>shQ^LCh9tBusB^xW|{fFX5-QUx%i8<zF-a
zyr&n^{%4m6-$=9VMkHW|Gn2Nc^j!ClxoCl!Hk}T39cyp4)!@s};Dyg=USJ&XGd2ad
zC3P)q!^Qxw+o>gk32f>$&qh-^W4s*5mHxsd-!?%<fPe2v+;r!&HX+r7s4hJv)ekQD
zuLMbV0PcQa=1`Rw`%+E4pP-U5O0Ml<((@8@gY1wwo{h7qJDOZ51IPPO`T-|}&8Ldd
zQ+L6o&843bYER@*XJa0rAq*sG@3_aaV=c`Xsqb#I2RxBfQVWLeTR}iL8N6K|3hF!q
zUoOVT4iEtQrNw5!&9kTlY0L3NqoQmoe8p0S0f-Fiib65pO$z3M7xUs0OCS{0aoW*B
zAGY}~Qg9X;wH{)=!SK?%VW}|p-onB-fOzEktH}T_(^C;&KP}=2mUy%JDENmq!mm!%
zWI{|!)2cS5u~mA&<uL}J#DY@X%&wfTQ@RJ=9cpwt2CCz`n%%a`M#`3RlffoD(z2Zq
zyb|F?=$a!+Gbx;ctW*8t%p%2?jb>rEmQ<zOw&S$@u&25&IO!S5|Gd!AZ|+?P3+!#s
z>W9jy|I^U_l^`KoC?dsTjIzQB%fV5t)cZ5Y_yItlGEQRtDFmZO#LI6T8UWxi)bNHJ
zo3Jitpjx|=+ie5=gcDXh_qOhys^@!(uFHVQ9lp7_<n`>&UV5AUz4<^G6OWD{I8f&!
zJ>~hTWn@|axVu>HkB7d)b%IT6GX+4QAp-zr#sGu?{8omlo{yMOv@fhrlh|Va;Qns{
z9`xg`ri&im6cbBsxEO;Qol%T6FVHBF%e%}NRik<zeP~UT<efxujoAMe+-jctYPTRb
zj)`5v7Y*<QvCD21hXfe(%JImb7MI|R`L?-ntx$YuVXA`eO6_K^i>+Pjxzc!lERoIy
z002h70LUN!w+jwj<ZxX2g<T2s_S_LIE%*qeS;%~P|Kf*iN=}}6YPgTi{{sFi2L=BP
z13+LYf8y!KvQN+^%?y$~{HIgEDMv^P4!Xmr047M_pj9GA(Zx8YSzIMnQ!3is`=W;r
ziQob~a|@a4YEe8bA|TuXkRl-C6dMm5M^O8p-Ld<R)@!U_*Ss|nZ5xtOc0RYcxi2$5
z#C3s%@p5^$m!mN>6#)Rq6nA`@r2AtlJG=+{=z6b54!hlR8)NX*5hyDWyiPNqSScfH
zU{u#1;Qqz>pN*o)yr^sLbDh%{ci4V}fz<$-i|~OY?#1JRKsPbkJ8XKABF%<!uED7e
z0OKoAoNLFfV^Ev%&@NcAQ<@Yqjz9_>L1v*EGXwnMP?>Qbp{>Bs(6g!zG5QCDxZ+l4
z6I!lx)3Z_hKDxgTFhUy|>tkJp_EA}F=d)36LVG3#AsnXVgIVBWqsusmEH7LdLeLch
zPD%fR_peMKaRAncRIX#ywT`^Ui}bkG9pq}@sD;SxFsM5esew(9h!Dv}mo7E&&aqy^
zG%3Q|^L@jS5@=eWR2NtXmm_-4e5GIZnRl&<w0rD00Dx<R699x1hvcluy?O7#omvjh
z4nSt;&0sp&?w1?1!@DyaxZqX+H>ul0v-qeU)$0cA?I)g}Ay}{>Gyz~B*`c#NlHqMm
zriAgw38;Yle=+{gCW@DkaGnLN{(}Bj*Q&k~^efibBPjszXEVx1nujbncF4O2fd{tD
z;+IL37iqkhcw<rB{3-}*7XW{=be%t2UsGd2>)I=@!%)A#54`;6X5s%vYD&GiVxJA%
zJ|`Z*)uOE4v|clKtRSY#utza(<WL4d;F$cyt(G5<h1FGm;={aSaG?_Q0K9>3iP3Y@
zP(A_$7E`Yq5u5z~F#dbbD$)Tm%%yOmx5nNx$`9)Ymy(5v_`xzCu2V$H&7aG3!#IZ4
z!qIO(|E2MgQob^11CKbwvLIbEN(rcqJmgvqvp%aMmodzR$v)68eah;5eq;4vgG|j_
z^juNm3^667j@~DCw1gSkm2T*Qk!9I_m=p^E?qtb0PPm+ylZ$x(U!uzj_#F;_HO+M2
zkG!(-Jj0)MVF@ny--JkLuCvY{&62e+Fg<1Ttsk)6?7b;Ama0epn3$*=F{|v5W-fp4
za;XS#mH_~48?`_t!CJ(4;^AWeVf7EXcF<@4yOYGUNcDp}b6yf<6P`5~r^82MkXr;K
zq_q*Bdgyl&eIow=6ETi3rs-!h7zFT3m?2U=0HVzLnqxRgGZFcA>$PBi9RT7n^m_;Z
z|5HO=m;|AO9P3mRK>v#g&LKTy_Fx&W8&q>+bUG|j<^y0@i?erZfVH}tH$Cl&_bWhJ
zBT|9#gOf+x&~vM-N8XWsWO~#5?}FWC{oQy$pA?GANV`#4U6rGX7h0-3HKI=GYzv!4
zu{C3sMxjs_a|lEO7d*hRil9*W{dgw2XC74*HrdlFqyRu1Es(`dvxmBJ<~*es>A#^M
z7m6Z-;egQc{rBgQGX4K9{C|f=_X*x5<hC7elL#>~h(R{f0p{~*w-A&1u>*hOO(9fv
z*KF@%leQl^8P0Xf_FJ?aKJo#y+60#=Eu2Uf#Vmk&+(k%?;!u(%yNf^xT9YzZH9;0&
z!wXZl{4mFK%-#}5$L<WA90-C<IM7*|p@ro8Js;m_k?W+;X#Y<3v7Yj^dce=7-Jicc
zye{Z@r~FSW0cfKCOkp9EAHDI|5m3;44|T*GN^kxf8UQ`v3-xttvssd9%{KlI_>fz`
z+_w>f4Xg(~+=@{+o3)>5`NrVcWL60Di%+cCau{6+g6YJa$;1XxaXFMu0X5z#1#dTP
zFI=N-rRZj2r*iVCC!+Y7A5){Xh~*JAs}I1fwBU2^V9@w=1LYUxAfoWWV<>KzX7JQW
zKA7?6kq~CgAKC?6;Cu|(zdC_WG<k(YZs^Nz9)mBQTXO%0RdRo;gUJrfV%jEE{;w{B
zYXE?+(UrX0ztKE|0beM;Q6vp^@givLl6p@q0KolYx_bbr4;m)8Moy6qy|H-4FC-Fi
z50U|w)qqJh!U;R-A=ZFe9x&POCE?*|if&^A5?HKf=UWXhsUglqY2ON!i3l8_$tjkh
z^u6r|PMh^ax!4uGZg_+}fdEJvpnu5nqtIMZupnj8bSR%8SpS<9NKz_0t`mYgvSWb~
z06=8VRe95%T@gybL4vQNbCzJ=Per6X%3K%-(En8_|Lbq$O#fpX{ljj=GdyujB?Mrz
z<@uzB_@A2x^G*J&Rp9wL(e}bonLR<FP$?tjP`g&n8$7Qd#cj}LS;o8dl>IzuOhSR`
zs%lXO0HTu5h<f5;i~Qv&(ikWSfa(B`AppRbb-Z~Z4NRq*b8>*8CyGW=`~Shk3!x_U
zutNv}VkQ89*w#;T(Ge*YoEhW1vJEl0{QxeGMo82)SPftcw?&n*J?S((-!2C4?|)SR
z8Gw;ZNOVegJoM#j{y`R$v&T%v_$sG!I*8|S0V4V?o;cYb&3#>87_TnKc_lS~#ap-U
zuof$zVh4X1UeJXjkqjt`kr4oK0)T*J^^f?-pq!>Gc>ixY0K_-5fZ(BqTL;67egJF&
zdL~CQCJj*XPB7wi2Jz+;1j?d^_?BqAk_CT!!9o}2tuUa@FD9+@ey|9qcX})XfB^?F
z^)i6p1;F|Mqd7lVY`b5ks6U7r)UCq?&48IR4I5<`8J*!gH$kmw_vX=*I6Rx6dVt$#
z5F^|YA;*N()s)ib2Ry}ofa1TfoM5~9ZV_f2r1oeX=rR7A6i5=*WGjD1;r}xT+`gUP
zn2@Z=lA=i#3(*&GkDi#GHM8>P0o>3Tlj@CI7cmr;NjmTTNMfR??mIo9*C+-6Qd&~7
z{1o$Ue=%N!mil+qaikyO0T?HVRrh*FW~bPOtLp?VtqiZU?fC7l6#33Ds45>geb}c-
z+$*xdgc?Ixc>Cs!#9rXB7-*YVnjo6~*|ck-6#&8b52GiEz2}Q&J~Q)cUFf6(=)bWc
z{Ly6Yc<ul|D&3dv3IRH?1<{;c!)+yv=x=pLxqeGey1lQuY)#(@R_$~MDM^zE)2#pi
zR#oVfE`oVss*7*fR{mAG@?<oE*zomGkOCd!S>VaZ!MDT(Wrg6R>7-xP!;wv&eVJ0t
za{`1R$VeHssT+hrqt7haOD}rhM-`ey7Mqc1qp*Ku>kdC^^g<c{fei<rPY(xx)*H9s
z4?VW#h&#3WKg2*z{n=sWb^v_Lb@5O;3f~Grt0EL|6dLueAUCNCped%Q7-ErUyf#w6
zF6%yu6#&2@EJ|Vj8BFLXBE;YGOlh%)6MP5xdTl@E$ss9H@frkRsz}?!&g>yc+B%~T
zv?FpjS;swsTmr5Jz1Z!`3@s=M)J<#wJVnp1EY-&bOAl4A(H3$_<@^7_@-p><N2#wB
z_r?|~WcN(Qb0?UG3je2dn<g3$r6`Gj4vP?OP6J42DVIqJ`p$kA)78GEm=CeWV-3Cb
zh)3){Acv|>e;+xV;XC;1DclD|;5hatev;Znn74$tZ074t@73BW2?j8lM<<?JAS)YY
z%2__4wIg#}O!>d52!+VZ$vCXPmL>tx5dE-h!$M5n5+E!G3K9UmSW<|ES%N9xPbI$s
z0BaB`xNrb?udehFa_-9?H8ser-OT@u%TLo63tntE4j}a6#Dit|kPUJMAkKL3bZB@Z
zwZU(o4|K>9y#`fj1_6Lf9o|CLrCwEVEp&-%n$=LD;Vmxljv@nqgyH}WC3*_9r&ay%
z%6T-vBGan)+9{$RF~(`~#Ln%msXPbP4KT6n@46k0q}w+a(pb(F>OC$>_2}<e`EltI
z5Fto%sq*CLTYu+VTvYk<>G2R3Ou>+n5Z$Cg1NeiGnuB34|I7jYlbC`>t|1-m4{_1}
zK*J8^DE4u@pNx;<w0<UNQ?vvbN>m1g&7?ticTK9AnDSb*B%I%VZYvTPP3VhQ&)?&r
z1qNhPlyRyDE(O1;yzLw$qi;QkRI<C>R(wO05Xd3kkJ;{QVBqnZ2UzX!PkZ3!fTLkL
z;uSX*T}awLBM}$MKD>P<(-+UL%|x|OXoCW9)0X<c$QtjX>u9j^;=*a~@&<rO5zB+_
z<J*UVZtrrF6wcEX=l??w&S13IJ1SJgt3dv;rvgO@c0x_Z^FZ$JGe>bble@#?@t_O^
zl}g9X11&;+Re<<JY!ClGrmitO(r(#y$95*RZQHhO+qP}nwlkSvVr#;Q&51K{ZqB{;
zeCO1kx1avey{h(pch$41c2%Gvc)jfDkFW_2!({`dBhrI#Y(=aABF9Hv!OoxTk-grL
zT@XPlkH3@FpMjUGFe$ZzXRMRN7`z2xPcHs@3Mm_?g<DiCs=m3u>m|Gi`72@dl!>V~
z>XZ)xjC;wb&|Cunx_*#fun|;^&r6C=lla9}3ZCk1{u{H{$jT&kLDmy!tggp6_E=#^
zfJpm7+31yssL@UH8Xm2iAZX`TgkhF#)9=GX)vSr|%ic3FZb}`vGmE8(UyaC|4@&q8
zq~CC7+6hh?U^`0P3%l=cw%9J1zra5u43%8_#3Cb|sS3*ZhM}~9UKGs}TC@*~#HWNn
z<QdiqrKhmN^F27Q$2hvU3>p&vgvd|+0*6PfhhyVKT2@8kec5DR`o*XJBS5A-F^@mN
z8b*K&BFX(LK?^ugQKTqyR=+++$QO;7vee>A34$ts%iVWjL;3;_4kwUTp|p*VgR{VF
z+k;bd%ju7Pv_X3MC;A6H%ey&}Vs{8lz4pMroWy3yC}Fr@B3*=te?hqS9CMj0_vr^L
zD=uu(;$*l3QO=y}xlw-lsnYyS)yDBg+!q8u(Fs#3s{X34Wf$y8!Uur=%Nc{5w9hbx
zj*eBe>1aC{^gnW%k3&~Wy8eUy>jMV`ik=|z!BA(vUaF|ePZ?l#^0l|D(41^Ev?=8<
z(Eb?FLh=j+H0^@N4-e9e!5lIR;C$Qg`1PWgyZOvg5tl+o9Rv+9-I(3@otlBk(GhLm
zxgDKGqy<$ibDsxkCalk+Z9<_mffAW3d&oCgNGu+c$~h>k>;S-PHP4**XPUQ5Wj_M}
z_=aCtfO^mbCSuLMB*S%(#5o1OzWKL6fKi!HuL**od(%k%XdX4h39f&Kv(X<ope`Gy
zar7sEi3))<EZY+}_eiA>U<JXJO|;tj8EE)L1SGdJ%+jDE1rC=CwAL+mV5sP!K0MX6
zs(U|}W>0f<g7)JWu970_eU<yzn!yXzj=6ou>U7TcQ#KXPr5SpNj86{)$dN#mcUOW?
z(Vkx`I6D#&GARMbPXOe@0JR+$Vq_*O=q735e*^t`0*ltl(ZF24g-0p8(Z((~_+umW
z{VeuQ8X$7pF)V~`qRm$KtKC|D6}UX$saZJN0;q+AzE=H^7X;{Lt;G^fwue_CWQwD1
zep>ef5V3|@chGIR7?vpFU(Q)??oTI+zzQMP+Bh(NfqSdPcN9WrAY_QrvnSWpra!>H
zg(BJ+JwGb4m<$P3C&ZBcaLPskTw%>HOy_<9)1q#qkYSw5V)ptkw1BU=;6?z5+_XkK
z`I`DB*wz#~bPP|}mjhCV{EUPG?bPDK;xDxg#xm*zgOYR_T4*^}g#)<Na~pE89yZ)d
z@n~NX%+6#2zc~=fea-U_w?jv{#;8<Z7$2q$gV`*FfS1U>;3GZ`XC&leBpuLcroMB%
zS^i8kj1LZ4Gi(}ywtw_l(#|Ryv7eTJ=k){tg5LiXqV`muiu6{-Q&{$*hOx~?{x@C#
zh*yPZQTKwYwnOE`h1}U~4bYrl<EKQ4PESJ*21XbP^B_b{i%of_C^m7g9LiieLMI$0
z10!fs^okTV6%=RGP+Ic-@5A!cqOV^C)k(m<znrZfp!WNkA&|OEQ2XR9x+TKo!UZFk
z3d{fd$4wPiYbY7rHA1%scf&wf4~edW{4Ef#uTH^3MfjH+ODO+e;4gh{WN<wIY&Z}I
z07MZl<=iPRKxxr)u5FC!pkd8jpfUajKhV_$1z_>lLt)vFCfH(D4DxxX)x#jm9BFS9
z$b!~DL@yDeT|-@D2=*i^6ux-`5e|T(<g&-17?61g8>l<C?GmTI{$dB~hVPD<PZIn#
z!+L;vxIPOxm=z{gT>ciI6eJ$hwAkNLtWo;LYeTql1)IxIU?rt)TBvm9!61^1c@&@#
z*=ILseU1URFi@t+0Q<u!_AhuqZ~xbPOpsYp?pf>w+^@g*N8lg@f%y9fmq1Cka=xD*
z%$+jUbjo2QC!!MB?gK^@n*+MLsEy_|iVK}8WLi~WatQ0A-X*2t1Yf62ki~55++B57
z$OG-HBr5>=A&}uFJX~2vXA8%Ok`@aB#SQ>k_b#B0X^TQyk}|%clp(mJFU2U*lRCXs
z1-OC(w3S^ak9Fc8<nL^*5quf9{RG4`5Y$vg<tZO=UZu(~fC;+)AD{qmdY=Oi7CCFh
z%@Jc~ES&h(Ft9rY>Y<+on~c!$2J?bO=pNZN<?@-Us^}(0jyo<CjDg?S{XaEMSA<J~
z2H#Mr!N){ZcD{0@UpJ5hQ`PFVl3`y57Q<xW13@`~I}u$%fOZ8T_syOuEBvy3S;^p)
z-W%*XPaiM<NiKjyP7jQgL%7i#87o7Q*0%`Cz(P>)D_J4MQb`X#84AC@@gJN3s%~ql
zDHIMIxQv77Jp-LOcWjbqg_Gj%%P~H*(cd%!kI*zqQHgfg8cHIj$VGN;SP>WjVByx+
zUeTSZ0N3_C_iG80LUNG$!dr+XZQ398p?4y-LSdlFYOeV6lAxWn6aDhq<Q-0hWs?yG
zt+39=DD@<i)tvfDaFnpu`PWV9An!exzqDqgBI+}HG+$A{An5Eizw8LV_AFD6-%YSX
z9M5|FFZc0pK}!eB9(0q(zJN4nl<YI6B#o)lSRN_;jleD`sTe>JKz}r>odVGmXQZI?
zZUrDz6_lwmf@1=fxu0jTdTJWt4SFrO8v)8EM;I`%q0JlM<D0Z@9oJl<X)adh__^6o
zm#9<Fg7`MgApYM`8!0YOFyYnVUuL-Y;Q57U5<A5KI{a<YF^}!4BCe%gb^h32G5o*C
zHh>cKb@#h%KKWLy(Z7*?Ju#s2-?B3yc&QJ2;9a<liW1+kYb-p|g$$;5O&87Xt#?+8
zZEEgnGFbfn#>!qNe^3HW{(>Ec9zHk%AU^PA+gp>|Vror9GO-@55DQ$&A}@w>nv|s*
zy34YL?3!-GKBAxb{gpIg+_WTcJ=n71@&O%@6HEM+PF5b$z<IJh;4C!cPSSxA%r^<s
z2euaCg@~6B{U0`Cv(@if+P69YAn(6odw@tB?OBmS-X}hFIN1s3(|_Ry7Vd<!W)3((
z2RohsRG6b%Q7x2I&j&~-EANJq2d~pMrys{4dO#I3pS#lm@UBj;?3qQlipe5)e*GvF
z9HHr}Rb#y$VY2GeiAurjQ*)qKX$AGYgGrWVlf+<Q&cCP?4uT(p*80awp{3f(cJ+l@
zR0D~n<XIK+9OmM+T&8g_0erMS!wQUe8U*r&3V1-K8$pbt03Z-wi9XVHi_!-mqD`IY
z9e5()e`EG!6PV81Ec9)8dB`^{g9>?-f}6Nu)3V9H9}@%a=f_*7IY-Enzs@*!K=uPx
zj^$6R2R5H^okTU6crO&P0wuGnhXDGP%vjA;0D=fH%=EXc(Kg00@lcl_nsl^6>0kLG
z(?}WfBC#sFhw}Y&W*RbRP#=B<7>$DR5t2Tf8O_^DY(jI}hRhTIR9Aq7&)Tr*lT_u^
zlk@D{e^3I2p9YMZ`0S}Wzlvdq6_Esup#tQfz8#_eTv<#O35%8$ChPb%*3;}0d9SV%
zxIt>pYzY7=!oQtDIb86bxseA96@hN~sO&w=A;6YOX%nMH&Cvc84DRi?gaT8+J+#%u
zGpPeJ-(goj8XO%<V=n+W{l2Q8IKgqL428Ha)T0AX`HQu;gt9Up^3!jz@*!eIf*gFI
z17)Fs_l|Yki+lNEli^?fgBP&i@)?F8qhhWnVuUDf!f6;*#CG3Yg}{KdY}gjUDlHOg
z;NDO35!If83!#aTZX3;*)!{XOl%xqTk7lHwwO0q>c=42F9xA5&P-j^CbhH6(-J0?6
zBBq3o;6}3iRG5jo!L#OuRveJzP6UIfj4!bQhZTgB^+Pv}FRILg2$c(GWhf%}R^%cO
zr(_R|6sVBFvFt*+bBvZWHCa*w0JZU$FW8;{XkL$55JHI<ilI{|&RzL$|4{%;=v9n@
zYFQ@cl;~<Z)&AUD_d(&{cYGmxoGNT3!lxcQgVU>!DR5y@Wchftnrv)8e!3;RyC1Bz
zu{7Z9fj$#LDoav8h!3hmO_u_JjA7v#C-(On!c~k;K{hns86Xx30L!#*vX=HIqdXa`
z&XTONnr<GFyKn>oB4XQWD{?RX(<8`+wpti6gd4=zE;IY83k3~_E}uzIJc7lsSd$Q^
z9{R-bi&YS{0~4&4u|$#YB}F<IL;6PnAX0#oY#KZwdeS4bp_JTclG$Tm`f&@Szp{h^
z7MS@UKzTdk%{G5dTpyaBYKN4%;kLly-4!i1<{qg(A%+uMV>))-*U2~NrOv0Y-?~-8
zbcV*AvYTP!IQ^_Zg2JPxtId-em;BiVKsBZ|D>o5{ppL={01(<<;;_mu7ckZNR0=`M
zmv7*S3)=Iz45p-50iNCRQ)1LZjpS1-1%)1su9wain_W*FQWF6f`CDJO5#8a5BuN*E
zo5z<TIJL1ijEMhH27pQQgq<fIuq>m8${`%3f#XbvNl@flFGZcy^UGLBF;eCQ@^LYs
zQPJPR1z>U+B?%Lh14h@cYzm|Z!2|@n7YpAvtR`~M9A8CizYUFY?a&qY7ZW7V2pkZG
zBS(7u=x@UR)N7o2>{<nM;63etusz*v{!I=5Um;JZ_Crw;o9-SzGHyeE$A4oQwIyu_
zieWa*D>^TC0xqF$ijoL=bfe7yphVG?Ux2^KmfimRUWuc%bmvj_UtAa%MA{r@BmmWt
z+z|2ZpvQtTZyFfbwP`tsL3%U#faT3V+POH+F(8iJ8W3OOkSRXIO5)%DzFrc<#`)FY
z;ZmLs7889m5cGqcs&5=$tZLm)UZn^$l7TiCJvr8_<q9MXTWe_WJyQ3;93i3WPjLIB
zo>RHgT|c1oJL7%Sbt^x)GHa?WAq0r2+Dbzl%J48CqTFYNV@<Ig{D|C;ZxSlpJ5&K}
z2d?qdBSCAsU!_)l^Ix2eiFQog`Mhu7&R{`vB!OLTj9gvle^%u>pft?hT71<t|2=$*
z>X~sRY(|HAZ|Gk4tg(_lqK;xVX86YzWMp}e5KS9R_c>9`O0U76m=rzBdEr25R8fvC
z+L5T&R=v+0;fM&~80Id6qQ@n)uC-8xD6YwSVBm;>II;$T&rI$hI0PE@8)I{F2Rb;I
z`ayYuX|n1D4%;jnc8xt?vMTUH%fMSR;L8vF@utiLg)jD`mp>5n0mz6(YQK{;Eu*~-
z1L%|Rpn1QLyZW=pwW3fq2>o8ci}<gKA5h8|9UYQqpk3HCaUu4cv=V;?jJgQr<qtFR
z%Vc{5us_d+rZ5Y^tK)AiqzW342t`k)ukyvd1RnraZOvAg!v|`&6<3sHriP6t*Zt{!
zr604fIy2N2Im%Oq1Nf(q)2#uRis9|h7|^Og5q`(j;1YsF4~5EMZ?)H}HkcJ>$5!tr
zQA{+5do;$*E{+ApmA#y&^sS>O?i)lalt3{C4H;!~t8r%lRFnFb65w-P33xo~5MbNK
zJ$!`!tOv?Lo9VB65U&eGx9I7P#GMfB&{jyd!@{X=Rf!Bs1@dS7nrG_y_5Dl|NpFD_
z39;K21ll(*t-nBJ%_cK_3rf8K<b!5`)#c#V=2=rx^mHM1H)af1D-N|3h7yBZ=!6bM
zig|)<28`Us;(WoU#Z$u)3B3BTdu!~BaOE7!Z!H#OYZttQW%JeyZ-w5b4&3TOaMf7X
zvsF|dTaV(tRUmaOSwpjI2WfwB3K_>h`l%$ckInV0o_$RzJ-1LeHM@B_;_$F_W#Q+(
z{53euZU313swiiIK7Y^Dd1wiOh?3wxn!@yguJ2am?SL8{)Hyy!DJ(btfDx6l32l?)
zeufbm<&Bklm%{vWAjfEU@_4^EZ$oIz*=Y#%{jg2d*;z`SHj6Bw^>{-DN?=V6B`SIl
zU`4yxtY3M($b{3((<c*|f&?~t-tYtD7=HcO&6CWRk3+R)P|IQC6AVYU=NUGG)>rul
z<EZL3wK^U!6oRD*c?`sqTO+D9q!Dy<-ZFdy2+k{EwzU@VGqAC%N2nWJORG7lJC>JH
zo{?{gw%pCbJ9z^MH|hm|oqjO!bMB}MripEB+_N75MDn%<>40193X!NV7&o7(viwJ3
z5aO}fY@sG~?K`)+BFhl#fJAq_<{UpSLxjJd>Puab6rvz`$4Z2Ko>V&Zo01yixS}HC
z{Hq4*(p;mdC3;ET&ne{P2IyZsm?emq3pjMb{j~$mroJ`Ewsv<8!wZ|XTQ0$7HA!tt
zVR~v74@J`CbIB5IKr*JnZ-;qt$iW_PTuiSbHB+GNEXlGNxKi6FoNI0ZRgu{kL0(&r
zSGsN1;-_@XX9SI{r8J$byRwAjFe&k|1j=c-mHA?{Ra`=~Oe)5~Ko5z2>=dBeqs~Fq
z_+e99-f(pKekll1ZpJ*9UASLAE#hwAt^be8$Yzu)!)W2iIgX1rQ6A4}A!n|7lxu#Z
zY-wlfA}hTj8&BQPnf#i_NX~JCkUz23w_G5Yjv|`~mMpL&d&GS><HdPff#Sp3t!*GO
zQcg)&A5c3J(i}_JPvaeqb4D1tP}{AYfW+B^ad%#W?BK4=TlVB_M))78^UMaj$)gXZ
z_>3p&ZVtWdMLC*esfhKsK}!=OXhqB^#{H!dN#Bj92aYs2tSo)IvjD2jMpc`N<f(GY
zR21NqUWmGsOp8ak*d<xKtxsXX2yyw`%wL5!gcWQewtIrVUq1~A|E(kt8=-Q>W$Sd`
zO8;~i2#P&HI?rM-&32dxNOluNS0$xdsd%&aCC_eoqsGlS_C4|@TNmLM-WIYnxjjTD
zO)6OD<SWd;TyefxqIpLXN&Q>{RGRf`noDKyMENG$tT}V<+xZQrU1%|ut%6j*>Ufvt
zChT6WaSiyMsL))QmoJ-*Bm9%|p_AUS%Q&_+0bwFWM==msQv^LD*-+Q2d>(&kpZhm^
zyQldBga-94+I!KUHNu;wGRPCBP<Lz*crE1&i3sOlYam}2RNDUpbqC7$g3y-j#Hu2C
zGezz3#kMD}4!8r_$}L)I0-v-1jpU`MtQzE#gujFBJU=#4>i&sVfMNDnpTyv4fOTNv
zv*UBj&u%UBw7T}$_^48IEI+<eg@#gM;|FJa`s+qq;Rwi3*R*ONXUC5t80(b1VkJQY
z5%Cs)La@Z4peQw#n?qurKq;7L-$iV)krPhv&)s|VHRqn_V+0FJD{v%C4+Q8kR7knn
z37y{RV9EHPGFmroGG%i~D#Ufj8AR4}+0d1PZQ9bFb>hb%r^I1(+>Y1hC@MevhUqx!
z%G^d5L{rAQNIt`ed@z9`V%eh0tN5nNn5L&u-K(;1!(r_9-!6K#!<Z~E%xuXS?SUOg
z5Yv8@8ev(o)L$>Sxbj11Ka^7Rq9Vq?=W6@Ew*lzp^#w5#mgRWR){buKt0EPhm|DbQ
z=Sl01;g89R*0^H1hFmn>#XsVVe2SA;qfUR}SUyeTb<vH1rM|aoL1YfdJx2x@y=m5Z
z7n~VJRVM_Wl{8b+bcD#efrJsaH%d6J?Ay14q=qfXF|!@IYw5xZkiHq+ig~=bg<~dD
zr}#({03U}dWmLPeJJuJ>9OLs#zcj${5)*#LwH;+4@2%ZE34$qVnYyo~YPI3g?H24}
zZbp5U9k9ATr5c*GbKD;^K0`MPkfYa^?VO_6U=r)w?OedT?Z&auU_>AS1`LgV72}XO
zU^Jmb)krK6{++y1#BX9os2li|0+<#pIK2d%gy%{AC1v`5gMd6_c_NIESISjW?pp9N
zJqjShK>2$p4vrauSbLW0?Kg3Ft{X!-M16IR6k#Z>BnK6g4w7QB)9U$b50OrvA!x+_
zry*%zIOUTu%i7Ar#@AH%*eb`n?nkv7tXikvW)}{nPhL!2y7_T3{T>8!x3IdxGn%wT
z>4s(ZNjoedI<E36PD7$U<4+sUVIi84D9fn6FE%0N?*_&lh_#u#7%T~VDG5VU{Pvwz
zFOP74S@Ij<>Naxwx&4WN&k2g2^;pF)NzAW43Rf6v0W`J&nD;VQjFNW?-NxU=uJYa-
z<`p4WdC3<{2?VBKWJ}e{Ui-6B9j<X?U8G+%7IuNFd6xx^TKBFwT~(`g*Z*e`AZ3-8
z5!!l$n~H5D=D}n!)Gc#8#`8H3d*K|{ZG7qKqjdV4-#P&ff0DPLh6oyyN^KFNp8+3*
zyvbedOgU&hEXOAC0f`Ln^c-u&cVsYf)|^Drlt|^Jyq)5oQvR#ZpBKaB+{$(69?(yU
zS*You;-%FCPGU{ED=LxR4#xO|(s_=UYDR}reRKkJm17L2B;y=~%4e7*)k}r`5jlc}
zHj#1=lDY{h@U9NR)u>);>#BCa>O}2g4gMUY&v6b?_ru8jsrcwSBQ)o#V1-QmVXpAL
zUbn_8rW5ZM(64?@N;4I;pDOa-q;9A*$)2_yBB9pR`>A6B4NGlUgw4aKq44PF8|fej
z%?CifECTM&F43uMC}{1=pJMd?7BYH7K<Wj~h)7>m8?#|46$ME+moii;?j99<CBD#r
zv6B!&kjQuC@|K=~r~{ZYGBHEJ<XsRU_@_-~_Dl`no7gM%`unUhDPUbd@fY(l<6p8s
zSp?q#SiK;wpKpKT`xSE%Z=3bHq4%LqNOacJl+Yd-wjDN$+T*Zn{RheHd#W6vPJi$9
zmIg<oqWWUzuyXt~%3M>~cL%j6!&!|G+hLGJp<27mtkTUa8zXPYf#(*&`zuj+ORl6?
zV4Kzbr}dF%ykpTdMEv%zxNK&!o6n;TWB4)X03QT$=DED$69^-3le$Jwx)O%qv=`(i
zIjc<$A!#saJ`j=D#jVjyo(EAW<Fzd8y;oQjpoCJ?hL4n(($^v#erPkDSO@@6DJ&V;
zMj{Ufe79A8#t=ODzg^`>wqdFU&vcuOw&*&r#y%Gn6quNr$FDP1G`YWy)_!P24rvL_
zS?xat%VkSlGRw$xBkKS1a<Wn^rvOhd&TlO(<fBAjKg~>T<{$TWnEthj{*Y;^-%)B&
zXPwT6KMqF2olU`@SI|}+QHQMKN<oO?LR~>;z5DfE3s1&qUPNcfG19Zu%`svYS6SLi
zC1H60?Izhn^)7-{(c|Y$Jij9J0Pgf>O{4j+Sc&i3XoO4<C?0mC3IWibA6}(4NzTro
z3wA`!#_v3G^yCh?)X)a+TS7v1C{1;JK>vZW%9Px_TqxBNi^ot2Ft`gF!%D4!sTdG&
z6Ie_ryi$sz(KdHi+%8byT~JI7@=H-BDp>CsbUhX|&dqf;YN#=?HNP3}R-rY<aSZ;>
z%D#UK=pbV|OeNt?Sr_)jF2br5Yhge4gYrQ((K-E}HKVJjUN$B=_f)>-&QmFaD4j$C
zHLgzAScj%lG`rakBGVQ%77O8<K%HZBa|lIdpg4n06)C0dPHao~9BIP@134;?7gp>D
z2X)URw-QQ|l}itZY`SA8LZ)@BN{<s+B%pbsd%gA0dVX8b&_as3aXf9}C+Fy&=yLy1
zP8Sd+U{48nZQJiI207wFb|{nis6iYkTiKgrgqe0jYAoekU{;q^c~zXJ4*H-u@D_md
zl5{%pW9}c{hupF>T^Udv{NCw34?7z;y$RI;t2IYK8<0FRGVM5XN4f>1$XZbtCPbV|
zP4FT;j!J$&N}YN?jOpgDrN@Rmmz-mA!Ej&UC4oE2b`?@?>bz>k2OS<Ms-(d0zZz$?
zAlb@+QYpSx#O=DM+lVB${(Xq^MI2diUXms#{V@Ac2Yyad0`B;~CWPi&FqG~BSUMI8
zeE@+%UevN)3_ENPclI!pR`(gPImGFn5(uf7yJT|5j5Eqf%aAfrKJR(IJzFht6t6KJ
zp(|&coJj?n`LM)H$~>JWxm8oi99M3$cpRYEmV%(m$U6MF(4~kL6?KJ=fQNNuFjWRm
z1-2s>^ZT7zy5Jh=I`}$gT2&Iy)KSfBv2C%hb_+iil0xZVLW^y;6hVeXE>vSrd;U-x
zeE(p$2psUhlx6L1NI^qXfNy{Q`}mC7pkp#ZFEJqE?ksJMNt|yxjj+RP9{Kr><U|a7
z9kBMcESG(@MaoDDh(n-9bE=K!buHgCdY8ct{aj#@nZKy#_om?(@l*e%rC1Dt)~SpU
zoXF95IL#<^czrj6I2{R*B&D%%z6Trz(-SeoX?O)m@F4_k_BLda47cb1Wt1g`y=}hF
zsz}9cN)+k1<-T2OTU#y}#AX}sI?y$Z^e_8z(dD{wMsh*T-tI?VTg|IyCF(coTgt)f
z22%<xd-M4p{1AhK8SVu1{fWihRlF+`mOxE(M*Zr8@~Or}!7=(mZuyFT@3(}PQ6++f
zL1V(lBkn%65M7`N63tqKSgA2ZVNx;AAd^sBy7=9QMPF&-lGFW8-y2r{#8|A}%fh?k
zNEayTb_${?_z8N^5Eza5{pUS8^OYn1)K&X*J~0SD1&z0`|7^2<yUcltt=6{t>{|$_
z@8GYC8dTnO1)~pE^906z0ml65JvH^q99$oj1w49ipPkoblz0m;d8)ls6;5VozbMJv
zr5Z)n7U+Ijy9f6{+X@LW$$lb*@kxn{3TWtkGc4#c+$U!mu!EL&Pn55rcvWEYo!aam
z);=OUbmth~*?wj7l4HnQ6-iu%GV{^rjmkjZe+JGUGEz@1BJq}v1=SD?ld_IG8$L6a
zyVeDY`!+yVi%j|r_w%zPU1F*vAr@kmR>Fc5g0ad&Z9`=!0{9PrLp|@mO!qPNKj*#{
z0ptP(SrRReY~XaapCBl31PnA>)iWDfPB_Dz@wNvvO9~dQjQZ0k5g3mwlW1JJYo;9r
zn0UJomKy73*$v`~YWW*$<0kg}Deevj%nYMkf4(`y(2+WQln%LW4mh&YZ0IxC%WdPT
z9uOxE)kB4yH`}^YcHji-cX6#cVw~?X*^M<AW_X_k$HRN&!uf8qzYOU#>$6e{(=n7<
z6wQ&YBlxtO%qkpWNsC1#@bf^%Hk}^FWRg9&fqFBc$uBUX+eb&pkf2yK^%S>ht*=0s
zjWM95=*%kxS&GFu%#r1Bj*#cWIWCn@lb!M#0)3>bU(npHeyug}w#p1lgkN?%;Lo%h
zw%WKu2Ajxhro35M-?g6apGL!oC{P|ie8<*&wZ(B<2FW1vv#!K*m@ip3a!Z|KDrDo4
zb&tc5aKh>D+$0q-^r}IqTku~jpoaR%@dz^hOBxN%S~<|jN<E(VB+;*XTTVD<v@N&z
z2+3WIBdjhymS^?iMFzjMdIg;g&7b|LpxF`l41v+iPSb>jaH5knb%=yt7d;LU3$zE9
ztt3A1K>|SyQu(4JYTPc(DQ<XkHGiRCk^Jf64_;#1#ul~L9|P5rr-G(izkyDlj(SI*
zbi^eaZTOYx2fAR;68z@b1|kfOcTveh5FnsHRRETWq<3{>4?*uwcdR@TA`l<jH1w<c
zLq*zVHKclAY(9rRps~a$SOcoB(W6t5g_YjAG#kaH%`MUQV0l%X&GnR{8&Zh;&s&Ic
zBnO{0$L;Bbj0bjQj;VR~WroLU=id1=_1d;nBJxJk=#=p}JC)JlTgraR_LkaGm;1*l
zZhf)d_?to|6A?2O+>K}2wo3Nx+h979US>noZ|`rs*?#KL3fu$ioC!W2;JDwuy{PyJ
zrAp+*htbEs-Z;%L>3f;f9xo2zcz%yfkf`%JKFNJ@$B!z2ne?txklOeoqC^&D$eA5W
zm2dT3_u6$fEXI4nJ64ccsvvw>RUa!Nj!aG@*IU4cb&F?M!0vfC+7M&I)3I5o&2mtI
zT`sL9Iw%Ez40>(u3~+<<9HFAPiyc03mN(Su@q$bCBL}{yy?fIUEfVS$193G1)CTxz
zudlKu1R4I`N?G+Ubo{P!Y}1^Kf_QlcVZ{ix3^tyS``LN7Klb^ET)_Do;VqY9`zeN+
zcji32nIcs;ukkS=5CA~(YJHRnlCOF@eg_Rq4v``NB$R!CSeq7s7&f2A)FFUhO@dFa
z!AJ6WWlw#6c<s8RKx8Q#j<?AYUT-u?Z%*M53|fQk#us@y84L#*lR7Yu(RqNRlA)eP
z9+rp(&?CDQvr*>x;Wk&NTWq9OspvQE`Yv|+JolLGI-b>bs(P9pvHWr}l8({s;Ib*)
zi5A~hbm2NCkxNtXX{Kh>jJwYv#CnTU$%OUqq>mS3rIvj$mu~9=iyY<mHSSM=asw^N
zxW&+Tx{T^(1MvR6E{(1z-F=0YVOM5;xt0z`s&!M?SB5)di$L!%@0Y;ix3xp9oiJ0)
zuu*He8KAr1x;e-O+g56HQ2m?89y$7YDO?Q_*qU`QQiLLjGkcjL*W2Ezk6#;n2t_!c
zU?DVp`c(kp<dm!w;4T%}E4C-erG=H3o4CAMUzO)swYvCIaj@w$m~pGAS-yW>O{cWc
zEM_B4Rs)&b5&POwtNPU3%h?HJJZ_8DVeaWlXwKUkeV8gI$As(yS9}6LhCj|!OoCGQ
ze4J1!x2qL>=hdBDlwoZFTvB`YFmW0?72#z0PeALL4S!FVJ^u%l80@MtuDkApR2^n)
zQlFJ)@Zlj!9BCAnuTcd;W?+$BR`}ekWv!_+>c-o5l0%5db(rk%Z<S|}%`kyXfb-0I
zQ%Ne+K>TGF#8&-?r*TC{j=+k5jE=-Yeodf)&>$nDq>*XqL?I6ZZsoU$$cvn%wJ8A$
zd~7j@*$f>Jef3(ZKLnKAPET^93qC&4ej1BqbmdN|iS`eXCn*8<o8oFEc8-tu=<#nM
zyDH?%&y!hU%tW|8jjB+IRg+acswSvyfi_9T<u8)zj2W~IYt<8%zvz~Ipk%YcUqYs(
zuo_8UMZ}dpsveR+M3$Q0tdQ)!xoTT#v=JTeRP87O-!E567R+o2{y?dw-HpUbjaL!p
zers0|Q-vn~V=zOdm3`ALVL!Mon5*ghL&ZxBk7wq>XaD}vrG@f{SFwUvgwO_iC;wK?
zwmk*Rc5T<Cx<|Mb6IRWnCKZW(mXq?`eLuMkWl+1^f8G~mxoGP<@9)Q@j<?ibZ%WtS
zz*;C!gGcq2m9av<X9b{!<C!?iHdwMv3cVt)aHP|`w=#Y{Sg&Lh2!yXIs;$B#3A-rJ
z=RD-qZ00;0P(*W1C~j{}3s11ar^lhZ2b*t0y8@SAL+v8}m{J+vK5;(erRr>bUI!@r
zt+GoPBWST?+>C0eak&&l{XV{+h7M7(gbqDcmbudgRnteLIa0;p?S%b;EH9-D2cOFz
zyj?tG?Ov0FiM;{GTI!^@9HO|}Q)M3y56(Ba19PTyAuZ^HrW3~tGy(x3eQ28hv?SR8
zy$SCB^1=)Qe)pBShWtJ?N!2qO&rxOdqo%xyErldM8&o5Y1d;X~P+9d>N7<1DdON&O
zc?&T5DH#z{Kl~Q_U}+I3>lD!UXox%nsOoSIU02Eb>k7cQ<Wj8YCW>w+V)>m;>+TFk
zivkz|U8UK6@TK?byJ7`Sc5wNoL{?LSqZ5OXQDaH2W73=<zxxRpREzmOCM4W^H`hA9
z`0X><z49EzL;d&Zc70Bs_fMa~fb&C6bt^3iZSA-QH!VQ+l@l9X@vivRr+bZebaa|P
zBS_MAl{$x}P<&g>geUB4gi;A>@3VI7Um91cnjnty!agML*Kt2z<gdoJILhGeti!sx
zz6Hv3$~7AElg9GyC}-YlI~z%uYS)8wmfv@QznE@$`pWO{npn;(Ja~I%AqQg$I~sao
z@7l-FoCI3n&b6v~^DnQZJe^$#EtG)R$A;@cIC8dJya!P{EE7ySMZS7nW(uU`jh~-k
zXXBe&tl?QOAGOEqk~Hu@g3b$u+pEiXE({XzNQH)j@%i>2XQo!J1K(vNxWK^MK-|8M
z!UK=@>}EclkRd#@=4OtnR#M$PNuXN27NTeeYJ7}WCYr=I{bShEPY-5VLb?gEWwVLY
z<C0jPy}=9h)D4at7^pUXid-be@$TL4DVkC1m!)||zch^CE#TpV@U(j3fHbDb+JvlZ
zhMPWrIfH)*_5!2hIH)3{fGV2#VO^&T`C2AOtjWMfi%tN-WIt@!X-L3(Rqz1~g1C>c
zY9QR)n0wsI%+KD`z9pNR(7<s`HrCm8^cPS+Hm5QrhUjYgsA#va1{V;-dPSPqwsL9$
z%?It(C?w}d-cyCJy<B*E%s?FNGZPI_f`}DoB9kn!=nwL?WmGN#>d@%JMdPL)v6X_e
zF1#l$T_<CfEr!z&j|<3K2}_!f^l{5Y5WRblQ$OO?Hk9m7dmF%uUX;^5)(SoPNbg-a
z8NP-9FTcTC8iS95Au|Ka;fXkB&SoSxWl?0<y|&&}zOH$4==zhqXW0q|qjxA6a85@8
z#D~$=F@+CG(?m<TAa@G(N^PkZwERPx8yl+$MC1+jGY_+16Nnzv`+X3AOCwJWjlo`_
zJm9d+PUr{r6IxH9yG-6D%K=9L2Wkc#G2N#RE?Z5)=U>T@o*~hPm!J9PC}^lq9M3+{
zCwSsTfifo=+t9*lq>{VwIi0=R3<fTyvyoNclr+SB%MZIuVohlBi;{$YtKckqb?4dB
zlW0D9R349_mVCkkNHx@au_H#N9&gBW+G%BnU#J4slhZ=&V1ly-PLAer-t<J{kG9_j
zrQZ;iMR%_5RlP&Y*^<0yUWCRSa5`y=LJW!NUIPDbxg(8G+iZ_Zz|t(+z5;M;7aCZn
zKw+O<WzY$pmg;?dz-KwE^JaKf()=WHcJ^1;1C3cRPld?&o(omTuT<yX?9#mH7he@n
zFXb4j=}ykzt=6Bev73N;0*%m`B>kC^+IzzfOO+5QVZ=AC+HsT9C5TIcOxgp3iQ+#<
zEf%HLV|w3Dy~p(i46s@@p9md7?QxOjH=eCf7emeU#18!YXeJATr^tx-hAH<g?C_Fm
zgYXB6M2rPvD6Qf~H0X7xQE_~K_JcIx<9+}EF(2aviWV3Ll76%UM;KpK?Xu?Y^6T_#
zM|x-Q^0(_q=@V-$J%V4mw#1Ti=+s=w@5P3C&FNe=73R6ee-X%DL1FLALE$smozTq9
z!ksLfd8&vYF_<9}D|RpYV+>VNNt_Y)J2Uh;;4;*ug5F0A=(z~9t`!(?o&3<w216f+
zm;9FGG&JeK9@Nc|5J?KNYLY~(O5p7qC*p(Xugz;Z+|kRKyadCAevi@T=T(q}Jn@Ep
z9U;+O1`+R_&qrLEhei=8JwtDRkJc7bNG$N@qd7(CGFOPrVN_OT(KkrVoegRXOv3ZJ
zBjkzCS*#@jZ+&vf!Xk-hoe}l72BBgL_E$DAIDUE~9T{i|lp<te7MmS!hMj5l=m4nC
z>oTDrxXC2BnkpEXNSi^2*mLK8lIx$-aosg9YMZ9k?4_7`wz!3Ex<7<F+=V^ynNMSk
zVDKV#j&q{^_@Ky+{qJT0fuJKoTC+w_H~;wKvh7I$Na{vz-;KLxRB{~>cNa7_$^xXS
z9@Yn)6J9M$8w<+KU2kfIo_?(C`j4H6Ki-LO`^oANH!{o5>lsoM0bBW5O(~3v9i7X@
zFUXBMPmF$k&IkMLn2t3V3bZ;ki$ihK@ORVue!y5T(DB2P&^U;T$h*!0mG@1s1ujzO
z3H5@9DJASO6Yu=wCDy=;TV>4O-7-^Oy78muZ9%<x-^RJxLkp>EE81f`z@B*=9bo0t
z8<k{>jfY)IBm2><@i>G6b3p!#Pn!+A30z4L1riM}1vWHdAF}^xX6w}6Q=Tz&8zUmb
zW<#NnFc}B3lvM(&DYn@4h0hfwrvgn@i1#jNlnaBZ=>$=?_BC<{k_BCxDS2z>XNEb}
zHK4Uo5;bS*2In#8w#5jV5v}Q`W5|<i!UhmCO3;-V>AZWxonw9(V21eOv^ahm8NoHK
z%MDKzspK@&4l|oLBQ7w&K{)Ri9ND<{{l3`y9HJopIp$1N*dzIV!y>wNH|$(8oaaWs
zh+rTu2RVyGvOFR{&!k;_uc|)47EN|T9!&f2dw+nXONyPmP(UOI)3MliKM&LKl|ROa
zjppvuee3OYhI~mAHt&Gfw{@}7tGO*+z-n`4Wb*=E$ILAN)Wc|;35sJVUmdy4iO$4v
zs{8NXpsbA_#Hj7m7ERbKk>EIH#+OfKARZaHH`wupC3f=FHv%Bq{EvjVq|q<CnQdTJ
z4^=J&zmmlF2(S8R;<%bB@~=2d=|n}6KX67dF5zWMMg0TyUK=K6zQ&oe9O`RYQc;!%
zWtOUMiu;u^KP$glz{E5X?N4*U&8BS${C{Ey1bajFIi;ivd>K!Y!S4ZKW7V*LD}{X-
zuAJ^hO{fBP?3NNlOiz1EKe(X4kiAT?p-zZY9Wf!{R0(zOOe>281e=V8)nu#Vr`cQ>
z2+h-yKZ`04y(0RFoV<cuZ@|IhqP%5vGFBZ^c%;QrAiHS_xK<dr5$xatYE_4Y)Nq_N
zZ)}h#1|>??3WnHY5>ye7K!TwN57=aXVZ83C*L9AxT(5!e8ji9h;Tx0VR5ZENH$huB
ztO*A7X8oPqKJ?o`I|L@jzJNg7&kjk93=&Pw89a)fAF{H6Hr3;uY3~dI+-u~w!lR9e
z#OWFQQ^L;(cHN8VPWo_V;$+_ln~=>>U=UHu4HO?jib9Q0OB^=lu+S0(R2hX@U1M{$
zySq2ao;rxBf47=LugaMVTlxktO=K}|G4ha|yynwjc9BH|$D)C3eSd8==rvYTwAYAe
z5+e>a<|E&qzuv|RTPoDl>E{`t;M$`OZdcpnEOXUfn@hlPEa>zAo&0u(T_P|>iQ<A1
zvI0E&!F^;jxVPbGHe%y+-BV`FTx*SHK0uTD$1hQ{V{_MX1G1q&N#V!>^1*OBJ9g^j
zX01Szq|XG6fMtvvl6@XP6QPcAYn;{_howU&-UR=xcc|{&U2`g+arti+MmZlv?EXDz
zPG>x$bPI|)(y8yeDIE2;OpO4rB82-nR`n3F_axoU#pZ=<yc(k)rVu%6hIMYpoJ1$l
zX>MXIRrMo${Sqt)ecUbC&2AQPM(nYFnkgXw`eE%ZansUH3=PyGwVfA(!3<ThoJZTC
zc66vjz5L(KnG^m3_qd_c$&>u0PzCxf7*RXdIjww*(#jAp{R?Dn5Nz1fw%D}<YZ{Wz
zOl)4-<voTFeZA1s{E(meNh6t(rPi%!5F&?{ReJdmf2k<{Z7yFy=llDpk_EwGhxTWT
zMB^R&%1QBm5794fr9AX^HzYAbUU3SisNhcOx|9XLfH1ofi%2?zw-X*GdiLb1LnlT#
zmYphF3vxJ`_{|7=LO(JzAj6rVIftzWv2&sXhGgaY;>S;^=zNh9YM*fmz3^WhAbO#1
ziJvz{zlXw$-!|rtOR%toZ}ekVf011@Vo3$666LYX=H#0l5jmL)=GGWND_>y2tdd#Z
z^NW_6-&72X4WNSd%&i;r!lX9w2EVxJ^E;=O$4JP>CXy13u=KtOnI!Fun4uhHoiW$x
zIUo(eSf!?D7~8^%@#`lNU8k~^<F9&q%|uMXxz506FJ#wD>K>Yr{jM7IAKw~#dmN;b
z&YKWdi;sHT@@;WGWQY!-yR-kInPo%~OPuqJ*5$Y^!I43!Cq*H;2|PdKIdVZYK6TQO
z={-rMrN{+?Ru)zWrgK>3@^Z_tNDa)%nTs3{tv;GnhQpw=T>KDXQjwe94am~#PDeOs
z{?I%Bb`9GCXFbP&1JTwtMYjJgellBJIMYcfKpo8}=Mq&#U*o%Bx};Q`7{8r$*z5jB
zuYak#zl5X;4~`RF>72)TxEKRnevC=ESfc`dtg!ewOi6a|-rDMrDWA|LZL~_ngMv+U
z=bpPHCO7g9@Ow3(h`$I?F#4tt^iuUIo5p$Wt@9x7d?iA?!A4BJwrrkKPgRy1bJS4V
zZODl9MQ1b-95$qnkqF!|GhO}$S7^c^Vh}r>^Y~U#(X5%Y8_t1iQ$n`S793S_GQ7Fr
zk4lIhchyR?FqbCLs-K!aSR%)%rs+Zu;eOCixWHrPXM!#}6jD0)VDhOS;F%Mh>#9Dp
zljT-x+|ak8*Aha3M><h01G9?dq35~^;XY(lj{M-yp@3?;Ve2dr%)OG_%Zys3U0Ae#
zU22!y)Qp-fo9jIXKADikOrI_@RSbXh3YSE6IbHMXU(wp^eU<s$?H3JjPtg_)+QJ&a
z&`9c<CDir-zLU(4{{P$FXnBJ{m(=qrv)CbEDy(X5aM*Q*(JK7hV#GGYEIBQk>G(C<
zF}?#Xa+Zq;$B|B&&sPI0<+YWu6@%Y(7)}C33pu_2WJT(0?%z05+t;vUo#FY<Z~lR6
z?g>@*ErHz`L2Uk*NmCrAP`?vm@baWwu!1+GuEvw+&@p;TM(Koh!#D(!?pr2}GAeV5
zxAeqv<vm<^bzPF0Lcy~o5iY7U(FBWAbO1>{c7S=sp2cbGESl5v*kcc{Nuy@zww~T&
zb{O#-k5#7!kpFB<A;>}Z1miDoP06IO`b=Ao6Rtt!hC7?2`+nv^q6%zv5Wr+6VGn!f
zpH`48NM=%;r)-?c;0(@Sz7v0bO%Edepzmh0*oUmt8d@-RVajJc*<!<c@>c8IU$!=@
zT>{IsZ_Fpt0#D73s#)EPwRtdXIPn}l^#fCOV)_~G6OD~1V-$KDipvC}rZ~)0RzggE
zD*+FlOVy(OD3W=5v9k^mmKr)C{w%&iowO+2K%x(rq`dpv-{~ql4X_fxBC^)bI%DV9
zcVDYznoRwMRLkQZ^(X5$`soVBAEi~7l<9q1`^{!i+PtwR8rCRnTYr~*e<D^eb4vo~
zhF7|M)s$eJ??|;1nD1!fVEpzmSBlU?GN=)vD=RLuOW~Bi^xvMN9=C}l2q2s^*MH#e
z=+FjCyV+dvOdU-l)XvYIo>S5BUV*pJuK6z$O~o3D_IP1NXt1N8a819?XiYgzkgL5~
zEd|CyW$l+%-vQ?NrV@>WyMttMOtX%?V>8fFHErqn<VY(~mO1EOcW3TB*5dXl9Y(t$
zxfy~vn=qC??|R#-I(6!HCx{KkYDv`UY0-Z^{}!2XJ??C@ZxM}oW_F0>;dRcjjT!I!
zQ4g`TcCtOQeg^kAC+)w;*U!~IY(v@=6%Cs%haq#zdnJ;Oj}TEDt8=#7dIPFOb-3xf
z+Tr%J+^va|Q}AQyqjFr$A))4jWbxw?zJ1`dj#mV=0lN>^VOokWyfQxy&~FSN!3L>U
zN$=fbv)?;(@WLTKWZ(#Q1)B=f?(|}goIthW>$vev@x*uRc!YnMms>75zEc85nd#`*
z`D`JUjW*HiM5disC{eoLpJ0EgC=s%0vk0ckpcxk*3>P$hbq5|DK%&$*ibpsEhb;p6
zpaUOz+mspXrcV>uNe0DoZnQXK9GhQ)4ZbO5D}>o8Ke599D$*iG4f{36jpEuQ`>{T)
za5M->f<Q=>J9=VD(PTq`b{Jc8fDKwc&fMh5bz)ReTyA$A`G&DrMQ8in%=<d6>r-@9
zyp~`XJFqBxGx$z=<=C(D7p`q9s+8t!wmiDMk_v9j1(_`+_iwP3b3T&Fga_icZgS;j
z6qKatRJN;{_Tkv!T^98WtI&nVB`^1&c#ML3ZWQt6DO9T;xBQflLJY$RL1k7D60ZvK
zOR3||7{QrEOeUx&F1Lty-{u&M&V&S|=-_rr*zJ}?M*Mlz(M<qOR(wJnQ!2+;#g*n+
zdFv;!E{6Z_P;u)4>oGy7uMMW_-w+j}&CkFmmV57)1MUT((Rou-e4|u=5rdQ%?##u1
zXGVWa+xo#e8zZD&+Q?Kw1~d6A%VK6d6m$O^(sw6w`sRVKrE5Fj)o!F_QLqXet|{2o
zz4XgKFB3hvlMRim^m#h@sJ~}*6I-8xNFkg4voIc+%rx%DKMH2+JZ>mP5{~tR-4KVd
zr%*k_XPqEyVx6?@0nugq>pssu;?OG~SZ(a79LpdjM$hR%B@jcL=?V6N+F|l~xmMnB
z@EgZ)^Qd6`yM1NN9S2+xN%;_SJ!pgN)B(yL7Zlde32dw8tfaXP7^SmVxQ6vtF*i!n
zZIN2(2<9PQjfdgy&wF28y!k6FN!zt`#yuN<cPcf;Y|LCdVX_2k@Vp<-(8!yVOY(<*
zFgt2I%1B#vu|KF^mITa28Xzp6<m!c$P0Y{?fhtfk5MZqJ{c75`$)#1Gd!s9X<;2>5
z@rPi%I==~$VjxpmVda5^-1u950%MH6xjgCR4=esz2Tehq7LVIL#Kq0ZqW8P+tlFlB
z9EO^~<k)QTXWjap7+TPG^ed-XGI*;=!o3uvG%-U5IA(1a3qlshXf~6X>4!60n|tbw
zE6+3OU|Y2(qBr<b;^<Jr$H%10k!!}10{h3&u*0q2LaTQx^EqUaqzhT8R$iJc(IgM-
zp5d5sYBNcCaA~N1Dl&W~QJy{FH(Q>(mRc(dbp1Ac<J3z0m&a)8l9?<QnJ+aAw!O^v
z^0maC3Q(Z?oG*fmWkJn_?UcLZTXkHZV2v+}wNnqtyK;FsUN?=hT!jXEsK}zIq#+Dj
z9o@b*l!xD^)xtXO)(Z^ZC$WdN3C@a-P6%Gg>Megxd_D~Yt381x{Lr3d9JzQnbZ9p(
z7c*xgy|$#Iiz@Kf#y70-w1#B}CVBc!Xp9={7$6GtsAR)EP!ED2ZX;MyVlly3U6_9s
zgd+c4prd+^JKz-PCTS^$N&a)6lOKbCY(*Ltz@F3x`dYP2kO@1ZsP|Z^5<8n1M;P@N
z*{(G`I`k6eS^YMtcbMw45JhWrQDbcK!*KnW_bSSfg83D1M2Uh^13m_pyej0}eCw^`
za$f#&+r(EQB_Jz@u0UIc7lBNgFSIB~Zr$NqUn^@6RL|NC(b;@QDkjoAKX>nabo;0u
zG#bL8u@L_#9*DC&($J&@XeK5F!Ws4vy$%xI9Wm0?8GUR@4bqAvpyK1Vng0B3!QKO1
z6EsGyzW}f1bO%J@F|XKSO0xE3z}kXM#U}p(Vvo9gL0)TGEBu1Met+f`mc(O?oJDr+
z)tM0tx|~?=(}Q$I;zJL6Q8?jw?@I&9ex*1@@~aV)(~2^hG8}M{k$lx3ohzow88(5R
z75QhPh`=Ir|9$uzRB8BNdvBW%1Hz;VzmCZL<vN%ViaFX8j@4Zj4$W#g4~m`wF5CWP
z1_wFQ6*Oh1ymMEf=g8Pa!<i|bh3r$o((<xZGn(OhKmYjdhtU8A`VRm10fITXSP-eH
zhMJOk-p%cT8@Wx`0sY{KyM@fHj1^rz6zGF{dN*s3LW5W!@d}_i4@QoH5ecl+i)lK*
z+ALx0vX;^&%sBMGZh7bmE~Y<n3ZUL$f7fBW+ePY6-?o!o)81fI^|+6<1j}0F20x=c
zcNg*!5A7Vr=+fIIXpurPQnaAnXIwkKtCx?>9_vYYLH|+Y$f2zolIYzmz({(diu|15
zkEWbz{1|u#B9~3Ab%QQ5t8LNYyFx8C<P==3PIPdD%c=W^>_z?VCLz=hhi1Oz=0`%?
z3*p|OnU6*3BU5Gkjb^cF`me)sE>F7L-}w+1A(Aw>f35TmP=>}Q?7uoYaIezlZ@|||
zq{nrXT)~*X01Pfw7~P?$j!J5`G#=gBG2Msc3q2zo^olW$1k)L7aq=^O^cFI9WWKF?
zQ|K0^ctMQdt7O^b6&$Xu4T?X+1WMW3J0_$4(pM_5&|L|Adq{t>g>f(O66%7A>!K_F
zJ11FLW27mI%Pp0Fw)($kJ@7h0xCPbx&e^FgR*@CxbFyWzDuy!^tWczrl(xjbLP$Jb
z!S7g8?KC2%V-2)8TI`}5R>js;uJL*cl%5b*X3F>r0shBZ{9O1lj9=)D_1mrCqm_FZ
z>z!8<7d;9|!C9-=CChAL(&|PZ55)*n$Z)gh+1#MNsWz5+K<bM}vE1sT2x6k*J}g?B
zFXa+x@l@m~_adKt_ij*y^x?KQH;E1xlldB{v{_O8f(h+$YT@4v0%>JX3FK&&umwE2
zeltr9hG25E%UlhmP7Te}U9OkouPj(+Gd36+L9u|wq&F+~@$rs2P3JDM*nATt$}gf|
z>mOitiE>6-75KzfL*eX6NJu{w`TPpxV4~J#B$>84un<`b*|q2A^uqoJL_oX0Q$usb
zGTDMvapynW#SfTW#Et1&kw{Z(gVuF4B<EG40gAr<<N7LRM;odZXoihE-mxp^!zb%k
zYPN>G{kvjt2dL9Lj8rZ2ucG)rbQAN7NS`x97t~nKnQ>oWa|80!YV5rUppA6?bkl9G
zZJWyly>*kCjBZX2v{NuTgT&qdT;^@-g#P&iW<qkA*6w5_zRDbTC7t};TC@Oj3N*{#
z?FJM*OkJg^B5N`dl#Z*Ofhi;Z1Z6LE31u}*^|ihJ&~e!TK+s{y?Fh4KzkX<<eQhQZ
zgllppNNSG${tD^~1qeFGn_!uJ#K=v5Sp{%oghMZBDNqo{r=__y>+owTPQ(vV1Jb&?
z81RTSwophaQu&;4yismof2nYn9|0#0Jj5kxl$?>92>G9G>dH6{kQ!+~$a#?G7h#1R
z=(&&0ei#o|6HuL0&z7_(g=hmG_C~6%THGgi^>lhO8@I#;tmQ}w5Cy?7u6A#nn68Gy
zE#}#W5xn>XOjssv!6dw$d?7VjQhD{V3%!9-;=lYpPpWsKiPH<pKJ)Dqf@L}NkeJ0p
zb-~I!LKPrDFx%54xYOuFP#Xmvy@Y$K{OvNixNI)N08lW`085FVLi+c*`Jpo4YH_<;
zNi;;)!8ap1iGr(gC~x+MiSzlisg7tv-758mH#97l>eX}&5a{KH>*9$i8$uaIU}_Q{
z^duaM&dN5&=c@8~O(pbAL)Pcdq~G~)K#iaTqC+D)V`^eE;#a|7z?9G2FiPEUAR9gL
zS{P2vOLr9a^Ra9${Mu>r(Rj+VQ3}ll{Gqfds_<oSqWOXFaVsR7DZ@KHV^zSw&`O67
zo|?erFk^*?Y?d7hgy#AAuf2z6!|P@xog%F<)7MM7aRX9AFLQgul$%)4MqAAqHhI+o
zNOoRb91>R2n!@4=HgtENo7*AioI@tn)|?xwX(s$hBD~fx?70FOW59e2sHZiB@#P)H
z20T=PzgW1A$H#*XQms-9{-+mrMHDR@GQ0I3<R{*4(4|2|%rz~&lg>zRg?y*{_7Kr9
zns5=Fp&?6r9v1e1?)f;X4Pvk36zF~jXa&=(<dJikM)81!9R4<(AVUtl9xbS^DS{`^
zgAnDsR(l%{K`+f}zh9}ZZmP#Sbz%NuRK%IhIL*9pdkD*arkD@av5D6lfCqFNI|)FE
zwlaa1Ie8Z<bEel@aV`&;{$E-fpXlZFNU*<It+OsmKn04ogxB|$R{D*a<aA%So*5tZ
zM=5N0^)qQRepauPv2z)=9=h0B8j24rj7)4VXDeW74eY^VEMpM$eaPg)XNs6Y_^V|f
zJ*=bTyP745LyDmrmG@w8Ck{}HKEC82M-OR`AA`^PEI;#G^2K53on?yE5q|_xt7HAJ
z(aB19SLL6YG4j8f=t$9%QE`l|ow+X}aK)leQR3La#_gJmkMIlvqMfPakWJ{S`ZV+r
z2l4~D9eBMkR!Ur4{8YuaM{>yb-5~5z{G@U_%!+VojDXeL{Ih%vW~c+JNWeJHivi1K
z3k0uj<~h(ciz`|DD$~OlITSGcUx&6#0oF-X8(d?CC=Ge3g$6Q%WLAz@M5sA9BiS;e
z9BLjqW!ZCYx=?%Nm&D2SQ*>Ok(neJ^T5P<$wi+i-q<I{8fr?Cox)nI83wqAhpdo)I
zcIT+POf=A%mH+7|@@qskY^3WN23sh-N2qY$vvi)`XDyvkSm(e1000008*BlDB_bU7
zkDC{_>q~Ci!E+k``*U08^kaatZ>Wa2wQSJ|n;49edjRL(tY2nW-IL?RY45H6j3ZUt
z8KWln{)M28>BW(qZsZyGPj5ouTW6o@H_r_$mqA#UZsA~S?4JbIuyyG=Zm}7+zW{{x
z8kc`I^{p1#i&-5<(RDU{Kh{N&@|uv#ntw!w0qf<P)a`A(yXVMfwAJXL+r8+5TKQ?y
zGQ7`vDCjbfu35dKt>HDL*;`?b1gi2)2OSK~lAxrv6=0XPb!1k`DyGw!78sj--VFZM
zHB#rsR*AkFFmTJT9EoiLUi6&(K;^xW;Kq-^4taLi_kfJ~?yZ>Ix&p3g@xIa01HxzL
z6HwsGpWM9q<npT9!K9WL2OM&0O4IQyxzFgtQvq?qmrft8Y*cf$>1t&Pc2<yV-c=s&
zQ{819p5`KlV{ylxbbyDq%fP-djpsXXTLv@qv*&kUn!4jU1;rb_HjBd*#}CiKjDk%M
zzA5voQ67QAo_axdZ-90F@rpAIYSYBi7W-)`{Jg7s#e@v>PAU{_>KZ-#-1TXbV=Dt`
z@eRfgYJ${=WSRy~9iJXp6FloEu^lfN%MH_NY2`la{j)tSzI?$tZa{NRNIGN_NRkJi
z=y#a|RCw76g;!Q>vjIN*6d=k+Wwg<8yN-V=H<<WR+*}*$v3`W}jm1$Bei=acxpT}O
z-=Qf~AHhTI`FN~K@YAb)H@dJlYk|opMsgZ@LVS}{hB9=FMB1sG@o>e_k7&;YByAWK
z^fBHFi6l?1&4O}wsNe-vooa<Rk*Hqpv(j8sIy0E?fg(m|fmyO>dqB3iDv7Qm^v-KV
zyA<Bks#KE}VL+M#JjVCk5_wbyggBN9tV_U4-WdAi3VV*>y_N*=R1A@=wwGdt)bC(C
zX{QH^@oT(4sgsUP&K_6nQA<WHXV402I&96A=~8+_M)njoj<GAuWjrWXviE^HNG9^V
z82o#)|F2V(Z06vUuG#Bv?n!2+h3NY8a6CM6$R60u3S99*(t(DyGn=rn^83C?<ov@S
zkHvFod!`=({Qf~d|Hp|E3X1fUd4QYZCIS4~O%=TX+!y7KBH5EJCr5$BP)NR9ccNbr
zVufw6OpcCfd-8V@Yv%LRJcV523(K_?^w;|q>Vh>?_3rTJ8A4dzS4I}k5ZoIv2aIG6
z_>U7&TE2q9c4_#V$B@;kX&CvHv8bvSS4m>se$dDhd%qgiKT8&Xchr>wVrD=AypqYo
z?Bfeit$SzPJSsue)+$-ep=T#b*h9V1&zR2C`do+Pzz;w)ob#TFo97n}LJLmnCJ{ql
zI3Vk%$R4`omorZI%Qoey=u_kSdPLcHIKTht?A;}8wlK%<@o6HA4vPn0d`?AfI@wJ_
zA3=j^eLMN&<=%3-G#B*{iRoM+A?H+Sw+I_3V;aJE_lE%-!&$w-&AaIY{vHzwXO$lW
zAsb?^jhaT!ThCijK6Bg~@~-$l9T#>h=<x`tAYW^Bq2`N~Rzm6_KaA&f;?ov*WD5$4
zLVAP5Mxh3iul8abjAW{$G4YW7orLg>`C1-qjP+TDAwD}{_q2u(hnDjqyqTo7Yp|^{
zi_JJn)g&v#=Jcn}{EY?G;UieM2-&NqN)Z2{Q%?fI`}=(0JNEi-Mm?#TGf2LM6J!1S
z2XNy4%o>{@!^BKZ+a<jtSGruGhnEB4IyHefzLtdyQ<mOz%%M@&kM~CIz3M;{lgzc%
zM?|fwB|T9UmYU?I(2z;+!=Ndnns$8_uF4sGY%1jDq3}F=`i?3!ML<u44**(`SWip9
zT*uL7mmMG#^PkceNipph8YbzJhIwt07u?x$U|VuU^`fvitwGYRb8n^_P&1!8>uEy<
zrtE_PyV+A?ZETVJCC>ktL+{bSwGCSlr?P`V?gm?2fWfT<#`K#Omcgb;-2C@e3nRrr
zvd|K48h0a1&@CRDp3xYH=i5#PNn4mNh-U+rg?rKXeVg*(Y*DV-5GL;ektLgWzv!x_
z5CY4G!j^5hm)qd7@&w$4gtG05N46N(S?Cvg6p}a=v4(rindZjL64Q+3Ow=j^5ODg9
zDSYgb)gtOKQq`ATH*%xrQ&QoQ@45pwh{bl&S%60>Owv`u3kfE+X)$o%*&c0g#}$ne
zMiut9GR56*`Ka{%*^2Z-<0y$~mudclRBde;)LKn8jxzECM+sWx;NUt$%bpmw)DrW(
zZdd>S000wL_ztBRX&((!Sh1si;KS4!Sr7Sr*V>R97nVkn%F9+Vv)5A~TdxlWYP5hF
zYQ<upWbFrfZWgrO3Q4Cg*HC}g$w?3H^L-hBP5d?)Cd<I5J=<z!#i6EhHq=2oit$Qp
zaX}O*#{<E)PwtScoK&1&CFQ(vQHddv(2$X$#7+Lcyi{oC{PSAM+2;*{1PqgHzLnPs
zR`Gb81`2R3X%%`;9yS0Q>_j0iR)?9<O_++VsyH>ueh`WZck2Vg@<WuPW9ka$$Ad^E
z7d?}o&#*0}H3fg56K0@L!_dlB!An)pRb3p*HbDU%sT8sJh7~`b+g@lln_{Z^Yq$~y
zLP2jshb&PR8($N}fw%Nj(2m>GqQ5ki>VMBp=Q%ze=g9r8G2jVsk#H87TqSZoty?SM
znqbm>EMNMu{mCucvPM%%@?TFZ>bb3ftQj#<BJk0_AFM4z{{M4ENUzIa2?kdCct4_$
z{<aPne4VSZf^5R7w(ghzf$p|eR#c4MBFMVdnFlp^7=TK|9PV4WU(c(0Vnx@!i`7a}
zu|O?E9eODkEF+F?CtSBuRSh{sW`n-C?k|WaLnyq-!=VPw+J5T?pllt!Ws^za%3b0j
zBR5b1WzW2O`$>2y-U@Kh!wG6_N2su_rtlr5z~Y9*pYH=36Fzlx#=;qZ5=fm!l2NQ4
zUM>ks>`<;zb;xIfPTAKb>(Zw^vbw9v!=FXB^`9M(k)#{@sm2H0FS0rEjSBSM@g)i(
zF<cs$ih@4fgyy&{y0I~9kCcv~h(rsY<m8T(_!njJcxF>xzC!{J%wK`9Z(wBOV1=Wp
zt`=n*L=r~3sDQN@5VbD~!I)_pE#GO{+gzKCjfG8c&T(BwUhWy;p%P9_DeE}uKhbfs
z;Q?Buh3Su{!$yZho${vxv0Q|4TAzJ-@>|L9i9BzW?B`|+Lc2p&iwNET2aD-?j0L$y
zFHHIa1^dTABN*9e<OgHtpZ#)7WH%a*7-zh<jh+^NFmsMD?pKaTl;bVpe4m8u4MsV&
z;K`EIB<sRsqT#YBOkcqzS{t{jL)D9;)TDB*KDKTCJ?t>#vD;JYpQqzH_$nJ`7JK7j
zd*C1Dc%`f3<wg`Fq0o{rIQgcnj@@K`KoOndlg^})k~Q%CE?P%%lkQ?xG+h4>*58SR
zq@;H%n7Uk*Lwpf=DGOm+49aU`f6RSZC}#^GM7|oxkDm^f_;9b3ABR;gYASKzLuwgW
zvQ3k|;d&)PwEKDrt9zE13ipY%zYw5k3LP8upcotfbL`|5DnNfoot{n!6!MFSLOG<U
z{3L|}Z5KR9G`pTlHrG-z(dgYTr;#g+43(@hKviP^Zi9+bJfl2=4t*|(mFwk#Y%T5F
z>%!qiKc;4o>?9TGN|ow^Jo7351v3omeWOWB8Rf0-)}(o%VlogA)57x+vZJEAD?GxD
z9*8&rzi-z%0vwi7Ui1*Q;v85qEn8Q1^zh?6iTat5Dq(NHU0GeK^|&~to$tQTYMufU
z>IZT0)-oV9+iG#%B#tH5*%_irnZ^o!y?$0Lmlksa^nq%?1fw~F%4KcJBR=cRK3hVU
ziDZQqg$`^QY3Btq=Sbn(2m8|>al7Z~CvP2WizgANV(!tye$mmC#08&;)cuT&5^i_o
zR%V4%c^tWO{``xy`{8pqYm%<6FknAd9k$c&ypY_ha}(3$_oX|=|4qL%sVlw7tYj;^
z7}Z?xa`L{qD<Xjomo!XR7!L@)Pk?w0{{w#Gh4`VWu=(+}BCi=XKrM3(vjxCb(To82
zt_1L-<wFkdFKvN?u@3N*xRW2Tg4|1+enD_0PTOPCfH@6L9>6<~8C?hFRL6Tz$sLi<
zVnd=tz9P~yCF{m4oeyhI%s;8fY>xF<pvI2c^CIqY;~|5+7yKd?13f21U$$|80002K
zMHb5}FNL_`o|4v^x9u7hB%X2tSgWg(YuA2}Kmjj#MJJzazLU>hfc883Sc1yeNHH)9
z&g}aR^N!ouNFQ8^(5cWS2m7EXTG@-a3|gkgwa=au`FEi|Lt{{?5BdfJ3TMkSJlMs~
z@@TF;BZN``#YF{=d^<sF7uWz&9OqBAHK5jkxR+A`>UBs-&e1fEH{r*ypMbuq!N@L_
zQb(d@p~Vsp*I6GH0GN_xj|#B#i{lyQ$n)Hmjkq|SS)Ld0MI>)p>3u``)>8pOI*nZh
zkkTnWhZUCDICiEJZ<x;s%&s^`#f&1^whZ?Ns9UCJoo5Z*VTf=!o8JyMMn*uF*}Dc*
zB2ql9Q>jE{woanyLh-{>)StNa;f0P(ZJ%)upJhG&oZ<s`YL~brRl+MWo)uYpRq1gU
zb(j~|JQ}G#;m4h0*uA*ti}1lqmP#;>w$>Ehb`Gu;e9f1#_qEf<G~>&R)?Q76lTPt0
z!iC(H2lyp~XOG<E#c!!nyZQC!4lG5;zt%xwc7mvBHRWE+c!ZhBc{?YPfCM#nnr3tk
z?I!Qqg3X_AV@@IGn&rT8TJ4!qRhjbv=m_3>fh*oDGvdKmAtA07Hb2iDGVrqY-H&)%
z<_Hlc>`~>V#$Gzc9-Z*2`(JaEF8`Ku4fcp;D0Qnrm4S@4#Qj%cffsX^_fHQFvSUy#
zX+CVHH$yL;bofA2)Jd!RG(E<rm=f^7m`g^Ld79`7>IYQsKZcMg@FZf*W{;A)cv;VA
zI_D76fp$!R+3{h-xS}@gsqcx_sxVWas?Ws@DaB&F=8(d&F;{ze2D!mZd~Hwm8WSqw
z!EdeKW#gU6^-N3nI3>+dUUd`OMdW3rhIj;sGl7I8H8KBAxyn|uj>KfZTlEE9bdcqZ
z$ue<CqtG49+gHA%syc*0;{7|+>dTj0?(0*)UXp|tQeMWZXbwhgHS2ih4B@Y7t-;hv
z8lgWO7KC01?h4{FBpL)BHysWhsh9v7)C<ZI1Cg1UFtUfC0#Jn2wIe+w*A6ZRvGa1~
z_NHfXPnvJpvNjXCvK^%G%QS{v`P8LVGP_{alqZpf_2-3uy8dqMpc|%I%>90jccG7j
z`GSXUI<$gL+w3$d$FSZyhYp_g2;h#DFO)JwNY~eDGEevU0$Jilqp2@pX`}7vvz1XB
z<m)XXzm++GzFBjMrZy<x!@o8P`XF76S-bsIXO09i>OeWQ$v+^f!5?0!f>I-{HAKG4
zWKfqyzGS*!6Pcmn*E<v%2Xp(fmf)%zNq6r0rjIun{DXBw^RUaP+>gGBU;fJ35WRuV
zu)^~`6?ijRFjQim2<Yj%!QpS6HUEoIaZRijo57`(-0El%z<&y%isWb=4m!0@46IgW
z`I0#f&esd%00n`%=^|+>PU_5|*CGW^FOv=fal9-^;5+IZm^7zM$NZT5GXCU41ev`2
z+^~!m?%?Uo@B2}Pu}DpMJM78*b*HmlnA+Tk@~}x8xIvVmRdKxT*V#EyuFe7@J`-Wt
zf05f-!0?}}@nGNPex9q$%@dN_xhzqN5ZR%mr~GHB4yxW;9KE75&HY7t3F+29f2TpP
zMP{M~*k$!LF}wZ<S91RXc(PcvGyuD^XbELF4KM<T+;>;)2G>CM)Rj^2-TQd|X5WV8
z!;6EqqFIUJD=((50IMXT%ylnh^cW7;{K(Mru$~Q%!tLV19ub%}8;S2;>OTAbCJS2t
z96P%L7b@bTz`s0U$Ojo<{*Jc&x`3L{UFc8=EKLd(r!{H$EF*VHfbA1*K3^8U1M$6D
zKsQnj%;2)w$*2GT33NFc)Acm^{rL?sB~k4~lzd2WB&L=zSy=kf;KFL)NGq=~gps(l
zF3?!JW+sdmnKvfJHW0U|XJhcl2xFh_7GW}bc6`ju!e^~mV7~WywuZxFr}9jke!FP<
zSGvQrEW7^oJ^?x+iSF^3RPX2(&bYphhgX|jPsr%&{EUYuyVFK2%4C*nd}Q=S{cyDE
zz_%+A`Lkx)gB=WNl7A_-^Qr-+iR>ujv~u>$o191^?DB|_H}{`RedoDqmv;X<q?y3B
zX`E`>@YSKznK^%GXf6z{v`mT|>wYn&i(^)_7+HhM*zmU)LNEKFv?l#V8BR?@_9y_m
z`)9uGA8t!*qja-vc+23uMP)#bpTAwXgFy6@S%m*<%-o0rvc1T%IvHexDShW`FQ||f
zdis3%Erum9{sXx^1XQtnE&0_{y4AH?mklRegaJu1p2g_eC_M}<#J&eC(TXHsXy~|A
zwdmR_(yfmZ8zeGKZ+=f10D52i+~#qj^S)X*ie^E#_p&)Rm4EfKvcG?B>xYK>wEhk;
zSIg6ytO+(Du2*0~j!Jv{36qc3uWiEKfT294b8hmC3}BfbVVb^w+!Y7K(lTd>GA^Ib
z1$7BFlV|z1=)CnEV|PD*fOVNi4<Z~x#*Tmb18bF&_E3F?u*qcQ`y87RooCWHTdGIc
zyl5+1zk9k|Z-$P?Zk93x@D1T7g1`jKh-kPSnbIb2--oDqGh1Cw*1K8;LVYBn`efmv
zvURK9>5?@Qc|V&TK%oEMYg9a(JYKf9wc{$<ohi^-wIU-*c*i3EV+NV(=md*10Zo|3
zr^tex6~)LY`XimQ5`LiGm8`)n#83gw3k(ON#4;KHN4mig;yY1M5jZz>MQDNE>3zVY
zlMw?JzAf^b1L6F+fUk!v$F$FV_9G4)a+rsw-H$`@OY%M3kuhCl!GT~O!r*0zI4~U#
z1qT1XDF&IY-O{hayoYDULBWmRqnDTI{Ml^Flk+)a1N&P#qX5GE@08jS*6=gumiGF2
zo$0`_!fyPg=cDu3U*#vMqPm$$P+Wl<1T%VhrFEd!U_R=_SX@5>y!Rs|L5P>2s#Rg&
z^g-r+>bU&#<|;BbK3T%5@Lzv5Ae*`_#Ml0KDddO@+fm!~-2Xp3whm_s*A{ddSfJ*C
zD93jG<tVI>cQ60ipQ>M4IlOik<a}6X4*chtLx1P*2AJP_wqtf&$aBvR1oXy2*i-~}
zOZ_3s6(caC9L6x;G(7wHz0eW80#m#z{~GXzuoP}jt0dhRye<iG5Y>Jq-2O5~#%;ai
zkTg{Y8Y_u3q}Ut~m?~mqXQvW)1IS6PT8a&+x)_*gRtb16EBB!RFT$)oKePbHC`vT0
zl<bk&_huUHzvV0EWMBASECbvY6l!)~A5oxWanmo}8v+bu^Y~&tJdMIo`^rGMBfNi6
z%eh6UEg9#O{ArO!@x#Lzr5R4M7vXA%ke4crvH`B>At~Cg$^gOb<yPA1X4@h>B9Ww<
z_I}+QyE25aC=54O)ROWY5%LZ$J__DH<%7cv^5Ty)e7}#<Nx_%zsRy@Xu-Y(YOt9*z
zt3H_E%4~f{DvzevQht^dke@92CNV)zMVM{Lx=h&*7nhRXy8OWWY&9ngPdeOu)4fpW
z0c|GU^Tn1HQqyBqkf6<%iHDalx^u`R451{l_J4=~1o<mbo}LV@VRA2;i;X_$!c-z~
z?-f!Q&-%3}?F$ngUd-U-jizA^#lbD|m*q#Y%8~y(zA$w-`rU@H3TXU}eTJ~GVf-J(
zE#p)6&?U<v!Ey!N2;rNg|JW_@@!Ob!0tam|)gK0K$Uht-=y&W`>LcVHytKJuUijm7
zE-Awa2KZW#HFDgKM;=MyPJ@&AfsO6v*@-3=ut#$)>>Ay317b##?crgb2)c}zi)&Ro
z7=w<TxT#e)MkdbI{N~lTz$4=IdZ4=FjwNPXvz<Fbl4ST}su>lECrGqp=PUmH{}3#z
z1Y7VGD}*GM_SL@|Q_s*(!0>Hs+>C$}!hO3k94m?%cmBhHJnqk_^ca`dOr$YN*+`?~
z_H5UfJxr2knL|sb(R!9wU5Qi_l1ID*c=AH;HDeu^ws}pnEJS4Ny(!rplxDwphfpqa
zQ0qGIBdND^SNvVA>p0JT30{nF4ca(72Xy1ZbP@voRb!7zJjX@I2{)g8jzab3px#uH
zNRf$@_C%Y|)DWb?ubDS7K^EGXbiPAI1|~Z}8BqZmkM8S8S)k>jaA)1*k7dDdG5~w_
zF&R9{;7+g<2!p?lXf&hLO)Vta42(j&G1H`F9lN|$^cnaA=9$5#<ZrL$w@xDRn1S3R
z3FS^&kP)VonY8h^pevkpNKhpf?cyOn)&msbNrkgvrpp-uZtTq;narQ|z9sDlL8x%r
z=&Kw6cS>M2HWzA8vVqKdj030ZX8Hm~vG&)`KEIgHgHZxTxMuH_#qc>t2316A%XLXe
z(n1q%`B(`QOPEH*xICG4m^mz!k6BS_f10^yPvKZINqljFC2kFTh%&Y!_%ETe3^nCa
zY?tag0`AFI^0uSO6gj@PcP~nh_P!a7orl!xuzH=TODKy6zz%N*r+IgH?9^hhqtiPb
zhIIkV_$j}^4=%>ZOEnyBu8C*Oq2dDK#RIVGfVtl%P{SPx%aV$hO)B7#dDAMr9-Bd6
zr~+VW1zLI$Ya?4dHNCFScbxM7cvyD?unQaa5Axhuw;U<3+S!LlR|Hm18A2{e#|Vk|
ztRQR}M@olJD;ezV7IZbq#c<(ViudiEud}6$==F)soUl$3AC~hca8Ju^nr=Zv(W=U&
z<IZ5aSgOK9!XI~^01p~OIl%b${f%t%#_p=2JRYlUM>#uet2dVx5-C^wm|2{U_p;*<
z^`CeTVr>K@_=4)I2C|Wi*n{a-fMvO4HpT>1HHmM$8HC|%G^wN8uBKx>GrShvxUrEw
z_0IF5DFmz^s2$z}O}>>#+O1>Y=r<@-O9ZE%i*<;OG+KYw9!Q!0-Ui2hVC$a0h0M!6
zt-P?>a?2W%u_s?q{OIc?p7Ru5C%6B1g34!=v51&ReAQBaIWr+$_(8OpycT7#51LP?
zA)SQUxVaFwVT1@Y_|lF#82{t$jO7Bh*c$nEBNpg{ljHH^Rp6ETO8cIy(4LVW82tT8
zdioyD?z2|u=mTnbh&FCOOsR4>2(&3J-c)@mWm^z~DVtj5$83k+D3_@P)qq${;6KJ(
zAK>eQ2M@p&;%`pG<4q=QF!9eS(j=x+WNH7cf=A1M#Gy0b4EGYq(1p*|dA?q<bpMsA
zJ`4&l0!$RTrTZSVqj=K7mMYkl+u8fMahN20Xr8fb!H=A;uPLj%j>&yG^~W-T2x;%=
z?|=er2OBpxLFg=E<4$43MPDUOHv-mbnuT&dJuyA^t#cR~SJSP)bnbplaq_`;*^q57
zPYz@EvqnvYYdP?cHwRuUg6y@{68vcTJ@o>uz7L;P^CK4pKgV-L{?zF{8z6~guGEsW
zMn(@Y`gAPFLfcmLIs}~=ELQWs?H3a)6fPq4VwrfUCgY%P4l0kpk3rpeKMA*YZ9##3
zA*ASPx9<NYFl)J?OfThdVuL%EI3fVp!ASP9=~1x}vgGrj=S@Q*XLS||SnnsHSpFZ;
zW6UFSdtw3lYuJUgn&6&e(Uk!{@=mc7pQw-C=So|gBaEEn#eTq4<2PTvp3M&d%H8V_
z4l<8W4Wi^@*ZXN`{AVZwX0BDllN?B*x4Vb0rQ%5(OYqXLpi51GB5VSzFjyl?G7}m#
zW&OZEk9Ea?WD7f>vNM#6i#P=xd9+PqoNafW^;Hsr;Ig?0s^9uDPiufw!a*WJN?sZ*
zT!G|Lo=9*%Cz-FVi2Ui#PmUP$dw-Uv)ax)Gso??JA&`0vYdfe^PEyxRTo*%Kt=%n^
z$LrAR5dHuRHv*nji_E65dwU^#kylG19B0`~H+r_sc?`<yjQO|21h-_yoAn`+A#e`s
zE2<0vqa9@JJ}iK{&{)_H%e|Z+&WZ|qty3~ZQF$Df^{;)C5GntpbT6n+3M&&}Q90zt
z^y0Q(s-jNK`gHi?A+lRwEDRH`UV6Ck2$ECEk`JT|yjdKiTl^Q$wzt(Fh9mP%5fIR(
zdZ@vkvp8W$MDFtE>7(zEz;+3IP&E#m_VCIVPUIUe40E8=Tp9JCoT*J&%Qgz1t`*pK
z`7YNS=B%aJWuJ9hH11joFEfB<wssIaMGQhQ74mM^MMje2qXs-T*Z3A_k&S=9pQ`U=
z%a7P)u^v?of(!l~!WC#;i0{35KBA`i<l3xvd)CsrEo3fgkH~l&VHBBTvm5v?#=a*U
zr5mP7F+da?#hW}2>zjFzUgPvxYjAz|wDW%fbZ)enTPoye%qePm*0OeH)$(Hf`~*kB
zLeNTa+P}R<3H(jFwy?pC^V>(3xzg=__|d~|v`q5H&H-DC{}>n4>Lt?S1P+VhH>HYv
z*C<*o+?C0@b0hl5H45omtm&R$_O`+J*3L>=XSqAW#Zw3$L<cP-=Cu0=w8pmec`O6?
zlAhE5wC4ZtyyD@m$*RyyFP{f0Khn1T0CST-i}rR|Plb0$dJe&LPt)&`#QP|3wH2hk
zYmfiI2Hc@G0h@GrGS-&|Y@FJOrH-UIL#EKvG*<{ln@Mzag6=l7_~IV$LE8pLcPAe_
zWp(WRusC?}I6NqWE?|HwScEg}jbHwS350bYBAR>@v0oha<`QSRfYBfzKP{yUwLxZ;
zW2R8Fj`SA*K!9b;I0~r7K>Xzu9cdT|)QD8{ycf$ZY!2!jjzF$>s^vim?>X(<yV;J{
zh0Sr5FW9e0HTlopwEZ$L2IWe{_Dmj3@${#=)Dlv@_b8AYvFW31A>V*#g@oqtkccAG
zCUApYS}Ziy^a+^T_DhYgk32}gcWFTa38z2=7fvRSiddP=B#06=$Q$||J0zI&i8JD(
z0VlEOqj?&e_{VLL@*k2eX2*^|<4+mknxD9VB}?N$EdAa{<6DdM%gVuK=F8OU%8wZR
z8}+pS_P8CM`HE@2XS7uw$22G!Iu?wdYcf_G>sWs!A3KZIv5$*5#_4oEkpQrW9vsLP
zxL&--MsGrej2qsBf~<R<%X+xIX2JJ=KmRg(OcGI6&Yz+gU~~KULPJo)kp`ny?AZ5T
zrJ3Q^eh2hKx%`E;>~<VGL}_>~_YHWv^<vRxP2sM+eiQ9^hchxa!PS3lF5)#*e{Mri
zphGJJJ1NM#`>Gh`FUwK~8H-9tz-+oxUmyL<MN02mNzL#6|0P1+i>he*(0t}4ZDI48
zZ41Q?ybo}}HuZ;d-3n;Ai(Zd~JZuuThDcxA$k~;G=AIB{q9}+pX0u>nMET$x=yvBn
z(qWdVUaRO#VOM^avN+CP0nwP4-f6A=Ph^^^@D5S|fA>xmY#DdsuzI-{Zov>Is1U^^
z<=EK&xu%!PTdih`Q8j<Z#4*Q*4Hs~;Rfj~F(`%S3kA*>Iv0rTD2z_$Vf;q+1<KU<J
zQ6*XW!oQtseNVhZw-|{@hZd&U9b;fY$Q5(^7#4>&HW7w2_;+>RtvWhBiD%?5yQ$|o
z9u4aUExG*#8Cu(xBvncuF`0pSXZkMUo_}?$zR6juD4wXivAIX8PN9Ku+BrM=-tPkS
zFIK+Xo@WKNWam#v)C61sUAV5H$^XOqNf9?!rK-4HGm3m1hPU%Lo)@@;$Jp?y)rSXk
zJY>M=x6Qi%Ex`2!i-+Bh%i#GnpW}&AK$AsFqy;8!qV5Y(4+1&l__={6{~(`yr=9^G
zmk&LZ@QiB5mHh#~`KMQD_d8=UyLPA0c+x_V_j-YudeLf2C=avBv0i*Y<zt=8f-X|)
z98r8@N+qc3PKR2yR}2j%Z7c2~Y*5(%yn3|e(Xr!mQ-&^8oKi$m#*@=TwH0LbJRVFW
zTT*IQt<w}W^*x96TuS#5N#gj{`TM^#N#hNf>LwRmxHYz4vPYjbb0gQb??N&lfvxwG
z`J!>T`1Uw@vvE67erSPuPazSmFWLXxS{w;cmX~($@?WvdAlw8Vs-?dzqMh1E3)2VW
zBMib)vo;E$mw8PZ%q<iU!JUfi4NOFUk)O>s2K++dN}{MO*1Dvh<!KeOBcGa~X~G5d
zLLhtqnKK0_HF{lYU6*U22QPquuVvG=witVZ5j&!5=@3{dLlm>DE(*VOHoR%+N*me~
z9hQ42zNloBD@UOCq)V1z!>%z-ZMK`Gjd5X0e7G=pRoFae0;T-2T7SI-v-rtpyioft
zVSOv7b?wz~eZ*X4$Q;5`r@DQBI02cyO(0B0Q-u`DJ6`Mm%7{)kcI(6xJ4MZ2sv6nV
zf8Hdi=kw>O;z4$w9F1E61=quoo%0{es}j@mkMYr|MC8Y`1ZPA&L)S^-zi^yQIyUFn
z;av^dJi}<2=rNqttp--*dVQ>lyhKqCB`HvbF8-z=lI-mqj;UYG(o+O;$bwgIL3_g+
zNllUXX2!A=iy53`?O-t!6%k*@eqCmqU+UT$Um*^)aOy+*qo+rY9#*ze&N!8)lM*tF
zCMAPq4vM0RiqBRM_RbYf@{HjsY;m^Gv~mf|pY}LFX6JvOnSD3ZW|AR#(%`;4{0GZc
zjW0Fm`U#$P3dVny=gWpRE9PY(oK7J;YpSkM6IXLoNbC95<d|mUt0H0_!c|lr;_`#y
zDrKm0lXbi%s1PNRzw=;I7x#sx;ggit791nM0nQ#70b7~!fU)7L_l*;Ijca<sWClfM
z)5GVAB;>nd{H<aN;fr*frwm&ym@DKN%F~h%FD-*(kKF3Nm0d>%8YcMXuf|D;gfHIW
zq-~{zkO&V@_-&)(Zahn|;QEG*>au9|oNe@q<OuKKWbot8aUCqkL=N8Iz4sL;_GFYT
ziHqtC;27*eh5O<W@xM~MA7LXf8{ha01jUgsOxJlH)!FWOFx&%!t~Q$nFnnmJRhWB!
z6%n9(ADT1PVDoSZ2Z0)1n3oFn?$P3&67&L-NsCQdeMKh;#&AWT9p+FZ-g}zo>W`!2
z8{K0;wEy5HfH5e@5ST868D}1H6hSOxxaW);)^66P@i4^tuM-<^b+Xo_Z5tfe)fMnC
zXI6FbvO*xB{_5TJ;FKNe0nyMBE;io5)7hmWq&-QB1dj?~QHpqwj48bAcMcbV@+O3G
zu0*w`RUA`|1W0*B#xuGALX&9>Yyy9D+wsfsF!K@a1lY+rxOoupgwd{w!5F1t_k20#
zGAAFmZ@A_HiTyKK@$2LI$})hxNWB&$_hDIbrF{=oL$Z)aV0oeMnt1!KvRZ)8oJOW2
z+pfp?J`1YqUZ7}aogV!OU@owh4WGKmJ8ACD!;DbKJiiP+^}a1uFyoiA9U?MeGovLm
zH>(XvYOq98kSpG{&h<d?EM?+wZQL(zI<;TMw|c1SbkC)O(G6k~xQ;R56QxLrer|r|
z4ob$b8~5cI0c-?6ldIDJ;Ab8MR#U?yGtJEYIIVQG``)>!-2dYyokY8O=25Qy-a6O=
z&*F%(r>)(qWmJkxL7jw{6ck5^Q6OX*JV1S$Q4oNs0CeU>V_Km>#CPsyJUBL3K;v5z
z@oQtzO{uY2#(Q#k9ST~gu_;Nm-44ceeo`+)HO$wc)OlwkhsBZ33Ces*8*gFAmMXv#
zfT*Qq{2}orSqZaE-$L^e%uMiZ6<Sy5jP}Scbn_n4Qo}Cj8uVc+Xotx-BY=qghG&ft
z)7b12Y~f7GnsZ){Oq(Y%B$D_;k`bIi$2&_h;P8-zlZwGM=-m*P=MzZ|pyp-Y?R}N6
z?@5>}(>QL;nj7287ut};v=a+jZ6^L=k3h3YU{k1R&XTt7DjjbS>jqFcJkN=<ZmZ?&
z6Q$<i6>|?x{oq*Lc?#Ky&&4yDD?>`}>s-rkol5zv2Eq@@I1T|a9Yu}H;P@W}sbAFW
z@l|7xX)^j}TeKw++!%6a*rGd$(3tV(+qw8O|MD&bX%h<VN!P$ATRTDY2vBMJp%GZ3
zLTlwlt;M-G^Tzser<~$#L)BdX?C|6y!OCtfsOA0QIE9BZb4WcZeD46D_RbUTA4PlS
zwkGj-W_o~NSDc!-fYL@r2M=2n0o8!=p3{laI0>Z#AMSw%aZo5Z#PKkIwErZ&=c@hP
zbNbTE8&QRpHcHxUZX)NMvHTIp=RBF>e_vOfq(-1R)&9@im(N2^j^uvpdv9D?Eb8)y
zuFYq$!#%j?(W4>t;nLGg<?&K#?H8PWtI*>@Z;r3Zj@R#*sbf_4pP?KFByaYt9<k|@
zcXJGncfrJn&9}Os@L1r>(YhHh*R)(E(ELjM-igps9ZZNOVv&l*p<kGn8#B&C$Jkfx
zqLo(BWNn{qUnI$9G1z95+ptWZ|6_XGY46k>y`$8_R7oiv33B}rf&;p`yk}Fn`HMj4
zY}G2`8t?`ON3;aV9+<crwz=5XY*k<uY$CmFae0A^SvXx-W(ljW6m#>F$;EB#{SI+v
zN!Ano)1E`A-n@m!Xr%9A0#{c*&+P^wnXx#0_{h_jDUOeW<9M7T1Oar_C+2LXl9#CQ
z(SIyJ0*5Kt4iBZNXys)4ZpYib#x47hU~6>kkOLF9l^x}E`x)}L#|T#+`ef%QWOYf|
zDO&Ns)*%mMRjX<C(#pX(Qz*v!Q2I%{wSKV<hyHYW&LEH^f~pHVP@DE9IEnaKvf;x`
zl!EJ=%NA@zHbaVRskaB{T8@i80Wnt&yhlYUL}y>TCo}Nqy^1?gkz>h&F)72S*p!SE
z(K61FW9{?Y!Vi9Zs`oAlx7*RHfOm0|$Wm@7Tbw%tdL0;dgRgjR(R9O?Ug=zNNSNr*
zt>5y3-_8-6ot6s-^R~v)v7>kbJPLXjFsKXJV7Gfp_mp-Q16oaBVI8Z!!2aY<{^eMT
zwdTq!IJgzw+`YD>fop~PY)LXj$_I>NaPcP*EyfVa%o)^RggvB%D+rVXaeRsG%~{ua
z-gh+MdLF`$*s1@60FJ5Zne5Z}7_#-x#~LBFjA=c9QWUkbf;4(o@X1$sF+#FDBS$<*
zFzWd$!N4SYuyKC^yk;+;E8nbv(89!*Km8pSi?FV!^e&fm`B;e&vr+$fjLr#1IW?tV
z+*T)$9$R!2^TlTM8s@A@gGj7`a?{!oC&FkxzxgS;eYqNDt;BwMXa1Yt;p3*H1Mx}>
zaKrk+_9hr<NRYEyRtL+SLfgme83PjgpjRX3F5NbDj_69GO^tIE(VQA()`k`QKVWcn
zmE0>N=qS$e!Vp~0OCr~s9%&rPaUTFJeGhX^mU^5#a&6IpU<0n+Kju+`1=qbX6toa2
zPPUOd0+0lV76E$Br8(MPbj_JB5Y6-Z(*GWKwi3%joD~A%V<s_{18A8{K356>uj@vi
zWehoPb2=2)55OWOd}T^O#;yTtYkzYVLm{KD@bTATBI6|PbzZb@=~p>b7$Jj}(6`{A
z@_)RK7UB||*cR3g3RYbutt{iG5vtTqX@u!3WLL(<w1pMT_>QsLIbLZOQnB?NEW2%~
zB$tDA67&l0x^sb!ZsC$bprUC80_S;Ir74Z@YM{jjypD}&IXlXzu;SG?;R1^lLY}&2
zoWmN&ml^&5Ag9qs`gU3)w7TPt2OYWxYVFdk9h|OZW9kk!_Vv_Mv60E9annvi$}ZO@
z!R9?fJFTgzJfBIq0CoZ_$Pb-)ak;`BSAu*P^m1kaxy{)FA;(+_7!MaBR_9&gVirXC
zLh>mAU@fI3WVDF2z6dZ*Q1LvrA(DDlm(zrP7~7<r=(rewJZr!U*m13j$IogWLPwp{
zH@^Eod4ZjAVFH?~RLigGkple-BnYt}C7Fol{l<}#!Eh?Lw$?0tIQ-@4D}CR>#kiW$
zPZxi20GG0&(?hAb@@q>5K0c(-5X1OSbFy|vi2rWyazDJD_u4q~!Du{M>O+nAln(S#
z0QCoaACg^ejfHYVeiTP4RdPcf@8+KAK@V_nQYJ!aUI#Iu#+443y}%?4gOedXc^jr@
zs9x79_b938z)?f}1{d_kg4Ut=5T<eK;ei9wpwAJyCQ|AjAhW`T2ne}>J^~pg%7F9R
zJH$>lTTUIAB_?vv`en|s4)&M1y<=##5(I7&c#I8HS<$`+jlbdeonO?3ux+p^`^6(_
z@;?c9++&x19qq-;+l=~D2t>5JMv`h;Gk*^tg2p`7g(QOESsx)p=1RE*EA4M{c8(D*
zkGmCLol&cv!ZKI=LI|H#2>wzb$t>88thzidBos<{n3_E5-)SXXxW^4jka(49vBm($
zYZ31<7fvizz(XW;`5pW<cf?C$2AkY00<-K>XsEwkV3l?D2veZnEy<xv))l(wR<}Lh
zwe;;%5X00bf>z^oF23_;(yf-)-zBwe&ZeBV|25_y*6XZuasH&9YgzAf{*=7)(?5yF
z)^8*-&7+oG0Drs3n3aWwJR}+wR6$>N<kvm_O3e`U`MVRV=nhyJlmprxaamMOyH$Ny
z8$h2^T8E-hv?7>WFQnZ6Fx530sQx5JdKY?Vaq8D*vq{X9<F^NW>8;QV3l=_Mv2rpk
zA~N3?(AT){riDyBYU%EAte;}KyH<n}YhgM-lw7RL&{ao_s@fz1tbWp0Ae+wj9D30C
zC=3-^%)Q7d6RMpk;o~M?o~-i7Fu~6wEI<K`mHexA5c+M899i+mM>)~%oyWm9BI_BI
zPAp{fOvusN9$g~I_(rb$B!O=Mp^fw<)|}O`UJ;*m!<>?I!hvFiZzD8opXl-NoFe=o
z;0CcHlnoTP9UYr1qzK&xn|wEO(YfK#NUU;0${R^QE)}*~Kv}&{X>}ilUcKC(wyg!J
z<nKK)27x`woPCT5d;f(QxfH`E-R9rE^UOwEL1_G)fpZev)2jKgo3O<IuJxw411Y@J
z2qfM{#_nvoXu4VO5d0HngP0$s#6(ymZAJO=fl|X+8R>Sk9&6Btp^y}PZNTyS4#R`$
zE4%<?e)nR|{`Ghk-q4ZDb|jAF>qfU{{RR8;Se%nYGi#d$z=Z(|6v9#gPO9?(l$8EE
zuqTZWm`)t>mFqrRI`wZzKVN-@T;1+yq_A2;jVZe5l18(#2<PC!7q1(I?MUN?=u85c
zbENoglKP+8MlPm*+_Uwm<NY6Tndd1h-#XKZSbG>pAj&8mTRc|vhy+SOf&p!7zf}V2
z&O)0&FH$b|32dk>ra~&*)GdjY)9ljBHX*^U&CDB*bjhH3@^)lRKs_2=f6HZ8S|szY
z@eOMH6GWF#BKqo0o|7eX2WnuQrO@=D^+FV`t%sB;-brFg>n9MX!31U<kb@PsC2uvF
z!vb2qNV7Hmw(q8h8U>kbSZj-!^REO@UbNn5rSeInhQ{aWeJ))5M-gioHoZW{<>U|-
z6A-RDa;&YN8s*JIUd%S3|3frq>I`l)7FGF;3oqh$%jM|FWcUEC-2Cbn5;I1lLHFct
zq6;53--Zsa5+XYca5ahi@}+P$)m_a7G=L5epuVkXj1&vgCAfUpV%0Dy`;$wm<E1I&
zrx^hxtMT3U3{Nm70<9>*m?DLZ-`UjGbd*YIws<hq=4f695AEAMA%>Q>qmfPSu<eYh
z?mn@o*?caA!>N^Z>T<0lXl%9Cxy_Ua>5Bm5od5kM)&iD3%ATNXKsG$s5wVKpS%P7W
zlTvLo7|DZ8CgikUE_-wpfSF%c8w#7rO~;vUyca+Q;bIVH+{3F9OrL4jhLM$$=}jLP
zBaq-j`1JtAM7$<=n+d!FE{VEg8J;#;_(&F_vfR1UB#6^@=j`8bB$wUm2V5!&+jnvp
z9aBtCuUXZpGZT1<C)kt>y?l*w-ZbR>Ka_HIAHj8@?32fcB{<`hrcqn4)w?x{S@9w|
zGgWD5-1|8DEgYYkJ)tG^VMjnY$(PGTGdiF*6$xBkex-gyv!z7dK-TbFPQ2`OUU_gB
zN(XLA>raRZ5{1kpY0$|)Q5(Wgjm^Wp&186t^@wu#lT>FjKPUM+Br{9ggn6q{Q<qAZ
z`bFQ$WZXSU=rlKkD#$s~)?2HV8&{P^{$05)h~2M~Rc=54Uy&d*{V}no$^n>4CY;B)
z#)+}6F$^^-Rw*uIEgTmhE<RH&^pCLL!SkG&nOchlF}39Mb1=-(4Z(W5Fj_tG{+a?b
z#M(Z9tewqeLLSTC1g3Jvj{1{hIvJ{e%IlEHP{%IOIfD$aOSwpj()z&}oc&FzVA)be
zYPB@eC^CF)jL5}t04A%~KQlt?5EdF**Uyh69bLI@BT62?d5ozmDs>XVGPk5_aj;Y~
z5aZ-WzgYAg_6Fb$*A4%^G0=bEi5LR1oGz$iJvVk?x%0dUxrq0?D^WDa({62Y4VAUQ
z&_TGP6zK}MX-*DSSkfsYmdHiFTfgO5gb?+draMtL8A?QL!MtZTvhk8S?X`v6*MRb(
zF%!y@T%IRbxeKE6EV@*|F2~?u?*aW7Ur!$kel^MPV?5T809qcMg>txlgSYc|23;@s
zohNL-iRdsm?R|A#M0x9+q{U3g*9grSB{6|pL4g23(C6CoGY;S}UV-T)zq-eFa@Z_4
zznQ|h35|DWds$B@Xj)6Ny@6c>BONWiRk|h|m@HDwx4~$OS|aV7${KHZ)*E&gBzR)I
z7n&^XKd(D1U-PAdM-q-?qAtI<Nhx7LrHkU;1@qV{|Ew0S0UQ~tj<jH}aVW5ES-8C@
z_;T}}bo4ZfzKX0<+y?c!?Oei@dj&Cs#T040R0BmO2~Sj2CQMlEMs1rh9Ap7@>S#a8
zaFvp!{rEogp;f9AwpT6Q5$Qinn_mDD`-%R1b<1;Q5kxba<%N+xZw8IXe=MnB5erD3
zM=U>P<4wTFf7TN@cd1AXRXN0x;O~w<By=;xaN#L`a7kW>Wl=Uso%Y;Hni%tvbLxfa
zudM-v(x`eEVpiD(RD$dKkYh0D1c_C9g>UTJ(1XsQM*b8T0g`U&#4IZD9z=-cR?3!4
z^Kxv)b|5~NT)w!&zbW3t-x^+HP3)hXatQNg$IS?;X$TzV#KI-7S672qb~w@?dZaaD
z%M!tPDvrzzO2`boW$JEX<N6i4eKX!CnZ@H&*uIJ$UELvZ+nAb_9mJHZ7Eg)#+GzJ~
z6)%&vHbi)Xv^=b?*0i!W?5@WX)`10M13vD_VHZir=xoUjH8H{(UW%DTd^OZ1@0_Xh
zr$sVwVgk%tco3XfsSzyunPb9<Ip@Bn$;w3L+eQSA^-NG4bA@a%yQM$+a$D<g+fu$O
zl9eKymsz-0Fqj8wX)sHP8r*}~7IPu7QJ))fJ(h<t8`hu^-7mF0tG&Q^^D{kU6_62!
zv98peoy4mTeX_iV4#ZP<%7EKiz4lo@B{IUu)wCV95#$x13RM7phF{bvZmy$(gEldb
zsigU|M@K&Dk1$w5DI&WtSCL$p?v4V)blSAA`r^Wb4B_wu@%Uhn5+6KZIgX2SpvuE2
zMLwJrp_TZw8A$OG@=1k>yw;jO1i{P{T81_Ot3Z_Z@6mJMLUtX;Ch&p0xcfuL(|bo@
zk4f`G5CcH^dh7La1HVRzvNdj{gVmAXqCmd*b|}{uJmAEPxJwKGbV!27w{S~`CJz+J
zfZOtb=nfY1FWqL!UcrZ1Pqo1|DgA`J%r0>X)bp!>6tQ-s5XuiBf2bw@8%=vX5z)X(
z4;uVmMeGid=O8+NR%Qth=L8qWE{o36cb@Pn14ks_I5>^hW~LtUx(1em=C#pS_cK#!
z4$mzdT{CzJSE}d|=JS+OMA%E>(5)nQ^BVZ@;+zYSV223!+#R1PFj8u~LmbJRFNV+q
zIjuStHdHeEE?`qrdxj)a;#mC~H#6b$mN5f)i1lJHg@%F^#te&+<}8-+ePP(Q#6y2G
zRXP51;Tnh?Z(3Dc0vn7LYctwhNTf}V1e?mD<dVS3mTP+WsfA@7#rbWEp}1pDBe#%F
zlQ7C4Q$=pNOD?A#|IGSjmfu+w!R^)^qZ1_X^7$WvPoSvT4ZpMW^06jvh_Og9!=M=E
z8GJsZo0Er%I#f&2D}q%dT`X5;8LxlwZan?p;Guy^%g}^US`;zjq0iW-{FBh%_Bd$s
z1J8SSJex+!pFuQaM$v4X{$*It-K73x=lgn1GG+&Y;mcQAL(<GHSk<e^cE?jh@FNuc
za|M8E=*0>genilWjBw1|04qS$zj(LfnO1L;8iZ}&5g5_7>%PO#qOjLb^w`O0!_^(7
z7IR{;za&BEegBTx=3_=`<8%#a#kF<v>o}LhJ0kD1L3(4>EbKg)s-a)J$m;`71R{$I
z*NsQtP^{3ga5unqG2Xw;W3?4L0|MX3S0@wh;%)CPNM*^2kG!%)yeHRNk)qPQ_G3g*
z{|2dVBaY=Ws(SkaY%S+ZRi)UzR?EIT$!cF9w_6G7Ke+%AR%7ejspjH;xgPwA1c9uh
z*e))$&G6Ei=bm#0>8US^1pQCT`>8Z|bW|ydR#A=yYGrxR@*p-5VA{RKxCI8S-RmM=
z@SeR4;MR(;{z}1(mPh?)f?hJoz3c%1li)Aqh(Zd$Jt>NnbFUEtp|OR?B(_u|sh5m8
z#Ht2w+--oB&uY$Ht_9VbEYNoYWYI8+>-q+*Dd4mr7LZpVvfk_>>3K1|zR(e|A%+SG
zBHQpAVszLX(T@nJ985x3*|1i-Kqx*Zs_23OyiRWe5Ex#vK2)!~`QakDJ_XJi!p@{7
zRpetN9%OpD+s#|pS?<1Xu(-W_;QKOUvPy416O%q`QHTL=_AoqR2ibMp+Ok=?>dqa7
zq!}q0lh@{LgZEi84OYkai<ar}TZ(nSL!l&RxrNCr6x+PJl>knJVzJ#e#q*lL8v8C9
zp>(P&iVCofeV+WpMRu8pyW2Rio^o%2{#YilPH8Ix2EX;2<6ILka*g`RI7>M03>cyO
z7b$4f>qgbxUsGI;XMX;m6D|%upq%kM#d<gv+s%C9aqo9^uqa^lq~s}9?F%3z=Ail>
z(=*wRnz7dsJEXZxwS0(4wC@SIik^*3e9J`%+a&)lCaz?&h_l*^ph+cYt4uW_)p3L{
z(97VQzLdI_{&qPz8d@b<-s&~l3iEX(R~CPcsSK&Pt*p<M$c2NQ^)#Jz2?L8j)tss4
z$!);!!*O&GT<W#MlT=e(!E(7-FK5)ed<*nNG3-JmSlK(6M~o<oLhZ%#Jwaf6ucQ}Y
zTNM)<O3I4&n3<WdDUr;9DFL9>Z#Q;48#+y~HykfhjJFzGRBcggx*^1E#ziOqquWfD
zs23$+w}G8?LF$}K)t9KQkMB!ah6~Hzg@38-2ygF(k1bP9Ed<_;7B=Q#fJlD*Pz8qi
zq!~A!@xK!mvKIBSS<h>eE!gXglvQ899bHrO7`ygURGT{EPwv;@8?NUm;@?(v1!^bE
zG!DjkS05WEN(fY6b?72HXkB!}0U)o}fVa_B79}BXQz#LyLq+ivWzFiWnYiWuT?{CX
znx^{olia?xM9gq@i7i@pZ8s!`D;~(98p5mc3_LM|wQPN`c97KUjB6Y<`nj)P+i+EQ
z<6FkSIj=corOEQjFdUAiO3Gts{Mi1esC@>eZTo)N5#(s&OTe8}KHK~=UI_?kUuq6s
zZu=U9nN7`{Q-tD-ycZ@r_>uqsD!n+r%Fy9YiG^8CS5E284fW%-Z{|P`$*TSu!M%zW
zaW?F>4@{C}HBIPS_htnIZ;``?yX|?~(Z^d%R!;~eUMDXb){M6<iGd+dG;itV%9Yub
zc^830Iut?Hf+X%ocS!)AFu~3{(-GWm)h&18k9YAg0Frcc)t9O2lY#Id&sf4^?f$#%
zOxo*vEra4u6Y-5?vCZep1v43T&TeEZS}&rjTds+wKaC=0K+eg(pb1yQ5w7wsZnbUb
zGf24}<nJWEE`{!$9Ny^W`w@bT%MZUHat}y$EB)VDpwGJE;xT#J2SHX$9<YtarfqnG
zC{D26e3FmOK@D8VcI}cKlw;eqroacgMOtcYtZe9XoWDAZ{e+bENluEWF+Cb`MQvU-
z|Kn<hAJL{EB+OxKt}u1cCn+s|fvp&>^meslrKyEY9tU&O($QgcQQ?WjRJgTE9Y)g7
z1BDFoZ<*kh(61II9tmFmPzr$*(@X}%6-)x&=mPv4{6^XG%{kLXX73NTB&=L%Nx$@>
z4M^M1JcF7>{TFbCD$9A*Pfa5v8jwh+-B0lFQ!n<ODvYkG?5Q0U=@_(wR0jv#TEpw$
z%1=j1{_A&R`&5JbDba?fgDKlNhwFRsZ$zM1)74Mw^vR-a?`{3l4Z45lfE6z9ie}*x
z&^`V^DqA?lP6iLCcAltp(c>ugsuy+ccrP5f+!h&+Wn{fU^o|+9KW~Z2_VFu5kCw$#
z<P#gEj9vq}K#Y8z+0wlwanuEhR(O~#mkyr)6(D#l-@Z6z@4T;l!H0Dwd+Ft)l&<jm
z4&tjP2~fIAi%>Km8RqJ>*(u#QOrwmLg=WWlp~*B*=1&sD^`_lPd&ibT?p4fVFa+y>
z)%D~a@lfLDDMlAbRAjDdJm;#DjXIv=38jCeiZs|!AuJX}DJm6yirL_uW%x;H-Oh$J
z=IRsBVjs&(Jb3i+d5U%hgBT6-haYr|h~0)AHVx0}2h>gQ`oiIhWW2glIk*8hCh{w@
zH0%-WT*#aEZ&pa}@1TBY<`d-tK2eZdg*6H5a3|ASE-EqTg@j1*sQd&GFoTj^=~g?)
zC{~bOBjKJSE<pn&`|+|WZ2gp#+6hSdhyzK@z3xL)3YL}I#aFj?HQgei97)^m@g9s7
zhwElx#jU#mhM%ErRnc3*)cz8KUciH+z|<?ctjL#ar<Mih9~E=)z1e*R%T1ByQWjf=
znI$cs6^XEkX~<N~7pD{4ZYb=Xz48I8E}`#}<?JH?Q}eE$iU#i5X(^r>Jfv;&iVD>r
z4aL2tZb!6}vr0*r==dJ2#p>W*`1;SV)`l!n?HoX7(+`odOr|rTnki|=H9QE>;sD~;
zS$K0U(mez?P9*VTNJyxwFar%z&V@7k^fL&i;H}4;PEOwoQsnG<1#7`u!b9w%W2U$e
zlT?W&8zCiVI8zH59d)cPiO`+esQ<*N-rqo^V_n(;m1iGPdd0Z8ZTOs;&mF?;gnrK$
zx`KaCPDcB&X{}4wpyfo4&r?y`z-YAivI8YGoq`uaV^XBNx(ghLu!5iX_G_$9_3dcs
z@)z{4d=*8*)YgsYiZml>YmK_q+Zv~v|Fi<(1Vk)~VnD|Q(xItKG_Ds>v1kH2ond}|
zCcZA&&&6y69Prgimj;m)W?Jjz5U#QAI&TLP)G9{MKTpU3@4wo%Sh6uT-m9-tsRjtR
zecLunknX_qrD<oh*(=*#BERxq<*YAE)yUad)hn=!_`n`bmM}SKp)kHwJt|ji7=Ea8
zB<QYI9vo`wiFAo+aPRAb2fiJ#zjt7hX0m=L<-=jVl!=|SC|H+07m0U>8Qnu!I1>{V
zbb#QS6j=uoTlYV@m&u@({f<VXmUO<KYIkBNhFVHb9aUha7l+%|lluxd*&u8iY`ELZ
zD_c6ZlK~9kK33CyZx5NkpJ-5+`o`~TQij-P2BsOth!?Wkp94X)t(`+u&>)8|p{w+a
zSp?ETRhhQZIyI)3s%*Iqjo35GusEc~3Q%aLNK1-q+Xx|mR9R>SIg|`i$)-j`;Gr^K
zYnZLy{2p=xfCw4pYnUb~eyrI=k?a%&4#>966wSXB_SzjCjHG{V@OuhQl)0bTl5~sD
znT?`ZZm^?Aw|)$!S5R4VD>BHw1CfwwA2mVABtn>`01O*$xZ~KvoxTin>IaKO==ND}
zyH>lrXMuO_-hdwv*0`q2B@BS76Zqotfo8O*ZzHwbMx@0}&S6=6xG>?8X!x^x*m))v
zaIo{~>r}tvO&7ek0=^c>?;aqrj=}WNi{NB^W9PH=SvSK}+4`hdFa$Q6W+fVr<cj&q
zhZI=vqV><ufQWl+oT0|+UJyGj1vS)PuXrp<XYB#{_c*{wj(>8wA^aoz!Ipb^kD=DR
z5^INXr)gL-c#DC|P1|jV_OcL-s;q?Wn1m$HKJ2U2NxfI$RNyZ9IE5rdZLKAmx@1L8
z^RASjIhh=Yd*C-e$+}rJ;kxf7rScrdc*15CFnahDnL22u9xAI)`(-oNeI-u)DcuS)
zMl1uuXi9QTat9HcsH(?NuxUsDld~YJH&pZyL}+U2j~L8`0?7CuzJO)urn1CDQ-j~#
zuLhpa75eTb{<fY$t2JZ;G4Q&b2VI2l_@)LCda#eF9!%TX`tPs-L2NB^@-YjJcnE-b
zu*J=(mHHX2edrS4zbHD(*5O4g;0#!2najZQ%#Sbd{=GK*SY8rt;6*+ZH7zagM$ZwQ
z2&ff?h(<+R^a8fXrugD_7C=6+Bu(T$!nNbDe)x?J64p{YZ-{&Q%zC?Cqt~9)(`Qhh
zZ_VPg>imheo9YOoxUf<(9Lr>UFokn|qsn)%(iaQ;?0u|4U@~GzvrS0Zfz9K&p0N{!
z%?1pe=Y2SPHzaaSvhVJm_dtFOW1R?-NEb=3(-MWw#8w@Yf+owyP&U+OQmo%nklun1
z8*#hWW|jf^kH2IRn!9QM4(8&ek&(z}q_USsSkRL;x{xFoD{mi%)*mKe<o>hXJ@G(I
zZNi3sjl`BG2*hd~h}ttK?X*DWH(wd0CqadJVwU7ste(qzXC}C~A1x=hV7@R>eD=4b
zPt00VbW?PU>HlXK1k=~Mearz-aC~cm3z~{g+1m?OVv{*D1Q0PV{yN9^{!^j`_bb@G
z6W(!3=UPpZN@4(z_CTSzpB4yzI#9hT#yfOQ=^KT*t_XvJ_OuL72a406sO$%N|E`XE
zS`ulCjB~Z`NT{SdPQez05IwVK!Q~UwH+Xs4%ztyb^?j(=p^u&oUkkzH=eU?dLm_Hw
z^45Z`z4nk;o^p|vOF5U5HgMDdcMgNOzG<3w{^nRMqg;4Bbr1dbuNBtKKxcH+9@YPH
zI<hJ!`Jc0A0usx@#O~hRA;G34l4bVfV3+6L!gpw^^Ts8K8UcDNt)gKiitnk?^I@WE
zjOJEj+S<H3b*wIYl&r^I8$;B35OYKqG;LyGl9B(T;D4OI+y3cIVTBzR-l}!7@@5A`
zr<1XEa_|pA0y-ly4M<6)CY79>a~6kQzPfJ8sJncW-hEwri1Tkuko54L5)b~`;`Uc@
z%R38z2VGo4!?8So^hZ<_>_`*m^_Wpok*t>PR&`M-VEZ3km+3($Ot(>*GJX~6Z;<d6
z<i7Q_U;bK>DX!nm2^JHMC<wF?{vV+f0_W`ZXu*hLsQ4(caU@U=t5|9SxXZrxAdH)O
z<@g=>gkX%vI6WUiH*-8zFKtwN|L&C$e5+|(8A)k)Piv?tCk;&DuV(IPB)Cqxg_|=v
z`lp)KpV?2#Rh@Q<Qhi|Bhs~1z@w(tDgYRU0wJ?BOyKUmE)9u)4Wff_~PW+$<t>69u
zfXdX$%Y-pQnl6xo#Ew2=!<6+N=gnq+SgT!LbWnVz6Ep#_w9YMUgfa32x)bErEYW>k
zy_As8Q@AE&-Xc$gBTw77+W#9dBdJLRnGLI{WD6UbZ2*)&d?UiW2IBonth#T#e?(1!
zPTIa54r6l+#}mafy+Bm2qCljatgbAIbZ1gf;!9A_^mEh%7`gUtp&{kvIq_F6>q&Yc
zY|}38nV#mp0t$goULSfqyQnl(9O(atD?79^U5%gnsFn>TbUIP<*(0=O<;%ajPO*N@
zFhiPushLo*bH0WN9oz;ZL;0jf)b4qLL1(_b{Nsjo1`9>)=CD3mgrXSWIfP|FR@#=X
zy<}9O4wChuxp!nJ^}qTz(BM4O3hKaHtc;E+ln(@FBQJcAW+&&iMl6yVr=y^kliltJ
zP@~RUv{~9?oaK_00=w@6s>71h7&?XO(~&u^H720hsXL2RqgWBe6nXOArUsnUgea7T
zwv+JgOYM?{Hj6eR{W^+`*ej67QcF<$@Cyk!@`1v-dVF3wKdXReSaMg1c9lNMVS4Y>
zw0yez=Xq}@2(sy4W^Vo+`J@AA0x%jHrq>p@gZp*^F2oA9(u14Tt^sJqc|r6o>o}V9
zE({SnxxLAzeS>xO-|lXr%1c3aUam<e^_%8fGHx}@!9@%;fU4rOyp<sm9&*aSScS;5
zL1PMNI<~N_PJIj_l(NC(F#En=VlTfr$SBAQIBoK0QXWRK?ADXl*xU(zIw<;YbociE
z*)9zTSS?fg*)z>A<}(N}IJI+CAN5kT7|X-yuBPXAuKF-%IcY9x9}2MnxjH$I(h4Gd
zlp=Q|)!T~MK^|fb)2N$1Mf9iW1caJ>N;Di9E3(|d(4HN4DyTM<gqg9EU}#JV>GR;|
zIJ(^ZRq)2-uW;XLAb1^)1DVo`ZU(#@Fmxku7HY<=Q}^?;nXLGmqh?mE!25p=Z6F@@
zE8Hv(idWfermV@#gNWJx1|`88=jd`}c$Xr%x$Conho4fYAMH>9rZA@Wy>Yohgzcoc
zu0I({90(;86GU=$SY(ec5pFPTH0Q;e<V~u0K$L+@r0YW{#(W(H7GymL$ObiFw@24N
z6c`uuQd$W#{UEB?os#V;64Z`hGL8z~JMD~GT}7n{)ESB#iv3&UXGgTFStV7MAsO3K
zj$h=74F5isE0AMz6kZWPc0{5CaMSYG<W7-eBa=j!U=H<TT`5*Ofix7X5Qf%RPbI}e
ziOC1a`^xgOguc~p$}#N*^^89p^AqULSBa6b$=C#@Vn2qTYMsk$Ya{+}zl2S%I@7X0
z@cW(vM;xz;^tMNf=5wSaXq)i#@ypZ?c!Kp4LN}&pVU2L<&vTWT8TIIkl|;Z7#rCw1
zsae-E@OMcYQZ5FUQtQkX*;EQn1rW1xxo1@mLCS*QGxXCog$g{-psoTplb31wh-`n}
zp$i_Dz@zs^)QSlVAa0`XVK#}!1a>iZ(=?sevuksU<JC5H5dAaUMrn4x;>1`exI%d>
zttY*k>3%y}$f_CkC)IvDN=|Fa+W~$@CcBXz>vs)5TORuKUrZPm)!zyXf12;gbF*mT
zi`v&s+^lrqNY^qfG_rwB_Jau_lW*?}Ewqn%W~w&!cF>5cO&6#)Or<?bhg8=#DXDP^
zahq`RzRVOdJ@fcGP0WpjfACKvjO{*sXq;f-Vuhm))Cx=+Lmy<Jp4n>lq<LZF?E==C
z^8SobqSb_qv$y6WS;TAxz+(E*66_|<wy)k)1_S@JqCQ!hNT_)-1N-cvIVGx8w0GBc
zn^>Iw{t3J?%93F6Edr?`R|4gfoVn?l5tT-G{+Y2}jnRRD+qjvvjL$ZezsC@UAh$c+
z$TM>=!KGW@Ygg$I)PxZ_ZO?L(eR_=nD>TN4b@j#WW$glCM<@m><{jL|P=se`Wzy{5
zXBHbs%p6wXBe1MGQiYYd8E72Tc8<;k|6<k!l7U-z#_8AKJ%Hvl*En#CWR=w!rm0W9
z+^z8&RMnR_U7c5cuk-~y0XyU5mLrt@9{<5Mki3$__{?H?mG+L}EnH!RUL*GIRt{Bs
zMCR4R@{lu0U=xXank{H{8U=uEn=TZ*JV=vO>$WsKmQ0f15c`a7^~2!zLc1Opm03i)
ze6<p%$pnDkUG~&EH?64KEyQ0h$~?zj;_q&8b?G_%+F%)?<JlK<E&|O=z{|jpWAz5I
z(8;|T>lbn#WichYsWk85etP5oS;pP`8INlsM~yr};3h^YmlPR0u(BfXvBI|(17qK^
z9wfq4WR@GJ?@M<x2-@F2!IuUlE0>3n$KQf7JsqV~oMpiQ(Vx8idOs48ZKiRzMZFQ)
zIXN+tzbjCH<?Wctc3yw$zVQm@J(AKYZ|z-3{vW)`+Qzw5;_rj4P5TOKZnqD5P<HUq
zXDrW<D5D_DH8Zm|XQ$(cT(g8|eMB>^j8ex2o(-#<ns$_rY3=4g0~xD5e_oIyQ*nnb
zZd7$_Wp`^nRVIoC2s3v{<FyX^dZo~bUE&L2#JP@kG7P+}q<28xQ*imWNRu|uP!m_i
z{k*@%ikXgykuaKSk@d4?GCwkr^+7K%W+&-(wMXC%OWGIdla!|QsTGmG-bZN5H#m8G
zCWyY(;%22*_!ev=uElTD2#T8Jl?$oM^T(vXo0li;wPj=jDyB0C%+6Q4slJoLMl^lM
z;9FPu&i;6s5@&U=mCwXAYt2Ty_>A&dKC%Xn&^rv8sD05CEcdn0Ns@Ewu<Yy3-rX$F
z&-M}Xckhub!G5+Meu(JN1xu_~kg&d&tFv2w2+dK9xk)4lacrO5Q>|LG9+(G97u$K8
za7mUj7RMlM#||?7v~z!!Gt(1!;~tjJ9p*|42Hv2q3-PEh7r$(!%d8E>t|K1nK>)j0
z68A*Vvs9{sCQ%sPr?+jq3sRyAbQ^V6J4_W%qHw_9h_3L4ZaCb{GIv;D+M@q7e1|}n
zxyRO?Yj&lU2h?_fj|bHRFM)~g#2TWqWRk{>3a)2xFX7}qk<iX?At-u?I9YVH*?H2D
zCqa6sq_<UbvD2yBhZ*cqeYxCv`*0dj0nMSj1e=B?Rt=K%lae|V9Tta2wiF%ap-=i%
z$`ke{V4Cdyd{OU~#TIqFqd4s3*p<326c=Ei%KTK2{wTtkW&vm03_=$+vO|sCZ7q1Q
zG68U$B*IsVdk(tXcoTaOL9ctWBpiMzhF7^$LC;cuc97_XEuR{wM_bdkI7UnoB%k!~
z5Y{29EL7Xq9fJ(E^z(?i>7yFmEIjgesPkvP=`;_#Ek2E@17ErrmNlc>(NE61kA$AM
zFVs2G9UDu`GLOr%UE(l8oWkQ8M}T-Q;8CtssfuRt$CGWMUFEIlP{Lur%d=~hJiO_P
z36w2);9M!nNI)vAf01YgQcTxmSxxV{U!I7;YYuJ`O-LObGR=uKjkT4>^BM{;#ggAI
z{m~lQUAk{Yz;hIX1Nt`1CWEyLLsAmpMBUSdsNl(7{64lhVk0D+droUUh^4x+o#ikI
zR1x8&TCz8Hr9-6WkoPWCQ|^X)258e+g&R|OLQJVb9>s3vdd*JPC3DN=xO&||nQs%N
z+PXFyrxjeEbNcTdDYX!27&{dW`cJtxF#jv)vn<kp%SE(Zs9rk~={VHfG{qlL=`n^u
zy1*SSwJDaBdx?+0h{1J_q3gbsR;D4xzC2-~@k4qdI$OrupU0|Z_VW0zocYFB`v2^1
z817yU*xOV9ZP<IYc1s}R4a(2>-{8eaoubK+(A`$eTXP4wte;;lC?w=v9eqn{eG!am
zpe>`m%|GfDo!J`Fog&P~2{9vN`(19{BuD!ZX)`7Mp2{*=vAMst2*OV1F^>R`n*Ez(
zt5aS}+#sl7$0s3W$-sb*_3l>8`9foyRMnor&DAgA9+LB6<rf8w_S(H^a~A=hkdQOQ
z><Hzui~k16=xLnS@s?^}cW{_}r95W1W6E*!C;7OD2=--s=fd*pG-q(;D_1-F_3#a>
z!K$>q3-P!h%<}DKiB<-lh9{R2st<DbC08PkI{^d4TabEsa~JB*t>06J+~XJZHxiL@
zAxEJTmEXZ<Ps+iE(|9*TsVr!tZg~hd=#i@iF69Qs0Q-jy&D+Es%!AERR~Fnl82D*U
zA;-uv_k7GeUqDm7FTW>VTtcbMz3hMh!z`690o7PpnIqXsGRU2eZTuD3@|hE5w6tW;
zx#COy-z8nU5`j=1ckDiJq9@U%f4@R2@%+{~MH>3Ty((Oe7@So^UMAzxe~H1XT=cMu
zCOVdKnFhJ+lu1shYQ2P8-xfJQ{5YNLZr3U#eu&eDZCSrCT6x;_V43NeuVX1hjS!DE
z>fw@*sc@@+&+<#~?1Iz0Yf0~+9D+@6KADKErmV3F1w}Db^i10UN$$;xy?=I@S&La%
zt+))R@0JNw7RG*#*P$;n?s+z>m9Nn(zegSlA$r+v+|7vN$rfwh<-h|Wc$0{zI)bz)
zT2kFDUcmCDb33Kk^1AlG;kpcPa!W@$S+D7)0ZAr@QrmA=`3RT{fB{iyU*zwtY)(lA
z^WR(PBueZ~z77$nG^AtHR4J$51dfpJeKL8{a!g34Umnr%{+U6rI`<zG`;aQu`52Ik
z5!btckkha19y{h%XX1v11Ye5f$TwWdQ1Q08L}w_2A(t?pYd7L|mR>uSy_|Ov{<e~Y
zR}J8YZ+Sefj!6C#2WAV3bfi^IZ?2@+egY>UA$$4%E|?J<l=WM;SS2<q=2)5(^kQub
zlMzx`r0TBhYArcY3mpGDPPZ_OTYfoM&iz+InCkZ-p1IFT6HNDXKafM=$^mxZ%;Lxq
zy*n7@z@nGW2hPKqWQk99de$m=3NJrOhDLqPf6jnM_$MKvz*^%2rB#10?-NWOc0NoQ
zkt!%O0Kd|QLG&GXxC^Ac0LuR}=;)p)ZJ=M!^-^$^>~nhG-AQ0Ssz<xkpl_1nPru}l
zOw%Rq9ZSTAgM)PZUsCn&57_H;3YfeU>@BMAbRm_uy5DXJO{g1}Oq5-Q%+E3H_O^Yt
zEG;+i%p|prFm5P7DG^briaQ3v_7&q~0jdF&`+XDoP_2~bV-;erXRIb+@feO*b%~hQ
zI&xb;Yw&7$vnEl!0Jvk|MvLEXE8MoWWga7S(nfoUV%q}7pPnZj;e6lBNQ6HXlSHrX
zKetJ!=NKUA`Tk-eFVW+Lpj>=Ya_1K%r}1?%4^?75Rb{Bb)$Gn-0#wQ_F}uTnLyKPe
z!BOJi<;6i521MdCAy*sI{!jdecaLXER^7gdYk9k{V&9tB6|R&w>(wl@g_^quwt!JZ
z^>x%A`Gf=s_s+Jq$vjx<Rf2pPht?(7A9pWY;uy#a@^2Ky2}KQ#A0H9-rX?<{k<B0<
zRsmzj7RLXR(;RH)IHR2%e%k44+%Kya4il;`|1e^e0NzAdUKRJmK%BIUZ;Xi?SOts9
z6h=hSvS}@{=e=DW{D+uWL4>DL!H4qd#isbw#DtE`h2-vN4*wO5pV1fjJ$DfKr8E~}
z$}FicOMeq(GJ~gn8)Djx<0P$fJ&UbCGrBY0`9>t;N*w#5sbi<jgiPD#W`84Y8Ay#e
z&lDRYWtFBV)v$W^#oFSZ$F5<+dGwdvo*UzbM3?Y~pNtw6U2kEdrFc4!UyyDb>BjL4
zOtYb4AsmrIMC0%}sf;WN`*sVoO+5^l0Xc$eCfQS~L~wPvw)!s4j?n+ALi`GMY%o+f
z?YtdsPB>WDNh}#%nC<TwRCio-8Zzi8UYW<G%ISp(4Q$f2xO}>z;jA2Bl?v<>{Cv)(
zdamo>|Iah7gkWT@d4lvf50IC#E-{GL!+J5n?rfP%FFKO8buh=p3k~1VHna5`3xiXb
zHnks_sTk@B(pn$wGK-j{{Hu&vV|08;LP?{<DZK2v5bHfO*})aQk3~629m%23$tLq}
z6`>*~7JYWO&vVxsQ~T)r@6t^t0_7j@xGw%4ZDPsFi)y7~t2zbWuHT6t%mq}I(eGu?
z+wtFOAu&(^j4cF^jC>@ydqbuSU#7)vDI;Z*m0+`T5FCMxBBxBxglok~;3J>7&bHo<
zk%|qRNx^o;RHKiFIly??f6{LSb8Cy}_wo$TRmWJ&-^KxGb6O|QQ{dlZ*@oF89gqo9
zr+noVw<VrK3f;!TVrK0+p43~NmIz_qK=~}`9a58T(&dj7{REwuk|zX(>a*p8B8k9`
zgat$vv7!7T&;r=GI_6jk&Tuyg*8H7COIM@6;q#8fgaKrsxChrP+T<HIN9{V6YHW*>
z%-M4SIEBD>AJZ$%McT(5*tCsBtMoMVGrt^I10cWK7Vz7EhaxFvpcxxaRECpOzKpV4
zT^c<)PL};zz@&V?oi4W#-FBnB5{eX(I4aM6HN{Q=LY+@{+~YCUWHSk+ZJpTeK@fPZ
z)3G*yT#YHRB-MJEW`EG+l`6Gz-v5|$_JNEQ<YGYcl1|Q0nuF$v?69pzhIN)AmFhz*
zalL;GS>8>P4=4l~$yw5%PT{^Kp@aTJ7<z=SH)t85MR%R=c8e}9jWu-p3Et2B#lPDc
z6z<lB{q0<@P-rwICd$8mz}*zMt9ki^Q7V<xjzh4Fw9_yIgD{a;0iFQ(Nnm%Ae%6`{
z1E03!M2QfpkRBS3!fC9G4`bl`wb!qJqF6hT5YX@s<_Ue&eUUfj$m_Uh1kPi_KWy9a
zK&okdBxWLu+#YwfLl~p9-4lRj+w$#hA}0pJ5aVKJA#*#!G~r@enbuIIh2wNF^u$W4
zOGQUryB(%f8`1>mj0&SE<%VRBrVwAkUt+2o!M`i0zlEX87Y&0-rinBI7jZ5w;~K@f
zLvL9t-r#K9xvv%HliQ$0jxMki3MjRiL*av3Jnve{A+sMba&^Y|s%ly#y7r|G8+!KU
z&S=JKA!>?s$c}S-es&9#1yT^O$|=J8&8w(U)hD`(Fs@T=2VixLnA777tf;ii>N>Jw
zA+J=c$CKR#L*q5mtRk0vU@Csu>`^M1ug0UvR)KVCbVz;F@-}bX`_E1JCxV205V6Ds
z^dKl+RY*8~B@rL(u>x=|oo;d#zOxmu%axLqkyH&X8VRH1ttz!i$Ps)0Nr{O6J!=2$
z|5*`|Czj!aY~b?L6xiR)`*3h?mcpuAebnwPOKxrBPV#th%(>8wg+I0+g!zRC&|=<&
za$N>K>u6U~%8jx$oV9b`ku2tyr7@gF<YnvLFmNB~_Cg6`9f7q*7-M=3ruPS_*Z#`k
zxfUpwb%7tFzb6Fm64N6OXz+JZ{qc3LSiN)^#6*VACNRDqwN{NKQ*m{4&8|5Sd)mWB
znblQ?4=CPx0<P#d+JTHy+fIt!?U{5Yp&Yi==>84s#}hHE<<BUK$q+s^5HE3!0@EMu
zM5Q#3pGxSKU8iBK@J}66_#2*_pv<LJ1rI;YIln*D^oq{c;L865t$Gfe(ldEy2#8u?
z;fh-4^Yiz*JQ_{>sZvPY)P7lD4&vb(mIgzZ@6R({<$SI!^U_QLm2I{81K~549p0OY
zB({H+TBId2ExQgZXj?5nmfLXV#ldTWkiVyx`Z8}%@2^jRdVUxNKd9cjRPHnnpGz;W
z;5YWovIP4o)(rL75MJXjwYF5M9wz!)g>D=6ej$|;w|AQHE5c@J^MXB&h(uSoJ>%b-
zsr?6q=!`tX!}oaSz0vsn8$LMtR?pHOSUZ1>y9M)B`gKM0i$0}br6U|Z6$NabXkP%K
z8A2C)v=RI%P(Pd0hI)j<f%{9i+xCeE4jIp=H%5K2HYG9)Xo&u)x+k67dg8LFR5*%G
zZbp&aPD2Bj^Ghjvj(hb=#-BLejv^-upGf^=dqx>kY5fzHa;KmZOV1Ub>0X|g0$%SC
zjBPC<fGNtfX54HBWf2_muIngVNiJsxir@!p8FlVW)Ls)-DGAgXIU~1wF|#KBp^X9U
z1-~|fmpg|2hq2o})v%+<5;TET(y`+mEgIIG){4n{6Wimu{8_3ti76I>>ZR*S{x9@e
z5^DklFB?AQ&i%kvr24<S3dvicgx`_>9D+?TGAH_ZL|cb5+05ab(%!-g+ZE`b)AyHx
zL9BoOi-q!Q?$R>cxL|-8bVwYlK8w*)?hcURK|N?^;mI~r@%mZuCUEqlGF$==XTS-V
z--*0CW5Rrh)vH93(@o!dZ4)<C(aQ`)BqN=|ROi`|i~+fVj~z01huuP+jzxm8OjU2`
zGl0vjH`FW`LRHlg12>F?u|Dseeu*i>+Nq=SJ(Ed0gyG~-L!pFnF)ykW(UDtWak}*i
ze$OJpc4M&RKpYiO4-hUR4EL*)EjQhhvw|)Q2+Q=WNBIt<7m<mR@U522f$cAdYDM)Q
zTvTOV&;jE~+hBhfBgaWqf28d&DFHc=?U*o>bwE)uOHE(jsTTjp!w67W3P)J_-#`id
zS>yRl_4|+Jq6wwn^ek$&!?J2o!h(V$bw>eb7!)RwvVR<qQ2k9;=4n(Y=UnTQC!8Dq
z!pzYCli%*9=2&h@>tP@6Icm^+h(|4~=C`7_{XCqL35Q&XOwLn7YWdR7J&D!PBcn;~
zpRb$-Y=Y)_$s{G~7fy^SJQsFOZOo+-gIPh*xNgpEU1A`%qinAouz47fo)-gkj|Ok}
zLl=0gdbs;Z)j7|hy^;S}`3*UEZ`QnVz0+2Y3Uzm^7{cDMIU;QGth$I-jO*Il{@)^2
znDGJCzLB<a%`iKF-lf25jPM6*7U84Jqr6#gW!2G~=8xf>=m^=~=mgNuO7g>*ataU@
zyI0H+SSVuv8zL8RMdM7XCnBwax;GHe2^%WLT?~m4wgPQ$u<+W1&(Dc541!QqANCZZ
zW@kY{qEv}kUdDEPzw1L?j)l5+T=TlKR*!G_hYf_aNWh9Oj=b4Kf>cSWDk%Gd(-0-X
z5~%g^+ElV^sY-qjp!&_@evtn(l$k{N33=jw59~nhd-s3n$~K=za#m!cNtzRFr9FMb
zInyGYOg5~mf|?0_wWzaT_j@<SblTH&jP}5YBQ{V!9ZFigBNcqyJ!A&rRJ!%RcB_9U
z5MjmA`u-}nG~59dL=G)h777RMUZcEHNu7KgL)F?R9&y72xPMrj;#NFVsdN-5r)iy_
zCtnPt0VG(NV}*p>58c`3*^+Y=dJHJjaGF5|*8>VO(mV#$&NCD5NSVy5Z*pA3Htu8F
z=qoLBI%cZ0>;Y$nmu_-{?TghYXZy+`<DZaOq3+f;c(Txt5MCtL|0c!ZeGvCyx%Sht
z2OLjG))M1GnP|0KKcNc6ywhZbZldh6QbHD3e;okpqjK+OB1G3;r*yi60ti-<{U`uB
zIXHN!+dRjw2rH@6rkFyN2BsnUez*00G*@<=_@a{C6n)x7c_vX35nc3HJJWQ7o9c!`
z5q$0`E$JmX<3&bJiEqG2Su=kIKnp&)J<$}@J_*Ve;B==lyd+@ohg0X&>0h0UpE<=t
zd{9qJUH3jb>I)(XtH91**f?ol?&beq<(fiuDD)?@;v>6@?w~8`?Xr~BI9j8?S}xeC
zr&m<0J%j?AcO@TxVJihq=%0(`Eykb;j+BSn!{)&d^~W=(t4(Gq9#;oz>J-Ig+wTRb
zU2|-q3}CY<Y0^tM>L87v(N`Z75pE^yw_jqw@ib7fx5o4?T|r0|WMFTg_NhQ~W!cF1
zD7zqi$u586evG`in$7csEN!&KN$8F!Dv?G-<Sg)W?DO+gB6X^a3>z#K=<nkmBai}t
z!3IUJ$^}rj;u^VLus0m9xP}XTwT8EYy!!5fMw_v>VOpx_tY(A)lEZtDuGP}xAW5zI
z?>!bA6~A9I5_5Ouyn>A%Mq$pNfw$csQ#Jv9z>{e8!s8Z7UQI>Wi^s1$%BgTrN@b|j
zW4?hXir?tn1J>t;{cAEO!!y~v!N}!^f2&Cs8Jq>G_4}{A0cin-_?S%u%Yi~Sdv0UL
z?-lSsf$n2?TZvq!%?+JT2Yf6cShtuc5Cx4ORG;2^-v&GkG!S4>NBp{w`?hK*JIqpF
z<}K(P+@J!Q_sc|}W$A0IGL~qQEv8(Jqvo67G4H=<v{5sR&A=~RFG}1pI-HmKCqxRM
zG&@cIe$;#DT4~Y|TwbMY1%UL>4A(+>Ml6R-QdK8(xvSD79M%Z`Rje0yEQp*5B=$nz
zxN8&>2TmajV>4gu`$ee`4cW-UkxU<E4#03nEgqalaoI<*py&>TqbCe@W+31=EWQ-V
z@JXFv0<Y(MrvUA^l!51HBsDXyYK})Yn5WKA5bP<vtNKAjNW5l6{bVVO*}zD=xdA;;
zXO;|xfz?@Zpg+6^SI_ezoQ67G^JLL9#&`8rm;+jJiTs9AS>YAtoHvyp0vvtQZT6jP
z!`)A02=|Ndv#MJ#$mGTfmZP}H)N%^wRt>F6+U%w;lgg2mBCSpDZ*D(-k_1O8_98bl
zomX%M3n>9_3^4ub@KEjC3_!>E=!`VE#{Zc6F;jYH7**i??7BFgRAC!7n1A`cc6X?R
zum-eo&X45DWfna=NH@}Y#}gVb9&oTCG!P3mtaBV|P;+^`<z7m!n>>Y}Q|8gHvTB0*
zOpjM+jL4UouggT>X5?dGHPM#ZjCea}Hpnk#mg7X~oU|(DvZy$P9j|M@60*)^=_$!D
zlg^EXecx|+V2Z#QpjN<aSN-<rZq}3WJV}ni4CaZU7-#X(ut68l+#V=!<8(Lhoov?M
zCEnZ2Ixe|bw!t%so?*r=aZMiQBad`qwJk0F#tn^DyBpm0N*ul@|1eBFq`&I&|2orM
zzfNPk$HDZP@wa+J8~T{oC}m*(gK6G!3i~%+ar+vzXJt{xutNBRM)>IFJCAbrVSQc&
z;o=Dw`wzFr1v#YIGR8YzWyE(YQN&+Mo$Tio5$Qc$CE7*>SGgmJ61OH)gw@pxRIsV@
zr^k2De7=w8Gb@VqR4of^>*)QChLw*hs;4GII>uk6@Aw-ZXFUI?tF+4wjZ#vR;**$i
zTgN7Y4W?VgxmqWW8eFw`b3HSau+O6LL>S>M848!Ls?a*qP=V1L#rSgA1r`RVO&6bL
zV_2&cw@*F)fEHL`@F<n`YXO+V)-0j9jvtT_wFNkeXEWXUOdV~^9l<TBU-FO|x$l@C
z5<;#qL$_GBn0G;sLBe;ukoc2(pcb0*nL~Yk6XxD_tXPgJ9UtR@gaV~!m2L$HO$G>T
z`_pKPe}p8~^|`7*y`E)N@i}w}G^T%TQC}tp*@fAJ)3)Wihb9$#%Nf`;VaIB@Mre07
z9)4;}kx^EbS%3@}$}I+Y_Zr!RNKf{z6MnYmu`YdUh`9%XE%{f~lKb`YmE~-|S%WL@
zvK>9ssvsJO@iGwX9%>-pPOg4pm|tege4|pKamzDYzML|1C2B}5K2<q((pySJB>^RK
zj@!!J5sOX84g!IwV2Wm0DKw=YHeB7-Lg}5yQ>yH6>`KJ$E5WjkWWBs7dkwb*Tlqr2
zVFi}veylY-633Y1dVf2&NXTc8!`>zW;!6cp3491@;^RccMOTB9C0=#kZi6)MZWN(I
zesOJygS`>xgjv7M+o*_sOLqzDOLIsk0^}u~t=bo>;!A-d%d%dTj^$1UcrC0H2!8ax
zj^o**QEn;@iShCj8T;>7H-a=xgqw|H+e`{cAjTt`lab9ZYc-qADxn)j8V4Bxuu(_Y
ztC`P7zp8wsx3nNRuk#M&`sb)=tVl1eR-$ikbZem^83o0<kyJ@Tif>6(R7jj@DUyX2
zTB1E*gRKG9e96bCYFh^o4XX7yjAELtk0lKBqoF44@>xR-L+JV~aQjRhJJ8g10^e&E
z-&_rlke5`fdK;vCS;&^N{E7z&s_|Z<z`2Q3VkxTZE5j&{>9>?(3-8z`=-1SdD~AVX
zZ_^fzW>N{;SB-s{H2W7To25C<0xGx!=|0w2yn$D+7Rt(D-X_2?bW$-y!1ZW+VIPfI
z*Ewu%1o~R%m^-#<Y!}UsX|36lZyQRCCr+kkF9Spy%Oiw0ftBK>1k^lt2_8D-e#6)I
z-|hkclB*>Q7RLBXyh7j00c5++Cdw01n`6Z6S&Gsf(fQDMaz!?vMr0^dU&?$vwKU<v
zEgonS<*3ip%5y7L487F!szCo@m>P8~i^mwhKtO)q&#oS?)Mx*k+0E4z{6w#N8p_hd
zH|OVokF~8w#Qd!=sQ#m;v#Mtn??C(=n>YWK?-5VG=ASmWIMZumUFtHdVPiRTv)arr
z?a7vl#uR5hv6dCyYY9sKJly<owK@;7p}S;0x2i;g<jgGc%76ekYx^!=e19R!j%r78
zgbTr#vjhz!i5*50g(*L#uuQ^j()36%fqGSWv#Pejl+CatO3k8|5SkJB$2ug8AkUXA
zjX9Gg*6;sSKED<F;HV+@ka9ng*Nya^THZv`#{|ReuUv*-kJ7h(Xbx4dd^P^lbCT9<
zulg2(X~JH_LtO4Ne?L?slizJwF&Fbo3+cqC%-uBZvvxq}m$>vhu+Xq(Git||cO1=6
z!hZ8bv8;S-yQUM-iD3Qoi>&sr>T>%(i->#QoLRh88B{O%ynbNV%-17@Wx+7|E1i$M
zDKB<R{+rb#4n!y6<r`%AOENdqG}Lw-VB!iA6%c&a*}2w~BkD)ovElyz2%nz%p_-9w
z<18T#VP=<A)$z>Oo$^qUp=*B$S8A>+4^x^yVzgFGI>GTU{ooCMDASMR4VF$kj5ABV
z#5TMR+JS>P^QOT_;)$OatO=&VDUr>@kg&uI(MI?<NnN~Eu45-0Cn4cjhR#z_r(@tK
z#Y#^=V@9zmu%l#MA1p5oZ^pCgTiT&g=<;1JucHRf3O@X$;P0FIl^B5_#zn(D-T=^c
zQP5_QjG)HU#ya>+k|~<$=(}M0T?Ko#{R8xdPcw={<yt-Sc=9yeO<vGG*|#an#?sQK
zIY5@gZZA2QBJB?B?qf@1d8P18c;yX()E>dNif){qPi%u}?LuQ?G`OIwLX8_(ftIQT
z8K^hk8PIWGWuq$@_@Mws{TM2TJT$TT8ia{NhC{{BbcC$R?P@3Y=B-(V3b&@Y#25#L
zzIbHUH@47OExia>AoMlC0xs0B))Fy%Jip@$w7GS)inceF@+n&i=0$xC)HjF>i^(#@
zuLsZiBHjl97r-dK?Q3GXADXy?UN5Ssx%HN#2WW-w+5Yop5hC(+0i5Ok@0c%VG^XD!
z#PYmwXFBrxAJ-Oi3Wh&bTkd`(=1hmZyHeb?sI;;o@c(bk@Zh#|wMcDIZ~!<_`Lc_%
zX=%o1Auji(5>$o+c>>MvIX_nt$q4d*<ct#Y)j%@=QDy;KoH)=g$3wRMNs)8e9FX*Q
zfC{MgxZPdV)#nV?W`UBOA$4p-NdcgN`#Z!$Ah4o=64Dl+KpN+a`fB&d=SI=-3xV@E
zVvv8>o^gvDQ6{E<zEC>oC92shA8oxHMgv5?loVdScvZit*`mFsP{0fe7?t$(dPB<y
zEmA;fMC&-oK72eB8`QX)SeC`p0|VJ{<qGf+yr7l`C*Ks#Zq7)fva^RCgM*GoT+fE(
z(<qrW9Y6opHuCn%4hRmyW-#n0xJn|N0r5)~2LC@}Su+e0nYnz_;Y}zvfH}0LWwq(?
zQp<V;cYOiOJIMX|&=1SELbIO7Mue~_TOD&Tq>LU|8e1;UEvD@0yG3kJtU!JMF7#mM
zQX#qkfeS4TCBQL#`K?P-yyE34<#1}W>Wq`J#1N|ZK>MMN^<!8_41PriNqnnje5Tx!
zflhB_ED@Kwy1>>Yf?*pb(9`G+M-aO@F848G$ceD-dB->Hl*I2?MJ2bMDyW)CW)$80
zv}R2U5h^;bgl_z3MQSpHl(QAsVI)wg+G&%FP|>`05q*#52BH{3yYy?B+-!JrvZ<iW
z{gze-xPK)6_a$+ythz$WFSA|*g_TN+PxX_U6Dq_qhDfJQk)bP#_%PHj0ow0BkI_Yn
zVF5>w&N?U86zy~c5)K};@r|>zx%5q%Qg^xGUrj>*TvZZ{!+s3kQaLyE<HteZE~aJ(
zPsfri3*gk1_BnPpsRaiqTtK6Lm{?k6WkdrvsF$UxSs#g>QbW`HqV5|h&(}AujKsqg
zFw7jR_f@_XF2;8VmO&lo3`S39kr6L^(p}hS^O;g3a-jTm#<uJ1dMla)z*HGCamd7|
z;)f$nM+Hzf&DHfy(LVTd9EAj`iK-KVbijt=x`egAxt%AVUz2=(JwMA1@*B4$swj8<
zzm9m*zFcl5VG6kUd^$M^ssV$h-c!S{3=8;E3m<m~cjKl2VR+7GcIKm0L&V7WT02=G
zfz7`R8T|jYU92FWUKWqO{m^og`fTXtKRxb^5T&>>OP+5Zg)24wilQ7jR$>OL8sH6t
z<E&D=WwcVEXmXlU98Nf1<UEN#h$L|Yr*3$Tc;yamFjwi8P#t6jvO{o3$9aQ44(mU^
zwKW}|)67;DE{k0NdS9Z8t3lH<m^8M^^$!x~#(4NS0M^I^IYOyMu`7^&p6XJ!zBKG9
zF%@6&eL)p*T<BH4XC{V;cX5!HpYi6}S@37r+vuU@wIQS}TnD+L7<vuwj$F7X8>n38
zS$3(Du>IFzV$a^!S5!kNRUy2AIMAw+KvPbf+zb_=S#C&X*5qP~o=B_rGZrWu-~G|i
zq7vRMj4|q3!~bilsGn!Bu}GbD6$Xc=I6zuP?s2|}Q?su)$PpX5T#Zmb<b=MVunZ!w
z)3=$VHK=*xlnP@!jLWe3@pPK>uazl=PS)y!hf#-Il3~CPr}E$zV`tBxNXU8d1B<VW
z87DC!a5<bWVwRH#Z$^x>a2L3TA_?vOXN%aXF=B>O8ezj@x1T#o@s}KJ3UpCnY#y8Y
z{Jw&~G~DjgRA=+nA;(|jj~6a1R=IrXvwrINc*;lT1r;zq<tc|OE#CKusq(Si(!bSs
z;NL6)l|<<Q#Dr$x1P<~(_HvAmyH7u}W&e}Ajn{V>An3g8(y$MJ4kq2ERZ~)1zeAEN
z@CW|?1VpIoPzp6;y*z+vJKn>Gk4p>ll-7uq8C)}@%$iZ_#${TUk;_%lB4D5`Tb?}1
zSiJr16Qg2<S#>b#5xwEdw-vB`Mpk5bCM3nKn+SKjb+=Tav<beO0YZWJSBO9a@u0#f
z%u@Rzc0FmV>fM&I4vFuyF};B_dN+7;>5VaQUDNdX7-&BvTVePNyGEG;qdHTvL?#RD
z`mOlaYac8-cAHv4-1HcH=H<C{A{b51W9W`x)Uf)?xA_}6K1xt!L)ZW~UiFYn^)&;q
zA%tL87?WvbwM#h>i3{KITkn_+?~zv0F8~jk{gJjFW@p$?*D2g&)Bq@j%{)xQrC#CV
zZ};lq4G!_Nza`<5EG&qLV=c1oohh^2(Ld)|a0~`tJhLei&m1FJ$X{=)0s*d3^9GU+
z2I`{@N(Bw#TyeaHkf4Q%OHAA$Xs_H|EPI1ig$|(FGbu{6v{3pJF;#HX;k$TE%Q+*B
z&Eq}*Q<f^m{Z8pd0x(?@40DQAo5iB#xB-+CgCI>QW|h~WFZRX<a{;Vl(7Kd02s-*L
zrnR0t;5|Y0g1F(SUX&4FhkPmC#-Km=LC~ty6lh0P!d!HbMN~V7*WIA~8m}M?F@}*$
zb*Pdc?H}_(S^Q#i%hz;D4x`8GaJ1wWz_oGtQl`(Ic*jBQ*shYjhz)h*1Q|Ic7kYL#
z-nV%+xlFR>Tv#aC5q)Nl54q_ZvK_7zp<89FCLb78kj;S?@TB%~EwR<7&bi}p&_4pN
zAt3=YHk!Fv8oFgAbthv9R|lTRA^%_^KBVKII`;(wO>4Tu&U!n2!cO!=OR75ViJ?9v
zkE<$Tn-xl0^atKU$C6n^%PaZ-{cz6c$Q!OTd}I0}J-+nsX7ef0-PzvR=_~HO)G?z&
zh|q7q#bX_(B5zO(V1TVI`dS*9{7`&k*!rBU-(gL0O0Y&T9s)gk=*f#cij|Yo9@PAu
zG)aHKmz9L<B5fC!yKaYQ4!Mi__*O)?a2Jx${KrD<$HyCtn8z~1cMM!C?vFnM;Xn!;
zcccIaiQBn5@4g<a9~LsQ=5l}-2mtp{lCC<1>!FyxpQn7_=&aq-@j6^HKtE?nY$cyV
z+(uW@1eG%UU@^z#@M?;x)PZ!?PV#`76S=}7xjGhXf|589X9CQy>O8c<hnXKhExX%Y
z?k!@;i5WL$OJde|L5I?`=PyOa>xdHho|t^K_42+CF>!ic-nl)AdGzYep`J5uv0MhD
zik+(gfZ_R387!za^}xOpv59Kx65|8rmr&p7IA1ft7Y6;&Dv(K39Js^htun!#1G?0+
zY?#??!**-2XCy?ot1>EC|4cNJdN?;%^aHH^^J5-(*O4@MH#&s#pS2#ux1~pc#`#cH
zV?%~#3ef)2C-J4x&=JAPUA>)-lZEvkA6_%}A`9W9aU14K?XDMN+cYi?tHOlPOx)-#
zMoP=y9^V8Ac3&(>H6C5JAMk!vhk26*m{Odh;mUe*(@{WPir*e#nSlEUHA26Bu|VHQ
zMsU!wGhuBuQ~}q=_?t}{0ctdr%U3mK7xH?grD)-)t4~W)-PH}Q`L~YzQY*hCz#SZm
zh_@QUzp5xIvgVJ_I>r1(N^(cqw=cbzUXVqsl135qC2?gZ*IGh;C#+q9NqULkAZ&;2
z{_*wLx-$JRmKtlm9L9NBU`|`H!G2B0fOry##xQpK#md}*J!Dr9v_WxAt|m3{Zspe?
zip+tF2D8bJwH@3rE$#<(Zf0ErW-?r}qpoTdYW=o)@-ps}1O%@9n;qI6`l@6t@TMzZ
z3mLgY4<TR&C!tBUsZabf0g^V)!>bS_t#o!cE}#Ym1$k-jK%5H5K`p)03B?D?fkXWm
z<TyM~wGm1=fNzO9E!sHbufCP$(&xvuWE2eLZ-+Uzf?tj&ozL7lCA0?d5KE#ypGY#)
z7V>cBfFJO*GF3x`${3I$&!f@-hPdIvAYQ2&?_3F)Os6E#a7IyesiV1G2EOLO=>=n7
zxBLf!%QM?@JeJZ8nozk>0vQ~8!m-rAJ)qXKhWt5<ad=7$R3du%9T$i^yB=ymOT;ZQ
z)eFCz>jsCf(St?oW5oSR&@fpD%vkb19J{r2K-JnfxLSv`X~}aQuF!i~E(m5Z&P3o~
z!&1Y|7d$?t{20IMpN?COW};Zd3ToRlU}~5>-+Cg1`-SDA&*2-b*s-W2-Q>G<aau(N
zxVf4w;;TM{m=b-?pWo^f)dfNr)0SaP$ypl|@ut^z+e_#;iLhq@hz<jwdX{!UOow$T
zrF?M)DSO2IE}w5V5c*GQ$Ks0<;-%dAk9{KJ43oTdGxAV?GGXuBkNqj=)$_amh+n?X
zs%$_s6i->E9-N4r5p-V5aV$?%{AEN6Fh;jd13DZdc#<;!X+5D;WWf>%@vvDaGRVPP
zcwKY&-a=jkz`48&NnsqE1s2o*{a%tt({+!-@XJ4cUK57~$R>ln($_N}_Hy0cebW9k
z`Zp*b@?UMe=>^*6efXAxj6M<}`s0!}U{klaBp=WWYh}bIXb?^HxnTtTGaGT^EU8w8
z$otO>w7aqkT|F6ztok>?Y9%<1(JR&s<{KXNFthK8wQxJb91?=oD!gnUK(oq9^DD@R
zyv_ei?;zrG{Zrv8y}X587;AE0)dGEf=#iDvhH~*F;@l%phmFS%mt&ko6umg5_0(ks
zD^|m-HP%j3xh`cm!=ZXZ++2tw@RCi7)on+~W@m!{mT8ZyoC8QcVqQIjP$(ooxhWq;
zV?|Po__&zC`(}*Xg-XAgO$veiHVSFomw4FS9P6lL^3pZv@Ofy6Q_kpZaA`!OVO*XH
zw#HDW$li$<ABE4iiGQ_@;S{XHI>~(W*GhQ;1PR)lUta7n1xIoEL!@x8UC32&^0l?J
zgS=SDnS{5V3<PTD$s^&>;bocp=Z+qvrgK;0?D3RT0@!em2~U+03i+RT1|>rxzfjXj
zmpMmfFF@&lJ$JYHo<(4rAAHo1S0d+!;G_I>Nbkf#D|s(TT^ehdDM_02>eME|^_sd$
z$KU2GC+eu632D+F6@tAuBwNHE8Ij^XS6o~*EAADPiaLVOLbbwd3;@av(5$?%pd}0L
z{5pb;X;{p{4zcN%KEtF}_hl=`XjOM3@;pqGO=Y<JL69(|#q77wecgze)jxujU-*?o
zVVg1uwi}|Wv|H7W($%w;(=o7tq?4`k%NzKZh>yzrYjA0cMz+KBmjWrlX+^8OA{8N@
zUPA^}wcgGg2)OpKV``x1q)WI(!omeOW3Ps6mR}wv{rxP}X~G%kpc%*~TY^q2{C<cb
zSH#JY7$S+vaXW7Ep9oRsz<55}a&PACQRh)(j?P+*oWXjE7d=A43l*Q-BV%<Vu(u~F
z)3zXySWexlD{f}DGqm7yr-Y?`>~r@4>lmFET;<){X(L;Cr`|HjlW1~GRwmbEsY?0}
zDDJFY6z~!g1iRUC7-i9;McR1FdJRrUHZ*IN0}V)s2>%_ic3y~7;7>N5Ni44gvZYOX
zAHhuNjf#Oir&t|8QEc}e4`urxq6DVR4+GqI8!>Z9*tOob8=kF7Ob&N}=4HpDzXij0
z+h+ec27Bvle-t}r0*!GbqPR`<$KV^9t*d)#+mJ|TUwl$`Yy%Y<AZ2NCtGe@ebXA*4
z<hEFjC<B+7pUD*o&4G*Ug$A=quf>OD^}JKfR~)ubZRa@b`?axeDWPJCneu>HfX63H
z+sKpMwxjqim4j|bfu?D%(f|G*2GkN!lT^OF&}25bt9jR`Tp&QCru&KVI43c`qG|O{
zx!_fae~CYOlZF}5YH1vjieG*p{xI!>Z-Yvjabkbo-Jn#7NxGZq^QtpsaWs;D5<{vr
zrhq8eGq@15ahWyfuIF347_BtV(5zeGY0q;Ks+}&U>w`Ws;U_x{eC+FXm)e2aO@N1y
zcCGtkC~gTN0{AOKfHYK=QyRzd6vDc!-4*wEMZ6M?SSJ8T7&uh{4hv{MvSX|+in!%o
zqD(YDr7zj+_$yXXlNZ`Au{0Vvp1x9g*5@!@o@_68)b+$4`Ffz&lvx(Y`X^3N#Mpk=
zZ@U-<=?@raX$$tqV#$fS+or!LfF0uI&N4u<?(qTb@5C9alP}-+7dVjVG!Bzuj3YuX
z;EV+mS6AW{;~m3>GHn=JvA!aKOV7B*1|jn1C(;e_KXLLFHre43k)6HYftSalMqWx5
z0Z+TE9-I3fT~%)~%K5!}rZv*jH83+7Q|9I$Dmg5bTu%H1klw+76pv)4t3D0dnQH?V
zeZLwU9fKb&Y3W!#z6(J^x}M=*tKW~C|NnuE%WNRzUP(lP1#}7Wga(;{)e(-4NsD6*
zhD<ue8Fsm+PwrqE=V?rLm?HdVMOJzW#ArmJ5$yu6_J!{@wOTd{VQve7a3tv2hxXvE
z{59J!4jaCk+@5?tl0N?WpRRU6(#X^)iF8<CbceRqi(+ok$bVkDGPG9Si|ycrEO03S
zf=AZ2OVvmLALj6`t#;Ep@0k<aND6>HYqwfe2C?wC-6zx@lBkryntekPGC?Z{d<Z_K
z!tZiM5;XZW&?ljE^MSql4=pVCxtE>z!Hlvs<YO|+e(q_%@y++nngP{kk(aj}`b7N5
z7mv%;PFlmS4Y3tAI?3nXdWMwWB>EE@8;f2n{*#jI>{iwHwM^`#!4*~S{CY_<XOWh{
zQw_JT0e8a~TCQpi>HXMdF`?nbe}q`7vuKG&-RKy$YM4xJAeGRway%)r^MvH2|EV)9
zo3X`QjoPNT?(tMT$I6_-AFe`pf%?o$M?n^HexMc7%`D47EtQnjEk30x%V7T6$5Gn3
z4Tp5z^8_!9=52wRgKu}d_JYdZiREY6tLPTlyOK>~n+8g7&CDMAFRG;8uad9%o0_;L
zCAHz1$<SwR@vp0z>N2YT{lWcFGgBGWJr=mfQ3rMyKWqWLGsvveXNaGKZw{<o2Lwj#
zv|L<<8shkI>F*3vo_c-n?qjsW)h*6o!>EZ>Z2iDl{^3C<hdWHW=xVhbE)SWG^04oo
zJuT}$e=uaNfMt~OjX;g(wi?MTz}C|}Am#?MYH<q>nCSRVaZ=_v0P?M(cno5StHblA
z;-Q;>KM=FFq6g6>tTjtbh9q^|Koe!f@aBxKo&~4^WJQ2;qfK<iX-2Y1gcR1qDZtv%
z;DUPWRIpo)f~dH$<v14Nh|rC+2{u@BSS6Nen&8Zu6}sBl!@phm6K0Kr9>6{o*APra
z1Ss^)wZmC7sD-Yz+a24yo9gsgYm!g`RPwZ;J30#pkML~cU;;GJ{?Wp33s^RxvWx7w
z&qgR7Dme{KLW~fg)OtBusNW7VZ@U1Kr29jJ2>vvs$k<6#wQ5bA`E(;jdb7^kJk{>7
z^tV$Fot}wL(lVr}wuGt(Au<LQggr}MWUYE8Jz1y86tM{-qCGt26$S@A{2WmH9o0^N
z8EXb7^!!m6j`l64xLCS@p}Rtz!)}89n;`yT4t_9$y*`H}Fg-HYi3HEofFoyx($5SJ
zEtMHJETqf^2snQaS=pA{mx&@>zJQcA{amM0T)9Mz3VOE-c3PYaUx^J&2v$bAhKb<Q
zrWxJw?k;)^>L<%ow!Debe!d!Q<$8K~N;eSdM+~Ycn^{0iN^Z(P0{swOv>U|;AvtcV
zK6wQM5bn(tKw)h~qk3G+ckaUFO_&{yI+zgYCeU=jC8jgMzLF6xU+gG#5Pf2li@rpq
z0aDqK<(x#Yzj|uLoE;rd+#u*m8g21J4PRR1Pdf)%`lj`hjJ6^r77bjBYHTI_i9NVP
zH};k1WrVhHeV<5;VqhI}*hbB1sw6^rS&5^eoo%gPoB|AhGHxMt)Up9W)uGmr0O&VM
zRW_Q?(=f>IXQVt$^SqW3=y~RG6mA5D=b7PFA7x7Q;M9GC#T4autO5iF0ApBOW9C{R
zK-<ahd;|HM=a9HOnT2EYC#rDN=&uy7&-@y<PD}k-09t^P`eCX;T7i>Tp=Odd<t8X-
zPC&~Ep#ds0X~GQYiUbdr!VMW<y}S*bp|H1EE*6Yg-iMNBmnF`DZw^b+1-4T}ZlPi3
zNkkx0p!g2v$R<RTe>JA~8AqW5R5eX}Z+}R9U;S*Ya-h^l1SFC#vJ{J(syXw?M)(9Q
zU#x9N-^O{CygKFpy_wJES6~TU^SH{Dgo;-QpFP{ST85>F4#sG{h&S}T$pyY=omRlO
z5h{?@_oZ<OI2i^Z-YO}mb(~hUv_H?B#217x9yd07Ot~_d*FjL{PD7%Lqx9-cL+MAD
zIkmWfmcQ~AP!JT{V?dcIKK<FYI?GP-)fe=bDu{pcyy%+suFl@XY83CO)iq(XcnmPS
z82;aYJ+DC%0etFt5RWGMA*ul1UZlb3ZNz>jk)k2(h(t(od6&is_cd)w*&=L732<8L
zXFsHi83&si{RX~+Et2A#UaG)Gmgfem?ocW%Y2lYt3O~CzBhhP$xF{sWw0lWJaaXqy
zP+Q91E<a(tY5v5EF=e0mLmmv)MpmDd<2JE^x$neZjwzW1zPBq=Y9dDrQ%syJff_Yf
z#wyc+Dl<Z||NU?;0W|2C$G*f*7=hCN`lt?gsDqlDDs^1fgyrb87_Hgg)GupHq1~o&
z;(Jd6dWhi$J+WR$B<&p#5IyFL62;=KAw%68e(*08`oAcNL)4wGFiG6qRiY+PIO<MH
zOs?4zP*#+xiXIEDAHVPMpT(z+3k{}l%K@6n#5YXF3lj8dLUn;pIJh5f$dGxmg1p<;
z`^{T$l0bdw;<;l9=wf*+gW{Cmt4=+qeF{|WpZXke+1o4Sl_~(2qx%6ZH5?a6kZuKH
z@shD2`u*>+f&qFNgTH}^4}4H8v-R6~q9fI~FBqGu??R2T?H?icabCgBg|@-G0md3e
zw}C00sb+TG(6H?(nahAbNHmJU{C8Ux8f;og2dhd-CP9Qyw$uewj8I!@8pdim)l!09
zno#*`A~xa@r^X3{J6tDXyE4Q#ISy4quPq;>==d9X2b<c)^%xKiQd=lxih!V2U(~|E
z8V|VVy$pigPYL7ztICAC>90!nN10XV%83rAZI$OfJ$b5|3}M^hKA_+>U`>cZCk-lB
zzo*%Yy<}-ReG-nU_(&Wk4DMvvDRtjKbQ0m!Quz;C&sIb;P>PArV6%zPP^le&04HZS
z^_-9NjZ|Mpzj55p%|a(){3da1mW=i87`~=3xf~b9#%t5vD?=|-QNhu?QYJiYAi|Zp
zR(t^)QmjLzom*Vw)a3~NBaju&BQeuR=MFomElVahq8VI_hlqkt4ec`a(stvdz`g-m
z>MOSOni}V>i6_a$_;8Ohc3)M9@fvF`J856mCIsZnhLS*=ZHl!>Du(gFMyuXpIf0D%
zPgs4Txfdzx(z4zHhdj(gOUk0gxR|d~^vhZXA_h4vCy$eL7;L>KU%s+Cb}i{V$0=8I
zB#Xte_CrNtlLw(Z#0J38WwM#`>EOE{W7hyM`_fPFN4AlGtp)&sE^fFT_(+_Q3~!h`
z_Lb;kk+uv|C>T!Inlnnjl{>c|B5dpnXfScXtg9#31rPzl>`IdD@lF$sL-%ZUjByuX
z=X_%+VmJS0dmy4I2a56DQ^8Zp1wJiB@{?m#Kr7M$w^1))KVxyNZnltr&H0H*o>Jw1
zC@_rM&}O*2A6$y%a7r_%%<?w*JCUZI&GIh2C)z#-3<}+-d?Kf0h&MA8XC7#wwIL^(
z#L-yD0kb0g=aM=z@eQr?pZ$Q?!tY>M4?)rfwu~M5-1*Kvl4h#~cux-D;*z%2P;Sc3
zy4|+9DNj2KGU;gfoXoFRQ-|x))$S{`m}J+7qQ<maBri)aX-Vx7`@oy}`&xFw4A(X9
zm`wk7a3Xoh<^mH$w-Tpe@uKw{7J~8RhRn5Q0QbJ|O*_FZcF}yvGVUW&g^XBPXKN=-
z3;f9Qldu!wRNi$qn@vrCc}?ZhQ~S>W_2I4l%qH}opTD@+bTP{9;KHeGH+OHYyuWW8
zBu(Pepz-t+14;QEZl1?_)eg(<6=MZKun*A8&#7ur0DQBCnS(HTy<AbXls&CSRs7br
zHy0r%<JQS_#Z7v8unM4;%K^vh-9Y~_8&m(PyojhTC&f}@;6&Yj`0+o}@dQp0u>RUI
z@vL6!B_eV7>+Jar)b!{a7>fP@O+;$>Taf!nf4%s?TEf8~65d@#v^UM@ABSIpy#czy
zI#RzvHh5E@Ngk^o$g%c}&?P-3KUs?3?nNtms{Oc}=Q3oruT-`M5jzVC;N+h$Fs|)D
zBo3<Z-t60E0auJys-=OXQC*@cXLq}lBH@GLL7Lle%m=<i=JYN$7e+7w63iG^&-rXF
zJ4?e%RyUcOd){EYg${(!GS?1vv0rJ@DQzTB0Vb{npma@LhPTvtG95<QnA^Q|imQzH
z7tEtkT4dGdbANYvU0aD=J9`U`Qubk3OE=s{sK@t=AKn?Z%vbkWDrF-VtabtVJgvSR
zYCr#Tswich7MR>PDuK}e6zU1XigD4Z2Blc3$u!K5OS)=$xC3ZjMl<~SdUq|0@L_j2
z4dY&5e(RUM(hNJP=}IW5?@!erX+B@CyFJrzoJK5eK>-AN0ui$iB=fN-5X5b0!gT~w
zHy{N09F4Y8Kg*%-ho_7al<{u{8#r>BD?k)$YL3g7Tl!(`*LJWB`T&uv5;3NJ>##}u
zGXpkV>){8e_9mZ57Rn_&J@cIw#tcadeQA4#q!+t>)I)Y?3LQDg|LrXJg6XU|01j})
zfr3o*_~J?G$j-V&FB_%t-K?`GUHuS}$!dNTL{W8S>Ozgqh`hE%v{)O%yiJSbEfN4I
zI$3rsFJg4@4xwr`?-X@M3{`CM2O(*GQDaJ7h;LRPKyUN{N?Xs17+Oc(?#0_PTVdp{
zHkrf$37gE88=DV&Xv?e<Z4(KLQaXxc53{DFjaUP%=JV9BLtwE&SHmLFwej?xL_<%&
z7pPf43XCRV2OhV@_y^5C?_>L7iJb2Q_Wy)~6HeGnP^Lk%5=s-ICUqbIy8CD~4ZN(2
zu-J96{sMbzyWW@>#iG}E!|JqP&dJ1FeHRD0wBwZ^Hz*tRczs0H$$-o6lI?k);E0s$
z!CfKL%t{?u27p?cFp+H50W7Q-8`h{NyZt_&7Ruv>z}fmAMY)UX<bu)=84{B_)c^Y}
zUC<ArkCz~eDy~d#Uwt-*C%W#4=IJtIT<x@93R0MDT0Xk2Oq!jAlWTla2;c-{4K!*(
z_#h@u?BthiQKV2MQ^<15-D_ZmFd%Od99jX#_8}VKlp)tcXFG{yl!4qgM7b^9b<`mA
zCRgbDE2lWgr?xS;8DxubS26a4bki@`YUV~q?(+yqmHT_!RBm9yX6dA@@xw{3jq0w|
zI^<=0+t<UB8y2Fwm7xE6Ue6)x&}v>sQ9en?+W{2$<_c#uQx0Q@Sg^9q`VuYimGXfk
zzYJk@mS5;tb{&5xxTr;p1(>HcFRC(dO58a)qXPuUO-;9Z*v?s7N+3tZd#nbBFVic5
zGO{O$B2v-B0UmQo4mERSjW^MWp0~GWnT>#c0<+PaNT|d9W)$<O2J{C)A<;(%9Xsuh
z*cl_;VTy#q-b#<kbI8Dg3lupl^z{*mM}BfY2HwX#fd;L(#(!Az-doh(wFb?#vBCof
zU#zI+v|v#<-J)XU^Md^D_*Xr}2VLLBd*m)$y)~w>7-PyUXEE-5z1>FTYkXVhl^;W6
zRjzYNN^L^gY(C3X7Fne67Qyql_tPqZ!T8>Ngxdi<uj^X%KqRhTXwex1p$ZR9C)|ny
z7XqDYlTdvIMZOdsVhd=x*32$}9TttB2R)3$COo;omnW3~jPHfD#HTSge!Ag>{)w^9
zD7+UM$rj7q1GP00kX*!(zm35TBr@eS7$cpN+PlJ?vnH=CGkB%AHi#|PQq`p9+QR&&
zr`?4gwKW}GAWG*FW)P3wi9`G2q7c;2%8DH@AWyw@tk0a-hM)e2_9H3i|8La)8YoO+
z?urcg$4=^LU(3e9`QVJ6dZ~ex(t?RtemJBMzNqp~)X&`by{?i0dqY+)cU60DiE;)|
zE9dtx$B=baQj_I(JdnP|Sp$QM)YzhuXFsOUNynS~fB+?<N?x(~LJnXY_BaAFWTF#B
zvS&3n;~|;10_Q3Y0@$p%YTn8Sz?Y~Iej2w|?ucwZwkh1*CY{HN_(V$z^(_z6*};5z
zVQ8-yM7H^^?8H5jEBB}>hiuS@5hhIb#i!>gcf>^T$Ud<cIL$~@-oVJo&W~TjNC?rs
zgx1nj(ix%At@u#SnjUZda1vG?k;FcZW#xww5QSWYj1b9^Y>rCa<Jgx6ln@CIg=ZD{
z6}9{)F4pc8id{S*Aw_rQz8vYgBNK7|BwA}LoK|7!?1_<Im!6N3zFf7WQ8naJW9sAL
zHsK-TQ2VfSgC$<CV5}NZZraM(;X#7FdgkjF&iW5g0JUu_cSTLZ_7#`rzv<k>44Z5b
zuw7uU5R+RO_`*m7RXG{3wCkj=!YFOC*QXG%t}!QyO1YkKNca%VG9z|*otu~ET8lc&
z;AX?|dvYy3o=B6Cm*IJS%Ol!(%I5<)lUVqfjN-Rou-;6-dFckXQ`AMv*!Vloi*hf+
zv`g8K$R9O@2V}z$xGXGLSm!(KdJntI?Tw^>4(B#R8U-}uuBY)q!`-^SM)Bdl#0rs?
z7f9?}MdRz}bFksr&=#F6^(iQd_xt|n3ozK4Jj~Lg{E^ix#XHFhB5@z{B!69fmgdI_
zM)zmjzBEKI7F2^x+n6pJ6|Wiw?JYLwjrMy^_YR+r1LE5qNNq(%oc%)?z%@Y<B0#pW
zDebN}y@GkN&e@RnX2O6Yw;=Yr6|P`_NNz~XCvq;V9`@4MfVw*fG1SSog!~voudj*#
zKj0E=9tiUwpD`tYl0vf8q=MmA5(vTp!fn8FZsM%9Qb1&G6Q$javmhIGNeE%2Eh)Nv
zBvOG^4c~Pbk!3wFE@2|#MAl_12Wb2>>vJXL@m1*N7{76$&A&`Cl|D}%4)~VZ9RS=c
z&X#V67B3y8`c|LIy)aS7Y7ZllgqZ2+3Sn@}`+90t+BI(IiixRcUFwghNFIQhSo9y+
zfV6o2^pc@AO;-nmLz4&wu1iefeR<K4nH6s_^SHlcHkAAhLu)w03y9zwwZ?kqo-pmb
zMJC`0?gS?hI;+c}767Nz&KD2|g%gO#7L7E61-IM-iVnn%9Q8Fr(m47(l(u%zyi`s*
zO$?MceX3DSafw)p?xF9+)L^PPDbT107aOrnT>IF<eySosh#ziWK?i|sCfhC`!NS~)
zc&1^9pb2iX_m2j~c!t10iUc?38LF-RR+LDbAF1n)-75<=W>G$W$r&UaFwuYXwGoRM
zkt*797rRGgIw5bNz~9*6nU*f%DND^Ycpabe=F(-d6A;jocK(Ez=Gckk&AM(dRY&fj
zHML&z3GkmFY-;6VKK54aNmwBH<5WNXQmO7H;Oh|)0~<9&<R^NI)+oSB(F8(aLeR;`
z-(J5&dw_EfyMTa#68laN4=|Ar<-thFf)5n4x}rz?`<uH9$f#!hK_iPI(BT+haw{h`
z@rYoD4#b6lFk2a;sEu6H?uav_Lbe3;dD@r0l_A*GA}|yPVyLqQais^FYaM~4q$jaY
z#;JzvWfy(kV%noK^$>Cb&}a<jOF%CYX@_BF=LZpg@gEd(r=$te;dus{J(W%PLnRH%
zK>I5C<}YI@v7xkh?bd~suV5Q!dCvkMx#*)Su*No0BAzB<iWQ}wTimE+REtMX1-)>c
zGW1`Xhogj8A~U+qJpOM`8orLB9STm<7`dFb++C=*FR~+p1H})*ai^nDlXQJS(~&K1
ze-@vBnngW@>kv|1;L%98+jUGOA~D9|WcxQ}#+18A2mW!3tReTJMp(8FRH{?!X&E$$
zv24o~1|(tkhIv2n(Z|g&^Lz<Z&!6b`4*8ydkxAz%A#@;f)>mB7dWGBgVF}5g0EJA=
z6|$NsPiggY2Q+WPC#L2+{u=9$Mi`if=5esUzPHg=`uvY@ZewG$$t7&5nPzbBV1c8*
zxmXA?3-$nFx|EA0&lAf=+5xyj$B&FjnD#+85Q2u7Wiir^)hEltp}z8ZItm3-RaC&B
zCAmlXGQAJR@%LwRl`?sd5yvmgM-RP9z9T^51%@ZNn2CDG``-_zPJ-PpauZ`iwj9Hc
z%krz9P?d*t?mfp9L?T($mdRK;M@y_8YV+toXRV55)ZSI^VRT8Y-JQnMB0vhBVZOES
zQlAFw1f1}YfcpIITx~{n0Hr3$(EtLli{I#eA@9#kuh0+k<|F`1cP67_e~V+P1@%eJ
zv9=JDDM`h4Q&6n>81$qO0He9;!91&0KdbEZ43rnqJLK2h<P)}1!YR59j$dWM`tO+R
z$2_D9q7Q&hFBCV#bBC36F2wyykk9T>qHS&xQ*I(9)~AXnj6C9E_BB~peskLFW{m8H
z816V2(APg`XhD;3+k=1vNKm(9G%!bH7ivMq9@45Cy6L%bd7mPNvp`S*OlB)>qg72X
z4a8pGcob4ufwK#}*xknz<W!aN78Ri*KT+?{X&O6xOl|7S<mG7g;FEH%wt?h(LMp9D
z5usg-4=o+v!A%WbWaGvozz2;TXUq4V>&Z9<$ZE<EEsUN2woCZrZ{7xw9X0fi4s--J
zA^={|68=9bLlNW<jghRNQoy2+tI|D>XhIxx0HUoWQoO0`d7;B%w6gB+ySt`n4K>Th
z2r2&z^)SNDt!qiRiV&}rxGhzQvUNx;H~@p((m$(rWt;uYJ9Z-2&9M`l+EA5~tZ!<q
zZdUxb*x=1pSX5Gou~{`bixHBu=?(pD$&h0cqZXZya+(LE!cR?%R|7BwxmQ!P@-<bB
z9@-{=YX%W;gqC>DIZcs1e4HwQSMQ9PuV{zbo3|CvARZE^-gpeA<?qU}m%cOwszXIH
z0#U?>B@$AoYS{?YKOjRC^G%-Qm)gfCJKQhg3IEBQQXmxuHo~)YE5#N6$0KcdrN9Cx
zCi{!FeJQA99-w!U(E%mgS0fXO35RfqNtL@ri=~MHNaGT>)L1uB{j%}-sHm>O0SsZl
zy=TdYm8@+{1oBuzUSn!(18t}1)9RzT5rbh&p^1vgZ<5IiPTTl&lq>ieNJN6z^%?@<
zsABxbuWYhD(B#V@3C@e!n^LzHSK*V1iD!pE)kw9LPQh=(G_zOB5asC>9NQ`p_hpVZ
zOo|#=%~t-0`+kML_wr)k#?i8t_)uyEM)rVWDkEbFWaWC5__ohHaYcmc(bc!EbUhe7
zkR_GB%u#>X1(7!-C=7GtoVN-K33Y*EA>EppB%*xacWFyOQ9W^qPw_MyhzUg6!Y3b-
zk)U?75APNWT#<5dj0FwgBvUP%)Pb9S1>Nwd!_#vk9sJl_3Ju|B@trsN@FJeLFEf~5
zl~5iVC(-rKeX*Pte(I2~zR}j_awm(pnga-Dc*5ogMRNzuIaq_ffpvvo<Y)cMyfg}|
z#+a4t%od<{#FtLOdC_AujP6cylzJNZ%TECTb^y2ng>6g|d=%k>H30AEdVvc&h&h1X
zI+U|~J&Zv16k)88N4NJM=LH{cOpt(ZLufD6^@1b{GPQzOAa?}rt>v@vj1te-+1jY+
zYtmVqvDNz(F0YOL%$0VM20F3Yz~(kp=pe-v@BTHOu@bWl15}>rH>_yPO#;_~Lvl`^
zV*b1L>3SEoI&1K{5%yDU$cp2QAh<>I*&0jZ{4y|Us69j|s$D~&MB*E%l&``sr>*qz
z)_+E1EZ3(NkWH3(N}cG2z<&m`1RXxS43t9lO9N7;{2Ww!o_eY==2efUAFuT7tW6ds
zQ3w@tH39<Z0hWv0u+k~W*&^o;{`N&~b*zuVpJoMU8H9KQ<?eXD8x##w?{NfVnS>c*
z2<rM<>ZGLPZYFB;9*AD1RB+3{G%BehqtTtlmK6S?3{e(jMRjqFXc%C*J^ku}v%;`I
z#6ZDxQcQk9Bw~!=M$TgQ7LOGiz+YH;Fasp$&@+>D&&R4Om5b|)+XDynPIoS*m1?&q
zl{W1prAIUf&~Sh4owzHptv=J7qrZDj@dz{N=BH2CpvNO&Ma`#>0rfH`+?_=>yew|K
zv4R_Cz1P?AO3WEC)ANF}2|$Pp#zc^&08h!`2f6@)?zpCS$Fo^P144}LytN7SNL(V9
z6cZ01fZ72-rG8?>3TaZmOSj;BFbChnCuH06!%8?sBoT^HGg8IU%?*G*33vjtG6Sk-
zW6n;G2omyQ%*up391E2gBVmP5Y|COjd6*|?BYHsBjC%Cg&E<hZg&GxWP7+}Ug2B)z
z7+)`7y4}Htmg@9NVMK?cC)O=17O?hWp&{#W5XQe3Vs&CC0gF|!&|4WVU(Vr0%+(Ri
z<$Ej`WHN_sBJ{sVupHmyP(dbQhW=924@Z=oLg9nn5Dc^9N5cfm<b`>5onXuMTVDaN
zu!anb7b>#g<+q>?LrQ^wvF?0Z_V)3M_Tk5UqH;rUXRHd)+pHEoPQTV3PO#a4VYg`U
z-MRT^6<axJeatMr@9h`>!+X?V%2>is42a>T;SNOq@;-I}ohZqp0LFC)IUul`fQEx7
zo=i(N04kLmq#8+t!SBbRN8o0d<s!SesKy!uMItHTunqnUdITvO&_O6G;XQQ0B&be(
zl?-?;Wa|IBnMJq#tdP&+=<~dcIi>eEHG?KA?JVNkmv&i(yACQv1Vp5a@AaC)n(MEd
zDSdR@QWY^esQ&>_5=%z#)!iD&pw}E>$sw5`=`)5^uTVR-<z|QgN{HcpK?75U&J-K#
zyt>aCe-Y$71n9$tIAC(mOa{2%G=Z$<f)h6VS?8*R^R7YC<9s=Rwe(3$@i99Zk*-_B
zz&EXicyViYBOBtKw@XTOXh>EZ1S$vXeZ1}~fMDeI{5f8Pn`u-JpBi(g%m5doG%$pf
zVw_{)w=7pq0bJ8clO74$*|c>#l&k`qbAQtoZS-H=q><v-J#j+ZNoJ>vL&r3ps&Ys)
zGU3kmj>2A<3tc06+KX+oYS(n`uc+y3i358P9~~daNsr_5JPJLniB}j!fhE)H+nGpr
z5>ZXy?PNh@n{nYfL(MV}t!Xa)8Q6a?B+++#Y<Gi^(L%wMVa0$v1_;V39HOwK-Lda>
z6)-(e0Y?_mq~C!s)s#EQaPyYo2CbPX+5~fhq*O<FtAMgIeKV{S(@Dr@u)LS1CjkE8
z1gdTE_s?;NohB(q4rFSAPtkh^=+o0Hbx9=9bwcWN(cWl-h!uRpIWKrqaj0s|OJSg@
z6;fT83KL0TwP7^q5zVRroMjx~;l<tz26~n(ZQ=>ocFe<0)@{4dI8SYX>j3>l*5{_B
z5m8o${>z~lMS+)q8`Gnzdj{uJ(rAG93Q-;+Z%RAFXedW%QJNXP$;d3zHqfZw>3zjU
zP?an*P)g$2Gd|@p>mjkS$mDiq(3Al*?c03AeC4e)urTg{eREoD^NgH#!TSI#&xDDo
zd7qD#cu)XIn%`RGTZB@gna8Q`#U-%)8O7ILvc&SN*&Hd?rF|Tg&Jvf;<2s#NCktv4
z<U7V>!_a@6UFV8Z%<n0DXDER%oBGmt0WP}3C37H<yu2#ta6cb}kl+k<$;!dNSRldH
zp3mHkJGNJqTo-Eke>#AjImH?)G8W}A-CJkWv4fw1=EQ`a*n{`I;wH+?Xtuj|dN5Gu
zWfyO;U*x;dnO2ZPcxD<#=OlNmQ#8|lR;`PQ<}^`nwJ|O4cBmRteI6RI<Upi2G8Ovf
ztzUF_;9pY6=pD}ijOBdQW(IpR&7)@jIjlje0$N|gq4{LtD739yunbU@LGW=U8O(Ah
zawZqugdc>A(gvfqPK@#>hPdj4-$C77xEF|1@iW0JHx^G^>;|*E5uiYdi&IQ?XkWF(
zvV8-A-3C8c_t+O;fFb@^I8L2vaw4<dho>#~Xn3btr14+IuB^t@@i_iE*F_J$z&p76
zsQZh0fEg|zu~*p;5XkO%;Nc=FDup;Zz$r-BCE1jqW@lL{bp5)Pr`&qC{@Ikc2J2Oo
zmg5<gP*d`1X9RVSxvUcdRT_e$xi%V?Ak6AO1N08ueE*Yt=6wZVHTlEE0U{tbt=aMN
z8uS*zO#jw%+KbUDga+cX;`Q9dSv-~)F$BMU$SOD3bn>#1*+2Z$ZU@AMx=#Z4Mk6lo
zG8jeISYxR3OH%_u@Q;P?CqJL_d!mMu?GZa_rZb2E<vPq~WpsAHcJ_T$+EZqO`$)vM
z6<xb_M{g}e>w$29a!%Hp+kk+M^AoQ+@m+QExqyn;X~H$of*rdd5QU!3<$wp*W>diS
zJCeQeU<b@`6e+$%Nf{FNXCi{SOKu0Ob2(L!#$1Kq)=ulhy5WgnWR%R?AOf7|a9+5^
zI^^r8>1ce&z;*2^YR>9nC2==Kwnie3RESx3w1HF!ssVvqq$a|9+iit1^WG8$%9i1Y
zXQ+dd%OKrE!xr;>7NCF-JD_@KZX|Ae;3d}9B%~GQsN+>48tzB-oc&MS*n+mt-Xhar
zz)=1jAPb%CEU*fqE*j|!(f}P$xO)%|e`*w>NkBpn2AMCy1pFTKbW-ITxi^I0Z#Dfb
zWhh*<CUi7tFM5YIS~0JDMu4koKLqBd*EEgOe#`2o?mp6P(Kxp>pI0&-I*#Dq7?~Hi
z`89sbxY>m?z+&T+v~HESR7RW_<pIHriJ&WcAI6dN`~izOAgh}?>%2Z-C)ethHwH^2
z2+=L@I<}4`!OKAnjZeUl@fa*GlmcNVko29~lLUsAeDLeup!v~Dy3}SHJW#jHT(und
z-q<RfLeojqK$?v+wmqa``#M$FgN87Y1j~Yb1jqmY06_>XLgi`}h58^m)q?=3{=;Be
z**#xio_zW&uXnd*m8yF*kkAkH^W;z15gzv#C(lzrjN?0-v@3LZ$O!M5j>`x9n{NoY
zt5*4U`88i9DmFL;rUb~F#WJ?*mWb$>WG+HgTLW0ipo9Wq1C7Y!jF3ox-BTqPJO58G
z*odY2`nNggE!NAK1LB0tLLx0+{nfTC8+`>DUMs%aBaqX!Gr~!l`|Yxrm1<$Y3ukZ*
z7?fz%?3xwb3BIC!4hNGAvuhq`6`f@uv^b0d=({W&5*~l*)zR#QFKZA(sU&%M{-vBc
zoQ<GH*&Zh+Xd+LykOaa8wXxaOdkj=gKg&LFLzig<QdR>aLVI%nm*maX;UAWut=P~-
z_lJbaJ7g}G#-Iq(5Gl<i-$KYSNF2~dr~%ZIfnewW00#*OQ6j-6PBXav`GoOgNfZeP
z1}}y};tyE;*$AEGQaHs0l+0{E051k*XY4@J!EA<dKs-La41Ye6W>OD$>Y4xpKnT0J
zs_ey~G|&n`$R;5^lMg`<cw$Q^M1%R%icPvzIAsf;3))9w1%r%&UzrYm{?y<GR`GAK
zq)6ZefqwgRHN3+!j<9kSEqJJ-3-!%Dz*UHd<czswJP19xc*%W8&W4i6bwl<A_s2GO
zZ@=YJ!mUWIe*Ouz?lC>luF*~6m4%>n>VygBUG|+Be^@WfMapZ^-q=Wg0llY7l0-?G
zSaf2##?BD>vmW{=F)q|%si``%g}z;Z&=*Lv=S47~CO<5-#%)jm@2)W(HQRVtaUF6*
z;3U}$QLswtxT_;J2A&4;HeJVh53l>iTWOa;TuFy-C}Pgv;1H~^1VvP9fkNf>(#9b^
z4B{A4gXhnkzyTu3H(zZKrBSPJi%wVo!Bt5M2wy<}0#>|TbzbQ7J5oQ;H9|l$EE~L!
zHAw+$&3{Y)rCoi~NKMBmJH?U(u&b3M;6XN9vtn2JL$UTw2fXdBTA%=B`-|cHBRuAM
z4zkpoAYp)^)dU&OW>2pe%SZFNmE}$&_an*+Fy_+c%OVTh@9*Q(wADI&67XusEmIO#
zB_gs1zaxQhP=TbyJ}SAYU>p^kK=jBIe#Z-pYa!Lc_4p2p9+XpQN0Z;ZQ?FK50|R<3
z1Z<|f6#Hzp)MZ{)BM_40({0>kCd#n4L9s@c&s%h_vQD>Rck^U(JU$SJb@rCewN5#i
zu4A0)N;;R?ssI6gp4U&JC$+9dOcb2qU@vOwlJqlfpZd`aH<(EYXF+T#b9pF-^`_3u
z&o}@B^6z3m=OiYr`u;ymrZmh&i<0HiQU+LmO&EA!13*wqY~?TW@G}C_j-pe-#K%PG
zr{^<hjt~E#Gy*0eB`LP_)qTt9hI&elV3Tw;&sg}r(?oXc2B+l%fUELE#`HJ*TX$h?
zF8pV(o^TOwEW?F&Goffvwv-8d8*YGu#Y6zch-$vqB3-Guwrr)zB#XP7lOb8B#~-ZM
zkcr$tq2)Ykek4N5bl%kGd~e;ry~EiZb!o?$A%)_Ic&`pJn`68djj8a1pAU!O!z6x;
z{=MAcBZ4R7_BxZz+D<|@BG|0(g5{F1S5tYSSW+hng)J9;75!iTcM%S_#_z9#LWR!4
z^jz=<A~F=9C<!Df=!6V~6i{!JAw903n0_SFt~*U?8`k~m*+k;}6W^llB13llo0j1)
zfuRZj<ZGfjRscF5t(L+4-c?N7>9`1)t_dmmjCVm&w<n)liC@Q#Ut$&Aa0K2uWXY-H
zp}ZH<`kmf<pcOtjQkWbk8gbuzQv%(Z;LmvJPM{31lRkuLVL&&ou7E)bnSPUX`!Wvz
zHUCjaWJ)MLgY<YUS|vYo2Y{NU=YIZ88^!DtHPrHgd{mp@-O&-AqFIh(ej+A4c1U46
z@{O@$Ify*twD}akvo?(ri{$n`+ml$q>BuJTjVIA^Q!rEV*S_kzErL5|$}VlDubjO^
z#eMt;sYUBdx(Lrq_L62f!1X(BX7^!lHQWaaM~9>p&=v>xA_GhKi0jImbByt1$5V|`
zi8CI1S~~IykXk$c)eP1^1J7wnC@+S>a?Zv)jj#gzxSl5ML2IitT`32k<gXDx%5R9}
z54r&APr0y=s6-OT2Kgrk;fbmSbJ;(wh=2q}KuN$g(Uv2xu4xY>)iceSV-@SMe9gX%
zJgJTOp5|q9Cuz>2+vXULU!LTqg->?r-O6TOyDQ8S?V>yq1G7UA>p7BxVXXI6?`b7*
zBYHGOU^4?!`Lz&8@5=l3p=FV082=-RW>yYI*C#<<I}*@tYNTi;1;180{e*wgyDLF$
zp&odJJQxoLT{qucPTV8etl2kAA}m&$1I+t;cT^~m9uhR8wHO1|g&fjty~=45el!Bh
zB}+ig`8-d9fLW97P;H;cN?Z0v_v((qh!S?)>Cj*iJ5|tY&cRpssL(!?E1NHo3qr#b
aU>wc464E2Azrp~~5~Kc_6azQt0000Q;}$6Z

literal 0
HcmV?d00001

diff --git a/php/public/img/logo-blue.svg b/php/public/img/logo-blue.svg
deleted file mode 100644
index cc0cdb65..00000000
--- a/php/public/img/logo-blue.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 132.6422 93.377481" enable-background="new 0 0 196.6 72" xml:space="preserve" inkscape:version="0.92.3 (2405546, 2018-03-11)" sodipodi:docname="nextcloud-logo-inverted.svg" width="141.485" height="99.602654" inkscape:export-filename="nextcloud-logo-inverted.png" inkscape:export-xdpi="299.75104" inkscape:export-ydpi="299.75104"><metadata id="metadata20"><rdf:RDF><cc:Work rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/><dc:title/></cc:Work></rdf:RDF></metadata><defs id="defs18"><clipPath clipPathUnits="userSpaceOnUse" id="clipPath8812"><circle id="circle8814" cx="95.669289" cy="95.669296" r="79.724197" style="fill:#00080d;fill-opacity:1;stroke-width:1"/></clipPath></defs><sodipodi:namedview pagecolor="#ffffff" bordercolor="#666666" borderopacity="1" objecttolerance="10" gridtolerance="10" guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" inkscape:window-width="1920" inkscape:window-height="1046" id="namedview16" showgrid="false" inkscape:zoom="2.8284271" inkscape:cx="41.308994" inkscape:cy="33.920203" inkscape:current-layer="Layer_1" fit-margin-top="10" fit-margin-left="10" fit-margin-right="10" fit-margin-bottom="10" inkscape:window-x="0" inkscape:window-y="34" inkscape:window-maximized="1" units="px" inkscape:snap-bbox="true" inkscape:bbox-paths="true" inkscape:bbox-nodes="true" inkscape:snap-bbox-edge-midpoints="true" inkscape:snap-bbox-midpoints="true" inkscape:snap-page="true"/><path inkscape:connector-curvature="0" id="path1052" d="m 66.407896,9.375 c -11.805271,0 -21.811217,8.003196 -24.912392,18.846621 -2.695245,-5.751517 -8.535934,-9.780938 -15.263394,-9.780938 -9.25185,0 -16.85711,7.605263 -16.85711,16.857108 0,9.251833 7.60526,16.860567 16.85711,16.860567 6.72746,0 12.568149,-4.031885 15.263395,-9.784412 3.101175,10.84425 13.10712,18.850106 24.912391,18.850106 11.717964,0 21.67289,-7.885111 24.853382,-18.607048 2.745036,5.621934 8.513436,9.541354 15.145342,9.541354 9.25185,0 16.86057,-7.608734 16.86057,-16.860567 0,-9.251845 -7.60872,-16.857108 -16.86057,-16.857108 -6.631906,0 -12.400306,3.916965 -15.145342,9.537891 C 88.080786,17.257475 78.12586,9.375 66.407896,9.375 Z m 0,9.895518 c 8.911648,0 16.030748,7.115653 16.030748,16.027273 0,8.911605 -7.1191,16.030737 -16.030748,16.030737 -8.911593,0 -16.027247,-7.119132 -16.027247,-16.030737 0,-8.91162 7.115653,-16.027271 16.027247,-16.027273 z M 26.23211,28.336202 c 3.90438,0 6.96505,3.057188 6.96505,6.961589 0,3.904386 -3.06067,6.965049 -6.96505,6.965049 -3.90439,0 -6.96161,-3.060663 -6.96161,-6.965049 0,-3.904401 3.05722,-6.961589 6.96161,-6.961589 z m 80.17451,0 c 3.90442,0 6.96506,3.057188 6.96506,6.961589 0,3.904386 -3.06066,6.965049 -6.96506,6.965049 -3.90436,0 -6.961576,-3.060663 -6.961576,-6.965049 0,-3.904401 3.057226,-6.961589 6.961576,-6.961589 z" style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#0082c9;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:5.56590033;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" inkscape:export-filename="Nextcloud Hub logo variants.png" inkscape:export-xdpi="300" inkscape:export-ydpi="300"/><path style="fill:#0082c9;fill-opacity:1;stroke-width:0.47038522" d="m 21.235693,69.043756 c -0.32926,0 -0.47147,0.187936 -0.47147,0.517242 V 83.20368 c 0,0.32927 0.14221,0.51495 0.47147,0.51495 h 0.37763 c 0.32927,0 0.51494,-0.18568 0.51494,-0.51495 V 71.874833 l 7.4473,11.557727 c 0.0324,0.0505 0.0677,0.0842 0.10299,0.12123 0.0106,0.0125 0.0179,0.0256 0.0298,0.0366 0.0317,0.0289 0.0665,0.044 0.10065,0.0618 0.019,0.01 0.0338,0.0247 0.055,0.032 0.0148,0.005 0.0304,0.002 0.0458,0.006 0.0525,0.0135 0.10618,0.0275 0.16936,0.0275 h 0.37534 c 0.32926,0 0.47146,-0.18567 0.47146,-0.51495 V 69.560768 c 0,-0.329305 -0.1422,-0.517241 -0.47146,-0.517241 h -0.37534 c -0.32929,0 -0.51724,0.187936 -0.51724,0.517241 V 80.89011 l -7.4473,-11.557716 c -0.0254,-0.03939 -0.0561,-0.06339 -0.0847,-0.0939 -0.086,-0.121611 -0.2222,-0.194545 -0.41654,-0.194545 z m 89.420157,0.187676 c -0.32926,0 -0.18767,0.187956 -0.18767,0.517241 v 4.657417 c 0,0.47037 0.0456,0.79872 0.0456,0.79872 h -0.0456 c 0,0 -0.89419,-2.06893 -3.38722,-2.06893 -2.72821,0 -4.65771,2.16372 -4.56357,5.36231 0,3.19862 1.74024,5.41041 4.51551,5.41041 2.68118,0 3.5749,-2.16508 3.5749,-2.16508 h 0.048 c 0,0 -0.0939,0.28283 -0.0939,0.65913 v 0.79874 c 0,0.32926 0.18796,0.47148 0.51726,0.47148 h 0.32955 c 0.32927,0 0.46917,-0.18798 0.46917,-0.51724 V 69.748673 c 0,-0.329285 -0.51754,-0.517241 -0.84681,-0.517241 z m -36.549859,0.0481 c -0.329276,0 -0.13961,0.187976 -0.13961,0.517241 V 81.32017 c 0,2.25783 1.503766,2.54039 2.350463,2.54039 0.376301,0 0.517217,-0.18796 0.517217,-0.51721 v -0.32958 c 0,-0.32926 -0.188212,-0.46918 -0.423394,-0.46918 -0.470405,-0.047 -1.080249,-0.18887 -1.080249,-1.50594 V 69.79677 c 0,-0.329266 -0.517531,-0.517241 -0.846807,-0.517241 z M 57.220266,70.50169 c -0.32927,0 -0.517238,0.187975 -0.517238,0.51724 v 2.44659 1.17638 5.31423 c 0,2.44599 1.365105,3.81064 3.622946,3.81064 0.42334,0 0.563011,-0.13993 0.563011,-0.46918 v -0.2838 c 0,-0.37629 -0.139671,-0.47024 -0.563011,-0.51724 -0.799652,-0.047 -2.258905,-0.32912 -2.258905,-2.72809 v -5.17464 h 2.117009 c 0.329268,0 0.517238,-0.1399 0.517238,-0.46918 v -0.1419 c 0,-0.32926 -0.18797,-0.51722 -0.517238,-0.51722 h -2.117009 v -2.44659 c 0,-0.329265 -0.139909,-0.51724 -0.469177,-0.51724 z m -18.734963,2.63427 c -2.82229,0 -5.08192,2.02359 -5.12888,5.41037 0,3.19859 2.35289,5.40809 5.41039,5.40809 1.646328,0 2.86852,-0.70495 3.432986,-1.12831 0.23526,-0.18814 0.283014,-0.42392 0.141896,-0.65912 l -0.141896,-0.23346 c -0.141115,-0.28223 -0.374612,-0.33005 -0.656846,-0.14188 -0.470383,0.37629 -1.413295,0.94064 -2.730371,0.94064 -2.116709,0 -3.951319,-1.50604 -3.998279,-4.14019 h 7.479331 c 0.282247,0 0.517238,-0.23501 0.517238,-0.51725 0,-2.9634 -1.550291,-4.93889 -4.325569,-4.93889 z m 29.223883,0 c -3.057482,0 -5.409203,2.25755 -5.456161,5.45614 0,3.1986 2.352896,5.41039 5.410387,5.41039 1.881541,0 3.151307,-0.89493 3.668718,-1.31828 0.235262,-0.2352 0.280729,-0.42265 0.139619,-0.7049 L 71.33213,81.79165 c -0.188136,-0.28225 -0.376902,-0.33005 -0.659131,-0.14191 -0.470383,0.42334 -1.457552,1.08255 -2.915751,1.08255 -2.257826,0 -4.046348,-1.69419 -4.046348,-4.14019 0,-2.49302 1.788522,-4.18596 4.046348,-4.18596 1.223008,0 2.115816,0.61137 2.58618,0.94065 0.282241,0.18807 0.516748,0.18838 0.704913,-0.0938 l 0.1419,-0.23572 c 0.235271,-0.28224 0.187125,-0.51677 -0.0481,-0.7049 -0.517422,-0.42337 -1.645515,-1.17638 -3.432986,-1.17638 z m 15.899301,0 c -3.010451,0 -5.456156,2.30482 -5.456156,5.36231 0,3.10451 2.445705,5.45615 5.456156,5.45615 3.010478,0 5.456168,-2.35164 5.456168,-5.45615 0,-3.05749 -2.44569,-5.36231 -5.456168,-5.36231 z m -30.429991,0.15793 c -0.11518,0.0184 -0.226037,0.0959 -0.331857,0.22197 l -1.904164,2.26805 -1.423546,1.69818 -2.158205,-2.57015 -1.169505,-1.39608 c -0.105876,-0.12611 -0.225795,-0.19525 -0.350163,-0.20597 -0.124354,-0.01 -0.253796,0.0361 -0.379919,0.14189 l -0.288371,0.24258 c -0.252223,0.21167 -0.23901,0.44583 -0.02745,0.69807 l 1.904166,2.26803 1.579172,1.88357 -2.311543,2.75326 c -0.0024,0.002 -0.0035,0.005 -0.0046,0.006 l -1.167215,1.38923 c -0.211653,0.25223 -0.188132,0.51842 0.06408,0.73009 l 0.288368,0.2403 c 0.252239,0.21164 0.481813,0.15841 0.693465,-0.0939 l 1.901876,-2.26806 1.425834,-1.69818 2.158204,2.57244 c 10e-4,0.002 0.0035,0.004 0.0046,0.005 l 1.164928,1.3915 c 0.211652,0.25223 0.477834,0.27337 0.730081,0.0617 l 0.288371,-0.2403 c 0.252237,-0.21165 0.239134,-0.44581 0.02746,-0.69805 l -1.904161,-2.27034 -1.579177,-1.88129 2.311546,-2.75554 c 0.0024,-0.002 0.0035,-0.004 0.0046,-0.006 l 1.167214,-1.38921 c 0.211651,-0.25224 0.188132,-0.51844 -0.06408,-0.73009 l -0.288371,-0.2403 c -0.126112,-0.10587 -0.246408,-0.14655 -0.361607,-0.12815 z m 38.662308,0.0779 c -0.32928,0 -0.47148,0.18796 -0.47148,0.51723 v 6.06722 c 0,2.6812 1.9757,3.99829 4.42169,3.99829 2.446,0 4.421696,-1.31709 4.421696,-3.99829 v -6.06723 c 0.047,-0.32926 -0.13991,-0.51723 -0.469176,-0.51723 h -0.37763 c -0.32927,0 -0.51724,0.18797 -0.51724,0.51723 v 5.69189 c 0,1.59931 -1.035,3.05766 -3.05765,3.05766 -1.9756,0 -3.05763,-1.45835 -3.05763,-3.05766 v -5.69189 c 0,-0.32926 -0.18797,-0.51723 -0.51726,-0.51723 z m -53.403561,0.94063 c 1.505226,0 2.82161,1.08155 2.915753,3.24531 h -6.490633 c 0.32927,-2.11674 1.83447,-3.24531 3.57488,-3.24531 z m 45.171244,0.0939 c 2.210809,0 3.998303,1.74023 3.998303,4.09214 0,2.44598 -1.787494,4.23401 -3.998303,4.23401 -2.210781,0 -3.999385,-1.83505 -4.046332,-4.23401 0,-2.30488 1.835551,-4.09214 4.046332,-4.09214 z m 23.566303,0 c 2.21082,0 3.29339,2.02346 3.29339,4.1402 0,2.9634 -1.60102,4.18595 -3.34144,4.18595 -1.92856,0 -3.24413,-1.6459 -3.29108,-4.18595 0,-2.63415 1.50465,-4.1402 3.33913,-4.1402 z" id="path1174" inkscape:connector-curvature="0"/></svg>
\ No newline at end of file
diff --git a/php/public/img/logo.svg b/php/public/img/logo.svg
deleted file mode 100644
index 0b2aef61..00000000
--- a/php/public/img/logo.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg width="256" height="128" version="1.1" viewBox="0 0 256 128" xmlns="http://www.w3.org/2000/svg"><g fill="none" stroke-width="22"><circle cx="40" cy="64" r="26" stroke="#ffffff" fill="none"/><circle cx="216" cy="64" r="26" stroke="#ffffff" fill="none"/><circle cx="128" cy="64" r="46" stroke="#ffffff" fill="none"/></g></svg>
diff --git a/php/public/img/nextcloud-logo.svg b/php/public/img/nextcloud-logo.svg
new file mode 100644
index 00000000..94b07449
--- /dev/null
+++ b/php/public/img/nextcloud-logo.svg
@@ -0,0 +1,4 @@
+<svg id="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
+  <g id="logo" stroke="currentColor" fill="none" stroke-width="11" transform="scale(1.109)"><circle cx="20" cy="32" r="13"/><circle cx="64" cy="32" r="23"/><circle cx="108" cy="32" r="13"/></g>
+  <g id="Nextcloud" fill="currentColor" transform="translate(-3.4, -3.4) scale(1.17)"><path d="M15.4,67.4c-0.4,0-0.5,0.2-0.5,0.6v14.6c0,0.4,0.2,0.5,0.5,0.5h0.4c0.4,0,0.5-0.2,0.5-0.5V70.4   l7.9,12.3c0,0.1,0.1,0.1,0.1,0.1c0,0,0,0,0,0c0,0,0.1,0,0.1,0.1c0,0,0,0,0.1,0c0,0,0,0,0,0c0.1,0,0.1,0,0.2,0h0.4   c0.4,0,0.5-0.2,0.5-0.5V68c0-0.4-0.2-0.6-0.5-0.6h-0.4c-0.4,0-0.6,0.2-0.6,0.6v12.1l-7.9-12.3c0,0-0.1-0.1-0.1-0.1   c-0.1-0.1-0.2-0.2-0.4-0.2L15.4,67.4z M110.8,67.6c-0.4,0-0.2,0.2-0.2,0.6v5c0,0.5,0,0.9,0,0.9h0c0,0-1-2.2-3.6-2.2   c-2.9,0-5,2.3-4.9,5.7c0,3.4,1.9,5.8,4.8,5.8c2.9,0,3.8-2.3,3.8-2.3h0.1c0,0-0.1,0.3-0.1,0.7v0.9c0,0.4,0.2,0.5,0.6,0.5h0.4   c0.4,0,0.5-0.2,0.5-0.6V68.2c0-0.4-0.6-0.6-0.9-0.6H110.8z M71.8,67.7c-0.4,0-0.1,0.2-0.1,0.6v12.3c0,2.4,1.6,2.7,2.5,2.7   c0.4,0,0.6-0.2,0.6-0.6v-0.4c0-0.4-0.2-0.5-0.5-0.5c-0.5-0.1-1.2-0.2-1.2-1.6v-12c0-0.4-0.6-0.6-0.9-0.6L71.8,67.7z M53.8,69   c-0.4,0-0.6,0.2-0.6,0.6v2.6v1.3v5.7c0,2.6,1.5,4.1,3.9,4.1c0.5,0,0.6-0.1,0.6-0.5v-0.3c0-0.4-0.1-0.5-0.6-0.6   c-0.9-0.1-2.4-0.4-2.4-2.9v-5.5h2.3c0.4,0,0.6-0.1,0.6-0.5v-0.2c0-0.4-0.2-0.6-0.6-0.6h-2.3v-2.6c0-0.4-0.1-0.6-0.5-0.6L53.8,69z    M33.8,71.8c-3,0-5.4,2.2-5.5,5.8c0,3.4,2.5,5.8,5.8,5.8c1.8,0,3.1-0.8,3.7-1.2c0.3-0.2,0.3-0.5,0.2-0.7l-0.2-0.2   c-0.2-0.3-0.4-0.4-0.7-0.2c-0.5,0.4-1.5,1-2.9,1c-2.3,0-4.2-1.6-4.3-4.4h8c0.3,0,0.6-0.3,0.6-0.6C38.4,73.9,36.8,71.8,33.8,71.8z    M65,71.8c-3.3,0-5.8,2.4-5.8,5.8c0,3.4,2.5,5.8,5.8,5.8c2,0,3.4-1,3.9-1.4c0.3-0.3,0.3-0.5,0.1-0.8L68.8,81   c-0.2-0.3-0.4-0.4-0.7-0.2C67.6,81.3,66.6,82,65,82c-2.4,0-4.3-1.8-4.3-4.4c0-2.7,1.9-4.5,4.3-4.5c1.3,0,2.3,0.7,2.8,1   c0.3,0.2,0.6,0.2,0.8-0.1l0.2-0.3c0.3-0.3,0.2-0.6-0.1-0.8C68.1,72.6,66.9,71.8,65,71.8L65,71.8z M81.9,71.8   c-3.2,0-5.8,2.5-5.8,5.7c0,3.3,2.6,5.8,5.8,5.8c3.2,0,5.8-2.5,5.8-5.8C87.8,74.3,85.1,71.8,81.9,71.8z M49.5,72   c-0.1,0-0.2,0.1-0.4,0.2l-2,2.4l-1.5,1.8l-2.3-2.7L42,72.2c-0.1-0.1-0.2-0.2-0.4-0.2c-0.1,0-0.3,0-0.4,0.2l-0.3,0.3   c-0.3,0.2-0.3,0.5,0,0.7l2,2.4l1.7,2l-2.5,2.9c0,0,0,0,0,0L40.9,82c-0.2,0.3-0.2,0.6,0.1,0.8l0.3,0.3c0.3,0.2,0.5,0.2,0.7-0.1   l2-2.4l1.5-1.8l2.3,2.7c0,0,0,0,0,0l1.2,1.5c0.2,0.3,0.5,0.3,0.8,0.1l0.3-0.3c0.3-0.2,0.3-0.5,0-0.7l-2-2.4l-1.7-2l2.5-2.9   c0,0,0,0,0,0l1.2-1.5c0.2-0.3,0.2-0.6-0.1-0.8l-0.3-0.3C49.7,72,49.6,71.9,49.5,72L49.5,72z M90.7,72c-0.4,0-0.5,0.2-0.5,0.6v6.5   c0,2.9,2.1,4.3,4.7,4.3c2.6,0,4.7-1.4,4.7-4.3v-6.5c0.1-0.4-0.1-0.6-0.5-0.6h-0.4c-0.4,0-0.6,0.2-0.6,0.6v6.1   c0,1.7-1.1,3.3-3.3,3.3c-2.1,0-3.3-1.6-3.3-3.3v-6.1c0-0.4-0.2-0.6-0.6-0.6L90.7,72z M33.8,73c1.6,0,3,1.2,3.1,3.5h-6.9   C30.3,74.3,31.9,73,33.8,73z M81.9,73.1c2.4,0,4.3,1.9,4.3,4.4c0,2.6-1.9,4.5-4.3,4.5c-2.4,0-4.3-2-4.3-4.5   C77.6,75.1,79.6,73.1,81.9,73.1z M107.1,73.1c2.4,0,3.5,2.2,3.5,4.4c0,3.2-1.7,4.5-3.6,4.5c-2.1,0-3.5-1.8-3.5-4.5   C103.5,74.8,105.1,73.1,107.1,73.1z"/></g>
+</svg>
\ No newline at end of file
diff --git a/php/public/style.css b/php/public/style.css
index 9af75a0e..9a1e578f 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -1,12 +1,58 @@
+:root {
+    --color-nextcloud-blue: #0082c9;
+    --color-nextcloud-logo: var(--color-nextcloud-blue);
+    --color-main-background: white;
+    --color-input-background: white;
+    --color-main-text: black;
+    --color-main-border: black;
+    --color-main-border-hover: var(--color-main-border);
+    --color-error: #db0606;
+    --color-error-hover: #df2525;
+    --color-error-text: #c20505;
+    --color-success: #46ba61;
+    --color-running: #ffd000;
+    --color-info: #0071ad;
+    --color-info-hover: #00aaef;
+    --color-border-maxcontrast: #7d7d7d;
+    --border: .5px;
+    --border-hover: 2px;
+    --border-radius: 7px;
+    --border-radius-large: 12px;
+    --default-font-size: 13px;
+    --checkbox-size: 16px;
+    --max-width: 500px;
+}
+
+[data-theme="dark"] {
+    --color-main-background: #171717;
+    --color-input-background: #ebebeb;
+    --color-main-text: #ebebeb;
+    --color-nextcloud-logo: var(--color-main-text);
+    --color-main-border: var(--color-border-maxcontrast);
+    --color-main-border-hover: var(--color-main-text);
+    --color-error: #ff3333;
+    --color-error-hover: #ff6666;
+    --color-error-text: #ff8080;
+    --color-info: #00aeff;
+    --color-info-hover: #33beff;
+    --border-hover: var(--border);
+}
+
 html, body {
     padding: 0;
     margin: 0;
-    font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen-Sans, Cantarell, Ubuntu, Helvetica Neue, Arial, Noto Color Emoji, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol;;
+    font-family: system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
+    background-color: var(--color-main-background);
+    color: var(--color-main-text);
 }
 
 a {
     text-decoration: none;
-    color: #0082c9;
+    color: var(--color-info);
+}
+
+a:hover {
+    color: var(--color-info-hover);
 }
 
 a.button,
@@ -15,19 +61,24 @@ input[type="submit"] {
     width: auto;
     height: 34px;
     cursor: pointer;
-    background-color: #0082c9;
+    background-color: var(--color-nextcloud-blue);
     font-weight: bold;
-    border-radius: 8px;
+    border-radius: var(--border-radius);
     margin: 3px 3px 3px 0;
-    font-size: 14px;
+    font-size: var(--default-font-size);
     color: white;
-    border: .5px solid black;
+    border: .5px solid var(--color-main-border);
     outline: none;
 }
 
 a.button:focus,
 input[type="submit"]:focus {
-    border: 1px solid black;
+    border: 1px solid var(--color-main-border);
+}
+
+a.button:hover,
+input[type="submit"]:hover {
+    background-color: var(--color-info-hover);
 }
 
 summary {
@@ -41,38 +92,36 @@ ul {
 
 li {
     padding-bottom: 5px;
+    text-indent: 0;
+    padding-left: 0;
 }
 
 span.error {
-    background-color: #e9322d;
+    background-color: var(--color-error);
 }
 
 div.toast.error {
-    border-left-color: #e9322d;
+    border-left-color: var(--color-error);
 }
 
 .status {
     display: inline-block;
-    height: 16px;
-    width: 16px;
-    vertical-align: text-bottom
-}
-
-.status {
+    height: var(--checkbox-size);
+    width: var(--checkbox-size);
+    vertical-align: text-bottom;
     border-radius: 50%
 }
 
-
 span.success {
-    background-color: #46ba61;
+    background-color: var(--color-success);
 }
 
 span.running {
-    background-color: rgb(255, 208, 0);
+    background-color: var(--color-running);
 }
 
 div.toast.success {
-    border-left-color: #46ba61;
+    border-left-color: var(--color-success);
 }
 
 div.toast {
@@ -84,19 +133,36 @@ div.toast {
     margin-top: 45px;
     position: fixed;
     z-index: 1000;
-    border-radius: 3px;
-    background: white none;
+    border-radius: var(--border-radius);
+    background: var(--color-main-background) none;
+    color: var(--color-main-text);
+}
+
+.nextcloud-logo {
+    margin-left: auto;
+    margin-right: auto;
+    display: block;
+    color: var(--color-nextcloud-logo);
+}
+
+.fallback-text {
+   display: none;
+}
+
+svg:not(:has(use)) .fallback-text {
+    display: block;
 }
 
 .login {
     padding: 50px;
-    background-color: white;
+    background-color: var(--color-main-background);
+    color: var(--color-main-text);
     width: 500px;
     position: absolute;
     top: 50%;
     left: 50%;
     transform: translate(-50%, -50%);
-    border-radius: 12px;
+    border-radius: var(--border-radius-large);
 }
 
 .login > .monospace {
@@ -104,33 +170,6 @@ div.toast {
     font-size: 17px;
 }
 
-form {
-    margin: 0;
-}
-
-input[type="text"],
-input[type="password"],
-select {
-    padding-left: 8px;
-    padding-right: 8px;
-    height: 34px;
-    margin-bottom: 15px;
-    border-radius: 8px;
-    border: .5px solid black;
-}
-
-textarea {
-    border-radius: 8px;
-    border: .5px solid black;
-}
-
-input[type="text"]:focus,
-input[type="password"]:focus,
-textarea:focus,
-select:focus {
-    border: 1px solid black;
-}
-
 .login > form > input[type="password"],
 .login > form > input[type="text"],
 .login > form > input[type="submit"] {
@@ -153,34 +192,113 @@ select:focus {
     align-content: center;
 }
 
-.login-wrapper {
+.wrapper {
     min-height: 100dvh;
     min-width: 100vw;
     position: fixed;
     width: 100vw;
-    height: auto;
-    background-image: url("img/Background_Light.jpg");
-
+    background-image: url("img/jenna-kim-the-globe.webp");
     background-position: center;
     background-repeat: no-repeat;
     background-size: cover;
+    box-sizing: border-box;
+    overflow: hidden;
+}
+
+html[data-theme="dark"] .wrapper {
+    background-image: url("img/jenna-kim-the-globe-dark.webp");
+}
+
+form {
+    margin: 0;
+}
+
+input[type="text"],
+input[type="password"],
+select {
+    padding-left: 8px;
+    padding-right: 8px;
+    height: 34px;
+    margin-bottom: 15px;
+    border-radius: var(--border-radius);
+    border: var(--border) solid var(--color-border-maxcontrast);
+    background: var(--color-main-background);
+    color: var(--color-main-text);
+}
+
+input[type="text"]:hover,
+input[type="password"]:hover,
+select:hover {
+    border: var(--border-hover) solid var(--color-main-border-hover);
+}
+
+textarea {
+    border-radius: var(--border-radius);
+    border: .5px solid var(--color-main-border);
+}
+
+input[type="text"]:focus,
+input[type="password"]:focus,
+textarea:focus,
+select:focus {
+    border: 1px solid var(--color-main-border);
+}
+
+/* Scroll bar for dark mode */
+html[data-theme="dark"] ::-webkit-scrollbar {
+    width: 8px; /* Width of the scroll bar */
+}
+
+html[data-theme="dark"] ::-webkit-scrollbar-thumb {
+    background-color: #444; /* Dark mode scrollbar thumb color */
+    border-radius: 4px; /* Rounded corners for the thumb */
+}
+
+html[data-theme="dark"] ::-webkit-scrollbar-track {
+    background-color: #333; /* Dark mode scrollbar track color */
+}
+
+/* Scroll bar for light mode */
+::-webkit-scrollbar {
+    width: 8px; /* Width of the scroll bar */
+}
+
+::-webkit-scrollbar-thumb {
+    background-color: #888; /* Light mode scrollbar thumb color */
+    border-radius: 4px; /* Rounded corners for the thumb */
+}
+
+::-webkit-scrollbar-track {
+    background-color: #f0f0f0; /* Light mode scrollbar track color */
+}
+
+.container {
+    margin: 20px auto;
+    padding: 2px;
+    max-width: calc(var(--max-width) + 108px);
+    background-color: var(--color-main-background);
+    border-radius: var(--border-radius-large);
+    box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+    max-height: calc(100dvh - 40px);
+    overflow: hidden;
 }
 
 main {
-    padding: 20px;
-    max-width: 100%;
+    padding-left: 50px;
+    padding-right: 50px;
+    background-color: transparent; /* transparent, since color comes from outer container */
+    color: var(--color-main-text);
+    max-height: calc(100dvh - 44px);
+    overflow-y: auto;
+    box-sizing: border-box;
     word-break: break-word;
-    max-width: 500px;
+    max-width: calc(var(--max-width) + 100px);
     margin: 0 auto;
 }
 
 .logo {
-    background-image: url('/img/logo.svg');
+    color: white;
     height: 50px;
-    background-repeat: no-repeat;
-    display: inline-flex;
-    background-size: contain;
-    background-position: center center;
     width: 62px;
     position: absolute;
     left: 12px;
@@ -189,16 +307,62 @@ main {
 }
 
 header {
-    background-color: #0082c9;
-    background-image: linear-gradient(40deg, #0082c9 0%, #30b6ff 100%);
+    position: fixed;
+    top: 0;
+    width: 100%;
+    background-color: transparent;
     height: 50px;
     justify-content: space-between;
     align-items: center;
     display: flex;
+    padding: 0 20px;
+    z-index: 1000;
 }
 
 header > form {
-    margin: 0 8px;
+    margin-left: auto;
+    margin-right: 30px;
+}
+
+input[type="checkbox"] {
+    width: var(--checkbox-size);
+    height: var(--checkbox-size);
+    -webkit-appearance: none; /* remove default styling */
+    -moz-appearance: none;
+    appearance: none;
+    border: 1px solid var(--color-nextcloud-blue);
+    border-radius: 2px;
+    cursor: pointer;
+    position: relative;
+    vertical-align: middle; /* align checkbox vertically with text */
+    margin-top: -1px; /* adjust for better alignment */
+}
+
+input[type="checkbox"]:checked {
+    background-color: var(--color-nextcloud-blue);
+    border-color: var(--color-border-maxcontrast);
+}
+
+input[type="checkbox"]:checked::after {
+    content: ''; /* Create a pseudo-element for the checkmark */
+    position: absolute; /* Position it absolutely */
+    left: 4px; /* Positioning of the checkmark */
+    top: 0; /* Positioning of the checkmark */
+    width: 4px; /* Width of the checkmark */
+    height: 9px; /* Height of the checkmark */
+    border: solid white; /* Color of the checkmark */
+    border-width: 0 2px 3px 0; /* Create the checkmark shape */
+    transform: rotate(45deg); /* Rotate to form a checkmark */
+}
+
+input[type="checkbox"]:hover {
+    border-color: var(--color-info-hover);
+}
+
+label {
+    cursor: pointer;
+    margin-left: 4px;
+    line-height: var(--checkbox-size);
 }
 
 .loading {
@@ -223,7 +387,7 @@ header > form {
 .loader {
     border: 16px solid #f3f3f3;
     border-radius: 50%;
-    border-top: 16px solid #0082c9;
+    border-top: 16px solid var(--color-nextcloud-blue);
     width: 120px;
     height: 120px;
     -webkit-animation: spin 2s linear infinite; /* Safari */
@@ -243,3 +407,58 @@ header > form {
     0% { transform: rotate(0deg); }
     100% { transform: rotate(360deg); }
 }
+
+/* General theme button styling */
+#theme-toggle {
+    position: fixed; /* Keep the button in the same position */
+    right: 30px; /* Adjust the distance from the right */
+    bottom: 30px; /* Adjust the distance from the bottom */
+    background-color: transparent; /* Make the background transparent */
+    border: none; /* Remove border */
+    font-size: 36px; /* Adjust font size */
+    cursor: pointer; /* Change cursor to pointer */
+    outline: none;
+}
+
+/* Icon styling: default state */
+#theme-icon {
+    display: inline-block;
+    border-radius: 50%; /* Round shape */
+    position: relative; /* For the pseudo-element positioning */
+    transition: box-shadow 0.3s, background-color 0.3s; /* Smooth transition for hover effect */
+    opacity: 0.6; /* Slightly transparent by default */
+    filter: grayscale(100%); /* Make the icon black and white */
+}
+
+/* Create the inner glow effect with ::after */
+#theme-icon::after {
+    content: ''; /* Empty content for the pseudo-element */
+    position: absolute;
+    top: 50%;
+    left: 50%;
+    width: 0px; /* Invisible dot */
+    height: 0px; /* Invisible dot */
+    background-color: transparent; /* Invisible by default */
+    border-radius: 50%; /* Circle shape */
+    transform: translate(-50%, -50%); /* Center the dot */
+    transition: box-shadow 0.3s, background-color 0.3s; /* Smooth transition for hover */
+}
+
+/* Hover effect for both light and dark modes */
+#theme-toggle:hover #theme-icon {
+    position: relative; /* Ensures stacking order */
+    filter: grayscale(0%); /* Restore full color */
+    opacity: 1; /* Fully visible on hover */
+    z-index: 1; /* Ensures the icon is on top of the shadow */
+}
+
+/* Inner glow when hovered */
+#theme-toggle:hover #theme-icon::after {
+    box-shadow: 0 0 40px 40px rgba(128, 128, 128, 0.4); /* Blur effect from inside */
+    background-color: rgba(128, 128, 128, 0.2); /* Light glow inside */
+}
+
+/* Remove hover effects when not hovering */
+#theme-toggle:not(:hover) #theme-icon {
+    opacity: 0.6; /* Slightly transparent */
+}
\ No newline at end of file
diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js
new file mode 100644
index 00000000..1ec2c114
--- /dev/null
+++ b/php/public/toggle-dark-mode.js
@@ -0,0 +1,26 @@
+// Function to toggle theme
+function toggleTheme() {
+    const currentTheme = document.documentElement.getAttribute('data-theme');
+    const newTheme = (currentTheme === 'dark') ? 'light' : 'dark';
+    document.documentElement.setAttribute('data-theme', newTheme);
+    localStorage.setItem('theme', newTheme);
+
+    // Change the icon based on the current theme
+    const themeIcon = document.getElementById('theme-icon');
+    themeIcon.textContent = newTheme === 'dark' ? '☀️' : '🌙'; // Switch between moon and sun icons
+}
+
+// Function to apply saved theme from localStorage
+function applySavedTheme() {
+    const savedTheme = localStorage.getItem('theme');
+    if (savedTheme) {
+        document.documentElement.setAttribute('data-theme', savedTheme);
+
+        // Ensure the icon is set correctly based on the saved theme
+        const themeIcon = document.getElementById('theme-icon');
+        themeIcon.textContent = savedTheme === 'dark' ? '☀️' : '🌙';
+    }
+}
+
+// Apply theme when the page loads
+document.addEventListener('DOMContentLoaded', applySavedTheme);
\ No newline at end of file
diff --git a/php/templates/already-installed.twig b/php/templates/already-installed.twig
index 708128a8..34a7e179 100644
--- a/php/templates/already-installed.twig
+++ b/php/templates/already-installed.twig
@@ -1,5 +1,13 @@
 {% extends "layout.twig" %}
 
 {% block body %}
-    Already installed.
-{% endblock %}
+    <div class="login">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+            <use href="/img/nextcloud-logo.svg#logo"></use>
+            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
+        </svg>
+        <h2>Nextcloud All-In-One is already installed</h2>
+        <a href="/" class="button">Open Nextcloud AIO</a>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9bcef1cd..4017cf8c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -5,9 +5,9 @@
         <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     </head>
     <header>
-        <div class="">
-            <div class="logo"></div>
-        </div>
+        <svg class="logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 71" width="62" height="50">
+            <use href="/img/nextcloud-logo.svg#logo"></use>
+        </svg>
         <form method="POST" action="/api/auth/logout">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -15,459 +15,151 @@
         </form>
     </header>
 
-    <main>
-        <h1>Nextcloud AIO v9.7.0</h1>
+    <div class="container">
+        <main>
+            <h1>Nextcloud AIO v9.7.0</h1>
 
-        {# Add 2nd tab warning #}
-        <script type="text/javascript" src="second-tab-warning.js"></script>
+            {# Add 2nd tab warning #}
+            <script type="text/javascript" src="second-tab-warning.js"></script>
 
-        {# timezone-prefill #}
-        <script type="text/javascript" src="timezone.js"></script>
+            {# timezone-prefill #}
+            <script type="text/javascript" src="timezone.js"></script>
 
-        {% set isAnyRunning = false %}
-        {% set isAnyRestarting = false %}
-        {% set isWatchtowerRunning = false %}
-        {% set isDomaincheckRunning = false %}
-        {% set isBackupOrRestoreRunning = false %}
-        {% set isApacheStarting = false %}
-        {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 30 %}
-
-        {% if is_backup_container_running == true %}
-            {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
-                {% set isBackupOrRestoreRunning = true %}
-            {% endif %}
-        {% endif %}
-
-        {% for container in containers %}
-            {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %}
-                {% set isAnyRunning = true %}
-            {% endif %}
-            {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
-                {% set isAnyRestarting = true %}
-            {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
-                {% set isWatchtowerRunning = true %}
-            {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
-                {% set isDomaincheckRunning = true %}
-            {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
-                {% set isApacheStarting = true %}
-            {% endif %}
-        {% endfor %}
-
-        {% if is_daily_backup_running == true %}
-            <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
-            {% if automatic_updates == true %}
-                <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
-                {% if is_mastercontainer_update_available == true %}
-                    <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
-                {% endif %}
-            {% endif %}
-            {% if has_update_available == false %}
-                <p>The whole process should not take more than a few minutes.</p>
-            {% elseif automatic_updates == true %}
-                <p>The whole process can take a while as your containers will be updated.</p>
-            {% endif %}
-            <p><a href="" class="button reload">Reload ↻</a></p>
-            <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
-        {% elseif isWatchtowerRunning == true %}
-            <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
-            <p><a href="" class="button reload">Reload ↻</a></p>
-        {% else %}
-            {% if is_backup_container_running == false and domain == "" %}
-                {% if isDomaincheckRunning == false %}
-                    <h2>Domaincheck container is not running</h2>
-                    <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
-                {% elseif is_mastercontainer_update_available == true %}
-                    <h2>Mastercontainer update</h2>
-                    <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
-                    <form method="POST" action="/api/docker/watchtower" class="xhr">
-                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                        <input type="submit" value="Update mastercontainer" />
-                    </form>
-                {% else %}
-                    {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-                        <p>You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.</p>
-                        {{ include('includes/aio-config.twig') }}
-                        <h2>New AIO instance</h2>
-                        {% if apache_port == '443' %}
-                            <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
-                        {% else %}
-                            <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
-                        {% endif %}
-                        <p>Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.</p>
-                        {% if skip_domain_validation == true %}
-                            <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
-                        {% endif %}
-                        <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input type="submit" value="Submit domain" />
-                        </form>
-                        {% if skip_domain_validation == false %}
-                            <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
-                            <details>
-                                <summary>Click here for further hints</summary>
-                                <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.</p>
-                                <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
-                                <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
-                                <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
-                                {% if apache_port != '443' %}
-                                    <p>If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
-                                {% endif %}
-                                <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
-                            </details>
-                        {% endif %}
-
-                        <h2>Restore former AIO instance from backup</h2>
-                        <p>You can alternatively restore a former AIO instance from backup.</p>
-                    {% endif %}
-
-                    {% if is_instance_restore_attempt == false %}
-                        {% if borg_backup_host_location != '' and borg_restore_password != '' %}
-                            {% if borg_backup_mode in ['test', 'check'] %}
-                                {% if backup_exit_code > 0 %}
-                                    <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    {% if borg_backup_mode == 'test' %}
-                                        <p>Please adjust the path and/or the encryption password in order to make it work!</p>
-                                    {% elseif borg_backup_mode == 'check' %}
-                                        <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
-                                        <details>
-                                            <summary>Reveal repair option</summary>
-                                            <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
-                                            </form>
-                                        </details>
-                                    {% endif %}
-                                {% elseif backup_exit_code == 0 %}
-                                    <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    {% if borg_backup_mode == 'test' %}
-                                        <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
-                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input type="submit" value="Check backup integrity"/>
-                                        </form>
-                                    {% endif %}
-                                    <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
-                                    <p><strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
-                                    <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
-                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
-                                            {% for restore_time in backup_times %}
-                                                <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
-                                            {% endfor %}
-                                        </select>
-                                        <input type="submit" value="Restore selected backup"/>
-                                    </form>
-                                {% endif %}
-                            {% elseif borg_backup_mode == 'restore' %}
-                                {% if backup_exit_code > 0 %}
-                                    <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
-                                {% endif %}
-                            {% endif %}
-                        {% endif %}
-
-                        {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
-                            <p>Please enter the location of the backup archive on your host and the encryption password of the backup archive below:</p>
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
-                                <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/>
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Submit location and encryption password" />
-                            </form>
-                            {{ include('includes/backup-dirs.twig') }}
-                            <p>⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!</p>
-                        {% endif %}
-                    {% else %}
-                        <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
-                        <form method="POST" action="/api/docker/backup-test" class="xhr">
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input type="submit" value="Test path and encryption password"/>
-                        </form>
-                    {% endif %}
-                {% endif %}
-                <h2>How to reset the AIO instance?</h2>
-                <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
-            {% endif %}
-
-            {% if was_start_button_clicked == true %}
-                {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    <p>You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
-                {% else %}
-                    <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
-                {% endif %}
-            {% endif %}
+            {% set isAnyRunning = false %}
+            {% set isAnyRestarting = false %}
+            {% set isWatchtowerRunning = false %}
+            {% set isDomaincheckRunning = false %}
+            {% set isBackupOrRestoreRunning = false %}
+            {% set isApacheStarting = false %}
+            {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
+            {% set newMajorVersion = 30 %}
 
             {% if is_backup_container_running == true %}
-                <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                <p><a href="" class="button reload">Reload ↻</a></p>
+                {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
+                    {% set isBackupOrRestoreRunning = true %}
+                {% endif %}
             {% endif %}
 
-            {% if domain != "" %}
-                {% if isAnyRunning == true %}
-                    {% if isApacheStarting != true %}
-                        {% if borg_backup_host_location != '' %}
-                            <details>
-                            <summary>Click here to reveal the initial Nextcloud credentials</summary>
-                        {% endif %}
-                                <p>Initial Nextcloud username: <strong>admin</strong></p>
-                        {% if borg_backup_host_location != '' %}
-                            {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                            <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
-                        {% else %}
-                            <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
-                        {% endif %}
-                        <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
-                        {% if borg_backup_host_location == '' %}
-                            <p>If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
-                        {% endif %}
-                    {% else %}
-                        {% if isAnyRestarting == false %}
-                            <p><span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <strong>Starting</strong> next to each container for further details.</p>
-                            <p><a href="" class="button reload">Reload ↻</a></p>
-                        {% else %}
-                            <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
-                            <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
-                            <form method="POST" action="/api/docker/stop" class="xhr">
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Stop containers" />
-                            </form>
-                        {% endif %}
+            {% for container in containers %}
+                {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %}
+                    {% set isAnyRunning = true %}
+                {% endif %}
+                {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
+                    {% set isAnyRestarting = true %}
+                {% endif %}
+                {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
+                    {% set isWatchtowerRunning = true %}
+                {% endif %}
+                {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
+                    {% set isDomaincheckRunning = true %}
+                {% endif %}
+                {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
+                    {% set isApacheStarting = true %}
+                {% endif %}
+            {% endfor %}
+
+            {% if is_daily_backup_running == true %}
+                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
+                {% if automatic_updates == true %}
+                    <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
+                    {% if is_mastercontainer_update_available == true %}
+                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
                     {% endif %}
                 {% endif %}
-
-                {% if isApacheStarting == false and is_backup_container_running == false %}
-                    {{ include('includes/aio-config.twig') }}
+                {% if has_update_available == false %}
+                    <p>The whole process should not take more than a few minutes.</p>
+                {% elseif automatic_updates == true %}
+                    <p>The whole process can take a while as your containers will be updated.</p>
                 {% endif %}
-
-                {% if was_start_button_clicked == true %}
-                    <h2>Containers</h2>
-                    <ul>
-                        {# @var containers \AIO\Container\Container[] #}
-                        {% for container in containers %}
-                            {% if container.GetDisplayName() != '' %}
-                                <li>
-                                    {% if container.GetStartingState().value == 'starting' %}
-                                        <span class="status running"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
-                                        {% if container.GetDocumentation() != '' %}
-                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
-                                        {% endif %}
-                                        </span>
-                                    {% elseif container.GetRunningState().value == 'running' %}
-                                        <span class="status success"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
-                                        {% if container.GetDocumentation() != '' %}
-                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
-                                        {% endif %}
-                                        </span>
-                                    {% else %}
-                                        <span class="status error"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
-                                        {% if container.GetDocumentation() != '' %}
-                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
-                                        {% endif %}
-                                        </span>
-                                    {% endif %}
-                                </li>
-                            {% endif %}
-                        {% endfor %}
-                    </ul>
-
-                    {% if has_update_available == true %}
-                        {% if is_mastercontainer_update_available == false %}
-                            <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
-                        {% endif %}
-                    {% else %}
-                        {% if is_mastercontainer_update_available == false %}
-                            <p>Your containers are up-to-date.</p>
-                            {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
-                                <details>
-                                <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                    <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
-                                </details>
-                            {% endif %}
-                        {% endif %}
-                    {% endif %}
-                {% endif %}
-
-                {% if isAnyRunning == true %}
-                    {% if isApacheStarting != true %}
-                        {% if is_mastercontainer_update_available == true %}
-                            <p>⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.</p>
-                            {% if current_channel starts with 'latest' %}
-                                <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
-                            {% elseif current_channel starts with 'beta' %}
-                                <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
-                            {% elseif current_channel starts with 'develop' %}
-                                <p>You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
-                            {% endif %}
-                        {% endif %}
-                        <form method="POST" action="/api/docker/stop" class="xhr">
+                <p><a href="" class="button reload">Reload ↻</a></p>
+                <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
+            {% elseif isWatchtowerRunning == true %}
+                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
+                <p><a href="" class="button reload">Reload ↻</a></p>
+            {% else %}
+                {% if is_backup_container_running == false and domain == "" %}
+                    {% if isDomaincheckRunning == false %}
+                        <h2>Domaincheck container is not running</h2>
+                        <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
+                    {% elseif is_mastercontainer_update_available == true %}
+                        <h2>Mastercontainer update</h2>
+                        <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
+                        <form method="POST" action="/api/docker/watchtower" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input type="submit" value="Stop containers" />
+                            <input type="submit" value="Update mastercontainer" />
                         </form>
-                    {% endif %}
-                {% else %}
-                    {% if isBackupOrRestoreRunning == true %}
-                        <p>Restore or Backup currently running. Cannot start the containers until Restore or Backup is complete.</p>
                     {% else %}
-                        {% if was_start_button_clicked == false %}
-                            <p>Clicking on the button below will download all docker containers and start them. This can take a long time depending on your internet connection. Since the overall size is a few GB, this can take around 5-10 min or more. Please be patient!</p>
-                        {% endif %}
-                        {% if is_mastercontainer_update_available == true %}
-                            <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
-                            <form method="POST" action="/api/docker/watchtower" class="xhr">
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Update mastercontainer" />
-                            </form>
-                        {% else %}
-                            {% if was_start_button_clicked == false %}
-                                <form method="POST" action="/api/docker/start" class="xhr">
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    {% if newMajorVersion != '' %}
-                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersion - 21 }} (if unchecked, Nextcloud Hub {{ newMajorVersion - 22 }} will get installed)</label><br>
-                                    {% endif %}
-                                    <input type="submit" value="Download and start containers" />
-                                </form>
-                            {% elseif has_update_available == false %}
-                                <form method="POST" action="/api/docker/start" class="xhr">
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input type="submit" value="Start containers" />
-                                </form>
+                        {% if borg_backup_host_location == '' and borg_restore_password == '' %}
+                            <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+                            <p>You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.</p>
+                            {{ include('includes/aio-config.twig') }}
+                            <h2>New AIO instance</h2>
+                            {% if apache_port == '443' %}
+                                <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                             {% else %}
-                                <form method="POST" action="/api/docker/start" class="xhr">
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
-                                </form>
+                                <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
+                            {% endif %}
+                            <p>Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.</p>
+                            {% if skip_domain_validation == true %}
+                                <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
-                        {% endif %}
-                    {% endif %}
-                {% endif %}
-
-                {% if was_start_button_clicked == true %}
-
-                    {% if is_backup_section_enabled == false %}
-                        <h2>Backup and restore</h2>
-                        <p>The backup section is disabled via environmental variable.</p>
-                    {% else %}
-                        {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
-                            <h2>Backup and restore</h2>
-                            <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
                             <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Submit backup location" />
+                                <input type="submit" value="Submit domain" />
                             </form>
-                            {{ include('includes/backup-dirs.twig') }}
+                            {% if skip_domain_validation == false %}
+                                <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
+                                <details>
+                                    <summary>Click here for further hints</summary>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.</p>
+                                    <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
+                                    <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
+                                    <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
+                                    {% if apache_port != '443' %}
+                                        <p>If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
+                                    {% endif %}
+                                    <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
+                                </details>
+                            {% endif %}
+
+                            <h2>Restore former AIO instance from backup</h2>
+                            <p>You can alternatively restore a former AIO instance from backup.</p>
                         {% endif %}
-                    {% endif %}
 
-                    {% if is_backup_section_enabled == true %}
-
-                        {% if borg_backup_host_location != "" %}
-                            {% if is_backup_container_running == false %}
-                                <h2>Backup and restore</h2>
-                                {% if backup_exit_code > 0 %}
-                                    <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    {% if borg_backup_mode == "check" %}
-                                        <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
-                                        <details>
-                                            <summary>Reveal repair option</summary>
-                                            <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                        {% if is_instance_restore_attempt == false %}
+                            {% if borg_backup_host_location != '' and borg_restore_password != '' %}
+                                {% if borg_backup_mode in ['test', 'check'] %}
+                                    {% if backup_exit_code > 0 %}
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        {% if borg_backup_mode == 'test' %}
+                                            <p>Please adjust the path and/or the encryption password in order to make it work!</p>
+                                        {% elseif borg_backup_mode == 'check' %}
+                                            <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <details>
+                                                <summary>Reveal repair option</summary>
+                                                <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
+                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
+                                                </form>
+                                            </details>
+                                        {% endif %}
+                                    {% elseif backup_exit_code == 0 %}
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        {% if borg_backup_mode == 'test' %}
+                                            <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
+                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
+                                                <input type="submit" value="Check backup integrity"/>
                                             </form>
-                                        </details>
-                                    {% endif %}
-                                    {% if has_backup_run_once == false %}
-                                        <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
-                                        <form method="POST" action="/api/configuration" class="xhr">
-                                            <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input type="submit" value="Set backup location again" />
-                                        </form>
-                                    {% endif %}
-                                {% elseif backup_exit_code == 0 %}
-                                    {% if borg_backup_mode == "backup" %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    {% else %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
-                                    {% endif %}
-                                {% endif %}
-                            {% endif %}
-
-                            {% if is_backup_container_running == false and isApacheStarting == false %}
-                                {% if has_backup_run_once == true %}
-                                    <details>
-                                    <summary>Click here to reveal all backup options (including an option for automatic updates)</summary>
-                                {% endif %}
-                                <h3>Backup information</h3>
-                                <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
-                                <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
-                                <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
-                                <p>The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
-                                <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
-                                <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
-                                <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
-                                <p>For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
-                                <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
-                                <p>For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
-
-                                {% if isApacheStarting != true %}
-                                    <h3>Backup creation</h3>
-                                    <p>Clicking on the button below will create a backup.</p>
-                                    <form method="POST" action="/api/docker/backup" class="xhr">
-                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
-                                    </form>
-
-                                    {% if has_backup_run_once == false %}
-                                        <h3>Reset backup host location</h3>
-                                        <p>If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.</p>
-                                        <form method="POST" action="/api/configuration" class="xhr">
-                                            <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input type="submit" value="Reset backup location" />
-                                        </form>
-                                    {% endif %}
-
-                                    {% if has_backup_run_once == true %}
-                                        <h3>Backup check</h3>
-                                        <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
-                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
-                                        </form>
-
-                                        <h3>Backup restore</h3>
-                                        <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
+                                        {% endif %}
+                                        <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
+                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -476,212 +168,522 @@
                                                     <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
                                                 {% endfor %}
                                             </select>
-                                            <input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
+                                            <input type="submit" value="Restore selected backup"/>
                                         </form>
-
-                                        <h3>Daily backup and automatic updates</h3>
-                                        {% if daily_backup_time == "" %}
-                                            <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
-                                                <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Submit backup time" /><br>
-                                                <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
-                                                <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
-                                            </form>
-                                        {% else %}
-                                            <p>Daily backups will be created at <strong>{{ daily_backup_time }} UTC</strong>. A notification about the result of the backup will be sent.</p>
-                                            {% if automatic_updates == true %}
-                                                Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated.
-                                            {% endif %}
-                                            <p>To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
-                                                <input type="hidden" name="delete_daily_backup_time" value="yes"/>
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Disable or change daily backups" />
-                                            </form>
-                                        {% endif %}
-
-                                        <h3>Back up additional directories and docker volumes of your host</h3>
-                                        <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
-                                        <form method="POST" action="/api/configuration" class="xhr">
-                                            <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input type="submit" value="Submit additional backup locations" />
-                                        </form>
-                                        <p>Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!</p>
-                                        <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
-                                        <p>Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.</p>
-                                        {% if additional_backup_directories != "" %}
-                                            <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
-                                        {% endif %}
+                                    {% endif %}
+                                {% elseif borg_backup_mode == 'restore' %}
+                                    {% if backup_exit_code > 0 %}
+                                        <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                     {% endif %}
                                 {% endif %}
-                                {% if has_backup_run_once == true %}
+                            {% endif %}
+
+                            {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
+                                <p>Please enter the location of the backup archive on your host and the encryption password of the backup archive below:</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
+                                    <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Submit location and encryption password" />
+                                </form>
+                                {{ include('includes/backup-dirs.twig') }}
+                                <p>⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg', or the backup container will not be able to find the backup archive!</p>
+                            {% endif %}
+                        {% else %}
+                            <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
+                            <form method="POST" action="/api/docker/backup-test" class="xhr">
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input type="submit" value="Test path and encryption password"/>
+                            </form>
+                        {% endif %}
+                    {% endif %}
+                    <h2>How to reset the AIO instance?</h2>
+                    <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
+                {% endif %}
+
+                {% if was_start_button_clicked == true %}
+                    {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
+                        <p>You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
+                    {% else %}
+                        <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
+                    {% endif %}
+                {% endif %}
+
+                {% if is_backup_container_running == true %}
+                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                    <p><a href="" class="button reload">Reload ↻</a></p>
+                {% endif %}
+
+                {% if domain != "" %}
+                    {% if isAnyRunning == true %}
+                        {% if isApacheStarting != true %}
+                            {% if borg_backup_host_location != '' %}
+                                <details>
+                                <summary>Click here to reveal the initial Nextcloud credentials</summary>
+                            {% endif %}
+                                    <p>Initial Nextcloud username: <strong>admin</strong></p>
+                            {% if borg_backup_host_location != '' %}
+                                {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
+                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
+                            {% else %}
+                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
+                            {% endif %}
+                            <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
+                            {% if borg_backup_host_location == '' %}
+                                <p>If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
+                            {% endif %}
+                        {% else %}
+                            {% if isAnyRestarting == false %}
+                                <p><span class="status running"></span> Containers are currently starting. You might inspect the container logs by clicking on <strong>Starting</strong> next to each container for further details.</p>
+                                <p><a href="" class="button reload">Reload ↻</a></p>
+                            {% else %}
+                                <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
+                                <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
+                                <form method="POST" action="/api/docker/stop" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Stop containers" />
+                                </form>
+                            {% endif %}
+                        {% endif %}
+                    {% endif %}
+
+                    {% if isApacheStarting == false and is_backup_container_running == false %}
+                        {{ include('includes/aio-config.twig') }}
+                    {% endif %}
+
+                    {% if was_start_button_clicked == true %}
+                        <h2>Containers</h2>
+                        <ul>
+                            {# @var containers \AIO\Container\Container[] #}
+                            {% for container in containers %}
+                                {% if container.GetDisplayName() != '' %}
+                                    <li>
+                                        {% if container.GetStartingState().value == 'starting' %}
+                                            <span class="status running"></span>
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
+                                            {% if container.GetDocumentation() != '' %}
+                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                            {% endif %}
+                                            </span>
+                                        {% elseif container.GetRunningState().value == 'running' %}
+                                            <span class="status success"></span>
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
+                                            {% if container.GetDocumentation() != '' %}
+                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                            {% endif %}
+                                            </span>
+                                        {% else %}
+                                            <span class="status error"></span>
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
+                                            {% if container.GetDocumentation() != '' %}
+                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                            {% endif %}
+                                            </span>
+                                        {% endif %}
+                                    </li>
+                                {% endif %}
+                            {% endfor %}
+                        </ul>
+
+                        {% if has_update_available == true %}
+                            {% if is_mastercontainer_update_available == false %}
+                                <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
+                            {% endif %}
+                        {% else %}
+                            {% if is_mastercontainer_update_available == false %}
+                                <p>Your containers are up-to-date.</p>
+                                {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
+                                    <details>
+                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
                         {% endif %}
                     {% endif %}
 
-                    {% if is_backup_container_running == false %}
-                        {% if isApacheStarting == false %}
-                            <h2>AIO passphrase change</h2>
-                            <details>
-                                <summary>Click here to change your AIO passphrase</summary>
-                                <p>You can change your AIO passphrase below:</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
-                                    <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
+                    {% if isAnyRunning == true %}
+                        {% if isApacheStarting != true %}
+                            {% if is_mastercontainer_update_available == true %}
+                                <p>⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.</p>
+                                {% if current_channel starts with 'latest' %}
+                                    <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
+                                {% elseif current_channel starts with 'beta' %}
+                                    <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
+                                {% elseif current_channel starts with 'develop' %}
+                                    <p>You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
+                                {% endif %}
+                            {% endif %}
+                            <form method="POST" action="/api/docker/stop" class="xhr">
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input type="submit" value="Stop containers" />
+                            </form>
+                        {% endif %}
+                    {% else %}
+                        {% if isBackupOrRestoreRunning == true %}
+                            <p>Restore or Backup currently running. Cannot start the containers until Restore or Backup is complete.</p>
+                        {% else %}
+                            {% if was_start_button_clicked == false %}
+                                <p>Clicking on the button below will download all docker containers and start them. This can take a long time depending on your internet connection. Since the overall size is a few GB, this can take around 5-10 min or more. Please be patient!</p>
+                            {% endif %}
+                            {% if is_mastercontainer_update_available == true %}
+                                <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
+                                <form method="POST" action="/api/docker/watchtower" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input type="submit" value="Submit passphrase change" />
+                                    <input type="submit" value="Update mastercontainer" />
                                 </form>
-                                <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
-                            </details>
-                        {% endif %}
-                    {% endif %}
-                {% endif %}
-                {% if is_backup_container_running == false %}
-                    <h2>Optional containers</h2>
-                    <p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
-                    {% if isAnyRunning == true %}
-                        <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
-                    {% else %}
-                        <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
-                    {% endif %}
-                    <form id="options-form" method="POST" action="/api/configuration" class="xhr">
-                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                        <input type="hidden" name="options-form" value="options-form">
-                        {% if is_clamav_enabled == true %}
-                            <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-                        {% endif %}
-                        {% if is_collabora_enabled == true %}
-                            <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-                        {% endif %}
-                        {% if is_fulltextsearch_enabled == true %}
-                            <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
-                        {% endif %}
-                        {% if is_imaginary_enabled == true %}
-                            <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-                        {% endif %}
-                        {% if is_talk_enabled == true %}
-                            <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-                        {% endif %}
-                        {% if is_talk_recording_enabled == true %}
-                            <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
-                        {% endif %}
-                        {% if is_onlyoffice_enabled == true %}
-                            <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
-                        {% else %}
-                            {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
-                        {% endif %}
-                        {% if is_docker_socket_proxy_enabled == true %}
-                            <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-                        {% endif %}
-                        {% if is_whiteboard_enabled == true %}
-                            <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
-                        {% else %}
-                            <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
-                        {% endif %}
-                        <input id="options-form-submit" type="submit" value="Save changes" />
-                        <script type="text/javascript" src="options-form-submit.js?v2"></script>
-                    </form>
-                    <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
-                    {% if isAnyRunning == true or is_x64_platform == false %}
-                        <script type="text/javascript" src="disable-clamav.js"></script>
-                    {% endif %}
-                    {% if isAnyRunning == true %}
-                        <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
-                        <script type="text/javascript" src="disable-talk.js"></script>
-                        <script type="text/javascript" src="disable-collabora.js"></script>
-                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
-                        <script type="text/javascript" src="disable-imaginary.js"></script>
-                        <script type="text/javascript" src="disable-fulltextsearch.js"></script>
-                        <script type="text/javascript" src="disable-talk-recording.js"></script>
-                        <script type="text/javascript" src="disable-whiteboard.js"></script>
-                    {% endif %}
-
-                    {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
-                        <h3>Collabora dictionaries</h3>
-
-                        {% if collabora_dictionaries == "" %}
-                            <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Submit collabora dictionaries" />
-                            </form>
-                            <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
-                        {% else %}
-                            <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Reset collabora dictionaries" />
-                            </form>
+                            {% else %}
+                                {% if was_start_button_clicked == false %}
+                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        {% if newMajorVersion != '' %}
+                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersion - 21 }} (if unchecked, Nextcloud Hub {{ newMajorVersion - 22 }} will get installed)</label><br>
+                                        {% endif %}
+                                        <input type="submit" value="Download and start containers" />
+                                    </form>
+                                {% elseif has_update_available == false %}
+                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="submit" value="Start containers" />
+                                    </form>
+                                {% else %}
+                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
+                                    </form>
+                                {% endif %}
+                            {% endif %}
                         {% endif %}
                     {% endif %}
 
-                    <h2>Timezone change</h2>
-                    {% if isAnyRunning == true %}
-                        {% if timezone != "" %}
-                            <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>.</p>
-                        {% endif %}
-                        <p><strong>Please note:</strong> You can change the timezone when your containers are stopped.</p>
-                    {% else %}
-                        {% if timezone == "" %}
-                            <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
-                            <p>You can configure the timezone for Nextcloud below:</p>
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
-                            </form>
-                            <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
+                    {% if was_start_button_clicked == true %}
+
+                        {% if is_backup_section_enabled == false %}
+                            <h2>Backup and restore</h2>
+                            <p>The backup section is disabled via environmental variable.</p>
                         {% else %}
-                            <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="hidden" name="delete_timezone" value="yes"/>
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input type="submit" value="Reset the timezone" />
-                            </form>
+                            {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
+                                <h2>Backup and restore</h2>
+                                <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Submit backup location" />
+                                </form>
+                                {{ include('includes/backup-dirs.twig') }}
+                            {% endif %}
+                        {% endif %}
+
+                        {% if is_backup_section_enabled == true %}
+
+                            {% if borg_backup_host_location != "" %}
+                                {% if is_backup_container_running == false %}
+                                    <h2>Backup and restore</h2>
+                                    {% if backup_exit_code > 0 %}
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        {% if borg_backup_mode == "check" %}
+                                            <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <details>
+                                                <summary>Reveal repair option</summary>
+                                                <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
+                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
+                                                </form>
+                                            </details>
+                                        {% endif %}
+                                        {% if has_backup_run_once == false %}
+                                            <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
+                                            <form method="POST" action="/api/configuration" class="xhr">
+                                                <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input type="submit" value="Set backup location again" />
+                                            </form>
+                                        {% endif %}
+                                    {% elseif backup_exit_code == 0 %}
+                                        {% if borg_backup_mode == "backup" %}
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        {% else %}
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        {% endif %}
+                                    {% endif %}
+                                {% endif %}
+
+                                {% if is_backup_container_running == false and isApacheStarting == false %}
+                                    {% if has_backup_run_once == true %}
+                                        <details>
+                                        <summary>Click here to reveal all backup options (including an option for automatic updates)</summary>
+                                    {% endif %}
+                                    <h3>Backup information</h3>
+                                    <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
+                                    <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
+                                    <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
+                                    <p>The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
+                                    <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
+                                    <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
+                                    <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
+                                    <p>For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
+                                    <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
+                                    <p>For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
+
+                                    {% if isApacheStarting != true %}
+                                        <h3>Backup creation</h3>
+                                        <p>Clicking on the button below will create a backup.</p>
+                                        <form method="POST" action="/api/docker/backup" class="xhr">
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
+                                        </form>
+
+                                        {% if has_backup_run_once == false %}
+                                            <h3>Reset backup host location</h3>
+                                            <p>If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.</p>
+                                            <form method="POST" action="/api/configuration" class="xhr">
+                                                <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input type="submit" value="Reset backup location" />
+                                            </form>
+                                        {% endif %}
+
+                                        {% if has_backup_run_once == true %}
+                                            <h3>Backup check</h3>
+                                            <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
+                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
+                                            </form>
+
+                                            <h3>Backup restore</h3>
+                                            <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
+                                            <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
+                                                    {% for restore_time in backup_times %}
+                                                        <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
+                                                    {% endfor %}
+                                                </select>
+                                                <input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
+                                            </form>
+
+                                            <h3>Daily backup and automatic updates</h3>
+                                            {% if daily_backup_time == "" %}
+                                                <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
+                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                    <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Submit backup time" /><br>
+                                                    <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
+                                                    <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
+                                                </form>
+                                            {% else %}
+                                                <p>Daily backups will be created at <strong>{{ daily_backup_time }} UTC</strong>. A notification about the result of the backup will be sent.</p>
+                                                {% if automatic_updates == true %}
+                                                    Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated.
+                                                {% endif %}
+                                                <p>To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.</p>
+                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                    <input type="hidden" name="delete_daily_backup_time" value="yes"/>
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Disable or change daily backups" />
+                                                </form>
+                                            {% endif %}
+
+                                            <h3>Back up additional directories and docker volumes of your host</h3>
+                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
+                                            <form method="POST" action="/api/configuration" class="xhr">
+                                                <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input type="submit" value="Submit additional backup locations" />
+                                            </form>
+                                            <p>Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!</p>
+                                            <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
+                                            <p>Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.</p>
+                                            {% if additional_backup_directories != "" %}
+                                                <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
+                                            {% endif %}
+                                        {% endif %}
+                                    {% endif %}
+                                    {% if has_backup_run_once == true %}
+                                        </details>
+                                    {% endif %}
+                                {% endif %}
+                            {% endif %}
+                        {% endif %}
+
+                        {% if is_backup_container_running == false %}
+                            {% if isApacheStarting == false %}
+                                <h2>AIO passphrase change</h2>
+                                <details>
+                                    <summary>Click here to change your AIO passphrase</summary>
+                                    <p>You can change your AIO passphrase below:</p>
+                                    <form method="POST" action="/api/configuration" class="xhr">
+                                        <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
+                                        <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="submit" value="Submit passphrase change" />
+                                    </form>
+                                    <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
+                                </details>
+                            {% endif %}
+                        {% endif %}
+                    {% endif %}
+                    {% if is_backup_container_running == false %}
+                        <h2>Optional containers</h2>
+                        <p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+                        {% if isAnyRunning == true %}
+                            <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+                        {% else %}
+                            <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
+                        {% endif %}
+                        <form id="options-form" method="POST" action="/api/configuration" class="xhr">
+                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                            <input type="hidden" name="options-form" value="options-form">
+                            {% if is_clamav_enabled == true %}
+                                <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
+                            {% endif %}
+                            {% if is_collabora_enabled == true %}
+                                <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
+                            {% endif %}
+                            {% if is_fulltextsearch_enabled == true %}
+                                <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
+                            {% endif %}
+                            {% if is_imaginary_enabled == true %}
+                                <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
+                            {% endif %}
+                            {% if is_talk_enabled == true %}
+                                <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
+                            {% endif %}
+                            {% if is_talk_recording_enabled == true %}
+                                <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
+                            {% endif %}
+                            {% if is_onlyoffice_enabled == true %}
+                                <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
+                            {% else %}
+                                {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
+                            {% endif %}
+                            {% if is_docker_socket_proxy_enabled == true %}
+                                <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
+                            {% endif %}
+                            {% if is_whiteboard_enabled == true %}
+                                <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
+                            {% else %}
+                                <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
+                            {% endif %}
+                            <input id="options-form-submit" type="submit" value="Save changes" />
+                            <script type="text/javascript" src="options-form-submit.js?v2"></script>
+                        </form>
+                        <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+                        {% if isAnyRunning == true or is_x64_platform == false %}
+                            <script type="text/javascript" src="disable-clamav.js"></script>
+                        {% endif %}
+                        {% if isAnyRunning == true %}
+                            <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
+                            <script type="text/javascript" src="disable-talk.js"></script>
+                            <script type="text/javascript" src="disable-collabora.js"></script>
+                            <script type="text/javascript" src="disable-onlyoffice.js"></script>
+                            <script type="text/javascript" src="disable-imaginary.js"></script>
+                            <script type="text/javascript" src="disable-fulltextsearch.js"></script>
+                            <script type="text/javascript" src="disable-talk-recording.js"></script>
+                            <script type="text/javascript" src="disable-whiteboard.js"></script>
+                        {% endif %}
+
+                        {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
+                            <h3>Collabora dictionaries</h3>
+
+                            {% if collabora_dictionaries == "" %}
+                                <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Submit collabora dictionaries" />
+                                </form>
+                                <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
+                            {% else %}
+                                <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Reset collabora dictionaries" />
+                                </form>
+                            {% endif %}
+                        {% endif %}
+
+                        <h2>Timezone change</h2>
+                        {% if isAnyRunning == true %}
+                            {% if timezone != "" %}
+                                <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>.</p>
+                            {% endif %}
+                            <p><strong>Please note:</strong> You can change the timezone when your containers are stopped.</p>
+                        {% else %}
+                            {% if timezone == "" %}
+                                <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
+                                <p>You can configure the timezone for Nextcloud below:</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
+                                </form>
+                                <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
+                            {% else %}
+                                <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="hidden" name="delete_timezone" value="yes"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input type="submit" value="Reset the timezone" />
+                                </form>
+                            {% endif %}
                         {% endif %}
                     {% endif %}
                 {% endif %}
             {% endif %}
+
+        {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
+            <script type="text/javascript" src="automatic_reload.js"></script>
+        {% else %}
+            <script type="text/javascript" src="before-unload.js"></script>
         {% endif %}
 
-    {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
-        <script type="text/javascript" src="automatic_reload.js"></script>
-    {% else %}
-        <script type="text/javascript" src="before-unload.js"></script>
-    {% endif %}
-
-    </main>
+        </main>
+    </div>
     <div id="overlay">
         <div class="loader"></div>
     </div>
-{% endblock %}
+{% endblock %}
\ No newline at end of file
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index aefb4955..669854f8 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,12 +1,16 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v2" media="all" />
+        <link rel="stylesheet" href="/style.css?v3" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
     </head>
 
     <body>
+        <div class="wrapper">
             {% block body %}{% endblock %}
+        </div>
+        <button id="theme-toggle" onclick="toggleTheme()"><span id="theme-icon"/></button>
+        <script type="text/javascript" src="toggle-dark-mode.js"></script>
     </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 7240a7e2..04175cc3 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -1,28 +1,28 @@
-{% extends "layout.twig" %}
-
-{% block body %}
-    <div class="login-wrapper">
-        <div class="login">
-            <img alt="Nextcloud logo" src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Nextcloud AIO Login</h1>
-            {% if is_login_allowed == true %}
-                <p>Log in using your Nextcloud AIO passphrase:</p>
-                <form method="POST" action="/api/auth/login" class="xhr">
-                    <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
-
-                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                    <input type="submit" class="button" value="Log in" />
-                </form>
-            {% else %}
-                <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
-                If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
-            {% endif %}
-        </div>
-    </div>
-    <script type="text/javascript" src="before-unload.js"></script>
-    <div id="overlay">
-        <div class="loader"></div>
-    </div>
-{% endblock %}
-
+{% extends "layout.twig" %}
+
+{% block body %}
+    <div class="login">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+            <use href="/img/nextcloud-logo.svg#logo"></use>
+            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
+        </svg>
+        <h1>Nextcloud AIO Login</h1>
+        {% if is_login_allowed == true %}
+            <p>Log in using your Nextcloud AIO passphrase:</p>
+            <form method="POST" action="/api/auth/login" class="xhr">
+                <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
+                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                <input type="submit" class="button" value="Log in" />
+            </form>
+        {% else %}
+            <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+            If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
+        {% endif %}
+    </div>
+    <script type="text/javascript" src="before-unload.js"></script>
+    <div id="overlay">
+        <div class="loader"></div>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 9f75fdf7..91d7fbe3 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -1,14 +1,16 @@
 {% extends "layout.twig" %}
 
 {% block body %}
-    <div class="login-wrapper">
-        <div class="login">
-            <img alt="Nextcloud logo" src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>All-in-One setup</h1>
-            <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
-            <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
-            <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
-            <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
-        </div>
+    <div class="login">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+            <use href="/img/nextcloud-logo.svg#logo"></use>
+            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
+        </svg>
+        <h1>All-in-One setup</h1>
+        <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+        <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
+        <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
+        <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
     </div>
-{% endblock %}
+{% endblock %}
\ No newline at end of file

From 17362bc23489a38e3ae9b52511421302bc635541 Mon Sep 17 00:00:00 2001
From: lll <2844835+flll@users.noreply.github.com>
Date: Sun, 13 Oct 2024 18:56:34 +0900
Subject: [PATCH 2552/3949] [reverse-proxy.md] Add Tailscale integration setup

- Detailed explanation of integrating Tailscale, Caddy, and AIO
- Add example configuration for Compose file
- Include example Caddyfile configuration
- Provide instructions for setting environment variables
- Include notes on security and network configuration


Signed-off-by: lll <2844835+flll@users.noreply.github.com>
---
 reverse-proxy.md | 159 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 159 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1ea7b179..828a1aea 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -707,6 +707,165 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
+### Tailscale
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+This setup integrates Nextcloud All-in-One (AIO) with Tailscale, using Caddy as a reverse proxy. 
+Since Tailscale currently only allows communication with localhost(127.0.0.1), we use a sidecar with Caddy to communicate with AIO.
+
+- Enhanced security with ACL usage within Tailnet
+- ACME certificate issuance without port forwarding (Tailnet only)
+- Possibility to expose Nextcloud externally using Tailscale's `serve.json` configuration (This document does not provide an example of `serve.json`)
+
+
+### 1. Set Environment Variables
+
+Set the following environment variables:
+
+```env
+TS_HOSTNAME=nextcloud # Hostname in Tailnet
+NC_DOMAIN=nextcloud.your-tailnet.ts.net # Format: {$TS_HOSTNAME}.{$tailnetdomain}.ts.net
+TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended
+TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # For OAuth client key usage
+```
+
+>[!NOTE]
+> Ensure NC_DOMAIN is in the correct format.
+> When using OAuth client key, set tags in TS_EXTRA_ARGS and define them in ACL.
+>
+> For more detailed information, please refer to:
+> https://tailscale.com/blog/docker-tailscale-guide
+
+### 2. Configure Docker Compose File
+Create a compose.yml file with the following content. Replace environment variables as appropriate.
+
+#### compose.yml
+
+```yml
+services:
+  nextcloud-aio-mastercontainer:
+    image: nextcloud/all-in-one:latest
+    init: true
+    restart: always
+    container_name: nextcloud-aio-mastercontainer # This line cannot be changed.
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - nextcloud-aio
+    ports:
+      - 0.0.0.0:8080:8080
+    environment:
+      APACHE_PORT: 11000
+      APACHE_IP_BINDING: 127.0.0.1
+      SKIP_DOMAIN_VALIDATION: true
+
+  caddy:
+    image: caddy:alpine
+    restart: unless-stopped
+    environment:
+      - NC_DOMAIN=nextcloud.your-tailnet.ts.net # Change this to your domain ending with .ts.net in the format {$TS_HOSTNAME}.{tailnetdomain}
+    volumes:
+      - type: bind
+        source: ./Caddyfile
+        target: /etc/caddy/Caddyfile
+      - type: volume
+        source: caddy_certs
+        target: /certs
+      - type: volume
+        source: caddy_data
+        target: /data
+      - type: volume
+        source: caddy_config
+        target: /config
+      - type: volume
+        source: tailscale_sock
+        target: /var/run/tailscale/ # Mount the volume for /var/run/tailscale/tailscale.sock
+        read_only: true
+    network_mode: service:tailscale
+
+  tailscale:
+    image: tailscale/tailscale:latest
+    environment:
+      - TS_HOSTNAME=nextcloud # Enter the hostname for your tailnet
+      - TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended
+      - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # Tags are required when using OAuth client
+    init: true
+    restart: unless-stopped
+    volumes:
+      - /dev/net/tun:/dev/net/tun
+      - type: volume
+        source: tailscale
+        target: /var/lib/tailscale
+      - type: volume
+        source: tailscale_sock
+        target: /tmp # Mounting the entire /tmp folder to access tailscale.sock
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    networks:
+      - nextcloud-aio
+
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer # This line cannot be changed.
+  caddy_certs:
+    name: caddy_certs
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config
+  tailscale:
+    name: tailscale
+  tailscale_sock:
+    name: tailscale_sock
+
+networks:
+  nextcloud-aio:
+    name: nextcloud-aio
+    driver: bridge
+    enable_ipv6: false
+    driver_opts:
+      com.docker.network.driver.mtu: "9001" # Jumbo Frame
+      com.docker.network.bridge.host_binding_ipv4: "127.0.0.1" # Harden aio
+```
+
+>[!IMPORTANT]
+> Make sure to replace `NC_DOMAIN`, `TS_HOSTNAME`, `TS_AUTH_KEY`, and `TS_EXTRA_ARGS` with your actual values before running the docker compose file.
+
+
+### 3. Create Caddyfile
+Create a Caddyfile in the current directory with the following content:
+
+#### Caddyfile
+
+```Caddyfile
+https://{$NC_DOMAIN}:443 {
+    reverse_proxy nextcloud-aio-apache:11000
+}
+```
+
+>[!NOTE]
+> Do not manually replace the `{$NC_DOMAIN}` variable. It will be automatically populated with the value set in your environment variables.
+
+
+
+### 4. Set Up Nextcloud AIO
+1. Run `docker compose up -d`
+1. Connect to https://ip.address.of.server:8080/
+1. Enter the configured $NC_DOMAIN
+1. Provision Nextcloud
+1. Connect to `https://$NC_DOMAIN/` (e.g., https://nextcloud.your-tailnet.ts.net/)
+1. Setup complete!
+
+</details>
+
+
 ### Others
 
 <details>

From 83ac2a0c995461342246b04a1e3ee5bc09756b03 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 04:32:45 +0000
Subject: [PATCH 2553/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-7 to 1.4.1-8.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index b2636f44..8deede4e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-7
+FROM clamav/clamav:1.4.1-8
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 2c81cb0a0ab78456ab63393a3016dbaf8b36f55f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 04:32:47 +0000
Subject: [PATCH 2554/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.8.1.1 to 24.04.8.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index cc151fab..2c0fcad8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.8.1.1
+FROM collabora/code:24.04.8.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From e2f76b86852a7a11ed0ae42043bbbdd9c50913ad Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 14 Oct 2024 11:08:29 +0200
Subject: [PATCH 2555/3949] add copyright update workflow

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-copyright.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/workflows/update-copyright.yml

diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
new file mode 100644
index 00000000..42502027
--- /dev/null
+++ b/.github/workflows/update-copyright.yml
@@ -0,0 +1,13 @@
+name: Update Copyright
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  update-copyright:
+    name: update copyright
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4

From 9130cff8041bcb96b49ec67a50cbc6403f22e235 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 14 Oct 2024 14:20:25 +0200
Subject: [PATCH 2556/3949] remove the schedule foor update-copyright for now

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-copyright.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 42502027..fa00f9b1 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -2,8 +2,6 @@ name: Update Copyright
 
 on:
   workflow_dispatch:
-  schedule:
-  - cron:  '00 12 * * *'
 
 jobs:
   update-copyright:

From 6e0c76a23b85789fe5ef6b263a4bcde7a0a88cd6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 05:05:32 +0000
Subject: [PATCH 2557/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.0.3 to v1.0.4.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 2cbb371a..00e5b26f 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.3
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
 
 USER root
 RUN set -ex; \

From 266526557dc9508985cd334d87bcb8a12c22fe23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 15 Oct 2024 16:13:52 +0200
Subject: [PATCH 2558/3949] Update local-instance.md

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/local-instance.md b/local-instance.md
index aa4bd8e6..ac0b9fb4 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,6 +9,8 @@ The recommended way is the following:
 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
+Here is a video that does shows this a bit more in detail: https://youtu.be/zk-y2wVkY4c
+
 ## 2. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 

From 5cf711399fbbf87515cf8ffcc7f0faf59c38869d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 16 Oct 2024 12:30:31 +0200
Subject: [PATCH 2559/3949] nextcloud: add `documentation_url.server_logs`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1abbcd5e..71b0a315 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -531,6 +531,7 @@ php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool -
 php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
+php /var/www/html/occ config:system:set documentation_url.server_logs --value="https://github.com/nextcloud/all-in-one/discussions/5425"
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess
 

From 3ffc511c10b560f050e19b6826c3225171427f62 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 16 Oct 2024 12:03:01 +0000
Subject: [PATCH 2560/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 01271b47..815580e9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2700,16 +2700,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.32.0",
+            "version": "1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "6ca22b154efdd9e3c68c56f5d94670920a1c19a4"
+                "reference": "82a311fd3690fb2bf7b64d5c98f912b3dd746140"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/6ca22b154efdd9e3c68c56f5d94670920a1c19a4",
-                "reference": "6ca22b154efdd9e3c68c56f5d94670920a1c19a4",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/82a311fd3690fb2bf7b64d5c98f912b3dd746140",
+                "reference": "82a311fd3690fb2bf7b64d5c98f912b3dd746140",
                 "shasum": ""
             },
             "require": {
@@ -2741,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.32.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.33.0"
             },
-            "time": "2024-09-26T07:23:32+00:00"
+            "time": "2024-10-13T11:25:22+00:00"
         },
         {
             "name": "sebastian/diff",

From fb3c8ec4defcfc542b2f602e3a77f247f734d406 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Oct 2024 09:39:05 +0000
Subject: [PATCH 2561/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml          | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 655b0e57..906e4858 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.6.0
+version: 9.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 9fe50e25..d609c5c3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20241017_085101"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 75908aa0..e0bbd2e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20241017_085101"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c349aaff..492501b7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20241017_085101"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 7e1643ae..8476aa28 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20241017_085101"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 9374c201..033ca632 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20241017_085101"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 20421b54..1a5ee797 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20241017_085101"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 9d4721e8..cbfc8b15 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241017_085101"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 901aecfe..c33ac701 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20241017_085101"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index e60c2cb6..f6607f0f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20241017_085101"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 972697a5..70dc381c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20241017_085101"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d699cf03..d6fc49e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20241017_085101"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 6dbd02d5..67405468 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20241017_085101"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index f0c022da..4eb3cccd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20240925_080419"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20241017_085101"
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002

From 7ac2d60e51ed49e0cc27bd5ff71b389712157743 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Oct 2024 13:20:33 +0200
Subject: [PATCH 2562/3949] local-ai: add hint how to improve ai task pickup
 speed

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index c74ebc9f..f0c7ea0f 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -19,6 +19,7 @@ This container bundles Local AI and auto-configures it for you.
   name: gpt4all-j
 ```
 -  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.
+- See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 814a1eca53b6c8fbd4cb3ea952826da387f7f609 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Oct 2024 12:02:46 +0000
Subject: [PATCH 2563/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 815580e9..298a4ab7 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -134,16 +134,16 @@
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.3",
+            "version": "2.0.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8"
+                "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8",
-                "reference": "6ea8dd08867a2a42619d65c3deb2c0fcbf81c8f8",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
+                "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
                 "shasum": ""
             },
             "require": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.3"
+                "source": "https://github.com/guzzle/promises/tree/2.0.4"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-18T10:29:17+00:00"
+            "time": "2024-10-17T10:06:22+00:00"
         },
         {
             "name": "guzzlehttp/psr7",

From 2b6e81c0745923005589973d8b4064864e5d9362 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Thu, 17 Oct 2024 17:05:07 +0200
Subject: [PATCH 2564/3949] fix(ui): make loading-overlay cover the logout
 button

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/style.css          | 4 ++--
 php/templates/containers.twig | 5 +----
 php/templates/layout.twig     | 5 ++++-
 php/templates/login.twig      | 5 +----
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index 9a1e578f..6c01613f 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -418,6 +418,7 @@ label {
     font-size: 36px; /* Adjust font size */
     cursor: pointer; /* Change cursor to pointer */
     outline: none;
+    z-index: 9999; /* Ensures the icon is on top of every layer */
 }
 
 /* Icon styling: default state */
@@ -449,7 +450,6 @@ label {
     position: relative; /* Ensures stacking order */
     filter: grayscale(0%); /* Restore full color */
     opacity: 1; /* Fully visible on hover */
-    z-index: 1; /* Ensures the icon is on top of the shadow */
 }
 
 /* Inner glow when hovered */
@@ -461,4 +461,4 @@ label {
 /* Remove hover effects when not hovering */
 #theme-toggle:not(:hover) #theme-icon {
     opacity: 0.6; /* Slightly transparent */
-}
\ No newline at end of file
+}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4017cf8c..87df4758 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -683,7 +683,4 @@
 
         </main>
     </div>
-    <div id="overlay">
-        <div class="loader"></div>
-    </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 669854f8..f5523c76 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -12,5 +12,8 @@
         </div>
         <button id="theme-toggle" onclick="toggleTheme()"><span id="theme-icon"/></button>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>
+        <div id="overlay">
+            <div class="loader"></div>
+        </div>
     </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 04175cc3..5478225f 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -22,7 +22,4 @@
         {% endif %}
     </div>
     <script type="text/javascript" src="before-unload.js"></script>
-    <div id="overlay">
-        <div class="loader"></div>
-    </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}

From a5b25ab56bbb5015b5a9b3c6a5ae878ed90d59db Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Thu, 17 Oct 2024 17:18:58 +0200
Subject: [PATCH 2565/3949] fix(ui): ensure theme-toggle button is visible on
 first visit

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/toggle-dark-mode.js | 18 +++++++++---------
 php/templates/layout.twig      |  6 ++++--
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js
index 1ec2c114..9fc17193 100644
--- a/php/public/toggle-dark-mode.js
+++ b/php/public/toggle-dark-mode.js
@@ -1,7 +1,7 @@
 // Function to toggle theme
 function toggleTheme() {
     const currentTheme = document.documentElement.getAttribute('data-theme');
-    const newTheme = (currentTheme === 'dark') ? 'light' : 'dark';
+    const newTheme = (currentTheme === 'dark') ? '' : 'dark'; // Toggle between no theme and dark theme
     document.documentElement.setAttribute('data-theme', newTheme);
     localStorage.setItem('theme', newTheme);
 
@@ -13,14 +13,14 @@ function toggleTheme() {
 // Function to apply saved theme from localStorage
 function applySavedTheme() {
     const savedTheme = localStorage.getItem('theme');
-    if (savedTheme) {
-        document.documentElement.setAttribute('data-theme', savedTheme);
-
-        // Ensure the icon is set correctly based on the saved theme
-        const themeIcon = document.getElementById('theme-icon');
-        themeIcon.textContent = savedTheme === 'dark' ? '☀️' : '🌙';
+    if (savedTheme === 'dark') {
+        document.documentElement.setAttribute('data-theme', 'dark');
+        document.getElementById('theme-icon').textContent = '☀️'; // Sun icon for dark mode
+    } else {
+        document.documentElement.removeAttribute('data-theme'); // Default to light theme (no data-theme)
+        document.getElementById('theme-icon').textContent = '🌙'; // Moon icon for light mode
     }
 }
 
-// Apply theme when the page loads
-document.addEventListener('DOMContentLoaded', applySavedTheme);
\ No newline at end of file
+// Immediately apply the saved theme
+applySavedTheme();
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index f5523c76..cad5ae7a 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -4,16 +4,18 @@
         <link rel="stylesheet" href="/style.css?v3" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
+        <script type="text/javascript" src="toggle-dark-mode.js"></script>
     </head>
 
     <body>
         <div class="wrapper">
             {% block body %}{% endblock %}
         </div>
-        <button id="theme-toggle" onclick="toggleTheme()"><span id="theme-icon"/></button>
-        <script type="text/javascript" src="toggle-dark-mode.js"></script>
         <div id="overlay">
             <div class="loader"></div>
         </div>
+        <button id="theme-toggle" onclick="toggleTheme()">
+            <span id="theme-icon">🌙</span>
+        </button>
     </body>
 </html>

From de372c11f3b6e07c55a614b865411cdca2d48af6 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Thu, 17 Oct 2024 17:21:09 +0200
Subject: [PATCH 2566/3949] fix(ui): ad darkmode for loading spinner

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/style.css | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 6c01613f..7e6b364a 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -14,6 +14,7 @@
     --color-info: #0071ad;
     --color-info-hover: #00aaef;
     --color-border-maxcontrast: #7d7d7d;
+    --color-loader: #f3f3f3;
     --border: .5px;
     --border-hover: 2px;
     --border-radius: 7px;
@@ -35,6 +36,7 @@
     --color-error-text: #ff8080;
     --color-info: #00aeff;
     --color-info-hover: #33beff;
+    --color-loader: var(--color-border-maxcontrast);
     --border-hover: var(--border);
 }
 
@@ -385,7 +387,7 @@ label {
 }
 
 .loader {
-    border: 16px solid #f3f3f3;
+    border: 16px solid var(--color-loader);
     border-radius: 50%;
     border-top: 16px solid var(--color-nextcloud-blue);
     width: 120px;

From 99caab3625b6125ab8b8d5a92cd5739119dd42b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 04:43:28 +0000
Subject: [PATCH 2567/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.15.2 to 8.15.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 873e9ba9..b67b1067 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.15.2
+FROM elasticsearch:8.15.3
 
 USER root
 

From fa9ae2bc53b7a0f9c06385dc7462a642ed4344f7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 04:44:08 +0000
Subject: [PATCH 2568/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.21-scratch to 2.10.22-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 0d0631c8..d507a515 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.21-scratch AS nats
+FROM nats:2.10.22-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
 FROM alpine:3.20.3 AS janus

From a530cee7e45d873eeb13d6c35a52abaa00a0bb57 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 13:47:10 +0200
Subject: [PATCH 2569/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index ad694376..ff7d934c 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.1.3.2
+FROM onlyoffice/documentserver:8.2.0.1
 
 # USER root is probably used
 

From 0067ec3bcab3eb31c8d1074ed36cf03265998049 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:11:10 +0000
Subject: [PATCH 2570/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 90fac1a8..b79644bb 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -80,7 +80,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install igbinary-3.2.16; \
     pecl install APCu-5.1.24; \
-    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.2.0; \
+    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
     pecl install imagick-3.7.0; \
     \

From 9da4094ff827fc18fc2b6edbc6f91789e06ac9cc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 14:57:06 +0200
Subject: [PATCH 2571/3949] fix mobile layout

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 7e6b364a..85a82b80 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -237,6 +237,7 @@ select:hover {
 textarea {
     border-radius: var(--border-radius);
     border: .5px solid var(--color-main-border);
+    max-width: 100%;
 }
 
 input[type="text"]:focus,
@@ -281,7 +282,7 @@ html[data-theme="dark"] ::-webkit-scrollbar-track {
     background-color: var(--color-main-background);
     border-radius: var(--border-radius-large);
     box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
-    max-height: calc(100dvh - 40px);
+    max-height: calc(100dvh - 50px);
     overflow: hidden;
 }
 
@@ -464,3 +465,9 @@ label {
 #theme-toggle:not(:hover) #theme-icon {
     opacity: 0.6; /* Slightly transparent */
 }
+
+@media only screen and (max-width: 800px) {
+    .container {
+        margin: 50px auto 0px auto;
+    }
+}

From 0e960b8ca46ad6858f5c1c9290f24237d6bc47de Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 15:04:59 +0200
Subject: [PATCH 2572/3949] increase to 9.8.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 87df4758..d1ddb499 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v9.7.0</h1>
+            <h1>Nextcloud AIO v9.8.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 9bf38d27956edf76ac28859521f673b21acc9b51 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 15:56:39 +0200
Subject: [PATCH 2573/3949] only apply saved theme when dom content has loaded

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/toggle-dark-mode.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js
index 9fc17193..773a9f18 100644
--- a/php/public/toggle-dark-mode.js
+++ b/php/public/toggle-dark-mode.js
@@ -22,5 +22,5 @@ function applySavedTheme() {
     }
 }
 
-// Immediately apply the saved theme
-applySavedTheme();
+// Apply theme when the page loads
+document.addEventListener('DOMContentLoaded', applySavedTheme);

From 8fae9b669f485157c23de1bc5e0e073f26d3707a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 16:22:51 +0200
Subject: [PATCH 2574/3949] rp-docs: add links to examples direclty to each rp
 section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md |  2 +-
 reverse-proxy.md  | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index ac0b9fb4..f2471877 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,7 +9,7 @@ The recommended way is the following:
 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
-Here is a video that does shows this a bit more in detail: https://youtu.be/zk-y2wVkY4c
+**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 2. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 205d7892..98ff5545 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -145,6 +145,8 @@ To make the config work you can run the following command:
 
 <summary>click here to expand</summary>
 
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example.
+
 Add this to your Caddyfile:
 
 ```
@@ -204,6 +206,9 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 <summary>click here to expand</summary>
 
+
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example.
+
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
@@ -317,6 +322,8 @@ backend Nextcloud
 
 <summary>click here to expand</summary>
 
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example.
+
 **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome!
 
 Add the below template to your Nginx config.
@@ -401,8 +408,6 @@ server {
 
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
-**Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
-
 </details>
 
 ### Nginx-Proxy-Manager - NPM
@@ -411,6 +416,8 @@ server {
 
 <summary>click here to expand</summary>
 
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
+
 First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
 If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
 
@@ -560,6 +567,8 @@ See these screenshots for a working config:
 
 <summary>click here to expand</summary>
 
+**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example.
+
 **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
 Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
@@ -638,7 +647,6 @@ The examples below define the dynamic configuration in YAML files. If you rather
 ---
 
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
-**Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>
 

From 42a39397e4866906e542c1be8fd63e0a70a4047a Mon Sep 17 00:00:00 2001
From: lll <2844835+flll@users.noreply.github.com>
Date: Fri, 18 Oct 2024 23:40:21 +0900
Subject: [PATCH 2575/3949] to wiki

Signed-off-by: lll <2844835+flll@users.noreply.github.com>
---
 reverse-proxy.md | 150 +----------------------------------------------
 1 file changed, 1 insertion(+), 149 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 828a1aea..7a06d30a 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -713,155 +713,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 <summary>click here to expand</summary>
 
-**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
-
-This setup integrates Nextcloud All-in-One (AIO) with Tailscale, using Caddy as a reverse proxy. 
-Since Tailscale currently only allows communication with localhost(127.0.0.1), we use a sidecar with Caddy to communicate with AIO.
-
-- Enhanced security with ACL usage within Tailnet
-- ACME certificate issuance without port forwarding (Tailnet only)
-- Possibility to expose Nextcloud externally using Tailscale's `serve.json` configuration (This document does not provide an example of `serve.json`)
-
-
-### 1. Set Environment Variables
-
-Set the following environment variables:
-
-```env
-TS_HOSTNAME=nextcloud # Hostname in Tailnet
-NC_DOMAIN=nextcloud.your-tailnet.ts.net # Format: {$TS_HOSTNAME}.{$tailnetdomain}.ts.net
-TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended
-TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # For OAuth client key usage
-```
-
->[!NOTE]
-> Ensure NC_DOMAIN is in the correct format.
-> When using OAuth client key, set tags in TS_EXTRA_ARGS and define them in ACL.
->
-> For more detailed information, please refer to:
-> https://tailscale.com/blog/docker-tailscale-guide
-
-### 2. Configure Docker Compose File
-Create a compose.yml file with the following content. Replace environment variables as appropriate.
-
-#### compose.yml
-
-```yml
-services:
-  nextcloud-aio-mastercontainer:
-    image: nextcloud/all-in-one:latest
-    init: true
-    restart: always
-    container_name: nextcloud-aio-mastercontainer # This line cannot be changed.
-    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    networks:
-      - nextcloud-aio
-    ports:
-      - 0.0.0.0:8080:8080
-    environment:
-      APACHE_PORT: 11000
-      APACHE_IP_BINDING: 127.0.0.1
-      SKIP_DOMAIN_VALIDATION: true
-
-  caddy:
-    image: caddy:alpine
-    restart: unless-stopped
-    environment:
-      - NC_DOMAIN=nextcloud.your-tailnet.ts.net # Change this to your domain ending with .ts.net in the format {$TS_HOSTNAME}.{tailnetdomain}
-    volumes:
-      - type: bind
-        source: ./Caddyfile
-        target: /etc/caddy/Caddyfile
-      - type: volume
-        source: caddy_certs
-        target: /certs
-      - type: volume
-        source: caddy_data
-        target: /data
-      - type: volume
-        source: caddy_config
-        target: /config
-      - type: volume
-        source: tailscale_sock
-        target: /var/run/tailscale/ # Mount the volume for /var/run/tailscale/tailscale.sock
-        read_only: true
-    network_mode: service:tailscale
-
-  tailscale:
-    image: tailscale/tailscale:latest
-    environment:
-      - TS_HOSTNAME=nextcloud # Enter the hostname for your tailnet
-      - TS_AUTH_KEY=tskey-client-kXGGbs6CNTRL # OAuth client key recommended
-      - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud # Tags are required when using OAuth client
-    init: true
-    restart: unless-stopped
-    volumes:
-      - /dev/net/tun:/dev/net/tun
-      - type: volume
-        source: tailscale
-        target: /var/lib/tailscale
-      - type: volume
-        source: tailscale_sock
-        target: /tmp # Mounting the entire /tmp folder to access tailscale.sock
-    cap_add:
-      - NET_ADMIN
-      - NET_RAW
-    networks:
-      - nextcloud-aio
-
-volumes:
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line cannot be changed.
-  caddy_certs:
-    name: caddy_certs
-  caddy_data:
-    name: caddy_data
-  caddy_config:
-    name: caddy_config
-  tailscale:
-    name: tailscale
-  tailscale_sock:
-    name: tailscale_sock
-
-networks:
-  nextcloud-aio:
-    name: nextcloud-aio
-    driver: bridge
-    enable_ipv6: false
-    driver_opts:
-      com.docker.network.driver.mtu: "9001" # Jumbo Frame
-      com.docker.network.bridge.host_binding_ipv4: "127.0.0.1" # Harden aio
-```
-
->[!IMPORTANT]
-> Make sure to replace `NC_DOMAIN`, `TS_HOSTNAME`, `TS_AUTH_KEY`, and `TS_EXTRA_ARGS` with your actual values before running the docker compose file.
-
-
-### 3. Create Caddyfile
-Create a Caddyfile in the current directory with the following content:
-
-#### Caddyfile
-
-```Caddyfile
-https://{$NC_DOMAIN}:443 {
-    reverse_proxy nextcloud-aio-apache:11000
-}
-```
-
->[!NOTE]
-> Do not manually replace the `{$NC_DOMAIN}` variable. It will be automatically populated with the value set in your environment variables.
-
-
-
-### 4. Set Up Nextcloud AIO
-1. Run `docker compose up -d`
-1. Connect to https://ip.address.of.server:8080/
-1. Enter the configured $NC_DOMAIN
-1. Provision Nextcloud
-1. Connect to `https://$NC_DOMAIN/` (e.g., https://nextcloud.your-tailnet.ts.net/)
-1. Setup complete!
+It's too long to write here, so please jump to **this guide:** https://github.com/nextcloud/all-in-one/discussions/5439
 
 </details>
 

From 4be6d492ea8b7f7188abea5edf6d7c7b10e279ad Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Oct 2024 17:50:31 +0200
Subject: [PATCH 2576/3949] nextcloud&notify-push: allow to adjust the
 DATABASE_TYPE

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh |  9 +++++++--
 Containers/nextcloud/start.sh      |  5 +++++
 Containers/notify-push/start.sh    | 15 +++++++++++----
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1abbcd5e..ae577679 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -20,6 +20,11 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
+# Adjust DATABASE_TYPE to by Nextcloud supported value
+if [ "$DATABASE_TYPE" = postgres ]; then
+    export DATABASE_TYPE=pgsql
+fi
+
 # Only start container if redis is accessible
 # shellcheck disable=SC2153
 while ! nc -z "$REDIS_HOST" "6379"; do
@@ -237,12 +242,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 );
 DATADIR_PERMISSION_CONF
 
-            echo "Installing with PostgreSQL database"
+            echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
               POSTGRES_PORT=5432
             fi
-            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
+            INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
             echo "Starting Nextcloud installation..."
             if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 0bbea739..37aa4d98 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,6 +17,11 @@ done
 POSTGRES_USER="oc_$POSTGRES_USER"
 export POSTGRES_USER
 
+# Check that db type is not empty
+if [ -z "$DATABASE_TYPE" ]; then
+    export DATABASE_TYPE=postgres
+fi
+
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 1f77b0f1..21b291d0 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -1,13 +1,13 @@
 #!/bin/bash
 
 if [ -z "$NEXTCLOUD_HOST" ]; then
-    echo "NEXTCLOUD_HOST need to be provided. Exiting!"
+    echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
     exit 1
 elif [ -z "$POSTGRES_HOST" ]; then
-    echo "POSTGRES_HOST need to be provided. Exiting!"
+    echo "POSTGRES_HOST needs to be provided. Exiting!"
     exit 1
 elif [ -z "$REDIS_HOST" ]; then
-    echo "REDIS_HOST need to be provided. Exiting!"
+    echo "REDIS_HOST needs to be provided. Exiting!"
     exit 1
 fi
 
@@ -52,9 +52,16 @@ fi
 if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
+# Set a default for db type
+if [ -z "$DATABASE_TYPE" ]; then
+    DATABASE_TYPE=postgres
+elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
+    echo "DB type must be either postgres or mysql"
+    exit 1
+fi
 
 # Set sensitive values as env
-export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
+export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 5b4edc2c344c623b1a5c718b1d8142a474448e18 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 21 Oct 2024 10:01:02 +0200
Subject: [PATCH 2577/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md |  3 ++-
 reverse-proxy.md  | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index f2471877..28ef78ee 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,7 +9,8 @@ The recommended way is the following:
 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
-**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
+> [!TIP]
+> You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 2. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 98ff5545..3c2f6134 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -145,7 +145,8 @@ To make the config work you can run the following command:
 
 <summary>click here to expand</summary>
 
-**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example.
+> [!TIP]
+> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example.
 
 Add this to your Caddyfile:
 
@@ -207,7 +208,8 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 <summary>click here to expand</summary>
 
 
-**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example.
+> [!TIP]
+> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example.
 
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
@@ -322,7 +324,8 @@ backend Nextcloud
 
 <summary>click here to expand</summary>
 
-**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example.
+> [!TIP]
+> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example.
 
 **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome!
 
@@ -416,7 +419,8 @@ server {
 
 <summary>click here to expand</summary>
 
-**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
+> [!TIP]
+> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
 
 First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
 If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
@@ -567,7 +571,8 @@ See these screenshots for a working config:
 
 <summary>click here to expand</summary>
 
-**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example.
+> [!TIP]
+> You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example.
 
 **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 

From 70e31a40b4a4d7e009d930942f9c2e8e20a5ecef Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 21 Oct 2024 10:27:35 +0200
Subject: [PATCH 2578/3949] update wording

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7a06d30a..15491819 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -713,7 +713,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 <summary>click here to expand</summary>
 
-It's too long to write here, so please jump to **this guide:** https://github.com/nextcloud/all-in-one/discussions/5439
+For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
 
 </details>
 

From 5100bcdddaded09a9b2f53a57ac5539a06f18d34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 04:36:19 +0000
Subject: [PATCH 2579/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-8 to 1.4.1-9.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 8deede4e..cbb92232 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-8
+FROM clamav/clamav:1.4.1-9
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 3dfbf3d9ab0ebd6f43a7bba770d613185d6354ef Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 22 Oct 2024 11:05:08 +0200
Subject: [PATCH 2580/3949] Revert "change Hint to github hint" because it does
 not seem to work inside a details tag

This reverts commit 5b4edc2c344c623b1a5c718b1d8142a474448e18.
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md |  3 +--
 reverse-proxy.md  | 15 +++++----------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index 28ef78ee..f2471877 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,8 +9,7 @@ The recommended way is the following:
 1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
-> [!TIP]
-> You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 2. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
diff --git a/reverse-proxy.md b/reverse-proxy.md
index a3c71610..1345b583 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -145,8 +145,7 @@ To make the config work you can run the following command:
 
 <summary>click here to expand</summary>
 
-> [!TIP]
-> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete but possibly outdated example.
 
 Add this to your Caddyfile:
 
@@ -208,8 +207,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 <summary>click here to expand</summary>
 
 
-> [!TIP]
-> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/2845#discussioncomment-6423237) for a more complete but possibly outdated example.
 
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
@@ -324,8 +322,7 @@ backend Nextcloud
 
 <summary>click here to expand</summary>
 
-> [!TIP]
-> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete but possibly outdated example.
 
 **Disclaimer:** This config was tested and should normally work on all modern Nginx versions. Improvements to the config are very welcome!
 
@@ -419,8 +416,7 @@ server {
 
 <summary>click here to expand</summary>
 
-> [!TIP]
-> You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
+**Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
 
 First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
 If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
@@ -571,8 +567,7 @@ See these screenshots for a working config:
 
 <summary>click here to expand</summary>
 
-> [!TIP]
-> You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this video](https://www.youtube.com/watch?v=VLPSRrLMDmA) for a more complete but possibly outdated example.
 
 **Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 

From 5849a1fce9a1749215d3d34902b6c7a042849a13 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 22 Oct 2024 11:13:41 +0200
Subject: [PATCH 2581/3949] readme: add tailscale network

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 88972ecf..913f18e2 100644
--- a/readme.md
+++ b/readme.md
@@ -27,6 +27,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+- Can be used inside [Tailscale network](https://github.com/nextcloud/all-in-one/discussions/5439)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -239,6 +240,9 @@ Another but untested way is to install Portainer on your TrueNAS SCALE from here
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
+### How to run Nextcloud inside a Tailscale network?
+For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+
 ### Disrecommended VPS providers
 - *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.
   If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it

From d9142871f60d7548f76b537c045df721ade52bff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Oct 2024 12:03:53 +0200
Subject: [PATCH 2582/3949] Refactor manual-install Compose.yml: Simplify
 Environment Variables (#5459)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🔧 Refactor manual-install Compose.yml: Simplify Environment Variables

- Removed explicit values for environment variables in `docker-compose.yml`.
- Utilized default values for better flexibility and maintainability.
- Updated network configuration to use the default bridge driver.

Note: Using `network: default` is sufficient within Docker Compose; there's no need to create a separate `nextcloud-network` for all hosts. 🚀


Signed-off-by: lll <2844835+flll@users.noreply.github.com>
---
 manual-install/latest.yml               | 98 +++++++++----------------
 manual-install/update-yaml.sh           | 16 ++--
 nextcloud-aio-helm-chart/update-helm.sh | 11 ++-
 3 files changed, 51 insertions(+), 74 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index e5d876ca..03132847 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -25,15 +25,15 @@ services:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
     environment:
-      - NC_DOMAIN=${NC_DOMAIN}
+      - NC_DOMAIN
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - APACHE_HOST=nextcloud-aio-apache
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
+      - APACHE_PORT
       - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - TZ=${TIMEZONE}
-      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_SIZE
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
       - WHITEBOARD_HOST=nextcloud-aio-whiteboard
@@ -41,8 +41,6 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -70,8 +68,6 @@ services:
     stop_grace_period: 1800s
     restart: unless-stopped
     shm_size: 268435456
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/run/postgresql
@@ -116,52 +112,50 @@ services:
       - POSTGRES_USER=nextcloud
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - NC_DOMAIN=${NC_DOMAIN}
+      - NC_DOMAIN
       - ADMIN_USER=admin
       - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
       - NEXTCLOUD_DATA_DIR=/mnt/ncdata
       - OVERWRITEHOST=${NC_DOMAIN}
       - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - CLAMAV_ENABLED=${CLAMAV_ENABLED}
+      - TURN_SECRET
+      - SIGNALING_SECRET
+      - ONLYOFFICE_SECRET
+      - NEXTCLOUD_MOUNT
+      - CLAMAV_ENABLED
       - CLAMAV_HOST=nextcloud-aio-clamav
-      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
+      - ONLYOFFICE_ENABLED
+      - COLLABORA_ENABLED
       - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
+      - TALK_ENABLED
       - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
+      - UPDATE_NEXTCLOUD_APPS
       - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - TALK_PORT
+      - IMAGINARY_ENABLED
       - IMAGINARY_HOST=nextcloud-aio-imaginary
       - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
-      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_ENABLED
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-      - INSTALL_LATEST_MAJOR=${INSTALL_LATEST_MAJOR}
-      - TALK_RECORDING_ENABLED=${TALK_RECORDING_ENABLED}
-      - RECORDING_SECRET=${RECORDING_SECRET}
+      - INSTALL_LATEST_MAJOR
+      - TALK_RECORDING_ENABLED
+      - RECORDING_SECRET
       - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
-      - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
-      - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
-      - APACHE_PORT=${APACHE_PORT}
-      - IMAGINARY_SECRET=${IMAGINARY_SECRET}
-      - WHITEBOARD_SECRET=${WHITEBOARD_SECRET}
-      - WHITEBOARD_ENABLED=${WHITEBOARD_ENABLED}
+      - FULLTEXTSEARCH_PASSWORD
+      - REMOVE_DISABLED_APPS
+      - APACHE_PORT
+      - IMAGINARY_SECRET
+      - WHITEBOARD_SECRET
+      - WHITEBOARD_ENABLED
     stop_grace_period: 600s
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -173,7 +167,7 @@ services:
     volumes:
       - nextcloud_aio_nextcloud:/nextcloud:ro
     environment:
-      - NC_DOMAIN=${NC_DOMAIN}
+      - NC_DOMAIN
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
@@ -183,8 +177,6 @@ services:
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -200,8 +192,6 @@ services:
     volumes:
       - nextcloud_aio_redis:/data:rw
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -221,8 +211,6 @@ services:
     restart: unless-stopped
     profiles:
       - collabora
-    networks:
-      - nextcloud-aio
     cap_add:
       - MKNOD
       - SYS_ADMIN
@@ -238,19 +226,17 @@ services:
     expose:
       - "8081"
     environment:
-      - NC_DOMAIN=${NC_DOMAIN}
+      - NC_DOMAIN
       - TALK_HOST=nextcloud-aio-talk
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - TURN_SECRET
+      - SIGNALING_SECRET
       - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
+      - TALK_PORT
       - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
     restart: unless-stopped
     profiles:
       - talk
       - talk-recording
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -267,16 +253,14 @@ services:
     expose:
       - "1234"
     environment:
-      - NC_DOMAIN=${NC_DOMAIN}
+      - NC_DOMAIN
       - TZ=${TIMEZONE}
-      - RECORDING_SECRET=${RECORDING_SECRET}
+      - RECORDING_SECRET
       - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
     shm_size: 2147483648
     restart: unless-stopped
     profiles:
       - talk-recording
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /tmp
@@ -298,8 +282,6 @@ services:
     restart: unless-stopped
     profiles:
       - clamav
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/lock
@@ -323,8 +305,6 @@ services:
     restart: unless-stopped
     profiles:
       - onlyoffice
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -335,7 +315,7 @@ services:
       - "9000"
     environment:
       - TZ=${TIMEZONE}
-      - IMAGINARY_SECRET=${IMAGINARY_SECRET}
+      - IMAGINARY_SECRET
     restart: unless-stopped
     cap_add:
       - SYS_NICE
@@ -343,8 +323,6 @@ services:
       - NET_RAW
     profiles:
       - imaginary
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /tmp
@@ -364,14 +342,12 @@ services:
       - http.port=9200
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=false
-      - FULLTEXTSEARCH_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
+      - FULLTEXTSEARCH_PASSWORD
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
     restart: unless-stopped
     profiles:
       - fulltextsearch
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -391,8 +367,6 @@ services:
     profiles:
       - whiteboard
     read_only: true
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -417,5 +391,5 @@ volumes:
     name: nextcloud_aio_nextcloud_data
 
 networks:
-  nextcloud-aio:
-    name: nextcloud-aio
+  default:
+    driver: bridge
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index d8bb0cc2..e712304c 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
+#!/bin/bash -ex
 
-set -ex
+type {jq,sudo} || { echo "Commands not found. Please install them"; exit 127; }
 
 jq -c . ./php/containers.json > /tmp/containers.json
 sed -i 's|aio_services_v1|services|g' /tmp/containers.json
@@ -18,6 +18,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
@@ -25,7 +26,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
-snap install yq
+sudo snap install yq
 mkdir -p ./manual-install
 echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 
@@ -139,13 +140,12 @@ done
 cat << NETWORK >> containers.yml
 
 networks:
-  nextcloud-aio:
-    name: nextcloud-aio
+  default:
+    driver: bridge
 NETWORK
 
-cat containers.yml > latest.yml
+mv containers.yml latest.yml
 sed -i "/image:/s/$/:latest/" latest.yml
-
-rm containers.yml
+sed -i 's/\( *- \(\w*\)\)=\${\2\}/\1/' latest.yml
 
 set +ex
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9267ab07..9200cc3a 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -1,9 +1,11 @@
 #!/bin/bash
 
+[ -z "$1" ] && { echo "Error: Docker tag is not specified. Usage: ./nextcloud-aio-helm-chart/update-helm.sh <Docker tag>"; exit 2; }
+
 DOCKER_TAG="$1"
 
 # The logic needs the files in ./helm-chart
-mv ./nextcloud-aio-helm-chart ./helm-chart
+cp -r ./nextcloud-aio-helm-chart ./helm-chart
 
 # Clean
 rm -f ./helm-chart/values.yaml
@@ -15,13 +17,15 @@ chmod +x kompose
 sudo mv ./kompose /usr/local/bin/kompose
 
 # Install yq
-snap install yq
+sudo snap install yq
 
 set -ex
 
 # Conversion of docker-compose
 cd manual-install
 cp latest.yml latest.yml.backup
+
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
@@ -41,8 +45,7 @@ sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
 sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
 sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
-sed -i 's|\${|{{ .Values.|g' latest.yml
-sed -i 's|}| }}|g' latest.yml
+sed -i 's/\${/{{ .Values./g; s/}/ }}/g' latest.yml
 yq -i 'del(.services.[].profiles)' latest.yml
 # Delete read_only and tmpfs setting while https://github.com/kubernetes/kubernetes/issues/48912 is not fixed
 yq -i 'del(.services.[].read_only)' latest.yml

From 68d75dc01a7cfecfea26a743ce0ead546cc6240d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Oct 2024 13:08:04 +0200
Subject: [PATCH 2583/3949] local-instance-docs: add content and add tailscale
 network as option

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/local-instance.md b/local-instance.md
index f2471877..a03f8903 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -1,6 +1,13 @@
 # Local instance
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
+### Content
+- [1. The recommended way](#1-the-recommended-way)
+- [2. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge)
+- [3. Use Cloudflare](#3-use-cloudflare)
+- [4. Buy a certificate and use that](#4-buy-a-certificate-and-use-that)
+- [5. Tailscale network](#5-tailscale-network)
+
 ## 1. The recommended way
 The recommended way is the following:
 1. Set up your domain correctly to point to your home network
@@ -19,3 +26,6 @@ If you do not have any control over the network, you may think about using Cloud
 
 ## 4. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+
+## 5. Tailscale network
+For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439

From bdc782e74c9d64deb8eabef32e2f47b7f2059b67 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Oct 2024 15:57:09 +0200
Subject: [PATCH 2584/3949] compose.yaml: document additional available envs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/compose.yaml b/compose.yaml
index f3b53452..5fed63d3 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -14,6 +14,7 @@ services:
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
@@ -29,6 +30,7 @@ services:
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # security_opt: ["label:disable"] # Is needed when using SELinux

From 459edf573c6504d8a27d581cd266e9b1b2a7e654 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Oct 2024 05:00:45 +0000
Subject: [PATCH 2585/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.12-fpm-alpine3.20 to 8.3.13-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ecfb35de..1ba92044 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.3.1-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.12-fpm-alpine3.20
+FROM php:8.3.13-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From 0066ad6a370d1f03860f07aeac7297c4e657f5e2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Oct 2024 05:00:57 +0000
Subject: [PATCH 2586/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.2.24-fpm-alpine3.20 to 8.2.25-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b79644bb..1a376908 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.24-fpm-alpine3.20
+FROM php:8.2.25-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From d35d97b3167ed8d87cad4d290dc1321ece72997e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 25 Oct 2024 11:01:06 +0200
Subject: [PATCH 2587/3949] refactor compose.yaml: adjust the caddy setup to
 feature inline config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 5fed63d3..ecf4d588 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -35,21 +35,34 @@ services:
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # security_opt: ["label:disable"] # Is needed when using SELinux
 
-  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
-  # caddy:
-  #   image: caddy:alpine
-  #   restart: always
-  #   container_name: caddy
-  #   volumes:
-  #     - ./Caddyfile:/etc/caddy/Caddyfile
-  #     - ./certs:/certs
-  #     - ./config:/config
-  #     - ./data:/data
-  #     - ./sites:/srv
-  #   network_mode: "host"
+#   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
+#   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
+#   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+#   caddy:
+#     image: caddy:alpine
+#     restart: always
+#     container_name: caddy
+#     volumes:
+#       - caddy_certs:/certs
+#       - caddy_config:/config
+#       - caddy_data:/data
+#       - caddy_sites:/srv
+#     network_mode: "host"
+#     configs:
+#       - source: Caddyfile
+#         target: /etc/caddy/Caddyfile
+# configs:
+#   Caddyfile:
+#     content: |
+#       # Adjust cloud.example.com to your domain below
+#       https://cloud.example.com:443 {
+#         reverse_proxy localhost:11000
+#       }
 
 volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
   nextcloud_aio_mastercontainer:
     name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
-
+  # caddy_certs:
+  # caddy_config:
+  # caddy_data:
+  # caddy_sites:

From 3f3ae167e9d95f5bceb4e3aff491ced77e4a7ffa Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Fri, 25 Oct 2024 20:30:30 +0200
Subject: [PATCH 2588/3949] fix(ui): split theme & icon load to prevent
 flicker, errors

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/toggle-dark-mode.js | 19 +++++++++++++++----
 php/templates/layout.twig      |  2 +-
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/php/public/toggle-dark-mode.js b/php/public/toggle-dark-mode.js
index 773a9f18..9df54287 100644
--- a/php/public/toggle-dark-mode.js
+++ b/php/public/toggle-dark-mode.js
@@ -10,17 +10,28 @@ function toggleTheme() {
     themeIcon.textContent = newTheme === 'dark' ? '☀️' : '🌙'; // Switch between moon and sun icons
 }
 
-// Function to apply saved theme from localStorage
-function applySavedTheme() {
+// Function to immediately apply saved theme without icon update
+function applySavedThemeImmediately() {
     const savedTheme = localStorage.getItem('theme');
     if (savedTheme === 'dark') {
         document.documentElement.setAttribute('data-theme', 'dark');
+    } else {
+        document.documentElement.removeAttribute('data-theme'); // Default to light theme
+    }
+}
+
+// Function to apply theme-icon update
+function setThemeIcon() {
+    const savedTheme = localStorage.getItem('theme');
+    if (savedTheme === 'dark') {
         document.getElementById('theme-icon').textContent = '☀️'; // Sun icon for dark mode
     } else {
-        document.documentElement.removeAttribute('data-theme'); // Default to light theme (no data-theme)
         document.getElementById('theme-icon').textContent = '🌙'; // Moon icon for light mode
     }
 }
 
+// Immediately apply the saved theme to avoid flickering
+applySavedThemeImmediately();
+
 // Apply theme when the page loads
-document.addEventListener('DOMContentLoaded', applySavedTheme);
+document.addEventListener('DOMContentLoaded', setThemeIcon);
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index cad5ae7a..56e4ee6b 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -15,7 +15,7 @@
             <div class="loader"></div>
         </div>
         <button id="theme-toggle" onclick="toggleTheme()">
-            <span id="theme-icon">🌙</span>
+            <span id="theme-icon"></span>
         </button>
     </body>
 </html>

From 55b5469260d5e2a0d3476f10e6318aebb0f45529 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Fri, 25 Oct 2024 20:43:42 +0200
Subject: [PATCH 2589/3949] fix(ui): correct style for disabled checkbox labels

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/style.css | 52 ++++++++++++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 9 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index 85a82b80..36a37dab 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -22,6 +22,9 @@
     --default-font-size: 13px;
     --checkbox-size: 16px;
     --max-width: 500px;
+    --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */
+    --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */
+    --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */
 }
 
 [data-theme="dark"] {
@@ -327,7 +330,8 @@ header > form {
     margin-right: 30px;
 }
 
-input[type="checkbox"] {
+/* Standard styling for enabled checkboxes */
+input[type="checkbox"]:not(:disabled) {
     width: var(--checkbox-size);
     height: var(--checkbox-size);
     -webkit-appearance: none; /* remove default styling */
@@ -341,33 +345,63 @@ input[type="checkbox"] {
     margin-top: -1px; /* adjust for better alignment */
 }
 
-input[type="checkbox"]:checked {
+/* Hover effects for enabled checkboxes */
+input[type="checkbox"]:not(:disabled):hover {
+    border-color: var(--color-info-hover);
+}
+
+/* Checkmark styling for enabled checkboxes */
+input[type="checkbox"]:checked:not(:disabled) {
     background-color: var(--color-nextcloud-blue);
     border-color: var(--color-border-maxcontrast);
 }
 
-input[type="checkbox"]:checked::after {
-    content: ''; /* Create a pseudo-element for the checkmark */
-    position: absolute; /* Position it absolutely */
+input[type="checkbox"]:checked:not(:disabled)::after {
+    content: ''; /* Creates a pseudo-element for the checkmark */
+    position: absolute; /* Positions it absolutely */
     left: 4px; /* Positioning of the checkmark */
     top: 0; /* Positioning of the checkmark */
     width: 4px; /* Width of the checkmark */
     height: 9px; /* Height of the checkmark */
     border: solid white; /* Color of the checkmark */
-    border-width: 0 2px 3px 0; /* Create the checkmark shape */
-    transform: rotate(45deg); /* Rotate to form a checkmark */
+    border-width: 0 2px 3px 0; /* Creates the checkmark shape */
+    transform: rotate(45deg); /* Rotates to form a checkmark */
 }
 
-input[type="checkbox"]:hover {
-    border-color: var(--color-info-hover);
+/* Styling for disabled checkboxes (grayed out, no hover, no pointer) */
+input[type="checkbox"]:disabled:not(:checked) {
+    background-color: var(--color-disabled);
+    border-color: var(--color-border-disabled);
+    cursor: default;
+    opacity: 0.5; /* Makes the checkbox appear faded */
 }
 
+/* Styling for disabled checked checkboxes (no pointer) */
+input[type="checkbox"]:disabled:checked {
+    cursor: default;
+}
+
+input[type="checkbox"]:disabled:hover {
+    border-color: var(--color-border-disabled); /* Keeps disabled state without hover effect */
+}
+
+/* General Label styling */
 label {
     cursor: pointer;
     margin-left: 4px;
     line-height: var(--checkbox-size);
 }
 
+/* Label cursor for disabled checkboxes */
+input[type="checkbox"]:disabled + label {
+    cursor: default;
+}
+
+/* Label styling for disabled, not checked checkboxes */
+input[type="checkbox"]:disabled:not(:checked) + label {
+    color: var(--color-text-disabled);
+}
+
 .loading {
     color: grey;
 }

From 4ff189fce1dfb8a04363bc807118e7a581428c34 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Sat, 26 Oct 2024 10:19:09 +0200
Subject: [PATCH 2590/3949] fix(ui): adjust height of main to fit in container

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/style.css | 43 ++++++++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index 36a37dab..c2125820 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -15,6 +15,9 @@
     --color-info-hover: #00aaef;
     --color-border-maxcontrast: #7d7d7d;
     --color-loader: #f3f3f3;
+    --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */
+    --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */
+    --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */
     --border: .5px;
     --border-hover: 2px;
     --border-radius: 7px;
@@ -22,9 +25,21 @@
     --default-font-size: 13px;
     --checkbox-size: 16px;
     --max-width: 500px;
-    --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */
-    --color-border-disabled: #a9a9a9; /* darker gray border for disabled checkboxes */
-    --color-text-disabled: #a9a9a9; /* matching label text color for disabled checkboxes */
+    --container-top-margin: 20px;
+    --container-bottom-margin: 20px;
+    --container-padding: 2px;
+    --container-height-calculation-difference: calc(var(--container-top-margin) + var(--container-bottom-margin));
+    --main-height-calculation-difference: calc(var(--container-height-calculation-difference) + calc(var(--container-padding) * 2));
+    --main-padding: 50px;
+}
+
+/* Breakpoint calculation: 500px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 800px
+Note: Unfortunately, it's not possible to calculate this dynamically using CSS variables in media queries */
+@media only screen and (max-width: 800px) {
+    :root {
+        --container-top-margin: 50px;
+        --container-bottom-margin: 0px;
+    }
 }
 
 [data-theme="dark"] {
@@ -279,26 +294,26 @@ html[data-theme="dark"] ::-webkit-scrollbar-track {
 }
 
 .container {
-    margin: 20px auto;
-    padding: 2px;
-    max-width: calc(var(--max-width) + 108px);
+    margin: var(--container-top-margin) auto var(--container-bottom-margin) auto;
+    padding: var(--container-padding);
+    max-width: calc(var(--max-width) + calc(var(--main-padding) * 2) + 8px);
     background-color: var(--color-main-background);
     border-radius: var(--border-radius-large);
     box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
-    max-height: calc(100dvh - 50px);
+    max-height: calc(100dvh - var(--container-height-calculation-difference));
     overflow: hidden;
 }
 
 main {
-    padding-left: 50px;
-    padding-right: 50px;
+    padding-left: var(--main-padding);
+    padding-right: var(--main-padding);
     background-color: transparent; /* transparent, since color comes from outer container */
     color: var(--color-main-text);
-    max-height: calc(100dvh - 44px);
+    max-height: calc(100dvh - var(--main-height-calculation-difference));
     overflow-y: auto;
     box-sizing: border-box;
     word-break: break-word;
-    max-width: calc(var(--max-width) + 100px);
+    max-width: calc(var(--max-width) + calc(var(--main-padding) * 2));
     margin: 0 auto;
 }
 
@@ -499,9 +514,3 @@ input[type="checkbox"]:disabled:not(:checked) + label {
 #theme-toggle:not(:hover) #theme-icon {
     opacity: 0.6; /* Slightly transparent */
 }
-
-@media only screen and (max-width: 800px) {
-    .container {
-        margin: 50px auto 0px auto;
-    }
-}

From b814a51d0b8a89f204e5e7af8da10774159d7526 Mon Sep 17 00:00:00 2001
From: sunjam <sunjam@users.noreply.github.com>
Date: Sun, 27 Oct 2024 07:43:10 -0700
Subject: [PATCH 2591/3949] Update readme.md local documentation (#5473)

Adding more wording to local description to clarify it relates to having "no domain" and other keywords/phrases users must be missing, because so many people are confused about this.

Signed-off-by: sunjam <sunjam@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md |  2 +-
 readme.md         | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index a03f8903..abd99059 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -1,5 +1,5 @@
 # Local instance
-It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
+It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
 ### Content
 - [1. The recommended way](#1-the-recommended-way)
diff --git a/readme.md b/readme.md
index 913f18e2..92831931 100644
--- a/readme.md
+++ b/readme.md
@@ -261,8 +261,11 @@ In general recommended VPS are those that are KVM/non-virtualized as Docker shou
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
 
-### How to run Nextcloud locally?
-If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md)
+### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
+If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
+
+### Can I use an ip-address for Nextcloud instead of a domain?
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) for configuration without a traditional domain. Or, [consider using NextcloudPi](nextcloudpi.com) for ip-address access locally (it bundles fewer features than AIO).
 
 ### Can I run AIO offline or in an airgapped system?
 No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
@@ -270,9 +273,6 @@ No. This is not possible and will not be added due to multiple reasons: update c
 ### Are self-signed certificates supported for Nextcloud?
 No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md).
 
-### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
-
 ### Can I use AIO with multiple domains?
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 

From 017ed64f6bedb10f83c6892eecc011eddbc87b2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 04:39:26 +0000
Subject: [PATCH 2592/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-9 to 1.4.1-10.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index cbb92232..41f54485 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-9
+FROM clamav/clamav:1.4.1-10
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From d2f00b44d435d419f6d48dcdcf100337c4a75afe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 04:39:27 +0000
Subject: [PATCH 2593/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.8.2.1 to 24.04.9.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 2c0fcad8..e5bd7c04 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.8.2.1
+FROM collabora/code:24.04.9.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From d2adea5fe446eef9b43f6c5492c1747c47bfce57 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 04:40:04 +0000
Subject: [PATCH 2594/3949] build(deps): bump eturnal/eturnal in
 /Containers/talk

Bumps eturnal/eturnal from 1.12.0 to 1.12.1.

---
updated-dependencies:
- dependency-name: eturnal/eturnal
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d507a515..6fa5a046 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.22-scratch AS nats
-FROM eturnal/eturnal:1.12.0 AS eturnal
+FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
 FROM alpine:3.20.3 AS janus
 

From 6a74ab6363aa0f66c5db80835856623941cf5c15 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 28 Oct 2024 12:03:09 +0000
Subject: [PATCH 2595/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 298a4ab7..a4e2a927 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.12",
+            "version": "v6.4.13",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765"
+                "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/72d080eb9edf80e36c19be61f72c98ed8273b765",
-                "reference": "72d080eb9edf80e36c19be61f72c98ed8273b765",
+                "url": "https://api.github.com/repos/symfony/console/zipball/f793dd5a7d9ae9923e35d0503d08ba734cec1d79",
+                "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.12"
+                "source": "https://github.com/symfony/console/tree/v6.4.13"
             },
             "funding": [
                 {
@@ -3030,20 +3030,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-20T08:15:52+00:00"
+            "time": "2024-10-09T08:40:40+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.1.5",
+            "version": "v7.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a"
+                "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/61fe0566189bf32e8cfee78335d8776f64a66f5a",
-                "reference": "61fe0566189bf32e8cfee78335d8776f64a66f5a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/c835867b3c62bb05c7fe3d637c871c7ae52024d4",
+                "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4",
                 "shasum": ""
             },
             "require": {
@@ -3080,7 +3080,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.1.5"
+                "source": "https://github.com/symfony/filesystem/tree/v7.1.6"
             },
             "funding": [
                 {
@@ -3096,20 +3096,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-17T09:16:35+00:00"
+            "time": "2024-10-25T15:11:02+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.11",
+            "version": "v6.4.13",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453"
+                "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/d7eb6daf8cd7e9ac4976e9576b32042ef7253453",
-                "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/daea9eca0b08d0ed1dc9ab702a46128fd1be4958",
+                "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958",
                 "shasum": ""
             },
             "require": {
@@ -3144,7 +3144,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.11"
+                "source": "https://github.com/symfony/finder/tree/v6.4.13"
             },
             "funding": [
                 {
@@ -3160,7 +3160,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-13T14:27:37+00:00"
+            "time": "2024-10-01T08:30:56+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -3406,16 +3406,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.5",
+            "version": "v7.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306"
+                "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/d66f9c343fa894ec2037cc928381df90a7ad4306",
-                "reference": "d66f9c343fa894ec2037cc928381df90a7ad4306",
+                "url": "https://api.github.com/repos/symfony/string/zipball/61b72d66bf96c360a727ae6232df5ac83c71f626",
+                "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626",
                 "shasum": ""
             },
             "require": {
@@ -3473,7 +3473,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.5"
+                "source": "https://github.com/symfony/string/tree/v7.1.6"
             },
             "funding": [
                 {
@@ -3489,7 +3489,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-20T08:28:38+00:00"
+            "time": "2024-09-25T14:20:29+00:00"
         },
         {
             "name": "vimeo/psalm",

From 1d96efe07c8a18c0aa58f69849a7b36940ce2dc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Oct 2024 04:59:07 +0000
Subject: [PATCH 2596/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 2.0.0 to 2.0.1.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 6fa5a046..13896e1b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.22-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.0 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
 FROM alpine:3.20.3 AS janus
 
 ARG JANUS_VERSION=v0.14.4

From cf8ba936c9f775aa73fefbcca16ce1892d26cfd2 Mon Sep 17 00:00:00 2001
From: Robert Riemann <robert.riemann@edps.europa.eu>
Date: Tue, 29 Oct 2024 15:12:15 +0100
Subject: [PATCH 2597/3949] elastic container: ingest-attachment is now module
 and not a plugin

When this command is executed in elastic search v8.15.3, then this warning shows up:

~~~
bin/elasticsearch-plugin install --batch ingest-attachment
warning: ignoring JAVA_HOME=/opt/bitnami/java; using ES_JAVA_HOME
-> Installing ingest-attachment
[ingest-attachment] is no longer a plugin but instead a module packaged with this distribution of Elasticsearch
-> Please restart Elasticsearch to activate any plugins installed
~~~

The elastic website says: "The Ingest Attachment plugin is now included in Elasticsearch. See the Ingest Attachment processor."

Source: <https://www.elastic.co/guide/en/elasticsearch/plugins/current/ingest-attachment.html>

Hence, I remove the explicit installation from the elastic container image.

Signed-off-by: Robert Riemann <robert.riemann@edps.europa.eu>
---
 Containers/fulltextsearch/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index b67b1067..4da28fa1 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -14,8 +14,7 @@ RUN set -ex; \
     apt-get install -y --no-install-recommends \
         tzdata \
     ; \
-    rm -rf /var/lib/apt/lists/*; \
-    elasticsearch-plugin install --batch ingest-attachment
+    rm -rf /var/lib/apt/lists/*;
 
 USER 1000:0
 

From 95c20fdfff90579a9a9c3e3cd0e55956f6cf6111 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 30 Oct 2024 10:56:06 +0100
Subject: [PATCH 2598/3949] nextcloud: clean up old sessions after 24h latest

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1a376908..f846f110 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -134,6 +134,7 @@ RUN set -ex; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
+        echo 'session.gc_maxlifetime = 86400'; \
     } > /usr/local/etc/php/conf.d/redis-session.ini; \
     \
     mkdir -p /var/www/data; \

From 9316555ecb890d97d1e795223aaf59b38dd15353 Mon Sep 17 00:00:00 2001
From: Perlover <perlover@perlover.com>
Date: Wed, 30 Oct 2024 13:43:19 +0100
Subject: [PATCH 2599/3949] Update docker-rootless.md

1) No NEXTCLOUD_MOUNT but there is NEXTCLOUD_DATADIR
2) Now in Docker recommended the few different detailed config: https://docs.docker.com/engine/security/rootless/#docker-run--p-does-not-propagate-source-ip-addresses

Signed-off-by: Perlover <perlover@perlover.com>
---
 docker-rootless.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 754c44ae..97bbc5c0 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -18,7 +18,7 @@ You can run AIO with docker rootless by following the steps below.
 Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
 
 ### Note regarding permissions
-All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
 
 ### Note regarding docker network driver
 By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
@@ -29,9 +29,10 @@ As stated in the documentation, this change will likely lead to decreased networ
   with the following content:
   ```
   [Service]
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
   Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
   ```
 * Restart the docker daemon
   ```
   systemctl --user restart docker
-  ```
\ No newline at end of file
+  ```

From 4b51f85d98f5cc9a636b43029949502a6f708d7c Mon Sep 17 00:00:00 2001
From: jr_blue_551 <johnrowe551@gmail.com>
Date: Wed, 30 Oct 2024 19:27:10 +0000
Subject: [PATCH 2600/3949] Update readme.md

Signed-off-by: jr_blue_551 <johnrowe551@gmail.com>
---
 community-containers/npmplus/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
index 538e511a..86679352 100644
--- a/community-containers/npmplus/readme.md
+++ b/community-containers/npmplus/readme.md
@@ -7,7 +7,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
 - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
 - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password. 
-- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.com`
+- The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.org`
 - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
 - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
 - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!

From bd799bd753ccfcead272b3582f2e7f71895b6c3d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 31 Oct 2024 11:48:39 +0100
Subject: [PATCH 2601/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-rootless.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-rootless.md b/docker-rootless.md
index 97bbc5c0..f77b4a54 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -18,7 +18,8 @@ You can run AIO with docker rootless by following the steps below.
 Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
 
 ### Note regarding permissions
-All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_DATADIR option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+
 
 ### Note regarding docker network driver
 By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).

From 3ede76af8ff6bcb415cc35986e24de163adf72a9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 31 Oct 2024 13:14:12 +0100
Subject: [PATCH 2602/3949] DockerActionManager: fix getting the tag from the
 image

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 12a641e0..8ccbe1ec 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -736,16 +736,13 @@ readonly class DockerActionManager {
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
             $containerChecksum = $output['Image'];
             $tagArray = explode(':', $output['Config']['Image']);
-            $tag = $tagArray[1];
-            apcu_add($cacheKey, $tag);
-            /**
-             * @psalm-suppress TypeDoesNotContainNull
-             * @psalm-suppress DocblockTypeContradiction
-             */
-            if ($tag === null) {
+            if (isset($tagArray[1])) {
+                $tag = $tagArray[1];
+            } else {
                 error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
                 $tag = 'latest';
             }
+            apcu_add($cacheKey, $tag);
             return $tag;
         } catch (\Exception $e) {
             error_log('Could not get current channel ' . $e->getMessage());

From c78bffbff9146af2beb70a897bc8239774cfdcb4 Mon Sep 17 00:00:00 2001
From: zybster <zybster@gmail.com>
Date: Fri, 1 Nov 2024 09:09:21 +0100
Subject: [PATCH 2603/3949] Update readme.md

Since IX System ditched Kubernetes and integrated a full-fledged docker environment in Truenas Scale 24.10.0 (Electric Eel) it is now very easy to install Nextcloud AIO on Scale
On way is listed here.

Signed-off-by: zybster <zybster@gmail.com>
---
 readme.md | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 92831931..111e73f1 100644
--- a/readme.md
+++ b/readme.md
@@ -219,7 +219,50 @@ If you have the NAS setup on your local network (which is most often the case) y
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
 ### Can I run AIO on TrueNAS SCALE?
-On TrueNAS SCALE, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
+
+With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment.
+
+One way to run Nextcloud AIO on the new Truenas Scale release is:
+- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker)
+
+- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select:
+  - Port for Dockge (standard is 5001)
+  - Hostpath folder for stacks /mnt/tank/docker
+  - Hostpath folder for dockge data /mnt/tank/docker/dockge
+    
+- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer
+
+<details>
+<summary> Click here to expand</summary>
+    
+```    
+services:
+  nextcloud:
+    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
+    restart: always
+    container_name: nextcloud-aio-mastercontainer
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - 8080:8080
+    environment:
+      # Is needed when using any of the options below
+      - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      - NEXTCLOUD_MEMORY_LIMIT=4096M
+networks: {}
+
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer
+```    
+</details>
+
+- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale
+
+On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
 
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 

From 329e2e7805164d7c5513076af803d3b0604896a0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 1 Nov 2024 10:28:19 +0100
Subject: [PATCH 2604/3949] aio-interface: add debug docs to collabora, talk
 and fts

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index a107df84..2ed946c1 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -325,6 +325,7 @@
     {
       "container_name": "nextcloud-aio-collabora",
       "image_tag": "%AIO_CHANNEL%",
+      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "init": true,
@@ -362,6 +363,7 @@
     {
       "container_name": "nextcloud-aio-talk",
       "image_tag": "%AIO_CHANNEL%",
+      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
       "init": true,
@@ -686,6 +688,7 @@
     {
       "container_name": "nextcloud-aio-fulltextsearch",
       "image_tag": "%AIO_CHANNEL%",
+      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709",
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "init": false,

From 315c29c81e7affcca30b337255bbb3a60471c23b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 1 Nov 2024 10:35:04 +0100
Subject: [PATCH 2605/3949] try to fix the json-validator workflow

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 86e269e9..35f4e8e6 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -21,7 +21,7 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
-          sudo pip3 install json-spec
+          sudo pip3 install json-spec --break-system-packages
           if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
             exit 1
           fi

From 0ff08f00f1524c60da1db16dcc122366e0714bc0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 1 Nov 2024 10:42:18 +0100
Subject: [PATCH 2606/3949] adjust the PR and add link to guide

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 40 +---------------------------------------
 1 file changed, 1 insertion(+), 39 deletions(-)

diff --git a/readme.md b/readme.md
index 111e73f1..328a9729 100644
--- a/readme.md
+++ b/readme.md
@@ -222,45 +222,7 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 
 With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment.
 
-One way to run Nextcloud AIO on the new Truenas Scale release is:
-- Create a dataset on your Scale instance for your docker containers / stacks (e.g. /mnt/tank/docker)
-
-- Install dockge app (Apps -> Discover Apps -> search Dockge -> Install -> In the Dockge Configuration select:
-  - Port for Dockge (standard is 5001)
-  - Hostpath folder for stacks /mnt/tank/docker
-  - Hostpath folder for dockge data /mnt/tank/docker/dockge
-    
-- Go to the Dockge Webui and create a new Stack for the AIO Mastercontainer
-
-<details>
-<summary> Click here to expand</summary>
-    
-```    
-services:
-  nextcloud:
-    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
-    restart: always
-    container_name: nextcloud-aio-mastercontainer
-    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    ports:
-      - 8080:8080
-    environment:
-      # Is needed when using any of the options below
-      - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      - NEXTCLOUD_DATADIR=/mnt/tank/docker/nextcloud_aio/data # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
-      - NEXTCLOUD_MOUNT=/mnt/tank/docker/nextcloud_aio # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      - NEXTCLOUD_MEMORY_LIMIT=4096M
-networks: {}
-
-volumes:
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer
-```    
-</details>
-
-- Deploy the Stack and Nextcloud AIO is running on your Truenas Scale
+For a more complete guide, see this guide by @zybster: https://github.com/nextcloud/all-in-one/discussions/5506
 
 On older TrueNAS SCALE releases with Kubernetes environment, there are two ways to run AIO. The preferred one is to run AIO inside a VM. This is necessary since they do not expose the docker socket for containers on the host, you also cannot use docker-compose on it thus and it is also not possible to run custom helm-charts that are not explicitly written for TrueNAS SCALE.
 

From 013306fff7eb98c7b59a7fe23ec7abfbaf3f7b69 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 1 Nov 2024 11:57:03 +0100
Subject: [PATCH 2607/3949] update screenshot

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 328a9729..9f3cde93 100644
--- a/readme.md
+++ b/readme.md
@@ -78,7 +78,7 @@ Included are:
 ## Screenshots
 | First setup | After installation |
 |---|---|
-| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/5f510667-a172-4841-b916-89025debef3a) |
+| ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).

From c823816a79205694eab9942dcff735aebf6c46dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 2 Nov 2024 17:22:25 +0100
Subject: [PATCH 2608/3949] Update readme.md

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 9f3cde93..2768b571 100644
--- a/readme.md
+++ b/readme.md
@@ -344,7 +344,10 @@ Additionally, there is a cronjob that runs once a day that checks for container
 AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
 
 ### How to easily log in to the AIO interface?
-If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
+If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. 
+
+> [!Note]
+> You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
 
 ### How to change the domain?
 > [!NOTE]  

From d748134533c8f61df1aaed024ceba95ec2c0fce1 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 2 Nov 2024 18:28:31 +0100
Subject: [PATCH 2609/3949] Fix twig

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/login.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/login.twig b/php/templates/login.twig
index 5478225f..cb33c8d3 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -2,7 +2,7 @@
 
 {% block body %}
     <div class="login">
-        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
             <use href="/img/nextcloud-logo.svg#logo"></use>
             <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>

From 9af90f00f89fb4148414b5591cad186d341bbf93 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 2 Nov 2024 18:29:06 +0100
Subject: [PATCH 2610/3949] Update setup.twig

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/setup.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index 91d7fbe3..b4761425 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -2,7 +2,7 @@
 
 {% block body %}
     <div class="login">
-        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
             <use href="/img/nextcloud-logo.svg#logo"></use>
             <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
@@ -13,4 +13,4 @@
         <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
         <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
     </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}

From b5492f28ae41d87c8a3d1b25d66b06145f9fa5be Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 2 Nov 2024 18:30:01 +0100
Subject: [PATCH 2611/3949] Update already-installed.twig

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/already-installed.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/already-installed.twig b/php/templates/already-installed.twig
index 34a7e179..fa18f988 100644
--- a/php/templates/already-installed.twig
+++ b/php/templates/already-installed.twig
@@ -2,7 +2,7 @@
 
 {% block body %}
     <div class="login">
-        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100"">
+        <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
             <use href="/img/nextcloud-logo.svg#logo"></use>
             <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
@@ -10,4 +10,4 @@
         <h2>Nextcloud All-In-One is already installed</h2>
         <a href="/" class="button">Open Nextcloud AIO</a>
     </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}

From f644e839350cda08d85ab90945c9ee75b8e3a5d1 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Sat, 2 Nov 2024 14:11:17 -0700
Subject: [PATCH 2612/3949] Add ability to specify additional docker network
 and update documentation for it.

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh    |  8 +++
 compose.yaml                           |  1 +
 php/src/Data/ConfigurationManager.php  |  7 +++
 php/src/Docker/DockerActionManager.php | 70 +++++++++++++++++---------
 reverse-proxy.md                       |  7 +--
 5 files changed, 66 insertions(+), 27 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index f87527cb..7dc94809 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -193,6 +193,14 @@ It is set to '$APACHE_IP_BINDING'."
         exit 1
     fi
 fi
+if [ -n "$APACHE_ADDITIONAL_NETWORK" ]; then
+    if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9_-]\+$"; then
+        print_red "You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value.
+It needs to be a string with letters, numbers, hyphens and underscores.
+It is set to '$APACHE_ADDITIONAL_NETWORK'."
+        exit 1
+    fi
+fi
 if [ -n "$TALK_PORT" ]; then
     if ! check_if_number "$TALK_PORT"; then
         print_red "You provided an Talk port but did not only use numbers.
diff --git a/compose.yaml b/compose.yaml
index ecf4d588..438bba6a 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -17,6 +17,7 @@ services:
       # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 527904fb..3b47b90c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -888,6 +888,13 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    public function GetApacheAdditionalNetwork() : string {
+        $envVariableName = 'APACHE_ADDITIONAL_NETWORK';
+        $configName = 'apache_additional_network';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetApacheIPBinding() : string {
         $envVariableName = 'APACHE_IP_BINDING';
         $configName = 'apache_ip_binding';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 12a641e0..bfd22c2a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -844,44 +844,49 @@ readonly class DockerActionManager {
         }
     }
 
-    private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio') : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias =  '') : void
     {
         if ($internalPort === 'host') {
             return;
         }
 
-        $url = $this->BuildApiUrl('networks/create');
-        try {
-            $this->guzzleClient->request(
-                'POST',
-                $url,
-                [
-                    'json' => [
-                        'Name' => $network,
-                        'CheckDuplicate' => true,
-                        'Driver' => 'bridge',
-                        'Internal' => false,
-                    ]
-                ]
-            );
-        } catch (RequestException $e) {
-            // 409 is undocumented and gets thrown if the network already exists.
-            if ($e->getCode() !== 409) {
-                throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
-            }
+        if($createNetwork) {
+                $url = $this->BuildApiUrl('networks/create');
+                try {
+                    $this->guzzleClient->request(
+                        'POST',
+                        $url,
+                        [
+                            'json' => [
+                                'Name' => $network,
+                                'CheckDuplicate' => true,
+                                'Driver' => 'bridge',
+                                'Internal' => false,
+                            ]
+                        ]
+                    );
+                } catch (RequestException $e) {
+                    // 409 is undocumented and gets thrown if the network already exists.
+                    if ($e->getCode() !== 409) {
+                        throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
+                    }
+                }
         }
 
         $url = $this->BuildApiUrl(
             sprintf('networks/%s/connect', $network)
         );
+        $json_payload = [ 'Container' => $id ];
+        if ($alias !== ''  ) {
+            $json_payload['EndpointConfig'] = [ 'Aliases' => [ $alias ] ];
+        }
+
         try {
             $this->guzzleClient->request(
                 'POST',
                 $url,
                 [
-                    'json' => [
-                        'container' => $id,
-                    ]
+                    'json' => $json_payload
                 ]
             );
         } catch (RequestException $e) {
@@ -897,11 +902,28 @@ readonly class DockerActionManager {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
         // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
         // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
+
+        $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
+        if ($apacheAdditionalNetwork !== '') {
+            $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '', $apacheAdditionalNetwork, false);
+        }
     }
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
+        // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible.
+        // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain
+        // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints.
+        $alias = ($container->GetIdentifier() === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : '';
+
+        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), alias: $alias);
+
+        if ($container->GetIdentifier() === 'nextcloud-aio-apache' || $container->GetIdentifier() === 'nextcloud-aio-domaincheck') {
+            $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
+            if ($apacheAdditionalNetwork !== '') {
+                $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, alias: $alias);
+            }
+        }
     }
 
     public function StopContainer(Container $container) : void {
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1345b583..b58b5a20 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -44,9 +44,10 @@ All examples below will use port `11000` as `APACHE_PORT`. This port will be exp
 
     <summary>On the same server in a Docker container</summary>
 
-    For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
-
-    Another option (actually the recommended way) in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+    The reverse-proxy container needs to be connected to the nextcloud containers. This can be achieved one of these 3 ways:
+    1. Utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. With this setup, the default sample configurations with reverse-proxy pointing to `localhost:$APACHE_PORT` should work directly.
+    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. Note, the specified network must already exist before Nextcloud AIO is started.
+    1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT` .
 
     </details>
 

From e73e272e31068160c1bd9c7b524e6dff1b1070b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 05:09:49 +0000
Subject: [PATCH 2613/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-10 to 1.4.1-11.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 41f54485..a3ae61bb 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-10
+FROM clamav/clamav:1.4.1-11
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 9df3a171daaf5a29a2747acb60ca641c33962964 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 4 Nov 2024 10:42:10 +0100
Subject: [PATCH 2614/3949] update apache_port description

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 tests/QA/060-environmental-variables.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 488ae8e0..86b78d9c 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -1,6 +1,6 @@
 # Environmental variables
 
-- [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. However `@INTERNAL` is also an allowed value which skips publishing the port on the host for internal usage inside a bridged network for example.
 - [ ] When starting the mastercontainer with `--env APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly.
 - [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)

From 75c2407afa4be55087093aa6076ee01bd039743c Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Mon, 4 Nov 2024 02:44:10 -0800
Subject: [PATCH 2615/3949] Apply suggestions from code review

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 10 +++++-----
 reverse-proxy.md                       |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index bfd22c2a..8cce6103 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -850,7 +850,7 @@ readonly class DockerActionManager {
             return;
         }
 
-        if($createNetwork) {
+        if ($createNetwork) {
                 $url = $this->BuildApiUrl('networks/create');
                 try {
                     $this->guzzleClient->request(
@@ -876,9 +876,9 @@ readonly class DockerActionManager {
         $url = $this->BuildApiUrl(
             sprintf('networks/%s/connect', $network)
         );
-        $json_payload = [ 'Container' => $id ];
+        $jsonPayload = [ 'Container' => $id ];
         if ($alias !== ''  ) {
-            $json_payload['EndpointConfig'] = [ 'Aliases' => [ $alias ] ];
+            $jsonPayload['EndpointConfig'] = ['Aliases' => [ $alias ]];
         }
 
         try {
@@ -886,7 +886,7 @@ readonly class DockerActionManager {
                 'POST',
                 $url,
                 [
-                    'json' => $json_payload
+                    'json' => $jsonPayload
                 ]
             );
         } catch (RequestException $e) {
@@ -921,7 +921,7 @@ readonly class DockerActionManager {
         if ($container->GetIdentifier() === 'nextcloud-aio-apache' || $container->GetIdentifier() === 'nextcloud-aio-domaincheck') {
             $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
             if ($apacheAdditionalNetwork !== '') {
-                $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, alias: $alias);
+                $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, $alias);
             }
         }
     }
diff --git a/reverse-proxy.md b/reverse-proxy.md
index b58b5a20..a7eea8c2 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -46,7 +46,7 @@ All examples below will use port `11000` as `APACHE_PORT`. This port will be exp
 
     The reverse-proxy container needs to be connected to the nextcloud containers. This can be achieved one of these 3 ways:
     1. Utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. With this setup, the default sample configurations with reverse-proxy pointing to `localhost:$APACHE_PORT` should work directly.
-    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. Note, the specified network must already exist before Nextcloud AIO is started.
+    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
     1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT` .
 
     </details>

From f5990cc0ef3f04a1efa5f2b7d02e3a98fd39d9b7 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Mon, 4 Nov 2024 04:10:47 -0800
Subject: [PATCH 2616/3949] Add APACHE_ADDITIONAL_NETWORK variable to env
 variables QA test

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 tests/QA/060-environmental-variables.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 488ae8e0..91b480f2 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -2,6 +2,7 @@
 
 - [ ] When starting the mastercontainer with `--env APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly.
 - [ ] When starting the mastercontainer with `--env APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `--env APACHE_ADDITIONAL_NETWORK=frontend_net` on a clean instance, the domaincheck and subsequently the apache containers should be connected to the specified `frontend_net` docker network, in addition to the default `nextcloud-aio` network. Specifying the network that doesn't already exist will not allow the mastercontainer to start correctly.
 - [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)
 - [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.

From 974ad1ef9b0875b0c62a8f266867724818aa038f Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Mon, 4 Nov 2024 05:27:30 -0800
Subject: [PATCH 2617/3949] Improve error checking and connect mastercontainer
 right from the start to make inital process seamless.

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 7dc94809..cbf79d75 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -200,6 +200,11 @@ It needs to be a string with letters, numbers, hyphens and underscores.
 It is set to '$APACHE_ADDITIONAL_NETWORK'."
         exit 1
     fi
+    tmp_out=$(sudo -u www-data docker network connect $APACHE_ADDITIONAL_NETWORK nextcloud-aio-mastercontainer 2>&1)
+    if [ -n "$tmp_out" ] && [[ ! "$tmp_out" =~ "nextcloud-aio-mastercontainer already exists in network $APACHE_ADDITIONAL_NETWORK" ]]; then
+        print_red "Unable to connect to $APACHE_ADDITIONAL_NETWORK. Cannot continue. Error: \n $tmp_out"
+        exit 1
+    fi
 fi
 if [ -n "$TALK_PORT" ]; then
     if ! check_if_number "$TALK_PORT"; then

From a625570c310458fdd76852ae9eb4262540f6e6dc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 4 Nov 2024 21:09:15 +0100
Subject: [PATCH 2618/3949] address review

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8ccbe1ec..d9f3d539 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -736,7 +736,7 @@ readonly class DockerActionManager {
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
             $containerChecksum = $output['Image'];
             $tagArray = explode(':', $output['Config']['Image']);
-            if (isset($tagArray[1])) {
+            if (count($tagArray) ===  2) {
                 $tag = $tagArray[1];
             } else {
                 error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");

From 5131a2f34a16425086febad55876708347c9163a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 5 Nov 2024 11:40:43 +0100
Subject: [PATCH 2619/3949] helm: update network policy

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud-aio-networkpolicy.yaml          | 20 +++++++++++++++--
 nextcloud-aio-helm-chart/update-helm.sh       | 22 ++++++++++++++++---
 nextcloud-aio-helm-chart/values.yaml          |  2 +-
 3 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
index 8e6986b8..c54f8803 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@@ -15,6 +15,22 @@ spec:
   - from:
     - podSelector: {}
   egress:
-  - to:
-    - podSelector: {}
+  - {} # Allows all egress traffic
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-webserver-allow
+spec:
+  podSelector:
+    matchExpressions:
+      - key: io.kompose.service
+        operator: In
+        values:
+          - nextcloud-aio-apache
+  policyTypes:
+    - Ingress
+  ingress:
+    - {} # Allows all ingress traffic
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9200cc3a..04ab339d 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -310,8 +310,24 @@ spec:
   - from:
     - podSelector: {}
   egress:
-  - to:
-    - podSelector: {}
+  - {} # Allows all egress traffic
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-webserver-allow
+spec:
+  podSelector:
+    matchExpressions:
+      - key: io.kompose.service
+        operator: In
+        values:
+          - nextcloud-aio-apache
+  policyTypes:
+    - Ingress
+  ingress:
+    - {} # Allows all ingress traffic
 {{- end }}
 EOL
 
@@ -355,7 +371,7 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
-NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. Except the Web server service which is reachable from all endpoints.
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 4d483cef..420fb679 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -51,7 +51,7 @@ REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
-NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. Except the Web server service which is reachable from all endpoints.
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

From 347e83c08a2d750fbb6e112cd18746b44da1c9aa Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 5 Nov 2024 12:05:58 +0000
Subject: [PATCH 2620/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index a4e2a927..9eab17ae 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2578,16 +2578,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.4.1",
+            "version": "5.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c"
+                "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c",
-                "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/54e10d44fc1a84e2598d26f70d4f6f1f233e228a",
+                "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a",
                 "shasum": ""
             },
             "require": {
@@ -2600,13 +2600,13 @@
                 "webmozart/assert": "^1.9.1"
             },
             "require-dev": {
-                "mockery/mockery": "~1.3.5",
+                "mockery/mockery": "~1.3.5 || ~1.6.0",
                 "phpstan/extension-installer": "^1.1",
                 "phpstan/phpstan": "^1.8",
                 "phpstan/phpstan-mockery": "^1.1",
                 "phpstan/phpstan-webmozart-assert": "^1.2",
                 "phpunit/phpunit": "^9.5",
-                "vimeo/psalm": "^5.13"
+                "psalm/phar": "^5.26"
             },
             "type": "library",
             "extra": {
@@ -2636,29 +2636,29 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.4.1"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.5.0"
             },
-            "time": "2024-05-21T05:55:05+00:00"
+            "time": "2024-11-04T21:26:31+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.8.2",
+            "version": "1.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "153ae662783729388a584b4361f2545e4d841e3c"
+                "reference": "1fb5ba8d045f5dd984ebded5b1cc66f29459422d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/153ae662783729388a584b4361f2545e4d841e3c",
-                "reference": "153ae662783729388a584b4361f2545e4d841e3c",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/1fb5ba8d045f5dd984ebded5b1cc66f29459422d",
+                "reference": "1fb5ba8d045f5dd984ebded5b1cc66f29459422d",
                 "shasum": ""
             },
             "require": {
                 "doctrine/deprecations": "^1.0",
                 "php": "^7.3 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.0",
-                "phpstan/phpdoc-parser": "^1.13"
+                "phpstan/phpdoc-parser": "^1.18"
             },
             "require-dev": {
                 "ext-tokenizer": "*",
@@ -2694,9 +2694,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.8.2"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.9.0"
             },
-            "time": "2024-02-23T11:10:43+00:00"
+            "time": "2024-11-03T20:11:34+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",

From b81ae86e8ae4bf26bdef018411b59e088cb8c759 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 5 Nov 2024 16:05:22 +0100
Subject: [PATCH 2621/3949] helm: add additional security settings

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml         | 2 ++
 .../templates/nextcloud-aio-clamav-deployment.yaml         | 2 ++
 .../templates/nextcloud-aio-collabora-deployment.yaml      | 2 ++
 .../templates/nextcloud-aio-database-deployment.yaml       | 2 ++
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 ++
 .../templates/nextcloud-aio-imaginary-deployment.yaml      | 2 ++
 .../templates/nextcloud-aio-notify-push-deployment.yaml    | 2 ++
 .../templates/nextcloud-aio-redis-deployment.yaml          | 2 ++
 .../templates/nextcloud-aio-talk-deployment.yaml           | 2 ++
 .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 ++
 .../templates/nextcloud-aio-whiteboard-deployment.yaml     | 2 ++
 nextcloud-aio-helm-chart/update-helm.sh                    | 7 +++++++
 12 files changed, 29 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d609c5c3..d5a44e43 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -72,6 +72,8 @@ spec:
             - containerPort: {{ .Values.APACHE_PORT }}
               protocol: UDP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e0bbd2e3..8a7af035 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -59,6 +59,8 @@ spec:
             - containerPort: 3310
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 492501b7..b31676dc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -42,6 +42,8 @@ spec:
             - containerPort: 9980
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               add:
                 - MKNOD
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8476aa28..58accc21 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -68,6 +68,8 @@ spec:
             - containerPort: 5432
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 033ca632..e289671d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -62,6 +62,8 @@ spec:
             - containerPort: 9200
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 1a5ee797..dc42c9e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -34,6 +34,8 @@ spec:
             - containerPort: 9000
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               add:
                 - SYS_NICE
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index c33ac701..9e4133c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -59,6 +59,8 @@ spec:
             - containerPort: 7867
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 70dc381c..cc7697ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -45,6 +45,8 @@ spec:
             - containerPort: 6379
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d6fc49e3..76b77197 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,6 +52,8 @@ spec:
             - containerPort: 8081
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 67405468..93cc7aec 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -38,6 +38,8 @@ spec:
             - containerPort: 1234
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 4eb3cccd..55e9c2be 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -42,6 +42,8 @@ spec:
             - containerPort: 3002
               protocol: TCP
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
               drop:
                 - NET_RAW
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 04ab339d..2f97db57 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -423,6 +423,13 @@ find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec se
 # shellcheck disable=SC1083
 find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 
+cat << EOL >> /tmp/security.conf
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+EOL
+# shellcheck disable=SC1083
+find ./ \( -not -name '*nextcloud-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^.*securityContext:$/r /tmp/security.conf" \{} \; 
+
 chmod 777 -R ./
 
 # Seems like the dir needs to match the name of the chart

From 24a249be056eb5afd245e26fe48dfbf559319f94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 13:01:55 +0100
Subject: [PATCH 2622/3949] Update json-validator.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 35f4e8e6..86e269e9 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -21,7 +21,7 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
-          sudo pip3 install json-spec --break-system-packages
+          sudo pip3 install json-spec
           if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
             exit 1
           fi

From f6cfa071a0d0e3bc0ba5a512aa02ac21fa96ccf9 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 6 Nov 2024 12:03:27 +0000
Subject: [PATCH 2623/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9eab17ae..0158a7a2 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2578,16 +2578,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.5.0",
+            "version": "5.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a"
+                "reference": "0c70d2c566e899666f367ab7b80986beb3581e6f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/54e10d44fc1a84e2598d26f70d4f6f1f233e228a",
-                "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/0c70d2c566e899666f367ab7b80986beb3581e6f",
+                "reference": "0c70d2c566e899666f367ab7b80986beb3581e6f",
                 "shasum": ""
             },
             "require": {
@@ -2636,9 +2636,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.5.0"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.5.1"
             },
-            "time": "2024-11-04T21:26:31+00:00"
+            "time": "2024-11-06T11:58:54+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.13",
+            "version": "v6.4.14",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79"
+                "reference": "897c2441ed4eec8a8a2c37b943427d24dba3f26b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/f793dd5a7d9ae9923e35d0503d08ba734cec1d79",
-                "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79",
+                "url": "https://api.github.com/repos/symfony/console/zipball/897c2441ed4eec8a8a2c37b943427d24dba3f26b",
+                "reference": "897c2441ed4eec8a8a2c37b943427d24dba3f26b",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.13"
+                "source": "https://github.com/symfony/console/tree/v6.4.14"
             },
             "funding": [
                 {
@@ -3030,7 +3030,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-09T08:40:40+00:00"
+            "time": "2024-11-05T15:34:40+00:00"
         },
         {
             "name": "symfony/filesystem",

From 0d9a22346ebf922351b380de20499fa48d749eb9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 14:08:46 +0100
Subject: [PATCH 2624/3949] nextcloud: add libreoffice by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 readme.md                       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f846f110..2c13d354 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -222,6 +222,7 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
+        libreoffice \
         bind-tools \
         imagemagick \
         imagemagick-svg \
diff --git a/readme.md b/readme.md
index 2768b571..7176a024 100644
--- a/readme.md
+++ b/readme.md
@@ -41,7 +41,7 @@ Included are:
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
 - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
 - Nextcloud installation is not read only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
-- `ffmpeg`, `smbclient` and `nodejs` are included by default
+- `ffmpeg`, `smbclient`, `libreoffice` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud container

From faecc028fefe0e04c3d04a756d3bf8d890fd3f8d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 14:29:18 +0100
Subject: [PATCH 2625/3949] add user-IDs to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile         |  2 +-
 Containers/clamav/Dockerfile         |  2 +-
 Containers/imaginary/Dockerfile      |  4 ++--
 Containers/postgresql/Dockerfile     |  2 +-
 Containers/redis/Dockerfile          |  2 +-
 Containers/talk-recording/Dockerfile |  4 ++--
 Containers/talk/Dockerfile           |  2 +-
 Containers/whiteboard/Dockerfile     |  2 +-
 manual-install/update-yaml.sh        |  1 +
 php/containers-schema.json           |  3 +++
 php/containers.json                  | 10 ++++++++++
 11 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index b118fd95..5f45922d 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -81,7 +81,7 @@ RUN set -ex; \
     \
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
-USER www-data
+USER 33
 
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index a3ae61bb..81310d2f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -19,7 +19,7 @@ RUN set -ex; \
 
 VOLUME /var/lib/clamav
 
-USER clamav
+USER 100
 
 LABEL com.centurylinklabs.watchtower.enable="false"
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index f07bb428..1b15336a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.2-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \
@@ -33,7 +33,7 @@ COPY --chmod=775 start.sh /start.sh
 
 ENV PORT=9000
 
-USER nobody
+USER 65534
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 64d66403..def1ce24 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -39,7 +39,7 @@ RUN set -ex; \
 
 VOLUME /mnt/data
 
-USER postgres
+USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index f5fc22e5..98fb8529 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
 # Get rid of unused binaries
     rm -f /usr/local/bin/gosu;
 
-USER redis
+USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 41ad1c14..945b1d73 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -28,7 +28,7 @@ RUN set -ex; \
         build-base \
         linux-headers \
         geckodriver; \
-    useradd -d /tmp --system recording; \
+    useradd -d /tmp --system recording -u 1000; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
@@ -49,7 +49,7 @@ RUN set -ex; \
         linux-headers;
 
 WORKDIR /tmp
-USER recording
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 13896e1b..37b0c9eb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -99,7 +99,7 @@ RUN set -ex; \
     ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \
     ln -s /opt/eturnal/bin/eturnalctl /usr/local/bin/eturnalctl
 
-USER eturnal
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 00e5b26f..83b6e8b1 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
 
-USER root
+USER 65534
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index e712304c..68600f8a 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -19,6 +19,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].documentation)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index db63fddf..b1e0cfbf 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -68,6 +68,9 @@
 					"stop_grace_period": {
 						"type": "integer"
 					},
+					"user": {
+						"type": "integer"
+					},
 					"ports": {
 						"type": "array",
 						"items": {
diff --git a/php/containers.json b/php/containers.json
index 2ed946c1..6da70bcc 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,6 +13,7 @@
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
+      "user": 33,
       "init": true,
       "ports": [
         {
@@ -78,6 +79,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
+      "user": 999,
       "init": true,
       "expose": [
         "5432"
@@ -251,6 +253,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Notify Push",
       "image": "nextcloud/aio-notify-push",
+      "user": 33,
       "init": true,
       "expose": [
         "7867"
@@ -292,6 +295,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
+      "user": 999,
       "init": true,
       "expose": [
         "6379"
@@ -328,6 +332,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
+      "user": 100,
       "init": true,
       "expose": [
         "9980"
@@ -366,6 +371,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
+      "user": 1000,
       "init": true,
       "ports": [
         {
@@ -422,6 +428,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
+      "user": 1000,
       "init": true,
       "expose": [
         "1234"
@@ -575,6 +582,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
+      "user": 100,
       "init": false,
       "expose": [
         "3310"
@@ -655,6 +663,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
+      "user": 65534,
       "init": true,
       "expose": [
         "9000"
@@ -760,6 +769,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Whiteboard",
       "image": "nextcloud/aio-whiteboard",
+      "user": 65534,
       "init": true,
       "expose": [
         "3002"

From c686afb6da0344c0746aaaa7296b5502e25f710b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 6 Nov 2024 13:31:25 +0000
Subject: [PATCH 2626/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 03132847..5276d8ad 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -20,6 +20,7 @@ services:
         condition: service_started
         required: false
     image: nextcloud/aio-apache:latest
+    user: 33
     init: true
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
@@ -53,6 +54,7 @@ services:
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:latest
+    user: 999
     init: true
     expose:
       - "5432"
@@ -161,6 +163,7 @@ services:
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
+    user: 33
     init: true
     expose:
       - "7867"
@@ -183,6 +186,7 @@ services:
 
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:latest
+    user: 999
     init: true
     expose:
       - "6379"
@@ -198,6 +202,7 @@ services:
 
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
+    user: 100
     init: true
     expose:
       - "9980"
@@ -219,6 +224,7 @@ services:
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest
+    user: 1000
     init: true
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
@@ -249,6 +255,7 @@ services:
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
+    user: 1000
     init: true
     expose:
       - "1234"
@@ -270,6 +277,7 @@ services:
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
+    user: 100
     init: false
     expose:
       - "3310"
@@ -310,6 +318,7 @@ services:
 
   nextcloud-aio-imaginary:
     image: nextcloud/aio-imaginary:latest
+    user: 65534
     init: true
     expose:
       - "9000"
@@ -353,6 +362,7 @@ services:
 
   nextcloud-aio-whiteboard:
     image: nextcloud/aio-whiteboard:latest
+    user: 65534
     init: true
     expose:
       - "3002"

From 1632e14380fc59ea0412e1e1136d1bb4e89cc62f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 15:03:17 +0100
Subject: [PATCH 2627/3949] nextcloud: remove chpasswd

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2c13d354..f5ebe94b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -256,10 +256,7 @@ RUN set -ex; \
     \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater; \
-    \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    chmod -R 770 /nc-updater
 
 # hadolint ignore=DL3002
 USER root

From f617a94af5881d21b0d8591c2aa70444c894c93d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 14:37:04 +0100
Subject: [PATCH 2628/3949] fix json-validator workflow

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 86e269e9..35f4e8e6 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -21,7 +21,7 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
-          sudo pip3 install json-spec
+          sudo pip3 install json-spec --break-system-packages
           if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
             exit 1
           fi

From bc36ce9aab2b203406a66d1cbb6ed2228a006a59 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 16:12:36 +0100
Subject: [PATCH 2629/3949] fix some issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 4 ++--
 Containers/whiteboard/Dockerfile     | 4 ++--
 manual-install/latest.yml            | 2 +-
 php/containers.json                  | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 945b1d73..01841d6a 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -28,7 +28,7 @@ RUN set -ex; \
         build-base \
         linux-headers \
         geckodriver; \
-    useradd -d /tmp --system recording -u 1000; \
+    useradd -d /tmp --system recording -u 122; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
@@ -49,7 +49,7 @@ RUN set -ex; \
         linux-headers;
 
 WORKDIR /tmp
-USER 1000
+USER 122
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 83b6e8b1..c4446756 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
 
-USER 65534
+USER root
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash
-USER nobody
+USER 65534
 
 COPY --chmod=775 start.sh /start.sh
 
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 5276d8ad..a88066a4 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -255,7 +255,7 @@ services:
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
-    user: 1000
+    user: 122
     init: true
     expose:
       - "1234"
diff --git a/php/containers.json b/php/containers.json
index 6da70bcc..4bd37281 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -428,7 +428,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
-      "user": 1000,
+      "user": 122,
       "init": true,
       "expose": [
         "1234"

From b498f557cf2911880608f60cd8aa7e0c489c3914 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 16:17:22 +0100
Subject: [PATCH 2630/3949] user must be a string

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers-schema.json |  3 ++-
 php/containers.json        | 20 ++++++++++----------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index b1e0cfbf..cf3f893f 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -69,7 +69,8 @@
 						"type": "integer"
 					},
 					"user": {
-						"type": "integer"
+						"type": "string",
+						"pattern": "^[0-9]{1,6}$"
 					},
 					"ports": {
 						"type": "array",
diff --git a/php/containers.json b/php/containers.json
index 4bd37281..11eae04b 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,7 +13,7 @@
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
-      "user": 33,
+      "user": "33",
       "init": true,
       "ports": [
         {
@@ -79,7 +79,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
-      "user": 999,
+      "user": "999",
       "init": true,
       "expose": [
         "5432"
@@ -253,7 +253,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Notify Push",
       "image": "nextcloud/aio-notify-push",
-      "user": 33,
+      "user": "33",
       "init": true,
       "expose": [
         "7867"
@@ -295,7 +295,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
-      "user": 999,
+      "user": "999",
       "init": true,
       "expose": [
         "6379"
@@ -332,7 +332,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
-      "user": 100,
+      "user": "100",
       "init": true,
       "expose": [
         "9980"
@@ -371,7 +371,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
-      "user": 1000,
+      "user": "1000",
       "init": true,
       "ports": [
         {
@@ -428,7 +428,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
-      "user": 122,
+      "user": "122",
       "init": true,
       "expose": [
         "1234"
@@ -582,7 +582,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
-      "user": 100,
+      "user": "100",
       "init": false,
       "expose": [
         "3310"
@@ -663,7 +663,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
-      "user": 65534,
+      "user": "65534",
       "init": true,
       "expose": [
         "9000"
@@ -769,7 +769,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Whiteboard",
       "image": "nextcloud/aio-whiteboard",
-      "user": 65534,
+      "user": "65534",
       "init": true,
       "expose": [
         "3002"

From ad32d0af9c1dbebb1201eeaeb1d4a82538384da1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 6 Nov 2024 16:21:04 +0100
Subject: [PATCH 2631/3949] try to fix workflows

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/json-validator.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 35f4e8e6..91d5f169 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -21,7 +21,8 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install python3-pip -y --no-install-recommends
-          sudo pip3 install json-spec --break-system-packages
+          pip3 install json-spec
+          export PATH="$PATH:/home/runner/.local/bin"
           if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
             exit 1
           fi

From 4c83aac666683fba4ee11d4b7ffabe3ca00cd070 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 6 Nov 2024 15:18:27 +0000
Subject: [PATCH 2632/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index a88066a4..90c197b8 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -20,7 +20,7 @@ services:
         condition: service_started
         required: false
     image: nextcloud/aio-apache:latest
-    user: 33
+    user: "33"
     init: true
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
@@ -54,7 +54,7 @@ services:
 
   nextcloud-aio-database:
     image: nextcloud/aio-postgresql:latest
-    user: 999
+    user: "999"
     init: true
     expose:
       - "5432"
@@ -163,7 +163,7 @@ services:
 
   nextcloud-aio-notify-push:
     image: nextcloud/aio-notify-push:latest
-    user: 33
+    user: "33"
     init: true
     expose:
       - "7867"
@@ -186,7 +186,7 @@ services:
 
   nextcloud-aio-redis:
     image: nextcloud/aio-redis:latest
-    user: 999
+    user: "999"
     init: true
     expose:
       - "6379"
@@ -202,7 +202,7 @@ services:
 
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
-    user: 100
+    user: "100"
     init: true
     expose:
       - "9980"
@@ -224,7 +224,7 @@ services:
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest
-    user: 1000
+    user: "1000"
     init: true
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
@@ -255,7 +255,7 @@ services:
 
   nextcloud-aio-talk-recording:
     image: nextcloud/aio-talk-recording:latest
-    user: 122
+    user: "122"
     init: true
     expose:
       - "1234"
@@ -277,7 +277,7 @@ services:
 
   nextcloud-aio-clamav:
     image: nextcloud/aio-clamav:latest
-    user: 100
+    user: "100"
     init: false
     expose:
       - "3310"
@@ -318,7 +318,7 @@ services:
 
   nextcloud-aio-imaginary:
     image: nextcloud/aio-imaginary:latest
-    user: 65534
+    user: "65534"
     init: true
     expose:
       - "9000"
@@ -362,7 +362,7 @@ services:
 
   nextcloud-aio-whiteboard:
     image: nextcloud/aio-whiteboard:latest
-    user: 65534
+    user: "65534"
     init: true
     expose:
       - "3002"

From d50ec29cf0183506322d3502603d79dab1f2941a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 6 Nov 2024 15:27:52 +0000
Subject: [PATCH 2633/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                            | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml             | 3 ++-
 .../templates/nextcloud-aio-clamav-deployment.yaml             | 3 ++-
 .../templates/nextcloud-aio-collabora-deployment.yaml          | 3 ++-
 .../templates/nextcloud-aio-database-deployment.yaml           | 3 ++-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml          | 3 ++-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml        | 3 ++-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml              | 3 ++-
 .../templates/nextcloud-aio-talk-deployment.yaml               | 3 ++-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml     | 3 ++-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml         | 3 ++-
 14 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 906e4858..87d387b8 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.7.0
+version: 9.8.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d5a44e43..95bfa56f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20241106_101604"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
@@ -77,6 +77,7 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 33
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8a7af035..a6ae3c8f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20241106_101604"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
@@ -64,6 +64,7 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 100
           volumeMounts:
             - mountPath: /var/lib/clamav
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index b31676dc..d4148abe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20241106_101604"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
@@ -50,4 +50,5 @@ spec:
                 - SYS_ADMIN
               drop:
                 - NET_RAW
+            runAsUser: 100
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 58accc21..a841df05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20241106_101604"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
@@ -73,6 +73,7 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 999
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index e289671d..079e6519 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20241106_101604"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index dc42c9e6..56d2e96a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20241106_101604"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
@@ -41,4 +41,5 @@ spec:
                 - SYS_NICE
               drop:
                 - NET_RAW
+            runAsUser: 65534
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index cbfc8b15..ebb42895 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241106_101604"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 9e4133c0..380ab2f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20241106_101604"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
@@ -64,6 +64,7 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 33
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index f6607f0f..28abc76a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20241106_101604"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index cc7697ee..56e68584 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20241106_101604"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
@@ -50,6 +50,7 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 999
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 76b77197..0bc8c706 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20241106_101604"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
@@ -57,4 +57,5 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 1000
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 93cc7aec..4872b391 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20241106_101604"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
@@ -43,4 +43,5 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 122
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 55e9c2be..1002e5ca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20241106_101604"
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002
@@ -47,4 +47,5 @@ spec:
             capabilities:
               drop:
                 - NET_RAW
+            runAsUser: 65534
 {{- end }}

From 4f808d2d675c42adb4df97afe2778cabcec3db04 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Wed, 6 Nov 2024 16:28:36 +0100
Subject: [PATCH 2634/3949] ci(json-validator): use venv

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 .github/workflows/json-validator.yml | 73 ++++++++++++++--------------
 1 file changed, 37 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 91d5f169..3db0032d 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -1,36 +1,37 @@
-name: Json Validator
-
-on:
-  pull_request:
-    paths:
-      - '**.json'
-  push:
-    branches:
-      - main
-    paths:
-      - '**.json'
-
-jobs:
-  json-validator:
-    name: Json Validator
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Validate Json
-        run: |
-          sudo apt-get update
-          sudo apt-get install python3-pip -y --no-install-recommends
-          pip3 install json-spec
-          export PATH="$PATH:/home/runner/.local/bin"
-          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
-            exit 1
-          fi
-          JSON_FILES="$(find ./community-containers -name '*.json')"
-          mapfile -t JSON_FILES <<< "$JSON_FILES"
-          for file in "${JSON_FILES[@]}"; do
-            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
-          done
-          if grep -q "document does not validate with schema.\|invalid JSONFile" ./json-validator.log; then
-            exit 1
-          fi
+name: Json Validator
+
+on:
+  pull_request:
+    paths:
+      - '**.json'
+  push:
+    branches:
+      - main
+    paths:
+      - '**.json'
+
+jobs:
+  json-validator:
+    name: Json Validator
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Validate Json
+        run: |
+          sudo apt-get update
+          sudo apt-get install python3-venv -y --no-install-recommends
+          python3 -m venv venv
+          . venv/bin/activate
+          pip3 install json-spec
+          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
+            exit 1
+          fi
+          JSON_FILES="$(find ./community-containers -name '*.json')"
+          mapfile -t JSON_FILES <<< "$JSON_FILES"
+          for file in "${JSON_FILES[@]}"; do
+            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
+          done
+          if grep -q "document does not validate with schema.\|invalid JSONFile" ./json-validator.log; then
+            exit 1
+          fi

From 9deb2e035609f6efb1646ea07451c360b7469a7f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Nov 2024 19:54:39 +0000
Subject: [PATCH 2635/3949] build(deps): bump twig/twig from 3.14.0 to 3.14.1
 in /php

Bumps [twig/twig](https://github.com/twigphp/Twig) from 3.14.0 to 3.14.1.
- [Changelog](https://github.com/twigphp/Twig/blob/v3.14.1/CHANGELOG)
- [Commits](https://github.com/twigphp/Twig/compare/v3.14.0...v3.14.1)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0158a7a2..dd3d430f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1632,16 +1632,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.14.0",
+            "version": "v3.14.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72"
+                "reference": "f405356d20fb43603bcadc8b09bfb676cb04a379"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
-                "reference": "126b2c97818dbff0cdf3fbfc881aedb3d40aae72",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/f405356d20fb43603bcadc8b09bfb676cb04a379",
+                "reference": "f405356d20fb43603bcadc8b09bfb676cb04a379",
                 "shasum": ""
             },
             "require": {
@@ -1695,7 +1695,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.14.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.14.1"
             },
             "funding": [
                 {
@@ -1707,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-09T17:55:12+00:00"
+            "time": "2024-11-06T18:17:38+00:00"
         }
     ],
     "packages-dev": [
@@ -3742,6 +3742,6 @@
         "ext-curl": "*",
         "ext-apcu": "*"
     },
-    "platform-dev": {},
+    "platform-dev": [],
     "plugin-api-version": "2.6.0"
 }

From 5125ec934f065c9b835837d20b8153334a1f67dc Mon Sep 17 00:00:00 2001
From: Martin Ligabue <martinligabue@gmail.com>
Date: Wed, 6 Nov 2024 21:18:59 +0100
Subject: [PATCH 2636/3949] readme reset instance guide typo

probably due to a copypaste

Signed-off-by: Martin Ligabue <martinligabue@gmail.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 7176a024..b00f8ae4 100644
--- a/readme.md
+++ b/readme.md
@@ -378,7 +378,7 @@ Here is how to reset the AIO instance properly:
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
 1. Now remove all these dangling volumes: `sudo docker volume prune --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
 1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
-1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
+1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to remove them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 

From e30b4562b26b88f7acfecdc79d34a44a16efbca7 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Thu, 7 Nov 2024 00:26:35 -0800
Subject: [PATCH 2637/3949] Remove mastercontainer connection to
 APACHE_ADDITIONAL_CONTAINER. Follow that up in a separate PR.

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh    | 5 -----
 php/src/Docker/DockerActionManager.php | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index cbf79d75..7dc94809 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -200,11 +200,6 @@ It needs to be a string with letters, numbers, hyphens and underscores.
 It is set to '$APACHE_ADDITIONAL_NETWORK'."
         exit 1
     fi
-    tmp_out=$(sudo -u www-data docker network connect $APACHE_ADDITIONAL_NETWORK nextcloud-aio-mastercontainer 2>&1)
-    if [ -n "$tmp_out" ] && [[ ! "$tmp_out" =~ "nextcloud-aio-mastercontainer already exists in network $APACHE_ADDITIONAL_NETWORK" ]]; then
-        print_red "Unable to connect to $APACHE_ADDITIONAL_NETWORK. Cannot continue. Error: \n $tmp_out"
-        exit 1
-    fi
 fi
 if [ -n "$TALK_PORT" ]; then
     if ! check_if_number "$TALK_PORT"; then
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8cce6103..0c4b00ec 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -902,11 +902,6 @@ readonly class DockerActionManager {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
         // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
         // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
-
-        $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
-        if ($apacheAdditionalNetwork !== '') {
-            $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '', $apacheAdditionalNetwork, false);
-        }
     }
 
     public function ConnectContainerToNetwork(Container $container) : void

From 4a8e0c8415e4c356333b0f19177a878f9414a052 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 09:34:37 +0100
Subject: [PATCH 2638/3949] fix indentation

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 36 +++++++++++++-------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0c4b00ec..523aa2a1 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -851,26 +851,26 @@ readonly class DockerActionManager {
         }
 
         if ($createNetwork) {
-                $url = $this->BuildApiUrl('networks/create');
-                try {
-                    $this->guzzleClient->request(
-                        'POST',
-                        $url,
-                        [
-                            'json' => [
-                                'Name' => $network,
-                                'CheckDuplicate' => true,
-                                'Driver' => 'bridge',
-                                'Internal' => false,
-                            ]
+            $url = $this->BuildApiUrl('networks/create');
+            try {
+                $this->guzzleClient->request(
+                    'POST',
+                    $url,
+                    [
+                        'json' => [
+                            'Name' => $network,
+                            'CheckDuplicate' => true,
+                            'Driver' => 'bridge',
+                            'Internal' => false,
                         ]
-                    );
-                } catch (RequestException $e) {
-                    // 409 is undocumented and gets thrown if the network already exists.
-                    if ($e->getCode() !== 409) {
-                        throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
-                    }
+                    ]
+                );
+            } catch (RequestException $e) {
+                // 409 is undocumented and gets thrown if the network already exists.
+                if ($e->getCode() !== 409) {
+                    throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
                 }
+            }
         }
 
         $url = $this->BuildApiUrl(

From 01e10aa3f28262fe4c3a4538feb53f7c140775ec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 10:48:35 +0100
Subject: [PATCH 2639/3949] nextcloud: update to 29.0.9

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f5ebe94b..ce499863 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.8
+ENV NEXTCLOUD_VERSION=29.0.9
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 74e5a58a4c44b5a7c96d9ac173dfec9a0f12ab1a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 10:50:26 +0100
Subject: [PATCH 2640/3949] increase to 9.9.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index d1ddb499..6e9d1337 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v9.8.0</h1>
+            <h1>Nextcloud AIO v9.9.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 4e2bb8f1a7ea0c88bc1a8b2ca170ee79a18def0d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 11:22:29 +0100
Subject: [PATCH 2641/3949] talk-recording: change to firefox-esr

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 01841d6a..3671e76f 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -17,7 +17,7 @@ RUN set -ex; \
         bash \
         xvfb \
         ffmpeg \
-        firefox \
+        firefox-esr \
         bind-tools \
         netcat-openbsd \
         git \

From 56864dde66739d1d4a28a88e507b2bdea488bec0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 12:07:44 +0100
Subject: [PATCH 2642/3949] talk-recording: change tmpfs to volume

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 1 +
 Containers/talk-recording/start.sh   | 3 +++
 php/containers.json                  | 8 +++++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 3671e76f..23f02d95 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -48,6 +48,7 @@ RUN set -ex; \
         build-base \
         linux-headers;
 
+VOLUME /tmp
 WORKDIR /tmp
 USER 122
 ENTRYPOINT ["/start.sh"]
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 14a893a4..c73b7ea1 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -16,6 +16,9 @@ if [ -z "$HPB_DOMAIN" ]; then
     export HPB_DOMAIN="$NC_DOMAIN"
 fi
 
+# Delete all contents on startup to start fresh
+rm -fr /tmp/{*,.*}
+
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
diff --git a/php/containers.json b/php/containers.json
index 11eae04b..0faf85e9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -440,6 +440,13 @@
         "RECORDING_SECRET=%RECORDING_SECRET%",
         "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
       ],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_talk_recording",
+          "destination": "/tmp",
+          "writeable": true
+        }
+      ],
       "shm_size": 2147483648,
       "secrets": [
         "RECORDING_SECRET",
@@ -454,7 +461,6 @@
       ],
       "read_only": true,
       "tmpfs": [
-        "/tmp",
         "/conf"
       ],
       "cap_drop": [

From 7d286edc5fcb9cd7ed95c10c21a0298af258e0a1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 7 Nov 2024 12:02:48 +0000
Subject: [PATCH 2643/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/composer.lock b/php/composer.lock
index dd3d430f..5f7b5f0c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3742,6 +3742,6 @@
         "ext-curl": "*",
         "ext-apcu": "*"
     },
-    "platform-dev": [],
+    "platform-dev": {},
     "plugin-api-version": "2.6.0"
 }

From d5b6e6653d718c086ffdc6b602d4c8222c0a15d2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 7 Nov 2024 12:02:52 +0000
Subject: [PATCH 2644/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 1b15336a..12207b2b 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.2-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \

From 16a3c32ec3f1ce731bf8bbe38246c6c395f8975e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 7 Nov 2024 14:51:37 +0100
Subject: [PATCH 2645/3949] Revert "talk-recording: change to firefox-esr"

---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 23f02d95..1d7df914 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -17,7 +17,7 @@ RUN set -ex; \
         bash \
         xvfb \
         ffmpeg \
-        firefox-esr \
+        firefox \
         bind-tools \
         netcat-openbsd \
         git \

From 3eeda1ea91334c88372f5766a9d65a0335f54fde Mon Sep 17 00:00:00 2001
From: Tim Diels <tim@diels.me>
Date: Thu, 7 Nov 2024 22:19:56 +0100
Subject: [PATCH 2646/3949] Add remote borg backup support (#4804)

Signed-off-by: Tim Diels <tim@diels.me>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/Dockerfile              |   4 +-
 Containers/borgbackup/backupscript.sh         | 286 ++++++++++++------
 Containers/borgbackup/borg_excludes           |  11 +
 Containers/borgbackup/start.sh                |  18 +-
 php/containers.json                           |   1 +
 php/public/index.php                          |   2 +
 .../Controller/ConfigurationController.php    |  14 +-
 php/src/Data/ConfigurationManager.php         |  95 ++++--
 php/src/Data/DataConst.php                    |   4 +
 php/src/Docker/DockerActionManager.php        |   2 +
 php/templates/containers.twig                 |  76 +++--
 readme.md                                     |  48 ++-
 12 files changed, 402 insertions(+), 159 deletions(-)
 create mode 100644 Containers/borgbackup/borg_excludes

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 2f54145f..706a9c7d 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -11,11 +11,13 @@ RUN set -ex; \
         rsync \
         fuse \
         py3-llfuse \
-        jq
+        jq \
+        openssh-client
 
 VOLUME /root
 
 COPY --chmod=770 *.sh /
+COPY borg_excludes /
 
 ENTRYPOINT ["/start.sh"]
 # hadolint ignore=DL3002
diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 739d5f16..f86edb01 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -34,19 +34,23 @@ for volume in "${DEFAULT_VOLUMES[@]}"; do
 done
 
 # Check if target is mountpoint
-if ! mountpoint -q /mnt/borgbackup; then
-    echo "/mnt/borgbackup is not a mountpoint which is not allowed."
+if [ -z "$BORG_REMOTE_REPO" ] && ! mountpoint -q "$MOUNT_DIR"; then
+    echo "$MOUNT_DIR is not a mountpoint which is not allowed."
     exit 1
 fi
 
-# Check if target is empty
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-    echo "The repository is empty. Cannot perform check or restore."
+# Check if repo is uninitialized
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg info > /dev/null; then
+    if [ -n "$BORG_REMOTE_REPO" ]; then
+        echo "The repository is uninitialized or cannot connect to remote. Cannot perform check or restore."
+    else
+        echo "The repository is uninitialized. Cannot perform check or restore."
+    fi
     exit 1
 fi
 
 # Do not continue if this file exists (needed for simple external blocking)
-if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
+if [ -z "$BORG_REMOTE_REPO" ] && [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
     echo "Not continuing because aio-lockfile exists – it seems like a script is externally running which is locking the backup archive."
     echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
     exit 1
@@ -57,6 +61,13 @@ if [ "$BORG_MODE" = backup ] || [ "$BORG_MODE" = restore ]; then
     touch "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
 fi
 
+if [ -n "$BORG_REMOTE_REPO" ] && ! [ -f "$BORGBACKUP_KEY" ]; then
+    echo "First run, creating borg ssh key"
+    ssh-keygen  -f "$BORGBACKUP_KEY" -N ""
+    echo "You should configure the remote to accept this public key"
+fi
+echo "Your public ssh key for borgbackup is: $(cat "$BORGBACKUP_KEY.pub")"
+
 # Do the backup
 if [ "$BORG_MODE" = backup ]; then
 
@@ -100,15 +111,22 @@ if [ "$BORG_MODE" = backup ]; then
         exit 1
     fi
 
-    # Create backup folder
-    mkdir -p "$BORG_BACKUP_DIRECTORY"
+    if [ -z "$BORG_REMOTE_REPO" ]; then
+        # Create backup folder
+        mkdir -p "$BORG_BACKUP_DIRECTORY"
+    fi
 
-    # Initialize the repository if the target is empty
-    if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+    # Initialize the repository if can't get info from target
+    if ! borg info > /dev/null; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-            echo "No borg config file was found in the targeted directory."
-            echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
+            if [ -n "$BORG_REMOTE_REPO" ]; then
+                echo "Borg could not get info from the remote repo."
+                echo "This might be a failure to connect to the remote server. See the above borg info output for details."
+            else
+                echo "Borg could not get info from the targeted directory."
+                echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
+            fi
             echo "If you instead want to initialize a new backup repository, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
             echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
             exit 1
@@ -116,28 +134,44 @@ if [ "$BORG_MODE" = backup ]; then
 
         echo "Initializing repository..."
         NEW_REPOSITORY=1
-        if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
+        if ! borg init --debug --encryption=repokey-blake2; then
             echo "Could not initialize borg repository."
-            rm -f "$BORG_BACKUP_DIRECTORY/config"
+            if [ -z "$BORG_REMOTE_REPO" ]; then
+                # Originally we checked for presence of the config file instead of calling `borg info`. Likely `borg info`
+                # will error on a partially initialized repo, so this line is probably no longer necessary
+                rm -f "$BORG_BACKUP_DIRECTORY/config"
+            fi
             exit 1
         fi
-        borg config "$BORG_BACKUP_DIRECTORY" additional_free_space 2G
 
-        # Fix too large Borg cache
-        # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
-        BORG_ID="$(borg config "$BORG_BACKUP_DIRECTORY" id)"
-        rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d"
-        touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
+        if [ -z "$BORG_REMOTE_REPO" ]; then
+            # borg config only works for local repos; it's up to the remote to ensure the disk isn't full
+            borg config :: additional_free_space 2G
 
-        # Make a backup from the borg config file
-        if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-            echo "The borg config file wasn't created. Something is wrong."
+            # Fix too large Borg cache
+            # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
+            BORG_ID="$(borg config :: id)"
+            rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d"
+            touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
+        fi
+
+        if ! borg info > /dev/null; then
+            echo "Borg can't get info from the repo it created. Something is wrong."
             exit 1
         fi
+
         rm -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
-        if ! cp "$BORG_BACKUP_DIRECTORY/config" "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"; then
-            echo "Could not copy config file to second place. Cannot perform backup."
-            exit 1
+        if [ -n "$BORG_REMOTE_REPO" ]; then
+            # `borg config` does not support remote repos so instead create a dummy file and rely on the remote to avoid
+            # corruption of the config file (which contains the encryption key). We don't actually use the contents of
+            # this file anywhere, so a touch is all we need so we remember we already initialized the repo.
+            touch "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
+        else
+            # Make a backup from the borg config file
+            if ! cp "$BORG_BACKUP_DIRECTORY/config" "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"; then
+                echo "Could not copy config file to second place. Cannot perform backup."
+                exit 1
+            fi
         fi
 
         echo "Repository successfully initialized."
@@ -167,9 +201,9 @@ if [ "$BORG_MODE" = backup ]; then
     # Create the backup
     echo "Starting the backup..."
     get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
+    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
         echo "Deleting the failed backup archive..."
-        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
         echo "You might want to check the backup integrity via the AIO interface."
         if [ "$NEW_REPOSITORY" = 1 ]; then
@@ -188,14 +222,14 @@ if [ "$BORG_MODE" = backup ]; then
 
     # Prune archives
     echo "Pruning the archives..."
-    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
         echo "Failed to prune archives!"
         exit 1
     fi
 
     # Compact archives
     echo "Compacting the archives..."
-    if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg compact; then
         echo "Failed to compact archives!"
         exit 1
     fi
@@ -212,19 +246,19 @@ if [ "$BORG_MODE" = backup ]; then
                 fi
             done
             echo "Starting the backup for additional volumes..."
-            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+            if ! borg create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                 echo "Deleting the failed backup archive..."
-                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
+                borg delete --stats "::$CURRENT_DATE-additional-docker-volumes"
                 echo "Backup of additional docker-volumes failed!"
                 exit 1
             fi
             echo "Pruning additional volumes..."
-            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
             echo "Compacting additional volumes..."
-            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg compact; then
                 echo "Failed to compact additional docker-volume archives!"
                 exit 1
             fi
@@ -242,19 +276,19 @@ if [ "$BORG_MODE" = backup ]; then
                 EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
             done
             echo "Starting the backup for additional host mounts..."
-            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                 echo "Deleting the failed backup archive..."
-                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
+                borg delete --stats "::$CURRENT_DATE-additional-host-mounts"
                 echo "Backup of additional host-mounts failed!"
                 exit 1
             fi
             echo "Pruning additional host mounts..."
-            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi
             echo "Compacting additional host mounts..."
-            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg compact; then
                 echo "Failed to compact additional host-mount archives!"
                 exit 1
             fi
@@ -276,18 +310,13 @@ fi
 if [ "$BORG_MODE" = restore ]; then
     get_start_time
 
-    # Perform the restore
+    # Pick archive to restore
     if [ -n "$SELECTED_RESTORE_TIME" ]; then
-        SELECTED_ARCHIVE="$(borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | grep "$SELECTED_RESTORE_TIME" | awk -F " " '{print $1}' | head -1)"
+        SELECTED_ARCHIVE="$(borg list | grep "nextcloud-aio" | grep "$SELECTED_RESTORE_TIME" | awk -F " " '{print $1}' | head -1)"
     else
-        SELECTED_ARCHIVE="$(borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1}' | sort -r | head -1)"
+        SELECTED_ARCHIVE="$(borg list | grep "nextcloud-aio" | awk -F " " '{print $1}' | sort -r | head -1)"
     fi
     echo "Restoring '$SELECTED_ARCHIVE'..."
-    mkdir -p /tmp/borg
-    if ! borg mount "$BORG_BACKUP_DIRECTORY::$SELECTED_ARCHIVE" /tmp/borg; then
-        echo "Could not mount the backup!"
-        exit 1
-    fi
 
     # Save Additional Backup dirs
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories" ]; then
@@ -299,27 +328,12 @@ if [ "$BORG_MODE" = restore ]; then
         DAILY_BACKUPTIME="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time)"
     fi
 
-    # Restore everything except the configuration file
-    if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_apache/caddy/**" \
-    --exclude "nextcloud_aio_mastercontainer/caddy/**" \
-    --exclude "nextcloud_aio_nextcloud/data/nextcloud.log*" \
-    --exclude "nextcloud_aio_nextcloud/data/audit.log" \
-    --exclude "nextcloud_aio_mastercontainer/certs/**" \
-    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
-    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
-    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-    --exclude "nextcloud_aio_mastercontainer/session/**" \
-    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
-        RESTORE_FAILED=1
-        echo "Something failed while restoring from backup."
-    fi
-
     # Save current aio password
     AIO_PASSWORD="$(jq '.password' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
 
-    # Save current path
+    # Save current backup location vars
     BORG_LOCATION="$(jq '.borg_backup_host_location' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    REMOTE_REPO="$(jq '.borg_remote_repo' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
 
     # Save current nextcloud datadir
     if grep -q '"nextcloud_datadir":' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
@@ -328,21 +342,111 @@ if [ "$BORG_MODE" = restore ]; then
         NEXTCLOUD_DATADIR='""'
     fi
 
-    # Restore the configuration file
-    if ! rsync --archive --human-readable -vv \
-    /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
-    /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
-        RESTORE_FAILED=1
-        echo "Something failed while restoring the configuration.json."
+    if [ -z "$BORG_REMOTE_REPO" ]; then
+        mkdir -p /tmp/borg
+        if ! borg mount "::$SELECTED_ARCHIVE" /tmp/borg; then
+            echo "Could not mount the backup!"
+            exit 1
+        fi
+
+        # Restore everything except the configuration file
+        #
+        # These exclude patterns need to be kept in sync with the borg_excludes file and the find excludes in this file,
+        # which use a different syntax (patterns appear in 3 places in total)
+        if ! rsync --stats --archive --human-readable -vv --delete \
+        --exclude "nextcloud_aio_apache/caddy/**" \
+        --exclude "nextcloud_aio_mastercontainer/caddy/**" \
+        --exclude "nextcloud_aio_nextcloud/data/nextcloud.log*" \
+        --exclude "nextcloud_aio_nextcloud/data/audit.log" \
+        --exclude "nextcloud_aio_mastercontainer/certs/**" \
+        --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+        --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+        --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
+        --exclude "nextcloud_aio_mastercontainer/session/**" \
+        /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
+            RESTORE_FAILED=1
+            echo "Something failed while restoring from backup."
+        fi
+
+        # Restore the configuration file
+        if ! rsync --archive --human-readable -vv \
+                /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
+                /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+            RESTORE_FAILED=1
+            echo "Something failed while restoring the configuration.json."
+        fi
+
+        if ! umount /tmp/borg; then
+            echo "Failed to unmount the borg archive but should still be able to restore successfully"
+        fi
+    else
+        # Restore nearly everything
+        #
+        # borg mount is really slow for remote repos (did not check whether it's slow for local repos too),
+        # using extract to /tmp would require temporarily storing a second copy of the data.
+        # So instead extract directly on top of the destination with exclude patterns for the config, but
+        # then we do still need to delete local files which are not present in the archive.
+        #
+        # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
+        cd /  # borg extract has no destination arg and extracts to CWD
+        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes --pattern '+nextcloud_aio_volumes/**'
+        then
+            RESTORE_FAILED=1
+            echo "Failed to extract backup archive."
+        else
+            # Delete files/dirs present locally, but not in the backup archive, excluding conf files
+            # https://unix.stackexchange.com/a/759341
+            # This comm does not support -z, but I doubt any file names would have \n in them
+            echo "Deleting local files which do not exist in the backup"
+            # These find patterns need to be kept in sync with the borg_excludes file and the rsync excludes in this
+            # file, which use a different syntax (patterns appear in 3 places in total)
+            if ! find nextcloud_aio_volumes \
+                    -not \( \
+                        -path nextcloud_aio_volumes/nextcloud_aio_apache/caddy \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_apache/caddy/*" \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy/*" \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs/*" \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session/*" \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \
+                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \
+                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \
+                    \) \
+                    | LC_ALL=C sort \
+                    | LC_ALL=C comm -23 - \
+                        <(borg list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
+                    > /tmp/local_files_not_in_backup
+            then
+                RESTORE_FAILED=1
+                echo "Failed to delete local files not in backup archive."
+            else
+                # More robust than e.g. xargs as I got a ~"args line too long" error while testing that, but it's slower
+                # https://stackoverflow.com/a/21848934
+                while IFS= read -r file
+                do rm -vrf -- "$file" || DELETE_FAILED=1
+                done < /tmp/local_files_not_in_backup
+
+                if [ "$DELETE_FAILED" = 1 ]; then
+                    RESTORE_FAILED=1
+                    echo "Failed to delete (some) local files not in backup archive."
+                fi
+            fi
+        fi
     fi
 
     # Set backup-mode to restore since it was a restore
     CONTENTS="$(jq '."backup-mode" = "restore"' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
     echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
 
-    # Reset the backup path to the currently used one
+    # Reset the backup location vars to the currently used one
     CONTENTS="$(jq ".borg_backup_host_location = $BORG_LOCATION" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
     echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
+    CONTENTS="$(jq ".borg_remote_repo = $REMOTE_REPO" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
 
     # Reset the AIO password to the currently used one
     CONTENTS="$(jq ".password = $AIO_PASSWORD" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
@@ -366,8 +470,6 @@ if [ "$BORG_MODE" = restore ]; then
         chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
     fi
 
-    umount /tmp/borg
-
     if [ "$RESTORE_FAILED" = 1 ]; then
         exit 1
     fi
@@ -394,7 +496,7 @@ if [ "$BORG_MODE" = check ]; then
     echo "Checking the backup integrity..."
 
     # Perform the check
-    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data; then
         echo "Some errors were found while checking the backup integrity!"
         echo "Check the AIO interface for advices on how to proceed now!"
         exit 1
@@ -412,7 +514,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
     echo "Checking the backup integrity and repairing it..."
 
     # Perform the check-repair
-    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+    if ! echo YES | borg check -v --repair; then
         echo "Some errors were found while checking and repairing the backup integrity!"
         exit 1
     fi
@@ -425,19 +527,29 @@ fi
 
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
-    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
-        echo "No 'borg' directory in the given backup directory found!"
-        echo "Only the files/folders below have been found in the given directory."
-        ls -a "$MOUNT_DIR"
-        echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
-        exit 1
-    elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-        echo "A 'borg' directory was found but could not find the borg archive."
-        echo "Only the files/folders below have been found in the borg directory."
-        ls -a "$BORG_BACKUP_DIRECTORY"
-        echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
-        exit 1
-    elif ! borg list "$BORG_BACKUP_DIRECTORY"; then
+    if [ -n "$BORG_REMOTE_REPO" ]; then
+        if ! borg info > /dev/null; then
+            echo "Borg could not get info from the remote repo."
+            echo "See the above borg info output for details."
+            exit 1
+        fi
+    else
+        if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
+            echo "No 'borg' directory in the given backup directory found!"
+            echo "Only the files/folders below have been found in the given directory."
+            ls -a "$MOUNT_DIR"
+            echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
+            exit 1
+        elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+            echo "A 'borg' directory was found but could not find the borg archive."
+            echo "Only the files/folders below have been found in the borg directory."
+            ls -a "$BORG_BACKUP_DIRECTORY"
+            echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
+            exit 1
+        fi
+    fi
+
+    if ! borg list; then
         echo "The entered path seems to be valid but could not open the backup archive."
         echo "Most likely the entered password was wrong so please adjust it accordingly!"
         exit 1
diff --git a/Containers/borgbackup/borg_excludes b/Containers/borgbackup/borg_excludes
new file mode 100644
index 00000000..bbe6adaa
--- /dev/null
+++ b/Containers/borgbackup/borg_excludes
@@ -0,0 +1,11 @@
+# These patterns need to be kept in sync with rsync and find excludes in backupscript.sh,
+# which use a different syntax (patterns appear in 3 places in total)
+nextcloud_aio_volumes/nextcloud_aio_apache/caddy/
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy/
+nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*
+nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs/
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session/
+nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*
\ No newline at end of file
diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh
index e8d93f58..9da0d840 100644
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -2,7 +2,7 @@
 
 # Variables
 export MOUNT_DIR="/mnt/borgbackup"
-export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"
+export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"  # necessary even when remote to store the aio-lockfile
 
 # Validate BORG_PASSWORD
 if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
@@ -18,6 +18,18 @@ else
 fi
 export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
+if [ -n "$BORG_REMOTE_REPO" ]; then
+    export BORG_REPO="$BORG_REMOTE_REPO"
+
+    # Location to create the borg ssh pub/priv key
+    export BORGBACKUP_KEY="/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg"
+
+    # Accept any host key the first time connecting to the remote. Strictly speaking should be provided by user but you'd
+    # have to be very unlucky to get MitM'ed on your first connection.
+    export BORG_RSH="ssh -o StrictHostKeyChecking=accept-new -i $BORGBACKUP_KEY"
+else
+    export BORG_REPO="$BORG_BACKUP_DIRECTORY"
+fi
 
 # Validate BORG_MODE
 if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
@@ -36,8 +48,8 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
 
 # Get a list of all available borg archives
-if borg list "$BORG_BACKUP_DIRECTORY" &>/dev/null; then
-    borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+if borg list &>/dev/null; then
+    borg list | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 else
     echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 fi
diff --git a/php/containers.json b/php/containers.json
index 0faf85e9..60047776 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -473,6 +473,7 @@
       "image": "nextcloud/aio-borgbackup",
       "init": true,
       "environment": [
+        "BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%",
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
diff --git a/php/public/index.php b/php/public/index.php
index 9614419e..30e39246 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -86,6 +86,8 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'domain' => $configurationManager->GetDomain(),
         'apache_port' => $configurationManager->GetApachePort(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
+        'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(),
+        'borg_public_key' => $configurationManager->GetBorgPublicKey(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
         'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index c38c1bc1..67463ab1 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -28,15 +28,17 @@ readonly class ConfigurationController {
                 $this->configurationManager->ChangeMasterPassword($currentMasterPassword, $newMasterPassword);
             }
 
-            if (isset($request->getParsedBody()['borg_backup_host_location'])) {
+            if (isset($request->getParsedBody()['borg_backup_host_location']) || isset($request->getParsedBody()['borg_remote_repo'])) {
                 $location = $request->getParsedBody()['borg_backup_host_location'] ?? '';
-                $this->configurationManager->SetBorgBackupHostLocation($location);
+                $borgRemoteRepo = $request->getParsedBody()['borg_remote_repo'] ?? '';
+                $this->configurationManager->SetBorgLocationVars($location, $borgRemoteRepo);
             }
 
-            if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_password'])) {
+            if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_remote_repo']) || isset($request->getParsedBody()['borg_restore_password'])) {
                 $restoreLocation = $request->getParsedBody()['borg_restore_host_location'] ?? '';
+                $borgRemoteRepo = $request->getParsedBody()['borg_restore_remote_repo'] ?? '';
                 $borgPassword = $request->getParsedBody()['borg_restore_password'] ?? '';
-                $this->configurationManager->SetBorgRestoreHostLocationAndPassword($restoreLocation, $borgPassword);
+                $this->configurationManager->SetBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword);
             }
 
             if (isset($request->getParsedBody()['daily_backup_time'])) {
@@ -132,8 +134,8 @@ readonly class ConfigurationController {
                 $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
             }
 
-            if (isset($request->getParsedBody()['delete_borg_backup_host_location'])) {
-                $this->configurationManager->DeleteBorgBackupHostLocation();
+            if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
+                $this->configurationManager->DeleteBorgBackupLocationVars();
             }
 
             return $response->withStatus(201)->withHeader('Location', '/');
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3b47b90c..69f59d5c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -439,48 +439,61 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetBorgBackupHostLocation(string $location) : void {
-        $isValidPath = false;
-        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
-            $isValidPath = true;
-        } elseif ($location === 'nextcloud_aio_backupdir') {
-            $isValidPath = true;
-        }
-
-        if (!$isValidPath) {
-            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
-        }
-
+    public function SetBorgLocationVars(string $location, string $repo) : void {
+        $this->ValidateBorgLocationVars($location, $repo);
 
         $config = $this->GetConfig();
         $config['borg_backup_host_location'] = $location;
+        $config['borg_remote_repo'] = $repo;
         $this->WriteConfig($config);
     }
 
-    public function DeleteBorgBackupHostLocation() : void {
-        $config = $this->GetConfig();
-        $config['borg_backup_host_location'] = '';
-        $this->WriteConfig($config);
-    }
-
-        /**
-     * @throws InvalidSettingConfigurationException
-     */
-    public function SetBorgRestoreHostLocationAndPassword(string $location, string $password) : void {
-        if ($location === '') {
-            throw new InvalidSettingConfigurationException("Please enter a path!");
+    private function ValidateBorgLocationVars(string $location, string $repo) : void {
+        if ($location === '' && $repo === '') {
+            throw new InvalidSettingConfigurationException("Please enter a path or a remote repo url!");
+        } elseif ($location !== '' && $repo !== '') {
+            throw new InvalidSettingConfigurationException("Location and remote repo url are mutually exclusive!");
         }
         
-        $isValidPath = false;
-        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
-            $isValidPath = true;
-        } elseif ($location === 'nextcloud_aio_backupdir') {
-            $isValidPath = true;
-        }
+        if ($location !== '') {
+            $isValidPath = false;
+            if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
+                $isValidPath = true;
+            } elseif ($location === 'nextcloud_aio_backupdir') {
+                $isValidPath = true;
+            }
 
-        if (!$isValidPath) {
-            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
+            if (!$isValidPath) {
+                throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
+            }
+        } else {
+            $this->ValidateBorgRemoteRepo($repo);
         }
+    }
+
+    private function ValidateBorgRemoteRepo(string $repo) : void {
+        $commonMsg = "For valid urls, see the remote examples at https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls";
+        if ($repo === "") {
+            // Ok, remote repo is optional
+        } elseif (!str_contains($repo, "@")) {
+            throw new InvalidSettingConfigurationException("The remote repo must contain '@'. $commonMsg");
+        } elseif (!str_contains($repo, ":")) {
+            throw new InvalidSettingConfigurationException("The remote repo must contain ':'. $commonMsg");
+        }
+    }
+
+    public function DeleteBorgBackupLocationVars() : void {
+        $config = $this->GetConfig();
+        $config['borg_backup_host_location'] = '';
+        $config['borg_remote_repo'] = '';
+        $this->WriteConfig($config);
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetBorgRestoreLocationVarsAndPassword(string $location, string $repo, string $password) : void {
+        $this->ValidateBorgLocationVars($location, $repo);
 
         if ($password === '') {
             throw new InvalidSettingConfigurationException("Please enter the password!");
@@ -488,6 +501,7 @@ class ConfigurationManager
 
         $config = $this->GetConfig();
         $config['borg_backup_host_location'] = $location;
+        $config['borg_remote_repo'] = $repo;
         $config['borg_restore_password'] = $password;
         $config['instance_restore_attempt'] = 1;
         $this->WriteConfig($config);
@@ -582,6 +596,23 @@ class ConfigurationManager
         return $config['borg_backup_host_location'];
     }
 
+    public function GetBorgRemoteRepo() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['borg_remote_repo'])) {
+            $config['borg_remote_repo'] = '';
+        }
+
+        return $config['borg_remote_repo'];
+    }
+
+    public function GetBorgPublicKey() : string {
+        if (!file_exists(DataConst::GetBackupPublicKey())) {
+            return "";
+        }
+        
+        return trim(file_get_contents(DataConst::GetBackupPublicKey()));
+    }
+
     public function GetBorgRestorePassword() : string {
         $config = $this->GetConfig();
         if(!isset($config['borg_restore_password'])) {
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 2512b7fb..4f697325 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -23,6 +23,10 @@ class DataConst {
         return self::GetDataDirectory() . '/configuration.json';
     }
 
+    public static function GetBackupPublicKey() : string {
+        return self::GetDataDirectory() . '/id_borg.pub';
+    }
+
     public static function GetBackupSecretFile() : string {
         return self::GetDataDirectory() . '/backupsecret';
     }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 4456ff69..89385a11 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -265,6 +265,8 @@ readonly class DockerActionManager {
                     $replacements[1] = $this->configurationManager->GetBaseDN();
                 } elseif ($out[1] === 'AIO_TOKEN') {
                     $replacements[1] = $this->configurationManager->GetToken();
+                } elseif ($out[1] === 'BORGBACKUP_REMOTE_REPO') {
+                    $replacements[1] = $this->configurationManager->GetBorgRemoteRepo();
                 } elseif ($out[1] === 'BORGBACKUP_MODE') {
                     $replacements[1] = $this->configurationManager->GetBackupMode();
                 } elseif ($out[1] === 'AIO_URL') {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6e9d1337..5449f1cd 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -25,6 +25,7 @@
             {# timezone-prefill #}
             <script type="text/javascript" src="timezone.js"></script>
 
+            {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
             {% set isAnyRestarting = false %}
             {% set isWatchtowerRunning = false %}
@@ -90,7 +91,7 @@
                             <input type="submit" value="Update mastercontainer" />
                         </form>
                     {% else %}
-                        {% if borg_backup_host_location == '' and borg_restore_password == '' %}
+                        {% if not hasBackupLocation %}
                             <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
                             <p>You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.</p>
                             {{ include('includes/aio-config.twig') }}
@@ -130,7 +131,7 @@
                         {% endif %}
 
                         {% if is_instance_restore_attempt == false %}
-                            {% if borg_backup_host_location != '' and borg_restore_password != '' %}
+                            {% if hasBackupLocation %}
                                 {% if borg_backup_mode in ['test', 'check'] %}
                                     {% if backup_exit_code > 0 %}
                                         <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
@@ -179,11 +180,23 @@
                                 {% endif %}
                             {% endif %}
 
-                            {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
-                                <p>Please enter the location of the backup archive on your host and the encryption password of the backup archive below:</p>
+                            {% if not hasBackupLocation or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
+                                {% if borg_remote_repo and backup_exit_code > 0 %}
+                                <p>
+                                You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
+                                To try again, resubmit your location and rerun the test.
+                                </p>
+                                {% endif %}
+
+                                <p>
+                                Please enter the location of the backup archive on your host or a
+                                <a href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
+                                if stored remotely; and the encryption password of the backup archive below:
+                                </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
-                                    <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/>
+                                    <label>Local backup location</label> <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="user@host:/path/to/repo"/><br>
+                                    <label>Borg passphrase</label> <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit location and encryption password" />
@@ -220,19 +233,19 @@
                 {% if domain != "" %}
                     {% if isAnyRunning == true %}
                         {% if isApacheStarting != true %}
-                            {% if borg_backup_host_location != '' %}
+                            {% if hasBackupLocation %}
                                 <details>
                                 <summary>Click here to reveal the initial Nextcloud credentials</summary>
                             {% endif %}
                                     <p>Initial Nextcloud username: <strong>admin</strong></p>
-                            {% if borg_backup_host_location != '' %}
+                            {% if hasBackupLocation %}
                                 {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
                                 <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
                             {% else %}
                                 <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
                             {% endif %}
                             <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
-                            {% if borg_backup_host_location == '' %}
+                            {% if not hasBackupLocation %}
                                 <p>If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
                             {% endif %}
                         {% else %}
@@ -371,11 +384,16 @@
                             <h2>Backup and restore</h2>
                             <p>The backup section is disabled via environmental variable.</p>
                         {% else %}
-                            {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
+                            {% if is_backup_container_running == false and not hasBackupLocation and isApacheStarting != true %}
                                 <h2>Backup and restore</h2>
                                 <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
+                                <p>
+                                To store backups remotely instead, fill in the
+                                <a href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
+                                </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                    <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="user@host:/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit backup location" />
@@ -386,7 +404,7 @@
 
                         {% if is_backup_section_enabled == true %}
 
-                            {% if borg_backup_host_location != "" %}
+                            {% if hasBackupLocation %}
                                 {% if is_backup_container_running == false %}
                                     <h2>Backup and restore</h2>
                                     {% if backup_exit_code > 0 %}
@@ -404,9 +422,19 @@
                                             </details>
                                         {% endif %}
                                         {% if has_backup_run_once == false %}
+                                            <p>The initial backup was not successful.</p>
+
+                                            {% if borg_remote_repo %}
+                                            <p>
+                                            You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
+                                            To try again, click <strong>Create backup</strong>.
+                                            </p>
+                                            {% endif %}
+                                            
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
-                                                <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup" />
+                                                <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
+                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="user@host:/path/to/repo"/><br>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Set backup location again" />
@@ -432,7 +460,17 @@
                                     <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
                                     <p>The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
                                     <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
-                                    <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
+                                    {% if borg_remote_repo != '' %}
+                                        <p>
+                                        Backups get created remotely at:<br>
+                                        <strong>{{ borg_remote_repo }}</strong>
+                                        {% if has_backup_run_once == true %}
+                                        <br/>Your borg ssh public key is:<br><strong>{{ borg_public_key }}</strong>
+                                        {% endif %}
+                                        </p>
+                                    {% else %}
+                                        <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
+                                    {% endif %}
                                     <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
                                     <p>For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
                                     <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
@@ -448,10 +486,14 @@
                                         </form>
 
                                         {% if has_backup_run_once == false %}
-                                            <h3>Reset backup host location</h3>
-                                            <p>If the configured backup host location <strong>{{ borg_backup_host_location }}</strong> is wrong, you can reset it by clicking on the button below.</p>
+                                            <h3>Reset backup location</h3>
+                                            <p>
+                                            If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
+                                            {% if borg_remote_repo %}or the remote repo <strong>{{ borg_remote_repo }}</strong> is wrong{% endif %},
+                                            you can reset it by clicking on the button below.
+                                            </p>
                                             <form method="POST" action="/api/configuration" class="xhr">
-                                                <input type="hidden" name="delete_borg_backup_host_location" value="yes"/>
+                                                <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Reset backup location" />
diff --git a/readme.md b/readme.md
index b00f8ae4..fac0235b 100644
--- a/readme.md
+++ b/readme.md
@@ -67,10 +67,10 @@ Included are:
 - Many of the included containers have a read-only root-FS (good for security)
 - Included containers run in its own docker network (good for security) and only really necessary ports are exposed on the host
 - [Multiple instances on one server](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) are doable without having to deal with VMs
-- Adjustable backup path from the AIO interface (good to put the backups e.g. on a different drive)
+- Adjustable backup path or remote borg repository from the AIO interface (good to put the backups e.g. on a different drive if using a local backup path)
 - Possibility included to also back up external Docker Volumes or Host paths (can be used for host backups)
 - Borg backup can be completely managed from the AIO interface, including backup creation, backup restore, backup integrity check and integrity-repair
-- [Remote backups](https://github.com/nextcloud/all-in-one#are-remote-borg-backups-supported) are indirectly possible
+- Other forms of [remote backup](https://github.com/nextcloud/all-in-one#are-remote-borg-backups-supported) are indirectly possible
 - Updates and backups can be [run from an external script](https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally). See [this documentation](https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) for a complete example.
 
 </details>
@@ -383,11 +383,11 @@ Here is how to reset the AIO instance properly:
 1. And you are done! Now feel free to start over with the recommended docker run command!
 
 ### Backup solution
-Nextcloud AIO provides a local backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a local restore point in case the installation gets corrupted. By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.
+Nextcloud AIO provides a backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a restore point in case the installation gets corrupted. By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.
 
 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 
 
-The restore process should be pretty fast as rsync is used to restore the chosen backup which only transfers changed files and deletes additional ones.
+For local backups, the restore process should be pretty fast as rsync is used to restore the chosen backup which only transfers changed files and deletes additional ones. For remote borg backups, the whole backup archive is extracted from the remote, which depending on how clever `borg extract` is, may require downloading the whole archive.
 
 If you connect an external drive to your host, and choose the backup directory to be on that drive, you are also kind of safe against drive failures of the drive where the docker volumes are stored on. 
 
@@ -404,6 +404,14 @@ If you connect an external drive to your host, and choose the backup directory t
 
 </details>
 
+If you want to back up directly to a remote borg repository:
+
+1. Create your borg repository at the remote. Note down the repository URL for later.
+2. Open the AIO interface
+3. Under backup section, leave the local path blank and fill in the url to your borg repository that you noted down earlier.
+4. Click on `Create backup`, this will create an ssh key pair and fail because the remote doesn't trust this key yet. Copy the public key shown in AIO and add it to your authorized keys on the remote.
+5. Try again to create a backup, this time it should succeed.
+
 Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore selected backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 
 
 The backups themselves get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
@@ -421,8 +429,10 @@ Backed up will get all important data of your Nextcloud AIO instance like the da
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
 #### Are remote borg backups supported?
+Backing up directly to a remote borg repository is supported. This avoids having to store a local copy of your backups, supports append-only borg keys to counter ransomware and allows using the AIO interface to manage your backups.
+
+Some alternatives, which do not have all the above benefits:
 
-Not directly but you have multiple options to achieve this:
 - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
 - Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
 - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
@@ -457,8 +467,14 @@ You can open the BorgBackup archives on your host by following these steps:<br>
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup
 
-# Mount the archives to /tmp/borg (if you are using the default backup location /mnt/backup/borg)
-sudo mkdir -p /tmp/borg && sudo borg mount "/mnt/backup/borg" /tmp/borg
+# In any shell where you use borg, you must first export this variable
+# If you are using the default backup location /mnt/backup/borg
+export BORG_REPO='/mnt/backup/borg'
+# or if you are using a remote repository
+export BORG_REPO='user@host:/path/to/repo'
+
+# Mount the archives to /tmp/borg
+sudo mkdir -p /tmp/borg && sudo borg mount "$BORG_REPO" /tmp/borg
 
 # After entering your repository key successfully, you should be able to access all archives in /tmp/borg
 # You can now do whatever you want by syncing them to a different place using rsync or doing other things
@@ -478,18 +494,24 @@ You can delete BorgBackup archives on your host manually by following these step
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup
 
+# In any shell where you use borg, you must first export this variable
+# If you are using the default backup location /mnt/backup/borg
+export BORG_REPO='/mnt/backup/borg'
+# or if you are using a remote repository
+export BORG_REPO='user@host:/path/to/repo'
+
 # List all archives (if you are using the default backup location /mnt/backup/borg)
-sudo borg list "/mnt/backup/borg"
+sudo borg list
 
 # After entering your repository key successfully, you should now see a list of all backup archives
 # An example backup archive might be called 20220223_174237-nextcloud-aio
 # Then you can simply delete the archive with:
-sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud-aio"
+sudo borg delete --stats --progress "::20220223_174237-nextcloud-aio"
 
 # If borg 1.2.0 or higher is installed, you then need to run borg compact in order to clean up the freed space
 sudo borg --version
 # If version number of the command above is higher than 1.2.0 you need to run the command below:
-sudo borg compact "/mnt/backup/borg"
+sudo borg compact
 
 ```
 
@@ -498,8 +520,8 @@ You can do so by clicking on the `Check backup integrity` button or `Create back
 
 ---
 
-#### Sync the backup regularly to another drive
-For increased backup security, you might consider syncing the backup repository regularly to another drive.
+#### Sync local backups regularly to another drive
+For increased backup security, you might consider syncing the local backup repository regularly to another drive.
 
 To do that, first add the drive to `/etc/fstab` so that it is able to get automatically mounted and then create a script that does all the things automatically. Here is an example for such a script:
 
@@ -600,7 +622,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 > [!WARNING]  
 > The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script.
 
-You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
+You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environment variables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.

From 8e105857ab8e50de07804db37a9bbd9e8d52567c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 05:04:49 +0000
Subject: [PATCH 2647/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.9.1.1 to 24.04.9.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e5bd7c04..566f63b9 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.9.1.1
+FROM collabora/code:24.04.9.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 144df87b74cab45498a5d28a124b947d05d42f5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 05:04:56 +0000
Subject: [PATCH 2648/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.2-alpine3.20 to 1.23.3-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 12207b2b..20c90fa5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.2-alpine3.20 AS go
+FROM golang:1.23.3-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 

From 135a42c36d7c06d9d3c004328527b428bf027e05 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 09:55:43 +0100
Subject: [PATCH 2649/3949] nextcloud-aio-app: increase to v0.7.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index e064273d..43c22ebd 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.6.0</version>
+	<version>0.7.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="28" max-version="29"/>
+		<nextcloud min-version="29" max-version="30"/>
 	</dependencies>
 
 	<settings>

From a70fbd2137319a2a852912d1e0854f16307e619b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 10:06:04 +0100
Subject: [PATCH 2650/3949] aio-interface: remove hint regarding nc 30 update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5449f1cd..f0d7583e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -33,7 +33,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = 30 %}
+            {% set newMajorVersion = '' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 5bc3cab1affcd9b0340f5e0c91423de8d60ad1a2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 10:17:30 +0100
Subject: [PATCH 2651/3949] helm: remove IMAGE_MIRROR_PREFIX,
 NEXTCLOUD_IMAGE_ORG and ALPINE_IMAGE_ORG

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud-aio-apache-deployment.yaml      |  4 ++--
 .../nextcloud-aio-clamav-deployment.yaml      |  6 +++---
 .../nextcloud-aio-collabora-deployment.yaml   |  2 +-
 .../nextcloud-aio-database-deployment.yaml    |  6 +++---
 ...xtcloud-aio-fulltextsearch-deployment.yaml |  4 ++--
 .../nextcloud-aio-imaginary-deployment.yaml   |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  6 +++---
 .../nextcloud-aio-notify-push-deployment.yaml |  4 ++--
 .../nextcloud-aio-onlyoffice-deployment.yaml  |  4 ++--
 .../nextcloud-aio-redis-deployment.yaml       |  4 ++--
 .../nextcloud-aio-talk-deployment.yaml        |  2 +-
 ...xtcloud-aio-talk-recording-deployment.yaml |  2 +-
 .../nextcloud-aio-whiteboard-deployment.yaml  |  2 +-
 nextcloud-aio-helm-chart/update-helm.sh       | 21 +++++++------------
 nextcloud-aio-helm-chart/values.yaml          |  4 ----
 15 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 655faba3..4eda439f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -64,7 +64,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20241106_101604"
+          image: "nextcloud/aio-apache:20241106_101604"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index f42efd77..132e464c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - mkdir
             - "-p"
@@ -36,7 +36,7 @@ spec:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chown
             - 100:100
@@ -53,7 +53,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20241106_101604"
+          image: "nextcloud/aio-clamav:20241106_101604"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index d4148abe..e43aa08a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20241106_101604"
+          image: "nextcloud/aio-collabora:20241106_101604"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f64aa613..710a4718 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - mkdir
             - "-p"
@@ -38,7 +38,7 @@ spec:
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chown
             - 999:999
@@ -62,7 +62,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20241106_101604"
+          image: "nextcloud/aio-postgresql:20241106_101604"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 46c619ab..d87d1c89 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20241106_101604"
+          image: "nextcloud/aio-fulltextsearch:20241106_101604"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 56d2e96a..6535b6a9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20241106_101604"
+          image: "nextcloud/aio-imaginary:20241106_101604"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index ce4d1b2c..6b3f4a17 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: "delete-lost-found"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - rm
             - "-rf"
@@ -36,7 +36,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241106_101604"
+          image: "nextcloud/aio-nextcloud:20241106_101604"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 30cc993c..71ff9987 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20241106_101604"
+          image: "nextcloud/aio-notify-push:20241106_101604"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 98c72392..9c4b48bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -26,7 +26,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20241106_101604"
+          image: "nextcloud/aio-onlyoffice:20241106_101604"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 99191cb5..efcd1656 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20241106_101604"
+          image: "nextcloud/aio-redis:20241106_101604"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 0bc8c706..db2ab85f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20241106_101604"
+          image: "nextcloud/aio-talk:20241106_101604"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4872b391..c5dccf0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20241106_101604"
+          image: "nextcloud/aio-talk-recording:20241106_101604"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 1002e5ca..c374d640 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-whiteboard:20241106_101604"
+          image: "nextcloud/aio-whiteboard:20241106_101604"
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 45586f1c..4ceeb36b 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -62,7 +62,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -71,14 +71,14 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
           volumeMountsInitContainer:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chown
             - 999:999
@@ -88,14 +88,14 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
           volumeMountsInitContainer:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chown
             - 100:100
@@ -105,14 +105,14 @@ EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
         - name: "delete-lost-found"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - rm
             - "-rf"
             - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
         - name: init-volumes
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.ALPINE_IMAGE_ORG }}alpine:3.20"
+          image: "alpine:3.20"
           command:
             - chmod
             - "777"
@@ -289,9 +289,6 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
 
-# shellcheck disable=SC1083
-find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
-
 cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
 {{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
 # https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
@@ -389,10 +386,6 @@ MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'f
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
-
-IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
-NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. It needs a trailing slash!
 ADDITIONAL_CONFIG
 
 mv /tmp/sample.conf ../helm-chart/values.yaml
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 420fb679..1986a5fb 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -69,7 +69,3 @@ MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'f
 MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
 TALK_MAX_STREAM_BITRATE: "1048576"         # This allows to adjust the max stream bitrate of the talk hpb
 TALK_MAX_SCREEN_BITRATE: "2097152"         # This allows to adjust the max stream bitrate of the talk hpb
-
-IMAGE_MIRROR_PREFIX:          # Setting this allows you to pull Nextcloud images through a mirror registry. It needs a trailing slash!
-NEXTCLOUD_IMAGE_ORG: nextcloud          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
-ALPINE_IMAGE_ORG:          # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons. It needs a trailing slash!

From 91913145d9a920cce1740dfe4ea9bf43d1c38c06 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 11:44:16 +0100
Subject: [PATCH 2652/3949] nextcloud: upgrade to 30.0.2

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ce499863..a8a300e6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=29.0.9
+ENV NEXTCLOUD_VERSION=30.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From ceda2d694b549f908062bc7eb5927f3493a5a9b6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 11:55:40 +0100
Subject: [PATCH 2653/3949] increase to 10.0.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f0d7583e..0ec82456 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v9.9.0</h1>
+            <h1>Nextcloud AIO v10.0.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From fc33a7c7fd66dc0e843542e90787cf38eb7a501e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 8 Nov 2024 12:05:22 +0000
Subject: [PATCH 2654/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 5f7b5f0c..fa077c67 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1632,16 +1632,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.14.1",
+            "version": "v3.14.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "f405356d20fb43603bcadc8b09bfb676cb04a379"
+                "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/f405356d20fb43603bcadc8b09bfb676cb04a379",
-                "reference": "f405356d20fb43603bcadc8b09bfb676cb04a379",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a",
+                "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a",
                 "shasum": ""
             },
             "require": {
@@ -1695,7 +1695,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.14.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.14.2"
             },
             "funding": [
                 {
@@ -1707,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-06T18:17:38+00:00"
+            "time": "2024-11-07T12:36:22+00:00"
         }
     ],
     "packages-dev": [

From 019664afc163e16d2003faad312e47ca15880b58 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 14:29:36 +0100
Subject: [PATCH 2655/3949] borgbackup: make logs a bit cleaner if local
 archive is used

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index f86edb01..3c53e5cc 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,9 @@ if [ -n "$BORG_REMOTE_REPO" ] && ! [ -f "$BORGBACKUP_KEY" ]; then
     ssh-keygen  -f "$BORGBACKUP_KEY" -N ""
     echo "You should configure the remote to accept this public key"
 fi
-echo "Your public ssh key for borgbackup is: $(cat "$BORGBACKUP_KEY.pub")"
+if [ -n "$BORG_REMOTE_REPO" ]
+    echo "Your public ssh key for borgbackup is: $(cat "$BORGBACKUP_KEY.pub")"
+fi
 
 # Do the backup
 if [ "$BORG_MODE" = backup ]; then

From 0b3f63bf74402332974abc691617b94e70b10ca1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 14:42:07 +0100
Subject: [PATCH 2656/3949] notify-scripts: add object type and object id

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/notify-all.sh | 2 +-
 Containers/nextcloud/notify.sh     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/notify-all.sh b/Containers/nextcloud/notify-all.sh
index b11130d1..f4dfa0fd 100644
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -20,7 +20,7 @@ mapfile -t NC_USERS <<< "$NC_USERS"
 for user in "${NC_USERS[@]}"
 do
     echo "Posting '$SUBJECT' to: $user"
-    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE" --object-type='update' --object-id="$SUBJECT"
 done
 
 echo "Done!"
diff --git a/Containers/nextcloud/notify.sh b/Containers/nextcloud/notify.sh
index f74ec16b..2ac4ceac 100644
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -28,7 +28,7 @@ done
 for admin in "${NC_ADMIN_USER[@]}"
 do
     echo "Posting '$SUBJECT' to: $admin"
-    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE" --object-type='update' --object-id="$SUBJECT"
 done
 
 echo "Done!"

From ccf445a5d1db93047b2af1b0949fc74158ae6893 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 14:50:35 +0100
Subject: [PATCH 2657/3949] fix the commit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 3c53e5cc..d5fe6e2a 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,7 @@ if [ -n "$BORG_REMOTE_REPO" ] && ! [ -f "$BORGBACKUP_KEY" ]; then
     ssh-keygen  -f "$BORGBACKUP_KEY" -N ""
     echo "You should configure the remote to accept this public key"
 fi
-if [ -n "$BORG_REMOTE_REPO" ]
+if [ -n "$BORG_REMOTE_REPO" ] && [ -f "$BORGBACKUP_KEY.pub" ]; then
     echo "Your public ssh key for borgbackup is: $(cat "$BORGBACKUP_KEY.pub")"
 fi
 

From 45973ef12e883d2c3516fc387fac0a0271cabc7f Mon Sep 17 00:00:00 2001
From: Mihai Coman <mihai.cmn@gmail.com>
Date: Sat, 9 Nov 2024 00:26:05 +0200
Subject: [PATCH 2658/3949] disable domain-validator logs

Explicitly use NONE value for stdout_logfile and stderr_logfile
to disable domain-validator logs.

Accoring to supervisord documentation, if stdout_logfile/stderr_logfile
is unset or set to AUTO, supervisor will automatically choose a file location.
If this is set to NONE, supervisord will create no log file.

Signed-off-by: Mihai Coman <mihai.cmn@gmail.com>
---
 Containers/mastercontainer/supervisord.conf | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index f64c9725..022daa3b 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -58,9 +58,7 @@ user=root
 
 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs
-# stdout_logfile=/dev/stdout
-# stdout_logfile_maxbytes=0
-# stderr_logfile=/dev/stderr
-# stderr_logfile_maxbytes=0
+stdout_logfile=NONE
+stderr_logfile=NONE
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
 user=www-data

From 6431e4dee8aff32e30e19cdfd1ac43d3d3437cf7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 10 Nov 2024 12:02:40 +0000
Subject: [PATCH 2659/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fa077c67..27c1751c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2642,23 +2642,23 @@
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.9.0",
+            "version": "1.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "1fb5ba8d045f5dd984ebded5b1cc66f29459422d"
+                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/1fb5ba8d045f5dd984ebded5b1cc66f29459422d",
-                "reference": "1fb5ba8d045f5dd984ebded5b1cc66f29459422d",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/679e3ce485b99e84c775d28e2e96fade9a7fb50a",
+                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a",
                 "shasum": ""
             },
             "require": {
                 "doctrine/deprecations": "^1.0",
                 "php": "^7.3 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.0",
-                "phpstan/phpdoc-parser": "^1.18"
+                "phpstan/phpdoc-parser": "^1.18|^2.0"
             },
             "require-dev": {
                 "ext-tokenizer": "*",
@@ -2694,9 +2694,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.9.0"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.0"
             },
-            "time": "2024-11-03T20:11:34+00:00"
+            "time": "2024-11-09T15:12:26+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",

From b53e3ebaa60bc62d1c990513fefd5a355a3a2f09 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 04:43:20 +0000
Subject: [PATCH 2660/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-11 to 1.4.1-12.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 81310d2f..5e3adbe8 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-11
+FROM clamav/clamav:1.4.1-12
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 1697f43db38b40dfcd622f5ec123e8f1f0b90f31 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 04:43:24 +0000
Subject: [PATCH 2661/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.0.5-alpine to 3.0.6-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index a6e2a10c..6f98bb86 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.0.5-alpine
+FROM haproxy:3.0.6-alpine
 
 # hadolint ignore=DL3002
 USER root

From 6d51b673fc5d77badaec42c40b2e7dce5f3f658c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Nov 2024 07:18:59 +0100
Subject: [PATCH 2662/3949] adjust additional places

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/supervisord.conf          | 4 ++--
 Containers/mastercontainer/supervisord.conf | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/apache/supervisord.conf b/Containers/apache/supervisord.conf
index d6a93803..7ab935e4 100644
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -9,8 +9,8 @@ logfile_backups=10
 loglevel=error
 
 [program:apache]
-# stdout_logfile=/dev/stdout
-# stdout_logfile_maxbytes=0
+# Stdout logging is disabled as otherwise the logs are spammed
+stdout_logfile=NONE
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND
diff --git a/Containers/mastercontainer/supervisord.conf b/Containers/mastercontainer/supervisord.conf
index 022daa3b..fa5d0845 100644
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -9,16 +9,16 @@ loglevel=error
 user=root
 
 [program:php-fpm]
-# stdout_logfile=/dev/stdout
-# stdout_logfile_maxbytes=0
+# Stdout logging is disabled as otherwise the logs are spammed
+stdout_logfile=NONE
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 user=root
 
 [program:apache]
-# stdout_logfile=/dev/stdout
-# stdout_logfile_maxbytes=0
+# Stdout logging is disabled as otherwise the logs are spammed
+stdout_logfile=NONE
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=httpd -DFOREGROUND

From ce5287d4e2e298d81902be808809a9b7bb53db4c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Nov 2024 08:42:29 +0100
Subject: [PATCH 2663/3949] aio-interface: fix small detail in `Reset backup
 location` section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0ec82456..531ea0d7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -489,8 +489,10 @@
                                             <h3>Reset backup location</h3>
                                             <p>
                                             If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
-                                            {% if borg_remote_repo %}or the remote repo <strong>{{ borg_remote_repo }}</strong> is wrong{% endif %},
-                                            you can reset it by clicking on the button below.
+                                            {% if borg_remote_repo %}
+                                                or the remote repo <strong>{{ borg_remote_repo }}</strong>
+                                            {% endif %}
+                                            is wrong, you can reset it by clicking on the button below.
                                             </p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>

From 875281e48d390c2239886d1dd298ae213718849e Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Mon, 11 Nov 2024 19:44:30 +0100
Subject: [PATCH 2664/3949] build(nextcloud): bump php to 8.3

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 Containers/nextcloud/Dockerfile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a8a300e6..c1b68d95 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.25-fpm-alpine3.20
+FROM php:8.3.13-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G
@@ -78,17 +78,18 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install igbinary-3.2.16; \
+    pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
-    pecl install -D 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
-    pecl install imagick-3.7.0; \
+    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
+    pecl install -o imagick-3.7.0; \
     \
     docker-php-ext-enable \
         igbinary \
         apcu \
         memcached \
         redis \
+        imagick \
     ; \
     rm -r /tmp/pear; \
     \

From aff6aecff688c3033d40072a1235b198e74bffcc Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Mon, 11 Nov 2024 19:46:55 +0100
Subject: [PATCH 2665/3949] build(nextcloud): workaround for imagick php8.3

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 Containers/nextcloud/Dockerfile | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index c1b68d95..6fb9a460 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -13,6 +13,9 @@ ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
+# Define the commit hash for imagick as a variable
+ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
+
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
@@ -82,7 +85,20 @@ RUN set -ex; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
-    pecl install -o imagick-3.7.0; \
+#    pecl install -o imagick-3.7.0; \
+# Begin workaround ->
+# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.
+# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround.
+    apk add --no-cache --virtual .git-build-deps git \
+    && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \
+    && cd /tmp/imagick \
+    && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \
+    && git checkout ${IMAGICK_COMMIT_HASH} \
+    && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \
+    && phpize && ./configure && make && make install; \
+    apk del .git-build-deps; \
+    cd && rm -r /tmp/imagick; \
+# <- End workaround
     \
     docker-php-ext-enable \
         igbinary \

From 816921e2e2105eb9be203e2d472114cd6edbc4a2 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Mon, 11 Nov 2024 21:35:24 +0100
Subject: [PATCH 2666/3949] refactor: extract 'optional containers' to separate
 twig include

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/templates/containers.twig                 | 96 +------------------
 .../includes/optional-containers.twig         | 96 +++++++++++++++++++
 2 files changed, 97 insertions(+), 95 deletions(-)
 create mode 100644 php/templates/includes/optional-containers.twig

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 531ea0d7..cf3f3d62 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -591,102 +591,8 @@
                         {% endif %}
                     {% endif %}
                     {% if is_backup_container_running == false %}
-                        <h2>Optional containers</h2>
-                        <p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
-                        {% if isAnyRunning == true %}
-                            <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
-                        {% else %}
-                            <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
-                        {% endif %}
-                        <form id="options-form" method="POST" action="/api/configuration" class="xhr">
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input type="hidden" name="options-form" value="options-form">
-                            {% if is_clamav_enabled == true %}
-                                <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-                            {% endif %}
-                            {% if is_collabora_enabled == true %}
-                                <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-                            {% endif %}
-                            {% if is_fulltextsearch_enabled == true %}
-                                <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
-                            {% endif %}
-                            {% if is_imaginary_enabled == true %}
-                                <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-                            {% endif %}
-                            {% if is_talk_enabled == true %}
-                                <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-                            {% endif %}
-                            {% if is_talk_recording_enabled == true %}
-                                <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
-                            {% endif %}
-                            {% if is_onlyoffice_enabled == true %}
-                                <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
-                            {% else %}
-                                {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
-                            {% endif %}
-                            {% if is_docker_socket_proxy_enabled == true %}
-                                <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-                            {% endif %}
-                            {% if is_whiteboard_enabled == true %}
-                                <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
-                            {% else %}
-                                <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
-                            {% endif %}
-                            <input id="options-form-submit" type="submit" value="Save changes" />
-                            <script type="text/javascript" src="options-form-submit.js?v2"></script>
-                        </form>
-                        <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
-                        {% if isAnyRunning == true or is_x64_platform == false %}
-                            <script type="text/javascript" src="disable-clamav.js"></script>
-                        {% endif %}
-                        {% if isAnyRunning == true %}
-                            <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
-                            <script type="text/javascript" src="disable-talk.js"></script>
-                            <script type="text/javascript" src="disable-collabora.js"></script>
-                            <script type="text/javascript" src="disable-onlyoffice.js"></script>
-                            <script type="text/javascript" src="disable-imaginary.js"></script>
-                            <script type="text/javascript" src="disable-fulltextsearch.js"></script>
-                            <script type="text/javascript" src="disable-talk-recording.js"></script>
-                            <script type="text/javascript" src="disable-whiteboard.js"></script>
-                        {% endif %}
 
-                        {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
-                            <h3>Collabora dictionaries</h3>
-
-                            {% if collabora_dictionaries == "" %}
-                                <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input type="submit" value="Submit collabora dictionaries" />
-                                </form>
-                                <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
-                            {% else %}
-                                <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
-                                    <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input type="submit" value="Reset collabora dictionaries" />
-                                </form>
-                            {% endif %}
-                        {% endif %}
+                        {{ include('includes/optional-containers.twig') }}
 
                         <h2>Timezone change</h2>
                         {% if isAnyRunning == true %}
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
new file mode 100644
index 00000000..0188c13c
--- /dev/null
+++ b/php/templates/includes/optional-containers.twig
@@ -0,0 +1,96 @@
+<h2>Optional containers</h2>
+<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+{% if isAnyRunning == true %}
+    <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+{% else %}
+    <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
+{% endif %}
+<form id="options-form" method="POST" action="/api/configuration" class="xhr">
+    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+    <input type="hidden" name="options-form" value="options-form">
+    {% if is_clamav_enabled == true %}
+        <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
+    {% endif %}
+    {% if is_collabora_enabled == true %}
+        <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
+    {% endif %}
+    {% if is_fulltextsearch_enabled == true %}
+        <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
+    {% endif %}
+    {% if is_imaginary_enabled == true %}
+        <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
+    {% endif %}
+    {% if is_talk_enabled == true %}
+        <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
+    {% endif %}
+    {% if is_talk_recording_enabled == true %}
+        <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
+    {% endif %}
+    {% if is_onlyoffice_enabled == true %}
+        <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
+    {% else %}
+        {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
+    {% endif %}
+    {% if is_docker_socket_proxy_enabled == true %}
+        <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
+    {% else %}
+        <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
+    {% endif %}
+    {% if is_whiteboard_enabled == true %}
+        <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
+    {% else %}
+        <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
+    {% endif %}
+    <input id="options-form-submit" type="submit" value="Save changes" />
+    <script type="text/javascript" src="options-form-submit.js?v2"></script>
+</form>
+<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+{% if isAnyRunning == true or is_x64_platform == false %}
+    <script type="text/javascript" src="disable-clamav.js"></script>
+{% endif %}
+{% if isAnyRunning == true %}
+    <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
+    <script type="text/javascript" src="disable-talk.js"></script>
+    <script type="text/javascript" src="disable-collabora.js"></script>
+    <script type="text/javascript" src="disable-onlyoffice.js"></script>
+    <script type="text/javascript" src="disable-imaginary.js"></script>
+    <script type="text/javascript" src="disable-fulltextsearch.js"></script>
+    <script type="text/javascript" src="disable-talk-recording.js"></script>
+    <script type="text/javascript" src="disable-whiteboard.js"></script>
+{% endif %}
+
+{% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
+    <h3>Collabora dictionaries</h3>
+
+    {% if collabora_dictionaries == "" %}
+        <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
+        <form method="POST" action="/api/configuration" class="xhr">
+            <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
+            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+            <input type="submit" value="Submit collabora dictionaries" />
+        </form>
+        <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
+    {% else %}
+        <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
+        <form method="POST" action="/api/configuration" class="xhr">
+            <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
+            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+            <input type="submit" value="Reset collabora dictionaries" />
+        </form>
+    {% endif %}
+{% endif %}

From 41c29b90a2dfe77fd7f2f2775c09dc4787fe8b58 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Mon, 11 Nov 2024 22:28:57 +0100
Subject: [PATCH 2667/3949] feat: toggle submit button based on unsaved changes

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 php/public/options-form-submit.js             | 111 +++++------
 .../includes/optional-containers.twig         | 176 +++++++++++++-----
 2 files changed, 180 insertions(+), 107 deletions(-)

diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
index 52f3ca74..35f6e878 100644
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -1,73 +1,60 @@
-function makeOptionsFormSubmitVisible() {
-    let optionsFormSubmit = document.getElementById("options-form-submit");
-    optionsFormSubmit.style.display = 'block';
-}
-
-function handleTalkVisibility() {
-    let talk = document.getElementById("talk");
-    let talkRecording = document.getElementById("talk-recording")
-    if (talk.checked) {
-        talkRecording.disabled = false
-    } else {
-        talkRecording.checked = false
-        talkRecording.disabled = true
-    }
-}
-
-function handleDockerSocketProxyWarning() {
-    let dockerSocketProxy = document.getElementById("docker-socket-proxy");
-    if (dockerSocketProxy.checked) {
-        alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!')
-    }
-}
-
-document.addEventListener("DOMContentLoaded", function(event) {
-    // handle submit button for options form
-    let optionsFormSubmit = document.getElementById("options-form-submit");
+document.addEventListener("DOMContentLoaded", function () {
+    // Hide submit button initially
+    const optionsFormSubmit = document.getElementById("options-form-submit");
     optionsFormSubmit.style.display = 'none';
 
-    // Clamav
-    let clamav = document.getElementById("clamav");
-    clamav.addEventListener('change', makeOptionsFormSubmitVisible);
+    // Store initial states for all checkboxes
+    const initialState = {};
+    const checkboxes = document.querySelectorAll("#options-form input[type='checkbox']");
 
-    // OnlyOffice
-    let onlyoffice = document.getElementById("onlyoffice");
-    if (onlyoffice) {
-        onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+    checkboxes.forEach(checkbox => {
+        initialState[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    // Function to compare current states to initial states
+    function checkForChanges() {
+        let hasChanges = false;
+        
+        checkboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialState[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
     }
 
-    // Collabora
-    let collabora = document.getElementById("collabora");
-    collabora.addEventListener('change', makeOptionsFormSubmitVisible);
+    // Event listener to trigger visibility check on each change
+    checkboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForChanges);
+    });
 
-    // Talk
-    let talk = document.getElementById("talk");
-    talk.addEventListener('change', makeOptionsFormSubmitVisible);
-    talk.addEventListener('change', handleTalkVisibility);
-
-    // Talk-recording
-    let talkRecording = document.getElementById("talk-recording");
-    talkRecording.addEventListener('change', makeOptionsFormSubmitVisible);
-    if (!talk.checked) {
-        talkRecording.disabled = true
+    // Custom behaviors for specific options
+    function handleTalkVisibility() {
+        const talkRecording = document.getElementById("talk-recording");
+        if (document.getElementById("talk").checked) {
+            talkRecording.disabled = false;
+        } else {
+            talkRecording.checked = false;
+            talkRecording.disabled = true;
+        }
+        checkForChanges();  // Check changes after toggling Talk Recording
     }
 
-    // Imaginary
-    let imaginary = document.getElementById("imaginary");
-    imaginary.addEventListener('change', makeOptionsFormSubmitVisible);
-
-    // Fulltextsearch
-    let fulltextsearch = document.getElementById("fulltextsearch");
-    fulltextsearch.addEventListener('change', makeOptionsFormSubmitVisible);
-
-    // Docker socket proxy
-    let dockerSocketProxy = document.getElementById("docker-socket-proxy");
-    if (dockerSocketProxy) {
-        dockerSocketProxy.addEventListener('change', makeOptionsFormSubmitVisible);
-        // dockerSocketProxy.addEventListener('change', handleDockerSocketProxyWarning);
+    function handleDockerSocketProxyWarning() {
+        if (document.getElementById("docker-socket-proxy").checked) {
+            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
+        }
     }
 
-    // Whiteboard
-    let whiteboard = document.getElementById("whiteboard");
-    whiteboard.addEventListener('change', makeOptionsFormSubmitVisible);
+    // Initialize event listeners for specific behaviors
+    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
+    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
+
+    // Initialize talk-recording visibility on page load
+    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
+
+    // Initial call to check for changes
+    checkForChanges();
 });
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 0188c13c..07b12b96 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -9,51 +9,137 @@
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">
-    {% if is_clamav_enabled == true %}
-        <p><input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label></p>
-    {% endif %}
-    {% if is_collabora_enabled == true %}
-        <p><input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label></p>
-    {% endif %}
-    {% if is_fulltextsearch_enabled == true %}
-        <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM. <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable)</label></p>
-    {% endif %}
-    {% if is_imaginary_enabled == true %}
-        <p><input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label></p>
-    {% endif %}
-    {% if is_talk_enabled == true %}
-        <p><input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label></p>
-    {% endif %}
-    {% if is_talk_recording_enabled == true %}
-        <p><input type="checkbox" id="talk-recording" name="talk-recording" checked="checked"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="talk-recording" name="talk-recording"><label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM ~2 additional vCPUs)</label></p>
-    {% endif %}
-    {% if is_onlyoffice_enabled == true %}
-        <p><input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label></p>
-    {% else %}
-        {#<p><input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label></p>#}
-    {% endif %}
-    {% if is_docker_socket_proxy_enabled == true %}
-        <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy" checked="checked"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-    {% else %}
-        <p><input type="checkbox" id="docker-socket-proxy" name="docker-socket-proxy"><label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label></p>
-    {% endif %}
-    {% if is_whiteboard_enabled == true %}
-        <p><input type="checkbox" id="whiteboard" name="whiteboard" checked="checked"><label for="whiteboard">Whiteboard</label></p>
-    {% else %}
-        <p><input type="checkbox" id="whiteboard" name="whiteboard"><label for="whiteboard">Whiteboard</label></p>
-    {% endif %}
+    <p>
+        <input
+            type="checkbox"
+            id="clamav"
+            name="clamav"
+            {% if is_clamav_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="collabora"
+            name="collabora"
+            {% if is_collabora_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="collabora">Collabora (Nextcloud Office)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="fulltextsearch"
+            name="fulltextsearch"
+            {% if is_fulltextsearch_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="fulltextsearch">
+            Fulltextsearch (needs ~1GB additional RAM)
+            {% if is_fulltextsearch_enabled == false %}
+                . <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable
+            {% endif %}
+        </label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="imaginary"
+            name="imaginary"
+            {% if is_imaginary_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="talk"
+            name="talk"
+            {% if is_talk_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="talk-recording"
+            name="talk-recording"
+            {% if is_talk_recording_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="onlyoffice"
+            name="onlyoffice"
+            {% if is_onlyoffice_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="onlyoffice">OnlyOffice</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="docker-socket-proxy"
+            name="docker-socket-proxy"
+            {% if is_docker_socket_proxy_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
+    </p>
+    <p>
+        <input
+            type="checkbox"
+            id="whiteboard"
+            name="whiteboard"
+            {% if is_whiteboard_enabled == true %}
+                checked="checked"
+                data-initial-state="true"
+            {% else %}
+                data-initial-state="false"
+            {% endif %}
+        >
+        <label for="whiteboard">Whiteboard</label>
+    </p>
     <input id="options-form-submit" type="submit" value="Save changes" />
     <script type="text/javascript" src="options-form-submit.js?v2"></script>
 </form>

From 47e0ac7b4dba9049df3aa0920544871f2aaf5f06 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 8 Nov 2024 11:10:01 +0100
Subject: [PATCH 2668/3949] allow to exclude previews from restore upon
 instance restore

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh   | 14 ++++++++++++++
 Containers/nextcloud/entrypoint.sh      |  6 ++++++
 php/containers.json                     |  1 +
 php/src/Controller/DockerController.php |  5 +++++
 php/src/Data/ConfigurationManager.php   |  9 +++++++++
 php/src/Docker/DockerActionManager.php  |  2 ++
 php/templates/containers.twig           |  3 ++-
 7 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d5fe6e2a..66e505e7 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -320,6 +320,13 @@ if [ "$BORG_MODE" = restore ]; then
     fi
     echo "Restoring '$SELECTED_ARCHIVE'..."
 
+    # Exclude previews from restore if selected to speed up process
+    ADDITIONAL_RSYNC_EXCLUDES=()
+    if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
+        ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/appdata_*/preview/**")
+        echo "Excluding previews from restore"
+    fi
+
     # Save Additional Backup dirs
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories" ]; then
         ADDITIONAL_BACKUP_DIRECTORIES="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories)"
@@ -365,6 +372,7 @@ if [ "$BORG_MODE" = restore ]; then
         --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
         --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
         --exclude "nextcloud_aio_mastercontainer/session/**" \
+        "${ADDITIONAL_RSYNC_EXCLUDES[@]}" \
         /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
             RESTORE_FAILED=1
             echo "Something failed while restoring from backup."
@@ -488,6 +496,12 @@ if [ "$BORG_MODE" = restore ]; then
     touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
     chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
 
+    # Add file to Netcloud container to trigger a preview scan the next time it starts
+    if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
+        touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/trigger-preview.scan"
+        chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/trigger-preview.scan"
+    fi
+
     # Delete redis cache
     rm -f "/mnt/redis/dump.rdb"
 fi
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 24bae727..419401cd 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -495,6 +495,12 @@ if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
     rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi
 
+# Perform preview scan if previews were excluded from restore
+if [ -f "$NEXTCLOUD_DATA_DIR/trigger-preview.scan" ]; then
+    php /var/www/html/occ files:scan-app-data preview -vvv
+    rm "$NEXTCLOUD_DATA_DIR/trigger-preview.scan"
+fi
+
 # AIO one-click settings start # Do not remove or change this line!
 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
diff --git a/php/containers.json b/php/containers.json
index 60047776..bf5ae3e9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -477,6 +477,7 @@
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
+        "RESTORE_EXCLUDE_PREVIEWS=%RESTORE_EXCLUDE_PREVIEWS%",
         "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
         "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 840985f8..f040e169 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -113,6 +113,11 @@ readonly class DockerController {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
+        if (isset($request->getParsedBody()['restore-exclude-previews'])) {
+            $config['restore-exclude-previews'] = 1;
+        } else {
+            $config['restore-exclude-previews'] = '';
+        }
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 69f59d5c..3c54b1b1 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -427,6 +427,15 @@ class ConfigurationManager
         return $config['selected-restore-time'];
     }
 
+    public function GetRestoreExcludePreviews() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['restore-exclude-previews'])) {
+            $config['restore-exclude-previews'] = '';
+        }
+
+        return $config['restore-exclude-previews'];
+    }
+
     public function GetAIOURL() : string {
         $config = $this->GetConfig();
         if(!isset($config['AIO_URL'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 89385a11..29866965 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -273,6 +273,8 @@ readonly class DockerActionManager {
                     $replacements[1] = $this->configurationManager->GetAIOURL();
                 } elseif ($out[1] === 'SELECTED_RESTORE_TIME') {
                     $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
+                } elseif ($out[1] === 'RESTORE_EXCLUDE_PREVIEWS') {
+                    $replacements[1] = $this->configurationManager->GetRestoreExcludePreviews();
                 } elseif ($out[1] === 'APACHE_PORT') {
                     $replacements[1] = $this->configurationManager->GetApachePort();
                 } elseif ($out[1] === 'TALK_PORT') {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 531ea0d7..b2640b40 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -168,7 +168,8 @@
                                                 {% for restore_time in backup_times %}
                                                     <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
                                                 {% endfor %}
-                                            </select>
+                                            </select><br>
+                                            <input type="checkbox" id="restore-exclude-previews" name="restore-exclude-previews"><label for="restore-exclude-previews">Exclude previews from restore which will speed up the restore process but will trigger a scan of the preview folder as soon as the Nextcloud container starts the next time</label><br>
                                             <input type="submit" value="Restore selected backup"/>
                                         </form>
                                     {% endif %}

From af3f00c3ccfdfd6030da6321cd40c3a6607eb9ab Mon Sep 17 00:00:00 2001
From: Tim Diels <tim@diels.me>
Date: Mon, 11 Nov 2024 14:48:08 +0100
Subject: [PATCH 2669/3949] Allow to exclude previews from restore in the
 remote case too

Signed-off-by: Tim Diels <tim@diels.me>
---
 Containers/borgbackup/backupscript.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 66e505e7..7dfe8431 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -322,8 +322,13 @@ if [ "$BORG_MODE" = restore ]; then
 
     # Exclude previews from restore if selected to speed up process
     ADDITIONAL_RSYNC_EXCLUDES=()
+    ADDITIONAL_BORG_EXCLUDES=()
+    ADDITIONAL_FIND_EXCLUDES=()
     if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
+        # Keep these 3 in sync. Beware, the pattern syntax and the paths differ
         ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/appdata_*/preview/**")
+        ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/**")
+        ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_[^/]*/preview\(/.*\)?')
         echo "Excluding previews from restore"
     fi
 
@@ -399,7 +404,7 @@ if [ "$BORG_MODE" = restore ]; then
         #
         # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
         cd /  # borg extract has no destination arg and extracts to CWD
-        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes --pattern '+nextcloud_aio_volumes/**'
+        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
         then
             RESTORE_FAILED=1
             echo "Failed to extract backup archive."
@@ -407,9 +412,10 @@ if [ "$BORG_MODE" = restore ]; then
             # Delete files/dirs present locally, but not in the backup archive, excluding conf files
             # https://unix.stackexchange.com/a/759341
             # This comm does not support -z, but I doubt any file names would have \n in them
-            echo "Deleting local files which do not exist in the backup"
+            #
             # These find patterns need to be kept in sync with the borg_excludes file and the rsync excludes in this
             # file, which use a different syntax (patterns appear in 3 places in total)
+            echo "Deleting local files which do not exist in the backup"
             if ! find nextcloud_aio_volumes \
                     -not \( \
                         -path nextcloud_aio_volumes/nextcloud_aio_apache/caddy \
@@ -425,6 +431,7 @@ if [ "$BORG_MODE" = restore ]; then
                         -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \
                         -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \
                         -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \
+                        "${ADDITIONAL_FIND_EXCLUDES[@]}" \
                     \) \
                     | LC_ALL=C sort \
                     | LC_ALL=C comm -23 - \

From 96f3dc7ab36ec6b8e0889a5420080d6ad030bb52 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 12 Nov 2024 13:05:53 +0000
Subject: [PATCH 2670/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 27c1751c..14394592 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2578,16 +2578,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.5.1",
+            "version": "5.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "0c70d2c566e899666f367ab7b80986beb3581e6f"
+                "reference": "f3558a4c23426d12bffeaab463f8a8d8b681193c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/0c70d2c566e899666f367ab7b80986beb3581e6f",
-                "reference": "0c70d2c566e899666f367ab7b80986beb3581e6f",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/f3558a4c23426d12bffeaab463f8a8d8b681193c",
+                "reference": "f3558a4c23426d12bffeaab463f8a8d8b681193c",
                 "shasum": ""
             },
             "require": {
@@ -2596,7 +2596,7 @@
                 "php": "^7.4 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.2",
                 "phpdocumentor/type-resolver": "^1.7",
-                "phpstan/phpdoc-parser": "^1.7",
+                "phpstan/phpdoc-parser": "^1.7|^2.0",
                 "webmozart/assert": "^1.9.1"
             },
             "require-dev": {
@@ -2636,9 +2636,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.5.1"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.0"
             },
-            "time": "2024-11-06T11:58:54+00:00"
+            "time": "2024-11-12T11:25:25+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -2700,30 +2700,30 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "1.33.0",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "82a311fd3690fb2bf7b64d5c98f912b3dd746140"
+                "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/82a311fd3690fb2bf7b64d5c98f912b3dd746140",
-                "reference": "82a311fd3690fb2bf7b64d5c98f912b3dd746140",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/c00d78fb6b29658347f9d37ebe104bffadf36299",
+                "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.2 || ^8.0"
+                "php": "^7.4 || ^8.0"
             },
             "require-dev": {
                 "doctrine/annotations": "^2.0",
-                "nikic/php-parser": "^4.15",
+                "nikic/php-parser": "^5.3.0",
                 "php-parallel-lint/php-parallel-lint": "^1.2",
                 "phpstan/extension-installer": "^1.0",
-                "phpstan/phpstan": "^1.5",
-                "phpstan/phpstan-phpunit": "^1.1",
-                "phpstan/phpstan-strict-rules": "^1.0",
-                "phpunit/phpunit": "^9.5",
+                "phpstan/phpstan": "^2.0",
+                "phpstan/phpstan-phpunit": "^2.0",
+                "phpstan/phpstan-strict-rules": "^2.0",
+                "phpunit/phpunit": "^9.6",
                 "symfony/process": "^5.2"
             },
             "type": "library",
@@ -2741,9 +2741,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/1.33.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.0"
             },
-            "time": "2024-10-13T11:25:22+00:00"
+            "time": "2024-10-13T11:29:49+00:00"
         },
         {
             "name": "sebastian/diff",

From 16e4f41ca78554300b85dda7fa1089bc282c3866 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 12 Nov 2024 15:08:05 +0100
Subject: [PATCH 2671/3949] increase to v3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 07b12b96..f44a87cc 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -141,7 +141,7 @@
         <label for="whiteboard">Whiteboard</label>
     </p>
     <input id="options-form-submit" type="submit" value="Save changes" />
-    <script type="text/javascript" src="options-form-submit.js?v2"></script>
+    <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true or is_x64_platform == false %}

From 2a3438fd564664cadb0e7e1ec82d79c1a921f776 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Tue, 12 Nov 2024 15:30:22 +0100
Subject: [PATCH 2672/3949] build: add imagick commit hash to update workflow

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 .github/workflows/nextcloud-update.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 4812a68c..e4750c2a 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -51,7 +51,7 @@ jobs:
         
         # Imagick
         imagick_version="$(
-          git ls-remote --tags https://github.com/Imagick/imagick.git \
+          git ls-remote --tags https://github.com/imagick/imagick.git \
             | cut -d/ -f3 \
             | grep -viE '[a-z]' \
             | tr -d '^{}' \
@@ -60,6 +60,12 @@ jobs:
         )"
         sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile
 
+        # Imagick git-commit-hash from HEAD
+        imagick_commit_hash="$(
+          git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}'
+        )"
+        sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile
+
         # Igbinary
         igbinary_version="$(
           git ls-remote --tags https://github.com/igbinary/igbinary.git \

From ed281740204ed419a573fced3303515d5f9f550c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 12 Nov 2024 16:04:51 +0100
Subject: [PATCH 2673/3949] nextcloud dockerfile: fix small mistake with
 imagick

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 6fb9a460..6465c893 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -105,7 +105,6 @@ RUN set -ex; \
         apcu \
         memcached \
         redis \
-        imagick \
     ; \
     rm -r /tmp/pear; \
     \

From f7de6f6704bde77cd0f0753a42fa3d078d566ecc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 12 Nov 2024 17:48:17 +0100
Subject: [PATCH 2674/3949] readme: put steps how to do a remote borg backup
 into details tag

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index fac0235b..57f339ec 100644
--- a/readme.md
+++ b/readme.md
@@ -394,8 +394,6 @@ If you connect an external drive to your host, and choose the backup directory t
 <details>
 <summary>How to do the above step for step</summary>
 
-<br>
-
 1. Mount an external/backup HDD to the host OS using the built-in functionality or udev rules or whatever way you prefer. (E.g. follow this video: https://www.youtube.com/watch?v=2lSyX4D3v_s) and mount the drive in best case in `/mnt/backup`.
 2. If not already done, fire up the docker container and set up Nextcloud as per the guide.
 3. Now open the AIO interface.
@@ -406,12 +404,17 @@ If you connect an external drive to your host, and choose the backup directory t
 
 If you want to back up directly to a remote borg repository:
 
+<details>
+<summary>How to do the above step for step</summary>
+
 1. Create your borg repository at the remote. Note down the repository URL for later.
 2. Open the AIO interface
 3. Under backup section, leave the local path blank and fill in the url to your borg repository that you noted down earlier.
 4. Click on `Create backup`, this will create an ssh key pair and fail because the remote doesn't trust this key yet. Copy the public key shown in AIO and add it to your authorized keys on the remote.
 5. Try again to create a backup, this time it should succeed.
 
+</details>
+
 Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore selected backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 
 
 The backups themselves get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.

From 5bdfa2466dd8640e19a742d8c51f15441220e3be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 13 Nov 2024 18:53:38 +0100
Subject: [PATCH 2675/3949] borgbackup: improve testing backup upon instance
 restore

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 7dfe8431..dda0504c 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -572,12 +572,18 @@ if [ "$BORG_MODE" = test ]; then
         fi
     fi
 
-    if ! borg list; then
+    if ! borg list >/dev/null; then
         echo "The entered path seems to be valid but could not open the backup archive."
         echo "Most likely the entered password was wrong so please adjust it accordingly!"
         exit 1
     else
-        echo "Everything looks fine so feel free to continue!"
-        exit 0
+        if ! borg list | grep "nextcloud-aio"; then
+            echo "The backup archive does not contain a valid Nextcloud AIO backup."
+            echo "Most likely was the archive not created via Nextcloud AIO."
+            exit 1
+        else
+            echo "Everything looks fine so feel free to continue!"
+            exit 0
+        fi
     fi
 fi

From 8dbe597ac06aebacf1a4d45065a2ada46c5275bd Mon Sep 17 00:00:00 2001
From: JMarcosHP <jehuherrerap@hotmail.com>
Date: Wed, 13 Nov 2024 13:39:53 -0600
Subject: [PATCH 2676/3949] Fix some typos.

Signed-off-by: JMarcosHP <jehuherrerap@hotmail.com>
---
 Containers/mastercontainer/start.sh    | 2 +-
 compose.yaml                           | 2 +-
 php/templates/includes/aio-config.twig | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 7dc94809..687651e2 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -137,7 +137,7 @@ It is set to '$NEXTCLOUD_DATADIR'."
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
     if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
-        print_red "You've set NEXCLOUD_MOUNT but not to an allowed value.
+        print_red "You've set NEXTCLOUD_MOUNT but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_MOUNT'."
         exit 1
diff --git a/compose.yaml b/compose.yaml
index 438bba6a..31dfbc36 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -25,7 +25,7 @@ services:
       # NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
-      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
       # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 718c1844..96877e06 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,7 +1,7 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary>
     {% if was_start_button_clicked == true %}
-        <p>Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
+        <p>Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
         <p>You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
     {% endif %}
 
@@ -18,7 +18,7 @@
         {% if nextcloud_mount == '' %}
             The Nextcloud container is confied and local external storage in Nextcloud is disabled.
         {% else %}
-            The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
+            The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
         {% endif %}
         See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
 

From 92488b14123df89e66f2fb988d9a2c98c685e786 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Fri, 15 Nov 2024 11:36:56 -0800
Subject: [PATCH 2677/3949] Update readme.md

Solves issue #5602

Signed-off-by: Lance <Gero3977@gmail.com>
---
 community-containers/local-ai/readme.md | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index f0c7ea0f..2ab05996 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -3,20 +3,12 @@ This container bundles Local AI and auto-configures it for you.
 
 ### Notes
 - Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
-- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
+- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/mudler/LocalAI/blob/master/gallery/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml
 # Stable Diffusion in NCNN with c++, supported txt2img and img2img 
-- url: github:go-skynet/model-gallery/stablediffusion.yaml
+- url: github:mudler/LocalAI/blob/master/gallery/stablediffusion.yaml
   name: Stable_diffusion
-
-# Port of OpenAI's Whisper model in C/C++ 
-- url: github:go-skynet/model-gallery/whisper-base.yaml
-  name: whisper-1
-
-# A commercially licensable model based on GPT-J and trained by Nomic AI on the v0 GPT4All dataset.
-- url: github:go-skynet/model-gallery/gpt4all-j.yaml
-  name: gpt4all-j
 ```
 -  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.
 - See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed

From 41e30b7c46f4a5c9b37cde883e759c5e2dd62e9d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 20 Nov 2024 12:09:00 +0100
Subject: [PATCH 2678/3949] adjust wording for domain in subdir section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 57f339ec..9d9f9571 100644
--- a/readme.md
+++ b/readme.md
@@ -285,7 +285,7 @@ No and it will not be added. However you can use [this feature](https://github.c
 No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
 Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.

From f1e78683680e1e61ebddfe7d03086f560b614572 Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Wed, 20 Nov 2024 14:24:35 +0300
Subject: [PATCH 2679/3949] allowed read/write/exec of files for AppAPI for
 ExApps containers

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 66a0c594..601b465f 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -22,7 +22,12 @@ frontend http
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
     # container rm: DELETE containers/%s
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-
+    # container update/exec: POST containers/%s/update containers/%s/exec
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((update)|(exec)) } METH_POST
+    # container put: PUT containers/%s/archive
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/archive } METH_PUT
+    # run exec instance: POST exec/%s
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec/[a-zA-Z0-9_.-]+/start } METH_POST
 
     # container create: POST containers/create?name=%s
     # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+

From 744e087192d796897c783e34005e0cea4dfb6101 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 19 Nov 2024 16:03:42 +0100
Subject: [PATCH 2680/3949] change default upload limit to 16G as recommended
 in the docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/clamav.conf           | 6 +++---
 Containers/clamav/start.script          | 2 +-
 Containers/nextcloud/Dockerfile         | 2 +-
 compose.yaml                            | 2 +-
 manual-install/sample.conf              | 4 ++--
 manual-install/update-yaml.sh           | 4 ++--
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 nextcloud-aio-helm-chart/values.yaml    | 4 ++--
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 10 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf
index 0b781bd3..b32636ba 100644
--- a/Containers/clamav/clamav.conf
+++ b/Containers/clamav/clamav.conf
@@ -1,5 +1,5 @@
 # AIO settings
 MaxDirectoryRecursion 30
-MaxFileSize 10G
-PCREMaxFileSize 10G
-StreamMaxLength 10G
+MaxFileSize 16G
+PCREMaxFileSize 16G
+StreamMaxLength 16G
diff --git a/Containers/clamav/start.script b/Containers/clamav/start.script
index c9a530ab..da228462 100644
--- a/Containers/clamav/start.script
+++ b/Containers/clamav/start.script
@@ -1,4 +1,4 @@
 # Adjust settings
 cat /etc/clamav/clamd.conf > /tmp/clamd.conf
-CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)"
+CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)"
 echo "$CLAMAV_FILE" >> /tmp/clamd.conf
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 6465c893..cc734dcd 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -2,7 +2,7 @@
 FROM php:8.3.13-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
-ENV PHP_UPLOAD_LIMIT=10G
+ENV PHP_UPLOAD_LIMIT=16G
 ENV PHP_MAX_TIME=3600
 ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
diff --git a/compose.yaml b/compose.yaml
index 438bba6a..a1fb72b2 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -22,7 +22,7 @@ services:
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index e75f5b1e..64d360af 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -22,7 +22,7 @@ TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enabl
 WHITEBOARD_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
-APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
@@ -35,7 +35,7 @@ NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limi
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
-NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
+NEXTCLOUD_UPLOAD_LIMIT=16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 68600f8a..372da72f 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -78,9 +78,9 @@ sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
-sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=16G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container|' sample.conf
-sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
+sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 4ceeb36b..91757035 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -352,7 +352,7 @@ sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
-sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
+sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 1986a5fb..50ff3b16 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -21,7 +21,7 @@ TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the op
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 WHITEBOARD_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
-APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_MAX_SIZE: "17179869184"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
@@ -32,7 +32,7 @@ NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
-NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
+NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3c54b1b1..3a1e053d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -669,7 +669,7 @@ class ConfigurationManager
     public function GetNextcloudUploadLimit() : string {
         $envVariableName = 'NEXTCLOUD_UPLOAD_LIMIT';
         $configName = 'nextcloud_upload_limit';
-        $defaultValue = '10G';
+        $defaultValue = '16G';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
diff --git a/readme.md b/readme.md
index 57f339ec..4e5e3f3b 100644
--- a/readme.md
+++ b/readme.md
@@ -699,7 +699,7 @@ Be aware though that these locations will not be covered by the built-in backup
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
-By default, public uploads to Nextcloud are limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.
+By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
 
 ### How to adjust the max execution time for Nextcloud?
 By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.

From fa39a08914c08ff03e1ec100b0ced187ed9be18e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 14:50:44 +0100
Subject: [PATCH 2681/3949] adjust order and naming of options for
 issue-template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index bb669bb6..c4c902e2 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -3,12 +3,12 @@ contact_links:
     - name: 💡 Suggest a new feature or discuss one
       url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
       about: For new feature requests and discussion of existing ones
-    - name: ❓ Questions on AIO
-      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
-      about: For questions regarding AIO
-    - name: ⛑️ Community Support and Help
+    - name: ⛑️ General questions and support
       url: https://help.nextcloud.com/tag/aio
-      about: For other types of questions
+      about: For general questions, support and help
+    - name: ❓ Questions about Nextcloud AIO
+      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
+      about: For questions specifically about AIO
     - name: 💼 Nextcloud Enterprise
       url: https://portal.nextcloud.com/
       about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
\ No newline at end of file

From ed04fd8cbda344acd36b4ba9cc6c7d056af1a3f1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 14:56:40 +0100
Subject: [PATCH 2682/3949] improve the description of the bug report

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index b7808e1c..430f5c89 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,6 +1,6 @@
 ---
-name: 🐛 Bug report
-about: Help us improving by reporting a bug
+name: 🐛 Bug report - this is **not** for questions and support!
+about: Help us improving by reporting a bug - this is **not** for questions and support! Please use one of the options below for questions and support
 labels: 0. Needs triage
 ---
 

From e3019164d8b3c0aba910993585175cbfd7396f6b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 14:57:37 +0100
Subject: [PATCH 2683/3949] adjust formatting

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 430f5c89..11629baf 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,6 +1,6 @@
 ---
-name: 🐛 Bug report - this is **not** for questions and support!
-about: Help us improving by reporting a bug - this is **not** for questions and support! Please use one of the options below for questions and support
+name: 🐛 Bug report - this is not for questions and support!
+about: Help us improving by reporting a bug - this is not for questions and support! Please use one of the options below for questions and support
 labels: 0. Needs triage
 ---
 

From cad80a0ba39f354f182ae5ccad1492885a355309 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 14:59:22 +0100
Subject: [PATCH 2684/3949] further improve it

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 11629baf..c4d25e6d 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,6 +1,6 @@
 ---
-name: 🐛 Bug report - this is not for questions and support!
-about: Help us improving by reporting a bug - this is not for questions and support! Please use one of the options below for questions and support
+name: 🐛 Bug report - no questions and no support!
+about: Help us improving by reporting a bug - this category is not for questions and also not for support! Please use one of the options below for questions and support
 labels: 0. Needs triage
 ---
 

From f588b85f0a9712957eb6d7aa9f503374a0682fe4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 15:16:07 +0100
Subject: [PATCH 2685/3949] another re-order

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index c4c902e2..e50507ae 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,11 +1,11 @@
 blank_issues_enabled: false
 contact_links:
-    - name: 💡 Suggest a new feature or discuss one
-      url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
-      about: For new feature requests and discussion of existing ones
     - name: ⛑️ General questions and support
       url: https://help.nextcloud.com/tag/aio
       about: For general questions, support and help
+    - name: 💡 Suggest a new feature or discuss one
+      url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
+      about: For new feature requests and discussion of existing ones
     - name: ❓ Questions about Nextcloud AIO
       url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
       about: For questions specifically about AIO

From cf6adc10753d0dd1906521a937ab33bf0e5e7394 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 15 Nov 2024 16:52:55 +0100
Subject: [PATCH 2686/3949] helm: refactor securityContext to support
 restricted pod security standard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml                     |   1 -
 .../nextcloud-aio-apache-deployment.yaml      |  38 +++---
 .../nextcloud-aio-clamav-deployment.yaml      |  46 ++++---
 .../nextcloud-aio-collabora-deployment.yaml   |   7 +-
 .../nextcloud-aio-database-deployment.yaml    |  52 ++++----
 ...xtcloud-aio-fulltextsearch-deployment.yaml |   8 +-
 .../nextcloud-aio-imaginary-deployment.yaml   |  26 +++-
 .../nextcloud-aio-nextcloud-deployment.yaml   |  46 ++++++-
 .../nextcloud-aio-notify-push-deployment.yaml |  35 +++---
 .../nextcloud-aio-onlyoffice-deployment.yaml  |   6 +-
 .../nextcloud-aio-redis-deployment.yaml       |  35 +++---
 .../nextcloud-aio-talk-deployment.yaml        |  25 +++-
 ...xtcloud-aio-talk-recording-deployment.yaml |  25 +++-
 .../nextcloud-aio-whiteboard-deployment.yaml  |  25 +++-
 nextcloud-aio-helm-chart/update-helm.sh       | 113 ++++++++++++++----
 php/containers.json                           |   1 -
 16 files changed, 337 insertions(+), 152 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 90c197b8..571c9a7e 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -202,7 +202,6 @@ services:
 
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
-    user: "100"
     init: true
     expose:
       - "9980"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4eda439f..7cf78bf0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -23,19 +23,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
-      initContainers:
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-nextcloud
-            - /nextcloud-aio-apache
-          volumeMounts:
-            - name: nextcloud-aio-apache
-              mountPath: /nextcloud-aio-apache
-            - name: nextcloud-aio-nextcloud
-              mountPath: /nextcloud-aio-nextcloud
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 33
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 33
+        runAsGroup: 33
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: ADDITIONAL_TRUSTED_DOMAIN
@@ -64,7 +63,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: "nextcloud/aio-apache:20241106_101604"
+          image: nextcloud/aio-apache:20241106_101604
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
@@ -72,12 +71,15 @@ spec:
             - containerPort: {{ .Values.APACHE_PORT }}
               protocol: UDP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 33
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 132e464c..ea3b379f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -24,6 +24,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 100
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 100
+        runAsGroup: 100
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       initContainers:
         - name: init-subpath
           image: "alpine:3.20"
@@ -31,20 +43,19 @@ spec:
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
-            - /nextcloud-aio-clamav
-          volumeMounts:
-            - name: nextcloud-aio-clamav
-              mountPath: /nextcloud-aio-clamav
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chown
-            - 100:100
-            - "-R"
-            - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
               mountPath: /nextcloud-aio-clamav
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
       containers:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
@@ -53,18 +64,21 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-clamav:20241106_101604"
+          image: nextcloud/aio-clamav:20241106_101604
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 100
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /var/lib/clamav
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index e43aa08a..c74355cd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,19 +36,14 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "nextcloud/aio-collabora:20241106_101604"
+          image: nextcloud/aio-collabora:20241106_101604
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
               protocol: TCP
           securityContext:
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
               add:
                 - MKNOD
                 - SYS_ADMIN
-              drop:
-                - NET_RAW
-            runAsUser: 100
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 710a4718..fc547697 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -23,6 +23,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 999
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 999
+        runAsGroup: 999
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       initContainers:
         - name: init-subpath
           image: "alpine:3.20"
@@ -30,26 +42,19 @@ spec:
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
-            - /nextcloud-aio-database
-            - /nextcloud-aio-database-dump
           volumeMounts:
-            - name: nextcloud-aio-database-dump
-              mountPath: /nextcloud-aio-database-dump
-            - name: nextcloud-aio-database
-              mountPath: /nextcloud-aio-database
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chown
-            - 999:999
-            - "-R"
-            - /nextcloud-aio-database
-            - /nextcloud-aio-database-dump
-          volumeMounts:
-            - name: nextcloud-aio-database-dump
-              mountPath: /nextcloud-aio-database-dump
             - name: nextcloud-aio-database
               mountPath: /nextcloud-aio-database
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
       containers:
         - env:
             - name: PGTZ
@@ -62,18 +67,21 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-postgresql:20241106_101604"
+          image: nextcloud/aio-postgresql:20241106_101604
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 999
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index d87d1c89..fdd5ca08 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,17 +56,11 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "nextcloud/aio-fulltextsearch:20241106_101604"
+          image: nextcloud/aio-fulltextsearch:20241106_101604
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
               protocol: TCP
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
-            capabilities:
-              drop:
-                - NET_RAW
           volumeMounts:
             - mountPath: /usr/share/elasticsearch/data
               name: nextcloud-aio-elasticsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6535b6a9..a37a9d00 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -22,24 +22,38 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 65534
+        runAsGroup: 65534
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: IMAGINARY_SECRET
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-imaginary:20241106_101604"
+          image: nextcloud/aio-imaginary:20241106_101604
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
               add:
-                - SYS_NICE
-              drop:
-                - NET_RAW
-            runAsUser: 65534
+                - NET_BIND_SERVICE
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6b3f4a17..6dcf9520 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,6 +23,20 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
+      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 33
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 33
+        runAsGroup: 33
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
+      {{- end }} # AIO-config - do not change this comment!
       initContainers:
         - name: "delete-lost-found"
           image: "alpine:3.20"
@@ -35,6 +49,19 @@ spec:
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
+        {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
+        {{- end }} # AIO-config - do not change this comment!
+# AIO settings start # Do not remove or change this line!
         - name: init-volumes
           image: "alpine:3.20"
           command:
@@ -47,6 +74,7 @@ spec:
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
+# AIO settings end # Do not remove or change this line!
       containers:
         - env:
             - name: SMTP_HOST
@@ -173,17 +201,25 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: "nextcloud/aio-nextcloud:20241106_101604"
+          image: nextcloud/aio-nextcloud:20241106_101604
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
+          {{- end }} # AIO-config - do not change this comment!
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
               protocol: TCP
             - containerPort: 9001
               protocol: TCP
-          securityContext:
-            capabilities:
-              drop:
-                - NET_RAW
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 71ff9987..086ebd5b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -23,16 +23,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
-      initContainers:
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-nextcloud
-          volumeMounts:
-            - name: nextcloud-aio-nextcloud
-              mountPath: /nextcloud-aio-nextcloud
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 33
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 33
+        runAsGroup: 33
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: NC_DOMAIN
@@ -53,18 +55,21 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "nextcloud/aio-notify-push:20241106_101604"
+          image: nextcloud/aio-notify-push:20241106_101604
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 33
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9c4b48bb..9a69e660 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,15 +44,11 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-onlyoffice:20241106_101604"
+          image: nextcloud/aio-onlyoffice:20241106_101604
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
               protocol: TCP
-          securityContext:
-            capabilities:
-              drop:
-                - NET_RAW
           volumeMounts:
             - mountPath: /var/lib/onlyoffice
               name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index efcd1656..3acd1e05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -23,34 +23,39 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
-      initContainers:
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chmod
-            - "777"
-            - /nextcloud-aio-redis
-          volumeMounts:
-            - name: nextcloud-aio-redis
-              mountPath: /nextcloud-aio-redis
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 999
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 999
+        runAsGroup: 999
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-redis:20241106_101604"
+          image: nextcloud/aio-redis:20241106_101604
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 999
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index db2ab85f..c09b6758 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -22,6 +22,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 1000
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: TALK_MAX_STREAM_BITRATE
@@ -42,7 +54,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-talk:20241106_101604"
+          image: nextcloud/aio-talk:20241106_101604
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
@@ -52,10 +64,13 @@ spec:
             - containerPort: 8081
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 1000
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c5dccf0e..62289b01 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -22,6 +22,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 122
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 122
+        runAsGroup: 122
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: INTERNAL_SECRET
@@ -32,16 +44,19 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-talk-recording:20241106_101604"
+          image: nextcloud/aio-talk-recording:20241106_101604
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 122
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index c374d640..1b9da32c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -22,6 +22,18 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: 65534
+        runAsGroup: 65534
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
       containers:
         - env:
             - name: JWT_SECRET_KEY
@@ -36,16 +48,19 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "nextcloud/aio-whiteboard:20241106_101604"
+          image: nextcloud/aio-whiteboard:20241106_101604
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002
               protocol: TCP
           securityContext:
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             capabilities:
-              drop:
-                - NET_RAW
-            runAsUser: 65534
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 4ceeb36b..07ed989c 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -50,6 +50,11 @@ yq -i 'del(.services.[].profiles)' latest.yml
 # Delete read_only and tmpfs setting while https://github.com/kubernetes/kubernetes/issues/48912 is not fixed
 yq -i 'del(.services.[].read_only)' latest.yml
 yq -i 'del(.services.[].tmpfs)' latest.yml
+# Remove cap_drop in order to add it later again easier
+yq -i 'del(.services.[].cap_drop)' latest.yml
+# Remove SYS_NICE for imaginary as it is not supported with RPSS
+sed -i "s|- SYS_NICE$|- NET_BIND_SERVICE|" latest.yml
+
 cat latest.yml
 kompose convert -c -f latest.yml --namespace nextcloud-aio-namespace
 cd latest
@@ -76,14 +81,10 @@ cat << EOL > /tmp/initcontainers.database
             - mkdir
             - "-p"
             - /nextcloud-aio-database/data
-          volumeMountsInitContainer:
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chown
-            - 999:999
-            - "-R"
-          volumeMountsInitContainer:
+          volumeMounts:
+            - name: nextcloud-aio-database
+              mountPath: /nextcloud-aio-database
+          securityContext:
 EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
@@ -93,14 +94,10 @@ cat << EOL > /tmp/initcontainers.clamav
             - mkdir
             - "-p"
             - /nextcloud-aio-clamav/data
-          volumeMountsInitContainer:
-        - name: init-volumes
-          image: "alpine:3.20"
-          command:
-            - chown
-            - 100:100
-            - "-R"
-          volumeMountsInitContainer:
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
+          securityContext:
 EOL
 cat << EOL > /tmp/initcontainers.nextcloud
       initContainers:
@@ -111,13 +108,19 @@ cat << EOL > /tmp/initcontainers.nextcloud
             - "-rf"
             - "/nextcloud-aio-nextcloud/lost+found"
           volumeMountsInitRmLostFound:
+        {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          securityContext:
+        {{- end }} # AIO-config - do not change this comment!
+# AIO settings start # Do not remove or change this line!
         - name: init-volumes
           image: "alpine:3.20"
           command:
             - chmod
             - "777"
           volumeMountsInitContainer:
+# AIO settings end # Do not remove or change this line!
 EOL
+
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
@@ -129,7 +132,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
             sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
         elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
             sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
-        else
+        elif echo "$variable" | grep -q "fulltextsearch" || echo "$variable" | grep -q "onlyoffice" || echo "$variable" | grep -q "collabora"; then
             sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
@@ -161,6 +164,39 @@ for variable in "${DEPLOYMENTS[@]}"; do
             done
         fi
     fi
+    if grep -q runAsUser "$variable" || echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+        if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+            USER=33
+            GROUP=33
+            echo '      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
+        else
+            USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
+            GROUP="$USER"
+            rm -f /tmp/pod.securityContext
+        fi
+        sed -i "/runAsUser:/d" "$variable"
+        sed -i "/capabilities:/d" "$variable"
+        if [ -n "$USER" ]; then
+            cat << EOL >> /tmp/pod.securityContext
+      securityContext:
+        # The items below only work in pod context
+        fsGroup: $USER
+        fsGroupChangePolicy: "OnRootMismatch"
+        # The items below work in both contexts
+        runAsUser: $USER
+        runAsGroup: $GROUP
+        runAsNonRoot: true
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        seccompProfile:
+          type: RuntimeDefault
+        {{- end }}
+EOL
+            if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+                echo "      {{- end }} # AIO-config - do not change this comment!" >> /tmp/pod.securityContext
+            fi
+            sed -i "/^    spec:$/r /tmp/pod.securityContext" "$variable"
+        fi
+    fi
 done
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i 's|nextcloud-aio-namespace|"\{\{ .Values.NAMESPACE \}\}"|' \{} \; 
@@ -416,12 +452,49 @@ find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec se
 # shellcheck disable=SC1083
 find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 
-cat << EOL >> /tmp/security.conf
+cat << EOL > /tmp/security.conf
+            # The items below only work in container context
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
 EOL
 # shellcheck disable=SC1083
-find ./ \( -not -name '*nextcloud-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^.*securityContext:$/r /tmp/security.conf" \{} \; 
+find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*imaginary-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
+
+cat << EOL > /tmp/security.conf
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
+
+cat << EOL > /tmp/security.conf
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          securityContext:
+            # The items below only work in container context
+            allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
+          {{- end }} # AIO-config - do not change this comment!
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/nextcloud\/aio-nextcloud:.*/r /tmp/security.conf" \{} \; 
 
 chmod 777 -R ./
 
diff --git a/php/containers.json b/php/containers.json
index bf5ae3e9..17f60b2d 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -332,7 +332,6 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
-      "user": "100",
       "init": true,
       "expose": [
         "9980"

From 069b414d81e92c8f6f488447875c6915f1db8a2c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Nov 2024 22:58:47 +0100
Subject: [PATCH 2687/3949] adjust SYS_ADMIN to CAP_SYS_ADMIN

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                         | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c74355cd..749248d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -45,5 +45,5 @@ spec:
             capabilities:
               add:
                 - MKNOD
-                - SYS_ADMIN
+                - CAP_SYS_ADMIN
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 07ed989c..1b8f61b4 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -54,6 +54,8 @@ yq -i 'del(.services.[].tmpfs)' latest.yml
 yq -i 'del(.services.[].cap_drop)' latest.yml
 # Remove SYS_NICE for imaginary as it is not supported with RPSS
 sed -i "s|- SYS_NICE$|- NET_BIND_SERVICE|" latest.yml
+# cap SYS_ADMIN is called CAP_SYS_ADMIN in k8s
+sed -i "s|- SYS_ADMIN$|- CAP_SYS_ADMIN|" latest.yml
 
 cat latest.yml
 kompose convert -c -f latest.yml --namespace nextcloud-aio-namespace

From f436a224df6dcd1cfce48c98c1484271db28c42b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Nov 2024 04:54:06 +0000
Subject: [PATCH 2688/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.13-fpm-alpine3.20 to 8.3.14-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 1ba92044..7584e31e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.3.1-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.13-fpm-alpine3.20
+FROM php:8.3.14-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080

From 5a1a64ebec38763428c1a31442671821f1ef4990 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Nov 2024 04:54:10 +0000
Subject: [PATCH 2689/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.13-fpm-alpine3.20 to 8.3.14-fpm-alpine3.20.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 6465c893..8ba9d385 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.13-fpm-alpine3.20
+FROM php:8.3.14-fpm-alpine3.20
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=10G

From ef76cadb086f8aecaae37471e1e9feb4303b0ce2 Mon Sep 17 00:00:00 2001
From: Lance <Gero3977@gmail.com>
Date: Fri, 22 Nov 2024 02:16:53 -0800
Subject: [PATCH 2690/3949] Update community-containers/local-ai/readme.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Lance <Gero3977@gmail.com>
---
 community-containers/local-ai/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 2ab05996..236a2630 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -7,7 +7,7 @@ This container bundles Local AI and auto-configures it for you.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml
 # Stable Diffusion in NCNN with c++, supported txt2img and img2img 
-- url: github:mudler/LocalAI/blob/master/gallery/stablediffusion.yaml
+- url: github:mudler/LocalAI/gallery/stablediffusion.yaml
   name: Stable_diffusion
 ```
 -  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.

From 39b09cc80c2fbbbd97fefd9c4991025453442caf Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Nov 2024 12:03:20 +0000
Subject: [PATCH 2691/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 62 +++++++++++++++++++++++------------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 14394592..9810bb15 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.5",
+            "version": "v1.3.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c"
+                "reference": "4f48ade902b94323ca3be7646db16209ec76be3d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c",
-                "reference": "1dc4a3dbfa2b7628a3114e43e32120cce7cdda9c",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/4f48ade902b94323ca3be7646db16209ec76be3d",
+                "reference": "4f48ade902b94323ca3be7646db16209ec76be3d",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2024-09-23T13:33:08+00:00"
+            "time": "2024-11-14T18:34:49+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -1632,16 +1632,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.14.2",
+            "version": "v3.15.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a"
+                "reference": "2d5b3964cc21d0188633d7ddce732dc8e874db02"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a",
-                "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/2d5b3964cc21d0188633d7ddce732dc8e874db02",
+                "reference": "2d5b3964cc21d0188633d7ddce732dc8e874db02",
                 "shasum": ""
             },
             "require": {
@@ -1695,7 +1695,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.14.2"
+                "source": "https://github.com/twigphp/Twig/tree/v3.15.0"
             },
             "funding": [
                 {
@@ -1707,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-07T12:36:22+00:00"
+            "time": "2024-11-17T15:59:19+00:00"
         }
     ],
     "packages-dev": [
@@ -1946,16 +1946,16 @@
         },
         {
             "name": "composer/pcre",
-            "version": "3.3.1",
+            "version": "3.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "63aaeac21d7e775ff9bc9d45021e1745c97521c4"
+                "reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/63aaeac21d7e775ff9bc9d45021e1745c97521c4",
-                "reference": "63aaeac21d7e775ff9bc9d45021e1745c97521c4",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
+                "reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
                 "shasum": ""
             },
             "require": {
@@ -1965,8 +1965,8 @@
                 "phpstan/phpstan": "<1.11.10"
             },
             "require-dev": {
-                "phpstan/phpstan": "^1.11.10",
-                "phpstan/phpstan-strict-rules": "^1.1",
+                "phpstan/phpstan": "^1.12 || ^2",
+                "phpstan/phpstan-strict-rules": "^1 || ^2",
                 "phpunit/phpunit": "^8 || ^9"
             },
             "type": "library",
@@ -2005,7 +2005,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.3.1"
+                "source": "https://github.com/composer/pcre/tree/3.3.2"
             },
             "funding": [
                 {
@@ -2021,7 +2021,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-08-27T18:44:43+00:00"
+            "time": "2024-11-12T16:29:46+00:00"
         },
         {
             "name": "composer/semver",
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.14",
+            "version": "v6.4.15",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "897c2441ed4eec8a8a2c37b943427d24dba3f26b"
+                "reference": "f1fc6f47283e27336e7cebb9e8946c8de7bff9bd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/897c2441ed4eec8a8a2c37b943427d24dba3f26b",
-                "reference": "897c2441ed4eec8a8a2c37b943427d24dba3f26b",
+                "url": "https://api.github.com/repos/symfony/console/zipball/f1fc6f47283e27336e7cebb9e8946c8de7bff9bd",
+                "reference": "f1fc6f47283e27336e7cebb9e8946c8de7bff9bd",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.14"
+                "source": "https://github.com/symfony/console/tree/v6.4.15"
             },
             "funding": [
                 {
@@ -3030,7 +3030,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-05T15:34:40+00:00"
+            "time": "2024-11-06T14:19:14+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -3406,16 +3406,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.6",
+            "version": "v7.1.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626"
+                "reference": "591ebd41565f356fcd8b090fe64dbb5878f50281"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/61b72d66bf96c360a727ae6232df5ac83c71f626",
-                "reference": "61b72d66bf96c360a727ae6232df5ac83c71f626",
+                "url": "https://api.github.com/repos/symfony/string/zipball/591ebd41565f356fcd8b090fe64dbb5878f50281",
+                "reference": "591ebd41565f356fcd8b090fe64dbb5878f50281",
                 "shasum": ""
             },
             "require": {
@@ -3473,7 +3473,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.6"
+                "source": "https://github.com/symfony/string/tree/v7.1.8"
             },
             "funding": [
                 {
@@ -3489,7 +3489,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-25T14:20:29+00:00"
+            "time": "2024-11-13T13:31:21+00:00"
         },
         {
             "name": "vimeo/psalm",

From d866b542ed8973ed9a43cf42a094bf3cee5badb2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Nov 2024 12:03:36 +0000
Subject: [PATCH 2692/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 90c197b8..b18c7f7c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -264,13 +264,14 @@ services:
       - TZ=${TIMEZONE}
       - RECORDING_SECRET
       - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
+    volumes:
+      - nextcloud_aio_talk_recording:/tmp:rw
     shm_size: 2147483648
     restart: unless-stopped
     profiles:
       - talk-recording
     read_only: true
     tmpfs:
-      - /tmp
       - /conf
     cap_drop:
       - NET_RAW
@@ -397,6 +398,8 @@ volumes:
     name: nextcloud_aio_onlyoffice
   nextcloud_aio_redis:
     name: nextcloud_aio_redis
+  nextcloud_aio_talk_recording:
+    name: nextcloud_aio_talk_recording
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 

From 5485fc71a23eacce98a102eb400f6fa8a945ca36 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 05:10:18 +0000
Subject: [PATCH 2693/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-12 to 1.4.1-14.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 5e3adbe8..411bc595 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-12
+FROM clamav/clamav:1.4.1-14
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 9370d8c6e4444d0745d8cfb40daf4148a3a8351e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 05:10:20 +0000
Subject: [PATCH 2694/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.9.2.1 to 24.04.10.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 566f63b9..40f2c4f6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.9.2.1
+FROM collabora/code:24.04.10.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 20ef99cbc5dede1b577e48408f4af5c50bfda4ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 05:10:25 +0000
Subject: [PATCH 2695/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.15.3 to 8.16.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4da28fa1..571780ed 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.15.3
+FROM elasticsearch:8.16.1
 
 USER root
 

From 8cce894fee9a80b0fbabf2ba4a5c9a8945e62743 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 05:10:48 +0000
Subject: [PATCH 2696/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 16.4-alpine to 16.6-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index def1ce24..ee2a01e2 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/16/alpine3.20/Dockerfile
-FROM postgres:16.4-alpine
+FROM postgres:16.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From e800ed48f9dd9409413589d08c77346f37c286b7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 25 Nov 2024 09:39:31 +0100
Subject: [PATCH 2697/3949] remove delete-lost-found initcontainer

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud-aio-nextcloud-deployment.yaml   | 25 +------------------
 nextcloud-aio-helm-chart/update-helm.sh       | 14 +----------
 2 files changed, 2 insertions(+), 37 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6dcf9520..5440676b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -37,31 +37,8 @@ spec:
           type: RuntimeDefault
         {{- end }}
       {{- end }} # AIO-config - do not change this comment!
-      initContainers:
-        - name: "delete-lost-found"
-          image: "alpine:3.20"
-          command:
-            - rm
-            - "-rf"
-            - "/nextcloud-aio-nextcloud/lost+found"
-          volumeMounts:
-            - name: nextcloud-aio-nextcloud-trusted-cacerts
-              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
-            - name: nextcloud-aio-nextcloud
-              mountPath: /nextcloud-aio-nextcloud
-        {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
-          securityContext:
-            # The items below only work in container context
-            allowPrivilegeEscalation: false
-            capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
-              drop: ["ALL"]
-              {{- else }}
-              drop: ["NET_RAW"]
-              {{- end }}
-              add: ["NET_BIND_SERVICE"]
-        {{- end }} # AIO-config - do not change this comment!
 # AIO settings start # Do not remove or change this line!
+      initContainers:
         - name: init-volumes
           image: "alpine:3.20"
           command:
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 1b8f61b4..00c004a5 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -102,18 +102,8 @@ cat << EOL > /tmp/initcontainers.clamav
           securityContext:
 EOL
 cat << EOL > /tmp/initcontainers.nextcloud
-      initContainers:
-        - name: "delete-lost-found"
-          image: "alpine:3.20"
-          command:
-            - rm
-            - "-rf"
-            - "/nextcloud-aio-nextcloud/lost+found"
-          volumeMountsInitRmLostFound:
-        {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
-          securityContext:
-        {{- end }} # AIO-config - do not change this comment!
 # AIO settings start # Do not remove or change this line!
+      initContainers:
         - name: init-volumes
           image: "alpine:3.20"
           command:
@@ -144,7 +134,6 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
-                sed -i "/volumeMountsInitRmLostFound:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
@@ -155,7 +144,6 @@ for variable in "${DEPLOYMENTS[@]}"; do
             fi
         done
         sed -i "s|volumeMountsInitContainer:|volumeMounts:|" "$variable"
-        sed -i "s|volumeMountsInitRmLostFound:|volumeMounts:|" "$variable"
         if grep -q claimName "$variable"; then
             claimNames="$(grep claimName "$variable")"
             mapfile -t claimNames <<< "$claimNames"

From 96b822d5a04f7d3e6173264c284ad741ff90a727 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 25 Nov 2024 10:23:43 +0100
Subject: [PATCH 2698/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index ff7d934c..44a2f66a 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.2.0.1
+FROM onlyoffice/documentserver:8.2.1.1
 
 # USER root is probably used
 

From 5d7125dd71bfb34715cd1757d4609e4e513c8ddc Mon Sep 17 00:00:00 2001
From: autoantwort <Leander.schulten@rwth-aachen.de>
Date: Mon, 25 Nov 2024 12:40:14 +0100
Subject: [PATCH 2699/3949] Document the 100 users limit

Signed-off-by: autoantwort <Leander.schulten@rwth-aachen.de>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 91a45fb2..4129f00c 100644
--- a/readme.md
+++ b/readme.md
@@ -13,6 +13,7 @@ Included are:
 - Fulltextsearch (optional)
 - Whiteboard (optional)
 - Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi))
+- Up to 100 free users, more with [Nextcloud Enterprise](https://nextcloud.com/all-in-one/)
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance

From 879114d215605992d563edd74ba5edb2f207d746 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 25 Nov 2024 12:04:21 +0000
Subject: [PATCH 2700/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 37b0c9eb..a5c74a7b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
 FROM alpine:3.20.3 AS janus
 
-ARG JANUS_VERSION=v0.14.4
+ARG JANUS_VERSION=v0.15.0
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From 2d15a4f142ff873115ff4e76dae4a15f8b13cfb6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 26 Nov 2024 09:42:56 +0000
Subject: [PATCH 2701/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml            |  2 +-
 .../nextcloud-aio-apache-deployment.yaml       |  2 +-
 .../nextcloud-aio-clamav-deployment.yaml       |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml    |  2 +-
 .../nextcloud-aio-database-deployment.yaml     |  2 +-
 ...extcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml    |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml    |  2 +-
 .../nextcloud-aio-notify-push-deployment.yaml  |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml   |  2 +-
 .../nextcloud-aio-redis-deployment.yaml        |  2 +-
 .../nextcloud-aio-talk-deployment.yaml         |  2 +-
 ...extcloud-aio-talk-recording-deployment.yaml | 11 ++++++++++-
 ...o-talk-recording-persistentvolumeclaim.yaml | 18 ++++++++++++++++++
 .../nextcloud-aio-whiteboard-deployment.yaml   |  2 +-
 nextcloud-aio-helm-chart/values.yaml           |  1 +
 16 files changed, 42 insertions(+), 14 deletions(-)
 create mode 100755 nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 87d387b8..96ea008d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.8.0
+version: 10.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7cf78bf0..ab674f0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -63,7 +63,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20241106_101604
+          image: nextcloud/aio-apache:20241125_091756
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index ea3b379f..38f0a21b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20241106_101604
+          image: nextcloud/aio-clamav:20241125_091756
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 749248d4..5973de53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20241106_101604
+          image: nextcloud/aio-collabora:20241125_091756
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index fc547697..5f6b3236 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -67,7 +67,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20241106_101604
+          image: nextcloud/aio-postgresql:20241125_091756
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index fdd5ca08..fdb85477 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -56,7 +56,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20241106_101604
+          image: nextcloud/aio-fulltextsearch:20241125_091756
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a37a9d00..a2ff0059 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -40,7 +40,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20241106_101604
+          image: nextcloud/aio-imaginary:20241125_091756
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 5440676b..a154b421 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -178,7 +178,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20241106_101604
+          image: nextcloud/aio-nextcloud:20241125_091756
           {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 086ebd5b..f9256d2e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20241106_101604
+          image: nextcloud/aio-notify-push:20241125_091756
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 9a69e660..4e4eeda2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20241106_101604
+          image: nextcloud/aio-onlyoffice:20241125_091756
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3acd1e05..375e52bd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -41,7 +41,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20241106_101604
+          image: nextcloud/aio-redis:20241125_091756
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c09b6758..31ecd663 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20241106_101604
+          image: nextcloud/aio-talk:20241125_091756
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 62289b01..5379a069 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -14,6 +14,8 @@ spec:
   selector:
     matchLabels:
       io.kompose.service: nextcloud-aio-talk-recording
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -44,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20241106_101604
+          image: nextcloud/aio-talk-recording:20241125_091756
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
@@ -59,4 +61,11 @@ spec:
               drop: ["NET_RAW"]
               {{- end }}
               add: ["NET_BIND_SERVICE"]
+          volumeMounts:
+            - mountPath: /tmp
+              name: nextcloud-aio-talk-recording
+      volumes:
+        - name: nextcloud-aio-talk-recording
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-talk-recording
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml
new file mode 100755
index 00000000..59961448
--- /dev/null
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-talk-recording
+  name: nextcloud-aio-talk-recording
+  namespace: "{{ .Values.NAMESPACE }}"
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.TALK_RECORDING_STORAGE_SIZE }}
+{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 1b9da32c..98979a5b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20241106_101604
+          image: nextcloud/aio-whiteboard:20241125_091756
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 50ff3b16..c17bf268 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -48,6 +48,7 @@ NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextclou
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+TALK_RECORDING_STORAGE_SIZE: 1Gi       # You can change the size of the talk-recording volume that default to 1Gi with this value
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one

From 007efa08494e704ebb285118ede3ba39925fb574 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 10:48:48 +0100
Subject: [PATCH 2702/3949] adjust to 10.0.0-beta

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 96ea008d..81990a81 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.0.0
+version: 10.0.0-beta
 apiVersion: v2
 keywords:
   - latest

From 21b584281336fa98e01a093e3a493b432243ae4a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 11:01:47 +0100
Subject: [PATCH 2703/3949] helm: add a default for RPSS_ENABLED

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml   |  4 ++--
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  6 +++---
 .../templates/nextcloud-aio-database-deployment.yaml |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml          |  4 ++--
 .../nextcloud-aio-nextcloud-deployment.yaml          |  8 ++++----
 .../nextcloud-aio-notify-push-deployment.yaml        |  4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml    |  4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml     |  4 ++--
 .../nextcloud-aio-talk-recording-deployment.yaml     |  4 ++--
 .../nextcloud-aio-whiteboard-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh              | 12 ++++++------
 11 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index ab674f0e..790e810d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -74,7 +74,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 38f0a21b..77d60f93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 100
         runAsGroup: 100
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -73,7 +73,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 5f6b3236..332c41fb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -76,7 +76,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a2ff0059..22879334 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index a154b421..0a2fe740 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
       securityContext:
         # The items below only work in pod context
         fsGroup: 33
@@ -32,7 +32,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -179,12 +179,12 @@ spec:
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
           image: nextcloud/aio-nextcloud:20241125_091756
-          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index f9256d2e..6e93cb51 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -64,7 +64,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 375e52bd..f81c13de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 31ecd663..19ecd60e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -67,7 +67,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 5379a069..41b209c9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 122
         runAsGroup: 122
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -55,7 +55,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 98979a5b..2a0d27c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -57,7 +57,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d9876213..e2791ff7 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
             USER=33
             GROUP=33
-            echo '      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
+            echo '      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
         else
             USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
             GROUP="$USER"
@@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         runAsUser: $USER
         runAsGroup: $GROUP
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -470,12 +470,12 @@ EOL
 find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
-          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

From b1353d309e377250ed0f356958221a086ba24a2c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 11:08:55 +0100
Subject: [PATCH 2704/3949] Revert "helm: add a default for RPSS_ENABLED"

---
 .../templates/nextcloud-aio-apache-deployment.yaml   |  4 ++--
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  6 +++---
 .../templates/nextcloud-aio-database-deployment.yaml |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml          |  4 ++--
 .../nextcloud-aio-nextcloud-deployment.yaml          |  8 ++++----
 .../nextcloud-aio-notify-push-deployment.yaml        |  4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml    |  4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml     |  4 ++--
 .../nextcloud-aio-talk-recording-deployment.yaml     |  4 ++--
 .../nextcloud-aio-whiteboard-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh              | 12 ++++++------
 11 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 790e810d..ab674f0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -74,7 +74,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 77d60f93..38f0a21b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 100
         runAsGroup: 100
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -73,7 +73,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 332c41fb..5f6b3236 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -76,7 +76,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 22879334..a2ff0059 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 0a2fe740..a154b421 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
       securityContext:
         # The items below only work in pod context
         fsGroup: 33
@@ -32,7 +32,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -179,12 +179,12 @@ spec:
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
           image: nextcloud/aio-nextcloud:20241125_091756
-          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 6e93cb51..f9256d2e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -64,7 +64,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index f81c13de..375e52bd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 19ecd60e..31ecd663 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -67,7 +67,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 41b209c9..5379a069 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 122
         runAsGroup: 122
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -55,7 +55,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 2a0d27c0..98979a5b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -57,7 +57,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index e2791ff7..d9876213 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
             USER=33
             GROUP=33
-            echo '      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
+            echo '      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
         else
             USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
             GROUP="$USER"
@@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         runAsUser: $USER
         runAsGroup: $GROUP
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -470,12 +470,12 @@ EOL
 find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
-          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

From 920379213a93bdc5e577ded8a229c52684b434ba Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 11:14:52 +0100
Subject: [PATCH 2705/3949] Reapply "helm: add a default for RPSS_ENABLED"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml   |  4 ++--
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  6 +++---
 .../templates/nextcloud-aio-database-deployment.yaml |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml          |  4 ++--
 .../nextcloud-aio-nextcloud-deployment.yaml          |  8 ++++----
 .../nextcloud-aio-notify-push-deployment.yaml        |  4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml    |  4 ++--
 .../templates/nextcloud-aio-talk-deployment.yaml     |  4 ++--
 .../nextcloud-aio-talk-recording-deployment.yaml     |  4 ++--
 .../nextcloud-aio-whiteboard-deployment.yaml         |  4 ++--
 nextcloud-aio-helm-chart/update-helm.sh              | 12 ++++++------
 11 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index ab674f0e..3b7de1e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -74,7 +74,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 38f0a21b..23975bb0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 100
         runAsGroup: 100
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -73,7 +73,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 5f6b3236..93b5fb88 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -76,7 +76,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a2ff0059..062a95df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index a154b421..2b6e3e9d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+      {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
       securityContext:
         # The items below only work in pod context
         fsGroup: 33
@@ -32,7 +32,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -179,12 +179,12 @@ spec:
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
           image: nextcloud/aio-nextcloud:20241125_091756
-          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index f9256d2e..83008b74 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -64,7 +64,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 375e52bd..bdd3842b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 31ecd663..52abc135 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -67,7 +67,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 5379a069..04b00131 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 122
         runAsGroup: 122
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -55,7 +55,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 98979a5b..bd6fbf3e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -57,7 +57,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d9876213..a8719b1b 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
             USER=33
             GROUP=33
-            echo '      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
+            echo '      {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
         else
             USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
             GROUP="$USER"
@@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         runAsUser: $USER
         runAsGroup: $GROUP
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -470,12 +470,12 @@ EOL
 find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
-          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
+          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" }}
+              {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

From 2ffbeead5372a25b532e6ed4b00b5f0c0b1df106 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 16:45:42 +0100
Subject: [PATCH 2706/3949] onlyoffice should not be shown in the aio interface
 if disabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index f44a87cc..35446354 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -98,6 +98,7 @@
         >
         <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
     </p>
+    {% if is_onlyoffice_enabled == true %}
     <p>
         <input
             type="checkbox"
@@ -112,6 +113,7 @@
         >
         <label for="onlyoffice">OnlyOffice</label>
     </p>
+    {% endif %}
     <p>
         <input
             type="checkbox"

From af5454b10fe07bbbbb661654a9f89ab82f0cde9b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 17:01:22 +0100
Subject: [PATCH 2707/3949] move the note into the faq section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4129f00c..3eaeb815 100644
--- a/readme.md
+++ b/readme.md
@@ -13,7 +13,6 @@ Included are:
 - Fulltextsearch (optional)
 - Whiteboard (optional)
 - Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi))
-- Up to 100 free users, more with [Nextcloud Enterprise](https://nextcloud.com/all-in-one/)
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance
@@ -145,6 +144,9 @@ Nextcloud AIO is inspired by projects like Portainer that manage the docker daem
 ### How to contribute?
 See [this issue](https://github.com/nextcloud/all-in-one/issues/5251) for a list of feature requests that need help by contributors.
 
+### How many users are possible?
+Up to 100 users are free, more are possible with [Nextcloud Enterprise](https://nextcloud.com/all-in-one/)
+
 ### Are reverse proxies supported?
 Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 

From 6a4c9468cf10d2c9271cfc3c11423a18da4c7ccf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 17:10:04 +0100
Subject: [PATCH 2708/3949] manual-install: add back the nextcloud-aio network

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml     | 30 ++++++++++++++++++++++++++++--
 manual-install/update-yaml.sh |  5 ++---
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 15680146..4502127b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -42,6 +42,8 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
     restart: unless-stopped
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -70,6 +72,8 @@ services:
     stop_grace_period: 1800s
     restart: unless-stopped
     shm_size: 268435456
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/run/postgresql
@@ -158,6 +162,8 @@ services:
       - WHITEBOARD_ENABLED
     stop_grace_period: 600s
     restart: unless-stopped
+    networks:
+      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -180,6 +186,8 @@ services:
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
     restart: unless-stopped
+    networks:
+      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -196,6 +204,8 @@ services:
     volumes:
       - nextcloud_aio_redis:/data:rw
     restart: unless-stopped
+    networks:
+      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -215,6 +225,8 @@ services:
     restart: unless-stopped
     profiles:
       - collabora
+    networks:
+      - nextcloud-aio
     cap_add:
       - MKNOD
       - SYS_ADMIN
@@ -242,6 +254,8 @@ services:
     profiles:
       - talk
       - talk-recording
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -269,6 +283,8 @@ services:
     restart: unless-stopped
     profiles:
       - talk-recording
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /conf
@@ -290,6 +306,8 @@ services:
     restart: unless-stopped
     profiles:
       - clamav
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/lock
@@ -313,6 +331,8 @@ services:
     restart: unless-stopped
     profiles:
       - onlyoffice
+    networks:
+      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -332,6 +352,8 @@ services:
       - NET_RAW
     profiles:
       - imaginary
+    networks:
+      - nextcloud-aio
     read_only: true
     tmpfs:
       - /tmp
@@ -357,6 +379,8 @@ services:
     restart: unless-stopped
     profiles:
       - fulltextsearch
+    networks:
+      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -377,6 +401,8 @@ services:
     profiles:
       - whiteboard
     read_only: true
+    networks:
+      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -403,5 +429,5 @@ volumes:
     name: nextcloud_aio_nextcloud_data
 
 networks:
-  default:
-    driver: bridge
+  nextcloud-aio:
+    name: nextcloud-aio
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 372da72f..ca68850c 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -18,7 +18,6 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].documentation)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
@@ -141,8 +140,8 @@ done
 cat << NETWORK >> containers.yml
 
 networks:
-  default:
-    driver: bridge
+  nextcloud-aio:
+    name: nextcloud-aio
 NETWORK
 
 mv containers.yml latest.yml

From bb0c84ddb794c1bb33ef6e93804cc5a96082d9f1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 26 Nov 2024 17:43:43 +0100
Subject: [PATCH 2709/3949] Revert "manual-install: add back the nextcloud-aio
 network"

---
 manual-install/latest.yml     | 30 ++----------------------------
 manual-install/update-yaml.sh |  5 +++--
 2 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 4502127b..15680146 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -42,8 +42,6 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -72,8 +70,6 @@ services:
     stop_grace_period: 1800s
     restart: unless-stopped
     shm_size: 268435456
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/run/postgresql
@@ -162,8 +158,6 @@ services:
       - WHITEBOARD_ENABLED
     stop_grace_period: 600s
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -186,8 +180,6 @@ services:
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -204,8 +196,6 @@ services:
     volumes:
       - nextcloud_aio_redis:/data:rw
     restart: unless-stopped
-    networks:
-      - nextcloud-aio
     read_only: true
     cap_drop:
       - NET_RAW
@@ -225,8 +215,6 @@ services:
     restart: unless-stopped
     profiles:
       - collabora
-    networks:
-      - nextcloud-aio
     cap_add:
       - MKNOD
       - SYS_ADMIN
@@ -254,8 +242,6 @@ services:
     profiles:
       - talk
       - talk-recording
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/log/supervisord
@@ -283,8 +269,6 @@ services:
     restart: unless-stopped
     profiles:
       - talk-recording
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /conf
@@ -306,8 +290,6 @@ services:
     restart: unless-stopped
     profiles:
       - clamav
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /var/lock
@@ -331,8 +313,6 @@ services:
     restart: unless-stopped
     profiles:
       - onlyoffice
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -352,8 +332,6 @@ services:
       - NET_RAW
     profiles:
       - imaginary
-    networks:
-      - nextcloud-aio
     read_only: true
     tmpfs:
       - /tmp
@@ -379,8 +357,6 @@ services:
     restart: unless-stopped
     profiles:
       - fulltextsearch
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -401,8 +377,6 @@ services:
     profiles:
       - whiteboard
     read_only: true
-    networks:
-      - nextcloud-aio
     cap_drop:
       - NET_RAW
 
@@ -429,5 +403,5 @@ volumes:
     name: nextcloud_aio_nextcloud_data
 
 networks:
-  nextcloud-aio:
-    name: nextcloud-aio
+  default:
+    driver: bridge
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index ca68850c..372da72f 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -18,6 +18,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].documentation)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
@@ -140,8 +141,8 @@ done
 cat << NETWORK >> containers.yml
 
 networks:
-  nextcloud-aio:
-    name: nextcloud-aio
+  default:
+    driver: bridge
 NETWORK
 
 mv containers.yml latest.yml

From 5149bf848b5555bfd9d9a17360ef8e94743957e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Nov 2024 05:09:15 +0000
Subject: [PATCH 2710/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.0.6-alpine to 3.1.0-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 6f98bb86..7fd83337 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.0.6-alpine
+FROM haproxy:3.1.0-alpine
 
 # hadolint ignore=DL3002
 USER root

From e156e9ccfd77ca5e09d2b764b542f17b794f8689 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Nov 2024 10:59:41 +0100
Subject: [PATCH 2711/3949] nextcloud: allow to adjust name of nextcloud
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 11 ++++++++---
 php/containers.json                |  1 +
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 419401cd..0e251884 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -592,12 +592,17 @@ if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
     php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
 fi
 
-# Get ipv4-address of Nextcloud 
-IPv4_ADDRESS="$(dig nextcloud-aio-nextcloud A +short +search | head -1)" 
+# Get ipv4-address of Nextcloud
+if [ -z "$NEXTCLOUD_HOST" ]; then
+    export NEXTCLOUD_HOST="nextcloud-aio-nextcloud"
+fi
+IPv4_ADDRESS="$(dig "$NEXTCLOUD_HOST" A +short +search | head -1)" 
 # Bring it in CIDR notation 
 # shellcheck disable=SC2001
 IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')" 
-php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
+if [ -n "$IPv4_ADDRESS" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
+fi
 
 if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
     php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
diff --git a/php/containers.json b/php/containers.json
index 17f60b2d..2a96774a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -178,6 +178,7 @@
         }
       ],
       "environment": [
+        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "POSTGRES_HOST=nextcloud-aio-database",
         "POSTGRES_PORT=5432",
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",

From 276880657dbe3268c9153a529682c12cadde714d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Nov 2024 11:15:31 +0100
Subject: [PATCH 2712/3949] nextcloud: always enable ImaginaryPDF

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 419401cd..21663053 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -779,6 +779,7 @@ fi
 # Imaginary
 if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+    php /var/www/html/occ config:system:set enabledPreviewProviders 23 --value="OC\\Preview\\ImaginaryPDF"
     php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
     php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
 else
@@ -788,6 +789,7 @@ else
         php /var/www/html/occ config:system:delete enabledPreviewProviders 20
         php /var/www/html/occ config:system:delete enabledPreviewProviders 21
         php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 23
     fi
 fi
 

From 7f229b241449c609b8670ce04a3f597b80fed58b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Nov 2024 11:19:40 +0100
Subject: [PATCH 2713/3949] DockerActionManager: improve PullImage to always
 log something if it fails

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 29866965..e3d78212 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -612,8 +612,11 @@ readonly class DockerActionManager {
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
+            $message = "Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.";
             if ($imageIsThere === false) {
-                throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+                throw new \Exception($message);
+            } else {
+                error_log($message);
             }
         }
     }

From 07d9c597b3bfe35a8c7af73f6e6eeccf857547dc Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 28 Nov 2024 12:36:27 +0000
Subject: [PATCH 2714/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9810bb15..b0a1cd82 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1330,16 +1330,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.5.0",
+            "version": "v3.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1"
+                "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
-                "reference": "0e0d29ce1f20deffb4ab1b016a7257c4f1e789a1",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6",
+                "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6",
                 "shasum": ""
             },
             "require": {
@@ -1377,7 +1377,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.1"
             },
             "funding": [
                 {
@@ -1393,7 +1393,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-04-18T09:32:20+00:00"
+            "time": "2024-09-25T14:20:29+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -3323,16 +3323,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.5.0",
+            "version": "v3.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "bd1d9e59a81d8fa4acdcea3f617c581f7475a80f"
+                "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/bd1d9e59a81d8fa4acdcea3f617c581f7475a80f",
-                "reference": "bd1d9e59a81d8fa4acdcea3f617c581f7475a80f",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/e53260aabf78fb3d63f8d79d69ece59f80d5eda0",
+                "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0",
                 "shasum": ""
             },
             "require": {
@@ -3386,7 +3386,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.5.0"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.5.1"
             },
             "funding": [
                 {
@@ -3402,7 +3402,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-04-18T09:32:20+00:00"
+            "time": "2024-09-25T14:20:29+00:00"
         },
         {
             "name": "symfony/string",

From 9307fe5a5d39bb30e1665f0888d77fb63d3bfca1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 29 Nov 2024 12:03:21 +0000
Subject: [PATCH 2715/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index b0a1cd82..0ccf0e8f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1632,16 +1632,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.15.0",
+            "version": "v3.16.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "2d5b3964cc21d0188633d7ddce732dc8e874db02"
+                "reference": "475ad2dc97d65d8631393e721e7e44fb544f0561"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/2d5b3964cc21d0188633d7ddce732dc8e874db02",
-                "reference": "2d5b3964cc21d0188633d7ddce732dc8e874db02",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/475ad2dc97d65d8631393e721e7e44fb544f0561",
+                "reference": "475ad2dc97d65d8631393e721e7e44fb544f0561",
                 "shasum": ""
             },
             "require": {
@@ -1652,6 +1652,7 @@
                 "symfony/polyfill-php81": "^1.29"
             },
             "require-dev": {
+                "phpstan/phpstan": "^2.0",
                 "psr/container": "^1.0|^2.0",
                 "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0"
             },
@@ -1695,7 +1696,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.15.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.16.0"
             },
             "funding": [
                 {
@@ -1707,7 +1708,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-17T15:59:19+00:00"
+            "time": "2024-11-29T08:27:05+00:00"
         }
     ],
     "packages-dev": [
@@ -3034,16 +3035,16 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.1.6",
+            "version": "v7.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4"
+                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/c835867b3c62bb05c7fe3d637c871c7ae52024d4",
-                "reference": "c835867b3c62bb05c7fe3d637c871c7ae52024d4",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
+                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
                 "shasum": ""
             },
             "require": {
@@ -3080,7 +3081,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.1.6"
+                "source": "https://github.com/symfony/filesystem/tree/v7.2.0"
             },
             "funding": [
                 {
@@ -3096,7 +3097,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-25T15:11:02+00:00"
+            "time": "2024-10-25T15:15:23+00:00"
         },
         {
             "name": "symfony/finder",
@@ -3406,16 +3407,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.1.8",
+            "version": "v7.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "591ebd41565f356fcd8b090fe64dbb5878f50281"
+                "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/591ebd41565f356fcd8b090fe64dbb5878f50281",
-                "reference": "591ebd41565f356fcd8b090fe64dbb5878f50281",
+                "url": "https://api.github.com/repos/symfony/string/zipball/446e0d146f991dde3e73f45f2c97a9faad773c82",
+                "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82",
                 "shasum": ""
             },
             "require": {
@@ -3473,7 +3474,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.1.8"
+                "source": "https://github.com/symfony/string/tree/v7.2.0"
             },
             "funding": [
                 {
@@ -3489,7 +3490,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-13T13:31:21+00:00"
+            "time": "2024-11-13T13:31:26+00:00"
         },
         {
             "name": "vimeo/psalm",

From 397950e87bf3adcd6ec2a572864cd6feb1cab631 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Nov 2024 15:49:01 +0100
Subject: [PATCH 2716/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 44a2f66a..412ce054 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.2.1.1
+FROM onlyoffice/documentserver:8.2.2.1
 
 # USER root is probably used
 

From b3c1038eaa9499c6ffcaf8e9a5234f16ab132530 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 30 Nov 2024 12:02:39 +0000
Subject: [PATCH 2717/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0ccf0e8f..6dd04ee9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -630,16 +630,16 @@
         },
         {
             "name": "php-di/slim-bridge",
-            "version": "3.4.0",
+            "version": "3.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Slim-Bridge.git",
-                "reference": "d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875"
+                "reference": "02ab0274a19d104d74561164f8915b62d93f3cf0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875",
-                "reference": "d14c95b34b3c5ba2e8c40020dd93fdcc8f3ba875",
+                "url": "https://api.github.com/repos/PHP-DI/Slim-Bridge/zipball/02ab0274a19d104d74561164f8915b62d93f3cf0",
+                "reference": "02ab0274a19d104d74561164f8915b62d93f3cf0",
                 "shasum": ""
             },
             "require": {
@@ -650,6 +650,7 @@
             },
             "require-dev": {
                 "laminas/laminas-diactoros": "^2.1",
+                "mnapoli/hard-mode": "^0.3.0",
                 "phpunit/phpunit": ">= 7.0 < 10"
             },
             "type": "library",
@@ -665,9 +666,9 @@
             "description": "PHP-DI integration in Slim",
             "support": {
                 "issues": "https://github.com/PHP-DI/Slim-Bridge/issues",
-                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.4.0"
+                "source": "https://github.com/PHP-DI/Slim-Bridge/tree/3.4.1"
             },
-            "time": "2023-06-29T14:08:47+00:00"
+            "time": "2024-06-19T15:47:45+00:00"
         },
         {
             "name": "psr/container",
@@ -3567,11 +3568,11 @@
             "type": "project",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "5.x-dev",
-                    "dev-4.x": "4.x-dev",
-                    "dev-3.x": "3.x-dev",
+                    "dev-1.x": "1.x-dev",
                     "dev-2.x": "2.x-dev",
-                    "dev-1.x": "1.x-dev"
+                    "dev-3.x": "3.x-dev",
+                    "dev-4.x": "4.x-dev",
+                    "dev-master": "5.x-dev"
                 }
             },
             "autoload": {
@@ -3636,18 +3637,18 @@
             "type": "package",
             "extra": {
                 "phar-builder": {
-                    "compression": "BZip2",
                     "name": "phpdd-dev.phar",
-                    "output-dir": "./",
-                    "entry-point": "bin/phpdd",
+                    "events": {
+                        "command.package.end": "cp phpdd-dev.phar phpdd-`cat bin/version.txt`.phar && chmod +x phpdd-`cat bin/version.txt`.phar && rm bin/version.txt",
+                        "command.package.start": "git describe --tags > bin/version.txt"
+                    },
                     "include": [
                         "bin",
                         "data"
                     ],
-                    "events": {
-                        "command.package.start": "git describe --tags > bin/version.txt",
-                        "command.package.end": "cp phpdd-dev.phar phpdd-`cat bin/version.txt`.phar && chmod +x phpdd-`cat bin/version.txt`.phar && rm bin/version.txt"
-                    }
+                    "output-dir": "./",
+                    "compression": "BZip2",
+                    "entry-point": "bin/phpdd"
                 }
             },
             "autoload": {

From 6a25c0506b326c38cc91085ab65c40451db946b9 Mon Sep 17 00:00:00 2001
From: Tim Diels <tim@diels.me>
Date: Sat, 30 Nov 2024 17:57:24 +0100
Subject: [PATCH 2718/3949] Prepend ssh:// to remote borg repo placeholder

Signed-off-by: Tim Diels <tim@diels.me>
---
 php/templates/containers.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 58f1c196..7ebda82e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -196,7 +196,7 @@
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
-                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="user@host:/path/to/repo"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:/path/to/repo"/><br>
                                     <label>Borg passphrase</label> <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -394,7 +394,7 @@
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
-                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="user@host:/path/to/repo"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit backup location" />
@@ -435,7 +435,7 @@
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
-                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="user@host:/path/to/repo"/><br>
+                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:/path/to/repo"/><br>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Set backup location again" />

From 7b34abbb31062e42e9d5f61dbcc98fd0387f7f9d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 04:37:11 +0000
Subject: [PATCH 2719/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-14 to 1.4.1-15.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 411bc595..49c87418 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-14
+FROM clamav/clamav:1.4.1-15
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 2794cc89bafcb8b63cf14be31f94c77d7ab821c7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 2 Dec 2024 11:14:13 +0100
Subject: [PATCH 2720/3949] collabora: configure net.post_allow_host

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 17f60b2d..6126b121 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -339,7 +339,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",

From 4a839ec1116c90e3a77b009aef3249b2edcf6e92 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 10:29:40 +0100
Subject: [PATCH 2721/3949] containers-schema.json: add healtcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers-schema.json | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index cf3f893f..7055d0db 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -94,6 +94,36 @@
 							}
 						}
 					},
+					"healthcheck": {
+						"type": "object",
+						"additionalProperties": false,
+						"minProperties": 6,
+						"properties": {
+							"interval": {
+								"type": "string",
+								"pattern": "^[0-9]+s$"
+							},
+							"timeout": {
+								"type": "string",
+								"pattern": "^[0-9]+s$"
+							},
+							"retries": {
+								"type": "integer"
+							},
+							"start_period": {
+								"type": "string",
+								"pattern": "^[0-9]+s$"
+							},
+							"start_interval": {
+								"type": "string",
+								"pattern": "^[0-9]+s$"
+							},
+							"test": {
+								"type": "string",
+								"pattern": "^.*$"
+							}
+						}
+					},
 					"aio_variables": {
 						"type": "array",
 						"items": {

From 3afe1c0df4ab55d37d46efeba578602060cd767a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:23:51 +0100
Subject: [PATCH 2722/3949] add healthcheck for apache

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 17f60b2d..30428150 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -15,6 +15,14 @@
       "image": "nextcloud/aio-apache",
       "user": "33",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "ports": [
         {
           "ip_binding": "%APACHE_IP_BINDING%",

From 838db89315192fcbaa8c7e59adcfaccfdc45da5a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 10:29:55 +0100
Subject: [PATCH 2723/3949] add healtcheck for clamav

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 30428150..142f2772 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -599,6 +599,14 @@
       "image": "nextcloud/aio-clamav",
       "user": "100",
       "init": false,
+      "healthcheck": {
+        "start_period": "360s",
+        "test": "clamdcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "3310"
       ],

From fe3e640d19e255b1a84f1fa9353d8071d605e21f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:30:23 +0100
Subject: [PATCH 2724/3949] add healthcheck for collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile     | 4 +++-
 Containers/collabora/healthcheck.sh | 3 +++
 php/containers.json                 | 8 ++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 Containers/collabora/healthcheck.sh

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 40f2c4f6..3c709c35 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -15,7 +15,9 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
 USER 100
 
-HEALTHCHECK CMD nc -z 127.0.0.1 9980 || exit 1
+HEALTHCHECK --start-period=360s CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/collabora/healthcheck.sh b/Containers/collabora/healthcheck.sh
new file mode 100644
index 00000000..67cecdc3
--- /dev/null
+++ b/Containers/collabora/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+nc -z 127.0.0.1 9980 || exit 1
diff --git a/php/containers.json b/php/containers.json
index 142f2772..cdf9d73c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -341,6 +341,14 @@
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
       "init": true,
+      "healthcheck": {
+        "start_period": "360s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "9980"
       ],

From f333f740e30f6411a16a36b7d8172bb213cd2eae Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:36:32 +0100
Subject: [PATCH 2725/3949] add healthcheck for fts

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile     | 4 +++-
 Containers/fulltextsearch/healthcheck.sh | 3 +++
 php/containers.json                      | 8 ++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 Containers/fulltextsearch/healthcheck.sh

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 571780ed..9b7804f7 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -16,7 +16,9 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
 USER 1000:0
 
-HEALTHCHECK CMD nc -z 127.0.0.1 9200 || exit 1
+HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/fulltextsearch/healthcheck.sh b/Containers/fulltextsearch/healthcheck.sh
new file mode 100644
index 00000000..5e888ea6
--- /dev/null
+++ b/Containers/fulltextsearch/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+nc -z 127.0.0.1 9200 || exit 1
diff --git a/php/containers.json b/php/containers.json
index cdf9d73c..d99a1881 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -732,6 +732,14 @@
       "display_name": "Fulltextsearch",
       "image": "nextcloud/aio-fulltextsearch",
       "init": false,
+      "healthcheck": {
+        "start_period": "60s",
+        "test": "/healthcheck.sh",
+        "interval": "10s",
+        "timeout": "5s",
+        "start_interval": "5s",
+        "retries": 5
+      },
       "expose": [
         "9200"
       ],

From b51223fd69178ddd42577fa16748fd51d5599152 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:40:29 +0100
Subject: [PATCH 2726/3949] add healthcheck for imaginary

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile     | 5 +++--
 Containers/imaginary/healthcheck.sh | 3 +++
 php/containers.json                 | 8 ++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 Containers/imaginary/healthcheck.sh

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 20c90fa5..efe0ed70 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.3-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \
@@ -30,6 +30,7 @@ RUN set -ex; \
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 ENV PORT=9000
 
@@ -39,5 +40,5 @@ USER 65534
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z 127.0.0.1 "$PORT" || exit 1
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/imaginary/healthcheck.sh b/Containers/imaginary/healthcheck.sh
new file mode 100644
index 00000000..46d700fc
--- /dev/null
+++ b/Containers/imaginary/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+nc -z 127.0.0.1 "$PORT" || exit 1
diff --git a/php/containers.json b/php/containers.json
index d99a1881..265010ed 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -696,6 +696,14 @@
       "image": "nextcloud/aio-imaginary",
       "user": "65534",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "9000"
       ],

From a87459779b5349cc83767aa1ce5f0a6d82a2ed73 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 13:37:07 +0100
Subject: [PATCH 2727/3949] add healthcheck for nextcloud

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 php/containers.json             | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8ab0f9da..e4df8f2c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -279,5 +279,5 @@ USER root
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK --start-period=60s CMD sudo -E -u www-data bash /healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/php/containers.json b/php/containers.json
index 265010ed..f6c85b0c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -148,6 +148,14 @@
       "display_name": "Nextcloud",
       "image": "nextcloud/aio-nextcloud",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "9000",
         "9001"

From 827a27532d9827d2c14536cead56c300ea1beec6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:47:22 +0100
Subject: [PATCH 2728/3949] add healthcheck for notify-push

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index f6c85b0c..d66bdfb5 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -271,6 +271,14 @@
       "image": "nextcloud/aio-notify-push",
       "user": "33",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "7867"
       ],

From 2cbe7d7d6a8b7afefcd899a12835fc92b686a21e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:43:29 +0100
Subject: [PATCH 2729/3949] add healtcheck for oo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile     | 4 +++-
 Containers/onlyoffice/healthcheck.sh | 3 +++
 php/containers.json                  | 8 ++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 Containers/onlyoffice/healthcheck.sh

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 412ce054..bfecd246 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -4,5 +4,7 @@ FROM onlyoffice/documentserver:8.2.2.1
 
 # USER root is probably used
 
-HEALTHCHECK CMD nc -z 127.0.0.1 80 || exit 1
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+HEALTHCHECK --start-period=360s CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/onlyoffice/healthcheck.sh b/Containers/onlyoffice/healthcheck.sh
new file mode 100644
index 00000000..7a9d79d0
--- /dev/null
+++ b/Containers/onlyoffice/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+nc -z 127.0.0.1 80 || exit 1
diff --git a/php/containers.json b/php/containers.json
index d66bdfb5..1cea938f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -670,6 +670,14 @@
       "display_name": "OnlyOffice",
       "image": "nextcloud/aio-onlyoffice",
       "init": true,
+      "healthcheck": {
+        "start_period": "360s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "80"
       ],

From b36cc2e2b08a5c242fcced4fc828273f87d15134 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:48:49 +0100
Subject: [PATCH 2730/3949] add healthcheck for postgres

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 1cea938f..b416a3dd 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -89,6 +89,14 @@
       "image": "nextcloud/aio-postgresql",
       "user": "999",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "5432"
       ],

From aa0620f2eaa77a3d587be6e45a8c25d363e87894 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:46:21 +0100
Subject: [PATCH 2731/3949] add healthcheck for redis

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/redis/Dockerfile     | 4 +++-
 Containers/redis/healthcheck.sh | 3 +++
 php/containers.json             | 8 ++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 Containers/redis/healthcheck.sh

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 98fb8529..64b1c2fa 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -14,8 +14,10 @@ RUN set -ex; \
 # Get rid of unused binaries
     rm -f /usr/local/bin/gosu;
 
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
 USER 999
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/redis/healthcheck.sh b/Containers/redis/healthcheck.sh
new file mode 100644
index 00000000..6588229f
--- /dev/null
+++ b/Containers/redis/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+redis-cli -a "$REDIS_HOST_PASSWORD" PING || exit 1
diff --git a/php/containers.json b/php/containers.json
index b416a3dd..e8b1e5cc 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -329,6 +329,14 @@
       "image": "nextcloud/aio-redis",
       "user": "999",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "6379"
       ],

From 731b1d208c9bbcc7b5b0dc7229a96d21a53c3823 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:49:47 +0100
Subject: [PATCH 2732/3949] add healthcheck for talk

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index e8b1e5cc..54b43dc4 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -420,6 +420,14 @@
       "image": "nextcloud/aio-talk",
       "user": "1000",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "ports": [
         {
           "ip_binding": "",

From 9360256f7dc5aa0b5798bdcd4ad3a6ec74708d11 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:53:26 +0100
Subject: [PATCH 2733/3949] add healthcheck for talk-recording

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile     | 3 ++-
 Containers/talk-recording/healthcheck.sh | 3 +++
 php/containers.json                      | 8 ++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 Containers/talk-recording/healthcheck.sh

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 1d7df914..a935db93 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -2,6 +2,7 @@
 FROM python:3.13.0-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 ENV RECORDING_VERSION=v0.1
 ENV ALLOW_ALL=false
@@ -54,5 +55,5 @@ USER 122
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
-HEALTHCHECK CMD nc -z 127.0.0.1 1234 || exit 1
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/talk-recording/healthcheck.sh b/Containers/talk-recording/healthcheck.sh
new file mode 100644
index 00000000..8397ab3c
--- /dev/null
+++ b/Containers/talk-recording/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+nc -z 127.0.0.1 1234 || exit 1
diff --git a/php/containers.json b/php/containers.json
index 54b43dc4..a3525940 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -485,6 +485,14 @@
       "image": "nextcloud/aio-talk-recording",
       "user": "122",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "1234"
       ],

From c908defda637e66fd40802e275cf3017e0166ab8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 11:56:35 +0100
Subject: [PATCH 2734/3949] add healthcheck for whiteboard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile     | 4 ++++
 Containers/whiteboard/healthcheck.sh | 4 ++++
 php/containers.json                  | 8 ++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 Containers/whiteboard/healthcheck.sh

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index c4446756..3d178c18 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,4 +1,5 @@
 # syntax=docker/dockerfile:latest
+# Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
 
 USER root
@@ -8,6 +9,9 @@ RUN set -ex; \
 USER 65534
 
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+HEALTHCHECK CMD /healthcheck.sh
 
 ENTRYPOINT ["/start.sh"]
 
diff --git a/Containers/whiteboard/healthcheck.sh b/Containers/whiteboard/healthcheck.sh
new file mode 100644
index 00000000..4f53988a
--- /dev/null
+++ b/Containers/whiteboard/healthcheck.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+nc -z "$REDIS_HOST" 6379 || exit 0
+nc -z 127.0.0.1 3002 || exit 1
diff --git a/php/containers.json b/php/containers.json
index a3525940..cf302369 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -874,6 +874,14 @@
       "image": "nextcloud/aio-whiteboard",
       "user": "65534",
       "init": true,
+      "healthcheck": {
+        "start_period": "0s",
+        "test": "/healthcheck.sh",
+        "interval": "30s",
+        "timeout": "30s",
+        "start_interval": "5s",
+        "retries": 3
+      },
       "expose": [
         "3002"
       ],

From 478c25e16a1a5dbcbdeebf6e83e42b72ae8f6bfc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 15:15:48 +0100
Subject: [PATCH 2735/3949] increase helm to 10.0.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 81990a81..96ea008d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.0.0-beta
+version: 10.0.0
 apiVersion: v2
 keywords:
   - latest

From e072d07fc2599bb9c889a8c70e5d951850549428 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Dec 2024 14:00:46 +0100
Subject: [PATCH 2736/3949] adjust update-helm script to enable readiness check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index a8719b1b..7e1364b2 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -25,6 +25,8 @@ set -ex
 cd manual-install
 cp latest.yml latest.yml.backup
 
+# Additional config
+# shellcheck disable=SC1083
 sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
@@ -117,6 +119,12 @@ EOL
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
+    if grep -q livenessProbe "$variable"; then
+        sed -n "/.*livenessProbe/,/timeoutSeconds.*/p" "$variable" > /tmp/liveness.probe
+        cat /tmp/liveness.probe
+        sed -i "s|livenessProbe|readinessProbe|" /tmp/liveness.probe
+        sed -i "/^          image:/r /tmp/liveness.probe" "$variable"
+    fi
     if grep -q volumeMounts "$variable"; then
         if echo "$variable" | grep -q database; then
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
@@ -197,6 +205,8 @@ find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|ne
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/medium: Memory/d" \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/kompose.cmd/d" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{} \; 

From 7328430c8639f3c86ac7b3344ef0302ff911f970 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Dec 2024 04:47:40 +0000
Subject: [PATCH 2737/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.3-alpine3.20 to 1.23.4-alpine3.20.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index efe0ed70..5b5533ad 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.3-alpine3.20 AS go
+FROM golang:1.23.4-alpine3.20 AS go
 
 ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 

From e0c37924a6b69bdc950df0bbe192d4c76e3219c9 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 4 Dec 2024 12:03:14 +0000
Subject: [PATCH 2738/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 5b5533ad..13e95168 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.4-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \

From db81aa9333abfca5bc0952a102e837e8735421c3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Dec 2024 04:39:32 +0000
Subject: [PATCH 2739/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.0-alpine3.20 to 3.13.1-alpine3.20.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index a935db93..470992ba 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.0-alpine3.20
+FROM python:3.13.1-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 025e7f115ff48c5ebf12f25ab9d08cb69592d3dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 5 Dec 2024 14:46:39 +0100
Subject: [PATCH 2740/3949] nextcloud: increase to 30.0.3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e4df8f2c..9ee5e2d6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.2
+ENV NEXTCLOUD_VERSION=30.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 86459e0c96353171d01273ab05bf6c914db19915 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 5 Dec 2024 15:27:49 +0100
Subject: [PATCH 2741/3949] increase to 10.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 7ebda82e..f00ab0da 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.0.0</h1>
+            <h1>Nextcloud AIO v10.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 247f085d4c5da4699bd4a123b3b0b07a98cf4ac6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 5 Dec 2024 15:33:05 +0100
Subject: [PATCH 2742/3949] fix collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 3c709c35..a8f0907e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -10,7 +10,8 @@ RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-        tzdata \
+#        # Disable because seems to be failing currently
+#        # tzdata \
         netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*;

From c130cc0c0f47825dd16d81f92c334298647c8140 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 5 Dec 2024 16:30:47 +0100
Subject: [PATCH 2743/3949] adjust postgres healthcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/healthcheck.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/postgresql/healthcheck.sh b/Containers/postgresql/healthcheck.sh
index f72aeecf..9f303a3a 100644
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,4 +2,6 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()" && exit 0
+
 psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1

From 619a06149327acc3acd691738c3d700a23903745 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Dec 2024 04:43:20 +0000
Subject: [PATCH 2744/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.10.1.1 to 24.04.10.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index a8f0907e..277a09dc 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.10.1.1
+FROM collabora/code:24.04.10.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From b11f22b0e5cd1b6dc3c140a8182f2b5cce10f280 Mon Sep 17 00:00:00 2001
From: foegra <foegra@yahoo.com>
Date: Fri, 6 Dec 2024 08:52:27 +0100
Subject: [PATCH 2745/3949] Update readme.md - Regular sync rsync script had
 mistake

docker command with -it cannot re run as cronjob - getting error that "Device is no TTY"

Signed-off-by: foegra <foegra@yahoo.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 3eaeb815..a0850783 100644
--- a/readme.md
+++ b/readme.md
@@ -608,7 +608,7 @@ rm "$TARGET_DIRECTORY/aio-lockfile"
 umount "$DRIVE_MOUNTPOINT"
 
 if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then
-    docker exec -it nextcloud-aio-nextcloud bash /notify.sh "Rsync backup successful!" "Synced the backup repository successfully."
+    docker exec -i nextcloud-aio-nextcloud bash /notify.sh "Rsync backup successful!" "Synced the backup repository successfully."
 else
     echo "Synced the backup repository successfully."
 fi

From f7cc06154c80cb6c53e9518c64cbe6cd441e40df Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 6 Dec 2024 11:37:05 +0100
Subject: [PATCH 2746/3949] nextcloud entrypoint: fix missing apostroph in
 require command

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 50385e75..e197ff5a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -148,7 +148,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             rm -r /usr/src/tmp
             rm -r /usr/src/temp-nextcloud
             # shellcheck disable=SC2016
-            image_version="$(php -r "require $SOURCE_LOCATION/version.php; echo implode('.', \$OC_Version);")"
+            image_version="$(php -r "require '$SOURCE_LOCATION/version.php'; echo implode('.', \$OC_Version);")"
             IMAGE_MAJOR="${image_version%%.*}"
             set +ex
 # Do not skip major versions end # Do not remove or change this line!

From 6e73180dc9e40fd0759319df29be879a061b19d9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 6 Dec 2024 11:43:41 +0100
Subject: [PATCH 2747/3949] also does not need to be interactive

Signed-off-by: Simon L. <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a0850783..9fbd16e5 100644
--- a/readme.md
+++ b/readme.md
@@ -608,7 +608,7 @@ rm "$TARGET_DIRECTORY/aio-lockfile"
 umount "$DRIVE_MOUNTPOINT"
 
 if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then
-    docker exec -i nextcloud-aio-nextcloud bash /notify.sh "Rsync backup successful!" "Synced the backup repository successfully."
+    docker exec nextcloud-aio-nextcloud bash /notify.sh "Rsync backup successful!" "Synced the backup repository successfully."
 else
     echo "Synced the backup repository successfully."
 fi

From e6ab3c3aa17b758013581cbf564cb2671f54bcd7 Mon Sep 17 00:00:00 2001
From: Caio Barros <cgbarros@users.noreply.github.com>
Date: Fri, 6 Dec 2024 14:01:46 -0300
Subject: [PATCH 2748/3949] Remove duplicated word at compose.yaml

Removed duplicated word "see" on line 28 (environment variable for certificates)

Signed-off-by: Caio Barros <cgbarros@users.noreply.github.com>
---
 compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 5b769869..4e2c699b 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -25,7 +25,7 @@ services:
       # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
-      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
       # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container

From 250cb315a8877d59fd3047fd591b951edee3188c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 7 Dec 2024 12:03:02 +0000
Subject: [PATCH 2749/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 6dd04ee9..e1f0dad8 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2580,16 +2580,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.0",
+            "version": "5.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "f3558a4c23426d12bffeaab463f8a8d8b681193c"
+                "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/f3558a4c23426d12bffeaab463f8a8d8b681193c",
-                "reference": "f3558a4c23426d12bffeaab463f8a8d8b681193c",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8",
+                "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8",
                 "shasum": ""
             },
             "require": {
@@ -2638,9 +2638,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.0"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.1"
             },
-            "time": "2024-11-12T11:25:25+00:00"
+            "time": "2024-12-07T09:39:29+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",

From 6912ee4f230097654df4fda8d8e8601a0bcd734f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 8 Dec 2024 12:02:57 +0000
Subject: [PATCH 2750/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index e1f0dad8..3a211ef3 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2211,29 +2211,27 @@
         },
         {
             "name": "doctrine/deprecations",
-            "version": "1.1.3",
+            "version": "1.1.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/doctrine/deprecations.git",
-                "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab"
+                "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab",
-                "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab",
+                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/31610dbb31faa98e6b5447b62340826f54fbc4e9",
+                "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.1 || ^8.0"
             },
             "require-dev": {
-                "doctrine/coding-standard": "^9",
-                "phpstan/phpstan": "1.4.10 || 1.10.15",
-                "phpstan/phpstan-phpunit": "^1.0",
+                "doctrine/coding-standard": "^9 || ^12",
+                "phpstan/phpstan": "1.4.10 || 2.0.3",
+                "phpstan/phpstan-phpunit": "^1.0 || ^2",
                 "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
-                "psalm/plugin-phpunit": "0.18.4",
-                "psr/log": "^1 || ^2 || ^3",
-                "vimeo/psalm": "4.30.0 || 5.12.0"
+                "psr/log": "^1 || ^2 || ^3"
             },
             "suggest": {
                 "psr/log": "Allows logging deprecations via PSR-3 logger implementation"
@@ -2241,7 +2239,7 @@
             "type": "library",
             "autoload": {
                 "psr-4": {
-                    "Doctrine\\Deprecations\\": "lib/Doctrine/Deprecations"
+                    "Doctrine\\Deprecations\\": "src"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -2252,9 +2250,9 @@
             "homepage": "https://www.doctrine-project.org/",
             "support": {
                 "issues": "https://github.com/doctrine/deprecations/issues",
-                "source": "https://github.com/doctrine/deprecations/tree/1.1.3"
+                "source": "https://github.com/doctrine/deprecations/tree/1.1.4"
             },
-            "time": "2024-01-30T19:34:25+00:00"
+            "time": "2024-12-07T21:18:45+00:00"
         },
         {
             "name": "felixfbecker/advanced-json-rpc",

From a2ff47f7fabfe85b7d0998c06a18fcb76e3ef2f5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 05:05:48 +0000
Subject: [PATCH 2751/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-15 to 1.4.1-16.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 49c87418..f0c8cacf 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-15
+FROM clamav/clamav:1.4.1-16
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 4e4631ba802c1ac74f97bc811e8ef698466329a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 9 Dec 2024 12:10:32 +0100
Subject: [PATCH 2752/3949] add comment for appstore connection check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e197ff5a..65a8ace3 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -155,6 +155,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         fi
 
         if [ "$installed_version" != "0.0.0.0" ]; then
+# Check connection to appstore start # Do not remove or change this line!
             while true; do
                 echo -e "Checking connection to appstore"
                 CURL_STATUS="$(curl -LI "https://apps.nextcloud.com/" -o /dev/null -w '%{http_code}\n' -s)"
@@ -167,6 +168,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                     sleep 5
                 fi
             done
+# Check connection to appstore end # Do not remove or change this line!
 
             run_upgrade_if_needed_due_to_app_update
 

From ffc9dc76538c0d2963a469df778899cfe534e072 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 9 Dec 2024 12:12:47 +0000
Subject: [PATCH 2753/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9ee5e2d6..e4df8f2c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.3
+ENV NEXTCLOUD_VERSION=30.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From a993ca0fc589b21a7679cd53772f125c6894dbbe Mon Sep 17 00:00:00 2001
From: JMarcosHP <jehuherrerap@hotmail.com>
Date: Mon, 9 Dec 2024 19:26:12 -0600
Subject: [PATCH 2754/3949] Added domain reachability check and retry mechanism
 to run-exec-commands.sh

Signed-off-by: JMarcosHP <jehuherrerap@hotmail.com>
---
 Containers/nextcloud/run-exec-commands.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index ab3abab7..a9bce829 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,7 +1,24 @@
 #!/bin/bash
 
-# Wait 15s for domain to be reachable
+# ENV Variables
+MAX_RETRY=3
+COUNT=3
+
+# Wait until the domain is reachable
 sleep 15
+while [ $COUNT -le $MAX_RETRY ]; do
+    if nc -z $NC_DOMAIN 443; then
+        echo "Domain reached."
+        break
+    else
+        echo "Attempt $COUNT: Domain not reachable. Retrying in 15 seconds..."
+        sleep 15
+        ((COUNT++))
+    fi
+done
+if [ $COUNT -gt $MAX_RETRY ]; then
+    echo "The domain could not be reached after $MAX_RETRY attempts. Proceeding anyway..."
+fi
 
 if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
     echo "#!/bin/bash" > /tmp/nextcloud-exec-commands

From 997886054d0a48813f19e22cbcfcad12138a1bdc Mon Sep 17 00:00:00 2001
From: Jehu Marcos Herrera Puentes
 <58377032+JMarcosHP@users.noreply.github.com>
Date: Mon, 9 Dec 2024 19:29:16 -0600
Subject: [PATCH 2755/3949] Set $COUNT variable to 1

Signed-off-by: Jehu Marcos Herrera Puentes <58377032+JMarcosHP@users.noreply.github.com>
---
 Containers/nextcloud/run-exec-commands.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index a9bce829..de674b9b 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -2,7 +2,7 @@
 
 # ENV Variables
 MAX_RETRY=3
-COUNT=3
+COUNT=1
 
 # Wait until the domain is reachable
 sleep 15

From 316d533510f8353ff5452826b869cf63dee648b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 04:54:21 +0000
Subject: [PATCH 2756/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.3.1-cli to 27.4.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7584e31e..a7d58ccd 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.3.1-cli AS docker
+FROM docker:27.4.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 3a3dddead0e156f0cb2e21f41d4f3b90d9033862 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Dec 2024 04:40:30 +0000
Subject: [PATCH 2757/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.22-scratch to 2.10.23-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a5c74a7b..3c3c9742 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.22-scratch AS nats
+FROM nats:2.10.23-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
 FROM alpine:3.20.3 AS janus

From 43be9690f9ff1af238f8104f2077b8be94352898 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Dec 2024 16:18:20 +0100
Subject: [PATCH 2758/3949] talk: update Janus to 1.x

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/talk.yml | 2 +-
 Containers/talk/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index ee366a64..674d6db8 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -36,7 +36,7 @@ jobs:
         
         # Janus
         janus_version="$(
-          git ls-remote https://github.com/meetecho/janus-gateway v0.*.* \
+          git ls-remote https://github.com/meetecho/janus-gateway v1.*.* \
             | cut -d/ -f3 \
             | sort -V \
             | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a5c74a7b..430854a1 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
 FROM alpine:3.20.3 AS janus
 
-ARG JANUS_VERSION=v0.15.0
+ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From 16e38ff3cf1747d1a9eb91801c00e53a8b812749 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Dec 2024 13:11:48 +0100
Subject: [PATCH 2759/3949] nextcloud: update to 30.0.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e4df8f2c..1c3320ed 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.2
+ENV NEXTCLOUD_VERSION=30.0.4
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 36888bc56867545cc9524995b28bc90181d4faf9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Dec 2024 13:13:59 +0100
Subject: [PATCH 2760/3949] increase to 10.1.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f00ab0da..08269747 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.1.0</h1>
+            <h1>Nextcloud AIO v10.1.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d94554477030e16a25462ddcaa73e6df303bc741 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Dec 2024 04:22:40 +0000
Subject: [PATCH 2761/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.0-alpine to 3.1.1-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 7fd83337..61b115ec 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.0-alpine
+FROM haproxy:3.1.1-alpine
 
 # hadolint ignore=DL3002
 USER root

From 3b73da3407b94fd3d4eceb84f8342a5ceb672c05 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 13 Dec 2024 12:03:03 +0000
Subject: [PATCH 2762/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 3a211ef3..8a23b483 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1422,8 +1422,8 @@
             "type": "library",
             "extra": {
                 "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
                 }
             },
             "autoload": {
@@ -1501,8 +1501,8 @@
             "type": "library",
             "extra": {
                 "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
                 }
             },
             "autoload": {
@@ -1575,8 +1575,8 @@
             "type": "library",
             "extra": {
                 "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
                 }
             },
             "autoload": {
@@ -1633,16 +1633,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.16.0",
+            "version": "v3.17.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "475ad2dc97d65d8631393e721e7e44fb544f0561"
+                "reference": "677ef8da6497a03048192aeeb5aa3018e379ac71"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/475ad2dc97d65d8631393e721e7e44fb544f0561",
-                "reference": "475ad2dc97d65d8631393e721e7e44fb544f0561",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/677ef8da6497a03048192aeeb5aa3018e379ac71",
+                "reference": "677ef8da6497a03048192aeeb5aa3018e379ac71",
                 "shasum": ""
             },
             "require": {
@@ -1697,7 +1697,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.16.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.17.1"
             },
             "funding": [
                 {
@@ -1709,7 +1709,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-29T08:27:05+00:00"
+            "time": "2024-12-12T09:58:10+00:00"
         }
     ],
     "packages-dev": [
@@ -3185,8 +3185,8 @@
             "type": "library",
             "extra": {
                 "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
                 }
             },
             "autoload": {
@@ -3263,8 +3263,8 @@
             "type": "library",
             "extra": {
                 "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
                 }
             },
             "autoload": {

From b7c4cf1692358a1d3e10eeaeb2db729676eb7cd8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 13 Dec 2024 12:03:20 +0000
Subject: [PATCH 2763/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 94 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 93 insertions(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 15680146..56f96b6d 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -22,6 +22,13 @@ services:
     image: nextcloud/aio-apache:latest
     user: "33"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     ports:
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
       - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
@@ -56,6 +63,13 @@ services:
     image: nextcloud/aio-postgresql:latest
     user: "999"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "5432"
     volumes:
@@ -98,6 +112,13 @@ services:
         required: false
     image: nextcloud/aio-nextcloud:latest
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "9000"
       - "9001"
@@ -107,6 +128,7 @@ services:
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
       - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PORT=5432
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -165,6 +187,13 @@ services:
     image: nextcloud/aio-notify-push:latest
     user: "33"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "7867"
     volumes:
@@ -188,6 +217,13 @@ services:
     image: nextcloud/aio-redis:latest
     user: "999"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "6379"
     environment:
@@ -203,11 +239,18 @@ services:
   nextcloud-aio-collabora:
     image: nextcloud/aio-collabora:latest
     init: true
+    healthcheck:
+      start_period: 360s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
@@ -225,6 +268,13 @@ services:
     image: nextcloud/aio-talk:latest
     user: "1000"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -256,6 +306,13 @@ services:
     image: nextcloud/aio-talk-recording:latest
     user: "122"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "1234"
     environment:
@@ -279,6 +336,13 @@ services:
     image: nextcloud/aio-clamav:latest
     user: "100"
     init: false
+    healthcheck:
+      start_period: 360s
+      test: clamdcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "3310"
     environment:
@@ -301,6 +365,13 @@ services:
   nextcloud-aio-onlyoffice:
     image: nextcloud/aio-onlyoffice:latest
     init: true
+    healthcheck:
+      start_period: 360s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "80"
     environment:
@@ -320,6 +391,13 @@ services:
     image: nextcloud/aio-imaginary:latest
     user: "65534"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "9000"
     environment:
@@ -339,6 +417,13 @@ services:
   nextcloud-aio-fulltextsearch:
     image: nextcloud/aio-fulltextsearch:latest
     init: false
+    healthcheck:
+      start_period: 60s
+      test: /healthcheck.sh
+      interval: 10s
+      timeout: 5s
+      start_interval: 5s
+      retries: 5
     expose:
       - "9200"
     environment:
@@ -364,6 +449,13 @@ services:
     image: nextcloud/aio-whiteboard:latest
     user: "65534"
     init: true
+    healthcheck:
+      start_period: 0s
+      test: /healthcheck.sh
+      interval: 30s
+      timeout: 30s
+      start_interval: 5s
+      retries: 3
     expose:
       - "3002"
     environment:

From 542487e9095342296443beee9b832b2b5467edb0 Mon Sep 17 00:00:00 2001
From: alexenica <alexenica@live.com>
Date: Fri, 13 Dec 2024 15:06:28 +0200
Subject: [PATCH 2764/3949] Add dot to network regex check

Signed-off-by: Alexandru Nica <alexandru.nica@uipath.com>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 687651e2..d467c880 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -194,7 +194,7 @@ It is set to '$APACHE_IP_BINDING'."
     fi
 fi
 if [ -n "$APACHE_ADDITIONAL_NETWORK" ]; then
-    if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9_-]\+$"; then
+    if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9._-]\+$"; then
         print_red "You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value.
 It needs to be a string with letters, numbers, hyphens and underscores.
 It is set to '$APACHE_ADDITIONAL_NETWORK'."

From 7eddf00f8c1383ff73b77a1d1909c501d60ac53d Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Dec 2024 22:20:08 +0100
Subject: [PATCH 2765/3949] Improve nginx reverse proxy template

based on (not identical): https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&config=intermediate&openssl=3.4.0&hsts=false&ocsp=false&guideline=5.7

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a7eea8c2..224ca844 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -317,7 +317,7 @@ backend Nextcloud
 
 </details>
 
-### Nginx, Freenginx, Openresty
+### Nginx, Freenginx, Openresty, Angie
 
 <details>
 
@@ -344,24 +344,27 @@ server {
     if ($scheme = "http") {
         return 301 https://$host$request_uri;
     }
+    if ($http_x_forwarded_proto = "http") {
+        return 301 https://$host$request_uri;
+    }
 
     listen 443 ssl http2;      # for nginx versions below v1.25.1
     listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
 
     # listen 443 ssl;      # for nginx v1.25.1+
     # listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6
-	
-    # http2 on;                                 # uncomment to enable HTTP/2        - supported on nginx v1.25.1+
+    # http2 on;            # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
+
+    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
+    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
-    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
 
     server_name <your-nc-domain>;
 
     location / {
-        proxy_pass http://127.0.0.1:11000$request_uri;
+        proxy_pass http://127.0.0.1:11000$request_uri; # adjust to match APACHE_PORT and APACHE_IP_BINDING
 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
@@ -369,6 +372,7 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
+        proxy_set_header Early-Data $ssl_early_data;
     
         proxy_request_buffering off;
         proxy_read_timeout 86400s;
@@ -386,23 +390,18 @@ server {
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 
+    ssl_dhparam /etc/dhparam; # curl -L https://ssl-config.mozilla.org/ffdhe2048.txt -o /etc/dhparam
+
+    ssl_early_data on;
     ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
-    ssl_session_tickets off;
+    ssl_session_cache shared:SSL:10m;
 
     ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1;
+
     ssl_prefer_server_ciphers on;
-
-    # Optional settings:
-
-    # OCSP stapling
-    # ssl_stapling on;
-    # ssl_stapling_verify on;
-    # ssl_trusted_certificate /etc/letsencrypt/live/<your-nc-domain>/chain.pem;
-
-    # replace with the IP address of your resolver
-    # resolver 127.0.0.1; # needed for oscp stapling: e.g. use 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file
+    ssl_conf_command Options PrioritizeChaCha;
+    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256;
 }
 
 ```

From e4b0998f3c7997a2e3cea6731b5dea3c8ba2deed Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Dec 2024 22:27:55 +0100
Subject: [PATCH 2766/3949] small additional improvement

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 224ca844..da89af9e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -358,6 +358,7 @@ server {
     # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
     # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_gso on;                              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
 
@@ -373,7 +374,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header Early-Data $ssl_early_data;
-    
+
+        proxy_buffering off;
         proxy_request_buffering off;
         proxy_read_timeout 86400s;
         client_max_body_size 0;

From ccb8443241b59319d592d5d559d2afb771a83a29 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Dec 2024 22:47:11 +0100
Subject: [PATCH 2767/3949] Add NPMplus to reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index a7eea8c2..633c7a55 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -411,6 +411,32 @@ server {
 
 </details>
 
+### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
+
+<details>
+
+<summary>click here to expand</summary>
+
+⚠️ **Please note:** This is not needed when running NPMplus as a community container.
+
+First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports.
+
+Second, see these screenshots for a working config:
+
+![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
+
+![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f)
+
+![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
+
+![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
+
+⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus.
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+
+</details>
+
 ### Nginx-Proxy-Manager - NPM
 
 <details>
@@ -420,7 +446,7 @@ server {
 **Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
 
 First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
-If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that non root users can bind privileged ports.
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 

From d5cd4fe519d6df72c076e44544b31e81f9876acb Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 14 Dec 2024 22:49:10 +0100
Subject: [PATCH 2768/3949] Update reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 633c7a55..b2e7603f 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -419,8 +419,9 @@ server {
 
 ⚠️ **Please note:** This is not needed when running NPMplus as a community container.
 
-First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
-If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports.
+First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. <br>
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. <br>
+Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 
@@ -432,7 +433,7 @@ Second, see these screenshots for a working config:
 
 ![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
 
-⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus.
+⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
@@ -445,8 +446,9 @@ Second, see these screenshots for a working config:
 
 **Hint:** You may have a look at [this guide](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-3040493) for a more complete but possibly oudated example.
 
-First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`.
-If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. Note: this will cause that a non root user can bind privileged ports.
+First, make sure the environmental variables `PUID` and `PGID` in the `compose.yaml` file for NPM are either unset or set to `0`. <br>
+If you need to change the GID/PID then please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`. <br>
+Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 

From b46bf75e9f1dd445f532199a456a58755642b7c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 05:04:45 +0000
Subject: [PATCH 2769/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-16 to 1.4.1-17.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f0c8cacf..e1b794d7 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-16
+FROM clamav/clamav:1.4.1-17
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From f96644419fe480a38b08411b876c8c192c89f30c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:36:18 +0000
Subject: [PATCH 2770/3949] build(deps): bump alpine from 3.20.3 to 3.21.0 in
 /Containers/borgbackup

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 706a9c7d..2f0e6d53 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 
 RUN set -ex; \
     \

From 32671b0d7ec65a9db905336e9fc19ebb57cdc453 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:37:13 +0000
Subject: [PATCH 2771/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 130a0001..c6ea2a4c 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From f84114579211f26e023535a9f9de567f2f0f4e40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:37:25 +0000
Subject: [PATCH 2772/3949] build(deps): bump alpine from 3.20.3 to 3.21.0 in
 /Containers/imaginary

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 13e95168..827050bf 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 8e3de8515e2e69a84423f5485df4f6dd165a96e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:37:45 +0000
Subject: [PATCH 2773/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index b0fc0fd2..050770f3 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From c1dae23ffdacc1da21db0d66bcdb8b9098f41bf4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:38:18 +0000
Subject: [PATCH 2774/3949] build(deps): bump alpine from 3.20.3 to 3.21.0 in
 /Containers/watchtower

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 076cb0d5..a53993aa 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From fe2ee2e5f4c165920e771b4cb9c05e622ff0ff26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:38:23 +0000
Subject: [PATCH 2775/3949] build(deps): bump alpine from 3.20.3 to 3.21.0 in
 /Containers/talk

Bumps alpine from 3.20.3 to 3.21.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index c4234841..d0864122 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.23-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
-FROM alpine:3.20.3 AS janus
+FROM alpine:3.21.0 AS janus
 
 ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.20.3
+FROM alpine:3.21.0
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From b44cd7b226acb5d4d54d771ec52d2ed12ff75b85 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:40:10 +0000
Subject: [PATCH 2776/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-apache-deployment.yaml      | 22 ++++++++++++----
 .../nextcloud-aio-apache-service.yaml         |  3 +--
 .../nextcloud-aio-clamav-deployment.yaml      | 24 +++++++++++++----
 .../nextcloud-aio-clamav-service.yaml         |  3 +--
 .../nextcloud-aio-collabora-deployment.yaml   | 26 ++++++++++++++-----
 .../nextcloud-aio-collabora-service.yaml      |  3 +--
 .../nextcloud-aio-database-deployment.yaml    | 22 ++++++++++++----
 .../nextcloud-aio-database-service.yaml       |  3 +--
 ...xtcloud-aio-fulltextsearch-deployment.yaml | 24 +++++++++++++----
 .../nextcloud-aio-fulltextsearch-service.yaml |  3 +--
 .../nextcloud-aio-imaginary-deployment.yaml   | 22 ++++++++++++----
 .../nextcloud-aio-imaginary-service.yaml      |  3 +--
 .../nextcloud-aio-nextcloud-deployment.yaml   | 24 +++++++++++++----
 .../nextcloud-aio-nextcloud-service.yaml      |  3 +--
 .../nextcloud-aio-notify-push-deployment.yaml | 22 ++++++++++++----
 .../nextcloud-aio-notify-push-service.yaml    |  3 +--
 .../nextcloud-aio-onlyoffice-deployment.yaml  | 24 +++++++++++++----
 .../nextcloud-aio-onlyoffice-service.yaml     |  3 +--
 .../nextcloud-aio-redis-deployment.yaml       | 22 ++++++++++++----
 .../nextcloud-aio-redis-service.yaml          |  3 +--
 .../nextcloud-aio-talk-deployment.yaml        | 22 ++++++++++++----
 ...xtcloud-aio-talk-recording-deployment.yaml | 22 ++++++++++++----
 .../nextcloud-aio-talk-recording-service.yaml |  3 +--
 .../templates/nextcloud-aio-talk-service.yaml |  6 ++---
 .../nextcloud-aio-whiteboard-deployment.yaml  | 22 ++++++++++++----
 .../nextcloud-aio-whiteboard-service.yaml     |  3 +--
 27 files changed, 247 insertions(+), 95 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 96ea008d..8476db24 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.0.0
+version: 10.1.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 3b7de1e6..2afc39eb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,8 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -18,8 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -63,7 +61,21 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20241125_091756
+          image: nextcloud/aio-apache:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 4b1a7667..596014ef 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,8 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 23975bb0..31840d04 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -19,8 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -64,7 +62,23 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20241125_091756
+          image: nextcloud/aio-clamav:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - clamdcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - clamdcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index a0096210..68dead85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5973de53..dd0d05fb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -17,8 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -33,10 +31,26 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20241125_091756
+          image: nextcloud/aio-collabora:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 57a8181f..f2e6b3cb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 93b5fb88..581efb19 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,8 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -18,8 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -67,7 +65,21 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20241125_091756
+          image: nextcloud/aio-postgresql:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index f83fb954..8a022a4d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,8 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index fdb85477..39a69f64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -19,8 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
@@ -56,7 +54,23 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20241125_091756
+          image: nextcloud/aio-fulltextsearch:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 5
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 5
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 6c8e415d..57a9f9a7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 062a95df..9e5c2fd4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -17,8 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -40,7 +38,21 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20241125_091756
+          image: nextcloud/aio-imaginary:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index d71a39ce..fd6dafb5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 2b6e3e9d..ab618b42 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,8 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -18,8 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -122,6 +120,8 @@ spec:
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_DATA_DIR
               value: /mnt/ncdata
+            - name: NEXTCLOUD_HOST
+              value: nextcloud-aio-nextcloud
             - name: ONLYOFFICE_ENABLED
               value: "{{ .Values.ONLYOFFICE_ENABLED }}"
             - name: ONLYOFFICE_HOST
@@ -178,7 +178,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20241125_091756
+          image: nextcloud/aio-nextcloud:20241216_102930
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
@@ -191,6 +191,20 @@ spec:
               {{- end }}
               add: ["NET_BIND_SERVICE"]
           {{- end }} # AIO-config - do not change this comment!
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index cc8bca41..1b77fb50 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,8 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 83008b74..effd71e0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,8 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -18,8 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -55,7 +53,21 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20241125_091756
+          image: nextcloud/aio-notify-push:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index dc658984..d15c1bc3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,8 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 4e4eeda2..8b08f2c9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -19,8 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
@@ -44,7 +42,23 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20241125_091756
+          image: nextcloud/aio-onlyoffice:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            initialDelaySeconds: 360
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 995e4f2c..11761892 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index bdd3842b..93b1fb69 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,8 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -18,8 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -41,7 +39,21 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20241125_091756
+          image: nextcloud/aio-redis:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index e1eb0ea4..c12d28fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,8 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 52abc135..06f7defa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -17,8 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -54,7 +52,21 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20241125_091756
+          image: nextcloud/aio-talk:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 04b00131..4c69e7f8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -19,8 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -46,7 +44,21 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20241125_091756
+          image: nextcloud/aio-talk-recording:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index e242050b..f2413fb2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 29527887..d2da42f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,8 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -29,8 +28,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index bd6fbf3e..ca48d71d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,8 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -17,8 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-        kompose.version: 1.34.0 (cbf2835db)
+        kompose.version: 1.35.0 (9532ceef3)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -48,7 +46,21 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20241125_091756
+          image: nextcloud/aio-whiteboard:20241216_102930
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-whiteboard
           ports:
             - containerPort: 3002
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index b0fbe7bd..8c0df7f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,8 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.cmd: kompose convert -c -f latest.yml --namespace "{{ .Values.NAMESPACE }}"
-    kompose.version: 1.34.0 (cbf2835db)
+    kompose.version: 1.35.0 (9532ceef3)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From 7f98d16b19ab6de11f323272205b838ac490462c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Dec 2024 11:45:30 +0100
Subject: [PATCH 2777/3949] change version to 10.1.1-beta

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8476db24..7496d605 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.1.1
+version: 10.1.1-beta
 apiVersion: v2
 keywords:
   - latest

From 749a858e5f267a29876bfb185e7b5255e6e0bd1f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Dec 2024 11:48:10 +0100
Subject: [PATCH 2778/3949] dpendabot: adjust rebase strategy

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dc4b2021..cf226fcf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,12 +6,14 @@ updates:
     interval: "daily"
     time: "12:00"
   open-pull-requests-limit: 10
+  rebase-strategy: "disabled"
 - package-ecosystem: composer
   directory: "/php/"
   schedule:
     interval: "daily"
     time: "12:00"
   open-pull-requests-limit: 10
+  rebase-strategy: "auto"
   labels:
   - 3. to review
   - dependencies
@@ -39,6 +41,7 @@ updates:
     interval: "daily"
     time: "04:00"
   open-pull-requests-limit: 10
+  rebase-strategy: "disabled"
   labels:
   - 3. to review
   - dependencies

From a0eaea5e9584812e6018297cc8e19daaf494c8f2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Dec 2024 12:04:52 +0100
Subject: [PATCH 2779/3949] update remaining docker images to alpine 3.21

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 4 ++--
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/nextcloud/Dockerfile       | 2 +-
 Containers/postgresql/Dockerfile      | 2 +-
 Containers/talk-recording/Dockerfile  | 2 +-
 readme.md                             | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 5f45922d..95429a7a 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.62-alpine3.20
+FROM httpd:2.4.62-alpine3.21
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 827050bf..181e7f18 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.4-alpine3.20 AS go
+FROM golang:1.23.4-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index a7d58ccd..ed21df4a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:27.4.0-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
-FROM php:8.3.14-fpm-alpine3.20
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
+FROM php:8.3.14-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1c3320ed..efca2d09 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.14-fpm-alpine3.20
+FROM php:8.3.14-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index ee2a01e2..40479f97 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/16/alpine3.20/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
 FROM postgres:16.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 470992ba..26b7baab 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.1-alpine3.20
+FROM python:3.13.1-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/readme.md b/readme.md
index 9fbd16e5..1cc6a8dc 100644
--- a/readme.md
+++ b/readme.md
@@ -731,7 +731,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From da74af908a72a1d833d21e0715f45026d14fe4ec Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 16 Dec 2024 12:04:39 +0000
Subject: [PATCH 2780/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 181e7f18..dcd3aa85 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.4-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \

From 45f804954897ead3067906d790d793ff7f49bbac Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Dec 2024 13:45:22 +0100
Subject: [PATCH 2781/3949] adjust start-period and retries for fts, collabora
 and clamav

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile                         |  2 ++
 Containers/collabora/Dockerfile                      |  2 +-
 Containers/onlyoffice/Dockerfile                     |  2 +-
 manual-install/latest.yml                            | 12 ++++++------
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  8 ++++----
 .../nextcloud-aio-collabora-deployment.yaml          |  8 ++++----
 .../nextcloud-aio-onlyoffice-deployment.yaml         |  8 ++++----
 php/containers.json                                  | 12 ++++++------
 8 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e1b794d7..d42001f1 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -23,4 +23,6 @@ USER 100
 
 LABEL com.centurylinklabs.watchtower.enable="false"
 
+HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh
+
 ENTRYPOINT ["/init-unprivileged"]
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 277a09dc..137a12c8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -20,5 +20,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER 100
 
-HEALTHCHECK --start-period=360s CMD /healthcheck.sh
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index bfecd246..6fdac5bd 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -6,5 +6,5 @@ FROM onlyoffice/documentserver:8.2.2.1
 
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --start-period=360s CMD /healthcheck.sh
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 56f96b6d..15af7f53 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -240,12 +240,12 @@ services:
     image: nextcloud/aio-collabora:latest
     init: true
     healthcheck:
-      start_period: 360s
+      start_period: 60s
       test: /healthcheck.sh
       interval: 30s
       timeout: 30s
       start_interval: 5s
-      retries: 3
+      retries: 9
     expose:
       - "9980"
     environment:
@@ -337,12 +337,12 @@ services:
     user: "100"
     init: false
     healthcheck:
-      start_period: 360s
+      start_period: 60s
       test: clamdcheck.sh
       interval: 30s
       timeout: 30s
       start_interval: 5s
-      retries: 3
+      retries: 9
     expose:
       - "3310"
     environment:
@@ -366,12 +366,12 @@ services:
     image: nextcloud/aio-onlyoffice:latest
     init: true
     healthcheck:
-      start_period: 360s
+      start_period: 60s
       test: /healthcheck.sh
       interval: 30s
       timeout: 30s
       start_interval: 5s
-      retries: 3
+      retries: 9
     expose:
       - "80"
     environment:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 31840d04..b9404df3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -67,16 +67,16 @@ spec:
             exec:
               command:
                 - clamdcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           livenessProbe:
             exec:
               command:
                 - clamdcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index dd0d05fb..9c222486 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -39,16 +39,16 @@ spec:
             exec:
               command:
                 - /healthcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           livenessProbe:
             exec:
               command:
                 - /healthcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 8b08f2c9..f3693fc1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -47,16 +47,16 @@ spec:
             exec:
               command:
                 - /healthcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           livenessProbe:
             exec:
               command:
                 - /healthcheck.sh
-            failureThreshold: 3
-            initialDelaySeconds: 360
+            failureThreshold: 9
+            initialDelaySeconds: 60
             periodSeconds: 30
             timeoutSeconds: 30
           name: nextcloud-aio-onlyoffice
diff --git a/php/containers.json b/php/containers.json
index 173f1ed2..a6553039 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -375,12 +375,12 @@
       "image": "nextcloud/aio-collabora",
       "init": true,
       "healthcheck": {
-        "start_period": "360s",
+        "start_period": "60s",
         "test": "/healthcheck.sh",
         "interval": "30s",
         "timeout": "30s",
         "start_interval": "5s",
-        "retries": 3
+        "retries": 9
       },
       "expose": [
         "9980"
@@ -657,12 +657,12 @@
       "user": "100",
       "init": false,
       "healthcheck": {
-        "start_period": "360s",
+        "start_period": "60s",
         "test": "clamdcheck.sh",
         "interval": "30s",
         "timeout": "30s",
         "start_interval": "5s",
-        "retries": 3
+        "retries": 9
       },
       "expose": [
         "3310"
@@ -704,12 +704,12 @@
       "image": "nextcloud/aio-onlyoffice",
       "init": true,
       "healthcheck": {
-        "start_period": "360s",
+        "start_period": "60s",
         "test": "/healthcheck.sh",
         "interval": "30s",
         "timeout": "30s",
         "start_interval": "5s",
-        "retries": 3
+        "retries": 9
       },
       "expose": [
         "80"

From d65c59a83798ef8dd4cdd46fa24e2fc055b94003 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Dec 2024 15:06:20 +0100
Subject: [PATCH 2782/3949] helm: update to v10.1.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7496d605..8476db24 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.1.1-beta
+version: 10.1.1
 apiVersion: v2
 keywords:
   - latest

From 5f844aeeb13b77e11660dcc2d217fbaa451207f3 Mon Sep 17 00:00:00 2001
From: Jehu Marcos Herrera Puentes
 <58377032+JMarcosHP@users.noreply.github.com>
Date: Mon, 16 Dec 2024 11:26:03 -0600
Subject: [PATCH 2783/3949] Fix shell check variable quotation.

Signed-off-by: Jehu Marcos Herrera Puentes <58377032+JMarcosHP@users.noreply.github.com>
---
 Containers/nextcloud/run-exec-commands.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index de674b9b..d98527f9 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -6,8 +6,8 @@ COUNT=1
 
 # Wait until the domain is reachable
 sleep 15
-while [ $COUNT -le $MAX_RETRY ]; do
-    if nc -z $NC_DOMAIN 443; then
+while [ "$COUNT" -le "$MAX_RETRY" ]; do
+    if nc -z "$NC_DOMAIN" 443; then
         echo "Domain reached."
         break
     else
@@ -16,7 +16,7 @@ while [ $COUNT -le $MAX_RETRY ]; do
         ((COUNT++))
     fi
 done
-if [ $COUNT -gt $MAX_RETRY ]; then
+if [ "$COUNT" -gt "$MAX_RETRY" ]; then
     echo "The domain could not be reached after $MAX_RETRY attempts. Proceeding anyway..."
 fi
 

From d74d7f9a672c6b2d1a13c7dc0b9fb866f96ccf77 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 16 Dec 2024 19:00:19 +0100
Subject: [PATCH 2784/3949] improve upload speeds in nginx template

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index da89af9e..933e88e7 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -362,6 +362,14 @@ server {
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
 
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    client_max_body_size 0;
+    client_body_buffer_size 1m;
+    http3_stream_buffer_size 1m;
+    proxy_read_timeout 86400s;
+
     server_name <your-nc-domain>;
 
     location / {
@@ -375,11 +383,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header Early-Data $ssl_early_data;
 
-        proxy_buffering off;
-        proxy_request_buffering off;
-        proxy_read_timeout 86400s;
-        client_max_body_size 0;
-
         # Websocket
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
@@ -434,7 +437,7 @@ Second, see these screenshots for a working config:
 ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png)
 
 ```
-client_body_buffer_size 512k;
+client_body_buffer_size 1m;
 proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```

From e7a36de3db2cd85922c9bbbd2fbd8384534a77d2 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Mon, 16 Dec 2024 22:13:05 +0100
Subject: [PATCH 2785/3949] also remove DHE

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 933e88e7..ebeb0997 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -360,6 +360,7 @@ server {
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_gso on;                              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_bpf on;                              # improves  HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
 
     proxy_buffering off;
@@ -406,7 +407,7 @@ server {
 
     ssl_prefer_server_ciphers on;
     ssl_conf_command Options PrioritizeChaCha;
-    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256;
+    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
 }
 
 ```

From 1ecf1092f61f189506b85f4cecf3058150d5ab2b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 17 Dec 2024 08:53:55 +0100
Subject: [PATCH 2786/3949] 512k is enough

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ebeb0997..0f1693d1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -367,8 +367,8 @@ server {
     proxy_request_buffering off;
 
     client_max_body_size 0;
-    client_body_buffer_size 1m;
-    http3_stream_buffer_size 1m;
+    client_body_buffer_size 512k;
+    http3_stream_buffer_size 512k;
     proxy_read_timeout 86400s;
 
     server_name <your-nc-domain>;
@@ -438,7 +438,7 @@ Second, see these screenshots for a working config:
 ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png)
 
 ```
-client_body_buffer_size 1m;
+client_body_buffer_size 512k;
 proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```

From 1b3e2d6ece916fb4859a49f229ab9e1cafe55fdd Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Tue, 17 Dec 2024 09:00:49 +0100
Subject: [PATCH 2787/3949] Update reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 0f1693d1..03167e6e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -360,7 +360,7 @@ server {
     # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_gso on;                              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
-    # quic_bpf on;                              # improves  HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission
+    # quic_bpf on;                              # improves  HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission to use this option
     # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
 
     proxy_buffering off;

From 9638b50796f90d29a0b263a76079a2f3044a2ae5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 17 Dec 2024 12:09:07 +0000
Subject: [PATCH 2788/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8a23b483..e851be37 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2814,16 +2814,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.3.0",
+            "version": "3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876"
+                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/f56b220fe2db1ade4c88098d83413ebdfc3bf876",
-                "reference": "f56b220fe2db1ade4c88098d83413ebdfc3bf876",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
+                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
                 "shasum": ""
             },
             "require": {
@@ -2866,7 +2866,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.3.0"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.0"
             },
             "funding": [
                 {
@@ -2878,7 +2878,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-05-01T10:20:27+00:00"
+            "time": "2024-12-16T12:45:15+00:00"
         },
         {
             "name": "sserbin/twig-linter",

From f8a249e1adde58fb1404dc0b808343984c835c9a Mon Sep 17 00:00:00 2001
From: tofuwabohu <66644064+tofuwabohu@users.noreply.github.com>
Date: Sun, 10 Nov 2024 22:15:37 +0100
Subject: [PATCH 2789/3949] Add steps to migrate using borg backup

Signed-off-by: tofuwabohu <66644064+tofuwabohu@users.noreply.github.com>
---
 migration.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/migration.md b/migration.md
index 12488b17..e676366e 100644
--- a/migration.md
+++ b/migration.md
@@ -21,6 +21,32 @@ The procedure for migrating only the files works like this:
 1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 
 ## Migrate the files and the database
+### Using the borg backup
+If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on /mnt/datadir, you can adjust the steps if it's elsewhere.
+
+1. Set the DNS entry to 60 seconds TTL if applicable
+1. On your current installation, use the AIO interface to:
+    1. Update AIO and all containers
+    1. Stop all containers (from now on, your cloud is down)
+    1. Create a current borg backup
+    1. Note the path where the backups are stored and the encryption password
+1. Navigate to the backup folder
+1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg`
+1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive.
+1. Switch to the new host
+1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz`
+1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command)
+1. Change the DNS entry to the new host's IP
+1. Configure your reverse proxy if you use one
+1. Start the AIO container and open the new AIO interface in your browser
+1. Make sure to save the newly generated passphrase and enter it in the next step
+1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit "Submit location and password"
+1. Choose the latest backup in the dropdown and hit "Restore selected backup"
+1. Wait until the backup is restored
+1. Start the containers in the AIO interface
+
+
+### Manual process
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
 
 The procedure for migrating the files and the database works like this:

From 0598b10f2ebce699ccf6a9151c2ecd2d15966c65 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Dec 2024 14:14:14 +0100
Subject: [PATCH 2790/3949] adjust the guide to be shown in the normal readme
 and add a link from the migration docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 migration.md | 28 +---------------------------
 readme.md    | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/migration.md b/migration.md
index e676366e..864559c4 100644
--- a/migration.md
+++ b/migration.md
@@ -1,6 +1,6 @@
 # How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 
-There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:
+There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO (if you ran AIO on the former installation already, you can follow [these steps](https://github.com/nextcloud/all-in-one#how-to-migrate-from-aio-to-aio)):
 
 1. Migrate only the files which is the easiest way (this excludes all calendar data for example)
 1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
@@ -21,32 +21,6 @@ The procedure for migrating only the files works like this:
 1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 
 ## Migrate the files and the database
-### Using the borg backup
-If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on /mnt/datadir, you can adjust the steps if it's elsewhere.
-
-1. Set the DNS entry to 60 seconds TTL if applicable
-1. On your current installation, use the AIO interface to:
-    1. Update AIO and all containers
-    1. Stop all containers (from now on, your cloud is down)
-    1. Create a current borg backup
-    1. Note the path where the backups are stored and the encryption password
-1. Navigate to the backup folder
-1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg`
-1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive.
-1. Switch to the new host
-1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz`
-1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command)
-1. Change the DNS entry to the new host's IP
-1. Configure your reverse proxy if you use one
-1. Start the AIO container and open the new AIO interface in your browser
-1. Make sure to save the newly generated passphrase and enter it in the next step
-1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit "Submit location and password"
-1. Choose the latest backup in the dropdown and hit "Restore selected backup"
-1. Wait until the backup is restored
-1. Start the containers in the AIO interface
-
-
-### Manual process
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
 
 The procedure for migrating the files and the database works like this:
diff --git a/readme.md b/readme.md
index fac0235b..dd5ecd3a 100644
--- a/readme.md
+++ b/readme.md
@@ -428,6 +428,30 @@ Backed up will get all important data of your Nextcloud AIO instance like the da
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
+#### How to migrate from AIO to AIO?
+If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere.
+
+1. Set the DNS entry to 60 seconds TTL if applicable
+1. On your current installation, use the AIO interface to:
+    1. Update AIO and all containers
+    1. Stop all containers (from now on, your cloud is down)
+    1. Create a current borg backup
+    1. Note the path where the backups are stored and the encryption password
+1. Navigate to the backup folder
+1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg`
+1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive.
+1. Switch to the new host
+1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz`
+1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command)
+1. Change the DNS entry to the new host's IP
+1. Configure your reverse proxy if you use one
+1. Start the AIO container and open the new AIO interface in your browser
+1. Make sure to save the newly generated passphrase and enter it in the next step
+1. Select the "Restore former AIO instance from backup" option and enter the encryption password from the old backup and the path in which the extracted `borg` folder lies in (without the borg part) and hit `Submit location and password`
+1. Choose the latest backup in the dropdown and hit `Restore selected backup`
+1. Wait until the backup is restored
+1. Start the containers in the AIO interface
+
 #### Are remote borg backups supported?
 Backing up directly to a remote borg repository is supported. This avoids having to store a local copy of your backups, supports append-only borg keys to counter ransomware and allows using the AIO interface to manage your backups.
 

From 32109b255160c733e563fef29f8f7025d77a0ff5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Dec 2024 14:54:21 +0100
Subject: [PATCH 2791/3949] increase to 10.2.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 08269747..32cb5f02 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.1.1</h1>
+            <h1>Nextcloud AIO v10.2.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 88070d66c0fc4bc58d5c04f3ec3d5f1c04264943 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 17 Dec 2024 16:59:12 +0100
Subject: [PATCH 2792/3949] rp-docs: add comment to the config directly to
 adjust localhost:11000

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 50f25d70..874192db 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -93,13 +93,13 @@ Add this as a new Apache site config:
     RequestHeader set X-Real-IP %{REMOTE_ADDR}s
     AllowEncodedSlashes NoDecode
     
-    ProxyPass / http://localhost:11000/ nocanon
-    ProxyPassReverse / http://localhost:11000/
+    ProxyPass / http://localhost:11000/ nocanon # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
     
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
     RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
-    RewriteRule .? "ws://localhost:11000/%1" [P,L,UnsafeAllow3F]
+    RewriteRule .? "ws://localhost:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1
@@ -152,7 +152,7 @@ Add this to your Caddyfile:
 
 ```
 https://<your-nc-domain>:443 {
-    reverse_proxy localhost:11000
+    reverse_proxy localhost:11000 # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 }
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
@@ -175,7 +175,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 1. Add this to your Caddyfile:
     ```
     https://<your-nc-domain>:443 {
-        reverse_proxy localhost:11000
+        reverse_proxy localhost:11000 # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
         tls {
             dns <provider> <key>
         }
@@ -310,7 +310,7 @@ backend acme_challenge_backend
 backend Nextcloud
     mode http
     balance source
-    server Nextcloud localhost:11000 
+    server Nextcloud localhost:11000 # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 ```
 
 ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
@@ -374,7 +374,7 @@ server {
     server_name <your-nc-domain>;
 
     location / {
-        proxy_pass http://127.0.0.1:11000$request_uri; # adjust to match APACHE_PORT and APACHE_IP_BINDING
+        proxy_pass http://127.0.0.1:11000$request_uri; # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
@@ -509,7 +509,7 @@ const http = require('http');
 
 const app = express();
 const proxy = HttpProxy.createProxyServer({
-	target: 'http://localhost:11000',
+	target: 'http://localhost:11000', // Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 	// Timeout can be changed to your liking.
 	timeout: 1000 * 60 * 3,
 	proxyTimeout: 1000 * 60 * 3,
@@ -657,7 +657,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
         nextcloud:
           loadBalancer:
             servers:
-              - url: "http://localhost:11000" # Use the host's IP address if Traefik runs outside the host network
+              - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
 
       middlewares:
         nextcloud-secure-headers:

From 3c2a1edcc4f491539fffd969d726f9a6b0d5ec2a Mon Sep 17 00:00:00 2001
From: JMarcosHP <jehuherrerap@hotmail.com>
Date: Tue, 17 Dec 2024 10:39:01 -0600
Subject: [PATCH 2793/3949] Added  env variable to nextcloud container, changed
  reachability in favor of apache container host.

Signed-off-by: JMarcosHP <jehuherrerap@hotmail.com>
---
 Containers/nextcloud/run-exec-commands.sh | 22 ++++------------------
 manual-install/latest.yml                 |  3 ++-
 php/containers.json                       |  3 ++-
 3 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index d98527f9..e917a96d 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,24 +1,10 @@
 #!/bin/bash
 
-# ENV Variables
-MAX_RETRY=3
-COUNT=1
-
-# Wait until the domain is reachable
-sleep 15
-while [ "$COUNT" -le "$MAX_RETRY" ]; do
-    if nc -z "$NC_DOMAIN" 443; then
-        echo "Domain reached."
-        break
-    else
-        echo "Attempt $COUNT: Domain not reachable. Retrying in 15 seconds..."
-        sleep 15
-        ((COUNT++))
-    fi
+# Wait until the apache container is ready
+while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
+    echo "Waiting for Apache to become available..."
+    sleep 15
 done
-if [ "$COUNT" -gt "$MAX_RETRY" ]; then
-    echo "The domain could not be reached after $MAX_RETRY attempts. Proceeding anyway..."
-fi
 
 if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
     echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 15af7f53..049c5d11 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -136,6 +136,8 @@ services:
       - POSTGRES_USER=nextcloud
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - APACHE_HOST=nextcloud-aio-apache
+      - APACHE_PORT
       - NC_DOMAIN
       - ADMIN_USER=admin
       - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
@@ -174,7 +176,6 @@ services:
       - TALK_RECORDING_HOST=nextcloud-aio-talk-recording
       - FULLTEXTSEARCH_PASSWORD
       - REMOVE_DISABLED_APPS
-      - APACHE_PORT
       - IMAGINARY_SECRET
       - WHITEBOARD_SECRET
       - WHITEBOARD_ENABLED
diff --git a/php/containers.json b/php/containers.json
index a6553039..1b0192b6 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -210,6 +210,8 @@
         "POSTGRES_USER=nextcloud",
         "REDIS_HOST=nextcloud-aio-redis",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "APACHE_HOST=nextcloud-aio-apache",
+        "APACHE_PORT=%APACHE_PORT%",
         "AIO_TOKEN=%AIO_TOKEN%",
         "NC_DOMAIN=%NC_DOMAIN%",
         "ADMIN_USER=admin",
@@ -251,7 +253,6 @@
         "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
-        "APACHE_PORT=%APACHE_PORT%",
         "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
         "THIS_IS_AIO=true",
         "IMAGINARY_SECRET=%IMAGINARY_SECRET%",

From d0bdcbbea7f4a103ebf5a3a83f19ab56f236982b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Dec 2024 04:36:03 +0000
Subject: [PATCH 2794/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.16.1 to 8.17.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 9b7804f7..3a57714d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.16.1
+FROM elasticsearch:8.17.0
 
 USER root
 

From c806a416727684416e59815caba0543fc2b078fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Dec 2024 04:36:37 +0000
Subject: [PATCH 2795/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.23-scratch to 2.10.24-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d0864122..95733666 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.23-scratch AS nats
+FROM nats:2.10.24-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
 FROM alpine:3.21.0 AS janus

From 66a6b96e67c2ee65f95c0f5986c44dc642d9e9e9 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 18 Dec 2024 12:46:19 +0100
Subject: [PATCH 2796/3949] Fix button according Nextcloud Vue

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/public/style.css | 62 ++++++++++++++++++++++++++++++++++----------
 1 file changed, 48 insertions(+), 14 deletions(-)

diff --git a/php/public/style.css b/php/public/style.css
index c2125820..fa79efd9 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -11,8 +11,12 @@
     --color-error-text: #c20505;
     --color-success: #46ba61;
     --color-running: #ffd000;
-    --color-info: #0071ad;
-    --color-info-hover: #00aaef;
+    --color-primary-element: #00679e;
+    --color-primary-element-hover: #005a8a;
+    --color-primary-element-text: #ffffff;
+    --color-primary-element-light: #e5eff5;
+    --color-primary-element-light-hover: #dbe4ea;
+    --color-primary-element-light-text: #00293f;
     --color-border-maxcontrast: #7d7d7d;
     --color-loader: #f3f3f3;
     --color-disabled: #d3d3d3; /* light gray background for disabled checkboxes */
@@ -52,8 +56,12 @@ Note: Unfortunately, it's not possible to calculate this dynamically using CSS v
     --color-error: #ff3333;
     --color-error-hover: #ff6666;
     --color-error-text: #ff8080;
-    --color-info: #00aeff;
-    --color-info-hover: #33beff;
+    --color-primary-element:#0091f2;
+    --color-primary-element-hover:#079cff;
+    --color-primary-element-text:#000000;
+    --color-primary-element-light:#14232c;
+    --color-primary-element-light-hover:#1e2d35;
+    --color-primary-element-light-text:#99d3f9;
     --color-loader: var(--color-border-maxcontrast);
     --border-hover: var(--border);
 }
@@ -68,11 +76,11 @@ html, body {
 
 a {
     text-decoration: none;
-    color: var(--color-info);
+    color: var(--color-primary-element);
 }
 
 a:hover {
-    color: var(--color-info-hover);
+    color: var(--color-primary-element-hover);
 }
 
 a.button,
@@ -81,26 +89,52 @@ input[type="submit"] {
     width: auto;
     height: 34px;
     cursor: pointer;
-    background-color: var(--color-nextcloud-blue);
+    background-color: var(--color-primary-element);
     font-weight: bold;
     border-radius: var(--border-radius);
     margin: 3px 3px 3px 0;
     font-size: var(--default-font-size);
-    color: white;
-    border: .5px solid var(--color-main-border);
+    color: var(--color-primary-element-text);
+    border: none;
     outline: none;
 }
 
 a.button:focus,
 input[type="submit"]:focus {
-    border: 1px solid var(--color-main-border);
+    outline: 2px solid var(--color-main-border);
 }
 
 a.button:hover,
 input[type="submit"]:hover {
-    background-color: var(--color-info-hover);
+    background-color: var(--color-primary-element-hover);
 }
 
+
+a.button.light:hover,
+input[type="submit"].light:hover {
+    background-color: var(--color-primary-element-light);
+    color: var(--color-primary-element-light-text);
+}
+
+
+a.button.light,
+input[type="submit"].light {
+    background-color: var(--color-primary-element-light);
+}
+
+a.button.error,
+input[type="submit"].error {
+    background-color: var(--color-error);
+}
+
+a.button.error:hover,
+input[type="submit"].error:hover {
+    background-color: var(--color-error-hover);
+}
+
+
+
+
 summary {
     cursor: pointer;
 }
@@ -352,7 +386,7 @@ input[type="checkbox"]:not(:disabled) {
     -webkit-appearance: none; /* remove default styling */
     -moz-appearance: none;
     appearance: none;
-    border: 1px solid var(--color-nextcloud-blue);
+    border: 1px solid var(--color-primary-element);
     border-radius: 2px;
     cursor: pointer;
     position: relative;
@@ -362,12 +396,12 @@ input[type="checkbox"]:not(:disabled) {
 
 /* Hover effects for enabled checkboxes */
 input[type="checkbox"]:not(:disabled):hover {
-    border-color: var(--color-info-hover);
+    border-color: var(--color-primary-element-hover);
 }
 
 /* Checkmark styling for enabled checkboxes */
 input[type="checkbox"]:checked:not(:disabled) {
-    background-color: var(--color-nextcloud-blue);
+    background-color: var(--color-primary-element);
     border-color: var(--color-border-maxcontrast);
 }
 

From 2915345b7da255c4e1d0da8e8e6557f97eab6b08 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 19 Dec 2024 14:02:25 +0100
Subject: [PATCH 2797/3949] aio-interface: disable fts if seccomp is not
 supported in the kernel

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php           | 5 +++++
 php/templates/includes/optional-containers.twig | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3a1e053d..d07b0ad1 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -210,6 +210,11 @@ class ConfigurationManager
     }
 
     public function SetFulltextsearchEnabledState(int $value) : void {
+        # Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
+        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+            $value = 0;
+        }
+
         $config = $this->GetConfig();
         $config['isFulltextsearchEnabled'] = $value;
         $this->WriteConfig($config);
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 35446354..bf489120 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -50,7 +50,7 @@
             {% endif %}
         >
         <label for="fulltextsearch">
-            Fulltextsearch (needs ~1GB additional RAM)
+            Fulltextsearch (needs ~1GB additional RAM, <a href="https://github.com/nextcloud/all-in-one/discussions/5768">does not work on Kernels without Seccomp</a>)
             {% if is_fulltextsearch_enabled == false %}
                 . <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable
             {% endif %}

From 8aa8d7f60be0396606c1746c3c2886528cdfa1eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Dec 2024 04:19:35 +0000
Subject: [PATCH 2798/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.4.0-cli to 27.4.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ed21df4a..110b236d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.4.0-cli AS docker
+FROM docker:27.4.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

From 53edc5d4a9177ac163261cf5b28de779e01187ae Mon Sep 17 00:00:00 2001
From: MondoGao <mondogao@gmail.com>
Date: Fri, 20 Dec 2024 04:12:59 -0600
Subject: [PATCH 2799/3949] add support for nvidia gpu access (#5132)

Signed-off-by: Mondo <mondo.jiang@wisc.edu>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 .../facerecognition/facerecognition.json      |  4 +++
 community-containers/jellyfin/jellyfin.json   |  1 +
 community-containers/local-ai/local-ai.json   |  4 +++
 community-containers/memories/memories.json   |  1 +
 community-containers/memories/readme.md       |  2 +-
 community-containers/plex/plex.json           |  1 +
 compose.yaml                                  |  3 +-
 manual-install/update-yaml.sh                 |  1 +
 php/containers-schema.json                    |  3 ++
 php/containers.json                           |  5 +++
 php/public/index.php                          |  1 +
 php/src/Container/Container.php               |  5 +++
 php/src/ContainerDefinitionFetcher.php        |  6 ++++
 php/src/Data/ConfigurationManager.php         | 11 +++++++
 php/src/Docker/DockerActionManager.php        | 11 +++++++
 php/templates/includes/aio-config.twig        | 12 ++++---
 readme.md                                     | 32 ++++++++++++++++---
 17 files changed, 92 insertions(+), 11 deletions(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 89e8fc8b..4487bd87 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -16,6 +16,10 @@
             "aio_variables": [
                 "nextcloud_memory_limit=2048M"
             ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "enable_nvidia_gpu": true,
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
                 "php /var/www/html/occ app:enable facerecognition", 
diff --git a/community-containers/jellyfin/jellyfin.json b/community-containers/jellyfin/jellyfin.json
index f16e5a0a..47972588 100644
--- a/community-containers/jellyfin/jellyfin.json
+++ b/community-containers/jellyfin/jellyfin.json
@@ -31,6 +31,7 @@
             "devices": [
                 "/dev/dri"
             ],
+            "enable_nvidia_gpu": true,
             "backup_volumes": [
                 "nextcloud_aio_jellyfin"
             ]
diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 60032cdf..4447139a 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -29,6 +29,10 @@
                     "writeable": false
                 }
             ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "enable_nvidia_gpu": true,
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
                 "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.yaml'",
diff --git a/community-containers/memories/memories.json b/community-containers/memories/memories.json
index 0c6a8e65..cb84a722 100644
--- a/community-containers/memories/memories.json
+++ b/community-containers/memories/memories.json
@@ -27,6 +27,7 @@
             "devices": [
                 "/dev/dri"
             ],
+            "enable_nvidia_gpu": true,
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install memories",
                 "php /var/www/html/occ app:enable memories",
diff --git a/community-containers/memories/readme.md b/community-containers/memories/readme.md
index bb8e066d..88a44c4d 100644
--- a/community-containers/memories/readme.md
+++ b/community-containers/memories/readme.md
@@ -2,7 +2,7 @@
 This container bundles the hardware-transcoding container of memories and auto-configures it for you.
 
 ### Notes
-- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/plex/plex.json b/community-containers/plex/plex.json
index 168bc4a9..5fc8712a 100644
--- a/community-containers/plex/plex.json
+++ b/community-containers/plex/plex.json
@@ -33,6 +33,7 @@
             "devices": [
                 "/dev/dri"
             ],
+            "enable_nvidia_gpu": true,
             "backup_volumes": [
                 "nextcloud_aio_plex"
             ]
diff --git a/compose.yaml b/compose.yaml
index 4e2c699b..2b9d866b 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -29,7 +29,8 @@ services:
       # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      # ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 372da72f..295cd3a1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -15,6 +15,7 @@ OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 7055d0db..d8dcfb0b 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -160,6 +160,9 @@
 							"pattern": "^/dev/[a-z]+$"
 						}
 					},
+					"enable_nvidia_gpu": {
+						"type": "boolean"
+					},
 					"apparmor_unconfined": {
 						"type": "boolean"
 					},
diff --git a/php/containers.json b/php/containers.json
index a6553039..1238c0a6 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -263,6 +263,7 @@
       "devices": [
         "/dev/dri"
       ],
+      "enable_nvidia_gpu": true,
       "backup_volumes": [
         "nextcloud_aio_nextcloud"
       ],
@@ -520,6 +521,10 @@
       "profiles": [
         "talk-recording"
       ],
+      "devices": [
+        "/dev/dri"
+      ],
+      "enable_nvidia_gpu": true,
       "networks": [
         "nextcloud-aio"
       ],
diff --git a/php/public/index.php b/php/public/index.php
index 30e39246..e5823cb4 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -125,6 +125,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
+        'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),        
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 0f9e9de5..44980541 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -23,6 +23,7 @@ readonly class Container {
         private array                         $secrets,
         /** @var string[] */
         private array                         $devices,
+        private bool                          $enable_nvidia_gpu,
         /** @var string[] */
         private array                         $capAdd,
         private int                           $shmSize,
@@ -92,6 +93,10 @@ readonly class Container {
         return $this->devices;
     }
 
+    public function isNvidiaGpuEnabled() : bool {
+        return $this->enable_nvidia_gpu;
+    }
+
     public function GetCapAdds() : array {
         return $this->capAdd;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 4e2d6a41..5628c837 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -249,6 +249,11 @@ readonly class ContainerDefinitionFetcher {
                 $devices = $entry['devices'];
             }
 
+            $enableNvidiaGpu = false;
+            if (is_bool($entry['enable_nvidia_gpu'])) {
+                $enableNvidiaGpu = $entry['enable_nvidia_gpu'];
+            }
+
             $capAdd = [];
             if (isset($entry['cap_add'])) {
                 $capAdd = $entry['cap_add'];
@@ -312,6 +317,7 @@ readonly class ContainerDefinitionFetcher {
                 $dependsOn,
                 $secrets,
                 $devices,
+                $enableNvidiaGpu,
                 $capAdd,
                 $shmSize,
                 $apparmorUnconfined,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3a1e053d..147492ff 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -983,6 +983,17 @@ class ConfigurationManager
         }
     }
 
+    private function GetEnabledNvidiaGpu() : string {
+        $envVariableName = 'ENABLE_NVIDIA_GPU';
+        $configName = 'enable_nvidia_gpu';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isNvidiaGpuEnabled() : bool {
+        return $this->GetEnabledNvidiaGpu() === 'true';
+    }
+
     private function GetKeepDisabledApps() : string {
         $envVariableName = 'NEXTCLOUD_KEEP_DISABLED_APPS';
         $configName = 'nextcloud_keep_disabled_apps';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e3d78212..e3d7c337 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -491,6 +491,17 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        if ($container->isNvidiaGpuEnabled() && $this->configurationManager->isNvidiaGpuEnabled()) {
+            $requestBody['HostConfig']['Runtime'] = 'nvidia';
+            $requestBody['HostConfig']['DeviceRequests'] = [
+                [
+                    "Driver" => "nvidia",
+                    "Count" => 1,
+                    "Capabilities" => [["gpu"]],
+                ]
+            ];
+        }
+
         $shmSize = $container->GetShmSize();
         if ($shmSize > 0) {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 96877e06..07672ce3 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -29,12 +29,16 @@
     <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
 
     <p>
-        {% if is_dri_device_enabled == true %}
-            The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
+        {% if is_dri_device_enabled == true and is_nvidia_gpu_enabled == true %}
+            Hardware acceleration is enabled with the /dev/dri device and the Nvidia runtime.
+        {% elseif is_dri_device_enabled == true %}
+            Hardware acceleration is enabled with the /dev/dri device.
+        {% elseif is_nvidia_gpu_enabled == true %}
+            Hardware acceleration is enabled with the Nvidia runtime.
         {% else %}
-            The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
+            Hardware acceleration is not enabled. It's recommended to enable hardware transcoding for better performance.
         {% endif %}
-        See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.</p>
+        See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud">hardware acceleration documentation</a> on how to change this.</p>
 
     <p>For further documentation on AIO, refer to <strong><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
 </details>
diff --git a/readme.md b/readme.md
index 38016ce2..033172fc 100644
--- a/readme.md
+++ b/readme.md
@@ -44,7 +44,7 @@ Included are:
 - `ffmpeg`, `smbclient`, `libreoffice` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
-- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud) to the Nextcloud container
+- Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
@@ -765,11 +765,33 @@ You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick exte
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
 
-### How to enable hardware-transcoding for Nextcloud?
-> [!WARNING]  
-> This only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
+### How to enable hardware acceleration for Nextcloud?
+Some container can use GPU acceleration to increase performance like [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos.
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. There is now a community container which allows to easily add the transcoding container of Memories to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories
+#### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia
+
+> [!WARNING]  
+> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host.
+
+A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html).
+
+This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.
+
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
+
+
+#### With proprietary drivers for Nvidia :warning: BETA
+
+> [!WARNING]
+> This only works if the Nvidia Toolkit is installed on the host and an NVIDIA GPU is enabled! Make sure that it is correctly configured on the host. If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
+> 
+> This feature is in beta. Since the proprietary, we haven't a lot of user using proprietary drivers, we can't guarantee the stability of this feature. Your feedback is welcome.
+
+This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.
+
+In order to use that, you need to add `--env ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
+
+If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
 
 ### How to keep disabled apps?
 In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 

From 6c4f019c999379da0f8110b6eff1bbf3ec4346db Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 11:17:59 +0100
Subject: [PATCH 2800/3949] update version

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/layout.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 56e4ee6b..97b46edd 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v3" media="all" />
+        <link rel="stylesheet" href="/style.css?v4" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

From 138e7f34b82d0597d69cc0941b43f172b6a38df4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 11:26:19 +0100
Subject: [PATCH 2801/3949] try to downgrade collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 137a12c8..f9285124 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.10.2.1
+FROM collabora/code:24.04.9.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
@@ -10,8 +10,7 @@ RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-#        # Disable because seems to be failing currently
-#        # tzdata \
+        tzdata \
         netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*;

From 86554ba1964f175f4b053a3053bba86d13742fbe Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 11:32:20 +0100
Subject: [PATCH 2802/3949] collabora: disable tzdata again

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index f9285124..52573da4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -10,7 +10,8 @@ RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-        tzdata \
+#        # Disable because seems to be failing currently
+#        # tzdata \
         netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*;

From bc4ebfaac074c7c0020498fd1a7279314887888b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 11:49:54 +0100
Subject: [PATCH 2803/3949] fix check if array key is set

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 5628c837..8f7c6a97 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -250,7 +250,7 @@ readonly class ContainerDefinitionFetcher {
             }
 
             $enableNvidiaGpu = false;
-            if (is_bool($entry['enable_nvidia_gpu'])) {
+            if (isset($entry['enable_nvidia_gpu'])) {
                 $enableNvidiaGpu = $entry['enable_nvidia_gpu'];
             }
 

From 4906ee4ca4ab75c3b40ef7780d7289fca641030e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 12:18:50 +0100
Subject: [PATCH 2804/3949] actually fix collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 2 +-
 php/containers.json             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 52573da4..137a12c8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.9.1.1
+FROM collabora/code:24.04.10.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
diff --git a/php/containers.json b/php/containers.json
index 5b0b64c6..73bed029 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -390,7 +390,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",

From ddc1bce1c50b4dcb38a2a2e9c23aae03d5b5f6ff Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 20 Dec 2024 12:03:10 +0000
Subject: [PATCH 2805/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 049c5d11..99efa300 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -251,7 +251,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}

From 109b9dc019ebb499a9571f8cf3129e6e26e1942a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 14:02:26 +0100
Subject: [PATCH 2806/3949] helm: update the collabora config already

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 9c222486..f656c89f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -31,7 +31,7 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow_host[0]=0.0.0.0/0 --o:net.post_allow_host[1]=::/0
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           image: nextcloud/aio-collabora:20241216_102930

From 31896ae68e54b892521d1b8808104b7209b559c3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 18:49:31 +0100
Subject: [PATCH 2807/3949] nextcloud: set max opcache files to 1000

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index efca2d09..528e7521 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -125,6 +125,7 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
     { \
+        echo 'opcache.max_accelerated_files=10000'; \
         echo 'opcache.memory_consumption=256'; \
         echo 'opcache.interned_strings_buffer=64'; \
         echo 'opcache.save_comments=1'; \

From f3e47e62f3205d42ef830a9ffc2824f589e3c741 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 20 Dec 2024 18:51:43 +0100
Subject: [PATCH 2808/3949] Container.php: adjust casing of enable_nvidia_gpu
 to enableNvidiaGpu

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Container/Container.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 44980541..0b032e8c 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -23,7 +23,7 @@ readonly class Container {
         private array                         $secrets,
         /** @var string[] */
         private array                         $devices,
-        private bool                          $enable_nvidia_gpu,
+        private bool                          $enableNvidiaGpu,
         /** @var string[] */
         private array                         $capAdd,
         private int                           $shmSize,
@@ -94,7 +94,7 @@ readonly class Container {
     }
 
     public function isNvidiaGpuEnabled() : bool {
-        return $this->enable_nvidia_gpu;
+        return $this->enableNvidiaGpu;
     }
 
     public function GetCapAdds() : array {

From e81edfd930007eb4b229d55adbf5288958f8fbe7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Dec 2024 04:52:38 +0000
Subject: [PATCH 2809/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.10.2.1 to 24.04.11.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 137a12c8..c66f9526 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.10.2.1
+FROM collabora/code:24.04.11.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 2de24563c77d7fdd941d639673c30400908835cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Dec 2024 04:52:58 +0000
Subject: [PATCH 2810/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.14-fpm-alpine3.21 to 8.3.15-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 110b236d..73208df0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.4.1-cli AS docker
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.14-fpm-alpine3.21
+FROM php:8.3.15-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From 34690eee0248238ddfc12eea1854f36e345c443d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Dec 2024 04:53:03 +0000
Subject: [PATCH 2811/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.14-fpm-alpine3.21 to 8.3.15-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index efca2d09..8ddfb2d7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.14-fpm-alpine3.21
+FROM php:8.3.15-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 12fddf1787fafbc5cac3a99b41b5ed64d95a8bf1 Mon Sep 17 00:00:00 2001
From: "airo.pi_" <47398145+AiroPi@users.noreply.github.com>
Date: Tue, 24 Dec 2024 10:01:20 +0100
Subject: [PATCH 2812/3949] Add port to borg remote placeholder

Signed-off-by: airo.pi_ <47398145+AiroPi@users.noreply.github.com>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 32cb5f02..c2dc6d42 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -196,7 +196,7 @@
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
-                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:/path/to/repo"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <label>Borg passphrase</label> <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From e3f551c2a41b535b0533b00e849d8f0e6e2afc05 Mon Sep 17 00:00:00 2001
From: Kain <26943220+kaincenteno@users.noreply.github.com>
Date: Tue, 24 Dec 2024 12:00:14 -0800
Subject: [PATCH 2813/3949] comments out http3_stream_buffer_size 512k as it
 requires v1.25.0+

comments out http3_stream_buffer_size 512k as it requires version 1.25.0+ of nginx

Signed-off-by: Kain <26943220+kaincenteno@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 874192db..43cf0277 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -368,7 +368,7 @@ server {
 
     client_max_body_size 0;
     client_body_buffer_size 512k;
-    http3_stream_buffer_size 512k;
+    # http3_stream_buffer_size 512k; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
     proxy_read_timeout 86400s;
 
     server_name <your-nc-domain>;

From 76f2ae7dc97da7726a03e23b53a39a1b6f677185 Mon Sep 17 00:00:00 2001
From: Pierre <47398145+AiroPi@users.noreply.github.com>
Date: Mon, 30 Dec 2024 13:22:12 +0100
Subject: [PATCH 2814/3949] fix: add "port" to more placeholders in
 containers.twig

Signed-off-by: Pierre <47398145+AiroPi@users.noreply.github.com>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c2dc6d42..0fcf690f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -394,7 +394,7 @@
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
-                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:/path/to/repo"/><br>
+                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit backup location" />
@@ -435,7 +435,7 @@
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
-                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:/path/to/repo"/><br>
+                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Set backup location again" />

From c59112192a1195ad7ed33bfd97b3aff6fa372b3b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 30 Dec 2024 15:04:22 +0100
Subject: [PATCH 2815/3949] local-ai-cc: disable nvidia-gpu as it disallows the
 container to start

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/local-ai/local-ai.json | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 4447139a..6242a3b9 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -29,10 +29,7 @@
                     "writeable": false
                 }
             ],
-            "devices": [
-                "/dev/dri"
-            ],
-            "enable_nvidia_gpu": true,
+            "enable_nvidia_gpu": false,
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
                 "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.yaml'",

From 38e2d51aa09e34020c8d1c80b18808abe620df80 Mon Sep 17 00:00:00 2001
From: Luotio <juha@luotio.net>
Date: Wed, 1 Jan 2025 12:38:36 +0200
Subject: [PATCH 2816/3949] Update reverse-proxy.md

Fixed the IIS reverse proxy configuration, not considering special characters, and added HTTP_X_FORWARDED headers.

Signed-off-by: Luotio <juha@luotio.net>
---
 reverse-proxy.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 43cf0277..c4def69e 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -719,7 +719,8 @@ Add the following `web.config` file to the root of the site you created as the r
   </system.web>
   <system.webServer>
     <rewrite>
-      <rules>
+      <!-- useOriginalURLEncoding needs to be set to false, otherwise IIS will double encode urls causing all files with spaces or special characters to be inaccessible -->
+      <rules useOriginalURLEncoding="false">
         <!-- Force https -->
         <rule name="Https" stopProcessing="true">
           <match url="(.*)" />
@@ -734,7 +735,14 @@ Add the following `web.config` file to the root of the site you created as the r
           <conditions>
             <add input="{HTTPS}" pattern="^ON$" />
           </conditions>
-          <action type="Rewrite" url="http://nc-server-farm:11000/{UNENCODED_URL}" appendQueryString="false" />
+          <!-- Note that {UNENCODED_URL} already contains starting slash, so we must add it directly after the port number without additional slash -->
+          <action type="Rewrite" url="http://nc-server-farm:11000{UNENCODED_URL}" appendQueryString="false" />
+          <!-- Setting forwarded headers is not strictly needed but it is a good practice -->
+	  <serverVariables>
+            <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
+	    <set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
+	    <set name="HTTP_X_FORWARDED_PROTO" value="https" />
+	  </serverVariables>
         </rule>
       </rules>
     </rewrite>

From dc761e259a3922eefd6e354103a871fbe8025295 Mon Sep 17 00:00:00 2001
From: Luotio <juha@luotio.net>
Date: Wed, 1 Jan 2025 12:45:50 +0200
Subject: [PATCH 2817/3949] Update reverse-proxy.md

Removed X_FORWARDED headers as they did not work as expected

Signed-off-by: Luotio <juha@luotio.net>
---
 reverse-proxy.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c4def69e..173b812f 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -737,12 +737,6 @@ Add the following `web.config` file to the root of the site you created as the r
           </conditions>
           <!-- Note that {UNENCODED_URL} already contains starting slash, so we must add it directly after the port number without additional slash -->
           <action type="Rewrite" url="http://nc-server-farm:11000{UNENCODED_URL}" appendQueryString="false" />
-          <!-- Setting forwarded headers is not strictly needed but it is a good practice -->
-	  <serverVariables>
-            <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
-	    <set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
-	    <set name="HTTP_X_FORWARDED_PROTO" value="https" />
-	  </serverVariables>
         </rule>
       </rules>
     </rewrite>

From 78b146497738c392518a5f48915a864b9134d59c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 3 Jan 2025 15:35:52 +0100
Subject: [PATCH 2818/3949] reverse-proxy docu: adjust and add introduction
 with example

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 69 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 56 insertions(+), 13 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 43cf0277..c6b62a62 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,21 +1,66 @@
 # Reverse Proxy Documentation
 
-> [!NOTE]  
-> The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
-
-A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is a software service that acts as a gateway between services and a client. It is commonly used to allow a client connected to the Internet to access a website located in the [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.
-
-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
+> [!NOTE]
+> Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
 
+## Introduction
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
-1. specify the port that AIO's integrated Apache container shall use
-2. add a specific config to your web server or reverse proxy
-3. modify the startup command a bit.
-All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy.
+1. add a specific config to your web server or reverse proxy. [See the documentation below.](#1-configure-the-reverse-proxy)
+2. specify the port that AIO's integrated Apache container shall use via the environmental variable `APACHE_PORT` (that runs inside its own container and published this port on the host) and adjust the `docker run` command of AIO. [See the documentation below.](#2-use-this-startup-command).
+3. Open the AIO interface at port `8080` and type in and validate your domain. [See the documentation below.](#4-open-the-aio-interface)
+
+Here one example with all reverse proxy settings for Linux:
+```
+sudo docker run \
+--init \
+--sig-proxy=false \
+--name nextcloud-aio-mastercontainer \
+--restart always \
+--publish 8080:8080 \
+--env APACHE_PORT=11000 \
+--env APACHE_IP_BINDING=0.0.0.0 \
+--env APACHE_ADDITIONAL_NETWORK="" \
+--env SKIP_DOMAIN_VALIDATION=false \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest
+```
+
+<details>
+
+<summary>Explanation of the command</summary>
+
+- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme).
+- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
+- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
+- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
+- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
+- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
+- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
+- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
+- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
+- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
+- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
+- `nextcloud/all-in-one:latest` This is the docker container image that is used.
+- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
+
+</details>
+
+> [!Note] 
+> If you run into troubles, see [the debug section](#6-how-to-debug-things).
+
+---
+
 > [!IMPORTANT] 
 > If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
-**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
+> [!NOTE]
+> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+
+## Content
+
+The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
@@ -23,8 +68,6 @@ All examples below will use port `11000` as `APACHE_PORT`. This port will be exp
 1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: how to debug things? See [point 6](#6-how-to-debug-things)
 
-**Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
-
 ## 1. Configure the reverse proxy
 
 ### Adapting the sample web server configurations below

From 124be702dae203cb207cf07cb5295254ddd53ee2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 3 Jan 2025 16:02:54 +0100
Subject: [PATCH 2819/3949] add some further instructions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index c6b62a62..fdc8c32d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -879,7 +879,7 @@ Use this environment variable during the initial startup of the mastercontainer
 
 ## 4. Open the AIO interface
 
-After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`.<br>
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080` and type in and validate the domain that you have configured.<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 

From b6aa1e9c607476f122d11fc151ea8aa6c32b8533 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 3 Jan 2025 17:02:30 +0100
Subject: [PATCH 2820/3949] add two options to other examples as well

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index fdc8c32d..7ae98749 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -832,6 +832,8 @@ sudo docker run \
 --publish 8080:8080 \
 --env APACHE_PORT=11000 \
 --env APACHE_IP_BINDING=0.0.0.0 \
+--env APACHE_ADDITIONAL_NETWORK="" \
+--env SKIP_DOMAIN_VALIDATION=false \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:latest
@@ -858,6 +860,8 @@ docker run ^
 --publish 8080:8080 ^
 --env APACHE_PORT=11000 ^
 --env APACHE_IP_BINDING=0.0.0.0 ^
+--env APACHE_ADDITIONAL_NETWORK="" ^
+--env SKIP_DOMAIN_VALIDATION=false ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
 nextcloud/all-in-one:latest

From d4a3bbe10442676d11f2b6076d2085a1d6831534 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 3 Jan 2025 17:13:54 +0100
Subject: [PATCH 2821/3949] local-ai: fix stablediffusion link

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/local-ai/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 236a2630..2ab05996 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -7,7 +7,7 @@ This container bundles Local AI and auto-configures it for you.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml
 # Stable Diffusion in NCNN with c++, supported txt2img and img2img 
-- url: github:mudler/LocalAI/gallery/stablediffusion.yaml
+- url: github:mudler/LocalAI/blob/master/gallery/stablediffusion.yaml
   name: Stable_diffusion
 ```
 -  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.

From 99c5ae833633e068df30b1255de89372744f1571 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 3 Jan 2025 17:52:54 +0100
Subject: [PATCH 2822/3949] migration.md: adjust `/path/to/nextcloud/data/` to
 `/path/to/old/nextcloud/data/`

For https://github.com/nextcloud/all-in-one/issues/5806
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 864559c4..e3fc4a56 100644
--- a/migration.md
+++ b/migration.md
@@ -14,7 +14,7 @@ The procedure for migrating only the files works like this:
 1. Install Nextcloud AIO on a new server/linux installation, enter your domain and wait until all containers are running
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Restore the datadirectory of your former instance: for `/path/to/nextcloud/data/` run `sudo docker cp --follow-link /path/to/nextcloud/data/. nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/.` and `/` at the end are necessary.
+1. Restore the datadirectory of your former instance: for `/path/to/old/nextcloud/data/` run `sudo docker cp --follow-link /path/to/old/nextcloud/data/. nextcloud-aio-nextcloud:/mnt/ncdata/` Note: the `/.` and `/` at the end are necessary.
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

From 36f575d8a7ac941089f1fc176140b4c630dd9a2f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 4 Jan 2025 12:02:29 +0000
Subject: [PATCH 2823/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 58 +++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index e851be37..b84be669 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1348,12 +1348,12 @@
             },
             "type": "library",
             "extra": {
+                "thanks": {
+                    "url": "https://github.com/symfony/contracts",
+                    "name": "symfony/contracts"
+                },
                 "branch-alias": {
                     "dev-main": "3.5-dev"
-                },
-                "thanks": {
-                    "name": "symfony/contracts",
-                    "url": "https://github.com/symfony/contracts"
                 }
             },
             "autoload": {
@@ -1633,16 +1633,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.17.1",
+            "version": "v3.18.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "677ef8da6497a03048192aeeb5aa3018e379ac71"
+                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/677ef8da6497a03048192aeeb5aa3018e379ac71",
-                "reference": "677ef8da6497a03048192aeeb5aa3018e379ac71",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
+                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
                 "shasum": ""
             },
             "require": {
@@ -1697,7 +1697,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.17.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.18.0"
             },
             "funding": [
                 {
@@ -1709,7 +1709,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-12T09:58:10+00:00"
+            "time": "2024-12-29T10:51:50+00:00"
         }
     ],
     "packages-dev": [
@@ -1973,13 +1973,13 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "3.x-dev"
-                },
                 "phpstan": {
                     "includes": [
                         "extension.neon"
                     ]
+                },
+                "branch-alias": {
+                    "dev-main": "3.x-dev"
                 }
             },
             "autoload": {
@@ -2940,16 +2940,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.15",
+            "version": "v6.4.17",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "f1fc6f47283e27336e7cebb9e8946c8de7bff9bd"
+                "reference": "799445db3f15768ecc382ac5699e6da0520a0a04"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/f1fc6f47283e27336e7cebb9e8946c8de7bff9bd",
-                "reference": "f1fc6f47283e27336e7cebb9e8946c8de7bff9bd",
+                "url": "https://api.github.com/repos/symfony/console/zipball/799445db3f15768ecc382ac5699e6da0520a0a04",
+                "reference": "799445db3f15768ecc382ac5699e6da0520a0a04",
                 "shasum": ""
             },
             "require": {
@@ -3014,7 +3014,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.15"
+                "source": "https://github.com/symfony/console/tree/v6.4.17"
             },
             "funding": [
                 {
@@ -3030,7 +3030,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-06T14:19:14+00:00"
+            "time": "2024-12-07T12:07:30+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -3100,16 +3100,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.13",
+            "version": "v6.4.17",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958"
+                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/daea9eca0b08d0ed1dc9ab702a46128fd1be4958",
-                "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
+                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
                 "shasum": ""
             },
             "require": {
@@ -3144,7 +3144,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.13"
+                "source": "https://github.com/symfony/finder/tree/v6.4.17"
             },
             "funding": [
                 {
@@ -3160,7 +3160,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-01T08:30:56+00:00"
+            "time": "2024-12-29T13:51:37+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -3345,12 +3345,12 @@
             },
             "type": "library",
             "extra": {
+                "thanks": {
+                    "url": "https://github.com/symfony/contracts",
+                    "name": "symfony/contracts"
+                },
                 "branch-alias": {
                     "dev-main": "3.5-dev"
-                },
-                "thanks": {
-                    "name": "symfony/contracts",
-                    "url": "https://github.com/symfony/contracts"
                 }
             },
             "autoload": {

From 5f657151c68e525ef780dde3d32cd46763583d40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Jan 2025 05:08:23 +0000
Subject: [PATCH 2824/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-17 to 1.4.1-20.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d42001f1..4d54effc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-17
+FROM clamav/clamav:1.4.1-20
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From ce577c5769757d68d035f3def0ae9d48b8ab9925 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 4 Jan 2025 16:17:26 +0100
Subject: [PATCH 2825/3949] facerecognition docker does not support GPU

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 4487bd87..4078bada 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -16,10 +16,7 @@
             "aio_variables": [
                 "nextcloud_memory_limit=2048M"
             ],
-            "devices": [
-                "/dev/dri"
-            ],
-            "enable_nvidia_gpu": true,
+            "enable_nvidia_gpu": false,
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
                 "php /var/www/html/occ app:enable facerecognition", 

From febfd5744831e4cce24582a304c2b9eb986d3fe6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 11:03:41 +0100
Subject: [PATCH 2826/3949] rename `ENABLE_NVIDIA_GPU` to
 `NEXTCLOUD_ENABLE_NVIDIA_GPU`

to be more consistent with other options

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                            | 4 ++--
 php/src/Data/ConfigurationManager.php   | 2 +-
 readme.md                               | 2 +-
 tests/QA/060-environmental-variables.md | 1 +
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 2b9d866b..9557fc08 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -29,8 +29,8 @@ services:
       # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
-      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
-      # ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
+      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index f3629b7f..fec38814 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -989,7 +989,7 @@ class ConfigurationManager
     }
 
     private function GetEnabledNvidiaGpu() : string {
-        $envVariableName = 'ENABLE_NVIDIA_GPU';
+        $envVariableName = 'NEXTCLOUD_ENABLE_NVIDIA_GPU';
         $configName = 'enable_nvidia_gpu';
         $defaultValue = '';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
diff --git a/readme.md b/readme.md
index 033172fc..a5e2152b 100644
--- a/readme.md
+++ b/readme.md
@@ -789,7 +789,7 @@ In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` t
 
 This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.
 
-In order to use that, you need to add `--env ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
 
 If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 5113bdf7..fd6a4dca 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -21,6 +21,7 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
 - [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc.
 

From 81dd6bbc72e26e0aceee303b1bd7159d210300ff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 11:25:09 +0100
Subject: [PATCH 2827/3949] apache-healthcheck: remove the domain test

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/healthcheck.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Containers/apache/healthcheck.sh b/Containers/apache/healthcheck.sh
index 15235352..e9c1fad4 100644
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -3,7 +3,3 @@
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z 127.0.0.1 8000 || exit 1
 nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
-if ! nc -z "$NC_DOMAIN" 443; then
-    echo "Could not reach $NC_DOMAIN on port 443."
-    exit 1
-fi

From 4d38c5b8f7975daedd49fac6dac2d6578bf52426 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 11:31:21 +0100
Subject: [PATCH 2828/3949] facerecognition: document fixed 1G value

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/facerecognition/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index fa22e0bb..c715d9c7 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -3,6 +3,7 @@ This container bundles the external model of facerecognition and auto-configures
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
+- The image analysis is currently set to fixed value of `1G`. See [this](https://github.com/search?q=repo%3Anextcloud%2Fall-in-one+1G+path%3A%2F%5Ecommunity-containers%5C%2Ffacerecognition%5C%2F%2F&type=code)
 - Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
     ```bash
     # Go into the container

From 6c3c5cf981af5822c80a0184c91c3f002dff78e4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 11:41:21 +0100
Subject: [PATCH 2829/3949] manual-install: document behaviour about exposed
 options

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 26aaabf1..c14dae5e 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -23,7 +23,7 @@ git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
 Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).<br>
-⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols!
+⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612).
 
 Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
 

From 986130bb1b5dd5a256a55f36ad8bb100725e83a9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 11:56:45 +0100
Subject: [PATCH 2830/3949] nextcloud: check for configured appstoreurl during
 upgrade

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 65a8ace3..1849bb74 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -158,7 +158,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
                 echo -e "Checking connection to appstore"
-                CURL_STATUS="$(curl -LI "https://apps.nextcloud.com/" -o /dev/null -w '%{http_code}\n' -s)"
+                APPSTORE_URL="https://apps.nextcloud.com/"
+                if grep -q appstoreurl /var/www/html/config/config.php; then
+                    set -x
+                    APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
+                    set +x
+                fi
+                CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
                     echo "Appstore is reachable"

From 3d7194ddadd4c00751bb93ba59084455451385a1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 6 Jan 2025 11:03:01 +0000
Subject: [PATCH 2831/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8476db24..ff57c3d4 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.1.1
+version: 10.2.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 2afc39eb..89abe934 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20241216_102930
+          image: nextcloud/aio-apache:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b9404df3..33d6c6df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -62,7 +62,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20241216_102930
+          image: nextcloud/aio-clamav:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index f656c89f..2c86896d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20241216_102930
+          image: nextcloud/aio-collabora:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 581efb19..cdb6cb3c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -65,7 +65,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20241216_102930
+          image: nextcloud/aio-postgresql:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 39a69f64..8a114fad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20241216_102930
+          image: nextcloud/aio-fulltextsearch:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9e5c2fd4..6b8af9ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20241216_102930
+          image: nextcloud/aio-imaginary:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index ab618b42..2ee12d00 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -90,6 +90,8 @@ spec:
               value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
             - name: ADMIN_USER
               value: admin
+            - name: APACHE_HOST
+              value: nextcloud-aio-apache
             - name: APACHE_PORT
               value: "{{ .Values.APACHE_PORT }}"
             - name: CLAMAV_ENABLED
@@ -178,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20241216_102930
+          image: nextcloud/aio-nextcloud:20250106_094420
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index effd71e0..e8ad0dc8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20241216_102930
+          image: nextcloud/aio-notify-push:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index f3693fc1..1b2f4f2b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20241216_102930
+          image: nextcloud/aio-onlyoffice:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 93b1fb69..005419b0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20241216_102930
+          image: nextcloud/aio-redis:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 06f7defa..647f7964 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20241216_102930
+          image: nextcloud/aio-talk:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4c69e7f8..7d1b2787 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20241216_102930
+          image: nextcloud/aio-talk-recording:20250106_094420
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index ca48d71d..0c5cf295 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20241216_102930
+          image: nextcloud/aio-whiteboard:20250106_094420
           readinessProbe:
             exec:
               command:

From fdf43612f165ce5117f18502730510e14c0e6757 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 12:06:23 +0100
Subject: [PATCH 2832/3949] apache: remove the readinessprobe and livenessProbe
 for now as they are breaking

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-apache-deployment.yaml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 89abe934..d6a85cc8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -62,20 +62,6 @@ spec:
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
           image: nextcloud/aio-apache:20250106_094420
-          readinessProbe:
-            exec:
-              command:
-                - /healthcheck.sh
-            failureThreshold: 3
-            periodSeconds: 30
-            timeoutSeconds: 30
-          livenessProbe:
-            exec:
-              command:
-                - /healthcheck.sh
-            failureThreshold: 3
-            periodSeconds: 30
-            timeoutSeconds: 30
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

From 87143bc7bd8da38ae7786241feedfe42b6e5e7d1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 13:49:33 +0100
Subject: [PATCH 2833/3949] Adjust docs for talk_port variable a bit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                  | 2 +-
 manual-install/update-yaml.sh | 2 +-
 readme.md                     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 9557fc08..8596efd3 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -33,7 +33,7 @@ services:
       # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
-      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
     # security_opt: ["label:disable"] # Is needed when using SELinux
 
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 295cd3a1..f4d207c3 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -87,7 +87,7 @@ sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/loca
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect|' sample.conf
-sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
+sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
diff --git a/readme.md b/readme.md
index a5e2152b..a494ca11 100644
--- a/readme.md
+++ b/readme.md
@@ -723,7 +723,7 @@ Be aware though that these locations will not be covered by the built-in backup
 > If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
 By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.

From ca4386bef9297758f86e27eb47b61867c9f0f2e1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Jan 2025 14:00:35 +0100
Subject: [PATCH 2834/3949] helm: remove NET_BIND_SERVICE if not needed

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-clamav-deployment.yaml     |  2 --
 .../templates/nextcloud-aio-database-deployment.yaml   |  2 --
 .../templates/nextcloud-aio-imaginary-deployment.yaml  |  2 --
 .../templates/nextcloud-aio-nextcloud-deployment.yaml  |  1 -
 .../nextcloud-aio-notify-push-deployment.yaml          |  1 -
 .../templates/nextcloud-aio-redis-deployment.yaml      |  1 -
 .../templates/nextcloud-aio-talk-deployment.yaml       |  1 -
 .../nextcloud-aio-talk-recording-deployment.yaml       |  1 -
 .../templates/nextcloud-aio-whiteboard-deployment.yaml |  1 -
 nextcloud-aio-helm-chart/update-helm.sh                | 10 +++++-----
 10 files changed, 5 insertions(+), 17 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 33d6c6df..0f42d2ef 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -53,7 +53,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
       containers:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
@@ -92,7 +91,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /var/lib/clamav
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index cdb6cb3c..eb3e94d3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -52,7 +52,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
       containers:
         - env:
             - name: PGTZ
@@ -93,7 +92,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               subPath: data
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6b8af9ce..2a0f4476 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -66,6 +66,4 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add:
-                - NET_BIND_SERVICE
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 2ee12d00..87376bd9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -191,7 +191,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           {{- end }} # AIO-config - do not change this comment!
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e8ad0dc8..40cd1159 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -81,7 +81,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 005419b0..da3cd58d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -67,7 +67,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /data
               name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 647f7964..5d814cfc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -84,5 +84,4 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 7d1b2787..df51d5ea 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -72,7 +72,6 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           volumeMounts:
             - mountPath: /tmp
               name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 0c5cf295..b0993666 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -74,5 +74,4 @@ spec:
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 7e1364b2..3a8fff29 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -55,7 +55,7 @@ yq -i 'del(.services.[].tmpfs)' latest.yml
 # Remove cap_drop in order to add it later again easier
 yq -i 'del(.services.[].cap_drop)' latest.yml
 # Remove SYS_NICE for imaginary as it is not supported with RPSS
-sed -i "s|- SYS_NICE$|- NET_BIND_SERVICE|" latest.yml
+yq -i 'del(.services."nextcloud-aio-imaginary".cap_add)' latest.yml
 # cap SYS_ADMIN is called CAP_SYS_ADMIN in k8s
 sed -i "s|- SYS_ADMIN$|- CAP_SYS_ADMIN|" latest.yml
 
@@ -461,10 +461,9 @@ cat << EOL > /tmp/security.conf
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
 EOL
 # shellcheck disable=SC1083
-find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*imaginary-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
+find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
             # The items below only work in container context
@@ -475,9 +474,11 @@ cat << EOL > /tmp/security.conf
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
+              add: ["NET_BIND_SERVICE"]
 EOL
+
 # shellcheck disable=SC1083
-find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
+find ./ -name '*apache-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
@@ -490,7 +491,6 @@ cat << EOL > /tmp/security.conf
               {{- else }}
               drop: ["NET_RAW"]
               {{- end }}
-              add: ["NET_BIND_SERVICE"]
           {{- end }} # AIO-config - do not change this comment!
 EOL
 # shellcheck disable=SC1083

From e7f5747026dbe9f952601adc5ebb15303907055d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:58:35 +0000
Subject: [PATCH 2835/3949] build(deps): bump alpine from 3.21.0 to 3.21.1 in
 /Containers/borgbackup

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 2f0e6d53..70e21f1e 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 
 RUN set -ex; \
     \

From 2a05f9df1e3feb70f7e72147797132a3e7a088a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:58:42 +0000
Subject: [PATCH 2836/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index c6ea2a4c..1d9c40b2 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 30994e107456128e329d35c97cf5cb60ee67c4cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:58:49 +0000
Subject: [PATCH 2837/3949] build(deps): bump alpine from 3.21.0 to 3.21.1 in
 /Containers/imaginary

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index dcd3aa85..994a71b1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From a70ccef84997f3f0c4a2a93c853e568b6db58324 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:59:05 +0000
Subject: [PATCH 2838/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 050770f3..2a15875d 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 68055bf3030e9b85fc6a792f08c63cad46fc2d14 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:59:10 +0000
Subject: [PATCH 2839/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.6-alpine to 7.2.7-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 64b1c2fa..1b774ce5 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.6-alpine
+FROM redis:7.2.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 368b26766db11f9aa382ddd7532633ad6efd9011 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:59:14 +0000
Subject: [PATCH 2840/3949] build(deps): bump alpine from 3.21.0 to 3.21.1 in
 /Containers/talk

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 95733666..88ff1e8c 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.24-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
-FROM alpine:3.21.0 AS janus
+FROM alpine:3.21.1 AS janus
 
 ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From 5904adfeb22b83fbc879669b33897cd6dfd8d5f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 04:59:28 +0000
Subject: [PATCH 2841/3949] build(deps): bump alpine from 3.21.0 to 3.21.1 in
 /Containers/watchtower

Bumps alpine from 3.21.0 to 3.21.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index a53993aa..5b9823fb 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.21.0
+FROM alpine:3.21.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 28e2cc49b42ee8cef3be73b6c931894a71c02f36 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 7 Jan 2025 09:58:47 +0100
Subject: [PATCH 2842/3949] increase to v10.3.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0fcf690f..1920ebbd 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.2.0</h1>
+            <h1>Nextcloud AIO v10.3.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 1ef6769941c347c6b64fc8c177af8af75795cc12 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 7 Jan 2025 12:03:30 +0000
Subject: [PATCH 2843/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/sample.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 64d360af..79fa9b36 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -37,5 +37,5 @@ NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
-TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
+TALK_PORT=3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.

From f2a5b2bdc75da53375140112623d7d4d6994aee7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 7 Jan 2025 15:21:42 +0100
Subject: [PATCH 2844/3949] nextcloud-entrypoint:  adjust logic around app api
 app

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1849bb74..c97a56f9 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -864,17 +864,20 @@ else
 fi
 
 # Docker socket proxy
+# app_api is a shipped app
+if [ -d "/var/www/html/custom_apps/app_api" ]; then
+    php /var/www/html/occ app:disable app_api
+    rm -r "/var/www/html/custom_apps/app_api"
+fi
 if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-    if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
-        php /var/www/html/occ app:install app_api
-    elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
+    if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable app_api
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update app_api
     fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
-        php /var/www/html/occ app:remove app_api
+    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
+        if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "no" ]; then
+            php /var/www/html/occ app:disable app_api
+        fi
     fi
 fi
 

From ea789d2dca536baee0de517d5e2b55458dd0a443 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:33:25 +0000
Subject: [PATCH 2845/3949] build(deps): bump caddy in /Containers/apache

Bumps caddy from 2.8.4-alpine to 2.9.1-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 95429a7a..34bd2df1 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.8.4-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.62-alpine3.21

From c4f6c89b678c989a8ca4041c76898afcdec8cfad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:33:39 +0000
Subject: [PATCH 2846/3949] build(deps): bump alpine from 3.21.1 to 3.21.2 in
 /Containers/borgbackup

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 70e21f1e..120bedf2 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 RUN set -ex; \
     \

From 1ec07aeabd8ef869ea85f011e78059954fc78a0c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:33:42 +0000
Subject: [PATCH 2847/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.11.1.1 to 24.04.11.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c66f9526..5da3a050 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.11.1.1
+FROM collabora/code:24.04.11.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c06a52e2be38f45525895b07cb481a3b97941a39 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:33:46 +0000
Subject: [PATCH 2848/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 1d9c40b2..b1fe44be 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From d6d0086a666cd7de6e10d198ae881a7eaf2b4b41 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:33:53 +0000
Subject: [PATCH 2849/3949] build(deps): bump alpine from 3.21.1 to 3.21.2 in
 /Containers/imaginary

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 994a71b1..408fcdfd 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 16f764941ea4013aa9fc78653cbea31d8133326e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:34:02 +0000
Subject: [PATCH 2850/3949] build(deps): bump caddy in
 /Containers/mastercontainer

Bumps caddy from 2.8.4-alpine to 2.9.1-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 73208df0..6047bc76 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -3,7 +3,7 @@
 FROM docker:27.4.1-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.8.4-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
 FROM php:8.3.15-fpm-alpine3.21

From 0e1eb9d1a8143c305c7054f80db266bbae0b1caa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:34:12 +0000
Subject: [PATCH 2851/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 2a15875d..21b83b68 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 4b8dd232c5ca8034a2ce68b2d11556a6f29595e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:34:26 +0000
Subject: [PATCH 2852/3949] build(deps): bump alpine from 3.21.1 to 3.21.2 in
 /Containers/talk

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 88ff1e8c..3de8dc43 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.24-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
-FROM alpine:3.21.1 AS janus
+FROM alpine:3.21.2 AS janus
 
 ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From 75ea7c4f2787a58b3c0ea2a4691485abb33b35b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jan 2025 04:34:34 +0000
Subject: [PATCH 2853/3949] build(deps): bump alpine from 3.21.1 to 3.21.2 in
 /Containers/watchtower

Bumps alpine from 3.21.1 to 3.21.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 5b9823fb..8a0592fe 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 41a867e7f272f047fe379ed1b16f17e7b0c48290 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 10 Jan 2025 23:09:12 +0100
Subject: [PATCH 2854/3949] domain-validation: improve the notice about the
 private ip-address

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fec38814..e7d6884f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -340,9 +340,9 @@ class ConfigurationManager
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work!");
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported by the domain validation. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work or skip the domain validation!");
                 } else {
-                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
+                    error_log("Info: It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }
             }
 

From b046294801cfb47824ce91c753693b9e4794aa1f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 10 Jan 2025 23:12:12 +0100
Subject: [PATCH 2855/3949] containers-schema and containers.json: remove
 networks from definition

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers-schema.json |  7 -------
 php/containers.json        | 39 --------------------------------------
 2 files changed, 46 deletions(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index d8dcfb0b..9f2141d3 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -187,13 +187,6 @@
 							"pattern": "^[a-z-]+$"
 						}
 					},
-					"networks": {
-						"type": "array",
-						"items": {
-							"type": "string",
-							"pattern": "^nextcloud-aio$"
-						}
-					},
 					"read_only": {
 						"type": "boolean"
 					},
diff --git a/php/containers.json b/php/containers.json
index 73bed029..1457b0de 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -67,9 +67,6 @@
         "nextcloud_aio_nextcloud",
         "nextcloud_aio_apache"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/log/supervisord",
@@ -130,9 +127,6 @@
         "nextcloud_aio_database",
         "nextcloud_aio_database_dump"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/run/postgresql"
@@ -268,9 +262,6 @@
       "backup_volumes": [
         "nextcloud_aio_nextcloud"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]
@@ -317,9 +308,6 @@
         "POSTGRES_USER=nextcloud"
       ],
       "restart": "unless-stopped",
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
@@ -361,9 +349,6 @@
         "RECORDING_SECRET"
       ],
       "restart": "unless-stopped",
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
@@ -404,9 +389,6 @@
       "profiles": [
         "collabora"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_add": [
         "MKNOD",
         "SYS_ADMIN"
@@ -466,9 +448,6 @@
         "talk",
         "talk-recording"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/log/supervisord",
@@ -526,9 +505,6 @@
         "/dev/dri"
       ],
       "enable_nvidia_gpu": true,
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/conf"
@@ -690,9 +666,6 @@
       "profiles": [
         "clamav"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/lock",
@@ -745,9 +718,6 @@
       "profiles": [
         "onlyoffice"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]
@@ -785,9 +755,6 @@
       "profiles": [
         "imaginary"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/tmp"
@@ -838,9 +805,6 @@
       "profiles": [
         "fulltextsearch"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "secrets": [
         "FULLTEXTSEARCH_PASSWORD"
       ],
@@ -910,9 +874,6 @@
         "whiteboard"
       ],
       "read_only": true,
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]

From 76ccf69a0544069d5c4fcafdb9a463835bdbe3f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Jan 2025 04:34:09 +0000
Subject: [PATCH 2856/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-20 to 1.4.1-21.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 4d54effc..d5e7067d 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-20
+FROM clamav/clamav:1.4.1-21
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 2fc2be363aa03c4ff6e091a1f8163a942b34152f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 13 Jan 2025 11:15:29 +0100
Subject: [PATCH 2857/3949] nextcloud: allow to configure redis user

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile              | 2 +-
 Containers/nextcloud/config/redis.config.php | 4 ++++
 Containers/notify-push/start.sh              | 2 +-
 Containers/whiteboard/start.sh               | 2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e8999f75..172b57b5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -147,7 +147,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379/${REDIS_DB_INDEX}?auth=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}&auth[]=${REDIS_USER}&auth[]=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index c99a9ec1..7e4edec2 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -18,4 +18,8 @@ if (getenv('REDIS_HOST')) {
   if (getenv('REDIS_DB_INDEX')) {
     $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
   }
+
+  if (getenv('REDIS_USER') !== false) {
+    $CONFIG['redis']['user'] = getenv('REDIS_USER');
+  }
 }
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 21b291d0..eda094d1 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -62,7 +62,7 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 8816ee7f..576bd094 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -11,7 +11,7 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
 exec npm run server:start

From ce7a10e4c0c3c5615cee7b0c1d9f40139d7296e9 Mon Sep 17 00:00:00 2001
From: pailloM <56462552+pailloM@users.noreply.github.com>
Date: Tue, 14 Jan 2025 04:43:36 -0500
Subject: [PATCH 2858/3949] add calcardbackup community container (#5864)

Signed-off-by: PailloM <paillomams@gmx.com>
Signed-off-by: pailloM <56462552+pailloM@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 .../calcardbackup/calcardbackup.json          | 37 +++++++++++++++++++
 community-containers/calcardbackup/readme.md  | 15 ++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 community-containers/calcardbackup/calcardbackup.json
 create mode 100644 community-containers/calcardbackup/readme.md

diff --git a/community-containers/calcardbackup/calcardbackup.json b/community-containers/calcardbackup/calcardbackup.json
new file mode 100644
index 00000000..738ca2f0
--- /dev/null
+++ b/community-containers/calcardbackup/calcardbackup.json
@@ -0,0 +1,37 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-calcardbackup",
+            "display_name": "Calendar and contacts backup",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/calcardbackup",
+            "image": "waja/calcardbackup",
+            "image_tag": "latest",
+            "restart": "unless-stopped",
+            "environment": [
+                "CRON_TIME=0 0 * * *",
+                "INIT_BACKUP=yes",
+                "BACKUP_DIR=/backup",
+                "NC_DIR=/nextcloud",
+                "NC_HOST=%NC_DOMAIN%",
+                "DB_HOST=nextcloud-aio-database",
+                "DB_PORT=5432",
+                "CALCARD_OPTS=-ltm 5"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_calcardbackup",
+                    "destination": "/backup",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_nextcloud",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_calcardbackup"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/community-containers/calcardbackup/readme.md b/community-containers/calcardbackup/readme.md
new file mode 100644
index 00000000..0bb04a3b
--- /dev/null
+++ b/community-containers/calcardbackup/readme.md
@@ -0,0 +1,15 @@
+## calcardbackup  
+This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
+  
+### Notes  
+- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO.
+- All the exports will be included in AIOs backup solution
+- You can find the exports in the nextcloud_aio_calcardbackup volume
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack  
+  
+### Repository  
+https://github.com/waja/docker-calcardbackup
+
+### Maintainer
+https://github.com/pailloM
+  

From f658318df055598aedf6aaae8e46b63d543b56ce Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 14 Jan 2025 10:42:41 +0000
Subject: [PATCH 2859/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml              |  2 +-
 .../nextcloud-aio-apache-deployment.yaml         | 16 +++++++++++++++-
 .../nextcloud-aio-clamav-deployment.yaml         |  2 +-
 .../nextcloud-aio-collabora-deployment.yaml      |  2 +-
 .../nextcloud-aio-database-deployment.yaml       |  2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml |  2 +-
 .../nextcloud-aio-imaginary-deployment.yaml      |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml      |  2 +-
 .../nextcloud-aio-notify-push-deployment.yaml    |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml     |  2 +-
 .../nextcloud-aio-redis-deployment.yaml          |  2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml |  2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml |  2 +-
 .../nextcloud-aio-whiteboard-deployment.yaml     |  2 +-
 nextcloud-aio-helm-chart/values.yaml             |  2 +-
 15 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index ff57c3d4..7a3e34a5 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.2.0
+version: 10.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index d6a85cc8..295189e1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,21 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250106_094420
+          image: nextcloud/aio-apache:20250114_092611
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 0f42d2ef..fcb640b4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250106_094420
+          image: nextcloud/aio-clamav:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 2c86896d..9d6a83df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250106_094420
+          image: nextcloud/aio-collabora:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index eb3e94d3..424dfacb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250106_094420
+          image: nextcloud/aio-postgresql:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8a114fad..03db31c2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250106_094420
+          image: nextcloud/aio-fulltextsearch:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2a0f4476..6bdc420e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250106_094420
+          image: nextcloud/aio-imaginary:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 87376bd9..d7168337 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250106_094420
+          image: nextcloud/aio-nextcloud:20250114_092611
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 40cd1159..27d9cb1b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20250106_094420
+          image: nextcloud/aio-notify-push:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 1b2f4f2b..343d147e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250106_094420
+          image: nextcloud/aio-onlyoffice:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index da3cd58d..6756ecb1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250106_094420
+          image: nextcloud/aio-redis:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 5d814cfc..00fe1ae4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250106_094420
+          image: nextcloud/aio-talk:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index df51d5ea..59f6926e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250106_094420
+          image: nextcloud/aio-talk-recording:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index b0993666..f7d170ba 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250106_094420
+          image: nextcloud/aio-whiteboard:20250114_092611
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index c17bf268..3f760504 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -34,7 +34,7 @@ NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
-TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
+TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes

From d971f86f0c075bef0dd4a4f052996276d23455a8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 Jan 2025 11:51:42 +0100
Subject: [PATCH 2860/3949] increase to 10.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1920ebbd..57dfc3f1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.3.0</h1>
+            <h1>Nextcloud AIO v10.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 2148b60fc0b4694d8e2fe73cfdb23e30f38b7c18 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 14 Jan 2025 12:02:59 +0000
Subject: [PATCH 2861/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 408fcdfd..19b51c43 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.4-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk add --no-cache \

From 4acc9d8f41ad0bc3a22dad61286d096605413171 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 Jan 2025 14:25:17 +0100
Subject: [PATCH 2862/3949] add idea

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile              | 2 +-
 Containers/nextcloud/config/redis.config.php | 4 ++--
 Containers/notify-push/start.sh              | 4 ++++
 Containers/whiteboard/start.sh               | 4 ++++
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 172b57b5..50692fbf 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -147,7 +147,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}&auth[]=${REDIS_USER}&auth[]=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index 7e4edec2..80848974 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -19,7 +19,7 @@ if (getenv('REDIS_HOST')) {
     $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
   }
 
-  if (getenv('REDIS_USER') !== false) {
-    $CONFIG['redis']['user'] = getenv('REDIS_USER');
+  if (getenv('REDIS_USER_AUTH') !== false) {
+    $CONFIG['redis']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
   }
 }
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index eda094d1..6ff81fec 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -62,6 +62,10 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
+if [ -n "$REDIS_USER_AUTH" ]; then
+    # shellcheck disable=SC2001
+    REDIS_USER="$(echo "$REDIS_USER_AUTH" | sed 's|&auth[]=||')"
+fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 576bd094..8390c923 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -11,6 +11,10 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
+if [ -n "$REDIS_USER_AUTH" ]; then
+    # shellcheck disable=SC2001
+    REDIS_USER="$(echo "$REDIS_USER_AUTH" | sed 's|&auth[]=||')"
+fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From b786415cfbec4f989893739889847003f43ab316 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 Jan 2025 14:39:32 +0100
Subject: [PATCH 2863/3949] Revert changes to notify-push and whiteboard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 4 ----
 Containers/whiteboard/start.sh  | 4 ----
 2 files changed, 8 deletions(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 6ff81fec..eda094d1 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -62,10 +62,6 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
-if [ -n "$REDIS_USER_AUTH" ]; then
-    # shellcheck disable=SC2001
-    REDIS_USER="$(echo "$REDIS_USER_AUTH" | sed 's|&auth[]=||')"
-fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 8390c923..576bd094 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -11,10 +11,6 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
-if [ -n "$REDIS_USER_AUTH" ]; then
-    # shellcheck disable=SC2001
-    REDIS_USER="$(echo "$REDIS_USER_AUTH" | sed 's|&auth[]=||')"
-fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From a8f6e7a3364a82e118a2d65029eafb7b83550f5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Jan 2025 05:12:46 +0000
Subject: [PATCH 2864/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.1-alpine to 3.1.2-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 61b115ec..93ce5884 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.1-alpine
+FROM haproxy:3.1.2-alpine
 
 # hadolint ignore=DL3002
 USER root

From 96ea32405d5a64109717f1c8cafb593bfc9f16dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Jan 2025 05:13:02 +0000
Subject: [PATCH 2865/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.4.1-cli to 27.5.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 6047bc76..3849cfd9 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.4.1-cli AS docker
+FROM docker:27.5.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From 276cd7d9d88484ab5711145cc56ae211e647e245 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 Jan 2025 13:48:06 +0100
Subject: [PATCH 2866/3949] fail2ban-cc: add jellyfin

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/fail2ban/fail2ban.json | 5 +++++
 community-containers/fail2ban/readme.md     | 2 +-
 community-containers/jellyfin/readme.md     | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index 5305ad85..70d0597b 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -25,6 +25,11 @@
                     "source": "nextcloud_aio_vaultwarden_logs",
                     "destination": "/vaultwarden",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_jellyfin",
+                    "destination": "/jellyfin",
+                    "writeable": false
                 }
             ]
         }
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 9725251c..1811ebb2 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
diff --git a/community-containers/jellyfin/readme.md b/community-containers/jellyfin/readme.md
index b277ab46..2a78bc1e 100644
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -8,6 +8,7 @@ This container bundles Jellyfin and auto-configures it for you.
 - In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
 - ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
 - If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important!
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Jellyfin will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
 

From 22fdaa57cececeef6ec1125f00f07404b1690681 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 15 Jan 2025 15:36:43 +0100
Subject: [PATCH 2867/3949] rp-docs: add info about hairpin-nat and local
 dns-record in debug section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 29869aed..d8fdaa7d 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -920,5 +920,6 @@ If something does not work, follow the steps below:
 1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below!
 1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 (and 80)!
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)!
+1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!

From 02cc5f04caf11605ac0ea6eaa0cf2182ec226a3d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Jan 2025 10:45:49 +0100
Subject: [PATCH 2868/3949] mastercontainer: check if auth.docker.io is
 reachable during startup

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 9 +++++++++
 manual-install/readme.md            | 2 ++
 2 files changed, 11 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index d467c880..7424c436 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -283,6 +283,15 @@ if [ "$?" = 6 ]; then
     exit 1
 fi
 
+# Check if auth.docker.io is reachable
+# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
+if ! curl https://auth.docker.io/token | grep -q token; then
+    print_red "Could not reach https://auth.docker.io."
+    echo "Most likely is something blocking access to it."
+    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    exit 1
+fi
+
 # Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
 if [ -n "$TZ" ]; then
     print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"
diff --git a/manual-install/readme.md b/manual-install/readme.md
index c14dae5e..9bf34c9c 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -6,11 +6,13 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
 - You can run the containers with docker swarm
+- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
 
 ### Disadvantages
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
+- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
 - You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 - **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine

From 23755a0371e3e69a0d8fc5a3c6c1b27bede9a13f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 16 Jan 2025 19:45:00 +0000
Subject: [PATCH 2869/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 50692fbf..bb3b567e 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.4
+ENV NEXTCLOUD_VERSION=30.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 1ad0fcf1b6b414e629be3b92e486653713902a56 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 17 Jan 2025 13:52:33 +0100
Subject: [PATCH 2870/3949] improve check for auth.docker.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 7424c436..bca074ae 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -285,7 +285,7 @@ fi
 
 # Check if auth.docker.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://auth.docker.io/token | grep -q token; then
+if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
     print_red "Could not reach https://auth.docker.io."
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"

From a425f5b49bc2a82eeb9e714acdb799ef0a4c96e1 Mon Sep 17 00:00:00 2001
From: Thorsten Schaefer <github@npath.de>
Date: Fri, 17 Jan 2025 19:07:37 +0100
Subject: [PATCH 2871/3949] Support custom port for onlyoffice

Signed-off-by: Thorsten Schaefer <github@npath.de>
---
 Containers/apache/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index d635f329..64fb5f93 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -40,7 +40,7 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
     route /onlyoffice/* {
         uri strip_prefix /onlyoffice
         reverse_proxy {$ONLYOFFICE_HOST}:80 {
-            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
             header_up X-Forwarded-Proto https
         }
     }

From b16dfd83ceecb9504497fff212c9ced9e6590f6c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 19 Jan 2025 14:25:51 +0100
Subject: [PATCH 2872/3949] Update NPMplus community container readme.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 community-containers/npmplus/readme.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
index 86679352..437c6771 100644
--- a/community-containers/npmplus/readme.md
+++ b/community-containers/npmplus/readme.md
@@ -3,7 +3,6 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 
 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
-- You can ignore the NPM configuration of the reverse-proxy.md. The NPMplus fork already contains the changes of the advanced tab.
 - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
 - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
 - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password. 
@@ -11,7 +10,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
 - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
 - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
-- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true
+- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true by default
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository and Documentation

From da07aaa887d0b295e3fa37358a18151091729265 Mon Sep 17 00:00:00 2001
From: Gerald Krause <gerald.d.krause@t-online.de>
Date: Sun, 19 Jan 2025 19:21:04 +0100
Subject: [PATCH 2873/3949] Improved the readme by clarifying that the NC
 instance can be restored by the backup data Signed-off-by: Gerald Krause
 <geedeekay@justmail.de>

Signed-off-by: Gerald Krause <geedeekay@justmail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index a494ca11..8ea467c6 100644
--- a/readme.md
+++ b/readme.md
@@ -429,7 +429,7 @@ Be aware that this solution does not back up files and folders that are mounted
 ---
 
 #### What is getting backed up by AIO's backup solution?
-Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
+Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
 
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!

From 497d6d1191c6b4b74be745e77a3a558847b2c228 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 05:02:05 +0000
Subject: [PATCH 2874/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-21 to 1.4.1-22.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d5e7067d..79f6d9cc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-21
+FROM clamav/clamav:1.4.1-22
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 572dfd634f322ef2a4f1073e71a21818ea5c6a15 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 05:02:07 +0000
Subject: [PATCH 2875/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.11.2.1 to 24.04.11.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 5da3a050..3bfa837d 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.11.2.1
+FROM collabora/code:24.04.11.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 1be57491021570bfc65f0fa3f7da3642871f2838 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 05:02:15 +0000
Subject: [PATCH 2876/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.4-alpine3.21 to 1.23.5-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 19b51c43..f78f2ad5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.4-alpine3.21 AS go
+FROM golang:1.23.5-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From ec3895beef69361672a1d32374050f9123eab647 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 20 Jan 2025 13:36:10 +0100
Subject: [PATCH 2877/3949] apache: add docs to aio interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/containers.json b/php/containers.json
index 1457b0de..57117d83 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -3,6 +3,7 @@
     {
       "container_name": "nextcloud-aio-apache",
       "image_tag": "%AIO_CHANNEL%",
+      "documentation": "https://github.com/nextcloud/all-in-one/discussions/2105",
       "depends_on": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",

From db5bfa7936f93eda5117f2af8a1a08c7a244d3aa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 13:06:32 +0000
Subject: [PATCH 2878/3949] build(deps): bump helm/chart-releaser-action from
 1.6.0 to 1.7.0

Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases)
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 1548cb2d..baacd7de 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -41,7 +41,7 @@ jobs:
           helm lint ./nextcloud-aio-helm-chart
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         with:
           mark_as_latest: false
           charts_dir: .

From 666b5ef34135c092db9becd36bf2e1723e965f94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 20 Jan 2025 15:25:33 +0100
Subject: [PATCH 2879/3949] Update dependabot.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cf226fcf..8afcc4e4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,6 +7,9 @@ updates:
     time: "12:00"
   open-pull-requests-limit: 10
   rebase-strategy: "disabled"
+  labels:
+  - 3. to review
+  - dependencies
 - package-ecosystem: composer
   directory: "/php/"
   schedule:

From c578a6e3f3d521a01361e83d4e278a429031f9f4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 20 Jan 2025 13:20:06 +0100
Subject: [PATCH 2880/3949] DockerActionManager: improve the logging

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/src/Docker/DockerActionManager.php  | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f040e169..8c2d3abe 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -46,7 +46,7 @@ readonly class DockerController {
         if ($pullImage) {
             if (!$this->dockerActionManager->isDockerHubReachable($container)) {
                 $pullImage = false;
-                error_log('Not pulling the image for the ' . $container->GetContainerName() . ' container because docker hub does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.');
             }
         }
 
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e3d7c337..3ec37499 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -167,7 +167,7 @@ readonly class DockerActionManager {
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
         }
     }
 
@@ -588,7 +588,7 @@ readonly class DockerActionManager {
                 ]
             );
         } catch (RequestException $e) {
-            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getMessage());
+            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
         }
 
     }
@@ -623,7 +623,7 @@ readonly class DockerActionManager {
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            $message = "Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.";
+            $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents();
             if ($imageIsThere === false) {
                 throw new \Exception($message);
             } else {
@@ -883,7 +883,7 @@ readonly class DockerActionManager {
             } catch (RequestException $e) {
                 // 409 is undocumented and gets thrown if the network already exists.
                 if ($e->getCode() !== 409) {
-                    throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
+                    throw new \Exception("Could not create the nextcloud-aio network: " . $e->getResponse()?->getBody()->getContents());
                 }
             }
         }

From d6a9f92aeecc4d568923674900c8f28bbc69a866 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 21 Jan 2025 12:02:54 +0000
Subject: [PATCH 2881/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index b84be669..37cc3db7 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -502,16 +502,16 @@
         },
         {
             "name": "php-di/invoker",
-            "version": "2.3.4",
+            "version": "2.3.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Invoker.git",
-                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86"
+                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/33234b32dafa8eb69202f950a1fc92055ed76a86",
-                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86",
+                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576",
+                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576",
                 "shasum": ""
             },
             "require": {
@@ -545,7 +545,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/Invoker/issues",
-                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.4"
+                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.6"
             },
             "funding": [
                 {
@@ -553,7 +553,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-09-08T09:24:21+00:00"
+            "time": "2025-01-17T12:49:27+00:00"
         },
         {
             "name": "php-di/php-di",

From 03b846b3f435e9eb9b7df06463cea76eddf98387 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 Jan 2025 14:49:56 +0100
Subject: [PATCH 2882/3949] aio-interface: update wording for entering the
 domain

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 57dfc3f1..54dc563d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -101,7 +101,7 @@
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
-                            <p>Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.</p>
+                            <p>Please type the domain that will be used for Nextcloud.</p>
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}

From e6c42f0bf83447ad34b5becd8f82ba224cfdebfa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 04:46:06 +0000
Subject: [PATCH 2883/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.17.0 to 8.17.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 3a57714d..7bcac338 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.0
+FROM elasticsearch:8.17.1
 
 USER root
 

From 278d449bc2465812ad013f612fb89237cdc62e5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 04:46:12 +0000
Subject: [PATCH 2884/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.15-fpm-alpine3.21 to 8.3.16-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index bb3b567e..04606113 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.15-fpm-alpine3.21
+FROM php:8.3.16-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From a9cf1e960c6be5f10a11fe2598f49dd09a71d05a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 04:46:26 +0000
Subject: [PATCH 2885/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.15-fpm-alpine3.21 to 8.3.16-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3849cfd9..18cf331a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.5.0-cli AS docker
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.15-fpm-alpine3.21
+FROM php:8.3.16-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From 3fb8ae5b917e07f1b07b9c8a8e639f5b7765ba5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 04:46:59 +0000
Subject: [PATCH 2886/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.0.4 to v1.0.5.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 3d178c18..d20705ef 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
 
 USER root
 RUN set -ex; \

From c238e815fa238ba7cafc380aa6432aa8a411fbbb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 Jan 2025 11:04:52 +0100
Subject: [PATCH 2887/3949] fix chellcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh           | 2 +-
 php/templates/includes/optional-containers.twig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index dda0504c..9317d71a 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -521,7 +521,7 @@ if [ "$BORG_MODE" = check ]; then
     # Perform the check
     if ! borg check -v --verify-data; then
         echo "Some errors were found while checking the backup integrity!"
-        echo "Check the AIO interface for advices on how to proceed now!"
+        echo "Check the AIO interface for advice on how to proceed now!"
         exit 1
     fi
 
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index bf489120..baa6c1cc 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -145,7 +145,7 @@
     <input id="options-form-submit" type="submit" value="Save changes" />
     <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
-<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true or is_x64_platform == false %}
     <script type="text/javascript" src="disable-clamav.js"></script>
 {% endif %}

From 0d86e36ff6bafa6d1b14969ac769b10c13c9b5de Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Wed, 22 Jan 2025 05:07:39 -0500
Subject: [PATCH 2888/3949] Add Jellyseerr Community Container (#5911)

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md          |  1 +
 community-containers/fail2ban/fail2ban.json   |  5 +++
 community-containers/fail2ban/readme.md       |  2 +-
 .../jellyseerr/jellyseerr.json                | 34 +++++++++++++++++++
 community-containers/jellyseerr/readme.md     | 16 +++++++++
 5 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/jellyseerr/jellyseerr.json
 create mode 100644 community-containers/jellyseerr/readme.md

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index fcb71964..3c97c5b6 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -9,6 +9,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index 70d0597b..dbc733d4 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -30,6 +30,11 @@
                     "source": "nextcloud_aio_jellyfin",
                     "destination": "/jellyfin",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_jellyseerr",
+                    "destination": "/jellyseerr",
+                    "writeable": false
                 }
             ]
         }
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 1811ebb2..851cb03c 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
diff --git a/community-containers/jellyseerr/jellyseerr.json b/community-containers/jellyseerr/jellyseerr.json
new file mode 100644
index 00000000..1dc2895c
--- /dev/null
+++ b/community-containers/jellyseerr/jellyseerr.json
@@ -0,0 +1,34 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-jellyseerr",
+            "display_name": "Jellyseerr",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr",
+            "image": "fallenbagel/jellyseerr",
+            "image_tag": "latest",
+            "internal_port": "5055",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "%APACHE_IP_BINDING%",
+                    "port_number": "5055",
+                    "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "PORT=5055",
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_jellyseerr",
+                    "destination": "/app/config",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_jellyseerr"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md
new file mode 100644
index 00000000..d6e606df
--- /dev/null
+++ b/community-containers/jellyseerr/readme.md
@@ -0,0 +1,16 @@
+## Jellyseerr
+This container bundles Jellyseerr and auto-configures it for you.
+
+### Notes
+- This container is only intended to be used inside home networks as it uses http for its management page by default.
+- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
+- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr.
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
+- The config of Jellyseerr will be automatically included in AIO's backup solution!
+- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
+
+### Repository
+https://github.com/Fallenbagel/jellyseerr
+
+### Maintainer
+https://github.com/Anvil5465

From 521f9fd0e0ecb9d99573f2f28bcfae5aa28de737 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 22 Jan 2025 10:10:18 +0000
Subject: [PATCH 2889/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml          | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7a3e34a5..97571e93 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.3.0
+version: 10.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 295189e1..eae786e2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250114_092611
+          image: nextcloud/aio-apache:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index fcb640b4..730f9cf5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250114_092611
+          image: nextcloud/aio-clamav:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 9d6a83df..69da6e1b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250114_092611
+          image: nextcloud/aio-collabora:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 424dfacb..1ab61316 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250114_092611
+          image: nextcloud/aio-postgresql:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 03db31c2..d4d3c1ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250114_092611
+          image: nextcloud/aio-fulltextsearch:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6bdc420e..f0dc68f6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250114_092611
+          image: nextcloud/aio-imaginary:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d7168337..75c74fa1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250114_092611
+          image: nextcloud/aio-nextcloud:20250122_091948
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 27d9cb1b..ef0455ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20250114_092611
+          image: nextcloud/aio-notify-push:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 343d147e..0bf7c2a6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250114_092611
+          image: nextcloud/aio-onlyoffice:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 6756ecb1..b2cfd07e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250114_092611
+          image: nextcloud/aio-redis:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 00fe1ae4..3e827062 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250114_092611
+          image: nextcloud/aio-talk:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 59f6926e..10218a93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250114_092611
+          image: nextcloud/aio-talk-recording:20250122_091948
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index f7d170ba..1ef71833 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -46,7 +46,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250114_092611
+          image: nextcloud/aio-whiteboard:20250122_091948
           readinessProbe:
             exec:
               command:

From bfc5f4044836740f814567f58e4ba1c9dfaac4a9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 27 Jun 2024 10:59:08 +0200
Subject: [PATCH 2890/3949] community-containers: add makemkv

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/makemkv/makemkv.json | 58 +++++++++++++++++++++++
 community-containers/makemkv/readme.md    | 20 ++++++++
 php/containers-schema.json                |  2 +-
 3 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/makemkv/makemkv.json
 create mode 100644 community-containers/makemkv/readme.md

diff --git a/community-containers/makemkv/makemkv.json b/community-containers/makemkv/makemkv.json
new file mode 100644
index 00000000..e8d7f8dd
--- /dev/null
+++ b/community-containers/makemkv/makemkv.json
@@ -0,0 +1,58 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-makekv",
+            "display_name": "MakeMKV",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/makemkv",
+            "image": "jlesage/makemkv",
+            "image_tag": "latest",
+            "internal_port": "5802",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "",
+                    "port_number": "5802",
+                    "protocol": "tcp"
+                }
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_makemkv",
+                    "destination": "/config",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/storage",
+                    "writeable": false
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "/output",
+                    "writeable": true
+                },
+                {
+                    "source": "/dev",
+                    "destination": "/dev",
+                    "writeable": false
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "SECURE_CONNECTION=1",
+                "WEB_AUTHENTICATION=1",
+                "USER_ID=33",
+                "GROUP_ID=33",
+                "WEB_AUTHENTICATION_USERNAME=makemkv",
+                "WEB_AUTHENTICATION_PASSWORD=%MAKEMKV_PASSWORD%",
+                "WEB_LISTENING_PORT=5802"
+            ],
+            "secrets": [
+                "MAKEMKV_PASSWORD"
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_makemkv"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md
new file mode 100644
index 00000000..fa26be40
--- /dev/null
+++ b/community-containers/makemkv/readme.md
@@ -0,0 +1,20 @@
+## MakeMKV
+This container bundles MakeMKV and auto-configures it for you.
+
+### Notes
+- This container should only be run in home networks
+- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
+- This container only works on Linux and not on Docker-Desktop.
+- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
+- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
+- The config data of MakeMKV will be automatically included in AIOs backup solution!
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/jlesage/docker-makemkv
+
+### Maintainer
+https://github.com/szaimen
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 9f2141d3..8b59c3d8 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -213,7 +213,7 @@
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%))$"
+									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev))$"
 								},
 								"writeable": {
 									"type": "boolean"

From 7468386397b23fb9828bc8e8de961f2ca581fe63 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Jan 2025 16:37:37 +0100
Subject: [PATCH 2891/3949] add borgbackup-viewer community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../borgbackup-viewer/borgbackup-viewer.json  | 70 +++++++++++++++++++
 .../borgbackup-viewer/readme.md               | 17 +++++
 php/src/Docker/DockerActionManager.php        | 10 ++-
 php/templates/containers.twig                 |  3 +
 readme.md                                     |  6 ++
 5 files changed, 103 insertions(+), 3 deletions(-)
 create mode 100644 community-containers/borgbackup-viewer/borgbackup-viewer.json
 create mode 100644 community-containers/borgbackup-viewer/readme.md

diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json
new file mode 100644
index 00000000..417cc660
--- /dev/null
+++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json
@@ -0,0 +1,70 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-borgbackup-viewer",
+            "image_tag": "v1",
+            "display_name": "Borg Backup Viewer",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer",
+            "image": "szaimen/aio-borgbackup-viewer",
+            "internal_port": "5801",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "5801",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "BORG_HOST_ID=nextcloud-aio-borgbackup-viewer",
+                "WEB_AUTHENTICATION_USERNAME=nextcloud",
+                "WEB_AUTHENTICATION_PASSWORD=%BORGBACKUP_VIEWER_PASSWORD%",
+                "WEB_LISTENING_PORT=5801",
+                "BORG_PASSPHRASE=%BORGBACKUP_PASSWORD%",
+                "BORG_REPO=/mnt/borgbackup/borg"
+            ],
+            "secrets": [
+                "BORGBACKUP_VIEWER_PASSWORD",
+                "BORGBACKUP_PASSWORD"
+            ],
+            "volumes": [
+            {
+                "source": "nextcloud_aio_backup_cache",
+                "destination": "/root",
+                "writeable": true
+            },
+            {
+                "source": "%NEXTCLOUD_DATADIR%",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_mastercontainer",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+                "writeable": true
+            },
+            {
+                "source": "%BORGBACKUP_HOST_LOCATION%",
+                "destination": "/mnt/borgbackup",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_elasticsearch",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_redis",
+                "destination": "/mnt/redis",
+                "writeable": true
+            }
+            ],
+            "devices": [
+                "/dev/fuse"
+            ],
+            "cap_add": [
+                "SYS_ADMIN"
+            ],
+            "apparmor_unconfined": true
+        }
+    ]
+}
diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md
new file mode 100644
index 00000000..42b692ec
--- /dev/null
+++ b/community-containers/borgbackup-viewer/readme.md
@@ -0,0 +1,17 @@
+## Borgbackup Viewer
+This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
+
+### Notes
+- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
+- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
+- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-borgbackup-viewer
+
+### Maintainer
+https://github.com/szaimen
+
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e3d7c337..39c612cf 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -541,19 +541,23 @@ readonly class DockerActionManager {
         $mounts = [];
 
         // Special things for the backup container which should not be exposed in the containers.json
-        if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
+        if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
                     $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
                 }
             }
+
+            // Make volumes read only in case of borgbackup container. The viewer makes them writeable
+            $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup';
+
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
-                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => true];
+                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly];
                     } else {
-                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => true, "BindOptions" => ["NonRecursive" => true]];
+                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly, "BindOptions" => ["NonRecursive" => true]];
                     }
                 }
             }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 57dfc3f1..91c5f2a7 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -504,6 +504,9 @@
                                         {% endif %}
 
                                         {% if has_backup_run_once == true %}
+                                            <h3>Backup Viewer</h3>
+                                            <p>There is now a community container that allows to access your backups in a web session. See <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
+
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
                                             <form method="POST" action="/api/docker/backup-check" class="xhr">
diff --git a/readme.md b/readme.md
index a494ca11..88dec7a0 100644
--- a/readme.md
+++ b/readme.md
@@ -493,6 +493,9 @@ In this example, it would mount `E:\your\backup\path` into the volume so for a d
 #### Pro-tip: Backup archives access
 You can open the BorgBackup archives on your host by following these steps:<br>
 (instructions for Ubuntu Desktop)
+
+Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer.
+
 ```bash
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup
@@ -520,6 +523,9 @@ sudo umount /tmp/borg
 #### Delete backup archives manually
 You can delete BorgBackup archives on your host manually by following these steps:<br>
 (instructions for Debian based OS' like Ubuntu)
+
+Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer.
+
 ```bash
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup

From 4def229eea8ca1d2a3e5edd55fbfab95df0d1f4b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 Jan 2025 22:43:35 +0100
Subject: [PATCH 2892/3949] add scrutiny community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/scrutiny/readme.md     | 15 ++++++
 community-containers/scrutiny/scrutiny.json | 55 +++++++++++++++++++++
 php/containers-schema.json                  |  2 +-
 3 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/scrutiny/readme.md
 create mode 100644 community-containers/scrutiny/scrutiny.json

diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md
new file mode 100644
index 00000000..8beb3869
--- /dev/null
+++ b/community-containers/scrutiny/readme.md
@@ -0,0 +1,15 @@
+## Scrutiny
+This container bundles Scrutiny and auto-configures it for you.
+
+### Notes
+- This container should only be run in home networks
+- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
+- This container only works on Linux and not on Docker-Desktop.
+- After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-scrutiny
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json
new file mode 100644
index 00000000..6d0900fd
--- /dev/null
+++ b/community-containers/scrutiny/scrutiny.json
@@ -0,0 +1,55 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-scrutiny",
+            "display_name": "Scrutiny",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
+            "image": "szaimen/aio-scrutiny",
+            "image_tag": "v1",
+            "internal_port": "8000",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "8000",
+                  "protocol": "tcp"
+                }
+            ],
+            "cap_add": [
+                "SYS_RAWIO",
+                "SYS_ADMIN"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "SCRUTINY_WEB_LISTEN_PORT=8000",
+                "COLLECTOR_API_ENDPOINT=http://127.0.0.1:8000"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_scrutiny",
+                    "destination": "/opt/scrutiny/config",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_scrutiny_db",
+                    "destination": "/opt/scrutiny/influxdb",
+                    "writeable": true
+                },
+                {
+                    "source": "/run/udev",
+                    "destination": "/run/udev",
+                    "writeable": false
+                },
+                {
+                    "source": "/dev",
+                    "destination": "/dev",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_scrutiny",
+                "nextcloud_aio_scrutiny_db"
+            ]
+        }
+    ]
+}
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 8b59c3d8..4f030e8f 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -213,7 +213,7 @@
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev))$"
+									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev)|(/run/udev))$"
 								},
 								"writeable": {
 									"type": "boolean"

From 895f4b82e3fcb112821afa2b7938327b467ef0d4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 Jan 2025 16:51:55 +0100
Subject: [PATCH 2893/3949] talk: automatically bind ipv4 only if ipv6 is
 disabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index e73525b8..c382f7f1 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -30,14 +30,21 @@ if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_
     IPv4_ADDRESS_TALK=""
 fi
 
+IP_BINDING="::"
+if grep -q "1" /sys/module/ipv6/parameters/disable \
+|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.all.disable_ipv6" | grep -q "1" \
+|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.default.disable_ipv6" | grep -q "1"; then
+    IP_BINDING="0.0.0.0"
+fi
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
   listen:
-    - ip: "::"
+    - ip: "$IP_BINDING"
       port: $TALK_PORT
       transport: udp
-    - ip: "::"
+    - ip: "$IP_BINDING"
       port: $TALK_PORT
       transport: tcp
   log_dir: stdout

From 0e10cfd20b5c102d406f9b8f646563342403ae89 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 22 Jan 2025 20:47:48 +0100
Subject: [PATCH 2894/3949] move community containers to top as one of the main
 feature

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index f3f8db61..64a1f6ca 100644
--- a/readme.md
+++ b/readme.md
@@ -13,6 +13,7 @@ Included are:
 - Fulltextsearch (optional)
 - Whiteboard (optional)
 - Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi))
+- [Community containers](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance
@@ -46,7 +47,6 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
-- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)

From 16a5c1c04febb041ed9d7fe37d90cf9fcf39fc9e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 04:41:11 +0000
Subject: [PATCH 2895/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.1-22 to 1.4.2-23.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 79f6d9cc..e3f1acbd 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-22
+FROM clamav/clamav:1.4.2-23
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 96a577b093a16494c67ea17abff0b152ef8894cb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 04:42:08 +0000
Subject: [PATCH 2896/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 2.0.1 to 2.0.2.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 3de8dc43..9ab2ac4c 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.10.24-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.2 AS janus
 
 ARG JANUS_VERSION=v1.3.0

From 00a2e88c226cd04e78f2daa44d361eb6c22fa031 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 Jan 2025 11:22:07 +0100
Subject: [PATCH 2897/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>

Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index c382f7f1..d1037f8c 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -32,8 +32,8 @@ fi
 
 IP_BINDING="::"
 if grep -q "1" /sys/module/ipv6/parameters/disable \
-|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.all.disable_ipv6" | grep -q "1" \
-|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.default.disable_ipv6" | grep -q "1"; then
+|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
+|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
     IP_BINDING="0.0.0.0"
 fi
 

From 1fb631cc51e77d761f339f868f47253ca640165a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 Jan 2025 14:18:58 +0100
Subject: [PATCH 2898/3949] add note regarding scalable variant

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index c15f9e1b..061a7073 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -1,5 +1,8 @@
 # Nextcloud AIO Helm-chart
 
+> [!NOTE]
+> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
+
 You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below.
 
 ### Advantages

From 04ef45667ff62f7c09917e103e504d36b035d6b5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 Jan 2025 16:28:07 +0100
Subject: [PATCH 2899/3949] containers-schema: allow to specify ui-secret and
 show in aio interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../borgbackup-viewer/borgbackup-viewer.json             | 1 +
 community-containers/borgbackup-viewer/readme.md         | 2 +-
 community-containers/lldap/readme.md                     | 2 +-
 community-containers/makemkv/makemkv.json                | 1 +
 community-containers/makemkv/readme.md                   | 2 +-
 manual-install/update-yaml.sh                            | 1 +
 php/containers-schema.json                               | 4 ++++
 php/src/Container/Container.php                          | 5 +++++
 php/src/ContainerDefinitionFetcher.php                   | 6 ++++++
 php/src/Data/ConfigurationManager.php                    | 4 ++++
 php/src/Docker/DockerActionManager.php                   | 4 ++++
 php/templates/containers.twig                            | 9 +++++++++
 12 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json
index 417cc660..9b5c58e5 100644
--- a/community-containers/borgbackup-viewer/borgbackup-viewer.json
+++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json
@@ -26,6 +26,7 @@
                 "BORGBACKUP_VIEWER_PASSWORD",
                 "BORGBACKUP_PASSWORD"
             ],
+            "ui_secret": "BORGBACKUP_VIEWER_PASSWORD",
             "volumes": [
             {
                 "source": "nextcloud_aio_backup_cache",
diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md
index 42b692ec..dc3d5806 100644
--- a/community-containers/borgbackup-viewer/readme.md
+++ b/community-containers/borgbackup-viewer/readme.md
@@ -2,7 +2,7 @@
 This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
 
 ### Notes
-- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
 - After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
 - You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index 27934d28..74a51c61 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -3,7 +3,7 @@ This container bundles LLDAP server and auto-configures your Nextcloud instance
 
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
-- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the secret that you can see next to the container in the AIO interface.
 - To configure Nextcloud, you can use the generic configuration proposed below.
 - For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
 - Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
diff --git a/community-containers/makemkv/makemkv.json b/community-containers/makemkv/makemkv.json
index e8d7f8dd..22132cb8 100644
--- a/community-containers/makemkv/makemkv.json
+++ b/community-containers/makemkv/makemkv.json
@@ -50,6 +50,7 @@
             "secrets": [
                 "MAKEMKV_PASSWORD"
             ],
+            "ui_secret": "MAKEMKV_PASSWORD",
             "backup_volumes": [
                 "nextcloud_aio_makemkv"
             ]
diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md
index fa26be40..ed9ce040 100644
--- a/community-containers/makemkv/readme.md
+++ b/community-containers/makemkv/readme.md
@@ -6,7 +6,7 @@ This container bundles MakeMKV and auto-configures it for you.
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
 - This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
-- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
 - The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
 - The config data of MakeMKV will be automatically included in AIOs backup solution!
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index f4d207c3..95c99426 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -14,6 +14,7 @@ cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 4f030e8f..7a675e60 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -145,6 +145,10 @@
 							"pattern": "^[A-Z_]+$"
 						}
 					},
+					"ui_secret": {
+						"type": "string",
+						"pattern": "^[A-Z_]+$"
+					},
 					"image_tag": {
 						"type": "string",
 						"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 0b032e8c..77858283 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -21,6 +21,7 @@ readonly class Container {
         private array                         $dependsOn,
         /** @var string[] */
         private array                         $secrets,
+        private string                        $uiSecret,
         /** @var string[] */
         private array                         $devices,
         private bool                          $enableNvidiaGpu,
@@ -85,6 +86,10 @@ readonly class Container {
         return $this->secrets;
     }
 
+    public function GetUiSecret() : string {
+        return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
+    }
+
     public function GetTmpfs() : array {
         return $this->tmpfs;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 8f7c6a97..6809650c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -244,6 +244,11 @@ readonly class ContainerDefinitionFetcher {
                 $secrets = $entry['secrets'];
             }
 
+            $uiSecret = '';
+            if (isset($entry['ui_secret'])) {
+                $uiSecret = $entry['ui_secret'];
+            }
+
             $devices = [];
             if (isset($entry['devices'])) {
                 $devices = $entry['devices'];
@@ -316,6 +321,7 @@ readonly class ContainerDefinitionFetcher {
                 $variables,
                 $dependsOn,
                 $secrets,
+                $uiSecret,
                 $devices,
                 $enableNvidiaGpu,
                 $capAdd,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e7d6884f..2a0fa3d5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -33,6 +33,10 @@ class ConfigurationManager
     }
 
     public function GetAndGenerateSecret(string $secretId) : string {
+        if ($secretId === '') {
+            return '';
+        }
+
         $config = $this->GetConfig();
         if(!isset($config['secrets'][$secretId])) {
             $config['secrets'][$secretId] = bin2hex(random_bytes(24));
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c9eb402e..e98a5237 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -1032,6 +1032,10 @@ readonly class DockerActionManager {
         }
     }
 
+    public function GetAndGenerateSecretWrapper(string $secretId) : string {
+        return $this->configurationManager->GetAndGenerateSecret($secretId);
+    }
+
     public function isNextcloudImageOutdated() : bool {
         $createdTime = $this->GetCreatedTimeOfNextcloudImage();
 
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1a2fd11c..6f0128b3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -282,6 +282,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                            {% endif %}
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
                                             <span class="status success"></span>
@@ -289,6 +292,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                            {% endif %}
                                             </span>
                                         {% else %}
                                             <span class="status error"></span>
@@ -296,6 +302,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                            {% endif %}
                                             </span>
                                         {% endif %}
                                     </li>

From dee3773bf3edf4637abd2a13b08c425682e85772 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 04:57:37 +0000
Subject: [PATCH 2900/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.62-alpine3.21 to 2.4.63-alpine3.21.

---
updated-dependencies:
- dependency-name: httpd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 34bd2df1..1f866552 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.62-alpine3.21
+FROM httpd:2.4.63-alpine3.21
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From afab39dca9853dd7f2d41f135f9752ac362710e9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 04:57:54 +0000
Subject: [PATCH 2901/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.11.3.1 to 24.04.12.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 3bfa837d..08470f88 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.11.3.1
+FROM collabora/code:24.04.12.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 85821b467b5f9866df4a0452cff36f50394b4753 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 04:58:18 +0000
Subject: [PATCH 2902/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.5.0-cli to 27.5.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 18cf331a..51081511 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.5.0-cli AS docker
+FROM docker:27.5.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From 2b4f65a0aaa2988165bccd4bac467f6e2ef9f675 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 04:58:35 +0000
Subject: [PATCH 2903/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.24-scratch to 2.10.25-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 9ab2ac4c..b334fd1b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.24-scratch AS nats
+FROM nats:2.10.25-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.2 AS janus

From 2efeff2b9608f9f22ceaeb65a834011f112ba7b0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Jan 2025 13:34:14 +0100
Subject: [PATCH 2904/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/lldap/lldap.json       | 1 +
 community-containers/nocodb/nocodb.json     | 1 +
 community-containers/nocodb/readme.md       | 2 +-
 community-containers/stalwart/stalwart.json | 1 +
 php/templates/containers.twig               | 6 +++---
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
index 3592f179..8f7fba88 100644
--- a/community-containers/lldap/lldap.json
+++ b/community-containers/lldap/lldap.json
@@ -27,6 +27,7 @@
         "LLDAP_JWT_SECRET",
         "LLDAP_LDAP_USER_PASS"
       ],
+      "ui_secret": "LLDAP_JWT_SECRET",
       "volumes": [
         {
           "source": "nextcloud_aio_lldap",
diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json
index 8a915c2f..a5d56e13 100644
--- a/community-containers/nocodb/nocodb.json
+++ b/community-containers/nocodb/nocodb.json
@@ -28,6 +28,7 @@
                 "NOCODB_JWT_SECRET",
                 "NOCODB_USER_PASS"
             ],
+            "ui_secret": "NOCODB_USER_PASS",
             "volumes": [
                 {
                     "source": "nextcloud_aio_nocodb",
diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md
index 8d528928..748c8585 100644
--- a/community-containers/nocodb/readme.md
+++ b/community-containers/nocodb/readme.md
@@ -17,7 +17,7 @@ This is an alternative of **Airtable**.
 - You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`.
 - The data of NocoDb will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb  | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin`
+- After adding and starting the container, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin` with the username `admin@noco.db` and the password that you can see in the AIO interface next to the container. 
 - See https://docs.nocodb.com/ for usage of NocoDb
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 891bd9da..7858327c 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -53,6 +53,7 @@
             "secrets": [
                 "STALWART_USER_PASS"
             ],
+            "ui_secret": "STALWART_USER_PASS",
             "volumes": [
                 {
                     "source": "nextcloud_aio_stalwart",
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6f0128b3..a3de0b24 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -283,7 +283,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ GetUiSecret.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
@@ -293,7 +293,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ GetUiSecret.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% else %}
@@ -303,7 +303,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (secret: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ GetUiSecret.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% endif %}

From 4aef95a87a4c6050564139f6dce9299efd422631 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Jan 2025 23:40:18 +0100
Subject: [PATCH 2905/3949] make Tailscale even more prominent

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                  |  1 +
 local-instance.md             | 26 +++++++++++++-------------
 php/templates/containers.twig |  2 +-
 readme.md                     |  9 +++++----
 4 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 8596efd3..61c81a44 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -38,6 +38,7 @@ services:
     # security_opt: ["label:disable"] # Is needed when using SELinux
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
+#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
 #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
 #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 #   caddy:
diff --git a/local-instance.md b/local-instance.md
index abd99059..27bc147c 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -2,14 +2,17 @@
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
 ### Content
-- [1. The recommended way](#1-the-recommended-way)
-- [2. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge)
-- [3. Use Cloudflare](#3-use-cloudflare)
-- [4. Buy a certificate and use that](#4-buy-a-certificate-and-use-that)
-- [5. Tailscale network](#5-tailscale-network)
+- [1. Tailscale network](#0-tailscale-network)
+- [2. The normal way](#1-the-recommended-way)
+- [3. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge)
+- [4. Use Cloudflare](#3-use-cloudflare)
+- [5. Buy a certificate and use that](#4-buy-a-certificate-and-use-that)
 
-## 1. The recommended way
-The recommended way is the following:
+## 1. Tailscale network
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+
+## 2. The normal way
+The normal way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
@@ -18,14 +21,11 @@ The recommended way is the following:
 
 **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
-## 2. Use the ACME DNS-challenge
+## 3. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
-## 3. Use Cloudflare
+## 4. Use Cloudflare
 If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
-## 4. Buy a certificate and use that
+## 5. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
-
-## 5. Tailscale network
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1a2fd11c..bd86a7fe 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -115,7 +115,7 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.</p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
                                     <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
diff --git a/readme.md b/readme.md
index 64a1f6ca..790fb355 100644
--- a/readme.md
+++ b/readme.md
@@ -232,6 +232,7 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 
 ### Notes on Cloudflare (proxy/tunnel)
+Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
 - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
 - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
@@ -273,22 +274,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
 
 ### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) for configuration without a traditional domain. Or, [consider using NextcloudPi](nextcloudpi.com) for ip-address access locally (it bundles fewer features than AIO).
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
 
 ### Can I run AIO offline or in an airgapped system?
 No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
 
 ### Are self-signed certificates supported for Nextcloud?
-No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md).
+No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
 
 ### Can I use AIO with multiple domains?
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443.
+No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
 
 ### How can I access Nextcloud locally?
 Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.

From ac54fce52243e54a1b115c2255253e7321908ebe Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 25 Jan 2025 02:05:27 +0100
Subject: [PATCH 2906/3949] fix details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index 27bc147c..9557e1c9 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -2,11 +2,11 @@
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
 ### Content
-- [1. Tailscale network](#0-tailscale-network)
-- [2. The normal way](#1-the-recommended-way)
-- [3. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge)
-- [4. Use Cloudflare](#3-use-cloudflare)
-- [5. Buy a certificate and use that](#4-buy-a-certificate-and-use-that)
+- [1. Tailscale network](#1-tailscale-network)
+- [2. The normal way](#2-the-normal-way)
+- [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge)
+- [4. Use Cloudflare](#4-use-cloudflare)
+- [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
 
 ## 1. Tailscale network
 This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439

From a07b3b8ccb2eb29399c56797d2f078e158635243 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 25 Jan 2025 02:28:35 +0100
Subject: [PATCH 2907/3949] some more adjustments

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 local-instance.md | 4 ++--
 readme.md         | 4 ++--
 reverse-proxy.md  | 2 ++
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/local-instance.md b/local-instance.md
index 9557e1c9..4633bc08 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -2,13 +2,13 @@
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
 ### Content
-- [1. Tailscale network](#1-tailscale-network)
+- [1. Tailscale](#1-tailscale)
 - [2. The normal way](#2-the-normal-way)
 - [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge)
 - [4. Use Cloudflare](#4-use-cloudflare)
 - [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
 
-## 1. Tailscale network
+## 1. Tailscale
 This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
 
 ## 2. The normal way
diff --git a/readme.md b/readme.md
index 790fb355..2ab8f378 100644
--- a/readme.md
+++ b/readme.md
@@ -28,7 +28,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Can be used inside [Tailscale network](https://github.com/nextcloud/all-in-one/discussions/5439)
+- Can be used inside [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -249,7 +249,7 @@ Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed b
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
-### How to run Nextcloud inside a Tailscale network?
+### How to run Nextcloud via Tailscale?
 For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
 
 ### Disrecommended VPS providers
diff --git a/reverse-proxy.md b/reverse-proxy.md
index d8fdaa7d..89aca458 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -2,6 +2,8 @@
 
 > [!NOTE]
 > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
+> [!TIP]
+> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
 
 ## Introduction
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:

From de49af4806abf02c5151ba87cbeca90d4e8824be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 25 Jan 2025 02:29:23 +0100
Subject: [PATCH 2908/3949] add empty line

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 89aca458..52f917a2 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -2,6 +2,7 @@
 
 > [!NOTE]
 > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
+
 > [!TIP]
 > If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
 

From 28aecab21199a38753cb7f568e9883f87bfa8ddc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 25 Jan 2025 02:36:39 +0100
Subject: [PATCH 2909/3949] Update wording

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 2ab8f378..dd6f8334 100644
--- a/readme.md
+++ b/readme.md
@@ -28,7 +28,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Can be used inside [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
+- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)

From 0f15fb194d773b1f0ed802b7b886bc9f1c1b200b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Jan 2025 05:07:55 +0000
Subject: [PATCH 2910/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-23 to 1.4.2-24.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e3f1acbd..7f039908 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-23
+FROM clamav/clamav:1.4.2-24
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 4cd8ac0ab7d1e4d5fba9729283c6bc2138a73c8d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Jan 2025 13:03:05 +0100
Subject: [PATCH 2911/3949] aio-interface: add note that talk-recording only
 works on x86

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php           | 8 +++++++-
 php/templates/includes/optional-containers.twig | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e7d6884f..33c5b7d0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -210,7 +210,7 @@ class ConfigurationManager
     }
 
     public function SetFulltextsearchEnabledState(int $value) : void {
-        # Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
+        // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
         if ($this->GetCollaboraSeccompDisabledState() === 'true') {
             $value = 0;
         }
@@ -281,6 +281,12 @@ class ConfigurationManager
         if (!$this->isTalkEnabled()) {
             $value = 0;
         }
+
+        // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17
+        if (!$this->isx64Platform()) {
+            $value = 0;
+        }
+
         $config = $this->GetConfig();
         $config['isTalkRecordingEnabled'] = $value;
         $this->WriteConfig($config);
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index baa6c1cc..1f749115 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x64</a>)</label>
     </p>
     {% if is_onlyoffice_enabled == true %}
     <p>

From f3dff2f780435150c7342d37a3d31369ce8e3743 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Jan 2025 13:52:54 +0100
Subject: [PATCH 2912/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 1f749115..6df95600 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -21,7 +21,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label>
+        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x86_64, needs ~1GB additional RAM)</label>
     </p>
     <p>
         <input
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x64</a>)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
     {% if is_onlyoffice_enabled == true %}
     <p>

From 0a1fba8c3bd95092e4748ddc680a639c680714eb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 10:16:00 +0100
Subject: [PATCH 2913/3949] nextcloud: updates3.config.php

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index f902bde8..b973fbc4 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -11,7 +11,6 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
-        'sse_c_key' => getenv('OBJECTSTORE_S3_SSE_C_KEY') ?: '',
         'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
         'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
@@ -26,4 +25,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
       )
     )
   );
+
+  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+  if ($sse_c_key) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
+  }
 } 

From 6f2ae6258f5ba1e7979213251157dde7aabec70f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 10:46:39 +0100
Subject: [PATCH 2914/3949] increase to 10.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5c334a67..756b3f98 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.4.0</h1>
+            <h1>Nextcloud AIO v10.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 21dfc131ad552e9504119f23cd6f309d1ad2f49d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 11:11:41 +0100
Subject: [PATCH 2915/3949] fix showing ui-secret in aio-interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 756b3f98..43468d84 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -283,7 +283,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
@@ -293,7 +293,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% else %}
@@ -303,7 +303,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ GetUiSecret.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }} )
                                             {% endif %}
                                             </span>
                                         {% endif %}

From 1542c894c12de690da5d052e0334144204b5a85a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 11:48:06 +0100
Subject: [PATCH 2916/3949] fix formatting of password in aio-interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 43468d84..f167dd5d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -283,7 +283,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }})
                                             {% endif %}
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
@@ -293,7 +293,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }})
                                             {% endif %}
                                             </span>
                                         {% else %}
@@ -303,7 +303,7 @@
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }} )
+                                                (password: {{ container.GetUiSecret() }})
                                             {% endif %}
                                             </span>
                                         {% endif %}

From a87d7b3aa97190cc0a5af7e5ebe27887032ab176 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 11:49:35 +0100
Subject: [PATCH 2917/3949] scrutiny does not allow init

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/scrutiny/scrutiny.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json
index 6d0900fd..7fe369c5 100644
--- a/community-containers/scrutiny/scrutiny.json
+++ b/community-containers/scrutiny/scrutiny.json
@@ -7,6 +7,7 @@
             "image": "szaimen/aio-scrutiny",
             "image_tag": "v1",
             "internal_port": "8000",
+            "init": false,
             "restart": "unless-stopped",
             "ports": [
                 {

From 365e8f6f79d326ad6d2b5c4a2c83e5bba1a870d1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 12:16:51 +0100
Subject: [PATCH 2918/3949] whiteboard: add tmpfs in app as this seems to be
 required now

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 57117d83..7a4d455f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -857,6 +857,9 @@
       "expose": [
         "3002"
       ],
+      "tmpfs": [
+        "/app"
+      ],
       "internal_port": "3002",
       "environment": [
         "TZ=%TIMEZONE%",

From 92f0f2bc4472bb51a9c8ff021c7d63a88e532009 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 12:36:47 +0100
Subject: [PATCH 2919/3949] try to fix whiteboard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile | 2 ++
 Containers/whiteboard/start.sh   | 2 +-
 php/containers.json              | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index d20705ef..1000ecbb 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -13,6 +13,8 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
+WORKDIR /tmp
+
 ENTRYPOINT ["/start.sh"]
 
 LABEL com.centurylinklabs.watchtower.enable="false"
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 576bd094..962df9b9 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -14,4 +14,4 @@ fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
-exec npm run server:start
+exec npm --prefix /app run server:start
diff --git a/php/containers.json b/php/containers.json
index 7a4d455f..32978f20 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -858,7 +858,7 @@
         "3002"
       ],
       "tmpfs": [
-        "/app"
+        "/tmp"
       ],
       "internal_port": "3002",
       "environment": [

From 417d36644f4ed51cecd262bd2422a266da4803ca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 12:42:33 +0100
Subject: [PATCH 2920/3949] talk: add set x for easier debugging

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index d1037f8c..185dde8a 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -30,12 +30,14 @@ if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_
     IPv4_ADDRESS_TALK=""
 fi
 
+set -x
 IP_BINDING="::"
 if grep -q "1" /sys/module/ipv6/parameters/disable \
 || grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
 || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
     IP_BINDING="0.0.0.0"
 fi
+set +x
 
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"

From f03990199363ebd9cf4f78ac726980cd4bf2ffce Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 28 Jan 2025 13:03:43 +0100
Subject: [PATCH 2921/3949] fix whiteboard

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 32978f20..d384053c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -867,7 +867,8 @@
         "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
         "STORAGE_STRATEGY=redis",
         "REDIS_HOST=nextcloud-aio-redis",
-        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "BACKUP_DIR=/tmp"
       ],
       "secrets": [
         "WHITEBOARD_SECRET",

From bd09fc02b83528492c5eab6d9ebafe5cafd7f317 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 28 Jan 2025 12:32:17 +0000
Subject: [PATCH 2922/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 99efa300..8bebf41c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -459,6 +459,8 @@ services:
       retries: 3
     expose:
       - "3002"
+    tmpfs:
+      - /tmp
     environment:
       - TZ=${TIMEZONE}
       - NEXTCLOUD_URL=https://${NC_DOMAIN}
@@ -466,6 +468,7 @@ services:
       - STORAGE_STRATEGY=redis
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - BACKUP_DIR=/tmp
     restart: unless-stopped
     profiles:
       - whiteboard

From 3a2b1a2efefd7e083fefe081d888df1a72663688 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 Jan 2025 10:28:36 +0100
Subject: [PATCH 2923/3949] fix space

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index b973fbc4..cd08f7fc 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -30,4 +30,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   if ($sse_c_key) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
-} 
+}

From f3ed548add2c9132e41144e68a350128708b3c43 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Jan 2025 04:24:44 +0000
Subject: [PATCH 2924/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.2-alpine to 3.1.3-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 93ce5884..bad6ea3e 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.2-alpine
+FROM haproxy:3.1.3-alpine
 
 # hadolint ignore=DL3002
 USER root

From ee3d2a4db75b87fb9eadcdb9cf6aa0dc7ca0413a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 30 Jan 2025 11:36:12 +0100
Subject: [PATCH 2925/3949] run-exec-commands.sh. adjust message when waiting
 for container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/run-exec-commands.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index e917a96d..4fff009c 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -2,7 +2,7 @@
 
 # Wait until the apache container is ready
 while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
-    echo "Waiting for Apache to become available..."
+    echo "Waiting for $APACHE_HOST to become available..."
     sleep 15
 done
 

From 8bac3fd2fe5499f745300611ecff6fade6987114 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 31 Jan 2025 05:09:47 +0000
Subject: [PATCH 2926/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.12.1.1 to 24.04.12.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 08470f88..450d201e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.1.1
+FROM collabora/code:24.04.12.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 1b3b38523869751d4bc6026e2efabca2e79b20d6 Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Sun, 2 Feb 2025 08:40:36 -0500
Subject: [PATCH 2927/3949] Update readme.md

Add requirement for proxy support setting with fail2ban

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
---
 community-containers/jellyseerr/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md
index d6e606df..756f2475 100644
--- a/community-containers/jellyseerr/readme.md
+++ b/community-containers/jellyseerr/readme.md
@@ -5,7 +5,7 @@ This container bundles Jellyseerr and auto-configures it for you.
 - This container is only intended to be used inside home networks as it uses http for its management page by default.
 - After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
 - In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr.
-- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly.
 - The config of Jellyseerr will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
 

From 844dcd068b2e9a5bbf77ce24865903afce008153 Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Sun, 2 Feb 2025 08:47:02 -0500
Subject: [PATCH 2928/3949] Update readme.md

Recommendation to enable CSRF protection when using with the caddy container

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
---
 community-containers/jellyseerr/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md
index 756f2475..0d8e049d 100644
--- a/community-containers/jellyseerr/readme.md
+++ b/community-containers/jellyseerr/readme.md
@@ -4,7 +4,7 @@ This container bundles Jellyseerr and auto-configures it for you.
 ### Notes
 - This container is only intended to be used inside home networks as it uses http for its management page by default.
 - After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
-- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr.
+- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. Note that it is recommended to [enable CSRF protection in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-csrf-protection) for added security if you plan to use Jellyseerr outside the local network, but make sure to read up on it and understand the caveats first.
 - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly.
 - The config of Jellyseerr will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.

From 13da99fa91ed73dbe72862d85603df9f34f864e0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 2 Feb 2025 14:51:11 +0100
Subject: [PATCH 2929/3949] also add ui-secret to pi-hole and vaultwarden

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/pi-hole/pi-hole.json         | 1 +
 community-containers/pi-hole/readme.md            | 2 +-
 community-containers/vaultwarden/readme.md        | 2 +-
 community-containers/vaultwarden/vaultwarden.json | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json
index da07fb8c..0f2f397b 100644
--- a/community-containers/pi-hole/pi-hole.json
+++ b/community-containers/pi-hole/pi-hole.json
@@ -48,6 +48,7 @@
                 "nextcloud_aio_pihole",
                 "nextcloud_aio_pihole_dnsmasq"
             ],
+            "ui_secret": "PIHOLE_WEBPASSWORD",
             "secrets": [
                 "PIHOLE_WEBPASSWORD"
             ]
diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md
index cdfdf641..7254f585 100644
--- a/community-containers/pi-hole/readme.md
+++ b/community-containers/pi-hole/readme.md
@@ -6,7 +6,7 @@ This container bundles pi-hole and auto-configures it for you.
 - Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start!
 - The DHCP functionality of Pi-hole has been disabled!
 - The data of pi-hole will be automatically included in AIOs backup solution!
-- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
+- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can see next to the container in the AIO interface. There you can configure the pi-hole setup. Also you can add local dns records.
 - You can configure your home network now to use pi-hole as its dns server by configuring your router.
 - Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md
index 450f8838..81f37010 100644
--- a/community-containers/vaultwarden/readme.md
+++ b/community-containers/vaultwarden/readme.md
@@ -6,7 +6,7 @@ This container bundles vaultwarden and auto-configures it for you.
 - Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly!
 - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Vaultwarden will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
+- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory.
 - If using the caddy community container, the vaultwarden admin interface can be disabled by creating a `block-vaultwarden-admin` file in the `nextcloud-aio-caddy` folder when you open the Nextcloud files app with the default `admin` user. Afterwards restart all containers from the AIO interface and the admin interface should be disabled! You can unlock the admin interface by removing the file again and afterwards restarting the containers via the AIO interface.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json
index 0bacff7a..15f2114d 100644
--- a/community-containers/vaultwarden/vaultwarden.json
+++ b/community-containers/vaultwarden/vaultwarden.json
@@ -40,6 +40,7 @@
             "backup_volumes": [
                 "nextcloud_aio_vaultwarden"
             ],
+            "ui_secret": "VAULTWARDEN_ADMIN_TOKEN",
             "secrets": [
                 "VAULTWARDEN_ADMIN_TOKEN"
             ]

From 033c8b679832d535f58d563e600f8f88226f282c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 04:52:11 +0000
Subject: [PATCH 2930/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-24 to 1.4.2-25.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 7f039908..d6c266de 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-24
+FROM clamav/clamav:1.4.2-25
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From f2987232dab63d7ed117444930160706d4207e6a Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Mon, 3 Feb 2025 20:29:04 -0500
Subject: [PATCH 2931/3949] Update jellyseerr.json

Eliminate tini errors

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
---
 community-containers/jellyseerr/jellyseerr.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/jellyseerr/jellyseerr.json b/community-containers/jellyseerr/jellyseerr.json
index 1dc2895c..64472a8a 100644
--- a/community-containers/jellyseerr/jellyseerr.json
+++ b/community-containers/jellyseerr/jellyseerr.json
@@ -8,6 +8,7 @@
             "image_tag": "latest",
             "internal_port": "5055",
             "restart": "unless-stopped",
+            "init": false,
             "ports": [
                 {
                     "ip_binding": "%APACHE_IP_BINDING%",

From cefdec414e4db395ebfbb0a1871aa775c284bdcc Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 4 Feb 2025 11:00:55 +0000
Subject: [PATCH 2932/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 4 +++-
 14 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 97571e93..3931dc76 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.4.0
+version: 10.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index eae786e2..782ba09b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250122_091948
+          image: nextcloud/aio-apache:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 730f9cf5..8beccf20 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250122_091948
+          image: nextcloud/aio-clamav:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 69da6e1b..7c6341de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250122_091948
+          image: nextcloud/aio-collabora:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 1ab61316..f27bac21 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250122_091948
+          image: nextcloud/aio-postgresql:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index d4d3c1ad..9979136b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250122_091948
+          image: nextcloud/aio-fulltextsearch:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index f0dc68f6..302ed3b6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250122_091948
+          image: nextcloud/aio-imaginary:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 75c74fa1..fbbb6fb2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250122_091948
+          image: nextcloud/aio-nextcloud:20250204_102259
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index ef0455ad..2089d5bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20250122_091948
+          image: nextcloud/aio-notify-push:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0bf7c2a6..c10aed88 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250122_091948
+          image: nextcloud/aio-onlyoffice:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b2cfd07e..0b338e86 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250122_091948
+          image: nextcloud/aio-redis:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 3e827062..64a71bf6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250122_091948
+          image: nextcloud/aio-talk:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 10218a93..24a866ad 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250122_091948
+          image: nextcloud/aio-talk-recording:20250204_102259
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 1ef71833..f72b98a1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -34,6 +34,8 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: BACKUP_DIR
+              value: /tmp
             - name: JWT_SECRET_KEY
               value: "{{ .Values.WHITEBOARD_SECRET }}"
             - name: NEXTCLOUD_URL
@@ -46,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250122_091948
+          image: nextcloud/aio-whiteboard:20250204_102259
           readinessProbe:
             exec:
               command:

From 7b65109126885966b091e2a6a58f1f83e3bb3eda Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Feb 2025 17:19:55 +0100
Subject: [PATCH 2933/3949] readme: add TOC

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/readme.md b/readme.md
index dd6f8334..79cdbb60 100644
--- a/readme.md
+++ b/readme.md
@@ -138,6 +138,100 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
 ## FAQ
+- [Where can I find additional documentation?](#where-can-i-find-additional-documentation)
+- [How does it work?](#how-does-it-work)
+- [How to contribute?](#how-to-contribute)
+- [How many users are possible?](#how-many-users-are-possible)
+- [Are reverse proxies supported?](#are-reverse-proxies-supported)
+- [Which CPU architectures are supported?](#which-cpu-architectures-are-supported)
+- [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter)
+- [Explanation of used ports:](#explanation-of-used-ports)
+- [How to run AIO on macOS?](#how-to-run-aio-on-macos)
+- [How to run AIO on Windows?](#how-to-run-aio-on-windows)
+- [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
+- [How to run AIO with Portainer?](#how-to-run-aio-with-portainer)
+- [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
+- [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel)
+- [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+- [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale)
+- [Disrecommended VPS providers](#disrecommended-vps-providers)
+- [Recommended VPS](#recommended-vps)
+- [Note on storage options](#note-on-storage-options)
+- [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge)
+- [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan)
+- [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain)
+- [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system)
+- [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud)
+- [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains)
+- [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported)
+- [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain)
+- [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally)
+- [How to skip the domain validation?](#how-to-skip-the-domain-validation)
+- [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
+- [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled)
+- [How to run `occ` commands?](#how-to-run-occ-commands)
+- [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install)
+- [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server)
+- [Bruteforce protection FAQ](#bruteforce-protection-faq)
+- [Update policy](#update-policy)
+- [How to switch the channel?](#how-to-switch-the-channel)
+- [How to update the containers?](#how-to-update-the-containers)
+    - [How often are update notifications sent?](#how-often-are-update-notifications-sent)
+- [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface)
+- [How to change the domain?](#how-to-change-the-domain)
+- [How to properly reset the instance?](#how-to-properly-reset-the-instance)
+- [Backup solution](#backup-solution)
+    - [What is getting backed up by AIO's backup solution?](#what-is-getting-backed-up-by-aios-backup-solution)
+    - [How to adjust borgs retention policy?](#how-to-adjust-borgs-retention-policy)
+    - [How to migrate from AIO to AIO?](#how-to-migrate-from-aio-to-aio)
+    - [Are remote borg backups supported?](#are-remote-borg-backups-supported)
+    - [Failure of the backup container in LXC containers](#failure-of-the-backup-container-in-lxc-containers)
+    - [How to create the backup volume on Windows?](#how-to-create-the-backup-volume-on-windows)
+    - [Pro-tip: Backup archives access](#pro-tip-backup-archives-access)
+    - [Delete backup archives manually](#delete-backup-archives-manually)
+    - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive)
+- [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
+- [How to disable the backup section?](#how-to-disable-the-backup-section)
+- [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
+- [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir)
+- [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
+- [How to adjust the Talk port?](#how-to-adjust-the-talk-port)
+- [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud)
+- [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud)
+- [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud)
+- [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
+- [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm)
+- [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes)
+- [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker)
+- [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
+- [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container)
+- [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container)
+- [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app)
+- [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud)
+    - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia)
+    - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta)
+- [How to keep disabled apps?](#how-to-keep-disabled-apps)
+- [Huge docker logs](#huge-docker-logs)
+- [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually)
+- [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
+- [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor)
+- [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory)
+- [Fail2ban](#fail2ban)
+- [LDAP](#ldap)
+- [Netdata](#netdata)
+- [USER_SQL](#user_sql)
+- [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin)
+- [Mail server](#mail-server)
+- [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio)
+- [Requirements for integrating new containers](#requirements-for-integrating-new-containers)
+- [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca)
+- [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature)
+- [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
+- [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges)
+
+## Where can I find additional documentation?
+Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki).
+
 ### How does it work?
 Nextcloud AIO is inspired by projects like Portainer that manage the docker daemon by talking to it through the docker socket directly. This concept allows a user to install only one container with a single command that does the heavy lifting of creating and managing all containers that are needed in order to provide a Nextcloud installation with most features included. It also makes updating a breeze and is not bound to the host system (and its slow updates) anymore as everything is in containers. Additionally, it is very easy to handle from a user perspective because a simple interface for managing your Nextcloud AIO installation is provided.
 

From 69ea9d1a7262e807224e1196eb8274e1e8302213 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Feb 2025 17:29:10 +0100
Subject: [PATCH 2934/3949] adjust detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 79cdbb60..5d8f735c 100644
--- a/readme.md
+++ b/readme.md
@@ -229,7 +229,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
 - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges)
 
-## Where can I find additional documentation?
+### Where can I find additional documentation?
 Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki).
 
 ### How does it work?

From 13afcd944ada6c754ddd784975fe8b9d7c504b1a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Feb 2025 19:29:22 +0100
Subject: [PATCH 2935/3949] borg: allow to exclude datadir and preview folder
 from backup via `.noaiobackup` file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 38 +++++++++++++++++++++++----
 readme.md                             | 14 ++++++++++
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 9317d71a..5c6ddd99 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -185,13 +185,27 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
+    BORG_OPTS=(-v --stats --compression "auto,zstd")
     if [ "$NEW_REPOSITORY" = 1 ]; then
         BORG_OPTS+=(--progress)
     fi
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
+    BORG_INCLUDE=()
+
+    # Exclude datadir if .noaiobackup file was found
+    # shellcheck disable=SC2144
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then
+        BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/")
+        BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup")
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!"
+    # Exclude preview folder if .noaiobackup file was found
+    elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then
+        BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/")
+        BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup")
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in the preview directory. Excluding the preview directory from backup!"
+    fi
 
     # Make sure that there is always a borg.config file before creating a new backup
     if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
@@ -203,7 +217,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Create the backup
     echo "Starting the backup..."
     get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
+    if ! borg create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
         echo "Deleting the failed backup archive..."
         borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
@@ -320,16 +334,30 @@ if [ "$BORG_MODE" = restore ]; then
     fi
     echo "Restoring '$SELECTED_ARCHIVE'..."
 
-    # Exclude previews from restore if selected to speed up process
     ADDITIONAL_RSYNC_EXCLUDES=()
     ADDITIONAL_BORG_EXCLUDES=()
     ADDITIONAL_FIND_EXCLUDES=()
-    if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
+    # Exclude datadir if .noaiobackup file was found
+    # shellcheck disable=SC2144
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then
+        # Keep these 3 in sync. Beware, the pattern syntax and the paths differ
+        ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**")
+        ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**")
+        ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?')
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!"
+        echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database."
+        echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore."
+        echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands"
+    # Exclude previews from restore if selected to speed up process or exclude preview folder if .noaiobackup file was found
+    elif [ -n "$RESTORE_EXCLUDE_PREVIEWS" ] || [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then
         # Keep these 3 in sync. Beware, the pattern syntax and the paths differ
         ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/appdata_*/preview/**")
         ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/**")
         ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_[^/]*/preview\(/.*\)?')
-        echo "Excluding previews from restore"
+        echo "⚠️⚠️⚠️ Excluding previews from restore!"
+        echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database."
+        echo "You might be able to fix this by running 'occ files:scan-app-data preview' after the restore."
+        echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands"
     fi
 
     # Save Additional Backup dirs
diff --git a/readme.md b/readme.md
index 5d8f735c..d64ac365 100644
--- a/readme.md
+++ b/readme.md
@@ -190,6 +190,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
     - [Pro-tip: Backup archives access](#pro-tip-backup-archives-access)
     - [Delete backup archives manually](#delete-backup-archives-manually)
     - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive)
+    - [How to exclude Nextcloud's data directory or the preview folder from backup?](#how-to-exclude-nextclouds-data-directory-or-the-preview-folder-from-backup)
 - [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
 - [How to disable the backup section?](#how-to-disable-the-backup-section)
 - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
@@ -749,6 +750,19 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
+#### How to exclude Nextcloud's data directory or the preview folder from backup?
+In order to speed up the backups and to keep the backup archives small, you might want to exclude Nextcloud's data directory or its preview folder from backup. 
+
+> [!WARNING]
+> However please note that you will run into problems if the database and the data directory or preview folder get out of sync. **So please only read further, if you have an additional external backup of the data directory!** See [this guide](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) for example.
+
+> [!TIP]
+> A better option is to use the external storage app inside Nextcloud as the data connected via the external storage app is not backed up by AIO's backup solution. See [this documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html) on how to configure the app.
+
+If you still want to proceed, you can exclude the data directory by simply creating a `.noaiobackup` file in the root directory of the specified `NEXTCLOUD_DATADIR` target. The same logic is implemented for the preview folder that is located inside the data directory, inside the `appdata_*/preview` folder. So simply create a `.noaiobackup` file in there if you want to exclude the preview folder.
+
+After doing a restore via the AIO interface, you might run into problems due to the data directory and database being out of sync. You might be able to fix this by running `occ files:scan --all` and `occ maintenance:repair` and `occ files:scan-app-data`. See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands. If only the preview folder is excluded, the command `occ files:scan-app-data preview` should be used.
+
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
 > [!WARNING]  
 > The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script.

From 4a00eb93470f047b9127593790b895724c52e241 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Feb 2025 13:48:54 +0100
Subject: [PATCH 2936/3949] scrutiny-cc: improve documentation

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/scrutiny/readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md
index 8beb3869..dc972d44 100644
--- a/community-containers/scrutiny/readme.md
+++ b/community-containers/scrutiny/readme.md
@@ -1,11 +1,12 @@
 ## Scrutiny
-This container bundles Scrutiny and auto-configures it for you.
+This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you.
 
 ### Notes
 - This container should only be run in home networks
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
 - After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
+- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From 75f00d4e7e17b74b770b0e805201fa8d7c51a30a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Feb 2025 04:48:12 +0000
Subject: [PATCH 2937/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.5-alpine3.21 to 1.23.6-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index f78f2ad5..d8847808 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.5-alpine3.21 AS go
+FROM golang:1.23.6-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 3a19de9e654d7ee62727345e8e205612226a0359 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Feb 2025 05:02:37 +0000
Subject: [PATCH 2938/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.1-alpine3.21 to 3.13.2-alpine3.21.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 26b7baab..bc971ab4 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.1-alpine3.21
+FROM python:3.13.2-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 3c83570360606362a25221ea4610f6215e420623 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 7 Feb 2025 12:06:53 +0000
Subject: [PATCH 2939/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 52 +++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 37cc3db7..4ae29f5a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,32 +391,32 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.7",
+            "version": "v2.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "4f48ade902b94323ca3be7646db16209ec76be3d"
+                "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/4f48ade902b94323ca3be7646db16209ec76be3d",
-                "reference": "4f48ade902b94323ca3be7646db16209ec76be3d",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/2e1a362527783bcab6c316aad51bf36c5513ae44",
+                "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.3|^8.0"
+                "php": "^8.1"
             },
             "require-dev": {
-                "illuminate/support": "^8.0|^9.0|^10.0|^11.0",
-                "nesbot/carbon": "^2.61|^3.0",
-                "pestphp/pest": "^1.21.3",
-                "phpstan/phpstan": "^1.8.2",
-                "symfony/var-dumper": "^5.4.11|^6.2.0|^7.0.0"
+                "illuminate/support": "^10.0|^11.0|^12.0",
+                "nesbot/carbon": "^2.67|^3.0",
+                "pestphp/pest": "^2.36|^3.0",
+                "phpstan/phpstan": "^2.0",
+                "symfony/var-dumper": "^6.2.0|^7.0.0"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.x-dev"
+                    "dev-master": "2.x-dev"
                 }
             },
             "autoload": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2024-11-14T18:34:49+00:00"
+            "time": "2025-01-24T15:42:37+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -557,20 +557,20 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.7",
+            "version": "7.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1"
+                "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
-                "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
+                "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
                 "shasum": ""
             },
             "require": {
-                "laravel/serializable-closure": "^1.0",
+                "laravel/serializable-closure": "^1.0 || ^2.0",
                 "php": ">=8.0",
                 "php-di/invoker": "^2.0",
                 "psr/container": "^1.1 || ^2.0"
@@ -582,7 +582,7 @@
                 "friendsofphp/php-cs-fixer": "^3",
                 "friendsofphp/proxy-manager-lts": "^1",
                 "mnapoli/phpunit-easymock": "^1.3",
-                "phpunit/phpunit": "^9.5",
+                "phpunit/phpunit": "^9.6",
                 "vimeo/psalm": "^4.6"
             },
             "suggest": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.7"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.8"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-21T15:55:45+00:00"
+            "time": "2025-01-28T21:02:46+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1633,16 +1633,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.18.0",
+            "version": "v3.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50"
+                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
-                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/d4f8c2b86374f08efc859323dbcd95c590f7124e",
+                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e",
                 "shasum": ""
             },
             "require": {
@@ -1697,7 +1697,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.18.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.19.0"
             },
             "funding": [
                 {
@@ -1709,7 +1709,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-29T10:51:50+00:00"
+            "time": "2025-01-29T07:06:14+00:00"
         }
     ],
     "packages-dev": [

From ee5db17004124b03a3e0d0dcc571e206e41eb6b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 04:43:37 +0000
Subject: [PATCH 2940/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-25 to 1.4.2-26.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d6c266de..73737720 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-25
+FROM clamav/clamav:1.4.2-26
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From b340152d80fe90f047539601463a2a28d7f207f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 04:45:11 +0000
Subject: [PATCH 2941/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.12.2.1 to 24.04.12.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 450d201e..8766eb32 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.2.1
+FROM collabora/code:24.04.12.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From abec1ef10283a4bf33d976145d41b7313398c712 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Feb 2025 10:11:38 +0100
Subject: [PATCH 2942/3949] notify-push: add timezone to container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/containers.json b/php/containers.json
index d384053c..4bfe5d0e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -300,6 +300,7 @@
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
+        "TZ=%TIMEZONE%",
         "REDIS_HOST=nextcloud-aio-redis",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "POSTGRES_HOST=nextcloud-aio-database",

From 6170e699c50960265940dc4d4c84a25b9fefeb63 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Feb 2025 14:21:17 +0100
Subject: [PATCH 2943/3949] manual-upgrade: add note that method 1 seems to be
 currently broken

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-upgrade.md | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/manual-upgrade.md b/manual-upgrade.md
index 517c217f..43aaebb2 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -7,7 +7,11 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 ---
 
-## Method 1
+## Method 1 using `assaflavie/runlike`
+
+> [!Warning]
+> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10
+> So please refer to method 2 using Portainer.
 
 1. Start all containers from the AIO interface 
     - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
@@ -54,14 +58,11 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 ---
 
-## Method 2
+## Method 2 using Portainer
 #### *Approach using portainer if method 1 does not work for you*
 
 Prerequisite: have all containers from AIO interface running.
 
-<details>
-<summary>Click to expand</summary>
-
 ##### 1. Install portainer if not installed:
 ```bash
 docker volume create portainer_data
@@ -119,5 +120,3 @@ docker rm portainer
 docker volume rm portainer_data
 ```
 - Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
-
-</details>

From b3d8cf78fbb1864e8719f4fecbbff227e83d2a18 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Feb 2025 14:32:47 +0100
Subject: [PATCH 2944/3949] readme: add chapter how to adjust version and
 trashbin retention policy

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 5d8f735c..ad370f3e 100644
--- a/readme.md
+++ b/readme.md
@@ -216,6 +216,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor)
 - [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory)
+- [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy)
 - [Fail2ban](#fail2ban)
 - [LDAP](#ldap)
 - [Netdata](#netdata)
@@ -926,6 +927,9 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 ### How to change default files by creating a custom skeleton directory?
 All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
 
+### How to adjust the version retention policy and trashbin retention policy?
+By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 

From b87b3f7efea7472f7a06efecda57a05ae531556f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Feb 2025 14:35:11 +0100
Subject: [PATCH 2945/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 6fdac5bd..3289e1b1 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.2.2.1
+FROM onlyoffice/documentserver:8.3.0.1
 
 # USER root is probably used
 

From f9fe028f77f16e655e8e7416c82bfc5a50c452e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Feb 2025 04:43:19 +0000
Subject: [PATCH 2946/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.17.1 to 8.17.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7bcac338..68f12b7b 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.1
+FROM elasticsearch:8.17.2
 
 USER root
 

From 4f86b0ad0a8557c1aa211104a29c664d5cc0fe01 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Feb 2025 12:03:01 +0000
Subject: [PATCH 2947/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4ae29f5a..ec60ad7f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.2",
+            "version": "v2.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44"
+                "reference": "f379c13663245f7aa4512a7869f62eb14095f23f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/2e1a362527783bcab6c316aad51bf36c5513ae44",
-                "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f379c13663245f7aa4512a7869f62eb14095f23f",
+                "reference": "f379c13663245f7aa4512a7869f62eb14095f23f",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-01-24T15:42:37+00:00"
+            "time": "2025-02-11T15:03:05+00:00"
         },
         {
             "name": "nikic/fast-route",

From 1ea7f48f9f6d5d8710aef33d7736314ebe3abe5c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Feb 2025 12:03:12 +0000
Subject: [PATCH 2948/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 8bebf41c..d0f74a5a 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -202,6 +202,7 @@ services:
     environment:
       - NC_DOMAIN
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - TZ=${TIMEZONE}
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - POSTGRES_HOST=nextcloud-aio-database

From b1f14ea1871666d49531e03df4b482ce51191145 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Feb 2025 04:16:57 +0000
Subject: [PATCH 2949/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.23.6-alpine3.21 to 1.24.0-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index d8847808..29935325 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.6-alpine3.21 AS go
+FROM golang:1.24.0-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From aa94662aa7668606db8552cc2c54820a62123c7c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 13 Feb 2025 12:03:05 +0000
Subject: [PATCH 2950/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ec60ad7f..8cb814c0 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1633,24 +1633,23 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.19.0",
+            "version": "v3.20.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e"
+                "reference": "3468920399451a384bef53cf7996965f7cd40183"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/d4f8c2b86374f08efc859323dbcd95c590f7124e",
-                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3468920399451a384bef53cf7996965f7cd40183",
+                "reference": "3468920399451a384bef53cf7996965f7cd40183",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2",
+                "php": ">=8.1.0",
                 "symfony/deprecation-contracts": "^2.5|^3",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3",
-                "symfony/polyfill-php81": "^1.29"
+                "symfony/polyfill-mbstring": "^1.3"
             },
             "require-dev": {
                 "phpstan/phpstan": "^2.0",
@@ -1697,7 +1696,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.19.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.20.0"
             },
             "funding": [
                 {
@@ -1709,7 +1708,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-29T07:06:14+00:00"
+            "time": "2025-02-13T08:34:43+00:00"
         }
     ],
     "packages-dev": [

From afba1368eaaf2c3336e5c266e16e816c6bd38e6e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 14 Feb 2025 12:02:55 +0000
Subject: [PATCH 2951/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8cb814c0..0c72e6dd 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2699,16 +2699,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.0.0",
+            "version": "2.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299"
+                "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/c00d78fb6b29658347f9d37ebe104bffadf36299",
-                "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/72e51f7c32c5aef7c8b462195b8c599b11199893",
+                "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893",
                 "shasum": ""
             },
             "require": {
@@ -2740,9 +2740,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.1"
             },
-            "time": "2024-10-13T11:29:49+00:00"
+            "time": "2025-02-13T12:25:43+00:00"
         },
         {
             "name": "sebastian/diff",

From 52b8f7bccb9365fc40e62b6e98bb0c4ff208c1ad Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 14 Feb 2025 12:11:15 +0000
Subject: [PATCH 2952/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 04606113..3bd9b5f7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.5
+ENV NEXTCLOUD_VERSION=30.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From db77606f55f456bbf285be5cd51c66b42d19181f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 04:59:41 +0000
Subject: [PATCH 2953/3949] build(deps): bump alpine from 3.21.2 to 3.21.3 in
 /Containers/borgbackup

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 120bedf2..d2f78df2 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 
 RUN set -ex; \
     \

From da2358644113ff38a12cf2cc0e7bf754f761ce8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 04:59:43 +0000
Subject: [PATCH 2954/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-26 to 1.4.2-27.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 73737720..3825d6c8 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-26
+FROM clamav/clamav:1.4.2-27
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From 847fe97e47e3f52b6121d017d72a5e21fe55df32 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 04:59:49 +0000
Subject: [PATCH 2955/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index b1fe44be..d36a2611 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 7cf6486c520facf609ec97212d3d663f10eb4ddd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 04:59:54 +0000
Subject: [PATCH 2956/3949] build(deps): bump alpine from 3.21.2 to 3.21.3 in
 /Containers/imaginary

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 29935325..dfa97d11 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 07bfea3b6c1ef59d0425010a249d1032f7aa311e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 05:00:04 +0000
Subject: [PATCH 2957/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.16-fpm-alpine3.21 to 8.3.17-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 51081511..c7da9741 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:27.5.1-cli AS docker
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.16-fpm-alpine3.21
+FROM php:8.3.17-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From c4a332eab13b7096fc4c26219ac95beacdae3075 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 05:00:25 +0000
Subject: [PATCH 2958/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.16-fpm-alpine3.21 to 8.3.17-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3bd9b5f7..9af52cd8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.16-fpm-alpine3.21
+FROM php:8.3.17-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From c58c789f58b78162c3118859dc80293054f86f72 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 05:00:28 +0000
Subject: [PATCH 2959/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 21b83b68..15fd98a0 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From dd74c9b3af05703a8cb2c7628c6f789ea1da9ff7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 05:00:45 +0000
Subject: [PATCH 2960/3949] build(deps): bump alpine from 3.21.2 to 3.21.3 in
 /Containers/talk

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index b334fd1b..e050e926 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.10.25-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
-FROM alpine:3.21.2 AS janus
+FROM alpine:3.21.3 AS janus
 
 ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

From 50050574c72004a8cb7c54c669ecb7c6cb838f2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 05:01:02 +0000
Subject: [PATCH 2961/3949] build(deps): bump alpine from 3.21.2 to 3.21.3 in
 /Containers/watchtower

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 8a0592fe..8bd5da34 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From cca7eef06be5bf62d4e0558e39974eeab33d97bb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Feb 2025 18:05:09 +0100
Subject: [PATCH 2962/3949] FTS: allow to adjust the ES_JAVA_OPTS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/fulltextsearch/Dockerfile                       | 1 +
 compose.yaml                                               | 1 +
 manual-install/latest.yml                                  | 2 +-
 manual-install/sample.conf                                 | 1 +
 manual-install/update-yaml.sh                              | 1 +
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                    | 2 ++
 nextcloud-aio-helm-chart/values.yaml                       | 1 +
 php/containers.json                                        | 2 +-
 php/src/Data/ConfigurationManager.php                      | 7 +++++++
 php/src/Docker/DockerActionManager.php                     | 2 ++
 readme.md                                                  | 6 +++++-
 tests/QA/060-environmental-variables.md                    | 1 +
 13 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7bcac338..dcc52fda 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -22,3 +22,4 @@ USER 1000:0
 
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
+ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
diff --git a/compose.yaml b/compose.yaml
index 61c81a44..a72fbf50 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -20,6 +20,7 @@ services:
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 8bebf41c..daf85630 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -429,7 +429,7 @@ services:
       - "9200"
     environment:
       - TZ=${TIMEZONE}
-      - ES_JAVA_OPTS=-Xms512M -Xmx512M
+      - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
       - bootstrap.memory_lock=true
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index 79fa9b36..de7dd709 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -26,6 +26,7 @@ APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync w
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
+FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 95c99426..5a4af271 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -93,6 +93,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
+sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 9979136b..ab8ba44a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -35,7 +35,7 @@ spec:
       containers:
         - env:
             - name: ES_JAVA_OPTS
-              value: -Xms512M -Xmx512M
+              value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
             - name: FULLTEXTSEARCH_PASSWORD
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: TZ
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 3a8fff29..6f54d824 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -306,6 +306,8 @@ cat << EOL > /tmp/additional.config
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*fulltextsearch-deployment.yaml' -exec sed -i 's/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS }}/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}/'  \{} \;
 
 # Additional config
 cat << EOL > /tmp/additional-apache.config
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 3f760504..bbf597f3 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -25,6 +25,7 @@ APACHE_MAX_SIZE: "17179869184"          # This needs to be an integer and in syn
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
+FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M          # Allows to adjust the fulltextsearch java options.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
diff --git a/php/containers.json b/php/containers.json
index d384053c..846a60d8 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -785,7 +785,7 @@
       "internal_port": "9200",
       "environment": [
         "TZ=%TIMEZONE%",
-        "ES_JAVA_OPTS=-Xms512M -Xmx512M",
+        "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%",
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a06f666c..d8c0c8ec 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -714,6 +714,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetFulltextsearchJavaOptions() : string {
+        $envVariableName = 'FULLTEXTSEARCH_JAVA_OPTIONS';
+        $configName = 'fulltextsearch_java_options';
+        $defaultValue = '-Xms512M -Xmx512M';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetDockerSocketPath() : string {
         $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
         $configName = 'docker_socket_path';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e98a5237..a22b2efb 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -357,6 +357,8 @@ readonly class DockerActionManager {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
                 } elseif ($out[1] === 'BORG_RETENTION_POLICY') {
                     $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy();
+                } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
+                    $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions();
                 } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
                     $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
diff --git a/readme.md b/readme.md
index 5d8f735c..dbd4eda5 100644
--- a/readme.md
+++ b/readme.md
@@ -226,6 +226,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 - [Requirements for integrating new containers](#requirements-for-integrating-new-containers)
 - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca)
 - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature)
+- [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options)
 - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
 - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges)
 
@@ -970,7 +971,10 @@ When using `docker run`, the environmental variable can be set with `--env NEXTC
 In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
 
 ### How to disable Collabora's Seccomp feature?
-The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
+The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. 
+
+### How to adjust the Fulltextsearch Java options?
+The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used.
 
 ### How to enable automatic updates without creating a backup beforehand?
 If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index fd6a4dca..b2fadceb 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -12,6 +12,7 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs.
+- [ ] When starting the mastercontainer with `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` it should change Elasticsearchs `ES_JAVA_OPTS` options to the defined one. This can be checked by checking the `ES_JAVA_OPTS` variable for the nextcloud-aio-fulltextsearch container.
 - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.

From b60db873218299f82ca64f106e57a17d270dc4be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Feb 2025 11:50:52 +0100
Subject: [PATCH 2963/3949] aio-interface: show checkbox for hub 10

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 php/templates/containers.twig           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8c2d3abe..ee439824 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -171,7 +171,7 @@ readonly class DockerController {
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 30;
+            $installLatestMajor = 31;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f167dd5d..fb5c5b24 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -33,7 +33,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = '' %}
+            {% set newMajorVersion = 31 %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -322,7 +322,7 @@
                                 {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
                                     <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/5133">this documentation</a></strong></p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}

From 62c4cd4188661c9949a0cff186ee536829a8137f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Feb 2025 11:53:14 +0100
Subject: [PATCH 2964/3949] increase to 10.6.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fb5c5b24..03fe7802 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.5.0</h1>
+            <h1>Nextcloud AIO v10.6.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From c684ce206c41c1d9f67f87b0e6368ad653be780b Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Mon, 10 Feb 2025 08:19:47 -0500
Subject: [PATCH 2965/3949] Allow Jellyfin write access to NEXTCLOUD_MOUNT

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
---
 community-containers/jellyfin/jellyfin.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/jellyfin/jellyfin.json b/community-containers/jellyfin/jellyfin.json
index 47972588..f0840913 100644
--- a/community-containers/jellyfin/jellyfin.json
+++ b/community-containers/jellyfin/jellyfin.json
@@ -25,7 +25,7 @@
                 {
                     "source": "%NEXTCLOUD_MOUNT%",
                     "destination": "%NEXTCLOUD_MOUNT%",
-                    "writeable": false
+                    "writeable": true
                 }
             ],
             "devices": [

From 577b22192dc32f7f0d934bf7308601d4ab202a14 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Feb 2025 05:04:22 +0000
Subject: [PATCH 2966/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 16.6-alpine to 16.7-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 40479f97..a537d0a2 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
-FROM postgres:16.6-alpine
+FROM postgres:16.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 61749514a179ab32d32c7157968411f23bdac5ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Feb 2025 11:36:52 +0100
Subject: [PATCH 2967/3949] readme: re-order the faq section and add chapters

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 896 ++++++++++++++++++++++++++++--------------------------
 1 file changed, 457 insertions(+), 439 deletions(-)

diff --git a/readme.md b/readme.md
index 513e0e03..5f6abfd6 100644
--- a/readme.md
+++ b/readme.md
@@ -137,50 +137,84 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
 `https://your-domain-that-points-to-this-server.tld:8443`
 5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## FAQ
-- [Where can I find additional documentation?](#where-can-i-find-additional-documentation)
-- [How does it work?](#how-does-it-work)
-- [How to contribute?](#how-to-contribute)
-- [How many users are possible?](#how-many-users-are-possible)
-- [Are reverse proxies supported?](#are-reverse-proxies-supported)
-- [Which CPU architectures are supported?](#which-cpu-architectures-are-supported)
-- [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter)
-- [Explanation of used ports:](#explanation-of-used-ports)
-- [How to run AIO on macOS?](#how-to-run-aio-on-macos)
-- [How to run AIO on Windows?](#how-to-run-aio-on-windows)
-- [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
-- [How to run AIO with Portainer?](#how-to-run-aio-with-portainer)
-- [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
-- [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel)
-- [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale)
-- [Disrecommended VPS providers](#disrecommended-vps-providers)
-- [Recommended VPS](#recommended-vps)
-- [Note on storage options](#note-on-storage-options)
-- [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge)
-- [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan)
-- [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain)
-- [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system)
-- [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud)
-- [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains)
-- [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported)
-- [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain)
-- [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally)
-- [How to skip the domain validation?](#how-to-skip-the-domain-validation)
-- [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
-- [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled)
-- [How to run `occ` commands?](#how-to-run-occ-commands)
-- [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install)
-- [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server)
-- [Bruteforce protection FAQ](#bruteforce-protection-faq)
-- [Update policy](#update-policy)
-- [How to switch the channel?](#how-to-switch-the-channel)
-- [How to update the containers?](#how-to-update-the-containers)
-    - [How often are update notifications sent?](#how-often-are-update-notifications-sent)
-- [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface)
-- [How to change the domain?](#how-to-change-the-domain)
-- [How to properly reset the instance?](#how-to-properly-reset-the-instance)
-- [Backup solution](#backup-solution)
+# FAQ
+- [TOC](#faq)
+    - [Where can I find additional documentation?](#where-can-i-find-additional-documentation)
+    - [How does it work?](#how-does-it-work)
+    - [How to contribute?](#how-to-contribute)
+    - [How many users are possible?](#how-many-users-are-possible)
+- [Network](#network)
+    - [Are reverse proxies supported?](#are-reverse-proxies-supported)
+    - [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter)
+    - [Explanation of used ports](#explanation-of-used-ports)
+    - [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel)
+    - [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
+    - [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale)
+    - [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge)
+    - [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan)
+    - [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain)
+    - [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system)
+    - [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud)
+    - [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains)
+    - [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported)
+    - [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain)
+    - [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally)
+    - [How to skip the domain validation?](#how-to-skip-the-domain-validation)
+    - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
+    - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
+- [Infrastructure](#infrastructure)
+    - [Which CPU architectures are supported?](#which-cpu-architectures-are-supported)
+    - [Disrecommended VPS providers](#disrecommended-vps-providers)
+    - [Recommended VPS](#recommended-vps)
+    - [Note on storage options](#note-on-storage-options)
+    - [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled)
+- [Customization](#customization)
+    - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
+    - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
+    - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
+    - [How to adjust the Talk port?](#how-to-adjust-the-talk-port)
+    - [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud)
+    - [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud)
+    - [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud)
+    - [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
+    - [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container)
+    - [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container)
+    - [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app)
+    - [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud)
+        - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia)
+        - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta)
+    - [How to keep disabled apps?](#how-to-keep-disabled-apps)
+    - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca)
+    - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature)
+    - [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options)
+- [Guides](#guides)
+    - [How to run AIO on macOS?](#how-to-run-aio-on-macos)
+    - [How to run AIO on Windows?](#how-to-run-aio-on-windows)
+    - [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
+    - [How to run AIO with Portainer?](#how-to-run-aio-with-portainer)
+    - [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
+    - [How to run `occ` commands?](#how-to-run-occ-commands)
+    - [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install)
+    - [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server)
+    - [Bruteforce protection FAQ](#bruteforce-protection-faq)
+    - [How to switch the channel?](#how-to-switch-the-channel)
+    - [How to update the containers?](#how-to-update-the-containers)
+    - [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface)
+    - [How to change the domain?](#how-to-change-the-domain)
+    - [How to properly reset the instance?](#how-to-properly-reset-the-instance)
+    - [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir)
+    - [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm)
+    - [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes)
+    - [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker)
+    - [Can I run this with Podman instead of Docker?](#can-i-run-this-with-podman-instead-of-docker)
+    - [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually)
+    - [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor)
+    - [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory)
+    - [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy)
+    - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
+    - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges)
+    - [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio)
+- [Backup](#backup)
     - [What is getting backed up by AIO's backup solution?](#what-is-getting-backed-up-by-aios-backup-solution)
     - [How to adjust borgs retention policy?](#how-to-adjust-borgs-retention-policy)
     - [How to migrate from AIO to AIO?](#how-to-migrate-from-aio-to-aio)
@@ -191,46 +225,20 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
     - [Delete backup archives manually](#delete-backup-archives-manually)
     - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive)
     - [How to exclude Nextcloud's data directory or the preview folder from backup?](#how-to-exclude-nextclouds-data-directory-or-the-preview-folder-from-backup)
-- [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
-- [How to disable the backup section?](#how-to-disable-the-backup-section)
-- [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
-- [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir)
-- [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
-- [How to adjust the Talk port?](#how-to-adjust-the-talk-port)
-- [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud)
-- [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud)
-- [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud)
-- [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
-- [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm)
-- [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes)
-- [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker)
-- [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
-- [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container)
-- [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container)
-- [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app)
-- [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud)
-    - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia)
-    - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta)
-- [How to keep disabled apps?](#how-to-keep-disabled-apps)
-- [Huge docker logs](#huge-docker-logs)
-- [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually)
-- [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
-- [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor)
-- [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory)
-- [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy)
-- [Fail2ban](#fail2ban)
-- [LDAP](#ldap)
-- [Netdata](#netdata)
-- [USER_SQL](#user_sql)
-- [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin)
-- [Mail server](#mail-server)
-- [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio)
-- [Requirements for integrating new containers](#requirements-for-integrating-new-containers)
-- [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca)
-- [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature)
-- [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options)
-- [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
-- [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges)
+    - [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally)
+    - [How to disable the backup section?](#how-to-disable-the-backup-section)
+- [Addons](#addons)
+    - [Fail2ban](#fail2ban)
+    - [LDAP](#ldap)
+    - [Netdata](#netdata)
+    - [USER_SQL](#user_sql)
+    - [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin)
+    - [Mail server](#mail-server)
+- [Miscellaneous](#miscellaneous)
+    - [Requirements for integrating new containers](#requirements-for-integrating-new-containers)
+    - [Update policy](#update-policy)
+    - [How often are update notifications sent?](#how-often-are-update-notifications-sent)
+    - [Huge docker logs](#huge-docker-logs)
 
 ### Where can I find additional documentation?
 Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki).
@@ -244,21 +252,18 @@ See [this issue](https://github.com/nextcloud/all-in-one/issues/5251) for a list
 ### How many users are possible?
 Up to 100 users are free, more are possible with [Nextcloud Enterprise](https://nextcloud.com/all-in-one/)
 
+## Network
+
 ### Are reverse proxies supported?
 Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 
-### Which CPU architectures are supported?
-You can check this on Linux by running: `uname -m`
-- x86_64/x64/amd64
-- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
-
 ### Which ports are mandatory to be open in your firewall/router?
 Only those (if you access the Mastercontainer Interface internally via port 8080):
 - `443/TCP` for the Apache container
 - `443/UDP` if you want to enable http3 for the Apache container
 - `3478/TCP` and `3478/UDP` for the Talk container
 
-### Explanation of used ports:
+### Explanation of used ports
 - `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
 - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
 - `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
@@ -266,6 +271,235 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `443/UDP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router if you want to enable http3
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router
 
+### Notes on Cloudflare (proxy/tunnel)
+Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
+- Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
+- Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
+- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+- Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
+- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
+- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
+- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
+- It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
+- Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
+- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`.
+- If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
+- If you are using AIO's built-in Reverse Proxy and don't use your own, then the certificate issuing may possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. Note that this isn't an option if you need Cloudflare Tunnel as disabling the proxy would also disable Cloudflare Tunnel which would in turn make your server unreachable for the verification. See https://github.com/nextcloud/all-in-one/discussions/1101.
+
+### How to run Nextcloud behind a Cloudflare Tunnel?
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
+
+### How to run Nextcloud via Tailscale?
+For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+
+### How to get Nextcloud running using the ACME DNS-challenge?
+You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
+
+### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
+If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
+
+### Can I use an ip-address for Nextcloud instead of a domain?
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+
+### Can I run AIO offline or in an airgapped system?
+No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
+
+### Are self-signed certificates supported for Nextcloud?
+No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+
+### Can I use AIO with multiple domains?
+No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
+
+### Are other ports than the default 443 for Nextcloud supported?
+No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
+
+### Can I run Nextcloud in a subdirectory on my domain?
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
+
+### How can I access Nextcloud locally?
+Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+
+Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+
+Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
+- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
+- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
+- https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/
+- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
+Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole
+
+### How to skip the domain validation?
+If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+
+### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
+It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
+```
+sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
+sudo systemctl restart firewalld docker
+```
+Afterwards it should work.<br>
+
+See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
+
+### What can I do to fix the internal or reserved ip-address error?
+If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
+
+## Infrastructure
+
+### Which CPU architectures are supported?
+You can check this on Linux by running: `uname -m`
+- x86_64/x64/amd64
+- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
+
+### Disrecommended VPS providers
+- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.
+  If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it
+  your server will likely misbehave once it reaches this limit
+  which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164).
+- Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
+
+### Recommended VPS
+In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
+
+### Note on storage options
+- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
+- SSD storage is recommended
+- HDD storage should work as well but is of course much slower than SSD storage
+
+### Are there known problems when SELinux is enabled?
+Yes. If SELinux is enabled, you might need to add the `--security-opt label:disable` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label:disable"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485
+
+## Customization
+
+### How to change the default location of Nextcloud's Datadir?
+> [!WARNING]  
+> Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
+
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
+
+- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
+- On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
+- For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
+- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
+- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. on Windows with:
+    ```
+    docker volume create ^
+    --driver local ^
+    --name nextcloud_aio_nextcloud_datadir ^
+    -o device="/host_mnt/e/your/data/path" ^
+    -o type="none" ^
+    -o o="bind"
+    ```
+    In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly.
+
+### How to store the files/installation on a separate drive?
+You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
+(Of course docker needs to be installed first for this to work.)
+
+⚠️ If you encounter errors from richdocuments in your Nextcloud logs, check in your Collabora container if the message "Capabilities are not set for the coolforkit program." appears. If so, follow these steps:
+
+1. Stop all the containers from the AIO Interface.
+2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`).
+3. You might also want to prune your Docker (`docker system prune`) (no data will be lost).
+4. Restart your containers from the AIO Interface.
+
+This should solve the problem.
+
+### How to allow the Nextcloud container to access directories on the host?
+By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+
+- Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
+- On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
+- For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`.
+- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
+
+After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
+
+You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
+
+Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
+
+> [!NOTE]  
+> If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
+
+### How to adjust the Talk port?
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
+
+### How to adjust the upload limit for Nextcloud?
+By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
+
+### How to adjust the max execution time for Nextcloud?
+By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
+
+### How to adjust the PHP memory limit for Nextcloud?
+By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+
+### How to change the Nextcloud apps that are installed on the first startup?
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+
+### How to add OS packages permanently to the Nextcloud container?
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
+
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+
+### How to add PHP extensions permanently to the Nextcloud container?
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
+
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
+
+### What about the pdlib PHP extension for the facerecognition app?
+The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
+
+### How to enable hardware acceleration for Nextcloud?
+Some container can use GPU acceleration to increase performance like [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos.
+
+#### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia
+
+> [!WARNING]  
+> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host.
+
+A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html).
+
+This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.
+
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
+
+
+#### With proprietary drivers for Nvidia :warning: BETA
+
+> [!WARNING]
+> This only works if the Nvidia Toolkit is installed on the host and an NVIDIA GPU is enabled! Make sure that it is correctly configured on the host. If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
+> 
+> This feature is in beta. Since the proprietary, we haven't a lot of user using proprietary drivers, we can't guarantee the stability of this feature. Your feedback is welcome.
+
+This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.
+
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
+
+If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
+
+### How to keep disabled apps?
+In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
+> [!WARNING]  
+> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
+
+### How to trust user-defined Certification Authorities (CA)?
+For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
+
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+
+When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+
+In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
+
+### How to disable Collabora's Seccomp feature?
+The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. 
+
+### How to adjust the Fulltextsearch Java options?
+The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used.
+
+## Guides
+
 ### How to run AIO on macOS?
 On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
 
@@ -319,7 +553,6 @@ If you have the NAS setup on your local network (which is most often the case) y
 The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
 ### Can I run AIO on TrueNAS SCALE?
-
 With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment.
 
 For a more complete guide, see this guide by @zybster: https://github.com/nextcloud/all-in-one/discussions/5506
@@ -328,94 +561,6 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways
 
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 
-### Notes on Cloudflare (proxy/tunnel)
-Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
-- Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
-- Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
-- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
-- Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
-- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
-- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065)
-- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled.
-- It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
-- Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
-- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`.
-- If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
-- If you are using AIO's built-in Reverse Proxy and don't use your own, then the certificate issuing may possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. Note that this isn't an option if you need Cloudflare Tunnel as disabling the proxy would also disable Cloudflare Tunnel which would in turn make your server unreachable for the verification. See https://github.com/nextcloud/all-in-one/discussions/1101.
-
-### How to run Nextcloud behind a Cloudflare Tunnel?
-Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
-
-### How to run Nextcloud via Tailscale?
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
-
-### Disrecommended VPS providers
-- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.
-  If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it
-  your server will likely misbehave once it reaches this limit
-  which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164).
-- Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956).
-
-### Recommended VPS
-In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them.
-
-### Note on storage options
-- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts
-- SSD storage is recommended
-- HDD storage should work as well but is of course much slower than SSD storage
-
-### How to get Nextcloud running using the ACME DNS-challenge?
-You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
-
-### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
-If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
-
-### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
-
-### Can I run AIO offline or in an airgapped system?
-No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
-
-### Are self-signed certificates supported for Nextcloud?
-No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
-
-### Can I use AIO with multiple domains?
-No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
-
-### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
-
-### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
-
-### How can I access Nextcloud locally?
-Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
-
-Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
-
-Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
-- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
-- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
-- https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/
-- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
-Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole
-
-### How to skip the domain validation?
-If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
-
-### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
-It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
-```
-sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
-sudo systemctl restart firewalld docker
-```
-Afterwards it should work.<br>
-
-See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
-
-### Are there known problems when SELinux is enabled?
-Yes. If SELinux is enabled, you might need to add the `--security-opt label:disable` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label:disable"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485
-
 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
 
@@ -428,9 +573,6 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 ### Bruteforce protection FAQ
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
 
-### Update policy
-This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.
-
 ### How to switch the channel?
 You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa.
 
@@ -441,9 +583,6 @@ If a new `mastercontainer` update was found, you'll see a note below the `Stop c
 
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 
-#### How often are update notifications sent?
-AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
-
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. 
 
@@ -483,7 +622,121 @@ Here is how to reset the AIO instance properly:
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 
-### Backup solution
+### Can I use a CIFS/SMB share as Nextcloud's datadir?
+Sure. Add this to the `/etc/fstab` file on the host system: <br>
+`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,mfsymlinks,seal,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+(Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
+
+One example could look like this:<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+and add into `/etc/storage-credentials`:
+```
+username=<smb/cifs username>
+password=<password>
+```
+(Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
+
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one.
+
+### Can I run this with Docker swarm?
+Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
+
+### Can I run this with Kubernetes?
+Yes. For that to work, you need to use and follow the [helm-chart documentation](./nextcloud-aio-helm-chart/).
+
+### How to run this with Docker rootless?
+You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
+
+### Can I run this with Podman instead of Docker?
+Since Podman is not 100% compatible with the Docker API, Podman is not supported (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section. Also there is this now: https://github.com/nextcloud/all-in-one/discussions/3487
+
+### Access/Edit Nextcloud files/folders manually
+The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
+
+After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
+
+### How to edit Nextclouds config.php file with a texteditor?
+You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
+
+### How to change default files by creating a custom skeleton directory?
+All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
+
+### How to adjust the version retention policy and trashbin retention policy?
+By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+
+### How to enable automatic updates without creating a backup beforehand?
+If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
+
+But anyhow, is here a guide that helps you automate the whole procedure:
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Stop the containers
+docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+# Below is optional if you run AIO in a VM which will shut down the VM afterwards
+# poweroff
+
+```
+
+</details>
+
+You can simply copy and paste the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs it on a schedule e.g. runs the script at `04:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
+1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` and then `Enter` to save, and close the editor with `Ctrl + x`).
+
+
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextcloud's datadir if it is not stored in a docker volume.**
+
+**Afterwards, you can create a second script that automatically updates the containers:**
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Run container update once
+if ! docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+
+    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do
+        echo "Waiting for Mastercontainer to start"
+        sleep 30
+    done
+
+    # Run container update another time to make sure that all containers are updated correctly.
+    docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+fi
+
+```
+
+</details>
+
+You can simply copy and paste the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
+1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
+
+### Securing the AIO interface from unauthorized ACME challenges
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+
+### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
+Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
+
+## Backup
 Nextcloud AIO provides a backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a restore point in case the installation gets corrupted. By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.
 
 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 
@@ -526,13 +779,13 @@ Be aware that this solution does not back up files and folders that are mounted
 
 ---
 
-#### What is getting backed up by AIO's backup solution?
+### What is getting backed up by AIO's backup solution?
 Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
 
-#### How to adjust borgs retention policy?
+### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
-#### How to migrate from AIO to AIO?
+### How to migrate from AIO to AIO?
 If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere.
 
 1. Set the DNS entry to 60 seconds TTL if applicable
@@ -556,7 +809,7 @@ If you have the borg backup feature enabled, you can copy it over to the new hos
 1. Wait until the backup is restored
 1. Start the containers in the AIO interface
 
-#### Are remote borg backups supported?
+### Are remote borg backups supported?
 Backing up directly to a remote borg repository is supported. This avoids having to store a local copy of your backups, supports append-only borg keys to counter ransomware and allows using the AIO interface to manage your backups.
 
 Some alternatives, which do not have all the above benefits:
@@ -569,12 +822,12 @@ Some alternatives, which do not have all the above benefits:
 
 ---
 
-#### Failure of the backup container in LXC containers
+### Failure of the backup container in LXC containers
 If you are running AIO in a LXC container, you need to make sure that FUSE is enabled in the LXC container settings. Also, if using Alpine Linux as host OS, make sure to add fuse via `apk add fuse`. Otherwise the backup container will not be able to start as FUSE is required for it to work.
 
 ---
 
-#### How to create the backup volume on Windows?
+### How to create the backup volume on Windows?
 As stated in the AIO interface, it is possible to use a docker volume as backup target. Before you can use that, you need to create it first. Here is an example how to create one on Windows:
 ```
 docker volume create ^
@@ -588,7 +841,7 @@ In this example, it would mount `E:\your\backup\path` into the volume so for a d
 
 ---
 
-#### Pro-tip: Backup archives access
+### Pro-tip: Backup archives access
 You can open the BorgBackup archives on your host by following these steps:<br>
 (instructions for Ubuntu Desktop)
 
@@ -618,7 +871,7 @@ sudo umount /tmp/borg
 
 ---
 
-#### Delete backup archives manually
+### Delete backup archives manually
 You can delete BorgBackup archives on your host manually by following these steps:<br>
 (instructions for Debian based OS' like Ubuntu)
 
@@ -654,7 +907,7 @@ You can do so by clicking on the `Check backup integrity` button or `Create back
 
 ---
 
-#### Sync local backups regularly to another drive
+### Sync local backups regularly to another drive
 For increased backup security, you might consider syncing the local backup repository regularly to another drive.
 
 To do that, first add the drive to `/etc/fstab` so that it is able to get automatically mounted and then create a script that does all the things automatically. Here is an example for such a script:
@@ -752,7 +1005,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 
 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
 
-#### How to exclude Nextcloud's data directory or the preview folder from backup?
+### How to exclude Nextcloud's data directory or the preview folder from backup?
 In order to speed up the backups and to keep the backup archives small, you might want to exclude Nextcloud's data directory or its preview folder from backup. 
 
 > [!WARNING]
@@ -784,166 +1037,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 ### How to disable the backup section?
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
-### How to change the default location of Nextcloud's Datadir?
-> [!WARNING]  
-> Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
-
-You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
-
-- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
-- On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
-- For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
-- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
-- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. on Windows with:
-    ```
-    docker volume create ^
-    --driver local ^
-    --name nextcloud_aio_nextcloud_datadir ^
-    -o device="/host_mnt/e/your/data/path" ^
-    -o type="none" ^
-    -o o="bind"
-    ```
-    In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly.
-
-### Can I use a CIFS/SMB share as Nextcloud's datadir?
-
-Sure. Add this to the `/etc/fstab` file on the host system: <br>
-`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,mfsymlinks,seal,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
-(Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
-
-One example could look like this:<br>
-`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
-and add into `/etc/storage-credentials`:
-```
-username=<smb/cifs username>
-password=<password>
-```
-(Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
-
-Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one.
-
-### How to allow the Nextcloud container to access directories on the host?
-By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
-
-- Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
-- On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
-- For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`.
-- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.
-
-After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
-
-You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
-
-Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
-
-> [!NOTE]  
-> If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
-
-### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
-
-### How to adjust the upload limit for Nextcloud?
-By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
-
-### How to adjust the max execution time for Nextcloud?
-By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
-
-### How to adjust the PHP memory limit for Nextcloud?
-By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
-
-### What can I do to fix the internal or reserved ip-address error?
-If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
-
-### Can I run this with Docker swarm?
-Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
-
-### Can I run this with Kubernetes?
-Yes. For that to work, you need to use and follow the [helm-chart documentation](./nextcloud-aio-helm-chart/).
-
-### How to run this with Docker rootless?
-You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
-
-### Can I run this with Podman instead of Docker?
-Since Podman is not 100% compatible with the Docker API, Podman is not supported (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section. Also there is this now: https://github.com/nextcloud/all-in-one/discussions/3487
-
-### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
-
-### How to add OS packages permanently to the Nextcloud container?
-Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
-
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
-
-### How to add PHP extensions permanently to the Nextcloud container?
-Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
-
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
-
-### What about the pdlib PHP extension for the facerecognition app?
-The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
-
-### How to enable hardware acceleration for Nextcloud?
-Some container can use GPU acceleration to increase performance like [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos.
-
-#### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia
-
-> [!WARNING]  
-> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host.
-
-A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html).
-
-This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.
-
-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
-
-
-#### With proprietary drivers for Nvidia :warning: BETA
-
-> [!WARNING]
-> This only works if the Nvidia Toolkit is installed on the host and an NVIDIA GPU is enabled! Make sure that it is correctly configured on the host. If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
-> 
-> This feature is in beta. Since the proprietary, we haven't a lot of user using proprietary drivers, we can't guarantee the stability of this feature. Your feedback is welcome.
-
-This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.
-
-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
-
-If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
-
-### How to keep disabled apps?
-In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
-> [!WARNING]  
-> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
-
-### Huge docker logs
-If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.
-
-### Access/Edit Nextcloud files/folders manually
-The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
-
-After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
-
-### How to store the files/installation on a separate drive?
-You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
-(Of course docker needs to be installed first for this to work.)
-
-⚠️ If you encounter errors from richdocuments in your Nextcloud logs, check in your Collabora container if the message "Capabilities are not set for the coolforkit program." appears. If so, follow these steps:
-
-1. Stop all the containers from the AIO Interface.
-2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`).
-3. You might also want to prune your Docker (`docker system prune`) (no data will be lost).
-4. Restart your containers from the AIO Interface.
-
-This should solve the problem.
-
-### How to edit Nextclouds config.php file with a texteditor?
-You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
-
-### How to change default files by creating a custom skeleton directory?
-All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
-
-### How to adjust the version retention policy and trashbin retention policy?
-By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+## Addons
 
 ### Fail2ban
 You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
@@ -963,8 +1057,7 @@ It is possible to install any of these to get a GUI for your AIO database. The p
 ### Mail server
 You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart
 
-### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
-Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
+## Miscellaneous
 
 ### Requirements for integrating new containers
 For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it. Also there is this now: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
@@ -979,86 +1072,11 @@ What are the requirements?
 7. No additional setup should be needed after adding the container - it should work completely out of the box.
 8. If the container requires being exposed, only subfolders are supported. So the container should not require its own (sub-)domain and must be able to run in a subfolder.
 
-### How to trust user-defined Certification Authorities (CA)?
-For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
+### Update policy
+This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+### How often are update notifications sent?
+AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
 
-When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
-
-In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
-
-### How to disable Collabora's Seccomp feature?
-The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. 
-
-### How to adjust the Fulltextsearch Java options?
-The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used.
-
-### How to enable automatic updates without creating a backup beforehand?
-If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
-
-But anyhow, is here a guide that helps you automate the whole procedure:
-
-<details>
-<summary>Click here to expand</summary>
-
-```bash
-#!/bin/bash
-
-# Stop the containers
-docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
-
-# Below is optional if you run AIO in a VM which will shut down the VM afterwards
-# poweroff
-
-```
-
-</details>
-
-You can simply copy and paste the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
-
-Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs it on a schedule e.g. runs the script at `04:00` each day like this: 
-1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
-1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
-1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` and then `Enter` to save, and close the editor with `Ctrl + x`).
-
-
-**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextcloud's datadir if it is not stored in a docker volume.**
-
-**Afterwards, you can create a second script that automatically updates the containers:**
-
-<details>
-<summary>Click here to expand</summary>
-
-```bash
-#!/bin/bash
-
-# Run container update once
-if ! docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
-    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-        echo "Waiting for watchtower to stop"
-        sleep 30
-    done
-
-    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do
-        echo "Waiting for Mastercontainer to start"
-        sleep 30
-    done
-
-    # Run container update another time to make sure that all containers are updated correctly.
-    docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
-fi
-
-```
-
-</details>
-
-You can simply copy and paste the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
-
-Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
-1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
-1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
-1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
-
-### Securing the AIO interface from unauthorized ACME challenges
-[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+### Huge docker logs
+If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.

From c531f516d3ab1d151c0252af10cfba2f0965290e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 18 Feb 2025 12:11:54 +0000
Subject: [PATCH 2968/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0c72e6dd..1cce5d4a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2699,16 +2699,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.0.1",
+            "version": "2.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893"
+                "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/72e51f7c32c5aef7c8b462195b8c599b11199893",
-                "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51087f87dcce2663e1fed4dfd4e56eccd580297e",
+                "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e",
                 "shasum": ""
             },
             "require": {
@@ -2740,9 +2740,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.1"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.2"
             },
-            "time": "2025-02-13T12:25:43+00:00"
+            "time": "2025-02-17T20:25:51+00:00"
         },
         {
             "name": "sebastian/diff",

From efe9aac94db6c222cde087b41d0b1dbf2ca8c3ac Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Feb 2025 22:42:23 +0100
Subject: [PATCH 2969/3949] add info box in how-to sectioin

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 5f6abfd6..27c45154 100644
--- a/readme.md
+++ b/readme.md
@@ -81,7 +81,9 @@ Included are:
 | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
-The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+> [!INFO]
+> The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
 >[!WARNING]
 > You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: 

From 77a44ee7ff6a7dc3c48a9d5713ed4f8033be95a8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Feb 2025 22:52:21 +0100
Subject: [PATCH 2970/3949] aio-interface: adjust aplicable links to always
 open in a new tab

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig                 | 58 +++++++++----------
 php/templates/includes/aio-config.twig        | 18 +++---
 php/templates/includes/backup-dirs.twig       |  2 +-
 .../includes/optional-containers.twig         | 12 ++--
 php/templates/login.twig                      |  2 +-
 5 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 03fe7802..cc038cf4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -81,7 +81,7 @@
                 {% if is_backup_container_running == false and domain == "" %}
                     {% if isDomaincheckRunning == false %}
                         <h2>Domaincheck container is not running</h2>
-                        <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
+                        <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                     {% elseif is_mastercontainer_update_available == true %}
                         <h2>Mastercontainer update</h2>
                         <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
@@ -97,7 +97,7 @@
                             {{ include('includes/aio-config.twig') }}
                             <h2>New AIO instance</h2>
                             {% if apache_port == '443' %}
-                                <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
+                                <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
@@ -115,14 +115,14 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
-                                    <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
-                                    <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
+                                    <p>If you have a dynamic public IP-address, you can use e.g. <a target="_blank" rel="noopener" href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
+                                    <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
                                     {% if apache_port != '443' %}
-                                        <p>If you run into issues with your domain being accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
+                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
                                     {% endif %}
-                                    <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
+                                    <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
                                 </details>
                             {% endif %}
 
@@ -138,7 +138,7 @@
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                         {% elseif borg_backup_mode == 'check' %}
-                                            <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
@@ -160,7 +160,7 @@
                                             </form>
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
-                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
+                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -191,7 +191,7 @@
 
                                 <p>
                                 Please enter the location of the backup archive on your host or a
-                                <a href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
+                                <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
                                 if stored remotely; and the encryption password of the backup archive below:
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
@@ -215,12 +215,12 @@
                         {% endif %}
                     {% endif %}
                     <h2>How to reset the AIO instance?</h2>
-                    <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
+                    <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
                 {% endif %}
 
                 {% if was_start_button_clicked == true %}
                     {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                        <p>You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
+                        <p>You are running the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
                     {% else %}
                         <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                     {% endif %}
@@ -247,7 +247,7 @@
                             {% endif %}
                             <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
                             {% if not hasBackupLocation %}
-                                <p>If your Nextcloud does not open when clicking the button above, see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
+                                <p>If your Nextcloud does not open when clicking the button above, see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
                             {% endif %}
                         {% else %}
                             {% if isAnyRestarting == false %}
@@ -280,7 +280,7 @@
                                             <span class="status running"></span>
                                             <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -290,7 +290,7 @@
                                             <span class="status success"></span>
                                             <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -300,7 +300,7 @@
                                             <span class="status error"></span>
                                             <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -322,7 +322,7 @@
                                 {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
                                     <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -334,11 +334,11 @@
                             {% if is_mastercontainer_update_available == true %}
                                 <p>⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.</p>
                                 {% if current_channel starts with 'latest' %}
-                                    <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
+                                    <p>You can find the changelog <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
                                 {% elseif current_channel starts with 'beta' %}
-                                    <p>You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
+                                    <p>You can find the changelog <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
                                 {% elseif current_channel starts with 'develop' %}
-                                    <p>You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
+                                    <p>You can find all changes <a target="_blank" rel="noopener" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                                 {% endif %}
                             {% endif %}
                             <form method="POST" action="/api/docker/stop" class="xhr">
@@ -399,7 +399,7 @@
                                 <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
                                 <p>
                                 To store backups remotely instead, fill in the
-                                <a href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
+                                <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -420,7 +420,7 @@
                                     {% if backup_exit_code > 0 %}
                                         <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
                                         {% if borg_backup_mode == "check" %}
-                                            <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
@@ -468,7 +468,7 @@
                                     <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
                                     <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
                                     <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
-                                    <p>The backup uses a tool called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
+                                    <p>The backup uses a tool called <a target="_blank" rel="noopener" href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
                                     <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
                                     {% if borg_remote_repo != '' %}
                                         <p>
@@ -482,9 +482,9 @@
                                         <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
                                     {% endif %}
                                     <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
-                                    <p>For information about backup retention, see <strong><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
+                                    <p>For information about backup retention, see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
                                     <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
-                                    <p>For further documentation and options on this backup solution refer to <strong><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
+                                    <p>For further documentation and options on this backup solution refer to <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
 
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>
@@ -514,7 +514,7 @@
 
                                         {% if has_backup_run_once == true %}
                                             <h3>Backup Viewer</h3>
-                                            <p>There is now a community container that allows to access your backups in a web session. See <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
+                                            <p>There is now a community container that allows to access your backups in a web session. See <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
 
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
@@ -571,7 +571,7 @@
                                                 <input type="submit" value="Submit additional backup locations" />
                                             </form>
                                             <p>Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!</p>
-                                            <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
+                                            <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
                                             <p>Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.</p>
                                             {% if additional_backup_directories != "" %}
                                                 <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
@@ -598,7 +598,7 @@
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input type="submit" value="Submit passphrase change" />
                                     </form>
-                                    <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
+                                    <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
                                 </details>
                             {% endif %}
                         {% endif %}
@@ -623,7 +623,7 @@
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
                                 </form>
-                                <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
+                                <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
                             {% else %}
                                 <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
                                 <form method="POST" action="/api/configuration" class="xhr">
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 07672ce3..7535ad93 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary>
     {% if was_start_button_clicked == true %}
-        <p>Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
-        <p>You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
+        <p>Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
+        <p>You can run Nextcloud's usual occ commands by following the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
     {% endif %}
 
     <p>
@@ -11,7 +11,7 @@
         {% else %}
             Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
         {% endif %}
-        See the <a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.
+        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.
     </p>
 
     <p>
@@ -20,13 +20,13 @@
         {% else %}
             The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
         {% endif %}
-        See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
+        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
 
-    <p>Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.</p>
+    <p>Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.</p>
 
-    <p>For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.</p>
+    <p>For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.</p>
 
-    <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
+    <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
 
     <p>
         {% if is_dri_device_enabled == true and is_nvidia_gpu_enabled == true %}
@@ -38,7 +38,7 @@
         {% else %}
             Hardware acceleration is not enabled. It's recommended to enable hardware transcoding for better performance.
         {% endif %}
-        See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud">hardware acceleration documentation</a> on how to change this.</p>
+        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud">hardware acceleration documentation</a> on how to change this.</p>
 
-    <p>For further documentation on AIO, refer to <strong><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
+    <p>For further documentation on AIO, refer to <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
 </details>
diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
index 22090dee..85ff877a 100644
--- a/php/templates/includes/backup-dirs.twig
+++ b/php/templates/includes/backup-dirs.twig
@@ -3,4 +3,4 @@
 <p>On Synology it could be <strong>/volume1/docker/nextcloud/backup</strong>.</p>
 <p>For macOS it may be <strong>/var/backup</strong>.</p>
 <p>On Windows it might be <strong>/run/desktop/mnt/host/c/backup</strong>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <strong>Please note</strong>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.</p>
-<p>Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.</p>
+<p>Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.</p>
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 6df95600..c218f8ee 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -1,5 +1,5 @@
 <h2>Optional containers</h2>
-<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
 {% if isAnyRunning == true %}
     <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
 {% else %}
@@ -50,7 +50,7 @@
             {% endif %}
         >
         <label for="fulltextsearch">
-            Fulltextsearch (needs ~1GB additional RAM, <a href="https://github.com/nextcloud/all-in-one/discussions/5768">does not work on Kernels without Seccomp</a>)
+            Fulltextsearch (needs ~1GB additional RAM, <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/5768">does not work on Kernels without Seccomp</a>)
             {% if is_fulltextsearch_enabled == false %}
                 . <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable
             {% endif %}
@@ -68,7 +68,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label>
+        <label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a target="_blank" rel="noopener" href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label>
     </p>
     <p>
         <input
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" rel="noopener" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
     {% if is_onlyoffice_enabled == true %}
     <p>
@@ -126,7 +126,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
+        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" rel="noopener" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
     </p>
     <p>
         <input
@@ -145,7 +145,7 @@
     <input id="options-form-submit" type="submit" value="Save changes" />
     <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
-<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true or is_x64_platform == false %}
     <script type="text/javascript" src="disable-clamav.js"></script>
 {% endif %}
diff --git a/php/templates/login.twig b/php/templates/login.twig
index cb33c8d3..adda1945 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -17,7 +17,7 @@
                 <input type="submit" class="button" value="Log in" />
             </form>
         {% else %}
-            <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+            <p>The login is blocked since Nextcloud is running.<br>Please use the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
             If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
         {% endif %}
     </div>

From 61b1576c92a1ed2e88277c85fa59243d8b823b43 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Feb 2025 23:12:59 +0100
Subject: [PATCH 2971/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 27c45154..b10a262d 100644
--- a/readme.md
+++ b/readme.md
@@ -81,7 +81,7 @@ Included are:
 | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
-> [!INFO]
+> [!NOTE]
 > The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.

From 072010467fad785d7872362502087cce1ca4a2a2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 19 Feb 2025 13:14:21 +0100
Subject: [PATCH 2972/3949] increase to 10.6.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 03fe7802..c48baeaf 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.6.0</h1>
+            <h1>Nextcloud AIO v10.6.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 64cd9acbce02cb2c7816671979b6b0bfcb79429c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Feb 2025 04:57:30 +0000
Subject: [PATCH 2973/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.12.3.1 to 24.04.12.4.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 8766eb32..e9ca4d01 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.3.1
+FROM collabora/code:24.04.12.4.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4e56d89ea66494f5efafdea21d809a98d863411a Mon Sep 17 00:00:00 2001
From: David Hund <david.hund@gmail.com>
Date: Fri, 21 Feb 2025 16:29:57 +0100
Subject: [PATCH 2974/3949] fix: `pihole/pihole@latest` Web Admin interface

See: https://github.com/nextcloud/all-in-one/discussions/6064

`pihole/pihole@latest` has been updated to `v6`,
breaking the Web Admin interface at (http://192.168.x.x:8573/admin)
(Pi-hole itself continues working fine, it seems)

**Cause:** V6 replaced `lighttpd` with an *embedded webserver*
and changed most `pi-hole.json` *environment variables*.

**Fix:** This PR updates the environment variables to match the new v6 configuration.

Stopping and starting the container will apply the changes and
should fix the Web Admin interface.

Signed-off-by: David Hund <david.hund@gmail.com>
---
 community-containers/pi-hole/pi-hole.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json
index 0f2f397b..2cecb9ec 100644
--- a/community-containers/pi-hole/pi-hole.json
+++ b/community-containers/pi-hole/pi-hole.json
@@ -28,9 +28,9 @@
             ],
             "environment": [
                 "TZ=%TIMEZONE%",
-                "WEBPASSWORD=%PIHOLE_WEBPASSWORD%",
-                "DNSMASQ_LISTENING=all",
-                "WEB_PORT=8573"
+                "FTLCONF_webserver_api_password=%PIHOLE_WEBPASSWORD%",
+                "FTLCONF_dns_listeningMode=all",
+                "FTLCONF_webserver_port=8573"
             ],
             "volumes": [
                 {

From 68e278d651ee924422bd6c707c3691a145d0eb27 Mon Sep 17 00:00:00 2001
From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
Date: Sat, 22 Feb 2025 17:11:43 -0500
Subject: [PATCH 2975/3949] Update readme.md

Add mention of jellyseerr at the beginning

Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 3c97c5b6..79d6935e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr by listening on `requests.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!

From 1325393805449af6478379bb93c9dbffd18542ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2025 04:47:06 +0000
Subject: [PATCH 2976/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-27 to 1.4.2-28.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 3825d6c8..19ac5176 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-27
+FROM clamav/clamav:1.4.2-28
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From c509118457e5845bc4e66be1bb61150840fb815b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2025 04:47:11 +0000
Subject: [PATCH 2977/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.3-alpine to 3.1.5-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index bad6ea3e..79bd22ac 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.3-alpine
+FROM haproxy:3.1.5-alpine
 
 # hadolint ignore=DL3002
 USER root

From 647c2ca93d138817aad655930cf4c84965f8e63b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2025 04:47:42 +0000
Subject: [PATCH 2978/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 16.7-alpine to 16.8-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index a537d0a2..7abeaedb 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
-FROM postgres:16.7-alpine
+FROM postgres:16.8-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 4837de43e051f98cb5eeb2cc1b3fe20cbfc22b67 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Feb 2025 10:23:24 +0100
Subject: [PATCH 2979/3949] remove `rel="noopener"` as it is implied by
 `target="_blank"`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/templates/admin.php                       |  2 +-
 php/templates/containers.twig                 | 86 +++++++++----------
 php/templates/includes/aio-config.twig        | 18 ++--
 php/templates/includes/backup-dirs.twig       |  2 +-
 .../includes/optional-containers.twig         | 12 +--
 php/templates/login.twig                      |  2 +-
 php/templates/setup.twig                      |  2 +-
 7 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/app/templates/admin.php b/app/templates/admin.php
index 8256dfab..df675cad 100644
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -11,6 +11,6 @@ declare(strict_types=1);
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
 	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2>
-	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br><br>
+	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank">Open Nextcloud AIO Interface ↗</a><br><br>
 	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cc038cf4..540f28fc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -60,11 +60,11 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}
-                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
+                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                     {% endif %}
                 {% endif %}
                 {% if has_update_available == false %}
@@ -75,13 +75,13 @@
                 <p><a href="" class="button reload">Reload ↻</a></p>
                 <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
             {% elseif isWatchtowerRunning == true %}
-                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)</p>
+                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                 <p><a href="" class="button reload">Reload ↻</a></p>
             {% else %}
                 {% if is_backup_container_running == false and domain == "" %}
                     {% if isDomaincheckRunning == false %}
                         <h2>Domaincheck container is not running</h2>
-                        <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
+                        <p>This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                     {% elseif is_mastercontainer_update_available == true %}
                         <h2>Mastercontainer update</h2>
                         <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
@@ -97,7 +97,7 @@
                             {{ include('includes/aio-config.twig') }}
                             <h2>New AIO instance</h2>
                             {% if apache_port == '443' %}
-                                <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
+                                <p>AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></strong>. Advice: have a detailed look at the changed docker run command for AIO.</p>
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
@@ -115,14 +115,14 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
-                                    <p>If you have a dynamic public IP-address, you can use e.g. <a target="_blank" rel="noopener" href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
-                                    <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
+                                    <p>If you have a dynamic public IP-address, you can use e.g. <a target="_blank" href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
+                                    <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
                                     {% if apache_port != '443' %}
-                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
+                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
                                     {% endif %}
-                                    <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
+                                    <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
                                 </details>
                             {% endif %}
 
@@ -134,11 +134,11 @@
                             {% if hasBackupLocation %}
                                 {% if borg_backup_mode in ['test', 'check'] %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                         {% elseif borg_backup_mode == 'check' %}
-                                            <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <p>The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
@@ -150,7 +150,7 @@
                                             </details>
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
                                             <form method="POST" action="/api/docker/backup-check" class="xhr">
@@ -160,7 +160,7 @@
                                             </form>
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
-                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
+                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -175,7 +175,7 @@
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                     {% endif %}
                                 {% endif %}
@@ -191,7 +191,7 @@
 
                                 <p>
                                 Please enter the location of the backup archive on your host or a
-                                <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
+                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
                                 if stored remotely; and the encryption password of the backup archive below:
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
@@ -215,19 +215,19 @@
                         {% endif %}
                     {% endif %}
                     <h2>How to reset the AIO instance?</h2>
-                    <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
+                    <p>If something should be going wrong, for example during the initial installation, you can reset the instance by following <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance">this documentation</a>.</p>
                 {% endif %}
 
                 {% if was_start_button_clicked == true %}
                     {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                        <p>You are running the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)</p>
+                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                     {% else %}
                         <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                     {% endif %}
                 {% endif %}
 
                 {% if is_backup_container_running == true %}
-                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                     <p><a href="" class="button reload">Reload ↻</a></p>
                 {% endif %}
 
@@ -245,9 +245,9 @@
                             {% else %}
                                 <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
                             {% endif %}
-                            <p><a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a></p>
+                            <p><a href="https://{{ domain }}" class="button" target="_blank">Open your Nextcloud ↗</a></p>
                             {% if not hasBackupLocation %}
-                                <p>If your Nextcloud does not open when clicking the button above, see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
+                                <p>If your Nextcloud does not open when clicking the button above, see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></strong></p>
                             {% endif %}
                         {% else %}
                             {% if isAnyRestarting == false %}
@@ -278,9 +278,9 @@
                                     <li>
                                         {% if container.GetStartingState().value == 'starting' %}
                                             <span class="status running"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Starting</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -288,9 +288,9 @@
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
                                             <span class="status success"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Running</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -298,9 +298,9 @@
                                             </span>
                                         {% else %}
                                             <span class="status error"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
+                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Stopped</a>)
                                             {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" rel="noopener" href="{{ container.GetDocumentation() }}">docs</a>)
+                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
                                             {% if container.GetUiSecret() != '' %}
                                                 (password: {{ container.GetUiSecret() }})
@@ -322,7 +322,7 @@
                                 {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
                                     <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -334,11 +334,11 @@
                             {% if is_mastercontainer_update_available == true %}
                                 <p>⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.</p>
                                 {% if current_channel starts with 'latest' %}
-                                    <p>You can find the changelog <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
+                                    <p>You can find the changelog <a target="_blank" href="https://github.com/nextcloud/all-in-one/releases/latest"><strong>here</strong></a></p>
                                 {% elseif current_channel starts with 'beta' %}
-                                    <p>You can find the changelog <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
+                                    <p>You can find the changelog <a target="_blank" href="https://github.com/nextcloud/all-in-one/releases"><strong>here</strong></a></p>
                                 {% elseif current_channel starts with 'develop' %}
-                                    <p>You can find all changes <a target="_blank" rel="noopener" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
+                                    <p>You can find all changes <a target="_blank" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                                 {% endif %}
                             {% endif %}
                             <form method="POST" action="/api/docker/stop" class="xhr">
@@ -399,7 +399,7 @@
                                 <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
                                 <p>
                                 To store backups remotely instead, fill in the
-                                <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
+                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -418,9 +418,9 @@
                                 {% if is_backup_container_running == false %}
                                     <h2>Backup and restore</h2>
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == "check" %}
-                                            <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" rel="noopener" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
+                                            <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
@@ -452,9 +452,9 @@
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
                                         {% if borg_backup_mode == "backup" %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% else %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% endif %}
                                     {% endif %}
                                 {% endif %}
@@ -468,7 +468,7 @@
                                     <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
                                     <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
                                     <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
-                                    <p>The backup uses a tool called <a target="_blank" rel="noopener" href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
+                                    <p>The backup uses a tool called <a target="_blank" href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
                                     <p>By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.</p>
                                     {% if borg_remote_repo != '' %}
                                         <p>
@@ -482,9 +482,9 @@
                                         <p>Backups will be created in the following directory on the host: <strong>{{ borg_backup_host_location }}/borg</strong></p>
                                     {% endif %}
                                     <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
-                                    <p>For information about backup retention, see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
+                                    <p>For information about backup retention, see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
                                     <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
-                                    <p>For further documentation and options on this backup solution refer to <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
+                                    <p>For further documentation and options on this backup solution refer to <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
 
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>
@@ -514,7 +514,7 @@
 
                                         {% if has_backup_run_once == true %}
                                             <h3>Backup Viewer</h3>
-                                            <p>There is now a community container that allows to access your backups in a web session. See <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
+                                            <p>There is now a community container that allows to access your backups in a web session. See <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
 
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
@@ -571,7 +571,7 @@
                                                 <input type="submit" value="Submit additional backup locations" />
                                             </form>
                                             <p>Each line and entry needs to start with a slash or letter/digit. Only <strong>a-z</strong>, <strong>A-Z</strong>, <strong>.</strong>, <strong>0-9</strong>, <strong>_</strong>, <strong>-</strong>, and <strong>/</strong> are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are <strong>/directory/on/the/host</strong> and <strong>my_custom_docker_volume</strong>. You need to make sure that all given directories exist or the backup container will fail to start!</p>
-                                            <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
+                                            <p>Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing <strong>/</strong> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a></p>
                                             <p>Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.</p>
                                             {% if additional_backup_directories != "" %}
                                                 <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
@@ -598,7 +598,7 @@
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input type="submit" value="Submit passphrase change" />
                                     </form>
-                                    <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
+                                    <p>The new passphrase needs to be at least 24 characters long. Allowed characters are the <a target="_blank" href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><strong>latin characters</strong></a> <strong>a-z</strong>, <strong>A-Z</strong>, <strong>0-9</strong> and <strong>spaces</strong>.</p>
                                 </details>
                             {% endif %}
                         {% endif %}
@@ -623,7 +623,7 @@
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column. If the timezone is not valid, it will break the startup since the database will not be correctly initialized and you will end up in a startup loop.')" />
                                 </form>
-                                <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" rel="noopener" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
+                                <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
                             {% else %}
                                 <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
                                 <form method="POST" action="/api/configuration" class="xhr">
diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 7535ad93..981d7997 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -1,8 +1,8 @@
 <details>
     <summary>Click here to view the current AIO config and documentation links</summary>
     {% if was_start_button_clicked == true %}
-        <p>Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
-        <p>You can run Nextcloud's usual occ commands by following the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
+        <p>Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.</p>
+        <p>You can run Nextcloud's usual occ commands by following the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></strong>.</p>
     {% endif %}
 
     <p>
@@ -11,7 +11,7 @@
         {% else %}
             Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
         {% endif %}
-        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.
+        See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.
     </p>
 
     <p>
@@ -20,13 +20,13 @@
         {% else %}
             The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
         {% endif %}
-        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
+        See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.</p>
 
-    <p>Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.</p>
+    <p>Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.</p>
 
-    <p>For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.</p>
+    <p>For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.</p>
 
-    <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
+    <p>Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.</p>
 
     <p>
         {% if is_dri_device_enabled == true and is_nvidia_gpu_enabled == true %}
@@ -38,7 +38,7 @@
         {% else %}
             Hardware acceleration is not enabled. It's recommended to enable hardware transcoding for better performance.
         {% endif %}
-        See the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud">hardware acceleration documentation</a> on how to change this.</p>
+        See the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud">hardware acceleration documentation</a> on how to change this.</p>
 
-    <p>For further documentation on AIO, refer to <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
+    <p>For further documentation on AIO, refer to <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></strong>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></strong>.</p>
 </details>
diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig
index 85ff877a..390bf69c 100644
--- a/php/templates/includes/backup-dirs.twig
+++ b/php/templates/includes/backup-dirs.twig
@@ -3,4 +3,4 @@
 <p>On Synology it could be <strong>/volume1/docker/nextcloud/backup</strong>.</p>
 <p>For macOS it may be <strong>/var/backup</strong>.</p>
 <p>On Windows it might be <strong>/run/desktop/mnt/host/c/backup</strong>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ <strong>Please note</strong>: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.</p>
-<p>Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.</p>
+<p>Another option is to enter a specific volume name here: <strong>nextcloud_aio_backupdir</strong>. This volume needs to be created beforehand manually by you in order to be able to use it. See <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-create-the-backup-volume-on-windows">this documentation</a> for an example.</p>
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index c218f8ee..60efcc5e 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -1,5 +1,5 @@
 <h2>Optional containers</h2>
-<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
 {% if isAnyRunning == true %}
     <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
 {% else %}
@@ -50,7 +50,7 @@
             {% endif %}
         >
         <label for="fulltextsearch">
-            Fulltextsearch (needs ~1GB additional RAM, <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/5768">does not work on Kernels without Seccomp</a>)
+            Fulltextsearch (needs ~1GB additional RAM, <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/5768">does not work on Kernels without Seccomp</a>)
             {% if is_fulltextsearch_enabled == false %}
                 . <strong>Please note:</strong> the initial indexing can take a long time during which Nextcloud will be unavailable
             {% endif %}
@@ -68,7 +68,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a target="_blank" rel="noopener" href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label>
+        <label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp. Imaginary is currently <a target="_blank" href="https://github.com/nextcloud/server/issues/34262">incompatible with server-side-encryption</a>)</label>
     </p>
     <p>
         <input
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" rel="noopener" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
     {% if is_onlyoffice_enabled == true %}
     <p>
@@ -126,7 +126,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" rel="noopener" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
+        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
     </p>
     <p>
         <input
@@ -145,7 +145,7 @@
     <input id="options-form-submit" type="submit" value="Save changes" />
     <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
-<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true or is_x64_platform == false %}
     <script type="text/javascript" src="disable-clamav.js"></script>
 {% endif %}
diff --git a/php/templates/login.twig b/php/templates/login.twig
index adda1945..cf5cc0c3 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -17,7 +17,7 @@
                 <input type="submit" class="button" value="Log in" />
             </form>
         {% else %}
-            <p>The login is blocked since Nextcloud is running.<br>Please use the <a target="_blank" rel="noopener" href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
+            <p>The login is blocked since Nextcloud is running.<br>Please use the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><strong>automatic login</strong></a> from your Nextcloud.<br><br>
             If that is not possible, you can unblock the login by running<br><strong>sudo docker stop nextcloud-aio-apache</strong></p>
         {% endif %}
     </div>
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index b4761425..ac8063a2 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -11,6 +11,6 @@
         <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
         <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
         <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
-        <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
+        <a href="/" class="button" target="_blank">Open Nextcloud AIO login ↗</a>
     </div>
 {% endblock %}

From d74b0da0ee3b8bc9bc42f712a58c2685b4d2ee0f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 25 Feb 2025 12:59:30 +0000
Subject: [PATCH 2980/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 4 +++-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 3931dc76..a66038f9 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.5.0
+version: 10.6.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 782ba09b..df7a6f0b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250204_102259
+          image: nextcloud/aio-apache:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8beccf20..ef33fcce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250204_102259
+          image: nextcloud/aio-clamav:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 7c6341de..f9efa705 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250204_102259
+          image: nextcloud/aio-collabora:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index f27bac21..7ff15db8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250204_102259
+          image: nextcloud/aio-postgresql:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ab8ba44a..8a7f661b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250204_102259
+          image: nextcloud/aio-fulltextsearch:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 302ed3b6..0ba476bf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250204_102259
+          image: nextcloud/aio-imaginary:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fbbb6fb2..d07960e3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250204_102259
+          image: nextcloud/aio-nextcloud:20250225_125724
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 2089d5bb..2121d95c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,7 +53,9 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20250204_102259
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-notify-push:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c10aed88..7ef6cc79 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250204_102259
+          image: nextcloud/aio-onlyoffice:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 0b338e86..72346b86 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250204_102259
+          image: nextcloud/aio-redis:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 64a71bf6..ac514adc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250204_102259
+          image: nextcloud/aio-talk:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 24a866ad..b34b3f71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250204_102259
+          image: nextcloud/aio-talk-recording:20250225_125724
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index f72b98a1..49f0e836 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250204_102259
+          image: nextcloud/aio-whiteboard:20250225_125724
           readinessProbe:
             exec:
               command:

From 2631b3922a966bcc2e538bca509567cfe7de05d2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Feb 2025 04:16:07 +0000
Subject: [PATCH 2981/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.25-scratch to 2.10.26-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index e050e926..2b3045b6 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.25-scratch AS nats
+FROM nats:2.10.26-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus

From 6764b03eebde9311bbe0a2d18b48815d11821f5e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 26 Feb 2025 12:03:08 +0000
Subject: [PATCH 2982/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 1cce5d4a..8bd74ba9 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2699,16 +2699,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.0.2",
+            "version": "2.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e"
+                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51087f87dcce2663e1fed4dfd4e56eccd580297e",
-                "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
+                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
                 "shasum": ""
             },
             "require": {
@@ -2740,9 +2740,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.2"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.1.0"
             },
-            "time": "2025-02-17T20:25:51+00:00"
+            "time": "2025-02-19T13:28:12+00:00"
         },
         {
             "name": "sebastian/diff",

From 147630df6d1529ca507de3365197341039091aa9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Feb 2025 13:33:37 +0100
Subject: [PATCH 2983/3949] make readme better readable by adjusting links

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 79d6935e..d6e63e41 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,15 +1,15 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr by listening on `requests.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
-- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
+- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
+- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
+- If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
+- If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 4e84080f568d45eb10afd4708dce4b80dbc22928 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Feb 2025 14:30:55 +0100
Subject: [PATCH 2984/3949] collabora: allow to configure additional options

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/latest.yml                     |  3 +-
 manual-install/sample.conf                    |  2 +-
 manual-install/update-yaml.sh                 |  8 +++++
 .../nextcloud-aio-collabora-deployment.yaml   |  5 +--
 nextcloud-aio-helm-chart/update-helm.sh       |  6 ++++
 nextcloud-aio-helm-chart/values.yaml          |  2 +-
 php/public/index.php                          |  1 +
 .../Controller/ConfigurationController.php    |  9 +++++
 php/src/Data/ConfigurationManager.php         | 36 +++++++++++++++++++
 php/src/Docker/DockerActionManager.php        |  5 +++
 .../includes/optional-containers.twig         | 22 ++++++++++++
 11 files changed, 94 insertions(+), 5 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 17bf7ad6..c16aee79 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -239,6 +239,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-collabora:
+    command: ${ADDITIONAL_COLLABORA_OPTIONS}
     image: nextcloud/aio-collabora:latest
     init: true
     healthcheck:
@@ -252,7 +253,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index de7dd709..9ee01ab1 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -24,8 +24,8 @@ WHITEBOARD_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
+ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 5a4af271..dc5e13f1 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -37,6 +37,7 @@ cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
 sed -i '/THIS_IS_AIO/d' containers.yml
+sed -i "s|%COLLABORA_SECCOMP_POLICY% ||g" containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
@@ -129,6 +130,13 @@ echo "$OUTPUT" > containers.yml
 sed -i '/container_name/d' containers.yml
 sed -i 's|^ $||' containers.yml
 
+# Additional config for collabora
+cat << EOL > /tmp/additional-collabora.config
+    command: \${ADDITIONAL_COLLABORA_OPTIONS}
+EOL
+sed -i "/^  nextcloud-aio-collabora:/r /tmp/additional-collabora.config" containers.yml
+sed -i "/^COLLABORA_DICTIONARIES.*/i ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax." sample.conf
+
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 echo "" >> containers.yml
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index f9efa705..ba8cb36a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -21,7 +21,8 @@ spec:
         io.kompose.service: nextcloud-aio-collabora
     spec:
       containers:
-        - env:
+        - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default [] }}
+          env:
             - name: DONT_GEN_SSL_CERT
               value: "1"
             - name: TZ
@@ -31,7 +32,7 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           image: nextcloud/aio-collabora:20250225_125724
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 6f54d824..6eb92c83 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -42,6 +42,7 @@ sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
 sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
+sed -i "s|\${ADDITIONAL_COLLABORA_OPTIONS}|ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER|" latest.yml
 sed -i "/name: nextcloud-aio/,$ d" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
@@ -467,6 +468,11 @@ EOL
 # shellcheck disable=SC1083
 find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS \}\}/" \{} \;
+
 cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index bbf597f3..f0897240 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -23,8 +23,8 @@ WHITEBOARD_ENABLED: "no"          # Setting this to "yes" (with quotes) enables
 
 APACHE_MAX_SIZE: "17179869184"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
+ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M          # Allows to adjust the fulltextsearch java options.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
diff --git a/php/public/index.php b/php/public/index.php
index e5823cb4..5e5c1896 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -114,6 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
+        'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 67463ab1..561334c8 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -134,6 +134,15 @@ readonly class ConfigurationController {
                 $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
             }
 
+            if (isset($request->getParsedBody()['delete_collabora_additional_options'])) {
+                $this->configurationManager->DeleteAdditionalCollaboraOptions();
+            }
+
+            if (isset($request->getParsedBody()['collabora_additional_options'])) {
+                $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? '';
+                $this->configurationManager->SetAdditionalCollaboraOptions($additionalCollaboraOptions);
+            }
+
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
                 $this->configurationManager->DeleteBorgBackupLocationVars();
             }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d8c0c8ec..2c0b79a8 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -950,6 +950,42 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetAdditionalCollaboraOptions(string $additionalCollaboraOptions) : void {
+        if ($additionalCollaboraOptions === "") {
+            throw new InvalidSettingConfigurationException("The additional options must not be empty!");
+        }
+
+        if (!preg_match("#^--o:#", $additionalCollaboraOptions)) {
+            throw new InvalidSettingConfigurationException("The entered options must start with '--o:'. So the config does not seem to be a valid!");
+        }
+
+        $config = $this->GetConfig();
+        $config['collabora_additional_options'] = $additionalCollaboraOptions;
+        $this->WriteConfig($config);
+    }
+
+    public function GetAdditionalCollaboraOptions() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['collabora_additional_options'])) {
+            $config['collabora_additional_options'] = '';
+        }
+
+        return $config['collabora_additional_options'];
+    }
+
+    public function GetAdditionalCollaboraOptionsArray() : array {
+        return explode(' ', $this->GetAdditionalCollaboraOptions());
+    }
+
+    public function DeleteAdditionalCollaboraOptions() : void {
+        $config = $this->GetConfig();
+        $config['collabora_additional_options'] = '';
+        $this->WriteConfig($config);
+    }
+
     public function GetApacheAdditionalNetwork() : string {
         $envVariableName = 'APACHE_ADDITIONAL_NETWORK';
         $configName = 'apache_additional_network';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a22b2efb..d3eace3d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -578,6 +578,11 @@ readonly class DockerActionManager {
         // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
+        // Special things for the collabora container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
+            if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
+                $requestBody['HostConfig']['Config']['Cmd'] = $this->configurationManager->GetAdditionalCollaboraOptionsArray();
+            }
         }
 
         if (count($mounts) > 0) {
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 60efcc5e..5b00a769 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -181,4 +181,26 @@
             <input type="submit" value="Reset collabora dictionaries" />
         </form>
     {% endif %}
+
+    <h3>Additional Collabora options</h3>
+
+    {% if collabora_additional_options == "" %}
+        <p>You can configure additional options for collabora below.</p>
+        <p>(This can be used for configuring the net.content_security_policy and more)</p>
+        <form method="POST" action="/api/configuration" class="xhr">
+            <input type="text" name="collabora_additional_options" />
+            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+            <input type="submit" value="Submit additional collabora options" />
+        </form>
+        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy="frame-ancestors *.example.com:*;"</strong>.</p>
+    {% else %}
+        <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
+        <form method="POST" action="/api/configuration" class="xhr">
+            <input type="hidden" name="delete_collabora_additional_options" value="yes"/>
+            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+            <input type="submit" value="Reset additional collabora options" />
+        </form>
+    {% endif %}
 {% endif %}

From 1759f14c376a2c4d3b8f148e068d8aeae99580ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Feb 2025 04:41:43 +0000
Subject: [PATCH 2985/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 27.5.1-cli to 28.0.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c7da9741..6379ba85 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.5.1-cli AS docker
+FROM docker:28.0.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From d01dc6ad8ad77549bfba2f683effbdca0d86e42a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 27 Feb 2025 11:42:44 +0100
Subject: [PATCH 2986/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ba8cb36a..64e1347a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -21,7 +21,7 @@ spec:
         io.kompose.service: nextcloud-aio-collabora
     spec:
       containers:
-        - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default [] }}
+        - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
           env:
             - name: DONT_GEN_SSL_CERT
               value: "1"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 6eb92c83..3c976773 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -471,7 +471,7 @@ find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployme
 # shellcheck disable=SC1083
 find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS \}\}/" \{} \;
+find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson \}\}/" \{} \;
 
 cat << EOL > /tmp/security.conf
             # The items below only work in container context

From 7e3b07e7820f66ab0a8c4159227fb179c828badd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Feb 2025 14:29:40 +0100
Subject: [PATCH 2987/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 3289e1b1..321cf5b4 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.0.1
+FROM onlyoffice/documentserver:8.3.1.1
 
 # USER root is probably used
 

From 91aeae98254258750479d009e7a339eaa2312ef8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Feb 2025 14:30:25 +0100
Subject: [PATCH 2988/3949] increase to 10.7.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 0a6b1452..6f007751 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.6.1</h1>
+            <h1>Nextcloud AIO v10.7.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From ace709c485e13bddc0bfd14328b75a23b8b4515b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Feb 2025 14:46:12 +0100
Subject: [PATCH 2989/3949] aio-interface: fix broken link

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6f007751..1124c51a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -484,7 +484,7 @@
                                     <p>Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.</p>
                                     <p>For information about backup retention, see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></strong>.</p>
                                     <p>Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.</p>
-                                    <p>For further documentation and options on this backup solution refer to <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></strong> and below.</p>
+                                    <p>For further documentation and options on this backup solution refer to <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one#backup">this section</a></strong> and below.</p>
 
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>

From 68ffa35d6f151499132b163153a47542f1924b86 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Feb 2025 14:49:35 +0100
Subject: [PATCH 2990/3949] Enable whiteboard by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2c0b79a8..038e9e10 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -170,10 +170,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }
 

From de053c9b7d5fd38ff50ab67c17ee1abdef47df84 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Feb 2025 15:14:22 +0100
Subject: [PATCH 2991/3949] DockerActionManager: fix setting CMD options for
 collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php  | 4 ----
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 038e9e10..60a95761 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -976,10 +976,6 @@ class ConfigurationManager
         return $config['collabora_additional_options'];
     }
 
-    public function GetAdditionalCollaboraOptionsArray() : array {
-        return explode(' ', $this->GetAdditionalCollaboraOptions());
-    }
-
     public function DeleteAdditionalCollaboraOptions() : void {
         $config = $this->GetConfig();
         $config['collabora_additional_options'] = '';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d3eace3d..48903d54 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -581,7 +581,7 @@ readonly class DockerActionManager {
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
-                $requestBody['HostConfig']['Config']['Cmd'] = $this->configurationManager->GetAdditionalCollaboraOptionsArray();
+                $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
             }
         }
 

From 0e88a15edb51990340322bca6146b05789350309 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 1 Mar 2025 20:57:21 +0100
Subject: [PATCH 2992/3949] Add container state component for improved status
 display and hide password by default

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/components/container-state.twig | 23 +++++++++++++
 php/templates/containers.twig                 | 34 +------------------
 2 files changed, 24 insertions(+), 33 deletions(-)
 create mode 100644 php/templates/components/container-state.twig

diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
new file mode 100644
index 00000000..cdf70016
--- /dev/null
+++ b/php/templates/components/container-state.twig
@@ -0,0 +1,23 @@
+{# @var c \App\Containers\Container #}
+<li>
+  {% if c.GetStartingState().value == 'starting' %}
+    <span class="status running"></span>
+  {% elseif c.GetRunningState().value == 'running' %}
+    <span class="status success"></span>
+  {% else %}
+    <span class="status error"></span>
+  {% endif %}
+  <span>
+    {{ c.GetDisplayName() }}
+    (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+    {% if c.GetDocumentation() != '' %}
+      (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
+    {% endif %}
+  </span>
+  {% if c.GetUiSecret() != '' %}
+    <details>
+      <summary>Show password</summary>
+      <p>{{ c.GetUiSecret() }}</p>
+    </details>
+  {% endif %}
+</li>
\ No newline at end of file
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1124c51a..96687dac 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -275,39 +275,7 @@
                             {# @var containers \AIO\Container\Container[] #}
                             {% for container in containers %}
                                 {% if container.GetDisplayName() != '' %}
-                                    <li>
-                                        {% if container.GetStartingState().value == 'starting' %}
-                                            <span class="status running"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Starting</a>)
-                                            {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
-                                            {% endif %}
-                                            {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }})
-                                            {% endif %}
-                                            </span>
-                                        {% elseif container.GetRunningState().value == 'running' %}
-                                            <span class="status success"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Running</a>)
-                                            {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
-                                            {% endif %}
-                                            {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }})
-                                            {% endif %}
-                                            </span>
-                                        {% else %}
-                                            <span class="status error"></span>
-                                            <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank">Stopped</a>)
-                                            {% if container.GetDocumentation() != '' %}
-                                                (<a target="_blank" href="{{ container.GetDocumentation() }}">docs</a>)
-                                            {% endif %}
-                                            {% if container.GetUiSecret() != '' %}
-                                                (password: {{ container.GetUiSecret() }})
-                                            {% endif %}
-                                            </span>
-                                        {% endif %}
-                                    </li>
+                                    {% include 'components/container-state.twig'  with {'c': container} only %}
                                 {% endif %}
                             {% endfor %}
                         </ul>

From bf4636e8d636da72be047d7cd888e420512f78af Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 05:07:02 +0000
Subject: [PATCH 2993/3949] build(deps): bump clamav/clamav in
 /Containers/clamav

Bumps clamav/clamav from 1.4.2-28 to 1.4.2-29.

---
updated-dependencies:
- dependency-name: clamav/clamav
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 19ac5176..22227b71 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-28
+FROM clamav/clamav:1.4.2-29
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

From a7861f2dca405e6787fcdbab24789ee4b90dd663 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Mar 2025 04:16:08 +0000
Subject: [PATCH 2994/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.12.4.1 to 24.04.13.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e9ca4d01..c4d76b3b 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.4.1
+FROM collabora/code:24.04.13.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4893a0dfc1c70c1ddea33d08086228df03ea9324 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Mar 2025 04:59:57 +0000
Subject: [PATCH 2995/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.17.2 to 8.17.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 96da0281..8cdaef6a 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.2
+FROM elasticsearch:8.17.3
 
 USER root
 

From 0a4eac4d4b68947b9347bd21694f4e0d27eba892 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Mar 2025 05:00:04 +0000
Subject: [PATCH 2996/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.0-alpine3.21 to 1.24.1-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index dfa97d11..9d2fd11d 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.0-alpine3.21 AS go
+FROM golang:1.24.1-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From c2ac5c64d61f282662fe81b97f52091c1305fce2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Mar 2025 11:21:32 +0100
Subject: [PATCH 2997/3949] helm-chart: add docs that ingress is not built-in

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index 061a7073..edf6c779 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -3,6 +3,9 @@
 > [!NOTE]
 > For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
 
+> [!IMPORTANT]
+> This Helm-Chart is not intended to be used with Ingress as it handles TLS itself via the built-in apache container and exposes a Loadbalancer port itself on the Cluster. See the [apache service](https://github.com/nextcloud/all-in-one/blob/main/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml). However if the Cluster is used behind NAT, you can adjust `APACHE_PORT` to a different one than 443 and do the TLS offloading on an external Reverse Proxy that forwards the traffic to the configured port via http. If you really need the Ingress feature, please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/) as we offer an enterprise-ready and scalable deployment method based on Helm Charts that also allows Ingress to be used.
+
 You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below.
 
 ### Advantages

From 88127f607b1f90315e63316240f4a2ecf453a003 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 5 Mar 2025 12:03:06 +0000
Subject: [PATCH 2998/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8bd74ba9..6d56b219 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.8",
+            "version": "7.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a"
+                "reference": "d8480267f5cf239650debba704f3ecd15b638cde"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
-                "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d8480267f5cf239650debba704f3ecd15b638cde",
+                "reference": "d8480267f5cf239650debba704f3ecd15b638cde",
                 "shasum": ""
             },
             "require": {
@@ -583,7 +583,7 @@
                 "friendsofphp/proxy-manager-lts": "^1",
                 "mnapoli/phpunit-easymock": "^1.3",
                 "phpunit/phpunit": "^9.6",
-                "vimeo/psalm": "^4.6"
+                "vimeo/psalm": "^5|^6"
             },
             "suggest": {
                 "friendsofphp/proxy-manager-lts": "Install it if you want to use lazy injection (version ^1)"
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.8"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.9"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-28T21:02:46+00:00"
+            "time": "2025-02-28T12:46:35+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From f55ef08c7333b97e713a6ed775aa9a325fccdafa Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 5 Mar 2025 12:04:12 +0000
Subject: [PATCH 2999/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 2b3045b6..5058d449 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus
 
-ARG JANUS_VERSION=v1.3.0
+ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \

From a03622ce0a5ccc542532c7cc33d350d73fea0db5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 6 Mar 2025 09:37:11 +0000
Subject: [PATCH 3000/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml               | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml                | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml      | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml          | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a66038f9..a1bdc687 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.6.1
+version: 10.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index df7a6f0b..8c67e748 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250225_125724
+          image: nextcloud/aio-apache:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index ef33fcce..8ed76d31 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250225_125724
+          image: nextcloud/aio-clamav:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 64e1347a..08140b21 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250225_125724
+          image: nextcloud/aio-collabora:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 7ff15db8..b96ddbb1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250225_125724
+          image: nextcloud/aio-postgresql:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8a7f661b..3df053ec 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250225_125724
+          image: nextcloud/aio-fulltextsearch:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 0ba476bf..ed389199 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250225_125724
+          image: nextcloud/aio-imaginary:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d07960e3..d2bd1318 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250225_125724
+          image: nextcloud/aio-nextcloud:20250306_093458
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 2121d95c..baab420b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-notify-push:20250225_125724
+          image: nextcloud/aio-notify-push:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 7ef6cc79..c04fd568 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250225_125724
+          image: nextcloud/aio-onlyoffice:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 72346b86..e7a757fb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250225_125724
+          image: nextcloud/aio-redis:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index ac514adc..e379d8f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250225_125724
+          image: nextcloud/aio-talk:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index b34b3f71..920cae8c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250225_125724
+          image: nextcloud/aio-talk-recording:20250306_093458
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 49f0e836..c6b25598 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250225_125724
+          image: nextcloud/aio-whiteboard:20250306_093458
           readinessProbe:
             exec:
               command:

From 0615fe22504ae47178d49ee9f20a684551cbf40e Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 6 Mar 2025 12:40:10 +0100
Subject: [PATCH 3001/3949] fix: handle custom database users in the
 notify_push container

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 Containers/notify-push/start.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index eda094d1..d93be21c 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -60,8 +60,13 @@ elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
     exit 1
 fi
 
+# Use the correct Postgres username
+if [ "$POSTGRES_USER" = nextcloud ]; then
+    POSTGRES_USER="oc_$POSTGRES_USER"
+fi
+
 # Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 30b9a05263d44eac0bdc0310df5cfe392447237f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 14:00:17 +0100
Subject: [PATCH 3002/3949] adjust detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/notify-push/start.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index d93be21c..e1bbf974 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -63,6 +63,7 @@ fi
 # Use the correct Postgres username
 if [ "$POSTGRES_USER" = nextcloud ]; then
     POSTGRES_USER="oc_$POSTGRES_USER"
+    export POSTGRES_USER
 fi
 
 # Set sensitive values as env

From 06b31c5680d1204e4c6c142deb21e84fee3e27bb Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 6 Mar 2025 15:54:53 +0100
Subject: [PATCH 3003/3949] Update
 php/templates/components/container-state.twig

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/components/container-state.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index cdf70016..a79db31e 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -16,7 +16,7 @@
   </span>
   {% if c.GetUiSecret() != '' %}
     <details>
-      <summary>Show password</summary>
+      <summary>Show password for {{ c.GetDisplayName() }}</summary>
       <p>{{ c.GetUiSecret() }}</p>
     </details>
   {% endif %}

From e6bf224a9a38c704c1136f470d220cc51c0ca468 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 6 Mar 2025 16:00:39 +0100
Subject: [PATCH 3004/3949] Fix request

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/templates/components/container-state.twig | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index a79db31e..8bc8c559 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -1,15 +1,19 @@
 {# @var c \App\Containers\Container #}
 <li>
-  {% if c.GetStartingState().value == 'starting' %}
-    <span class="status running"></span>
-  {% elseif c.GetRunningState().value == 'running' %}
-    <span class="status success"></span>
-  {% else %}
-    <span class="status error"></span>
-  {% endif %}
   <span>
-    {{ c.GetDisplayName() }}
-    (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+    {% if c.GetRunningState().value == 'running' %}
+      <span class="status success"></span>
+      {{ c.GetDisplayName() }}
+      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
+    {% elseif c.GetStartingState().value == 'starting' %}
+      <span class="status running"></span>
+      {{ c.GetDisplayName() }}
+      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+    {% else %}
+      <span class="status error"></span>
+      {{ c.GetDisplayName() }}
+      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+    {% endif %}
     {% if c.GetDocumentation() != '' %}
       (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
     {% endif %}
@@ -17,7 +21,7 @@
   {% if c.GetUiSecret() != '' %}
     <details>
       <summary>Show password for {{ c.GetDisplayName() }}</summary>
-      <p>{{ c.GetUiSecret() }}</p>
+      <input type="text" value="{{ c.GetUiSecret() }}" readonly>
     </details>
   {% endif %}
 </li>
\ No newline at end of file

From 9e95d966569b8b2b3e9c2d4db28e2fb900fbb56c Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 6 Mar 2025 16:00:53 +0100
Subject: [PATCH 3005/3949] Merge pull request #6094 from
 nextcloud/clamav-alpine-aarch64

clamav: build the container also for aarch64/arm64 by using the alpine package
---
 Containers/clamav/Dockerfile                  | 37 +++++++++----------
 Containers/clamav/clamav.conf                 |  5 ---
 Containers/clamav/healthcheck.sh              |  9 +++++
 Containers/clamav/start.script                |  4 --
 Containers/clamav/start.sh                    |  5 +++
 Containers/clamav/supervisord.conf            | 21 +++++++++++
 Containers/whiteboard/Dockerfile              |  3 +-
 manual-install/readme.md                      |  6 +--
 manual-install/update-yaml.sh                 |  2 +-
 php/containers.json                           | 11 +++---
 php/public/index.php                          |  1 -
 php/src/Data/ConfigurationManager.php         |  8 +---
 .../includes/optional-containers.twig         |  6 +--
 readme.md                                     |  2 +-
 14 files changed, 69 insertions(+), 51 deletions(-)
 delete mode 100644 Containers/clamav/clamav.conf
 create mode 100644 Containers/clamav/healthcheck.sh
 delete mode 100644 Containers/clamav/start.script
 create mode 100644 Containers/clamav/start.sh
 create mode 100644 Containers/clamav/supervisord.conf

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 22227b71..9f86f5f9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,28 +1,25 @@
 # syntax=docker/dockerfile:latest
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-29
-
-COPY clamav.conf /clamav.conf
-COPY --chmod=775 start.script /start.script
+FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata bash; \
-    mkdir -p /var/run/clamav /run/lock; \
-    chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
-    sed -i "/^set -eu/r /start.script" /init-unprivileged; \
-    rm /start.script; \
-    grep -q 'clamd --foreground &' /init-unprivileged; \
-    sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \
-    cat /init-unprivileged
+    apk add --no-cache tzdata clamav supervisord; \
+    mkdir /run/clamav; \
+    chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
+    freshclam --foreground --stdout
 
-VOLUME /var/lib/clamav
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
 
 USER 100
-
+VOLUME /var/lib/clamav
+ENTRYPOINT ["/start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false"
-
-HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh
-
-ENTRYPOINT ["/init-unprivileged"]
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf
deleted file mode 100644
index b32636ba..00000000
--- a/Containers/clamav/clamav.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# AIO settings
-MaxDirectoryRecursion 30
-MaxFileSize 16G
-PCREMaxFileSize 16G
-StreamMaxLength 16G
diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh
new file mode 100644
index 00000000..cef67500
--- /dev/null
+++ b/Containers/clamav/healthcheck.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+
+if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
+	echo "ERROR: Unable to contact server"
+	exit 1
+fi
+
+echo "Clamd is up"
+exit 0
diff --git a/Containers/clamav/start.script b/Containers/clamav/start.script
deleted file mode 100644
index da228462..00000000
--- a/Containers/clamav/start.script
+++ /dev/null
@@ -1,4 +0,0 @@
-# Adjust settings
-cat /etc/clamav/clamd.conf > /tmp/clamd.conf
-CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)"
-echo "$CLAMAV_FILE" >> /tmp/clamd.conf
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
new file mode 100644
index 00000000..fb7c8bd8
--- /dev/null
+++ b/Containers/clamav/start.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
+
+exec "$@"
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
new file mode 100644
index 00000000..a5475bce
--- /dev/null
+++ b/Containers/clamav/supervisord.conf
@@ -0,0 +1,21 @@
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:freshclam]
+stdout_logfile=NONE
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=freshclam --foreground --stdout --daemon
+
+[program:clamd]
+stdout_logfile=NONE
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=clamd --foreground --config-file=/tmp/clamd.conf
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 1000ecbb..c208a403 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -5,7 +5,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
 USER root
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache bash
+    apk add --no-cache bash; \
+    chmod 777 -R /tmp
 USER 65534
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/manual-install/readme.md b/manual-install/readme.md
index 9bf34c9c..874a5b4b 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -24,7 +24,7 @@ First, install docker and docker-compose (v2) if not already done. Then simply r
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).<br>
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.<br>
 ⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612).
 
 Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
@@ -32,9 +32,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
 Now you should be ready to go with `sudo docker compose up`.
 
 ## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
 
-For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64).
+For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`.
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index dc5e13f1..70d14b4e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -75,7 +75,7 @@ do
 done
 
 sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index cc60249a..4f218af2 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -642,7 +642,7 @@
       "init": false,
       "healthcheck": {
         "start_period": "60s",
-        "test": "clamdcheck.sh",
+        "test": "/healthcheck.sh",
         "interval": "30s",
         "timeout": "30s",
         "start_interval": "5s",
@@ -654,8 +654,7 @@
       "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
-        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%",
-        "CLAMD_STARTUP_TIMEOUT=90"
+        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%"
       ],
       "volumes": [
         {
@@ -670,9 +669,11 @@
       ],
       "read_only": true,
       "tmpfs": [
-        "/var/lock",
+        "/tmp",
         "/var/log/clamav",
-        "/tmp"
+        "/run/clamav",
+        "/var/log/supervisord",
+        "/var/run/supervisord"
       ],
       "cap_drop": [
         "NET_RAW"
diff --git a/php/public/index.php b/php/public/index.php
index 5e5c1896..a3ee8f7d 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -102,7 +102,6 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
         'backup_times' => $configurationManager->GetBackupTimes(),
         'current_channel' => $dockerActionManger->GetCurrentChannel(),
-        'is_x64_platform' => $configurationManager->isx64Platform(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 60a95761..7c7039af 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -132,7 +132,7 @@ class ConfigurationManager
         }
     }
 
-    public function isx64Platform() : bool {
+    private function isx64Platform() : bool {
         if (php_uname('m') === 'x86_64') {
             return true;
         } else {
@@ -140,11 +140,7 @@ class ConfigurationManager
         }
     }
 
-    public function isClamavEnabled() : bool {
-        if (!$this->isx64Platform()) {
-            return false;
-        }
-        
+    public function isClamavEnabled() : bool {        
         $config = $this->GetConfig();
         if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
             return true;
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 5b00a769..16fef91f 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -21,7 +21,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x86_64, needs ~1GB additional RAM)</label>
+        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, needs ~1GB additional RAM)</label>
     </p>
     <p>
         <input
@@ -146,10 +146,8 @@
     <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
-{% if isAnyRunning == true or is_x64_platform == false %}
-    <script type="text/javascript" src="disable-clamav.js"></script>
-{% endif %}
 {% if isAnyRunning == true %}
+    <script type="text/javascript" src="disable-clamav.js"></script>
     <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
     <script type="text/javascript" src="disable-talk.js"></script>
     <script type="text/javascript" src="disable-collabora.js"></script>
diff --git a/readme.md b/readme.md
index b10a262d..0eb92033 100644
--- a/readme.md
+++ b/readme.md
@@ -351,7 +351,7 @@ If you get an error during the domain validation which states that your ip-addre
 ### Which CPU architectures are supported?
 You can check this on Linux by running: `uname -m`
 - x86_64/x64/amd64
-- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
+- aarch64/arm64/armv8
 
 ### Disrecommended VPS providers
 - *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.

From 945f1341fd3df195e42d9aed378689ae7ccfde16 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 16:14:46 +0100
Subject: [PATCH 3006/3949] increase to 10.8.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 96687dac..1bbfc001 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.7.0</h1>
+            <h1>Nextcloud AIO v10.8.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 0b027648974bc48bcc7d89571b816d1dafb816e7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 16:17:56 +0100
Subject: [PATCH 3007/3949] fix supervisor package name

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 9f86f5f9..33bc538f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata clamav supervisord; \
+    apk add --no-cache tzdata clamav supervisor; \
     mkdir /run/clamav; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \

From 405fc57bf45df60aa2c319727ffc451692bd2f52 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 16:20:11 +0100
Subject: [PATCH 3008/3949] fix another detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 33bc538f..672bd7ce 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,7 +4,7 @@ FROM alpine:3.21.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache tzdata clamav supervisor; \
-    mkdir /run/clamav; \
+    mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \

From fe310624ed00cd1ea6c419105a06833ff381eb0d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 16:50:57 +0100
Subject: [PATCH 3009/3949] Revert "build(deps): bump collabora/code from
 24.04.12.4.1 to 24.04.13.1.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c4d76b3b..e9ca4d01 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.13.1.1
+FROM collabora/code:24.04.12.4.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From a661b488c3ab7a4598ff7a7a67881b5229982796 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 16:58:25 +0100
Subject: [PATCH 3010/3949] clamav: adjust a few more things

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 2 +-
 Containers/clamav/healthcheck.sh   | 2 +-
 Containers/clamav/start.sh         | 4 +++-
 Containers/clamav/supervisord.conf | 6 ++++--
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 672bd7ce..e79d452d 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata clamav supervisor; \
+    apk add --no-cache tzdata clamav supervisor bash; \
     mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh
index cef67500..fe8b5daa 100644
--- a/Containers/clamav/healthcheck.sh
+++ b/Containers/clamav/healthcheck.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/bash
 
 if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
 	echo "ERROR: Unable to contact server"
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index fb7c8bd8..fa10d0e5 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,5 +1,7 @@
-#!/usr/bin/env sh
+#!/bin/bash
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
 
+echo "Clamav started"
+
 exec "$@"
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index a5475bce..8f5c81a1 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -9,13 +9,15 @@ logfile_backups=10
 loglevel=error
 
 [program:freshclam]
-stdout_logfile=NONE
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=freshclam --foreground --stdout --daemon
 
 [program:clamd]
-stdout_logfile=NONE
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=clamd --foreground --config-file=/tmp/clamd.conf

From 8d1a4653a076b33a0b511096e57076ae356f663a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Mar 2025 17:35:44 +0100
Subject: [PATCH 3011/3949] container-state-template: change order to old logic
 as it is not interchangabel

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/components/container-state.twig | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index 8bc8c559..4cf5dd4e 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -1,14 +1,14 @@
 {# @var c \App\Containers\Container #}
 <li>
   <span>
-    {% if c.GetRunningState().value == 'running' %}
-      <span class="status success"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
-    {% elseif c.GetStartingState().value == 'starting' %}
+    {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
       {{ c.GetDisplayName() }}
       (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+    {% elseif c.GetRunningState().value == 'running' %}
+      <span class="status success"></span>
+      {{ c.GetDisplayName() }}
+      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
       {{ c.GetDisplayName() }}

From 113cd76c6a330f9cf45a1d25c1bb9c7d75efcba1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 8 Mar 2025 18:28:07 +0100
Subject: [PATCH 3012/3949] add workarround to NPMplus reverse proxy example to
 fix collabora #6104

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 52f917a2..4d47f283 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -478,7 +478,9 @@ Second, see these screenshots for a working config:
 
 ![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
 
-![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f)
+<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
+
+![grafik](https://github.com/user-attachments/assets/8cd25455-51fa-4e47-8af1-362bda8bb902)
 
 ![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
 

From 47df5053c8dc7c176b73d00155593f329cfade3b Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sat, 8 Mar 2025 18:30:29 +0100
Subject: [PATCH 3013/3949] Update reverse-proxy.md

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4d47f283..a2b00abd 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -478,14 +478,16 @@ Second, see these screenshots for a working config:
 
 ![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
 
-<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
+![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792)
 
-![grafik](https://github.com/user-attachments/assets/8cd25455-51fa-4e47-8af1-362bda8bb902)
+<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
 
 ![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
 
 ![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
 
+`proxy_set_header Accept-Encoding $http_accept_encoding;`
+
 ⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 

From be0a738e8ce2569eefe99c8482ff478f2409dff6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Mar 2025 17:27:28 +0100
Subject: [PATCH 3014/3949] community-containers: add smb-server

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/smbserver/readme.md      | 15 +++++
 community-containers/smbserver/smbserver.json | 60 +++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 community-containers/smbserver/readme.md
 create mode 100644 community-containers/smbserver/smbserver.json

diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md
new file mode 100644
index 00000000..d3380415
--- /dev/null
+++ b/community-containers/smbserver/readme.md
@@ -0,0 +1,15 @@
+## SMB-server
+This container bundles an SMB-server and allows to configure it via a graphical shell script.
+
+### Notes
+- This container should only be run in home networks
+- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in bash /smbserver.sh and you will see a graphical UI for configuring the smb-server interactively.
+- The config data of SMB-server will be automatically included in AIOs backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-smbserver/
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json
new file mode 100644
index 00000000..c6269134
--- /dev/null
+++ b/community-containers/smbserver/smbserver.json
@@ -0,0 +1,60 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-smbserver",
+            "display_name": "SMB-server",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver",
+            "image": "szaimen/aio-smbserver",
+            "image_tag": "v1",
+            "internal_port": "5803",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "",
+                    "port_number": "5803",
+                    "protocol": "tcp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "445",
+                    "protocol": "tcp"
+                },
+                {
+                    "ip_binding": "",
+                    "port_number": "139",
+                    "protocol": "tcp"
+                }
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_smbserver",
+                    "destination": "/smbserver",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/mnt/ncdata",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "/mnt",
+                    "writeable": true
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "WEB_AUTHENTICATION_USERNAME=smbserver",
+                "WEB_AUTHENTICATION_PASSWORD=%SMBSERVER_PASSWORD%",
+                "WEB_LISTENING_PORT=5803"
+            ],
+            "secrets": [
+                "SMBSERVER_PASSWORD"
+            ],
+            "ui_secret": "SMBSERVER_PASSWORD",
+            "backup_volumes": [
+                "nextcloud_aio_smbserver"
+            ]
+        }
+    ]
+}

From a6246f954496db44ef62e452d87fa701dcaad2a1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Mar 2025 19:12:45 +0100
Subject: [PATCH 3015/3949] Improve small detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/smbserver/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md
index d3380415..9886f4b2 100644
--- a/community-containers/smbserver/readme.md
+++ b/community-containers/smbserver/readme.md
@@ -4,7 +4,7 @@ This container bundles an SMB-server and allows to configure it via a graphical
 ### Notes
 - This container should only be run in home networks
 - This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
-- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in bash /smbserver.sh and you will see a graphical UI for configuring the smb-server interactively.
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively.
 - The config data of SMB-server will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

From e97d4b0a3e42ce4c1f37a711cb1de70b61c1dd47 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 13 Mar 2025 12:55:18 +0100
Subject: [PATCH 3016/3949] Add support for ghcr.io (#6134)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 .../helloworld/helloworld.json                |  12 ++
 community-containers/helloworld/readme.md     |   8 +
 php/containers-schema.json                    |   2 +-
 php/src/DependencyInjection.php               |   9 +-
 php/src/Docker/DockerActionManager.php        | 193 +++++++++---------
 .../Docker/GitHubContainerRegistryManager.php |  62 ++++++
 6 files changed, 183 insertions(+), 103 deletions(-)
 create mode 100644 community-containers/helloworld/helloworld.json
 create mode 100644 community-containers/helloworld/readme.md
 create mode 100644 php/src/Docker/GitHubContainerRegistryManager.php

diff --git a/community-containers/helloworld/helloworld.json b/community-containers/helloworld/helloworld.json
new file mode 100644
index 00000000..fed10008
--- /dev/null
+++ b/community-containers/helloworld/helloworld.json
@@ -0,0 +1,12 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-helloworld",
+            "display_name": "Hello world",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/helloworld",
+            "image": "ghcr.io/docjyj/aio-helloworld",
+            "image_tag": "%AIO_CHANNEL%",
+            "restart": "unless-stopped"
+        }
+    ]
+}
diff --git a/community-containers/helloworld/readme.md b/community-containers/helloworld/readme.md
new file mode 100644
index 00000000..83c557ac
--- /dev/null
+++ b/community-containers/helloworld/readme.md
@@ -0,0 +1,8 @@
+## Hello World
+This container is a template for creating a community container.
+
+### Repository
+https://github.com/docjyj/aio-helloworld
+
+### Maintainer
+https://github.com/docjyj
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 7a675e60..46782a33 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -15,7 +15,7 @@
 					"image": {
 						"type": "string",
 						"minLength": 1,
-						"pattern": "^[a-z0-9/-]+$"
+						"pattern": "^(ghcr.io/)?[a-z0-9/-]+$"
 					},
 					"expose": {
 						"type": "array",
diff --git a/php/src/DependencyInjection.php b/php/src/DependencyInjection.php
index e37a0917..1fedada8 100644
--- a/php/src/DependencyInjection.php
+++ b/php/src/DependencyInjection.php
@@ -4,6 +4,7 @@ namespace AIO;
 
 use AIO\Docker\DockerHubManager;
 use DI\Container;
+use AIO\Docker\GitHubContainerRegistryManager;
 
 class DependencyInjection
 {
@@ -15,6 +16,11 @@ class DependencyInjection
             new DockerHubManager()
         );
 
+        $container->set(
+            GitHubContainerRegistryManager::class,
+            new GitHubContainerRegistryManager()
+        );
+
         $container->set(
             \AIO\Data\ConfigurationManager::class,
             new \AIO\Data\ConfigurationManager()
@@ -24,7 +30,8 @@ class DependencyInjection
             new \AIO\Docker\DockerActionManager(
                 $container->get(\AIO\Data\ConfigurationManager::class),
                 $container->get(\AIO\ContainerDefinitionFetcher::class),
-                $container->get(DockerHubManager::class)
+                $container->get(DockerHubManager::class),
+                $container->get(GitHubContainerRegistryManager::class)
             )
         );
         $container->set(
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 48903d54..643b0f0e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -3,12 +3,12 @@
 namespace AIO\Docker;
 
 use AIO\Container\Container;
-use AIO\Container\VersionState;
 use AIO\Container\ContainerState;
+use AIO\Container\VersionState;
+use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
-use AIO\ContainerDefinitionFetcher;
 use http\Env\Response;
 
 readonly class DockerActionManager {
@@ -16,18 +16,19 @@ readonly class DockerActionManager {
     private Client $guzzleClient;
 
     public function __construct(
-        private ConfigurationManager  $configurationManager,
-        private ContainerDefinitionFetcher $containerDefinitionFetcher,
-        private DockerHubManager $dockerHubManager
+        private ConfigurationManager           $configurationManager,
+        private ContainerDefinitionFetcher     $containerDefinitionFetcher,
+        private DockerHubManager               $dockerHubManager,
+        private GitHubContainerRegistryManager $gitHubContainerRegistryManager
     ) {
         $this->guzzleClient = new Client(['curl' => [CURLOPT_UNIX_SOCKET_PATH => '/var/run/docker.sock']]);
     }
 
-    private function BuildApiUrl(string $url) : string {
+    private function BuildApiUrl(string $url): string {
         return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
     }
 
-    private function BuildImageName(Container $container) : string {
+    private function BuildImageName(Container $container): string {
         $tag = $container->GetImageTag();
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
@@ -35,8 +36,7 @@ readonly class DockerActionManager {
         return $container->GetContainerName() . ':' . $tag;
     }
 
-    public function GetContainerRunningState(Container $container) : ContainerState
-    {
+    public function GetContainerRunningState(Container $container): ContainerState {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
@@ -56,8 +56,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetContainerRestartingState(Container $container) : ContainerState
-    {
+    public function GetContainerRestartingState(Container $container): ContainerState {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
         try {
             $response = $this->guzzleClient->get($url);
@@ -77,8 +76,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetContainerUpdateState(Container $container) : VersionState
-    {
+    public function GetContainerUpdateState(Container $container): VersionState {
         $tag = $container->GetImageTag();
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
@@ -88,12 +86,12 @@ readonly class DockerActionManager {
         if ($runningDigests === null) {
             return VersionState::Different;
         }
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
         if ($remoteDigest === null) {
             return VersionState::Equal;
         }
 
-        foreach($runningDigests as $runningDigest) {
+        foreach ($runningDigests as $runningDigest) {
             if ($runningDigest === $remoteDigest) {
                 return VersionState::Equal;
             }
@@ -101,8 +99,7 @@ readonly class DockerActionManager {
         return VersionState::Different;
     }
 
-    public function GetContainerStartingState(Container $container) : ContainerState
-    {
+    public function GetContainerStartingState(Container $container): ContainerState {
         $runningState = $this->GetContainerRunningState($container);
         if ($runningState === ContainerState::Stopped || $runningState === ContainerState::ImageDoesNotExist) {
             return $runningState;
@@ -110,9 +107,9 @@ readonly class DockerActionManager {
 
         $containerName = $container->GetIdentifier();
         $internalPort = $container->GetInternalPort();
-        if($internalPort === '%APACHE_PORT%') {
+        if ($internalPort === '%APACHE_PORT%') {
             $internalPort = $this->configurationManager->GetApachePort();
-        } elseif($internalPort === '%TALK_PORT%') {
+        } elseif ($internalPort === '%TALK_PORT%') {
             $internalPort = $this->configurationManager->GetTalkPort();
         }
 
@@ -129,7 +126,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function DeleteContainer(Container $container) : void {
+    public function DeleteContainer(Container $container): void {
         $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier())));
         try {
             $this->guzzleClient->delete($url);
@@ -140,8 +137,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetLogs(string $id) : string
-    {
+    public function GetLogs(string $id): string {
         $url = $this->BuildApiUrl(
             sprintf(
                 'containers/%s/logs?stdout=true&stderr=true&timestamps=true',
@@ -162,7 +158,7 @@ readonly class DockerActionManager {
         return $response;
     }
 
-    public function StartContainer(Container $container) : void {
+    public function StartContainer(Container $container): void {
         $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
         try {
             $this->guzzleClient->post($url);
@@ -171,10 +167,9 @@ readonly class DockerActionManager {
         }
     }
 
-    public function CreateVolumes(Container $container): void
-    {
+    public function CreateVolumes(Container $container): void {
         $url = $this->BuildApiUrl('volumes/create');
-        foreach($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
             $forbiddenChars = [
                 '/',
             ];
@@ -184,7 +179,7 @@ readonly class DockerActionManager {
             }
 
             $firstChar = substr($volume->name, 0, 1);
-            if(!in_array($firstChar, $forbiddenChars)) {
+            if (!in_array($firstChar, $forbiddenChars)) {
                 $this->guzzleClient->request(
                     'POST',
                     $url,
@@ -198,7 +193,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function CreateContainer(Container $container) : void {
+    public function CreateContainer(Container $container): void {
         $volumes = [];
         foreach ($container->GetVolumes()->GetVolumes() as $volume) {
             // // NEXTCLOUD_MOUNT gets added via bind-mount later on
@@ -226,12 +221,12 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        foreach($container->GetSecrets() as $secret) {
+        foreach ($container->GetSecrets() as $secret) {
             $this->configurationManager->GetAndGenerateSecret($secret);
         }
 
         $aioVariables = $container->GetAioVariables()->GetVariables();
-        foreach($aioVariables as $variable) {
+        foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
             $variableArray = explode('=', $variable);
             $config[$variableArray[0]] = $variableArray[1];
@@ -244,7 +239,7 @@ readonly class DockerActionManager {
         if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
-        foreach($envs as $key => $env) {
+        foreach ($envs as $key => $env) {
             // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
             if (str_starts_with($env, 'extra_params=')) {
                 $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
@@ -256,12 +251,12 @@ readonly class DockerActionManager {
             // Original implementation
             $patterns = ['/%(.*)%/'];
 
-            if(preg_match($patterns[0], $env, $out) === 1) {
+            if (preg_match($patterns[0], $env, $out) === 1) {
                 $replacements = array();
 
-                if($out[1] === 'NC_DOMAIN') {
+                if ($out[1] === 'NC_DOMAIN') {
                     $replacements[1] = $this->configurationManager->GetDomain();
-                } elseif($out[1] === 'NC_BASE_DN') {
+                } elseif ($out[1] === 'NC_BASE_DN') {
                     $replacements[1] = $this->configurationManager->GetBaseDN();
                 } elseif ($out[1] === 'AIO_TOKEN') {
                     $replacements[1] = $this->configurationManager->GetToken();
@@ -391,10 +386,10 @@ readonly class DockerActionManager {
                     } else {
                         $replacements[1] = '';
                     }
-                // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+                    // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
                 } elseif ($out[1] === 'AIO_DATABASE_HOST') {
                     $replacements[1] = gethostbyname('nextcloud-aio-database');
-                // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+                    // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
                 } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
                     $replacements[1] = '';
                     $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
@@ -419,7 +414,7 @@ readonly class DockerActionManager {
             }
         }
 
-        if(count($envs) > 0) {
+        if (count($envs) > 0) {
             $requestBody['Env'] = $envs;
         }
 
@@ -429,7 +424,7 @@ readonly class DockerActionManager {
 
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {
-            foreach($container->GetPorts()->GetPorts() as $value) {
+            foreach ($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
@@ -449,7 +444,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['NetworkMode'] = 'host';
         }
 
-        if(count($exposedPorts) > 0) {
+        if (count($exposedPorts) > 0) {
             $requestBody['ExposedPorts'] = $exposedPorts;
             foreach ($container->GetPorts()->GetPorts() as $value) {
                 $port = $value->port;
@@ -474,16 +469,16 @@ readonly class DockerActionManager {
                 $portWithProtocol = $port . '/' . $protocol;
                 $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
                     [
-                    'HostPort' => $port,
-                    'HostIp' => $ipBinding,
+                        'HostPort' => $port,
+                        'HostIp' => $ipBinding,
                     ]
                 ];
             }
         }
 
         $devices = [];
-        foreach($container->GetDevices() as $device) {
-            if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
+        foreach ($container->GetDevices() as $device) {
+            if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) {
                 continue;
             }
             $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
@@ -510,7 +505,7 @@ readonly class DockerActionManager {
         }
 
         $tmpfs = [];
-        foreach($container->GetTmpfs() as $tmp) {
+        foreach ($container->GetTmpfs() as $tmp) {
             $mode = "";
             if (str_contains($tmp, ':')) {
                 $mode = explode(':', $tmp)[1];
@@ -519,7 +514,7 @@ readonly class DockerActionManager {
             $tmpfs[$tmp] = $mode;
         }
         if (count($tmpfs) > 0) {
-            $requestBody['HostConfig']['Tmpfs'] =  $tmpfs;
+            $requestBody['HostConfig']['Tmpfs'] = $tmpfs;
         }
 
         $requestBody['HostConfig']['Init'] = $container->GetInit();
@@ -563,22 +558,22 @@ readonly class DockerActionManager {
                     }
                 }
             }
-        // Special things for the talk container which should not be exposed in the containers.json
+            // Special things for the talk container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
-        // // Special things for the nextcloud container which should not be exposed in the containers.json
-        // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-        //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-        //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
-        //             continue;
-        //         }
-        //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
-        //     }
-        // Special things for the caddy community container
+            // // Special things for the nextcloud container which should not be exposed in the containers.json
+            // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+            //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+            //             continue;
+            //         }
+            //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
+            //     }
+            // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
-        // Special things for the collabora container which should not be exposed in the containers.json
+            // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
                 $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
@@ -604,13 +599,13 @@ readonly class DockerActionManager {
 
     }
 
-    public function isDockerHubReachable(Container $container) : bool {
+    public function isDockerHubReachable(Container $container): bool {
         $tag = $container->GetImageTag();
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
 
         if ($remoteDigest === null) {
             return false;
@@ -619,8 +614,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function PullImage(Container $container) : void
-    {
+    public function PullImage(Container $container): void {
         $imageName = $this->BuildImageName($container);
         $encodedImageName = urlencode($imageName);
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
@@ -643,8 +637,7 @@ readonly class DockerActionManager {
         }
     }
 
-    private function isContainerUpdateAvailable(string $id) : string
-    {
+    private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $updateAvailable = "";
@@ -657,7 +650,7 @@ readonly class DockerActionManager {
         return $updateAvailable;
     }
 
-    public function isAnyUpdateAvailable() : bool {
+    public function isAnyUpdateAvailable(): bool {
         // return early if instance is not installed
         if (!$this->configurationManager->wasStartButtonClicked()) {
             return false;
@@ -671,8 +664,7 @@ readonly class DockerActionManager {
         }
     }
 
-    private function getBackupVolumes(string $id) : string
-    {
+    private function getBackupVolumes(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $backupVolumes = '';
@@ -685,14 +677,13 @@ readonly class DockerActionManager {
         return $backupVolumes;
     }
 
-    private function getAllBackupVolumes() : array {
+    private function getAllBackupVolumes(): array {
         $id = 'nextcloud-aio-apache';
         $backupVolumesArray = explode(' ', $this->getBackupVolumes($id));
         return array_unique($backupVolumesArray);
     }
 
-    private function GetNextcloudExecCommands(string $id) : string
-    {
+    private function GetNextcloudExecCommands(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $nextcloudExecCommands = '';
@@ -705,13 +696,12 @@ readonly class DockerActionManager {
         return $nextcloudExecCommands;
     }
 
-    private function GetAllNextcloudExecCommands() : string
-    {
+    private function GetAllNextcloudExecCommands(): string {
         $id = 'nextcloud-aio-apache';
         return 'NEXTCLOUD_EXEC_COMMANDS=' . $this->GetNextcloudExecCommands($id);
     }
 
-    private function GetRepoDigestsOfContainer(string $containerName) : ?array {
+    private function GetRepoDigestsOfContainer(string $containerName): ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
             $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
@@ -732,7 +722,7 @@ readonly class DockerActionManager {
 
             $repoDigestArray = [];
             $oneDigestGiven = false;
-            foreach($imageOutput['RepoDigests'] as $repoDigest) {
+            foreach ($imageOutput['RepoDigests'] as $repoDigest) {
                 $digestPosition = strpos($repoDigest, '@');
                 if ($digestPosition === false) {
                     error_log('Somehow the RepoDigest of ' . $containerName . ' does not contain a @.');
@@ -752,10 +742,10 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetCurrentChannel() : string {
+    public function GetCurrentChannel(): string {
         $cacheKey = 'aio-ChannelName';
         $channelName = apcu_fetch($cacheKey);
-        if($channelName !== false && is_string($channelName)) {
+        if ($channelName !== false && is_string($channelName)) {
             return $channelName;
         }
 
@@ -765,7 +755,7 @@ readonly class DockerActionManager {
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
             $containerChecksum = $output['Image'];
             $tagArray = explode(':', $output['Config']['Image']);
-            if (count($tagArray) ===  2) {
+            if (count($tagArray) === 2) {
                 $tag = $tagArray[1];
             } else {
                 error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
@@ -780,8 +770,7 @@ readonly class DockerActionManager {
         return 'latest';
     }
 
-    public function IsMastercontainerUpdateAvailable() : bool
-    {
+    public function IsMastercontainerUpdateAvailable(): bool {
         $imageName = 'nextcloud/all-in-one';
         $containerName = 'nextcloud-aio-mastercontainer';
 
@@ -791,7 +780,7 @@ readonly class DockerActionManager {
         if ($runningDigests === null) {
             return true;
         }
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($imageName, $tag);
         if ($remoteDigest === null) {
             return false;
         }
@@ -804,8 +793,7 @@ readonly class DockerActionManager {
         return true;
     }
 
-    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
-    {
+    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
         if ($this->GetContainerStartingState($container) === ContainerState::Running) {
 
             $containerName = $container->GetIdentifier();
@@ -849,8 +837,7 @@ readonly class DockerActionManager {
         }
     }
 
-    private function DisconnectContainerFromBridgeNetwork(string $id) : void
-    {
+    private function DisconnectContainerFromBridgeNetwork(string $id): void {
 
         $url = $this->BuildApiUrl(
             sprintf('networks/%s/disconnect', 'bridge')
@@ -870,8 +857,7 @@ readonly class DockerActionManager {
         }
     }
 
-    private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias =  '') : void
-    {
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias = ''): void {
         if ($internalPort === 'host') {
             return;
         }
@@ -902,9 +888,9 @@ readonly class DockerActionManager {
         $url = $this->BuildApiUrl(
             sprintf('networks/%s/connect', $network)
         );
-        $jsonPayload = [ 'Container' => $id ];
-        if ($alias !== ''  ) {
-            $jsonPayload['EndpointConfig'] = ['Aliases' => [ $alias ]];
+        $jsonPayload = ['Container' => $id];
+        if ($alias !== '') {
+            $jsonPayload['EndpointConfig'] = ['Aliases' => [$alias]];
         }
 
         try {
@@ -923,15 +909,13 @@ readonly class DockerActionManager {
         }
     }
 
-    public function ConnectMasterContainerToNetwork() : void
-    {
+    public function ConnectMasterContainerToNetwork(): void {
         $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
         // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead.
         // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer');
     }
 
-    public function ConnectContainerToNetwork(Container $container) : void
-    {
+    public function ConnectContainerToNetwork(Container $container): void {
         // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible.
         // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain
         // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints.
@@ -947,7 +931,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function StopContainer(Container $container) : void {
+    public function StopContainer(Container $container): void {
         $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime()));
         try {
             $this->guzzleClient->post($url);
@@ -958,8 +942,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetBackupcontainerExitCode() : int
-    {
+    public function GetBackupcontainerExitCode(): int {
         $containerName = 'nextcloud-aio-borgbackup';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
         try {
@@ -981,8 +964,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetDatabasecontainerExitCode() : int
-    {
+    public function GetDatabasecontainerExitCode(): int {
         $containerName = 'nextcloud-aio-database';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
         try {
@@ -1004,7 +986,7 @@ readonly class DockerActionManager {
         }
     }
 
-    public function isLoginAllowed() : bool {
+    public function isLoginAllowed(): bool {
         $id = 'nextcloud-aio-apache';
         $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
         if ($this->GetContainerStartingState($apacheContainer) === ContainerState::Running) {
@@ -1013,7 +995,7 @@ readonly class DockerActionManager {
         return true;
     }
 
-    public function isBackupContainerRunning() : bool {
+    public function isBackupContainerRunning(): bool {
         $id = 'nextcloud-aio-borgbackup';
         $backupContainer = $this->containerDefinitionFetcher->GetContainerById($id);
         if ($this->GetContainerRunningState($backupContainer) === ContainerState::Running) {
@@ -1022,7 +1004,7 @@ readonly class DockerActionManager {
         return false;
     }
 
-    private function GetCreatedTimeOfNextcloudImage() : ?string {
+    private function GetCreatedTimeOfNextcloudImage(): ?string {
         $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
@@ -1039,11 +1021,11 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetAndGenerateSecretWrapper(string $secretId) : string {
+    public function GetAndGenerateSecretWrapper(string $secretId): string {
         return $this->configurationManager->GetAndGenerateSecret($secretId);
     }
 
-    public function isNextcloudImageOutdated() : bool {
+    public function isNextcloudImageOutdated(): bool {
         $createdTime = $this->GetCreatedTimeOfNextcloudImage();
 
         if ($createdTime === null) {
@@ -1057,4 +1039,13 @@ readonly class DockerActionManager {
 
         return false;
     }
+
+    public function GetLatestDigestOfTag(string $imageName, string $tag): ?string {
+        $prefix = 'ghcr.io/';
+        if (str_starts_with($imageName, $prefix)) {
+            return $this->gitHubContainerRegistryManager->GetLatestDigestOfTag(str_replace($prefix, '', $imageName), $tag);
+        } else {
+            return $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
+        }
+    }
 }
diff --git a/php/src/Docker/GitHubContainerRegistryManager.php b/php/src/Docker/GitHubContainerRegistryManager.php
new file mode 100644
index 00000000..d885ae09
--- /dev/null
+++ b/php/src/Docker/GitHubContainerRegistryManager.php
@@ -0,0 +1,62 @@
+<?php
+
+
+namespace AIO\Docker;
+
+use GuzzleHttp\Client;
+
+readonly class GitHubContainerRegistryManager
+{
+    private Client $guzzleClient;
+
+    public function __construct()
+    {
+        $this->guzzleClient = new Client();
+    }
+
+    public function GetLatestDigestOfTag(string $name, string $tag): ?string
+    {
+        $cacheKey = 'ghcr-manifest-' . $name . $tag;
+
+        $cachedVersion = apcu_fetch($cacheKey);
+        if ($cachedVersion !== false && is_string($cachedVersion)) {
+            return $cachedVersion;
+        }
+
+        // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
+
+        try {
+            $authTokenRequest = $this->guzzleClient->request(
+                'GET',
+                'https://ghcr.io/token?scope=repository:' . $name . ':pull'
+            );
+            $body = $authTokenRequest->getBody()->getContents();
+            $decodedBody = json_decode($body, true);
+            if (isset($decodedBody['token'])) {
+                $authToken = $decodedBody['token'];
+                $manifestRequest = $this->guzzleClient->request(
+                    'HEAD',
+                    'https://ghcr.io/v2/' . $name . '/manifests/' . $tag,
+                    [
+                        'headers' => [
+                            'Accept' => 'application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v2+json',
+                            'Authorization' => 'Bearer ' . $authToken,
+                        ],
+                    ]
+                );
+                $responseHeaders = $manifestRequest->getHeader('docker-content-digest');
+                if (count($responseHeaders) === 1) {
+                    $latestVersion = $responseHeaders[0];
+                    apcu_add($cacheKey, $latestVersion, 600);
+                    return $latestVersion;
+                }
+            }
+
+            error_log('Could not get digest of container ' . $name . ':' . $tag);
+            return null;
+        } catch (\Exception $e) {
+            error_log('Could not get digest of container ' . $name . ':' . $tag . ' ' . $e->getMessage());
+            return null;
+        }
+    }
+}

From 016dde1e47751cba0b823d6ec6fcfbf9371f5986 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 13 Mar 2025 13:02:19 +0100
Subject: [PATCH 3017/3949] Update docjyJ's community container images (#6157)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/nocodb/nocodb.json     | 4 ++--
 community-containers/nocodb/readme.md       | 2 +-
 community-containers/stalwart/stalwart.json | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json
index a5d56e13..7ef4cc5c 100644
--- a/community-containers/nocodb/nocodb.json
+++ b/community-containers/nocodb/nocodb.json
@@ -4,8 +4,8 @@
             "container_name": "nextcloud-aio-nocodb",
             "display_name": "NocoDB",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb",
-            "image": "docjyj/aio-nocodb",
-            "image_tag": "%AIO_CHANNEL%",
+            "image": "nocodb/nocodb",
+            "image_tag": "latest",
             "internal_port": "10028",
             "restart": "unless-stopped",
             "ports": [
diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md
index 748c8585..4c1281b5 100644
--- a/community-containers/nocodb/readme.md
+++ b/community-containers/nocodb/readme.md
@@ -22,7 +22,7 @@ This is an alternative of **Airtable**.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
-https://github.com/docjyJ/aio-nocodb
+https://github.com/nocodb/nocodb
 
 ### Maintainer
 https://github.com/docjyJ
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 7858327c..1a5ffd41 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-stalwart",
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
-            "image": "docjyj/aio-stalwart",
+            "image": "ghcr.io/docjyj/aio-stalwart",
             "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10003",
             "restart": "unless-stopped",

From af4700d86321cfaecafcf9c202f3df30a96cc697 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 13 Mar 2025 15:38:04 +0100
Subject: [PATCH 3018/3949] pull npmplus from ghcr

Signed-off-by: Zoey <zoey@z0ey.de>
---
 community-containers/npmplus/npmplus.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/npmplus/npmplus.json b/community-containers/npmplus/npmplus.json
index 24f1c381..4b666c03 100644
--- a/community-containers/npmplus/npmplus.json
+++ b/community-containers/npmplus/npmplus.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-npmplus",
             "display_name": "NPMplus",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus",
-            "image": "zoeyvid/npmplus",
+            "image": "ghcr.io/zoeyvid/npmplus",
             "image_tag": "latest",
             "internal_port": "host",
             "restart": "unless-stopped",

From 4b644d2fe7ab4e4b3902867a1801f4e4a3ff725a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Mar 2025 17:02:19 +0100
Subject: [PATCH 3019/3949] update Nextcloud to 30.0.7

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9af52cd8..1c74e213 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.6
+ENV NEXTCLOUD_VERSION=30.0.7
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 36dc60e9d212c4b33409c5c78cec03403a4e677f Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 13 Mar 2025 17:45:35 +0100
Subject: [PATCH 3020/3949] Update stalwart.json

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index 1a5ffd41..e2061688 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -5,7 +5,7 @@
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
             "image": "ghcr.io/docjyj/aio-stalwart",
-            "image_tag": "%AIO_CHANNEL%",
+            "image_tag": "v3",
             "internal_port": "10003",
             "restart": "unless-stopped",
             "ports": [

From 5004a46e2a251d738f57a80ef435f8efeedecc65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Mar 2025 04:43:29 +0000
Subject: [PATCH 3021/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.12.4.1 to 24.04.13.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index e9ca4d01..d9c487a4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.4.1
+FROM collabora/code:24.04.13.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 8fe6821038fb1a2a53111d54524be4956cc2d7b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Mar 2025 04:43:55 +0000
Subject: [PATCH 3022/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.17-fpm-alpine3.21 to 8.3.19-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 6379ba85..dca0a070 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.0.1-cli AS docker
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.17-fpm-alpine3.21
+FROM php:8.3.19-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From fbb71586e8a7f6c2359dba0e7305b5290d4d22bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Mar 2025 04:44:11 +0000
Subject: [PATCH 3023/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.17-fpm-alpine3.21 to 8.3.19-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1c74e213..0f86cde2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.17-fpm-alpine3.21
+FROM php:8.3.19-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From d164eea1ee84e57842c5a1c2dcd717ff43bb4df7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 16 Mar 2025 14:05:12 +0100
Subject: [PATCH 3024/3949] nextcloud-entrypoint: output error message if touch
 failed

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c97a56f9..e8992086 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -33,7 +33,7 @@ while ! nc -z "$REDIS_HOST" "6379"; do
 done
 
 # Check permissions in ncdata
-touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
     echo "The www-data user doesn't seem to have access rights in the datadir.
 Most likely are the files located on a drive that does not follow linux permissions.

From 63d9343972cba7974f07dc15455e27a9b687aaea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Mar 2025 11:15:23 +0100
Subject: [PATCH 3025/3949] update Github Actions to use commit hashes for 3rd
 party actions instead of version tags

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/dependency-updates.yml       | 4 ++--
 .github/workflows/helm-release.yml             | 6 +++---
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lock-threads.yml             | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 4 ++--
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 14 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index eeaeb427..51548e24 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
       - name: Check spelling
-        uses: codespell-project/actions-codespell@v2
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
           check_filenames: true
           check_hidden: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index b131ab58..189ea516 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@v2
+    - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
       with:
         php-version: 8.3
         extensions: apcu
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index baacd7de..28946230 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@v2
+        uses: softprops/turnstyle@25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc # v2
         with:
           continue-after-seconds: 180
         env:
@@ -32,7 +32,7 @@ jobs:
 
       # See https://github.com/helm/chart-releaser-action/issues/6
       - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
         with:
           version: v3.6.3
 
@@ -41,7 +41,7 @@ jobs:
           helm lint ./nextcloud-aio-helm-chart
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.7.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
         with:
           mark_as_latest: false
           charts_dir: .
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 85c64a6e..707a4d7d 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 41779d5c..476c1925 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
         with:
           version: v3.11.1
 
diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index e4e2cc32..be8273d5 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index e4750c2a..914a4435 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -85,7 +85,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index aed16094..dd8b0a02 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index f4bf7198..2b42c4ff 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
         with:
           php-version: 8.3
           extensions: apcu
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 697b1807..d474d95f 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@2.0.0
+      uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
         check_together: 'yes'
       env:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 674d6db8..1b541dd4 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 4544f993..59c5d4f1 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 43b37c8f..3065c4a9 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -20,7 +20,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 93a560fc..dca81879 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
         with:
           commit-message: Yaml updates
           signoff: true

From 1b6524b904485f52d376966813b66cfac08def01 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Mar 2025 13:06:18 +0100
Subject: [PATCH 3026/3949] Update dependabot.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8afcc4e4..38d4ad6d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,7 +1,7 @@
 version: 2
 updates:
 - package-ecosystem: "github-actions"
-  directory: "/"
+  directory: ".github/workflows"
   schedule:
     interval: "daily"
     time: "12:00"

From ccc64878772646d40914afac0b77df11ad5ddab9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Mar 2025 12:09:48 +0000
Subject: [PATCH 3027/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.30.0 to 2.32.0.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/a4e22b60bbb9c1021113f2860347b0759f66fe5d...9e72090525849c5e82e596468b86eb55e9cc5401)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 189ea516..017828d6 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+    - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
       with:
         php-version: 8.3
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 69db96dd..9f17d7fa 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index dd8b0a02..50e57bc3 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 2b42c4ff..9e77421c 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index e4775674..a4a5cfdf 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 59c5d4f1..7f0d3671 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
         with:
           php-version: 8.3
           extensions: apcu

From c525f802d5860dfa940a964420b0af861af3885e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Mar 2025 22:34:50 +0100
Subject: [PATCH 3028/3949] Update Bug_report.md

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index c4d25e6d..66681d2e 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -5,8 +5,10 @@ labels: 0. Needs triage
 ---
 
 <!---
+- Before submitting a bug report, please read through the documentation available at https://github.com/nextcloud/all-in-one#faq
 - If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
 - For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
+
 --->
 
 <!--- Please fill out the whole template below -->

From 38a11c462426dab7f24f4a1ed0347f66d6495a03 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Mar 2025 22:39:17 +0100
Subject: [PATCH 3029/3949] Update config.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index e50507ae..af96f3c6 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,7 @@
 blank_issues_enabled: false
 contact_links:
+    - name: 📘 Documentation on Nextcloud AIO
+      url: https://github.com/nextcloud/all-in-one#faq
     - name: ⛑️ General questions and support
       url: https://help.nextcloud.com/tag/aio
       about: For general questions, support and help
@@ -11,4 +13,4 @@ contact_links:
       about: For questions specifically about AIO
     - name: 💼 Nextcloud Enterprise
       url: https://portal.nextcloud.com/
-      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
\ No newline at end of file
+      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly

From 7062b6aa9007d884628989af0935064b5a8a21ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Mar 2025 23:44:03 +0100
Subject: [PATCH 3030/3949] add about info to documentation about aio section

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index af96f3c6..bbeee846 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -2,6 +2,7 @@ blank_issues_enabled: false
 contact_links:
     - name: 📘 Documentation on Nextcloud AIO
       url: https://github.com/nextcloud/all-in-one#faq
+      about: Please read the docs first before submitting any report or request!
     - name: ⛑️ General questions and support
       url: https://help.nextcloud.com/tag/aio
       about: For general questions, support and help

From f90631125e0ad0dec7f9e836319826b596d2a7da Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Wed, 19 Mar 2025 14:46:41 +0100
Subject: [PATCH 3031/3949] test: prepare for e2e tests

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 php/templates/containers.twig         | 6 +++---
 php/templates/setup.twig              | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 7c7039af..e2291a76 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -900,7 +900,7 @@ class ConfigurationManager
     }
 
     public function shouldDomainValidationBeSkipped() : bool {
-        if (getenv('SKIP_DOMAIN_VALIDATION') !== false) {
+        if (getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
             return true;
         }
         return false;
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1bbfc001..92cfbde8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -106,7 +106,7 @@
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
                             <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
+                                <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Submit domain" />
@@ -195,9 +195,9 @@
                                 if stored remotely; and the encryption password of the backup archive below:
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <label>Local backup location</label> <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
+                                    <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:port/path/to/repo"/><br>
-                                    <label>Borg passphrase</label> <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
+                                    <label>Borg passphrase</label> <input type="text" id="borg_restore_password" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Submit location and encryption password" />
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index ac8063a2..f1d4d1dc 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -10,7 +10,7 @@
         <h1>All-in-One setup</h1>
         <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
         <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
-        <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
+        <strong>Passphrase</strong><br/><span id="initial-password" class="monospace">{{ password }}</span><br>
         <a href="/" class="button" target="_blank">Open Nextcloud AIO login ↗</a>
     </div>
 {% endblock %}

From 80ae73663351a084f822d3ca5ee43e96212e412a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Mar 2025 04:31:25 +0000
Subject: [PATCH 3032/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.10.26-scratch to 2.11.0-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 5058d449..915b4789 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.26-scratch AS nats
+FROM nats:2.11.0-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus

From 38254f76ab8671b2348dce35479849896a69f409 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 20 Mar 2025 10:52:38 +0100
Subject: [PATCH 3033/3949] test: add more ids for e2e tests

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 php/templates/containers.twig | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 92cfbde8..96623fc4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -241,9 +241,9 @@
                                     <p>Initial Nextcloud username: <strong>admin</strong></p>
                             {% if hasBackupLocation %}
                                 {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
+                                <p>Initial Nextcloud password: <strong id="initial-nextcloud-password">{{ nextcloud_password }}</strong></p></details>
                             {% else %}
-                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
+                                <p>Initial Nextcloud password: <strong id="initial-nextcloud-password">{{ nextcloud_password }}</strong></p>
                             {% endif %}
                             <p><a href="https://{{ domain }}" class="button" target="_blank">Open your Nextcloud ↗</a></p>
                             {% if not hasBackupLocation %}
@@ -370,7 +370,7 @@
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
-                                    <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
+                                    <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -408,7 +408,7 @@
                                             To try again, click <strong>Create backup</strong>.
                                             </p>
                                             {% endif %}
-                                            
+
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -433,7 +433,7 @@
                                         <summary>Click here to reveal all backup options (including an option for automatic updates)</summary>
                                     {% endif %}
                                     <h3>Backup information</h3>
-                                    <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
+                                    <p>This is your encryption password for backups: <strong id="borg-backup-password">{{ borgbackup_password }}</strong></p>
                                     <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
                                     <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
                                     <p>The backup uses a tool called <a target="_blank" href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>

From a4aa1baf54b710a923c25048ac000e1d779223f0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 10:54:34 +0100
Subject: [PATCH 3034/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 321cf5b4..ef21bb22 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.1.1
+FROM onlyoffice/documentserver:8.3.2.1
 
 # USER root is probably used
 

From e37611a75929fff6545dc8877de9d62e33d497b7 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Wed, 19 Mar 2025 12:54:34 +0100
Subject: [PATCH 3035/3949] test: add e2e tests via playwright

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 .github/workflows/playwright.yml         | 77 +++++++++++++++++++
 php/tests/.gitignore                     |  7 ++
 php/tests/package-lock.json              | 97 ++++++++++++++++++++++++
 php/tests/package.json                   |  8 ++
 php/tests/playwright.config.js           | 29 +++++++
 php/tests/tests/initial-setup.spec.js    | 95 +++++++++++++++++++++++
 php/tests/tests/restore-instance.spec.js | 79 +++++++++++++++++++
 7 files changed, 392 insertions(+)
 create mode 100644 .github/workflows/playwright.yml
 create mode 100644 php/tests/.gitignore
 create mode 100644 php/tests/package-lock.json
 create mode 100644 php/tests/package.json
 create mode 100644 php/tests/playwright.config.js
 create mode 100644 php/tests/tests/initial-setup.spec.js
 create mode 100644 php/tests/tests/restore-instance.spec.js

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
new file mode 100644
index 00000000..dfa6ad7e
--- /dev/null
+++ b/.github/workflows/playwright.yml
@@ -0,0 +1,77 @@
+name: Playwright Tests
+
+on:
+  workflow_dispatch:
+
+env:
+  BASE_URL: https://localhost:8080
+
+jobs:
+  test:
+    timeout-minutes: 60
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+
+      - name: Install dependencies
+        run: cd php/tests && npm ci
+
+      - name: Install Playwright Browsers
+        run: cd php/tests && npx playwright install --with-deps chromium
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker pull nextcloud/all-in-one:develop
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=true \
+            --env APACHE_PORT=11000 \
+            nextcloud/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for initial setup
+        run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=false \
+            --env APACHE_PORT=11000 \
+            nextcloud/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for backup restore
+        run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js
+
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-report
+          path: php/tests/playwright-report/
+          retention-days: 14
+          overwrite: true
diff --git a/php/tests/.gitignore b/php/tests/.gitignore
new file mode 100644
index 00000000..58786aac
--- /dev/null
+++ b/php/tests/.gitignore
@@ -0,0 +1,7 @@
+
+# Playwright
+node_modules/
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
diff --git a/php/tests/package-lock.json b/php/tests/package-lock.json
new file mode 100644
index 00000000..ea2b4296
--- /dev/null
+++ b/php/tests/package-lock.json
@@ -0,0 +1,97 @@
+{
+  "name": "e2e",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "e2e",
+      "version": "1.0.0",
+      "license": "ISC",
+      "devDependencies": {
+        "@playwright/test": "^1.51.1",
+        "@types/node": "^22.13.10"
+      }
+    },
+    "node_modules/@playwright/test": {
+      "version": "1.51.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz",
+      "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright": "1.51.1"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "22.13.10",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz",
+      "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.20.0"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/playwright": {
+      "version": "1.51.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
+      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.51.1"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.51.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
+      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "6.20.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
+      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
+      "dev": true,
+      "license": "MIT"
+    }
+  }
+}
diff --git a/php/tests/package.json b/php/tests/package.json
new file mode 100644
index 00000000..ebfa99ec
--- /dev/null
+++ b/php/tests/package.json
@@ -0,0 +1,8 @@
+{
+  "name": "nextcloud-aio-mastercontainer-tests",
+  "version": "1.0.0",
+  "license": "AGPL-3.0-or-later",
+  "devDependencies": {
+    "@playwright/test": "^1.51.1"
+  }
+}
diff --git a/php/tests/playwright.config.js b/php/tests/playwright.config.js
new file mode 100644
index 00000000..191a7f59
--- /dev/null
+++ b/php/tests/playwright.config.js
@@ -0,0 +1,29 @@
+import { defineConfig, devices } from '@playwright/test'
+
+/**
+ * @see https://playwright.dev/docs/test-configuration
+ */
+export default defineConfig({
+  testDir: './tests',
+  fullyParallel: false,
+  forbidOnly: !!process.env.CI,
+  retries: 0,
+  workers: 1,
+  reporter: [
+    ['list'],
+    ['html'],
+  ],
+  use: {
+    baseURL: process.env.BASE_URL ?? 'http://localhost:8080',
+    trace: 'on',
+  },
+  projects: [
+    {
+      name: 'chromium',
+      use: {
+        ...devices['Desktop Chrome'],
+        ignoreHTTPSErrors: true,
+      },
+    },
+  ],
+})
diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js
new file mode 100644
index 00000000..6e990767
--- /dev/null
+++ b/php/tests/tests/initial-setup.spec.js
@@ -0,0 +1,95 @@
+import { test, expect } from '@playwright/test';
+import { writeFileSync } from 'node:fs'
+
+test('Initial setup', async ({ page: setupPage }) => {
+  test.setTimeout(10 * 60 * 1000)
+
+  // Extract initial password
+  await setupPage.goto('./setup');
+  const password = await setupPage.locator('#initial-password').innerText()
+  const containersPagePromise = setupPage.waitForEvent('popup');
+  await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click();
+  const containersPage = await containersPagePromise;
+
+  // Log in and wait for redirect
+  await containersPage.locator('#master-password').click();
+  await containersPage.locator('#master-password').fill(password);
+  await containersPage.getByRole('button', { name: 'Log in' }).click();
+  await containersPage.waitForURL('./containers');
+
+  // Reject IP addresses
+  await containersPage.locator('#domain').click();
+  await containersPage.locator('#domain').fill('1.1.1.1');
+  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
+  await expect(containersPage.locator('body')).toContainText('Please enter a domain and not an IP-address!');
+
+  // Accept example.com (requires disabled domain validation)
+  await containersPage.locator('#domain').click();
+  await containersPage.locator('#domain').fill('example.com');
+  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
+
+  // Disable all additional containers
+  await containersPage.locator('#talk').uncheck();
+  await containersPage.getByRole('checkbox', { name: 'Whiteboard' }).uncheck();
+  await containersPage.getByRole('checkbox', { name: 'Imaginary' }).uncheck();
+  await containersPage.getByRole('checkbox', { name: 'Collabora' }).uncheck();
+  await containersPage.getByRole('button', { name: 'Save changes' }).click();
+  await expect(containersPage.locator('#talk')).not.toBeChecked()
+  await expect(containersPage.getByRole('checkbox', { name: 'Whiteboard' })).not.toBeChecked()
+  await expect(containersPage.getByRole('checkbox', { name: 'Imaginary' })).not.toBeChecked()
+  await expect(containersPage.getByRole('checkbox', { name: 'Collabora' })).not.toBeChecked()
+
+  // Reject invalid time zones
+  await containersPage.locator('#timezone').click();
+  await containersPage.locator('#timezone').fill('Invalid time zone');
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
+  await containersPage.getByRole('button', { name: 'Submit timezone' }).click();
+  await expect(containersPage.locator('body')).toContainText('The entered timezone does not seem to be a valid timezone!')
+
+  // Accept valid time zone
+  await containersPage.locator('#timezone').click();
+  await containersPage.locator('#timezone').fill('Europe/Berlin');
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
+  await containersPage.getByRole('button', { name: 'Submit timezone' }).click();
+
+  // Start containers and wait for starting message
+  await containersPage.getByRole('button', { name: 'Download and start containers' }).click();
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com');
+
+  // Extract initial nextcloud password
+  await expect(containersPage.getByRole('main')).toContainText('Initial Nextcloud password:')
+  const initialNextcloudPassword = await containersPage.locator('#initial-nextcloud-password').innerText();
+
+  // Set backup location and create backup
+  const borgBackupLocation = `/mnt/test/aio-${Math.floor(Math.random() * 2147483647)}`
+  await containersPage.locator('#borg_backup_host_location').click();
+  await containersPage.locator('#borg_backup_host_location').fill(borgBackupLocation);
+  await containersPage.getByRole('button', { name: 'Submit backup location' }).click();
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
+  await containersPage.getByRole('button', { name: 'Create backup' }).click();
+  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 3 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText('Last backup successful on', { timeout: 3 * 60 * 1000 });
+  await containersPage.getByText('Click here to reveal all backup options').click();
+  await expect(containersPage.locator('#borg-backup-password')).toBeVisible();
+  const borgBackupPassword = await containersPage.locator('#borg-backup-password').innerText();
+
+  // Assert that all containers are stopped
+  await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible();
+
+  // Save passwords for restore backup test
+  writeFileSync('test_data.json', JSON.stringify({
+    initialNextcloudPassword,
+    borgBackupLocation,
+    borgBackupPassword,
+  }))
+});
diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
new file mode 100644
index 00000000..fef4ec01
--- /dev/null
+++ b/php/tests/tests/restore-instance.spec.js
@@ -0,0 +1,79 @@
+import { test, expect } from '@playwright/test';
+import { readFileSync } from 'node:fs';
+
+test('Restore instance', async ({ page: setupPage }) => {
+  test.setTimeout(10 * 60 * 1000)
+
+  // Load passwords from previous test
+  const {
+    initialNextcloudPassword,
+    borgBackupLocation,
+    borgBackupPassword,
+  } = JSON.parse(readFileSync('test_data.json'))
+
+  // Extract initial password
+  await setupPage.goto('./setup');
+  const password = await setupPage.locator('#initial-password').innerText()
+  const containersPagePromise = setupPage.waitForEvent('popup');
+  await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click();
+  const containersPage = await containersPagePromise;
+
+  // Log in and wait for redirect
+  await containersPage.locator('#master-password').click();
+  await containersPage.locator('#master-password').fill(password);
+  await containersPage.getByRole('button', { name: 'Log in' }).click();
+  await containersPage.waitForURL('./containers');
+
+  // Reject example.com (requires enabled domain validation)
+  await containersPage.locator('#domain').click();
+  await containersPage.locator('#domain').fill('example.com');
+  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
+  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.');
+
+  // Reject invalid backup location
+  await containersPage.locator('#borg_restore_host_location').click();
+  await containersPage.locator('#borg_restore_host_location').fill('/mnt/foobar');
+  await containersPage.locator('#borg_restore_password').click();
+  await containersPage.locator('#borg_restore_password').fill('foobar');
+  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
+  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
+  await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 });
+
+  // Reject invalid backup password
+  await containersPage.locator('#borg_restore_host_location').click();
+  await containersPage.locator('#borg_restore_host_location').fill('/mnt/backup');
+  await containersPage.locator('#borg_restore_password').click();
+  await containersPage.locator('#borg_restore_password').fill('foobar');
+  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
+  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
+  await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 });
+
+  // Accept correct backup location and password
+  await containersPage.locator('#borg_restore_host_location').click();
+  await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation);
+  await containersPage.locator('#borg_restore_password').click();
+  await containersPage.locator('#borg_restore_password').fill(borgBackupPassword);
+  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
+  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
+
+  // Check integrity and restore backup
+  await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
+  await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
+  await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
+  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:');
+
+  // Verify a successful backup restore
+  await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText('⚠️ Container updates are available. Click on Stop containers and Start and update containers to update them. You should consider creating a backup first.');
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
+  await containersPage.getByRole('button', { name: 'Start and update containers' }).click();
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText(initialNextcloudPassword);
+
+  // Verify that containers are all stopped
+  await containersPage.getByRole('button', { name: 'Stop containers' }).click();
+  await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible({ timeout: 60 * 1000 });
+});
\ No newline at end of file

From c1b60f9a514dcce6f9e942979f4509e5a1f7aa9b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 12:12:57 +0100
Subject: [PATCH 3036/3949] Dockerfile: remove tests subfolder

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index dca0a070..41fbae75 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -66,6 +66,7 @@ RUN set -ex; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
+    rm -r ./php/test; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \

From f876b23c0b057c37489c8783789854677422e239 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 12:23:33 +0100
Subject: [PATCH 3037/3949] develop.md: add note how to run E2EE tests

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/develop.md b/develop.md
index 08aa9e8a..133185a6 100644
--- a/develop.md
+++ b/develop.md
@@ -27,6 +27,8 @@ Before testing, make sure that at least the amd64 containers are built successfu
 
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
+Additionally, there are now E2EE tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml
+
 ## How to promote builds from develop to beta
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.

From 6d1f1c1aeb9d46919db697c4fb0d2c1fc8409a57 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 12:36:57 +0100
Subject: [PATCH 3038/3949] nextcloud: update to 30.0.8

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0f86cde2..f9332b35 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.7
+ENV NEXTCLOUD_VERSION=30.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From b1f2d6f6912ff3427eca4ddfed68f47c9fdd3173 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 12:42:03 +0100
Subject: [PATCH 3039/3949] increase to 10.9.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 96623fc4..b1f1901c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.8.0</h1>
+            <h1>Nextcloud AIO v10.9.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 8ddd123568e8df71e6184ae0d75bd530253ce3e7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 12:45:05 +0100
Subject: [PATCH 3040/3949] fix removing tests from aio-interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 41fbae75..40204b72 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -66,7 +66,7 @@ RUN set -ex; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
-    rm -r ./php/test; \
+    rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \

From 7eabc593289cf2410bcbcf131bb138ee06139542 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 13:08:54 +0100
Subject: [PATCH 3041/3949] adjust some details to actually do what the test is
 intended to do

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/restore-instance.spec.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index fef4ec01..189acd0e 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -32,16 +32,16 @@ test('Restore instance', async ({ page: setupPage }) => {
 
   // Reject invalid backup location
   await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill('/mnt/foobar');
+  await containersPage.locator('#borg_restore_host_location').fill('/mnt/test/aio-incorrect-path');
   await containersPage.locator('#borg_restore_password').click();
-  await containersPage.locator('#borg_restore_password').fill('foobar');
+  await containersPage.locator('#borg_restore_password').fill(borgBackupPassword);
   await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
   await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 });
 
   // Reject invalid backup password
   await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill('/mnt/backup');
+  await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation);
   await containersPage.locator('#borg_restore_password').click();
   await containersPage.locator('#borg_restore_password').fill('foobar');
   await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()

From 0ed524baba7449c38d6732d7dd502a0648f3d825 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 13:13:09 +0100
Subject: [PATCH 3042/3949] modify two details in initial-setup test

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/initial-setup.spec.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js
index 6e990767..ca8bc077 100644
--- a/php/tests/tests/initial-setup.spec.js
+++ b/php/tests/tests/initial-setup.spec.js
@@ -60,7 +60,8 @@ test('Initial setup', async ({ page: setupPage }) => {
 
   // Start containers and wait for starting message
   await containersPage.getByRole('button', { name: 'Download and start containers' }).click();
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 });
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 });
   await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com');
 
   // Extract initial nextcloud password

From 6b9e68d55f6559a2a3f067d62e3983121dbbe968 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 13:19:49 +0100
Subject: [PATCH 3043/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/develop.md b/develop.md
index 133185a6..8bb21a2f 100644
--- a/develop.md
+++ b/develop.md
@@ -27,7 +27,7 @@ Before testing, make sure that at least the amd64 containers are built successfu
 
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
-Additionally, there are now E2EE tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml
+Additionally, there are now E2E tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml
 
 ## How to promote builds from develop to beta
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml

From 91e99dcba9fa235b7dd7396b0c8d3aefc4a92add Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 17:30:49 +0100
Subject: [PATCH 3044/3949] Update develop.md

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/develop.md b/develop.md
index 8bb21a2f..a35a521c 100644
--- a/develop.md
+++ b/develop.md
@@ -19,6 +19,9 @@ It will now also select the developer channel for all other containers automatic
 ## How to publish new releases?
 Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.
 
+## How to update existing instances to a new major Nextcloud version?
+Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
+
 ## How to build new containers
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
 

From b9a04858ca1e8fcc4c7fd2783df9e9c80148ba82 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Mar 2025 04:25:41 +0000
Subject: [PATCH 3045/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.5-alpine to 3.1.6-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 79bd22ac..a01a7485 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.5-alpine
+FROM haproxy:3.1.6-alpine
 
 # hadolint ignore=DL3002
 USER root

From 9b8a9de56586408659daecf0dde1ad64abba61dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Mar 2025 04:26:03 +0000
Subject: [PATCH 3046/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.0.1-cli to 28.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 40204b72..12e4aaa2 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.0.1-cli AS docker
+FROM docker:28.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From 4c14fa9b131f019f57a4506ac118a78cdcee35b7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Mar 2025 10:06:41 +0100
Subject: [PATCH 3047/3949] nextcloud: adjust `default_socket_timeout` to
 `${PHP_MAX_TIME}` in order to make it configurable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index f9332b35..4ee8d0e2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -142,7 +142,7 @@ RUN set -ex; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
-        echo 'default_socket_timeout=600'; \
+        echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
     { \

From 167c2dc38979a7ba8a6eda2ef7092ca751e1492f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 21 Mar 2025 12:03:18 +0000
Subject: [PATCH 3048/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index c16aee79..3d104f43 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -341,7 +341,7 @@ services:
     init: false
     healthcheck:
       start_period: 60s
-      test: clamdcheck.sh
+      test: /healthcheck.sh
       interval: 30s
       timeout: 30s
       start_interval: 5s
@@ -351,7 +351,6 @@ services:
     environment:
       - TZ=${TIMEZONE}
       - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
-      - CLAMD_STARTUP_TIMEOUT=90
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw
     restart: unless-stopped
@@ -359,9 +358,11 @@ services:
       - clamav
     read_only: true
     tmpfs:
-      - /var/lock
-      - /var/log/clamav
       - /tmp
+      - /var/log/clamav
+      - /run/clamav
+      - /var/log/supervisord
+      - /var/run/supervisord
     cap_drop:
       - NET_RAW
 

From 348a08a720c5785ee03d8c0189af0d4ebc413c6b Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Fri, 21 Mar 2025 18:45:00 +0200
Subject: [PATCH 3049/3949] more strict rules for the container creation

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 601b465f..defccda5 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -13,7 +13,7 @@ frontend http
     bind :::2375 v4v6
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     # docker system _ping
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
     # container inspect: GET containers/%s/logs
@@ -38,19 +38,19 @@ frontend http
     # ACL to deny if there are any binds
     acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
     # ACL to restrict the type of Mounts to volume
-    acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
+    acl type_not_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[[^\]]*(\"Type\"\s*:\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
 
-    # ACL to restrict container creation, that it has HostConfig.Privileged not set
-    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
+    # ACL to restrict container creation, that it has HostConfig.Privileged(by searching for "Privileged" word in all payload)
+    acl no_privileged_flag req.body -m reg -i "\"Privileged\""
     # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
-    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*{[^}]*\"Source\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
     # end of container create
 
     # volume create: POST volumes/create
     # restrict name
-    acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    acl nc_app_volume_data req.body -m reg -i "\"Name\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
     # do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
     acl volume_no_device req.body -m reg -i "\"device\""
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST

From 4669ad430c84467a42d6df6f1de43a5777d01706 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Mar 2025 16:36:21 +0100
Subject: [PATCH 3050/3949] helm: allow to set the skeleton directory

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh      | 7 +++++++
 nextcloud-aio-helm-chart/update-helm.sh | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e8992086..e84636dc 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -535,6 +535,13 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+if [ -n "$NEXTCLOUD_SKELETON_DIRECTORY" ]; then
+    if [ "$NEXTCLOUD_SKELETON_DIRECTORY" = "empty" ]; then
+        php /var/www/html/occ config:system:set skeletondirectory --value=""
+    else
+        php /var/www/html/occ config:system:set skeletondirectory --value="$NEXTCLOUD_SKELETON_DIRECTORY"
+    fi
+fi
 if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
     php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 3c976773..5ac19095 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -302,6 +302,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
+            - name: NEXTCLOUD_SKELETON_DIRECTORY
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL
@@ -414,6 +416,7 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
+NEXTCLOUD_SKELETON_DIRECTORY:        # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
 NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.

From 630a0dc6aa6412a260030e2449fa14c6acc833a3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Mar 2025 14:57:39 +0100
Subject: [PATCH 3051/3949] database-import: update logic to consider wrong lin
 endings

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index 10e46550..dbb74196 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -99,7 +99,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     fi
 
     # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s|[[:space:]]||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
         echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
         echo "It is not possible to import a database dump from this database owner."

From 5d090018f98c19b353d7e68ef15423ba0cc1be19 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 09:13:06 +0100
Subject: [PATCH 3052/3949] move images to ghcr.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright.yml       |  6 ++---
 .github/workflows/update-helm.yml      |  3 ++-
 Containers/mastercontainer/start.sh    |  6 ++---
 develop.md                             |  2 +-
 php/containers.json                    | 34 +++++++++++++-------------
 php/src/Docker/DockerActionManager.php | 30 +++++++++++++++++++++--
 6 files changed, 54 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index dfa6ad7e..67653783 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -29,7 +29,7 @@ jobs:
         run: |
           docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
           docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker pull nextcloud/all-in-one:develop
+          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
           docker run \
             -d \
             --init \
@@ -40,7 +40,7 @@ jobs:
             --volume /var/run/docker.sock:/var/run/docker.sock:ro \
             --env SKIP_DOMAIN_VALIDATION=true \
             --env APACHE_PORT=11000 \
-            nextcloud/all-in-one:develop
+            ghcr.io/nextcloud-releases/all-in-one:develop
           echo Waiting for 10 seconds for the development container to start ...
           sleep 10
 
@@ -61,7 +61,7 @@ jobs:
             --volume /var/run/docker.sock:/var/run/docker.sock:ro \
             --env SKIP_DOMAIN_VALIDATION=false \
             --env APACHE_PORT=11000 \
-            nextcloud/all-in-one:develop
+            ghcr.io/nextcloud-releases/all-in-one:develop
           echo Waiting for 10 seconds for the development container to start ...
           sleep 10
 
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 3065c4a9..83c35135 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,7 +14,8 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')"
+          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index bca074ae..1a455626 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -283,10 +283,10 @@ if [ "$?" = 6 ]; then
     exit 1
 fi
 
-# Check if auth.docker.io is reachable
+# Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
-    print_red "Could not reach https://auth.docker.io."
+if ! curl https://ghcr.io 2>&1; then
+    print_red "Could not reach https://ghcr.io."
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
     exit 1
diff --git a/develop.md b/develop.md
index a35a521c..6f84b2d4 100644
--- a/develop.md
+++ b/develop.md
@@ -11,7 +11,7 @@ sudo docker run \
 --publish 8443:8443 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-nextcloud/all-in-one:develop
+ghcr.io/nextcloud-releases/all-in-one:develop
 ```
 And you are done :)
 It will now also select the developer channel for all other containers automatically.
diff --git a/php/containers.json b/php/containers.json
index 4f218af2..d87fe9ca 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,7 +13,7 @@
         "nextcloud-aio-whiteboard"
       ],
       "display_name": "Apache",
-      "image": "nextcloud/aio-apache",
+      "image": "ghcr.io/nextcloud-releases/aio-apache",
       "user": "33",
       "init": true,
       "healthcheck": {
@@ -84,7 +84,7 @@
       "container_name": "nextcloud-aio-database",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Database",
-      "image": "nextcloud/aio-postgresql",
+      "image": "ghcr.io/nextcloud-releases/aio-postgresql",
       "user": "999",
       "init": true,
       "healthcheck": {
@@ -149,7 +149,7 @@
         "nextcloud-aio-docker-socket-proxy"
       ],
       "display_name": "Nextcloud",
-      "image": "nextcloud/aio-nextcloud",
+      "image": "ghcr.io/nextcloud-releases/aio-nextcloud",
       "init": true,
       "healthcheck": {
         "start_period": "0s",
@@ -271,7 +271,7 @@
       "container_name": "nextcloud-aio-notify-push",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Notify Push",
-      "image": "nextcloud/aio-notify-push",
+      "image": "ghcr.io/nextcloud-releases/aio-notify-push",
       "user": "33",
       "init": true,
       "healthcheck": {
@@ -319,7 +319,7 @@
       "container_name": "nextcloud-aio-redis",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Redis",
-      "image": "nextcloud/aio-redis",
+      "image": "ghcr.io/nextcloud-releases/aio-redis",
       "user": "999",
       "init": true,
       "healthcheck": {
@@ -361,7 +361,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
-      "image": "nextcloud/aio-collabora",
+      "image": "ghcr.io/nextcloud-releases/aio-collabora",
       "init": true,
       "healthcheck": {
         "start_period": "60s",
@@ -404,7 +404,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Talk",
-      "image": "nextcloud/aio-talk",
+      "image": "ghcr.io/nextcloud-releases/aio-talk",
       "user": "1000",
       "init": true,
       "healthcheck": {
@@ -466,7 +466,7 @@
       "container_name": "nextcloud-aio-talk-recording",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
-      "image": "nextcloud/aio-talk-recording",
+      "image": "ghcr.io/nextcloud-releases/aio-talk-recording",
       "user": "122",
       "init": true,
       "healthcheck": {
@@ -518,7 +518,7 @@
     {
       "container_name": "nextcloud-aio-borgbackup",
       "image_tag": "%AIO_CHANNEL%",
-      "image": "nextcloud/aio-borgbackup",
+      "image": "ghcr.io/nextcloud-releases/aio-borgbackup",
       "init": true,
       "environment": [
         "BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%",
@@ -586,7 +586,7 @@
     {
       "container_name": "nextcloud-aio-watchtower",
       "image_tag": "%AIO_CHANNEL%",
-      "image": "nextcloud/aio-watchtower",
+      "image": "ghcr.io/nextcloud-releases/aio-watchtower",
       "init": true,
       "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
@@ -606,7 +606,7 @@
     {
       "container_name": "nextcloud-aio-domaincheck",
       "image_tag": "%AIO_CHANNEL%",
-      "image": "nextcloud/aio-domaincheck",
+      "image": "ghcr.io/nextcloud-releases/aio-domaincheck",
       "init": true,
       "ports": [
         {
@@ -637,7 +637,7 @@
       "container_name": "nextcloud-aio-clamav",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "ClamAV",
-      "image": "nextcloud/aio-clamav",
+      "image": "ghcr.io/nextcloud-releases/aio-clamav",
       "user": "100",
       "init": false,
       "healthcheck": {
@@ -683,7 +683,7 @@
       "container_name": "nextcloud-aio-onlyoffice",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "OnlyOffice",
-      "image": "nextcloud/aio-onlyoffice",
+      "image": "ghcr.io/nextcloud-releases/aio-onlyoffice",
       "init": true,
       "healthcheck": {
         "start_period": "60s",
@@ -729,7 +729,7 @@
       "container_name": "nextcloud-aio-imaginary",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Imaginary",
-      "image": "nextcloud/aio-imaginary",
+      "image": "ghcr.io/nextcloud-releases/aio-imaginary",
       "user": "65534",
       "init": true,
       "healthcheck": {
@@ -771,7 +771,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709",
       "display_name": "Fulltextsearch",
-      "image": "nextcloud/aio-fulltextsearch",
+      "image": "ghcr.io/nextcloud-releases/aio-fulltextsearch",
       "init": false,
       "healthcheck": {
         "start_period": "60s",
@@ -819,7 +819,7 @@
       "container_name": "nextcloud-aio-docker-socket-proxy",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Docker Socket Proxy",
-      "image": "nextcloud/aio-docker-socket-proxy",
+      "image": "ghcr.io/nextcloud-releases/aio-docker-socket-proxy",
       "init": true,
       "internal_port": "2375",
       "environment": [
@@ -845,7 +845,7 @@
       "container_name": "nextcloud-aio-whiteboard",
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Whiteboard",
-      "image": "nextcloud/aio-whiteboard",
+      "image": "ghcr.io/nextcloud-releases/aio-whiteboard",
       "user": "65534",
       "init": true,
       "healthcheck": {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 643b0f0e..bbcd4b77 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -742,6 +742,33 @@ readonly class DockerActionManager {
         }
     }
 
+    private function GetCurrentImageName(): string {
+        $cacheKey = 'aio-image-name';
+        $imageName = apcu_fetch($cacheKey);
+        if ($imageName !== false && is_string($imageName)) {
+            return $imageName;
+        }
+
+        $containerName = 'nextcloud-aio-mastercontainer';
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
+        try {
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $imageNameArray = explode(':', $output['Config']['Image']);
+            if (count($imageNameArray) === 2) {
+                $imageName = $imageNameArray[0];
+            } else {
+                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']);
+                $imageName = $output['Config']['Image'];
+            }
+            apcu_add($cacheKey, $imageName);
+            return $imageName;
+        } catch (\Exception $e) {
+            error_log('Could not get current imageName ' . $e->getMessage());
+        }
+
+        return 'nextcloud/all-in-one';
+    }
+
     public function GetCurrentChannel(): string {
         $cacheKey = 'aio-ChannelName';
         $channelName = apcu_fetch($cacheKey);
@@ -753,7 +780,6 @@ readonly class DockerActionManager {
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
-            $containerChecksum = $output['Image'];
             $tagArray = explode(':', $output['Config']['Image']);
             if (count($tagArray) === 2) {
                 $tag = $tagArray[1];
@@ -771,7 +797,7 @@ readonly class DockerActionManager {
     }
 
     public function IsMastercontainerUpdateAvailable(): bool {
-        $imageName = 'nextcloud/all-in-one';
+        $imageName = $this->GetCurrentImageName();
         $containerName = 'nextcloud-aio-mastercontainer';
 
         $tag = $this->GetCurrentChannel();

From ac2c97a08ee41b539785f31815bddb4c37cec6c4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 10:45:35 +0100
Subject: [PATCH 3053/3949] Revert changes to helm-chart updates

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 83c35135..3065c4a9 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,8 +14,7 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')"
-          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"

From 7f76f622e13661f8b2a86d6317a0f8223c5534ea Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:46:29 +0000
Subject: [PATCH 3054/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 +++-----
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 2 +-
 14 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a1bdc687..a9de2ae8 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.7.0
+version: 10.9.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 8c67e748..b4e9e01c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250306_093458
+          image: nextcloud/aio-apache:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8ed76d31..e1921203 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -55,17 +55,15 @@ spec:
               {{- end }}
       containers:
         - env:
-            - name: CLAMD_STARTUP_TIMEOUT
-              value: "90"
             - name: MAX_SIZE
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250306_093458
+          image: nextcloud/aio-clamav:20250325_084656
           readinessProbe:
             exec:
               command:
-                - clamdcheck.sh
+                - /healthcheck.sh
             failureThreshold: 9
             initialDelaySeconds: 60
             periodSeconds: 30
@@ -73,7 +71,7 @@ spec:
           livenessProbe:
             exec:
               command:
-                - clamdcheck.sh
+                - /healthcheck.sh
             failureThreshold: 9
             initialDelaySeconds: 60
             periodSeconds: 30
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 08140b21..38d34bd0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250306_093458
+          image: nextcloud/aio-collabora:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index b96ddbb1..4d400202 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250306_093458
+          image: nextcloud/aio-postgresql:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 3df053ec..0de772be 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250306_093458
+          image: nextcloud/aio-fulltextsearch:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index ed389199..5c922d36 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250306_093458
+          image: nextcloud/aio-imaginary:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d2bd1318..496cfed1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250306_093458
+          image: nextcloud/aio-nextcloud:20250325_084656
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index baab420b..b02d5d85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-notify-push:20250306_093458
+          image: nextcloud/aio-notify-push:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c04fd568..2a9db83a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250306_093458
+          image: nextcloud/aio-onlyoffice:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index e7a757fb..439ab944 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250306_093458
+          image: nextcloud/aio-redis:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index e379d8f2..755a2f6a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250306_093458
+          image: nextcloud/aio-talk:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 920cae8c..1967ff34 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250306_093458
+          image: nextcloud/aio-talk-recording:20250325_084656
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index c6b25598..7d51f181 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250306_093458
+          image: nextcloud/aio-whiteboard:20250325_084656
           readinessProbe:
             exec:
               command:

From c65eb16a151099f34da46602264baa0bf8335b35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 10:47:12 +0100
Subject: [PATCH 3055/3949] Revert "Revert changes to helm-chart updates"

This reverts commit ac2c97a08ee41b539785f31815bddb4c37cec6c4.
---
 .github/workflows/update-helm.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 3065c4a9..83c35135 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,7 +14,8 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')"
+          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"

From a4fa22ec221c53253bee620f8077b0d1ae5a053d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 10:49:03 +0100
Subject: [PATCH 3056/3949] increase to 10.10.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index b1f1901c..ce8a59cb 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.9.0</h1>
+            <h1>Nextcloud AIO v10.10.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 13e9829a850ae27258b7e05f54849a3d33371cdb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 11:01:42 +0100
Subject: [PATCH 3057/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 1a455626..dff289d3 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -285,7 +285,7 @@ fi
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://ghcr.io 2>&1; then
+if ! curl https://ghcr.io &>/dev/null; then
     print_red "Could not reach https://ghcr.io."
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"

From f7183b8d32b57cdd873b84c52d7c815503398e3d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 12:13:31 +0100
Subject: [PATCH 3058/3949] aio-interface: rename `isDockerHubReachable` to
 `isRegistryReachable`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 6 +++---
 php/src/Docker/DockerActionManager.php  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ee439824..6c55b3da 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -41,12 +41,12 @@ readonly class DockerController {
             }
         }
 
-        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down
+        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
         // and try to mitigate issues that are arising due to that
         if ($pullImage) {
-            if (!$this->dockerActionManager->isDockerHubReachable($container)) {
+            if (!$this->dockerActionManager->isRegistryReachable($container)) {
                 $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
             }
         }
 
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index bbcd4b77..71242d92 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -599,7 +599,7 @@ readonly class DockerActionManager {
 
     }
 
-    public function isDockerHubReachable(Container $container): bool {
+    public function isRegistryReachable(Container $container): bool {
         $tag = $container->GetImageTag();
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();

From 328a85511f1bbbfc954e27da944e5dc5d0eb321c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 09:08:01 +0100
Subject: [PATCH 3059/3949] docs: nextcloud/all-in-one moved to ghcr.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/readme.md |  2 +-
 compose.yaml                   |  2 +-
 manual-upgrade.md              |  4 ++--
 multiple-instances.md          |  2 +-
 php/README.md                  |  2 +-
 readme.md                      | 44 +++++++++++++++++-----------------
 reverse-proxy.md               | 10 ++++----
 7 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index 0c82d6fe..07ba7602 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -7,7 +7,7 @@ All containers that are in this directory are community maintained so the respon
 ## How to use this?
 Before adding any additional container, make sure to create a backup via the AIO interface!
 
-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
+Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
diff --git a/compose.yaml b/compose.yaml
index a72fbf50..a2836446 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,6 @@
 services:
   nextcloud-aio-mastercontainer:
-    image: nextcloud/all-in-one:latest
+    image: ghcr.io/nextcloud-releases/all-in-one:latest
     init: true
     restart: always
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
diff --git a/manual-upgrade.md b/manual-upgrade.md
index 43aaebb2..c1478953 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -41,7 +41,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 
  - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+ - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
  - Using nano and the arrow keys to navigate:
   - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
 6. Next, stop and remove the current container: 
@@ -95,7 +95,7 @@ Make **note** of the version which is compatible, rounding down to 1 digit after
 
 ##### 5. Find the correct container version
 In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
 
 ##### 6. Replace the container
 - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
diff --git a/multiple-instances.md b/multiple-instances.md
index f98f867a..00386e1b 100644
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -149,7 +149,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
    --env TALK_PORT=3478 \
    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-   nextcloud/all-in-one:latest
+   ghcr.io/nextcloud-releases/all-in-one:latest
    ```
    The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
 
diff --git a/php/README.md b/php/README.md
index 29ade4ae..af824818 100644
--- a/php/README.md
+++ b/php/README.md
@@ -34,7 +34,7 @@ docker run \
 --name nextcloud-aio-mastercontainer \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock \
-nextcloud/all-in-one:latest
+ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
 ### 4. Start your server
diff --git a/readme.md b/readme.md
index 0eb92033..6e3a215c 100644
--- a/readme.md
+++ b/readme.md
@@ -111,7 +111,7 @@ curl -fsSL https://get.docker.com | sudo sh
     --publish 8443:8443 \
     --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
     --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-    nextcloud/all-in-one:latest
+    ghcr.io/nextcloud-releases/all-in-one:latest
     ```
     <details>
     <summary>Explanation of the command</summary>
@@ -126,7 +126,7 @@ curl -fsSL https://get.docker.com | sudo sh
     - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-    - `nextcloud/all-in-one:latest` This is the docker container image that is used.
+    - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
     - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
     </details>
 
@@ -331,7 +331,7 @@ Now that this is out of the way, the recommended way how to access Nextcloud loc
 Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole
 
 ### How to skip the domain validation?
-If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
@@ -344,7 +344,7 @@ Afterwards it should work.<br>
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it
 
 ### What can I do to fix the internal or reserved ip-address error?
-If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
+If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
 ## Infrastructure
 
@@ -377,7 +377,7 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa
 > [!WARNING]  
 > Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
 
-You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
 
 - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
@@ -408,7 +408,7 @@ You can move the whole docker library and all its files including all Nextcloud
 This should solve the problem.
 
 ### How to allow the Nextcloud container to access directories on the host?
-By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 
 - Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
 - On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
@@ -425,29 +425,29 @@ Be aware though that these locations will not be covered by the built-in backup
 > If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
-By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
+By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
 
 ### How to adjust the max execution time for Nextcloud?
-By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
+By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
 
 ### How to adjust the PHP memory limit for Nextcloud?
-By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
 
 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
@@ -464,7 +464,7 @@ A list of supported device can be fond in [MESA 3D documentation](https://docs.m
 
 This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.
 
-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
 
 
 #### With proprietary drivers for Nvidia :warning: BETA
@@ -476,19 +476,19 @@ In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` t
 
 This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.
 
-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
 
 If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).
 
 ### How to keep disabled apps?
-In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
+In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
 > [!WARNING]  
 > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
 
 ### How to trust user-defined Certification Authorities (CA)?
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
 When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
@@ -521,7 +521,7 @@ docker run ^
 --publish 8443:8443 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
-nextcloud/all-in-one:latest
+ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -530,7 +530,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 > [!NOTE]  
 > It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
@@ -576,7 +576,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
@@ -785,7 +785,7 @@ Be aware that this solution does not back up files and folders that are mounted
 Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
 
 ### How to adjust borgs retention policy?
-The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
 ### How to migrate from AIO to AIO?
 If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere.
@@ -1037,7 +1037,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 > None of the option returns error codes. So you need to check for the correct result yourself.
 
 ### How to disable the backup section?
-If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
 ## Addons
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index a2b00abd..5835b283 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -26,7 +26,7 @@ sudo docker run \
 --env SKIP_DOMAIN_VALIDATION=false \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-nextcloud/all-in-one:latest
+ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
 <details>
@@ -45,7 +45,7 @@ nextcloud/all-in-one:latest
 - `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-- `nextcloud/all-in-one:latest` This is the docker container image that is used.
+- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
 - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
 
 </details>
@@ -231,7 +231,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
     You also need to adjust `<provider>` and `<key>` to match your case.
 
-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened).
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened).
 
 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.
 
@@ -845,7 +845,7 @@ sudo docker run \
 --env SKIP_DOMAIN_VALIDATION=false \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-nextcloud/all-in-one:latest
+ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
 Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -873,7 +873,7 @@ docker run ^
 --env SKIP_DOMAIN_VALIDATION=false ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
-nextcloud/all-in-one:latest
+ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.

From 23d0fd0cef46676b5351416b0f55b54ac2b2362d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Mar 2025 15:15:21 +0100
Subject: [PATCH 3060/3949] move szaimens community containers to ghcr.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/borgbackup-viewer/borgbackup-viewer.json | 2 +-
 community-containers/caddy/caddy.json                         | 2 +-
 community-containers/fail2ban/fail2ban.json                   | 2 +-
 community-containers/libretranslate/libretranslate.json       | 2 +-
 community-containers/local-ai/local-ai.json                   | 2 +-
 community-containers/scrutiny/scrutiny.json                   | 2 +-
 community-containers/smbserver/smbserver.json                 | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json
index 9b5c58e5..7f9bb0a0 100644
--- a/community-containers/borgbackup-viewer/borgbackup-viewer.json
+++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json
@@ -5,7 +5,7 @@
             "image_tag": "v1",
             "display_name": "Borg Backup Viewer",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer",
-            "image": "szaimen/aio-borgbackup-viewer",
+            "image": "ghcr.io/szaimen/aio-borgbackup-viewer",
             "internal_port": "5801",
             "ports": [
                 {
diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 47fef1db..d5f72cb8 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-caddy",
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
-            "image": "szaimen/aio-caddy",
+            "image": "ghcr.io/szaimen/aio-caddy",
             "image_tag": "v2",
             "internal_port": "443",
             "restart": "unless-stopped",
diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json
index dbc733d4..78bf0a85 100644
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-fail2ban",
             "display_name": "Fail2ban",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban",
-            "image": "szaimen/aio-fail2ban",
+            "image": "ghcr.io/szaimen/aio-fail2ban",
             "image_tag": "v1",
             "internal_port": "host",
             "restart": "unless-stopped",
diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json
index 80312a9a..98970db4 100644
--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-libretranslate",
             "display_name": "LibreTranslate",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
-            "image": "szaimen/aio-libretranslate",
+            "image": "ghcr.io/szaimen/aio-libretranslate",
             "image_tag": "v1",
             "internal_port": "5000",
             "restart": "unless-stopped",
diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 6242a3b9..8e2aedb3 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-local-ai",
             "display_name": "Local AI",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
-            "image": "szaimen/aio-local-ai",
+            "image": "ghcr.io/szaimen/aio-local-ai",
             "image_tag": "v2",
             "internal_port": "8080",
             "restart": "unless-stopped",
diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json
index 7fe369c5..4b368291 100644
--- a/community-containers/scrutiny/scrutiny.json
+++ b/community-containers/scrutiny/scrutiny.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-scrutiny",
             "display_name": "Scrutiny",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
-            "image": "szaimen/aio-scrutiny",
+            "image": "ghcr.io/szaimen/aio-scrutiny",
             "image_tag": "v1",
             "internal_port": "8000",
             "init": false,
diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json
index c6269134..d095eb7a 100644
--- a/community-containers/smbserver/smbserver.json
+++ b/community-containers/smbserver/smbserver.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-smbserver",
             "display_name": "SMB-server",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver",
-            "image": "szaimen/aio-smbserver",
+            "image": "ghcr.io/szaimen/aio-smbserver",
             "image_tag": "v1",
             "internal_port": "5803",
             "restart": "unless-stopped",

From 627c2d3192feba2f4ba562cb5f62e20ad0408aaa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Mar 2025 04:38:04 +0000
Subject: [PATCH 3061/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.17.3 to 8.17.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8cdaef6a..2299f0f5 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.3
+FROM elasticsearch:8.17.4
 
 USER root
 

From d3ac48f352340a928c903ee3fa176ec77547340a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 10:45:15 +0100
Subject: [PATCH 3062/3949] add a note to `NEXTCLOUD_TRUSTED_CACERTS_DIR`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 0eb92033..2b0f731a 100644
--- a/readme.md
+++ b/readme.md
@@ -486,6 +486,9 @@ In certain situations you might want to keep Nextcloud apps that are disabled in
 > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
 
 ### How to trust user-defined Certification Authorities (CA)?
+> [!NOTE]
+> Please note, that this feature is only intended to make LDAPS connections with self-signed certificates work. It will not make other interconnectivity between the different containers work, as they expect a valid publicly trusted certificate like one from Let's Encrypt.
+
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
 
 You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.

From 9e0f5b31d202930f64d7c76af40f5ceae398a700 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 26 Mar 2025 12:21:45 +0100
Subject: [PATCH 3063/3949] fix #6230

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/clamav/supervisord.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 8f5c81a1..8f53856a 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=freshclam --foreground --stdout --daemon
+command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf
 
 [program:clamd]
 stdout_logfile=/dev/stdout

From ca151e86ac2b40b34abdd601ac47eff0d4b8043e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 18:27:44 +0100
Subject: [PATCH 3064/3949] watchtower: install from github repo to fix some
 security issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/watchtower/Dockerfile | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 8bd5da34..a6940d40 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,14 +1,18 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.7.1 AS watchtower
+FROM golang:1.24.1-alpine3.21 AS go
+
+RUN set -ex; \
+    apk add --no-cache \
+        build-base; \
+    go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b;
 
 FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache bash
+    apk add --no-cache bash ca-certificates tzdata
 
-COPY --from=watchtower /watchtower /watchtower
+COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower
 
 COPY --chmod=775 start.sh /start.sh
 

From c5a9da8bb37c131cbbd2d71529345c7fc3123663 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 18:39:32 +0100
Subject: [PATCH 3065/3949] run apk upgrade everywhere

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/imaginary/Dockerfile  | 3 ++-
 Containers/talk/Dockerfile       | 1 +
 Containers/watchtower/Dockerfile | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 9d2fd11d..cb6dbbe5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,9 +1,10 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.1-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         vips-dev \
         vips-magick \
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 915b4789..00d2153f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -7,6 +7,7 @@ FROM alpine:3.21.3 AS janus
 ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         ca-certificates \
         git \
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index a6940d40..aad4f935 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -2,6 +2,7 @@
 FROM golang:1.24.1-alpine3.21 AS go
 
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
     go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b;

From 80920778fbc5a5cf08e279ab228b9bc1e3be0790 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 18:55:50 +0100
Subject: [PATCH 3066/3949] update update-helm with correct syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 83c35135..0a97ee87 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,9 +14,11 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')"
+          set -x
+          GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
           DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
+          set +x
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi

From 25c580bca370eaead5f1fad9d3842a9c49562dff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 19:00:31 +0100
Subject: [PATCH 3067/3949] fix update-helm by removing spaces

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 0a97ee87..75aaceb5 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           set -x
           GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
-          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           set +x
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then

From f415bba72b4e83e9c76524858d465035802c688e Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Wed, 26 Mar 2025 21:28:05 +0100
Subject: [PATCH 3068/3949] link to borg logs while borg is running

Not sure if mastercontainer is wanted, but I think it should link to borgs logs

Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ce8a59cb..42860e6d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -60,7 +60,7 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}

From 9a9ea694b2685d864aea5586b1d360bb72348e51 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 23:38:00 +0100
Subject: [PATCH 3069/3949] helm-chart: move alpine init-container image to
 containers folder

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/alpine/Dockerfile            | 5 +++++
 nextcloud-aio-helm-chart/update-helm.sh | 8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 Containers/alpine/Dockerfile

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
new file mode 100644
index 00000000..48f2b46a
--- /dev/null
+++ b/Containers/alpine/Dockerfile
@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:latest
+FROM alpine:3.21
+
+RUN set -ex; \
+    apk upgrade --no-cache -a
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 5ac19095..02a2c17d 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
           command:
             - mkdir
             - "-p"
@@ -94,7 +94,7 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
           command:
             - mkdir
             - "-p"
@@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
           command:
             - chmod
             - "777"

From 62b03a1de20f451f940117d15599a14be0e2d718 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 27 Mar 2025 06:29:03 +0100
Subject: [PATCH 3070/3949] Apply suggestion

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zoey <zoey@z0ey.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 42860e6d..66ebb121 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -60,7 +60,7 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}

From 0f92f8e40cbff12043b28b6f703319f619bc165a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 27 Mar 2025 12:03:21 +0000
Subject: [PATCH 3071/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 3d104f43..a8bdb0be 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -19,7 +19,7 @@ services:
       nextcloud-aio-whiteboard:
         condition: service_started
         required: false
-    image: nextcloud/aio-apache:latest
+    image: ghcr.io/nextcloud-releases/aio-apache:latest
     user: "33"
     init: true
     healthcheck:
@@ -60,7 +60,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-database:
-    image: nextcloud/aio-postgresql:latest
+    image: ghcr.io/nextcloud-releases/aio-postgresql:latest
     user: "999"
     init: true
     healthcheck:
@@ -110,7 +110,7 @@ services:
       nextcloud-aio-imaginary:
         condition: service_started
         required: false
-    image: nextcloud/aio-nextcloud:latest
+    image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
     init: true
     healthcheck:
       start_period: 0s
@@ -185,7 +185,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-notify-push:
-    image: nextcloud/aio-notify-push:latest
+    image: ghcr.io/nextcloud-releases/aio-notify-push:latest
     user: "33"
     init: true
     healthcheck:
@@ -216,7 +216,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-redis:
-    image: nextcloud/aio-redis:latest
+    image: ghcr.io/nextcloud-releases/aio-redis:latest
     user: "999"
     init: true
     healthcheck:
@@ -240,7 +240,7 @@ services:
 
   nextcloud-aio-collabora:
     command: ${ADDITIONAL_COLLABORA_OPTIONS}
-    image: nextcloud/aio-collabora:latest
+    image: ghcr.io/nextcloud-releases/aio-collabora:latest
     init: true
     healthcheck:
       start_period: 60s
@@ -268,7 +268,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-talk:
-    image: nextcloud/aio-talk:latest
+    image: ghcr.io/nextcloud-releases/aio-talk:latest
     user: "1000"
     init: true
     healthcheck:
@@ -306,7 +306,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-talk-recording:
-    image: nextcloud/aio-talk-recording:latest
+    image: ghcr.io/nextcloud-releases/aio-talk-recording:latest
     user: "122"
     init: true
     healthcheck:
@@ -336,7 +336,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-clamav:
-    image: nextcloud/aio-clamav:latest
+    image: ghcr.io/nextcloud-releases/aio-clamav:latest
     user: "100"
     init: false
     healthcheck:
@@ -367,7 +367,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-onlyoffice:
-    image: nextcloud/aio-onlyoffice:latest
+    image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
     init: true
     healthcheck:
       start_period: 60s
@@ -392,7 +392,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-imaginary:
-    image: nextcloud/aio-imaginary:latest
+    image: ghcr.io/nextcloud-releases/aio-imaginary:latest
     user: "65534"
     init: true
     healthcheck:
@@ -419,7 +419,7 @@ services:
       - /tmp
 
   nextcloud-aio-fulltextsearch:
-    image: nextcloud/aio-fulltextsearch:latest
+    image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
     init: false
     healthcheck:
       start_period: 60s
@@ -450,7 +450,7 @@ services:
       - NET_RAW
 
   nextcloud-aio-whiteboard:
-    image: nextcloud/aio-whiteboard:latest
+    image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
     user: "65534"
     init: true
     healthcheck:

From 55f77ade815f524838e404d9b7a83e70a55a059b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 27 Mar 2025 12:12:18 +0000
Subject: [PATCH 3072/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4ee8d0e2..7383256b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -14,7 +14,7 @@ ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
 # Define the commit hash for imagick as a variable
-ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
+ARG IMAGICK_COMMIT_HASH=ffa23eb0bc6796349dce12a984b3b70079e7bdd3
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
@@ -84,7 +84,7 @@ RUN set -ex; \
     pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
-    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
+    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
 #    pecl install -o imagick-3.7.0; \
 # Begin workaround ->
 # The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.

From dbe73ab0db8bc0d6144a4bad7429cba52c57b8c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Mar 2025 04:19:42 +0000
Subject: [PATCH 3073/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.0.2-cli to 28.0.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 12e4aaa2..394359b7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.0.2-cli AS docker
+FROM docker:28.0.4-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From 19ab4ae3087a3e4de542b95c19c50bd7dffc889b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 29 Mar 2025 12:02:52 +0000
Subject: [PATCH 3074/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 58 +++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 6d56b219..8df472da 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.2",
+            "version": "7.9.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "d281ed313b989f213357e3be1a179f02196ac99b"
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b",
-                "reference": "d281ed313b989f213357e3be1a179f02196ac99b",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                 "shasum": ""
             },
             "require": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.2"
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
             },
             "funding": [
                 {
@@ -130,20 +130,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-24T11:22:20+00:00"
+            "time": "2025-03-27T13:37:11+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.4",
+            "version": "2.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455"
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
-                "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
                 "shasum": ""
             },
             "require": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.4"
+                "source": "https://github.com/guzzle/promises/tree/2.2.0"
             },
             "funding": [
                 {
@@ -213,20 +213,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-17T10:06:22+00:00"
+            "time": "2025-03-27T13:27:01+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.7.0",
+            "version": "2.7.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201"
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
-                "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                 "shasum": ""
             },
             "require": {
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.7.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-07-18T11:15:46+00:00"
+            "time": "2025-03-27T12:30:47+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.3",
+            "version": "v2.0.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "f379c13663245f7aa4512a7869f62eb14095f23f"
+                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f379c13663245f7aa4512a7869f62eb14095f23f",
-                "reference": "f379c13663245f7aa4512a7869f62eb14095f23f",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
+                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-02-11T15:03:05+00:00"
+            "time": "2025-03-19T13:51:03+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -2939,16 +2939,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.17",
+            "version": "v6.4.20",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "799445db3f15768ecc382ac5699e6da0520a0a04"
+                "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/799445db3f15768ecc382ac5699e6da0520a0a04",
-                "reference": "799445db3f15768ecc382ac5699e6da0520a0a04",
+                "url": "https://api.github.com/repos/symfony/console/zipball/2e4af9c952617cc3f9559ff706aee420a8464c36",
+                "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36",
                 "shasum": ""
             },
             "require": {
@@ -3013,7 +3013,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.17"
+                "source": "https://github.com/symfony/console/tree/v6.4.20"
             },
             "funding": [
                 {
@@ -3029,7 +3029,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-07T12:07:30+00:00"
+            "time": "2025-03-03T17:16:38+00:00"
         },
         {
             "name": "symfony/filesystem",

From 0852b00cc8bda91aa3e5cc8d0c9277e849a77342 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 30 Mar 2025 17:53:42 +0200
Subject: [PATCH 3075/3949] borg: exclude lost+found directory from backup

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 5c6ddd99..602ec586 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -191,7 +191,7 @@ if [ "$BORG_MODE" = backup ]; then
     fi
 
     # Exclude the nextcloud log and audit log for GDPR reasons
-    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
+    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found")
     BORG_INCLUDE=()
 
     # Exclude datadir if .noaiobackup file was found
@@ -405,6 +405,7 @@ if [ "$BORG_MODE" = restore ]; then
         --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
         --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
         --exclude "nextcloud_aio_mastercontainer/session/**" \
+        --exclude "nextcloud_aio_nextcloud_data/lost+found" \
         "${ADDITIONAL_RSYNC_EXCLUDES[@]}" \
         /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
             RESTORE_FAILED=1
@@ -459,6 +460,7 @@ if [ "$BORG_MODE" = restore ]; then
                         -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \
                         -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \
                         -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \
+                        -o -path "nextcloud_aio_nextcloud_data/lost+found" \
                         "${ADDITIONAL_FIND_EXCLUDES[@]}" \
                     \) \
                     | LC_ALL=C sort \

From 33fac7d67abc6ebec7cb37d3b7eb954c8536816d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 10:45:29 +0200
Subject: [PATCH 3076/3949] fix update-helm workflow

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml       | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 75aaceb5..acce2637 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           set -x
           GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
-          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           set +x
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 5ac19095..3e546856 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -505,7 +505,7 @@ cat << EOL > /tmp/security.conf
           {{- end }} # AIO-config - do not change this comment!
 EOL
 # shellcheck disable=SC1083
-find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/nextcloud\/aio-nextcloud:.*/r /tmp/security.conf" \{} \; 
+find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/image: .*nextcloud.*aio-nextcloud:.*/r /tmp/security.conf" \{} \; 
 
 chmod 777 -R ./
 

From f88b123cc3c8ccff4e9ff6964e93060bf8f32157 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 31 Mar 2025 08:46:12 +0000
Subject: [PATCH 3077/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 nextcloud-aio-helm-chart/values.yaml                          | 1 +
 15 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index a9de2ae8..8fd3a53d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.9.0
+version: 10.10.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index b4e9e01c..ea4393f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-apache:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e1921203..9c55ce9d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 38d34bd0..4a904d2a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 4d400202..cf138dd0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 0de772be..e081ffd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 5c922d36..2a53ffdb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 496cfed1..f664091c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -80,6 +80,8 @@ spec:
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
+            - name: NEXTCLOUD_SKELETON_DIRECTORY
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
             - name: ADDITIONAL_APKS
@@ -180,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250331_082515
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b02d5d85..fb5412fe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-notify-push:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 2a9db83a..483b6250 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 439ab944..fc8eb5ed 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-redis:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 755a2f6a..dc61ebd5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-talk:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 1967ff34..98f9e38c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 7d51f181..a319522a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250325_084656
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250331_082515
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f0897240..5bd7e582 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -60,6 +60,7 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
+NEXTCLOUD_SKELETON_DIRECTORY:        # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
 NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.

From 1a5efefd6258428f07bd60302dc90ff972f3e707 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 10:49:29 +0200
Subject: [PATCH 3078/3949] revert imagick commit hash

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 7383256b..ca56945d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -14,7 +14,7 @@ ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
 # Define the commit hash for imagick as a variable
-ARG IMAGICK_COMMIT_HASH=ffa23eb0bc6796349dce12a984b3b70079e7bdd3
+ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude

From 242179f079232b99745e7b102643aad7a00fa8f2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 10:58:22 +0200
Subject: [PATCH 3079/3949] alpine dockerfile: change tag to 3.21.2 and add
 dependabot

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml       | 1 +
 Containers/alpine/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 38d4ad6d..0caaabfb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -22,6 +22,7 @@ updates:
   - dependencies
 - package-ecosystem: "docker"
   directories:
+    - "/Containers/alpine"
     - "/Containers/apache"
     - "/Containers/borgbackup"
     - "/Containers/clamav"
diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 48f2b46a..86948845 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21
+FROM alpine:3.21.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 95491af7bd53955256dba7622abed51062623ae9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Mar 2025 09:00:37 +0000
Subject: [PATCH 3080/3949] build(deps): bump alpine from 3.21.2 to 3.21.3 in
 /Containers/alpine

Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 86948845..b690b530 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
+FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 496365e107d26c90d22afb407fee2fa3bac28e68 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 11:01:20 +0200
Subject: [PATCH 3081/3949] also use ghcr image for vaultwarden

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/vaultwarden/vaultwarden.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json
index 15f2114d..b94996fc 100644
--- a/community-containers/vaultwarden/vaultwarden.json
+++ b/community-containers/vaultwarden/vaultwarden.json
@@ -4,7 +4,7 @@
             "container_name": "nextcloud-aio-vaultwarden",
             "display_name": "Vaultwarden",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden",
-            "image": "vaultwarden/server",
+            "image": "ghcr.io/dani-garcia/vaultwarden",
             "image_tag": "alpine",
             "internal_port": "8812",
             "restart": "unless-stopped",

From 631253ef71c7353586f79378b1fd116f0f4b1e68 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 11:03:43 +0200
Subject: [PATCH 3082/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index aad4f935..1b83fe17 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -13,7 +13,7 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash ca-certificates tzdata
 
-COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower
+COPY --from=go /go/bin/watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 

From c0835f49a975730e9042090032f0a4a4cd11da80 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 11:47:04 +0200
Subject: [PATCH 3083/3949] increase to 10.11.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 66ebb121..a92d1e08 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.10.0</h1>
+            <h1>Nextcloud AIO v10.11.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d04d7c9fab979a4ffd1a5453d0a9803f188cd64f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 31 Mar 2025 12:03:03 +0000
Subject: [PATCH 3084/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index cb6dbbe5..70c21702 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.1-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From ae5f4b7999e4b8ca596e22218b7e9a805cfafd59 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 14:37:14 +0200
Subject: [PATCH 3085/3949] collabora: fix permissions for
 /etc/coolwsd/coolwsd.xml file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9c487a4..c6b65ff8 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -14,7 +14,9 @@ RUN set -ex; \
 #        # tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*;
+    rm -rf /var/lib/apt/lists/*; \
+# Fix permissions for coolwsd.xml file. See https://github.com/CollaboraOnline/online/issues/11345
+    chmod +r /etc/coolwsd/coolwsd.xml
 
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 

From d501b7cfcbe07ba627adca571a2541a572f09ff8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 14:42:41 +0200
Subject: [PATCH 3086/3949] fix detail in update helm script

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index e9e8a476..7bf6d48a 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
           command:
             - mkdir
             - "-p"
@@ -94,7 +94,7 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
           command:
             - mkdir
             - "-p"
@@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
           command:
             - chmod
             - "777"

From f0fd6bb44599715aedbd795937197d1efeb2aceb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 15:11:03 +0200
Subject: [PATCH 3087/3949] collabora: fix permissions correctly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index c6b65ff8..26e9aa97 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
+# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
 FROM collabora/code:24.04.13.2.1
 
 USER root
@@ -10,17 +10,13 @@ RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-#        # Disable because seems to be failing currently
-#        # tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*; \
-# Fix permissions for coolwsd.xml file. See https://github.com/CollaboraOnline/online/issues/11345
-    chmod +r /etc/coolwsd/coolwsd.xml
+    rm -rf /var/lib/apt/lists/*;
 
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-USER 100
+USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"

From c01148811109daa5e139229830c3348cfb45842e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 31 Mar 2025 16:02:30 +0200
Subject: [PATCH 3088/3949] mastercontainer: remove check for nextcloud.com as
 we check for ghcr.io instead

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index dff289d3..f361cdcc 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -272,17 +272,6 @@ It is set to '$AIO_COMMUNITY_CONTAINERS'."
     fi
 fi
 
-# Check DNS resolution
-# Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
-curl https://nextcloud.com &>/dev/null
-if [ "$?" = 6 ]; then
-    print_red "Could not resolve the host nextcloud.com."
-    echo "Most likely the DNS resolving does not work."
-    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
-    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
-    exit 1
-fi
-
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
 if ! curl https://ghcr.io &>/dev/null; then

From 3dd5407301464e447cf9f39516de1d7408cd2152 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Apr 2025 22:25:34 +0200
Subject: [PATCH 3089/3949] mastercontainer: improve check for ghcr.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index dff289d3..0c815464 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -285,10 +285,11 @@ fi
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://ghcr.io &>/dev/null; then
+if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
     print_red "Could not reach https://ghcr.io."
     echo "Most likely is something blocking access to it."
-    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
     exit 1
 fi
 

From 855a1d00dca20f463832ed541d1fce438e783a81 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Apr 2025 04:38:53 +0000
Subject: [PATCH 3090/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.1-alpine3.21 to 1.24.2-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 70c21702..08b03bd7 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.1-alpine3.21 AS go
+FROM golang:1.24.2-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From df402362179eade787248bafe6ed6f16f0cf8538 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Apr 2025 04:39:41 +0000
Subject: [PATCH 3091/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.24.1-alpine3.21 to 1.24.2-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 1b83fe17..2f204010 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.1-alpine3.21 AS go
+FROM golang:1.24.2-alpine3.21 AS go
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 6dac9179368260afb99a522b70059b31590f5780 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Apr 2025 11:09:06 +0200
Subject: [PATCH 3092/3949] libretranslate-cc: add warning that it is
 deprecated

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/libretranslate/readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md
index ffab72ab..f9893f34 100644
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -1,6 +1,11 @@
 ## LibreTranslate
 This container bundles LibreTranslate and auto-configures it for you.
 
+> [!WARNING]
+> The LibreTranslate container and app is deprecated!
+> Please use the [translate2 app](https://apps.nextcloud.com/apps/translate2) instead.
+> You can activate it by first enabling the Docker-Socket-Proxy in the AIO-interface and then heading over to `https://your-nc-domain.com/settings/apps/tools` and installing and enabling the `Local Machine Translation` app.
+
 ### Notes
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash

From a5c44aae9a7c718d80d6afb0f25f97f44f110d59 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 7 Apr 2025 19:07:34 +0200
Subject: [PATCH 3093/3949] rp-docs: fix apache config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 5835b283..f3c11cfb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -139,7 +139,8 @@ Add this as a new Apache site config:
     RequestHeader set X-Real-IP %{REMOTE_ADDR}s
     AllowEncodedSlashes NoDecode
     
-    ProxyPass / http://localhost:11000/ nocanon # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    # Adjust the value below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    ProxyPass / http://localhost:11000/ nocanon
     ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
     
     RewriteCond %{HTTP:Upgrade} websocket [NC]

From 3345e9a357347eb305c8e4a90cd28e89e206f367 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 7 Apr 2025 19:24:06 +0200
Subject: [PATCH 3094/3949] rp-docs-apache: adjust comment

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index f3c11cfb..ea9ac15a 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -139,9 +139,9 @@ Add this as a new Apache site config:
     RequestHeader set X-Real-IP %{REMOTE_ADDR}s
     AllowEncodedSlashes NoDecode
     
-    # Adjust the value below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
     ProxyPass / http://localhost:11000/ nocanon
-    ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    ProxyPassReverse / http://localhost:11000/
     
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]

From 4eed6b6f384cde5faa6371ffa4be2d1398e3b422 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 8 Apr 2025 08:20:51 +0000
Subject: [PATCH 3095/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8fd3a53d..2ba246ce 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.10.0
+version: 10.11.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index ea4393f7..53439546 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-apache:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 9c55ce9d..f06a63ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 4a904d2a..25061be0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index cf138dd0..92eb8d4a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index e081ffd5..5a72365b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2a53ffdb..b5955c9f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index f664091c..459dd03e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250408_081359
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fb5412fe..6cca990d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 483b6250..f7599ca9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index fc8eb5ed..57db6a8c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-redis:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index dc61ebd5..5b56aec0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-talk:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 98f9e38c..dc43a31b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250408_081359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index a319522a..a86d8f63 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250408_081359
           readinessProbe:
             exec:
               command:

From 7ce74e36e661a55b9138a7435d1e59a3fdada2e9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Apr 2025 10:30:33 +0200
Subject: [PATCH 3096/3949] fix detail with new aio-alpine syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh                   | 8 ++++----
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index f06a63ce..064d1a57 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
           command:
             - mkdir
             - "-p"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 92eb8d4a..1321b9cd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
           command:
             - mkdir
             - "-p"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 5a72365b..b877358e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 459dd03e..793f3be3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index f7599ca9..20d0d426 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
           command:
             - chmod
             - "777"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 7bf6d48a..b7da966f 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - mkdir
             - "-p"
@@ -94,7 +94,7 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - mkdir
             - "-p"
@@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - chmod
             - "777"

From 25c31323c647c0d05127258aadb91cbe6b58dd56 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 8 Apr 2025 12:03:09 +0000
Subject: [PATCH 3097/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 8df472da..7e683c8b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2210,26 +2210,29 @@
         },
         {
             "name": "doctrine/deprecations",
-            "version": "1.1.4",
+            "version": "1.1.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/doctrine/deprecations.git",
-                "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9"
+                "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/31610dbb31faa98e6b5447b62340826f54fbc4e9",
-                "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9",
+                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38",
+                "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.1 || ^8.0"
             },
+            "conflict": {
+                "phpunit/phpunit": "<=7.5 || >=13"
+            },
             "require-dev": {
-                "doctrine/coding-standard": "^9 || ^12",
-                "phpstan/phpstan": "1.4.10 || 2.0.3",
+                "doctrine/coding-standard": "^9 || ^12 || ^13",
+                "phpstan/phpstan": "1.4.10 || 2.1.11",
                 "phpstan/phpstan-phpunit": "^1.0 || ^2",
-                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6 || ^10.5 || ^11.5 || ^12",
                 "psr/log": "^1 || ^2 || ^3"
             },
             "suggest": {
@@ -2249,9 +2252,9 @@
             "homepage": "https://www.doctrine-project.org/",
             "support": {
                 "issues": "https://github.com/doctrine/deprecations/issues",
-                "source": "https://github.com/doctrine/deprecations/tree/1.1.4"
+                "source": "https://github.com/doctrine/deprecations/tree/1.1.5"
             },
-            "time": "2024-12-07T21:18:45+00:00"
+            "time": "2025-04-07T20:06:18+00:00"
         },
         {
             "name": "felixfbecker/advanced-json-rpc",

From 9d9ef6e4b8ceb58d2d27a4340b2fe1f4ad62ecfa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Apr 2025 05:00:12 +0000
Subject: [PATCH 3098/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.0-scratch to 2.11.1-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.1-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 00d2153f..ce2b545b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.0-scratch AS nats
+FROM nats:2.11.1-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus

From 72fe74da71e772d4164d205e1f1fcb08fcc7d7ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Apr 2025 12:57:07 +0000
Subject: [PATCH 3099/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc...f9f8ef3f634144b126a09ea5b3bfe51ddebc700f)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 28946230..13a69609 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc # v2
+        uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2
         with:
           continue-after-seconds: 180
         env:

From b82943046d29941d9e47bf6f2dd5e304f114637c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 9 Apr 2025 16:32:15 +0200
Subject: [PATCH 3100/3949] daily-backup.sh: connect mastercontainer to
 nextcloud-aio network

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 56302c80..13c0ad85 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -20,6 +20,11 @@ APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" |
 if [ -z "$APACHE_PORT" ]; then
     echo "APACHE_PORT is not set which is not expected..."
 else
+    # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
+    # Prevent issues like https://github.com/nextcloud/all-in-one/discussions/5222
+    docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
+
+    # Wait for apache to start
     while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
         echo "Waiting for apache to become available"
         sleep 30

From b05d22aa8101696a26fd75799c96d8823a69463e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Apr 2025 05:08:57 +0000
Subject: [PATCH 3101/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.2-alpine3.21 to 3.13.3-alpine3.21.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.3-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index bc971ab4..bfdc1f59 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.2-alpine3.21
+FROM python:3.13.3-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 71b932e910a0e55dd258a8a5dd3e6863ce4f2abb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Apr 2025 12:45:18 +0200
Subject: [PATCH 3102/3949] aio-interface: daily-backup: remove the pre-filled
 value

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a92d1e08..4d20ef7a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -509,7 +509,7 @@
                                             {% if daily_backup_time == "" %}
                                                 <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
                                                 <form method="POST" action="/api/configuration" class="xhr">
-                                                    <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                                    <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Submit backup time" /><br>

From 417af36b5ff11f8b5610febad44450c9d6099cec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Apr 2025 13:18:16 +0200
Subject: [PATCH 3103/3949] aio-interface: describe that the submit button
 needs to be pressed in a few places

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig                   | 14 +++++++-------
 php/templates/includes/optional-containers.twig |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4d20ef7a..7dc7308a 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -101,7 +101,7 @@
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
-                            <p>Please type the domain that will be used for Nextcloud.</p>
+                            <p>Please type in the domain that will be used for Nextcloud and submit it.</p>
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
@@ -192,7 +192,7 @@
                                 <p>
                                 Please enter the location of the backup archive on your host or a
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
-                                if stored remotely; and the encryption password of the backup archive below:
+                                if stored remotely; and the encryption password of the backup archive below and submit all values:
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
@@ -364,10 +364,10 @@
                         {% else %}
                             {% if is_backup_container_running == false and not hasBackupLocation and isApacheStarting != true %}
                                 <h2>Backup and restore</h2>
-                                <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
+                                <p>Please enter the directory path below where backups will be created on the host system and submit it. It's best to choose a location on a separate drive and not on your root drive.</p>
                                 <p>
                                 To store backups remotely instead, fill in the
-                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
+                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -507,7 +507,7 @@
 
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
-                                                <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
+                                                <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
                                                 <form method="POST" action="/api/configuration" class="xhr">
                                                     <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -531,7 +531,7 @@
                                             {% endif %}
 
                                             <h3>Back up additional directories and docker volumes of your host</h3>
-                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
+                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -584,7 +584,7 @@
                         {% else %}
                             {% if timezone == "" %}
                                 <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
-                                <p>You can configure the timezone for Nextcloud below:</p>
+                                <p>You can configure the timezone for Nextcloud below (Do not forget to submit the value!):</p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 16fef91f..f206a602 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -184,7 +184,7 @@
 
     {% if collabora_additional_options == "" %}
         <p>You can configure additional options for collabora below.</p>
-        <p>(This can be used for configuring the net.content_security_policy and more)</p>
+        <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
         <form method="POST" action="/api/configuration" class="xhr">
             <input type="text" name="collabora_additional_options" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">

From ae0077818080944b302455e344254a501dbe7705 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Apr 2025 13:44:20 +0200
Subject: [PATCH 3104/3949] aio-interface: improve description of daily-backup
 buttons

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 7dc7308a..95ce7976 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -512,7 +512,7 @@
                                                     <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Submit backup time" /><br>
+                                                    <input type="submit" value="Submit daily backup time and settings" /><br>
                                                     <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
                                                     <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
                                                 </form>
@@ -526,7 +526,7 @@
                                                     <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Disable or change daily backups" />
+                                                    <input type="submit" value="Disable or change daily backup settings" />
                                                 </form>
                                             {% endif %}
 

From 9550135e3ad00cc515dd163449edf6bb8e1789bb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 11 Apr 2025 11:07:20 +0200
Subject: [PATCH 3105/3949] nextcloud: update to 30.0.9

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index ca56945d..2b50b4de 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.8
+ENV NEXTCLOUD_VERSION=30.0.9
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From cc0ff393577d634b6d08c00b9676315c1892f5a6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 11 Apr 2025 11:14:10 +0200
Subject: [PATCH 3106/3949] increase to 10.12.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 95ce7976..f0926812 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.11.0</h1>
+            <h1>Nextcloud AIO v10.12.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 9f5710917d3cdc822333f19854b23f8921b4f4eb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 11 Apr 2025 12:50:07 +0200
Subject: [PATCH 3107/3949] restore-instance test: try to fix timeout problem

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/restore-instance.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index 189acd0e..217218e5 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -60,7 +60,7 @@ test('Restore instance', async ({ page: setupPage }) => {
   await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
   await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:');
+  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 });
 
   // Verify a successful backup restore
   await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 });

From 0a5fecad4b97a32d3a7249b48ab3aa1e49f6428d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 04:27:02 +0000
Subject: [PATCH 3108/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.13.2.1 to 24.04.13.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 24.04.13.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 26e9aa97..098e2cd5 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:24.04.13.2.1
+FROM collabora/code:24.04.13.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From d55b13f9746b283c432315ee07cd1e46a7a0ca68 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 04:27:32 +0000
Subject: [PATCH 3109/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.3.19-fpm-alpine3.21 to 8.3.20-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.20-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 394359b7..c387b6e3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.0.4-cli AS docker
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.19-fpm-alpine3.21
+FROM php:8.3.20-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From 0508331fb4a177e97bfc8a1ace1c2b1823281ead Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 04:27:47 +0000
Subject: [PATCH 3110/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.19-fpm-alpine3.21 to 8.3.20-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.20-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2b50b4de..f2334407 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.19-fpm-alpine3.21
+FROM php:8.3.20-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 3146735cc09bf4c2667633c5eb04b89dc7e627a8 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 14 Apr 2025 12:03:23 +0000
Subject: [PATCH 3111/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7e683c8b..e4f08795 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2580,16 +2580,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.1",
+            "version": "5.6.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8"
+                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8",
-                "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/92dde6a5919e34835c506ac8c523ef095a95ed62",
+                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62",
                 "shasum": ""
             },
             "require": {
@@ -2638,9 +2638,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.1"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.2"
             },
-            "time": "2024-12-07T09:39:29+00:00"
+            "time": "2025-04-13T19:20:35+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",

From 0c76d14fcb92c7a904e3412a8ddeecf9d3ff3234 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 15 Apr 2025 14:56:16 +0200
Subject: [PATCH 3112/3949] DockerActionManager: fix Nextcloud is oudated
 notification

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 71242d92..16f28e52 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -1030,8 +1030,8 @@ readonly class DockerActionManager {
         return false;
     }
 
-    private function GetCreatedTimeOfNextcloudImage(): ?string {
-        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+    private function GetCreatedTimeOfNextcloudImage(string $imageName): ?string {
+        $imageName = $imageName . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
             $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
@@ -1052,7 +1052,11 @@ readonly class DockerActionManager {
     }
 
     public function isNextcloudImageOutdated(): bool {
-        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage('ghcr.io/nextcloud-releases/aio-nextcloud');
+
+        if ($createdTime === null) {
+            $createdTime = $this->GetCreatedTimeOfNextcloudImage('nextcloud/aio-nextcloud');
+        }
 
         if ($createdTime === null) {
             return false;

From 0ec6fd111751c33c2bdbc349f114ec07056b8ef9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Apr 2025 13:13:35 +0000
Subject: [PATCH 3113/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.32.0 to 2.33.0.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/9e72090525849c5e82e596468b86eb55e9cc5401...cf4cade2721270509d5b1c766ab3549210a39a2a)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 017828d6..8805c146 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+    - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
       with:
         php-version: 8.3
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9f17d7fa..5dc44824 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 50e57bc3..9a0995b1 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 9e77421c..086bc036 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index a4a5cfdf..f653f81c 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
           php-version: 8.3
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 7f0d3671..4f55c0e0 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
           php-version: 8.3
           extensions: apcu

From a47be369e9fec58e1146b877a38a5d6fccebae4a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 16 Apr 2025 11:49:21 +0200
Subject: [PATCH 3114/3949] borgbackup: always use the progress option when
 creating an archive

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 602ec586..d680071e 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -185,10 +185,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd")
-    if [ "$NEW_REPOSITORY" = 1 ]; then
-        BORG_OPTS+=(--progress)
-    fi
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --progress)
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found")

From 1c4fa05601e9c0d586149c3c7c8a739e22640462 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 16 Apr 2025 13:43:21 +0200
Subject: [PATCH 3115/3949] Update update-helm.sh: remove some default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index b7da966f..01c07bad 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -303,7 +303,7 @@ cat << EOL > /tmp/additional.config
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
             - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL

From 5b5f49b00bb2a69174962e083d2cc3a3ecacab9e Mon Sep 17 00:00:00 2001
From: Andrey Borysenko <andrey18106x@gmail.com>
Date: Wed, 16 Apr 2025 16:58:02 +0300
Subject: [PATCH 3116/3949] feat: add image inspect rule

Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index defccda5..ba0eb75c 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -14,6 +14,8 @@ frontend http
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     # docker system _ping
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
+    # docker inspect image: GET images/%s/json
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
     # container inspect: GET containers/%s/logs

From 7b60313eaaef9562c6f0056d048b3a2e182a912a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Apr 2025 04:42:14 +0000
Subject: [PATCH 3117/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.17.4 to 8.18.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 2299f0f5..48a764f5 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.4
+FROM elasticsearch:8.18.0
 
 USER root
 

From ed0365c5977041f8f317f57cef4975f5cb0a1e35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Apr 2025 10:29:18 +0200
Subject: [PATCH 3118/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index ef21bb22..b7da779e 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.2.1
+FROM onlyoffice/documentserver:8.3.3.1
 
 # USER root is probably used
 

From f4b5dbe005b1a26fb4541035845bf7e05261ad4e Mon Sep 17 00:00:00 2001
From: Bastian Derigs <155444921+derigs@users.noreply.github.com>
Date: Thu, 17 Apr 2025 10:33:04 +0200
Subject: [PATCH 3119/3949] Update haproxy.cfg

Due to some testing its possible to install the agent via occ and the frontend by setting this on 60s. Lower values didn't work in my testing.

Signed-off-by: Bastian Derigs <155444921+derigs@users.noreply.github.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index defccda5..5ee17751 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -4,9 +4,9 @@ global
     maxconn 10
 
 defaults
-    timeout connect 10s
-    timeout client 10s
-    timeout server 10s
+    timeout connect 60s
+    timeout client 60s
+    timeout server 60s
 
 frontend http
     mode http

From 73197960c3650cbf2db9d29d808b5668802da906 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Apr 2025 10:45:08 +0200
Subject: [PATCH 3120/3949] nextcloud: update imagick to 3.8.0 and revert
 imagick workaround

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/nextcloud-update.yml |  6 ------
 Containers/nextcloud/Dockerfile        | 18 +-----------------
 2 files changed, 1 insertion(+), 23 deletions(-)

diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 914a4435..96ecef69 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -60,12 +60,6 @@ jobs:
         )"
         sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile
 
-        # Imagick git-commit-hash from HEAD
-        imagick_commit_hash="$(
-          git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}'
-        )"
-        sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile
-
         # Igbinary
         igbinary_version="$(
           git ls-remote --tags https://github.com/igbinary/igbinary.git \
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2b50b4de..8a1ec4ce 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -13,9 +13,6 @@ ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
-# Define the commit hash for imagick as a variable
-ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
-
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
@@ -85,20 +82,7 @@ RUN set -ex; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
-#    pecl install -o imagick-3.7.0; \
-# Begin workaround ->
-# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.
-# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround.
-    apk add --no-cache --virtual .git-build-deps git \
-    && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \
-    && cd /tmp/imagick \
-    && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \
-    && git checkout ${IMAGICK_COMMIT_HASH} \
-    && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \
-    && phpize && ./configure && make && make install; \
-    apk del .git-build-deps; \
-    cd && rm -r /tmp/imagick; \
-# <- End workaround
+   pecl install -o imagick-3.8.0; \
     \
     docker-php-ext-enable \
         igbinary \

From 3f1c2384b786a8cffec44362a0112defe7030bc5 Mon Sep 17 00:00:00 2001
From: Bastian Derigs <155444921+derigs@users.noreply.github.com>
Date: Thu, 17 Apr 2025 10:49:38 +0200
Subject: [PATCH 3121/3949] Update haproxy.cfg

And since i forgott the 1800 and went with 30, 30, 30 here now the correct values.

Signed-off-by: Bastian Derigs <155444921+derigs@users.noreply.github.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 5ee17751..1153a886 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -4,9 +4,9 @@ global
     maxconn 10
 
 defaults
-    timeout connect 60s
-    timeout client 60s
-    timeout server 60s
+    timeout connect 30s
+    timeout client 30s
+    timeout server 1800s
 
 frontend http
     mode http

From a68223265f577411f9599a34db4c779e9b7b706e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Apr 2025 08:54:49 +0000
Subject: [PATCH 3122/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 +++---
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml      | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 2ba246ce..2ec3e7fa 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.11.0
+version: 10.12.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 53439546..b13ce4ed 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-apache:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 064d1a57..f4a40e78 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 25061be0..84c6683b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 1321b9cd..def1b838 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index b877358e..88966772 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index b5955c9f..505527af 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 793f3be3..e6b1ea7a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ spec:
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
             - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
             - name: ADDITIONAL_APKS
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250417_082355
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 6cca990d..fe83c87a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 20d0d426..d7c7aca1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 57db6a8c..5b17216d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-redis:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 5b56aec0..6b612f09 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-talk:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index dc43a31b..b7d3430c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250417_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index a86d8f63..65ae1958 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250408_081359
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250417_082355
           readinessProbe:
             exec:
               command:

From c8c150e4cdf853bba871ab54c694d3a12fe918e1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Apr 2025 11:58:51 +0200
Subject: [PATCH 3123/3949] nextcloud: update to 30.0.10

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index b01b1cbe..540c4e00 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.9
+ENV NEXTCLOUD_VERSION=30.0.10
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 0fc19bb19bc52a6188331700f1502085b5383aec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Apr 2025 17:31:00 +0200
Subject: [PATCH 3124/3949] increase to 10.13.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index f0926812..c3884fa3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.12.0</h1>
+            <h1>Nextcloud AIO v10.13.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From bd0ab4c9cc162fb6b84354f0a415b756805092dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Apr 2025 04:35:05 +0000
Subject: [PATCH 3125/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.6-alpine to 3.1.7-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.1.7-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index a01a7485..1480d292 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.6-alpine
+FROM haproxy:3.1.7-alpine
 
 # hadolint ignore=DL3002
 USER root

From 4616ea8cbd31ca2ecb0055195c04504253272fa7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 18 Apr 2025 14:04:45 +0200
Subject: [PATCH 3126/3949] Update dependency-updates.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 8805c146..4fc8083f 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   dependency_updates:
     name: Run dependency update script
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
     - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2

From 44ca709ac0e6c2179e2c753f5eee95ce9de98011 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Apr 2025 06:00:28 +0000
Subject: [PATCH 3127/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.0.4-cli to 28.1.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.1.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c387b6e3..d6e614d4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.0.4-cli AS docker
+FROM docker:28.1.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

From 62878cc6943b18971cacf722c4572f8254f2cd93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Apr 2025 04:25:43 +0000
Subject: [PATCH 3128/3949] build(deps): bump caddy in /Containers/apache

Bumps caddy from 2.9.1-alpine to 2.10.0-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.0-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 1f866552..aeb3b12d 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.9.1-alpine AS caddy
+FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.63-alpine3.21

From bc6d37b629dadd63268d8e1e4e936d168746f0ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Apr 2025 04:26:05 +0000
Subject: [PATCH 3129/3949] build(deps): bump caddy in
 /Containers/mastercontainer

Bumps caddy from 2.9.1-alpine to 2.10.0-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.0-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c387b6e3..72b1dc58 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -3,7 +3,7 @@
 FROM docker:28.0.4-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.9.1-alpine AS caddy
+FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
 FROM php:8.3.20-fpm-alpine3.21

From 2219994176bdcbaeae4cf839b665b9b423bc92f8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 22 Apr 2025 10:17:11 +0200
Subject: [PATCH 3130/3949] aio-interface: adjust addtional collabora options
 example

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index f206a602..53315b1c 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -191,7 +191,7 @@
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
             <input type="submit" value="Submit additional collabora options" />
         </form>
-        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy="frame-ancestors *.example.com:*;"</strong>.</p>
+        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
     {% else %}
         <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
         <form method="POST" action="/api/configuration" class="xhr">

From 4862342476a78ea809168d36f9a25b140b6adfdc Mon Sep 17 00:00:00 2001
From: Ben Iofel <1713819+benwaffle@users.noreply.github.com>
Date: Wed, 23 Apr 2025 00:59:02 -0400
Subject: [PATCH 3131/3949] Fix typo

Signed-off-by: Ben Iofel <1713819+benwaffle@users.noreply.github.com>
---
 php/templates/includes/aio-config.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig
index 981d7997..fbb70230 100644
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -16,7 +16,7 @@
 
     <p>
         {% if nextcloud_mount == '' %}
-            The Nextcloud container is confied and local external storage in Nextcloud is disabled.
+            The Nextcloud container is confined and local external storage in Nextcloud is disabled.
         {% else %}
             The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
         {% endif %}

From 7a92c00bacba5ba1721d51e38091b132a3d9cc91 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 24 Apr 2025 09:33:45 +0000
Subject: [PATCH 3132/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 2ec3e7fa..f0ce6c79 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.12.0
+version: 10.13.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index b13ce4ed..caadb3bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-apache:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index f4a40e78..a4da3bf9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 84c6683b..c3711fa7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index def1b838..43263de6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 88966772..b0d04339 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 505527af..384d5b05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e6b1ea7a..d0f05f04 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250424_092733
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fe83c87a..fcd5618e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d7c7aca1..c2a3c1be 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 5b17216d..51141e1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-redis:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 6b612f09..16d52411 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-talk:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index b7d3430c..57515214 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250424_092733
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 65ae1958..d5be0d85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250417_082355
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250424_092733
           readinessProbe:
             exec:
               command:

From 42c34ca18914dfdcc143f04aa6423c72407d11ae Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 24 Apr 2025 12:03:15 +0000
Subject: [PATCH 3133/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index e4f08795..8f8341f8 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.9",
+            "version": "7.0.10",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "d8480267f5cf239650debba704f3ecd15b638cde"
+                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d8480267f5cf239650debba704f3ecd15b638cde",
-                "reference": "d8480267f5cf239650debba704f3ecd15b638cde",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/0d1ed64126577e9a095b3204dcaee58cf76432c2",
+                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2",
                 "shasum": ""
             },
             "require": {
@@ -582,7 +582,7 @@
                 "friendsofphp/php-cs-fixer": "^3",
                 "friendsofphp/proxy-manager-lts": "^1",
                 "mnapoli/phpunit-easymock": "^1.3",
-                "phpunit/phpunit": "^9.6",
+                "phpunit/phpunit": "^9.6 || ^10 || ^11",
                 "vimeo/psalm": "^5|^6"
             },
             "suggest": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.9"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.10"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-02-28T12:46:35+00:00"
+            "time": "2025-04-22T08:53:15+00:00"
         },
         {
             "name": "php-di/slim-bridge",

From 6bf219de2587759335ecbbe66ac43be1b3d028e8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Apr 2025 15:02:06 +0200
Subject: [PATCH 3134/3949] nextcloud: restart netcat once a day to ensure that
 it stays reachable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/supervisord.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf
index 184074af..1db885e9 100644
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -39,5 +39,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nc -lk 9001
+# Restart the netcat command once a day to ensure that it stays reachable
+# See https://github.com/nextcloud/all-in-one/issues/6334
+command=timeout 86400 nc -lk 9001
 user=www-data

From 498e5a21869022ecfe2e51a972c8c25ff5bdf74a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Apr 2025 04:32:46 +0000
Subject: [PATCH 3135/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.7-alpine to 7.2.8-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.8-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 1b774ce5..2181f47a 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.7-alpine
+FROM redis:7.2.8-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 75aea9196243cc87c3f6ddb348b0c4a01f196d0f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 27 Apr 2025 19:50:59 +0200
Subject: [PATCH 3136/3949] fail2ban-cc: add example how to unban a specific
 ip-address

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/fail2ban/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index 851cb03c..cb78639c 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -4,6 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
 - If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
+- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

From bbab0cf41c488c4ba4359557e76bba77ad39f6a0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Apr 2025 04:55:53 +0000
Subject: [PATCH 3137/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.1-scratch to 2.11.2-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.2-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ce2b545b..ca4a7a89 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.1-scratch AS nats
+FROM nats:2.11.2-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus

From 1e7c19bcc60240e37592e66f1c212ae2f0314f82 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Apr 2025 10:52:56 +0200
Subject: [PATCH 3138/3949] manual-upgrade: adjust the docs to mention docker
 hub as well

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-upgrade.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/manual-upgrade.md b/manual-upgrade.md
index c1478953..84c742e5 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -35,13 +35,13 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 | To change                              | Replace with                                        |
 |----------------------------------------|-----------------------------------------------------|
-| `nextcloud/aio-nextcloud:latest`       | `nextcloud/aio-nextcloud:php{version}-latest`       |
-| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
 
 
 
- - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
+ - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
+ - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
  - Using nano and the arrow keys to navigate:
   - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
 6. Next, stop and remove the current container: 
@@ -94,8 +94,8 @@ Make **note** of the version which is compatible, rounding down to 1 digit after
  - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
 
 ##### 5. Find the correct container version
-In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
+In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
 
 ##### 6. Replace the container
 - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer

From 12fcefee7769f6c2cd4f3f3598db127cec1fc3d1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 29 Apr 2025 11:21:08 +0200
Subject: [PATCH 3139/3949] mastercontainer: update to php8.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/dependency-updates.yml      |    2 +-
 .github/workflows/lint-php.yml                |    2 +-
 .../workflows/php-deprecation-detector.yml    |    2 +-
 .github/workflows/psalm-update-baseline.yml   |    2 +-
 .github/workflows/psalm.yml                   |    2 +-
 .github/workflows/twig-lint.yml               |    2 +-
 Containers/mastercontainer/Dockerfile         |    4 +-
 php/composer.json                             |    6 +-
 php/composer.lock                             | 1371 +++++++++++++++--
 php/psalm-baseline.xml                        |  170 +-
 php/psalm.xml                                 |    1 +
 11 files changed, 1411 insertions(+), 153 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 4fc8083f..f6e1c99f 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
       with:
-        php-version: 8.3
+        php-version: 8.4
         extensions: apcu
     - name: Run dependency update script
       run: |
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 5dc44824..6a26c59d 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.3" ]
+        php-versions: [ "8.4" ]
 
     name: php-lint
 
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 9a0995b1..c890a112 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 086bc036..c18740c2 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index f653f81c..fb357a06 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
           ini-file: development
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 4f55c0e0..1af3a3cb 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ac841dbf..f9ae4118 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:28.1.1-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.20-fpm-alpine3.21
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
+FROM php:8.4.6-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/php/composer.json b/php/composer.json
index 17fa5097..892bdd5d 100644
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
 		}
 	},
 	"require": {
-		"php": "8.3.*",
+		"php": "8.4.*",
 		"ext-json": "*",
 		"ext-sodium": "*",
 		"ext-curl": "*",
@@ -20,7 +20,7 @@
 	},
 	"require-dev": {
 		"sserbin/twig-linter": "@dev",
-		"vimeo/psalm": "^5.25",
+		"vimeo/psalm": "^6.0",
 		"wapmorgan/php-deprecation-detector": "dev-master"
 	},
 	"scripts": {
@@ -33,6 +33,6 @@
 		"psalm:strict": "psalm --threads=1 --show-info=true",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
 		"lint:twig": "twig-linter lint ./templates",
-		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
+		"php-deprecation-detector": "phpdd scan -n -t 8.4 src/*.php src/**/*.php public/index.php"
 	}
 }
diff --git a/php/composer.lock b/php/composer.lock
index 8f8341f8..b1de606a 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "0e1d24f3fa776163acefdebc91da39d3",
+    "content-hash": "19598625395cc28e64f15d2719f8f98f",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1714,43 +1714,36 @@
     "packages-dev": [
         {
             "name": "amphp/amp",
-            "version": "v2.6.4",
+            "version": "v3.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/amp.git",
-                "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d"
+                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/amp/zipball/ded3d9be08f526089eb7ee8d9f16a9768f9dec2d",
-                "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d",
+                "url": "https://api.github.com/repos/amphp/amp/zipball/7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
+                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.1"
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
             },
             "require-dev": {
-                "amphp/php-cs-fixer-config": "dev-master",
-                "amphp/phpunit-util": "^1",
-                "ext-json": "*",
-                "jetbrains/phpstorm-stubs": "^2019.3",
-                "phpunit/phpunit": "^7 | ^8 | ^9",
-                "react/promise": "^2",
-                "vimeo/psalm": "^3.12"
+                "amphp/php-cs-fixer-config": "^2",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "5.23.1"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "2.x-dev"
-                }
-            },
             "autoload": {
                 "files": [
-                    "lib/functions.php",
-                    "lib/Internal/functions.php"
+                    "src/functions.php",
+                    "src/Future/functions.php",
+                    "src/Internal/functions.php"
                 ],
                 "psr-4": {
-                    "Amp\\": "lib"
+                    "Amp\\": "src"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -1758,10 +1751,6 @@
                 "MIT"
             ],
             "authors": [
-                {
-                    "name": "Daniel Lowrey",
-                    "email": "rdlowrey@php.net"
-                },
                 {
                     "name": "Aaron Piotrowski",
                     "email": "aaron@trowski.com"
@@ -1773,6 +1762,10 @@
                 {
                     "name": "Niklas Keller",
                     "email": "me@kelunik.com"
+                },
+                {
+                    "name": "Daniel Lowrey",
+                    "email": "rdlowrey@php.net"
                 }
             ],
             "description": "A non-blocking concurrency framework for PHP applications.",
@@ -1789,9 +1782,8 @@
                 "promise"
             ],
             "support": {
-                "irc": "irc://irc.freenode.org/amphp",
                 "issues": "https://github.com/amphp/amp/issues",
-                "source": "https://github.com/amphp/amp/tree/v2.6.4"
+                "source": "https://github.com/amphp/amp/tree/v3.1.0"
             },
             "funding": [
                 {
@@ -1799,41 +1791,45 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-03-21T18:52:26+00:00"
+            "time": "2025-01-26T16:07:39+00:00"
         },
         {
             "name": "amphp/byte-stream",
-            "version": "v1.8.2",
+            "version": "v2.1.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/byte-stream.git",
-                "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc"
+                "reference": "55a6bd071aec26fa2a3e002618c20c35e3df1b46"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/byte-stream/zipball/4f0e968ba3798a423730f567b1b50d3441c16ddc",
-                "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc",
+                "url": "https://api.github.com/repos/amphp/byte-stream/zipball/55a6bd071aec26fa2a3e002618c20c35e3df1b46",
+                "reference": "55a6bd071aec26fa2a3e002618c20c35e3df1b46",
                 "shasum": ""
             },
             "require": {
-                "amphp/amp": "^2",
-                "php": ">=7.1"
+                "amphp/amp": "^3",
+                "amphp/parser": "^1.1",
+                "amphp/pipeline": "^1",
+                "amphp/serialization": "^1",
+                "amphp/sync": "^2",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2.3"
             },
             "require-dev": {
-                "amphp/php-cs-fixer-config": "dev-master",
-                "amphp/phpunit-util": "^1.4",
-                "friendsofphp/php-cs-fixer": "^2.3",
-                "jetbrains/phpstorm-stubs": "^2019.3",
-                "phpunit/phpunit": "^6 || ^7 || ^8",
-                "psalm/phar": "^3.11.4"
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "5.22.1"
             },
             "type": "library",
             "autoload": {
                 "files": [
-                    "lib/functions.php"
+                    "src/functions.php",
+                    "src/Internal/functions.php"
                 ],
                 "psr-4": {
-                    "Amp\\ByteStream\\": "lib"
+                    "Amp\\ByteStream\\": "src"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -1862,7 +1858,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/byte-stream/issues",
-                "source": "https://github.com/amphp/byte-stream/tree/v1.8.2"
+                "source": "https://github.com/amphp/byte-stream/tree/v2.1.2"
             },
             "funding": [
                 {
@@ -1870,7 +1866,659 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-04-13T18:00:56+00:00"
+            "time": "2025-03-16T17:10:27+00:00"
+        },
+        {
+            "name": "amphp/cache",
+            "version": "v2.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/cache.git",
+                "reference": "46912e387e6aa94933b61ea1ead9cf7540b7797c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/cache/zipball/46912e387e6aa94933b61ea1ead9cf7540b7797c",
+                "reference": "46912e387e6aa94933b61ea1ead9cf7540b7797c",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/serialization": "^1",
+                "amphp/sync": "^2",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Amp\\Cache\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                },
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Daniel Lowrey",
+                    "email": "rdlowrey@php.net"
+                }
+            ],
+            "description": "A fiber-aware cache API based on Amp and Revolt.",
+            "homepage": "https://amphp.org/cache",
+            "support": {
+                "issues": "https://github.com/amphp/cache/issues",
+                "source": "https://github.com/amphp/cache/tree/v2.0.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-04-19T03:38:06+00:00"
+        },
+        {
+            "name": "amphp/dns",
+            "version": "v2.4.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/dns.git",
+                "reference": "78eb3db5fc69bf2fc0cb503c4fcba667bc223c71"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/dns/zipball/78eb3db5fc69bf2fc0cb503c4fcba667bc223c71",
+                "reference": "78eb3db5fc69bf2fc0cb503c4fcba667bc223c71",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/byte-stream": "^2",
+                "amphp/cache": "^2",
+                "amphp/parser": "^1",
+                "amphp/process": "^2",
+                "daverandom/libdns": "^2.0.2",
+                "ext-filter": "*",
+                "ext-json": "*",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "5.20"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Dns\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Chris Wright",
+                    "email": "addr@daverandom.com"
+                },
+                {
+                    "name": "Daniel Lowrey",
+                    "email": "rdlowrey@php.net"
+                },
+                {
+                    "name": "Bob Weinand",
+                    "email": "bobwei9@hotmail.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                },
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                }
+            ],
+            "description": "Async DNS resolution for Amp.",
+            "homepage": "https://github.com/amphp/dns",
+            "keywords": [
+                "amp",
+                "amphp",
+                "async",
+                "client",
+                "dns",
+                "resolve"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/dns/issues",
+                "source": "https://github.com/amphp/dns/tree/v2.4.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2025-01-19T15:43:40+00:00"
+        },
+        {
+            "name": "amphp/parallel",
+            "version": "v2.3.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/parallel.git",
+                "reference": "5113111de02796a782f5d90767455e7391cca190"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/5113111de02796a782f5d90767455e7391cca190",
+                "reference": "5113111de02796a782f5d90767455e7391cca190",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/byte-stream": "^2",
+                "amphp/cache": "^2",
+                "amphp/parser": "^1",
+                "amphp/pipeline": "^1",
+                "amphp/process": "^2",
+                "amphp/serialization": "^1",
+                "amphp/socket": "^2",
+                "amphp/sync": "^2",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.18"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/Context/functions.php",
+                    "src/Context/Internal/functions.php",
+                    "src/Ipc/functions.php",
+                    "src/Worker/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Parallel\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                },
+                {
+                    "name": "Stephen Coakley",
+                    "email": "me@stephencoakley.com"
+                }
+            ],
+            "description": "Parallel processing component for Amp.",
+            "homepage": "https://github.com/amphp/parallel",
+            "keywords": [
+                "async",
+                "asynchronous",
+                "concurrent",
+                "multi-processing",
+                "multi-threading"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/parallel/issues",
+                "source": "https://github.com/amphp/parallel/tree/v2.3.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-12-21T01:56:09+00:00"
+        },
+        {
+            "name": "amphp/parser",
+            "version": "v1.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/parser.git",
+                "reference": "3cf1f8b32a0171d4b1bed93d25617637a77cded7"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/parser/zipball/3cf1f8b32a0171d4b1bed93d25617637a77cded7",
+                "reference": "3cf1f8b32a0171d4b1bed93d25617637a77cded7",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.4"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Amp\\Parser\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "A generator parser to make streaming parsers simple.",
+            "homepage": "https://github.com/amphp/parser",
+            "keywords": [
+                "async",
+                "non-blocking",
+                "parser",
+                "stream"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/parser/issues",
+                "source": "https://github.com/amphp/parser/tree/v1.1.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-03-21T19:16:53+00:00"
+        },
+        {
+            "name": "amphp/pipeline",
+            "version": "v1.2.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/pipeline.git",
+                "reference": "7b52598c2e9105ebcddf247fc523161581930367"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
+                "reference": "7b52598c2e9105ebcddf247fc523161581930367",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.18"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Amp\\Pipeline\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "Asynchronous iterators and operators.",
+            "homepage": "https://amphp.org/pipeline",
+            "keywords": [
+                "amp",
+                "amphp",
+                "async",
+                "io",
+                "iterator",
+                "non-blocking"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/pipeline/issues",
+                "source": "https://github.com/amphp/pipeline/tree/v1.2.3"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2025-03-16T16:33:53+00:00"
+        },
+        {
+            "name": "amphp/process",
+            "version": "v2.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/process.git",
+                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/process/zipball/52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
+                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/byte-stream": "^2",
+                "amphp/sync": "^2",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.4"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Process\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Bob Weinand",
+                    "email": "bobwei9@hotmail.com"
+                },
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "A fiber-aware process manager based on Amp and Revolt.",
+            "homepage": "https://amphp.org/process",
+            "support": {
+                "issues": "https://github.com/amphp/process/issues",
+                "source": "https://github.com/amphp/process/tree/v2.0.3"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-04-19T03:13:44+00:00"
+        },
+        {
+            "name": "amphp/serialization",
+            "version": "v1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/serialization.git",
+                "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/serialization/zipball/693e77b2fb0b266c3c7d622317f881de44ae94a1",
+                "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "dev-master",
+                "phpunit/phpunit": "^9 || ^8 || ^7"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Serialization\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "Serialization tools for IPC and data storage in PHP.",
+            "homepage": "https://github.com/amphp/serialization",
+            "keywords": [
+                "async",
+                "asynchronous",
+                "serialization",
+                "serialize"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/serialization/issues",
+                "source": "https://github.com/amphp/serialization/tree/master"
+            },
+            "time": "2020-03-25T21:39:07+00:00"
+        },
+        {
+            "name": "amphp/socket",
+            "version": "v2.3.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/socket.git",
+                "reference": "58e0422221825b79681b72c50c47a930be7bf1e1"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/socket/zipball/58e0422221825b79681b72c50c47a930be7bf1e1",
+                "reference": "58e0422221825b79681b72c50c47a930be7bf1e1",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/byte-stream": "^2",
+                "amphp/dns": "^2",
+                "ext-openssl": "*",
+                "kelunik/certificate": "^1.1",
+                "league/uri": "^6.5 | ^7",
+                "league/uri-interfaces": "^2.3 | ^7",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "amphp/process": "^2",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "5.20"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php",
+                    "src/Internal/functions.php",
+                    "src/SocketAddress/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Socket\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Daniel Lowrey",
+                    "email": "rdlowrey@gmail.com"
+                },
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "Non-blocking socket connection / server implementations based on Amp and Revolt.",
+            "homepage": "https://github.com/amphp/socket",
+            "keywords": [
+                "amp",
+                "async",
+                "encryption",
+                "non-blocking",
+                "sockets",
+                "tcp",
+                "tls"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/socket/issues",
+                "source": "https://github.com/amphp/socket/tree/v2.3.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-04-21T14:33:03+00:00"
+        },
+        {
+            "name": "amphp/sync",
+            "version": "v2.3.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/amphp/sync.git",
+                "reference": "217097b785130d77cfcc58ff583cf26cd1770bf1"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/amphp/sync/zipball/217097b785130d77cfcc58ff583cf26cd1770bf1",
+                "reference": "217097b785130d77cfcc58ff583cf26cd1770bf1",
+                "shasum": ""
+            },
+            "require": {
+                "amphp/amp": "^3",
+                "amphp/pipeline": "^1",
+                "amphp/serialization": "^1",
+                "php": ">=8.1",
+                "revolt/event-loop": "^1 || ^0.2"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "amphp/phpunit-util": "^3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "5.23"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "Amp\\Sync\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                },
+                {
+                    "name": "Stephen Coakley",
+                    "email": "me@stephencoakley.com"
+                }
+            ],
+            "description": "Non-blocking synchronization primitives for PHP based on Amp and Revolt.",
+            "homepage": "https://github.com/amphp/sync",
+            "keywords": [
+                "async",
+                "asynchronous",
+                "mutex",
+                "semaphore",
+                "synchronization"
+            ],
+            "support": {
+                "issues": "https://github.com/amphp/sync/issues",
+                "source": "https://github.com/amphp/sync/tree/v2.3.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/amphp",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-08-03T19:31:26+00:00"
         },
         {
             "name": "composer/package-versions-deprecated",
@@ -2171,6 +2819,102 @@
             ],
             "time": "2024-05-06T16:37:16+00:00"
         },
+        {
+            "name": "danog/advanced-json-rpc",
+            "version": "v3.2.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/danog/php-advanced-json-rpc.git",
+                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/aadb1c4068a88c3d0530cfe324b067920661efcb",
+                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb",
+                "shasum": ""
+            },
+            "require": {
+                "netresearch/jsonmapper": "^5",
+                "php": ">=8.1",
+                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0"
+            },
+            "replace": {
+                "felixfbecker/php-advanced-json-rpc": "^3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "AdvancedJsonRpc\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "ISC"
+            ],
+            "authors": [
+                {
+                    "name": "Felix Becker",
+                    "email": "felix.b@outlook.com"
+                },
+                {
+                    "name": "Daniil Gentili",
+                    "email": "daniil@daniil.it"
+                }
+            ],
+            "description": "A more advanced JSONRPC implementation",
+            "support": {
+                "issues": "https://github.com/danog/php-advanced-json-rpc/issues",
+                "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.2"
+            },
+            "time": "2025-02-14T10:55:15+00:00"
+        },
+        {
+            "name": "daverandom/libdns",
+            "version": "v2.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/DaveRandom/LibDNS.git",
+                "reference": "b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/DaveRandom/LibDNS/zipball/b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a",
+                "reference": "b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ctype": "*",
+                "php": ">=7.1"
+            },
+            "suggest": {
+                "ext-intl": "Required for IDN support"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "LibDNS\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "DNS protocol implementation written in pure PHP",
+            "keywords": [
+                "dns"
+            ],
+            "support": {
+                "issues": "https://github.com/DaveRandom/LibDNS/issues",
+                "source": "https://github.com/DaveRandom/LibDNS/tree/v2.1.0"
+            },
+            "time": "2024-04-12T12:12:48+00:00"
+        },
         {
             "name": "dnoegel/php-xdg-base-dir",
             "version": "v0.1.1",
@@ -2256,51 +3000,6 @@
             },
             "time": "2025-04-07T20:06:18+00:00"
         },
-        {
-            "name": "felixfbecker/advanced-json-rpc",
-            "version": "v3.2.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/felixfbecker/php-advanced-json-rpc.git",
-                "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/felixfbecker/php-advanced-json-rpc/zipball/b5f37dbff9a8ad360ca341f3240dc1c168b45447",
-                "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447",
-                "shasum": ""
-            },
-            "require": {
-                "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0",
-                "php": "^7.1 || ^8.0",
-                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "^7.0 || ^8.0"
-            },
-            "type": "library",
-            "autoload": {
-                "psr-4": {
-                    "AdvancedJsonRpc\\": "lib/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "ISC"
-            ],
-            "authors": [
-                {
-                    "name": "Felix Becker",
-                    "email": "felix.b@outlook.com"
-                }
-            ],
-            "description": "A more advanced JSONRPC implementation",
-            "support": {
-                "issues": "https://github.com/felixfbecker/php-advanced-json-rpc/issues",
-                "source": "https://github.com/felixfbecker/php-advanced-json-rpc/tree/v3.2.1"
-            },
-            "time": "2021-06-11T22:34:44+00:00"
-        },
         {
             "name": "felixfbecker/language-server-protocol",
             "version": "v1.5.3",
@@ -2419,17 +3118,249 @@
             "time": "2024-08-06T10:04:20+00:00"
         },
         {
-            "name": "netresearch/jsonmapper",
-            "version": "v4.5.0",
+            "name": "kelunik/certificate",
+            "version": "v1.1.3",
             "source": {
                 "type": "git",
-                "url": "https://github.com/cweiske/jsonmapper.git",
-                "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5"
+                "url": "https://github.com/kelunik/certificate.git",
+                "reference": "7e00d498c264d5eb4f78c69f41c8bd6719c0199e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8e76efb98ee8b6afc54687045e1b8dba55ac76e5",
-                "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5",
+                "url": "https://api.github.com/repos/kelunik/certificate/zipball/7e00d498c264d5eb4f78c69f41c8bd6719c0199e",
+                "reference": "7e00d498c264d5eb4f78c69f41c8bd6719c0199e",
+                "shasum": ""
+            },
+            "require": {
+                "ext-openssl": "*",
+                "php": ">=7.0"
+            },
+            "require-dev": {
+                "amphp/php-cs-fixer-config": "^2",
+                "phpunit/phpunit": "^6 | 7 | ^8 | ^9"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Kelunik\\Certificate\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "Access certificate details and transform between different formats.",
+            "keywords": [
+                "DER",
+                "certificate",
+                "certificates",
+                "openssl",
+                "pem",
+                "x509"
+            ],
+            "support": {
+                "issues": "https://github.com/kelunik/certificate/issues",
+                "source": "https://github.com/kelunik/certificate/tree/v1.1.3"
+            },
+            "time": "2023-02-03T21:26:53+00:00"
+        },
+        {
+            "name": "league/uri",
+            "version": "7.5.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/uri.git",
+                "reference": "81fb5145d2644324614cc532b28efd0215bda430"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430",
+                "reference": "81fb5145d2644324614cc532b28efd0215bda430",
+                "shasum": ""
+            },
+            "require": {
+                "league/uri-interfaces": "^7.5",
+                "php": "^8.1"
+            },
+            "conflict": {
+                "league/uri-schemes": "^1.0"
+            },
+            "suggest": {
+                "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-fileinfo": "to create Data URI from file contennts",
+                "ext-gmp": "to improve IPV4 host parsing",
+                "ext-intl": "to handle IDN host with the best performance",
+                "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain",
+                "league/uri-components": "Needed to easily manipulate URI objects components",
+                "php-64bit": "to improve IPV4 host parsing",
+                "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "7.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\Uri\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ignace Nyamagana Butera",
+                    "email": "nyamsprod@gmail.com",
+                    "homepage": "https://nyamsprod.com"
+                }
+            ],
+            "description": "URI manipulation library",
+            "homepage": "https://uri.thephpleague.com",
+            "keywords": [
+                "data-uri",
+                "file-uri",
+                "ftp",
+                "hostname",
+                "http",
+                "https",
+                "middleware",
+                "parse_str",
+                "parse_url",
+                "psr-7",
+                "query-string",
+                "querystring",
+                "rfc3986",
+                "rfc3987",
+                "rfc6570",
+                "uri",
+                "uri-template",
+                "url",
+                "ws"
+            ],
+            "support": {
+                "docs": "https://uri.thephpleague.com",
+                "forum": "https://thephpleague.slack.com",
+                "issues": "https://github.com/thephpleague/uri-src/issues",
+                "source": "https://github.com/thephpleague/uri/tree/7.5.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/sponsors/nyamsprod",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-12-08T08:40:02+00:00"
+        },
+        {
+            "name": "league/uri-interfaces",
+            "version": "7.5.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/uri-interfaces.git",
+                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
+                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
+                "shasum": ""
+            },
+            "require": {
+                "ext-filter": "*",
+                "php": "^8.1",
+                "psr/http-factory": "^1",
+                "psr/http-message": "^1.1 || ^2.0"
+            },
+            "suggest": {
+                "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-gmp": "to improve IPV4 host parsing",
+                "ext-intl": "to handle IDN host with the best performance",
+                "php-64bit": "to improve IPV4 host parsing",
+                "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "7.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\Uri\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ignace Nyamagana Butera",
+                    "email": "nyamsprod@gmail.com",
+                    "homepage": "https://nyamsprod.com"
+                }
+            ],
+            "description": "Common interfaces and classes for URI representation and interaction",
+            "homepage": "https://uri.thephpleague.com",
+            "keywords": [
+                "data-uri",
+                "file-uri",
+                "ftp",
+                "hostname",
+                "http",
+                "https",
+                "parse_str",
+                "parse_url",
+                "psr-7",
+                "query-string",
+                "querystring",
+                "rfc3986",
+                "rfc3987",
+                "rfc6570",
+                "uri",
+                "url",
+                "ws"
+            ],
+            "support": {
+                "docs": "https://uri.thephpleague.com",
+                "forum": "https://thephpleague.slack.com",
+                "issues": "https://github.com/thephpleague/uri-src/issues",
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/sponsors/nyamsprod",
+                    "type": "github"
+                }
+            ],
+            "time": "2024-12-08T08:18:47+00:00"
+        },
+        {
+            "name": "netresearch/jsonmapper",
+            "version": "v5.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/cweiske/jsonmapper.git",
+                "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c",
+                "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c",
                 "shasum": ""
             },
             "require": {
@@ -2465,31 +3396,33 @@
             "support": {
                 "email": "cweiske@cweiske.de",
                 "issues": "https://github.com/cweiske/jsonmapper/issues",
-                "source": "https://github.com/cweiske/jsonmapper/tree/v4.5.0"
+                "source": "https://github.com/cweiske/jsonmapper/tree/v5.0.0"
             },
-            "time": "2024-09-08T10:13:13+00:00"
+            "time": "2024-09-08T10:20:00+00:00"
         },
         {
             "name": "nikic/php-parser",
-            "version": "v4.19.4",
+            "version": "v5.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2"
+                "reference": "447a020a1f875a434d62f2a401f53b82a396e494"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/715f4d25e225bc47b293a8b997fe6ce99bf987d2",
-                "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/447a020a1f875a434d62f2a401f53b82a396e494",
+                "reference": "447a020a1f875a434d62f2a401f53b82a396e494",
                 "shasum": ""
             },
             "require": {
+                "ext-ctype": "*",
+                "ext-json": "*",
                 "ext-tokenizer": "*",
-                "php": ">=7.1"
+                "php": ">=7.4"
             },
             "require-dev": {
                 "ircmaxell/php-yacc": "^0.0.7",
-                "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0"
+                "phpunit/phpunit": "^9.0"
             },
             "bin": [
                 "bin/php-parse"
@@ -2497,7 +3430,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "4.9-dev"
+                    "dev-master": "5.0-dev"
                 }
             },
             "autoload": {
@@ -2521,9 +3454,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.4"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.4.0"
             },
-            "time": "2024-09-29T15:01:53+00:00"
+            "time": "2024-12-30T11:07:19+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -2748,30 +3681,102 @@
             "time": "2025-02-19T13:28:12+00:00"
         },
         {
-            "name": "sebastian/diff",
-            "version": "6.0.2",
+            "name": "revolt/event-loop",
+            "version": "v1.0.7",
             "source": {
                 "type": "git",
-                "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544"
+                "url": "https://github.com/revoltphp/event-loop.git",
+                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b4ccd857127db5d41a5b676f24b51371d76d8544",
-                "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544",
+                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3",
+                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.2"
+                "php": ">=8.1"
             },
             "require-dev": {
-                "phpunit/phpunit": "^11.0",
-                "symfony/process": "^4.2 || ^5"
+                "ext-json": "*",
+                "jetbrains/phpstorm-stubs": "^2019.3",
+                "phpunit/phpunit": "^9",
+                "psalm/phar": "^5.15"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "6.0-dev"
+                    "dev-main": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Revolt\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Aaron Piotrowski",
+                    "email": "aaron@trowski.com"
+                },
+                {
+                    "name": "Cees-Jan Kiewiet",
+                    "email": "ceesjank@gmail.com"
+                },
+                {
+                    "name": "Christian Lück",
+                    "email": "christian@clue.engineering"
+                },
+                {
+                    "name": "Niklas Keller",
+                    "email": "me@kelunik.com"
+                }
+            ],
+            "description": "Rock-solid event loop for concurrent PHP applications.",
+            "keywords": [
+                "async",
+                "asynchronous",
+                "concurrency",
+                "event",
+                "event-loop",
+                "non-blocking",
+                "scheduler"
+            ],
+            "support": {
+                "issues": "https://github.com/revoltphp/event-loop/issues",
+                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7"
+            },
+            "time": "2025-01-25T19:27:39+00:00"
+        },
+        {
+            "name": "sebastian/diff",
+            "version": "7.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/sebastianbergmann/diff.git",
+                "reference": "7ab1ea946c012266ca32390913653d844ecd085f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/7ab1ea946c012266ca32390913653d844ecd085f",
+                "reference": "7ab1ea946c012266ca32390913653d844ecd085f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^12.0",
+                "symfony/process": "^7.2"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "7.0-dev"
                 }
             },
             "autoload": {
@@ -2804,7 +3809,7 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
                 "security": "https://github.com/sebastianbergmann/diff/security/policy",
-                "source": "https://github.com/sebastianbergmann/diff/tree/6.0.2"
+                "source": "https://github.com/sebastianbergmann/diff/tree/7.0.0"
             },
             "funding": [
                 {
@@ -2812,7 +3817,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-07-03T04:53:05+00:00"
+            "time": "2025-02-07T04:55:46+00:00"
         },
         {
             "name": "spatie/array-to-xml",
@@ -3323,6 +4328,82 @@
             ],
             "time": "2024-09-09T11:45:10+00:00"
         },
+        {
+            "name": "symfony/polyfill-php84",
+            "version": "v1.31.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php84.git",
+                "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/e5493eb51311ab0b1cc2243416613f06ed8f18bd",
+                "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.2"
+            },
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php84\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.4+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.31.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-09-09T12:04:04+00:00"
+        },
         {
             "name": "symfony/service-contracts",
             "version": "v3.5.1",
@@ -3495,24 +4576,26 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "5.26.1",
+            "version": "6.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"
+                "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/d747f6500b38ac4f7dfc5edbcae6e4b637d7add0",
-                "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b",
+                "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b",
                 "shasum": ""
             },
             "require": {
-                "amphp/amp": "^2.4.2",
-                "amphp/byte-stream": "^1.5",
+                "amphp/amp": "^3",
+                "amphp/byte-stream": "^2",
+                "amphp/parallel": "^2.3",
                 "composer-runtime-api": "^2",
                 "composer/semver": "^1.4 || ^2.0 || ^3.0",
                 "composer/xdebug-handler": "^2.0 || ^3.0",
+                "danog/advanced-json-rpc": "^3.1",
                 "dnoegel/php-xdg-base-dir": "^0.1.1",
                 "ext-ctype": "*",
                 "ext-dom": "*",
@@ -3521,27 +4604,26 @@
                 "ext-mbstring": "*",
                 "ext-simplexml": "*",
                 "ext-tokenizer": "*",
-                "felixfbecker/advanced-json-rpc": "^3.1",
-                "felixfbecker/language-server-protocol": "^1.5.2",
+                "felixfbecker/language-server-protocol": "^1.5.3",
                 "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0",
-                "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0",
-                "nikic/php-parser": "^4.17",
-                "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0",
-                "sebastian/diff": "^4.0 || ^5.0 || ^6.0",
+                "netresearch/jsonmapper": "^5.0",
+                "nikic/php-parser": "^5.0.0",
+                "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3",
+                "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
-                "symfony/console": "^4.1.6 || ^5.0 || ^6.0 || ^7.0",
-                "symfony/filesystem": "^5.4 || ^6.0 || ^7.0"
-            },
-            "conflict": {
-                "nikic/php-parser": "4.17.0"
+                "symfony/console": "^6.0 || ^7.0",
+                "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3",
+                "symfony/polyfill-php84": "^1.31.0"
             },
             "provide": {
                 "psalm/psalm": "self.version"
             },
             "require-dev": {
-                "amphp/phpunit-util": "^2.0",
+                "amphp/phpunit-util": "^3",
                 "bamarni/composer-bin-plugin": "^1.4",
                 "brianium/paratest": "^6.9",
+                "danog/class-finder": "^0.4.8",
+                "dg/bypass-finals": "^1.5",
                 "ext-curl": "*",
                 "mockery/mockery": "^1.5",
                 "nunomaduro/mock-final-classes": "^1.1",
@@ -3549,10 +4631,10 @@
                 "phpstan/phpdoc-parser": "^1.6",
                 "phpunit/phpunit": "^9.6",
                 "psalm/plugin-mockery": "^1.1",
-                "psalm/plugin-phpunit": "^0.18",
+                "psalm/plugin-phpunit": "^0.19",
                 "slevomat/coding-standard": "^8.4",
                 "squizlabs/php_codesniffer": "^3.6",
-                "symfony/process": "^4.4 || ^5.0 || ^6.0 || ^7.0"
+                "symfony/process": "^6.0 || ^7.0"
             },
             "suggest": {
                 "ext-curl": "In order to send data to shepherd",
@@ -3563,6 +4645,7 @@
                 "psalm-language-server",
                 "psalm-plugin",
                 "psalm-refactor",
+                "psalm-review",
                 "psalter"
             ],
             "type": "project",
@@ -3572,7 +4655,9 @@
                     "dev-2.x": "2.x-dev",
                     "dev-3.x": "3.x-dev",
                     "dev-4.x": "4.x-dev",
-                    "dev-master": "5.x-dev"
+                    "dev-5.x": "5.x-dev",
+                    "dev-6.x": "6.x-dev",
+                    "dev-master": "7.x-dev"
                 }
             },
             "autoload": {
@@ -3587,6 +4672,10 @@
             "authors": [
                 {
                     "name": "Matthew Brown"
+                },
+                {
+                    "name": "Daniil Gentili",
+                    "email": "daniil@daniil.it"
                 }
             ],
             "description": "A static analysis tool for finding errors in PHP applications",
@@ -3601,7 +4690,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2024-09-08T18:53:08+00:00"
+            "time": "2025-04-21T18:47:37+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",
@@ -3738,7 +4827,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "8.3.*",
+        "php": "8.4.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 5c064bb4..31703b3a 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,170 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"/>
+<files psalm-version="6.10.1@f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b">
+  <file src="src/Auth/AuthManager.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[AuthManager]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Auth/PasswordGenerator.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[PasswordGenerator]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/AioVariables.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[AioVariables]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/Container.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[Container]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/ContainerEnvironmentVariables.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerEnvironmentVariables]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/ContainerPort.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerPort]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/ContainerPorts.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerPorts]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/ContainerVolume.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerVolume]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Container/ContainerVolumes.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerVolumes]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/ContainerDefinitionFetcher.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ContainerDefinitionFetcher]]></code>
+    </ClassMustBeFinal>
+    <PossiblyFalseArgument>
+      <code><![CDATA[file_get_contents($path)]]></code>
+      <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Controller/ConfigurationController.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ConfigurationController]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Controller/DockerController.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[DockerController]]></code>
+    </ClassMustBeFinal>
+    <InvalidOperand>
+      <code><![CDATA[$port]]></code>
+    </InvalidOperand>
+  </file>
+  <file src="src/Controller/LoginController.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[LoginController]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Data/ConfigurationManager.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ConfigurationManager]]></code>
+    </ClassMustBeFinal>
+    <FalsableReturnStatement>
+      <code><![CDATA[$additionalBackupDirectories]]></code>
+    </FalsableReturnStatement>
+    <InvalidFalsableReturnType>
+      <code><![CDATA[string]]></code>
+    </InvalidFalsableReturnType>
+    <PossiblyFalseArgument>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$configContent]]></code>
+      <code><![CDATA[$content]]></code>
+      <code><![CDATA[$content]]></code>
+      <code><![CDATA[$dailyBackupFile]]></code>
+      <code><![CDATA[$dailyBackupFile]]></code>
+      <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Data/DataConst.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[DataConst]]></code>
+    </ClassMustBeFinal>
+    <FalsableReturnStatement>
+      <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
+    </FalsableReturnStatement>
+    <InvalidFalsableReturnType>
+      <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
+    </InvalidFalsableReturnType>
+  </file>
+  <file src="src/Data/InvalidSettingConfigurationException.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[InvalidSettingConfigurationException]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Data/Setup.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[Setup]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/DependencyInjection.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[DependencyInjection]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Docker/DockerActionManager.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[DockerActionManager]]></code>
+    </ClassMustBeFinal>
+    <PossiblyFalseArgument>
+      <code><![CDATA[$line]]></code>
+      <code><![CDATA[$line]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Docker/DockerHubManager.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[DockerHubManager]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Docker/GitHubContainerRegistryManager.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[GitHubContainerRegistryManager]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Middleware/AuthMiddleware.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[AuthMiddleware]]></code>
+    </ClassMustBeFinal>
+  </file>
+  <file src="src/Twig/ClassExtension.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[ClassExtension]]></code>
+    </ClassMustBeFinal>
+    <MissingOverrideAttribute>
+      <code><![CDATA[public function getFunctions() : array]]></code>
+    </MissingOverrideAttribute>
+  </file>
+  <file src="src/Twig/CsrfExtension.php">
+    <ClassMustBeFinal>
+      <code><![CDATA[CsrfExtension]]></code>
+    </ClassMustBeFinal>
+    <MissingOverrideAttribute>
+      <code><![CDATA[public function getGlobals() : array]]></code>
+    </MissingOverrideAttribute>
+  </file>
+</files>
diff --git a/php/psalm.xml b/php/psalm.xml
index 7a6ca595..cf4c9a44 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -5,6 +5,7 @@
 	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
 	errorBaseline="psalm-baseline.xml"
 	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>

From 5b5e8b810ccdce55bae905a8001a23c4fbd317b9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 29 Apr 2025 11:43:01 +0200
Subject: [PATCH 3140/3949] Revert "borgbackup: always use the progress option
 when creating an archive"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index d680071e..602ec586 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -185,7 +185,10 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --progress)
+    BORG_OPTS=(-v --stats --compression "auto,zstd")
+    if [ "$NEW_REPOSITORY" = 1 ]; then
+        BORG_OPTS+=(--progress)
+    fi
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found")

From 64663d51c04560587f56f6c914d76a85a72fa532 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 29 Apr 2025 14:54:36 +0200
Subject: [PATCH 3141/3949] nextcloud: adjust root.motd occ command docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/root.motd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/root.motd b/Containers/nextcloud/root.motd
index d3cae8a9..00cb4805 100644
--- a/Containers/nextcloud/root.motd
+++ b/Containers/nextcloud/root.motd
@@ -1,4 +1,4 @@
 Warning: You have logged in into the Nextcloud container as root user.
 See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
-Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
+Apart from that, you can use 'sudo -E -u www-data php occ <your-command>' in order to run occ commands.
 Of course <your-command> needs to be substituted with the command that you want to use.

From 7109925d73683cb3431e6066ead6596d0d761993 Mon Sep 17 00:00:00 2001
From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
Date: Wed, 30 Apr 2025 12:06:25 +0000
Subject: [PATCH 3142/3949] Update reverse-proxy.md

Hello again!
Ruikai Wang from the LiteSpeed team was gracious enough to teach us how it's done, and so, we added it here as well with step by step instructions and images.
You can change the text or remove the credits there without asking, so feel free!
Thanks for the awesome stuff.

Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
---
 reverse-proxy.md | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index ea9ac15a..042b948c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -238,6 +238,91 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
+### OpenLiteSpeed
+
+<details>
+
+<summary>click here to expand</summary>
+<br>
+Here's how you can set up a name-based reverse proxy to your nextcloud on an OpenLiteSpeed server.<br><sub>Courtesy of Ruikai Wang from the LiteSpeed team, and Morrow Shore.</sub>
+<br><br>
+
+1. Access your OpenLiteSpeed dashboard.
+
+OpenLiteSpeed panel is installed on port 7080 per default.
+<br> You can access it by visiting <server's_IP>:7080
+
+2. Create a new VHost.
+
+Here's how you can create a new Virtual Host:
+![image](https://github.com/user-attachments/assets/703aa010-cf2b-4293-9d12-b6987938c05a)
+
+3. **Fill in things according to this information.**
+
+Host root being `/usr/local/lsws/Example/` <br>
+And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf`
+
+![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d)
+
+If you'd like to change the address of Virtual Host Root or Document Root, make sure they actually exist in the server!
+
+4. Edit the new VHost.
+   
+Now, we must inflict some changes to the Virtual Host we just created, so click on your new VHost!
+
+![image](https://github.com/user-attachments/assets/2ef76b1f-88bf-4c7a-8fd6-aabf9a699640)
+
+5. First check the basic tab to make sure everything's alright.
+   
+![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41)
+
+6. Add these to the general tab.
+
+![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a)
+
+7. Create an "External Aplication"
+
+![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd)
+
+![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d)
+
+Fill it out accordingly and save
+![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7)
+
+8. In the same Vhost, Create a "Context"
+
+![image](https://github.com/user-attachments/assets/80af7dfb-a0be-4b32-93e2-3b2c1d518a3a)
+
+Set the new Context to proxy and procceed
+
+![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded)
+
+Add "/" as URI or address as URI and select your nextcloud web server
+
+![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696)
+
+9. Go to the Listener settings
+
+![image](https://github.com/user-attachments/assets/abfd9637-7dc0-4468-a947-69643f465745)
+
+Add a new Virtual Host Mapping
+![image](https://github.com/user-attachments/assets/235fa088-60e0-43b9-b544-b50cacf5edff)
+
+Now select your nextcloud VHost and write in your desired address
+
+![image](https://github.com/user-attachments/assets/99a56408-b2ea-4b20-9eb6-954b8d15b8d5)
+
+10. Congratulations.
+
+Just do a gradeful restart by pressing on this green restart icon, and you should be good to go.
+
+![image](https://github.com/user-attachments/assets/58acfec9-2f55-46ee-9646-69fa61f951f6)
+
+
+
+</details>
+
+
 ### Citrix ADC VPX / Citrix Netscaler
 
 <details>

From 36d802945778b827fb59bb70164e740ca3458eed Mon Sep 17 00:00:00 2001
From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
Date: Wed, 30 Apr 2025 12:21:02 +0000
Subject: [PATCH 3143/3949] Update reverse-proxy.md

Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
---
 reverse-proxy.md | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 042b948c..1200ddbb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -260,7 +260,8 @@ Here's how you can create a new Virtual Host:
 3. **Fill in things according to this information.**
 
 Host root being `/usr/local/lsws/Example/` <br>
-And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf`
+And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf` <br>
+And enable both Restrained and Scripts/ExtApps
 
 ![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d)
 
@@ -276,7 +277,9 @@ Now, we must inflict some changes to the Virtual Host we just created, so click
    
 ![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41)
 
-6. Add these to the general tab.
+6. Add Document Root and Domain Name in the general tab.<br>
+The document Root should be `/usr/local/lsws/nextcloud/html/`<br>
+And the domain name should be where you'd like your nextcloud to be!
 
 ![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a)
 
@@ -284,9 +287,13 @@ Now, we must inflict some changes to the Virtual Host we just created, so click
 
 ![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd)
 
+Select Web Server and procceed
+
 ![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d)
 
-Fill it out accordingly and save
+Name it `nextcloud`<br>
+Define the address as the default `127.0.0.1:11000`, or what you selected during installation
+
 ![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7)
 
 8. In the same Vhost, Create a "Context"
@@ -297,7 +304,7 @@ Set the new Context to proxy and procceed
 
 ![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded)
 
-Add "/" as URI or address as URI and select your nextcloud web server
+Add "/" as URI, and select your nextcloud web server
 
 ![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696)
 

From 2f64d7e608ddc6968c4fbc0645e7b094001e5e24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 May 2025 04:59:26 +0000
Subject: [PATCH 3144/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.13.3.1 to 25.04.1.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.1.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 098e2cd5..4a698f86 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:24.04.13.3.1
+FROM collabora/code:25.04.1.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From bee7449718a091b999500ab4ca48d1cbb5a14c79 Mon Sep 17 00:00:00 2001
From: Oleksii Zolotarevskyi
 <15846984+roundoutandabout@users.noreply.github.com>
Date: Thu, 1 May 2025 21:37:32 +0200
Subject: [PATCH 3145/3949] Update readme.md

Signed-off-by: Oleksii Zolotarevskyi <15846984+roundoutandabout@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e85912c6..c44b8f83 100644
--- a/readme.md
+++ b/readme.md
@@ -667,7 +667,7 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
 
 ### How to adjust the version retention policy and trashbin retention policy?
-By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+By default, AIO sets the `versions_retention_obligation` and `trashbin_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
 
 ### How to enable automatic updates without creating a backup beforehand?
 If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 

From 34e7039e3668f6657cdbb75385754ba1baefcfa7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 May 2025 05:01:00 +0000
Subject: [PATCH 3146/3949] build(deps): bump eturnal/eturnal in
 /Containers/talk

Bumps eturnal/eturnal from 1.12.1 to 1.12.2.

---
updated-dependencies:
- dependency-name: eturnal/eturnal
  dependency-version: 1.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ca4a7a89..b9fe8645 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.11.2-scratch AS nats
-FROM eturnal/eturnal:1.12.1 AS eturnal
+FROM eturnal/eturnal:1.12.2 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus
 

From 7197ba184f9da8b32c37bf93d4c734657c58aeb1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 May 2025 07:12:52 +0000
Subject: [PATCH 3147/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.2-scratch to 2.11.3-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.3-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index b9fe8645..0605fdad 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.2-scratch AS nats
+FROM nats:2.11.3-scratch AS nats
 FROM eturnal/eturnal:1.12.2 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus

From 75d5a92ed5c2ee3edbbcc41ab79542e825b6d526 Mon Sep 17 00:00:00 2001
From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
Date: Fri, 2 May 2025 11:53:28 +0000
Subject: [PATCH 3148/3949] OpenLiteSpeed Guide Linked

Just Linked the OLS guide as asked!

Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
---
 reverse-proxy.md | 84 +-----------------------------------------------
 1 file changed, 1 insertion(+), 83 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 1200ddbb..27ee04eb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -243,93 +243,11 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 <details>
 
 <summary>click here to expand</summary>
-<br>
-Here's how you can set up a name-based reverse proxy to your nextcloud on an OpenLiteSpeed server.<br><sub>Courtesy of Ruikai Wang from the LiteSpeed team, and Morrow Shore.</sub>
-<br><br>
-
-1. Access your OpenLiteSpeed dashboard.
-
-OpenLiteSpeed panel is installed on port 7080 per default.
-<br> You can access it by visiting <server's_IP>:7080
-
-2. Create a new VHost.
-
-Here's how you can create a new Virtual Host:
-![image](https://github.com/user-attachments/assets/703aa010-cf2b-4293-9d12-b6987938c05a)
-
-3. **Fill in things according to this information.**
-
-Host root being `/usr/local/lsws/Example/` <br>
-And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf` <br>
-And enable both Restrained and Scripts/ExtApps
-
-![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d)
-
-If you'd like to change the address of Virtual Host Root or Document Root, make sure they actually exist in the server!
-
-4. Edit the new VHost.
-   
-Now, we must inflict some changes to the Virtual Host we just created, so click on your new VHost!
-
-![image](https://github.com/user-attachments/assets/2ef76b1f-88bf-4c7a-8fd6-aabf9a699640)
-
-5. First check the basic tab to make sure everything's alright.
-   
-![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41)
-
-6. Add Document Root and Domain Name in the general tab.<br>
-The document Root should be `/usr/local/lsws/nextcloud/html/`<br>
-And the domain name should be where you'd like your nextcloud to be!
-
-![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a)
-
-7. Create an "External Aplication"
-
-![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd)
-
-Select Web Server and procceed
-
-![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d)
-
-Name it `nextcloud`<br>
-Define the address as the default `127.0.0.1:11000`, or what you selected during installation
-
-![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7)
-
-8. In the same Vhost, Create a "Context"
-
-![image](https://github.com/user-attachments/assets/80af7dfb-a0be-4b32-93e2-3b2c1d518a3a)
-
-Set the new Context to proxy and procceed
-
-![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded)
-
-Add "/" as URI, and select your nextcloud web server
-
-![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696)
-
-9. Go to the Listener settings
-
-![image](https://github.com/user-attachments/assets/abfd9637-7dc0-4468-a947-69643f465745)
-
-Add a new Virtual Host Mapping
-![image](https://github.com/user-attachments/assets/235fa088-60e0-43b9-b544-b50cacf5edff)
-
-Now select your nextcloud VHost and write in your desired address
-
-![image](https://github.com/user-attachments/assets/99a56408-b2ea-4b20-9eb6-954b8d15b8d5)
-
-10. Congratulations.
-
-Just do a gradeful restart by pressing on this green restart icon, and you should be good to go.
-
-![image](https://github.com/user-attachments/assets/58acfec9-2f55-46ee-9646-69fa61f951f6)
-
 
+You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https://github.com/nextcloud/all-in-one/discussions/6370
 
 </details>
 
-
 ### Citrix ADC VPX / Citrix Netscaler
 
 <details>

From f795742b394bf4e35bbd08922f745d6f2c882456 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 2 May 2025 13:59:02 +0200
Subject: [PATCH 3149/3949] increase to v10.14.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c3884fa3..769f70d9 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.13.0</h1>
+            <h1>Nextcloud AIO v10.14.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 4584b7887732c85ed2c8fbf5940c37aacd9d3720 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 2 May 2025 14:02:39 +0200
Subject: [PATCH 3150/3949] Revert "build(deps): bump collabora/code from
 24.04.13.3.1 to 25.04.1.1.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 4a698f86..098e2cd5 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.1.1.1
+FROM collabora/code:24.04.13.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From f49a0f0b696b607a7d8233938a35ca547bcd0395 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 2 May 2025 14:32:58 +0200
Subject: [PATCH 3151/3949] Revert "build(deps): bump eturnal/eturnal from
 1.12.1 to 1.12.2 in /Containers/talk"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 0605fdad..d85d3305 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.11.3-scratch AS nats
-FROM eturnal/eturnal:1.12.2 AS eturnal
+FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus
 

From 69bd0bde4975ce142ab13885b7ebbbea89dc7a0d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 May 2025 04:27:11 +0000
Subject: [PATCH 3152/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.2-alpine3.21 to 1.24.3-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.3-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 08b03bd7..11928b93 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.2-alpine3.21 AS go
+FROM golang:1.24.3-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 30e09a0d3165d8276bfeb13e51d97c5e30dcf3e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 May 2025 04:27:57 +0000
Subject: [PATCH 3153/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.24.2-alpine3.21 to 1.24.3-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.3-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 2f204010..90d18aeb 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.2-alpine3.21 AS go
+FROM golang:1.24.3-alpine3.21 AS go
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From efce94a6efb13393e5d2fda0fdf66163b080942a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 2 May 2025 15:47:58 +0200
Subject: [PATCH 3154/3949] helm: automatically enforce RPSS if configured

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml       | 2 +-
 nextcloud-aio-helm-chart/update-helm.sh | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index acce2637..9b261a78 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -19,7 +19,7 @@ jobs:
           DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           set +x
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "aio-nextcloud:$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 01c07bad..90e17af4 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -259,6 +259,15 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \; 
+# Additional config
+cat << EOL > /tmp/additional-namespace.config
+  {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+  {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config"  \{} \;
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 # shellcheck disable=SC1083

From cffc7cf8a7ed40740fac80cc4fcbdbff20cdc8a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 May 2025 04:41:09 +0000
Subject: [PATCH 3155/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 2.0.2 to 2.0.3.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-version: 2.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index d85d3305..56402efc 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.11.3-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus
 
 ARG JANUS_VERSION=v1.3.1

From c306ec7351c7eb6d4c6effcab816591a9ecf1715 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 May 2025 12:02:01 +0200
Subject: [PATCH 3156/3949] containers.json: always add chown cap to collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index d87fe9ca..38fdb09a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -393,7 +393,8 @@
       ],
       "cap_add": [
         "MKNOD",
-        "SYS_ADMIN"
+        "SYS_ADMIN",
+        "CHOWN"
       ],
       "cap_drop": [
         "NET_RAW"

From 7b92179c2423bd8420e41cb4a328b6b002e9c528 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 8 May 2025 12:03:10 +0000
Subject: [PATCH 3157/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 87 ++++++++++++++++++++++++-----------------------
 1 file changed, 44 insertions(+), 43 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index b1de606a..0d5922a2 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1398,7 +1398,7 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
@@ -1457,7 +1457,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -1477,19 +1477,20 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341"
+                "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341",
-                "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493",
+                "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493",
                 "shasum": ""
             },
             "require": {
+                "ext-iconv": "*",
                 "php": ">=7.2"
             },
             "provide": {
@@ -1537,7 +1538,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -1553,11 +1554,11 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-09T11:45:10+00:00"
+            "time": "2024-12-23T08:48:59+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
@@ -1613,7 +1614,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -1633,16 +1634,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.20.0",
+            "version": "v3.21.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "3468920399451a384bef53cf7996965f7cd40183"
+                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3468920399451a384bef53cf7996965f7cd40183",
-                "reference": "3468920399451a384bef53cf7996965f7cd40183",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d",
+                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d",
                 "shasum": ""
             },
             "require": {
@@ -1696,7 +1697,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.20.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.21.1"
             },
             "funding": [
                 {
@@ -1708,7 +1709,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-02-13T08:34:43+00:00"
+            "time": "2025-05-03T07:21:55+00:00"
         }
     ],
     "packages-dev": [
@@ -3947,16 +3948,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.20",
+            "version": "v6.4.21",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36"
+                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/2e4af9c952617cc3f9559ff706aee420a8464c36",
-                "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36",
+                "url": "https://api.github.com/repos/symfony/console/zipball/a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
+                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
                 "shasum": ""
             },
             "require": {
@@ -4021,7 +4022,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.20"
+                "source": "https://github.com/symfony/console/tree/v6.4.21"
             },
             "funding": [
                 {
@@ -4037,7 +4038,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-03T17:16:38+00:00"
+            "time": "2025-04-07T15:42:41+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4171,7 +4172,7 @@
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
@@ -4229,7 +4230,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -4249,7 +4250,7 @@
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
@@ -4310,7 +4311,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -4330,16 +4331,16 @@
         },
         {
             "name": "symfony/polyfill-php84",
-            "version": "v1.31.0",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php84.git",
-                "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd"
+                "reference": "000df7860439609837bbe28670b0be15783b7fbf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/e5493eb51311ab0b1cc2243416613f06ed8f18bd",
-                "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/000df7860439609837bbe28670b0be15783b7fbf",
+                "reference": "000df7860439609837bbe28670b0be15783b7fbf",
                 "shasum": ""
             },
             "require": {
@@ -4386,7 +4387,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.31.0"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.32.0"
             },
             "funding": [
                 {
@@ -4402,7 +4403,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-09T12:04:04+00:00"
+            "time": "2025-02-20T12:04:08+00:00"
         },
         {
             "name": "symfony/service-contracts",
@@ -4489,16 +4490,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.2.0",
+            "version": "v7.2.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82"
+                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/446e0d146f991dde3e73f45f2c97a9faad773c82",
-                "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82",
+                "url": "https://api.github.com/repos/symfony/string/zipball/a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
+                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
                 "shasum": ""
             },
             "require": {
@@ -4556,7 +4557,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.2.0"
+                "source": "https://github.com/symfony/string/tree/v7.2.6"
             },
             "funding": [
                 {
@@ -4572,20 +4573,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-13T13:31:26+00:00"
+            "time": "2025-04-20T20:18:16+00:00"
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.10.1",
+            "version": "6.10.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b"
+                "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b",
-                "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/90b5b9f5e7c8e441b191d3c82c58214753d7c7c1",
+                "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1",
                 "shasum": ""
             },
             "require": {
@@ -4690,7 +4691,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-04-21T18:47:37+00:00"
+            "time": "2025-05-05T18:23:39+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 61ccc553aac9bd9293471dab68567b7728d07280 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 May 2025 05:02:17 +0000
Subject: [PATCH 3158/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.6-fpm-alpine3.21 to 8.4.7-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.7-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f9ae4118..06971642 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.1.1-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.6-fpm-alpine3.21
+FROM php:8.4.7-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From 89b9400e683190f4ead6ad97c0f37c86fef6ecc3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 May 2025 05:02:36 +0000
Subject: [PATCH 3159/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 16.8-alpine to 16.9-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-version: 16.9-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 7abeaedb..462b3069 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
-FROM postgres:16.8-alpine
+FROM postgres:16.9-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From ddb9b179bde4a89f58a784c00f0165927a59df3c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 9 May 2025 10:06:56 +0200
Subject: [PATCH 3160/3949] talk-recording: add NC_PROTOCOL variable to
 separate from HPB_PROTOCOL

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/Dockerfile | 1 +
 Containers/talk-recording/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index bfdc1f59..aac488f5 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -7,6 +7,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 ENV RECORDING_VERSION=v0.1
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
+ENV NC_PROTOCOL=https
 ENV SKIP_VERIFY=false
 ENV HPB_PATH=/standalone-signaling/
 
diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index c73b7ea1..a03eed04 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -39,7 +39,7 @@ videoheight = 1080
 directory = /tmp
 
 [backend-1]
-url = ${HPB_PROTOCOL}://${NC_DOMAIN}
+url = ${NC_PROTOCOL}://${NC_DOMAIN}
 secret = ${RECORDING_SECRET}
 skipverify = ${SKIP_VERIFY}
 

From c14b5f55902aae81f2b36312090fbb9ed3871980 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 May 2025 04:50:22 +0000
Subject: [PATCH 3161/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.0 to 8.18.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 48a764f5..161c7761 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.0
+FROM elasticsearch:8.18.1
 
 USER root
 

From 9f44eb91cd64fcca8959b6b205c45589e3392f4f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 May 2025 04:51:07 +0000
Subject: [PATCH 3162/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.20-fpm-alpine3.21 to 8.3.21-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.21-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 540c4e00..d6ec5a16 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.20-fpm-alpine3.21
+FROM php:8.3.21-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 96a7bb0c22ca8b7c5f3fc4cfbc36d932a2f48f24 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 12 May 2025 08:33:50 +0000
Subject: [PATCH 3163/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-namespace-namespace.yaml          | 4 ++++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 15 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index f0ce6c79..9bc9d986 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.13.0
+version: 10.14.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index caadb3bb..aa1a58ac 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-apache:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index a4da3bf9..7fd39530 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c3711fa7..c509942d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 43263de6..ac2ea818 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index b0d04339..95c7839a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 384d5b05..20623b94 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
index cf705b7c..212715e9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -4,4 +4,8 @@ kind: Namespace
 metadata:
   name: "{{ .Values.NAMESPACE }}"
   namespace: "{{ .Values.NAMESPACE }}"
+  {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+  {{- end }}
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index d0f05f04..dcf038dc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250512_082954
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fcd5618e..ba26b28b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c2a3c1be..2b61ab57 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 51141e1d..7bae7aab 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-redis:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 16d52411..f9ace872 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-talk:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 57515214..408ae147 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250512_082954
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index d5be0d85..17f26c12 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250424_092733
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250512_082954
           readinessProbe:
             exec:
               command:

From e6df8699904347fdb988cbe43850570585e12e74 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 12 May 2025 12:03:46 +0000
Subject: [PATCH 3164/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index a8bdb0be..04ac9193 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -264,6 +264,7 @@ services:
     cap_add:
       - MKNOD
       - SYS_ADMIN
+      - CHOWN
     cap_drop:
       - NET_RAW
 

From 076b923f3d35a494a443eef59859dd23cb55650f Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 13 May 2025 04:11:07 +0000
Subject: [PATCH 3165/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 31703b3a..95ad3803 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.10.1@f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b">
+<files psalm-version="6.10.3@90b5b9f5e7c8e441b191d3c82c58214753d7c7c1">
   <file src="src/Auth/AuthManager.php">
     <ClassMustBeFinal>
       <code><![CDATA[AuthManager]]></code>

From 74e4db570b07666dd6d261a71936b81c77a6ba71 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 15 May 2025 12:13:14 +0000
Subject: [PATCH 3166/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index d6ec5a16..5b6aa8d6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.10
+ENV NEXTCLOUD_VERSION=30.0.11
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 6c49505b067f8aa0e60df62160190ebef116bde0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 May 2025 05:07:04 +0000
Subject: [PATCH 3167/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 24.04.13.3.1 to 25.04.2.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.2.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 098e2cd5..0e37c0b6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:24.04.13.3.1
+FROM collabora/code:25.04.2.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 5536121899eefcbadc3e388bfae5718baf2bbcd9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 May 2025 14:31:29 +0200
Subject: [PATCH 3168/3949] add `org.label-schema.vendor="Nextcloud"` label to
 all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/alpine/Dockerfile              | 2 ++
 Containers/apache/Dockerfile              | 3 ++-
 Containers/borgbackup/Dockerfile          | 3 ++-
 Containers/clamav/Dockerfile              | 3 ++-
 Containers/collabora/Dockerfile           | 3 ++-
 Containers/docker-socket-proxy/Dockerfile | 3 ++-
 Containers/domaincheck/Dockerfile         | 3 ++-
 Containers/fulltextsearch/Dockerfile      | 3 ++-
 Containers/imaginary/Dockerfile           | 5 +++--
 Containers/mastercontainer/Dockerfile     | 2 ++
 Containers/nextcloud/Dockerfile           | 3 ++-
 Containers/notify-push/Dockerfile         | 3 ++-
 Containers/onlyoffice/Dockerfile          | 3 ++-
 Containers/postgresql/Dockerfile          | 3 ++-
 Containers/redis/Dockerfile               | 3 ++-
 Containers/talk-recording/Dockerfile      | 3 ++-
 Containers/talk/Dockerfile                | 3 ++-
 Containers/watchtower/Dockerfile          | 3 ++-
 Containers/whiteboard/Dockerfile          | 3 ++-
 19 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index b690b530..8d180272 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -3,3 +3,5 @@ FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a
+
+LABEL org.label-schema.vendor="Nextcloud"
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index aeb3b12d..615aeca4 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -87,4 +87,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index d2f78df2..70d2ea11 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -23,5 +23,6 @@ ENTRYPOINT ["/start.sh"]
 # hadolint ignore=DL3002
 USER root
 
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e79d452d..f371ffd5 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -21,5 +21,6 @@ USER 100
 VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 098e2cd5..93e4a86e 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -19,4 +19,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 1480d292..a3babe4c 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -18,4 +18,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
 
 ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index d36a2611..9b248e39 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -17,4 +17,5 @@ USER www-data
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 161c7761..364dd205 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -21,5 +21,6 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1000:0
 
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 11928b93..58866e00 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.3-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -42,4 +42,5 @@ ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 06971642..bb1c2fd6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -122,6 +122,8 @@ COPY --chmod=664 Caddyfile /Caddyfile
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
+LABEL org.label-schema.vendor="Nextcloud"
+
 # hadolint ignore=DL3002
 USER root
 
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 5b6aa8d6..23c7db8a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -265,4 +265,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 15fd98a0..18cbc0c4 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -21,4 +21,5 @@ USER 33
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index b7da779e..97587907 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -7,4 +7,5 @@ FROM onlyoffice/documentserver:8.3.3.1
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 462b3069..e32cc146 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -43,4 +43,5 @@ USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 2181f47a..03399c9a 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -20,4 +20,5 @@ USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index aac488f5..ab4100a9 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -57,4 +57,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 56402efc..24d7a53c 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -105,4 +105,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 90d18aeb..6daf4f10 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -21,4 +21,5 @@ COPY --chmod=775 start.sh /start.sh
 USER root
 
 ENTRYPOINT ["/start.sh"]
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index c208a403..41f27704 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -18,4 +18,5 @@ WORKDIR /tmp
 
 ENTRYPOINT ["/start.sh"]
 
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

From b94d8073287a4f0befc7c05950ada5cdceba1cf0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 May 2025 14:56:58 +0200
Subject: [PATCH 3169/3949] increase to 10.15.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 769f70d9..fe83cc61 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.14.0</h1>
+            <h1>Nextcloud AIO v10.15.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From b73419c4dadc50842bff513c1a0ebc9ba7913a2e Mon Sep 17 00:00:00 2001
From: Florian Wallner <asdf@walura.eu>
Date: Tue, 20 May 2025 20:46:25 +0200
Subject: [PATCH 3170/3949] Update readme.md

Fix broken link

Signed-off-by: Florian Wallner <asdf@walura.eu>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index c44b8f83..0c6e9563 100644
--- a/readme.md
+++ b/readme.md
@@ -820,7 +820,7 @@ Backing up directly to a remote borg repository is supported. This avoids having
 Some alternatives, which do not have all the above benefits:
 
 - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
-- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
+- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-local-backups-regularly-to-another-drive)
 - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
 - Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391
 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)

From 25da732d82b6464a38a4cfd15755a6c3fca035c4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 21 May 2025 14:43:44 +0200
Subject: [PATCH 3171/3949] nextcloud: increase apc.shm_size to 64M to match
 the docker default shm-size

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 23c7db8a..4bf06f44 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -118,7 +118,10 @@ RUN set -ex; \
         echo 'opcache.jit_buffer_size=8M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
-    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
+    { \
+        echo 'apc.enable_cli=1'; \
+        echo 'apc.shm_size=64M'; \
+    } >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
     \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \

From bf61090568b5adc88c59527a19047e382e0e8c20 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 May 2025 12:03:18 +0000
Subject: [PATCH 3172/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 58866e00..9e6ce5b7 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.3-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 1afe2afed08efbe358d69c341f16c8861af30705 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 May 2025 12:03:18 +0000
Subject: [PATCH 3173/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0d5922a2..9bc4e45d 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4577,16 +4577,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.10.3",
+            "version": "6.11.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1"
+                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/90b5b9f5e7c8e441b191d3c82c58214753d7c7c1",
-                "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
+                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
                 "shasum": ""
             },
             "require": {
@@ -4691,7 +4691,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-05-05T18:23:39+00:00"
+            "time": "2025-05-12T11:30:26+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From a18371c0742adece0a81fea3a4dd02c481390a8d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 May 2025 04:51:55 +0000
Subject: [PATCH 3174/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.3-scratch to 2.11.4-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.4-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 24d7a53c..a84864cc 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.3-scratch AS nats
+FROM nats:2.11.4-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus

From 12340a7ce9066c57065afb658635a90a7ca56950 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 11:11:44 +0200
Subject: [PATCH 3175/3949] adjust instructions how to promote builds from beta
 to latest

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/develop.md b/develop.md
index 6f84b2d4..b6aa031d 100644
--- a/develop.md
+++ b/develop.md
@@ -41,8 +41,9 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 ## How to promote builds from beta to latest
 
+1. Verify that GitHub Services are running correctly: https://www.githubstatus.com/
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
-2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+1. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
 
 ## How to connect to the database?
 Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

From 43d16a3b25d3f772d5aaf34e1960cc158ce4ac3a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:28:09 +0200
Subject: [PATCH 3176/3949] nextcloud: remove workaround to update logic in
 entrypoint

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e84636dc..23450c07 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -105,20 +105,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Write output to logfile.
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
-            # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first
-            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            if ! version_greater "$installed_version" "28.0.1.20"; then
-                php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                    echo "Upgrade failed. Please restore from backup."
-                    bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
-                    exit 1
-                fi
-                rm "$NEXTCLOUD_DATA_DIR/update.failed"
-                # shellcheck disable=SC2016
-                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-            fi
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then

From 117a5dfd344bf4d45aa23979dc91dbbdb5d449ae Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:31:31 +0200
Subject: [PATCH 3177/3949] app: increase version to allow nc31

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 43c22ebd..069786d8 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.7.0</version>
+	<version>0.8.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="29" max-version="30"/>
+		<nextcloud min-version="30" max-version="31"/>
 	</dependencies>
 
 	<settings>

From c509ce6c8f39499d6934ee10683865cd48c2e6ba Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:33:31 +0200
Subject: [PATCH 3178/3949] nextcloud: add pandoc to container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4bf06f44..8f8bb553 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -227,6 +227,7 @@ RUN set -ex; \
         grep \
         nodejs \
         libreoffice \
+        pandoc-cli \
         bind-tools \
         imagemagick \
         imagemagick-svg \

From d0d11cc8189ce562ebe4f9f04a3d480722049108 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:38:22 +0200
Subject: [PATCH 3179/3949] postgres: increase to 17

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index e32cc146..36394b05 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
-FROM postgres:16.9-alpine
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile
+FROM postgres:17.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 18663f0b05f85d569ab8a4e6d2f5e472ece49738 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:49:41 +0200
Subject: [PATCH 3180/3949] nextcloud: upgrade to nc31

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8f8bb553..95af7608 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.11
+ENV NEXTCLOUD_VERSION=31.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 2d9152d09a13ec87d6e8f9c4da64b14c5e0617c3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 13:54:39 +0200
Subject: [PATCH 3181/3949] aio-interface: hide instructions for upgrading to
 nc31

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fe83cc61..6a1f67cc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -33,7 +33,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = 31 %}
+            {% set newMajorVersion = '' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 347aaf618efd5da4a352ebeff755187cadec0b52 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 26 May 2025 12:03:12 +0000
Subject: [PATCH 3182/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 9bc4e45d..0e43416e 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1331,16 +1331,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.5.1",
+            "version": "v3.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6"
+                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6",
-                "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
+                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
                 "shasum": ""
             },
             "require": {
@@ -1353,7 +1353,7 @@
                     "name": "symfony/contracts"
                 },
                 "branch-alias": {
-                    "dev-main": "3.5-dev"
+                    "dev-main": "3.6-dev"
                 }
             },
             "autoload": {
@@ -1378,7 +1378,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
             },
             "funding": [
                 {
@@ -1394,7 +1394,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-25T14:20:29+00:00"
+            "time": "2024-09-25T14:21:43+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -4407,16 +4407,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.5.1",
+            "version": "v3.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0"
+                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/e53260aabf78fb3d63f8d79d69ece59f80d5eda0",
-                "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
+                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
                 "shasum": ""
             },
             "require": {
@@ -4434,7 +4434,7 @@
                     "name": "symfony/contracts"
                 },
                 "branch-alias": {
-                    "dev-main": "3.5-dev"
+                    "dev-main": "3.6-dev"
                 }
             },
             "autoload": {
@@ -4470,7 +4470,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.5.1"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.6.0"
             },
             "funding": [
                 {
@@ -4486,7 +4486,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-25T14:20:29+00:00"
+            "time": "2025-04-25T09:37:31+00:00"
         },
         {
             "name": "symfony/string",

From 100d37004724e40d2b5e4570215fa650f6b6d8ef Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 26 May 2025 12:46:45 +0000
Subject: [PATCH 3183/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml           | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 ++++----
 .../templates/nextcloud-aio-clamav-service.yaml           | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 7 ++++---
 .../templates/nextcloud-aio-collabora-service.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 .../templates/nextcloud-aio-database-service.yaml         | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml             | 4 ++--
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 6 +++---
 .../templates/nextcloud-aio-whiteboard-service.yaml       | 2 +-
 27 files changed, 60 insertions(+), 59 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9bc9d986..35941779 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.14.0
+version: 10.15.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index aa1a58ac..8a487d8f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-apache:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 596014ef..f496a3f8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 7fd39530..19bb3019 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 68dead85..67a05650 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c509942d..176bd140 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250526_095855
           readinessProbe:
             exec:
               command:
@@ -61,4 +61,5 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
+                - CHOWN={{ .Values.CHOWN }}
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index f2e6b3cb..081a8131 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index ac2ea818..b206b590 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index 8a022a4d..e0abad63 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 95c7839a..e968f3f7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 57a9f9a7..29dc4871 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 20623b94..c10c6f81 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index fd6dafb5..28bc08be 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index dcf038dc..a342ed1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250526_095855
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 1b77fb50..6394b6fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index ba26b28b..06dfdd2c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index d15c1bc3..58bc411b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 2b61ab57..4a195c9a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 11761892..08ea4965 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 7bae7aab..64bbdbce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-redis:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index c12d28fa..3deae463 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index f9ace872..e4fed0cd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-talk:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 408ae147..29275b61 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index f2413fb2..9fe10d57 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index d2da42f7..1b7f1a05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -28,7 +28,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 17f26c12..600b193e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250512_082954
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250526_095855
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index 8c0df7f2..29232bee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From b5ff2376d8f2a81afbcaae6eb0359b09e8a507d8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 15:26:31 +0200
Subject: [PATCH 3184/3949] fix update-helm script

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 90e17af4..7ad3bd32 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091

From e69372e8e4aa5df6c18694e04b629e63b134aa49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 15:27:31 +0200
Subject: [PATCH 3185/3949] downgrade helm-chart to 10.14.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 35941779..9bc9d986 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.15.0
+version: 10.14.0
 apiVersion: v2
 keywords:
   - latest

From ae841a66a7f3f65c7f4e7ac5eb0ea2374c2aa27c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 May 2025 15:29:04 +0200
Subject: [PATCH 3186/3949] upgrade helm-chart to v10.15.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/Chart.yaml                             | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9bc9d986..35941779 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.14.0
+version: 10.15.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 176bd140..cb1a6621 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -61,5 +61,5 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
-                - CHOWN={{ .Values.CHOWN }}
+                - CHOWN
 {{- end }}

From 8a4789a903d8b930085d4634108d5f2c91575771 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 27 May 2025 04:12:55 +0000
Subject: [PATCH 3187/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 95ad3803..3b4342cf 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.10.3@90b5b9f5e7c8e441b191d3c82c58214753d7c7c1">
+<files psalm-version="6.11.0@4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0">
   <file src="src/Auth/AuthManager.php">
     <ClassMustBeFinal>
       <code><![CDATA[AuthManager]]></code>

From de6fde26cd443d636a8fdc76bc9658077fae04be Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 27 May 2025 12:49:37 +0200
Subject: [PATCH 3188/3949] readme: update docs regarding unothorized ACME
 challenges

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0c6e9563..3052b303 100644
--- a/readme.md
+++ b/readme.md
@@ -736,7 +736,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
 ### Securing the AIO interface from unauthorized ACME challenges
-[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface on port 8443, is configured to accept traffic on any valid domain in order to make the AIO interface as convenient to use as possible. However due to this, it is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

From 68ae9c055a4cd99e319f19dd2ac42e4cbc85134b Mon Sep 17 00:00:00 2001
From: thiswillbeyourgithub
 <26625900+thiswillbeyourgithub@users.noreply.github.com>
Date: Tue, 27 May 2025 16:00:58 +0200
Subject: [PATCH 3189/3949] doc: clarify migration steps

Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com>
---
 migration.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/migration.md b/migration.md
index e3fc4a56..45a19a1c 100644
--- a/migration.md
+++ b/migration.md
@@ -58,8 +58,8 @@ The procedure for migrating the files and the database works like this:
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
 1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
-1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
+1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!**
+1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.
     1. Now, create a copy of the database file so that you can simply restore it if you should make a mistake while editing: `cp database-dump.sql database-dump.sql.backup`
     1. Next, open the database export with e.g. nano: `nano database-dump.sql`
@@ -81,7 +81,6 @@ The same applies for the second statement, check with `grep " OWNER TO nextcloud
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
-1. As last step, install all apps again that were installed before on your old instance by using the webinterface.
 
 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.

From a72bdf097f3f10fcadffa3b78e9a639e8e28c306 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 28 May 2025 11:08:34 +0200
Subject: [PATCH 3190/3949] clamav: move LocalSocket to `/tmp/clamd.sock`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index f371ffd5..2b7bd30b 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -11,6 +11,7 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     freshclam --foreground --stdout
 
 COPY --chmod=775 start.sh /start.sh

From 73ccf23e9248391e551312f073317764ee06e74f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 May 2025 04:33:18 +0000
Subject: [PATCH 3191/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.1.7-alpine to 3.2.0-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.0-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index a3babe4c..3b19c0af 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.7-alpine
+FROM haproxy:3.2.0-alpine
 
 # hadolint ignore=DL3002
 USER root

From 87b05728458690d5fbb773dbce29af2f444d75bd Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 29 May 2025 12:03:15 +0000
Subject: [PATCH 3192/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 0e43416e..7e389e82 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3948,16 +3948,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.21",
+            "version": "v6.4.22",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719"
+                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
-                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
+                "url": "https://api.github.com/repos/symfony/console/zipball/7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
+                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
                 "shasum": ""
             },
             "require": {
@@ -4022,7 +4022,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.21"
+                "source": "https://github.com/symfony/console/tree/v6.4.22"
             },
             "funding": [
                 {
@@ -4038,11 +4038,11 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-07T15:42:41+00:00"
+            "time": "2025-05-07T07:05:04+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.2.0",
+            "version": "v7.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
@@ -4088,7 +4088,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.2.0"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.0"
             },
             "funding": [
                 {
@@ -4490,16 +4490,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.2.6",
+            "version": "v7.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931"
+                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
-                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
+                "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125",
+                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125",
                 "shasum": ""
             },
             "require": {
@@ -4557,7 +4557,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.2.6"
+                "source": "https://github.com/symfony/string/tree/v7.3.0"
             },
             "funding": [
                 {
@@ -4573,7 +4573,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-20T20:18:16+00:00"
+            "time": "2025-04-20T20:19:01+00:00"
         },
         {
             "name": "vimeo/psalm",

From 1edd280cc850e7912a10c03919b196cac0b35426 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 May 2025 04:39:48 +0000
Subject: [PATCH 3193/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.1 to 8.18.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 364dd205..ae7eee63 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.1
+FROM elasticsearch:8.18.2
 
 USER root
 

From 945b767e2c93a7fd69fbf05f1448bfb685e9c46a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 May 2025 04:39:56 +0000
Subject: [PATCH 3194/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.1.1-cli to 28.2.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.2.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index bb1c2fd6..f241fa91 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.1.1-cli AS docker
+FROM docker:28.2.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From b6c078847d81fdfc6e2c0cacc4ebc489d56a363a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 May 2025 04:40:25 +0000
Subject: [PATCH 3195/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.8-alpine to 7.2.9-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.9-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 03399c9a..92f2b17c 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.8-alpine
+FROM redis:7.2.9-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 673b1db07ed3e63ecf8b2a9dd4597d56f952078c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:32:51 +0200
Subject: [PATCH 3196/3949] aio-interface: allow to manage the community
 containers via the AIO interface (#6443)

Signed-off-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh           |  14 +--
 community-containers/readme.md                |   9 +-
 compose.yaml                                  |   1 -
 php/psalm-baseline.xml                        | 106 ------------------
 php/psalm.xml                                 |   1 +
 php/public/containers-form-submit.js          |  88 +++++++++++++++
 php/public/index.php                          |   4 +-
 php/public/options-form-submit.js             |  60 ----------
 php/src/Container/CommunityContainer.php      |  12 ++
 .../Controller/ConfigurationController.php    |   6 +-
 php/src/Data/ConfigurationManager.php         |  72 +++++++++---
 php/templates/containers.twig                 |   4 +
 .../includes/community-containers.twig        |  42 +++++++
 .../includes/optional-containers.twig         |   5 +-
 tests/QA/060-environmental-variables.md       |   1 -
 15 files changed, 220 insertions(+), 205 deletions(-)
 create mode 100644 php/public/containers-form-submit.js
 delete mode 100644 php/public/options-form-submit.js
 create mode 100644 php/src/Container/CommunityContainer.php
 create mode 100644 php/templates/includes/community-containers.twig

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index e4a1f44f..9158d5b0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -258,18 +258,8 @@ It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
     fi
 fi
 if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
-    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
-    for container in "${AIO_CCONTAINERS[@]}"; do
-        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            print_red "The community container $container was not found!"
-            FAIL_CCONTAINERS=1
-        fi
-    done
-    if [ -n "$FAIL_CCONTAINERS" ]; then
-        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
-It is set to '$AIO_COMMUNITY_CONTAINERS'."
-        exit 1
-    fi
+    print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
+The community containers get managed via the AIO interface now."
 fi
 
 # Check if ghcr.io is reachable
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 07ba7602..b08353e1 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -5,9 +5,8 @@ This directory features containers that are built for AIO which allows to add ad
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
-Before adding any additional container, make sure to create a backup via the AIO interface!
-
-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
+Starting with v11 of AIO, the management of Community Containers is done via the web interface. 
+⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
@@ -16,8 +15,6 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
-In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
-
-First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
+You can remove containers now via the web interface.
 
 After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).
diff --git a/compose.yaml b/compose.yaml
index a2836446..93a6b7af 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -14,7 +14,6 @@ services:
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 3b4342cf..8eec4eb9 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,81 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <files psalm-version="6.11.0@4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0">
-  <file src="src/Auth/AuthManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Auth/PasswordGenerator.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[PasswordGenerator]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/AioVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AioVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/Container.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Container]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerEnvironmentVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerEnvironmentVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPort.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPort]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPorts.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPorts]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolume.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolume]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolumes.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolumes]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/ContainerDefinitionFetcher.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerDefinitionFetcher]]></code>
-    </ClassMustBeFinal>
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>
       <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationController]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Controller/DockerController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerController]]></code>
-    </ClassMustBeFinal>
     <InvalidOperand>
       <code><![CDATA[$port]]></code>
     </InvalidOperand>
   </file>
-  <file src="src/Controller/LoginController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[LoginController]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Data/ConfigurationManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationManager]]></code>
-    </ClassMustBeFinal>
     <FalsableReturnStatement>
       <code><![CDATA[$additionalBackupDirectories]]></code>
     </FalsableReturnStatement>
@@ -98,9 +34,6 @@
     </PossiblyFalseArgument>
   </file>
   <file src="src/Data/DataConst.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DataConst]]></code>
-    </ClassMustBeFinal>
     <FalsableReturnStatement>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
@@ -112,57 +45,18 @@
       <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
-  <file src="src/Data/InvalidSettingConfigurationException.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[InvalidSettingConfigurationException]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Data/Setup.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Setup]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/DependencyInjection.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DependencyInjection]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Docker/DockerActionManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerActionManager]]></code>
-    </ClassMustBeFinal>
     <PossiblyFalseArgument>
       <code><![CDATA[$line]]></code>
       <code><![CDATA[$line]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Docker/DockerHubManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerHubManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Docker/GitHubContainerRegistryManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[GitHubContainerRegistryManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthMiddleware]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Twig/ClassExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ClassExtension]]></code>
-    </ClassMustBeFinal>
     <MissingOverrideAttribute>
       <code><![CDATA[public function getFunctions() : array]]></code>
     </MissingOverrideAttribute>
   </file>
   <file src="src/Twig/CsrfExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[CsrfExtension]]></code>
-    </ClassMustBeFinal>
     <MissingOverrideAttribute>
       <code><![CDATA[public function getGlobals() : array]]></code>
     </MissingOverrideAttribute>
diff --git a/php/psalm.xml b/php/psalm.xml
index cf4c9a44..d7ce38c9 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -19,5 +19,6 @@
 		<directory name="vendor" />
 	</extraFiles>
 	<issueHandlers>
+  		<ClassMustBeFinal errorLevel="suppress" />
 	</issueHandlers>
 </psalm>
diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js
new file mode 100644
index 00000000..b7ffd2d8
--- /dev/null
+++ b/php/public/containers-form-submit.js
@@ -0,0 +1,88 @@
+document.addEventListener("DOMContentLoaded", function () {
+    // Hide submit button initially
+    const optionsFormSubmit = document.getElementById("options-form-submit");
+    optionsFormSubmit.style.display = 'none';
+
+    const communityFormSubmit = document.getElementById("community-form-submit");
+    communityFormSubmit.style.display = 'none';
+
+    // Store initial states for all checkboxes
+    const initialStateOptionsContainers = {};
+    const initialStateCommunityContainers = {};
+    const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']");
+    const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']");
+
+    optionsContainersCheckboxes.forEach(checkbox => {
+        initialStateOptionsContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        initialStateCommunityContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    // Function to compare current states to initial states
+    function checkForOptionContainerChanges() {
+        let hasChanges = false;
+
+        optionsContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateOptionsContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Function to compare current states to initial states
+    function checkForCommunityContainerChanges() {
+        let hasChanges = false;
+
+        communityContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateCommunityContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        communityFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Event listener to trigger visibility check on each change
+    optionsContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForOptionContainerChanges);
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForCommunityContainerChanges);
+    });
+
+    // Custom behaviors for specific options
+    function handleTalkVisibility() {
+        const talkRecording = document.getElementById("talk-recording");
+        if (document.getElementById("talk").checked) {
+            talkRecording.disabled = false;
+        } else {
+            talkRecording.checked = false;
+            talkRecording.disabled = true;
+        }
+        checkForOptionContainerChanges();  // Check changes after toggling Talk Recording
+    }
+
+    function handleDockerSocketProxyWarning() {
+        if (document.getElementById("docker-socket-proxy").checked) {
+            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
+        }
+    }
+
+    // Initialize event listeners for specific behaviors
+    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
+    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
+
+    // Initialize talk-recording visibility on page load
+    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
+
+    // Initial call to check for changes
+    checkForOptionContainerChanges();
+    checkForCommunityContainerChanges();
+});
diff --git a/php/public/index.php b/php/public/index.php
index a3ee8f7d..60440805 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -128,7 +128,9 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
-        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),        
+        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
+        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
+        'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
deleted file mode 100644
index 35f6e878..00000000
--- a/php/public/options-form-submit.js
+++ /dev/null
@@ -1,60 +0,0 @@
-document.addEventListener("DOMContentLoaded", function () {
-    // Hide submit button initially
-    const optionsFormSubmit = document.getElementById("options-form-submit");
-    optionsFormSubmit.style.display = 'none';
-
-    // Store initial states for all checkboxes
-    const initialState = {};
-    const checkboxes = document.querySelectorAll("#options-form input[type='checkbox']");
-
-    checkboxes.forEach(checkbox => {
-        initialState[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
-    });
-
-    // Function to compare current states to initial states
-    function checkForChanges() {
-        let hasChanges = false;
-        
-        checkboxes.forEach(checkbox => {
-            if (checkbox.checked !== initialState[checkbox.id]) {
-                hasChanges = true;
-            }
-        });
-
-        // Show or hide submit button based on changes
-        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
-    }
-
-    // Event listener to trigger visibility check on each change
-    checkboxes.forEach(checkbox => {
-        checkbox.addEventListener("change", checkForChanges);
-    });
-
-    // Custom behaviors for specific options
-    function handleTalkVisibility() {
-        const talkRecording = document.getElementById("talk-recording");
-        if (document.getElementById("talk").checked) {
-            talkRecording.disabled = false;
-        } else {
-            talkRecording.checked = false;
-            talkRecording.disabled = true;
-        }
-        checkForChanges();  // Check changes after toggling Talk Recording
-    }
-
-    function handleDockerSocketProxyWarning() {
-        if (document.getElementById("docker-socket-proxy").checked) {
-            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
-        }
-    }
-
-    // Initialize event listeners for specific behaviors
-    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
-    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
-
-    // Initialize talk-recording visibility on page load
-    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
-
-    // Initial call to check for changes
-    checkForChanges();
-});
diff --git a/php/src/Container/CommunityContainer.php b/php/src/Container/CommunityContainer.php
new file mode 100644
index 00000000..8f7c2ffd
--- /dev/null
+++ b/php/src/Container/CommunityContainer.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace AIO\Container;
+
+readonly class CommunityContainer {
+    public function __construct(
+        string                        $id,
+        string                        $name,
+        string                        $documentation,
+    ) {
+    }
+}
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 561334c8..f7930ffc 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -15,7 +15,7 @@ readonly class ConfigurationController {
     ) {
     }
 
-    public function SetConfig(Request $request, Response $response, array $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args): Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
@@ -125,6 +125,10 @@ readonly class ConfigurationController {
                 }
             }
 
+            if (isset($request->getParsedBody()['community-form'])) {
+                $this->configurationManager->SetEnabledCommunityContainers($request->getParsedBody()['enabled-community'] ?? []);
+            }
+
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
                 $this->configurationManager->DeleteCollaboraDictionaries();
             }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e2291a76..05c639f1 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -3,6 +3,7 @@
 namespace AIO\Data;
 
 use AIO\Auth\PasswordGenerator;
+use AIO\Container\CommunityContainer;
 use AIO\Controller\DockerController;
 
 class ConfigurationManager
@@ -75,7 +76,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return '';
         }
-        
+
         $content = file_get_contents(DataConst::GetBackupArchivesList());
         if ($content === '') {
             return '';
@@ -95,7 +96,7 @@ class ConfigurationManager
         if ($lastBackupTime === "") {
             return '';
         }
-        
+
         return $lastBackupTime;
     }
 
@@ -103,7 +104,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return [];
         }
-        
+
         $content = file_get_contents(DataConst::GetBackupArchivesList());
         if ($content === '') {
             return [];
@@ -114,7 +115,7 @@ class ConfigurationManager
         foreach($backupLines as $lines) {
             if ($lines !== "") {
                 $backupTimesTemp = explode(',', $lines);
-                $backupTimes[] = $backupTimesTemp[1];     
+                $backupTimes[] = $backupTimesTemp[1];
             }
         }
 
@@ -140,7 +141,7 @@ class ConfigurationManager
         }
     }
 
-    public function isClamavEnabled() : bool {        
+    public function isClamavEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
             return true;
@@ -375,7 +376,7 @@ class ConfigurationManager
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
             curl_setopt($ch, CURLOPT_TIMEOUT, 10);
             $response = (string)curl_exec($ch);
             # Get rid of trailing \n
@@ -474,7 +475,7 @@ class ConfigurationManager
         } elseif ($location !== '' && $repo !== '') {
             throw new InvalidSettingConfigurationException("Location and remote repo url are mutually exclusive!");
         }
-        
+
         if ($location !== '') {
             $isValidPath = false;
             if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
@@ -629,7 +630,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupPublicKey())) {
             return "";
         }
-        
+
         return trim(file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
@@ -771,7 +772,7 @@ class ConfigurationManager
         if (!preg_match("#^[0-1][0-9]:[0-5][0-9]$#", $time) && !preg_match("#^2[0-3]:[0-5][0-9]$#", $time)) {
             throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
         }
-        
+
         if ($enableAutomaticUpdates === false) {
             $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
         } else {
@@ -1008,16 +1009,59 @@ class ConfigurationManager
     }
 
     private function GetCommunityContainers() : string {
-        $envVariableName = 'AIO_COMMUNITY_CONTAINERS';
-        $configName = 'aio_community_containers';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+        $config = $this->GetConfig();
+        if(!isset($config['aio_community_containers'])) {
+            $config['aio_community_containers'] = '';
+        }
+
+        return $config['aio_community_containers'];
     }
 
-    public function GetEnabledCommunityContainers() : array {
+
+    /** @return list<CommunityContainer> */
+    public function listAvailableCommunityContainers() : array {
+        $cc = [];
+        $dir = scandir(DataConst::GetCommunityContainersDirectory());
+        if ($dir === false) {
+            return $cc;
+        }
+        foreach ($dir as $id) {
+            $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
+            $fileContents = apcu_fetch($filePath);
+            if (!is_string($fileContents)) {
+                $fileContents = file_get_contents($filePath);
+                if (is_string($fileContents)) {
+                    apcu_add($filePath, $fileContents);
+                }
+            } 
+            $json = is_string($fileContents) ? json_decode($fileContents) : false;
+            if(is_array($json) && is_array($json['aio_services_v1'])) {
+                foreach ($json['aio_services_v1'] as $service) {
+                    $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
+                    if (is_string($service['display_name'])) {
+                        $cc[] = new CommunityContainer(
+                            $id,
+                            $service['display_name'],
+                            $documentation);
+                    }
+                    break;
+                }
+            }
+        }
+        return $cc;
+    }
+
+    /** @return list<string> */
+    public function GetEnabledCommunityContainers(): array {
         return explode(' ', $this->GetCommunityContainers());
     }
 
+    public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void {
+        $config = $this->GetConfig();
+        $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers);
+        $this->WriteConfig($config);
+    }
+
     private function GetEnabledDriDevice() : string {
         $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
         $configName = 'nextcloud_enable_dri_device';
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6a1f67cc..81415626 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -606,6 +606,10 @@
                 {% endif %}
             {% endif %}
 
+            {{ include('includes/community-containers.twig') }}
+
+        <script type="text/javascript" src="containers-form-submit.js?v4"></script>
+
         {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
             <script type="text/javascript" src="automatic_reload.js"></script>
         {% else %}
diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig
new file mode 100644
index 00000000..44b1e3bf
--- /dev/null
+++ b/php/templates/includes/community-containers.twig
@@ -0,0 +1,42 @@
+<h2>Community Containers</h2>
+<p>In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.</p>
+<p><strong>⚠️ Caution: </strong>Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!</p>
+<details>
+    <summary>Show/Hide available Community Containers</summary>
+    {% if isAnyRunning == true %}
+        <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+    {% else %}
+        <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of Community Containers. The changes will not be auto-saved.</p>
+    {% endif %}
+    <form id="community-form" method="POST" action="/api/configuration" class="xhr">
+        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+        <input type="hidden" name="community-form" value="community-form">
+        {% for cc in community_containers %}
+            <p>
+                <input
+                    type="checkbox"
+                    id="enabled-community[]"
+                    value="{{ cc.id }}"
+                    name="{{ cc.id }}"
+                    {% if cc.id in community_containers_enabled %}
+                        checked="checked"
+                        data-initial-state="true"
+                    {% else %}
+                        data-initial-state="false"
+                    {% endif %}
+                    {% if isAnyRunning == true %}
+                        disabled="disabled"
+                    {% endif %}
+                >
+                <label for="{{ cc.id }}">{{ cc.name }} 
+                    {% if cc.documentation != '' %}
+                        <a href="{{ cc.documentation }}" target="_blank">(Documentation)</a>
+                    {% endif %}
+                </label>
+            </p>
+        {% endfor %}
+
+        <input id="community-form-submit" type="submit" value="Save changes" onclick="return confirm('Are you sure that you read the documentation of all community containers that you enabled? If no, please do not continue as this might break your instance!')" />
+    </form>
+</details>
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 53315b1c..1abcfefc 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -1,11 +1,11 @@
 <h2>Optional containers</h2>
-<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+<p>In this section you can enable or disable optional containers.</p>
 {% if isAnyRunning == true %}
     <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
 {% else %}
     <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
 {% endif %}
-<form id="options-form" method="POST" action="/api/configuration" class="xhr">
+<form id="container-form" method="POST" action="/api/configuration" class="xhr">
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">
@@ -143,7 +143,6 @@
         <label for="whiteboard">Whiteboard</label>
     </p>
     <input id="options-form-submit" type="submit" value="Save changes" />
-    <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index b2fadceb..818ecf7c 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -24,6 +24,5 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
-- [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)

From bbd6812977d5fc3be685f8775fa9fd608add91aa Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:38:18 +0200
Subject: [PATCH 3197/3949] increase to 11.0.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 81415626..055b12ae 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.15.0</h1>
+            <h1>Nextcloud AIO v11.0.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 1cced86de6f2ee2bbead67b74f60900890a3734c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:43:20 +0200
Subject: [PATCH 3198/3949] fix collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 0f0bc4b3..9cdb48b6 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \
+    apt --fix-broken install; \
     apt-get install -y --no-install-recommends \
         netcat-openbsd \
     ; \

From f2f674d9499fefd05b4f803763c633f052c9ee29 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:45:15 +0200
Subject: [PATCH 3199/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 9cdb48b6..8c1f11ed 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,7 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \
-    apt --fix-broken install; \
+    apt-get --fix-broken install; \
     apt-get install -y --no-install-recommends \
         netcat-openbsd \
     ; \

From cdd5a950621be9dd08db0036a9a6e68f3b602945 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:48:16 +0200
Subject: [PATCH 3200/3949] another attempt

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 8c1f11ed..f88c4f8d 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,8 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \
-    apt-get --fix-broken install; \
-    apt-get install -y --no-install-recommends \
+    apt-get install --fix-broken -y --no-install-recommends \
         netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*;

From 7442072a5d9648d40446cb1d64aa138329880ae4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:53:19 +0200
Subject: [PATCH 3201/3949] nextcloud: adjust permissions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 95af7608..88a88c0a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -212,8 +212,8 @@ RUN set -ex; \
     /var/log/supervisord \
     /var/run/supervisord \
     ; \
-    chown www-data:root -R /var/log/supervisord; \
-    chown www-data:root -R /var/run/supervisord; \
+    chmod 777 -R /var/log/supervisord; \
+    chmod 777 -R /var/run/supervisord; \
     \
     apk add --no-cache \
         bash \
@@ -254,14 +254,13 @@ RUN set -ex; \
 # AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \
-    chown www-data:root -R /usr/local/etc/php/conf.d && \
-    chown www-data:root -R /usr/local/etc/php-fpm.d && \
+    chmod 777 -R /usr/local/etc/php/conf.d && \
+    chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
     rm -rf /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
-    chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater
+    chmod -R 777 /nc-updater
 
 # hadolint ignore=DL3002
 USER root

From d6c35782f5698ee203407441f213cf303fb52e11 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 09:56:28 +0200
Subject: [PATCH 3202/3949] another collabora attempt

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index f88c4f8d..52e3deae 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -9,7 +9,8 @@ ARG DEBIAN_FRONTEND=noninteractive
 RUN set -ex; \
     \
     apt-get update; \
-    apt-get install --fix-broken -y --no-install-recommends \
+    apt-get --fix-broken install -y --no-install-recommends; \
+    apt-get install -y --no-install-recommends \
         netcat-openbsd \
     ; \
     rm -rf /var/lib/apt/lists/*;

From 1d3692a6db2ed562fd018eaed6550cc80b284c2c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 10:02:46 +0200
Subject: [PATCH 3203/3949] collabora: move healthcheck to use curl in order to
 fix the Dockerfile

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile     | 10 ----------
 Containers/collabora/healthcheck.sh |  2 +-
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 52e3deae..314492c2 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -5,16 +5,6 @@ FROM collabora/code:25.04.2.1.1
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 
-# hadolint ignore=DL3008
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get --fix-broken install -y --no-install-recommends; \
-    apt-get install -y --no-install-recommends \
-        netcat-openbsd \
-    ; \
-    rm -rf /var/lib/apt/lists/*;
-
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER 1001
diff --git a/Containers/collabora/healthcheck.sh b/Containers/collabora/healthcheck.sh
index 67cecdc3..9081ef5c 100644
--- a/Containers/collabora/healthcheck.sh
+++ b/Containers/collabora/healthcheck.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-nc -z 127.0.0.1 9980 || exit 1
+curl http://127.0.0.1:9980 || exit 1

From 21b9c19c5dbf9c7c112b54d293939104ada2b93b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 10:24:24 +0200
Subject: [PATCH 3204/3949] scandir: get rid of dots

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 05c639f1..9ab92394 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -1025,6 +1025,8 @@ class ConfigurationManager
         if ($dir === false) {
             return $cc;
         }
+        // Get rid of dots from the scandir command
+        $dir = array_diff($dir, array('..', '.'));
         foreach ($dir as $id) {
             $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
             $fileContents = apcu_fetch($filePath);

From ae5adc989fa4365be2ffa1796dfd142b1814652c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 10:37:52 +0200
Subject: [PATCH 3205/3949] the cc-section needs to be included in another
 place

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 055b12ae..810117bf 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -602,11 +602,11 @@
                                 </form>
                             {% endif %}
                         {% endif %}
+                        {{ include('includes/community-containers.twig') }}
                     {% endif %}
                 {% endif %}
             {% endif %}
 
-            {{ include('includes/community-containers.twig') }}
 
         <script type="text/javascript" src="containers-form-submit.js?v4"></script>
 

From 635381a4c853f463200d6673571c9e5aae2f14f8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 10:47:55 +0200
Subject: [PATCH 3206/3949] fix another detail in scandir

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9ab92394..dd2a95cd 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -1026,7 +1026,7 @@ class ConfigurationManager
             return $cc;
         }
         // Get rid of dots from the scandir command
-        $dir = array_diff($dir, array('..', '.'));
+        $dir = array_diff($dir, array('..', '.', 'readme.md'));
         foreach ($dir as $id) {
             $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
             $fileContents = apcu_fetch($filePath);

From 3f520b2f3c713b9e8db52fbb5063d6fa6b03ddea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 10:58:45 +0200
Subject: [PATCH 3207/3949] move note about how to handle the ccs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/community-containers.twig | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig
index 44b1e3bf..dd67027c 100644
--- a/php/templates/includes/community-containers.twig
+++ b/php/templates/includes/community-containers.twig
@@ -1,13 +1,13 @@
 <h2>Community Containers</h2>
 <p>In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.</p>
 <p><strong>⚠️ Caution: </strong>Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!</p>
+{% if isAnyRunning == true %}
+    <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+{% else %}
+    <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of Community Containers. The changes will not be auto-saved.</p>
+{% endif %}
 <details>
     <summary>Show/Hide available Community Containers</summary>
-    {% if isAnyRunning == true %}
-        <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
-    {% else %}
-        <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of Community Containers. The changes will not be auto-saved.</p>
-    {% endif %}
     <form id="community-form" method="POST" action="/api/configuration" class="xhr">
         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

From ff7d0e4a01e26a5e7c17c94bac2005e1a7482ce2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 11:13:05 +0200
Subject: [PATCH 3208/3949] adjust cc-docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/readme.md b/community-containers/readme.md
index b08353e1..84283d38 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -5,7 +5,7 @@ This directory features containers that are built for AIO which allows to add ad
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
-Starting with v11 of AIO, the management of Community Containers is done via the web interface. 
+Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down). 
 ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?

From 22848e76ec3497ecc4be7825121f2f5a365cf6f9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 11:18:38 +0200
Subject: [PATCH 3209/3949] Revert "nextcloud: add pandoc to container"

---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 88a88c0a..e6f7c923 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -227,7 +227,6 @@ RUN set -ex; \
         grep \
         nodejs \
         libreoffice \
-        pandoc-cli \
         bind-tools \
         imagemagick \
         imagemagick-svg \

From f678b09523b6199a8102df881bc6824c94008970 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 11:24:07 +0200
Subject: [PATCH 3210/3949] fix collabora healthcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora/healthcheck.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/healthcheck.sh b/Containers/collabora/healthcheck.sh
index 9081ef5c..45e9278b 100644
--- a/Containers/collabora/healthcheck.sh
+++ b/Containers/collabora/healthcheck.sh
@@ -1,3 +1,7 @@
 #!/bin/bash
 
-curl http://127.0.0.1:9980 || exit 1
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0

From 0fe4ea3238f1d4475992014bf730d8d630eebfdb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 11:40:59 +0200
Subject: [PATCH 3211/3949] fix detail in optional containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 1abcfefc..5f5b2d97 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -5,7 +5,7 @@
 {% else %}
     <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
 {% endif %}
-<form id="container-form" method="POST" action="/api/configuration" class="xhr">
+<form id="options-form" method="POST" action="/api/configuration" class="xhr">
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">

From 328900b8c2fab301df228a9f950922d2d4b6ac79 Mon Sep 17 00:00:00 2001
From: thiswillbeyourgithub
 <26625900+thiswillbeyourgithub@users.noreply.github.com>
Date: Fri, 30 May 2025 12:17:03 +0200
Subject: [PATCH 3212/3949] doc: clarification of app migration

Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com>
---
 migration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.md b/migration.md
index 45a19a1c..5e9b8b25 100644
--- a/migration.md
+++ b/migration.md
@@ -57,7 +57,7 @@ The procedure for migrating the files and the database works like this:
     ```
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. On the AIO interface, use the passphrase to connect to your newly created Nextcloud instance's admin account. There, install all the Nextcloud apps that were installed on the old Nextcloud installation. If you don't, the migration will show them as installed, but they won't work.
 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!**
 1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.

From 8a6772bc05619480fac49170b80fc2405ac92858 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 May 2025 12:48:15 +0200
Subject: [PATCH 3213/3949] fix showing community containers in the AIO
 interface and enabling or disabling them

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Container/CommunityContainer.php         | 12 ------------
 php/src/Controller/ConfigurationController.php   | 12 +++++++++++-
 php/src/Data/ConfigurationManager.php            | 13 ++++++-------
 php/templates/includes/community-containers.twig |  2 +-
 4 files changed, 18 insertions(+), 21 deletions(-)
 delete mode 100644 php/src/Container/CommunityContainer.php

diff --git a/php/src/Container/CommunityContainer.php b/php/src/Container/CommunityContainer.php
deleted file mode 100644
index 8f7c2ffd..00000000
--- a/php/src/Container/CommunityContainer.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-
-namespace AIO\Container;
-
-readonly class CommunityContainer {
-    public function __construct(
-        string                        $id,
-        string                        $name,
-        string                        $documentation,
-    ) {
-    }
-}
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index f7930ffc..ed3be505 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -126,7 +126,17 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['community-form'])) {
-                $this->configurationManager->SetEnabledCommunityContainers($request->getParsedBody()['enabled-community'] ?? []);
+                $cc = $this->configurationManager->listAvailableCommunityContainers();
+                $enabledCC = [];
+                /**
+                 * @psalm-suppress PossiblyNullIterator
+                 */
+                foreach ($request->getParsedBody() as $item) {
+                    if (array_key_exists($item , $cc)) {
+                        $enabledCC[] = $item;
+                    }
+                }
+                $this->configurationManager->SetEnabledCommunityContainers($enabledCC);
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index dd2a95cd..d4af26b1 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -3,7 +3,6 @@
 namespace AIO\Data;
 
 use AIO\Auth\PasswordGenerator;
-use AIO\Container\CommunityContainer;
 use AIO\Controller\DockerController;
 
 class ConfigurationManager
@@ -1018,7 +1017,6 @@ class ConfigurationManager
     }
 
 
-    /** @return list<CommunityContainer> */
     public function listAvailableCommunityContainers() : array {
         $cc = [];
         $dir = scandir(DataConst::GetCommunityContainersDirectory());
@@ -1036,15 +1034,16 @@ class ConfigurationManager
                     apcu_add($filePath, $fileContents);
                 }
             } 
-            $json = is_string($fileContents) ? json_decode($fileContents) : false;
+            $json = is_string($fileContents) ? json_decode($fileContents, true) : false;
             if(is_array($json) && is_array($json['aio_services_v1'])) {
                 foreach ($json['aio_services_v1'] as $service) {
                     $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
                     if (is_string($service['display_name'])) {
-                        $cc[] = new CommunityContainer(
-                            $id,
-                            $service['display_name'],
-                            $documentation);
+                        $cc[$id] = [ 
+                            'id' => $id,
+                            'name' => $service['display_name'],
+                            'documentation' => $documentation
+                        ];
                     }
                     break;
                 }
diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig
index dd67027c..f74e3756 100644
--- a/php/templates/includes/community-containers.twig
+++ b/php/templates/includes/community-containers.twig
@@ -16,7 +16,7 @@
             <p>
                 <input
                     type="checkbox"
-                    id="enabled-community[]"
+                    id="{{ cc.id }}"
                     value="{{ cc.id }}"
                     name="{{ cc.id }}"
                     {% if cc.id in community_containers_enabled %}

From 8be30f3cc1f4d19be6c2a5bcd0a296adc1bb1632 Mon Sep 17 00:00:00 2001
From: Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com>
Date: Mon, 2 Jun 2025 04:06:37 +0800
Subject: [PATCH 3214/3949] change the url used in appstore check from
 $APPSTORE_URL to $APPSTORE_URL/apps.json

---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 23450c07..7b3dec5a 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -150,7 +150,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                     APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
                     set +x
                 fi
-                CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)"
+                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
                     echo "Appstore is reachable"

From ae0d0aece33acc37b15c414f7cc0836c2d441fee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 05:17:08 +0000
Subject: [PATCH 3215/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.2.1.1 to 25.04.2.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.2.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 314492c2..95d8b68f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.2.1.1
+FROM collabora/code:25.04.2.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From f71b4a96ce24a8347bc900efea66e2d78fce3d18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Jun 2025 05:20:10 +0000
Subject: [PATCH 3216/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.2.1-cli to 28.2.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.2.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f241fa91..3fa3128e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.2.1-cli AS docker
+FROM docker:28.2.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From f71506a1c9166092161d7d1185b8520928aba69f Mon Sep 17 00:00:00 2001
From: Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com>
Date: Mon, 2 Jun 2025 15:55:13 +0800
Subject: [PATCH 3217/3949] Update Containers/nextcloud/entrypoint.sh

Add comment for the apps.json

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com>
---
 Containers/nextcloud/entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 7b3dec5a..e3377995 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -150,6 +150,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                     APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
                     set +x
                 fi
+                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
                 CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then

From c2ffe0cb4ac6827025babfc5cd296789b4f37232 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 3 Jun 2025 12:03:22 +0000
Subject: [PATCH 3218/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 119 +++++++++-------------------------------------
 1 file changed, 23 insertions(+), 96 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7e389e82..699d5dbb 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.10",
+            "version": "7.0.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2"
+                "reference": "32f111a6d214564520a57831d397263e8946c1d2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/0d1ed64126577e9a095b3204dcaee58cf76432c2",
-                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2",
+                "reference": "32f111a6d214564520a57831d397263e8946c1d2",
                 "shasum": ""
             },
             "require": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.10"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-22T08:53:15+00:00"
+            "time": "2025-06-03T07:45:57+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -2521,79 +2521,6 @@
             ],
             "time": "2024-08-03T19:31:26+00:00"
         },
-        {
-            "name": "composer/package-versions-deprecated",
-            "version": "1.11.99.5",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/composer/package-versions-deprecated.git",
-                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/b4f54f74ef3453349c24a845d22392cd31e65f1d",
-                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d",
-                "shasum": ""
-            },
-            "require": {
-                "composer-plugin-api": "^1.1.0 || ^2.0",
-                "php": "^7 || ^8"
-            },
-            "replace": {
-                "ocramius/package-versions": "1.11.99"
-            },
-            "require-dev": {
-                "composer/composer": "^1.9.3 || ^2.0@dev",
-                "ext-zip": "^1.13",
-                "phpunit/phpunit": "^6.5 || ^7"
-            },
-            "type": "composer-plugin",
-            "extra": {
-                "class": "PackageVersions\\Installer",
-                "branch-alias": {
-                    "dev-master": "1.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "PackageVersions\\": "src/PackageVersions"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Marco Pivetta",
-                    "email": "ocramius@gmail.com"
-                },
-                {
-                    "name": "Jordi Boggiano",
-                    "email": "j.boggiano@seld.be"
-                }
-            ],
-            "description": "Composer plugin that provides efficient querying for installed package versions (no runtime IO)",
-            "support": {
-                "issues": "https://github.com/composer/package-versions-deprecated/issues",
-                "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.5"
-            },
-            "funding": [
-                {
-                    "url": "https://packagist.com",
-                    "type": "custom"
-                },
-                {
-                    "url": "https://github.com/composer",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2022-01-17T14:14:24+00:00"
-        },
         {
             "name": "composer/pcre",
             "version": "3.3.2",
@@ -3403,16 +3330,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.4.0",
+            "version": "v5.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "447a020a1f875a434d62f2a401f53b82a396e494"
+                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/447a020a1f875a434d62f2a401f53b82a396e494",
-                "reference": "447a020a1f875a434d62f2a401f53b82a396e494",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9",
+                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9",
                 "shasum": ""
             },
             "require": {
@@ -3455,9 +3382,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.4.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0"
             },
-            "time": "2024-12-30T11:07:19+00:00"
+            "time": "2025-05-31T08:24:38+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3894,16 +3821,16 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/sserbin/twig-linter.git",
-                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914"
+                "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/c4cb0d08c8290d8fed541eb027bd85dba90a5914",
-                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914",
+                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/932c7f1dcc79cd54aa011804d42aa7bbb14a970f",
+                "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f",
                 "shasum": ""
             },
             "require": {
-                "composer/package-versions-deprecated": "1.11.99.5",
+                "composer-runtime-api": "^2.0",
                 "php": "^7.4|^8.0",
                 "symfony/console": "^5.4 || ^6.1",
                 "symfony/finder": "^5.4 || ^6.1",
@@ -3942,9 +3869,9 @@
             ],
             "support": {
                 "issues": "https://github.com/sserbin/twig-linter/issues",
-                "source": "https://github.com/sserbin/twig-linter/tree/3.1.1"
+                "source": "https://github.com/sserbin/twig-linter/tree/3.1.2"
             },
-            "time": "2024-09-09T16:51:23+00:00"
+            "time": "2025-06-03T06:31:48+00:00"
         },
         {
             "name": "symfony/console",
@@ -4577,16 +4504,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.11.0",
+            "version": "6.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0"
+                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
-                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2",
+                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2",
                 "shasum": ""
             },
             "require": {
@@ -4691,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-05-12T11:30:26+00:00"
+            "time": "2025-05-28T12:52:06+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From e4d11d1295324c891194c9df44e5be236fb5ff43 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Jun 2025 16:42:08 +0200
Subject: [PATCH 3219/3949] aio-interface: add bottom padding to the main
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css      | 1 +
 php/templates/layout.twig | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index fa79efd9..fbe15df5 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -336,6 +336,7 @@ html[data-theme="dark"] ::-webkit-scrollbar-track {
     box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
     max-height: calc(100dvh - var(--container-height-calculation-difference));
     overflow: hidden;
+    padding-bottom: var(--main-padding);
 }
 
 main {
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 97b46edd..6ed264c2 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v4" media="all" />
+        <link rel="stylesheet" href="/style.css?v5" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

From b30ef900e1305248815c795d2068ad3cd4bfef03 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 3 Jun 2025 23:57:38 +0200
Subject: [PATCH 3220/3949] aio-interface: disable talk-recording correctly

Signed-off-by: Simon L. <szaimen@e.mail.de>

Revert "aio-interface: disable talk-recording correctly"

This reverts commit e9711aae78db91359aa6d6bfaf87f60a4453287c.

Update containers.twig
---
 php/templates/containers.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 810117bf..ac59f7c0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -25,6 +25,9 @@
             {# timezone-prefill #}
             <script type="text/javascript" src="timezone.js"></script>
 
+            {# js for optional containers and additional containers forms #}
+            <script type="text/javascript" src="containers-form-submit.js?v4"></script>
+
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
             {% set isAnyRestarting = false %}
@@ -607,9 +610,6 @@
                 {% endif %}
             {% endif %}
 
-
-        <script type="text/javascript" src="containers-form-submit.js?v4"></script>
-
         {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
             <script type="text/javascript" src="automatic_reload.js"></script>
         {% else %}

From 1ab64d158d630f8bc839e599656696666a148d2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 05:11:31 +0000
Subject: [PATCH 3221/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.3-alpine3.21 to 3.13.4-alpine3.21.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.4-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index ab4100a9..cd60844b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.3-alpine3.21
+FROM python:3.13.4-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From fe561976e9b70034bd445badeb95202e46a0f711 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Jun 2025 04:20:47 +0000
Subject: [PATCH 3222/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.3-alpine3.21 to 1.24.4-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.4-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 9e6ce5b7..08cabd2c 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.3-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From fd0c347c16d9f2ed5b5daebe3c5006088896575a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Jun 2025 04:21:45 +0000
Subject: [PATCH 3223/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.24.3-alpine3.21 to 1.24.4-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.4-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 6daf4f10..16331f70 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.3-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 233d31750c58b3ee7ead81d1e62aa6625fac3a27 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 05:15:48 +0000
Subject: [PATCH 3224/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.21-fpm-alpine3.21 to 8.3.22-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.22-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e6f7c923..2ceabd7a 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.21-fpm-alpine3.21
+FROM php:8.3.22-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 38b7732d5cff3c8926eac3383c4263cad14c9219 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 05:20:02 +0000
Subject: [PATCH 3225/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.7-fpm-alpine3.21 to 8.4.8-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.8-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f241fa91..b18f8838 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.2.1-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.7-fpm-alpine3.21
+FROM php:8.4.8-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

From 46a012140ca73463fc821002072e871544b8c1b8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 10 Jun 2025 14:03:43 +0200
Subject: [PATCH 3226/3949] ipv6-docs: mention that
 `"com.docker.network.enable_ipv6":"true"` enabled ipv6 by default for all new
 docker networks

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 3a3dbb33..5e61ba56 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -4,19 +4,23 @@
 First of all upgrade your docker installation to v27.0.1 or higher.
 1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json:
 
-    ```json
-    {
-      "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
-    }
-    ```
+> [!WARNING]
+> This will enable ipv6 for all new docker networks by default!
 
-    Save the file.
+```json
+{
+    "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
+}
+```
+
+And save the file.
 
 2.  Reload the Docker configuration file.
 
-    ```console
-    sudo systemctl restart docker
-    ```
+```console
+sudo systemctl restart docker
+```
+
 3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it.
 
 ## Docker Desktop (Windows and macOS)
@@ -25,9 +29,12 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set
 
 1. You need to now adjust this json file:
 
-    ```
-    "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
-    ```
+> [!WARNING]
+> This will enable ipv6 for all new docker networks by default!
+
+```json
+"default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
+```
 
 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
 3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it.

From bd43dbe63c613c1786ac0440937ae80c1f925651 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 10 Jun 2025 12:13:48 +0000
Subject: [PATCH 3227/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 35941779..56f25de4 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.15.0
+version: 11.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 8a487d8f..739e5931 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-apache:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 19bb3019..a92827c1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index cb1a6621..5b75622e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index b206b590..a6c58b18 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index e968f3f7..d9579a4c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index c10c6f81..db4abddf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index a342ed1d..10920dee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250610_074316
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 06dfdd2c..e99a3d60 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 4a195c9a..c9ca83d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 64bbdbce..9b6d9fb6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-redis:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index e4fed0cd..c8083702 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-talk:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 29275b61..c1142a8c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250610_074316
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 600b193e..5b3e9f81 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250610_074316
           readinessProbe:
             exec:
               command:

From 533862a60721bcbdcae7877449e8649522bcd587 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Jun 2025 12:16:31 +0000
Subject: [PATCH 3228/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.3.2 to 2.4.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/f9f8ef3f634144b126a09ea5b3bfe51ddebc700f...807f6009e7cee5c2c9faa41ccef03a8bb24b06ab)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 13a69609..50b161ea 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2
+        uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
         with:
           continue-after-seconds: 180
         env:

From d6a27a9542e7047b5753e316ad15b0bb2e190bab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Jun 2025 12:16:36 +0000
Subject: [PATCH 3229/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.33.0 to 2.34.0.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/cf4cade2721270509d5b1c766ab3549210a39a2a...27853eb8b46dc01c33bf9fef67d98df2683c3be2)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index f6e1c99f..83d53c91 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+    - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 6a26c59d..038eea7c 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index c890a112..a45d82ec 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index c18740c2..22b05be2 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index fb357a06..4db9b09f 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 1af3a3cb..f166adab 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 5bbfbed128b6805142e23fcf8adc93b1e5cd999e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 10 Jun 2025 10:12:34 +0200
Subject: [PATCH 3230/3949] nextcloud: re-enable the updatenotification app

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile    |  1 -
 Containers/nextcloud/entrypoint.sh | 22 ++++++++++------------
 app/appinfo/info.xml               |  9 ---------
 3 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2ceabd7a..8155d220 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -256,7 +256,6 @@ RUN set -ex; \
     chmod 777 -R /usr/local/etc/php/conf.d && \
     chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
-    rm -rf /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
     chmod -R 777 /nc-updater
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e3377995..10766084 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -193,14 +193,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ app:update --all
 
             run_upgrade_if_needed_due_to_app_update
-
-            # Fix removing the updatenotification for old instances
-            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
-            if [ -d "/var/www/html/apps/updatenotification" ]; then
-                php /var/www/html/occ app:disable updatenotification
-            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
-                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
-            fi
         fi
 
         echo "Initializing nextcloud $image_version ..."
@@ -277,6 +269,10 @@ DATADIR_PERMISSION_CONF
             # unset admin password
             unset ADMIN_PASSWORD
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
 # AIO update to latest start # Do not remove or change this line!
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
@@ -307,8 +303,7 @@ DATADIR_PERMISSION_CONF
                     # shellcheck disable=SC2016
                     installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 fi
-                php /var/www/html/occ app:disable updatenotification
-                rm -rf /var/www/html/apps/updatenotification
+                php /var/www/html/occ config:system:set updatechecker --type=bool --value=true
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
@@ -354,8 +349,6 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer
             php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false
             php /var/www/html/occ config:system:set share_folder --value="/Shared"
-            # Not needed anymore with the removal of the updatenotification app:
-            # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Install some apps by default
             if [ -n "$STARTUP_APPS" ]; then
@@ -434,6 +427,11 @@ DATADIR_PERMISSION_CONF
 
             run_upgrade_if_needed_due_to_app_update
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ app:enable updatenotification
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
             # Apply optimization
             echo "Doing some optimizations..."
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 069786d8..8b911c10 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -20,13 +20,4 @@
 		<admin>OCA\AllInOne\Settings\Admin</admin>
 	</settings>
 
- <!-- not implemented yet - but might be useful:
-        <background-jobs>
-		<job>OCA\AllInOne\Notification\BackgroundJob</job>
-	</background-jobs>
-	<commands>
-		<command>OCA\UpdateNotification\Command\Check</command>
-	</commands>
- -->
-
 </info>

From 0a075b4b2257361af897d319fdb6a8ba3b8af354 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 11 Jun 2025 04:15:35 +0000
Subject: [PATCH 3231/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 8eec4eb9..c2056b48 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.11.0@4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0">
+<files psalm-version="6.12.0@cf420941d061a57050b6c468ef2c778faf40aee2">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 1c5cc164c09a992896eded5ff48e6f88946352f4 Mon Sep 17 00:00:00 2001
From: gggeek <giunta.gaetano@gmail.com>
Date: Tue, 10 Jun 2025 17:27:32 +0000
Subject: [PATCH 3232/3949] DockerController: avoid php warning when id not in
 query string in GetLogs Route

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 6c55b3da..7f7ae9b6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -62,7 +62,11 @@ readonly class DockerController {
 
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
-        $id = $request->getQueryParams()['id'];
+        $requestParams = $request->getQueryParams();
+        $id = '';
+        if (is_string($requestParams['id'])) {
+            $id = $requestParams['id'];
+        }
         if (str_starts_with($id, 'nextcloud-aio-')) {
             $logs = $this->dockerActionManager->GetLogs($id);
         } else {

From f2d9fb8d9d3154bf3e5ba9e92ee8fb0c821b468e Mon Sep 17 00:00:00 2001
From: Quentin Lemeasle <quentinlemcode@gmail.com>
Date: Mon, 2 Jun 2025 20:19:36 +0200
Subject: [PATCH 3233/3949] Update reverse-proxy.md

Signed-off-by: Quentin Lemeasle <quentinlemcode@gmail.com>
Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 27ee04eb..41c0ac01 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -693,10 +693,6 @@ The examples below define the dynamic configuration in YAML files. If you rather
       file:
         directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
         watch: true
-
-    # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
-    # experimental:
-      # http3: true
     ```
 
 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:

From 293fe559f413b569df902837dd6c1d003f696b62 Mon Sep 17 00:00:00 2001
From: Quentin <quentinlemcode@gmail.com>
Date: Tue, 10 Jun 2025 23:12:17 +0200
Subject: [PATCH 3234/3949] Revert "Update reverse-proxy.md"

This reverts commit 226afe6b82b35f6b9b6ad7775857ef3761eafc57.

Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 41c0ac01..27ee04eb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -693,6 +693,10 @@ The examples below define the dynamic configuration in YAML files. If you rather
       file:
         directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
         watch: true
+
+    # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
+    # experimental:
+      # http3: true
     ```
 
 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:

From 29cc92d7147cb194a1dd63daf9804090898439ef Mon Sep 17 00:00:00 2001
From: Quentin <quentinlemcode@gmail.com>
Date: Tue, 10 Jun 2025 23:15:23 +0200
Subject: [PATCH 3235/3949] Add Traefik 3 documentation

Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 27ee04eb..e9f603e5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -745,6 +745,89 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
+### Traefik 3
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
+
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
+
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers:
+
+    ```yml
+    # STATIC CONFIGURATION
+   
+    entryPoints:
+      https:
+        address: ":443" # Create an entrypoint called "https" that uses port 443
+        # If you want to enable HTTP/3 support, uncomment the line below
+        # http3: {}
+    
+    certificatesResolvers:
+      # Define "letsencrypt" certificate resolver
+      letsencrypt:
+        acme:
+          storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+          email: <your-email-address> # Where LE sends notification about certificates expiring
+          tlschallenge: true
+   
+    providers:
+      file:
+        directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+        watch: true
+    ```
+
+2. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
+
+    ```yml
+    http:
+      routers:
+        nextcloud:
+          rule: "Host(`<your-nc-domain>`)"
+          entrypoints:
+            - "https"
+          service: nextcloud
+          middlewares:
+            - nextcloud-chain
+          tls:
+            certresolver: "letsencrypt"
+
+      services:
+        nextcloud:
+          loadBalancer:
+            servers:
+              - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+
+      middlewares:
+        nextcloud-secure-headers:
+          headers:
+            hostsProxyHeaders:
+              - "X-Forwarded-Host"
+            referrerPolicy: "same-origin"
+
+        https-redirect:
+          redirectscheme:
+            scheme: https 
+
+        nextcloud-chain:
+          chain:
+            middlewares:
+              # - ... (e.g. rate limiting middleware)
+              - https-redirect
+              - nextcloud-secure-headers
+    ```
+
+---
+
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+
+</details>
+
 ### IIS with ARR and URL Rewrite
 
 <details>

From 9807d314f3bb7208123917c27be8d78ee9fbfbd1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Jun 2025 14:49:01 +0200
Subject: [PATCH 3236/3949] increase to v11.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index ac59f7c0..e71023c0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.0.0</h1>
+            <h1>Nextcloud AIO v11.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From b3f931f2cf18436fcd9cb1c6e5ea09ce82167b9c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Jun 2025 15:09:38 +0200
Subject: [PATCH 3237/3949] aio-interface: fix the padding-bottom

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index fbe15df5..107463b5 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -336,7 +336,6 @@ html[data-theme="dark"] ::-webkit-scrollbar-track {
     box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
     max-height: calc(100dvh - var(--container-height-calculation-difference));
     overflow: hidden;
-    padding-bottom: var(--main-padding);
 }
 
 main {
@@ -350,6 +349,7 @@ main {
     word-break: break-word;
     max-width: calc(var(--max-width) + calc(var(--main-padding) * 2));
     margin: 0 auto;
+    padding-bottom: var(--main-padding);
 }
 
 .logo {

From 0d4081ab13d2ab0a316e30dd000b11f87f9a0b41 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Jun 2025 15:13:02 +0200
Subject: [PATCH 3238/3949] DockerController: also fix warning in the web
 interface

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 7f7ae9b6..13e8bdda 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -64,7 +64,7 @@ readonly class DockerController {
     {
         $requestParams = $request->getQueryParams();
         $id = '';
-        if (is_string($requestParams['id'])) {
+        if (isset($requestParams['id']) && is_string($requestParams['id'])) {
             $id = $requestParams['id'];
         }
         if (str_starts_with($id, 'nextcloud-aio-')) {

From 13b645dc1d9376a5f79de0a123e31b5bb227cc4e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Jun 2025 15:33:41 +0200
Subject: [PATCH 3239/3949] nextcloud: fix APPSTORE_URL default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index e3377995..4305965f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -144,7 +144,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
                 echo -e "Checking connection to appstore"
-                APPSTORE_URL="https://apps.nextcloud.com/"
+                APPSTORE_URL="https://apps.nextcloud.com/api/v1"
                 if grep -q appstoreurl /var/www/html/config/config.php; then
                     set -x
                     APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"

From 6b2ed113cd1632867920b11be5282dd53b564ecc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Jun 2025 04:21:45 +0000
Subject: [PATCH 3240/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.0-alpine to 3.2.1-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.1-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 3b19c0af..87fc99ab 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.0-alpine
+FROM haproxy:3.2.1-alpine
 
 # hadolint ignore=DL3002
 USER root

From ee23d43ca7127fcaf7f3033dfb32e52139d46473 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Wed, 11 Jun 2025 22:48:52 -0700
Subject: [PATCH 3241/3949] Update watchtower to a well-maintained fork and add
 podman support

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 Containers/watchtower/start.sh   | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 16331f70..173ef09f 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -5,7 +5,7 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b;
+    go install github.com/nicholas-fedor/watchtower@v1.11.3;
 
 FROM alpine:3.21.3
 
diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh
index 2c7a1835..bec4d3a2 100644
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -9,6 +9,13 @@ elif ! test -r /var/run/docker.sock; then
     exit 1
 fi
 
+if [ -f /run/.containerenv ]; then
+    # If running under podman disable memory_swappiness setting in watchtower.
+    # It is a necessary workaround until https://github.com/containers/podman/issues/23824 gets fixed.
+    echo "Running under Podman. Setting WATCHTOWER_DISABLE_MEMORY_SWAPPINESS to 1."
+    export WATCHTOWER_DISABLE_MEMORY_SWAPPINESS=1
+fi
+
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
     exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
 else

From 02a7f909a73d22450eb019baa3991872176ca605 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 12 Jun 2025 09:36:36 +0000
Subject: [PATCH 3242/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 2ceabd7a..668e7847 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.5
+ENV NEXTCLOUD_VERSION=31.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 3957a03b2d5ff87e268e994f85c2a9fb2457108a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 12 Jun 2025 14:23:35 +0200
Subject: [PATCH 3243/3949] app: move the button to a new line

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/templates/admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/templates/admin.php b/app/templates/admin.php
index df675cad..4812ad90 100644
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -10,7 +10,7 @@ declare(strict_types=1);
  */
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
-	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2>
+	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2><br/>
 	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank">Open Nextcloud AIO Interface ↗</a><br><br>
 	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>

From c174ee3a9acd3f9e20bed4e66c0a6b2bef1edf26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 04:56:44 +0000
Subject: [PATCH 3244/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.4-alpine3.21 to 3.13.5-alpine3.21.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.5-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index cd60844b..634a5de3 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.4-alpine3.21
+FROM python:3.13.5-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 83d490280479dec381a233a6f25e2612237a9945 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Jun 2025 12:29:52 +0000
Subject: [PATCH 3245/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.34.0 to 2.34.1.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/27853eb8b46dc01c33bf9fef67d98df2683c3be2...0f7f1d08e3e32076e51cae65eb0b0c871405b16e)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 83d53c91..a7b0c5ff 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+    - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 038eea7c..005af782 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index a45d82ec..2bfe200e 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 22b05be2..304f9393 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 4db9b09f..4e168ab7 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index f166adab..2c40b1ce 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: 8.4
           extensions: apcu

From eb533eef289c7f7a5de351315c6fa5c33fbfdb20 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Fri, 13 Jun 2025 05:35:10 -0700
Subject: [PATCH 3246/3949] Use watchtower image directly instead of building
 it

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 173ef09f..ad4dd4b4 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,11 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.4-alpine3.21 AS go
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        build-base; \
-    go install github.com/nicholas-fedor/watchtower@v1.11.3;
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.3 AS watchtower
 
 FROM alpine:3.21.3
 
@@ -13,7 +7,7 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash ca-certificates tzdata
 
-COPY --from=go /go/bin/watchtower /watchtower
+COPY --from=watchtower /watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 

From 4344148cddf686a83b09a11cafdaed9df3d12015 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 16 Jun 2025 14:21:05 +0200
Subject: [PATCH 3247/3949] entrypoint.sh: add additional logic for
 ONLYOFFICE_HOST

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index f798ca79..4b6df98f 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -676,7 +676,12 @@ fi
 
 # OnlyOffice
 if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
-    while ! nc -z "$ONLYOFFICE_HOST" 80; do
+    if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
+        ONLYOFFICE_PORT=80
+    else
+        ONLYOFFICE_PORT=443
+    fi
+    while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
         echo "waiting for OnlyOffice to become available..."
         sleep 5
     done
@@ -690,7 +695,11 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
-    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
+        ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
+        export ONLYOFFICE_HOST
+    fi
+    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice

From 19793b3753eda8217d0e50e700574d5e29b0cb63 Mon Sep 17 00:00:00 2001
From: Frederik Berg <fberg@posteo.de>
Date: Sun, 15 Jun 2025 23:51:53 +0200
Subject: [PATCH 3248/3949] feat(helm): allow custom data storage class

Signed-off-by: Frederik Berg <fberg@posteo.de>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 7ad3bd32..129bd0bf 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -222,6 +222,10 @@ find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ sto
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "/{{- if .Values.STORAGE_CLASS }}/i\  {{- if .Values.STORAGE_CLASS_DATA }}\n  storageClassName: {{ .Values.STORAGE_CLASS_DATA }}" \{} \;
+# shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s/{{- if .Values.STORAGE_CLASS }}/{{- else if .Values.STORAGE_CLASS }}/" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;
@@ -407,6 +411,7 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done

From d50f6a375fb2d55cf6a6765002718eff104e6095 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 19 Jun 2025 10:15:28 +0200
Subject: [PATCH 3249/3949] add suggestions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 129bd0bf..d3a84a9c 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -410,8 +410,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
-echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
-echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume' >> /tmp/sample.conf
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done

From 7141a7dbb2bc2b160aa9628961d73955d63f1573 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 19 Jun 2025 08:30:33 +0000
Subject: [PATCH 3250/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml   | 4 +++-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 nextcloud-aio-helm-chart/values.yaml                          | 3 ++-
 16 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 56f25de4..0ec2cfb8 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.0.0
+version: 11.1.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 739e5931..a263f3d0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-apache:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index a92827c1..8797054c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5b75622e..95def822 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index a6c58b18..02ab6cbb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index d9579a4c..8b6a1508 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index db4abddf..d11042f3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
index 5be12896..62794e3b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -6,7 +6,9 @@ metadata:
   name: nextcloud-aio-nextcloud-data
   namespace: "{{ .Values.NAMESPACE }}"
 spec:
-  {{- if .Values.STORAGE_CLASS }}
+  {{- if .Values.STORAGE_CLASS_DATA }}
+  storageClassName: {{ .Values.STORAGE_CLASS_DATA }}
+  {{- else if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 10920dee..ce523d56 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250619_082329
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e99a3d60..e1357a83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c9ca83d4..ace321b6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 9b6d9fb6..d9532000 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-redis:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c8083702..67ea27ee 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-talk:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c1142a8c..b73f6a95 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 5b3e9f81..c748ce83 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250610_074316
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250619_082329
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 5bd7e582..10603a7c 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -38,7 +38,8 @@ REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that a
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
-STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

From 2f8b3492624c21120547aa7b42b4878e179882db Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Thu, 19 Jun 2025 14:47:11 +0200
Subject: [PATCH 3251/3949] fix: nextcloud container sometimes becoming stuck
 terminating

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 Containers/nextcloud/run-exec-commands.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index 4fff009c..9ef6ba69 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -26,4 +26,11 @@ else
     fi
 fi
 
-sleep inf
+signal_handler() {
+    exit 0
+}
+
+trap signal_handler SIGINT SIGTERM
+
+sleep inf &
+wait $!

From b2ce65472eb4e7f80fdcf128e92d747289f6a0dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Jun 2025 04:42:51 +0000
Subject: [PATCH 3252/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.2.2.1 to 25.04.3.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.3.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 95d8b68f..5fd88186 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.2.2.1
+FROM collabora/code:25.04.3.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 2552c24c6f5503f449abdf692864b4159df651a3 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Fri, 20 Jun 2025 01:17:45 -0700
Subject: [PATCH 3253/3949] Merge pull request #5568 from
 apparle/enable_local_testability

mastercontainer: enable local testability
---
 Containers/mastercontainer/Dockerfile |  5 ++++-
 develop.md                            | 10 ++++++++++
 php/public/index.php                  |  7 ++++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f798254d..3a61e718 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -8,6 +8,9 @@ FROM caddy:2.10.0-alpine AS caddy
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
 FROM php:8.4.8-fpm-alpine3.21
 
+ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
+ARG AIO_GIT_BRANCH="main"
+
 EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
@@ -64,7 +67,7 @@ RUN set -ex; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
-    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
+    git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \
     find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
diff --git a/develop.md b/develop.md
index b6aa031d..abf52208 100644
--- a/develop.md
+++ b/develop.md
@@ -47,3 +47,13 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 ## How to connect to the database?
 Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.
+
+## How to locally build and test changes to mastercontainer?
+1. Push changes to your own git fork and branch.
+1. Use below commands to build mastercontainer image for a custom git url and branch:
+```
+cd Containers/mastercontainer
+docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load .
+```
+1. Start a container with above built image.
+1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update`
diff --git a/php/public/index.php b/php/public/index.php
index 60440805..712f1463 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -82,6 +82,11 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
     $dockerActionManger->ConnectMasterContainerToNetwork();
     $dockerController->StartDomaincheckContainer();
+
+    // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
+    $params = $request->getQueryParams();
+    $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
+
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'apache_port' => $configurationManager->GetApachePort(),
@@ -91,7 +96,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
         'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
-        'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
+        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManger->IsMastercontainerUpdateAvailable() ),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),

From ec654ecd58fee65eb9fa9ca8ecec61cc28f97f7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Pereira?= <goncalo_pereira@outlook.pt>
Date: Sat, 21 Jun 2025 00:59:34 +0100
Subject: [PATCH 3254/3949] Typo in readme on backup migration section
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Gonçalo Pereira <goncalo_pereira@outlook.pt>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 3052b303..77285975 100644
--- a/readme.md
+++ b/readme.md
@@ -801,7 +801,7 @@ If you have the borg backup feature enabled, you can copy it over to the new hos
     1. Note the path where the backups are stored and the encryption password
 1. Navigate to the backup folder
 1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg`
-1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive.
+1. Copy the archive over to the new host: `scp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive.
 1. Switch to the new host
 1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz`
 1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command)

From 00b24653796424e1a095bd6634e844e194fdc405 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Sun, 22 Jun 2025 02:17:25 -0700
Subject: [PATCH 3255/3949] Add check in daily-backup.sh for uninitialized
 state

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/daily-backup.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 13c0ad85..fbb49c70 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -2,6 +2,13 @@
 
 echo "Daily backup script has started"
 
+# Check if initial configuration has been done, otherwise this script should do nothing.
+configFile=/mnt/docker-aio-config/data/configuration.json
+if [ ! -f "$configFile" ] || ! grep -q -E '"wasStartButtonClicked"\s*:\s*1\s*,' "$configFile"; then
+    echo "Initial configuration not done yet. Exiting..."
+    exit 0
+fi
+
 # Daily backup and backup check cannot be run at the same time
 if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then
     echo "Daily backup and backup check cannot be run at the same time. Exiting..."

From 3b93da5ff5ec73fd3c32218431c89cd68aa01f5c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 11:08:51 +0000
Subject: [PATCH 3256/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.0.5 to v1.1.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 41f27704..4d8ee168 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.1
 
 USER root
 RUN set -ex; \

From 9f9a002ba767cae419fe884e2b5566fc1f32dcb8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 23 Jun 2025 13:58:14 +0200
Subject: [PATCH 3257/3949] increase to 11.2.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e71023c0..22f4477e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.1.0</h1>
+            <h1>Nextcloud AIO v11.2.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 2366cda31cedeb3ec16cd6c36950aa01ab250449 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 23 Jun 2025 16:18:19 +0200
Subject: [PATCH 3258/3949] add additional hint that the network can be created
 manually with ipv6 support

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 docker-ipv6-support.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md
index 5e61ba56..a784e7c7 100644
--- a/docker-ipv6-support.md
+++ b/docker-ipv6-support.md
@@ -5,7 +5,7 @@ First of all upgrade your docker installation to v27.0.1 or higher.
 1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json:
 
 > [!WARNING]
-> This will enable ipv6 for all new docker networks by default!
+> This will enable ipv6 for all new docker networks by default! You can alternatively create the `nextcloud-aio` network with ipv6 support by hand manually via docker network create or via compose.yaml.
 
 ```json
 {
@@ -30,7 +30,7 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set
 1. You need to now adjust this json file:
 
 > [!WARNING]
-> This will enable ipv6 for all new docker networks by default!
+> This will enable ipv6 for all new docker networks by default! You can alternatively create the `nextcloud-aio` network with ipv6 support by hand manually via docker network create or via compose.yaml.
 
 ```json
 "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}

From 108dcf6c486ed9a1ce740e44d609d5889fe2ae1e Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Tue, 24 Jun 2025 01:24:26 -0700
Subject: [PATCH 3259/3949] Update Containers/mastercontainer/daily-backup.sh
 based on review comments

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/daily-backup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index fbb49c70..c68835ea 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -3,9 +3,9 @@
 echo "Daily backup script has started"
 
 # Check if initial configuration has been done, otherwise this script should do nothing.
-configFile=/mnt/docker-aio-config/data/configuration.json
-if [ ! -f "$configFile" ] || ! grep -q -E '"wasStartButtonClicked"\s*:\s*1\s*,' "$configFile"; then
-    echo "Initial configuration not done yet. Exiting..."
+CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json
+if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then
+    echo "Initial configuration via AIO interface not done yet. Exiting..."
     exit 0
 fi
 

From 698732254ba91362e087e70fd9ca58450d8fe1db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Jun 2025 12:32:53 +0000
Subject: [PATCH 3260/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.1.1 to v1.1.2.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.1.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 4d8ee168..bbf0cc6e 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2
 
 USER root
 RUN set -ex; \

From a0e420195532ee973cb069f7508aa21457d921c4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 24 Jun 2025 14:37:52 +0200
Subject: [PATCH 3261/3949] increase to 11.2.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 22f4477e..428af83d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.2.0</h1>
+            <h1>Nextcloud AIO v11.2.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 914d9bfd7f614e838e31f7a4daca0e474bbfc672 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jun 2025 04:38:18 +0000
Subject: [PATCH 3262/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.2.2-cli to 28.3.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 3a61e718..e5764d4c 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.2.2-cli AS docker
+FROM docker:28.3.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From e28d0516f5703fd967f38e5bbba13f754f300845 Mon Sep 17 00:00:00 2001
From: Apoorv Parle <19315187+apparle@users.noreply.github.com>
Date: Thu, 26 Jun 2025 00:54:11 -0700
Subject: [PATCH 3263/3949] Use exec for supervisord replace process and
 propagate signals

Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 9158d5b0..9b948776 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -366,4 +366,4 @@ caddy fmt --overwrite /Caddyfile
 chmod 777 /root
 
 # Start supervisord
-/usr/bin/supervisord -c /supervisord.conf
+exec /usr/bin/supervisord -c /supervisord.conf

From ddbeca9170470ce43b48bc7117c6bb35f4f18f0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20M=C3=BCller?=
 <28591861+alexanderdd@users.noreply.github.com>
Date: Thu, 26 Jun 2025 03:30:24 -0500
Subject: [PATCH 3264/3949] readme: add "do not install Docker as snap"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Alexander Müller <28591861+alexanderdd@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 77285975..07e5375c 100644
--- a/readme.md
+++ b/readme.md
@@ -81,6 +81,9 @@ Included are:
 | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
+>[!WARNING]
+> You should first make sure that you are not using docker installed via snap. You can check this by running `sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"`. If the output should contain the mentioned string `/var/snap/docker/`, you should first uninstall docker snap via `sudo snap remove docker` and then follow the instructions below. ⚠️ Attention: only run the command if this is a clean new docker installation and you are not running any service already using this.
+
 > [!NOTE]
 > The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 

From ce1208b26eecc2f9f052af578c5fc956ec5452eb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 10 Jun 2025 15:44:15 +0200
Subject: [PATCH 3265/3949] add container-managment cc

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md          |  2 +-
 .../container-management.json                 | 41 +++++++++++++++++++
 .../container-management/readme.md            | 15 +++++++
 .../facerecognition/readme.md                 |  6 ++-
 community-containers/fail2ban/readme.md       |  2 +-
 community-containers/lldap/readme.md          |  3 +-
 community-containers/npmplus/readme.md        |  2 +-
 community-containers/readme.md                |  2 +-
 readme.md                                     | 12 +++---
 9 files changed, 72 insertions(+), 13 deletions(-)
 create mode 100644 community-containers/container-management/container-management.json
 create mode 100644 community-containers/container-management/readme.md

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index d6e63e41..f9b5a020 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -11,7 +11,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
-- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
+- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/container-management/container-management.json b/community-containers/container-management/container-management.json
new file mode 100644
index 00000000..9563139d
--- /dev/null
+++ b/community-containers/container-management/container-management.json
@@ -0,0 +1,41 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-container-management",
+            "display_name": "Container Management",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management",
+            "image": "ghcr.io/szaimen/aio-container-management",
+            "image_tag": "v1",
+            "internal_port": "5804",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "",
+                    "port_number": "5804",
+                    "protocol": "tcp"
+                }
+            ],
+            "volumes": [
+                {
+                  "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
+                  "destination": "/var/run/docker.sock",
+                  "writeable": false
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "SECURE_CONNECTION=1",
+                "WEB_AUTHENTICATION=1",
+                "USER_ID=0",
+                "GROUP_ID=0",
+                "WEB_AUTHENTICATION_USERNAME=container-management",
+                "WEB_AUTHENTICATION_PASSWORD=%CONTAINER_MANAGEMENT_PASSWORD%",
+                "WEB_LISTENING_PORT=5804"
+            ],
+            "secrets": [
+                "CONTAINER_MANAGEMENT_PASSWORD"
+            ],
+            "ui_secret": "CONTAINER_MANAGEMENT_PASSWORD"
+        }
+    ]
+}
diff --git a/community-containers/container-management/readme.md b/community-containers/container-management/readme.md
new file mode 100644
index 00000000..e8c17313
--- /dev/null
+++ b/community-containers/container-management/readme.md
@@ -0,0 +1,15 @@
+## Container-Management
+This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
+
+### Notes
+- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5804` in order to log in with the user `container-management` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
+- Then, you should see a terminal. There you can use any docker command. ⚠️ Be very carefully while doing that as can break your instance!
+- There are also some pre-made scripts that make configuring some of the community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-container-management
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md
index c715d9c7..474ed1e2 100644
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -4,7 +4,8 @@ This container bundles the external model of facerecognition and auto-configures
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
 - The image analysis is currently set to fixed value of `1G`. See [this](https://github.com/search?q=repo%3Anextcloud%2Fall-in-one+1G+path%3A%2F%5Ecommunity-containers%5C%2Ffacerecognition%5C%2F%2F&type=code)
-- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
+- Facerecognition is by default disabled for all users. If you want to enable facerecognition for all users, you can run the following commands before adding this container:<br>
+**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /facerecognition.sh`.
     ```bash
     # Go into the container
     sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
@@ -22,7 +23,8 @@ This container bundles the external model of facerecognition and auto-configures
     # Exit the container shell
     exit
     ```
-- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
+- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.<br>
+**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md
index cb78639c..28ab21e3 100644
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -4,7 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
 - If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
-- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`.
+- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index 74a51c61..ce4636bc 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -23,7 +23,8 @@ First, you need to retrieve the LLDAP admin password, this will be used later on
 sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
 ```
 
-Now go into the Nextcloud container:
+Now go into the Nextcloud container:<br>
+**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`.
 ```bash
 sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
 ```
diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md
index 437c6771..a71b4af2 100644
--- a/community-containers/npmplus/readme.md
+++ b/community-containers/npmplus/readme.md
@@ -8,7 +8,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password. 
 - The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.org`
 - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
-- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
+- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
 - **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true by default
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/readme.md b/community-containers/readme.md
index 84283d38..1631a952 100644
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -17,4 +17,4 @@ Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for al
 ## How to remove containers from AIOs stack?
 You can remove containers now via the web interface.
 
-After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).
+After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`). **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
diff --git a/readme.md b/readme.md
index 3052b303..bac0e0a0 100644
--- a/readme.md
+++ b/readme.md
@@ -567,16 +567,16 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 
 ### How to run `occ` commands?
-Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
+Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
-Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `US` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `US` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to run multiple AIO instances on one server?
 See [multiple-instances.md](./multiple-instances.md) for some documentation on this.
 
 ### Bruteforce protection FAQ
-Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
+Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to switch the channel?
 You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa.
@@ -658,10 +658,10 @@ Since Podman is not 100% compatible with the Docker API, Podman is not supported
 ### Access/Edit Nextcloud files/folders manually
 The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.
 
-After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
+After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to edit Nextclouds config.php file with a texteditor?
-You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.
+You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to change default files by creating a custom skeleton directory?
 All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
@@ -1057,7 +1057,7 @@ Netdata allows you to monitor your server using a GUI. You can install it by fol
 If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name.
 
 ### phpMyAdmin, Adminer or pgAdmin
-It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
+It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045 **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### Mail server
 You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart

From 58d79307a18e1ec3e292dac56d69396089283873 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Jun 2025 04:41:24 +0000
Subject: [PATCH 3266/3949] build(deps): bump onlyoffice/documentserver in
 /Containers/onlyoffice

Bumps onlyoffice/documentserver from 8.3.3.1 to 9.0.2.1.

---
updated-dependencies:
- dependency-name: onlyoffice/documentserver
  dependency-version: 9.0.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 97587907..8d841707 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.3.1
+FROM onlyoffice/documentserver:9.0.2.1
 
 # USER root is probably used
 

From 1c3b257107995d684ec87a707c5f0e92361517d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Jun 2025 04:41:28 +0000
Subject: [PATCH 3267/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.4-scratch to 2.11.5-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.5-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a84864cc..7714a00f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.4-scratch AS nats
+FROM nats:2.11.5-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus

From d520f106c33daef5ab692100849624fcc74457d3 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 28 Jun 2025 12:02:55 +0000
Subject: [PATCH 3268/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 699d5dbb..73b56a53 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3875,16 +3875,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.22",
+            "version": "v6.4.23",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3"
+                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
-                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
+                "url": "https://api.github.com/repos/symfony/console/zipball/9056771b8eca08d026cd3280deeec3cfd99c4d93",
+                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93",
                 "shasum": ""
             },
             "require": {
@@ -3949,7 +3949,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.22"
+                "source": "https://github.com/symfony/console/tree/v6.4.23"
             },
             "funding": [
                 {
@@ -3965,7 +3965,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-05-07T07:05:04+00:00"
+            "time": "2025-06-27T19:37:22+00:00"
         },
         {
             "name": "symfony/filesystem",

From cca0ce9e72a0c2a38b838b08d065c164e90157e5 Mon Sep 17 00:00:00 2001
From: Prokop Schield <76836484+prokopschield@users.noreply.github.com>
Date: Sun, 29 Jun 2025 12:58:14 +0200
Subject: [PATCH 3269/3949] fix: typo

Signed-off-by: Prokop Schield <76836484+prokopschield@users.noreply.github.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e9f603e5..84aad3d1 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -273,7 +273,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 1. Now continue with [point 2](#2-use-this-startup-command) but add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command - which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel).
 
-**Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
+**Advice:** Make sure to [disable Cloudflare's Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 
 </details>
 

From 5d1bebfd0b959336bd53388f5fa911a215ddceb6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Jul 2025 11:34:38 +0200
Subject: [PATCH 3270/3949] Revert "build(deps): bump onlyoffice/documentserver
 from 8.3.3.1 to 9.0.2.1 in /Containers/onlyoffice"

---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 8d841707..97587907 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.0.2.1
+FROM onlyoffice/documentserver:8.3.3.1
 
 # USER root is probably used
 

From 88541ffe26937fc0c276124bbfe871d557245a5b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 1 Jul 2025 11:53:05 +0000
Subject: [PATCH 3271/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 0ec2cfb8..9b9ef61e 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.1.0
+version: 11.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index a263f3d0..5751c7bf 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-apache:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 8797054c..6d2678f8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 95def822..ce2417e4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 02ab6cbb..450868ed 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8b6a1508..53180a99 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d11042f3..a452962e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index ce523d56..688ac9b4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250701_092737
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e1357a83..480e046f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index ace321b6..0b79be44 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index d9532000..4120a5f5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-redis:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 67ea27ee..4424d662 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-talk:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index b73f6a95..e121f2e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250701_092737
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index c748ce83..e3734f10 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250619_082329
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250701_092737
           readinessProbe:
             exec:
               command:

From fcc74e2105c37f04639a71327cf968fb04e30003 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Jul 2025 15:01:10 +0200
Subject: [PATCH 3272/3949] DockerActionManager: always add a Hostname to each
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 16f28e52..c73441b4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -584,6 +584,8 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Mounts'] = $mounts;
         }
 
+        $requestBody['Hostname'] = $container->GetIdentifier();
+
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
         try {
             $this->guzzleClient->request(

From aec692208ede7973204f1b3c679621ae99c95dea Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Tue, 10 Jun 2025 16:43:18 +0200
Subject: [PATCH 3273/3949] libretranslate: add `(deprecated)` to its display
 name

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/libretranslate/libretranslate.json | 2 +-
 php/containers-schema.json                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json
index 98970db4..dad8d007 100644
--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -2,7 +2,7 @@
     "aio_services_v1": [
         {
             "container_name": "nextcloud-aio-libretranslate",
-            "display_name": "LibreTranslate",
+            "display_name": "LibreTranslate (deprecated)",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
             "image": "ghcr.io/szaimen/aio-libretranslate",
             "image_tag": "v1",
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 46782a33..cd746ebf 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -47,7 +47,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z 0-9-]+$"
+						"pattern": "^[()A-Za-z 0-9-]+$"
 					},
 					"environment": {
 						"type": "array",

From 1b3e519cd76a989f5f8ba22572c0dca54f0fd960 Mon Sep 17 00:00:00 2001
From: Anupam Kumar <kyteinsky@gmail.com>
Date: Tue, 1 Jul 2025 17:53:41 +0530
Subject: [PATCH 3274/3949] feat(talk): add SKIP_CERT_VERIFY env

This environment variable when set to "true" will allow usage
of self-signed certificates.

Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 1 +
 Containers/talk/start.sh   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7714a00f..4654ef44 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -37,6 +37,7 @@ RUN set -ex; \
 
 FROM alpine:3.21.3
 ENV ETURNAL_ETC_DIR="/conf"
+ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
 COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 185dde8a..b07f5bc9 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -95,6 +95,7 @@ backends = backend-1
 allowall = false
 timeout = 10
 connectionsperhost = 8
+skipverify = ${SKIP_CERT_VERIFY}
 
 [backend-1]
 url = https://${NC_DOMAIN}

From d20812b0e8d39fcb38eec5dd50d8e5ff96400fba Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Jul 2025 17:43:36 +0200
Subject: [PATCH 3275/3949] add comment

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c73441b4..61cb41bb 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -584,6 +584,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Mounts'] = $mounts;
         }
 
+        // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();
 
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());

From 9967aea70c11318bb63c4908a3857e2f58983e9b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 1 Jul 2025 17:58:27 +0200
Subject: [PATCH 3276/3949] CreateContainers: add
 `"com.centurylinklabs.watchtower.enable": "false"` to all managed containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 61cb41bb..b3560968 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -584,6 +584,9 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Mounts'] = $mounts;
         }
 
+        // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();
 

From df13ca077cb4bbc93eae61b8491255e42756c409 Mon Sep 17 00:00:00 2001
From: Olicorne <26625900+thiswillbeyourgithub@users.noreply.github.com>
Date: Tue, 1 Jul 2025 18:52:44 +0200
Subject: [PATCH 3277/3949] readme: improve the `How to stop/start/update
 containers or trigger the daily backup from a script externally?` section
 (#6592)

Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/readme.md b/readme.md
index 862202cf..9338ea4a 100644
--- a/readme.md
+++ b/readme.md
@@ -1033,11 +1033,13 @@ After doing a restore via the AIO interface, you might run into problems due to
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environment variables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
-- `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
-- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
-- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers at the start of the script. Implied by `DAILY_BACKUP=1`.
+- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `DAILY_BACKUP=1`.
+- `CHECK_BACKUP` if set to `1`, it will start the integrity check of all borg backups made by AIO. Note that the backup check is non blocking so containers can be kept running while the check lasts. That means you can't pass `DAILY_BACKUP=1` at the same time. The output of the check can be found in the logs of the container `nextcloud-aio-borgbackup`.
 
-One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+One example to do a backup would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+
+Likewise to do a backup check would be `sudo docker exec --env DAILY_BACKUP=0 --env CHECK_BACKUP=1 --env STOP_CONTAINERS=0 nextcloud-aio-mastercontainer /daily-backup.sh`.
 
 > [!NOTE]  
 > None of the option returns error codes. So you need to check for the correct result yourself.

From b561c59b9326b53ff67af94285eaad787429a1d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 04:27:41 +0000
Subject: [PATCH 3278/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.5-scratch to 2.11.6-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.6-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 4654ef44..67bb7e61 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.5-scratch AS nats
+FROM nats:2.11.6-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus

From 306818dc10421b00936c6d2d2f305e96cd823f4c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 04:28:08 +0000
Subject: [PATCH 3279/3949] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.3 to 1.11.5.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/goreleaser.yml)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.3...v1.11.5)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.11.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ad4dd4b4..76cfd60f 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.3 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
 
 FROM alpine:3.21.3
 

From 07dc4de9fff7b9e52db1853c81154813ec16efb5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Jul 2025 04:43:58 +0000
Subject: [PATCH 3280/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.1-alpine to 3.2.2-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 87fc99ab..bcc7ac71 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.1-alpine
+FROM haproxy:3.2.2-alpine
 
 # hadolint ignore=DL3002
 USER root

From 3e9ce2be055286432e8983af7c11bcb2df0856af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 10:00:59 +0200
Subject: [PATCH 3281/3949] instance-restore: make sure that the configured
 borg restore location is not a children of or equal to NEXTCLOUD_DATADIR

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d4af26b1..5f950fc7 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -484,8 +484,13 @@ class ConfigurationManager
             }
 
             if (!$isValidPath) {
-                throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
+                throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'.");
             }
+
+            if (str_starts_with($location, rtrim($this->GetNextcloudDatadirMount(), '/'))) {
+                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount());
+            }
+
         } else {
             $this->ValidateBorgRemoteRepo($repo);
         }

From bf4cf0ad276fe9fbd66574cfc331f361ca75468c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 10:28:47 +0200
Subject: [PATCH 3282/3949] increase to 11.3.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 428af83d..6d50efd4 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.2.1</h1>
+            <h1>Nextcloud AIO v11.3.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 983e523bde3d24dc89de36185653c17f0d831bf5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 11:44:50 +0200
Subject: [PATCH 3283/3949] make the check for backup dir and datadir fail
 proof

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5f950fc7..64542801 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -487,7 +487,7 @@ class ConfigurationManager
                 throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'.");
             }
 
-            if (str_starts_with($location, rtrim($this->GetNextcloudDatadirMount(), '/'))) {
+            if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) {
                 throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount());
             }
 

From 362cad79dbfb0ec0c803111d62d51ff1e18d0143 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 11:48:22 +0200
Subject: [PATCH 3284/3949] add comment with link

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 64542801..bfc59f7c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -487,6 +487,8 @@ class ConfigurationManager
                 throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'.");
             }
 
+            // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore
+            // See https://github.com/nextcloud/all-in-one/issues/6607
             if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) {
                 throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount());
             }

From 90b1a645720aa9f86d65f38bc1111de113e1e2ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sch=C3=A4fer?= <felix@thegcat.net>
Date: Wed, 2 Jul 2025 11:27:26 +0200
Subject: [PATCH 3285/3949] Make elasticsearch connection configurable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Felix Schäfer <felix@thegcat.net>
---
 Containers/nextcloud/entrypoint.sh                          | 4 ++--
 manual-install/latest.yml                                   | 3 +++
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 6 ++++++
 php/containers.json                                         | 3 +++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4b6df98f..70e44984 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -809,7 +809,7 @@ fi
 
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
-    while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do
+    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do
         echo "waiting for Fulltextsearch to become available..."
         sleep 5
     done
@@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 04ac9193..84b113d3 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -165,6 +165,9 @@ services:
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - FULLTEXTSEARCH_PORT=9200
+      - FULLTEXTSEARCH_USER=elastic
+      - FULLTEXTSEARCH_INDEX=nextcloud-aio
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 688ac9b4..ca6704d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -110,6 +110,12 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
             - name: FULLTEXTSEARCH_HOST
               value: nextcloud-aio-fulltextsearch
+            - name: FULLTEXTSEARCH_PORT
+              value: 9200
+            - name: FULLTEXTSEARCH_USER
+              value: elastic
+            - name: FULLTEXTSEARCH_INDEX
+              value: nextcloud-aio
             - name: FULLTEXTSEARCH_PASSWORD
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: IMAGINARY_ENABLED
diff --git a/php/containers.json b/php/containers.json
index 38fdb09a..cead6d32 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -236,6 +236,9 @@
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "FULLTEXTSEARCH_PORT=9200",
+        "FULLTEXTSEARCH_USER=elastic",
+        "FULLTEXTSEARCH_INDEX=nextcloud-aio",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",

From 4cf1a3839b5ac274938d3aff6d4c376303599f3b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 3 Jul 2025 15:12:00 +0200
Subject: [PATCH 3286/3949] collabora: change startup logs from trace to
 warning

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 38fdb09a..a03cee1a 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -377,7 +377,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",

From 4e25a56edcbc77c4c801bdfa1321c33643e8335a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:42:43 +0000
Subject: [PATCH 3287/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.8-fpm-alpine3.21 to 8.4.10-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.10-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e5764d4c..8a8ac7ee 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.0-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.8-fpm-alpine3.21
+FROM php:8.4.10-fpm-alpine3.21
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"

From b593f0388edeabeba80f6fbcd7d18017b7c4d052 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:42:45 +0000
Subject: [PATCH 3288/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.0-cli to 28.3.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e5764d4c..3e8133c8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.0-cli AS docker
+FROM docker:28.3.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From d0df45bf522368847e20ee37da169d4c2f028064 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Jul 2025 04:43:06 +0000
Subject: [PATCH 3289/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.22-fpm-alpine3.21 to 8.3.23-fpm-alpine3.21.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.23-fpm-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index da201e06..9dbf231c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.22-fpm-alpine3.21
+FROM php:8.3.23-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From fc0d21cc49bca931ac84ee131abe428f588e965b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Jul 2025 13:36:55 +0200
Subject: [PATCH 3290/3949] db-import: improve the import process by using the
 `smart` mode and a higher timeout

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/postgresql/start.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh
index dbb74196..551bb10e 100644
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -128,7 +128,9 @@ EOSQL
     fi
 
     # Shut down the database to be able to start it again
-    pg_ctl stop -m fast
+    # The smart mode disallows new connections, then waits for all existing clients to disconnect and any online backup to finish
+    # Wait for 1800s to make sure that a checkpoint is completed successfully
+    pg_ctl stop -m smart -t 1800
 
     # Change database port back to default
     export PGPORT=5432

From b538bc7155bd82b6aebe5f7e76a8300672164606 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 4 Jul 2025 19:31:51 +0200
Subject: [PATCH 3291/3949] restore-instance: make hint more visible that
 backup needs to be restored two times if the backup contained any community
 container data

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig            | 4 ++--
 php/tests/tests/restore-instance.spec.js | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6d50efd4..8f917380 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -163,7 +163,7 @@
                                             </form>
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
-                                        <p><strong>Please note:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
+                                        <p><strong>Important:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
                                         <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -173,7 +173,7 @@
                                                 {% endfor %}
                                             </select><br>
                                             <input type="checkbox" id="restore-exclude-previews" name="restore-exclude-previews"><label for="restore-exclude-previews">Exclude previews from restore which will speed up the restore process but will trigger a scan of the preview folder as soon as the Nextcloud container starts the next time</label><br>
-                                            <input type="submit" value="Restore selected backup"/>
+                                            <input type="submit" value="Restore selected backup" onclick="return confirm('⚠️ Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.')"/>
                                         </form>
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index 217218e5..c16f6700 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -59,6 +59,10 @@ test('Restore instance', async ({ page: setupPage }) => {
   // Check integrity and restore backup
   await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
+  containersPage.once('dialog', dialog => {
+    console.log(`Dialog message: ${dialog.message()}`)
+    dialog.accept()
+  });
   await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 });
 

From 8d59472c3846e63f458b65e0fc78f90136abedd6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 05:16:09 +0000
Subject: [PATCH 3292/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.3.1.1 to 25.04.3.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.3.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 5fd88186..d9086cb4 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.3.1.1
+FROM collabora/code:25.04.3.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 99b54546761f69b61c9d1236373afee8087c7934 Mon Sep 17 00:00:00 2001
From: Kai Biebel <38378574+seclution@users.noreply.github.com>
Date: Mon, 7 Jul 2025 09:59:34 +0200
Subject: [PATCH 3293/3949] Update reverse-proxy.md

Increase timeouts to prevent connection reset on uploads >100MB in clean Traefik setup

Signed-off-by: Kai Biebel <38378574+seclution@users.noreply.github.com>
---
 reverse-proxy.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 84aad3d1..785e9ace 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -765,6 +765,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
+          transport:
+            respondingTimeouts:
+              readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From 80d23c01d6e44e77a22704e507d8d11246994264 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Jul 2025 05:35:29 +0000
Subject: [PATCH 3294/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.9-alpine to 7.2.10-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.10-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 92f2b17c..98f3d3f0 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.9-alpine
+FROM redis:7.2.10-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From c288949b432163765c7f9a8b935e95aa073880dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:23:15 +0200
Subject: [PATCH 3295/3949] readme: add more explicit note that AIO is looking
 for contributors

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 9338ea4a..81835401 100644
--- a/readme.md
+++ b/readme.md
@@ -1,4 +1,8 @@
 # Nextcloud All-in-One
+
+> [!NOTE]
+> Nextcloud AIO is actively looking for contributors. See [the forum post](https://help.nextcloud.com/t/nextcloud-aio-is-looking-for-contributors/205234).
+
 The official Nextcloud installation method. Nextcloud AIO provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:

From e07a27990a5d332d4d695d324c9a90eb4fd3b4da Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:28:44 +0200
Subject: [PATCH 3296/3949] update config.yml and bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 6 +++---
 .github/ISSUE_TEMPLATE/config.yml    | 5 +----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 66681d2e..f5dd328f 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -6,9 +6,9 @@ labels: 0. Needs triage
 
 <!---
 - Before submitting a bug report, please read through the documentation available at https://github.com/nextcloud/all-in-one#faq
-- If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
-- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
-
+- Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki
+- You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions
+- Additional threads can be found here: https://help.nextcloud.com/tag/aio
 --->
 
 <!--- Please fill out the whole template below -->
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index bbeee846..0f14f48e 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -3,15 +3,12 @@ contact_links:
     - name: 📘 Documentation on Nextcloud AIO
       url: https://github.com/nextcloud/all-in-one#faq
       about: Please read the docs first before submitting any report or request!
-    - name: ⛑️ General questions and support
+    - name: ⛑️ Questions and support
       url: https://help.nextcloud.com/tag/aio
       about: For general questions, support and help
     - name: 💡 Suggest a new feature or discuss one
       url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
       about: For new feature requests and discussion of existing ones
-    - name: ❓ Questions about Nextcloud AIO
-      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
-      about: For questions specifically about AIO
     - name: 💼 Nextcloud Enterprise
       url: https://portal.nextcloud.com/
       about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly

From 61ed785c7201e96a25a2ab8c498c1973c6a82f23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 12:31:03 +0200
Subject: [PATCH 3297/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 0f14f48e..72ae238a 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -5,7 +5,7 @@ contact_links:
       about: Please read the docs first before submitting any report or request!
     - name: ⛑️ Questions and support
       url: https://help.nextcloud.com/tag/aio
-      about: For general questions, support and help
+      about: For questions, support and help
     - name: 💡 Suggest a new feature or discuss one
       url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
       about: For new feature requests and discussion of existing ones

From 7961dc2fc50ec67e8ddbeeb59dc622e623554014 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 8 Jul 2025 12:03:32 +0000
Subject: [PATCH 3298/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 73b56a53..825ff024 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4504,16 +4504,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.12.0",
+            "version": "6.12.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2"
+                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2",
-                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f",
+                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-05-28T12:52:06+00:00"
+            "time": "2025-07-04T09:56:28+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From aeb133e86ca7e707d3e428fd9976deb8dcdb60bd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 8 Jul 2025 15:53:30 +0200
Subject: [PATCH 3299/3949] CreateContainer: Also add `diun.enable: false` to
 all managed containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b3560968..206bc904 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -585,7 +585,8 @@ readonly class DockerActionManager {
         }
 
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From 3270767272bf79707eb3d3dd2eea1d058262f081 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 04:44:55 +0000
Subject: [PATCH 3300/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.4-alpine3.21 to 1.24.5-alpine3.21.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.5-alpine3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 08cabd2c..55e2a64a 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.4-alpine3.21 AS go
+FROM golang:1.24.5-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 1c41122d393c15020ff8713fe47c0c937d697182 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 9 Jul 2025 16:11:28 +0200
Subject: [PATCH 3301/3949] Bug-report-template: add link to existing feature
 requests

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index f5dd328f..691221d7 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -9,6 +9,7 @@ labels: 0. Needs triage
 - Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki
 - You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions
 - Additional threads can be found here: https://help.nextcloud.com/tag/aio
+- Existing feature requests are listed here: https://github.com/nextcloud/all-in-one/discussions/categories/ideas
 --->
 
 <!--- Please fill out the whole template below -->

From 0bab98fdec083a5aad0581885d425f805722fae6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 04:34:58 +0000
Subject: [PATCH 3302/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.2-alpine to 3.2.3-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.3-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index bcc7ac71..b14d553b 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.2-alpine
+FROM haproxy:3.2.3-alpine
 
 # hadolint ignore=DL3002
 USER root

From a328f56fd08498d57f1668c2dd88d85cfbf6f00e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:39:43 +0200
Subject: [PATCH 3303/3949] mastercontainer: add mountpoint check for
 `/var/www/docker-aio/php/containers.json`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 9b948776..adb91c39 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -43,6 +43,11 @@ elif ! mountpoint -q "/mnt/docker-aio-config"; then
     echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
+elif mountpoint -q /var/www/docker-aio/php/containers.json; then
+    print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
+    echo "This is a not-supported customization of the mastercontainer!"
+    echo "Please remove this bind-mount from the mastercontainer."
+    exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)

From 1e868d4e5460ace4011a378156b9fcff7e4ef747 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 08:49:09 +0000
Subject: [PATCH 3304/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 9b9ef61e..1fd66dc9 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.2.1
+version: 11.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 5751c7bf..65bcef36 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6d2678f8..b40b4fd9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ce2417e4..a58cc9a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 450868ed..ee6fe5d3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 53180a99..49bf6fc6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a452962e..6d35fd39 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 688ac9b4..af427008 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 480e046f..6c2f653b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0b79be44..2ece813f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4120a5f5..b461b489 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 4424d662..c55f6ee2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index e121f2e6..290d6436 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index e3734f10..7cf1b406 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250701_092737
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355
           readinessProbe:
             exec:
               command:

From 22d27028d161466b063e9bc8453c2adc98368d0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:51:10 +0200
Subject: [PATCH 3305/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 --
 1 file changed, 2 deletions(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 5f5b2d97..572af5f1 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -98,7 +98,6 @@
         >
         <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
-    {% if is_onlyoffice_enabled == true %}
     <p>
         <input
             type="checkbox"
@@ -113,7 +112,6 @@
         >
         <label for="onlyoffice">OnlyOffice</label>
     </p>
-    {% endif %}
     <p>
         <input
             type="checkbox"

From 00348c2ee194dee5d65f021e11010fb0081f2d94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 10:51:28 +0200
Subject: [PATCH 3306/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 97587907..f23327cd 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.3.1
+FROM onlyoffice/documentserver:9.0.3.1
 
 # USER root is probably used
 

From 78ec604a4b05c22bb39a2289636702e2b6d0b71a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 11:26:09 +0200
Subject: [PATCH 3307/3949] increase to 11.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8f917380..a7689126 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.3.0</h1>
+            <h1>Nextcloud AIO v11.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 6ddcd3b1167473da1509ada3786651a68cce0357 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 11:47:59 +0000
Subject: [PATCH 3308/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9dbf231c..915f7239 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.6
+ENV NEXTCLOUD_VERSION=31.0.7
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 382108c971c64a971465f792fd98c675aca81f66 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 10 Jul 2025 12:03:56 +0000
Subject: [PATCH 3309/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 04ac9193..9d62923c 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -253,7 +253,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}

From 754ab219a86a172d642e23baeb022f69b32829b6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 10 Jul 2025 15:56:42 +0200
Subject: [PATCH 3310/3949] add advice to
 `/var/www/docker-aio/php/containers.json` mountpoint warning

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index adb91c39..46a0eef0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -47,6 +47,8 @@ elif mountpoint -q /var/www/docker-aio/php/containers.json; then
     print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!"
     echo "This is a not-supported customization of the mastercontainer!"
     echo "Please remove this bind-mount from the mastercontainer."
+    echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."

From 34e82410cf9dccfb74ac4644ef4b1cf8147bd85a Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Fri, 11 Jul 2025 04:20:57 +0000
Subject: [PATCH 3311/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index c2056b48..a954c812 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.12.0@cf420941d061a57050b6c468ef2c778faf40aee2">
+<files psalm-version="6.12.1@e71404b0465be25cf7f8a631b298c01c5ddd864f">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 0350b9528f1c6e0cda83c919674a331088d7bc18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 05:16:11 +0000
Subject: [PATCH 3312/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.2 to 8.18.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ae7eee63..1d1ca4b6 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.2
+FROM elasticsearch:8.18.3
 
 USER root
 

From a28f1b9c13d785e77d8f09ee8c96d8f0760a8118 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 11 Jul 2025 16:14:58 +0200
Subject: [PATCH 3313/3949] mastercontainer: add check for http proxy variables

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index adb91c39..b356f1c0 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -37,6 +37,7 @@ if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
     echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
+    echo "And https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
     print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
@@ -274,6 +275,7 @@ if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
     echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
 fi
 
@@ -284,6 +286,13 @@ if [ -n "$TZ" ]; then
     # Disable exit since it seems to be by default set on unraid and we dont want to break these instances
     # exit 1
 fi
+# Check that http proxy or no_proxy variable is not set which AIO does not support
+if [ -n "$HTTP_PROXY" ] || [ -n "$http_proxy" ] || [ -n "$HTTPS_PROXY" ] || [ -n "$https_proxy" ] || [ -n "$NO_PROXY" ] || [ -n "$no_proxy" ]; then
+    print_red "The environmental variable HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY or no_proxy has been set which is not supported by AIO."
+    echo "If you need this, then you should use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
+    exit 1
+fi
 if mountpoint -q /etc/localtime; then
     print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
     echo "The correct timezone can be set in the AIO interface later on!"

From e6e93701c310d6826b00435e1ad3fac6d1715328 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 06:14:44 +0000
Subject: [PATCH 3314/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.1-cli to 28.3.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 663b7a30..685d92d5 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.1-cli AS docker
+FROM docker:28.3.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From ccb06b3525a4ce1d0b94f706873e50e3f9690c83 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 14 Jul 2025 12:03:40 +0000
Subject: [PATCH 3315/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 825ff024..98146e2f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3563,16 +3563,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.1.0",
+            "version": "2.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68"
+                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
-                "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
+                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
                 "shasum": ""
             },
             "require": {
@@ -3604,9 +3604,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.1.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0"
             },
-            "time": "2025-02-19T13:28:12+00:00"
+            "time": "2025-07-13T07:04:09+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -4504,16 +4504,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.12.1",
+            "version": "6.13.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f"
+                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f",
-                "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c",
+                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-07-04T09:56:28+00:00"
+            "time": "2025-07-14T09:59:17+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From e6ac9ad4f8b6cae1bfeddee2bccd8714574a31f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:48 +0000
Subject: [PATCH 3316/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/alpine

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 8d180272..429485b3 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 74ce18856fd3a5bc6eb8d43b29a12acbce3355dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:54 +0000
Subject: [PATCH 3317/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/borgbackup

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 70d2ea11..74d87f45 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     \

From 3b3dc1dcce1a210f8b50356b71cd4deb555a9c86 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:51:57 +0000
Subject: [PATCH 3318/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/clamav

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 2b7bd30b..d00e34a7 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From cc8414250f7665c0780d842827e3d194a7354c82 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:03 +0000
Subject: [PATCH 3319/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 9b248e39..99ae1184 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 93d3e9e601a7694e10f9c90755c6afc23716cfd3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:07 +0000
Subject: [PATCH 3320/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/imaginary

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 55e2a64a..4fd508e5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 235f190020b9255c971422ac79026971f84a7d20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:39 +0000
Subject: [PATCH 3321/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 18cbc0c4..8138582d 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7da05ca65bb0691f103be5a2118b47d3f99334c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:52:47 +0000
Subject: [PATCH 3322/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/talk

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 67bb7e61..00560697 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.11.6-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
-FROM alpine:3.21.3 AS janus
+FROM alpine:3.22.1 AS janus
 
 ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 2973eb7fc822732cf3738c3d83063580404c3935 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 04:53:03 +0000
Subject: [PATCH 3323/3949] build(deps): bump alpine from 3.21.3 to 3.22.1 in
 /Containers/watchtower

Bumps alpine from 3.21.3 to 3.22.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 76cfd60f..63ac8163 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
 
-FROM alpine:3.21.3
+FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 6463a2b04f63591993d0731f3c39a17a213b2e4a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 09:23:52 +0000
Subject: [PATCH 3324/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 1fd66dc9..7bf3cdaa 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.3.0
+version: 11.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 65bcef36..1d60880b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index b40b4fd9..df4d25d5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index a58cc9a5..ffb12a71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -32,10 +32,10 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index ee6fe5d3..2fd6db2d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 49bf6fc6..8a46606f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 6d35fd39..8877f8c4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index af427008..bbb343e5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 6c2f653b..b1d771a1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 2ece813f..3ff8701a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b461b489..334b1a5d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c55f6ee2..efb9dab4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 290d6436..c4d09e8f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 7cf1b406..6d1f7d10 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710
           readinessProbe:
             exec:
               command:

From b2a839a209a27c95b68125433c0021fc3d511f46 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 11:57:35 +0200
Subject: [PATCH 3325/3949] update remaining images and docs to alpine v3.22

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 4 ++--
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/nextcloud/Dockerfile       | 2 +-
 Containers/postgresql/Dockerfile      | 2 +-
 Containers/talk-recording/Dockerfile  | 2 +-
 readme.md                             | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 615aeca4..bf342dca 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.63-alpine3.21
+FROM httpd:2.4.63-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 4fd508e5..ddbbe6d1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.5-alpine3.21 AS go
+FROM golang:1.24.5-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 685d92d5..852ea63d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:28.3.2-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.10-fpm-alpine3.21
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
+FROM php:8.4.10-fpm-alpine3.22
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 915f7239..10f3057d 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.23-fpm-alpine3.21
+FROM php:8.3.23-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 36394b05..b29739d7 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
 FROM postgres:17.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 634a5de3..ea3f77f8 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.5-alpine3.21
+FROM python:3.13.5-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/readme.md b/readme.md
index 81835401..9dc1aab5 100644
--- a/readme.md
+++ b/readme.md
@@ -449,7 +449,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From e1408dc76ebb5d52a856a52b9c317bfef7b37af1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 13:57:18 +0200
Subject: [PATCH 3326/3949] adjust the naming of variables

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 70e44984..1575fac1 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update files_fulltextsearch
     fi
     php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index

From 64539d5b5cd8da8f43136fc3b268780f04ac451f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 12:03:42 +0000
Subject: [PATCH 3327/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ddbbe6d1..e53f1b02 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.5-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 2792994cc48142b3b6b371b60abb49209675a2ee Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 17 Jul 2025 12:04:56 +0000
Subject: [PATCH 3328/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 00560697..e34d9c1d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus
 
-ARG JANUS_VERSION=v1.3.1
+ARG JANUS_VERSION=v1.3.2
 WORKDIR /src
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From f5023ed88dd5e18c4de7e64d3c2c646c5b34ac18 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 18:12:36 -0700
Subject: [PATCH 3329/3949] Factor out getPlaceholderValue from CreateContainer

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 317 +++++++++++++------------
 1 file changed, 160 insertions(+), 157 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 206bc904..e3c7456f 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -253,163 +253,7 @@ readonly class DockerActionManager {
 
             if (preg_match($patterns[0], $env, $out) === 1) {
                 $replacements = array();
-
-                if ($out[1] === 'NC_DOMAIN') {
-                    $replacements[1] = $this->configurationManager->GetDomain();
-                } elseif ($out[1] === 'NC_BASE_DN') {
-                    $replacements[1] = $this->configurationManager->GetBaseDN();
-                } elseif ($out[1] === 'AIO_TOKEN') {
-                    $replacements[1] = $this->configurationManager->GetToken();
-                } elseif ($out[1] === 'BORGBACKUP_REMOTE_REPO') {
-                    $replacements[1] = $this->configurationManager->GetBorgRemoteRepo();
-                } elseif ($out[1] === 'BORGBACKUP_MODE') {
-                    $replacements[1] = $this->configurationManager->GetBackupMode();
-                } elseif ($out[1] === 'AIO_URL') {
-                    $replacements[1] = $this->configurationManager->GetAIOURL();
-                } elseif ($out[1] === 'SELECTED_RESTORE_TIME') {
-                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
-                } elseif ($out[1] === 'RESTORE_EXCLUDE_PREVIEWS') {
-                    $replacements[1] = $this->configurationManager->GetRestoreExcludePreviews();
-                } elseif ($out[1] === 'APACHE_PORT') {
-                    $replacements[1] = $this->configurationManager->GetApachePort();
-                } elseif ($out[1] === 'TALK_PORT') {
-                    $replacements[1] = $this->configurationManager->GetTalkPort();
-                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
-                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
-                    $replacements[1] = $this->configurationManager->GetBorgRestorePassword();
-                } elseif ($out[1] === 'CLAMAV_ENABLED') {
-                    if ($this->configurationManager->isClamavEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TALK_RECORDING_ENABLED') {
-                    if ($this->configurationManager->isTalkRecordingEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'ONLYOFFICE_ENABLED') {
-                    if ($this->configurationManager->isOnlyofficeEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'COLLABORA_ENABLED') {
-                    if ($this->configurationManager->isCollaboraEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TALK_ENABLED') {
-                    if ($this->configurationManager->isTalkEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') {
-                    if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'TIMEZONE') {
-                    if ($this->configurationManager->GetTimezone() === '') {
-                        $replacements[1] = 'Etc/UTC';
-                    } else {
-                        $replacements[1] = $this->configurationManager->GetTimezone();
-                    }
-                } elseif ($out[1] === 'COLLABORA_DICTIONARIES') {
-                    if ($this->configurationManager->GetCollaboraDictionaries() === '') {
-                        $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
-                    } else {
-                        $replacements[1] = $this->configurationManager->GetCollaboraDictionaries();
-                    }
-                } elseif ($out[1] === 'IMAGINARY_ENABLED') {
-                    if ($this->configurationManager->isImaginaryEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'FULLTEXTSEARCH_ENABLED') {
-                    if ($this->configurationManager->isFulltextsearchEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'DOCKER_SOCKET_PROXY_ENABLED') {
-                    if ($this->configurationManager->isDockerSocketProxyEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
-                } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
-                } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
-                } elseif ($out[1] === 'BORG_RETENTION_POLICY') {
-                    $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy();
-                } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
-                    $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions();
-                } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
-                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
-                } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
-                    if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
-                    $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
-                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
-                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
-                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
-                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
-                } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
-                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
-                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
-                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-                } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') {
-                    if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } elseif ($out[1] === 'REMOVE_DISABLED_APPS') {
-                    if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                    // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-                } elseif ($out[1] === 'AIO_DATABASE_HOST') {
-                    $replacements[1] = gethostbyname('nextcloud-aio-database');
-                    // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-                } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
-                    $replacements[1] = '';
-                    $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
-                    if (in_array('caddy', $communityContainers, true)) {
-                        $replacements[1] = gethostbyname('nextcloud-aio-caddy');
-                    }
-                } elseif ($out[1] === 'WHITEBOARD_ENABLED') {
-                    if ($this->configurationManager->isWhiteboardEnabled()) {
-                        $replacements[1] = 'yes';
-                    } else {
-                        $replacements[1] = '';
-                    }
-                } else {
-                    $secret = $this->configurationManager->GetSecret($out[1]);
-                    if ($secret === "") {
-                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-                    }
-                    $replacements[1] = $secret;
-                }
-
+                $replacements[1] = $this->getPlaceholderValue($out[1]);
                 $envs[$key] = preg_replace($patterns, $replacements, $env);
             }
         }
@@ -644,6 +488,165 @@ readonly class DockerActionManager {
         }
     }
 
+    private function getPlaceholderValue($placeholder) {
+        if ($placeholder === 'NC_DOMAIN') {
+            return $this->configurationManager->GetDomain();
+        } elseif ($placeholder === 'NC_BASE_DN') {
+            return $this->configurationManager->GetBaseDN();
+        } elseif ($placeholder === 'AIO_TOKEN') {
+            return $this->configurationManager->GetToken();
+        } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') {
+            return $this->configurationManager->GetBorgRemoteRepo();
+        } elseif ($placeholder === 'BORGBACKUP_MODE') {
+            return $this->configurationManager->GetBackupMode();
+        } elseif ($placeholder === 'AIO_URL') {
+            return $this->configurationManager->GetAIOURL();
+        } elseif ($placeholder === 'SELECTED_RESTORE_TIME') {
+            return $this->configurationManager->GetSelectedRestoreTime();
+        } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') {
+            return $this->configurationManager->GetRestoreExcludePreviews();
+        } elseif ($placeholder === 'APACHE_PORT') {
+            return $this->configurationManager->GetApachePort();
+        } elseif ($placeholder === 'TALK_PORT') {
+            return $this->configurationManager->GetTalkPort();
+        } elseif ($placeholder === 'NEXTCLOUD_MOUNT') {
+            return $this->configurationManager->GetNextcloudMount();
+        } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') {
+            return $this->configurationManager->GetBorgRestorePassword();
+        } elseif ($placeholder === 'CLAMAV_ENABLED') {
+            if ($this->configurationManager->isClamavEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TALK_RECORDING_ENABLED') {
+            if ($this->configurationManager->isTalkRecordingEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'ONLYOFFICE_ENABLED') {
+            if ($this->configurationManager->isOnlyofficeEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'COLLABORA_ENABLED') {
+            if ($this->configurationManager->isCollaboraEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TALK_ENABLED') {
+            if ($this->configurationManager->isTalkEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') {
+            if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'TIMEZONE') {
+            if ($this->configurationManager->GetTimezone() === '') {
+                return 'Etc/UTC';
+            } else {
+                return $this->configurationManager->GetTimezone();
+            }
+        } elseif ($placeholder === 'COLLABORA_DICTIONARIES') {
+            if ($this->configurationManager->GetCollaboraDictionaries() === '') {
+                return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
+            } else {
+                return $this->configurationManager->GetCollaboraDictionaries();
+            }
+        } elseif ($placeholder === 'IMAGINARY_ENABLED') {
+            if ($this->configurationManager->isImaginaryEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') {
+            if ($this->configurationManager->isFulltextsearchEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') {
+            if ($this->configurationManager->isDockerSocketProxyEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') {
+            return $this->configurationManager->GetNextcloudUploadLimit();
+        } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') {
+            return $this->configurationManager->GetNextcloudMemoryLimit();
+        } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') {
+            return $this->configurationManager->GetNextcloudMaxTime();
+        } elseif ($placeholder === 'BORG_RETENTION_POLICY') {
+            return $this->configurationManager->GetBorgRetentionPolicy();
+        } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
+            return $this->configurationManager->GetFulltextsearchJavaOptions();
+        } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
+            return $this->configurationManager->GetTrustedCacertsDir();
+        } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') {
+            if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') {
+            return $this->configurationManager->GetBorgBackupHostLocation();
+        } elseif ($placeholder === 'APACHE_MAX_SIZE') {
+            return $this->configurationManager->GetApacheMaxSize();
+        } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') {
+            return $this->configurationManager->GetCollaboraSeccompPolicy();
+        } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') {
+            return $this->configurationManager->GetNextcloudStartupApps();
+        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') {
+            return $this->configurationManager->GetNextcloudAdditionalApks();
+        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
+            return $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
+        } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') {
+            if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'REMOVE_DISABLED_APPS') {
+            if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+        } elseif ($placeholder === 'AIO_DATABASE_HOST') {
+            return gethostbyname('nextcloud-aio-database');
+            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+        } elseif ($placeholder === 'CADDY_IP_ADDRESS') {
+            $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
+            if (in_array('caddy', $communityContainers, true)) {
+                return gethostbyname('nextcloud-aio-caddy');
+            } else {
+                return '';
+            }
+        } elseif ($placeholder === 'WHITEBOARD_ENABLED') {
+            if ($this->configurationManager->isWhiteboardEnabled()) {
+                return 'yes';
+            } else {
+                return '';
+            }
+        } else {
+            $secret = $this->configurationManager->GetSecret($placeholder);
+            if ($secret === "") {
+                throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
+            }
+            return $secret;
+        }
+    }
+
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 

From 026707240f37568a614091f1d5d17f3822b48904 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 18:14:31 -0700
Subject: [PATCH 3330/3949] Support multiple placeholders in ENV values in
 containers.json

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 41 ++++++++++++++++----------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e3c7456f..b43e7a8c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -240,22 +240,7 @@ readonly class DockerActionManager {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
         foreach ($envs as $key => $env) {
-            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
-            if (str_starts_with($env, 'extra_params=')) {
-                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
-                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
-                $envs[$key] = $env;
-                continue;
-            }
-
-            // Original implementation
-            $patterns = ['/%(.*)%/'];
-
-            if (preg_match($patterns[0], $env, $out) === 1) {
-                $replacements = array();
-                $replacements[1] = $this->getPlaceholderValue($out[1]);
-                $envs[$key] = preg_replace($patterns, $replacements, $env);
-            }
+            $envs[$key] = $this->replaceEnvPlaceholders($env);
         }
 
         if (count($envs) > 0) {
@@ -488,6 +473,30 @@ readonly class DockerActionManager {
         }
     }
 
+    // Replaces placeholders in $envValue with their values.
+    // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
+    private function replaceEnvPlaceholders($envValue) {
+        // $pattern breaks down as:
+        // % - matches a literal percent sign
+        // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
+        // % - matches the closing percent sign
+        //
+        // Assumes literal percent signs are always matched and there is no
+        // escaping.
+        $pattern = '/%([^%]+)%/';
+        $matchCount = preg_match_all($pattern, $envValue, $matches);
+        if ($matchCount > 0) {
+            $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
+            $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
+            $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/';
+            $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+            $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+            $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue);
+            return $result;
+        }
+        return $envValue;
+    }
+
     private function getPlaceholderValue($placeholder) {
         if ($placeholder === 'NC_DOMAIN') {
             return $this->configurationManager->GetDomain();

From d374fd2c1c9788205e2d6b1635b9daa683e1f7b1 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 17:49:42 -0700
Subject: [PATCH 3331/3949] Refactor getPlaceholderValue to use `match`

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 204 +++++++------------------
 1 file changed, 51 insertions(+), 153 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b43e7a8c..35da8663 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -498,162 +498,60 @@ readonly class DockerActionManager {
     }
 
     private function getPlaceholderValue($placeholder) {
-        if ($placeholder === 'NC_DOMAIN') {
-            return $this->configurationManager->GetDomain();
-        } elseif ($placeholder === 'NC_BASE_DN') {
-            return $this->configurationManager->GetBaseDN();
-        } elseif ($placeholder === 'AIO_TOKEN') {
-            return $this->configurationManager->GetToken();
-        } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') {
-            return $this->configurationManager->GetBorgRemoteRepo();
-        } elseif ($placeholder === 'BORGBACKUP_MODE') {
-            return $this->configurationManager->GetBackupMode();
-        } elseif ($placeholder === 'AIO_URL') {
-            return $this->configurationManager->GetAIOURL();
-        } elseif ($placeholder === 'SELECTED_RESTORE_TIME') {
-            return $this->configurationManager->GetSelectedRestoreTime();
-        } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') {
-            return $this->configurationManager->GetRestoreExcludePreviews();
-        } elseif ($placeholder === 'APACHE_PORT') {
-            return $this->configurationManager->GetApachePort();
-        } elseif ($placeholder === 'TALK_PORT') {
-            return $this->configurationManager->GetTalkPort();
-        } elseif ($placeholder === 'NEXTCLOUD_MOUNT') {
-            return $this->configurationManager->GetNextcloudMount();
-        } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') {
-            return $this->configurationManager->GetBorgRestorePassword();
-        } elseif ($placeholder === 'CLAMAV_ENABLED') {
-            if ($this->configurationManager->isClamavEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TALK_RECORDING_ENABLED') {
-            if ($this->configurationManager->isTalkRecordingEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'ONLYOFFICE_ENABLED') {
-            if ($this->configurationManager->isOnlyofficeEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'COLLABORA_ENABLED') {
-            if ($this->configurationManager->isCollaboraEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TALK_ENABLED') {
-            if ($this->configurationManager->isTalkEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') {
-            if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'TIMEZONE') {
-            if ($this->configurationManager->GetTimezone() === '') {
-                return 'Etc/UTC';
-            } else {
-                return $this->configurationManager->GetTimezone();
-            }
-        } elseif ($placeholder === 'COLLABORA_DICTIONARIES') {
-            if ($this->configurationManager->GetCollaboraDictionaries() === '') {
-                return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
-            } else {
-                return $this->configurationManager->GetCollaboraDictionaries();
-            }
-        } elseif ($placeholder === 'IMAGINARY_ENABLED') {
-            if ($this->configurationManager->isImaginaryEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') {
-            if ($this->configurationManager->isFulltextsearchEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') {
-            if ($this->configurationManager->isDockerSocketProxyEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') {
-            return $this->configurationManager->GetNextcloudUploadLimit();
-        } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') {
-            return $this->configurationManager->GetNextcloudMemoryLimit();
-        } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') {
-            return $this->configurationManager->GetNextcloudMaxTime();
-        } elseif ($placeholder === 'BORG_RETENTION_POLICY') {
-            return $this->configurationManager->GetBorgRetentionPolicy();
-        } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') {
-            return $this->configurationManager->GetFulltextsearchJavaOptions();
-        } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
-            return $this->configurationManager->GetTrustedCacertsDir();
-        } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') {
-            if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') {
-            return $this->configurationManager->GetBorgBackupHostLocation();
-        } elseif ($placeholder === 'APACHE_MAX_SIZE') {
-            return $this->configurationManager->GetApacheMaxSize();
-        } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') {
-            return $this->configurationManager->GetCollaboraSeccompPolicy();
-        } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') {
-            return $this->configurationManager->GetNextcloudStartupApps();
-        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') {
-            return $this->configurationManager->GetNextcloudAdditionalApks();
-        } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
-            return $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-        } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') {
-            if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'REMOVE_DISABLED_APPS') {
-            if ($this->configurationManager->shouldDisabledAppsGetRemoved()) {
-                return 'yes';
-            } else {
-                return '';
-            }
+        return match ($placeholder) {
+            'NC_DOMAIN' => $this->configurationManager->GetDomain(),
+            'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
+            'AIO_TOKEN' => $this->configurationManager->GetToken(),
+            'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
+            'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
+            'AIO_URL' => $this->configurationManager->GetAIOURL(),
+            'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
+            'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
+            'APACHE_PORT' => $this->configurationManager->GetApachePort(),
+            'TALK_PORT' => $this->configurationManager->GetTalkPort(),
+            'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
+            'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
+            'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',
+            'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
+            'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '',
+            'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '',
+            'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '',
+            'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
+            'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
+            'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
+            'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '',
+            'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '',
+            'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled() ? 'yes' : '',
+            'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),
+            'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),
+            'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),
+            'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),
+            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),
+            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
+            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
+            'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(),
+            'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(),
+            'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
+            'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
+            'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
+            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(),
+            'INSTALL_LATEST_MAJOR' => $this->configurationManager->shouldLatestMajorGetInstalled() ? 'yes' : '',
+            'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-        } elseif ($placeholder === 'AIO_DATABASE_HOST') {
-            return gethostbyname('nextcloud-aio-database');
+            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-        } elseif ($placeholder === 'CADDY_IP_ADDRESS') {
-            $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
-            if (in_array('caddy', $communityContainers, true)) {
-                return gethostbyname('nextcloud-aio-caddy');
-            } else {
-                return '';
-            }
-        } elseif ($placeholder === 'WHITEBOARD_ENABLED') {
-            if ($this->configurationManager->isWhiteboardEnabled()) {
-                return 'yes';
-            } else {
-                return '';
-            }
-        } else {
-            $secret = $this->configurationManager->GetSecret($placeholder);
-            if ($secret === "") {
-                throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-            }
-            return $secret;
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
+            default => $this->getSecretOrThrow($placeholder),
+        };
+    }
+
+    private function getSecretOrThrow($secretName) {
+        $secret = $this->configurationManager->GetSecret($secretName);
+        if ($secret === "") {
+            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
         }
+        return $secret;
     }
 
     private function isContainerUpdateAvailable(string $id): string {

From 0f858dc3fe3738d5d5c0c93053197debb0cfc5c8 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Fri, 20 Jun 2025 20:32:26 +0000
Subject: [PATCH 3332/3949] Fix psalm errors in DockerActionManager env
 handling code

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 35da8663..5e113072 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -475,7 +475,7 @@ readonly class DockerActionManager {
 
     // Replaces placeholders in $envValue with their values.
     // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
-    private function replaceEnvPlaceholders($envValue) {
+    private function replaceEnvPlaceholders(string $envValue): string {
         // $pattern breaks down as:
         // % - matches a literal percent sign
         // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
@@ -488,16 +488,17 @@ readonly class DockerActionManager {
         if ($matchCount > 0) {
             $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
             $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-            $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/';
+            $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
             $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
             $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
-            $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue);
+            // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
+            $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
             return $result;
         }
         return $envValue;
     }
 
-    private function getPlaceholderValue($placeholder) {
+    private function getPlaceholderValue(string $placeholder) : string {
         return match ($placeholder) {
             'NC_DOMAIN' => $this->configurationManager->GetDomain(),
             'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
@@ -530,7 +531,7 @@ readonly class DockerActionManager {
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
             'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(),
-            'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(),
+            'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()),
             'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
@@ -546,7 +547,7 @@ readonly class DockerActionManager {
         };
     }
 
-    private function getSecretOrThrow($secretName) {
+    private function getSecretOrThrow(string $secretName): string {
         $secret = $this->configurationManager->GetSecret($secretName);
         if ($secret === "") {
             throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");

From 0b929d74de9b42ddc0c3e9ad1cd06ea8473aa3a0 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 14:57:34 +0000
Subject: [PATCH 3333/3949] Use guard clause in replaceEnvPlaceholders to
 reduce indentation

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5e113072..3667294c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -485,17 +485,18 @@ readonly class DockerActionManager {
         // escaping.
         $pattern = '/%([^%]+)%/';
         $matchCount = preg_match_all($pattern, $envValue, $matches);
-        if ($matchCount > 0) {
-            $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
-            $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-            $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
-            $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
-            $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
-            // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
-            $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
-            return $result;
+
+        if ($matchCount === 0) {
+            return $envValue;
         }
-        return $envValue;
+
+        $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
+        $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
+        $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
+        $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+        $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+        // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
+        return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
     }
 
     private function getPlaceholderValue(string $placeholder) : string {

From f81d22cf930b5cc6bdf25b8dea9f608179912cc3 Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 15:05:19 +0000
Subject: [PATCH 3334/3949] Inline placeholderToPattern and use preg_quote

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3667294c..8072b2fc 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -492,8 +492,7 @@ readonly class DockerActionManager {
 
         $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
         $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-        $placeholderToPattern = fn(string $p): string => '/' . $p . '/';
-        $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...]
+        $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
         $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
         // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
         return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);

From f7d158c6322571116bd4d62d36b6706da1af560e Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Mon, 23 Jun 2025 15:05:43 +0000
Subject: [PATCH 3335/3949] Use modern callable syntax for $placeholderValues
 array_map

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8072b2fc..0ccdcf58 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -493,7 +493,7 @@ readonly class DockerActionManager {
         $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
         $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
         $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
-        $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"]
+        $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"]
         // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
         return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
     }

From 1ce5430f77f59097f78f2e7069e0d395085dada2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 14:16:43 +0200
Subject: [PATCH 3336/3949] increase to 11.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a7689126..9eb25002 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.4.0</h1>
+            <h1>Nextcloud AIO v11.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From c8f76e067a4d6bf76169e43aa4ec0ed6c5142de9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 17 Jul 2025 15:04:57 +0200
Subject: [PATCH 3337/3949] fulltextsearch: adjust default log level to Warn

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index f83fa242..c9d57466 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -795,7 +795,7 @@
         "bootstrap.memory_lock=true",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
-        "logger.org.elasticsearch.discovery=WARN",
+        "logger.level=WARN",
         "http.port=9200",
         "xpack.license.self_generated.type=basic",
         "xpack.security.enabled=false",

From d6e5bcc0aca7c3a4ed46eb94d2f1cfc83110db5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:49:37 +0000
Subject: [PATCH 3338/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.63-alpine3.22 to 2.4.64-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.64-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index bf342dca..ad6bbd14 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.63-alpine3.22
+FROM httpd:2.4.64-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From ed460405f234bc320774007707dd34ef5d63e0ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:49:45 +0000
Subject: [PATCH 3339/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.3.2.1 to 25.04.4.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9086cb4..84e8a63f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.3.2.1
+FROM collabora/code:25.04.4.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 5f0e63a752f58c08e40629965cbb4de3910ba5bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 04:50:35 +0000
Subject: [PATCH 3340/3949] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 63ac8163..da2af750 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower
 
 FROM alpine:3.22.1
 

From 2757630c41021f78804014d8bee02de06b6c902b Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@banananet.work>
Date: Tue, 15 Jul 2025 09:12:04 +0000
Subject: [PATCH 3341/3949] add hint to UI about SSH pubkey for remote backups

Signed-off-by: Felix Stupp <felix.stupp@banananet.work>
---
 php/templates/containers.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9eb25002..2c63f491 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -371,6 +371,7 @@
                                 <p>
                                 To store backups remotely instead, fill in the
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
+                                You will be provided with an SSH public key for authorization at the remote afterwards.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>

From 1adfac39fc57e724f8a4cb58bfd29ffe0eb52c8b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 18 Jul 2025 12:04:09 +0000
Subject: [PATCH 3342/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index f61f8c40..2ed51c59 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -440,7 +440,7 @@ services:
       - bootstrap.memory_lock=true
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
-      - logger.org.elasticsearch.discovery=WARN
+      - logger.level=WARN
       - http.port=9200
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=false

From 78e9466877b29322ae511f913bf6c768b5295877 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Sat, 19 Jul 2025 04:16:11 +0000
Subject: [PATCH 3343/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index a954c812..516a92aa 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.12.1@e71404b0465be25cf7f8a631b298c01c5ddd864f">
+<files psalm-version="6.13.0@70cdf647255a1362b426bb0f522a85817b8c791c">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 834d3b36cdfb38aa1c78b4005f8679ae3c4590da Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 05:02:17 +0000
Subject: [PATCH 3344/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.3 to 8.18.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 1d1ca4b6..71434410 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.3
+FROM elasticsearch:8.18.4
 
 USER root
 

From 7fffb1840f2f208401dcef83dc672363a229f5dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Jul 2025 05:11:15 +0000
Subject: [PATCH 3345/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.64-alpine3.22 to 2.4.65-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.65-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index ad6bbd14..58e2ae05 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.64-alpine3.22
+FROM httpd:2.4.65-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 99117072ce5b568d65df5aa7671f1e7c25f29661 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Jul 2025 13:40:49 +0200
Subject: [PATCH 3346/3949] nextcloud: allow to configure custom appstoreurl

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/apps.config.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php
index c890e787..99bf5e40 100644
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -16,3 +16,6 @@ $CONFIG = array (
 if (getenv('APPS_ALLOWLIST')) {
     $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
 }
+if (getenv('NEXTCLOUD_APP_STORE_URL')) {
+    $CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL');
+}

From adeee71982a3686cb8441a8d5ea9d2b1fc0d488b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 24 Jul 2025 10:36:27 +0200
Subject: [PATCH 3347/3949] PerformRecursiveContainerStop: Fix the stop order

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                     |  4 ++--
 php/src/Controller/DockerController.php | 15 +++++++++++----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index c9d57466..5c15c079 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -8,9 +8,9 @@
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
-        "nextcloud-aio-nextcloud",
         "nextcloud-aio-notify-push",
-        "nextcloud-aio-whiteboard"
+        "nextcloud-aio-whiteboard",
+        "nextcloud-aio-nextcloud"
       ],
       "display_name": "Apache",
       "image": "ghcr.io/nextcloud-releases/aio-apache",
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 13e8bdda..e8f9d591 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -22,6 +22,7 @@ readonly class DockerController {
     private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
+        // Start all dependencies first and then itself
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
@@ -227,13 +228,19 @@ readonly class DockerController {
     private function PerformRecursiveContainerStop(string $id) : void
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        // This is a hack but no better solution was found for the meantime
+        // Stop Collabora first to make sure it force-saves
+        // See https://github.com/nextcloud/richdocuments/issues/3799
+        if ($id === self::TOP_CONTAINER) {
+            $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
+        }
+
+        // Stop itself first and then all the dependencies
+        $this->dockerActionManager->StopContainer($container);
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStop($dependency);
         }
-
-        // Disconnecting is not needed. This also allows to start the containers manually via docker-cli
-        //$this->dockerActionManager->DisconnectContainerFromNetwork($container);
-        $this->dockerActionManager->StopContainer($container);
     }
 
     public function StopContainer(Request $request, Response $response, array $args) : Response

From 001d0678ddedf212a407d813ca8a78759a99285e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 25 Jul 2025 12:03:57 +0000
Subject: [PATCH 3348/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 2ed51c59..867f848b 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -10,15 +10,15 @@ services:
       nextcloud-aio-talk:
         condition: service_started
         required: false
-      nextcloud-aio-nextcloud:
-        condition: service_started
-        required: false
       nextcloud-aio-notify-push:
         condition: service_started
         required: false
       nextcloud-aio-whiteboard:
         condition: service_started
         required: false
+      nextcloud-aio-nextcloud:
+        condition: service_started
+        required: false
     image: ghcr.io/nextcloud-releases/aio-apache:latest
     user: "33"
     init: true

From b4e4e736162540952daf889b3e2ad3daeddcdc9e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 25 Jul 2025 09:53:16 +0200
Subject: [PATCH 3349/3949] daily-backup: implement a dedicated imagepull
 before stopping containers which should reduce the downtime

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh |  6 ++++
 php/src/Controller/DockerController.php    | 39 +++++++++++-----------
 php/src/Cron/PullContainerImages.php       | 20 +++++++++++
 php/src/Docker/DockerActionManager.php     | 25 +++++++++++++-
 4 files changed, 69 insertions(+), 21 deletions(-)
 create mode 100644 php/src/Cron/PullContainerImages.php

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index c68835ea..5c97c0ca 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -64,6 +64,12 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     done
 fi
 
+# Update container images to reduce downtime later on
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Updating container images..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
+fi
+
 # Stop containers if required
 # shellcheck disable=SC2235
 if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index e8f9d591..378ddab6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -34,33 +34,32 @@ readonly class DockerController {
             return;
         }
 
-        // Skip database image pull if the last shutdown was not clean
-        if ($id === 'nextcloud-aio-database') {
-            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullImage = false;
-                error_log('Not pulling the latest database image because the container was not correctly shut down.');
-            }
-        }
-
-        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
-        // and try to mitigate issues that are arising due to that
-        if ($pullImage) {
-            if (!$this->dockerActionManager->isRegistryReachable($container)) {
-                $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
-            }
-        }
-
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullImage) {
-            $this->dockerActionManager->PullImage($container);
-        }
+        $this->dockerActionManager->PullImage($container, $pullImage);
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
+    private function PerformRecursiveImagePull(string $id) : void {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        // Pull all dependencies first and then itself
+        foreach($container->GetDependsOn() as $dependency) {
+            $this->PerformRecursiveImagePull($dependency);
+        }
+
+        $this->dockerActionManager->PullImage($container, true);
+    }
+
+    public function PullAllContainerImages(): void {
+
+        $id = self::TOP_CONTAINER;
+
+        $this->PerformRecursiveImagePull($id);
+    }
+
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $requestParams = $request->getQueryParams();
diff --git a/php/src/Cron/PullContainerImages.php b/php/src/Cron/PullContainerImages.php
new file mode 100644
index 00000000..43c87d28
--- /dev/null
+++ b/php/src/Cron/PullContainerImages.php
@@ -0,0 +1,20 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Pull all containers
+$dockerController->PullAllContainerImages();
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0ccdcf58..2c8e365e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -450,7 +450,30 @@ readonly class DockerActionManager {
         }
     }
 
-    public function PullImage(Container $container): void {
+    public function PullImage(Container $container, bool $pullImage = true): void {
+
+        // Skip database image pull if the last shutdown was not clean
+        if ($container->GetIdentifier() === 'nextcloud-aio-database') {
+            if ($this->GetDatabasecontainerExitCode() > 0) {
+                $pullImage = false;
+                error_log('Not pulling the latest database image because the container was not correctly shut down.');
+            }
+        }
+
+        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
+        // and try to mitigate issues that are arising due to that
+        if ($pullImage) {
+            if (!$this->isRegistryReachable($container)) {
+                $pullImage = false;
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
+            }
+        }
+
+        // Do not continue if $pullImage is false
+        if (!$pullImage) {
+            return;
+        }
+
         $imageName = $this->BuildImageName($container);
         $encodedImageName = urlencode($imageName);
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));

From e568ee91dfbc8b471dea5c197da997b2e348ba99 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 28 Jul 2025 12:03:49 +0000
Subject: [PATCH 3350/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 98146e2f..b08a92c4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3330,16 +3330,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.5.0",
+            "version": "v5.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9"
+                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9",
-                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56",
+                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56",
                 "shasum": ""
             },
             "require": {
@@ -3382,9 +3382,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0"
             },
-            "time": "2025-05-31T08:24:38+00:00"
+            "time": "2025-07-27T20:03:57+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From 2a95bc25f9a6e3cf7e9bb9f90c570b6ab4c315c6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 14:31:43 +0200
Subject: [PATCH 3351/3949] aio-interface: allow to force-stop Nextcloud
 container via API

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 22 +++++++++++++++-------
 php/src/Docker/DockerActionManager.php  |  9 +++++++--
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 378ddab6..39befc63 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -83,17 +83,18 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
-        $this->startBackup();
+        $forceStopNextcloud = true;
+        $this->startBackup($forceStopNextcloud);
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startBackup() : void {
+    public function startBackup(bool $forceStopNextcloud = false) : void {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'backup';
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
@@ -125,7 +126,8 @@ readonly class DockerController {
         $this->configurationManager->WriteConfig($config);
 
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $forceStopNextcloud = true;
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
@@ -224,7 +226,7 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
-    private function PerformRecursiveContainerStop(string $id) : void
+    private function PerformRecursiveContainerStop(string $id, bool $forceStopNextcloud = false) : void
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
@@ -236,7 +238,12 @@ readonly class DockerController {
         }
 
         // Stop itself first and then all the dependencies
-        $this->dockerActionManager->StopContainer($container);
+        if ($id !== 'nextcloud-aio-nextcloud') {
+            $this->dockerActionManager->StopContainer($container);
+        } else {
+            // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period
+            $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
+        }
         foreach($container->GetDependsOn() as $dependency) {
             $this->PerformRecursiveContainerStop($dependency);
         }
@@ -245,7 +252,8 @@ readonly class DockerController {
     public function StopContainer(Request $request, Response $response, array $args) : Response
     {
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id);
+        $forceStopNextcloud = true;
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         return $response->withStatus(201)->withHeader('Location', '/');
     }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 2c8e365e..f6ffbdc3 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -898,8 +898,13 @@ readonly class DockerActionManager {
         }
     }
 
-    public function StopContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime()));
+    public function StopContainer(Container $container, bool $forceStopContainer = false): void {
+        if ($forceStopContainer) {
+            $maxShutDownTime = 10;
+        } else {
+            $maxShutDownTime = $container->GetMaxShutdownTime();
+        }
+        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {

From 5a31396e18edf534f3a3079974789f63b99144d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 15:54:56 +0200
Subject: [PATCH 3352/3949] fix PerformRecursiveContainerStop detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 39befc63..ac3e7e8f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -245,7 +245,7 @@ readonly class DockerController {
             $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
         }
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStop($dependency);
+            $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud);
         }
     }
 

From f2ff7451b4813a026542c9c276ebea72a5d1d63c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 16:31:19 +0200
Subject: [PATCH 3353/3949] initial-setup-test: adjust timeouts

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/initial-setup.spec.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js
index ca8bc077..c88cd8e3 100644
--- a/php/tests/tests/initial-setup.spec.js
+++ b/php/tests/tests/initial-setup.spec.js
@@ -60,8 +60,8 @@ test('Initial setup', async ({ page: setupPage }) => {
 
   // Start containers and wait for starting message
   await containersPage.getByRole('button', { name: 'Download and start containers' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 });
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 });
+  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 3 * 60 * 1000 });
   await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com');
 
   // Extract initial nextcloud password

From 8f99db7bea6a996ea3798e06e31eb0d4c35aeefd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 17:58:39 +0200
Subject: [PATCH 3354/3949] try to improve debugging of playwright.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 67653783..8ddc2712 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -45,7 +45,14 @@ jobs:
           sleep 10
 
       - name: Run Playwright tests for initial setup
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js
+        run: |
+          cd php/tests
+          export DEBUG=pw:api
+          if ! npx playwright test tests/initial-setup.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
 
       - name: Start fresh development server
         run: |
@@ -66,7 +73,14 @@ jobs:
           sleep 10
 
       - name: Run Playwright tests for backup restore
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js
+        run: |
+          cd php/tests 
+          export DEBUG=pw:api
+          if ! npx playwright test tests/restore-instance.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
 
       - uses: actions/upload-artifact@v4
         if: ${{ !cancelled() }}

From 4758f2d34102ea7fa418e3d3a8cc59055a0ab355 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 18:22:09 +0200
Subject: [PATCH 3355/3949] PerformRecursiveContainerStop: fix error if
 collabora is not enabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ac3e7e8f..f9aa6379 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -233,7 +233,7 @@ readonly class DockerController {
         // This is a hack but no better solution was found for the meantime
         // Stop Collabora first to make sure it force-saves
         // See https://github.com/nextcloud/richdocuments/issues/3799
-        if ($id === self::TOP_CONTAINER) {
+        if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled()) {
             $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
         }
 

From 27eac870643e13cad3103c77d6a6aaafd85537ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 28 Jul 2025 18:47:06 +0200
Subject: [PATCH 3356/3949] restore-instance: fix domain check?

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/restore-instance.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index c16f6700..e93cf340 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -28,7 +28,7 @@ test('Restore instance', async ({ page: setupPage }) => {
   await containersPage.locator('#domain').click();
   await containersPage.locator('#domain').fill('example.com');
   await containersPage.getByRole('button', { name: 'Submit domain' }).click();
-  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.');
+  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.', { timeout: 15 * 1000 });
 
   // Reject invalid backup location
   await containersPage.locator('#borg_restore_host_location').click();

From 7c65bf1942f166e7e75d4c74f9cdf9859ee22943 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jul 2025 13:09:50 +0000
Subject: [PATCH 3357/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.34.1 to 2.35.1.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/0f7f1d08e3e32076e51cae65eb0b0c871405b16e...2282b6a082fc605c8320908a4cca3a5d1ca6c6fe)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index a7b0c5ff..9515ed3a 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+    - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 005af782..91746681 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 2bfe200e..c2800e7c 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 304f9393..16da7620 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 4e168ab7..1f72f849 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 2c40b1ce..9750f25d 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
+        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
         with:
           php-version: 8.4
           extensions: apcu

From aa6c8882343d035c654c7d53d1967b75d7d53240 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 30 Jul 2025 04:27:25 +0000
Subject: [PATCH 3358/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.2-cli to 28.3.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.3.3-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..de283469 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.2-cli AS docker
+FROM docker:28.3.3-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy

From 5604c2bbe257f08e9ac50a3ded844dff78f4a0bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 30 Jul 2025 13:02:19 +0000
Subject: [PATCH 3359/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.1 to 2.35.2.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/2282b6a082fc605c8320908a4cca3a5d1ca6c6fe...ccf2c627fe61b1b4d924adfcbd19d661a18133a0)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9515ed3a..7ac407c4 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+    - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 91746681..54bc0eb0 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index c2800e7c..d579b529 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 16da7620..926c6195 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 1f72f849..185a2410 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 9750f25d..dad5b0c6 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2
+        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 1e8efbcacaf58e3d41b09cc01fd55d37ea512a20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 05:07:30 +0000
Subject: [PATCH 3360/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.1.1 to 25.04.4.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 84e8a63f..b6088f30 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.1.1
+FROM collabora/code:25.04.4.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c07d66f0eea89420b97654bb0067f54f1d13b906 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 05:07:35 +0000
Subject: [PATCH 3361/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.18.4 to 8.19.0.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 71434410..4ada3ea2 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.4
+FROM elasticsearch:8.19.0
 
 USER root
 

From be73586fa17b3f8b0c2f9407292b3bdc33976881 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 10:17:31 +0000
Subject: [PATCH 3362/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.10-fpm-alpine3.22 to 8.4.11-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.11-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..8bf33d13 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.2-cli AS docker
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.10-fpm-alpine3.22
+FROM php:8.4.11-fpm-alpine3.22
 
 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
 ARG AIO_GIT_BRANCH="main"

From 667e191371d2e654b28430989bde96ad188b26f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 11:27:21 +0000
Subject: [PATCH 3363/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.23-fpm-alpine3.22 to 8.3.24-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.24-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 10f3057d..82a3ba1b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.23-fpm-alpine3.22
+FROM php:8.3.24-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 2e44343e446e0921e626b7b307cfb1b3e00dfd77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 12:50:28 +0000
Subject: [PATCH 3364/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.6-scratch to 2.11.7-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.7-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index e34d9c1d..adc1fb2b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.6-scratch AS nats
+FROM nats:2.11.7-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus

From 041508ca5768f989b1e680bdc5567da3dc8ae959 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Aug 2025 04:28:30 +0000
Subject: [PATCH 3365/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.5-alpine3.22 to 1.24.6-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.6-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index e53f1b02..2e39d5ee 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.5-alpine3.22 AS go
+FROM golang:1.24.6-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 6b13db8be6dbf8bc801322079a7f6f1c63e0a63d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 05:15:36 +0000
Subject: [PATCH 3366/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.5-alpine3.22 to 3.13.6-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.6-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index ea3f77f8..0c2b78ed 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.5-alpine3.22
+FROM python:3.13.6-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 10b1ec5c6697d28ad0530e775ee423ada8643e49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 10:36:52 +0200
Subject: [PATCH 3367/3949] clamav: print out version during startup of
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index fa10d0e5..bda4add5 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -2,6 +2,9 @@
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
 
+# Print out clamav version for compliance reasons
+clamscan --version
+
 echo "Clamav started"
 
 exec "$@"

From 1c08ae5c31fb6e14cbe7d3938a34293f8d30913a Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:01:50 +0000
Subject: [PATCH 3368/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                  |  2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml   |  2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml   |  4 ++--
 .../nextcloud-aio-collabora-deployment.yaml          |  2 +-
 .../templates/nextcloud-aio-database-deployment.yaml |  4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml     |  6 +++---
 .../nextcloud-aio-imaginary-deployment.yaml          |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml          | 12 ++++++------
 .../nextcloud-aio-notify-push-deployment.yaml        |  2 +-
 .../nextcloud-aio-onlyoffice-deployment.yaml         |  4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml    |  2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml     |  2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml     |  2 +-
 .../nextcloud-aio-whiteboard-deployment.yaml         |  2 +-
 14 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7bf3cdaa..8e013c81 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.4.0
+version: 11.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 1d60880b..4375d0bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index df4d25d5..73f8dd8e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index ffb12a71..57f07917 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 2fd6db2d..0b32650c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 8a46606f..512f3f28 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -48,13 +48,13 @@ spec:
               value: single-node
             - name: http.port
               value: "9200"
-            - name: logger.org.elasticsearch.discovery
+            - name: logger.level
               value: WARN
             - name: xpack.license.self_generated.type
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 8877f8c4..48b88216 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 92decf2e..54879be4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -110,14 +110,14 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
             - name: FULLTEXTSEARCH_HOST
               value: nextcloud-aio-fulltextsearch
-            - name: FULLTEXTSEARCH_PORT
-              value: 9200
-            - name: FULLTEXTSEARCH_USER
-              value: elastic
             - name: FULLTEXTSEARCH_INDEX
               value: nextcloud-aio
             - name: FULLTEXTSEARCH_PASSWORD
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
+            - name: FULLTEXTSEARCH_PORT
+              value: "9200"
+            - name: FULLTEXTSEARCH_USER
+              value: elastic
             - name: IMAGINARY_ENABLED
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b1d771a1..e4b4a88f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 3ff8701a..19a56a42 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 334b1a5d..4a5fa0df 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index efb9dab4..837665ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index c4d09e8f..4408d64f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 6d1f7d10..cf25046d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851
           readinessProbe:
             exec:
               command:

From 5775a3a9165f0eb7c302eaa2837bd5b892c57686 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:03:39 +0000
Subject: [PATCH 3369/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 ++++++++++++++++-----------
 2 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 852ea63d..e339fe5a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -45,7 +45,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.24; \
+    pecl install APCu-5.1.26; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index b08a92c4..69161cfa 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3875,16 +3875,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.23",
+            "version": "v6.4.24",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93"
+                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9056771b8eca08d026cd3280deeec3cfd99c4d93",
-                "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93",
+                "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
+                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
                 "shasum": ""
             },
             "require": {
@@ -3949,7 +3949,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.23"
+                "source": "https://github.com/symfony/console/tree/v6.4.24"
             },
             "funding": [
                 {
@@ -3960,25 +3960,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-06-27T19:37:22+00:00"
+            "time": "2025-07-30T10:38:54+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.0",
+            "version": "v7.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb"
+                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
-                "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd",
+                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd",
                 "shasum": ""
             },
             "require": {
@@ -4015,7 +4019,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.0"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.2"
             },
             "funding": [
                 {
@@ -4026,25 +4030,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-10-25T15:15:23+00:00"
+            "time": "2025-07-07T08:17:47+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.17",
+            "version": "v6.4.24",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7"
+                "reference": "73089124388c8510efb8d2d1689285d285937b08"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
-                "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08",
+                "reference": "73089124388c8510efb8d2d1689285d285937b08",
                 "shasum": ""
             },
             "require": {
@@ -4079,7 +4087,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.17"
+                "source": "https://github.com/symfony/finder/tree/v6.4.24"
             },
             "funding": [
                 {
@@ -4090,12 +4098,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-29T13:51:37+00:00"
+            "time": "2025-07-15T12:02:45+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4417,16 +4429,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.0",
+            "version": "v7.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125"
+                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125",
-                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125",
+                "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca",
+                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca",
                 "shasum": ""
             },
             "require": {
@@ -4484,7 +4496,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.0"
+                "source": "https://github.com/symfony/string/tree/v7.3.2"
             },
             "funding": [
                 {
@@ -4495,25 +4507,29 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-20T20:19:01+00:00"
+            "time": "2025-07-10T08:47:49+00:00"
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.13.0",
+            "version": "6.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c"
+                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c",
-                "reference": "70cdf647255a1362b426bb0f522a85817b8c791c",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
+                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
                 "shasum": ""
             },
             "require": {
@@ -4618,7 +4634,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-07-14T09:59:17+00:00"
+            "time": "2025-08-06T10:10:28+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 3b05cfd60936690ec23b31b6bdeb8b2a49792863 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 11 Aug 2025 12:14:36 +0000
Subject: [PATCH 3370/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 10f3057d..69bd46dd 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -79,7 +79,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.24; \
+    pecl install APCu-5.1.26; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \

From 29a189ac299a32bf00279281714aa1dcf92c7928 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 14:18:11 +0200
Subject: [PATCH 3371/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index f23327cd..42c72e5f 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.0.3.1
+FROM onlyoffice/documentserver:9.0.4.1
 
 # USER root is probably used
 

From 5ce5d8cf9ca39468fa30d40d2dc81fd181452abc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 11 Aug 2025 14:28:12 +0200
Subject: [PATCH 3372/3949] fix shellcheck

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 Containers/nextcloud/entrypoint.sh  | 1 +
 Containers/watchtower/start.sh      | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index dba54e12..0882ebd7 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -33,7 +33,7 @@ if [ "$*" != "" ]; then
 fi
 
 # Check if socket is available and readable
-if ! [ -a "/var/run/docker.sock" ]; then
+if ! [ -e "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."
     echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
     echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 1575fac1..433a4ea7 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -234,6 +234,7 @@ DATADIR_PERMISSION_CONF
             if [ -z "$POSTGRES_PORT" ]; then
               POSTGRES_PORT=5432
             fi
+            # shellcheck disable=SC2153
             INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
             echo "Starting Nextcloud installation..."
diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh
index bec4d3a2..cf16e7a4 100644
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Check if socket is available and readable
-if ! [ -a "/var/run/docker.sock" ]; then
+if ! [ -e "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."
     exit 1
 elif ! test -r /var/run/docker.sock; then

From 7a12d5343e500e04ecb0ec12c05b77c792547f75 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 29 Jul 2025 16:05:18 +0200
Subject: [PATCH 3373/3949] nextcloud: allow to add  custom certs to
 Nextcloud's trusted cert store

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 433a4ea7..c37630e6 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -578,6 +578,24 @@ else
 fi
 # AIO app end # Do not remove or change this line!
 
+# Allow to add custom certs to Nextcloud's trusted cert store
+if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+    set -x
+    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
+    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
+    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
+    mkdir -p "$CERTIFICATES_ROOT_DIR"
+    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
+        # shellcheck disable=SC2001
+        CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')"
+        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
+            echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+            php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+        fi
+    done
+    set +x
+fi
+
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push

From b3d550b09fcf6e0a905329c169dc46cad8e5dff9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Aug 2025 17:14:37 +0000
Subject: [PATCH 3374/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.2 to 2.35.3.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/ccf2c627fe61b1b4d924adfcbd19d661a18133a0...20529878ed81ef8e78ddf08b480401e6101a850f)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 7ac407c4..b5b60b77 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+    - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 54bc0eb0..0b1708c9 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index d579b529..fdb771cc 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 926c6195..ebccf3a3 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 185a2410..e51f9065 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index dad5b0c6..b49dd152 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2
+        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
         with:
           php-version: 8.4
           extensions: apcu

From 14a169068cea1d5c38dc4633cb01e6a76c82613e Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 12 Aug 2025 04:14:35 +0000
Subject: [PATCH 3375/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 516a92aa..93ddb312 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.0@70cdf647255a1362b426bb0f522a85817b8c791c">
+<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>

From 45a4e9b1e2bb32a8042eca8cce15676590214904 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 12 Aug 2025 10:40:04 +0200
Subject: [PATCH 3376/3949] nextcloud: update link to opcache settings docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 33cabc39..e03dacb7 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -107,7 +107,7 @@ RUN set -ex; \
     } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
     \
 # set recommended PHP.ini settings
-# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+# see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache and below
     { \
         echo 'opcache.max_accelerated_files=10000'; \
         echo 'opcache.memory_consumption=256'; \

From 981bff08e6338060a9c5b060c17c3f1c0287f738 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Aug 2025 11:29:26 +0000
Subject: [PATCH 3377/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.0 to 8.19.1.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 4ada3ea2..3ab1971d 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.0
+FROM elasticsearch:8.19.1
 
 USER root
 

From 005544b308cf36259b52cf8973475b093537db65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 05:34:30 +0000
Subject: [PATCH 3378/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.1 to 8.19.2.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 3ab1971d..b8a39213 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.1
+FROM elasticsearch:8.19.2
 
 USER root
 

From 78c4d56fcfd06ca7bbd97b3d4d2282ef82924b06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 05:35:22 +0000
Subject: [PATCH 3379/3949] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.6 to v1.11.7.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: v1.11.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index da2af750..aabb1978 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower
 
 FROM alpine:3.22.1
 

From 4f07118a37be6b36ea73eac4b3d213bdecf8ed22 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 13 Aug 2025 14:05:31 +0200
Subject: [PATCH 3380/3949] nextcloud-entrypoint: do not wait indefinitely if
 FTS is not reachable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 79 +++++++++++++++++-------------
 1 file changed, 44 insertions(+), 35 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c37630e6..ca28f684 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -828,45 +828,54 @@ fi
 
 # Fulltextsearch
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
-    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do
+    count=0
+    while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
         echo "waiting for Fulltextsearch to become available..."
+        count=$((count+5))
         sleep 5
     done
-    if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
-        php /var/www/html/occ app:install fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable fulltextsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update fulltextsearch
-    fi    
-    if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
-        php /var/www/html/occ app:install fulltextsearch_elasticsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable fulltextsearch_elasticsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update fulltextsearch_elasticsearch
-    fi    
-    if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
-        php /var/www/html/occ app:install files_fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable files_fulltextsearch
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update files_fulltextsearch
-    fi
-    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
-    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+    if [ "$count" -ge 90 ]; then
+        echo "Fulltextsearch did not start in time. Skipping initialization and disabling fulltextsearch apps."
+        php /var/www/html/occ app:disable fulltextsearch
+        php /var/www/html/occ app:disable fulltextsearch_elasticsearch
+        php /var/www/html/occ app:disable files_fulltextsearch
+    else
+        if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+            php /var/www/html/occ app:install fulltextsearch
+        elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable fulltextsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update fulltextsearch
+        fi    
+        if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+            php /var/www/html/occ app:install fulltextsearch_elasticsearch
+        elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable fulltextsearch_elasticsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update fulltextsearch_elasticsearch
+        fi    
+        if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+            php /var/www/html/occ app:install files_fulltextsearch
+        elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable files_fulltextsearch
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update files_fulltextsearch
+        fi
+        php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
+        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
+        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
-    # Do the index
-    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
-        echo "Waiting 10s before activating FTS..."
-        sleep 10
-        echo "Activating fulltextsearch..."
-        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
-            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
-        else
-            echo "Fulltextsearch failed. Could not index."
-            echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+        # Do the index
+        if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
+            echo "Waiting 10s before activating FTS..."
+            sleep 10
+            echo "Activating fulltextsearch..."
+            if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
+                touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
+            else
+                echo "Fulltextsearch failed. Could not index."
+                echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+            fi
         fi
     fi
 else

From a429bf7b0f2cff8edbb7e5b0e55cc811823f8853 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Aug 2025 05:12:21 +0000
Subject: [PATCH 3381/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.3-alpine to 3.2.4-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index b14d553b..094d3fd5 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.3-alpine
+FROM haproxy:3.2.4-alpine
 
 # hadolint ignore=DL3002
 USER root

From d6c20a3ea3905b663e04df9302f00744dab6dec5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Aug 2025 05:13:40 +0000
Subject: [PATCH 3382/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.24.6-alpine3.22 to 1.25.0-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.0-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 2e39d5ee..3b70e229 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.6-alpine3.22 AS go
+FROM golang:1.25.0-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From c665bdf6365fcdb5e6888cf6963ff5ec0ca09b99 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 14 Aug 2025 08:36:10 +0000
Subject: [PATCH 3383/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index e03dacb7..76bb2aa1 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.7
+ENV NEXTCLOUD_VERSION=31.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 1ba5cca0c5b49160837178f2870c85554294f6e5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 14 Aug 2025 11:16:31 +0200
Subject: [PATCH 3384/3949] increase to 11.6.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2c63f491..596db85f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.5.0</h1>
+            <h1>Nextcloud AIO v11.6.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From b9e52fef5cb5f6980844b2caaf82d8ea983f1617 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 04:44:01 +0000
Subject: [PATCH 3385/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 17.5-alpine to 17.6-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-version: 17.6-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index b29739d7..2533a5d1 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
-FROM postgres:17.5-alpine
+FROM postgres:17.6-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From de2dfcc7ed5cb3ceaa17f89f64ccfef185e83f7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 04:44:08 +0000
Subject: [PATCH 3386/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.7-scratch to 2.11.8-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.8-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index adc1fb2b..c2be580b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.7-scratch AS nats
+FROM nats:2.11.8-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.22.1 AS janus

From 149febb8d3b72400c6e7ae8c82e21aa0598c953b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Aug 2025 07:51:58 +0000
Subject: [PATCH 3387/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.6-alpine3.22 to 3.13.7-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.7-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 0c2b78ed..40b01470 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.6-alpine3.22
+FROM python:3.13.7-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 25f0021a812df86ead48e6926eedf8c02f845fae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Aug 2025 14:25:49 +0000
Subject: [PATCH 3388/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.1.2 to v1.1.3.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.1.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index bbf0cc6e..02e9344f 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3
 
 USER root
 RUN set -ex; \

From 01dc07e8f1a0fa93043056f5122778fb6b3c51a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Aug 2025 16:10:27 +0000
Subject: [PATCH 3389/3949] build(deps): bump
 strukturag/nextcloud-spreed-signaling

Bumps strukturag/nextcloud-spreed-signaling from 2.0.3 to 2.0.4.

---
updated-dependencies:
- dependency-name: strukturag/nextcloud-spreed-signaling
  dependency-version: 2.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index adc1fb2b..9149e6bb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.11.7-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus
 
 ARG JANUS_VERSION=v1.3.2

From 74b8363f9d535ca09579b5164596fba78f12dc99 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Aug 2025 13:17:33 +0000
Subject: [PATCH 3390/3949] build(deps): bump azure/setup-helm in
 /.github/workflows

Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...1a275c3b69536ee54be43f2070a358922e12c8d4)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 .github/workflows/lint-helm.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 50b161ea..15248c33 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -32,7 +32,7 @@ jobs:
 
       # See https://github.com/helm/chart-releaser-action/issues/6
       - name: Set up Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
         with:
           version: v3.6.3
 
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 476c1925..d24c75d2 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
         with:
           version: v3.11.1
 

From 9ffb91bd04196ccbac5fd72e56389bb5645858a1 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Wed, 20 Aug 2025 22:23:09 +0200
Subject: [PATCH 3391/3949] Update stalwart.json

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/stalwart/stalwart.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
index e2061688..b9a48091 100644
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -48,7 +48,8 @@
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
-                "STALWART_USER_PASS=%STALWART_USER_PASS%"
+                "STALWART_USER_PASS=%STALWART_USER_PASS%",
+                "CLAMAV_ENABLED=%CLAMAV_ENABLED%"
             ],
             "secrets": [
                 "STALWART_USER_PASS"

From 0eb6bceb6fa15cd074ca35905c9dfb9661c0b05e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Aug 2025 12:03:50 +0000
Subject: [PATCH 3392/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 138 ++++++++++++++++++++++++++--------------------
 1 file changed, 79 insertions(+), 59 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 69161cfa..ea0361a5 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.11",
+            "version": "7.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "32f111a6d214564520a57831d397263e8946c1d2"
+                "reference": "f88054cc052e40dbe7b383c8817c19442d480352"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2",
-                "reference": "32f111a6d214564520a57831d397263e8946c1d2",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/f88054cc052e40dbe7b383c8817c19442d480352",
+                "reference": "f88054cc052e40dbe7b383c8817c19442d480352",
                 "shasum": ""
             },
             "require": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.1.1"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-06-03T07:45:57+00:00"
+            "time": "2025-08-16T11:10:48+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1398,7 +1398,7 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
@@ -1457,7 +1457,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1468,6 +1468,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -1477,7 +1481,7 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
@@ -1538,7 +1542,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1549,6 +1553,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -1558,7 +1566,7 @@
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
@@ -1614,7 +1622,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -1625,6 +1633,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -2602,16 +2614,16 @@
         },
         {
             "name": "composer/semver",
-            "version": "3.4.3",
+            "version": "3.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/semver.git",
-                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12"
+                "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
-                "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12",
+                "url": "https://api.github.com/repos/composer/semver/zipball/198166618906cb2de69b95d7d47e5fa8aa1b2b95",
+                "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95",
                 "shasum": ""
             },
             "require": {
@@ -2663,7 +2675,7 @@
             "support": {
                 "irc": "ircs://irc.libera.chat:6697/composer",
                 "issues": "https://github.com/composer/semver/issues",
-                "source": "https://github.com/composer/semver/tree/3.4.3"
+                "source": "https://github.com/composer/semver/tree/3.4.4"
             },
             "funding": [
                 {
@@ -2673,13 +2685,9 @@
                 {
                     "url": "https://github.com/composer",
                     "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
-                    "type": "tidelift"
                 }
             ],
-            "time": "2024-09-19T14:15:21+00:00"
+            "time": "2025-08-20T19:15:30+00:00"
         },
         {
             "name": "composer/xdebug-handler",
@@ -2986,16 +2994,16 @@
         },
         {
             "name": "fidry/cpu-core-counter",
-            "version": "1.2.0",
+            "version": "1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theofidry/cpu-core-counter.git",
-                "reference": "8520451a140d3f46ac33042715115e290cf5785f"
+                "reference": "db9508f7b1474469d9d3c53b86f817e344732678"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/8520451a140d3f46ac33042715115e290cf5785f",
-                "reference": "8520451a140d3f46ac33042715115e290cf5785f",
+                "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/db9508f7b1474469d9d3c53b86f817e344732678",
+                "reference": "db9508f7b1474469d9d3c53b86f817e344732678",
                 "shasum": ""
             },
             "require": {
@@ -3005,10 +3013,10 @@
                 "fidry/makefile": "^0.2.0",
                 "fidry/php-cs-fixer-config": "^1.1.2",
                 "phpstan/extension-installer": "^1.2.0",
-                "phpstan/phpstan": "^1.9.2",
-                "phpstan/phpstan-deprecation-rules": "^1.0.0",
-                "phpstan/phpstan-phpunit": "^1.2.2",
-                "phpstan/phpstan-strict-rules": "^1.4.4",
+                "phpstan/phpstan": "^2.0",
+                "phpstan/phpstan-deprecation-rules": "^2.0.0",
+                "phpstan/phpstan-phpunit": "^2.0",
+                "phpstan/phpstan-strict-rules": "^2.0",
                 "phpunit/phpunit": "^8.5.31 || ^9.5.26",
                 "webmozarts/strict-phpunit": "^7.5"
             },
@@ -3035,7 +3043,7 @@
             ],
             "support": {
                 "issues": "https://github.com/theofidry/cpu-core-counter/issues",
-                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.2.0"
+                "source": "https://github.com/theofidry/cpu-core-counter/tree/1.3.0"
             },
             "funding": [
                 {
@@ -3043,7 +3051,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-08-06T10:04:20+00:00"
+            "time": "2025-08-14T07:29:31+00:00"
         },
         {
             "name": "kelunik/certificate",
@@ -3330,16 +3338,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.0",
+            "version": "v5.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56"
+                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56",
-                "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
+                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
                 "shasum": ""
             },
             "require": {
@@ -3358,7 +3366,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "5.0-dev"
+                    "dev-master": "5.x-dev"
                 }
             },
             "autoload": {
@@ -3382,9 +3390,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1"
             },
-            "time": "2025-07-27T20:03:57+00:00"
+            "time": "2025-08-13T20:13:15+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3441,16 +3449,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.2",
+            "version": "5.6.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62"
+                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/92dde6a5919e34835c506ac8c523ef095a95ed62",
-                "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94f8051919d1b0369a6bcc7931d679a511c03fe9",
+                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9",
                 "shasum": ""
             },
             "require": {
@@ -3499,9 +3507,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.2"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.3"
             },
-            "time": "2025-04-13T19:20:35+00:00"
+            "time": "2025-08-01T19:43:32+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -4111,16 +4119,16 @@
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe"
+                "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
-                "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/380872130d3a5dd3ace2f4010d95125fde5d5c70",
+                "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70",
                 "shasum": ""
             },
             "require": {
@@ -4169,7 +4177,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4180,16 +4188,20 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-09T11:45:10+00:00"
+            "time": "2025-06-27T09:58:17+00:00"
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
@@ -4250,7 +4262,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4261,6 +4273,10 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
@@ -4270,16 +4286,16 @@
         },
         {
             "name": "symfony/polyfill-php84",
-            "version": "v1.32.0",
+            "version": "v1.33.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php84.git",
-                "reference": "000df7860439609837bbe28670b0be15783b7fbf"
+                "reference": "d8ced4d875142b6a7426000426b8abc631d6b191"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/000df7860439609837bbe28670b0be15783b7fbf",
-                "reference": "000df7860439609837bbe28670b0be15783b7fbf",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/d8ced4d875142b6a7426000426b8abc631d6b191",
+                "reference": "d8ced4d875142b6a7426000426b8abc631d6b191",
                 "shasum": ""
             },
             "require": {
@@ -4326,7 +4342,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.32.0"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.33.0"
             },
             "funding": [
                 {
@@ -4337,12 +4353,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-02-20T12:04:08+00:00"
+            "time": "2025-06-24T13:30:11+00:00"
         },
         {
             "name": "symfony/service-contracts",

From 3e71a789e123ac7c6c2b67293bba39837f763041 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Aug 2025 12:04:43 +0000
Subject: [PATCH 3393/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/server.conf.in | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in
index 85630d5a..8f437e30 100644
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients
 # For backend type "etcd":
 # Key prefix of backend entries. All keys below will be watched and assumed to
 # contain a JSON document with the following entries:
-# - "url": Url of the Nextcloud instance.
+# - "urls": List of urls of the Nextcloud instance.
+# - "url": Url of the Nextcloud instance (deprecated).
 # - "secret": Shared secret for requests from and to the backend servers.
 #
 # Additional optional entries:
@@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients
 # - "sessionlimit": Number of sessions that are allowed to connect.
 #
 # Example:
-# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
-# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
+# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...}
+# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...}
 #backendprefix = /signaling/backend
 
 # Allow any hostname as backend endpoint. This is extremely insecure and should
@@ -122,8 +123,8 @@ connectionsperhost = 8
 # Backend configurations as defined in the "[backend]" section above. The
 # section names must match the ids used in "backends" above.
 #[backend-id]
-# URL of the Nextcloud instance
-#url = https://cloud.domain.invalid
+# Comma-separated list of urls of the Nextcloud instance
+#urls = https://cloud.domain.invalid
 
 # Shared secret for requests from and to the backend servers. Leave empty to use
 # the common shared secret from above.
@@ -143,8 +144,8 @@ connectionsperhost = 8
 #maxscreenbitrate = 2097152
 
 #[another-backend]
-# URL of the Nextcloud instance
-#url = https://cloud.otherdomain.invalid
+# Comma-separated list of urls of the Nextcloud instance
+#urls = https://cloud.otherdomain.invalid
 
 # Shared secret for requests from and to the backend servers. Leave empty to use
 # the common shared secret from above.
@@ -179,6 +180,13 @@ connectionsperhost = 8
 # proxy server that is used.
 #maxscreenbitrate = 2097152
 
+# List of IP addresses / subnets that are allowed to be used by clients in
+# candidates. The allowed list has preference over the blocked list below.
+#allowedcandidates = 10.0.0.0/8
+
+# List of IP addresses / subnets to filter from candidates received by clients.
+#blockedcandidates = 1.2.3.0/24
+
 # For type "proxy": timeout in seconds for requests to the proxy server.
 #proxytimeout = 2
 

From 1e750fdcf61020eaf88d8a6c84328a444abbbbc9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 21 Aug 2025 15:05:59 +0200
Subject: [PATCH 3394/3949] collabora: add further caps

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 5c15c079..87746514 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -397,6 +397,8 @@
       "cap_add": [
         "MKNOD",
         "SYS_ADMIN",
+        "SYS_CHROOT",
+        "FOWNER",
         "CHOWN"
       ],
       "cap_drop": [

From afde995ac6fe6dab6c00bd43620bf2729bbd7b44 Mon Sep 17 00:00:00 2001
From: Thomas Lavocat <tlavocat@redhat.com>
Date: Thu, 21 Aug 2025 16:00:43 +0200
Subject: [PATCH 3395/3949] documentation: use force to prune docker resources

In the documentation there is reference of a manipulation to perform in
case the collabora container is missing some permissions to access the
filesystem, however `docker system prune` might not clean what's needed.
Adding `-a` is very broad however but will most definitely clean the
image.

Fixes #6776

Signed-off-by: Thomas Lavocat <tlavocat@redhat.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 9dc1aab5..9321f4fb 100644
--- a/readme.md
+++ b/readme.md
@@ -409,7 +409,7 @@ You can move the whole docker library and all its files including all Nextcloud
 
 1. Stop all the containers from the AIO Interface.
 2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`).
-3. You might also want to prune your Docker (`docker system prune`) (no data will be lost).
+3. You might also want to prune your Docker (`docker system prune -a`) (no data will be lost).
 4. Restart your containers from the AIO Interface.
 
 This should solve the problem.

From c3d1d96d1905909f397fe17d768ab2a47039306e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Aug 2025 11:32:53 +0000
Subject: [PATCH 3396/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml           | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 ++++----
 .../templates/nextcloud-aio-clamav-service.yaml           | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-collabora-service.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 .../templates/nextcloud-aio-database-service.yaml         | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml             | 4 ++--
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 6 +++---
 .../templates/nextcloud-aio-whiteboard-service.yaml       | 2 +-
 27 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 8e013c81..ac1e2abb 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.5.0
+version: 11.6.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4375d0bb..0ad86edc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index f496a3f8..404ee626 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 73f8dd8e..e34de43f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 67a05650..8dc8597d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 57f07917..830a9a9f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index 081a8131..ebe7bf3f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 0b32650c..c550779f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index e0abad63..9451d908 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 512f3f28..79c5b8f0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index 29dc4871..ae759475 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 48b88216..206ac177 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index 28bc08be..a5fb3266 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 54879be4..84e79629 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 6394b6fc..18cf84d8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index e4b4a88f..fda97c0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 58bc411b..2b7bfccd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 19a56a42..0ceebe1f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 08ea4965..6ff9afa1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 4a5fa0df..f12da040 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index 3deae463..af82a0bb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 837665ce..2432c09f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 4408d64f..49401e8a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 9fe10d57..4410ed72 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 1b7f1a05..675a2729 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -28,7 +28,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index cf25046d..14c42eb8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.36.0 (ae2a39403)
+        kompose.version: 1.37.0 (fb0539e64)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index 29232bee..8c8cb5aa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.36.0 (ae2a39403)
+    kompose.version: 1.37.0 (fb0539e64)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From 49aa732ec5fb41a2e54888422387a8534e72c518 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Fri, 22 Aug 2025 04:43:55 -0700
Subject: [PATCH 3397/3949] add CGNAT range to Caddy and document support for
 additional trusted proxies to rp docs (#6703)

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/start.sh            |  4 ++-
 php/src/Data/ConfigurationManager.php |  2 +-
 php/templates/containers.twig         |  2 +-
 reverse-proxy.md                      | 36 ++++++++++++++++++++++-----
 4 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 9d69eb47..5a85aa08 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -46,7 +46,9 @@ echo "$CADDYFILE" > /tmp/Caddyfile
 
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
+    # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
+    # See https://github.com/nextcloud/all-in-one/pull/6703 for reference
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)"
 else
     CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
 fi
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index bfc59f7c..257e69d0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -389,7 +389,7 @@ class ConfigurationManager
                 if ($port === '443') {
                     $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
                 } else {
-                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
+                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug in order to debug things!');
                 }
                 throw new InvalidSettingConfigurationException($notice);
             }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 596db85f..dbb37208 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -123,7 +123,7 @@
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
                                     {% if apache_port != '443' %}
-                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things.</p>
+                                        <p>If you run into issues with your domain being accepted, see <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug">these steps</a> for how to debug things.</p>
                                     {% endif %}
                                     <p><strong>Hint:</strong> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.</p>
                                 </details>
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 84aad3d1..7ad5e97b 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -42,7 +42,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
 - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
@@ -51,7 +51,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 </details>
 
 > [!Note] 
-> If you run into troubles, see [the debug section](#6-how-to-debug-things).
+> If you run into troubles, see [the debug section](#7-how-to-debug-things).
 
 ---
 
@@ -68,8 +68,9 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
-1. Optional: how to debug things? See [point 6](#6-how-to-debug-things)
+1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001)
+1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
+1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
 
 ## 1. Configure the reverse proxy
 
@@ -990,7 +991,28 @@ After starting AIO, you should be able to access the AIO Interface via `https://
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: get a valid certificate for the AIO interface
+## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
+If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
+
+<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
+
+### Nextcloud trusted proxies
+Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
+
+```
+sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy
+```
+
+### Collabora WOPI allow list
+If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
+
+<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
+
+### External reverse proxies connecting via VPN (e.g. Tailscale)
+
+If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect.
+
+## 6. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -1007,7 +1029,9 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 6. How to debug things?
+## 7. How to debug things?
+<a id="how-to-debug"></a> <!-- for external linking -->
+<a id="6-how-to-debug-things"></a> <!-- For backwards compatibility-->
 
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!

From dd495d76a175814cb4cdc9682efb2eacdebfbc53 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Fri, 22 Aug 2025 04:47:29 -0700
Subject: [PATCH 3398/3949] Add support for bypass_container_update param for
 easier local build and testing (#6702)

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
Co-authored-by: Alan Savage <asavage@ifrit.internal>
Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile   | 17 +++++++----------
 Containers/nextcloud/Dockerfile         | 24 ++++++++++--------------
 develop.md                              | 25 +++++++++++++++++++------
 php/public/index.php                    |  2 ++
 php/src/Controller/DockerController.php |  8 +++++++-
 php/templates/containers.twig           |  1 +
 6 files changed, 46 insertions(+), 31 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c6b7cafa..395fa645 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -8,9 +8,6 @@ FROM caddy:2.10.0-alpine AS caddy
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
 FROM php:8.4.11-fpm-alpine3.22
 
-ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git"
-ARG AIO_GIT_BRANCH="main"
-
 EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
@@ -18,6 +15,13 @@ EXPOSE 8443
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 
+COPY community-containers /var/www/docker-aio/community-containers
+COPY php /var/www/docker-aio/php
+COPY --chmod=775 Containers/mastercontainer/*.sh /
+COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
+COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
+COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
+
 WORKDIR /var/www/docker-aio
 
 # hadolint ignore=SC2086,DL3047,DL3003,DL3004
@@ -67,8 +71,6 @@ RUN set -ex; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
-    git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
     rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
@@ -120,11 +122,6 @@ RUN set -ex; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-COPY --chmod=775 *.sh /
-COPY --chmod=664 Caddyfile /Caddyfile
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
-
 LABEL org.label-schema.vendor="Nextcloud"
 
 # hadolint ignore=DL3002
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 76bb2aa1..a46f649c 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -13,11 +13,15 @@ ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
-COPY --chmod=775 *.sh /
-COPY --chmod=774 upgrade.exclude /upgrade.exclude
-COPY config/*.php /
-COPY supervisord.conf /supervisord.conf
-COPY root.motd /root.motd
+COPY --chmod=775 Containers/nextcloud/*.sh /
+COPY --chmod=774 Containers/nextcloud/upgrade.exclude /upgrade.exclude
+COPY Containers/nextcloud/config/*.php /
+COPY Containers/nextcloud/supervisord.conf /supervisord.conf
+
+# AIO cloning start # Do not remove or change this line!
+COPY app /usr/src/nextcloud/apps/nextcloud-aio
+COPY Containers/nextcloud/root.motd /root.motd
+# AIO cloning end # Do not remove or change this line!
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html
@@ -242,15 +246,7 @@ RUN set -ex; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
     \
-# AIO cloning start # Do not remove or change this line!
-    rm -rf /tmp/nextcloud-aio && \
-    mkdir -p /tmp/nextcloud-aio && \
-    cd /tmp/nextcloud-aio && \
-    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
-    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
-# AIO cloning end # Do not remove or change this line!
+    echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
     \
     chown www-data:root -R /usr/src && \
     chmod 777 -R /usr/local/etc/php/conf.d && \
diff --git a/develop.md b/develop.md
index abf52208..6c5faf2d 100644
--- a/develop.md
+++ b/develop.md
@@ -26,7 +26,7 @@ Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
 
 ## How to test things correctly?
-Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. 
+Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml.
 
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
@@ -48,12 +48,25 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 ## How to connect to the database?
 Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.
 
-## How to locally build and test changes to mastercontainer?
-1. Push changes to your own git fork and branch.
-1. Use below commands to build mastercontainer image for a custom git url and branch:
+## How to locally build and test changes to mastercontainer
+1. Ensure you are on the developer channel per the instructions above.
+1. Use the commands below from the project root to build the mastercontainer image:
 ```
-cd Containers/mastercontainer
-docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load .
+docker buildx build --file Containers/mastercontainer/Dockerfile --tag ghcr.io/nextcloud-releases/all-in-one:develop --load .
 ```
 1. Start a container with above built image.
 1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update`
+
+## How to locally build and test changes to other containers using the bypass_container_update param
+1. Ensure you are on the developer channel per the instructions above.
+1. Use the commands below from the project root to build the container image:
+```
+# For the "nextcloud" container
+docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextcloud-releases/aio-nextcloud:develop --load .
+
+# For all other containers
+docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container}
+```
+1. Stop the containers using the AIO admin interface.
+1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
+1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text.
diff --git a/php/public/index.php b/php/public/index.php
index 712f1463..aac83826 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -86,6 +86,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
     $params = $request->getQueryParams();
     $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
+    $bypass_container_update = isset($params['bypass_container_update']);
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
@@ -136,6 +137,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
+        'bypass_container_update' => $bypass_container_update,
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f9aa6379..8c45e5a6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -191,8 +191,14 @@ readonly class DockerController {
         $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
 
+        // Do not pull container images in case 'bypass_container_update' is set via url params
+        // Needed for local testing
+        $pullImage = !isset($request->getParsedBody()['bypass_container_update']);
+        if ($pullImage === false) {
+            error_log('WARNING: Not pulling container images. Instead, using local ones.');
+        }
         // Start container
-        $this->startTopContainer(true);
+        $this->startTopContainer($pullImage);
 
         // Clear apcu cache in order to check if container updates are available
         // Temporarily disabled as it leads much faster to docker rate limits
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index dbb37208..2c9e4cd5 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -352,6 +352,7 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>
                                 {% endif %}

From 423ba1cc3c34269abbb09192bc3e3ccd2e374f76 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 22 Aug 2025 13:51:35 +0200
Subject: [PATCH 3399/3949] talk: update script to use the new urls syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index b07f5bc9..f89949f3 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -98,7 +98,7 @@ connectionsperhost = 8
 skipverify = ${SKIP_CERT_VERIFY}
 
 [backend-1]
-url = https://${NC_DOMAIN}
+urls = https://${NC_DOMAIN}
 secret = ${SIGNALING_SECRET}
 maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}

From 13b09e2497cde1a57a073d8b7597cf89d7443600 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 22 Aug 2025 12:03:41 +0000
Subject: [PATCH 3400/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 867f848b..236ab444 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -267,6 +267,8 @@ services:
     cap_add:
       - MKNOD
       - SYS_ADMIN
+      - SYS_CHROOT
+      - FOWNER
       - CHOWN
     cap_drop:
       - NET_RAW

From 52975f35ee86b898706d8ca3c5609d32950b4653 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 23 Aug 2025 12:02:56 +0000
Subject: [PATCH 3401/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ea0361a5..889b34f4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -134,16 +134,16 @@
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.2.0",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
-                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
                 "shasum": ""
             },
             "require": {
@@ -151,7 +151,7 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "type": "library",
             "extra": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.2.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.0"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T13:27:01+00:00"
+            "time": "2025-08-22T14:34:08+00:00"
         },
         {
             "name": "guzzlehttp/psr7",

From 676398f3af6d8376a52422a4d21b6e8494eef4f1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 24 Aug 2025 12:02:49 +0000
Subject: [PATCH 3402/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 889b34f4..36729b94 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.9.3",
+            "version": "7.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
-                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
-                "guzzlehttp/psr7": "^2.7.0",
+                "guzzlehttp/promises": "^2.3",
+                "guzzlehttp/psr7": "^2.8",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
             },
             "funding": [
                 {
@@ -130,7 +130,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T13:37:11+00:00"
+            "time": "2025-08-23T22:36:01+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -217,16 +217,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.7.1",
+            "version": "2.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
+                "reference": "21dc724a0583619cd1652f673303492272778051"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
-                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051",
+                "reference": "21dc724a0583619cd1652f673303492272778051",
                 "shasum": ""
             },
             "require": {
@@ -242,7 +242,7 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "0.9.0",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.8.0"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-03-27T12:30:47+00:00"
+            "time": "2025-08-23T21:21:41+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

From 0ddc2d4ea90d1cf000ef3962f26fd13da028dd18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Aug 2025 06:43:28 +0000
Subject: [PATCH 3403/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.2.1 to 25.04.4.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.4.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index b6088f30..ac8ed4b9 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.2.1
+FROM collabora/code:25.04.4.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 913179c7a697f161fdac425eaff51d7a3845917d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 25 Aug 2025 12:13:50 +0000
Subject: [PATCH 3404/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 36729b94..578378e4 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1150,22 +1150,22 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.14.0",
+            "version": "4.15.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "5943393b88716eb9e82c4161caa956af63423913"
+                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/5943393b88716eb9e82c4161caa956af63423913",
-                "reference": "5943393b88716eb9e82c4161caa956af63423913",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
+                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "nikic/fast-route": "^1.3",
-                "php": "^7.4 || ^8.0",
+                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
@@ -1174,7 +1174,7 @@
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "require-dev": {
-                "adriansuter/php-autoload-override": "^1.4",
+                "adriansuter/php-autoload-override": "^1.4 || ^2",
                 "ext-simplexml": "*",
                 "guzzlehttp/psr7": "^2.6",
                 "httpsoft/http-message": "^1.1",
@@ -1184,12 +1184,12 @@
                 "nyholm/psr7-server": "^1.1",
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
-                "phpstan/phpstan": "^1.11",
+                "phpstan/phpstan": "^1 || ^2",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
                 "squizlabs/php_codesniffer": "^3.10",
-                "vimeo/psalm": "^5.24"
+                "vimeo/psalm": "^5 || ^6"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1216,17 +1216,17 @@
                 {
                     "name": "Andrew Smith",
                     "email": "a.smith@silentworks.co.uk",
-                    "homepage": "http://silentworks.co.uk"
+                    "homepage": "https://silentworks.co.uk"
                 },
                 {
                     "name": "Rob Allen",
                     "email": "rob@akrabat.com",
-                    "homepage": "http://akrabat.com"
+                    "homepage": "https://akrabat.com"
                 },
                 {
                     "name": "Pierre Berube",
                     "email": "pierre@lgse.com",
-                    "homepage": "http://www.lgse.com"
+                    "homepage": "https://www.lgse.com"
                 },
                 {
                     "name": "Gabriel Manricks",
@@ -1262,7 +1262,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-06-13T08:54:48+00:00"
+            "time": "2025-08-20T18:16:16+00:00"
         },
         {
             "name": "slim/twig-view",

From 6d44c1d47784a105998dba9baa3745f982032d79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Aug 2025 01:05:44 +0000
Subject: [PATCH 3405/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.3 to 2.35.4.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/20529878ed81ef8e78ddf08b480401e6101a850f...ec406be512d7077f68eed36e63f4d91bc006edc4)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index b5b60b77..14efd520 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+    - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 0b1708c9..30f6831b 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index fdb771cc..4022272f 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index ebccf3a3..ba33886b 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index e51f9065..2e12971d 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index b49dd152..e02ccb5b 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 84f92cd0ac95924de62c47bf25e0065eaebf3f76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Aug 2025 12:53:34 +0000
Subject: [PATCH 3406/3949] build(deps): bump actions/checkout from 4 to 5 in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 51548e24..9104a88d 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Check spelling
         uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 2df5173d..eddc2be1 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 14efd520..cb3eb33d 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index b1a2cd87..1551c48a 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 15248c33..ec4eec6a 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Turnstyle
         uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 707a4d7d..4b7fe096 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 3db0032d..e22ca689 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index d24c75d2..650ae709 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 30f6831b..1beac885 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 96ecef69..7d153d7b 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 4022272f..62aea81e 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8ddc2712..d93fd5e7 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index ba33886b..a35394aa 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 2e12971d..ea70f8e8 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -26,7 +26,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index d474d95f..4924d9bc 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 1b541dd4..ed04851a 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index e02ccb5b..93c4b572 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index fa00f9b1..364b3aae 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 9b261a78..b10fb430 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index dca81879..d8c6c6e0 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh

From 681cd2cb17519abb9f5c93492a8a9453d07108a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Aug 2025 13:55:56 +0000
Subject: [PATCH 3407/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.4.3.1 to 25.04.5.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index ac8ed4b9..f86d2f61 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.4.3.1
+FROM collabora/code:25.04.5.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From bc04ee6aeae6a469976b78c26984e0d22be5500f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 05:49:58 +0000
Subject: [PATCH 3408/3949] build(deps): bump caddy in
 /Containers/mastercontainer

Bumps caddy from 2.10.0-alpine to 2.10.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 395fa645..19b621cb 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -3,7 +3,7 @@
 FROM docker:28.3.3-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
 FROM php:8.4.11-fpm-alpine3.22

From 1e579b049e2104101747e3303f4541605852da04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 05:55:45 +0000
Subject: [PATCH 3409/3949] build(deps): bump caddy in /Containers/apache

Bumps caddy from 2.10.0-alpine to 2.10.2-alpine.

---
updated-dependencies:
- dependency-name: caddy
  dependency-version: 2.10.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 58e2ae05..d9602864 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.65-alpine3.22

From a2394e4621c0871a9cbbb9d8b67a96dd4579f407 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 27 Aug 2025 19:22:28 +0200
Subject: [PATCH 3410/3949] clamav: set permissions for `/var/lib/clamav`
 correctly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index d00e34a7..c7353629 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,8 +4,9 @@ FROM alpine:3.22.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache tzdata clamav supervisor bash; \
-    mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \
+    mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \

From 3badbf2d05754f7d6c18bc6e62a341bfac18a94c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Aug 2025 15:59:37 +0200
Subject: [PATCH 3411/3949] compose.yaml: move the security_opt setting up for
 easier discovery

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 93a6b7af..361c8a3f 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -12,6 +12,7 @@ services:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    # security_opt: ["label:disable"] # Is needed when using SELinux
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
@@ -35,7 +36,6 @@ services:
       # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-    # security_opt: ["label:disable"] # Is needed when using SELinux
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
 #   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439

From e2518d93a8fe395b6a2d7d80737b9a8108c9210e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 04:20:22 +0000
Subject: [PATCH 3412/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.11-fpm-alpine3.22 to 8.4.12-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.12-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 19b621cb..223d2b92 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.3.3-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.11-fpm-alpine3.22
+FROM php:8.4.12-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From b9a840904795eafaeff2717377e4cbe327a0215c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 04:20:39 +0000
Subject: [PATCH 3413/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.24-fpm-alpine3.22 to 8.3.25-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.25-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a46f649c..68902f33 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.24-fpm-alpine3.22
+FROM php:8.3.25-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 2e54b15544490f6d1cd4112cd6758bcf32929e30 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lo.mosca.ti@gmail.com>
Date: Fri, 29 Aug 2025 10:16:13 +0200
Subject: [PATCH 3414/3949] Add docs how to adjust MTU size of the docker
 network (#6779)

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 compose.yaml | 10 +++++++++-
 readme.md    | 10 ++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/compose.yaml b/compose.yaml
index 361c8a3f..dae365c6 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -7,7 +7,8 @@ services:
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
       - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
-    network_mode: bridge # add to the same network as docker run would do
+    network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
+    # networks: ["nextcloud-aio"]
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
@@ -69,3 +70,10 @@ volumes: # If you want to store the data on a different drive, see https://githu
   # caddy_config:
   # caddy_data:
   # caddy_sites:
+
+# # Adjust the MTU size of the docker network. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-mtu-size-of-the-docker-network
+# networks:
+#   nextcloud-aio:
+#     name: nextcloud-aio
+#     driver_opts:
+#       com.docker.network.driver.mtu: 1440
diff --git a/readme.md b/readme.md
index 9321f4fb..47bb1e50 100644
--- a/readme.md
+++ b/readme.md
@@ -171,6 +171,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma
     - [How to skip the domain validation?](#how-to-skip-the-domain-validation)
     - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
     - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
+    - [How to adjust the MTU size of the docker network](#how-to-adjust-the-mtu-size-of-the-docker-network)
 - [Infrastructure](#infrastructure)
     - [Which CPU architectures are supported?](#which-cpu-architectures-are-supported)
     - [Disrecommended VPS providers](#disrecommended-vps-providers)
@@ -353,6 +354,15 @@ See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
+### How to adjust the MTU size of the docker network
+You can adjust the MTU size of the docker network by creating it beforehand with the custom MTU:
+```
+docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio
+```
+When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration.
+
+If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details.
+
 ## Infrastructure
 
 ### Which CPU architectures are supported?

From 78bbb8a1111eeca83e05933ad1d00d7afdedcfc4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 28 Aug 2025 16:08:33 +0200
Subject: [PATCH 3415/3949] compose.yaml: add some more explanation and links
 to docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index dae365c6..e916d85a 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,8 +1,8 @@
 services:
   nextcloud-aio-mastercontainer:
-    image: ghcr.io/nextcloud-releases/all-in-one:latest
-    init: true
-    restart: always
+    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
@@ -11,9 +11,9 @@ services:
     # networks: ["nextcloud-aio"]
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      - 8080:8080
+      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-    # security_opt: ["label:disable"] # Is needed when using SELinux
+    # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

From 76be50d42d7b1aa24184e5a8fec8bbab212c25af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 10:52:06 +0200
Subject: [PATCH 3416/3949] increase to 11.7.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2c9e4cd5..61eed40d 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.6.0</h1>
+            <h1>Nextcloud AIO v11.7.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 5f067cc03ef4b2bda838b31417722c082319b60f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 11:00:37 +0200
Subject: [PATCH 3417/3949] clamav: fix initial freshclam update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index c7353629..216ea1c9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -12,14 +12,15 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
-    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
-    freshclam --foreground --stdout
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 COPY --chmod=664 supervisord.conf /supervisord.conf
 
 USER 100
+RUN set -ex; \
+    freshclam --foreground --stdout
 VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

From 0f84872fbf8e2ead9c464ad8ee77e06705ea320f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 29 Aug 2025 11:21:42 +0200
Subject: [PATCH 3418/3949] fix start and update of containers after #6702

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 61eed40d..e9b7ce7c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -352,7 +352,9 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                        {% if bypass_container_update == true %}
+                                            <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                        {% endif %}
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>
                                 {% endif %}

From 1f7ccba5c8a782a0d3711516c6712f164fecb17f Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Thu, 19 Jun 2025 19:18:49 -0700
Subject: [PATCH 3419/3949] Configure WOPI requests to remain within the Docker
 network

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 1 +
 php/containers.json         | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 64fb5f93..bda4c44c 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,6 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
+http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By
diff --git a/php/containers.json b/php/containers.json
index c9d57466..d71c085f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
       ],
       "profiles": [
         "collabora"

From b26b2b440028031c7aa3d1df7abe94343607982b Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Sat, 30 Aug 2025 10:24:45 -0700
Subject: [PATCH 3420/3949] Use nextcloud-aio-apache for the wopi-url

This makes all the WOPI requests go through a single point
making debugging easier.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index d71c085f..8de22b0f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
       ],
       "profiles": [
         "collabora"

From 43b04b36f5445799be8a04e04bc42600a9018fd0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Sep 2025 21:04:22 +0200
Subject: [PATCH 3421/3949] update docs with new tailscale guide

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 compose.yaml                  |  2 +-
 local-instance.md             |  2 +-
 php/templates/containers.twig |  2 +-
 readme.md                     | 14 +++++++-------
 reverse-proxy.md              |  4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index e916d85a..f2026388 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -39,7 +39,7 @@ services:
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
-#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
+#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/6817
 #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
 #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 #   caddy:
diff --git a/local-instance.md b/local-instance.md
index 4633bc08..1da26280 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -9,7 +9,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
 - [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
 
 ## 1. Tailscale
-This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ## 2. The normal way
 The normal way is the following:
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e9b7ce7c..50c1de88 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -118,7 +118,7 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6817">Tailscale</a></p>
                                     <p>If you have a dynamic public IP-address, you can use e.g. <a target="_blank" href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a target="_blank" href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
diff --git a/readme.md b/readme.md
index 47bb1e50..4c0712aa 100644
--- a/readme.md
+++ b/readme.md
@@ -32,7 +32,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
+- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -282,7 +282,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router
 
 ### Notes on Cloudflare (proxy/tunnel)
-Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
+Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if possible.
 - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
 - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
@@ -300,7 +300,7 @@ Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed b
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
 ### How to run Nextcloud via Tailscale?
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
 You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
@@ -309,22 +309,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
 
 ### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817).
 
 ### Can I run AIO offline or in an airgapped system?
 No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
 
 ### Are self-signed certificates supported for Nextcloud?
-No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
+No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817).
 
 ### Can I use AIO with multiple domains?
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
+No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online.
 
 ### How can I access Nextcloud locally?
 Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 7ad5e97b..e07a54c8 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -4,7 +4,7 @@
 > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
 
 > [!TIP]
-> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
+> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
 
 ## Introduction
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
@@ -905,7 +905,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 <summary>click here to expand</summary>
 
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 </details>
 

From e255f298188ca731e5ce1be96259a8af28581ebb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 20:59:02 +0000
Subject: [PATCH 3422/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.2 to 8.19.3.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index b8a39213..ff683d33 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.2
+FROM elasticsearch:8.19.3
 
 USER root
 

From 213388b65d3690e8c435dcd3da6a653d91028764 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 4 Sep 2025 12:16:12 +0000
Subject: [PATCH 3423/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 +++++++++++++--------------
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 223d2b92..99b199e3 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -49,7 +49,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.26; \
+    pecl install APCu-5.1.27; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index 578378e4..34e3534b 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -502,16 +502,16 @@
         },
         {
             "name": "php-di/invoker",
-            "version": "2.3.6",
+            "version": "2.3.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Invoker.git",
-                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576"
+                "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576",
-                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576",
+                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/3c1ddfdef181431fbc4be83378f6d036d59e81e1",
+                "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1",
                 "shasum": ""
             },
             "require": {
@@ -521,7 +521,7 @@
             "require-dev": {
                 "athletic/athletic": "~0.1.8",
                 "mnapoli/hard-mode": "~0.3.0",
-                "phpunit/phpunit": "^9.0"
+                "phpunit/phpunit": "^9.0 || ^10 || ^11 || ^12"
             },
             "type": "library",
             "autoload": {
@@ -545,7 +545,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/Invoker/issues",
-                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.6"
+                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.7"
             },
             "funding": [
                 {
@@ -553,7 +553,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-01-17T12:49:27+00:00"
+            "time": "2025-08-30T10:22:22+00:00"
         },
         {
             "name": "php-di/php-di",
@@ -1727,16 +1727,16 @@
     "packages-dev": [
         {
             "name": "amphp/amp",
-            "version": "v3.1.0",
+            "version": "v3.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/amp.git",
-                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9"
+                "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/amp/zipball/7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
-                "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9",
+                "url": "https://api.github.com/repos/amphp/amp/zipball/fa0ab33a6f47a82929c38d03ca47ebb71086a93f",
+                "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f",
                 "shasum": ""
             },
             "require": {
@@ -1796,7 +1796,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/amp/issues",
-                "source": "https://github.com/amphp/amp/tree/v3.1.0"
+                "source": "https://github.com/amphp/amp/tree/v3.1.1"
             },
             "funding": [
                 {
@@ -1804,7 +1804,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-01-26T16:07:39+00:00"
+            "time": "2025-08-27T21:42:00+00:00"
         },
         {
             "name": "amphp/byte-stream",
@@ -2037,16 +2037,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.3.1",
+            "version": "v2.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "5113111de02796a782f5d90767455e7391cca190"
+                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/5113111de02796a782f5d90767455e7391cca190",
-                "reference": "5113111de02796a782f5d90767455e7391cca190",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce",
+                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce",
                 "shasum": ""
             },
             "require": {
@@ -2109,7 +2109,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.1"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.2"
             },
             "funding": [
                 {
@@ -2117,7 +2117,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-21T01:56:09+00:00"
+            "time": "2025-08-27T21:55:40+00:00"
         },
         {
             "name": "amphp/parser",
@@ -3571,16 +3571,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.2.0",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8"
+                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
-                "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495",
+                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495",
                 "shasum": ""
             },
             "require": {
@@ -3612,9 +3612,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0"
             },
-            "time": "2025-07-13T07:04:09+00:00"
+            "time": "2025-08-30T15:50:23+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.24",
+            "version": "v6.4.25",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350"
+                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
-                "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350",
+                "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
+                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.24"
+                "source": "https://github.com/symfony/console/tree/v6.4.25"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-30T10:38:54+00:00"
+            "time": "2025-08-22T10:21:53+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4449,16 +4449,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.2",
+            "version": "v7.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca"
+                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca",
-                "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca",
+                "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
+                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
                 "shasum": ""
             },
             "require": {
@@ -4516,7 +4516,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.2"
+                "source": "https://github.com/symfony/string/tree/v7.3.3"
             },
             "funding": [
                 {
@@ -4536,7 +4536,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-10T08:47:49+00:00"
+            "time": "2025-08-25T06:35:40+00:00"
         },
         {
             "name": "vimeo/psalm",

From b65ee977027c25f6fae875e5cd44a27bd9945c5b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 4 Sep 2025 12:18:45 +0000
Subject: [PATCH 3424/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 68902f33..554a101b 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -83,7 +83,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.26; \
+    pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \

From 8d5726af7c7d8428b3e6217f7b0f057f250349ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 14:18:48 +0000
Subject: [PATCH 3425/3949] build(deps): bump actions/setup-node from 4 to 5 in
 /.github/workflows

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8ddc2712..2f2a4363 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version: lts/*
 

From 5f4fae140acedf2099b076b3c659abfe8cc3ae70 Mon Sep 17 00:00:00 2001
From: Alan Savage <asavageiv@users.noreply.github.com>
Date: Thu, 4 Sep 2025 08:57:40 -0700
Subject: [PATCH 3426/3949] Make APACHE_HOST an optional param in
 apache/Caddyfile

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Alan Savage <asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index bda4c44c..9b5362b1 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
+http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By

From bccdb62e80b970da327d043cd7335e8e11751c3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 04:21:14 +0000
Subject: [PATCH 3427/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.3.3-cli to 28.4.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.4.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 223d2b92..a4b93ad8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.3.3-cli AS docker
+FROM docker:28.4.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From f5dfa3193c6168214c9e0ce4b9046cbfce1993de Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 04:21:52 +0000
Subject: [PATCH 3428/3949] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from v1.11.7 to 1.11.8.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.7...v1.11.8)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.11.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index aabb1978..82472ec7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower
 
 FROM alpine:3.22.1
 

From 1e9afb833ce344fdf79b9abe9b5ebed04f5379b8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 5 Sep 2025 12:12:33 +0200
Subject: [PATCH 3429/3949] fix update-helm script detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d3a84a9c..80882854 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091

From d50e1d2dfcc1f22685371997c06e7c65427b5431 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 5 Sep 2025 10:14:26 +0000
Subject: [PATCH 3430/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 +++-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index ac1e2abb..e406a494 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.6.0
+version: 11.7.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 0ad86edc..7a103567 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e34de43f..c3e022fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 830a9a9f..f49da097 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617
           readinessProbe:
             exec:
               command:
@@ -61,5 +61,7 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
+                - SYS_CHROOT
+                - FOWNER
                 - CHOWN
 {{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index c550779f..5edd6701 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 79c5b8f0..663e3438 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 206ac177..61ad3e5c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 84e79629..6d93dd7d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index fda97c0e..eabd0372 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0ceebe1f..e94a1a93 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index f12da040..8cb961ed 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 2432c09f..d3b8ee2a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 49401e8a..d54a6376 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 14c42eb8..9729c473 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617
           readinessProbe:
             exec:
               command:

From ca0e7980b3b5732d82320d05debc956c1025e92c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 5 Sep 2025 12:57:57 +0200
Subject: [PATCH 3431/3949] increase to 11.8.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 50c1de88..e686e3a8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.7.0</h1>
+            <h1>Nextcloud AIO v11.8.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d2e944f7dc0ae461497bd385ec233e1012dddabd Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Fri, 5 Sep 2025 06:18:18 -0700
Subject: [PATCH 3432/3949] Use a fixed port for internal WOPI requests and
 callbacks

This fixes the issue where Caddy fails to start when APACHE_PORT
was 443.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 Containers/apache/Caddyfile | 2 +-
 php/containers.json         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 9b5362b1..4b92d807 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback
+http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By
diff --git a/php/containers.json b/php/containers.json
index 998adc5e..4506c09e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
       ],
       "profiles": [
         "collabora"

From f37d857b7b29c785edc2063117f7d64dd2996bb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 04:30:50 +0000
Subject: [PATCH 3433/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.1-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 3b70e229..afeb69a4 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.0-alpine3.22 AS go
+FROM golang:1.25.1-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From bb342bc64ac6d7ff0dddd8594ba253d3268c25a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Sep 2025 11:10:02 +0200
Subject: [PATCH 3434/3949] facerecognition-cc: update json to use actual
 secret for api key

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/facerecognition/facerecognition.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json
index 4078bada..d97d5c08 100644
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -10,18 +10,21 @@
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key",
+                "API_KEY=%FACERECOGNITION_API_KEY%",
                 "FACE_MODEL=3"
             ],
             "aio_variables": [
                 "nextcloud_memory_limit=2048M"
             ],
+            "secrets": [
+                "FACERECOGNITION_API_KEY"
+            ],
             "enable_nvidia_gpu": false,
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
                 "php /var/www/html/occ app:enable facerecognition", 
                 "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
-                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
+                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value %FACERECOGNITION_API_KEY%",
                 "php /var/www/html/occ face:setup -m 5",
                 "php /var/www/html/occ face:setup -M 1G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",

From 6648cfbd65a98225aa1171c90c2a14bdfd45ab56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 12:35:20 +0000
Subject: [PATCH 3435/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/807f6009e7cee5c2c9faa41ccef03a8bb24b06ab...bff843227669a0c34c7f791ebd53a4b7c2a3febd)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 15248c33..ce40e195 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
+        uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2
         with:
           continue-after-seconds: 180
         env:

From ee2f1fa262ca9014da31c88ca1dfa313c8789259 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 9 Sep 2025 20:46:40 +0200
Subject: [PATCH 3436/3949] aio-interface setup page: fall back to system fonts
 if monospace does not exist

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/style.css b/php/public/style.css
index 107463b5..e3b24700 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -220,7 +220,7 @@ svg:not(:has(use)) .fallback-text {
 }
 
 .login > .monospace {
-    font-family: monospace;
+    font-family: monospace, monospace, system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
     font-size: 17px;
 }
 

From 29c093afaec391e8eee896222aa733b9a7a9c9ae Mon Sep 17 00:00:00 2001
From: Alan Savage <3028205+asavageiv@users.noreply.github.com>
Date: Tue, 9 Sep 2025 14:44:23 -0700
Subject: [PATCH 3437/3949] Make secrets global and init on first use.

This allows all containers to use any secret declared anywhere
in their placeholders but they will not be generated and
written to the configuration until they are used.

Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>
---
 php/src/Container/Container.php        |  6 ------
 php/src/ContainerDefinitionFetcher.php |  8 +++++---
 php/src/Data/ConfigurationManager.php  | 14 +++++++++-----
 php/src/Docker/DockerActionManager.php | 14 +-------------
 4 files changed, 15 insertions(+), 27 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 77858283..baee1c00 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -19,8 +19,6 @@ readonly class Container {
         private ContainerEnvironmentVariables $containerEnvironmentVariables,
         /** @var string[] */
         private array                         $dependsOn,
-        /** @var string[] */
-        private array                         $secrets,
         private string                        $uiSecret,
         /** @var string[] */
         private array                         $devices,
@@ -82,10 +80,6 @@ readonly class Container {
         return $this->maxShutdownTime;
     }
 
-    public function GetSecrets() : array {
-        return $this->secrets;
-    }
-
     public function GetUiSecret() : string {
         return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6809650c..a404e3a3 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -239,9 +239,12 @@ readonly class ContainerDefinitionFetcher {
                 $internalPort = $entry['internal_port'];
             }
 
-            $secrets = [];
             if (isset($entry['secrets'])) {
-                $secrets = $entry['secrets'];
+                // All secrets are registered with the configuration when they 
+                // are discovered so they can be later generated at time-of-use.
+                foreach ($entry['secrets'] as $secret) {
+                    $this->configurationManager->RegisterSecret($secret);
+                }
             }
 
             $uiSecret = '';
@@ -320,7 +323,6 @@ readonly class ContainerDefinitionFetcher {
                 $volumes,
                 $variables,
                 $dependsOn,
-                $secrets,
                 $uiSecret,
                 $devices,
                 $enableNvidiaGpu,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 257e69d0..ceae13d0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -7,6 +7,8 @@ use AIO\Controller\DockerController;
 
 class ConfigurationManager
 {
+    private array $secrets = [];
+
     public function GetConfig() : array
     {
         if(file_exists(DataConst::GetConfigFile()))
@@ -50,13 +52,15 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
-    public function GetSecret(string $secretId) : string {
-        $config = $this->GetConfig();
-        if(!isset($config['secrets'][$secretId])) {
-            $config['secrets'][$secretId] = "";
+    public function GetRegisteredSecret(string $secretId) : string {
+        if ($this->secrets[$secretId]) {
+            return $this->GetAndGenerateSecret($secretId);
         }
+        throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
+    }
 
-        return $config['secrets'][$secretId];
+    public function RegisterSecret(string $secretId) : void {
+        $this->secrets[$secretId] = true;
     }
 
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index f6ffbdc3..d46bc5c9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -221,10 +221,6 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        foreach ($container->GetSecrets() as $secret) {
-            $this->configurationManager->GetAndGenerateSecret($secret);
-        }
-
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
@@ -566,18 +562,10 @@ readonly class DockerActionManager {
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
-            default => $this->getSecretOrThrow($placeholder),
+            default => $this->configurationManager->GetRegisteredSecret($placeholder),
         };
     }
 
-    private function getSecretOrThrow(string $secretName): string {
-        $secret = $this->configurationManager->GetSecret($secretName);
-        if ($secret === "") {
-            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-        }
-        return $secret;
-    }
-
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 

From f87bd7ae450785e909ccbe65f2b2b55d24a4d600 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 04:21:22 +0000
Subject: [PATCH 3438/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.8-scratch to 2.11.9-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.11.9-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index abe8dd7a..88a9cd1e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.8-scratch AS nats
+FROM nats:2.11.9-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus

From 0b30904c91f4ed06acd1bb8573465e30957e236f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Sep 2025 04:22:25 +0000
Subject: [PATCH 3439/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.1.1 to 25.04.5.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index f86d2f61..6438a186 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.1.1
+FROM collabora/code:25.04.5.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 3c8b6a0f3f7e670ab2ab0221925ffdb1b6e1d143 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Sep 2025 12:03:40 +0000
Subject: [PATCH 3440/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 236ab444..83bc1ef1 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -255,7 +255,7 @@ services:
     expose:
       - "9980"
     environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
+      - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}

From b95ff056e0cfd6448f0f2151640beb6c7b3a043f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Sep 2025 16:18:32 +0200
Subject: [PATCH 3441/3949] nextcloud-entrypoint: adjust some details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index ca28f684..fc047105 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -198,7 +198,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         echo "Initializing nextcloud $image_version ..."
         rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
 
-        for dir in config data custom_apps themes; do
+        # Copy custom_apps from Nextcloud archive
+        if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
+            set -x
+            for app in "$SOURCE_LOCATION/custom_apps"/*; do
+                app_id="$(basename "$app")"
+                mkdir -p "/var/www/html/custom_apps/$app_id"
+                rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/
+            done
+            set +x
+        fi
+
+        # Copy over initial data from Nextcloud archive
+        for dir in config data themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                 rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
             fi
@@ -356,7 +368,7 @@ DATADIR_PERMISSION_CONF
                 read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                 for app in "${STARTUP_APPS_ARRAY[@]}"; do
                     if ! echo "$app" | grep -q '^-'; then 
-                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                        if [ -z "$(find /var/www/html/apps /var/www/html/custom_apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
                             # If not shipped, install and enable the app
                             php /var/www/html/occ app:install "$app"
                         else

From 1e77ea27f0aea39f4795459b4ab55e8bd1768641 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Sep 2025 04:19:40 +0000
Subject: [PATCH 3442/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.1.3 to v1.2.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 02e9344f..43f1ad90 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0
 
 USER root
 RUN set -ex; \

From 29ff04f5e6c21ba85b36e83f7c196fe09cfe2cd3 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 12 Sep 2025 08:36:44 +0000
Subject: [PATCH 3443/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 554a101b..1955ab2f 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.8
+ENV NEXTCLOUD_VERSION=31.0.9
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 7b23b48cf866294fac3db8a06f863c2af0dceba3 Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Fri, 5 Sep 2025 12:11:54 +0200
Subject: [PATCH 3444/3949] feat: add community container nextcloud-exporter

- allows monitoring your nextcloud with prometheus
- listens on localhost only, but caddy integration is available
- You can create a Dashboard in Grafana to visualize the collected data

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
Co-Authored-By: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json         |  6 +-
 community-containers/caddy/readme.md          |  3 +-
 .../nextcloud-exporter.json                   | 35 +++++++++
 .../nextcloud-exporter/readme.md              | 72 +++++++++++++++++++
 php/containers-schema.json                    |  2 +-
 5 files changed, 115 insertions(+), 3 deletions(-)
 create mode 100644 community-containers/nextcloud-exporter/nextcloud-exporter.json
 create mode 100644 community-containers/nextcloud-exporter/readme.md

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index d5f72cb8..0e78175d 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -23,7 +23,8 @@
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
-                "APACHE_PORT=%APACHE_PORT%"
+                "APACHE_PORT=%APACHE_PORT%",
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
                 {
@@ -37,6 +38,9 @@
                     "writeable": false
                 }
             ],
+            "secrets": [
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
+            ],
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
                 "apache_port=11000"
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index f9b5a020..56984d59 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -10,6 +10,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
 - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
+- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json
new file mode 100644
index 00000000..f9159a36
--- /dev/null
+++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json
@@ -0,0 +1,35 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-nextcloud-exporter",
+            "display_name": "Prometheus Nextcloud Exporter",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
+            "image": "ghcr.io/xperimental/nextcloud-exporter",
+            "image_tag": "0.8.0",
+            "internal_port": "9205",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "127.0.0.1",
+                  "port_number": "9205",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_SERVER=https://%NC_DOMAIN%",
+                "NEXTCLOUD_AUTH_TOKEN=%NEXTCLOUD_EXPORTER_TOKEN%",
+                "NEXTCLOUD_LISTEN_ADDRESS=0.0.0.0:9205",
+                "NEXTCLOUD_TIMEOUT=5s"
+            ],
+            "ui_secret": "NEXTCLOUD_EXPORTER_CADDY_PASSWORD",
+            "secrets": [
+                "NEXTCLOUD_EXPORTER_TOKEN",
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ config:app:set serverinfo token --value %NEXTCLOUD_EXPORTER_TOKEN%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/nextcloud-exporter/readme.md b/community-containers/nextcloud-exporter/readme.md
new file mode 100644
index 00000000..3efa6257
--- /dev/null
+++ b/community-containers/nextcloud-exporter/readme.md
@@ -0,0 +1,72 @@
+## Prometheus Nextcloud Exporter
+
+A Prometheus exporter that collects metrics from your Nextcloud instance for monitoring and alerting.
+
+### How to install
+
+See the [Community Containers documentation](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) for instructions on how to install this in your Nextcloud All-in-One setup.
+
+### Security & Access
+
+**Important:** This container is configured to bind only to `127.0.0.1` (localhost) for security reasons. Prometheus exporters typically don't include authentication, so direct network exposure is not recommended.
+
+#### Access Options
+
+1. **With Caddy Container (Recommended)**: If you also install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), it will automatically configure secure HTTPS access to your metrics with authentication at `metrics.your-domain.com`
+
+   **Getting Authentication Credentials**: 
+   - **Username**: Always `metrics`
+   - **Password**: After deploying the nextcloud-exporter container, the automatically generated password will be displayed in the AIO interface. Look for it in the container section below the container name "Prometheus Nextcloud Exporter". 
+
+2. **Custom Reverse Proxy**: Set up your own reverse proxy (nginx, Apache, etc.) to provide HTTPS and authentication. See configuration guides:
+   - [NGINX Authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) + [Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
+   - [Apache Authentication](https://httpd.apache.org/docs/2.4/howto/auth.html) + [Reverse Proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html)
+   - [Traefik BasicAuth](https://doc.traefik.io/traefik/middlewares/http/basicauth/)
+   - [Prometheus Security Best Practices](https://prometheus.io/docs/operating/security/)
+
+3. **Direct Local Access**: Access metrics directly from the server at `http://127.0.0.1:9205/metrics` (no authentication)
+
+### What it monitors
+- User activity (active users hourly, daily)
+- File counts and storage usage
+- System health and database size
+- App statistics and update availability
+- Nextcloud performance metrics
+
+### Prometheus Configuration
+
+For **local server access** (if Prometheus runs on the same server):
+```yaml
+scrape_configs:
+  - job_name: 'nextcloud'
+    scrape_interval: 90s
+    static_configs:
+      - targets: ['127.0.0.1:9205']
+    metrics_path: /metrics
+    scheme: http
+```
+
+For **Caddy integration** (secure external access):
+```yaml
+scrape_configs:
+  - job_name: 'nextcloud'
+    scrape_interval: 90s
+    static_configs:
+      - targets: ['metrics.your-domain.com']
+    metrics_path: /
+    scheme: https
+    basic_auth:
+      username: 'metrics'
+      password: 'your-generated-password'
+```
+
+### Visualization
+
+Compatible with Grafana for creating monitoring dashboards:
+- Pre-built dashboard available: [Grafana Dashboard #20716](https://grafana.com/grafana/dashboards/20716-nextcloud/)
+
+### Repository
+https://github.com/xperimental/nextcloud-exporter
+
+### Maintainer
+https://github.com/grotax
diff --git a/php/containers-schema.json b/php/containers-schema.json
index cd746ebf..5ed57e34 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -81,7 +81,7 @@
 							"properties": {
 								"ip_binding": {
 									"type": "string",
-									"pattern": "^(%[A-Z_]+%)?$"
+									"pattern": "^((%[A-Z_]+%)|127\\.0\\.0\\.1)?$"
 								},
 								"port_number": {
 									"type": "string",

From 2ec1a7173b379706fafaaa119e91eae31d68a976 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Sep 2025 12:48:45 +0200
Subject: [PATCH 3445/3949] fix detail with initializing Nextcloud

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index fc047105..25d549e0 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -210,7 +210,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         fi
 
         # Copy over initial data from Nextcloud archive
-        for dir in config data themes; do
+        for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                 rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
             fi

From 150ed0840a288fdb8d03b57678cd9a46a6b9c93e Mon Sep 17 00:00:00 2001
From: Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
Date: Fri, 12 Sep 2025 14:48:56 +0200
Subject: [PATCH 3446/3949] Added the section Removing the reverse proxy.
 (#6854)

* Added the section Removing the reverse proxy.
Signed-off-by: Verhoeckx <j.verhoeckx@protonmail.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e07a54c8..68d56e6c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1048,3 +1048,22 @@ If something does not work, follow the steps below:
 1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+
+## 8. Removing the reverse proxy
+If you, at some point, want to remove the reverse proxy, here are some general steps:
+1. Stop all running containers in the AIO Interface.
+2. Stop and remove the mastercontainer.
+    ```
+    sudo docker stop nextcloud-aio-mastercontainer
+    sudo docker rm nextcloud-aio-mastercontainer  
+    ```
+3. Remove the software and configuration file that you used for the reverse proxy (see section 1).
+4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options:
+   ```
+   --env APACHE_IP_BINDING=0.0.0.0 \
+   --env APACHE_PORT=443 \   
+    ```
+    Do this *before* the last line of the run command!  
+
+    *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.*
+5. Restart all other containers in the AIO interface. 

From c241ff57fb1e7e00ddea44ae76fff63dc5207388 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 10:49:57 +0200
Subject: [PATCH 3447/3949] adjust traefik docs

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 785e9ace..fa4ea563 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -678,6 +678,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
+        transport:
+          respondingTimeouts:
+            readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     
@@ -765,9 +768,9 @@ The examples below define the dynamic configuration in YAML files. If you rather
     entryPoints:
       https:
         address: ":443" # Create an entrypoint called "https" that uses port 443
-          transport:
-            respondingTimeouts:
-              readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
+        transport:
+          respondingTimeouts:
+            readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From c6911a228d294522cff0da4cc70d4ec65a164076 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 11:27:32 +0200
Subject: [PATCH 3448/3949] add LanguageTool for Collabora community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../languagetool/languagetool.json               | 16 ++++++++++++++++
 community-containers/languagetool/readme.md      | 13 +++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 community-containers/languagetool/languagetool.json
 create mode 100644 community-containers/languagetool/readme.md

diff --git a/community-containers/languagetool/languagetool.json b/community-containers/languagetool/languagetool.json
new file mode 100644
index 00000000..03eb6b39
--- /dev/null
+++ b/community-containers/languagetool/languagetool.json
@@ -0,0 +1,16 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-languagetool",
+            "display_name": "LanguageTool for Collabora",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/languagetool",
+            "image": "erikvl87/languagetool",
+            "image_tag": "latest",
+            "internal_port": "8010",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/languagetool/readme.md b/community-containers/languagetool/readme.md
new file mode 100644
index 00000000..4c2ca98c
--- /dev/null
+++ b/community-containers/languagetool/readme.md
@@ -0,0 +1,13 @@
+## LanguageTool for Collabora
+This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora.
+
+### Notes
+- Make sure to have collabora enabled via the AIO interface
+- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/Erikvl87/docker-languagetool
+
+### Maintainer
+https://github.com/szaimen

From fae93b685b6fda4ec3b8a7c3d0d82ad6fa838ce0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 12:10:15 +0200
Subject: [PATCH 3449/3949] update AIO interface to allow to install the latest
 hub version

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php |  2 +-
 php/templates/containers.twig           | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8c45e5a6..678bbdc9 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -177,7 +177,7 @@ readonly class DockerController {
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 31;
+            $installLatestMajor = 32;
         } else {
             $installLatestMajor = "";
         }
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e686e3a8..f0a72883 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -36,7 +36,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = '' %}
+            {% set newMajorVersionString = '25 Autumn' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -290,10 +290,10 @@
                         {% else %}
                             {% if is_mastercontainer_update_available == false %}
                                 <p>Your containers are up-to-date.</p>
-                                {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
+                                {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
-                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersion - 21 }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6053">this documentation</a></strong></p>
+                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6865">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -337,8 +337,8 @@
                                     <form method="POST" action="/api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        {% if newMajorVersion != '' %}
-                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersion - 21 }} (if unchecked, Nextcloud Hub {{ newMajorVersion - 22 }} will get installed)</label><br>
+                                        {% if newMajorVersionString != '' %}
+                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub 10 will get installed)</label><br>
                                         {% endif %}
                                         <input type="submit" value="Download and start containers" />
                                     </form>

From c694177e277ea4ec1379c0cf779f4b3254fabb95 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Sep 2025 13:32:20 +0200
Subject: [PATCH 3450/3949] aio-interface: add new background for hub 25 Autumn

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/img/jenna-kim-the-globe-dark.webp | Bin 180762 -> 0 bytes
 php/public/img/jenna-kim-the-globe.webp      | Bin 98876 -> 0 bytes
 php/public/img/jo-myoung-hee-fluid-dark.webp | Bin 0 -> 97010 bytes
 php/public/img/jo-myoung-hee-fluid.webp      | Bin 0 -> 101012 bytes
 php/public/style.css                         |   4 ++--
 php/templates/layout.twig                    |   2 +-
 6 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 php/public/img/jenna-kim-the-globe-dark.webp
 delete mode 100644 php/public/img/jenna-kim-the-globe.webp
 create mode 100644 php/public/img/jo-myoung-hee-fluid-dark.webp
 create mode 100644 php/public/img/jo-myoung-hee-fluid.webp

diff --git a/php/public/img/jenna-kim-the-globe-dark.webp b/php/public/img/jenna-kim-the-globe-dark.webp
deleted file mode 100644
index bd3b0dafa2cda761110a7f8e1827f57d94b14bf3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 180762
zcmeFYbx<Ykl0JyLyEpFc?#=-k_r@I>x^ZaS-Q5~@hsNC<8h3Yhhdup$GqZam?wyJG
zZN%>UF%fl6RTOn9voiC|=gG`MSw>P4tp^N5Lqhbk`e$xUI1msJ6yWCr3B(QtL<I0z
z+6w^$1k|2<*m-94BkPN=IFz|ZqC*@nDJAik)N@wwx9APBkE>7r1GWvqjqCs4_1LI7
zj{10v{ui4f1m*jV(7$h;CQ}*z;=+G*ga0_s6g%eqI{2@*WU98!{}A*K2Z%cVwUzWs
zUHkv_z5lt`JnMgdu742sZzo4lH!lB6=K#fy{&&Uxxt^zw??03Me_Q;YX}072e(=BB
z|61UGE%3h<_#bP5kJB5%|4$*-Gy3b(e}K*ZgaalQx8DB~Z1~SW@}C3QKS~J>{b#uL
zLc98Z&Uy4{zx_MRr3%yicaW=d^y|Om7XRTSCbhQxe+qPepX?;Knv45y(hfzb<bSYZ
zGK%IuMe}xS?0>j!(EB4`|KH9eL-HT|Cu;q_`BSIMdEfuTYsm;i|0H%VMh&+AQOFA!
z`+rS^{!7yGzZd)~3+VIOsSh3qX7B`|Y+r2=;%+R?IcRN|IDGfSPG6{g3tn9P;W4}~
zxG-sRhcLip;)*p|)ImLBO+RAJ$3Jy#)w|{D$SpYF4h5`Bh`%;~flM8tWP;LyAlt(T
z62b+DqACyRt}^&+yX!OxrTKr{^nEA<2z^j>v>d&BGPJ(k_*l<R*%<eJ`p}PBfqnnj
zd6wAHKWWPBEZMwx`GS(w_yJx3{*DaSG5+Dbggv42LZtrs?8!u9{J~Z9>Dm+UG4k<|
zaJArFwefY02l;X1_2cY?@4R(L$mYZNRsU9K#oPBe`{TghyY=H{?&aiN)Wi1U>9p<{
z`nBq{GyCK5z3U_NgY<pljqGLN<YM+h*L%;Cz?<p)<3;I1e`jz$`Az?`&_h<1VAIF5
zr!fCzC$Av4P>1)@Tj%4acc*v!kA-vOF6fUByQ<AkAJ3hy*dGrs`WE_d9}Dj;rJb?f
zpC+p0ywf*>?>?s8azCniI){Z4ZsA|UpP`@Zc$Z~vwLc5Bx|>YGUl0;JJ8W&bM#Jeh
zK6Ux%Q@~+Rf6fsNgu|e^wF`}JTB@_#@_~a^F@Ct%loey0F<P?1qSvf3v%+paX7sc9
z`%>z6li`*;$2ue6&zPP~3x#~CYD7QoL=Vku6M{^J<0<8Y+%m%c+*s^QW8sa<MUIo{
zL-lVtT!tKFI{A!2@}<}!oPSOQyi&z5ra&#`=$cq6n>C^74$V&;1l~^C2q~ZF1;EH2
zm!l91_j30)SkBa4qfD_U!JvFnK{~~k;;xJ)-EIj)uZu`!1quy95rw#9wm0bZhk}0$
z^ee3v2T3TCa5LU}P3`z7=vpmnEf4tg>EY5hNI@xFK1{ym&qM#E69TlYLO1o#j9y76
z2sjillrS%1w;IdoIYOX*Q8jPK&K25?d1<0pf#F#6h_ik0IgCL#pYuNff6K)zYy$e{
z9${-}n3}}GYS9gb2#d4FHMAINc0^LIE04myU=SP!XITdsySG4{3_*Cf?`<xLhf?Dy
z<&9%RL3foUq0Ye(-GZY+@p8xUfA^Q?vlMPeFeTRF?MG8#PN_OB0!`%1!^OUt&gbdx
zAoc=5w=c};SH2JU^VD&ekFk557jb)}L0Er13mk@ikx-$$aWoOX8+bHEINPB~U$&0V
zwuZX0W@6}|E1KOB!AD$6xe$9i05O$dv(|Qp5_l)ma+5>KhHP*A^GyQ4#X$U8I93U+
zdfipH)e~!<j~%2~((lqfpd$psl^1`1woFXlHkOlZk0Rm<YuK@4G3p0eMzh9fRP7C<
z#*;l@_1yGgqtol{6;{w&%@K(zozvzRA+OsP^x!qo53SmKOP+@ExuOBD!J2O{!|0vg
z4jM;%-O@jm7K6HUT@V9kNMBful3jKz*l=#LZN#b|`Kf(P-zBW)kHVn{YieeLPED>Q
z?a9x~oI*YZe@S|I__KTAGc+*;TSDf12Zqca!$0j~9o6`pm8n<gY&+HC^ZMIusc9zq
zK~OkDM&1?4o^qH{EIh(!+_GSuF$?!y8JReYO#*dY&JH^1K1POKzx}q6svdv{0UGgB
z*cbGU!p1jC`nap?S0|ICboaCw^O!Kn{?_AH@$!qqp?alBNJS^YBxukzZ_;-_8yGo!
zDqrI=fiuq2TwbyIv6>sk2d+UE30ACnb8`u5JrRp&AiO4HPJIfi;hGckX-Tk~b*w3*
znVk{rp6*vF3@0xfYX*ZVDFULrb2KNc_%QB8Ki6f2i+%!QUc2#^c2u)c8(4arLO|}P
z6nsdCSB2&xaNnTGnEj<>r6(lYbm(S>2vQ`fR|oL^KXIOSrg@2p@iYn8#1*Fxc1ARg
z%G0pfG-+iKD0C|UKUN(;C8o8JfbFgtuJN9sRI}A}SAo2fXJawK`wCh7IY*Mx6X-5}
zo?kXgb!Ov0hc3<HbJ{*opW5Njx*IDa5ifmyz+{`LyBdsE)XJm+P4?3BAN$$V+~9wx
zTvUxuGE42%?*j>=RP=mo4AUPD9zZXBWX~g>95mPwlB@93FM%P_>AA@BQ5K7Jw?n8d
z<4JE-!oh>t(eY?a$RfRB_j8}q-9A)XFTl8Pkp2gYX!z3&WiUrQpTb{@IJfKv9t@^h
zq&o+;o8!?;348m?!}S#*T#hV0Yp5A(Eg&+%+3YwF4*lf}Lz5O~sgjth{pS>mco{ME
z=V13S_IGoXYGF@+p^x2wi|IBDX_g57O{OZj>R@bX+(8#H<LSxAwl?zvd?c!Y32gR#
zD{G_{;m@T6VAycV+NNd=Uu=Pz1A|Pv!D`+mnn)~5(HpKj3C8*=9E(#tlQ)Rleyy~Z
z6#uNyeF*bJlz*}FP4SYos-PaPT?hUA%k0Id`UzASg0)}|-VL}jxHpt&)Lj4R2WWaj
z{=*ugm9f0eGd{V@-5_Meq!SSnEiZF_Z)iz8CFyD!f<8z^a;$#C%`B^z11i$VSZF$T
zh_H_v(EUIU{hOoe%+tUi;7Yr}AYlG13pH-G@<ttD`c<aW2zR-&s}vCvBw3r}F;3Fh
zf`}w5W|<s^!O%tqzR0+;jyPk?9c4sGq3-rN@eR9NJ=NnejxzNIMU`)`bmMQr&Iwy9
zoi^t$&m<0OGVWKb@T#6KZjod}G5TBN<cBVRgm1F8--T}lXv*n8bX#1Km2;qo{?g&!
zRDrD<(^vYFI%*>{>)ZAJ1{VhQ2e^j_Q57Bg?mbm<8!NgnFyXKJPSWvL-)k%e8_;;y
zg?5^EGY~$h_V-++8qT{U530eZ<{xD*^rd|bX6MuBPI^SmQZ;=82x%*}!#F3x%@Hju
zM%bfVGzZ(=9xpWyhf-`9cBydlwoBK+c+CCfH#?cf;eN_Q_5aY0qzahT?u`GWHCvJF
zD0_kxPMaGp3}Y^HOr?_n$^tbbY0&+b%aTC$5J!DSlN({dqIg;WDtsw7#B$;gSi)}6
zH}`nIwMA!5?R0hDsGAp?N75Gh(ni!LArg>e=T*ZK?E=wp_G}n|S2Hx6g|ps!G-6j+
zkBv@mFvUNx3QXqSGYm@q2AUYuO0BSe!fT9qaW_V>nx&m*b;^O}c%@zKK?f$8=qKoD
z#Bv(Ne%G=Dl;;^B#r`BJ@RX>TK!l~&Ypn}#nY#?Yw`J}xs1#+oJa4)7U*E&h{^<vr
zhkzATV|mO0!Yw&ogHs<$$%UC5VmKaL-x{m~*MgfWmRvPQt?>2n+VSsv3WKtcQUgr(
zG_{n$jG6oqb43c7ywS_3U7sY*NV<`hIX~YcHcDdjEH{Dm#6inBFE`y)$V#}b2~I_5
zl0BDV@F#Cs_5eO-2^vS1*hCE7uBzECK4QP}vXPYX1tQy@PjIdCyWV&c@w;L=<oty6
zUai#sl*oMNc$64Mp(EYCP5$5^cb|J;frKW+zryJRHOc-bq}9~_kObLowYo7aNrp-R
zUZ+oE2!yX-o7;6LvUd%-GJ3<a2W|47yNpnaad{-Z<;$Nsf%PyP+rPm`R%p7%YMe<F
zZ?GCcrE1E;$>yxsYi!4^$&zPj4<jVr#AUD9Ur=Z5lK_G356VGI2Z`$@vf?ceW%5<;
zY0Rl0&9HRjzC3?_BYuw&4k*Ww!1aehz+ncm5R<>C$lu4QKuGi1^saMiP6d)1N~Yj2
z{?gK;VHf0X^F{g_wQ;XS=cZw~H)#YNz0?(u-%C&5LxTkANQqm&lDrT9{Dec*Y{cyx
ze+T!PQw7*Zuu<42OvxFRCoZU~V8LOxT(`UghH3xlSdFJZ^&J7GHE%qd-S$xADLxoE
z?A6X-Occ%T(k!He+`(UzXN`Wbegzm&Ue#mirGEm=5#1=@^~R}ozjxbRj^wb7dv!Vf
zdr681(n!7yqUO-_2Bw#!G|1HlWWl&SeJ-q+wwW4HKRN?j;U&A|QWu=0L8Unc<MQ)<
z8}oNoTnW&0@MBsdLMP@6xvU&BuH-?i<$%|1>o#z<^3BucV}pj;(`pjv$jf;B!DtA1
zURDniXP=xOgl(=sO{@NVMH2xj07;c35&};|o699xOX~IL2Hk3_ERISXH~wV6N;NTs
zIz?4HF(2#giRpR!CNcQg45e(QpZq)V<HmujGo@-I*{)PHVN2$Z)e+-u*0yuQ6oL-4
z<9JtRO&ae$P{Pp?)>cN7mf&+GDN?;rP5>ZAHJn^_ijD=T=g2)xVU!r8CG+88rxKb(
z{Tlk@lo{0OkC}kR6E=?K`eRTrNuYzFS*wK`LQz-l=*4_hy~_y54ow(_h-bECI<SYm
ztt+=0->*2`&RbG^#V(GqvNt~WBBZ5wjEB#gE=+Rljo&zRuOl^`sI@sC8!kDZ?h)+6
zsD%a*FKL8>PJ~yTLo3&t@<DegfqFXSMnh}@<DBxk7wNPZA~O09v-+FwyuHLZesw%r
z8u*(FK6{7`Y~+hju;j3b1#dr7sdaXxvTp@$1!CNONF=2`FPioCR-`p>^D!DL2P86|
zc3JY$dqm}Kf{*_e2Gwmm2W8(%(Y8QlOjaHHoFnmUqu5JXpl~4(Av3%Y!TTKn6BK8F
z8!p9Nb0D^q&Ox|0qa||>$hw~JNb=%=kp33~{A<@8GP<)LhY*8I#P5d!{Bpf?&EV`w
zS}b8V3e*mmI-?IXh;7$NJWq8tB$tVHpQ8!=D!#XD+s~wse!(~~=4u(QS_4PImpf=i
zrS0=mjJmlnGc<slG4p38QyU)Fv<leq&fAq?LfUyrSOy0(=+2-Y()CjajBv6kL7xCP
z6eVep%E|0V>ha&H-RiI1#MJ@lI%1|somnqK=i<EQqr41G5kRAQku~-Hdt<kv(mYfg
z3?<M<AbRINs1n)+WDi12PUZR%tpQ^7`U{^8;p@XNaG5Wd?uO`soi|WhXmCY`$BLMH
z!PLH^P9M9mhFT8Q%|#)ZDqs;*uLZ4BN)u2tWuiU?vNMaS1<ett-M9=tke7rKY3<V+
zLmPTDNPAoTsg(ZmTp^S`p{kmlzj!$c39Z=)SexR~@lZ(%PEe?o6_o<=1@nlmZYWwY
zC3x*VS#kg3_%}KGKARRQ&@Tu0MGFlR&i-Z-KS!tIJ$LU2reS|lE}V*I0TRUcC031r
z>;Wzb$HibCx^R%CmI1@!hp(H*>FJnGTW6osY;UJYcLhbNS{-ANo5v#*(qCcK#q0tM
z{Ub9VYa}aJYl@+D=WGWE59iMXroDc<Z!OX5&iYk1MhBU*<bV&>LpUL+x>0QCB7Cv>
zIPeocZR{FFCk7ywh#UHK*bO2YQyYU=LHF>q)Tj^o_0&hY^tUvqnB6!3;0=fw|9KFp
z1wDW%=p6@OqYa-`wYMo|>|1$DKI}%=&}MIv=uX`qd;#(~;BN2Vzp7KZO9EZw1=4Y(
z2qCn1tpiJLwzFy49zd5wxvU!n<_Ht-lG3;@i8bm+2~LysozNoml2wQTz=2sgC3+=4
z5Fj>r{~&b>tRhL8BOA-;K10;*lPst-ISHw@2^~Dm+N%*rxumO`u_+n|A~>G1uUo)a
zAM;5)#E4FH<Y6(D;rxXI^gzDC&D#wvu7D@9FPrK6!xb@6wYduBSFPl>CpSdrRJ?Hs
zv=v<)1W67+$jRPtS&WjoWc;M62oP~JBG~pmN6&oTa@8E-4FF#^o$amNg%E8~S2!GK
zPAwEC)-WTc+6p#RI6MODY?aHW2J>AucT*2zE8!$wW?X?COTGDH7iR}Ra_C=0EC+8s
zbPPE`xv>!5VtgDSt9ZHXYQFjC#isq4-Mh__xfw=d>n%4Wo!E~FU3%|YoVNk$`7F}p
zAO34jw*&j)q;S9lgmO|6yOkzZyWJdRQhwoQ+1+z24sNNSP?&D!%}Tfs&BFc^IcE90
z7gt#0UL{9VqD6czSD>mbK3`Y*XOEa90%kD%n=4}`UoklJpJqVxzM8FegQZ|yVUCcy
zo<hcA>+VwArmwg_qT;V4!bAm!xsthKuAcQqr<5_VDOwjjfIt%;BM>#DPH@*9sUA!h
z5U05SOo)?W!D%CAXRg&2&Rt6?G(IR{m?x}lOHQ!KX5J<bWh(xS^U#t?Bqub6d#}88
zvT=d$tr+{L6<k7vfV4qi=J^9BgcLN*9uF6<dgd_UuHNI7-&vDQOrViysa_NU;nTp@
zLgE-+yP6{lPD(9WjG&gBT?J}B8?K29$cL-}&7AKEEYn^qi0lhd&ifUAbAqiH%}ABN
zg>k(QF-p>Pnjt*MmCS@Hu%4J43lw!~4+$e*S!{f1nP7@UY4W4jJS|7)_(C~)3#{S;
z8M%N}d4?HL+Dfy9ro4-3^U3Dq`5Y=m3R|I=q@JkY8a#V8mVd}m=FX!(BtwLsWpy9i
zX)D1=nQsXAr>}NF)k8;H96eGSpsUn?jZzlx7Q&iY+)MffJ!hN&Mtyk1`Js)`CB+NP
zp!K$)6c?oq;<N2xNz($Dvb?<6i*IzZe`6RLXb?WW*+dF>3QGTy4afF}RBRB|I_t%{
z+7ho1Z1C4*B|^f~FNK7AYXu`zLJyx?@=KYWt?wK}a9UE)qm!*^Ft4>JtFpen<g?xq
zIKk(DKKuGTh?;Ko0;EMm!2<z#oGiailU0zP-u*&cz56e1CpPsq0w}+mngs}5O8+8|
zTCBb0V>CsRPlp~-GOOBR5aLc<jj&;0A98KY?t?X_Zv4j3)Z<d0Q&&i`X&B$))dfPV
zef@Azt(|QAaCQ>3&x5HSo_J#BcER(u<lB|xDnkXZyPypn)LXP*Mi%+Od`234hPufI
z3{%oVZI0Swa!;q(0YYkuEM$UX!<Fo{q_o;D<IkCJ5pSe*?3U#vA@mDU04FKR?hBrG
zsKJZ6*lIB3;fB758wkr@_`L9?Cs6Qt;TNCC+931};){*01gVU2pgZN>6};74q=CGk
z;^>N8xN?Dtm<T@NO_5St2f6F_Z(em1X$6W67eDPa0B(!om>xY^_3CXZtB44Ooj3iW
z`w(3DgkgG(>U0=}H<Q@h3<KP}wuK;sUy6H+EXTy}r~(~ba`luib<|MO2+sM*Sm@po
zUJ3Xa!7A6v%Dcl)T|~7`yFO!vI5aw~+##0yN3-5cz=n&{=lr8T42s{a83r4BK3RnT
zH2`)}eTlZ`aD9*Hv}>$Ot9=D~$~i)m9EFiyaT4&=h#%T%5toTbIk)W3YKd!;NhSCx
zNZTL(5utyF*CR69P5M|}UJ}X5VpX%*^9fvsDkU@Zv&5CKPZTm_jAuu1_|&=3lH&Pj
zaRlzb3LQrjzguUtq*k4o28-|)U@;6&IhKU6o#J9Dq)PwP+kih#jMOQQd%EbXdhg>=
zEyh@CDmluQTS!<ym?)0X`&TZ;rC%jXNm663Av^oM2jG)0a{{%M7Y%G_q+JvA2Pt23
z0R=!2X(Dp1-cR$AvB)0H@VGU)_kh0og8N0bedprQoCnxlStowfFG2GSY4Nnop!h^Z
zCQO48bJ9@)TNiFWnTPuWcgX%GER)WwSbOljx=~I;^UKNK5*oAgVO<x$JXjcK`RFQY
zaQ)Pe9cl?oIJ7_grEA+nYl`5jSH#4s6|cF=^UDc9Fnx$bOHuAvW7Co%g{wOaYq;8Y
zoWM^mkU{`kMn<1xE?N9U@rC{#>M(6xagPHtDZ8C!cfiz~<+rbT-eP-Z;defvn(^d6
z9&^3AwCBJ6tFJO#oHn}^va++zoUW|a8YoIXqPVsYa-J+7Y%wTJ6Ko-vkb}Wa5lQ($
z8^7!WZM&v4<w%4SLbG9~$KLuw>{$Pv7Axv?Q7bn#l9*&d56fP$+yz@o+$vXItwmXW
z0hZvzQ3@=~IoI7+rAAU8mB~*OHfpRpqXOYUe4`^jAe;qhq>YMmAM2zV8QPG>e1hL-
zyfX-wyT+5(PvcbocAoocC)5;SXtv59XL_~*q7JGWiZBUgI2W06ER~Gm<tn8$o?xtS
zZsGgKkHOjJ6nB$Ssjcw^)n9yH52D}@3h#5Dno7C#1lto?0@8JS*T9ej<jJp>BxG4z
zncxYG0@gNJ+payG7U3(W+MzS)g5(!f2NX+!y@s8?8=PneAlsnZJr!qS>I_CxiD3R+
zY$fg$pBDUZj)w?FJnCpU`*}WYK~Y@lygz`18*v3%i>NBrj-CB0{z8ddCh9Hj*l_t5
zy->I-{V($xux{=Oaxl!y#+2)fHk8!)p``>Ax9EGqrKHhDW7gf>*M#zwa#4YkwLOKd
zN<x;A-;FG(xzaR3gGQHPg7$T&E-eHh?)=iOxG8Wmj41;-mcOV!7aYg^=_7cW04Eb2
zk6C%z?v2{p;E-iS*ty2sx`S>mRt#IqOiTK+W^}UzPPoCQ)4YZ5;vyT(H6NeUtHhg3
zA#9?NN*7OeKDLY!jI=1gVJmzl@w-vBBVc&+Suv7<U`c>AmvtNkDo~}I=@hF{!GaWF
zJg$Bd)l!gom8DEJ_DdK|98_$*A*CgyhnY)HJ|e_N^2^&RMrb@`&0zWy1p0771Cj7X
z;S0Al28xIMa4+~554Dw@*xfMPLSBfLt>zFQIb2V$4*j|;nGY~F=PT6td0G-dvxc@7
zcWiJz)}>eVg)|!KTrcrcOUxZDK?+|(=DJxcGaHA2J6S8DE-9;S^W$dXlB<{2LM2-(
z%}`Z3uDtAR2!QYRT;1nYuR9v=+kxxTH&DLHdsaSR3iU6xW5lVk^o|RJR}jpIEqN(6
z)9WX7MRKtTRagpH$v)p&|4wVTlU|(@r#h^^%(UXRag+OS8|9D0ls})6;;cq5y4ji4
zDQ;Tl2#e~Msj0ImkSUoraAE0I+abB<_#g>p7wWu<pihCkw&u8aEzA?hwzZ^!EMTMB
zU{CBG2|cy-8|RAxTgps2t#S?-bOW*m;HNEVARx>@%1XpJ=+9W8mO~JfSoMPa5h9fV
zgMrvE$)DoK2_&I_Y>GRRTanX3`|QaIfjY7C9W$1LT1qD0*CnHJ=JQs^0=o2IL>7{U
zEmUJO)!yMroR)E%owe~q$V1BBV~^I-FR0-(lE#<)-frijy0m%q-Y70C?mlq8#cJQL
zi}C~g>Zg;Cmb!j$2kH`X7G#hBM=&}yf$1bcZrpK31An!4vxA+ty|K!cyu(t_F`8zq
z#JHKddNN0H!bl--L#~n`_U~5e8(NK%4}y<*FAi9cMvaPt9ih!ZKYeUY7rxsR8i#q>
z93C>d))!1a_B^T}jm6Rz+&*J+CzM{H;y)i7_FQS0zVToCp6wCNn<1WjTQJn)WUkhh
zBqSf!?;~<w)2J~w9aCx(>f03^Y&Sjn4D3_QkvEkcW6(uSATz6PejVq*ym1R&ufF8a
zU388aK92sR=OnPDr$U(gkSHNK<f1p9Zj=xe0IjEzzMzT>;(*Vm1GV&n#Rci4Bsj#;
zbWE%=RO@X?CGJq{{t_nLB9Zhx;cIK*b;_@h7>6R#+c0!ve1`}0w)c5*g=yK;^&Lq@
zs~k&~^b%m3dnoTHy(A)A1rONIEA)5<;Sc5<PdAx~Zn(VQjjK+Kyd7n5L|9WKe#Mj8
zr?~1)rCML&AI;{kEhJn}snQz(wu5xdDQJW3J==r5#}k>)JCotjAKuN)d3jXP4DX;#
zYpIEMBj0yyavF|HqSbK{=OjZ)=G)_XolPML3uq2YH6lc@D0^!PpB`QdLBB6Gi=E?{
z?#WZXzSW74-#Hjh$Y+YA$5Y~pjz4|6F&k@%4m#>ZUH;_@ut2Ly$NA07afo23L~yEC
zu%1R(?DtaJlZqO*AOf}l5PD_B1lpyLfO|;=<)qZX+v9m~CQLv?SRunG#96gBXK}^0
zTLtCG;Apk2fQf{8Z#yEP1*O$eF{LQ9kMMwpd|)neY#6f-x24EnU5{`<)fj@rd|+Hf
zDIYG2dM>{B16dlZv)Y4`fwM1HnX(8KS-z`v#CuNQndxky-p2<A$M|i{oUw#<J|&{C
z5YSc{#QvrzoNR)rXCL(GW>x@vwXxkKw#mx!Q)EyeG}Vs5d7VFD&yG0%`!lvVW!;>M
zKus}WSMO^}=G}ctqo}36>pVvF0LDRQTg#|$aZAO7KRsK+@d(lO((fd#HX)X<{6aFC
zhWOv#QoCI-d@t1N+FGHdfz51L$1?fyg<|sxyw+MVB@a#}<SsQec!81V23+~W)u+AO
z4_)>_nFp;_N*L1(I$>Dony5o9vDz^(9sYi07-9SA;&~y@pS!NCImE>x3sF_=Q^5$C
z<{ZdeAR8504yfOfamN~g$>kDfiAalHfYm@u5}VAW(X37{1=dZXmm~v$mbkMi>L_?I
z!R!8`fZTD{vw_LwSSXcA7HPS`EF)ir7&d(J^1~^{2X~{mIs2l};>J_G(+njk1#wa_
zX&Xe0vWp)RxKc@$R7C)umg3*L^w9p4V-RUq_gZ;;Uinr2W1Ki>FJ8kfbVAQHMV_l}
zt}`;A;lU#r{^ECtdnc*Wmx|_81vqU^HByzc*KvC+*m`ue*{9uEr)GMiTcCSgz3Z0V
zK}3083*D<?JORKaCgwc=`N}HEMw-J@2&sv${kzd9XL!ap#(r%Ud|5u7GwkOIrou<~
z+GDcu<>h%N_(nk9%ScM>wEIaZ`S2R^o!2B1CM$7o+H^)sinFHwJe-L?(px+&mczJZ
zeYQeGe@hWha`*hKf}MYc(|yNPbpnU1mcE;0QF}Vo*(vRP<D#GlFEiU*l%;msM!}xI
zgZ|2;yu)P{h*|2;8EGKm?4No+Bk%0@snFB8Q>q#tH`SNlRln%*=F;?*wT_JOo@xu3
zOOA))3HR22mjs&@s-`@PwHzA{0V$>mgF(uD7fjUmW7C<~?2UJeI^_e<sMB(jHaXGn
zeSD|v`Tf@oylz3FqG)9tU{Ez1Yfc$KZc1y=PTP7e(^iDl*6+Y>{#db3%Lk=2S(eB{
z$wJ*}Cq-Jrc~a_{za^*9M<F0pt-)&c>|08g>UT6szG)GX&7nqtq}LgGGH6qU6ZPL#
zkA_S7x()L!4?}a^L4^Bo67|Fv>2(O#M27$r3IBT#ccjs<eUj_O>(_2Jen5fKMiDsN
z6;hXcs-%_*DOxX8JOTzQyX>StI^Ek|>eP2A*PwAZ`%0H^BN)SZ_LcI)bMnlQ6pyfI
zzKoP68&n)3jHIumIY%*G3=n?bK)W-=fA$E2*A)Nw^)2rH<>6{z#NItf(Cq6E$zu(H
zCNB>iG*^R#m<HZElzW(GNUaT++q(8S1iOp8`tK!NA;dHxPQOoo)+m#EdOU@txa(QQ
zf(1Yy^Nu6cT6ozN(VveF88;^@As6$WEFvbWd|N+|lDy9ENyb|_mt`xXeM6PXoY923
zI-*%Pnf`uK_$bALaCoP#%?c56Ml2Ylo-Q7GfTJoLd{$E~6MNXcDEen81<!x|EU$2Q
ztIq3-HC54SUi;grX$O5t^U8kX;L=i%@H-}H9CBEC0gbj=1q&(oHxYs%6g_4Cxk1Ey
ztBUKusiusPXdxoZwCS#%62Wh(N@v&6aKF$n!BN_sIhRzcha+CWe)82WjnFI~>+tFg
z^E=4U?+&;O4N;0#9y{qCYoLU#?)LXuw_~@Qd{snoE)kp~4xAP#KFlbZO3<ZKZJ5yk
zQ4cvD*ykK*>kk8@1N&4HT`Rj^4JLI77v%S-#y+pi*|V%UpY(W1bwHt~E-L})i9KOW
z&?@&Y#*q|YYlDwA8Dz7@W~AN6HX6bQFum3?R2WUJnem8<|0~(sxLS1>0j(G7-GAuw
zx!A*v>E>u8oio6KYwnbF+*-9i%?Z+RdrN#=Ob<)!Cof;X`hZ=eS}d{1D~|dFFY%Zy
zo4tE&03u1tJo~^(PLmwbpD_i@`@;3imjl_QUV(U`F6r$b-!5NXarn>c2a5T{R?4Al
zhz{AL`iVa^v1s=PEAUK1o+K7nP$a7$0rds0BBB@-Bw7X-z#UZrrVJT+6|(7TVFrBa
z7R3HQBj^uOke}4BULuFol{O8|%RZ(a5nol1MpMNw5`pcbzW0O1%R6|@S*RS0kqp=6
zE%A37i||}qCB%DoP4|?@C3T08Jmjx@mkg%vktoX&e<oc?{l6D?2-b}bmcAdo&j$Jh
z5XIn8Tsq+?PU;$kq_z|Q_~g!tGJ*i=1ehVYY-+|-qbcz;BOt(``9*Bd1_ulZtOPeF
z{k>m3+v-a+Ot7hPFLDRCjq342v^J)@EFfNC)IYl7oU6l}XF&z&qyoxupqU&`Sq=GV
z0IG^Y=R>cAc1w7oJ)f-nx==}+?$yc)_r&vSU&{HAOT|LXDbvK|8O{;>2IiD}7zR0*
zR$ja39hI|fUvw_ix003LBWwgu%$5=u-RV^xz-%-L2@u;q+*6LC?=BoPowSiCNJjU%
zX`wy#4mDR<2${hV_wOxH>e_}j4A*mFzERB!`!b<e$)mzCsby7gL|pimaS&07LykG7
zTat{Xp4?kI{J=P>kYjA(y4q)eWRsWLw1n)>`%z%u&*mU<fQ#@^oMlYu{Egp#gAl|I
z0tW6L*38wOkf;kr80`y`{79mE!w3|tnl4*cwYz-<(nvuN;UY=(y`J?Nt7e%HXg-DT
zG?}qhLSZcdwe+~No?Jh;Y#^wzl>u#}-xM>y<5+>e2k+=Ndv?=l<Y>m4ittG|8;0uP
z7DFS_j<IWs>L5n9sEc5GvdZzW0DdmkQmk-MhheORz@$yl1ign6vY7lOi+P0x6{K5C
zh4yZw?5oNZDQtyl@5)cvFmC;?!LDpguyYrZJ!^T$5*Or8PD=q-x)hwtAdp*+KYHJ|
zyUa{Y7`OiTc{RM+hOg>AdKUZ0XY>~**(E0>bG|qcT9Tk8c-kXc05m*0`BG1U7~nge
z$yX9I_*60F;v%DCquTGJc=OA4=O{3uuFU3h3h#^CvH+Fi1pyU=ZX2SM*+;aKea9*A
z=U%!s&LR!E_pke|KBgvs%>;DoRbr%F?$0i`ay@WvbE1Lx1(3-(XHw)k6Oaqqu3>I%
zv6%%1_$;m?YM%6NNRRE@M$_mL*SfcE7)WDLMf8xfV=T|ZA8NiBH7KeR=Q#;)FEWt{
zgv&4hdjfSJZ_CyW9sc#xs&mOC!DPUX5wA3IT6-r4C#`nfGS1`@S$vXY-GE&W;Bn^i
zbp}$|3uzzBK+n8<Ra+gD;ppeRST%=5CWftQAdi*GN9gasFSk*VWs%I=hs=dUcff&%
zN|lY2g?STujq5l2$S)h~3xtRD%Gxebps@6%zki@BAdTjJH4%wOJShqL+Hzl4D!<ot
zMtxcm!X;WhZ>|D8Of0ww6(KIkWwZk9$u=&BzN~5BYi~G>*(ADPjw`Ny_I5K<6w_&A
zPq2um)w{MfU<)8b7i&=-ry%+0Oh)pc4Q<0WnxhY|ZuXV)%1_JGNZIOWI)~bj8;{f{
zGwCu>S|y8zvRi;uT5Dgqs}?7c=*X_(=-R#lF3%eZh6^ksmf(5j4sy!S6Fy~i2Wo9@
z0j9r(JG{rKOr$+Uer+OABV$3ZO~}hou(*fC#tIqEssmY~DWDS-Ry-Y3B_Zit<DK8_
ze-QvoXPN}E6IOa$nSLZ3K0BLAQa+OYmV%o6LF&8YFwB07+18CLU9I7J=s?R>Nd3F^
z9zG%e;e8EO?DsenDXA%EgG2X6fa*h_zdjaYd~)j=(dwD&dokWys_H;S?|OxHor1S>
zMs-_d3-qb}JCTaLqGss)4@@w%g&Oa*h@sISD*BgC#yBeJ_;5)*r=PGjb>uZF)kEIk
z*$-KoyiI2uoN|37e}?<mq=-hJ<EK%9M4F<nYO~;~%xXxL%^y~-s`k~@gxQc!l_a(%
z{dP$}#x9(WUCU=X*qX*&Fw5hml9S@ZaRUT~<sQ+Y6=KyVB)@q~hz~=++QujE@ICY3
zIkaq&TMs(m1F-D0(^w9t-eHbi@D_a-aZdYcTfhCV^te4j=Yu_8@iWG}6yBZ~kYYlJ
zi#^shDM&i`tptPO)p>F(F@P~Z#=nBvGoWGw{$pzVd?o0xe!91EGj3Fti^B&U08IO#
zDs+KE9f7k2pKoy29Ggo(CeYscvQ~2}c@)8!Arev7cGr5WcrGF(ed)iVkhHIU;bW}R
z6BijvXD)Gf?46=mXj$9&epTx{)`_a}Bk!}^0G~^M_*@>RrqWUbqO*7H4%eBG58DJw
z*NP8<ji(FUGUpgxo$(Ka_Q+U(-T)3L3JJ3u8^mE1cy8sdLjAe%gZKcrZ2u2;mX8f!
zmIcmWomJ0u?qqt@>HFL$dB%zWLN6zkg=A)Ix$y@Sx+i5JexzsU9%&%{B@~D<NHt(h
z(q#hv`)d9z?s_mpxmC4Om+4N-FLd)I!mBCClmXYDIlmVhT-GDN*<co=<pN9+5NcZX
zWQ`&x1{`#l1RxP)CtKhOoA_FHE!;oc7Pi_91iFhUQId#i5v0j_0SrtA6IY%6bTl)M
zzX-|C9cQ!1P`Xnds_D?>N_Hc}W?Vh($5mybjQJ+0kB-t7qDFW^ycwKWz&g^{MZ&O9
zSFnQ!6O{<B8}G8oB0!Z(0;C^df`ZJAlr6Gm)xQpC4KGapGRAFSfS=$t{UWBHMtVyf
zZcBD~kKReLmeWG97YyBzz3^$zRNGU-{-L|$sm<;vys0PeqOEfhV9#gl%1zk59D`-&
zsE-f=OV%7Qbu}cS(A7RFz}ztBJ5*ofS;y0=>A8O9s$EbErWfRN;sRx_Ay|vRw?qJ%
zl=LRm%mr!GX@fBI{H}c*!gY?2l#BE}qc1y5FiV^Q82-^UfVNzob5yZ?)53te82JO4
zVxz$mwqweVDq>-*6pv<C7&oP>jhToQLD+lT&y-SRZ^K(&jcnxTf_#zIh#u-40p=CT
z;Zc`Qu^;8Syxke^4T0-Nwu7s}DX|X(bC-}CY}B--Sz$;m14~U?>tYtRFO>rN1j`}Q
zl6@nz>AM<ZC_!Y3%u>NEhXBt#LBziLO1%hgeD+zg${@G#T&Q6<p_J(kPl(eBs0wBf
zunF*o64?yz<J>JMs8e4i|KOmSnWltN;_C8%)`hrdA$|x8*G=53dgDNbTrx^_@A#Z*
zpeOIqwGr8|8^lU_NZ};a_N{t420kN5xxbLg8>FRWv!sA7{}^>2&`!k~+TxMxg^RFh
zF|43r#+a0rN+Jin<;3oDd)YWj@Tt5HvUqSuYxS%IAg(2SlNV(8qM5H1Yeu?7&+^^}
zONeIZtMq12Y?M&072+w(tfZt{WVuRcXg?*jq{pEw{j4>+I1WjK9~f}!5HdWd)8J45
z_Jv7?&E{_Fp0EX7jX=dW*914xPt({KWXMR9MCeehITpRyN3J%}=8N!WM$uHSrZp|e
z(DWDn7*paa8C;JMa+8FeXg}7w$1wi#y*u*3l4HVV)a%`c^Op6`6&|(1V9hF6fymT|
z#&LD67zi-M#V$W}Vp*J6GU`WCc0x$cRePeGPMoIgzyIRn<63+|?e~s6&n-8=q2;<#
zLXKBbA`-0qH0DT1V-Ik7)<900iW#t34<TJ7-Yk(dA#+n|rL`&kZm2;XWOe89fDx{-
zO7ddWD?{NE(Irf+5UPwF|Cq0B9WA+-S4vxL8!3JeLYYPTcr_e9PkajE_)4k>-cDyS
zZw!%DAB4FL(|PFMQ-~aWPA4r+KV^bhMe82wRv`2=;$obPLH9EKlZkQNit2j@I%U^J
zoaTJ43*X{+&9Ws`%+YxLp36nazUE*yRGYJMHV+|axtVDgP8;a0Fu4*YR^irCB-%&T
zpVvALl3GGJ>v6-ka|sw17lUUvwma*eVxWV*owznCEf>8|;{<X~P16yFd~>yTw{}O*
z;Z=iFHe9=<DiC4VtiTr6yw4i6k->pfL+VU2UTi>A3Qirfl^9SPJsNp&RS0uYqux&b
zsgO2tOvqf%TA;q{s$*>pa_vV1P^Hr$opwf3x8|W83`39pV)0s6dDMwC>+DxZ;dqEE
z;aW)@b0*W7$XSTOXkv|oLx9cq1=`AFz{R}`OMlKpX%ZE*wfUe+pWcbGiliua$$AfF
zeDPXPpi2d5u~(xw*c8B5S;8JwOTG1YtSP7F+>xjB!_ig+agOlek@IxAj5L_y2M6)M
z6PL#6rIg*?G2oiq9`6(mmA|nV>Z;zl1Qbd!^!G`45qkqjbIY9s0KIAcif4C5ntj$n
z)8(|H`34ePY<N5%zgi4!Wq0_K-U4bo<v@d|hl;yDPfPguPpdrtR-R9qs+D7+a+T=K
z=9T;LNrAO!{J%NBfgFk=PpDpY+#7kJRXOS2mo|+TnUCF$SRYG5&1Q(&bdA&4A7|bc
zSDFmS;my?5Hz?EM;)5NWxo&L7RJ9#FUC-z~i$U_A-c>k##Xm35%CRZ{JDX*2f`if%
zkGV|I=nivggZ1ACLeXTqv2l=Lwb}jVuuP~rI;zw|)5Ecse0$kq@pCSWk$@6|V<1}t
zZj$(&qj@g!5Pe>2avjTm(}bYX+9sR&gd#<YB=&~m=7Z%!`b~lZ1U}V9_es!ZHr;+O
z34)(r4rVIzo+ZYLIqq~6Rza171wkc`ykHMC`aH`m+NgrR$2`T4NE+j9nj_Zq@S&wy
zo{HAf=rLL&Lyo@HNkt#pEZz04yzCR{LT%NGJj61TPEg@`MH^{VJ82!NpWk%U()78o
z04yo|)FkY(Esqn6Q$Go6)cgwrYmv`+EB9GsDCvp)SVzAzHT4%PxLg{&oI3WgFvNFI
z4vC`v+e#-&*W?}q7yC3(=)53WherLvO<rMVj%PyUAC0{+bypuR$Drylcj4i1?$<a5
z!FlF!Vsf3zJmjK*Y1oqybw62iGfFY4JbPv^^;tA-u&X|3*ekt!B5!+aM<SpL!qgDp
z4o#4lg$6c%PqI-bTB?CF+<l+E2uJh*?J%%ww*9hgx($ZxB}`Db7AU$dNIhz(OX5a~
z!Dp8Pa*pkfz(5gP!UT&L+0>#^hY+nXXCw8>yX+Bdw#VF0Jp82xrzY?aTZV=f@Vt0z
zEcZ0L1k-LX09))(rWEH_j|!6@TW6s~NYvkVss|P|j@NQ*cwyTY^2Wr!mDe2CIi2qa
z(`QxoQZOpoSx0*}+j|P+`=2mWdX(K9{aXC#VJc~3L7*bY12Vd%M##KYV$zrEKfJ@5
z4iFxK*p$|s1%{KckCaOfyoG2e{D|0549vX>aB_zEFNBWL1n40?D8!3b`Q<_U3%}dS
zJ76HNGDs+Wl87slQEv<~SrD&y?DK6040w`oevQ;#@Igfi)rEe{I6xaA5dcvzy`nrR
zMPcqNQ5#gqex@R#A`aj-&_Ik_p?$Xq^Dr|db}DyPzxv54*waWI(2WlA!YX}PfuU8i
zu>@GGaCgg_jZiedOsBo1LTod%v2*RIL>HE~m-4STX7DFbn4Ly_dC0V<;6ZNM{KA%z
z*mi9o0;<GA%rzayKflufcE_n7AK^P1zZt=XWzGB6;O>S?x5y19gMRXg5wzpZh;Vqn
zd3WysT6qh_3~U&eEb5aOoRbdPl8KuHVGO>Iz(JT`0tdjqpwmvhcu_d9h`?q~?1VQW
zVFwG=;%g%f-m1U2Zq^UDsh^TdHWB9D)V}JKy_Ek-4p%`GI%JPbqIlI$HSY!R1;>7e
zAyI_v@}z}@XN4VIfob2@sKzc`DD7tz_FmS=tf??@I1l9060|3AKqKJ5ezD~;a0)<Y
z>$<R8uZ2&Z+|O^S=1-bAqW26~AqR!kVtN1M`BUs9XD&IZXSL%Kv)&IJ_%r)s9yTy^
ze_ea!y1EI`@G#_@DTWZK8hH-!K;nKvPfX%EYJBd8r-e*K^a&IN7VpDQ$9HLQ*Dl&X
zsc$q?n<Ll|2m_bj<Vm3NVRyXT0nfVD+G^lFhvyqhQ(WHH(A2E_BnYajx$V~7^`Wa0
zit~({Gn2xx+WuwkVo=9ox#kqHNqaouR$L;ZDe}e=>*FZ&D=u#8mTL!}6%nhH1cFkY
zrxFhipeSow8!(aZ?vqF4)j>!MJ`e;p5ivPN*~0ptTldhUOlPkZyU<wz3Q3mG>&T?1
zK~#GYMX&{FNl<1K&6znjT@H1?ah}p45UAM)WT1Q-P4+U|ec$(dblN&>`MWx7vn;rW
zUFInjYOm$@$(yj(PX^YP)fLr#KXcB^SOg*zvM!{0!@21gO*p8ac`fJ^{A5;`1BLO#
zWH3i1+3F6=LToeA2^J8~IjQEz2PH1X4K`a*V<C4{?lXf7j@_(Jf>1RzmBm*i0R4XU
zVdmuJ!k9#pc?yT@T8#Jmx5Al;Cz9W$aM$x~z)@2{<n3w#Z7oFrs3Cf%kuD*wm6(=^
zxY1Fife<njxWK-gRuKG5W@4qhx|u57l@9hcr-860p3@9s`>r<9+%9MQC%H9q^v2aX
zU&h@mG32LgD78K?_W;Rct8q0gvARV(vMBy<>~2J13by)DYAD4CQonoGY%GhiZ;r@a
z=AmaHRinx&$NWx^V)grPibQ+Sq(gwOsxZN@&0DLC6Tn(<P6q_A;nPxioN>oDpt{!Z
zJYaf<(62yoMC0)!7b+Qkt_|J>izkcS9WA`KDR}M@fn!)I)3@ouR8TlpIGyp3C<@I+
z)%$VO0C_=~wWuWXUfguSWjVTUwaQSnQN*{pe{Y*^ua!JSESWE)7k;<ihtON%5{hRS
z8dGl;FJ;*y?ZD1$WBfG^|JA3Vb`<PG@Y84QDwHdO-8|naB1ym9O(B&*1WVltUbWE)
zjX2j6qz1b}>;|iwrs1;M`e<GG$c12-L7x-}{F_w<415h0@X*Ed#1J7q>*J@!4)_MJ
z;c|8j3aWbB4pe_J@7}yHPhPD3Ao_K6r@=eKdE{oKjl8%(d6E^_0qmql!O8+qFpbX_
z=C2f(NTezSmUJT8h6R1DSrw(|Fc!B0y~XoeZU|WOb5NOWb(5{NUz5fT>XIGg%WREK
zR7{8`Q5t<t3MZPJbt#X&-;!LiZoLhDyh#8iEjVs;RAVJR?49;1n^Fi1BfW|X5!Px&
z&Oe&aF21oTT%VqH$@VF0rg8ZO_&4(qcu1abGX6dv-IFBiazBNDrH`p+vi?%r@qYNt
z<%V{;rX-xM*`oX{WOrj29g)NZTYV|D=iobYa6~!9K(Y;qH3lZZm$So!2|59YpZIU_
z!n>OM*o^B57UPP#R#KwJpUl^Yl`*0jL7}q_LM7dX;L_1smTHDx+?8Cka1zw_^3TIs
z9W>WIqHtJu2zeOBJ3Z)_UKJ^AJ-4hoQ)BHQ$~S(vLkB$UOcPVgbpC)HFZVvh>uvNN
zy3xsU7U1Oh$S_W4TJ3r0JBpZ#>Y>S7U;(9IJ2`I}B$VP<+w|Y^fI3J<<<c6DxZLfP
zUwN*W!(2+LAUN|Rm6HRN*&GHAHbh*wC=2FrAq$RNcp54!4SF5J%xi7g6j|SqY4*)#
zy1r@#^cLJbh~AfWwKIp6#^$<(BtJiT_Qo~L1!&v)oQw@RVNQeBNmzOlu$W&@Dm}x8
zxe8-Q|E7g3M{^;;G(-7nw+vk>5N$6Slv;Spi2D5HV3=i!_IjrQAM_iktc;AjF+r;c
zy_^hj{~0n9-%!mLP<6W$?u<7v($fKFIDfH$>m~xTL7YJB?`mVK3W6LPIHx2x4vBhP
zLS;`eo;d7)C*=B7gO^B2%U{rCq{$hM3`dUgR&HTj$>zC7Hqmhr(C6m%F;uwa5_*g@
zOyiJe_%`~ko51pEv6f^lu$FD8wT+A7RbAO3^~dP>>&#kRpeq&ED0{hwz%$;(Vdt3e
zz-I?x6Q>Zto6=ss+_~(#t5oeRj>ks9{%Hgp1mO@ein`=!8+CNw6TOge<??$wE}d57
z8Ntn__q#d*IKr?Qt)Y)7jnQ%WH0n1?R9QkYIZaRw6iY}G{;#=ls}Lm4RNj^$I}V*3
zY<J#97A;ZTq*2+pUOk5fVv{@1qP-fqP-(UI$EHxjsq)hp1~h%xm1HO8`ax3ui9@(Q
zz0cF8x)3kU<AwubV0RD=k)=Ywni!fBDo{X~Ld<QQexMr1y}VuM-Y~MOEg8U{Pze2I
z#P)h~fJk`e;e1ilA2ZKIq{);h@;&kMTf3KWoL#gSPIzXfG%Mspx(MSfAh37*F_FH6
z&GULuxrwj?r+3||iUXf<dYfyffjxm5L++PVRP1en;0#7KJs_n=BQ{hZ^Jyr-aB;IO
zzjw-fjz(Hp`zsje@mAN5$bO>H@k@v4w0qYX@kC7YDS>Pp9@ieWSlHHH_<1~xPLU}7
zm{dsN33asnX1W-kCt~?Srv2U=id6M;uawxSooM8UCbn*mP?~|dGG|V-WEnWIV9KU5
z+vZxw;ak!RM|mkPLsgR$y>Lh`y(om<U%#la2&Z;wy_Vv)d_Z3tW(P3(s(V{bcZyRC
zj3Iy4*afS=^kmGo%nX)lRU`39I{!M3Lln53+0fDE*pnVXo6#0>bM`S!HNZbC9$DMj
zvkOH#G>%O!tE|_M#N4S~4DxPW%HEAF=R$LXl&-P`ahev7DT}iH?s^4i6sSPh`_WGT
z16x0?06Uxj(G*D-T}~vgEAHTwgqF%JUV%Kt4G;an_!uGMZFL!F`#ko`^Mw`rQM}4;
z8C1=;HHneELI_38UDYvqlyV&~A68Nswy(0;U5)qqoWRV;Ex|G1u!KlZddNb>g**Ih
ze7-9QKH1h~!eeZOXxt(9GrYm3zx8n;sbocJTF73sYR||(>_D2^j@w$}@rjM*%XbU=
z`%bUnC$tVv5Or77OiCAgrXvc7x3sgqa7%|!cl25fii5N01k^<LNiBrLNff{G^;eu&
zt7(ZZ9ghpKuQq^ixe++_lqE_Rk%$70vc_+khy$?^n*|<$3~TSP_O=@3$_NNCuV%sX
ztVJSU8V=L(Dn^>Hfv+m;@AK{WGoRtHd~392<=uyO=ANveBE{P((q|YYxIpY4^RG>x
z-1@@gXh&4o!0*523@U0-q^a9~6?W9!Te(D+6zFZEZ{rz~A;%u((rL~T$@40w7=zm2
z_$DwyOrA?|D&Xo8|L{X%<k5YjeIl%U9$Nim47Ki*kj!(WYhX_^5((_o7x=%nfx~y{
zc5@&DUL6z086~L=CF`gmrl{B-*QEhW1y>11oyE|2Oj34J{c!qXrM)1iq$f$q)(q?~
zUi1+f3_ZayyqosljW9PNpWTO5MH7FT%B!4F{QPz#{JDL0_rp)?o5wYB3Tv4th`~~X
zmPn8oG*R@vl(jWo#b7QJu?)fiu^my+8>(99dWy?D_q$yFw%ji^p(yk~--?O#=2^cg
zq>vsX$05@*j}r@&v!Pzjj_GV${hAl6G&|-zjx~xq4H6n!gJWXpV<}L0BJQxKhce?#
z(xIVXX_=~Im4Vh(tW>}nw)5ous>l3C6iXi{ZD)PV$r*)2;q{JatqY~lO!P&ShMTn@
znk-CxY?nV3#BYCPVMFO6ID2zF|E{oA7_(@(<1S99xUeJd99P%j%ZyQmJrGb$s;1&b
zyc#9N3)OCADt%%Il|t7NW7Gq+4ixs9ui*0LPD3U7Ru}9vHD24IeIq<wE|;Rel8`F{
z&2}xYZ_>X+&3K0-Tnq0VRdX1fETMwfT6D=sN2NWL3wGP2Ie)2rk-5np5sL5wR8pa+
zr&pl)4JI*hrIs)wy8C~MP7O&+Xgm7g!5xXjN>Y7X8HOWo|27*gp(iPh<D%DMN_bkp
zwz*k~vAez4r!I2dN$MD{Zq8^%M4|<H)QAFAZ86EelhNYOW?-B7&5ge6QE=wjn*dV*
zV}{HJ!EspW7c$enu|kJLzz=z4F3AL%PK-dt93mLxM*ZcEj+Zv5dG~EsK2s-R9hu|O
zd#J|3(Qnj(cUikmdI@}xaMKgd_WY`@8?bJ9!;B$)td{>509Zh$zZ}l0mRt&>guLdq
ziXMg9u3d6ChqJ=3f2E)n3oV8LoJlFa)6UB!%OFRIgIPg|O$Fk8h!V(uRrpE86_ZIo
zzP(&fvCYJxY84J6=?N)s2)lH5Bw5(71Rk}l-ZC1yBD@=`_Wt-PI;U^PPpwwWhNf`o
z(|c%qr#q{kQ0#e+*T9G2x3^Plb{l^^L!UVLk89MtbqsuI0^>`1=!AEQ)Ogb9yFY0F
zqk4j-zTwxg@0bbyTU56`^wgNz;<Qe^Fa5LRvWL_zUf&l259Gq~tkZaO`7H=?WhsQA
zGR&wMarW3d_qQxvmTpe7LPyZ>te11!B4GHmHpd|aBI3kTACyIK#NNJ+nZdG7O4jSi
zh%Xn(q9!WLa}s_zSnvNB;h*rLeCYCejMJB$%@)tMAn)#%5H8rCxuZ~?IFzf9lvCg6
z?3qg88c(eP+Hw%t-|a$%50ov&WlEdw^~n9-g*ya*glnqb@{Y-kv0MJkDx^|?ctx`j
zKoX69Xf_|Whd+p9(cTa3n4h2$*^|-#=+*JiL@Z`UQ)?=8`)_z>E~XuoLf~#FW49!)
znS@#j`(<u}^xvGqR5QCnTG<!TDk!qS+m4{p^%#xa^5Q>X@)ehMJI(}A!Ged(>aS+r
z<2w$!AW^Fc>i*7;Xo2uEa|dQ<B6m~Lw(ff%SlPNVOwhB7?AzXJUi&9YV6r`AmmX%^
zD0bl_tq&Tt#CBV0&+CiT^hzSAF~oJM=&dI~pFrj^uw$Pq2|Z5TH#~@$x!Cc!$^J<9
zO3&+y>yS^*K1dB+bj(hZb%$dAcq`oZjtVUkdptD=@Q*1lw0?k`^m8B)4VZ>t&ZaN|
zL-9*78Q3Bnfto|_hD^r*)au656GA5+@;S6+PPL&Zi_C#!ZDHG~unk&izG}4Yab`4?
zL`K#cQ6S!OsH>LFr^c_@AZ=0LAY&~v5aEb8;CCb}O>Tp598sh{vD~P~3-M%K>X7=^
z0YBuwZn#@^>TP{aH4@k%20mrN1R}+#%t7zKyq+$#SJ97(8gfb4Tx0E_#IevJL@;o^
zBatA;1Ty}AbFPF6Te)Qxt^fq9Lb+DD(QsDh9m{8~L(7Y9nLF4moaKo5d9J|(B!n7{
zzS1W-`sn-bbI^yxpC??JZ+B?6Y34r8L!IXXkrPZQhYH2@@ne$2a~j!*33l+2n0AvX
zS1z9%`#i0=4N5ey0IIy&IHJ?7J-A18@kOJYsoidc_v*$QD;lSa+q7q5gg#OtzUYK{
zJcoAqD%CRtc#SJ*%D%EI3ZpRkqsg$+GU+o^(QB;FRFA_y8>Ce=NlnXNsus+!WIyrs
zFz)aMA%31W^$ePf$ecU5opBzG(efv1DHVaj?O;S{hUim4<WQg*JI<wLt0&X04WIT$
zgbLEn3G2qqVJnv5|8QH?;zq-mjp2#k*7zQI8Rs(6)CxLOD1NQdjgiiuUyBN2jXm_!
zdqwonfY?O&dRynGi}{AqQMm}1d$=dz$Muo1J)>&qBPw1)P`<kkW}j3zou~{ol|;FB
zkbsg%PypX{iCr$`^|I(Y>K>sjd<xa$k*&m!{KG;e(u%|6KCVqnk|^~VlYkEGD^W_4
zanGk7Gn|imx%+YGGy6<VZqGTmC(JOwcbve>F9SM<PNGtTd3Zi8kfTYf`qAhq)*uP*
z837`F0B9iUJFur)H6bS_Q&#UV^A_nLK4sRSs|$>W(^<<TzFS7_+~ZyquVHiVS~@^K
zoV7s>zwy?<^|cD5uJ&t3N`1h>$B{FW^FX$3d?bzmnmF7=om(_pPYJ2fs*U%rBE+!Q
z4qz+_(~;7VdWfcDkeT_ZFB_WR(#9k~rAQcBIAWJo#Jf>YDsX)5Y$uD%D4D$BIN(`B
zmJaw-j0wnka~i3UU;gStwl$B+lJX6H`T?Q7TZ5s02juUaUj^$J>wq5Q?YyPs+2Go=
zZ^BBZ*q;&uo_WDzPeLdh`jDiZjOh^<3?n0^a!PGJZ6p{RxW0MVznPTx%`H>|JAU$e
zJG+|zbr@?{@5om2eah`<pW47Q;?BlSc<Upj!!WiPOZ`~Sfx(pOua|K^mdtuECx9~<
z1U)&7hYl_aP>1Pd9<)b<Xc5^7FGUW@n2Q}^#IX=l)gcFE#dK3;iH8eSqynT$>+S~l
z8wna$B1ZFU;CGS<vrO%HzzCy!1#zlu;<Y(u7eNPK3v-USB4<#hP{fV7kZn(?ELPrO
zrjCs_v|r1QtT}zsTNCc@Q-IT(keL_SCLAw?2#bB4TznA-&04P-U3|3(o1;{{?YLzO
zbUpVBMRA1&Y6oqQNHY+DBf5gboS54DEFqm#9%F)eB_CBDpL8)4+jyK`dBik9k(16z
zyq3P4C=iPL$YOQOc7aI%q=Q8GKYtke+A}vv^DkX&t{hF^(IUUQe;+<bAf0@S+SN5r
zSI89@eZ{S2)tQa7Z{tchxxc+2-rwCaU6MY?uZ`IKx+2lt)iwX{z6a0fW)(V9a9Nv%
zA>CuaTEkpgwlxgf_jH0w&P|!1jAl6zC@w{Z!3Kg8*jfCHGCXQ3J~~l=NVCpmBHM+0
z1Bjv`>gZJpLb`=cGsMpznKhLc3r$wDA}8V|-QzJ<+s8ad>ScG5y)S@(l)5e-ro<aF
zblxtx_npm_B59B@0a+xB*86WNig%T@?bBZwHXOb)jimyX&7U&8m=b*S#|}@C<X+Na
zOq@9v$%YetTtW)84hS*Q-sr6R6|>!GRm$fY&fgFm;kh{Ym3!h~60lRAVtUZ81o&sV
zd~8-EiX5Ujtv(Zq8wTPyO+9hjk|e9~duN$U=x1c>6E#MwPO?78I<Ynm55Vb1;j4a8
zRUbXwxnrae``%+IkMkfG?_C4?!Y6I&v%|wPK+JqVwqf0E7ws5#4*0uvOQ|LpQ4?4j
zf)3Z&wt~s5D}`ynruNJ!E^89iSyh9-ExkV3p7qF*mR_e<(V4mzr$(qaGN++I2JtkN
zt8{cv|HIEX;oXfrv5>UCj?zb_fEntmu;Z+W%wVdDEa*T~rOQzp?2d!}@_LIupVm31
zB8V4miy1B(d~!svLRJ-`!2K_zS)D%<=9Lp<IhcG(Y2c7Q3Wt<hW^`RZCCS6#KRy@i
zlgceL#i#Z6ncWmHWW?Doxz9>1+1h6C9`k8bQ}gT59~6rJWfy%j_cIXEE~x`<!KKQ$
zVTv=(UkRG)RJh}v@+}m+*Z5`+Wxjtc=FY5@x}#bXwQ(v|t*zO}WH2Wiuv4Fhf$S+(
zZKRm$9Ahk&H1}B+IRI90HT}8RHrVK?`2LC&^ki!<577;a8S41rK@82~;CYXPk_>f>
zNCIBYf4uZ%rox0Hc0JBj_Rk=fRn9s3*4BIg8;s2#yx(-Dph*<m&yo#kaGlcZ{&>o9
zpTN0S6B4Y_Z+7nWzSn1Q&Nl47!P6k1=<96SD?k8*)AYZWd%v}F#T_x3xRVmQ)Zx0Z
zglQZFwKPDk7LzzNXuy1NQ&!b!0@TzN^{X?ZAs6=hfDWu~V@H<dak|js=Njw8{8Y3%
z*v~hYxu^V{mBW8P@e-xfao${#FS~2kR<JS%%&3)w1B|EAKxa*eLQ9nmfjIl#g?pK#
zv`A&m4g6-@sR2aX6LfE(qdLxH0(~ILjPA<uz8S#ulF(61Kekn;MYX5)Fqn40>NP{|
zna*fTx}9m6`;N<~p?wo1szQ)BOmJjNBpm$~c+4J-wf4_%Kr&%=?g~#_S*Psey_A)^
z&cNotb8*5NZ#F~pL$3DYb7HWvFj?<>f1Y();uWFL+(K%mQ%;d)dz<My_6+iwRUr<Y
z2z&#BUX-yLg}ZSKWo+CkvMBEITMy+2_?%xrB(qtN0vJUh>h|68o<$%yKEq8827@T!
zdBkcsK%Jr3|8eE25R(rtcibz(x&rvQONV?NQe77TK7KJc+Ocqu;GePY`fwGdxDeMt
z${=odWrZi&gxH>RtbJ4uZdGR|?mJCq<n&@#baO)MdjLk7jSh*Y-b{wFjDsgO0;h<Z
z6S%7%r4+tA%*NsvwQ<0QPgNP}y0}KP)5^}gb<x<ix?(8_yH+m3M$9ahbg`)kmYFx`
zoQ$j-(M;N<>^&5Eq+!Vu*bv$gF(%CaLX(gh^@&Lru;^%BBJ&~={@YFqx-5SOuk+j1
zO<tvJM9BOd@b0NNdxu!u(Rq<8rA_WZ$ogzLj&W-xf}Ey+5;Mg*;?=Q8b?`{7&hDq7
zhS{3s5t6#-#njxY%A@7bZK7tYBxzBd8w*PJ{EnZvME@EFNQF~`KK72mC<+iM0PjwE
z@xHw`<_U24$VSf&x{uheseJDseM}51Wl4LSBTnWkB6<?=QO5#~Y}}<r&T#BVk3$pX
zZ1W*H&TRRi^#@&mQywjf;J*+T_o`@AuAUVV6P#VZe+XgF&|*>Z|B~ykgrW^KW^}`{
zrc9$i=YCtgG11KT_xLlc)XA2P0G)rIC?i=B8qkAtF-5eA@(m4lh`5^+N+`kHK*Z6R
zx^S6tcJ)2`IIR2vEZL|-cjJbZ&Kte6BTo>m@eiUa4?f^COas~36Jw-hVX(&V;G`OF
zs!ibTjLN*tM|>^P%?Yl{|ISZuXzo*Bh3EKzC01l=1U<~PEX^8`%+|cPv&n@*Olz@n
zvxG6k_SAkC-JFll?_&ewt8;8_a!=9jkJd1<&4ju->uA3t(7WIr^NBz-Ynejj>|}Z8
z>4Qd=m&+K(hB@L7<n%l#wtvD=C*n8uXus$}CL;5G10;JthNBt#E?MNs^SKi}VxV`y
zX2rtikzv^iCTTNlbS{Ff+aJS1M`^d^HEb0*py8qh@0IHl)>SeflfUJ4Q_;cuBlsOU
z_rtw4wa34|fviHCJ952=(9P0}`?g|#a{8%RBIXt8E}ydKtH%q4G#8I>%D+Vcv?U@<
zV;As3rD{h1yz6E)>kMTwr~%utbCr%{;Nv_c5;sb_zPP9sNVcQ%)CMs5g;QiKGY@Wz
zFb|dEF4~I1)n1e<w@<}+CiNtbCa|05=FT&cFB!~mP}$F7IVylx@ZU0fHZ~%$H|H=0
zbTty5OG8`{yX=-@6^2aC<4q+(dkj0Zob$V2BwT<_=|Y~+6fHx-{9z8l#ei&hnwA$+
zi%vu3f4g|DG~n#IE{0u9NQ7^MK6BeAY`Tutm@;i?$tj;u7ya^G?d$nz>QibRcJ&HH
zurdVkW8LSGYk}~`xZ+uFxZ5c6M!WSMb>e%y@R8q_a!}`sWJ-?L&A{#!I%h(>O-Ju$
zrc3j*=vD*;B!#&4^j$nRN!948ujw=US+X$S-^0j#o%*&veOe+L62$r#khlN)<SS8B
zW-}4QU?}U(e_DIShS!^K1H!uTrrf%Lqhw#Rnv;iQz{IJSGvjc%(KWAR)bMQ+h6dwW
z2Zurtd3I<fEBT9(W^Yk7uNX84j;f0GQCDJ%e4=}^y>tX)25n_CEFF>`o`C#4&74OD
zH6#)a$Tm?bCQ{42c@C3~sI|%aa%Rw&?R-2tCCuH(FJPFT8&ncbKl8+DuNstS7}pk$
zC?pM~XlKjX&R-ECgFQrTt->#-bYbL0g>uQQ(DS3;ns-k+adkd5jBBId{_FWDY;d2u
zyMV(F-{6J)k;2zsoJ!4JG8fh!$A}w^!RNV&Z>G{-L%Md1d<Er&tBUyAqz;L3HO&X>
z;kzcPnzgO!K|}2F+4L-XCN|b9;36r<MMUd(v#TN}>9qKvkQp1@UrGT=tKu@MivnAp
zH~I9d0J&FPB<!%h?Igj^#k=5%?1V*UyppdGc~gDH#5=?fw>*ZtSZIFJc57S3eo)lK
zacuk|f9GluaP%*d9pQ(|jB4)N4u?=mc6pa`_#7v7)Wm;jd_5R?@t*QdNV3q|<D%+e
z>0#MnuzLJ_iVTRr0ul_B`@?9zNLd70r_OaaZvn#Ymrm||lkJPu@5>14Z5&HUTb?Z}
z+4i!ZVgF*c16BdQ57v?Z*KO^sqc4w5XPlV)=Zq3To*L0T_7rG8dqsUEH9FuRd2xw}
zeQam7Py28ki^fLqDLK4Bm1hjZS|GHYw2P#!#j<5zA{KCoh%}j6VVeK=F<ZnA$iQ$k
z*hTRJnB8~tY*Vta{k_g>IL(S>_%HxFn<W!nL@*Qx$0vWPpX#q1RysCffJ}ippK`*Z
zpb6y!1uKC5P<%DS@L%JFJPA2#E<On>n7^nCtGw+wdp^T=rbT6zAHMgBq$!H377iih
zkj2fcZvi%W3~w&G{nc4`0%bVF@mU0$5R`;yqnO^i-)F%-cVw;Un(>RmpOJ>VII5|A
zqT+LA8=%*@e^AO~HY~m5Rx*O8xARCoTMk+W^)(mB*_X;zL<`-3Gs?m$o+39uA2PYg
zN@uX6$s~@lz`qNH`j+>{?b${}+VCHQApkr^m>NQ0Zx=Zn8x?mSw2gV6nWh_O`Zt7r
z$}~<f$iStIc)q{4XVC7lxK%)3_dZuq12kKURv5S9_AiTJC$+oCzAO8;kWp(PqvN*v
z9&R9Hg1UBFJN~mrh)A`sJ-WXEb4eWxvQ`KM^?yYNU<UQydfJZZS8gTXDTis!k*T~-
zPd@>g+5Da;xE$`PZJL5+V?b^GuyEM9_{hoo<2znxly(3oqo{}Rd!b1IBmCKNU@jKD
z64?yBet_V=)68bErTdtFBnmG)85AAOw?c-Y_&5~3I8NGP9hEd#PYIv7M8m8Kae14Q
z{nftYxykz=qH!$)4i>t)jxlvSi0-BC851W3;|}N-+OIy}YH@2jh@#QK69in~LN<~N
z5>}Z3Kgx)djk%0P?czx9Mx6$milr6-?7R=0$SZQ+XU(}6oGU;h7}&S043)P2RHzt9
zul(nt5z&#S^^J|xPCmBh6d_7x)|J{SbV>C<CvSD&oeao*vw*rW*dauk!tqM*h|0sb
zlReCP0v?VxJ~>SB*%`HI?2}X4%k+(K!Q_)l5m|Aaw|u-0Tk(f~I@<fmbfgaJY*s=U
z)C~8^+=;-%#tw?$U_0>}0i0Y+#{i?mA#}CC+{cJJ`cpaGF+-+Z+p)DEJmu%sE7V%2
zB^^iXVW9G8l%+fUHSCbt&sC_(l$nX#Rf6+WoT)1u0S0-=+(yvK{oYWejGS@zvz=Vi
znY3#m2onaBI%_J!RqU{TGtT8w!NZKV*9Gentog`qGRv|dGg5sO0j0EQ9(u_6iU<eq
zguP@Pvu`37PD0PCLgP=csAC`q9mnc5;2XG#37`l190>+ruv*|=IM^oO`h@S3V8M&F
zn!nmlmWh<#)<9Vq4!nzwr2TU|OD!M2e6Mu0`2ocbFUq#NbNA>Tt1jXJL={@DQ{y9-
zuLhm+$)8|I3^z(-G=u2X^|e6TGI0*D?MHHU4LoHTV~t@ib(@|TD(+(4#`Tk#faMtu
zzDIlV;mGYe?T{{gI{SFo*K{-|F8MOFog1O2NF<@lsmCzxyLNN1`h-xjA1)FjRmZuq
zp-Km#s54SEuJU%0;;Cu!WaQU|0`e|T;`8?d0=PFZH0@no@QG-c#BY=@r~FdjNmJ=$
zd6^HfmwRRnn>8i$C<fN}!aIAjp&C86b++scm@D>PzEsT~YcgFyv9s@V+0!+QJ{-^a
z5B*RSNJdZY+<8ja^V@Fj0H!UYj1HlhS_C}+>I93Mpsr1c^<xb@kHcUt4+cSVuZ|0K
z#X6?F@rf=ZVZY053uA*9<8rBfW8=Kjw>-!xnLqMIhT*gM2&pe3dVEg(ylA8rN<2jE
z1P(?D+GjTaNdTt)){{$5L2kcv(?gVc?Q^#jsYSEcv$bM_(?t+^`_FjjlTwdAqVTXo
z>0>VsN_Lm-<VsXdm+XYq`eoPY&k^kJ-DjfRT=p%IdMQ)8-Q&aHa&>&LWh%7p8|k#H
zD0&tdU#rpqK3a`jB+nD2qP)165vc?`nY1EC499B~oYryL<Z3AtIf@5=%g=9FZ@R{b
z7bWG+ryht&N`A9o2#HVO5UIsu2ID{x%OOvzVF!#9s`@gc%%`u{p2L8--PyFo*zdD)
zE^u#X7zwknjhYkSQ*M!LL9T9mM7+A4VXm!ZikMoBF3pd5@kS0&*m`(Y%3zFLK`i75
z%0<76F(MDE)58Z|()b)&0I7o$5c;356y*h}d(#Fk;P~E5Sp>_ZyjtrBq2Pn@z-3Ri
z5NlZPzF9jjZR9Z*k0;BI5}|`!>9`KEZ#<bobe@c1F)f)0*^|EmNgi^bxOZNAv}vZJ
z66PL@-__0Yp6sf#K(4%ix>_HodYgiVj{D3GqRT>`o`bzym!*P|y;U(bG&9s$Hj|~A
z#O6Tp1`jB_QN5m9-7l<ATHeLG@dBF!Tk>>~WC&vlX{c|dZ8w8qSzhz5)~Jo8l6Dob
z;R15)DM_jv^;UI&n@JTAp~Rl_u7~v1ldZnb_ABeb)YhbG)m@M=DGVo^`41Dc)$=HS
zYx$Y;vYkT>|6q!`9sypoNxRN|uVd(Tn`D%v?c4&$xhJAKneF9eVQrN^Mo7Kgc(1xO
zd*!vLaBS*3eC%Q|V}&aTJrW#3UMEIIz9pW*Dtm?>2L_kI@SVPCt-xY@a0ye5^T{O2
z+7mP)FT&hxN}yZ6xb0+W`O2NL{l|7;K5TWiNKl;1<xwbKtO~QzKgdFeSg;3oju=6*
zT&#>E=t>C%n~*t5>bq<0m9znEr+?=^YX+!>&c?BBc4xZCgBo4HtyOTJ@cYJnZ;E<e
zx30C|+X>H}z)Kz}m?yKziWT$q;PY%G$8^?iru7{;A1Q(>&#fLZ$D#Y0K;^93!K)2D
zUBIZ7-DTb8{<FzYjpv^^seARWiOX*8HDKA=)3+RAX!dRxe;=!8w}S<zRyhEPzE;d1
zU1%w9nfOcP7dXE`@Oh})+r)7rerM#!XHp7V0;17CykXUXs>7TNz#e08QQy^{IOR?!
z?y8vC{dPK%Qj~RhmnCH527t-@T6ocR2SkHLb6UIjpG~10f^kz+1Z7h5Rc8&=g#UMG
z;(dol#l<4skaxu47M*}WN4x+kl_mNcG}?}>w*)t*M){%Wb=oEnYo*B5=CJ?>uC)Pd
zu_X~?-YcclL|NK-Q*S23k(4E)vs~p@)?~5@J{)QCN=Q5Y%a3moZ99ys`nDj`aW!cr
zwn+7v!Sebt#&@LJ(bGD27Igd`-agP-r7}WeOcW`HxM;JhO{Dg4V10)F-y{T2&%wSV
z#A}NdygxpVYqPp<^)z(TkmRG}2D?k}c;CEWY2!f7{WbO{;{l}gFjBe>7J3xpS>`?c
zW!t9QgtjcO!%=6Iy1V$&uGlbca<?nTkquCno4Wxwl%CT(PwK>V55KUyjuh~RBKAig
zXZ{PFxdj=3;-mUo_k=E>42VRC5D|yin{@OI!;;aed->!Rf;PV-8Im_Jvx(!uDJ|AS
z#*D*3V^nNy6}_G=wO-)F*c=l;5=A4mp{B8q74{k4=0Tzk)2xknlS5-nG#nXx>Xj{^
zP7xbk2YOH`JRy;h2owV682i@DtFq`1arst$c~Y@HAuLry@(H=xLWoBm6up>krT4CM
zD|YhR=G-{~2Oa_*+FxU(>ykf9Stn-;RAjC?jOdD+=t%@NJ(8v_^F;CdA28R2udCkA
znS8}78mORLilGG5V~J5GEXjc|u}5~DGtOde+mv64Bm@vj<^+QGx>%qxQl$OmV{0`1
zcL~`hS{`VC<43+~%NG|vRR<9WSIWLjs8%@lsi7B+(Qhrg3W#_#8@0&FF^_lxB&wJl
z*@o_9W+60Z&tkgC<WDg>G)WQ0{0l;93$ZgsEdhVn5bBH!*dC=%022=Fq*5FZtFo=O
zyt+Nz#JinYQU1v)&_INUFMhQJhg>7BeMgqZp06zHf-6Kt9m$cXXBO~%whI0U`^Rm;
z`CV>w9V4QYQs)4`cBk>bTv>DTkxiFDX8%&0IDz%!_)m6=@PFL^yM3vIuGl5vZ80oS
z+ryhb>!<mXGbnmg3)OTBM*g4F<Gd#N^tG>38vnuwrEn_O`j!_w-3AgnMVX+RzqI|n
z;~p~>sJ923`C*u}K<<h8#Z4oqMY**5=o(=P1%0*9-|ff?jz>u)b9Pfc_-w^szux%G
zVqCvJD+_1ewq+J{tS$eo{5vTXy_3KjVaOd6y));~evec3tO9=FjR4i1oHQ<O4jI9u
z)+yFWH~<w9?i2*K9o}4o*;;L*5&u{sI^Sy_O3WHNqyMn|b!rtUNpyYkV@EMjQ6z6X
z6-^r^0)eV~W}W@Br&RB18$dw5sK@I)<;BSuF<YT(HYcNSMT_F$#+D&<CCaVAUgoC7
zT9@Tuk=@;=0Oi82g+(snhrc{PyICw)dcO+lRxV6Zh<*)N@QuazPzeUluP+>a@@~&?
z7u&42A~`}`>vy-{H(R6hith*bZ9s=8_7vzN=af8aJuB*I^+O~RUE^2`w@LTkjd<fH
z+E@<<oL%;t2L=)I>I2kDv<n2D0Lx<;I+DzW!s6aKT^cgW=jXoPB?Y_n?)#ea-!L%k
zSNYa?SpxYk75Crs_K+LJKg&Z^H4YRY0MpM;fyXgb35??S*mhYY%D=vLxxVO~j`c`)
zY|P!;I6LZNbCyAi&YcX_@Vcq1@r7NN#SN({pF8U7KB49cp2f09I=xfg#%(Aky;{2s
zzyHO~3BUay7rn5sz@d*MW!by(O?b=sM6dGb5Gjr`!N}~wuZZ3A0Z@iRdeP8+`ic+i
zZkAX^!?tQ0JsbU`k6cJZQhG=1cp;QN&M!&#x=^%M5|ad4Y~{#j^vnmj?=<1?H59F!
z&%c{1`G!j#^~E$86`R*)FBN#;bxjVcO!P_|bpW{0jgGzs)LMsHqkb(*%WNL_BUaYP
zOat&EJ?-dYe)VU6XZw7j+PP0-cfV+g0vilxJy3?gagfdDYqnDF)jC<-rHF2ZZt-OM
zJ?LLt>&Ksa2d|ibO2W~6`4)mEyA3T_zhK3E?EbHIAU61oN);1p9!3wN-`d<E?;pba
zW*TwZjbsp9Ykww0qNXDPYfQ`?--8Y8wr`cv(26PY=q(Bvo0lrv$D-e6!FBZ@^ls;z
zcC2X2l}K$zRy({D=3Af)YDO9=A!@kJ6co364l?eT!q6<D)m5RK#I8POHDe|uAr%=E
z$$oww*6Z1N<NGg+T4L^f<dk<y#JF-S4;FkZd@A2+iizr*mNzDfVUFX9sJ!G#!4<VO
zI0l(`%DLGQZ1JW5|8fHoHNEZ4<x8+4navN7hUT`?IdrE;wJ|HOa!Nz@M^zmyv`BOw
z!9F5|NdlOMU8Fsd<~}*u@J-sTrc7wGl$dvq$YnsUc|5l974(V7%dsMhctjz8hhrM!
z05d;R3st1y@gA(<U`!&{MdN}V;<;5&3RFdm!~U2(OM<at^5sS-cmK2O)mlIN+}?9%
zlARAPsxN_0pUFrx?ta=I{rl`dcIhi<*E-U#4wkLO^e3Unz0Ri_!8VUdTju3RI}gy(
z+zRKxDXj)&341XA%l)1;K7axu8q2W6&DbeRF0W~5I7VS}bk+l~CYFN^@6R!-x^trB
z8N9XGK>T?>LrB)v^jUs|_;t|{6lBUyJrT%(ufD74m{MoL^3N8z^z~=GRg?w@vMf%&
zWt0~)`&q;>2${Pf2Uowb-ztB)e&Hq%7ncGUSs?o+G3QiGn&7x^P2Xp)-R$x|mjL<T
z?*j(!1Ma&{_lhy()GHPQbR&K!l5n2jy$8D~oAgGS2&?({>gG<TmUf+}QeE=jfnTVH
z+T4z*RC^D-pWJ6%tA4=vdQ$*VyFdZC3Q`Xpyhd~-V9ozVGpWWpc(ds^?AorVI1CVM
z4QOhTtt070JUuqZE~*s^uBt4OkRZRMyhIaQT#o#iSg3PTjb8t<L3Yqs;d%q8JSqE@
zSC#{-**F^=2&4UF+#ZsS|8!3+p5m7`IaHg*V!b<pOhOaXH(gTEPYY2GD73(ZaG~rr
z9Gwbgn}!QncULDeOk`fT;iL~%Haxji(L-f-Wn=4u??es*pd*X{kI4=H|MVq>?1!HX
zXujY3zx&PUtu(1_Eo_7q;Txp(obzIXUMMbArsznOd72Dd-yPr~s~yU4{%0cBORai{
zL+!Xz;kA>TU29*I&vTm(gUSZ9QH;&we^ocR{l*VDg|k3#L0bM#sJqKQW4;(-rSs!S
zk78KsBhCfbd0p(~Z2#$n8SPyV`-+Ge{{t`p5qsEI0EXvmj;YL7cr0q{^fe(R^&Aq~
zMdF3P5J-#cDcW>?t}>;C&!1G7gn_VUw@+E7HX@X*0mqwXLctNLB-*GR5D0v>mITe-
zY%%z)WDAb7VB=e37=rOx+lvv>)h97udrsH6bf-F2=vx(>EPVrL$Zn|`Lb%%VvveDS
z_g<96u-)Zz=LFE8^N%U;+?on23kfyhYk@C5!#eJ+FZT}33R^~j@HR#5^bHBB#?4Nw
zr1{M_Ba8<@gsb&uv7_ngoXNZZ<a8_rB)>+i{Wh}qwXKS9t6PQ=-s`WqAMiy1qA2yO
z2i#5<0mvLvmXo?T8$O33OMi9H8Z!x?$;_vOpMppAf}x{>Aw=sOD6asX{RG-!6F7Ox
zeyKN(&g-95p=+;|O|bTdrw6=}kz3bR4^ycoFX!%R9)TYLDE3rSgEgY&PA8E7@PFNw
zEYa`}vDy;dMUbRwgJiIjU>PCByk9pDL(|$OL$O6)Px?IcV^LrM8Pb}f(Zut;HIaPf
zU`@)dYOS(x+0|y%?!WdXvOyc9?fCg8-L|`vy-D%bft9_?S~IX3go7;RGP)&>4Qs9y
z22p7y7D|V;N|RWZz`7~qQ<~smo!lUCh)p)6!spB^s@Td$IEnaPQi-|SJ^z#!NLzr2
zU!5|ZD9&ZW>eq{E(_D-Y{`I$kbS6tjd_4E?1oSSu%;Ln|0e31wihE!oZQ}SNOHl`0
zh@EEUHkzL@3O_bNOWi4zHdHVkz06e@azr2-EkDl9{NrA-4Bl)|z+N>=w=r&@alap@
z{ARxduw@^<+V8JX3PoCqiAldQ<P*(K(=heT1-Y44EnGy0F*uj&mYea=H0lk_l<sz)
ze4M@R!a$qO;6WZhjV}J#*?`6tu~HUVE%rdz^H>HA{L6=OsH^n<v^%X4Ee-xzpzKsx
z!u;p=ES){}j&4O0oOVG-53+WNh$o8V${p8fZ4`T|9DLfihh}2okco;t;99Ys0i;0_
zy^v(B^;<-(U7*g2$P#9odJX;mRG3j-blG+&4o%Xy0n{V>OdPQPY_Juv`}oO{I%|_^
z4)9~7UXGdOi>8U`d&?}1Rfll^|9nx03jUme_^m~EQ(2zBNlz4KzpBh49<lm2n!p&^
zRO0=>R@np9*TE{&#by52o`NU(Kl&b5u;0&N@43#REp0)aZkEQRDhyY3qvQNN3Kbk1
zI(cGgCd+?TR#2DuyGr$!n(}H+L1ET=@d$`#!o9-WxnDBNicmegeW+Hu6Hjgysn^gt
z$d50ycxA+oQ4p>Jp7eh!)3`e!@!B?$FNP6se)JVR^2LU>H)F;+8})Ge)WaK;LFn($
zRuoo?rGQv<+K?Ld^QM0VaW*Y&F#o$6ia1cK!Y-Yno0v!ez8OWhKQB0HiC#tUSDF?T
zxd9E*ppkt2eUipLnIEcSgaY%WeSdl*WgM|4E|wkE%3#cCZT9qU%`~}XzvF{HnX#$U
zYqO*{)@+f%AqXT1)Ge(x4W2Er?W;E4f;ypCg;{P8r4+SUb}Vm~Rc=n7W{{rZdE5Tl
zL9pwm1O|wnpPZV?e@xZ9#8XiFkfxc@L#FDx+w3aDs`Y1aW8y4un`-{hP<R#0cX`OF
z7Gg)_JgQs^=lJ7kMRYaZ9pV%-^K4j0Zsb>gTbu%OvHxO{9ngWHsudkaCk9l-AwVGi
z`%qA2|Ni%s*~X6O)pajcKe@2kL_?<@-Wo-t?9&Gc3;eSvnRv#dHYPy#L_Ma2gzo#E
ze{@N>61&Yl|7r_qKmfR^n=&X%e@c?#(?p5uftS<px8gm0Cua~pbi;-$ckK`yje+5L
za#w*ipvd+KymPoS7CP~F0?5@2i20Q0l{g4o*?gg>m~h-QK8&X%V9MPrlPO}{bBw=B
z^N~ckeLhIqcI<@fe2E)n!k4rUGdI)*BH#*?w_Eg#T|6%XpvSwr#FU#)s9~~O3&l*1
zDB72l-b6K+k!UqdE*g5h#2ylE+{R<yJBcPal+czGyNY$==;mZi6~}{lw~`G>ZFO^*
z?{PG>r4J<%Ha~RXmtR!x>sIsf-!M!ENwABZ43V1du^c2#)_X>ZyUe!6>a{+PM%PVr
zM{ye5vH6X_v{HH)D!nd|W$Yrija_3)9u2E>1nOR|!Qn_$$|AV(!51WE9l;?Zjp<@+
z;6do33}zUl?(FZ8UZt*(Qe?)Mt#z(^k&Nq;vrd3#TqP*T(FJFQwBmAS9AjbHQQL4-
z#up2PuOh>nKb|io8qX5nQ#7GBN;_IIH1Sk=?Ws-FPq`Qz2z_<vO{0bSK5s-=-~Vd=
z+ru_a&<=J9-taU24A)Vd&8X?wHr3fhAQz3g31Gg_NM^3e2=H;y6KE-H1c~`j`RW}Z
zq6s@x_3d`2^uBs0M&8q;K1rSLN@^hCIwF>A<erkBo$sjs+v@-3UvMbOyM1k)+Ma)z
zR}*oNtR=u$@UzV1*4g8KN@LUSMNNPO(W2r}p;_IP<74)8L={sP<hWj=(bwUG4~}*k
zJYqun6u_-mQT$I_`2w!c%(p0uVY?_~W23C^(KlMk*<P3+Qw?-Dr+uQGh2E!7EiQE7
z_Ib*H@jHI;cN8fyt?&}DgLTqWS5J=c*<^Umn^#=Ie~Ml>Rj%4wTY#TPrvNVR4(yAX
z^to#5_95TW#4DAF9h!l@pHyAk+He?9UvSkJy6E|K_l|ogb4x!sjaW?BEr{RL(SRND
zB{-Z%F9c|Z4tDxDA7T3LUvUnaJ))c@1wRDplr+6L-JS-s<K7X4DT7S#$WCo!rbcFV
zG)_n+rfj+)qjZ@6M1&>`iqm}EPFfE|@<hx*)6fJlJ_=L6VlQ?~G8nArcEHaw=1Skp
z@DknSXVGT%ceJds{J-WUJ_I?##rRB+apE~8Y)F=sBMqnS5|{9VT@U~Jbkig8C>U8r
zjT|Yvl0SzK)hCh(Y}c_Mv&isj>0%p#!vRwEYY{M4T#7<*q%%1Ad|mDl;X`v@b6FJ}
zG6A4Ota~LY+`JRv;!(9AnTVH>HxmYX_5y3elm8=Xn^)8#4-P&_`!cV#`=dUbYi`=n
zjElyK4({-mh2oiZQjFeP4o=TLSK63luX<PCu-E$p|E%!A$NK`~m6hOpMYwG?8Js{H
zqak2hD;fn&&&=oxAxb@sUe6Ux2>syhFA>|?cnbm>3#h$dn6yg=^6X8EgWsn7h<T6K
zz2tteWL^S^e!{_W-W2+a9q4h11Mg5T1wT0Vhug{_p32WgeA57*$84_uDg&UwXUiL)
z_D=*6IEHp@2kfJnI9Ton+RR6Gw|;l2TDqyy9Vj-*lLd^3cfOP_K$0HQp9Z9YZP_2l
zffflQo}w|zH!v0ioQNidQJrNJ$p-l87*$Atd6%JTqz2bM`Nv*g=op61Qdp@xOp93P
zj&E$&*e)PNn^<JKN||o)&z<cM66|?jP?G|>8sjP%6>SllOoRzT>o1v}Z`gbFfjzPK
zWDouO9+{FJs}eKQ_J{Iu;Ewh~a5*AAAyi_8%}RfHmuad)r9JQu<mNwz9^tAMEji-T
zX()@FitojPvQl&-gity%&hmTKljbTyse6Uib>0sK(0ySdA?qH$@(ok)GA?toA*WYU
zPb*__W5DkVjtVe{`AmrgpWk_xcY}+fW=A7G2wK~X4#1T|E$xiDddcLz)07m9;Y(`t
zE{PxxC&ES(TYLwTk6yDf!GW-JfO0?tazreUigVe=XM5FVU_q3BzW=5R@3J2_^<|n-
zJE2mL?k2znHpbiUe3w4{xOHaGI}Rf-q?|OzJ6pev3(0I=&ymWlxC1necAw*q9$nnp
z8XiO$Q_(w$8m*JvcQ#Q*(02S?s{FAhmpWi9Ks^bqsvL&7o%ZlHZ*PJv{I{&}6`zQc
z5dIPo&@}@vgQT7<?mo9dYuEEY(A8>L-fSBI0!rmbAAm6TiN-sYA`{Tcys}V%ZMT&5
zdZQLOa$?%fBc(N6G3qM9e%?Ci|C>W^ejeX0fh6VKR`8$O`gTm{ijCcv2K#O>W;Njd
z^~f2Mo)OX^QNX=k5Ds2U|GNg>TNcEqomD;%2JAzzl10c4XtTM1K%25jqvzQItVjGa
z0PT^Cnu;oG4}J7e%6Q)24DvZsAJ=u}ZI&>~dn95a;|ODSynaW7SaF*bgIDVatReb+
zY#n&wrSypoI=xO;pKe;7lH-1&wm@mt%nR96&e>4$EdU(4P`&s_t*kG8(ya$>-52Yr
zQDQCNvjORkusdsLJY`#6i@(^B$pxdMmO|Q;A@4`YI}z$G&maeMQQ>k)o0#qM3zjgt
z)NnS7)%DdeTCiZYP4{fwF_#qZkP(@7sT53|o~o-+R=%=iIi~6Xb#A&Fq#fOH2NR$b
zl?;gMC`<AtklW*|7<zRbHRSTx6GIfJ^Hdlh>NbL)CR$LZJ%ZG9Aq3K!S(N?qMvFLY
zBy7&XKnU!i-pF@&u@zLEQG)5LHVI|vp&Ckn<<OGs!9(^<C|+oYYJsL9ipKok01)~d
z{FSoYU(!6L6uK0TeO&#doy4?s!fk&hhkXgS716<MIP`{E9Vk$ZQ|A9)#R+(<y+06l
zK^|6T{0454Obj3o&<@u6-L$Wpm(|Dar>%b_?^r}`iIA)uJitHim!j&9@NgrO1O!-{
zlRTM6+#SVFUcWop0SzrDx#0SmB+9YE*Uq4$r1e{XO`2BacbZ)tmWc>*aF4g;uCB*N
zeTMeTvSGm{{;yE3)F}^J*!m)U%H-JjIqf~1WrezQq{d41j5lFKg@^p;s^@iy+^)Y*
zR_Ba8Z$^`}3d^$fAw1&`TD3bouXbdvw&*K*0)9XWhagp$%Q38^!rQS)&SFX?mabOC
z`=v<B8<ZdW3vj9gw}2S=5ltXgxm)pPeYF&~cM((1^St~>A|5QpP}LeU=)l~jKJ8E6
z?)thC_~`V86W*&>w9cE-20m(ui(|rH^MDL(owV*5dKnB2G7>r%MI`I_%&+a*t!w;C
z$s@(vj=FffB^=g$88=+@2R%953!U6>+(-aS;-Lqq5YY+4BjFfv<cc@0L{TXmiB>k|
zuD@r?WpQLR<M92B?QE^wuhZxoBiWXK)*38)PC^)ozs+s3a7l^;@HkLQsGY+V7|gWE
zww!4s8H3v12{dJ}cCtSz(MBI}MZ_2&tu4s_qG_K0IMQ!w#Qfy}8V@{Tp#FTtAX>Ki
zT2kUqgi`I?OxnF^1N7|+V6S7eBG#L`$S9{>_QsVt{{sB&IAX^*Ne7A~wr~Y28o?Ul
zbXJrSh79S4ZPJ7;q+eRKJHp%}ZQj;fwuPv<p0CMD6es5+IUbANfr6)&*myYG`ur-i
zsHK^NuUt+N`+QlJAbmPKHB%G*V-(|k49LqUM*SZUZrHb$+*1|RgC%wItxiX+RF!_N
zngaYktrZ}%?1}R!O|yltsoNSQw0me{FBNW5-j7C#XgARwG9ZP!U&sJj`Lrzh(ran^
zSI2o0B&1-DcJvJQ;77N@L7f-bv~kdq%CH^V->6L%esXP>n)A7sHc#A@VWj}gT`*KA
zxVo~(XyL%WVm&iC$zqCviLw!}{SiFt-{M1dcW(Oy?NfrfH7P(7_(w)!9RY3N`8*+`
zdAl<bCcw{prkk7MyXHy3PF7xvPLkX)v<4b{@DW*-#<V<gAt}Hih#5U#V>ZLz1#$#_
zbRz1iJ4ofK@xRT1b1RnT=4iC(qU`I>sZTk)+*Eomsz6`wFZG)jYF#Jguti4(u9N~Y
z@PeK8_XJ&GD6w!$c1{r?X$L;TV>`};3KVX_Y5KanDGGvi^=Pieru$R1@BMAjJuM&x
z0&4|899jdYCdGY0N;aftGXZ>~F~;GfXWrloqnDRaqw%GsLlbq74*-w=8WQ2Pqio;U
z^D}DZU=Dy3Sp=615kc%3u>x;i_?9x4A@29kB0hFKcPntpInora(hioO0yIbnpo(|)
zFEy7%NMonlxDmemX6`O_Zlu(g^v-m5bF=$vKGP5H-8gt0L|?R1aY1!8f9gxT#Bu-s
z{jUItMt5pB{H}O}`|FSHKG($b$Yp68U5SA+EQLH7UX`?GGkD%XLx8k<{x|g_H7jGM
zS=Oe=72`PFK=By@iMeZ)^u_gAMQqq_pKj$ybUP|#Cp>f<Gr3>yI)jLfVFrGn91v5#
zE2c{0@1R&;2f~NE%d@ZwT=TzqIS!A>0}LA@c_K#=#=jQ?dh&*N+<ppI>ybPj&fnT@
z1uYi=BTCc-O7xh?h7AC@4bb>__O4sAiWA})>UFK+5sbibPLpsLad}F|SWdt+1@Iwi
zghFwb8vB&UQiK;{*Id+YTS?ldOiGb(k9AVe-NKy@e40Zkt{0n5m~V&Y&+&9HJgGLb
zC$8DX`?<J76;BqJFvj|<*@miBy2}&j`Yf{c`jE1`5>Nm9-u^ay{9(2VV1VW!3O_;a
z-k%`5gLNG%X0}yZ7XTH#vz6!t!unL|uT~KYKl@m$U#^$CoeO0YL<Nzlx^sKo3ltPh
zeCigidTWVmx8cs{Fs4AoQTXsd)rf8LW4iTY=1GKCnY(zy*vQ;>8n>O+sZhYtv6W91
zSQYc3LWKzxz=XuzWE9yG@&?J;ZA07sIi7Ao@-2!ezK&g(*dl05$0MWi{;^vQ-pkf|
zGmMT*R;TMTH)~Re-v-?<8$l@qwrEEc8|-C2SYEdsoTO$y-QZ!Vz56IK1jV+2B+nR3
z_pc5BRKb@-M+p)%g6lyViH&?*>%)Q9yph6&u6Z;E0$Lji$f|_ok~kyN+a6+C?K~s$
z+>1s}nd2n)*QOECcxM9e?UNC$;)})aZzN9pdwg*XAorm*(Bi1u-`P2|0HJcMGwx7k
zYZcf>XIS1Y1b3EN?!yrhP!0a4EtA@i5u`E63Q|u!XO#L~Geo8b$$H92*c=EfSoON5
zqcKKJJ5H~8b@GpJY7zm;5w!YQNa1E!xR}Eq^Se&dM1$<~aBOO5cBBLazWQ@w?jT&~
zS)Fg+zks@~7<o)4p|<lU)OG{~5vppb<;P0^N{~5)I}+B|NwYRDvEy-_Y%34#dKHjI
zzsxvngDQXS4Ug9I$SSMJcYQC#%8BDS34@NsxI3ET9+YJDMzGHXd7~p0O@i7$hyB%c
z`3@c+l*S90NvK*OE5%WhvrZzNI&5iFpx}N<Jm%m2_jYJ_zc^ozwCdah{AAq9`8guV
zL^&vq?|=RzBCW6gxNgl8wnoxS`$FEkt<_=M(knY)m6ZzUzcE|8A_XYNa>W#m#eWQN
z1TcK1t$jv-gkUNv)Hgi-Bcw{jwL3s6(ohYgg@t9a4@<`NoY5*J9khs>1bzO;<;UsU
zV>1KQ<)oaL$@Ma3CQ6unt`6R!Ga<o({ucBL`9xQ$V38e*--Jw%eqy&!Q)xn>g83s+
zNwJow^l4?y&qNe(fOHPTF|jPGI*M(bD_Lwu-rGEp&67Xw&b+^l-+m<l_A{z&&2kAH
zw;6gD`97;e2au}_8tBF;W{e~D$ju8z%9W)mLTTU6#7sT8PBdO_zG@y~rzkf%LFB|5
znt%E>T$oFKg`a2v*eIW_aGz)9hJ#~PgHXhBzkTO%{QjEzRUz7qKu?E#7nNFCSGcy6
zq_lTd!~*RXLUb9o-AW$Fx}=-xP4@&_Q18dRMMB7(m?Lcs+HfRZ!Y_1uc8e6c!1WrP
z{JNP~ChsQBpxA2FBtfcVi6b1=EW}|LiO2T6575*@f_tdFXIRsu*7>RebUM9p^ReYW
zpb$~U1q(lGDF^#0X@wOAMbpwfaE$!a_c6;VSR-&AsXHOrBBw@hhVs{3>yp2RErBXJ
zKfrbG{Dv`b88h+qc|`sRGoKL4AkSEXIK+~AQNJqz1O;E3k@8-*To~{FRXMTLm*qPn
zp$YNi8V%#}DcPBX7E1`7zcDWcQKa+EuWG7S(uk|cxj`aWmf&)!K|9!z)l}$0L$c~M
zu!Y~(P$2ZMjK3}6-G!%3y`7gm4j!0Z?Tvn2IsjQL*8CYvQSPzOVtQs7#EO`Dg|MLk
z4)AQ*lCOiW%czHCPbSqD?bxPf5tx|m2|_Yc%l%`(o8Cw?P`~!ZI`c&$&9!ju)An4P
zu<)W%5j;oLVTd}!IkDIUqn^lfz5*4N;T#cf4|q!_=xK4h7%(!s4pG|Ef!5x?q8mjw
zDlbTdVQe7%>EBYQiT+xK>gIUS%p19}U#Xk!?bS7J9@Sm>?6Y=t$@aC<5eMs?!+07&
zrbmJH0p;nbE#1-56YYC24s`dZZD`uIMGzENoxl2R8lIvZl}kJ2b^fa&Bdto4Y{9uU
zSrHHCMVgHO{lLIALPbnFNSpRpBE^dqELQ^xVcrIq`Hok{!|Hws0H6G*_=Qi<OJ_vA
zol1LH6h&5)3U=C!j*V|_jd~1>5iZMY9yRM{q~L9spM9ed`4C`ACan!65&Oly^!er2
zN<kz8k@YR9ps{t4E_G@~5I1k%3}3atwME#>6e{V&GlE{{P=Syb%etb3a9U%CtcR(R
zj-etgUT~XS3Pxlj2+9Rie)nF{y4L855dDwGrSXC-s4UB`8~e)yp$^g-2(erT#dy;9
z@_zO>>!&wrjvk!D-nSdH+thB`;fK^8iVPT;$V7qr9@+MXrW+q6Q1C)0=ZTpUhU;lJ
zAS)&lXpCG4?HGpXZi+=<8*2bo?xNjYFceFxj%u9m-%WNBznm*CPE5zg{V|;AeceP=
zV3mF5?C4G$aFwmM^Mx5jUSPX7OQiAH{u;u&W>lIS$r-T;)roKVWZ>&nJGqu@^Em{M
zwqpLVx{tk$-t(=xnn=<g2lE~Ac3n(e&J@cH*?^7oSmT()0pNr6pRjQ@Fp5;jYN^9W
z!b|g-G82r*&S&ehDapl(LIwp%?K!c8Wd)TnsEOMk0d+EySD^VBYY(a1vRX-R3V{I+
z&vR`DAB&=^u|aCEJ}v_WXK^&>1p)tcm^5yESm=#-e%!p@Qh%ma*`B%eyOv(?lViSw
zxZztc+K?ZuD0)5^(FxOHl58II6-;7&9p^06>W*Vl0-2UGS=7U`0a|6O6{guxBy{P>
z{ez4OK=4*K2oM;HEEV+%5wy<ou2qGbA(9m_9s}F8#$yQjYn-$*G;O}wykWps$8vtk
ziQ7RkUH4m7%Nk7$vLJO7j8sNcio=QcK~=Dhcgg!_w77;0R#8{&6^PNO$g9g@Who+<
zyWT$(ogwkFkn4rPPXfQT<!4i`Q4dD|#!#{9c?aX9ZEFuGGPBVT(iY<Lr|S{J1WUv#
z*a#f$m^YWI7MotwC@>m5?%*9DfV19>TAf~`ZCOHo7<Pm(BN**(w2joP@R8G}O!_Jq
zv0~aFa~oaFxF~02yPz{`7s)gm^~^-B^Vq5%$r)e9xOOZlr&l@e@`s5WyB0&BJAa4n
zyNb0Dq;OW7PP~O4i~`1liZOnPh{2p8OV?AaK5-^?nOTUyv16TPos|kYVeB5*Ml-xe
zr0|D_YB3@mA*CA;31hZp*V7yeuJZp&zfFkQa}k9Rdb)FDKuJkr&sl*0AsmO{I^e^>
z#sa>fb56^ZQDVT|v@mE@+;TgSP7@r7kc%_i1+%(S{WBzfR%e0K&@9#fKj1-j-?`47
z(*Xn+4n|8m8LLYCT<w|J3pe6q7+cLduBWNvWB|xOH^2M|bZ*yaoSBeXo=v}m1$zdp
z*tE@&?hz%JLji2Tt2QU+91ov%_V_wLuU&lD@*er_wv`!H5*N2<9Zv@%JojLRZdv>H
z@x_DS+O=w(1r9yWNecyiMd8@Zgsc=X)3ONRi;E}eZoTHyUZJO+<P{G5y_wcVfYn$}
z<q(hezI%#=<qg#CaYna&h#8VtqKv6B`5CfVu^nA8$j*6%3Gl&IwpH&ysojJu5Fc<I
zCok#AqWFffR1L1VMrloN#8qMDD2HW;BJ|Gdv!1;RsE;`^RLM0&Lw^N2bnL#LG;`7p
z0nzGrDtFz3cSs?xBo{(h@#Drztg5Q@e{fgz3Jq+`Sl(lutMLEZetj*wVL$x0Lvc(m
zU%ooP_}a*NIt@#vJ8V684hw2NcQC3Q%dLt_B+TU6NX&IPRCz)5%L@oKW@c_Z4R1R&
z8?p~m$Y0od%}e#X$jw8OC4YD_H%!mU*ShQj!DW-eqB<box9kDoJ9M6uTIKPjsNCOZ
z7HuVh%^8CQS%Ko$!R7O?XA~&JWEnbi#^<ETlrA%;d2?4PatIHvh~Do{%)2!-i7d-m
zj?^)w03=4{18(quu3K1udhh0W3BE&VU4}kG4!IH@!pAb+b{UJQ*g1`n9xifU4ePAr
zk$gJS5bUYs^ELgmgR}$_L))YU)C@1v7(|yUhXldNcJd6JI%9xvHBv1Tn_9<G2Jt@-
zv()L3H{np-EkBF4bvkt)wg8ru3e^j4V{8y0KB~h>)0+=b!Ll_z1&b+S!_Cq?X^b7*
zDGz0q0_fve3`frNE)hq%NQ%VWh8`6`*^GN0pwkDTyuH9`$L)5&^$#)EYSh{fdECs#
z5sM;RukRi_in5}rrPDq<Cl2f?W=vKcnNSVq=uoS6VFNWY6QjlplM)=V=ib?kc?5lW
z(*tb54T^-*`ZCU`SXd&nSo;p_(559qP2$+8n%u=6ryyXe0Y?MWso5MjRYgG;$F8NV
z$jZaG<6d28di;xYnj(~J%Ezo5-K^mo|FRjn`=N*JxHKCrL3J^NVvw%FLDa@d_6+IX
zU7eWd`ZaQ8f%QC{TR={SdwQYmTR^6WhI|3Si*Dw}X-p$B+hWqnnB226kR+OL(bX#q
zK(5%POiQX6H5-f_mpvv-nrQ+b#_1<cY(MsLY}vCW0y`4xtX`Te?zr2%SJU{RAkpj0
zn;gf4@0^NJIZNz0AbFRt?xdX+rX__xd>t{Wlq!D#?=uNQ(9ctpK9i?6eY=+Jgi}<s
z2ag9~hjtYZ?q|<xvycQH1A3Ev<?q}EZhv}?3--W2VedD&#l!~8;H2k}A7)eoR%}Mg
zs0l_RrQLKkK>`Ep2n<uZR;^HpA_e;6sNP=tr|$x2ELbk3NUj@;WjyU}h<2%+eRRVJ
z&^*13ovBUEf`eqz8m#scO9Z)kbmwq|*>p|M3$s%6qQ|pJA>S3n6L(BIEweE7EW#{9
zvZgSnm)=|RXE+(oY_$HU`qJsJ`RW4lrZ1dt??~y?L#eUw`O~IFNUe}N#dPOBp+bfG
zIXM6{7x4#m*V7xAhjZk<Jb)9@?Cph<MAKc;&6{8Oqg@73DNwct@^ooyA0?(e`?VP5
zWyDmiGOBQRz@g~&j_X#Z2ab-2ssvcvNh>kLIfuN>sNwHZgVoL60{p9FZlbhiGnNMg
zbxco)CB379lwW#L4$+5wpxLmtG-o&%n1urnBuvc)Z>bb0Ps15dzi6UVMvy{Q2oNwu
z<FI7A99$6Gq*JMqY1)XknSiY_@8BdF-i@}IAwEqyT0=B^@u~1xL=;ul&C3ap9Gxep
zLwUOY?}gXUP|a&@-f@W&+tQl(Tbo%|>{4#eT3V?M8r3)7<j}vi{iExCz4wVSRmoex
z-jvj{K%qp@(4^hV@tV{*5N#UszV$-fKa6*LE_83qy*fBiwJl_==}viZ)&AlA?(8b9
zOIa(cZzyDutdkN#`5x12T!qPu;+pI#uFl*9t(gN21IaO-JbT4gXLxSDNxMDYik(m4
zO2bY2{2&Ksw{L%F{24YH2V3>AcGLK#L?xl0_;zrydbaXC=V-T&9|&9S{{*G6Nxkmu
z5Eg|KM?#6Cp-0W6`8&x8AZ1Q~j7x7n0wCOUQ&p^)^Fu)bLAXC?PQSZgP|ao)Y10B3
z{qSivcj}-sh9Us||Hf=T|In!a;HdxLsQE;H`0tx1+O4D@0000000002Djsv{-SOZ7
z{2;UpE~=^Xf8#eMT<KfCyUr9rUuOF*61h5|NM1g#>^%dU{n)qYof#R=9t7U7@>iK>
zP@2Tg*HQd?@vCT9bzNm0u&0&FBCeK<FC0DF%)33?H$h=r!BZGch;`Qe)O3@g&OoMU
zRur;$^UIs)l?K085I4b=_NzWp%QNK7I%8Sz#)a`TP3>_3DAE+5At}D(t<^K<2L^lN
zi&Ji^I@kOF87~b9DZGVah1e!?v-!I=04`C#I`YUB`^-#4fy@OzRT#e&`lbs-bE>Yj
zTmtUQz!*Aty$fRgZ+<I`&obkUVH{+O9uDAg1QO?Dd-u=V_kn?FFO1srD%%N)U`D^6
zLY(2dc3xiWIgrdKV>|mx@f(qRbS%BYW-=w&a#vTj$hi+@zcZs(|FGUOHE$d8Ov;9F
z(Z3uNC$MuOW{8S~$3Vufnn?dxFpEp(B@N7GNfSG)hg2O8bV5+>K(o|8sCctnPSU?S
zNa5;M>{0*#001KiQi3llEJBV%Y%~A~+$weBwBD^vZq1UMJT{Nl?$tG`HLJFu=OgM8
z@r-?ihgIDi1EenKwIGE|x%3DP3H#8^{0Uzxc^jFVQl17+VB;tgkNht*k)lI)3z34w
zeDTBK=Aly%Bri^)*0v&9nE7pozp&38UHo_NydIOAc6po-<Vw!p^Np$PF-y<mw!rb8
zgWfY~PkRa>VWizu&Z6J_h9(o(Q#QEwRt&%IeCMpJGEAzA?K0UM)8zzs>Qw|lGj~y<
zP5#&grX<BoRyne(ek2wFI5WO%pX%MPpf3LeFphq!aK?!uy*wJ^cuR5ET%`7Ji}Xp#
zWMSSg+=u`G00000j~>A9rtwkgl4E37UrPK|)`+}y!j(>d4+FhMkwE(0Tr65@W;0ov
zv*7t|r)WK_)85j@%Vc*N^UAXoAvzTKrC}>Mxp-|}dEZ0Fl0nd1MZ7atU<~kdM*l$w
zQIEH9{&@&?zI2@$)eb64Efiw$5lF3!Oz<l%;{fd9S9m(nLWAarBFX^_a<k={1<}@<
zi%ez@K_P(jjTC35Fh86^{zJ*5@zY4OT^4)qH#hwuUuHe%Z^qdP`=8c;02#+ybibo+
zf=vF5t7Y8d(zTcvV8>y#fB*$83GcAXLjIse;Y-Eo6JfFAtOQbfr}6bbfB+QN4D@LE
zFn@}Rr5B%(c#>3ye~&RryVZ(PB$pbRN_@(`^ObchrX8?9zJnCyVQZ~qRK(XjIhhPO
zArE2=6!5Hcu}2aH5V+0&001t)^-c_ML7GH{mgLYl*?_pjUqYzTSsE%sqp?llK*`r2
z000002Y>Q!7h!SzJm=)&&f45pTD>PZLGv})7AIOsz=X;Ock#P6&MTd(aI}@$aVDj$
z=b0ZexNo#F)^`iY?`of^-e_zQ`1PkUBqqa95<ukM-Y@U)a@{&(TRkmis{i{*kvdJ9
zrLJ(6D6uzD)0Bf5Q^IoA^a+4J(kN9=Nc9+1eEV9R-L&O9zdQ8r(uF?~vTeMfh~LpX
z=Q4~oxDM}ObTqhJgHgwP2j4YB3o_qTYJhvQvn&d|0l0zmmaa+v?*2v~n%?p8&v;r5
z+GGmbH-^o)sKbxDKdQmp`rOhl=WH>y!_=SB5RGUwMpEeq=d#AgVcxfhlv9BK00000
z7B!+VQszT{qPl#V(QRt4qASfRmgs5`U(xfI;cZ<zI+m0LraeP};*Iy6lk{hPpj9fg
z33giI?M5O&|IItb5N5U^_A8jPI)T+vV)CqV{q4N%{7{`;2uVx2+x_f*0~v!0bFYEq
zxSQd|BO(v&-^)42Aq`7ernB&w=xf^f^j?lpoGC2HV%7H0wL!~vTQA4}03KC%M_Qxv
zVX94jxzg#xteTC>OCOq=$YVi!KR3v?3?Tpjj0}NgjsAQBgg3h#qIO%)000000xGg^
z3gj2CYhNgZqmV5svX7oD=O*M+IW-F2L@h88VG-Lx6Nt!?G#qHV61(O|2H*ey0Ppmn
zKYJ+@^YR443-3MtZa0P15#sva?@<dU-u!X^06YgPVqn^3nNrGmE0B$7je(LKIVcBy
z84O*V003u8NnF9nRN)kCIOvw{1BYdozyMkh5MQ)L1N<{@$VpE}cPMbL^(*ogp|E(C
zg8-M$=+?8!QOl*^2?hFn^rz>1b%wA7aW;oeBj63nNN3U;q1>w)ei7K)7GoLY*SmmT
z&;ELJqyuouW$})?0XUqouh3XLC&bbS)4zi_s^LlWIPjHp634<X3BqyV^X0E@t94t9
zAgOR~V$Cx4uodm22>~a->wEe{NIycNi~|RlF6*s9U^YM+nl$HETaIF{irQ}c86Z&G
zbA5P7q;3lae`$<(-^YS`=<ecM54zZ9!0r+hH@bKBT*icak!TrJpjslR)%-xxU9%D)
zLv6|UIVB@^;D3fP&0%n*A{g!_(?i6sYYVzfl#MRAUcCeW4JOdi^9y^%Amd2DTCesW
za*B9&p5woGN-FOnhxc%*PFSYMh?rstq7N5z@t_$HU!gDg8Y@1%nE{Qy#JyF!=AbCh
zUrz9)`L`DPE+aVJIMlXNGex(sUQMp#p|*;Fbfa$B07?b?to9DH+Syhuqb^qxmuk!K
zb!Yz9VEU?`pKG`VmPnthbzyF^;5^GFTgre<3A;0KH_5EdF~Wv^9SV0wCOq5`)DtO!
zCvTmpwfrD6sHnU}&0N|>LQkFdqVtZ8AkLVYU&O!SskLRW0B1t4uodIR#e0zE3F=f>
zahlH!>0k5!01~8AwB|N1o#wx5qAGwAs(q>xRJgg6ZI!yJM!s6-(CXFiSY80*&9EV^
zAM&DUm=X%`bo!?DyHk2v?@*W!MICi>I8$I90pY4<x`IriC%0b1iSAYeI<@<(@Mzif
zhFrisj69n;se=&k_3v0u+3o;_$f>W;)gtr&00000000fFvPy(?MX-*SOCkzj)66&s
z#wf}0%s0v(Wf$QXBIu27*c<o*d^>R}1VFWz8!6*4Hl_do000002XlIZEI{|EU>;qI
zPEEUGAWwUbXaE2JB=1>$uPyE-AIS824G9z}_n1v&E7Jt;`fh=arNw=$B#i2a3wJVB
z%4-rRCZbw|yvsQNo?v!Z%WbeKUt$f)xO8*#hNX`{g-s|F8cm)98H(I(@vqe3clc$9
z%k@;Z56YXpF#V5#DzEJ!rzXA}dF`JsxmAKV56!i&RI%IE-EN%7=;)H5pg06)v%B2S
zMSDmv$`h_RC>3Lhlz5K?TBoSD`g64yQYd(HMEY|4tsuuczZ`bpp^YoGN{0^VMCwaH
zI;erR!EXFUeQf_AWn`!t8tBGEmglEg8^WezS-*;^f+C2%?)&oDYjnb#LkRP7P&O6M
z%aI_)jQei&$6|#9Mk+v10is99Z`HeF>mhaYzbx%L+F(SX<+kTF$5fNl6IXP6OXBma
z>L+siXk6_5jC?+ep9d1My}XH@Hx~1el<_v}j-f@6?5{^4!l3x*+jJd(0Y1u;6ayJ(
zyzCDjs>AXT+`XrO`TM_0AV>ANU^u(?<nn^pNjn~)twI;=$#k0t0^4%O%;{u$WeP53
zkM+JQqK)Y$IWCaNglfdyh)$i4%vk?QBRSPzzBEsR@W=ate_}HoM6oZdGhW$O)*Jm%
zP+$S0j{Pk5hCfno8?4EAFhEtuTJeO7mSK5gsMg*M`_TC9zuol;OO%MzjU7^0f3q^I
z(Zpscnpjt<T6v{qJNA!ubxts+e1hqZjw%ye-m+w3=B@`7Y;jwmh$$9~g@trGUvyIi
z<C*}p<G=s_0000000Bx7r_0AOmX{3k&6C6!y4v|k!!PE-X-X!=BsYJvWQv?SBB*V$
zFv=jH00000004KrNMk@l0DkSfO1!9aCFmYW2mk;BxAbGGqlRf7ca3(<he@9Vq&$`w
z#V8|f(!0UdYQ1JUm^~TCS98+mRiyVVWkMR9@3CB!I=+4Z*Yl*sAv?+hz;vzE9MN;)
z<q*O&YzDCXh3_^yq4CfH-k0OqW2hT{fcCdg?Rj}B%)Bb|og=}}zg>V!Sb%7QFMbn&
zJ_mUi9eoH|OCSr7;X`L-4k){N>}f-Sn*9Mk{NuE1h;;yXgZGKhJuN*{YNj>n<|);F
zIp%gip^>`PRK0_BQ}wHee?s77-L?JjZ;!Qz4kr2hY**sKFJH}(Uka6){}+jE>t8L~
zoO&`gmF?5ItdE%OuU}ZR?lH&vI(<VzuF?R4IF@|z|Jygm4m=zv(dq@CIQD9g4(+W9
zlOTF3r5IS13IFlbb9#L&S^XOc^)JvvM`(t&I6imv-#L)Xi3<s=Q+~a`vmaJc;F+{&
zecWglm=0Lg_TbGvwd$xHd)i7Fs2$baCTX5=;=i{5E}NzcyF<oyidJJQ>PB?R%1(H4
z0su5a%d9s{)t*%heoIx0?Pm_S2oLmj-er}~Tsk|Ny!d%AJsQPfAXw-%()LU5=da-E
z)&yy?K8%!^@P5?AWA6^J3#As28N2O3p7XGb9yWng059O#b3~9LvQdf8uM;O0_moUL
zwpHG_u)KDH!5g!2It0IK#gROe)h+Ujou~@#7_p78=-r}6003!|r~m)}000!qvH+hz
zAFtKHX$WL4-*Vt9$fy#~&ymf*joI>788HVqJV`b!;#90`<vGKA<-Py_0002(Dqvr+
z*oW$(CL?8<q~_jh`P+dcu?58d05wptl-5Uk7@SEGhz@@q5hf#N%Eg7Hsg-9l&~Crr
znGU-9lAFzKWwF=#y^tQL>UPxdA|~*J+OSHK2vSn<29@0Z&K8*ikt#|oJ-Xeb@C8pU
zpOT@E3_ZhvqC*xm0CD-YiltyWz!)Q^`uJqpDvK}(veC3)=#G=;<BVi2%*>S=mY^hA
zGthsCIs*J}41D?M1WC8qwgU7dT8L8Y-Ym4@S6#3)*6s-l5mT0wb*8Ql^0hOT#zIby
z4sP7g*_u`Mp^`@vtd3P|HLu7u;Zp1&UWj7)x*hc|9ni5m&0Q5V1EE_M3pq!Vt!`cQ
zV1s5b#I|;QFH1}!=&PcY`$ixQTj|$+U_WCSZRH2HKzdn>$@BG_NEMT{u94Lvggf8g
zono>^{eZ!`vG3W9#@fp~>Ze~#b!X#g?{>m2Y}&bIhKT!-2-_W+?v``gW-Y^+Frcu!
z#?-P#o34VWJgU~{TV_4&Aj-`SCNbzbRV9*-D&Q0{XiU0|Als@$y?W|4t-Y77%`+Wp
z%l$a$suFZ^jw=^{nP>|6No@%ndeyT}@xw8|&R}Ih-`2)$-%K-%qq=);I-rN$@myMU
zus30w2``;8hbF(6w={$*`H1SuCSRgUM`{f+yn2T!UT=N4TTp*iaDK26=HB+0OjUXo
z*kKAq60X*J5)1KCiQ0o+cz|1@JhG^xWcI&*aqJ;A;*@Q_Vce2Zp~G+zZtBbM7<K`#
zQI1QlCsh-SsFN^ER)NT8M5`r^?W?-~oR}Xw9dZc>4UNWHENZGwjQ8Zh)iuJk2?xc(
zeo1ubfGVEguK!>6?s(iZpP*wmJE<`$6x<zP1_-tBouzQ%&RHGN)8=#Z`WVzQxg^R8
zEcGYhQbSQ&j^vPRC@ZE|1|$qD^ruAkFMXAiuGmQ~zrQqIL+A^haD0w9g2(RKz4s<y
zu5>Kjq0l__w4OvW#@xf}4<hI@s-V!{G(`D;XDU*b9hA=pa*#FuGX%(OT5dJOB=G~3
zKS2Be<hxCR#YEij3^^X~`5kzH|Ez^YnAwocN`xx5S3vUi<nGK!(XeBJ%s8S*!%|dy
zsgnS6_5jjpJ0+8T)FrrQc-{sfAuQWYCb69P)zC-=>KzfTmK{5xTw0$Lul01A*~)g6
z&)|}(u9Y@5xiPhs0+=!Z%E;nFYNjpO*vZZBhdBTYypJs@MC__6cA{K0+3L4UZ#(W<
zq#wut000000000000F^)`3YhX(7=u{q*Bmyut`Lo{&=0|!&1B;r*u#}o(&w0M@%;L
zMFj6P<}RF2CP^+`k)9(stv*o663zir;JK8|jY`}$tRvKEY$D~)J)b9mNk{0)4C$;&
zDynyaUgQQ@E#je|g1|GfenwgC_$K3CYudeavQl-o(=&1a%=r1_guf2!qR9uY{XoMM
zHsn}%=ae#XUbW-0?pa{cnY5k-JU*aR^JCwqUj8iF(T{cOD($fhsJBGfyTP!RkXI;$
zGIxmtaCbX4tc75&SxVy~^??ojT>pj|WJy*^AD{Kk%9N)0;OzK(1pQ=WA{`2n!<TA1
zciSAvA^^p-`X37ml?ayLT?LV=(2nrxzfbZp5`bJttBR+dFQL-;`2KP2S^22>p?*nE
zdmV~IoihubT_5l55lK3M&%D9}%@Th>5*H@((a>-F--l6m&Psp)0z|KhwlJr9N1VI2
zcmlqiDvy+fdp>jxMzur(IKft_Z%8ZNeQuuTfH@$Z8gHT#7s1(vQ-KM6xPJqL<B>1s
zDjKTX>E}yl!-=_Mgc6N6yGW|NogqGxuq>*jgF?9~c;Z!D>fOV&LfT*ESf+@w-bW(9
z9jWDnzSJKSa}dnXxTEh+&z&%#3AYSQgMvT>fID{H2&?W*RZtLtjAR;wjK|V|gRS!t
zTnfEc#cSMy6-kOiv@Gr4_*R$m1q~1(z==%hK*qP(`INwZ#9#Y>f~tLlu1J%<Oh`-r
zJ3<+B*aRw`BVj{6G=TZ)jK-P8D5c2~OElaj2EbEK>rp8w*%)@APMM7UxcmLJ;&9tV
ztlw0Y)gHEp3vt?Q@r`Kh{h*=&63RT9j!Gi-2_}$rNs_<JSnRKghBVIghzXR2RyJzT
z)B@~A7G#JvED$G`jkC!#`@)DF*YDq#cL;^dKmd4BEo{Xl_{3ucXJQYWuWQJC00JM1
z&nO})aB{FhO)tTI&d9CPXd{A!aEleoa1xcI%^>fi(bC3xbU&}cp?&}}iI4yQsmK5Y
zk4`Ims1&nws1-Q!n+)VmJ5uTuu!{@wH5uOr65S?BU*l@g%M^Qe<$l!Wq5iX-F)bvR
z7rib94yrj9obM%72iB(=w;S$8TdI?)wn$9HDr+x$i1C=LCllg93zGGe0Dqa2;cv?p
zc#h1O;Wj;ApuRy-6TRm*l4Dc${1l2#h=RSAqq4ctm3P4mX$ms+WxWzcO@&<^-1f7}
zG;){n-2?N?kYt)E-4cO(w`>p_j#%T^h2SVm`UKP<XZceJUQO2$X|Tp}%>m}&N79oP
zSDIw=Vsm5_(_3Q}?afzz8Z{sMzk$o0`$WG~J~3vD-bosgXj)56fopEh|0G(~QANhv
zv<l-=d<U$oryQmYtdR)cn5<(3Dthj6F>ZUmZ2dHl%vlwM-mVz)QJ)*~CBCky1HFP@
z(i{D^jS-kqwi1^FHl|X^3#5raMvuMV+qqNypmgvE)x*p%$Nq@N!Vax|iDztOKS(1F
z`;@@^p3fT>ZSuR+I}x-#W}w3YnGZl`Jhr8&n@viZ5)c)0vr;ABD%*N~K`VvzKmR+*
zJRj_mB%dogPSOYPy?QsWXXHt40|IiBtZ<NES1ouWn-@&ObROpydSN-H;6#ku(67o4
zdeYavIK|E?x-|_oMzq+f{^W$;6TKwEYR7|%eVlB1bl)f<5Og{(%wex(BGF#BLwuJ%
z-Ydb?R_l}yM|aHt9hU`1X&dy32cvrnej;fjE;FeEw-UG_kR6Cf5}}zefr-!M5C<hv
zWsrZaEoH_)#`2`X@{3K9%}V2a56>MT+?`dFeSB0PGYYVg15P8NqExE`d*D<cR|=+h
z?#{VJ)Xa10rr4P0t@y*>#><j3>lv4Do|Dd%H^D-yGt~&6`jue){{^L4UP%*Zb^agu
zY2U8G>v>J=@>y<T=k;+}eMEO;*YH}D%%?=Ad?h_Es@~T5r%mrlW5wrLSFL|x7DLx)
zsUdD*;Nr+}CigZA`joLS5jRLvD{8#}Im+GAEFSdzU9;JCdE`rCIg=RG&Sdz5hl^$#
z>_VUD%66NMibRdT0P0@Z__<R3N&{4*VTDkyMMSzH#Xtp>f`z+qyvKe2H-$(gf{vgX
z-{1fM000006+Ejf#ef+A#AX4em~njFmQ}Hz2~j84QnTU0gh{%!KZ&CLn4l(H9}GI3
z7!^-cB)HK%-r8wpGi8F{bwR;&WIG1<rlz)V5KO4ML}B-!P?#1Ie1~TjA(Y#<6M7e0
z)7#V9{a4ODJ7VG}+h%7}TA`%lyfa8Icq=h>iyHI5?Y0beI4=p-2q(K%rFEJMjX6aA
z5#3M{L5zUEe^SdpqN=DlSAqsl+V7=9Zg@Ynui)^*wxO}3QaW5Db3P1|bYSEg7CDD7
z5mPxaiBDg0riBlkS~I4Ff-rTyOQmybBSQ7LpjMcujBBbhcdst1H8-Hwz3|%<jwb3=
zEW^<b`9ia!d=CZQ7iF1Sraqu;NZ3!ZU<dP3XA>goEN~Qn>H|<#!S@X|m|nAW=9gS}
zpX&i&r1tI1CPfj4mY{Sg<p8wV#W}2FY9{b-pbvZ%TyExE{28s}8|07#@VqrF@?h~&
z#GExk`BIxm8K8!{7%g&_n7giI`Gfo?GV#}^ST}?{l{yp|csDVimIv-h5@C#y@NVYE
z)rg#Sop12G3#wdA1h}*K8{u^+t031CmaRT|T5c3;xnuXFl|*?e*^8IF`UcVGtT&0{
zW+ZI}%Jr}E{;aa2Ig5Fz<XAic-AE}zvsUMwLCFtOcD<dO?s<?t5s0oFj4weYM6b~D
z_x-s{YdKZI0>6LDv7Q(<ez@~uca^dGqM8kI<*BK_+862q7}F{{O)XQ1)j%o6)I6S)
zC{d+a&>oE3KPfDKi{8dJ@0Ojli!Jak%&)?irSr_{bswD^WlE1jtQoURGF>fNmS(gS
zN%pqgiX(4bC2}uCE%8WHSSsp@LbOuHm(GC)Wy83F{2u^5w0=`LhzN#gBn24b?v&*g
z5*yi`5s90YY8S56Put^DCvlE0CVWLC8}X9*&U-o;#NFV$s5X1$olR{3o8eQTA}sI-
z8R}?r2+1z$kS0E`25{I)Vy*|MzP8sEdc8_W-84J|HX1kMUIqeu1Ya%2We`F6$V%kF
z#Pz@c000000Vv4SS!XkTknMRu_7OzTgJB+l2$Ta6mGT5T2#=r;&YoJF9Oro!#pym!
zr!r+;)YfPUrgXlk$NDJ6dvZ?LFeDw!&0y*KNE^SIzDjC2t4-^Tla7%FrTuYNhr(3#
zfUtmRkr<UASoQK<1#%(h`m8`Ssc)dd7X#8vM>J(Hp5@6>q5%uWe(i0D+9B_J!i6%?
znW#J+GeHd#SQt1{2~4yyQAsvAaQ{d;EQQL^S#A^Ek9jAQ;C_GP3a8N7p&j0pKidj+
zPW57r|J{g1Lq#H7^tZX!3{5-!b-BZHr1nWj@%*=g4;&iO^x`b=7L&n27nfdGv7sIp
zvQIe&jAJkQ&QDcA-P}O$$hfY_dpaqOSu`F5)Lf~fN_~afBP;t0CKUC@6)u<sU<QV1
zl=Mj0;tbcuSS<^rcns?7Tt#q;<&i4tn4|I_%hMYH5T9nv)e{qY+Q|~&tcny1J72DY
zzz2uMI6R4QQP>x9I`Lv0ON|*NDlFVP3*tiW7z3+qwjHfzAEE#?834^o)>F_Of4~(Q
zeaEnc`p=%?zv_0uBrdKwB_sbj%ODh1CqeAkePk0$O7tq4XCbulrNiD3z)F@rmb3Ms
zMn^|<^D39&+}#O!4bu+XVGs~R1ty3Zrsa9_8hEOuw8x^=`m$n*u!9=|PolWBHI_^e
zH}i?+F?6_VN+RiSaP=HGsZN}ZdS@S-_rn7<eG9V8z0hcj0aGMgndYclh%aLd-#po;
zortHExyiikwQ5bbbTO1Os%7g;MG-j6kRFLH8kAQ0;of3=_=B9mScOU^a8_TLv%+Oa
zLB%VER-6-+fqyS<4j>81apc<ibzKh$LLOu3hIT`|A}%QgItrHjzMu->lBWIsvD&F9
zM}d2~Bn2z;%yOhc=`05_2bEWJjt7{L5qRI#B*^Rs6rtn*00boq#v&f*&q$QI@qVFo
z;F;f4XA{$4xM2ByypmbRE!8FpZ3fgmDNNpPMCbqj000NjTNdjQk(D+)hB5rC%9Lh|
zUPe(mfGc~(+n5iNro?QrDLHVn+Tp1{_x)JS3xE>N1&_-;^?(1Mw||*Op;+y9Cj75l
z@SVqA%Q~l|ejYQzg;Ys`iC8S+V~r(i1JjCc5Z2R81oZUFt<IFA1PVW@){qgosGiQo
zgR&>Vw|;YPE#Zf-;vgT^J6aAh$i5lyVWJNBu!(Q*TVnhRP6-Xlro~E)LHSWjT<N+_
z7H7+$WJ0(9q9NeLcNPtPV3`Ob4iWeGO65EP2V3jH_BE%J;$L|cO`LlZ0jTOwF_#&G
zCaK-Lu|MI`dmbTkV@XvSKP{h!;mz*XojXSs5dsG+edk?#P#yI2N&&2m27eqLLA2Be
ziX`IS`5eX|xdh2*1{m)i_XOwmJ4IIjn0dA3QdN2X5^r7zLxFVaL|nXNk!IkFja8VU
zlv4A@oue*?$8@VH2?#e^kKExr*_vo|=5OxE`8puj=*_jv8>)zY0Mn#3gurPUa{eL|
z0z{13BV0Xb(v!rBqWeSOE&I>HyVpIrtOsw{PH8B~UQ^QU&VM7T1BcY`?J6VYfn?B6
z)nvRdX~K7=aK#}j7DV9(bJlaKP{vKddR}aen5@QVI{SN=>(905q>hW};Fm8k3FYE(
z=P`n!T@@bV4*<}ln-fc6VUj4Z`<%Wd)Zxr5VYxI@ECRD~Iv)`5cuMa2Op}j3s;fnC
zX-FG|;PSrGVAQKK&oxUlMpbKdD*fkbtLaA?`SgK`=4XwSyLECq-eCjaVWQ`ixK_Ky
zRh8IqizoJO0_092r*N0Y!T<*5WztJ{;RdH*HyEd3SGK9zJ)yXO&U+i?jUq)R^lv~6
zt7qw6ntgKWC)huh8X2jYDJ=1dTy-kz4va^4aJ1Iei`<R+zw^tRE*KG}*atDjReP0j
zh)+(u7h+G&)2Ak=LGX8OgZEoDX2W}g9GC&vVY0~OqldC{lzrJ)*COMX#6+2n?rf(o
zRKInqJ?B$r&oI58Q=Wc?XU<wrUyD!IbAmx*%$eYdx*8;YIY((m!FZpG^BVY$Ou+Lw
zyA9FZ8sG~(&^<2n6%AVfJdKCZ>;6=%|HoJ1Jef+xhLyATrjr<4!rLj2yix|>K~lHf
z@9d?Qd7o12$Zf>n000000x!P!Yb4BEtSqn=>&v6$RRp4xLzfWn45b!>ebUQa5p73@
z1W_;%py-POzHIA1*EorDlg&DGC;bqa%A%R#xT~^o9PwWC4vIs@v2tMImX7O-LE>I1
z0Jy$!zQvk7&?{iv9v{gA@Bd*2zMj|@HVSWL#Yc=eJ(P$v)&j<S`csq6y_8l1_1Ldo
zo)yzRI!XUfNQ(mT80&*Cf;0nHL;(t-V@L=qzfxfz^Sspy0l~8PVI0zmSKCO5V?o7@
zYGVT$VzDVu_<p4^`o4{bj7Q(4aH7jM%~=Ni7XZLNXi%;3jBf_U$9DHME0-PD?wP&&
zm=W-vJ9Moeugs0bJ5(kLmKuASW7Cu@_f>v*yL5O+52_oM5YyiJ!wS67NH;=HD|Tb2
z0I>G$SMk$OQagA2jM2F3vJRQd<r}y252~;zS^@q$YHsd6p|$o=fKnOM3uBkRBddF_
zI7V=r2Y0v4P?p{yM9g%^inS15X>KZdNNAZuvs{tE({lh=7>%B#&?V~OC9=FQ3I{)Z
zd#+lw_6%cTI#IBM3%U$hVJHD~iJ?dJw0HT+%g5C_E}8Jk8&Gt^g>UxyEwt>>?XdU&
zAEQh<$;2$P%+nq0DdlvX|1A^WgyLotwX=&Fi%Xer&0zR$L`N$MaXk@B533O72b#i;
zQ?G#zl6js>ecd}^aAjT4-8rOI3dOerQpDP*exeI1e;%c(V!SHui&a7G=HA{xGSb#s
zEvK^7#I(nC@0t^hh0&2<iJ_IlCJFs)VzEBOIQ8ul6o%aU2}UwBVnZQ$>%D11jRr{H
zQOn(Lzk>#M5bNuTmBx6Y(JR(#Zh{>;H-+7AkI0E^&b2=?aQO5r916{EnV&X0o&(c%
zCo?Tp9WAnO{RzaW@)I{TNhPF$hNl=+?os?1Ijx8eOVeHRCn6Jh*{!{wC53qgyw3>+
z0Vy=ULG9#D6FN8D4<@WRXzDRzXGCjcSRy*Di7wzCpV1g_sXkDBwjCXK2D*hgxl{+f
z>*P}zt##7mdgt3~g+ncv>E`gIuDPZxdtV@?&c27dXvfe_pC=J|lBt;)JLF-?s-hp3
zk7I`vu5;wz^gH}Q&|@N#)=1`V5Iu+~^491$CaT5J@Hy$g2S=jf3y;6{YX}V2;!K$V
zvfOTNS|!iorfc`0QQw7EIsR%G#8&18v-J2d@)pe;<PND)5q|}l8x>dp0005x9kT7D
zDIh);R|$GikFbrLWU*BW^t&(+GJ<ZJOMssYj37}cJJ-m|+g6b;Zw&o#s$M%0{3_@W
z3a3K;p|c#nAtZxb>GVOdYl>{uRZE&9p-dMO)LD-;Tz*RUgNNN??ly&bv}U?S+e~Yg
z7Mc8pB(vMEwg+IYnTxVbyBe!d+`kK3Vys1g3a?ZVZmm-C!8t{6i8aNG%^BQ+Vz={g
zL+59$ty>*&wn7DTO*#W68_vlS_i(m>btuU6Y62NwjtsJ0TLN9@T!oAs{ky8ikZUS1
zb(#lhQs`BLG?l?739a6S+8f0w9)E&TRV0WEylDCLs?D&WDz1R_2ONaf{(|zwx}rt*
z+hj?d6GCO!ewgUuH3XZg7#f}{hll}!LBZU3?~-pO6p?9=4kEPC?G5+GJv>8pgu=RE
z<|U&0l$k`=>HBI$wG>f{*sq<@hfTc=F7E`W6Z;bBIp>EH6Hp-i4bE{?DS+V5se%u+
zY=j0Rnw@qp#HprWnMLY1q47XJQ2+K2936t+YOn<hIbU>gd;oM94bix?RPUTQ?*5`2
zE+(N*e;oS>g2l;pzlL^NOB`U#WQnTR^CHy{?MHIAfdxa!q2mSf#2irn`U^}K)?0G7
zodoiMXF)9udC|=sH59A890a{;RHCuDzPGV`3XN{=#&qQDDqmYKhrujpeioNfmh1q8
z$Sf}x@7lr&w|ZKB!RX)t(_cfb$iYy)c;>9wP5Iv>-HfLR1LzjS`+*_kKap$c18#lV
zYyc*ePA<g~A`8R?*C!61p~|B$(TeFsf|BH&QWq(aJ0SHkh?>}f=f~?&kWnd7=Z(Ft
z@p=brwX~Dq(a>o$P2xn%9mNks{Z#3JQI;V4NQw{qo1`c;bV7M%)X=WWVqYzmL>i{b
zwr+Yv)_HnB^F)?Hs~@~Q!*n7jQKZ$!+RLWiU2OGflcYl=2WgqPy-7A0z2gba-AQf%
zrE4oM$v)C%C@M5^U1?ikxc~hFV~efLk>?Qk-Nj>H|3I|Nr1R%P98mp#pw6g{wIHKR
z9Znx@(n4S9*_(tl0?^PP0000Sy6Pg~GA@1G#Dr$fv2TJd?lLQgqfI?v1>PhLuu+an
zzw#iw9k{~P1-TGo%cT^lMK0CaWAPOYO%z=JK(Tt2UWN?Sr%>Q(k*V8<+2f~CL6lF}
zxDauJzzzbZu6Aht6mwuSkyMabZYd5#sQwdK5XhEo$K@zGfX@J&AyMZhYnVxAIoT$~
zHXE6dBucTgLqRj8HOJx-Qg*#?v(-7=ufg-xg75dX(wvlq5yj8kQHZQVvN_|PtVs}R
zm$~6<=(2oYPkkpl06+*4RGTd(O$U^e2=@A#l+XUiK8d~l-YNK_TSF~CSFk38bPa=N
zb=%VGcj`__Q5>OoBZSlalYFmU4;QLC(G?YxT{vf;YEM{vfeq(aa}5rVrc2-m*|nLn
z|3+zn`n5@cUS!$!wLm+xxx>}NZ0SC&9Cfi17uuI0rfAiFqQzwge%-;Ij_?Dy*`-WH
zC-n99kmhj$H0ml@3r@}br1*9l|7Iu%Fp=n8ZcUML*Iegh5k>K>j`x`m2Rwe^TY5-U
z#kOrMu0(8iITQF4%**~C3P~-!-fssw`D5$eYil7R{d;N){2nQ5-YtY>&S@_5SK|d)
zMv|7j%aGM7+VN={kx;+sFtrFzC~Bh7?qeSvkp-qTol{9)QL`{>8KG_nQv?pip0RGc
z>i*(zK=|J5ILPRn|310Grm<yshzIfQrH@AgKX?^ciNuUysowucJU`J7_+|K08^eIE
zSpbVZY@q-mjcG?yJQmRf`l#q06LL)`BC`;XhriN>;s4C(2x>c{JbeQAWm6|<ee#lF
zjY-~HxMaY%&LA1vVi0l2>uGWZ#z*w>%~Bf=$2Gc3Tif^cnKCk%0p_Y0t(h`|OUxEJ
zDcm~HDstH{f10^0X+xNM&>A75(AW>#kAq1>OLZ@RukaSy13%p;;rowDWT00U;IwS~
zzj-U^^o=k~YQGfgEiJ+^wA|W>RSdgmxL&3>6-7BZiG7!kHq8rTtGgxB<=+n`oja>=
zDwq6ttk9r&R&n8PO_|Hxq}%HsXZN0KEXUYkQU<DH^an2h9*~HLWS+Xt)xx-C!)*0}
z=2?3?+<wxq|BGb1npiV}vG-G)1PRdH%V1QksTs1dLOmbB#|!B|9<NyZ+Ft3orSVhE
zf<a&P!LKfEu}Klwu+8<d00000{o-+^1KL#LL2d96MInkO<BD#s64(rhGo`x{N91vf
z%0(YLjwt)u+E~ecyXGeW4tc~&Z)lBeK{Ha!<33gB(@6Nb=+X6;`4t4k?%^j;9{!Q1
z1JTohe@jL%$woUbnH(J$U!vboL3+(wCa;^F@BRfS^hGm5bLggab;uU}$Dcu-IC7BW
zAm#A!gl)=K2%Hl_HpRfl^Y-9TXzS25biucaiznB<{ln5fI9+C$y+_SES;~hTI*GNi
zqNe$yz+vh9<nzG>+c?Irm4}743s4rctVEKH%v#nlt{fl2#8<i{nN-$hjy<c62sA9T
zgv3m>_EGP4MY1k8qctewyJhqs|82kUpabBPLV^I|DYaU-9{<N|Rh#dpKs!DIGRw3_
zQE@EfJ~l;|c;_W3dN`9$1W$69s~vF$as+dVMUEspzliGc*~9898y0phrVby?u(A-D
zIXnr5+Pr?{!%l+#;8KqKq+Wk7R`xjaYqz%jv0g;w4^U`LAanktLE>v!CGe6i=xF79
zBNBmSTsDlyI{R3C>dU1jf1bxv!L3)J<HOqw95do82~xj6b_ryKYNHPOaoA-Q-t~If
z|B*122LusEFnWv;V!S7o;vb6Ei2sp|TPtiR-ZTP{-7tQB0-r{m$VttWeX`*>A(WkQ
zn=m$if~(+YI*Mk6QR9NPvt`dYGm+q5cdHgSMezSj*K6!##6uS8nJsrZV!#?AfYD9M
z^&9L?6I0Qt>R>D$%X*jK8rpzJi@1$LJq=CMgiCHVl#DV$@N|R<wM9$#COA<WM1XKD
z{;^U;hO4P(cJCv*Apl(f00R;aegj{;i}Rv2yO)BBj%%~>ObpQ!H+Y1*PR5E1!WO<Z
zq3c^MsT-z@#Yr@R9X^~{5g}<^ku^AP<N`H3tXjBP-0>qS=>|^SFQLj*J1=g@b9gtp
z@-i?TT`hsLW~e1P`D%fFm8r6~B;l9|qEfI9x)_sYC$qjRUFfoHM8JDw-Wr*O`~GTT
z4p*YFqMuf;MRxoCP#c=EosT(Sm$;+;C45T1D`pdO({XKhH14Uo(624B!33ZH002SZ
zO^~EEL55+SS2Qn3I!*lm+j)Lj#Q;oUwmeeXht-66;JPnLUBHo7`<$QhKxVnR8S!;f
zCu)azxHAC)TpiSCQtK8khM-ABG<n;ES(mMARUI3BfEVj8{gBovrHvOx>K8gqIXsh0
zHqvNh$ff*2X5N68D~>1|xQ#6chU^mSSpC+&ejfy|NKQVue?-ERTy4@tb6S(XJD(vN
zCU6xNHY9Rp;%Fm|vJic~i6(lIIgiAZ)$`}UOE00~9tL#R<BVj#Z!@ril6;QV8_sPM
zG3OM_`Kq|ch5&daR<hZ0iz!+vW<?)0{zj`HaRNA0o0~DjEiRIC#I=k1C`*`f{{zf`
zaRZ3qUE@#Ve$$pH`v1X;^l-mUV#u;}tkCZHm?-f5(fNe$oNe??K<reU_~v%C=RWJ1
zQ=dVjUTRT$2E;|Q5C6$!#QXmIfv@?T>fntY{FpoLF=E;n)dr&p5|L-`{2zzg&p2{K
zQl|pAlWi~b95{5tOs_H#R18rt(X#tZLD?Y197!%A>znn!{<;}>v6DHM0izxOPTDfX
zD)98~y@;3_vcwLHZdYlY@5ZnTR2SZ)?x_Q+JtKqQt1XF$qtF*#lz_iNS!E3#_3Ocf
z#3$<(jWjj}-m5Ha?QJNYODw8D@jA5tKlXW}J?wOC7AVZD&TjeAGZIXBU&?JNXA~cT
zz89z%gj<Rb=l6ZBqBHU)bOtCX!T<+Ow>ufbWF4R?6WIKq=S{r^Fa>Ow0M?=c*Uk_S
zT@4s5%Ec6|`ws)TVZN7&{Tw?pO1g{Z|J%K4bitWbP<k?+y&agdf)7n{-AIl%m%HcU
z{|2e1$<<rAiyw-Dxh&Hs>Cw(kKWO)W_cR^M{XVZ&I*zWcpEue-e3s_qRy4<+%%Nx_
zisrflz>$rPl$({T(mSGZu%x-bi22)e?%fds-%BZlkG56p)M7Y<P6p2{3ojD51TmdU
z1~3)j0UQ$djuQ)8>Wd9VnjA<1(f|Me0#-h>XMNL1{;x>7t*SaFU(2akwV_rqUn^pV
zsr#WEfA=sQV-CZSeqR^Zf7T###V||*fN+C@yXLj0iIH4mf98OxN_WWkdQj|y;{U>1
zeQ$H|s)z7K8vF1NwMKi~7+HBv1cgmna!p#y&}6mjsyfc!ptHWO?c4o8tESIRGHMDS
z*hNCAMh(5`(SDp@TC;y8Co?x9+I>jmbvT-O+?W6^!Y_f9SN*4q?dtx5|L9rAj$@;2
z$mkWFI`np1B~p1%y97xrDb*}i7CGAa;=SHPZ2so>?Cc#ea}V5hoK0*I7kS!;Krf6n
zi4$BDeylAWbk@JTpZ8sQTdF~L0Yv=)a#WQ;1UaZpyvUPCg<xv)Hg(0m%kS(ghnvJH
z+jKNr;4fVyq`bih-7wE63F*(NCuc(_XF-7Xz^F8fd};>d6T?u@kET`EUB^QFV-I9J
z!E_?(MS2%=fYiaI)f^B#w+<I1uj`laP9Co#f>;tf3qeIkpLRdFT&6<Wl9*pBN&cWU
ztnLZMLFfS+Y+$FGD`Fmr+X1KBf@X+<4OJzX3;>A4w>A)91c-Stol?U2J1!8-&ctJp
z*T_40*^6Hrat~=!Nb%j4U*SPrp;2i9w`qMZntMJUJ+n&RKBVE$Kq5O~MH5Oy=2*yK
z>f@hL>`h3>lxWyl>Y+>=@gHO(IQn5W;vhY9$aMV!8xAIU&LUAOTVSHN-refH1E8iA
zDJaIwg{1Xg6C%njci&F)XNg`2gGLEj+_idrI|9EdW@Ld<cqZ*4Mhvmlmlz^Jm|p#D
z_|E)P1^Lj(*i;?yR&LC9#f<Y=Jd|jGT?ip3c$&lf0v$^2l#w5?Cps@t@o+;OyNhha
zzEYO(F>V3@oX3qVV<QgC{bwzRARfHI-RMbJ3X54O?@5svggn4l*cOGj65!L@&jbmh
zWHkt{1n{+I!>rZHB4s#489o3423n;e3<PlsQzvo+G~U6^$PXOlh0wbT9ws-)(K2Y8
zB~ZiRP>6CwG@Tn`-~a#?b(7^9FgoH`i^lqnWAbea4V5~uU<qI~m`==n;u*??CXPR7
z{)HFT(muBFBgvuZ2*@W>7jYOKaXMzyYT)F!ZSmTU(Eb0{8xYfB`)Qe9^(vkE3B}NT
zpxzuQij0KQw0meAuC<z5pC;~U(M%U-I5v2(>H*Aco&dI)c|ny2lT)RO%;yx3fNAh^
zKA(SMS1oXRCX#*nHzHMQvGR}r0<}7z(FOGoJq7bHoKIQ|lsR{*E9A1GO~0*=r+UXh
zq2teVW2)IWctYVYDf42=sZH7Sp=7sQ?r|4{qIdClD`+dLrGz)KLk;5TBCBlQwqCc(
z!Bh-5WJ>2G(0j?Om;)?{P@DnzWX(c}o`{QKx#jZQg$3^kEg={ZrmkVmZqZWsPR7Y~
z$-*#27{Hc5a%GA}<s;EHOmtg7B@zTOTRU8N*8b8F@KEA7apWPWD2K7gn;Ib-c`_9v
zM@Aa21h&hXc}@M{H1Sa%8;KlvU-0u5Dq}qj-!sDskSZn|%c9u<3{`hVya$z)_|Ffo
zOND#MSgYv0Is>{Cz*v_oB{Mj^Nh&w**J+~B{(|W%08Kmh!OFB-H8cLcCjDSLaq<Mf
z(t@scOkcRdazuDxn`YvFI20kPf72tUyYzIGFkQ+3_yBr*`!E$wt5jL&T`mNYI^;aV
zk)^Cm7(9Axtp_VE{ci4T<rKGkdV>R^(lT-`=cKvJy?4E^cf~)l+vh;j_#%=s44?NB
zQ3u7nZJYoyj8Y#Q73Gl6;|ttMNfD^w`l=1h*8Bh8J<miO^;lQFAs>Q`ZvsvD4MpOy
zc`-#=Qa+yzk5R^*Uvmbda-&eMV`gI8pJ>}yqv>>wtECm_Rs3Y+1y_R-hxv$*Pv#&o
z!=}I);5bT)k@0cmb6wqhQu*x~OOVzObz=QY?*MhPe3I(mqx7cdhQI{2BLVD&5Ac2c
zuBH~qL12(1Ep~;l8f4%!aE@wE3f(Jg_6h`bt%A+s&-|{_I}!X|1B$K^xh4J8$Amf^
z0dlVUqR!!c!f`JJGu?2P4^jF6Xonc>nv2oU!xeLq(PGmVjHWhtP`Q^*H9S9!;(c}M
zZEr9XRox6WF8h<-E(nVFz+s92000ELHH5^w`hQ;2<_Dkg))0`{`iG(+#_3RbsU*o8
zB|`vJ`_|US(Hc{c?EqrCp3g*eoU+;v*XpJ0WE*n=Jad-*uy2k}*F<IYwIX|>PE%a5
zk4~9{c$6nS(4Pn&1iWJf=6vfGl#r)KRV5Jy*nx38d<@q-SFjx>wJ9QYrO6OJr!#ck
zI2MMvnKIA-z4KoV4gJ)W<-mAGDS%&FAVSTWJ8DMqHSYC(mzF~}Giz64Ep?XGuBxp-
z;`zhkF^(`~RQl%CYcys1Qs<IN@l`p<rXBYW)DLx@7|z|KUWfqAe0GRce(K?>d#Y6I
z3=IcP)#mn>wwt7ee)ZD<rg3RgScFA5U`3Y%a87(F-!wChc3{?c<RUe1p!MzBlr*oV
z0{hv&II}0mjXqR$^8I=eGx+6ju~c;4GBJ5SVdKc6I$Njcwd{x3f|Y8k-cxs_?I9sz
zDy^&7ai;V)$WD#kpm!$>0F41*l+qs=;)lO3H|Il$rhpUHrgZvWrl1V4>$T`MA89fg
z*ne9o+R4}ihMO2(@y3q^7vqE9#=(}t$ZR8f7dY57w))=`9YD!yYHknM-CR5A95ANs
zA+vx8X0cN~CKrZWPDWL=&42~#$!!jQbCYMYPZFnQdO@BR2np9>arH;I+-38aIQ*>t
ziK4+R#cv*QP;2WxQlV;Ku4f7xR5dG_^F)2ilqNTqhuc`fxHrs%bvjQ%&XT?H1{8^K
zqwvy_@KRl4K2}h&SoFM?Mt>DJAvx+KWk3uC(%L#)4D@{jwg*zlbjTRln*sBRrVD3*
zcqJqfBLSYhkH$u$5c{evbcR0dyP(QyN^5SqeggnTK)JuCf$<A58E~&^%9xw1)L^RD
z1ccO}r-}VUvJOB3ed0v#=*u{n!mMOO5+P7FGrEv@t1(Qqn0N0DTbH|Nq57~2EBo*D
z2E3}-nkLyC+mW9M&ji{oumq5@YdHXL8#LztA_4;WioLG@IWepvC8Th|yi?~Rr%mqg
zc1*bKU@O<0l8(V*+Iq3zXD9?Zu;abIeV!NG{c|_j<Ny~Ok*)9D0X~O;w5jd0G0f@E
z1{Jji9m>J(KR0w*#sZoT%j#-H)rP|t%^5fMklALJArQ(luaBCZv0VTF04Yz(zqhAm
z){8=(Uy`-=^O6KN@OB&LIXM1Z2SXUO4Y=gKZee&x8^GJ6{MAfnJ4jvfx@PEtTi}DU
zRNgzg^o2Dsj2?zS<gKW&d)0k3Q5uj%2Wnm1A(4nxz}4QU@LkrxN9MKD-L4DJB11@;
z2e`iQdK|lZAU1L%r_}k|Zj|R3bN}VKeEzfer3+4*MUP|+-3$YpOJ5nSFLgmd_D98`
z;~O0<P;VD=52|X1dcC!hV`4lN<qHh6RkN~{V%(=|GsWN^OZ!OCss$+EMa_7KQ+1T}
zg)2Yr1KO`D@-zGkpu;4WB?oV7PI_VcMK*x5*N$OQS}}R$n)|i_9<W<$p64e5k?Y2S
zdv+ANd-J^BH6@mg`j_UeK2A-M*XeV5<<g=Iw#lYnESG_XGhS1S1km~+PtQB7Nk2Xz
z%`PkyRXgiUE1=7B+S#`iMDG7Ieap@6A}y5mH#a)rKc8x{Efp<}U~ssFg1wpF_IJ6Y
zK45(bKwGE3S@5U$xD!Qt3>sbe*8P^&s87lOEdq4Xj5_xKg@qcXzRlzANJw!$b@Llo
zlInY5WPXFJcie1dwqS%I!+Wx!xXExQnY;wgT{U_k3^%om)ie!DblV#e7U7*K(z7g1
zi6Z-z#dS2IHegO_1B|Ke3XS0O+#9N;)ZY-jG!WEC!w;wx=W8SHX{n{1LZ-r<f?7Uz
zSD0;)T^Lw>Z=8{G&n1AcS_ATh33|JnfBuz<$O%t9{#+CG9pKc}A;A<0widoGFWP8a
zt0RnRwGLkaxw;tx<uOg{7VfO@Ducb6Z}{f&BfXGW4cEk3QSjrUSHLo0b3}*yw0=FD
zJ1voKhd<<T&cp;%ydg<Pt-CkO2SLGNW_k>~bO|_?5o6{5Lg3KRqR1qx8Dzo~eW822
zuxKg(vPX-5dM=7q1jlUhh>wDI3-fX8Fc*Xk^5fJgOEVG3cZ<KbSFwf7{rhMaC>&Gi
zN<LKH9n$kk_UEvh5qt*`Mm9KYRU~1^07Qvj6k)qX>}t(ROJq&tIEqTaE>Bp4i5!fm
ziPQy;ZE(v(Ld!VxXTq(#7*gFkX`xO403~IhB`xyfGsdITak=eKeri`b(!dq6z7Q$k
zxSh>zyVI6W)fj}!0G$$TbtUhieL)u>2GK4d2m&F+-JY;Hm5k;W{usivcW~FSXkkBF
zIq;%OQTF&`CF?AoFo38sJ^=+WZK1S=5;tn+j|GS}W>=!n(nj2w{Bi+si}RNg#CG@P
zh|{l!rp0E()1_0k-m%M>kA{<J=yjv*5~=MtvNmR|`r4KQA$X0x`2ID*RiBCY*9LQT
zb1UBwQ3vLa>pN=VNWha&#Uads;TzH+DN><(4;eOCPnRTrv-jUs^iXd--E04KlG1RY
zF^ehuJCGVuHxIk^8<@HPh9+n)ngK&FsYUl&uAf{06vM@li;(ya-%Oin_<WQeAJg@k
zb9ODE{hJMes!N*P$20SxrI@4&{}YT1l*X1Hn(Y*l1$x-G>!@O#Br)hQda<wJopT>;
zVJq{HM~d%&ghgWKQlm2_v7duVS*Vec?KB>ZUu9$#F|Po1-AW0@;;BAo8_)oLDiLw&
zX=d8EE{cQetVv1c)m)p)oW&sK!;olz>T9@zTKw>sS(Mka(X;|d9THR|_3>ilw!hQE
z0hXa-v)+A#bip9J{P@lDa=6^dK%)Z)_3un<`~zmApBDai>JjYU6gt4y0A<uy$|2Q*
zkqt))(&6iqioP%QIsRC7F#iaFbDT#_=@O9tSs?}&@+^?B#=<TREL|dedB=}=g7~eH
zi1bTj0QQocElatwvmU^fT~zSv#1YoCL08FX&2A?dqyhU>S)hXV0u<?s2_cC+B_UGH
zzQ|hK`j-K&32$SN>~2EX$W7l~%X?}g_4-yh*Lp6{SvxvU=Wzsm4_g_xbq^3lTrNag
zhNEakMhJV=0WRqY$(OS~As+Nd6cY*h!3Sb?o`Mg@00}0C<`GU{3uIuCae9pAFTJ#u
zC;x{Ouk`Dk_(YrlZfa|gfJCS|0ZoEFX#WbO19a9G*MY%$b2k;7EW7-U(0MVw0)=51
zNausUD!jXwy)?4SpirqZbB$?TGW20%a>I=%001J`<-VZ)>)@}9?7of%QeXOQ97?)!
z4vZyNisLLumoJqr&xeIvqSZ;mvV(S{XRv_LkoU9pXEgT-H6E6{Niy2T0kvCG!|^0P
zZiRDB)y}i0;b|kQzBbzK{<8ck{}_r*fJ-9vWunT702gSvBv0ic95)^gb_NASl|saZ
z(CDqiqOUH`VZ1ws{5&8E%51upXX>nX9(Uh@aKA%Qb_RR>ed-wbJG-v2wI}$Yq9T2E
z*2C?pTaW$C?sMMXib(_bVO5nG7RsX^n)b-trd9{@?WBzxEFuDLQSmbPk<23TFI<t+
z4NxvGH|i^0@-Ms9OdG|eAQ~CJZ!wzF!Kg~|x{WJ{=RzYl$?+Z@F4_!awt_-51+oYM
zwE@7OKPahfNbl!>#A;ot5JWN|W#bRkH6Bq`P)dk0jNt9J{2W#x1Pwb%OGlMfs$JS_
z%P{1ed;&$!B}`cvsOxzP{p;#PxL5D4F(@zb!&wVOzLl7gJ4+?|fCs1?wvP0B=d#-2
zgd~~+4mZ28G+hsTq=V+<Z19LVnsA}8ChR=+yTkyW?IOJJ&|O(lU^M~7M%ai|0Gf5c
zl%7f%e#mQNrJs%x;0`R9oZC5dRJWJK>MebB62?t-LT}4zog)e^ZEm~39Bg<#_dw9|
zsY<3n*okR?qsRb!==v^_k=0oqUl#<jK2lJTdf)qBS};2up3y(fE-pFLI~985mNB*Q
zBatIXF7exav<MNiA}%=3io0dRNH6dDv#FTri=x)dw1=&{UGiG!jTm!0<W}thL6cko
z3)W)zdi{hsg~wnC%kp8M;(!5V>WHw|2K5O?3FDqIF?a(ei+v?Ka#Ee0S!c_j=KGqq
z6xl_LUFA(11<XnVhe;Fsr>t2^{8OA*J586T1Oy^6aX37S`fKa35fU<{vCn>G0&DyY
z8~^}pt|Sbraff_DVnpLSbIw0bpu-qNsPG%sQbz)RYFBKTH1%iz)nXbOY;U}<=7gB{
z3cqY>abQ&rp=RtzpqKmF04dcY)Sh++25-Kpt*}El(;saElZuemqGWYSp#86b3zqhv
znZJNyZlC}hIEE?(Iz7w-zqHtFTG#Nuy-Vma=1rsZ!s%z(-{B8b*D4`D(3G<XPt_t0
zl$#$-=V4}};49WuPKrN#vK=K=Ze&&n&Y`?)v7$Ze<k1bA*fsXT?7VSmXq~ydDKH$Q
zqyTB2pF6-LMot<<9E2$O7&Y`5{(b1tI`ncBMITEXzN`=8w&?1Ak&<yPUdvw$Y2BQa
zrdVA%&;a52jK&==RIB2d$L|K<n(S&fgaOv`{HC`q0$xGs8|Igiv#B|g;0l^yN&yZ(
z`F|3N4?hsnNkekPkOfPofE#=;`~k8jnMnPqHgbd$#<*ddhS|FFITpqiB(Wc~y9gV(
zFu7}u{U_8VVj+kc5m2tJKCx%I(7z6*#xD*7vr|C)&<G&e|A{iOjz#a%3%ekD%fM(3
z$M{8o7zV<FTEt(09@q0j6Q*$_ozz|oNke7gA}-jLoL2YEe^yWwoL?$M$%?6Znz3}o
zef;jO%7U%YXl;BTGE3j$Frb@bxX*mMx>8sOl+0S-8YkoW_}pDdo|ddl#4qV8Of<MN
z=pm)z=Wb}}LqLl0C~w&x$9UPXU_|}|fsgsj43r0<JevY&5dOAvyG0VMGpnC4!s64@
zhn2qeuin~Vm1M-!(=OBa8QS3rCphFT6L47Qw1jp3f8e99ZHo+>eijCDhS<+%3AGDc
zD!`lB;QzZDtxZEhKG$^5Gi>1k)&j<`08r+>*u@}#2ebLH9X8Gb`i9S*U-9M*zO|%>
z7ZneOSTq2608Q19Bi3owdrLq77dt@TAqCIzr6vbWcvP-OF}sI#9zT)@>EC%+lKUM2
z+w^Gua%8u{+<|evzlS#g>;1NtLHX_dy0863Dm-dX2@p~s=Jyc{$XD7-TU1-2f(KM?
z!{{4R8CQOww=?=;IJZwmM^h>u3@rdQ{~e`+|Fu=ZGX6WEHN&Ty?5_FS33|9<`t(Z&
z!!?V1A-INy2XFL|nedK#e-IU5+R^jw0#7Pg6+Cbd#I$N(IANR#u>QPoZtl%e-NOcV
zX%YUAK9%o2s(*+M=iUJ%GV^;pQ7`y!KgV9TEm?2?03uAWmNaZ**&H4U>Y|{Dk6u*R
zgP|YLsMit>354x@_oQS*2drvN=dwE$h~yh4_FZnxWiphR_pJojmMFJ&%5o5vOn4{$
zplHUN4kMoW^-MwMZH4Hr%J8`ql+TDf_e1bSXl{v$R63`15>Z<q3x!BA3^;SB;nbe*
zn31+i1VT@1Jc(5)UHlEHv>>^$r>3jx=xXK*<HpT075(3Z=!o{ae;4Lu_aQ5h31ePB
z$~75~tKy~E#oq#>?30Q4$}F%60`Vau`xfjo%wqZGQ*&RHodF$m?e&@Ql#Pa&%IjR+
zWtT0@kjS9*ej)(S&AKFG6*{BAG%l~+o?pxZlg;&1K)b8&cp+y#o*BKA31zM7IY&^^
zX7&5ihcX?W-N?PzZmaw~31F*}CUI@4Gv3<D_BT~fTa6@K{m0r4)bh1bue5sj%n=*)
zZe}gs!tx7!2A&o)r?s^Xcd#1k&&D4!Z`Y&jS<(unTHh&UICa93R#5?)T;{{seZApR
z?cIr)qiDgc3cJcBXoOiYOd!I1SD~+6xpNDeNVpHOW-GI}vsbekJ8_c4$+VAvo`Q!D
z2yZ=kzkG5u^aWe@`C$k+RXbg(LDQy}8Y^2i$#(M!nHYL_N>OBs*TB6k{TT}OP^f-}
zxc;n=4y1>gTOKGAni+RFm;zomO>U{ic;Ft|+GipnC`Q~J?hO!Nn1(}&o)6A{PzO9*
zzFw>mGq76r1ppR>VQ$PJZc(_X6Kroo%P?YSOp!LvKN3skhjb?=jF1#bVPF-0pBtk=
zBPU*&6|b5Ej^P6UdN*CGZr-0cP64_MXvq^=tJ*<o^}0&%y@X^dbuSO`-}UDvl6n9V
zA#&hLGG?RO2VNj0Nz2O^fr}1yI2^PRr1orRSK!YPht&A^Vf{^i07H&GeTgL_6=c5I
zll{O#0}NKn8s~Hc+6`<;nUFimKZ_B(<UPwZw_IOKpXfJ>8@7@z|5zmc!*z|9Uwn99
zO(?};&4#n>hI)WsY^5uM+XfZ#)RZ_&=1I^KILrs?CgAHi@9{weu%1a@*I|k<zD&~q
z1r;#xTZ;3R#c&u~quZc(TqvYPkjsK(vRVW!;fWGyk}FCYlld<00`a_~Hhozo+^Zi@
zA92I4j)91Nxc~qzc3;#p95pFNlS0tG`gVu6rtYZy<}R2sf+pcK<z<>>+E+ng%!aq|
zfx#xi$f?0XwPE92DSZvyEHR9l4TWj_O`Jyzc=v92c#>Iz72z%HhbDmP{Z`~z){@>w
zQAzX$5PqsWa{*vdT3+>Z<Qpd^^QCTrfYSC;o4pXlPzyvKNAi!Tyf1(@aFWHgHE697
z4NAJ)8W;>-R=GjHcX{k^e<zXZAX4k%=HC*)S6a9{&iyC)W!DC~QSBm8wLCsm&=qu4
z0y(bu%NG$|5jqW&&lDyWljXX=?Y@UPO19~K@5&_ER9exjoI5I;sUFh^YVH5*%jG>}
z=XqtaRNvil)HDkev+><hh)JT1VyB8DgXd-7oV4cCbsz-`Hvm98)LjUX-?m)+;#KF5
z{ClZmhFx!%KPK)NkcT;R(^pI^4RC1CJ5>omQd*jIMA$4cal+eo{GsxLMDd)RcsY9a
z^LzsOsTxFsp8$zBA3@$-E&AUVmi~>u(VP}L+KtGz!UR(qUlDMF(yq<35OgIZA~<tk
zUc<f&BuIsvN0Hu6zNV;0^OmVz!m2N>#sizVg88b;+@1vN70J$gNr!IxKML8S$*W<g
z$vGghv>5**zU)AqiNpKI;U+Ig*@`o#y}aFeq?l8R>j)xL`ugz;du6YZa-8u`M2j$@
z0gA%{;XFPD51y*9n6_r{%N#De?#JmTF_(=$+#b+s54fGowz;46s2QwWykYN(tAO@v
zCz!j92f5cI;`uy#eSfSN{7gU@ke2lF1sp$qvWQLu-sy~{C&#0LDJ`b+nak?!u>i#*
z;xeLN9O$zif%E_XIB)<|fR@YGtB#4P<2xSeAFdwKEQP3dE}&smUN}vv4N$yOU?co+
z0FNnsgJPy`J}T2(@^?@!)t@RRDdN={YRb?K@wafJ!iCP%u+-dPofrt59(4d4{G}c8
z!kl6a9zKf}T6(#NR4H7`|C-hLVj^Dpb4BywhJZD_;T>%*d-in!V+;_)yiYRb@Tbl~
z2rjC98RD1|vM&W6g^R>m4DBXIb~_R~AgPI$@`Me6wW}AodkzIO0F|Kac2Nnhzzn3l
zVdr<SS%1XaxahDC94y-p%Nt8yY;<s`5v3Ym3EE_KPD{$dXw4eK*<@x&1R0_r>$gad
zdoVQ!>lLD$-%c<R5;G7kTBc=$ZD)<_4y!GBw+!NInRn=I?wS}AXrZkc<)>iB4lUtS
zz!8Of)5^rhz}V~?(LG7y-XGENZ{Xw+(V{OU@MRh0{N)<+)HaP+tSj+$Nn5Ih@V<_H
z-oX*=ywiAgpYaezM_>#b8dWp0NSZ^4Gv9W_pRGeWA{QG!hf9suuu?bs`G0RAQOWBa
z5U};g2Sr!`aTboO^$%o<w8ikQly{v6!vMN58fbF+S}vTnuuhugC7Wx-|2Ixy(Jc=$
zJV8EUIP|s|xK+v`Km!Xtorv5c6t<Z!PhS>$T)2VaYgTAVkz7>En`yCZ#*$k(OllxA
zLYZlCzE2>W#<ul|js}0<*uBz!u!Q_yD95*`6*P4VoZokW0MoEIp;wEd10HZXl#&fx
zI(yUFkiB+J*p6e8^jT{r|8}!hk}}HMTk(}`TT~DE6*$(fByEjr%L~M1nU6}ZXRdG5
zNA?W4BcR8h!J?LVVOf=?ri@9kz9qgiDny>L?kK0nNQ8E59c-%8^d_oMB<<3-JkAPM
zGHq~q`MiZYlSB}<znw+EEtYD0ax#)zoM6pdp)_xf&q&5Th)kjFq(XSJ0mEX};zwGq
z2GzR7;ri;ZGRvaI-ka?B1fbV$6q&5#IxB1kVFR|!&JV!KZzuo&Ba1fC&Uof+&7{@K
zdwHYaQ5)1!4R;ldBWeJ>EKGDFY9n0JVfS5~bg-2MmVLZ{-H^Zd2MFdcO-hAf^pJP~
z2GTXe?C3WB<*~p}DB|Z0o0L>6FVDNIPd-)Y2kj$ObfX%$9s1s*UPW&t1&|KXg=v}l
zq)eH&oy>-rx~`VWep;>2k(wih{u5TZR>-#sOXQ_pAGLtP_~**$-M0}v*A6DmZ+HTT
zAdiG@XPmGWqODc23zYcj7oCgXUa*W(C(mC1ayVI!@|%xo;Fte`FKDSR{gvAl)A0P$
zcUvz~p0gh=)$_TbTMzV~407slbviE9mZsD6@o`+~skJXZVHD14a|I{il-MI?9clJd
zm~$vmzsej4=2Ja3$r{(_O3f*rYaak#d7Vk%U+Juk<wj2V`QqyLV5Uw&#!S+c*TD{v
z=FD*Zj2S*kYh70_@Y9{id(i;-jXn3@ZI02fZdN!fIDemETQvFNOHeqzvfI$920qjP
zPHz|?`4<%7ZJ}DRPT5re9o%-pubai@8rhPgWfQ;GnKB!)Q$Kbi1c*E=WFEF1#?zHa
zg}>~vu>Q&@)?EJai;s%B|E-tvYlra)<+Gry;9}0xfo{`fo$H}`1&0o&(%kCAlXOC5
zR@YdN{;)p^wR$5p?gV%i&lBQ~?)*C*78jPo-15_;9D-8&ACUNf9eHi2K~@@Z=vgME
z49-ZDX?PIF2{Jy>>p>amdR(r<BlMMidr&R8ubCqEK`?G!6>U9@JD|O`rrLkOV#Y1+
zkb^j3>SzIVD*^vsgQPgCL;IwgN`=lOojfJv*Iq?4s2zn<#>3z=*<|(^sPF`163Y~Z
zd5{I70V83HOx<Cq;^4gt<_3fZRhp7laTg^flF(ya5vCz4V`?wy{@ZeGKdv4uNzVT=
zwH5?fLF;AOtywneILdn2_TY(x9itfN08V=1<hi(%1(|K^M4hF<<o{&$0vk_7fC&6$
zqxp^h?44~+3k0twqZvI*L?}!GqHz~0rLSSmTd^(~+6nih<Axy+8-S^Oykqwdrupvf
z+yDirN6hy4xoQJ)^?>PiN0CevW97d^_Y4AhRr}-Ks=)L9=7d+SclU)|!5{)gMC!l?
zb--HUvQRG^vi||n{SS2Q3Fo;^lU{2q>G|+@4<bOnynS%X*+opARM(-OKCdz=w{?#E
zMsQJ`L!J8|VwQf{m--<gDNN$N<os7DmIUHmbnM#5W=y)_gJgWv>qL*)tCxn8@I^BH
zz@zT7$iT6KIS7e(W@Djb!)wf_EfX<XAuM{7VsIpl%_8EC5$az=m)Rp>koBNa(mPo2
znh1Hbc{=W%cdsJoJ5B1-OXMcYs{Pj5)1^#52>c5CfCe8thLELZz+7iRW4o;s5STwd
zjlT1PT)y8<TEePeItWdZT`@3}9P4UvdSFU2GLzT@#dhI%oj_&Gwf_wFJ;AFv$)yA>
zS}DOTR^$|G7rJ>KmmgdUYL`q@Aj><t$_%%N=V^CF#%#JiMt6S?Ol^0UvD;-R4GO65
z2Jv%PPx?NvuY7GakU;2^75%*XJz!Fu>+pv7D;Nb;DB@|y=^9V;G?^@5{1LG-!|VZ_
zCVJkko?nlaDm*N0;94dDK34TBK>9EYD@4C9hmz&LSpz`Wh-V#rXegwBNod?KVE^il
zSk0fd2aLDZ(4Yl|(3}}LzH=D26WcZ`tvK6;vI{)oritI#CZdbpLdY@SP^e~HYHFd%
z_5rgp21Qz}hg-7m^nvRbK+p{$%l%kisOEWV3jVv!=8|i+?X^$vH_2=Ahj+be{2&0B
z{xU$Sadb&IMMU6OEWZD;IBwpCW{%D=HU50@CMvl_007=V2P#IApp&LoY-h|U2|Qjy
zWq3_t7fW^yB{w&!IfX#->|g#re(9FFD`+kz9hb1UeJ*kem-c>M=qF0@PPHui3f9aw
za{<~>)svFz(EAyVih&nU_RJGbK@K_eSPY|AP((XRk=cKptI~MU&E0H04*;DaCBa}H
z-kcsyWu^-0RqAQ`G6NA&S=?C(Vx^rdCWQh5CiP9*d>;7ru0OGH+Q7^EhCJh)mcb@r
zTuOT7ghZ}dY${VOxz1$u<$y2Q|H19>5z#L`AEE^#X1IlELKDix&&(0S`)fnDm?5Sh
z5e<m8_75$6pM%Q9LNpiLJfaIIkJDW~o?&*MHug{?{9Nxsbp-K3|J+MP-+V!~^p=pR
z^(mY-try1!)=zJ3csLOZ7ellu#gpBrD$5W^zwt`tmM;n!etme-w7SK?Fm+AS`eWW2
zbV1xs#(uBoO|v|UrE5=*<XORq%BOULXzO%&>S2%FG<2*i5^}#)a}h1HgT}MLf37gd
zowf)mtXUUw3}PxP1iDWSAchBfull1A4TmXa7W2-zxKyb!A{OH}XN@Eoxs}k8LVLo1
zvO=N2yPp)@;^rreWmIMMnSI?>#mMp-(Dy^dSk$aDh*&Z$OH>mW8l%Tc$!|~4D0O3-
zNSY9r_xKO{go4%mz=!X8Jk7n$oY_{GyTJgo*<X4F&<7}4v~=?zttPQ%MwEn!6N|0~
zN;R0G!|L1?0ttC7dD&f2)jMhKEsnmyj3f(qe55(S#iNG|iT!<v;o&H(5FN<eDc$ag
z(gFr>_27O`)3ZGh*NGG1wC?f}gkcsyS&BOKvxokKkPyaQ(P6~Rz^cV(7M)!fR{90|
z`BFE6dW*#ahH~cT6hZVbF7BU^0}eT(DBZJ=0P9(6dRv1h=-fLrz!cq?Jw3N3{&6>s
z`&cogdIBT=fr!J71qgWlRf(dJdkI>~6M#$=khgJAXcp8ztZOzFso!dI1t|x-WhnJ#
z>Vq^D8x`CL)HLMkkI>Wmx|^D=m&0XEQ$(t`K%E#hS|5aAfKL5*<{(P%GaosgUL#hB
z4p1q@{@C1QeD4tN95bbd$%Q1#-i9zZO>I%7`T$<6kSl0{@Oc;FPz(U1XeM3<T(q&d
z9h#|8fIka5niWJXmU38B;FNm<diP}YkzRcum}HpB8j^lvhJ*^@Vg>{h)ltrLR4wHZ
zQk%%xAAYs(GV4dQ)LU9wOzeYQ@?D>uM;s?x#K*P}BqLC(^5Iip`W)jk*TZy*sFMti
z1J`n^xGi>47#m#QRAlJ+uScqH<X;bW4Rs>)>-Pbp6YwY*Gd#OB*WDn%4;pw<9@Rn5
ztF=TP)B##}G1%z~x`$wPGB%nHuJRs`F2p#~qG5?VvPzK~McjV~PLt*V4CW_CQ}ou1
zogg%&hSqW&ov1J{kB+xEaVZAgzJSA^KpBDDoQY`{K=Kg-+ZgIcaix++O^*59LEalz
z2a!$p<FAV;VISzh$aUBiczRROiVi?7rd61f9esLemTj7h!g_}#_`Y9`!puxNXR(o3
zm<-wj1@osDMP3g|{@Y^1yBrwZbJrlK%U^B}s1SqFN`>V~SloNgiQgFHN^D&zdc}Z;
zk!+y&Fdv#{i`P(1BbVFDYMoPEhh-a2PG(or@$Q|RwT-1WBEQve4Y-45c=5#_Obd_`
zuX0`g`^Faul(@3xp43t%WeqH8?y$I|K2HXa+KnT{ty^)vt;T$-jsLXt>(kp&zmJd$
zLuP^!ZZnFLNp7p+_i1sbqZF)O!GoB#diT`keR(sS)+c%71ld=2{4K?3JfK38aeL5}
zEJeCb|9U)Rf{&*LLlj2hj<g3Yn5?%AIl$8e<!lT%*hPtj1!AXH?K?(ufgb!-o{j^1
z(n15t45_B{Xd2?T)-L&2S=bh=(xp|32#E841+-XOPvogQ@Kw4k*gfm=h55oo-0<-Q
zK&>HjNUyH3N(9OIA;lPY4`-Ol?`XN2iZ}J4Dp7I}vV&$nl#F_MGmfHEU|CkLdnX)z
ze}$KneR+g79C#ze1!;Xbtz;CM;QPULQTnXA3(^lWp(-vwYn-S|r;UPVN~3`r<l#P_
zWr_M9lZsJ7;TH(rhZL0f6j<loj)-fG3E%6ddzQ1bB@D~MV5-9r0uFxANC|qLh0$N{
za|SB?BR{j(g_}7?M)*Rw>SP=B6(nXpuyLcyQ=URLbI?yMvCTaOETsm~e#^vvE<3Zr
z|Imcrx~{Cy$`m&oG|;Qe=6d@j*R>GotY2kU-}!4e<d(?bivZV&C=5+71ev*Q5P3%I
z2h5e@?aTq~Zd9RGT|tIWy{zwjgRW)W6~TH@P|NC$;8hZJ_e(rlZ}t@{<V<_l0f*+X
zBAzFmeHaq@4}%rAO2SW?lM&B!0iy1trHJ?NbRi(8=mo!x%U&HZNOazyP_NLMOB<|w
zCsrTwX-(}^@+{X=B$=ey5h{Ndd&G_9_e%-+AxL%4hn2J}v-T@ct}~dXqe{yy30e(F
zmhS}H4=(Cgq?IB(8gy}{e7|ZL2m>29GD42>1oFZ6jn_}T3W3&t&<kFuB4N8ERZ?M<
zx~!IVSQj`VD4q-*IP+-ymTPDf6`InK!{sUV@Qg>U)2CSrV;O9505h0i19o4t&R*R^
zPiUXAm2(dk$$G#E+G7H)3J}q@AQxukF_d(K)IeDN%Zq=fYqS$%<!#v-dU{N^5}qC!
zKRlj#5{VA$)NE0#6?YwfJ|=#42u~bpkMcLFh6giXImO1XY}1MX351e`ZN33>iD0hi
zHjOc>o+zYK<8K*?jl!`hOFGYl{!BS;aWo#XSMv<X-(83N?S)nx&pO+D!;GM`^of{L
z$6{~Z{5yi!k1YG7{UkJ>Kbt$Ul-+z}vunvMNpnggM%|s<1`yv1R_{5#{u7J(#!J$A
z*%@kxw=(J`uFL%RthC@R{2<B)8e2vqltaAiC)72{mcQ%teOk1%=iv%fX8ncnPwyTM
zYAb22TT4;RMvQb!=sVj<tIEqp%9QWLRwAZ`MbobcKh-CWDWB5R+D~c_C{vi|r=`r`
z(#r2<Q_D`>46TezBa0Q8QP%PzQ0=uUOcW56CN{y%wytIIf*mOv$wd}jrJ2vk53KY4
zYhKQEW+zfnJ{)wo8*^$46Ig^meZ@?3RCI4xMyBsM<s_8hg;E@rMTm*~mL%+|b7RU3
zX}0kE);%hdt<wP(Vm-tH%)b_zWnZNl%Vz@&YNOh}`>rc@E)iNS;U&Z(9%XG(@{m#*
z;?iGZbwVvCl!VG8uGER~(HAgL?F<C&<{CB$#X`SyrT598Pj6JI^8deb;IMjxxh}>M
zK*g1S%dOKmx^?r~A)it^PXK(}3sx#|48kSq^&+?4f|E#;y9Qrdw~r1Z7j?@91aF<;
z<8z@xSN+a(olX!Sq^%7Ma2eiC)w6!z50`9M#xPoklHZ=-zl<KID4lK50-x5$sum|%
zyYuzV($`ns*6ZY67e5EqUx(sZN@{8OX#7pg7YJ>XLJGUQ?3K%CTltPzVK{0JWOF*)
zpg-UK<p<YMx}CL>(W#hh(uJZ0q|hvFM+5&AG#ODtg8owOtdZlXL~oQHZmlM0b3(WV
zrS&obh)%7W52hV}I@nYd-=^R%eFanIOT8SiKAy%JW<^<H5&4mfsSy{4=KyK>i8trs
z*ye5ynXfy|h(QI#niJF3HjkhpL)_I@j)A*FKeYVTvmNr3^Xx^j8Ap-`7eyf#tEHMh
z(g>uJgAGpS>j<jN(iau6T_R;Ii1xI3rm5v9LZtwVhI1Cm68MSrslL|}AU<Y@u;Ziw
zqq{B_<PkjX0PNxnqK65z+gCU(_{d3dLIz1F<dr`>^ylVcqa~(6Rytki(;@sInJFiT
zBZhFV>KYGjU%L<SEtJpWiz`TFd@UbcPi5Jk#!3-Zc?VSufqGmk#6+*h;|XKeDJ1!B
zl%sE_wfOqi$tM#xpdt?;%j!tscW(&qE;eh&MLH|P&4j22l~^e*flU|k?TJm51I|`!
zoU4B1st$}B;gMUkv4#Mg)v++k&r~B0C;vk}Q-X1c<CI<+!iq#$Dg|9Z_W1|1GK9{+
z{^xT%sQ}zcy$n4NgCkOurck;35iZcf3?y^CowKNG-H=jqjV|sUtr>}nVhYTEk)fog
zrI$5xjIByMc3fZcJKTHjwV&WV+WugREgr5)?%76m<{$vhYVF|L6rVfFn1@lB+oeht
zzMOyr{0&*_y7|Y$wj!Gu{e2#k3oY_0P1m#(mc(g>^Zth*LMc34S|>W)$NtHzh4D5=
ze5vStK=Q~Of9h-jVbzuzyi(p#x5F*|{%0|-<6w&R7pg=#p%)~q!8ot|5lVNUS6VZ{
z{)&vYyQirnt&2iAiiC`N+#Di@=yB<mmV3>fy`AX;p?hCG3hdBpOE~>0llDbZm9J4B
z7e3eFJlB{_Su97j(po9aAaNv8Yp*%B3`5;`MwlKMs~6gRq6*XE|JNlDbx_HMg>qJe
zXO=3J=>|26)KBNG_NrMOQ3f}!ebfg`VNRe9rYxv(%F_Oz?ugm=3H)vYBVjjA3r2h|
z-jQVno|`Qq2!K_ZE^k5wm`|g;Sv*tK0S_03d2qS}M=1l~G;@9idG6L`-;oTs3glJ4
zZt(GmfVn?Il(UoxOhX6u2clLs{x5y9CxooM_5#0w?slvB!Rfp1oVL@)s>GJ*BHQG&
zw`w7Nj~t0In-7mvFFu2(nP5-<7|9g}%Uv`;6_#)cxPHvFfeTEA5TJhmh62lsuWjL$
zX|4;94?ftoIM*KySj*i}XAjX3B`tVPZ_m86;ZdxrWfxXT{V#)MtR7mWGYTgukNX~;
ziU{ejjkaqWyUilOQy%x}?ZR!=ub;-1Zw|F?GPQLk7y?%~yJt4!1=7xbKSji0^y*yZ
z?&-XS)EI!C?r{o1orT$mQ~=Lp^|yEVS^0^}Wafd>7Y+r9d_Xa&Upe|v7zNWdnEJ)|
z33SU*9(P079F#MTBk|0jfX%%4`8wF|mvA+vmi5#uM*#1GJSiQQb7(e!fAm&`09og!
zAKV;_0W)7faWkK*Xvns&NS4}!PqdiR9ueseOH8+300*|#NSF;D0ea6tW)3jk5FeD>
zuwTK_uEO3=SxVA!0cx-ZD+Xqr*=Ir^=Zs(?<4&pa)JDM4Ew*FFmC~BAwDT?-RW8}M
z(lg+q)h{7RedV9-)#@!1-6q04D+KP&WWo)eF{g>bTU;<QTEtRQ4f+cZ(D}W03TF{=
z5|->E6PWJDPTJk1;ES9>A7W$~<L13}z7$E*%N32XSZ8igumGz}8L59Iz_$Z|!0Pjl
zlZy6lJF>X%Tohj6yvaHi-_uDt$3}^}#UVIe#Tr+Ds^zVe(Jtr%k0R(*-A*8?)1J>_
zGs&2%Cs0Yzz<NZGcwj&PSxw%)2>UI`78P3ekr+m9DHa#~X-hdZ>^ZVm)`sq3l=P9B
zFk`6+fr30s%!7@jG3Ct3tE6fM8G6h#E8KCLdU8vj&6>%YsCSglsuRIx@eiq9EcL~$
z5mx!|K@d|$mckgikwc%3#M#aeVxf%Zo`c7s1uhaMV3xN-3(fDSjVrH~Buy{eB<jp!
z&vpRj-6I~Voyyh@?%9t1Ub}3%%GUvM-WCweN;l*&faZ5#I$*z>7TG~`vl4w8eUjJ$
za<fuYRUpj}3>6$!ML0rRvnVE&_*kRnN$(h~%b5AV)ttD_%bs<WSqtL!RzPm^Nn25q
zt3_$bm>N+9*`V4TtOU;0)7g;6E>_mqZT+MCzOA^%nUe*H?{_YLr0tQalw+%UY#eyl
zqO57gXSYD(&B4J5pIv`!aa1lNbuEi2sZHr*=O=-@_m~A%1D@^mHN3$r;k#x<!@SDm
znTLPI6*T>?yY3Eo+w7r%2=_O$)*DUiG<n)XD@eaz2fWsC4dz*<V{U-F=ZdQx>$!q|
zNO1iiIeqZ_n-{nf{f+eSm2H)<zXg(t-tXvGlMlVaBMJt`z8v@0v*eH@hK^>%G6!HZ
z6hrE#^TGWt{ZX5^92ry|e6J14Tx=*Au40=0b9Eg=AxW3K`qJ`y^)?4}?y{$$$|D3Z
z5EqSzqHL1Q<4ve|SP&g==P75~v|#*C@K;qdSr=*{eul!Cbauzz6#rv@n8Yctdl4i9
z11PORK-nadsG5X31U5%*2DAijL8v`og;2Re2ot(uivyuqaVT>%m8S9fl`sXP!H%G1
z_%hle@|Gw4?53SpaK(l!xg)GPAMW<j`~*W|RP;_XS7+P$@IC+_o}2v={48*f9+$Ni
ze1qitfki~VQQUQt`^nHw3pCd<DfNP86Y}jBHWn0ZU6c*NmpHprH&z<m)ic${_LOON
zLJiC4aT2?@D(MKws+ZVPIUv>yXsZzs$3|7p9P6rX@(g7xQ`6h3<1n9o+JG*>^BoM=
zuBvA8{y;^7LaWtLT|fp#5md+*#s?2VHy$JXu?)Y%&RM)eY%L`vpA@eOc#D7lr|<FD
z5x2pND_5X~W(DXdojZ1iUJ-`0KgxKu-hxnb3;Fk!Sh>ElS{2!1q>@5Qj1heRHPftD
zh{<QPmK?!+)R!11-$UI9_%40LuEQPC>DZ>pns$-&<)|-4*}`L!-S>>ivPJ>UZg3fX
zrhuvD*o>^(#nPbay8u-&t4+fzJ~??&kkaSihsHOcXpRiWdg<(;Jp^{oJ*|59L}Bb0
zkE(U-!jT{w3uVv<WU2@kOu*)E2i-X!rUVux#;*;Bn`RMHwDf4`;XwJs0wIrT{Z#-@
zedquOM~8DXC3qwdwL~*iaF=_m_Djen#uq33j$}P<Eqfi-VTGzYdiwUk+2CLOJ(Y3|
z;;#q<ma9X0@I*h2tmeK<&Xl+qKZ?6z>9l<Slk2r}vNaaCT^?xNZIP=@fG8#T-)$V@
zhQ7YF9x3}P=y~jgB%oYl%%&h_6bu9H;@QOr%tnjmsF8E>x;%lnpVNf{5T_VNj_R_5
zcBWbM^@18e=#t6(G!^#f?E8{$jI!Nm7_Mb`vv7TbdQEz>g0|t&S+9b2_T-haghTcv
zCPAD)kmP3S^;wSM#v*3L8AcuTY#r_Mv|RVkv&Z!hpCVkWF}i|VSx<*M#(}8@hmB+5
zA?blXA?-+QRjdc#izJhSEF_lQ)Q-irJ)Z2BXBei29oFJHS#~eSWaGDX2VgsHlf6OM
zM>@0kpqJz?-+624uj9kDrB=fvQO8<UvbOq$G_PwoPc!Ud`<<~`rp6`v+$5ogM?B%3
zB2IFaqF17^huxkmk;tI(V3?p>y&>;=UA#2Z5tJA<?ShOnlo%<!F{=)m>`MuoC<&99
zv+6fa?j><4WD`0cGKNOHsoeIL5x6ite^vQ!VW9Mb+CsZD_Ifmm2W!e=KgVC;_-1Ev
zZPL3beLy&5kY#Uq3JP@=+fpjs-2mw(crmU79+GQBB&PxQaWgI|8j@>=7w}^e@TG~C
zk8xyNja7$+oE-}VVjz*#PDTskZkln)Y_({SHk=0}_Rl&VDFHb0^~e$j;x5O2YC^}D
zsra~EA^9nq_rmcAQvO<#Z4xJnY`Mxr7sHrTIVm)gr|Pl!ZLvkCRqt?{&x{i!ZYyjQ
zo5M4!$cokYpCtt~aM&)^Xh%i9_!vt$47|m<E9E7rCr8rXP)8kai2DUWY{+qgp@4KV
zv~B1Eh6UOO7{j9*PLIP}l{j0L{4DgL%M4<!zw|Q_9g`+H+$#V8^>!CkgrEu427+66
zBrH7GKSCK<6zLWTnTU1TKMYjp0^A-z6Mx<%v<a7Nhf5Z8*|x|Q??f{p!qQdDHN;%a
z2`*--dp3R$HIB?bzw!WB=gxUlHotF~b`27zs^&JsdTYvj&x%cy#Uc}#1dBp{@od#;
z+3PaMcuIK}!1(+^2#LFQN7`)i&3&c0D(X~y0|h^y639k~6b)P$K{L^X4>H`jlcx<E
zni@M5ZnYhesyu1aVYvrmU<eZ8x2%dc!qczQXlpW_VU=7Wcf0KZv3z21bT0P%^Y>z2
zH2$7rW3>&m`RYT%>}JdJ6}|e>T($+}9;S%ZfKBf;HPB4g35p;Z%y%%jG9DM86<un5
zyf>4omn!BX+gg4ibfWM)eAtrLvsqv^%VKd|Aj>bNI=^PahUbIdO;v!#rx4&*{;qy3
zWBGzlN9~AF-!E%hc?RKag>Oig<0>}5I0;16Gfj~U91}da1jcHh0D6<&^C&sM>)xQ|
zY8@5j4>rEcmMo%F6gmlABLN6WJ$*|VhtTu(9opE;^VLc`Pri5r7PUlhwe76t^-v&q
zAL>ZlvAfzbtuf~f9_Oe}z~efac14ylCffiSHYjRTL&yS29IRH5U<-~m_8s?7CO|PF
z)f#(97MVCq42{fUGqea{#6W-oUX_~;^X)$X0007c0xF^s<4gn6Sv1&^?^p^iQVX?d
z4}ztTIFP5^ICQ8f{tWIQj3YSHr+(bCL<ifx4Hro!-=PRH8WHpK1yS1WI~$8fObqqW
zYC=qe1~eSOPmkwc+*`!m({fb^r^7qYvyyXPr2MQ4eb(khRoncMIi|C87?1OVW|-(k
zWrQ6FA6MGFNOo{L^w_L0L%<r2+@ESKK14?i${aKC^znDaMy8;prwr($IicVct+zVk
z<X3bQ;2~-@u6Ms>U{-qD?^NzHGL3t>Z>kM~`KXfqvp1c%)1re_;7~pNOSua<LCb2_
zP9Mm^8}=lb>%WH9;M<NSjR;y2KKCjL^7%??hWW93@rR2iJFH)Q-^FyVx1au^0nHJ9
ziX@W=mM@gvvhOp&{?>Ev`g39+j=d%D52?y6i}!lcV~Ul&Mlx%#|Jb`l676kh<?AKv
z)ct#jm)OuS00B?xUT=&Q_DN7zmET3+Gz-<6;))LL^t?Dg>13EHtf+)MN{|3J!%5Ya
z?XN{?e@CixVn&a2t?%sW!{C#+v|JG{A*|9F-H1WIlUw$!p-+g`(s()hmJ_UkaUQ#i
zsiPvQ$qf%8`Y<&@$?zN-jDt>WfL!RH_~I}=Qb;Wg^~Rs-?xxo*L07EUu#lpm^)Ov1
zOV5eJfKEjkL@4_oW%PI#Eo-8@c$mNUPrhAFS4|!TTNM2u=m*JRn)rDXl7WD9Wk7AS
zb*_?Uw%=EeD`@+V68sc=t=1ZnJA$yrMEAx8;4L-oe%8TpRNi#_u>caCz6;l|l7j^e
zG5NYCk?lsTqad?}gwkwPP4uCFAwUR$R)SUQvc#NUEh64?$S_MlKa%=-x=8XV5Ud%B
zGf+z#iHL0UOX<28=a}nc<&1UkB#yk#?OGY-4wn({Ku)4q5;ZGg<UOU=1r(ut4izEB
zmho<}1~kC$3Uj_{KTz6=l3q3z_cJy@vIt;0e4+vll4GIK+ywg_emL=D<2Ee<pxm}_
zh`IRA`T7|_@?g?LBelXWWI`_6irhd1Akb1|24rxUzx9n!81dB+%1M%0dT-E8jM}C_
zAh-IT+XGvik&@0)uPLiFzc~XAFpHAcZj7l{Io7ij0dPxy`9hF&#!gT{nRyIDHW4ka
zutiws)NQh^22|<rKuYSuLpm$7S~S{3%wp*7Ii(2m+Rx;i;yEszc6<0E`+h@tE~*=)
z>-_2+@-@p_Q{kSO8m9$b5ZmY?N8}iMxtiYQ1nsP6L%=7!OB4c?O_6AENjkG0?P;>r
z&j~$(gNKgwq)Nkm*5O^)D-3%{9%J#{OQGs|djk2D5jC7c7JN-QM`r83{kC%4F_M*_
zDR1zSv4=<~TYDZr6sKZe;)9jlsg;ARRt35s?SG2*+;b1}C9I65ct|G0^MnJyIW~D4
zanZ7zz`gJ+r8qh|q?Bgsqq1)<&d&MaFx)!mKxhUZS{1s(Hh=lR^W<=qJ0n_K&?>%M
zb*x=W$iP2&umH2F!f)07!|`(VM%NuF=%#kS03=JdFHByXukl`sgp<-DG(3-#qBHiB
z;m~q}YsyFI4zHom054Havn=Ksam<9swMd7LrgPr*4QHnj%5+)*yZ{;nnKI$#JZNzS
z3Li}i(-L9#ZNt{}%oQgLGf<pc{rh0jt{W4ASn?&(FoGr84~@#G*2ZHVqy#!k-S6~n
zB?%$%e00IeS@1I?TpllT>MR8n4=n$jMLofDGJw9&I6DWvzKiUL%^;Koj4glBHm&)f
zPv%@%1i9PI_%06Zxv3sB!{_b=v^$FwcJi>%Csj$_@(TQHR=X-y4Y5_nQ`zb+7J39K
zyLMwu(O?yS;BgoXnRJ?{J<nc!X-Q!Uv*ixMH6lkdWzMu$l(&4LA~x_8DDE63uuSd=
zN3Pw)F6a8W(FT)QKmmi*VB#w~jvh*)YmpjdvT{RQGvl7|@XG_WZ1-4;Haf2qHDVF~
zLh^>nhpQ&KfB;~He2*3s)Fm%jk`^V$&;I6VbpO|fg&$QXJc<xCvkJHseqqq$<g*S*
zG!eBT7t%Wr=rl&$8)-wfpwDM%TIwEXy8t4DF<#Dl9gIkeMK_wYP9QR2ZKobV9J-JN
zPy&y_p(w^+0h~d_FOpBMRUNNUDk7W={p?~*Vm$CENYszU-;J-!ACLe631pZNRV;!D
zb~@%fCm#18&eiNoy!9BEqIl(!=)#3AUUyL8ZG;UFB>7(Cf=7SQ$rKeQKbzJ>8PDYW
z$EsGh+D^Vxm_By4EK?R=$$xK9LW9IMNKtKm+Tt{vfG_2WL+zkW`Pwf(S(i!W{kPgd
z@P)kUnR()znDmsKIl|Xm#>TzKZ07oq0=)J<x469ELOM_12&-$9gTx>(h90JztLdRT
z#n$pvB#y~NAHP5V0Hb4p<|K@MMm$hyS(a6?s1R?%U*N`AA8I6YSVl;!04+qTpE<xM
zLsx<_ax)D8pSr+`sj(5oRL}xgJC;lo%FK%DO>|i%=W|L6PgUBaw*n4edkv9sk!6ir
ztPk54V-Xc@h}p_poG|<tSY6K-Hsej8*KXltcbU7FF8YRE_^T1<-}p<3goyVjeM#fh
z>vxKe|5I(E-WQ(N`oE|*g{Y*^oz8qa$<zQH<c(Xj-cUi?L~`^<64?W_VJ`FZ#vR5d
zG7o(=F#$(E^z|FC$o9F)xIi!ynsoN*DiC%2_H8S`0@v`jfbd5@sH(Q22|{B^2LxC5
zVf$HWatKZq*yVaAjtwoaBb;;^*N@F<6R-)7#VtaF4b&}422G0kWNIUtCjV7h9a#OH
zkx&CHH`*J@gPu3%H*Jfs&)rA(rpO`-fA5bg)Sxhfb_KHB007isSix74KToB&7b4%y
zJQ29M#br=lf9wHM%S%u#`wLx6Qs@WNLOne;ulZxVE9=wDhEZLi6mjaq;q)-{Rww~u
zeO`vu-_i^0L(8;RlDNa-EFgkgdApQ7888atMd51jSa+FX>~#I1twK4jg1b!Z2lS>l
zs-WwLm7q+DC#<&$a1y6+Cz}t4bZO%CN*Gr~=2jkPr?2Xr&Zz?8!pKX*OhOI%aB}EP
zpa65Mr@4I?rsEy1gLU$R(}Fs4+pS&lvCyvXlFO-Zc0sdXfpy_}3<SB~*Owj5G*5PZ
z$S=oOLe)|F2<hf3Dn0=_auc6rA6jIKLJOI$F@vr}OZ)ymDN5O4U-#)ZWO;QyEi5mj
z*hxO7?J_w)b$uMJceLhqQE@Eey%_lon|yhRQXq5u%#<d`Ye#Ps(Xoliqk^*%HJhyd
zZz^dYmbku}A_;BM%`-}<E94iNqtEz?9xRXS+YAbq7bsDN<-PZm=TH;5<d<|*{aY&V
z00B>ut(e4<!X+MMgN5BChVBc+w1lTtkQ^-qKz;eiQXF!X-^XE`r4>yFeaHp}3Pxxm
z@k7dypG;0bMM=f5{pbLS*-A-A<Q7oKt{+Ip;!)zE&adhz+sv2%Z>%*w3*56IVObCP
zIgHnwmNMxbju}Xkd8bmJTgr*NVMfr~-~of<Td(Q~vL++@xj}%ECjAU-P!c`4B-3VQ
zw1<7-slx}zo3%v6<w>EAc&pGZV~(gOK)zsu)^BasH_4+eCD3B`!O(3qoNMkJJs4)}
zfS6v7M090*PcNE2C9QuL$OP;zUS0~hCj8OcB=M~3#3$eY2@GqfvFC%dRdQf?eIt>s
zOOm7<BXww;PfH^tQ$@z4<;-RBxPakmFoJ3`Dw7XGj{pEEOczl`%LVeiwAt{$FIALt
z`h=(*=0#U30}e70Vyf;22$@A~R!}S<qoI*6;cj9>I?G?HiF-i@<Zmti4%*b`nWjnt
ztYj;1+L^sT1?v&XZ9*n}NQ*rM=1Ub;KEMI%*f;U&d+?exImdw*CcsHcxTM5A28QpX
z;n`p3l9jTbtZ3E0BePeuNL%eF@RC^}V>&1*Ffc4gYZk7<)b2O(zs2xa^qfqMI82Ep
zI@62Z)cjmmWM}_(e4W+j8M1qiK5$W&%G#B=0spUsX8&{yD;w&-WQkTMMv2>zTQ_P-
zVI<ATH~=_6$G?6w(VeEHq$_umtY~%O15y|Njz7w{5O>aer(gI#sB5y_td&_)cb&&9
zhttl5Ao)E@xaV+_8H<Rg3drX-R8QAL-cp-a1<2N=@%dzXkliT@Li`S&{%PI|A<;Qb
z3;7`!d}$78zytu$NV7Sw>TqCZEhx`hVdmUr=8@bl@z()|EW|KOn4(D|m?Ep8W~*LC
zauTN}d}sT7-1FtWXik`H_-+;V`<-yuFD-nPcd?(lK>thQZL2c!sKW^$roN0F9!^HF
zhgHAya%mZdThfL7>*NvNryZ#p7KdDqr(j(0wUKm0v9^zZ&&^V%nx<$*!YbI?GxN=O
z09*y*nG)wpTQHln-K{rJ-5gh7*!fGVoBa`Mde;3dU{{PeUbERazk~CTOdGZ53xShr
z97+RfBk|y6sW|U=LJ@5k&HJk7f<D<g`gqGBbDuo21(^sSOw*WnSl&&P>y5^~(57LF
z_Ac)rX#e$@vA$_(>wc5~01=oZ3xLj%8evV{x&cr`Fkj$sFrkdHR}bR}(8w$T%z6hN
zU?@6xn%Z$oQqtkwpT<wJJimJtXKrVK&tj`h{2JAlYa)g#|C92w)n6fN+VYueK1<uj
zkvNEBO|3I7wQ{wVZU6|t6^=Yma5@j=iz>|5!Cw<tXW5pIPRf$%qQwi}<LP^u$sa8M
zE%il6ghu8;zBqQ*RMLPit!mEQd*{*5xrR<sqWnMehw`+OV`Oi#41H4EexwqVVFj^Y
zc{b@3{l?Uc9?jS$HYW&f-j;B+6Y$q%z^q^<Tt+}ER!%F|LL~MTNB{?U+<H!M=n^W9
zBO+nRRZzPaW2h8Jh3AZ2S_9hK&!?B7k<$f3BU2*>^52{uRV6;O#t^8%ON!^gl5!#<
zQ6Z*np?5y(pav}5K6zdx?~k1MXaddyt-m0VS5KIdx$#)8a%F|cxP*+_8vCWItU4vg
zB?2R@))c3e5J-t3mE#fMDNtfjg-{}Y>tbm1?E}O%Hb?y?P&{MRW1SZCIVh;+JxeEI
zFEF~@KGoO4%4h$}4Z}BUYhf@?dV;GAYvV>z>eESKlz>b-&~k#>q~rHpVFdNgvif8p
zYoJDd@d>o!FcijTU{t81DS`{f?2#mOR5w&PpTs>a<hKf7%{%?xcQLpC!SkC72r5IN
z;*dOjt~~gx44mzX>|1q-0e}%SCVG2zQ!0ryMB1p~BeU769v~iM*=M#jnri|xjzeNZ
z1_JbCMdIu&V%SAke8xtM8Lh(e!=l11B$hbNN$~xoGs6|SSb&lVXqKCKv6om|;aLoG
zG<pG;@u)|m81~kKG?YjHCHa@ZK$07wuG~BK=WB!!M7g1Q!oZY<c>ew1x3Z!wqi1SB
z1x_lZjS*iQFh-IJN%X4c$sn>|0+6M%+ywV@MXlGrSDBIMykr8R+O}S%y8^`LvhK<`
z2KM+51odXKgTb<`uHS6w`L}wzE=lgfUSgr*_;3LmNdRz1Dh|N<qjV<BPVfi%VxWE_
zoT~bcJAcX}Yv7@_mrr*bKyU@Zy_GN8ylAgB;SPUBFpKuLl*4+gq-uMO15m9WrX>TO
z8`^&A<3wtOvknkT?J$dBMkb0eH`B=^%nsLx67$oNU3`gZ4c;s%ip2L_Z+|cUJR3WC
z-`Fi%a(W4Ke0pBA)gss>Hq}Bg+7Ik`!^*pi6GXsd-LlS|%4ePc%65)1l&U176@~@m
zP%oHIk#OX;Q86DdO)0cKi^T~kg{MkV{ONA#q*Fk$j%Mf#p~ALe7RVTACrcfS_v5Ac
zsOuP^Aw!Xr0}Ae9;e#O3bOdKNp?N}YeEg>68zzr4H>d9Cv5CBnVLJN+HqTv${Tsc(
z6x^Y>1e=>pasfTs#@u_Q#Yfcp11<(uq`QYjK{fd_i$XYn$FO_4*NO_SJdhm}Uajai
zC3NjT?wcS0VR=>|TF+1ZcaN`lcwJ$CV!`+8vV$Q1E+K}H0v^G<5y*u=CHf(Ap*nr+
zV&lGtWx@^Lq&W9$y>|bWTgk-q`ZD@Cz%pB;QtWSooz1!Vg3#IF&+)MP@w)_Rf{U9K
zF>8fF>(7eslK(PCl0c03+>|ps$r{*-ckzx`{3S17ALvRd@>VuJFne~I50<A)1Ehjb
z`W*Usr%g+VjyZUt&zW0i(CNbOt}f1i&lW_7_6k%V=Vq8owqH))5f`7BO5vPe!+dRC
zN5AN_-`i8P41NSnT!bbJ65cS91&rY`-LJGIbCVkZZYDO0z0lz<*zf~z=~<C*t=pqX
zm<^_5n;o(Dt9L%?02I`HA+W%7&_RxZ|DeX$Y9b02ykEoB=-RV?Sdfqvc5V)#AD00W
zv#T=GmBkJ%7FB{c4`w9IR##}*QlCyI^y_1bH3YzCgBvIq^n>R9587!~Lrn4dS@RvC
z@mtI8NB{s2#YJL(vF#N|1+L1A()(jBy2)|^N%wu?Pnd*K@JE@s#G#Yh=CRn%nHVJ?
zfo%M{dmeiwgu~-R@w4n^_ij}KN={<3eaMY}4}JJg#(J1zAwpzq%Lj(S@l#eCxwzLI
z(;#S3{<?p2KLP`fpK>hAwG|?9t_P}t=q%+OjcXa=pJBb^EursI-~Uu751&tNE@#m^
z*&k;~GlNXYcyKEs$fgILOsK7&NHgT#$SR&|{Ye~s)i#>X+869sZ&p778bAop2FC$c
zcZf|hHEJ`XnjLyN6CywsR~1Kg!RXo@CfUlk5yb;G5F0I&!u~`=o+|ZG{l1W|Nx7vJ
zfm>-SeRc}S(AaRp@0-BhG2sz(5U5H~%;wf3p;CW)l#B#p-gtcl;#pCT7r5tBhLfRm
zp*2l+!Z#tRfVg&!N_;9U(kNE@K@UP^XCeL93^-6Pc0_O!5lmc4Nastw=|>fdSX6&u
zLxY4l;<-bbe}k#Z+@Kv`+IfJifhg<!sN6-VMI!nUI(ta{vXG|b#KLP!Zw{ptgR;@w
z_*1r1-@qU)2oMn~G#jo93vb6ew@fnhp{Ae@E0@KbaZ*`t_NQ$g#{e-Asp2#KBy;&v
z?wCfzr1iDtee;sA#&5+Ai)g>Zio66kUNZd2YI`ElKUpmw4GbY@&Vj+O6bx_b%Hmld
z3)Ny*5_`1q){nSFBy#5$k7?9rPbT<9;?J-`ttl$H;291^Sg8!BR6_kOGOU7_g^7R}
z*}af&=I2=Md5u1jrt1&BDK*IwI^Y%ZH1Kwl7N^(cIQ&}(;(b}_lsBzzoX?Q&E{%Pl
zD9H@FhU^HXE_G`V7@$-Wf(uKzkS)hotBMC!^v4}GL2078k_rlG<W?@iZ|7a+R*x8L
zt?lW5&_&_^a|P~<wP>~ojC1fomO=Lm9pNAKVx}zRmbuQnUUs96>KlWaV{^=Ah^eSA
zLOLY(7Hp(a?SZ%7w5##3_`ivGJ%~Scm)$SG!RNrvI!ROvqsK>b6dB^?d8QejxjREl
z#2OS)1VTsXTStWB)kva!TvPn+7bG%fKM;__zR{bZK&nQ@W`eVtZ4AkUBKC<8uZE?h
zRdm~73h4j??7fYPB?eZT6F1KnP$-kIUXl9;mR7IJBHWL|^(pj&cK3a-Z<cwM7<PUz
zDMdgU6aip?I4L-&+xbcvF~sT<U<Q7OZQV5o6n#F7h*<K579M4Bn^*E1&!Z8xss*5X
z<55j<4^vG8r7m}|dtl67bOtdp!q3t$gT{I^xZC5gIG4EBA5SsbR(3u+?K}S>BM`b?
z@N^^0qmeD)B(Q%6bw)ux1s2tY3_>02%L@i1W|rxX{}iAzt}E2oU&nPlx1(8f>0I)k
zU^dz|&Y9U|H9w|+L5T?s1F}HD(8I3D4VX)9o&F5Zgf1zp(5ZpI3sl`~jd}0m>j*-R
zhbBKB=_0NwX%sN9URF-rcZ8(NtZ~T0yX<oHZX~{eROn}c0Awy!^qs>>Ky;xVG;xX+
zV4jw)JB42|5?To?8E*3Ip)_z6n38-3v!sOCBO#J+uu&)t1S(%97z{Nd6MQT)x$a8k
zVoXdOJnDv3ESra33`0^hKjd6)IxU5SsD^{EN3`8Mt2069o=op+Y@^kFnP{@b%Y~k$
zs)MhKMQ0nZ7MQ)o6ND>XcVV`-i$CRBXqnt^M{SRQrX2@{4?N=MQY}EIJKYAu1NQtO
zOAb*}$(yoWdxx_QVEKXM$BP~)ju$4g^8h#;=(J9YR=-hAeBLgXw1mmH3I^Op&8Qer
zX+dGD{|*y8Vp4Y>c8L$!@d}_^)0Rz$1QuO@<z$M~d2bE3golC-;&v0L07maKYT?MR
zORqjRWfH}^wA)JaPuEqji2+dl^b3jDI)IGy0WKpa0PH7?jHKONU#hEptgNMo59n9D
z8Dj=SaxL6`I`-X3b+j+fBnUP(4&B0n!j3;R^t+4l{1o>rmH-n5+OyP6-5(&`Q5YaA
zX#DR+izmeep}dJ=!pL{$hk4Lgd}P4B8lr?4^Or6E=H5ovz17%P@Zfq%YLs#5>M>ti
zhLaL>qlN$(msX?ucxlLOl5yYy_}^DeWX7Ik8fH#^hEET;p^w*)MIRyQEB_Qd3e93m
zC*xKATi^yYp;}gh)M?2ID+w|*5f<8Gz47R1aNsG>H(M5kwVo-H6}Ma<Hoacs+>w@T
zzIy=qY#a_7sDyN>=B{E|I>ZjwS%MegWsjP_#UxBqO4)tmp|eib8D1sN(l2F(3<l%m
zzf)u?wIn_z*2<Ji8g?2Bz>m+<>p4pH+^uw+K!))WfydenD^7bnHVm5RAiw|!(Qp|e
zPEV-jNB3@p0E7$L=@nF2R<p?k$!ZSBP;U0*k?-g$oOL)rq8RFnJ#9y}4?S8003tM{
zSU7eG+Gf<;kO1ARXOtTAEGU>tc3l4H#KX0M^o`=X+R(+6V{3Q#x&kHV!GrUAAhl7w
zl4-dP0CFHebt=Lo%;uKxwSZP>2uV0*8G7**K$n~ZI-!$WzBEw~CkO^&&<%Yk<8pZ@
z?;_T1We(|<Rg1QW@ulU`8tEvv)o6xMFh7z6o7sxGvuJaPMr~IOWRK3>Yb&<wpCz2=
z%zmf$+^{Xj3L0cTn^)FHQMX!`wkXD`K+myGSv1=k4$7(c)0}rd{~XvLm8UQV0xCHh
zeN%X;v{E3_1nsJ~^fRJ60PQ!hP5@n53tbGUYglSu^A7NCVv{T5T7F2sl|U`L1sWeY
z_^}%5StyUzF@{Jr2r1aIM^UWUZ(xDT%PvU5|7;9L&d_2;?T5`19_pd4X6Z_zGqxR)
zh@H?YXhLf77bSb`KE^(CXGT8Y^?(DC0=vx7=#X_waVS9fCy+@!?7x~iCALf@E@7L1
znQk*c07-eJh~GG+%p_T<AK3Xn#7Ri;{c;mT*%+y!>oiPT3J3ZK6X%EMc4>Y5`h6m8
zg$S1t>?ui=B3?Xm!=R$}$fOhSdQHg$g{>7NTm_iCNK186<6&0J#+?b?5B7N7S>T9@
z)?f{Q04A9$t|j*Mi&}&6mWrOvcn9Z1Bh&>_+}><$sXQb=0YounM!bMR{eVR>K5$Ct
z0VgLYh<|W`)&3yH=T5&RG62DRQrYycDJju$k!AN%!)Q&af=3Vp-*$ExiuTYxDJ)kx
z3iK^fAUA3;go3(nrBev`^cdv<_oB<t<gXs{`tU0$6yvJQH&6Ru_Q;i!#@mGMgOdLy
zE?i4F`ZE_m3@?@;IA+FR4y=$_T|NmR2OsF*w_{v-Ip2JjthHKgyvudv`IJ?iu^Z`s
z;Cfrjn=2+8p$pLfq4{)0Dus@57zBDm_mq4{&CvK5Y`*dXEfQ!}Fy}2zm=7R*J{tv_
zo`zbR00poqt*mRmcFKj<Z?*~wSa!s1UXpY;yIExL=M1s7A6le?=Jf8h90zRtpM4#l
zf>zN;sUd}sYS1pWpc(j?IhF7S=~Nz{$Wd@zOV$cBY_xtr61u;b><k)ZPhn3xMX%`q
zJIO4ly2M9(7<j{H0>BFDXaH#SM^A%F65nryX_G$-dLJ|vs$9DH0^vTjG72bCSRn)m
z)K#0Y0t_*e6VIdYb(`LvgFcY_it&Ev@PeRft6o<Cf2zwH@-3bD?ve~u1tc)|H29YI
zh=M<qn?tB8=)Xe~%J+XXQ!3iHva0Pj(P;ppZdW<bF&&SGgl&_?{~!o>7V0r|HNcoa
zjzeX2y#@x@^)N|9nblPmGVM<=@>F)WSvUVJE{pd%l~d;MmjnaR)g`$sXM?8Hj!BVd
zPQ5chnd!HNRkzRCub>=QfQ6J8ZbrEpSKp2m6QV&*?_D4ZBlJY;^AvO0G@U>I3&!V2
zq?c%nGEJ?WWhd%H3Xn^Ogo2BH?R=RQ)CS}NC(n7bC%uofJV7rT(!so(1KfstI7i{0
zdlldfQ^zwC=!*$|fuwxk`$Jk94^*winxH{R5${2M(j)^CD$kYM#}vl$I(VbR7h(}T
z5(wMEnU%4q=$8}pWpU8Sth9bZidFy<YP<GkeC-!{TtI{0-wocT%>_#fqG$jE$Re94
zy;<wfR)h$}qyVcWu{|zYp4G_9=cvWxNoOgCr*2O=TFJw?_n|6d#xBSN(-sLQCpX+c
z-wz!?<~i^UPQH-yN}nWr8rB3!Q<72~S{eyZBbr|ii<ls*NJRM$e$&s4pbwE|!>fIi
zuugr@yNVyYH26eA7{fgUNL7OY==Ux@R6o#*1kN@hB--wP@1YsVM|?}0DkP6agW0xC
zt{Ql`5CDL|GvWHwl6VM0M|@$Q_+{8LTra6^uFDfnW$)=WW7P;XoU>_w2swA8F)LDO
z_|w3el%VidDt#t=<fDsN>78B9UV787A@vmZU@867BY`|_#?A#0kRQyi#MvWbB+oAw
z5>munpp_7K^oJN!TkFm46ea*eh)MHXXC(P^v0^f**kk?{a^var;EFU{!rpYu52ifG
zf{cV6PgiK}l$M_GQN%JZKmATC90N0m*>XJ++7!LyQGgJ%#>5r?=y&<q<C*O+W35er
z0BvuXl~3zTX%pdu0)bsRYvjN_iwfn0+`jsK;bPVE^7EzL&#BLhmv;xT({%OrHZX7c
zBEQLaW%mhf3BoEAfZG6I-syl-o=s0zatNdrOOo|HcR37it`!bkp3vi7Y+E?oRj=#?
zk8+Z_CC{eC>#swR)3v4YTn?n~a7iyH8uv=TYJ_`(;W{3W7q5zt+XSLyK%Bic$Xd9T
zo9+pXUfvX+&#0weU1p|A&mYL_2h+5sQ4WG$3S>|yK&%rCwrJ1IXl>61%NYziUrq;*
z*eJ6&nQZ<P00es;ryn*HV2!I*%m@|r?BSTGcbu1>DP;eDId*;hTSx?<MVof>%^@HB
zq3J&)`Wq`8mAP;7=Xbn)RpVzAIv^UrL184AUfj*L+i2WTvCv@gIeNw#ixIpON<VSQ
zyW~ixgtCDkuq3;}Vrp%|XEs)Df2*x8@4iY6zA1uJ2;fe5lUi13Fr-ONe`RSeLG`3m
zGNh4yl4?SWcFCN2p2{*38Orwu4D5_ZTLA}*$1@~^A)E#Ev?8kKI7vZS$BvtoZP5tq
zICkvH$HTyr3RzoLd%{wx0W=lMQ%BeWoYWVsCzklF5rc#j9|Bj1#95QQ0$J}GBBN!t
zkO6geXQss+Y5=}MwSlo_f`}#16FYv`TS@eW`lE=4S5fcL=Yu1#6oFd~av&W}Pd4o-
zzO;7>cM)=Vga?@Mlu{_}yf?WGiJktN-b;p{Ov2*}#~W)qMJYjz9Gi)k_AEWD`g^hP
z8Z90L=p+F6t}xESN5$73=fJGZDIWF&65|TajvoZJ$&FIn0#O?5s)8G){zK*&@-t^m
zcC33Q%h6R}C3T>f#WJ+jBp0g}KI+Y%pRaz;t$WPrRN-~Dwpp*Z<QG`N7j(Nqm0b)S
zq{H4qF2IyRQlXlf_)PH{8;`n1<TiBIGDDXqAZ2fYusiVn1!!N~Mb0Z}^ks-BIBE?S
zGUW9iGI={ccia7Ji})iovpm{X;L!dh-TP%gJOrn=BW)3fW%Oj(52K$NM+$;AKcl$<
z0?(RwjX(a#l({-oj2wY>^4j+08GnweS*V0{FYaO@olse*YAHm`Q;ye#(J#>lK0u1e
z?FXY|TH4zbj@PgyXbub^$q<%+NXiv!NHf{`P&v}p09HzPfQRUukRCBckjruB?6$TL
zd)oj84*@7C=e3UeA~9b`dbX#UA=eWk{#@wGshuwB-~xfwL1*xvf-C4yS2V|8`F8gV
z>&e0LCH;ER*&@UO`SegLYzvlKft;%;-bocyBc^nQ8)#*ybz)CguHqI3a-}ua=~K<)
zfa8z-D!3<5fhV|p=2DD4IZ(lWcm?KQr9mS=?$BkuRSv_Td}$cmji?=5jo;OI2sDk|
z1Ielg0S!U*TLsG|EMx4!4&fV}i!pc~xkSKH7lg!$p`fwh_*xyYz9h$MskVmZ+c%0Z
z01DwBd+QJeqL9}GO^(0>b{@g*l!Ckgcmh}uca-qv=rLKUD?z)};ftcA9#`6mm87XT
zBB7ZsQ}c?lXIHF109m{YBL+LKd=?Hope!818RI4)FK@Y}BY;qu5yN@MQRdi$UUt<p
z{t9U|BZp~}4)Rp})j}@H+LM<5y~R9g8)3?)FUe!@wI$f|sPMhQfhAe;`Gj_A$a#Ye
z({j3IqDclY3J*p}%yMcr^|f(t65NU|Oluj6lp;+$wP?!d3Nfi#IbKwyBmoxYDU+WC
zB=(eF8GQyy+;|Re>2I;4(^id|^j56q9*n!Mmf^7EI$05!OVj;dZk|4q7{r5B74qb$
zdxe;@s|nlo5cAhkNpLO5*vV8JSH+u!qO1L%2T7f<nB8dU1>sZ<K)>Lrl0JVy?MIcX
z{Q1L%#l-dDv*i?h#gvjn#FCeXy}dwVfB+3iT|9#RVA#gnkjz-TMc4aj^^KH5)d$za
zCv$6K&<A}Epl*RY!KMHJ_+h{$<$vIY{SZpr_Y5>wi3X6xXL+gz(h}2@`?~0(RSev?
zq3+Q;j1`<90Y~%IV75aq^#eHCx<4lt^s80nE-sX3<??Q!r)9~asTOe(*X5wk-@quA
zVUk1**j-y_PA*#a-l(r0E)qW@)GQI_Fi36z)L?>D=TOL~pnM0ds<^43+T|4Y76gbF
zN5DgB=a-9@HlpV>ks{k1j)<C?&i(;7Lu-fP9LZtIMF?R*k{GZ=F~t{JjFFh$j@<5s
z2S!F|Z{D7#edMlu!4()*$>h(^pZTjhnkAsr;|gg%KwcD4;zx7a><L*eW(mi2%v9Vy
zvl%_(Wx69LA}eXaKwbaY3MCSt;EadZkth34P~fRF>84`tL<Q}okSuT+-LW;KmQ$(K
z5jF5C>PMIFCd;a7VshZIc-Ptl?JJ_*Z)<NwLup5?oc8A<v+zZH7ge3K4vD+=sN-Ii
zMvxckIJ>M%Iu$=w2M=;g@65MP_Zk3K_T6)p#8-%&0_)hEU9`bpkBK;yfd_bh=DD{*
z#h3}tq~5Tw{WQW&g6QzwJcShDx%?Hc-$k<4r-CYZ{Duoj=UYbvH@S`0-188iYz!$a
zPX7<GtK~5W1N4n@5}vD-VTq5GtYNT)ZfJUfVohwtTu-yV=*4yiBu;U0)cbv|2;w?T
z_+}lqV({@>EdN{j3ERR1SfOA@sMx4VlUeTINW0tuJM$xIBxNFi)9TegMliUb67+j(
zhB7#?L+{j!$Fm}{;iT`BGaF-H%+FU8E$-St^!*UB#p{(mVDZzXj=V1`r-otqf$a=T
z_^>m5_#JPopwJvy=PMZ%%;J=^l}##SMT+gwv_;Lb`!90V_vA!%5xus{yjd<9-}a0e
z(Ik4cTz^^20AUv6T-?i_J#^KYN6gJ37k&Ir2u|V+UrkmBFm<QL#kvZ<9EGeP<)VlG
zac<#8;DJpRDTID~tWJ$W>ABqgVLh+~S0j0KmrgW4a&6_}Rc2>`<Bx_>Njo>jW`?r$
z(HRFQ2uyT&w5W#jH_sr^Rrdvn7`5*o{n1bq+VRl!!Bv=Qhw~6n0RKhszJp8)Y)5>S
z&8VA^KKB@Zre=xa4bUyaa1l$MqHUpbEh%~6OUUaDbFOqZpHu}Va|t)@s}dyd&B{~8
zp5Qy%|B0*MOvYkTgm1Y@Z73FU?io0y_|}UmCnU^UtH!<{2`|lFL>%W~hUvpE%%w{S
z0B*=MSAqNcARpn=+)oU#?st^!0t{7;L5P+sqWZ|=L2Yx%f6_2hDnU~?{~WWL&}j`x
zp8+=kcj&4yFh!MX{GphV&BRi^rzoUoLM-{z3F(Q{x|`<JlOtS~Z}O+ain0Zf#=W*&
z$-W2}7|HyOjK%=GN$CV~IcPs4Z=K|8ziN$opz;a{WdI8BVZJDdbg18ZxspsM^`Bd3
zH)@0_f7J|>J^?*lYak6x3j0sp)dN}&4u0rmC`r1uwpe*&?aec&#m?2<7X4QR4Xe3X
zWz_%+`^vxgOInr3;UIl?ng@5tf?;2f=#IgtZfZ+L4vZ6RRrc_?Z7sDr%QUX_@}`hM
zSz1HCV400RcHDEDO#cC)LhNvn`Dz-3;4H=%)?@IwcAZ=8fT$)DutqwZ5XZ4){Gej}
z#kpZlLL6<_D0Zo&HGp-@W}x}WAouO*d0skb*tkv5^!ic5fF!c|Ps-7BP`0*p^h_ui
zUxfoy9+HBUbCe^nA&@0QYDFBw2H1Re`ixTM2K^s69-cA5B1)_sd#%G<r#^O5s2$>h
zEo2*3shZ)Z^7e3+<;F~BZV|<_;PB-|yHlb_h`P1WCF4uv#S=13U<cFX=>uL5QHB1S
zpp`u_z}&N$<+X>gu)X&5W`kC^Ak%E>3yDy4Mi`!O8OZ^)lmCR|hU^Uzv@IA8ip<pP
z+l(09aQE^!RSMBLcP0}zj{~a2T3eC8{(&RH)c=3Hi5$!WTo;OPXh-G&|CA5#(p`bB
zCLKQcfQmSAWu#TqdArwjgoZM8UDX+IG3oGAokGuubbVEcL<@pB3c2_kk_QX=lZXbC
zd!0Gf<bik7%)C%QGb^T6lzR5Mw&@n*Ui)>)^x$X&z~VE@DDm;MU8<yqhHyqRgUGA?
zXwU@_lFV(Fs1s<)3_?hz?%g4PJl;C2CRw)7a}l5b{ur%y2gn#K?r^fSNM-#YDEPrA
z+!yBb!KtQQVwNys4Zs#iVl>kQ8|X|;$aXY&me76l>%?E!?%jQ8&`RmKysUQWhyqs9
zEl9G1NF8R(o3-(uolx8EGSFVMJm{JmNWa_U4_Z_Y*rX+OcQ&$1K1$}MhvA)`@#OFU
zhfSXz8r}#1L{`mEsMP)zPFsC?pXC4>aj+Kh+4+tEAg*kOOe7Y@wO9;g$tqx3+l@vW
zpTayB)0Po>8*rq|$zKmo{wDX%6vY1kDKWub=oGMC?kB#&(!_*e2C0#31y^{2l<-$Y
z{5X3_xy_r}*es*vB9XVrz`~g;{{XMHB;uxI_*XwpnSMVV%n;LE8SCWo2nqgVF#}f{
zVsUTakj)e}fyl2Ex@)FLUyUCXe!3T6!UPE6HH<MLzp%ZUmyNe;W#sw+C}T6m4&D4f
zz&&Gv=v^au>;)8@X#Ox1Da2X$_gq&=R@s$)8uYt(fr38oN&{&&*EB-pclxkp)V=%B
zvD~X$Lk`8^3ZWbk&)@Y1xrK^2bObeKO#IoOhzjOAhuqy_dfi*PLxvU0P+Ad^Jgr0)
z;ZS=`a=7t9vHCwbD2xtyAVV-(Sc6W<emmsN0-N?4QZB|aJ-`vEgEe>Je;KRVvMh6+
zpRnwfOShZ{(meTD5;{Rf)fD3UN*3Bi^Qwzl6QU6IVCQER5}p#S##y!HOu+<E<Ucg7
z!a7EwN|&!EmPI-RjNkIWaq}(^m`uSkD>PWs1!x)Eyn{`;&-9pWX587lq+)|&9O~-C
zPdH31M<$RH+6g;*jGiF-!7xmMe5N1y#Hv4DfY3OY7fHLb*dy^E17f#g<0PMoUf8Zu
z;4ZA7yq-Jnd=y&sN{wh8vaOwqL+7ld%C|9n6*&7uAhiYbXeF=QsgDXA)HPbB^RM+*
zjWfiDdF^lLNKJ+p{cothHPcBjgL@tDlX`C>|44VnJ3YbGgr%#(@LxvcJOpOFTHFKS
zwsUMAI71Y)dCW169j;`;C3q2F+iRbF1E%00kfVZuNPPG#Qv7ha^j3LiQ8Z_6{Fh)6
zFT|+$?$3YW>jS~&o@>sg0M2CyWr4VaD`6G+%#R{FqjI5yLofaPQB79e*xrxh3Q}is
z?U*(O&t^kHdONmC?5;zteLT^RPnniLbW?e#!k<&oD)T(5wpvsmWP$^DNZBF(Nt?69
ze-%*&)I1>HG(r#^UAuM>7hi*ob;@goW9tjxm8?6NKNi630Wh*7NWI42N{A6Cz0r2Q
znF^<_0`P1=9$US%`<0JtK9Pr*5la9^JYP-ZB=_$gs?IPx!XWY1*fwABTuTDv)JL9`
zK#Z`2WoAcAxpK1QJXYh;tXm}^R~`~x)Ba*vyK_OIkZ_cZeK8q`01AZLBwgM?9-gko
zhm2&jdG|Rk2tpbOoJ}~%NYZHgs!OH=Yw{~&_jT~%B|sMOm7UEi0#FI)FHkfKD$%+r
zd!dFVUTWMTSDxa-E?j;Sp+&8Oz{9Q}M?es8sZC9XEmx|D2on#!FX9M|rn=6Hnm-Xz
ztAlcfYP_)|hOfkp?e%&n)$+@oo&|>@E*`W5U7y#;689qr3@|6_75P3)F4quNBV!w7
zid2>PzQE4G)SChSceyp-E$cqwp1{!)V+EfT<vxCC2bv)in%AO8-h~h~hb3LNT!iXm
zZMD&Z=kb+D5D=Z000B>AV)c$)A+0wCT;vG2SpxE&JA@%<>LHmbdZ&OW&AN|XOCRpP
zA0G00sAz`)_EQ9sxsWl6!m5#ApZGzQFl+2y{~xLSm--t)6=A?BV*ueztABhEr)Qwx
zM}#n(`K$qIrl4tU=5k%AuZ9E5!IKI!BZEkohMz%S$=4=qZJWyTKxE+nx$VR7=WD8h
zgTt>f`oOB&6?gS^Lq}?LJ;POp`B+<=m{bc+N5@Wj$<<XA24wzHs8$9DtUXYT7mf;W
zifGOpbgtk_;a%0yZw1N%ddMFtMbf%S-19+QS4KZHEUwOkn6g%TY|%nsvoF1G{SZ}4
zhycidF9Dqi41(HUKddBcT^#CT3u+vM@1%jp(6&{BR{XH5oj({Nek@ZnaF5H=be|Pb
zZO>1+8RxGIEp<)=qkkG{6pdfE3ZWt<=#G7bB|n&pu);~Gzic9Lmi?$VrlQ_u!yize
z$h|QMDkWC)b6mGjGrLLjedNaogf9KC@Xx6?<7V6u8%)~)F?eee-Wq&5VC)KKrB5|P
zu&(giv(qHk&3g`pVm0<~3Rw4%PNw!4Pp`jrS<8IPtPB+p3Oc0hJf1_q!9jU|j%i)W
z{41KrB_4FsKsvp>#b{U|JkWR+#sCN87c?&^akiDp6hjno**}-=lE8j^%xyA>?)r&`
z#;wSAuj(?Sdf>`7vEJ+<G@^H}Wl7*-f&^m=Js;3CET1FW3`YyirmcAeQ=*(vofTws
zWS?(~08cN4C;7f$Yrp<uVPSEHh>C5Ji8-QfFRNElz-?R3JDKhl#(_c@Ldv^trn&GX
z#D-)G%ZJcK?f6FDg`Ae5<P$Ixz@Duj3D>_O3Lmcrk{gLZ$YMxRj+`L)kVEli0Qf1Y
zcAFg?QUFES3wAjVGetK5Kzc`!0j5>rq=*DwJ+o?UjGs*DnyCIY0C%8>U?+>h0w$T4
z9dr#aon6?G+I5Q+qg0NuD33Qlc-eiUyF3|=lqQZSBUOy;DgmArv0Si4<^w;rU~RU9
zO()Wah%h@n5cA4VZViJfpJ!=(tzm?5KmuHX#cMCX!@($se4uEOIqKn^S-lWNUTIcY
z^yX;AMX&Zq;_;ks(1Vyl^zOYyYbRaUYe9=gfC7H_9x~jELaKs_>w~`3lAf1(J{!8r
zXxOvfbZ%17F(jg^i9xve#oV;}96IR;4hbfVbq`(TUe%J#fMI;R5HG(3w-w)`XY+R+
zX-{kI!Dq}S+@I&K2wKr5j-KB??ffX)7es*e*IhIYM)GG65K0|g<YmIg?a{@U*K4(h
zrZxb*nWz_^>OoD*j6pi-(phbDz~UkYkS_$|#;=JKB~TS^-dB|(S^S(;mZv})KBw{U
z0=pd5HI&@Cmbp1$8Ry}Fl=B~<&grQsrcHjp73`_A&0POGh@vG`Y8r29ho7CNY7cm4
zfKCE{W9x-wqFu_N_n2ML{YRa@!v*8$r={p*f7jt?Kj$NjGhBT_ecU^`r3O2;Y?z=5
zf(CMHbc!tYeE9^{l~6Sm#Wx>caA7!rB0tpbraf?D%xA}LgI*dgL;tC40MD)TQbtiU
zh8HYo{%54<Vtd30G-=yR562ya;FNE7t!JT%$R&K-Y`_?H57NEJ`18;rof|;d<2OMB
zc)x~`fdv<`aLkx#A3vQ|o!wgDkNZ8etzgMq=!Glj6!&1?!lM3OSAuVCRN`P}9S3>O
z;)DZHkY>j|um}-Mh(Xbz$)0C7H)lBA!T(VOqT@g2sQ}j%DLibvodn^GvrIIEcv^><
z-lN3&@kI1+5X&7i>3y(lg>LX+8>MVTCxb`d?I1nqT4JEnRL3;=pghX~zyL~I<cLl;
zqjoWjT)Aw4^7d1FYYD9;Cz+zjt8R8}*7Ole*N*KDH3D&KEsuCO^q)XSWim0D%Fdqn
zE|G*bJrr0>0q#R$iAL0EBbPbViTpvW!!G&;w}QA_-~C|NFf+K5y7aCHo?1vLi`l#s
z)))CR+y;AG_sXUy(uq`6Orf3Cu&Eu2PsP!JSi4O#riVjABN!jYVlA{5<d|eW(Vs?{
z{9rJ|;ox9*%oska46eh4o_c#^(yii$0m<4h*1x9*hat5<=n{`hwnDs<F_4|Y#`_)C
zUhtBjNqF;a9Rhi2PQL*If3lnWo$}&N=6Bbz-$1whVmxXNb>fy(vwc>S=wRB6iA~Hg
zD(M1C(2v5cb5?h^tRLCQ+`@ScNHClBj=f9SVY8n>&ikY**4UYWi_Qt)CW-a#*O@%M
zAfgGFQRQ{22o^(&_rwhLg2JMTY%>%J>kj2(5=X4)@Bjb<cpZ02M_n;T)fUAOtPZHR
z%sT;x>v9~~tpE=o4C^SY-l=B9IuLka><9AvG&nX7hLvz_%;iR1zDuGl5Pi5k@ELXH
z-{6L?jGxds?68oVvs=H40cN}6$eyyww`C!nZA);e9C;aMg0ss9iI`@?F*rvrWX3%X
zad-b_I+U`1rdpRAiX9RSZ_n&EiUqWSPU7Cg7(OD73v~{PA>%M>ZibXP^6KK{N<=!h
zO+g|WZFM~8-d50jSo^0(EDDDd$zA8ed2B#-k~q1Xy%S`beh0uYjcwHz@T?fvd6D?H
zab&ytH<Ow3ZKQ=2Zzs#BHISoa3S2WKzu+sT5Jzk%U#us*lJ0b%nR!9;!43;uc_4_B
zlQ@JgqnGcX=J(k`{sS3aw2$34bFURNNwIA<;>3aW0<A7w7#f*|BCG{3X^lH_(l0vo
z@tR{Dq=XOw%~sqD=WKL&@_?3O<m|Q?<k&QHA6J75yC>%y2<(}e<iArK!)tyP6e84V
z;xK15V_3rzG0dqCj&Wovl#_@HmHr^Z1ViqWRYUNMghZ$cXSM*~0012d4ZAZ@gH?)F
zaGgOPXh+N0AlL+$Zk?js)#}oLS8|^rCLkvdZ5`4kl?B}^y)8E}U|0E6^h!)ABXwlI
zvM$-?3mnt%$~82)G^kWpTY;PBv8bP*48>>(=`v0QPI^azgE|$aQBXtzIN;yQU~awt
z{OuMO01T=bsSrpMn(4Jy8CzEgfuBCGR28Xs%sb5G=#F2ws`#Zt5=x^u13vRUYOdZS
zFuLgxp<H+{51~i>5Sxl1m06{p;k;eHUi(Xb!~PgjWaMzvnR9YaIo2~N03b>oi-dU4
zE6yD8SRje?ZxQrui_zL|0{7bJ%+>e;U&K8{6CO<!z{`~uvJ=@$cRioXVke$}K91J@
z&GLK~{^HEzKRWjskjet<%@q<+Jq-<G&}CCcB*AC+ThuKQqPu{sTXlwk05}vO3eKl4
zJ+hTDdV<cWWlWOcokS(Sh7<CCE@AMr6pxbQ35T3oT$(EQi;bNb1}tkN^}^~|xbW#;
zZ>E}NK{YasyL-(vjs?cX5(s-DD-xTQdIH|?(%3PUfoKO2U0Hp~Puq7DD{8lllwr$e
z(pn;dwj4TX@~b*ldUPnGFae%Cq}KYA7PeTLxKS@-^BBd-0o+wH4Y*HG0^{n4(Je0F
z(gLLx_A+-rImYx}K*VUK$b5%XcmC2EI4^|k+1pq$%*bei<4>|lo&J`lV|9B7Pq><1
zUl{*n*APhoWI&jMqp`AxV*~FqCqh5qsF5JC7Ra;eEN#q^)o`~;W#;W&J+m3mi1l-l
zUJ%ATMQRb`rQfTVROt_WWlh^pRbi#bQSg(HkK{5d8=2570>M`H+Ri}G<$s!vE7PWK
zMjz%Zh2@Bhdo~uAwcNPFyM})lAB14doF1`h#QqtU%Q?Z%_~}kqL|0(ti<47*CxrRF
zd~S@j;YOvim9R)?LiO0ktR!i-BkW@fh*`5qw|Iw<H(ok}y#@mIc9yi%?m3X1CBMO$
zk35SbpXRDZDyL<_215t}kn!JY`bulSLqJwL^iX8B<Uh&Q`wXiL<?Q01#m$o;vz4e{
zSqevNp4I=47E$*Q^f9bREY!M@p<Z|Wg(MZ>t)ktT$XN+#&r^-KLI41kn5>fMk{bB;
zv+@$>hItO6(xl3%kqj1sOylJ$6y#PmRl{VEElyTjQ30(z3%ng5k{MEIcFe_Y^GLyS
zg9jDJF=u#tlzZMNmdcWh`R?^6Q=Gt*s)a55^XNSy=ZA2O`5T7zIbhNQl#p&ejSuh)
z(VZ=I$fv(7MiYmvT%eBLSREz36em(#{ul|Q&jj#b5Kc`b7F~~9mA!@(<BNZNhFJgk
zT!)wUq1k%%nA-P1xV8Nr9pNM>4z>L0$T||AwAFa?c30$3MvjXEAvR;|mh!r&nL61c
zT+s56KufE@2VUAa%tmISZU+Sduzp&pDrf&Pt|6}^=CIr+7{nvGysO%0cZ`J<sJl+5
zy`~>KpMX5Ne1`s4dh8^s0dSC^sC`gR8s)bmhSX-tdipsc+!F+_6r<oJ<tsk}^y#wh
zwglCUbkY^Prp`zKu!t!czobImL#lCEGZ_RdJw9(#r}G^Wl!xy=hCdVzXmN*G-4dM+
zL>SbWXj3TqUf_eDTR|hCgRq19A9s@>#=z?<q@U0B#U8XbFgDOFKDOw#yqaKCabF2a
z10_;l`ITq7X0i`z(b90HBqd@51y%^HO26pNQQ-M&@n2qJrnUt;{z`ER2$(TwQj3Fu
zYjzCe^aAiSi@mFza*zVHVirqbLQ|>pujI#Jw$gti?{8~qGX@Hg=z#?$vBqQp8yNH}
z1wp>RA;Tz7tuAcXTURHUWy&|ek`%RMLEJ~*jZaC%ml9!&z*Qr!lDwFr^mQx89Q5o&
zp&3w#nwHbV&|=n|E~|~IwULt*@QJ{$Fgm8VkyUs5<>!gXc{PXrrj;rV%jV!I)jZ8#
z<J;`)>%{2bBWpc@YWMvg%8}reNvpW<FTTVfM!tcosODvVvi!}yw|gY{u_iZG@|^*o
z@zF+j1V&|22R{t!Sab*SRJq#A@8#TT-=sqC`hoL85HF%ed;X;9&}yG1RY*0OzruAx
z_f|tx5M)$9)m-mMU%fLcm-vWOWALH=aiBC68Avb<E+z-p9l*?6!S@5fv9#O^j-|W`
zNp<b^59BLw04v<LEj)aJK1W_T^maD1*=P-2Nw6U_^4gutEa_oZ03oZ(0HS}95pzDs
zYQ~80T8luSc7l=l&iKC#L;pG4ILQPw=N9nGfP4oCzFQzwyn0OJC*=NPO<}GaKQ8`V
zR@2as2ioC85C?vMY(i3va0Cm+ofF;@a0z-dj5ODX&iW-FnnANjK=RUHKO=6A2fRLb
z5C$X15;4O&*O32<X_AvR6gzcYFz7`hbVk&*N0Yf*pb({_cv9r2Dto{5B!-QS!6BOw
z=46+{`xyYNbiSMb-j86hHj?=Z7Sv7kZV2QcwVlJR7Rp6l<jt(GlngEOgCq!y*~$qf
zq)xtgq3x#t2P06Jsit)51EI(qhT#FYq5uV)f4_XWneVUrL4V@~A~;#yWGuR#d!Fv1
zyI`TSHP?dPkN+jV(1>t~RswS$L_%aI^ib$5YCQ2@@|>)&->`08hBOeZFa+#f0q|BV
zS_f64V#e^cRnvX${rhc*=pIG)x@}tL`B5VTP3b8e@R4X|l8-)q9MM>~y&^Z1e}B#(
z+5QM^W|OH4alETpD5D~+>VhlIs>#FydWMXryRN-Tehf|^yh)6N;(`ArAf@T4J;H~n
ztKtJCQ8-a%ZvLvz_RMe~ycb!Oz2SZt3g#~OWDyy_0U9Nf|0<?Mgmh&?HZi{Iao*Zk
zeKp8P6Qai7k*iLoJ9)qqpjPqkh&jLXX)xw6-mFF{%vV9{=}HCGEG57VI0TGU(~+ZP
zON_%2{o?#|+xtGBLak(CbRNWkk^lqs{t^*{r}T8ArbCU>hR<1nfNj+!l^IibuSyO-
zVE5vd>mNeU3L&{ook?}7=sh9WRg?rBwZ%q4xExfwzNQmWV2-*)szZFVm$H@gneY|0
z#hj`fyd1+ff60Dq93b(PM$a#WFB)R8%~3%Gi!ZDZ2B1|WA*IP6m&=VI2^|!;^X%u$
z`yHv`-?F6K?3WlXMORl*x^c^T%FAw=jLj`Uu|%fT-mDwLDU9^{fR9+S93Pi1^Re_9
z5z0vo%;|9sBmfkcw==-&k2_o=>ksiPNKY;x$)Erk4-~I{6ij*`ANk2^)0ui9DL=HX
z$j9c|fPKu0Nd}3xCt}YywC1Z-m;n-(3C@ZDjO3tsAp=4Kv)O<nvFss2D*#<fs}a)q
zv#DO%@l${zTN8kfSXTGmA#dl%5y|k{_noSRCf7xrOc-gTPn1w42VPC}s`h~kDdd#I
zJq1ctbH8W+v_f6ALHhVpT!SrBzXce5-x>2?jp+vjV`X36nCEn~PQVicHjUL7-Tr-F
zk|w_+e>ct|h#N%PWXJhUqxoTMAX!JMO+hZuF8$L~+XGsxRGwsTIr?kD`uH$+!V*%*
zh~}ssB54W9_^2hcgBWY%2OGiQW^6ZEnZcIVd{;}o99cGq^WL%Rq-6{zuE|cZN^)g$
zx2&;EA;;RngHeHk>BD&t?pIy!%|R+%V^2~f*@H$pWx!(yCZW&?sD+{~_w0~;h_Xn4
zKE+Hov5TexVQgk=3lDc9ubr!6j3-thAU9u{2A8ZuzK~mg+lLAj)HzWF*0V9>9WBM-
z-~a{@^XqLQJz*>S1beMQTAi`#pvfkY?A>c%C0YS^d0I0P4UU7eI&8F<4&E{@$C+SY
zdvVAd-zK%DR+hc=6A?;MVOLKeJ}b|rbepUg3$D%aE2z&uXmVWZ{0+IB|CfW^>_C~_
zS#6VH{tV`mg$U@KAlt^|5{4iI3Ft7#?#!`0FM3a*+vJ4L16i?#bh0e@*_YJKplDI_
zCVh=Ai?YuS!6jvcb}G&is3Aoe%G=in6hOi%Ed#!*xR2o-kVZKC3PgdBTyS~Yi=PjO
z_o`TOGL$IWj9Yn~=I|<j%uiR+ic3GcIH*aB)kiBwU?DRH05YMhf`*<btx<kyTN8o}
zz{?#>h%LHxK#<C~&Q$&g2&}6Fk}IBMk=$S8)r5+xy2^K*bU!HYhLfB6*6g<8cH;9R
z0@44N$weYNhGVyQ_aUDs8!@w^4(Na+IFA5kD2ym83@!F2>88=0DT)i`M6NCnP;Cfe
z6z~LFVrMx@S@uKSr^DKpTMCeWoB%$u!~$B40xbT-?pv&0(kvs`F!!bond>yp)m=O=
z_9IlLoR0?;Zm0Mm$D+^x1WDvWT)y<bf}GWX8`>T|LrgH$HCFyQJ7Lz;5no6nT_S6I
zl8nqyFa4|4^H2jgUJ#DW*0v-6U;qGrWw}g4pg&RIK2;td{Lr4T0+v3?YIvTSUXKuo
zp?y^ORgn(>6n-6IPw#xGtWKqmU1EN}kHIkyh_<a))7wZqlA|5Pq+RA4tVSMzhb!M!
zEUZ^}F^KrKK0UR<oZ1{$36K1SQTcawq9>#<$>Hnfksh)A00a`*(EUDRCKGJbA-&zO
z#{-HjU5-cx`+*)C1Dt`{v60usT#P&u?raAIp9)30wZ0Uz?UMu5BG*C6aHY4WM6~kx
zhBtF0jM)k|T|lNS#&57_$inJL+YI6UwecbaCsv`sm(OQi{8RS3Jr!V0d7xPWP#+px
z6zl<b0viz2tIuJaH@>8Z+Bw`qV(b7Pm&7&sNI`_AbEsCLZf$%#WM*k-HVD@W1&72m
zHkD#xI^}2~UfrO}<6s{~yJPD?8qPe?#jn#I2XzZ#t*OsnjbIRXrA(+4$JRd&O3bep
zBTo$AZO!A~Zps*S#cXrSZKN5Sx_D{xZ<Q3}5uZ2Xy{Q^~|2!da3@9{BU$iF$B#ugp
z!D83A@V<nE7vQe0^GnJH284;t<r+PJHW|=OW^9QdGcSsOe&nKm_Rc9gK-vFX5D}D@
zH}z^L=GgN|BoKgYhKrq8L4op;(eMU+hHL~{zv(>vq^*e$nfMTnm}o1;@g6Tz!9qud
z=koF?1e=qSj;m*#f`aovigZKWpfzv8Krf;q>Fqh%o1xK9a7Ey@<w&)K)Pfd_{d(!d
z^4v<R(gAw0`PIPJvf5x)0J&)qxBN0dpM52Ntn-W(M2{(hk~L(CrF?$J6>!u0;eOVw
z=J{zw7t5t4<Rb47V{Y|zv18P>sj@6rn@gwk(NB3H9UL+e%+R|tI<Q|Wmm<hA${$B*
z(Qpc&Bjx!=WZaN#`Oi1W*X5~7e}H$VQ91TYh}Thx9yT{{k!cd?w)RqH?e-K`%Gcer
zjU&j8Ep=}#jFT%R3P?0CGFQiFkvbTfH4(!%lBU*=z7eeA<te-RWLLaK<bVwSEN-I*
z{NHme4fLM##$FzQ$*X_Gf3u*R_O2Z4w$Xsm4xIrdj+AzngAsV?B=IfMcC)0*Pa^L1
zvu{WbUho^>3qk7&;mPFWn92ap2jbO%uH}FL1;P4<(*V;=pa)^hQ!oLqZ{ty+K~9yH
z?3m8Kd3XaLJPf?4dx~>X-lQ2`_1mdYAF@7ruRY?~koQ!$@3Jb`QhFUS7bkX~g(w~%
zZ84y;+N04*pZ-6LCBhG9nEFc>AMy?Cx3?i=D4Au#b0J7WFvRRm9gqw>az#Ejwl7f!
zpbwbfe;^>|`cE@<U{U4zVjk5sU!*}e5d!aLXqW0SHIs%&q7t*hexS{^6TpuE4SBgb
zZ!h`hF~1Jyrh+r0OX-wM_mcwSm1|5+qHA1G=un1MbV(Z2jCL=y+0QShX&-KLkSP{c
ztlUpF_YGHJhpR)(b~E-iq#mW)X!J0ZzKrf`-SNu)$t2m#u5yW4zH9&<o}^#D28y<z
z2;~n4DFsxc1Jg`T@Q{5U>E~z`|0rJ(jb_OZ7!4i}I@D4Ir-LNHz0PpE0W*FgB(7BU
z>#)wU3k64*G|M1{;t(+41VlCQ0wvz4`4TsJruEKRPLi(*ry8hUbwb5Zx2Uf5sIDrn
zzq1T%ANM^vO@D;=mR9dsYwo8k&KPSahRRy@lg(}FAXPP~QcQ~x<SHcV!XZ?O*NPZ9
zTfW2mu3Y!glD;F~4H_cF%ZWm&v}NuCl~Sk;BJ7VRedZu%<OYqVm}wm!qHI8z=54br
z?w?^tn6x2*SX@<_-C=*_H9P<}K*+z(-6j>tTI<NB=41(s25EK7a2HX8E(<v&J}}(Z
zjiML`BV8&Cf&8r5>lRJWqH9e(*L))*?(pE1)JlI2HUyMqwoyU5+j&;!_j=%r@%!4T
zGvjHa7chJ2!pf_psX5pzN9{E!&7}@lz99v1LO5qIrN)PEd_D8qaOiU*8gDMC7N*Gz
zyFp(kOo3t;XuqJT)j7;TCn(Gul?Ley*gL=$HZNcjKowrBI;S?33?N$}F)c6sjr!A+
z!7KO&g9P{js9+s@3Np!jhl6PkHQ4xTg1^B8QW<&e0=t;T?4tK!x5A!?nJxxeq(SnW
zFLb-ej<1P<+8{=d(VbKdLJ^|sKM3TNeelo4e$?hTRSJ<<C`=!XyJoO$(tMFNW;gp>
zW-nUl(g=L@n+t{Op1GcLW#W*=ZWF#nD&jvA@i-j4{_XbR1$R<#*)!e3L-R2#;08uo
z!SOWdcY3KA`kG^9+!l-p8FAnsSwI#*TI#@U%*)5yjr=V;ls}*AfzH56fGCL;3l^3g
z$4;D<bMO{3ZIrl9lE>}Wc=+)Y9mAp(e&ZGH2js*u5{Mr*s7vm4AJ>#n?eUOy*cA#O
zgm`zOixvL`>~03=MI9zQ9e%NN*%Pchh>~Bla}utbx>@k$>HxXzug#=ThhWJI4+jGH
ztfewL+X{zZhT_{LBk%wm<AlB*Bg>7Q8%g?raiM~T3Z!{qjUNc@wg1rxyrkBBTP^=}
z{U32A!e+`LQa#A9q34<h0=Q?49c#=VAmM;+t6_73*Cu3h=jU?(AX)*ZpqCmW#e|5l
zSA7c|=PYWZxq4&{5tufqZdw!&{xhmObo%>s!_+z`fB*<&u)i@LGY9@_i>5F^EjtbK
zZoW~VB6x_d_!`cb$IT*k5HNBB-Y>PXZhPE9t*38ZA`qZ9;Z7Etndg{)Socci3SOe$
z0^|)Xw>duhQJT>N1RViyU)O8b-dt4a>~cLZOvPEOqB_d4zctdy@#`Y1nr6Q&Z)=41
z9<L-gx%2*ik6GCriB3dBM9XEJDS7kl*GqTq$>!KTx(;}rgsW8mVK^=_g5AFHIuaxK
zlfPjF(E$eV2(v&V$t%6>{m;~y?@cyZxz>fvK6aXs5I`1NbLEis8uxmqeg(ceXOn(i
z&NUBMe0KP^L@8;gMd(rc))%Wz&Xutmhr}kH+W73gMsKH&RX3NA!7Lx(oo)y)$MrVw
z=!7HH$~DJ9_F|}J*%H+?N;QzAQ}A7C1TcfW3Bk{)PAF_(;Vx&4&dkudfQaW55;Q*R
zj8?Qc&p%EsllxJ#fj-*{H6+{=RmX^nl-Ow<pJmWMInBv=+5ndI5jVEJLD#`p2VkNZ
zvF`BM-gE1ExM0dmdlo4g>>BLiNl%cZVitT51L1t$I4pr%0L@yfLiiVKgFSkH^kqo>
zu$XzJKH(*8SRrboVS_NeA1mK}u=k_ZoVRF)UR7OfbQDOeoPIvLgdw^v=)?RmMG#}E
z`PPhUcSt5-;BS?T8^MEbxBTULU}sa!5OxMY3cii3_l7TQyOHPzxAsp8Dr$o2?n2+o
zFm&7QY35lX;Rc01sJXgHG(!UXl(8wK7ws6m=^ZG)Km#ub5j8VVd+rK#b`a#WV&ue1
zln9?(5{%ub>kUk>){2HvHvg$5xPWsR&0ER&DHe>FXN53*lvb68G=k7rkr&Fr4){t{
z3w&IAxR=IM=2e(%eT$3GJUA6SwzllBJXE8&4rNV|!<fR*PfAv^l_%Y(sv3r*za1Eo
zn@Z*$>Kpfy!g@Ul$^@~-3-QqY0$a?9ODCjTq$_3PQ8ef&@*+z<UQ-bxOf1;QL-ty2
z;FnDekF{nt=s@4y7s)GgW{m3>UmjZ}8fQv-T&T;CR*mD<Vp91HPA=sT6TiC-^w2%~
zrEH)uuO)^YinGqp>62D6j_1C#Nj`$D#+r;zzM@pXlLBdHmNKpNb+1n5RS5AIcK&T^
zYEH&tu2l~Ahpv~pt4I!NP_~-Psk|Q_M`Y6#W@?xV(LvVzk2FXZQl~V9yuJP!A4BiQ
zI&pmiUfDztkX>_t{>okz@N7-dnC6a3<+|V~xd}!_PzE!8F`2ggqDZIxKtVR2O7Pm0
z?R5CxJ?3lYYVl?>bt<FfAayB0M*{T)hg4k?oYLUrS%eI)jMor6QoJlo#hlH!AWwy~
zm^e8Tnc;2EHnFCCV$<-ZmNO6DpU0%+p`>%i8*u&K&7=x=XjmTIMYyq3tVC>e!lW3K
zsU1o8Lt~CIqTZTQ$78CuAC+tGQeJR7w^xRHfyZV@6|Z!>H%k@n6)kx&kSEW|CU}?h
zKq+0s5a#AR>lSFnY4p{rKB!6K83G}(TcAArAF`G^O=szNs2Fy!Y3cg|?}M#8bZ>?G
z<$iGKKRcG`c)jF-o1ab;4}d{)KfHl!YXHv5;o1NPsx@5TGeyWqw;5Lo;BRhDe`Z&t
zXq#xt{HX6SPpv4loX?mI?M2=Np;eUQ70eF`#WuiElcMantVdKT1jR7owHx)ns7r`a
z_JkGi?$`09Xg3E3R;<sRdFhZ+%J?VqRMpKG#B>02m)X-d%1Vul1gX({JEWr3&}&Qj
zYK{~U`~syKkOxvE*2MT&+;2FL<)6FI!}tgZ%<uup#KGE1V|i1&5<%^B3n|gs9r>L%
z5p<6Z#i2&SZ}6|Pyzk~-!1r~R%f*|Z0tb8ff1ZWM8g4^6U9ak~tn<Z|k<=My03$%@
zd2nM~w+@LZkY1oKE3r=+l(4SxLE}X@2I}Cz^8Y+B{U^F{(r~1Jw3g4hy(jcC7}_p<
zjAD25!hQ6*KOotlHlVbN&b<~Hl89SB80FTi8a!poU#*wsT4laEVlfQ~NXq9fTQ78K
z(0fXhTr2{E4hXy%j@8YuB(d>}-Pzn!PiSbQCkFq}zf5bRB1cSs!PFvO^n~F|ke~UU
zWKeru+;Iq~I@$0fq5)Q0Nt4$SYM7kEQuxhCj*-`ddL|a}$p!S7Qqyk+gl1(*6kIFk
zk@t;u&DsU31~0~;Idw-i6hhjCx7eLLS3vN${xVx3Q?>D@mcJMQpC|gC6O!@h{Szx8
zb?n^qDl0!&wAC)~K;8tDeh(E*sgW6aI{5I8d`~9Gwy=9N(%Q@gC0VidphNrRMtC)v
zZ0-UI;>-dRnvU)bQEx%P9LLQBlg~U-f(nbmCTQ>h3ow4ff~7#G9>q$t(&E9%ClbIg
z4I9aQoV}}y%}~e*u<lR88T=9TiJFgF_+XH&6{n-W|Br&WHX9Vn#BPghFhKA9z9g%9
zy{yess7b;VgPpI+g`%j{l#8hIB0uwL7aC@B{MIBEELG`1&Pv)gfMt1qQY!j7NRhK=
z6BGvW&8-__F*aJ>UD;u(4EaIx)mItHGD2TJI?WF-O;0Ov1;7UsFZND!cs6(MZuf~{
zBp7VlfE1?S5u&>SEWocvUa$O@gsvsp6vg5Jel{|24P!5^Ty@%nix%Y)fCzqUWpDw?
zl*ET`E*r8|PUvrwf{wtRin`BtQ7}a?%kYzqzqF{#zXr`t=z0J^Q!k3LL_wgAa9v5E
zzKWJ&ZR~SG`}2oWufR)&1iOF%;b<$Vetbbb*D=*%L+RM=fCwN&-_=Z7a^tN{QZ2AP
zW+Mw|$|a@-V!i0s4&-bq{pm)7Tn8w}?xwWoRKXOASX7J}9}~IXnW!XeU;FfeN6<25
z!JTEs?@fICk}-yn!HW^k?Qf2l1obv!ur`<)!gdieU+f5)(>yrarHi3mDkw0kA#Zj0
zva}fo{K2Arwt3Xsp<n~uD4;ZlSJ2+bk!|8}=t>@Rv8qG?&UXB8-}m!UCcgv$HyHB?
zILU7LLzK0{PdJNf8-eTpC-h77v?C6$q;kOS-p;1hF66&{KKWw+qMW;6n`?^V!~VEi
zV6>6N7X}MO;vL4QJ1s<Gi?n|uo@XleTY73RI0kFSJ2Zfxdg{gDMZN&xeIl4TJhaSS
zi$<a*AsR%93&!|I=KuHK2AlO`l5%2r0Ko2NClpv#CEAls9m`#oXW%^j$6&z6`g(!e
zP_<^p4A`5mXpQVz2^GIY{LP(>`iCfS#|+3}wUNyVkd+K*n>oL~DcJP0<Tu|<aUQ}N
zJBR#dCg#F?{ih`rSsaVh%90wVLa|L#3U)%0;S`o`AjP0S^Kg$v5;3%anc_);wbua0
zOHpF)PZbpAR~DVddI`%6T`g1GaGswEcr4F3)T@wUKlaGb?hqz?CcV^trx=A)Dn#{7
z+cSG5n@i0dmms-11^*FQr;|Gt{~5od@)82zS}}8YM*sUrGHF(=Y0$%(cwKn^*x2L7
zl+P6=th8fYl?%SDICnpWo5VO*3<WKXt5lT!piEf@BQTDE&{i!2=C}jJF$aZ;l6bOh
z7jtgS=NOq4JP$Rf*W0e$solt5C}!oOC=4}IlrUl7_RP>r{I2Dia3ef5lvgDywv4-9
zH=VX@$$sR>p$G0p4Z3nbOT0R`b0KKJcuW(OWiRz9C#CZ+4btaiPN75U^0CJRuJN2D
z5wIw0@n0Js-K9E*br9*YG%Y+P`OhZ&`B(tnZQU=3&h2vatNF&ka!tS=^1vN3%Hf&s
zgR6Smw1RD-5ExQ-hq`@(P3P&=Ta`Tcftwj_mH-MSd0fA(V`!7QC`5y69YTl)K`1UV
z(PhFGIw*9NG_fvTu^sG7@duPF<kWfDPXP8qzw<n3V*kqB#|@wn9`Qm8uu>j>m~aY$
zqs#Sw9hHF*J*#4?wk0kRa38`n8o9xgrUVZb^NA#3BfMW=%*6!<Fu}D*rSNFA37Mp{
z*-870ekonQ?X8%B=#5KZ*m_}883Aqd7T|gWc5<WSDgo{0G-%p?c#7|fe#dU30YXj3
zl{-nxI<t)Qd<Vn^+boJM>YKHm1x7%0`x(n7O=&rFGgeOi-3eHsq|J>KiOQ6%zywPd
zcKc3_*!M=m5Az^FvG5|>D-G{~zUMnQ4I-03ackse;}NP1z!I5u?+XP)I$0V#H89y5
z!o{B=$GruaRuPM9X-k5AQ_3pQW0QXE>p0m5Er-;Ga}gy(6%gW4lTLFgXfTM}>8fOs
z@&Mi%e$B($qnB@k|E8o{WFn+qXjNNmIq5g_et7S9_$H|1wd6O8MQLmut6E3h&s9*%
zX||>-+Q*Rkru8YSV6yviU_M#J7N49s2#|hb67~=LX{5wri>6;487e?i$5}|_Wl^MK
zEvKdzI<4<`c&OeE9P&TjVE|j0N3nDRs&D17*f|2Bm!}?cW|3hzUWVwp$HoLyFG_or
zuxOc%!7wGlA9L}c*^N>cuant*PBCFLai$AjN;FZTpXx(1tb(}nJB{;Ja%6@n>zYMC
z-0s*;ovrp?_tEibxoT!!J}D^2hROo6xle@Y4+kTNyP<TYDE|?z7UF-Mpj`ze5XI;t
z64+hJP?8f#P_P+K{68;P54t8?ERL}JtP+7@8#VdAK#ZFw_zf1aztnw!LsmnecJc+I
z<_DETh|DmDAVZ2YI}Zbj(cQ0b!qC5Nx{jEVK1;(`*7d<M?<M=XaUN~slXA4%cM;o1
z`?ORf(^IW~3&3|fJPT*rhcQm+46#k)gfLn&(=q)esc&7i9ecr)^Q<l>%)g}!iB8B?
z;#gRGal$(pBb*V;DLtK@=7#=_;{P0GAZDruKjJu!hW!${=5=IF)^(|<?5y1<LMyN-
zvrXHyv1nh|Rsio`Ii!08Vg(~P`jVq?b@1q|0N;HNn_mIf-XY35w|RGBMz*GR*jrDN
z2TaKolHV9PowQwOMLYli$_J?z<94G0Nj0sUaq~H&(~8Bjb-VzVrBC*goWfqXmyy5z
z(gKK=3_|;idN`x}yIqt|!Mp(`n{}43gy8H#!T!7xXwA>wSuvA^(t4N7TIT>IjeXs8
z#hIAh*qO(cQn(H<T#LP2wxflq85yt#KzV3K3t5TX{}>ZtI9!aF@9K0Bc0~OP&NwLY
z9tkO|+=C7m>vAp8)Z++om|=YQk*y9iyIQ+yD@n3K>0%5R!!oj-W5##P{GKA_Ojr%0
zibhEf!=7VY_TC?{DLF+IN0A}DoW5)0%N8gs5|9e}cw~fQ+R#)^TrE1Jse3#*rDNfk
z0Y*jU;L+s>CnNpJ49-oh_gEa;5^AHAr(%>}m6i?`S}v~lg=xdIjp#wvs}aVswfFeh
zZ_uXja3o`R*II2@nBUlE&aPZqZZ`c`L|p^Q;AJyIvvx=i)yP16smG?J1euPsK|RpT
zJg!+P6woSbe=ZFlnZQ`@mBZ!oDtPDFV<xRqlW2$JiTybZ^x|jIBR;u(QK^-=nHO%{
z*&$M><e_I3QP(#7`RDl;zvyt5pwJldHDDl{iaMR_r|PKDoL<l$?u7vX@QxHNey;2)
zWM&FC-xQFPb<*yZ0PgFYOUx}j2@<&@x~PfH^a7kZ+<;pG8>^x9Rzg`DBHC(FxoZP1
zBWJoE=y^X^gQGBxD0TFWL{h~UXZnk~bz+o4{vVWKzQHh>Tl29=z#II_rS26(egInT
z_1lV65Pmmmuv>ocXgyjiz+e<u=J^N??9}jiES^W_7MUA=v7%tptp2-*BT8#L3by!M
z3>P>5;l<Fvk3lQ6(05;GnIDrk6{bE^sm>n1nD_|juF3)~h>e}k@94f<5@FBDK`!H|
z%g0r({>SANH*T(RKcQvyAcA;;%E^bJH9K23>s7)vlEIQhtElob-@OPt_;)tAM;5Ep
zg60vQFD7D%vlg=WSB#|~Q8_9))QL)?<VbN@cbrd^5eWG%e5m%`P)<@fAZ#sj87@dG
zck*48-m#huuG8OP201^IGQsu~6p)r^DMS>jL{M>)OaB8drR$MZPz~)0!GjIIAFtH+
zu}nqt2V>a3b14QLnx`Edh)teK;o&klQoH4bmvYg!20uOFIf+z)AOVsO>6B(>rL?MB
zFry;9+nOC(_u^a;$fi#jE#$nAZEqQ?YqFy0YN!Cm_(=Bzqsj&DU(D32CO_vqgxz-O
z0cEULSgn#Kii_@~>z;R;WZ*X02{yo2`T(g9pV^uD_+p0CMpC-K;$hI7;KkRJ3x1ed
z%{pnz1NmVGw`T?+HO|R_5{|D_Y3?B3<Jj4V#_%pf3nM3&5Zw2B<{sqeb^)J@+_`|{
zgxA`?ryjah2_MNXj>sSz`zO+}WCzmdCkQZBF0bz(lx2Cj@I>2{9kHlbbUip8LdtqE
zW%Mow(>6f~0;d|i(>h6tM>b>1)x8Ks%^%SG4Et~yo~zB+W)bVF<7ChM6%JSO$(8ru
zVz*lwR4+3LtmSt#e9EP2f26Dd>@Q<&`kAtB42PUFh1iR4RF#@dllTEXqRJ4*H}n@z
zOQL=^TI#>Go>lrhN2<Y$WND@FO*M*DlR|#$bPdTX3}*K}n=}&-)MyB112w)kWOETL
zMxA(+V>AQi+Nhw|;`wX)5pudp7qi3DoRv1+225R~@Q1+X0J;|8fmz+RI1grOFw95b
z&#tJJ#D?UhU;yvz$xxSlcIDJ4PodA9W?bRHMI8tv7i0GU55Gi(ufT0yd>JA5;Gr|d
zDi1Dgg3+Luo_*|xL&bvc%eMEhkcK^Ptugt~6mJg?4@leebjk?#T`~m@C)OwXO&wW*
zxVtu}2l&%dQ81O~9F;$j(g^*<enhGbWQB$?R6-wg?{(U#!2-}*NduS{+>RfXfPKMy
z(Y*_97g|@Kt4+8ZiP0d|`h~ydjG75?+vyLq1rd!f%>V!qfaJa45T5h^WvtZ~b$0z>
z!(Zw44wwTg(R)g!7ZMj0^{=8T2+ZD^XvY=6P-HljAOp+)y^Y1_wZ(Uxv_1@Sq^S*0
zV4?m#Fnd@pC8$%UwI#f@j|jmE9O3E$Bc3^b+?L-;)QP-%B#`-8fby<DlTkTOH0uDh
zD-72zd2cZUuA+J>N3#Wd!#~HptQY49F@0}CeZPbO;BBO(sif1jTf`7VzD@XixeWRQ
z69ZPV2V4%l1g_AL<v@sp8Za@T@|j5*bx5HapJXb*9tEm0(!88a@w9pr-%7wK2Y9`_
z!lZmb<N-i4x@3w&>}iJLmW4B**DYdj?fggC@6-ST#=4nu;g;jmgEnKXOV`Y-pEZh@
z*M4@X%Ar6e|J~}x*TmZhWWvWg6JPbg0An~qD*9cjH|1gwhcXlMq4&7}kpBz5B(x{j
z|9(InS+f*`A!Gd**mqC!=AE%Ie*&VA9A;Ib6F4D8Zjc6G;wuT0d$ZIM6zidd;IhJm
zZ-m5PC(Zj{QNe`qF<#pN0tKlbr?1*63Esf%F_A;;5Q7$FXXnCo_#rP;Vi#$BNiGC-
zWS2$oH;14VNLc8Cwn3(dK==o3xmJw|rjA5`Kw)ClhiZ#c8D1X{Dnk`elQ*QcgZPK?
zp9m*Y2_(ob++*{#p^A1Q^rRcs0XZ>u|8U&#AL$mZ_ct9TlbnIKhR>iWimj7W0ft>g
z_DxT@{a%Ra{;HxFZxNlmTw9AUIEjx=w3|mSZ<X~M!(u%N6y2bD1fezA9_B?67oZSH
zE$RMUePc;tLbQDw`&k=WeHuf$sn)W~$UZD}hwLJ12oVn9Y(75F^XD;WkK|G`6bFnZ
z2%tMMzV$4n_gJ2p^*&#*Kf@lYI{v2)9Ug6f0wP3?#3yM3sX@{jum+>Hre+;^JYC!P
z(uAN8exK$a?93o^Mj}))l;`jlG&5em0v-VWZ`#0}Jr7+`632c1Lmc}@jNFP}aF`F|
zHi#MEOJOYKVg^z0vRgn#vYK0{Q8J#_f?l7b2{1BIK<wT_=x(n4fFZWw9QRa#B?-b|
z#{!DjDS4GQTgQO=RN3cWkhpT%H=`OjRwnbuad1b&(5ngrv&}++_Va<iQ=G^E75An{
zYVWFX?m*QVPV|K89g|=$V%ZPS7S_<iK<p(#o<QgQt!Q%q!G6{AhIuNhQVxq=KV0wF
z`Z<-m>;rr>f2-Dh`On~!eCWg~=Tqw^0e{o?lUjy6BI6(~_>Z7q`9ZhjSP7-VY^)1n
zn*Lsn{Fyp~gK5t-MKM{k-H?kpg-kx4E;ffn$IEn@3{kBq|MDUX1|lkANwV}l9Xp-!
zUI<2gL+eSXZKyadak4eAzM=NOv!)op*pCu(CE_GOV-p1pZ6M2Am$lI|+o10czzhP{
zv?8M$gS^V5n0nf<X11c)SQE|)b1tc9{?u68(q14LbA<B;&vEb)%vdfxrkP0NN%I2i
zdudrf00D<TR!=)EDK#(KfL)BWdv^vTr?p(}eMgJXZ(3@*yhY)qG<BGDAO;U`X7lip
zBQgcN=KV;#R?VXBgV3PKtCk+lf)iXD1gjgv5oLEmF2SFSv}x>B0xzpCyip&O>rPpF
z2LUojZ9Q0pv9bHOH+7{g${w1_1r*@(Ds<}^lD-w(46lY&L$(0beL-uY08Mz&AXZ_5
zU=~2jXzC}(!(!K=)ok6Cc$R#a!#x;pQ$o4QGkrp6W$Nb)N)(!hgvKl?BC{O_2*pM*
zU8(`NO_t!Hyzl~R1YJ#hk*07Mbbgyc3^`9k9f3Uqj@#6uu5N!fi?;NdMFonqox@J3
z8~dn=ffyna4JtCY*+u@cT#d?oT=5ebE(v+P)@?CWm5c6X&au!@Hhqr5`b+hpC59Fr
z+BzK6YO)ljW1G0}v5-)kjp09lgu1PhEic27Ga0!Y61Q`=mpU#ORxr`|tTUmnp6@zI
zl#f69w545<?qT^Cqy35;%SwCApjWojpylakVyP<l*rY4OYnpgbcvALvyzRHDQgXq@
zUp-*oORQZ?XV}uSF*ui2pI~sdTb`i%t})|;<xCJ2_kFeKBpIOfr9u`<({%){7EEsY
zGp90#S!`W2=&pK?0QfYLcDgZB#NZ49{`{Lk%GL_tE5!LN`)(vr2TQkNYnKgHCsyU&
z{*W|wLkpuAw1`i#Z={xq6EBLw{hGjBinU2U%qsYstK+R(%5-kYC5wAg;+#lTftX4&
zJNU6noZQ-i>_R<&?Oeq|7D-p+G@+*zzSZ}>1jdfiPXVRN#;AvUAVhxkX<0RWFeB}z
zWfN)R=$b*Khf8>p>P9q12(D7|4a*C4Su{i6uv$lF@PPFBZ6IMf*|Ef#U7T%bW3@=#
zm|jdcro(G5u=dwb>C|cidXHfD+;VhS=q^6gEs8*{WVpF(j9vFPHdSCV58`HT^z0e*
zo>l07j#>FQJ<$80IUAkyvMAwzrJsziM)49E@ot^h1qk|VsT@Wm;?(i-BYEh?FddF}
zq6AKwd%2XglY7_L&^j?PEHx{)XQhTaY5rmiYkC!+$qAl!F~~PD(s}{lh?n0CT&^+3
zey=qu?S2ceR`EV)bK4Hc?kbw?x)0j2Hnj(QFO|-b3W`wA{Jvzri(M^3P;K~++YJ@R
zBP)lT<trtC5P`q99u_R>$Y~;s6qxlS!?O}R0@2D12U>{om~yAo3JNX8+0uVk=V+Ow
z=y%4kYJgt>2JP1<60sa=L-$I4PDE7upRT7*!~*f)hwDYUt0(M)P#9_zJ9In9=Q@uY
zdaG-?9r#qW1R(;&`C=SlJEB8eQ$y#WW&$$8#}j6qMWeiFtZL^)uz%V4%J?V>rME`5
zR7t^KPAfzb7G*7Bjj(6=;+R+K1C|y4%UGz6MJ%7na938R;}H7m+eqB-ctIk>sMY4%
zFGBL~F(aaaNnZ{x{s#nhpJR<rqp^9!nFc*TO}?o(WhXk5ho~ZcXhj0x?<(zJ7Rc5;
z1il%fAmV9!a>#DN4kkgwL%pdHz?%7{$tpuA=|uBaQ!iubbAMF42%S)nSX21WwDPBQ
zS_>F$d0X!Y8R;nu>_;POE`gJkogS<vQa_t3`cTg3-oqn`Bv+8p%%F4@&MMDAm04tQ
zgFGF0L7Zx6u^IlHAF34E??8KGM&HJN%XZXmuG7Wm8Fv8O9>hX{B?CJt_!4f=RTwVZ
z?T}ORl4<6`hV2a10vVPZmcEOG9G}$bBy3J)zV3((X(nCQ<wAla1QGKt9W$xab?!A8
zTqt(I9Zw;s57@Q#x+VB5;}HHGfSdsD4BuV2<k6lB+KS=<mOgsH1W8_6Q{6+~Ure*n
zK$v13j<A?PuJO2yAp)|QWj9Ny$4rj$Z>5k{Ko^BiK=aff44Ak~BgxFovicO#%aWJM
z{+}eMph`f{`Y9>Na;3TpeyIMf<eYIkYX!{tL|+7er5BRgqHebwngx^5?^BpKx_1W(
zt{uZ;OdI$KcNKa~iO_7n_pJu2CKbzAU|G{+nX+MCC-VeG*}-LG9kFb4l{a7Rp(&+O
z4J9dcvF-v+rMk9$4aNYZHhuAypK$R}_0uglklRKGQ1SAe$|C2Qcq)S98sl3O=uJZI
z#22n=Sb_`PBHWOLW7$HrY}G=&JZux>`AK+8C=^9u{j~v|*a}jq5wZ7PYTrZ5Gfija
z<T8+>tT`k-`xP%$PC7`kXTTM$e$c32$ZrP?muW-}VrQ_4#8_A81)?-v%dnsoK(|PV
z4vQ46mh-QR>N%x4Q<(Kh*z~{h*i%{yEhPLLyR!S0%@Uodrdk?X5RC2sSKk-4jmDNy
z5-MRFQ~Tk$&-)Uu#A>S2DzLu*2{{99$<CjrZM~UrFaZp!s^?`dLootb8fyveIc+^K
zjMwe<;vjG2Tn3vU4x-Yj(dgzb002V?+q0%+$ICWb(z>ad@dDrKeB$)cjP~sqXE#r3
zD(cU5Vc-sb8s<ICPIHXM2Zc=g*g(XkQ(5L}R@+QPgCBhB?Q7n5?~op6=)lA&wH@J-
z>-6MB5iozqi$m{FloPrLOUo^hj-cY`3DaoS$k@y<Us4E73`4mlLLo{SfG=$F52zrd
z5*rv2YJu=!5z#?H+oPD7;0|vwFGkGwb~evUhYi-o+(dqwJkB;y_|ppk;RJ2GI4HMy
zDzDu0M@~5CfX-b?1wj4ae{qbN0Cy#Kz{RghdbVCmss8h(8O^Nb^6I1gvYx@e6Qw2y
zJJlp?Hy~b~l|ldk!zfJAhQbkAu_NPE3FX6yf*zP^!wPIl6p5YS#XjF(sUfcaQK||{
zN8zj=at}w4e~*L<ID_riP?`p~iUIcxS1x)cZi33qNzs#At%s~7uN&?9_734-vIrOi
zpaXxQw}(QIzrWmD<#uV#7+rKCw+SFl*!)n0yFC-wYM^c7O4?FBv7fN0yD%#F1q_zq
zZyEwZBrgSF;04r<3}oP5s9hx!@##h*A_vrF`PHW$pji?i#ZSd}avYH-^Ob$cga47D
zhoesO7!Qr{kg7rnyprV`C=PgCU{p$~mx8o4Dh>U6^Kfn#WECz9*R9R-aj~mVF>x$9
zf<7&(utb<YAu^~S8u9Y6mpO#6FR!)v;dk8MhjTGkaR#Vw^rg!61zsZ+TJFYXqoF68
zI0>4K$nH&!mcTBNW$ME+Yh@wAv0%|^T|($*noQiN*2@3~74#d2Tfi#2zN>q-E)=px
zcrE4*Eo7KqbPlVYZVibkeK`EPtxNSje+k82QMxfXMy0p<N$z!>7h@Y5(OA%&ssu~;
zEY)Gz>2X}kpzcmOg)Lk?N6|yj9zGgDDlk+HHEZR({$>u1W{S4kN_00X2jU3@H*o-(
ziw2~OCZC(|2TrenU-ZTav^^L;RKo5N3Hc8_bi=$A5ERfIpRu}ZH>a8_TfLq=p5fss
zS89qg<Vl(*;!OQIU&XS}cVdmlS%vn(rb)4N)VEQHpY;MdAb3-N<rSgt`U2OpKcJfC
ze@tUClqCwk*G`Y5B`nW7Bv+>$j2oXu#I@S(o!k^46+?4X4lR+}=>fq|t6S<N;k-0I
zG2uVLc_ZPpE+0CI;0?01y>z)G3NhDUn+ibggge?egmUGdI+n6vRnT`7nZ)oK1es)L
zd7lsr`P2R^!@wS_08;HKJ7#dRV0DkEwZAA^44Qu5`brG|j2#c$&N7#TBO&n0MNnkj
z8lwe{Lf;!K%jZC3XSKuo4D_UM1*4tft3)~}bX+5QdRfIjhx`~rC1XY)a^m--BOISg
zB^bb71dG)e30&0u2a<sK{7|0v6uVnWKQcb=<dzAvs$_9g5|dN%K(Voxz3bOvU>X84
z(IGguJu5(9EuG5FKn=9ql)4nVMre@HFF_Tc$PlPQwt%~g0Au*asWg66ID(vCD00rz
zM&eQymr^AC9$eiNfRw-<FOkyhxFR0#6GAR?SFK_?7S&^Tx~`j}0(+EX-fJq>Q!b&>
zIh_>X$_k^|xY=OkHU(gj4=o0AN#(=E=Mz{5^@OKWa86#Df2;S)A9lSIXof1Io<RbY
zzPrC0^*k7ymI99%baA1>Pnr&dEDRcCe|*+eO<E7rGH81j;|o0_-+4DrD}0;mAGvnZ
z&Rv2h$lu8Eo{q{BW;e5~GZh2vUQlvp@@7RyB<k+J_zW!EKu!KHuZA^Xl}--?tatXJ
zk=66rPC6mGrG3bBR3AJ7!b4B2OSFpHM*-zKe|umw38}x+U(MED=vE&yV|Wf=32ZnM
zUx}(o2H(tCAxIt>WMO=-Fi9RsCaN*n5LySWZSVd|>Z0&tM9>q&S^^F>c~6}7EuJTM
z-=IiLbs>uU@5C;pB?}Ud`sn91b8vdW4WR3<V>P)Qoh0n?>mNEb!R^6Xf;rW8BV!)F
za3XS2W@Gkl%Q%tQgHH`un6P1q?x0I%V`j{uz$5@x*=qXCfNqa<TB-#7H1ZFS&m6bn
zg|_dWeZcoCLZYlDm9wr?R|HD(3i$Yy3iHI)bIb9~C;)X}EHO<)$o?6Ht=4sjtHR%=
z8ww>5F$Mx$UqwfKE&BbfKNwsDd6@R{Ax_})DR+U_EVR84SaWQ022$u0Nc*<E9TqAU
z*1X6vtX6>TM!kD-9(~ZBJs`1a3j-7eQhV2f-?^FLRPDQX^w+D(mtFaIwuYMY7p22$
zKB!fHMB2)ckH!Fksvl8R{cphugCKNJr7Le<oyGr!Z2}O`Zl=}@TJKhW69@9`ZS#qX
z7A-XNM7=R3kKTJJ;kC=`vBhV#9MTnvL<xofLACYOHG;5(I6U;&iP9ih83Q28Y63ss
zTO(XdS5r9?bG;>}bY=gwt}&_L<TS!`oy+y5NvQodL)#B;G6?T!_Fq{vu3;HhimsnP
z2UVud?52WSinhs`E4@*yA@mQ^3rzTP$vK>_Y<=~lMo@?!agnmk6tWQ47PKk(ziE{$
z00IE)Ogs|b=rhR9rb;(QgDhN-Bf%qlK+F?ozmGXt5t%XvwZi9bSG(<)fdAD33Ytmw
zl2%LACe@v@RLpCse&dbG;3N?BiTfg<U?vE!npWX1vkIohTXN7-bPGV(2mtJRWQRz<
zOY-rodm;F)f!>%D4-E_;NqO(Z4gjSuN%~ZBc)u8DkrkIeA#nU{LzUE(BRXm9XgO2^
zv04$RY_Y+L5ezgu7*D6FLQi>qYpR~mErOFU44t`+=K2|j(bWn-?Zd0UJ&l<=gnDl$
zsSeW9MfiswSZ~Qq&?*dykcau#QJE0n39Rzpw%JwV6xU|GcK0iH<t#Es^|#$h4Q8Wx
zHsxW}J=FkvBY6Ovp678yq@K@V7<ri+^rny$ks9~}tVxkD#gQ~F%c4k<`8;OwJc9n2
zuhs*Xmi%O=3<03I-g}r0mzQv-AwNJEy%X397(p=+v1Hak(isnq!Go{wYw&Zsfq2+a
z`o3V-aZIjEY#nEkS3`H&Aia^QZtk^&X=`u%s;K-R6{<olPHMB?htFQDEu%zfum@ZG
z+GyW7bz#0=_0lRS3%>5-^%Guy%$O5RUnRt?1nyR!q8gPUI<ci(bkqPf_viyIu}@VI
zj6D6BB8u&!k=_s6nHUN`i|;qy(9G@Cpx@isB&v8*4EYpZdr)nQ+g+p^NR_0w=N5|s
za!J?hC7Ry(Yut;e#GV^dAzl8-#~W}$N>j0kK&Um20sjFFAXI51XuH|XqIF#4dFs)N
ztNpHfXemYdrLB9#rDdcar==qR5Ay|d%!A4N4Fy+TE5O^Hgucc}TJD83xn$zDA*!*n
zHZ~)6&>P9%@(|5vuV%;^0wU7egBY7&SG1d%^a$>?;N?{<pDAI~!hqOPNY#W=3VJMt
zCjk6U`Mz3)ag2SO#iN4#A*Bm87=AoVJekoPv2aYBw_0BE^Ae_XF+TQI{uZT~>4E*=
zlm&Z>W{;)?w`%5kTJ7MA+>X5c(_rv+0w<jh#1I^YXsD0QkM8-w-HBM!))c*(ss14;
zK3pg*%GetmZU`I}=&RP8V6!kFW+W}ky030M+ceAoJ|m+ej2x2&0QYuz`DOg!4~Q{^
z7)LJ`A90yF_5pj9jXv{3)iGZ{oW{@~s$){h$GN;u=0>SZX(x*26`;GCrR|pDY&uD>
zuFbfp;QU3fm>nNhRB{(xbbupFEx`7qbiaWbiZ2il-tGi+k~hig+<K+dX-@E90gYE$
z5(LKz-d<vt#2AhsRWSzYJfQ{qRwDXqEIx~C1Y++8nO!`*6O3iEAM>A(D)3E5tat#b
zCoNGiLsBcKzBP{{|LuZ#c#TH)#g^U=Sn1W%@9O9o;Yc;x4ao2+XJB_rVk67k1W$4{
z-L1GrDBMYMz~$ovQMs)Y4JbCc-@HQgZ7i8B(Tl)4{Uly#NFS>}XDE;5@j@wOO<=$~
zuK}rK*~Fa&PrF#3h6t#{pkoA@B$36ai2srm2eS$}?uOP1t{vPQ@Ii{P)@1F6ZZWtl
zpjggbh9c}G@oq^hWX6jZOAot4#{v<1xC<dG?CpH5(YNWi{pKn|+j73DAO_1li;&#J
z2gmgmimuD8J-eLWn$Bx<4Cw0(EN30?CqNuSy<qs`S9KPYHDxCetVP#5s@xn1mUs4f
zSWzPgmE}o;Fu=~;aZ(un?218|L<Y}}!N=AuS8qIa?v+KY$@*j4uKiKvjwhli+(|XK
z+kOBkUod=kfOXGDe}-t-dq;zkq7cFTlUmAEv(}X1R%9abNnIZ7n4$|7`uSz!M;twd
z@BL=?2E7DCiHQS=7UV~WnZy-#&aPy{FVikT*3dRyEv9p!c?eI}0XvACSD{vO7f5*B
z1|GJvM4mX~rgg>_#{py)dkWs@bhUl%G5l1don#yqyLVoTV?#qjN_1;YRt4=)K(;pR
zou+-j5U;62bvRO<(qaK_2SdBihetge^)3<!VckeO=T7%VJL+y-K}rxdpc$bIxwu4V
zQ5X?+bbqWF?Md{rXV_a$D|Z@8Elq}ynL<H=&UcShyxUj6s!YlqF>J`#^Y@kPlF2K~
z>=N`D>YQF@Al=gN?U|HqXM;X?wtwap(MdqI>!Q|rQxYKpGjz*}g?^_$I#|0OH-);@
z6h&;kVF{q?Wyd&QzI$MQi4rmW065r?t4P7srJwPphI594tsZ!FjB;~@wq9k(d~xdI
z*dR&&B4)U~O8r+Ot)2{`maYzA<DXhsuQF~qyjri#9cV#6>g59P!U@w`__(gl@j~!*
zHifSy?5#WzJ|Cpvz;8}$s&4-IR7QRpyqd18KqO8~p^C$z$J=7gI&$#x_$hmj@`ymD
z;XwIJv<d7%zmd*bY^E^lxuaXHz#g8nD-@xIIYj&(!S<lZu9XL7usDDh9)YH%I30Xb
z8!aG`)dCKvis%LoL#xW+`z$uEQ<CtO`FcQ?0Y^~y5u8kMBsUcXr4VQ`#4;kb3wp_0
zSc^B8yD^2lN#V=V;mBIGeGLdOo}3Ew<%3b?HTy&ZyH9JGhz*O}#ql`Oyohq}$q<N0
zZ@fj6U_x1i-a*l8_9+MHL3Ui`Sal{u4+Yw43lI-t4P<#xQKb5F$+wxeNuit>C;9%1
zwg#Qth9@*`!|&)2yZ}nKkvGRy_a{{#0iX<{*INN&tysgBHQ0YA=*C}K%&GkZZa(4l
z@8GmT1BQ`Lc+>_-)PdU(tB_yT-My0oQc&bRpKoP>*doowd<3^k&&_0&Xd|5q*yUo-
z17bF~QW!yQ|6QDBxZ~mH2q$tSRbQ^|&K!zL9KY3@23C+*C-*_r^rmU<ae1R=b+|bo
z)?jr>L?0j6Ss>}kRHz<#0?E*;8US~l4+zJ}HYS<-c9FiSD^yI+E_ErAK$4W-K5LyB
z6!^?v0KU)VKBNgso{&)<1V6wT)G-T5jVZ`%(@H26pw!twK#t~Iq=ySRnF3%=#q9(%
z)_{p9{DFaXRxrG?$lFlJcaqDWu*1DQ&D@k096<G1dK}8jSa~k)R>FFsZ<syo=P~8i
zh@Ct)$C@m&#1KP#$Ht77a<dYt_Jf+SCS&bjkE@-P`<O-!l?kTJrv_zq{bX5eE5PWs
z2Zq4OX=RDeCj#1>##eBehnHrufszRZ=QLL~Y)UW{Bm-*7k0Uk$?vwt`dfN#eJ31$y
zX&8?cK8{*g+3@dg7o0`_{Wcg1!&M|AjIW>mDW0Lw3H@RQL~YRB3Sj+!PB4L`8Fw_0
z0b4)#bB=P<v?FcV5BJ`iAE((4yp6EK(x+L@asdKdAdcnfFp<AT0@yk}AO~p)<el+~
z^xJ6;Nr9!m8dm%I>t~zy>aj!rS5Sd1F?#EYAqP$>6*sTeIG}3~cXV5EZNl3Elkqg4
zA52hyhg*Pk<7ie^&FdKJmsTfEF^_z7#=JrLK)1zorVRE7BC0JZ0@SK=RHc+wxb>AR
zrQtshIcz*0<)$|0XJ2lb*~VnkX(!L#tje)wej^Yr0EjN$NdGSb;5qI#fG{>C5OYjE
zM$!7H^Ko)y<`g?wpVj_IPJxp3<&2G8wprvvR(0LmPZ*R15nGZ$zj<!Y%j2E4KwU21
zD4!<fBKMISe1SC}-1oEEq^B%v{Wr*~OhMX>--X$yv!Qg1J;GaQ?uo?vLmIVNOHCU=
zk7Y|(p6up>Zqo_|{NmHuqjVKCYoNCSK*H}=yvt<f>BlQQro@t}E7d4W<DoEPKeWli
zP{0SC9(t&PCW>D&-f%5H2rzb|<>Uv60OJSoe>t<f{))DOUQpQs^wYH1;_M2D{4Ao=
z^Cjo*Wzng$EZzo!Z7b*Y%2=ea$OOo?cl5_O6LNv=HcSWu{g`uL-7F~HcJCz6?ar&u
zR&T)dN>ktXlZ*D06eV-_vDXF{mW5+?J-}awJn={kW8UP)q5(z_hlP-4b)LGNl-J^S
z9{^&8s$NL5hfby$()?QieXAw56vc!$k^(gtHz|K87@wnLyWc6r!iP%Q9@9x&$>ztU
z@Mq9(0dg|^x*MfG-T<3U$1;s0v5^r`26O!p?)7)8Zg8|EC^_cFM0X}yIM=U4bp4`;
zWyqeOjR^YgcZ7N1HyTMZ^PK6Z=~CgC9+~F^Db(_VuP&6SASclJ$`bG^XD^FdDEx17
z5V&K+h-Yl)bm8t|K>xJ_@C%HJQ!b50DOHW9ZM%7EHpLH+jOZN3I=yA(g#fH=m6~w7
zc7FAy^O%i6a_3$DLfzyW+btLH_?6{!&$8|)NgB1LH&M(tc^&U>Z*<;zcKOK=m5^%j
zS@dnkkz~@L#Lt$wwvs6|a`Q^${d66!``eIjSuY>G8&`=2wZ&4j!9839<TaK<r*7Q$
zXxrMmnJ?)ADNpg$mNFw!dAva}v|o`;1nFqY!Jv3%`Uze`Hyx}p=!;3+`A$L5Sn-%7
zT}xPxlC`-@vw&F2*eqGs;v6gt-Nbyyfj6U4Wu!rT|7XFGs;q*9eufAPTZh*t^e`Bq
zRe-)77uw7y)}BMO^EXIBQv2sU&?NFHkpo1DAQcC!echd3#W|j=L5fGZb0^X)_XU36
z`q^^`5vi0O%9~o4Ga}QJ0NqlRAEW)rIJuOz_PxG@jBX}FVQ0*$N5xi!`UNMfCnTMJ
zm;cJrSC%kr*F8K5e3*5Fe81t87sahUgC%d%f>Q0OY5~fd+%wpd|I{E^lvfA0CkKRO
zm_TGO=Q*n?D`xcsTXVU!tKO7p0ghNjJ@J>mN(CX92r@%y#yMW(rb#!|Bsb8w<RS`f
z5uGVVJyik(>vS+)f)A(5PIy{PZl4kOixAX=upu%8K-aaiCT(lI+yXuk!veD&B0H@9
zuV(9rQ>Vn8pf3|B6TxxItvjI@nhP5Kj_tgidVvr;l_RM0wvv6$c>m8eyxRZwvc7>=
zQ;lrKT1=ZSTt#k-TZy;iy3;#XYq98-#+ij~aOm0zrIU`#Hm*A;5T5aNmfJ54KN<B_
zsi|0|ArBnT2v3@CB}zh+CUN4Sf2#_w2xosi6jJMos$VRYO-G^~6)sNpxzRMX{;J&Y
zZ`o!+n3WD_C}TyKWrYL1AAI#yN}SBM+5MDt3iBCSqBwBeCOOsy-*&kjEgoJ}Mp`$I
zqpEjJ>QT|z=3q=&dEZIyF{zq}Qa!6Rv3Y^<7;%WaI0TjcLC9CF@>pFi#uan{@4W;D
zTq1So7FDA2r_P)XKK`i*_IhU>*LPF?ZEJ9aHr%UH1yYfRr=&!7v96>`W7WLDq$os4
z2Y<BZxC=>Ik3g9U6r*7c!1ewFhXxM&;<6qcVx^HSgj1>jX&_vBs}pD6w8^cub4{#G
z_#02&HSUkKzUIQufcp8MwhMUQGnr^*I&adEo$wSLd>SW6#pBhV+waMr0=nQ#^3b`^
zsCd@=zOf4?n7aW@!i53m7sGQ#gKa<s|8TN7H}^`cAH_{Jxp^+8CWOE{(i>d!$Yhal
z0_zam0J|Ct5k0T~3?)J%HW8s>1blFA!4^<+=3prnR}N?D3xc-x*Pg?{%gIF)pmW^T
z52Q}3h9*fOQZ@PCmG+E;^umCDFh-H`q|?l2o6Kwz`3Eu0KUD=RBPh}(%T6iy&MV;w
z7Z>^gTl|9oYPH2%9NJSOuv%LIg%}U%WEWuzaY&<Q%2xg3Rv@o^oVg&pD5WqDjVoJ%
z<~>Wrix(ho3o(@tVgEd3t`tJfVj-A%k&;3^^x`0S))<gE!gmq7-%=R3*ZTl6;*RuD
zbJqXtmSR=Cu}sVleszzR!)6(s(UX8@x}TkV8B=`WDqZW2>+WCRj~g`mpRG#<OP*US
zd5rVieLTq4D)*CFBDyg`09Iw+kGYcOjC;G04ditLQzYGV8VhIDt#~bJh4ywD%|GM1
zKl-EYF=aGX1DLDX0|&ioa8oNq{Qn=kHVasa<DLlvQ~>G+2Uk1)g75dS5|5Qv^F1bd
z!|(xFAKf0f2V{diP`^3DOb7W^O&<&O9XaXuG#C>}L7Y^XxE^Cy^fX7iNg3)VD!g!@
z%Z=*=$pdMl^fA@=^D4>olDZz4bT$l(K<49ZC5e+LSkOVx>l#Bb9piT|$8cKDGP2m)
zdt=BRG)(9eMuIPN<q_ijgayi6;3^`=zt@4lIoVHWAApEnw+m&IF{=my%I6+n*z8xz
zJ2gP!z7@7qV2mpT-h+!hynumQ`**TmT7PTnuc0mUmfg&t+AG4JwzJi0hHM?SV%_$u
zDY8(LOzNy<So&qJi^6@}?DoOJ!5u<8hZWK@dqQfI%D~nI3kMBsssvt7>p1sUmT}ao
zhUl^8cKq~G1VArfXGCj8PBg9699pl$zp%5RgT7ZIbnUXWzP`A1VV-)f7XFzyJFFX{
ztDg)|pc<os>aM#O1FdI+<oL|9487XGkn>s=k6II6VFcLB#M>bK2I3S!uv*9?iQZNQ
zVZ$3JFnxzF+>Tp6h;B@L?HLxap$*@ZaSioqNH4`nr?DNW8IfH)I{*Az@jgx6kpq#H
zxkpQS^CtYyfNrn^@6x;EyGGj-A*~T?4Uz=heK))OJRZH<m(!*?$hTW85Jkp-5Ub{m
zmMcXgj@!6xa0|AReWrf3s(J^w|LAqEzJH`oM@K%DOU8}xU#6_;S)&IV;(8Mm5jLJ$
z%B<cz*-!(Zh8-EZfWkP3;vt7@Q#?c5dpYa(0A<qNVT5j%iVl}q_zi-)7&JT);+=?w
z0po7hR?7fX`;$P4JkP@qm909@aybM8kdC``!okw)?mYO@uI+@IDwDm^P5E7=+#|RL
zEfRd{HHoJcgjteIPOA7o$y2%YlH`%Hw1NGWH^6Bkq(`WB#An%BL$tAj!p#+yYW8LY
z2O5f>rq~}WUx_i$6hT_fDBe!G+2%O^yk{43;U(j}dz4lLs#L$?Cd#L|guW=1SH>kU
z1H+T9*Im-!WR6Mb2l?s(c92YwtVP>KdQ9lzOH?kFppz?lzuZqh?1MU79)kKB`qo$r
z0tAx8{476dhB$Bl0LNgjH7EmyQ~;OixKnozR;NQ=OtiMhd9bqcF-U2XdXn-PLS&fL
z2X|772yAa;J*EG2P^cIYh3VHtC5IMOZE<i+uZmmR-1}$PCT~gevT184)jl4}vcImW
zMMULZ?Ah#mA@*nU?=+!q2AUQh)d+Psgo+{ug|}zj;4DGL@H7gvF%9WH%MOKvUJgzy
z6-qUWwg7g=RL$1zY)6|~ZRrxfkH_c5{wb|rEvcwDz2{L2?A9Gf2`H)3UY?QGB?cu~
zUI>PbeW2m+@jx8GJSa7_Q-=%`QsAwX$}F85J0wc^jypgT2>u>$&Elj^C|0dvRk7I`
z=bV^&imLn&P(HA*{OZai_!S;s3Ox>-Mq%$;YYqqxQ*IZmk~!y#-T74~D7qG--@{`b
z0bo%I)IeWtB+TfhQ9wW_OD%g{tx`%Lz{%uTrvFS+r|Vb|pYldwZ}lAHzsPfn=AmD}
z2c1B5P)~niz0-`Gk0u4rBK;lU@thz;aIn-B^c$<P%3N*@LH--Y$4zz3vA-Vf)$WD^
z{Z0$=x!WGtSn?AJ<~`9CSWWBV1Rhh#r%t*MZEx5jpBEY-uBhl~xF#y<y4y9(-!X{J
z%%r%6ipHIC8#ZgKT*X^dw6Jeu=P?E+GV+!CId1?#K)$~;LL4@;!LYt~QJ(V($^9d<
z_EbSe*+nfaqBI3RbtjbS)mTG#fyly>FGZY`ta?h<4dKk^-rp_?V7+e_a6|7|T^>Bb
zr0<Mo*YU~H6sDKL{t1%j)4;-|HYX)0%Jim7dhF81A0snQ2!_}iaM>=yA=0~|u#8aQ
zSRfE5<aTn=GK-=BES_k2ZOM{Zv|;ixu8WP|+4CaYFPDB<5KUxCWB)A2)ux`>gJV-Z
z0=CtD5^fR<6Ds=12y}t3{Oy6ero%x;aWd+Ut9X)rQBXB)B%29G_1J1VSwO09TDBq~
z&Vs=#Bx^N16xlb=>Fi_kfGYimQW;0T=*AnvdIM}8uGpb%NBPn4Si3{t2K&)h{F~x-
z#6_9}ig~N$d<Ab=uq$SdTwZLF*$(me>lN`~%3%nXKgg?M`zVE3HF_)t>aOBmZ^ntS
zS1bhR3Hspt7|Iz#9$<2XxmN(Tpi*i-P#~*CuQfkOfi23Xz*~%U&VeK)kA?@a6Z2Dz
z+-?+rZAY$#C<k1F!-{^>QzpG?&37e6@KJfIi?cbQ*!yIx_@^gsLOEsCMV|5imSKp7
z7}i3>`{V7PlV)y1)BTWpc!``3%JKA<d?yKb7-~$mBJIjjzwp94<(=#<8r(RlK-3)?
zrh<Lzm2ki<Xxx$XY6TrHvoAVAhF#$tTJ9$@#oMl_XQKJ7tt!g2x~CXWREm=3bY(8)
z@o`muiF7wAW<UW4uohvqqPKFm|NKE8o?H=5(EkHolFEQc%EfU(!oLF2P|^k4qha}x
z9>IOZLt<TU)(T*;1G=Y5d>oXAn$gFHK|4{s)H)pzMj!)SHq`A&HFRT%Wx^_e&Xsh^
ze!D5lr6d>hQ-_eT&1&B+vc<Nb*RZ%;0016v&M#YJh$lWzEeO275>eg$@xJVxOCUsr
zjT}r_3qFg6aNtJswYLNGc#(-Q^-QJ!80SrS^P23M-xh~~(DQr}76~!#QR?TC%z?|c
zsE<QQF=$%dyublgMBCUr9!j=-J?oMNVCYpCJxenJiY7X$F~qUju(t>QLgl@S5;#nA
zSp|<o?`qWVtKS$(E~sf(w_;nJ>P%~#f+S8WmW=UJUFn#P{}xuwfk~`hS+T(%MQ+<4
zImo0PQq}y*T$1jgDRuS3&li)X2jy-SQW+oG9F>gLS18QKhVh`bg*rJPZCl7*z3>({
zb>FC~SDqm68a&^ujg1_c|10Vyei>hjrM$$V*6$pNJDxe%y+wVgFrxT$u})Llgw)w`
z*>TS1z}2tEF5HcL-f7WH5Z`D>QZ>Hbou4uM3jDnA`J1m&bTzS%J%n~fX^Lb_Z&gI>
zVejVi9jL~yp`ARwclbOkYm8(lEO?;qQCZ57dC?ZynrHIw!g1vZZ$jR~pZZuN@1G>O
ze9{|RE=>dRXJY%!G<v)D1Uaw~gNQjrM~6O&dTsO=ZF1C3y59u7B|W|3AU?U+PpyLY
zI$|OR!wdz8Ea(wZav-Dj`=VqveniIDJM%&rp=TCX8&bOSHz&o<a0I3ZW>N6~n9nJk
zQR#f;DduT99M=4hJfZC}lSR8a-9|o&n*Y2yGJiotztexUQb*TCW?L)3Fbs?CelW-+
zHsExqHY6MlyjqX2XC&UO(;+xv0;m4^NiPl9c`1K*qp*;8Z9{WQdbyv)2`*Fgnlgj)
zIHzXB3cYR}v%=-zbwR=bSCwB5{iQi0hwJ?#DcLmtvThoLPvK5_OP}rnU!#K@g6mbq
z0)ga=mE}9B6?igVji=amqOo;u0~D+?C9r_O?IwRIf_2RF;{B=T6F-xL#hPIbZLg`I
zD$aRakyH9q&hA2ujXYgMFM)o)2w<j+0~oY-Q@mCJ7J1_p<bym3Z>A!R0~574rx3JR
zA&XFZdS+%L8N5lC({v<GfdG&6$nfBh>d~^PUu7u`YHYfB@ZWSEOx`um17y@rOZ_#y
zEnY`9E5<Oukv69%1fso6p|`yH#07^EoA+18f8x#-49z2JS)7yCHXWGjxskB#{<GWl
zDWT(E#q}9xm&O0BZXOa1gTZIbpNW(s7yy`$;6^j78y_nfMpi32akFHe-h6+Y`aNp;
zKK&p53<{aVd)F11-LC_;St8K4;i?d|g>B-k={tZm853=*w3;aDcc4xCmW7##yk{~}
zhRKImIIy6I_TvIk4g5d6?oIE%WU*82SAAgBEMgL2*FW3w!hm8>rvvxuJNEteLiRh_
z9*f$WEkp+R)124aY7YGjM=LbO4huj<Z4BO6)R{R0R3z3c00jq*rhzY~8X|qR_R$zA
znvTR2uZzZoxAXeIL${@V*sib*S`?xGeyd`~OG&5Yj%elwgOG*9WUPowFPw9{Jf&G2
zoA$J4B)TAppF-#h36hE2IjWnWB{5&R$*pg3<4aopJv4j{y7>=5oj_m{1jsD%MdRS=
z24<*w{(@iIkP=Q=U7yE+_-b^B@R*JO02yuvufpCSR-C&XVeqOn9(FhXYg=d@4F=8w
z;{w(K!oIOTL*i6-iRf+s2w-F<?qr4fs)Ht5$P0J;DukME-4m+epiAVz@ZHlc0uLL#
ziw9)3{oxN_YOC<(tsh&O+bC$lv5R-yi(v}QhP<{3ykdbRoG{?k!yXGWh!$%y3y|#q
zb>)H-nmlcBt8xp+y2ON$wvzK2P!sa2Xfei+tx?=5Jd>A8!-xZ>p!nZi5Ship$M3G9
zW*e*AesqkH)7|Som#03Cnd7bVj8%fu=SdvOWU(HJMDjQDXv#dM_mYhW^22nj4*Z+^
z1WyYKl7dj+ZoJgOUBsX%)snLTVFcp$qGi(f9%M|<Fk@k}S5Dh27c|jv2Cuv<x;VX{
zzRuJLK4_s5R39G+3!~sA9A=O!TP`G&Wn)hoM6l`1Pn`PQ2r4ZLde_hlCf|XV*jGFl
zJ4uJZlKoWLy*B`UFelNF6d6ix6@ssHMr1z@8slJpc`U8pp0ZxMj(fE&Zr6qx?A*=)
zmVfljX^Sn5_oxP1>e<<WDi;ko{<lt3*(Rtsp<FrRT=aicLpt!V{4EZ@m4d4_08tg4
z;FjV6<Io@%tIAw=`+g-aaDyR*;ckuspd{kz2TCn1xW9Koy1Q!W#G1Pzyn$fkI5v~g
z4u)K|oQ|WNrJHkp=*ANjs?;;I3F)`k(1Q#*TN8vphGSwx0<lPP5Xo^duEqV*1T{u1
zmq%=Y=&P{gc>g&|7b)9n#)2Ch&ruR%<@4}0wHPZ(H5||xN<1vwj#W+2N~b$!EvG&5
z{cEbnYx1SO;n|gGk}29<r;|g>1s`JS>1S7dxz~DsG=fOcnK?|7ziimsLpkx&PdZ&G
zpzp5fBk(2|<Z0_(U5Bz$3>lVzn<0JJNE^|Uqtkp@-LguYf5K8|1sEy{<3!Dtq>Vj}
zO;Y0S`l$Wva`?uRnNrd8Jkx0<l)yX8^G)vodXXOxs`Y;wi}$GK=?5%Qm#pvTl)y94
ze?L8>C(+jiL4*KLyj2;f7+^&MGa=;o?JATbHne_Uu@Qy7!=w0P3i-1GCGQ8d4piDF
z(V^!a<p(`#f`@bj?CCevk$5%Ja`g=kSi0{3J|&%gV21+>!Vz|Jw`(3cm-j^C@zRVH
zZCNnJ6J3|;)l<{^p%50Lw!3!Q*c`Qc?i3>fLu9p+8(Jh`V;dZdOsA^s>QV>l$M!ZX
z(}Zt-#z<;IbTDzvMMpLwi}yd{r~Ot)FJ{Lc`@uT~XumqB;J9jj;9g3cZCizyEC?_E
zq9QNkT%hqFA3Bx6*1oq5tj0ndd0YNgb80k!n4u)6pcq$THZ`%dU_zA(n+{49y0&EZ
z`TqhfyZVcZ+M?0~7qXRMg9VrOI1(tJ_e+HYSOzGyqlf#gp&o1tdiUl4ufP>5Y9P8|
z5BdIze4hzVV$sRt>3hhETb6A;G!g)G6}UrkcDq~#TAl%5r-DC_G@F2^28F!2a@yoO
zfT&acvK{FoMd{I>xfAwcxVtX18tY4$qNMI>9ph0=#PGW$NCGSXDy5}8Dd)6vjvF3p
zd^)}8@+gJadc-7MlFew-qTnYGcH7%aqF2H}_bQ*-qP!%x*cG0{QPR=(r2JkAiCJiI
zl#NrOr9FzL*aacdu?RgUKs`inlQSY~>H)SO@?|@U%?s+d4FO>?Eg<O9nB}nLd3_)H
zrKHFg+FAU)_`;)rD#1LM3Q+k#wIhKWG>={V$W1XCSiF5Hgkid3%2bUl^xqJ+iID0&
zrmp=9y^+zcN#RJ;O}QYNeBb4gsLOnXjbTS*k(qA-!V*>_sEdLihXmPp`HViN&etH(
zswFK|DyqOn5)^J6Uj15yr*R;r9zQYs=Ugf$Vo(VQ1J76Iu>!(I{j&()L$ED`W!w24
z>I=QnDJWJ%TD-~3m*-KDdyF@tPqIS&U)8s$?~FP02;4}*EDgLB65Rewp9Do!_zdA=
z6Q2}px!)iPwRr{<1b0)a7dCeqQX++F&{67>cb1VX<eyGhhxe6<)YQALuqM=r*A*mr
zc4#vo5bjwlIFnZJo1xT_D*X>yim^|V{jV!2hgmoQ)X{x>tfh9{-9C8B9)QOEDr4`6
zwoZs2<PNk82d(0XEZv^7_O%O?B6XehUrgV6zbquXgNo}GTP^XH<{2g2ODf!JJ~MK`
z*wck#{%`NZxZK{oRuk81_%5YcZQfRH;_g=STj~$He&Ko^V8Hh?Ei-;czJ>dWm?Bpn
z=@tZL3F_@iz9#CRTeC1+?`3BhkC=xKf}$FQDoUx@MjNo=si?z|^}N|BAhh3~nZGID
z4+J<}Zc)NhaG-Jx<Xs82L7rW?RPwgCUDrl1R-{CPBZi{P&;q<l%Vo0Q1S0azxXT!-
z<Dz9P81jOts>+-w^JH?Qd%7Cul7S@Q`U1;(&NFOZ=%>5ydxM*GH>oNjjFl4#1df*q
z2ra(}1O9q>_*9=e|ILl8O1H{Pi?(*)U;qw|P=OD|m`Ec@liR%7hr$f=L031Fmui+}
z<1)hVxpu32dGpnTk#dtZ)D=QlQQuZ_k*fY27a;0_q$*3U*%}Me+e<4bBWu6xzc}j0
z5V<I+Df%T<0@=(e1y4-?3zh;lJFwLanS~;sk?&YQyJ`uLxTl#`w!}s%$R5fV_~E=h
zCs6xTYFI23CqV!=rfeHNBgrTG4=GUk<Xir>S->lF6Ehi2Sb#0i+kNS&XZqEZVcmbU
zth`XzHG5fWnRP;Pr@bIg%dYqx^_S=m7nW>B&?q?;1HAO7HHcVRU9qA}3QQ|w&QIe)
zkBCcmQcn3R*-1%U??dreQ>G3qLW(`jO#O#cgICVUaERCxoIIdwU`^RMDW*WU<sYgQ
z7UhX_@yEpY$;ImIHy4)-^6i#nJ`IDQ3Rl91N)SIcC0}Oer*-)1wM3#whYw9F@MQe1
zt~<;gC4EX?-)p>PzYuqHNU*T`W6S}GsIlpx$@+?(D9x*)Q~tZ1yoj!~Nfh3M{zMH1
zA)@atsI|j$x^0QS!681bX+?s>RAmwkR*l&wXBOHE32;_Tczrx}`glWbSx$eLk(=?8
zt}$mGaqqbw!-+~?8$d9dnH=Pk5ol+;v>ZNc|G0wiUQ$C2v%o0NI5ZE*Kg-+ZU2sW~
z<JH}t`UiLtOBII{{G5N!p`4@ipO<1QEQAnks7WB<k>!Glc~!fuZ9a8pb@&EFMOWeZ
zzo?h)O9qW}=Z{H*>nu|Pb5v(zE?+QA!+d+aG^E#n!~zl$+iV(9@5_6Xy)#KewRZP{
zKe?F0I99yF2!}@KHI+^J`W)zmEgrX38IaNVqiE2$AhQx&{#NHODuNN_>?d9}v^rU_
zKnN({BjhWKH9KyhuB6>VUM)l;(nZOs18FmmJYSFiMae)h{gVy@p+-nboZ)4%sQ55S
zio>kaCeC*UT{{e`0@l}IpdE}5aDGZz9|EcPQa?9U{$$qG?k;sQX0qC!u#|O+v84&l
zsr9Ub#zVes!5{lDMA9$yFt1Eg>j{3Ki>2^tJQbfmQknp+>tJoCsH5y22&{&6qQH7=
zFU7;MtmVruyzwbmKJHF7F64KdIM%OCx^EePEDCK`<9*PPjVf(ze<b?-KTX7?r=i2B
zt2L(_2<Zr1am{Y}Tq5d`!C~+_MNOXk8CAPVuMep8FQF^P2dMqn;u>oO;^nB)gb`46
zV1^Mq;o|dVZ%=^{Sa_2;oJDeAjRp%Jai0CbTU9S#kNGx=*W96C#ZI!+E$gxkhgYKs
zKtixfj8RDFp3k-gplTJawMCpieIiG}ovSfytMo~-7zBh=gT>3r#X_tqry2@UlV3>$
zA6FGg!}*!xReYnVhy2mSUc8iWJE2Z#jDli{T^zBx>3qnA%G`?lkq<+6(*Htu9Y`ws
z$z(NM1Q@%Ht;@WW_hG|J+lCaZ1)w>6EUQ<nqv#n#(^&zE8MPTjJ{~%qg|4&^-ZK@h
z{2E(Z<VVs(2`S8E+rNn8NS-YO>LB<R-j4^`d-M>#^AFfa+{l6fq=g)?tM63cM3FM6
z?s$ByDiVybRfLATR6LXidWGBWKsMy91!#6qjNhWo5USY|TwWoZ%czPOJ8$PKTSwqV
zD2ZFRRpcJ>YMZ9O;vAS4fe0m<d3D6BGm5XvPZK=QosX<Ktby3qFmCV^aR3PAf3K|J
z2e3NHK^SNuH)OHZJQO9vBZ7X2EmTr_Aq6S$t7K;z*K90rUQ{rS<YYR)AnaBwudCW_
zx#6IplU36mj123nY9JjuBf&zy(a#sO6uNg37U8_aWXUr~925;e6iev6l!;kUtv+qV
zz$XmO?yJuT1m@bJJDFzJmwil@Tf7Y}Eva%Q^MC%pUZZOn+#Y~7)+*1c0p>GH4INL)
zlb1^a*JKLIoZHu>nH4)>Ke56fkdG*_X&yd0l5P+P><le^uO{uw{FQ=!wTFV<UYgOl
z<Xo+QUJ>}f_9B7RS*)fn|9Vgznt=ubF&HZif24vTe`;JO;HHqPv!3b`iDkS+5V38y
z(#V?wmH=@#Yetlv(-tHjM{v7OAW39T1to|o_v*ltP98+tcI)q7g*>~OgD<!C_A@*h
zyIPpVY88Yihlt07Wgf^U%30{c=d@}jHJ+G<gs73fb=?suAig(}onabN++rfwb0CPU
zI*8HdeJe!?mCA9PXDK9!MtPpnMMzk&x;ms4F74^u<i7{(?gyU2nu(yC^{F^(^B3$u
zPQGuQTLv%S@4zCL;hLJ#l+Y~Vd*m_uL=52N#y5tF_ffm8I$Am$>bA-y4vq;Kuxc^j
zjK^hO+QQLTx=QBmfFirwxn-b3&Dcxhsh9zR;>!jvWp^^FNUrsB++1-xzrYA<Qo>|S
z?=A<W2zW8I5G7K@3$-qkEn4^25=WL;b9JDyMO7`$&MaZFU#J}~)pIV;M_1MVpUD=5
zJSEiT^~^p%aBq*mOJ&mOc4huk$LfP}mQ`|~C;cVJ%nGEWIPVHOd$h{q8F#d_qC-9e
z*x_YW{ldEh%LOQjCRrKo5rM>=f#_3}iqbA&=%u~Tw(h@>P;5OA-gT+WpvAuq8l47x
zw2%XooV_}C74YhJvAvEmh(v>%q79;>fZS~|s1|$RQ3CBFAi#SUh|aoKmRUd_*`n*K
ziR!aiY??<iuI>(*zWxz0ZfLlwH`0Z~*o`Scwg|Y!<GMBFEtJyfjPzCvg1{PA4ANF7
zVSYxg2s^RWD_Mn?O^H4mPK|2Qa0<zfiqp6;Po<B=W{%&pT%cGHc5lS6i4vf|msCQ!
z4nPNuvfvz*;9H4rGG%#jfeirvNp`|AJAQB;R?e$d0*6J#P%$!+pC5niKs|r@|NK`w
z{eEmqZ}=LxuXzvt8v6<`Vn>Zt=?-$G$(NrTn9VKaO_X_2K<_-V-K2QXeC$L2ps5;@
z^b?n`3M3@xvZ{X+n73gTqm`VydG|i)J#6=wDw!aU@lD;Oh^rLBEiE~K#t0yeVh>9;
z6l++tX{BYf2CoHmPa+UlOWGp+`z4FHMb<m1VD-?&L!(_CaY|hgjWm*lnpAG;cbSPv
zdD}~;w3Yx%D?X)s^D8UROzO@KdHX~)1EgOY&msr#t&z*qeTMG-CQ(|rZ=>Wb=#9rN
zIPTwrBZww^PfpIM4P|BH#X6b<9vq&wnOpJOH{SL!MMt3W+89og%-gyz1NbLemH=*)
zt+>c0nG)~n1qx8xf*+;l9%>pxF{nf>ZoOZiD1yHbNB+bfUL`lIkGnGjanb2ARn7wO
zFwvqL{;<%3O0nG5j_GluVD@j6_HaffzrvxZ#|PiE7CkR&YIyc5x&AeydZr?CADZyN
z2%H*y>tN}|i+2k|ssGk%w_bR`p($G8+M;CW?5iG+j?z2LY>UHD$vSb1DBq32y<n}5
zuu**9R&ehb@UD4PE#7YvgOSZ7u3$s&Bckb#<^lsEs6OP{fD<@k`cwi~YEfmS5);O{
zjIps?xsmiX+A2gm*VS>6TvhD@NA4ZteCK6%Z&_QJu$6G5Sc~OEF?dfPM64X-p&wWb
zPKnO#<%&qE1&Kyhh6AxpIQR4jITZ40VM=N#uqTV+mrkK_A`udXgB;W%K?OuJatJhW
z6sdw+0HA0RVN0U62{ZQm(M@;fUqvg*#6Z9Az|(M^8DDe7^P3D?0hYhRc$@!VKaw<8
z4i$|g@z$wiBt+CZ7juFIn{rfj-F#DE1ERpJ*mD{rb>0FMsPT~h$5%>D!-P<FNAeTR
zP&{Vs<2PTM-79KHCK00I6I)cTUu0XsZ23L|kUP_ANamW^^53WN*h>AQ6L+-6sin)}
z+s$2uygTc&x|~N2^PmDr+6f|9(vb{eMN^^h^;=CsMj|C`zhPs*XEB_-hHRkz3l6{B
zE??Mn=CGoRteC03qCCSd<A-xr2(*b15#CV?M~41!7vGYp#YOZCsb!5*r!R~_#egs7
zP3Rud@H|Ckg8&>&fkes&)+II>?@6*8D~QGrze4Tg!}-1vg4N0)c@n@Z_1TYEJlu)D
z0>2w3wV(Kt1=5hS$3agv%;}cd?seGM+r9uM5PvL)3!&8XkU`h&jbX#Flv)mYuq&$<
zeZJ><R!zDOC&}Dsrz3C^Ocklc0@*Q<HS0=}P{$fIrzqGTG~xj2|Jp^nh~5iLOtHd<
zZ+Q5~Z40`mJ3<x^U)IAieG%WEAM(kSuKgtcdwXGDNf<6+KnJD#i&oX~>D)FvFgl@T
zL*zfWzDfgSDw3xJAw;~A#6)W7Wg$_tpS>WV+ofCTC246x-uncKK7fnsolcGwwqt87
zktCXGl0?SfTWb>UN@PN+mj9uKKGGXGzGXk&!6Qxstp9twT}rJc1YBPo)~@Vu#=)5|
z1(Rw?zk^GfgcHV2N!cul_5+CoZ4q3oeXvpx^I!BhX(rR%D6q592$$>6S_+msXgRWZ
z+R)A!xLvz<1^&!9)~T?VP$S-rj3R}KSEvbkC*Iy0V?Bi6;2>S6R0oOx>FC`09n@E~
z?GbTpW{SCY=u0q*FQC9JZ%G>urfbP#?KH0iQI%BX_9=&RYFKA^Kl7>g*9N_hBCTb1
z3)zx_h_07M9Rj>6`5jgwkcV}Rpif2|!4PHP7=F^mDE-m~(wrA*WOz9`UEcI%I^>>u
z)|a)L&eL@&hSFq#b)Q9~v?vQTJN#fBV4B*~M~|JGNj*u69=Vs)umB9$qeyDNI67&g
zsgwjixQ7NILPpW7D}B_a?$N-K)*KIRCC31Av2vJDOZ^4h84j}E|7FeZ0LA8jCgjbq
z7SA8O6U&wB0}PDX?#|?C4TgmPpGjH;g8pKX6PAkEwO4)^OBr!!%>qEDffT#S3CIu?
z{2t#8XFCA=eHRLf;)tXXs(AKHSQcTN2nUdbuYiL@86EPr&dI?tQuUt3m1AWo5bE<m
zxMSHHfGaa}0>Cu1iEiYi=>bB1gPYkh4Y@YcPF@8-kqXwgR!3`kO6Ab1oTN5sdf@tC
z^5Cj(QH?T>7X6rxO)*iML7gv4oe!{PAR8g!DTGWsJ$m^AzWK#`3t@bmzVfJkfzR8H
ze1Rq;pbpNaSXaV+N+Eu_HP`#qAHT20Yx-t=8Rqdoy!0S7c^H`Gey@h>_+dxg!BHs~
zwR$pHPU1$N?^nV~-dCB%u#w8?lLEzu5o!xCc2r?61dy1K7%FT(Di-l(+e|ig`Daz$
zEMw}LV-kQiQ_bl+oig^ktLnQ=V7`v3R{O`{v-S?2NqoX786>8O6DCE*Zc*Ja>pzWA
zBkP2otGIO<{r*RWn6cT1f93EJv2c(>8&nqmcK4Y6?@p{3m~3m{FM_7cK<jdNW*xMe
zc7MF^)fXNHRC;&12ZB4BS(=EzeDeN}G7t1>Gw@h#+MUnuAI*<Z#rrr9*z-5v8Ev#S
z3*dbJT&4gURmt6&zQL@7$P@Xf3rA_q-U>?z!#O|}(A<jtzF(9SHVAYk%9{;Xv`K3E
zWdCA<+C&CU-&s7C6l(B|544&+?X33U=F6-g|9$R(^-G~b=iT%p1JRxTqR$2+!{dd%
zqGI@px^D&8g$u}z`Wk{FvkB8rr=d&?l;zvU6{To3G%3P)#WWCWi5*@mb)7Ur?_em(
zceb5bDVp9vVZhXfm<BD<kljjaCs@Mbw;WMG4zDm|z~I3`I%nov1u}#iXh7&a_)o#q
zfz_SKmF%9$*Z5`=*|H2{LFJG7o%m_TThG%xV3zGo(PQQf890f0!t)lRxLovs-DhHD
zLtA878NO();HJg=6d2>V^Rr^2esh|!>L)`eCtS=Np!+(VsKKhl7VC7WU~m6k#(<+U
zu?C1+$O7#FHLYUC<G+f@g-P9PUG!~-aVziZxuK-70(e{rJbR(HVoo=#K3WdRL!yDG
z7}g_4=gX6^jTUW#{1*HdA2fMU1BsxIh4=XfMKs<KMNF+#xtX_zbW6z0=TPKq9d4Gx
zQ+?_YRW0i^7dSduq1qDG6!9B>YTp{!@Qu{lP}C~xyWKbuv;Rr&cguk1ucAQHLdjPi
zX5{%a3XcFj>-#<w3z~Tll?il|*uv#-&Z>@g`&f;$Wz!Fg6kdC@Sc6(d>ZqaN9iq`m
z0!x}|M-x)o$r;lRzWafERVMR`9&X28DS!!mN;-(Vm>zPTc$UE0d~euh)o=X_25_*V
zQJbM4%x`iJj+lYnUwP@c3BMBtnAIc*1NPfmzn2d<zgP@>Ya*r00QKgjPT2F>_-}x@
z^e1m>-A^1vFIr8-X4fOylN_;jR1#>QPQxY%nGr;ne_d9N1Rzu%$mi{$Dc&DE0Da3a
zrm4|fKf#*zgl|8k(M?So9Lg9OeL;Auh*q`(Kq1FrXYwvCI*_2DF>5XL`nQ+Dr)Fc(
zB@f~kSfAQtq}R*_;mH=84Zhq*qxm?tHrTQKV)44Lj>RAv>?uznW~lTdpQu!ep^gGh
zWamzDaQ@=6#8~4@NL;2lFfo9tn0pdtE|XGLWbo7J=;AosFNJcMhYb2YO_zr_`620P
zHnjA4?aU#-M!(;ty&DDkW#x*V4zARkCOW@iYr&n3@ip!+Jo5vB6esUc?A9RkOS0n^
z2A0?4A|DL}U5v>#!cqA_xD5uou*BDW4eFfysy0v@@>2L}zNx{l6D$lpKft9dMSXn1
zbYx=J@2H?dHcV%%Nr~=NZb9lkw27x7--r^3P-_RiH}xjs0)Pczj-Ss`jR!yHA?@nv
zbWOI^+R_5W-7P=#yN6&c5(GdCw3_d|Be<P=AGn}Oa&sij=0`ttgGVTbQHrG?57B<)
zKaZ*BFKqC3Q2eGl$=B`(Zlo9C_#zm-6dAdG>a#M2uJ6)%Pcw&ulVn?p5%~T9?y2i`
zV%(89tP5>TSTznHCH7i>x@>;}`MX4ZBs;2jM>vu(rw>#Ohy(ShVDbYlV7oD~wPWw0
zhDyeJyRhlDGcOpdf%QFX)P_<U{iL6em!8MUv>`+NzxAkI(5lMU0X2^7Z9GU`EMVus
z2*3Wf*IBtQ&q4@j_I!|v&#@iUvErDdCWMR2eH$>s=m6DR&y#MK>vgXNR1cC17DdsM
zkt7Qb0YeaoS>G3hH`R0;zR<`<PY@yZaWAq*RUhjC;YIhH3CzI+p}(=2_E{qYsKt;+
zNLukGDue3o`k_ep?`L^t(pyKC^VY21h24Z!(e=P)9{;X0N<6S`B9ZBzWqDnVaF8>$
zmqW1m;_>&$WA8VKTHuU7=uhPZ_cbxYZzxgekWIeK#MYN6Dy&y(#F-xAZ3e1zh7!5M
zT?(-5FIw?(KUQ(kJ12=dc{=2s;k7lR#7+C;0;wgt?_%a{s<nlV82@{9Nzl@&Jw}pR
z<~#<?dt<W&bv<9?PYHhW!^PH_l5}%_oA<p2QE5<5W9Uanjk-c+XlgU1gJzB7Isb`^
zYtg!J&1WMk#}0bjQ4Pu*k(&vivBwz%M+@Si%kP;!5MgM@65<*Jw+|rq?gHR=3?+8*
zDRI0+V5@qgUnhrFHzNw;=Nal4@_mUeAo!XD9enB)d~j|mgPlSzz_&5@@Y2J;V~9N|
z2xxXM7z9c*j!&zbihuUX<WqNWilWg7qpOBBbobN*am_S68a9;23s_(>3!V+B&h3wT
z+rDrNVWv8-EsOnx)XA^c?UNa65A!7Vp#q+b#6!JF`BncXr8MvK*u~b>1{p#oZDliV
zgJ!o{=gL3UC=iS^JRH@%^WUL@jS7WLa70SYP2Ht;PZCNQWcd(@lf39JO7Y1u+IhwT
zK8M<{o}%0wMk)|-)9ynuLupDM3A{SM5|+sM8_t5Q?yl8;faC}hAo$8e9L@N-9Swad
z-u`^KnT!Q>;hdk#u)lMrj~@n@&MfZ@1MTTpCk98~iGEN{r`{8|V>R7)##Ek2)1p*N
z&pa;=Wsl3#%N~qwCkv1RVXV3BIuBl!u^8E0+BQE}L;Ls2d6w`tP+CPydv1u5VKTSX
z1%7n6*`V2bpPV1Wb<`E0?JZux@BeG_2IYEmf%VLcZcDQBT@hlAA67v0V@?@a;#<9e
zpjhWp1b9~@55vSKRf)4CCKu9zm}v;h;z;3U>%CBK)yR4?XIlJ~SU^_8xTuEIr(^-~
z5g3CJh<iBwKjH;3`e(AHMl3m61AW<}*200B6W}xYKpN=O0?FfFKY*hF!-X0ykmX=#
zR>6pN_0G*l4PF!s<k0}x6le_OR3d-p`6gvJ^>-LhM9TJ7rH(b6GL@c1DzT<h022`j
zU?aROA*PXMS!ISL3a2i3i22+E(dN3iu$Y*}g34^OIjFb$rF%&m!{1*X{fO-6Lp?d|
zIU&p!gv}wVGEuj%BFv=^UwgmE69_*J#}pj>#4aaAxJGa>6LvY$3oHoJhX3N|UptrV
z@&mPqV-?014Y;eYgYWrcbMw!tNlUS+6x*xVV6x)Rli#8mrflohS2WAf?u;i6>xp+c
z|0U$mb?I3H{Z7JDvNz0X!Bu+2!g}w#5ReTH_w_tYB8fdF{|87lyjubtPRYq9JRw{M
zAc`9xLocBm(b78|lj2KNJarcT_23=!IQxE<1B9Ouxm^etX3mL57>T9K<uu26MZQ!z
zzZ@X@yHgqppivI+i5|x}$llc9*TClRKa-R&YD1EaS7`jRh5t4>`6S8qEQL<p-``dO
z=sAF0lxr;tyJ~L0j40|<GrFmqES*-ucYHbP+9Z1$=T=-7QLTt{E?=O|c-H-D;PWIK
z>PBw`hu1uB%R%}ecsW`<+P?+NI@gYf!!YM4Y3?S}Wo4O98(YFC@?0`NGiAv_w76%>
z*8F%|Vhs}+1wDXmo#!9bbwjV$m?l@Lz(Qij^uqE_(AXw`{SHQpPj>a6u2n*S+*UfP
z1%3Wmq#zGaBswy4MzQQ!(5uxO^2jBg<@_82#FN-uo;`?eSTqr?C#R*E)l!8y>QZQD
zHV)LN3=FMR{50H1y$}UKlRY?r42&E<I^7cE_b$7SVYE3;Y>Ns7G(>U9l@EeZM(5Sg
zE2)%{mW9#RfCP$19ku0XFh{q`l9Ec40TmxTvVgNL2qqaVg1EG|KfErS(Hd`7&fq;B
z@N$I!C1^dBIs-_>$xo~1yTdJZ6YwXvl3Ng24Wf+z){T6E`$6p1>GLQDI5gA5+eWS2
zWpW=Tjr2+Wh216)*3tRzW-@`@j}ML0I<EI?KP7DssW1%pM?CDt$O>skXnB^90Khs?
zK}0%*_L6M8kNB7clV9<aux}uT@pR@sxl9L~xtWp*mW0l2vj*RK<f~-f*Roeeuaf65
zI3>~56QyEl=QYQBB_~Y&;ampliDHxUeRHd+@HEoP^4h2$IyuX6DoEN`)McI`48LN<
z9X;)?Qa`WaMikI1OIeJ>Bz<NeZ;$L{rg80l!Gm|k$>X_r0X7iDvp7V10$3yk%vbgv
zm0w{=y6m*C84$y&8TTqbVtZ5ONJKiuUC^dGwa1N2@os=4j=phxCF^B=$`!nF+cU2O
z_2m+yohS|C7~CU>s%~$D1TkN$_s0w_>?Sv;mkOnHdd(M;9#l3y*OMYwqOu?_H3>O(
zw!7qv0k?yX7or2#lpyH)z28+)<(6$(WBmao2e`(+;?yF314o<7rF#8y_^>*->3uVO
z>lICxIaCziL^yXF#<nMnIy|y(&t_MV^`?3+M_7S{oDYj^8h@Yx3Hhjl^>aL&3+CPZ
zn{Z}F-q$eB?hi+YZcX9Al7c~FXcHW4PI4*Bj7x-?bOE1Je;OCdg`^|g4>lSEY8&^W
zia_%hS<&%2GP%`L>?}Y5?fiQyRN}0lq1`a{I6)CUi}itR3!qM<k;kgVd2SG@*a&w%
z_2DL62H8Ts9=e$lV!PQqC}i7BPkyg2N0)S=e$CC(u-)_!*81B%R|M&1q9_gjs`|dJ
zP~@v>?0eru@{g5%)|ylafX;9C0%O7|U~<pGA^;jP5|xr$Pp^r)4nI8P&{b3QEgOc#
zvjM=>nAKlkn4?~KI7EYF-o&rURwF2)mybfS_)vSe9B7ve3U2zJHLVA<2u=s^HlsC0
z@Jl?!sW@`UX4!9!lv%T$OtyvNGQqi|qOH}ObcukJmer!hP_TkpJlNfTnWhl~zp|Gx
zU~(ksrka>7;CKP$NKmk4F1tCYboCCBZ)DW5Ny*d>;fQk>8!rV7yothq&lKn<#Dy(O
z^NcOwrbD+ci3Eb*R7fYTJ!qJLqF5+;FDBk8d)Z-tSkUK=&N0`+n-MxJ1NsZH=k`(b
zRE*qOXBq2<3yM7Cm?Mc-L6O82Ny*6QEiv(Mc|CL2bVFxvm#<(Zr>KKzpsvk%+uH^^
zqbDf%176kpSm*}X{D~k)xqN8tRTxhrixJ26JAUPN1p?knxy(8iYYS!X13k9@&3b%G
z*cb=OGR&`Dbs?SY0S+$*Jq4djER9sYow{{ZY@?y(u-UqV<IS_RFsKrblW@+q7w$ow
zF7L(wfU^Xe+4+cd#FkOp{%%5Dk>MwswK&Zk8#Ae;VlL@ifV>(<qkJRGgYWgymi04F
zLU3pOMI6g1kA+<r@^+7f3GZm5W2;6kGXMgfu-5|1f_i_bzg-lz3lDSMcpkBs9_|~2
zk{0y_O)wU04?WVW*P&+2R(jgDzxVDD6tI$=6E^oNK}+kTG|sFyHw?Kt5Zs@O#qqPf
zB+6_`UbB8S8Dsf(0=_5&6ev1EfVZ)%6Z2e(Dg`+O`H-PFK3_7gi!%nwY4z%r;_Mk$
zP44z|f>V@{s43gaJ`%AYh$o)riV&Xjm)zSo>FwIl>7o^DOf*K%T~P^8AbioW^YKzY
zW6j+ep@`yFIt7SuQlIN5Oaba+so8SSb`N>T5lDD5A2#GiA=pBx**0#&ujn!v1=!?j
z?{{}&*x>*`#IdHn2qFeY!PwFBzZZJ^Rv$h=<>xkKEQ-}^I@UbR(a|ZtFe+x58KB*9
zq4g%N2%Lw%er4b{nYaXn>Sau=vJ5O2te7UW3<&a}W6~4P!OX}SkM8kRlu7H&6iULV
z2sC_De_3^&k40r8;@Dob*W?l+xHmQEi9H%rdG4RgoSg~bK9r>@Bw4}VB}ToT^QF3Q
zk2$VS6eBi?M^1|GcKwt+{W|^$pq|+Hp+bh7-6`uM>Ng52z2d+QW<^;<x0;$I`lcG2
z?uR|0g1;i6fX-ZH7xZ$ASzO7y%iC(b9JwThGSq|FPqzl_5#+063E&%)uEoT`-H<L&
z%z-*K9xf!8ImuoJA7*Ew`!Gl?5Bdj3{*;AX)xXo%)7)3hk!mZ9^JTI-Z}>^YgfujE
zH-87=74dn%=)CSzf-DOmkg3L|CTDwr)}WUD`Sp-aEvD7>${pU4#Gm1vr3op?*v&xy
z3})AQGDY<el&r)uW@?FH0S$km4qJ_`ExG|=J>U!M817BoGISP)4baf^ye`n>EkrB(
z4|qxD-Z=(-8^nqsd8rU<49v@K?3VwAT^7D*XIiQzz0G&6kIP0sgW~iOy2hPC6DT>{
zP||;o)*&j?>H)Y2P&2qn9cwerZD7AT>~pM-?Im2Q$GEq4lCiEqY}!N<^NouRgB+(=
zQo(uj9p6;GN<L^TbHO(Rj%lnJoWCJ{KIR1D6No0@X9S6EDKuo0Pey`EyB_c04+v%o
zFiUDoGkhldO1(;a03w`e2E1VI#uQIP8SEmP_lTdGP(}<8H7@vmujSYhsoOnsIl^}h
zFYP*&5D`ob5x!q%x#U2V{4n5aI9}A~wG!5b8TQ68vx}(wzh5%>DAK;T!2LL(WreU~
zgtW9S^}^sJ_-@T6gI7rCS0Y^^_*UgSUCMfZ3|EW$SYlFi80AWmKtvlBNXG(2Np!cW
zX@jvyj4b%K3aiSxuiCiFiqJsITxmu+?=hh{a|=j7K6KDYO%U?aRJeVGvo)-CPzU)p
zmr<RZNsN|9r=%)GfXqJ#Tt0<?!Y8}qsU0IA<xq~rHh4p+hS18FO=U1`MB21WN-w7|
z#1tzCD!qJI(>F}ctGDEWJOKOZqY7?$@$qoP@t#ia?Xj^1BC!CIs|~5H^tL}D)^sSL
zt>XALs&{pQ^Z@JNvdT?ARmo_R$Hok$f`=`-iDvknITDVi*q}A&Ckup1nZcPOP+3R}
z+OvvDGCu|rIdWf{(Gc%Nl*9+%W`|}9XT4BGBqBo@GMj)#wG^E(tj?@OY4EAvu&SBJ
z&9zL?jWg*R%JR&fB2ySyobve$PVpA{KB~3ob5*~}ek3(DDr4-PAr^aGA@@o|G#V{K
z2md6l6(*Oq_L%;kw8?+5!_tsn;hh+dNRLWkzEta@?DZ1G%X%2Q+51Ww<KG6gw=ZL5
z4sZVh+65EOtS=FF!5K8lnj8OG!(=iZCPwZlNil)VMKT^)RpqFJp+G^rPU5Pb^bU0-
z#>>Wn*%gB;yRPO8QnXC(1}p#BSb?ID9W)sHyo5|<XNM^(ZJV`Pm_P};BSfRYA$_|l
z&C*fT<9zFEwset=tJTB)n*};nSJlc2@pt!Phy$>2x`iChqwyVi>w1JnNnyEQ@-8Rw
zawi5d;qo-h>=+9&J+=-UXsrVyq?@=-0x)A}V=*D*X}`UnZ}z2=sip@04BON30HxTz
z0`((&ogk>dd@zua_0faKyX8TL3J?yguS}+XBf=c%a8g^mW+^O^hxpH2_CZq|uH&x|
zz}Wr~(kgtoo;~++q`<6JApC^z9=hB<*Vi|u;h)`CYZSR^j&2ymN9<kiubg=JQyrm-
zZQX5z@&?ATQ{|b!;upM7X%;>(5|Qa+KV!kkxJpc}tRi7+rdwuu#GECB0unbQFpE!g
zH2VVKm7@`(3wnG2qdH+^FENV;F`4?E5U_JNseDj!#HeP@Su!<63@uQ!WNjkGPwo1Z
zAox&f`HiT8uRUYsNh^+vn~s{mZ_wrJ8<G6%OExO3aO~QpQw6nHcbWv7i?pk*2hRwl
zue=<=?LXbbRRX#IK0BAe8_01tdt%%z4KziiCW?0P3=|8*=AM@GSFbSX$dAjbx?*ND
zE}xBRh_6V&dVc1rE45UarF!Wr)JU`-7U}e8TSp`^U3~Nv&miM5QCB5U4?8W)NmsJ&
z2LyV60KDplrgNz^oyizc3!#M>)$sIc;MyAVTa6S@L!vMyFStT&A&eEr)ULYNFMHIg
zAreWpw4W8!kD!blYk3o}XC%-*?aMRSKkA%s$;QLSpQE5<Z8TrT25n#Os#zS$zVpjg
zCv#!fO$(iXl1QgP46&hj8Vz7H*Qu=x7X<p2W|o_p_uqG`n9~LzmnUMIAq_=osS?(j
z<)4%19($C6eR%T~Lxx=RiXiKDn?!{Jm@6Iyc@?->{KmgT%g7T)j66GxA_PCGB>x}v
zcAR9iP=*!qx#C?ef<m!+Uos3u33qB*E1P2ei0p1)^e)Wy;;lt4AVoOBr{##jkFoz3
z`j28@E#?M8YTSk0rhzx<VPJodexn8wz^+3xS`f-6=&1XF1DTro){RuSv5o8)trS_Y
zGxLJrUDJ#Z4_OoR&%@W&CT|~KP-dHlOX@kAroNm{l)(-|XH_HZzMVRR>QUfhvEK<H
zw0|Nu7`>jz&CM(adm1U<dNjX9rcl*A`KIYO_JUJ-uqz&zNt-xNc{pklqDprk)-Hps
zTBG296|;gLegNNX6rGt2+1zt7<QV{&H$vzm!zdlIETHLQ%Vf|!@B;V}I&&p{*0T63
zc%<d=ThTkd#nKX=aX83RxJx56l$AnoBPnG=+$qQ1WY_D}kJ;2d3eQZ(XgTqz1sE{X
z0lTr!Mg_JY1WZCI_!uEsQ#C@mYx)}6BS25pdkV^>)k!;;`El-*3<~<5=0m%gQ-!dR
z3F#2YIy&0(y|$|F){P>Ou4ptIOY-uUbdv76pvNeO2hw#4n8!qf34(ae)iI_ReE=rq
zZ$^E?_3>);kHwXdxZAquq9s@suk84FQ5iF#3aCKFt3^yR!qJ#_sZtpd8RC~-ka^50
z*V@QDY<A2z*LY*IizC>fF^aK=-S{i1a3LB8J7`xbU`}WGvF51K@lUWn99oy>-#AaL
zQ}Lp%%Ht@`&(1$n<hk6>u7Ge)iu!zT$6b$mWaPjfP+LL|Uv=B+s1M_pGpP|o(DUSa
zk0<=`bKByXjFhgbxM9n3aB54*lSo-cw#VNFHnH9UYjM5p!*`x=3VQ?5mGK*yEN|rO
zeywkf%_9f=#4yU05ZoBIg5j?v0WgWL=Y*z8T&mEZQ#ofW9fCg><H52i2vevJ1E6Xq
z51BJratG6rB}IubK>1I@Y$9&@XS#g7ZR&~Rk7l|0A8%n-pIi}HUON+oO2R>pyFakO
zU_9~zVisFnVEacO+%r^`^m5fy1#;-Z>P@e#kV|7^@A?R-E=0cC(5lMvgvy*a5ES$$
zMYJMx=IjS#<UjYrF&5fzWI=u$KmP<1Cm(_1sWE|UgvMFjwmJ8>a{@fFzf$kdJ&}A&
z@Y|fM5)$&OU2~E8*24R3_KT8+sfo@!)KBvjoTX>Vr>5<pPzaNSU7dZ8-6l#qMIYy7
zg+;(Gto^a)wCusbV&F6r`phLsYV<qVU`D=M;M+c$72x_eS_j|e4=R<g$h^|J!CDJe
z?}Npn1?)Hw1n14L@<PjYg#d`VH${5Pps-kQoN1|*U6+>CoEJD9OhHgmH&p#kdv*4{
z(JhY_SIWe|FFXtTx{~W74s||UPnlm`D7#(@+elryR8b&~bR<tWhq)n?D#!q^s)tjR
z;Oiirn7DHCM0>_D(60ixGz1`^0RtDK8Ps4yUx^k5gb#SqM%%A0?N=@80f@@Z{U98V
zk|wF@q1O#bsw)m|8k6#i=<V7I@p!p2hAqyIiy^$MDOLYZs;r{y^^Fvd+wRLapC<nA
zXRzKEVM;}q&5~SBJnnp@U(9o#-1u&`UN)Jf+-?!n2Eeib42)NP5UY11m~ZBom%M)M
zJ&K|_&h#AV!QvOCv;1U)@#Mn1!jx~($apkPYQUpq3h`kuPoTILgO>()&9g{KPShM{
z6@tie<(^_!UD(&)hI^5=^-V%F0WMYDD1t3eEhZ)JBoe0(tgEgyG>(MY-#tz@a@|Lr
zj*I#=9aHO%on@kG{X|nw-aK*M^}H$0%DY!_9lid)dlhKx`MbH8i~q{e4&ay5i7p5>
zTjle-g{};`YFhH21u>FQI?YuPS1rjfw&9+*bpL(d7Fr8SGOcoyGtYVVoiO7lcQ+q@
z5OTLORp<WsN>$<C0B>+Bt4}=pprDp`g7SH=9li>31Wn3Pv|1C%hzVM#Q*Ppfr{iGF
zZHOm-2imf2Jm#(8_Ee{upzFQlzHU=dC$FTm*eU8`&fYrQ%XIDhZd))Y)>VSZL|ktu
zTIU^wLf#8T+P&^Ncp;ALb0`H_J%i2_B|%BjdJke^!>Y;~44}y9=K7In*EoC?Oxe&E
z0&%MX?P;qweznoXBc34@TT**t`5hQyV_C{H8cAzHoVOLp{y@><PqyAG7|{M@kgNcK
z>ot#Y=PYjU1E3v=yk?kU5wRygHO1Z`6Pa!ISYZhB{P(HGpf*0)hf~2o#8jG2m`;3;
zGEk7_mj2feN4_c^t<l7T6HmBNet3qAD?;W`W)sEl5Bd)tvInoGqzZZ2n(^5)ZInsQ
z17Cmfh>(6UqnL(`h}JJ1j_Ru_{D#R5WKNF=L!#LjF|+#bgjxyB(F@L(vkpp;Ek{}L
zroKPUhK^YA{XTWCkdc(~VV>q$RY;p6mP-@QDd>MqP@nBZiBxIKF!gvAbjib8Wq1yj
zBHU&E8{%_U)G>t->_jl|*8xc?C;RJSb+75Ejo*t5Tyyd9Dh2*Zy`CMB?ZXeir`~yZ
z5x8sy=avgBhHs5zIT@B8JP~b@WL8#fQYmEFWVihN#DC}d@67~PWhV-x?E`X=IL;Gb
zWmWL-+?15Cup=w07>;o}?K7-cBEM4-L9t3WTz0hOo7NoUC{FhNmY7x%%n}}N0Bf)c
z|7#GVz>8+X*Rz@wZD#mN#PiA2ICYYFvNA0yMGD8MWILZrw2#;B8(o!cy#9_sXENq8
zFr$0zNOcOSx9Zcgez4Ga(1z<aN@BiaE2QxFFG1CYr1T7utRr#WtFaGaz*>xwj7jM4
zO>bvq=sV4=Ks1237)iNDb8S0(c{tp&G+4?hpU}=SQH3(lVgi1cu`wFqNp;dTqSU7R
zswNr_lx=cPlch#Q?o1aY&UiMweu_Fsvgq@yz;9C}W51bp)o7xdiIn~dF7K{%S<!S>
zP149X!X}2X*_WYgni6Q89Z`!+Ea~_sUe(JwuX#GXo4_@|Ql_!xt=gwfaQp~FJN%)-
zbx7(!)PtY;;Di_<{^{a*Oa1IL4hucu4v#WP`2!N1qQ+4eWTo0_J;FXf)fI?^0Xc7%
z7>M_poBQzOQPfegv;eJiwq>u>2(tMb5z6ckb8lR|bUO|UC;6=ORa|;%Vy+}l=y%NM
z^er;C3f3Vx?7a=YQiFvuo&vtj4{-^4yM^$s@6$c(5Tp=m3aucU#@{@V=LBV|QDx_}
z2$r!Y+{_l?7r#M8o}~&AAd%U0pbRNVQd3f^lE@T)5z^=hco>E<J$*UI>8Jl_l})_p
zHm$&7KH9{0*o+G(x8Kk>v4L?%gOkKaN1BE9Aa$WUi1-ROiI<h}(Nx;_mQW<!s37{D
z1N|X>59)MsYf72c^8n~Q-Sr`?w!ZTuWVyQr)9vT!cIA|MS2D|~isvbsA+}JGk+nn`
z4MX44$edAZ=3%t~Q?3wKLZDw}Y6K=mLk@OEOSc^)`Y;8i5tM&`z7xc*LUxj1>rJ`L
zWc*_c9^hoks*TBjPNvJoL$JvnXMlx?%+~@n@bE|#EGFF*Sa;MBag>u*!Ze$y&bY~H
z07F2$zeD{FZ^eO&X3VNMw8ex-B8TG~X~>(9&dVK_W`7O%h3u9W%(f8BHp^0|LeyA;
z(bAk-B|EUmYLsr$`?jVGR1o`1zOSEk^H&-=nA@A(7ekPUlu^VI^<DZPiaS1;zp2kI
zkjd(Oj=WbljP(Er8s-0a?rAqDQ6NKfhg=6-xZsd}oj`h~9rYUzWK9vPF4~EH_9Fur
znCQO>Sw0c4nt=R`=HAC87Ma^|Qm7E74J5c=gy`<mJ)3@L>?v7XLIre#Qk=?J5M){E
zpl9GO_uzfxQUUR$?&8_r_w+>jC98#ov&&dBeiOlpi#|RgK7jPl7wdwuH8M=xDA?gv
zS`sX<wC_~~ob%c>J__5BkfzY+`F94UcnZEi9Hwwqe8<=&%zofi${?I0jGjch+`9AV
zytu>#p#-h4XJ~s95|vnx8Ev6R%838rjQyUpWO`iLUCtH%M%da|?dLYFi1kXP2wc<G
zV`hdUW|P_zEiuMn6kG|gjsDv9`a|`gy$;18AI|lh1bcj%^onj@IYrO4Ey%FXe?Or_
zT>TMT@x*{}iDThVsKjYER;@W%=;w+e7+mLN&554E6zQsMhl`dIqI?=8AjA%(NLl7c
z7rpaU>sQ#m@?VQZX)cjucfb1aF|_a$Ypn2P(ZWBL*Q;m{N}Zhg&Jgcp;iMrCV){*z
zbpmXcvBmazQ*oJ!A6*gikfBF%Ll!anQ7DwC`2-mDR4w2mtFMnGbADovy&d)N9)>XA
zMDQ-)!TB6fJEbnYg<LTe>l@boS}M&_oE2_MDm<wT8wwBgvV<$CJt>dfpt4W+um+OU
zJN1D8%^+x3>C5MKjVQiWrboDX*x#n@i%|!PrA`*t<1<iHl9-pwa=Wuv!r;%@p?m%<
zVY}gYtq69Y9b8covU*IVf*_LL!OjD3)L#0>`C7b;N}|B*)+}NNmru$>7Wn^fa3~h1
zVT_sbF?mHW-481G5KL_8TO%ysZo7pz5mNVEiW}GQw0^MqIb#X-CvlQ^Odwi*6`a>)
zUg?5yUL~NBhf(_6neS^>5y*Lc%8^m=ZNX9FYWE47oUu$jnI?A3pG~5F{llEOdxjV%
zpQc}BV2Tp9#&%rC-VnU@A4qJoN5|`WxBct0${;s^S`SM4O@f>nV+)C)Fh#<&Z4l=l
z0Du=_DwoCMG(LT#2PGz*&rb%|H^}JiZSGdE7ih$&ejiu1M)YsgH}e3k$mxxnyX%mA
zPhK@o<L5+Ql#|@>?}UVe{J{?g(W@5@I`}s;bLr{LXL1(cXCbgj>KQ>7+2Og$tx}P}
zekm~>P8w@!uqt9nwY9tBaD-%TRH=Lf<6<jo2GUG76D4f(p52(WVNRSJvhn3JG{Puf
z)-VfEqHoR`al&wDrQqG+gq0x{c|~i#zi0W^CkO-)psVvWARHpboUok~d@@aOx}bF}
z4f=X*>tzSPaP_P=D=ozo*6BSIW0-di4CX@$#~4lz-`)t-H~{rRV3JVQX4o@1@+sou
zl30kkoSF>RTft(MwO6)YYf4>IU=p<d1y5f{ct*jG`fgmCFs>h|oOli{^#-d}hSNA)
zlOru{ce_40U@j-8jmeh`op&1(kDsVb|L94S&6+WBAvTF2nn%j9m)@?8U55_*m=XM0
zO1*v4WVB)UDe9v#=_bi^>I(u$VY&%SrP5=gGKZ<e(Qc+*L)1`ITC49ks!789IjCQK
zcE7wr+SJuv58naIjko!~vt^)Vla4c(07i|}6D#!zhQ{uCEruH(FT5d+W~c>n>*^n|
zkpRCBVm-Gw8KN?V1t1DLB0#}hFNv$~r%Zjv0hU;2tB;H9?g@}CH`j~k2TbkQ+nj^~
zp%nR9e|@F^`^~J?74Kw>W#MmNZA(>Ge!I9yTI`-ec^Xr~yg-x~C)+;riIz@`=(^)^
zKHDd=?&1bbLa`<J^C7P4fth|@p`>Si5lW1sV;>-2P)zhEmivO3VH|?}K8htQqNVPr
zRu>G)>90)~qZc^^2ORbYFtFewBm4d99EDS$NmXiY$kVwU*lSu`q2=YO={8AaSBye-
zRHsV>*U6vg-UQ?H147zeJ+?F9O>iqLKF80sm0;>vWGI`{fF<qkff!~?6^4g;18A}n
zmX{#gUb^km2qMX<bUjCGF~eALw|nid1wrs%2iDv18!Ks`ltI%v+Xafz=A70e%!qN-
zLnT?pYAdg*l>%rskMyTN`6ZDUIAjsTIE?fRKsq;WAniAK+uxL`0PvV0<yYfK@<#DU
zJ2l<q1B|s(^E$}FUG>d^#DS1GcwF_^nJgKq;Bw>SmAf{pxQn|<^NAC4GTWD}lu#bo
z<|`Z^K-vi;7%Z|U4RU8x)c<+M%a{~ow@a}jeBIbHmceYp&gwFey7WVT+y(c6v(l%x
zRJr)Kv}PIkf5e-@;bbZ1WJS%!q-kG}1B2`Rr<_{7@>2H;W(lZ_t`si3iW<UL3W#l&
zWp_mvF6X{+=?_k;&b84#;g8M37mH&a@nyn%{==@9R@WgTxMIHW5nbCdf4**36WM+A
zf3Z$1B+Yx665~yBmeQ!j+LKuc?V~pHbn@rla0QwjNb7%}DoN1AsGc!6QMHTL46QT!
z&Y0UE4jlrMBe(ZVt0j06*aIaMt?BK={MCLX+(`S_QwWPIw<K-DGAU}C0wSPGG3f?q
zLKi^$XY=&rw;S|lK=&h`+sk#ib485}(LF!dftIB<lUu_K?}**~!>Mvm^{CJKkUAR~
z9PCW=VH8;8SS8~6al8<&<r*gHPhn8Rc8uEUdca+gbVymN>&y_vM;w=6`jP>Swa7UP
zCGp=~hWg6=MHcDS3#uaZ=?5d(FgKPS`SLd(C=hPc4_Or<f~=L78^$IH7Ep@WTDxrd
z*7S&e@bZn5imdGn#t)4S{k%fgDxLo*GAKVk*+gCK93p)<QubR06n6UIEOI3=%Xloe
z7zQP-0H`hp!MCEnhOvI_YRKK1c7B|+EUG9`gcG|2N>Zq|+v%k!t6@ro{nDObX4G9v
zF|-N>*YjI8qW3k;lM{DpckVHEFZ$7FEBU}m81{-=!{aoNPLjq^47OX&{+U}zHiaP%
zQZ5TnN&zKVV(7srj1z&mvI^`<mC-|h(Ij*Dm|dwBmz+4)7>R71FT0b@5n%g+WXb<J
z56wR@k3Gg>wci8?P=ar`UnGM`_Xb#YXl?dYubQJ%78m!P{1$&i(KPCNu2=m*@YO*9
zAUCN7GSP9_KUw=|XcOV$&G919u11dYrLjo6%guSW_epGxd7|Im2fq^_l%b#8(ujSn
zB#nSv#ga;W&!tSXQ&Ifk^i}c0GAR(QDcF^lu95K19>BH$@~uIV#9dGUMaX_Kj3An1
z0a)tXnZ^rT4ZJ9U_<|&jShEQ^JO04cJ^+=+1s#@aZ?JH02}>6ZgM6&1OL#x*UZQdf
zj%g9S8vdb-&b0Rm2{d9|Acm`2glz3XG6u%P18(BvzM?<y7`%~oAg*y%>P4CR>4<bU
zLJ{<sC+SBTT4#BWEvBQB+zP{~nijQ=i|lsPsnEqR>WVa7E;9gIe7~vV^rc-&Z{L7u
zaK~bVxBL4T8MBIenq|U!*Uq$dR8yPOmZ-n}FI#;T5ib%ljB0ACxxuSvmh=DV6t#RQ
z&q7jw#jjsHPFixzSKpY-%*HV1=LLBfXDC?@jbWaUQhwg`uYv^NFsddi<emnLznLD+
zE+@v3eKQlLH(c+l@4?08Y9kn`JyI2NR$k~Su>CCNXAP?|DEe}_zalFeWZs#H!Z4}Q
z-h1fj9)1?MB$j)yNt=|mst-}9wjxl;b%G3uN#gJz_Wt0BK+jEnej+Gp|3cA#3_L{^
zyF=kZ!Mk^fC}QRiJgP8qO#{=F+2MWqpo7vBM&U`lxxvAK?%7xcv;Cq1e3B;}F>wAJ
zLJWo{QU6F?!dG&P$0n)NI>+J$YIh!%{3*@cmEik=#BB~6|96jk;>{ZgDrHH|`{~dt
zP^SpZZhz(NuJX>R<&QB2JH&9RNEhLL(Qv5xG9eYM3QmwJ*Eo}{O4u`8m`%+~vPG}k
z7T#w%h1$Q7z1lqFXBahH49^znwDPn-eNkngMn`Um90A6J4^JH)EuB)GHe75`i6C2-
z$V+sWls~-)#3~r3`b8RM^cxLv$SoF|RZk(0g6w<~0ea44-lAVZXX0<3>^riRH7PCw
zLW+HtQ)ijC+nG;VfHPwAq(+AP7M(`01>+a0y2B%f<hY2F6W<R1HTM9k7ke>Wq&Ul4
z8;!xq*nF<j(EM{@^7Cqu<%{OOTpiJzj}@8O-|0uSH<>cv-i5i$dJ6uG-x<XQFa|LA
zsOLG#I_%zl;!t#XT|!IQ9b#HF92(R)KkuAl6&Rtmv|Pd{ZRp0Bl~K?RyLlNf)t&>$
z#x(vLzh~u4^JNA32m5e@^#rFRQY!wUvnzX^tY3;asu(`b0Epj~g0~n!k2-$fPSe!u
z?7z5kPz*}1R_Oy*6f7zDk)&r>{4o(kHF5rZr<n*g6S#zPM6NJ%OS;Q0wm#H_V{K6N
z<81b6=ZM`C_Wj#Iq$((zZS~fc<G4m$vDAZAaY{lLTsUGsuDDTZ3hiOgB6Z9vb2~#q
z48d5YTN9NWsV*Qeb~8s0FI2-FQlLtF(sksBV&OV4SeV7u=tIX^r)r+Y1&k0O9aoap
z_TLZfT>?t(KEumAgfSegC??`b$KnNaW}L{$_;lW4KmdS0lzPY7YA@^#09w#<00xFg
zKonYVY~TOOW5{LV;i6l2sULQ6n8uC_6=*p6cu<$SsTs1JFLphM(~f?l!(mkYg%j1o
zR5w+~3Ub{!-FC8R-%OPkCL#?YZ!z`zjNk}xBJu^HV9}qRllHbwK-sK+<B;klS075K
z(VaRsw^Qx~CPav?&tbgw)-Gq*#l#=KJytTmT?(sc`n-PI@emY4CAhWPcF~MwmGbqp
zV8$u2&eZPX)(pecTaQHGmYv5o(Ocz5W{YS8*J~gig*?BfQGNUT?3dPEXK?7%%aAiB
z8`R^i&n1rCFMw3^1>R-^Iy_mW&R&+S$!igntk#5+g1AA0(}_?`nZUdf`7J>$jSb#|
zi&Q+I6HSH3k=d0%2aGo*Y<qZyp=0ODY?+>iN3S)aWWI|-`qOB7R94Vbyo|W-OE4IX
zion$G%Wt{ROth@awqVqX$hSCg`o*`y|Ke5>Nyd(=A|uk{Dg#+&NtaE|diIA^Are$D
z69-$(MoHmVMx2X#YdZwN<TNRV3SXTHFL;wL=v%5rmrMjZsKmrOV^%k+64(xdjDZjY
zZzO;&Vy+uVCCs{^JUpC4ooReRdFc^xrJ)afWAQ#}f+ruDIqb3h_YKW~1;v|@Wab=%
z3wt)n25d1e<pP~Cvv{F`IIWbADg#0_N05>7%>eM=!|VfB>MRF6hJ9sW)Pg^Yj3LIl
z{A<V$aM5+~Pq_8Z=_2Q0uL}a2e2+QUb4Fz&p3(G;F0U$Zzgz02-<h@V*!sb@z9xjc
zXK(J)Z81Ry4%Eh<t~@~BmQM4HZ79*p8KE|=-&G4EUi4_w7~}`Dc|>&lx6geZ;QyEP
z+aU3Agoo(fUi<8M?oMEcZ_M7#BL7q;gVsVH4a>g&W{jna4OS+~bui?M{R8*cO+0!1
zUqof$$TmCuIMawv%=ce0+}nIJHa#|RsA6%|+Xe<mfDJjD-{sHxS6gZQ)!jtD+NB22
zZ<q*YW7?p40=EAKLS2tpPQ1wjL|q}#rjFP<ik~ePp0`_eAf1RTE6y~YK_`mORBh4*
z0TC4{Qf^-X4zW3@YHmNnwF@q}eKKem5l3#w?3X`ObuxZgl1c>92C<X*sG6C@B<YJ5
z!RG=T_lLJ!VSPl<7R#=|SM=sr6MO#xjITVx^}S~Nd0J)Yx=lv#(9O_q%<|Xst|Asn
zZBphhV+|0R!9zm#1d+e#Qd?gVr{-T4bCDnP!Vr7*%U3?ljUFchO4s{k`QgB;W!c~8
z!&Ppzs3BTNk6>rC^_s?JBnOlX%SPUe-@_{@a&c2yFUw4LBKM=Fv2;Yq>%LhUTUezn
zx~=JB29C!^U`R3aiF}2%chclb!JRqQYr{W5dck3Uu!GTF8lM%mQC0|e2biPD`yOn)
z3=u1g*4&!t(zXAhSeoC#+}?R+R<1GNOzP4=6wQeqY;wNO@S3okLD*nc9azwJCh%@w
zriH>M;zuzs-UhoLYtfoRm|Mqa+YngX1=AXIYiXL&Bh&sM)@>@ih7v|8jp@Pczwubm
z{VAiwjgq>Y6tbo3x}N);Y;wF#dN+CE?6AoEQo5}mLa#?JpUxo;r`vXe8F4VZ>w3v5
zCFg^Jz2E)_?y0DPo%jDUK*!a7ASvIs{2@@MR;<9J3SvDujp<&gp*r;64?`ex7gdmA
zgIJb-TfSiN%paF?8Wl5-{S-loHG^#O^A2?wvpyIxFHL<{=kRVFFv>@Q+q2jB2$P&%
zTH3JU)uFy`QLgT<`+J#_$F73&c6hH3)IpVXf8ErY7K$eRYS_>UB%|Sn#zBqj?kvSy
z*uqeCHW4q^0USm7^|Qhb^{)H$hTt{1`-zN@=0Cy@t#ofeU$po=x{haDA)_?k=^J4)
zR&`Ijk<w+dl;@=X*kW1tUo1**y^ON#lK2SwyGThx{nd;5#ZdK*-D=;X$C$n8M_k1v
zAg&?o=^#0?Y1U2@wcy96G1$OL+j(-H16U=z6*nJrZy--LC0c_i9@BeN<rd8obRzJd
zB<<jkFn(m1m_~8--*YBYe0?!~k~})QW1Nb*6Lr>Cc2~o}0ScFSh48jOsceXY_;XuO
zpD~M~O7XQett=JtH;#N>toJr5dHJhP6m8t-kxdJnsna7_o~w^;J5jSKGZ`UkHq%zm
ze1Le_hbdB%8{n*+=ajno_IGbTaq)FZw+LpS@_WrzZ%GCIF5eBqr_Kbo4*Y8^QV@;;
zEClGPkRyV9&MXINWmkMW^0h+91K}QdL$qT+q=(#nM4CKSvhaiIbH6N^QR(BxL)0)6
z7@J4a%4QY_NIH>xg<iX4|56r@qVVe%*LL-Y$mUEtp1v9Z6v}(SVQ(WrP>N^v#rL7g
z8vaH}Y^QK(qI;UJAYxK&6A`SIPU4&u?$UlVNF)17TAsLNoJKvme}7xz8WF0MIMsL1
zKDFAI@Z#r}gcO5v;|^vbs4Bj&BB={)N&qxl2<b@e&Y#$bXl`7GC68M_ki#9w&dbFs
zWUN~7aSD7?BvjNf%XDJ<oPhu?Cej^3M+EBdp?#r9cv5A7+CWxthSDu`NxE|Y6o|bP
zp4faBMV^8ZUdk9VNdwc`IJh}0KbLP(2d6^_O0t#MA(hGqHT>00b>mQjy*|QBd{|KQ
za4h6PRJBlM%1?w<aj>a*iHFCOe(dLl%qt-I(x`hY3;0uToj?MM)=gh^k)*16K4h@P
zmV5fX8UH%zR!pXX?P8mo;Z1B!X)j%86ZjR$+{OS^a$)=tW^RDK!CJzeL-OIR*>j>U
zAU(QKY&mX2kFRm??^nR~Y~%J77*ENQ^ZBR(aL=~`U(TLmvjcT!b2jQ~Rzzg1Qe?|)
zpjCcxI`26ftjj5DdEP{k7>59txj45je=3v(j0Dwq2RWMqSsi7M-XKhC?YSWUAFo>T
zgGpm^fCZU;Y`hh`IioGu76JQP1FzwiY(DsnGo8*Jw8KD*bEmbmr2zc8V^c!BP=a2R
z!U0s0b+giRg3WS~Z=ke2oiO7NqmxVoA_=QUeDZI&6QNj%W11cBU%PH;k;0Ml%_$lu
zz4>ttBnq|q#tdo7lstz*=8>$V3|xM!n!TW&Xp)x^XMEOYa1Rr<p#Q{_gknc8$+dj)
zdSV|ZcOsY->%sURfo0Y(;f9wBrakeC)}GY3dVuXsB_<eCw%8(al-dpCN{)|&jfCGm
zXtVL*x&`wHj}D+zwAS2x%Ci;mi?P$r4?tO$kNfc|<_XSzks{L+EZ=MXUi!qZAb8h)
z;O{Z}Sg8NVyWVV16KmTCumD5y^mt9SGDQznSFJ||NnBn+24Xf>%y6sh1q>W^miPJI
z274d2@d%(sC|x4P$sw%=`Ku2V3Lt$4hYYdCVa;AyFV!P@4-^`(g?gB8%Et>1x-yK=
z*JZ>1J1t$b=vL74)T{TF77}2rb<Y5;G=)Ql&-o6YV~r=fmk>%#b(eu)3tixMB!)4`
z+x?W^?E78n1Y(!C;5AE>+F7O#ne!qtjy=-A8d6ibWIk4d=ne5tj0!9*(p<<5j@$}q
zu~FNuHM8q}K2pDloYH9b*@AsY9cMgRkgER}4dWbfgoa^{w&+?kIAJ{jMr@(%3G3NG
zX%Q=lCzg{T+zoX;z$cgEy#NMse4_E98Sf;<B_>%&%WF_iZCD;8YQhEa{CJ-DnDT~o
zf}hZxE;Ft2M}j2rWeh3+Ess*eib7?8*fzBWpa<*sA*~u--65KMab{O<psgI9yIf)M
zqujBuy?p0T+HX+rm?xp&8VLaiXd~W4RhBVXpoG~{_p|!VwopgHJ?w<QYrVi2On7h0
z?t`5O{EJRjeKr!>pH>;8S1-OY2_d5V>+Gxq=nIDr^1gAl@?D136&{|RG(ONww89Tz
zIC(Bo_tuJk`AzxhF)*1Z5Wj(2MPmds?%>1j6m0r3Sra+(=KF0rANDh20xL~E5FmuN
zsH2jBYX!BMJMa>~g9))!)>nbMwomTx6uj-O@`ko@-vtDjI^LlyVwrVyh8dWY`?Izy
z1JLg<l1tV(B-;32J)Jkn9i~&}LDYCBAyD$Qd?F;Vwcv7z!3#R)!~ilMurqtxiy(=}
z8yY7QH*vJTwT^#sj@E^pb<i|hqo~>u&7W^vFu2Ih!=DPg)>O`9VH%4CaAY<-6@+%#
zs`vIenezJZz;@OOV0MhL=$9dW#kuK0y@?~gqJHl>OLhq_NB;!lagr5^a5DU;a)LqK
z9TjhsPR9<z6%seET8!=Z-$X1X4wcNdH~CA7ncvz17V(^57zz=6i7PWLAM`C6#&0oX
zp&mW^CEtv3xUV;PB1B%i0DK$Xs(r-)G5z<pD$7r)%n>=K7J~Xkg#$V+D9g!;L$n3&
zaH_j0VzC|-=WWocnaz)vRfTD$Q%um1f+P8u6@qjX*7(@9<HtLVa=_-;y0qISiJxQY
zgmmsft&EXtwYc-B$3NiY`U*Q7LBP&GI0AGuxr3e&Lnlu{<X-Q}NrKb0H6M-Nc+!bB
zFiY4teSDeSnAZ{G+%3TA=)zZlE2TUpx@I=k%K!|aV`hQk$AhAWty?bGqs3s%)h2?p
z>gBGg>%Izjszmk&YP@;5!iPw=-t}$oRVI_ZM)VrKTIHc`RUHe$5+~6nvD&rzFZ-7r
zf<m`!i#8~-uXy3UOWDgDBkH*ef%O&OQ&7-!L0Qo2U;3Oco$Lm(!7;>*qUQ`r=}UWu
zPVYc=i6hnI*Q;rN7R)ZsZSbj~{`<_yB|h2jLNs3}Gvw?XL2E(Y#+G?beph5%c)Kd!
z2PMy=su5RGlWbbsajT1a{<ypli#mT}SKsKQddpCE-Nn|tiRK;oko3ll_iM9S6+Sza
zb0EmgG{j$44-=1Sy<d|scGlo_McShUpY}6Bs4JcRlLIs32_KTzFqac=;R>=r&Sx%e
z;3xNN5+bUXsAKEh#?^Yf*BS-LUeFz89y-sPIo?5Y>jlyE>Lf%H_v`inQ^TY19l3A1
z)uA>vmh&&h_pBraOR$j)y9&rrTv1&rd;Cwr7lGz|N#%3PI}2PUmp}dI=nz3^rPwpx
z&OX1Blpz~1vveY}0^@BAU~?iwJvtOTHoRUJR^^<9BeU&09R_Z3T$P$n4CkbyInyQm
zFpGhv#MCMiWeo>IH2@lWE{_|=?f4=y{2?`+;8&|CyJ^=I2NZvWK-Zo`4FA?GioU5G
z`^7Ijk0_DHz3eo~!+i0nGdsl!!NHYxO3PEXk1nOzV<ANKP;k;}>DQrq)aU>=VP$m%
z`<SMk@0gElgD^iFlTE}hH>2*B4rfh6eosQJEZCv5w!FMqu#5hHY@UoXu=zSp0|K&N
z;lUIU?Nn&C!tQM2I20cnX?zRCmL;hCVEgZVn5&@(dqqzf85@%hBtQ_0=DzLunJoe3
zSA;0{3U-V#aC*fq!Bf#xx>VDyOB{EB3+OkBY<AW{`*eMu6qwj+U=90k64-K%di&(S
zkNsSt(MLOK7O+(02qZ8>4(v7t8IBVV)hy6gQ9obkR5St#FPf`QDJ_7htPVrBDc!P9
zg|z^2vM^c?0KmR<bTGky+RgB_pM-pmPiOf*nhfOmJ-S1!Mjn{ov66v#t|o{%5{L*C
zArd+m)~2o9Kwr2ymD8mh&3ylnRHC}Ym4YbHk^If$%i^YJB>g@upoZMwesz#I=#jp3
zxdb9nH=3XU)>7b67_Jc5=8eVh*DTt@ji<$7%wIF%Fv+GqK<7}>oKc5)MTHM24*%4J
zxHJAV0>cey^C1omt+2j25HGeG<7?~mVX7#*6!OCOGBWP^_7|6JQ53v@pGx@6e^;fV
zYO5$Y<dNM%Z!Z|x4tGD)^4pzudoNvfq@Hm@QUlgPQvsf=b*}I`lQ_4`<>hSyC(#C6
z8+;6=%!Odz-gV3wN6sImW4HU${_kry!WD!c{8dOP(;FzdS8_HnWf`1_dag5daVirn
z=G^ZAYt|AXQKiwgZG|to8@H!$W3cdjX15<}ezDtJ9`8ZB*&RYu>`oit9cCQ_xAxZM
zNUH;TK2wLz1)ZdqSwp`HjtZ8WVJ5{iKyIo&rw^mrcf_^j0`=bk-6Xsj<uv10CVg=g
zYn$csGS1hPK!6hKj_6b9A^+VQ+VLhr#}%w&NdZv`>^6Vc+-k~?4&e^r7xr6-Wd)6Y
z5G>rc;r|?`#t6B+K29imZO?j!@1g3(R4Tb7f)F$3?>ygaxh3h*IEa#=7~;8yO`Mn0
zEd^tld72X9muK%s+=1*8)8GA(!Qrs(G_`$-EEvn0ll|?n?@I~T!N4!xddLe?hEjZX
zihZiHx&i%wmY45xp@PB_0lhp0#}G^E)K2YSEDwTLDR_J;%GBTA-P$Gn*vd9XmD%Fz
zOYffG0Xm1x23;c4^=Fw0R)tiILI;ID%LiB1@q}AB8O3$M!G~b4mzIHb0i_}UlV2)D
z?sD0Y(605p!gk`?>zu1-J|K87+|~@A4+50~RcZ6+vdnLcIPpS@fc9!)wK9@7V?(XP
zDsvm+sbdiLm~u0d6kMKt=!a`C6%dBk`^&tF;ur-~dK-)RN+?Jd1kz|}9x>Af+X8W2
ze%7P~XNaJFqHqA3c?|3R%(f8!{(B%tVZaheqs&If&Xg}~+f(5xxQ#-fjmw$1Y#4g3
zz;6OkJrWL;gr#z9gAtWQ4aWp&D5SqQ-~mmx4|z+Kbt(o&PqK-Xz7Zs)J0{QOl(#Kd
z$R&0a6fewAdSH2v-OXOD^l_6gu!w^D9SJ~D1%2%qE2O6jriP<pxv_Q~?8T|6+6nvF
zqTm0u>XxFcvxwleu*%two@op;YgK{&izK1Y(yShNz1aklGaiCBJj4G(<eJ8hi)~V1
zjW%o!H6vtq>&u)pr^v_0<?Ac-l4}@^KB({RB<-=V@FBoXLrnSNcG^(6>;JLu(YL>S
za6Z(n#Zy0j0M!c=+H&alY9+{_0*+6v>=2a++IHoDF7d!9S%-M-v_np2I7M~zS`lrD
zvJ7lNvpQCMAehX*1ZlZyj%rhn-aKx}4IHoaNxo6{io}aJ<99VSuq>3QIXF$;%w3iL
z0hGgah?-*hu<9p9&|Wl3>231EA9b(`T!Me`>yQZ1j|JcudDN2~m)O!Y##Kc|M4WaG
zTw-dSiSQlsD<LCY-LZ%+aX#epXj#d+6a-FRILknvJ^g3D5)51&R&bJ8xR($Uph>Ac
zAE_ZWlkW@zzEWw6M0&pm>Fh%BDJYcH|2e&B>e?8PGpv3m{YB2Cm|jmQVfh>EMVlSH
z#~R-ej@ETZ*I_&RmRJBDJTa`plU=QT`>Z&q;SlDdqBKa8Q^Vli70t%yUrem~c9a7R
zO-v*Bi1M`~!$NOxVp?W)WH=q={g+ccvX_;I)0Ntyfd(5k4_Q!vS3$h08O3-gRkC7W
zx>RP9!25e`07j+W=W;*a^HuZ5@U=~Fi_6A92HA%-beMz`j0C}PcQ5pDBXfgLH?oCy
z947){$LZOlk~y0A*kQuhJ%!qe()Hblqqy|}i~1XT!_vf?|7pcR?H&t(k)Z~MvAu|r
zNZ8HHit3T#10fK_+QH>C+-&+q+n7^fY%u{;UNPO1MKbOqNwYx$0F!1*pHGmrXe{}2
zbZ<x{8nHG8<c@gAt!x9=N#Mw6g-wYuJvi-d76Y_)$P&lvVV?!PZfzwKYn<(@e7U%z
zCe%vPwA<=|Ph&p5pq+aQ2Vb71*2VJvIsBInIns`lsEp#b%fXmG9K0ditAl#-0wi<~
zgSGk&nHn5_@Z7rnX0tj^uaF`JYIa<zke?0r7U~<q01iU}xg1(o#*q&)g<RKuJ<);&
zS;L+$bJ}NG%lo{$nM2el*CMCItEf;axP(=ywxH8)tmQe#F2J=5%%?MWNpQ{naqT06
z_{fdCNUw|^jWvD_;U}S^l?h%(G}>yPSe9RZwX{`Pu(EuEH_B-#99^{LuxjH&<Y1T0
z;31)itO~{Jr=pO1VRU9_J)#w>M`ci1seZtBMh|i_UNBFQr~#b~?cZ-48qAE>DB$If
z3Mq(WV*C^jD!WO$GpbK02UtGhKhh<^#2K_Q$V@UTABSkCr6Uq0lp;*7|58Fe{62mN
z(xujH9*`M*i&<E*s69tgjF48yTOVjvd1tEq6gEJ^<3;CqVfWglM!2N8iT#&$h%Td)
z+guy=Vs5=MKAU1$=O@wFQ7kO&WBrfiz&GQPawtbjkM5A7lZw@R9OnN1Z<5pTZ!cP`
z{2E@TfdW$4e=V22DbSSx6%>h?c*h^dHRu@D+0y|9vN|i07Kt7hCM>1C8(4ZdK79JS
zp6s`^3_(;X&uOBuO)<bCpA`_Cw8p>@0n{`ezVUmLqsvt94$b^}tiXatBBZ1w&TU2d
z6>|01?ou14+#bq895g8b;@omApK$n_cp$A?tjiR89%2$4a==@XfD7Rj_2w{$q@UU9
zpc1#NkHO%#T)d~ggTYwnC#L~}-i=-57lc6*v&9c_GwKR=Km+k9hIg~Y&P!)r><tq&
zHB_&`ocGIKPu6SzBpvWevnOKK9*pl5Q8>+U>KIP1tQl40b-Q6bMxlkq2Z29*n%fB)
z_4pgcBx?^&gD^O|JMK!vLn(RjO@P5^pac`9OQ7XcG{p~!x%gLnlf4#hXij|jXbku_
zkO#ABi-OT?y7Ei1=gEAo2-d?k?LGFZqK^i<V1sq-V*YH6pwIyNzMw`$h=b4v%pDhj
z{AkBHECSQ2{xw#%S-#)KV*C0j8V{#dXxUhGUbHyNXP+D$pTufP-D-ygB;?rG$gvL*
zRX%ZT9BR8;nI6nyF6n@}N(qh5gsAGWL-5X#+P!0&m&#YnSHrn2$v`$eHCJ=Kv=nri
zT;ZKvh%f{0Q@1K1B|M?_$V%Gs*!1JfDGBL5`|IP8{i~^h_{zo-{|XT3j*smc&yN*u
z23b~BY-CTBjg5<K;#6XxX;P~RaX5&|Ese69>Iac_dqRD^O5ICf7cp<vY*|;qNrFsj
zRgf$1gjo=Vn5uBZ0+II0b206bVab+ZL^W=EPA-Td)v%#5zQ!SOZ3G<lXsrQj%+A;d
za<+(=?)ZeAQ46RdE%E}T`SBrAS0jn;w41Cl)osE#`ueTEsO_W%KzS8(mGdRM!_&SY
zEm#J|8N8Fh6Z(=Yruv5TDr#X)#jb0)=ZPzt_|=Mjv2&^f&<gE%wi}>x-(;ZV)uF$s
z@*GCWa=Kz>R2I#1@mj%$Yi+ToQYX2s55dA9)&4xgKWh3T!@|C9NzyEof0dcj2tgup
zSP=d5>kuD4CTx0Q$8#Nn=~SxGiuF#PoaKi+g+fc0=?p2lU{KO+HHNWdtKOPe;MsPO
z>J*atD)Oqt9H?r+3<?j~ge~tcYU3`Xehq@KD%1MM4}R+)`9>SLJjbb>2&VTiA-nrx
zC%~cCNYk#?7X2)qQulE-f^>nM8l?x<iK-dNs#_xl<*a3C3FYB9th_z)fYfd}H#<|u
zk6VK$EDLw-^n>~_fbl6IGLfsxI-Z|BBO&Euyz-v*Yl5F|HwSmU9TpE)%_vfb+do?Z
z`26UJyV%!x*<(se?4iOq$X6gV%acz<IcG@n_yTJOLp+3CKQ?SQnRQ4XT53r_Bf8oG
zveAzeEHXmns-H2{O&-PZ$v^NdAZNzC5&BF-WB4n0P`Wz6^lJ*jAxl~6?03x*y7q6n
zLPA4s^*h-3$-|Mt>(Xu{d^?tDQunbv!ZlRqv<)>_&tR3!1ZlnPPKLgX4Y(;%|D$$Y
zAZs}*b=&;G$l}Q?>DTwRf(It+K$v54`HcI72Mn{o0(d<?bsI82!nre+f<HJZo2SVZ
z2}7@N*n5^ZdpaJfH>e<YxDwIegYazF1uj!Yz$`dWn4m&PcPl<;yY%9f{$rfnb6dTL
z&eurbst*USH!h4xHLibN*B@OX92T;4<#;L==GMq}H7WL+>P+OjvwByS_Meq_a-ln*
zTCofq2)*tg>TL-xXEbWNl^H~pj}yT_4plj6LjaS3F{)R<^NYu_q7U%&+Y5k^JHZ>7
zP5icVfM?h_)7_s@eAIhpI@Gu@CobBy?4#Bh<w0ZOwy<9epyK3*7Z>owJ(*lblmLTR
zTb58VdhxQp$BcP&Ih3<GOOINVn9AmhjNFg;DGT7613?;A!Y74;`T(N82!Gq+=k{Pr
z+rqx3@I+!I-%f*F3VrU6mhbYNq=*=&22M!>oMk=MEWZj8RjvDP8?5J=0ju~Vfdv|d
z-++M~WWKpIH=vgo)WW}#MA(=$7|t6=#Y2T!!W^#fh=ETx_`dRBe--&&zA}@{iiOcx
z)qcy2@!6wJKx3PZ2c4wyqLrs}E-TR0%Q+BG$OQGY`tLJbNoPV!injw5BVOd7>?5tq
zqqwEeQ-V?uZ*#RFNoHBF9UR&!+X8JIn67K>e8Kub_)tkYyz$b?!>|3}$uL&DV-*EW
zdq6|MQR)u%YAz)aug4jNfBx}~1rINXKNa>y7_Mxq)kVUGcESMm?{SFF-<ebeKP14Y
z2M^nze&XlZ92HcZ-cxO44kN@!w~g8a|Eu!G=VxF<YmSK}B%ECnT-lQ~H6Fya33{A(
zMjzrHG>HDUZP?*d)*d#-yPm$N=~KAe+AjOIz~!t}=zt#!P06!7xnhy1$5Xdz+zPa)
zUA6l~A>5jvGaoPQ-ED@^bG6eO6&sG>3?;DffzIE{Bm>dt<JRYUzA^lQ*&>;zAlN^*
zC_z<y6t22KC`sq;*F_*{DAM{5PX)a;pujjSXoW(Z5o$itZdK6QAC~$g=(CT*n&s6k
z?2Qo86To>jKx$n<hL1TUpe*yS6OIOvsAZ4v;s;LYgC=#a%7JD^7C0H~fzIQ@ERDH`
zc_SnG#6ZS4$}>pkvUGlm4f0}rDyD2Sj}CXTO!qr#i5hPPq9WMs$>Ops99GctN|hu@
zux@=|L>}Jz{fdKk^Equavs5>`jj%cvL*ybrTP#G5Li=^o`aL&sF!!)96UF1L%V!+M
zNk*j2%#sGGkOg<E8|`+v02cedMxLX4r+oZ8SD>c(@`;G<VR6oHQRl7zkCbA>pj0*l
z4LFAV;>07f1@W4EOvr;DZy4B)23}`ZF)2VzCg{^F9Elo-&^D{8U;sHU)-!pS%ms=5
zKG-;T4tam911Hv8nq!^927N@D)Z^wEcXoHAM}IQJ13^Ip-66F{N}*<-8`!;hgkgxQ
zy<dL-x}~Kas6E#e82$Ta$Bo6-ooi$sN@=JSW)mQ0v;#Bj(vLD%b3nR*m`JM^c8DsL
z&|{b3mSGalYQeu>XG0W0dNfsHtuUxW(HzhNVM4H8^#6xe=kRcqhDcv{!?L~vy=PKm
z{d`%Z>^TPDqUV43aa;85i5WPOxD$;Y;iF^xXmJW;`-ndI;WZTYI{>)xHqoNS7Sm#R
zlP@bQYW@cg{+fKDl9q8>CzQCFYzN-*I6F|CC)&49^ug*3WVL0|7OBSlJmP@TW8R6n
zNOc1sndO|I9s8!m27G{js*DZfAA{t^?)vbX;-C1Yl^$HMiG%#mSm7;(5704MWOJl?
zqh(=jB^vR;&xMWz*!odTwkTdKzzu+9%GH(RG7|Vd*?7dUW%Zd0WdY!h<cxRm2;=X-
zVM$ynrjgDmE@tfsr6M^9^l8L_NSU!_x9gPx^RQ$Fgqd4twcC2kexAVy=H=|ySEfnB
z-aDj>vDG&QqsyhOTf4mUiPM8$h}g4mTbf??CdT)H&Y--xrj{WiyP}_kOd^Dufa9h7
z9f4R%$Yxrw9|w=!k|W^P%TM|6#d%|Y`iG50gs(}`B)c?5_$#n$+r#BvoCR&fW<HU5
zI%)NvMKo+vYB8x1x@kQDo1=Ap;uu<F%(G|W``B5mY4zxz&=d5JvNN^&@ghaIdw-ef
zhG+-KNul(M*5Y}uj@Fuk7R*PuQLR{aN@u;Lf9X!UWO^;)nRiYtFfu-zSXE-4>oY<E
za8gT!ROR4nT7gy@o><`;)lJA2LvVAlJemKlWoBocowsJTJ6FxMyN`WmvATe?o8La8
z3Rmp*aDrGHsq@L<c#54Hav&B~h6dxLxlI4Ly@b6!-2ay9CB+PR)Q2S)gAZmlz)7oE
z_C<CM8)6SU+^J<dqKd|K+H6&Ox<Qb8Mg#V}LQsgLo?sHVA)k?D<Xx$jV3NSQqg1Vx
zc{3QE=TjHFd1zz%#r$G0$(_DTWKyTZQMo@(>)<9Y#O;;Q49ry;W;e^MFpKPQw2*4i
z_k_0=N@N3N<8Z6rp+tMST8mX5KTS5e4AdqSUHTFa>3HGBJHk1fQ4Cn3kGV77YnL4d
zKWRr7@$;MQF8Bo-5I+Ke2Jq%HK^_rgZyLr$Hn`z{O(^I7O@S5KZegz1-KNu8!}8-0
z!zIB;rr%Zzp+Kf49kE}^bH{+PQaxI5sg7{1Arr9q)MZF)x|fRX0*p!EWYhOf4uqU;
zpDUhuqRIo+1)d0$=Dx4Lqdw`QX$`Gyp+Gs7hwS-^>V(dAe<pT_`i=W7Wr9}2C!4%r
z4Cf=G-&J<h@bDWpg*M{dSLC{Cr%hkOMtTzTFs)r_tx=m7q>aBP-c(HUzVmL3JO(5u
zY$gbDPALp3%ezU{sl!m3{4<sw(`UI4sh!p!LFtJ2yYGl2wgDmb4G1^!u0sxI9oiNx
z$QA2T9aSh)-MyNdjf_uGp<EgC4jgI=3G?EvDp~qr%3dFIm8PR><ZlvF3N9g`W~sh0
zzX?l1BZHXKrrocP`|NiC`*On~%RW+elHJi;w~AYf7t0p!Me~9q(4*mAkdC&SGSHC%
z8>s*9Y`Rjh@eKq{UtS7BX31o5CXbB6`2Yy@j}3jA|FSkF=FZu#yEvXWHq7`R=NHxu
zbJePR>m)^-+*A2Cy$}>*d>|Y~kF<K}<0M7~?G4=1Dw=LlyEe_ST@P}z#7$;_#PFv?
zelAJBHVzJS6#%WB>O56*#Up;84-Gs7FuDjgK7k_=HT7;B#xyG;9BmKQaJ-fC5n=EJ
z?`W$hMLH5gp8>&{-5)$)uE(iM|9W|fL-i**Qh0UVRisY4M-wF#Q(N(r!X@!z;(agv
zt0eeGPD9O^GeKx&$AN6xM$^sUmkSF-7??cZw2Q7F$@KmyULPz1o={co*s}GpJ;y-#
z6KLudF%@%)Lct$cDANqmF74NIGs(uX5!MsX-9-`C%Ou%Ige(3_2ao`Ck1u<4<cRt3
z!pyh?eW!J1bdAfVn78-dNBiX1=xWVD`FulZ_yC)ZDXH$&q2+F-W}X{sdgPP!XW>a;
z{jpGq;C44l{iSN}@mn8Tr&e_pmqq`8!SP!X7O?E&vIHID*C&#y`BlS=z9v6Q=%pBY
z7})?L?Y_a<Mo_BLIHDplMe$}%6WcPSt8%A#w0EZ>F0iq_HdO}_ndmg72oo4U;%_?}
zDmr4AL%C?&%xrn3z&Us;T7TC*-nu^#CrP0lX3BBDM|tpTqRrHxD@3dN6>LHojTH3*
z15n4-29~#GInR`)868hTc>SpDebYBWjjr!p!k-%FvN?qw@;0J;P?z}-P|Pf|P5y%(
zI%ap%x4-1~7dW9jttCBEt<`OFi1W^T&i%wY`m~zqK2vz`%5i*qNz=yMqb3nrzP;uJ
zy>*4jVKk=Z=EjyRv`$~cSpSs$FD;7)O3uI9tUCxo*;Gj9f{*$pKqE`gb+6dw)^!uV
zkks1Y6Ibp7Wfahjwkrt_5jDbzHLNN)X~|!-$|9y{tpO=UAplc3h!r?#9D8g|I-OJG
zWnfy-YRlij%LHIB%tBdY%8hJ|^@g;!TCiEdbWGSg5Mt2ZYq)pa&v>{uB1YPiwNxHH
zsu#V8<e+_)DLMzm&%w1bxBIgUp}nV06Q#^(m3r(odWMp`!wOTO{M0l2@7kKe(Cjb=
zK?R&B^(ucX99d|}hRy6V44L^8?y8v4o+iQqU;HoCG*K=0+`ebJqtloT2d=Df<uPn*
zgyG<A9K_|`WRBRwbx>O;h&|}P=TxQr`+e`^#}B}>XL0}cq}kCB|JrbBeTZJlw;b-5
z53+=aV4gO*6=q+JFZonPS{oAk=oi)#aab@}jCKWGH)>rd5%U03sUXJp9HPB5o8WDE
z-B=FQ<Cz<QQQESc0bJI%qiWm$$*>)eA{!?i{&-m<pg*%VNPk1`b$<y`1PIzN-RH6h
z1j>!^Rs;h?vdCjaF>FH8R+(R!2d(cB<f^83_+GP6x{!HDm(b`QR9AtvPDzYQpSZve
zZ<`{X%)7=2M&3eCY;&40!X5p`gpzB)M0kSwf>(rj+6Dq5c?t)%`bzjhou2q4yqh0$
z%)dsCWP2G&1_;N-@#?Z#()|kCM0=kyKf<p3KfTmE8EJ0;)(SBHg;Z%TUx>RmC5fCv
ziedx!u+|z|D=|^6?DgMj=%5J6%@^=ij$NIx_^&y7QdL|<s6F9@qzg*9rY98TT6ptR
zCwq?C-$=T>b0;of=$$eQ#_z^EIAYfZDK2e-_zuPfP(jlEzY^%cf~arH3vp6HgGZxX
z5v7O6(F6{%FU$T3;J=}t=q^d@3Zl0azf`n)S$VRKPw3<%dwj|(?sCi0x<gT16qy-S
zpN0drPbnhE*^uDu)K*Szu(_Qiq0n{<NG7xPuGRS#|24yCwiXXKc&XGu^-7vMX*h)q
zlid<mCWG>|+=OrPSIhJ%DH>@^MG-~>ezmgiZDh1Ha46n(jY~?Wav(|u10iFqp=Zyx
zY`L}#+5RR}765wkN<Vl$AP?2xu8W#;S-DX+HdQT+3tsuEA5H1t&rqTzHwsY)%EK#i
z%&9xNw=@``v#{N=%1>KKBwtN^p9R802AcG{5OQVem>c3E;Wu${1xzpo(<sARHn~<I
zJnFFa3#=#ITr7ae4>ByQ2plLf0vIJ=*ixqRK0;ArhI%C5=E@>kLlYWfbbaT`F)r<D
zWZENq9}H8IEEbi>`E!6|<nnT@z8IZBvXY3};_W*e<3NSEuL)tk3+v;}Wl$|PTy>Xn
z-C{v;=RviL?ZO#xK}3uD_`CW?hI-nSJ7B;9q=^SjBxY5e{zo4{wH37eF4)GPu}<NF
z&cZ$!8%-E*pXR;?tLbM{Hp-mYn-A36RN<);{;pz;*b1^l=>Od0<2>|*TVHBZDrePA
zD2}PJl%@NbZQ+jg*F~JdUExP{f^JXR@*0cUW-4%QiI3}qGvIbBSVo-i(pP%6m!a?{
zX<fV`s(co34Vh18ruT5|?`A{G^+!}WjOosue|$dYzZS@@Y^-f5b0llU;!%tgWz#6y
zFtzF$y+gh?qCry{M>mv%Ynuy^UdA``Shx8<g2b1b+|odR(WI=_HTtky^*OJaK2?@H
z1A!paPo+YVcxkS{ClxQXZ9=s(s2xW*XCO4xrn`6LH4{O{ru&yb@zoS5hN_M@S=K(&
z4@e1o+lFfrazJaBpMAr`C*EOOPYls+7|?V}faZASV~_J0tJq@?H`^zFB2BpITuJW%
z*|xz`R_Ui8QkmW2Au@Q;vmT<W7B?Ms`iM~uNc*gI>Gzp)mK#5Bk^H$QUk&Tfq&K+A
z&?xYoZ{}8qdTAn|f+gK~i4X0WOvxo<+LbPO%LOMBGMBbvxI50jOnI~>b5UOH80P<=
zHV6!c!&UxdxRIUzh)k1Dz0L1<Dcj;><sM^Cu3EkY<GP3M_0ARkhud2f7Ym{b(^<EF
zYw;=|Z|Hj=$uKtOp90&K$ramX`aIYmkS89hU$P&lqmDk{k>_XyEL>a%^?YkvKJpH(
zSwnsy%w}ojS{mf7U`K3VzWKo~oz%!Rpi^BGKBq#ywbCUV9aIH`;CQLMmoJuOfleFP
z{IhRPh~r)<h6~Z^tbYoR^Z(Iz5bk*+#d|#4)LgYr&f-IQLj*SPH6O8I^!-_Ss`6a`
zyVn;(N+c6bD#E^Z20jJ>O*2fe1F1!FOs87Zw6fjI4NT%8)8rE$cBTn1XnIkVkPdn~
zF0+`!$o1Xl<`<s$62Zc!DD|~~!BhKxwxajpL*NpJEJJihvH0A1Z|E->3hzP4c*U#K
zg@<a}7Y;kVAN)*)ij?JNGIYTyf&|myS+!day}1l@4iI-&T|s1Q$|jp+inT$_0XciH
zbGW!$`R858RXQQjo4zbt#Y7`sg+ks^owE9#IM%H5HZ}Ig;jP6h4YWn2zc^z-G<4S#
zf&x><Kw6HMNcH1U(Wi0i8Y1?Olng5nv%KhW5pFv+XUHDyu@BCjZ_DJxD0W@kT2fto
zQ<#+DLQ+stGu?EKK{9$ndwfBoN!c2zO;e{jZi04M(<88Q=Pi$_ZwS*Qt)6c)P{n>F
zn+5J&=?^6xFR)bs=zU38iVPoa<dfhh6X-E#NuK!FCRQEG&0$hr^<i-Q2$tzf*(kCb
zjc2^kRVyyD5D{W^Z0MYC6|Z5UGP3rEB{P1O8E%(YnBSy4b^08Kxm>X&S7CI+NX@@$
z>S=t)1z!avmmFp0(faVCXP+cD`jFQDx6u)CCg^ypWYa_tFuU9qr#0(-9MRR-=Q<Q1
zD!Mm54Kno?EzhM8)x?iP507?}txQlHFT%o##7b}LIU*t)+hvr?pqId>^$^@8QfD2y
zs)N7r2!xy=n0cOe#UREadO?iHpN(IhDv>oKTmCag2BXPabwHP~{=GK7<M5>{*+6$e
z^bCa3SEW3FHc3iBngQ{vZ(mv(R?Zud0D?FS$nsfaXrUXZ+e|BWKp#s|Gh@Zvj=%`v
z#r%+PiGDr(2~Qpbb;OC{B6AS|5fEdyJ+-xwJTH;ll5*?#QhWp}k^D=!3E(^9{O04~
zKN7$FrR=r$IK)*-?J&NrrLgoZy*Kiz$s?oY89<RBL)gcI3kA8GM#o?D!`{Q*gp<1@
z)8Uwueh4p<3%ZNdb%ZJHthGdL8ZP!OOX093hM1Jy6+7awWcjkh;QL_HS`TmpJon{N
zq~-maMKH=}zhvXwf`rWp`ZXYTMeYOTJ9dj7e*Ixl+;GSEP`NQP<$QG-ut*_gWWRcw
z#WTMP%lmM(TEa^<v1cF+dYlF5;QX&_P51pRRH*P!Mf|N8fDw?@kd7X?bdk(@G^{ZI
z1b$BrTW6$GXTW3a1dw_$%$wPs7Hf?m075{$zh3ts`w8Xsz|GkkSg&yY#<MagR#+o!
zmQ#XE)}|%=WS<UqJ9$&O)PS-t?s(Ty@lNRaw+Z+sFmuZ4rUn0i!8s-dqB}YY6lPpZ
zxwONBtGqNlpjH0(yQXq{m|l3;pEbtswX-wVe~jCSoG@ghBNZ#-bWmBcADjuOLP6T#
z`5f3+RTSbN!_BAfxDpkK7vGZJrA-BMNnj?~m9uOxWW_1+SVv=cl!f(*+Em}`Yjcn&
z>)O~mhIz49McZDSdf^4{kUfZYHKRxu@SgpeQXr;dX8bdk)^|9xpLa50g*S=!t&5N)
zteoSV`xA4K1WT2kz<)ID5am*rkP<8$1z;zYRV!V>0{kw|@d2JO&=JLkfLR(VYvrw@
z?<~$YQ#{#?i?`wxwQ#C~d)&?>H%7~vomff*eD@htGU4ML;w%v^zgdG8yIg6Iwj#H!
z1hh>Zj)!z97T{kC_DtqlwMvP-0xwXipVS#Vi(6+lr-cS8-aqRJZlUJ$ww7EZ?J;xa
zC&036ZS6hLLR)x}44h~#nwfhWvY0PAh4sWn(kOr%N&Yt(Uz>(LB@a-ezlJ|p*83E}
z_E$){n*y?pH|K3rAbUzsq9z5Fl6q$y5f)C_!0<NYXNs8MCFGmK{m)T`fr;XvSdO}-
zn!TRMZ<Zhx7(%kT>!)iY@{<?LSB(1|?MUQ-$5e@Th|bvu(pvnELwyc$x7@tqWrN|2
zSjjfJa~e%@t~XH15}&BTC`<kW4qE>4=R;S*NpDiYu>GAx?KOhU*h1z&)9(7kYB_W%
z-c&yv&o(>sqAM*@xqVEfKgj+l4FtW8b=WX=;pf7|AvLCm?ORT02EqE9EQlUtNz$c|
zGsEs)i3cL$+Fw7~yiut20SH5YAukZ<xTDLcQMnS15&-M|Ac$a=<G2Qm?1tGjr19Sc
zeh}`o{8}${v1m9g4`!bBlKsWL<rQMsu9MpGmLRPD*ob!RVqy@GH-lzwl-j`?;qB74
zvPRH7@hnx}FAfH2$jrv6)>-=ehqN;B-d{8H;Mw*ZL0+hPdRW_aR6>1!j!Dg@AR8hD
zV06?FarW&Lre>fhDrL8tC2y&53K+B=qj^%ro(Ev0LO~1j>g5pqA4)#Of(|nf7yiE0
zV|XU==u!Rvp~R*HQq}sRSTbt`zxCvz5$<UuAfn&s=ZR&QM!FuF19WBj#GzqpyO{%2
zl9@moYcf;4Rf9e9G+N#B?axW%<K;(;rOj|U$pvXbY<&TnVfI7~@>G%}!iog<C*@BR
z>$ivzl)uOQ%^7*861W&yMNwl-QleymHWEJx#b>T<sv-rT9`x2ULyPWMsy5ft2nJq}
zHsYz9|KUwQ{hhR}25m*VrTjyuV|QfVrn2FMT0Z8r^T)8%U$Q%Flp=9iAlNnCY{zH&
zmN*A)L1ibC_M|Sh<CDB4Nh+bhw1xBy&?r}pa&O>i`QRwHKH(fthTLfJiV&e&{UZN}
zlb)ZHO)|ZHO+Me#vvK)+l2UKSfh$Xf;wo_zTgfkUkKF_>ZcRejeOfKmf{+v+tcP9V
zgq8O(Lb(q4ED2m6!IX+(Sw41E;}nn{?*w97Uf3-LQ5>YaUV~)5aJ$ID?}9D?k$I5c
zjJ^g;2jtYoH}d!Z2=2-(4?FZxoXzFE1D>lpbuL^+n?mrE)^}>es2_XCHtMqdrv3i-
zH$^G<G2!IFkP-e3Ivflcu9Zz_roA?OV?2KD9RCuV31N7L2cvxI0JQL>W+PINUadCm
z$aiwBIKHt7KA~3UrUY7{^IfS!%Og!s6U2wInW17Dr<Y~r&p&OyeU_Cs!Jc-PfG>e;
zgG0wy2%%tLPMf*HXOuC9KqKPn$T5jJZFO!X?d?k~cXEvU9Sf|q560{9B7cL2{5f;4
zFrFsHNh2Rm55*i#Kd8l@4(BAj69^vMdOAG$tjm`VDWh7&$%I&j%Jo^y!S1>V-sg}~
z%h-y3tHt(`iz#BXveE>{%?2gRYCszmNWw$MIvGr6=4j9XCKBX$_jDNrc3rOL3)h2w
z>a*bFe^i0}#SEdNa<m*QP3+x%ijB7SxQTBVotoL8b&R!wx-#YMU9y_mnq5K?Wb=lX
z@_j&{p7ZOluj)nCHnx;2_TA@P(V?CL_^yA`7F%B_y^@ZB*|@8r1TH(Z$lsucD!=CM
z((r%<q}<v;i%bLT+@OeMton8ryFsR@F2LqL9Ws+cG5g$hB>Ts=oHfwe#%F)N1Xmgo
zjmPsatv6(5G1R}ZijIviALvcUe8|4etLVuaN{pE60R_o;TeP7XjnJe$WGMn)g@$kt
z2%&db6DPG8QjfOMPPs9$UOA3g?YS6W&*8jJGjzD_H2H~-+82u+vD96c`V=8rs0oND
z6ND5KN<!Pi5DCEav-z!cbXv6|e0TF(cZeN>zu2u`K|h?~Jt4fm7__)T00I?z)$wOY
zS?}qNzK}A13DARoKqg-0d*%X284D63e^@mTofZYNjxK9jxW?TL{)44m6lStOaVjSy
zW04Jftib5Og6DKl%40>K=sKbB`Vvy!Q&wZ9#sph#2mL$=Lej*raAFK0b<cwtN*61X
zvSx^mx?otP9?qZu+Q>G*l4$z>{J{iSP~v9nW0iA%BwG9T4spkLu4PD$qyC8}C2Y7{
z&P)I=hCu=#68xO_(JU2w!VX%kM#Jbk`nM(4qc)KN2PZE>Hr2@qkuHSizmnr*CZ@R-
zbj&GDjw9Nl4-RuF^zxu%NnFBNT~?aTX?nq*5B2&JVPuq7n2$xUFy&l4l8%Rg2E+KH
zpPbM(<4=cy3?+|bhR6SeGU&8;AF<F%SAr+DC^voH@fD1e|Jk1Dz=W@LOkg-7AcDKb
z8~F^s5?ql(FsN7JL<@`HQYl-x+QCQySFEJ@5cOp*`-pe-^UU>AO-QVs>#vX{74Ix|
z3m{)D1L(zF<w*NZ9EfxHS(bJPcGyV3(0XqQ<NxiUgZL<TJP{BQ^pK`Qs*Ucx-9irT
zk{TQeP90Ic$C*&uJ<u1(Uo19_rxH}k!fXLbQzmrUftz41P(YL=Sw_~mK1+lqbPf|+
zO3(TJyoL>%78;f>)6$x-^`_PNYl0pwL@7n5OP_}#xWO@}z!D;)oqNT6-|}LMbiqE<
zx1%f1m6XoFUL$nv!Dg&3v(Ya5=)rKDoN+McLz^Qb)=efETNN+oOfSZ`v443~PXqX^
z;L3~d*E$Aa1zB%XbI2cY-|PuY3*DNS?anE_jNRC#?v5!I?W!#9HpFX~<M>gz*3iD+
zlhy<`%r9##`es)4*q#qxAT=a4xYs8HPC8zNikaN}cQZW^d7`uiSPK%N@o*%p#zG@+
zBDpP*?RXbNCITMpX=NqANtF9ZEvV}D$-ZzI57v+>iP6i;=D6mSs63-u+nfh785{r7
z&Ek$)Rtsez(gXm~VTNj@Y)Wrm4oH?Ot5dt!fdRy=?UQZAEey2#uVog?2pO!zVpkh*
zMcr>7l%N5Dr7MGu{9~Ar2O!eV_U};$cMa``Gpr`RDiwc)y;?#AAp}s9c038aV1!yh
zC<k=ExO^3|zyEtQ-aD5E?3zx)O`Ttckz$1`wt%z4G(uhg@b%_;LL1W!YwoG`=rLhb
zpoVfieb^l9*3E{|1#R#MO}8BmNou-!BgGw2uit_ulupWrtfC}&OXZ=h+fVaag~(~F
znFCTQe208`VPAHZhZgL<L$a^=$t_s(5tm)jiY^t04+LYav!-)><?P=ROY{)a=+?j9
z9Jxl8Vw5<+KBUQbA8@HX!%9I-)5Z6W;T9iML}e0R!dmxCav$emtQDw;9i@DtjTK3)
z!IDv_Brl44dMPlw(#w!<uz`{?EBznki(1DL8%am=RfKzm-ZidhuBvL;^3B^MhJP=$
zikG5S9lts;_ZVlVs*Xv?8=SYY!{3|(L@C#8=H}pl5x*s%E4xv$D#0$x4+C#Wi(D|S
z%0TJv=IeQss)ujW(#DB-V+r}=CZL|%X0J}YG2e<cSKqs4L297PX9)jPGf%{iyZRpr
z+#PL=8&1=>+r6NRU#r`tGsjk(eM2^e{g1s*>|TPo+^=WNn~jfsi&=qhAK(d~Io%BN
zrBgCUS;Q>CE_B^HBessp3@K`7qCZa$R1P5Ci3oK}jh@6(5lHl#fmKcRKbI7y=NQ|Z
zC8?I}c|v|>Le4v{ENXsG!}n@T;P)H@Fl3d~n_+sw?}X8BK!cRR&mnh-s%>R2vW6h2
zIiw<irWUyB%><}Mc%>iAwR?b>@Slr)V2KP5n34YPefRM-F`<4_e3#C#caDNj7sy}F
z7iHQZF?#>B9#m1v=JU01G|T8K#N8!Ses&p`9(`OrV(RJpk;|#)k$%Wy8UnwdpB(mM
zP;;W>*lIG{8jf{EQ{A1<7kv0EFysIHV?1d|-UlX;j1z{U3TC)RULJFNq}jz`*u#u*
z_H-BnuiI_D8(&{azx0aer-NUPz0ruRus=PL>X&Ph1VY(mI0s1Yh<`0#ZMxe%RKrIz
z47C;;$wX4gXKAk==oZ1pA<Q-5i7_tUBbd?^@y{z~f#z>fWWQWt_b<iZ3IR-U);9qj
zIED1PHP*@Lsx2)FJ|OX}?(sFsjc+G20bdI^d=%fz=~KT0jM>6VBFS&5#%0_Oh7ncR
zv|yFXrHD}9yKqh9l1Rgnd$NR_X6}An(|^Bv0TtRO`|*m&G6iXFB@;ibUBebuT%+b#
zN3owXQQc!<gQyH#fE4e5Vul5(7xJ?&UmH|t1IJG#vSgRhUQV6&7_{XhAz3?Y9*XGK
zx7Bd6M>Mfta^h{`^#gffo}&(k3P6wvZP7i^ixtMON)#Q~iKQfru(bRECmJVGg3IwB
zmZFm;|EjO3a2)elxh3^<9tu0e(p;u(?iRC~=$#CER^OE_7wH}BR=!k#vZSA@aeW9J
z4u&w#+kkr;Wi42UGpK90HA1@0I9-b?0%D=fYG^fNlp;cHl3W)MYJg3GB#8yzv+?gl
z-hesQA3oK5{i=32Rr~fPYbx6&h!*nU1-s8c;TT?8{T5<+<hz;7;bqc@wg+pw{ozVi
zk+(Q>`ohv+=H7yMciW~uCU{W{zsx!{KL1hFKge2dV?;18B9NPk^us{+h%CGQ2Rpcz
zUvs{Se5AjVH4c-=d;VKS_A!Z*0j6VtDBbG)OA!mtOMnAL$8u`p51iImk8<A`OEPzR
zCm_hIeB`$r-{CMX2r&V*fG%F+mTO?Te^k_uRqXRP_x8%bOdhA=_Mj{?C$}qy07I8c
zZ#CTMKe;;Un5WffO#^cbEH;nEIRnYsxE1E7TF(cmX|xomtazXZTIs@^kQ)TgZjY{&
z6zPY7LI$|v0f~()!aB=K>GKBhIjPb&ossOLpO#5MqoYXAVtYv3cPmsOy&mtg0NAaz
zP53({u<o_pRC~&K@)-#bwxF{D#EpAVf}3A#RK}p<A)s*&8p2ZCwZ@hdL64#?%m^0D
zPNL~e;lkXEmu>#+K7Btz88N+0I$!U9*i#Lb=S+q<@AhOlP^HZEVe@fvo3Ilt?hqTS
zsT^7NZI0=@v@qSwFFcvPo;s1ndXb-mP<!fZ4B1ebP~By3ekO^%DymZEc)&{Yc(K}1
z@5oa|V{HTA*G!<72c<BWIj~QY{hWTJ7SN8?TLbCx>!S4r**f?!%;YQF`<Qr<^%RjA
z))nXP&C=)k;Q|&ZGAZpmE$|VSbU+&UY$+M@N`Wx_0j(-efghatK=vOI=gkl3jXYV@
zpL`9!bX;pMvt%j})G2N!hZ$8NaM<sT*svg_u!Z=nLPEGlIt=(^VkRG~cx$DoamVlR
zUOe7|wA+uC+o*I*r5usSIjek_A9lM5ClQ&G{UUkg7_l97ZJ5pX$L7SugPL2~{Is?$
zwQCthC8JHEa+>PUCR<L3Sza~*WhNmDqZk%2e5i?DDGI(TE|2!%6_|xnNwe`ohA`uK
zuru<wE!SpbVb^S)>Th@}G-9toSt*sWC;CPnne0%_rd!yXobsuG+)7usn*)K=UA`cK
zU4TN|oli9cJ$tNmqTJ_}nghFd=D*0=o&#yngcV?GC$Hl4()qn1B8vjH2Q`+2SEJ+n
z%VPo&gAGk9Blf#pdO_vRo;Vna=?>}tC4#xhod-eUqdILiAgfZC^U2!p)qm1B4<N^1
z$9rfQY*UL2WhSpIqcz}_d#sA5iM#bIw?jkH6N-W_^cA(A_V>6^$<*6dWk>dr#EETy
zFy~s={BF2J&2A3sZS#2hn3goebm+nGC}y%&zxRL=Crx7GwroBKA+yWC<~V}<hBvM`
zUs3Ls%g?eStRdx3u}Q=_r+Wd>xlXqm>Wd^&{1tTFr*Ul*3bG{v(;A3UbQ+d7hG-R=
z=6WKqc7QKW?SV}+R%z$TkGf@$$e9ZKjy-4+g6;UjWHD)P(7GvPq#-ooyJZ{8WNEcA
z&aVsoC*P1PExo1EgQdH09eMg2RoS^o-FwH>0-SXQ%nx3YJhx>CtP^RTR762%<mOfz
z#8lXEyiu1pbW9BS@(Q5>T`|A{6`xTxo|$A>1F0n7mxRR4Af`*<ckhA}4y{1z0mo3e
zof?CylvmQSgd~Y6zzrlUt#(3xbWbfDXOm&-HG_4HoHTEX**KNYP^tK^$0Z<j(0I{L
zSB!bIg5Zm+uxi0ylp(l-#r&WoMR^LOc;|M<-*~p31IpnTJA`%ey0m-!%Uh1CVJ#s>
zE=sXPTG{g#!l$oY8{$4FVjKy?$7VF*VA?w8#exdDHUMw?gg`N-f!darrtNf=t5_~L
z&T^hKQZAgmAchjen;9CH@_E=)daPK{hW)IXkv@33-8UF-q@pHj;yAr3hbasXa`V>q
z`-Q&>yp^ORB7UTe#E7K5Ecln*AJ$!5zn<S-|I(3DTw`F%N2{@Y>Yd<K%Nwa%xoONo
z1t(N0)zh4a7Fg;0i$H-n)DMgkbX~_nr#z#qGqS(S82d^|b)1(ta;pbe&;GgA-5ss}
zZb`*%1S{h=rXz@c!`YQ`m^{Z!!Ahz>$;9hJru>2_kHF3c8Hw-P^+y2lGp<!`ojtWA
z31p9fzNW!zF6)<Q99k|}#3--13*Hgm;0*5#EA12tl(J_+27fE?vR5!4itAgW2WW_R
zuiB+ix+~Cc>noVW<TTk1ic-59LF#jo_pLt&C?2~zG;7>7Vd&A4-3+8<FQUZd?K_a0
zy{yAbaw9Y;5t0T|#*ByZZxz?*m7J(M4^W%o<U+)rW}A2iaVQZ~(ze->E3Fr6VOKzg
zDDD^;6;vT4F3Y&|6EN2)@(WH`Qg@Qr2?*=_>4n=qVG(T~yL^~iBBJacQp|4oyFBqB
zIz$G#8LRPr65lojGAc9Mv`E_8drwNYW@BH1d+4c^pQg(i46pnQ?VGFi&BBl)Q$kKy
zwTwLaOG>6eRI1Bt*kS^4>le;(8g<m&Z5*}gu8!ne3ruw6&Enke0*c?n0bJa_qSB=9
zs=KT%ubi=;NC?P&#3`Q#7*ZJx^m~J$TNZJGa%LLy*YVUdTEZ)(Ttvo#o8NzC2ukI?
z!V0DO)3nyC1kT;>HXgUBHF#z4{G_@Sj44A>sbKXT%8eJZm{kOuoivO&fS<Av<``L8
zUz3!?a%0=#Oior0<`&wvE+z|m4UbkP*}dmg)GlBylbNrUi152YEAqe_wb1Dr=f31T
zr_@Op$N3QVi`TDhUh9_0PvZ1_e<l5Dp`sQ|L@)`T+*aJ_Nr|l8U?r(^VL$-TZ7H#k
z^;224jCqvDyF!T!i>wB{DyHPb?AGz00Ll4WKS*XDRU7PTH&ohSkLWi3zirkRj>^A>
z676W?<h#{!9S80W*752szAF;kA7V<{9!L3_6mY~>z4v=7b?xip#B#(q6@J#KcZE!q
zLok;6Y}e@?=A{Lk#(`bKZmFAMGItsRc`5(_tH}Q%mf7q{`_;(M5<{h}G$mAanP19v
z4#*>|?J4`S7Jz5)s48~@2Q^@%sHb`)D)&RdwdT;U8CXVRV{yAez5bJzf@L;<rqg{9
z`0gkhd+u=S6;^|ULKKubkv5#-I&4PF${-XNMjgGkaA!XJ`ZJt2rMJbQU|<dXT4NE}
z*tqpIKUMFvoIH91;zmuSau!o9RQ^LfK~{YQ;I=5Zi!S9c`a?gR=aradQG+95YpDG0
z0~`PwkY-XQdy(u0lvgGd?|l6*;BLli7T;iutgD+G4TEEdpNXcMgp9W>d~glI2?_@a
zZ~~@kfzYxB#PhwIPl(T$9KD}zdMqa&Bb#7hOntda1>p<TR4$0`_UN_v%x^5>!`-%o
zh09+f@?820|4>$6kG2&aH+c8>fM5W*xFpK?nqteYDfBN2bx*P~rBCXg_ZJ)5N?k6W
zF475%{TW56zBL(^Q}(UI(^*4F$l$!taMU*+te$rjf7U=4xNp9mx(@3xyn9A&!vBnp
zD2Usw@UzU6B|5i)>Rxx3=;ByT*9<UrY)2I~C%--F7)Q|16hS<XtkGCYnpNNTxpexe
zAG0k;=52;myM7t<`!jiK?)ij3HE-=}9(K>i``{br_Ps4wCa&!SsPo?_K3%0<$hO^i
zTssf&RbjdT<auF#oE+jHFy7>N1E$UN+h_ZM%SHJqX4G?ZHOFGp2HppLC-!FTNa;;*
zT5>W^n&uaFfq;mVgAyupf{-u${AnqX74n_m6!o}9M!wMZ7vGC?fcrD>aHSwYpKw{W
zd<So?9Qm$g*7w<xFb-)cSUbT$8xQyxY!KPt2>rad5SDq8IhZ$bs}k@lRM7b+rid*{
zVS>oIoVLwH!+66D+l*iN<%S+`3J=2IVT5pKAcQBALZfQ#Zh2ms)6?Cje8vl)1QjVK
z0rhkHXO=-M(V<zbNt4%|iX33IXJM|%tzMAxEoCZ<5blW9MDNr!&1LT@c}~aov1qSn
zjLMEjUpWPMCAr#)tUK7=Q3#0ES9^{B@U$*t+itqG=I90X2n)~>+obd7<IPkoB*nTP
zeFSHU+ZBpwLCR`~4BsjzQ@v&2H;Bjn(V2&yTfL~d!T1zqd-b21*d6D6Eb!@=z%Lr-
zKYde=t!Z_-j`z#Ooj0rvbTF&j$VPd<>XlF#-O1Cs7OxF4-<n(=E9cz@U}~&hyau7}
z2CHA09@er)ko!BKs}f|JYxapCZfWK%Fa~7?3WM7Bt2eOtVrE+QA`fiMQwX@mOl^xJ
zU|&eYu6|yFY-(3vrLkvgJ@$O6|3<JtWXsv=SuTv{BkwHgCMuv}!UXvH?5uk*5u!`5
zF1&%Z4fU;fsY_-yA?}EJ6xP2iM;BIxs3!G4fQ4C=#MYhDwq9!$b}&DS<y^Pvgs;lj
z2zfdg!Kbr2<P@{unIxLT4*8)_O^+m!f9@U}3}g((oI?Y<w{P8qh!%=(^=v2suLKD}
zs`NzsuaF5pt#j>_O;B+t<4$Ha0+ZN+^23mj$s##sy`R%fQ$dRsEbfub5P|5=m{-{p
zdn=0@-xK7U+QL>8W;2@_w=C3wZI?;2{bhBqL353ab8?W-e~~lRvQ2yYyb|Hy#H><|
zTS5te(xz<tJw-_~ocS9R!t=mGUbIGaRU_yHJrCFYevgPgt$Q8!Jt%@+&*od_5Pz#!
z8+Hfof3SLgMu{U;xsWOkLxmVJ0xWY>0bf8Upk#8hZ3aPB{g^P}znPZ|MY*x+k3@Mp
z`^dqM_|ivHH$=@u->CB`UasUMf^CP`9TJ?7B5sX$G;@33;yC0dT{o!&Bb5&3Q8bUG
zSL%6zz<RIO$<r^Gc`Rac?ar0y4uJaGm{Fh5g&ofVYYNn~7?o(+!<xv<LcCzNO&Hn!
z!WhrVq%hTA@zjn2h}4G;!zC6-&$4-2SA24<&VJT>L)kFYaaZ93nLMNE66<OqN7X+_
z>TNa|tcmPqACz5r-X<$N3pwk#ToZqbK+?L^plvAYMh5^hyO*FH5Q7B67{@kJhp^B{
zyH85rekUaTG}mT_ZyX**K4-mytvJv2l`<QQ8d@}X5H_L}7S@NQN%jE!ddv3<#inXe
zhhZ)K1bFHfJOM;7wPoWUv2-%d84k7Ymuz20$prk~sIA5s+>`<zi7P4~H{qt+z2w*1
zqoX6PR1yU|aH;IknaT97{R~7seJ4i^jpnS4e2(V~RU1SDNea~Bu_Wco+gA<>r!IIz
zcS&nQv5IQf;xgES47MBDb%BghUg0AAeSB}Mtcpw;j-FcialzuOM?2nHq==mF9t(5I
zt^a=Jug-r<RJM-a(-3f^)8n^_-3}?NhdJhJv|eDgZrFv_lJ++{{njD1Yhgox;&!X_
z(X1$}!Qij!x<a1MGS!hWW*?PjJ=0_Y;SWL<*_)w7J75tg_PIFgfZ-Z9PLfg)Kpq2i
z(A^jg@$hzdmmAFrL=rq@`byD5#X8_eP+LY9|8Js_MirJ?GY5sRD77(!h=@jpj~HXp
zY{mq4TO4jt!*T*{iY>DWAERkHQ0@qGXlr^`Eop}?Hs_owa7tljz8rOh+Vrh3zK&7s
zR&tH0osvzP=+KH3J;nsS9AZ&nCc(E!i>eo$uoQZwDN05PrlF8SM^Em8N&Vfl+Ouug
zT4G`L1KW+if14InheO~Ei9kK%Co4ySWcK$oWBMX?g_o7?e$z&Lu}C(!sb}iO@IE9I
z$%JfoZ?Sqt!gIeQ4|Cqh9obgpUD(U@e2o?kIZ9ryL7+kCR1q&OvDow4#bfBg!*h$@
zFzWy<3=_mD-AD5zgqDs{o5)L5REPaih*wR1M_Y_luUI})Y{y-cWPRD@H+}k^*kkCg
z$Sjz@J80rG8yT{2*~JMhbAqG?-M<Snh>qd)o{5;6f0}XUfSj%3H6ZplQNkY5`WC_r
zt2`bw?d(4=rmiIXq;6C(3yVv~Y76H7ptP!liEOTQ{D6JMG#(k0Er7J*0%SShl_q)6
zv+_G@6_=sIFZ8}d-T3=VG~fC_QYB7F!Dp9uCbO+pyitf0-1_ehYhGQ*uuU6B@XF=Y
zgxpa5Tt=*LPEw@2kWpJjudNv!g69t&2%WM>N5JOzQXUHIc$UW+lhoeK3NhVb2@43!
zhC$>$AxS^Q9}>XmBS?Uqkr59vKga)w1e98MLv-Cix9Y|_3p^Tt&0l@!h3Rf+b9kS5
zn^tEr7VDu4gj0#WZCy86f9`Y7^tbzX^5en@(NgT9ObDtu8bYC|{(-_*^SQ1R1O^5w
zlZT>J%VWy0VWa%2vLXKwRuviG_X|VKKAgWgajRa>;#g;__5#MdC$AYa3A{-CG}5W2
zTRUyC!EQ*XKY?HkK|F`D=(jg`jp&^>LV#sT{o1nD;T0sUM8MkpPz{zTlja%JBfVRG
zOhCa+<hU|MWWOZRF33fDy)+t{3&e6ke5YN>OWX}tKKnoZ2OFXU?J2lY7kMPRv7Qv@
z3^`u~20j04EgSsVfFv_aDYoyYSqwhF(DlBQ`9F`i@mflC<!`P+qqT_UA9Qfv%Zg?Q
z2t#*RfjLS6Z7Bfq03hUF+b>dd#zN8v=<9DP_=tGXA#`T4ZKJC7`oVub<)={P0lyhz
zkmWc*CL+dijWD1sN#xsYO{F2?k~HynOHzc_4{Wc2PPO{<Yb78zuICFAyEF}qd%Oh|
zc%J9!5A0~rd`<0HRm^oxU~l3WnJI5{^M%3RD9k;ol?z|8!xznxZ~Hi*b@_&%cdAT9
z3tqsW&~<WZG0Ok-i=v<I!!oN?iWZ7o6cdLm6PFD`z;K-8(eo$%{#EkcakXOeEDm`k
zuz5tez^L5H9Avys0ExRbE=<%gKzf?Z*Pe7|))aW}@~qNh6>Ktlx?R|!zhe1DF}kN_
z!+EJsKw)Vo4}elVY|GU3a2UdcPEMS#K!0@z6HoK6<PA~TbdSwi+_)6w^Ob)V5+tfi
zgMhe{Ge{II9MQ&vq}~Yl^x!^5zcbs+=nJId5k}Dtx4UiZ-ix<e7IwLqM}e1E8o$pJ
zde=6!9VpEvO9Md_uxJ?g47qa2ACvwTI0r%2pjTi5K-mpFNjH&nQ0NdgU*@u+`6fyw
zr8;1$^{rx^bGrq^m0n~Jxd{3lc}9<JqC*Nu#>bPO?#*^;sfP>C3Vxy1G8g-yFKQkw
zZZxzVH&h|`XUwyi2T~BBF)|o4O;hg1Akc-<Sbm}s=yy>h4nY{~euB9s1jrGS&`el4
z24a_q6{6(5QeA$uHBr-CVK#n1Af~<_F>01dZHJUkmGkH7PVET%m7d<3<kWKW>E&ih
zAnWMXR+jdG+?UizoMH_8BOc$GgaGJiJa`!AQ;*(+KPRcW$x2`r(f^>a2JvfxP;UN(
z!s`8f(;va9$=xhX&Rco})cv;Z4v7)VFbIc{5RaO0G`MQonwslO)|(BDJiYGAseOsh
z;SHJC0uKZ&wx0KQIWm;k7hRt2T~P>G_jfN`n682P*e8jX!5q<zgR8AUYxpF&PpWdX
zhYTQ;UbieARz^n|**y^!p$T3Hq!8XbhSnoAGcjNqs`OKFUK>EYBDik1^e{=?sak;8
z5(ui}7Oy#aT234G(VwMDMpXnn%q;l~+V6oHpPG!7Vfn4Es)@UNaTFO0v>o;9ZbjuK
z%dIi{AtiPXtMlW@DO;$%8?0d%jR^?)a~^9B<nKm1(uSV{)EEx19CBhi+@9)@_L$<t
z)O27$n+D}o+fkGnl@C-wD^zi%3O3N)ucov_w0T#C5<a#xo&6T>4Wb$DYGdyJzh7;3
zSP-IKL=`+JKn&N}F~qDEKrLH%f7U2~xftWL%Me)UQMG4HI2#K<0)<O(FdYKfEA!%7
z-Xl5l2er|8+ZGlba5`BT;rGpQDh6Sf-Uas{T*8q-OPBm6PF0#UUgM<?Hp;h$e|L!5
zVf>IXl~#ZIH?I;W3XzH0x=66(V|2n2Hsnp_7T2W8mD8oX=k|84_<h1*D3OeY6y>0)
zs`UUhxlrvk2%+JZx1z0~t2sP&0bd2su9|}(SF;eDXxda5C?L-hab~#lK<>T(MY}$R
z0d|Ga+Kda3iuY3~1lTL%fc!U+cW3HT<Z=SGf<=~~OV)R2OhY)chocH)!7cs%k|Nhl
zMbFTI;Ta?(S2l5whR_~l|LxIF%6y23ssF^by`Pe2>+<Ob%5>`~k0cD2LS_}VNl^Wy
zUL#+K#kj|OTmV;(Qxi9>=_tlGdEEtt)@~F^1e7&qBZti-aGUFC|0UFWa8NlQcIkXI
zYZd_~7(ie}e3(J!O5BP3Jy}Za-}Pn8nFUUkKdB!l7;KC!ItQV_O81e^$Thm_mUtjm
zD;0@&jGFe@y`X2^v0Z+OH9WIDuE3*c^tyz6D#C-^(E*mVTuISz4fg>3wMpW`N%e-&
zeF|Ec7+RZ6C-_HUs<@rE>U`Sb1Jx-OLRruVf*DW2*ayw(Fb9N{nlJ6WXDwY7JjecG
zH$@jHN--%)B}!||Ad^v@M1kW4;U*^DR)=dwGF7`Q7N1K#!Kyq|AD8iU7rlwd&?QNE
znyWg=&i*&uLOV@0*R58m8~wc)BuV7nb4$J%jHh2`IIKrew4r20l{)-7#IXkq`ZL>E
z;t1qLKfIwLB15>ZjmN(>xTh}Lk#<&3qsqSC!KPRp9j8OqInu<aJ}1bmF6;$zI@8|D
z8M_$&TJ51-%*O*TZf;Vr=o^Y05<LINba1YOn~E~Ry*7`mPubKQ5;oha^)X^poD#Lp
zM@KBHT#VC(Qzs!=R4a{)cTkMqEN+d}Zht4IeU|eha+JRy4#w=kT*Mv-ibgYmkBxvc
zA~^pt>dUZlkz+rwx^P<L%Q{gv7L4p7lg7l|d-C8V^WX1XgK%wjH@fNJ!}b0E9bm8#
z9+?NZ?(V}DL#JrMR$Yq0Qv*WMam-t6A5QhM{7k?pJA~*<rAzcGuL{IyHyyC76&e^a
z`*6NCgA}Zy*$!3g<yt7;OQ&;fk$aY{W*GsRo@@R(6Z%xbfV#>K8;T;1u$Sr?$QC#1
z>>71PBBLx;z6D9JghPHpo6~;akh?#WiKx`wAw@^e_*88}RlKlXgf0AwTM!({i5MDQ
z<TSE*M}!ErkyU_DVW-wNkB$53XcFM3jNnhD0z`g$y%NF>c}0Qgk3>ULG&RzWxe94D
zWK<zukt^Zo8K*#3ps)i5z!XvJU@h4de8^Hh+xn_u_2^Rpd00l-tl@UTq9zxH_K-<B
z5b{hfOmK4>+zDvr!}Fljl&9MP^c`(CrCfx`LW_#5Nzw8z78CLRq4xAMafzYC#}m_S
zdH;m*0z=0UHjcz!d-qPFZfx=nt?%kt8)CxWUO%S>CDalC0siklc0dhTY;>}d!ys+z
zG7592iGkDxA?9_`#2G-r_FrFHm*DdtC5ZJ^j7OQsD(?YDiQiZUH`De9kNd~n{$6-j
zfHK;>I`g~&Dhps?q+gfG$Lw_d%9Gk7MkvDsQ?xDtf^q!EFI~~r^{!+CE+`YcI`736
zhk3UG(`z#TuUIh;oP7zP{04WfDQ?$Ki`TK)GTEV-Yz7;Bi8E;r&A}UhQbK*a@3$*z
z*?M$HSv-gdw1%JsSMIui0{Ov-ZG3^ZI&W~`L~r2yZYXM4`WXwe$Zv9=Rm05_*|oDO
z%4kvG|0<EiHMqeH4ZG&2jgfPm>8Wgp8ZI>K8&#`tL8pc^fU)huzVCQ|6M(LBq>X>s
zZOz0WkxJCfg8@>{x1em+a{g>59=o>m=U82fSqU4<g~U9WebQBN^`ZOe6NwhLiIWlZ
z<Jf~V)4VMt!T;IgT*&*bQo|Tpc6rn%U1MJ!XQqN9xQsQ9pZkW(z+nfn5o|VpsUI`i
zS@u87fp0kKf}R>7=F3L1VQb6^)3U=?go#s2w?MdwTMSRGE)UqIxV1Rrm}%?cM`;hG
ztQo3OJY;p)3H{lkrKeU3TlDvHM{||2uR1Zs1vGJAnLydb&oZ;W5`hL>zEdMB55Uy9
zHo)A9RpWlm+pDZx;;Q#gc!^SfOK(95rO0kfs-tKx@58?o@J%m;{V-zf4Pc)~@x4gH
z!jPOel-=Y7=T<d9ZJ{(T>c^v`N-}dj&z7`!IbzOESoJmtC0<%>HN<(zBbzcpT^|%m
zA73w)#b5@EC<;xLR~Tw|6rw$8p8dS-51CXIhvwB?TmcUsV_(xK02G4zg*lfAt=!w;
z@)IgptZbN8;r1ch#&ywN=+O+P-pt?weCt=;^#)g?)JHacsw%*6iY%!%bJ}H3ptoY#
zipF7IPs_c{ML9%u^dl;UQAgX`)V9UNzyw}_+gabV>8AB(0+(fyPK9BJ?lgi+?@>O!
z?;@I;w%!LqN^%~S1cDR_TO9BZ${rvX0dvm&**;Z{k~g{QDLT-k6KdF)DSUXIi4fzo
zaEgecDeb|U+?4v3j4hCu#tUb)RNrwB2VD>1WZBb1@h>LmY`pQ~@gQCH2SpFZvOiKj
zT<jCa;Ww7O+0^*oaCFx8cUg(NA(!wKQijafs+Z(Tej}Ip_IZo3ilckX=amXsSFk$2
z65w$?-YEb<w!#Y8vDzV<2@j2U;HSFLt+TCdPvf~%s{1Vm+}@v>xOZCrMYA|)su1O}
zMopiKSPiW~(}m3*mT9_ri27!K6fRCV+K5E-G$KO{Q?j;Bd1Nf~aLGz(BXe}zr4IHc
z&$jV4;<+N$6xixcj<7fV;;<(KxGoA2AXx(p0mu1$?u!7BUXxcQi5*}l+*_CaZu7Y3
zfa7hfN~c;D5#J%k#9bUEdVWZsuCbOz2O9U>+xZyHAt4u+R!^flzk|iD#H=!5eksq1
z&zSgPoeJ`@GWtR%%3@M?crbAn7byL|a9PXEm}P!?cQDPPy%KpdcWgRnN;kt}&dQ~9
zJ0lslXwF#rEGyoegY)ZK__kN1o#MFpb1D_Yj5in;JymlvG4L&D(*Id(g6W|(Dda9V
z#ykaP;JZ=XIOpvOoEAb<iEM=vQf)?17H>0VEvHZ$CNj+68|S{IU3={f7V*OqP-srd
zY&pY*B-@&}jGf_|)_TaMp1Cm=sFiwkKuo7vrRj<nk=FixN?3hP1b;$MrDj8Nll))T
z_6IuM6Sdu=x<#;DqyDOhOjNrbyX?n@4}+C2nR4XC;BUt)FmHs2^Gy69%Fanny+~1-
zpYuW->g5}}sk}v`Ac(6#p-SwK5JSkDb8|*fEN~dG_Y#%;q<HC9#M79gUg%U8{aEAN
zjz1i(k|y0o+;gdFu@>n-^&X5&TnH;B6A5-Td>8bTJKtfvtlYO`Yda>(_yP$3SdwAJ
zIN?o93UQ;N*!1w5*Y|A%(bHk-y}i;iroOp@Lm@3&JS$N_pi1i!_~XG2LZ5)u+68ZC
zj4*=ti|Us|x0{da6SP<b4TRB06lhEW{FU+)I22ilnTT$B|J}f&$VFw&nD4A%Wq#zb
z-F^p9*QsZwKx}NUl0`F@DvvJ<m(Ss3w@Q1JNoO?*bQ)fMlW4TPpNUF=lOE4@wbHW;
zQNfLjqC3E^@2ssFa11>MDal(Q5EN4?ZNs~nH*C<h>hugxe3sgTRq>D5bwTWM&KsC=
zrvJ6IoMb#5h<PG;{VZ%mK35EFW4_@i=68sINoXBbA^Z7liqXRc*GNZhj*?HOEqX*&
zHE#|MMOPbl>#HBGZuB?aSgk<Z=IzE#iIrp*V!u-tQ6wdZ?>I}|BNLHXJVM(Xn-<{o
zzIC_(w}q2q%O>4fS-P%R>&6j|xTgDoRb!!7SDWc4>IHcc%ccJJxtbNiQe6gy+^E+1
z&rUZl5y%W-sR?l#u_6TPqCXKd3|YRXtQuko->t*B*$t{Tj4}G5aQ`Eh$1~u~9L=^o
zmoqncBFzJ@E5yek0{1r>_oBfrvqN6NrQnz8rj2DsV5!AjB~siDi+*Jk>5n4xT=bBp
z3mb;szX^8%lvUI8h$Or9y5Pm!$~lc%e}#=cvU?vrcW;}+S+O(ObQ4x4rmE;Zc7Kz;
zccT&Nj0JdUx=p!m6e4BK*oga&wc$gXtEh7wsSoO8cb8V{*Pe`cN2G@C2XS_-64G#;
zE}x?$#lcduia~Tf1OncRO16I5_tYM#SO63XhI)71-~i&`6hAVD)oJ4x`~v%~O>0|e
z!9aO$&tY1(jn6;EcUDnl(FQknoTv#8;~$y_!KDKpY%!NG;yICT(5Sm10A{X~ScV73
zVR6r(dArBDB;YluJ|W`wu5Zrc^GUcWu;awJp3qwTT$fKz-z8+(gvmn_*R||#UbQO%
zA)2MToP>s}1nKVkv5m&iin_k!s@HZz;M8!hQ_58`pvu9T|2=B_%woeit~A{nD~#5&
zGhZ5oTc|i-=KNJ4O`8ySiAZ4d9744Y#wFR!4+z~X=qxg%4032oO{Y-l6p=!lJ}CFQ
zAuVpq)=A|p4c8eJ5U`U}1d^IW65Ca7X)Hp=-{zNBEE6$h4qy~tX0Me%NZl1_bLg>x
z?DQ&~ZVOvpY}VOkv1h3R1z!U)!+s=2=20svxz<6yO#m|sN<uGK<l$0#kA(m8aG#~8
z%AAe<;9#rFZ*(M>Ra1I_1Rh~0JD1gGvf_%o@M>V1GB?KIGgE{tW3n`SRA=uq4YB}-
zSx99-AeGAT5H;x^N#BXTHs;CpNDFvm5})<7I{1cU7Qonsy-?L{&jrPO<{D<002FLi
zL@E;|XhO0`Ky`>a3IxE{BVRfQXv`mDZ{Hp7^2Q+BxohV_@yPd@uC>v+FE|(>Xp1_}
zj7t~G_3M$4q&25s+)nVbjqT>WpEqbdzLPYI2p^7n1KGINQ<^KJlucd~e1iS0kCc%Q
zogSK~k07b0C>>%3SQc++@AWvwC5zx231n!gNDz!v@`U46cWLF%2M&p?Ro*e}_t=41
zWO2S14G6D_ayPHd_$dtqTkc!!cIYbL$H=_d*}QL3=C)J0ZL+tI@XkDbr(LN$s+faG
zxf>sfRAH01r{n6$2FbP!>+>(=Mg5owY$_6oI6m8X0pfyNP3kXq>?_GgdG|GUC)*@7
zZXO8t*~{|v@C#7%hb`}S)jn35Oel;H<DkeocoJU{N53uR9w*f$YI3w1Ps7MK@C=rF
z>5M-H4mD@CjPeLMPF+JSApbHe&fx(yLJwm&Nh~>$P<YBShtF{V;O+5H)J)gs=d(`k
zZjfy`e{CwargD-B1p@qbyZ1%lBAVV+zN&`k@34}q%7MvrSsA#IuE7Ln1U2ri<6|W^
zX*6S)AWo)<Qg9#z4q`G4zq@HAA47bN1*ERQd7RnYBH(P1(v(PU>MO=30{7Nf9c+p%
zrp0@RgTAH)r9xlahuXOCICd5~uf494kpE&DSeUdQwd>~eFvOO}O6B$&0x(9#S42E&
z+9Gfr!TVs!ReFp^yOM2Tbu(B|_Hzm`p9ge7olZDN&<?_N4^wEfZF_V(trHNaAc5Md
zOo#XG4l{Z0o*z9^Dk-$s|G}gaYutp8G>DMjVl7p((;2Ap5P^OfLHk2Af+k_{gRtuW
z-$Y~c&2NsxZ8*O2dhL?#F3%7QBeld35E|iMeG$LQuIk{m{avC4k<VzyG&)2A7#_la
zL{*iGh0W_pr?g5i8EOlw^)g7*!4Ih#vBE%06(bahA1Y{!!^ht12uqAf$Wq1zgd}nw
z>a!7<MRR&iUrB}Vc8tcc@uz7cBJqSOL}qj8lcBn^c(dcV<{(PYJ8I4gaB2Iy6wY3b
z4^Q*O=6*HEA25Wapz1cNCCp2S?h>eNx$r{63LXx!hW~u%mj5X@9Mv`j)8YGm%#1BH
z7tQJv(PUM@N1iLLOu6(8_=T2>!QRy=nDJbeB99)dn`eA_J(s0u@xdECl%d__p%6R{
z53R}Z_i7k0EcjT9c#153U^Y2WI+Pq1Q8<RgT_BhUCd>1_m_^)&m!~?j7%*`<%Lhga
zBLu=z(8fe$wBCpx5PQ~wqY$d4%DHN|8BQ=Yz_R)=tE(df-Q24azY3n;Q&TxXK$b>z
zveofy1HNPL5?J0K%8FmK1W};yuqM)vV+GZDre4jm<g1}3QN4>PKVZe#wW4gwxxo90
zuqyl-u8)(gMYBwp+oIAh|5YB+Zq){9*Eb6I3sk3sEsWR6r}?@&fqq>G!NFy8viZxv
zG~&K~RY))D+3<wnnq7YhUoozx2qp^$#={Y{$>Ra;rA1Apx#Na&g$OLWrT~fY5=9AR
zG-S-_2<SJuU~mKWE5Gwu2#%*_{?B*CXGW~*zD`%G>HLgrYPfeN_G1MWr)5#RY~9*U
zMo{bZ7tPbYigp%}j7+9Bi%4!y<M%FkM@utrlkv72(a(fBeeU|5Tuo4oKca99GU>^A
zG%Z`CGM+K}lPr_HA{l?JY*Wa%lhDDv3t2{e&8(=jlm!sHjfDBJZi<M&{(#N5P-ZK2
zx6nyg-f0sIfkJSV@KKlH3LSBDYyD#H@bjdd6NDS7eDDd!(I^QS>M(N7(9H!qJih_8
z+1(7-sMsBtzrY`L=;EW<Iws|HHMEeOiI5=z8|ck5lOw6VYc#qDbCS>+|MHve4q0l1
zFo@?K<bjLJz?o_kkmN=_A2|&xnAnanyMrMt)=xCVdl;TpQ(^Rys4H8lI8rK2PzESH
zH#EArV3~vfgHZ%xUbUS|o*n|5$xdDeHR8lOSJE+}-#2MB&Ux#P=3N!1r_2Uj37X@x
zGS42swdvj9Sv018a0|NfbCY%($Mq?YL`AkCAlmRYD}Hn2!cndVu83(aLq+jK!(^M{
zb<1sZiI-Q~d_dpfd?AW@?0a(-*D$W{k86ec{?lT94z1VK*vIS<KPikOdSMHk#)h<5
z^xHWcPWguv8{KM&W8;Ej;@-1LNNSQSgfs;10YeMXFNTr8ClKpI@Z-mzgpOnxjP&9X
zMAn$OXcWCDjS>hv<@FeYiWev{MVZqkoMV)AX2F_INUjDLHqXdUH9`dJ4gX@UO6}F7
z>VdV+v9?BsIMQMIOiB}5t9+ma!6xH<v)DlG5ihccwNzDZb{<s3kf%JJ>)GExJskAV
zm9C-PHYT~QD;3rkhsDDsI+#D@X3$nGwWjcuKYJal@!VEs3=rf|$sA<I+fuPz^zf_H
zq{-|9=Jcsu^rZdwi)CGTkngOxmY=r)Fj<0ueT=+jJeY3PONzv)Xi<<)6m>XA5dc12
z{YYLkU$s}DX7=87MaONi7pT1_koFo_JaC7Pny8>K-vq}J7Cx})T@G|~wWaMo@20T(
zNnG@*D7Kmla`?H9G=7uh<QS+%h}FkTCjbs7m|%$Mx&9R00>cvNwi~(M=o|bN9ro?j
zQoqdQTpp2a`#*oj)pk5xCPf6>xBg_MeR0(e?}2F|#}rDz70}8@el{^kk^;w7-!a{b
zM}Lmwz!jrpNxI?A53o;ZX+P2FI)ptEddmpKV6#~B?$B><w6=M@Pk}JO`0qXquM>i%
zKSVA0*h(?-`>&d)Noj{^P)Ej#yWVpFWNHFOk@lb5BFL6;Op&#W2)8ahx2#YMk5Vs`
z*fd?aRCxA_ZHx=`0914|<y4aZ99=v9O*rC8`jZhwwDhR*i!Bz?72ho;0I&b(+oN5@
zRU2LO*~tLnoUX-!Qb1fBd1$qjc?^u)lpq2a55$AO#MX?v5Rk(TC7?`6E*xU*97raN
z6Ql<{4Ig{KF{gx7L#JB_b~v@*)`dYe>xmMCgsZ9tWE5uipe0VD?o9AaLPRTxLz38^
ziNCh_CGac3L<h{CeW7E6Lt=;&ENA8{c*xl~$0d=XTdz^|@bRe5qhM_Z)i)5W>MM10
zK8Qb-WYZGIAtS28YtTL;NBMmVV&iO;-nvE4H3ny1qg~Klo+x$nX}I}m+M52Ju&Dp?
zL-!0&@_+H}ClX74Ulem*SF*?qfVm9Cm-UP@#_6M2aFKx=7`fld9<{(U5pV6o@8q0g
z!WJM~HfYpCrS9%zJIYH)fz<lfjdnaR3S@miCz{zV!4u*K0qQo9X-)#g3Rx^Rh&Am8
zAfOQVQLW*&-b(F<1<TVu70RC+%LhF19G<vgG#r;PRRG(qQXTF65D;-ln74g{g1SCc
zD&kyVyF40g*p(jy>`i=c2y9iE64)G^@Qe~6RxJUJZz2Q$Zk9$NxDO_B`7IXe@*f+C
zJ#Ebq2W5JPtS;!a3{7<z)WUD~#k$xUs9apTrhYn_gl2v<jVBE@)p05$kwPY156Lg&
z5=@M{PL!g5NuLjA`dM99<U;r<S4y}Ru6L7sR4<)BN2$FC<$Jsjh&c~wCN5z#iwUYM
zOv8jb_W?S8?L|ZguhhaZbYdIS)Iw6tM?!|u>&pZcw0@S8_njh!k;T<?nq>+7q=RAv
zg#7FvQk_ippnNG4kt&SJ;7z5kPt_nqIq*`8Al)8!NnMi`o{(tOZsgQxWE&U}&M({K
zj`OSRk39!hN`s6uRF;Wbnf)aQwfUrC{E)P4?$v0M&}?ub@B;*<j|D3Y_PPBv^8o_?
z+p6+regdcoVH?zl<H-+$r^96dgFdt%jcrxuPS=L7$2k0k{Dw2OpH_{c7lHZ$Rj#oW
zNP5##wYyE>s(NNQm;_Z+avcFX$8D^VE&%i}3$i+3IMNrlc99MKB=(X=dWz*T*n?4n
zQY4X!Bk!i<`MF-GhY9*S`o^w_R)GwqEn>RMl%SRD4*3C+8ib;MJIyg^Ot`rZnk~B3
z3H0zlx+6bKu=C=34;wEhPKA5kc&2g#M>Gr$=QuP)w`0Wlr0!|UX6ns)ZYhkZt?{fU
zSOfzlaG&7DPvEQv>|zA)L%{vZlMb$fo=F>2m??1uOzdO`2SGp+!egDqsVS9H-kd@$
zAD_|ku0pxvP{GIBez>Tq*8^TOn=;-YrLNoEb}`C=<U7;uo_>D?__MDW0Bd{zF+k40
zk=^yDYg>ebcJVEIGrqaX)3o)0veo4&dc1-jDO7{m@_DOzliO<Q%WiI6N_f9BubEH5
zQrg=l3R+^!hPFKr_jpm+-JRXeOaC;|k?=p_XH0|rAtG$dE>eGqlguKjS$A^Sr`Kxj
zSsp@KBoaG)x2C+WVd0+{Z#=qZ;-xnyW-cqci^z9-iG{Gz6L<JOauyH~XRu=D^lUs8
zt$dqZZL0Mfw+v6DMDEXg88&VsTD?Nsgdj=@gKYZELyX_3kCp}B!I%&{AlEjr06oT+
zzK!9P&e*~onio-|sNZQ$pkvGIlU$Vu)gw{^Oa_Np@kAbG+q(Jyzz0B+fHlkh>3QjQ
zSVi8kDUX+Sg7`-TOJf{$j4WTIn-Btt&@Y@cANAF1J?+SD>G;`7Xo*MV7I9Q|ka?9x
z<rwVWN|Qkxx`}N!Ug>OiVfV1sDd-Nv1h9AJfFoO^$}aq=M{xE7eqHoT9n4h{^7iuE
z&EG3TTi-Z|_qd;G@pq)hI60A|#CM)U_w_*1N*>^DI-qRYI&$5x|L|WN)BSeSt$CPV
zZK@i5VPO&lBX~q+w4FG)`uN8fTV~zg*E^ddcXQ8w=TwTYO#%1>kp`96*`2hQzMxj)
zoPKHl4lAojkTz>@On>3*5GEV(Do#t+sV3z8iCdr9&)$6$9;veEy*k3x1X2rF-@D~{
z5vKx^JKrA(bRb9V0y8}W(?i^+ZRaG@h((4X{K6meB@<iopfHgP8(QByMTj>?MgApB
zn;1B<lx3_!*9-+1=hQQYjPC6JNCw+?f5^7&Mh^x1eBnm;>YegMBv9CT!K6WngIWF_
z41UZ$=fV)z4J9*A)&hQ{B|*dezA45wKb~KgP}+IgI|a%KaH?v+^AVe*bX!(en!Xp1
zkw$_D5r=C_q#TE%S?TDn?ohENL?tJddT5<JU1WH~6GzFc)l$||b;NZ%L}Ephk;}}P
zsb7JOIqo(5TokJDdi=6(AfiEro3er@r=2#&OU^^^z&6teJG)Ly+rxR71rT9WC@G71
z6hTv^ds$ZdC@j&Ze0ow8i|98o+Z~P=tiH1VceKuQ=pZT;SqA!GRz0|zY&1(YFMY55
zosk;Tbw1yyJ7eTZ{a(GQP+Om$2zpCq^67<#$T6fTTtI8eCl%z>?@)LhV+5fpTO*h-
zBPO$8g{Stt3%oNB@KNX1tH*T){!I89%7FJ{aqlfd$;d7j5&|}tjKAT#NK_LyK`1s8
z{U2lQmPl#jr2=`D0||)imU_j8m&`%}rduO#P5l|3x$74q8M2~PoXZ+){!%p9Q#dFY
zh(GpTo;<o{joVYlwi1-KUlpAY@&+7J6sty_eOMa}^0iwaO#X%T!CV=oG&=)6@KYd9
z;`<4Wx0byc&D|{O2q>YIa|!}Dt+v|qj+r}CVmikFL!|!%9g_bozNH-xl@>7DNXeJ?
zTVjV_sGwz8Rau`BF%p3VBhdoJf$XipZ*v)r#O4){o=^e3!Gy3b>Wcm3-yxjbEEZGx
z>#>=K!n4rE{6dnz6hx7kz`A0T+jjHH?EN{(UXsE)EufW}12+<2cgY1}Ch%v%^KT5Y
zavFcN0xu$RRfWsV$c4Z=Ro@eUXG|Q|`lN&zC~~E#7U}P~A*g^Ke>bY^;V-h;$Vr&m
zR9KZIujuwGdo6l0Y`syS_!Z9m8H@p}E^?23-X#WL*&Qpr7aO-6OpJ3ee8Q|ul+WEC
zp5e0>ckRHTLBckFLs(dTx!?gr@BD|(OI2I}VZ~fSiRXsp5y~=P%I^S?t)q03eAEuF
zCbsOVI76WP%f@r@mvEv?l2yc7)NeBk64qqGH^9NlNn1s|IZ)<BNjpI^)FS<c7B~+}
zD3rMRAv&yG5Z}-u^t?Q~D5r={OcOW#kYDGAI>+%j?zFAx(JkcoP%S9<D>`(h8u5;u
z6RjKLBph2tWOpFL8dk<iqk|TdcHHQ{8@DnnAERiOR=LaRWOlIIz-~9G^xTkR89!m0
zK`90^y-{!~xDFH@+(ZIdfaVkc+%9H0cpu|4hZ&h(j?Ou)>SGk@yV)ck{}MPxMFIre
zf5C7zNDE>EE8E@ceRELK-U6}SVr?l7?C*%--tkD6e;L>OX(jXmVv*`09r{f54f?I>
zIpG$iSIKgRDcU>RTUu|@*qaFN_(7_H(*_Z{mDk@##9DOUe;zjFqEMw_K@4S4o;J0t
z2O@IGC3QX&Kx^8p1Ot~_RlKD61)1WAoJyc_@PPx*-}LRSJWk8ySAQK5pXRFiQ4cSo
zJkfZ;>yikypQO>uuPe7_%uJwhcok!!!VI}SykbJDr7!Ukbph_sz})`bRRwzDFGi%p
z_fTj(OFajA-KsxZ;0sbH#b)!2YY1&Fm9Rwe^I`i?GXLf>Z%JL(_PvyL6W$8peb%$x
za@~r!lj;?P2@r<utnA``ZG3eNQVQnSUs*aBO)5A;&=p!RGM0K>K=l~82*qXG$FcgL
z()AmD+A68@%BFy3s<&GbHA(iBYLixDJtgL+mpp`BwF^=)3O{f#?*FQ?>5FOnp@rPp
zs<Ey<;Ds3-rerQ&Lf2lte6(+1msTci@bdrsXQ0@n4P6YdtR3eqM2}4F$mfhT@sjy`
zUUZff_ql27Qt~5L>#gH-2%ez&<3@3)nof<t7n5J{o`aDGB0)$o-_N-1sJwW;@``_9
znb%lOCC~S4MHRKnE8_;wO_jD>P_U7zCRCtHe33Fjz=oo8@V%c6w^mlqf77N)o{gIS
zRSCMK61-)Upvib{yi4cK>Xrr@j9xb$hoI7p27I6KH7{MYmZOv2zv>V}(F+CNywYBy
zK-LqiRa9z76Hs&@oKTI)Fa$W8Bx;KG>JPs>)dkODgP~2efD_Wq%3@`IGg1nob2il8
zabq^i+PQLI0j*?OZz{0h?as!sN}D{{Gjh6Sqp^xTx<a2e(XL7L^IMq%;UQyro~?B?
zzJ@B-{;qErrv&bQM($oLrhey$APYcVl%&<{@}&VhT8s5?n5;a(dRA$VWV8<_d!(Yt
znS$yS^d$J_Xd!bFRbG-=#9nt@vBHIO*F|Twj8{g$bBZ-2vdl$Ds5AK;xjzNil+^R0
zf1UnIu5{PSFf@)>d95wC!#>mFmzxqSkbEFq6&4G>aIOOqLz18Yf4l!bgpqrBF3r{c
z1**mdHlbgHgkrx!2~4ms>BvgQHiZ}V>R0%q4kg+y2Bpwhk^2pHr85TnIA6(4*mJQQ
zU2p%|N{lK)V7_2LT@=@gjVdsca_&+!EItaIyTD9)V<1x&D`s#XERSOV^w?<c$g#hK
z#Y~&$vd30Y@XlQKhLGyda{>+Ht~<X#TOycR-mEbPU1{6V*QY+Fe#a;r>0C$aQbH0F
zU<0dGMW}nzQ84R)GNkgL#T&DG-QdIkzu<mX6L{t}xA0?aZj%z}(^Nl}<TlNU?W)3+
zYcXI`rF_g94WLgb>SbA+7pk2Z?V6$^Iy|+Y0$heYmyzlT6JNQqQ(m^KtiT=Fxu_4V
zpzR16Uxg3+fbIn;wR_?z!rSpy!{vtV>pCdlwwB+U<%Pz8(OE-mtzYaBoA^2MZ97^C
zQ=uT67KrLWBYY;kw!0n?Hh4zj_(geWYM$LsO$+in$Pv&6va7-D98~<fxC^8B8>K;d
zLfr`-GMT>BerXCAS|)QqQ4tten}}5X`B?`NbY#h}GYnO1UMO*im+ljd6P#Z>ZuEZy
z(*ruSw1DveKd#+>DLkUk_8$ofmjAJ_Hkv;z(7~GnpbynuvVB!23cE^L@bSwO)4Sx%
zbec~)VC762OYnu0g_&Wb8)gZ84Ucuo-T(egTK_uradbr3bzyReS!{Pc)aRvT&hrI6
zg=Bt{13b^_^j*c&+4V;kDW$&`26>X|13Z9pGte4($&UAqVohMS%@jDX6tpt!Mpu7r
ztQa~4A5s;5F#)h1@3r_>o85;jxNs{%%-<)%k|d>`7;2-mtT-x<ar_Cdt{>YSEXzs7
zIjH<;A*d>Y7(8t+EKVxDKH9eug~Zx<6u&mX6v*wc<)`hz<bkVNAFoC=eG*VMoW85Y
zbYXeG?}~E-I7KBwnQ>&~pmVspNug%B{A+JdGAr!o>Mr_WPwkA`liiG}q5*sP50Xre
z0-M87I#NTYq&>^VUT$j8jh8X^0lL^Zw_aCN54t0S)=JpkCZV-}bRBhL@Us=y(553H
zQLE_-J>F4(^fGh5m-3MMrI#68$hm5Oc?Kp7UYZQC=Q<F#J#?>e!OcTwj`A}v2YOh@
zqL7n6(2mBJ&FH{{bG<)ApPSYRuUBxtgU88b35H0FiDo{*B0ctHh<(8LT{T<OpmRDv
z*`O4oMgKtAr6PHc^FSp}KiAgc5<WA^=cV$}CXtjZ{VHd7I)$cp@)VESqB2ZDOy!kD
zo7IXnlD?zls}p%Nl$G*-A={=e9nl*&s!<lwdvTW(YOiLdvCj=Lueu9}gg89P)djt8
z+yIz1;N;64wTb<pY}{L<fJj$Cd&Dz~;g#TTJ|qpFMXhnC_*h5QS-Lx);J|_&Eb24N
zN16@bJ==1C+5us<2~6r3Y!c$HK-jfSFk5HWPup+~L7!8c;U4u63HJ2wRLyE>IBxv6
zypxE6B)!5+x-LCRFlVyCDV;()3!fw9MzD)vH2%^*=dk4F*L-Fl;-*il=GVAnI!G14
z@JT&3>vi42r6>7oVL|@9)lJ$$(7abMKWB7?*1@DMJcb8|Bom^c*~Y2ZS<}GR_nVa`
z3^2Mc_d_5*9ZX~GOpTx{y|Iwj0`}eft&n5q4svw}CdtIL^P?J~fHeIV89Yrc!>PMD
zef^w=#Oy>{6%pB!W~S-1J}!V}43oS`nElL~SOAo3e^K`;7%?sY!7h)2eX5>?Y6l*c
zPq^rTgZLh#f}kd8*J-EX@XzGhVorCu8;1K0Grv2Iu^wwtK%)}a17nU{wP<hsFxpWP
zJ=P^E97findYe|6i6mH_WaHtJQLhBg#2pT|Ww0KmpTxqpR|Tpj&tm=KDdajsq7<%v
zF%fUy9ygxCQqB`$xI1BieVZFt9mLx~VWN*2DL!g#Q^H^W?tU`_0lAtO{p9UFc^H$>
zR{`3ZxH(Q~irmr+0ha67t0x-af4;xW|GClPT3){kSlfVGjIW&O!BW*?yx@Wh;Qsrv
z@!r&zCkHnIwpmEarI>Oe+fRL^sfjHDX8`_IK>`pK7;01&r*N0@1@_JiEgh&kxp^t-
zTjTV!R|n6~p_Ehrq-E1H!*DiuDt5&<r_3GmP{25~-cqgD2S|hy_ifW&CTOOe=z2wt
z5v@lkVkM+BS9i+Mc&u!_b{1Lwgy(So88NX_rRc5&h@d0@Y%+s>iu+mvr%d8xYhdg~
zijc@iez5!vG04Z>Y8Re#E(`<wVbpoD3#gUTIL&|p6UCpV1UARFWW8*hknYKh2A1by
zPTyna^Z*jD4m4I+v03OiYaOJuSL6T?Z-j|qzUc+Y=L0m;q{&Rhs~MH4i;w(Eb7E0c
zbP?VtLjAqNKp_K*<wGwK$v?mFZh@j0!3uheCZ!cr!<*e4K#0VYx$~I2ffj+j)39G~
z6Rj9b3$lKZfr`h8r$ok({8g$x2|lVr>L^atP)&GC7;N9g(%i{b>nKzJiFM;f@QV51
z<6ViBW8)YqdvL!_nwwlXjn|b;58S>(G|94!ivArxzSKxS8RlDrt}~3xHh|dhtY^~a
zK7k=IjnGY+!Wl*kq#3LI+2yU~*sAdSWpKWu!}KW-c$A`s-H&XeDz-3+o!xz;)Yr^6
zC$-nM9iNre9m4Cb<J+lE+@^5$kF=1lkzZuyS+*t#0#KIxZ@>Ffn!@GsG4cv=G<K4V
zXWm;p3FTuA@&l&E(k=l8<F!{!C0yt8dRPDqj?EyEY<`n3RepBMg(eS(-Pn<lt`6VT
zYKmy+C_B_^a(c~2wh%j;hMu_y?5VVLxk|6EBAJZ8BY5i=`<<u!)Iu-WoQ2`u9dZrl
z-n0@4oox@I6CzCL`(Z=+gxXIv5_17esQ^8|e^zx*d-2vFd4p|s9JWkB86b(KNF}8M
zuAPK{4PUs|o?ubu(<wXSlu%^PXT7gk%pHYIk^6#k&Jf+y3m<+}VC`qRIi~NDy#GvG
z!kgjbBl@YXhW5ir147;UhTtbrq#PZoshIiWsUk*i-_tZ|Kp9JbY-q#0;(=GNG&s?^
zD|H5N+0dV#$+Bw370P^Ao*T4x4?`%}m-<#WD(km0QXPcr6;}%G8l8`f>rFnBVR>ok
z2dR{F&<keF&}=BfWCMd{a$&k>*QV}QZnXUSpV5W0AD(VjTT3-#SlmY&7>}Ti_4bf;
zxkI#?7QY~Y;x;<PZ@3YvLc&||@5#+5DJe_uz}hpLXY1wO@TgnuqnzAA)OY%sBIkGA
zL_yV<ux!Y1D4cV|UNd-7YemQ;gf*{-7Z3NV3eyW!LuNj}FP-*ug9fcLImx8#r~q20
zq8w%!+sowzxonR1KL72{6olFk#0Nm%YwF0An6B;47_kllyA{Od>Xlg2&kaP6@`e|R
z9i7`T!+pIt`I=Lh6lG-xLk;^Z8Hnf`DtnY|WCLsmv=jKw^PavOWF3fNA&o`jvPtn?
z%_7b8u~gb?kk`Tz)eS8&U#v2F|DdF5X?VHR)e1*#+a~Sq)QNx>Fm7o~Nuo_63L7;l
zCEIM-xht|y9w@DeN^4UG{#`qW!miXNNyqr&q>Ifjt8&jzBm#u32T?YWM1a4Dyqkm9
z+E!Bhuy(|s`R`PfI@@#b^#Ee0Sc~Zu;=+9oz)Y_(n2=GIMIb&qG(w}Ya6=P-qHJkx
zLUyHC2=CG;hy1_Oa$aZ3J|`e70c;dp9#x5l27(urNdP$~qQ+geaXUnx3YEEdPLeF4
zr(B-xl!u|g`Bww`B=mMMSW2V<91cdIDPMiT*P<+->GwIXJa6WfcY>)WqQWi4`;0Ao
zxD<xpONq%VdP}a=hh3qO){MRw<p<bylEML%NY5u1<$t8oPz8xc-fLjM4*20)wHv4u
z-zG3oLSRnN!ElmXn^M#k`<SQ6HH&KPMnOB-RcX-JeY#>Z(}-w<yFfG?nr?YLEZpjO
zIS^npU#_3YtpLFwc;Hy6keXVMo69-PIL4S=nZ$N?U6883aQ)cEZ6Y2gSqZZowF{&m
z$41uZn{o<P>A_gA{z<I5p55QGYp2*o1}EWIkErWv$1D+=*dV1SIIr8)`_3RSsRO!!
zs<fXWoYZ$HOguTGNh>*-w9KoFahQ0hWzRZ@t&o8)vy-6?9ED$N$V8Uv;Rn(yxDCA;
zKmM<a)h_)=iGOeoOYzG71Dm<;cTHrK0+u}^3`nN3Xeau#kor?0Oi&j*LUF<e?|Hw%
zYc?ngKp;NFr~#4(45{2^PULVJ>q9t=FHY%0lEY6jQ8cfCHJj~vmdgA9NH`)}L4N>;
z>oe#{V}Q5gPaB{B4&VxX$H!UnI5{!Qaq-qZNZXuZa)gm6h2ErZyxF}#KW~2i6nabR
z1pVb6Zdd-(voZu@?gk1nw`eu1d0$BonRvpL&0>xAWgzhx9F+$)Pb9HBZDthl`l5n6
z4=ce4A;8S#?X4k-43RswQ!|PM8&uAu^`1!iL>hL>Yn|e{QX*c+10S`pq_#2)7hlG+
zbst}spZH~RNsT;P>!wws6aciLM~8BRB4R<_NGCu)Z|Ipq63;Kx!2|#jeDf<1{sf!|
z5M6g1TLf=V=b7i!m`jZl0tQk+ZS8%B3d<IG%`pt+bp5;UOQd~fKVfw2lOd(HySPSL
z!oeN_34E=_EePP=4a1Ixc-OO8b{;!*#E;THv8dK!o|RDQSpU&a!~SdBK`ttwF?-CD
zZdS9Y0wvyhv%paq4kMAI$Cqui$PQ^PrjOWO5^uH_POD<)h1hr9m~zl<dPkYI1m*4B
z8dmAP-l(4+a-{G+yg3mHvVJA?+ckjxo9qCu4owckAI^FNnA-BAM{@~Y4l?%qPp{rF
z6hY2!Rq_DPom~JW199$o*}5};O${0Nm|V}DA)>tt?1#7N1jk*E-;tId-q)<=1w7op
zw`;`Vup}x(y)j@_;|V5=-9x3fhY7G&68%k_nt5tZ0^XA4CkCRrqB?cRXtrUFRIeuC
z+@4!$WNcUsfjuHS@ADN(P73Mn;@R0sNFbM#ji*RhP^7iMOweRb#R4_0p%%sJCxhKc
zcvo)?BN10Km0hRqyynL>_8xuVt{>~lPvWzxL-{Gk?8`dksM-2td`C>0ge~%p=t!Zo
z<^;cC_@3;=^10qh#)*dxe5hjfjofDY_xhrDb!0TN<Ozr>aL$QUjIqGoV>DgjySXeB
zJ{Aw|_%0OxH8A4M=Y`rcUtX)JsC}i%z@(H9QC%A1wT8!jX>d2??!~2=-K8>5>?nnO
zSF+<)Gx^z4)}_e>Aic~La_6V()1Q1D5|ZSYSP57-1vEc%dWQCnOWKA3?Ut5zhais{
zap>s(O8j`BHN7?e*ijn~y52WHiRv}d<i7?Fsgj$FOMj_g^$1D^NsxBEG<Aznc=7`M
z_hoV;arSnW^Rtzz_l#Xh5NayAT1`0xr6~OS&%@u<LB$3pJRq^L7gh|Rhr6*-gV#LI
zffcBh;iQ(@h7?wiK1LXfp_{O=q_n-xC+xZwer42oEH@Q}X?KX+ka7^KGER9e8Oeo{
zY1=;#(CF($bwy881gb?LF9mFLF#91CKY)HVF|j;3-;_fD&K$sLy!kuVs<3NSUMREi
zm^ERbH&NkDpitz%^4nA;%Ur+bSMSrLkU4!%uA{U6@XLU`QmBTc`qS_OxcQ&zmtAA%
z?1Q+LbfEHlC2&EAY*_gJW&_noXAc1(C&dril3^erw@zqbLY$eN%|l&f7e&se@=!o;
z3FOm*+M(p;>K_~OQ3qd7BwfC`sY@B1!KQ!Z`4zw57C~rJr6NM`M2~Xy%F>lW09)zk
z*oxeriVJ)i2cb7ic`25<rpq&3vDQq4XTCa@c@;BdkB!gu03c4RXiV}%`#m9r&9K?R
zncBs!b{ae@Rb<ea2fB*mc*95IH-LF>ST)vwe<ooLD$#8&AbB`)JG_L0zw6u~R&rmz
znJ3>Dv9GP*tp^S0`}!+qa-`4<p+|`T0&?YfElQC+3WM0S0{MEcH7?E%5@3KN#ehx7
zqeYWlVf4KH)5B@&%`1k4#I7*ASY?Ada=QH(7Fdp#w3G_KM`$+Y<mmpT^$G=F!nt4=
zJ`+hFbqDwKhgCs~XYbf=4(p4t9X1ko?h?l#c8_33&k2yhu6r3V{_!0dX;|)J*I_P`
zqARj@U4-rx228oqL4@j103)mi`6v?LL=MSpL=`F3AVDcdAca#5B`%8MoezmX0}@wN
z`ef`S$g>7bS3M+?r`~%Z83vw?Ei|Tr5`Q*<MYLKUh|S};CwY_G_N%?bpxU)P5~inl
zm|WqIGTvdbF7fx{IoINkE@pGpd@p3*d&(m72cebq$^C)@hU`8mk;*98gIA-m1-o8G
zwTmkdZ?F2J;ufR$lN&Dws*?>Mbz<@c@jvSfGj4^0pUmEelSbsY7+4w{=Td5VBLDfZ
zR55Yw#Pi+xA(+^86VH*sHuWK1h&AYtN0n!QU17H#Bx@D>|I@&PxyP4EieZ(voxvnC
zyHP5}>9{j#;!%Geww3Z7R_YaAHrJ97o$n*bmO~dc%F^#`Hu9}2cin7h`Np|zY@C#F
z5?T^v5NSHeOXcT0_nM@I^<@d&vm%4aK?^-nOBe%E19@)%(>9tw#g_gpha}q85;M&f
zzFjN1&X0fNLIXgd65j85x1!~to<&UxVl-6Q>0KPD5$hc<WE>T^RH$L(`yudj3T?Bg
z@IL5K$k<2{GF@0nH1=3bopkU5KtlOZwZ1{A?sxAX^}@)?0C)}KzUDo_#L>>Urvozx
znGKSl+fD;WM$|ZV8^%}G$8HV%e?b#0!sbD26eJ#$&ChYa>Az}R2$j*QCgXb|%a*oW
z_$5D47@`$ppb^+vd3AeBYA5+CyE^&Cea#blu@Tpn#dKmADruhvY{UD2kmVfMqe1S4
zY>VwaaP67sCSm;G8u)Ye-H%&(MI+N#*8@QK8{N)?wiFIA2bJ3mgCFBlRfY4TJON#w
z9#!?Qm(E65HQ<SvfysSd=)S0g^;fD~sHi)ZWy3$IRTUBYBRs^=*N0h`4uB%bPd>bz
z;4CYOzk~d7v*%)3tx~@DXtvoEuvvrWXcpOvo6pU()K&@y`LO?C(0q3t>4%$V^PdWF
zO4Kcr^5O0XO?kZ$p?I}F$YSYf+a{b$dl3`~Z{cPo{20;DHpON^Mrb9__`Z2>qY^&X
z2_Pnj9^KF{m)YG08+yW%&`u(&NbOx$<2yZg{K3pVW9uV#c0B)UiBtVMyzfmbq0Ymq
z^K(hBHr_8ye?LC8Xn6bVMnWKC6U!+%fB7bzKMsj{$&;B1{?P2}t%UbbGpLqhl>pVe
zsB}~jA|5mWT}v}X0$qaU)U+Zb^_y+8?{O(J!*JB40YKUORVo{7nc;F#%RqK#u0<^X
zqrZb-hgO-aYAXT2Z5Ftk(G=(Kg^()^nu&Ds&w8j&^^YlsgpqoDy#Ol{1rDH>-I=D1
zKVxNEfELW{#*!Pd?c?`2z93&giJK-Dvv4tfY;@n&hx%&`Z=wu~@(a&D&A7b-*Ryem
zFFlM#Mq@jZ_9q|sDy=Jt-><P@TIWub^)gLyt~4J_yc@&75PW)z_|7-_r35UZ4O+*`
zq2JF8EP1WF3-WAC*>D~EDrIsL;t=9h`x>dt)Fn$FF7*-IKypsu3dKP0{kJiGEjYvh
zC_0sQKb<Z{;Xa{Yo%VIENLF-D$cmRqHEt5~_PqyO7%0!nyX@Ho_f$s)bgqH7zR!dl
zd0S`e>bFD2rYLSpU=guo`a|yBN;v_z?Cxe0MmM-v)GBZzMB9p>ivz=E(i2iOI!>;$
zL`>svX!+bOV1CBe13qeKkl9}}9|9D+C>r{djOa^~I09TcQPi*I|F#I-I}WcCg?<&`
z7^kO#+VoZ2YrIt$Ndg?#0*1mosA&+U#?rG2XutpiNBUGUKPDrw@K06v;bU%h@|%s;
zQri12ZEy+?Jmfk?v5N}ouE)s$D&;gE7}Q#fU<M1GV2vUu1VfIz35g>p>Nt+z>M<hC
zJotb3m77fb7Xpt396q6yCRfrb>!?oA(8py1M4>YnVH*ld9Pp(oxz+9=f+Ak}8g6-O
z9F(Jgnd~muzB}t}sacmL=e||rI@s>3ni1JP=_mp)NDPJUOves+&NlO;_CP|7Zu4+o
zVbQo9fm8Ml=7)tyQ<-nX?-xdWlZI=Pg5ll?F_6@7P2Du3(s<|FR0_zOpL1ANpsg0i
z?q=XZtyaL_obdN>J=J`#qw~}EqFz}T(K8F-==MhIy2*eC`ubzI9#8FCV3N67;>8Gs
zbs0=$F$D?`K4EqmT%$XfOyXB(d+g~%<(_d>XFr6B3zmC#x*Cg=-?&!Sf7LmYN~$TZ
zX{pf?&waIwc(tW9senB)7DI1CN4~V&@9E_Ow_$5Pqu1+?CWA-wJ~1*n=9uswpn>_B
z?4&&5ld%Wx;qKr%E!M}^P|ihWsghDdl|qJ%E5FL8@1c=l@81XCj~EK}p@>B*jy-7I
zrz?JS%?Kr5eEDO+E<E#PP87%f(;z;V`6`x49Ebz<#K46>`zV1->7xWVAOC7^ZObx~
zoAveZ{Jux}1%5^m?7Lpg(n-~emxS;9;&(qfEj4Ie@Ej;Vfo-V9BPu_^#HaOWQ(xad
z2;GI9*$CD5_ltH{J$1GR!?9cQ3A*6c+XR-&*61?c#mtvm?*2o&t=_VlV9{yJI?+*$
zCgcG`LVfz-&DFf>CZ7!+U)RgRwUL(W1hI><A0P%~M5gRH^sN5HBDi}%bUWBV@SU_1
z2{Drc#n|seL67-A+=5DTTrZF2eI_P#kusQfBK5ArQF-##q9T6z^LR9UMD=!!34tH+
zSFg*fs7>83L>fsIs&wj^ujt_d%QUxNv5OW#Zr(mTvV8;bY^p%P<!h%lK~}gHx$2r|
zJBriSyUlnK=-7;TO94`?t?pblK%Z>3dVhV?g-K>uWN~#&m6<;Jw{;^9^zx3}?Y9oa
zb!6%^<+Sag2wO>ZXnt2F5)7FKG*L~pjU%#WFPJ7q-R^>8C54l=J{}i>(dHv_eh!6R
zggO~dgylq>LknX_I4vLh+dvs)>mwr3T_bX&@wp1Eh|xs_O5!+07%zO@HA-ViB#b$G
zwGONekZgixNOZ(_r5@><0W@egzfd(!j@PVoEGE|47*l)$YpL~$rBQfhcW(p?InNnB
zQoQ%(lD9T24n$U)ecx80Dhfsjviw@t6%bRPI2zOA_uF~nU-;2ri~)Svjr%Mn2T{J_
z0W&M48)e_U_?%uwDHD_kO+wMQgubU5ZZq{*axee17opk2sP0^k%sd}#`ju0#OuzA9
z>E)~Js3AJCWirVR7-K!Ig3Re)l@JZB;syX0BWje9icQthN`&wD|D9F42Q@S=zogg%
z;nqIH$CG!C%jGYoJ8no3k82z^#l3^f51rDXmvN4PF?9?g&Zz=7=>3P7wKlU*r`jKy
zfRn}OS=gTN6)r&!{bQkNtji!7whfq^5^fSwU&drhvC@iyM*1+gwQYVokH*)ZL-;In
zT(+kAGq14a8-%!waNyNiV)}`vp}fAvvwzD-#FuS^M-P(p;rh1Z2O<tS1pv%H<SU>l
zlmKp`n8e9^;$9zeK5Y0n<@r{1y`~hFiDi&+q3q1tiE0MBGao8iTpM_CiH`4_N-)}T
z#>~jKQ~+Z=1*4IW4JFHe9tCxp_2FIyusHlG)x1}D)^dW?eF3x;Jj5KoVyXY~L9Xk$
z8DBHOuLE^Ku@W*BD{J5_8U?cOq0aJ^fq-Qkl2`hk`_SSxpdQ{VCh@Pctp4*XUt&t(
zqE2QPuViWnM$gXzrrg65E#16Z(2$+jNTN<dM=G#9*cwm~11z36x}X(;6!qMw9&mQE
z+bJrtA1JJ^;qWoKh6jvI&LKRyG2CamdK3_9xjU>{Dtpb5x}zBmFVq|HMIuvt*XcTA
zp;{nnqy(YmiP6Af0up8MTEy>RQ6Y17zc=hBBk~s&ZY%y?feH<o*dWj|SV@wB$44cs
zMm~y?@Y^7d9R@h7-%7Vlb%MyM+yhUi-gJbtO+)<ROqsC?zb!m~#y9ld{G+3taw-=o
z(La$jEJi`Q!eI$J3JK0l$0RZD{5In2jx0KfOSjK^@G9$TfoC*db9WB=fuv7JnV{4j
zMH}W2V_yFf{!~E^NMox-tej{5W~Jtmwki3FkA1L*ro#|k(w#69cu*OCGK$&hQg3@<
zC!GAE)F@)%Eeiwa@TW8Iv9x9Mo_t)#n~<k=+ybR}F`YFpEUeSvpNKh0jV#IFNX)Ng
zhOLmF<;bkad^12R!>Ul`2^h=?HAF#ICmLf&bsa7aF^t5jMMn`HFby-mUp`gA&Fqs{
z-s*hi_|Ar|*4}UL;Y5;w)i5D9jaz6=@<=D++djbl?@Ei8Dei;)EzhVi(@7x@Xm2wT
z*8Bm8YQUsX*3{=XF0<UA9$=xd#uYGUay+;?b0&_x5^XAf=~j_5S2)D^aVgmx{AOOE
zy!LvPQTf1Wx%19hg9E<_`0Kcr(eU@gKkS)J;7?}TS}{b^do|{u1o>{*Joxk70-LYG
zlb8})CvKixdMxN*-INXFUjXLvAXI0dH}D)0XJqz&7tF}({<>(L(77oICa~62XOwN|
zCfCc`03DC>7VG|hXwu^!L5omc{Ned~QHDiWGbc&lj8z0?4xZc;0MalXmhrW}D`~&z
zye{GS>B>KEKN5Gx*J`P{^YgW>>*R@Zmr43gL(HC_oc&mTU#e$BU}yR}LiUCn+W3H%
zgO2>N%~xs^XXd%gZ`l>2M?IMsg~xr`stu!}{%H-<UjQ=q{B=@*3;7FOT^!X+u$>O>
zIz=He1ilXF{c?fEfK5&B)Ev^y&8eX>@tfe%XluVck~K?FG>zz7zRrX2*2+Lkwyh=9
za;o3j$zEFYe;TRA`;PeCsOaP#VfulqF6T`e(O+>tdAu*$rm>3~2~^quYFxzsx<IP~
zVes;5`uW?H<!!3s#TbUXb$NNmIPFrq84C9wxs3fmkyE7GCm@A`01Tv1G24T6mFy;k
z?Pc#xF7pamj+TwP;}zoqJsJO^T17!!CTVk2TbdsqXo1{7*dZ(T?j@afxJvAW!qS`;
zXs!|ocb6|DGy6O>Q&b&z1n|COy#z+raE7&783SwNL!OzVsPt#7{><*QB}N!1YL3mW
zG$R2K>cs!-lZ#pF9*&u(Ftm?cfKL_+y0t&FUKqz{j~>yJo0kFdSt-Jtb$bf;4wu4M
zccpXuT~3IV7IBzmIh_dwQTD>-kSxoeGfIIBfEY$p^8AGqsTcxVAn|{y=`rv{;F^HB
z@yq)11Ix<?Xdm!=))ZWA{Bf^t{3=xopl@Veg!t+_qKX}WaW6SHV+5{iQZqD^)mZ$T
zW*sJY!tE7r9+Kn73?af~8_?1#sM6_xBbr@$Q$VYh^V%>Fz?GvTOk~)KkCA&AnQ_01
zo?1_jWpCH<P5SaP5d4RVzWc-VJtR<1l;sY!A&<LQe9yEQeH8tH$)8Sv4KO9_75U@B
z>OCsP**Fj>Ym(b)tFuL7-^5mt-Qh~RMtpW)6{E}3Qq-2HRh~flnr=z|sBkV?%0;`J
z=4m|`p&>j7@C@+tAb};Ou{G;#a&JXuTQdzGc`mTn$9(LKm{0-exgWAl{T$9Kvtq%~
zQO6sIFgX0-$y_*r=SI#hpBMLRVX9!Lp!LE<MHcH`UGFTRBuk)}5TRxpoHOx5AFlhQ
z2jf^Wxhi!d>!bqmvM!vg;Bj<%{{_06hhJ^&I{8lk_GhuFN^Qv2air`H65s6#Dv})v
zo^}URK+K^yZwI4@avs`EqPj%&%aimJ;=b?&R2XikI0xF+d8t#eiBIN~QP#><-U4E&
zScu{Du|^2{d57&lNug@VpWYWqZgIU-P=#Wc^TIff%NdrY<#c9;3p%_j5i=&beWLWK
zFeN5`atA;Cj?U^Sw(tk4M_Dxc8^1%HoP1k$xuIJ@f4`Tu?A|K!nnB2uNvts=5`+bL
z+Zy&v=2aM4A^T3jyv1_$PQe|0walwqr=kKT8aK!+mT4J325A!*E)n>G7Wj9>c@fzp
zMMvP!Lx_%w-SU#<Wgg`HyI5qsf`oJ^@=+j?fLK2@czg8B>VP&D*UA6if{X7ByB8KB
z-h(E=&`BJym}{(yF~eOcsvWw?S1Xu0g<bu6I*Tfgux~hyejao<s>{Z<Y_ITc3*@M*
z>L(1YQ!(T5#106?l27*I_ux<%I<Iv$B8U0f^PYc3{=3*N!m^fNKauZI5LI26@$H+D
zY+$6yU{^YgBRAE%?=(J2Pj}MiIBm~JFRFD%(u0s{N1<dTWa>5bNLSPjlu03Cy9lxa
z@+_pT@O<Kz2YSFCXIU@lp-#t{peXJpM#RaeA3YT+#!nv44s0r3pl<uG1F5htt&<Bh
zX7+uM??E!}_%})Pr?^^B3A-J&x*SW};sE(=A5T56#Kqnmg-x8NcGU?#=4Z*>L-<Cx
z%l~~albCYNW+z&G7}wa`aq_h(2cE})t3G}wf9;cye$rlW^jqElM6%lc=p}h4>rqYO
zj2kG2Sa|ZpKe6fhT-W3a2sl8}_2M6srZpo6+Hj5eQ4BQ)D|>!k>4LA*Ushw?m-K{|
z+bVDoi3yu#<gS9=Cp^5P?ZF355Je9}e4>*4Sb~<DDhVEgohPA>5N2eP=Oj|l?G4(L
zSZtITP8aT%sfHFHsA;5-XOjbPf{$&twsUw7YoA}wqjI@<7^_%~p}{+OP6!6qZn>`5
zrDOMvoR2Th)?M-spq3w$EXJ<Un!~(8f`5A_J#iZ%&R!8(b0W#dAP9r9)b9^dhH!i=
zA0(=@o2i2l&WV|3+*sZYxf|>8e&PFS3?Mg$t4>_HwAd#=h#g3BUOHeUODw0c8|1G|
zk<JV?9A>mn;!g+g$*AZWyfx*2f^X6*vr8{Jml1|%e~*^&(yI^zrK)amEPsB;jAYMW
zPj=Oc_zT<WU{)Qu95fT-!}Id)S<&Dc*z)KP5|j(IZx<lN(3xMK2^Vzlh|&h3*WJCI
zOaUT6vG4KIDgq&<njY0@5c~iF*L6#sZl(5*Ca<ZQz&+fZTB@~&2&FfC!gFtDzq-v~
z<IsCJG9gq<FF5~EbjwMaQjB;nP!_wCj#ZK>+e1<$<$eC#qNAPX=KZTy%_R8R0loir
zO)7tGu@5iW&x)p!Zh}w14%BiM05qAH)EVT<7633?c5&0lbIEz}WtzI)&7Z@bc87<T
z?Px{-ZjZ9_&iH+*$gW<Z7Yb)TjphT|O9_GZpLQZK_ly1hnH%iDMhwZg9;<1d^xX0*
z#i0rrs-H=Z8jH8lvV$sboX@<Buo*S_W*sxBIFo0<5B$=%Nr~a?Kmd=8$9oEcn0R40
z+1H*fWJ~`rN>M?Sbz`5VEzApW8eA&nG0>+POpj(_M?u-3VfRJhK6ToxP-CO$-&i@g
z1MsI$Q2z$%OTwRt?OA6T^Eyf}7@kaV(ScL`ch@Ru7Scei#d=#N9Yi#YI@}WjuRmnr
zXjmx_0sOij7-JM$RjdPUQ;T_uWDXD0@Tox&E9fx)*$@sj!N7)%s_SVbisz2tk1n_x
zL)4jqs%=nbknY9P6yQJt1RJ%ZkXT?=1@e_MZOWP&Nyx`(`CF+t>Vlw#x*}sz7dVU>
zw&;qV_xCqDsAZe)g+1eZw&GC6oZo6bIQn><JLHZV?Un1O56CHTWRmNh<o?my1uJh%
zREab$EBvpU+6nlJ-#Sd^7MQ1#cwoDskd~KWrGCEuGb|&q+?I|X;0PhGV=or(7;6mC
z_14luR3`AX+bXmzGwm~maU{#YtYQdO#xl?0^iQaQ&EXN!d}(HGkBG>lEAAl0TFKg1
zp3#)V;!ZD1;E#ES;fU<rgfo>G-PNXL9sAy#;?v2p9CRjELg`vOiuU{R@JBVVvkLN!
z@O3?UrKy^Td#iE?LW3Yj0IHMc%}TqHi9uS~la5Hv7%}hj)kR|z3$pv;Dq3M7_<F&Y
z*U*mDNcSWh>rTxWUe&zf?}p3gm)-_){c#>vU^N+LZGmV?!ya`)ZY+(nhf~E^28+<_
zQIz7K2>n-}qbq;L%0G_&S$&A~sh&PMv~;o2_c1Fyf1(d6?rwgt^2c6>n`GNI$5>L*
zH(e5>8L!MfRv=s<Drz8!7%!=<LGF_-Gv%*}pJ}BvXKxQZ`}s#z?@`5L;s4;h&*R^f
zJ9z-pf^JBC?2FkP7COJ2>BJoQVZb*EgecFYZD~P&y*>`tcO~zbEW7XDsdXdm>lDEQ
zY~3%6@y#PZlc6(})R+5sjZPIB+K`hN%7(P&4{_iBB5_m;vtn}YpHS6Wq+=^UeZ>C*
zFIzFdTn8U8hgBzws_tJtT=1g_%Q2^H@5Ch#TfUnxI1)01ev`q?yglCQpBYd}s_I`f
ztJ4nw@Sy(#VZzzAnkl2hVsxv(IA?Kf803ivRW7W{Z07!~@1gOlcWJ`2tJcA^G0^a%
zpv8?EAI9*wttOhTPi1b15G{!^*iueI;E3sFlEL!Q{%j40_*c(spDf@aw;-q{*klVZ
zVb6nawZGaw(#5BBHZ$f0jUn+SLbtzqRo;$=gUYbGd#riJ_Ee3+rYvm(A1mfBicB&8
zpU)XhNdf4LpLrj_jNbaXBBGeHw^356=~}=~utuEOr)K4x8F#}O<T`#5o`;C95n)2L
z{A`nXFCXa<{Bvv1s0qqI(u2v?<yfZp|1;1!l$AInIOX0QBeuf=@YPmG&&uI0koLu0
zDe1Hg40wy=4b!F?kK}iFW-|?2AQ87Wlq2AQO!2lXBzLCbTqz`w&h6EJF8rs!Vt^>*
zc2wWVbt=_{(Q+ysI_FIO{9kgvBG|S*yu%pK<Q#saaX|Qtq;S&Gr+HEkU|uLVZcPu3
zsV{vVpnoTz%!313uuqGUGCoSjoorq~*1(qy{_(wzSe=)oZX%SXwU8ZICB)Iu{uhQ<
z9+9Z`{bgf^n-&}Si#}L9St#Rv&GsCp|3M$Oh^wWG&8#0|j{tQT!=;#_KL78lSp&*N
z0rHq%sqj!GO`kXIAqQIV#2z;Bxh5}glSD9#*D6o1I}~NKu~ymnj!C}^(jgquat4a*
z;*q!UphWWC)4_Wlj~YHgN=&X82+f$edOV?Qn%p{#juyLTmmf4};E1H5Nzn!P#X&nK
z_B;RqCirxg#iHFOi|lmG(9K1^wp>819(!k<v=N&j2fhu>LR<F5$Z23mqJMzx!;`PZ
z7VkMT!DBE6boS#V;R^c!5QXo2!f$8bk~7zzWb4DI8n^AIcOwTgQo-xZ8NjOc#<-DN
z<pX4CHCR|qybidgubpMFQT0Z`#8+YM1QBN%L%|1GEZa#Fb^cP#&{?2x6o$ed&x@-y
z99-WGhPAFcCccy<>=%-QsL$&P#ZLEf;Om>7%GN)Q*kP#c%X23XYdLJYYm3mAb{U5B
z18{B$OuBJpz#gUrz@ATZ4JiH^)@72eeJjRZ(7$?}3j>~w1OEak`ZJ3fW5?DOYMRWG
zBDdudt7fZV$`Nm?92{n}HH~#uM`PryMIAV}kYISab}Tbr{^PF)X_pjjbk!GLlWQjP
zTmwFc;5og@i*;;pAQ-Rq#7wuI3BO+d*4i39+#QGwt5FHFc&=eVIhG!LKRW_?jbaY_
z-^!KsY+i7e_T&ZGEDYZ_k6-fM#OsTV0QD6(>!e+Dy=S%}`?kyg|No8!^q%7y6T!ls
zT&WKBt7|}3d}Fz*(!YoNYqD9auDsGJa3?hQwSd5uY{#{W9aHo1phb5PPJcwEv_%zK
zbdw8#3-t8Iwz|+y0qLIjf6nmjXITs8+F<+id;ySexc13I<T}b&#sQrsnRaco=fZD@
z1Lvy&4;!z5Nkp$-RER?9uDX5D?7ukrahdv&=jF9)e9}ABfSdv!W=kpv&i{yjFtX3!
z@R59<;CcM-{C_;VpCM13s31R)s$eOMSbgjBOQ?Z=6^@)dXd$9s^8Z-0mz+i>!vZ7#
z&}{g%V5@Cxwh0c2);Nltuv%oq1^kF(&;8UKr49p$n!0GDJjhy_poDJr{8P;8a}L*^
z8YWQSkJh6~qnd`*=%D45t{)h+UL7$Ez@8rrBNbi!5A&y{7b#sCI%y`=O^Rf=XXO7T
zykk3?J{`pN1wjO4npxv&;q8!y5my7TB=^@Q>z$?_HX?rFF^laJsuY&W$j6r+dapM(
z#g5oo9O47vf!4SU(xJYut8;{R7pEWEdc}7nlNdWjb$2P>{1{ZAsM<vD=8GmZYYRKH
zil8F-i{-}Oj<5a04EIA!sSY;MbPcOi!sVqC|6~9-@r67nY{u3M=dStlh9m`u728jm
z&8-C30!L#uI3<w6?+~0%%UU^)N~p>a@xiR|<1n2iEJtoNlDmnEk|T7BO)~k7*=Pyu
z-pj+zIb_N?if<UHhZ@2pkjkO+U>zQ%r&;$>ihLQUK~(LeIaN~P9mfC7*1c^^L4gzv
z<P`TcuF`==s%d5;zk0x0HK~?2O9z>oCu-BEI$u_mN(+jRx2Li8cY#Emn&olMpSO@b
zMd}9pYbP2Hc3(=O<a}s}BS_M<Xno!LT*V3rJO0-Ee+S5AeRKH31sxe47z$@u$hJTM
zmE1;`sn8TPQ~l+BeH8i(7+F{V5tMtT*ncC5qmNPApa20qHL|!Xfg9}+w(^y1?xTfc
zSk&uU-3hZDP3C-g9LaAMqCuE^S;~h&@PS-qmoSyOF5)U$_qOp`mshF*lBU%XVzA4l
zo`ac4Mw+uOY&bOV&GO(J%@-BZDVS0VHSCT1FifCnH<1bvalO`M@doV^+LYmh6~U_1
z7yvbL=O&s`2mpJ~(>i-zsB)`xJ(hwXrP(^oWoDf)J}^pwHZc(<L4(G6W^m_lgocYv
zeBa7)<LR+=2YGCSw_wB%JO86qFvX(3&Ru=<D{HP&a0^%R_t_r*Zbsii{blc3+5?`Y
zRFvf;1qQ7-TolB6@P^$ErNy^S5Qml@m4tBB6Aw6lO<fm3+%Dza?B1{qT-Fj#!Jm`$
ze65l<S?_uajn95sJ(7#9bsjRk#d`F{1$IeM)k6hqZ1|2Jy<jLY|D<9aGkEz#2+@a{
zT^BK$Dp)nNg}j%J?NZ|5u4(r9&4$d^Vh^4q_pr)he=fj~>FP((<+B6?Y|bv_{)q4|
zYV?K!;eiLmW(hT1OMnWCPPKhDlz1CN^KOfGz;K}bviRb!dz4^;0|f^P8HHymEHg^e
z^s@9-1Mi$`d>Nx&#X*ipW}kg16^h3D{7nu8_J%!4|9MVv*Es`Z*LJ18cWdTll3O~(
z9JfNMAN#pag?fwhK=tJg63X=bv7Jo5``UrBN7ie9?OSQ{6C^!sMu<2L1PCf*M<(PT
z83Y^Im^8K+2^US%J$|}!l>;?TOTG0s8cshT!$>O}?lgApa1chnV#knTUo4REK4~Tk
zAK6Np-XX}<gt(%uv=upyQ#~AcXlGg^S`6dh5c43P4g(+bcRTG^*8FcqtQiojjc|Qm
z&m*R8dKOCzKK*|9JR_D_3opC>$A=EF=@7->_pbR%KpKMB`zc)W>=vj2*;Gc$@Q2CU
zj?IC03q9HEOYjMizT<r1Ic(Q~-14PnLT=qu<iFc`+&XMIgh!Q@m27^`Ci3`5520*{
zrX0VlH*BN#gUP8u;sJ8k^0>;0E@1DIn*56$A+3_NYQX7Es3XW|)t;KQfWYP$<g&yr
z>@_I#p-eH##A2Y}#<DuXTKD-vZ=x%_NVlyX`|5Mfy0B<E4+QyGLNPgltg1-A0zZx4
zQLU5<(1-v1qpJn-#mSq&a^ysT0)Bug^g$-7B|8T2>%pLYGShmLKkyQd3a<8=Itxj0
zV}>-#R+Kh5ShLp|Djd5HD>;LE`Zt78uM3G$Bd*Y;zN`)tx?k_X3$|YQH>IWJp2hmT
z;vC#m+yFloM`}+FGwW9(D8EYp6A&-miZr71+X=HK2q*hX*GvEd<NOo?N_#~yn|>cO
zzjrUC$A(z}lV75>_P~gN6<Wqck4!9pO3@CFjd9f(&&{!xf{=XPPC*Wbk#wTH4Y>R1
z5u%ZaL!S0aQHVhg2%<7o{<;HWes;XYAO$6?I4l3)taPc0*A)jw67QfZ%hjA?9+wuo
z3Fp<Xm)A+#s@YCcB=)-^K!jm|ew$^GHOV`O4yizCY75Lcm&e5UF>fRP#IW$D!J-&F
z<Mf?_2Myzud+URVF$Ivx7?%y<iQoI_FyT^V8I+WR{ULjq=6&Wz{@^a3r$jt6k^AE~
zA${PBKKlbQ!G2Ag^xBcp3my7>1xP=hCFb`2o<hPPQ2U$Ry#d;+Gx{d=<i@wgm1B4p
zt^i7cL+M0I%&Ju6o~n;}3E4aDrn0~W(bBx0?CvklV1A2%+@vT8H;Rpje!0IUwE#@g
z_D4(p5{r9)ZR{(Sg3BT`VsexOSB9s)<?IOZ5%-LX#W~hSHT@aZP)$1vB#}C=^Jo$*
z7yvS-&Ui*=mslYGL8HL>Bf6b~P9Jsmm8tXMbpK?=`w9|JCbpq|c_j7KVgkq%XMthu
z)#QJ>P9I_GDr(cw`S#UReW1db@2|MiM94~MAwth%F0Jr6;8|XF-ZH#rp&*S16B{)#
zSOE(%^v&K!>WHMnAS+e$gm-D$b~5dEf_E{hjdPTcgWJP{S|J1lMVuS8__Q`+_w)mt
zHcn^=F$<iL1MznKW3C9)Hc-T}+@uwSb5C%?abBf0^<bh%L{F`p0Bf8(0W0%&D1+_z
z44NR#>j45ggOhjCZ=@+W?Z-=m83xV2Q#SIY>}S_=`joHl@iTK`*TkT4VHSIA3I=z6
z&L8OWaep3MJAX)-f+4k|{d|DOsgwapzlMkXp{=y3yL2Pz$$KB)i(y|AJ_ry^7a7bw
za>%T|J<d9vY$?xNKt1pAA**5k;B*{~BQVR_w72yB!NU4~L%U?s3u!3t_5b3C|Igib
zGEnWGI1hNUv%yjrfB4rvmpyRyAMVi0<~)Y4%4Z6qPLaUG5tBdv=t%w2F2hm~Pp@U#
zpEL-k7&a$lFzKOqlW=B6?QPsJqFi!v(hr_$kV5^2W9kCR_XPk>#W#c)BGvj&Nqk@^
zzp&goE#i=myo`KcEdSxIW2Aq@ES~GR04EBgU~WlUoohwxUU7;Mfc;TQrSQwq=!Fms
zN`kddH05wFaxM@Nrt}}`5tkzgIx*PGDkv$0ZDOM=4^}Jy%fi81$vcra%4%F%SEt1d
zkH)Bgk+4A;AB|^NvW)tt9{U${b29fQsU%7+wIlamZvM&H1Q3hJ7b$`|<FaJ(Q-E<M
zc=@@raoZ*6PmPz<7yzqZ5=Uy;D0EZ_hYgo_fpv0->^?XzqP=fs>67vjdRbdapjYW@
z#|=-~IPJg~d<+$V!^b=QaEs&D!nQrCutgElg3}?X%CMcA-Ox05XGsVoSuZECHM@V4
zv`v8E%XbKE@SqY<)aseh#fbV=(6@LXVKDX>$yjQK&9Biyrg9=U2n_l&MB#fP<XI1;
zTfZ>25MIllbWn}&hxsSMBb%LD&q#}D2w?8a#7+RF&s>_a`{e4G@EG$hPdTy#>U`fR
z=yoYdZ2QvZoZ&{Qx`pXbifFny5Vhtl$n!VI-c=j&lW-qKwLfPdZnQmEVqwz8p2QkX
zN>PglC_1dR@7ps=_QE2;2cv_bRlW3wR-)VHg5>dY2d=RNH_kqykB4uMF!E@6-pJ8>
zi>#}F)@GKHWhVOCt@clvcoc-ni;aN9evVK>?XJtJD)4JO#a@4u0lz3%#9SISxB=JB
z3l;j@cHX+<3IF5J1>_7>lmvkS4V=V7KUyS;-M<47;mM|{53kD*Fl5*76kGkX#+xKp
zK&UXoMm)*ID4(R38~K<Cr8@tzc?0z9&evG?UmWrGCnZ&GKf_j7%5`XlM`YEfjxDw*
zos9v31z6j3_g4DIe8oIED5|8(M*yK&v(V>TkB{COh!KnZr$n)jr(@27?S=?&B6eM7
z|EI)V=V}ycmiN=Dpv@u}{ebdYC(P^NEY41E0ia@uFAh`P3in=oUfAnQb2NQlV)6H3
z@v6YBX;FZf#YcN%yFS`-hTy8xu~r{P5p@}68;?QnPy3t<y>~4t<&7Pz3e($nbh0Ns
z*(+ZjL&-n;&3?8B<s*y*Vo#EiXl6qIUvBd36wSdzu^1~TH8%4VdQjSx3WCG<E40E#
znanRjvZEj4Lvq|jApgyaEo>{E(vW|dxXZYhaPH0X6YF}tE(Lp=;5yI9X7atyH2BR|
z#WIW@*2l^rRlIv^^wCnCnkLNB*D|{FS%4>Qo@9)CfuM5y0f96TKoy2FvxD?sv%$8I
z?1Bl)CbLeH<FvcjDL7DV<&E_-<#Q#ER%y$j+194CxN=om6kX*fQSYU<2xm`;cYowe
zJiW=ED@pLJp;#UeIy*$tlvcI(Yl&57cl@7y)t^hh*lhJ0et-rAP)@?1Yr}fn-J+57
z<A}5`04Vw&Ur@Q-K-)<5{(E*sONwuUY^Cu_L52=#7~m<0O%;a?iBQ1KgZN#0`#(|%
zL?ivuT&BaXiHlXR2Geb>6`C{;w7m^GozB@JP!WJ3qYstH+9Z5OU5<%qpf0dRsPxm-
z!!l_o*NxDIcs@%1v?hpzYb0d_37Nt=gBBvXZjo+v%=1fwq}eDzFb0<PLc|7mPaKmn
zW;|IsPwRi!RJdk_<kTnBJrP02lLPOt6oZ~{l*p7aA)Z?t3*fc+s%+GZ_`{<?Ae|dv
zMeh@m@OKmnqvWC5J<v*ko@#)1v#BKVd;p$Npg*_u^%U`oN@^<zz&-QoWHA9HRkqg+
z6vt2$`d2Nm00lx9?#ir1>F|FfssT?K;pKD8i9^_Sy#AH<Ds31;<X<8X;H)l$Pafa`
zDXZrEm?HYk*%%t&3)76L-Bwc(*34e6f?Pr^jrG8$kHLaLciJn@{W>%&#@2+@O$XFX
zQPqdyg}#f(JM^MRhZ$+`ltYOY$}l)xR03>CO`5c_udYmF8}~y&&;1L|-(6YcZy^|o
z*qyww4&x#s1<!i^;}@&qOUA`$z|O)Gm*Ke|fTj(UpMA(j0$azmvv6bl%!m*!Btn9{
z{z|T*zJA|IeVsm%B7QUxAEnZl99|NYYIr`Cez<(mJ(EyfDQl}4)au%~pW!;XLax#b
zb}+XqU1L0Klb+9`ph;l=JY=p?4LM9m<6>RpJfp9t2N}bWii;!z)vtne*cVnm<tuMm
zc;k7Sz7CZjge>~Eb0pNQmMO;8Cs~}(%(6y)oSANHl<wMq+L<8xd7!@jl#s|Q$L#<&
zY@O-~?3$!Iy79Txz#I_wZi8O8`Nj_bmuFV|8NtJ{WN2n(jUw%o<1Z7=H(Q>FaZ}A(
zCAxQUusu9S%G#|%Y!qZ5LSGO+3MnY%=GXoq`e+@R_bzO;q@nE<BJ&a{0`Bc+2Tu|8
zTXlDi>r5<7$QgfjTt-XJV9<Ki_|ul84H@ovLA1=reI{7BY92}+Pff#EcXTi$nExnE
zj+NFWm_Us*wZ_9IH4jI4rgA`LXsH3eLkGU&%07BCT~)^8z&XR7Zr>&dSE)F(F<Hp;
zDQuBdJfc^=iIW-Y&~K#Tw1G^$)Imc?2EBEISVcv7mwAL0pRS&Pnn;u&?ue=pF9o-f
z4t9&yjmtiyP}bh5Jk3V;3yOJ&A;pzVVjN+{;IX=%qrHj}=b1{X*q7rxMVRoudA4T6
zB<3|fi~d$!^4L#^3^p*KToA4t5f2b4T<fdoZ`)|w`}6KKB8vm`$Sl}uHrc-R0<bLh
z1O%8_oiBb}Ed!Th;_kpv+*^aH=0{*v*25DA8mr$*C*Bc#5N$-5f-8Pb1ihjaF;e)J
zz$!JwAvpc$)GKig2_9kaODfL01{aq3Z~B@tR}x*+?K1y=B#BtABU4E~+s9#m0EOhY
zJlKrcS%Hi}kj0}C&FhHn$jd&EfhRlq^w|rX%4U&0Unm!V!f(9I&vig6YBN8808Tc(
z_AM>+tz8VJYoGG7%Cx;cd$a*kKZ7VIJ*i-vk0s!X(a4@-@3~(BN1V6iA>o(~eYXI?
z^*os{KK(qJ&%e0!(FIVnXaQZ06-%86%!<)>G=PT`bEv&=76bixA4j}5kCmz1iE##^
z7G{_~r_Ge%uaDSvtE_97eDaN*&9{zN_0(woHJY@Y5uN8EyKrrr6`p4B8jWc7PEpP%
zo7C-KmD}D1m@PRJzyN`eXI6>EwW4UeXiU797DEnxci|ea(@_0g0GPN5p9a&;<j;+J
z$p7k=00<t`sjQ@M3Jr##TVES$X5T+64J6e1vS62o7fNl0s7||qvChg%t0W8Qz`esF
zK&+Ka?oy)c7%8`z-nNN&F+8_U%2lklG<tuttrmEq`@8=&Ab`L5M!V=U>6eOq5|OLO
zI~<te0RnfF(yc;3HbSK6*9%_rN=-_5rMQEpJUltTLI>C$KsmBicy7-h#L*58vo-DE
zr|qUR)b|p7iY!S(D5!R&LrF`|;h^+9c{Y4JeS_-rd5q=w3qSq8qKHOP8lSW%^)%@=
zr;e(125{BR4}IZobrjVWs??bs_X4_oF-i&Wp9R{_ud^?O?-LN3`;S*8t(1j1@V{+L
z!?CAwc!e!w5KE?hbIGKlwmGxc>$Oaw4z~TSI74>U1BnMz`R(5+S5KWp?EsBsaG<OE
z1Z1Gu<n(%&ngcD3Xjj6ZhPrWiGY!)+SFZ*b9Yj9#zC4cXa5_~#;Cc2yv*F8}WL?6#
z6kacje2+rwj$PG=b=*UNk<$2yM=LCr%T{*pMAm(@Y%|y=8-{@RhSdozs+i)~#VY&*
zB}M<?ht6vCIMZ-q9w#|p)Dd?XT~-Ce+2j_O^xUg!0+gE&Bc{za!-W(Yb;QJq?Vvy+
zG^@G`sVp3KBti5Hczfy8Nb`(duu_3wuro8_C;*+Oz}<FEbuJ`=wB{atG<yFR?@~AA
z3%S#OtJpXe@fv?hkHKn67a~I{rsdn`X-c~hmVl>E8f4Yu4?iOiBa$HdXZE9m;VNeo
z!c%Wnd{7+Oj_i_UUl{64Zb_$;aFGr5Un)IFjx|bG;nTK^P;)B}q$lMk22@28226p#
zLmpWQfeN3yVGz{L_~@A;+V+mXnduxT(ZX6hPlrV^AC`X@Ah%^Op_6nmR!r{dc#VNT
zw-||_s*Ul!BLpi_AXibxhs;Q$?HNdtUtl%*j{@T_812+<iIATjSN86=-WvdW#kDs}
zip|%iP6z{Ra>K8~6G~mRYd3wBsU8SM_6U1$C?m*m?LJ6A&3w%tXP}AUUm>wK5$sUb
z6Q6Ta#oq~V0)OpqAng*be5@EW3;-w~LX*K!AL3vSi99r!Xa+VeM8AOfE_q*#`1G4M
zlX1G(R!QI+`AH_hf7N=o>E4C`To2$Z{v7HS*Gn)vP?FmF$czl^>IIZTAOdKo!%ZXs
zO~yOiumHNaeIS|$2b)1i8l?A;+TFAr>GTW>+WS|0)YizXvxi6kjc#Ut#8spq(^_$f
zXvkEED5agsA|5A1Qb#d@WzS>55clPjHDpNZd*gIdIm(72R-9Y(V&x!)a8)ZcG=~?H
z5_b&}QuxW<=ANHu?;eHF?~)PT1SBNVHo(D{W0|QZ5Hg@3Qc)ZVI0AQkE7AldtixTp
zVazeO%`E=E_`HVL`~;R?MtabSmI@Z1)sd0^jB&RZG=1XagSg5K5-hzVHvAYdx`1Y-
zN%NQFP(+k3E~5ckkRI29#?Q9W2P4IX6!EsD$VXwtP)6Yy01Bgo`4Sq*lF5_{9<|B!
ze)x>fD1|cX{s=_abZGArx&~eEG%fT%q%Nv~EX6AIU2f_;x%F@?(Ocp`vB>O849v%b
z{jN588Xp->HBq1&GxliSF;*&ksI`U2^ej$9VDN)|E>~Zh9j#}DmeVw^n$NiFRS=!E
zTZ?Z9x|?2d6qxqMgEiR$r6tVGrONE+qOUH?tx1}n2Bz_eCdNC?T_o@MjV`L>_a9J$
zN3yefoN=M_I>NREHdS5AyeMmOouPndHcMKwcfH}ZL<;XxBC>Ndtz2}4b{cegg&FD4
zQIZ%hZ_XI}M49amhg!6ymQC8V>vj&?Y<^NI*XaQFfIS0Kz;pl*GVFA-^omX_$rCTd
zi;`jYl5q5^Q-L^%Qi3~>>oR4axCy8AC1Pz7-SM^)t%kxp%6;UT+qw>PIWtm>Z%@xS
zoe#GNM`K?^0#j|t6h@^Xdgb;tj#=<xh|=zD0OO>EJu<=*&2g;NZz|l<n?1t{19EF7
z?gUnI3_piR<PSX|&NbQ;w4^8_N>I-F0!wTd4}(eC_i;3^9pcdx(-R}GAim3~E3EpI
zZVP^z%&+<fWxbCFHvuYUBL(`Nllud#S05YIg}hc5R?WTg_6v8KrU;r%SW2wGk*fph
zeaMf{^D$d0=$@94I^(}vipt0Y`Kk;yplN~lk7NVV3gzn;K$Rn`h|%T2Kj=EC+pdAo
zwQ>&eYMOW%O&AE7QXi1lG!<jaGA5CNDb0mQ{R89R&66N&p>B|0!Lz7MEC2ycwsaL)
z&<w8}Yi{|rxC|kXz*GyaZ~SE0zG{E4rYvEYxOwcK6vSW<?XCq@vEqJZN?D|2;!k=h
zO$H2CX#n5N&8g0KDy|AL&#Uoa@0^~5oqIns`VXK(q{lTBFDS3U2Pk5K*1wYlutssO
z294U{^1M5bv(^-!-1$J{kS2I9Z8obMu!my-q>6LKlLDLd6MoSuL&aY6yV*JL$bCs(
zZ#^zUmy^L<e-AR@jddx%IOZ}2(UlP#nMt?^UggcQ9!bLS%y!Zkc>7cG1<5YBi^A{^
zojkSvi_|Ew&J=&N*kfq$kfP9I)pxr>-I^XR!6SBX@E_Y>Av?CN-bUO+z4%W%WOi5r
zUL|JGg2w^}MvPrvxZs8G-03|I>qFw<EWzbSn0#v?@(A&m-TYL6RPi#J?hIh*G)m<=
zD_+MD(qtTX2D4dRQh-|lSVopx<!_M<UrWX8pd)Dx`G_Hxpjr8sShq${u|1w*GBr!*
z1xncPaRHSjfQleRALB|vtRJTzxwP1G=_Uh9=-w-<Ln4$*7L`ajsl``sKYA~3P6M1E
zyW|a<hh-14K`_JQ$LVOsr!wG=%{Y@cjum*c{%{53pj@NE2xE1RNCYW6rkU8WJ^5fA
zV_lqH_ES<I8Fv}G6n)!hhSl<1)s)VK4RS0mzYiLe@(bFwz!&Go@;I@Gb85fZAMV5n
z3@a@H4O;qj^x~|ZE-##MPgY8?(~B!Og24Tk!!(~O3}wwHFC0Q(QYxE1q+lx)dli`z
zw>86K@BV{O|4u+8oK8TXLx0+U@5ClNQoO*%m32>WdspB98ujyPA|wHqcK9(!{t(hS
zq7;dnXKQJ8WAxdG6GlI_Ea}+cp^ibA1T_;i7VH5XZ`7oSLIdB9z=c$!J+fL%qEqc%
zZ|;ACgOHLb{0Cwk7$L4@Nq-m=c51<M`jUX2gfnzFK`;OUTM6(AaHl0|xknIlB|L9a
z#f%1*jRgkQdo3*b95b1UBvH&lxR}cC4eLY<NguBg0!>H-E)TR9wSv9oAnsc<RF4kA
zXbH4LEv0cUs_nDC<#)i=qi@r2Lhq-U?3)TikoqAH?!5z=a@c5V>sj7vvs{CYto(iw
zJA`yiQz}7fjWP90?LaokZ{WP{sHi{xc6N%VX~hkK>y)G-ixFT|Wd)EXl}h|`b?PC1
zA4-&}S}eT)#1ArU$EPT0*ZG_j4&xPE6q$;cE-y26<{-$`)?j$80Q>%ABgq{9<*Hst
zXo1$!p1>b@47OSnzb7H!MRJvd%Bz-vN-j$=6un2e8_a4w>14OiL?j2d&q;*mN$Jw<
zI0LHz!4JYQDTOu}2QjNdjZ=fK<}<rmh+WT+c<48||NR0;=fV-m7Zdtw1rjcfIGCaO
z>aa4`H!9l*V3#&L4tas=wVB~~B%z<K&_rp(VE$qqH4Pl82*h?x#;Zy?#^Zw$J~q2?
zhUs&9g<SPwRlKI&LYM#tyaLEYb(diP7shNt;cM1Jc$6Hh1x_==YMAn|;0+P`5<oEG
z-U_0P+isGNSyWIsH@^M|zFvZU3Mvm(2~Uoi?6dFb(FL+E6)r~fOL|&6+0Cv1yNmUd
zd|V!YTlw@9@)b6H($zRZl<h91O}-8Yiz~SfM`e<nx?vs2f6aQD;pBO)qrBNoV7quM
zU}koq=;!bxv)3bls}Q`&m<<s;!46rgYY4h(d=(fAByxzZV8h`)m0<2mA{H|be!)V6
zRIowikAoOVzNKS)NR%YQy@1s0m775NFw|Md62?m=brzkL5cNgS<FYWngcNHrnA>&a
z*ob2H%QU8}inF+?Efth+_i#X-8K$E43#0+(hQ*4pWjGEJ0#=v#s|yW8=L#=?@$sPK
zgo4kq9UC$f!A_I|*-mOk+S_uy<Kc+~?WNrZPp~cy8;<}LjOjaU3h4W`t=vaD79K8v
z;HE)|a{Q80eJp&>QWTDGSlv$LAU}VH5fII1FNiCajgP9`+x+MNbGk>~n(O_knn7HV
z!r0Y6PG6I1R7eX@I26)LDE>Gm9yt+ezh4r}*{IJ(aL5GM`^c2i03#%jC?Yjfjt^1u
zfVOQXIM?A_&KpnZv=ubq9adpHjTpE5eXQHDK(Eo}X@=w>e$@F*Q9>~;&rB&JtLAlV
zy?E+?Dy~DSj|jEz`vRyNNx~Q#WbfIx1YB<1i@|jrJhw12It{~1M*-r%ht9ROw*wY~
z#L)R>kz()9oWVt-{DyxlQCFiBhL?#)58~-?EEAgvB`~L=cGaVbvw>JpLpFspLw_e%
zVgb-F-eGL$E5hA=uR@Iuz)J4^A1Q_p=)TT8Nqf06B4PqeioFeh=}&sOjN734f;AMw
zYwzv~-br28wX)3Z?{ZCdBf)T&mbB%AiG{fccySv%7wcbYQAf$QI8#l840EaN#33~4
z04zk$biYU3jwnW%d-C9uCVr+jNXt*pG<9_yE+KHR2C8<?R)}`mcyhw`kF^auuVATn
zjewG2f{O~o<ecd)Y?SfXB9c=`Sw&MT%il>mVj{i&^DFo6EHOHc7*zf>MY~Ge8*}6%
zX#I1P+fDF#uyOAaL5CgBY0z6GUcaM34nJUr1X*7HptSF}s*73S0g_YZ<+wuCR%G<Z
z5@})k5JR(5xLQsu2+d@Kk-zOIK1px9UJ7c6O&pM{odFQCeLp;_vf+&_uM+Hcsm?0S
zLo}zog}ihKrHU;%dH&k|oMf7sct^*?!?t4U)<C{7xG09U#Tb?!8j4^&e$scC`?kT3
zNls!vmB?oGddAOlVa<3(Q6ziP?(Olf2~A5&Fz|-@>6C4857W7wT4eQI-(v{{?#Es-
z_F+u%r6!hi$IORm0>H8+-}o%n@bP6{#URt+ppYs2>gg%8dySdMFf<f`&8wSyWC?pg
z^Hdu7)kpzUPFcymZ&IbO)bR(8Kcavi_>nnD>XB1DW7US8-rdqI9*uK@u9z)Eq=+6v
zr6nU83bohZb$<|eOxzRUr<4W-L>BRrXCgKwR|geMph2Ys1sIAtJ@{@<R`ps)|1x|4
z`@J(^6{?q4?#SqErv<x-3XB#|{4Tnv=hL0TR&%o>k1JNC+u}rdBMF~#LA6*(BHnrZ
z8JB+POYiZt7(%a{iAqfR4(`SylBqt!#;w$rZkoQMzpA<nX$#x2X?j__tDz8jwCDmc
zd#)JT3YGCsP-!;8CYgKHiM5zu)0ucNoy1L-;RQ^-Ok0?c@@L5<g6@R$$(I2Gl}4TC
za(Rq{^9CV1jwb3eg!Ol7O(!r~g{=dL3<B<Q7z5D`h6#TP!=zs10oSz*{_ib$uLP|K
zq@XDla-Ce|oSI1*Z7Gfn7L=-<qYYzK-`0p^RnW8xI%m=7oQ<%-hx0JMlsNHJuotI8
z-FS7(5P;Ji0{W8C-qA?wvN?nf!%*BW=)+THf3gXzlDygTgp*W#WSE$OuO5@fj73CG
zaerY`p0Q)MLxp!lVWO^-c8Ac;22JN5n_hn8AnLB}D;idWnb?BZ7=pl;25-d~MkwV*
zN74rN_U59P;37gxRt%!10Qwsv!gJ&g13z<b3+Y5Ay2=jN&8>Yj6BdOM@ILru3<%_r
zJWcjp;zF~H_>9YUD^VE|SPGaZT41D^S-xId(#`Gc8``GUo*)B0O#B%?LLNy~lXlA2
z0a#|blR&|;IG7xjh^aba$=M;5QFrfzkKu8rEQP5|l5UJCqK)DyrS(4qu0iZHGKaDF
zX6x}%hVlv{MQ?Ak$`E9%w#`Ys?RQ0%nsHIMo=f^8FJO!aL+?QI=|I-O6)g&h_aqjO
zS7Ek<R+Vn%gh&$1u@9Oj+ABC_Y;0_bTB;jYfN?s@heIZLW#{UgRUhVIi#_auljl8N
z`kdi2m13wkpea+|{oZCGWSZS5YF|=y*cKb#hp8jQ;BP}Iwd_RWbgif*_YesagU&%&
zRx!skz;4S;k>fDSRii*ukw`Vhw$lG^>`fdrPF@4?U5hs8k?Chf>V?hNGDJHTmR%A*
z_dR$byJ`m}deoE;Xe@7!D_>;~#_yOWmn}aW`%pvlx}t^Er3jVi^y1Xo|A}8m@e6s%
zDoJ++n=)=f0#L8cbQo8?gn6aBvVt%kE3(W111i>oJjND|v@&Z%(w>sl?|=x3u+kB-
zav^tPA-7-UAI{j?n+X324-pztIf%-ask<kc;Jb0q&;@PC7x|_1r-$*%{*6io;G-ks
zQSC5Mu(H^zo)*^nq$QCkYt5cqYzS|Z=s)5to(x(#i+RzA-tS5LV}P?)Wh1cIXdG+`
zoNDSe@S*m#W9GK-`TjziAT*i8&|78<O(^B;slHJVKIhTP+N$_o7?~j7W%yAoSmB%l
zMEKAnuXtQhS=i`9S<pK@laHu&i#xJLA~CLB;7N`|&)u1VS}`|)@?98(O;Wl5(T!RP
zYXN}@HA^9D1n?2jVp}{bu=|H(_Vy}a>k?{iYdnDhb(mY<jLrC?)zINwD!cN6_9m%l
zq}3#Qm%^BahOXu!a|kI6x_P=dNDgr4J{3q`C<vcV=8q!>wPyRUqY>m^n#Vk%QQ8+l
zjZZD~#GGs#fJQBTd;nFFaXHdTEl-UBFfBrloWgOX2De_)Zs7ycJ@NkssDDVeBRo94
zH5j)Qgv4tv<w6z+Q`|VaBR~HfcNAqT9kXwgeX4VsW#OLFai&6sgXnx}m0Wb{P}yDo
zRN7CC<r)h=qI9(?dVIrtut~M7+OkN`%yF*n$?(;#EgVUx5Fh_7&0|<1s1V+>;F_ph
zk!;8SNue|gU#ZPq^so67l!Lt8kmhD_T@~WbN+GDYG+9rz1{#wBwIgRf@;UW!R$~wB
zIBV>+-~A`}SDJCJKCNZ#5&l6PA+5?TOIj+aNqi`{06f!%YQ7Fu>L>Ly)o<Zr@K3tU
zH)SCT!(QQ>x=N~d5Ivlvlx7SdN=8MU))<f1>$@Lak>BqTcNqk{Ldp^?^d5V!@`1B7
zG0o3^jdjs~7rZxk#FLQ1!T#<B8$k;24mr!v0IijI<wIif5hXQwHtS3mvQJ@7WlZ$%
zsH~Z?5hkmG&UmD(#+vo*Rse|X`AN0oBL#WUX@{R4p6Op25#<1rskQvk4dz5LZ890)
zSZr8wB@4wIK3DUN$ktcJ*H%p?QF<HOIHtWwOI90(5D{C)O^%MWNU?!ahH03wg$VO&
zvt~<lSsHoHFkU|P|1v@IbxzRB&G@#Q47&u)KcLAq_IWOHAGi_gO?V!@JzPWN;Hr12
z#cA4L%mH2Fz`tBOkMFd;$u#ZyiiGN}vT<Yy`CYcmkU+d@2MAxfTczjc6GaVCCoubr
zUM!5Sq;kpP?+_02O2B{7zS14qMZK$~;CU81bXMSXry!40xA}fa8!9uQdm7>OCt=;!
zw93m8=^%st#pq70DSTA8Y=hS)M<Y&-kYD$xyIUt=1~w@tF?m$<w>*IhUD#1*>nh?Q
z<ivRgws+Femwv{0yEpH?KuOVi&}v8s6DC{?X&s#CX}>*cESsFtjf3$XOU@8uhY2=v
zFRiA&G?U|z#y&fdt9**naqme>n97uyYy&XnOdE#LoI*NeS@#ykH|OaH(du1~C(RB8
z9q)b??tJ7d6Fft)BI%ChDiz3Mp?|(vc^+eu9-u9&_l*Z_E8}JW41jZY0=5zeQ!E?!
zzZIuI2r7DvbFf7W&W5BEY|KSh5A^&D&=|7*3Ai8u|8;`-Eve%@2)$sfvUC{C{?#s4
z_erMN^=mY~I4^t-e?SD{Ow1ZbwDUU5Bzr!;91d>W3@uI4ap{Ec&CVx{VM{7D@(Y(5
z{p}mtF5ZeQIXbXHTsA99b)8R<q54X5oq@-*#-{InVDCo<s}QQUF8f*5T75E8Yf2Db
z?6X3W(Z$7z5O*c%d6F$Nk$!XVX8GB;^l}(%Omd^s&(+=()9pR^san{&403N?Vzg@A
z8eUi3k(&naL#?Zro!kOC&ziePzS!(F-k_Q*`JPOg44wQpV>Sl?a`m?-`&4be`qH}4
zssH>r@>lBIFNRrTc?{JbL?2z)ZMa#^;H$d1D42{z?q^*OBMAp#io#cEDL2LebRY9U
zaQp+OJb)51G9ox*e+*$nD^nz46TRnGY4vW|hl^j9a#W811R^QNTB|AF4u#`a{P~7$
z#!&FB@<hE3iY}0H)=z-7OX0R}nS#CGn3;{PG1)P$OXT*;uLAH1Q4lX5kQ|pXAEwrz
zrWaF5(WQP&HL20vt2oA;H<%YN02!Wwv2q7cAxM;Mg~!67ZFv!x-H9o!4mki^z!a{{
z4&#P;<qSWJX}wQl8*-NEh=^_%8n%=Yqdcg-Zm&p7)Fd%ib_|xO@<5<OGE1bH@FMCS
zDeFJ7uj0q5#GUV-<1K;2ft<JGK@xI{W=l!lIQhZgAPQr$kj~Gk%r+);LczKDQ{dG&
zeh>E<bHR=yWsR6bWhZbj(q*h-Z#>9yvm?7rlqN3EM$n1a4{I%6IX+F=nwj2bkhO-N
zi?U<6bNG2}EO`|Ag2I`NdbbK6u4hobg2W3@#MthX(Q)w;H^HIaqvB}l#@Wf{g@q-%
zGhuK*F-Z?K!FTaL&_NPXy)-BCCg}ZonGY{SEO-EMx12-@P#<6_k0UkwG872e-)(ku
z45lrymjNl_M08JlE1)wy-|4Zc-bO9`SSbxY8*97&T=ihpgN&uZASuI7OozBmi&P8&
z?n-dt;L3dovCoISrl*&Wi^U{;@xekjW#n8uL#?d0P^<2vvI5!-OaZ@Tl6lQDacjN8
znj6)nl3ZF|8v*EK{#Yv-HcDEmsVc~|wyHtIJkTTR+S=iuIQmY`^oIXL`|IjGX@`l>
zp?;t}xv6}qem=;>J|WW4N}k8$gN{&)(YlZWb#~^-5PvlchV{r#k2Ur~2Timfz-~tp
zl7kJ|zyVL?kcHIh@MR;zHe^tVn@$FDcCrtn`e_xDcAGxfw&`c-&a@mJ{cuICK|Te&
zc>qMpab#-MHv5{O6??3GKrM&(t#MXR+zuOFjcm&?jaQXXONVAX*NSPl-}$zwTk4Rq
zL6&DThBQqkkxE!Tyuaf_SV+Bow#FO5T^Xbg@Y3xUHu^aHG9mB)0!>vCnF$5C*n@N#
zk{re9uqkJjbtws`c^tW&zRI#7*GhwP5J=_>muob$y^ef+I{$L?zEQ?cJbrHD8vOb{
zlzN=_(l`C8q8uMlhP%@BJQUHZacALQ1OOHsI?pw55StT>YY<i>BG4S5szfBi@indK
zVrsjDR=g>?CJf@1C3D{2H7VN%ng$PVi3E3RU&6HVbtEAcd{h@PjMNV42rdN|lU0Gw
ztdP{iSy<Wzbob}_qt#IJ0G(-xi{9&vRoz8rIMXiWmy+z8H$()+cD(bay7FQoW*w>U
z?K4QzrDw8Er{vU9peHwP{gVfj4j0OAzmcLZP`8^1-;!dHQ>Bw4$UU}!tRy9to6>=a
zrG8C<HLf%9A@k7n;~GDr>CR}KhCV#hcj#7YkI<vAK(0sbO%ae}j46Mf!io?YSO?Vu
zf%T$VaGSu}OdbDkQ))!ajY5Z^Y*$z;)gB7$^N|2^_LVUJ=Yz^n3C{)fDLZFm@puUp
zLL)CmV}K$XhuLxZUM<V5-V+dMchUD9vB9`_UY6W^;5gZOT7aMKxzSkA;e)zc?qB1t
zlu4%N+g9qW>athU3vFekb>bK_&H|X7&+tF81DPwLy_2-lxwCJ4>9KrfneUDv^^i|*
zh<s|aMN{*9I4c7rsQ-vxC#gXE)n8V^Mm)F+0sLY?TGnv#9j5xQYDcfd^x%By;e4gB
zoQkjGpua<+^&5M$ifginFsKMj6Z$$nT*9@ge{nx$(Du*8dP5}hL65>P9Zb2>s9BKf
zrW7P-=gc=}z+ne%;G{qZnDn@r@5Y-)FgR8a#+2vRT#d*72Q6M9V&cRrGw+dbg;uLa
zaw6xE;QhUsu5!Vkm^5ss9seY^dG^nCA&iDz4?%XRC0Wypkr)E){CwvI^cE_%T!n`0
z3*GrdcEG_z+N4sDj%r3ddi1UrEHT|A^^6Ug4_0$;WhKqP4!Q#ejyli)1;%F+f6z2H
z+q|p2#fQ=W6-ht_D*vaP@+;+?5DGPNz2or52FaRp@+XK;)17RhiEcRGb*!dT6C-A<
z&3wrS8Kk20C(q?1EhKGp11cuKn3TZ|*+|9ljmSXn11Weo&f@yRivifFaqhTM_=D_2
zS<O!OGZ1AwI#RQ2+r1-=Wh`wRND(#O8>5oX<V1J@hwBcTC9E)FQ#sGYP54U$vO9)d
za&fVve^aSWR;z=THbbgj6peppbQ~(VXhb$RD9cpA|DUmB^o`PYnS-T?BK~WyyF0-P
zZ?aW3DZ|t|T-)nk8Iv<W8D;xH+-ApT>9VF^<u}4l#!e-skoN|`{+3^tj~^tcJj~Om
z{UKBh)ZHSKRO9c_@%xxWM=A))MlwSQIAqP<^%xTR#LVMcG5!at!^*~7Y`1>^q{5E%
z(oF41#;T2bGjYFxO?j_@?f5SuMGQ1QnA?jZtQL6cB}Rf{My}ThgpSsK;RJ=3X?Q@`
z)$I=HEc>LF$Ee;{<&I$}Pj9VWHd5@gi^%zzTGsCt%Bl=*iJ~BEt{sq)Mm9YG?dLta
z#=VLD$~;>j79&~btHy+UTfYqmnkw;d%(t_!1sh>xdVsc0!Wl53&Z1B3ncd1UHE|#J
zzJ_is1bCs;cHCKKB8>eiYd)M+7v^G+I}_a$bvVs@Q;B0(HRhyBUT2RhYJ3G;$_xl%
zr~|2qx*J3bt(Gq~saOM}vRBgOLahtBp#OVh=C0Gna^4@BUWyjYH}(O`sUpXOq*Pe$
zQvQ<xp?{zQMG=VHRLH`-QvOz-Ha~*v93mscc<b6>Xc?xQ{Su2dcQ}54O{QS__(D9&
zSmU0LI$koT1prw#hJ>en{UE?4cN@N!W1r{;MS&m}%O`Sg(YH>=y-(9-kSQ1DUUbB}
zKzNKfp{9=weAIIaqo^T-G@b`85(E%}@NWv_Q!I3#4o$5Fd<TVL@orc;NyyW`K(z#-
zco(vbO8f>Jxv<340E#OA06OT(Y-z-UAvD8-XfMn9E@JX#000CCG+5xN1{`BSEtJZK
z-c9`@hU>s>!yn~<#!di|4O1U*!q~!<$)dSxLC$nNS-CS9r{XC|Eu-X8q`CyT?1Wus
zm<0)jrF*?4%liQD9+zi)wGdChu)Xd+brmbZCO$sVa<^*MQC0*4AI1O=J)k*WA|UTl
zFEDo>M`HFk%j!0yK|jKG^PnI`lxSWi`H0=PX7ufvsij=taj7CvZ6eHJQJY>OP6UeT
z!LSSqO!PkC3V}GZ_^UJZj&DJQK@_!4x0*};u0#YRWDVc%kYZ8ig8OgBh=t9EH)Bv?
zr-Xf31)QWiWSy2Q7}{J|j3RQ8x7TOPTR^QXAw1DxpUl={kqgm=7-F=DloP@nh`5qv
z$42BYMCzamI)G;O>2DXB2mJXOiI${MB*b#k{-?^nu4fm+?Uu{{?>-E;0ec#zp&NRj
zp={h0!q5n2b;N=bL?NcdzRAXHW7~J*Dxa<38SIEFIpqQYJ|2D#eZkHC7_Le6vFJ<+
zgfiMDeUK=#g>-pC#0oAW^WzC98ftQA;9jI8e~5LWac%zh8vrP@ug{Hr-2iDJtSGAv
zh#N<>VvnByb5|P+kpG~>fZ9$f$Pc4YSb5*ftjK=psiv2so>W`bo$&i7Kmu`XF(aCP
zCbL)yaNA>9SxohU0Ub1WQ$AMcEP1rb!1gUCH`;m%em~bx0?hfDXaMw+ubofYjqOgW
zUmFGN_FBt<LtCq7<s50J6}~tSFgu@hF6_bwJs!v)PzFP)|K8GVwhX5KH^SI+Oe1{*
z8*a-B-6iELZ19~uQmUcGTh%rXoWgxyQAkjrLx?EU%=A84Ypb0n83q{XQ$m~20M1PM
zfNN}bYH_pXXQql9OW5A(yExU>M^Ga}z5AaJ%zAs&!DcqVC|>BaLkKZ&1T(x;0hglS
z31!0kN1TtKW?3aut5|sZfpALEw;8+v0yp2MvH~N!YtD!0->B68a?ePlyJ67vY{-wf
z%bnIu$6dZa!dT~r;`|iIBKH9zd~lk9Ok{u$sMUv$B$+RXQIb?mN}FWL$721tFtm0W
zRw)wq24TzV68^q9IT?Jh$2@QV<2Ix!0lX@zlqu#gCt>r#jZsWDX!l|8h0Gz%4Yw~{
zEb6zjhFn0!3+4}TiNwSdwoMn8kG<6n@jgsZg{6>^jH$_+-@@2fBa@NC%Nt!1R7hGb
znH(A`kB%Nn-oVErH}Jw_oi59;+C=>L<1CJWXAjbe|M6_aj;*cqCUH#soA=41kc;)8
z+`lZ$(}bYhIqAQulHcO!;zPzk4;JmtoU$&ytLlP*pyUB2wv_t@hdUoD4_^vr92-!D
zZ4vjAQ@_@e$V+=OeS{f);()9`KbwHpwMRd)sn(AiD3k`r&N(wRAR{Rb=VMfZTUu8k
zFw9OMqH*1xtca9F)juDn8DC5TGR5*QLBI7iS0yo*RVgV^bKXT#d&^mHWmq(tT?cKt
zguz?QvcBF-A(?Gknnc1{=_oVA^F8ipYD~Rr#G0sjA(*l%u=spUOV}Z7(_JnqGdUQp
zFy#H89r&J<XD`>u@h>PzgWeGh9gmC&a~8c*qL<_C=xdy*!v#^j&=g)?51dPd4;V;f
zwx|Qckr-?7?T$Iu3=fJv3)VBl$`+dS8eZ?ZN6${m_f8>+Ram`N)a*Ca?w8*7<Pjkt
zEC?)Vs>Cv#Pr;*1NnT)r4GX_-y`PF$@%0@SxGJTAKFrp88DcKoNqOUl$joDhq<-Io
zu(bIeN%?-m*exZf7n3E}jh9q4OMwTDB*^=89(>aIm;I;!DA!2Y7<QzNYb{#G5a1O$
zw3iHQ`R88ch6*7DfXGc=^RX{aOWLe0#d+Pfqu34ejW}G&s7{Q+z?xOU$?c4khVnIk
zhchY+-u)?s$=3gl?dA&9(xG^#4;=4P8R9Sn^5~UlD$CYOUC`atewe!`Myzdzib<BX
cKj)h)9_P&f8}<b;$5v&4{y2ePsOW$I0KDp3g#Z8m

diff --git a/php/public/img/jenna-kim-the-globe.webp b/php/public/img/jenna-kim-the-globe.webp
deleted file mode 100644
index 909a87615eb2935d70746f7819ffb919d5f7c20d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 98876
zcmZ_01y~hP+XV_pNT}4Iq}xM>NJ>b9^w3g*gmg%QbV`RPAq{hAX^@r>2?+%RkuE_%
zq~Y8-sNeVh_x{%heHfUTz4sgIUGLiasHG$?FBpuDrY9$(p{pTG&klXRi+3{%9gcR(
z`TG4kq>&GDbD7xafhmgbSh%*1X=4i`9Y~~l&Lk4)G(dNuv6-FEzEGBqL}~|r*=R@3
zUx;F~7as?H>RsnT-n+y>2J#CdPbHE5lJ#pbfj;L?0+^1h&qq3VR@Eym?E~31DKEc{
z<qO3hG^?Hb3QQe4y8Jmi@1C>g<B4=ZE{XaoBQF{G)lbe6kBe7w65GrdO@Gd7i+Y{k
zbPCwG;JI|#x%`Mcy`1#Bb}4y@kBmPVd4B7=X?I{rpxNaalKiv}3H=F|JPla#`HpNk
zLElY2Q9pD#ll&eS(Eiik$tMswvWb2<Kfd%?W%Sx`G7@Lov&ZR>=XZOJ<lcRG$sD8~
z^8E=CIk<ie*-*c>drRt;5t0shvH5j9aOraC^w#OTrEVbdR;T*t$&YQxW$s|)2V_%#
zncsE6%H!-1lc|8)<DSS1a%A$vwMzx0x`}v{Wc4SS1z(N%RT{kxK5n9Of~a4$%G+pV
zF7b|T5uKA;5*s=O7EDoFgW@pF`Jatbw{K0=KR)BIHqv4CjhMc?R}x(^5cmRquxCZ6
zc-b5&XxZMYVa#;85M$gQY0t60V0tFQ^?Dui0iX(YeyrG<c>i>}yo;N$U5LEyoh;{r
z^tKH%W8$|6*`|iTwiV~RVQKpsj76SICQlO)spLF;=Fe75#~8C_xGS4`SPJJN`;RGZ
zS?g)@#Rp+ON)R<&V&^|^G<=&GqkbxmEPQXj<s9&NiHGM>e=4S>pSs>IfW8FD>Co+;
z7V4SnhOg<PY||<wrh$(Z+iD~QZ$NVTy-f-YyFL}1|KbZ^bG~Lb%p+L7VQduHDy@ln
zM-Pl{mD^p3(^oUPj*X1X`OAK9j|n}<(Xe44`&Fov<GR^+=8MQy!OX<lggSv~cM*+1
zJ<#)m#X)~yZ%5NhaE-}=hw$Mv=hX`@R%%J2_wiri#qamInwQO_^?I{(QPqmbc52UI
zKYDzx5jETj^g3xRfNQt(8mqaE9@FC>qYQMd^T0E<PcNT|6QqeMcTqsEH4pkSZ%|Dh
z372FCfTY%PI%vr|DwRqT-xg^b<pStwii#JZae8}<R6F%Qr*+%mCESk7Z?4j}R?L!(
znvjKqqs?zE)|>hFkyj(?$SI;*2%(H+FZbs`lfM@Z$idr0UeBMcn4VWxll6y<?O|;W
zB43GM&)tZGi-_2Rpkm2+uOxJngW$hs(19sALvsQux5VmOfQ}4UJ*$9z-27w+nl9>P
z!37wbpAVs5Li3l;d<OkkJ`*);VzE+GlXoCA>qp;m;(*L$3zAwB)ALW<@z2~?%TV5+
z&TKz<Z1^6s6p05>zq|ckFOi;wDV*~=sOR(WoWurt>niC6u)#FC{}@yAQr-RG*#QmY
zxDq56{Woh}bFI;2^v3vNRk*>`XeRW<vuf1KPnAm|jeATOUNC(Q{qku9dfCOwTkSox
zZD<sA@(-QC-+K|_!g^i#kRfh;<YA(}C-+gt8FDdKLA67nPAbZCf1-w*p=S!caeZ(Q
znI^;th3&~>C=8(Z_;*1U=9U<#mdD@@xf*h2683l7-X2LlvhlyRw~BoHYn1t?_?TXh
z2jjCC)N9BikLO6cqoer`!1$rpH&~VUC1?MI=*kP*h!M@E^qa2#2KZm2K^LyB$Zr7T
z^pPGI{XPCl{y{Y-l&5PydD#;4_2w}EPl+|CoE)rc>|-1~JR1In!s9Pvdr%CGXQZji
zPg^{-GHL{-<V{R}Q9#cstUeJmNdEs{A`gkvKrlFiioppQ#(|BeK7T^3rPV783W=q`
zCZRu(rzKq$hz;MzfB~BLg^Re&DJCYVS}^JaEXDEX+Bazz6`w&azcODkGRRQ30QUE}
z|1SPNW+zFiuqFiSgCPesTFOZBn4)3`3M|~_NDDUZn|sBIP`U=9;>$$Mk{#|UFU;?(
z*tVc~BEP9P70d8Kt8De$21H=c3ZpV{8MSt%P<eC4%D+%>l_~#gT-|yrKu6Z$uC!j-
zo2k$x|0BY4RG2MkGQ@WzxK^VAT=AJ_vGlCm`W#bF^8v{dF*i(^l`=ya_ZwFkdaSC)
zWE+Ft;C^HngAnOQ#W>x{;ZHJN+hO^ufc<~x;{rkq%HHxfB}hIO@~EDW@Jy7E&-Rtx
z3s9h6EseeuJr8iedp-LnnD}lH;Xy!W9@dwL^5sh~)}ZGDsJ&lyg-tqvFY7Zpg59`Z
z{2TngQT!K-MA%PZ4yk%H-jU)r7kO?lmt7&m2Z7O5s+_BYCj8xS--deX{40!R^2*+L
z@k5*2?`vUnDRA&A&nXb{3X{0&--_aX|3$e1%Hj^&cmL-KA^7>YZprs1(_8N!8hQ1d
zh+DHx56h3gL^-#rRmnY_#DzIMn+}D0D5Fu^H_xMfAyZMr#0Obj%8`U>-S<x{T)|{(
zo5xO^UWnTNnIh(4zF^t;U8$sPBxgi8Y7J0kJl&zJ&x4ZpsIsYlsx<P6#e80-yz&xu
z@CuSIe!sna1rK2pA>XZa61M#Kyt;PPy8HzifP$t!c6(TF^m+yFeG=OLfvKphs3W%O
zh5^=#c**<_lH%Cm#i^OTNC);*{uKe>ZO?>A-_iN{g#Zqso=K$j0%flA1N4Frg1|IB
z!tGGKMf}MOjsS|vmbzPio@%N467BV}WapoA|00elDqf&Ss!N1}C1KwTV=xMeWy)(n
zkeNFV26#;BB<Mp`1W;Vj$w<{LccF9q3N!V3N-#+XzKz40R9ML{xuz{u5(&Jz9wr;k
z0YyB#gzg%ClYZCYXAB14ubYfQCh1Tp42*&`B2NQa|0V3d(IL-3K43$49b6*>!KmXE
zd9WT2ng~z@0J41O_!XLNAXot5Apr1AD(1651BiDDrx#R(S)MdEZ<dE$P<kP<K}MKv
z5QD=v=q|!{^jw4cKk@OvQat`Q&FB%RGOH8l4e%Ppz3+n{>T1Bh#m42&+UJg3q4n1P
zumhomK#P@?slw}wGRH5hVE}X=0ouI_YmJeBQ8Y9y9a%rZc8MXQCQeT!(Z)vlNkEnZ
z8xN7vi~%y}1;n-y*vYOCf(RQKuEr}+-`QtE7^9N>e^<_{`uk|6r_3m*5NLYN8>k6A
zB!FcK7U4xE_2NqsD}x|OA|BYRm>@rB)M(5|=kTc4J#W*fqdCd}!}xiaZUEIZ9_=Pr
zpl;EJSqC7DMa-$|OJ~Z*(m*iPf+y+VZ@p<T>-2Y)?Pfpw4-)=O-7BnW*;xUavV<eU
z`u@A_6JmuPu#6f+Q1)wnmbH`h%<Toir0UojMD-$5OR1KK-J~O*R-f{R00v>(FyLnh
z7XI7^$Z*F9yB?i&$ZK{=`aKVJP_=D^pg}q7U*2EQqyGjx^Awa;QgDPWSd!4~ekUIU
zSw3aYc7$@!H8>AC#-r*$4;;)>!yUzr5^bJ;Au9ud47%xl;o{ar1z1gi`|X2iqNQ@|
zkW1vI89%cIUinTj>lH*oP(_s%@ohKHcKh}JtgT!{e={)f9{AnXHy4Vy$S@#I3SJfl
z>_2}|ideapB440VK;rhXeI*0(H8(-__?!FLl*Y*Ttc%EcrJEm0!gf}sw;Qo>XLwcd
zBEyWFa-rfxPtGN0FNK<*#TLz<cps!119j1RHl17`#QDQ)P~70^g6gvwz-%LCSKta>
z#g`@?*nTb81IjUj+%0<$AxVh0+N@H5nwvq>{n*&Ey7&2bAXfimEMF<nVcX&`<iY?j
z5)iC~77r@G*eyCBOEKu7K^T0sT!tUFZi=P<?@<3cx(K@xRm}lN1DUg|%_CG6UO5@d
z2?H!sttJ7YQm7nU{=(s7@RZPzwXZYHVw(L$Lb^gcp;t<TAA<Km91p?wj96}!56~w`
znh=H7|H$tn56X&wp_;X7m_{iFio)feeJCkqaQ*hbQtjXB2fmUA6+Ev6hs2okbq-(A
zf*l&ZTR6+I&M-4!{5@3u$@Wp|JWPa2e*XR#$doWm#>iY%Io@r-WCf0C$3iQ0jY8|X
z@#-F>!%wH0&6-p$Yd>#%RBFnd<)>Bt!N{;hvO7c$|ASpIZ2c*KB}lfMj@qwQD13nu
zU1cX!rh<zCXbJbXgD_+i4?F^EeqewgqhOKQU1hz^l5jf|`^f+OmY=~#%Gb6=89Wyu
z;eT*eQEuu92McL5nqRN)qh_6bpZhP9Babwa@iF|vVXs{O{MjFzS;TEInm*8I<VD4u
zky|i>E;0rFm4g)#aF>|xq}9I#T12$ib&sM*Ro3_-`Y+$P4O_j=Dd6D52eSSb+S81&
zLs0~_0ytpyVttR3r3?gHvncA8$KcP$onB!cj0!N;O;5v;Y7c9XD_8uBxj%lHx+r}C
z7`A$oe`r|-OXH67C++sd+rU8(l%rf%js)Hpu<20V21{OO?|fb;xyyIYGOZKPb(+84
zP8As+6PV&Y+QPq2u1Qrm39z%*sJNa(MgufKzC}g<t9s3*a+uEYe<ggJifcGiI-70}
zoH@8_;lXAX^cW%7ra_d2LVce;-fqW2QHsa>PznJ6i?}JbVnDWZ+DzSdHB%vOh!gRF
zzO4A7mXk>0LBJSDvw-quv<QwGoFRJB@lT*(8DN+`h<k+gk4#?`=RXM_c0#C0<)c`Y
z3qZqV$ar`Fj2_JCb4FHBj$1!0g2hi(na6$rYm`f=p;(^o)KvncFS=>rd3WW-ah9TF
zxYB7=d!FQa=}Fg@Nf`~IqD}9JTmUMNnuG{JHYjke2Aw7>3-~W1jFr9rHy;^yC*Py7
z{zw8D$+^N=iFs#iiODsov7ll#lpwe$xBuh##x7X4DmMubmQkcDxnH{}sf(#Z1OVdx
z>%0w`Uph4tZ2?(VSg$I)!jO0qn&LbQ@Z~uabPufW;lI3EV_Fx8ti<~->1O-OexODt
z>^EBKF&-2py3>F?G-Z6q?NhwNk${y5O@g`0GI!oxMkY}PsN~%7d1S&!PS+DQp@9B{
zxcLV(QX_9`iEWr6y%2F3yp&>ykpWN<5JHt>TrV3K5maSKN|~YZ00o}vX6HGl>J<Y-
zwP`cu|7med2aFdcuf|0!5dIZj9`zV19Xbg=>g>QMlr>S+KKl_A%Lp8a%l??e@;C52
z@?<l39!zg7D5(o(Bl_5VfsIjb?hz*pqVaf@_?5w1D4H-R&6N5CWq=eoc$VDvug)4V
zNBsNt(d<Gb%raGzi7thA)NB}9fwQ^GBFrJ3-W6ohViYn2x5HU5J+TBO08NVIQ>`<k
z&!ldb-yY>T<MLDfhalKj!$i{~Q%Qivc4HYn$^T83xpRBY3=e`TV<77ll*xc$S|Vu5
z2VuMLj55>u0{s5~{db(&noLK}p=2#^t>VVZli8Hrj2ko$hpdO-ZX^tYLh<P3b-c*f
zb;vHzT@$ro{V7x~G+a!2Cy7~vbqhE|c!=6=utKl;9iSYo2$s}C@X;kq-^g19p-CiL
z3zv%{RC5(W+f&koE)muLun%hQ{`Mw%`(oaD4ymZbd$$QHzz5(zOqxzT6~j8?Fq$$6
z-`n->65dyXpiIet_Bz5lMW#foKxOrbgA$LsT|-8B5CD|M0tx}dnnCcSY@SrW;g++G
z;wx+1JCfCa7Mmu~0VCA!qi_HQ=yXe;{*w>>M^oh2qYj6_rYxzVCGdlgVP!Meq0C5*
z4b$yuHbB#+y@NLcf_Y3<<+B`UWe2;m3B$NT>bBBj3a+E8G`7SQ8|VPBgSS|LLR|hp
zMlEwy*!iNZdw?O3-TxAmiFmE-DXlyZA&==v#>XpDthHJ}UP%i1S6%5918bify&{*o
zlDeI`)B3!|>~Lnj-w6muXITfqmzxmLl-<<ak^NH>mYaZH30Cl6UY%&tITXqX20%yY
z++$O7(w%W@2^VB|+I5qWjH%?4mqxcg532mT2M{=;D9(fFo1O6=-lFuM|A<9bUJ#K;
zH-sVpG~X#l^7(-fkTdA+z#NvS$~jrdCV_OIj0f<bV?)OSI|A8^6~21y;UP4oYV=%B
zUamTtnYyBnXpNC&b2TW2O?s9pc+!hMz^8`;rn8vbS=qS(&Zt^&KNMn%F65Coq6{WH
zX8j}e|3K&uFG4Yd<hS3}K48EAbL@BTp@#AOd%YY~683;z?a>erJk-%G2ed>`SP7LW
zE5Puum`?_rf^RK?A=rVk%2TpkhE$sHhSj7hFfW0T7)BV}sf{HoKZs&XM7NsPA!q?A
zZU460;V|G?kE_%_+BxtaR1mW`HwOU4tcOfkfB}n6$~x*oiACo~bR8PCo>!J{1tQ;?
z_z5;Q6cbwL(S^eR7iZ5w3X3<9@!c~?E@6-MjrwF5To%cqqbLWzfra-Mq0j;qD$`Ls
z-bf0EK}_x{0zR1UbjcL{e;Z0Rg#;=2f;d2x%$Hd$kLfuSeD_}n*+b07yoFm_!R8Q3
zZ37mwk#|6PXBhCPFziuQGdV74LC5W1d6ZgXO#QXe!K24sCSkQIOHeJ+!7JG!Z2bmy
z{i?r?A_NNW=P<s8L0pu81828}<R3I&X-0n<)56*v0v<&ONrodIWrJ%7iH@Hd3h*L)
z?!HY>xxJk#ir`5iVfO>#>&6sKWRBbom-|y*EN|E&P1GcmSkG~6I%<_{nbKvz5@ua`
zrtiU<%-@swV4Xe8j4U4o1@Tb8H0PQq4WLk(vGWlVZ0Q;Oe+l?sd+>t1VV|}OF$Ek8
zFdBIWV1TUi>r#@E$cdNRCXfvz2_d#pPx<Kv+X4U(xi&--;dPF}bn7uXb%*@SpZQG3
zaKklO3S>z!7#IKpTY%F1pfk*@Q!haq`xg;`c4||t7zAiCjRDqcVF1+jFRxGAK?L_-
zjsB1N#c<B8f$IE9=b?5lc<|F(sux9dlZd{|g5WL$34$jC4}9C)*3sp`8iC5QdRcB-
zxe1wrAkVpj469f1G%%e6j^STK6p5)6?ZrGC=<Ja|{iK{QqOjqrb5MNthbQTtJ2oS>
zLS6qg!9Hhyb5vb24ayycu;fZhnWg?mvV0_|+Rd`os$~8%<*^q45rH7=LEA^Q3NVkH
z_CCn)`1f@9{BtyMF+C%zjce97D99RKSOmE{W;1MRcX8|*bwLG^eNzTZC9J$WIE5^S
zhY<T5Pm!qL18FZc$~7h{cmIc``v)RPk`t?0;;u@eGYkqi9a-M0X1B~)U<6=FtBU$i
z@<M3`UZnegG6Zj6s}AZ$<8vK9oFNRbYL-@J3_CC>W$zh$QNfb?!o*+E2A?cd3MgY<
zP|$*qk&S(meTNWLC$ip|u<c)U{7;|!&=@3E`73h%kFby|_k_eelVe_EMow4`1}yS4
zMGB%zL{y2y6#$f_R&|aG`XrW~ryz<fO>);CbtU38>%-^mC)%9r>OLysWqN6G8>I30
zKJp>nWZ3>tgY_wU<xLc&i*v>5O^CSxl$j~h$0)HTns&2%iw+V~uY?+uQhOB-+B+E*
zY?{Q*M?`pKj+>f9-IL8fG#NaIN{LmdB4hVepP&Q*a~BAo8kY>$z2ae+yYxXL>tX#0
z+I09%Y)!nSg63GpgKyxP%O46!^T=C<Yipdn^=B0$YfHJX4E(zG@F0MAig}}g3rd30
z+gKrhYtsK$9)*{6&2>Pfatf;1kN}Y+%!`P}Q$RQF+QSc(wyZ)qh&x@^6dMMFGGzI2
z_t46xuWnn{yTdgn$tN#q_Tzpm2H`ePPFn%{*<f@Mu{7bk*&h5{@@JnD@d5M%5&O^0
z5Wg~tE@e1^nx^UN5NdKceM$c#Y(a|86?MO}|AE8#aH)rPv=NN_OkLdx<zwR>3Ck%1
z;J~U6HF3>Qk6eMOX*zMhSXZO09n?kMIoo|fRB3N~7axuOK;7h!EV*8EBD$jRcZ_vG
zS6l(_sE*QT4}AV?88lvpN=BhLBRQ&V`eAVfcEkVirhkGxUfctdNkEnSkzt(?c`n3R
zQB?tW#1vf`jAE1q3PAwCOa_A}fR=?6vlazwrIq0C$9EmVG`yHTx+A)Ufl|9@ZE__H
z_bK?mYczeT7x;8C@Jb(qwNDg*USbkM7|N1f$3)bqJ{iUuF&WMCHzHtk-`f62kpV{J
zK`f_T@^}cncm@w<{ku<J!jepri=$PQR;8g9O}8AX=jSagchavoJ%>QqMF=H+J3*3>
zmW-lqmu}a?f$NcXJ`D(SQ+A@eR$BN-XK@5%L*_TGB_eF)$czne4224~=EN09tvtu5
z3Rp5I`1ZGSQv7La&#NOmh9F7I;N_iB$Ozv#(z^E<DWbM!0RZYDAOeCg0};&aY(-`W
z`^G)|5UNC9Wtn}9{*jv>K&2^Kj)^L{wLPthzOZN7WNdq|mh4Q4uM)`Ybqvr7W86&<
zENJpk(qEZGDIL1!w}TX!KSA3e4t)M!rJ1&?|LV;D3=)`n$)m|br#ENN+4P(dYG4fA
z%a?Kq2R51N0HXDh<Y4(rIHZ^CkgH~Y5{3MwBkLVXZyr5q87w)M$-&-B(e~ABv25OT
zTv_>P&xAhA#V0a$qZzD-J(^qn4ZJt7wK7EkXW5=_oe?S|`Dn~|4eSwrH!W6q{-|4f
zm`kr((8?HYxCa;!Ku!QOiQW>!AyS_>zX@J(TxPXTq;bH=i&k)}*(?G!H{+@|$RcKY
zSLk-*F$IXU2`Yzq4neha5ge7t<s9k6(54xfM0`s5*qn&92-y_h#jIsPj|_5zenu%L
z;{wSato#pF=(yBoupB`E`&coEum{sYFp7aY9{A~oQ4)`j-iCTXJW&=inE<McFu3HO
zb}BwjGi!AzwG1(CEMaEJ4CFubQHv;QSR>$3rVy$E{AcAXc-l16sC)3h?(_(HJVY}1
zRzc(g)bZGlF+YZKl48uC6t6S02J@c|zx<D8CP$ZqnJt3M-y@AFjDvGhqUPIVH<@Fw
zEME>w0#*y-K4B2EFE^}t)$7TUd>S_1+%kq)g~snyIsVKumdht_RFfg**0~gq*f`+1
zh`1q|3jWxQW6qWg5Ed|dXtWTJD2ASr3bFUA{tu-llb-1Fniu{`_<vW^yA^kpczvJ-
z#gv!{x*1S+VXW(iVqmQ$cNSi5A`S%@lNPg}dzmTzoG*LW*SG9t!y@bU0kl>}fnnSE
z-&iFoJC6L*6P{&)hZAitZnAf@?SB>sNznHu*T}&H479<1fyGx~86G92F&zBZ=LX3|
z@C8D}K9ueTmW1<Fyn(h&ukZ^JuOUGj>IV076+59!hgcM#v#iEyB$z4AEiUg4$!+}#
z&=etQtwxovDRfB^O?pRy|DuTV=#%d+B#DjVPwsX0ojD2^jUabH@IL*XR{3CnUfa)B
zT11t{kGTEv3f|<0=b^TPt5i~etiOS0cNe7P?mh>UP#g;btabVIrwO>4&L1hxw)x%!
zRm5g_@PeVa?(F6!RK}EKIat945f44Zm71ET5Zfq8tZN}qWy`P*`l$Nogwqm0KF*#I
z;(zV*BAex|gJ5Lo9jCC8eD}lW`tal;8HtJbkR9|r?&rYU$|j_FbWrN`TZo`C@$?T3
zH_3>k?%EK8s%?516r9cFFKx+)yI_Egq#Tr39Or1W)Vj<6k;(>^{%lODr+@Z|%CC^l
zlh0#F*M@kZc{wjiHi{jMhO}B^uG8}43B^ZSzs6iOewfFPIv6-S7v^nd##6yXlQKe^
z=F8ut5D*u+@p)h)<*N>c1?Th5E%PZdwE)w~8TA%yDZhrK_X^WU?^Lb_=e)31iI6A5
z2V<i~5u|CE*GGp*xbaJp*U+Op@#<YaYLd#rzw&rGlOs9jZlmdop;5{H-CDIp?SPy-
zHV@OFcgBDGb|3`i3jPRT!;Fm_os7jRB|QW|7ebvlNWuy;z8)jwa2tKrWT*QTV)k1$
z=dltnUNB9`Kc(4=SwADk`@zB^WpC$^u^llhBL3}S#NtRM&#Z@GOvYUa>hW+`24y3q
z^@9g*S(kj4Zp?*#)mM3`Sn%tS;{ufUk;!S5v=FOc^kDs?1N^Y~NACh2|FvdeibnU`
z%>`$3NN*~81%4(ZEK`_RSOD})n4k@c$C_D$h^Vyk6wWEiYob=PZ0b|RQTgPY?zp!j
za5WM=94NX2w10an24B04{=_pN8j<`FrXb*AZ3mT<M+ZdDaXlXHSWfZ(&fMJm)nF7n
z!?_jnyLqda>3yw}lpV)>kD=zb4iB~KHc>vYybVj-#&~Lg9t=|!UZDmtvGYQEO`~i5
zQ=togcl9`a8=wrk8hGtJDwpK@@hu*)RCCJy{7tbBCVm%|y^Blo)*;NG>h+ECC!Ew<
zrNo5i5~As_q%O-81MI%M;nC6f&0>~bqAqb|cF73Xn&?gS>@JWPC*k@Ye@&vz%tIfN
zY_@x}c1JU_CqL(X6Z#~JSzf0-eW=Wat{HfqnXmjNtfuHY@l-M=qg?}`mV|v-mf?Gc
zU1!Q5S7ll^>q0;ygWg{H-jm21H*o$nHJD4%!lP<}FzOJ}&>M^x$HtVg{rHJA`scDJ
z#Dki8Q3h8W_yAY%4>ig6^%@AhZ!KJ;vR^GVeZ#l06IVUJ!h5WOB1MV<z1OUb<zUz3
zjooC<A7c9D#L`kR?e{BV8Yfq`XZ1u3-@NhOQqO4O(r?bcDpPr9V${L;e3tgug0YO0
zQ&4X9{hL}W7l9{L#r4M<?Xlkz4VE4f1&KNC@zvR=*<8LZn?%Z22bXcD9kD+=`;^6A
zETJQ<n==G8%T|b+D$e7XM1ORXKN|(hzxWK;Cn3G0QEq4Cry9?|N*)%V6E!iqqe=_P
zS(0r(G`(Xh#k_z&oFXBid4d~zhcCB}A~tJyUoe>u%|_Z3-pw`ROZb?7YVw#?DY#V9
zob`^m2?bY-@wUL7P^k&LZs$(Ss?+9=kD6we>x8IDidOX2SxPV4v2O3(ca{BIsnBOZ
zji*4a+WWP=BSHU|!Bgr1wpWRIRTsGU29n&M6Bm7vGoc4hQ2g<qzAli*exVyNA+yc$
zLQ^!!Jh(#fu{hKen_{Iy+A_a!k7&fiq<U$6p#1j`9n;@#gipkBDt=+=vDgy#OSMiJ
z`@h3satyV*xBU7OKfB@0&XXkrGx}kya&KFj+lc4kCl3%0(zMZce-OxRx#bev2J*V6
z7fZaB*!mN8)~Be_vhdxNenm{S7mp#$Eju(v==6<|0`x=G0F4!YYXlbozwlefv0rm{
zr`F%5>d0cCL^CXXtbUH$8diTR`;|^mUmDx<p_DYvl7oV*JOs<)K2(06QibWVuL^9s
zu_#f6$HHE$q%^?fY$$m6-1G|fbw_!#ldH;wdMqB^pTsm}3p1dy7de~AG1~?%3Gl;d
z)%TFbA9bEu>VK7cJ&S&^AH0=fPgIWazV#ZcN5h1Ppsy~-=bOi2ZJ?*?^sJw%4$-(j
z4ZX?)_TEcrfg8?Ttpx=s43tk<Ibm5^{1F!cw{sij*|ds1yE-hRy5}Ie^vW$UT+P42
zwDc*YyuhPTCky`6y?I5747;fgFj3x`9C)q+L(%6bcV@NxQubxu&&BSuKdlb5WhL6B
z?mD{O@*4LoEtmSecp&PQfu-uF*_4GZ6^4*5i8N?qn$%kmbsx;*QBy9{(F&x#xk$H3
z-~9$DI#KU;s*aw-=z_V-8Vi4X{CfmWiB8~7wSC|Mdp%?-?ln}h^}Oo#hFk!LkSeM3
zy59Y&E>-zwX*agQHy_JJYikeM#M5!75jNqT=(_o{gsPiD8y9qcPe-8Ez_c{c!GN&^
z3B7LtLT-XgBBHEeNPbsu?0wTs^d_t`<aqVY51-fh?#^jh#NSfTUXce7rW;tkd(NJY
z!$yQ_Jv<iNziQUGcCfokC6%EQgH0tSYxXuknp@Imzm5ZkA)~%in<N_Fru5oloFCuS
z@}!Q<n{lmJ?}kyXl+IDx2p0$SYTa-SJG{$T8~HR$K`J}4M{rGDIUxcdw`ct=9b}$O
z`7-0{?uTz(?cyY70s#NSO-6x29AO9Pd+xC?_fF#c1?a4l#h;xq#+~zp#_P=kL^Ty=
zAsLXsiegj7USVBOFOzU9;x*%ZGIoe;+VF+|znMHBXK|w(*JF|U>zipgzo8#^?3Qv^
zXw?jwQXxGfVuGz>(!(m`LmoPxHmEG?A`)1TL_&C-sVq5IaX*<WxW<5{-xmy|u+#5|
z*@WuWat_z#>6I`Rd8^WaK!0)C#p9Fq29`ZS3LP;ntkm`%sd<DuZsg7uE;6*|)e9dL
zOqFa_@(DF{d))<SCon!H5jxpmj`#h$K8j@h=Wy0to~~ffz_po=VN#Y`JiHhn3R4Td
z+Bm(-D6?r+62;>}g(>J1dLFJTY7-3*eGmyECdF`7!?W5@G~J9`|3sGj#x7loSLt=u
zmsc4B#SiY5I2@eb<*)l}T4%UVDiu=RaJa+vB#ENNg~DXAs<yfFEtwpqp-ZM4SCvtd
z=S_^h62sbiy_;rw_I3@kzg_M9M}MEaG@2{szf8?ARHAcB>Fw{otBXmbs!N2uzGvVF
zh_tE{D2d*GzNAC_@bZ(?)VkM$1b?Gmu=(ynw$hbUB{x|J9bPD7F}Ny-nXd-Y3JYo`
z0qt8JdOhCmj4;4z*F4IRk(^P?4OjoGSHF;HJiBVe8@yIR#XajcdfuiQ9aZn%7Le*o
z5NvfJS`t#V^mO7wMkg5*)K+D!qZ9aZ<*n8t(?7{>2r^}Wmjn+UViFfF&*|k9O0lW<
zVzMc92D2c`(1zS8)yyttX7c&6x=NootTEVX`3?CD_eOw2uh;vJV^?!tV;-pAVyfx4
z00>poZwh4RJ>To3oe$_+kR@k1yP2PG$6wZ6AwiDiFx+j@zzoa73Q{?tc00d}U>kM3
z>z^>b{7b;*<$4!HTcNdCrq2P0D-8%z9Y$%&1S$pO9%9q?<2G{nX4+@k5t;mqKS<fP
zk1nAL$s+ZA6IdpLDKpa=5bytZ_?N2q`D)@T5_JT+kgj@>`OPRxQ<FYhiH!GAdGLr2
z=S=q*S(p#%{10}xs0;=@+IB6HUsqekc}c;$w|*_+v#r0-6(!EudM6?>WqJFQjM;N7
zDD9=W{;f_sy>R64cgFsCht+Jf7XQ0@%W={UIIu?Ykyn1kb4i!7XgrPhztHWuR7W``
zXZL>Ge>bTWgP=w2HvvRM%fvR&SvG7EZC^+YS8q$*p1_#h-z<CSqN~CSkDP=gHCV`R
zuqBJPN|&8|G)<(Ki)mp$C8;*$`3NpO_xunWuj$NG-A9~S9QnO0R~7*khF$xlt}wXO
zLc77h{zf-nTX5$5WuJL}_fAA|@5e6^6F2ncXT4T}aYDimW8*9RsBqSU*b~q3LQ8k5
zxzsLH-j|g>|CKat>71CeES+yH*WvuDDCbOnLU7FBl_j}^y})g!XN1cSVKvse51fO(
zHcBFUs;t=k6p?P>y@w+Li(kgR!hBhp)5vi6j!P1Gd4zB~3Ti8|>{l9|*zX)!>T8dz
z=!kXHOPS&f8e1-?50K(2s2Su~LGm)XZsRNDN+xwb9(1Csogg|G@;J2nUrG~|BAZ5t
z@TB~N*O=uaG|{=J7vF1dR4(`ii{l-xRzvQc{Xp`}#^d{)_+Q{1xdpk7qXE0^{2cdQ
z9;Ns8{qCp!m~6XV;cHZb>0Jy4GYPwOKa<nAr~I7r+d{5)oqYU4&Brg_KD2)yd0uT|
z^dvX31UMRe6B>5Gpa~cIv3+ev7I3iA0Rse<vo`Ay*o>Od?lZN?H^zV@pDh&}<TuA$
zmiF>{K|N>w*bl<ojlh8l^+o#NJ6a-2R112Kju20QfoEP)Z-dMQ_ZvN9Sg=2fwbss#
zL!6u#17Ui&2DO`-9^5Fc?Mh~xJIH<yyvl}jE25!AS$Y4POQO&|oIue8xx0L>QysUe
z=Sqi#gvAdf@j8t&WPFXIY^DB?S6_v781-y8gT-$%T+Jr=&~_8?dRrDScJT>eV%v6L
zzimF3lfq`YyZotEBQ*ofUUm4jJ3+2<*b$Bo%JWqhejKdEC=d^Ba}0LFb%#<n9gZU7
z=attJSoc+)0%ni&d&7*dnWR<6DsIF&fb^5iaLbp9+yu4TSRMqL$Ei<_dBRng>8p}|
zDvN6K7tRDc-}CehSj8d{mcQ&|yW7=M;YVw;Kl((WuhtvWJh*&yOtmy{ZSBsax>noM
zr{#46RoIEoL}La&+P`i$)DsUeZtCIj^_P`9*->|`cpsrh2l42ASLE*M8R=|m{VCt_
zOS4AaW=U*Vkj6G8gc@=63!e;#xPq&@&lG(Oj`un^Y$QM24JcicEO$NCR-%(cp2k!u
zIYdT{&Rnw0KS7?7eEZVj6n<NH_2wKp_I<kQ%9Nx8k-FP~Urvg`B&?s&^+XC5n1mWV
zI!_^dGwzC$Zd#xa;gwSMq5iG=qcNMI@;+gDDeiEv`@yxICa}$Ml#{I__F!0u$r7_|
z_x5-(@2dCP+pfA&JfcnQ4L@o_Xx6Vyi@z4<%Xzloeu4dpzME*??}<JWLBDHGZcvyp
zeB51ORr;ePsg#0ti2_r{bRgG});(SG%BU*VZzM|7dnNO5MdsSmJ8rEiJ29+oI5LwH
z;>4}H=;#u7E!PKwOaJFd4yK!Wo@t19La>21t_Mk$3h)a-=N2Ap5NW@Zz@0e|I@aD;
z|MFT2&n7;w@-+p|g}}nAH{z*kFWD;1iAOe$TE5mQq&?r^7QTNg@z&;nfGCIm>7GA<
zTi$iiap@&&Vo7sl9`2WLyC(3&eB>w-j<2qY<`;q8<=3Q_PWa^UjWo3PpNNO{D>ue2
zM@DR>Qb<`^g(|fG=g78h)~Z$h+}?Y%SaXjWX*O$MyCR-d93VgWvk$mEHx_q7@Ht=0
z0=oiD0Tyr>gykMxM(=}%1*hs68ZB(WFFI`}Et0Sao{@NG$ym}n%ez%*oVTa08mSTV
z6dxau;L57y5~yo7iuK=9f>CDUZSVUfvX!N9%FNINzQE0)+GuH|Q-9w7Q5>c>=eXU!
z!DR@Jw4jbc{XGS-*u)q0s@`FdL7#Wpo`RbI+U$_~MPzxhYhAsOCjf)x3VLSbH~ixE
z_Q9~zQ{W5{lVl)syCB(KvULJUE}y>_O}l*~;r>`@e27{aA7+>fEApGfQ-MpOG>yDj
zrH#E~e)MfQW1P}^F-+45ejbI-dWE*t9^d-9{$MP`(Sb>_lbzP&c9w%>!~VAf9DJge
zHzcHs_u^6;bZ_1_u3HG+ZJ&cvgEOzt$CJ7bg&hhpr{&MS_wS~rg{2-(H<sQPi+*!f
zzzvteI^G|h3SX1f34cJEhRAK1RtXvp;7udJrd|5|`PJ@e?o_I~AY*F?rdW7V_)At>
zjnllr_nEnEH7pdcVbTuog_4IQTEAb!dwV0_X6%>iR&-Z!2!E=d4?KSDxgIdEJqGSQ
zoI+bJ4<Gz<ii|Ly8w0uW+!!ZC^)X=i5&uadQBOa-ENRM3s3Qz_Ovyh-+L5p*Wd4;|
z-EP8u$64I_*j#la@@#kQ90z$C@%7-iW^lt~-=54*{5<WO0j}5_QTA^C(uXOodH>^C
z+jw+o&L)@{?oj;*_-wiA?7EjNX0%DT%}Bjk{JLy9UH7LKUu^RwX&N4L?@+szDRtf)
zr?_9`XFuEomL0C|v=p)Z%5;p#5;N*D^uF8WkE@MoEmBhZh;<hTrV&SP;jP&9!fa6+
z$fb-|m-8gy^;r>f<Hi!u#}OLBDXM+-TpGE-=lU^VPiWdn`xe^k`LW(%&We!6qE{B7
z0huoXy*KS=^D*~REcstjOx+7_delkppeu~0FdyR5oUK^u#OJ{x)IMVifA~a`Ivj>N
zA$FzULmvnL08OfPTe5G$AM&V{6bq<6w#xhcw%Q-37|v`N!KIm7@it?{?q9w|S|sc@
zHb_m*Ag&TlyuowRC1OLn-C}-oq~S6Mxf9&mhq1ig`WE@_QfyRr{RZB>_^M~(u1(|A
z1Q`4Czl=W(awyX-_G}rJ<{J=S^f<5;Pz@O6X}Z~o;vkWY%LygVpYI{RgvN%bJXe^^
z#yUifisN^*;&-&o9;Fn?xw(xF1eERG=#G>;@Pc{krFuoYFEK%Ej$l;Y;uQ11XX<Fh
zhKniT5a^|Pdyxl0w?O~urDxFnOf++<N7O1C)JdrK;e9+60hz9+{vMnH?YGC(X((pP
z2wdsj@_M|yL&lz%rDxlc`>f=iUXljRwanY44xYA_t4jNcu+vV*`=&tO1n<qSc4OlQ
zP=)-%1m5nBDHwvSEc~Hqgk@$xG66X@MG&+%KOQKuzJCYXg5x*N?Al=#IP2GlM7n3$
z7CBTSNza%ArOpD^RygS_zWMvT54^a4N}!Q)(eUY#<L-o4JdrSL)Ac)<YRwzQP@J7a
zVctXa)^3uLq60FKj$ym=MQR}Gvz@G5T}1C4728wo6E2lE6N|q%J3j6aFCW*)y6oi3
z)ROl0l6u;mzD3y&G1wvXdCGU!);1<c8l+Z%ev0T3k|C}n!p~<St%UERzIYmzYg#L^
z<OWaLykO%O27wCK>{<(dOa!vONjM8AfTp`m7eZ?`Ytah5j!tq;mNkdv>6lKn8XNmh
z?k{p#tP}X5h3u#6(Fa8BrAlVvy|3AfeBu)KrH!TY>kmuE9*CVV1_|CA9gCNPcM@(G
zH*ILJw5DV|eQe}hRHg1TlQc^`e)ixj0I=_(q&Q3h{v1aq^0WiDNSHR=LLzlBwH)&(
zqCUU7X@j<6`DQ)(UbB-%Zy>UUc2Kf5&LanTNU9Enp=-TNf%lV0zgrC(^ZtAX-@d2~
zhCiEN^&Td|t*s_gq(N7Qouh?>2@O4Z)BjvF?$cnyuThgM-I7P$0nC9al85e%#gD1)
zm;fu^ffW;ANhQf7CEd4)nL#Z((@Fn?1EVxp#IDh32LDZK&~imY!%=j>{rSzR5$p?`
zui1++>KK*qJ*vq}7ilk;SJ+b7v<V}l?<2N)fliYr6o4T@^Zr-qpRk<mh2Pde{_T@F
zPQR_ZQNbKjwUD1WyFtP}zbg?ej(e_0TH!_Tpr^=BhnBFf?i$s?NythEt4{#dVdgpB
zx|1)X{t01Cv}yQ*C1*;ysG0uz2mC*SYl_+6=$S_|*~s=VIm9h9qfWn0-gDW3D#Oe4
z6_w1srg*7#_OQlUrw=1|S2Pyda4?cqPjzD7Y;Xp_MA4|QaBog0Eg?&S5rl;4xweM?
zO<5;D&$<G+6=C!jBS~=<&2k@1e<GiouH`sEpM5(H=zZalfB(h7Vpqj4zsSy#{LNz9
zkE?v~)5X$g^HMVWH{Pn;SoZ4>{DPatkeCGzmva=UkU~@vr`%LxR;aN~df8DF#Dz5c
zNk}iF?_L|SSz3Ngigt>!o~OGuZ^3Dy>IJ7Z<41NfvMh|>^ZAn>+|i!~F0xH?aW^^K
zi?FMsc+6sBxHO=fviHlXah*0W^qyDsO3mxJ9aid+%?4=&W;V@{6S{shfoHFIv`FUb
zspzJdyl-N)?^*aQJ(1}~tHe)Y53Cexm}`utewfIw?Ef1)l%QZaY9+c2m!<Kb?uuYz
zckPV2T=OJcmBIdM^ZV_r%)?!0qli1F8>B*X3yfKHX1BZNIFH9yWQv9hc6l(Mul5Ur
z?}m~;mZum+nBtA57COqdw-!Ret75+_9*F<g`VfqBC$Oc6*y;1F7W4_`FSVTx&zVVb
z32rt$hdm;qS@Gki{C+YQB|8|sYZ9jHk$<VW`&$Za=#A2+qHl=mTX{}UlXi7JOfWK5
zj2JA5O9DZ2^DLt7i7i|a!<umE$AknXq%HS69=^Xgzcl~gD0x=Afkd8`1tO8#(BHRd
z!P6KR13l9BbCBvk2!x~P*ISoIu!5{-%Zpylj14ddP({aWnl`5kytvPlG}wUUR@fxd
z#Nnu{p#FsmNjZL&znHc@=yc8y^(uXcHNeK@4s6NVVmzI~Oz$|$+Xs-s&d{N_w<jv_
zF#V_^CAmrRP3jw!*&VTj23EcFphu!D@ARoqa6`fuh1*(xcHJ2J@Rp)P++IwtEZ#op
z>PTCrO_Vv_ZjEO;_B&CZl3&!N_cZ%S_i}W?SE87BnsBajDSj6!95_~(%Il{_z$Xlc
z3SVn54?NyGnvW8$>C!JxGy%Suu08|~u`G_IR7mopMOlVxh;4?1mKHd!&3<T4;E30)
zq7#p%WZ1;MNGz6kpdIJBTW3Jin}po;Z++w_j2NJcMoR7SpsRW`vBthEiIewOSUgSv
z+Ya@#hF(ZGe^e)aBz-ftpzh@2vt%6HcugjRQuNxZAqJ95tJ*F@yDnVQ1^b%2!$%5?
z&N$!4)UbX|pSblS$=?WL*!I0_qbds+URx2!gA(wMl$GLmf4oM+q?t)PX;Fq>J0+w@
z&ul|ipRC{wAA2noJJY)+f}c>X&7sfg&R<X-KDJEX_<%2!v$hb3{Iu~oPzQ4Wi9D~$
z*%pQezr{WC3i)v~p;~cv?@nQe40=Q`DPc^gYVh)7Q70;)w6zJ$Aws$?lb>w3?+8@w
z(fGVMcOl$=+wrss|FP-Qc#Tmk^CyH;`vdOCQAy#O54gSjt?n^Y_nWGg*w|RG62~4r
z7(dv5D3f96g!ZDk!s*zzSpxBtXGO`Rnag4^Hjb>~@#p6C&*-mW=N+_<YQ<P8PH;wD
z)@Axhvgmi2>eqaK1?O#iVx1U_=q9W$OPyY`Y0KiGHN?%x$b#h`ZT9_SNnHpSE2rv(
zy`yT72=~}+3M<|l7$cllH=+7k^Hka8N%>Zu+>mu<(P%W;HFLFB7%IP<EA?A=H%PHH
zE(3KU*fcOxb6nIlHGbM;THQU}N}4B5rtEuvPd_038%5Rl%7X6Kh;D;;>)$t-yOal+
z>U*BI(mcN1NeGVE7rt5`mYk{5GF>V4^vE-r@P#Lq91ptR_FO<4^vxPmeU}2JDB?jH
zxP!Fj#fqM~Vfid?SL{%7Y)`xmZj-wI-O-maI*-z6-xo_>14$Im6l8BfUPEf|wIk2s
zkugZ*h4ECAT{c|+J}-PV;~TXXhvQDl)?<8Fd4J*=wNgp@nM~8&=8mJ%SG8a9#f>U&
z$8T*4kbgR(9XbtMjc<tILZkDaU%OOyR8k|w<M@qwH`3DOr{L290oGJpyz8|{<q4cG
z$F?>6r)^F-fs=C?TS~91l#h*fG&&ai8&s5Uez?}dBuIkSp%=uQnlV4)^O<kKn_T}b
z;fPsQ=Ccr@Hy>+Fjd(G?M9hsMZyH8IH>OknjQXsTQk3{p2q$ykw%OoY|KuFH+m~9E
zKM5o!GfargroiisEe%}#g!I8~bMZ>W{jkcE66*|{&^30Z0;PJkXWH35BQJlvxltsH
zd${?FjL4{|oBX=7X|l%dso7;;YqoL9(&<}fqwmLq@%TuAScxC7xH9b!9Cc2K;WII;
z?Wp$H;=HvbYH?D%5Sp806k*ETK3(x-F%Od`b9WiUdF6U)zBN8jKpik^l@ghgv^ZaX
zp(GwRxF*(cc1_lq+bnYA`uV3@Nura4wE5E?d<(xUUEVr_&A4UdAUzMEyu#Nvr#o^&
zmNRcYQ@viPs!Qco68C_U<Cx!Em8`l{rPjE|YS^wAH-geV^J0>Tt>$Ibo>t}w<V_@{
zlI~)^=hNFU50SHFm#0z+92XLy#T9q@#zgvjcbG@t!})E)FICT$6!spc(u#lX4dzCB
z7TZ~8R*C+b49g_H_hV{JALnHRXX#AJ@@+1Uyn^$xxh|Ky$)LdMh_Q}ei*EWJx0s4N
zWWE`@((dMV#BRvZ><Xy=tbe=3=pAAx-%4K{&_*a7uOD53;SE~^xPrWWc%H607R-Ek
zBggShMJ1GP`FQAe!DXU9-FPUTb!Q!TOA`+^@bE@@(<al`R5hyFMMk~B59D><$COj7
z_Ke<icC&=cc`OP=QA$IbwJkH)oVgo^&ohUx^oG04Bx7p4?vz+Zu-m@-5xcgducdz9
zX6w$JubKITkjBQ3_jWUAlg9b$0Pu>oej<K(#bO;WMRd~)x*K(7Vc|~1jC}9>Y?vF$
z=%dbq+(87MwjlQ^kPXPT3ma49k>;IGI+XVPS;NXU98sB!)0O$+=?INQIjahbpYyLQ
zihGtcA3cq164xMp)BnrT7py(JO%R<ef}D_``(gM6k7wiACAP(~VyTq&$-)}U<02w3
z=353$=vV3UAEON(&lL7~l?nHb86-mIqOs_Dcw$c+4<2S582AC%VYI7cJv}@@{k8Or
zzd4;A{MJf$`+8XUmXhUB2q^*2=L(W&93BY^S<PtVi;;(^cS{ag=jo_fa4p@wlbG#F
zBKdI~9!Y$&AkUHv7s9iy?CYjRvM6eqUAz?gF_+1kUif2=oB>y{jK>YAAu`(YAG_zD
zu#X26UC-n89{Emr+~w>e{n1-(_LX>|Z+fwRvG#y@Q2d+W@_WH-%iEm<LebHd`y8^h
zO#40v<~VG$kMnRZ)|`b7?d#=6G}u16ZJGl^(b_!T_rK`nItAU#nrr^O5E#yR`H9Je
zLh?_AX=5f`H>MP376K*t7waXT&gdy-RT`}tT#viO@T3750@1ij*1nC)bVlZw(8pMZ
zukB57Q*~sdZ}T?WiW%@&jxo)yWsC9Xq~{cp+AZUby)XXas~#>eeDsujb<#`nA`o-0
zGjq0ktSf1Vd(VuoA<UyS<L4Rn*9fPGeaEu-vQ65|&-@<4&xh|;o%j<RJq~4fSblh{
zb)A2Im?~P9`L!DJ0NpzM!(H*c6_VaY;oe*90oJK*oHu9#3Vn|vYG#a@mhUYWEm!ko
zizt%s#Ly(Hk(DT!l`i^V3yGD5PvHs%+$%G4B9DhYNg%B$Yh4B%OQG2sw)7DUQS2?M
znoI{rIhhIsuL*2*h4%}Qw|tH*f18TN=T$fCwD*8&ebKJ4vGLxs_G(R=9PVi|4Xl-D
zoO#n{>Vh0<_`^>s9#4I&V|kurRi1}<H+{E!G0^4S!<Pc$vRwDdvCU?vCIuJt@Azm~
z4<Fa@h<ixhsvw(d;e4p0#@iTj8dCw;-{b2ubN6)O3vL~j$PI<zh7104>hBcDBVC=|
zeB5G-@aRwVDbFqg&vB;L`edW%*cH=rSkrSd9Fyl<lQiR~DT})7FqJN5H}0!xR_638
zEwUNExaQV%H}1ljDDBWCeNDPm-E{t=^LEHrMDNtkN`<)8gI39y@u$A5FXGRsTBgXs
zBICSju*bzZ!+)DI&2&p_s-R$YHNc2VE~=QFPbKhxj+yGAJhRmFiwnGal`?N?=z@7L
z-U@0y_(7Nt=g|?C2Zt%hAF)$2SD+Pc@1xt6h^xSRY0(l6jLdS^h!_XLrLA<V%j>&;
zk<iV%5mp#(ZBxDtD!WT1kZMG5wD-F8OyMAcnJT!J&fINCO`}VFnzwJw$@6u|lDnMg
z{<R?{qh$Iwgwq8&`bXQCcCZu9YxxJxtr%{4<C2^d$8qVk0S^L1<!KTlOmAESr*52N
zf4+5|oBw>?c*5vY(YESd^jvb>nD$Tf&)nhmZzS_6-G~K4INL@!2t#&N*Gh^eT#Xd3
zh1G1A78pn1F*EJQp~n-J;nrjmv;Xvc$M|jCDAe6$zaUESY+pV*teu6`oK^+@Ktseq
z3G19#ZsNBnkJDvknu4FZ<xc2Owj*-#4YXY#S$nEjy#Lj!l@DAoA~nCOaY#2Jk(4a*
z`dv=uGoB3PY0NzA9J%U;X_qFqX=iyJm-EebYzW85#5Z=Hku}PH?(4aCn92MaH|Cl8
z4}=fbxBV`!hfT@BjF&^bc3exEho`?e&=Z;O=({|#cxy2ZC!cfDzFt=3vnqbA^Gq=c
zxNctY*?)QN-4l9_R5KyZK~`JVmcq8L^)&j%dVz%mFMhQ3>Ma*~x=$Y8J9gJx^_2DX
zKlfQaI%ep%KQJdS#Zef|&qd~sM|+#J%{1ES1=NYncdRkIOhS}x5y#Ru-I2_ZSnWQN
ze)&+Q^18MNewM>}Lf>=Z7@0GLP~sg|tYXacXLJao4<ibf7f(B}g1Y>iWRs^-qlGJC
zFYK<FD~9@QkcA%P>TPe@FR~LEv6*eWPyAWCr{nGSG|$gRpGRD#igkF9RPyE%{e1Ak
zKlI$z#7t<tr+xb<DQWpI^4M3vL(894y!7NTa;k$f$WB4Y2uT`wJ?Zd%;6>=rec{f_
zeKsk%=-pMvPfe_mo3ZPwtYn4v?z1>bc!@>yntG6=U-!jMVkgA;^jmHMvCek+j%M&F
ze;uFbc4y{v+H`+H2iZWM-JZx`!4{Fv*urV_1~-rKdK9eS*RSD;QX0P{wsrhA{Ug%@
z!<>a8f?qcCeIboI)vsnRs|<e0$PANGOWs<!&r7ML;+sA7PAfQ`<a^U4i^J&1bU2^!
zkHd;_(eaYu+8Z+9k4FzkJmE>?verkxuu|1cc%Jpl7x+vBxZJ%)7;}5@qusFN?oT<g
zuzQP%tnGJe&VGPiDmw%d>{vcH)+HM4jjGB%GDnD`lXp%p%=QYoT+e>;{64Rs@4tc7
zQBTF8JvQDJ!Xh8B4gGI9xjIv6PPuv;egd!F`ED*rn~%m0NTC4&TgU378>xeqg2Evw
z3|y+DstgG+;<29Jb#`w?P_tZCM|tiyCC*u<w9q~DK9!o<lc@#Qn@DmIdCa9AK;}Ko
zWhFa~)!q$S0w<T8U%mC}PV8iBqL(G9xxY>l9fn=+vyw-?@#3qNez!w6B9>_4eIWl)
zH}I0A0T1_FnRerA)=u$Ii%iOcQY;G&jq&$Pd`a|&%=`CG&&SsW{k`w9`&AId5Y9aL
ztX4Pjz$q!&_!D{PTccYp(!Lx){HgWJ2wY9Z#&0;(Kihl86l~?Ko!(K1v19LiX3$F$
z8LKw?X)p%wjC@e=P$1UIAg{wt(K~wQnc&HWI@W6s!+iql#NUf@Y>9x@2c4#IFQxmu
z+WP{_9eke|8gjVk;Jg_+!(M3P!uDS;ziGt&$g~KEvg5bCRUca6ET+0{F_fl8&Gm%r
z|KaK_qvPh)h3%OzW5dkM%oAp2Y@iJ_%*@Qp4Kp({GpA{oxk-~W4Z}Cj-tXCGpHDw*
zEqN?oOCC$sTGn;jlSe4KIYnk<prPeq!85oLa*nmv?QIozGE;de0x3@~I^<p7s!j%h
z1A{v$sBtV2&z|??wVq#6><`o;b9<g2pvUIk<z^BqS<A#89QQt&_{uJJPLSN9L+d`O
zf`Z6nk|H`+EvO;_D#KG2Px>;J^ytjuk8vwbCUi+)XeMSH&sFJE3LqQLn^r=2O(_g8
zV--0TzVtd~$zP2~1#cMAy98AGg&O!hr4&rf0vXv^xF>l?3TNjMZum-l|E};lva%Q`
zOH9gzHO+tVQ*6kifxj_z8o@fcR=!`pAk{*|3MlyPvcK`y6&ZoyAusJiwo{ls)tB~V
zE20!*W6J~Kk1W1m$&31%s5>|DS|3DL!)0&y%Jh%51M*e}Q4(CtRHvQ^OpmwMu3r#!
zzp1V^4WJ{ukWX~*-Y7;MZs;5dU5-L)#5`_KA5p)In^IBp5<=m}W#jq|sZgS3=g4F9
zI6IsDkrenTYyp=$BeC>nUacexxr{KAxL3q6prB`vzLhyOYx2*I&7Ug$5aFs2Zj>Hf
z8;RPsoFZI_JA7s)!8WWUU*VM@HX&5vf}a6%GpwbC*Ai2}s#`eD41CPsbK>$|hEG*m
zX`n#9zpzy)EL=83T7wCaCVGpT#l2%@(!buC-ephtk?Z~LtT)XwP_ttVx6FadDJI{Q
zZR8W=;N`A@T0YIz7u9N*AoVZQhngc|VOeJ;E+K8GAT1&dkcMR`o-EDbEvnMX%+R@^
znfL5GGfH=J{?L6wC6Y&?cP_NrA${)pQ<L!)@PXwLUNXZX@;e7cC*I)~Mh`)0dPjO%
zBa6Lm47F9Ok3#M0LsC(2gE|Ga%AsoYwks~*AI)S+$wVyU+26!jI4Zg4+ANZv48x?4
zSbIj6Ln+*qQ)X<QW(~bOo`xmhI8;WBJ}j%2E=wM4dG@J^05fx6dHc?fHF+^E189f{
z@fBfDv=8gnQDlEt<7+19HKs&`_mCHM^*gaPhVP3HLT{uvQ_kcc?<V<l#HeXlTrfGy
zB{IxfeE1<mE)$?QQZ@<i%0|IPjlX-JkET`kZ-!B?>mhU6)n+?Ej;~%B%1o2V$%T)2
z5vY3RC2g!Q@baoX2K0QN6AhOa3t{(EPmBA3`t9Bl#CFzzw7+o8u0^q&cb}5_K|JEi
z)7DxwGDJ5Ia>@(28zdfK2@4y;#vs}jlC(#ud!ID}G|RO(nnYrvk<nCt(N#Fc)jgl4
zJ)U{Ul>K!r0nIv!(`jRsrBO3uYEx?vn_9-tc<`o;_#$;xy|oyz(_VrbvxdF^dSZTg
zR5V;-)52PcNjP1%{I2$Cq)hgns9a$R@U)b;g?3GN@aA1Vz}k2i!eU!|EO^g!saSwM
zUaeG=_uM?z=|sXVDd-vHXhaK-l5XkgIZyhS57QoM!vPx3fXvLp?LUQm?P*L1D>b$x
zz4cb`TN8G0`pXnrW0ZuU2|)an7q7flcG{t_{_O$Rio-6Pj5L0w1f50My@6U1!_*Ly
zjD&<=Y^tW!^5q`xq5JQIG}f)X7-`uPYd^YmB@A3&?m+WjY17}q?6U>qMs$=(c^VGo
zS2@##H$O?{az7aainVR&SN6Xat>~!Ydb6aiconwuD`yU9-tDIdr_=Au;G1S5NnZ9W
zO&bpTk&~Y88UsYxNO;=6G+>J_xO17PlC>4o?3;*^I8Th-6w;s^K=!mbP6#dd;6*5p
zYy5O~o}KNamZbU|TD63|Ppo^=h)1k~d@w;3Plw`~cO^t{csvpT`2H>DCVIapG^~P(
zaUXVVy}Yb#n^Y_8Xx|Rr-iMrEFw=S+4{zP{7+U={pD#CLhelXNqp%fq5%O?VDdP(V
zM<gb*)B3!WyuQmPjOm)}<;TXJkifJc_x!tL%H&f8sd9+M)}k9O)tX<$#7B&5t&{Sg
z<d|wcJR(u{Vqp!2C@T&PM*`o3*Qh%s=}`8!Rd?a($j2?eNgYV^N7F)x-dM<97Ku9q
z-S0;8n<73QB!^G}yVJK))EH>KC_N+TGk2;4?AGeR8TLmo0T=U<wI2fzpp3>K(3dq&
z29C}94*Y}RiJYM?b;q?9cGEvpI?SLYggj_70^7i=jf77o^7YiKuOUdd7`2_%jg(n}
zG9jxz+d0vmm8yE~a7qR1qYb!@^v`e#9bO&Y2i&u4eLnpfy|~^UH}8vElT$q|>E;UY
zg{>3WyV~mFVq1v+w|_$4)~4V^o%zA;;6@`8CCv88#)puhf_m14-AHi8$-_!IvwraK
z3ENd`!A!A;fon;jci_OB|6kDcGpCgy6C_9amQoc_SE{<p0DY<y6sK450tTkMi$Tn?
zQF?S9t(e*)OZIsMq~ptjothT8j@VEYweolG3fcF03)o%N0{%qm+_T;tDY@5QQjghi
zX6|#cD!$YhZiOXtQEcU0Za9f!jZh8kO<U;1K^V9$7~W^e%4Z#t6Zmboifc10j(m+#
z59~}IundT_9nDr=GG79Akn^g(i;7mpTrj~8Jq2vo{KV+>&6x=Uh^rege3Rmi8k)m4
zf;g@JPU=wEH;S)tx5ulkS?ZTrMg}eKR4Y%*Ws(80BQghHhVRw#ssoGfQd0jeU6ka}
zk<qijdw*~mQl#%7r(;<s)y_FgGF%Z(^TOhzhGLzq%5^X*Tg33K;5Q=^*=OcLrH0x9
zqD!;$_~BS%!_J#bawCl(j~649o|oZ)`a`J{oS0~je8ifY5W+Z_O}oLynp78E1Twi}
zLB+KngCCSK)jJ6&9^w?|ia63fEF=OWte#<}zj{mQ-TpB8RIcUO$QQ@aDntle8$41;
zdYr|C>E7vCT8NlP{!o5<`9*2?_)#v;PvG9fgF82yY+n~~q_IJc%X5k#>I^rIyD^1%
zEQC<LHh1^r#u=yq*mS$DU|zZo+J*M|#n~+od7K|IIq+yNbLy)xNq*1uf*RIMm7L>k
zJ+|mDzBm(N!y;={_39Ei*MTRUnI^<Q;eb%;y?3Z{QB`5O#$OHj>@>igVYqi*E%W>9
zG;+Rz(5D{+cEsIhEk;h8zR+sC>lx?J-q#PI-iC)aLxwl+Yd;@lrrUTe{GO>5jzj7&
z6l?zE0DFFSJ)V4JT3pg?IGpBK(p0i&!S2F&U1e#iE3qYbst`Gx3Bys0D_*1YcXhQP
zi8l*t2|~=XAvzk_n~UE?9TLQ^acz6K6?F_VYhp-7^A3>Erc-b<p{18zmLZIVBrYSZ
z&~^@y+6=KLaFZ&2HRupfW!xGQn}*&!8^4K+#Z<M*SoE+jH;l#@{T27f1QljJc_=2T
zSx{|b*X@ew#2<*LV}!0UAA6<1%_4^<XU8GT(YR?XoLQLq<L2s0*;Bg$zwaXYywLyY
zaaTW=T`65D5baaZM>4#oFj*#2@`fqX;bU<CI*)>YXJ$c}-*9x@y@6jWDCxVR<>pt(
z-)SDUY0C$R8F~tGRP?>v(i|Sh0*wLp=^%(*>$qQ1_9Sgv5O1c|79ZP*sN4^kEq84S
zgx>yVZA{M8h<W7t19K5b(EHlUoi<&xbmvL<Cek-c&I?SRWT?`e7YD2HF@8A|5TELR
zzoN2<S+}Rwj!K&?5Le1<5?Oar%6G!e#H-Dc6J(H=5l;C-Ts`{!-Wxa4gr1nhc8~Sr
z_^(N-%%ESBwPoiV{WU_~5S>cqm4vEc3V+u3!5NW)x4Q>(ZO=I?)9*qA2=}L|tK-_~
z@M_isS;KTBQX@ugB$v#;;F&GvYak&bgHJhAmuPV%YC_9Wfs0(@Q0`LsKV&^-D9K?Y
zT=40%s(3ROsBQOof7?EdX($FyB~hNYH6X1a^KuW5m^PG%XONDipj`JYepxn!FlrKZ
zE&erc4^7sY^``R-wWGhYO-jiFe`wXqd{y)fmjylkVeZezM(+Dx^qv_wv%OVC|4kI>
z21<s{zair%?xk)BPtDv-zb&aiQX){V5YQhNpzq4QWGIBx@HztPJ}dTj!f*ZHd42fO
zl@G6rL@w(86_s}B2Fth0<_zFH;a9E=a*EM4OX>i6L}vM(lio30**~K>qcB7O=KJd~
zF%zEfHA)a4OL8yR$O>}<z9|-<cy@h-l`~p@=a6tNP7!4%g>G)NlWIFG&iT=UJ<jpw
zX@Ki6`?^s?x$?W7#1QF3Owa2$g@B8%nEjJiWBr?H+m(%({htb642jKGUfLhVma9g#
z?-Evc!B>ovNu78H*eb7P>fUP{m&r|k?=;u_?+VF5^S7EiFvMT=DJzL?)3=~pB1&Am
zFt`aX+SK@;>=@+;D}%o7bL&>yq?+4l3hG&7__j~2s(6?ty{RhgmU2hJ8z@dS!zE_&
zg~5kilNo-{9N{APRrXf7o}wZcBKgP%ZDFqJ9Lw#65qsNrRdm|x*s+!F=XtTAxU?lV
ziAgT|zwH72)OYEDW$jck@a!<cpH>RBE1);s*+N-)&ilSF(`C>@QX@apSQY(@VgD3K
z(cAdPBnSPWhWErQ75medCF|MU`g9|mbBB{dmPmd1G%v{MocyRK`b?m49LuI7^5x52
zo&mHX4w|4gM?mJ&T*!?h-yD>Q6F)xEu(Nnx^oo?KkBAM365XMuVLxd*Rf2~O`T%|?
zCN_G~24geLFy&3VSia@^hw{9Zvcz8vr7a&^9WxP)*q=7^+2)`2KX&%YAD}o$IpORg
zf3KlJ*7?zNPT=%+j~D+i9SF~RcN`P3KQ4}MFqHM=P4m3oPlx#tFl?6ZnC-k~j$&n4
zh)BgKFP+UKRp!M<`3wGPLplL!YL*>AG*aXKoL<y!t|BKr9**<pqOB7w^MsDv(4-%=
zb+qGbi`Dv_Mi?Y#zu`PmTbF&)$AkL^7UORLj@gqE<|5ez>bp{|FuRIpitEGZlK1!D
zBOyV4J~DARL8J?-*C9}cMnP5H>p9%)e=<4$1oumxC#Z0chso_b-RQAA#OgtqjL~@$
zrY|Pm`^kUYbPFG7lp1ok2vsn2_Z0Apw!yM0sIpkM{dS|W+Q@8vaO-EyNMai7y3!D8
zJ$L-hYJhvcdm}yAYF$n?@u!kJwqt-NGsPnL9S+9GeQV+qq*5voNsW9kMMgKNbF2+e
zdQ5kCnNE{=DOZv*jP2`C)6_!X8NH`2$^8aJp!vLcT$8nqOGvWZ?XIwK&&ThAXq<4j
zX4Gx%s67)}GJ<pIsL=w|&1ChxK;)||{?|ffR8rMYVZwEx3Z9Eki<QuipIBRto+&;m
zN@E=tG{5t1@Kh0CeO<0fKw8_gC5O$1Xm7xoUa5}8R86-3`_%0qZahFN04SS3FV9)S
z#t~d<v00}wa>_>_b*lByDj!SdsfE|9kN#u-;QzKejdyVVzFcf1ZVNYAg-&o6pzi-h
z;NrBeB#t|F(-dwT)EPlRM)EO5*YCb-#lKxgqdVKKuF#87Syf1NK5#Qx;Hs|kO3UO7
z_s6$_gG-5y|B-8J1hIl$72piX$-0=woX`L5q-m~Rq+Alht-HRZMV5a79!Pqwh|;=<
zi=5X)t-IK+r!pSYoA-s@L<%1{C+NlSOqQc%^VQ{Je5J!L&KfUGy9*lm1vt8E_{M-O
zN@BNV4mx>!%uzsMnJg(c;ZgS1zwfAxzk$7G%<}u>kifu1iT_iWH&lNPhz$K>qt3JZ
zF8)3P##6zIG(Yqr5o&&;s=7i1f#->o16Ec6#Xx$Bd_?_|eYTi*jIWU?M|&;pycN`~
zA>tQh&htLDU^hB`z-03=yJsTX`fpOsw=*2<qK-has90^XZ(k`_>D-|oNSc#?j%=f8
zL03(aYwmf_WA?$c4?(}$evmZ&PW|1!VL2u?`u0pYO5TcDqRJ3pfby|F9~!km5<t{o
z=JKgC7xBBuhh?%+oT>wlB?m}H{F*SG%d=EDda~*b2?@bq&G;Nc<PuR@FUclUNO5~q
zo=ZgTcdlH7I`3Be0$|4Y`@BHxqP_;R4?Gom5<}wUq0w^&HFEQ9Bef(tLiUtiX3#Nu
z<jCL{YXM`|;a!)cguptk+B>8f0&MrUyz}+f8li2{DAU*gsoT90Q!5DwCd!qy64(O1
zpTU>=mG>kJQO_+^-RU^8xA%riv!9#1hDv#~bT)R1VJV^7c3zanzYFk)?+<JwmHm0}
z^li3<_)%67`#0KvK9B^zk=c!@6U!2jFZH}UBi-qwe?kQpafPtX8RgRN4z^?!-RcBL
zN^;OI(6;PU1pAISf`8j1k>(=Fbf?)EXCXp6>f2l-h$fSQV2%D^Kx!4x;NEQB{uVA3
z!XSDzloSMAv8tldP~y}Bf1P=IF2J|DFY`#&>EQUoGn8G;^hSUA;tnDO<$@8aUvkFT
zK7Baa@l8mxz>5I&VFcuM;nO4S6J!`=GD%go*V2=dFYp)fi2@6y@;Pog>_|~y@9S6y
z=3NsEKlHc;kgzfojsiU@3%Q~i*i=bN;ZOR#D?AzjZOlbrwJelEcKg{i_Zq4&Eym@N
zw7B(d=_aGXF2fe;(26Z0WoCRNje=c*5hQfqaK_3(j)!$Kv|MePAvQ9ZSi-yH=(9e7
z^g!<vS+8b~p_8&*gtm^sq~U6L=qq{Qib(6iH(sm!{xYif)h=^~-_M+I?6Uv>`D%5b
zV*TgXl)4_>&Jk&U=iMSz!N=Qg>zGEJOg50E;tCSYV~B?S1pu=iRsKM}SJ0Yd!HTOl
zqsn$cTNM4##8gMX-y`MI-B$z2(Uq<@-wwFm@sO^O24(+SfxMi3KdOD!-B>2=EuM->
zrp0i#P-O~&xh~xbDXa0df*pBhb_{rFebCXRkl-27{xSIm{2Z$s$%Hb9TCe+rW~M)|
z$8Nl5Fj5Jv5aNxn`!AewE2S83Zg#x~r$@)Yi-6l$8u>1_iF_et%&`G-HXBoSq1go0
zU+lSKfhV?w`s+%+VdATD#t^1G<d3w6$u79SkYh7g^?RmQeCGO6HhEw7EO%zx5lYLe
zPlqfGB2;^-xjhG`;cy;^^w`D8*i4hfiiIsC0aEGRamC{#y~fw0OY|1%E!F49$tlGA
zF`ZZv2Q2RtQ4VH;m#DM*=9bctPX%Om+4DXLlFU6++Va947e|^)hRr7JmQZR_eyOb!
zL*YJ*zrHH&IOg5DJY@`K^DMSO?L(U&MFr;f3<}SZj-uO&#C>vz1(0LE9^u5%_LZ-=
z4-q$-05}Q}KhP5OWmu6Y)j$UE8)J_RY-mFk*Es1GHhF%}nxyBN7TcL9Uw0|LA1wcz
zH+^R}At8FX(J02wgykSxhu*~5;?Hj2P~=&CYv_%r<}tOmgC7n1O;RkkfQuR_e{}s2
zed9qY1$pq8=#bABT?;GPUCY&SS)U)9oyzAHjAfKPMX7Fszkfubn4o)IT7V*g`-2~U
zfa`aMZV7*}-DG2a%r-<u1L65Em?AB~d03W0*ehoH!}xL`FOM$`31<%EmL%_J%4W(9
ztMt9YxCdSS)oLR`X<mk9@pvibVtL&}8<2Qij=8&cDJF9mXI2kZY;g-ZkZ+t*cn?~0
zwTUV)`*9{bj6Y5-P>8m3VtfNze>2NX=Y}PeN=Dx(1Q9#2<B{4TnU6(s+oT286J{NJ
zt)lz8cW07rkqc;yD#Twx(wc_|!7w_vXr#!G7l-<QkSFcO$j8`!GrjL}KYJ4W2?{xx
zSW(r4tq_*Ey&&a_Ec%J<w&^Ep7vw8TLS$rm6J=p!Mo3A7Un3KBHf;%KKb^sWe%g=c
zJ;dB>8G>Q{^tU<VSxt!&VKWW0$pgAFjyXG4J-&xHou1MtaX!hbSnNZ(xt`Bl*;bj3
ztPW|%eP6H&&o7#e{qQp<8L}1(XCMJ$JJ%!#F$?l+SfkQ2(fsW7LRj&aVVOK-j&}6q
zXF-K4=!@%jNaa3zYUxN@-@#wgdX#~u@B^x+HgE?t!_XqvfYfPADKr9}G`Jp$%eMT2
zxR$A&zW^&-Ye)qOTimt=OSwN6KIfv15cqC<G9LpD${9wmQsqfz`RvNy%Z<V%oEFPL
zCM8%IQa%fcK(Q$2tj^f$+%UBth;GH}G|zLE;u1ZW)~z$Om@<=lUL_2kqhloEttXoH
zQ%K~8QKMdcgVfPeVY~x^(`7gxmF%i0Mu=me9>}I%9IjPrn_<=(Q;jp(3k|0rE!Wd=
z5YGJg23&=yz?)~%H|mq=80z*>h0WBo{%@BQCy899750P;Y=Aw4GB2wU^Nqqi|4Z{-
zRrst1cuq4h`)&7Pv*RSvnQu}Y($b`^2|H9CA>3%cldZ46uN0@Gz_Y%8%H)7CiBqQz
zuhk2v(BXExlW`v#r2DukR8np@g4y>#1{DUbeQR|pkVLwzY>Qm6S)@6Z)uiJ8M5k$y
zfpXt4=gFGon-4AQR(nw6GDOgnvM(0#AhE6)YubUxA3lk!Lap&V>0&uXs0y1&+-t1{
z(J|ebLC^0nSHOPSFVT?$k$Z%(MfB{;Y+JXo|7fm2nLeU8cv>Y3|8m_-D#wSGdcY$&
zG){`&m@*r;o!^@<7|3mwb4BKca$iwqew)6hXXR@D-V<I#@<?IyxnI1le5_^3V90+1
zt!!!l&zAYxvCsH0eKHFdt!l&O_2TN_`cZ4lg+57EMmx?V;bDv+cVEo}Q;n=QPUsW;
zic0%(EQh@zfrmk{pupk{!U7G=GHqWN(t5T$_mt+JT~#66+`oyIRVwXM73umn<%v7`
z5~}C}W=m<~bWYVvAro=U>~SXg#REI<Ge>vm87XAdD@-Y^-H}>Lhr?5In4xDOo*`LN
z0u!1{gcB{WN*G7f{_VDO25NG>0&kaCWNKX=zUvMmGAFqPV-!LAFi;LNllnfm)PfC?
z>0)rT?e7wOuA?*ws<$J*y*`KZ-8R3Gm%@I!=N<^dwbrfX4^HsEn&o`k#m9sEbTfHO
z<q?OWr~1@V!zh#%&U{q9Yg#=}lyQ(KF3DWmYakoqb)Y)WP&&(r+v9edy;ZQRTf?F4
zW_!+bky-c+Um~`86=Kyt9f7b5UCb<Fjtkq7hR*pHGgv%x%aZc7?2|t2Tv(z{RqFMR
zj})-2BK^k#I^JQ6-EdyXd5Z=U;lQ7L72La2gBMsTOxUSMIwJZo%Z;Bq+dI$c>-IVA
zUw+>FVH+uubolh^XWu0Cp~Q*)@#;$-sTAds+R#_YBzHOjbSvTDW{%4YmGx4nBjpwK
zMY9Qq%%!3b0@5mD800BKn?s=<0|pJ_K<8q$@KUHzfDG!3IWTx+pkOMO^m@{9Nj$`j
z!L{=q{^1>6HmH9Rm7S2Tx=FKYuFAIc_aPAp#!GE7gl0$D4h(o~@aMQ9=$kVV`duLu
z`rJ(QSat?N(nM=8xLY<bxof?lVm*fvi>V9i`MRiLr-6$!9xIdRJJ(Jj?A3T)K*bMM
zl<VxQdHv%Z>{eqSk(rs~hk{1zsP@HFV3I7W%vELYFUJfEB!+{jRZba@24VHp+zT5B
zd`regKp5#fcB~GJJTG6%LBini2@OooRy3`}!JfWjZFUqiEcN)oEh|-g)o=l{wT;q7
z3hE<p{Sfi=F$pmKNyUKw(LWCpuxfdQDN-}^s4}TZ3o~xk1UJB{5JOh@!o<+#=l5$U
z_RmLa5AV1`PxOxda`4GJK>;mXqk3L`vyU7HRVWO_5o`plN+4uN;P@i^ck#0`C4`R_
zqi|~aNIeHhl5}Ni%HCklWEQfhRfbN!KbOQh@mu@3JD9!W{MLnnFo-G?q31!#`Vy{s
zLzC2BA5VD4M}z!eUYB+_3GVv6^vg|ba!bTsgqrPL{zCTFsb{ChI;wc;XE5)O9xr@X
zV`#-ytu?<^1S?QWrZ6=czR_CS(CLutS27IaA%N8UV~3mD*>O1j;I6!D*t&5BA3W}y
zo6~A#aOZ!j{Jdj-2uc6@#Po`1?|JicVXrG57jZq&o@Je8kj8AHGZLY-aeq|~v7|75
zEy{iy3{dPOi#yb$k>ej5so-;ZSYYELjV1L}c%XY7-MmcI+HI(2ZzGl?-=r&8&|T96
zO~oUIZ-dV{e5a|*OVOpwyIP86qZG+ZA_4Oi5)j`@RT5hzK0m2RaYm|W7ktNq^!D>C
zn+GK>+w-Jo7aBqpD*+e(9=bTydpwECL@Qfg)?YiaDZxB|gOQEQztH{O*ZX=Y^%*WL
zu7r`l=_6NIgWO;8Io&5JD=f227d5Kn@vOf<EF|-<`uY_J4{3t~v0w8ew3p_uh#<!w
zp$RIz`=V4e8jmJ)pxs^=ov<U}@Og)md||Xx6qcHJV<m+KSlq>rnEi!D%^LL!y`NV6
zYZ?YQ?Z}^LM5?5debnN9@*p;`*Vovl7&^3_r4`PAeLbIwpL#GT&ve`X!!5}_5InrJ
zgF(fcH`3v9NAq6fdya_}jnAsDg<iNVu5Oqgs+YT?dPV8+t8zzwp2G#ANWA}~D7sKD
z6UH3pYBd*~%zwwH{B-So9>t9prNs<is(BIy)%HV=-}{udxs4L-ukw&gLTAKs9&$PQ
zqQT%F6@<jePVx=8CWyhB%`~cOh*Yh(Kk01bPnufs802a?OyY=$;{$2MN+t@rZP9<j
zSB>4=#Lw+r4h<t~q+%dpn}!E8N`+hl*FNtr$O<r`UV!%ddaNx_gEUAjb?k>=RCDww
z#oMg7p5DrstcQj~UZ|o4aldwWPvkZ0O<rq@uhHT@OC@PbdL}m1Irfor)RGoE3_=9_
zDct%BNi+$tP9E*GL}oDZ6oaymaK3^wXs%2=so7-4hs$i`^{P6XJqLTs{gfgMnWl=g
z7RN+Mh(uk%Qai+WG%PJ|WmXcDl{w08c7SriH$Beq6;=F}VU8~&#}@(u<+R=J$+z8R
z@{AfA{I9{$A4L8WKEY7BlF4Cj*i9Y`NkyOZ@tl~}kHr){_T2sFPb3C6esfu2v67Si
zreei>kb~yK3l2tVU1WR8DDTtG{dF!XD!wQsnReVuRo3NX%vnt;zol0ERHq`Zbo8X{
z^M$D{!lk9qd?mG<Uz)&lsZPYv%C4N^CMC~KF!~5=<}+#gS;hR1&{20w`39_WwS|*x
zJT%$Uw2#3qVFeq@kjc=h0uGRjxv(FDa5=wJ@*6uQ(t1zZu5RKW)@$4&YuR*5tK!4N
zW`<}g(Q)+@uzAw(X3L~+?g@To`IB4WgM8cfG2DCXG}xj^PjXW5GH@BSryu3mB5RY(
zy!|^VzRaDT>5Ew9v<`3CRmME7?lwFeBShuugi10C8aL=j=R2F#3XUYFRIx0)HsdXB
ztPI$OrD+Ju8*`c*Qr3x%(B5pKb^V$C7-k;DMXXkLVU?p|7UCkf?App%RaaE%ZzLHW
zhUAAK47L5&Z^Mg<N=<?hwWKetqthW4NURx@`omB7$unzO-2B+7S0WEWP<aylhQt~p
zVl*3G8W}nmkq8Pn^96_!rlXJ$2-x0l$B=_-GVQz+Dr_-&8v0(X(M;OqI_}<IeBz=B
zx+6BwCqEe!c~sf<YcrK)f(?UU!?ET0zZBr75dXOKxX8)UHUlRs;i~{u?$qd*U@b9e
z)guoCk`^d?Wuw{*^(*l0$M3&I@_|J^UG(|pauvq{W=c~l5HI`?eQO?(<LRpAsUYGU
zR^ZMEW2--8ufd;YU;sXCH<ftz3gZnpA9cW@{9zypT4r?+UjB~2JL@L_1JPofVyflh
zdnMa+?m;^HT$_au)moAHIS0<D@v=n|p6s!^#z2p4Ha_PmA`bF9cLunDhbPP9e4dj*
z|M+$Pi9`^k#HL9T$QG7}Rt<6b##~cpjwM%Ks~dcg{Nvl~QWj!2)k0?sfkj6_KeQ~8
zsS`;80R2Ny50aSKCLc)YweyrquE)CSP<?(}BW)PXZ-NT-?m*cVJ_3<WxorK#iq7Z`
z0iTZ}RZWsya-LoS|I<>UKWpvUqWro2&MG8J)|ih*=z_9Pubo&j*tn!QIa*3#6R4@C
z847kAXvFm*fH`Y|z^e78-|!Nms$|8VWfsYKHSK;5#^y6Dd4TvOPsM;cw;JkB8rW*B
z>%wgSb1ggGtIc%PRxAZkoMa&HO@`FKrRJ0@Ftgg-XK>!*B9W5JyH>4bpVYK}#~@VV
zy;8(sG6N_MlT?T#e;?c~^==kWA%9)^eNj2*1Q=ctn}Dvb(#dCN+pajD=repiSwYxK
zdk=JJRh-M`l<TkqtD-a=!oaE)+~Z|jO?~7vurN}y?;%x9%|xd)EkmUM>{QiI^^mGL
z+E|vP7L(LU%Ly#?4i>-ydafAW<{GF0T)3i8zKUKI7Uh<HrAfCyQ|Xa@J-jWjpQuo7
z(Ja4^NS>V__Zs)Hq=05avcT`>mPH+48PV6?Ed2})gwck;IFgmL)jMa43UMxpXCGUd
z2yVwNSaP>Uu)DH}mCwHCb0v7K;J=mim6AjuG!A05blAFFCmnsV^$OTSl{qWkutik!
z@|eP*v8%Vy3xAJg^gGWQAo>Q*n<nyh3($7N)c-o`aC#Zd;fFb)_|#+|g~oYm>QC{<
zdse#O@Gp}6pf8tAh-aLYpd-DrmRCHI;HzoT5Dkj1f+%(cd#H!3#T_-tV}6347P-dr
zRx1pU6+(Na*gs)Iv>u3@>A-SOL$JUq)Igy!Qh+2~R<l(Nye{I7+K5*Da`2DsHxlxV
zDn}Os){@pk)Q6ba#oCWyC4K0JN4p|oNq+y*eL2o@%{yM-tq5!s1E#5IAsWPY(8o8k
zP}wWEC7*amWhK&I_G&-^HMsY+6pu|C!5}liFo;5}12ZwLc^m#J9~)=H{6wG=f(vt8
zwp|=O*zl|DiWR6KU=78>Q@KH3x$x5Zn6{mOrN+Nf8MQ9F8)^v2?VQ^R7IK26)L0pH
za`})MeQA2t5lR(M7T7Sev*^F1606A-fJP$h3Z8{_e~N0==wL0sUQ_G!KGoRtzl;Q(
zYe5A>q)5-TuR%Oj2J$IyRYo_~`lA{>M`*sb0b_@qY-!iInyO#?LO?3*(H(xeyIww<
z4KZt)S}oS@7&NM2g<1UQ0n3DpgUlEKGk7%?7NIreXEr*F%7{2bES~a&(V#qL3AcR%
z9jOY~8#h-CTG53{HN<(P+@p9MS^5!e*V|!I|GByugj|Z6aE@yTh>I}&$i!eM)i72T
zyjse~i0$40_P8;u19FNAEb-4q#*|kl){}ySk!xI9k{!z^W%YNyYt+Hm&(IRkntCG4
zk!D3M955rB%yaDclSP!W84b*(ikhlay$%10RS>yWqQCjod~mH;*3URAFrfpEViIhH
z9lnZ4N>U%?T_6h2;hiPO`E%vhn95k|-<fXnxZz_<_T1crIR?5JT6FQvrrTB(V&7yV
zFP}!YT(Jz2FrX8Mqh-UD{T&G#d?!GD28}3$s$0C{DWXvK>@YVR=)_scBlKSUTu2ra
zq%`C4H4bN(^OrHsxW7PS1isjhxBjFt_4>yjQ4hz$Aqn<cfad6AV#>ahE`;g^9>P{D
z%z_V0=n5{f`oEegwbYUL(y&v$s-SUA{q(~D4O&fu+6qksK|*g3iz}}cj8WY|0O0+D
zXxk_2<HG^-;~v8QeL8RF;Nt^2{A0KN;}x6adiK??rOyX4FwESTNQ~pz>0>y#Xos5h
zkyjo0v^fM3w(Qr&WZQ%k2Wjynv@!!<25>}Cv2rz0{T*c8X2+>GR_Kil|JBtyx@0Wf
z>sJ!Vl#0Oi)V_n(S((i{@?zs(G{NA4BrIn2ZVFz6DqpiHJCI`*ZKU(53f@|!OQpeA
z@z_gr?f9W7zK)3Z?K&zgY$lM+$$6-Sx;@6Z<Ti*RRFW7G<et)uc!902N_*#Yio7u{
z$jP$7p7|(S;+I3RH-a(4xO!lStPXXlD)QLJgOeSjCr&Mk_`FzWyW*(eYubc(c5OnV
zI;q4Z+SRS9^^6JZ;+p33u<qK$!#EM<Bgmdd49h02a(n$;(vywv{6Pgba=#&NNP8IP
z)+<m{?yYx9`pOM@Ylj|sDLp1(vFje!gf{s@N}g$MNIpev@nai@6!6M3a|ShBWX4Yu
zg~9Is)Ivth|Ag%7E76E@$yp2KqRx_tX8n~H2RF&3-k|NN0vmvg)4be$PeKb#M1l>M
zB1(MO{lOADX(N$4!Rv?L=e<6Gi}K6vNiK}okukPoNr=Qv0YZYAb!f>B)8oN42;-sd
z=#-QyBZ!IzC~9gG#<`qRy(uBJawn~RMAygX87)9K9m#4~?%WC|bat>qjeK5hQqem%
zfun*Jl4iK#>-}~8_ct4)-ALTPDkrZm6vATlfPWGMj}HhAuCmM(L*z4k!s72+K|DEp
zXOIuu({Lk~pg|KjR^gb18mL)3wPV~N+IvopR8iRY82|oWnj{zIp9-M-RjMttwgFHK
z;pnGs6Dr7_e6L|ipL5idro>5mR7lcG(tGmzURPwoVvd~OO*?31*`;{Ok|aEP^qZ=B
z*UVp55S$uvRsN|8Qk2T|p6BGQf_=CI!`YKWPe6X+NL`8(yV`D6te(C!Xeo?$t@95J
z!k55~Q7)vd^O0?CH{mab8IAv(4S-&4%+HrcnRX(8&dk-%6X_V8k#KH)zmUVNa|Z?4
zm`~LZ43SiP{nA+o<prC*F7B(Chea32b%qN7z=aUQOI}|Cco>Z|>1Ez_;pT_)mw@<t
z1N4eh#JV1_PHkOI89XTY8fwy24_!_11>VZ8{AzD~icv5=-`Q9g0TcNBOuGP}8;Lv`
zRLq;DF*C~N;j!5u)1C`b`iF7;V8rA#HEp&*(kL@RRLs?Yf)s?-&3Oijf3TrMu=F3-
z3C8RP@^?!lj}+DEy8+|v<h%kn*8|uYcHjG7zJ4ckdyq%_9sq!#AtMu)8%7K-u2+;F
z{H_B4(u#f+=x;o}G)g*6n`=eE-X+Kwoq8teMo^1%Q3UCcAZvQ)VgC3=xaP#|-Wh7~
z69Awp?xQYk{sI7&0RX5FuLDO)N<mA@1s!!WQr@C<2H%gc<vX-49=mSI?cUUVrpz$x
zJ4}g$l^{S*3U%}C!$(D}Q2$`Vxz#zQJLEM9X@)I4ys<c;8f)3t%2*-E%rV8&Qb(+F
z;A*@%`-x7Z3oBLnqxK;Uo&o?sINzf&th3Kne+NKbndVg#{ZQ{catJLJOcM!Zm0l)r
zdX*7-D;2IW*awT>&in;}#9vI_;R)nMb^&4Fv!l!<-JQSr^`RBPxGe^N83_B=fAdYB
zetQ80wZk{prHIi2xkuH?o)R~an%VSDwmoGV`Q><BLy|>6GnwOTg8y*CR!^9WNp#qt
z;&@@IiRwzPLNUK2qFhPpVGPVhzYP=ww#K80|5N$D6VTw!*w?iHR2tUR4*=d7&f|~5
znKz|n&>@)$hLUFN3PUEFl+n4Q<(W6fI3y;1Djoun;{xE|41dCOSB|6x^N?K1w%T*t
zWAtZKp$7n<Ffe!y1IX&~Cj}6G!_2G9BPY9Tj(utFZfrQ|WSmlBN`5^iyW@#<ciwMd
zOh37_=upY|=Rt*1vi@0wqo_q~P$E&R3IY^=D(nA$g#WXHlZm0ci+QC*Rh~BnmqDVC
znX~vC6b4NF>YFcd!V!W*SRtI^KZ8JUPAI5_LE+(2v&aX)>Klw?x*~svhw{dP7OH)Z
z9NICXogb!H*hmQqUL<w|>(%tcs|-Buo`ODBszCr_mo-G9AtkN9t1?oJ7A<3{Ms|Tr
z*vUeG{Up0E)L%c^z_VNG2TJhuk=rJm8OY)H4TxcwtpA7cKl|r)EC*74Tw`zt1j6A&
zbmpZnQ$J+J-H6WPy%e&E{B`ap%WsSoDB#Ev0O0|sejGk~!smLA3I92>rplxLpaD6~
z4+jvkvSY4GI1T&iMkoBYu6x5>KUTKz0{~z2{SH5y8ev(7clXN_9abWe^2EL_H_E+6
zTBUoEsOo1)^7j4NZ;)z#@*y$%;oDfCx%IS`$%+AC_f(`w6wd#F{C5V3fkyfIezk_T
z<pBU-0MMrmQ|u!y%?+I;=<^$YpEe6*SvlQ^PKq7~WV=ufC%}QtlBlRwl6VxWBl(kY
z3k@$ml>y+I5HC_yOdocE77?svTvP|~kHyArV}O?c;JVQ{c5dnWwHpy<&k%L{vcVg(
z_AiGx;m)rdivrAQS`hANK)5+P&Xza=wB)?=A}XiFS@{1SBY>3I6Z~ic5KR<!8$E)Y
zMqZs(|8_tegq41>JjQy2^03M_{fq|!)L~|C*j3FEH@hiXPuyNO2jDX_<&AQV*P|T|
zD9E~I;q*b21Ap!7eDzgp7X6F*2@N4rc%P+I=a!)UNZkyob<+b-kJ<vUIG?ZByxbQZ
zI=kzRFhV=3^#wVZm9lLH?`$8_^lv-lPe8rnN}6vZCDob{CmX_USN{Ly1x|hBX$FAH
ztgW_dV1u9@cY%JxRWJh@B~QWC{1qJiW|Qbz`~U=^%?_!S?26FRrGT}_C$W0$HE>0c
z?-f{D;$%VS6I4SGG7PsN0f;dRSlEc-HKg12jo-65oiC}b2@4tfLmb2V72)wf6v27)
z;+O%}n#&kP%6h904y?}rNIzUNrIEG-UCeKum|zk@SMLeiV9*{iRjm!FJ<~sI|D7N`
zz<mdNcBo7lGIr5>S-aP)#m_xMrXTsoT9><9EYbkV0tzxAe`HCnEZGbO*!+rq0DywP
zmB0Jc;cn5{N&pjacYjCa;8%Vrv%fjGVr<FDVW=3@ljMiG1%{yjstQO^4trYlZFjt<
zcT)bE^_6JDYWGEVhKV8dRh{{K!2mLFg-Cg;&{bw*Rv5Q=?FzYk{~o{pLkSF6Ms{`p
zcd-L_y(9keLmg9aFmnnhjgVGZ`~x-T@O!J*4cP&ZsZXx~b8U-?e06(75iJNvYe8Vr
zHcWHAB<PXPsf%3o3jL?U@N${8BTG-g$5bC6000JX6D&;}2WSI8o*4%K6S-J`tDG*Y
zQa=2cEsGfso!EsU6Gcqu%S!Q<V4B-I1?k5bL7O?2LA{(Ioq+!U{wo84^j(z<3BZJ;
z1(!e=5?E>cSH|kM;<TFQCh_M)!X676>shQ^LCh9tBusB^xW|{fFX5-QUx%i8<zF-a
zyr&n^{%4m6-$=9VMkHW|Gn2Nc^j!ClxoCl!Hk}T39cyp4)!@s};Dyg=USJ&XGd2ad
zC3P)q!^Qxw+o>gk32f>$&qh-^W4s*5mHxsd-!?%<fPe2v+;r!&HX+r7s4hJv)ekQD
zuLMbV0PcQa=1`Rw`%+E4pP-U5O0Ml<((@8@gY1wwo{h7qJDOZ51IPPO`T-|}&8Ldd
zQ+L6o&843bYER@*XJa0rAq*sG@3_aaV=c`Xsqb#I2RxBfQVWLeTR}iL8N6K|3hF!q
zUoOVT4iEtQrNw5!&9kTlY0L3NqoQmoe8p0S0f-Fiib65pO$z3M7xUs0OCS{0aoW*B
zAGY}~Qg9X;wH{)=!SK?%VW}|p-onB-fOzEktH}T_(^C;&KP}=2mUy%JDENmq!mm!%
zWI{|!)2cS5u~mA&<uL}J#DY@X%&wfTQ@RJ=9cpwt2CCz`n%%a`M#`3RlffoD(z2Zq
zyb|F?=$a!+Gbx;ctW*8t%p%2?jb>rEmQ<zOw&S$@u&25&IO!S5|Gd!AZ|+?P3+!#s
z>W9jy|I^U_l^`KoC?dsTjIzQB%fV5t)cZ5Y_yItlGEQRtDFmZO#LI6T8UWxi)bNHJ
zo3Jitpjx|=+ie5=gcDXh_qOhys^@!(uFHVQ9lp7_<n`>&UV5AUz4<^G6OWD{I8f&!
zJ>~hTWn@|axVu>HkB7d)b%IT6GX+4QAp-zr#sGu?{8omlo{yMOv@fhrlh|Va;Qns{
z9`xg`ri&im6cbBsxEO;Qol%T6FVHBF%e%}NRik<zeP~UT<efxujoAMe+-jctYPTRb
zj)`5v7Y*<QvCD21hXfe(%JImb7MI|R`L?-ntx$YuVXA`eO6_K^i>+Pjxzc!lERoIy
z002h70LUN!w+jwj<ZxX2g<T2s_S_LIE%*qeS;%~P|Kf*iN=}}6YPgTi{{sFi2L=BP
z13+LYf8y!KvQN+^%?y$~{HIgEDMv^P4!Xmr047M_pj9GA(Zx8YSzIMnQ!3is`=W;r
ziQob~a|@a4YEe8bA|TuXkRl-C6dMm5M^O8p-Ld<R)@!U_*Ss|nZ5xtOc0RYcxi2$5
z#C3s%@p5^$m!mN>6#)Rq6nA`@r2AtlJG=+{=z6b54!hlR8)NX*5hyDWyiPNqSScfH
zU{u#1;Qqz>pN*o)yr^sLbDh%{ci4V}fz<$-i|~OY?#1JRKsPbkJ8XKABF%<!uED7e
z0OKoAoNLFfV^Ev%&@NcAQ<@Yqjz9_>L1v*EGXwnMP?>Qbp{>Bs(6g!zG5QCDxZ+l4
z6I!lx)3Z_hKDxgTFhUy|>tkJp_EA}F=d)36LVG3#AsnXVgIVBWqsusmEH7LdLeLch
zPD%fR_peMKaRAncRIX#ywT`^Ui}bkG9pq}@sD;SxFsM5esew(9h!Dv}mo7E&&aqy^
zG%3Q|^L@jS5@=eWR2NtXmm_-4e5GIZnRl&<w0rD00Dx<R699x1hvcluy?O7#omvjh
z4nSt;&0sp&?w1?1!@DyaxZqX+H>ul0v-qeU)$0cA?I)g}Ay}{>Gyz~B*`c#NlHqMm
zriAgw38;Yle=+{gCW@DkaGnLN{(}Bj*Q&k~^efibBPjszXEVx1nujbncF4O2fd{tD
z;+IL37iqkhcw<rB{3-}*7XW{=be%t2UsGd2>)I=@!%)A#54`;6X5s%vYD&GiVxJA%
zJ|`Z*)uOE4v|clKtRSY#utza(<WL4d;F$cyt(G5<h1FGm;={aSaG?_Q0K9>3iP3Y@
zP(A_$7E`Yq5u5z~F#dbbD$)Tm%%yOmx5nNx$`9)Ymy(5v_`xzCu2V$H&7aG3!#IZ4
z!qIO(|E2MgQob^11CKbwvLIbEN(rcqJmgvqvp%aMmodzR$v)68eah;5eq;4vgG|j_
z^juNm3^667j@~DCw1gSkm2T*Qk!9I_m=p^E?qtb0PPm+ylZ$x(U!uzj_#F;_HO+M2
zkG!(-Jj0)MVF@ny--JkLuCvY{&62e+Fg<1Ttsk)6?7b;Ama0epn3$*=F{|v5W-fp4
za;XS#mH_~48?`_t!CJ(4;^AWeVf7EXcF<@4yOYGUNcDp}b6yf<6P`5~r^82MkXr;K
zq_q*Bdgyl&eIow=6ETi3rs-!h7zFT3m?2U=0HVzLnqxRgGZFcA>$PBi9RT7n^m_;Z
z|5HO=m;|AO9P3mRK>v#g&LKTy_Fx&W8&q>+bUG|j<^y0@i?erZfVH}tH$Cl&_bWhJ
zBT|9#gOf+x&~vM-N8XWsWO~#5?}FWC{oQy$pA?GANV`#4U6rGX7h0-3HKI=GYzv!4
zu{C3sMxjs_a|lEO7d*hRil9*W{dgw2XC74*HrdlFqyRu1Es(`dvxmBJ<~*es>A#^M
z7m6Z-;egQc{rBgQGX4K9{C|f=_X*x5<hC7elL#>~h(R{f0p{~*w-A&1u>*hOO(9fv
z*KF@%leQl^8P0Xf_FJ?aKJo#y+60#=Eu2Uf#Vmk&+(k%?;!u(%yNf^xT9YzZH9;0&
z!wXZl{4mFK%-#}5$L<WA90-C<IM7*|p@ro8Js;m_k?W+;X#Y<3v7Yj^dce=7-Jicc
zye{Z@r~FSW0cfKCOkp9EAHDI|5m3;44|T*GN^kxf8UQ`v3-xttvssd9%{KlI_>fz`
z+_w>f4Xg(~+=@{+o3)>5`NrVcWL60Di%+cCau{6+g6YJa$;1XxaXFMu0X5z#1#dTP
zFI=N-rRZj2r*iVCC!+Y7A5){Xh~*JAs}I1fwBU2^V9@w=1LYUxAfoWWV<>KzX7JQW
zKA7?6kq~CgAKC?6;Cu|(zdC_WG<k(YZs^Nz9)mBQTXO%0RdRo;gUJrfV%jEE{;w{B
zYXE?+(UrX0ztKE|0beM;Q6vp^@givLl6p@q0KolYx_bbr4;m)8Moy6qy|H-4FC-Fi
z50U|w)qqJh!U;R-A=ZFe9x&POCE?*|if&^A5?HKf=UWXhsUglqY2ON!i3l8_$tjkh
z^u6r|PMh^ax!4uGZg_+}fdEJvpnu5nqtIMZupnj8bSR%8SpS<9NKz_0t`mYgvSWb~
z06=8VRe95%T@gybL4vQNbCzJ=Per6X%3K%-(En8_|Lbq$O#fpX{ljj=GdyujB?Mrz
z<@uzB_@A2x^G*J&Rp9wL(e}bonLR<FP$?tjP`g&n8$7Qd#cj}LS;o8dl>IzuOhSR`
zs%lXO0HTu5h<f5;i~Qv&(ikWSfa(B`AppRbb-Z~Z4NRq*b8>*8CyGW=`~Shk3!x_U
zutNv}VkQ89*w#;T(Ge*YoEhW1vJEl0{QxeGMo82)SPftcw?&n*J?S((-!2C4?|)SR
z8Gw;ZNOVegJoM#j{y`R$v&T%v_$sG!I*8|S0V4V?o;cYb&3#>87_TnKc_lS~#ap-U
zuof$zVh4X1UeJXjkqjt`kr4oK0)T*J^^f?-pq!>Gc>ixY0K_-5fZ(BqTL;67egJF&
zdL~CQCJj*XPB7wi2Jz+;1j?d^_?BqAk_CT!!9o}2tuUa@FD9+@ey|9qcX})XfB^?F
z^)i6p1;F|Mqd7lVY`b5ks6U7r)UCq?&48IR4I5<`8J*!gH$kmw_vX=*I6Rx6dVt$#
z5F^|YA;*N()s)ib2Ry}ofa1TfoM5~9ZV_f2r1oeX=rR7A6i5=*WGjD1;r}xT+`gUP
zn2@Z=lA=i#3(*&GkDi#GHM8>P0o>3Tlj@CI7cmr;NjmTTNMfR??mIo9*C+-6Qd&~7
z{1o$Ue=%N!mil+qaikyO0T?HVRrh*FW~bPOtLp?VtqiZU?fC7l6#33Ds45>geb}c-
z+$*xdgc?Ixc>Cs!#9rXB7-*YVnjo6~*|ck-6#&8b52GiEz2}Q&J~Q)cUFf6(=)bWc
z{Ly6Yc<ul|D&3dv3IRH?1<{;c!)+yv=x=pLxqeGey1lQuY)#(@R_$~MDM^zE)2#pi
zR#oVfE`oVss*7*fR{mAG@?<oE*zomGkOCd!S>VaZ!MDT(Wrg6R>7-xP!;wv&eVJ0t
za{`1R$VeHssT+hrqt7haOD}rhM-`ey7Mqc1qp*Ku>kdC^^g<c{fei<rPY(xx)*H9s
z4?VW#h&#3WKg2*z{n=sWb^v_Lb@5O;3f~Grt0EL|6dLueAUCNCped%Q7-ErUyf#w6
zF6%yu6#&2@EJ|Vj8BFLXBE;YGOlh%)6MP5xdTl@E$ss9H@frkRsz}?!&g>yc+B%~T
zv?FpjS;swsTmr5Jz1Z!`3@s=M)J<#wJVnp1EY-&bOAl4A(H3$_<@^7_@-p><N2#wB
z_r?|~WcN(Qb0?UG3je2dn<g3$r6`Gj4vP?OP6J42DVIqJ`p$kA)78GEm=CeWV-3Cb
zh)3){Acv|>e;+xV;XC;1DclD|;5hatev;Znn74$tZ074t@73BW2?j8lM<<?JAS)YY
z%2__4wIg#}O!>d52!+VZ$vCXPmL>tx5dE-h!$M5n5+E!G3K9UmSW<|ES%N9xPbI$s
z0BaB`xNrb?udehFa_-9?H8ser-OT@u%TLo63tntE4j}a6#Dit|kPUJMAkKL3bZB@Z
zwZU(o4|K>9y#`fj1_6Lf9o|CLrCwEVEp&-%n$=LD;Vmxljv@nqgyH}WC3*_9r&ay%
z%6T-vBGan)+9{$RF~(`~#Ln%msXPbP4KT6n@46k0q}w+a(pb(F>OC$>_2}<e`EltI
z5Fto%sq*CLTYu+VTvYk<>G2R3Ou>+n5Z$Cg1NeiGnuB34|I7jYlbC`>t|1-m4{_1}
zK*J8^DE4u@pNx;<w0<UNQ?vvbN>m1g&7?ticTK9AnDSb*B%I%VZYvTPP3VhQ&)?&r
z1qNhPlyRyDE(O1;yzLw$qi;QkRI<C>R(wO05Xd3kkJ;{QVBqnZ2UzX!PkZ3!fTLkL
z;uSX*T}awLBM}$MKD>P<(-+UL%|x|OXoCW9)0X<c$QtjX>u9j^;=*a~@&<rO5zB+_
z<J*UVZtrrF6wcEX=l??w&S13IJ1SJgt3dv;rvgO@c0x_Z^FZ$JGe>bble@#?@t_O^
zl}g9X11&;+Re<<JY!ClGrmitO(r(#y$95*RZQHhO+qP}nwlkSvVr#;Q&51K{ZqB{;
zeCO1kx1avey{h(pch$41c2%Gvc)jfDkFW_2!({`dBhrI#Y(=aABF9Hv!OoxTk-grL
zT@XPlkH3@FpMjUGFe$ZzXRMRN7`z2xPcHs@3Mm_?g<DiCs=m3u>m|Gi`72@dl!>V~
z>XZ)xjC;wb&|Cunx_*#fun|;^&r6C=lla9}3ZCk1{u{H{$jT&kLDmy!tggp6_E=#^
zfJpm7+31yssL@UH8Xm2iAZX`TgkhF#)9=GX)vSr|%ic3FZb}`vGmE8(UyaC|4@&q8
zq~CC7+6hh?U^`0P3%l=cw%9J1zra5u43%8_#3Cb|sS3*ZhM}~9UKGs}TC@*~#HWNn
z<QdiqrKhmN^F27Q$2hvU3>p&vgvd|+0*6PfhhyVKT2@8kec5DR`o*XJBS5A-F^@mN
z8b*K&BFX(LK?^ugQKTqyR=+++$QO;7vee>A34$ts%iVWjL;3;_4kwUTp|p*VgR{VF
z+k;bd%ju7Pv_X3MC;A6H%ey&}Vs{8lz4pMroWy3yC}Fr@B3*=te?hqS9CMj0_vr^L
zD=uu(;$*l3QO=y}xlw-lsnYyS)yDBg+!q8u(Fs#3s{X34Wf$y8!Uur=%Nc{5w9hbx
zj*eBe>1aC{^gnW%k3&~Wy8eUy>jMV`ik=|z!BA(vUaF|ePZ?l#^0l|D(41^Ev?=8<
z(Eb?FLh=j+H0^@N4-e9e!5lIR;C$Qg`1PWgyZOvg5tl+o9Rv+9-I(3@otlBk(GhLm
zxgDKGqy<$ibDsxkCalk+Z9<_mffAW3d&oCgNGu+c$~h>k>;S-PHP4**XPUQ5Wj_M}
z_=aCtfO^mbCSuLMB*S%(#5o1OzWKL6fKi!HuL**od(%k%XdX4h39f&Kv(X<ope`Gy
zar7sEi3))<EZY+}_eiA>U<JXJO|;tj8EE)L1SGdJ%+jDE1rC=CwAL+mV5sP!K0MX6
zs(U|}W>0f<g7)JWu970_eU<yzn!yXzj=6ou>U7TcQ#KXPr5SpNj86{)$dN#mcUOW?
z(Vkx`I6D#&GARMbPXOe@0JR+$Vq_*O=q735e*^t`0*ltl(ZF24g-0p8(Z((~_+umW
z{VeuQ8X$7pF)V~`qRm$KtKC|D6}UX$saZJN0;q+AzE=H^7X;{Lt;G^fwue_CWQwD1
zep>ef5V3|@chGIR7?vpFU(Q)??oTI+zzQMP+Bh(NfqSdPcN9WrAY_QrvnSWpra!>H
zg(BJ+JwGb4m<$P3C&ZBcaLPskTw%>HOy_<9)1q#qkYSw5V)ptkw1BU=;6?z5+_XkK
z`I`DB*wz#~bPP|}mjhCV{EUPG?bPDK;xDxg#xm*zgOYR_T4*^}g#)<Na~pE89yZ)d
z@n~NX%+6#2zc~=fea-U_w?jv{#;8<Z7$2q$gV`*FfS1U>;3GZ`XC&leBpuLcroMB%
zS^i8kj1LZ4Gi(}ywtw_l(#|Ryv7eTJ=k){tg5LiXqV`muiu6{-Q&{$*hOx~?{x@C#
zh*yPZQTKwYwnOE`h1}U~4bYrl<EKQ4PESJ*21XbP^B_b{i%of_C^m7g9LiieLMI$0
z10!fs^okTV6%=RGP+Ic-@5A!cqOV^C)k(m<znrZfp!WNkA&|OEQ2XR9x+TKo!UZFk
z3d{fd$4wPiYbY7rHA1%scf&wf4~edW{4Ef#uTH^3MfjH+ODO+e;4gh{WN<wIY&Z}I
z07MZl<=iPRKxxr)u5FC!pkd8jpfUajKhV_$1z_>lLt)vFCfH(D4DxxX)x#jm9BFS9
z$b!~DL@yDeT|-@D2=*i^6ux-`5e|T(<g&-17?61g8>l<C?GmTI{$dB~hVPD<PZIn#
z!+L;vxIPOxm=z{gT>ciI6eJ$hwAkNLtWo;LYeTql1)IxIU?rt)TBvm9!61^1c@&@#
z*=ILseU1URFi@t+0Q<u!_AhuqZ~xbPOpsYp?pf>w+^@g*N8lg@f%y9fmq1Cka=xD*
z%$+jUbjo2QC!!MB?gK^@n*+MLsEy_|iVK}8WLi~WatQ0A-X*2t1Yf62ki~55++B57
z$OG-HBr5>=A&}uFJX~2vXA8%Ok`@aB#SQ>k_b#B0X^TQyk}|%clp(mJFU2U*lRCXs
z1-OC(w3S^ak9Fc8<nL^*5quf9{RG4`5Y$vg<tZO=UZu(~fC;+)AD{qmdY=Oi7CCFh
z%@Jc~ES&h(Ft9rY>Y<+on~c!$2J?bO=pNZN<?@-Us^}(0jyo<CjDg?S{XaEMSA<J~
z2H#Mr!N){ZcD{0@UpJ5hQ`PFVl3`y57Q<xW13@`~I}u$%fOZ8T_syOuEBvy3S;^p)
z-W%*XPaiM<NiKjyP7jQgL%7i#87o7Q*0%`Cz(P>)D_J4MQb`X#84AC@@gJN3s%~ql
zDHIMIxQv77Jp-LOcWjbqg_Gj%%P~H*(cd%!kI*zqQHgfg8cHIj$VGN;SP>WjVByx+
zUeTSZ0N3_C_iG80LUNG$!dr+XZQ398p?4y-LSdlFYOeV6lAxWn6aDhq<Q-0hWs?yG
zt+39=DD@<i)tvfDaFnpu`PWV9An!exzqDqgBI+}HG+$A{An5Eizw8LV_AFD6-%YSX
z9M5|FFZc0pK}!eB9(0q(zJN4nl<YI6B#o)lSRN_;jleD`sTe>JKz}r>odVGmXQZI?
zZUrDz6_lwmf@1=fxu0jTdTJWt4SFrO8v)8EM;I`%q0JlM<D0Z@9oJl<X)adh__^6o
zm#9<Fg7`MgApYM`8!0YOFyYnVUuL-Y;Q57U5<A5KI{a<YF^}!4BCe%gb^h32G5o*C
zHh>cKb@#h%KKWLy(Z7*?Ju#s2-?B3yc&QJ2;9a<liW1+kYb-p|g$$;5O&87Xt#?+8
zZEEgnGFbfn#>!qNe^3HW{(>Ec9zHk%AU^PA+gp>|Vror9GO-@55DQ$&A}@w>nv|s*
zy34YL?3!-GKBAxb{gpIg+_WTcJ=n71@&O%@6HEM+PF5b$z<IJh;4C!cPSSxA%r^<s
z2euaCg@~6B{U0`Cv(@if+P69YAn(6odw@tB?OBmS-X}hFIN1s3(|_Ry7Vd<!W)3((
z2RohsRG6b%Q7x2I&j&~-EANJq2d~pMrys{4dO#I3pS#lm@UBj;?3qQlipe5)e*GvF
z9HHr}Rb#y$VY2GeiAurjQ*)qKX$AGYgGrWVlf+<Q&cCP?4uT(p*80awp{3f(cJ+l@
zR0D~n<XIK+9OmM+T&8g_0erMS!wQUe8U*r&3V1-K8$pbt03Z-wi9XVHi_!-mqD`IY
z9e5()e`EG!6PV81Ec9)8dB`^{g9>?-f}6Nu)3V9H9}@%a=f_*7IY-Enzs@*!K=uPx
zj^$6R2R5H^okTU6crO&P0wuGnhXDGP%vjA;0D=fH%=EXc(Kg00@lcl_nsl^6>0kLG
z(?}WfBC#sFhw}Y&W*RbRP#=B<7>$DR5t2Tf8O_^DY(jI}hRhTIR9Aq7&)Tr*lT_u^
zlk@D{e^3I2p9YMZ`0S}Wzlvdq6_Esup#tQfz8#_eTv<#O35%8$ChPb%*3;}0d9SV%
zxIt>pYzY7=!oQtDIb86bxseA96@hN~sO&w=A;6YOX%nMH&Cvc84DRi?gaT8+J+#%u
zGpPeJ-(goj8XO%<V=n+W{l2Q8IKgqL428Ha)T0AX`HQu;gt9Up^3!jz@*!eIf*gFI
z17)Fs_l|Yki+lNEli^?fgBP&i@)?F8qhhWnVuUDf!f6;*#CG3Yg}{KdY}gjUDlHOg
z;NDO35!If83!#aTZX3;*)!{XOl%xqTk7lHwwO0q>c=42F9xA5&P-j^CbhH6(-J0?6
zBBq3o;6}3iRG5jo!L#OuRveJzP6UIfj4!bQhZTgB^+Pv}FRILg2$c(GWhf%}R^%cO
zr(_R|6sVBFvFt*+bBvZWHCa*w0JZU$FW8;{XkL$55JHI<ilI{|&RzL$|4{%;=v9n@
zYFQ@cl;~<Z)&AUD_d(&{cYGmxoGNT3!lxcQgVU>!DR5y@Wchftnrv)8e!3;RyC1Bz
zu{7Z9fj$#LDoav8h!3hmO_u_JjA7v#C-(On!c~k;K{hns86Xx30L!#*vX=HIqdXa`
z&XTONnr<GFyKn>oB4XQWD{?RX(<8`+wpti6gd4=zE;IY83k3~_E}uzIJc7lsSd$Q^
z9{R-bi&YS{0~4&4u|$#YB}F<IL;6PnAX0#oY#KZwdeS4bp_JTclG$Tm`f&@Szp{h^
z7MS@UKzTdk%{G5dTpyaBYKN4%;kLly-4!i1<{qg(A%+uMV>))-*U2~NrOv0Y-?~-8
zbcV*AvYTP!IQ^_Zg2JPxtId-em;BiVKsBZ|D>o5{ppL={01(<<;;_mu7ckZNR0=`M
zmv7*S3)=Iz45p-50iNCRQ)1LZjpS1-1%)1su9wain_W*FQWF6f`CDJO5#8a5BuN*E
zo5z<TIJL1ijEMhH27pQQgq<fIuq>m8${`%3f#XbvNl@flFGZcy^UGLBF;eCQ@^LYs
zQPJPR1z>U+B?%Lh14h@cYzm|Z!2|@n7YpAvtR`~M9A8CizYUFY?a&qY7ZW7V2pkZG
zBS(7u=x@UR)N7o2>{<nM;63etusz*v{!I=5Um;JZ_Crw;o9-SzGHyeE$A4oQwIyu_
zieWa*D>^TC0xqF$ijoL=bfe7yphVG?Ux2^KmfimRUWuc%bmvj_UtAa%MA{r@BmmWt
z+z|2ZpvQtTZyFfbwP`tsL3%U#faT3V+POH+F(8iJ8W3OOkSRXIO5)%DzFrc<#`)FY
z;ZmLs7889m5cGqcs&5=$tZLm)UZn^$l7TiCJvr8_<q9MXTWe_WJyQ3;93i3WPjLIB
zo>RHgT|c1oJL7%Sbt^x)GHa?WAq0r2+Dbzl%J48CqTFYNV@<Ig{D|C;ZxSlpJ5&K}
z2d?qdBSCAsU!_)l^Ix2eiFQog`Mhu7&R{`vB!OLTj9gvle^%u>pft?hT71<t|2=$*
z>X~sRY(|HAZ|Gk4tg(_lqK;xVX86YzWMp}e5KS9R_c>9`O0U76m=rzBdEr25R8fvC
z+L5T&R=v+0;fM&~80Id6qQ@n)uC-8xD6YwSVBm;>II;$T&rI$hI0PE@8)I{F2Rb;I
z`ayYuX|n1D4%;jnc8xt?vMTUH%fMSR;L8vF@utiLg)jD`mp>5n0mz6(YQK{;Eu*~-
z1L%|Rpn1QLyZW=pwW3fq2>o8ci}<gKA5h8|9UYQqpk3HCaUu4cv=V;?jJgQr<qtFR
z%Vc{5us_d+rZ5Y^tK)AiqzW342t`k)ukyvd1RnraZOvAg!v|`&6<3sHriP6t*Zt{!
zr604fIy2N2Im%Oq1Nf(q)2#uRis9|h7|^Og5q`(j;1YsF4~5EMZ?)H}HkcJ>$5!tr
zQA{+5do;$*E{+ApmA#y&^sS>O?i)lalt3{C4H;!~t8r%lRFnFb65w-P33xo~5MbNK
zJ$!`!tOv?Lo9VB65U&eGx9I7P#GMfB&{jyd!@{X=Rf!Bs1@dS7nrG_y_5Dl|NpFD_
z39;K21ll(*t-nBJ%_cK_3rf8K<b!5`)#c#V=2=rx^mHM1H)af1D-N|3h7yBZ=!6bM
zig|)<28`Us;(WoU#Z$u)3B3BTdu!~BaOE7!Z!H#OYZttQW%JeyZ-w5b4&3TOaMf7X
zvsF|dTaV(tRUmaOSwpjI2WfwB3K_>h`l%$ckInV0o_$RzJ-1LeHM@B_;_$F_W#Q+(
z{53euZU313swiiIK7Y^Dd1wiOh?3wxn!@yguJ2am?SL8{)Hyy!DJ(btfDx6l32l?)
zeufbm<&Bklm%{vWAjfEU@_4^EZ$oIz*=Y#%{jg2d*;z`SHj6Bw^>{-DN?=V6B`SIl
zU`4yxtY3M($b{3((<c*|f&?~t-tYtD7=HcO&6CWRk3+R)P|IQC6AVYU=NUGG)>rul
z<EZL3wK^U!6oRD*c?`sqTO+D9q!Dy<-ZFdy2+k{EwzU@VGqAC%N2nWJORG7lJC>JH
zo{?{gw%pCbJ9z^MH|hm|oqjO!bMB}MripEB+_N75MDn%<>40193X!NV7&o7(viwJ3
z5aO}fY@sG~?K`)+BFhl#fJAq_<{UpSLxjJd>Puab6rvz`$4Z2Ko>V&Zo01yixS}HC
z{Hq4*(p;mdC3;ET&ne{P2IyZsm?emq3pjMb{j~$mroJ`Ewsv<8!wZ|XTQ0$7HA!tt
zVR~v74@J`CbIB5IKr*JnZ-;qt$iW_PTuiSbHB+GNEXlGNxKi6FoNI0ZRgu{kL0(&r
zSGsN1;-_@XX9SI{r8J$byRwAjFe&k|1j=c-mHA?{Ra`=~Oe)5~Ko5z2>=dBeqs~Fq
z_+e99-f(pKekll1ZpJ*9UASLAE#hwAt^be8$Yzu)!)W2iIgX1rQ6A4}A!n|7lxu#Z
zY-wlfA}hTj8&BQPnf#i_NX~JCkUz23w_G5Yjv|`~mMpL&d&GS><HdPff#Sp3t!*GO
zQcg)&A5c3J(i}_JPvaeqb4D1tP}{AYfW+B^ad%#W?BK4=TlVB_M))78^UMaj$)gXZ
z_>3p&ZVtWdMLC*esfhKsK}!=OXhqB^#{H!dN#Bj92aYs2tSo)IvjD2jMpc`N<f(GY
zR21NqUWmGsOp8ak*d<xKtxsXX2yyw`%wL5!gcWQewtIrVUq1~A|E(kt8=-Q>W$Sd`
zO8;~i2#P&HI?rM-&32dxNOluNS0$xdsd%&aCC_eoqsGlS_C4|@TNmLM-WIYnxjjTD
zO)6OD<SWd;TyefxqIpLXN&Q>{RGRf`noDKyMENG$tT}V<+xZQrU1%|ut%6j*>Ufvt
zChT6WaSiyMsL))QmoJ-*Bm9%|p_AUS%Q&_+0bwFWM==msQv^LD*-+Q2d>(&kpZhm^
zyQldBga-94+I!KUHNu;wGRPCBP<Lz*crE1&i3sOlYam}2RNDUpbqC7$g3y-j#Hu2C
zGezz3#kMD}4!8r_$}L)I0-v-1jpU`MtQzE#gujFBJU=#4>i&sVfMNDnpTyv4fOTNv
zv*UBj&u%UBw7T}$_^48IEI+<eg@#gM;|FJa`s+qq;Rwi3*R*ONXUC5t80(b1VkJQY
z5%Cs)La@Z4peQw#n?qurKq;7L-$iV)krPhv&)s|VHRqn_V+0FJD{v%C4+Q8kR7knn
z37y{RV9EHPGFmroGG%i~D#Ufj8AR4}+0d1PZQ9bFb>hb%r^I1(+>Y1hC@MevhUqx!
z%G^d5L{rAQNIt`ed@z9`V%eh0tN5nNn5L&u-K(;1!(r_9-!6K#!<Z~E%xuXS?SUOg
z5Yv8@8ev(o)L$>Sxbj11Ka^7Rq9Vq?=W6@Ew*lzp^#w5#mgRWR){buKt0EPhm|DbQ
z=Sl01;g89R*0^H1hFmn>#XsVVe2SA;qfUR}SUyeTb<vH1rM|aoL1YfdJx2x@y=m5Z
z7n~VJRVM_Wl{8b+bcD#efrJsaH%d6J?Ay14q=qfXF|!@IYw5xZkiHq+ig~=bg<~dD
zr}#({03U}dWmLPeJJuJ>9OLs#zcj${5)*#LwH;+4@2%ZE34$qVnYyo~YPI3g?H24}
zZbp5U9k9ATr5c*GbKD;^K0`MPkfYa^?VO_6U=r)w?OedT?Z&auU_>AS1`LgV72}XO
zU^Jmb)krK6{++y1#BX9os2li|0+<#pIK2d%gy%{AC1v`5gMd6_c_NIESISjW?pp9N
zJqjShK>2$p4vrauSbLW0?Kg3Ft{X!-M16IR6k#Z>BnK6g4w7QB)9U$b50OrvA!x+_
zry*%zIOUTu%i7Ar#@AH%*eb`n?nkv7tXikvW)}{nPhL!2y7_T3{T>8!x3IdxGn%wT
z>4s(ZNjoedI<E36PD7$U<4+sUVIi84D9fn6FE%0N?*_&lh_#u#7%T~VDG5VU{Pvwz
zFOP74S@Ij<>Naxwx&4WN&k2g2^;pF)NzAW43Rf6v0W`J&nD;VQjFNW?-NxU=uJYa-
z<`p4WdC3<{2?VBKWJ}e{Ui-6B9j<X?U8G+%7IuNFd6xx^TKBFwT~(`g*Z*e`AZ3-8
z5!!l$n~H5D=D}n!)Gc#8#`8H3d*K|{ZG7qKqjdV4-#P&ff0DPLh6oyyN^KFNp8+3*
zyvbedOgU&hEXOAC0f`Ln^c-u&cVsYf)|^Drlt|^Jyq)5oQvR#ZpBKaB+{$(69?(yU
zS*You;-%FCPGU{ED=LxR4#xO|(s_=UYDR}reRKkJm17L2B;y=~%4e7*)k}r`5jlc}
zHj#1=lDY{h@U9NR)u>);>#BCa>O}2g4gMUY&v6b?_ru8jsrcwSBQ)o#V1-QmVXpAL
zUbn_8rW5ZM(64?@N;4I;pDOa-q;9A*$)2_yBB9pR`>A6B4NGlUgw4aKq44PF8|fej
z%?CifECTM&F43uMC}{1=pJMd?7BYH7K<Wj~h)7>m8?#|46$ME+moii;?j99<CBD#r
zv6B!&kjQuC@|K=~r~{ZYGBHEJ<XsRU_@_-~_Dl`no7gM%`unUhDPUbd@fY(l<6p8s
zSp?q#SiK;wpKpKT`xSE%Z=3bHq4%LqNOacJl+Yd-wjDN$+T*Zn{RheHd#W6vPJi$9
zmIg<oqWWUzuyXt~%3M>~cL%j6!&!|G+hLGJp<27mtkTUa8zXPYf#(*&`zuj+ORl6?
zV4Kzbr}dF%ykpTdMEv%zxNK&!o6n;TWB4)X03QT$=DED$69^-3le$Jwx)O%qv=`(i
zIjc<$A!#saJ`j=D#jVjyo(EAW<Fzd8y;oQjpoCJ?hL4n(($^v#erPkDSO@@6DJ&V;
zMj{Ufe79A8#t=ODzg^`>wqdFU&vcuOw&*&r#y%Gn6quNr$FDP1G`YWy)_!P24rvL_
zS?xat%VkSlGRw$xBkKS1a<Wn^rvOhd&TlO(<fBAjKg~>T<{$TWnEthj{*Y;^-%)B&
zXPwT6KMqF2olU`@SI|}+QHQMKN<oO?LR~>;z5DfE3s1&qUPNcfG19Zu%`svYS6SLi
zC1H60?Izhn^)7-{(c|Y$Jij9J0Pgf>O{4j+Sc&i3XoO4<C?0mC3IWibA6}(4NzTro
z3wA`!#_v3G^yCh?)X)a+TS7v1C{1;JK>vZW%9Px_TqxBNi^ot2Ft`gF!%D4!sTdG&
z6Ie_ryi$sz(KdHi+%8byT~JI7@=H-BDp>CsbUhX|&dqf;YN#=?HNP3}R-rY<aSZ;>
z%D#UK=pbV|OeNt?Sr_)jF2br5Yhge4gYrQ((K-E}HKVJjUN$B=_f)>-&QmFaD4j$C
zHLgzAScj%lG`rakBGVQ%77O8<K%HZBa|lIdpg4n06)C0dPHao~9BIP@134;?7gp>D
z2X)URw-QQ|l}itZY`SA8LZ)@BN{<s+B%pbsd%gA0dVX8b&_as3aXf9}C+Fy&=yLy1
zP8Sd+U{48nZQJiI207wFb|{nis6iYkTiKgrgqe0jYAoekU{;q^c~zXJ4*H-u@D_md
zl5{%pW9}c{hupF>T^Udv{NCw34?7z;y$RI;t2IYK8<0FRGVM5XN4f>1$XZbtCPbV|
zP4FT;j!J$&N}YN?jOpgDrN@Rmmz-mA!Ej&UC4oE2b`?@?>bz>k2OS<Ms-(d0zZz$?
zAlb@+QYpSx#O=DM+lVB${(Xq^MI2diUXms#{V@Ac2Yyad0`B;~CWPi&FqG~BSUMI8
zeE@+%UevN)3_ENPclI!pR`(gPImGFn5(uf7yJT|5j5Eqf%aAfrKJR(IJzFht6t6KJ
zp(|&coJj?n`LM)H$~>JWxm8oi99M3$cpRYEmV%(m$U6MF(4~kL6?KJ=fQNNuFjWRm
z1-2s>^ZT7zy5Jh=I`}$gT2&Iy)KSfBv2C%hb_+iil0xZVLW^y;6hVeXE>vSrd;U-x
zeE(p$2psUhlx6L1NI^qXfNy{Q`}mC7pkp#ZFEJqE?ksJMNt|yxjj+RP9{Kr><U|a7
z9kBMcESG(@MaoDDh(n-9bE=K!buHgCdY8ct{aj#@nZKy#_om?(@l*e%rC1Dt)~SpU
zoXF95IL#<^czrj6I2{R*B&D%%z6Trz(-SeoX?O)m@F4_k_BLda47cb1Wt1g`y=}hF
zsz}9cN)+k1<-T2OTU#y}#AX}sI?y$Z^e_8z(dD{wMsh*T-tI?VTg|IyCF(coTgt)f
z22%<xd-M4p{1AhK8SVu1{fWihRlF+`mOxE(M*Zr8@~Or}!7=(mZuyFT@3(}PQ6++f
zL1V(lBkn%65M7`N63tqKSgA2ZVNx;AAd^sBy7=9QMPF&-lGFW8-y2r{#8|A}%fh?k
zNEayTb_${?_z8N^5Eza5{pUS8^OYn1)K&X*J~0SD1&z0`|7^2<yUcltt=6{t>{|$_
z@8GYC8dTnO1)~pE^906z0ml65JvH^q99$oj1w49ipPkoblz0m;d8)ls6;5VozbMJv
zr5Z)n7U+Ijy9f6{+X@LW$$lb*@kxn{3TWtkGc4#c+$U!mu!EL&Pn55rcvWEYo!aam
z);=OUbmth~*?wj7l4HnQ6-iu%GV{^rjmkjZe+JGUGEz@1BJq}v1=SD?ld_IG8$L6a
zyVeDY`!+yVi%j|r_w%zPU1F*vAr@kmR>Fc5g0ad&Z9`=!0{9PrLp|@mO!qPNKj*#{
z0ptP(SrRReY~XaapCBl31PnA>)iWDfPB_Dz@wNvvO9~dQjQZ0k5g3mwlW1JJYo;9r
zn0UJomKy73*$v`~YWW*$<0kg}Deevj%nYMkf4(`y(2+WQln%LW4mh&YZ0IxC%WdPT
z9uOxE)kB4yH`}^YcHji-cX6#cVw~?X*^M<AW_X_k$HRN&!uf8qzYOU#>$6e{(=n7<
z6wQ&YBlxtO%qkpWNsC1#@bf^%Hk}^FWRg9&fqFBc$uBUX+eb&pkf2yK^%S>ht*=0s
zjWM95=*%kxS&GFu%#r1Bj*#cWIWCn@lb!M#0)3>bU(npHeyug}w#p1lgkN?%;Lo%h
zw%WKu2Ajxhro35M-?g6apGL!oC{P|ie8<*&wZ(B<2FW1vv#!K*m@ip3a!Z|KDrDo4
zb&tc5aKh>D+$0q-^r}IqTku~jpoaR%@dz^hOBxN%S~<|jN<E(VB+;*XTTVD<v@N&z
z2+3WIBdjhymS^?iMFzjMdIg;g&7b|LpxF`l41v+iPSb>jaH5knb%=yt7d;LU3$zE9
ztt3A1K>|SyQu(4JYTPc(DQ<XkHGiRCk^Jf64_;#1#ul~L9|P5rr-G(izkyDlj(SI*
zbi^eaZTOYx2fAR;68z@b1|kfOcTveh5FnsHRRETWq<3{>4?*uwcdR@TA`l<jH1w<c
zLq*zVHKclAY(9rRps~a$SOcoB(W6t5g_YjAG#kaH%`MUQV0l%X&GnR{8&Zh;&s&Ic
zBnO{0$L;Bbj0bjQj;VR~WroLU=id1=_1d;nBJxJk=#=p}JC)JlTgraR_LkaGm;1*l
zZhf)d_?to|6A?2O+>K}2wo3Nx+h979US>noZ|`rs*?#KL3fu$ioC!W2;JDwuy{PyJ
zrAp+*htbEs-Z;%L>3f;f9xo2zcz%yfkf`%JKFNJ@$B!z2ne?txklOeoqC^&D$eA5W
zm2dT3_u6$fEXI4nJ64ccsvvw>RUa!Nj!aG@*IU4cb&F?M!0vfC+7M&I)3I5o&2mtI
zT`sL9Iw%Ez40>(u3~+<<9HFAPiyc03mN(Su@q$bCBL}{yy?fIUEfVS$193G1)CTxz
zudlKu1R4I`N?G+Ubo{P!Y}1^Kf_QlcVZ{ix3^tyS``LN7Klb^ET)_Do;VqY9`zeN+
zcji32nIcs;ukkS=5CA~(YJHRnlCOF@eg_Rq4v``NB$R!CSeq7s7&f2A)FFUhO@dFa
z!AJ6WWlw#6c<s8RKx8Q#j<?AYUT-u?Z%*M53|fQk#us@y84L#*lR7Yu(RqNRlA)eP
z9+rp(&?CDQvr*>x;Wk&NTWq9OspvQE`Yv|+JolLGI-b>bs(P9pvHWr}l8({s;Ib*)
zi5A~hbm2NCkxNtXX{Kh>jJwYv#CnTU$%OUqq>mS3rIvj$mu~9=iyY<mHSSM=asw^N
zxW&+Tx{T^(1MvR6E{(1z-F=0YVOM5;xt0z`s&!M?SB5)di$L!%@0Y;ix3xp9oiJ0)
zuu*He8KAr1x;e-O+g56HQ2m?89y$7YDO?Q_*qU`QQiLLjGkcjL*W2Ezk6#;n2t_!c
zU?DVp`c(kp<dm!w;4T%}E4C-erG=H3o4CAMUzO)swYvCIaj@w$m~pGAS-yW>O{cWc
zEM_B4Rs)&b5&POwtNPU3%h?HJJZ_8DVeaWlXwKUkeV8gI$As(yS9}6LhCj|!OoCGQ
ze4J1!x2qL>=hdBDlwoZFTvB`YFmW0?72#z0PeALL4S!FVJ^u%l80@MtuDkApR2^n)
zQlFJ)@Zlj!9BCAnuTcd;W?+$BR`}ekWv!_+>c-o5l0%5db(rk%Z<S|}%`kyXfb-0I
zQ%Ne+K>TGF#8&-?r*TC{j=+k5jE=-Yeodf)&>$nDq>*XqL?I6ZZsoU$$cvn%wJ8A$
zd~7j@*$f>Jef3(ZKLnKAPET^93qC&4ej1BqbmdN|iS`eXCn*8<o8oFEc8-tu=<#nM
zyDH?%&y!hU%tW|8jjB+IRg+acswSvyfi_9T<u8)zj2W~IYt<8%zvz~Ipk%YcUqYs(
zuo_8UMZ}dpsveR+M3$Q0tdQ)!xoTT#v=JTeRP87O-!E567R+o2{y?dw-HpUbjaL!p
zers0|Q-vn~V=zOdm3`ALVL!Mon5*ghL&ZxBk7wq>XaD}vrG@f{SFwUvgwO_iC;wK?
zwmk*Rc5T<Cx<|Mb6IRWnCKZW(mXq?`eLuMkWl+1^f8G~mxoGP<@9)Q@j<?ibZ%WtS
zz*;C!gGcq2m9av<X9b{!<C!?iHdwMv3cVt)aHP|`w=#Y{Sg&Lh2!yXIs;$B#3A-rJ
z=RD-qZ00;0P(*W1C~j{}3s11ar^lhZ2b*t0y8@SAL+v8}m{J+vK5;(erRr>bUI!@r
zt+GoPBWST?+>C0eak&&l{XV{+h7M7(gbqDcmbudgRnteLIa0;p?S%b;EH9-D2cOFz
zyj?tG?Ov0FiM;{GTI!^@9HO|}Q)M3y56(Ba19PTyAuZ^HrW3~tGy(x3eQ28hv?SR8
zy$SCB^1=)Qe)pBShWtJ?N!2qO&rxOdqo%xyErldM8&o5Y1d;X~P+9d>N7<1DdON&O
zc?&T5DH#z{Kl~Q_U}+I3>lD!UXox%nsOoSIU02Eb>k7cQ<Wj8YCW>w+V)>m;>+TFk
zivkz|U8UK6@TK?byJ7`Sc5wNoL{?LSqZ5OXQDaH2W73=<zxxRpREzmOCM4W^H`hA9
z`0X><z49EzL;d&Zc70Bs_fMa~fb&C6bt^3iZSA-QH!VQ+l@l9X@vivRr+bZebaa|P
zBS_MAl{$x}P<&g>geUB4gi;A>@3VI7Um91cnjnty!agML*Kt2z<gdoJILhGeti!sx
zz6Hv3$~7AElg9GyC}-YlI~z%uYS)8wmfv@QznE@$`pWO{npn;(Ja~I%AqQg$I~sao
z@7l-FoCI3n&b6v~^DnQZJe^$#EtG)R$A;@cIC8dJya!P{EE7ySMZS7nW(uU`jh~-k
zXXBe&tl?QOAGOEqk~Hu@g3b$u+pEiXE({XzNQH)j@%i>2XQo!J1K(vNxWK^MK-|8M
z!UK=@>}EclkRd#@=4OtnR#M$PNuXN27NTeeYJ7}WCYr=I{bShEPY-5VLb?gEWwVLY
z<C0jPy}=9h)D4at7^pUXid-be@$TL4DVkC1m!)||zch^CE#TpV@U(j3fHbDb+JvlZ
zhMPWrIfH)*_5!2hIH)3{fGV2#VO^&T`C2AOtjWMfi%tN-WIt@!X-L3(Rqz1~g1C>c
zY9QR)n0wsI%+KD`z9pNR(7<s`HrCm8^cPS+Hm5QrhUjYgsA#va1{V;-dPSPqwsL9$
z%?It(C?w}d-cyCJy<B*E%s?FNGZPI_f`}DoB9kn!=nwL?WmGN#>d@%JMdPL)v6X_e
zF1#l$T_<CfEr!z&j|<3K2}_!f^l{5Y5WRblQ$OO?Hk9m7dmF%uUX;^5)(SoPNbg-a
z8NP-9FTcTC8iS95Au|Ka;fXkB&SoSxWl?0<y|&&}zOH$4==zhqXW0q|qjxA6a85@8
z#D~$=F@+CG(?m<TAa@G(N^PkZwERPx8yl+$MC1+jGY_+16Nnzv`+X3AOCwJWjlo`_
zJm9d+PUr{r6IxH9yG-6D%K=9L2Wkc#G2N#RE?Z5)=U>T@o*~hPm!J9PC}^lq9M3+{
zCwSsTfifo=+t9*lq>{VwIi0=R3<fTyvyoNclr+SB%MZIuVohlBi;{$YtKckqb?4dB
zlW0D9R349_mVCkkNHx@au_H#N9&gBW+G%BnU#J4slhZ=&V1ly-PLAer-t<J{kG9_j
zrQZ;iMR%_5RlP&Y*^<0yUWCRSa5`y=LJW!NUIPDbxg(8G+iZ_Zz|t(+z5;M;7aCZn
zKw+O<WzY$pmg;?dz-KwE^JaKf()=WHcJ^1;1C3cRPld?&o(omTuT<yX?9#mH7he@n
zFXb4j=}ykzt=6Bev73N;0*%m`B>kC^+IzzfOO+5QVZ=AC+HsT9C5TIcOxgp3iQ+#<
zEf%HLV|w3Dy~p(i46s@@p9md7?QxOjH=eCf7emeU#18!YXeJATr^tx-hAH<g?C_Fm
zgYXB6M2rPvD6Qf~H0X7xQE_~K_JcIx<9+}EF(2aviWV3Ll76%UM;KpK?Xu?Y^6T_#
zM|x-Q^0(_q=@V-$J%V4mw#1Ti=+s=w@5P3C&FNe=73R6ee-X%DL1FLALE$smozTq9
z!ksLfd8&vYF_<9}D|RpYV+>VNNt_Y)J2Uh;;4;*ug5F0A=(z~9t`!(?o&3<w216f+
zm;9FGG&JeK9@Nc|5J?KNYLY~(O5p7qC*p(Xugz;Z+|kRKyadCAevi@T=T(q}Jn@Ep
z9U;+O1`+R_&qrLEhei=8JwtDRkJc7bNG$N@qd7(CGFOPrVN_OT(KkrVoegRXOv3ZJ
zBjkzCS*#@jZ+&vf!Xk-hoe}l72BBgL_E$DAIDUE~9T{i|lp<te7MmS!hMj5l=m4nC
z>oTDrxXC2BnkpEXNSi^2*mLK8lIx$-aosg9YMZ9k?4_7`wz!3Ex<7<F+=V^ynNMSk
zVDKV#j&q{^_@Ky+{qJT0fuJKoTC+w_H~;wKvh7I$Na{vz-;KLxRB{~>cNa7_$^xXS
z9@Yn)6J9M$8w<+KU2kfIo_?(C`j4H6Ki-LO`^oANH!{o5>lsoM0bBW5O(~3v9i7X@
zFUXBMPmF$k&IkMLn2t3V3bZ;ki$ihK@ORVue!y5T(DB2P&^U;T$h*!0mG@1s1ujzO
z3H5@9DJASO6Yu=wCDy=;TV>4O-7-^Oy78muZ9%<x-^RJxLkp>EE81f`z@B*=9bo0t
z8<k{>jfY)IBm2><@i>G6b3p!#Pn!+A30z4L1riM}1vWHdAF}^xX6w}6Q=Tz&8zUmb
zW<#NnFc}B3lvM(&DYn@4h0hfwrvgn@i1#jNlnaBZ=>$=?_BC<{k_BCxDS2z>XNEb}
zHK4Uo5;bS*2In#8w#5jV5v}Q`W5|<i!UhmCO3;-V>AZWxonw9(V21eOv^ahm8NoHK
z%MDKzspK@&4l|oLBQ7w&K{)Ri9ND<{{l3`y9HJopIp$1N*dzIV!y>wNH|$(8oaaWs
zh+rTu2RVyGvOFR{&!k;_uc|)47EN|T9!&f2dw+nXONyPmP(UOI)3MliKM&LKl|ROa
zjppvuee3OYhI~mAHt&Gfw{@}7tGO*+z-n`4Wb*=E$ILAN)Wc|;35sJVUmdy4iO$4v
zs{8NXpsbA_#Hj7m7ERbKk>EIH#+OfKARZaHH`wupC3f=FHv%Bq{EvjVq|q<CnQdTJ
z4^=J&zmmlF2(S8R;<%bB@~=2d=|n}6KX67dF5zWMMg0TyUK=K6zQ&oe9O`RYQc;!%
zWtOUMiu;u^KP$glz{E5X?N4*U&8BS${C{Ey1bajFIi;ivd>K!Y!S4ZKW7V*LD}{X-
zuAJ^hO{fBP?3NNlOiz1EKe(X4kiAT?p-zZY9Wf!{R0(zOOe>281e=V8)nu#Vr`cQ>
z2+h-yKZ`04y(0RFoV<cuZ@|IhqP%5vGFBZ^c%;QrAiHS_xK<dr5$xatYE_4Y)Nq_N
zZ)}h#1|>??3WnHY5>ye7K!TwN57=aXVZ83C*L9AxT(5!e8ji9h;Tx0VR5ZENH$huB
ztO*A7X8oPqKJ?o`I|L@jzJNg7&kjk93=&Pw89a)fAF{H6Hr3;uY3~dI+-u~w!lR9e
z#OWFQQ^L;(cHN8VPWo_V;$+_ln~=>>U=UHu4HO?jib9Q0OB^=lu+S0(R2hX@U1M{$
zySq2ao;rxBf47=LugaMVTlxktO=K}|G4ha|yynwjc9BH|$D)C3eSd8==rvYTwAYAe
z5+e>a<|E&qzuv|RTPoDl>E{`t;M$`OZdcpnEOXUfn@hlPEa>zAo&0u(T_P|>iQ<A1
zvI0E&!F^;jxVPbGHe%y+-BV`FTx*SHK0uTD$1hQ{V{_MX1G1q&N#V!>^1*OBJ9g^j
zX01Szq|XG6fMtvvl6@XP6QPcAYn;{_howU&-UR=xcc|{&U2`g+arti+MmZlv?EXDz
zPG>x$bPI|)(y8yeDIE2;OpO4rB82-nR`n3F_axoU#pZ=<yc(k)rVu%6hIMYpoJ1$l
zX>MXIRrMo${Sqt)ecUbC&2AQPM(nYFnkgXw`eE%ZansUH3=PyGwVfA(!3<ThoJZTC
zc66vjz5L(KnG^m3_qd_c$&>u0PzCxf7*RXdIjww*(#jAp{R?Dn5Nz1fw%D}<YZ{Wz
zOl)4-<voTFeZA1s{E(meNh6t(rPi%!5F&?{ReJdmf2k<{Z7yFy=llDpk_EwGhxTWT
zMB^R&%1QBm5794fr9AX^HzYAbUU3SisNhcOx|9XLfH1ofi%2?zw-X*GdiLb1LnlT#
zmYphF3vxJ`_{|7=LO(JzAj6rVIftzWv2&sXhGgaY;>S;^=zNh9YM*fmz3^WhAbO#1
ziJvz{zlXw$-!|rtOR%toZ}ekVf011@Vo3$666LYX=H#0l5jmL)=GGWND_>y2tdd#Z
z^NW_6-&72X4WNSd%&i;r!lX9w2EVxJ^E;=O$4JP>CXy13u=KtOnI!Fun4uhHoiW$x
zIUo(eSf!?D7~8^%@#`lNU8k~^<F9&q%|uMXxz506FJ#wD>K>Yr{jM7IAKw~#dmN;b
z&YKWdi;sHT@@;WGWQY!-yR-kInPo%~OPuqJ*5$Y^!I43!Cq*H;2|PdKIdVZYK6TQO
z={-rMrN{+?Ru)zWrgK>3@^Z_tNDa)%nTs3{tv;GnhQpw=T>KDXQjwe94am~#PDeOs
z{?I%Bb`9GCXFbP&1JTwtMYjJgellBJIMYcfKpo8}=Mq&#U*o%Bx};Q`7{8r$*z5jB
zuYak#zl5X;4~`RF>72)TxEKRnevC=ESfc`dtg!ewOi6a|-rDMrDWA|LZL~_ngMv+U
z=bpPHCO7g9@Ow3(h`$I?F#4tt^iuUIo5p$Wt@9x7d?iA?!A4BJwrrkKPgRy1bJS4V
zZODl9MQ1b-95$qnkqF!|GhO}$S7^c^Vh}r>^Y~U#(X5%Y8_t1iQ$n`S793S_GQ7Fr
zk4lIhchyR?FqbCLs-K!aSR%)%rs+Zu;eOCixWHrPXM!#}6jD0)VDhOS;F%Mh>#9Dp
zljT-x+|ak8*Aha3M><h01G9?dq35~^;XY(lj{M-yp@3?;Ve2dr%)OG_%Zys3U0Ae#
zU22!y)Qp-fo9jIXKADikOrI_@RSbXh3YSE6IbHMXU(wp^eU<s$?H3JjPtg_)+QJ&a
z&`9c<CDir-zLU(4{{P$FXnBJ{m(=qrv)CbEDy(X5aM*Q*(JK7hV#GGYEIBQk>G(C<
zF}?#Xa+Zq;$B|B&&sPI0<+YWu6@%Y(7)}C33pu_2WJT(0?%z05+t;vUo#FY<Z~lR6
z?g>@*ErHz`L2Uk*NmCrAP`?vm@baWwu!1+GuEvw+&@p;TM(Koh!#D(!?pr2}GAeV5
zxAeqv<vm<^bzPF0Lcy~o5iY7U(FBWAbO1>{c7S=sp2cbGESl5v*kcc{Nuy@zww~T&
zb{O#-k5#7!kpFB<A;>}Z1miDoP06IO`b=Ao6Rtt!hC7?2`+nv^q6%zv5Wr+6VGn!f
zpH`48NM=%;r)-?c;0(@Sz7v0bO%Edepzmh0*oUmt8d@-RVajJc*<!<c@>c8IU$!=@
zT>{IsZ_Fpt0#D73s#)EPwRtdXIPn}l^#fCOV)_~G6OD~1V-$KDipvC}rZ~)0RzggE
zD*+FlOVy(OD3W=5v9k^mmKr)C{w%&iowO+2K%x(rq`dpv-{~ql4X_fxBC^)bI%DV9
zcVDYznoRwMRLkQZ^(X5$`soVBAEi~7l<9q1`^{!i+PtwR8rCRnTYr~*e<D^eb4vo~
zhF7|M)s$eJ??|;1nD1!fVEpzmSBlU?GN=)vD=RLuOW~Bi^xvMN9=C}l2q2s^*MH#e
z=+FjCyV+dvOdU-l)XvYIo>S5BUV*pJuK6z$O~o3D_IP1NXt1N8a819?XiYgzkgL5~
zEd|CyW$l+%-vQ?NrV@>WyMttMOtX%?V>8fFHErqn<VY(~mO1EOcW3TB*5dXl9Y(t$
zxfy~vn=qC??|R#-I(6!HCx{KkYDv`UY0-Z^{}!2XJ??C@ZxM}oW_F0>;dRcjjT!I!
zQ4g`TcCtOQeg^kAC+)w;*U!~IY(v@=6%Cs%haq#zdnJ;Oj}TEDt8=#7dIPFOb-3xf
z+Tr%J+^va|Q}AQyqjFr$A))4jWbxw?zJ1`dj#mV=0lN>^VOokWyfQxy&~FSN!3L>U
zN$=fbv)?;(@WLTKWZ(#Q1)B=f?(|}goIthW>$vev@x*uRc!YnMms>75zEc85nd#`*
z`D`JUjW*HiM5disC{eoLpJ0EgC=s%0vk0ckpcxk*3>P$hbq5|DK%&$*ibpsEhb;p6
zpaUOz+mspXrcV>uNe0DoZnQXK9GhQ)4ZbO5D}>o8Ke599D$*iG4f{36jpEuQ`>{T)
za5M->f<Q=>J9=VD(PTq`b{Jc8fDKwc&fMh5bz)ReTyA$A`G&DrMQ8in%=<d6>r-@9
zyp~`XJFqBxGx$z=<=C(D7p`q9s+8t!wmiDMk_v9j1(_`+_iwP3b3T&Fga_icZgS;j
z6qKatRJN;{_Tkv!T^98WtI&nVB`^1&c#ML3ZWQt6DO9T;xBQflLJY$RL1k7D60ZvK
zOR3||7{QrEOeUx&F1Lty-{u&M&V&S|=-_rr*zJ}?M*Mlz(M<qOR(wJnQ!2+;#g*n+
zdFv;!E{6Z_P;u)4>oGy7uMMW_-w+j}&CkFmmV57)1MUT((Rou-e4|u=5rdQ%?##u1
zXGVWa+xo#e8zZD&+Q?Kw1~d6A%VK6d6m$O^(sw6w`sRVKrE5Fj)o!F_QLqXet|{2o
zz4XgKFB3hvlMRim^m#h@sJ~}*6I-8xNFkg4voIc+%rx%DKMH2+JZ>mP5{~tR-4KVd
zr%*k_XPqEyVx6?@0nugq>pssu;?OG~SZ(a79LpdjM$hR%B@jcL=?V6N+F|l~xmMnB
z@EgZ)^Qd6`yM1NN9S2+xN%;_SJ!pgN)B(yL7Zlde32dw8tfaXP7^SmVxQ6vtF*i!n
zZIN2(2<9PQjfdgy&wF28y!k6FN!zt`#yuN<cPcf;Y|LCdVX_2k@Vp<-(8!yVOY(<*
zFgt2I%1B#vu|KF^mITa28Xzp6<m!c$P0Y{?fhtfk5MZqJ{c75`$)#1Gd!s9X<;2>5
z@rPi%I==~$VjxpmVda5^-1u950%MH6xjgCR4=esz2Tehq7LVIL#Kq0ZqW8P+tlFlB
z9EO^~<k)QTXWjap7+TPG^ed-XGI*;=!o3uvG%-U5IA(1a3qlshXf~6X>4!60n|tbw
zE6+3OU|Y2(qBr<b;^<Jr$H%10k!!}10{h3&u*0q2LaTQx^EqUaqzhT8R$iJc(IgM-
zp5d5sYBNcCaA~N1Dl&W~QJy{FH(Q>(mRc(dbp1Ac<J3z0m&a)8l9?<QnJ+aAw!O^v
z^0maC3Q(Z?oG*fmWkJn_?UcLZTXkHZV2v+}wNnqtyK;FsUN?=hT!jXEsK}zIq#+Dj
z9o@b*l!xD^)xtXO)(Z^ZC$WdN3C@a-P6%Gg>Megxd_D~Yt381x{Lr3d9JzQnbZ9p(
z7c*xgy|$#Iiz@Kf#y70-w1#B}CVBc!Xp9={7$6GtsAR)EP!ED2ZX;MyVlly3U6_9s
zgd+c4prd+^JKz-PCTS^$N&a)6lOKbCY(*Ltz@F3x`dYP2kO@1ZsP|Z^5<8n1M;P@N
z*{(G`I`k6eS^YMtcbMw45JhWrQDbcK!*KnW_bSSfg83D1M2Uh^13m_pyej0}eCw^`
za$f#&+r(EQB_Jz@u0UIc7lBNgFSIB~Zr$NqUn^@6RL|NC(b;@QDkjoAKX>nabo;0u
zG#bL8u@L_#9*DC&($J&@XeK5F!Ws4vy$%xI9Wm0?8GUR@4bqAvpyK1Vng0B3!QKO1
z6EsGyzW}f1bO%J@F|XKSO0xE3z}kXM#U}p(Vvo9gL0)TGEBu1Met+f`mc(O?oJDr+
z)tM0tx|~?=(}Q$I;zJL6Q8?jw?@I&9ex*1@@~aV)(~2^hG8}M{k$lx3ohzow88(5R
z75QhPh`=Ir|9$uzRB8BNdvBW%1Hz;VzmCZL<vN%ViaFX8j@4Zj4$W#g4~m`wF5CWP
z1_wFQ6*Oh1ymMEf=g8Pa!<i|bh3r$o((<xZGn(OhKmYjdhtU8A`VRm10fITXSP-eH
zhMJOk-p%cT8@Wx`0sY{KyM@fHj1^rz6zGF{dN*s3LW5W!@d}_i4@QoH5ecl+i)lK*
z+ALx0vX;^&%sBMGZh7bmE~Y<n3ZUL$f7fBW+ePY6-?o!o)81fI^|+6<1j}0F20x=c
zcNg*!5A7Vr=+fIIXpurPQnaAnXIwkKtCx?>9_vYYLH|+Y$f2zolIYzmz({(diu|15
zkEWbz{1|u#B9~3Ab%QQ5t8LNYyFx8C<P==3PIPdD%c=W^>_z?VCLz=hhi1Oz=0`%?
z3*p|OnU6*3BU5Gkjb^cF`me)sE>F7L-}w+1A(Aw>f35TmP=>}Q?7uoYaIezlZ@|||
zq{nrXT)~*X01Pfw7~P?$j!J5`G#=gBG2Msc3q2zo^olW$1k)L7aq=^O^cFI9WWKF?
zQ|K0^ctMQdt7O^b6&$Xu4T?X+1WMW3J0_$4(pM_5&|L|Adq{t>g>f(O66%7A>!K_F
zJ11FLW27mI%Pp0Fw)($kJ@7h0xCPbx&e^FgR*@CxbFyWzDuy!^tWczrl(xjbLP$Jb
z!S7g8?KC2%V-2)8TI`}5R>js;uJL*cl%5b*X3F>r0shBZ{9O1lj9=)D_1mrCqm_FZ
z>z!8<7d;9|!C9-=CChAL(&|PZ55)*n$Z)gh+1#MNsWz5+K<bM}vE1sT2x6k*J}g?B
zFXa+x@l@m~_adKt_ij*y^x?KQH;E1xlldB{v{_O8f(h+$YT@4v0%>JX3FK&&umwE2
zeltr9hG25E%UlhmP7Te}U9OkouPj(+Gd36+L9u|wq&F+~@$rs2P3JDM*nATt$}gf|
z>mOitiE>6-75KzfL*eX6NJu{w`TPpxV4~J#B$>84un<`b*|q2A^uqoJL_oX0Q$usb
zGTDMvapynW#SfTW#Et1&kw{Z(gVuF4B<EG40gAr<<N7LRM;odZXoihE-mxp^!zb%k
zYPN>G{kvjt2dL9Lj8rZ2ucG)rbQAN7NS`x97t~nKnQ>oWa|80!YV5rUppA6?bkl9G
zZJWyly>*kCjBZX2v{NuTgT&qdT;^@-g#P&iW<qkA*6w5_zRDbTC7t};TC@Oj3N*{#
z?FJM*OkJg^B5N`dl#Z*Ofhi;Z1Z6LE31u}*^|ihJ&~e!TK+s{y?Fh4KzkX<<eQhQZ
zgllppNNSG${tD^~1qeFGn_!uJ#K=v5Sp{%oghMZBDNqo{r=__y>+owTPQ(vV1Jb&?
z81RTSwophaQu&;4yismof2nYn9|0#0Jj5kxl$?>92>G9G>dH6{kQ!+~$a#?G7h#1R
z=(&&0ei#o|6HuL0&z7_(g=hmG_C~6%THGgi^>lhO8@I#;tmQ}w5Cy?7u6A#nn68Gy
zE#}#W5xn>XOjssv!6dw$d?7VjQhD{V3%!9-;=lYpPpWsKiPH<pKJ)Dqf@L}NkeJ0p
zb-~I!LKPrDFx%54xYOuFP#Xmvy@Y$K{OvNixNI)N08lW`085FVLi+c*`Jpo4YH_<;
zNi;;)!8ap1iGr(gC~x+MiSzlisg7tv-758mH#97l>eX}&5a{KH>*9$i8$uaIU}_Q{
z^duaM&dN5&=c@8~O(pbAL)Pcdq~G~)K#iaTqC+D)V`^eE;#a|7z?9G2FiPEUAR9gL
zS{P2vOLr9a^Ra9${Mu>r(Rj+VQ3}ll{Gqfds_<oSqWOXFaVsR7DZ@KHV^zSw&`O67
zo|?erFk^*?Y?d7hgy#AAuf2z6!|P@xog%F<)7MM7aRX9AFLQgul$%)4MqAAqHhI+o
zNOoRb91>R2n!@4=HgtENo7*AioI@tn)|?xwX(s$hBD~fx?70FOW59e2sHZiB@#P)H
z20T=PzgW1A$H#*XQms-9{-+mrMHDR@GQ0I3<R{*4(4|2|%rz~&lg>zRg?y*{_7Kr9
zns5=Fp&?6r9v1e1?)f;X4Pvk36zF~jXa&=(<dJikM)81!9R4<(AVUtl9xbS^DS{`^
zgAnDsR(l%{K`+f}zh9}ZZmP#Sbz%NuRK%IhIL*9pdkD*arkD@av5D6lfCqFNI|)FE
zwlaa1Ie8Z<bEel@aV`&;{$E-fpXlZFNU*<It+OsmKn04ogxB|$R{D*a<aA%So*5tZ
zM=5N0^)qQRepauPv2z)=9=h0B8j24rj7)4VXDeW74eY^VEMpM$eaPg)XNs6Y_^V|f
zJ*=bTyP745LyDmrmG@w8Ck{}HKEC82M-OR`AA`^PEI;#G^2K53on?yE5q|_xt7HAJ
z(aB19SLL6YG4j8f=t$9%QE`l|ow+X}aK)leQR3La#_gJmkMIlvqMfPakWJ{S`ZV+r
z2l4~D9eBMkR!Ur4{8YuaM{>yb-5~5z{G@U_%!+VojDXeL{Ih%vW~c+JNWeJHivi1K
z3k0uj<~h(ciz`|DD$~OlITSGcUx&6#0oF-X8(d?CC=Ge3g$6Q%WLAz@M5sA9BiS;e
z9BLjqW!ZCYx=?%Nm&D2SQ*>Ok(neJ^T5P<$wi+i-q<I{8fr?Cox)nI83wqAhpdo)I
zcIT+POf=A%mH+7|@@qskY^3WN23sh-N2qY$vvi)`XDyvkSm(e1000008*BlDB_bU7
zkDC{_>q~Ci!E+k``*U08^kaatZ>Wa2wQSJ|n;49edjRL(tY2nW-IL?RY45H6j3ZUt
z8KWln{)M28>BW(qZsZyGPj5ouTW6o@H_r_$mqA#UZsA~S?4JbIuyyG=Zm}7+zW{{x
z8kc`I^{p1#i&-5<(RDU{Kh{N&@|uv#ntw!w0qf<P)a`A(yXVMfwAJXL+r8+5TKQ?y
zGQ7`vDCjbfu35dKt>HDL*;`?b1gi2)2OSK~lAxrv6=0XPb!1k`DyGw!78sj--VFZM
zHB#rsR*AkFFmTJT9EoiLUi6&(K;^xW;Kq-^4taLi_kfJ~?yZ>Ix&p3g@xIa01HxzL
z6HwsGpWM9q<npT9!K9WL2OM&0O4IQyxzFgtQvq?qmrft8Y*cf$>1t&Pc2<yV-c=s&
zQ{819p5`KlV{ylxbbyDq%fP-djpsXXTLv@qv*&kUn!4jU1;rb_HjBd*#}CiKjDk%M
zzA5voQ67QAo_axdZ-90F@rpAIYSYBi7W-)`{Jg7s#e@v>PAU{_>KZ-#-1TXbV=Dt`
z@eRfgYJ${=WSRy~9iJXp6FloEu^lfN%MH_NY2`la{j)tSzI?$tZa{NRNIGN_NRkJi
z=y#a|RCw76g;!Q>vjIN*6d=k+Wwg<8yN-V=H<<WR+*}*$v3`W}jm1$Bei=acxpT}O
z-=Qf~AHhTI`FN~K@YAb)H@dJlYk|opMsgZ@LVS}{hB9=FMB1sG@o>e_k7&;YByAWK
z^fBHFi6l?1&4O}wsNe-vooa<Rk*Hqpv(j8sIy0E?fg(m|fmyO>dqB3iDv7Qm^v-KV
zyA<Bks#KE}VL+M#JjVCk5_wbyggBN9tV_U4-WdAi3VV*>y_N*=R1A@=wwGdt)bC(C
zX{QH^@oT(4sgsUP&K_6nQA<WHXV402I&96A=~8+_M)njoj<GAuWjrWXviE^HNG9^V
z82o#)|F2V(Z06vUuG#Bv?n!2+h3NY8a6CM6$R60u3S99*(t(DyGn=rn^83C?<ov@S
zkHvFod!`=({Qf~d|Hp|E3X1fUd4QYZCIS4~O%=TX+!y7KBH5EJCr5$BP)NR9ccNbr
zVufw6OpcCfd-8V@Yv%LRJcV523(K_?^w;|q>Vh>?_3rTJ8A4dzS4I}k5ZoIv2aIG6
z_>U7&TE2q9c4_#V$B@;kX&CvHv8bvSS4m>se$dDhd%qgiKT8&Xchr>wVrD=AypqYo
z?Bfeit$SzPJSsue)+$-ep=T#b*h9V1&zR2C`do+Pzz;w)ob#TFo97n}LJLmnCJ{ql
zI3Vk%$R4`omorZI%Qoey=u_kSdPLcHIKTht?A;}8wlK%<@o6HA4vPn0d`?AfI@wJ_
zA3=j^eLMN&<=%3-G#B*{iRoM+A?H+Sw+I_3V;aJE_lE%-!&$w-&AaIY{vHzwXO$lW
zAsb?^jhaT!ThCijK6Bg~@~-$l9T#>h=<x`tAYW^Bq2`N~Rzm6_KaA&f;?ov*WD5$4
zLVAP5Mxh3iul8abjAW{$G4YW7orLg>`C1-qjP+TDAwD}{_q2u(hnDjqyqTo7Yp|^{
zi_JJn)g&v#=Jcn}{EY?G;UieM2-&NqN)Z2{Q%?fI`}=(0JNEi-Mm?#TGf2LM6J!1S
z2XNy4%o>{@!^BKZ+a<jtSGruGhnEB4IyHefzLtdyQ<mOz%%M@&kM~CIz3M;{lgzc%
zM?|fwB|T9UmYU?I(2z;+!=Ndnns$8_uF4sGY%1jDq3}F=`i?3!ML<u44**(`SWip9
zT*uL7mmMG#^PkceNipph8YbzJhIwt07u?x$U|VuU^`fvitwGYRb8n^_P&1!8>uEy<
zrtE_PyV+A?ZETVJCC>ktL+{bSwGCSlr?P`V?gm?2fWfT<#`K#Omcgb;-2C@e3nRrr
zvd|K48h0a1&@CRDp3xYH=i5#PNn4mNh-U+rg?rKXeVg*(Y*DV-5GL;ektLgWzv!x_
z5CY4G!j^5hm)qd7@&w$4gtG05N46N(S?Cvg6p}a=v4(rindZjL64Q+3Ow=j^5ODg9
zDSYgb)gtOKQq`ATH*%xrQ&QoQ@45pwh{bl&S%60>Owv`u3kfE+X)$o%*&c0g#}$ne
zMiut9GR56*`Ka{%*^2Z-<0y$~mudclRBde;)LKn8jxzECM+sWx;NUt$%bpmw)DrW(
zZdd>S000wL_ztBRX&((!Sh1si;KS4!Sr7Sr*V>R97nVkn%F9+Vv)5A~TdxlWYP5hF
zYQ<upWbFrfZWgrO3Q4Cg*HC}g$w?3H^L-hBP5d?)Cd<I5J=<z!#i6EhHq=2oit$Qp
zaX}O*#{<E)PwtScoK&1&CFQ(vQHddv(2$X$#7+Lcyi{oC{PSAM+2;*{1PqgHzLnPs
zR`Gb81`2R3X%%`;9yS0Q>_j0iR)?9<O_++VsyH>ueh`WZck2Vg@<WuPW9ka$$Ad^E
z7d?}o&#*0}H3fg56K0@L!_dlB!An)pRb3p*HbDU%sT8sJh7~`b+g@lln_{Z^Yq$~y
zLP2jshb&PR8($N}fw%Nj(2m>GqQ5ki>VMBp=Q%ze=g9r8G2jVsk#H87TqSZoty?SM
znqbm>EMNMu{mCucvPM%%@?TFZ>bb3ftQj#<BJk0_AFM4z{{M4ENUzIa2?kdCct4_$
z{<aPne4VSZf^5R7w(ghzf$p|eR#c4MBFMVdnFlp^7=TK|9PV4WU(c(0Vnx@!i`7a}
zu|O?E9eODkEF+F?CtSBuRSh{sW`n-C?k|WaLnyq-!=VPw+J5T?pllt!Ws^za%3b0j
zBR5b1WzW2O`$>2y-U@Kh!wG6_N2su_rtlr5z~Y9*pYH=36Fzlx#=;qZ5=fm!l2NQ4
zUM>ks>`<;zb;xIfPTAKb>(Zw^vbw9v!=FXB^`9M(k)#{@sm2H0FS0rEjSBSM@g)i(
zF<cs$ih@4fgyy&{y0I~9kCcv~h(rsY<m8T(_!njJcxF>xzC!{J%wK`9Z(wBOV1=Wp
zt`=n*L=r~3sDQN@5VbD~!I)_pE#GO{+gzKCjfG8c&T(BwUhWy;p%P9_DeE}uKhbfs
z;Q?Buh3Su{!$yZho${vxv0Q|4TAzJ-@>|L9i9BzW?B`|+Lc2p&iwNET2aD-?j0L$y
zFHHIa1^dTABN*9e<OgHtpZ#)7WH%a*7-zh<jh+^NFmsMD?pKaTl;bVpe4m8u4MsV&
z;K`EIB<sRsqT#YBOkcqzS{t{jL)D9;)TDB*KDKTCJ?t>#vD;JYpQqzH_$nJ`7JK7j
zd*C1Dc%`f3<wg`Fq0o{rIQgcnj@@K`KoOndlg^})k~Q%CE?P%%lkQ?xG+h4>*58SR
zq@;H%n7Uk*Lwpf=DGOm+49aU`f6RSZC}#^GM7|oxkDm^f_;9b3ABR;gYASKzLuwgW
zvQ3k|;d&)PwEKDrt9zE13ipY%zYw5k3LP8upcotfbL`|5DnNfoot{n!6!MFSLOG<U
z{3L|}Z5KR9G`pTlHrG-z(dgYTr;#g+43(@hKviP^Zi9+bJfl2=4t*|(mFwk#Y%T5F
z>%!qiKc;4o>?9TGN|ow^Jo7351v3omeWOWB8Rf0-)}(o%VlogA)57x+vZJEAD?GxD
z9*8&rzi-z%0vwi7Ui1*Q;v85qEn8Q1^zh?6iTat5Dq(NHU0GeK^|&~to$tQTYMufU
z>IZT0)-oV9+iG#%B#tH5*%_irnZ^o!y?$0Lmlksa^nq%?1fw~F%4KcJBR=cRK3hVU
ziDZQqg$`^QY3Btq=Sbn(2m8|>al7Z~CvP2WizgANV(!tye$mmC#08&;)cuT&5^i_o
zR%V4%c^tWO{``xy`{8pqYm%<6FknAd9k$c&ypY_ha}(3$_oX|=|4qL%sVlw7tYj;^
z7}Z?xa`L{qD<Xjomo!XR7!L@)Pk?w0{{w#Gh4`VWu=(+}BCi=XKrM3(vjxCb(To82
zt_1L-<wFkdFKvN?u@3N*xRW2Tg4|1+enD_0PTOPCfH@6L9>6<~8C?hFRL6Tz$sLi<
zVnd=tz9P~yCF{m4oeyhI%s;8fY>xF<pvI2c^CIqY;~|5+7yKd?13f21U$$|80002K
zMHb5}FNL_`o|4v^x9u7hB%X2tSgWg(YuA2}Kmjj#MJJzazLU>hfc883Sc1yeNHH)9
z&g}aR^N!ouNFQ8^(5cWS2m7EXTG@-a3|gkgwa=au`FEi|Lt{{?5BdfJ3TMkSJlMs~
z@@TF;BZN``#YF{=d^<sF7uWz&9OqBAHK5jkxR+A`>UBs-&e1fEH{r*ypMbuq!N@L_
zQb(d@p~Vsp*I6GH0GN_xj|#B#i{lyQ$n)Hmjkq|SS)Ld0MI>)p>3u``)>8pOI*nZh
zkkTnWhZUCDICiEJZ<x;s%&s^`#f&1^whZ?Ns9UCJoo5Z*VTf=!o8JyMMn*uF*}Dc*
zB2ql9Q>jE{woanyLh-{>)StNa;f0P(ZJ%)upJhG&oZ<s`YL~brRl+MWo)uYpRq1gU
zb(j~|JQ}G#;m4h0*uA*ti}1lqmP#;>w$>Ehb`Gu;e9f1#_qEf<G~>&R)?Q76lTPt0
z!iC(H2lyp~XOG<E#c!!nyZQC!4lG5;zt%xwc7mvBHRWE+c!ZhBc{?YPfCM#nnr3tk
z?I!Qqg3X_AV@@IGn&rT8TJ4!qRhjbv=m_3>fh*oDGvdKmAtA07Hb2iDGVrqY-H&)%
z<_Hlc>`~>V#$Gzc9-Z*2`(JaEF8`Ku4fcp;D0Qnrm4S@4#Qj%cffsX^_fHQFvSUy#
zX+CVHH$yL;bofA2)Jd!RG(E<rm=f^7m`g^Ld79`7>IYQsKZcMg@FZf*W{;A)cv;VA
zI_D76fp$!R+3{h-xS}@gsqcx_sxVWas?Ws@DaB&F=8(d&F;{ze2D!mZd~Hwm8WSqw
z!EdeKW#gU6^-N3nI3>+dUUd`OMdW3rhIj;sGl7I8H8KBAxyn|uj>KfZTlEE9bdcqZ
z$ue<CqtG49+gHA%syc*0;{7|+>dTj0?(0*)UXp|tQeMWZXbwhgHS2ih4B@Y7t-;hv
z8lgWO7KC01?h4{FBpL)BHysWhsh9v7)C<ZI1Cg1UFtUfC0#Jn2wIe+w*A6ZRvGa1~
z_NHfXPnvJpvNjXCvK^%G%QS{v`P8LVGP_{alqZpf_2-3uy8dqMpc|%I%>90jccG7j
z`GSXUI<$gL+w3$d$FSZyhYp_g2;h#DFO)JwNY~eDGEevU0$Jilqp2@pX`}7vvz1XB
z<m)XXzm++GzFBjMrZy<x!@o8P`XF76S-bsIXO09i>OeWQ$v+^f!5?0!f>I-{HAKG4
zWKfqyzGS*!6Pcmn*E<v%2Xp(fmf)%zNq6r0rjIun{DXBw^RUaP+>gGBU;fJ35WRuV
zu)^~`6?ijRFjQim2<Yj%!QpS6HUEoIaZRijo57`(-0El%z<&y%isWb=4m!0@46IgW
z`I0#f&esd%00n`%=^|+>PU_5|*CGW^FOv=fal9-^;5+IZm^7zM$NZT5GXCU41ev`2
z+^~!m?%?Uo@B2}Pu}DpMJM78*b*HmlnA+Tk@~}x8xIvVmRdKxT*V#EyuFe7@J`-Wt
zf05f-!0?}}@nGNPex9q$%@dN_xhzqN5ZR%mr~GHB4yxW;9KE75&HY7t3F+29f2TpP
zMP{M~*k$!LF}wZ<S91RXc(PcvGyuD^XbELF4KM<T+;>;)2G>CM)Rj^2-TQd|X5WV8
z!;6EqqFIUJD=((50IMXT%ylnh^cW7;{K(Mru$~Q%!tLV19ub%}8;S2;>OTAbCJS2t
z96P%L7b@bTz`s0U$Ojo<{*Jc&x`3L{UFc8=EKLd(r!{H$EF*VHfbA1*K3^8U1M$6D
zKsQnj%;2)w$*2GT33NFc)Acm^{rL?sB~k4~lzd2WB&L=zSy=kf;KFL)NGq=~gps(l
zF3?!JW+sdmnKvfJHW0U|XJhcl2xFh_7GW}bc6`ju!e^~mV7~WywuZxFr}9jke!FP<
zSGvQrEW7^oJ^?x+iSF^3RPX2(&bYphhgX|jPsr%&{EUYuyVFK2%4C*nd}Q=S{cyDE
zz_%+A`Lkx)gB=WNl7A_-^Qr-+iR>ujv~u>$o191^?DB|_H}{`RedoDqmv;X<q?y3B
zX`E`>@YSKznK^%GXf6z{v`mT|>wYn&i(^)_7+HhM*zmU)LNEKFv?l#V8BR?@_9y_m
z`)9uGA8t!*qja-vc+23uMP)#bpTAwXgFy6@S%m*<%-o0rvc1T%IvHexDShW`FQ||f
zdis3%Erum9{sXx^1XQtnE&0_{y4AH?mklRegaJu1p2g_eC_M}<#J&eC(TXHsXy~|A
zwdmR_(yfmZ8zeGKZ+=f10D52i+~#qj^S)X*ie^E#_p&)Rm4EfKvcG?B>xYK>wEhk;
zSIg6ytO+(Du2*0~j!Jv{36qc3uWiEKfT294b8hmC3}BfbVVb^w+!Y7K(lTd>GA^Ib
z1$7BFlV|z1=)CnEV|PD*fOVNi4<Z~x#*Tmb18bF&_E3F?u*qcQ`y87RooCWHTdGIc
zyl5+1zk9k|Z-$P?Zk93x@D1T7g1`jKh-kPSnbIb2--oDqGh1Cw*1K8;LVYBn`efmv
zvURK9>5?@Qc|V&TK%oEMYg9a(JYKf9wc{$<ohi^-wIU-*c*i3EV+NV(=md*10Zo|3
zr^tex6~)LY`XimQ5`LiGm8`)n#83gw3k(ON#4;KHN4mig;yY1M5jZz>MQDNE>3zVY
zlMw?JzAf^b1L6F+fUk!v$F$FV_9G4)a+rsw-H$`@OY%M3kuhCl!GT~O!r*0zI4~U#
z1qT1XDF&IY-O{hayoYDULBWmRqnDTI{Ml^Flk+)a1N&P#qX5GE@08jS*6=gumiGF2
zo$0`_!fyPg=cDu3U*#vMqPm$$P+Wl<1T%VhrFEd!U_R=_SX@5>y!Rs|L5P>2s#Rg&
z^g-r+>bU&#<|;BbK3T%5@Lzv5Ae*`_#Ml0KDddO@+fm!~-2Xp3whm_s*A{ddSfJ*C
zD93jG<tVI>cQ60ipQ>M4IlOik<a}6X4*chtLx1P*2AJP_wqtf&$aBvR1oXy2*i-~}
zOZ_3s6(caC9L6x;G(7wHz0eW80#m#z{~GXzuoP}jt0dhRye<iG5Y>Jq-2O5~#%;ai
zkTg{Y8Y_u3q}Ut~m?~mqXQvW)1IS6PT8a&+x)_*gRtb16EBB!RFT$)oKePbHC`vT0
zl<bk&_huUHzvV0EWMBASECbvY6l!)~A5oxWanmo}8v+bu^Y~&tJdMIo`^rGMBfNi6
z%eh6UEg9#O{ArO!@x#Lzr5R4M7vXA%ke4crvH`B>At~Cg$^gOb<yPA1X4@h>B9Ww<
z_I}+QyE25aC=54O)ROWY5%LZ$J__DH<%7cv^5Ty)e7}#<Nx_%zsRy@Xu-Y(YOt9*z
zt3H_E%4~f{DvzevQht^dke@92CNV)zMVM{Lx=h&*7nhRXy8OWWY&9ngPdeOu)4fpW
z0c|GU^Tn1HQqyBqkf6<%iHDalx^u`R451{l_J4=~1o<mbo}LV@VRA2;i;X_$!c-z~
z?-f!Q&-%3}?F$ngUd-U-jizA^#lbD|m*q#Y%8~y(zA$w-`rU@H3TXU}eTJ~GVf-J(
zE#p)6&?U<v!Ey!N2;rNg|JW_@@!Ob!0tam|)gK0K$Uht-=y&W`>LcVHytKJuUijm7
zE-Awa2KZW#HFDgKM;=MyPJ@&AfsO6v*@-3=ut#$)>>Ay317b##?crgb2)c}zi)&Ro
z7=w<TxT#e)MkdbI{N~lTz$4=IdZ4=FjwNPXvz<Fbl4ST}su>lECrGqp=PUmH{}3#z
z1Y7VGD}*GM_SL@|Q_s*(!0>Hs+>C$}!hO3k94m?%cmBhHJnqk_^ca`dOr$YN*+`?~
z_H5UfJxr2knL|sb(R!9wU5Qi_l1ID*c=AH;HDeu^ws}pnEJS4Ny(!rplxDwphfpqa
zQ0qGIBdND^SNvVA>p0JT30{nF4ca(72Xy1ZbP@voRb!7zJjX@I2{)g8jzab3px#uH
zNRf$@_C%Y|)DWb?ubDS7K^EGXbiPAI1|~Z}8BqZmkM8S8S)k>jaA)1*k7dDdG5~w_
zF&R9{;7+g<2!p?lXf&hLO)Vta42(j&G1H`F9lN|$^cnaA=9$5#<ZrL$w@xDRn1S3R
z3FS^&kP)VonY8h^pevkpNKhpf?cyOn)&msbNrkgvrpp-uZtTq;narQ|z9sDlL8x%r
z=&Kw6cS>M2HWzA8vVqKdj030ZX8Hm~vG&)`KEIgHgHZxTxMuH_#qc>t2316A%XLXe
z(n1q%`B(`QOPEH*xICG4m^mz!k6BS_f10^yPvKZINqljFC2kFTh%&Y!_%ETe3^nCa
zY?tag0`AFI^0uSO6gj@PcP~nh_P!a7orl!xuzH=TODKy6zz%N*r+IgH?9^hhqtiPb
zhIIkV_$j}^4=%>ZOEnyBu8C*Oq2dDK#RIVGfVtl%P{SPx%aV$hO)B7#dDAMr9-Bd6
zr~+VW1zLI$Ya?4dHNCFScbxM7cvyD?unQaa5Axhuw;U<3+S!LlR|Hm18A2{e#|Vk|
ztRQR}M@olJD;ezV7IZbq#c<(ViudiEud}6$==F)soUl$3AC~hca8Ju^nr=Zv(W=U&
z<IZ5aSgOK9!XI~^01p~OIl%b${f%t%#_p=2JRYlUM>#uet2dVx5-C^wm|2{U_p;*<
z^`CeTVr>K@_=4)I2C|Wi*n{a-fMvO4HpT>1HHmM$8HC|%G^wN8uBKx>GrShvxUrEw
z_0IF5DFmz^s2$z}O}>>#+O1>Y=r<@-O9ZE%i*<;OG+KYw9!Q!0-Ui2hVC$a0h0M!6
zt-P?>a?2W%u_s?q{OIc?p7Ru5C%6B1g34!=v51&ReAQBaIWr+$_(8OpycT7#51LP?
zA)SQUxVaFwVT1@Y_|lF#82{t$jO7Bh*c$nEBNpg{ljHH^Rp6ETO8cIy(4LVW82tT8
zdioyD?z2|u=mTnbh&FCOOsR4>2(&3J-c)@mWm^z~DVtj5$83k+D3_@P)qq${;6KJ(
zAK>eQ2M@p&;%`pG<4q=QF!9eS(j=x+WNH7cf=A1M#Gy0b4EGYq(1p*|dA?q<bpMsA
zJ`4&l0!$RTrTZSVqj=K7mMYkl+u8fMahN20Xr8fb!H=A;uPLj%j>&yG^~W-T2x;%=
z?|=er2OBpxLFg=E<4$43MPDUOHv-mbnuT&dJuyA^t#cR~SJSP)bnbplaq_`;*^q57
zPYz@EvqnvYYdP?cHwRuUg6y@{68vcTJ@o>uz7L;P^CK4pKgV-L{?zF{8z6~guGEsW
zMn(@Y`gAPFLfcmLIs}~=ELQWs?H3a)6fPq4VwrfUCgY%P4l0kpk3rpeKMA*YZ9##3
zA*ASPx9<NYFl)J?OfThdVuL%EI3fVp!ASP9=~1x}vgGrj=S@Q*XLS||SnnsHSpFZ;
zW6UFSdtw3lYuJUgn&6&e(Uk!{@=mc7pQw-C=So|gBaEEn#eTq4<2PTvp3M&d%H8V_
z4l<8W4Wi^@*ZXN`{AVZwX0BDllN?B*x4Vb0rQ%5(OYqXLpi51GB5VSzFjyl?G7}m#
zW&OZEk9Ea?WD7f>vNM#6i#P=xd9+PqoNafW^;Hsr;Ig?0s^9uDPiufw!a*WJN?sZ*
zT!G|Lo=9*%Cz-FVi2Ui#PmUP$dw-Uv)ax)Gso??JA&`0vYdfe^PEyxRTo*%Kt=%n^
z$LrAR5dHuRHv*nji_E65dwU^#kylG19B0`~H+r_sc?`<yjQO|21h-_yoAn`+A#e`s
zE2<0vqa9@JJ}iK{&{)_H%e|Z+&WZ|qty3~ZQF$Df^{;)C5GntpbT6n+3M&&}Q90zt
z^y0Q(s-jNK`gHi?A+lRwEDRH`UV6Ck2$ECEk`JT|yjdKiTl^Q$wzt(Fh9mP%5fIR(
zdZ@vkvp8W$MDFtE>7(zEz;+3IP&E#m_VCIVPUIUe40E8=Tp9JCoT*J&%Qgz1t`*pK
z`7YNS=B%aJWuJ9hH11joFEfB<wssIaMGQhQ74mM^MMje2qXs-T*Z3A_k&S=9pQ`U=
z%a7P)u^v?of(!l~!WC#;i0{35KBA`i<l3xvd)CsrEo3fgkH~l&VHBBTvm5v?#=a*U
zr5mP7F+da?#hW}2>zjFzUgPvxYjAz|wDW%fbZ)enTPoye%qePm*0OeH)$(Hf`~*kB
zLeNTa+P}R<3H(jFwy?pC^V>(3xzg=__|d~|v`q5H&H-DC{}>n4>Lt?S1P+VhH>HYv
z*C<*o+?C0@b0hl5H45omtm&R$_O`+J*3L>=XSqAW#Zw3$L<cP-=Cu0=w8pmec`O6?
zlAhE5wC4ZtyyD@m$*RyyFP{f0Khn1T0CST-i}rR|Plb0$dJe&LPt)&`#QP|3wH2hk
zYmfiI2Hc@G0h@GrGS-&|Y@FJOrH-UIL#EKvG*<{ln@Mzag6=l7_~IV$LE8pLcPAe_
zWp(WRusC?}I6NqWE?|HwScEg}jbHwS350bYBAR>@v0oha<`QSRfYBfzKP{yUwLxZ;
zW2R8Fj`SA*K!9b;I0~r7K>Xzu9cdT|)QD8{ycf$ZY!2!jjzF$>s^vim?>X(<yV;J{
zh0Sr5FW9e0HTlopwEZ$L2IWe{_Dmj3@${#=)Dlv@_b8AYvFW31A>V*#g@oqtkccAG
zCUApYS}Ziy^a+^T_DhYgk32}gcWFTa38z2=7fvRSiddP=B#06=$Q$||J0zI&i8JD(
z0VlEOqj?&e_{VLL@*k2eX2*^|<4+mknxD9VB}?N$EdAa{<6DdM%gVuK=F8OU%8wZR
z8}+pS_P8CM`HE@2XS7uw$22G!Iu?wdYcf_G>sWs!A3KZIv5$*5#_4oEkpQrW9vsLP
zxL&--MsGrej2qsBf~<R<%X+xIX2JJ=KmRg(OcGI6&Yz+gU~~KULPJo)kp`ny?AZ5T
zrJ3Q^eh2hKx%`E;>~<VGL}_>~_YHWv^<vRxP2sM+eiQ9^hchxa!PS3lF5)#*e{Mri
zphGJJJ1NM#`>Gh`FUwK~8H-9tz-+oxUmyL<MN02mNzL#6|0P1+i>he*(0t}4ZDI48
zZ41Q?ybo}}HuZ;d-3n;Ai(Zd~JZuuThDcxA$k~;G=AIB{q9}+pX0u>nMET$x=yvBn
z(qWdVUaRO#VOM^avN+CP0nwP4-f6A=Ph^^^@D5S|fA>xmY#DdsuzI-{Zov>Is1U^^
z<=EK&xu%!PTdih`Q8j<Z#4*Q*4Hs~;Rfj~F(`%S3kA*>Iv0rTD2z_$Vf;q+1<KU<J
zQ6*XW!oQtseNVhZw-|{@hZd&U9b;fY$Q5(^7#4>&HW7w2_;+>RtvWhBiD%?5yQ$|o
z9u4aUExG*#8Cu(xBvncuF`0pSXZkMUo_}?$zR6juD4wXivAIX8PN9Ku+BrM=-tPkS
zFIK+Xo@WKNWam#v)C61sUAV5H$^XOqNf9?!rK-4HGm3m1hPU%Lo)@@;$Jp?y)rSXk
zJY>M=x6Qi%Ex`2!i-+Bh%i#GnpW}&AK$AsFqy;8!qV5Y(4+1&l__={6{~(`yr=9^G
zmk&LZ@QiB5mHh#~`KMQD_d8=UyLPA0c+x_V_j-YudeLf2C=avBv0i*Y<zt=8f-X|)
z98r8@N+qc3PKR2yR}2j%Z7c2~Y*5(%yn3|e(Xr!mQ-&^8oKi$m#*@=TwH0LbJRVFW
zTT*IQt<w}W^*x96TuS#5N#gj{`TM^#N#hNf>LwRmxHYz4vPYjbb0gQb??N&lfvxwG
z`J!>T`1Uw@vvE67erSPuPazSmFWLXxS{w;cmX~($@?WvdAlw8Vs-?dzqMh1E3)2VW
zBMib)vo;E$mw8PZ%q<iU!JUfi4NOFUk)O>s2K++dN}{MO*1Dvh<!KeOBcGa~X~G5d
zLLhtqnKK0_HF{lYU6*U22QPquuVvG=witVZ5j&!5=@3{dLlm>DE(*VOHoR%+N*me~
z9hQ42zNloBD@UOCq)V1z!>%z-ZMK`Gjd5X0e7G=pRoFae0;T-2T7SI-v-rtpyioft
zVSOv7b?wz~eZ*X4$Q;5`r@DQBI02cyO(0B0Q-u`DJ6`Mm%7{)kcI(6xJ4MZ2sv6nV
zf8Hdi=kw>O;z4$w9F1E61=quoo%0{es}j@mkMYr|MC8Y`1ZPA&L)S^-zi^yQIyUFn
z;av^dJi}<2=rNqttp--*dVQ>lyhKqCB`HvbF8-z=lI-mqj;UYG(o+O;$bwgIL3_g+
zNllUXX2!A=iy53`?O-t!6%k*@eqCmqU+UT$Um*^)aOy+*qo+rY9#*ze&N!8)lM*tF
zCMAPq4vM0RiqBRM_RbYf@{HjsY;m^Gv~mf|pY}LFX6JvOnSD3ZW|AR#(%`;4{0GZc
zjW0Fm`U#$P3dVny=gWpRE9PY(oK7J;YpSkM6IXLoNbC95<d|mUt0H0_!c|lr;_`#y
zDrKm0lXbi%s1PNRzw=;I7x#sx;ggit791nM0nQ#70b7~!fU)7L_l*;Ijca<sWClfM
z)5GVAB;>nd{H<aN;fr*frwm&ym@DKN%F~h%FD-*(kKF3Nm0d>%8YcMXuf|D;gfHIW
zq-~{zkO&V@_-&)(Zahn|;QEG*>au9|oNe@q<OuKKWbot8aUCqkL=N8Iz4sL;_GFYT
ziHqtC;27*eh5O<W@xM~MA7LXf8{ha01jUgsOxJlH)!FWOFx&%!t~Q$nFnnmJRhWB!
z6%n9(ADT1PVDoSZ2Z0)1n3oFn?$P3&67&L-NsCQdeMKh;#&AWT9p+FZ-g}zo>W`!2
z8{K0;wEy5HfH5e@5ST868D}1H6hSOxxaW);)^66P@i4^tuM-<^b+Xo_Z5tfe)fMnC
zXI6FbvO*xB{_5TJ;FKNe0nyMBE;io5)7hmWq&-QB1dj?~QHpqwj48bAcMcbV@+O3G
zu0*w`RUA`|1W0*B#xuGALX&9>Yyy9D+wsfsF!K@a1lY+rxOoupgwd{w!5F1t_k20#
zGAAFmZ@A_HiTyKK@$2LI$})hxNWB&$_hDIbrF{=oL$Z)aV0oeMnt1!KvRZ)8oJOW2
z+pfp?J`1YqUZ7}aogV!OU@owh4WGKmJ8ACD!;DbKJiiP+^}a1uFyoiA9U?MeGovLm
zH>(XvYOq98kSpG{&h<d?EM?+wZQL(zI<;TMw|c1SbkC)O(G6k~xQ;R56QxLrer|r|
z4ob$b8~5cI0c-?6ldIDJ;Ab8MR#U?yGtJEYIIVQG``)>!-2dYyokY8O=25Qy-a6O=
z&*F%(r>)(qWmJkxL7jw{6ck5^Q6OX*JV1S$Q4oNs0CeU>V_Km>#CPsyJUBL3K;v5z
z@oQtzO{uY2#(Q#k9ST~gu_;Nm-44ceeo`+)HO$wc)OlwkhsBZ33Ces*8*gFAmMXv#
zfT*Qq{2}orSqZaE-$L^e%uMiZ6<Sy5jP}Scbn_n4Qo}Cj8uVc+Xotx-BY=qghG&ft
z)7b12Y~f7GnsZ){Oq(Y%B$D_;k`bIi$2&_h;P8-zlZwGM=-m*P=MzZ|pyp-Y?R}N6
z?@5>}(>QL;nj7287ut};v=a+jZ6^L=k3h3YU{k1R&XTt7DjjbS>jqFcJkN=<ZmZ?&
z6Q$<i6>|?x{oq*Lc?#Ky&&4yDD?>`}>s-rkol5zv2Eq@@I1T|a9Yu}H;P@W}sbAFW
z@l|7xX)^j}TeKw++!%6a*rGd$(3tV(+qw8O|MD&bX%h<VN!P$ATRTDY2vBMJp%GZ3
zLTlwlt;M-G^Tzser<~$#L)BdX?C|6y!OCtfsOA0QIE9BZb4WcZeD46D_RbUTA4PlS
zwkGj-W_o~NSDc!-fYL@r2M=2n0o8!=p3{laI0>Z#AMSw%aZo5Z#PKkIwErZ&=c@hP
zbNbTE8&QRpHcHxUZX)NMvHTIp=RBF>e_vOfq(-1R)&9@im(N2^j^uvpdv9D?Eb8)y
zuFYq$!#%j?(W4>t;nLGg<?&K#?H8PWtI*>@Z;r3Zj@R#*sbf_4pP?KFByaYt9<k|@
zcXJGncfrJn&9}Os@L1r>(YhHh*R)(E(ELjM-igps9ZZNOVv&l*p<kGn8#B&C$Jkfx
zqLo(BWNn{qUnI$9G1z95+ptWZ|6_XGY46k>y`$8_R7oiv33B}rf&;p`yk}Fn`HMj4
zY}G2`8t?`ON3;aV9+<crwz=5XY*k<uY$CmFae0A^SvXx-W(ljW6m#>F$;EB#{SI+v
zN!Ano)1E`A-n@m!Xr%9A0#{c*&+P^wnXx#0_{h_jDUOeW<9M7T1Oar_C+2LXl9#CQ
z(SIyJ0*5Kt4iBZNXys)4ZpYib#x47hU~6>kkOLF9l^x}E`x)}L#|T#+`ef%QWOYf|
zDO&Ns)*%mMRjX<C(#pX(Qz*v!Q2I%{wSKV<hyHYW&LEH^f~pHVP@DE9IEnaKvf;x`
zl!EJ=%NA@zHbaVRskaB{T8@i80Wnt&yhlYUL}y>TCo}Nqy^1?gkz>h&F)72S*p!SE
z(K61FW9{?Y!Vi9Zs`oAlx7*RHfOm0|$Wm@7Tbw%tdL0;dgRgjR(R9O?Ug=zNNSNr*
zt>5y3-_8-6ot6s-^R~v)v7>kbJPLXjFsKXJV7Gfp_mp-Q16oaBVI8Z!!2aY<{^eMT
zwdTq!IJgzw+`YD>fop~PY)LXj$_I>NaPcP*EyfVa%o)^RggvB%D+rVXaeRsG%~{ua
z-gh+MdLF`$*s1@60FJ5Zne5Z}7_#-x#~LBFjA=c9QWUkbf;4(o@X1$sF+#FDBS$<*
zFzWd$!N4SYuyKC^yk;+;E8nbv(89!*Km8pSi?FV!^e&fm`B;e&vr+$fjLr#1IW?tV
z+*T)$9$R!2^TlTM8s@A@gGj7`a?{!oC&FkxzxgS;eYqNDt;BwMXa1Yt;p3*H1Mx}>
zaKrk+_9hr<NRYEyRtL+SLfgme83PjgpjRX3F5NbDj_69GO^tIE(VQA()`k`QKVWcn
zmE0>N=qS$e!Vp~0OCr~s9%&rPaUTFJeGhX^mU^5#a&6IpU<0n+Kju+`1=qbX6toa2
zPPUOd0+0lV76E$Br8(MPbj_JB5Y6-Z(*GWKwi3%joD~A%V<s_{18A8{K356>uj@vi
zWehoPb2=2)55OWOd}T^O#;yTtYkzYVLm{KD@bTATBI6|PbzZb@=~p>b7$Jj}(6`{A
z@_)RK7UB||*cR3g3RYbutt{iG5vtTqX@u!3WLL(<w1pMT_>QsLIbLZOQnB?NEW2%~
zB$tDA67&l0x^sb!ZsC$bprUC80_S;Ir74Z@YM{jjypD}&IXlXzu;SG?;R1^lLY}&2
zoWmN&ml^&5Ag9qs`gU3)w7TPt2OYWxYVFdk9h|OZW9kk!_Vv_Mv60E9annvi$}ZO@
z!R9?fJFTgzJfBIq0CoZ_$Pb-)ak;`BSAu*P^m1kaxy{)FA;(+_7!MaBR_9&gVirXC
zLh>mAU@fI3WVDF2z6dZ*Q1LvrA(DDlm(zrP7~7<r=(rewJZr!U*m13j$IogWLPwp{
zH@^Eod4ZjAVFH?~RLigGkple-BnYt}C7Fol{l<}#!Eh?Lw$?0tIQ-@4D}CR>#kiW$
zPZxi20GG0&(?hAb@@q>5K0c(-5X1OSbFy|vi2rWyazDJD_u4q~!Du{M>O+nAln(S#
z0QCoaACg^ejfHYVeiTP4RdPcf@8+KAK@V_nQYJ!aUI#Iu#+443y}%?4gOedXc^jr@
zs9x79_b938z)?f}1{d_kg4Ut=5T<eK;ei9wpwAJyCQ|AjAhW`T2ne}>J^~pg%7F9R
zJH$>lTTUIAB_?vv`en|s4)&M1y<=##5(I7&c#I8HS<$`+jlbdeonO?3ux+p^`^6(_
z@;?c9++&x19qq-;+l=~D2t>5JMv`h;Gk*^tg2p`7g(QOESsx)p=1RE*EA4M{c8(D*
zkGmCLol&cv!ZKI=LI|H#2>wzb$t>88thzidBos<{n3_E5-)SXXxW^4jka(49vBm($
zYZ31<7fvizz(XW;`5pW<cf?C$2AkY00<-K>XsEwkV3l?D2veZnEy<xv))l(wR<}Lh
zwe;;%5X00bf>z^oF23_;(yf-)-zBwe&ZeBV|25_y*6XZuasH&9YgzAf{*=7)(?5yF
z)^8*-&7+oG0Drs3n3aWwJR}+wR6$>N<kvm_O3e`U`MVRV=nhyJlmprxaamMOyH$Ny
z8$h2^T8E-hv?7>WFQnZ6Fx530sQx5JdKY?Vaq8D*vq{X9<F^NW>8;QV3l=_Mv2rpk
zA~N3?(AT){riDyBYU%EAte;}KyH<n}YhgM-lw7RL&{ao_s@fz1tbWp0Ae+wj9D30C
zC=3-^%)Q7d6RMpk;o~M?o~-i7Fu~6wEI<K`mHexA5c+M899i+mM>)~%oyWm9BI_BI
zPAp{fOvusN9$g~I_(rb$B!O=Mp^fw<)|}O`UJ;*m!<>?I!hvFiZzD8opXl-NoFe=o
z;0CcHlnoTP9UYr1qzK&xn|wEO(YfK#NUU;0${R^QE)}*~Kv}&{X>}ilUcKC(wyg!J
z<nKK)27x`woPCT5d;f(QxfH`E-R9rE^UOwEL1_G)fpZev)2jKgo3O<IuJxw411Y@J
z2qfM{#_nvoXu4VO5d0HngP0$s#6(ymZAJO=fl|X+8R>Sk9&6Btp^y}PZNTyS4#R`$
zE4%<?e)nR|{`Ghk-q4ZDb|jAF>qfU{{RR8;Se%nYGi#d$z=Z(|6v9#gPO9?(l$8EE
zuqTZWm`)t>mFqrRI`wZzKVN-@T;1+yq_A2;jVZe5l18(#2<PC!7q1(I?MUN?=u85c
zbENoglKP+8MlPm*+_Uwm<NY6Tndd1h-#XKZSbG>pAj&8mTRc|vhy+SOf&p!7zf}V2
z&O)0&FH$b|32dk>ra~&*)GdjY)9ljBHX*^U&CDB*bjhH3@^)lRKs_2=f6HZ8S|szY
z@eOMH6GWF#BKqo0o|7eX2WnuQrO@=D^+FV`t%sB;-brFg>n9MX!31U<kb@PsC2uvF
z!vb2qNV7Hmw(q8h8U>kbSZj-!^REO@UbNn5rSeInhQ{aWeJ))5M-gioHoZW{<>U|-
z6A-RDa;&YN8s*JIUd%S3|3frq>I`l)7FGF;3oqh$%jM|FWcUEC-2Cbn5;I1lLHFct
zq6;53--Zsa5+XYca5ahi@}+P$)m_a7G=L5epuVkXj1&vgCAfUpV%0Dy`;$wm<E1I&
zrx^hxtMT3U3{Nm70<9>*m?DLZ-`UjGbd*YIws<hq=4f695AEAMA%>Q>qmfPSu<eYh
z?mn@o*?caA!>N^Z>T<0lXl%9Cxy_Ua>5Bm5od5kM)&iD3%ATNXKsG$s5wVKpS%P7W
zlTvLo7|DZ8CgikUE_-wpfSF%c8w#7rO~;vUyca+Q;bIVH+{3F9OrL4jhLM$$=}jLP
zBaq-j`1JtAM7$<=n+d!FE{VEg8J;#;_(&F_vfR1UB#6^@=j`8bB$wUm2V5!&+jnvp
z9aBtCuUXZpGZT1<C)kt>y?l*w-ZbR>Ka_HIAHj8@?32fcB{<`hrcqn4)w?x{S@9w|
zGgWD5-1|8DEgYYkJ)tG^VMjnY$(PGTGdiF*6$xBkex-gyv!z7dK-TbFPQ2`OUU_gB
zN(XLA>raRZ5{1kpY0$|)Q5(Wgjm^Wp&186t^@wu#lT>FjKPUM+Br{9ggn6q{Q<qAZ
z`bFQ$WZXSU=rlKkD#$s~)?2HV8&{P^{$05)h~2M~Rc=54Uy&d*{V}no$^n>4CY;B)
z#)+}6F$^^-Rw*uIEgTmhE<RH&^pCLL!SkG&nOchlF}39Mb1=-(4Z(W5Fj_tG{+a?b
z#M(Z9tewqeLLSTC1g3Jvj{1{hIvJ{e%IlEHP{%IOIfD$aOSwpj()z&}oc&FzVA)be
zYPB@eC^CF)jL5}t04A%~KQlt?5EdF**Uyh69bLI@BT62?d5ozmDs>XVGPk5_aj;Y~
z5aZ-WzgYAg_6Fb$*A4%^G0=bEi5LR1oGz$iJvVk?x%0dUxrq0?D^WDa({62Y4VAUQ
z&_TGP6zK}MX-*DSSkfsYmdHiFTfgO5gb?+draMtL8A?QL!MtZTvhk8S?X`v6*MRb(
zF%!y@T%IRbxeKE6EV@*|F2~?u?*aW7Ur!$kel^MPV?5T809qcMg>txlgSYc|23;@s
zohNL-iRdsm?R|A#M0x9+q{U3g*9grSB{6|pL4g23(C6CoGY;S}UV-T)zq-eFa@Z_4
zznQ|h35|DWds$B@Xj)6Ny@6c>BONWiRk|h|m@HDwx4~$OS|aV7${KHZ)*E&gBzR)I
z7n&^XKd(D1U-PAdM-q-?qAtI<Nhx7LrHkU;1@qV{|Ew0S0UQ~tj<jH}aVW5ES-8C@
z_;T}}bo4ZfzKX0<+y?c!?Oei@dj&Cs#T040R0BmO2~Sj2CQMlEMs1rh9Ap7@>S#a8
zaFvp!{rEogp;f9AwpT6Q5$Qinn_mDD`-%R1b<1;Q5kxba<%N+xZw8IXe=MnB5erD3
zM=U>P<4wTFf7TN@cd1AXRXN0x;O~w<By=;xaN#L`a7kW>Wl=Uso%Y;Hni%tvbLxfa
zudM-v(x`eEVpiD(RD$dKkYh0D1c_C9g>UTJ(1XsQM*b8T0g`U&#4IZD9z=-cR?3!4
z^Kxv)b|5~NT)w!&zbW3t-x^+HP3)hXatQNg$IS?;X$TzV#KI-7S672qb~w@?dZaaD
z%M!tPDvrzzO2`boW$JEX<N6i4eKX!CnZ@H&*uIJ$UELvZ+nAb_9mJHZ7Eg)#+GzJ~
z6)%&vHbi)Xv^=b?*0i!W?5@WX)`10M13vD_VHZir=xoUjH8H{(UW%DTd^OZ1@0_Xh
zr$sVwVgk%tco3XfsSzyunPb9<Ip@Bn$;w3L+eQSA^-NG4bA@a%yQM$+a$D<g+fu$O
zl9eKymsz-0Fqj8wX)sHP8r*}~7IPu7QJ))fJ(h<t8`hu^-7mF0tG&Q^^D{kU6_62!
zv98peoy4mTeX_iV4#ZP<%7EKiz4lo@B{IUu)wCV95#$x13RM7phF{bvZmy$(gEldb
zsigU|M@K&Dk1$w5DI&WtSCL$p?v4V)blSAA`r^Wb4B_wu@%Uhn5+6KZIgX2SpvuE2
zMLwJrp_TZw8A$OG@=1k>yw;jO1i{P{T81_Ot3Z_Z@6mJMLUtX;Ch&p0xcfuL(|bo@
zk4f`G5CcH^dh7La1HVRzvNdj{gVmAXqCmd*b|}{uJmAEPxJwKGbV!27w{S~`CJz+J
zfZOtb=nfY1FWqL!UcrZ1Pqo1|DgA`J%r0>X)bp!>6tQ-s5XuiBf2bw@8%=vX5z)X(
z4;uVmMeGid=O8+NR%Qth=L8qWE{o36cb@Pn14ks_I5>^hW~LtUx(1em=C#pS_cK#!
z4$mzdT{CzJSE}d|=JS+OMA%E>(5)nQ^BVZ@;+zYSV223!+#R1PFj8u~LmbJRFNV+q
zIjuStHdHeEE?`qrdxj)a;#mC~H#6b$mN5f)i1lJHg@%F^#te&+<}8-+ePP(Q#6y2G
zRXP51;Tnh?Z(3Dc0vn7LYctwhNTf}V1e?mD<dVS3mTP+WsfA@7#rbWEp}1pDBe#%F
zlQ7C4Q$=pNOD?A#|IGSjmfu+w!R^)^qZ1_X^7$WvPoSvT4ZpMW^06jvh_Og9!=M=E
z8GJsZo0Er%I#f&2D}q%dT`X5;8LxlwZan?p;Guy^%g}^US`;zjq0iW-{FBh%_Bd$s
z1J8SSJex+!pFuQaM$v4X{$*It-K73x=lgn1GG+&Y;mcQAL(<GHSk<e^cE?jh@FNuc
za|M8E=*0>genilWjBw1|04qS$zj(LfnO1L;8iZ}&5g5_7>%PO#qOjLb^w`O0!_^(7
z7IR{;za&BEegBTx=3_=`<8%#a#kF<v>o}LhJ0kD1L3(4>EbKg)s-a)J$m;`71R{$I
z*NsQtP^{3ga5unqG2Xw;W3?4L0|MX3S0@wh;%)CPNM*^2kG!%)yeHRNk)qPQ_G3g*
z{|2dVBaY=Ws(SkaY%S+ZRi)UzR?EIT$!cF9w_6G7Ke+%AR%7ejspjH;xgPwA1c9uh
z*e))$&G6Ei=bm#0>8US^1pQCT`>8Z|bW|ydR#A=yYGrxR@*p-5VA{RKxCI8S-RmM=
z@SeR4;MR(;{z}1(mPh?)f?hJoz3c%1li)Aqh(Zd$Jt>NnbFUEtp|OR?B(_u|sh5m8
z#Ht2w+--oB&uY$Ht_9VbEYNoYWYI8+>-q+*Dd4mr7LZpVvfk_>>3K1|zR(e|A%+SG
zBHQpAVszLX(T@nJ985x3*|1i-Kqx*Zs_23OyiRWe5Ex#vK2)!~`QakDJ_XJi!p@{7
zRpetN9%OpD+s#|pS?<1Xu(-W_;QKOUvPy416O%q`QHTL=_AoqR2ibMp+Ok=?>dqa7
zq!}q0lh@{LgZEi84OYkai<ar}TZ(nSL!l&RxrNCr6x+PJl>knJVzJ#e#q*lL8v8C9
zp>(P&iVCofeV+WpMRu8pyW2Rio^o%2{#YilPH8Ix2EX;2<6ILka*g`RI7>M03>cyO
z7b$4f>qgbxUsGI;XMX;m6D|%upq%kM#d<gv+s%C9aqo9^uqa^lq~s}9?F%3z=Ail>
z(=*wRnz7dsJEXZxwS0(4wC@SIik^*3e9J`%+a&)lCaz?&h_l*^ph+cYt4uW_)p3L{
z(97VQzLdI_{&qPz8d@b<-s&~l3iEX(R~CPcsSK&Pt*p<M$c2NQ^)#Jz2?L8j)tss4
z$!);!!*O&GT<W#MlT=e(!E(7-FK5)ed<*nNG3-JmSlK(6M~o<oLhZ%#Jwaf6ucQ}Y
zTNM)<O3I4&n3<WdDUr;9DFL9>Z#Q;48#+y~HykfhjJFzGRBcggx*^1E#ziOqquWfD
zs23$+w}G8?LF$}K)t9KQkMB!ah6~Hzg@38-2ygF(k1bP9Ed<_;7B=Q#fJlD*Pz8qi
zq!~A!@xK!mvKIBSS<h>eE!gXglvQ899bHrO7`ygURGT{EPwv;@8?NUm;@?(v1!^bE
zG!DjkS05WEN(fY6b?72HXkB!}0U)o}fVa_B79}BXQz#LyLq+ivWzFiWnYiWuT?{CX
znx^{olia?xM9gq@i7i@pZ8s!`D;~(98p5mc3_LM|wQPN`c97KUjB6Y<`nj)P+i+EQ
z<6FkSIj=corOEQjFdUAiO3Gts{Mi1esC@>eZTo)N5#(s&OTe8}KHK~=UI_?kUuq6s
zZu=U9nN7`{Q-tD-ycZ@r_>uqsD!n+r%Fy9YiG^8CS5E284fW%-Z{|P`$*TSu!M%zW
zaW?F>4@{C}HBIPS_htnIZ;``?yX|?~(Z^d%R!;~eUMDXb){M6<iGd+dG;itV%9Yub
zc^830Iut?Hf+X%ocS!)AFu~3{(-GWm)h&18k9YAg0Frcc)t9O2lY#Id&sf4^?f$#%
zOxo*vEra4u6Y-5?vCZep1v43T&TeEZS}&rjTds+wKaC=0K+eg(pb1yQ5w7wsZnbUb
zGf24}<nJWEE`{!$9Ny^W`w@bT%MZUHat}y$EB)VDpwGJE;xT#J2SHX$9<YtarfqnG
zC{D26e3FmOK@D8VcI}cKlw;eqroacgMOtcYtZe9XoWDAZ{e+bENluEWF+Cb`MQvU-
z|Kn<hAJL{EB+OxKt}u1cCn+s|fvp&>^meslrKyEY9tU&O($QgcQQ?WjRJgTE9Y)g7
z1BDFoZ<*kh(61II9tmFmPzr$*(@X}%6-)x&=mPv4{6^XG%{kLXX73NTB&=L%Nx$@>
z4M^M1JcF7>{TFbCD$9A*Pfa5v8jwh+-B0lFQ!n<ODvYkG?5Q0U=@_(wR0jv#TEpw$
z%1=j1{_A&R`&5JbDba?fgDKlNhwFRsZ$zM1)74Mw^vR-a?`{3l4Z45lfE6z9ie}*x
z&^`V^DqA?lP6iLCcAltp(c>ugsuy+ccrP5f+!h&+Wn{fU^o|+9KW~Z2_VFu5kCw$#
z<P#gEj9vq}K#Y8z+0wlwanuEhR(O~#mkyr)6(D#l-@Z6z@4T;l!H0Dwd+Ft)l&<jm
z4&tjP2~fIAi%>Km8RqJ>*(u#QOrwmLg=WWlp~*B*=1&sD^`_lPd&ibT?p4fVFa+y>
z)%D~a@lfLDDMlAbRAjDdJm;#DjXIv=38jCeiZs|!AuJX}DJm6yirL_uW%x;H-Oh$J
z=IRsBVjs&(Jb3i+d5U%hgBT6-haYr|h~0)AHVx0}2h>gQ`oiIhWW2glIk*8hCh{w@
zH0%-WT*#aEZ&pa}@1TBY<`d-tK2eZdg*6H5a3|ASE-EqTg@j1*sQd&GFoTj^=~g?)
zC{~bOBjKJSE<pn&`|+|WZ2gp#+6hSdhyzK@z3xL)3YL}I#aFj?HQgei97)^m@g9s7
zhwElx#jU#mhM%ErRnc3*)cz8KUciH+z|<?ctjL#ar<Mih9~E=)z1e*R%T1ByQWjf=
znI$cs6^XEkX~<N~7pD{4ZYb=Xz48I8E}`#}<?JH?Q}eE$iU#i5X(^r>Jfv;&iVD>r
z4aL2tZb!6}vr0*r==dJ2#p>W*`1;SV)`l!n?HoX7(+`odOr|rTnki|=H9QE>;sD~;
zS$K0U(mez?P9*VTNJyxwFar%z&V@7k^fL&i;H}4;PEOwoQsnG<1#7`u!b9w%W2U$e
zlT?W&8zCiVI8zH59d)cPiO`+esQ<*N-rqo^V_n(;m1iGPdd0Z8ZTOs;&mF?;gnrK$
zx`KaCPDcB&X{}4wpyfo4&r?y`z-YAivI8YGoq`uaV^XBNx(ghLu!5iX_G_$9_3dcs
z@)z{4d=*8*)YgsYiZml>YmK_q+Zv~v|Fi<(1Vk)~VnD|Q(xItKG_Ds>v1kH2ond}|
zCcZA&&&6y69Prgimj;m)W?Jjz5U#QAI&TLP)G9{MKTpU3@4wo%Sh6uT-m9-tsRjtR
zecLunknX_qrD<oh*(=*#BERxq<*YAE)yUad)hn=!_`n`bmM}SKp)kHwJt|ji7=Ea8
zB<QYI9vo`wiFAo+aPRAb2fiJ#zjt7hX0m=L<-=jVl!=|SC|H+07m0U>8Qnu!I1>{V
zbb#QS6j=uoTlYV@m&u@({f<VXmUO<KYIkBNhFVHb9aUha7l+%|lluxd*&u8iY`ELZ
zD_c6ZlK~9kK33CyZx5NkpJ-5+`o`~TQij-P2BsOth!?Wkp94X)t(`+u&>)8|p{w+a
zSp?ETRhhQZIyI)3s%*Iqjo35GusEc~3Q%aLNK1-q+Xx|mR9R>SIg|`i$)-j`;Gr^K
zYnZLy{2p=xfCw4pYnUb~eyrI=k?a%&4#>966wSXB_SzjCjHG{V@OuhQl)0bTl5~sD
znT?`ZZm^?Aw|)$!S5R4VD>BHw1CfwwA2mVABtn>`01O*$xZ~KvoxTin>IaKO==ND}
zyH>lrXMuO_-hdwv*0`q2B@BS76Zqotfo8O*ZzHwbMx@0}&S6=6xG>?8X!x^x*m))v
zaIo{~>r}tvO&7ek0=^c>?;aqrj=}WNi{NB^W9PH=SvSK}+4`hdFa$Q6W+fVr<cj&q
zhZI=vqV><ufQWl+oT0|+UJyGj1vS)PuXrp<XYB#{_c*{wj(>8wA^aoz!Ipb^kD=DR
z5^INXr)gL-c#DC|P1|jV_OcL-s;q?Wn1m$HKJ2U2NxfI$RNyZ9IE5rdZLKAmx@1L8
z^RASjIhh=Yd*C-e$+}rJ;kxf7rScrdc*15CFnahDnL22u9xAI)`(-oNeI-u)DcuS)
zMl1uuXi9QTat9HcsH(?NuxUsDld~YJH&pZyL}+U2j~L8`0?7CuzJO)urn1CDQ-j~#
zuLhpa75eTb{<fY$t2JZ;G4Q&b2VI2l_@)LCda#eF9!%TX`tPs-L2NB^@-YjJcnE-b
zu*J=(mHHX2edrS4zbHD(*5O4g;0#!2najZQ%#Sbd{=GK*SY8rt;6*+ZH7zagM$ZwQ
z2&ff?h(<+R^a8fXrugD_7C=6+Bu(T$!nNbDe)x?J64p{YZ-{&Q%zC?Cqt~9)(`Qhh
zZ_VPg>imheo9YOoxUf<(9Lr>UFokn|qsn)%(iaQ;?0u|4U@~GzvrS0Zfz9K&p0N{!
z%?1pe=Y2SPHzaaSvhVJm_dtFOW1R?-NEb=3(-MWw#8w@Yf+owyP&U+OQmo%nklun1
z8*#hWW|jf^kH2IRn!9QM4(8&ek&(z}q_USsSkRL;x{xFoD{mi%)*mKe<o>hXJ@G(I
zZNi3sjl`BG2*hd~h}ttK?X*DWH(wd0CqadJVwU7ste(qzXC}C~A1x=hV7@R>eD=4b
zPt00VbW?PU>HlXK1k=~Mearz-aC~cm3z~{g+1m?OVv{*D1Q0PV{yN9^{!^j`_bb@G
z6W(!3=UPpZN@4(z_CTSzpB4yzI#9hT#yfOQ=^KT*t_XvJ_OuL72a406sO$%N|E`XE
zS`ulCjB~Z`NT{SdPQez05IwVK!Q~UwH+Xs4%ztyb^?j(=p^u&oUkkzH=eU?dLm_Hw
z^45Z`z4nk;o^p|vOF5U5HgMDdcMgNOzG<3w{^nRMqg;4Bbr1dbuNBtKKxcH+9@YPH
zI<hJ!`Jc0A0usx@#O~hRA;G34l4bVfV3+6L!gpw^^Ts8K8UcDNt)gKiitnk?^I@WE
zjOJEj+S<H3b*wIYl&r^I8$;B35OYKqG;LyGl9B(T;D4OI+y3cIVTBzR-l}!7@@5A`
zr<1XEa_|pA0y-ly4M<6)CY79>a~6kQzPfJ8sJncW-hEwri1Tkuko54L5)b~`;`Uc@
z%R38z2VGo4!?8So^hZ<_>_`*m^_Wpok*t>PR&`M-VEZ3km+3($Ot(>*GJX~6Z;<d6
z<i7Q_U;bK>DX!nm2^JHMC<wF?{vV+f0_W`ZXu*hLsQ4(caU@U=t5|9SxXZrxAdH)O
z<@g=>gkX%vI6WUiH*-8zFKtwN|L&C$e5+|(8A)k)Piv?tCk;&DuV(IPB)Cqxg_|=v
z`lp)KpV?2#Rh@Q<Qhi|Bhs~1z@w(tDgYRU0wJ?BOyKUmE)9u)4Wff_~PW+$<t>69u
zfXdX$%Y-pQnl6xo#Ew2=!<6+N=gnq+SgT!LbWnVz6Ep#_w9YMUgfa32x)bErEYW>k
zy_As8Q@AE&-Xc$gBTw77+W#9dBdJLRnGLI{WD6UbZ2*)&d?UiW2IBonth#T#e?(1!
zPTIa54r6l+#}mafy+Bm2qCljatgbAIbZ1gf;!9A_^mEh%7`gUtp&{kvIq_F6>q&Yc
zY|}38nV#mp0t$goULSfqyQnl(9O(atD?79^U5%gnsFn>TbUIP<*(0=O<;%ajPO*N@
zFhiPushLo*bH0WN9oz;ZL;0jf)b4qLL1(_b{Nsjo1`9>)=CD3mgrXSWIfP|FR@#=X
zy<}9O4wChuxp!nJ^}qTz(BM4O3hKaHtc;E+ln(@FBQJcAW+&&iMl6yVr=y^kliltJ
zP@~RUv{~9?oaK_00=w@6s>71h7&?XO(~&u^H720hsXL2RqgWBe6nXOArUsnUgea7T
zwv+JgOYM?{Hj6eR{W^+`*ej67QcF<$@Cyk!@`1v-dVF3wKdXReSaMg1c9lNMVS4Y>
zw0yez=Xq}@2(sy4W^Vo+`J@AA0x%jHrq>p@gZp*^F2oA9(u14Tt^sJqc|r6o>o}V9
zE({SnxxLAzeS>xO-|lXr%1c3aUam<e^_%8fGHx}@!9@%;fU4rOyp<sm9&*aSScS;5
zL1PMNI<~N_PJIj_l(NC(F#En=VlTfr$SBAQIBoK0QXWRK?ADXl*xU(zIw<;YbociE
z*)9zTSS?fg*)z>A<}(N}IJI+CAN5kT7|X-yuBPXAuKF-%IcY9x9}2MnxjH$I(h4Gd
zlp=Q|)!T~MK^|fb)2N$1Mf9iW1caJ>N;Di9E3(|d(4HN4DyTM<gqg9EU}#JV>GR;|
zIJ(^ZRq)2-uW;XLAb1^)1DVo`ZU(#@Fmxku7HY<=Q}^?;nXLGmqh?mE!25p=Z6F@@
zE8Hv(idWfermV@#gNWJx1|`88=jd`}c$Xr%x$Conho4fYAMH>9rZA@Wy>Yohgzcoc
zu0I({90(;86GU=$SY(ec5pFPTH0Q;e<V~u0K$L+@r0YW{#(W(H7GymL$ObiFw@24N
z6c`uuQd$W#{UEB?os#V;64Z`hGL8z~JMD~GT}7n{)ESB#iv3&UXGgTFStV7MAsO3K
zj$h=74F5isE0AMz6kZWPc0{5CaMSYG<W7-eBa=j!U=H<TT`5*Ofix7X5Qf%RPbI}e
ziOC1a`^xgOguc~p$}#N*^^89p^AqULSBa6b$=C#@Vn2qTYMsk$Ya{+}zl2S%I@7X0
z@cW(vM;xz;^tMNf=5wSaXq)i#@ypZ?c!Kp4LN}&pVU2L<&vTWT8TIIkl|;Z7#rCw1
zsae-E@OMcYQZ5FUQtQkX*;EQn1rW1xxo1@mLCS*QGxXCog$g{-psoTplb31wh-`n}
zp$i_Dz@zs^)QSlVAa0`XVK#}!1a>iZ(=?sevuksU<JC5H5dAaUMrn4x;>1`exI%d>
zttY*k>3%y}$f_CkC)IvDN=|Fa+W~$@CcBXz>vs)5TORuKUrZPm)!zyXf12;gbF*mT
zi`v&s+^lrqNY^qfG_rwB_Jau_lW*?}Ewqn%W~w&!cF>5cO&6#)Or<?bhg8=#DXDP^
zahq`RzRVOdJ@fcGP0WpjfACKvjO{*sXq;f-Vuhm))Cx=+Lmy<Jp4n>lq<LZF?E==C
z^8SobqSb_qv$y6WS;TAxz+(E*66_|<wy)k)1_S@JqCQ!hNT_)-1N-cvIVGx8w0GBc
zn^>Iw{t3J?%93F6Edr?`R|4gfoVn?l5tT-G{+Y2}jnRRD+qjvvjL$ZezsC@UAh$c+
z$TM>=!KGW@Ygg$I)PxZ_ZO?L(eR_=nD>TN4b@j#WW$glCM<@m><{jL|P=se`Wzy{5
zXBHbs%p6wXBe1MGQiYYd8E72Tc8<;k|6<k!l7U-z#_8AKJ%Hvl*En#CWR=w!rm0W9
z+^z8&RMnR_U7c5cuk-~y0XyU5mLrt@9{<5Mki3$__{?H?mG+L}EnH!RUL*GIRt{Bs
zMCR4R@{lu0U=xXank{H{8U=uEn=TZ*JV=vO>$WsKmQ0f15c`a7^~2!zLc1Opm03i)
ze6<p%$pnDkUG~&EH?64KEyQ0h$~?zj;_q&8b?G_%+F%)?<JlK<E&|O=z{|jpWAz5I
z(8;|T>lbn#WichYsWk85etP5oS;pP`8INlsM~yr};3h^YmlPR0u(BfXvBI|(17qK^
z9wfq4WR@GJ?@M<x2-@F2!IuUlE0>3n$KQf7JsqV~oMpiQ(Vx8idOs48ZKiRzMZFQ)
zIXN+tzbjCH<?Wctc3yw$zVQm@J(AKYZ|z-3{vW)`+Qzw5;_rj4P5TOKZnqD5P<HUq
zXDrW<D5D_DH8Zm|XQ$(cT(g8|eMB>^j8ex2o(-#<ns$_rY3=4g0~xD5e_oIyQ*nnb
zZd7$_Wp`^nRVIoC2s3v{<FyX^dZo~bUE&L2#JP@kG7P+}q<28xQ*imWNRu|uP!m_i
z{k*@%ikXgykuaKSk@d4?GCwkr^+7K%W+&-(wMXC%OWGIdla!|QsTGmG-bZN5H#m8G
zCWyY(;%22*_!ev=uElTD2#T8Jl?$oM^T(vXo0li;wPj=jDyB0C%+6Q4slJoLMl^lM
z;9FPu&i;6s5@&U=mCwXAYt2Ty_>A&dKC%Xn&^rv8sD05CEcdn0Ns@Ewu<Yy3-rX$F
z&-M}Xckhub!G5+Meu(JN1xu_~kg&d&tFv2w2+dK9xk)4lacrO5Q>|LG9+(G97u$K8
za7mUj7RMlM#||?7v~z!!Gt(1!;~tjJ9p*|42Hv2q3-PEh7r$(!%d8E>t|K1nK>)j0
z68A*Vvs9{sCQ%sPr?+jq3sRyAbQ^V6J4_W%qHw_9h_3L4ZaCb{GIv;D+M@q7e1|}n
zxyRO?Yj&lU2h?_fj|bHRFM)~g#2TWqWRk{>3a)2xFX7}qk<iX?At-u?I9YVH*?H2D
zCqa6sq_<UbvD2yBhZ*cqeYxCv`*0dj0nMSj1e=B?Rt=K%lae|V9Tta2wiF%ap-=i%
z$`ke{V4Cdyd{OU~#TIqFqd4s3*p<326c=Ei%KTK2{wTtkW&vm03_=$+vO|sCZ7q1Q
zG68U$B*IsVdk(tXcoTaOL9ctWBpiMzhF7^$LC;cuc97_XEuR{wM_bdkI7UnoB%k!~
z5Y{29EL7Xq9fJ(E^z(?i>7yFmEIjgesPkvP=`;_#Ek2E@17ErrmNlc>(NE61kA$AM
zFVs2G9UDu`GLOr%UE(l8oWkQ8M}T-Q;8CtssfuRt$CGWMUFEIlP{Lur%d=~hJiO_P
z36w2);9M!nNI)vAf01YgQcTxmSxxV{U!I7;YYuJ`O-LObGR=uKjkT4>^BM{;#ggAI
z{m~lQUAk{Yz;hIX1Nt`1CWEyLLsAmpMBUSdsNl(7{64lhVk0D+droUUh^4x+o#ikI
zR1x8&TCz8Hr9-6WkoPWCQ|^X)258e+g&R|OLQJVb9>s3vdd*JPC3DN=xO&||nQs%N
z+PXFyrxjeEbNcTdDYX!27&{dW`cJtxF#jv)vn<kp%SE(Zs9rk~={VHfG{qlL=`n^u
zy1*SSwJDaBdx?+0h{1J_q3gbsR;D4xzC2-~@k4qdI$OrupU0|Z_VW0zocYFB`v2^1
z817yU*xOV9ZP<IYc1s}R4a(2>-{8eaoubK+(A`$eTXP4wte;;lC?w=v9eqn{eG!am
zpe>`m%|GfDo!J`Fog&P~2{9vN`(19{BuD!ZX)`7Mp2{*=vAMst2*OV1F^>R`n*Ez(
zt5aS}+#sl7$0s3W$-sb*_3l>8`9foyRMnor&DAgA9+LB6<rf8w_S(H^a~A=hkdQOQ
z><Hzui~k16=xLnS@s?^}cW{_}r95W1W6E*!C;7OD2=--s=fd*pG-q(;D_1-F_3#a>
z!K$>q3-P!h%<}DKiB<-lh9{R2st<DbC08PkI{^d4TabEsa~JB*t>06J+~XJZHxiL@
zAxEJTmEXZ<Ps+iE(|9*TsVr!tZg~hd=#i@iF69Qs0Q-jy&D+Es%!AERR~Fnl82D*U
zA;-uv_k7GeUqDm7FTW>VTtcbMz3hMh!z`690o7PpnIqXsGRU2eZTuD3@|hE5w6tW;
zx#COy-z8nU5`j=1ckDiJq9@U%f4@R2@%+{~MH>3Ty((Oe7@So^UMAzxe~H1XT=cMu
zCOVdKnFhJ+lu1shYQ2P8-xfJQ{5YNLZr3U#eu&eDZCSrCT6x;_V43NeuVX1hjS!DE
z>fw@*sc@@+&+<#~?1Iz0Yf0~+9D+@6KADKErmV3F1w}Db^i10UN$$;xy?=I@S&La%
zt+))R@0JNw7RG*#*P$;n?s+z>m9Nn(zegSlA$r+v+|7vN$rfwh<-h|Wc$0{zI)bz)
zT2kFDUcmCDb33Kk^1AlG;kpcPa!W@$S+D7)0ZAr@QrmA=`3RT{fB{iyU*zwtY)(lA
z^WR(PBueZ~z77$nG^AtHR4J$51dfpJeKL8{a!g34Umnr%{+U6rI`<zG`;aQu`52Ik
z5!btckkha19y{h%XX1v11Ye5f$TwWdQ1Q08L}w_2A(t?pYd7L|mR>uSy_|Ov{<e~Y
zR}J8YZ+Sefj!6C#2WAV3bfi^IZ?2@+egY>UA$$4%E|?J<l=WM;SS2<q=2)5(^kQub
zlMzx`r0TBhYArcY3mpGDPPZ_OTYfoM&iz+InCkZ-p1IFT6HNDXKafM=$^mxZ%;Lxq
zy*n7@z@nGW2hPKqWQk99de$m=3NJrOhDLqPf6jnM_$MKvz*^%2rB#10?-NWOc0NoQ
zkt!%O0Kd|QLG&GXxC^Ac0LuR}=;)p)ZJ=M!^-^$^>~nhG-AQ0Ssz<xkpl_1nPru}l
zOw%Rq9ZSTAgM)PZUsCn&57_H;3YfeU>@BMAbRm_uy5DXJO{g1}Oq5-Q%+E3H_O^Yt
zEG;+i%p|prFm5P7DG^briaQ3v_7&q~0jdF&`+XDoP_2~bV-;erXRIb+@feO*b%~hQ
zI&xb;Yw&7$vnEl!0Jvk|MvLEXE8MoWWga7S(nfoUV%q}7pPnZj;e6lBNQ6HXlSHrX
zKetJ!=NKUA`Tk-eFVW+Lpj>=Ya_1K%r}1?%4^?75Rb{Bb)$Gn-0#wQ_F}uTnLyKPe
z!BOJi<;6i521MdCAy*sI{!jdecaLXER^7gdYk9k{V&9tB6|R&w>(wl@g_^quwt!JZ
z^>x%A`Gf=s_s+Jq$vjx<Rf2pPht?(7A9pWY;uy#a@^2Ky2}KQ#A0H9-rX?<{k<B0<
zRsmzj7RLXR(;RH)IHR2%e%k44+%Kya4il;`|1e^e0NzAdUKRJmK%BIUZ;Xi?SOts9
z6h=hSvS}@{=e=DW{D+uWL4>DL!H4qd#isbw#DtE`h2-vN4*wO5pV1fjJ$DfKr8E~}
z$}FicOMeq(GJ~gn8)Djx<0P$fJ&UbCGrBY0`9>t;N*w#5sbi<jgiPD#W`84Y8Ay#e
z&lDRYWtFBV)v$W^#oFSZ$F5<+dGwdvo*UzbM3?Y~pNtw6U2kEdrFc4!UyyDb>BjL4
zOtYb4AsmrIMC0%}sf;WN`*sVoO+5^l0Xc$eCfQS~L~wPvw)!s4j?n+ALi`GMY%o+f
z?YtdsPB>WDNh}#%nC<TwRCio-8Zzi8UYW<G%ISp(4Q$f2xO}>z;jA2Bl?v<>{Cv)(
zdamo>|Iah7gkWT@d4lvf50IC#E-{GL!+J5n?rfP%FFKO8buh=p3k~1VHna5`3xiXb
zHnks_sTk@B(pn$wGK-j{{Hu&vV|08;LP?{<DZK2v5bHfO*})aQk3~629m%23$tLq}
z6`>*~7JYWO&vVxsQ~T)r@6t^t0_7j@xGw%4ZDPsFi)y7~t2zbWuHT6t%mq}I(eGu?
z+wtFOAu&(^j4cF^jC>@ydqbuSU#7)vDI;Z*m0+`T5FCMxBBxBxglok~;3J>7&bHo<
zk%|qRNx^o;RHKiFIly??f6{LSb8Cy}_wo$TRmWJ&-^KxGb6O|QQ{dlZ*@oF89gqo9
zr+noVw<VrK3f;!TVrK0+p43~NmIz_qK=~}`9a58T(&dj7{REwuk|zX(>a*p8B8k9`
zgat$vv7!7T&;r=GI_6jk&Tuyg*8H7COIM@6;q#8fgaKrsxChrP+T<HIN9{V6YHW*>
z%-M4SIEBD>AJZ$%McT(5*tCsBtMoMVGrt^I10cWK7Vz7EhaxFvpcxxaRECpOzKpV4
zT^c<)PL};zz@&V?oi4W#-FBnB5{eX(I4aM6HN{Q=LY+@{+~YCUWHSk+ZJpTeK@fPZ
z)3G*yT#YHRB-MJEW`EG+l`6Gz-v5|$_JNEQ<YGYcl1|Q0nuF$v?69pzhIN)AmFhz*
zalL;GS>8>P4=4l~$yw5%PT{^Kp@aTJ7<z=SH)t85MR%R=c8e}9jWu-p3Et2B#lPDc
z6z<lB{q0<@P-rwICd$8mz}*zMt9ki^Q7V<xjzh4Fw9_yIgD{a;0iFQ(Nnm%Ae%6`{
z1E03!M2QfpkRBS3!fC9G4`bl`wb!qJqF6hT5YX@s<_Ue&eUUfj$m_Uh1kPi_KWy9a
zK&okdBxWLu+#YwfLl~p9-4lRj+w$#hA}0pJ5aVKJA#*#!G~r@enbuIIh2wNF^u$W4
zOGQUryB(%f8`1>mj0&SE<%VRBrVwAkUt+2o!M`i0zlEX87Y&0-rinBI7jZ5w;~K@f
zLvL9t-r#K9xvv%HliQ$0jxMki3MjRiL*av3Jnve{A+sMba&^Y|s%ly#y7r|G8+!KU
z&S=JKA!>?s$c}S-es&9#1yT^O$|=J8&8w(U)hD`(Fs@T=2VixLnA777tf;ii>N>Jw
zA+J=c$CKR#L*q5mtRk0vU@Csu>`^M1ug0UvR)KVCbVz;F@-}bX`_E1JCxV205V6Ds
z^dKl+RY*8~B@rL(u>x=|oo;d#zOxmu%axLqkyH&X8VRH1ttz!i$Ps)0Nr{O6J!=2$
z|5*`|Czj!aY~b?L6xiR)`*3h?mcpuAebnwPOKxrBPV#th%(>8wg+I0+g!zRC&|=<&
za$N>K>u6U~%8jx$oV9b`ku2tyr7@gF<YnvLFmNB~_Cg6`9f7q*7-M=3ruPS_*Z#`k
zxfUpwb%7tFzb6Fm64N6OXz+JZ{qc3LSiN)^#6*VACNRDqwN{NKQ*m{4&8|5Sd)mWB
znblQ?4=CPx0<P#d+JTHy+fIt!?U{5Yp&Yi==>84s#}hHE<<BUK$q+s^5HE3!0@EMu
zM5Q#3pGxSKU8iBK@J}66_#2*_pv<LJ1rI;YIln*D^oq{c;L865t$Gfe(ldEy2#8u?
z;fh-4^Yiz*JQ_{>sZvPY)P7lD4&vb(mIgzZ@6R({<$SI!^U_QLm2I{81K~549p0OY
zB({H+TBId2ExQgZXj?5nmfLXV#ldTWkiVyx`Z8}%@2^jRdVUxNKd9cjRPHnnpGz;W
z;5YWovIP4o)(rL75MJXjwYF5M9wz!)g>D=6ej$|;w|AQHE5c@J^MXB&h(uSoJ>%b-
zsr?6q=!`tX!}oaSz0vsn8$LMtR?pHOSUZ1>y9M)B`gKM0i$0}br6U|Z6$NabXkP%K
z8A2C)v=RI%P(Pd0hI)j<f%{9i+xCeE4jIp=H%5K2HYG9)Xo&u)x+k67dg8LFR5*%G
zZbp&aPD2Bj^Ghjvj(hb=#-BLejv^-upGf^=dqx>kY5fzHa;KmZOV1Ub>0X|g0$%SC
zjBPC<fGNtfX54HBWf2_muIngVNiJsxir@!p8FlVW)Ls)-DGAgXIU~1wF|#KBp^X9U
z1-~|fmpg|2hq2o})v%+<5;TET(y`+mEgIIG){4n{6Wimu{8_3ti76I>>ZR*S{x9@e
z5^DklFB?AQ&i%kvr24<S3dvicgx`_>9D+?TGAH_ZL|cb5+05ab(%!-g+ZE`b)AyHx
zL9BoOi-q!Q?$R>cxL|-8bVwYlK8w*)?hcURK|N?^;mI~r@%mZuCUEqlGF$==XTS-V
z--*0CW5Rrh)vH93(@o!dZ4)<C(aQ`)BqN=|ROi`|i~+fVj~z01huuP+jzxm8OjU2`
zGl0vjH`FW`LRHlg12>F?u|Dseeu*i>+Nq=SJ(Ed0gyG~-L!pFnF)ykW(UDtWak}*i
ze$OJpc4M&RKpYiO4-hUR4EL*)EjQhhvw|)Q2+Q=WNBIt<7m<mR@U522f$cAdYDM)Q
zTvTOV&;jE~+hBhfBgaWqf28d&DFHc=?U*o>bwE)uOHE(jsTTjp!w67W3P)J_-#`id
zS>yRl_4|+Jq6wwn^ek$&!?J2o!h(V$bw>eb7!)RwvVR<qQ2k9;=4n(Y=UnTQC!8Dq
z!pzYCli%*9=2&h@>tP@6Icm^+h(|4~=C`7_{XCqL35Q&XOwLn7YWdR7J&D!PBcn;~
zpRb$-Y=Y)_$s{G~7fy^SJQsFOZOo+-gIPh*xNgpEU1A`%qinAouz47fo)-gkj|Ok}
zLl=0gdbs;Z)j7|hy^;S}`3*UEZ`QnVz0+2Y3Uzm^7{cDMIU;QGth$I-jO*Il{@)^2
znDGJCzLB<a%`iKF-lf25jPM6*7U84Jqr6#gW!2G~=8xf>=m^=~=mgNuO7g>*ataU@
zyI0H+SSVuv8zL8RMdM7XCnBwax;GHe2^%WLT?~m4wgPQ$u<+W1&(Dc541!QqANCZZ
zW@kY{qEv}kUdDEPzw1L?j)l5+T=TlKR*!G_hYf_aNWh9Oj=b4Kf>cSWDk%Gd(-0-X
z5~%g^+ElV^sY-qjp!&_@evtn(l$k{N33=jw59~nhd-s3n$~K=za#m!cNtzRFr9FMb
zInyGYOg5~mf|?0_wWzaT_j@<SblTH&jP}5YBQ{V!9ZFigBNcqyJ!A&rRJ!%RcB_9U
z5MjmA`u-}nG~59dL=G)h777RMUZcEHNu7KgL)F?R9&y72xPMrj;#NFVsdN-5r)iy_
zCtnPt0VG(NV}*p>58c`3*^+Y=dJHJjaGF5|*8>VO(mV#$&NCD5NSVy5Z*pA3Htu8F
z=qoLBI%cZ0>;Y$nmu_-{?TghYXZy+`<DZaOq3+f;c(Txt5MCtL|0c!ZeGvCyx%Sht
z2OLjG))M1GnP|0KKcNc6ywhZbZldh6QbHD3e;okpqjK+OB1G3;r*yi60ti-<{U`uB
zIXHN!+dRjw2rH@6rkFyN2BsnUez*00G*@<=_@a{C6n)x7c_vX35nc3HJJWQ7o9c!`
z5q$0`E$JmX<3&bJiEqG2Su=kIKnp&)J<$}@J_*Ve;B==lyd+@ohg0X&>0h0UpE<=t
zd{9qJUH3jb>I)(XtH91**f?ol?&beq<(fiuDD)?@;v>6@?w~8`?Xr~BI9j8?S}xeC
zr&m<0J%j?AcO@TxVJihq=%0(`Eykb;j+BSn!{)&d^~W=(t4(Gq9#;oz>J-Ig+wTRb
zU2|-q3}CY<Y0^tM>L87v(N`Z75pE^yw_jqw@ib7fx5o4?T|r0|WMFTg_NhQ~W!cF1
zD7zqi$u586evG`in$7csEN!&KN$8F!Dv?G-<Sg)W?DO+gB6X^a3>z#K=<nkmBai}t
z!3IUJ$^}rj;u^VLus0m9xP}XTwT8EYy!!5fMw_v>VOpx_tY(A)lEZtDuGP}xAW5zI
z?>!bA6~A9I5_5Ouyn>A%Mq$pNfw$csQ#Jv9z>{e8!s8Z7UQI>Wi^s1$%BgTrN@b|j
zW4?hXir?tn1J>t;{cAEO!!y~v!N}!^f2&Cs8Jq>G_4}{A0cin-_?S%u%Yi~Sdv0UL
z?-lSsf$n2?TZvq!%?+JT2Yf6cShtuc5Cx4ORG;2^-v&GkG!S4>NBp{w`?hK*JIqpF
z<}K(P+@J!Q_sc|}W$A0IGL~qQEv8(Jqvo67G4H=<v{5sR&A=~RFG}1pI-HmKCqxRM
zG&@cIe$;#DT4~Y|TwbMY1%UL>4A(+>Ml6R-QdK8(xvSD79M%Z`Rje0yEQp*5B=$nz
zxN8&>2TmajV>4gu`$ee`4cW-UkxU<E4#03nEgqalaoI<*py&>TqbCe@W+31=EWQ-V
z@JXFv0<Y(MrvUA^l!51HBsDXyYK})Yn5WKA5bP<vtNKAjNW5l6{bVVO*}zD=xdA;;
zXO;|xfz?@Zpg+6^SI_ezoQ67G^JLL9#&`8rm;+jJiTs9AS>YAtoHvyp0vvtQZT6jP
z!`)A02=|Ndv#MJ#$mGTfmZP}H)N%^wRt>F6+U%w;lgg2mBCSpDZ*D(-k_1O8_98bl
zomX%M3n>9_3^4ub@KEjC3_!>E=!`VE#{Zc6F;jYH7**i??7BFgRAC!7n1A`cc6X?R
zum-eo&X45DWfna=NH@}Y#}gVb9&oTCG!P3mtaBV|P;+^`<z7m!n>>Y}Q|8gHvTB0*
zOpjM+jL4UouggT>X5?dGHPM#ZjCea}Hpnk#mg7X~oU|(DvZy$P9j|M@60*)^=_$!D
zlg^EXecx|+V2Z#QpjN<aSN-<rZq}3WJV}ni4CaZU7-#X(ut68l+#V=!<8(Lhoov?M
zCEnZ2Ixe|bw!t%so?*r=aZMiQBad`qwJk0F#tn^DyBpm0N*ul@|1eBFq`&I&|2orM
zzfNPk$HDZP@wa+J8~T{oC}m*(gK6G!3i~%+ar+vzXJt{xutNBRM)>IFJCAbrVSQc&
z;o=Dw`wzFr1v#YIGR8YzWyE(YQN&+Mo$Tio5$Qc$CE7*>SGgmJ61OH)gw@pxRIsV@
zr^k2De7=w8Gb@VqR4of^>*)QChLw*hs;4GII>uk6@Aw-ZXFUI?tF+4wjZ#vR;**$i
zTgN7Y4W?VgxmqWW8eFw`b3HSau+O6LL>S>M848!Ls?a*qP=V1L#rSgA1r`RVO&6bL
zV_2&cw@*F)fEHL`@F<n`YXO+V)-0j9jvtT_wFNkeXEWXUOdV~^9l<TBU-FO|x$l@C
z5<;#qL$_GBn0G;sLBe;ukoc2(pcb0*nL~Yk6XxD_tXPgJ9UtR@gaV~!m2L$HO$G>T
z`_pKPe}p8~^|`7*y`E)N@i}w}G^T%TQC}tp*@fAJ)3)Wihb9$#%Nf`;VaIB@Mre07
z9)4;}kx^EbS%3@}$}I+Y_Zr!RNKf{z6MnYmu`YdUh`9%XE%{f~lKb`YmE~-|S%WL@
zvK>9ssvsJO@iGwX9%>-pPOg4pm|tege4|pKamzDYzML|1C2B}5K2<q((pySJB>^RK
zj@!!J5sOX84g!IwV2Wm0DKw=YHeB7-Lg}5yQ>yH6>`KJ$E5WjkWWBs7dkwb*Tlqr2
zVFi}veylY-633Y1dVf2&NXTc8!`>zW;!6cp3491@;^RccMOTB9C0=#kZi6)MZWN(I
zesOJygS`>xgjv7M+o*_sOLqzDOLIsk0^}u~t=bo>;!A-d%d%dTj^$1UcrC0H2!8ax
zj^o**QEn;@iShCj8T;>7H-a=xgqw|H+e`{cAjTt`lab9ZYc-qADxn)j8V4Bxuu(_Y
ztC`P7zp8wsx3nNRuk#M&`sb)=tVl1eR-$ikbZem^83o0<kyJ@Tif>6(R7jj@DUyX2
zTB1E*gRKG9e96bCYFh^o4XX7yjAELtk0lKBqoF44@>xR-L+JV~aQjRhJJ8g10^e&E
z-&_rlke5`fdK;vCS;&^N{E7z&s_|Z<z`2Q3VkxTZE5j&{>9>?(3-8z`=-1SdD~AVX
zZ_^fzW>N{;SB-s{H2W7To25C<0xGx!=|0w2yn$D+7Rt(D-X_2?bW$-y!1ZW+VIPfI
z*Ewu%1o~R%m^-#<Y!}UsX|36lZyQRCCr+kkF9Spy%Oiw0ftBK>1k^lt2_8D-e#6)I
z-|hkclB*>Q7RLBXyh7j00c5++Cdw01n`6Z6S&Gsf(fQDMaz!?vMr0^dU&?$vwKU<v
zEgonS<*3ip%5y7L487F!szCo@m>P8~i^mwhKtO)q&#oS?)Mx*k+0E4z{6w#N8p_hd
zH|OVokF~8w#Qd!=sQ#m;v#Mtn??C(=n>YWK?-5VG=ASmWIMZumUFtHdVPiRTv)arr
z?a7vl#uR5hv6dCyYY9sKJly<owK@;7p}S;0x2i;g<jgGc%76ekYx^!=e19R!j%r78
zgbTr#vjhz!i5*50g(*L#uuQ^j()36%fqGSWv#Pejl+CatO3k8|5SkJB$2ug8AkUXA
zjX9Gg*6;sSKED<F;HV+@ka9ng*Nya^THZv`#{|ReuUv*-kJ7h(Xbx4dd^P^lbCT9<
zulg2(X~JH_LtO4Ne?L?slizJwF&Fbo3+cqC%-uBZvvxq}m$>vhu+Xq(Git||cO1=6
z!hZ8bv8;S-yQUM-iD3Qoi>&sr>T>%(i->#QoLRh88B{O%ynbNV%-17@Wx+7|E1i$M
zDKB<R{+rb#4n!y6<r`%AOENdqG}Lw-VB!iA6%c&a*}2w~BkD)ovElyz2%nz%p_-9w
z<18T#VP=<A)$z>Oo$^qUp=*B$S8A>+4^x^yVzgFGI>GTU{ooCMDASMR4VF$kj5ABV
z#5TMR+JS>P^QOT_;)$OatO=&VDUr>@kg&uI(MI?<NnN~Eu45-0Cn4cjhR#z_r(@tK
z#Y#^=V@9zmu%l#MA1p5oZ^pCgTiT&g=<;1JucHRf3O@X$;P0FIl^B5_#zn(D-T=^c
zQP5_QjG)HU#ya>+k|~<$=(}M0T?Ko#{R8xdPcw={<yt-Sc=9yeO<vGG*|#an#?sQK
zIY5@gZZA2QBJB?B?qf@1d8P18c;yX()E>dNif){qPi%u}?LuQ?G`OIwLX8_(ftIQT
z8K^hk8PIWGWuq$@_@Mws{TM2TJT$TT8ia{NhC{{BbcC$R?P@3Y=B-(V3b&@Y#25#L
zzIbHUH@47OExia>AoMlC0xs0B))Fy%Jip@$w7GS)inceF@+n&i=0$xC)HjF>i^(#@
zuLsZiBHjl97r-dK?Q3GXADXy?UN5Ssx%HN#2WW-w+5Yop5hC(+0i5Ok@0c%VG^XD!
z#PYmwXFBrxAJ-Oi3Wh&bTkd`(=1hmZyHeb?sI;;o@c(bk@Zh#|wMcDIZ~!<_`Lc_%
zX=%o1Auji(5>$o+c>>MvIX_nt$q4d*<ct#Y)j%@=QDy;KoH)=g$3wRMNs)8e9FX*Q
zfC{MgxZPdV)#nV?W`UBOA$4p-NdcgN`#Z!$Ah4o=64Dl+KpN+a`fB&d=SI=-3xV@E
zVvv8>o^gvDQ6{E<zEC>oC92shA8oxHMgv5?loVdScvZit*`mFsP{0fe7?t$(dPB<y
zEmA;fMC&-oK72eB8`QX)SeC`p0|VJ{<qGf+yr7l`C*Ks#Zq7)fva^RCgM*GoT+fE(
z(<qrW9Y6opHuCn%4hRmyW-#n0xJn|N0r5)~2LC@}Su+e0nYnz_;Y}zvfH}0LWwq(?
zQp<V;cYOiOJIMX|&=1SELbIO7Mue~_TOD&Tq>LU|8e1;UEvD@0yG3kJtU!JMF7#mM
zQX#qkfeS4TCBQL#`K?P-yyE34<#1}W>Wq`J#1N|ZK>MMN^<!8_41PriNqnnje5Tx!
zflhB_ED@Kwy1>>Yf?*pb(9`G+M-aO@F848G$ceD-dB->Hl*I2?MJ2bMDyW)CW)$80
zv}R2U5h^;bgl_z3MQSpHl(QAsVI)wg+G&%FP|>`05q*#52BH{3yYy?B+-!JrvZ<iW
z{gze-xPK)6_a$+ythz$WFSA|*g_TN+PxX_U6Dq_qhDfJQk)bP#_%PHj0ow0BkI_Yn
zVF5>w&N?U86zy~c5)K};@r|>zx%5q%Qg^xGUrj>*TvZZ{!+s3kQaLyE<HteZE~aJ(
zPsfri3*gk1_BnPpsRaiqTtK6Lm{?k6WkdrvsF$UxSs#g>QbW`HqV5|h&(}AujKsqg
zFw7jR_f@_XF2;8VmO&lo3`S39kr6L^(p}hS^O;g3a-jTm#<uJ1dMla)z*HGCamd7|
z;)f$nM+Hzf&DHfy(LVTd9EAj`iK-KVbijt=x`egAxt%AVUz2=(JwMA1@*B4$swj8<
zzm9m*zFcl5VG6kUd^$M^ssV$h-c!S{3=8;E3m<m~cjKl2VR+7GcIKm0L&V7WT02=G
zfz7`R8T|jYU92FWUKWqO{m^og`fTXtKRxb^5T&>>OP+5Zg)24wilQ7jR$>OL8sH6t
z<E&D=WwcVEXmXlU98Nf1<UEN#h$L|Yr*3$Tc;yamFjwi8P#t6jvO{o3$9aQ44(mU^
zwKW}|)67;DE{k0NdS9Z8t3lH<m^8M^^$!x~#(4NS0M^I^IYOyMu`7^&p6XJ!zBKG9
zF%@6&eL)p*T<BH4XC{V;cX5!HpYi6}S@37r+vuU@wIQS}TnD+L7<vuwj$F7X8>n38
zS$3(Du>IFzV$a^!S5!kNRUy2AIMAw+KvPbf+zb_=S#C&X*5qP~o=B_rGZrWu-~G|i
zq7vRMj4|q3!~bilsGn!Bu}GbD6$Xc=I6zuP?s2|}Q?su)$PpX5T#Zmb<b=MVunZ!w
z)3=$VHK=*xlnP@!jLWe3@pPK>uazl=PS)y!hf#-Il3~CPr}E$zV`tBxNXU8d1B<VW
z87DC!a5<bWVwRH#Z$^x>a2L3TA_?vOXN%aXF=B>O8ezj@x1T#o@s}KJ3UpCnY#y8Y
z{Jw&~G~DjgRA=+nA;(|jj~6a1R=IrXvwrINc*;lT1r;zq<tc|OE#CKusq(Si(!bSs
z;NL6)l|<<Q#Dr$x1P<~(_HvAmyH7u}W&e}Ajn{V>An3g8(y$MJ4kq2ERZ~)1zeAEN
z@CW|?1VpIoPzp6;y*z+vJKn>Gk4p>ll-7uq8C)}@%$iZ_#${TUk;_%lB4D5`Tb?}1
zSiJr16Qg2<S#>b#5xwEdw-vB`Mpk5bCM3nKn+SKjb+=Tav<beO0YZWJSBO9a@u0#f
z%u@Rzc0FmV>fM&I4vFuyF};B_dN+7;>5VaQUDNdX7-&BvTVePNyGEG;qdHTvL?#RD
z`mOlaYac8-cAHv4-1HcH=H<C{A{b51W9W`x)Uf)?xA_}6K1xt!L)ZW~UiFYn^)&;q
zA%tL87?WvbwM#h>i3{KITkn_+?~zv0F8~jk{gJjFW@p$?*D2g&)Bq@j%{)xQrC#CV
zZ};lq4G!_Nza`<5EG&qLV=c1oohh^2(Ld)|a0~`tJhLei&m1FJ$X{=)0s*d3^9GU+
z2I`{@N(Bw#TyeaHkf4Q%OHAA$Xs_H|EPI1ig$|(FGbu{6v{3pJF;#HX;k$TE%Q+*B
z&Eq}*Q<f^m{Z8pd0x(?@40DQAo5iB#xB-+CgCI>QW|h~WFZRX<a{;Vl(7Kd02s-*L
zrnR0t;5|Y0g1F(SUX&4FhkPmC#-Km=LC~ty6lh0P!d!HbMN~V7*WIA~8m}M?F@}*$
zb*Pdc?H}_(S^Q#i%hz;D4x`8GaJ1wWz_oGtQl`(Ic*jBQ*shYjhz)h*1Q|Ic7kYL#
z-nV%+xlFR>Tv#aC5q)Nl54q_ZvK_7zp<89FCLb78kj;S?@TB%~EwR<7&bi}p&_4pN
zAt3=YHk!Fv8oFgAbthv9R|lTRA^%_^KBVKII`;(wO>4Tu&U!n2!cO!=OR75ViJ?9v
zkE<$Tn-xl0^atKU$C6n^%PaZ-{cz6c$Q!OTd}I0}J-+nsX7ef0-PzvR=_~HO)G?z&
zh|q7q#bX_(B5zO(V1TVI`dS*9{7`&k*!rBU-(gL0O0Y&T9s)gk=*f#cij|Yo9@PAu
zG)aHKmz9L<B5fC!yKaYQ4!Mi__*O)?a2Jx${KrD<$HyCtn8z~1cMM!C?vFnM;Xn!;
zcccIaiQBn5@4g<a9~LsQ=5l}-2mtp{lCC<1>!FyxpQn7_=&aq-@j6^HKtE?nY$cyV
z+(uW@1eG%UU@^z#@M?;x)PZ!?PV#`76S=}7xjGhXf|589X9CQy>O8c<hnXKhExX%Y
z?k!@;i5WL$OJde|L5I?`=PyOa>xdHho|t^K_42+CF>!ic-nl)AdGzYep`J5uv0MhD
zik+(gfZ_R387!za^}xOpv59Kx65|8rmr&p7IA1ft7Y6;&Dv(K39Js^htun!#1G?0+
zY?#??!**-2XCy?ot1>EC|4cNJdN?;%^aHH^^J5-(*O4@MH#&s#pS2#ux1~pc#`#cH
zV?%~#3ef)2C-J4x&=JAPUA>)-lZEvkA6_%}A`9W9aU14K?XDMN+cYi?tHOlPOx)-#
zMoP=y9^V8Ac3&(>H6C5JAMk!vhk26*m{Odh;mUe*(@{WPir*e#nSlEUHA26Bu|VHQ
zMsU!wGhuBuQ~}q=_?t}{0ctdr%U3mK7xH?grD)-)t4~W)-PH}Q`L~YzQY*hCz#SZm
zh_@QUzp5xIvgVJ_I>r1(N^(cqw=cbzUXVqsl135qC2?gZ*IGh;C#+q9NqULkAZ&;2
z{_*wLx-$JRmKtlm9L9NBU`|`H!G2B0fOry##xQpK#md}*J!Dr9v_WxAt|m3{Zspe?
zip+tF2D8bJwH@3rE$#<(Zf0ErW-?r}qpoTdYW=o)@-ps}1O%@9n;qI6`l@6t@TMzZ
z3mLgY4<TR&C!tBUsZabf0g^V)!>bS_t#o!cE}#Ym1$k-jK%5H5K`p)03B?D?fkXWm
z<TyM~wGm1=fNzO9E!sHbufCP$(&xvuWE2eLZ-+Uzf?tj&ozL7lCA0?d5KE#ypGY#)
z7V>cBfFJO*GF3x`${3I$&!f@-hPdIvAYQ2&?_3F)Os6E#a7IyesiV1G2EOLO=>=n7
zxBLf!%QM?@JeJZ8nozk>0vQ~8!m-rAJ)qXKhWt5<ad=7$R3du%9T$i^yB=ymOT;ZQ
z)eFCz>jsCf(St?oW5oSR&@fpD%vkb19J{r2K-JnfxLSv`X~}aQuF!i~E(m5Z&P3o~
z!&1Y|7d$?t{20IMpN?COW};Zd3ToRlU}~5>-+Cg1`-SDA&*2-b*s-W2-Q>G<aau(N
zxVf4w;;TM{m=b-?pWo^f)dfNr)0SaP$ypl|@ut^z+e_#;iLhq@hz<jwdX{!UOow$T
zrF?M)DSO2IE}w5V5c*GQ$Ks0<;-%dAk9{KJ43oTdGxAV?GGXuBkNqj=)$_amh+n?X
zs%$_s6i->E9-N4r5p-V5aV$?%{AEN6Fh;jd13DZdc#<;!X+5D;WWf>%@vvDaGRVPP
zcwKY&-a=jkz`48&NnsqE1s2o*{a%tt({+!-@XJ4cUK57~$R>ln($_N}_Hy0cebW9k
z`Zp*b@?UMe=>^*6efXAxj6M<}`s0!}U{klaBp=WWYh}bIXb?^HxnTtTGaGT^EU8w8
z$otO>w7aqkT|F6ztok>?Y9%<1(JR&s<{KXNFthK8wQxJb91?=oD!gnUK(oq9^DD@R
zyv_ei?;zrG{Zrv8y}X587;AE0)dGEf=#iDvhH~*F;@l%phmFS%mt&ko6umg5_0(ks
zD^|m-HP%j3xh`cm!=ZXZ++2tw@RCi7)on+~W@m!{mT8ZyoC8QcVqQIjP$(ooxhWq;
zV?|Po__&zC`(}*Xg-XAgO$veiHVSFomw4FS9P6lL^3pZv@Ofy6Q_kpZaA`!OVO*XH
zw#HDW$li$<ABE4iiGQ_@;S{XHI>~(W*GhQ;1PR)lUta7n1xIoEL!@x8UC32&^0l?J
zgS=SDnS{5V3<PTD$s^&>;bocp=Z+qvrgK;0?D3RT0@!em2~U+03i+RT1|>rxzfjXj
zmpMmfFF@&lJ$JYHo<(4rAAHo1S0d+!;G_I>Nbkf#D|s(TT^ehdDM_02>eME|^_sd$
z$KU2GC+eu632D+F6@tAuBwNHE8Ij^XS6o~*EAADPiaLVOLbbwd3;@av(5$?%pd}0L
z{5pb;X;{p{4zcN%KEtF}_hl=`XjOM3@;pqGO=Y<JL69(|#q77wecgze)jxujU-*?o
zVVg1uwi}|Wv|H7W($%w;(=o7tq?4`k%NzKZh>yzrYjA0cMz+KBmjWrlX+^8OA{8N@
zUPA^}wcgGg2)OpKV``x1q)WI(!omeOW3Ps6mR}wv{rxP}X~G%kpc%*~TY^q2{C<cb
zSH#JY7$S+vaXW7Ep9oRsz<55}a&PACQRh)(j?P+*oWXjE7d=A43l*Q-BV%<Vu(u~F
z)3zXySWexlD{f}DGqm7yr-Y?`>~r@4>lmFET;<){X(L;Cr`|HjlW1~GRwmbEsY?0}
zDDJFY6z~!g1iRUC7-i9;McR1FdJRrUHZ*IN0}V)s2>%_ic3y~7;7>N5Ni44gvZYOX
zAHhuNjf#Oir&t|8QEc}e4`urxq6DVR4+GqI8!>Z9*tOob8=kF7Ob&N}=4HpDzXij0
z+h+ec27Bvle-t}r0*!GbqPR`<$KV^9t*d)#+mJ|TUwl$`Yy%Y<AZ2NCtGe@ebXA*4
z<hEFjC<B+7pUD*o&4G*Ug$A=quf>OD^}JKfR~)ubZRa@b`?axeDWPJCneu>HfX63H
z+sKpMwxjqim4j|bfu?D%(f|G*2GkN!lT^OF&}25bt9jR`Tp&QCru&KVI43c`qG|O{
zx!_fae~CYOlZF}5YH1vjieG*p{xI!>Z-Yvjabkbo-Jn#7NxGZq^QtpsaWs;D5<{vr
zrhq8eGq@15ahWyfuIF347_BtV(5zeGY0q;Ks+}&U>w`Ws;U_x{eC+FXm)e2aO@N1y
zcCGtkC~gTN0{AOKfHYK=QyRzd6vDc!-4*wEMZ6M?SSJ8T7&uh{4hv{MvSX|+in!%o
zqD(YDr7zj+_$yXXlNZ`Au{0Vvp1x9g*5@!@o@_68)b+$4`Ffz&lvx(Y`X^3N#Mpk=
zZ@U-<=?@raX$$tqV#$fS+or!LfF0uI&N4u<?(qTb@5C9alP}-+7dVjVG!Bzuj3YuX
z;EV+mS6AW{;~m3>GHn=JvA!aKOV7B*1|jn1C(;e_KXLLFHre43k)6HYftSalMqWx5
z0Z+TE9-I3fT~%)~%K5!}rZv*jH83+7Q|9I$Dmg5bTu%H1klw+76pv)4t3D0dnQH?V
zeZLwU9fKb&Y3W!#z6(J^x}M=*tKW~C|NnuE%WNRzUP(lP1#}7Wga(;{)e(-4NsD6*
zhD<ue8Fsm+PwrqE=V?rLm?HdVMOJzW#ArmJ5$yu6_J!{@wOTd{VQve7a3tv2hxXvE
z{59J!4jaCk+@5?tl0N?WpRRU6(#X^)iF8<CbceRqi(+ok$bVkDGPG9Si|ycrEO03S
zf=AZ2OVvmLALj6`t#;Ep@0k<aND6>HYqwfe2C?wC-6zx@lBkryntekPGC?Z{d<Z_K
z!tZiM5;XZW&?ljE^MSql4=pVCxtE>z!Hlvs<YO|+e(q_%@y++nngP{kk(aj}`b7N5
z7mv%;PFlmS4Y3tAI?3nXdWMwWB>EE@8;f2n{*#jI>{iwHwM^`#!4*~S{CY_<XOWh{
zQw_JT0e8a~TCQpi>HXMdF`?nbe}q`7vuKG&-RKy$YM4xJAeGRway%)r^MvH2|EV)9
zo3X`QjoPNT?(tMT$I6_-AFe`pf%?o$M?n^HexMc7%`D47EtQnjEk30x%V7T6$5Gn3
z4Tp5z^8_!9=52wRgKu}d_JYdZiREY6tLPTlyOK>~n+8g7&CDMAFRG;8uad9%o0_;L
zCAHz1$<SwR@vp0z>N2YT{lWcFGgBGWJr=mfQ3rMyKWqWLGsvveXNaGKZw{<o2Lwj#
zv|L<<8shkI>F*3vo_c-n?qjsW)h*6o!>EZ>Z2iDl{^3C<hdWHW=xVhbE)SWG^04oo
zJuT}$e=uaNfMt~OjX;g(wi?MTz}C|}Am#?MYH<q>nCSRVaZ=_v0P?M(cno5StHblA
z;-Q;>KM=FFq6g6>tTjtbh9q^|Koe!f@aBxKo&~4^WJQ2;qfK<iX-2Y1gcR1qDZtv%
z;DUPWRIpo)f~dH$<v14Nh|rC+2{u@BSS6Nen&8Zu6}sBl!@phm6K0Kr9>6{o*APra
z1Ss^)wZmC7sD-Yz+a24yo9gsgYm!g`RPwZ;J30#pkML~cU;;GJ{?Wp33s^RxvWx7w
z&qgR7Dme{KLW~fg)OtBusNW7VZ@U1Kr29jJ2>vvs$k<6#wQ5bA`E(;jdb7^kJk{>7
z^tV$Fot}wL(lVr}wuGt(Au<LQggr}MWUYE8Jz1y86tM{-qCGt26$S@A{2WmH9o0^N
z8EXb7^!!m6j`l64xLCS@p}Rtz!)}89n;`yT4t_9$y*`H}Fg-HYi3HEofFoyx($5SJ
zEtMHJETqf^2snQaS=pA{mx&@>zJQcA{amM0T)9Mz3VOE-c3PYaUx^J&2v$bAhKb<Q
zrWxJw?k;)^>L<%ow!Debe!d!Q<$8K~N;eSdM+~Ycn^{0iN^Z(P0{swOv>U|;AvtcV
zK6wQM5bn(tKw)h~qk3G+ckaUFO_&{yI+zgYCeU=jC8jgMzLF6xU+gG#5Pf2li@rpq
z0aDqK<(x#Yzj|uLoE;rd+#u*m8g21J4PRR1Pdf)%`lj`hjJ6^r77bjBYHTI_i9NVP
zH};k1WrVhHeV<5;VqhI}*hbB1sw6^rS&5^eoo%gPoB|AhGHxMt)Up9W)uGmr0O&VM
zRW_Q?(=f>IXQVt$^SqW3=y~RG6mA5D=b7PFA7x7Q;M9GC#T4autO5iF0ApBOW9C{R
zK-<ahd;|HM=a9HOnT2EYC#rDN=&uy7&-@y<PD}k-09t^P`eCX;T7i>Tp=Odd<t8X-
zPC&~Ep#ds0X~GQYiUbdr!VMW<y}S*bp|H1EE*6Yg-iMNBmnF`DZw^b+1-4T}ZlPi3
zNkkx0p!g2v$R<RTe>JA~8AqW5R5eX}Z+}R9U;S*Ya-h^l1SFC#vJ{J(syXw?M)(9Q
zU#x9N-^O{CygKFpy_wJES6~TU^SH{Dgo;-QpFP{ST85>F4#sG{h&S}T$pyY=omRlO
z5h{?@_oZ<OI2i^Z-YO}mb(~hUv_H?B#217x9yd07Ot~_d*FjL{PD7%Lqx9-cL+MAD
zIkmWfmcQ~AP!JT{V?dcIKK<FYI?GP-)fe=bDu{pcyy%+suFl@XY83CO)iq(XcnmPS
z82;aYJ+DC%0etFt5RWGMA*ul1UZlb3ZNz>jk)k2(h(t(od6&is_cd)w*&=L732<8L
zXFsHi83&si{RX~+Et2A#UaG)Gmgfem?ocW%Y2lYt3O~CzBhhP$xF{sWw0lWJaaXqy
zP+Q91E<a(tY5v5EF=e0mLmmv)MpmDd<2JE^x$neZjwzW1zPBq=Y9dDrQ%syJff_Yf
z#wyc+Dl<Z||NU?;0W|2C$G*f*7=hCN`lt?gsDqlDDs^1fgyrb87_Hgg)GupHq1~o&
z;(Jd6dWhi$J+WR$B<&p#5IyFL62;=KAw%68e(*08`oAcNL)4wGFiG6qRiY+PIO<MH
zOs?4zP*#+xiXIEDAHVPMpT(z+3k{}l%K@6n#5YXF3lj8dLUn;pIJh5f$dGxmg1p<;
z`^{T$l0bdw;<;l9=wf*+gW{Cmt4=+qeF{|WpZXke+1o4Sl_~(2qx%6ZH5?a6kZuKH
z@shD2`u*>+f&qFNgTH}^4}4H8v-R6~q9fI~FBqGu??R2T?H?icabCgBg|@-G0md3e
zw}C00sb+TG(6H?(nahAbNHmJU{C8Ux8f;og2dhd-CP9Qyw$uewj8I!@8pdim)l!09
zno#*`A~xa@r^X3{J6tDXyE4Q#ISy4quPq;>==d9X2b<c)^%xKiQd=lxih!V2U(~|E
z8V|VVy$pigPYL7ztICAC>90!nN10XV%83rAZI$OfJ$b5|3}M^hKA_+>U`>cZCk-lB
zzo*%Yy<}-ReG-nU_(&Wk4DMvvDRtjKbQ0m!Quz;C&sIb;P>PArV6%zPP^le&04HZS
z^_-9NjZ|Mpzj55p%|a(){3da1mW=i87`~=3xf~b9#%t5vD?=|-QNhu?QYJiYAi|Zp
zR(t^)QmjLzom*Vw)a3~NBaju&BQeuR=MFomElVahq8VI_hlqkt4ec`a(stvdz`g-m
z>MOSOni}V>i6_a$_;8Ohc3)M9@fvF`J856mCIsZnhLS*=ZHl!>Du(gFMyuXpIf0D%
zPgs4Txfdzx(z4zHhdj(gOUk0gxR|d~^vhZXA_h4vCy$eL7;L>KU%s+Cb}i{V$0=8I
zB#Xte_CrNtlLw(Z#0J38WwM#`>EOE{W7hyM`_fPFN4AlGtp)&sE^fFT_(+_Q3~!h`
z_Lb;kk+uv|C>T!Inlnnjl{>c|B5dpnXfScXtg9#31rPzl>`IdD@lF$sL-%ZUjByuX
z=X_%+VmJS0dmy4I2a56DQ^8Zp1wJiB@{?m#Kr7M$w^1))KVxyNZnltr&H0H*o>Jw1
zC@_rM&}O*2A6$y%a7r_%%<?w*JCUZI&GIh2C)z#-3<}+-d?Kf0h&MA8XC7#wwIL^(
z#L-yD0kb0g=aM=z@eQr?pZ$Q?!tY>M4?)rfwu~M5-1*Kvl4h#~cux-D;*z%2P;Sc3
zy4|+9DNj2KGU;gfoXoFRQ-|x))$S{`m}J+7qQ<maBri)aX-Vx7`@oy}`&xFw4A(X9
zm`wk7a3Xoh<^mH$w-Tpe@uKw{7J~8RhRn5Q0QbJ|O*_FZcF}yvGVUW&g^XBPXKN=-
z3;f9Qldu!wRNi$qn@vrCc}?ZhQ~S>W_2I4l%qH}opTD@+bTP{9;KHeGH+OHYyuWW8
zBu(Pepz-t+14;QEZl1?_)eg(<6=MZKun*A8&#7ur0DQBCnS(HTy<AbXls&CSRs7br
zHy0r%<JQS_#Z7v8unM4;%K^vh-9Y~_8&m(PyojhTC&f}@;6&Yj`0+o}@dQp0u>RUI
z@vL6!B_eV7>+Jar)b!{a7>fP@O+;$>Taf!nf4%s?TEf8~65d@#v^UM@ABSIpy#czy
zI#RzvHh5E@Ngk^o$g%c}&?P-3KUs?3?nNtms{Oc}=Q3oruT-`M5jzVC;N+h$Fs|)D
zBo3<Z-t60E0auJys-=OXQC*@cXLq}lBH@GLL7Lle%m=<i=JYN$7e+7w63iG^&-rXF
zJ4?e%RyUcOd){EYg${(!GS?1vv0rJ@DQzTB0Vb{npma@LhPTvtG95<QnA^Q|imQzH
z7tEtkT4dGdbANYvU0aD=J9`U`Qubk3OE=s{sK@t=AKn?Z%vbkWDrF-VtabtVJgvSR
zYCr#Tswich7MR>PDuK}e6zU1XigD4Z2Blc3$u!K5OS)=$xC3ZjMl<~SdUq|0@L_j2
z4dY&5e(RUM(hNJP=}IW5?@!erX+B@CyFJrzoJK5eK>-AN0ui$iB=fN-5X5b0!gT~w
zHy{N09F4Y8Kg*%-ho_7al<{u{8#r>BD?k)$YL3g7Tl!(`*LJWB`T&uv5;3NJ>##}u
zGXpkV>){8e_9mZ57Rn_&J@cIw#tcadeQA4#q!+t>)I)Y?3LQDg|LrXJg6XU|01j})
zfr3o*_~J?G$j-V&FB_%t-K?`GUHuS}$!dNTL{W8S>Ozgqh`hE%v{)O%yiJSbEfN4I
zI$3rsFJg4@4xwr`?-X@M3{`CM2O(*GQDaJ7h;LRPKyUN{N?Xs17+Oc(?#0_PTVdp{
zHkrf$37gE88=DV&Xv?e<Z4(KLQaXxc53{DFjaUP%=JV9BLtwE&SHmLFwej?xL_<%&
z7pPf43XCRV2OhV@_y^5C?_>L7iJb2Q_Wy)~6HeGnP^Lk%5=s-ICUqbIy8CD~4ZN(2
zu-J96{sMbzyWW@>#iG}E!|JqP&dJ1FeHRD0wBwZ^Hz*tRczs0H$$-o6lI?k);E0s$
z!CfKL%t{?u27p?cFp+H50W7Q-8`h{NyZt_&7Ruv>z}fmAMY)UX<bu)=84{B_)c^Y}
zUC<ArkCz~eDy~d#Uwt-*C%W#4=IJtIT<x@93R0MDT0Xk2Oq!jAlWTla2;c-{4K!*(
z_#h@u?BthiQKV2MQ^<15-D_ZmFd%Od99jX#_8}VKlp)tcXFG{yl!4qgM7b^9b<`mA
zCRgbDE2lWgr?xS;8DxubS26a4bki@`YUV~q?(+yqmHT_!RBm9yX6dA@@xw{3jq0w|
zI^<=0+t<UB8y2Fwm7xE6Ue6)x&}v>sQ9en?+W{2$<_c#uQx0Q@Sg^9q`VuYimGXfk
zzYJk@mS5;tb{&5xxTr;p1(>HcFRC(dO58a)qXPuUO-;9Z*v?s7N+3tZd#nbBFVic5
zGO{O$B2v-B0UmQo4mERSjW^MWp0~GWnT>#c0<+PaNT|d9W)$<O2J{C)A<;(%9Xsuh
z*cl_;VTy#q-b#<kbI8Dg3lupl^z{*mM}BfY2HwX#fd;L(#(!Az-doh(wFb?#vBCof
zU#zI+v|v#<-J)XU^Md^D_*Xr}2VLLBd*m)$y)~w>7-PyUXEE-5z1>FTYkXVhl^;W6
zRjzYNN^L^gY(C3X7Fne67Qyql_tPqZ!T8>Ngxdi<uj^X%KqRhTXwex1p$ZR9C)|ny
z7XqDYlTdvIMZOdsVhd=x*32$}9TttB2R)3$COo;omnW3~jPHfD#HTSge!Ag>{)w^9
zD7+UM$rj7q1GP00kX*!(zm35TBr@eS7$cpN+PlJ?vnH=CGkB%AHi#|PQq`p9+QR&&
zr`?4gwKW}GAWG*FW)P3wi9`G2q7c;2%8DH@AWyw@tk0a-hM)e2_9H3i|8La)8YoO+
z?urcg$4=^LU(3e9`QVJ6dZ~ex(t?RtemJBMzNqp~)X&`by{?i0dqY+)cU60DiE;)|
zE9dtx$B=baQj_I(JdnP|Sp$QM)YzhuXFsOUNynS~fB+?<N?x(~LJnXY_BaAFWTF#B
zvS&3n;~|;10_Q3Y0@$p%YTn8Sz?Y~Iej2w|?ucwZwkh1*CY{HN_(V$z^(_z6*};5z
zVQ8-yM7H^^?8H5jEBB}>hiuS@5hhIb#i!>gcf>^T$Ud<cIL$~@-oVJo&W~TjNC?rs
zgx1nj(ix%At@u#SnjUZda1vG?k;FcZW#xww5QSWYj1b9^Y>rCa<Jgx6ln@CIg=ZD{
z6}9{)F4pc8id{S*Aw_rQz8vYgBNK7|BwA}LoK|7!?1_<Im!6N3zFf7WQ8naJW9sAL
zHsK-TQ2VfSgC$<CV5}NZZraM(;X#7FdgkjF&iW5g0JUu_cSTLZ_7#`rzv<k>44Z5b
zuw7uU5R+RO_`*m7RXG{3wCkj=!YFOC*QXG%t}!QyO1YkKNca%VG9z|*otu~ET8lc&
z;AX?|dvYy3o=B6Cm*IJS%Ol!(%I5<)lUVqfjN-Rou-;6-dFckXQ`AMv*!Vloi*hf+
zv`g8K$R9O@2V}z$xGXGLSm!(KdJntI?Tw^>4(B#R8U-}uuBY)q!`-^SM)Bdl#0rs?
z7f9?}MdRz}bFksr&=#F6^(iQd_xt|n3ozK4Jj~Lg{E^ix#XHFhB5@z{B!69fmgdI_
zM)zmjzBEKI7F2^x+n6pJ6|Wiw?JYLwjrMy^_YR+r1LE5qNNq(%oc%)?z%@Y<B0#pW
zDebN}y@GkN&e@RnX2O6Yw;=Yr6|P`_NNz~XCvq;V9`@4MfVw*fG1SSog!~voudj*#
zKj0E=9tiUwpD`tYl0vf8q=MmA5(vTp!fn8FZsM%9Qb1&G6Q$javmhIGNeE%2Eh)Nv
zBvOG^4c~Pbk!3wFE@2|#MAl_12Wb2>>vJXL@m1*N7{76$&A&`Cl|D}%4)~VZ9RS=c
z&X#V67B3y8`c|LIy)aS7Y7ZllgqZ2+3Sn@}`+90t+BI(IiixRcUFwghNFIQhSo9y+
zfV6o2^pc@AO;-nmLz4&wu1iefeR<K4nH6s_^SHlcHkAAhLu)w03y9zwwZ?kqo-pmb
zMJC`0?gS?hI;+c}767Nz&KD2|g%gO#7L7E61-IM-iVnn%9Q8Fr(m47(l(u%zyi`s*
zO$?MceX3DSafw)p?xF9+)L^PPDbT107aOrnT>IF<eySosh#ziWK?i|sCfhC`!NS~)
zc&1^9pb2iX_m2j~c!t10iUc?38LF-RR+LDbAF1n)-75<=W>G$W$r&UaFwuYXwGoRM
zkt*797rRGgIw5bNz~9*6nU*f%DND^Ycpabe=F(-d6A;jocK(Ez=Gckk&AM(dRY&fj
zHML&z3GkmFY-;6VKK54aNmwBH<5WNXQmO7H;Oh|)0~<9&<R^NI)+oSB(F8(aLeR;`
z-(J5&dw_EfyMTa#68laN4=|Ar<-thFf)5n4x}rz?`<uH9$f#!hK_iPI(BT+haw{h`
z@rYoD4#b6lFk2a;sEu6H?uav_Lbe3;dD@r0l_A*GA}|yPVyLqQais^FYaM~4q$jaY
z#;JzvWfy(kV%noK^$>Cb&}a<jOF%CYX@_BF=LZpg@gEd(r=$te;dus{J(W%PLnRH%
zK>I5C<}YI@v7xkh?bd~suV5Q!dCvkMx#*)Su*No0BAzB<iWQ}wTimE+REtMX1-)>c
zGW1`Xhogj8A~U+qJpOM`8orLB9STm<7`dFb++C=*FR~+p1H})*ai^nDlXQJS(~&K1
ze-@vBnngW@>kv|1;L%98+jUGOA~D9|WcxQ}#+18A2mW!3tReTJMp(8FRH{?!X&E$$
zv24o~1|(tkhIv2n(Z|g&^Lz<Z&!6b`4*8ydkxAz%A#@;f)>mB7dWGBgVF}5g0EJA=
z6|$NsPiggY2Q+WPC#L2+{u=9$Mi`if=5esUzPHg=`uvY@ZewG$$t7&5nPzbBV1c8*
zxmXA?3-$nFx|EA0&lAf=+5xyj$B&FjnD#+85Q2u7Wiir^)hEltp}z8ZItm3-RaC&B
zCAmlXGQAJR@%LwRl`?sd5yvmgM-RP9z9T^51%@ZNn2CDG``-_zPJ-PpauZ`iwj9Hc
z%krz9P?d*t?mfp9L?T($mdRK;M@y_8YV+toXRV55)ZSI^VRT8Y-JQnMB0vhBVZOES
zQlAFw1f1}YfcpIITx~{n0Hr3$(EtLli{I#eA@9#kuh0+k<|F`1cP67_e~V+P1@%eJ
zv9=JDDM`h4Q&6n>81$qO0He9;!91&0KdbEZ43rnqJLK2h<P)}1!YR59j$dWM`tO+R
z$2_D9q7Q&hFBCV#bBC36F2wyykk9T>qHS&xQ*I(9)~AXnj6C9E_BB~peskLFW{m8H
z816V2(APg`XhD;3+k=1vNKm(9G%!bH7ivMq9@45Cy6L%bd7mPNvp`S*OlB)>qg72X
z4a8pGcob4ufwK#}*xknz<W!aN78Ri*KT+?{X&O6xOl|7S<mG7g;FEH%wt?h(LMp9D
z5usg-4=o+v!A%WbWaGvozz2;TXUq4V>&Z9<$ZE<EEsUN2woCZrZ{7xw9X0fi4s--J
zA^={|68=9bLlNW<jghRNQoy2+tI|D>XhIxx0HUoWQoO0`d7;B%w6gB+ySt`n4K>Th
z2r2&z^)SNDt!qiRiV&}rxGhzQvUNx;H~@p((m$(rWt;uYJ9Z-2&9M`l+EA5~tZ!<q
zZdUxb*x=1pSX5Gou~{`bixHBu=?(pD$&h0cqZXZya+(LE!cR?%R|7BwxmQ!P@-<bB
z9@-{=YX%W;gqC>DIZcs1e4HwQSMQ9PuV{zbo3|CvARZE^-gpeA<?qU}m%cOwszXIH
z0#U?>B@$AoYS{?YKOjRC^G%-Qm)gfCJKQhg3IEBQQXmxuHo~)YE5#N6$0KcdrN9Cx
zCi{!FeJQA99-w!U(E%mgS0fXO35RfqNtL@ri=~MHNaGT>)L1uB{j%}-sHm>O0SsZl
zy=TdYm8@+{1oBuzUSn!(18t}1)9RzT5rbh&p^1vgZ<5IiPTTl&lq>ieNJN6z^%?@<
zsABxbuWYhD(B#V@3C@e!n^LzHSK*V1iD!pE)kw9LPQh=(G_zOB5asC>9NQ`p_hpVZ
zOo|#=%~t-0`+kML_wr)k#?i8t_)uyEM)rVWDkEbFWaWC5__ohHaYcmc(bc!EbUhe7
zkR_GB%u#>X1(7!-C=7GtoVN-K33Y*EA>EppB%*xacWFyOQ9W^qPw_MyhzUg6!Y3b-
zk)U?75APNWT#<5dj0FwgBvUP%)Pb9S1>Nwd!_#vk9sJl_3Ju|B@trsN@FJeLFEf~5
zl~5iVC(-rKeX*Pte(I2~zR}j_awm(pnga-Dc*5ogMRNzuIaq_ffpvvo<Y)cMyfg}|
z#+a4t%od<{#FtLOdC_AujP6cylzJNZ%TECTb^y2ng>6g|d=%k>H30AEdVvc&h&h1X
zI+U|~J&Zv16k)88N4NJM=LH{cOpt(ZLufD6^@1b{GPQzOAa?}rt>v@vj1te-+1jY+
zYtmVqvDNz(F0YOL%$0VM20F3Yz~(kp=pe-v@BTHOu@bWl15}>rH>_yPO#;_~Lvl`^
zV*b1L>3SEoI&1K{5%yDU$cp2QAh<>I*&0jZ{4y|Us69j|s$D~&MB*E%l&``sr>*qz
z)_+E1EZ3(NkWH3(N}cG2z<&m`1RXxS43t9lO9N7;{2Ww!o_eY==2efUAFuT7tW6ds
zQ3w@tH39<Z0hWv0u+k~W*&^o;{`N&~b*zuVpJoMU8H9KQ<?eXD8x##w?{NfVnS>c*
z2<rM<>ZGLPZYFB;9*AD1RB+3{G%BehqtTtlmK6S?3{e(jMRjqFXc%C*J^ku}v%;`I
z#6ZDxQcQk9Bw~!=M$TgQ7LOGiz+YH;Fasp$&@+>D&&R4Om5b|)+XDynPIoS*m1?&q
zl{W1prAIUf&~Sh4owzHptv=J7qrZDj@dz{N=BH2CpvNO&Ma`#>0rfH`+?_=>yew|K
zv4R_Cz1P?AO3WEC)ANF}2|$Pp#zc^&08h!`2f6@)?zpCS$Fo^P144}LytN7SNL(V9
z6cZ01fZ72-rG8?>3TaZmOSj;BFbChnCuH06!%8?sBoT^HGg8IU%?*G*33vjtG6Sk-
zW6n;G2omyQ%*up391E2gBVmP5Y|COjd6*|?BYHsBjC%Cg&E<hZg&GxWP7+}Ug2B)z
z7+)`7y4}Htmg@9NVMK?cC)O=17O?hWp&{#W5XQe3Vs&CC0gF|!&|4WVU(Vr0%+(Ri
z<$Ej`WHN_sBJ{sVupHmyP(dbQhW=924@Z=oLg9nn5Dc^9N5cfm<b`>5onXuMTVDaN
zu!anb7b>#g<+q>?LrQ^wvF?0Z_V)3M_Tk5UqH;rUXRHd)+pHEoPQTV3PO#a4VYg`U
z-MRT^6<axJeatMr@9h`>!+X?V%2>is42a>T;SNOq@;-I}ohZqp0LFC)IUul`fQEx7
zo=i(N04kLmq#8+t!SBbRN8o0d<s!SesKy!uMItHTunqnUdITvO&_O6G;XQQ0B&be(
zl?-?;Wa|IBnMJq#tdP&+=<~dcIi>eEHG?KA?JVNkmv&i(yACQv1Vp5a@AaC)n(MEd
zDSdR@QWY^esQ&>_5=%z#)!iD&pw}E>$sw5`=`)5^uTVR-<z|QgN{HcpK?75U&J-K#
zyt>aCe-Y$71n9$tIAC(mOa{2%G=Z$<f)h6VS?8*R^R7YC<9s=Rwe(3$@i99Zk*-_B
zz&EXicyViYBOBtKw@XTOXh>EZ1S$vXeZ1}~fMDeI{5f8Pn`u-JpBi(g%m5doG%$pf
zVw_{)w=7pq0bJ8clO74$*|c>#l&k`qbAQtoZS-H=q><v-J#j+ZNoJ>vL&r3ps&Ys)
zGU3kmj>2A<3tc06+KX+oYS(n`uc+y3i358P9~~daNsr_5JPJLniB}j!fhE)H+nGpr
z5>ZXy?PNh@n{nYfL(MV}t!Xa)8Q6a?B+++#Y<Gi^(L%wMVa0$v1_;V39HOwK-Lda>
z6)-(e0Y?_mq~C!s)s#EQaPyYo2CbPX+5~fhq*O<FtAMgIeKV{S(@Dr@u)LS1CjkE8
z1gdTE_s?;NohB(q4rFSAPtkh^=+o0Hbx9=9bwcWN(cWl-h!uRpIWKrqaj0s|OJSg@
z6;fT83KL0TwP7^q5zVRroMjx~;l<tz26~n(ZQ=>ocFe<0)@{4dI8SYX>j3>l*5{_B
z5m8o${>z~lMS+)q8`Gnzdj{uJ(rAG93Q-;+Z%RAFXedW%QJNXP$;d3zHqfZw>3zjU
zP?an*P)g$2Gd|@p>mjkS$mDiq(3Al*?c03AeC4e)urTg{eREoD^NgH#!TSI#&xDDo
zd7qD#cu)XIn%`RGTZB@gna8Q`#U-%)8O7ILvc&SN*&Hd?rF|Tg&Jvf;<2s#NCktv4
z<U7V>!_a@6UFV8Z%<n0DXDER%oBGmt0WP}3C37H<yu2#ta6cb}kl+k<$;!dNSRldH
zp3mHkJGNJqTo-Eke>#AjImH?)G8W}A-CJkWv4fw1=EQ`a*n{`I;wH+?Xtuj|dN5Gu
zWfyO;U*x;dnO2ZPcxD<#=OlNmQ#8|lR;`PQ<}^`nwJ|O4cBmRteI6RI<Upi2G8Ovf
ztzUF_;9pY6=pD}ijOBdQW(IpR&7)@jIjlje0$N|gq4{LtD739yunbU@LGW=U8O(Ah
zawZqugdc>A(gvfqPK@#>hPdj4-$C77xEF|1@iW0JHx^G^>;|*E5uiYdi&IQ?XkWF(
zvV8-A-3C8c_t+O;fFb@^I8L2vaw4<dho>#~Xn3btr14+IuB^t@@i_iE*F_J$z&p76
zsQZh0fEg|zu~*p;5XkO%;Nc=FDup;Zz$r-BCE1jqW@lL{bp5)Pr`&qC{@Ikc2J2Oo
zmg5<gP*d`1X9RVSxvUcdRT_e$xi%V?Ak6AO1N08ueE*Yt=6wZVHTlEE0U{tbt=aMN
z8uS*zO#jw%+KbUDga+cX;`Q9dSv-~)F$BMU$SOD3bn>#1*+2Z$ZU@AMx=#Z4Mk6lo
zG8jeISYxR3OH%_u@Q;P?CqJL_d!mMu?GZa_rZb2E<vPq~WpsAHcJ_T$+EZqO`$)vM
z6<xb_M{g}e>w$29a!%Hp+kk+M^AoQ+@m+QExqyn;X~H$of*rdd5QU!3<$wp*W>diS
zJCeQeU<b@`6e+$%Nf{FNXCi{SOKu0Ob2(L!#$1Kq)=ulhy5WgnWR%R?AOf7|a9+5^
zI^^r8>1ce&z;*2^YR>9nC2==Kwnie3RESx3w1HF!ssVvqq$a|9+iit1^WG8$%9i1Y
zXQ+dd%OKrE!xr;>7NCF-JD_@KZX|Ae;3d}9B%~GQsN+>48tzB-oc&MS*n+mt-Xhar
zz)=1jAPb%CEU*fqE*j|!(f}P$xO)%|e`*w>NkBpn2AMCy1pFTKbW-ITxi^I0Z#Dfb
zWhh*<CUi7tFM5YIS~0JDMu4koKLqBd*EEgOe#`2o?mp6P(Kxp>pI0&-I*#Dq7?~Hi
z`89sbxY>m?z+&T+v~HESR7RW_<pIHriJ&WcAI6dN`~izOAgh}?>%2Z-C)ethHwH^2
z2+=L@I<}4`!OKAnjZeUl@fa*GlmcNVko29~lLUsAeDLeup!v~Dy3}SHJW#jHT(und
z-q<RfLeojqK$?v+wmqa``#M$FgN87Y1j~Yb1jqmY06_>XLgi`}h58^m)q?=3{=;Be
z**#xio_zW&uXnd*m8yF*kkAkH^W;z15gzv#C(lzrjN?0-v@3LZ$O!M5j>`x9n{NoY
zt5*4U`88i9DmFL;rUb~F#WJ?*mWb$>WG+HgTLW0ipo9Wq1C7Y!jF3ox-BTqPJO58G
z*odY2`nNggE!NAK1LB0tLLx0+{nfTC8+`>DUMs%aBaqX!Gr~!l`|Yxrm1<$Y3ukZ*
z7?fz%?3xwb3BIC!4hNGAvuhq`6`f@uv^b0d=({W&5*~l*)zR#QFKZA(sU&%M{-vBc
zoQ<GH*&Zh+Xd+LykOaa8wXxaOdkj=gKg&LFLzig<QdR>aLVI%nm*maX;UAWut=P~-
z_lJbaJ7g}G#-Iq(5Gl<i-$KYSNF2~dr~%ZIfnewW00#*OQ6j-6PBXav`GoOgNfZeP
z1}}y};tyE;*$AEGQaHs0l+0{E051k*XY4@J!EA<dKs-La41Ye6W>OD$>Y4xpKnT0J
zs_ey~G|&n`$R;5^lMg`<cw$Q^M1%R%icPvzIAsf;3))9w1%r%&UzrYm{?y<GR`GAK
zq)6ZefqwgRHN3+!j<9kSEqJJ-3-!%Dz*UHd<czswJP19xc*%W8&W4i6bwl<A_s2GO
zZ@=YJ!mUWIe*Ouz?lC>luF*~6m4%>n>VygBUG|+Be^@WfMapZ^-q=Wg0llY7l0-?G
zSaf2##?BD>vmW{=F)q|%si``%g}z;Z&=*Lv=S47~CO<5-#%)jm@2)W(HQRVtaUF6*
z;3U}$QLswtxT_;J2A&4;HeJVh53l>iTWOa;TuFy-C}Pgv;1H~^1VvP9fkNf>(#9b^
z4B{A4gXhnkzyTu3H(zZKrBSPJi%wVo!Bt5M2wy<}0#>|TbzbQ7J5oQ;H9|l$EE~L!
zHAw+$&3{Y)rCoi~NKMBmJH?U(u&b3M;6XN9vtn2JL$UTw2fXdBTA%=B`-|cHBRuAM
z4zkpoAYp)^)dU&OW>2pe%SZFNmE}$&_an*+Fy_+c%OVTh@9*Q(wADI&67XusEmIO#
zB_gs1zaxQhP=TbyJ}SAYU>p^kK=jBIe#Z-pYa!Lc_4p2p9+XpQN0Z;ZQ?FK50|R<3
z1Z<|f6#Hzp)MZ{)BM_40({0>kCd#n4L9s@c&s%h_vQD>Rck^U(JU$SJb@rCewN5#i
zu4A0)N;;R?ssI6gp4U&JC$+9dOcb2qU@vOwlJqlfpZd`aH<(EYXF+T#b9pF-^`_3u
z&o}@B^6z3m=OiYr`u;ymrZmh&i<0HiQU+LmO&EA!13*wqY~?TW@G}C_j-pe-#K%PG
zr{^<hjt~E#Gy*0eB`LP_)qTt9hI&elV3Tw;&sg}r(?oXc2B+l%fUELE#`HJ*TX$h?
zF8pV(o^TOwEW?F&Goffvwv-8d8*YGu#Y6zch-$vqB3-Guwrr)zB#XP7lOb8B#~-ZM
zkcr$tq2)Ykek4N5bl%kGd~e;ry~EiZb!o?$A%)_Ic&`pJn`68djj8a1pAU!O!z6x;
z{=MAcBZ4R7_BxZz+D<|@BG|0(g5{F1S5tYSSW+hng)J9;75!iTcM%S_#_z9#LWR!4
z^jz=<A~F=9C<!Df=!6V~6i{!JAw903n0_SFt~*U?8`k~m*+k;}6W^llB13llo0j1)
zfuRZj<ZGfjRscF5t(L+4-c?N7>9`1)t_dmmjCVm&w<n)liC@Q#Ut$&Aa0K2uWXY-H
zp}ZH<`kmf<pcOtjQkWbk8gbuzQv%(Z;LmvJPM{31lRkuLVL&&ou7E)bnSPUX`!Wvz
zHUCjaWJ)MLgY<YUS|vYo2Y{NU=YIZ88^!DtHPrHgd{mp@-O&-AqFIh(ej+A4c1U46
z@{O@$Ify*twD}akvo?(ri{$n`+ml$q>BuJTjVIA^Q!rEV*S_kzErL5|$}VlDubjO^
z#eMt;sYUBdx(Lrq_L62f!1X(BX7^!lHQWaaM~9>p&=v>xA_GhKi0jImbByt1$5V|`
zi8CI1S~~IykXk$c)eP1^1J7wnC@+S>a?Zv)jj#gzxSl5ML2IitT`32k<gXDx%5R9}
z54r&APr0y=s6-OT2Kgrk;fbmSbJ;(wh=2q}KuN$g(Uv2xu4xY>)iceSV-@SMe9gX%
zJgJTOp5|q9Cuz>2+vXULU!LTqg->?r-O6TOyDQ8S?V>yq1G7UA>p7BxVXXI6?`b7*
zBYHGOU^4?!`Lz&8@5=l3p=FV082=-RW>yYI*C#<<I}*@tYNTi;1;180{e*wgyDLF$
zp&odJJQxoLT{qucPTV8etl2kAA}m&$1I+t;cT^~m9uhR8wHO1|g&fjty~=45el!Bh
zB}+ig`8-d9fLW97P;H;cN?Z0v_v((qh!S?)>Cj*iJ5|tY&cRpssL(!?E1NHo3qr#b
aU>wc464E2Azrp~~5~Kc_6azQt0000Q;}$6Z

diff --git a/php/public/img/jo-myoung-hee-fluid-dark.webp b/php/public/img/jo-myoung-hee-fluid-dark.webp
new file mode 100644
index 0000000000000000000000000000000000000000..314048f984f4b5f95cecfa162ad07ff26e1e3d52
GIT binary patch
literal 97010
zcmZ^Kb9AKH7H@2$V|VNhI<{@wwr!(hJL%ZAlkV8IZL419&di;;>%I41tyQ&7o$q}6
z?7e^33gRLnCmz5+s=@+tDspUu8=s$%l;N^~selmepm-QDqlAcw3V(=m!HI!_H8lHh
zH-FvXa2SM~-~0gd`97Q%MSDX6cz1bko#dNGUf(A_)<%;6OM)&>-M5dEiYwi(uhQ2N
zmyZqAub2Fn?=O{;mNVUVzJPZH-uL@<KuQVR?HH#c!A`enx9|IaUY9O!x6dzt?R)9V
z?N)cXSNT)y_2zbWo6pkQJfQOOdmf<sw&dD(x_chr2oMFtzQqCn09`x4u}9Ur`N!?s
z=H=!T!4=>@cfY#@kOYW)-~Id^Fh+33y9)4ojD79>$XKGkpFGpO>+b(}^zD5~0GI-D
z-pSi^uXN9SF92BpMgZUl@|FI{_6@(&XCS9d7x3QO{nNJuuzGe6zyVah@;-mAc<G(v
zs{}9vOumP{(gOejzLVXZzFY4t0KmuN5hy^lk@pJm6##hm<K6WIJlI~*1AI??hrE=Z
zeJ^=0eLKCV7k1Zpqt+Q$LT_Tb@q-^;KM3A=!9V<b+fTrs$!`G<yy-rw+8wh6C$JZn
z3xEUPsQb590v6sM_dvG<0QvyaI!_>91_0$N`&lHQ`Nj5uCyS>FaQxA~#rX_)^nJ^2
zBlzg-^EvQ6ew2Ps1)M;@A$O=Qw*JC0(7w~!gG*x@0lp}HVa+e!_wy|Mh%PC6*26#X
zEwG^KQiE*EIa-ORPX51sU}qbeX$<tJ_>Lp5eAB}{2N0Q4_Nqa2=ACXt*QEhnm%XzV
zRviU;^x`>4_K^IxxfM!tmu%eKi=e&;6Jq%1r(>F4L}DZPfy-p&yOh4R@c-XJqT-4F
zEcn0w*q_wjh3Njxw#jmB53WAm0y^gec(E0RpHK_*Nw`%oL!2w(0X0s9B-*F_=<|WU
z*{AM@d130Ik#6|V_$QF#I+I)09d7+*!hmB(!FHgKEI2f#_<uYzfbQ?ZsaPcW=Uh5;
z-tWbp3xHYWr`Uq1+91_}(gQx%Tc|A~ajUL&{2^5FrJWXC+lPoOH~p-Y>}NZj4~#O_
z=TVusRY+>bg(AfZ#kCX8p4&_72!mXPW|}sVpRNI&h1!hZMxb2Las2Q3f5-mwJtQ!T
z{`Y;nZ1MW^B8Uht(@<Gw@b_?Udih1SZ0;?qU)Icti+(%{SR~Sp&{si$3GaewdO-cT
zzpXB`ss=^v6rQ(s*?6Pap!lrS(#=DS5u8q-3NSh;I?j#s6Y3@fEGc506RI9ehnDC=
z&dAaapQjene}@MRaqj<yN!1$j2Zh|NVe8jW-u1E8_~PKC(HNI#Bej?C)IlM+_zCwC
z$`oIK^KsQ^j!zQQ2C3xQ9#RPV6MZm0OExF+&vsh0OnL#4H~Hw1@|-tYDf`e{3f*jb
zrzP?zbAe_heezMDJ072&y=e!=3d(;6Xe3k#WLs{UpXgsf{IkrOn0<g6c6{>AT2MRv
zryVM_XnMZPx8UD2Ao%apbqzG(yfT6EYW~(c_Y}o{91Dvo&AX#xcj%@8XoltmYP9-6
zZs)S2$jM9i!qdg^%P?MnG8PYevehiN4CjXHL}SorJoq-{V)JI(|0^~%9tydRTB5Z7
z41Q4Gb`|WZcAC%YL`0CgX0{`{8*9bM8~>a9c;iR>1UDgxTMeaK2DL(9CC&GpRmh(?
zQhUOczI5ahLEf_D4K?hY0h5l0SmRnUl#;EP-1rjbrR06kj4RMf1a-$vu8oURIdy97
zoJz`G1r4>0fvVGDYZiY;OpV&@>OU7VXY7Md1<c^Y8iqDcPySwm>piJm3M~3gFz!b+
z{x;sZ3E3D|XVa)K6>da%Q?UXM(&wh4$7#Ml5#`a$YqWo#em%Q?^7qKuk`*nvQ{@mH
ztBOb%7fcA9W;qM+If8P^v7l6WJB4^Dmr2H^YEL^%!;s1%m>h)ue_UvAP09c!phsz$
zo!tPgGZJ^V@S9C>sE_9<*z)G#+E$<nr_?d*$TiK^)1Q=FDZCKkd4YLRyv^rH!7s!v
zWcVk!?qI>23ikM^zctwD8@DJ<$`Rag3{EY?tID8Q?>ae<CYJYG4i7J*92%mxidhsV
z+DZL9S8WkXLKy!yF@5F{MToa#0j^zQMn_y3;c-J8B{j${cjM^D%F>h4NjN1Jj=j8W
zamT`XDz&DdEMJ-%uw~xEP4$8<T;6gR1fE$S^xkl<&D@eAWh8q%LKdRLSbv>80-b&w
zWg@@EiNrVM(=Y?5wgzb?f7dI}va>(#>^7%SCC1O%|J{iakQejA9LvfTX3qA$la^|g
zjvdXAtGB16v3Jga>DN)wYJ{Z9InjKNI29`wJ`=eyoUvCD=+<l7frBU)s2Z%3RG$}f
zjIhz|VeGA!cD;7yH+3*+8;s@Ij{Z^BJ?P%M9eQU%(`bEJXoZ(ox}D>)Y-tEY8u&rt
zLoB}kN!&z=R5@lnBnB(|5!GcNl02nqf~!y#4X4q{busbw!CfV|1e_O&jks3)1E&r1
zF|C<bMd`72G_-vwBXl9+0k^OVyg#Xv)8BPt$`;oSOicQ@{AmIh8X<~x>+tz!kwVWj
zi}^yFl(SBlmi?uS>eL`xBsOO5$>E8%r49c{s@2Kgt9zm-Kgz1rRh&RBD9mWHf-Wc1
z?_~u~@dB=|p1$tbA-dnd6WuM~hAFNf?|8W`B1qA!=nO*#k&v-!M(@<g^%+G#+#)Vl
zqHC&W(3&i~avA!$&z7W#Og+#Ks~Hyr>%IKMzM`py?Qj-eo>wC<n$+5k|GX`|!euqG
z;iQQFu7_oAIg^|iuA|ruUa2`v^cOb>M-4j`C&H^v*fL3U$nZOv6@@ARw*pJSqM%oG
z^j}iHw%sasA+)OK*&$x>y_f`#g6GUK5o_onUCLnxjBI^_Co!s3_~o?5!WBm&36C&6
z3S0IjK=T4r`~ETKnV9YPZgH}jUGbUWuYR1YD2+kF-TzZkZ8|hwa&3|#MkN4#B!;>C
z<;);_m(N*usEF`^zYCbr?752h%Gbd62y1mLgHWsE^W9Zqon2MEv`xtnS#c8MpfsTb
zAGmpji)lvh(B!VJ5ymi6sL5x_u8_)G%KVT7X$zT4hkSYXC@3&$wN$n`1rgtFdU#OK
zf$o@|pN_x%(;Xa_GCK1vTK-uMe3+^0{@5g1>r9=%$&~Tl08{A>CVnBy$YIhfn408B
z^S!wyiTGC$KY^AUFXiNg6JI~u2Xtp77oVwau^?f6@DJqaN)zYbNc1=$;K;{V0=lE0
zZ>HCf$Yy}HstS!*350is-AgA3g7AOqO?A@x$ie7r_Z%Qdb0%TJw_fSPJ=9=-tgJW$
zmv(a%^4?{|l$aeW4dJK%%Z8@a77@#b9860jk6tSA%lI&yU@Lgy)1ERwb_$1gixv;7
z2NuI0wVD2YUJYjSR>%7`Rztj(svDGt)F_N~;<F_>o-iL~`+Y#M;G(zmca8_TBmO*<
z%I$Ib=ss(TI=Xr8Oxbz4cvjkx=h)HoF4SAIIM<B*eQ|&!!)lK{Le`7wsZx#b<WYp2
z@A#u2XwseN?<{72jbvB2+2&Bv#g~mn@6r*z1^b;klBo2n!!4iDtCt_;^wg=5sHIk;
zp#zm+VqKa1AsIrzYa(=+{Ngxr=Vt$@e*bCHl0GWcRsCijY`HNQ&IMg5Us3l4XF0m$
zm(Rw#KK%V)JgEmO4j}XRO^`7UFA!2TDW%Cr6$A2Das!6DFql;&3U#D4Xf6SjfQX_8
zKNlwxQa38nW2HA`2vv0<9a84OEy2w@Nzwdb@7qGDFnuvkdc`urW;l8?_}w5_il%d6
zRiA~*?BXX6T>@0n?c;xvi@;}3mA*kBc^I_okC6*poPP*XVapPw0;a>8d`vg0H?%Zq
zuB^V+8F=T0ZnBz2w%_BCCl)UzcH~a3jZqEwP#Mo)LgA<F>XM0r>lL(Q+~Ko%Dmy82
zg_pUwg%CAR>iQNr_&`l3>Y^`0!Ke$HKM@h_N`=E*fH}^_mvRz(I{lem+5_-UYz%`k
zQU2<3!*2|KNKOGgVoi&FcCPfs?3|GqXjA5s4_5c5U!1ayHEb;MTYG)G&-I5#!S@zJ
zkmv-<<U91>f9?W*jpFj}@DT3$m9(S&^6gE=wtwA+MDJmsxV!`Lf*`l*C{GTLj!({F
zlV>5(2SU^E2H@7rQ@Z{pLp7jtWL}IPNqp$693tp^po7Umt@yEvUPj;%8F;AKLPJTG
zj{JFS@7B*Z;e2ee2A{X=uYOvN)0vO^i1Uzlxqc3iB1LkWi(ET&Ury^j(;F?0yI!Pt
zr)wz(hM4fX*DFj;euLPq$oHMW3h)tQaTFsHF}oE{bz<3~IQzD#YpGN5kbfRhXKQ`=
z0<9o4p-=3@m+h+Vr3IBO1HFE1T~tna;)fu>BUG@~VW@K$aWC^Nx%;~lZp$dd)A1ES
zV;alR`>`@1nv!6n;&JNsdNd2)S0Dr6i!tE8+kgJGU2?ZP)OQ@WDqmE{G_f=AjNzmD
zY>k{+9^sYmCiv^yfn{%AJRAolzQ8dcVRl1L2fN1j37*Qm=P+MgXRmeJb+PX$29)kr
zh_ro2eVmh~rJ2jKaRZ9jjD*z&-2rZBr1j2jQYbm#y(yL%#)SS`-;cNZY3V)NsdDm5
zH>)8(i()F)ueZ)2niET19%Ey%NHU7v9IYmVNwCbT_P1>WtP}4&pP{nn>>J-dv;E_Q
zpXesN;@kV)^NRZ<P5qMWehwzsV4qbtRo0`V0iL?$a0r)nxQFbwJ?Cv~64)3l6k<ei
zw7#G&NMfikfxYr95dsy*AhCS%k1zR8tobq%uYOfbLt<SN^TX+9wP?^|z1-Kd#wt`<
z>q)ZHN;g#ridYZ_FSdo%znW!Yvl4s~EtG33Ft5JCiG5Gyr``3<XFMw__4xJTY|t@f
zf`sVIcI@TF{hiI@Pn7nvaB$Y`IuTUdX7E`+Y^iyt%<>N$*1f9bc#icHT)gLVuYA>}
z;LO=hm9?oreLrFYob}T<Cdm{sGu9?r(om!iVF5d|$3^Ms2V#r;hg@R4iE;5*(}i}T
zh;G&*Vi>qZnd`#C<Y}$r_m49waazkYB)k@M4@IhgIKJ`jVQKGur6GT*0V#QhX)Ha+
zQ;L)XrL?8$T;n7;-Gxu=_?%$5BQF@M{TC`kRiCccpy?@7zSYc>WQAc;f&kQ;mOl0Y
z9vU@8k{NSH93CkHE6S?wY^xMR%*N4#y|{zmwkC!)e%*Xvj7bVa<l7+`ED=19@~SQ|
zDcPLeX44o)s+Aqh5E0I=+Z<KS`&Cyh=&w?huCLrZQEnhTenm=+1^;mg%AB|X$yT5f
ze9P*2S5HTg)lJ<Ien+?HqL_6uXzH#u>C(6~(;m0O7!+*s<sji-z^~+s--8M(33gFs
zDom3yuX&J<<9iZ)&|63IDDx=S{92?_Jyq7Ti|T<%nj!2L$ydPXWiO(}6>LxjVOwOn
zLTBj2uVuCG%L^RWN|#W>y<pQ9E+Z?ELCiS;pL-;PX~U<qq$+(Xqt4ueKF*?g*Ex#{
zeptYmeg?)6AbbkrY|<Jnm2%sjcRw*B4h>rBC;tqIy;4_!e`B6Tuasz$S?DNxy3u&w
zHxff30FX#f?0u&-jiJDGtow|6>H4xVc%9**2Scq7Q+d0M`wLF@Q&-&7tGq*(c+ccX
z9qY#!NJv%P&h3jwXurR)-h!L+PU@Lc=!GSMbM0G4?O2rIxVOC!uW-AF=yFJ~t-YTM
zt3*L@uVrYLH#$>>=3;-GapU|Q%>AgIZHB`>uv*y=&|mTSADH;!KXY;1<BcP)PgN7g
z!LRZ?#W;8sM73<4QqX@R)@heNDNW|mRMHH1eOsbrX>WI5VeKkc$T;mM#x47BbqO(s
zfw0A)Zb=qeb~Mk0+2aEYMPPf~<4?aQKPrxa>^#ZoVPiSRU%qXJ{uCP|$=Ng~q`?O$
zUlGPnE=<I*{jvC7nJjawi*kV+p2x`y^#rXs<AM7;Dg19@7GK!x8-C=GQRv$Fkrrrj
z|IJl=LV|e10e#-!w(uF_er~x?OZucO%;r%$g8pj(qIHkPf^pr>BUtpCm}MZ&AoBE(
zVJN0I7A`L2ac8u;;B~s(z+J{hCn?0xF(D?5k)%|OLKp&oEA}EWe`RUKRd4u3wNafv
zADhN?uI!slHOD24ZgGC3@OiQMPIdjA!OyeXas_&um3&#CquLg+2@^cmBSC?cb~vZJ
zjP;ntPWH%!0H*IvQQ#LMd2&`$NC+-JXWi|@G7~`&YK}1>pB{=2#~)(($GmBWp0#ay
zG}V!;9(1F&P)PrvVg6!GL?^)kpT&+FR8PL{%?J?K=xDbsXUuDG#T|^Fw|roFWyC3Y
zXu;;DT?qk^uS;xH#VgG2d5#Xdlh-$=*68r#xn4Sd2SGgmZ^<=@p&cip%r$mWAf>Gi
z`PW>0*qs0BY>mOL6w;4w{Zy_MX(72otV%}Run^8hgKt1G*#=N=z4Cn_RU}DcGIK0?
zv^0zfe8n>^Bsk|*Nww|)TfiuzoobaeUxLFF^MJD>f4L&ZKJTYcA_wFm|3gaIm%H!q
zb~%AmTP%R_x-mommq2`<a&*d?85eC`tIF7M<3c*>7mU0?)bmM)GVV-_c6*t1?m%0}
zZjCLmDY<mE?8inA^?Ms~E;8&$@Fy$A5V00BYz}U{1cQ2jA)B5$+pET#>D4k0b6k6<
zxR!`xG&R5o9JvjMvN-i|Lud97$U4=%fz{Jh#eMBDj+CJKLH5DRAlaKoLxSl#VQni$
zXe{B*nvDF`DePnZqRr4Lemf-;J+$AJC&w>g@oyfj?hTxaRPiCdj|y{>28PXmF`stH
zAUr#jcVbY(%=H_pwCtb^Tj{3b7O5nD?-i4qkKixQwbzUm8tWCXMHa&($cSiw3t?B=
zZ(~X-KN2NedwU}|MJNv1WF94_CR572M({fcA@7Uu;Wr47Rhu$hlyB7_rB~VzS11@9
ziK)moBVY)%HZ(<hs4?nL!Vhh-KayZ`H}Q{k(n>Ib>|5!$j^m3JV%|qCj4*zx7Lgq*
zllVu0jeJE7lipXm(oFpa3Vh}ybetYf*fJSteRL4Nu&ALgj;bJ0O7Vl&MW!dcWEEw>
zqjfXR?ODspGW!+@i*{9S1V|YnJ>tT@2C-#i)M$Kp1N!ChbcE}iega*EciG6NU$N#R
ziuvp}mLV+2_J1=Vs^^iWv{oTtPjS~b852_h`T{HU^Gbt=BST>TZ?t-LT<D-ddU)+D
zyZj6rh1LxfB{V@t$V6owZ6r$_iBfc@8J&+3ET*2^o?qSJzr5rh7s7zs_e;PwYZ5*A
zZF))Bi$!Kz(t{5syJ>pXCelfzXx3V>t8s>FIn9v2erAaY2>cB31W*22%u>a8Zxj@L
zDs?L_p6S*$-?&{@o<)EtrbN8pZ+k<Io7Yls&Dp}}{2?1~?AYR;rf0=_{bcbiO6Yyn
z*TAb=Xc{0UNv#HoJ~_a^GHzda6on&#=hANjI0DLOs?lP8z~qbupq_9@wWJuU2G@7;
z)jxS9{nJW2^B#E27=uL1US<M}CAZye5>{j=Wo$s%@Q$G%r}L0ed8pePU1s@eHV8``
zzSlH%B1bOkfK@2R^}Qpy#bL`3@-wCTI43{L50)HL1f03C3g6R{lRAHCQO-Ax!%--c
z0euyL^7KMr@UMkK_n^wX7@?jm-Kx_s3w7hp^yDg)q21<>uqSy81OM8x5yUm&0I?R?
zM;6hX-2}zzDa*af_&?<Fa$xxcZ#{`EO5(Ut2jHQ;h+Ne<-8j2HsP0Ke171LdyuEH(
zF=ACK$AgF|22PZr{+qX?c$8@2oJq@fEewU*94;*19)cJ;8o%C~j_sT|#d82*KATk(
zo;}LzmK0L5DCw}tR~f2DWtmGrJ5>mW->KS-2@EeR$*ttGjUVVcrm{1n@iO>%h)1&P
zE=!V~Xeh1zEgLX=b*n)UL)#MJ@~Lj5U|;&sf4OTs8i^Q=^jXGjnaH|%Z-7bp>${M2
zk57546rPRuN{{G~sH?FCyUo!djy(TizZ$SwVSD&*y>XE%WE*P2keEYs^z^p9Mk%L$
zrGp;B5@~8nC(O8R*UNs3CBLvGHP#4l+2LteI#gJ*2DsxoL^73;O)I!@@fML{VXRy*
z$Zo*eSkHWc2D{g0vfX^P6QRG-YX)p9=r6dhR3Ob_lelaXQ$=Zg!~f#yk6EJ+fGeo;
zJP<uo<8NQzCX%AOK6mVQSdH(V@{7suP5C^>rGPk5)>L>`Bn&SY$3Z!&tsT0+yp(Sw
zxmZV}r%0!S2FxiS*`8_&oh4Z(q;OuZv)~Km04k4G08lGEkR?_;62eKy8K*zmvK^|p
zUvWF80zOdAXy9=`xXCuTRK^b^SHB(sZGQ!(6SH7YhY1$oz00F7NQRKyzNqmcZV`t5
z&x?B(Bp82{AntjPbC3P%v*i;j#|g-JpgDSJ7HFOEnOBoTq{us4e@KF|^LnZB_@31P
z{v69S%e@o0VmL!S3jAf><2T50*?U>A{Y{XC#KLe6vTX%Ai`gGmIYjS6Kl8&xItZAn
z9XfAI+^!J)qfh7DyR=ABAeU9PBt+lCBeyBqDD_Np`G8!-Tq;;6e#rszT4;x3AoY93
zy9HT!5{BBVJH)|G(`i-)Mk-a@WOoI#{G)_$9)8_Qii@yhQXw0hBr8!hyB2Z>q<1K&
zblkc6<m4~Z<>XJrPD?{j1zN1$L-9R}lh(nVUKamo%1*W?xx$aGs2SmU=_`R&QfTw4
z>%sc1X$ofN%-wTxePEcW=&TGWcfB4r#plQcqYCMZ#|jB09J8@2=8OUwl(aPi1-7Zz
z?ysG@gqc^#jio4AWd!1m*!h6$FyaiaU?<TWGk=>ViM+}7uR1@7S|RFs+&h0F!@IHh
zVB;2+Q6eCA*nw~_S4g4N1?sPSf6qteXs`HDl<TOm^G(4J=ww^fb>Sk~7Y1TqkJiwF
z2lZO9-_C#JLit@m(nP~gJ+g6ckMVR-vIlYE6(xLzGh!ZCf+&C|g@#g|$bDw_DyQMg
zAbgRAPd+ueEX)9mFLT`*QeBdyLsWhF_IUq;!isW$F+FoVE6Cq?_Os`b^gdccxpBg8
z*Qi0U3*TPf@8ANdAruL0)$MwzF8wGQXH@YskWmUdLQ_mT>mwoF`J`tJscJu>lrG0n
zZ^qPu-f3N+n{TtAd~fp$JYH>(;^|sN&p8i=ex=_72o!#>XvtkA=HmgcpjUkV8r}CR
z)Q3gb5whAXB94lA4>@Jv+-$l|Zz|!yk-JuX3X#u(?b#H{9HR6;NUG;Q#Hfz6O=I1g
zSi-5U$An9Ma!Jb;(bKq|Yk?OOYfj-U%@ckf2tA#@bp%)Oiu{+Q=UC@mNgYoJVK1ug
zwJ5DG>3LQ2Xo~YHNlXLI@t$CrFP4?SZ+czP+o2F>#2Rvv+wVW=fatWaB)WyKo=YpD
ziAw-sLvZC8E-<X_nIcE|%Se`JAV0vmq|J8C>Jl7}>@uZP34xq54Zs}x%5NGGK8wI#
zBAenn-l=%Yf^|3|=<lr1_OD6&Ya>zBY178la&4owRH|e(cx%espv0r5OyI5Qbuj{y
zL}<K6(Fe7)oV1@AITwIfd0ZT&T{C#}^~{6nC1{MOKcZDSz5Z=$9V}P+O~N--d9asj
zVmDqel*xca)^%A9%xPisS8XPl9i$70xB#EP0*`8M6H#ckuFE3OW%}=!M}~G;i4tpI
z)2rL4zf_`LA*pNd$f@LDlnU_(WaP{|7st}4sxKFh*_tKX7>-@At($<Uqu!Dro=pER
z=Br_kI2vnurHiw2kUv=v<Awz(=}ZC70d&-%$k-B`9G8AEOKs|#4Z5iJ>?OR9+wgqH
z)EWrI4ZrrJOm~TCLaNH}0cW}p^%@FZv2R)tD!0Yc-FE#@7C0SoZBE{*!vbs3qsF4r
z>OdmzKM-a9VK)`NQipit9IaVwd@VzMwh}C>A!w($r7AygQueKgbyjSzdu5|ixrAWy
zpg6XfIdt@a!T%J2J_~~~uLV`k1OhUSz4J%;S=o@|T~XAg96rX&>7?TC2Td^e^bFvz
zjDTI122DZtiiS!oh@{~K|KEdgfo`p)W^5_rcGw;nd_!cDsP^MtZy386jHuzrSXTfr
z$gkrW{c_?F+ca3l%97I?&1~iWh_V%ELKAmon51e~#sa2jLZ%eQ6A|O0?J#<~-KNRW
zOU<m`jkAsAM4*t`>wd39Xs9h^B`IC@AlE@O$+Cmeh%LbFIkoa#AJ1Xk>RJRruR_KZ
zP|ol96Az0oomVt=8rLkcHDP+yXJ4;JS{Hop40JFYc-mn7zEp^s3W?KlD#b9H8?(ZE
zy~I6}8^wkDPs*g~%J3i;PZYnKi)=Y_9d*h!pTFhlP=)nj)=%(f<gsiBf73b{tUZ#H
zqR-ShS$LdzVD4$5b3X)Dx;WR%9*kCgmq?8PzBm|5k`E4Z@G?%s`<+`NSki^LX2tr8
z!enzc2@_s1N_u}>MkIFtdLuKJ0d|C;f>J9^j#6(VTDkS>_|fP?)pw^b$R>`<ldR&-
z^#McBpof3z&@5Z>#IppJr3o^!&DWd7?BA0dH1*1fWgJ)ijVn2|-pXN^XvoW>5I0A`
z1{}ZyM}smKqtYn%hw~7{cvn%gDk;S;aa8<)^!KRlx61H|Aq_tlg|B!5flyrwP|kC|
zBegMR?ua8j?R_DFqPo<3y4}HAyl<qO?$3*~L2X-1mgO+-X6xndr?O!NOh^pQ^r)!)
zOGCG=Tc`lyMqMe{{{Zgq)SlNF=LN2aQhP1R2ythTBI|D(vwj}5mh`~pPf~RIEUw_3
zpIYNyX-Nk41&xdc9Sn_z(Ne$n3tVL#!jBXm{dx(-4_+`TYxfvIf9`Q0*wiaDuheY0
zY<S6V4+5-fPD0mXl9^pnoVt%`Iu@N$b0+MQRt<JwJqRhmLfxlPJ@(^hW0^4=<WCj&
zKW~^sFIrAe6^RbOR7BrAs_KxR><Rs%!nEn`ZrftoRVEz;(iC6((tGqHMe#_Fpuv4e
z=Hg=XyBae7#Eea#{>g7CdX)@Oj$mSx=-hO{BcDIk)CU(=m|bAE-ZKg)X>e$Lz%<9W
z`0{*e8u|<60kzEoJ7jx9wzw^FJ8KdX*X^63w%XoLy|eKbyBjFpN^r0~ib>}Y6u@}z
z<jMh)#r&c2&jyRh|7J%Vm1=%)^!58fG_RwIIomjw(vw*#pNQgfhBH?A{2ln|L+^z)
zuft1^x#r{KjzrOL7-hxwonJCDPXw!{@|noj7B{Efbgz*I*2e+zu!{2uh<SRwhY~)P
z(Zk7M5D30KIX6S*<)OCriG&V)=P_pX1sJs^G`Pc!?Fq&*O#Vz<)<dq@{0WCM@_{~P
zv9vE&n0}*r*YGl_y7$c$w3=cOBPFrS^FJ)7z}Vz{UO?W=Bjt6|0|nhbskFar7%g_*
zIR4NCmzfx@!g*Zh<jEa?8Xom?!MC&8PCjDo$V785&%?P&$mWp6d8oI;<YLzm?Xy@T
zy}j)QqY|T@iJ=Q(5Yf982Lu#s`E7($x~4S7@Bq$b_?2DG7#<<uCfe>y%;aS|))U`W
zGrld4ryOc(ljxg7xnHUxeh0gSSBfsx`|c>q1Qto)x->|3P&Ko2+CMbDDydeGz3Y)1
zJH0o#*-BhS4SDaP=J8Guz2M?MnjHb*!u_tq3S^`qE*i0u_#6E8IvXaz-%>F*QFcdd
z1)QsGLMKjF+>2-e)3-{_zz^!;rBQKN>TQLSg>~zp?mMAcE4J_DK3vI#69x8q8PT&k
znwoU$mLg$eQg^d%(x^z1T1oS;t%4i;r?a5tZ}70s&c9FSn5;()nWyMH4Y*EXx!7MV
zyV_JA-~|6v+Ix2Wd4CE{^`ZX|WU26;wuDqENXPEy+R2g~b#sC;X?xQ#;WB7}Ea;?(
z8KU*5`>!pgTp*b>zXEkNY;GH@7L*8@0VT0?g+)%t%Dja#+5)Ps5P|b)O98)>JfFFm
zc>98ANalTBcK^2Plp~L|)UI6Wz9y{9G&Z1=i#muId$gg#W2JM^jeAJ*a9^=&-&+pR
z+3K=gCly^g`D7U`;9OS^wgG-ls~4C8okUj@;O=7yVxH~wYK)8^?l;@Uidh}&bs4tP
z4~$CpnlM7Q%$P>l9e0l9p{@#<FjPZU6<mtfR>%5+`Cl(f2~g<3)x+gRMaLzErNsmX
zQVQP{zADZsbsku`Z@3>3%r@y_tXp7hCGOTKg!Qub7Ap0lv6>Uj&<av&>2~L9-RYi;
z{p!GD>p&VG`iK23365lR*=JT<(J616s&%_xZy43JGG@0PFi|KWyMKpMgo`4dHO$2Z
z`!N%m%_X@I3FiTF*i2-K5ZIm#LP#Pc&)xA3e{FB%%80<zSlA=p{A3A&9ygeG|MHir
z_^c;KVZCl%D$%FZg<ARRyli9<F+bhl;6*X=kod-0G?!2rI2GLNT;}9Z^_l%=sCbq0
z9DsL|R+nbM0Mb~A&^1+XvkM3c{8+^jDsX}BPXp8B=!7-A#H@W+z;jD!sQ$@Qt}iX7
zzS%WTk7)Qp0XO*49>xfY`EXB758nmttazTM;q41XHlMZraJp$bkl73*sN3T4fyk~L
zRdmIl{wBqD+8Uxli_vYTBHuxMm!^tYA#UwiO}Bw9<<NY2sP=46;~dznwzlGJ8<pA>
z!64WIgRur$Yeh_ik+MLW^h6`(yA&W99DfUIK3lb_Wl@gynl?uvIo3q&1LmQ~?NrZa
zv4z=TNU2nfkL;6#nEQt8)&${-$LP`=RqI(~323~~7(!v@y0EY}MpKVtHk$oxLk#e8
z`gsrC4Qwbw;4!d+c}ah-8Vb2pjKBRL%=DCktuv&wG+;py6<QvP^}j1bIvn=CG}w4w
za#(JF6oi3_8dJ@<`@}HRO^sOJw(2NXP;M1@^onJz&z#J1TM;J<ozSQGeMv>>JnBs*
z-4q_5bm~T}QgnMDv`Ux+gA)-AWi-Hl|D{APGT7#LMbeAzy;xlFR?jn$z+XI5<$rr)
z(u?^^?R)O}>P??|QvG<fyc)7@fW}9sCxO`aH3dF5_hjvwzb$2{U<MIiUgk!61Y*nf
zK!hgWZ{u9bsD&(t&#5e;uXtWg2@KBK7<YFMYkUzITsv-Cl1oQiU6i@L*cZmd%=<|k
zEBpdMktoiaRP6UCa>DRLi1i8DMzZDlhJ7`-JB`|Ds~e%sl{G5=Q@-w-9zgyiQah+!
zzt1VA7loe}c=V7X!$Rvdk~aLhn@WHh3ql{3VGV!sJIj+lBjR|O^JqPBE2ZO`U8_T<
zH+&^6WW1OblO!~+Pjnl|o|7an0T*$O{>rD{Loa*40!#CWRCN}^bw>THQ??5u-#G};
z3e1<jIKxTk;>~H29zI*QKUl&<S}<dz@|kyDIh4l_BIaVG%++NJam|zSxQ4^<8lv1i
zTX6LObU0exK6vd#LIpWm?*NZVg$AkEXm3<e+7F1`ZzBt()d;4Qm9{PA>$*E7LoT~A
z4AVk04D%NXTdVgiH>si{K_$D?iU!;``6_KXpjop-`{ZU;R&l;caA-Well|+7J$+n?
zCCn@}-3MYrrH)+gKO7N_7aebaK+nspxFq^ylFg45GEcX-k7tYXdTE)LjVAZfr%#^9
z)rCy}N6A>2uA@ntOb&M_83MGfbSI0h11<ctrq?*l5Q%rFcmO!33B_2aVEigRi^gCh
zyinrQmf-2a&xWIAOfohpW3k8Vx!4XTRud8eYE7Ix_EAz~TTD4kH=s&2#vY*5Ai;_d
z)kP`=^_<yCNRGRW%%_@aPhm_#C@N@VMhxYZZLN$0*%qEvu>EOpVTD)!$D#NW6Stig
zd_We_upwK^(`bELHkyWj>7wSBk<6w0gZ3BkE?Y$AHMEPTPsrl`U|^kIbyimF25nJ=
zuHwsYy~YlW*!0Ae$l*mF;TJp|jpP=pX?qgE3|(}Z5j0FzfEoK$si04%?ppE@-Sn{l
z!RHl9dqMM}z9Ma2xFS@*kC+_Z<3aZDrpzl!LXwjaDz&X}>$cGI1(JIo_!^1iPbZ~v
zr;f8mXUQ?0Q&A@J2yRNwj$<sEC5WJ$_R%JZsGFV8vnuH`P2&P^YNSlD&k57#Es@FH
zG*)b{r#+>x@%Y7HE6qPfiL4b!TsMr!gx^mphQkWf#Q`J#Tc3=(x<xfMvPMCi)2F#=
zOa)Q6b;|eG69MDV;Pyw)!OL{d7wjESq&9^b%WqqL-?bdgld8z=^rGSSCmg0;Xk5HU
zo5&88Tv##&I`*S|l1lf3JiegC|0Pi~ZOGwg_STk{V-CvE?W@pdPizDmatP~E_l)XR
z4hV|1wUv|f_PsZL{iyQ3=6n~@9zJdT=oW0Jtzq;)CAuo2f0lj>V~$Nf>ghW4rjYp%
zLpPIA=%(|n%Zu!RU{AfgNpiRwNHsq<MC?u_&WWpXNUWrLorF@_VF&}e@{;yB>+Tgv
zmjz|ohad6;NwD#UvSeYz$raT9^6CbI2=bh4AY1khF_fi*!qKt&r_dMDD!d0^()&s!
zQR-Dg7>sSl$8K%_y8j+i5H!!e3rc#LM$4i3LJ>8+R2FCssQF|BUbpXDx_+DQunE-^
zO3{N|Ch#j6mKN@Jj0hBn-aF~(Jd@6cKsEi0aLRky$Y;uzj&pgg^n^DKJSDUD)3G!M
zhrh%+YF%v%g*4`*n<Joq7g4hN1(ke*Xp=6;ZOGUbWfzwWPycI+GYe^lo4((7BE|@&
zc{2a^+G@cC8SlmgO-V(Rq9eT}C-&fx{-^!pPs?sN4~)^|C%2{&%;+-^g^o?2?O5nC
zR%{0R17Sf`W+_pPmVo4#$*%e+?xF$P@jboR4Sbb@p+f$-Ww~NUDJQpea99tgDOon8
zFYZ>qKm90h9fa$ca3g+P=$F|^K28?0yHHmehzCYU7pUJmsrZfYw9^LOwh>*95CbQ2
zE4|xQ%@3}dw#ai~C+j3mxl7oz$}}fCW?OM?uxXiluAG?b*mp2Aiv<RD7yo4aq#FKD
z`@)}A;WAAOc}GaETFUo3dcTNe<;dTM%@ZoIebLrb!I>f+$E2}5YpB1uYbENI%T0e4
zSL(j-^Nq^_J~|#kw}koNyp^yZeJ9qw7ZKHqcd|_C3O(jWyHB%m{ZK}ee_lZ1pYwna
z(Q5hVul8x*=>H7@bPDZ0MdA?CK`*38*t~;wRc>y`V<)Hb(5no;KlVG@F2D(ga<~)i
zQt|hF+fl-e8}iDEZb~>PO+U3>;NP}a0;T5YS`LaN;351a^eR=(jC$Hj*zUd7U~y6>
zGB)x1RxP02bV;B>vBB7FVr5?JyGd8}SgMOL!cKcwP49dr+!-9^LRRBmu7yQ04?$_=
zS0SDd;vJR=b|+8sdKA#xY69@EjtW<5bvw^^RE};+^m<1tZJcwOuq_SrH`vr@|5Vk6
z5HDQZnSCQhbm5KMN$8eRJ><mGd_;$HfuG?9oIO}|hJ#f;9wE(O$K{{R*?*kdC0~5g
zYH*<004Zm)09k3aE})|YHxMtPlU7D07!H@KJNU?qAa_CQ-+}K=MbYH~CGA3w+iiT<
zH%3Mh1IRgj3qR(6HZb`(YU6~<91Du!kSmKljdy-+GMv~}C(V+FUPir}(;S<!XYs$>
zG9eAh)r<hbk#;d3?;zGJ#hIiF_~{drs0$VqY_BDQHL!Nwigi^}vWlbjiwZwWN};#o
zZ`TMtJXkQlNTtCY!$Zf1Eo;4Akvl}qQLnyV8lUJS)Hy4olW98@c!@NYTRdw);qUc#
z@WIdvNl(}<1)-<_*(NKJKH1@*WDTTmxbj%wT`5OeoY{?~FU0NNwz4I{<pQ0ySCoYa
zP$El5eeKB|MIsr#Hie+RUKhz1bikM%*BbTM+bLrOA*jzXypRA1%M1JK#T;V|VAs=3
zAj!PgETMOxt`=MUEpE^d=gXE&)EQbR;<GuDW*We#{;))d`hp1^H+n<3qUPT*D{zPb
zMtf4e?P2sOBlg#3NSle?OSNF%X_I^R@d@KHb47?hXcoZ}Rl49ZaIo(QSV0h5C{3gc
z^6(5d9;*^?81AY=qsZZIlT9s_?CH-ss-%o%p!51$y;6J9MFkWG-S}`p=Vx{Ab`~QS
zY|G0`aA2|Tm=WeHMR*MJscM7su^-wOfBY9frmu4Ew&Z?#uA+Z;-JNe|k8*Gt3UMF_
zeed=27oAhnnKWN-P5MQ$w5BVJvp2XMp;G%5<<P=^zJ}7^M*yEfRR%oIu}R>|k30Wc
zZRi+1B`YB^v3bEtOD`l?q$o~}=i0pn**eYQW^zu9_^y@OOl$G>loqFrfS``zSVv4V
zP=;OV1aNeDExG_#{&CgR*^LO-l1C0QL~@zEB#_5dAE3L@u1p`AE7vawO5yZ{Hu9T~
zH8rVa|6qYnAY64s1w6$kJn?Nidkhp=YKuGby?S0?&yZ1fp3WPevb_>j`icvh4=E4$
zRhPz>KA7=9^@sSQt2TmX&E(`S(Az5@7hSeI`ZqUmt5r~*iT!mvt|+i5FOwfq79~`d
zcmr?x7L=)suR&Lb4Sj7Ob!PmqAHqSAtDK0(9WH|lbz9nvcJtB>mYDli-uBwy0$-8K
z2hZNOFSho=RFzz3T?R_Gve!9{{}S8JqO^;%2GSpY2t^N9EV|OCs|9>VwWHF6^57C?
zH6C39?ex;daNlC0og50T*vdR?%UDRFW!N{$t$bocrkNWAW&<6ulJz>M{)!Ie>McC|
zIvu7SEnV`<wWNO1feP1Q^VBW;$W34Ml=7u)k>viUokD0bEp1l9*xnwh`lUwIa2&LT
zE*^B}Bdm;)e7BDoNyzj_Tv+tXXQX+GPr0uAN{wj6cvEH4`020NkILOukWLsw-o@Wa
zP@rfWl}9=n#@CA<oy&Cb&u4wn-jz9s4)BtaL4s9m4W-^j(sPnfRTL59L=CE}raU-S
z1RKJjC%y^9Q3*8Ow<`p5>{UL(@~ipznA(j}=Jy5jW^UnZ9z$sdlVT%imtI~$^5K4s
zRMQR9KUaU#!n^k#mVlGDS4V*J`}+v;ePAzY!6!d8stB+|By*$sz#?T=D>RbmHwg2q
z^l=va;9l9_g5U`hFMib5?)2BjKOb+I;yQgMe~<+J7Ql5l2E~qwT<f+(7n?2Z5_`9&
zDjh8_Q2&V{)e?NlJc}vr8v*hrpv|6NWFFfWXb?_<x!D+d!v&6?Y&k+@%=sUv%a*gD
z@tch|8&Rl^HL+bB${5~`roAMAUP-}^`ib1WrzTZh!m%xck%D%c+IvXmfKw|!%BMZj
zKr6{;0GLVrUJojV$0iFKLz4kXUdB%o*CH6eh0bqHOOoaFr$Z01jq%`5q=(x8HEK6p
zIOFw4YxyeaK_gV4*uVHHnH^lMn{}nDgk<GDjF*xcW04)+9_Ake))+I+lB&1&uA?wz
z`JJyy9r8>@{$s^igHc=8J08LH$2nr4Yjp99(*Ppib@XIN^3sXR!0~D&PC+{F&Y5G6
zpG;m8-ite1g7Q&EvNJAIjc4<f6n=r73_ZJRP8Hl40j247{@*>7_B5?YTO6rS7-isQ
zL$6}L>>|3p%OUqzo5ap36GQs+ahuKgmINPn@mkUc&(!%Mev1}5>G{`yj#UgUKB@^K
zK^8`yY6EVCoR%6VLC^i!I@gGxE6;^Qfu!Fok>{w89|*zzheefaFg*;Fp{(l-4%+5z
zBM1=wbboBjllyL+d`l=I(@uQSjV-x>(;a%5KowmTt+}1u1+=d3dz7;g!8vL?+8q)`
z;kb|~TLpHBdZ{(5?R+%!D>wl)yf&6LJP4$~4qHy_oNI=|+1H}mWXA)bmGW`D^3!j2
zX5r<3*L3_7@0%x27*v(=iCK(jT9cI@7B!YFhT^a$Sj}G18ZRWYv*r==vQmW}x=!84
zSgp0XNDxC<l%Yc$31)h!%gl%C6G;QtiwPF(lrV;_P$DE4Ywa+W3E+b3I->5De9+4-
z5|g*x;_ORNhqqN(GcYo>fxf!*$Wi7z<@R%6vnn3HJ%~{8V!K1p5ZNu%;YVqCyF+&3
z7pv-RzMfP|uIB4{DsPRHfob11#nR7ma*Np3>!8fsdSaJ={WGBjbzDl%2dajcyv3AA
z00^??rJvO=3{{!WDr<`?fq^6LXPcb5xEC1Zblz_psq1pfRT`=oA8#niQm;buSIDLj
zD4=WpemSZL>f6Z+B9q)QTrHgLP?c1DJ^#+0p>#pZgA~qa9s{XyMzyAb>Y3L4eXA!H
z!#(W4PhrqFvJmbGO?QE`L2wKqw*;5oIgG{$VB1qTiClQa<H(w-p*L{Vv$e5-Nho)E
z>)XR#;|7E{HU<`H$x?Dx_pK-fG3gS0@(-l;*C;|YqBlpXgq98piC$s9aYv-+r}=Jf
z*F^2L?j?T+^dv+OLES11Pati&BAm7FJL?xk(Pw6KUbqa0ULQzcnYZt}K!~yo37t~H
zkIpu7yKJ?Hx5bQ$9Aq)dA4wx-x@ot@{%{+D2p|IQqFe9gvDp=rpfB+C+;gRgi%2Y*
z3>Y8H^kbR1!Ej)7&Y@ofubH(Bd{BR`>PbIq!m|~oIZ)~bAaq<aWF^vR_IxCZ3aSDH
z<@86L74-hMt^IWDHj!K}KA=4OVXv~#bA?k#R`1SOQ3oPIGme;ox-EOpmb~1ouZJh|
zlSwb8K0?K1YOtFU`*paN(PV9cG^nLEu2t-x3v#MKNR2lI&Pldm*VAAQ2J+^zi7Rpx
z&{%z{9`?&Scdm1k|IG=ap>l4C2a#~@_arzv8sm{R=!(B13J@B?@jL~D=xft&H0N1X
zmt1R?$T4yU!+1;>GPo+ov9AzjllM9*ANHG!lxN}^ImdJHD*qk;Jl0zhox6f<l#3lL
zZL9mK6tnjec*G{%0w%WIbRe~8x7d&XGbt2Lp%rQrHb+TL(xme?`9=&TW<#7Dm$FpD
z^vmMh5y~6}c|!W4nwdszs1hXErGZ9$?7{-QI!oMh`#@1B_y=1R#rp`5*>-{0PSFiJ
zrezIqRLmWtoh6KkvLPhoWF=4?Z-#bxHhhb3BSr;794{z(xz8wa_dSj`>_kdLbxH!Y
z&VOwi=(;QkY@}-BH7Snmst%=9yK}G*pG@eK3PmoNr=Dj$Lu<n8RgGg7nu?6?qfrnM
zEmK#E99yRut#jvXNYYcrqMngAmuOR$8M3~k+uG8vh|E`J1dV~|9-<Hj3AR}cyc`LN
zkzBBJE32<f*1l(qQ5ny<72F34wGpcBgrzxo1Y#t)q4ZPk%6_q@AIYVK>@tU2WVJ>l
zqOVle%zM2FtG4A5nO<+w>-fDvhzGE2QLbWzWB4B;qzPdu^SS;0lBbz;4QsUnvOq&?
zX{(xge*NnIo)H>EsEP24LF*V~0Y8hhDQ~NwV7y|MH^1Ee^ied#rh~<c#aIGA@+3U=
zfmKhZzY`YK<r(pIimn&@ptgq8zw;qAEJl>z)Klk{F+cn!U*H7usH+Lggo0PgFoB1x
zS(WC3vUcF9hrdtT!5p3bqFwP~ZD~*NikPoq@Egy<V=9!<U#BN3Ab#^c;=6)J8t84V
zt?w!=nI)iJY>#pJnAM_Dcj$D@r9OBRQ+)V3b^f0@P%sA&_tkw0eZLsgq<dth#=Na@
zk`s>$B%VvR*W_##1dn6c$I#MlgfD%$OJUCvc#F%K+(;Ux0a!w^<m=j~u)r0UtyGV>
zY^{0gt%W3@)nN{)3pH%IK#*h}H0H5VjMqbgCW-#lmzKL!RA*`VJy*8G*?||Y=JKs$
z;VwZ3W=!i`12S6f6@yFk*`bxp%z^_cZH3j}m-lQNDK{p9_+-0qaCf8Jb+OAy&Pw;K
z@b7FSeg16#aN4;-Zu*oAtzu9;AQK7X+Kzf<X_HoXbiV~5M7Ta2uJJaByoILb#q5-@
z*>j6Emeq}WzV!v0t|h)Tk1wZ!C*mOre@l>a1esPW4mR0HKRD3mJ(ihu)e+f|;p%%u
zda9gwD8YvC4bQnA&DJ&uY#)J8%+7p^7((APu6;Uxm>?z3<LyM?<}tTkZPC*cyNtsY
zyThAGF_}xk*Qg)_bW*)onky`@5oGD*pZsfF7aV&zK)J&e>ZQir&m3@mb_e<~Lw%=i
zRoMCnQ*Bo?rMr6Bw;qf>YLpLjd@uZEYb^}j^%t%Rg>53$hGQc8$uF9$HTvmxdl30W
zu$yGZIIop^f%Tym^1FvN2B(BG+gvE#kDoox62iPBz^}?Y%+;s`f~Q>JKsWs|U+lcX
znfebu;FGN_pzl=VhPIa}X1^J>O$J;KMqud&&Z$^rvl^L^Vw@#`e8E8;0l`JzPfRVB
z{NQ&`iY}F+Ytp;Tr1__`twbi@<0N9-mHEu)HrSv#c3K@rEx5aZ#93eq%3>K^oG}nO
zDG|RBxp7fTHf;x7Mdl%N2j^weEvJut)s<wPMgdMO(l`u1st0#a?u<UMpXNzLvCpz5
ze`);E1)_?V>b6s;_;e1fHMt4G0ar-NQ$B!o#S%f)iLcMHc{PfiRYMAFFgBRAC|4h4
zdmN&QfL6j%4SiF=fc2qu!*ZZs5$e_AO|He7L~CdzsV%bqU#IP7HB<N3{9_z5S3^cN
zHE20-VXzFglQ@)HBY5F(GY&Rp<Oc{$=`INfh60}Wl&)Y{ti(Mz={M;Fc>H!0Xg<Gi
z%N&=TdOUCysaej#$W9Qx66%H%wPBkv|7~s$7x#b_TsSbKS<d_(X|(f?k*>I$ONpVu
zQORYJ5X91MR>VMAkr-{l`g|F?qs0QPu`)}bkjAoop$I#3*Fz1`o*{YplkXSZbrmww
zhYVISB_5F66?VLAV$N3ojGNs)l6_9pa?Vu$Y_ucb4EOGGoX?_){3fh@ZFjJuURp+o
z>Vx2<#|+wjRY|uR0^3Iy#PNX^Fl<>i6((?Sr)EN_N+uHDDvFhsgFnLE?iCd2dvnmh
z$-j#cr$)K=O6z~rJ^KK%1Cj_jUA`#b%SzYg9TRWG$eG(9T-k=oeEb0H=m>)=Tfw!e
z+nKU4k4VkN$&hVU|B)ET1#a^;WFf#L*PZ@43ssV+M)n;);Z^3ZQI7wZ<F=0so_V)%
zkW&VI9kDgkF2&8g!DwH)ftk6!HZwKJhwdeMHXAk>FJj9BIlbfu$#y_Zv5qtN?7Q({
zl4?uCAP>zuHK*iprO-NHd=Fa7{rzRnwfjxLTox!?Oh}spd%JR4^@spX{SKU`%F-ln
zw6!?k2Om3Sbg1)DjetjB(N1(Olq-vxwlj)1xDCEEj1wV10~Az0>Ot_aPat0eGz=`E
zlmt`EIYjASn*SGMIf{88k(b(3i0~6kv6ip9iaRVO>6pL=t=dmkH<=Qp1yRgMKG37>
z6UV41Eqa|YKWa&WVK57fReRouQL<gT4UGH=&f>%61SV!ohy>MdWgm`+;SvdygSOcZ
zyo>_!kVI;2xid9P#~y_g;2q0(@J^Bq5q}Q<DgsBdLp)(rJj9p<ay=yS_k<Sk1F_y3
zqI5&=NcWN|Ni4>m|G*m*`K|=Zn^h}qWFHgrIS==@HvJjla?ezsj$i;6b_-(Gz>ttB
z=sEcsUBxRB6t%oe@Gnw524UNV>XW&dF?TP=`QM}~{=rD4#(}iY)^h$D#xknHaUB&c
zB00`40pZrAHJ48CYjsqe4Ayf*yS-X#2Pq(>3<R%3c#oVw<-OafZ#kuxtK~v|-|O-+
zJ))Sot6QU=6@_W<#Hh`YtsvITon5nx4xVgR$}zx&=BHK^LXYcCIX+zsX`Erh@3#~9
z|FWp`@^+jg*ReJ7xmxxG1gnnvk=GJ-7bMPfn0+hs5H1A6rY9s?ztWz>G7Xzo!etZk
zFc7g>k84-@VslxY|7|qc-mLVVEzDVbRKY&=mf1Je=;kKMW!*wL$w!s(_9p|*g93{>
z<DQHlWxT^1=snqf37E+8@SM2K{8mv+d?VFcoS9{gyU7e{rUAB1o~z_7*Ekz$IVE$~
z5<GQ&gkBw70PdH0=*%}WA(ugx=m!yc0gbhszipI%(5Px!-fC@&jp$)!d<MWzGu0?a
z?s#SJ>-Tq<8mIY|NcPDDVtO6mu;oyCoL%fEd-3ONawZI*HN#0xHkFMLWn|utt@p_r
zWph=hM$des{D{1fRs28O@vczBvcaB(DbPwFV&yo%(Z*NyRLmg<<efMhIlJ7BChBQR
zbLsrkQ_70$(=)xmm6{b}45t)-t-YzV&siP>Q4MBPGBl|WDg7U|zA?J8rt9{^wrwXJ
z+eXKB(y?vZ>Dab9HaoU$8y#CW{k*u}H}0)JRcD_u&fc}EcCA{q=9~vc3g5ob>Rza@
zx&eszf2u>Afng}92g}{3CW5%@6DSyqkeK2lSFP3*^@h^ci2(cH;$16!Ubj%ihL7c*
z28Id8&VK;>ILda^89v{@^3wPevoR0<1kx0H=SLwTPBRhO%9kt+7P1f~TAMHT5lwU!
zL!|?!5~M<+`H1ed@f$-U7VQcgCKtL@3^hu6$0=VkBZicM3`Gv}A6!@r8qvIzbUOef
za<-K1)pysPb_$Db{~$C%!{@GuD4jFl>T$(055Y5qheeoz{^$JfudD6EiBq|`F;;XY
z&xAYl992k%?8$aTNPbphXcyo*K?U5DASFVnKYDaa>@I*I_#4r!rWTaC#u|#cZsOD3
zlyVUkV(eiP(2lstRUxDS957p_Mq<0U+ilMa@fj@m0l^lk^#gqHVS|&NM+AIj26xjB
zG0+F5IXcUBx$UNbVM1$#$sLF!l?P+aM2&_#w~}g`!p0}@{aho%6&MNg)1oL8_E-q+
z%1r+=xT--~DB%yywSpGx^~AR0pSEQQzPXzHg$|Q0JJj3*|B8QSfRv&TrAvA87y_x&
zSD3Yfpr1!%h7o-It7?o-+Yc7`^7;27gqHj+IF(6u=nc->BlGHlfl5?6MP(47Lqhd4
z4tjPB{kO+(S}4bI%q658zxvqW$dVSxVuuxsW?`BTo)J`#yf@T$S#bOrQJk5ypXu0}
zDEq%@mMHPfs898SX$c{F6l*9AG%`uG+lpGlApbvI$kzeHJJ6D;B2!47>(4t&r8u#E
zH`v{bT;md^&dNfA_@K$l6&%G%C9e$zpBHsRDSB;(wDCt+2eQd&emL6hB~#is#Hd4&
zCb*Cu%MU$VrQAq7Rm5FF0!wI<qZL%N-SrEB3|2~;+QpKq=Kd(5NsMdCD_wYgO@^V-
z`Hu5b*3={kMm}@e>m-oP^4Bl$M-DVc+Y~21H3{Vg8O0m;H&ELOOx&x0FYxoupi;OH
zckq8scK*J*sysm(mD!Dtm8=#ImAV0JcTz{A)lWPk*$uadJni=FF>*hweX)jvpjnO)
z-x{!V!9?(sk*OVBGN3+lfF2{6QAXRcj(<p6Q`h#=6i|Io-9a}o^Xt+rSng95N)|*`
zyPg!L2?xp2`d0Im%xOL(^HvE30@-BtUvQdSMamBi_U<;mupq}{ENQBF#;duE-M(w}
zm6M*`%u$(XK4LR3-{)zzd2}k1i(}C3oXURXYgXOYWlJ*-|2L25m81a;aFn&d?SVS5
zv|(3VAK<i*R{#=7yW1^)$-f**8rrC4Id-au)A}g?^9pl5Vqpz*yGdV*XS8m-ja}Nw
zIKCgHex}o%%5rc1;ZCW&l~IOR23N-mKEE7yAoh>Rt}1#-IUZIR(XH5Br+AR11Q2G-
z8Sx;v@7NydBaJ*NzCLJt@}HNs^qm_N=xu59H0ReEemTg&E6<TBz1TIpr4ML#!H)pZ
z3$A5x7%1dAuKBO@%>Te1i+k<=GB7yx9ec0<fM8-3!OB_UsIHV|1>XsY4L@oWW6;!_
z7N5LxK^G&m&3e>s3_kD49u97_8Jmd$sb9u9tHHRDCj|ElzyFrNOKa>cI^<No1ccAV
z9=3$h&OVb07pFSsak{SBy~3|Qe|qv1nU6RF1$v-Y?gDdNrFg#9VWK{rTgH@XQ4=)v
zDiss-NPpI1c_0NRazN!UglKpy85Eam?Z53MGcG7@J-GLoRF&Rb-+IHseX4}PI-R~|
zl%v6Hs`hdiJPT-^{cr4dxA=2c`pTK^LX{Te!1+ke7Y-A)5BUZ-NLugn#*HM7QA7rW
zdv<`tlkbZ&=qt8>2wZ)^C?-Ja+x-ok#I8%x`E;1EiI)dm_Vu2u&+9NlJCq0p{EG;q
zGB>|*gapZ!&>>DZU<5(d53vBnrlDJ|vJN`5qFQZD1v-Ug(-K~CbUP1EjVIf?s8H(e
zh$+VuBkSB@PMg&xEhGIwGqcV*OqrLU;kJ-QMDV?Q?#@R@9f|!^TT*}1l6DCB{IABq
zwAYl>e`HMlV#dliNRki=>}w)DN9Aw*-&JoXS;6mm0%wGxaM75_V+ZV2|JZ9ru@kRN
zTZxCoU;Hp(glP&b8^Z`}G++B}<1@nHNkfNilEO;G1w82k(4DF8xS@FS+6;5vNK!3I
zlWmB0YxgqG2ARvO@W3_em!_(r7{VmZpjf%SLu5NM5}nd$A7AO^`Iwru`BrOZ1EL@r
zglSGyim*UI&L!jdle)OcK>0F#jIqBxL;Md3(U$z8^-z%Wze8Yn;`J@gnlILFrAch(
zK~Ua8TpX5d*q?(#d{2EH={Lz%2*jHOJ1-suqS9yhsrnox@9OiaO8FH1Lhfj}ZM)3T
zvZ+g0d4l!!vnZS|f9VEvxN>lh_}vn6b-wmV6f`%*ScSXY{zh*tRg=6g9b?XT`S)P~
z-zV|gL{J@PL)Lofyaq{YK6{nyEeZZ_-=_;5I)BB?-tQkW-<z$kuS~(;E`iKJ+Z9hQ
zeC)bpiDp^(T2S_6I2-XeIzXLddJk3M?B*BQjqqx2Q>7LE9bcX`)}NhCVqkIqrotXC
zxbDao$|cbco9uC-44f~)^QY(&5<%ZE=F$a}V31W2h=|Cy2i$Fg-7U~T-6XVl0~A!`
zevm_JWRY8j`OrYKZvzLgsB5Wr);p)sOaFtm0F_M)W$h<F@-IMO&#mw8g&m4SL4yUV
ziDh(mWsrkeWmW%domGm<^YtKn#wuH6SxZ#+01_5)`2>&a5ZmJ>dHH?k^&4!+mpY|D
zz+Vxu-UF8lePj(*irR(W<aBL+{_ZP}e_Fxxl|uYi=A+V;wYz$!rw2vPM>#M&n#XNu
zd19Le)e|<3ujGY$`l9~k?Mvq>k4B-_qUU{512-iAqDAn*vffq2B2yjLyvb#)Ab7X?
z8x}l7amz{e35h=vi`A0SlviKkoARHSR`o_}L2I9pEsafRuD0rR2(W>B*XjHB)<^38
ziT1iLj;_nHFUy!`s7<1S`lX?>!a(yOor0j2vB<_~5UzkHJ8XRQv7F$iEJ?kPH7&Br
z1o{lpyu2ITw`{}j$2jX44tbG^vq{bN;5Pg~g^8)qy9o#E=LPKvLMEYmdjv?oM|MVx
z<q;f&?S|94*S}&?agQHpeg7uBBA0NG{&)<7<%AJMpYW$*qokCEgjj?^31qdVX2l6w
z+3EC)Q3f0uiYoGlXp*OW7q+0wNNF<lPaKR;$e=ALGfTF-)tn2+_D(cXrq{3Y(h~7W
z%#uy!YtbbY5)X6LgRlAtts;c)WKNYvN8TdyCjaOB3(KU_L@>dCM&RITa5eBiEL9ES
zW#)#yE|DiQTWBpHxVBPwi!Q<E85AQ)4}vke2WFJWTj{I)bJ<a_+OSs4kj=VwcWTwJ
zA}~qRlXkINzRe8S!K_7(QMv&iuoPu!aisKae0Fs(if^B=`JSa~pYm_{6nf||fc+xI
z4|tbG+7_DtZ#>=EBt4iZiX4a%(3%L!AH?gDOK%wlM=V9Kr|8O0w8wKr*C*>24#`6M
ze4xBn?=)00(TlHI+ods$me{%Tg~u==$m~zAT`lwlvlkObUnlfmkTW6XEjUA=<MX~7
z-L)6G9>&c`@PXgH{6xo4L)CxA>Ui}0m*`e_*N9~bdgwu%soDzYnJUT*%7>Uh=-icq
z$lBuHCuVlzrrwNLjk<weH=VwxFn}2hah&>k9fKy+);0die}RIAoC&ai<Rd`~n0^=!
zG+vb22K`(qZ=e`gQqBl@02ajLmH#dvhl>M3$T~azHN(QP^le_o5?n3Xff|l2_td@v
zvG{qfXu2NUoR^J0yEy&XaGs$@U~PzMhOCz6{$kOus6Y<hF%a}~L!JmY%3L^xThG{>
z8Q&d!<^Vg*=0jsCe9<67)4l<kdaB|Q2w6VlXF3&F*c{2!=WrAGz&og<wX{ilar{?&
z%YJf;^F5<rXnm_i1=*0NqjVo!#QJvt!>2wDJl9eGZUo+epmXia_w14PMfbdv^d^FQ
ztH-u*Vzz-yg`H?2)@No{Us(r{zM51Bej0w_t;;5)EQ!O_m~%9N@##8U;xYx$=B28A
zZ8^~)$jdJ(v^bN~4va_kbxy<LJv{N8)V@f{E-Kt@I4mj&0>al&rLid^VfeW}m*1hc
zV)N|DpuI>e(Tt?P($bYmxCvf{8)9l*{lS<(T6G$T1JgM0v8^{0o%gN;<Ilv(DT<Dd
z9Zq)czZC9vh$|OH{wvQRP85YphD5WI5WGAqpK`^PqxAZW?_MA+?|zh;AtWY)f(qoL
zZm(A;Pr+gvSD+K4L)AKtgVXrP+;(3)cQ)h_;g*`fT#em+Y#;`;ATDDxd72h8f_Ow0
z>b{hr9_f$M7AX$JX@6&DKJtZ*cKLM&336e~Sbt7=g<2A<07nk*Czugy-MhUO{5!S^
zp0SFoL+F~^$6Fm8=i=?&TYBM32BLxq8b&OS8S=89%=999ACv?UgiBSEhh{rj5_vQ*
ze_FawHK>dglK_@Hy6QlvfMB)5*5PxrnP+su9i}v;dcaK`;)VvsJoq68N49PN@-L@n
zY_M`Q=>LkqA(AsUnT4h7?O#C!Mj3P?w<ARs7Y^o+cxI;$YIbnHwnOooB2l5A{s}QW
zdJg;M82{5_9+IW=Clq$I9>cw-Mp^@#P}GEN)3I0trkeGY?;nDb(3u<HNhLx+3KpNH
zjPh}-m20VtOxmx>2*#}KQhqcIg3$W}?UAklvBEewhx=laj9d{4OBpZQs$5I)5(@vN
z$Pxj`>QRYuSJ&!cMC5~C9fNVDN-~ENkVFwl-rfhA+?g+BUW%w~Aj6*r+zn03mEHI+
z4acc^2l6-m>B(MALSkHfZ4jB+V>nmrMO+-&!)QK`qo_MSYV!AITI#>Rn*|p5Pw6&a
z)YmV*&|k0(FdN?K)j(oT&3AUhnd6uh;xMa^^&!s)m%ji?Tmr%4{wXIaz0W1`<ipB+
zwbwv2J=d7C78q(Q+nI+=GeX#vj*pwB(yL#JG#Q^tO&c1=uqL=mHmDtdQ#GTQPu}+f
zo?qcBVo0Z!nJWDCxTw#*wkFlEXA6EI0tnotovTP6H8K?0_JOHIMX7={GA$pkv_G3W
z<d>=Dj6`uM_AeAWVJC!6Ssy3BrMV62!88F}43I6e5q{Urc~g%;b3#vDvakZ{wA}Rd
z-N>7L=$j!T{(*pHj;914E(ry-U}Df$447l&(q<0!zXU1jFX<S?>MZd8U>;P1DWsET
z-VOD?u<UHytP_xdVo1Na{d(@YGoR$cAhs;b5<h<D#B!g2Ed~1QJ8GB4qIF3yeqLQT
zv;FE*P4!MVb^SpSVNFuH4&f_KxBJ6RPih3xUHLr%hzDkx<?Xp(>&Qmlwym&29{R3y
z%v~8|Xt+zt(IM+T2YJq0PpvPHKgr=~@F-nCepS(8y;1G}<{13WBItBL8)rjHDGeb$
zMa+ijn`)8Wt(5eEZc%-m#0J<^h@Yl~(K{-FJTlaqx_dX(*W%|S1J47pGjzuz4|mz?
zQ!X6ywPGo5mFvpw8vUEbs(NZxo#^rx0p4eed-)CF)A}Ot#B2c#^e~&XeH`l-*HrD1
zuKFOn$kZ_GcU`Z(Z}qun7nquz=U_-feE0Uh^mDDIW68e<Ue<r8K&i;ThyQZ@fIa?9
z{q-6U$!qW^f&6st*VkNu*v9n7i2EyK+P5G>_=KdZG{eOi1SXbeVGh-MH#f&M*;=!Q
z;a!(%xq=A4x5tQ!tUjdoY;azGQn`2<u^1_Obm>)F<!ni6!=Mobzr%H|@~TiT4-6T?
zB2`#;+5M87c;`cd_x?KZMPXA3@N{xhQvWYt41V{kT{Tm-#Srs(ff(t2v&$mPQ%6Z_
z=HY+KQhstZU9BHKj}ZQoBGF<3vj@250L6fLv^)r2F>fj>EN~$;qG!+5fz0aL1e&7;
z!X(Gm+y;cYNZyP<`-H9l?vgTUZ0p5RUq!JU#_BjjDGTEJPhTcZLlbWhh<%3Ojc0`j
z!nIv&O|Pt%Z>p*%q|kW{l%M=?Nqw4~$@<!c08ZT&c*JVMrzzO)Kt$-&uCV#<ASWG{
zqV-6T<+7sclm@c@RUYJ&f8l~6I9?7q8p{Evx11r6Y00MM`sr&|=OW=%F>6ON#!IT-
z1A(O&4X0ZOuIEA<U@3F$@*C(@_m`a@29T0Sx!@yUd*7&(=MGin!M^zQ7*ffqCzcGc
zFV?Ngh9te_6k=ir#`Sh%6&$C&&5>FcqE2j??Po*eLhP$RS|g^>^Nx&5B2LYrtF;*6
zO_1d`zBoLQp2gz%9SEJ?xo6pK(&k3|9c939)`+;WqOmg}8&T_{J`t6lj&kTmk}mDR
z-vjxB|KvFvdL>q)ISma^a_CbLvs2OO#TtC%!4IZJ&?GBI=*MnFM-EhRUWX$m&CvRc
z>QUWOpsk+L%O^`fPRUFPDP<?-{bhHjW+I=fHx_8Riz)3lmIk+>wR4*5^4|4ijbuY0
zr0lbG8U%WnV@{ZlRN**FH<F9IRozVs>*<~_owQXrJ~s2lf9FLK)+#s}wSB{_@fMEn
z<=I!waVdh|l>)EnbHE|*O-T52`8)xiuL-%?`UHZ6ezR5KHCvpIFZ*Z94Y!0&5G1J6
zH_vyH3P(XM|L#AEo#kL(AoDQ~oq~#`hOcp2qwMEIW(KRl?W)#0jF@lmK?aJIRYRqy
zS>i<n#Rmd!(W<w}TdOMeoBr|Qid(Meu#O<F4C7<SnPw{RiiT~#1robiEa-s5+qH^_
z`XV=u`i-`+Y!h;0l}CXUkVTeelax7p1|Gzsc-j2M*uu)j3Bi_I-Ebapt!RC9mBO}#
zHMvI&UW{7my?G4*ZvfK%`3DrTYp0XpRA(baOhq0$;=n`9saQ|uTx1X93$F7OApC1r
z)1RY^!T>=6{l<{<c}}*e{c1)cS^Z11Rzp$z1F__hx$d34H^$MxFBJPB<lccqSCl4Z
z?nZCARvAnMLe*_VWD4lX%cW|x#NK>Ef+Dn{QHh?-t}l>enQ*+960J8<Q)1YdroTYo
zLYIoW?4iI9$S-J$9-ubm!W^)Or*<<Cff(dMhJ_;=D*Z#aPCQzRDo_TCv{=f3=auXy
zJ$ytRxl3c#&(u~l)3D6=8q1&|TCO(LIn_@>LXH_>)!*Rj2-~BLzzw5W18x3QD1IOj
zM?)#fpQR3xrRo2;x8f#`oRc0)CWbU?icAmym@j;GTOv3F4(78S3h<2IrW!>;zRErg
zvEpY+7E+~K#AO)=X?cd7;mu0pud@J|_*QNUrX=lVpWg=w@8Sg?8aRy{C@2E(Wqe@Y
zz42_6*QD}h_g7B6>n#2I3aH#a?T*dM$X5bjP_ZK!cqHz0)IYD!^Lp`h4mL1Ma~%-0
z7IYEod%j7P1+iVq-|O=7;g(B5zQxgk)N^r>eF+rYJM`huv51-_L**T!?`&@Sg^4tp
zYpzw3+L^7-?d(>*piUC@NV|2MN9@SMQOxfj{R=L8|6P4G60+oD>iA$`A&l)~NYel*
z+`ckq>bA-AX_a(`1JD2WpUK~d39@xknXi`tE{Wx)8b2tO`R@1;of)iw1lk>4Ia-m(
z-N&qPodaLKix&NqFkUr`+6N6KRFR&B_Np>0glLHRv#&kEg?=<ushV+TIEk6HKi)5|
zl=%A12iBLk-Q%H~rKW3UnHxVn0MPxjIvG)ABEf#Yc9xt8jED|dJ4N;x?a6|VZaVb0
zr|9a}F1l?+PEpJ;DK6Q-%vHbS7{p=GP>H*Z0DJ#mBqim)s(1dqz&aeKkn7bUAQR)<
zWFY*HLr-j~QghAYHV87x#DO{IYf-!AY2>Zrr#ZsetQ(0T!2_ULZuh})y&A1u6$KF8
z<t|kZp1G7}Psa4L1*qO>)UlK;$`&;n{BS4KJX<aNOu}R$>#8ctYTuz(Bv-zpOpB04
zfG3OXZDE+08DjXVcbj)}uXzX={MA2wNJ<b{fhTFH=eYwvgX#U%7EKWr1U<)<qd0A1
zoYa%@Q7=UWjkh8aEwIij`&p_2NzE(zZ)~M%^*;ig>r4{h1EY7Cz_bWzK8EsUjN`+T
zs{!H`NwjjwEr^hc5xdLQYG{ms4gGF26)ci?w<wN{dOAZ%64OxfRd2f%rL~9mEWaCw
z#iT78v(GSFJi;2&BUIj+9w{T&n+$NkAUhEUg)O3;((uXlgOXCmNPVNE;HfiG&S3_*
z^?Z6hz7(CGm}Hm|fSBwQitK%Zpy>VaK7kX=OUd+T$qC3+AED^^uO;g+;t<jUc~(9@
z`?r-2A&`IUbt;SA`%AM6yLs06)Ay)~e+Aub|JpqQ{hfOe)rtB#iBVv{hXT;Rz+@vy
zcE>lHmt+efE<P|<?%@6LEiYF0s4lu4KOdKQY`j0_c_`s`x%(H*VFyO!>8+z-k@C|m
zCJvk;+xVc>12$~N2WaJqX_Zwgevl;rAr@Hufr0?O6g7p=oVv_EB7_bP_$y9*#unhY
z>sBUJ)pSnPfPl>Cx@}bU=<<lA4E@N+%vmqfzHuYus_B-?@S~Bt`|&#h%y5|9C&D)f
zPsB%Y-GAu2f75|uf0e_rIS8wYqXmQnx0XuzLl6ScPWwsIeKPmT%i|<n5>|Ml3naTb
z=^0vf{>o#c<(RywHDW}w<tlTfXhSITiWb5W%xCOzx%ig|XLRG$-(ztl_3c+aH4!r|
z&tqm$Vzg|dUpAT0w>XuqR7Tlt3C`5b`cWv2DmqyrD<A0`6C<0)IL0!SX&F!TxCxBW
zPw)YR<4PL#d4LE`G*I4YScj)}y9Z;F>*rUMy3WVm*G15WeM9}hyJxgRjX!w(s?mwv
z|C?f4p!iDo=$-h1MsdEnpv*8^Dx|-mR;oOc<1jwUEy&U%k)j66sRt~zmZML6S2_(W
z-TnExoE1G&)@`m=Ln7=VkLRn@7ba_v#|-@){&eu6t>)W{A)x`BE&fsa8I+8YUyCa-
zj|VZaLAoTAYWuTh64I_F)t5GQAd;-Yu*2XdDCd{wrRp3JPRH3!>$WiEJV#sqGO-0*
z!CWo@IuUH9xXRCqIW!?K$7ExrF!iS<C75mQcKWARZ$?tWdai#@sy|=&e*}(ULyB=6
zIFr%I>Z6W<N4*myhBgwlMzYAfD1vC^OE(<q;GUN{doUK|@W0+Zz5o(q=PK};eG%i^
zSem^r07>LGbm3*_?Po&Tk=xZ$i^y?scq2B2m%a9k(oph?#M#IsFovo8z^9!nfipOe
zPswjJuRnAJ??$Ed7BIohxnYv211_6xQuzJ;$@q8Wi(3|M1@<ttOHdq^I*Y--?1O--
z--c&T&iPlIuT=qWNSKWheAg2D89zaBIaNU1pzWYV#=-{vO&y{9s{5l5LAq|7t1ZA#
z>~tkTvZsG5*x?5I)>EW6JtC@#{grd*kiU{%(lYxte5Ko*u%OVFV7iKz%26WJH>Z6m
z-}A1cJyX3nqCevARN$1jsO7Y2H^?Xo8QD&MnJu;lU!?w9hdWnnrInP*#Uhm$?PqDH
zMb?m%$7nnQPmvDBt;dvTO*f`-B8FT)=^WK~Z-Q}f@$!7xcTh%UGjlBCjS2*vzmQ{r
z!{9Z~4p?7Pi##k`p4C!+k3Sd@RpFV7qOn>pVGV62-B|w-@%YNEhh~C-46Lg_o-U!?
zpgSJ6)JHQr-O=rS^yH1J%JW98mQB(lu-B0F3)h17!Uu5x;9YHkGCY{O&7hl_H|hna
zIgN}L>8#}cL`oE#DdrOgbngVV{tC0U6e?E@C>Vd$Q6%ecCn%Y)Ub&gKK<W{y*cb7|
z@cYdE*GeYHy5b<|S^u?Y&!Z?1;4;M@%vi`Taks91)8^Mtay~q99ShcRk~=#P)o2o)
zD)EwCx>NzrW`$91HSaAhi6%e(!w6FhT4Pd2aQ|Nkl@tY)D}S<E$*`xf7#=@J{DNf0
zrX$>5b6A9RWnLnj`mH7Ri%BmhRI>4=#9Y&eA|Kpj0eRIa<qCN&0+IHtkx~oO_i%w_
z|It)V<NdxeEN#|Uvx+-1T^@U-+K|N_8SiBWL?F=MzLJr!0QI02vo5Mqb^zexQ}(dc
ze2h0~g0y1K5AgpK%zTEgYh(*ZZU5^l;4GCp9pQU8Pf+a?JtzPG<R^}GCiiJ){MD60
ztD*(y{5({t#pUboR|HploEW1Tik$-oubRbY6Nea}|NaoD!dFw|_A0RZ?<G(w0L)b$
zvV9%K+yU4n)Ow?M@!Ly79CggRX%+(Vf!2zw^7#B4pfe6Gx8D0+${dDK{_A7qCic;v
z@*1-858}d{u}fA6V{9Vw0u`QWQ4h8JPMR6rq~mI-JGCMYn%PdY^Nt#%hU>u6PbDr;
z_GZHB4iXfALE`i<z1F1{II%cMwcYbqbiMdd6}<aQYwM>&=q4E1LLIys)|XzH(;?hc
z`#y;dG$ru&X#tf20HAPvm*cM{P@Y9>bh$lnwYYkk#FMQEQOT^W+uOQAA^T1}5Aes4
zJ{av5DEUu}Mi6~yf6YD@O3|q`w$VZY`N8jb!z0X;IcCZio{Q|~WIt#)Kz!7RG^<%T
zu^ZyQihm3~!?IuKXX-;3BXMn6f75k_svD3YH}(Z`+2~uxEX4}*8hz835>%RjG2LBd
z<G_`y=<$^&2lv43`Y6J)5h+LVI)=dC$3-gzK;+AQHL#&yfBq=P<^?{Fi-8#$yi|Z;
zmiI+B-MdWdX0d|GWlcb`>S5tN9K#0+c)z&oj&C|~PERKmJ^!u6uWbhqph-`>73#x|
z^&|JeNrA&L87nxv>@Z(4!UB7|rezN~R?5Bd04vHub^>?HE;lmB?+G>^H22*}!y0(B
zI~HxK&pI$i9wyWX1EcA$+MK?8+^gelie}Y0pcjrg<bF?6h1m(DRGp>~syZ~JhmXdY
zuMt?90JQqvj7UZg*yZUFZ8gPY&OECw8U|qg?G|t&0Ey>~@an5sR=U9FYds~Md`u0K
zGI_K!xpfITpl5H!tV0fJr{e*97gXQbNihci(yMvU6DDtWSH>D;--E_ptExUc1_zhN
z_HZ%BmqUL-5zU0R>Ko;K#N(~I^9W~7odid-kM`XM#BR&w?#lKdH0R%$2(|p^o8kvT
z#VrS*kNdhepbo1DywRMb5}}siCjd<kWo=#MeUsKZA2%d$jpWp978<Bjrs5_!-&;Cv
zR0gJ)FgnOq0vtX{5D#-ON{QFIf!J#W%mD|urTTnx;OC8!Njf(D+dU9x5aRBO>91D2
zfDP6dU(iwUxSjT8q?HAKw<h;C0H|vkvYar*e#k`srVTPy3|#@Z@Y^r#H7E>f#xWuz
z*l#0|JGJM~t6hO*A~@UqWmgb*nJ1H*Tbbl~5usV->TNG2z^06ZBY71F8hXeZ%dv1G
z*sC=s++u&MX4u3?N+qw?CisiZ#zq9hTh^iCgmXHuBcC%EUm_!RV@xy!fg`J9L2Rl&
zil5)n!Cp>Ox}1*uq4!QXgp8F;wDGAN$N)ZSWuLh^l-Oh<YP1-rKY=H%fS#}p37G+w
zx8T^zXboRI!}$d^^;Mx~2Qb2YpOwJ1D3*2NH*0XQK3f0)<~xKzq5M}~(W0_3pqtES
z34k`>gxpriV9o1a9N(y;r+p24Pcj!?9V`+`1>BsrysOANT=_zFr@VAsRoFshUIF-(
znGVUk1@NT!m)I-}aWH|NllX*+Mrh(Zq8csdbQ$S8nRD6|2urp1aV)nK6VzeQ!Ip~W
zYO18$7%z&-Nm_o4P9&#BHgP7=3hi8*zU=J7k%U7ePbx5+!%R((tPa?@XgjwUYFR@N
z8gc&OlA;t(R45u(X}L;ZW6(N=U-F)Y2NKM{c4DC6T#L6ka~!wCLi|SEsb4(?YB#Ct
z{;D9FcYqmg<KQ(0fl4`o%y^zNu+9Jg=$uAo@F|dj%bYrBL%Yq#XpoGy(5hX}s8}Gd
z-*9{G$curxrAgBTz$C}IhiSSF3N`yOkKei|xtwx_5Jm4i!?_jUT0F}B$Xb;Bw(0r~
zIG;-kinwMNZZYujL^*IR>7aWW^V)HP0*i8VoZ2COJ)Gs0N)c1%Ef(Nf-J6c^+j$cy
zw@)1vO~Tr=k2DNLdXhIjdv29t8Tbf8pmg+IXoL8rvupxv4%Xd}ZjdwyLUF5c^{Ak}
z-)imNblN})<-!t;OFkFUO8iKVHLws$A4lORs2&S&&Y4XI6W3kR-hM8RZ^gYAKPSfi
z^<|8IN+jDc^gxY%B8UJ`wYbgf6Fgvuof~snh3Mtao54P)L@hdG4vJ76P~G<dS$vTP
z(9%>8FJR0!-S|cnn4Y)LVX7{&*s&9W2nCSL&eUD|NU>$2RJRG$*v*?Abavz5u3$#X
zIqKb5O@m?s+la^C_ozc{;wwRZz*hSXW=j6dcm2(Alle`{l=63qSKGBSd7icy;?|_v
zmmGeHz3ASq$BVWpKXR0yC`ZWvlF+hdDf;joX~aoax|^B(-}vzZc``{@aJFoAfNu~K
z_Sy0M9QS~wu4Dp5e$h;XRohHCKt0Uk_#X~aPz9E${LEsN9rV;Oxt{#tX3_nx?qer=
z=F&jw$<$Q%^DYVP&}HC3E6wZAyD^t9GJ>(jkA%h~RFEk`krxSK-@+5Ut537!O4Oxc
zlD?$ZwzGD3+T)xuB^dZPA3^VrXotbtU8V)30SpofuCZ=fUQ&tqlJFh|)$VGH5>d7(
z1%g4)3sz1|GY_w|L2q~{iB;KtqS1%mA<L8M8-V7$f~rvtvk$L(;f%*S(WIjjHm#cA
zMsEiieWV=^*%~^RjWzdgJFtHT$D`);YKz{;LS^N=ch$Z-mhSW^K{-10bzS{58Ej#s
z9u1U3%t7k337>bhcF0uueagY^zzumEh>b5qowBV3BhhZ;K4SlJn>*d3U8Rce^Egg6
z-Z&@=;6P$0{KqJ)Y%U`3%Hs)fWrQGx=weq0b4Vx(IDum6?J1mRL#f3dz>?^p=*}6E
zH!xRIL8JoPKmiq`%I^hK%4We2ov?JzP(K!sJ4GU0THw$NxIe#FhMr%%kS{#*IG%YM
zc;0-AaH1iSyJw6XJF#2%0qqqJpK_DI$Y=>dh(Ae8Y-DnN{={8=2c`QsXgCu*P(iVL
z*?Uo)-m(+p(6nrgJMK~%t*Hgk3nbJZIV=9Sd$Fzs7n9f`aS84bO9nx*RkV#-C67N1
z8rAH&63=cS)`W+2?0u#E**S4LidjW<u>hHv&L5O-5qivu!Y8>NpQD(q!(Urd%byNa
zMK@H|5^p6^Od!FH&o0UE?kVh%11@jE_Kb;ofO~BivMW3~>22fh)9+RL*FONj{#^HL
zXg7o(iYEp00DzQriELLoEUdy+m-cpTGdDg5*73s9Pz>!G5^ykP!=bX!$koBR074lj
zepo~-6x4%gz(;&g8YZh!wNI@lyZ56VjgwX-3$A5cZ>D}HQvl6Py|Brzpk2SA980WJ
zK597=-lkjxQS>MzvTj_Hp+{A2N~%bA(E|ff$@FFOr?j+LBD+K~KI~_ePRDE4;ninO
z`R&{(1kB+qd-dAy>1~1yOOn#%PBYML=lNe$iXtMdG8#^V!9jfV;#RJ??ife$?;%b!
zzOkL~;m{dm#<obrbk^nHfPNF@<X-12BeeD;ZFx@^CKe$G<W`PkK(m!i*EK^tXaSqv
zne%86ZwPv4jWZSL@Hx*?sfX<9vMB-3ICqYz78(_?y8oG1K+C;B#@tzwn*hky@zsr<
z9a)CU7DhcywDq0d8)VOyZXO#yf-?Tf0GiTGo)Yh_9{@ldjG^JVo}sAGGzxSs>^MGJ
zOn7K$EyD4w7jqyAu)h0m!<|Y`N^LLNO2OoXVO9c@9%v&2BhU$}*NXU7-HXFox&RSx
zsk~me0Qa2EMFFPE&P%K9V|~Cg!zwuoC?{Oto*!6}r!>&}Oqqg%bj-zymjE82LaaZA
zZ#d2~w{~YjuKzA=)J}$A82J3%woNPqF}J^{6bMdMA<$!!sWG-rY07pO;(qWBOME3S
z_>-m#w)5?ZbgIzgb#mH1Tb@;iBw|D2*FU^8xMb^JN7;+Zg~_T0TGlc(jn8=@{!%sT
zp*7ruLCJES>IUObpBMPYOiBSj!DjGW@wQcjN_DVm&xx7(PHg;lIgr}2$7hAwaT0%2
zo`qFKU*~}4$%n=4O=L!ZB%LBYOP%oHH4Oa>PgAcJW=NIN6L!9{)j6>X@wkF8&8i$Y
z<`wDyld8mC#{f?GRBM#>^Biw#`q{t<sT0&a%@<-FWfmcXR)&P|-0DzcQExz})TAAx
zScAm#%Fjz%)#|dgppRRSHR(gM;#tbjXm}H9NgyLl8?c_)nz{N%O`5;`49z%`Dbcji
z&2ibsM-}yG4aK*mgl6%8;hqC(nSF#efBv&NR&Wk>UI2yd+Go`2io|_RyoYW|j@3~4
zCWsfAk^3Y3?Fs(`NgwMR?Ud<z{^3^huZW04dw@1DVY0sZBZ5Bwm+~J2Apw*4Za+uR
zwS01I*LnO1cpv#g_A9q={NVzsp0{22r>EOBg4m3zH8T!5e;Fbu#Iw?#NDGVqVr;H3
zYwKxhdB7xo0`Iy*q^1wvYE~%w+3a+n-O|m;_4P6QBRe2~-_T7wHazhh5-zK<v+rR6
z#Z3N~I87MG3Tn&@E?9tBFAKL(N$|9oygU9ig*c0e9Lg0+kGpJ)A2O)4glX?JhwoW;
zgNH5Z*J>q|)e40n`;v3BR6(Pjdp@0k0RO<i13|}#WvGC#oizi>h*2TIlbQjEifMOf
zn65+|dp|mBNA8QU5c8S-9&a@?2J=aTYqpaDG&YcWUt1hXf{G>g7(cajx4@h{UY3(z
zu5VT4R{z7Lnl?&V?P~Utya*xdD5Hhnmz|(&ifzi@6iGGIE+CLof2TJK%08X~Pfh27
z*%C0U=ELZ+!a~wNj}I8SeQl$Vwqov6&z&6^tiRycVXfi;qBzy*aU#c6b$$<oey)kT
zgo8gi$Ry9?OPS3*^G&{DaetVP!Inw;&DtMjifD(3kt>}w@Xr`^N#jK>*_+U64Di9A
z27!CdoEAWVF7A|T7~xit_GJgO3fX(#C*3@?A#WoMeS|T)Ic~{IlF7h)a#p_qmpYfI
z>K6n6)7G0k0O^$3OLZTYo1baf;o)rk*gKH156-oEWOjBQ$hFE~^f+ccS%atT1uapM
z{A958GeqdxHN3aU)sQ+>joo4gt)9Ai@Pt8_nq7gY<PilzhyMeVVIqLw1^~d^blZY`
z*#{0I%RNHi`T&W^QrCHK*G$_)Nkw*gjZGP{@M;FW&Awg3Dg%95&e#2!`=!WsLEB6#
zYPll-<ca}N-Lg=(drKI~n;fX_m7Z01X79LwWi3XLe=pa<<SzYp@-12Q5j~qJzC>IE
zDelm`Saw@gT3mh+T#uVUBM<b9n#DNNI;xPBd*R-<W?XRX6G0h^2?Y{8yB!i>`e*J(
zTdCyAlg?{=V&XG2!nRhO3C9+b;@aEulZx&I7k^Wq2gL;X>oUa|DBF<cG^LT`6Q#A*
zP^_;7E7aPpT8QT^h;XU`coiNeixKx!NApyQKAk6oqOo^ZJIHSFIq8U2p&t{ki9v6T
zdi1wq55qO4^?T*vIRR@tC~e=k(0p^AO6`>en5n}vo8`iymkFm8z8?T@C2u@VsQb%o
zMI>k;+0)@;ns)V#K|JQ-gp>{J!-@Q*Lfw*B8S)D%WkIIqwdvJGq`lpW`~;7BqscyR
zD=vQfIW>|B=$zPpl*{UBzbp9ZU+)YYA4fLO24c$;0)p%ADB#Eata(s0>mpo)fteC|
zZNC2^xn+@O@$&3jOR=yaKP-SSQG}M;-62i_U?w3dEs^xj$3skc1n(OXgKVmoWnU@P
ztjnXkmpwlW->Ip@L%dPeM;+bA^7=h<R%cPhImblKU@y`+f&p&nf8hlJDe^}Ps;h_u
z-)w(+S^9zkgP6GR@*R8-`t04<H#0g#fJJBGsQNQ^`u)nw21tP#2<_Lf=ohrgEJ?uV
zkh%0*VC&<kYSv6v3Jv+zxl|m?<J>IFcI9bm(l6}OmI?Yh_APgfK*q3<Rn=WpnF`Og
zZ_UJOw-7e~ftfrSNVN^G?W>0|DNH5#0%-QJhxY$`p9cV`eFDBYC*(i^xKMh23w)FR
zibVx^={UT07-eJ4gOuB(!<j*Mzj7&}c)(phv3H?~P%YAt5rf&>PXiR(Ipzu7<H#SL
zGePMzW$ECgdNW%V>t)O+O_A)hm9F`R2&RK&ksp$Tq=PUHF(D^(RX?TsNoCwC_LHR+
zp!H6hM&aCUSfF3KIXYw>S0(hBd^R_?iy+gy;(hMR9D?jIStmRd?(&#;FNN0_fLCVv
z)Yc-7hkLWcMP&kmYYY)QTN~JoNT>pw==rwZ-3d7_bV|xW4Yy@E&#anuTs>H$Ni1TM
zkW0R4cR^_`8b(nS^NPw9j7=9VO@tS_zxyIH3mkp^u8Ff9+E->1B6m45**T&w9u0pb
zHvQ9T_r^Pb0AMcl4A7p`SDn$svI<mo6{a-{?j1IM65Zv*_quW4C*DGbp^stWU^)(9
zSYc?~@<IPaE<eTaDc`l^YC)RN<4HXf#mrURov{aWa7dtmrmPc{cI&m`ox)PsdKAU$
zkD`_UJlVWsd|3gU@#~`$j46nZ+Dk|(<jKGe6DATgy7}9FC~Avz4JO)~Hol6k@y}XY
z#N;oU1nPr`3-eae44b<}jt5{Yf#%hsEhbLoZ4jbz9d-ZW20Z_jQ|cL7V`w8>5)4Z{
zlO}))iOpCqzY~a2YP`lzNdKk=$~A*gp<=}k0KiSV*R=Ku;M5Cosfjeb>O||BQqE|*
zI3>_m99EgoA+&xsXMvUE7Z&hAkzO|36~oQtu}Bbj?bi}OBUKSI+k4$tOvRLL@OqB;
z{hOXDMB@iIDvIYUCCm&`{k(B%#j?2M^on<mC0Y>oPby+351ByrM<jjA4cX^*Y<C}d
zSmR9gpf5e!xeODO$Tv<@&jv86^QrE=9xX0UEC;?9wSpz|RPOz<&Lk_yPFRQhU6V%U
z2mQO6l@H~6*OMB=1aL83SuLzt@k`t%`?N{!3jN^4J;MFfQAI&<?Z)X1L%dWrb@uG1
zRvlPT5tx;Srj2L~_&#Q6n4+m)CxUjjBm{?|FCeF4=cD3qM+9*BL*LfCivK+O2*A=~
zMKU+=t=z${^bbKw0uvz|wdMl@(}qbMkfo?}iXVYF;1w>%W|+9YKlrKOku%A|8RW#N
zah?$<MMoGr^r$G6<o$vsW8*q{#YcwO@56+^?k<}YGT{8?NC^Es1BqMfTDNS;uLDMV
z4-B_7rQa+pDPdsO=`QXhQ|c6^lyQjydwV#8(h;O_>hSyo)ZNx`A8g-Ys)g7P!-Ho|
zmx>fuvc{%AJQI>A5)-=mmo#Y^c{LC5cP$A@KGM&ofnr^ZmKv!mb@s(TvW2A}h%f7^
zME`k-%CGXrCp$i#hD;A(7x;=M*yrm8MO;u%ARMFim(%s50C1G#GPEa0ESvap+*3sz
zFcCANzQt0D7Sny&36_U%@qNr?s&}tl6m8ClA&USlvvWwYx0{FrcqB|!jZ;F)=<4{?
z`ns@UApX2sM#ZXV0ZbmFmCiKElYJ%vubIo`lAL*rkl<Zb71rI>1#1wh@g*_Nz9poQ
zdKb{_g>i`e6hcQ<*fLcm>v6wRVXmB=XgpL>*oz1K)@HwZGCWz@Fy-Ap`FT#ueF<hV
z362YuIMw3U{jH2}+olS3vxjv>B9hU_sGVS0n{!C|NW|iAa49)TY+Xe7Kh%j>zVjM4
zM925LPcz-DJwDw5v>RlA*xJ<Z4V#(5de@2vR;Yojy3Oz9DspGNPh^I8oR_kYixrW+
zo2GSz)gOMBxEW^P3tv~yA%y#=mAj^tc@`^U1mSYZPO$I1gjY2NL`=~nx+x^kQoyCO
z?srrY0<9YJ51p!j?=MDV9XN2Tce99$H}YfU?hh#RCw1WOiZL%~&H?p&aR2TO5%U=i
zwvt0e7S#?ZWv6gB9Th(86LNcfK&G&8B2~1bf19>wqiKP+TLU2G;Db42=QIbQvk)Oq
z87LRsW3lK9ccY6=(;a)}@|{d$JlGSaKgiuJvo*mkp38-NYw;D4yOO9+Pz7=7a<<=b
z;CjmW=1vrVNqyB^O~^|(6Gdq|2=f3A3nT0aEn0YGv5p4_qY7sH>v^%c^!v3A3@~|Y
zPkwC(gjk%Aat-918TASx&%U)bzc|=61KIKm=$v>xhqqP<Dhzw#J5osz*$tlf&6oH&
z!hbp$LFB3xP#ZvsziGNM-@m92zRW;$AfrmL(#;4M1r^+@=LMH4W_yRrKPL%YF^=nx
z5LS)x;EyjrQH-jpN?l4Hah<p*S5cl{`}tG6=k<QD6@H&9_dq{dd;mkzBmf<SoP)!5
zG}4Haa6n<V_W8v%HmTPA)NT)sM1av0Wh2tA$2yRUlLr6&Sdz<BPESS`i@((cH(Wz~
ze<gBwNvPky<90+qTI*9eYHtp);YT(HkSRp_0iASAPXZhuH52Y6>Vr;IwB8=BjIESV
zwk=f@eob2|<To*YOGR!$Q7MjNgc(12AXo&ok8yO~<ZbV*T&*0<+YGH<BW`#*Ro8m)
z5G)_Y8t5hl1pf+kRJAGDTLc;^9jD%4hquBPCkfgk2OUMQB<DkV(}=H1m4(9_&`apn
z>$ENy43*1yoBGFMnJJ%{mXsLsk@h?ptT|tYpO5@S>^&lG!j3!~z;WenARqhW0Lh_n
z;ZG$zgX(j*gqQR%maICy6+B4>S&(G`csAdb{P>Zp>j*b!IPaTXpyvT$^6Es4d1FRW
zMUlg4_rq}nJ>PX^nXysv!8Rx^$r)HdThZFOSU2gDMj|5~D&;aTE>Q8N6MTFvo!hJF
zYfb<Fr}p7cxyA0lYT6JS+W-J@OGJ|yaoAk;!swns=8_pu?ThjsL{9katZY$^ovnj9
zAXrchM6cLi%v!LC5c@lz>`4(UvN<}qG+syxfyAU!o%gjuYQYHgc?P2w5uBq^-Y`xO
zzui^GV3yA6ODZt36uYtDJ&cpS^Md&^hWy+tYh3J$<E!b5Mkr^tH7)m{;k`jR0n~f<
zp!tBQAf=47#YGcQduf(ugR%bNX#oCRS#jYcpyC_K?`YC2HM=TtxuJ<KBwQZNBF+np
zk&A+LnA!J``tC`I?`;0Q=5_xw-bC;5mMsr3vwi?tjAC(r!MyKNX&~jpz~uKS5*a-$
zQQsZ4<X;1=$2GVS!fg*!gCei^<GSq0*E6q?rnj=aV>9<rI6qUPY}IxUb6mKY!>jG-
znHu?r;2+9Vajo|1f@==}MFA7Y4X*`sFO{{V!u5X4A&LV{KS4CbLZ>3+hZH?|BbN<*
zm~}5#G}Rz578s=vGPL-{A2P#UfI20xCcs6Y#XxU#8n`$ZVJmJwc!m~feZC=(wU>u%
zJQLRDr3X$qP!nf{%1*(gsI>BCot2FQE9Ja_3IXdMA!Tn}xk#<3XS&1PkpS^T#tMvV
zetRseMGx}+4;NVU?fiMxl)Y0UPGsALQFv5IHaRNLqe%n>Lk0jvyvFf(f8z@U0E7U7
z)cZsL00f#JqIxRR_M(`f2FcWW{v}^@B-g{q_A0>Ehh#+;r-EPL!AwjoIyqh~KsZ$2
zQaOfW0-sxuqCZMA#6fV6s-Tx0tHuV}iVDT|L=|3C{M19MqIb?A|6uF+er|8aBD#Bg
zvnRwWfsM>6jhz);e=$d$R;p`K&M+4&{rN&{<Bww8q!-ns`^zN}l+xP%9A=E8AlO08
zBJ()Bj<ZZ&Y-A$GcEJJxXpdJstaH8a`mTk=h;nO>tHgvW3BoKKBUjXN$UD2s2)Jp;
zln84~?wZHqBp&b)o`RXVJHK0-VXfWFa&mpAYlu^A#zaTRrQDMEM=<uN?uU46z$s;H
zOq6~MJ%<<nc~;>?n2T%@3nveD3O;z4u}1;enue%GZY$N+%FN=g0Qh(OrO(GW4x|(c
zVZP+iHiCLV8-s?OcX|=}jpIw6)Y=#|TEWqLza22B<PAR%Q=e2aM;Z9tA1+r!PGCrh
z>S2Y5(8(oQ&~49LG{Hup@wN{(e2koUkA!J!8pZ+%R-|P1S%ZQ*cFLVhXtkHxbAiU2
z+6b^2db7AG?1%4*sEw(79VT0>bX>qcIA+aiSce_?tnYLdyAbbSkT|DG1r09a85|Bx
z#@&@yV%Vks$eimh#PAQriVK&3h}ogt0f2vt+~$VY7EMlow-xszgi6YNz4gjTgxTnv
zRv#quOjm9k05e;CKA%-$?j4Eo`zVSrk+m{F$#26NEhhhPWW{&F+ixW>vuhq8K0Y=H
zil`tAzb<_wy@RxNNT^0~E;g=X>{fvo2#Ne?=&h@GBisFwq;hiO>%PwP0EeejR=lp(
zB6^F+UB`Y&F33c&P!p2GcM5iy^8TGDfw%}%jor&qyrZYSO~Bxh#5=j$Y5p86i+9T}
z^o&tj&-3x+HDVPtZWlLwA0w;Mz2#YxJ?&*ZUGE$kc1$-XrS(7r%IDKXK0`$n*0ni-
z<EX%Gs|bc6bn8jjb=Rii9(bQw8)}p^9IQWXy^0m^yO6b+ZuPq%MDD>Y$i^%PfR-Sa
zy)QD_f@HX64}xio)}U;v4HD3@78zpsn}di^6|H#PQVOCubnVq}aW~0UjE*iKDX73L
z7Rp>~v(hfuk+#}+NPa$&;7k^I`b>~3(L?I*>fZj&VT%72z--5P#zD|Z7KIVhWu`Z=
zS7@P^LPUfy&}Hmt6hWrj2)(=EdA21YskEN_ywiLlwy|PQjP=Na+IaJ^e2U}S3m%I^
z`LkurrWW083;d*k|6=EC<gH@dVh}PJuo3C87Rs6l7tsKuP-xA-M-7NcPtf4oNl7e5
z1Y?TN5EHR}`@7VWN;E)HlrYMN0H?OWO^6^tC%=z^S!o;IHsHyrT^5Sp{Dhxa@XFVs
zR|YA22>ITOa++^-A!T4W;MuHCzy%ny6wAWYFSb1MG~x8-otzdLnTvm2@Pf8ESqBOQ
zH)@%R;`D{E%qk(R5#OS)wyj~<Lq!AW#hn~?xC=)oA+mR@iKd|#v}F2c)OI&uOP|-b
zvS!!jUc9DSa8Hr$979Tkxnt20aBzUPc(pecoclEknFuNEsBy8kaeg5|?c-&u(4Vy<
zx0_gmg6}<}fMA>Jp6k$MAx}_BU%Y4CL&E78cR-yuQ);qRv|Bu#502^-(7G(|8!ZKa
z_=*)H<DD2vkq@Ch67WqJ``-k&!(AE@w=WjwcS_H}NuFzbQ=*>SV*GK`8ag)zHS%p;
z%5mUBXL!z#y&?(Nvx^5jYhd4|aSmjhWxpRwSz$D#YD7HxpnenM2IG~Hd#6kI53w3b
zL`ca`86zxr91>SP2N!nz*`>h5IT!va1W2fjmgJw1bVU~T@=HlIv<jXQ14!GGH5B(b
z&wG*?Jws@xM?IJ5sc&6!twFqD@`zK9<Y+YhaLB3hKz7{<ejswfE5I8@!heSmfCQW2
zXQ{j)G0!<+tlCn_&}4IN0~m6#>mdYj(SUm+K=1Lfk?^)6Q^XZ4uCMk@>>@an_6zE!
zZylU-1AZ1ihnSYs0v^$*#m^nf!jBsFIinzi>J#^R(vHtkA7{!x`q6{4dZH8VJd+m`
zYb%S1;RLU(CrLkfy|!iX87bT1L|MWPaI@0x%rnP#Ucj#E*&F_XAkS-%cOEq0wz8@5
zGFL)7TFzw?V$P}(U|+b=F!loRP8)JRJaro0l9iB-6CSM5S9!vy9NUiYb}hmFQ2*L-
zJN#*Zw=u+s-=*&y^UvhAKIO?=JaH7(CfNo&WbEWF&%)I8Jl4wn__|S^EaGPHH^pKk
zeZiYiwKt(ffy3`CaSuv7euJc=j0vrD2Q5bi85dMx;JZp*{_EdakX6)IWz~SXNI1Co
zFf1?3;c=evO4Dd?o#R?^yGY{ST06s4Hc-cQ2^|h)jiR@lH#F~yEehp-aMN&A*FKX(
z?Pj}sG=2=rG8mFlX(JNBhJ!!XM%uBfLsrf<`8HVHsk^tUO`HW@c>|u_uC%pj^~29B
znkO`J0pC6|oFJ6K{uwlun=wiNOZ;}&vE^IN1EJf{lSG8%G)Wn2&SGci6i;ChHu{0k
z)wRqFf#rj1v@*G#OzCX&9uX&#&Y%AS*gz-03%k5(EkL8kmNmoht96^eZvA<UzWnZ@
zSV_vA^%NkfiQG$qUcH^myus4bxk7>6u-5yY-LiJPy*f>o7uoyk3l4x8PO7JNn3;JG
z`sVvi&PjE-gJaj0W&^u@UKslP-jMkdYXRWrN7y|XdcY>(xeacy^T^nMGSm>*UJ1;6
z@3Wccy~I5hNtiqO-g}41|Kx4p#JE<jAlo#(m<|N*zhfrH#5v_P{lUQfn}kE{=nN43
zO-dBu4h)b~eO+~FC0<1(xQ!pz&bW+1ba8Eb!mzM)+?+cpoan{Su4!cM${(eibHFJ9
z5c2M7sz=JoTL?f(G*i=mE1CHnu%B2K<>oDM2ah!Av*W89_QEi4An3#sNzD)~q3Rxc
zP``wr5akG<Y*Cav<ScN%HWf-<fa@tGBod40;9uEbyk*AB$-UTK&)m4ZS+0=TJ-h}n
zWLSB0U1$IR00VVP+(yxdeE<Le001ptd>~5xq^(e;v}uf)AUnisM{Pc70-X@B2E|)3
zAvdvKuU{@Ce1>t-__g1QWcku8TO@|$zGG1KNaEf12V7x9M7C|PSF<m@M7k{1zpU-7
z^*}>wfBY5su&)R08))aliw@Vfk6C`FV)e8Ec->B8-gVk6<g+H3%t%Kz`iPf*!VjDR
zyK6&QrDPXQTthg2(;M3+1tb!pv2q337Mj}G$z;*8GKC^*x2`ZF%T1i0WPZ*^uOEfY
zc~Np}QVh%(mOqR`!Vk#GmBLpqk*(Y7So;*xk!LxT+~xf@<aSt%*+SYf2cW*|H(G|r
zRrIHeZ^{v7ye88$0RvruG(2|9IO{#CkQnIPvp;A-O<fq%v-AHvZ?vev@P5vsGH36z
zo#l=8stDiv*fel|-li%sx(vw=eyAM5-B~^KEJLjMqE^XM0t*eDH_an)LF`Y$(4IF+
z-bUU%0O~v)K>#hM_xOgo84G8|aGs51MwvCyDj0mZy{iQu>_WwWv8Q+>lE7Sd-ly{4
z2v$22Hsn&}A_wUszrc@WgI9oEU<Gs1AOHXW00k&kV)<DT-NxnKiwHHulNem=s;Ms?
z(4W?h4ml!D=$mz_ZL-dO(-*~WE76x^Py0isNT=U5rP4J(6CxrNsOGrefR{}%+sqv8
zYQ#fgPdZAB9mFQnlC;}4+_esII)MDZA#HZbY`RKSV-n);K9=kMK74YBAub5Q>in={
zK!X#_hVks9QJm}X4#{|trX%6)@}@>=;T4x0RALJy8o`eb+W4C*LMk0fmu->}8q!@S
za`=t@dQO3xX-^b@FJ3)@wyh77&z8NBTbX(T%To3z7TR=S1XR+31h1kYRZE!fYJotE
zN)Pu27bmDz=G_A{a517f0!1S)WV6z2RGac_KmP>gzh&P%_239H7wsC3fb_FX5%R;W
zbfHWobkAwHj{VW!l{41ZQ%y%ri(V=Iw4SL7c*^l<F$3Qocma#eHM2B>wRBI(?^a<?
zHBX$vV#GVcoAYx6IJqE0)=)FuP;EJ>5wH~^Q$F(p2<xxX-v;8A5>wbsW+jMy;Ja(Q
zApIN%da1*}u|`8Up$_66#Lb+{1c)%#LO9E_fCR-d8jk?V&8r+Wc?2N~H}+{@IHZVQ
z6j8O{kghZRNc><k$^<8g#zH$g{gg&=&K;=m{cHdI;Yx3BwIz8Y5WE35!0*f^HI8f_
z=pWe9w{2GBXz#T%8zv}M_kw=M0}di|J?yKYTplY`i#yE7EUuqAf%*_ck_;8^9>q_v
zF3u}&0BJ^;-+|OYarC)dMq*fE+6Rz><hVsCV)nB}_ec_m6P<Y)xGdo%=DS|Lt!&{*
z2$&Y<<pXZ{SLN=!;+-Wgm@pMQ8^r<r{7+k=MF%h4P1r@L^~QapdRuri{WQZ4+`DuJ
z698R)pR2`0_Xp&w&a-pB_kUR(VOYgV6*y!>a<$bI&Q%!6Rk&&kLiCZ1Yj&w0b5sq1
z6Jw$`Sx5qrp<z@VL>Qm|4}`jc*~yNffIP3S{85#R0000PbLa#hI{Cl=0000W4Hj5f
zfLvcN?*TtYr9iU%ZD5UNjAbtF>c<`ntEy~piaf^DVQE%F8|y0KI5iWEB9m7+qdf!8
zlz=;S*(`0Sf`4JBSdgJD&l74WDkLSP4Pqzu$Y(fqZF-JT)uo0bc*Q+^1N~JM&NxVs
zJM+l#X*E?~>?=W}X}`IM8~L}%yYi_TjGF8rMH5(qAbD?SH!NfPqxqhxE|qL~2peO~
zU+8F75N+gw6ZZKwbyo$yuxpw&Z6V?(#G$uN%#ekX5WJ_Ysf5Y*_Un<lN8N^~=ABh{
z-@#tWgrR6-8{@=|A#>KY3adM9>Rdpi0Uvy!poE!;+=7C0`Q!0Dexka&KWOSanf!K|
zT7ujnzOBm&Q_~5k%KH1}qsDWcH3JDzyln1rs7K?JR|2Am7{IyC5FRi|s-`|&1bHlQ
z&k`Xjf?hhMm273~rTiuxsUQ5uS*}^mW3cdyAi0res@ySW2)l5YA*U%zE>8L3P##nS
zl%G`B{SZJtZ_p0vZ-Duj7M?BhvYa|`3CTv$sOS5~`@BI~8WN6yTF#lIpueWtVv2ni
z8{rX2p_v*W(9Gu+bA&|;s4)ieVaBQwo3QRJEvN6-l}l6U55{a~@JS)8pYY^e$mvr<
ze+9+PTiYd~5Z>$sOo9;X9K921d9DJdjML@-D}{G)J!!B%qK8sI>rigt;P(lP9AcTo
z9(D5wASz&2Z1y<W*5$V7xX9JUx<*P1%qRc8af{*64kNQDgz(uh6^dK|Uh~V^3g!gF
zZU8P=s5zTtSC_Ql00000A^|;wIRIfMl1HAw3(k$y;Co8&dqG1gO6kOn0Z7@3uT;MV
zk;LHgZV=WHUBmEziY*YhT5yx$I-2zgd%VZ286?(p$ocq1ti)YWHmBYAcbsV^gx7)0
zbyh`;-Q|YN_1|wn#;N>rg_HcF;+z=QL0d-Vz*tcF`qHJOstls*(2awF`%Qzj9m$|K
zo{G`)f-aWwi!g4t{uY%NP?44{r9;A3FJ`?DMm<hZ8EbSCrI(hBe^Sj;YG}M?v}N)H
z8nA>CO!_Zzm2|k<%l`%qhGZC${mUaw)Pq3uW-nTO*b$ACq_};qY1!-`%y!H;K1T{)
z_zWZ2PB2}$aEg3RXYZ-rn(LfhXa~%LV?_@Y{7+^dCBMg!WM+ei!v5uxw@Ghb_2|y9
z)F6HvRL@4>Y@;J`ggTb_q-;2>&bJRmMHD{oAo}}*yVaO9L>be^iNttI<<Qr9lZ=~d
z9{(D@OrTB!%lzTdc`%o>e2>G-#N3R?TvWngU*nG&G9QB4p}MROr5>#3crfJtu%>FD
z>$HK%s8HY7w<Emby?!r~H}-a`md8z9aCBb})w=J`%qvhI#mvLO-gCdAv^J7Ak6j-O
zp@}sen5R*VV|<N9lLOAm_28VbK@3gIx87@%qoin1bgR1z^z7#j$}FF(R|TE5i)_6<
z>@m9SJ!;%}xo1{3;)nnMxnhj~0qXIM@MO>c00005v>7|W4ov_eXpNbW6adR%cP#W7
ziPROvkHna%9VbjavJ21}zEY>#5l*dV%0h{}zC#p__>xlhT!}nz4Y(jB|6yD9djy)Y
z2#<y&fX<n?_;yPD?7P>rBD(34j*P%ng-d9POu3bPIDv^x1ZV{jO5^4U=@`_3`vnSg
z&q-(jB$x<F9WHEE;76U~oCBnYrKWjbYh5pH<5rmGkf*)U;r~6sxI66~(#9DrHzgU=
zzT!P2yY&l>w*7we?16<JLuPF2!!sUe_AS9kF^3gq@RkEhsSJhnnzaZ}%xg#_MU2?)
z>s_r%78o*#IHQWn@t~pJfH!{>OaV9Vo_g>E84LD~qsgDgX{D$w!Vegrl%z>H;h9s@
z;E%pc_}Q7a9LQ5B(GbI7VE9zBPOwzQ`?R#0{24wV{G*_g91k4;4$WX+gH!a{>QH{E
zEDh1(pw`NqY8m@a2tP7>J)v<5Zl7CM)m&8D!AKgo62`k#^I#J92j!>T!X=!*W>D2y
zz1U{gfIdoJIiD4Pj&d^W63rG8`CPzd{ge{&{whUry5emeL6Ni*#|z0w=|6QM=l)o1
z$CN(W?D5p!Y;&mI1c9<R0&2+U4A+7#g+<Tbw?dLVxL@f1s2x?W_mpFTmc~5HTMpOK
z^#$e7D+TK)L-K`xvR_X)UNX1Cd^y>apNSE-HlcdrXQP)E5C{bZD<1>_2l3k~y&<|*
zF(-fk7k~_a0000BMUuw&>CqOjg4jQCu&Sq~5km4yuv0e+V=}9@piNkXE3QvaE4hnG
z=jK3{`*-K6#g5{A@Foz8wD{@TY55<>I!jiIh}6(jxfnj15TW<rsE{x2{QhSHZrHh;
z?n5fU%(IJIVRplP=}++xK8NlI33Z^0HYmM3`wY5b1eCm~v6`{Fm}|NKPY9$g?b~f%
z`rsrg{z#%q)zdy^2SOW9QH^ZcXqyoq-#|;TeOdDuo2E?(&iztr#T-IHZDiG0qPpkH
z3CnK!(n0_yJz2BL-t0^{i^>4;NEhf*(OQ3ViPsy}3vOp7I?Atd<gqT@fis0Gu%bJ4
zoCCbF&WlL;?*oT<_i*%)Ws|i@IT5_3Nh20Z{{e)1DaH#QbYpRR)7!e}jHNxQNuw5h
z8oU{m@hh#q(YprbKYd<#I&hh7T5lxt<<J}A)fesMPaDK&*A612%`M_r!g~FXohe7N
z1`-VAJvVF%1vrt=k2`Z!=EW9f@%+RQ%oLy*)JEW-s`dV;ZgYZA@7K-M8LIYG(i-LH
ze>?MZVEltb(|jdPpPduDphgsn$lJ42WCemJYAfeZU)SglW8uy1e=3b;1D%gWZm*|i
zO6h9a1yV!@(8Chun5eT^BY(}Sf{n_(PisG@Xf-Ih#xHf%xBl1-E4>1p<90OV59{nh
zghg|SY2-eAW#~cZ7wY6MoVWcz$6V{6xZM;B0QsN*0004G`@rEbA3=)M2pZVWQl02t
z^W|;TETzip&-FGKeoc{ebwaF|r>ikgd)c~#g=~ciM*n}<+bPaL1=TLdwmz5ZkkKTk
z&sE%m3Fl&$n!_}!%X(3rCg3#Fomxd`lrU*m0hWWUE7HHn$Z`6p8!xj?KD<{|qs0>6
zq@D+de)D3t0zSYlU*@XiZKFGkgDRvT%`{@CilS0|j`OCQyiY8tQop{VqY3#`;D^(2
zTwhLR2?2s2c3S<HfT(Swg0!9Tmk(1wJKnp1&{&)uoDttJ7ZvWc4^G=O`S->g>;Y>(
zh<Is56?O7~8U524Pf9g5-*sn^oXzoZ$+wA7o%5VBg_n(oiR<+h)!F+;QRL6#w9?QI
zjU+;}Gd->sqL8OVY)}r_awjdaa5crR_cs?SJz^FynTa{xZ;OJ_)l*^Ku*XLvc@j86
zS@xKvPad3^@e1=Z&^6D(44&Zk2PbEtBzqYVf%y^>??2o`2_Iq^pGeo=fk<J8GW;`E
zl~Xhb_D;&^%??_ZcRa}GjPciWZ>?sl^Vc7Hf+0*BEat$F=Id{Ts*-=%v=oIbHcVda
zcvjYASfZtfTgAH_oN00Zm!mt`>sVdEzM9z%7@5k^(%GNxHs@zkx$aBGb9tHh$ha&-
zwBa*s@H^K$usb$r(k@0XG_LE0LmOu@n7Zx<LFcB!cNP}J9$+6BeK66Hk)2Di(ue>6
z000)S9NQ61FvAX#;Y;LV58wY6Xg|i2m5}}MwM!5mE${Tr2mnV*mPR<1r-?&2vE=ar
zwjffUY}FSg7M#4p_~nKA>XM1Fn0nSq9DjO6aQt0N1+DN``BzzB<L5SLU=z=g63##_
zBoKxTe9%Wszc2-*nU~y3hON(CVZOQRo5Oq{#@(4P-pz9+5#?o9*kINSy}EWE^U4QU
zQI$(~;U<82M)e&@Y!;gzfP%m<Vf_}siq@dJrX9};aKgH(Rxh+t-E>nY1e>E)^hm{N
ze$+e^wTEPa-c`k+4EoK=5Xsx`9LFLiv8khTt)i0H@Tq_I%16nwo+i2xy;xz+>f!7K
zv}nA#yOTtj?N<~uj7rKFcGLh(Af^qC%r&(z7!xy>tR=)22XeX46}>H!(#lxLM>_k+
zj(ClpV(76@n`?gG8AYf*5Tu#GI#btg{q&8IUuvE4SzD64{rj81zrtVD>C9nC!_C@~
z*roA|o?l4?4o#-hQ+?%>{zFM3f?Bx4h?F6=ZY5L4Q?28j?ez?b`H9O+qeivA!dd=A
z*(x~zz=7~fhr-R2l-+STb!6Vmtg+UcUn=X-Gf9N)#l+xEqLS9Io33BL)<3Qjin$rD
z_}5j4Lvr;wFIT@DO+Wwu01(Uo00001pnwdjRw7;nPLqV%0_c9gg}rRKz_<37g<AtN
zhsxWW;%O1}7a7~$BhzSkZ65O}zO$w+l<18HpH=-+mt4@(_!ck%xNbxgS;6^R7@?2r
z(KrlPpx`)67f?drKV1{StuCHMWTJTSG&a2qa9fYFk@T*o;oENB@rworgqubO=pH*r
zHAfwA7|ao!?cF}Z<|6~*_wj}pb7b{(hrQOx{gbI=4OOq(xs~@w6gxRCF26A0{+z^N
z55}k``H+Iku%263o#+a1$QH^OauW|%5R9pqJ1tTeaD<B0;DlG|J4vnNl4T;P_G@a-
zBRQMu$(LdLFtor)T7|l4p(6wVqWKEm&F+IPzjktI_;vs7Os#<Aub_E62PYWPudhp7
zy%CT0v){eNQdA7zyIEt|GHnoJ$2y5$4QE{0+YuDBO*MbTPs53QF|yPQ&=2p4EPX8o
zUlXN0KCy37`wL+G+{i=?8>A)Vm?XNEImClee%-`4pTv0|;g>d3DdZFo(!GHho_y5v
zl^JJ@W=uGyYm=n<sF9eC$c<{tRZTA`Bp!aG{q*bGv5O~zJ3Yi@;Bta!oWzb~YyFxp
zS=UBi{i|Gjy`P*(+kjt}#HJ|IA&!6w2d#^M1lg+C_Q(JL000000V@Dx<z}q=2wzj6
z5{~b6`!dpVl(onR3~2D{axyIUtwLHtT-_AI@h4I=P(&WsKcwBgEoLPVScV29I$?U9
zdLa@C>MSqWx=o2B9fBrBFzVgdRn+AYoX+-s(sB7qx~cFEFsq>*kB&??sGC%(H<kE=
za$%f)WwuN<A`t4cIeI|+%X$u%GzGySQ9jtHywD7}GyIS#uJOnkF@vR$9=%{uWV+e)
zBxM&ot%{o<GlgjV5;^UDCZ!JlpZCx(pCbBD=$mOLF{bP($)Q`>ytxP-gV(KAtL(Tu
zQnDL1fY}Ya)~iJl@m1f6BQf#(u`DZ<<mC^rL>3Vf%Bb1BVWrcN*M&>}zEVC-obg1d
z&e6prNcT=|oyELFzYY%U^wa+K@<j_)^L`xhh2te~MM1-QjE`>$VSQN(+ce9J=6{Jh
z9C{gp)`}+W7&7xK=$dRMgR|gb{KzlHLbQv~REyVP?KruF0_qp_Aoo6jx_%}5KUPkG
z#ely3PKDS(1f*hHyIHJX;Vl6NeS5}4jLGWOT7996-Ny8`_8smHot^uw=Ia`eRL34*
z1ZupmAn0N}ATTIL5j9&@rFR6=A5Jkstj0(`Of_)SCt*-XkxGKt6KeHh<q3M~7Qdi_
zu8nh8CN{fg?ckH-`g~4%oKI7cfOh+_e_UQHsynII7Wr%;9^q9Rc153{X6asXJOp$#
zd}Z~47ALDQTd7BU=Dbwzjb`%kt6}ymiEoA0H6f}cP8m6N(VX;wN=qA)#r>9T2}$!z
zk>{5T0cKv+pd%}>g9x~4C`0&pkrjDTEX#_4ftfDki*>+dCExX%QzMjledw1kA9?w?
zJb6lzUeiU{=%-&~#=RYg7|hIh9tY1IOx*dV?*`<HwWMM2N>~bOCK<ssHfOuvFVE-J
z2dVW*UTZ@4E1#^C()CpFy~<jV_do!!0O6fUj{t(;0000000nl@z#Y$+VL=$oHwOO!
z^QU%u&rHsc4F@V34DGQJcGjxq0r{{^B2#?H9Aw+#*PBrgj^sTxQ%`p%+`S+cd9a#%
z3SS~gZ9WZ=1+L$?+waeZE7<dIWrLO+@0P!&=MYxs5n20?d@|+bHU8@6DWigS4VPDj
zpt#;C0L<~z-})8cTUE1(#wLCN_YV#YFEL2?J&Vg;SIV0m{HoxgC?OfJDQU~^IK^FB
z8mP9C|5W*A9p6*;PejS~YHq|hG)RUW8kt8+0aL2R{0LYlARUrV89;e&5Lwl`ULi?x
zEorPQuN>DXsES;wfWygppJukK=R{A%>h6J}AtP`ktu-96lqA%iEiUjOx*m{PHH8BG
z_reaNIjeTk0B3_Hu^f=~C}P-U&xy{R&fszmxOUe#>{qqvn5%0@zaMQ!spVZC!9fGp
zI-&FcK`nSsBbdvc+|ovIWgzNR!~(%i05nU?IT=<-C4r=!fHPVWUSufZlb#`<zo~58
ztDe9msb4)KqA2wAGfHL)3RaZoe^_Lm+hAYxY%^+-ebg2gd@nq2l;YVYw>RTqu4cGd
zXP!uKRw?#o59rvwb}l5KOyfK;12vieMcc<;T_S57_Vx?`kX7WPNHVJjp~5;{eJs2#
z3QoD7YepU7gNgV75E(u#w|n1lzkwnIR)MeA32Z-?YduKX{y#Af$F42SK&z{-T#w%7
zo+}|I$tsSh+d%-LRGt6uSGdUvMkiTY)XfJ|o*h|2l&O3{`hW16lc2OI2&{6g{ei-s
zgCVY8qeY`e`xbu#e`3Dv1EO9~9#w-gUUEn|kKxhG#9@z9KtN2I2CF7{{!WF08nwLs
z9i{nL;`d07*H$IL6u<x@ZpM-TR?q+d002}I3mCSjgg&v1h%Fn37oWR5o=TL>DK><l
z)!KVaV-8E%0|nXt#DIurM67MSMWyOHvxM9y&-ZPdb@nWM3Xf+njj)}|XvU{*L+Np?
z-u9Lsd3grZ?B+=^sL9)rf<NlfkqtT*!h_)xmArdDyO03>%+22&#Rf{anF6?)CJ9SO
z%M6GByMd_&1D=kKHeV1L`n0pCx$T5%9;WWP*9_R8IE#jyQErB+#$5dX4*H?f$%(-O
z0|K+~gRq0t+4#MOYW$dDFupOXV|u|xJPRBr1_op3HCS10-O(qqYSVtaJUz)X)=e_M
zsL}B!GutOrK<gRECn*_8f&N*N&(;T9Wj3Oa`c(Sl**tE!B`NU(Y5|iN_I~`e0Kj+Q
zn^RoboE`;P#%>|}o_9ggU4o8YO<R!OCJ_h1(A~#a7~Ls+E=20h6Kw4=u!X-MzD1@y
z0{>!v@U|h+7B&T1$F=arNq~Ie`26r<F5HRXDi+athENv|1**MZCG<#t(29`qgj8ca
zSN-Sqou?d6na7Ya-9D%pBvj#tp^p0|jp0d+I85(vof&P0Y5qLFvjf+hE1oUynLeC5
ztuXRsGvb8b=Dv#Vk*7ToC(oPXl5QOg%}<L@%%tc1h^@3H)}zt2hs(Uj(?`XaB)8fB
z`;K<gIdC*I2*gSpC!tIM*JIQ33lHm`Q_Qc3YL~Fw&wy`t^iqd&5tlx1U!S1)p~aRW
z<y~v`viyEs*qceQwH%-ew`mpE{YkHxRSpj42c{({Zn6oAaNZ?^8ob($9BcpwArJrn
z000|`4+#A5s97~X;RQD&z`wMA#i(v(M?w~bm2zBa?9&falKpEg%EV*Lb^fD6neoAh
zTaDx1b=rIH&6NK8!=J57`)s|&l3X|NU4u?zYETBggykxknH1=>+^dqyFm~l%1n-?S
z?Ni}jmzp<!BZ1us+!00&#H;|N&tG?Ft~CVC@C?Qzmr@XF!JrI7rr45AWU-zVWUmF@
z1!xxU@04qQa5$pb`fU1%<vUY?Pz!-`I;3GMD_M5ItbCG}I#Sx{)?c!5$&(=oNxlLb
zdhUijF#%(vmTqT}P+1ELGH7d#z&;Vn4WxUyUTY**LKu5K(5pp9%%m<T!qc_4@}L1a
zBbE>kTL6I<fT?pkKvt!DM2r*tod$S^7muh&4-P0Gt9zc2rH9!;Ht1<j{k@hvAI9Q)
z^g3OWISl}pEvpvL01il!jXv>u$NRcT-g$}uETKuU$B#T&-cw}KJwmYz-*>8SbDjmI
ztnR^9vapOCYC11>Rouj7y!8820BnbA)qKS@oRe)S@YHq&PRUdiE7Fi^Pkp_ii@lhK
zrrf_5C2Dr;!;><T3~jjQO=!`ul25s41O{w6*%CS}zt!rYqY2=DFGNW8z7D?odkTXv
zoOIG+#?i$t@rXjM)k--I#4TzzOR;&)PC;1rU)HCUL(NdG<2JSo5FnBgaO%m_VTe-S
zEbm{e`WA<I+;Ko1=`W59Dz?A6q>r|+chWmdiNUcU$1mpL#iwv&&;XtS>NT_g00000
z007}?0y(A#tPfdR&E32uJXv&{bx(g9{f*&d<h_gv;Id8sa7YAB|H9kz4u-uID>vH)
zpd2B7y1!G!#n+&M`0_)L?@?3c09$8sc*)T>@eNi_(MpqOzIEVA(ltC3iiM=Lk-mS1
zG<TC|QHFIh;GN|KlF!hJm)V$6s%dEvJ-X7E-Eva0!tw8tIf`T9Juy<$fj-c?Jtzsg
zX!e*95HmEN@E0Y%ARX;oduS4dzc&#zK4YveYRU7wmlS-h?=sA*!UHjN9(L-DB-X?Q
z;!98gr^2Jk^(_B=YZqdsEw<>D^=aMy8P<8PXiq+2Uk0xf4z!L5eoQYza+;T7)o#J!
zZfg80diV>?3H?+^PjWF>WD=DkibMk>-(eNec<{V=y0`|&@Vz%wnMDAow>&&N4vk`j
zR;Gji0COd#u@+&aPK0@ihWRa>h_q@y+hDrcYZAo0cmh(Qle~kngt8rN2pDc0-9M*4
z`2nxcAU+<f<9KEpAGSvyR5DJbM#Z2#h}%QFI_rzSi{Iqe^e1a`w)u7d<~leJ)^n$w
zbQ=zcELkZ$3-PhdySRy0^Te%F?*o>kAWQBsH0>{DjM#QKGm1RbHdYK3S`1(Cnz%^*
zxNAqy<(G}+cBi%g?bf`D8zWP_xE@-7h^@u{QJ|uy>bgSF$)tN%>m$~E)nKpyhS`?X
z02_XJt^fc400G7RlvQj5>gFi2CD0Hp$S*U1b3CnvCQy1gwod61o7KDNCUU*O=iOTe
z?F9Sem69Ed#8Je-I)xP;E=O0=X_w#N>Ur`cAx?_WNZG}TWUDr<dIgg*`HT(0z@+TJ
zE6_Sh(HuGL`0rlNd}ROxlKHCdfaQ?FJX;xjrDG))NN<QGwk5|<LyU0@OQ!}>j)?y|
z25gzw7FKyLQ!Ld|$%gmWY<rCJP8K@MaB_Cx38@zNrfp+P1vG&tSyc!fqS_9C02jwT
zc{yuSNbUUt%5jX?`3s{p@<rE#jwMm|PbEu34>UZ^g<hAn76qp#=F|rvO3)LD<Q@S^
z=l0+*XKPAIgS(LB-g%1_BoDT5R_s%C*3AcGwg3Qpav%(0DrUc}z(+yh1GiXh1beau
z8?>i&fx6<A4~`}cpRv}^Ykz`DuL)r<i7axP+`B=krqoY~Q_~(c0r=?&c_s-kJ!N4G
z9|a}$FR`8KTI-_TLo6!_nv^v=xaEi3?z<@=>oeR~1@(i=N)uE&aj}x99m9i}$meRm
zxW4>ErJSV$@yvqLCj>`k!caQ<$~+laGw&HTc2AdK9SKz$b5!C6Wr2ug(Khr5pCSoZ
zMnct*;9y9b7^35oGqoxppb0fJz5qAS0b_|!00000g&+sr@xW}OBZ?zC`7akTwOc@;
zoaZ&aTBsj#gp2+<2S01ecgF)*(s*W>Lcb}VUFcv9G9cUlIh`F{<AMOFtmf301P*RH
zU}h@}T4%W#s~BB~^E&YwPrWM&bWV{sN!9anbj{QZLMtb^eDDu6Z|Y3_-wVK51;jjY
zn|k$DE1v>)Q2=YC(mHV)yXO06=kND&@iy_Df4kg<M`#diDJ5JE-xBI`Saz;RH3&kw
zhFG1cYT8~O_CLAx*rQOJc=E~sXcn-5fhubTf!u^I%cuYYFA1NeXNso#e6A6npf5}h
z8mK?xfY2<>c64bOUjI}<nxz>9kV`lbTRN6D%{ZVbQ4MaPyAn?tEIv8jd1s*7c{rr%
z5RxpZCXP<=D|KEnp)CU^a|bemo+2vtWx*Ie^XgO~avo%+K)Z>-J01MLcpA@yX*cNn
zAO-w*#tKhqJEk3y#W>VMNeesGOQISXvS`Q};Vo{|PcTd_%k@wH5z1mgfe%EPm^NH<
zTtc_74i7Y@ROW7QH@HxDngO*u@w{@-{C+r4cRVV~!Zui8O|_I+^sgmbrY++OJErmZ
zd+|vin?$qJA7UG-0AC38IqdpPDT`y3fo+(!s+9|1AnW@$ZUnxE29WsngfBl3(fO|^
zTeOAQV`9a?&BWi+obfcf62Y+>^TAP|000000006X@Aq*G#5XLeAwh+Vg2#ljG4k2+
zudCVETgDn$04``F-@zaD0of9^oRD~bRQ^N|FHnFX=&Y=qAqIkNJd~NkZTelGV^H;H
z)rSCPU%*K0Cl_9(75B5cQ0YFad6p9Dph9&U0FQOfE}R#nHCb_d9)f=6PXG)Bvx2`!
zVxR@9yMlbKvLwqvuFcLc*Q*SCQJ>k?b?*cR%}{1l81#p>flIzPDP@o|8VDzKP)1*y
zMd_GS7JSR%^veKxHtqn2YhxaO5}|JPGm}NV;||>3l$hTcmf~C&-XCi^a%j_Et<b;z
zlPkhf)?hDhgKD40baVeD6?z^vM+T@@2Bm)24?fOz;MaTC5ck<s`igKY_ONuw-b!oz
zW7_95ePVC|d9mdJke7s3vg}po2DGwuY?d-0n{Mba(9DxMFV<y8XWp~YuFCz%>OL32
zb%GE5*C5=bikhG17m)WRCBC_JiHi?$_XyA+v}jF-Wa?mJJ0w-}+cVaG9x&W#vsynC
z>KETt3)1o#MZDVu0S05&Yf3(zuoOxVDIhogVTn9%fK+xqn3qt|#gM|&QFr%laVmrg
z<?}p~x17z~{=&`C6LV*`Q*XWWttAEMB=!?)!uRPv+gPF5Uz4iqO7x)c^vBtf;asr$
zGw|<E4m0JN+cx>5%iseWMSuVR0000000Hnv4B@~9YQ%gj7qI&kG9cSytfyKtSojfw
zfSp;y<n!HEAz&k;`H49KYSt<EmWvQkjsP%YriVs_RbzcA%fSDvGKqi1&}74T|A}B|
zGQw4pF2u!@Fk_K%&N6-^I`fFvc|KDctkwEgpk=mqIr(WRY+GO9n-IVZ?EvYaCVO!f
zT7*N(LH_;bILp+XwVb6J+$s5qYSRSU<Qfs&0r$16p&;fBC<h8JG38i6tKRD_2a40D
z6C@+IEzFw0c_OgtYKBIz00000A@}b(;{X5yZN@FoD4q}yAF4(azAa#)JBDO99ds#D
zOeyhYsJ|@TOEfUNqM0^o9YUM3<HVAuIW`k#BPB!qdBc){n~J|l_6fj@Uv2WyCl4y6
z39TT@^)L6`APM1sjJ|1Hs6{!tIwK_g=wUkx&UonU-c*$d3B-@y#+B={x*j81+>*C;
z^>u^ynBTbOJz*-XVS=e95WpHukR1qjL!KX?uE$S|(1e!QG$I}-gH6czW7%vG&`uug
zI59h8ckF7}3KRL_h7zuyCR%+>2xmSE;Yxy*k3$5x*Q0Rs*FC9FR_q2c7u=a+RjOht
z9P2A0iXHnJGl0QLFS1yCpc@=iyE_-CX{?_Kt%_T;PyMRY`tF0&z<8vT8Morc`gwnn
z?OXOq=O**v!H_QJ0!=^zT{6#rvqOLY00001A1BmN<&+9AKE=DF7fI|*5tpYx8;=xk
zXLuqJ1aEVE0^uN#GEW!#5pOmFfWjAurgA3_O~Q1gm{?8-D+5e*YQTuqYaN!#zy*$R
zg#y4?;9tdQAk6=#@gfPU>|WS~OFLAnRrWq!03yk*F~Bz-*qlu&IDNeq7z?rGEX;n|
zK@3WRgOO+rLCn;M3d;u-ImU}59*ZAED0RD^0R^*@LoVXnVnZLDee)g4U;m;?D&HG;
z!La+YO+D<8W|2~AfZvC{C`45bCxh4k>yiKf0004Y@-fXRqI8!Osg;?I0~I<h`?1x>
z^(2M*^$yFza92_mOYwr+!6cYri4i}k>l33U0a@a#_??X~(mQQ~r%XgX1x5Zf&Ey@t
z#$uIPOa;5&jK4`!LZb>g^019Bu>MRfFjXpgCKS7!bqAV9VBDGo?k~WE&?yae3ooLD
zrr~^zx5^V+t9oU>Q2EF+HYU|M-2gfb*z6`vV5gDr0Y&u3VoKo~pd<sL!gz@uxxzc!
zIBE<>_?KM7M8mxc(N9ekjAfsfJy68b)mwa*o5XE=&BD8OJj2}XkL36eU#|K#x1tfV
zA-s}0Qk1IV-&`f}OHLWG3ETXc7tlL%8&cXMuAl(_uQF~ej1OU1LArjM&x`DrA-mtu
zWI#E}d<yVhFCz1buB`F9M3?uNJZm`LP-?F=FcrFph5DoXLC9W2SBFm#6`IG@&VUmk
zI9Cb15f;5`go{ukRgXY_H$Kdmp0&CKbTQ1K=X+_M{$?s>X9t!9<-nQ=Hd&8fTbMCm
z?v_7{0015X^S}TA002ag0Xw{5x{&Zd@9fLw&%Hzh=YLBel1sKwNwE%4jHXWTfJ5lt
zMh&^LQ;|Xgb~A67^jj1kF^_&Ju)WKY?W{K(Sh$BpiMw&#t7N{?1g9Ut9*tcPFz-wq
zaVv`o{+>nC`)wwJsW!qv*mEmSWxUeAO!()X$WfK&m+2{=98+vtfaCFChgZj9n6TrL
zdT3#>i~vCZscdQb7QI^ZFy*;*_2K&Ms4zk>!$;IQn+Y+fE~FE>c4KnR*)nczOk<=l
z0ocO?fB*mzeqFxs|No-v3R*6_OA^{30nR>F5R+f5c(@M-4IP$MB+I9A9DYkKD|uF=
zgD*gy4}ZEv9NU?eH%$z<KIdonF-^?vPxz2n&z;iK&r~T=A-p?Gfqc#Cp@F^4F^*Hd
z=ok#y*M|7>Y8J{Y6{wnvP}bXfMkqTIU>7eYNWT|atVV4UF+q;Zr_)y$4TvH9OBOsc
zwe>?MGjv`KnKRrjCCD0Q6r(}STvML3sn_=^vDT98NLl>Ve>Kqn(43PqtW{}5{sKAJ
z28KPsr`89RKmZM*zyJUMw28}VF5wH4nQUOD({#vB>yHkj^bUO^0gXW}>nCHqV(vBB
zS+k{wjBE$Lh6lt5j_fg7{ux$}?0?hQ6IU&8Q*>LBOp%tH5wboJE@b?mLt{yOqJMng
zfpu(7dc@i#iEySZ{aQCZ9z;_6?-&T-i_jh*U~1woxl|b_oP{^6@H=lFZew-H9FlBK
z>1xI5Cfty?UICy}G^X{qz5wC&1oF{0S68&aylO|P`mLh*$wOS+d5v#T0O)QRAOHXW
z6rsw5C~ikHz+X)qsiln=HS)m-i@;A}$5UJ9{AE#JCY}~_H!+r8Fj~z@Xc2gMR^yK~
z{5&7k5Gl_<y@6je(Xfn<gD7(3?!%vegp(4_+T~*~a%jJEo!xB-4_rN-WYSkXAs(ry
z^cgC}o{nlaury;HRr}}ZToSX0t}|J(YOC0J^!IIXkh5ERyPTTmSk8+rh_utH#hIX=
zE#j|-f7y383#7-#${J#e@K`WpKW#uztFMfu+ZR>ffd)8}Th&5?L&1k%lrSKG095)l
z$d$gtxBwBNzyx6o!z=gz00007Fzgq6zY`gv8v)eDPnZIwX_bXVyEarZDl5j+pOifk
z^hG8fgBHpan+0BG6%06=T*X&;*tCI0k*G-un?9y@UNnjghJ`?uE8s|471HNJqFQw3
zbVa<EMY76#k5Rhm{U-<U!S(pSORTa%e8N&iQqBxyh{RkD0whS5W<QJ(TAm06daQCu
z6+8hJyozbz6z5G$U^x|Ahd?Q(U>y2wJcN6gj&OM>d#Tn7uN98>w+VlukX{qQhCBEG
zOpzT}0004$TN)D$_m#<WIkK1<t)m;5@o!SkE2L1<*rs64;gywqKma%Z%#x)a_?!At
z0DUD(w7&y)iODs_y!$1tZF@(}Egv)MC@NK3JFjJ0jHWB|dl`;qsT>6Gx%=)5Lwr^}
zJAU(BS0(eXpo12Lxbyau@E%>Q4b+EgUm(H)YD-}Luh*l5c*9+9L{b}}ntygOREi$M
zAC7p*Wj9HCS*YNt%e>lKsNsAe_NO8;aY7x9UH2rnb;$n{`gxd%tw2F|pkuYIZ{8zp
zf!ze!&5otImZDY+iiI7{h70pL&;SP2?l1rV002VKnwSR+4pU{bWYF2H_m!-uwnPI!
z`_tNM(6Zth7?px&{<{9p>^UtcJhMI*prvNB;B)9)i>|^y7v3ZKy#m^BECq3I)awJc
z;|wRdYKhkqktd##mwi(cTYePh1F`X9E^&o>+4Jstho^8r0%a>K2<-EsQyC)`Zog1@
z&`VyybDnYt<kV>TLmYOM0SO<PnG`+VAmZ^1U$MVI9z0Z%weo(>w$;u6IvSyXBNzZL
zo*X{6=3V)OT5F*A<cEhROk3|5a1r(pxKe0sJBkAx5wnGDVH>uK&~q{XZxt+;klF7T
zsPr1W;)jp=nbG@=i;0Bt<6#3L9h@r~up(cvZ7lOgoql0bM+}d11n!&;hV{gn_D;b;
zo@YwoR!=J^=#Y&=v_8y-oQ2yPL}y)kJ-KM;Feik8#qUoIkFEJ;60A3nex4ojbHI`(
zcCRPPgAq~kGklpm8jiN~u^--%I&3xsa+&(!5hN8vZPmB|x?7S|SRPNXSa1ie_BU~&
zW+d~3a^&b`(o<#?Rq4!!izrox@Bjb+02CZhdK8C#qDKlJXTS^=VF^o!MiHWQdqW1D
zG}1A|>R@y4Y~sEW0%z=?XyqTD4pM1OT;CfM;|NS~zgu2RVMwV5Qk4v2BY@3z(cV!?
zSGe)qb5z{x8&6db3Js%~(#!SY9<1lmd7cEnrl)xpb!@S}&qp(&iYmQSZM5h6LCN>T
zWvZi24uXN_VgXpvk%SxVb3-Cw5zl%oj0^I7^AZSh_aVm}&$mA5uVO<50RR91DchPJ
zE_{E-B7+Kqj32616&(BcJ7w5Q!m+RLs0Wp|<&kTf$49bf+S0{5^0SrguQ?S{?$-ZV
zFHqF?kP~+}x6d4}4;YtUyGg33LirIx`W27>1y0AE%2<g3$!ga1D-J^vMX<Ve8B>*$
zJ2#ec%NJ557<GL`nx=r%&}<{w^Y6;Xzm`QnoA{1u+$Hz6khR;4X8!t@rbeJf_H-yv
z-J?Ic^eFgOK_G}R0;PoQMAasDX5`RqRJ|b`#r=YzJ$_9bfmv&OsacC^V0IUkBb==C
zQrPz-e6yKc^d(*wA)Y-w)D>eCWfaj~PTkSAwqVVDrBtG3jl!vd?J!cz5aQaYlfWNh
zK!-8_001o`eTAk+hDaf~LWeQPG~%D7&J3>sM{bRE?L_A$Snw6qgRLHw$3B8emmA{$
zQ3{Sg;Y!9sUdF_1j=)@zRQbu06RJ}!;oGbiDD!}T003z(Sgw<{zs9wHEL7&Z^a6!#
z$Ef-$Iy(JkX>zV7!77v4>9ywX57~cSItv8Qxz+H-`7}M3tkNR{TLQ=oek9)j2O7<O
zvG74OUb>?n9$jloK?UWV=i`&SSJLC*jq*Q^P2slQ|4CC9d!2t0cHAA5#g~5o^%l$&
zxIxD(ag5fho~cFU5I*O{o`;r=t8k*0*8<_VCaSH?GgXUeV{}RS-rK#t!6=#d)xgte
z(THi=L#i>qU_sWAb_<uIEP=CrViyAwC5yLwd)gHz9hJ#+?0zOi{|%BWjP0gZoG^`b
zysoMM07jaxOo1v;T7c2SQQsim6hPCNB12=te|D~ych;fIF&67}uK<IK;zFeNhxS-7
z?g{2tp8bx(WE5n!!BnIh8UbJ+Z=ClEiahR!=?i<Okw5<I8qU>*j@y&xBg#H0UBdC8
zD@i!PaLj)usId3|%K&QJg?AL5H6*Q;UbG*%(C3@@Mr-SW*IONrKEw=AT-L3Ih0ks2
zXtw@TmD|HJZ41^d000KA0TE1kU;qFELZa2)H1D$8fc0ooX%=#YA-e+XD@oe}ha#N<
z-e?k0B+{xJv{dkX?;V@8g_HGPw+D9xh}<&z*pRM+r6|F^FSn(%^BO3CROlMxh&V!?
zq%s@|BRN2YW67`RPRuA!^)yO}AI*8t1%DhC@g$3Jlbdh?H^bP1;79w2bO!?)VV_sb
zeYRgiT>x`cP^TNIR$p36&ITV7<(i-hb^X^XIT|wXCv(YN-=#Z&u<Z5J5Ey~!?r=rO
zD&ub9RRxy(V82`gE=1Q$RNQ=>pqx4LC1J;tpHv`;-f5q}->c=aI+z#WQv!)8@WO{r
z!}aRJNpIQwXa|-2dPFV@J3h(f8Cc0j*fBv?>1!OhCDU<68$ZA}FZFIXkG4}MF&@oZ
zYvCI*og~FN2Ooh}8jiZezo*F)Ex<=J?a0W|aqoS0>i(mVB}?epb^SIIl4zCS;1fby
zjEIdNb2B#sR-wV%9?)pj+<C}3#ltDn3~6DYm0M1(O9t!1oi4}`nN3Hjh}k3ZA6(z!
zxk?3oFs4yOYz%+Y9@1WPC@m@ah-k2rgLK0oFYMLnbJ=50lE>RuG87bs-(B17oW6k`
zg=4gemHa&^@j;YlgL>HARKo)0f0bbSSlTP6XfaOh4rmC^BKa!H*EZI5pPeufM!hww
zmhljUi;D8H38a6TSh;rJwD~ImasB`R000Oltuz7=sbN0$YgvZ(2aqhl6}-XO8bbC>
zi^#pz0TN_tGaB@egpWNzTn*@z*f$rRG&Au7Z^6t&P^Uq^0fC2pHEw4=|D*-PL#2}K
zddxph&m-aDQ^0j8h}02FrVtKt16w_5yEpxR02z|(U?B_raCkEmod5vI26d2nyo&BM
z68-17J}z@$sMJM6j^fi$lDAmQE>UB3y|kucK*%mrBAgJQvC5EIx-FV9Y#j;71(I^*
z90C+Yl@Qyh`zA};v^R_UdESWllGyBltTc~-Oj5<x7CAvIm3%PGX8S6S3mLA%wT6WQ
z_YKf)0s)x)3y50zo|FdDQl>P30007a4WV7<T#&VqyQVafHQ%{8hOr<`gy=Sy$PL}8
zJ}XGbY2}3!crB%LOsWG6#P`Yx^Pb;d>O_%UwMYfLu_Ky`FPTuT>w02yz=Bc;`V?TC
zCWSh*T>~GQ-*9#Kf;DwWiI-8gec|qgJi0Jrz|Av_Mjtj8B|mF6b-+huJ?YP;5v9*s
z4i6g}(y2^ODp?3+bEHI7%vkH}3wBT20+B#%mH+?%xFTB^<k;_FQ^muGytLuGEMS?l
zF@wEJ)O76cCWL8ZEjFv7oD(?bOIGVncwL`H0)aEA^K+3*A?bxECL>-hp*bU^b0H3t
z4?^U9Cc@-kzD#wSzg|<%W`8S?aQTSJ!D#KBGJaFVTy&A?K#5QDO5Kv+ch}kW;eO{a
zC+yG%ec1>?01=Lm<N<{3iVqU6r|pYvoH~=fholJU+Bv`1PgXkYGM@cJdsW<qmN{R5
z1}~?|SRHuoEW*n|KtsJdreajISvTI~^wzM}XRQxT&O8t(pwOMZd~@js!B;AE*J2Hx
zTj0O?Qb&*`S1GpwCg#l^`G5cb00000005NI38MFlwv26&LV$w(Esk53(o>>0wLybu
zRc+8TT}p9<U5N99-Z6QOAlhe`7GloI)Q;O({ol=9E3|*gnKJHi0|HYRu!>|YLe|c~
z3nQgOqLnbR$nb=!SF7Ot{@cU67VB7S4Hj3YHvBZtw^0brVX5G8TPtn{$XecFkG%KH
z<RgG0x>!TQ*31W>7zi3C!`y&6Fp0FP=>Px$PE#vbu^-Dm{W0F(P#!iC_%(SY+6%A|
zPXAI(q7wb-#^8D`P$~jkO~0CZ5%aagS|Dg3j0e&Q0?L^HdAVVWA;+LVBxh`bq<@W8
zy|-O+wR}qm|2G8?Ky2s$17gZYo2>C$hV`*K(>Z!So5nlOqV(wDZyf|%NI&&D9tJoq
z=aw=)lK<+b1Sl+qm`xLrzJ{HsIv^$(+(ucCW}GgKgOFXVKVG7H4<S@(w`!&E&)+}>
zdlbV$yS=cPX^VYt-8e`V9WVFoG2-Gdy_6_abXKsTC;YBTfrQR7{=)NFd}(~8(Qa1j
zmz0Q&1a8d{*NN*Dl`z_SM5w!1=&XEXW_1q`K5shbT&Hr!X3x%r-Xt@X#d^x&?G;27
zi!wRKi$LQ;uHfz|dtf=`IOoU?ygSCc2GY$mSURJ`-U@gL@rGLeL1Cmq51uV#WWvZo
z8uJ-4uF*$G{ZEAZnqU9`00eBdy;u<?=xo{>Ujkz6S#2^r0fct{b@>v1GxsQL@T4a$
z-y<%ig2MAxr}yz^?YhELmsS<yeM#8mI{4s=;K$9t?#>_hN6(OC;ds8Kr~4k@v1X*V
zh`rNUOI~%$a*eJ;fC#!+fh1aUL2!X&gF1*aG0{7Jh|-Ynnl5aV=jGuwF9s~6g|xkY
zf=g?=XGWPU$DG_1b@1PmMkZVbX+z$p(&)-?R2{O+O@wD7ant|+01-bW*8%?~=yFsp
z0-ZowENY@<NVOv2elPi^*xA=RYGv@YY!YopC?<0nS9Dm1=Xe9!M)i@QKn6QjdeS!0
zRK(Sck^{6Ro|ui+<X2U!d}`YuHhzh6S3rl)t}jbr`)$oIaR&Z=kD$IFd#v)+SJCK<
z0oSRV*nK$E&36Za5L8^~ffbC~slXdkBh{m!f*$`}2_S!vy)Y#j4z(HulWgzbPyhf%
zEcN^R6PuLJIq%)u1g2lMa^Kf|5=XD=<_PAa^u`A9fLp)A4cL}0K%NXHb;#Jyjs1W2
z2QO1_J@*!Cp%4gRjP5rEsgMyVgJ3iH9>4_}3U^s{?=u#I6{tO><AgpV)qOf+O`@UE
z5eQw?(Mf?zE+WoSWv4s00aeqM6{Y>$NtS#*@!gTW?K27~BG)T53&Yu7g9usL1tye{
z`|@!Q0~{9f$S!9X;ZstxQ?N+HEA`RqKi^kO&8sj|dc|g!?q~{4A4Ea^!dY9!6BZ;<
z>yf3Qu0%nGao(y2HAe6dq)W_GfNO~XC^ohD3Pf``b@q?sx!>-uHY0Q(UwuDTbmIS=
z=9#7^R{kY(WpeMm1noraKuH3s)GBi8AW>G`e2-XOgSW4ZqFB;e-55+qP$*&Flyw_r
zcezrL5k!14V5-cL)ayBrKWRahr{TQWVr?~kG=2UYj;TZ${%cu_;$xC!M&hL?d1=oQ
zWbVX@ku9C+jBVDV;Ln%%tg~L9KascTguMVblUHgOYTy6>2o1TF%XkE>Eb^wZAVe2-
z=q!3@bpRNhduY!WAi;u)Fg(t@>GXX=QR=IM6&uzK+l_<~uq^YjuSH8X!zg<-ZW&8-
z;z`)fp1tHFZvWB?t^7=4$h)dd&Se}*oc+ghX;}lm31uupJrjh14IwjYgCtwA<E(7B
z48{9^Wx4P<lowJM6dOmVueyCC4BGz9^-i#Ta5}~e6q;%Ko2BXQlw%#pX=UILJYRKZ
zRel1(|8FEWXn*1i@&j?GJGFH}h1@JUSOt#SbVj)&y84~yaVhoKSe8MNzzu%HeOM<<
zx$bR+DozB#_&%UhYCiJEf#`*!T9rv&euN!VmGS2H{=lX>J`^w)QaPAytP6sIM*{zs
z5IW69Aw?M)o8M`GgT7HED?bISUT>;1;SKk04u)V;buw<K0SFlLL4e7Fmoi50n8i*x
zXDE#$v*Dt^1}&hvC}cA{@7Q?WiDvu)=S_*9BzyPtuUsH5OGys^l7p7mt9j-6Cv8I1
zb0R6*V7m9pU}tZQQneF})=W0;S%$(ROkl64`J?uECGiD-nPB4B003D)65^~-Q7Fo$
zoh>y#u#vn*QY?hKfPda}sN?vW?vXYAI8&h0o`)X?-Xt{JN1!ybBl6fj&y7Z3tQo`w
z03#Mk)(lxR<;FK1W_{yvkL`cwVVmbnn@B$Mr+9V++&vNqaSBxBe7#e2W?j<-`oy+v
z+qP}nwylnBbZpyp(y?vZosM(ze*ZXQoU60;&AzUxU3*p4tU2wl`*BiTBis7MLN%e!
zZ2~ZQhW`rCG+HiH|3fEui*@1z<V^tM0fsj;|9~VnOJ@NVU&VV%??KUcS6HLr?R#=#
zYGlCv_BVf{F1E={=I5xgZMa0YHAsm`AMB96f0TW}a?)r$nGoH<yon%*2ZiPnuaZjn
zxtzYpzg{UtR|h6<bcx^W%_?iEnQ|r{pTVZ%n55QTHk501Qz+A6WfSjC<Y9;H%>bQ-
z+(^ox#|uXIaOmj;IV&HnwUS0#4KgYd#p}MH4(VoB>~A|zVWLO24soS_F0ceb3RWd#
znXeEPbK~8Zm6V8q{IXA$TO__h#3G~-m&Go@#I8p!*<p_QlzvU&zMNpX0pw<bZkf=;
zOPvW{p8}L}nrwME;^*Vg-s&_QPxMf00C*0w92)h_lonkupWDe@vpI?V3!V2jGU>KI
zsN*e+HvGG7ps*V<Ns;F~#8L*xmA)WlIaoR+KdNSDA7b%bHK>~*JEDqa@g+9WIe+KP
zuBC3}uj{SHHZzrONCtU2aRcH?s6NW?9DQBAwI^c%<OO%z^;Sw}@p5rRsA(@(_>}2D
z1?M_8>Vl>I&&*^P7m)I0F4m>h7F9ZC?3{ZUO&UMu%s5q58MjXb$4^MsCz9kVKZfMG
z(=_Fh6<O*RIFH*_-Fv(jYB^UKGaPV#yaB$$VDvarV^Um5ga&+X64SqFuaRkt&?aR7
zV2o6d;N=mnzu4q)<@Tf|Vkw!AQsTW{aC7Wm1ybw(WVTKfT;JId00*HSitXEy);mDD
z?5X4u`0X6G^X^CW{(^m#umwgE%swIMAd|Dk<^W?&<mlxt30TDo(e0-$zb`Ztzoflp
zjyP_x9~B%lZ8TD;R~O#;(gF6U0gKC$=6##uoZF(mSjVp9P_6;6I9rf?x}SYYC{~|d
z`dea9PEuS}{V{gP|CSc%gCh73-5$ZmQb(>}uSshLBcUM)>!N>IBoHo<vH1%k|J_3H
zO=AwbSji@|&N5iG$sk<+@=+AWExvjz!5%RQvSpA(SvAIC=OMwub{8VP_T9@~pT==m
zGPsYk1iEdx)-A;q4NbtF^Y8(?(;VXC=*6Zb?;xKS-P|7arFg(X%g0$x7&7RmM=BNV
z7r7Y-!Sj-)cPD1V$UC2`_{}qiwFklX*uuwJ;Q6Mdm(#=GT(U9(b5(JBzw!p3fmF6&
zI|h_J!r&gVjTLbI&`Jx{ZxQ@%E6)pCS{?=-vp}j6VC35{-w30~g5jTB=-Jlh7$|9u
z3L0^kfoE+%Z5D&JbLmT%V_hWy$EB2@=V;H|nEsDDR?VPVC%geXRb&cdzD2{MCy)#z
zZNm{lZ8q7X;r!CC6?kIWL!kOREc;%pSNBJVvo-yaz_2xH`@ZHX4U4ISG;t)gQD{<u
z3#2U;t-lR8I{T{D{1H9~SNyr8d9Eae3c5TslKNjEexEOme6WBTPR*jpVudHS4*g)P
zkthH!WRsNk4&<RWq9TtsA9{0z7Wfs!jykWYc?myG<%y~`$vbS(%I;-9cHN>9BvTL*
zOByua1xdYjq0kcO!zhm@aRC%!RrfaUy5WJTp{zIHN@;{MZ#lHGaR#?PEf1baOOMw7
zm#8{qf+7x(r93_=%ve3UA^;0NR+Z0s6abcm5oF}xT>ASQh0(_fceUa)l<M5MNwJ$R
z^^7reeiE$jB3Vk0Y)p^`D~TB#)-F)xlcDgAB$sTLLM8J4#_Ctk<5-bPYSv|CQ)b}z
z*pvmeda|iPM>9CAg1#iLXlTydOWS^pf$b3<Cs3T`p_k?&9k68_7`1g6(6JKH26S1(
z!<XT9*N9~~(|7`cX!Un{V#)Z5WpBlCSKITu-4pnAR**2vjF<0q*QyDw9?>xA64qo?
zQY*?iQ95vH(jDjY{hq(?0kgspm<^)RtI||zkP{5KB|`|O0EG2awvgopaB%WB3mw-R
zMbf`X)BZlb^?~u}p6b8qH4W{gT@)`Egii5d%xwET(78kIMg&yKwl0=VmYw<177qt%
zdL|Z)IL41!y*}D*_XXS+$Cftwd?<vmkf@M-znH${R_kb0g-qH_W}%_FMZCO~=Hg?&
zQ(gs$HqgI=(_WqC*an5_yA#%?$05{*pe~Z8sNdbOZl$49kp`PP5l$m){-Cy4P7tKv
z7m@rZI;*D^XcHCm3jzQ!yCd??q&dBN>=Ra9nY*PZ+*1Ov@Y*XFv64D!DyN&|1A#Kl
zj?7u(O>U4{W@(@~#*%9Zw2uKXOx8?)>M(I_X7{hfg$<iwxN^_T!E7$~KvwzzK!<9f
zN1Jj9q-V0LMUzRYd3MdIm~Ux9?me`Lo9Wd_g`WluzYW%VD^?I{!OC7rb2{zyKraev
z=rDLiR?j+^(OlS0d1QRa|HvsSEi^q>Zdd~5*cXzR-pr)ir&_|8#<#9<@WOVe=;<8L
zW5xYPMaZW1S+6#wC_(uimY6pixH;J+z$&}*|EhCP&Oi>t+kMzyZUpW0vRjcdh|jB-
zVtG4S+_Y*^oG75xvNqESnKKL>Uwnr$BG?^^OWOCH%DA;HJ3Wf&nA2QE)r)<*j4(p4
zccM_*HK%)sU`na$(4!zfqmSNd*iIzU8&mkVcq6g}IV^XvK`D)gZ;uOkD!wn}U$mii
zLdwh1J9dK0#IU0g*fZBQ-s`jQhx5CeHWHY!f%3t3C7A&|e8UDoR~^3U`_hTYpheU$
z&b+=UKS57u)cvocE{#muqK-R^@-K;NS@-sgM#j?*PgG~V?Ot5KFO=a2T&(s3=Q>3N
z7Kw}i{NknL;zc>C(8$0*Rd{dDw4GI#QhyjSRUV0@sX&<lMoQ_CMgEz9K?)W;VmpNG
zM^cWp`Tav7i*ujF>@W_XkKfB!+Dat7@`|gVHu5+(HbBlz|NmUd$q17kCf@X7%T)qk
z#C6V?M$8oLHiGdaGp$8d>Zc@QbBNh9gAGK?wKnT2dr)#XMuob?Ww=N#RyZPrD@1=A
zZpU~{3~EKPQNZlVT0Qz;s8Dku!qK08(w1%R4@*7b`-9wbwn0(~T8^^?OSW*fcY+fB
z>hAT;RGB~s$eJA0sq1SG=2w?F);N$5eo?USnKZj{JmFLqjAhyMo)>ok5Qo4gVj-Vz
zLIsoZAZC&22$2PY=k+J0imMB;*3JB09?xq3sNcN**B+4ISUuEA+?WFl5>yn7H3be}
z{F&cAeq(D1Q$Q<P<oi-<<X`mZtQV1+qI>i4paVZ>e+Q!qbhJ`oalmiKZb3Ee!!ho0
z|I~Ru<bYbMceF~@Ag4e<!=w3a^w}G)l$Ye~hq+TkQvWXg@XCpn>lS9+>Xh<fy(+Db
zvyWO^ji@aK{YHl?l5+U(kz8w4?P_dOMLrt(sdWXxgJc4~R1ixGB039}f&wCSec-hu
zh=Aq#bvRd=K3wx(o0~?zS)1m1J`qf$)?|^-zA(8wQP;VCvo&v4_J^;np>cvBy3>5%
z0>EuNH8qysg?PSMaP`Eu%0?#+NY9X<B#2WK)3Eog9UQI2#6RPUEcQ`J3*?A9p9cV^
zofHaFNrTJYm`6g-#D8<LUJuv7|C!0JMd=Ws)Z%4bU=c#bY|D0#px6ykGi0?{Fb{UJ
z%qM@7<>P1j5rV6XiXx-g`w^X+8gD9F+c#s4AX@*$0nw{uCU*`|)9c05F(=Mm^zKgf
zUQMAf&q23%m_9>0D72V%U~OShehfBes<21enP%T~|MI_P`NT>ce`*?w!qJv{2wNx|
zYc1Q-bD1)I*!I#nmDwMg(f{OUC4^ZYsZvS5VA6tM<KkOQ;N)Dz30#t8qL>;$+ni|s
z>CV9PW6*^K&E%!2;yk0O2St2U6>3G#Vh(F0c*b#ilDp(%4eHYwuhK$=e(}?af<E^H
zB6B&00bQI-tC)r*rs=#UkDZl0aD=f>V9BlYpAZ(HAhGYS3(auC9HXbk>aq9Bb0{8J
zDe9l97^gx)rJc>!&~1AQivP46(*#t}ccq51FCHE?i?bO(W7Lf$#a*p;5H(eas|P;^
zpCc6ikg>QT>*pPA4NJBzh$ka}G#_SOqjq`z1qG`p@BN3+yR6Qt&g+u9dcS>}YkU$G
z6$$({k+nvW2X`Kkbcg@;46J)_t1K%(9o#-_MPV8&t3Z|#`R^b4N+GFfw2pq9NwC%8
zc9m^$NbN2Q2(IYE+DKn1tPuSC_s;sWcb5=fAZRiPB59bE9G(zd6m7v#s$wi=X5b8L
zLDAfN+Qa1zT*X0R!YieANqm@Mm>-i35k3GlQLGs6t*Ht;FD)S>+Qu^qa6kosFV@VL
zj~`eXu#?>ul!gD_cLB(lP)M@<@ZBjlC?s*TFwQq~2&He3QNGEA(Mom%I9(nZ@QL*x
zfSv#z;7`%FW0mDJe{>`&$O~~<{hV$ZX9$|90!--{x2k#6Wo(-$&B1fVBd~c<W4QKw
zO2!*iiK$a>iL=D~A3vX*29z5H{IDzt>?u_+iVB@Bga~17>p=C77rVi34R<$M$9ih<
z)eVW#JN?ra5>>TGL`fbSfdT3_Ns-5+*51lAM-+RX?{EQ;??~1jkeEV&%lb;&3F@0A
z*p-UYk$$c!RW2VnJ72s|Rng@*Uh#>1nt)~9dkA*ohRC~S!I^RX(?(5AUib<g4BaDt
zRlhY4n&i;wn=><FKlVkFDN`@Is`wLMPD1RxgkS7g`Ce`+`>`?Ok)*WQ*`O<$6|0+i
zls<JaPcZyNT%k@Fif;xar(6U*KQf1Ixjw+K3<vLG5f2xha%IjL3~#r)!rzo@{bh!r
zx5cg?E|=v%X9^py+c=h@{EfjvK>C7Oor0Y!Kt{VH)c^?N|NO9iB*9M!;7~E(n-c+$
z4K9EL#K451?&$^MkNkB)Du+7*nJ*Cx$gZYwj#%u_)Z-%etZ^tOMv^ATM)bB4P|b<9
z1l1aHk?{}u2*_f>M&;br+Yx8UG&5}4=YL{KKW{nqv9>n7p+<beZXe|HSBj>+ivH7r
zFs&rgM&gEqU>Ee8(f7(`)=;i;h4BF(`_kK#teoS}Q?Wj0n}K2BwQ-JBVztCOa-zUO
zFrPav>g_8%9$zFYRw+V4sQ4CDfQHj{Cf(|o;(u4@r4psw!m=VZvMGxi+4u0PgxT;y
z{ww2$CGU#Zwxo%qIe2V(Yn8E&WBc~e*X^<y-F{2UmrVD-@-S~acW87+Zy+P2hWRXF
z4ep=v-U1N!LwDY0=10Hx!@*^8(>)bG#t&J&bR`$I-e=P0*iB}{FaHEOnqr1(OcZRj
zTzH?J*W$X|e!HCTBnHS&+ba|;39UfjjVZ&Se}M?Y{}=F3k)=N`wp>Aiu#hmrIME=n
zJ^_FclNIhHbkaFRu@M-Gec>rYy8ZT`T0BDlXI<9)QHG%MBxf+UXHz)bvh{}(z<&N^
zl%N9GWRyF12tEv}UV&ljwMj-QIMi`x-lSfbNjQeCL2Q8-8IR--PPK8PAjw;6^IQl2
zZ9$*9XnOODntg%of*`7q%uJKun=rVo_2;KeTGkxQE)QVUS!2j|;2$5HXIy#3?-zVi
zEknkU9DL%SeKQ{x9NN+^tnM!H^OVvtLjB@`)|3l`oBWNZ{LB^!%MQLgmXyEcmU_?a
zfnaqF*>4O&Q5ZZ>#T}Qr676RSVbs6YCv(m&(SV18<}h4fnHbzSv?6h#Kiv?<G5noL
z0!nm<Jsprhq-R|~^ID@hNW++@$3I=lFoz%(710NqEoDtOY1+-!O-TgQguT%eyYUU5
z|IeO3f5SlWz#ribW~@^|av}S~Ax&V>Me;Guw0{TV6^dmx_G>R%!B-ATt36p{*&|+y
zT%YN={0_OHv?ySrLOuabN7~jj#4KNwe$$yi*s6Q@m)k^_KE|)7T2A@8Kqg&%{9?o3
zIJ4`lWra&$&^_=&j|4uIa{Wf0#y17Q@FJ8oY1PNg)Ln59x!>k~x^R~A2==#hgKLlB
z@bc8b<mi#z%o>(N(^}|(yRB}i?s20GB4^EP-B~PoE<aP9;-v0QG14)b=I*@sB^LPI
za-U^X715_m>95eZxwG|5eq91?G`MS*==&L}*x5QXvODG{b3>qwi0We1oe5n>we>;a
z+;@qW{xfbdHL#%A+A_=knYaw*4vw;6q^vDWtu#5%GOd;_HtB=^$%DR<?~h+86IuQJ
z`N+99OI~;1Gq#+&AoP?PtgQ4}GvHNP7YMAVw@VfcjK2GI@Bg(h&`f5FC-?=tO;pvg
zAkYy)Tw#nW_#(9)^GI+N0X!PkoRg$E3cz$~CG%3XvbA3}<7bSlWqIdy@SC@A>Km7L
z-hyQyrVHx&rT<|(P!|9}9PT|y5Ta;OFRvd}8e9^ZmY@3>jL;Ii7qy#=qnn}`{IRSU
z1@ql{Pv8Mj)f^~NfE#OoM}d(%GD@`^#^kg^`l`@EQW?YE3Z#T9x6@{bp8;_Br8->;
zEuxmelau6;IJP6nAVT<}^t0Ov0_p1;i&q&(%rz9W@B|>QxodvKyIF<%VCOKH(CeTl
zTHouIZEadqlD1rZBa{9$tDG5Pbg!8L$EWzr2>@!A=~x37dW!K-ltRJ~#3wrI62Dqj
z(^Z8ljTWF@M8-C@B;voy#*w+8Gpaegf{0hZIPJC*BvsFL0pUqhh(AbEubLp$e(y%8
z^R}AICg!N~Go5KR|AArs-ys@n<_@N7b*7o_G$Yhl1_h9tm}T+Sx{w(!{R;#|u|hz6
za)3}4yR{L$G5%5c@~dcLne1M@wSgYPcI8(+1^wDSkSHDrn*+ET($!VE3QmDJl=Xm}
zJc#oanRuGKnZr3ifR6eX^&id~Skah2?2;cIR8R25cm!Nu6=JsHLq%OF_zkWBvGJx5
zvHq?HxxqNQjTt(ke^n%~qb4>?ps$Ls33#b7YMWQWruul|@Ml{LYQ#*pyE`6zYm}uz
z1g{Kw(!zU}zh_9wvIv=e5Ll^XEBcOFjz(1Jv(w=~n+Zss(Y{FvU)70XnpKHGXlE~|
ztda(YczqgmMen%3&>ZtDPL%~@T=G^X9o)YZz{Za7n<E}Oy^nFxFLq%l3n%#?=?Koa
zFh7|&Q46wXctBpk9{V!_GXM(qLaDWlA&`F8GZk+@@1}A1diAmzLycDx!cT(^!$cfD
zY;7k#LHnsD066DsJO_SJ{%3IXCnKo(aaBzFkU5d_{ZdbplQn&8cR^?EwF?kh*vyf$
z=-fZin;#h#M*inp_}<6RhO6Pq3G(MM^=7)NyDP7c&h_~q)+9QHOMy^o_kv2;1@e5Y
zI}8!}xCo#@^n{)~e;~Wq;GA*Pw=(=T^3WMI<6LZbO!ZI%7dgp9xhT|;#IlZ!LiGBK
z!7xK`MD=jJOPoi;y@3iX4FrjXc-X!I?})V`7j+aGU~}61*K<;d=Cei&LzLg-+4qc`
zmkc0+-zAO*QYI7vVUiV1|Lv3V+(rC5_YRIotBwSEx)pQ}cjn?k$n<lR(AVbjHK2Tx
ztolfutTg?}k)sT1m(}?qH9QV_s}+3|F^Yvs#khKRSh|zl(tlE|lPpSwJ+G~Hx;fHY
zo#fMaY<BfXbj7n4nd&-3w2)Blf)iDsQ-DYr%$+6YE|>r8!R^^MbYc7R`}%5F%;Q`6
zKA3Du%|SZ@=vjkt(rDObv2IC!+Jc~imFv6?VL1M@8|<HYvX&qeikDSu9+5inAx&2!
z@zOm0EhkAJDKF-g7t)KJ+;p!U(E&0&s;+;khn5nzCMYEMMrVngOGv6GwiN(E<)B@`
z_I_rdi>b>#{Y{%S*ABmg&9qskA6814b*zDu_#+u-f=S=hW$ZXGLW4S7(03-}MQCO1
z>fg0sfZ?L~^$Y71blVEL53L%=x10$AN?a#$6O6M%*rlwI?Y0JO;X8^G^HA){1^hgv
z|3ogVVHY~^Ksaza3sBnr=no4!SKD%TBbE=XH?sZO8W#{*HGg2Z(O`&S;U5(s3eX=&
z$>p|FqXkRG^HHqdr0+{-I{_=U5!&C;i(`lvk>AAa5g>+N0q_=i7$)UX`^Wnk$LH3#
zSg+A}wXHv6_ibP=ZSfp}&l?tC#IlN)xv@-O;n9#8$?0@_NMCKcM`#j!QhL2r@a()a
zOO#pNj0uxv7dL2HIPB6J)W#U(Htx?OaG8KNNtLA$`M6q7BaR4oRn$m2a$`_D13-2D
zi+zyg4r_E^gE=J3*%t6<s%4;lsq0kQy$&VJS>AcsHh{P~8EZC(yTrmLwxns6R6$3_
zVIz0qa^eaL-b=|S8ov>kDG4b`Kh9*NVW_PZ%_w%O)l6G9Fa_WkPCX@*MgE#2sKauo
zIkXdW5o&gQw9F@^WnF5R5k=^V4au7rc>Cqprf|y%?R(D`7uG_eN-hVv#;7{41K?S#
z1VKD!SAjjF+_7|&sl1<>6OKY{D+sE)OY#hl!*fYS`zO%z%t#y|6nW@E(uSjZkPmmF
z#{<_T500~W?tI3MtBJM~lS^@0M8f{Svngk?qDK~dEh2Gds6sPI01oa;AD|-3zG}Cs
z{d6IE3OUn6qv{Xd=R{AlS)8b-*#<paOp`QU%1ALjbMEy!7jZZUdi;o|TkWOKd14TP
zICM+F!m}>B!~G5Uph2vomsuH|xt|pdqzoC(UnM2{8N7&ekQfm=@e1t{m7y!aA*a6n
zHoN%))yR_9+aA5chS0bV3?5eXc~~}3R=7WI+IA_htZ-YHtovK6**V|Ne1K+<do&Wf
zBJ(Nfssk4<%6vXQ4&2<`oD3Wj+91bel-WlYGj7jyX1umx04RXz6mZf0H<S~qU+1Pu
zLwOP?`oZ-%7?P>oK3I|A<g*CIii8P7X$R;a_&B7p6Iu-8k5%2dJ{B$qc6e>{8jpVB
z*s$!4$sdg~Vxtw~ZeoM?%HGtjEN{Va3MEV9y#(!}`FE*G@Sn-1m|?9x^_hH*o(|VW
z>)+ogJTZWfEgXcth@~F5rhjh1djRO-nF);nI5FoGPoSh4J9Pf4F^2gL4-v^3s}Pjf
zx~J7$9f+9z-x}^)Si=>mI{`4$9te34mKl1HHmjVxwRB<1>IaamWe5G(vGR4a8(t<j
zo|$-9*n3q5z~ueoCVPK_$U41<0qWaae>)m(BHd+4E;~bPrnT+P=VB&QKDD7H+hT-b
zOS<Lm{}q%czm#V;hN)SAcgVJD2Vhom1m0oAjV&2bH=x6J49c2eWxBWt6z@CEIFQ;X
z;^Hc6aCD>4a)b9%TaYgA9x8+6=rR^08V<-`$#U5CqbT+^ZUQ);VOtr6#72d9x<N}h
z`L*5H`W)-VRwLZITb)ejL=|k;#UsGpI1qt{I$vSloJrm@9hcll%*1Sn)(*o+9L&$6
z1j<*p+Q#ChLS(A?==*%NWD%iYFSlV3WsY#tsJ%P0FGPc%Bcfdo7K?WyELG5#-_OI2
zU*NLql+OYQni;}pzFV(N3)KfK{JY;>;-|t10m5bVXKIMRm{JSb5J2-gWZC!+tlH?`
zRWvsD{!&z*ISk3J!pygku;;VqV4``LLJE{#J!;^vc_0re{J`Km6YL4%Q$y|^uZ-yI
zN0k%$wLbFA9}^{PaJ{IN3K&h_q|q`^=Yq=a<m3aSYRgNNvn#|b|AyovGH47VHl3zD
z5Z7P*Fdo`Se_6pnzwZNTGl)2DYLJsxeTtNyPfR39=u_d8%U3`Ch{{gHssSE1uc=R+
z>DQn0IpnZT4oo@walU6XQuGBrnv7@ACTwLI8r#`+@#miB@c4tjx#q#Uciu#XmMC@i
za@ijV)Y1wvKbdta+fag!Y*%s?MyLsSR|8=D$sjY7Vp&=crva_l?w|Fil-kK1)s%DD
zWQPrGnOi*;^psL0716<J$ie%(o4((lC~S{s^*`B<Z`{t%QtpZ^8J#vnv$}9`{`C4!
zZ4uOdkgAgwe}QrS@CluxaP|O`?MI3*{2k{uItAeyH&yvoM)?)+W*=h10iQIiv=gsw
zOMuV}@{M!t)V(X21d`K<0wO6r6t;1e)jkZW5F|vAt`EJAq%LNPBDd4`by6ZAc@Is6
ztK-YAe^+T`6gUr{=}TgE5o4eXx<0h`l8HaJSagsNu2-#pGZXH&_zLELvx*9xnQt#B
z4g5<+ydW}1zLHlWN3xlSF)W>{Tzfd7LPM_P3%<Hpc;>CoUZ!D;86`U(-!oHf!BJjV
z#gblQSh61h)K=VuUo{65VLw==4bYHbDYYVGk3OWJG>0WgHM3R_C5vxG2A0_P9;z8P
z5+A_QOgTyPzoHDuhL=PM1q$b_;_q<#V;@u8Il(1l>KX-xx*Uk|asV>$ae=le=QR~{
zmxXW^4a`pmK5-i6U~QoB$*(2}CK}@esXzL8#-Qk}O?RJKE!T|pBSnE*;Z9NU*`19*
ztEHP*TPI;5-Q9+wy|pmB9QEmT(P=Qj^Q~kbP&`rh5F*m34^bB=Wc@LekN0zZ09d6s
zqEX!-s7G7qu*de#7C<3Thg2%wE+!J|{X>l44j{)q&A?65Z=rQA%q)Dw1W68)spq;y
zk}r~(=roQ6H83mZr!MMHHlAtRKMpWW@YftSe2dlCtz9gNk<Qy=l8stHJ|&hG%qBq7
zwXNSii<G3`@nfL_z&)X5z@I7H>_b>*#X!R0Inah`cZ>%M9HZ2gBPPRU@(3o=f4&@7
z5dvC-(iH<RC+toT$ASgObe#)l32n5r>+?U3Z7<CKE!+gFOeAKly6j}{k`UQ;Ia*tk
zd7B36+9?B)t=EMLTHi@XaJ<&v=|XdlJjh2@_nO69PdXB(^J0&Pe3gLw`QA1iYA!(8
z6Mh5%V|acIcTv5&h3ymrFqj1xbja!Xqud6$aPNb7SUNjRj#&l85%pulDu#Y`ZjgsJ
zXu~LaF*hMEKQ2p*)31f95H8twNh|10bkJaw?Ur(O5oLL-+HzChVKwSxolBDGDW47_
zS|yhILc91YK%heh>e+39)^4yO{KIrkn!37Lxy$VW<1R9-m@h-B=`PgCa?IQZnUCim
z;5xN3>%l@h?J|D+)x(mkD;>%xo^ia(4K_aF3&RUQ^eKil5LGdYgj&tlnAMom{m7>9
zQc<-K=<UoIl7aCmJ~qFeWrffoAuRya@=oV9vWW(QD6}4jl)_z9w4uyGyUyYdd%R(;
zL&qVUZEI7e0jUy1SJD9Y0Ra3go$^v=wiObb^M7%9YC6V%%peD3<75|%mmpV1p74tT
zVaNTct0(^z>pg~oex5!MgxAof?G>?~+``38zfyNQ5=g&g&2mfKKaeQm^IWlClPF?<
z?g?ao2iI#{dVPH&!$BF*Vj){ShGyBQFehhk#tE2QyO=Sv@xAlVE+m{p;4(KkY}6Z=
zZxzUxuYT@j(oU<%qBaa=G&FfWZ0#U>xsesOOLP-J6kdouVled4b{bYWeE664d%HFL
z>WwzJw+JTkRcz<%Kr*Dn=`&cw#n1(bgdZm5K}=)c5wvo$rC6tuX1Fo6lQaW<v~?(w
zl2x;2zXj{~XNO^`%B39X3y0VQ9mv>1$^zkQ(Z?;n$M=u0rni*l@ks8Fk^?c(SGd^X
zdZcSrMDWo(ySV^P*)RrnAOL{*%um>%$)w;7W!p0$h*HsV@`vf<!b02z@}+y_^%N<9
z6+xcu+F1Tq<$m3Xb;|r!#`I|ephCLTk7+u|B)k=Eg5R417wsPtgmdyI4{CuV!W4H*
z=>V?-UIwxR8@~;RzVwV=+%I`9nuASL{20?&Q`c*OJQ{sPPKtlcN)yiLE7K_uowxuu
z?|T=)iLY@BK5{!4*gJ)=-(4G@XC=d6AonM}^plp{D0|f}CBL-N?>dg41Bv&e?HCqi
zd%i1xB}d7!7gHsBUZd3d%9}lOaLiqPYjS*L2<k>$4Mq~}TF|8_5>S7UDR|h>&Zzf3
zf>?XbDd$L9W<BZcIh%?Hp#(p|%N}^a$!LVRp(7va=-E-TL;2De>CP&xtU#ZckD2^k
z`75T(dqPUFOH}wApAw}(LSct5K`%FbBMLRvufr|xapsm$dc)?}YbqQIF`ou2hNkZ2
zv4(6PP3$J?yJE&r@eYTQd$91^Yz+==e=t~iNLh__9#&Z10TH8A_082yDF?IZ>}HcM
zkC|HC;st58?EB?(r*r&rCjedM=R*QE$%Iy-*O8ikPB4g9ZuHq5U6b31-e+jF3I$}z
zhCQpqsgsRNd3W-jdGQl?`G`LD4cz*Z95QBGax?;0Ixh}=BX<>N)nT#_QTSsa!Q?4H
zK&W9Yoy&8f1z;k4G6HvJsrxMb2S6mOl}y2IT+Icz+*@vn6Iqc2hHpoI9ML<X-sTn;
z_Z{vz(T(>U+;>|8jLbop0yPp}i`Oj}mPql8M_y45is#AuZg(q|-C75&oALuHgTBA8
z(Ai4N-#gv{vb@wnif@{`F~iL;1oiT7|1xYc+0RUtLrZh#>=~C9iN4{Zk3(ElZ%$K@
z45JOx<z9lN^&58=KfEJ;4~!WS5@(*IW#*b~ku*sWzW!vio9*l5Z^z~{_Y$l!K@6cd
z?y1WMs?Y~|js2wb@N>E_ZNru5-FKQwR=gk?q;37}G_Ujtl*;)Bj#qW$kC->SPC?C6
zKMVkE=_skZUEMmH0*PSTjl8By=|LUwSER(rQ$!+wNti_4#cM!xmJc^z{|FctH;>7R
zKk-k)?z8;~tpc&Bai(^XX&_Xm;g98j*4nz8E@jC{K3Qng`x<b{AQFx;pC;PGp3K~2
z!oH$9TGY_X8zj+vMMO?ckmDGLTuIIhBw(}1gL>D(65_r^a(_orB*>zY#u++YXxMa@
znz07V8b}u!2j;|SPhXy=C<mfr!Yu_V`8I}KO7JM`nFj7>v+zR_CM3%{Vtz9beP|Ot
z^lxu$1UWtG`LQ+Z++pT~n=MM*@(57Xp~Qhd`z|p!KdrBAQ%DQ(&WN6!87f9}6Au+@
zpGA8`J2VH}$n^7s3*cF7T#M`xtD&HOlcj$(b@{y&$EC@T>ac$HV}_9|K?NC-^u}*g
z3+k^Q?^J@+3>p^6R2CW(YBN;jYN1=63z&q!{yhePDs68bpNf2<UzIP_V}Rsyczszt
z{@^26Neu9Rf7wmtVIchiRS;+ITw?@Ql!yG<^?)I8r_fZX#6@}`cyvE^W;OTs7UUaX
zFZA9(=4<|5C~Gbi6csxMdBeGSj5mcWXGakyWubGkoBHH3yzTEb^v9HzjXZwyzKfvm
zo}?LgnE$qc{*_Xn7)N@fFJ79)bV5Y<<08PucB#h-#IFEC6*5AAe>DbC*SG&Ov!=mP
zkI5FKP6>yn?Lj4kVLEYUya@RXJFF<s>7;Hp1{c*D6S>V)ai3gQpn4bv9&|Me7&ce5
zGkQ1n&>!tNML<9{!Wx^(Y)W+P%%K<wH|mWg0xfR3$3N}5+xfp8qgavC4m#C>^Mw#D
zCMlJzxp=2<(!yHP2p;!;pI=*5(!hZ-En+N-SU`^z*nj_Pc?^c<UpVX4{>2}bm{w&F
zi{~QEBK+#>`pTvY?2->sEIJL&A|5gK^|Q-4Tm)Y&P>5~L^WjJOYdjvfp%(zc9?EOJ
z95PHDrP-yWlFpp+>LlGhV!poJd?Jy%cGzih8<6(5FCCJS^IAIgfpDk4M&bKU+f?{b
zNp#iy{Rx_nTq!I5FjVIHr#qtFe2pCRB4wt-BrLkRDlJ#Ei#w!y2L?R?^q_^rq#&v)
zdYTE;xa-`w*LMX0ifslxwE^@!$x)^*@zXno@en%}r&_T!E~#v)X&-u-9->8kS<>vc
z7%>7p9f&t%cWIulf-UM_E9gPn{|Tvqj?v745}mU*4*@aRt@0dU9ZZ*;V9W-!b<;#*
z2fb}27j3y&-*kALjwEkVX@mV!!V*MC2DbGUA2u<O!aQ5y&^)IyPVPC(24vfDQ+n1|
z!&^Z;Nh~0!sAMeK_TQr*AdOh%zg(}w5??ny&OPT5)t&2^AW4;orFeg+Y41>uwRR&W
zL88DqP~Gdm8U)ipkhMR#CCz8gJcuASRZp3A1#K88ZJ$}au8ss#tkxEqsB(C)=y}3d
zT7<|h)vTc2R&u{Wtij=Ww%)_jAQ|hE>h~(KMlm7Fm6CQ>yxfp*NZG#@2{QD#5;<M6
zDHJB$K8tiNV|B(=4H2@}76-x`_XAZejkhf4$xtxH1ap$XJnjW${r>(Z)4|Zf1rrYi
zYs<5wW~MHvP1SaFwLwu`yvOo_g++)Y5TN}V!ZVq#Yuy;4KdarZH@SH8J5+QL#Kych
zNSNmv-5g=svK1vD?j9kIbPP64E@;c-pU#oF!|i=*M{oW98hyAR>F9F;dr8=oSe)Ma
zB_V;<rcyj~<(PYo-&oT1^?<u1bV{41*upP6NJLkmdRQ~AmYIGH<AX@{6PhARrif9s
z8W|JKS^q{Ov?IeC-6qsDOWEyp{s~3-E{J6e;YjvY&aZ3Ijr-&RzqWE)EQi}X1&G69
z*EtXmMrk2|pH=<rEM12J9o8J-l*_Hr+i44S?HjWuIcPgKi?j(mH+?4INGa>tI}A-o
zp81*G3I(#zgsqtSL}W|ANHA``vyb6CnSrtPV&f7X_;i0m3!8DoROx9izF`tb3l#~A
z>(w{1_xM0>?SjIfJJ>+{)`>ulAh4BsM{>39@xwaiTv1h9NTM;(g<kYqwp-o58aGAQ
z>YWPaUQIQ+sJDO=*E4eAr&@1ibzJ0%T*RB+9!VZL>{DMb2F2KW?Ee4K$`2ym$7v2T
z^-nT`QXpJVdl#5mo2id*ZrojL8mGd`>+br9a32jaZ^oQQ;^<Bpjjo95qaSi?mk7S%
zydFsXQ7vC*bqM-A8<baUke<9qNisvLbkdF*hdCzQ&+bm_3Du%Fh84#PQH4%dOEYQ?
zk{lgWu{{77G`+c{#3L_-7k)p8OIOy_bYpwVJ6V6A><fB(3n%yDP0q+j%T+p7Cb!_T
z==Rc|{wyK@MtjH40G!lE4j1U43T$9kc|mRKvc)IJ3}Gu+-G{Sk5VQWw_Ba*b<cG)^
zdJfsWxNW_hLD3N@y)rmcLX_35R)TTeg`!b&W9Alq>;?8)uOS|amh@gVM=<)`)NSCZ
z-WfFCuI{wJ379ZxOB)=JW%r=Ey&)*iY2MF{vr$r{tSndDZuA)s-v8_2RA=R;8~`u7
z_EuSUecrP#bB^$xHg#ZVs&lGja_Tle|3{K7zMy2ns8QOnIfHc9<$#R)Iex{n;V~FA
z@U-O8!%t+*=agvR%w`JGSFv8Tm`)B{RSunIQ_L-jdLw+VBV!2<M}Bb%f<L&cXG^!e
ze0H*OqbI%9$BK-NXgbTp{n3T*IwcMLZMnxU!(}n?4|zAOzygKh`H331Enn|r^WSmp
za{7*-;hK-4OaT0|{~r;mrVMh4=cFyhx`1o(R(DWen?DdAsq{N8DHCF`hY_P++&L{i
zC1`{0BOP;a6C>=;S4*4lb}DEf9yqShMX4XlK%In67Ra#N28jbYgzP=!LZF=5rw*TU
zPP5##><4>2{w342v9+)3g#QaG0PsmR4nP|a4$!p{9(_}MfRq%oT}Hba!g6f1j3^mo
zeX#LPr5o>Eg}d|iYqjRkT|8(yEN2<37p4Izvn0rsw)nJhmG0q4D?S4)X6N?+up>+>
zS~IS^BY|v#CA6Mcvfs__+5A9|N!_KBW)+pA5!-2I(_p!Gsbh-p$6!T^XdF>F-@<0*
zx?Oq5!>B$TN*fn_s&Q)hQDb-JYdN6oPOdqK70xE*Aa~V}bgKTct;MxwD`zlw3v;$|
zdIc1_(gK@5)&`>o`*@J1mpxL#Mh&3z_#WJL&`CUGeqK!eZtiV8dyE&D!F>S(H=>Ta
zbrjuRjOGz%DI6=Rw5YInf;IOk6r9E4=0LsjT+{k;akxcf2TFnxqUp-HoSi-s=ZpT$
z+UQx?mZ|o{;>Kpz*VHD{gXOx8SPpx7Dxz>K=Dbk+G&HZdk}(hE(jgIpNKMqJTj+c+
z??0JO5Z<yuJN5qS6q4Ea)GRR{q?;xfarxkKIZPMjui+5CqSR}RU_b=iMwi1dr-?{J
z?eOM9k&dc9Iwz||MZs~IF500_ZmHPcGl)SpdBTc1_0OXaOk8WpUFk`UfMUhhLoo_W
z!HP|kM1sOU8J7f+@r`USA?Q{!e6sdV2gpy8F3y}@`$bP;vTsmE{F6(+FvGB?tMaKG
zX{_fYO@q|1LzBi_%3;)EEznzFaU-AKm#L;~Tz3YQiX9GG=;g;aW?Unoy!1PttPN&=
z88_GbDafS&YK-<rT*Qj|zu3{BQe;@W?822reFd`gwVzSCKVj4(gFP!W@^jak=#Vq>
zf!Frx5gqe$IHOACUp^zN1Rp-v(<B~&PF*ynS*qCxDXRH{)f`Uv>4{J?mo=o=K4~c7
z75sg6APZP$%1L;$WLps)U6W2*X9~blb@&JNFrrg^XWot&mOKE_0s+#&K#U655u32T
zA29G*0+m6t&LUuqO_Cy@3>ASAu11iP3$QE9pN>aZ2R-N+PjkpG?epV$#uNPP)?3$>
z5XwJmEu!%?`T9VZwbC&w+|IZB9RfGea9`a5018L6Gj=&VE87YXs3z485`fB4L-Ib{
z;Z}38rujq(7)Wlsy6e|@H~k@XaFt&m;g#Cu+n~AHGseeqH+83?f`|hrm`(D~en&cU
zI8RcOmObQjhGdM!+|oh1!on))DJH{zSI_NyTp*xE3btnmkW?qua9^=Vqmo{T=sgF|
z?pfbBo_IztW$E;IrQm;IP7iM0q$>nS$OZ@_;0!n^T{JnIUkSld=H>r=p}f&99G60X
zxMM8@<=94}oTfZ2eGGk|d+KbW5~@xa|M1?%K}zgeiQ>-E=Akt}QKOizBE7P8ED=eV
z1^Jykax)ML^~gWqI~Hc({yS7_I4XfnxfK5_X%xG9iQQt*?ER>EnzulJj=DB#va?i^
zb6mm^lXU^KvKE$QmJOy`eoIo}`<sf-(O;?dexKhLsiQhO!MJjt9<p>q^Q#@@BTZ~N
z3)rn3^S_uu%Q;!hhAxvvms`SaIp!%Y2{xdq5z<%bxyF{>r%Q=t)#kwJR!(+cfeX&5
z^ByPRu63Jy|B#8)+G*Lh6ZO$MK_zMdmGKO9s=?uI?^GMC71_rBtVnFCDd0Su0;_9|
z_dov8C>t`dM+RL*V+XpUb~e2uV7+i--bB=c>t{^G@`k`mwcEkNE<oos$ZI+?ZBRD(
z{7rM!I!}Vp^O4Fxf<tbhMc&%dN)p(>!0O+GVQ4WP`^zTXN0*`7#-9BF>8=QRTV`1U
zi>;`sQO7Q-xm{$!rr0sRHebr^rD!5cu7e`Y2HP}6$rtiW>?1_zu?zu<Z`_e>3tl!T
zedoRTyvdBS?|m(FgmXAD+55u;4<ie0BY4M$tRgg``@||1w>Jj}$p*&m!J+^}Bk^z|
z5u7bNbW3^z-PF;AB+>P-l}|&R8OsO@w<o}qCOtZ78)_YF7$#45>0tWZNvvP1ge^~=
z8K;HEY`I~kwXt(zhH#ntn8o109>2l8Z{0Gk42>+siJ1iL?)c^;?NC-Z!WR@nQQR+a
zK2{qPeg>JVe4R`@tZqhm?MI}N4R$px-<rQcWDTmbxT>Bxp^`3~S#P*QMz8;uPJJ&_
z_t<{?m-CYK?X(o8>ZtN$vS4X+#tVmIb5Q^+e`X7=eEOFAQF8cGslS0|jhsztjt0b7
z1gkkR8?2utyG&J14SIV!WO`-m3zdwKbj^R!LHYuDph9rFWUj(vkiIn8`Dj?IW}Zv-
zL04FC2_t2sj=&_b$<@dAd+ge@I>@({9Z%!Q#+|n`KS0i`nc~W<u7<k=L)8WIhi%qL
zt*U(tYKX2fI-s?RDF5>_LI*0ZDtT7}x!p;>b}oLDKjT{|%1BSnG{X|czKU7*(#dRH
z7N4FCw1+ph@_9gTi!$h*n$)xbDS2V=1vD+{qNHpVzx~bY_$zU)#!62*gT{@=*U8(z
zxoiX-3n6@ujD2FpLjMDh?ZHHA&#1dd@K~0h^L?^y5E%(w-7*5fK@BScjVPoa_wNY&
zfX^GstaO+q2_*+*mEN$qtT0lEtxn3>xlEbYa7!=CwVfA__BntpGPiE}MFMv-rDqq?
zv)v5m_$<$Dz~LHif?k$=<v4L_J3?v$s_kzszyaMl_CnJ7zz}qdDp7?K{ZjFit`8F)
zq6@2<+DMzGnNunbRQdduT(c=Ryzz;-Pii#Td&xbI%U{W7SCq;>_2=me5hYD5G(f;>
zvO6EUJ(*-@Z=*Ezn+80&P!4h=ld|PIo8bSx(rt{C`u_w3p!dy^XfbEKx+>!@bNjA4
z<rGd@h-2i^+#Bg8$}mHR|9)(Y8&pw(=$s9>TW!zF4Is;Y-y$n8HVTcI+`Pi;d5BjI
z!Ava$dU_k1R`MwuK*1rV87pOBV~AQg`mp%u>CZ{|ZMlLPD%L?{t@H8|7eKv%p$C;l
zw#(TjMD?4bc7;z(ldXI#_yh{|p8mja9{e(-W(3%Pmc>1>x9;&j);?4<akS$vAE}VC
zo=7=Ot+!FSPe0^|AQl!q&>z&e$Kkp9TkG6*s8XI1Tsd!XQNNr09-a`5$Y)SNSMQWr
z!WygmW{WJ~ER{)zabQDgx(?#Qy`H}4+wLXF@s>Xcb7Pug98y;beuaccGWQFDUj{qg
z_fK>CR#T*XNcng@6Jo<t6Wa2+D&Hf$jE%yXC73l5JJYRS<0&F6AH=6DMNvPH#USi$
zp@BsONc8PM7o6;M0ECV!^mHpRGw`1EqoV04lOVPaS(Y_2&dMoy<0Wj~c}`+VG$@V^
zf}Q6JyOR${n_qTQc0Xjrm;+hBTyV^?GZh54Z|qMClg=7lYxO0r24P1HQ4B61knqAg
zV}GrkH}l+DoS6RsWCnQjzu@%lP%Rx@hqx3Hhr?ZNnISICAzAqVW3KN02>e;t?%f?K
zj)n8|YTok$!;~X84bPVcg6NhUoqbBo`~sEy%2(uCMS}Wsv##&$3hb1+BTANjzhk$h
zTD9r{Bwjs-uaUmhVB-m+!9I5#nj)ceL$$yJmOv$s)Jd#&(dP3DmGVJ`RtF9~y&j8U
z$^oU+IvM^TQm3a%<h5;fj+j>Hy|nSYsMrBVPyIv0nhQM@m{RP&X&M0IizvqoAom0S
z3KM}!U|lU#*2(jKMszrt=9O>!L;?9SqbNz1C84A>B>$9*HjYd5;f2Y$F+#Kul?xo<
zmf`9*yzVZ5XeE^aulhx6gse)Qps{BJt{EQ|Jus*^)Eah)i#+FD(5$sX9=UY&)y@1-
z9DQ{lRKL)>+f=5Ypys3VaW_ov%B}eSn-sXKR?e9+|6U}|G)(n%9I8<PbE@v2{Kf!w
z!^v;aWA#Y&qN2#L-_xdL1_H}p!E`Mt!HG%Ag)^GD3QD8rm5coKlI12U3n%Uom`yfF
z$Bzdge{&w%@Ao@oYr5OMY5>wiD8bI__3kJ!3D$oVqRG_?xx4lJlu?KX%9X7>quA{(
zSK<_hFZb=#WK>YL<F{8d@-sD|Y!KKiI|Q(0z-bufxa3116y;O)`hv#p6%WTzzEP?k
z6Xa1mL(iw1$oAEfo`>8QLHhTio?KlEX{r(7z9Bq$pvhHU2gk{#*Pm@;p_^DlgepB<
zM@D(?A5iZz^}x0zkFnbf{OD56t_FxZ9hHSvAfc=lnyvId>5@Nd#d%-VUeXdsL*;nc
z#j>ahlbH#W>pJMD;%ZSqYmjMr0bgwk<QZHAPQ<_9PJMr93x1BS!V9hrWi;=kb&zhH
zU(=e>FA!z+cH7&&pdUS~p4Y|CBL3041+ccMBV3zCf$o6E3`c9l-z+I%1GRcr;UO5!
z(RtDMFf5A)`)u#Jy26F0Kn>>*ud#)#?yyb=VkYSGQ8;{$l%2<K5ufHx)22w5Yg$$A
zErDjh%&)<#Kw^0!WKqckSG(X2+_n(Ys(xxK-O750L0PV^nhH3G=Go85gM?I8eqzFI
zjiYiW+JUBWMjAlN0jl42%>GiQ6G(mt(>LK$EA{gMx`lMdAsVQ51`G|~y&$TShY38T
zxI02lRM^R-#_&G-CU%!KUd(!WL>El^QzBlW^2U2!wjNQR<AaDw3qe7_uxc<66=xG+
z^?uURM2Hb%s$Cpn5F-7(shIzSJPbh>&QqUUb8#fVv>6#e+zzSHkm$aeJPGSKuHHpY
z!E7<NikPd$omM(_SF%(>xlYy%&{0N*xjblu-s~ta+1&^a3kT<g&v&9t#hhpxC0(Ds
z+F=-LR)2%@!GyxzwamiS<C0nai&MXOpc&#FnemoH$cCriH0wZfm}A!8**T48sj~4>
z=24}jKvmvhihNpE-)F>b!h66zE;q&4)hW@r{AOowq=_d?(>%%%cFzQ?)Z*OJ9W4&a
zrOv((@5-N}I;m&_;Rhz-n}r7cxE=UgdkzT{c+5V!^UYquUN$&$BjH<0wJGLrKz+9<
ztBRYGQR{8C=FB$l;tl->x=QP5Ggg3gZG`|n%=gx&q}>E)^V*_V;@~d(IBF?RPQ&mb
zcYBztcIpZGeg39$H=@7ThtRE)me|_lQKkL<ilmg_gS=bo9<G`T(CT&C$~P|)R1SO!
z7Okl1Q++QGSz%{|)#F$#f9`)}CXKd+aw&9pEmZ(B7cpZ}Ou<ysP`L)(PNi<(#DXT-
ziNWGlsC7e-uTru&`?<Z~sITJdwXaKs5QPgr$g1v0L|T!tz5l&AR*Q{E5$G~X29{op
zh<HTDzGdf#vNtztq2!A`uVy8{NjDgH88yH5&S_eaW=x47ZAQ$QX^l>|0_`#4^eWSG
zCAsfBQXx8e8962r-h_6N8_v)o#{B?z%yqAiIvb>=%2z%gSp+GvoP2uJ6}w#Mr$ERV
zP5EopEv4dM)KCn7-=4_S0W3ULu8H(f14~|XD9mbWP-9AGR4e|yAG*$(|26q6_WlNb
zD7(z#9sM5SXQ$#;0Ab$E2)c7D8M(ok$YS3o1j+bS0X&Sp6JCWo`}Jtn)4LB3)bb_Z
zH4RaIy%Ab*d&bK6!a@VD_|x}7(a^^cBMcaVbbx`qtq9uhx0pSe2ewgl2n1Jr>;LgN
zAORhnB<~DT5aSxIAk54JUpm{$5Zs4wufE?ez&l!vN%9*^W9Tiylb(K@mtZqsgLJdP
z&Z~u(e#NW!p(n-N3i^pcbLbo$K}mLwHdOld^3FN&8{v=xk!!tfS-)y6^FA1*TBQ3e
z07K`c7zO^~D?veATbyI!QgKjdpcu=L5X5bO({s-}hhH6KaGJE?Flb@v?Jpn3bwzl0
zBTznVWSS*N2E>vhvq6Sxg1vvF-`^m-`AQBa(CVy}$}VgAQSLi|wYXVp4M)OUpn58L
zHAT+`JSv}ntFT@X^ES~L`vwT+L?=EEXIjp}CZELCYIdgt9=adB;8hAmRp14L5)LoY
zP8L(lK6@zC2qNWZ_OV50BfRat@ZOi3EqLs}7#mK1Si~Hi#qtGZwBDiKvLD(_MN|3t
zzMn3f+f)j2zc<@yw%0gH#=Iz9e`ES<u1`u>&=#Qx=j&ETPNqM>4n>^ijr$mevb(ZJ
z;9N=IoiqZs1*nnu0|rG7jrr2Wt&qiv^2(UzqzW<@_~ljb@3<2^VXq`Klmb-P-%U54
zTI+PcxDrZqal09irjS{qc|iB?S!iEcLHO+r@kt*fOkF04#IY^y{iwxegV-GTN-^sV
znzHi!DC}7x*5bY}CeOgM;)MS>`oHswBi&PDy&s+HbqMBhS#T@+_O<OH`48^;+%W8J
zdP^6mD@L<M+`WGME^<el0LVug9_xuA3AKS=F6)ld<~q0YNP1NFs(Tt1_1OEjo85bb
z6VlnU*2|R=#{-JT2m$=#`G=mvL4qt#)%%b`DyvnmO!Gl%ITsf13>&p~G-qk0{eksj
zd_@gJrfl!$%x+6=<<YY{V*%1z;~$zE&)rUI=@V?4rAheShRfEBCfo~dP#U;ytj?O=
zbw8SD@Bas#Kw`f}F2jU7+O+zuslHhgq(R}8uW2qcl(uN-Xk?upreZ??^67+GOfu9H
zG^{<ZG<FSGv~Frk&+sedKSrS%+%Gb?hMt7-GSd_@vGe+IF2K}=KAy>U;~5)IpR*rr
zwq{cfCN>ax%cft;Q$~eWK+qd~ltQy@@X&~?>~AiS@g^#IOP$_iH*2?!X6}r`TNcNl
z&PY%N`{c}Awm$}SWfF-9J~SVeml{5Nlqf(c9%b-*67P~pd8N```6$)bpSuG1+v%|v
z%rl#X!*uQks3YU}rVn*h3VZ4~-{a!O?ee7T2<2LpS8jeC1`90+bA^qBYgwIX_hQ2Q
z^FrT8<ib6_Z1u~&*+>8Za=}R~;|*{C000000EcUqf8g|PnGEu&TNFpet7)k^3~9gf
zwybey?EV94RNW0^(7dwE7zP=!2SvT%8OXd=8=nUVznA@Qp0*W4$m&A}0)_&h3nq=&
z(x2YkucKsv2cJb6o$FpWw>_KyjGc*k3Ar63@=0JI19ibTc;IXTx_xvSY5zZpR(eZ+
zP|N)`7ytTecZwgGNy3+v1tRF9geR6q!lxF4t|D^uup>I=gb<YSHfC(XiAuarb6UQb
zycZ#h@h@@f>TUpiln5|vVEH&gMO4gr{Zu@}*dp9)#L_P8v9p;>o<j=S;Vpa)4#wx|
z*wro;*2k2X54HV2p$tD%uy}4bDrlNig-IV<SM(#+MJFX3w^Q8V>c0Z6+oJwdyO;OW
z0Gi+qnE;>M1nOdfS!=%riW~-pldcC7r_stoL^Q|mLgziNZAQeb?+Q4guZ-Ba+7es?
z$?KFW_N0kX+x<EHVhK#|$<@`}0#AlW10XVdI<U1<sorGnI-Bl9zOJ3)Aru}8NeaKR
zTq#}s%6-ht2bMy<!431km@p%ybWCi@U?*A>Cxq_BtHw0spkkHF38&<mDMA~_6?lr4
zty*g~GjO}hN?ecyUZLamX?efj0$$;GHWUQJ|MfyF03@;IV5{z!%C9iRd91v>UZkWt
zu(|&?i2EWUR=;}!>(1WFVNcZwK87cN`5~~8HE?4R6*j8d`=>Q?lOS8d#HTSBrH~v*
z6I=iQ00000-?mYyRtZO+_dF-H7vDjuH6H_8Hi@~OLnf*b&KR$dFi+^Ez3DmgZr4Hf
z!O@W4EdP*0D2FKj^^#2+GKQFb!ho?Ze3KT1^f;dl^h&hf84EfECY!tbsW(ixP1x_2
zmr_T&KfE^iQ%0NQyG|)ugOQWW<5H)nvx=>trR_gQXoY4RK*OlrJ#btEH3KLNB?fpY
z7DVx?O^oD5nfVGe1v*fR%sFxQLeI6MD)FGKBf6D(K6v<^p)ti|3iTY^J&AKl0%;E=
z>Z;K@sDM_X#EFXWY$hL^e+d0WRKC{Q9=~pO#(UWqbHb(^>F6-?9rJm^Uy7vKCUUVy
z+b)xQl!Bt$_4)2AS{yvut)mk9Mw46=W<HoEmr@v`e=LNh+@`!Qn4IXk{5KfPax|*d
zzWNV+O3_08izw$$)3+};RKJH#!nwYfb5QD{JTmjKqNh+S6)~44g!IoBa;0rF`&wfX
zQ}Ar_GdBVZS{o&fTA0|{^uhQ`{7`7R6VAObxzHCWQMs>XY0z&QFr-oG?bgT?o#$iY
zx}~;qsOkW*#nuFy=u6RfkS#rJ_}|p0l(Y8(t%@K?!3)KaT%r_HUG2O?pRa~s<%1jE
z7K9qwXWm&UEC`EI^1u*-nhUw=5uY7IN7Grk=V!RxX;kFFkEq^8WBwL4rG4~Qod5if
z_;~z;uHhU;maVM;Q7zP5q5ED09`sxxz@}!}DTtInO0D#B0NF(&HCn7>H+HYn<p7M0
zN0lHt{he&23%I-_enbieU5<AY(!UNbYWY=$(OBjH00ct;QF2phSbzWk00000z~BVO
zQLq3&wr)H<k3g8NNnqGS)ohQ{KPlYTp=7zfHIiY?VNAS1_Bu1%nuK;F!%oLf6wA+Q
zUetv|NlP(VRc1y`xm>VgiW$<Cf0kE1W_T#7Lo=J5FKfmM5+s6jx+8D3>Qeu*1wB(Z
z8*SJ0LlV?1P(oa@G5*c)X7i@NeAP$QU2DZIF#EBdWKYyab`s{t%&2OKC~RcbElYG|
zSH_%TLRY&|6=7y<qjF;mQTCCLMs*PhrGMCEt`=NTK_C}IDs6LDyWZ7C{BJrk`hn}p
zN%yN#+tgS&byh0B?0yS&Fp#mG#n~2v3NXtgiN9fZ4&qbG$oJWsZI;du%4g6-JW4O?
zn|z!_Y&wd5<Oad~N~<4HJs19P!$OfaCQL5$UcgPb^ktyKGr)S8lzhjx!cdhe43+G&
z49j9tt5rY5nxuP+50=;f1Y6=D`oIz$97}N}JlbQOHhiiA+0yD{e=PX7@VCNW&n07u
zzts_IkZG$U(5A|+l7X^C^@n9`*p2$enBV>F#`QQ!hM!n8r$`xtjpcg$%YE2@7Jn19
zHH63SH^f0n`XWtcgTT|l#dZ+$_<Qgywnr(<J{7%@oL@?Oj|i#ANYeb+cV=#~P_@g9
zNcR1&NxXqu#Sw?(|A{jIoBWbX<M%BTN~>b`pn_DHD6`v=t?|gc!DVwx16AtA!vt%_
zN6vUeXEvCLI|B7PB2}<7Fi-LTt?LI%*JdAHme(mczBXy*31eeSp{TDdFH21@037cb
z<bp;B0000000|-k(*OVj_E5Df0dCe*jpyX~*hM6bXq~R&aELwq{;1f_8I+Hej((K9
z$99&*7whpFQ{9?f8=2ui1BJm-rS26ljV%LJ&y~3_PezqUwErudD<4kH8vNyS`y)o8
zOict+1magwviBrcqJ<%?oC%Nha!i!^=~D4g21sv3>AA1%v}O$0s$NZm-z`IuWlmz)
z!=?1vFkLvt>{2L!cJ7~@470_PCdqvljJQWc<rY{YTXS-}EoaPhtP%<t^xjVw+~rB4
zLMTzmy<FbpA&=P$tF_lA(5CC-*mm3Uv{TC@-90<nsN{h#SOvYVYN>J0m9;LErkO0*
zWgKxL^Yhc)8W<-9AHM^(W}($|Mfc=o5iQ<nF8AZp1yYV>XMvo;Ocg4-!$>L`VJhNy
zzo^b(7z=JJGLnub`r_-uJ-odANidyG+fh9gS(8h(U0t^{eUEvC8#~l1=vMrYYRdYl
z*Z@SdeObbs6L*^QkXd&ewS`LYgM9@n56zw5+!)APyWs11VLKr_sH#JpZzq$nVwLEn
zE$<_1L-Hs(p?){aqDU$7uhj1llYD*%_3<R)IjB|KW>uY#TxANA-|NUF?i?{S!un;i
z>#%Q0+gk}gMJ17_wN5wVTp*?`))=&oMQJX8CHB!)4u&Uim|w^;%Bv}5WEu6LO*e1L
zY~}y}0Mxijpa1{>0001ktg{UdL<3iV0E%D=`8$k~q5dxJQS{G@ng=ecJV-(pWLnc-
zs~$erL)?{Y#-!QXk!`b(L)7knoIT12)WNKW_D^RBAC9d3ry&HhZXrs6>qgi=Wcw$f
zYwo45(BuDht@xYbSBm6n9YgDi{}RO?%eHMaSUnGt?-PHl62!fx$*zWyK2GABRE1SM
zx9X|&*+V7o<}XRCK%R;O#NSZIm)9{|%qFU$d>~8}EWd<o&Pn8!eyAd;xfE5_rC{fJ
zNl}PQWv(t-R3Xxag2wCKo(S^FT8}u(=Uph(Cz;6DZ4~5f?|OvAm`0#5h8VjnH{X6k
zC}a0Fc#%U()3{0hV?qS~nEQ%cc4-XC^FxQOK=oawoXJyr9X>w1FQ%mSY6OkIaQ!Bu
zTSYIvYFox|v}+EV6A5JX)8FQpF&>!mufpF>h{P1zzBBS5{>-kjZonAF!z<ikMAD=c
zX{Q7Iq-FnS<g1fM8i(;3Vu4rIVf5(Et*lv6Ti(l^V`H0NbuQKK;?uU4p9WwE3+vr&
zE$J2$0I!O}z%qU(^-%ox>~fXrY|3h~B9Cvj(_4EUm#vwtyngMVEA0!lQhlQu9R}(A
zCF6V`73P^(P9A>89DTWs?Af(R?aZ_zoSefDMWT&VaS&LE7mZK=<l5m9Q(m%6L>h-L
z0>W>d%&M3YF;OS1krweR%>q(G3F5w4hk@jRYgBK6(m7<XfB*mh01N-~IZ$v;lmG-f
zT(BYjiVg{ll`(3L9;CM=a?W+V#C}E`fF0<sr$WdyGVrf0oUuL3cHM`x3F}F!F!*%?
zzEyma)8GMM#QvFSZCgE^c-3&p-N<V5KXCI%KdhXCID?3oeOyUAHnel<0$(-j&Idw7
zC_nw8xL)p#uy)?&R207h%kjb=y1vAS5~wTCzD+dvp8s)5kVz8_fH1rXL|5Vdc|&d>
z^v&sWtV0QtcYa7Qn);j3Tglvd2CCN^ch2$%&a3!$fgVdIaY>Zr+!8yIj1Bzwx;Q&z
z8OLbneTO3nG$0bZP<A9b&KK4peJBq(v#IyKvws}C)JeB~Eqt=H%3>5_?BCU8^qrZ6
z1?fL^`_yA^mbrp)y%fIrsc#v(MsAzHuqLSEipS8kig!f_%|@m|td|F`K>a49n*|a)
zE|eXnv-QENu2q2WFHc&*To}Jbxx+C`*TE1utj$%iQ8%DE$dd>z`AGbdDDw^0$k=O7
z{yu(&h&s%sr&Nvg?YaC&6F)G^Bgh=>6tUWdK}u?XuP7LhQeF*CLq@(K)zjT|m+T(B
zs=+~Vm2(c{WB{(Paelz_rN>#}z-f8xW^VQw(ol@cw(q@V0@8PxLk1g4#bawWS2HjB
z!S(q7uvd|`!7C0_*&Lf0lyExoi@b&6s8DfRC{I^h!l{8FB{}HprPJ^_vM?(G0z4Nq
zvNf)^c>n+a000&gOH3pP0Wp&=)GUEKU7OS(_}$1JW6yg_$E{o``1)mNdAC^Gnp(h=
zu{xN6j=W*3`NX3QE0iAXTh92l&|<(iEa0BD593*q!u4~+Ap4?%G~y4B{OJj7{nHxA
z5-?bnEj=|65ffHD?AGswxaEsZoIx?vC>}MLOc1*yLmuX;%rZMGBV!^tI~?|bOpl<H
zKC;!Gm>^es)>k~VzyXr@u8Fei+LW#*{orhE$ZQ@Sh@kb%IqtjFm^wHWm}W!rZ4aI!
z{W)qrN$OAa%oi@DZ~j1sA;`HzD0k2^#0k^tAcGS~Txo%yR;1Wr0M3%l?_NJc4*biY
zHFGl@vOAQ8B~&lo)LMg1jo8&G1uiBtw`LYq&*+nzUz?*V8(dE<c>`~lX5_|nZWn*C
z3G{cYw_@Z+MEGI*6UF^TbY*ig@Njd~XG?e=G39i`ToN|xL4Gf2My1S-8-Qj=v7E3G
znz<Mz#Z6E9Z)Q&Ou&)@t^>+qF3l2#ckEeBj{CB^|V6>TC@MqbL1*QC|G;Zi@w9?CL
zwJ=KhOZ*N%QVZgdsqhq;j>qdek%UiV*~MtnYvk}2{c8K+C%&{;!OE#?YfmYjr+eSu
ztb8+>%#_NTr_>MymiU>Zgg-5Bp7%*3JPH*PU?}xjl*y)AF(KufVK0?$H-1=Es8+CD
zkkHQhd!p+Z%K0ONB~7ZSdk?3Fo7UL<2|A?U*&CW|GR4HMO=DBzbzAMWDMt>Q8l0jI
zF7(lZcI<JHn4HpnRSVXV-RHIRdSgdcjAW79sxPmU92ne2pe~`~q48LF?bF5^k7AC+
z9dG^nA6f2K;uSC|Wm+X(u3kaE3y?&Jn{W0g3N*S>g!HB{eCV%b$Ak)mElXyzwbyuN
zFf1>B*&#DVf$8K)(Z|i;WL}`Sz6c!MBme*a0000RG*2i1%U~NR0F^(Hu(W}SFGb|E
z_L*=@BD4BxqrtM4O~~51d@&i_AZY}H(*~9#Hx{V5w66&{zzM9%!Xv#IpHB}gqJi;0
zy3ZK$jc_Xa4FVR2^!yi5lIDo;a>g-Z+|N;8KUGbm6glVtBHuM~x(p;E*7TK{;{W;+
z(_n=dT`S76RPX}p);F0Z1CEbTit}KOdEAFuBH`u=Cs~^E6s1aL75I4Gk9Fz#3p!}Y
zVwi_C)2yXStmSutK`Qleg$3h3xBq(8$_DW^PYYtUqeyvAd<gL9Yv(Z|>`|p#&(MCd
z?dVNLm8Du-f5=n^(YO+lQ`N(oPOeO)<_bo|?JU1WHTrjVkQGkao^kb0!w00g(_&Z;
zk$df+%E$c5u%>ZkG26ra{6?T(NOTs7>aySE7<QZz#hgAaG|rC#WG{_)?8QbuH7(;e
zXwB1j6?YTG{YG?UwB<sM3CJUY-8I8t&e2FC8KqO<jEd{JfwP8Y$*}PB`E5HlKWdI}
zoHH#sG!bk5{GoyN1t)ge-SV|K>&+t1bKVy2V>A&uUoF9;p2iC)VF!K>o;kjVqsJl{
zdI(e~KKB1><#F2!sE*#Xk`B9n3-8)SY45ayd^aVP)lPRj9u=Por|;o1*_oY9k-BO=
zfT++;ezWaQu8=!%I$I?mKWO$?c4F@g@a+BaXIt2b(~Zdye@f`Q;hZ@@WK?asH)?mB
zd&bW|M2f&C0hyr8Uzqq!i{fc)tG7eBmYQF43U)u;i~b+XPnmWis$fLJ4n6EwA;%DA
z>G0kl28;QhiNhswrts1A6@-)M7n`t@_kN~Y)WC<;YLHC89@cPrghVRkQE0lf-nG#m
z{mc*O5tqBf6``Ri(jWPIS}0k)GOxm6t((}vPpUH?peD;J#lR^QB>7zB4J`=I*FBu0
z$aIXtJ~}H4yG(Gaj6a6b?QsF0*R1S^^bbxDdGN^kCD`Ue@nDE0fnh+-TIWCj00000
z2$K64XO^D9G)~(Er~;6iIIP+eDYrxqZiv}di*KamSo=&?ZNG4KA=N>2OpJdj|Fej$
zf>qsHoSX7FYxDNm1(pnvAZ1h2zH+Qc*SmEcScB{}NmmWy7KO8g5ajTflM#Vbc~?xq
zTJyY;TW2`{$L@WrQoGHkZ=n<OmxjtR{k7@wg7FO%@sgbRd5`aGR%?6p`(frJ;39>t
zcz@?wtg9yFJ47B_0i(vX-ejxncvp{Db<wTdZF2B>%smexEtdX`2q#HU^eifPcH7B=
z1VcBwAbQXM*qAkt8c`_#fP^AZa(P36qDy2?Q?7S4n3<LLO^%iG>lE~=E|7#J90Q6h
zxB5h(fBe2ARHGn7rO;p2bn3rP8oAEoM|$3Z+gjmO802h(dmac=l%t-g(C;1J#gsKc
zzWlqHW4W_22=0YMh9&ZNmY40_qq3ikBai(h=&v0Q0~iJA5GSK6(u1q%ujd?PK^!ox
zb=^j=>9H`DPhH0fXSP^YKXi#9Hx`t+oI8%CY^ha+bN5jc!Ul)0^}#Mkt24x6`!@e{
ztYYCK`a;HW@CbS8?cxvB5qGCy7)D+92Au^TmU?A5bfYCEQD0NPhY@JnjZOC3@4Nhd
z4?ZP2eOQy}+|Zq`yLfb{6pwj0eU(`IsbN;FzwryNm-Rj3oTE*Tt84H_(IZ8Y*^3jw
z!1`4GZ7Cq7%L2=Wiv?CbJ-+%mV@;{{>TNF52gR+H+O4_!5!ZoC0vKD>8kJO=Q{c8A
z8m!}nWric(*qg0?A977ho5heC^?JcyN+tgIYB!u;E9t>9b;CiqSYXg%s&pl|<qd<b
zAH-&cNt=|fW7?YiEim0n(UE@vP9F0M4v^{ib-%T@g_K-gBi%Ce=Wf}VW3@>|X7_hi
zKLsxtxDFdzM?A!+=j}=hDbD}MZH~ENbPo51&b8{66)1}JKy|BSMGD;VuD})%BzEeJ
zB3MPqg=_&%<_)`_t)k4CFQ0<2r+FuWhb?EPh*muhUSQ@;$iO%N0000SU4SqE8cB~#
z2sJkD)UMH>0Gk7lbUl1xNAzT?TKb2#*;I_s3}{T!>jDEYt|qDmO$66C&#29#H>`Fe
zfLwTSw;rJm!OQ>!Ov&AIMcI5#Plf!KxOo4@(QG(R_WZtoD{Zg1zpfgoUkX~6U~{HT
zb4u;KeF$tGHed}xoOqLudtIXV@hWZsH6DT}kY|9b&mg!|D5zC_sA+)#XS0~c+y&Hz
zet%zYsE)783Rj~J<FDFAfxZQRBxB0cL63HX-n_S*v{j=_nDLF_APIBwQY=&%ML?a1
z<2de*M45Ykj{%T(kgX1dvbtwyE$UY+l%~NQJNhEy1Y)t{nnYg^bquTEJ<@jA09Z%<
z=2ap7GTubi=6)f;wG?HA02#Duig7E&un0&dP@KCUNcZo<(77`LQ}kVR>-GaZae1df
zHnHg9c+;C-o1-fmTu&`~3y+(a|6cEI7`uz?K)El|;giiNuH{l%gtJUkoh~?v=5L)J
zZ!V@qSf=~?g1bGr)oE|6cR#mPpu#%m#`n5x<Qz%MG<S2!cX3~c@%-nMd?PCQ)Od>A
zTS3u%1TEiIByDhkqd9<;f!{w|Zw1CB-nWrii6}=LgUcd1pE#)<6teZka?Um9*guds
z0iq{fKuB&Sk0&E0K~V=0V<I$4d=BfKCiV8&DJ)HgvDOQ2`q$t+W`^vZwkh~8OIkgv
zrdABmN>HFLz>t3aLpY-yh8tH@PPL4t_IhzI0>>+1qie`yc#!Cte~}W1>wOzc-<5&#
zb9c7(G?a52!Qi)+3S4k6vrNm)!I6KfwJy;Bir(`nT7draAp5*&kKl2!cB9$z5rdn?
zNLc|eN3WzQxT1Ehz-<e#ZT^2oR)9u1<mB?`GPPl86V>lPmR=B7?XaBUx3eYhm52xt
zrqD;|LQWW=$C9`By-@954L?}Es>?68!hiwfZUB!A00_tRz2MY$U;qFI)bhXp0001J
zE`s_K_6)`k6C;VbgDz0D+~Hox;CxYV$X^$EX`$HxdyY9(y>mpfIG4v}2(@{!uON@X
zr&_bU>W`c=a`M2Q1kylY03~`9wzU_M8qj>{2uW&vVi1A|ex;{S3sm_@dsCFA=dV($
zJ{5{~cM?LBw19LF29c%^yo#a4;Cyz!h!Nti)CO6^0qcRf+vrAI-;e@IEZF}BHl*eE
zL`*~~k*w(VpHYQN>B7}ObE)peuSqdjoVUSeG6ug~Dze~OmQo{&0=p*SWC8REo{%Hx
zV6Gr|qEpAM7R^(Z*$JQ&;lSM=_`CT#S9Rh>TiT0yr%nSA^0(#<`L>jl#E%CJ*AXYV
z1I6B1vDPWGNIs9I%gd$UNSq{$W076*XzBwsY6om6H5ZcbkrRuB0`q1hIQ1(#pz9du
zieI99&FG~H7wiUl;`2^|ZDY~I@uxPwH%3-AxSm?}7aun<{=MGZF?Sci=p~f(*BzOZ
zfb~z^utPORRrAok-Z1$pWEeNw3UHRS!jv#c(?fV9P+QBLJAChOCGc}6!U+q-=&^zE
z@H}8R68%F3d&7V;J>D**{f^n|ibO6I-}XeNCke$eeNSbtyV9)HxGC+VeQTHG?1>P;
z>)5`^?uXd>5X~4`%*=b~QM|P-=;>DPm`LpV>X9)b$PhzvFX$Yw^mA_GPU6?tp7G|L
z$!yzeYkIp`yjah*pH@K@`0@s>kvAaboJDg@l2#1WpEqv$82z!G4nibtaFI38F6@-v
z#}B2Gv#ceU#6tuu9b+#~+Y&)xeaG%j{q27IrX4X1GhYAT);V(JVf*qB=eYTK=jA!)
z)V7`cH(>k6{_G5PjemC?WFHq@T^GFwq1W>A83dh4PvC2@%CLr(A?4ZK*^5!3&<O+G
zZ`YcPnMgG9hJiStQQ{~NfXex&<RQr>+kgN7XP6M+Aw`-@f@8Q7PKd72BA6Axo!eIh
zg65b}(LNtipPS^E9igwAJEPExqu(bZC;PcF1xiSrb3a8A_0CGJqy)a0Ac-*C3TJjD
z%8fJX6s32lBSw)fB7<0xTEYpK77M`XN5UVg38u4^5)sw2y^cPMV;Hl^{MyV#O8$s>
zT83knn<8J`F!}!{yUIR2>dnRD2WEuB&Mm;Ux$-~a8R;F)<HToC`RoI<|3O%Hq#jdO
zEhXG)jN+#GCXd6f0<ZrcMzdHPon9x+WFi?`qu+RZdpw^OacA2$uKkpK5cg04!u+vI
zo^>%OI2I!S&vTcN8XLvsv_g7)fGIPvP?{0)kA(S*yK>-}IWRSUfCfB_o}2zsmi|RJ
zFgYx|x%O^oyv<(WzEb`z)H06)y5_KvBC0&Gz%Klxvc?uFh&X!U*dNwvyj^x1C1kth
zSYmxjBjH=<bIkZIBg74XqYIFL)@;Ndt{|?1<~5qZ+UpIWPyYx^m*Fy?c80Bln`N{Q
zB=Cv;(5Qm}DpX*ydvA*iE5}2?#sPXy-G2>psPs?FUH-&!7)-?~uBO63s(75uQo`S5
zCuW)JHY0tqTuZff=FKKwopTd&garY&UzegtM>Xru+Zkq7fD|C)u%T+50t54KKbXz<
z-br2aLo~sGj~2`#;Q>uN6Q!YQ-BN(2w;}g8-OO!cCqhI*bWTMaPxnf4Cp36&yY3=^
z=lYwbhJ8v+eCm(ate0S1*8W=izRW#J6+A4g<|JkCuGrQ>!F;&PpNt2{CROg!@Idy|
z@3owIINIael|vcw%CoA-Q|R(|H@jDIrQWo_=F4CpK*m~s7f^y`4y~yG>&lNgy8)w>
z%#HC&zW@2VLZ``NDlwl<k$322UXqY}soT@<k4G9gG|6DZaXM;^f#gFrC8C|~*l6x*
zXoqO+_a-<Uef3qZ&fY{dEjq=Bg_st^DMb`U1_Ebimi^!dsZ`E%@F1sv0001b(6;^y
z%8HNcOr{u3q5x;11PLmz@mo6AmUqM}Cb?L{@{8hJosSeM_e~^0E*^S3dr5d=3SP_f
z9(?>7YN1wAgB|6Lw-G@9XGmzBvb^NaCo^hj1Nh<vjp?M8W@IY$-(As--gWwQ2u9rY
zNU!C5OB>3P8(NPlU~AdbS<y7)rj|R3kUo|D`z0bczx!+;{NJshi;;}BM;pz#mDLNL
z_#ZQ#UDy5gD@d$;D%_J&YzGV7Rj^lukXTyD1$LnAzPmgffHU3w9W;N2U=Gx{bC!o*
zc?0$<!*3XBe^0ca9LOFEHRnq05<Jm(o{3&LS*-3A8015lKUibn<b{j-i0oVE+=`-r
zZO51$+OK_<<5;V)NYr{4jEoig>mMM-z!ZNq3&0$+Eu)hCG!_$Q5NMmvIIlTtkH%3Z
zMvU{kh5f_b<p}sPJSPE*jW1uj0<j=@Kw+5+0;i0&tRd&oan-Cz*J>Fl;4wiY3G+Y2
zd=A0=;1g6*Ma7EUHs_b8uoBJ>D|I43#zf(bj0<=XGrbf~L1hrYiOld5P(J^(*xY;1
z&XW&~v(k-xQgj!sz0kTnL$7C4p=u*`0RI({0h$`q4;-XjpY`*ueO$p#Mx)BxOoL`)
zHD>aj*;M%-`t%-WZr^W>q8lmiG~^QtWRl=he_Dp#>G`f4DFz(q#BK)!dL1u{W+hsq
zfdCCqyGhMm6I%@7iYkY*y3(n}x*E!9=n-oN-?twXVl0=~`^YNKAX`>&9uHPMHu1Y%
z6VdY;pH7>T3I=ZtK-Du<-4(_rEn6#+ySGFniL_JNp6jQ|zq4=|e>#$1GGb3kOfI}Z
z+e-Iy{__$()M#*%Ia?Q_w-k6fmYD}HVTeLHUD-x3AWKti_T&Fv6S2=_%HS<lwmSM}
zqtN^U#n|3?*-zBfVV8mo4O~$SeX|*HXq!%VRKALq3~O`}#s)$9v?CBDO(nvewBsCc
zY8ipycvbS~=flx)r^Vs#->{&=&&YpRjk~s!{<7j}twQZ{|4^+b{HXAnk9l?GU5c&e
z;bLX~Mge+H-G2>psPs?FUH-%;(cYn$mrBit7@RFjiRF*fut>{bjSc?aCV;eerNqN;
zg3Km=WLw}oEXh1p(J*r8&4Iko`EjER1dx%FGrSfc6J~Yx-2qChVpGV&e4xMPrOab;
zedb9IWNQiP@H~jmLK34cc-)2k=J?hqUcLj`1yQa$oYyvk<*Glrsj~2FO1>im9uS>m
z%N^YzDDP1UTQYB<1-{X*)A!cQE(DkKgW#s&Bb475_hYtquh-H6(abQl@38lHYx7O6
zqd=`vWU^~&*4*vE-w<qjEW~TvGo!P~YPmU}AvpVw6&|;vbn=El%zp(^V6(~e2}SH8
zXAkjAW|H|cToK?goF8ZA%X-)*#%~XeUAV^&K|V<_7CF-YVaYbLL8!e|D9jD;4p^b1
zI*T+Pv6r<27li26g3%o6i(9s{MWz@9q*bJRLMz^8a=TCf02)NIF%1aA3r)Dx9LTqt
ziz3;+gH#*v)Y_3%0dSuIV2Umndq;j$n<qFZm2eNdTBI^J+yaQL<Ddz+li`#!P0ovP
zy6?p+BTKEw2$m1wY=xbo04+ubop-y7&?wx{0++HqvNipJ=RDB@iUgunr2B**_H{?2
zdphO_$-3K^kXN<S)Zk_YtZAr4*J^$j*J;agR}soB(L0`>@sQt0`LL3mJP-K;FAp)a
zG-zhtItybHUmZb{_(+=MxHgs^sK5i47k<YJ>AW+EY;ZpToXZ#mNT^a=L_h`+EL?VT
z_?{H;o~8GBS+?_}zGPmbx-nLrZ{fXhw{+}lQE4IRO6ioU>0>V2e{WtS+BN#LpDF^+
z=6J6kJE}mS;?fjJ)V&jkps;|9#p?%^Oxd{wRJrk9^dbvZuhD-Q5?E+iM!?1pf%~&%
z^U5f05e>$YuxQq3B^GrYc;3?$+;zaq7GGN2!$!07h!Nx3OL6R)@1HkO9=~U6HzPXS
ztd?K<BMX8Rwlmb7WgQCPtg$J7#L+G38dHS(rb7?6!xJ6=t}7A82L1Hege==pbv4!5
zuKy!-7E|Fbq4FWf4ukJgTJY8I=^FzI2uob7T&%U%Qkh2cGbJoCj@?`eR?YoUB(CC?
zb{v1k5Cx8`a%f4q2bTO3rTyp~8HhP1&W0E6s?AICDuk10O9FrhY-g@7H0UPQJseLO
zb8GW-Wn*iJ<*#9J^K&2T-R;8{aean<#Z<%ZaR>F8WH&;bWo80KY}!EPF<4748W{jc
zSFaicOprw2-wU$a@R#Eh)|(v|@9p5L0nx;ICMkd}RXJI_5RSWYNfzvTbHK{17Hk$2
z-m<ih_<q^p%D(693Z4y;t+Pe+#p`muS6;L7)b!hdf;M*C{wM-(A6`#x(k<V^Lxdw)
z>qJN}LneAv#QA5JIDWk|_=|2iR%X9U&+l#F8_}QFh_cHWnJKj{P<;GTB@s68o)t%;
zA4WU`{aj!Rhhdz`q(Jd7ULCD%LIXs|KT-bG%V2=boM&D-n7l?+B{I`ZR6-SnHFM#K
zY9rCOwykZ>+*~!iP#E71OR~SRuE{;fE_v=CgE4j3173;$c+|&#%$mf_Ch(p3Ek<7f
zLT#bEf=B97TM0*mP%R)r6nTq80BGH#T3z%xTa17J05-R4HjHTHNsF7$t9P1K_Z~_*
z%{<e`OitdFf40aKS7q9ztc~MGQF7h!&PU;e<?HNzWaF~TB>A9{lXlxpDmv#H4zx;u
z*Yo{VMhzbeaK}BS#|sw(Dxb?>_GAb~(a#uqh$gl*MQuWU3OFmD+p4IJ`IrtyGpBm-
zsAAANCN2`$hCdKfX&6p2iq@Fc8@L*IQKpHH=N#M~=Q)4?w*z{wTG#+2z!0L+SI;Q!
zCiNc>k?|UMQt_4+gAS1IY@mr|11+?cJ#$E%de?-TAR<|w)W~lkNG?w6+!s*i{RbSh
zP@Lq}SeLXM^=t8uEw^YXwj}yS!b{yi{RW0X)H$BuOc#2_G4HG2Ge4PTPfd?J9ZqLa
zqb$#@MPP~8H@Eb2R@5L$nLHbc5izca*#9syFt8U|4X38%8d*wg5!1h-E-*$b9yz76
zs6?F(qGk1~B+TLV)9YzWQd)^u_9eLJ--hDIh6jt8QYznj3`ZKXINOF$C@zfuf&40A
z5BVqle~D?QvHhG%f1EGWzY@~@yR>#w@uYG8q`ej6q2OZxy(jL!hPl*tNe1gRs#PQ6
zEfebgd99Nqo3j6-fVwEk$^(?WZ8!RuL>{_!uM?lHPMlDffJ)9xnJRM?Q^;tOQyTwo
zoHP3M+rv;z2{#h3{J%eNro9;mm6mOeHzjI%elL}nQ>Rt=O%__ITP!~Eo^bVAY3v#Q
zPc+zyNq7X@z&PHp$R*oFoW#>q^6zVs3r@e?_1P`B8N7LW5pTRXaacHY`vo~?`6(L7
z>#Pay4bmt?Yx!QVchoOmHH<N97JWwO^aFXExv&ii9x;<k;@@(Ub0CQ6mc_`V8g-Vc
z_YFw2DgYUy11_os9dm9_Z=ADOopK(V&|#&NAIG?7nv2qNtM$sS_^kW+7GbZ@9hRn{
zz?+g6tW9wKAC^X!R2ADZb617{1ySx+N!x+|000<>;cWh6R}2eZzHKzC^QH9~HnO(F
zIplv4(hwcQ7VzqO$eQQZ;$mt}xs_`UE65n~9)XlR#|>PQP8>v0Vuj7rZvLMcd7d-k
zos#1P=o!2#XkkKxCO_k8wgvu<Efj=C{;24b=+F6IxAJFdAPV>(Rt&T&cJmT|J^-`7
z4Xf9IGmZ`MBMILj25n*3bE~ghk4HpLq~;o>vx`a^g=}=mdHP8;YS#@%My6n7CN{|J
zHwTgGCt<UHzh@c;Ky%1F<cHZWXk5n9;bxC{LUr;#*?bU4_{W)kAXRdbqY-il52*t>
z`+1T}1jyCd1Fb)+?iN3@|G$&>qT6omkr(J$nm#M#o7qM>%Egc(pLRQv+`<`H(>z_}
zn;l{&9sh5UuPypXYpGTeXqtrlowcJeU10^yMq$X$x`VJMa#RZ^Pbm=|N4P<rwG}dS
zmXZPVWZ5VE0kzF_Bx0GL;#z6!e`gY(=L_{O#I(O|?H!c-X&is)FGYChco@JhN&Bzi
zwWQu@tQFvy17*~Nmv97)ux{*pt4x8Oy_H$I8}bK?fPZl(>79HTki6;IyoinsO&hOG
zGkb$<|6Oe+jF~65^V*Rg62Dr4*8hZ|hfi80&WBizag*o66N+qQ#BH<7ppf)SY5g6~
zlh=`StVegCvfIOnfXi9A6K*7FsNybqDwZTUoN_bz1b^-nSJu&64|vUNln)*J+hw3v
z)|5DyHU@g1w--|?WnkRsFeLk1>c;L?2PyY*w3XrS^iOma%f;?#|G?&$YDS-mRMg$m
zYou3%ZhtZm+Qh;gtJ&Y@a>=n=P-{;jz}C1OP^<O~8#BD)al760Arewnx(V^-xn1uL
z6NUhqzUGhvde)H~q@jYK00FberFUK137v)Or~f9n#KBszva5`U=xgNA?SUiew%obw
zGW(JTi<HaN+Lqi{oF5`!H*<m@8M0IZF~<1d?Aq5%Q8{iwhALmBhj>>&aml6JouTW|
z@ih7Y`Usv{04?!GGWP8cfOQPLTv#*)ZweZz9fy852Ju+>&>W*wEy#7sqB|e{T~`)I
zs_aUMG4=F>I?;ylp$Dr4+HUK?1YN^K=&9%r8?KrAmE+gYW!=9iXsDuhEfd<|jEi^m
z?(vanSr#3xQ|dDCW#oZ%0FI(%Iv}&=rMF1}m`*vuJvfz!Ty|m?9+!lE480X@05toP
zS>M2$;ArJ!2I)N!i*8uk-&k2y`<XC!BU}4dlk!jv!LMCH21$N;W&8T_5B>vOW)c#e
zlCKp)?CD>w7E0TDnDM#mw_&|$yMln-=IRcTb2D3-IVv-xwd7qNIB=ldrw$l+j@reK
zg6Qby0l4b=m-_sI%xhK#5sNX0=HD}S)XV`dkxL9;gO`mbRn=OasO5^$v^nig!Igpj
zw!n3A(a|?@w2M>jIlf71QrlEn_u6X$e4Urqd8_X0)^JL6f;+8ysfFEhSiYlR$bKv?
z$I@d+WGt6Mx-*X0is&CMV7iIF{$8&HK%qB7e^zSUl~o=R<WECVC;4zQcL_9>BU_W?
z8|nf0!Ln=VMSRVbTX0rJ&LxFrSV^)<iC)SB>2agR^i&+SMYCrI(%)qC-s$~ZchF{%
zn!Z+910nX&SVwDK(PG}GFA~eMx_yL}yx0Q^G)#!d|9H$wDyO*Rc!eERRb&?kVx@%4
zIn{B3ImqUevbkyUF)DbdEv|X;Hka0{=t(m)QI&GIb<pSthEcKAof7`ci$H40i|w0=
zcUi--?$(NSSc%&oen!}3@|im6vR1XliR`HvafE@?jo69AImUMUl(y5|zElgbqnlu!
zZ%@+G49pkOPkRWtB^3*v;j*ri8ZfFuw+YrEHK*X*l0O1>XE0sI7}m-Eu%-0zYd8c9
zUhmnF4fN_H#JeU$0s`^QxV2}OfclO~T>~+ix`f3U$4bl?kKAp35!<)09gFK0`aEH1
zGJ1iBmYi@ZkOlAmd!S?Pz<!P)AUDS7000AWH}QN<8i<fDz(t^#JSK)xL?&>Z;dH8o
zMc{8q*DK|_%E6#2_5&+fWVyVirV%o=qVSi!!le`~u0ipxz3|9M552#OY*n*#)A;FI
z!hOTfPKjAulHfGv3vX+mjWJq2{jhniwQeM;5~r}NJ<Q~;3^=Ob+%r+f&7I$CQ7A{c
zAOLyX_*KzI9Z28mW;yp+LTWEixgGieThXm|vfR5nd+^KkJvO#5t!Ms2E$FNH?W=4(
zae=?ipniq2Xi{1xtBIq-K4p8F`ma-X*G*sNZ1Fp3&cGa{V2gKUL+b9i1;qUfK{k|I
zS10@NtuMg594yL_{%~5&u;X;Jvy6Ka;pr+{ne+@UX=NzZj?mi&xW0S<%Dg$UXms1V
z6}hSj`|zFrow<*Rf6l+*k6$Xyi|L$#oNiEJzGydu$naI!cjI0r_povI8G`U+SR_JA
z4t(;f{W=VX*bzBnZ^z6oaRB$@4;Knb?@y9D83y34&-e!_;l3-3!pZT|5nFXJOCHjn
z?~8B}IH-VNe}Jt$<&?n8({tttS`SaqDLsYaVi+wf9UQNz!N<+XXvZta20HQ^90(JE
zikr*QwM!_gD{G7hjdoxx(13d16)hLDte))6J`Xd#kyy>#T7d$|3qAjY|FBwe!2R@I
z93FLE_~%r!0<)X3Wwj~>74C_C3-{UxV`HH3T$GB{XD-(28C)hMBG(Y}RePU8-SULc
zIB%_na<?qslM(0fv?U(WqxA)f3C?&uj~ah>Tgz*H;n_gI-=NESG4w#|Gaie~(^Ehx
z<T9q^?Au973nD%Vz19hL4bcUoeJ+njJwhO^k(r;c8l3re*sBKXx5nf4_V@lnX?pa&
zeG;Ec2QL1Qdi~{ipGF<Ho78)k7%nd)cb6~je3R<k$>|T&;`3wTm-EYK<Vp2b?;=G`
z2&zciCWzW{WwA{Hz&EbfSNI#jj^kQ>VY8<mLi{4fQ-%|B#{(he<tfIDa#1vGUna&E
zZ2DM6LM|)jk609^3-0q1!ME)ND8eOvkcwOv4PwUEPpPqQP$nT7%GDNq_LeeKXRd{X
z_u<mD#QU4X<XzjUl#=%vR~M;{6xw(cc8_`8JG51uV0C7Zhf@2&4#Jje{lvQ6)wpz*
znJ+*-VZ$N-@R2cs6fPkRAdGUd_T?Vi@?nAc=FAGdE<yOuuYR73OaaC^yV<I<$VeLU
zDRzJYFL-7NFZeiFdh*#8&72=geUsCBr}c5)Psdz6Tx71z!K2T>=KC(2VUoExb)?&z
z(w`T(Iu<3HG{`-4Aq#Lvm?<O&aAg?hwNSJKlYqP{8KAS<Q_z?dcSL!4rbl>&hJKEo
zK<-P(gwn^RgOv1TgJqkGCtwj7n_A8(>q`|P=3ZRCg3+X8hE3J*5R7wjtZHu5rL+3C
z%&Kz@Y(OUH0|-Dy1oz<~P@QC3BwOS5$}$TD+zb#0o?|4^d!a^pE%rj*Hat98?rsc|
z&$ojphd)2mHQSbSH+$uND>>X0Iv@SJQ-tA7<aF-+15V!e@etMC%Pz?cqTHXf`z;R%
z?44LIS-Jg*=5)Tk*<zcSPvfU~(62(nShI_XpMV_ifeJKR5C@4hAQU@Zl#bJo000I6
zu!tyZ)%TXFFtX#uw^B9{>Z>6G=&8exCe3&#B#P29Y*~>K_rGWQWjVvVn|*jtKb7((
zW>|Q7k-bjv^<HAn@Sv*KRhVwRc)<BAAMF`QFwz8VLp|sr@=u97W$p`;O^jB7-F*W=
z1hqZi!Xe#1Bx_rR{{fzXzFonUe1!Kyhxi$o=!7b@%a?Ao#03KMTM#$g`1vZ$;}1K*
zgaov_U;w27Y}jn?f9bmHGvB+$u$!k~?$&jL+1UZSi@^SB69z^RsuyY!(kw`Ag%F!T
z!p&u*+Z2RCYsYGnKPXzIOJbJ`trhgKqhSsAsZ!N}{4YN99*sD%%cG-<PBRt&%+&Ag
z-x=12F<&Igs_`Cs2%RtO??31~D2q|^jIQJ7-3G8IH!o9hU)*@X=f`R0B_Bqa-`zVQ
zmm-4)cOlJ^?rNXw1YIL~Km1VQ@IEfwL6MN0!MX3J`*`#G(yz=)_}igCKbh42nRO*E
zB3>s4()}+jp?N+ng+Nk`PbDzLla%nnY^@_$oP)1Raw%b-PiGP+XFwoedMj(bJbdAG
z)=4~MRSnBI08!INzWurO60f1L_&~Z)#qJ$Ih{Gi+py{abl^UZvfe2Ut&m}FbgsEYh
zz<LxP&ok7>TmL0bScBQ*MF+A~FXOj}2)leqBDoGYp$-Naj)C|TUKN{@uJk);14M(C
zPkCwOGvk=6?r&1MiVhSOemMHg3CC<CiCS+wJeVlyg=@WCct>;HZc7}yD7WnQIw=Hx
z&U4es65pa1M>?ekTA(Hx`!FNFXy1eE4AA?Y+|3E^Z3f$Pz~ygwy4+Qvj+sSpbCUh$
zi2J;+j*yh{`j=fFDjqEK9piS)z!8zpSwxe`+n7U&-FVgxsJhkP<sPu20MRcIM##v$
z;ZmAGI@%yml_2;BIy74<8%n<-m+~~En-~lr+CYlappYG0w0um!#A2sm5Q244yfG_P
zCMT8X>oDf{Te)Q`=mUb!4V~!0n6?em&iJTi>#ZGTn8ue5{RWR1zr42LG4ni}T~hOr
zqf&`U7Y7TYBS0jq3wer+$;Yk>7EWblCkiHEHg%{CQ7r~Nm$+SztoKX}lc88%&YKDz
zB5DSR;6%43FM+YS5qdZvULU4BUvQkS3RRtH@Dd&3%<pFjxVCvgys)nn1)r681xS~3
zd0|zHaJKvWGJB}*C1^}h=3HCx{GBwsiUo;3E%|~haja=HD30HNC+4XF3Yxb83QpWC
z5K2Ks0-Z6?ATC~E<8W1bGHLg+OFPwb2_hPD*{GLoSZ%h_$hZESWh*z1rs2U|@v^V#
ziuEA@>NEm;%^P$dZP{KKE9P6Am?x6P==~c)_gbOf*c3Xh14|nOD}MrPmf<iWdL^H=
z4MZyO+5SqplA9RdMW-z$HDX|I_NS9lfh9F}`BvT;r%GqjEg_%<Q5c}|?MCdmBbA+=
zLPsraL!BL|k&iV-k7QnAYZlercH_?6!(D#grxOXH@B{gIoNr0ev`0pO>bnwwH0nj+
zDy~k8Y9r%#!H5J?Wg;kX)BpfCDfltw2ol8qyYFHeLCYQNRXmD{6>VX=z*QO35?VEi
z1EUs>TXAL{pCDx;DaqfR44hYtR0NOup1Y-28?8Va=pfHQ`LnBE7G2xx=_7gnZ&}!h
z+&l@z5)iTOYdQ6sDQYMs4xynxSe^U-=j5l++IUz3mxKi_NuNt#%&Y&&+3|b{U2+b$
zKqOw{O&E2jyo1@3Mp!mBtD%>jusb`DCj-AS6M~2%6ns2ly1X^X=j3%<bO~#8V+2uF
zZtffis2Lo(JRsg`4JujLe4unySD`GsxECk*WK1vu-w|wi<e!Kt%M&s-`5(emZt)x5
z0g|shyMMd6MVvAOLtyl=U1XN}DgXntGh_~Dv!B^#Z}oBXmb00B;H@S^o$f`usikGo
z-hUNeVb8eL-A>X|zcr-(ZsbRabaEu@_^2|astTl4%X>+(s=sr2H2qGeSb-0QM@RAq
zi<<cR4%E@V&$RR0dk2|Bh0=5O))U+k9jFvIis~V=NIk>B3GiS@i{JYT>vxAm!gg|~
zNipL2ibIZjj&krkUH4AknnN@D%kScy6MuP$t>LUdvkjP;1#LCiwrL({?+E?5GeExa
z&r9-5tqySh=sCQ(lO8?gqhJ>~L6oyt17Bvh;o8h66os5nxuWMwW38WX9D7!n069B}
z`qV?J69-D~LX_s{jryEH_PIm5vmKk4YtRRc1yry^ZW|iR<T)=n4LWYW8HfX~ZOPIN
z=n6#6yi6uFucpn}c8#aMaZW6!sodZ<;Hcs0sd%ri*2`$Pg*QVVN~fk#w{!9iMB+Hy
z(JY4UTu4~K^5ryNc^u6wOvWmx3guiIdL!s;m*qwGwDQc1_^=@`-Nnh2)_#*DXJ0I;
zvf;P&oPA1FU>%*w3(jXZh@!sYdK7g=@logv0h=geG1QW8<!tTCqdAvE-E{~g<{K@5
zBO_W%mDsVGcP8ySqjCXMjNn-RD;rDPTk@?`5|ym*Q3wv&*I%UB67p2+Ii6b=cuco_
zh@;Du`+)DMB1C*wSJe?{MwIOt;6(m5kyN8VCHor9Iu4SwKbHFg*LcAR+D1S1_H+Ov
z&Ad5Z5R$MAVOu^vYRjCLpMBfh|62~qAU8NPj19EBD8EruD$dkG>wCEySehLQh03<9
z1;r0|^>IL-;dgmeC`ht>U9$r8G+#3Tr_<)saDWVB*4|Z!6V|LP#967+0VFSK(km*}
zk>$Uicn0&PQ0$3tmaRDRW#f^HZFI-v)R8C!b}+VQDj8r2a@}%<v=HwaTd<vf5gFYE
zQNna^n2omO&Itu;gZqxDFre$}-YV8cDJz2-`BhCyNav|rP8|cTGEeoB5@P$8fm2)f
zQ`f(W@Nfp-=4n3bZ0i==xf@?LCw6~Al#SmTrrcDTq>SGp;|p3k(z6QCpTV@YKg`-*
ziuglvON9CVc9|V4IPa!+rM6p7=O0m6o|^N4^=0B%c{5ysIQxZELnTYPT(PScVhcAh
zNb=vN#39^6L58`6JzXP+|3CUAQwlq32T^@Hm|AXahetM@o~*sd68GrtZ%yG@DE>$Q
zExW`SngM&pf{GXZCFjQc9TuOtbTNSiR7o|%?-`&&<DQwNmCayv0(a*K5XCleXMw^V
zy&a&;jLcv@EPyHcx~#zDk^2u{fB*nhC>nQ+NMG7|SO7rfkNgp*j?*#w%7KnM)0ub!
zb@@@On){E5rBG^&^jg`WJ@d{OgxU@kYljX1CoUc_kp2N8_QP4~r{(`=nyKP9Y$qxz
zDq5Bo%<Uq3(z!o2(!To{Nq#aGYDM`-ifWSdDTQ_-6KFVDudB0Z#*hEJ5WfyQ3Se(n
z&gA~`nvhr7(e7LaaI-b?-FU>udnUvraTnAcU!2o9>9=loLgD7`&IQe>I2_>`pIcIZ
zD{vCgHv8)WxW*?_PUeFwV5b{4@S45$-CN&vMt@5ei_QXAh3@&BN&d^O=qA?^kc@al
z_Z-n>MbQ=wr8&dE&V&UGH$X%7OV^7@^R*~3=<wQv?Y*yJ%2)i+)5iB|lN1|<s?b%?
zvcKE}c6~g=7;-gNC?+pQ=+EgSq?UO~I}mf)EBLt^uo@OmtiYHUjiMZ_Zw$>l=!Fd+
z&-HVQI3<43f$st9KbmkV3UU`O4wvi!^q|fvdzc_8hU{Gzgn-p^IWd$gKb70u9374p
zhDgy`BDW_i#tXX9_RLOo#xa(4eet)}(oVbwb-4hoAwGxKn25_Y1d@DF?+f7Es6zQ8
zxk^PrJ&?O{jEYktHuu7u4kzQCUXjq)5w+pm#lS-w8a8kJg?%^uTR>wcMd^$>1sQ>@
zVIBGg5U^E>ututbWTJq;BpkICG8<N~&K0jx+V9}>bYfv+;ToApg8$t1tE*OkM{X<3
zgf@3y#gPkO`9C)WrN9YmJ^(>%{Eu}|4I{}Ca$=JQeH}Rp+R(WVuXR^Gn}P-yP#Y@?
zspJTg9vR_<W#e79Kr_d10nafo&TuQb`#}do8vQf{8iUI2N54gr=Nbuo!$a+1ko-vg
zS3_3PxxnZrJh}&oga^1ad1rY%(DeffnQj1r=qHAE0~-dU9O`{MR2nRj-8HA58rDM?
zL6xV~<qZ&)oC_I-wb*oWhTjL9Ng>E>em#9nzxrvHZ;Ce#p4GU>UEyA5XD(T1U{CC|
z+@#z%iYst;`@S|khj9j9vY=azLjj$ii-O2fzUJG7TQ}k3iRrN;3wv%TD-(#I4vje`
zxK+2QF9P%}Cu9|9USvz1#qkdNL;Z2m|Hz~Z8MTw5Ss167+eqHND8b{V<*VrPv<G0<
zvaDqlc`0rZkDxx?4}ohkj#2`0005XAb5qs;0003C^jLeCkR$+PFl&v-f^r3Jyq){6
zHAx^V_qKcdI)Cp?(wSv5Ik}wWimW_V&^{mh4A1ka<Z*orjGAF4)K#%ylWA2zXDk8`
z5N<<RPa)+R(&@~bWQYiyW<3O2H-2ke$!pkr`dxd#dXqBA%5Af1^ju_N<;HbH_wp-R
zRuA_D`&D)zw3l)u6GX`OnCuLp>|+r)K^(~$;gYlK(4-Of$$HxZB=iyeHVZ-?+uJJY
zIEa6Y%Y0B-+*EEyH|A>xxDA8p7<gLO+R_UxE*T#+9xPfJA$)wu*pv|Rp0Iz6TxgcF
zDyTWsTn@I;2nwppV_U`v#&l?Tm00-uR=vWtDejofvu-}CW`sX~#24?P0tunayX&CO
zQTC~N)pgAGA?`cDygi8x?Kq&(x_v!+Q`~40VG5<phh8q!dvYjkI{rT5bhwHxCuQ-a
z2J@M@lJ$k9+{oEZN&dh#Ei;)z<{+$f1@rc~IuHaciesy{5WXI5j%8-LXF4(%KgFt}
zP7c2q_w7@V-!}bN;{sFnt|=KS5~v4c57jkHyE|gm9s?20VBdc-MftEcrq+PHVXm8E
zEUQ_8i5dg3^oykg#HiimW_tY~ui=J1kf-n#Qbb4X#50@(E`xQg2uWm;i)b=F!UsKB
zaXjJ+w&<!&hyJlJ@gPxKSKyxQ%DltA7=CQ|hVb*Pu3{s~@yA9P;4UXn`X^Ka?6eGE
z8Fx;FHTk=u<^vw$5gF^v0qvv9fc>V3n^W8XHbdKGs$0a=LR)5JsLjD!P7&aw<xhOR
zzY{wXnCaH9(3B!FUEQ!J@UJJRaPKy{IN0#$#7BtU@4A2yFuZQib{a_7FKeciAb_*n
z2aqAPDw9~vg3|NvC(#4=rhJ-anUsO#b~ut2{aFnA$ZNgkpxx$2ie6QGdJmY)4!#wL
zcSMAY7(wp(fIj4LdCDb=!!Nuc7rY)3ziwsG4J@jQMdHoybik2MA+Ucy+K0I1t>ho)
zLKWeu>WS+F#q8m2D@v{-G7%cl&~1!a)n32kci=%y!@N=_`2Z~UYP8}p>(%mNPyhe`
z9|qG?zymMYGM7|s{}{XiySMtd`b${%eBnw7Q((L1-mH*Uwy_BO-r;fsyGu~K=l)q=
z9>?f4vW<Nk!9S*d*cIV&A81;IG);$=0Iha~g)5c;H_$Q7Gu@<%%q83-pLE6jeQ)_m
zUq7F1)8A&pad|*b&n*yO9NlZ%@L@d}DcE?^s7b)P-TYDXTih(@+3$QD(_~*T@dO7Y
z(p4dLk4qQ4-HmR=HLS*psO@x5xS54y6#coZh-c*HXl#rgS{e(D91Y2CWR)(s9vZO`
z@QDlN-;``A?}V3_4H{2Fbudx$y@KsvmUNgHF!`t-hlYSa-7mIgTIOLLLkY4HD@tGy
z7{7>9oi9*{*mLVn$!fO9mB1vXQ*OyMroa7I$g>0vlbHhw<0w9rA*PoLdS#ICPwiUc
zu({V$%<kMUS$JSY{at<Z42R5zHTl89+{u{XB1P#jD3`b=tR5lqus-3L$y5!zFt{y5
zeGoY|M5tg^+CKWbN0((T<(p-2H8`|M;B@{OhmgAFSw?olx8(e*U8mtE%#Gr^{uD;<
zTTN2GknZ18*vu9x=6hk#CU~xD+9Tb#HxQ0a%9U4=tO5@!!?|pL;q3a?@?N<`WIuY~
zwRjEHu<DHS_%H4))8Z3D{8WzwIlWkzNSRjO+9s~o$mnPN-0yRZ?Cfr;+_P~!y;*h<
z{QcN0Mz`#A>xJlz%Lt5lMI{H2YC@a0K&}u+M@v5Z_`0E9A5Ev43Qze5yrOB26Gydc
zZH-MTN5ikD^(X*S`z~qjRRJnoX01~0r+9^d)CL-YsX~4G^)gUIyWpYWD<VZ=dpmyM
zpW5g?ahIFz4I^BLusY2A10cO`BES%p{uNXc4=0Ct&REp-<6<M*5Oxt0{!OSxb12<*
zA^jc&s;`r)WTIp3xW=Zg$gRLUQqpCL&ixFsk-vQY6woB`M&N=PNE_AZR^uWK9WJkG
zO3N!F_|LYJG?-LPr*nA+`OtWyRGB&AdXuupRl~HT-{?v&)<wz=bO+r1yAp5Cny@FD
zaDZ4@mVf{N007bxgvoFO&$)4jh@DzfQE%V0tMHVuNB_@>D9Q&y6~_AShN_K3><-*z
zjv@2|=-RO(tSJ9;owT%`cbuW>R<V}I(gBl9R*YEx9GIPqM)(+&?r+VObg`^J^p#2F
z)+0?PqI!0nJw;T#q(`}-Zq9`C#R~`=iAMC4zl{TH58d93I6P509V15JeoFV|^fIY5
z{d_ul$mG{`!{v5@fi~21ddQs3PH6%C22o-THhc|IH*0rd$1h;jw`0YEN!9!msX}2W
zm7iIo7;>ckaZ(_F8k9k*yr^&dptnyGK0lAZRc-j!?YcH6b;h*dM;_t#lab8AWcXdC
zmL4&L0`S0LD9i`el?z%SDhC-8WF^axUzP(>x+l4ABjp^3?^`QB9y^UTh;A338KcWO
zEq=?K2wKCous62S;1lJ%*bjQUH*#Up1iSzjhIf@cwM|8$qe{Dmlae3Jd=h!@vsO%9
z*Af}o^Er}sot8}(b}(&|6$^k{loo3YDEQ^7J%np|H4RvRH|3e)YRzaixN1xuYHokP
zwOf6fE*bKbj>pnA47n9+YqtuYjJymK{~2TA9Sa)**-#jh)A;!;KMS;x!LfW~;fIu_
z!5usLC;MumlEi?ASjO@^SX(ABTUOPh&!X**zq`6>P}CSdAjpIASl?MmTq-C9)Mz8U
zI`_abyLtcHO--e7JLeZs%4w{ardel(UZR|f=<{Fu%?>7bjDu(ha75&SRO`?O|6IBm
zjkq!UT3Ej<Y#?`JhwMJ|&rOhUe5<`)k_7iP|1ie`RvU%GuNjAv!@TD$DJ)>G|J<Mk
z2P3LvzW1GI8;cgd;n}h`!=F-Es-0lXR2NGnN+|3aPYYf0x#~Ka6IXs<_3G0H*9iA;
z3$X1poC!POw!CC#&>r4Cz1JdtunkW4sL5cx8@Z35U(b@!Cv)_wF1=5ZSKon1fKXlH
zLh-p9EY^c(Kby40qb@n_l)mcdFq^izv>VdmPP4K>`=`OeiOtpetfG(r00DYiES&UF
zrx&P)uf=g*jf+O8so#G4HLr%#@z<8Q3+FVao9yZG2iL8b%N#@VSJjn(`Y_~n=I%@p
z_GT(B3jQJ>j_Ecc*`9s2(7&q&c`mb|g4bFT7$3!PUX6=Jx1>%bWSjumanKIk_w&__
zOn3g)`1}~6W_2eag886cy2<}{9;9%CTubyr)K3%Md_ybMfali|qc5;SdzeQTN?vVy
z7#dahinbJ2tLvLtqN@-GLvN5+x)2wwE0osVR<i;Lz5MZp`hT#8&w(b#C*`N`{oKcf
z5GvE;+^YC%Wp~4$ic5D$&bH%Uh#I>)o7*ZL!o=Sa`}7asFO+W7&6V&;U_qC+uoXLV
z_#jarH}=cVJq8Uc-l&lhzekG|yoLp-Wh(d;kCLK4<;&(0KwUjM#gkp?zhC&<8UV=o
z!1(<N^;+6&z7nEP+u`+UN+lJP%xqDTvG(=y=LU)Dni<vnuIR0aV{r67?GSPPh|siJ
zbde!6Tt`7I`Dc_(GNp%PI$xg1=F_exLN@AlwwclhYmr$R+N+%q8Dab+&)Bp72IUl$
zI9ZlN;1iyJ&rk6q^az!J(NovJqkav6URP?BGo9hyC*y50;YX{}eJ4m&qOEXtEmMR3
zLRS<QP5y==K*;g@o#rf`*PXnFlJ(1{(8^rd2|@%3k$$-%7+`$(ejC4btYU_GM!W=h
zx|~j60HChA>fS6^FDjM8ZMb5U?lB}(EzLFV<?=HT8<3=n4e$#%Xud3;R1NYtf0y1-
zS48Fmx81JAv_aChxj@e`?ek~PqGGlh4LBp>vw+<;vLmdeH^>n?ca8F(WW~r=l;=UZ
zf9rkTUYKO6Ixu#tC#<<EH9;4Dn%zDa`czb=I+(cN^rbglvSXMrWhh`3-5!X&s^}Bi
zO?{E3z#D=&{4WK_OUESt$Z1p^T2uOUq*yMk-Ywq>lSbRhujXxP-^eTFMyRlI7NY0^
zX@3iTAKL4=5WoNc07{$fn{{z?F4rEc2pZl<2vdEk%a5ZL2;%I`_4VgA?d`O<hA?ZN
z^SS9tGK$*SFVdE|ylnOL?m@Z+7V8$z<D~jgsTum#l%4|P)VDBF4vJL@v!Sl;Ol!!#
z9@+WQHdDr=_}QSaWh!hrBj`8P-0E7rS=)qyQa7X%{23{2zeyE#r|`mqO$H+}GFQJv
z;u&75WGO~w*cyR#Re=<!Ni%qNd^&{ocDR4-)TTjUuU)mpAyX`ATiXN03W|nFyBseh
z9)J7pL8zb_ad}!>Mcm99>|Fp!BixZr#*U3P5>g7LtKw3PIrJu)gx9|OO(|bl(9%OG
zEtbUk`OY_}*(sj*HKkz~Z-ycEGYpWjOub*Erj=c3pC|;Q<={d$ERc5<Wn1CKscGgz
zh7feNQ>yEc!2Lt@4nZR!6(7p4LTrbx!^2Pj60YY_wR%PvxG~ywpw-W%cGC6CEG*%1
zEUI{J2OPr)gS2Q`d^EOMbbQzf4*|$1>F3Z(T0_eF{`9u~8P+qlsdK1rf18Jkbs!YU
zmkoyh9+jtHF6jc$`UrwV2!G$?pNPoi;T*ow^?y2}2>U7rtSh{g81WggY7lD<=gt`;
zk0)QysO2kiW|vgT&LG#W=af=zge~^z5|YCeaiRBrmLu0vHMoS=zW4Lzva{CcZRZ95
z%vp-MhD#D8x(gzUcn)f9OaOUcdIVF*B3qMbi|x_9Q|BxvU?9jT<1qCz>Y1nYI)X&F
ziqx7;B4Om3Q7nRK1DikP6me`vn7$`axGsS^aUQ@<#n0|TT9rt6xHNZKtb(RZF7KOv
zW4ma@%3pWDcV<}kGIqvcsbF`iP?_uV06?<5d<QQ6qf6v8rnkS+^{8E3E4lVNZ?IRp
zDSnIzrF6V&;hgvHjV)Ils}{5_=r29ayos0cXnxYFAFuy0;I!Ivt{q=^Q@SP|y`5hQ
zwibl`tZZjvQi%WnI^=)^Tqk6@UMN9kD@H2n@?tUWc9&Pbt<8ngf1YNEL(>1EXK(K~
zPMmw`9Q8nrl^b?iT8t;{nPd4rgg)u@|J=YXnW=27grd+(O-!^;RMcwq27!RrngEZ=
zHO*j~pT40U{|MsPAFk`7M(=s7@yq!)9SpbZ<)IBNsvQu0_1d=@=lVDAC$66Ehitsm
zEL$;QH55$&QuPmy8JKYRbO|+Y-a6a6v1D~~99#u@IInrjf8ts+BzdP{`rWEE6S}u*
z&{F6K?_q@qi;Y)zSBo@n4U+-}y+#FYdY{wKL}t350Aspo$uS&I9h%t%1T_k|6MR9!
zrubq7BzCI!<LMO-;1glvg(+I{z@RQTgXg3P0u$w_r+55DE)u?EhCEzVMc8jI^mKGQ
zgqV8((>$HqC~=+*+f@GZdUD$FmXpIujmt0VO5j409>7n7IT;d3F=~7rSR5b~`jBOe
zCJp-^<DzXs5&F5kd)bbzCYiPHU`4n;;LEi~2e=o5&#XxwNw{;RRIOE<hc*I)Q^Y|q
zd&SKaXffrv9-T_H9HXmdX@h5I{O5XA-7@~Ot(u~6HeFsj<Xn>rUTb=u#hi|7g4GUD
zmu8D*Isr&xvYgC>>l;J<0+kI`*^+=0$08!L=%2U%es|2kx31pA<R-)jv*jtHP<$so
z&uo89Vj5)&NH8+*2JE(v%nKQtRcr7-6eX9<sLEj6_tSjjQGft3Qp#0MP%<2^n}_ms
z*Q_l7b3n~Zqga=j%NsBV^o*Qz5bD1GhCjtks#}Pii{H1^(ryjdIbkZuI=VbMvvm5|
z#^l$|(Km3Pl~NzQfU9;|3a3(gg^92N=B|~8^0oD7KPr6!_^IaYTxp_twUe9m1XrN#
zrNitvRbb<Np~qAWOhu+~yuK$S{uD^e^sJC~;RLXigD>co!^?7rLi5p5dVh}>vd_YX
zU9d?oeE7e^>OXCtj%>;a6_&~^Giin3D;7_ZKWh?(mDtkO>~2QUeV_oelK=z0vxgu6
zujbcpTahYs6r|{WktP9Z#zx!Bi0FeAqZM|K!@?NXiA}9(A`k7w0mUJ{BQKi@19m?~
zfzQd`4a&B(GS)}YDOiZ6m9x9IO!Qe1c)W+9YzQ|(hfnyeIh<jChSrb5@%xt+O;9Lm
znZZWt>lfI+0MF9{9}pGeK*QhVaMS@=Y>`W@-WLqch!Y99OuEc3830Y~5p4Ex2c{9!
zhOjn6zW3g|q9K12t(o_Cch}>jS2dTWQ59alQ>|ct6w=0$oRM`!|AxDlrO~&{a%QE4
z%Nb2X{>%<f=Ys_}$^)IIX$R7@iss}b>41}ClXkCf&RH36Aa>F;0w8Xh(8?kZKVxak
z+l7+uTRxc9tE$OP5IZV$@p;55ZKarQPzztY?>`k`#bn-!z(sxq1D;(WFCgT>(qn2j
zh8}w_&F_3-04!~SU)^#FAD!Xb?stoEf1asVv#uHFLPD%s{sam<><OL&R&qE^v~PxE
z`Q5_BcplUvjAUO(gxQYne7Q`BHFc5>e3Pc=d9m8w;}pF8FMirmR19dlEw|PJ#+H}m
z2cLLs^&zZKb<I`~@;*PcpwM$SMYXdWF`N;U<=ojCHq|xym^;kQgUaLT*<WN5r0Fk_
zYr&|d;zz16esJuJ2<<<xDy(*P>^x;q-%)FHRN&54RgTW;Ci^|P;owMYEza&M(J;`(
zRTq-E_xgL(Mq();otGE(<HjvCfz#56o?#6a*odICNj~6cjlAHlaJWu6*APLY!!O>r
z|3fV@^7?FJaAT}WLUhpV+PM&h@YES-4!yZiS51Ghp9s}H%~FLiE=9_lRY)3e0r2b{
zoDf;(p9tzfeyj!f5V+m)>0Slwq|!jGw)tz3b&P$aGUu{4-Hu=pzZs;sO))2X^Hfai
z6a$=ZFiX5Jm!~O+n0~5@{<us@@7*)_8`a1@Ni%+TF9OTBYm8qR^z|;3{HtLUd^$x{
zzi|zgze~Ph8+|BQ=5cr)&}2feM`2L!Cy-zYJ&phX07XNPbB$V#AQ`gu3hRzR<x8I)
z7^QvJ#xByR5~sC!pSaLGggMiglcRBwGjkVFn01^Ie9nf{@fO27A?jBXsfb!I&nJkJ
zK{v+W*<Swna7XeX`&uC(#6|Skr3e%;JTn-&WOi4B?Ts!OoZG6h*{l-kDoYYS{QY<?
zQrYA@1BC(Mx+R=co0ngE>n*_=)w^KC*3Xqbh%tV^tpben==an%Q0rTJ<LyhQXhU-+
zUr{aTq;Apj=tskrB(f654-LB(n!QXGV8yMGil8hLFl(gIM`dJp3IDQRR5oUJs@IoE
zSFRsYRjr5JnW|wu1fDYB{sulAU+1HARVLUCZ|6|2vzeaU$1F0l!1+yhsm^7-DE@{e
z558c?5wu9TIA=#3k<$t6858vAJ>Lcmoc$3$Uy#A~eUnP|Iqg{VNB(+9NJdpiPlB-8
zC(rCfB$rk{iJ$lEJ2v{d`LursVcpIqi7%LAEz{Z<G%;sbnjaF9GisUG3?ACQy<~uL
zO<d2>g<c%KLC#*6>bNPtaCWJ9w^jc<Y?o00s-4Q2E#hiTisXzba=4yFG`N-rJ=c1&
ztGH{$Pm?GYbPu(VZ@Hijc3y<Bw8=y71=4i`mZ2~+fTxjCouYU$Kr;+Q3da!8Otb-=
zjeg?Q`7yz=gbGj<`M`--sc+KS8#>tD`jU3Vd3Sp>j`2G4u5I!#T|&;h6-N2IPDGJE
z{Epz0L94mKGEi`Pjx^B%=>Seg9SMI^17IfQW&i@I0pjszfa-Z<jQUKRjn-fZSy^#1
z59v_~Hz!@hf1qK1Gr-M2V-@BNxs|CPT_V!3KaC{#F+wNnie#c!8&Ntflg;%})6qk4
zYiFv}q||i$Z6ync*}fH@P2SogR{HzF<nL?N#T<!tt46bSkjkgN1pXA&xL;J2=A13Z
zeNq|;Zqj}0@BGT4ntHuoEor9tX<7XT_!BniD`$fb!Cvqd<pbn9do~|}b_P>0`2Z3G
z000v#0bZ->xDGIG{a|U6uHsVxwg;l}ML;XBbqTt}X%Ib?eFMh1!C9rZ+|Z%B%1K-5
zexb-xxMUV~SaXw9A;x*Eu;+Q<Is1Kb40z2M%$|E9Yi+TkhJ*Z%GERu=(E4(38|mGq
zLH`uHx87!ZruIu-s1f8xZ<P(Ac4?izu=JFr;|qk2j-@}+eSxs*0?3_)&hKqC!a??Q
zPobJTK@ITw%R`FSG&4Kt^}y>x+D9PRCVYUIPgYno$2pluuhKE&uYQr5PvAreCBl8X
zl}M(!hmJan9RDndG}dPqJK{4Wvd7~)3!a8@q^lv70k<O1Os*to3ytAOGn#GL2R}bR
zNY?t&bH<ROpB-@bpNxy7#P3WhF3DV8i|8x<s`7Ncz*&*Pf;tAFNLzZ}i{E!h<Z<uB
zNMP|mKUZ{U82YL@{7JZ_Rv9}-@wGP^$Der}hL9hLyY_d4zQpCNHcc${0?5c4zkTd>
z#p~<VQP%ul!p!;@{r+bChd$6uAQ5FC+9^Dqsv8yAfqZl1f;^$*auk(9T=|Z`WU8nL
z=sjB!+|<Vf12~0XYVp-uz$t1p`rixxoKS=h>F}MiQ=_QsoDTXlQU7r(lhXt{fMtdL
z?1m2|3{0hgmY9^RI}r6DlXx_cwphwrQ@`Syg2Ssj<vH>)r%%_7(n~F^AIt;C{3tVl
zxmi&K<oNKj4wD8$bwKTkt+MJ7@XHVg(6M9BKMJ365DdIqF-DB*5>KXRQ#_L?)u*Y{
z1w?4|NmG?W#P9R{5@*NVwBt5uPWN#S_X5s|@Ok>=0MpLaws^dFwHn5>e{)>@d9a*^
zH1ikO(c55t&8<F?8U2lt8sH+xemAK4lyT@0w=VlI=G<x>wSa)$HvVp%7g%dK$38?B
zF_=OGPQ-Hz>K&;sF?EPv(+H_?56#{4!*nzB;r*gT)VWx76}|(<XzQ)ILcCj1D<3_P
zQoK%DgC8IPA!Gmm03N*3m8ouUx#H#J^4qL!EwOYByfFrYdCRFjkci_4_~7T^-ipki
z)5!O`Q{DP2!ZiCCoDws7)|4iq_qq&|?PmCz&7|Nm{sO*Q*e9m_yB(AG{P{j`DG-xM
zi!@hvYyU%N#)P;3#Rx6dQ;oMMV~tJuG*r6BI`xZKz0T$kS7Y*s4(%fHE;c^*AFpTr
zc%EUIAndD_Cyves1kUH~3E*PP;23zl)W43&=w5c1@MS;!PY+<7Z~z6f?VnM3F7FlT
z`cw<GKrwgyCx_Wj-kBc6!I;UfW9>i@pU8`lbe%w_;_3jb1$b~iB7Byxyv1f@gyT0C
zQ0ON`pnR)mDagl^=xO<wgFm7XochDHCiJ0RI2Gy<Yyv0SVc?d=$|6ZispEtCuntzX
z4C3?^lrAF`f=q$|;)KAZP>ZeTYTo&1*G<qVy`HxR_Y)ZUY)NXQFM{S`<A8cMU=D&K
zIn<k=nY~E2$<QlZUv=K(NugD2^+ff5GtRJ~b*ijZN$dt~OHpbO%B0-1_T9z%dP^^>
zRy(2p`QTYjQDPet1uzk_6_|fvBuMpxa*$@1so<fM5dS1#{g{*c`-wT(!&o+c-a<8q
z5^$xy4Pyw?f-byH7q?!JgL@Wx%w&TN6ecJQ@W+MjkiUp=T~<LcE3{e)GR6*~apK$J
zM2)Fs=W!tDBlGEpIRYZvtQ3H#U<FwQ7|$cX1L~KC#F74(ilULK74HMVBL&%<jIXD{
z1#WBYnWj6|z3WDDASeGa-FO=c(^|Jm4=)oHCTG4``&}Cu|BV;04b;zlDm#8S-hjxz
zhrA4gTl5acnMJ<zfG)6ZXF;6mEkzmf8=;lt$$$PT!l^oKAJebU7Xw3iEXk4jB}7xB
zgY;VypEs1};G;~Aa9Z(SwChl>_F|3C#2XQo=63jteeTqiUW727JRviY00C(x0000b
z{R_CnB(Sf4a5KrsYCZ>rg3Ujr8C-oBuw)ayWjmn}iDi@-PFQ}CR_=UzU+^qf4Zsst
zEtt$A@<l#I68irHO*rxk5CSBb_$y5Wp?k>^sol3@B!W@%<7^KG>?BMS^kPumACP>O
zsOPyJ%5-o43PD&aIX=T!Rvac(L`CU6$vy-!qxvNGbbr<w(-2PEJ#8TF5cotjx4Lyo
zIHsvazuVZgJ@C835Zd3s-fv5u)O1$gE~B#)oBZbOX-QCIjJs%5z})nnks@pV8T9wE
z)nLJ=FAQ5D$%Rv!xEvLem#?)-Ob;)8<K;gUUG1>pc7wYY7qGCMPMUEr1o~Ww<?tAl
zYr$DL=s&H$YZm>qJ(x416aPnVwI~|w@9L~GI!>=5$dsxLH3VmSlIjcp?mOt1Zj}1w
zPLftv8tr{q>R$_?j@CgR+^l=dwNQV{cJ)*)(6`=%mZim3kH#VdkKxOw<3hHq<~PcE
z7)&W}w#6VR9t4CU)4$$AYfTJ^er`zoFU37fxS30Q983;;Y(lk7|FG5(ngWPQq0a`b
zR8s|%Fm4<W#05)$pgqg@<$?(RM#6Lpg{v&O5I1gttkmB(LbV`Ih!{doe>Z^e{E{^p
zUznWi*qMqBadzZL@-BtdNp4P`Zzq3``onOl@;>neq!MKh=DZmdZsA|`feo4CtKRR!
z!N&`m?TRYR%Ba(*q&6|~6ON5XgyHt`B_b98)!<Eqo0C9k80J5aXPbUpQ^poLfYa${
zIs||tIZZhcZAp*i=sdHjc0;0p0W{DbEBb+5`Ytcg>JOeU(zw>{D8E~t+we#o>q)Yy
zw49JL|7tc|y}$a<?F8fF9dfR5i~`vT4(Rk?Jd?iGAzbGv;de6+NJixkEChzWxYM;!
z$h3*<?v>$La7B)@T)F&S(3%y)islP3ah9<s5||ZT@LCN?yMJEJ@=JZ&1pV>~jkU}a
zmf!#w4cUMI01S6++1FG#`L#3}BLQPt?`JPU+ZwQBzsPPj8+-$~(r0@z(Wew`NC#)f
zwiuYv0B9WisvLnea<T4p{VK0aJw6JQpl%!4q)PMZodE44=;ML!>XbIvni6Mr>+wre
zV>ZVpDuj}rma;GF?j9T1*Rax=)`bu(h_KO_&V7_kO$WuX#4wvU@(%>EKKQao^GfEk
zL>uzEMMlqIg8TgogrA-u+ge^*0?1f+Hsbh=`LUQn7&8@FguL3_xkVn-Bn0B74m@G4
zM~I9FE)9aJa|7G#saoLb?Jm69Q#Jf<{X!}z3_*96zZZt)z~&v6W08i0)B1n`&tzYT
z%<JH?6<o|{>$F<|BZ}7g^(_N6Ao@uNG#>3+C;V(JC<KEQG<4G6{p*!Om2})f)U_|C
zPR`zZe`5W)-^&1s17@)lbn)anegu4kyS>sOj*zvmwh(2NHLt*5KL^}NwCv*vz1n0r
zQ-raC0eHkkViaF^jwU^I_0!VFvkuo<e@^Y0?9@B%-PO--Q8c6TbaZiwXEMEn9{<FE
zP|HaLo6tNqY-|%<OKVKG7zX<|AHq!qfC#4Mb1XKw>en0UC=udDZ)qD-*N19I8c65W
zb};tO)c8$GHI=s&u6>>;ZkACTT%?fR{H~y-7xJ{m_cVI5n-jxb;W?ub1I`p0#edTu
z#i{d)=4G4>)Zo9!*zQq+uPVR>p8{D}MeY(fGh7>@aA&XwFfF$O<q8=HC>?Y7<!&pw
zU+SK_I9b2N6VBymkde3;eW1@svVO=85pVhD0jy*k#q-htlQp6XFnB2?u1$+A85LrZ
z!dX(5RNw$=MQ}k6bUFR5W~o0whe|7R`eauv8SJ@EA=ig$^#^1lKL`2Ps3MX^<M5??
z-b@k`MhwB_?NWkkO@;pnM@8&cL~20Z)wQOAc<<n0roTV{E)W0!0Av1vmpmVNR&w`X
z?se6L#c6HsnjZFkh%tgwy5OGazQ^!Ny^M51jk9rjZB$LLN`eH7b8ACe=AO}c8-wP0
zXfCMWCliMOmxX`AYU{07xN9&uHSD??QmhnDqNmlHHmedWT4=XSqxi`~!RY%1%%yq>
z+%qJR>9iQrUMZ0fI4i)9$nI)aIkdFKjNihB^BH|mfVb00ja5j$rtn!wmnp87n`o7d
z-{@WriGJbJSJ%p1w`i&A2K&|T<S==9F`P7hd)X)x({XDXqn|o{ec?mA0vT-5R6g20
zn>X|pCRl5)9}M4=!)+p-wFn&&GYYvXScK}uK8&xfPiPqfm`2RkB~E@4ay~?R)GcTB
zyrGDpRd^kUIlZQMAJ_k&3)S~hiePUi?h+fgOoj~B#~T~rj>QI^b8D%Unkh+79{4vo
z#Z;>Rs0E#PO~b|x;wX>bA?S43R2IG~JQVGtDN&W|>fn#>Z<2X5N<=C%=~%_8EZUhM
z(5XL0Lx)pX2$nInX&Y_Mk1RY}%+Z_9D7IjI0L9#+{nLPNKIM_*{+>S>4A3yJJAFBE
zMtQ^g8Muzm=fmf4UsyIeIsvE#>dVMGTD#Inm`-?teVA^L(6;&}O?_AKuQe(k@%nuy
z_$|v9c*lsv_Ph$R<r=|r{EAkg{T0&eSTlM#leEF=9~?K24S6~Qwc`x);OF1;&^Uwi
zwmmdxNa6bT)VB5&whxOtatBvgs-9-`fffJ&CvUI?8Xy2Z&|z+&n=x=U{>AC)5<EyJ
zna!1(7UJt5DjlZ)Zv!TKf>~~sk(Iwjx|&uA+Fo~sEozM^s&ApdbAj{JOxjIYm-_Z=
z*Cpm2g6h>*F@63jiS~5;^<HAANPI=%vLLi%0prg3KR%>(9;J=*AcHZq{k+<*Rmg-!
zkY@nHx_P{HxQ#s@7`1-ja-Vu@t%{vam^9I!`Oon<<LC6=Q&<3yvH$=86PU5q$HC=k
zK|VgYm;PMZavFACCrXdH+HgZ$-!tHIK$C{(cK9C`ZXn1n^5u#IW154auBCn~&N1gr
z1EOd$?u&`IdQ0?Up2N0A+|!`}&2&csT*5}UpZ>mJ)yaK*xcAH_7w3mOdDi~8SRr2f
z50=7mu0+6*fQPzv7L6z@i%LMrHCbW74hNmfkyLUfak>~Fk`ITXj(+lKRUS9+k~!{c
zNZrV=*?>%^JR<WpiED=Q03ug6VfcRkb+7E9O|#=Vv7!cbB}D8ZLAR82KFE-?gC#z-
zUDkY@>94C#>HcaLEsH9P3|Wh}MHroSHmPIwCL=&;WJ>H+@ppP#(;L4X?3A8li`A#V
zf}zx4^OclLDg5A$C|jQWVutI_wmov*fw`db;$MDT{*jJ?WtgnSavaw<6yH)92N<hl
zsww(nVOJ0(K8LuUWgPd*E6@y1<_l!fv(*+rUb01(Lo8wD*FW|ZjHrh4&Mbeyf79C}
zamRFi(WY*Vh6#DDDdS|$)Yr?!!qXvMB7D0Kg>um>Uhsw@mklBWEi~DDpEzESgTnnk
zRu%#@n*l(1v;$5_OgZW$)+idy+2ac}W%~_|Qx0p_w)4C4JCTg-Ll^GCc{*vK1r<O+
zo!XKIlUmgzwP#~^VHh|3u-4mLKa1RL@(2c*ed-+E?~nme9^LAuI{9Xc$aW#U+t+$E
zz{wvK`78G>&~+G<Ib5YRpWMK|3Aijc)e__kJeV`}!!%uAy}p3$E~6-0bG}Br=d2|5
zgYe4bdGi^yz?T3bQe?+<ng6P43;!=ko{3dP;tr0pKZMM;L!CGnBa$LEoxNWk$PZ(!
z^;^4*xPjkJsXX?4F4PjJ1Eq0OgucWF82?ilYAj$QQXC#sGPkds-LG&dS~adhraz5A
zI_h>y>{1uvmxBPtcOwmi?ZnMVLUA-shk5L+LFU<KiEcdVRTtq2@Bxy8*4iC4N}MHH
zG+v<{5x7Y>$8KNzvoN>LMZOd~`Xwob<NnD&1cq7w001y9gp!uhh7T;5g_prE$Yhqx
z$)=1Y%48sR^W$0v;2s^nP_z2O;kydX+7=~*7bP(ltd$FeATIJRaazKU-bccIMfVHn
zW8R$AF+?u`|L&xnk&31xJKr$l4?0W#8!l&SMsY6(&(S^9lU!PGqaFsi&BDL>loI1@
zd|!X_)Kq%u+5UVDT`OXf=<8tmq&-X=gI8m1Iv{tt=r1vdpKXK4U$6ihXA2fY*%FFO
zh!g{Oy`+^R`1q3(7R0$0oHEtCkJK2YLFld1n~>l4&T_j}>-;3qCH$yz)eJY>z!OBV
zOA5ofraj7)Aiy#Cg(406NtJ$B`9X_DJ?!aH>UZj~HaqshPL$8WC(s{49bTq-TO#C|
z9-aYlfEj!u46rDSIZG|P`T-gQ41tuC%}WIWb$wn6QocNJWB!kMd+_vG9dLB3Sse+Q
zBa!#a85BkY07dNm*75!8P=YnJrADS8zf4^oWVlK&`7?pvmb{Y+^H_-9Yr<l$1aZ$l
zxmOoY)l=UR9j~7emZ7gqy>x2e2jl;x?YfOAy6>H7bbfL>0&vjRoLJxhFPB-Zu>vCm
zyLnv%clXgGYr0mN5KAGN4^=qq2=jMkXC9hth4`O01ocyohn0ad%3Se5_oSyl&tkDC
z$`OAUGWJ>`z94d#b4N&gZ+==l{gV|b(i|84_+|6ouuixKWQ2&1CE@4+0oJ}Hdm2^s
zO#xT@^8O`bXGfKJ?^g;<$9h%|gOb<&WKcx7)oOV{EtyQD@Oeaj07rOkR$^Xzbq><*
zZO9#5Ik??GApT15wF0mJ#Bx<WNN57p)xDn|(Y@l%lxChReHX!N>Xz5NW#!WFO}fE5
zv6|liY!v3Y%ilX}Sgn`p!bN_$1}KDDdeHd~`&tkcaHC$El%>C4KT~s*6H_*fn(8^X
zb5^&7GY>Nc6WlohzUtzuH}ZFLzd7O&F9bTqmBCkTp+Y$S)wx8J-gL3;vu7>u&Nsr@
zk#WvPTYy&G!)kM#6Q1eNCFIa^CCF;5Yc!>}0pdwG0001E^G&~zQyo^g(E-}IpkvqF
zHQN@h=`Z3C6VeFg`zgsvIyfahOz3_wfjilWfMw?ooPBW2hrLQC@mb<O1KZ}Qoeto;
z{govrki`|<buxbZNJWauPIxNm{fr!7b<}BYk;`i2`zJ3^ofuV)NBj@RwXmCyC-u{_
z{Q2Y9haoz*<$x}v(uR7>`4Kk!x@3RCjTDkfWmagfzA<B<F!pGRT1#G{>Bu*KKy-Q>
zhjjt=;&ZF*@6e#D!uPgg1kpI!GE+&XDGs0x#uwXDm`djU`@-;M+BGni()U!yl;-HX
zC4&sa!=(C*A%sJVlm%@7>97<IAFZ{@VJQ7J{Q_O{R!}|#>YykmV*3jSf#fuHA%w_n
zW!EI)C2kGBQN73e&j}LmR6cU6x`5IIZwWI30;}#Pj12i5r+jJqc2|`U0{?OaAXWCF
zhic34*#xyA*O9Q!?ITuy&#Q9ocF5zPI*KNkl4Nuu(0pNQTa-dgcQ%YCo|p*fX_F7Q
zlo6h#a<r(gks9msg(Bj*nA1=^J3d6$P<VePbii%Vuf?qfPH@WDdtx!H0{BGx)$srT
zFeU&10W)nvQPL2H5!~63A)J>pYwtSq$6ECe|G;RK@&WvGBq|Z_uM7WrnU;Wqvd@tx
zKmIvk--WR7e`nZE;ApT$q!hx)bh?v$ZQYx44gTb7!jH((n;FQ;O&cA?({}{?W`jyN
znrrx0IS;Pm1^>slc3uRyZ(QaA+VrbFE?SOy`G;g4B1~<rvvl2v&y7Gw6d@2V$S)^y
zdl>P4j_I=s5J~h(FF4<z`U5K|)07Z4u4i!6=IdM65|K$;K-o0+fH2V6ljjD6m9YEz
zWZfaak+MuKHk|~hrp(XO+yWSy$+T!R;q}NX+IU<pPE-{2iX(Bm)%8tFE-e@PO<c6t
zpb3_2R&Ey0SJLetEf$axPLW2*oX1Tono1sOwFBsz7N$herTGFnOKDdmNXJ656~%ar
zV()y!#0()Pt6~mq<^g@Izd8q!y_Uh3_=Y#HaO=)pv-udJ(mujlxzj1=<2Srpfr1ZV
zf0d(DG4s5N!012#00fP~a8_Ws6EWSV1k)2c8%*snl!uXKPZnH++33yGWd!D-NEU@(
z;tgC25u*Po{hd-o+8)rQGt=~p*IUhCfUo!}_t~eiAkl!m%om&X5;-&?YTDlwb#MiR
z!$tXP32vu>V93bV@@mzzss)S1+CjY)J66Z(e$;P-YsjGhd$iylRbE7*b7y<4w{)qm
zYuRUv%Al@-)p(NRHCzit=1>6Y!+vaG`POOP-3>3!BZ_5s;{BgzCZ?fX0!X(Fg?O?f
z5Z3=T%wzPN(#|~DjnUCuPP%83TO|RFmHkC&x1!hKwx1bBV)Nr@{Y{#fFxg@tJ30|P
zJwg*&Ze+DSt}B1hxZtg2N2iAgFF}Ir5~E;u3PUE~WwwN+D3+r@9y9_zrlPPXTgu(_
ze8|F&T5aG^@5$N&Qibx`KdW?WU8KhaL2P?kY|n+ZXzLP9keoXo(?k|VM!H#Ku8qZ)
jxmjKnM8DF1D+a2N%=TS4x61fK`weJY#gTiDVt@bu2nQ<A

literal 0
HcmV?d00001

diff --git a/php/public/img/jo-myoung-hee-fluid.webp b/php/public/img/jo-myoung-hee-fluid.webp
new file mode 100644
index 0000000000000000000000000000000000000000..1e9f4aad4b622087bc9487a7eb289bdbeed59cb7
GIT binary patch
literal 101012
zcmb@tWmH`4(k+U+1_<sN+=2$T5IlHrcTaG4f(9oz1PSi$?(XiA0F7JI^lg%Ne|vxT
z$T;_m%a0xm=w7|nQ#Gq*&8qq+D=i)M6&gxYN?ch(nUBIB@;lZW^h{_*C`?BrVGe=_
z$vl>_ILo*tSh%`IU;gB-E|DB?2ly2Du;#bPrIduee7^V$R-GxV2M2(!!ZgGE9^I$!
zCW{Zj0H!kl7`)v2Eb{~N*$wN_^CK8MsR;&o=7JNlNfW@6K=Q8!olg|{iy)a3k^9aS
z%*q&!d-7vnvgbRX$$I}6Po#&UbMnK^KEGseD+maN{J>=ob*}qOJOLl!pD95SPbv3+
zi_JT~20zIEZoHlW>nUfNPXH706_HBt&hsJg1|0cI2jq6z*a|q?JQleDM}ws<p+P!8
zgQv+!gBUiG$?MKr5il?S`~mzHoW4j7&VJmy%?3Zmi~RJf1+PB$g2KRHkcf%jlwXhE
z0jL=AJ-tV;cVKXK6Cwx`{M<#}`F#A03Z4XMJ{Y)(;DIqg26vn18*9&OK)`7W{;fk=
z=g9LN*aq0x;BX<bd+%_S51Ldq80^gUtKHIU61i#@^XUg70yhC<T_Q>cmEnk~BG+wb
zkSk>`p*|?x8?3~dU_Nxt`Za-eZjW#1pC_-u(Ag8<dcQ3&<!LE+a82_}3AFjyV2SN1
zN7@DD*Bz4jEwHYqrM(Bwr{k2pqS7(Mz@b&1sdSA}bM<WY|Mm^ryIMM2c$&~<ENNd$
z{TE)3!T<kx^^V+b+c9-rgvyR>l#Wf;R87q$@yf>aLcIAitkTmvtB@~V!Hhtk6(c?U
z|BE*?y<a}4sy~HXzpBBUF+A))FHhz8wz~SA{kHN_7LT9Je?O$=oRY5pFW)}jOrKVn
z53~3`9JnQEPi{4rrO+zcMXQ3w--mj7XHEDsg0y}6?;~|(^8C6(TqosFcO>drPAzFd
zH-el9HYR&TmE8ej1+10^0%MuW6y*MYGW>@Xr|b^seg8)*qe71#XZ`!I^!P<Y9K;Ze
z-Tvc~|2PPTK0C(X|G{Bb{nwrTH|xBTFgBm^`p4Zm!&IYre&@K=|6{dC0#7R!8@HF^
zCdh}l-!amWDEj}UDVtt18A2cY;}6!B<1u7G|G39>ogsfa*Vun^@JDe0OxM)vu)-9c
zrrue(bX}w4g7FIW>zRW^0;k^p6MXbX@k^5Z<7<}KK@{QX|KR83ihtMjdl}^GsI14+
zzW~awEkgYN*Iv?uTmQgnhyTC#XLlFN|H5mH)_43z$#*XRes5G}bkt6F+j2Zog~HeR
z_m2=%pMbLe7(qgG^7MZJj3P{fd-1B>i2pGPNUZ)FNuBRymSpnmzIcUuxn}jos8Fe(
zHda9q&7c352WvU?ZESO8{_{1fUo3_GHyFH<cGvo!!`J^{AImG46|eWjSAafOm^|im
zybZAF(+dCK+tuI31nqCE8XbALMi0~#UP*dzacEfxR!~{PZo0&FS{)h0(`zKOdSl4{
zU$KD+<6W};%RjZCJRn}jCfok^T3bayhz$P@97jO0zX;Gw75bd-Dgam=Ff@Cx8;s#?
z`|CacwDuLppfRo9X4?~?Foq~tMT5_|5Xh3c(H3$9nMYLbv~&!TJ#Bo~{+G}H39;3K
zCjS*(QQv8j@coTnJNZ2VSXyPAFSZR39jqX<8|2A-!35F~<QV_cYY*)F6TH0txrzS<
z((Zeft@_l%^h<^RY2<stJvVwH`-AjeJB%*Nuw-}*yhVi>p4~`E6k?p7u78rjiWdf-
z?|%f=*DwnI*mN6$i(3N`1hJI8J?|%io7$e;{@ciZhu$!~IY{8le0hb3e+klmUQM#r
zMLk}i%rt-yu=4Ti<*OzKLS`trbgB8XSG@m9J+)OdFD9#W&HVFT_JX_67b{gd)~lOj
zh19Z9{>P)XzFXj4t+WwZ5doP%ZsEWA^_Et7MEZ;AeiuDl{Zh{`@Ku9=q08k3%KJi`
zxH9>>e*soKkhU<d-i7aAWIH-Ef(rewj5lX4{jcoNDW|K)@SiE*))iX^3KC~4tFP95
z|AdM{lgL5*&DTK`qnE4tcKgO`4G)8+luwdd{KPN0$bWBg<RugvDsd{pO1|r@a9++p
z*t8D*{O4JnZ~}_hAnv&qH2wHrpngfhKd5v5CNd_NfH>1_s=rqIUu8RPjBVv!h*K6U
zrKpT=#X~M&)Og0e8+LlPG=H}yxy3E<PsBS_=t%#<pLk@}BwmDMQ2UbT(LTO6gPb4N
z7`%b))VzT-d@T=IaU2&=&-ANMNY(W%4T%eh1~2CSj16??<IRRc4>ZZ5M{FB10`pH1
zA=IJ5&%@(SIL-S3T~O5kn=<P?Kd>tB{;w0`t|F?@u)&lE$AZt8I3>?0y6F+`C;45<
zX_obL47~Joyh%sWWkw+Ztxpjl8@B0(7%rD%f4o@l%W=Hm-q_Q3!+lxH9nb|!)@0U5
zvOL8MAuwGoo))Q}Q_>kJ5AauB-0Fo0gz-30P~$m!zG;UzG{0noB!r0ctET{3MtduM
zLGt6ws<St@BT-{G>V7x)$@iP0L9LjOW=lBYVrR^h3>%NyAGkV(di)cyePU$L<%sRc
zbXRsU6`0#!V%t84x<eRzEr+o9JKtgl$QhwRGsrwY-I9HOd6U$!INu=N39JB1w2{q9
z$)HdRgsU2ggxVZ+HGXXwX6$JdjlzxYl?U)((vPp$%Rz9oAcw;fv|<V02)^IyydCzd
zl5ma3euc5A2Lj~COYHM>uE|LTA$Z{c{Ac@p<2!MS+jX(-;>+V?R2;lK<jN@%CC0{q
zD1Y4rN8N{15Y-U+-2bx;s+ltP6W72Q9=bo`e=-{Ew;6wUP6e#C-Jn7fs`*RW$7n6i
zrV2nXE)IV|Vt58Z_|@-l&it3aLGAsA7@|TCCszreYSX~tgYQ|3z|X(o`$9<HmPg*K
ze@bPZ+r|bOYB99@eucMJ*XTzTio)M)KBtdb4${eEE*)@vB{W|l8X;2aWVSv7RD}Sc
zc6+(c@k<zqTsZU~huB{n0?CD%`GR4z`zWw?`5o!p&e%H1DY;`_$k87LhM`M#%3*xc
zz>}|#&j!wCaQIh#uyrb2S4QH()1c#paEsYR0ok1a{i7}j8LFPNFETQY<;)n^((x76
z_XTCHLA$n$)QB+M*nVbwZGU=nZ-<sso{6w-3X~ubO4gwvBmM}NO9e(@AkcO&k;V%a
z`RoI6#7KP8yHwO*no<Zq#uj>l2R!Jz3}AOm)JpOv9tdDk!tHk3@S&hU5cR^PD>6#!
zqO%k_=2muoITCefv&X<{Sv2NELXwIm27e5Px|1(j5ZkCdtwQ;J3grDG?IooF8Xhm)
zIgc_mv4ZKTV)Ks4VPWt~5rWma3wYHGeVEA3onp`T2fm*#XdI?ePVRmnIC!-t49TKs
z+TvOGh>n!;g%a>|>}qV(R-a*&F~nO!FWrCcSMRccnAnl#b}?onkVDhB_V9)5uV(~|
z|C{naQjX<A9!V1fuuHJIFU(RA1o3qP3&R%-Lwp{-Y>RHu5}|>IK6>p<2UZ#1rD(YT
zk%&CctMh)%X%MR_`0YESaeSSOcAY!6FJ+?RfX&TLvdi~B(Fz<-Bg*fSm#1rM5gSq~
z3YlMsdL)hhqGnSBK%(?4F+1Y5s*Q))-$?&`{CukciL@~h`4$b4=L%0Pj<bY{Fi8b%
zq&Na{h>BGx&6;~PFJUsi@4QOL5RqiH+eQWgvPI~^^&Fz5r7VKS(Qe{=7zjgV2S2D&
z_;9p3gZ;obk(C9(xln0fq}`owJttEbH<v1+7q$6ing{Q#?oQ@yF{oW4Z?3D=x99q-
z;_0x2;v8Lpb^R~Yv>~HfBFZTe+;jf@8ME7gO>OIKNG-I1Lx1F12ccr!n+}qf5cBu7
z%Z5c{l?B&Ohkx*eP8WAXL5{uz@_{y$-sz9f<v}Q=)gwV@Ggs!0M7{46`5RN>{)GIx
zlb{K14w*1%pUT}aJ$K6n-bT+Hs_Ad$z&Lf>2%YELCbVaDE&MYNrvrfR^V12}W=xbN
zZ(Z8xvEQ%40W0d5M2Rn}lrIHWCEb(t9g=1gN|!5>y+ChMI$?ibbe7#clu9)>+qPKe
ze<SDrQ94C31>4mpuW2#=b>PyIqwg=+N13sKJjrY15vEHB3k(onJtty0Bx<&u>sjQ&
zRE$LQbvr%B4ZUR@_kr=Mf_nymfVU-nfm5fG>234@aJIzns>Z)w=<%6&=~Ti#uhK*6
zfbK}T!Ft;+&Er43e|bsPchkh$@K4DI0l`b*_>afF99u0%)VWxbRi@FO_;6ffL;^1?
zwkDV619(vHvbzJo=O8wwmaxR3y?eo%4XQq#4<}&_W$JvJ$V20T-D(a7OF@M|P+Q;Y
z<F7^B&rdxImB72ZeLr22*I`*qso=4k*OkqaM>sD<uN>pWZed3B*@R&~eESIHA=10;
z19eoWd@l&BMl{U0IOyE|RdxNX6DwdHx?nLGPpK`wLkhBiHTQdlr7T|S4_?wQ+$qQb
zf*I~rNWrLY_<KzArOsGtZwy>;ghzvm&Ca?_Z1NLVG^adw`5s(bQ%$L5_PMJr-7oX}
z3zwG+14G9Z{hjYygS+jIzd08oah00Wcrivx=DpBZZ3SF5dQsCcR3ap_Xl}fJ-KeTa
zC0346_s<OXzIkZ5$JZ`CAAIPwtmODDop}<7GYyaDLW<b0Eh&}`!Lw8~P4961{Q0Q5
zzbS!l$7V{I7p4NModa_RBbrZ9o%b}<A0kF8>L|cX8#X1)xaR?bEpkMS_hn%GyozMw
zyG0P@4cKYcz7;|mI3Ofzn?#7a=FZyjlhbJ+k07B<Ube+Z34ng$nPK|EF{vWO-txy1
zkTpYX<@qTP6>|0mjy8acslEJ96Rph;Ta88wPmb&%LO%Ag*<0(j(}KgFUT-Bw^K;)9
z(AY5`&f8?I%B66Wx)wxvCLh5>QfuSL)^=N1^V-|cbEJK`1)eBW)bK{%Sc+hT!M6&9
zk%&0-M~t~7hmpra>bRHMGD?WMxqjepYKA<gQ&`Qz-O(fr0wDnge`9JkB~uv5N>62r
z$kYhspW1QOryY*u3*D9mgo?*-aJ2vablZ)Fsm(@p1~f${iNY098#YfF0t_#qB?A&s
zMtxU3eIY&%c`m@{fwz+XKt+yrD(o+xj7h-SRkkbEGyN<^EKeeE&=>B55uV=hYyG2+
z>;Qq`!bN*mM$!pyjgQNrPeN)!B%bgeYlIgymv(E=+u%c&V?vdeLBA6_R=c!x*qrwD
ze%Rg^B|{vH6DcR1L-Xm_cq;y-z@*HIgU}9buLi<hH<YQDLWQvSPv~nxH}L72ya_T)
z(T4=VE*q4sTe7qRL=13!nwVq1eqJQIQ3OJy8-j;^tl;id@su3(EH2b;o>USAW&uL?
zsvyKpPS=Ss&0ht*&gy>-q_t%BE3~_xt7!vzM0}t3n<(=s_;w2K5nHoS=A-e4Onx6}
zfT_2Iyh*t<@SH7n&(_|yoJ-tW_6^*&m33*ZOMYI@%+fmJQ(yYs=^#c>TD|BybYxsH
zNdKJ=-6(7I7E)(HT<zq`W@Ani*MTGG4+(RAF^?d`N|_L{2UN9*tZ^A5+c2ndnsagB
zKoL$IsNbi!?AR=+MZlZbSwUGIa@AWdpor6cZ%8E*n&RjC40_Q1X@}VW2Z~Ik(5KNW
zF@*hezZV<ia)=24Y-VeObXNj4qnQ}VJ>znHs(%ns*QF|&U9In`IgpZs1!u2(81azl
zbZA2{go1GRm(==ixvZdkKjVcIK$ucUNhypG2|`u<_MZ^-n>J#1jjS(G5iZMei+c@`
zw=ji0Cipe8A<gYxuU1fEQY?{wUf!8<j#t8i99vFte;Pk$3j0?H6QAyUbzO&@3krjf
zjYD79>m0p9j`{dr!tUHAau3}%H%N(chU`U(Sg1cUHzOTcS-JVFGE;-vkX2Bb!sNrD
z9B)KSvc|62kbJj3e(twQNcp;0|3~7`)Z%P|Bm_&+!o6-|wBt#Lb_9t*e-xx@4oDGP
zTlIAbx<&b}m=lfO_fHs2-+qbvSBO>nf`fQ*4W`NcFdS0TNMnXgqIs`IL862h8Rk!i
zJammA9qchFHur@JYBt*(1J4i`oY!=ux{VFway@hR?imI?GngH{P8_^_;}~OMZ>lD8
zboZpWV1CDtxVoaz&~dgs{4Ky+MoO-9MOmjO)uZ*z;$N0Jm%@qX)Bj%3g4IiA<*zbR
zzKMiB6CMQNN1jFhQWyzOU&2zK^}kHRVS=f^MZEo@6XHM<<o70wcgGpSj=?L^z7ivh
z<!`YbO+g_1h4{KJZb9ZFo{!#6=~pQ!db(|)yk@J3WlE86Mt6g`^p4)2RKmGs%sXP+
zcEUa?+p~t__n6^cu}OF}A!CghWw16>dJwNb9li0IdeYgDqL+PsdecLN?ec|oFC{sO
zYh;OQP^b<M48XfJ>@f8TlN<6Sdr4#J4(^)T%u2*fs@{;&tl@RvMQezJ@rxRAEaCd2
zD15=$@c_aRKb<$x;3^o|9%6UT-vV1?VeRhbpeSaK$>r*`QBcv^X${cmFFmhlkiHYP
zufXie8@}(7%>jBnslo>%?xZ_+{Csz~iaz7Qz=_9^?-f7(RaB*`!0P$=QcnCMl(LF5
zj90tpZBt0Nj>!g75t>m>b3GV~=1k#z26Z&X;%&iK6TFhe@p(u+!doO!^|m_nk3JS#
z4@q6qp7J_>B1;w8==e+dY|~TO*w(`_DZZSJ^>WGv4%<8O%n*7RT@6#7iUPhpL!AA=
zi*gizF{6+acq7v&yH42)<>ofp=fTj#byjvLpPEZ@5Y}0(6XT}%F$UKt58+vTSTS{T
z{ZmMSp)+{19=$mUGuxW0N`0*~k?P5vT$?|Za?k-%#&I;f({E7fy9~=S$4SVyPc<F1
z!&G^uEVN<@mvnN}kqbJdYW)o<ikQlhp(v&_{u`fw@U~WyXdX@IITDwDs9c5&N@y4C
zOR>yiVo7n&iPlMXshw;hF**=*;p$M$3^r098VmFNao^Y@PMFU()MPB_Vt2!F#~Gl|
zWb2BF8!QS}5Ln=ps-0QSDIi*Y6=#9u>wHP;C+7lE<lnhAtc5DW8{`6BW7DtZOg$qL
zsxijL!4QmUqe4T=sXxjKKxvHOpS$|+eWcc7vcfy;^!YYnEVtP6;}vebe)1bX_0gLu
z5|;s@t+yr221&e?<Nf&m62o7_YKZWw!{6svM6g?Z%Xjiu1UC#tc*Wo1;EzD2lrB=g
zs8IfHhCl1eM?s@qh}o(b2t3qN<F$R>!}`){`X@X5@{~&!OcZMHX}j&h^mxdEs}_Yn
zJqXiKV*WOJm4Uwg9*0lDy@U4^TcBQ1ZpSIKbl97Wz$7y%t8?l*Vy+=|DysDxQ_|=n
zS0p9q%xQ^|BmwRYF~-L#MOC<kp%sHl6y2VLpH}ztBUzJZc)fKaCFFVX)c&i}loL4_
z^W2n*|B_%JLR8n=`TG|Gur#G?4RLn94fUeLtAhQUC-By{2*R_>H`D#oEjc|buBkaU
zeAOK;I-%{0;d;Kv>^o*UvScjWmXygYY_0d3U8hnUh*he)=?dz{`aQOz;7N}*&gm7*
zeUYE4962<e9+u}uq3D*PesGpe#)EEbD5$qPr?d~7#rc*n6QS@Wh8<4D>Y)1Od#D9{
z1eu{&w>xDTn3A@tV(zIyx8NZUdGt{tzc`5Oie}4d^o+U09AHzrJ&UKY&)uW0D5SN?
zTj=o>z+Ok}0b#W{<&bs=ghCD*ijuFCG<70~^7T4&RDZYyji#25Y~MGsSjP|}n>E3`
z5BtUzO2h<5iWa8U?bCa{oAx{0L*%+vgM?O1K_{i3^>iTGJvRODeEsfqZ%~NuWC)2@
z1u|L)T#EIX)94!c4OPA#)Izst@jz<tMNdh>TN}VgSOpSW9JL=@wkV4r4;B&i8m2gw
zk(BXlyN={D(#;3;x((hpqHBiGIqeaMMB6y(Zt|$wkP?d5TCs!fKiWk8XE1^F_8bx<
zs}OY$rQ6JDH>!;@tW9%TQ?!j?yI&q9`?m12L%r(Suwq)bLlm;wHye~j>JEKG94~Xf
z%2Y;^l5c`7v{NQ<ga<H$Y4&Chr{EFx>9fOjzO$Xc-O44FDO-9)ur-t2Vywzfq9`L=
zu?o%H*|>0{hPSEt<vpRBR&Oivf=Egn>g53MMPkK03yW)@eB&Mh+u)Guf*e(ge*qoX
zs8HSuGeX2DfkT$GKNWAuTB@XMFeKF#K#zAgtq#0q2pZG$2=QPmrf7TY%ZIB3iu|g?
z5mhP>Ou?XT#Dgt^^$@g|cE7Rj$m4lZ!}tpDm0G49upj~^f5*^d!=9Uxx7>(>S~w-l
z-|Z@`GSRhg6oEc;MI7e)<UW0vm)n`M=2{jLOWXghIAYj~ctd-xKi(5k7;r9Sm(mNw
zb87ZrbV}vXifmxSXh;R%smW8ieiILLd67#U@Lc)dP5-&+Dij{57u|15n=svf0k517
z=JbS7ON1V&aQ`h#(e_Mr7r4vBuVVtHy5qP@>1XgFV+vMb|0aFd!sq>*HmbA)u*6}J
zCaYTSCgV(^KZ)Mn$9#3IEqpXwqAz=*#Bs0)m-tmcQw7s$&r8ACb^EUK4(a8dG~jrA
z^%LO$f%m`?O_<Jd!rZjP9vxD!Ud(~dQ~Qk4%6DOWA+|mMnlltoLx|hHX?|AOBPcsP
zh@x4m1tKb-K`J(DkfQoZ%O4)M2kD|<Pq{gidx03ICk4mDIiF(qfgU`n==;mjP(L@m
z7=BYXQ4C47eyQ-@4{<>0a1TyGX&QD4G2VB>62%RSK9Uz>C;9KIG6+#{V!ja|L16fJ
z8-=igPoI+mJ<=opOUY>xK(Mdy6S*jCjAZPm?rsZ4A6bO2((45np+uP|K9ZC!o8<&5
z^i!ZcYnNJlVJp7in{Q}{74G())TECHjt>y^+ljH%f7ZUzIdI-U#v6(gO_KNv;3b&;
z?P0ozKzv<i1F!kB@OIhW?rW3p6EGVvop7`kW@9Z|wtY5L_3xFmrI~toH0l!GwY*8A
z-UuR*hB4FjprgqiK)uQ6OLUu)sFM%mJf=BgW#u*Qt}s4RJgLl!*cY2{9mo<*8MEc!
zQUXi{6;hVJO}9cxmIO6XQhX)JNDJ-yAm*M)SxgU4+!fr}<5CXm+1cUE!ySH4ii9X8
z47o3O2)F!0D*o`eOknQ|Ny@UITiS-y2sfqswC2Hbe8>$!RCCWJe4z4id}wa-b6m${
zzuuYm(u8+Xw%$}LXb&1v4zCwF&f02Z_S?Q<x{S32M^z~|1XjT|7bT<utOKF}8&;mZ
z(eKyxCa>C7xO_tNM^RaG^%!n%!|Q`t0+h!cN?2yubqX!JrQMVxa*tqAyf%VkTVCq-
z#4<1ARo;IQwbx?=0`|+g5aFx3-@zk<+Huytc_y+rM!>0WH{G3SxSPkvJUwakAh=C+
zRwjv|pg=tGZK!*OwB7T2H8AMY5o6^UR;FkoQhJ%vYAx8i{p4$t(|B7S&sUz%vfRd~
z(R$f?pEK&1je-@97#rX^a_c;%z{BL?hR`Z1p^N=Q!j_E(5C2?1S*6>#g+lFMrnBsJ
z8EpOzY~>2>;-Us#vt>&)gvO+n!BUK#2K*^WAmpa2*c~FHQ+~oRy6GUc9!gTLu{yVP
z@H0O?B8*;iv|0j$6HV*^oD@R6%o;z%@by(7ThJJ*>`*P`DJoOhpO>nfeTXYh4cjHT
zW=Yd}aQxl!sd9Mapii2kO(IM<g}kGBQO9Eiji7f~x#PLRcl2sU+%Ux&$#wRIr2xjo
zh7k(1h<_{kdp~LE6a25`IamU5KPt68{oqN0k{`hd<0O3V&g6l`kS4If&yiM5J)naw
zU(8Em0|G<31&$gk|3|i~Bqjl@<k%%T!P!p6SU7*j;&&Cn8rUR#cQxW~nB;ultpm6P
z3%S7?XcnD@G9o5QlYX))<Kg^E5$vmT#IYUtDp%Q<w!^ia=3UQtTHfcYm&jI@*i9vO
zsU*YYK}4}>9Ilc-nWT<c`q)CpZOWHd{n~;_5o))wsS0w)Kf()&$Dz33<5R|pQm&3-
zvHG{zV4=sIo#?@cpDb&=O3Nism$czyNmm^jhcpvybHpf6L1wrD_fQI}5$aD^4d%mT
z4Quq$l^szSzI<^?V8$>dnL$3r0y`jtd}_T)2?d{&e5-y$KdK}b9ASec$tS%W8uGov
z&NSsTnQ~o=&TCW(JdVEA&!)UfEin<ETF5XEXCXppyOkm3@{4BF?j%;Xs+zB@PD$0m
za8Q6zvh7OtGaM_O9!*Pn;J9=v+7NP2Xbig$a+b=Bt!^A-X2Cjm;~yX^DZVHBv0n$;
z{f!UYOw;1?xjF`%Batd4EY!LI7ASn?Q$Qca(%n*-|E>dTA3C!%^6M8-w;E2VVMpCg
zMN_mfrNqg7AQPer5*eHt+QfM*q=lUBowoH0M)M-{Rm&&-g!XLLQh1jlfQz@k<3nc4
z^d<5;^#uWI-N_jk8+r2?Z`>rm&^962-#TMRvop-KM2+zqV<}UcN1yY8#=gw9JZp}8
z+0c2pROE<swz`oSggb?LdBP!@l19-$S+)LJ7>fS+yROW9dzGb^1{rvi<>A(90FYgx
z!LFG~c7R*hz_)Z3Gd~e^f*<%Tl=julIUKPTxw68<u(I?lHQ5aC<ONaL!6Xo&x^p}O
z!X(%GlX_!V_7ca02jR8M;cMZ`By+dB!zR(*zx|~D!ArM-MB4f{Le~v$gNwN%<0MM+
zk+sL;ERfCfU9^udMAeN&G9?TT+N7yd_Pw9u?I(?S2GN?Z3tc5znh6z~wjv{DcbV=W
zZ44E{SjhyD@#;#VTv2O%n$h`K1?duo1{zHw-bLlbCG{z#65aVV;V9R-^$6$L+~%JI
z!HdP)-@_bf=wI`^4g?UUJIkap-4*qeMz9ozZdJul+G#0ON#wwVWS2Oql~g+z9DJzy
ziRaRd2wXp?D($chqKLR%psR%llI=fFotvD-oZgiBmjGRwP>|RC=k|C7zPR|V>y|eh
z1Zi2gmNx@@c|sySOya~AmrHt4@9Z8s2)@yDW8RhYrOa88)BzE&miO0Q@$CcrNK9RV
zNr$U2sGw9Q0XW3E*e0HxwPheL2k2hR{;}P%jo)m#s9nBc4rmTG{h%=XAxw5QIG3zD
z#80F*nt<$1an@|mM~Uw=QayALp>l2Q)+#3%Jqq;dC;&#SJpWfx+w3i+;V`w?slPUe
zR208aYigM!bz25`zXZ*H>(r?12QOMay%t**5$dFP0Sv;8jC0jKJ<nzY({6Gq_ILWF
z9aT-}V#8sd`VM}rk6OlVSlt<hd#uN+>yC(_K^k_1!>yGzz>CK)DcK0E6diRgqJhwI
z7fmR!=M4p`W<%~I1p>g`)ovN0H+@wDy<Ay(r2(CMy;gnj0pa&TVI<Q~Y=~m8`iV7k
ztyapLYv-fvcu*3@TyhWW@|y;0j=KIm5?4|jvo*A=EA!5ah@2Aa32mM=JZZd#YumLv
zgi3%G4<_T$6^YGD`x0vMy>^vHu7vIOoCG&P?Wi|GsmYbOZOG8^3|!FZ;VSYynsLb>
z6=um$LDSI~%W0d!wI?1?QtmK$)V@+~MIS0Wt-E|Mv>pg}(L(hpynb}WlpHSrRY1IV
za*laV)stv2ZK=!m*;AH;vBx>$9US=hAmIu1T+Cx?S0c#moUI$|=R0xat8J5u<C$c#
zBT~ej_(rnkw{`XfOP-DLf)(QHZj?04CuvZrp-*tUVQ`)b9Omo_x{%PMSfq%>{ANJ6
zZMV(Qd%lA;H8Gs?t;!=EE;KjjGUn}4SQb!C81dCS_vwgnc~&zsM@+00_*I*^G|XpZ
z4aX#PLnT$y+kLB|ILT4OY<6ksIqe}Pi+XDv@jG8o76~brVJ@pFxsCr9URStPs|Q8|
zgUymQNJ@fKCKHJ&(=E6|{={%ey7usjpYc)>`A4WkI=NmI&kNs%{lbBJu4s~jt%=+u
z<K$nJrtI|C8y`Xkoh1<I`#WM6PZ4Phv*EJcw^Io+-&SiNFhTVW){TsxPe(M8Vzggi
z{n}<?dRxOe@v+jR|I4g_`l#~J<TE2>vI<b@X8MPoXUexBONKUQrVeWyrE8u_F@@wG
zXTF?WJNHkAPm{QcE(4#+R);kbJ&vB4rcmgCcc%{AYN-k3Y`>wk7L6tWvoA)jnuK&&
zWS7wH-v)Usev%{$oitil<*i=#^M*oMxGTzlbA`$109|uGpP8(#dR~aR*-mGXZQn+l
zUzn#LyuRy#!N@l4O+?VA70p4gH2)BPBr45h{>cyj`plK2Nu)mRHJqFnL~yF{_yiI8
zLspjrtFCZ3G&FV{*ar+q8je&NCSaQ$O`5-4Z`Ge_yoS*<j^T*bNSv%;Y%>;K;b^du
zuX8rLY@Ce0HFzQdEGz@II}tmc#&M1~_>N!c=SrvoZ;%IZV&rx1PkM8v#o3%ZHdC^a
zmir1qmG3wx{35S!t9_zhJz(NJeh6tFRpeez$QPE2LPTwIKtr!=g@UH+j7EQuR8I=0
z76C7Ac6R#Fx^YCsZU+1wzb>#%@g6I9sQbVnLV?^K4Y$?&8v&71?{YBIB0g>}r8O31
z31+9GAu?R;ex^-7Ek9d%mJw-7!n8jIGE7$f%=g#-Skja{)bFM5@u3UI=bk-F8FDGU
zr5Q>}=^kLmFjY$b7=$O_<IZCA$FtAhwp}bv;f?3QcsF3i88i(pM5eX<vJx2CP*BIM
zmJa}oz0%Nj^q!(96ACN-@R$s07p*$_L<TY?A_?8uhDuOCNa^gav3TgA33^ZK*n(j$
zP`EQl(15zew+a|=rjCGeW-kIJYK~0Ky1oM5LG;_DPq))pb2qD6ztNXzfm^}xJ$F1r
z&_mOHDPqjhGw83JTEwM)bX&wAv~@-y6IjK5rHbcK(504N7@V>O2`g(vO(E7lW|W+5
zPI0dsp5W&Lf|Tq}IF=B-bLir=@K6&ma@$~SVAAo;8P}TG_EWe{9*@bBKb(BsMS=hN
zeh{j&-umO!-9<HB4mX~8vy5lW#P5fjlZf7L_OjqJ|2>9lpPSBQ<HH+DYCETny+IyV
zi-~XYAuIV2(dr*X+mv|eZ5bdBu`vLu0p8uB$Pj(+(SD9m{v<Fkj>>d4^D{Ai2Z2Qm
zS8J|<_t(8)4y{?>72;DvkT%j<G%|TX-)pa0h;Xij-TDMUay#P$tlX{F$TS_@>5uOn
zP6A=O>D!$@N6G;3M+I?hXP<Pd@!FhR+xU?QwBOE_1=@zl_iDjox@kTJG-0pq6n!9P
zK&eeqKj?=J*~)EO&OG1oefH2!Zy@usPa5lOR!R7t9=U%;=d5~TIrOF{_9D%C882c2
zjD&`ylaf8)Q1K~yv(t~@9o#+d-D$#^6kC#^-UaSBOsn!Rz7WP#bi((T=5mA1gAQDp
z@vh)AtTs9Zz*;U|ctV%bbCUFrg+M{^a2p4X=%#}Oj5C`wNRnMLw3}zMkQfT@U)i&Q
z>gS<4IarA7`n8+7E8G<VZ;$=e%Zau+NqWP+EHV{gfZt7Uipm~fyEE8e6Fx^&OryN&
zbGcr&h|t31jGN9f;`T5asUJjt_Y2)(rtyXl;|+8%1xaZ6_oo}-=^iCa`kVx7_z&!D
zkbc3_1i#lN8>laOYf7yl&?9n&TLq<shJ7=G&F-7rjQV$|%DRo?V3ROnN@b&DImYqa
zL79S1N>%NVU=W&!TF9^-aB$=IH^!W#R%Fb<b!nbDCN4ZJWY^MEnB+&qdC$YVXC--;
zl{MI=@_j>f|6d<Tot$~M0>#qbPXR5H6PbJ@d1yE_<R=eW;*Rd~n9u7H>|>dKK$le&
z*iU);VP{?mu9ISaN61*Tlo8}cdTwWI-Ne@U$vm8obcbLD$PSl&^Pzv6hofb1^Tw)H
z3yPS~f9mHu*H1hQXXtCyk+<w#wE%#-pCJg%fLc9LqdOK+{bLa|LisJM{qU@tJS$2E
zD__r2uFK&t{RdN9S<AP5o!n>v49&ec_dJTKGrkVaY<wS7paX*uE-ESw)L=?hP`%wT
zI`(^`)$83*K*-e27A_>0vhYZ5^=&~gWfONu8o`V0B0sreKX<YIUKkt+N*ZeGy5+ww
zM-C9Hm?;RHhj$A?yEL!Mg<a6J$f4YSf-wm%KKr6gv=UcNV|*L$Sa_6L8(wzWdJMNp
z0f$IuqXB0PRwU-&XXd^hRvlFPL0s)ZybCLy2{*zCm8QPg>HAoEcNeE0?`Q3CY1-#T
zq(L>#z_HSsy&qz*#8Vu{EwZcrC2%We<wo2}4u&*~Q{{78qEzb7=#N{Vk-ow-|BJI@
zpB3X);XjiI*nH?%SEyezv{pc=B;xZIOheSO6lQ{RK)5H)96BUrKJp}TSC`$++^c+g
z)>&~Cjw2t<Rgx>QwpZl(={`Rur0C0!6Z{oqb|yU~37N9R`KX;G6)xZV`g5aj>L!)7
zU~~(*U+Zcgn6NL_&(x-_%tl8%=-JhNtCYDAeSR9>Y47wxBX8{F$IO}z`%PTUc2kSt
z`@4x(A$$U<1!QDCC)w)o8Ign0K*We)AV=fGuO(_KJ69SsOu$M8m%;g4WUlAc#><rE
z_O63@2G8<HcPPW!^Kd*>FcZO%&`%|cVae~BIX`!W(C+K$M6LUGm$R{0t>TEb_(Wgb
zUx?}?%dzy1T*c9TJwJ%UWLdTKgO9?>yYtBjU-Lb>lknF~tJ6nGt3p>Qf`=6RUw7tX
zZuBPS7q&USu!qy)R8Wsa<lQ14Q?sYlc5;1_K}`4a+6CSUE{|t#?4eDy3RAud3$SQS
zBI9Sdd50G*;LzeHy6z|}#R(J3DT3*2TZ2^+PjqX$;}-^gBo~9oVObk3?-7mdpJE(?
z;HdNI>$+Lwm>e&=N;%hcOj+{$X`_=yyvuxsWd_JBO;xALdPIL|AejiR3-{fdpwAKU
zrp<Q>=`r_9?yoLzWYMNtHMm^^E|kW$3apq~BqIEnaq1Lp@=L4oF9Y@Mo=ci%h4Qon
zH|P^?K8r9iyU*1rZK}IZ!c-fuGB#|QG1q=y14)ep<h&BUN7^U%1x>s+2CCl<)9WCn
zsoIlJ7!WObx$yJAs|To_-0^IqTvph0V5s?pb?CCn^R}g-dL;ngmQKYB=$~$y5;x|V
zedTGN{@%vqO1|7XCj6S_!R5`oCB~s2deQRTciH5&b=GgADZH?Z2Lg{uB}6$eKi~Ay
zPFt(Hg?TZuBG(g#JK#b|ObUke$hw@lEMSS(qxsfs2LAja7L7RQYEijyGN5d|ym^`5
zZlWI$xfJ%1cmc)q$>9^uHqbq^Dyo3dq@f(~$lj?xMfFh-Ce}L!nO28-92<!+HB;OC
zQ-e;JUplOT?(0U#On^_uw9|tM*7YbWMdR8Lp70cORqa7ye{86Dl7_W4A?_HQqp%q)
z8GIwFD+*^pHODZuef3mNuq*77X39(lW}pQZINZ8AhBb~jbbcLJ;%$BKbW0+nja%dL
zsxQytRqtizr$$cL%c>QM+MscCThX`g`vugLE9pN5>3zbJWgX4+0|9@>6hT=#qk5pj
z1KQ!~Y;P56&5BQq^HzvimCH4Z(taT8`2|blG+qD5T~3sNmPEpclf1x#v+K?bijJ_a
zDxiSrj{apG9Ia<QGIoMIr*;M(#Ab9jN;oL7b$my`HL5&r^ZV5@Bl@W;iT_p>_`dNi
ztfbb;oN3zp8<s{Tf_>&W(l<W8;&)nn`LoW^&Sfq_3Og9+7mc2)kf1_1LUPRDn)r*Y
zU8biHrQTWO6lpIbYbejAeW0GHZpcR-%>@EC$T!;@N{Qy^GtiIpwe8tFvFF0u>Lbb0
zLX*R>f4etmBbaD`o)8=5D(Ak33d|@tM<-9Vez^EEKHmpk`_q6{!2Vp2f>^g4+Z<3w
zPj_QU(Cf0x|B)l~l(|5YdH-hmHC>^(o|S#wuuyY-$@<vm?g93xCt5%G_BZf0DHoDK
z8nxx}io`gpV(dKU6dkt8O^4ONlw8kE_;M~@cSz51#IXYN9G^LvnPhD}(0=2#Y`Rj~
zt=`QWbheS-om$W?d?rS{O+*Z<kqT|WsQdz5VbwZ%vm+elrfzJvaD`;D5I6KiOE$|}
z0E;Q)<mv5umEJL?kuERDbgScGdt7WQ-~91g(?+sW=C~Hg_%!-06tZSvz1|}UJf1n}
z+ggvA-D#NF=AS=HE@Q?tO@5qy{j{J%kU*~9?o=EhO@R07@NLLvjk9X*nQ9k`E!uJk
zuW6mHspl+T&9)SaE%;YNI-ba@zI{TLe`5Eus`a;rrmj(>jEHar{U+}y0f8JRS6C(G
z%VX7IV!t9>b#$MjPO#J#1%tXcc$+nuny3_yJS9`HDt~iuNbzU+zNxQHcU%{M3~||4
zVefX?AiE}XpF5Q-rx?Gd74HGO+NI5Uu&D>%(|z@YG6=Z$hUW_wY?bL7;EG3Kn@J!h
zFBCv}T6Z3qlzC&v5V!Gz-gtlOXF5z-vr(kmN7<?%A*6iqeM$CJ(wPO3Uu%zYLph#R
zDjmoDKw#U@nc~)2#tjS&qw+f)C9Py^<3>P9r=MGq6?bulbA@S*!O0~4^+o`kcg4?8
zRd~$!(*PPSxMCACt~C1lw+MU+XK|9c28l_yEx)7Tlcjk})>TE&d{MR3?_Pg^1KOZ;
zY+NC9C|J&;ZnmnrE5ZroF{hgeBOW(|x8jBf)ub=zSKP^>OEThgeOx4)>@FQR4&`Z0
z6GkD~&p9yS^rv+GjiZA-@{<9pmd;3g+vJqqGO{(FDueL+*SUZfCpD(GWHmD^DbE7v
zNmkpOU_~Z-BQd<u_?0#~pKUvG-6xLiVSg+Lnpe-=$0-YhLG8YioAhXJ;jjlLY4)E^
zd#0X@eZlSeqM1Dr9@oNa<MGli-HotDqZIZrOBl%!V$r8G$>RW&U$--U97&FgSwkmY
zA+jakFtFtwtJ`l14$yEvtJh!f{o0bRnq6i5;j$$%gC2@Honoiyd`n90c=9#!m&7#I
z>YMgi3(2hRX0>U}>L6X+cUF0yZ-b%s(_*vV%=GbP!MO#D*V;A-_DEfpUKdYjujbR|
zj;Y>5%Uc=!o;~wRZK-Er*5|)l(f#^mU#pCKGYzwX>8_Jk-?&9*V-Q+6Keus(nuSaS
zfjXPHhQ9&)Cctc;THl*DGaYL?mg6Rh5zjH_iIrJ4S<{#;6_xE<^NvAtFw2Ey44dTw
zWK+PqCA#Su7|fzDy#CX}r{fo}ZViJkOmrX8X0JCcA@1cG7rXW^#Uc;RSSDNu%6Xdl
zZT+S-;K3-h?^n1A{PdP-{*|_mU|r)wJVi+*!VSs}T?Xb1k}kU^2zdYQvp!-gE%Z7g
zooY;DdW_k4=p+Ce1ZvAMTkPJfa1i!AUc2J};b7#ywexmAe=KeIWvsTo1la8OMvR~!
z(~LHD!cfD);|J(GMwtDWrQY1Z+o{n~H@3n%dYbC7Zx`vR+>T9MXE-9RWQLA>0napu
ztV=Z5;M}ocL#V7C!1BDI$=M{E?KPes-teJGvuc)DWKPeH?gz#<ar=_Sh(+-7GByf2
zBJIki@qN8}YDCv9f|h88r&<xIe?-?((g!_vu}Q=H&qZkB#pdkt-{C5~?(TNgLJD`G
z!aw68#7|Z90oq3h;``UGAVXPzYBn)H_g(KJu=q3DI&w|lTV?{3{O&~+G4&fhIZo%#
zeRMR`-y{5d=BPOV09S-klG+0|+2)>Xigr~Gs+IP7+u$VzF@y_BS6SIx^N1~%Wwxx~
z2sDe;6f2|}>ykYkNMLhl>9|J@2}onz{NCA;iuJPhu{IxK`uOVAw458Va|=AG6XUJ1
zKjC@|f#<0W%iTj=55o#x%HU-#3Y+zE0M_hvgU8eu7Q3?ML<L98D%k1ZwH;^5n2;GT
zP0WPekaqiP7yvNDfDp^8(6yQuw65??-#4m#x3^cs_n5Yq$>B~fK>PBu;UlHjMevHi
zE4?4=wX-6d%kM5KH|GyNKBvyn<qd^{zmwbMaFI~NZ<Tmv&@<Mot6dTh5pXcAd63F~
z(EOpPCVjhw&(YrMUQM%RHl^X4N2Z0R1zA#gzxiidus6T?+i*WB%B!quugz75qv>QO
zi8ITLGzRQt_%~z)3zgdu5hl*PHg0b;(POSyS{piUi(u%Wh~B4c74mGHV!RV{ch^pc
zHQr)XTX46#=A*#e%m}GFN4OGd^n-^|tWxSK&`=)JjBI(CAT2!mHHW@y0Np&T{)*99
zszs)_gCz4#^)=>ZJ789VvGYWv9`QR4gXC<p1|K=RWrQK|Tj(4EJ8}&C&lxmXl`1={
z)uB1<nM~c=hv?pd*Ts-d_F<hWb!45_yF*>;N$KDUl-)w+3KAFG`S%;3HG%L9K4<ip
z^lsQ_skm83!!XRx2YqpnW@LSEdbXQYn8}&s`=Q<_r3DR~RG1H@0U0i#UncF?v^O-x
zmEtn?rYBsLWUFYk+gGr876Cg~nb#1%TO)$r5Jr()hGxO{aX-X4SW7mFePw=FW7VId
zv0{8B{Q-AB<!VB&s`*06*WIC?!+86rmgL6GkQ$epH^>{5dI_^?!9shcP^|Y6J?ahe
z>93~B{dI<ZQ~RGuwQED`UO`-HsAbX@%-V!isD6qLKU=!X)fc01)W9>qdOSTHW2AJ*
z@>xW)!y#XRcwf3amCQ#f4e`WC{g6G0S;6V_Ej=e%ZL<ELuxfoH!Cy8XSLsr6&<q*t
zVNsl3&GRf~?>!oC8S=-$%VwpV-K3;=WR2KE#=F!omOTmwZNCbwIst*PcRuj<&m&hI
zX9*l#kLKq|Tv)FBXPe_43zHe^8TM!%Xz60&yP=Uz8#Zg4UQvv`G=y`kWd>?XrKII_
zg`6K+Zj6YpR@trqxUB=yyuD`KNJqj%OFJPaj@r5(*dSBNNvSA6pS5t#RlOf>+CXY|
zB4jhJZ8MV(jLS3~q!G5FMO;lfv0d%UpN1ZTP_&O;>x*+Jt%lQ1x~UrqWGJ)8VXDk?
zot-16`N23}uE<LYs_1%<Ni<o-1#<(|=;x#h*0ir6x`i)?Y)|fttn2hI9mo?2wU4v%
z4Rpsh>3`P@8Y?$V&wF;ziJFPU84eh(`@|)F-y&#3hFvPeDwDH+oJL!*Q-)cKS`xcA
zXyxyp(zzuUp1;1JpgYKMg9%-HJw9OC8)Mh`R;4rs?qh28?Pmq{j+tD3St<1xH~Yqt
ziZ7|JSe9U$qh}?~2&-b|N6Dl#Sk51In4%6nUaMafbMV;PfYHVYg32Eo53yY=1-u1=
zI3=#}=iy1H1UEVROBY&^OmR5ue7fYk=^Jy$4d!f;zJDE3XBd;Yn*F3VqEs0c-dKW@
z*SOP|k}aI)94*qsID5dW`4*UA%56)E?!8DudQ^A}8DCvl5&^8gZeN*FtimEU*z_nx
z7#wPgU$TrP^`LAw4na$0A|&287mxk{Ydzs=Q+wbDKbJpq!mEOY%(cX{uU+qE40`ke
zP5a5$tL<(RpT5-*3Um!@NyYyuQb!%30GV%)v+kZ1XZeP+xRRQ`o?(5Ti1_)E?96;w
zudQ!OHkVe3+a&WnH7Dl;cQ!S<$N6AI_4thQ?x6pz?N86G+=$<9NJWu)Gl{sjttjgL
zc6U&|4sbH<7xGM5Cf-67H|GBOe8CCphWaQO%!ogIRpM4Mpn?S#A?pWG(;cI3cQ1<w
zdGh3mq1_jsVlf5oXeEM#qH@LFEAw|?mu8}H@pmhLZ1y{iGj!8B_MSrNkj99n814}(
zxs~KaX<n}+y9_7lvqyWC<J$F=fNl03!{7~#OGyYj`{(cQWA#}O7UorKHST(seN<>9
zx!#p$FepucHGSoEKHOY%<?jO+COEhg`4D)iFcQ=&^DWjwifGL8dGzHejyk%=lXI_@
z;{*$XcYsDSGxeFe^OJz}1G|$@0l{;A6!;2c9ATiAZzteA7o2--I`IAGX4Hy&sd*vq
zK({H$X9={-lQ5aB1I8j%3$_hL{@udvK^O#CDiO^5eTm?-iV&-*#@7eW6ZM4ZR2Br?
z7TK}P;gQiR1YrrnonCWBzl7Z|#!z}};s73oWOnMR8V|bB?uR?PqM+tVhq?;~bHs!k
zMCqzV(+NmJ`R@vem)yi4QJ7YW7-S9}LE!YGZ6aPRd~sm(#QGBZ7h2Ej39q+egKSI+
zUosUe1h)c~gFMn=b!$l!F~1iq(r(4Lmqv*B1C(~ps1Vo;lR+1p@SB}&33n&TY|;p+
zJX9k?3|P(XPoHs>**ab4+n?kJ7dFWPrthgG>U^3&m!K+z%=$LQ+;6)yr^qMcZwszn
z(Nd>fB4<V(YtW9P9N+ev2afT3$GgC-;5S~GVr2E>spabEZff|@sbW36wne5c>~_ct
zr7AXx@Vl-mhbL-{pEr;KjFNYyj1;z3D2Tso$-GRY80tupVV3&OKSFkRf=lBf+`8+K
zZeegdQ0_-UcFel_<)>LSJidz6Gy!699PjkV)17C6-Ys9A{V2wCqL+b3SQ8HF)(gY_
zMwEo;{7a}sx`wCO<IAQ8m0snO(&lDpdP&&Jz<3Q*7)Pj^BL7)jQmx_#?pjWK(zi>@
zU|B^-pq-+vvif2-Jm{yS!xMy_{yUsdb!U^>T|ZJhkj)pL4}=1rew+Y+|9H+h*wWFp
zl}1w)Lo7G5SOJ!GvVU)YpgKWd?2aC3Aa%#vxeuHT4DNna;<uJ_<kKwxyRBH!`!+Ro
zlcX1m$IR1V{O_ogcX0V7PcB$im+xT1*j-yYVI+IJ%LYm<W{#z6dC`hl>1f3^&iW*?
zF*My@96aV@TtA9NT+*hRgw5M7Qs5!?HKAGT)?-f7q#kyx6P+vz^JO3&&{-OVOWA(h
zl1bt4^o^eQC+(>)Ht-w$M&;2ZP7J+w4_ZUNKw~{l2#Nm+m9wdj;}XhVu+-3S)(2<v
zuAR$9hNwQ&6Qn{0lfGsDsF9}mhhL@N2YNL20zri7p{-;r+8MR)1M*~_AUk%bCRZwO
zzq1q)&hknI5ph4`KpN`mF{1R;_ZWQWo04xGgV-R$t7!pt!_dACXfT@ukdNpO7uH|y
zDt%ElQ!NY!TW^Wmj~Q>bzgB*Ok$dH@nR56|!yMw9A5U-oO!p5!1u3$B-jfI7Ve_2Y
zj7BHjjGOR{(<MY^LGof1$Q!J;*aZv9LSo06Y$h(dp`oxYXB_tww^2lVs?JEuV{7|X
zg_dIq@TrW%>0w$gHaT%zWRBXqDeysbJRt>&xgV^P$hrvU5*%WR(X?vbq*#3~B<Pb+
z;YsK?y)~s(MO@etjOx-{1z;GVt;6Y=YnWRrl^A?EcypQ?t1@61SvDRp0huulk<#qq
z`dBDw{P2cMqMS@cUi^TV!Mr#m%*C^T$hJ7)hGLwxoG_ATZ)K%UZX+m`1}aPsk_26>
z3ih%)Tkmd_arGRazgQZe)cZHsE05$=v^+l<Hw>Jeb48jy`Wz4<7$m!7hTOIP5G76F
z!XZZFmM*XlUf*4!hDM!k6T{c0p2rCELlPQ*67o4HieKlxdmocgvEZEcc@;{R(*5%U
zj>5d6VJr2W^o=gMU;9CMD#j}w4>8EdmBt_m3*%4GY`c}mW93Xo^fsSHFO)7ww;Fc=
zej=nOzQJBV;zva1L8elX>?cKB7>7f~8x_5$QG7GKa>GDTJo{6`&F$6h5VzF$nS5==
zuQ)tW^IbOJG(0{LKi?<oP8)iF%5abjU9`%SM6qdgSK)RwKWBcMa1k~nJ9H{@yo{SZ
zHSE^&(@J8pyn=Ef*yyc6_bt$2Jv5VFFfg)|twRe?GCh!?wF$ZEn9smDnM}-s<zh7?
z@Al{)s7IG-;~<a3HklaA4qytZfNUf+VRvEheba9+5VL<!Zj6E~(`7*BqBQt~pS$Ey
z&GjR(t}SaldzSi^If}`B2IpMdX@+U}bl6{qbdr;H2p3`vRusaC7-p+mdM1xSYvj4>
z@k4hh0X@D>i}HhjH!F<7*O(g%0;PN?uXZ0*sgA2MzU5fxXre$Fq-P$SGak1D??N^y
zAlnvAsgk4wk4^3evnt_k6iJvXx!s%I`e#2=nIs<9uxgk|rt#HO+Bj6W!W$@GyH`4Y
zKFfz<c1+Nw=)%ApP^95|7gPPd_5DISWFheJux_{z{rK1EVNhyhW90mw&5Z?D7x)C8
zlhB)T$4FW+ir=X2784pH`(MH?^>S&oWkd}B+2tylKbb3%_0!rX;R&g^Ox~>20)g%=
zuh0E9^d%atVW?P{I|x&BthM_+KA7lmMK2BO8>hS?)NUEI0SG_+kPi4+I=WpfuRPS0
z0E8*%ChFD)J-9C1)xf*8Ex_bR>L0^>C<?-6e5A|f{=Cbeu+|dK`flEOte;C%fOYS=
ztNv6e3N~M%@tfn{=|1LOb$_FMEx75IrS2DL>cMe0m(VAW`25$)7#Km?*Ie)qe7OqV
z0;~NxU*2QTfsaq`84>m)L+;nB?3@<9*dBxI1FR(_cU`<j$ezisc22KW1o+u`n+1gy
z$+f~bl^~i|jh_8@gPb7gcE^#Zz}94*T27ocrV*-Uj+_KY0~0qC(+ZA4)Xmg;!x@di
zI!afH)hV*TF&~qWb=LeHe&e_chvL~b62(QAvf@cE@H^N)mnR`C)F+S>WkRjkec|<Z
z*#xX2WTpAvBa4vL(MLAG67ZuEPQIe!FUE5Jtp;;y_x->*;~=;L(T064N00x9vA2$@
zqxT+u&%xc@U5mTBLvg1_(c<nd#a#-;wRmxNcb5Xi-QDdTp6C0M_ujSMb@Ru}NzNpb
z$;|BRBzu2G(>&e)Iy^8qiz@z5`B1O3(l+tp46^8K-JsK!sufhPzqBvveG!lXoGZCh
zU<tDpc_g>fMh;fc$tJ(GNnFmEhgcsA^j2YUNZU`<MKN;B$kb$D(B(U~sh|3*C9FUu
zP<u9K;1clz`N^J}L4pBB0JStqWmQ~CaZ+6qS@oKcvfm4X&o79G?d20d%7@NC$OykW
z=Oz`9(}u$7@#(eR2jiux906ozT<0C*vG%oetz(*>^DdmikEa+sTkcVEv|N|!oLozn
z^;RKKOS>0m!rEI?@2hnP<YA)UXY8pY)LPW3vI=UD+SiQcb4(m%_5$0MsIakWlV2_a
z22S8LRaHZ|R&uLI1b27Va{8!9GFj`#w&a>JWy2dR?=BkI0=4aysTL)Ye%1gcfi;&a
zUH@0}Lx;@Dy+~#)miC>!(t)?!-=A!4&YId?X2w!(al<+A|H9=i&z7h&!~rqZ{kc1c
z<koJ5s%AFVdQ`FI><Qi@iienn&U6fs1~@3nk`MpcA7Ie~9uo@uxax&2_M;^GcHKpz
z{02XDy@rrtkRk%Ft&!J&dgLQjt%rPE`x)GF_w{{gVDm?S`uy3id|$z@(z4nt*OZ_|
zuTDfRuPz(|u>LstI%{n+0S`?`_m^Q>QA6Vvwh<>U_O=)V@lYmVEWF9iIRNIT&Q9MU
zSHt2u+-AX^oIn^`WxG|_ERdh!`T59PJ?_fk?b}PjY1Mi6jRqS@NL*5SF7<dK16yP0
z)mQIi{a<O>`)_0sxDxDkq%<9IV3k$U|9H?1M8$#}=?IZpC6P(L6v(_eDZT($woTzF
zAI*7`VgIG-^kLIu7J@v{V6D_go#tIb>|g}T*brPna{qIQI^4sCl{+iK3oBR8+9M}d
z4~?;a`23V`5{ahteEf%B5&3Vo@c7a(Eu$8erk*Gs8Uz@}y(etr??cp3!SauN$+oiR
zLbfkod(YRaYALZ&-252{>9H%ik=Z7@tgc)>XZvxuYH?b3%Ew@SN)jRL&FE!bZ38lX
zfADK;iB?fN20f2#4}YP<o)7ZDeq*w2T!2_Q7NT_yzHWAu*74UMWdfw`uS%$^L*)ed
zH<%PvTq66}<BcjDokaZWrK)a^bF^6N7kCYVKGeQ^c-Paefq%|>3aZ4jK*3;UwWhd^
zwM~Uilc920qxSvW!;#+z8hgGDg@5Oo5E-}pv7D;(7cHr}zyBW5UqpG=e<id{iwM37
zt6k$W^7?O(h<UyzQ}q9w3JW-w9qrfw`QW|q57&HqU`52Dlld+Qotz_qT{INu0!a_}
zp6->{*o1EMHUw1a^SCwOoYVH%h1f|L^53RV=RKfSPTjfAhdEkGUY=N>H=BRuW<=b<
zy3m;(HNIU*8X{**M91HK;?QdS*Uy<Hx_)nAUV~@X<^+*84}6RPio0EQ$J{ks(`@|n
z(MI%zWrG=o*K&AOS}=y>*K&5T#&29-mZYdAD!X24G40oQE##tF?OQ?SQE$($arRVj
zQG^PIISh)EOjg8y;P_ta1(1^+dlLONL+9L#xKsrnL01ZT7`uk>yV@<#-Z2b1lS7Zr
zUN+c|1;apdLr>~V`Fexj)W<NQ71lzNik^L#SeltDJKpp=&*`}aQnSYUe|NNpXJ}0s
z^s%7o>SAY#Tqc$3q}?lZMH)`!)$v~m&FeBY)}cEg@DqbrRdxGEep%rcdlJ0QJtb+^
z<A(6}V~YX+4lMarF_7VADiVLc%a{a5hvln6u4>hOl#BJSg7k}hgD%)suCqr35?>l@
zU8X~D0IVb=-3Gr131nY|JI#cFU|=x@`NDg~o{~UPE%yDI{qFKNsiUB6De2Wi{_+uk
zlx$KA`FW!?V@@1>(;xjxJjca61SQYN{3B&^kXZ=mC0%E-$X$7Pb*FIU#QFt#R6gd#
z?$1NkGw?l9!$R(H3>s1V#zxF+fU8A?(g))x3+C~w-EV%+11Go@WzCMbq~L}Suh?nR
zt=sMskT1~<aDW<I>cJz_dxeehW%2<F#bnlq%y{;14*FZM6m~3XdN)4IGWh%}U6~Tm
zF0Z;&=^)(97Xu_;9JxPPjBOx)z;&sX4UUK`i>*tLr~60e^C5!e9Z8Wu!(y>zNkW9b
zr5QQIL@vybl|}au41`hfZRHjiSdX{WaKa>Fb1<k>w{6)-i^tsBW|oOq;w3M&s5OF^
zQYs<NVL65pl|)T~?9fJG4LzI&ogZ%o$d5cp(kF)cOUssDqC%eBmBPB4u9ZTqZkIxv
zQh(?M<o3?Or=;vkV+2BhRIVwxGqt4-m%DR8VT1{@p2?!w-x%r|0jcR_n*ues*JSDf
zLA+rHeGrtC&3herA|o@5)eP`d)BZ@>V5VrfBrWd#O84);Uz#pP+nmS0=q~rnK`(oZ
z-!e14*ay)Jq%VNB^x&9Uh#$VEYJMN4lvp38p%nu(#z}9X?tJB?om`w(vo*(TwaZ-i
zt?+hTQAeA9V`?=>;Ljkm>lF}CzZ%hKcgB1cRa~E4FuO~AufZ3R$mq%ommr*VNAch2
ztFx?X7A~d);UwH0Pm_jTm_V<=`fr~n=wcU2&0!28s?TI^@4hdwtJD}jo^_miphiqo
z*&o7;_NZ<p6!Ro4xm%8j>ln{?<G9iYT)m#LC9uidLnjt_(G0P%`O?h7p*YQ6!0%pi
zVB<P7X6{9hGLL)9p*9+DkFd(OnPmwRw;yZi6_vCGEgN9Lkp#y1EW^HftMOYNskl=6
z3*h}S?R`sVa@&-J{m^dPJ{%8HqSV2W+cyt}vp^_|c2Kw7;3SQENN3T}osQO_u|on$
zNt9igrMtm`%8enpg|Mi%TjxzEDpqOUGn&J#-R;!sG&br5=jKM&ONe3N)mPnuk(ZH~
z>~Ja`_iFPHqXQgz-Pwh4W`kM{nBIS&IiRwXA<4l+`4~IjpZ_5kIbif|+?TZeGWeF3
zA&6N>YioIrBZ<<6?fKY<zPRS<9fo}Vw|j|a+@a7I`I>^`Ozy1t-de;6_GLRAtL%pb
z{2jD~8rtWb$WVzlK-)@jlW^^#YtHqHdR4)<V@n3aSGsMKOUCdiky^m#WnSxsI=D(y
zREWz093+el_I+gct^IwQ*eV1Naln5Rgm(Gvk0HVl($J@@IGcJP@b?(5tM3t3kL$#D
zvDS)(WC6>lG!g#lOUm^W3^^B2bs!w=#ut66ylyHsXlZ9PsHx{s<th%ZW=cV$`^agx
zBOEXtKnHj~uIsA0VVt1nQwX1{y%}KTq(Fd7^7FC+HNXm??zDOQa0<Wovk{Yk^_H#q
zaOFwAnx^B}lrZIC0StPFlo8W?XvP}YQrNzt3h*AAj~DbnjUK@POCM9W{4=y*@S4-J
z;msp&-cwv*!10dG&j*(KBycFRh35kBGojq9qcK}>L<bU}THQ%Sl?P3Owf8dF$^A@V
zka$F5j;5tE9MW-g@`f4|K~5*e1V|^K!CJ<*Opx*5d3*+4Eh7Qbxu?jxAfig-)jxA7
zQDmMOa1{}g96tB(9I|tK3K&B>Gm@?^VP@%C#&6UlwF!=fb&e04=N#J<;KJzq7nofF
znS34{TX5iz9kgs6{3YLcBqV0U*9e+o8|%}$aFpH2KvLrQ{A@st%shlAuCL6T1y)p?
z&{44;yep!ym&LvzSR93;wJ>O8WZ_``dYa`MlT+_ul*w9u;OCmCafo|%oxVQLo7(~P
zuCn!*XIG*7{#S?L@>PdZ7!+-o&)`$fyH5eYq;z{L31Rv{P7TFF>%<v;Xkq0u`5+=m
z*NQu$dysqAkJ1lN6^o!K$i1b${+}JsMy~(asNzOixc74gHgW2XD|xTrCS`rV`4rMt
z*GS+eLQ6z3gkm9(^Sj#NNShzgx|{JSE>&+lIpVFSKFW*#2=c`z-?aEn(8B+)QIowF
zdOtwf8H(+I1^QC*bJ{lKdrf`ZL@G*U(Jo5hc^!5jW6h^=M$R^(4$tu3nTz<zLta}^
z2UVqb;V~16H}H^;?&Epfj!B4`PhAt+uXOwpth9uhUN1Hi*&nrSHh^IO>umgCw2Sm%
zWrh!2HgBJhaa<E*(Ei3?7zT$@h#ruRp$46j;}qs-f}s;indj##9OPjx<}?^>C@o9H
zr@RUp3R*9ZZLlA8jcS8t3eCA!Ytuh`AE$04@ajHTD48qbusF4j?&w-AJQ#3ZMum$6
zUgO`nvo4JD?UX!lOuIk}gHh(3=D^0KxCGOdFe^M+4zuOfr%&Z0HAj#~H6Romn0yX#
z;F&6MC!3xEJs9mbZ><fx#<4rEU%9XiyPx9R?3k41A*5t4R1i806BCV7Qu&VPB;+5d
zK|(ajDwKBmtJ|!yy2*aJ5aMRzec`vKpEZiZ;NB+8gAQItuuQ61Sx&TaRdvQZFHRq?
ziQRGU4M%am6WMY9$0EVo>q~0>$z`U(PfS<F3$SsXDH}sLEPZ{{+siYDDu<6*vyWLQ
zbM7rr$M8pJWx-fzr-dAa4<phRVc|R87l(C!5+l(wF>8%^lFk=~r4#N=H-i<AD4PmX
z5fCJbjAUqNoPl-cg;2ySwF|B{=JYH+xcf)LK@4NtiwzsfUm*2(3ybSO5(1_p*E}wl
z5lsPIzE}Zx6PhZ#KK$J!w9|2PRYJ`38qtdH4@X~n4C?!>fiV=3q6c%$4Q~!<laVev
zijZ~dK<fFLMn2P^rln6?L(8x0`4~q*JmReRP8J~&k(A$NaO@i2z6)<~XMc3TZ!*G2
z^Tlg6FB-%5m(grfl2cY(&o_~QsHf?B2I`-sz?2maxgFz)dDtK|B{)>#%01~dy46oc
z|CFKsH!I5k;RB@Ai*TNX5lb$5Gh|IDMY$ejay2wn4*Mu##f_*@KBg`yx#Nj}*PGKV
z95AONf1N0B3%MQal%ihtXa(=$MaYerATFKI!jN2ZyGSb??pf5ElaW%2c9-@EiUn`B
zfMZ%9Er$y7SG<Sr-E`^Sus9MgStB<t=}!8V<xdsTTsb~@v!9xpsAJ3|R}T!KJ!sr7
zGQ?;pb1o5L&xbDLKUN2P_ZrQ|nXvaieja$Tqp{#w3GD-`X}H4CqO+9LsO;@o_AEg>
zp+Tq^gbj|AOxg@<0uZ_<h4*J(s9!$k6+4rB@TqM?at_At6$)}m^tK%Z^&3N7X3cE)
zT=uoTKrtr!OM>r3#d5I;I7?x|A_a+q*Ehr5pEhFt91=qC^3#{c&95PJArlI^5U)3h
zKEYN97TAS?y~%0Z(LqQJ-}|E~;)$8imKAwSF}_cT*Z7KCOlbEVsgyVdqz=ivKmr>~
zY8OxYYwD`UNe7If2_AwMGy<J@T_^r{;*h0{{;-#gDY|Q(w)6CSo#wK6Y0-MaQX@e0
zSs`1_$NtbZ9Vs4go3}si`Hg!--6w<iMDxn82fl=m9_Joq{+Gl)AfC~G$gUqg7Qf}q
z^z;_-(L8OdTo#oX_W~Iz7`>IrJRHlk;GQGtgMK%VNI~bg>jf%7$+~ptm+_Bbzx%at
zL6W?(Gy1eJrp=eX2zo-=nNL{>e_c@e>(ddZfyHo{&M2MU3{~AM#JVj_;BGV-J0EXx
zI4#ILLcqZ!=Uy|N6ISOHbk#rbhabMTM`=hp)rCVN=^!heGkV1Tubcul(-TZihLMqO
zGWn;(g&rF2$C_&J_|><47lL~N-xBY-vf*=BNb=8rKB0>FUCf0!x=DY5kNkOHlPq%N
z$5Z`Y5<G%lxW&EmdG9kk64t>!V-FSaFVB6oCkqdN;n4*%7V=L3lD>COT!}<k;%EE~
zWAv@uEf5juA5>;K$Wc&pWqN~C{(U9k7v0kUI??9D+<Cj1eo1(OL@v}AU7dWwIzc^E
zW_o$(yUz~tj)S6w-`x)qW_dH9?Y2KdGJ*Aufe|i)jvanmtgIKPf8YHXxAwZ<tbI6{
z_O+)r{V<$PCH^@c7X=U96WPV5)%y^MI4DQalyTgAZp#&}oCQg)9@4aZc_5~uuYt;x
z>o%1)<e1#dJS@gEg}$<PoA-2#IW2mfj1XF8#jfm!!_|x!*tl<q>fpU+^`W_V3QtL4
z%>$R5?~07mRu)mV2VR#qT>tt}SubhWvXh;&GHt|+s|Zet?F??Jp{(yZLmV!|+0%=7
z|K!x{S*|i1$}FsFw|!QrqKdp@;P0mYxEg`5GgadM;5vfe0Z@6LJh`&yiZXw*M@-MM
zOnDs<==d$GEotQ*M!xSDiVN*1ODIO3gk^JEO#PyfJ5sR`qExF#SLl^nZ#4i(qnA)S
zpY!!LBVs?I<WUeKgZ#T$+z+4eIfy)F8DozW^Lv=6D|swuj<1NX+J>`jEYD_o4LK&o
zVF(dnILb?o$J*J_e@O7c_L;tIpswC<iyAkg^R<fR!V>3To*YY7Zc*Gv1kyGp_#W%(
zB_=k#Del-la`$ZEN;sGEX}`9B`>YT@^}j0>U{;Y5{r)vprh*<Jlk_J8-A65!u;@VN
z8)_I0i|hVD!p>_IA8WDJV=?#&9zeSR(16k3dmCZ9pEK_oU%pfZ;#2(#7z{D+QI;~`
zNZ;(%lG1~p&Kl{dmO-_98qs@y_ZfNEIW~%op~g(*<EpUYhhTbO-^@>AV;#}CxI!BX
z(>tifL*E!#1KB&vJvN@74|24>{E8(YV4nfUgpACEjI%o361zbqG;`b!!-6rZzm{1G
zSyOUNhqV&3hRSr}(}Uo3Yctnfeh-%g#G?9o!P;i({N&)m)nuE>xfQllPC;qB7N0Fk
zUxF2+YzlJ8eklDWo}{NNY#Yj+4DP+rQ;z^8uYtnl8ud+VSuV66rHhod;9(FSB8OUV
zT)z8D%CaPcl1`HKwU+u$>BsCOXr}HQDSdUx99yG$B1BF}K=Cwc|9$snDgZMaOX?C4
z?C5c@3?=qb2fe@J{AnJ57>;|Ntg9#V-Ex*PD%R%3lqG=i^>w`{jOhF#aBl_=Ks4_Y
z8es9O;O+7s)TKh;Vs})Ek|zm5*Dt9d@BRI9?-dxsrzuDJ^>U^M+mo&SbBUKgTKo>F
zq(rjP0^L>L4qi3oorl_!WDZi;;tN08a_Z)pu7N|H&jdD9Q~(NY+N<B04)SOx5mzuE
zMQ&_o#_%U&skwxBxS^m>f6icqW#R>3h@7iygxB1o8cK5y<c7p=<9^ynt4|*8Udivd
zxsLMN*OK^sWWU~wH}}q~#Z1iaVT#M@{&Z+V77lu+mgOP3{8P%(4$($Z?D~3p9G&T&
zThI$;|E|*&T*(Xu+KA(XXy2A<^Ax(pi8phv`rZ}YdjaImF7nBSBJJWpHPhU+c@K?l
zs|iB7Ljx1D*XXM`ok~Sme+#E@FJX+3En}^exP?SLyni*jNHyXqAq*1Vn1KI=QmuuU
z5K6ZijdA6rcJo3XL@OrrZbj$o0rVDf(e(`VB?zH;OX@Nh{vc_9;}4Kxh+^GAPm;08
z8NC`N?2Q?05Fc&OAb9O$tV5D`?}}M<O1wr8euv4~jOMqG6<vpq>aae)shzQ1yb3*w
zvyhpB5bEqCX*DM!#c~rwu~2Vr!6bLWYsc;RYU)TbAKI?*Wl)_5rr*!`OkuSc9HNc+
z@@w7)j#icEZ;eQx4{;w`?%&^xVpFcI3jBHJNU50<9ze?j_y{zEKP!0I{TAEh`-k$h
zY+_LPyWV2)zOH-~`Vj9xLs+A*Ulrm8?fKos4~jD|3;#hvTeA(EzkpB#wcSw5F8`vD
zG(RrLH=J10&xr1TD|+~zjJf?OT!O5$lE4HSnFVovo>s>olE;Ep?^cs7#J!V1o1fc@
zs;%!!XE3S;uAzxNRS*MHnZ4oIW0`50>l(#^rSWbeLS{`k|2Jx@JXSJYULm>oIoLB)
z|L5$$u|CSNdOrSDBbz|FdrrqQ_W(GmziM+<#7$3xkPh1yZrt@x5PU#3pM2AAZU{5N
zl@%>_M1|X`ogRzl+mLM>3($Z;rzBJlGH@Lk-@#zBiM#&;N%bFsJB^#Ww}FuL0z1Q$
z&bv+#Tw}q(xhKZxi$b?qT+DO;2{pk2f*4s@ZaS~*U{Va57v8gppD&)d-pj@!1cgcQ
zjTjn}?)SHLT+zl7%P<3Ux3qXVBk;S=oNAx$O7>k(`CCGlE8r>MS7vQ}i_S~k#fq?+
zLo;j&@6x5p*q7FOK2x7H?O?SsT8{eAO@wp(6pM!hzOw|ONi>}QbRq!XaGeLJiHY^Q
z>@9;NdX<XB$ONmNQ)g=woDp4ynErGA2buD}LCODe>KmcesLAgmhw~DOXs3=k)wBf1
z)Vmrdg0Bse=DRG<@&#O)yn~$%vA3taR~_HZG%Qr`<9F9;;YHer(%<Hu_==dfYzeD(
z3_QC!<x5pzE7z^oi-l%~3kUguf)^p}LkYf0(dsio<L`?s>45VDRsVEz;NM-6XtOVq
zWRm<po_+0*vET{R29USQ%q7H*iD-z43WS!X%rYJZm#)f?oPI|kL$Vx1G_7`@bg&(e
z{%>&b2a)#fC(Tp+<RG_x^TmVGCD%nDBkQW~wu+JU(T{ZR?fNr3Zp7A@=;Le7hG4Lj
zEhdiCT9B#o73*ACb1lG69+T+=sHyLK*HBq)i`!5qX3@*(F}1%+Tv0%v4pF3NH%3j0
ziZG5VfMB6$T=-DV%xe<Ai${1;->I6c1KEZ-5U#QzK#rm)q~BL{p6~I^>7HfFgF=j6
z<v<HkDM3x(WFM?f_u`DMDd`fJ?HXC$Eap*gj7<+IV+KjV?*9)7@W0sD=HagSQ?kOB
zPepo*Y!x=TkrA-nMb@l7oR22Yhs25JPcK-4w5Hg%_VD~F;?}Gcuxd74D(<M_2swZ&
zNQ>R~>o16_9`Tnka>GBpa7mz=s06v8di)9st<;Oh3t6Y@DnuBN<aZFoh`4_6h>v|)
zmxZj#YEJ{1DxWuepVzGDVo3dzGW(ZJXBf;{8&(ex=cW*d2ObbDBoZS0bbDl;=9kck
z0$k~C0UsWjCZOV?0-iH)>RWuBG5g^F>juERF2!;MsNYTJet(dV!sq%gp8X|@L{^p9
zg<G{7*UzmY14*S!$xl*4%_v?r&0nn2ZzRM}P6imd;KKsc_@#NdAn9mt0=cqb7R59<
z?QUbhs43_<N{d;Fn66lSMRE~Ww^qL0Pb0Flur!(^TbyFC?)w`%+fqUP`LY20Xg61o
z==C|vl;dQ+{B!APcTzr%^$mLGjcGQP8U2D&IKpvD1V+hr>MRYBO3c!b)+1Y~XH+oU
z;@?RFd{wl36bWxYRV)KHdshu>X}q;d`-*YzCquJPFEam6LgrX9|AW5&)`QS{=BT+i
zTjqUjvoNJwC#KpfAc8fH`vV>J^(cmK1vD~`JRj_5!DOn(te{Kt?1!=sG=NtPZ4`3d
zfipGP%n%l3#TNFu^)$5n6UL8E3QUs@Cr_XkWQ>Qu;XYt`Zh{w&9c{S+4ICoZbP2=U
zXS+&K;-zplu@uO0Y&4kakLvb@WZ*BrWq~C3uqRA6SSM$*L}W*Wuzg@unWpvxvha9A
zNE6!)(>U;$L%3RfC2lBV<L(~B>@44CM03!fyE?Up3|xID|F<moqb%YKxi&g4rzN>u
zGgWH5>7J~Qd#_CS>v)|7>|O<esanb3`MY5cCX{W(nuPEe5a|sq4Ch&9fy=?5Y4bRC
zBHoXBf+Pn+{|TM^llBjo_kLpNhR)C26x5IK!pwy=KOz8`wnLhN6zrzcnybrcrVo_)
zL8)ff8*<xP<dq-`@ntmdRs&VenTBFBV_h_S3LV>ga(*M_w*91oJ9E#-ulsqW==TW7
z;VNe#_T`7+nW>r%Z~uVILH5C*3n}W>>75L@Q9F}=<!Xkd{c#<%gt7vcD?ByfSiaWP
z4w^c?r78_AR28CzScidn5VO>c7owsOd(q5#@4<h>7H&2WBqPhmRGPq=;e(7?`$aGe
zTMrw+r=yBjz<b<sft+oOp0fq<t!HN?XO!dgOfH#;z74<nxvQ^lNY{pIvv5|WHK5vz
z7sYIri3y%T61Yx(v}2m7R9X0`9?cN0RHE8xw?q^g3!tm|Nt`VNTm<vToc>JvKOds_
z;2e6AlHFP{L5gm!{X{=^UQetNAn}Yr_*=%d75KU)kG)n-?w_6!^7VMI*20h$)Bo>b
z=h79>tRH&KV7Y&kp;B_ZtjoX17ZuhuX+Fsr_nYyc3Q4WaU!q+c!09&(S9}V8^91r~
zKRCaNZp!Q`J)_B-r+6{Ul`jeS%6sOzgF&_^6S8ALwLkdS)DLc--a#MAz^<wFupTc8
zo)$B3!gxYx9CfS5mMB!J>PdZk%E0?#D)o9wTf>+ol>)OA0GayBd;TrS*z4afX}G3p
zY}`)YEcmgY*%d`D7DeB^?danTY%uh8t6Yj#tOgD`&^8iFf@c(%lBP1w;lh6P%$_Wc
z#$vIOPM+!;Fm2xDkt=5X+g9*QEJkQI-54c<l@7kVD%4U{!XKWP`i?y9_t}RDOzBy-
zva0ZgliaJO*Sq>eLx=|)DuXgsmcpO9a7n`x+1uOnKzR1(FSG)^bnZ9z!36{e0%dQh
z^wv@YS``d)cV=iRw&wXg(GO$T|9l++nvf7QR>rXY+H+<(`O6!Mx54ySBvzMy5TmXr
zKV6rDOko#j)=Z;P?hlUn`m5kGMkG<4VHdS+Q%t!W;xx|FTe@pI#GBGEYi{ygxKLDE
zXxWXGrw&ZJcNi|tzOs39ojHy-4_i!%rAuI_kT&{dTN(bU#-k%mGo55Z6$<(Hyb$+v
zeiWZhYE%D(S-IU+G|ha`*x+-B!vJrBp^#tUyG27S?)LtvyL?GG71#gsi2!~0ZiMEy
zdp@YoA$lT>9r0b@L0mU!>8*>p6>!{`reog4OMY!W6B9hnE>0D-FYyiUB<b>n21g}e
ze=2a7sdCnQMdfFpOkqmy>|Xpi1?)HGTCpj4rlYMPwset1wx^S5ibShy@bD0i%q@?(
zUwTNm8Tb5c3Stv~_z969&CVBrUBlnwQl_@PGTrPw05pif4E{#c*pkW0pH@j)xwD`@
zTO;+aNd5gkDy{bttgfgY-1*w7#hKsAjMeasHhbXt>VZBSQE*yfc3?4PwMU_%4{VWo
z5D-&k6r@~7?BVI+K*Zzco~@p1lnt?<OBki>TuwP>iqeTn!@?!ssGiC$u=Dl_ttQka
z%<K3|i2uZNYQwiJ0O0Lu&+oS5GW__xEc-3g_w=2i;}hWjXQ1j;@&7m!o<{g%_kRr#
z(e@+CH>wu^Gyne_*V2ITf6dVXX$c^85KgxSU?BW+AUq>>t1VS=FaSp6keLlVMA*-m
z-O9>P%NTEB=>~KJay|pZaYjVrzm@ubl?`kMF309&r{(-7oy|BJBd_&PnJem%+l(46
z06Ej}<DbLH1j}D<3bp84FPwT)06+_*Qv}rS9z#G9XPF}q#YY@;Oot&LeoY(z4pe3e
z|A>PEw0noKI76#M!oN`f0E{-$eB+-8qCP21v&0Y!tsU#4;Xf&0JOKcJy!&5f%Rm3b
z|Mx~Px7vXDzY@R#4V1Fng+FTHDdtgjA6Qd{0)Wk8hE!E1H+)t<=fD&VqIz~NGL8m7
zK}d#l0k$*NU;Zoe|920}>}&!6b?AZ4SH9^{tvkLDZU6vURa<cL#xiFw)Nj`$SY0Cj
zk9?^ofXm%+T>!Y##lOXP#r?bg?=3w1Vu(E`hKVuN?RKr1J<fAk1bPs5)Im67guym0
z#O6R-002rof6GcS>vebK)9>-5IDdI+K>6eY0Q$jA_&+5<1o!evQpnv!>5_r}R~qOq
zSiQZE7@d!9ib8N3rvGjnFh9ZxBPZdJa8W4&ZIcAr);qCM++x0zwG252ngnz#K<O2L
zTDSw~OAEY2#yT#qLuc~;Nd8Zt&Xe<#j>Yifpz!}UMeZ$^0Cb;DWSa>@i;UOI5HXg=
z_NA*a^;y^>I#HRvi${m-bVxZ=$tg1>Dfhwj9(_R(MLPP(3&jBdFj)ce*R<u(H_{H6
zX#XwnzqY`q+ODBkjFdciOHk5G;)X1Y?!FKZGYd-Gy%6Gu@;WX6poopas~q{|^Qkro
zAf;^SB@ctf+=633Ohy=O2Db}TElXkuP-ZaxHvd&FN(9RLJlLy0l~Hg=8`-vFi^0ET
zwMu&R@C!S_{c_+Lj(IuR0b(U#mFad<|5XXN9r`s(@`3KVvNcQk8@6FTlt5qrG$gr4
zmjA~gIGMoarqK?m4Os{Pn9<^&MaDouO4MWka9zjUy9oe5qGODbq@^Py5_8%>Ps4b|
z!jMP8e4eQ%>z4Wsutibl9rCKP=GU1B<mzBajRa#fPuDhMBIDZK-6?JM)$5GRnBpGH
zG2%t}WQB`<7LfVRIUzj?kv`51fD$X4V?d#LKB4pn1T69JtoBt9?@&fM)UF6m5-S0q
z-qEZmMl$eQYYh%j0?~X}Kv{q^t;~lc8fs*kr`(9%Y>LR^?nn$YG$Ew^9|issev9|T
zTzVRUe#c?4j*SrkO!01dKK|Kt);FYp>q7VWQWytNL5T08GZWZsGWPqb1R&hHKgp?8
zHUpDKu6IH!N#U#NZcbHSX9VSfHYY+52Hk;yD00*9={91Lm<|@y<%V%N4A#V!?R$AS
zVl3wfqMu;Ax<?L@{t*T0$yMI?nOm_f!JzEGzd{rMZBc-oZae_B54=+`40osa0sxn^
zM=L^kB|vp!Rg%PE?r~+7{3YWl!+WC_<9-}WW<+bpGVV2L0|0=8VlDt6K6Hou%mDx-
zN8_MdNmB7VAe;&Mo}TEGxCGHYNr!+M27>3P!5;vinlggot*9leuseuMSke6I`)m80
z22=|Gz-?Wj96&-ZAZaHgiZPkv2=iw$oo8APo*y8)WKM#Z6F9o?&<5eoKy3o5bBReR
ztDzP^oLCwB8Z5h^9suAU3vPM?A65!&`^z$12x^Xi`<<LFP`Tg+Y!n;ffFbndkF!81
zXdE&JM6+31))$*I{?2vYWo1`{tFii19UtB4aRSvL2#GGX3;6{{!xi-QBi^wR;WG}g
zn`KxlIR2I;ZFY^{)aHtVZ0HF48U9lXp?G8iB$v>(Z)w&ifYJ}6DC{VMy=sa+BO)oN
zKez80Td(#F5@Dc+4Dt9)YCva4e4|(pZ}~FxQIr1(m~}i_9e~(Mi~yqvCt30G%d)Ws
zOR}%fFWxo1qX0bC*A0yYaDR*qD7_gIZS4&csi-I!n<WN>U;8IyG@Yh|5H8;L#Q;EY
zBH9z)lRZAPYiK@Y>fuq|UqroR$<U0l^$i_pvW$2H84r1tgv8KNEO%^$vDpWk&>c;$
z_Iq)szkczD4<y#ABmnAxj<{nbPTde`RJDqjzNqmZe5nA`D!>A5p=IV?*QB&;jO(m^
zL<`m+;eU%+)FH@O*p!a%mc!e0ue9*$kU}frIc)m~Ccx3>Us8rSNpSlZhz0_N5?U||
zfNY;ZNOO&&mv{yHF4!9;Zn+&qhxo|O1O*ZR^v3gZRK>7EIMV0aM;IBJMI~?k_zn`~
zvns;3AGY>6q6H`treyHxm4}W5a(n^R05Yup8Jke@>kaM&H1<+ty*jIKqq+6N+PCO?
zPsFny=<uKJ?>3*lO=EK|F}9qbKsDu-ImS;_O<Fun$L^{Q1(@R|R~KN04z){&{#Hfl
z)DT@m->Q^wXHbhb{Q0ImqOBhWP|E`9e|`FmDlvotRi{oJZbyDQfy)WHbKr_ZqtK?m
zi!2eUt^C1H1=LX3)zBRMVe9aL#P^7wj(#k+{{*y4`K<c9qE#y)UfIK-R^3iCXD0=z
zKmKU?QoSVlD~_cx9_RNT;fyCJ<%)^`<M#sqOkxP8FlKc_5t^`0w{3{$WdovhNOGq$
z!6hV`Bb4i?5@+H-tlQ%KL*zjt&I_^0u?o!GyNLKD5xdH)$DCuBiReu;G@*o2IkB>k
zWhG=iOuY`1W8%(>Cser1<L`lDSfi`4yRp0I>TjRc%yX7farjHE0@VnlBUyUTiQDXw
z8Z0kn|MvDWtulP&_8YW>V{oA@89s_x*u?TRGpNJa-dw%#3h!e)gwLC+d5=t$Awl}l
zSkd8lYB{?bNO|}bzRwv~$|H{Nh|yZE$4pmn41%#)&|B{IaPQ|hoJRY>l@rf!s_&Th
znjzA&0b`*HBhAaNO4TYn{%3ZP&gZ(e8f<jrB{_{Q06-O5nisM+sdFL$zGPS+B2fo`
zev$-w3N7JJ`N5o<r2psLQR+dK5vnZf!vLJJT+zj*n=<g?Z$YY8QX^r?Nh9fDI-`mv
zVHC$;rz%M6yX@dAt~-}7#-LkGYX&y{UCIGT5*`yx4N$|+rhcRLt6FKRsx9?DOTa%*
zdtb{|57Mi?Gnq1l;!C)0EFYq^KoE!AdpQt8cB*rbg@wPmkR&4aiELeNDkI-WNsn?S
z;{A2Nb_i3l-7=_0nx)~r$`k40(x+|f;Yq4z?DRQc9g*>mSR>fft(@1*%~^tE8f~EN
zj_&ubwRoLZM|UU*K_Llc>lHtKX$4Mmanme>O+WXn1I714>GcEKfl;oKn5&N7DWTcB
zQMb8i{JhVHDVxo=m<<>AFNenCiTSig>AHJ-VqlS+YGolzj-PV5R^sfPOX<HlB*I?T
z9iC8zD!Dy-f9aH_>84AY*n+BpJ{OQpSZ)mqK_?Ip&Q}062AKhEl<A;}wCLXBE;mjH
z-;5z06We@c$A|iahK>+G#ED$5f338Gh;QV<nD-MFS9xMiV+kW+IgqL}3;?LvbTz6(
zh0sY#CzDYBVi*ffCOMFSeLO}mE!0~bm#YE*(DO!25DRk12jp9u;(E&8<C|xM7eM)I
zj*5J(0-Xcpc3?rN{%;{M3+1r&w5H(qj*b0<pR^PM`KeFm6eICJcwUc3>6$}-xM3bN
z&N)lGt`B6Tj3x5SYvP+-ziJfI?Z7}+<I1evPtE0aIeIgGUBa`<0c$=tB84K<#eac`
zoeAha+3X)YcZ#qcqJ<gVD3Z8E9h-C$6lfrg?#bd(qh$E8F4bq?v{>UJswc9>SbgOu
znJ^P{F)*~UJ%!&vd17E)iVNS;V?Cq-w))$2c)f&S7$N@K(%0gtw@Nx~8Dk{n^`|w%
z7DoQBrDR8avK#vwuJO(^?!jHL6hvaH9r376fl~|FD3=KDUyhHt*Uyag)Xk(yDtwyB
zLlSlnZA9*8T-syYx1t+A@jyCmm6)C=J>*Sol<yEFH^JQ4M-|TI`bvRm{WQ``i(bW<
zf!WjpdRw89&xX#Js3<<?d#~Bb&Ztr@>%pPJBsqWo$|90-6d7<rHma&-oynOKUc2Dw
zFxNFKB5NXwc$Lyb(~uFBJtZnTg9U~g>()RIVTm`luMn)6{jC!7!1Ed?0J<f35G4<^
zyP*OGQB`PQ8;KhLu&fLXe0DTzWdH-qK%uvJ^edTU_lrZa3Xk=SRp(WOYK`&T6hIYh
zyAyWLNBj?&CWb2l#EbOFJ1wM1d0sRV)RPgq57r&_1jPZ+=3WbVy+QHxPpmi0LW(qr
zqwht-MOIMBQ@xV!x*i*vZ$x}Kk=>DSiNrxaqhw>Dr7hGZQ*jlL-s3_3yMcsX%x=ZO
z-`6bi=hVA)T?Lt-9S~Rk+vmtPJ)ER8xe-fa!q;d^Pb79YM!c`tAVlc22GwOFvVW0|
zTURx_;kKP;y)@6V9SE7wBnL=#<}1cR(FOvGzGLwIQc7A>huf3isGF#6r22GzN#^nE
zaUZMbMFK&YDX+ldOwH=Xx<P_LUlUcYoS!kzp8Cm#BS9s5WfygY3W38X=WzGT;1E93
z#WhIZ8VOpaSHBo=uViMZWrM#iQ$*Glx@$9zFg`8_YF|)*(NM*h;4&DPwfapG<&u%B
z;d5;QfN3cu0f5mQg*mWKTR6q0N|%XwE?54+B{$Xyl!{QUwAV_z*8ank1yubThMi>*
zu0Qo%5Cu?V_NoOc5t=?vee%0aqDP0Ihkz;s;8?ipQT(N2>=76YbdPy(leD(^*<6i>
z;g_HdYgMstOR)T?MW&E5BK0oljGf4y+1XE}@?u<Aj@;Gg@Hun1Q-+Y_mg&z{EYD<w
zt5)xMjQ`U&FiD^@N~&(!YBk5^O)E~5x6O?(Bd{Pk7^41QGd+PoOQ3)jq5!)_xUtVF
zgmc$EEs^u5;w|##(T+TemL;AnvO|#F%QD+VcmU4Z#%|ix1RLWt$7u<Qkd;(WB2O)u
zh7|_H_S=POsi=Z|9edlwgFn)~kjdvDoYc6xMQvG-JskuEPkV_#yq3~p6^o3yG?JtG
z;ftz;Mfsvr)|jwSe(MZilWVJRfB>L?szaN$MzVziv!E1>{0FcMLmxhg7NQ51NH#JF
z28|M0<v13I_?j~~sFUg}J_bbzYQa>ll?eJKiF+wW=0!<SvJC)$t%4QPw~cW!?Kn<m
zJuZR0;b~<tgbw@m(1nf`#@r0llN@LBjap@=h{&vVtiHCxz#b&5&xG-QZ;la&@v%Yl
zX-JWdg<zJfv7T=eR1M@yvz}3rN4-M`Z~IR2tb~4JX#CQEOzTL&-x5&~0y))K?L7Bx
z{<nZlFMxW!!z${YTmvU8M}+0IrLZV2lq0#tlNnm#>2st-JGI41dFb}NVlO0C0fvF`
z0Y=jXkF7rpqm>)lF4+1(ja)L8(TgYc80X9k@+ejbt>z3-gk_nDC~na)*yTlNa4mRr
zn7g@LM#zq)N)e4pt>Du%6U9uGq^ayDr>U_wwsJ`0HPqM0TTVX?o_VXXw6F7-h)ogt
zO0Lkd5IUm*V*!nsdmh_O=h$QMCoMYwOq%d8QtByv#ohbNKEMuvY{kIfN{x2QKpfRF
zo@gBkNC}>b%ZF7aY>T>sxIU7Oh;jYXp)xB9ZpisrdJU5VJy~W_yW(1|!j3V|PVKpZ
zJL&0LV(_o!+2Q9c-=X*?GFW583(do%F6@h!WwIaOaRbn<wkXzquQ1kNRq$aZcDMw<
z=w0vp%%FLC<7)DbHw<auSLg}Z76|~HI1@9NZ0!*~;y9d@XUENZGcD1P@|3Q+IaW|g
zij|JHELkv*WHuT_tUNhmv4!#Aa#^Y(kypFi$$B`gOkl_RB6*lBVu&!O46L1u#3N<P
zScOCHWYXl1&u6L5ha78-7;pL`EgS(Z64DcsV~)t;^S0l7sm!?6*}EnV<v4CoVTx%R
zE#>>aZSg@>;{E_*{Biwu4V9_rl_ZS=gDKFumVf2w=+Z@!=hT|dx<Osn?D4PwwcJo|
zcTxgVbzY)7?qws`QXZfJv4N_!zj3nLCYNbD-~Q!`<I&p`%?|s!^Bv)C{&#q`oILYY
z4Suuy1i~hra|gt~QswzhDY}qFu>NEQV?dS9^^su2w(;e045VD<fS#rtg~LiayB#~u
z8V@^Vz6UtvWk|{>dy}*KTZ|jiJLf2hX0l!&Y}H(jm?22<O+y3?H2^?;Ht3EXYi<;%
z0#M9jas(59l!2*{+SWTkpJyUIycm{!+27;c$-_Z00svq1IH;^5r$Zv=;*eANLyDOo
zjJ8s|=4N<k$NN!|FLXb2ug(!+OyQ3=zNDsl?AqQ*Cr%>WjX}j3XRKqI|6e0;6Qv+g
z$S*pDW!{Hzwa;B)s%usXaii>Y5GM&;+lXzskDJ*L=a%DPp7@uoCMA8Xo4>DSaEuKO
z2K;rovfyQ%K0Q$G<HulJPU>V4mH%y)k{677?m&@6eB47g#Zk?Ll&{p3b4AwloVqz|
zl5o_7j;d@LS{!3UCc{36&YaU!QS`>J!Bx!fyednN-YhiDcws=QF8dj}FSm9rXtH`r
z17vSBZBddz#~AZ_W!P&$-2=dBw&pjYLoZgK_&9Y-q5_qAOGYLcGO{8U1*Mtif%+t?
zsU$2(gND@2WQ~i-tQG}4-Gc>E5%L~ruNA_Lv1A7I#T4!ZgYitub7=f3+WC(GXB%sv
zX_=3tKV^BMd;^jcZsUDmGt0a8JI?sY-n6sjMx%J6QaI%IInPlgAax8td!uT00H}n=
z%%gl3%gko|10xhLiJ@VZ{1(*)09ZCm8o3Hlig}-T%vElfeLkl)9AFD-fvF~#7Z<`H
zpfax%rP}4>^Ji_<z<$-iSs>T*Tq{s~N#Rk=%$8k>;ZC`|&fPlN;Hl)a3}nU&X=@0|
zcoWk)%nh3%$44Wo6}*m-dQ+dHo2b7a{6dV7$|cxVM4hyrbilZYN*r1i?`R+)_vwj2
z=?gA23L1GYHmrY<jic|7m0A^#K^mvi$xYI-P{>^JyOGS|uOrW$8)SDI<GxCtA!__}
zVQat~5VtVHJk^Wf()5SlZPKhA7z^IAM=5-Ox}lh6<cUf8p9-jqbMOKf7MT&qoQ~*0
zUqhbn*Hkor9M7DxwMZMx)WlQcIg68vZoT)y^4EdV)cOVc3JIkvqQhS%^J`FGK+R{*
z4chz@fG+QjyUXn|0Fd+oAgyj<LKzNotI_Q^h;WzzpkiQcX}89E-SbQ4o&_YTyaY*H
z&;Ubk%OG119Z}olu)aHLKEj+E)B6cqOfX_eUc&(sGpNUd=kZ_Tl8EY_cyh(>P%x@#
zzmm&2>3?EVIL5e%(t4mf>{7@_$adH45>*?`J+`M84U1&QHbx}A;RJ?>jgBy5hbh`h
z!SQPCLXxeD;<4cCDqUwhHw9p05zD(8k~I{vRiA|%27M0%mei!{{*K)S9`B4?HZRdk
zRaIxTMdz;C#L(`1U7rqo;!rS1)M~zd?@-}H3u#3kAy^JS?e<D=9)xwfF4=y+2-~(i
zDTn%2r(D*AaO8pd{Z~3kb@WkE=^W+FbN|ej-)1|M?CSn)qkN}6&6Gh3FAzf{MzAO<
zS-rB(R+c4Rsrq#|T2cgIIcBEIu2MOLvVTr3qK(Ni)q`JRzC<?ccn?~*h)$eEwVfG?
z9wZ}&XayvV0idT-NWX;13p&{sql|g=qC^6f1_2h;vasZ&6R2yfEM#9{klY*yN(Cw@
zEW{kqTGd#)wXi7UMF1OTUDc5El7IB2fojyiP5>n3HrTr~fPgXFYRF{@6Sk>Jod0Gg
z9v843=~}pLI40?B(EU4^Hy#V-#|R0GHvrPSo}ReA;NqQJIijn)tudV%KDyUr2gh%M
zBTHiGi;!0cKDB(eOtIZOxC!e?&TODa)6f-UW}EKAJ$(^(SUb4cZzeZ(&K3HBYS?}*
zCiu|^I-Hq804exG%C{x_6jMS?pJjrJOShNVJp@a~;kmz_VSvEkV=!G((qyw&v?j9w
zUc<uG<Mt6`#)h%(4Fy}(5)eh11k?3dY`n)z_Ru?Hp0G=opocRm=mz66XYnBgYr3Yn
z9Uw*;BN@muB(K@IThK~03?!hz@4c?ttPq8#X_pP<ka7OC*;ig#0FkwX3rpH{0IWGG
zrDj!s4e|HjgS%f#$iOh~=f4rQ7>PQN<c=o_cM1+2N3ruRaYDj{jyR`TrKy(*ep$n~
z?oKo|E&sz~#j7l3zAPRS?YIPPK;-~_S^D$tv-Ma88a)8VPPpge;|PZ*iu~-oEu6?0
z_?p4GM97R%vmC$8E$Vt*GkRNSG+lqDRWW@(@`I-Jh9)T?Y3U&ySTtsaWA#1INR3F4
zArz%7imv)T6`_bk4%tq;yR0T3Ly7*>FR7|t1*d`YJ$C*SU9GB(9rM|Z`9W|VQJHS0
zpYiK$iwjd~eifZ(C+Q%wmStaiRwe9($#lPv$-wLQ)Xzk8P5i3vlY2Uj0cet(BA3#o
z0!PUDig6YC&Zw=mlRU>;IQ7Tg^8Em7j)LtRFGD-RTcQB;pa(p$Q*Y%wy2uslOeOn}
zBH4+y==-Tiy(8|(b6&>v%|ZvyqVLfNK|4nkC(nJmNCvT8pOEj+ZPTkZxuXrx;OC-K
z()gpAFBgKAuMrK<;d~&iQ2i~sF*y9Ga@{5X0x7@eM44ow$}-=(K$<6B=?lakv*ijm
zl(p1r2(z;VYDfhHPXK_Sg!}jXwt`BTY6Q^*X*$w)Vl9c!y*JK_S1+2i@9nlVv*nUA
z+#KSQD~t{PbXv_^&r^{Z@fZe8xlsLYV{1w0Ohy1-fKf6E7dSs-BP@#px4=e?Axzn{
zo!EiOy`!GL1_pGwm4PUj4>q$@BZbNO{g*q~fh^l2dqsOK$CFQb4INM!=6OQyjYO1m
z0-;I#9T#8WN8?`Dx{-|0Q@x%jX3EuzYgwyZs6|{{JlU?be1Q6qzcr0pFkgaOf?@UX
z6@LmuRd(Sj5cti1>hGIUv8=+Yct4<FO%Xi-vIpqkIlrBn(4N{ZKjP;I4`=J;(q1&~
z<ms@#eC^DCtR_-sP+HK}?A^l9CW%c_l)PR>y9fHqCPZ3a>s!o2r-00gabKs|SEIDo
zhraX)nDT9yh1%+ezfcm`yc*WK$p#>9jtM9B2WX==9t6h;d0TDznGi!uKOu9^!2P~5
ziB1iT+w%##B5lEMmEvyT5GfW(l56SWx#>ZX&7WO@kB*oRS_&7F{yOoFK+H&0cl8^u
zs3B#mn9)w`vClPQ!YbN0dq%$OcAWsTFwf*PKKxS8#Zozl@OhZjt__TYshT`2`1o7Z
zs`t?06+#&LbCvH!d+Se!47_*-^XQ(DI=G=UQc1MLEQVTZY%;v6Uw&yvx(c^x1An40
zqZHXG8Mlsa8k91<TbLPG4u70BHis}e6udmGe~&p)*lYi*Fez}JAM$6|tBFCuhSCR)
z@Y@B^#ehEmwtR{=a(z-x)B475un!9jY#Rw1o`<~(kJRy(us=|VLQj+}7A|In<@k*N
z<tv)JSFe2+(ERFSP2eLiId2p*9Ad|)l60Z=0U!;zLjZWZ1@n9gehQi~B==DKv`Ig|
z!m#2kR%1EFD8qnOD#9fEON>jtF?DI@g3HR!{F;}V|IoQv_SZI12g~+wwU<Ia0ox%3
zpS|fVst!-Fr;B_mUl>R`_<g*CfMbdvM%(_(YqASFw-eHII;=8Pw?xG1E1<Ekdw^%@
zEIsRCWrxlzPy{9l=*7{iJy6RVMKTYrnBSqU%!?HT#A9{#_?&Y^@7?VAJy3Wqlj6;4
zL0dgQu6r;dd3yL3y@)`eOBK^%o7rLF-4R<bOkyL<U6{^wEQmX1qCOZXJG!f#@y9-B
z0PiPSroRjk^`7#@?dXm-x1d+-4npF*2gA$ai_j6-@8$15C(@Dbe+rbq7E8vVS-R}+
zzK1uji}E1H;wBx`j_Wmxay@oWtqze{XbA74MZa?nD-JtcK0jfRh9rL_`D@gneX-b2
z-)&zkf9FsLM`TOt8!nS{=41cNcuY(&OxJwDZu^JvxTiW6fsW_<AC4&W-f{t?$J88T
zC^Kze#5Jz-we1(T2fh*e$f}>4(+!ojHnloECEpdtuCrn^4;Z;TFc*2ek}Ifm=)tpy
zoef<}k!W9@-i^1DCUL@eIP?!}1~i!YiG~JMhq#&S#NANJ8m5Ai&I2R`P@{9nU%KcQ
zGt69Bl?<V&iMm*)7BR7HA&qN`zlFP7#y;uP8Rv?iD-AKdfiYZ#S6_MzSz3wZH}oeC
zSB2#i-UHke%izfW));(|OA~(pfK@FG@BnA~qxL!k-nT6$4frI9dlzy5oRXsc;0FGE
zGQPe(O{9Xk!hNV-%eDPVLBb@7a3D!WlPAiWz-hH4Jvj$`nQ#D@W><KSaS3vWf!@?D
zb|Aw3!7hF(5pRC$mU0{0V9wxnzVqUGj_ZPiQc_J}tHuNUn_&bkWzdSPBCk<m7sg6=
zLUo4O)9{NLa=WA)n08eIUB)UBLqhk;9VV_r;5ba7K;w$-GwZJ)p|d_GeT&E&=?!e5
zdzfJM)@Hy#H(YbpG5Wb*CDO%ciA`bu2uC{*uMX#X&anu47vDGL+CGn5QXG_c-FjK;
zk!HUx?!rYCXnQYXJ^$HsMg85Acvpxy|ImGr@pK1|OL<QtBtM<+>U{~Rbvrjlt75?<
zdc6b<LMs&tZ6}j@Q{rtyGfxiwhg2~*PSA&)*WXwZQ93z!j74XzA?wy|Xn$_+9Y54%
zhS)QHrI>qbevjXM{j1-<fedJqh>;alsOm<b>Q$PA_9H@c7FuX7*ZOKR_$+%|8^Cs*
zL#iQ`j+=w)2(MJF(UWTUv=wS6^Osim>URLNmmVd9?Pp=KpVv<!3v)|NP6EYuh{S>|
zVKxQCEJQP1Bi^2~%Y=!4Mg<Apk-Ih+{*D5K3aJRhmb=9sftk*<=>*#3md&^wH3sBW
z!dyojQQm0Y*m02tx4=i;#WtkGA(1Y$DFA>O6YN6ydu_1$AM(F4dSIU_hCpBZg#nBS
zGpB-t4TRh-x}?}aQXFKQif+u9P~TIhuft7=2O{9d*vMHEF%h<S0V6<urVzf=Bx-q9
z16WQta>(d--g~wIE<WN<4!-D6dwWqa{r>=dK!LxJC>1ZgU7fPJkZJN8l=A2Ka<kV>
zX@@zwB4Juok8>+AQ`1wz{MIkLFaN`Wk#|=?Nx<tkw`&r36ZgWAFL7-yk>-a7XQ2cX
z4FLYnuWNvpMBGxqO6^YE-vxa^4{`sToLbBEJ0o*rrXQF^Th$FooZfT}|FRG#9=O;`
zE-CT%NaG&U%NF8+@}synSl{eeLr*@!BIpgXW)7r<i(>dzzT@-#>-@1pg~W_ElKux6
ztVZ*P&fu;t#YA!+o$@#B#0fqM*82F*UqIE~)N(jl3DRD~Qe!*;9Ks7I-`pUJn-M!)
zJD44?US`uwNPihwChJo(rV*K9;G)*egirp&1BRZ|C-8e*I6_O@IhmFpbq4a2|L3<2
zj`U%&Yt8nfe)5)gM2<Pc@fZ_)qB>fDK3F!n7*vtN&rtdB(__@}aJ!fL>LCdg44$;c
zgXSj;mthW=M&&)Kwu$;+lLCSg67{Z@qZ?}H1o*qgAF|7Lfc^opw!NjXmvFJd^|l-m
zuICdB3>VuOoi*>hH)Vc!5igdIq>z6wM%lYQKCO^XbUhtjXl4Ka000014*s=(D@GPv
zTMWiP=m2ye4PGFn0>N;vo!*)JF!x;azZ(Wbc!D~N`8aFh@!oo?4#n@-s-u>#5NobJ
z1K+z4Y*ZUq3d7ed6#^NL|FBK@fVR(Hc?30^cVRFJwOstS7MEot3`#)(ymy;$uJ14d
z2N5b7-T)1j=p{PmXX2zaoeN(ObeD}QGM?LE)JEDwq9xYPX}b}^n+v$1k)Tl#dPkwH
zSTc`y*ljiI6BwmC2`lU8z|lW2N0<wqCV;|4=;^d#<4i(11-8%rAT5g>6yTb?F)`2^
zWR?M4TxEX%$~}2@^O7Mn&2$jugqm~|ATr`H$M%f2^Tn4+4sfh4<=DxHno~UB-(`;W
z4aZ`of7t8ZiL0E?Xt|TbnLJ#4?cV9XqW$$IHx~q*#f$1PgI$-5fue^x9GYnn0i-ZE
z>x*}W@Z2mF*gWfm5YEP_m>xxUPtd*35J@IJEu_#6o)~u$DEMIHys;GX>tH9QtF!|d
z(Cn@O>21xfc-h$xr7+muWM&QH<DIO!Qm-z}x=3pZ00kj8mUwOB{iLlHZmmhd&|)C^
zpCRV}qP5T91nA@^+M7x96&=0GayZf&7~H$PPA_M4l?AL=#^QLhXaynyU#Nw+Mv1E(
z&|$GFU6c#)-*5|+xGo>?0006TV9SxW$<}z{Jw^G%wVwo=daO=Zs&{Jqd6W!q&EvE6
z3ZaOY#GJ(@Jc+LT=`v`mCcT$O1`MoMywpdHgY8*xVE-vvHp22<M56-7yf+L001^~C
zt4VMh4wpqkXt>xCfC3-tPvt$FlN@)Xs8_duaFl3)1J}C{9eMFIUPAMy_^~V{UfvU?
zAf3YrFwgm-R|(EKlEK2|4w|I~Z%xK)4c2_ZhQV|PY<K$*w$8zBjuhv;K6@^lL0C5f
zloMmnk^q2~WObieX`k2xuqkiAxOZ!81pD-De6GAq(r)z?!4o1?FiV0k4X^m}e3&T`
z4B@U@gB^aQs+u_eNQI=YP!zg9<}k0o-di-!)@&|-BQvAB4P=G*iGIE%i{^4Cen`p+
z%8ouO%uIuFe}}O1lUh=|s2k1tm0PPm#R9Y4R#Com!(1nZ&YxZ}R&3XREx)mhfy`sk
z_*vH|&yRyqS}l;&=}EQM7Y=q&%l|g`6(!jWVy>;kS<LT|pbbozZm{wqNaF3N7+kXt
z4UaYJV-Cw(lIys<(PHgB@AbRXZ41+p#k}f*_D2?bVYkbu{+N$3sKQwyvXZ(li5@q`
z8sg<{^2JdpazPP;Oa+B7qY-JINLgIlv@qjv&Zers*?Pz308k+TVdcp7pfXOjIL=T1
zYajqbCi$J4rh5=pQ1E}2!SYaGLJn_N8obk3&2acHT^tzWc8A7*03_>#fB|{n000L!
zSZ!DzZ9kBrpafPKZ};*I`C7UWouo+EGv?t?A@i(mo&0j>CFxRvQ-mR51dZiUZS4C6
z=^)4ea^67%QKiDa@!6@cQQ2)+I_)4YfwuuD*f0vpplw=Afb!JhhMN~oWu*FxYTHjD
z--=TDG&HvK19;2QAwHPYax_IX1Sonsj4<2DNZ+}hc}7Wo*FZknhj-5T5NF&SI!TuF
z0?{^5ohIcd6d6|S&)9%n`lb*Lh#<xZF1avuIw(+G;CSw5=NKr}G%sbwk8<^JGv4;9
znB{XTyjXq(d!eVs)TY!wZg3$yHMlbwlv7>ibI19EH+e;=-Qu}Ghk-j>re7xU<eNb2
z_nI^H+tgL#P1AXn??DTDiOgm6G%i3!k>}Q5Pwd1xovW|CBA$A-&9q|>qB3TuKTSUz
zAbYru77#mGAwH$G8AL=RxdjA7SU6&(0j9};#e?fPOpPs?atlqFgdgiR+PFz;Xv#L-
zf9k~g9jFr<_Gka5x~p>`F1{ms1-Fivv0)AF5__V-#-5+B93=rZxxP~BMF12!$aHxs
z=)Rq~>g0a6004avttw>Ck|!NS4PrOIPnC+Su7e)|;+WS&KmZkB--iQu0^VksV62jC
zWU|d9x^>~Ezyuxz3~&aGu)LSZ>;Ny4Uy-B%EemV|JW&$3<`?#tn#<~VStm59TLI1K
zNk9M|bH<D8ZIC>E`IF#G@}5;_o&=H%jp`y!r?CwX0Nv*2B^YnDGOeUMA|TiSH2;JQ
z$!m&qWqFz|bgK{1FQ6V{3kT!qa>ACfaKxAO>N{Rn^6JM(EWGEioTR{WRZ08fH0UEB
zd66qX5%~OMVv$owHNZ*jVGn<q$(-AsEmMYWOhOA-#HcM$d-#C)*`784&xl8Ob4H(#
zc?}Un15DR3w2J9<8J9TfsD%{D=B!WarP%0b=g-;d9Tv;{x7x=&Aglly)|yPB`7H0Z
zaY#j!w_5}X#8IzMgQ0PKI>kFU67Sa{&Yu7X>o?e`D5##l7>ZJ;)rZJa33L8q$SV^8
z5>ILSO~yFW))c(xlLO9hPqVd~kXgEHHv4<3S3P@{KF0r9^RmF#CW}wNVOx=Oe6`0H
zxYp*_oX#mq>IAB_@Fz{y(xG)*&T=tgO_9cIgs+zss37+ORt~Q%tOhpQvAbrh9u@Gz
zikPp_@&wHNN@9?<8taQZN3e202CorE)2hQ(I3GrHwh1#+B(C_*9^Zy8zLS^+o)q@5
z50y~{zu|*?w>^5g^9p%+so-wx&A^@V6^FZA{qLW^-sI!=uvWUcutBMlp=IJBBr~k$
z;kUOhf6BqeS2i?4bowo*20HJ(UF3@vj(k8itHP3^9eZ*pVU~*mY6L5dxfql|wy0mi
z<q8(8UU=)zk0=8@@|KmWUHf}+$Ux^#HiZPZjO^$}QDO?ottis$@yL1OqSpDtzOoJ-
zLUtX^Rfj*Gi7X8XC8fl4Be%|j>xNH`?5J)N={c=F1<uhVlLY}d@~Vai3i;&)FmEiV
zjW7XSQ?R<lq9Vb=?(h+Y<b+1c5C8xWEC2uiZH$EqumKgWeuw#$XNPw)45Aqjy)Esz
z!x^R^000pdcGatryg2m+6NC4P*Ekwjaa#E}k{(((MZ3)MlbuDA|3u7TBVNEd_Dd}3
z@@%5{8))!-oyHinqY>h-SQWP$QS=n=KE_eU#&qqaT-Z%ifN;td()+SYMh{k0D1`7-
zzt>l6(6*~9z+J`9SIYp_#vri_cmVW8@{LvGH$jweOc3;K#7RTn0O+Xb>emL5{x||w
zPtd!0+L)_2>RYd<A?`lO<a#W=VQ=Gs<HYLvsL}VpDxHCauZqG3WK*W{)0&@t>@Y2&
zpX!{%c4t^Jd%#Z-AI~?gTptb6kS^BV7J3}<1Hm<T;kXrQY|JVGipO<;vn2}6#-PsX
zg#y*=S4~*B1e*|Yl^N<LPzjE_l&IKs!ZmOsClD9Sp`)g(oFIRIO`0vJSV!2q%-4lV
zeWBkB8Ln1Jp_NvymL|UeS8m(KDy$Tf#iWw3b?26QOZE~Is`+W`?uvus3aXpNp~J2H
z;Rlj5a#qaBF2680Z+MwTe9vMI=nN?;)%$%C{G=y=dy7^o&nWzPxglY@qE`Vi&BUeJ
zU8PgS`z>Y{NZP7<pT@uH041WihmYM<d_&RcBnWzx6l!x#pU+!k)F+0j!v3`$fu0T*
z-IdV$OpgOF|LF00|DilJRu}cC^YQW@3iQcdNx|5N$W<pa4D}5L6!08=R9vk0V3u=N
zJuE>+V{?u_fGjy4e%KrAyme5$CH`sOIO*FX`RCqSg5{dZ(el9g?rDf9ChI6vsjDC1
zgQxI1U<oToAMUzR7p~lDS+F383+yOOHw!|5qSIi;-(DUF%l}QfL^Ei0zJLG$5Pd`f
z`GD5RVgRi|2$CI>lYjCO=ZZ)f=79TFAmoPwK5i94cz*x@000a3xLd--)OUvtX&%rj
zta2%qEy_oX0d0WkeM;b53`AT?(iZV!r)e%oP?y80NIW1!eul31;j8@?*^yQol4yJi
zA|Fz27kWo01Ctj3h2+{p$xEcF*QyJ3D`D!ua*4$ik<V~;h~OA8ZnW~LuO*?4P??qb
z4-^(*E-JuBq&uWI>Y0M(xpr3shInjxS0$ekiFvs2P@`Wo5t>Ye<*{;e#?+~+4YpI*
zaXm;$mHZPFls<yNA&s;qi)O%o<)QI~t$~{cJUP-vkEktAxAG-s(3d0(k?HY0Fk!0n
zO_dw)B9I;@uK41P;eD%CQbIPFY%+9sS-;@y&uJP^<w1QLu5bZ^A{$zP%!m|WZ|uce
zz1W@>pJ?&$MA()f(Gt05!-BYm%r+UN8aOg3NAiH|?+9T&Ecl^=XW}z1;y`}?6qX)d
zJYiJk2u>e%`rG7lz1rpPrxps$UCJzt*uc^A!VGT7>08V~ETVJiavkuO|FP1W#vL@l
zANuVF2XBN?U()`BkZt#MrI#>&I2oBn09qu9Vo(M1)XjjF3XZhJXa3b(af#m)^Tjwk
zoVo0=Z;%q#NI%pjR-yPXLF_8bPewMpRT5o!_Kp78E)ko)%QlfVVgLJCclW8sAQ60p
zOR9z;l+RVSH{WkBQ~jlmP}yGx_|%9Rh4#dw-mDF1x*g_w2{uhwLu1CS!`8~x;ay2#
z3k{0k$}JI<9POtAB0N%K$d~PE3_+B26yD3DgV1tdDp=&OFaQ7m0000009O$fZG-_s
zCXRawpq2YVBv?|%SkeFp>f@-hR543K_tZ~?JHcGeibo8MV<*CJvwtFUG4-?FeB*-~
zBSrkeJTv1&pf+H}_p@)(&W&b&z98qA!bk|sF)$^JNh$mloiPAOH+(E{LMSJqZsPL@
zHCg_vc-!=TT($Y-AI&7BFj2^9V__^88F<AYFM;xmg{x)alE*?kPf}LjD23S7YT8-X
zC%5bLd$0juT^|)$0<U0>y8)TPxkj_3q83?;9haQmj2l)an4zdBMw4^AsN^v#|5aEz
zqS@sYhjE!iu(UInV*+`gEIbl_?%XP5R7ovZrEpg1?a-%$m%(E((pIY;5&L~Lu`BvC
z7&d&lLV;I(;w(34n*x+Yr9*zi0||31h_3E;kwb76q}kZ(Qh&ocn-HV$$to|ig(msZ
z5lXb>wE(mjrkV&2#K@&!Sv~ZlFKGGY(E(1iUHV%LScV)sFH2z=Pg+OV^-PdB{ZE=6
z4@F2T$I5i?ee%@glTj<?mZI8=S~ABqUKOJQNHEa%Y4Cqs-I7}7GZ~Z8rU}RbTVe$E
zC}`k|UHkR67nhLW^5S0gKO=fcIUtDOhKMvy2#e{(EDxoGk%pR+8|#_c$XU2=A6%+-
zKGGk0r{(DMH<kM!6xdU*<Gfc9ixv=d1Bkd5@JWcslo9~y^o1mb@I)EHKZaWHP28p4
zF`c0h2?YQE00000001^>dxpUy-{F4^uh0z{9)RV)%iFO#(dcZs+`t$e5`eyno=PlY
zF_iCmD#x9;ycqXr*^t6$c!SBg+f0Kl8@AFx%vCmhKfFA^f!F128CAI&sJS6uRgwnf
zs;u!1Sp1R05ItcR{5tuAJ4}ahS^|%kqb%0&KxzZRz<J!}>qZRLSUdEkVT39aGLneq
zcq=ZEv~nsTfOTY7=8ANM%wQ)ewHhf5?4F4JrLkVZ?t?D%gh7H-p(oTNGng)io+Xce
zn~ZWz0clCP1Z#H%q0MtIdos%9nE+h(2D(T1uQs$Hyv++)>ox=TcGmuY{$iW!eQ!iS
zDWB9-%tWFkwBc)M>huuU=u{sl9C!?%CGxJZFDHDzHiv3uXF_97nWliBCS(Z0Y9$3D
zUxjA$MYlrkxDm=t$z3(CJ?FOL;o$9W1;t|MUo9(@LNUmdLyZ+@A9Jef=K+`9uu!rm
z9#K^l+1P(gRWn+;FL=IwMMF(%B|YdrAh-tVo&Qic{Bj{_P|zWNn&><2OpQ~DG+1nm
z_cxJ8)xQQPjhjD1I*?BLHKey?ivPy%!Cs%M`+=YBS~R>kh0o*mkBGCv&k`JZ-9zYO
zrUk?8{Q)GbUu?)3Oh)v!gzz8AK#wMKW)oyCq|!I2vF?%B^Y?@F8mtFBRjCg_^~zp5
z8(`vxwIS8%O#TE5q&eoFc_^0;qf!ez_pThuQ~&?~0y?-z08lIeRv=}PfeTv;Z4^(7
zVzf>YaMakIpjj_X9Q}_{@*dFpfUM!4s6YKC8_=K+tu^Ss(%YIXHA<Zi&&q)|U@cua
z+Q3gn6OA1O5WpEojAz;`!UFfP6{)sPRV8wALO#{FvZx`k5~22dy5&Ja4_oN`AzBSX
zaQ!p}owJw5G*0HkuKrBfX+A54F0Qpd>i+*C!1!MuB~;}FTp5*;BIp16k#?>&wp1u>
z6o)08VmyZT1e0<xiQlv&PAR%4kkgnwPpzUftm@DOLo+;cE0r9AgL93kj&`F3`G;S8
z8`rt6yLOuN6#>%+mf3$D@*0T`vMb*pSP;^amAM2f@*PrQyS?fZB2<kdh5O=4nt`g~
z_>gLORa!8?5)wtD4Py0+sLSry0@4OXpPkFw5EIC{@Our_C1?oQov*5tPDWXMyuQe_
zM?QH@<+T26x@?oEaJX%IPfSWBi9T04zs1)kfO__72Sfnb;#*qJ-9^i&TFUBt^HeGG
zIYNBXyhd0wb|=t%nxkFW^~~Sff@k4}iMRE)H&U3i^2XX^PHw#fj!V{>#8nFoib~L<
zo7=oB?KJ^OC#5{WXlumkRwt=fI_qO!%-BJ$0<Gp>{rY+%`JVw|D$XsN^9yOZ&#5AX
z`l$rhBl>o8k&oa20000003e(4O40&aKE`rm1Lbq^TdJgy?hqjK2gYb6y&%8}${Qkq
zc|fZKSXufU{kvnsFyny$G8x(`=>m;q8wz45Yc=Fo02;1sMUWy^;1nOHH`6a!zJCYZ
z8s#*7cup8AnOM<*sKm%ZYJluq@1)N?xAn7OG>YD6JQ4c{Y`G^f>?dMu6bQg7zL_vn
zE+#$dcA&y0;?;pcY@c)}dUv7-6P^K^_nI`!J!B}x3Vc3X88PRkl>1OeLhWw)!{e6&
zZlF+g_Q(=t3ta~$Fgru^?YEgMozJ7kD{LY-0B8o}ToCW7e6WzI^;jqY<SWi|Tv_s~
zyM>FahqgNoQ(lfD(j)dYxW=$494I`fu+<m0b~kY^ox-6}MU%qJb(O|2HN%CzVE>1b
zOC3vPd({H`R(q8F_<aETx?2Xz?~SZ)jG&9_xm&mAG`iw=E!j~CrtKd0Ga>nSIckI2
zTb&SX9RlJ}7uHML&tG<D*i519@hecv?j)zz#<9ATMEw~B^daW>^$vNkL)R7K`J$lt
zLi%)?zf{t8=yDvIO)3n^*}xlb(O)86NJ_A_V4c9`54dC@?q*ca{IzF{v=UZkhd2NL
z26xVjp8yK611B67wDNG3Km%Zp10p<9WWwtsh=A>D(^u}q+Moac0GygR0<v8koRcQT
zru$*)vhEn@z6Qny1Dd{dZyD19)J~UGn<(+cJ@bSB*t=BI-g0MM)*89-Z#}p44&vkC
zJ*>_KhcuZ1u9pQY`uqX~EDy#aua;gBs178Et#Cw}r%5>f5imL4y+dATF-h-MOY}C*
znlBRrx@;9Tl?33~F!1|F0YCMWDJgRZAW$0^O0Td-=poOKC$Cl~&TVEyYdl2jMlO1u
z_G<@2Hs`v)m%R1=wP2=7GB)!I+2UNZa(KB})QBfBct5jwvL&LFa9uMu<Z;PvtAg>#
z(zjDkK7kxjvd*5fCx3)LuF0m<gJgKS54#v;rF2iMer%_uq%n*9&)_O%um>KQKTCji
z)_Hf%Eu-C9X(;Yrzx35l7_k7l!z|)f5jv;IsbRz8OX+TDy5^b^E-Rjhvc1G0pv+fc
zV#k~(G9CSz(cdfu5`YUQ>`&M5EBW<K@~}y_c2xr`>B%mICsWkuNQ;0S58G&NhK3k!
zRaV@~xA+A%^e)z#QFCJlTk9f*(RwqiVB!InfI{Ntn!&<7bJb!Q8-?V$j-sGLG4BjQ
zPe{xF-^hVb01kz{YAUx+t}Z{w0qe8JG?8X{;GD*QYSmEq<GBQdJG<Gg<*u)w*r5ae
z(JwWA$dvflV}*4VrwdLiPp(~%z>f65UNSe%474y$36j~`dXi`8@IS1r&mMybjTLgU
zv-+r3sE;v-M>ES0R<13E0Ka;JCj<{fdARu1tw!$h!iTc;cDf_Fs$Q8Qq6)W<vWHUu
zt<_Xz5?vk%Omoq|dDt6((?|dmzW@SRg-m{41Gzr%17t;xW42PxU=d!xkaO-=yIij(
zE!K_U$1uAW3-h8SSNd!76xFk38sd@Ts|o^XTr}z{g_@*NJ}>-xGN{#Q8W;F;#pfdG
zaZEq6riobN8CK9@X<nG#t>@$-t)0d%iq9;aySi0F7sE5)P6n+;>b^5UMzEsk(P+N2
z8NzEpCg7pL!bL#cu>iqJfATaOmtDC2_?kOa(Qhd3N3yy%q*Fd(EX?Q>iUS~o@tl8o
zOFS=mMN978nS}{sR~MXhdF;wnk?qyB9FJ)=Sqpqz1yDf52pMOfDht<g9yCAz0eRpL
zIrpr#A`h%Dpa4uw<EW?*%zMKR43aAnY1SCy#_8ErW~q|QJ*7b?Q^E9z#}RTc`t?$a
zt+7m$NQg#M2PhxxQ=~BpFhBT~UM%(d@0N0MqAH@r9D&QLl(!#Ykq<jDz|HNM*BgLq
zrYU*=14pxJqV_3=x*8)AF%6^-snaEuwnh@2C@b>zx(nr<XPGNbYcB1Y<LXjwllGVk
zz9~PaNDHZ6>J;8t>UOx>OUY%QNanpf9LXYJMj(564c6aX1g6SZn7{fpIOmdkdNIDo
z%X7l(0fNzo>=PS6&s|w!dEW2(FaUe%bzRA4d@-r(CE$*AX;`L%RDPoBxal-Vfj->(
zepONU+{)NMl_?OKTaPwxGdTlnBH@+4-IC|vCCxYdIfaUCk2=#Gagel%zS9A%E@w}C
zZ!Eb4uzfYIic17}%e_#4bh?5ca%Mn~ze3HxlNL;LBmq_C$ljs2g&8E=Hm7Z;WU9=6
zga4ZEx!*QI%+oE1_;BOL%wRemR2nA*vKDdN{+TK(n%YBld5;d3+_e0y<3<Q?UW}<V
z(Pp<IKseJ6;eG%{)l^1b{)@rO7CkVm#4`m(Px%MmyAUUk00yjpCTUWDfPe=(qHcf3
z?XRP8(YW~0lnV=X|M7z<uyA}IWQo^pTY@BV3|I62aKps}$J&2@ZVpgJAOeq%>C`ig
z^x?d_66<{{MF$^RdP8|oje*Rsd*)muZIQ62-sV<GYT8<|tJ5YCAkyFeG4MOg)MJWX
zSagXdT&MHdM1BoTfY~*AZy3Qt|8JOVCU^D=22Ep=Vlw!k&}dAK%?`g(+iGwD9Qnj6
zc(*wjpbU{^O5ul7k;jLO___$!{97TV?By6hL6Y?`h<?Amt2-t7b!F5@9tI!9E|e{h
zLxM&wH<EkcZ*!~k`4+oDw=SFxXf3|mFrdbY+(y3hoRRxoD9ckI7$L6j)zr1Aw;2e=
zLolfArypiU0ne<;o>`a|QO;$KHZQp{8gZ~dQvHeUey!som9yjyF_r+*r<Q`VQ=$0;
zp03IC{|Cg#nhO%pc50TtNR4AjO?Kn|I~i&X`EMy<PvI7^lL`-3#SUkr$X2rJ`HTUx
z(X?&JJ&2?5TATp@447#1+8_>f7H^19svf3^sQvQPC>+)a5DQBt2>d}2isLdY&p57e
z1MCt}V=KznL*Z~;c;#!UEFV!13jCdOw1~hG#AadG+-UMjsYyD#2&qj{Rs(U@4g0Kh
zIl^@>u%+#+o&uU;R|Vz~h%vRyJFd?}qa!R<f&V76|9EGr%&2loaKnMRg$<|OiekIO
zG)ha_r4mfJK*E*!CNBqa*PE*LLmc-k0PIkFeXA-oxA@MysamO<RuWj@zNzttOAr76
z0A!8FAM)X5$g*s>GQOd5i$bgVWrHO*Wu?z%zI$PKMu9@Hjh(UW1h_~4^_S1`J=H3N
zJm`JCLMU<eW}eo$mK?z_8o7O=!`afSpx*<d!Q_lMbY_re4oHV$sJ<ZBqA;l=)3?xK
z*ia3K8nHqVt7(6=TngYTfwar2i&~g71ws)XCYLdfL<e<k{eVyKy}v)gzHdhqK&&|p
z<8e3|5U8Cg+btFFs=Z;IQx_ul)l$P?pq*fI&dU=PV!BXKF`!@Ahyj*)2Z6o|09f&N
z^mzaP00O(x?591-%N3CEz4vCUg;;}?A4_Vu2ABgiNY-m4et_@&z*rd-Xiytm!Qd$a
z6P>X0ftBQTJu5t%@*}*!(1CG32JGk=Pb}gDKSt(hm$B>jZ_>t(xJRY_B12x=*1*~Y
z@53<@S19AR^*Qf_pK^3>t%vOn=Y#R@BHu}p(H_h%DZieFfZ8M@9fJ?<M~Hf!J;;r&
zWDV9?hZt(o;K7A5ISZ70!?Xh!Ol^|`%9=TtSLccLilm{jtTH)@5C8(v0S7+isqJDC
zc>dWA_u+Vsuvg_mz0VP)F5{0ofKeO!WI5JR8R&g;Uzdg*O}qukrr5XI_B^)|K991A
zOhSi(0xCs19J9N3LJCZk{?J=@oAJXqcUX0#u&9s4*h-Lsyvuos;NpcO1P-S7#?3EL
zle}NovD2$S(j=^kI`0jMLVyyFME;y<-6*duj?)v?>S16d0L&jwk@U})vp9|<HcrY<
z@G9I{lSewtJVO-iq}5=Lx)yU<`G^!~swU?b>`B5824$cT@0Jl?wtmEv?n)ftTp${D
zlO%uzv<hjcjt%)upFc#^`%{21J%AI)Pd68wB*Dy_?&oCWTWbASo6heE->JP>tD}in
z=<~ntUB}kH<jx)<K>B@5t%B>n5XhbaL-H|`!v00@Fx9`#sr)4$8W_G(8`J=K3d{EQ
z?rB`Sn8KoaPEPZ5W2uJ)cz<`5(WNTW;G*9^@p7}??2}&P2weRagNYK0XFcCNo74sh
z{QyZSvyVT!k5`D4sq-z9TeAG|!H!ud@q3lVwr=uJUh_bh6;6NxeC0FH|H(h#EoXRB
z2rw)@F4=asA%SGonbs>!(OA(<&$jcb*!hu|BH+w|bLOId92zWFG4nLlqO}gXo5M3_
zTlNP9kMd26DunIPTW+FynF!%aWwJ`FG-3i@#wT_@oW?*}VBizI1T+D8l{H5!PBFi+
zALAFRYl!`=Vym|U;Dg?O)`^%*h85R*EcEa)ygEQ6mS*+p3)g+v&P$3T`|7$sI_M<$
z%7K|c+?TF0YUREM!!mu#di?VQQByic00E!;3}0>mK*rXPz>j;d9<)%tKnVuL4KeQI
zvtKnQ$fH!cG2Dy^zW)2O=fKH{u^z5a>DW9+$TqZz!}GVgzV#XlTY4Qp8^jG{@8IGg
zGx3cA<pPx3#2{#P;hy5w21?CBcG@}iHNIm(K~BzHVP3ZMqgj4cqg)qYPBk%#;Wlmb
zOM@7uQ8*yyBGf<ZzI1RyE`<OVJj_t&>Hv!mh>>y#P@Y_d0QB%lW<vR*tJvt0MWM$1
zKoh{0=mUlBwi#cg`F2}@v<#D|7MIX3qvY@Y)%>g17Xb@Zs?|)cgU(Onvz;>EO6MET
z7on<QQoCVnG2K^eA$9s!j_%9G--+>Fx?{}t;Synl25DrMgl;0@CBS7XoZ&^Q4>ag)
z4~EYW6<VI;Aw7<zroHDvfE`r|&N?bBR9hP&|3Fvc6<tdUV-$bw!~nM-Tk{@O+pEo@
zo*{MN*uEi3zhKdwgOsXYIvyyC_#N3WRPWWe8hdZ;U=8UeTZ#;Y7U@FLVTjGVP}3$0
zZV}a9ut4>J%B_FDB=Q=zt%Ca$?U~?}#Axu@=6HMMnQSv+M#6+{oLE1K1PAK3f)<7=
z%g-N7oR<dTvLsC4IE<o}%Li$rsi5@OZzqOESTd!QJze$!4u$UHWa*l8KU8*L0-$CZ
zKY1OE=@r0r0>3rJP2Y#8vOoX}T~tPq*1AeZO6g!@2x$)_1~&i^{AC4F+f03VKKEgl
zYTyxRZP|{i|EcEz!`)ZhWI-Tp;UeCm9_{r|CuKay-z*zm&;;)=xxHdu?|P(|n5A2U
zvu5G|j=o=CU;P<*#jD!aV}~;ZSai55h_N73kXWW;Db+PaJUF%8QYnTw+|aHhWl0ZQ
zF<VC2+gyX!tU<d~-=M^{V)z^j;^m>B_J`zkg|FSnWVrU*a=2GCY&~lJ+LtY0Z)EWd
zpd*jpg9!G?6Km3!2qXosIZW{fg|Jm+w=9>H%upffhi76HO4fC;-)gYCpq@Wn{1rGr
zKB&?@8>Wbhu{Ki5-4Jr;-e&Mpmbm@*8NGc^HhXiQ9SMV=utq*M&2oh%79X`vI5I-)
zpI8UdJiO}ErWY7a*4<#8l{3IWTV?Lcf2u{@*xt+i+&?Mj?jpJbm_S69;9?Wk2EFo9
zbIY5chFE7bz*IXZ0y1!gNN6u}IgYxOt&gRQ(M{AD*vg&e{opVw&9r+qlkM0cW+(I`
z-N}kg9|XvzVshQiT}I3lCqnJ52@(+alj}w#U&l;LVz3-Vs>gX8r+6ks2f7sS;uf_{
zR5mSQ<N&<jW`z=d%Z_!i(qSPGZLFi|WO9lbO6=Q|`O4eR0x0Eoei<>psR|62Ng6(P
zyFu&gWD!8EXbNH;$S*%~hoX4mWFqyn8&euKmT-etlYT%rY__cu9(6IGC7>30Mq}Fs
zu2o0*FRui6T!nck+sq}5ng291{VH00{Pu?!z|C~ic5RmcIe2YFysy*i3$;^x=yZ=<
z945shklnMZCeUknoasah5y8i=jwv7j3p54C9nuaJI3o2<=O_W+KPOXiM*6cZl!wg<
zfFP?>_E#1aXzaySAZKlNIh>Uybne%xKg3dJK(U^KRTnW<cmJ(6sL|4v_xsOV;?8=&
z=rVxW)xfvsILFW;JNF>SwkF*a!>9AMU8d5}&mey?&LYCHMeo3;v)~qD-s-_rX89fs
z{w&FsD$L#5TPV0AxQ-4A|89l&if9rje?>2pDPq;n##dS+VFet203Ok@=r!tXfxwP3
zY`1$9+Y|OAFVg+gSxU(yRYaxDJ-ZXbV~^_LFs+s~+_Rovy*aESW<@mzVns1ud9RGU
zO_zML4?9loj?Ls>)+{owxB;MVku+mG2!p^BQ_gb-6^`pw20uXJD^jTLG_rBe9c|(P
z6uZmMJ0D(CEt0cp?lc>xT?0ND6vPF*FFTKY{}G>kX*&z+mxn%&Fv<+vQ~?{WQ=o#}
zHNu2vddQw5MR?K{w1L#P#)PO(xYO5UK3fyV;!<i>5AI-$f(wW!|J5%qgN(5RBBH5m
z_|D-drPd3TEsLKWlq;<$cIi3vDju;uo<qEcIdYNn)tKY_biSGAF_60~r}X%u5pzwP
zP@ic$IWVQb(jAlD-_g~RYq(Olh$}+g#-x$p&1#Drt9Ua=I4h*1PDt#VQwgAAaHZ`;
zd-u354B<SX3d@nmhQZ^u`sL(hW;E+<Tc30?1_@<IStCrnxGNeSoej1vt`Kw27JgZt
zV}8p(sa?j1ZcgiyaQ)|v;+SIb`r&}QFK8WKv%ED&R8x<@oF!sVbt3;+@{$`RphgIh
zf+$U-Bh%r=p%qOhS}Wg3cTk(Sq8GuzbZ6rK1kRZ=$@HR5*C(Y82N(YhWX~8NAA67)
zWOw~k-8G?@JJ^R#4zZ>SaX?n_EU*Js>8!O;zu*yJLX;SqWtX^-u^p5$$H!4fH@Gn~
z_x@pH|Lm2F1tj|7zT$r0<bI^%_Q)iS2^=*q!cr+`zBYsL-;Pie2ZUpBcV0PCOiYc{
zvKqo~PgwG5-hpVV^t0uPi9#G|5kPs1Y4Oz820Omr0ppqSk6t!KVoD%C+4M8(skYrB
z`nH1{A3sA_dh>N&$7TAIz?C#`e-!=?<u+z`6Czb?1~`<>os!)9=$G(Hk;O;0W5iT;
zD0JlqGHXfdGM$R$H>9p}Cb3_|^qL^M<?+deBU9pR)2>=ezZ6SM-v7n8m-vnjo-+o*
zSk;jI1VrD?X#quN4wa-po{r_m_gB(=Jb3eJACiF>e)|8a&03wKJW&ZAhi%9i`aSu=
zJMLC=Ct4L}5S}1MW}GYqT-bvO^|AUxbAeZqN~eAu@w)aHl<T|gPrWEe$UmPfD~-6(
z)MJXr!S--6dCmxQH@JUqf1I_}dKvsuQzmH~fMNgu00a9hMJhqgRQgM5m=Ky$T3BNA
z8;vW;4UxQN^Hr1;Z)0O$TPRrQh_q3B$Z*^kc?}?#n+1|7fHICoX*1aZZ2g*kPOeMw
z6YB~Xeeiq>+i5cVWz(#!VEyY~7Zko{X+a!}=RkEWxEJhk*!02Bu4lOmY=@(okkqDc
zC;UTGrQ7nUNkERy>DVwN?-eDC)6MnwfJG6e;j<iE+@l#*r2WhaL|_5@oqjIG8{0c#
zUg;IbyYxzIKpxC+=V4<X;s^*3T&Lvko*E+v)Qsdn39RjP!WAZ1-!e;`!#P>|YVD`l
zq_*dAMaF<e?epv}=ek>@7TL!uKbQ=h5A}!J!1tBWv{X0VfH#|G<LjX@?6AUeno7_?
z66optj{e^o#DAVTECupPa(8DO%m0kVPPUESPYa<v`%8WR;3&anPQ<Tu&8i4Xa*(>f
zFKN;wpxICG9_W=#P=AuDRrY~T3lie?MN6zfvRB}iGzmiN8oLe0maXTyX;f=|=);6@
zAl4&eks8Dxnbo~bM4fhtpB03#vBux~Zb(4W$>$Lhhdcsa6=s_FJ4<A*)2jP`8r>U}
zoXT_SXPsR7CE4><jb66TgEBmawwv)F$tZ@6esh0c+KA6d8B0@eFr?l~1&qg;n)iJ6
z190m+cxHu=5S-AXn~jaL!%3rPdHfZwdPw<OLA28Ila>$>VBIyYDNFg?Y`PGDeHNaR
zugsr3mSSg{9dpNi_oQ-A&m=+_pA?J<E?1}mN@d@YE7K8f070f_2)XuJGFcr(p7aRH
zc=oT?6+kl?^5uQ=;tXzdF4gZIX(wRB1^f5wbJ-?H2AykNtgfP+kUcM+)<eG3|E0nH
zw8%N4YDdY=6s{!Y>DMxES4arTcu-xFO;&Q1=%y|Qe`Tgm`uW;XXxggqA-`ZoJut<g
zc|lhIVDNu&90`j_C>q#$K{F<LG-Q<4;G9jQinPz^nRdYGfkQ<G2^06)TIQwNCK;#7
zgPJL62jt*vFbxXjqV$D~L(Xt;PDPt0P*lctoU5oN@|7TJJ|F-bjS-GQyEzxV41z$L
zzCUfmcmN4*9}XMZ<rizDsA;CuLv`U(a8^P5@t%ynsU~UL^G}+6Yksdk2`*@6YYvTy
z^~uN4{8V8Ylv9Z%=WH2edcdbty?Fvw-87q~NQUK)Bzce5Kyq;Ws`D)m0meY1g=L-Y
zMJlYlwN<`1kK!QhCH^NQ<fV+B$YNe)1=|bZ<e-xkuU-2g8XUAM{@W>0ItMvv5)<|r
zFeY`?!;kI!brs>A@Yb~HXsMP^^4et@MvG%2p^MA(WqYN@ePbU%m&{oWng;)@jjS>i
z)QT3aRr!@Bdtzjk9p0}--&(ph??Fe+hA`{}7xS`dEVs;RSyB%Au4%(JCABv&N%Q!y
z<M$2GoJJHiT~qj`wYc$J%eO{PcOLWMlt{dg07xokp=xo9N(Ga%%Y3CXH~TSn!h)4H
z8wMsaDJ_jK;@`*ZShZ(tQTC(|4x6(>3eoNYPAM6=QV*tqg6Z@MAZ3O|RH{dedRj|I
zhF!o@zq*stxffn8ghq^&6DL+yBs1so0m(QB4+Qhr(wvmDaXAsZmt><b92%T8Z+E!A
zI~SlHO?$7RT<p#3bo2~bYg}ja+hFa<p{UYSOv`g3qA=1|_CXmAN8w@hVeWGO!?v&@
z$G*QW^$V8kK;+A<N(MPXOayU?8Msx$T8yL*$%{nTHzw-$MN|%B^)?M@DL<muEqv9T
zr_L1wD$Kh3F2d9=<(udg!K92Ao(9c8gQ0Yn7{dNAs(@V9&vm2MIxgHLn_g<>Nu!&E
zfi_oYy308;yIk&}W9(n}-S)9|Wiy5iY{h<K=Gp@PpK?cDQ?=HXo|jc_0@e<RF<epe
zrhXN|Y@V|N_*a{Cs$;8qXur?axsK`i2)m}aquQ1vS7ihJX@b3$fW|LV2DG>B^PyUe
zhUPhG0|zpc$LEO{9IMuU><w_@L0weI)~;2_)T?;l@rc!FPkJFk+_xbZse~{Lx4LP}
z>l@9S^P)ME<b+VYnH?W3Zj}28)OLEdN*xMvNFDuAw+uB?-|KF>4BVnBRtQdKM{Y^6
zBZATI=aTJ3!>}7c0cCE~Oa|<GqpWnC7Hk`t9iVji{&`y{g+9FUcid~caJFnm*G0pI
z7`~f|JM=4UPuspDk{dVEQ9V=m0FhZ=*Q1egv`w0IHe;;0NYQ-!+vg>2>OprC;a<ad
z%2XZbQba(u7=Hj8=MVfohXTDE_Sn7~S?SZx=Mf1@bC5fTauQeyDB|=~NKPa@1ao1+
zjMs3nyC5Bo^Nq?pRC;9%_7{yS?<5`GgA!zE(B~=-z9Z;ABW>gjj8Smk1UWe|v?0~c
zV%!RKP@W@LnkAy|<iPm)v~s!iJ0KIXilZ;OgEHArAvM|BEnqba&L5PYK-Peg=^H(e
zhgY`zL@}u0urs<MGtiqsazdPn#lpUfr@|VL%v?Dcf9)w!p8K(UTf;B<RL<hxAgp9f
z2k!kSKc|g0TF$!;0gz7n2V`@ER^dh^<%YObAR`b`>TUJ}&l_`~*kK8HrtAPa1KBQx
zvFU#4`|iO4G(FL^r2usbm8i5~jPQ`dFT?5k2Pu#AwXDuUA)BM_PzRmV->?jlLWGaR
z{dc}B!N#zVsOmDDVV@CC$3EA<7A+F{fm5|O=RqHt<fc4Ms(Ea3Kg*xkzKel=;Pedx
zb@H1Jbzu8u3_OLuYtMl^hTvE6s~0z4BAYw!@O9G#t>XW4&Sx1iOq38_(hk-WtiX7D
zPN4TNmjYI<Xzw=a4~hT)00^5X)^1o6lR*ApgTLnk=OASB_%udm^5Lb!lg*m6xjpxg
zq)WK8<8iV{k9&DJ<aHiZ_LwUL=e?z9gS*OW2$)24g^#`J(d2slKO5E{mAp=5mBm&v
z!8RU=?y+A173N^wZfP!zk9{oh4jo20y%O6`R{2jkCq;W$&YO}y!WQMah2V%WFpaB+
z$x=d(s0!gz_FOCO>Ufav|1v*a8)=N}JS(SPmCQ*#%b2+rfqF$Yw*1j=%I>ufZpv=#
z%D_HzY+@mU_E#MI!MxZMy!tpL2~a|+s{_7g!72~APmksH#nTpLgihvR@EF+kZx-j^
zQ-<?$KnLtac4+X-2p_Zm=-}%>6=*WkC7T+O`KwNwzR3w1;p2vwySN5XcC!da#lOX!
z`H)e=JTD*Kt=c#76V0fCXH;%Hm^y4PBZw(=>Ch(T+p0_d&;)6wI12v;Rj?JH9LouO
zobg#UDOHO0-p%tY4zIT3r-b%AB}NKreeKZ_?nd^wOjPnV+*ddvPqLEvh6StHSVz9)
zaw1zGX7rv5pEEKW5|nA-mfAE*dF&O4Nlb{)Sj0ixc_}mQmG}I_5k;4uj0B3o=q1I`
z>ogXx3Pg~cAUOUrg&R=mhnYl_;-CO@PbLY!IR=Fo?htr>#izm}(DhU*Y!rj$flW%Y
z^*6Bsq@16_QR8p;j*g3r(+U56a@Z85$&hY8`mQw-4=kD%yt88pdHHojd0tsC4>Jox
z1In!@33rmEGh+9PcX~6GmO|P(#J~@8iAVzWt!$0aai?=FyF3cMh*KpnX%vjDD|!o8
zLby^56Vw;ztrXu223{zf>TNj^wr9|}*H?ROYF6}T`q=G=r!m}5QKQRzz$!h<Hm^0o
zORh;#_1Tl|r>i1oMoUs2uSucO&$`78><nIY8qq{5E5nfBV(R4~Vf6)zyEP+{_tk2n
zjwfj0RZIXcW~J?*9^a$M`*GF|(QvWT_|cPU=i&4N5da2*4&e59)B^3N@%OpJTx}!K
zEZv7Tj}qv?!0NMJbUoJM7<VhR6B>s`z9Sov(>!(cOyR#NJLdY*)fOh=-IR(D^KRW^
z@RB1{UqEeboX^r^NLK+0*46t5dmEomeAv0I>0cU6Gegk&KxDPrs$We5`<kiH+>9e5
zStum2<4^Jp2BaXL0lJtZh;f1Qtr`@|Z*t+a96A$udBxtZ)AY=U^w|SqT4O(o3(vU*
zhjIzTwti~ky5nzbHt8jy20nVDR4d{Mkv*om3<Fo!qmgW3a(rswPfYm3T(pQa%T|o2
znESz@`+S>FPbz67A&!<oXb<qF$(FZmB<)-3=5>hSCHuN9@)^p=RyMH#b&Cz-xBeXi
z$*!@8{vQ2gbJaCYl9BxAHF=HuU_=Bwg55S);pYz+id#gs8(VHK0^@sG0BmdkG!%Au
zIv^g`CrThU{Hg`KZnkNpU^^^i11E_hx6$6)v~G(O?2ny#KfdKD7H;xHb}S4op!7OM
zdnf+zhUTfxf)IhS*C9eFrrGhnrc5?F_U&~9$s8=xiV9=V=WYwDL;q(T+no3_Q{P0w
zcb7BTJ`V@>cbRE+q(>9vBUk4Lyr>Q`n=u0Fu+Y5#WawlF$GELEbGQydGkO(axk{)9
zAPP7QG_8*_n<<NXjese=EKd12Q0z-`V8BF?N~<ou;Xo;M1Tr^hx^_N?{ey(wz=zou
z5rZLH#ovQ6e&Qnps*Wq<phu=Ay3IW|;K0KuH0EkLvIa0%U8>*a$NgO4sXh;t>Hm8P
zm6v;iKH%)wh<!LD^RQ2oY&wDU;frUo10vly*Aa5qipL%(`*~nLGb<HToNpWZF0b74
z%vRautdwVXw`dBYW4Xq+A(E15gS22#PxXatYm*PSQbo}em_c9nyB62?TEJuy5Z(=W
zOHZ6S{sq8zQBUVgjffOB1=6v~|4Z`Uii8pWxY$4+_x>w@U64P9+knadh350CPPb)f
z6}lAXh`2!Mjh5@rwrI;!G16l5RnEkfg*U~J4aboUwup`h1svFmd*;tgBqqzo*Xi_L
z>zhYnk;Xo^p{>z`mq;QbugA~=*fPu-Aw`8?`g4|9%;T5wQ#Jqq2eZvH0<|Ys;W|ld
zOB1n!PswKM2oS1prh428DM!cB&S_?W*{t4jDzPuuzzP^4Sqg=su@Ft)X%BAE_ojAy
zBgb+Sgq`u<`7=qL#q^?;c8k3=AsY<Ce6#%MrJMd2Y;1SJq(}pw%0+~~m(5?(%CA?`
zS65*;!0L_vqnPqA^C$KAP$4-%7A8vf&dC`6qdbEJA)2KBCU0nK_q?Bu9HN}c<CIsT
zG<bC4Vm$nYqJnMvbgF8>eN*`?=c|=f8uEahEPzEk`A3T0iHGb)Q;(3W7Y%_GuPyID
z;#(NH5tK+LEMsY@Q_aazEzp|4f>Fx5)G`53j`bgQxMPVe_dA<%Y!uLxmkYI)sx3EN
z*J<+silOBQrm&gP3EFjjxlaqiA7$)QtA3PL<9I(-SkZ&Y{FanxO%|?9W@@t1V5G@M
z9rbz5QH{Wnv;@>QjsZpz9j0Cps4}`!Jf+#VkQ0i37SLz`3D9Fq966)_r@`IuX+IEy
zsW`H9BeNa5mhk90OV6PW$vGwGoq<^y99^FsiM3rR*U{)q>I64c63D*aSKFW;0-uq-
z6F`lBy~$bUmSc>GzgTJFjt9gm<Mh0esYOkT6j_<Fnb~!ywAbCNMOnFcn-THDX%zT@
zX7eMh0y#*!{Fag#@gDu#d0o4Yiw4C`eSK#wgzCO8aVILn@o<r&n<GxKtzV$O@%<Y#
z)=_jd!I5%J_>;peJtQ)A+NtwA)md`32ulM~*GKs)bZx-Q!s#&QEA<2r(7(TB;j-2+
zg41r2R!*7ig%6NxR50%Y9(ZCM84qV8|4z-vnkS&aK;&x+c~0ySgBf-P_evGg^cp0Z
zGS#`r5h`MQlS=DaT^zF>0`h@A6{dzWs&i;05wS;}Nx}~qNmIdR^AU|PNLWZrpg9d-
z-*|dE+!Pq%CT0cIK)jub77KBxwgBvW9@F@n04ql>Oz2ib|FCt8)Fjq_;x)Zw+C*14
z;1rArqIexDEayDWmGza<)6_jP{;8H=i29N&U`pZ=H6yy+K}<{%JfG{(#ceRF64l^l
z-4gHPgq5zwz}<7`A^eIshMDYs2XmC|pUl22u`P_F*Ny=yVx>!s2r-x+;fTVAepB{)
z8CH!)UEh&fX}<;3RNsK!cC7FqmL!(RMxKPLEAXP*<yZao>Q4jyFzT^qV5JXES1jkY
z_lv&fVBg`q)X5quF@NsJBco%tXfh6aJ4$Qcr?^bpp{y%5tncSQ3n@+w%}g8!UScX`
zy!0#MObH1V<;+CNz<Y?brIK5i&|E9DU(M-<d4L8HQ|SBL8m1y<h1PQjl}Pkk8{kXm
zM=Cft!QEc<xVjgNN0X32h2l|>8*g?jrq(K|NXjS(_RW_oVH?4O1bXJ3uN1X~x5i5w
z>j>$uO>pE<K2BKUPLVR{Jz{0S3hS`Z0(K9$bGqlD7r?2#jpnKuE#Cb24KizpYKfJg
zKMGJ`$&N*>i8f9aM2qQ_cm43+p!5VmTWivbONTbxW9UD2KP<^b_|kKyrB;)ZIF4S+
zG%v39$>skGH0*O~>fio^4xhF;SYna?5^hz}*;(ey=Zh|ym>yLB<|b^@g!`fqX<w;k
zM_=5$bKh2Af<F}Y@C>#?x8KGrXCbn=h~xrW$Fkdkhkt9OM*y7UusJ}%ej09zR@qH;
ztwSZbH#b<jUwn-h_MpBT8Lh}as*c!C_Tex1z3;wuQg=q7NSo%cBy3xAk5F^P%Ga)p
z*5_n#*EGmr$O>H~z98tN3pYrYi*^Uqg}3l=2p|w{63&zR%~{_hY%pCf&uB`^KQ))~
zI;xz_Lv8J}{mkHCzIq&5al0|V@$%?Dk07ZxZ*U_;wKw8{JwZ;cb8cC9ZNmJbdoUt)
zYa{BodAZ5K?qGPg$$OCq)PzSG$;x#*Kh}`tV8RYWw!G}3=g0>L^Eo=X%l2Yq7T)Cu
zg7f(lhCI8>>sSq#i~?s%?I`mB+kjc>_mo?43CquQe_0)r^4m8B0r|8jbKwsGY>rgl
zHe<E<4du`Q27-*yfObmy6vFj{oN&>Ozb6yeEuDAacNSim{5Zae7WIP&18ocg6Mpq2
zcbq&*aEc9mV)mwS($J%B<5EDj5y$`!*=&e0@^|rC3aywh#8rtqTb@md+b9)YAk0QS
z9TK|Bc%1t~)rLX?@!5y%G0{6wN_VPElo|D?Lyf=6hbdPz^7xg;0avV&!nlWENGZOh
z^huxOOgmt@ZT@E(3xT1aB#`PmZ)H1QbW<?K{g;=|MiE%w7IBt{q<oa7FXM`liI_Mj
z7z4l?vj99m!@qX64=)(KvB{={X&Mz|I=NA}^#okw{%LBB!0qUV97H#N2;cb)jnpbz
zkAC$_KN<L-gqpm&KxBN^9?z#>b=4QRWZppFhDiZAGWFXu$~~d&wz5RACh{Bu=YA89
zIX+>|4^#JhGnL5dW3V)!vqYe4wcPo0%=b=i!N=Ic*ghO!_f|^Y)ZLmNi{>vA7#^Vu
z!dQIX@t(Gt|6RC5T~Nq7ZUWAvwjFwolG*I|SLM-iEm+uC3|wP{5L~9PQ_FCJ)GK@M
zdIl-HJm0Ddpvgi7$1pSBoX8~I%{!#h0KZN%Xmi`BQ>DWW_4Hb{-i^-dtL$EbvQm_f
zNS6uCQwK;_!kc}|Y?JZbSt1Vs-;N`vaLX2iuKz`f?hsrXMc_QI(YDa%*ZqMWj!F&o
z6Q9qEEuc(i#&@Wo<Q-4z1AH&;%&xsFIZyO(QRzfIOu4Ok<lRCk6sPBp@Jwp@61DZk
zn5?@>+EA5F;c)S#s_t``$RO5MjlT(Q2cy;I)8-&rDqA$@nec<te<nq0YESZE#9Hgz
zUe9VrP%O{oMAy@?CTk?jzM}u5n>D@Mo=rCTz+#|u!p{Gt+du#|!-NncNYF-9^wn8_
zC2PPa`jmo18a8ssPbHxx!CKlER>iHkwn#)_WpM;{tbSek17S0@UNY|nuE`lJ2GAa<
z{H6zKDLI+0)SXqYO8Y!>D-mz$%EebA(B?O1B*_<E_3ax*rlF$rSVR08LbY85g+MWJ
z3`3yTXzm@SDv@e#`ED=nC@e#@JAFOwAYg}#8xJ6p6KuSpB0g6^{xZi%<wO+?GniYM
z>nQ{McAfNOtA_X^#^Ydu<6~XIEjPh>IuuSJ(B`{7xrVw;%!jIXiSfo4C7iTpJjLIG
zsUe|k;KoYUX@oVLRFQ9Bx75h3=>cq(?#!Ob&<ZWI8_Sh$z|!Y^1}zva%*Wq+$P&TE
z<YV-wdfi(L94P6E_2);F(en$h5FGqZS?J+rSIQF;+5ys$gIar7!EbemgV?$MP{l)Z
z@-oyA#_|Cri&c#`4CWxFb#p8APrMJsNX>7FS<)+6rgUL+-@VPe_UEuD;sS5=l|CO>
zouA%{aM-ZSpo%;e+1rRCq@$e=;;PaY!g3CmFQS;+X%>omJ&%R#D|&6Fq0Gk=YP1{o
z>0J4*Hk&6_7#V;53BwaNeI~Wc5;vBah4O9p5LU`&cs>yVLnZFVTmuaiVW=Qb&biDr
zPoUv<0rZ=sXsc*i0I7{MRqO(cXF@U2zcRx*5vs^Ez4;ipUZU{Pb{;LK6Z_^+3zNWM
zLKYslR0b4%V%X5Yx}lmSm+BmbO(Vt5$s%JTW7&VI4?tp`i77ybJsh7jPq1rg`xO;V
zdfux~x6I63J)MzIds!yw<6_4tmk(oJud$wZ1ax_q#N4tn;|U9fBtmf9w2O81<=89a
zUk7bjbstRy+<tcI78o-FM!lOqd!+weI=-6U{PHQnfWEW%D{%pkCtf_Q{0mjL8`hnE
zgB<AA6Jqr;%6CrD6Zy-GDG}^NCoblkyIgmLwvw96S=bes+grTlRmDF5GL1yIQji-x
zT)-9lw0?30`I^Bra;e6$-1;%eUNVK`PcS92Y7w4QT;9~iKS}ul$;6R00=+2yze>GJ
z7NSe3We&z~u|<navsX-c_9rt+xzpb`lC-Vu2X++e5O)b@uLvvj{gyr(_shH^<@r!f
z4%nP17(~6;w?ZBLVssyyQE^)^l*N26S))@K%GskyK<>=ktEf5)GJBi83$Kuk_f(N>
zptiNzg+D4SUc}!~Gwfev+*{iZg#qhIyZ+0m?}9{qdM^&YN*{@BM+PK^-AX|rlKuFu
z?*4-NMH7nSCCL++a}eMK^3W}biuXmEC(^%(_?ciT(&?~^Y#HK;$wwmXgZv7}SxQWR
zgcItcWy<7^aslZcjJ-ArXw4d5c=>+6AC=rl^)Zp%@wUErh*OEBxtc{Up_1cN&IBg~
z&0&|;O?9^rHXJ#bSPg5|sdaFO)UtltwBKu}A-JFQ*Kut)9$cc)sek|)v9vOLp;dg-
zKAC_EEq!y`J&#XuBQ%OAxh3z+p;<wiC5HpiYC7UP`V?qWdyU~(tH~o?{a6SX>6;8K
zUUG)9SH(k55?mQVEOdg>_e4@OXTlc0wHcWKt7(X<Q*nzJUBv+nhGY|hI2`Xtr=vZP
z2;+))(!gE5cxN~t+e-DquCVK@Mw9J+zCF@{wHaplA&avWz0uQ9irV#N5Vc6D%ikRH
zc3s?SOUZ6V2JZi4M|v<Sc_B{gu#ZXxvqlauzito?bU;SJBm;Bo?r?}(8mFb*LT;fE
z3MzG1r&QxPwtwMHwN|}sE^%*aO&bCnWf!cdd7jA8p`rAZNP6WFmH#?5^pb^Z&<>Za
zmjEFr{$QAv%x(E;;CN;-ME2sj4v*bNe~YHOjhWE>WcaKmsO86OGB<FL^7W%o1<;)g
zj|T5w$Pr#vqS_v3J)0X1yuqTRNsX`D`ha{_E0Ke?j`p>vsSG7mtPa3MqIp?2ZkAh4
z)rFcr0ifYpbo|k5>djtyN~(SIIa5;FImo;^<@am5Ul2yjCOZTXfGn-IunIKhXU+PC
zH;wuC8HD?QRexL48}q)E_mr{z+MOX5I$z&=FL*v+FoEeA`!gb18xPw(Pkwc*5VeX3
zK$5yhv``KKY^HEFIy~>3|NX-vJ%%4(-IlQzxOMn&!y}N(V|Lzjp~=;=E6iiy-KJpm
z-KKtzKLR5&0nCuvF9m)eJI=gCvKW&zZGPeAg`P_wV55dQkr!l85<DSRs1Y2Xw&J}K
zi~Xp;05NMxrTS7fvdv>yfb)${|KJ_pKtc478RGETDtAtvdV)>HdRFVyKm0We3g55*
zu|f}*4=QiC=InN3Hb{NG^t$EjeRbB_fdvYB0{S<CL~Xq|T*Np^FBclk`Y%Cr&_ynK
zKusEGM87&D4PZxslDyI5bRp9>r{nR7daWQcMG+-)O{PP*CbZGaSvcs`g0ps!fJSi}
z%IH6-qB!n14x4bh!5*bq$~t?162D!yP0Zc#cwRu)S>)w`@Yz?L;W}%TwY@ydr#9HR
zw4_}FyY0D$X$_dNn-2aP=UhXFTrt`auNxHPEO@DSNTkVP6!a849g3`fXXmm6_A_co
zom4y+dq*C8v8T+^N;hb6x}}j3<>;`)c9TRjFL2h`fP!Ck31`7`cIelOQ-pJ?&^XR(
zW#33_2bwN*=C(<Qx?&SJue!Hb7R<7p(T{;h1Kn<Qq;Uy1dW@)(%3M_~cGQ-s9vLuL
zNzp15o<`Ik!^+flfl#|#8-m+nZA_Mk;07}v;(aepPU*K*onmupU<K2%Yn^G}#QhIo
zFa$dW+6$?%qSQ)E=Km=FqZ=r<?fkA!#wJ-GQTOAqxe>xo3wQB=4NJ63aRRO|7*t8o
z@lDS=1}d-C!{%Wa95x8C+<BS8QE9<W9#CXS!3axqC`Q`Yfd-tB(Ya97C^ahLp*=m8
z)o%ZKY(0h9BiAK77;ed0fMZVSr$(?f5$Bb-p!z7VqQ8*{QDbu}`ZYrp04N$qUwOZ#
zn4_$alDrZT$y!5thtvE)xqxg9lod7tqzH&~7x+Qhz^AITGq;K(N6Fq@X%@e@#n`qY
zXsT1*sgOyIL~?>CxfZZbYHcVmMb*S27@LmKVXT8OHF+Re2)#*6d*0KJ_;ISujQbfP
zoPk~O;%}u-MSo&AS(ia-d3R*s2f)CcHeALq@C%g@eg!$<*wdmAF`Ox{s5-zcQd7sM
z=Xt;hdo1SW3I^Co@W8Gt1J3%Eyxl}c#By8TvRzmcQ~|f21A5Wb!9-s5|90^z2cqcS
zSf}n2fY($Zh8~%?z-vMpidl!Z<+&xRmemNb?TU`fUyCR~oKP@m>xt$-BGA9Mbnl=w
z)Gi`)UPH;!OKyXPoNn4av1I<jcPf>4E7|$ohZo!IJ)b0?+eUN*@PA%Y@tcl{L)AQ)
z^`A&ZA9fZBoQhrj_*&8nh*6x5DN4h{fL3>^=M7`ccN|UyerYef<(+Pi<)y;RfJ;#J
z{ezq?iDcs{N#tSUOI4}N6)m`VyWC+PKSR_eIc@)W(5rWdiFdeN@<|+PQo3uV$&J$U
zvwE?TnH}4<{bdZUW3G!f2_|D&Wt1@MWY(J(tYe8yRtCg1f7lRs5CpxTu_BjFT0xs1
zyYmY_zPal)8ZK3`Con|L<C8zWC3wGlAq+W&ZWw0n#nTH3l3gwL$Zym((CcQjA*g;`
zFo10p?REBR*2C=$j;;qpYvuwJweei)J3_a5O*Hfu8Y?m(M;z~}e^Fi@3CWP;o>Dz<
zJaRsOCA>W(x*4-Tu*=YH3P~H$PCAOPz6S-^mF*wWE1}$bho5%H28<{$r6s+JlGO(R
z{c%)HjLcBaSY3DYU+$w-XgI_V<?Y+zimv=cYgYMYyYuwZwQ%(-fvr%-VpVBXtx{Xa
zif?KQqt_L5XyN2mZio|GHkV#If(`b;p`XQ9(~{g^QfMQy(pRMauuNlGtq<Gv+<X}d
zkgx>i8u|-PO)~t9z=<uQ$1M=zdhLaih0L#c=}Vfe;^}6M=ZGd)kpC<2$l51}7Zb9e
zgN4^g!Z3Hneg>x=LYJ{D_^6BwgnPR?m9)mkgcR>dgm5ge!P{`wh;c`_4EktS3=Ee2
z<FQ^H@!$Pjy@DaNoEo@jAnoeWPiXbC_2&J~P3kZmyS+~)X#9s2|7X5Cu{XPpNsc#v
z4liIhrt!hP?hQKkUKi|Ggcgc3zYPCD#iNJza@X`#hmGM|vNEAXP#0;NRf;zcx>lak
zj7>*|_yba>iwQu@B}SWSA*tl9!xUTkivKST1v7^%pa)3UX$9@QY~E&6G|$i}B*kaS
zLWMTbeH&qUXX*W_PWmhbui?r$rZiJzy&@e0#V@w>cy?AcNj^$H4PnYH^qv8m-%r#v
zDUwEF_>+lSDu3iD46?K(SGz<YF>r7wuWO&4Cp70!sfp-%MyJ^tCmbGHvgAz3S~;=w
zj<yk%x2?@f+UFvK1U1d|v?_d%4hmHZ-YVKg()_{i@`;#_Mlvl!0AUIQcq|v;gozmE
zI`Abpq|rwfjYBS|Z<XCK0I`;w373m;hoKI^>}6cqZ6(A!oQULh__?y1D<AasT9FI>
z`*_EoB&j=_(?_8mPWRwW^LtRqAd)15=f=I_u4-D(0M4aq#G&a{QA=*!5A6Wo4D$d`
zBOW#}q^`EA%3PmyzwuC_3UJZ2R;>8EAs5nwSOL21woJi5r#W{x4}4?h{(<!Yc64sV
z3>*thavs54h9ka{lL-wue!i767Og)YLh3dm4q_i%#*cAbniOhODho|?=)k!V;a^o@
zN{so~P$Rt<VKH6A&8}=4wHD!vas&N&1?KuPg)H89QqXIlZHCcl8TsR<VeeeaTcRXU
zgxfp<@~bws^>Y(-)RM<}=kD}XHw59#QZ_yLnZ*dnQ#*x2Uv7jT)wM66*R&0w5lWwJ
zkmlM?u;%Ri#BuS4&QtWjov<w}0BT&EZJ)SLg?S%*;lNwX1FV(QJ5Z``roGeLlh$d@
zMYGzdW<yeUgx8>_4&k*WbwUZYQPj>r#Zsfd3ao*G8xssG9p1yPEo1?cO%&jPLG|F!
z3gNe#)XpBVi<ocGY~yFh|NYBaEt9e`;g-pB7;T+`Xj8hQmmoqlFoKb++N_DJIT4<f
zh60)T|9*7@b_`Jaccb7n4+4%>){rSE<ZQHO%$H2$Hfw0LY#7pwiz>#CU-0v7%gcuT
zVAfEyA`d>3F`YY5nO8{bNi`CF6*IN?68%0BYL9!uv+hP`76yPX?gKv(1sd~o@Nybx
zuWo0MsUvNsIMH>Y2uFF`Y9buMHQ+X%NJ7V2--{r@?qpem=jD1sUyI|#{^I%s7}KGY
zeVnhvA>O&~AK?P%EZu+>b+PDj9KKdWvwb5Y&nk<dE^?T~#+AqK0C7M`O@6QKB)Al9
zaMawfO4ef$Wvgner~WNfN0whP8{Wt;K-Y1B*?l<&pIR<shDYeaHw%fIN{3l%Q12}k
z=B~s9Jh;CmX0D$#y@}+xhs~7INrJ(b`z=`!x^{u6OuwdU<6Z91?@3Hi6!m@EOD2si
zcc+?dSYANiHsHWN5<1!sug}-Z(kv~!v6u7IW{Gj#X>rSzGr9R?VA#B?`&NIPHh8S%
zvy6XiPNO2(QY!x|ryMqw{0QVX#0WAwk;^RI+}7;`)L5~jko-5;v-7+x+0W7RO92^n
z<B>$J@A8)%oxSnEzn>(EI&rn!y5mQDqGE5uIj6^s-A>%Uw|oG@=oJ$@BEwiiWzy*@
zgboi)tdL)SAjuy{@(S+<T~PfE6!gHprF+y`v~B3KziT_XpnY}Lp7xJXeCP7}u$cU7
zC0DosgCzT!+(^+uoCR}3x}h{kRvh32?<BC6PYyTnwE}k*)N!yu4COEn=~)4p0ry`8
ziUt3^$M(44D=~KN>fB6Bl-rQ#)GY<*u9a`)=F32efd?0~>AaWO-mJX)TRoMOHD<u0
zDL#dZNJW`PbPE)ysD3;KE*`(3_%yRZ7w_*qTWF$;y}1Xs*)AZRpS{^3;xztyup=m=
zi~MyxWTMAa2_8aCx>)P?Nx7C8E-Jr#g$%nU|2cJ`2ff98R(Ux0=J<aNXqND>&&kCN
z-&Br-^DN-1K?7<nT;Y#PV&UUAKx-&X8|WTh`*_L~YQ0mEB`NsVqhpj66Fc)~Z#SC3
z>YX@d|5dimES<!8ZpFPmKBi`xL&4(XG6ZnyLIySk@laHVg5&{AiX`Flc+vrNOLPEB
zXJP)(2l1|&-9^U;B+v)3KX6L+W&)HUzaN%uk3)Hr980(ysh9Sg#6_DGXS|MQ_rw6!
z6ir&0sMsE#-u8)jCuW(?$&x78nL%Ugo;NPb3GkB~=al$ux|Gti%Zb78E}^2hS8RM$
z$j08UTW=9_a1cFJRr8Lz?i_@}>ihxh5sT&e6%=0&+3QZnQswLnoMP-Bkc1d<X`&8g
zt5U@P5yZx^{h`WkQMF%;wWpWOZUk+PLg5;E7KefaiFjh9ihtA1aCE#*_RO&Xadn!!
z&D8=OGNQo~jXL9#1G88ZGsHKZR`k%ZF0%>46=x_+r)dDhFc!WM5Y!p+#IP;q{o&kb
zL>_mmyW9PwMuG?6=(t0dzAiJjY9M0I264lYRY?Y6e;Frf!80~_V{B!2sMcD?U~V9Q
zu3B-kcO*EiuzEvhmJ^0UoGH(V_#oIDIJKzxYQO-5f7)kA3IhH`;zV3hXaJC&6rqGQ
zfFr@!5mH{9{+;rSD!lR=@er95yTzy!twy^&2&Z)DJ$?}0v~KB_nc{<SRh^qt;BdCA
zWoqs}SY1|==n%DXhnNw{eo1=Wh+XAjpVd4v`a*j2%n1xegi@9t#s6J{(><^}ir3#j
zRoan24g8GiPyjB_8>}Og597x1Kr28M)KwR+3stYs!6zaKr07;EHC!e$b)5If)(x<w
zthWe#VN+a!QYD_LslO9wLOJbZL-ZH?8pm1$@F*#qd$H98!*oX{1u1>uVKgN3g10zQ
zKSZ@1iD9J@#S2$R*Fv}_qI+}3nkoJc6#!5LpQ5xz41o3ij~TUJ$2+$0R3|>Nr9+hs
zBJ2s{)?;;t`n*u=4=>TTv|)+RDk6*H5mtf%GVY%XMBjHC=;cQh``1CJP-gdqlb0S%
z|7wym<{*&1<zg0$;xcdiOij5^laVGU6qV#+Ynr!C@U|6a`yxgG)Di?~gYk~;>~4Yl
z!}BN+YgfTB8oL<5nuUE<m0n!?CHI4?#+X$<&s%J_?aQpJ4{z7+dY^|;N_+ciQ$n`e
zR6L`-!QH<6_JFPLQMBBPo?EWs@hrH<J9qFADqD+SHW@0^kGlW9z@55?tFHi$6z&Aq
z@(=lx^QIa@>RZE@xIjX#MCPMb@2H<S{CUJ>SaapG6}t);eem?l{61|uCe><yuJOBQ
zwUWIeub5dbk+2Tl9Q~r6q=1xC@B4-UW@k74%Q0eS8N*d<1OY+eG9^sSYvn)y2P-fZ
z6)Zu$2zCHXFOou|wGH@2UQQ;kW-I|30UZh@fpa)tPKYE|ss}V~1j_I?DD8997HGn2
zO!EEXVX9LbF_Re9Ap~ZRsLyP;J|OLnkx60d(n`uYvR}s1Gclm_s1nq;lI@pI2gIO_
zv@MkBb~5KDc_VPsc(cd*!mv7IPSbsSTS|6rm++x_`M$?MCFj}!YDPQ>$rDM{^qwK$
z$GmwDgz5%9msCZSjl18lE%S2{kuBS}uC$VF%OwO&8`+XQAv9I0=%Q0#-Ofmdwih|W
zlzPMWP7?Iu-q|>tlb7IM`+`w=HF19417a!AK$)VIEv5J&4Bqjo^!v|Py2}RKAG}yE
zN!+GfT0~(x?9SZwzSFV|wUHmGE^IsxiQj^ka}rHz5O`^|c4=)6dUA^&XVHt-Zj63l
zUjgCbd1VQZt7YN$w6lw&?U6q13Sec)&P4ds9vRrg`1?k<Av}hLFsYR6rk<)396Mr=
zx9+2?_?~{(3^h=VV#3Je4rWg24=+*g5;@oiCSh)Pp(H+%Du~otz{>UFOt1jb0_#Fg
z=j%U?&>UW0UID08N8IP~lO`eT>(PT374W?Yp^;@C9Qde9ISj~OpU#kqW~4fF35<BB
zglnv&F3_T6@}W*^L4Q)aEB3tC1(z|yh8JagiU<DYK@u5(M6-DqVGOW1GL}!DE<1|s
z|GuH4&TzaN2ps`D^Ms+eO!7Vfx$y;jFRfmVqW1sTxfSQ4Sj~c_nNhX;IR8umzx1xS
zX7_zCt&T`ne?*xdNVe=Civ}1hH~ld@sq=3>1tY!ZKZ|@$kmqJGT+9f>#Im(9=QtPT
zo4$tA!HAbVtu2U@I$%}rEexW95qYjDJSP5yPXZcl2|p5mutZ`N*+#}sJq5WG{o6zb
zV=frs8-m76VUxW-TYYfDQOPB9ABK`z^^caWj1s{N&wt&YBH2NxwRunD0fB+ib~2v=
z+|$2El*8j<-R<stuEpjBd%eRIJwoPOj0xYU^KnA|tt0+Kp(E^xtb>=<w-n9$%SIE}
zaD6*@jUp-z$he@T`VLC#m}`E15vfMjynAHD!EVrn84<;4F{n==6CXUbgh;13(;N9T
z|0Go`bF4@p$h;s&VV}F>^J%Li(7P^Gb#X0ZGI~XLtw1u^d(LVUmeJy1z|*eGa^g!%
zKf>%aYHOrt!rx7&lnMV97(m+e4aHx0&lJOt0t@-a3x}S0`OIC5jjusLMw9eaQ17o(
z@%}}SxP6@foks13sfG3^_{`QpU#?1_;e2`dK^H*Ne)}c^yrs`d;`jm$SU88~f6;x0
zAyLsieF{i+ZE{9HcarZPW?;SljIPWj&-e6_>nDWS0CqkLZ2bqjo?J|i8&h{TLw@U!
z0dK=xiP%EyWFmP4<L|BrEq1=GWV4(qt-lA6roSbR%5)XcQZLmrIlomGuyvI4Alu0w
z2>DYtQ?hQ4kdK?R5tLBq(F}4NTRKv+uk8ma3DeRibd2M`xf{d8V^<<SBMmngyg_bn
zv@Y_ED#P)RM;{pd7GnPWv)6wlPycg36*e`e-}YenfdW=iHGrm<Q_OcH@w|!{vlz^D
z0JZ63yHV`VAt1zt*$%@-3iS{CrNdA*(&t-V9-fhpctJt~(epj9?z>@}-m}I7&vqcN
z3aXHmQ$l-!m|1D35RU!MdzSS2imRy0$mfc*ZL!gS$}_<KGa!DAQ}m5Ltv+vS(%p~K
zl<9-GDWR<UWy-xcFbZUAQPDgd169i*lxRTO{TL|ceePOIN#ufO$gkerkYHLVe})+v
z2F3)S;M_<i+vK}_m-ucP5gxLQ0*(_}YA>O4hn~3~9uTe223lN@|Du0IwCg4SQ|u*1
zAnm5(r;BnwVct8Mz-UNDAVA;~F_}Dkp3k8qhd2qcIM)cr42vTR4JG`)D#nA1%{$CU
zZ{UrV&^!R-AF$qbA73Bx_D-7ltydXN`Adn{eVs}52en+~XG#DvhnSLiVkF4^oKN0q
z3p)<vf69kO2#~w0m4{G}wf>hb&9<+NpQgl{a3)8kkZ@c_nDCTFUb(I3)i!U>&f8H_
z*daigB;zFs1(%dmlOiw!{&JU7^$To!kojy><>_UczTa`6C5flOo3(w!!eHaV3$9LV
z6EG^JB!#AEraFbgink)6h-Y!wKt=ew1+Og?IXic%GBd>bmZbx~0N9jeP~|9>Nhs)}
zB#C^f{OcVATu=K;NmIo3?^+L@&nefmR;7_sWd^m18AGSA*RTA^RhKNSWQa3zBX{X_
z)JcLq3dBl6N*)uwTh(;g4lR)%U{sba7gZ^<^}Ie1^i4i2mSG-RWh%=#J`X+xp{UD5
zIHWkJc!|t(OV20(L!|_>B~OrcpH`50U$dz=01Sh~xHsnO41S$UjDdO}OW>B6uXP$a
zOHA-3f>*T$RR!7|>`0{A5>;;D0M~!nuf)0`^h&cGLMTOt>Q>#$>R@^3)h*aV{sX?R
zGn<dWT8lr`6^97pz&j5S?$lJ_<7as@{rq=jPr#59(X-FTTkTT`pjd^_&|3Yl{<eH*
zuFPAWA#@0<slyRuZd3~4@umagQ5*A@nhi*G*nquMkLTTqAf1kjOm4HktBq=*5EL|t
zmqslmE0eNMi&u}AKbSZz$y8^?Xy=Avg-s}@kxNgL-;_qUKDYl`$X4n1@E2v{e?G>~
zNFzit77tT)9`%8{iC<soyoN7nwc!TFn~wolzt8D+Ib-QxYK!mo`p{a$2%ou=J`Ok)
zlr}w^>|mU-vtjfhD<+0T=M_4NxHMwj=9mXl8ou9+gVV@h9Bvxu(MdJk3I$qrE;xn5
zrlg@xwbyTaoI(dU_~%SX#Ga*EiD*i#VVpXnTv#k~2U>T1E&z_9%@R)<$Fuoz<hxRq
zYM$Y`g<gh>9jXWss&1*v>_3?Nw-D+{5_@G*erZONocEo9c`q_>G)+Hk7x7c*l#;?|
zV+77{6JBENlA<|>-qcZNOF*>t+iJ?gqFSi&oPE(M!vmm}Aq5~2X5H>{3)U?etc|R)
zZuX&8Z8Z&)*tJ8qUR$dz)6<sH^+a+sRkj=Nm#lZYx_&!N3=L$T{cPwa2E{U{U6`Ev
z94wBbN!Q{+iuDK<Z8J-K@0XiYtd4mNNI#S2w%#Ha1KCF}G8oJ?2S?qHsN1-P03<?U
zJ)#zg&I{iwh1fD%%f9ZRyzb?|`jUVNX<<DYAmlMT<rbL8?d4E4&3`b+hRAEaZNYv-
zN5#E1x2fuTvg6A(=I=K>mr<6Oz?O|J#)T#JK@SN-@OEf!zip>{O#fXF3h{9w=B{hz
z8waLEU*@h-G*uzgNzUT?FE4)J{&rprvy|UCq;aPX+QmLLG6y6$uiL!slk#SEbIK?B
z`(CbUnR5#vhs^Qu83qN}lo)=T@o{!_LXtL2m4!YaOAc^dCMB-ZX@wC8Ts8-<IChuR
zxd!foWvA(pj|%pq{!qFdJVbE1{{I5!u^3}y9=kAqyVdG;U%zHIFi)voaCY!`8qjhG
zA0Ow;2o)>XJ`j7y9uW>nG!9Fu4GCXkb^%^ouKXW)v#utXW){J8%IBi(alj<9uYrhm
zi3+^qr{cq0bFE_9FE!$~@qV4ChPM|6S7+jAGiC(#@s07gdKI4c<@B6q*22SU6yt&-
zes4x*6xoQLKwuG-zPh~bq}H{y=-Za;?3C{cKpv(al;D}Jvs0$l>bR}5@Cq=82Mi;<
z)woi=2C9;1ibfp>A~^IQW^yarlb&H$C<t{S9+IuOSBQC#s8npVKx)(`lV>=#Sl^5Y
z1LyZ$TdelUhQu}pM-kDFJ!_k4CJdc`IZggNCYNSaRqCy~ho>Kvs-~R+yZ4VfXqsb+
zPP2_qUVM{So1yvM#?`BK0x8=)S`8dyCDZ3GIhzxUCZ><rOHPRF%p$N|p5=@|+!xX1
zl`qoJRdP$n6#x>-!X|c)23QoAOEbutA^wn$b=>?=5jolQVf8Ryr6f1N09F~#lMhCk
z7@ESr(McW!KqO)xghXTiaNFU?0xD5BLvbo6=Xjoec9gK*B$Y-%3*!wsNYxAt0{V_%
zK@}w1&zhtXSk#R26vX*wJMO)OOqS4aalM@w5WmD?;oEoeoL}l8QC1Xi^A;+ra52S)
z+Q;BD6@BPB;|*3Y2RPc18zTh*hYId^hl2P&3ew(9K$@gYDRt#B;1W#S<rRi}R@-HJ
zY;GEdhbb+V4;bZ_cu>)0my^d>Q>z9%H3eG5D$!0K;MkQ!fpV@YVVFoBabNd<WOI%T
zMg*7YKxyBeo~aiwZ5gGIta@%~-Je^E7fOf}xBbiCrG~)!RV!AmJ@u1L#DIoaLLTw<
zkO&6?d19$WHAIyrLD|K3jdw4iO0Z+n6P=RP=#@ki*8T28Dquo?*InuG<yKan?RmiG
z3LzI$iUH@S16$O#Mgu@_3)OvnQqO6w`hx8PnxSbX>zgvX+1IxqCgn&>&ZB-uw=gxP
zx9DAFs4ZN6cdBQ>_%#)ADqM!_tq5pA9IJrYvF~{}&Nw>8G9;<F@Yms8kedOCLPyZe
zYYjrz6q9w%Q}b|#OfGOP&6dG}rmwDi6T)%m>O|)~-eMZ;0~b2lHLAqAKRxilaq_fH
zOMN!r$pfjJg~U3}UEIL6RM=I+TNH|NF=%$lkk<;HprD@RdUN6F9}9L~=*9Q5&J=EH
z^|L!QG#yLOS0$MaxOV%>*3fxv6x-N@g0C)xvWNteW|3r}XL;a{DpC6JMP`nn*j7_9
zFws`g{Q1mb1n)TitN>rwCOdd_crK?v5y;`D=nh16;<!)%0UH89WMx?;14{PDV4wk|
zD$FZ8to&fc^OZyXR$p9Gs$6eHV_YMy<e)w~229ypCKc?5@dzkV6L7wtLhi6F_<n3!
z0Bnddl<y>L7);k%Q{4Z<C6F+Zdhhxu`gEx(9vd9GW1UvRMCpzkSvG@Q5qoW?V3`i)
ztp(_i5ac9qpa%TUyDG!lTT+_EBn2W4uUmtWnua2DRSy_)uTuU=)u8H5&%?N3t)>%F
zUp_R@Ag$G`dVkNtb3;K29{iAi>$#fb7>9&tbQ*V)_i9!!%qZ$=pHpuY;g+?Qu^vbe
zFJxW$7FU-6b<lQDO>o9c;}QTvUZ8Od^Plk_;ifOE$IMc6%HH-&G)VI9<^b@faoni)
zaUq~+RhLu!zHZTUWk6$aa~~vl?1qQQ1way-R)*NoR||0q%!m6(Ju0T#nx~vt->b^L
z5|St^ihp{ozBHg;ScX3O)Tyd>fI>gB(!F_iH2AGA7U4@wsL%8IlMKCMU69H~sw!T8
z@?QSwk&;+@1P@HP&`5a)PI`NmP`i`K=K=$rh*O3yW|mBd<w5&sm@sG$;<F9jxuLSh
zF&Hz+W~MLdV$#RrT<bHlLWbR${)cOG2-T!e#JL@beL6Ke6%vyv8jqbLVFB*eW2P)1
z>5=%RlW9)@kC>UqDbCJ*X$Hie6mo-Xef*m)hCxUz;A{MUrZ`Yu)V}ORpe{CVIS6my
zcD8wL7!OZ928CX1i)T3tDgLHZNRi>8V?Sx$65@awzH6Bru!Omgg_TO6HZ9qQieU#N
z0s`@fk^w|OL-P{;Asr9Hil?J(vW2FbdHogJ6Cgh`ys!6#k)aH)M$4re{@+`SIJMb~
z*3waOF={w;@ap>%8AJjiae|A5kzHtTwZrMYkd*`&|G}=18QcyRpJjYHsi$eC)}|WE
zSCTP=4E@AsO9hv`pW^|v%#pPB@P5DmsY38X3L%iC1jr@*jeUt!Y`T3;8C>FEI{FVb
zzAxc2J)H7hY#MiD$!nPesU)m%uaoZN1lRYchKMRq8~t0pC^9oR$Jcd;4t;IY{p-7q
zBSnnc4<xp=?>(pr0nMA8;SD5Hr}vx9#%AEzo5R}!z2D2C;7FjimAg>oHwFS}SfeAL
z_NNKH!XDksJ|#)TJRQGnfWvv+=<>1>^JWV+>Zv-E07V&0xAj7p1Q}uOr61T$jud-^
zk(9;V6bE{dw4c4aR+$)6JY?iCN?hPQT;6uvjZh=)bBQ%-HN`5$tQS!n-HX+Zk#Bu$
zALa+NuoDUfx4G*}$|ODIo?Yno4%1me9QG^_c#oB4O4CkdKJ%0oBsGt&NKnHr$nuKU
z0(FzP#PtTa=y((mAmRgzuZAdBl7qPq-ysY^(;qUAKM9zh^^}T0Az>z1N?ElH>M(qz
z_a0tsKK<u$288b?%D{Zep~B^{N4-|V?0f5`yCULPZ2?}NAv|H8V=y8&N^KmL!zLig
zlCg2*gUl(|O@jnGIyLJghaGG)ov|E7E*@WD<5t8myz_g8%me`Rz(FWc>3{&!u(ROQ
zQP=^>D#Yep1Gu+GBVCgg818&g!aNYepfncjI%*4x>tFDPB<1yj8nC)NC_cI2_Z?g#
zoV$lAH+_VOLV!Z^XM1$0FV=+smI74&xW~SF&H8YHP7G(_Y%2Xr9@^mNb-CUL$CFHO
z>kRjDV8n%3-kuXTzaA$UU<ZT6k$|u{r$y3~><|o$N*4Ip?1XIFP*2Xwu?vt)t2mW%
z<ISOA<y|oUOPowbsPlUVP-FaeHa_=76>ou-MTG$hKQK4mb$UMJ`#ILkq*M3N{5YS5
zIAuvo7tSyH=r`@`&%YbBhv2{}e;%z5>{}aAfzWpwSysnKvcAFtuZ9I?EYWasa>TPL
z`@xPtER_N{p%Aw@gcKZzWlTTjG~f^BOan)Ba3%nMr$fnNp*d3e9~zxtbZ05XH7~L&
zhn)-<oBAwuTm>4-ksCw~`*K3BUNBaY4fBBr^zt~g*FrLFGp%DLma97!++=VGd}hRh
zVDKgMnr~j$z6txadB7vLVc(h!cGjKZ!aleTjmmd=KG16c`nHBuM*Co71Ke8(;XrI(
z@>#Dg`>u<6z)u8TTBslA@ni^e@(;`0sIE!GmSy4>^Hxy)*GSO=j8^w#$UCg!H-Ykg
z3(hJo=3_t*!^pFE=Vx4^ev^f^C&D^2hG%~g{z3XD>j{9vi(-L3DNr<{;BW$g!-Y_p
z5JQM7of`~GBCMD0WLc<>lV&_zf^@W_%zYRcx}S%i7qcPG)r!5km9PoeJMBYnUvl-B
zmqoV&o4EHv59*!}K9GzTt7013z*9G7^8Cff`al2xs@H69_#&wqFVaQ{fNg&q&GOD)
z?_3KQ4?+>uX~$g$_Y5zqYxA<gH-4qN2-<R#s9KQOdwfn_hBEryfF~G}xqd5iJ~#C&
ztq?t>K;?!1#rW6_wqfrbdo;(^acIheW1C)YfT6myRu>7fGx7L5Ct0{UasJ@5fh1*K
z9~MRFV|@}g48M6_CG^5&7EV_r|Ec|;u<x9)MVV<TKbazvcz+TP(QrO+n0Xf|V1;>l
z?~d=)&si2DN_5U6&i&DY@e)r+DAAkt?H##WP87xA{2gu;#_N`#h5LD=sKR>5KtQj@
z2{)Ev!&pFGs$@8DU3oX0XkzI4i|1XP=YX}0Ym)x)=>I80C=WX=pejl@l&R?NFmo#K
zTX!mRtH=n-0@1v(@6r9oFm1g@P*dch*NN*#>R^G5PRJGa^O#>t7a~pCgJOX?RXpO4
zX<B5D?bIoC-L&MWD0=pWCU}S+ZD3p-76B3JyDVfX4+M7KF=Ord;p-Dw?sGN$6L}t+
zi>f{p+Hz9Z8{a8+qUZZ)0PDzom>6-74J}ME_yq3!A6C6>QG6^aI#E>Z=_lCq07X7|
zS%&A`6zB&LJC}B?gn3L%jp8rcyGm8j360;++M#3e3t@v?Khq@3EJs0K23jzkgy)sd
zi!+~h#w=)Ij1n;RJYDp}c!y1mWG?YtLxIlcP3|U>$fh|9wwBXQLc$sXMY4$`$hpW0
zFnQz?W3tI#iw#%Q{|~GLie9j9)OIm#;>UuEI9S07UFLutGJugdhPcMbt-&<(048ZP
z00Edoy3@IJ^jZ@`VAUtu{tYPx;|uxhgf053vGC)8ag$<9_7KxxULg7(!(6oAl}aIf
zPLB>C5@J+<2Dd$ox87~hx?mCzq?8#5-q3{vR56k9O!6^T{5MrgpN>4Md6FG+V<P$L
zv6a0wYKA%z^N+eYp%NB2>v?q00BWUr9{k0D1}atGsA9vQje0ZCvB+slO4p}2XsVC&
zO##<fxBYvPShlb?=j$^Ug!$6XEHUhAX7@6{LFR1~vD@!3K_R(Y6LXbHUMbnWO!Wz9
zG>xM{m~8Pz49t-!Cxw_73fm%Kk(qi$TWfzdH@A_d`0a;DaA#5dVz}HXl$_iY*S5iv
z`aFX!Q_&$$PNH0Nx2Fkn*wlp@j^DyrlBu?b-fiR+W)eg$;M-HXZ~5*MlEmO+&pQQ+
zWpCFCt>j<ElZH~UQw)Y685V|!d2=L{!I>b#<P|V7Sd3*@z6(>53;Z}x3rf)bx^P71
z?6P1*9)#nM$F9OZ!Q#>#<AxwmTpFkQGB9WaVUB&5%&RijF4SMlbh~&>gC8tSrdX<}
zGPk~lK$h+j@KnlB1vrp|x<7zT1@ZYqd|1T8oCs_0Jmu@m-F!|~!c3CFF6z4@HCw^|
zS+9h+*rI~^mg%@}+5Z&4h)A36{x3*>3}|CF&(=cHCm9%oIx8~fE(k<gIy&XV#hWmJ
zvNxEH*V{0i=}!rab0|r-Xmw)})SH#Kc!*@!(hHcEOu-QK?j<V4{<1?kpvU#{a|HZ^
zGI3j;t_@yrD-NSCQO8Mk^?~IBCa(6xc+eE2Qy1%A=~sAf&&MoeVpIa>=cV)#o0C&&
zyWp~6#dJ^!t>eU;;X=2*XIL29?N2YSlfnh5H0>Qw#CG;T%@d^NQ^~5RRP{U{_%vxE
zU_3ZMJATwm6MJ7L&IO-;puw#+pa|Aa-niIEqRqQV|7hcQ;LsQ+e7r78IQj<8y=HW=
zb`O>eZYBk&8qdBy=BS4J%q~BwzGDg+M{DKCHUebKiJkoNx+xx&v6etOL+R#a0H)V%
zO@6j2<rbfAxR@Xm6`yA|I>D*t-ZPa#({&?{vQ`)7su&$}XwSCw9#VbI$Q>Tm^Wcf_
z?aUW1JdVh`!_5eKcaWQvLjG1f$%SR#t2TCisPMF2grHGcM^i5b-r`@(wlXl`yDo=(
zh~Sf-Dxu{d*NC4n<l9m|LPfKxw9pHRmp}^$uPXFmLx!eM<(R<i<sRe)<FpOcHu#cQ
zg2IH0FIqb2$aR+>w8K;QwwWiuTA)K`;`(=s-g*-4!sz+##cg#B9LP?tZgiZfAGBCF
zz;ItOHMF1cD>JYFU;tTfES0)5^aEja*TNrkANCHaW9rKc-sw97^1Tv9HtyN|@j@Z6
z9W7}!`NHF4c1UU~pH*+)KI-Y5jp>wdiClh?!pv4Il79(iOP_^Za*|Qnb3lNFkl|ps
z5=sXRSz(H)_}8#<C$Ph=T1Amnj0^K<-o1g_)DCNo_vgd*w$8<wXG)IyKG3jzh}o8a
z;U!(vmwjPaO7iZxA^R&IYKlmPe$FJ77xW_mIshM&=C@-3^K592(oe)T><s<w&Y6pQ
z@K?IGsN@-1JZcS%^_wE06kkenNep%s`7OAZ8}c#aK2@{^R=~5d({!(o@$f?mDmaA+
zv;k)kMEkN7dQZ+b=ZPQmLvgZ9<UIEn?>;z4dX2>tPK&jmToOp08f?OR+Lf#n-Nr^s
zsIb<9&l!h;M({Q}u+RZS@PuN`87HOwkLTKX`V7Df@;B31U>pv{7z3In_N8v8d*NMr
z+WvPd`TWUqqCBxW5p7m-_wCR{g!84&Hd9jWE4*s}to)(%>z0=Y^Hdok{u=D&<)cE@
zESg`{(k*_EM~7Z|4_eB&>y<S=;_m+x<A}pgBd6w+K<sw}3silvzpdT8DSPrQeEGlJ
z1RHO<S-4i7DD+~IW(~LW^p7^ZV1b~+67j$>bz71Lim%ib1bgC*MAKE!WXPg09lLz?
zs|&%_q-*{<FR0HFoJz0Yqq-b^<mf`LOItT+_gX<V<n?8NZYpPpuiS+kH!3r`lOxS<
z|AtYvb+iGgc)zAkUKJ&HL;gk&F>1MC03{n<GqgFxg@v8-YvqRyW*70g>+rIqd*dkk
z7CjGozNzIm<KlaMM4E;CBf)P>d*Fi}lG~zn*FsqRWisdLU*P;u$x>hXWz?1__*A2z
zqeeXy1Clg6W%hTM9;u9OS~K@iO#@S>hI+!mhI;lbgJ1Wo#x4Yop69>z|I`-(74lfw
z>{PSjQPS&-TTZ|7MMb&|i85>CNM0{WZlAi`!(*|xrP2eXT|^6+bkJ&`?xLLLNB3<K
zuj2;ON65KmzAZ>xlexfjFK(W81S#l9um)#n*Yj>d%cB{fgR-KA=PKi(#%NJaIbvfS
z<q%$GxQjB;1P7`9<x?DI{xXcT-C%|T(f0NyLV$tw8BJG(H$_zmAwt!?WhF{VLkebN
z*-->KU#U@l)WV=f?*OQmrK3{X1mwySWE#zalr*JpGU#?4&ZKa$)%siZ0VAR)M`Mm?
z@eSv^iT8Wf3pm?D8dJ}oz_o_x6uZv5h5=V99M$1gcsINP{P<e(FE*d*00n%zQZ7OA
zZbz!Ui{XZma7Y(lu4fLkel#AeJ}|`F*WF?J=@2ejiA&i_46f7bFic~Bz;MDuE6+eq
z6R|2sb7}6~==xah$DPVR!^0=Lv^IDV16E^_j|KN?WVF&K0o>+dKOB;|!k`?{Gm}`r
zVpM`W(L!O6wZpCWT8?O$R)I3nfBK-%>zdxH_xtm*`jJhC8!nwdhH6H`3ytRqO$<)=
zD}#x{Y>4C_uQN_;yvTM~GD2T%q!|*AsIm}h;7_)d5aUeNWv6iEkgy%bV#T2wtAriq
ze;WS1e*j;u=I~%Ee?!$%nj+<>8t|Or_?Kdj%}0e?MVP8q)V8j3+oXoz*n2qcknNSO
z8yq1Czp6F^|B7yDn&wvVcpyu#NP?J2McFmSn9#fX?Cb0h0zt3H>a;NjbDR$>9qS-n
zWd>|_|5p23NH(Y2Mb<s?feQ&&cvUm3@T`$@GJfvpQw@$*WwZqZ;v6>XG<0cu?v_hl
z=;3!(8IHVU4lH8Dg7;tHMIVJtWBWh!#+pN)bKw(Y1G_;O+xI~RKk&qtNy09acpPLt
zC(cy*$l?-ekey#wY==l<5oiILcJTFS!50ABE};h70-@sQi#g)t<%xxI7X9OK8F<;Z
zKkjTNlGGNEFit8tt0qKyy)GP94E+Rac(HEBUvtHwzjS`@gtpDX6MNuL;JNd;&Aq@E
z*qU(xbQLodD_O?ZgPv(iJs>VFZOHUMUzqn<@nw&bjO{#$FD?fqCeLGL?I9AiBUH7F
z)gO3@01n4wepW!H0mUD%Lzld2SEw;!0BN@6nY1bYIRR#(m(y9tqLQItR15RoBOE#)
zEmZ1#-Tw%9*1iWGT40bs!R_9x-M&vwQ!@payLk9HC&eaGv_QFl3W&$0!E6Jt?Zvz)
zu3G~qGY*E@yaisS;Y#RsWQ=3Ipg-rtnP~>D{*|_zq;aFIPYIjycGX$?E#86>agh9@
z5FryZl%BtGGyr}VbbREh<;<WWo;Co46`)a-kUjACZMP%Hu%lLbuWo)Jy>NNsIu+Vq
zF>WwS`S`*1cH=H7T|fk-Q1uT#lK$uRU`3>sTp?7HsN`=lqidN~^i3T--d(lEbm;Hi
z^wG(+W_gV~#D0k}6(k?)&2y%@Z-u-d!$GTtr%Aq-CK;#WA=2bBUS(q^pD}o;T{e-c
zB-5bdnyRNRzA-MM+uxuElf5zNLqw|5p^cJ--=^zhDcZ!*o=K^*<1;GN2!<c&^^<UQ
zct{ZKnN9yFLZ>%fp`qunO1aYm@1ZPzpS?QC?76S<fP1h-e)z`N{`LIr<AWP=lF7~A
z!AdI`!3=L&Lp$ah4)^Bfuv1@~_O01qAMNh_9m{x3Ug*>1z4?OgWHpm>g(Q~|-@bxU
zg9hCE=9zUY6a<n@!qT{S=nrR$5=*u${{`K<q?U0TpRMDNByXHwF8DJUuV%^PQh_;t
zZQfRp?h!Y5y#EWu71oP?0pI_U{ux@Jw1m7oZS+Y|lt2Q-Yc!_V0{wjm15n7YQS)UL
z2t3ueUM;1)E`300KGnApE}s*EEs8jw!W_K8_q}`I<Z-Yt9=m~<^<<mURAMv&NnB_B
z(O>(etm}`OaUTC^FtLESaTqRr>4NUW4PS-ynJJlG5_ri}VMu$2>;18W5z1?t2I{%o
zP$)j=0H)p!%$48+yw;WqDr~)g!TyqFVPOpyxaH?V=3o~zzUvA_%n6i0hUmlyWA%fO
zVC}rQ$-Ck7#~u^&Jo?mWj&;pi{iqf9S&hDbI7WTrhRFOQswVc6t+R^185>(6*2=rp
zev=}vPckZ_TbNt?UQjc*K_G8{qQwe5wJot!iJ0s+7Ocgf0I6^aHh$*z$P`Qg7Gfjb
zs00CCRBaV^KtpyJqu&QL430uOC9YpkGR#Z{UKvC8s0j~H2!A&{lHL))WO@sOy!wU5
zlo&Hv7YTTK)<v-xEIZ6?UnK^QmJIN2asM_Qz}@dM)a;p5md%iupS&&cjMcxNs496$
zSTh3RW$J(-V@hw`^u1r*n_n`+ErCCcT?`#JWe{xY!wVuTgZ~V(4;cE;S%GUbUp*!d
zrO*ttZ!*VtuP~q%znJ&qsLjH+s=d9dDm>1EgwtdLTIFr_9UUjxE}^3+gc`m@3pvFx
zMG|j1P|sdL-7t)he+oNBiAC<xnF07#mmPV%QX&&dGCQ)bfwSH7B=g+Uzuem&i%!*m
zs7`SXF;rFt7mCo|bP`$IF5z5&*^bSzA)L_lbCZ*Zh@hfmzfJgl&;Phq65QGJqy86h
zSwakO*N#&jl)oy08+V!yZ!ET^2?K##7ae`zhxGas5Fy#5+cVrqRJZpHN850}0pxvQ
z*8xV2^2{^Xv4TBtX;()BFf>j>=OL19?m;tv6CfioQInN%tbbK>Q;3~GY5R+>VZA@n
zeAu61zXMftyHrHMB5e0`uhqgJjOUS94F{;bFz=D@f_m{=lf3NGWP1cKaxsERXWEf#
z=dF+#IC$y4Z7Zn)|7_pCZQhaIeb`Gc7(|5hLed!kAK7mWpX}{Fqyh60=RPYCYTP!B
z|C9*`hAjhtpt>q}`51!p3*g|1Ag%0AxVgS3`X!xBzI0=No5-3t&n5}HV4ceg>l)g9
z8eh?|^WsRrcq*fLV)xNu?uSav-wFvBA0mQBKmwnD000OE>)sC{LX2~T|KWI>S23tS
z-vA1=Ggj<?j0>^^7H($@fL_FHvrB(b;gp|Me~m3JgG4Nf7>3Lykv)&l+b^+DXi{Pd
zKpKvw6f-YO55Wd6`st|(Qyi@R2A#+4up%cra2c*<jQHJ-@33=z^fv?ybYXmmu1L4L
za`okQYFyi<<gaUY#o!1UIjOfTKuTp*rD3foQ#%fIFzg?L{7IEh&o~wVuhHa*3#Cy)
z+LIHUOO)&;<i6!pYyhEZGyH|uZ!Q64<MY&b{;X{5i5;77E%kp+Umd;*=Hce?@x8%}
z2*xvB6Xgz)B1vrhTjuL|Y%ji=MSI>YA-WzcJ9)7&+7Kb^7jH)gq}u@xU3wj3a8N!6
zP0*C@K+Ehw0ciLI0(sqz-`13EWbbi^$l6h5{G}2tjq-FBgdw7o4fl%B3Fb8#p^B5b
z2N5t=oG^?$tPgW%7DJ*O)VTwoiu=9W)&HwGoLA`FwDU%|uR55XK(ZsW@sqa1X_jc-
zVsKx=2Ni#9wkO`9u}Lr>9HDqbXRrWTK&8J4;Go+C_4UceRI{OrBR{%098J_<9E_wH
zgm^{|eG8{LcUGe;&S_&J>qn(B3m|XZQ*K+TpC4Bu^_Wl{JxqL1;F^o)Fgdx(`(;mZ
zGcb^%pnahO49k$0B0I9%o_;ak^F+kxqceF-n65rn^)r4=kV$D!_lf?sCJw)S_^*x;
zw^M%pw3JxvCo=~!uc=cTrM@)`s;CIO3F?U!UhEZ}0dLfZr1oic{J<fRaXlnyyWwSN
z%TY#v3#!}Yw}^Gq9IpDYfAZc6&I5y&8pe<T?=eZc6!3lL7^M!1E`$OZ7UN$4YE#f<
zLaEmKRG?y(a%d?*1DpW$W*M%N$oBO?i1%sBHvORrqC7$5U$fKVJ%y9_nvLBGSDyUC
z*l}ACkC{g0e-STq2;EIJG<SF5&X<ap=3|a`K~jzZmg#AZXnC<nNL}@$m@X~4?aVbi
z%}aDTNU47%aCJd}Iv8|=0t~qXuuwaq(1_(l02{bpz@e83#IN=kzqiYnmhv5gCn`JK
z--x8-9rlyPBd!n%U|y(wuBqzS{FRS!qnlD1?aVZ#1sX$YJ|Z<!j>rw&{PH69_=hCt
z$v2GFi6F>i6JKH{`}uMuQZtBh?UvDxZQ}dud*o=E(lI&%#jnGZ!rL;TOw#ntl@BxI
z`g$=KBD`VB-6aJbl6p&gY&87-Vx~6tn9X9RD1Nnv^&;Ufn&%gA6U?b|N>Gfh2Te@a
z>>S9dgkjA|2|^Nsn}+6-=|w}+=j8N_l!`z(ttLdu$mM6IQSIZL6^||m*l3{BPXL;o
z=J+Vw^jjFknFt*Fg4OE^@iM7%g^7uhMJ+5LVp6o`p0vI1Q$|Z7!Ds~!x3nlp3l7FB
z12CC!0FZ(Pr=jsWX@SD#E`j&?!Yb${(1{QMRfED;K18^`9L1TJc5sh~DkS63oHW{`
z5PNHzuu0|GHRXqV*FKhg;wWj+Of*HTtrmnNFc})?{=ng%zhm;g^`fR6s{p#11g7Of
zlQl%$YdFZMdQintIrjC*c0iJMB+q&Bk7zSVYpFpdBZUR)&q!#Z+m--iWBS9>F!*ZI
zt0!5d%R+Ogz!CnSHzre6PP-;*EB7EI7XuqkbYTRYx86a3Ot?rda$?l%1i8#B!RFG5
zV9}-p!Zf%UNC5?@{_U6}njvYZ?A`ajaVB8r4uNOR#S6CGnT!j_`#MNThxK)Ny94>i
z4Tp!3^mhj-w~49Rs=diTcUK~T;U4B0XtQ>1;GwA^I_+HLnAhA7suHGyPN}Dd%CMm+
zl~$F8uoSNFyalcjp1yr7w2a4C3zM~i+;Fr`E^{`62?7bHx@677`V>xupGMZFh64cJ
z7{zocu!H@gRcXFpx~jQNquXgDrrKFrW0{oI_F*}aPu#;|?eA6yYe~cxROesjjLPF2
z!~wqhytF<HPZzU(fc!O*pqzb1?`X-}+%wx4+zmidjsS`#meH)9L9zY<5piDO#k;#^
z^+0`bbIr>%R<+y*<c03TP+Zk+*@kSl&dpQ?C(;;Ijj1H`BfSP`>(2L5gqbxdjMkY?
zTgOx=5&pynZP>ROsnn=Wpd57#LpS9Jt2?@DW&xGO9K=?kv6$6Y%ku~a<c@Sw@hcCs
z;J{f}nDvf!Jfxoa#cREVhg{mOq|a-HqZTZ;V@)uuTg<Vi6yj)So$(Ri6bXRURwuw!
zR%s-o1eR46uDX+f8bQ66dOcseo0hem*|sNM%Ng4Ffzvbh2@1ohgzXUlc|eE4)ALAx
zsWmxZu#p%g&4v+Xm(=>e6yfWS(&PCZ%0>d^F=Y@!!d1!)IYCw*PzS^iDnD98zEG&+
zk0BDA6#xS>V<2B7oCPy%I46;LZ@^#`gH{v($u8nn4rnYz5W+AGkQq22K1!Ohd2}DI
zS*Wf#4PJh^!+Fx*iTfC|az=~y!0FKNU0`8rO89g)Jgf0bsT<!NK@guBU1goOv(8jU
zO-kt%^$ZSZHNM98VT-a&e5RgVRieO(05@>IfoCS}4DEA^psMjXwRKcC*#y;j@~{+X
z9bC;;82s<-BlV7w$vW8vgyXLEN$fHf`9|1`K;#AS?D~$_#-DSI;Ju^p+Gv@#l<JQZ
zN8#{^N993ve$5B^LnJKYV+AAf)9$42{DWWCKkuO#$s(C%W8zB+cqkEPtITM(EULIS
z5f<oVRg#Y>2qS-mayWkX#lI?yjxZm9S;i-L=j;*>M}pj*9w{Fi0%sC0K0ar6_Y%!K
zUvKn+N@4?Q0;)ILA7fc3(>lVkk)H>dUBcMxav1<Ly7^}-hn6Q+AW|s767~sJjg9rs
zdRdcAcWh(3#4#{47w{0VPoUvC3yju;WE;rc;t98iBIu=&NXyIT4L780bw-adP#_d9
z9K`iPQRFxTuCcM(LsW+2+6%qi8(e(ZB=@*13K~p)wD$~alIh+CNC;Y$YuNf0lyQvj
zQ|P2%Viz!oNts~~a`y97X11rvx^@IsHLdZdSoYXL&fxPDp$VCk`B%>vty-u<rwMsN
z8DDs)F!~R55o#9Nl3M~#&aUk5zqEwN^lJn-zSJ*m;0C*GYQ0d`M8`Wr{p21pZvt&f
z-*T=ts_x&(Qtz6>Ma|!7l9*aJ#b5&87r4AW*aWJFHyHvAN~KJoD})b#7bo9T!MMF%
z3&oz85$x*Lriw=)vu@0*CHWP{(=Ib4rM(XVaj}7K%{-8G@LMe93h>zF^fdi9(@l@z
zTg2xJm<V_NLj}nz-G`+rgTE|8j$bn4Z1mBz8CL9XLSE24lMi@@Eu@*W2j@%xqZdV-
z$9<QFH8vozmIs|=ff{-`)3MRVp^o*q>n4xTG=m;4E)NepS~RBAn^u2dPY%sbE$K|U
zdVO5T{I2F9`r@g+vPdmdb;dzr(`I)HCAVjNdDB7VO=>{G&E-f+9Mc9zj5+0`I!vC)
z&ZJ#YmMt+XXuop2JGAwEbO<p)y7~@BN~l{A+ne1q&+ES+ltT8}h|q9;aUoF>!qUFv
zp-0HiwBjA=6^(7vK);wuXLtR*HPxOI3TVq+@2lj?g7*w(IeV69-pP4RiE~9qb|TzW
zhGRC^>9%0WC(g{?V4X=s;m(Ji<qmChKGd4Wv`PX9i{+xDj{bBY=v%q`I$KT&b+L0*
zB(~KWS2==oC|jYQ2?8&BU}V`F>7`*x*G;rz3`cgLtzClmv|iI+!3}a!?ycd3*63lV
zo|UwB8Et?kTjrp_q#iGWAV5fIs$&Kqdq3czj7CK#@&dO5EcHdO_Wee`$&|5{peM<W
zlM%w_FafdEKVU!snbMXl7Bmt^MC`B0H>l;^Bz4?ots@#9CC*?3$ay_*AJQChmFv}B
zaj!~Kfs&n{B}jLlrWVRw;dTat-NN`>x?&fDLuycysRQ~*2v|s6u(m=D)&tnj&y?fI
zBj~|p-1{eA06G4v!xpeyTXoy9PPC9_3TxqNEDwL`;-S(M0i@LAL(WqPT<xEU4^GhV
zSbr_s4FNSl|CgpcC;;7hL_B?26$rUIn8ZNgQ^ZC}i(!ej?4qhJ8>R)&46oMb&@Asx
z0m_q+b~2L1e2}SM>Z0s#&e|c?Ih@;>`tDM@CarHBYY&?B6|Qyn2VB~gt9%1oq_$GB
zW(0gOlgcgOa*imzT!t{uZgI33TCHt-Mp^8p7s0lP5!lr3l3A&r9LO*l_yzQIBc~zU
z*)Bnh5y(`iyH>l35F?U}Jfq}6`e3V;f8oMcsUNNljWDJQ_PV29Sxk%20yfK&%XmD3
z{X(_jvfMJzcET5{4h+A?7118aYoMSy4kOL%!vt7+kB^^|x|yyd3(w*10N%?8LH===
zcooMd5-EiV;hWR+NAq`qp|k5&k149uXeurCb4d@~3XS=}eTw3FVD1XFMljg;yW({*
za7^-WXTjivwR^qk%goEbYc)c3ARl_ZMV20;FPtu^m%@;Ox7;>*Oz{#-PtiL6sxs#|
z#N`0F><|2+PkxNMgc<-3?f?R-Rmg+m3@15Tiw9qT`Khvb;yl1Hc?mBAxMv-Il7lo6
z-_u0O2fr#L&Di*eGB)G{1dp-HWw{$v#7sT9lmQ!G3>osWYZmu&y};Wnx$7z{>o~rT
zOUHnN&$=+gFWAUA$u$JDmofFEm@X~4?aR^BI;na|4N1#sFc{MgGOwNUoCF}5=Chkq
zevI@6y!hw|A|IsZ6b<>29E0GC0wJT9GkuL5bEizs&j7{;2bE<Q=qQ)Ls^B<!?s;SA
zZOZNt%x$o54pY+?kfyw!8cJi9w<m@9RA?SJ%^Vw2s$2JHdxFN(@&7f0+2N%{ttcMp
zYsTODX|YE%q|I!d#wuL36mi9p>vMS7`Qp<rx2GF#A09LoyYLa$8BSvAf*`Bn*+pGr
zsXn}@S`cGz=Efu?gM<(Lv>;AyN;QLWupyeP)iKjR?O>s_60;4I#ZtXd1#Q>YFG?RP
z8eIC(lwsXZ`VSg6&~H&^Si2T*aSz8B-6@*A&MhPtyr{eOj{N>4*U1^Xbl>j*S|zJP
zM*mB<b1w;Z^=NRs?jw0?T)p5_h6UlcfEH0<4Y9cH4l-=fpXF6~fFq04O&i@6MUo52
znBwjBhTuE3j(;hbi_6hwRWOSz$DcqKbcT_HQtv?Qh#WV+q~~!(h*gwenvajrzDW25
z-j5t1dCt%P00aM#K7^GsYFKH^bJTsY13kIWQ0IO#j!Dk~0)Knd1_!2ZZ$**QY6dDq
z$Dk5kBdxTxJ*5+ZTQ@-Y=Rh@yTv7>VjX(Wy0{;`vmZ}2_lhzppxj&1k(Y#<G@j*~v
z4mR|}b%y{H-gm=jq8uJS7=wh0F9!)X!y=4nmY8lSgJaROcu9SxVD2J4p#{J|<#5WM
z-98kO6{g=AVgqOWu?Hj^7&b*Tq}#XfO{Z<R1OVPPJvWAm6B?oBB!y@P^W_Tjd4uZm
z;wCr$SwsWMD1aI{BKf+o7B!VITr|cM<YhbwhMDi0t!Mr9J(LXW2&?WTl350hpLzW8
zvL!8}w25&Ir9K=V(oJ551hV>0&;VZxS2^uP)0VmmzEE~^A<7UQ%V#oJq}37n*x53e
zic8gQCH>N##}PhP+#{0J*3RP>VLru$qP*+~B&68Gawr|Tv){5eVt94u`NBmdJ*rLr
z2xp9)Nk28_HkKrT+nXh2Y*z(zHE6adP{+h8$pDzpvE&#CSCPlOLC^@##oK68>iePj
z5aH~T$QfS`TJ}NkByME55$plYlwffb)0*B!$QY{E5e0thELFK=%Rfrh>B1cBAfr|8
zO6ME*V&;hB&F1K2pm;qXwde)z0w;4JV7gI?=TNPXs%jIZO#r~=tVrq1M5ckz5K1nG
zR=S{+UP0^a_=ezZ@S4h*PMF(C8N0GGLo1dH3KNku4w%2qwfo{=%7`(c4RO#}2Qxn_
z8>OI2$QbXi%Z{$hfCLp~^d80Z(xResivp~(oIU%100jt(10$s^gJt<&K);Chg;0kX
z04#Ci0lXn^s?|+=fomXdL8%J(Bq)^u9C?nyypR`I(!+vGKF!L;3nJbd-YeyX#)&3x
zKqd8e^Ibs^RfVfip#<zNHD&&;7ViD%POwB_tMZ;`9X1j@&=>fsUEf-V61<G>tnlX2
zhTjf@X~Q&wD9U!w1t}t&@2P(sS1W12?FZxh7p}I-U-__r6ZQQ{i`b0IwAPcO&f#=x
zI~xjzqy9{o-`Z99=MnTNl`e+fdNvotW73$<lmhKEVk6vlL1n_B(p;3&PU{UaNpwqz
zYF(K?{TzVNQhM-hX9ULV2a5F{ElSyIX|`@Iot}2}MC+sIRJAIBmf3g}$>Aq*oZUfq
zElqxTR%t1z(Z=@WGEDKE5PUK*nwnHm?X=0^3f3z2dr&u>iIUJB?SmlKB3~UT6re6x
z+tryyy%~0|_kQyT^TqeX^IXr;+;r7!vHr)i%tYRr4Oqi1AvXZu4P^x3-x{BhJCFS+
zdh_+*W3FozkVrXIC8gDA4~<+OCd*=JSucCS@%kGd;QDD271G_T6Ub+}lvkHsa}0e=
zf(C2nY4pKz?N|nSO|3=#UL?FvXw>0h$fX0jO|#h(b^sajy{NQa&3YnsF2p0;{t5rT
ziD|lpaI6SAkmZH~Jms=CCEE$pgI3Q-^(g|dbJ$ruNMo{650*@ucZYH$cG8aBsTPt4
zu;J?l<#W&)lu2q$i~i+ExW6ugOwGXs9Hz~qhG&EYe#_5WTqC&)jAwe`_BnLq7<rv&
z7zv`b!iu`Yx2L)b3J9kY&Q^@+8$GqHA65N4W>J_lA9{DvUrC(NTu)0`O4`wSkJJ2K
zoL6f2L(}@)lM5@FvB=?VUc+aWQrw*!B{R1D3*oZf-^Vy=!Ho2xM^<l@;%D6XEkt{O
z!yLyI$3cozGT1#JES=x`5^ghZ+*knhI>T$y88`j#tb-0P{=?-rF%_BJ25*q&e?UD1
zdf6aTtF|cJ&v#^!uQH7{-OLRVx*Q}RI(iF{kt%^hC%EPDij*#$vlHq^Tx#&PXy(GR
z+Y$h21*W7JBpdf?A`T2aE0&r1AhG2M8thy`xBcG5zS3Oa89;#6KovV+o?rS&@(d6O
zZ@53q$bH6m2e=(AJUVQ<MCiRm5b{5=SX;#KW_b<>2_775pN9a*=i=uV)GXDk((Gyy
z;$~rnL`gG%v7s0ttS99_BuhT_HB#hkFjXb|v#sW~<5<&m{uLn!fni_O7(b18A{k(C
z@RI^RpvsDXu#_01!WGys5zudpi(CY1{SX>C=v?<5`_!7NG<&R0phlPR!`y0TKeX4K
z!U(H2=sQd|XU&q4dEPE%`);2L(McXTCas`-BInH_<GlxbrmATnE#JzX5YM*`YL$T0
zKRhNeUFg}bWg~LR>RFipk39>QwmThB`Uu;byPG+%6Tdp3+~0;NVRA=E?;E-)3AO20
z1i$P>_<DRox@Wt^aL3q8-3i1#?g{mbYTo<n$lmu`XRm`z4cAo=ux=aU<EpL$d<ddt
zMlxVZZfpc<ONqe{Yx57TEATH{up)EY<f8C%`)=J8SY2&Uj~Zqs63Lw-*SNF5|2i_2
zOEbOiY)kfc;AT4EDDvb|j0G$eV_MTlcUoJ6n;Jx0RVr8i*~pIMyX3hV5^_5WmPcoq
zqFQJOEevM%$V)+uO?pd_P84BIWX{~G5CO@Xi5y>ByffzFr2_v7sCh>K1QueKuDQCS
zKXU-rh9XaeEE*#sBlper5_Ha@qobA$7EI9>5~XLl=F6h5SG;s2`pdH$MRQDqWjfo7
z2y%xlxNE^3Wq{%I@<J>^k8w=?9dyv7m~56B5X}Q<N^d+>RUZvm?@t>yTFXX@`MXqi
zM>8^d>lKylaedh1e^9w&I3t*Z!B!q;Py-Q~OB(uk7mXl?A8aWNbjjD;y-Kem;a~1$
zsmT)%1VQyPTb`jN7h)a?BLDyj?NWu0cdJNR3h;-2rO0&^@dEtxJbc>aS>>?@=yx2u
z8gY<b<4nsRP|j4Ahkf*#;Zo%JQ77aI7wQkJOHa8GxLpD&97ZbzrI|tI%u?=f972`N
zBp7P_I@wCIi8&=O69}<0F&ZX9KOd;}QnDl8aAmLP#mkrF?!RLWu6@Xdx1<LzLg0!Z
zId;riMrZDNXKytIfnSyfAF9;^?qNUDz!zSaWnO>)SViMqCH7t^&FRopY2$L&<q)C7
zkdMb-V0oU0^2fh~O#<_BK-==6Q_Qu7?qV|ly@$*l6sQu{IjsTtZ}O`>jd`c5p_|iQ
zq&@p;KpKpE0nAUu)OtWCWdqOi?B1;Pen5e~n{jD%*6VPTRKyBBaX6VB4s@Ra@2$=5
zNdy*c&TS1(yXL>&<WA6Hek9K;;$Mf?oR|NH*yG8%j4vzB^?16bB15@yo#Fc;1EB<A
z3zwbcU@jL<V&3mcvDef(8sNyOza*pmaR6jUo79ap;cUOYXFp*!tSRfs7NuRV{RIL0
zh0b+?iZJ%y^|1+DS_Onf&@y4u{IW#y1u0=nrq6Kz%H5-DP!2Z{qvsW}GPxOR*z-Um
z&A8bx8Q*sjM+Oqs&K7zLe6x}Qji=6K2uAKg?JoV%oWpK?KnS#Q(cRNHW`an3(`_#N
zdHYRdrR_=(lySVImW$#~=DJ6G67}c`BzG{{Z_sA$Kn})}3c|ee;tR2{l+392_<5qx
zMQ|X|-edFJBk5seT97h{+09$+^cY7Y0}&;iZfUk^oY8qWsbpKd-$}Ygkai(ayqsu>
z&!B5-T(2WZ)|U8ZrK$y6F(>eRYg$FC8jX256PR?9VJ!wG%wKt+m$@UDx>ENIi@o?u
z-^Tci9s3nB`!{D1g;5D%&31LeS-B5JRr=(3+-Bg4a)!w%Kmm$(*lF$Hd6j;LW~+c7
z?^^Wj_A(=WVYrGqhN29u+EhgYI<CVS<e(vq&hEMcfCALm#Qr?VtHQ_Hj;(v5+Y#Cw
z&Y%L5n`0DL<!?K^$X?fIZgH(AXmcti-D%eJn3YA|w*QBO+7KiwV3)1*$iQV26a=CC
zh5T0Ge>t%!h8TnRM{fN_&~d1rm-tU@IVcqTc^qZfD1@K{$B7;1@b;XNwe2RlfpdH9
z?a9~M36JoCo%&Nu(q&B@!2v6xY>7)?U~5y|fXzmlGJEKr_3!rtc+<yjp3)yc&gYwZ
zY=A~B5(<t7rPmZ6w13|-yQUB`scJTs+F&?jkkSZmPOu0vI7$MOegiulWLun?)<Q?-
zRw;z->3-X#U>#UIRV!mk%*<DZSFN6hG)YdpByyKKcH2|<5+>YdPF&5nr6f>qTD3uQ
z4Kq!?S7N(K^&NLMCqF8W|61tJ#d{}r6^yLf-8GnOVRN0zG>kb0cQK4MPv5Fsf((vq
zB>(oLQ!sL}9P?NLS;(4jw*chTW$8R&K27#4VcU6OHx%j8z1La*sV0e-{Vyvm$2ID#
zT0h96#SUYA^rE&i>5;&3`ZyXmqSSwWvw!?BIuk`S0o9Quc_A@Jzb#3Sl)K-vPQeLj
z15L0KyWc_ju;Evm&<<o9thlulm8as?H^tj9e;0p!j(SUgn5C@#pi-_iu2g3$)GT?T
z5KI7Z&?wOpq<N0-VRCtZ&CJ7Bx^0UcICy?X_Eu!myq7o$D78V&zdhHqtZ4x`#eK7r
z!GK0Q96i&w-E~i$fx<h7i+oq(%fWWN)XWVjs)NOI?<Z6ldTf^qN)#jrJGtmNsc($J
zCLfY?m{$7;k=&w>YnU`&D!)&^h|q0K?$iq-`10a8RX5_we>zH0W<r`d1Z%eHLS5l2
z!nSXHdd+G?GeU^XG?8qPbnz}5A0Dp^FrpS5p0hvd0000oHZ@i<I%V`HJbsk9TeozB
z*E?VaNROd9Q_H~#C@8O$i=9FN*FC&;A5YNf`;cxS|4=wD)R#((<)V8OC^%f^DoMe4
zd|+ZKlILLU#l8-$;~>p(5DTyVAurhi^%bW!vLQ9Et-)}g<cQNs<Mz{G&&)*N;`=I-
z481_)(j9W+vhaJ?%$GJw02t~eqLZ9<sq+7nBTLCJt5UMk7)6le9+BJ>n2yr4W0wBF
zdc}fGBXV{n=!9_S3|WEHn&f^BxF#n506I1B&9`BzL&2x}mKsP%7id9A<49N!HEs+S
zfYHw$+|kNN4on)bF;Os1Z$N+h&7AAE&a(kR#taq~HM+BY*%WgeRQTnbzy>T2k#cx&
zxEX-v>YVD4IQE;Xi9j7rZsa9Kp1h03BXv2ra^}SGB_wTveD=LFKz(8TZq`=S_MiJ2
z57WlTLQDx#T`*Zvg2&LD110YFO~RSVg(tIYdUG-52x>6Gd{SY{EAeKyzo5sCFmiS>
z6M6__nfEtP^lW#a<?o*F^L5!zidH6#7E_n4t5nMLlA55SF~?&C1(Zup>#hAR>NxbT
zd8yf1#Hqj&(ON>l!7?^9@hO$52R(BC;$gB4rp@1#+0#-9vuZkA{9qPH);gW7=zPHE
zvox==7NE`|i%r3%m8#zl#tJDq?x}3o`gnxd6-ao4pFrm(1Xd<RqO$F?;X|rzkn6Oc
zyFuIRC8*z<>rA1Eo}3_>{1f7at(`~D04$vscSIO030;(A7J|4m>mO~FN;P0zfLB*u
z!1j+G>0f~yaV1cjV=1<~27=d#+AL}<K`{z%a5^zqZXP{pqJThNw}Ibn8w=AB7`;n<
zV5J{k&VOI8;1ksFYc8O8`l3Pl`lm7PlNWvzh#o3dAF-_w9{N-?pGMUE*5+a?m4v{I
zU35wuA(*5?c{<9#b4UsdB95^1z=uy#(OsommW&x_{;)Lr0()+74<EF+1RxX7K}i5I
zgQCM<ns%OlCrK6rG{6*O;u%te>N6lE-5Xg_&}i+lwKg1_&3O2cJO&$#8y`SJ0@<5D
z23X;fWb6v8$g;}wx}h4_^cBZgBO&E(S?>I}kJc=>Y^)L&2GIleEqG_pKMG-)3Nd_b
z$7@5A1OXwP|0cJ4hA~Qv=uW@^Zi=?Sh4)FE1YbCoQaZ25<(H4wZA`-S-a0UM9(doM
z@C5zL1Wc)y5H09W?ZakYl!(w*D)aq<>0=`21Qb4Q=s!cxMZYFyMwDP-Lyo~KU&K@L
zlrtO|-4p37Zd^cO0D)Y`t`W8dlcyw%WmV|ST!)em)JMpGN*FArz}G?i6g|m3RsG2g
ztbPxFq7yP^UU;7B!Q0Qse%Ow1;-Br)?__csqAQlY=gOV(t_vF11E=HDc*n}6B=Xd`
zWCscm42drd)r?sDCLVTrjf=PlZJh!7kFJLOFpRa;?r6?i9nX$_g@DpVCe?p|;>2Q#
zxU2kkMbn@Cdh4&C|1BGHhP5V;cB56yjmI2H2)iODh$*Q{z>EC!0v#~FRXq_+>9U-F
zp_^ZjO1llqn-uC@L?Hiwb69yhxbjZ~5fA0q{RrfkLnk!25vJq7jGU<fcBY?5B_nn@
zd4_3B_EBj8QUW8O8$rwr{2&Y$2o$ExVG&YV)4ypw40^4KYiFWReO;cvl)vgT6Wv_@
zUs2I9<d(WKF#Cm*++a%5j#-!!%CI#2t<T0)FA^!_%{Ho%)Qh}d;f%ET`Fgx<sCoRI
zqa+BrIB_kO9|+9UpjIkZ3!Kr^aB+xv%-9?HxHI*u4C=$kUH<#2MbF<;{-~l|5;hjK
zzzlF&=&ahD@ORh~2uLy|R+GCaIbOdZ(J}TglO3k-SZ&Znl!0+*9k{2U&swnP*{JKb
zS+NH`BLc?+N<3}&T)J%E{6|YB*3dOJm6?sq)23QmIe<eS<8S<w*jsmA!6M8ZeTTVS
z8y`(+*QdES>BK|d%2=P^l(-A92N|!=qWQu+1>bt9Lk<cYiZuoXXw;K$gQlsOANoM?
z@>_Rt2BVr`>^N!Lk<Akj0FvWs!6&(>s3it~>Rvuv89mJ~+F?3?pUNb3ea>^nl6Hk3
zUIB1#6s{&{U_k4e8+sf;&@IH`N9UH%0S*9#Iy#gk!%gwOKJ-Z}cgsNenWA!0IK?<E
ze2T6UDGn1sx&(WnYv{Cuq>POOxW?0c1q(2IAal-J06u#xk~9<=?@g@jtt&ZaAHq-P
zL`ehhSj*vaNjlm6XH3#RDVN}Yw-0>^UZeCJK(oarRph3{FPbNZ@Cd5LF*+4~%bUt8
zQ#8IGR@4)v@wCc6_V<yYk&a-Ma8CL@_(kXwTzh~V6QAeUD5?5pdFi8vD9m?Za$U`c
z{Foeo%*OAv^$lq)YMcPK2aX_y4~H#Q30>{~opZ>u6%V|EnhUFs?zxP4B%H(A#%;=@
zu%}<>>K_(<tMs!xifvwOg|%Vyo#RZvvhCcU$(K^IDE>agO0Rg$P()c7^xP@WR*=@9
z_heJ}yIfpI4Pq#ImPn0@0spC+Ct9a>kR1$DHG#K)KAGG#o~}{H$q%1Sk|^?DPAp_R
z!vsWP#bN^H^Sg?q&f|#YfAV5bA%Q2c<EpDQcjAt>3+isyMB2EHS^^;jjpeg;qN$^Q
z)dopm73jbb5j6{EA@zdQ2qdUqf2P#yRTb>8DScI2_#oK|^{w|(a*a&CopAa`vN{%>
zwzL~s3?8;>cI>bKtbl7=u)E3VZ9~Yqs`3K@tPF%dO*75xn3qIP2GOUR1-`R>#N)Oz
z7eFRNam)BrcTeY;#Rs(KuZd*U)da8)hng1!vo;eMjHC<E{(lCF`(J1)v8)eW20h%6
z*5^{_cdN;vV>&vig;g^}U&b;X-zx;Zh~y=LK2t&IHd9+1g?T}&>5!{V&1T{weihzU
z2FcJK6P<uLG8y>z{>@bA_+O@FO)VQp&ZtPoG<SW~3FYtHSTgpbcuWW-#Q=+bV!%WR
z)I3t9IW6VaZmvf)c^;*1<!4ZYH*7fVXJ`v02)%?#P-VYsQ34RqBYN#A%&>`7iz`!J
zlq|pSRP;`RLwOVIAMTe<#n!h~GpaTSXc5SJjmA@umHEyO`heW5w!<OTNz^GsMH8<Y
z(1#<Faw93Brs<A7y;NN3eC|d<jmx^M0Z(yN;IeY*fT4#gP+E~0l1~2&fo)nP7iO35
z)db69WNo}$sTmZA|MQI*r~t)dBk`y+fWlA&i4X-f0;U|B;1%<<Be!RP7jOd`+#eSu
zi0b*&tZhgZ+M(0UmyS^$7nK>vPg3UUpUrrmKIo^JjyHc@BPdQptaQ7{RI3=1LCfJT
z1KVCZ%tgxQMR&KRKH2_9Ho|+QLs=Z!HLHA`GOyra!F@?T6dX=^f<o}-;H_itj#Iyc
zDGb{f{EoBLX(+bvllfAE2=syHS*7B;(watsS=)kPwrv3Mh;ejeY1@i}UJRSc(pCZ=
zlBny8J4^;}^di^f#|RU)X$rwH^)UF*vIpl4g_E`l_LN}eNf8e#2m>^^7K-5a(HnEG
zpMf-ovwum~c<U*oCWVLU*6wQSa(TwnSoqD45Xv|yiWc2A>Wp|=I$F_=XgZ3Z-sBJ*
z0cX;8|H1t-0R4S<__i%}i?h`Pwhupv?$57yU_*s_lXcD53B7snj=^z<DMoA?Z!T#x
zY<5*HX||{Bzb_~jpIq9)qYU(0<XpIYkmdVv_M*}|&=e?2ri|z`@go$Fmv<h9e~;+}
zm?%3u!DgQ15oV?!0Y4YE#kwtEW4MC}YvC#J#(%>()@E2-He;#>?Ex-JI`x$9|B%uP
z3Q4Yz)pIFQma_arWPZ26w$rqE1P<Hc1l$Wp+wJ^fpa(1%j%&v#W1mU4Ye9RHAT$t#
zv(h}ji{{o5F&CBCUQxpm@vm5#;5_|ME*0CL{b=Sa;2-<SU;7`>v&PCEAv#H4mJmbg
z3<kShUDw_1W?3C4Ax4y$j*klr<Ab;1G>$;=HSgwgD{@f2@f5F0Mvpo%OC+rtqM~w@
zdseeB{W=WKbGfbwoM7;j@7?yaj<fF&VGMullT@R>HR-ZCi6Je?=#nZgCQ08WH8hnI
zwhlkOWmDbXji)|Yj~>FWdd;mfLx5z9*u511$v@%GwnR2I`SlhlZ+&%Cw_pqipRkGU
zBF~Gum#!1Rd_l4^fQhK&)*=bdOR$j)3=}AGyj30o%!4;rs??Ud|GsOJ3W@S+s6#*v
z2-c#(o7KCr@YB+gvWLnSv^fSC0HDvs6htP<nV-T_f8SUD0q*+i5M@kM;@2;z05MHo
zrVNE4yuEPxnM{LB3P5XZ@u6@4h}$b{joQ{XRPgb^2inR-sQ?+aFf;ae(h^Q@VRB%=
ztMt&gQvO`Lmzsgeku7#)78x!v4*DH?^InQS0wPUs!6FU%#C&C94JSO%3WP-qN#Kp^
zCnz;4^V~U@Tu@W@x@ACI&jpPL4iaEa%bqd%6c~?5O9Z<%D^!cO1uT?v1vX1cVbb5Q
z6L3q6{wj_0xDezt9Z=(NxW?Hj8xnz`Y-P>e`5_-?&(lg0gT%~XF+b0*)7&r^O)0A2
zzpESQ?*693`s&Z#grJxn7zX$cn=0XRhJYZ)?o-FP0%e+4Dy7DWYd2zK1QCG)8)vO%
z51U~n(boZ_)0UltcynB0-`sN)N$0ixh)l_udE$Gk2X8+i`(h%=_&n5ky6tzaM65pJ
z)Y*6t@O1v97KMLZ7>Sn~%pISU-pYdTY^3A2h?g(8aK#=QI6obw3-kxWBKB=%x7y(h
zc)@pzZT8z5Xm;1izL7pmMLg8I-#B57O~`FL63Bdp>M{3l(fJm3Y!A@yg&)F%hck?-
zU5%NFl|V<j60xW$?!?dq5=^23h`=I()|%ziNh#T%2Sf{`p9aG-J*8B(E_63ej|nX@
z48i+?p#r{Tck0IWXDo3nP0=Irs2YjENK5TB%C0xoX7Oc^4Cc^Z;uDI*M{_BVr_b$*
zWrB_2M~fz@q(lWVj$Ldqt?m=Jmmu)p#qG~IQi;mD5IxDHtb0gHv1Y{_T%$xYnaNYc
zmCNJ4B-@dXJSM8hg_&Bn<PEA4;1V7K1Lu|w^ZhD`OiV2C6l<S%j0xI@GvB$cIzhjd
zH@;#B@^sOy(2Sh3Tb-x|dwwRZW;IHZ0VoaUtTY~Kgqc?wu@E{%fkz}DUFhCNiG9=v
zPuI{g_y+sQ<QWkjc+RSJ3&e%&DK3@{EZjFv=T0Y*2MhTF=&PUDlX+Trm60K96!R+I
zujKpX$el*hNPV1}DCTWxQf@d1J~XbKAh}mV1#&(nEm5GpEC36hxO=-|T&c~#LyxvF
zH!w|0Y6gR2l+2vBXg0h-Ylm2&LP=@dD}m9$d4F>nkEIz9ZMPrYbN|65hUBm?&!oeA
z)Y*aOG4bi{AZOhV2wW@0=nQ|x*~D(f;>Nu8-h@$=5I~}>%M5g;Ot_%?ba5lDmNZMX
zpXmb@`maM=l6fQCPYbM{*+GCRt9dvHiS$@AcU~7sQb0;C0niL)H`azn(@i3c*AV1D
z%c#EcEGN&2`RoE((jSktK8!PX3$N>D`ayXcKVzNtGgd4Yrwf)Eto=}HPYxP$rj5=7
ztD7w^xP|M8hBGpJK~h%D`K!Xh=ingD18(@ufryZ#p99xT091aR{2gOGOrlX*U$D(5
zjAe4>xVE@6YpFXKl0HcKr5!}}O%+pYAReXT@wd8RNj&!1evc`k*X9X0Dh+<6KZMU*
z!X(I4lJNIS(c+Q*T<S(Vp*8=FheXb!I&v6@Wno?oJtVMRBS0o2uS9{2ZpX1dA~t=U
zQ!|;w$<25@-72o{fs9I^FRV<GQPlf!&Jc~?HtE6xj<gQ;hfZ=yR!|fOtoJ>-iVj}X
z0LJxXTEw#;e%Ex{<+HEFN;t%!gs8)exs(o7Tg%Cvd-8^7^)zc6RN!vLF`1zKN?n86
zg5|m@Cz%Ln>IFV~cW-6KC3cfep+4x?k(j?VEooJtT}}5MrcY1oKj<|1*}SI1=aL#m
z6=0;INw<w)>BoF)ChOt|@AgnJwWOU+<c6&>rHX%wu{Nebhi+|yFZ$5YvKx~D@{n|~
zy$0VNc5Xpw!#CSG?0%zf5iXZd{QV!hX}!(Qx;nJchm}zjw-0T2DM@|naoK`;^~Lw6
z)yJuf1sZJ`xLPxp!u~V=v87ayZdqFeA^tlQZqix$F>ID1`!9nbs-DVA4jVWVaIOb6
zG4MX;*u6<>Bhgk*2t47Iap5oP;7clE(c;1MbL+ktE){giS9kDPI-<A?Rky?1jOxU?
zmpvxXL}h^4nLO!MX<8>rG4sskkzvXS)vt>3PyiC~QGgBtBX<r6&*w;xsab3SQpWHa
z&psF5TD6f$VQO87M!WqMxcJCpI$_X?NLJ|VHF#KLUyDR5ION9HA$JLC6vam#tOl&|
z{q#eRw!^>qlp3WTs~}Z%z-gqv0NMhZSC$-TCMk65!Rqh(KSZ=Rb+f5+QL3IQi?^U}
zPT%ka)!dP8|AF#yi_Jou*4iL*AkpB%35Gcr=tj#}5$?ZmoF-@NKb&G{We5^d=-)b;
zDPr%dgHB8fzRL{|HU_OhPO%pc=(BZomhxFHbr3W#pGt0BdEhrTFm&#Ugl8b~<*|AH
z3jl0ra2RHX+C~87`n}oUUywP%3myjv44x{rWQejhsN7f`&f+^1)@(F1^rNv;H;%Y7
z1_vg_=px<$POs$5w#c7;><uQzZ8)V2Xl1^WCMpU8Dw-;7WfG6<aRKm*WuPH!QQ1Z7
z0Ua&n`>gEtzFD4^su|ve3KC1ClSjlUu?R>_-m&I|f%KJ~@f{&$?53RxMiK@*oF5`v
zBTKB0N57hNh#w?ld%kAVKTQ0+aPe8Q(Y1y)WL?urg*^%Cx=p<RFUczfnPv*Iwg~r3
zhZEazRYSxn+1T4Xv$!s?bt}4~2y`3x@xQe&DiGc$Up_lX7O~1Hk;}pTvX28e@oAZ}
z%6t4K!~GkdG<qW(z`08Le4OV$qL!dG38?dTTQgq5`B5)m2GX1%bsceR$oV+I=T?fk
zO*<#Eye&q;>(-!iVRk!jnxlEqyrSswZOPP83&*j-)uZ90AsU!-*nyR40@rUNf*<6)
z>Y}7x@*#DD30~cdCAf0|#9gfpa?RUvg};(v2!*=l6z<p?6&crK6w+}YQ*_0F4GJZX
zK1DZ(C-5vz5;ruAbA0l26$>T+8v^x3Lv5W%lGQ4Y7Y(hy;BpUQV<#5|GD;I+V1!4o
z<~g_14m;}oDEn)9T*e{&+SIR^0y;#5MO;n3i*S2OJAFaZ*+2jQO$Oz^fa7o=PJY7a
zAVzt?y($lNY~=b4jqPx_L7bEPo1pE=Q$>kYD?uVXk)nSHf-hDYw$EkL6CLgQpg5aW
zydLQE8dM$1=xy^Mi4zx65(wx7C|!H%+wp+Kd<BN7>ib8qe(!cm%f_MF4y#FEK5GV7
zv`wDNgj(wd^4^=TY-@;tI~V*JI>MMumy&!_UL>4aIdC-a17bgp8C#tak94U~euIME
zJVxHj@!p$qmLpcOC5j$eH&wJH*CXP`>W&D5y!fsI@0dvle#{XB6Ruvmik6E70zOws
zk_}4-!b=_xaaxYV$lf)eLZ!@VOxGg)Opm!D_;K2os+?1<icT%R^q>g6lST;$yz=g>
zdiUN{+TDvSVr{J?ME~Ym1g@3V>8haUQ?UZN1~hhYr;NZ>BV?-5owZqLCKP8(89tr>
z15^xkqKMPB{h$>>VAPj-iK;Ka!<KeomSewb9Q42MUl|+|LxJhVve6m?Q55&u?`bZd
zk>=NH>Lt85qw5gd+>q;S<|HSf*8!&zKc0>rQ$3e3%bK0rX+N{xRLVl~CTW%^B^j$3
zF%qv;Q)+@awq&E!G=zi4$REO6$km4w5$O#dH(jFgbB9)~h-#Lr{D~oTuBYn1_^dW%
z*xi<0Z?bZfp5Jx`pKfV9%^dJU%lxpB2%^-M%?XAmI}@?wbL|cn^`oXb*!GW-o;WbE
z%d>}>!s!J;uhggTnTPOO(MY%@B^$6Gew~A1vP4*(SEz|#REr}R!x7)?k-gbEFYW8Y
zi*q%yACuk8QwrTsH>Fg~i6Zn|&H-BY@_5a&xzRh2*hb1SFRy$Gn$(H0<4WI*C+_ke
zzc)zNuveOCIV#<@l(Iy@JZkmIyaA|5D+&b=B%TYpo53*V{}GuT81u|CR_R5W+rq+C
zg+#A>U3Ncy+T_9`lhez497kB`7DPr37bEd{9zLIK?iEY3{0Jwjd3ESN!C1PM`r##e
z&n5o5wB^JMhjZ_DSQ@>#WF)(aHqRLYLhL>-PS4c_fcD5%(~``~uwkS*NxMXTU&hK9
znYF_{WoNF;2pw;xQdqMm!uO}jr>9PR6gFV91S{$b7}f=0EyfDRwyBB<-~1h%WJ?Q-
z_fmLZK}PyKa}+0?c3)-9U)FcFIbAACk!?Hf-Hk~FEqyHT_Xr+eekBUj(D-<NFnrYe
zI8JC8XW9Q(B|U-ro2L@K(AVTzX>uU}iIa53(F6yG5gzbw9+xy8fx{!_cnTR`L89z{
zKT{YArL<QgAq)u2s(;52&+hd(j$j;Sf;a?U9Fbl-B@IyVo4TbWG&iP}B6;p+Tu2i0
z^@*q##kI8iFUwe*sr?)Qert8$!noLAzqb6FPFHfh27qc|sd5Ojg84{>D(U;UziCpM
zm6|#hecSVP;U|AXre*t$9(s7+jF{w*4#X4sfxn-1P-VKYI<j_9UH{LaXuryZW1}({
zM8Ad=z*OGE4M=sNyp5VIrAv)pBS@H0ti3-O=bE0Md#U<=#&Wbt!;myk91S!xfa14!
zRa{WnomppnmGAtd_=Rcq)NSOgkIk!cK+B#t#20=iCec1!I;?O`k3<0$n$uvCOf7oj
z6-GImhEz*S$oev^X$#z?;odhV=u9hl^>!h|a;k{dPyR-v6t|P1J4(HYmHNUx^vPO?
zUhtKdm9Ev;-&@Gt9N#W2F=Qpw)`n=){q2}tA9%6xD)W_56I>Cz+N$wdrIyOD_$44%
zS<Q`rZj}c%fClK2O~(;Ta;G-;9Hhqc;oX6x*zKnjp^Xf;(qzR!KxI=!O|D{p8=g(t
z$$^A!fRF4qV7$Vdp>~Kk3Df<vIdgZXL4|%(A#pou;Q))iZ7!_aO20>PJZ!(fo4wHa
zVP3E=`><MDv<drsZLQll>g<x4S~UqFg=J-ci0ly~ZG`D`=(=;LAVI|sI3x`K9KGyN
zTbeJ{-cCISnWUv0fwTdcemN(axyUMnrJ(l1ej1vHOD_PpW-O+ZQ*<m8+|SDo>9YFq
zt^#}flDBJY3_L9jdJdSI&AanjPAGN?2aHQ*3D~TAmiBR3s~t7QmH*|_Ztm{co!C3@
zXgm~)q}g<Y6!#k>=H#8=I3iW7BIb^Gu9mrv3ok~Rvqf_vF8=~-Vhm^>vBSC4j`9vF
zhMV3ey~Jgy$v&!em7~t^J*fi?x(kOsKp#3BF$$vityk}nw=RBA0VA3v-=R+|M|kOM
zh~ZIpx&%Cfdo?j^>78`ESuQ!(MVJA=1625NC{hYGT15{hQ6g);&1!=zF<lU8E(GLU
z3~felnAAf9!CRoHN-Bu{;Tc8;fU7(vo`nVkk|9=>9#y_9V*Hh!1*s}f+Zi@oKX5P)
zDm%6tMfZh-=feXVpv`r{R9UX!dGLF_4dZ(3G3-MGeqplMfSbdpQQG5v@@e9Y;hue|
z9IgA$P*edor~^h7PKb9k=dWw*-ZMZ!o^GV*=nq-Q$nJGk=N04@(P)Ck)2PjaRN54O
zC3Kb;6nt;wsKmz09m*pH4&t4_`p2;~S*abZ<Z+l*C1#!5GQx8$Jp>E`if0FiXtuOq
zb7})5t8Wt1#v4sR?2N3I2j~eAvaXWVmRt;gjs=6FRO^vWH3f!nXVv4&+_#0zhE_w)
zGrB9y9Y9b&>7{b^vF9))FT>g0B@Jw`v(5dCc!4$mh=DuT(4RL_o6zTmm|~*VID-2F
z0nULXT__kWOs!sm*!GW-o;WbE%d>}>*~%5+VZ`xpH$t$RPV;uNJiG;0S)9)HegO15
zu@&!QYN6G&aw%BeUte{;P*hp7OprjQSmUh?Ta2aQ)S2(?C(=HV(t3<(S}6%`GuT<Q
zM19|^%)w?tGIofE@$f>5^Hv2Tj{sirdc{gF;xQtQ;h}o;CQ^@yo#+S{v}!=$jN>1c
z5t;epc)x;CU`fPkHU?Sx39_TB{GkOty>~VE9r2NMfmdrf8RPOO5Fdz%mYPiD*!#wh
zU9bCw3D}2&VhJ#0s<lPdscv$Hs`1zzJvZvv8Im4>zT6}F6kX6Bjp5{N%3W>Rx&$)B
zbB+$UUx=+&H%}3c-{?>iB!E>sBbK$IIT?!z(;115=zGA5=ykYD`{;3+tE&*>Ebgaf
zIWY*}BbrIjO(@?|!ZV2937bq|5o)b$OfdLtS4t?=UVw<OBKsxqmIfEO=R73nT6V(~
zL*S#>{!}qnb@8Sa08c<g<0J9s$y5kH0C&2RuH!lb+(Hzxj2~TpW?yY>T!2H&<~Rq{
z4%hnm2k9z~kj#qJ&zXq6V2%o14#slJVk7lh)p2<@_#Hc^KWDQ38lDZl*)mk0i^Utf
zUSq#kqNAT4xIFy%!VV!r^dhWjizIc1;Db`!@EnmZ##&+P6Zn>lSQ;3Mz#H?Jq2iHr
zKl{#T312Pvyz6j|B8n7-A<i+rkt=|m#E#+pd_DLilu)8C^RzXZ8>cvW<CP9V?_!b@
zowW+D<OJ+PrfRMVkcD(XF?Z!>D~UGZ`=*febcHgEoN-+JJ;~ewCBfhPxI+`i_-TOq
zDUed<bb0kd2_OTkC13gbW|40c!`sih548$$1!====P=)`Ye)JA(P4bBS9S)IW44@9
zhBPwYNs}}7yjueb4@A!f1!xfW43Fk$MQ{yo9<)A&{*hkHY7YgrkP<?#9H-EmM8OWi
zm(}hZK8~Iv+eDFSn#@Y`xvuU0pm2F1>RW~v;|0r>U{5Hxh;j9--N{bUHK^b<QLvT9
zyyWzDxhz`5OyQMcZovf`ybp+NFBQj`Ox)XWy}2zW*LZa%wptlL57z9aRpP%=q^5%K
z5eDdP(|p~$Pr@bq5q5#_(rR6QeN4g|0Q}=c37*3L@bpm&Zz;^a!Q$HS?jfAs!1V;j
znl?7K=)p=#7oxC3RmvUuv(Jh+Kk*Ap1~y=OZ;mis2QcdOWOdSB8tz2RLDk59m$3$S
z7<Ln^7jmoYV2SBZDS<5D)W&7A5DJ@J&#)CT&<ny0zsnM)irG*9Ra>$`-dek;u+Gwq
zV#7|UeGsy$?NE*`dsL}W0000t#Fi`R3XZqV7+)SpUgO{5nbZ&M%}}B!tfR-_2mt{K
zx*_)q#$iS<TvoK?y$E5+TE9I9WWjIUj@NOWA!?v^qCii^VZ%ytBe*rL&L`x(ksghf
z1@bzQOey|fBy>|4t?ORzUVp=^MEWvzEV^T|O2=aSKslV>V%VS0>t>Rjh39m2j>`5t
z)YMHI0#|^2`Ko1K3qhpWZ(*I@tpPCz5}}^OREu$aPLzi$nW7!%`p^=uJdH1v9*@29
zwmJa%J|B^@0cOfya@`f_v48rD6)F)Az5KWZiKS5(EI@Jq-mHE2&<mKIPK+U3XS!J-
zr*iW-0P^W>$?#*~G)P7)EfA;g{T&Cl57!iyW!?7V1=9R8fLT~h7pHXbGjHl8B=0p7
zHZB+iND5JSm89<6Ki}`0RiPat(ZEg2kLl}v6qcvUPJSlFN04;L$`;~9FEf*D?=`1Z
zrXi6%Y!53KKeHnxV84veDb$5+SRm}ao5F3(DyFgMy>MgLjLwr3-$;rj)|AP8-E6}i
z(d5!e45O-%ri+v4a<54M11MfzKUBtVl#9W=fN^>yprD$+WFo;x{cNOC0Y?;==gS}V
z1i1_7P7pb20T11s<A(?}+-PvkP21chRc1+d=^N`mjBgLHYN3v9Wlzd&B|kDFVM}4-
zst=i!{$VP5a}jl_ji8*6z?bGaXJJ?#V53+EbRlUfs~VsrAcXzLE>8c8<C@&LAY~_h
zmGAURiTW~s30-{${`DF@ggv#x2W$5o0h=9w!lx0#fKGiiKB4LmrT>gV9+M1FX&JkL
zg2Q(U{y>H5?%{IaH~O?ri~rR9t$K<G^JM0Box0>|N!3%{*+oay>uc@zs#(CV%?yEu
zGhSbVL}<B)92&Dbj0kVCetEk}>{jwHA1;lnr;ea!VWFwg<Zi7d0MOt9CN4E7;X6y4
z1ob&7XaS_}Bl&%W8Js>>cax5{g7*R1cR2t@MxM_%_BG%9y<HOZL!S43aJ&WklwLG}
z9NH`$KmY&$m2^GhEkt{PSFh^yAXE$nO<Jx%U<vA^eY!q5z2mdgC%+Hxly+;n6(u3*
zXLRnQ{mWlen6EB0Pp3V@Fo9fnsShEFD(uWwhE6Dw&N@D0%T{QQO6OSM(V_vT@WX~c
z;mSjLf(t-&QMsBC{4wa}kUgCPmmokAq}#S_+qUhVwr$(C?P=S#ZQHi3o87&;`U&--
zqUvQ<#y9^3g=vwGEg}s6p^XY#%t@jQZiqd+Tpywl8Tn>O6~(K4N@W@TQQulUt}u6~
zl(NZ!EWN#w8?xm*jAv54RuHQJ?LQb6JN~!(t(b&@qod5!9+EZyfdOHH+60mYe~~Yo
zS!;gi?=cci57rB9%OqboYQYUiPO`?P2iRQ3&r<XKx+NhKiK-}k`<`uH6-0+@*Vp1L
z6Fx2LMt#q5I+y;??IPqXO`0_$jR(+dtzn^@FAwhOnys6s^nM63c&7W1V7*+=REUd<
z@jzHhkj<@6t$SS{#srYl7#ApS_9oeWzPVl+Jh$`rZR0SxdF}!Y%)6<)yP=B8z<V9r
z&28sZx;&+6gIXLJZ!SB^>ED5;RncfpI9ovAK9gCYf_Hx-VskY!QyOJ~ZbduGcso@I
zkr*iXrC-0rX9Bs6D8AVeF_07vQ&-`bIwaPW3nO1*G4sd1+hWbI?nm)IZ;-&2=yABu
zSIt&9I~xNm?E}UVaFlUl7jRY(Ev(*zf{qh=WVpqx$sXg2>W;Bnztn^UMm@t?Ly-{$
z@yGv)o5n|zevx1zc&~YQ;VsrN^c2Df$>K8#kVm^LEB23wB=GzKdh%8}wL&+Lv;|?7
zFqS2z;&aHy!S|5*ov6g#41YP8?%^7Hf2Y*)U?fFiGd-HC)xb@D<I?_YpTTX2+I_Zq
z%qfxK;))G6s+ZNTYz3Wp8r8YimDY^LO9yur3J=Ir!~)bsKNTfV*B)RxVp#jteugx<
zQU43=&;(XA(qFQjU*((8z3QJs{MC}HsC;bu=~0t=HTc887+*0)&A}j>r<tN^MqKF;
zQz#JmSF_DrIcMxrV8lX2&T2;^tI?#Ei5&jy(#<(0n!YfB-FPNhN9y>x(-NE@-n#xn
zRmfdQUMTN}WJhIZT~8Yu+<ZM8q+dbzLjI4Sc(3lH+coq8wg6wC1R#x*S)ZF{Pu$J|
zc-t`(dmh~XFZ7v1RdGU{vJ*U9woQ^zcv?ljnNp*c!Q`1iVn^E-d_1+PPrt)?X~k6B
zI`Zx~5z`5NIM$vfedj4@lPVOjj!vWj%878;9W}i$+kaVhSKJUwWpYzdsXL1TBwvQi
zWpQ94Uhmy+wlbOQR7v~sk#rI__HN`%Ag!(fUZUg&z;jEn@i*w_7IR>I>WYMqb%hdo
zBkimtQ`h0&iaAyl2Nn0KaP*`C3o&K0d28jqdPwFdIUak_z$0r>ULHQflE8OSvQ#i4
z_Z4|}1nEP@gTWLs4?461&I9-st$M(g6^7xJf_a;cIpR77GZ?!`ZkyHWsJzAvH);-)
zhdQ$(C3dFpIO}xfB)xiOltrZa&4eIED6&EvO8d7w%lPoOR=hxa>-&X(o7NFd%8LKT
zft*B!000Cq2j89O7nIGQCVsTp3+))zLP5X{b42|&+Rry-i)pnsw#*5_8h7+HRYmEV
zE|Ng3vP}IkX^M5A7R)37e9eDK1;C7jpdDvZlj!75G5vCHohsjDKjh!_7MaY;KuZM2
zx60<E^Wl`R@zbg>pG`7ldiqS8f#+HYyzO4e>WMaSadyl_6i6U$m^Xlut+Ce?&M3hh
zp>T>V1D-k)K+m!9GLlVE7D)RuJlj1BukL|su3}wEbvtxKa_j(EIY|03)*tAgY_Xg3
zhTeF$Hz{s($`6Mi?VZYVL*h9`5A-OLUh3`n-<h=c685-_su*8AvevZ)97G^4Vu?p=
zF|}ztH(v+<K}91psXqtF{Ta6Pjg_KnP+;`PU|F9kH+zOD7eWv85-;Q;Mc+7efbQat
zE~EIfU=`qmR&OQm^9Tp!tzyc|k%|2)ZaM~SzOb8O+NKj?M3yU{BL)?(avKooIjJ-h
z;vQVf2X_J)CNWa_!8u)4B8c#8a_#B3U?zk6RzNnq=NlYe&Z-$I$!6(65rt0MCJ)l6
z4Xf^&gW1=9)e#peV?FWK;U1$_|Go-5&3HLu;-)svRieKJvX+v+(SRmoPq}~aTjZ{l
z{!tPfO!D~m4aOHia3%PD5F%*0JrpZEx#fF-L-;)4pVgA?QqkJyC5<MzFz$MkYF$oh
zsN@%ozw+8lP)-R6)}bM`wbE04Mj=viJXPDr8a-IhNx5WIGadadmve$AqiqFSvBM27
z&#f6+wL8aQ|I283{lp|_bx2epJ#6y3e>G&dPZuY4?p*TuqqsQb)xKpY3^87$mfw1@
zVzhD;0tKi?=0>)+N`CO%#Y&Nr)n}t~w|_*W-J#@DYppO}J71!Rg`r(oXD<g6#H;Ba
zIfz_XL%#+9y&?JqloJ!xMa+f+1NnRD4}^B10{|L?v1-$gXbKCzDfH8zB4F}P{eq<h
zO=GT1Fs4ZNpAJ~(s6Djh+ufB0dHVH&4QLcfmxsdaV)O(Jx9*OMm?qD|`owX`2;eqS
zGaRyEnO&mcb8Io>_M@mij|cs(4q+((S*dAY$6B7Fk~rT<w|U~ut)glynU*bUeSy-K
z;7_4qFymm27K0^&&?)1)pfYYOCUym`>TdVS>9;yKfFzN--8!5UCmb~e6r-~}@5}3z
z^qXQ@Z&X9}pF8=CT0{%pI^D=|ggU9CyG7$}5(qz-B`4AIZxnk?PXnelDJ*8!^Z;U@
zyB#8FFttQcHIlM8*JV!6kIurw>oe5XaB2lI0R<aaqbjINt9PpEf6SvxZ!cpXlg>}t
z{Rk804i|^2iGpimUJ=4bRKn{s1l)~(hyK5dW9URsi1>*mnP$0Iow#zWp@%RsAbD00
z+#4wpzNWxe*(vzVkS1;3y?0h4vbqfLmOivNiOfz0cT!DvL}zA70KnMVVzik_qCEtT
zI1>Lsew^iH7hOq(;}%UeKzOu<)|1bvi(7mgMb3<==y4LSo49|deMV2}s_8G!6IsEf
zJmpjT6+tcH?h50P)t_9YO%~^Otd6WXCXr^!WP%52JNrTSY8e{*$O9%e9TtIFXQ(fj
zPgL>>y#^22qr$EsE`^Jl17ps>Le9cR$;_RYIyiSa*^0$dFn^I8ox~w6dnC`W*QOg`
zkxH4!W)|hFa;kc&xRK@<GarmrY5Iy0YncFUaA0mc*JD{vfgx3gXD9;(2OdM{Gdy;T
zm$yTGue$tB)>q}e1-HeGDJBu!k0nlJd!yd>gC6G>&fb)!G0p&Q&)bjz{i%%>$21x-
zspKa`Sv&OA(o0)MYS-mW@h~i#8eS@@ab6x>Duh_C`&BUc3W1a)<ig5rO1Y`qU2Tx@
zczh<QNNCE|i;bZ|{7geIaX_?)QdxpxdH;puY{**b8^Wkq8n+J#`@`3ml?Lk-3MC>X
z3tXFm5k=N0ru<7KV&k-nj4dTaZ3c_sQvB|8Pg-&mhpoL>!~x^oedI|tJIX-6OPs_k
zJ04eCkCq;#lb9Z9i{UsP3qe(-S~D{aEIE@{=(?L{p`XP}C48X-R*|q!ZOr&4usfpD
zb+SHqH&v6<Zqr6wn0)bbvD#3S`=bN^DR_UQX{)=7z!s{ZXAFZ0J%CeIo>a=U(wbV=
z&Mr}i*)xMHlxkKT6L8fpE~*};(yHG8?JYZ5At$W~2>Em#Rdke8W5%eniU;ZhZ&+jp
z5$2ArR+)1}^b{E9mG(0L9Gn|VNLpf&CPg1N#~WhWPfj9Wb&6r`X-s9<<MsJ(DPUAF
zuDN4;;2;tE{xqO)sVZD$knb1}N)dB`FqHK=<`nsU`|jr;|HTkHuAVje?7ZPfMG>KU
z)Sx19WL>QnU-Rp90wzmWk@4XusEdC<UAv>PrIHNZ%jn)OMsq>=kOO=!?|TWIa+Pm$
zXBAbPmG+{C@q;t^^ib2VXs5Kk-ARc!vcc2UGC4mj@6)X`JPA`BdP1GhqtDbukxTc}
z7>yFkb#!<VmR!5!xpGQc%Fa?8m_;3sFiS7Dx@Jgqevujz$l#6-fZfOK#F=OYwyDO_
zK|&$Gz@)M(aV{Kcd#}E_ot(nW@126H0G@TZ-7v*l0IheYDr#qZ3E5)?R7G)*WN*aU
zj*4u=&2TjdfcQMQC_$H*zA}PfX^s#@da&CiEzNunDCLVm1p7{|Kw~<uVPuzXrVn?8
zDgW0#;27T+*&P6YL%sBWv+DQ>?RALuwZUuQ31F)<9R%mB`>xy)RH#O-VGSDhm)`;K
zuW32ELNnx=FwsruliGo4IMXgt8`Veff&Q6j)PmGA`#rQ=E?Qq2GO}?2Zhq!JCXEC|
z2MaQy%hjO{HdEpq3(kCCV_5!Y!>)!!sgX#L`Hc-f*6RMgEM9csg&Q{%%HFl58$E-5
zS996roY+gu=BRymq>-uW_m%PY{<q5v+12nS{w9~_&>?)9cl##!NA#0S$d090Bu-*_
zD2IS?&z?}hCsG=#&SWz#uDXwH`YWBJp(rETPv4+Kp!^KB)dT(Uj2y1cbqcz09Fa&R
zfPiQyFR9ru43CSB7AoH;@lfhS9I{;T2lZbZ%hUOp>FD-A3N8IvCCilYk>4CBfAV5=
zk1#n94tn=|PF0Jq34N!$=*s;NW|r}Kcg*E3M9y8*VU9|FO(-=*tbyMy7`h|UY=Y&7
zuW=wU`J0v#V_3lLTV>p{r=sBam94^sH$@RmP=Y+_sR5OrOk%CacV}d9Zr2N#baK0&
z4=gw09(D+Vw#BH4O{lND_LgarZ+ViWD4H)?gK*Uo2k=&`(nlhPzmjCL*jtRcr?Mrw
z!gV7<Hxa%Wlkg%pxs`Cutv$RK-OOXk7>CKxs29kL@dl@Fc3Ka<xgz-!%~UMn4~n-R
z{?_}Hd4p2T9HV|PMl4|#Jm-P&>6(LF3m=_mJIAHNA<<&6K53sg<{y0FD(?lF!ZIdc
zFDbArY&{IJoIFe}34olGT{iXR3jkh!*aPWUMG2u;846TluLvs}*;yMcI)x%&S}VQv
z2m@?i%69Q_yS)C9fI0nMjl#nSh77jxqm5Nmw1ji*dKhz^zwYnqJ}lB%to6e@8ZvtQ
z7j~#0o`Nz&V+?dbX)G-eP3KVCsf41+|6vMY(o_asPS>JU3!|z&9K+Lq_b?&<W~8~E
zNT#^!Xt0AMAJhQUBPnX?01%meqJti3n+i54-|pvS+TR^_Y3R3<aQ~+5tnfpgdV*e!
zyc(sXmz?#qA9+xyJ%3-YNa==)+i1*AO%S3ukM+2gV|{!CWmXnKp6zat%@RhVJZ4Td
zP<+nFbFDqAJtu4qRwBiW;GkwH1fxtmgfTCG$Zy+~Asn<xf|3>hTUA(SIbrJaiVoUR
zMT&)(g34rs^Pfu>kibX)(FO>>)0&jF-yuMBd~F0<gIpRD3!PWNDqdyw<$B}od^Lv~
z8Vv=F3+k}}cLhmVp}<6=SJ!=NRo;TkQD}^-D?~YY_flK)?Syk`L;1HPCBmu>#$07Q
zbXjU<z<zyr29R}@*cd8fpbV9Ki}VHtSCW^mBk&lRL)%OA;Z>-8nXE>D;=HUfRgRX?
zix6O|Rh8=md8ZJDbFcvR^Y6Zm(d2Wus1pw0QAOl4>=Io$t`%X`cUUi~R+u0vbexLz
zH{5rt8Lqd(pr3-AvvDGS7oyKnkx*oNEA!k2<HxHiV{ZzBXn9~MA{4^ptVFvu|B)m0
z!Cg36Ld2`xOr(7V1c;OgtkO20Ws%8Wv4HksZw}veAhi-AUDS1N9w7yY)WHQR1S1Oz
zRD8tU_s7zyn&V<4LftRN>aG1u1I;n9AGkqY)K3%%C5AfUc9>oZ>3W?XuE%ySBknZG
zXQ_xhUJ<`DJD8%NRtdZT`|g>kO=?wdgH*@<EdN4rjKDb<{nXwnCi}Dkj-ze1eY{ig
z<j4mr`pZBLzierjHODNjS&6>>*LGS^V17g~rk_KnfC0s{4b|^TQGDQ?3=?~K*+e_h
z&Tg4r6<TSyE}WO7lehUB#(8jC$gb`6mu^u9i~Q<C$({k5Ni|ojmJiWacSDq>ljgWm
zb?!b6a#o&{vRa%*;l#stnuvQ)`{qax9OYpXC~4V>2H|{hty8hRCDd^tf05th;#4Qq
zz#E2kOHhX+U4L*5t~R0+Dfz2Bu|enU4HP?O$sM)f%$H|!i{SexvGN<~^4a8D_`!Uo
zp|Gn321e;Z&{YZyQI9$s%9Nm{4u6BDAW1Dn4LG2|El71OxpgCiyNU)`Xit~6C#@m=
zT`r;@MBNZ@LOt6QICgczv$*8pn)<Z_sfa|Ak&CLsa!e%}TZ;C|Y&JDogLN4i*lj$z
zQ<8poyk~5XB6i?8ed+4~nC3gEt;h#D17txYna8+Kde@_}$<|eFFf-9O<09Z(eV6Wq
zJd}rs$fo@lu3xPKwnU3bB8`wcJkAu{q)cE_j%^~!7l})BZB!x;QGlxK6T65)1M_yB
z^%esdTVh@L6N?4Y5V%b|%XD-|&P}~$Ek;fnY+VjbN!<>Zl@-mvS`qvE6U$q6@RUkF
z6^}$2K~EQV(H2`HQ`M$U6zV`t$XkRi-Fr1bx{~?Er<&ek<Ww=O`=ucdncH0bYBd`p
zuI5Tx19`S&PTx1YY@6Iss>dR(94N*wXTDE)fROxiasxXY7CWK~UXS*cfSK5tlZ0$m
zQYoF04E{>9eQ4vhCX-vF5*$`yXFjVYGDLW{ACtq1HSZ=V(Je-x3`eSeNgYhylne-M
zWr3%Y0HXU}m$owP_^m_}Q5T3d5nWXcMunSRQZ!<he(Gw+X~}7em9-VxPYGA8c9eRg
zt!fVPCplMJC_<4^`|Eeuy71YNDOCh31KK2>`vkyma6Iy*sO+D{%CgC<Hn!s)o<p+s
zh1uzasUq42h}N<RS0iUi(S1MQtEB4wG`sXCdd(%LwqqMVY2EP>XTuLTK?%u<=}1;=
zLk?87ccS5L&vKp-43pYpK?2F7=UR0zXIj|8jA0R7N&Bq%GINON=<yL7<iSei&cJJY
zw9W$<n)TH~?MP?7xdiUNrNMh<$7^mdFa!XP_AO<IXP561(U{+~sI>#g25+xaK_ZOi
zjAgc|`&B`e<e3|FnxFVZ#&p<4Od8;^F0BemR94xL89JVJ(52TDoc=2{B~E-Vfa498
zoU%0m@8pSJxk)<H1IcCzV3Lk!gq=NL>v#lgg2MfvE94PcedJaQ;I<yBalLV$k!uP+
z{}@yC1k>0zmEkK#De*gDDN{n0_>zta25%zo^I`~mO`qM%n9fSb;wD%#WGBP7d)}`u
ztM!#(SQ(*}c_XF9Mb{ey7urm`tVb>=eI;EhYOD*cr!RV@=KymyH(W-EjH6UXA5y`J
z`<xRgpq&lwtCJIC+J-Of!R2<@Yk$4Mm(3e61wOxyx<?sh7f2;kMBr!V?}UT=eNRu=
zkCK)i!&kG~wTJTQ=SnDOey)KW@zzTNuSL6ict{A(k2wkZIY@UUVLh1GDs_ZKxFUOd
zA^DZTwZ+nokBVZ~L+1t2B^zPM+@?_F!!kJd{@s;WR=r|4Z9d|B{swr#`Mlm_i6(c8
zr~%0PcN98n8SwzXEofn`jlOlb0d;E@%-Ud~g9zAyQTV4p(cu9)SNhiClVaHu2rp{0
zn3YY>5?27gUa8zJPz^;wtve9Bg}wkj;Vqu<+0{P;RAQ!CZc?%hL+vG1>RR+MZr%gb
zqyMSuge&~z3C8j_i%__F@U5bE^jvZlCjPj!M2I4Qu6b=hYQBtE8?lhBf$oqCH+=8e
zK!`hGG;c+w8(&LzFsY{4=V&VP<5QXhnxiL(?OiGG;UD!Tk#L@MNAfjh<`S;e2)km2
z<7(|o;6h-Zi}}cJCG)gG)pe1d%kVq7VEdjcoQ)V(LGqb>0n^U(3<d*Y6MHgitpd%C
zO1qRCQoCxUT)MzL4N-niz;*F>Y`gw7*=QE|UFE>k9E8-!Wlj@cn+^8V{?HW&Ark6`
z9^GiUIcrrk-u&$z=<O+#QZS}743a8C(6Q%%fZ}~sd?x-3BirOO&(K6Q8BfW2edTL+
z$W$$-BwIRZdF05ovsLQxuizR6F&^+(H+3hB{Zgj|JLrH_&C~d>@E@cVm7aJCmPm3>
zg4lV}u38tTg(_7S0Ad~?#Z^57A+HkJXtbj;+T>yL&JcDm+1WOOBh>0x1>Cq*``jZM
z9D>C7r3GC;AY2LfrsWvypo+n@(@apAmMu)#@wvy6H)?~-MY@|n$cW<=HcvY|r~M?_
zAz=DUk*u)*=Y9Jdrbv70YvO4AS_&)JX!cvYzREx*y{LXBWMW@D)l-F_o17ruc;b~D
zO%EAN(|tfHKYfMb@PV5zu(*Z`%jL&TwPN9(+s}c$e~p<)<A!+ZF5v0nn6bruuFqse
z)v65em?a+|c=ue)W4%vv$E6Xw(85gBGcHSVAcst7snt)>xL&yAWfb|xkAsl&9wUP}
z)oRl$?v2tPY*O@$4XM}=l78j8pRj&JAGGleW-6;BGuV$ivpuL`fP**XEy;~>?0Uzb
zASR;W{eU3{IjUp|_NkmWz<!*+DThcyja<Gr>kT)>p+6ar5gV`}Kt-h&6NDj#Q}n~Z
zXvL<_g)AqUbAbNq-DhS`f2x*a(aTfz*IzD<IaVl8b%gDqQnWbs2sYPt;RC2Pb787Z
zc9zm+JEg6@*!p@r3l+_IL~i@Mv`EzdKkvE!yJS9$EM6oJy4QI7f)HN&_@o6i|3vto
zl|g7uT9Kj<g<UN8UOe=!SxDYS<dQCgA3fAK*A=J@KVi?t>Cpo@g?A~hDpf9&8ydu$
zNo#b4H)fToz5m!7qCg+@pZuV}DzU+(Z_ddZ@6N?0J0}>pNkIQ$3a<``aOy!WXXgff
zd?!jKsro?1rKuyUZIU%Bl6)pznDMg-zn(ympf}1OZhl%ns0C%K;2^f^Q|@x_K~;7;
zzwu{{zbRa*o?_VW`ck>3phM6bOeBLQu_%3Z9{!T(@mR;4BcxR#Rv<Wy#h~Xi(WkKb
zQyfMk7XxUX<h?wBGyG?Fc{T^Hk19GI$H7v68JNFbOcGGyMlRHmCqpkSbXbv{6}7!I
z5YDTd9O4es`UUoONO0ZCgPFW<7{V<h2Kr64tW@4#>>VckfWw$=jnJ!qgpsg(Kk3}|
zUQf5Y)>W56i$6S&7sLZf4e6WHRz`dv&6}7MI$H4i1xWP<es%}aQKEyZLjecd)et(#
zFyG8XbjqZ-)n_FxZ-@%71J?#GlJwDCuTg^TN6jE^n-`$4GRW)BpD5o%(|ssp#~wnf
zmBv9bu;YT}sf^y&y~v^(;v~l7v^Ci|?AF36_=;>%x<YK&Z{D=2PY&ebX+Vw;F*o>x
zQN#HLV$q<zw4_t^tSbZu@ziI@jObE}3hYl{1s}DY$LEI6mg)XcctryHT?k4npIsFZ
zJgXUgR)-C5<Wis$SX%>6n)Cqj`#c@&dOF)COzzVed-+-NQi4kA`GW6DBt*KgU>Hfj
z_x3Y60l$?@qhu+>He>B3QPu^T)frEOL-sFjbE0A%tQK6C11lZ8*D^TG6?f>byqII}
z5E|MvH`6LHoW&MLcoNrcNjeOp@}8XMo2shoje$&7I3cn~@NkJ}Rmk)Nu56}w;fOZ%
z<^V%dD@sOeg>6Ub|5GynaC1(!jse^FJN7=ktp^7omXWeB9~p>MMT(NN*LYbu`J>`-
zLd+NbmW?%6MMH1D2tq9$N5u7DW@+%DvOjUwN$JJ1o>v1}WmvuC<FS9?;+r<ncda+p
zt*@;q?biTqt1qeXF}K9!4F8u`D6K!KsDXIp_e<bv92&M)^}%Gfm)_Xt?E7>U?qOBO
zI8l7C(6FoShb!sf385Oir~ryDkr%!Cs-tCj<kk+q^@`gGTQszfl_J>y23LWJ;1DQ%
zM;AP$&Zaw~UEV<po3GoaC=)9(la2^K%Xr{lh6`j1Ct_qLg~;?fWAE<-M)zIGASz55
zrC)mVB`OsG@13n1M%POq0v8g(JjYPHw~6x((S#Ql0Dv!_4{AebTpyja2rvs;ozC=>
z=)PG@BRe=^K6)%04N|;p;1h1I(HP&neU3u^JXpZ<!#!FbPJ4J=wiXRt6~Zpxc*o7O
zo_pmF@@7;>F^QIQ$s|qN!ox4r_kQ5KD~th;M5!;tg9VZuyHddqNF`-y^Yk{+!ioAi
zumZh*DB#l*+a|47R~12=QKEJw@C!qW-Hpw@J|1rVSe6k90O0S<j<z|z1Fqa4vY8iW
zRPur$we-4`K0JMhjIheYf`%G!o;Y+~G+Tvz6bjVE_fdQRm~*+;PeK%m+wmMJ@mS|a
zx>bwy!lR@f$8(8MhPvx1*V{o;c%8B3`&5A1r#0)sbV0D~rNrcB;N5^W;d1_p0!Vg)
zDY##%`~vC2N)$NEY?f}qluHFv?y!yY)l&!+-v(l<1Zw<PxRM}JN;@l{tg7-{4I&eI
z;?YXAwU5fBv26BFSNfdhw>9F%R=3e!DFQDoOTw1??k20w;PD3&GWpu~{lYp-=hy1$
z9<9FbGU_i??g1u3;TD~O9o$T5IcouW?~8$ZZA%(%&;6$ie`Tg+bKg}bQ!ZFcu)qIL
z&Un_Rlq(3nswDk*uU)r8!y+*@%8MZ&G|OKX%h-4;4U#(TL64kzH6Ghn<SYiQ!HR;`
zd7Lam8Ng)b9D`a3nUeMwtC3ngz0HCsi=pcNgZhrXZl~wZ%mf>)Syv6{e(~R+P;M=2
zYq$Y1PS-3;^KMH$QQ6FehCsEwSA&PNku6Rs_kX8G*Rb|seXaYchm5{7^Z_hhT#JP$
zO~DK`<Jjd>Eo^t8p591UwzJIY@#lTA5h22j@;@y%wb~&mZcb}S&p}j;m)CyG&dj0{
z6NG5lE};XD0S}n!`#dE=a)ACQqB>6&auk=3St-QjI(pKO6qxfDsxNRo1PBHWNPLR5
z44NRo&T~%;959zuLJAl*eW?<VXMMM6c(97%L)VmKSidnmetgrL*fGjjF|$EKzIOh;
z&B)g}44oOo4$8b-`Gv@Z1+zH<E{-4|^upe%cvX~)Ao~P$_(|R&0|7<A)p!`CoBxJU
z))uv`Xz$2%qi9OVHcsjZICAi?aw?t|uNQYo_zjg@Js$i4DdFjPMbEl;ru8g`If`1A
z`QuG-TUddEY6Ix@13>f6z#h%PA?9i#B>dSn0Srg#Hi~|YePigiNw$t!!xlj7ZeQ42
zCybzBC8XF~R;P$UnNJo7J+j3wY~7Qz-qY_2vY!wEfQ_I&2)c=hz+foQi8xK}Sha#;
zk&O+%KZDybv<X>nC-~wc5=Io+(2QL=W$E4Z*GMK}4h!PU2wApVIVow45)E(ZeU~c+
za*?%TR8(8U8|*T?scu(No6G^?Q)C&hrs#?uKweTPs{$YVR6&I1(X3>^`F*ljZ0eSk
zv?{XA{?amop>>T<v5KK>gcNVC-LqYSX^Oxsxt+rZw-}{}$=Ix8e9RGJTO&m-NX}rv
zrJr(s#d_z^wxc1y%tGd7G9RDM*#Cd}1#HhHN5#MBVH6`h_)fjtJHc7GsLtEzs3uPM
ztH{KhB~E?$$Lg&g{T;DSoA(TO!%6Kku?3C_N_@mklaWHJk#XB0hb)55Ys#}X|HyKR
zk9;#Q1Xx{VJc7DZZmubFs_jzNAg7!Ps?UW52QDfK`o20Sv9>IFEQG%?JL0M0dc2R%
zsS{WN9P$8?@2+Kp3lfh0TJok;KyvO_l`GK0r2SE~kza8U!c_Iuegu~cVu5*W9sB4x
z;}2?n_tp{$%>v9Z2-o~SbY#qT#0xlHC!{&@EUnQz%`E|=VwvLD)HCSmzrWiCo)Xuq
z;Wy*L1hg=msss0K0km=%o=K7yQq)Gk$=R3}rFfk!69wf7ex!{h14ZLLZz9T$jx%*d
z@z(oR9U<p~BXDo@4g|urCqHntbuW8gH3YU&PZ|oe_<r3?vzJ0B=xs#PhvM+8)6qL=
zu4E8RA=DSS84N(>qLtlMwDcjLsQYO^ukf;ZfuChnr0$Omnh1Rzp8~#c2>U-D@RbW7
zj)V7po4H(0wC);%47H>>Sw69*B(^5f$o%;!L{d%5F3GrRcV`uEQ*V#<D|X*RZ>HD*
zVoZz>L4BGd61u&@_CNyMCM~vp02=Fk(40#83XNmGM3qbe%V1f8MYiI1>;uZL&1WCE
zU9JQmL~M8+R`dfBcK&cFo6rV=-JmxZQ{sOuacHTBd@LylCJc9kEZIT>CnQFC%DBiI
z`LH7>x`{r}cMTF%EFlv;c*r<v-ZCwW;&(%|;AiP|yoM|jq`|eteZv6hi>t56xRTxT
zWB2*BMBUb%clgB`R#F3^E#^(wr&)>z(O6X=NUs#cVGWHh51_|a*f|OHG9(CfY9t)5
z@S!}H=^FE|l{}zM79BOIP(s+qV6xHyN8|B*QnczQ4iZKfrfJR&a_uZF;L7t9(O&Bz
zN1i!Xz^zQ_RE#y1epB~@O#49E#b&P?jQ%I@vCXj83AmQ1Mn%4l>p#wj<ea&c+%>mf
zuSgh@iye3(p)ElX`dn4bG?Qr$x?>CzDzQ1slQRL+AmG&#b&0HSSCsK>j%iJUmb=du
z=f2;RNa4d*>MtF(<Q|uQ9F*RW@2Z@qzHogcwg@;H%B6GCsf3%(KxrMF8b$r_1i2ts
z*|D@(sdj`*p(J079qL>%`&BuZjZ_8qEX%(Wcc-+HLKtey5U4s|h`dFY#6z++72N*~
zE$+N^22s>S=`{>?+T}hj*w_6YicXe|AS1(|VQR)Z@RhTWMUsHKT27bwb<jJGz_gd`
z{2DxY-Gz1A0>PM#1Z|w-m*8tV?`I+kACZmbd1qujWxXQSLQRW%84@p%>CazMofz8P
z)CZ@Y322KQ8d&CdeVXN<4DG&M4zps~I<2(wr%AXnpZwKTsDjo*JLgXZ05Nd6bc9kn
zdnKLx9HYs7W9lgr0uY?61SgF#2=jGTw^b;O*!SX?>_<q2k+q<O!e3)w9gC&N_Sln`
zOd9V@PMLIxTlrHYvXBeS2&LJyM(h<C7^#aASGmyJH1^3lCS@2Sp6)oCSL2q@?H<?k
z$Na&l#~OQ1t7bd7ccGD?dbhmfeMtSZ5z0DLL5m9j6t|-qy+V~QLiV643}?5m*&U}^
zn=F(!Vw*3@A_btgmJ@tiHi(Su>`U-k7G0(hA-xYJp<)?dZN>01F(|bCpkn3E*eVQ4
z!|NB2=9iY-d=|u}!ndmla0J2>T78mg$W5JM(y9n%P(&Q#_fbsEv>pPYEYti0zimzM
zA?n_D^BU?Z!mTEb-eq7<j(vCnQTe9?5BF8^fIwy$dA9n=Y{nnBYi_74?vDM?!FHs-
z1i3&Qv$N}QKw`b2#t)Y_jp%@LqHfdgJ6v;ncjJIZ7`NA=9Dmqo{*inI-%FpM$`kAA
zvDB`}O>&f|;iB-G8ozev=FHM+1>i-V{@FIVJPc^*1YJqLSld4W7rVwCC|K{s3zyZT
z+u)#S^2Kq$eZ;j93hCvIYHLlI`4Qf(!`kNwBp$#4#&U{Nt(u5^O3KrIKufL8CqPeX
z5*!uI=>)IpHQ*_EFt!ga4gwMGvX6JmUP)&Hg))2t431b{&Pwg4R8mo6Y0k#QZbVkY
z=;m!uDwO#S32s$jV-Z&+K}*rz+L$6074y5Iac%ZeHGT3|T4UTk6JF%*mO!vfhs?be
z6&7|wy=z-`&}fdQIcF!I6J`F8`Ks43QqzLOrAV9v?|qqJ>Fv9WAvF+{bb6BtEgh53
z-4%){Zt%d4Na^aK%li{XYvAD3%(x<452}Y@8F!~~6rr2$qZRY_nZ~!^`m0Lo_!)7>
zk4@|CLt&W*7X?W~zbWd<CCuEPTjJk<GaV}*i!AC;F}pciQNNT|NL4LCJ@QucE=WfI
z^8)Ou1J1mw3oERZID@r%M`lzIXloIMCJY-bfd!dR7&98yQ+{1z9+say!O>{aj%Zim
zR0J$r(mf|AtQeX|Gq$YFLlfq0n5RY0)lhE)yn~m|ij!-lGT%SxyKXAfQ@zPg5PF5-
z3S;^Z2`5w}wIBjX%zhbb?m~R2%BYaFZ!QqO)k&bxq~F28sdKMna%B1<`f+_2e?8AD
zfrxi0f~C^PP9V132FnI6gOn%dzCsQ|1-`f^j&Nho6pj$kOU9X$ma?Caz+jxIE#)Q3
zD3Z=cl|0{5dPtc>b1U`H)`9wtckv#@@8&Twfv;MP@qTFdX4npBFQmw2A{EewtTryW
z>tN|?NXXfTK#hg?lW=LNqjuT7()=d8z>oMhk31u)=@E>7Z+{L8s<YcSI@!3MtHn&-
zmH2*fpZv1jm;n5j=<>A$0No2iHfU_A^Emzz?bk;5JQw<C8vpN|0iI*J!^G6^>3ay#
z+i%D?BS+X0b-<m|doAHr%TC%m^N@?7pvA$ZWn0F*?m=S%k9+3~1s?J15YD*I<0j~R
zX^yj-<I+D&5SqF%M?CVo+-8z?y%lrY9I*((pT*V3p~1~Tsbl^7l#MASwKpW~MEGE_
z2fi8H7Nd|fGS_HWvtp`)H5Er-qfP&2m&j<8{1j8Q1eFzV<uDHjGr5BG^(>U*`Q-Fj
zjRsUS&WNLv^{RY<eZN@SgTS%Wh6EZtx)72ib|#@LyVU<W_a0L=b6`=`_1BP_r8?cw
zGbDFSwB0U>9`%PIz-)5ZqH4G9HF+5{K4t@ahYKomSmO-0QN4EvC`}8&$3jP`iS%<w
z^fkT6*@_~GY4t?Ik}gqn9z+E}Rcl%|(W4f52&4}1*cBXvBHeH`P3bQFikldquyq8O
zyRMn(;Xu1uZYt6p`?1;$?yuu`g|o%BuxGKQpsf2HRzEULy+3{IKN!GAm-%c(Y{;6(
zgew`in5E@Mz!MA5wN1bn*S$Lve}L>NAw1(&SQpFkN8tf4pSIKViFht>cSpdXfg|BB
zW*dV<-A-||DdlRM?L94x!9`KU>q8fv!?_nv0M=iauF*!kL|Io)vWQf|+Mogpgv7MR
zs4(_*1F7z0@(i-jH_$MsJ%n!iElz$;>gi9_D>2YtGPRB3nHF&LV(o|P1{^bZJ+;O0
zd{fQD+HU~>v>SS^d2%wIPZ_W8MwAG6FtoB<0;w9yG#C$8j5j)}LSE|znaUSua8#E#
zwF4$xps+O8S(14MMGRXWbP^z{Me@v-5xr!)1b8V|Fw%^L(<(o=2t$J{n6w*9nnFw(
z`YZhBnps$~j1H7d`zyX;i$fG(0zi`UkN+vNvCm!;-^W6;0;wT+bec+%*ZA1k`0`x*
zb854+t*PS?c25;)l!6!S@OrWO<l_^LJZb}I1qG9|%>w84S@OqXKp#q0j79rH+~=M`
z1Y?064%CUAf<^+c<Fyw268^pBiBcXFvov%k6D%0uZ1U6N=mMuI<-PXI5CpPmf!v?U
z#R&JN&457n{x|+Q&et*#_TQNM>j-;6=)?ouGcf;>T@hgla+e-@UelI`CC#MXaoIOq
zBC(b|50(s(YtWoL?Cq~~f}5Jyst{L{J(BOq1<RdH{b)uUb95b_akzrZpgOjjnd#S?
zbx`wBhdusbws)+F$w0J&9~{ZPs%lFjvG3(ddbDv}D=lKFt_5P=5VE$<??2qc#s<cY
zm1J3#fS*Yx9fxJlDYCB8DGR=FUw@7Z4OXDf-9e0tHAOf{8~(%0#))CH8~C%Va<b9;
zYwt#~7`D3y_y|mz3hJttNOq$&7#k{?fj{s#4rW~-V|)4G0wQzsVj+jUk|6tefhK0>
zyH1b+aAG607Hml-0@ilq-Hl{mwR&X6>&0tnerNN!DB<Y~aO63INsK*(HFG`yOsxtG
zpHE(PLZcx;<sph!uuEgGBA4(E0Yuc?6gAf$QGI#6Ch@{V6F}khhhD-ov`8u2fB~sN
zqc8M*DHrfm_9UO$bPT1B!yq*2{eLq})&=7ynTFXD1%eo_!_L1_PUrB8i7x@~>4<64
z4(nI((4zkJMLOH@!oUxRYSuQR_w)BD;2X;Ll|+AyT!MG#+f3>&2T?s@zHIIzH`p^*
zZprZcL{a)sk>)ACo_+>qm~eJ}x6EaTAbyqHMerOD%2YmLE{7hw<2@6Tk>~imxXLtP
zhxxoAK>Y6hD@tZt4nQ$!Jf?)+K9$Z5nP*5DpOmnli?OrjM*Z7nGU?(QIy)XyaT>_$
zc?CsYt&<vt>iePN^@9N?%NUz35GRTT8_*!XgB$vW8M#O@nJx)@P?zWiG<Vo2j%&)%
z_j|^Br3RqO10iR;LZg+ES^48Vm8N9!Hh^k`%U{0K%POQfwj$o;%hFII*M){7NF-dw
zA~Bt{ZU7n+8<>}@{r)<akax)RnjFCSa<2m0OnsH|7(f!!mD3k>yLxUb&wc9?!iKO6
zk~6fj29@%|(z`(Ms4?Z6(ykue+0CYPRx@<5eP|JPBd;OMDMOKYIG3c$uHXg+qsRJg
zVDEmck+x`xw!ESWmc|c#K|b1&P*fm*%`rRqHbEG~7Ghb?%&e&|EM%JYAP?JRbmKh)
zGth{+y1xbpQd<FGp=%4rZawy?T1#Cmr4U^sb^BrDO2w*I<ChZ=2*&s&b>=IfXVR{+
z2#RjF^+3d4JAO89h`qK+dDqdTi}TEwAiAb%_s=^T^s(qfVuwK3-2h^|kVCYOpcPNJ
z)J+%w|6*5^L{v$XCxUzj2ul)-@}O+E<s}qH6rv5b?{<BkU2-h?xT^<cko@KdwLSnq
zUuA+w&k%-E(y8d_uGN@Zr|`R?Td&;^`V`~v-P>G5h{*xVT5k28ln6%>GjZQ~ZEqF5
z?LB@$>VNRzotDk;SdvR+!VB0216A`hgNkJ|a5%7(GIUP;@&)#zT`E;#u7K9&Iw*tG
zty4QY&4D!iudX|3ERHqy&HrnpEHkmUI*j67ARI?1BeMlQmy0Z>b8W`R@1AW+bXXy$
zErMHre-Sd-PJ|;l6`g1(H2*5`_yv}@O?$ZD*&2imKd1CPl|u-APniB!mN0rcawB&p
z+N4~15yXDUD>9{TzJld&QW!T*S6Y<cZO%QqK$T6xaDh=%;iIzmQ`1E!k2)}UBSUjX
z)g`35@<Aq@PeuEP!P~*9*gX&dp`>S%2G(lkl9P{SC^$=hea&W(AiFXP12Rdlr-@t@
zY76kDD7}N-@AM4=OK-xu^M?!CJJdd!Ai;-aF<T;x?gj{KU*ly)H`Qwb4u%z4%{Brw
z^K~!N9^=qm?3&v4>^o2A&=;Vvxo&wUuCX1m$Dwf3p@d-)Ug4dO6yN9-4UasaXz0QW
zRYZj;rw<LEv9%EJ;8^b8ejv9?$HJdvL-|mfZB>iwr)b@a?k-VB-w3D*(q6zOdE)_}
z-hL^SJx74qWnPN&5r2-r3c^%DqjFe%{o=azCITk5L$j>0^X);&fq6`!w*vn4qy(go
z#Wj-+553}KO1#u#@MfZL?7GqLXbRArt4(HY-0j2nZzP~2aM<6HJey6QjT)^1-Mk2)
zk>V*i1Jwi|)IySY{!U6B&GudvUUbqJY+Ltjl+%kuk^`Via$}TaSd^GYxKlIh=xUY!
zSTd^Wr-#a?0>f%}TL_Vq_?<wHGnKGjDqN7dc=Q5ae`7!vd6l05fZj6(h2!wWvB$>9
z3!SMHnL?qh>Q|vriDJDu(WgB=>3{B{Bb<goNH7))?T{)1XUo&s3_EEGK#CBqy7|EI
zK?v=1DPT+&KtdRq3vw)zo`3}EMHjheaavTcrA5DN@@S*PfLj@JjQM^L*)yL7K$Zbc
zi_{rA<koa4eodXBEta`gJG{1;VP#zP01yB>MQ0zroi>O!2q<%#^mccE>zBi-|9N?}
znVQY$$2SZ47BM>dpFIL;=uRVC`1fTmCcDE9rw49}>bIXyvDBYc!y2QRKL6xF_}(3(
z;((9Z3L8z<LyKPV?~oH>vICXe2fD>1KvC0G8a15~LuT*V66A^?{4uz|w=;C=nFbg!
zwYvaF)AW$$`+{|m?Sow;A^NM)Hg3XCGp=N$YY~vE$reo<Mw+GJcjz>%78#yKO{^ol
zxbr#wSkVE($lNj_`%u~rSiB@15xdoJo?At994!YtrurCmk-v;G<Ql%F4B;>&bsU*x
zujqp!Jfw(_2^DGgV+NM*nV9H3!{n2(Bx5HHMMyXQa)QG$H<Qu2mf+e8_)vUsvra47
zug(wQ1t`XnwL1#Guuk-Gn~*s9el0};Jwm$g#=)CDg}6?rbTX@LZ3Bz>X9d#qP%-z=
zB~&&8|C=OJWvb_Fk}(Bp$A&8B`dF~CevoS9?v9;aGlV#J)SFa*ZbWsinbwn<Wb}dn
z_{8MKu8Vua#Ns(q5Y&rRKgZ33AN;b>R5(YK5sKUSG-@IXZyK*$$A1r<$-o9ABXvhm
zaw;SxT@f<~!-bGokwe{2ehIMp7-%MVhnm`rz0FJFy?JPseKTT644a!;73%qhL#)ZN
zNCT%9I<Wi~r`ktQ2%M)4(BqFR2MoW;V+-eD<Z~TCQN_K!j*~6Klv&S*wW&MD_5pyA
zn+_W7RSo(gu7DW1#v({tsz!OuE+%JEfv=~<nW|z~2<!kTd%jwx6>79KU2{Dpf$l+_
z+pCxF9)v9uewqj>`E?I%nVV7E?orXr&Qg1144KGd@e@up$7Y1riB*|4;>c6C99u#y
z4}|+$4{)I@&fK|$lb<0M>%Y+J!^xR#r5pH$ECY0y>emQ!@mtWNR>MhZY?Bd$w=Pg<
zkTs&86*;QZ_A{4|v)%oJlQjV&x4^s{eMaJKiHs?s`OA9$|GFq>#!3^mwX-uOuQLF-
z5xlord}Wym0EATzqD2L`P&8bLZv^PJ-o(;D=-MU%_!^q;y;Z{=6|{VqO{+(km)40h
zwUtwA?K@Uj@TYk(pS<qgCXlu`6DxGtbO+h8FPTKPe5*)qy6glGx|GGBcE!~Cm-rbs
z+(Nq$)!lEpQxvmbP@6wpn*t;??ek}5xXv>dVzFgH3%8)Ir*~i|Mw)+O834ky^A27=
z`J1(63y%-d{sMMJ2@mY;;-FvbtClK24ol}!gt)uq{JWBZ8r>Nb<6mykyC_h|K}?}p
zMDsZL%Zxf*g4Tm1>mEl%<89l4N&YXh+@(m6q@lb-3>C_w&A9sV@v#F#@uwl4)t%|+
z$a@{@c5*s<nj)L^(zD$yav8iDol~4`3u~|(pWl@2ej?Kghql#q9SxsXSqSZg7LU{Z
zgFhB)0O<M3acYIQeJj;-a2&MU4D*2=?@9ZDE^0IRyyo^-1pGc}fBJ^X`Z;MO{r;Ay
zZYqwe1kgP!x&kcHVsP73@+XjEu0n=fCe)NM4Pzo_Ti(P0%FKTbI>O4Sf2hGw-ZPDx
zG{g&>(-}be(>RNV;m{i(n>hUTL%??Do3(-~N8sP>eym(G=&4E-OBbGDOvXBqTM>wI
z!UIiWFe~4Jd<4ht`Bq(G7KE^d2w<9IgRKPx3g3jH#UJpcAn+Yi5#^h+KkAukHC`_*
zA0+O8_QJbCa|keSh+si!A2E6#S2GoE*KW9Vru}Ml;vl_n>F~gYwHH?Hgz4lb3e#GX
z`4B+HLEaf5^3NAfSiP*VY&EvJtbrkHe0m68;HQ*dwk~o%Qs&1+ZwpPm1nnX|@>1Lv
zi%1rb{9xn0l&K=@GkV?Z;rPu&Q2R$pxhn`K%BD(vkb$6#3;ai>VAR7swGzP_i4%k)
z`qn!_)SAq#_?AvWT1iY=2;iG50Sl6>h-L-juOaxqt<<{}5zjyz(iU43ahrO*;r5B)
z)0uw`vNa(~llZQ^J^CokSKxN;t8z`LXPU2`rNe~GeT>4!Mlp`F{wf+85$W9j++*a!
zyt-_pMmcln0@C_p_m^4}C#+52G<C#cvgLJW3mAREjimGWOE@<bd(N5#$MDVT=paae
z88t%2V7-viHbXQW&S&llu~dFQ-I7ZPjo3^@xRg1~^JrH3{2OYVn>W2*yB2;_pjc>c
zfzEe^77z_0nL&Qc&p#EwXo^PBwWMOuw$|@@b8a;Qjp+mv9xT3af*8j6P{6N&eo4v)
zKtxK?{#1y1%+h<)VeE40_NjDbJyz5!fLx=s^Nre{?mVx22LVyin?zk49#uk#s7r~^
z^uTThKTjM3zykDNgosX8p1iDNFhW5rkG=tXs7soG!nlbBJKMs~nag`_7gV`X&<0-S
zP)Ec-g$L2LGSjjm1Lm~`t%pUZE5uG;Kb<4@BWr(zQWTwx|HloPEsw8$R%^hHGj~ZE
z^{#sOf#bWL)iOVv6DFmRoxx&oSebLuIo*~Ml!kU6@)ilXOOnU&CVMtba)qsfs+Aa)
z-*=!T=YBUi?7ekg((@zEo1ET^!yA?aPFAQL|6^X7-i+;U?$#Th3o)!HXO5}>QFCY%
z6NZoTRA293ItPdR;wmqUbAQq`E|A3M=XIl=ytd&_vA-<)D1((Sm}CjcXt?yk^3c0Z
zR>NHFaaTb7G659*_OD&_3@9OaWI27@`~xKSr2H3;Xu3+%?CS3nMS#s_)(Q80g-F@-
zj))r64A2(Hy7%0BX3=f`@mg<2-i?bg_QPI|<bIqRjr89`tq(veJi>eXE2lvzV5s24
zJNTcy|Hu~bfp;+-<w?Tt2W+oca#7%8`<+^lJK+@BS;ez7nbbXU4NyUa);bCbE$hxk
z^7zTWI~sRd+8FBW1#^kbS?|tG7Z}qHyz@HRKiVfwSMS3^-jO{G1!7V3z@a``L-p@l
zRePoZ42au21@v6xlG03G$+WaWGiR)vKw?GG_w9+X;_3C?63b%@mSBXHzVme2y1pYc
ziW^i~bMH%0VX1$(I=mX2Hf6#>2n(9JPwt=Vx-7)!{S20;%HNs66c^ribL`rc?9R99
zBM*^UT<<wddu5ok%k+IuaEyLsM`_{?cbq3=&4Y3}q}&V3=bUSZ%3y|nndKZ^aiH|P
z4KVm`vfNUE_A|^{_)@~f(<*v1xA^vMz}<hc2{z}~=}Y$Bc!~fNc{Yn$ZPHPh%*DeM
zz|+)zVe8se?UA%r63(K0kq;CPG|Ur{JE241RucgnJ41Z{u(odLuH;`~-Z0;cIvC`f
VvVy3o@%-Sl0O0jh?fz~0{{iIYAeI0C

literal 0
HcmV?d00001

diff --git a/php/public/style.css b/php/public/style.css
index e3b24700..b4d5f8a5 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -251,7 +251,7 @@ svg:not(:has(use)) .fallback-text {
     min-width: 100vw;
     position: fixed;
     width: 100vw;
-    background-image: url("img/jenna-kim-the-globe.webp");
+    background-image: url("img/jo-myoung-hee-fluid.webp");
     background-position: center;
     background-repeat: no-repeat;
     background-size: cover;
@@ -260,7 +260,7 @@ svg:not(:has(use)) .fallback-text {
 }
 
 html[data-theme="dark"] .wrapper {
-    background-image: url("img/jenna-kim-the-globe-dark.webp");
+    background-image: url("img/jo-myoung-hee-fluid-dark.webp");
 }
 
 form {
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 6ed264c2..e20ca3e0 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v5" media="all" />
+        <link rel="stylesheet" href="/style.css?v6" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

From bc92ebc65c561c093c49d4e25fc7f0ba0af3f6ba Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Sep 2025 09:32:57 +0000
Subject: [PATCH 3451/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index e406a494..f089c598 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.7.0
+version: 11.8.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 7a103567..40344921 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index c3e022fa..6cfc7167 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index f49da097..417a1884 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -28,14 +28,14 @@ spec:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: aliasgroup1
-              value: https://{{ .Values.NC_DOMAIN }}:443
+              value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 5edd6701..58fcab24 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 663e3438..657a5f98 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 61ad3e5c..a13e5d4e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 6d93dd7d..224e82a2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index eabd0372..eb744159 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index e94a1a93..14244671 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 8cb961ed..b7433541 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index d3b8ee2a..96617fe3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d54a6376..a112e45f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 9729c473..72b60f18 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027
           readinessProbe:
             exec:
               command:

From 5b76d6fac6e105db43700a5bd84a410f7f854148 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 18 Sep 2025 11:44:22 +0200
Subject: [PATCH 3452/3949] increase to 11.9.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e686e3a8..aa9b30c3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.8.0</h1>
+            <h1>Nextcloud AIO v11.9.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From d937739ef0c05ff73f865dfd7ce98c137897fbaf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Sep 2025 04:20:39 +0000
Subject: [PATCH 3453/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.3 to 8.19.4.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ff683d33..289722ea 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.3
+FROM elasticsearch:8.19.4
 
 USER root
 

From caaf45143d421150c56ec689f3654cc63cd18e2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Sep 2025 12:16:59 +0000
Subject: [PATCH 3454/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.4 to 2.35.5.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/ec406be512d7077f68eed36e63f4d91bc006edc4...bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index cb3eb33d..e6205d4e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v5
-    - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+    - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 1beac885..81ada6da 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 62aea81e..d2bccbd5 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a35394aa..67618422 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v5
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index ea70f8e8..3fcdae12 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 93c4b572..107edc8b 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
           php-version: 8.4
           extensions: apcu

From 2324666591949a48fe15e731a24b5e08bf24c946 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Sep 2025 04:20:34 +0000
Subject: [PATCH 3455/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.11.9-scratch to 2.12.0-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.0-scratch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 88a9cd1e..ecc0e422 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.9-scratch AS nats
+FROM nats:2.12.0-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus

From 21c62125f18a8c366f9ba969aae348de993bc6dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 04:23:39 +0000
Subject: [PATCH 3456/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.4-alpine to 3.2.5-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.5-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 094d3fd5..24a1f298 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.4-alpine
+FROM haproxy:3.2.5-alpine
 
 # hadolint ignore=DL3002
 USER root

From 68317a1eb3cb0583b36d131ba1ff7c983159ef13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 04:24:33 +0000
Subject: [PATCH 3457/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.2.0 to v1.2.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 43f1ad90..680a59d0 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1
 
 USER root
 RUN set -ex; \

From 456a06d968f69dd279327deb5bee959fc96bff18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 12:18:30 +0000
Subject: [PATCH 3458/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/bff843227669a0c34c7f791ebd53a4b7c2a3febd...858c58d647eeb05b1725a96ae3fc290230321af3)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 0ab37267..56854ed4 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2
+        uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2
         with:
           continue-after-seconds: 180
         env:

From 37132d805e2e2c0514300d15fd12f43fb2735d69 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 25 Sep 2025 15:10:41 +0200
Subject: [PATCH 3459/3949] add recommendation to use orbstack on macOS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4c0712aa..7331353f 100644
--- a/readme.md
+++ b/readme.md
@@ -523,7 +523,11 @@ The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which
 ## Guides
 
 ### How to run AIO on macOS?
-On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
+
+> [!NOTE]
+> On macOS, it is recommended to use OrbStack instead of Docker Desktop which has much better compatibility with docker for Linux compared to Docker Desktop. See https://orbstack.dev/
+
+Generally, on macOS, there is only one thing different for the docker run command in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux.
 
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 

From 4b0c78376d995fb8f236c4125ac9732e32aebeac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 Sep 2025 04:22:54 +0000
Subject: [PATCH 3460/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.2.1 to 25.04.5.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.5.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 6438a186..536bec37 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.2.1
+FROM collabora/code:25.04.5.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4ab852204febf68a70c7c0321a2cddcc76c53fe5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 Sep 2025 04:23:15 +0000
Subject: [PATCH 3461/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.12-fpm-alpine3.22 to 8.4.13-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.13-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index cdf31a52..58248890 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.4.0-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.12-fpm-alpine3.22
+FROM php:8.4.13-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From b692c1d04988a3c4473b276e9d4aeec28195fab7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 10:19:30 +0200
Subject: [PATCH 3462/3949] nextcloud: allow to define postgres root cert
 during install

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 9 +++++++++
 Containers/nextcloud/entrypoint.sh              | 6 ++++++
 Containers/notify-push/start.sh                 | 7 ++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 Containers/nextcloud/config/postgres.config.php

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
new file mode 100644
index 00000000..38f980fe
--- /dev/null
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -0,0 +1,9 @@
+<?php
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
+  $CONFIG = array(
+    'pgsql_ssl' => array(
+      'mode' => 'verify-ca',
+      'rootcert' => '/var/www/html/data/certificates/POSTGRES',
+    ),
+  );
+}
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 25d549e0..1e0ada44 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -241,6 +241,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 );
 DATADIR_PERMISSION_CONF
 
+            # Write out postgres root cert
+            if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
+                mkdir /var/www/html/data/certificates
+                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
+            fi
+
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index e1bbf974..859c6309 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -66,8 +66,13 @@ if [ "$POSTGRES_USER" = nextcloud ]; then
     export POSTGRES_USER
 fi
 
+# Postgres root cert
+if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
+    POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+fi
+
 # Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT"
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 19b1469d85efb0998836e7ae9ae7d0da54c7ece9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 11:38:14 +0200
Subject: [PATCH 3463/3949] nextcloud-s3-config: allow multibucket config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index cd08f7fc..99999668 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -4,8 +4,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
   $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
   $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
   $CONFIG = array(
-    'objectstore' => array(
+    $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array(
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),

From f3c666df9af8280092051dd9e1b6a984021541b6 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Fri, 26 Sep 2025 15:53:28 -0400
Subject: [PATCH 3464/3949] fix: unify default initialization of s3 autocreate
 and use_ssl

Unify with micro-services image fix: nextcloud/docker#2309

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/config/s3.config.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index cd08f7fc..79113e6d 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -16,8 +16,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
+        'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions
@@ -31,3 +31,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
 }
+

From cc1933b51f3f9eec92134cfa56b435ff32fb0581 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 27 Sep 2025 08:18:03 +0000
Subject: [PATCH 3465/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index f089c598..03627c26 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.8.0
+version: 11.9.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 40344921..992e66de 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6cfc7167..2e9ccb95 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 417a1884..07f09220 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 58fcab24..abfa8b01 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 657a5f98..9dcc9d63 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index a13e5d4e..5e54704c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 224e82a2..1644464c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index eb744159..799e4390 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 14244671..820e6842 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index b7433541..015da80f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 96617fe3..bb6f2a1c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index a112e45f..d59c60c0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 72b60f18..804c5d2d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431
           readinessProbe:
             exec:
               command:

From f8cc109b7e1c2dc12e4319c79fc55e89dd256932 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 27 Sep 2025 12:26:56 +0200
Subject: [PATCH 3466/3949] Change ui_secret to use LLDAP_LDAP_USER_PASS

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/lldap/lldap.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
index 8f7fba88..32f8e7ec 100644
--- a/community-containers/lldap/lldap.json
+++ b/community-containers/lldap/lldap.json
@@ -27,7 +27,7 @@
         "LLDAP_JWT_SECRET",
         "LLDAP_LDAP_USER_PASS"
       ],
-      "ui_secret": "LLDAP_JWT_SECRET",
+      "ui_secret": "LLDAP_LDAP_USER_PASS",
       "volumes": [
         {
           "source": "nextcloud_aio_lldap",

From 25c80f470bcfaf60e8a400c3f4a5b58f2e8a6d2f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 28 Sep 2025 12:03:19 +0000
Subject: [PATCH 3467/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 34e3534b..bb81d695 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.4",
+            "version": "v2.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841"
+                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
-                "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed",
+                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-03-19T13:51:03+00:00"
+            "time": "2025-09-22T17:29:40+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.25",
+            "version": "v6.4.26",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae"
+                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
-                "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae",
+                "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
+                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.25"
+                "source": "https://github.com/symfony/console/tree/v6.4.26"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-22T10:21:53+00:00"
+            "time": "2025-09-26T12:13:46+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4449,16 +4449,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.3",
+            "version": "v7.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c"
+                "reference": "f96476035142921000338bad71e5247fbc138872"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
-                "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c",
+                "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872",
+                "reference": "f96476035142921000338bad71e5247fbc138872",
                 "shasum": ""
             },
             "require": {
@@ -4473,7 +4473,6 @@
             },
             "require-dev": {
                 "symfony/emoji": "^7.1",
-                "symfony/error-handler": "^6.4|^7.0",
                 "symfony/http-client": "^6.4|^7.0",
                 "symfony/intl": "^6.4|^7.0",
                 "symfony/translation-contracts": "^2.5|^3.0",
@@ -4516,7 +4515,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.3"
+                "source": "https://github.com/symfony/string/tree/v7.3.4"
             },
             "funding": [
                 {
@@ -4536,7 +4535,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-25T06:35:40+00:00"
+            "time": "2025-09-11T14:36:48+00:00"
         },
         {
             "name": "vimeo/psalm",

From b77af1a2f85f6de9d727d05dbe1b3267d58e0052 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20M=C3=BCller?=
 <28591861+alexanderdd@users.noreply.github.com>
Date: Sun, 28 Sep 2025 14:10:59 -0500
Subject: [PATCH 3468/3949] add comment about possibility of migration AIO->VM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Alexander Müller <28591861+alexanderdd@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 4c0712aa..6fa95704 100644
--- a/readme.md
+++ b/readme.md
@@ -52,7 +52,7 @@ Included are:
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
-- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
+- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From d5761aa52bbc4dd1fe0aefe18b2a7803d37f1c76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Sep 2025 04:34:41 +0000
Subject: [PATCH 3469/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.25-fpm-alpine3.22 to 8.3.26-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.26-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 1955ab2f..0ae91b63 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.25-fpm-alpine3.22
+FROM php:8.3.26-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 7a5d3e7ec8428bec549410da64e47b7ef8d58f17 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 26 Sep 2025 11:47:49 +0200
Subject: [PATCH 3470/3949] nextcloud-entrypoint: allow to
 configreav_blocklisted_directories

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 25d549e0..cdd0f6eb 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -814,6 +814,9 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
         php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
+        if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
+            php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES"
+        fi
     fi
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then

From 7c1cc4c2dd5f34d9dd0024a732cafcbe1f5443a6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 28 Sep 2025 07:41:34 +0200
Subject: [PATCH 3471/3949] talk: update eturnal image tag to use alpine image

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index ecc0e422..7067c72e 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.12.0-scratch AS nats
-FROM eturnal/eturnal:1.12.1 AS eturnal
+FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus
 

From dbcd5d8955f7d375a5abbb0e410fbfb09cd52bec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Sep 2025 11:15:53 +0200
Subject: [PATCH 3472/3949] also adjust `use_path_style` and `legacy_auth`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 79113e6d..a56ce04b 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -19,9 +19,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'autocreate' => strtolower($autocreate) !== 'false',
         'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        'use_path_style' => strtolower($use_path) === 'true',
         // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+        'legacy_auth' => strtolower($use_legacyauth) === 'true'
       )
     )
   );
@@ -31,4 +31,3 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
 }
-

From fa06f1c425dae052c1b7a0ed42497490fb16925b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 29 Sep 2025 12:11:50 +0200
Subject: [PATCH 3473/3949] delete caddy locks if existing on startup

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/start.sh          | 5 +++++
 Containers/mastercontainer/start.sh | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
index 5a85aa08..02a2f2ad 100644
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -66,6 +66,11 @@ caddy fmt --overwrite /tmp/Caddyfile
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
+# Fix caddy startup
+if [ -d "/mnt/data/caddy/locks" ]; then
+    rm -rf /mnt/data/caddy/locks/*
+fi
+
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 0882ebd7..616068f3 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -375,6 +375,11 @@ export TZ=Etc/UTC
 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
 
+# Fix caddy startup
+if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
+    rm -rf /mnt/docker-aio-config/caddy/locks/*
+fi
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile
 

From 36a39a3528ce3fa0ce1249cd99b53dc674bc87b9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 14:38:28 +0200
Subject: [PATCH 3474/3949] add minio community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 38 +++++++++++++++++++++++++++
 community-containers/minio/readme.md  | 12 +++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 community-containers/minio/minio.json
 create mode 100644 community-containers/minio/readme.md

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
new file mode 100644
index 00000000..ae1925bd
--- /dev/null
+++ b/community-containers/minio/minio.json
@@ -0,0 +1,38 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-minio",
+            "image_tag": "v1",
+            "display_name": "Minio S3 Storage",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio",
+            "image": "ghcr.io/szaimen/aio-minio",
+            "internal_port": "9000",
+            "environment": [
+                "MINIO_ROOT_USER=nextcloud",
+                "MINIO_ROOT_PASSWORD=%MINIO_ROOT_PASSWORD%"
+            ],
+            "secrets": [
+                "MINIO_ROOT_PASSWORD"
+            ],
+            "volumes": [
+            {
+                "source": "nextcloud_aio_minio",
+                "destination": "/data",
+                "writeable": true
+            }
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'",
+                "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments use_path_style --value true --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments use_ssl --value false --type bool",
+                "php /var/www/html/occ config:system:set objectstore arguments region --value ''",
+                "php /var/www/html/occ config:system:set objectstore arguments bucket --value nextcloud",
+                "php /var/www/html/occ config:system:set objectstore arguments key --value nextcloud",
+                "php /var/www/html/occ config:system:set objectstore arguments secret --value %MINIO_ROOT_PASSWORD%",
+                "php /var/www/html/occ config:system:set objectstore arguments port --value 9000",
+                "php /var/www/html/occ config:system:set objectstore arguments hostname --value nextcloud-aio-minio"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md
new file mode 100644
index 00000000..4f9391bd
--- /dev/null
+++ b/community-containers/minio/readme.md
@@ -0,0 +1,12 @@
+## Minio
+This container bundles minio s3 storage and auto-configures it for you.
+
+### Notes
+- The data of Minio will be automatically included in AIOs backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-minio
+
+### Maintainer
+https://github.com/szaimen

From 2d3780d3b3ea7c7e558c6772e4ea3b9be3b6a44f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 14:43:20 +0200
Subject: [PATCH 3475/3949] increase to v11.10.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4bcd18b7..8db6beb6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.9.0</h1>
+            <h1>Nextcloud AIO v11.10.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 4153c692fdfeba54ee486c68d29f883412044224 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 1 Oct 2025 15:09:14 +0200
Subject: [PATCH 3476/3949] add minio storage to backup volumes and readme
 update

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 3 +++
 community-containers/minio/readme.md  | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
index ae1925bd..2403f213 100644
--- a/community-containers/minio/minio.json
+++ b/community-containers/minio/minio.json
@@ -21,6 +21,9 @@
                 "writeable": true
             }
             ],
+            "backup_volumes": [
+                "nextcloud_aio_minio"
+            ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'",
                 "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool",
diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md
index 4f9391bd..be41d5bd 100644
--- a/community-containers/minio/readme.md
+++ b/community-containers/minio/readme.md
@@ -1,6 +1,12 @@
 ## Minio
 This container bundles minio s3 storage and auto-configures it for you.
 
+>[!WARNING]
+> Enabling this container will remove access to all the files formerly written to the data directory.
+> So only enable this on a clean instance directly after installing AIO.
+> All additional users that are added via Nextcloud afterwards are going to work correctly.
+> Also, after enabling and using it, make sure to not disable the container as you cannot migrate from s3 to local storage anymore and s3 is a critical part of your infrastructure from then on.
+
 ### Notes
 - The data of Minio will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 85a068f6791b8c2108b58aebe86203e4e8001774 Mon Sep 17 00:00:00 2001
From: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Date: Fri, 3 Oct 2025 07:03:40 +0200
Subject: [PATCH 3477/3949] nginx-proxy

Make it more clear what nginx-proxy is

Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
---
 reverse-proxy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 56e42fe3..6efe9026 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -538,13 +538,13 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy
+### nginx-proxy (Github Repo)
 
 <details>
 
 <summary>click here to expand</summary>
 
-Unfortunately, it is not possible to configure Nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
 
 If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
 

From 742e0906f0166409a639d262a95a1916650e4e42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:04 +0000
Subject: [PATCH 3478/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.5.3.1 to 25.04.6.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.6.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 536bec37..593c5323 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.5.3.1
+FROM collabora/code:25.04.6.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From db66d618fdc3c5e5241f44710b3317f8cbd4a78a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:06 +0000
Subject: [PATCH 3479/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.5-alpine to 3.2.6-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.6-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 24a1f298..72034cec 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.5-alpine
+FROM haproxy:3.2.6-alpine
 
 # hadolint ignore=DL3002
 USER root

From 5a4ba1c3500649a0f7dd1d4635b8dadeef95480f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:26 +0000
Subject: [PATCH 3480/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.4.0-cli to 28.5.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 58248890..2532ec16 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.4.0-cli AS docker
+FROM docker:28.5.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 7053a206e14d5a8a3974945a03c9ec1748872dc3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:20:53 +0000
Subject: [PATCH 3481/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.10-alpine to 7.2.11-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.11-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 98f3d3f0..8cb0f973 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.10-alpine
+FROM redis:7.2.11-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From ec07ef6fe731abd03e2430c022469880e1d18ab2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 04:21:19 +0000
Subject: [PATCH 3482/3949] build(deps): bump nicholas-fedor/watchtower in
 /Containers/watchtower

Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.8 to 1.12.1.
- [Release notes](https://github.com/nicholas-fedor/watchtower/releases)
- [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.8...v1.12.1)

---
updated-dependencies:
- dependency-name: nicholas-fedor/watchtower
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 82472ec7..ec2c0d0a 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
 
 FROM alpine:3.22.1
 

From a33ef5d1aa7f75f3716e4d55c266b5dc74f36d3a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Oct 2025 15:12:31 +0200
Subject: [PATCH 3483/3949] move the hint to a new line

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 6fa95704..f48479e4 100644
--- a/readme.md
+++ b/readme.md
@@ -52,7 +52,8 @@ Included are:
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
-- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
+- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). 
+- Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible.
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
 - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin)
 - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server)

From 7fbc548d2df54904e05c5b374fc37db8875b62df Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 6 Oct 2025 15:44:27 +0200
Subject: [PATCH 3484/3949] lldap: adjust hint how to retrieve the password

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/lldap/readme.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index ce4636bc..586aea9e 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -18,10 +18,7 @@ Functionality with this configuration:
 
 > For simplicity, this configuration is done via the command line (don't worry, it's very simple).
 
-First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:
-```bash
-sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
-```
+First, you need to retrieve the LLDAP admin password that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail.
 
 Now go into the Nextcloud container:<br>
 **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`.

From c1949573c9d5596f361563fcfa3f19f772357ffa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Fri, 26 Sep 2025 15:27:56 -0400
Subject: [PATCH 3485/3949] refactor(nextcloud): Tidy up entrypoint.sh
 error/log output

- Cleaned up error messages
- Reformatted some code for readability

No logic changes.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/entrypoint.sh | 207 +++++++++++++++++++----------
 1 file changed, 135 insertions(+), 72 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 4c50648a..fd8e6136 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -25,31 +25,34 @@ if [ "$DATABASE_TYPE" = postgres ]; then
     export DATABASE_TYPE=pgsql
 fi
 
-# Only start container if redis is accessible
+# Only start container if Redis is accessible
 # shellcheck disable=SC2153
 while ! nc -z "$REDIS_HOST" "6379"; do
-    echo "Waiting for redis to start..."
+    echo "Waiting for Redis to start..."
     sleep 5
 done
 
 # Check permissions in ncdata
-touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
-if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in the datadir.
-Most likely are the files located on a drive that does not follow linux permissions.
-Please adjust the permissions like mentioned below.
-The found permissions are:
-$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
-(userID:groupID permissions)
-but they should be:
-33:0 750
-(userID:groupID permissions)
-Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
-Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
-For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
+test_file="$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+touch "$test_file"
+if ! [ -f "$test_file" ]; then
+    echo "The www-data user does not appear to have access rights to the data directory."
+    echo "It is possible that the files are on a filesystem that does not support standard Linux permissions,"
+    echo "or the permissions simply need to be adjusted. Please change the permissions as described below."
+    echo "Current permissions are:"
+    stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
+    echo "(userID:groupID permissions)"
+    echo "They should be:"
+    echo "33:0 750"
+    echo "(userID:groupID permissions)"
+    echo "Also, ensure that all parent directories on the host of your chosen data directory are publicly readable."
+    echo "For example: sudo chmod +r /mnt  (adjust this command as needed)."
+    echo "If you want to use a FUSE mount as the data directory, add 'allow_other' as an additional mount option."
+    echo "For SMB/CIFS mounts as the data directory, see:"
+    echo "  https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
     exit 1
 fi
-rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+rm -f "$test_file"
 
 if [ -f /var/www/html/version.php ]; then
     # shellcheck disable=SC2016
@@ -71,26 +74,31 @@ fi
 
 # Don't start the container if Nextcloud is not compatible with the PHP version
 if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
-    echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version."
-    echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container."
-    echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container."
-    echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
+    echo "Your installed Nextcloud version is not compatible with the PHP version provided by this image."
+    echo "This typically occurs when you restore an older Nextcloud backup that does not support the"
+    echo "PHP version included in this image."
+    echo "Please restore a more recent backup that includes a compatible Nextcloud version."
+    echo "If you do not have a more recent backup, refer to the manual upgrade documentation:"
+    echo "  https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
     exit 1
 fi
 
 # Do not start the container if the last update failed
 if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
     echo "The last Nextcloud update failed."
-    echo "Please restore from backup and try again!"
-    echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
+    echo "Please restore from a backup and try again."
+    echo "If you do not have a backup, you can delete the update.failed file in the data directory"
+    echo "to allow the container to start again."
     exit 1
 fi
 
 # Do not start the container if the install failed
 if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
     echo "The initial Nextcloud installation failed."
-    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
-    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    echo "For more information about what went wrong, check the logs above."
+    echo "Please reset AIO properly and try again."
+    echo "See:"
+    echo "  https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
     exit 1
 fi
 
@@ -143,7 +151,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         if [ "$installed_version" != "0.0.0.0" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
-                echo -e "Checking connection to appstore"
+                echo -e "Checking connection to the app store..."
                 APPSTORE_URL="https://apps.nextcloud.com/api/v1"
                 if grep -q appstoreurl /var/www/html/config/config.php; then
                     set -x
@@ -154,10 +162,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
-                    echo "Appstore is reachable"
+                    echo "App store is reachable."
                     break
                 else
-                    echo "Curl didn't produce a 200 status, is appstore reachable?"
+                    echo "Curl did not return a 200 status. Is the app store reachable?"
                     sleep 5
                 fi
             done
@@ -167,21 +175,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             php /var/www/html/occ maintenance:mode --off
 
-            echo "Getting and backing up the status of apps for later, this might take a while..."
+            echo "Getting and backing up the status of apps for later; this might take a while..."
             NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
             if [ -z "$NC_APPS" ]; then
-                echo "No apps detected, aborting export of app status..."
+                echo "No apps detected. Aborting export of app status..."
                 APPSTORAGE="no-export-done"
             else
                 mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
                 declare -Ag APPSTORAGE
-                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                echo "Disabling apps before the update to make the update procedure safer. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
                     if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
                         php /var/www/html/occ app:disable "$app"
                     else
                         APPSTORAGE[$app]=""
-                        echo "Not disabling $app because the occ command to get the enabled state was failing."
+                        echo "Not disabling $app because the occ command to get its enabled state failed."
                     fi
                 done
             fi
@@ -195,8 +203,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             run_upgrade_if_needed_due_to_app_update
         fi
 
-        echo "Initializing nextcloud $image_version ..."
-        rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
+        echo "Initializing Nextcloud $image_version ..."
+
+        # Copy over initial data from Nextcloud archive
+        rsync -rlD --delete \
+            --exclude-from=/upgrade.exclude \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
 
         # Copy custom_apps from Nextcloud archive
         if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then
@@ -204,22 +217,47 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             for app in "$SOURCE_LOCATION/custom_apps"/*; do
                 app_id="$(basename "$app")"
                 mkdir -p "/var/www/html/custom_apps/$app_id"
-                rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/
+                rsync -rlD --delete \
+                    --include "/$app_id/" \
+                    --exclude '/*' \
+                    "$SOURCE_LOCATION/custom_apps/" \
+                    /var/www/html/custom_apps/
             done
             set +x
         fi
 
-        # Copy over initial data from Nextcloud archive
+        # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
         for dir in config data custom_apps themes; do
             if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+                rsync -rlD \
+                    --include "/$dir/" \
+                    --exclude '/*' \
+                    "$SOURCE_LOCATION/" \
+                    /var/www/html/
             fi
         done
-        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
-        rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+
+        rsync -rlD --delete \
+            --include '/config/' \
+            --exclude '/*' \
+            --exclude '/config/CAN_INSTALL' \
+            --exclude '/config/config.sample.php' \
+            --exclude '/config/config.php' \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
+
+        rsync -rlD \
+            --include '/version.php' \
+            --exclude '/*' \
+            "$SOURCE_LOCATION/" \
+            /var/www/html/
+
         echo "Initializing finished"
 
-        #install
+        ################
+        # Fresh Install
+        ################
+        
         if [ "$installed_version" = "0.0.0.0" ]; then
             echo "New Nextcloud instance."
 
@@ -233,13 +271,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
             fi
 
-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+        # Skip the default permission check (we do our own)
+        cat > /var/www/html/config/datadir.permission.config.php <<'EOF'
 <?php
-    \$CONFIG = array (
-    'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
+    $CONFIG = array (
+        'check_data_directory_permissions' => false
+    );
+EOF
 
             # Write out postgres root cert
             if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
@@ -250,11 +288,20 @@ DATADIR_PERMISSION_CONF
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
-              POSTGRES_PORT=5432
+                POSTGRES_PORT=5432
             fi
-            # shellcheck disable=SC2153
-            INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
 
+            # Add database options to INSTALL_OPTIONS
+            # shellcheck disable=SC2153
+            INSTALL_OPTIONS+=(
+                --database "$DATABASE_TYPE"
+                --database-name "$POSTGRES_DB"
+                --database-user "$POSTGRES_USER"
+                --database-pass "$POSTGRES_PASSWORD"
+                --database-host "$POSTGRES_HOST"
+                --database-port "$POSTGRES_PORT"
+            )
+            
             echo "Starting Nextcloud installation..."
             if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
                 echo "Installation of Nextcloud failed!"
@@ -276,7 +323,7 @@ DATADIR_PERMISSION_CONF
 
                 if [ "$try" -ge "$max_retries" ]; then
                     echo "Installation of Nextcloud failed!"
-                    echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+                    echo "Installation errors: $(cat /var/www/html/data/nextcloud.log)"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
                     exit 1
                 fi
@@ -312,10 +359,12 @@ DATADIR_PERMISSION_CONF
                 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 INSTALLED_MAJOR="${installed_version%%.*}"
                 IMAGE_MAJOR="${image_version%%.*}"
+                # If a valid upgrade path, trigger the Nextcloud built-in Updater
                 if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
                     php /var/www/html/updater/updater.phar --no-interaction --no-backup
                     if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                         echo "Installation of Nextcloud failed!"
+                        # TODO: Add a hint here about what to do / where to look / updater.log? 
                         touch "$NEXTCLOUD_DATA_DIR/install.failed"
                         exit 1
                     fi
@@ -392,11 +441,11 @@ DATADIR_PERMISSION_CONF
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            echo "Upgrading nextcloud from $installed_version to $image_version..."
+            echo "Upgrading Nextcloud from $installed_version to $image_version..."
             php /var/www/html/occ config:system:delete integrity.check.disabled
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."
-                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
+                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup."
                 exit 1
             fi
 
@@ -404,7 +453,7 @@ DATADIR_PERMISSION_CONF
             installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
-            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
+            bash /notify.sh "Nextcloud update to $image_version successful!" "You may inspect the Nextcloud container logs for more information."
 
             php /var/www/html/occ app:update --all
 
@@ -412,7 +461,7 @@ DATADIR_PERMISSION_CONF
 
             # Restore app status
             if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
-                echo "Restoring the status of apps. This can take a while..."
+                echo "Restoring app statuses. This may take a while..."
                 for app in "${!APPSTORAGE[@]}"; do
                     if [ -n "${APPSTORAGE[$app]}" ]; then
                         if [ "${APPSTORAGE[$app]}" != "no" ]; then
@@ -424,13 +473,13 @@ DATADIR_PERMISSION_CONF
                                     php /var/www/html/occ maintenance:mode --off
                                 fi
                                 run_upgrade_if_needed_due_to_app_update
-                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                echo "The $app app could not be re-enabled, probably because it is not compatible with the new Nextcloud version."
                                 if [ "$app" = apporder ]; then
                                     CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
                                 else
-                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                    CUSTOM_HINT="Most likely, it is not compatible with the new Nextcloud version."
                                 fi
-                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                bash /notify.sh "Could not re-enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to review the Nextcloud update logs and force-enable the app again if you wish."
                                 continue
                             fi
                             # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
@@ -452,7 +501,7 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Apply optimization
-            echo "Doing some optimizations..."
+            echo "Performing some optimizations..."
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
                 php /var/www/html/occ maintenance:repair --include-expensive
                 php /var/www/html/occ db:add-missing-indices
@@ -483,10 +532,10 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
     if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-        echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
+        echo "Appdata is not present. Did you change the datadir after the initial Nextcloud installation? This is not supported!"
         echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
-        echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
-        echo "In the datadir was found:"
+        echo "If you moved the datadir to an external drive, make sure that the drive is still mounted."
+        echo "The following was found in the datadir:"
         ls -la "$NEXTCLOUD_DATA_DIR/"
         exit 1
     fi
@@ -678,7 +727,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
+        echo "Warning: No IPv4 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -689,7 +738,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
             fi
         fi
     else
-        echo "No ipv6-address found for $COLLABORA_HOST."
+        echo "No IPv6 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
         PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
@@ -703,7 +752,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
-        echo "Warning: wopi_allowlist is empty which should not be the case!"
+        echo "Warning: wopi_allowlist is empty; this should not be the case!"
     fi
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
@@ -713,15 +762,20 @@ fi
 
 # OnlyOffice
 if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
+    # Determine OnlyOffice port based on host pattern
     if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
         ONLYOFFICE_PORT=80
     else
         ONLYOFFICE_PORT=443
     fi
+
+    # Wait for OnlyOffice to become available
     while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
-        echo "waiting for OnlyOffice to become available..."
+        echo "Waiting for OnlyOffice to become available..."
         sleep 5
     done
+
+    # Install or enable OnlyOffice app as needed
     if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
         php /var/www/html/occ app:install onlyoffice
     elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
@@ -729,16 +783,25 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     elif [ "$SKIP_UPDATE" != 1 ]; then
         php /var/www/html/occ app:update onlyoffice
     fi
+
+    # Set OnlyOffice configuration
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
+
+    # Adjust the OnlyOffice host if using internal pattern
     if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
         ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
         export ONLYOFFICE_HOST
     fi
+
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
+    # Remove OnlyOffice app if disabled and removal is requested
+    if [ "$REMOVE_DISABLED_APPS" = yes ] && \
+       [ -d "/var/www/html/custom_apps/onlyoffice" ] && \
+       [ -n "$ONLYOFFICE_SECRET" ] && \
+       [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice
     fi
 fi
@@ -784,7 +847,7 @@ fi
 if [ -d "/var/www/html/custom_apps/spreed" ]; then
     if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
         while ! nc -z "$TALK_RECORDING_HOST" 1234; do
-            echo "waiting for Talk Recording to become available..."
+            echo "Waiting for Talk Recording to become available..."
             sleep 5
         done
         # TODO: migrate to occ command if that becomes available
@@ -799,12 +862,12 @@ fi
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
     count=0
     while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do
-        echo "waiting for clamav to become available..."
+        echo "Waiting for ClamAV to become available..."
         count=$((count+5))
         sleep 5
     done
     if [ "$count" -ge 90 ]; then
-        echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app."
+        echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app."
         php /var/www/html/occ app:disable files_antivirus
     else
         if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
@@ -851,7 +914,7 @@ fi
 if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     count=0
     while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do
-        echo "waiting for Fulltextsearch to become available..."
+        echo "Waiting for Fulltextsearch to become available..."
         count=$((count+5))
         sleep 5
     done
@@ -888,14 +951,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
 
         # Do the index
         if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
-            echo "Waiting 10s before activating FTS..."
+            echo "Waiting 10 seconds before activating fulltextsearch..."
             sleep 10
             echo "Activating fulltextsearch..."
             if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
                 touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
             else
                 echo "Fulltextsearch failed. Could not index."
-                echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
+                echo "If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709"
             fi
         fi
     fi

From 593379de56d30a7fdf6db83adb614f14a6940755 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 04:18:34 +0000
Subject: [PATCH 3486/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.4 to 8.19.5.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 289722ea..980fe275 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.4
+FROM elasticsearch:8.19.5
 
 USER root
 

From 6d6183b9e83e37a0a6baed9835e3ccd225ed5424 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 13:08:54 +0000
Subject: [PATCH 3487/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/858c58d647eeb05b1725a96ae3fc290230321af3...9d692f15fa9f84928799bccac2dba6565e024bdf)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 56854ed4..e6527250 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2
+        uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
         with:
           continue-after-seconds: 180
         env:

From c35e0809bdce3f3e947a8b072f57287bce2847ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 04:20:04 +0000
Subject: [PATCH 3488/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.1-alpine3.22 to 1.25.2-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.2-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index afeb69a4..1d673ecd 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.1-alpine3.22 AS go
+FROM golang:1.25.2-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 7d923db4481dec87acc0146f19a952a26ca42972 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 04:20:52 +0000
Subject: [PATCH 3489/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.0-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 40b01470..b93e1338 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.7-alpine3.22
+FROM python:3.14.0-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 436c6ff5b7f103c01dc58eb5161b6aa55b4fcf9f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 11 Dec 2024 10:09:37 +0100
Subject: [PATCH 3490/3949] nextcloud: adjust max_input_time to -1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0ae91b63..c5fd6ed6 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -132,7 +132,7 @@ RUN set -ex; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
-        echo 'max_input_time=${PHP_MAX_TIME}'; \
+        echo 'max_input_time=-1'; \
         echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \

From 90d346ea650c7a5838328cacd96b1609a75199ca Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 8 Oct 2025 16:05:15 -0400
Subject: [PATCH 3491/3949] docs: Add README.md for Nextcloud container

Added README.md for Nextcloud container.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/README.md | 35 ++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 Containers/nextcloud/README.md

diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md
new file mode 100644
index 00000000..b94a1b77
--- /dev/null
+++ b/Containers/nextcloud/README.md
@@ -0,0 +1,35 @@
+# Nextcloud All-in-One ``nextcloud`` Container
+
+This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
+
+## Overview
+
+The Nextcloud container provides the core Nextcloud application environment, including the necessary dependencies and configuration for seamless integration into the All-in-One stack. The container hosts:
+
+- The PHP SAPI/backend (php-fpm)
+- Nextcloud background jobs and scheduled tasks, which are handled via cron
+- Miscellaneous minor support services specific to AIO's Nextcloud deployment (health and exec)
+
+## Contents
+
+- **Dockerfile**: Instructions for building the Nextcloud container image.
+- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime configuration before starting supervisord.
+- **Nextcloud configuration files**: Specific to running in a containerized setting and/or within AIO.
+- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within the container (php-fpm, cron, etc.).
+
+## Usage
+
+This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer).
+
+## Documentation
+
+- [Nextcloud All-in-One Documentation](https://github.com/nextcloud/all-in-one#readme)
+- [Nextcloud Documentation](https://docs.nextcloud.com/)
+
+## Contributing
+
+Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull requests or issues via the main repository.
+
+## License
+
+This folder and its contents are licensed under the [GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud All-in-One.

From 03413d944056b57362bb65a47d2d03d837d66893 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:08 +0000
Subject: [PATCH 3492/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/alpine

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 429485b3..25ac9671 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From a64237c9d649d6b7b83be4f3e09ba167d7a3036d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:13 +0000
Subject: [PATCH 3493/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/borgbackup

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 74d87f45..3d4ce1ce 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     \

From 8fb81686ba728893243b676f1b95dcdcda8a9917 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:17 +0000
Subject: [PATCH 3494/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/clamav

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 216ea1c9..db59f64a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 494639990580bdcd4796df9fdbf28b70f0fb0006 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:22 +0000
Subject: [PATCH 3495/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 99ae1184..c4b340e2 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 5c59bee1eed80d9ef507e693784e22284616314b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:25 +0000
Subject: [PATCH 3496/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/imaginary

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 1d673ecd..55503dcb 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 44659edf9c99fc01f921d851c2e1b99f38a36f2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:30 +0000
Subject: [PATCH 3497/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.0-cli to 28.5.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2532ec16..c1cbaa59 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.0-cli AS docker
+FROM docker:28.5.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 9d76e6486e4bffdabb384c9c903ade7d000950ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:22:55 +0000
Subject: [PATCH 3498/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 8138582d..812ec840 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 8e8580122de67686a6fb74b67dd70c7776479f2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:23:03 +0000
Subject: [PATCH 3499/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/talk

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7067c72e..84109d3b 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.12.0-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
-FROM alpine:3.22.1 AS janus
+FROM alpine:3.22.2 AS janus
 
 ARG JANUS_VERSION=v1.3.2
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 1f2e97a24634d857543cb84aea2fae240bee5f00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 04:23:13 +0000
Subject: [PATCH 3500/3949] build(deps): bump alpine from 3.22.1 to 3.22.2 in
 /Containers/watchtower

Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index ec2c0d0a..c2b38b18 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 26bb93df914e70f83f8faa8b19f0bdf51293a980 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 10 Oct 2025 08:42:36 +0200
Subject: [PATCH 3501/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 3d82e634..11df8a73 100644
--- a/readme.md
+++ b/readme.md
@@ -360,7 +360,7 @@ You can adjust the MTU size of the docker network by creating it beforehand with
 ```
 docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio
 ```
-When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration.
+When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `nextcloud-aio` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `nextcloud-aio` network and recreate it with the new configuration.
 
 If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details.
 

From 84288c4ac728795b4b949f64dc88fd17d3199c34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Oct 2025 04:19:54 +0000
Subject: [PATCH 3502/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.2.1 to v1.3.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 680a59d0..e60bb815 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0
 
 USER root
 RUN set -ex; \

From e940d47079f0a25ee4045671e0f40cda3f60f392 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 14 Oct 2025 13:25:57 +0200
Subject: [PATCH 3503/3949] talk-recording: allow to use it on arm64

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh              | 2 ++
 php/src/Data/ConfigurationManager.php           | 5 -----
 php/templates/includes/optional-containers.twig | 2 +-
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index a03eed04..b49e5e9c 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -59,6 +59,8 @@ extensionvideo = .webm
 
 [recording]
 browser = firefox
+driverPath = /usr/bin/geckodriver
+browserPath = /usr/bin/firefox
 RECORDING_CONF
 
 exec "$@"
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index ceae13d0..1a2b4461 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -286,11 +286,6 @@ class ConfigurationManager
             $value = 0;
         }
 
-        // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17
-        if (!$this->isx64Platform()) {
-            $value = 0;
-        }
-
         $config = $this->GetConfig();
         $config['isTalkRecordingEnabled'] = $value;
         $this->WriteConfig($config);
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 572af5f1..6bea68db 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a target="_blank" href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
     </p>
     <p>
         <input

From 3137c434475cef59c20bc636e1f0cee343eebc42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Oct 2025 12:16:14 +0000
Subject: [PATCH 3504/3949] build(deps): bump actions/setup-node from 5 to 6 in
 /.github/workflows

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index d2bcad71..9de89243 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: lts/*
 

From 28f7d3571ca69fb408fe1f8f173b1d3ac0c8f9a6 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Tue, 14 Oct 2025 20:59:42 +0200
Subject: [PATCH 3505/3949] Add clamav milter packaged, configure it and use
 supervisord to start it up.

TODO: start milter only if community container stalwart is used.

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile       | 8 ++++++--
 Containers/clamav/start.sh         | 1 +
 Containers/clamav/supervisord.conf | 7 +++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 216ea1c9..9330c57f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -3,7 +3,7 @@ FROM alpine:3.22.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata clamav supervisor bash; \
+    apk add --no-cache tzdata clamav clamav-milter supervisor bash; \
     mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
@@ -12,7 +12,11 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
-    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
+    sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index bda4add5..2c56db49 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
+cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf
 
 # Print out clamav version for compliance reasons
 clamscan --version
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 8f53856a..283833b8 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -21,3 +21,10 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=clamd --foreground --config-file=/tmp/clamd.conf
+
+[program:milter]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf
\ No newline at end of file

From 2d86c0d788461fd0adf52af8c6e15e1bfc9c19f8 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Tue, 14 Oct 2025 21:10:48 +0200
Subject: [PATCH 3506/3949] Remove copying and omit checks for stalwart

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/start.sh         | 1 -
 Containers/clamav/supervisord.conf | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index 2c56db49..bda4add5 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 
 sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
-cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf
 
 # Print out clamav version for compliance reasons
 clamscan --version
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 283833b8..7aad65ed 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf
\ No newline at end of file
+command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file

From 3fdd77e75d0a536e11cdb6b0c79c80cf50aadd05 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 08:40:45 +0000
Subject: [PATCH 3507/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 03627c26..6eb13d92 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.9.0
+version: 11.10.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 992e66de..4196cb99 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 2e9ccb95..9f8dda8d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 07f09220..5db29234 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index abfa8b01..8466fe03 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 9dcc9d63..5b9ef69f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 5e54704c..84ea42e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 1644464c..c6559fbd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 799e4390..dac83c98 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 820e6842..98f75058 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 015da80f..61938748 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index bb6f2a1c..aa078677 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index d59c60c0..27a50beb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 804c5d2d..08d3fcca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711
           readinessProbe:
             exec:
               command:

From b55b4aac1cde4a254c9a89fdb624c2144a461a29 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:03:37 +0000
Subject: [PATCH 3508/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index bb81d695..4809bae8 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.5",
+            "version": "v2.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed"
+                "reference": "038ce42edee619599a1debb7e81d7b3759492819"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed",
-                "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
+                "reference": "038ce42edee619599a1debb7e81d7b3759492819",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-09-22T17:29:40+00:00"
+            "time": "2025-10-09T13:42:30+00:00"
         },
         {
             "name": "nikic/fast-route",

From 12c9b6807142dd0b5e2ab763ce13d57efb31df39 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:05:06 +0000
Subject: [PATCH 3509/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk-recording/Dockerfile     |  2 +-
 Containers/talk-recording/recording.conf | 48 +++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index b93e1338..83b7859b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -4,7 +4,7 @@ FROM python:3.14.0-alpine3.22
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-ENV RECORDING_VERSION=v0.1
+ENV RECORDING_VERSION=v0.2.0
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
 ENV NC_PROTOCOL=https
diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf
index 99515528..cc8bd495 100644
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -1,3 +1,5 @@
+# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
 [logs]
 # Log level based on numeric values of Python logging levels:
 # - Critical: 50
@@ -12,6 +14,11 @@
 # IP and port to listen on for HTTP requests.
 #listen = 127.0.0.1:8000
 
+[app]
+# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
+# the "X-Forwarded-For" header.
+#trustedproxies =
+
 [backend]
 # Allow any hostname as backend endpoint. This is extremely insecure and should
 # only be used during development.
@@ -100,6 +107,18 @@
 # ffmpeg. The options given here fully override the default global options.
 #common = ffmpeg -loglevel level+warning -n
 
+# The (additional) options given to ffmpeg for the audio input. The options
+# given here extend the default options for the audio input, although they do
+# not override them.
+# Default options: '-f pulse -i {AUDIO_SOURCE}'
+#inputaudio =
+
+# The (additional) options given to ffmpeg for the video input. The options
+# given here extend the default options for the video input, although they do
+# not override them.
+# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}'
+#inputvideo =
+
 # The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus
@@ -120,4 +139,31 @@
 # will use Google Chrome, or Chromium if Google Chrome is not installed.
 # Allowed values: firefox, chrome
 # Defaults to firefox
-# browser = firefox
+#browser = firefox
+
+# Path to the Selenium driver to use for recordings.
+# If set the driver must match the browser being used (for example,
+# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium
+# Manager will try to find the right one in $PATH, downloading it as a fallback.
+# Note that Selenium Manager does not work in some architectures (for example,
+# Linux on arm64/aarch64), so in those architectures the driver must be
+# explicitly set.
+#driverPath =
+
+# Path to the browser executable to use for recordings.
+# If set the executable must match the browser being used (for example,
+# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set
+# Selenium Manager will try to find the right one in $PATH. Depending on the
+# installed Selenium version if the executable is not found Selenium Manager may
+# also download the browser as a fallback.
+# Note that Selenium Manager does not work in some architectures (for example,
+# Linux on arm64/aarch64); in those architectures the Selenium driver will try
+# to find the executable, but the executable may need to be explicitly set if
+# not found by the driver.
+#browserPath =
+
+[stats]
+# Comma-separated list of IP addresses (or CIDR networks) that are allowed to
+# access the stats endpoint.
+# Leave commented to only allow access from "127.0.0.1".
+#allowed_ips =

From c8b8740980690283c823d8a6c3d52154a39e76f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 15 Oct 2025 12:14:36 +0000
Subject: [PATCH 3510/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0ae91b63..9c940846 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -84,7 +84,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.27; \
-    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
+    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
    pecl install -o imagick-3.8.0; \
     \

From 97af7b63e29c152e6823cf4b7e20a2d7b17e4a5f Mon Sep 17 00:00:00 2001
From: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Date: Tue, 7 Oct 2025 16:11:44 +0200
Subject: [PATCH 3511/3949] rp-docs: add link for nginx-proxy

Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Co-Authored-By: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 6efe9026..4d6cc2fa 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -538,13 +538,15 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### nginx-proxy (Github Repo)
+### Nginx-Proxy
 
 <details>
 
 <summary>click here to expand</summary>
 
-Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+This section refers to the dedicated project named `nginx-proxy`. See its [GitHub repo](https://github.com/nginx-proxy/nginx-proxy). If you should be looking for Nginx, see the `Nginx, Freenginx, Openresty, Angie` section in this docu.
+
+Unfortunately, it is not possible to configure `nginx-proxy` in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
 
 If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
 

From 6bdd7bafdf927ecddf085b352ee0bcb682ffc208 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Oct 2025 04:22:10 +0000
Subject: [PATCH 3512/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.2-alpine3.22 to 1.25.3-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.3-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 55503dcb..47eccfad 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.2-alpine3.22 AS go
+FROM golang:1.25.3-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From a4320317d5eb26bdcd2e328876c49589cf1363e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Oct 2025 04:22:53 +0000
Subject: [PATCH 3513/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.0-scratch to 2.12.1-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.1-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 84109d3b..37ece0f4 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.0-scratch AS nats
+FROM nats:2.12.1-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 26e2b631102af22fa18caa1ac27c23117ffb2f96 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Oct 2025 09:00:50 +0200
Subject: [PATCH 3514/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index 42c72e5f..be1d580f 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.0.4.1
+FROM onlyoffice/documentserver:9.1.0.1
 
 # USER root is probably used
 

From 8ed64db45c5395739ab91339960f332025725628 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 16 Oct 2025 10:58:21 -0400
Subject: [PATCH 3515/3949] fix: add manual install and Helm chart usage
 context

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 Containers/nextcloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md
index b94a1b77..574afd03 100644
--- a/Containers/nextcloud/README.md
+++ b/Containers/nextcloud/README.md
@@ -19,7 +19,7 @@ The Nextcloud container provides the core Nextcloud application environment, inc
 
 ## Usage
 
-This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer).
+This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which AIO provides in a dedicated Apache container). It is designed to be orchestrated by the [All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer) or used within an [AIO Manual Installation](https://github.com/nextcloud/all-in-one/tree/main/manual-install) or [AIO Helm chart](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart).
 
 ## Documentation
 

From 3a4dfaa4b69ca5d56dccf15c17c25db7d6a5c002 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Thu, 16 Oct 2025 19:31:16 +0200
Subject: [PATCH 3516/3949] Change --foreground option from supervisord to
 milter configuration file

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile       | 3 ++-
 Containers/clamav/supervisord.conf | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 9330c57f..35c81710 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -16,7 +16,8 @@ RUN set -ex; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
-    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf
+    sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index 7aad65ed..e1216df5 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file
+command=clamav-milter --config-file=/etc/clamav/clamav-milter.conf
\ No newline at end of file

From f996afdb4aed741e6e489252ab68cab8a6ba59fd Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Thu, 16 Oct 2025 21:09:58 +0200
Subject: [PATCH 3517/3949] mastercontainer: bind 8000 only to 127.0.0.1

In my test it worked

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/mastercontainer.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 6a7d37dd..4effec19 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,5 +1,5 @@
-Listen 8000
-Listen 8080
+Listen 127.0.0.1:8000
+Listen 8080 https
 
 # Deny access to .ht files
 <Files ".ht*">

From 15ad146d9c70558700dc24129c8ff6efdb3f0b14 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 16 Oct 2025 22:42:27 -0400
Subject: [PATCH 3518/3949] docs: Revise "how to use this" section of README

Reorganized and updated instructions for clarity and approachability.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 readme.md | 129 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 81 insertions(+), 48 deletions(-)

diff --git a/readme.md b/readme.md
index 11df8a73..0c412866 100644
--- a/readme.md
+++ b/readme.md
@@ -86,66 +86,99 @@ Included are:
 | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) |
 
 ## How to use this?
->[!WARNING]
-> You should first make sure that you are not using docker installed via snap. You can check this by running `sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"`. If the output should contain the mentioned string `/var/snap/docker/`, you should first uninstall docker snap via `sudo snap remove docker` and then follow the instructions below. ⚠️ Attention: only run the command if this is a clean new docker installation and you are not running any service already using this.
 
-> [!NOTE]
-> The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
+The steps below are written for Linux. For platform-specific guidance see:
+- macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos)
+- Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows)
+- Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
 
-1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms.
->[!WARNING]
-> You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: 
+> [!IMPORTANT]  
+> These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 
-<details>
-    <summary>Using the convenience script</summary>
+You're encouraged to skim the attached [FAQ](#faq). While we've tried to make things straightforward, Nextcloud is a large and flexible platform. Reading the FAQ will save you time, particularly if edge cases come up.
+
+> [!TIP]  
+> Don't worry about getting everything perfect on the first try — test deployments are cheap and disposable.
+
+1. Install Docker on your Linux host by following the official documentation: [Docker install — supported platforms](https://docs.docker.com/engine/install/#supported-platforms)
+
+> [!WARNING]  
+> Snap-based Docker installations are not supported. Make sure you are not using a snap-based Docker installation (generally only applicable to Ubuntu). To check, run:
+> ```sh
+> sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"
+> ```
+> If you see the following output:
+> ```
+> /var/snap/docker/
+> ```
+> you should migrate to a standard Docker installation and remove the snap-based package before proceeding: [Install Docker on Ubuntu](https://docs.docker.com/engine/install/ubuntu/).
+>
+> ⚠️ To avoid losing data or interrupting services, only remove the Docker snap after you are certain you're not running any existing containers in it.
+>
+> Consult the official Docker documentation or other guides for instructions on migrating existing containers. Once you are certain it's safe, remove the snap-based Docker installation with:
+> ```sh
+> sudo snap remove docker
+> ```
+
+2. If you need IPv6 support, enable it by following: [Docker IPv6 support for AIO](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md)
+
+3. AIO uses a special `mastercontainer` to orchestrate the various pieces of the Nextcloud stack. To start AIO, launch the `mastercontainer` with the command below:
 
 ```sh
-curl -fsSL https://get.docker.com | sudo sh
+# For Linux and without a web server or reverse proxy already in place:
+sudo docker run \
+  --init \
+  --sig-proxy=false \
+  --name nextcloud-aio-mastercontainer \
+  --restart always \
+  --publish 80:80 \
+  --publish 8080:8080 \
+  --publish 8443:8443 \
+  --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+  --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+  ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
+<details>
+  <summary>Explanation of the command</summary>
+
+  - `sudo docker run` — starts a new Docker container. Omit `sudo` if your user is in the `docker` group.  
+  - `--init` — runs an init process inside the container to handle zombie processes.  
+  - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.  
+  - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.  
+  - `--restart always` — ensures the container restarts automatically with the Docker daemon.  
+  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.  
+  - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
+  - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
+  - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  
+  - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install)  
+  - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image.
+
+  Additional options can be set with environment variables (for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` to change Nextcloud's datadir on first startup). See the Customization section and example compose file: [compose.yaml](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for more options.
 </details>
 
-2. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-3. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
-    ```
-    # For Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place:
-    sudo docker run \
-    --init \
-    --sig-proxy=false \
-    --name nextcloud-aio-mastercontainer \
-    --restart always \
-    --publish 80:80 \
-    --publish 8080:8080 \
-    --publish 8443:8443 \
-    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-    ghcr.io/nextcloud-releases/all-in-one:latest
-    ```
-    <details>
-    <summary>Explanation of the command</summary>
+> [!TIP]
+> If you want Nextcloud’s data directory in a different location than the default Docker volume, see "How to change the default location of Nextcloud's Datadir" in this README: [How to change the default location of Nextcloud's Datadir](#how-to-change-the-default-location-of-nextclouds-datadir)
 
-    - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
-    - `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
-    - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
-    - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
-    - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
-    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
-    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-    - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
-    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
-    </details>
+> [!NOTE]
+> For production usage (and ease of upgrades and changes), we suggest using the example [Compose file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) rather than `docker run`.
 
-    Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
+4. After the initial startup, open the Nextcloud AIO interface on port 8080 of this server **by IP address**, for example:
+```txt
+https://192.168.5.5:8080
+```
 
-4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
-E.g. `https://ip.address.of.this.server:8080`<br>
-⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br><br>
-If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
-`https://your-domain-that-points-to-this-server.tld:8443`
-5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+> [!CAUTION]
+> Use an IP address (not a domain) when accessing the AIO interface on port 8080. Accessing via a domain may work temporarily but is likely to break later due to HSTS.
+
+Port 8080 uses a self-signed certificate that you must accept in your browser.
+
+It is also possible to obtain a valid certificate automatically if your firewall/router forwards ports 80 and 8443 and you point a domain to your server. In that case, access the AIO interface using the dedicated port for this purpose (8443), for example:
+```txt
+https://your-domain-that-points-to-this-server.tld:8443
+```
+
+5. If you enable Nextcloud Talk, open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk (TURN) container.
 
 # FAQ
 - [TOC](#faq)

From 6624330ce505b025b990d74dcdec133bcf32ff44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Oct 2025 04:21:14 +0000
Subject: [PATCH 3519/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.6.1.1 to 25.04.6.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.6.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 593c5323..347ae83f 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.6.1.1
+FROM collabora/code:25.04.6.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 2794fb3a7e3c24e781ed57e82db73b0e21b629dc Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 07:40:54 +0200
Subject: [PATCH 3520/3949] apply suggestion

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/mastercontainer/mastercontainer.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf
index 4effec19..7d294694 100644
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -7,8 +7,8 @@ Listen 8080 https
 </Files>
 
 # Http host
-<VirtualHost *:8000>
-    ServerName localhost
+<VirtualHost 127.0.0.1:8000>
+    ServerName 127.0.0.1
 
     # Add error log
     CustomLog /proc/self/fd/1 proxy

From 8d67d300d380da915cf0a64de5ee4bcce23f4611 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 17 Oct 2025 12:21:33 +0200
Subject: [PATCH 3521/3949] nextcloud-entrypoint: set max av size back to
 unlimited by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 3 ++-
 Containers/nextcloud/entrypoint.sh | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index db59f64a..6e23851f 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -8,8 +8,9 @@ RUN set -ex; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 0|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index fd8e6136..89d99d29 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -881,7 +881,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
         php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
         if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
             php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES"

From 91ade7ed94fe576f17d6dc29f6aa86a766abb3da Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 20:26:22 +0200
Subject: [PATCH 3522/3949] remove libreoffice

see https://github.com/nextcloud/all-in-one/discussions/6997#discussioncomment-14712015

Signed-off-by: Zoey <zoey@z0ey.de>
---
 Containers/nextcloud/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4eae8029..ae54df35 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -230,7 +230,6 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
-        libreoffice \
         bind-tools \
         imagemagick \
         imagemagick-svg \

From a176ecdd9f10c403038ccbcc9e2b8b58718572c1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 17 Oct 2025 20:30:05 +0200
Subject: [PATCH 3523/3949] remove librewolf from readme

Signed-off-by: Zoey <zoey@z0ey.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 11df8a73..3150c6a2 100644
--- a/readme.md
+++ b/readme.md
@@ -46,7 +46,7 @@ Included are:
 - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature
 - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup)
 - Nextcloud installation is not read only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied)
-- `ffmpeg`, `smbclient`, `libreoffice` and `nodejs` are included by default
+- `ffmpeg`, `smbclient` and `nodejs` are included by default
 - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container

From c2a040010cb416b0e7d49ddf7bf53c3e988fa86f Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Fri, 17 Oct 2025 19:41:28 +0200
Subject: [PATCH 3524/3949] update nextcloud-exporter image tag to 0.9.0

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
---
 community-containers/nextcloud-exporter/nextcloud-exporter.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json
index f9159a36..e5bf74b8 100644
--- a/community-containers/nextcloud-exporter/nextcloud-exporter.json
+++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json
@@ -5,7 +5,7 @@
             "display_name": "Prometheus Nextcloud Exporter",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
             "image": "ghcr.io/xperimental/nextcloud-exporter",
-            "image_tag": "0.8.0",
+            "image_tag": "0.9.0",
             "internal_port": "9205",
             "restart": "unless-stopped",
             "ports": [

From fdb34bd01acb1700f36d854344cf0f9c9d678baa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 20 Oct 2025 08:10:25 -0400
Subject: [PATCH 3525/3949] Merge pull request #6949 from
 nextcloud/jtr/docs-containers-mastercontainer-readme

docs: Add README for `mastercontainer`
---
 Containers/mastercontainer/README.md | 69 ++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 Containers/mastercontainer/README.md

diff --git a/Containers/mastercontainer/README.md b/Containers/mastercontainer/README.md
new file mode 100644
index 00000000..de6b535d
--- /dev/null
+++ b/Containers/mastercontainer/README.md
@@ -0,0 +1,69 @@
+# Nextcloud All-in-One `mastercontainer`
+
+This folder contains the OCI/Docker container definition, along with associated resources and
+configuration files, for building the `mastercontainer` as part of the Nextcloud All-in-One
+project. This container hosts [the Nextcloud AIO interface](
+https://github.com/nextcloud/all-in-one/tree/main/php)[^app], and a dedicated PHP environment
+for it (which is completely independent of the Nextcloud Server).
+
+## Overview
+
+The mastercontainer acts as the central orchestration service for the deployment and management
+of all other containers in the Nextcloud All-in-One stack. It hosts:
+
+- A dedicated PHP SAPI/backend (php-fpm) for AIO itself (not Nextcloud Server)
+- An Apache service for accessing the AIO interface via a self-signed HTTPS VirtualHost on 8080/tcp
+- A Caddy reverse proxy service enabling HTTPS access to the AIO frontend on port 8443/tcp.
+  - Caddy will automatically issue a Let's Encrypt issued certificate if port 80 and 8443
+    is open/forwarded and a domain pointer is in place; then, simply open the Nextcloud AIO interface using the
+    domain (`https://your-domain-that-points-to-this-server.tld:8443`). The Let's Encrypt certificate request will
+    use an [ACME HTTP-01](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) challenge.
+- Miscellaneous support services specific to AIO (backup management, health checks, etc.)
+
+## Key Responsibilities
+
+- Orchestrates the deployment and lifecycle of all Nextcloud service containers
+- Handles initial setup and container configuration
+- Coordinates image updates
+- Monitors general system health
+
+It triggers the initial installation and ensures the smooth operation of the Nextcloud
+All-in-One stack.
+
+## Contents
+
+- **Dockerfile**: Instructions for building the mastercontainer image.
+- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime
+  configuration before starting supervisord.
+- [**Nextcloud All-in-One Controller App**](https://github.com/nextcloud/all-in-one/tree/main/php): The
+  core AIO orchestrator that handles configuration and settings for the containers.
+- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within
+  the container (php-fpm, cron, etc.)
+
+## Usage
+
+This container should be used as the trigger image when deploying the Nextcloud All-in-One
+stack in a Docker or other OCI-compliant container environment. For detailed deployment
+instructions, refer to the [project documentation](
+https://github.com/nextcloud/all-in-one).
+
+## Related Resources
+
+- [Main Repository](https://github.com/nextcloud/all-in-one)
+- [Documentation](https://github.com/nextcloud/all-in-one#readme)
+
+## Contributing
+
+Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull
+requests or issues via the main repository.
+
+## License
+
+This folder and its contents are licensed under the
+[GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud
+All-in-One.
+
+[^app]: The Nextcloud All-in-One interface allows users to install, configure, and
+manage their Nextcloud instance and related containers via a secure web interface and API.
+It automates and simplifies complex tasks such as container orchestration, backups, updates,
+and service management for users deploying Nextcloud in Docker environments.

From 79824ac83b29812d96ee33668a63a46091fc4fb0 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 20 Oct 2025 08:58:33 -0400
Subject: [PATCH 3526/3949] docs: add link to TrueNAS SCALE guidance

---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index 0c412866..9dfc2e77 100644
--- a/readme.md
+++ b/readme.md
@@ -91,6 +91,7 @@ The steps below are written for Linux. For platform-specific guidance see:
 - macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos)
 - Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows)
 - Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
+- TrueNAS SCALE: [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
 
 > [!IMPORTANT]  
 > These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)

From 4690c8a4df6020114a36b17497d077c141f596ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Oct 2025 19:04:20 +0000
Subject: [PATCH 3527/3949] build(deps): bump playwright and @playwright/test
 in /php/tests

Bumps [playwright](https://github.com/microsoft/playwright) to 1.56.1 and updates ancestor dependency [@playwright/test](https://github.com/microsoft/playwright). These dependencies need to be updated together.


Updates `playwright` from 1.51.1 to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1)

Updates `@playwright/test` from 1.51.1 to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.56.1
  dependency-type: indirect
- dependency-name: "@playwright/test"
  dependency-version: 1.56.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 php/tests/package-lock.json | 44 +++++++++++--------------------------
 php/tests/package.json      |  2 +-
 2 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/php/tests/package-lock.json b/php/tests/package-lock.json
index ea2b4296..7d7d3383 100644
--- a/php/tests/package-lock.json
+++ b/php/tests/package-lock.json
@@ -7,20 +7,19 @@
     "": {
       "name": "e2e",
       "version": "1.0.0",
-      "license": "ISC",
+      "license": "AGPL-3.0-or-later",
       "devDependencies": {
-        "@playwright/test": "^1.51.1",
-        "@types/node": "^22.13.10"
+        "@playwright/test": "^1.56.1"
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz",
-      "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz",
+      "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.51.1"
+        "playwright": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -29,16 +28,6 @@
         "node": ">=18"
       }
     },
-    "node_modules/@types/node": {
-      "version": "22.13.10",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz",
-      "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "undici-types": "~6.20.0"
-      }
-    },
     "node_modules/fsevents": {
       "version": "2.3.2",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
@@ -55,13 +44,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
-      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz",
+      "integrity": "sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.51.1"
+        "playwright-core": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -74,9 +63,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
-      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz",
+      "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -85,13 +74,6 @@
       "engines": {
         "node": ">=18"
       }
-    },
-    "node_modules/undici-types": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
-      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
-      "dev": true,
-      "license": "MIT"
     }
   }
 }
diff --git a/php/tests/package.json b/php/tests/package.json
index ebfa99ec..95aae5a8 100644
--- a/php/tests/package.json
+++ b/php/tests/package.json
@@ -3,6 +3,6 @@
   "version": "1.0.0",
   "license": "AGPL-3.0-or-later",
   "devDependencies": {
-    "@playwright/test": "^1.51.1"
+    "@playwright/test": "^1.56.1"
   }
 }

From c4245657e12f2c74d971584af8245e1dc2f41c47 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 21 Oct 2025 11:52:01 +0200
Subject: [PATCH 3528/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/calcardbackup/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/calcardbackup/readme.md b/community-containers/calcardbackup/readme.md
index 0bb04a3b..42a218b4 100644
--- a/community-containers/calcardbackup/readme.md
+++ b/community-containers/calcardbackup/readme.md
@@ -2,7 +2,7 @@
 This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
   
 ### Notes  
-- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO.
+- Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
 - All the exports will be included in AIOs backup solution
 - You can find the exports in the nextcloud_aio_calcardbackup volume
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack  

From 1fbe2575d4ba30ba482f5866d67174599aefd02d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 21 Oct 2025 12:03:53 +0000
Subject: [PATCH 3529/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 4809bae8..355c5788 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4724,28 +4724,28 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.11.0",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991"
+                "reference": "541057574806f942c94662b817a50f63f7345360"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991",
-                "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360",
+                "reference": "541057574806f942c94662b817a50f63f7345360",
                 "shasum": ""
             },
             "require": {
                 "ext-ctype": "*",
+                "ext-date": "*",
+                "ext-filter": "*",
                 "php": "^7.2 || ^8.0"
             },
-            "conflict": {
-                "phpstan/phpstan": "<0.12.20",
-                "vimeo/psalm": "<4.6.1 || 4.6.2"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "^8.5.13"
+            "suggest": {
+                "ext-intl": "",
+                "ext-simplexml": "",
+                "ext-spl": ""
             },
             "type": "library",
             "extra": {
@@ -4776,9 +4776,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.11.0"
+                "source": "https://github.com/webmozarts/assert/tree/1.12.0"
             },
-            "time": "2022-06-03T18:03:27+00:00"
+            "time": "2025-10-20T12:43:39+00:00"
         }
     ],
     "aliases": [],

From 6a54eb5a4403f62bb9127065e757a9cfa18d2d8c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 21 Oct 2025 12:05:17 +0000
Subject: [PATCH 3530/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 37ece0f4..888d3a38 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus
 
-ARG JANUS_VERSION=v1.3.2
+ARG JANUS_VERSION=v1.3.3
 WORKDIR /src
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 330ca71de26223e7199055420e48b5aa433dcbd1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 22 Oct 2025 12:03:39 +0000
Subject: [PATCH 3531/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 355c5788..09f93f25 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3338,16 +3338,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.1",
+            "version": "v5.6.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2"
+                "reference": "3a454ca033b9e06b63282ce19562e892747449bb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
-                "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb",
+                "reference": "3a454ca033b9e06b63282ce19562e892747449bb",
                 "shasum": ""
             },
             "require": {
@@ -3390,9 +3390,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2"
             },
-            "time": "2025-08-13T20:13:15+00:00"
+            "time": "2025-10-21T19:32:17+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",

From fb1ca10ab45ef58ff1a44defe4aabb125ce5095b Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 12:29:55 -0400
Subject: [PATCH 3532/3949] docs: Revise reverse proxy docs (first pass)

Updated the reverse proxy documentation for Nextcloud AIO, enhancing clarity and structure.

Re-organized top section(s).

Added sections to provide context on integrated versus external reverse proxies versus secure tunnels/proxy platforms.

De-duplicated some content.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 210 ++++++++++++++++++++++++++++-------------------
 1 file changed, 127 insertions(+), 83 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 4d6cc2fa..953f1fd0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,67 +1,71 @@
-# Reverse Proxy Documentation
-
-> [!NOTE]
-> Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
-
-> [!TIP]
-> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
+# Using a reverse proxy or secure tunnel to access Nextcloud AIO
 
 ## Introduction
-In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
-1. add a specific config to your web server or reverse proxy. [See the documentation below.](#1-configure-the-reverse-proxy)
-2. specify the port that AIO's integrated Apache container shall use via the environmental variable `APACHE_PORT` (that runs inside its own container and published this port on the host) and adjust the `docker run` command of AIO. [See the documentation below.](#2-use-this-startup-command).
-3. Open the AIO interface at port `8080` and type in and validate your domain. [See the documentation below.](#4-open-the-aio-interface)
 
-Here one example with all reverse proxy settings for Linux:
-```
-sudo docker run \
---init \
---sig-proxy=false \
---name nextcloud-aio-mastercontainer \
---restart always \
---publish 8080:8080 \
---env APACHE_PORT=11000 \
---env APACHE_IP_BINDING=0.0.0.0 \
---env APACHE_ADDITIONAL_NETWORK="" \
---env SKIP_DOMAIN_VALIDATION=false \
---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
---volume /var/run/docker.sock:/var/run/docker.sock:ro \
-ghcr.io/nextcloud-releases/all-in-one:latest
-```
+This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers:
 
-<details>
+- Integrated: AIO's internal reverse proxy
+- External: an external reverse proxy such as Caddy or Nginx
+- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel
 
-<summary>Explanation of the command</summary>
-
-- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme).
-- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
-- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
-- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
-- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
-- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
-- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
-- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
-- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
-- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
-
-</details>
-
-> [!Note] 
-> If you run into troubles, see [the debug section](#7-how-to-debug-things).
-
----
-
-> [!IMPORTANT] 
-> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+> [!TIP]
+> If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case.
 
 > [!NOTE]
-> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md).
 
-## Content
+### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support
+
+Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS.
+
+Requirements:
+- A public IP address (it does **not** need to be a dedicated public IP).
+- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort]
+
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**.
+
+### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*)
+
+A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname.
+
+Most notably, an external reverse proxy allows you to:
+- share one external IP address among multiple hostnames/web applications, and
+- use a different internal port than the externally used port.
+
+Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx).
+
+> [!TIP]
+> Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO.
+
+> [!NOTE]
+> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared]
+
+### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*)
+
+Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with:
+
+- Cloudflare Tunnel / Cloudflare Proxy
+- Tailscale Serve / Tailscale Funnel
+
+> [!TIP]
+> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+
+## Deployment
+
+### Quick overview
+
+To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to:
+
+1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
+2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
+3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+
+Don't worry if these steps are not clear yet — each is expanded on in the sections below.
+
+> [!TIP]
+> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
+
+### Getting Started
 
 The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
@@ -72,9 +76,19 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
 
-## 1. Configure the reverse proxy
+> [!Note] 
+> If you run into troubles, see [the debug section](#7-how-to-debug-things).
+
+> [!IMPORTANT] 
+> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+
+> [!NOTE]
+> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+
+### 1. Configure the reverse proxy
+
+#### Adapting the sample web server configurations below
 
-### Adapting the sample web server configurations below
 1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
 1. Adjust the port `11000` to match your chosen `APACHE_PORT`.
 1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options.
@@ -108,7 +122,7 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
 
     </details>
 
-### Apache
+##### Apache
 
 <details>
 
@@ -188,7 +202,7 @@ To make the config work you can run the following command:
 
 </details>
 
-### Caddy (recommended)
+##### Caddy (recommended)
 
 <details>
 
@@ -211,7 +225,7 @@ The Caddyfile is a text file called `Caddyfile` (no extension) which – if you
 
 </details>
 
-### Caddy with ACME DNS-challenge
+##### Caddy with ACME DNS-challenge
 
 <details>
 
@@ -239,7 +253,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
-### OpenLiteSpeed
+##### OpenLiteSpeed
 
 <details>
 
@@ -249,7 +263,7 @@ You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https:/
 
 </details>
 
-### Citrix ADC VPX / Citrix Netscaler
+##### Citrix ADC VPX / Citrix Netscaler
 
 <details>
 
@@ -259,7 +273,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 
 </details>
 
-### Cloudflare Tunnel
+##### Cloudflare Tunnel
 
 <details>
 
@@ -278,7 +292,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
 
 </details>
 
-### HaProxy
+##### HAProxy
 
 <details>
 
@@ -375,7 +389,7 @@ backend Nextcloud
 
 </details>
 
-### Nginx, Freenginx, Openresty, Angie
+##### Nginx, Freenginx, Openresty, Angie
 
 <details>
 
@@ -474,7 +488,7 @@ server {
 
 </details>
 
-### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
+##### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
 
 <details>
 
@@ -505,7 +519,7 @@ Second, see these screenshots for a working config:
 
 </details>
 
-### Nginx-Proxy-Manager - NPM
+##### Nginx-Proxy-Manager - NPM
 
 <details>
 
@@ -538,7 +552,7 @@ Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
 </details>
 
-### Nginx-Proxy
+##### Nginx-Proxy
 
 <details>
 
@@ -554,7 +568,7 @@ Apart from that, there is a [manual-install](https://github.com/nextcloud/all-in
 
 </details>
 
-### Node.js with Express
+##### Node.js with Express
 
 <details>
 
@@ -641,7 +655,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 
 </details>
 
-### Synology Reverse Proxy
+##### Synology Reverse Proxy
 
 <details>
 
@@ -659,7 +673,7 @@ See these screenshots for a working config:
 
 </details>
 
-### Traefik 2
+##### Traefik 2
 
 <details>
 
@@ -751,7 +765,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
-### Traefik 3
+##### Traefik 3
 
 <details>
 
@@ -837,7 +851,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
-### IIS with ARR and URL Rewrite
+##### IIS with ARR and URL Rewrite
 
 <details>
 
@@ -907,7 +921,7 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-### Tailscale
+##### Tailscale
 
 <details>
 
@@ -918,7 +932,7 @@ For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333]
 </details>
 
 
-### Others
+##### Others
 
 <details>
 
@@ -928,7 +942,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 </details>
 
-## 2. Use this startup command
+### 2. Use this startup command
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
@@ -951,6 +965,27 @@ sudo docker run \
 ghcr.io/nextcloud-releases/all-in-one:latest
 ```
 
+<details>
+
+<summary>Explanation of the command</summary>
+
+- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme).
+- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init).
+- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container.
+- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
+- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
+- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
+- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
+- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
+- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
+- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
+- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
+- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
+- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
+
+</details>
+
 Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 You should also think about limiting the Apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container).
@@ -989,17 +1024,17 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
-## 3. Limit the access to the Apache container
+### 3. Limit the access to the Apache container
 
 Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`.
 
-## 4. Open the AIO interface
+### 4. Open the AIO interface
 
 After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080` and type in and validate the domain that you have configured.<br>
 ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)<br>
 Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
 
-## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
+### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
 
 <small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
@@ -1011,7 +1046,7 @@ Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
 sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy
 ```
 
-### Collabora WOPI allow list
+#### Collabora WOPI allow list
 If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
 
 <small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
@@ -1037,7 +1072,8 @@ https://<your-nc-domain>:8443 {
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 7. How to debug things?
+### 7. How to debug things?
+
 <a id="how-to-debug"></a> <!-- for external linking -->
 <a id="6-how-to-debug-things"></a> <!-- For backwards compatibility-->
 
@@ -1057,7 +1093,8 @@ If something does not work, follow the steps below:
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
 
-## 8. Removing the reverse proxy
+### 8. Removing the reverse proxy
+
 If you, at some point, want to remove the reverse proxy, here are some general steps:
 1. Stop all running containers in the AIO Interface.
 2. Stop and remove the mastercontainer.
@@ -1075,3 +1112,10 @@ If you, at some point, want to remove the reverse proxy, here are some general s
 
     *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.*
 5. Restart all other containers in the AIO interface. 
+
+---
+
+## Footnotes:
+
+[^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services).
+[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing.

From 3a7d77a7660d4157e0166cc07eadbcaea9f7a792 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 12:36:09 -0400
Subject: [PATCH 3533/3949] fix: make headers consistent

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 953f1fd0..80aa7e10 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1039,7 +1039,7 @@ If your reverse proxy connects to nextcloud using an ip-address and not localhos
 
 <small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
 
-### Nextcloud trusted proxies
+#### Nextcloud trusted proxies
 Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:
 
 ```
@@ -1051,11 +1051,11 @@ If your reverse proxy connects to Nextcloud with an IP address that is different
 
 <small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
 
-### External reverse proxies connecting via VPN (e.g. Tailscale)
+#### External reverse proxies connecting via VPN (e.g. Tailscale)
 
 If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect.
 
-## 6. Optional: get a valid certificate for the AIO interface
+### 6. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 

From d107cccb92428d018c88835078abcc9979fab2aa Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 22 Oct 2025 13:39:55 -0400
Subject: [PATCH 3534/3949] chore: fix typo

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 80aa7e10..8cf0bb74 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1118,4 +1118,4 @@ If you, at some point, want to remove the reverse proxy, here are some general s
 ## Footnotes:
 
 [^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services).
-[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing.
+[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others.  Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily facilitates port IP address and external port sharing.

From c53308ab3286664e44f7fa0db12f5a9c48fc6c3c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 23 Oct 2025 13:56:56 +0200
Subject: [PATCH 3535/3949] update `nextcloud-aio-minio` to `v2`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/minio/minio.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json
index 2403f213..50613202 100644
--- a/community-containers/minio/minio.json
+++ b/community-containers/minio/minio.json
@@ -2,7 +2,7 @@
     "aio_services_v1": [
         {
             "container_name": "nextcloud-aio-minio",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "display_name": "Minio S3 Storage",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio",
             "image": "ghcr.io/szaimen/aio-minio",

From 1968cd3b362aaf267c137f28e59bda4e9a40f242 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Oct 2025 04:19:59 +0000
Subject: [PATCH 3536/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.5 to 8.19.6.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 980fe275..a50aee53 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.5
+FROM elasticsearch:8.19.6
 
 USER root
 

From 152f1e375b86fd04048f8919f1f51809e64467e1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 24 Oct 2025 07:25:45 +0000
Subject: [PATCH 3537/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 4eae8029..a94e41e2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.9
+ENV NEXTCLOUD_VERSION=31.0.10
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 8fb2f84440867a8db5208ec25d66ee161cd30492 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Oct 2025 09:29:30 +0200
Subject: [PATCH 3538/3949] increase to 11.11.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 8db6beb6..16a240dc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.10.0</h1>
+            <h1>Nextcloud AIO v11.11.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From fc9265653ee1e9c6faf86e52b153443dfdae839e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 24 Oct 2025 09:48:00 +0200
Subject: [PATCH 3539/3949] nextcloud: download nextcloud archive file from
 github instead of download.nextcloud.com

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a94e41e2..c5ab4985 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -156,7 +156,7 @@ RUN set -ex; \
     ; \
     \
     curl -fsSL -o nextcloud.tar.bz2 \
-        "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
+        "https://github.com/nextcloud-releases/server/releases/download/v${NEXTCLOUD_VERSION}/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
     curl -fsSL -o nextcloud.tar.bz2.asc \
         "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \

From 5568c78293cdec239a560a7060aed34af5e66ecd Mon Sep 17 00:00:00 2001
From: masterwoot <company+github.com@maganti.se>
Date: Fri, 24 Oct 2025 09:59:57 +0200
Subject: [PATCH 3540/3949] Update backupscript.sh

Typo in string messages, changing from "Nextclouds data directory.." to "Nextcloud's data directory.." as it's in the possessive form.

Signed-off-by: masterwoot <company+github.com@maganti.se>
---
 Containers/borgbackup/backupscript.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 602ec586..41c05724 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -199,7 +199,7 @@ if [ "$BORG_MODE" = backup ]; then
     if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then
         BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/")
         BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup")
-        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!"
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from backup!"
     # Exclude preview folder if .noaiobackup file was found
     elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then
         BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/")
@@ -344,7 +344,7 @@ if [ "$BORG_MODE" = restore ]; then
         ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**")
         ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**")
         ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?')
-        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!"
+        echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from restore!"
         echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database."
         echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore."
         echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands"

From bf42de65dacf05471305776aa41f24e9582f0077 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:21:21 +0000
Subject: [PATCH 3541/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.13-fpm-alpine3.22 to 8.4.14-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.14-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c1cbaa59..20f22421 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:28.5.1-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.13-fpm-alpine3.22
+FROM php:8.4.14-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From 19d5ad2a794503ed1b3992ed05991667b4a61327 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:21:59 +0000
Subject: [PATCH 3542/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.6-alpine to 3.2.7-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.7-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 72034cec..ad128d54 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.6-alpine
+FROM haproxy:3.2.7-alpine
 
 # hadolint ignore=DL3002
 USER root

From 2598f1b983b883d45224c71f2a673f1cb310c040 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:22:17 +0000
Subject: [PATCH 3543/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.26-fpm-alpine3.22 to 8.3.27-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.27-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index c5ab4985..0250f067 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.26-fpm-alpine3.22
+FROM php:8.3.27-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From b7c6ab018de93f361a9e38f70392f9e5b6b0d3da Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 04:22:30 +0000
Subject: [PATCH 3544/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.3.0 to v1.4.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index e60bb815..f90dfdee 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0
 
 USER root
 RUN set -ex; \

From 68f7958c1253a522b5f80cdfdc730b0fd5406f5e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Oct 2025 11:37:12 +0100
Subject: [PATCH 3545/3949] update detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md
index edf6c779..cb31e601 100755
--- a/nextcloud-aio-helm-chart/readme.md
+++ b/nextcloud-aio-helm-chart/readme.md
@@ -1,7 +1,7 @@
 # Nextcloud AIO Helm-chart
 
 > [!NOTE]
-> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
+> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman and OpenShift), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
 
 > [!IMPORTANT]
 > This Helm-Chart is not intended to be used with Ingress as it handles TLS itself via the built-in apache container and exposes a Loadbalancer port itself on the Cluster. See the [apache service](https://github.com/nextcloud/all-in-one/blob/main/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml). However if the Cluster is used behind NAT, you can adjust `APACHE_PORT` to a different one than 443 and do the TLS offloading on an external Reverse Proxy that forwards the traffic to the configured port via http. If you really need the Ingress feature, please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/) as we offer an enterprise-ready and scalable deployment method based on Helm Charts that also allows Ingress to be used.

From 8a3befadddb10a272a2970093d05db8e951720e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 14:04:50 +0000
Subject: [PATCH 3546/3949] build(deps): bump actions/upload-artifact in
 /.github/workflows

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 9de89243..8c7b0a93 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v5
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

From 6c3f2e41ff4b2673ba464e1d84daedade1750879 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 27 Oct 2025 18:23:21 +0100
Subject: [PATCH 3547/3949] add DeepWiki badge to auto-refresh the wiki

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/readme.md b/readme.md
index 9dfc2e77..80f8808c 100644
--- a/readme.md
+++ b/readme.md
@@ -1143,3 +1143,11 @@ AIO ships its own update notifications implementation. It checks if container up
 
 ### Huge docker logs
 If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs.
+
+<details>
+
+<summary>Badges</summary>
+
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/nextcloud/all-in-one)
+
+</details>

From 68edc82bf4ac950f4c51cfff3dd00508a582ba45 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 Oct 2025 13:30:43 +0100
Subject: [PATCH 3548/3949] watchtower: revert to building watchtower manually

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 36 +++++++++++++++++++++++++
 Containers/watchtower/Dockerfile        | 12 +++++++--
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/watchtower-update.yml

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
new file mode 100644
index 00000000..329cd284
--- /dev/null
+++ b/.github/workflows/watchtower-update.yml
@@ -0,0 +1,36 @@
+name: watchtower-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  watchtower-update:
+    name: update watchtower
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Run watchtower-container-update
+      run: |
+        # Watchtower
+        watchtower_version="$(
+          git ls-remote https://github.com/nicholas-fedor/watchtower v* \
+            | cut -d/ -f3 \
+            | sort -V \
+            | grep -E "^v[0-9\.]+$" \
+            | tail -1
+        )"
+        watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
+        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      with:
+        commit-message: watchtower-update automated change
+        signoff: true
+        title: watchtower container update
+        body: Automated watchtower container update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: watchtower-container-update
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index c2b38b18..e3858248 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower
+FROM golang:1.25.3-alpine3.22 AS go
+
+ENV WATCHTOWER_COMMIT_HASH=v1.12.1
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        build-base; \
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH;
 
 FROM alpine:3.22.2
 
@@ -7,7 +15,7 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash ca-certificates tzdata
 
-COPY --from=watchtower /watchtower /watchtower
+COPY --from=go /go/bin/watchtower /watchtower
 
 COPY --chmod=775 start.sh /start.sh
 

From e2614defe02501dffb0a13aac067c7beba16b663 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 29 Oct 2025 14:54:36 +0100
Subject: [PATCH 3549/3949] helm: adjust externalTrafficPolicy to Local only
 for apache container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 80882854..9c249cb1 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -252,7 +252,7 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+find ./ -name '*apache-service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
 # shellcheck disable=SC1083

From 5289da58d6ac876321dc5af032ee7efc8c0887ed Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 30 Oct 2025 14:34:46 -0400
Subject: [PATCH 3550/3949] docs: further enhance reverse proxy / secure tunnel
 docs

Further updated the guide to clarify the use of reverse proxies and secure tunnels with Nextcloud AIO.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 reverse-proxy.md | 159 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 115 insertions(+), 44 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 8cf0bb74..b1eb353c 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -2,88 +2,150 @@
 
 ## Introduction
 
-This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers:
+This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunneling platform. It covers several potential scenarios:
 
-- Integrated: AIO's internal reverse proxy
-- External: an external reverse proxy such as Caddy or Nginx
-- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel
+- **Integrated**: AIO's built-in reverse proxy with automatic HTTPS
+- **External**: An external reverse proxy (such as Caddy or Nginx or Cloudflare Proxy)
+- **Secure tunnel**: Tunneling services for private network access or public access without port forwarding (such as Tailscale Serve or Cloudflare Tunnel)
+
+## Choosing Your Approach
 
 > [!TIP]
 > If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case.
 
 > [!NOTE]
-> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md).
+> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md). Local instance setups don't require domain validation.
+
+### When to use each approach
+
+| Approach | Best for | Requirements | Inbound Ports Required |
+|----------|----------|--------------|---------------|
+| **Integrated** | Simple setups, single service on port 443 | Public IP, dedicated port 443 | Yes (443) |
+| **External Reverse Proxy** (including Cloudflare Proxy) | Multiple services, existing web server, or users wanting DDoS protection | Existing reverse proxy, willingness to set one up, or Cloudflare account | Yes (443) |
+| **Cloudflare Tunnel** | No port forwarding possible/desired, public access | Cloudflare account | No |
+| **Tailscale Serve** | Private access (tailnet only) | Tailscale account | No |
+| **Tailscale Funnel** | Public access via Tailscale | Tailscale account | No |
+
+## Implementation Details
 
 ### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support
 
 Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS.
 
 Requirements:
-- A public IP address (it does **not** need to be a dedicated public IP).
-- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort]
+- A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers).
+- Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort]
 
-**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**.
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).**
 
-### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*)
+### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*)
+
+**When you use an external reverse proxy, you disable AIO's built-in HTTPS support** because your reverse proxy will handle HTTPS/TLS certificates and encryption instead. This approach is necessary when:
+- Port 443 is already in use by another service
+- You want to run multiple web services on the same IP address
+- You already have an existing reverse proxy infrastructure
 
 A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname.
 
+**Types of external reverse proxies:**
+- **Self-hosted** (Caddy, Nginx, Apache, Traefik, HAProxy, etc.) - You manage the reverse proxy on your own server or separate server
+- **Cloudflare Proxy** (orange-clouded DNS) - Cloudflare provides the reverse proxy at their edge network with DDoS protection and CDN benefits. This is distinct from Cloudflare Tunnel, though Tunnel can optionally use these proxy features when publishing routes.
+
 Most notably, an external reverse proxy allows you to:
 - share one external IP address among multiple hostnames/web applications, and
 - use a different internal port than the externally used port.
 
 Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx).
 
+> [!NOTE]
+> Cloudflare **Tunnel** and Cloudflare **Proxy** are different approaches:
+> - **Cloudflare Tunnel** doesn't require opening any inbound ports on your firewall.
+> - **Cloudflare Proxy** still requires port 443 exposed on your server.
+
 > [!TIP]
 > Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO.
 
 > [!NOTE]
-> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared]
+> An external reverse proxy can also facilitate other routing approaches, but Nextcloud AIO only supports having its own dedicated hostname (e.g., `cloud.example.com`). You cannot run it in a subfolder like `example.com/nextcloud/`.[^shared]
 
-### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*)
+### Secure tunnel: Using AIO with a secure tunneling service (*Tailscale, Cloudflare*)
 
-Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with:
+Cloudflare and Tailscale offer secure tunneling services that let you access your Nextcloud without opening ports on your firewall. 
 
-- Cloudflare Tunnel / Cloudflare Proxy
-- Tailscale Serve / Tailscale Funnel
+#### Private network access
+
+For Nextcloud AIO, you can use:
+- **Cloudflare Tunnel (`cloudflared`)** - Secure outbound-only tunnels that don't require exposing ports
+- **Tailscale Serve** - Expose services privately on your Tailscale network (tailnet only)
+
+Both options provide private network access to your Nextcloud AIO instance.
+
+#### Public Internet access (without port forwarding)
+
+To make your Nextcloud AIO instance accessible from the public Internet (not just your private network), you can use:
+- **Cloudflare Tunnel** with public routes enabled (which combines Cloudflare Tunnel with Cloudflare's proxy features)
+- **Tailscale Funnel** - Expose services to the public Internet via Tailscale's infrastructure
+
+**Comparison of Cloudflare and Tailscale options:**
+
+| Feature | Access Scope | Inbound Ports Required | Use Case |
+|---------|--------------|----------------|----------|
+| **Cloudflare Tunnel** | Public Internet | None | Public access without port forwarding |
+| **Tailscale Serve** | Your Tailscale network only | None | Private access for you and invited users |
+| **Tailscale Funnel** | Public Internet | None | Public access through Tailscale |
 
 > [!TIP]
 > Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+>
+> **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet.
+>
+> **For public access without port forwarding**: Use [Tailscale Funnel](https://tailscale.com/kb/1223/funnel).
 
-## Deployment
+## Configuration and Deployment
+
+> [!NOTE]
+> These instructions assume you already have a domain name pointing to your server's public IP address. If you don't have a domain yet, see the recommendations below.
 
 ### Quick overview
 
-To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to:
+To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), the basic process is:
 
-1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
-2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
-3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+1. Configure your web server or reverse proxy with the specific settings for AIO.
+2. Specify the port that AIO's integrated Apache container will use.
+3. Open the AIO interface and validate your domain.
 
-Don't worry if these steps are not clear yet — each is expanded on in the sections below.
+The sections below provide detailed instructions for each step.
 
 > [!TIP]
-> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
+> If you don't have a domain yet, we recommend using [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575).
 
-### Getting Started
+### Step-by-Step Instructions
 
-The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
-1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
-1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
-1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
-1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
-1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001)
-1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface)
-1. Optional: how to debug things? See [point 7](#7-how-to-debug-things)
+The process to run Nextcloud AIO behind a reverse proxy has three required steps and three optional steps:
 
-> [!Note] 
+**Required steps:**
+1. **Configure** your web server or reverse proxy with the specific settings for AIO. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below.
+2. **Specify** the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`, and update the `docker run` command or your Compose file accordingly. See ["Use this startup command"](#2-use-this-startup-command) below.
+   - *Optional*: Limit the access to the Apache container. See ["Limit the access to the Apache container"](#3-limit-the-access-to-the-apache-container).
+3. **Open** the AIO interface at port `8080`, enter your domain, and validate it. See ["Open the AIO interface"](#4-open-the-aio-interface) below.
+
+**Optional steps:**
+
+4. Configure additional settings if your reverse proxy uses an IP address to connect to AIO. See ["Configure AIO for IP-based reverse proxies"](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001).
+5. Get a valid certificate for the AIO interface. See ["Get a valid certificate for the AIO interface"](#6-optional-get-a-valid-certificate-for-the-aio-interface).
+6. Debug things if needed. See ["How to debug things"](#7-how-to-debug-things).
+
+> [!NOTE] 
 > If you run into troubles, see [the debug section](#7-how-to-debug-things).
 
 > [!IMPORTANT] 
-> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
+> If you need HTTPS between Nextcloud and the reverse proxy (because the reverse proxy runs on a different server), you have two options:
+> 
+> 1. **Add a local reverse proxy**: Install another reverse proxy on the same server as AIO to handle HTTPS (typically with self-signed certificates)
+> 2. **Use a VPN**: Create a VPN tunnel between the AIO server and the reverse proxy server to encrypt the connection
 
 > [!NOTE]
-> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
+> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom Docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail!
 
 ### 1. Configure the reverse proxy
 
@@ -673,6 +735,26 @@ See these screenshots for a working config:
 
 </details>
 
+##### Tailscale (Serve)
+
+<details>
+
+<summary>Click here to expand</summary>
+
+Tailscale can be used to provide private access to your Nextcloud AIO instance without opening ports on your firewall. With **Tailscale Serve**, your Nextcloud is accessible only to devices on your Tailscale network (tailnet) via a secure HTTPS domain.
+
+For a detailed setup guide using Tailscale Serve with Nextcloud AIO, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
+
+The guide covers:
+- Setting up system-wide (non-containerized) Tailscale as a reverse proxy
+- Configuring Nextcloud AIO to work with Tailscale Serve
+- Using Tailscale's MagicDNS to provide automatic HTTPS certificates
+- Private access via your tailnet (e.g., `yourserver.tail0a12b3.ts.net`)
+
+⚠️ **Please note:** This guide covers **Tailscale Serve** for private tailnet access. If you need public Internet access, consider using **Tailscale Funnel**.
+
+</details>
+
 ##### Traefik 2
 
 <details>
@@ -921,17 +1003,6 @@ Add the following `web.config` file to the root of the site you created as the r
 
 </details>
 
-##### Tailscale
-
-<details>
-
-<summary>click here to expand</summary>
-
-For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
-
-</details>
-
-
 ##### Others
 
 <details>

From 727d0d03db4d59fe6425c01f812c2f9a4af65dc6 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 31 Oct 2025 12:03:38 +0000
Subject: [PATCH 3551/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 09f93f25..93aeefab 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1646,16 +1646,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.21.1",
+            "version": "v3.22.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d"
+                "reference": "4509984193026de413baf4ba80f68590a7f2c51d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d",
-                "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d",
+                "reference": "4509984193026de413baf4ba80f68590a7f2c51d",
                 "shasum": ""
             },
             "require": {
@@ -1709,7 +1709,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.21.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.0"
             },
             "funding": [
                 {
@@ -1721,7 +1721,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-05-03T07:21:55+00:00"
+            "time": "2025-10-29T15:56:47+00:00"
         }
     ],
     "packages-dev": [
@@ -3883,16 +3883,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.26",
+            "version": "v6.4.27",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f"
+                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
-                "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f",
+                "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc",
+                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc",
                 "shasum": ""
             },
             "require": {
@@ -3957,7 +3957,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.26"
+                "source": "https://github.com/symfony/console/tree/v6.4.27"
             },
             "funding": [
                 {
@@ -3977,7 +3977,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-09-26T12:13:46+00:00"
+            "time": "2025-10-06T10:25:16+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4051,16 +4051,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.24",
+            "version": "v6.4.27",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "73089124388c8510efb8d2d1689285d285937b08"
+                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08",
-                "reference": "73089124388c8510efb8d2d1689285d285937b08",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b",
+                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b",
                 "shasum": ""
             },
             "require": {
@@ -4095,7 +4095,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.24"
+                "source": "https://github.com/symfony/finder/tree/v6.4.27"
             },
             "funding": [
                 {
@@ -4115,7 +4115,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-15T12:02:45+00:00"
+            "time": "2025-10-15T18:32:00+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4724,16 +4724,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.12.0",
+            "version": "1.12.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "541057574806f942c94662b817a50f63f7345360"
+                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360",
-                "reference": "541057574806f942c94662b817a50f63f7345360",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68",
+                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68",
                 "shasum": ""
             },
             "require": {
@@ -4776,9 +4776,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.12.0"
+                "source": "https://github.com/webmozarts/assert/tree/1.12.1"
             },
-            "time": "2025-10-20T12:43:39+00:00"
+            "time": "2025-10-29T15:56:20+00:00"
         }
     ],
     "aliases": [],

From f88e4aef373c9a151a6181176a831c72a1c9faa7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 31 Oct 2025 12:25:33 +0000
Subject: [PATCH 3552/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml                 | 1 -
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 15 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 6eb13d92..0b10dd4d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.10.0
+version: 11.11.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 4196cb99..3388c1d7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 9f8dda8d..35b30e41 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 5db29234..449a24fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 8466fe03..6f08b4a6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 5b9ef69f..49dc3d34 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 84ea42e6..4956ed71 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index c6559fbd..49f2bd53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -188,7 +188,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dac83c98..b93283e7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 98f75058..c30f6a0e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 61938748..2d5da82d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index aa078677..b6f2e489 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 27a50beb..e0902a0f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 675a2729..10d17177 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -12,7 +12,6 @@ metadata:
 spec:
   ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
-  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 08d3fcca..28c05cab 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139
           readinessProbe:
             exec:
               command:

From 3475a7b5d3eca296046351b967c6ea0f0987c2e8 Mon Sep 17 00:00:00 2001
From: "Ruben D." <ruben@winterrific.net>
Date: Fri, 24 Oct 2025 20:53:55 +0200
Subject: [PATCH 3553/3949] Change Milter OnInfected action to Reject

Signed-off-by: Ruben D. <ruben@winterrific.net>
---
 Containers/clamav/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 81db262f..94d39b67 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -17,6 +17,7 @@ RUN set -ex; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \
+    sed -i "s|#\?OnInfected Quarantine|OnInfected Reject|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \
     sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf
 

From f07b015a4170548d420b0903537f4ee72146bac7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 04:13:53 +0000
Subject: [PATCH 3554/3949] build(deps): bump redis in /Containers/redis

Bumps redis from 7.2.11-alpine to 7.2.12-alpine.

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.2.12-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/redis/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 8cb0f973..a44295de 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.11-alpine
+FROM redis:7.2.12-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From 1f6c30b93aa830dd609116b566c71e60a5c57a22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 04:14:11 +0000
Subject: [PATCH 3555/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.0 to v1.4.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index f90dfdee..90aa72f2 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 
 USER root
 RUN set -ex; \

From 74933c6b83f1231c6439d766347a947ca9c5b322 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:42:05 +0100
Subject: [PATCH 3556/3949] update redis to v8.x

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/redis/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index a44295de..7cc1ff84 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.12-alpine
+# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
+FROM redis:8.2.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

From abf0bbc43157748c8372b37d3bff0f43cb213921 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:44:33 +0100
Subject: [PATCH 3557/3949] dependabot: update redis also to new minor versions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0caaabfb..f79c4ce2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -55,6 +55,6 @@ updates:
     - dependency-name: "postgres"
       update-types: ["version-update:semver-major"]
     - dependency-name: "redis"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]

From 0ee5ec00366434b22269a13216da364b18430f07 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:48:39 +0100
Subject: [PATCH 3558/3949] docker-image-prune: only remove image with
 `label=org.label-schema.vendor=Nextcloud`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/cron.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index fc8c4081..5829d8da 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -60,7 +60,7 @@ while true; do
     fi
 
     # Remove dangling images
-    sudo -u www-data docker image prune --force
+    sudo -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
 
     # Check for available free space
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php

From f179e5adad0f66ebea3ec6eb5273507a8a21ceb1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 13:57:22 +0100
Subject: [PATCH 3559/3949] app: update min and max versions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 app/appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml
index 8b911c10..832d3ccd 100644
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="30" max-version="31"/>
+		<nextcloud min-version="31" max-version="32"/>
 	</dependencies>
 
 	<settings>

From b10c9b74bf182448bdc0320c7036e77ec3d362b4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 14:00:16 +0100
Subject: [PATCH 3560/3949] nextcloud: update to `32.0.1`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 35bf5b20..0617db93 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.10
+ENV NEXTCLOUD_VERSION=32.0.1
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From d17ed75d6246a1d25b15bf859babb5fc361a9498 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 14:02:37 +0100
Subject: [PATCH 3561/3949] aio-interface: hide upgrade notice

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 16a240dc..12b4d81b 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -36,7 +36,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersionString = '25 Autumn' %}
+            {% set newMajorVersionString = '' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}

From 21fbb58c96b4cbc8315bfc4af07645b0bfec02b5 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Sat, 23 Aug 2025 01:30:20 +0200
Subject: [PATCH 3562/3949] Rewrite all AIO interface paths to be relative

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/public/base_path.js                       |  3 +
 php/public/index.php                          |  6 +-
 .../Controller/ConfigurationController.php    |  2 +-
 php/src/Controller/DockerController.php       | 19 +++--
 php/src/Controller/LoginController.php        | 12 +--
 php/src/Middleware/AuthMiddleware.php         | 10 ++-
 php/templates/already-installed.twig          |  6 +-
 php/templates/components/container-state.twig |  6 +-
 php/templates/containers.twig                 | 83 ++++++++++---------
 .../includes/community-containers.twig        |  2 +-
 .../includes/optional-containers.twig         | 10 +--
 php/templates/layout.twig                     |  4 +-
 php/templates/login.twig                      |  6 +-
 php/templates/setup.twig                      |  6 +-
 14 files changed, 96 insertions(+), 79 deletions(-)
 create mode 100644 php/public/base_path.js

diff --git a/php/public/base_path.js b/php/public/base_path.js
new file mode 100644
index 00000000..67c1a4a7
--- /dev/null
+++ b/php/public/base_path.js
@@ -0,0 +1,3 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    document.getElementById("base_path") && (document.getElementById("base_path").value = window.location.pathname.slice(0, -11));
+});
\ No newline at end of file
diff --git a/php/public/index.php b/php/public/index.php
index aac83826..d3fbbeb9 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -178,17 +178,17 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
     $setup = $container->get(\AIO\Data\Setup::class);
     if($setup->CanBeInstalled()) {
         return $response
-            ->withHeader('Location', '/setup')
+            ->withHeader('Location', 'setup')
             ->withStatus(302);
     }
 
     if($authManager->IsAuthenticated()) {
         return $response
-            ->withHeader('Location', '/containers')
+            ->withHeader('Location', 'containers')
             ->withStatus(302);
     } else {
         return $response
-            ->withHeader('Location', '/login')
+            ->withHeader('Location', 'login')
             ->withStatus(302);
     }
 });
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index ed3be505..5727c364 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -161,7 +161,7 @@ readonly class ConfigurationController {
                 $this->configurationManager->DeleteBorgBackupLocationVars();
             }
 
-            return $response->withStatus(201)->withHeader('Location', '/');
+            return $response->withStatus(201)->withHeader('Location', '.');
         } catch (InvalidSettingConfigurationException $ex) {
             $response->getBody()->write($ex->getMessage());
             return $response->withStatus(422);
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 678bbdc9..dd6b1076 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -85,7 +85,7 @@ readonly class DockerController {
     public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
         $forceStopNextcloud = true;
         $this->startBackup($forceStopNextcloud);
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startBackup(bool $forceStopNextcloud = false) : void {
@@ -102,7 +102,7 @@ readonly class DockerController {
 
     public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
         $this->checkBackup();
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function checkBackup() : void {
@@ -132,7 +132,7 @@ readonly class DockerController {
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
@@ -148,7 +148,7 @@ readonly class DockerController {
         $config['backup-mode'] = 'check';
         $this->configurationManager->WriteConfig($config);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
@@ -163,7 +163,7 @@ readonly class DockerController {
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartContainer(Request $request, Response $response, array $args) : Response
@@ -171,6 +171,7 @@ readonly class DockerController {
         $uri = $request->getUri();
         $host = $uri->getHost();
         $port = $uri->getPort();
+        $path = $request->getParsedBody()['base_path'];
         if ($port === 8000) {
             error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
             $port = 443;
@@ -184,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . $port;
+        $config['AIO_URL'] = $host . ':' . $port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major
@@ -204,7 +205,7 @@ readonly class DockerController {
         // Temporarily disabled as it leads much faster to docker rate limits
         // apcu_clear_cache();
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startTopContainer(bool $pullImage) : void {
@@ -223,7 +224,7 @@ readonly class DockerController {
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
         $this->startWatchtower();
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function startWatchtower() : void {
@@ -261,7 +262,7 @@ readonly class DockerController {
         $forceStopNextcloud = true;
         $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
-        return $response->withStatus(201)->withHeader('Location', '/');
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function stopTopContainer() : void {
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 196e7138..233a795e 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,33 +19,33 @@ readonly class LoginController {
     public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
             $response->getBody()->write("The login is blocked since Nextcloud is running.");
-            return $response->withHeader('Location', '/')->withStatus(422);
+            return $response->withHeader('Location', '.')->withStatus(422);
         }
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(201);
+            return $response->withHeader('Location', '.')->withStatus(201);
         }
 
         $response->getBody()->write("The password is incorrect.");
-        return $response->withHeader('Location', '/')->withStatus(422);
+        return $response->withHeader('Location', '.')->withStatus(422);
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(302);
+            return $response->withHeader('Location', '../..')->withStatus(302);
         }
 
-        return $response->withHeader('Location', '/')->withStatus(302);
+        return $response->withHeader('Location', '../..')->withStatus(302);
     }
 
     public function Logout(Request $request, Response $response, array $args) : Response
     {
         $this->authManager->SetAuthState(false);
         return $response
-            ->withHeader('Location', '/')
+            ->withHeader('Location', '.')
             ->withStatus(302);
     }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index f8d44857..a54f47a6 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -27,7 +27,15 @@ readonly class AuthMiddleware {
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
                 $status = 302;
-                $headers = ['Location' => '/'];
+                if(count(explode('/', $request->getUri()->getPath())) > 2) {
+                    $location = '..';
+                    for($i = 0; $i < count(explode('/', $request->getUri()->getPath())) - 3; $i++) {
+                        $location = $location . '/..';
+                    }
+                } else {
+                    $location = '.';
+                }
+                $headers = ['Location' => $location];
                 $response = new Response($status, $headers);
                 return $response;
             }
diff --git a/php/templates/already-installed.twig b/php/templates/already-installed.twig
index fa18f988..e16e6792 100644
--- a/php/templates/already-installed.twig
+++ b/php/templates/already-installed.twig
@@ -3,11 +3,11 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h2>Nextcloud All-In-One is already installed</h2>
-        <a href="/" class="button">Open Nextcloud AIO</a>
+        <a href="." class="button">Open Nextcloud AIO</a>
     </div>
 {% endblock %}
diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index 4cf5dd4e..8375d033 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -4,15 +4,15 @@
     {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
     {% elseif c.GetRunningState().value == 'running' %}
       <span class="status success"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
       {{ c.GetDisplayName() }}
-      (<a href="/api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
     {% endif %}
     {% if c.GetDocumentation() != '' %}
       (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 12b4d81b..1e795149 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -6,9 +6,9 @@
     </head>
     <header>
         <svg class="logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 71" width="62" height="50">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
         </svg>
-        <form method="POST" action="/api/auth/logout">
+        <form method="POST" action="api/auth/logout">
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
             <input type="submit" value="Log out" />
@@ -63,11 +63,11 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}
-                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                     {% endif %}
                 {% endif %}
                 {% if has_update_available == false %}
@@ -78,7 +78,7 @@
                 <p><a href="" class="button reload">Reload ↻</a></p>
                 <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
             {% elseif isWatchtowerRunning == true %}
-                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                 <p><a href="" class="button reload">Reload ↻</a></p>
             {% else %}
                 {% if is_backup_container_running == false and domain == "" %}
@@ -88,7 +88,7 @@
                     {% elseif is_mastercontainer_update_available == true %}
                         <h2>Mastercontainer update</h2>
                         <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
-                        <form method="POST" action="/api/docker/watchtower" class="xhr">
+                        <form method="POST" action="api/docker/watchtower" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                             <input type="submit" value="Update mastercontainer" />
@@ -108,7 +108,7 @@
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
-                            <form method="POST" action="/api/configuration" class="xhr">
+                            <form method="POST" action="api/configuration" class="xhr">
                                 <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -137,7 +137,7 @@
                             {% if hasBackupLocation %}
                                 {% if borg_backup_mode in ['test', 'check'] %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                         {% elseif borg_backup_mode == 'check' %}
@@ -145,7 +145,7 @@
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -153,10 +153,10 @@
                                             </details>
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
-                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity"/>
@@ -164,7 +164,7 @@
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
                                         <p><strong>Important:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
-                                        <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                        <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -178,7 +178,7 @@
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last restore failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                     {% endif %}
                                 {% endif %}
@@ -197,7 +197,7 @@
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
                                 if stored remotely; and the encryption password of the backup archive below and submit all values:
                                 </p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <label>Borg passphrase</label> <input type="text" id="borg_restore_password" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
@@ -210,7 +210,7 @@
                             {% endif %}
                         {% else %}
                             <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
-                            <form method="POST" action="/api/docker/backup-test" class="xhr">
+                            <form method="POST" action="api/docker/backup-test" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Test path and encryption password"/>
@@ -223,14 +223,14 @@
 
                 {% if was_start_button_clicked == true %}
                     {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
+                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                     {% else %}
                         <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                     {% endif %}
                 {% endif %}
 
                 {% if is_backup_container_running == true %}
-                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                     <p><a href="" class="button reload">Reload ↻</a></p>
                 {% endif %}
 
@@ -259,7 +259,7 @@
                             {% else %}
                                 <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
                                 <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
-                                <form method="POST" action="/api/docker/stop" class="xhr">
+                                <form method="POST" action="api/docker/stop" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Stop containers" />
@@ -312,7 +312,7 @@
                                     <p>You can find all changes <a target="_blank" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                                 {% endif %}
                             {% endif %}
-                            <form method="POST" action="/api/docker/stop" class="xhr">
+                            <form method="POST" action="api/docker/stop" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Stop containers" />
@@ -327,31 +327,34 @@
                             {% endif %}
                             {% if is_mastercontainer_update_available == true %}
                                 <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
-                                <form method="POST" action="/api/docker/watchtower" class="xhr">
+                                <form method="POST" action="api/docker/watchtower" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Update mastercontainer" />
                                 </form>
                             {% else %}
                                 {% if was_start_button_clicked == false %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if newMajorVersionString != '' %}
                                             <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub 10 will get installed)</label><br>
                                         {% endif %}
                                         <input type="submit" value="Download and start containers" />
                                     </form>
                                 {% elseif has_update_available == false %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         <input type="submit" value="Start containers" />
                                     </form>
                                 {% else %}
-                                    <form method="POST" action="/api/docker/start" class="xhr">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if bypass_container_update == true %}
                                             <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
                                         {% endif %}
@@ -376,7 +379,7 @@
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
                                 You will be provided with an SSH public key for authorization at the remote afterwards.
                                 </p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                     <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -393,13 +396,13 @@
                                 {% if is_backup_container_running == false %}
                                     <h2>Backup and restore</h2>
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == "check" %}
                                             <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -417,7 +420,7 @@
                                             {% endif %}
 
                                             <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                                 <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -427,9 +430,9 @@
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
                                         {% if borg_backup_mode == "backup" %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% else %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% endif %}
                                     {% endif %}
                                 {% endif %}
@@ -464,7 +467,7 @@
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>
                                         <p>Clicking on the button below will create a backup.</p>
-                                        <form method="POST" action="/api/docker/backup" class="xhr">
+                                        <form method="POST" action="api/docker/backup" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
@@ -479,7 +482,7 @@
                                             {% endif %}
                                             is wrong, you can reset it by clicking on the button below.
                                             </p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -493,7 +496,7 @@
 
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
-                                            <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
@@ -501,7 +504,7 @@
 
                                             <h3>Backup restore</h3>
                                             <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
-                                            <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                            <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -515,7 +518,7 @@
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
                                                 <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
-                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                <form method="POST" action="api/configuration" class="xhr">
                                                     <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -529,7 +532,7 @@
                                                     Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated.
                                                 {% endif %}
                                                 <p>To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.</p>
-                                                <form method="POST" action="/api/configuration" class="xhr">
+                                                <form method="POST" action="api/configuration" class="xhr">
                                                     <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -539,7 +542,7 @@
 
                                             <h3>Back up additional directories and docker volumes of your host</h3>
                                             <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.</p>
-                                            <form method="POST" action="/api/configuration" class="xhr">
+                                            <form method="POST" action="api/configuration" class="xhr">
                                                 <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -566,7 +569,7 @@
                                 <details>
                                     <summary>Click here to change your AIO passphrase</summary>
                                     <p>You can change your AIO passphrase below:</p>
-                                    <form method="POST" action="/api/configuration" class="xhr">
+                                    <form method="POST" action="api/configuration" class="xhr">
                                         <input type="password" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO passphrase" id="current-master-password" oninput="showPassword('current-master-password')">
                                         <input type="password" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO passphrase" id="new-master-password" oninput="showPassword('new-master-password')">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -592,7 +595,7 @@
                             {% if timezone == "" %}
                                 <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
                                 <p>You can configure the timezone for Nextcloud below (Do not forget to submit the value!):</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -601,7 +604,7 @@
                                 <p>You need to make sure that the timezone that you enter is valid. An example is <strong>Europe/Berlin</strong>. You can get valid values by looking at the 'TZ identifier' column of this list: <a target="_blank" href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><strong>click here</strong></a>. The default is <strong>Etc/UTC</strong> if nothing is entered.</p>
                             {% else %}
                                 <p>The timezone for Nextcloud is currently set to <strong>{{ timezone }}</strong>. You can change the timezone by clicking on the button below.</p>
-                                <form method="POST" action="/api/configuration" class="xhr">
+                                <form method="POST" action="api/configuration" class="xhr">
                                     <input type="hidden" name="delete_timezone" value="yes"/>
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -620,6 +623,8 @@
             <script type="text/javascript" src="before-unload.js"></script>
         {% endif %}
 
+        <script type="text/javascript" src="base_path.js"></script>
+
         </main>
     </div>
 {% endblock %}
diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig
index f74e3756..66cceb2b 100644
--- a/php/templates/includes/community-containers.twig
+++ b/php/templates/includes/community-containers.twig
@@ -8,7 +8,7 @@
 {% endif %}
 <details>
     <summary>Show/Hide available Community Containers</summary>
-    <form id="community-form" method="POST" action="/api/configuration" class="xhr">
+    <form id="community-form" method="POST" action="api/configuration" class="xhr">
         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
         <input type="hidden" name="community-form" value="community-form">
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 6bea68db..b4764592 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -5,7 +5,7 @@
 {% else %}
     <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of optional containers. The changes will not be auto-saved.</p>
 {% endif %}
-<form id="options-form" method="POST" action="/api/configuration" class="xhr">
+<form id="options-form" method="POST" action="api/configuration" class="xhr">
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">
@@ -160,7 +160,7 @@
 
     {% if collabora_dictionaries == "" %}
         <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -169,7 +169,7 @@
         <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
     {% else %}
         <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -182,7 +182,7 @@
     {% if collabora_additional_options == "" %}
         <p>You can configure additional options for collabora below.</p>
         <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_additional_options" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -191,7 +191,7 @@
         <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
     {% else %}
         <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
-        <form method="POST" action="/api/configuration" class="xhr">
+        <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_additional_options" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index e20ca3e0..4d842e3d 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,8 +1,8 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v6" media="all" />
-        <link rel="icon" href="/img/favicon.png">
+        <link rel="stylesheet" href="style.css?v6" media="all" />
+        <link rel="icon" href="img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>
     </head>
diff --git a/php/templates/login.twig b/php/templates/login.twig
index cf5cc0c3..1c5420c2 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -3,14 +3,14 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h1>Nextcloud AIO Login</h1>
         {% if is_login_allowed == true %}
             <p>Log in using your Nextcloud AIO passphrase:</p>
-            <form method="POST" action="/api/auth/login" class="xhr">
+            <form method="POST" action="api/auth/login" class="xhr">
                 <input type="password" autocomplete="current-password" name="password" placeholder="Password" id="master-password" oninput="showPassword('master-password')">
                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
diff --git a/php/templates/setup.twig b/php/templates/setup.twig
index f1d4d1dc..7cc9227a 100644
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -3,14 +3,14 @@
 {% block body %}
     <div class="login">
         <svg class="nextcloud-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 100" width="142" height="100">
-            <use href="/img/nextcloud-logo.svg#logo"></use>
-            <use href="/img/nextcloud-logo.svg#Nextcloud"></use>
+            <use href="img/nextcloud-logo.svg#logo"></use>
+            <use href="img/nextcloud-logo.svg#Nextcloud"></use>
             <text x="10" y="50" fill="var(--color-nextcloud-logo)" class="fallback-text">Nextcloud Logo</text>
         </svg>
         <h1>All-in-One setup</h1>
         <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
         <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
         <strong>Passphrase</strong><br/><span id="initial-password" class="monospace">{{ password }}</span><br>
-        <a href="/" class="button" target="_blank">Open Nextcloud AIO login ↗</a>
+        <a href="." class="button" target="_blank">Open Nextcloud AIO login ↗</a>
     </div>
 {% endblock %}

From 3bb9cdf31dc7db3b5d4b41bbbeac59b5fded1163 Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Tue, 16 Sep 2025 13:39:01 +0200
Subject: [PATCH 3563/3949] Guard against null or missing keys.

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index dd6b1076..8473ed57 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -171,7 +171,7 @@ readonly class DockerController {
         $uri = $request->getUri();
         $host = $uri->getHost();
         $port = $uri->getPort();
-        $path = $request->getParsedBody()['base_path'];
+        $path = $request->getParsedBody()['base_path'] ?? '';
         if ($port === 8000) {
             error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
             $port = 443;

From 10529a597c3292ff8ecc8e51692433240ebe2b9d Mon Sep 17 00:00:00 2001
From: Lorenzo Moscati <lorenzo@moscati.page>
Date: Tue, 14 Oct 2025 15:59:28 +0200
Subject: [PATCH 3564/3949] Added suggested changes

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---
 php/public/base_path.js                |  8 ++++++--
 php/src/Controller/LoginController.php |  2 +-
 php/src/Middleware/AuthMiddleware.php  | 17 +++++++++++++----
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/php/public/base_path.js b/php/public/base_path.js
index 67c1a4a7..a55ed943 100644
--- a/php/public/base_path.js
+++ b/php/public/base_path.js
@@ -1,3 +1,7 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    document.getElementById("base_path") && (document.getElementById("base_path").value = window.location.pathname.slice(0, -11));
+document.addEventListener("DOMContentLoaded", function() {
+    basePath = document.getElementById("base_path")
+    if (basePath) {
+        // Remove '/containers' from the end of the path, to get the base path only
+        basePath.value = window.location.pathname.slice(0, -11);
+    }
 });
\ No newline at end of file
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index 233a795e..412ff9df 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -45,7 +45,7 @@ readonly class LoginController {
     {
         $this->authManager->SetAuthState(false);
         return $response
-            ->withHeader('Location', '.')
+            ->withHeader('Location', '../..')
             ->withStatus(302);
     }
 }
diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php
index a54f47a6..724f1776 100644
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -27,14 +27,23 @@ readonly class AuthMiddleware {
         if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
             if(!$this->authManager->IsAuthenticated()) {
                 $status = 302;
-                if(count(explode('/', $request->getUri()->getPath())) > 2) {
+
+                // Check the url of the request: split the string by '/' and count the number of elements
+                // Note that the path that gets to this middleware is not aware of any base path managed by a reverse proxy, so if the url is 'https://example.com/AIO/somepage', the path will be 'https://mastercontainer/somepage'
+                if (count(explode('/', $request->getUri()->getPath())) < 2) {
+                    // If there are less than 2 elements it means we are somewhere in the root folder (no '/', so no subfolder), so we redirect to the same folder level to offload the redirection to the appropriate page to 'index.php' (specifically, once in the root level the login page will be loaded since we are not authenticated)
+                    $location = '.';
+                } else {
+                    // If there are 2 or more elements it means we are in a subfolder, so we need to go back to the root folder
+                    // In the best case we need to go back by 1 level only
                     $location = '..';
-                    for($i = 0; $i < count(explode('/', $request->getUri()->getPath())) - 3; $i++) {
+                    // In the worst case we need to go back by n levels, where n is the number of elements - 2 (the first element is not a folder, the second element is already accounted for by the initial '..')
+                    for ($i = 1; $i < count(explode('/', $request->getUri()->getPath())) - 2; $i++) {
+                        // For each extra level we need to go back by another level
                         $location = $location . '/..';
                     }
-                } else {
-                    $location = '.';
                 }
+
                 $headers = ['Location' => $location];
                 $response = new Response($status, $headers);
                 return $response;

From e614202a9468c8702a40ff488829897a2aa26fd2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 4 Nov 2025 16:17:44 +0100
Subject: [PATCH 3565/3949] increase to v12.0.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1e795149..5d479538 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v11.11.0</h1>
+            <h1>Nextcloud AIO v12.0.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From f1e7460f6eb1b47de7973c0b4492d682837c2426 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 04:15:07 +0000
Subject: [PATCH 3566/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.6.2.1 to 25.04.7.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 347ae83f..10f068ea 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.6.2.1
+FROM collabora/code:25.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 4ba7f1ed6468e8da132560fe8cae12a092cbdac7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 16 Oct 2025 10:59:17 +0200
Subject: [PATCH 3567/3949] collabora: load seccomp profile on the fly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/collabora.yml         |  29 +
 nextcloud-aio-helm-chart/update-helm.sh |   2 +-
 php/containers.json                     |   7 +-
 php/cool-seccomp-profile.json           | 844 ++++++++++++++++++++++++
 php/psalm-baseline.xml                  |   2 +
 php/src/Data/DataConst.php              |   4 +
 php/src/Docker/DockerActionManager.php  |  18 +-
 7 files changed, 899 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/collabora.yml
 create mode 100644 php/cool-seccomp-profile.json

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
new file mode 100644
index 00000000..92434695
--- /dev/null
+++ b/.github/workflows/collabora.yml
@@ -0,0 +1,29 @@
+name: collabora-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  collabora-update:
+    name: update collabora
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Run collabora-profile-update
+      run: |
+        rm -f php/cool-seccomp-profile.json
+        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
+        mv cool-seccomp-profile.json php/
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      with:
+        commit-message: collabora-seccomp-update automated change
+        signoff: true
+        title: collabora seccomp update
+        body: Automated collabora seccomp profile update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: collabora-seccomp-update
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 9c249cb1..d63dd39e 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER|MAC_OVERRIDE|BLOCK_SUSPEND|AUDIT_READ)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
diff --git a/php/containers.json b/php/containers.json
index 4506c09e..1a775c98 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -399,7 +399,10 @@
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
-        "CHOWN"
+        "CHOWN",
+        "MAC_OVERRIDE",
+        "BLOCK_SUSPEND",
+        "AUDIT_READ"
       ],
       "cap_drop": [
         "NET_RAW"
diff --git a/php/cool-seccomp-profile.json b/php/cool-seccomp-profile.json
new file mode 100644
index 00000000..ed2320ca
--- /dev/null
+++ b/php/cool-seccomp-profile.json
@@ -0,0 +1,844 @@
+{
+  "defaultAction": "SCMP_ACT_ERRNO",
+  "defaultErrnoRet": 1,
+  "archMap": [
+    {
+      "architecture": "SCMP_ARCH_X86_64",
+      "subArchitectures": [
+        "SCMP_ARCH_X86",
+        "SCMP_ARCH_X32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_AARCH64",
+      "subArchitectures": [
+        "SCMP_ARCH_ARM"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPS64",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPS",
+        "SCMP_ARCH_MIPS64N32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPS64N32",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPS",
+        "SCMP_ARCH_MIPS64"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPSEL64",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPSEL",
+        "SCMP_ARCH_MIPSEL64N32"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_MIPSEL64N32",
+      "subArchitectures": [
+        "SCMP_ARCH_MIPSEL",
+        "SCMP_ARCH_MIPSEL64"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_S390X",
+      "subArchitectures": [
+        "SCMP_ARCH_S390"
+      ]
+    },
+    {
+      "architecture": "SCMP_ARCH_RISCV64",
+      "subArchitectures": null
+    }
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "unshare",
+        "mount",
+        "setns",
+        "clone",
+        "chroot",
+        "umount2"
+      ],
+      "action": "SCMP_ACT_ALLOW"
+    },
+    {
+      "names": [
+        "accept",
+        "accept4",
+        "access",
+        "adjtimex",
+        "alarm",
+        "bind",
+        "brk",
+        "cachestat",
+        "capget",
+        "capset",
+        "chdir",
+        "chmod",
+        "chown",
+        "chown32",
+        "clock_adjtime",
+        "clock_adjtime64",
+        "clock_getres",
+        "clock_getres_time64",
+        "clock_gettime",
+        "clock_gettime64",
+        "clock_nanosleep",
+        "clock_nanosleep_time64",
+        "close",
+        "close_range",
+        "connect",
+        "copy_file_range",
+        "creat",
+        "dup",
+        "dup2",
+        "dup3",
+        "epoll_create",
+        "epoll_create1",
+        "epoll_ctl",
+        "epoll_ctl_old",
+        "epoll_pwait",
+        "epoll_pwait2",
+        "epoll_wait",
+        "epoll_wait_old",
+        "eventfd",
+        "eventfd2",
+        "execve",
+        "execveat",
+        "exit",
+        "exit_group",
+        "faccessat",
+        "faccessat2",
+        "fadvise64",
+        "fadvise64_64",
+        "fallocate",
+        "fanotify_mark",
+        "fchdir",
+        "fchmod",
+        "fchmodat",
+        "fchmodat2",
+        "fchown",
+        "fchown32",
+        "fchownat",
+        "fcntl",
+        "fcntl64",
+        "fdatasync",
+        "fgetxattr",
+        "flistxattr",
+        "flock",
+        "fork",
+        "fremovexattr",
+        "fsetxattr",
+        "fstat",
+        "fstat64",
+        "fstatat64",
+        "fstatfs",
+        "fstatfs64",
+        "fsync",
+        "ftruncate",
+        "ftruncate64",
+        "futex",
+        "futex_requeue",
+        "futex_time64",
+        "futex_wait",
+        "futex_waitv",
+        "futex_wake",
+        "futimesat",
+        "getcpu",
+        "getcwd",
+        "getdents",
+        "getdents64",
+        "getegid",
+        "getegid32",
+        "geteuid",
+        "geteuid32",
+        "getgid",
+        "getgid32",
+        "getgroups",
+        "getgroups32",
+        "getitimer",
+        "getpeername",
+        "getpgid",
+        "getpgrp",
+        "getpid",
+        "getppid",
+        "getpriority",
+        "getrandom",
+        "getresgid",
+        "getresgid32",
+        "getresuid",
+        "getresuid32",
+        "getrlimit",
+        "get_robust_list",
+        "getrusage",
+        "getsid",
+        "getsockname",
+        "getsockopt",
+        "get_thread_area",
+        "gettid",
+        "gettimeofday",
+        "getuid",
+        "getuid32",
+        "getxattr",
+        "inotify_add_watch",
+        "inotify_init",
+        "inotify_init1",
+        "inotify_rm_watch",
+        "io_cancel",
+        "ioctl",
+        "io_destroy",
+        "io_getevents",
+        "io_pgetevents",
+        "io_pgetevents_time64",
+        "ioprio_get",
+        "ioprio_set",
+        "io_setup",
+        "io_submit",
+        "ipc",
+        "kill",
+        "landlock_add_rule",
+        "landlock_create_ruleset",
+        "landlock_restrict_self",
+        "lchown",
+        "lchown32",
+        "lgetxattr",
+        "link",
+        "linkat",
+        "listen",
+        "listxattr",
+        "llistxattr",
+        "_llseek",
+        "lremovexattr",
+        "lseek",
+        "lsetxattr",
+        "lstat",
+        "lstat64",
+        "madvise",
+        "map_shadow_stack",
+        "membarrier",
+        "memfd_create",
+        "memfd_secret",
+        "mincore",
+        "mkdir",
+        "mkdirat",
+        "mknod",
+        "mknodat",
+        "mlock",
+        "mlock2",
+        "mlockall",
+        "mmap",
+        "mmap2",
+        "mprotect",
+        "mq_getsetattr",
+        "mq_notify",
+        "mq_open",
+        "mq_timedreceive",
+        "mq_timedreceive_time64",
+        "mq_timedsend",
+        "mq_timedsend_time64",
+        "mq_unlink",
+        "mremap",
+        "msgctl",
+        "msgget",
+        "msgrcv",
+        "msgsnd",
+        "msync",
+        "munlock",
+        "munlockall",
+        "munmap",
+        "name_to_handle_at",
+        "nanosleep",
+        "newfstatat",
+        "_newselect",
+        "open",
+        "openat",
+        "openat2",
+        "pause",
+        "pidfd_open",
+        "pidfd_send_signal",
+        "pipe",
+        "pipe2",
+        "pkey_alloc",
+        "pkey_free",
+        "pkey_mprotect",
+        "poll",
+        "ppoll",
+        "ppoll_time64",
+        "prctl",
+        "pread64",
+        "preadv",
+        "preadv2",
+        "prlimit64",
+        "process_mrelease",
+        "pselect6",
+        "pselect6_time64",
+        "pwrite64",
+        "pwritev",
+        "pwritev2",
+        "read",
+        "readahead",
+        "readlink",
+        "readlinkat",
+        "readv",
+        "recv",
+        "recvfrom",
+        "recvmmsg",
+        "recvmmsg_time64",
+        "recvmsg",
+        "remap_file_pages",
+        "removexattr",
+        "rename",
+        "renameat",
+        "renameat2",
+        "restart_syscall",
+        "rmdir",
+        "rseq",
+        "rt_sigaction",
+        "rt_sigpending",
+        "rt_sigprocmask",
+        "rt_sigqueueinfo",
+        "rt_sigreturn",
+        "rt_sigsuspend",
+        "rt_sigtimedwait",
+        "rt_sigtimedwait_time64",
+        "rt_tgsigqueueinfo",
+        "sched_getaffinity",
+        "sched_getattr",
+        "sched_getparam",
+        "sched_get_priority_max",
+        "sched_get_priority_min",
+        "sched_getscheduler",
+        "sched_rr_get_interval",
+        "sched_rr_get_interval_time64",
+        "sched_setaffinity",
+        "sched_setattr",
+        "sched_setparam",
+        "sched_setscheduler",
+        "sched_yield",
+        "seccomp",
+        "select",
+        "semctl",
+        "semget",
+        "semop",
+        "semtimedop",
+        "semtimedop_time64",
+        "send",
+        "sendfile",
+        "sendfile64",
+        "sendmmsg",
+        "sendmsg",
+        "sendto",
+        "setfsgid",
+        "setfsgid32",
+        "setfsuid",
+        "setfsuid32",
+        "setgid",
+        "setgid32",
+        "setgroups",
+        "setgroups32",
+        "setitimer",
+        "setpgid",
+        "setpriority",
+        "setregid",
+        "setregid32",
+        "setresgid",
+        "setresgid32",
+        "setresuid",
+        "setresuid32",
+        "setreuid",
+        "setreuid32",
+        "setrlimit",
+        "set_robust_list",
+        "setsid",
+        "setsockopt",
+        "set_thread_area",
+        "set_tid_address",
+        "setuid",
+        "setuid32",
+        "setxattr",
+        "shmat",
+        "shmctl",
+        "shmdt",
+        "shmget",
+        "shutdown",
+        "sigaltstack",
+        "signalfd",
+        "signalfd4",
+        "sigprocmask",
+        "sigreturn",
+        "socketcall",
+        "socketpair",
+        "splice",
+        "stat",
+        "stat64",
+        "statfs",
+        "statfs64",
+        "statx",
+        "symlink",
+        "symlinkat",
+        "sync",
+        "sync_file_range",
+        "syncfs",
+        "sysinfo",
+        "tee",
+        "tgkill",
+        "time",
+        "timer_create",
+        "timer_delete",
+        "timer_getoverrun",
+        "timer_gettime",
+        "timer_gettime64",
+        "timer_settime",
+        "timer_settime64",
+        "timerfd_create",
+        "timerfd_gettime",
+        "timerfd_gettime64",
+        "timerfd_settime",
+        "timerfd_settime64",
+        "times",
+        "tkill",
+        "truncate",
+        "truncate64",
+        "ugetrlimit",
+        "umask",
+        "uname",
+        "unlink",
+        "unlinkat",
+        "utime",
+        "utimensat",
+        "utimensat_time64",
+        "utimes",
+        "vfork",
+        "vmsplice",
+        "wait4",
+        "waitid",
+        "waitpid",
+        "write",
+        "writev"
+      ],
+      "action": "SCMP_ACT_ALLOW"
+    },
+    {
+      "names": [
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "minKernel": "4.8"
+      }
+    },
+    {
+      "names": [
+        "socket"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 40,
+          "op": "SCMP_CMP_NE"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 0,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 8,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 131072,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 131080,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "personality"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 4294967295,
+          "op": "SCMP_CMP_EQ"
+        }
+      ]
+    },
+    {
+      "names": [
+        "sync_file_range2",
+        "swapcontext"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "ppc64le"
+        ]
+      }
+    },
+    {
+      "names": [
+        "arm_fadvise64_64",
+        "arm_sync_file_range",
+        "sync_file_range2",
+        "breakpoint",
+        "cacheflush",
+        "set_tls"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "arm",
+          "arm64"
+        ]
+      }
+    },
+    {
+      "names": [
+        "arch_prctl"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "amd64",
+          "x32"
+        ]
+      }
+    },
+    {
+      "names": [
+        "modify_ldt"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "amd64",
+          "x32",
+          "x86"
+        ]
+      }
+    },
+    {
+      "names": [
+        "s390_pci_mmio_read",
+        "s390_pci_mmio_write",
+        "s390_runtime_instr"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      }
+    },
+    {
+      "names": [
+        "riscv_flush_icache"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "arches": [
+          "riscv64"
+        ]
+      }
+    },
+    {
+      "names": [
+        "open_by_handle_at"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_DAC_READ_SEARCH"
+        ]
+      }
+    },
+    {
+      "names": [
+        "bpf",
+        "clone",
+        "clone3",
+        "fanotify_init",
+        "fsconfig",
+        "fsmount",
+        "fsopen",
+        "fspick",
+        "lookup_dcookie",
+        "mount",
+        "mount_setattr",
+        "move_mount",
+        "open_tree",
+        "perf_event_open",
+        "quotactl",
+        "quotactl_fd",
+        "setdomainname",
+        "sethostname",
+        "setns",
+        "syslog",
+        "umount",
+        "umount2",
+        "unshare"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 0,
+          "value": 2114060288,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ],
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ],
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "args": [
+        {
+          "index": 1,
+          "value": 2114060288,
+          "op": "SCMP_CMP_MASKED_EQ"
+        }
+      ],
+      "comment": "s390 parameter ordering for clone is different",
+      "includes": {
+        "arches": [
+          "s390",
+          "s390x"
+        ]
+      },
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "clone3"
+      ],
+      "action": "SCMP_ACT_ERRNO",
+      "errnoRet": 38,
+      "excludes": {
+        "caps": [
+          "CAP_SYS_ADMIN"
+        ]
+      }
+    },
+    {
+      "names": [
+        "reboot"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_BOOT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "chroot"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_CHROOT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "delete_module",
+        "init_module",
+        "finit_module"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_MODULE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "acct"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_PACCT"
+        ]
+      }
+    },
+    {
+      "names": [
+        "kcmp",
+        "pidfd_getfd",
+        "process_madvise",
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_PTRACE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "iopl",
+        "ioperm"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_RAWIO"
+        ]
+      }
+    },
+    {
+      "names": [
+        "settimeofday",
+        "stime",
+        "clock_settime",
+        "clock_settime64"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_TIME"
+        ]
+      }
+    },
+    {
+      "names": [
+        "vhangup"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_TTY_CONFIG"
+        ]
+      }
+    },
+    {
+      "names": [
+        "get_mempolicy",
+        "mbind",
+        "set_mempolicy",
+        "set_mempolicy_home_node"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYS_NICE"
+        ]
+      }
+    },
+    {
+      "names": [
+        "syslog"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_SYSLOG"
+        ]
+      }
+    },
+    {
+      "names": [
+        "bpf"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_BPF"
+        ]
+      }
+    },
+    {
+      "names": [
+        "perf_event_open"
+      ],
+      "action": "SCMP_ACT_ALLOW",
+      "includes": {
+        "caps": [
+          "CAP_PERFMON"
+        ]
+      }
+    }
+  ]
+}
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 93ddb312..03249af4 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -35,6 +35,7 @@
   </file>
   <file src="src/Data/DataConst.php">
     <FalsableReturnStatement>
+      <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
@@ -43,6 +44,7 @@
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 4f697325..a777d997 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -58,4 +58,8 @@ class DataConst {
     public static function GetCommunityContainersDirectory() : string {
         return realpath(__DIR__ . '/../../../community-containers/');
     }
+
+    public static function GetCollaboraSeccompProfilePath() : string {
+        return realpath(__DIR__ . '/../cool-seccomp-profile.json');
+    }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d46bc5c9..a5da23f5 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -7,6 +7,7 @@ use AIO\Container\ContainerState;
 use AIO\Container\VersionState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use http\Env\Response;
@@ -383,9 +384,10 @@ readonly class DockerActionManager {
                     }
                 }
             }
-            // Special things for the talk container which should not be exposed in the containers.json
+
+        // Special things for the talk container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
-            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            // This is needed due to a bug in libwebsockets used in Janus which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
             // // Special things for the nextcloud container which should not be exposed in the containers.json
             // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
@@ -395,11 +397,19 @@ readonly class DockerActionManager {
             //         }
             //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
             //     }
-            // Special things for the caddy community container
+
+        // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
-            // Special things for the collabora container which should not be exposed in the containers.json
+
+        // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
+            // Load reference seccomp profile for collabora
+            $seccompProfile = file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+            $seccompProfile = addslashes($seccompProfile);
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+
+            // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
                 $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
             }

From 897e3e7e6e3bf523a936ff5fb10b6011a472c41f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 11:36:46 +0100
Subject: [PATCH 3568/3949] move containers-definition-path to Dataconst

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                 | 3 ++-
 php/src/ContainerDefinitionFetcher.php | 2 +-
 php/src/Data/DataConst.php             | 4 ++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 03249af4..ff78305b 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -3,7 +3,6 @@
   <file src="src/ContainerDefinitionFetcher.php">
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>
-      <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Controller/DockerController.php">
@@ -36,6 +35,7 @@
   <file src="src/Data/DataConst.php">
     <FalsableReturnStatement>
       <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../containers.json')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
@@ -45,6 +45,7 @@
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
       <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index a404e3a3..f352db8f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -38,7 +38,7 @@ readonly class ContainerDefinitionFetcher {
      */
     private function GetDefinition(): array
     {
-        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
+        $data = json_decode(file_get_contents(DataConst::GetContainersDefinitionPath()), true);
 
         $additionalContainerNames = [];
         foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index a777d997..1db2f6ae 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -62,4 +62,8 @@ class DataConst {
     public static function GetCollaboraSeccompProfilePath() : string {
         return realpath(__DIR__ . '/../cool-seccomp-profile.json');
     }
+
+    public static function GetContainersDefinitionPath() : string {
+        return realpath(__DIR__ . '/../containers.json');
+    }
 }

From df0f7b8d851eec11ccc1df7088625b1fe975e0a5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:24:43 +0100
Subject: [PATCH 3569/3949] fix return type of dataconst

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml     | 16 ----------------
 php/src/Data/DataConst.php | 10 +++++-----
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index ff78305b..662afd35 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -32,22 +32,6 @@
       <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Data/DataConst.php">
-    <FalsableReturnStatement>
-      <code><![CDATA[realpath(__DIR__ . '/../cool-seccomp-profile.json')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../containers.json')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
-  </file>
   <file src="src/Docker/DockerActionManager.php">
     <PossiblyFalseArgument>
       <code><![CDATA[$line]]></code>
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 1db2f6ae..099079c6 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -8,7 +8,7 @@ class DataConst {
             return '/mnt/docker-aio-config/data/';
         }
 
-        return realpath(__DIR__ . '/../../data/');
+        return (string)realpath(__DIR__ . '/../../data/');
     }
 
     public static function GetSessionDirectory() : string {
@@ -16,7 +16,7 @@ class DataConst {
             return '/mnt/docker-aio-config/session/';
         }
 
-        return realpath(__DIR__ . '/../../session/');
+        return (string)realpath(__DIR__ . '/../../session/');
     }
 
     public static function GetConfigFile() : string {
@@ -56,14 +56,14 @@ class DataConst {
     }
 
     public static function GetCommunityContainersDirectory() : string {
-        return realpath(__DIR__ . '/../../../community-containers/');
+        return (string)realpath(__DIR__ . '/../../../community-containers/');
     }
 
     public static function GetCollaboraSeccompProfilePath() : string {
-        return realpath(__DIR__ . '/../cool-seccomp-profile.json');
+        return (string)realpath(__DIR__ . '/../cool-seccomp-profile.json');
     }
 
     public static function GetContainersDefinitionPath() : string {
-        return realpath(__DIR__ . '/../containers.json');
+        return (string)realpath(__DIR__ . '/../containers.json');
     }
 }

From 6f945a236952c0a0df98952ed8e19f2d2e4afb86 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:33:07 +0100
Subject: [PATCH 3570/3949] json_decode: always throw on error and fix other
 psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                        |  6 -----
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 php/src/Data/ConfigurationManager.php         |  4 ++--
 php/src/Docker/DockerActionManager.php        | 24 ++++++++++---------
 php/src/Docker/DockerHubManager.php           |  2 +-
 .../Docker/GitHubContainerRegistryManager.php |  2 +-
 6 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 662afd35..3008379c 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,10 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
-  <file src="src/ContainerDefinitionFetcher.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[file_get_contents($path)]]></code>
-    </PossiblyFalseArgument>
-  </file>
   <file src="src/Controller/DockerController.php">
     <InvalidOperand>
       <code><![CDATA[$port]]></code>
@@ -29,7 +24,6 @@
       <code><![CDATA[$content]]></code>
       <code><![CDATA[$dailyBackupFile]]></code>
       <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index f352db8f..2ea04d82 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -38,13 +38,13 @@ readonly class ContainerDefinitionFetcher {
      */
     private function GetDefinition(): array
     {
-        $data = json_decode(file_get_contents(DataConst::GetContainersDefinitionPath()), true);
+        $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR);
 
         $additionalContainerNames = [];
         foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
-                $additionalData = json_decode(file_get_contents($path), true);
+                $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                 $data = array_merge_recursive($data, $additionalData);
                 if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
                     // Store container_name of community containers in variable for later
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1a2b4461..50937222 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -636,7 +636,7 @@ class ConfigurationManager
             return "";
         }
 
-        return trim(file_get_contents(DataConst::GetBackupPublicKey()));
+        return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
     public function GetBorgRestorePassword() : string {
@@ -1040,7 +1040,7 @@ class ConfigurationManager
                     apcu_add($filePath, $fileContents);
                 }
             } 
-            $json = is_string($fileContents) ? json_decode($fileContents, true) : false;
+            $json = is_string($fileContents) ? json_decode($fileContents, true, 512, JSON_THROW_ON_ERROR) : false;
             if(is_array($json) && is_array($json['aio_services_v1'])) {
                 foreach ($json['aio_services_v1'] as $service) {
                     $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a5da23f5..ffa0ca2a 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -48,7 +48,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Running'] === true) {
             return ContainerState::Running;
@@ -68,7 +68,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Restarting'] === true) {
             return ContainerState::Restarting;
@@ -405,7 +405,7 @@ readonly class DockerActionManager {
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
-            $seccompProfile = file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
             $seccompProfile = addslashes($seccompProfile);
             $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
 
@@ -643,11 +643,11 @@ readonly class DockerActionManager {
     private function GetRepoDigestsOfContainer(string $containerName): ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
+            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $imageName = $containerOutput['Image'];
 
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['RepoDigests'])) {
                 error_log('RepoDigests is not set of container ' . $containerName);
@@ -691,7 +691,7 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $imageNameArray = explode(':', $output['Config']['Image']);
             if (count($imageNameArray) === 2) {
                 $imageName = $imageNameArray[0];
@@ -718,7 +718,7 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $tagArray = explode(':', $output['Config']['Image']);
             if (count($tagArray) === 2) {
                 $tag = $tagArray[1];
@@ -782,7 +782,9 @@ readonly class DockerActionManager {
                         ],
                     ]
                 )->getBody()->getContents(),
-                true
+                true,
+                512, 
+                JSON_THROW_ON_ERROR,
             );
 
             $id = $response['Id'];
@@ -924,7 +926,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
@@ -946,7 +948,7 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        $responseBody = json_decode((string)$response->getBody(), true);
+        $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
@@ -978,7 +980,7 @@ readonly class DockerActionManager {
         $imageName = $imageName . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['Created'])) {
                 error_log('Created is not set of image ' . $imageName);
diff --git a/php/src/Docker/DockerHubManager.php b/php/src/Docker/DockerHubManager.php
index 9bf4ad29..256d592e 100644
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -30,7 +30,7 @@ readonly class DockerHubManager {
                 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            $decodedBody = json_decode($body, true);
+            $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if(isset($decodedBody['token'])) {
                 $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(
diff --git a/php/src/Docker/GitHubContainerRegistryManager.php b/php/src/Docker/GitHubContainerRegistryManager.php
index d885ae09..eeecfb28 100644
--- a/php/src/Docker/GitHubContainerRegistryManager.php
+++ b/php/src/Docker/GitHubContainerRegistryManager.php
@@ -31,7 +31,7 @@ readonly class GitHubContainerRegistryManager
                 'https://ghcr.io/token?scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            $decodedBody = json_decode($body, true);
+            $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if (isset($decodedBody['token'])) {
                 $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(

From ab2043394095a724be709245a34c2e16312f72bb Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 5 Nov 2025 12:58:18 +0100
Subject: [PATCH 3571/3949] fix further psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                | 11 -----------
 php/src/Data/ConfigurationManager.php | 19 ++++++-------------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 3008379c..041cf87c 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -6,12 +6,6 @@
     </InvalidOperand>
   </file>
   <file src="src/Data/ConfigurationManager.php">
-    <FalsableReturnStatement>
-      <code><![CDATA[$additionalBackupDirectories]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
     <PossiblyFalseArgument>
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
@@ -19,11 +13,6 @@
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
       <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$configContent]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
     </PossiblyFalseArgument>
   </file>
   <file src="src/Docker/DockerActionManager.php">
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 50937222..581550fb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -13,7 +13,7 @@ class ConfigurationManager
     {
         if(file_exists(DataConst::GetConfigFile()))
         {
-            $configContent = file_get_contents(DataConst::GetConfigFile());
+            $configContent = (string)file_get_contents(DataConst::GetConfigFile());
             return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
@@ -80,10 +80,7 @@ class ConfigurationManager
             return '';
         }
 
-        $content = file_get_contents(DataConst::GetBackupArchivesList());
-        if ($content === '') {
-            return '';
-        }
+        $content = (string)file_get_contents(DataConst::GetBackupArchivesList());
 
         $lastBackupLines = explode("\n", $content);
         $lastBackupLine = "";
@@ -108,10 +105,7 @@ class ConfigurationManager
             return [];
         }
 
-        $content = file_get_contents(DataConst::GetBackupArchivesList());
-        if ($content === '') {
-            return [];
-        }
+        $content = (string)file_get_contents(DataConst::GetBackupArchivesList());
 
         $backupLines = explode("\n", $content);
         $backupTimes = [];
@@ -795,7 +789,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
             return '';
         }
-        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = (string)file_get_contents(DataConst::GetDailyBackupTimeFile());
         $dailyBackupFileArray = explode("\n", $dailyBackupFile);
         return $dailyBackupFileArray[0];
     }
@@ -804,7 +798,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
             return false;
         }
-        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = (string)file_get_contents(DataConst::GetDailyBackupTimeFile());
         $dailyBackupFileArray = explode("\n", $dailyBackupFile);
         if (isset($dailyBackupFileArray[1]) && $dailyBackupFileArray[1] === 'automaticUpdatesAreNotEnabled') {
             return false;
@@ -855,8 +849,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
         }
-        $additionalBackupDirectories = file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
-        return $additionalBackupDirectories;
+        return (string)file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
     }
 
     public function GetAdditionalBackupDirectoriesArray() : array {

From c57610b1b939188f02f84c06ece837a6fdae1355 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 5 Nov 2025 12:11:43 +0000
Subject: [PATCH 3572/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index e3858248..46f16459 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.3-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=v1.12.1
+ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 29831f4e4b0bd65e175a67768342756cfc4365c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:16:23 +0000
Subject: [PATCH 3573/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.3-alpine3.22 to 1.25.4-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.4-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 47eccfad..6eeb4661 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.3-alpine3.22 AS go
+FROM golang:1.25.4-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

From 43a2b27180cac7f0f6cc935a8209af71ef4a04fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:16:29 +0000
Subject: [PATCH 3574/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.1-cli to 28.5.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 28.5.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 20f22421..24b7cee0 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.1-cli AS docker
+FROM docker:28.5.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 2da872244c995e71553a60373e772a474bdc412a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Nov 2025 04:17:20 +0000
Subject: [PATCH 3575/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.3-alpine3.22 to 1.25.4-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.4-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 46f16459..fe3cca1e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.3-alpine3.22 AS go
+FROM golang:1.25.4-alpine3.22 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
 

From 0a4258423857ed0746e8815f24be1c64f16eba94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Nov 2025 11:21:46 +0100
Subject: [PATCH 3576/3949] collabora: allow to use enterprise container image
 with support key

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora-online/Dockerfile     | 15 +++++++++++++++
 Containers/collabora-online/healthcheck.sh |  7 +++++++
 nextcloud-aio-helm-chart/update-helm.sh    | 15 +++++++++++++++
 php/containers.json                        |  2 +-
 php/src/ContainerDefinitionFetcher.php     |  3 +++
 php/src/Data/ConfigurationManager.php      |  7 +++++++
 6 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 Containers/collabora-online/Dockerfile
 create mode 100644 Containers/collabora-online/healthcheck.sh

diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile
new file mode 100644
index 00000000..72f79928
--- /dev/null
+++ b/Containers/collabora-online/Dockerfile
@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile:latest
+# From https://gitlab.collabora.com/collabora-online/docker
+# hadolint ignore=DL3007
+FROM registry.gitlab.collabora.com/collabora-online/docker:latest
+
+USER root
+ARG DEBIAN_FRONTEND=noninteractive
+
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+USER 1001
+
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/collabora-online/healthcheck.sh b/Containers/collabora-online/healthcheck.sh
new file mode 100644
index 00000000..45e9278b
--- /dev/null
+++ b/Containers/collabora-online/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d63dd39e..02428db8 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -343,6 +343,21 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
 
+# Additional collabora config
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "s/image: ghcr.io.*/IMAGE_PLACEHOLDER/"  \{} \;
+cat << EOL > /tmp/additional-collabora.config
+          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:$DOCKER_TAG
+          {{- else }}
+          image: ghcr.io/nextcloud-releases/aio-collabora:$DOCKER_TAG
+          {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/r /tmp/additional-collabora.config"  \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/d"  \{} \;
+
 cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
 {{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
 # https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
diff --git a/php/containers.json b/php/containers.json
index 1a775c98..df0e2d28 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 2ea04d82..7b092e45 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -67,6 +67,9 @@ readonly class ContainerDefinitionFetcher {
                 if (!$this->configurationManager->isCollaboraEnabled()) {
                     continue;
                 }
+                if ($this->configurationManager->isCollaboraSubscriptionEnabled()) {
+                    $entry['image'] = 'ghcr.io/nextcloud-releases/aio-collabora-online';
+                }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 50937222..58962248 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -978,6 +978,13 @@ class ConfigurationManager
         return $config['collabora_additional_options'];
     }
 
+    public function isCollaboraSubscriptionEnabled() : bool {
+        if (str_contains($this->GetAdditionalCollaboraOptions(), '--o:support_key=')) {
+            return true;
+        }
+        return false;
+    }
+
     public function DeleteAdditionalCollaboraOptions() : void {
         $config = $this->GetConfig();
         $config['collabora_additional_options'] = '';

From a7b9c95c6c5262cefadfefb031e3efe50f0bede8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Nov 2025 11:40:14 +0100
Subject: [PATCH 3577/3949] borg-init: remove unnecessary delete logic

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 41c05724..50815f38 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -138,11 +138,6 @@ if [ "$BORG_MODE" = backup ]; then
         NEW_REPOSITORY=1
         if ! borg init --debug --encryption=repokey-blake2; then
             echo "Could not initialize borg repository."
-            if [ -z "$BORG_REMOTE_REPO" ]; then
-                # Originally we checked for presence of the config file instead of calling `borg info`. Likely `borg info`
-                # will error on a partially initialized repo, so this line is probably no longer necessary
-                rm -f "$BORG_BACKUP_DIRECTORY/config"
-            fi
             exit 1
         fi
 

From 5657530508abad8165bbc53c6d35bc26ecf1a778 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 6 Nov 2025 12:03:27 +0000
Subject: [PATCH 3578/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 93aeefab..3cb9d3eb 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1092,16 +1092,16 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.5.0",
+            "version": "1.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b"
+                "reference": "a476a61e38451e138c400f6b4ca96037f3c2dd39"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/179cbcf40ee1d246d4906aefed42d3e62066974b",
-                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/a476a61e38451e138c400f6b4ca96037f3c2dd39",
+                "reference": "a476a61e38451e138c400f6b4ca96037f3c2dd39",
                 "shasum": ""
             },
             "require": {
@@ -1112,8 +1112,6 @@
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.19",
-                "phpspec/prophecy-phpunit": "^2.2",
                 "phpunit/phpunit": "^9.6",
                 "squizlabs/php_codesniffer": "^3.10"
             },
@@ -1144,9 +1142,9 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.1"
             },
-            "time": "2024-06-08T16:37:18+00:00"
+            "time": "2025-11-02T14:58:28+00:00"
         },
         {
             "name": "slim/slim",

From 82c2d06c72725596994891a768900dc2c8b67b23 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:03:28 +0000
Subject: [PATCH 3579/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 3cb9d3eb..7f5742df 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3979,16 +3979,16 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.2",
+            "version": "v7.3.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd"
+                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd",
-                "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a",
+                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a",
                 "shasum": ""
             },
             "require": {
@@ -4025,7 +4025,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.2"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.6"
             },
             "funding": [
                 {
@@ -4045,7 +4045,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-07T08:17:47+00:00"
+            "time": "2025-11-05T09:52:27+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4364,16 +4364,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.6.0",
+            "version": "v3.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4"
+                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
-                "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
+                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
                 "shasum": ""
             },
             "require": {
@@ -4427,7 +4427,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.6.0"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
             },
             "funding": [
                 {
@@ -4438,12 +4438,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-25T09:37:31+00:00"
+            "time": "2025-07-15T11:30:57+00:00"
         },
         {
             "name": "symfony/string",

From 72b504951a5f0414f1c33be5c5e0df5ad0c04de0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:13:22 +0000
Subject: [PATCH 3580/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 0617db93..413c74e5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -85,7 +85,7 @@ RUN set -ex; \
     pecl install -o igbinary-3.2.16; \
     pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
-    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
+    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
    pecl install -o imagick-3.8.0; \
     \
     docker-php-ext-enable \

From 72455ccae1aa67e6f77f2dda0b83f8c0b888d033 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Nov 2025 12:42:49 +0000
Subject: [PATCH 3581/3949] build(deps): bump
 codespell-project/actions-codespell

Bumps [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) from 2.1 to 2.2.
- [Release notes](https://github.com/codespell-project/actions-codespell/releases)
- [Commits](https://github.com/codespell-project/actions-codespell/compare/406322ec52dd7b488e48c1c4b82e2a8b3a1bf630...8f01853be192eb0f849a5c7d721450e7a467c579)

---
updated-dependencies:
- dependency-name: codespell-project/actions-codespell
  dependency-version: '2.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 9104a88d..c4df7592 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v5
       - name: Check spelling
-        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
+        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
           check_filenames: true
           check_hidden: true

From 858717f74082548087246be7234634e2b9a58678 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 7 Nov 2025 15:05:36 +0100
Subject: [PATCH 3582/3949] aio-interface: allow to skip domain validation via
 url-param

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 develop.md                                     | 4 ++--
 manual-upgrade.md                              | 2 +-
 php/public/index.php                           | 3 ++-
 php/src/Controller/ConfigurationController.php | 3 ++-
 php/src/Data/ConfigurationManager.php          | 9 +++++----
 php/templates/containers.twig                  | 3 +++
 readme.md                                      | 2 ++
 reverse-proxy.md                               | 4 ++--
 8 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/develop.md b/develop.md
index 6c5faf2d..457b3a76 100644
--- a/develop.md
+++ b/develop.md
@@ -67,6 +67,6 @@ docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextclo
 # For all other containers
 docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container}
 ```
-1. Stop the containers using the AIO admin interface.
-1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
+1. Stop the containers using the AIO interface.
+1. Reload the AIO interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`.
 1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text.
diff --git a/manual-upgrade.md b/manual-upgrade.md
index 84c742e5..fbc07d3e 100644
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -108,7 +108,7 @@ However, if you are unsure check the ghcr.io (https://github.com/nextcloud-relea
 
 Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
 
-#### Now you can handle everything through the AIO admin interface and stop and restart the containers normally.
+#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
 
 ---
 
diff --git a/php/public/index.php b/php/public/index.php
index d3fbbeb9..6406d1b0 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -87,6 +87,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $params = $request->getQueryParams();
     $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
     $bypass_container_update = isset($params['bypass_container_update']);
+    $skip_domain_validation = isset($params['skip_domain_validation']);
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
@@ -116,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->GetTimezone(),
-        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
+        'skip_domain_validation' => ( $skip_domain_validation ? true : $configurationManager->shouldDomainValidationBeSkipped(false) ),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 5727c364..051f8d9e 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,8 @@ readonly class ConfigurationController {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
-                $this->configurationManager->SetDomain($domain);
+                $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']);
+                $this->configurationManager->SetDomain($domain, $skipDomainValidation);
             }
 
             if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b9163baa..a04158dc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -288,7 +288,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetDomain(string $domain) : void {
+    public function SetDomain(string $domain, bool $skipDomainValidation) : void {
         // Validate that at least one dot is contained
         if (!str_contains($domain, '.')) {
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
@@ -315,7 +315,7 @@ class ConfigurationManager
         }
 
         // Skip domain validation if opted in to do so
-        if (!$this->shouldDomainValidationBeSkipped()) {
+        if (!$this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
 
             $dnsRecordIP = gethostbyname($domain);
             if ($dnsRecordIP === $domain) {
@@ -898,8 +898,9 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function shouldDomainValidationBeSkipped() : bool {
-        if (getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
+    public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool {
+        if ($skipDomainValidation || getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
+            error_log('Skipping domain validation');
             return true;
         }
         return false;
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 5d479538..90156bf8 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -112,6 +112,9 @@
                                 <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                {% if skip_domain_validation == true %}
+                                    <input type="hidden" name="skip_domain_validation" value="{{skip_domain_validation}}">
+                                {% endif %}
                                 <input type="submit" value="Submit domain" />
                             </form>
                             {% if skip_domain_validation == false %}
diff --git a/readme.md b/readme.md
index 6290c1e5..49ac1d1f 100644
--- a/readme.md
+++ b/readme.md
@@ -376,6 +376,8 @@ Apart from that there is now a community container that can be added to the AIO
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
+Alternatively, if the container is already running, reload the AIO interface with the param `skip_domain_validation` to skip the domain validation on the fly: e.g. `https://ip.address.of.the.server:8080/containers?skip_domain_validation`.
+
 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
 ```
diff --git a/reverse-proxy.md b/reverse-proxy.md
index b1eb353c..52c830e0 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1049,7 +1049,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
-- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things).
+- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things). Also see [this documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
 - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
@@ -1162,7 +1162,7 @@ If something does not work, follow the steps below:
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)!
 1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
-1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything! Also see [this documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 
 ### 8. Removing the reverse proxy
 

From 5759d5d364eaf7b406fbb322ecdd756f37b3a49b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 8 Nov 2025 08:48:29 +0100
Subject: [PATCH 3583/3949] simplify `skip_domain_validation` logic a bit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/public/index.php b/php/public/index.php
index 6406d1b0..f2880ca7 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -117,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->GetTimezone(),
-        'skip_domain_validation' => ( $skip_domain_validation ? true : $configurationManager->shouldDomainValidationBeSkipped(false) ),
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),

From c2ea69a91839a415ffbddcf2d3700646cb46f8f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 9 Nov 2025 12:03:08 +0000
Subject: [PATCH 3584/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 6eeb4661..7e477820 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 8cd5dd929cfc7073f1cd4de00357f0a86e70fb24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Nov 2025 13:22:55 +0000
Subject: [PATCH 3585/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/9d692f15fa9f84928799bccac2dba6565e024bdf...2e4451ef94c5969eee533c487092052d4d1a53af)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index e6527250..437e8ea1 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Turnstyle
-        uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2
+        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
         with:
           continue-after-seconds: 180
         env:

From da5d4ee5afa41c28ee155bb322317a394d4d0e8d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 14:39:53 +0100
Subject: [PATCH 3586/3949] fix watchtower update script

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 329cd284..6420c446 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -22,7 +22,8 @@ jobs:
             | tail -1
         )"
         watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
-        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile
+        sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
+        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7

From 6ab60592ad6b3f318227ab0141dbf370f176c6c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 14:42:29 +0100
Subject: [PATCH 3587/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/watchtower-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 6420c446..044dbc10 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -23,7 +23,7 @@ jobs:
         )"
         watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')"
         sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
-        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_commit_hash|" ./Containers/watchtower/Dockerfile
+        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7

From 472cfdbcb8944d11ef9e7d875b731a3241f2e273 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 10 Nov 2025 13:42:56 +0000
Subject: [PATCH 3588/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index fe3cca1e..7a06c73b 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	 # v1.12.1
+ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH;
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.1
 
 FROM alpine:3.22.2
 

From cc65481d51f0e28d06c9424febfe0fde5c937ac7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 15:29:22 +0100
Subject: [PATCH 3589/3949] fix some paths and seccompprofile

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/DataConst.php             | 4 ++--
 php/src/Docker/DockerActionManager.php | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 099079c6..9111a98a 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -60,10 +60,10 @@ class DataConst {
     }
 
     public static function GetCollaboraSeccompProfilePath() : string {
-        return (string)realpath(__DIR__ . '/../cool-seccomp-profile.json');
+        return (string)realpath(__DIR__ . '/../../cool-seccomp-profile.json');
     }
 
     public static function GetContainersDefinitionPath() : string {
-        return (string)realpath(__DIR__ . '/../containers.json');
+        return (string)realpath(__DIR__ . '/../../containers.json');
     }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ffa0ca2a..7d7fc0e9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,6 @@ readonly class DockerActionManager {
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
             $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $seccompProfile = addslashes($seccompProfile);
             $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
 
             // Additional Collabora options

From 767e0d4b9f7555af46f523f06643aa1f28d1c00e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 15:52:35 +0100
Subject: [PATCH 3590/3949] fix some remaining issues with collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                    | 2 +-
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index df0e2d28..b291a625 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7d7fc0e9..fd179f10 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,7 @@ readonly class DockerActionManager {
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
             $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
 
             // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {

From 6cfa47e072047c593dd94e0b2bfdf3f95a98218e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Nov 2025 04:14:33 +0000
Subject: [PATCH 3591/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.7-alpine to 3.2.8-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.8-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ad128d54..f185848a 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.7-alpine
+FROM haproxy:3.2.8-alpine
 
 # hadolint ignore=DL3002
 USER root

From 03e3fd0b1607cca4b0bd39fce49c8da2ea6bc280 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 09:18:24 +0100
Subject: [PATCH 3592/3949] increase API version to 1.44

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fd179f10..cf7d0842 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -13,7 +13,7 @@ use GuzzleHttp\Exception\RequestException;
 use http\Env\Response;
 
 readonly class DockerActionManager {
-    private const string API_VERSION = 'v1.41';
+    private const string API_VERSION = 'v1.44';
     private Client $guzzleClient;
 
     public function __construct(

From 8627366a39c11bf10f31299cbe253c413b1d606e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 09:35:47 +0100
Subject: [PATCH 3593/3949] clamav: hardcode `StreamMaxLength` to `2G`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile       | 5 +++--
 Containers/clamav/start.sh         | 2 --
 Containers/nextcloud/entrypoint.sh | 3 ++-
 php/containers.json                | 1 -
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 94d39b67..567c09cc 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -10,8 +10,9 @@ RUN set -ex; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 0|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+# StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
+    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2G|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
index bda4add5..609120c1 100644
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
-
 # Print out clamav version for compliance reasons
 clamscan --version
 
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 89d99d29..794b059d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -880,7 +880,8 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
         php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
         php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
-        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
+        # av_stream_max_length must be synced with StreamMaxLength inside clamav
+        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="2147483648"
         php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
         php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
         if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then
diff --git a/php/containers.json b/php/containers.json
index b291a625..481c5c92 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -231,7 +231,6 @@
         "TALK_PORT=%TALK_PORT%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
-        "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",

From 673873da631413887b9ed2d84d607204c8d801e6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:07:06 +0100
Subject: [PATCH 3594/3949] ConnectContainerIdToNetwork: remove
 `CheckDuplicate` as it is deprecated

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fd179f10..512fdc2b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -837,7 +837,6 @@ readonly class DockerActionManager {
                     [
                         'json' => [
                             'Name' => $network,
-                            'CheckDuplicate' => true,
                             'Driver' => 'bridge',
                             'Internal' => false,
                         ]

From e44a99ced2c6fc7e3fad0ee0b2ae2d91ddbeaac4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:20:47 +0100
Subject: [PATCH 3595/3949] clamav: size can only use M or K but not G as unit

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 567c09cc..7204328b 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -8,11 +8,11 @@ RUN set -ex; \
     chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
-    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxScanSize.*|MaxScanSize 2000M|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?MaxFileSize.*|MaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
 # StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
-    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2G|g" /etc/clamav/clamd.conf; \
+    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2000M|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
     sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \

From 1d685926118a940f54059917067d66828aa91a4a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 11 Nov 2025 10:45:17 +0100
Subject: [PATCH 3596/3949] clamav: use default clamd.comf path

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/supervisord.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
index e1216df5..1895ceb6 100644
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -13,14 +13,14 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf
+command=freshclam --foreground --stdout --daemon --daemon-notify=/etc/clamav/clamd.conf
 
 [program:clamd]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=clamd --foreground --config-file=/tmp/clamd.conf
+command=clamd --foreground --config-file=/etc/clamav/clamd.conf
 
 [program:milter]
 stdout_logfile=/dev/stdout

From 2d4d9d76d63e4ecca43a864c2ad6d872739ca20b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 15 Jun 2025 14:11:23 +0200
Subject: [PATCH 3597/3949] aio-caddy: change to v3 and further adjustments

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 6 ++++--
 community-containers/caddy/readme.md   | 2 ++
 manual-install/update-yaml.sh          | 1 +
 php/containers.json                    | 1 +
 php/src/Data/ConfigurationManager.php  | 9 +++++++++
 php/src/Docker/DockerActionManager.php | 5 +++++
 6 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 0e78175d..7245fe4d 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -5,7 +5,7 @@
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "ghcr.io/szaimen/aio-caddy",
-            "image_tag": "v2",
+            "image_tag": "v3",
             "internal_port": "443",
             "restart": "unless-stopped",
             "ports": [
@@ -24,7 +24,9 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
             ],
             "volumes": [
                 {
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 56984d59..e26a680a 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,6 +4,8 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
+- Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index 70d14b4e..af746aee 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -46,6 +46,7 @@ sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
+sed -i '/TURN_DOMAIN/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
diff --git a/php/containers.json b/php/containers.json
index 481c5c92..86d0e508 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -229,6 +229,7 @@
         "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%",
+        "TURN_DOMAIN=%TURN_DOMAIN%",
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a04158dc..00d5193b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -569,6 +569,15 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetTurnDomain() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['turn_domain'])) {
+            $config['turn_domain'] = '';
+        }
+
+        return $config['turn_domain'];
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 2692d87e..6694a39b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -283,6 +283,10 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
+                    // Skip publishing talk port if it is set to the same value like the apache port
+                    if ($port === $this->configurationManager->GetApachePort()) {
+                        continue;
+                    }
                 }
                 $ipBinding = $value->ipBinding;
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
@@ -538,6 +542,7 @@ readonly class DockerActionManager {
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
+            'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',

From d82e533a4becd6a6a9f3d5e8051a0be3b9db8a49 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Tue, 11 Nov 2025 17:35:07 +0700
Subject: [PATCH 3598/3949] fix whiteboard recording chrome

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 90aa72f2..c862c674 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -6,7 +6,16 @@ USER root
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash; \
-    chmod 777 -R /tmp
+    chmod 777 -R /tmp; \
+    if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
+        rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
+        mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
+        cat <<'EOF' >/usr/lib/chromium/chrome_crashpad_handler; \
+#!/bin/sh
+exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database="${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}" "$@"
+EOF
+        chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
+    fi
 USER 65534
 
 COPY --chmod=775 start.sh /start.sh

From ce74283f299b7761aa80cddb68ade939f6bbb963 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Tue, 11 Nov 2025 18:28:50 +0700
Subject: [PATCH 3599/3949] fix whiteboard recording chrome

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index c862c674..3e4af410 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -10,10 +10,7 @@ RUN set -ex; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
         rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
-        cat <<'EOF' >/usr/lib/chromium/chrome_crashpad_handler; \
-#!/bin/sh
-exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database="${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}" "$@"
-EOF
+        printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
         chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
     fi
 USER 65534

From e152bc3e45791c6c1cdd1b68ca4c484483d0c999 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Nov 2025 04:14:11 +0000
Subject: [PATCH 3600/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.6 to 8.19.7.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index a50aee53..8c46ed97 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.6
+FROM elasticsearch:8.19.7
 
 USER root
 

From 738022a9360a269f29376dec7da4df146729ec2e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:13:06 +0100
Subject: [PATCH 3601/3949] create `dispatch-workflow-repo` action

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/dispatch-workflow-repo.yml | 82 ++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 .github/workflows/dispatch-workflow-repo.yml

diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml
new file mode 100644
index 00000000..68eff9d1
--- /dev/null
+++ b/.github/workflows/dispatch-workflow-repo.yml
@@ -0,0 +1,82 @@
+# This workflow needs to be run on demand
+# It will update all workflow templates in a specific repository
+# This workflow is provided via the organization template repository
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Update workflows for specific repository
+
+on:
+  workflow_dispatch:
+    inputs:
+      repository:
+        description: 'The repository name (without owner prefix, e.g. "server")'
+        required: true
+        type: string
+        default: 'all-in-one'
+      branch:
+        description: 'The branch name to create the PR from (e.g. "main" or "stable32")'
+        required: true
+        type: string
+        default: 'main'
+
+permissions:
+  contents: read
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+
+    name: Update all workflows in ${{ github.event.inputs.repository }}
+
+    steps:
+      - name: Check actor permission
+        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
+        with:
+          require: admin
+
+      - name: Checkout target repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+          path: target
+          repository: ${{ github.repository_owner }}/${{ github.event.inputs.repository }}
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Checkout source repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+          path: source
+
+      - name: Copy all workflow templates
+        run: |
+          for workflow in ./source/workflow-templates/*.yml; do
+            if [ -f "$workflow" ]; then
+              filename=$(basename "$workflow")
+              target_file="./target/.github/workflows/$filename"
+              
+              # Only copy if the file exists in the target repository
+              if [ -f "$target_file" ]; then
+                echo "Updating existing workflow: $filename"
+                cp "$workflow" "$target_file"
+              else
+                echo "Skipping $filename (does not exist in target repository)"
+              fi
+            fi
+          done
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          body: 'Automated update of all workflow templates from https://github.com/${{ github.repository }}'
+          branch: 'feat/workflow-auto-update-all'
+          commit-message: 'ci: update all workflow templates from organization template repository'
+          committer: Nextcloud bot <bot@nextcloud.com>
+          author: Nextcloud bot <bot@nextcloud.com>
+          path: target
+          signoff: true
+          title: 'ci: update all workflow templates from organization template repository'
+          labels: dependencies
+          token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }}

From 2628d43ecdad03de0b8592e23b9a3d49929d936c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:14:07 +0100
Subject: [PATCH 3602/3949] Revert "create `dispatch-workflow-repo` action"

This reverts commit 738022a9360a269f29376dec7da4df146729ec2e.
---
 .github/workflows/dispatch-workflow-repo.yml | 82 --------------------
 1 file changed, 82 deletions(-)
 delete mode 100644 .github/workflows/dispatch-workflow-repo.yml

diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml
deleted file mode 100644
index 68eff9d1..00000000
--- a/.github/workflows/dispatch-workflow-repo.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-# This workflow needs to be run on demand
-# It will update all workflow templates in a specific repository
-# This workflow is provided via the organization template repository
-#
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Update workflows for specific repository
-
-on:
-  workflow_dispatch:
-    inputs:
-      repository:
-        description: 'The repository name (without owner prefix, e.g. "server")'
-        required: true
-        type: string
-        default: 'all-in-one'
-      branch:
-        description: 'The branch name to create the PR from (e.g. "main" or "stable32")'
-        required: true
-        type: string
-        default: 'main'
-
-permissions:
-  contents: read
-
-jobs:
-  dispatch:
-    runs-on: ubuntu-latest
-
-    name: Update all workflows in ${{ github.event.inputs.repository }}
-
-    steps:
-      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-        with:
-          require: admin
-
-      - name: Checkout target repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-          path: target
-          repository: ${{ github.repository_owner }}/${{ github.event.inputs.repository }}
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: Checkout source repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-          path: source
-
-      - name: Copy all workflow templates
-        run: |
-          for workflow in ./source/workflow-templates/*.yml; do
-            if [ -f "$workflow" ]; then
-              filename=$(basename "$workflow")
-              target_file="./target/.github/workflows/$filename"
-              
-              # Only copy if the file exists in the target repository
-              if [ -f "$target_file" ]; then
-                echo "Updating existing workflow: $filename"
-                cp "$workflow" "$target_file"
-              else
-                echo "Skipping $filename (does not exist in target repository)"
-              fi
-            fi
-          done
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          body: 'Automated update of all workflow templates from https://github.com/${{ github.repository }}'
-          branch: 'feat/workflow-auto-update-all'
-          commit-message: 'ci: update all workflow templates from organization template repository'
-          committer: Nextcloud bot <bot@nextcloud.com>
-          author: Nextcloud bot <bot@nextcloud.com>
-          path: target
-          signoff: true
-          title: 'ci: update all workflow templates from organization template repository'
-          labels: dependencies
-          token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }}

From 1811ba1d38c6a7afdaa240550031ba32f8d9f585 Mon Sep 17 00:00:00 2001
From: Nextcloud bot <bot@nextcloud.com>
Date: Wed, 12 Nov 2025 10:35:37 +0000
Subject: [PATCH 3603/3949] ci: update all workflow templates from organization
 template repository

Signed-off-by: Nextcloud bot <bot@nextcloud.com>
---
 .github/workflows/lint-php.yml | 39 +++++++++++++++--------
 .github/workflows/psalm.yml    | 56 ++++++++++++++++++++++------------
 2 files changed, 62 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 81ada6da..ae487584 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -2,18 +2,13 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Lint php
 
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
+on: pull_request
 
 permissions:
   contents: read
@@ -23,29 +18,47 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  matrix:
+    runs-on: ubuntu-latest-low
+    outputs:
+      php-versions: ${{ steps.versions.outputs.php-versions }}
+    steps:
+      - name: Checkout app
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Get version matrix
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
+
   php-lint:
     runs-on: ubuntu-latest
+    needs: matrix
     strategy:
       matrix:
-        php-versions: [ "8.4" ]
+        php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}}
 
     name: php-lint
 
     steps:
       - name: Checkout
-        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: cd php && composer run lint
+        run: composer run lint
 
   summary:
     permissions:
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 3fcdae12..3059026e 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -2,23 +2,21 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Static analysis
 
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
+on: pull_request
 
 concurrency:
   group: psalm-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   static-analysis:
     runs-on: ubuntu-latest
@@ -26,21 +24,39 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
-
-      - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          php-version: 8.4
-          extensions: apcu
+          persist-credentials: false
+
+      - name: Get php version
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+
+      - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
+        run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
+
+      - name: Set up php${{ steps.versions.outputs.php-available }}
+        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        with:
+          php-version: ${{ steps.versions.outputs.php-available }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
+          # Temporary workaround for missing pcntl_* in PHP 8.3
+          ini-values: disable_functions=
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install dependencies and run psalm
+      - name: Install dependencies
         run: |
-          set -x
-          cd php
-          composer install
-          composer run psalm
+          composer remove nextcloud/ocp --dev --no-scripts
+          composer i
+
+      - name: Check for vulnerable PHP dependencies
+        run: composer require --dev roave/security-advisories:dev-latest
+
+      - name: Install nextcloud/ocp
+        run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
+
+      - name: Run coding standards check
+        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github

From fcba94e4d1e9a824e4412f65eb26ba5b1c7934c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 11:49:46 +0100
Subject: [PATCH 3604/3949] restore some details

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-php.yml | 30 ++++++++++---------------
 .github/workflows/psalm.yml    | 40 +++++++++++++++-------------------
 2 files changed, 28 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index ae487584..9c5e8925 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -8,7 +8,15 @@
 
 name: Lint php
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
 
 permissions:
   contents: read
@@ -18,26 +26,11 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  matrix:
-    runs-on: ubuntu-latest-low
-    outputs:
-      php-versions: ${{ steps.versions.outputs.php-versions }}
-    steps:
-      - name: Checkout app
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Get version matrix
-        id: versions
-        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
-
   php-lint:
     runs-on: ubuntu-latest
-    needs: matrix
     strategy:
       matrix:
-        php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}}
+        php-versions: [ "8.4" ]
 
     name: php-lint
 
@@ -51,14 +44,13 @@ jobs:
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
           ini-file: development
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: composer run lint
+        run: cd php && composer run lint
 
   summary:
     permissions:
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 3059026e..6ba0256a 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -8,7 +8,15 @@
 
 name: Static analysis
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
 
 concurrency:
   group: psalm-${{ github.head_ref || github.run_id }}
@@ -28,18 +36,11 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Get php version
-        id: versions
-        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
-
-      - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
-        run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
-
-      - name: Set up php${{ steps.versions.outputs.php-available }}
+      - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
         with:
-          php-version: ${{ steps.versions.outputs.php-available }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          php-version: 8.4
+          extensions: apcu
           coverage: none
           ini-file: development
           # Temporary workaround for missing pcntl_* in PHP 8.3
@@ -47,16 +48,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install dependencies
+      - name: Install dependencies and run psalm
         run: |
-          composer remove nextcloud/ocp --dev --no-scripts
-          composer i
-
-      - name: Check for vulnerable PHP dependencies
-        run: composer require --dev roave/security-advisories:dev-latest
-
-      - name: Install nextcloud/ocp
-        run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
-
-      - name: Run coding standards check
-        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github
+          set -x
+          cd php
+          composer install
+          composer run psalm

From a5fd4b2142ac56eaaa6f9fdecb1c22c56dfa3217 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Nov 2025 12:09:02 +0000
Subject: [PATCH 3605/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 7f5742df..2808f48f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3755,16 +3755,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.0",
+            "version": "3.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67"
+                "reference": "6a740f39415aee8886aea10333403adc77d50791"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
-                "reference": "7dcfc67d60b0272926dabad1ec01f6b8a5fb5e67",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791",
+                "reference": "6a740f39415aee8886aea10333403adc77d50791",
                 "shasum": ""
             },
             "require": {
@@ -3807,7 +3807,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.0"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.1"
             },
             "funding": [
                 {
@@ -3819,7 +3819,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-16T12:45:15+00:00"
+            "time": "2025-11-12T10:32:50+00:00"
         },
         {
             "name": "sserbin/twig-linter",

From 5b2cd9d549224d8ac4c41f309dabe369ad0ab897 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 12 Nov 2025 12:11:53 +0000
Subject: [PATCH 3606/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 7a06c73b..1082518e 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=9130559da17f882f2db4dbc2a3ed0425f41f25e4	
+ENV WATCHTOWER_COMMIT_HASH=87b5518858f6a96e8edf784bdc855d29951643e6	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.1
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.2
 
 FROM alpine:3.22.2
 

From 5a081faee1143342e052b3d3c55e9a7e14e5c158 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 12 Nov 2025 14:44:05 +0100
Subject: [PATCH 3607/3949] clamav: create `/tmp` directory

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 7204328b..eab313fd 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -4,8 +4,8 @@ FROM alpine:3.22.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache tzdata clamav clamav-milter supervisor bash; \
-    mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
-    chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+    mkdir -p /tmp /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \
+    chmod 777 -R /tmp /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
     chown -R 100:100 /var/lib/clamav; \
     sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?MaxScanSize.*|MaxScanSize 2000M|g" /etc/clamav/clamd.conf; \

From e38a0d0a03ebee93933afc541b2346d670d6f71f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 10:31:29 +0100
Subject: [PATCH 3608/3949] domain-validation: move skipping domain validation
 log to a different place

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 00d5193b..3f326e3e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -315,8 +315,9 @@ class ConfigurationManager
         }
 
         // Skip domain validation if opted in to do so
-        if (!$this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
-
+        if ($this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
+            error_log('Skipping domain validation');
+        } else {
             $dnsRecordIP = gethostbyname($domain);
             if ($dnsRecordIP === $domain) {
                 $dnsRecordIP = '';
@@ -909,7 +910,6 @@ class ConfigurationManager
 
     public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool {
         if ($skipDomainValidation || getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
-            error_log('Skipping domain validation');
             return true;
         }
         return false;

From 03205692605446452c84cec8998b803aff369c0b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 11:08:29 +0100
Subject: [PATCH 3609/3949] change whiteboard to be disable by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3f326e3e..579c0f3b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,10 +164,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
-            return false;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
             return true;
+        } else {
+            return false;
         }
     }
 

From c3ab1cc4ba502458b5b7777262b2cec3011d8a00 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 11:42:57 +0100
Subject: [PATCH 3610/3949] nextcloud-entrypoint: fix variable types of
 fulltextsearch:configure

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 794b059d..13418a3c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -948,7 +948,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         fi
         php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
         php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
-        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+        php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}"
 
         # Do the index
         if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then

From 622270687266ee311eb1898e0a7df0118722f516 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 13 Nov 2025 12:11:46 +0000
Subject: [PATCH 3611/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 1082518e..602d2106 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.4-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=87b5518858f6a96e8edf784bdc855d29951643e6	
+ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.2
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.3
 
 FROM alpine:3.22.2
 

From 9a684e8b3b1754e4ba011ecb23e442cd49d785dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 15:17:03 +0100
Subject: [PATCH 3612/3949] fix a bug with aio-caddy now proxying all traffic
 to aio-talk

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 8 ++++----
 community-containers/caddy/readme.md   | 2 +-
 php/src/Docker/DockerActionManager.php | 5 +++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 7245fe4d..e4669e09 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -24,9 +24,7 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
-                "turn_domain=turn.%NC_DOMAIN%",
-                "talk_port=443"
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
                 {
@@ -45,7 +43,9 @@
             ],
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
-                "apache_port=11000"
+                "apache_port=11000",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
             ],
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index e26a680a..ba13015e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6694a39b..7197c56b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -225,6 +225,7 @@ readonly class DockerActionManager {
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
+            $variable = $this->replaceEnvPlaceholders($variable);
             $variableArray = explode('=', $variable);
             $config[$variableArray[0]] = $variableArray[1];
             $this->configurationManager->WriteConfig($config);
@@ -283,8 +284,8 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
-                    // Skip publishing talk port if it is set to the same value like the apache port
-                    if ($port === $this->configurationManager->GetApachePort()) {
+                    // Skip publishing talk port if it is set to 443
+                    if ($port === '443') {
                         continue;
                     }
                 }

From 74cdd0e69be18b7cc2cd045a0c423d58329614a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Nov 2025 04:13:42 +0000
Subject: [PATCH 3613/3949] build(deps): bump postgres in
 /Containers/postgresql

Bumps postgres from 17.6-alpine to 17.7-alpine.

---
updated-dependencies:
- dependency-name: postgres
  dependency-version: 17.7-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/postgresql/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 2533a5d1..4da6a372 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
-FROM postgres:17.6-alpine
+FROM postgres:17.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 058b30acea1e38e4f13e6224971d9190649a1b85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Nov 2025 04:13:45 +0000
Subject: [PATCH 3614/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.1-scratch to 2.12.2-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.2-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 888d3a38..a74fa1ae 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.1-scratch AS nats
+FROM nats:2.12.2-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 8e1d15a9833bf6196bf0fc16c00b72094c370923 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Fri, 14 Nov 2025 18:00:43 +0700
Subject: [PATCH 3615/3949] fix whiteboard recording chrome #3

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 3e4af410..cff8ab6e 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -4,11 +4,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 
 USER root
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
     apk add --no-cache bash; \
-    chmod 777 -R /tmp; \
-    if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
-        rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
+    if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
         chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
@@ -20,7 +17,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /tmp
+WORKDIR /app
 
 ENTRYPOINT ["/start.sh"]
 

From 7e03d8412cfa3f4cd7f990b18197969c28554c04 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 15 Nov 2025 12:04:23 +0000
Subject: [PATCH 3616/3949] talk-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 83b7859b..cc58aa43 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -4,7 +4,7 @@ FROM python:3.14.0-alpine3.22
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-ENV RECORDING_VERSION=v0.2.0
+ENV RECORDING_VERSION=v0.2.1
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
 ENV NC_PROTOCOL=https

From 2777c3fed56794d06f4e094adc50ffcaf20c3ac9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Nov 2025 04:14:50 +0000
Subject: [PATCH 3617/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.1.1 to 25.04.7.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 10f068ea..d9b3018a 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.1.1
+FROM collabora/code:25.04.7.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From c0dfba5272d48057771626e7f585103744209343 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 18 Nov 2025 12:13:50 +0100
Subject: [PATCH 3618/3949] nextcloud-entrypoint: don't wait forever for
 onlyoffice to become available

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 51 ++++++++++++++++--------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 13418a3c..09d7d15c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -769,33 +769,38 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         ONLYOFFICE_PORT=443
     fi
 
-    # Wait for OnlyOffice to become available
-    while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do
+    count=0
+    while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT" && [ "$count" -lt 90 ]; do
         echo "Waiting for OnlyOffice to become available..."
+        count=$((count+5))
         sleep 5
     done
+    if [ "$count" -ge 90 ]; then
+        bash /notify.sh "Onlyoffice did not start in time!" "Skipping initialization and disabling onlyoffice app."
+        php /var/www/html/occ app:disable onlyoffice
+    else
+        # Install or enable OnlyOffice app as needed
+        if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+            php /var/www/html/occ app:install onlyoffice
+        elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
+            php /var/www/html/occ app:enable onlyoffice
+        elif [ "$SKIP_UPDATE" != 1 ]; then
+            php /var/www/html/occ app:update onlyoffice
+        fi
 
-    # Install or enable OnlyOffice app as needed
-    if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
-        php /var/www/html/occ app:install onlyoffice
-    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable onlyoffice
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update onlyoffice
+        # Set OnlyOffice configuration
+        php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+        php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+        php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
+
+        # Adjust the OnlyOffice host if using internal pattern
+        if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
+            ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
+            export ONLYOFFICE_HOST
+        fi
+
+        php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
     fi
-
-    # Set OnlyOffice configuration
-    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
-
-    # Adjust the OnlyOffice host if using internal pattern
-    if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then
-        ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice"
-        export ONLYOFFICE_HOST
-    fi
-
-    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST"
 else
     # Remove OnlyOffice app if disabled and removal is requested
     if [ "$REMOVE_DISABLED_APPS" = yes ] && \
@@ -867,7 +872,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
         sleep 5
     done
     if [ "$count" -ge 90 ]; then
-        echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app."
+        bash /notify.sh "ClamAV did not start in time!" "Skipping initialization and disabling files_antivirus app."
         php /var/www/html/occ app:disable files_antivirus
     else
         if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then

From 19ab7f39312163d734ca7edac80fea81a8934066 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 04:14:28 +0000
Subject: [PATCH 3619/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 28.5.2-cli to 29.0.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.0.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 24b7cee0..179c0a76 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.5.2-cli AS docker
+FROM docker:29.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From d889e9660332e4cba1b3ce5382035144cabf86f0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 19 Nov 2025 12:03:32 +0000
Subject: [PATCH 3620/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 66 ++++++++++++++++++++++++++---------------------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 2808f48f..fd7a5de3 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3111,33 +3111,38 @@
         },
         {
             "name": "league/uri",
-            "version": "7.5.1",
+            "version": "7.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "81fb5145d2644324614cc532b28efd0215bda430"
+                "reference": "f625804987a0a9112d954f9209d91fec52182344"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430",
-                "reference": "81fb5145d2644324614cc532b28efd0215bda430",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/f625804987a0a9112d954f9209d91fec52182344",
+                "reference": "f625804987a0a9112d954f9209d91fec52182344",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.5",
-                "php": "^8.1"
+                "league/uri-interfaces": "^7.6",
+                "php": "^8.1",
+                "psr/http-factory": "^1"
             },
             "conflict": {
                 "league/uri-schemes": "^1.0"
             },
             "suggest": {
                 "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-dom": "to convert the URI into an HTML anchor tag",
                 "ext-fileinfo": "to create Data URI from file contennts",
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
+                "ext-uri": "to use the PHP native URI class",
                 "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain",
                 "league/uri-components": "Needed to easily manipulate URI objects components",
+                "league/uri-polyfill": "Needed to backport the PHP URI extension for older versions of PHP",
                 "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle WHATWG URL",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3165,6 +3170,7 @@
             "description": "URI manipulation library",
             "homepage": "https://uri.thephpleague.com",
             "keywords": [
+                "URN",
                 "data-uri",
                 "file-uri",
                 "ftp",
@@ -3177,9 +3183,11 @@
                 "psr-7",
                 "query-string",
                 "querystring",
+                "rfc2141",
                 "rfc3986",
                 "rfc3987",
                 "rfc6570",
+                "rfc8141",
                 "uri",
                 "uri-template",
                 "url",
@@ -3189,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.5.1"
+                "source": "https://github.com/thephpleague/uri/tree/7.6.0"
             },
             "funding": [
                 {
@@ -3197,26 +3205,25 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-08T08:40:02+00:00"
+            "time": "2025-11-18T12:17:23+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.5.0",
+            "version": "7.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742"
+                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
-                "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/ccbfb51c0445298e7e0b7f4481b942f589665368",
+                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368",
                 "shasum": ""
             },
             "require": {
                 "ext-filter": "*",
                 "php": "^8.1",
-                "psr/http-factory": "^1",
                 "psr/http-message": "^1.1 || ^2.0"
             },
             "suggest": {
@@ -3224,6 +3231,7 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle WHATWG URL",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3248,7 +3256,7 @@
                     "homepage": "https://nyamsprod.com"
                 }
             ],
-            "description": "Common interfaces and classes for URI representation and interaction",
+            "description": "Common tools for parsing and resolving RFC3987/RFC3986 URI",
             "homepage": "https://uri.thephpleague.com",
             "keywords": [
                 "data-uri",
@@ -3273,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.5.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.6.0"
             },
             "funding": [
                 {
@@ -3281,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-12-08T08:18:47+00:00"
+            "time": "2025-11-18T12:17:23+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3447,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.3",
+            "version": "5.6.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9"
+                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94f8051919d1b0369a6bcc7931d679a511c03fe9",
-                "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2",
+                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2",
                 "shasum": ""
             },
             "require": {
@@ -3505,22 +3513,22 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.3"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4"
             },
-            "time": "2025-08-01T19:43:32+00:00"
+            "time": "2025-11-17T21:13:10+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.10.0",
+            "version": "1.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a"
+                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/679e3ce485b99e84c775d28e2e96fade9a7fb50a",
-                "reference": "679e3ce485b99e84c775d28e2e96fade9a7fb50a",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/431c02da15e566adb0ad9c5030fa6f6204d9de9e",
+                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e",
                 "shasum": ""
             },
             "require": {
@@ -3563,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.0"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.1"
             },
-            "time": "2024-11-09T15:12:26+00:00"
+            "time": "2025-11-18T07:51:16+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
@@ -4799,5 +4807,5 @@
         "ext-apcu": "*"
     },
     "platform-dev": {},
-    "plugin-api-version": "2.6.0"
+    "plugin-api-version": "2.9.0"
 }

From 143cf5157cd9bc2caabeb2ff87305a62101b8187 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 14 Nov 2025 11:52:45 +0100
Subject: [PATCH 3621/3949] allow to specify the `DOCKER_API_VERSION`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh     | 33 +++++++++++++++++++------
 compose.yaml                            |  1 +
 php/src/Docker/DockerActionManager.php  |  8 +++++-
 readme.md                               |  6 ++++-
 tests/QA/060-environmental-variables.md |  1 +
 5 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 616068f3..243287ea 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -83,19 +83,36 @@ if ! sudo -u www-data docker info &>/dev/null; then
     echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
     exit 1
 fi
+
+# Docker api version check
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
 API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
-# shellcheck disable=SC2001
-API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
-if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
-    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+if [ -n "$DOCKER_API_VERSION" ]; then
+    if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then
+        print_red "You've set DOCKER_API_VERSION but not to an allowed value.
+The string must be a version number like e.g. '1.44'.
+It is set to '$DOCKER_API_VERSION'."
         exit 1
     fi
+    print_red "DOCKER_API_VERSION was found to be set to '$DOCKER_API_VERSION'."
+    print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+    print_red "So you run on your own risk and things might break without warning."
 else
-    echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
-    sleep 10
+    # shellcheck disable=SC2001
+    API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+    LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+    if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
+        if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
+            print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+            echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
+            echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+            echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
+            exit 1
+        fi
+    else
+        echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
+        sleep 10
+    fi
 fi
 
 # Check Storage drivers
diff --git a/compose.yaml b/compose.yaml
index f2026388..13170c7e 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -21,6 +21,7 @@ services:
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
       # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
       # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6694a39b..345c0100 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -26,7 +26,13 @@ readonly class DockerActionManager {
     }
 
     private function BuildApiUrl(string $url): string {
-        return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
+        $apiVersion = getenv('DOCKER_API_VERSION');
+        if ($apiVersion === false || empty($apiVersion)) {
+            $apiVersion = self::API_VERSION;
+        } else {
+            $apiVersion = 'v'. $apiVersion;
+        }
+        return sprintf('http://127.0.0.1/%s/%s', $apiVersion, $url);
     }
 
     private function BuildImageName(Container $container): string {
diff --git a/readme.md b/readme.md
index 49ac1d1f..0aa54476 100644
--- a/readme.md
+++ b/readme.md
@@ -214,6 +214,7 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [Note on storage options](#note-on-storage-options)
     - [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled)
 - [Customization](#customization)
+    - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version)
     - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
     - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
     - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
@@ -427,6 +428,9 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa
 
 ## Customization
 
+### How to adjust the internally used docker api version?
+If you run an outdated or too new docker version, you might run into problems with the by AIO internally used docker api version. To fix this, you can specify the api version manually. You can do so by adding `--env DOCKER_API_VERSION=1.44` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). This variable excepts a string based on the pattern `[0-9].[0-9]+`, so e.g. `1.44`. ⚠️ However please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning.
+
 ### How to change the default location of Nextcloud's Datadir?
 > [!WARNING]  
 > Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.
@@ -591,7 +595,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Additionally, you likely need to adjust the internally used api version. See [this documentation](#how-to-adjust-the-internally-used-docker-api-version). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
 > [!NOTE]  
 > It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md
index 818ecf7c..b984c0e3 100644
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -6,6 +6,7 @@
 - [ ] When starting the mastercontainer with `--env TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)
 - [ ] When starting the mastercontainer with `--env SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.
+- [ ] When starting the mastercontainer with `--env DOCKER_API_VERSION=1.44` it should use the mentioned docker API version internally for all requests
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.

From d26924b1e714c3557c9a9912a9504d689a280bea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 10:40:23 +0100
Subject: [PATCH 3622/3949] Apply suggestion from @szaimen

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index cff8ab6e..cce2ed85 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -5,6 +5,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 USER root
 RUN set -ex; \
     apk add --no-cache bash; \
+    chmod 777 -R /tmp; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
@@ -17,7 +18,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /app
+WORKDIR /tmp
 
 ENTRYPOINT ["/start.sh"]
 

From cf6166d6181dcdb653a9460d642927f157cf5a5a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 10:55:33 +0100
Subject: [PATCH 3623/3949] increase to 12.1.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 90156bf8..79bff6a0 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.0.0</h1>
+            <h1>Nextcloud AIO v12.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 84f5e6a4b2f23d2d951e2c2d8d2264f582ad9aca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 11:06:12 +0100
Subject: [PATCH 3624/3949] domain-validation: make not-reachable error even
 more verbose

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 579c0f3b..13b3d39f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -351,7 +351,7 @@ class ConfigurationManager
             if ($connection) {
                 fclose($connection);
             } else {
-                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.");
+                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. Or in other words: NAT loopback (Hairpinning) does not seem to work in your network. You can work around that by setting up a local DNS server and utilizing Split-Brain-DNS and configuring the daemon.json file of your docker daemon to use the local DNS server.");
             }
 
             // Get Instance ID

From 2fec40568bbe1e23dfae46a81a7ee2df4d5cd7b9 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 20 Nov 2025 10:36:01 +0000
Subject: [PATCH 3625/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 413c74e5..69c45670 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.1
+ENV NEXTCLOUD_VERSION=32.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 299c9eeb1c17ff1a424e31ab461f95114b3dd759 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:14:19 +0100
Subject: [PATCH 3626/3949] adjust bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 691221d7..d3228dfa 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -30,4 +30,6 @@ labels: 0. Needs triage
 
 #### Docker run command or docker-compose file that you used
 
-#### Other valuable info <!--- (like logs, screenshots & Co.) -->
+#### Output of `sudo docker logs nextcloud-aio-mastercontainer`
+
+#### Other valuable info <!--- (like additional logs, screenshots & Co.) -->

From 3b6086118945b72db0b522dadb66d01e3bb40846 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:50:00 +0100
Subject: [PATCH 3627/3949] downgrade docker to fix incompatibility with
 synology DSM

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml                | 2 ++
 Containers/mastercontainer/Dockerfile | 3 ++-
 Containers/mastercontainer/start.sh   | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f79c4ce2..f40b2582 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -58,3 +58,5 @@ updates:
       update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]
+    - dependency-name: "docker"
+      update-types: ["version-update:semver-major"]
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 179c0a76..c642ab15 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,7 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.2-cli AS docker
+# Needs to stay on v28 for now until Synology upgrades their docker version to at least v25
+FROM docker:28.5.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 243287ea..8e2bbcda 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -76,7 +76,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info &>/dev/null; then
+if ! sudo -u www-data docker info >/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"

From 5c2321a6766fa7940ad165b36f049b3b2f2eed5b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 15:58:34 +0100
Subject: [PATCH 3628/3949] increase to v12.1.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 79bff6a0..6e07afa3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.0</h1>
+            <h1>Nextcloud AIO v12.1.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 52244a247ed63187700bae8ef840e056691e540c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:02:34 +0100
Subject: [PATCH 3629/3949] Revert "downgrade internal docker to fix
 incompatibility with synology DSM"

---
 .github/dependabot.yml                | 2 --
 Containers/mastercontainer/Dockerfile | 3 +--
 Containers/mastercontainer/start.sh   | 2 +-
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f40b2582..f79c4ce2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -58,5 +58,3 @@ updates:
       update-types: ["version-update:semver-major"]
     - dependency-name: "elasticsearch"
       update-types: ["version-update:semver-major"]
-    - dependency-name: "docker"
-      update-types: ["version-update:semver-major"]
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c642ab15..179c0a76 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,7 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-# Needs to stay on v28 for now until Synology upgrades their docker version to at least v25
-FROM docker:28.5.2-cli AS docker
+FROM docker:29.0.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 8e2bbcda..243287ea 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -76,7 +76,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info >/dev/null; then
+if ! sudo -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"

From 3100cffe2b667ad0fe6fa80deec57d5a67700fff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:07:07 +0100
Subject: [PATCH 3630/3949] keep envs for sudo command

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile      |  4 ++--
 Containers/mastercontainer/cron.sh         | 16 ++++++++--------
 Containers/mastercontainer/daily-backup.sh | 16 ++++++++--------
 Containers/mastercontainer/start.sh        | 18 +++++++++---------
 Containers/nextcloud/start.sh              |  8 ++++----
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 179c0a76..7e5b5b2a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -74,8 +74,8 @@ RUN set -ex; \
     rm -r ./php/tests; \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
-    sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clear-cache; \
+    sudo -E -u www-data composer install --no-dev; \
+    sudo -E -u www-data composer clear-cache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod -R 770 /var/www/docker-aio; \
diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 5829d8da..67af80e7 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -45,29 +45,29 @@ while true; do
 
     # Check for updates and send notification if yes on saturdays
     if [ "$(date +%u)" = 6 ]; then
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
+        sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
     fi
 
     # Check if AIO is outdated
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
 
     # Remove sessions older than 24h
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 
     # Remove nextcloud-aio-domaincheck container
-    if sudo -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
-        sudo -u www-data docker container remove nextcloud-aio-domaincheck
+    if sudo -E -u www-data docker ps --format "{{.Names}}" --filter "status=exited" | grep -q "^nextcloud-aio-domaincheck$"; then
+        sudo -E -u www-data docker container remove nextcloud-aio-domaincheck
     fi
 
     # Remove dangling images
-    sudo -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
+    sudo -E -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
 
     # Check for available free space
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
 
     # Remove mastercontainer from default bridge network
-    if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
-        sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
+    if sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
+        sudo -E -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
     fi
 
     # Wait 60s so that the whole loop will not be executed again
diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index 5c97c0ca..edc5bddd 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -20,7 +20,7 @@ fi
 if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
     find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
 fi
-sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
 APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
@@ -50,7 +50,7 @@ done
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Starting mastercontainer update..." 
     echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
 fi
 
 # Wait for watchtower to stop
@@ -67,20 +67,20 @@ fi
 # Update container images to reduce downtime later on
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Updating container images..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php
 fi
 
 # Stop containers if required
 # shellcheck disable=SC2235
 if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
     echo "Stopping containers..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
 fi
 
 # Execute the backup itself and some related tasks (also stops the containers)
 if [ "$DAILY_BACKUP" = 1 ]; then
     echo "Creating daily backup..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; then
         echo "Something seems to be wrong: the borg container should be started at this step."
     fi
@@ -93,17 +93,17 @@ fi
 # Execute backup check
 if [ "$CHECK_BACKUP" = 1 ]; then
     echo "Starting backup check..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
 fi
 
 # Start and/or update containers
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
     echo "Starting and updating containers..."
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
+    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
 else
     if [ "$START_CONTAINERS" = 1 ]; then
         echo "Starting containers without updating them..."
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
+        sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
     fi
 fi
 
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 243287ea..77c4675e 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -51,7 +51,7 @@ elif mountpoint -q /var/www/docker-aio/php/containers.json; then
     echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install"
     echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml"
     exit 1
-elif ! sudo -u www-data test -r /var/run/docker.sock; then
+elif ! sudo -E -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
     DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
@@ -69,14 +69,14 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
         groupadd -g "$DOCKER_GROUP_ID" docker
         usermod -aG docker www-data
     fi
-    if ! sudo -u www-data test -r /var/run/docker.sock; then
+    if ! sudo -E -u www-data test -r /var/run/docker.sock; then
         print_red "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1
     fi
 fi
 
 # Check if api version is supported
-if ! sudo -u www-data docker info &>/dev/null; then
+if ! sudo -E -u www-data docker info &>/dev/null; then
     print_red "Cannot connect to the docker socket. Cannot proceed."
     echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
     echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
@@ -100,7 +100,7 @@ It is set to '$DOCKER_API_VERSION'."
 else
     # shellcheck disable=SC2001
     API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-    LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
     if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
         if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
             print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
@@ -116,7 +116,7 @@ else
 fi
 
 # Check Storage drivers
-STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
+STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
 if echo "$STORAGE_DRIVER" | grep -q vfs; then
     echo "$STORAGE_DRIVER"
@@ -127,23 +127,23 @@ elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
 fi
 
 # Check if snap install
-if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
+if sudo -E -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
     print_red "Warning: It looks like your installation uses docker installed via snap."
     print_red "This comes with some limitations and is disrecommended by the docker maintainers."
     print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
 fi
 
 # Check if startup command was executed correctly
-if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
+if ! sudo -E -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
-elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
+elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
-elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
+elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
     print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 37aa4d98..14cb35d1 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -8,7 +8,7 @@ fi
 # Only start container if database is accessible
 # POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
 # shellcheck disable=SC2153
-while ! sudo -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
+while ! sudo -E -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
     echo "Waiting for database to start..."
     sleep 5
 done
@@ -25,7 +25,7 @@ fi
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
     sleep 2
-    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -E -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start..."
         sleep 5
     done
@@ -56,12 +56,12 @@ fi
 set +x
 
 # Check datadir permissions
-sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
     chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
     chmod 750 -R "$NEXTCLOUD_DATA_DIR"
 fi
-sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+sudo -E -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then

From 5dfb62216bc5b4f824dd49bdb445fddb3260cfe5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 16:31:19 +0100
Subject: [PATCH 3631/3949] fix docker permiss issue notice

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 7e5b5b2a..68ac73c6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -12,6 +12,9 @@ EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443
 
+# Overwrite home variable for subservices
+ENV HOME=/var/www
+
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 

From ce3c59618b917b804b2c2ddef2eafd1b5a0a72b2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 21:44:46 +0100
Subject: [PATCH 3632/3949] s3-config: always use the nextcloud bundle for
 verification

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 04e606be..66e1476d 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -22,7 +22,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         // required for some non Amazon S3 implementations
         'use_path_style' => strtolower($use_path) === 'true',
         // required for older protocol versions
-        'legacy_auth' => strtolower($use_legacyauth) === 'true'
+        'legacy_auth' => strtolower($use_legacyauth) === 'true',
+        'use_nextcloud_bundle' => 1,
       )
     )
   );

From 3d62da3ceacceffcf11ca07cbdcf02d10f7c3bf7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 04:16:50 +0000
Subject: [PATCH 3633/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.14-fpm-alpine3.22 to 8.4.15-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.15-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 68ac73c6..dae14ea5 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.0.2-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.14-fpm-alpine3.22
+FROM php:8.4.15-fpm-alpine3.22
 
 EXPOSE 80
 EXPOSE 8080

From 4e4306945df5287942d7f1eb303ce85e0872d6bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 04:17:12 +0000
Subject: [PATCH 3634/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.27-fpm-alpine3.22 to 8.3.28-fpm-alpine3.22.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.28-fpm-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 69c45670..034ebba2 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.27-fpm-alpine3.22
+FROM php:8.3.28-fpm-alpine3.22
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From 71bb2a737058b147b5107b1476ffe548d5dcc1ca Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:29:48 +0100
Subject: [PATCH 3635/3949] adjust aio-caddy docs and config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json | 2 +-
 community-containers/caddy/readme.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index e4669e09..b85d74a0 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -44,7 +44,7 @@
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
                 "apache_port=11000",
-                "turn_domain=turn.%NC_DOMAIN%",
+                "turn_domain=%NC_DOMAIN%",
                 "talk_port=443"
             ],
             "nextcloud_exec_commands": [
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index ba13015e..99bf133e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.

From ff8aed8b38cd23ffc2f37f2edcc3b43d532aa368 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:31:08 +0100
Subject: [PATCH 3636/3949] Revert "ConnectContainerIdToNetwork: remove
 `CheckDuplicate` as it is deprecated"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 463b4a72..b63fef32 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -849,6 +849,7 @@ readonly class DockerActionManager {
                     [
                         'json' => [
                             'Name' => $network,
+                            'CheckDuplicate' => true,
                             'Driver' => 'bridge',
                             'Internal' => false,
                         ]

From d6cbe210e43b793f95e62642410b30d71b42303d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:55:48 +0100
Subject: [PATCH 3637/3949] fix the docs regarding START_CONTAINERS

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0aa54476..0ae3d618 100644
--- a/readme.md
+++ b/readme.md
@@ -1093,7 +1093,7 @@ You can do so by running the `/daily-backup.sh` script that is stored in the mas
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers at the start of the script. Implied by `DAILY_BACKUP=1`.
-- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `DAILY_BACKUP=1`.
+- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `AUTOMATIC_UPDATES=1`.
 - `CHECK_BACKUP` if set to `1`, it will start the integrity check of all borg backups made by AIO. Note that the backup check is non blocking so containers can be kept running while the check lasts. That means you can't pass `DAILY_BACKUP=1` at the same time. The output of the check can be found in the logs of the container `nextcloud-aio-borgbackup`.
 
 One example to do a backup would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.

From 2d0f12a8b6a0d39910d36e26e421027e0fda3eba Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 21 Nov 2025 09:58:52 +0100
Subject: [PATCH 3638/3949] increase to v12.1.2

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 6e07afa3..fc2ae585 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.1</h1>
+            <h1>Nextcloud AIO v12.1.2</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From eefaf19c21315e589953e8bf0a2c227ebe8cfbe2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Nov 2025 12:17:44 +0000
Subject: [PATCH 3639/3949] build(deps): bump actions/checkout from 5 to 6 in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index c4df7592..1d14787a 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 92434695..57f2fdc0 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index eddc2be1..026b6e5f 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index e6205d4e..9a2432fb 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 1551c48a..5495ca0c 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 437e8ea1..5a108936 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 4b7fe096..2affec36 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index e22ca689..c7a25b1b 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 650ae709..0dc17ffa 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9c5e8925..9e4b2444 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 7d153d7b..24246326 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index d2bccbd5..dc2ee90e 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8c7b0a93..31f5bb29 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 67618422..a671f546 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 6ba0256a..b54344c4 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4924d9bc..4199b93b 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index ed04851a..e88d6571 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 107edc8b..e7c27f74 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 364b3aae..8ae3e445 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index b10fb430..ab706366 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index d8c6c6e0..f7677d5e 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 044dbc10..8d8465ff 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 849d95ff7521abe896d28e3325c0222ba3997a6b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 22 Nov 2025 12:03:13 +0000
Subject: [PATCH 3640/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fd7a5de3..6a33558f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1148,22 +1148,22 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.15.0",
+            "version": "4.15.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2"
+                "reference": "887893516557506f254d950425ce7f5387a26970"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
-                "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/887893516557506f254d950425ce7f5387a26970",
+                "reference": "887893516557506f254d950425ce7f5387a26970",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "nikic/fast-route": "^1.3",
-                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
+                "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
@@ -1183,7 +1183,7 @@
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
                 "phpstan/phpstan": "^1 || ^2",
-                "phpunit/phpunit": "^9.6",
+                "phpunit/phpunit": "^9.6 || ^10 || ^11 || ^12",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
                 "squizlabs/php_codesniffer": "^3.10",
@@ -1260,7 +1260,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-20T18:16:16+00:00"
+            "time": "2025-11-21T12:23:44+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -3519,16 +3519,16 @@
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.10.1",
+            "version": "1.11.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e"
+                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/431c02da15e566adb0ad9c5030fa6f6204d9de9e",
-                "reference": "431c02da15e566adb0ad9c5030fa6f6204d9de9e",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba",
+                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba",
                 "shasum": ""
             },
             "require": {
@@ -3571,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.10.1"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1"
             },
-            "time": "2025-11-18T07:51:16+00:00"
+            "time": "2025-11-21T11:31:57+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",

From ecb58c81f7f2ead69fa622a01c65310d43be79b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 04:16:30 +0000
Subject: [PATCH 3641/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.8-alpine to 3.2.9-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.2.9-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index f185848a..ccc283f9 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.8-alpine
+FROM haproxy:3.2.9-alpine
 
 # hadolint ignore=DL3002
 USER root

From 0fe8008777cc15ce92bf27761016df28130f73a7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:08:12 +0100
Subject: [PATCH 3642/3949] DockerActionManager: fix bug with collabora using
 seccomp if it is globally disabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php  | 11 +++++++++--
 php/src/Docker/DockerActionManager.php |  8 +++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 13b3d39f..fbfaff8e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -209,7 +209,7 @@ class ConfigurationManager
 
     public function SetFulltextsearchEnabledState(int $value) : void {
         // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+        if ($this->isSeccompDisabled()) {
             $value = 0;
         }
 
@@ -757,7 +757,7 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+        if ($this->isSeccompDisabled()) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';
@@ -770,6 +770,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function isSeccompDisabled() : bool {
+        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b63fef32..53df4df6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -415,9 +415,11 @@ readonly class DockerActionManager {
 
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
-            // Load reference seccomp profile for collabora
-            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                // Load reference seccomp profile for collabora
+                $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+                $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            }
 
             // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {

From cc3ceb17665630821667b44ccc6b5c5df0c8c9d6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:14:42 +0100
Subject: [PATCH 3643/3949] increase to v12.1.3

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index fc2ae585..cb3a6d7f 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.2</h1>
+            <h1>Nextcloud AIO v12.1.3</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 9f0b2625eafa4dc1b8c356839add1261a85c6186 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 10:22:59 +0100
Subject: [PATCH 3644/3949] caddy-cc: only open port 443/tcp and forward port
 443/udp to talk directly

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 5 -----
 php/src/Docker/DockerActionManager.php | 4 ++--
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index b85d74a0..f6143fbc 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -13,11 +13,6 @@
                   "ip_binding": "",
                   "port_number": "443",
                   "protocol": "tcp"
-                },
-                {
-                    "ip_binding": "",
-                    "port_number": "443",
-                    "protocol": "udp"
                 }
             ],
             "environment": [
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 53df4df6..a6f5d223 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -290,8 +290,8 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
-                    // Skip publishing talk port if it is set to 443
-                    if ($port === '443') {
+                    // Skip publishing talk tcp port if it is set to 443
+                    if ($port === '443' && $protocol === 'tcp') {
                         continue;
                     }
                 }

From 37c16e1b757234e32fc1fc549ba72e073647e6dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 11:01:11 +0100
Subject: [PATCH 3645/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fbfaff8e..fa0e4af5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -757,7 +757,7 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if ($this->isSeccompDisabled()) {
+        if (!$this->isSeccompDisabled()) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';

From dfd2cd7d3eacf4a41e2b3c5617c5759b900ae84d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:29:14 +0100
Subject: [PATCH 3646/3949] Revert "build(deps): bump collabora/code from
 25.04.7.1.1 to 25.04.7.2.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9b3018a..10f068ea 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.2.1
+FROM collabora/code:25.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From d3fb61bef04f3308250f79095925a177dc5ca089 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:22 +0000
Subject: [PATCH 3647/3949] build(deps): bump peter-evans/create-pull-request
 in /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..f1092f68 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..f4c6e22e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..81b5785f 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..ca8086a9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..6ae81616 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..adf4ffa9 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..5e2227a7 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..44358acf 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..a7c664d8 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From aec3d09048de8cbcc70cc437c61dd6c8515db0a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:46 +0000
Subject: [PATCH 3648/3949] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 1d14787a..c1bc4889 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..6d8f9a79 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 026b6e5f..cd3a9530 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..8f1cde51 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 5495ca0c..0efebdbb 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 5a108936..1b083b64 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..97de4429 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index c7a25b1b..d406e011 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 0dc17ffa..1f7f2e72 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9e4b2444..bf449e1f 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..1aaa9a99 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index dc2ee90e..22ed9854 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 31f5bb29..df791fe6 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..65b57197 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index b54344c4..21ecf1e6 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4199b93b..2c0fd697 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..5b477eb2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index e7c27f74..d8730987 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 8ae3e445..353e5e9d 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..6a0d5bf8 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..a1b85b98 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..b227a4fa 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 32ab3aa2962533deb8602dfaee9385424cc2cd09 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:32:33 +0100
Subject: [PATCH 3649/3949] collabora: adjust some additional things

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 86d0e508..0a48b3ea 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -399,10 +399,7 @@
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
-        "CHOWN",
-        "MAC_OVERRIDE",
-        "BLOCK_SUSPEND",
-        "AUDIT_READ"
+        "CHOWN"
       ],
       "cap_drop": [
         "NET_RAW"

From 7661f45ccef34fe5be41838e7005d617aca4eca0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:39:09 +0100
Subject: [PATCH 3650/3949] increase to v12.1.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cb3a6d7f..39a2de48 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.3</h1>
+            <h1>Nextcloud AIO v12.1.4</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From eda5151bb2a17c5909a9ba1e7f86db130de82fd5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 15:00:28 +0100
Subject: [PATCH 3651/3949] re-enable whiteboard by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fa0e4af5..0b0a034d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,10 +164,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }
 

From 5dd2048500ebe904407b71093884913987d4a218 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 17:38:50 +0100
Subject: [PATCH 3652/3949] fix remaining psalm issues

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/psalm-baseline.xml                  | 34 +------------------------
 php/src/Controller/DockerController.php |  2 +-
 php/src/Data/ConfigurationManager.php   |  3 +++
 php/src/Docker/DockerActionManager.php  |  4 +--
 php/src/Twig/ClassExtension.php         |  1 +
 php/src/Twig/CsrfExtension.php          |  1 +
 6 files changed, 9 insertions(+), 36 deletions(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 041cf87c..d04c5aa8 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,34 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51">
-  <file src="src/Controller/DockerController.php">
-    <InvalidOperand>
-      <code><![CDATA[$port]]></code>
-    </InvalidOperand>
-  </file>
-  <file src="src/Data/ConfigurationManager.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <PossiblyFalseArgument>
-      <code><![CDATA[$line]]></code>
-      <code><![CDATA[$line]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getFunctions() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-  <file src="src/Twig/CsrfExtension.php">
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getGlobals() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-</files>
+<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"/>
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8473ed57..ed3d3bf9 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -185,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . $port . $path;
+        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0b0a034d..253b1371 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -366,6 +366,9 @@ class ConfigurationManager
 
             // Check if response is correct
             $ch = curl_init();
+            if ($ch === false) {
+                throw new InvalidSettingConfigurationException('Could not init curl! Please check the logs!');
+            }
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..7cd26db8 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -155,11 +155,11 @@ readonly class DockerActionManager {
         $response = "";
         $separator = "\r\n";
         $line = strtok($responseBody, $separator);
-        $response = substr($line, 8) . $separator;
+        $response = substr((string)$line, 8) . $separator;
 
         while ($line !== false) {
             $line = strtok($separator);
-            $response .= substr($line, 8) . $separator;
+            $response .= substr((string)$line, 8) . $separator;
         }
 
         return $response;
diff --git a/php/src/Twig/ClassExtension.php b/php/src/Twig/ClassExtension.php
index ff5ffe44..7f478994 100644
--- a/php/src/Twig/ClassExtension.php
+++ b/php/src/Twig/ClassExtension.php
@@ -7,6 +7,7 @@ use Twig\TwigFunction;
 
 class ClassExtension extends TwigExtension
 {
+    #[\Override]
     public function getFunctions() : array
     {
         return array(
diff --git a/php/src/Twig/CsrfExtension.php b/php/src/Twig/CsrfExtension.php
index feac9c72..51334864 100644
--- a/php/src/Twig/CsrfExtension.php
+++ b/php/src/Twig/CsrfExtension.php
@@ -12,6 +12,7 @@ class CsrfExtension extends AbstractExtension implements GlobalsInterface {
     ) {
     }
 
+    #[\Override]
     public function getGlobals() : array
     {
         // CSRF token name and value

From 9ec7c087548eb6ee92bc099b50282ab2a8282e59 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 18:03:08 +0100
Subject: [PATCH 3653/3949] aio-interface: always offer a reset backup button

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 39a2de48..53b97dcc 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -476,23 +476,6 @@
                                             <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
                                         </form>
 
-                                        {% if has_backup_run_once == false %}
-                                            <h3>Reset backup location</h3>
-                                            <p>
-                                            If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
-                                            {% if borg_remote_repo %}
-                                                or the remote repo <strong>{{ borg_remote_repo }}</strong>
-                                            {% endif %}
-                                            is wrong, you can reset it by clicking on the button below.
-                                            </p>
-                                            <form method="POST" action="api/configuration" class="xhr">
-                                                <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Reset backup location" />
-                                            </form>
-                                        {% endif %}
-
                                         {% if has_backup_run_once == true %}
                                             <h3>Backup Viewer</h3>
                                             <p>There is now a community container that allows to access your backups in a web session. See <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
@@ -558,6 +541,21 @@
                                                 <p>This option is currently set. You can disable it again by clearing the field and submitting your changes.</p>
                                             {% endif %}
                                         {% endif %}
+
+                                        <h3>Reset backup location</h3>
+                                        <p>
+                                        If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
+                                        {% if borg_remote_repo %}
+                                            or the remote repo <strong>{{ borg_remote_repo }}</strong>
+                                        {% endif %}
+                                        is wrong, you can reset it by clicking on the button below.
+                                        </p>
+                                        <form method="POST" action="api/configuration" class="xhr">
+                                            <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input type="submit" value="Reset backup location" onclick="return confirm('Are you sure that you want to reset the backup location?')" />
+                                        </form>
                                     {% endif %}
                                     {% if has_backup_run_once == true %}
                                         </details>

From 01ad594ec56f8fbc2b5b3b026dfd0b5dc4da4ed2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 18:28:35 +0100
Subject: [PATCH 3654/3949] aio-interface: add button to update the backup list

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/borgbackup/backupscript.sh            |  9 +++++++++
 Containers/borgbackup/start.sh                   |  4 ++--
 community-containers/borgbackup-viewer/readme.md |  2 +-
 php/public/index.php                             |  1 +
 php/src/Controller/DockerController.php          | 14 ++++++++++++++
 php/templates/containers.twig                    | 11 +++++++++++
 readme.md                                        |  2 +-
 7 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh
index 50815f38..b7b96147 100644
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -612,3 +612,12 @@ if [ "$BORG_MODE" = test ]; then
         fi
     fi
 fi
+
+if [ "$BORG_MODE" = list ]; then
+    echo "Updating backup list..."
+    if ! borg info > /dev/null; then
+        echo "Could not update the backup list."
+        exit 1
+    fi
+    # The update gets done automatically in the wrapper start.sh script.
+fi
diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh
index 9da0d840..bb7a8a6a 100644
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -32,8 +32,8 @@ else
 fi
 
 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
-    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != "test" ] && [ "$BORG_MODE" != "list" ]; then
+    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore', 'test' and 'list'."
     exit 1
 fi
 
diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md
index dc3d5806..ddd11be7 100644
--- a/community-containers/borgbackup-viewer/readme.md
+++ b/community-containers/borgbackup-viewer/readme.md
@@ -5,7 +5,7 @@ This container allows to view the local borg repository in a web session. It als
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
 - After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
-- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section.
 - ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/php/public/index.php b/php/public/index.php
index f2880ca7..46967c72 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -60,6 +60,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-list', AIO\Controller\DockerController::class . ':StartBackupContainerList');
 $app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 8473ed57..6626e3e4 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -105,6 +105,11 @@ readonly class DockerController {
         return $response->withStatus(201)->withHeader('Location', '.');
     }
 
+    public function StartBackupContainerList(Request $request, Response $response, array $args) : Response {
+        $this->listBackup();
+        return $response->withStatus(201)->withHeader('Location', '.');
+    }
+
     public function checkBackup() : void {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'check';
@@ -114,6 +119,15 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
+        private function listBackup() : void {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'list';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+    }
+
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 39a2de48..a27fdaee 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -518,6 +518,17 @@
                                                 <input type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
                                             </form>
 
+                                            <h3>Update backup list</h3>
+                                            <details>
+                                                <summary>Click here to reveal this option</summary>
+                                                <p>If you use an external snapshot tool to restore the server that runs AIO, you might run into a problem that the above listed available backups are not up-to-date to restore your server from. You can click the button below to update this list.</p>
+                                                <form method="POST" action="api/docker/backup-list" class="xhr">
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Update backup list" />
+                                                </form>
+                                            </details>
+
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
                                                 <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
diff --git a/readme.md b/readme.md
index 0ae3d618..f22c7df3 100644
--- a/readme.md
+++ b/readme.md
@@ -970,7 +970,7 @@ sudo borg compact
 ```
 
 After doing so, make sure to update the backup archives list in the AIO interface!<br>
-You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section.
 
 ---
 

From 271c4b21cc38d1e408909c8095bccfe915d4c727 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 19:16:58 +0100
Subject: [PATCH 3655/3949] docs: standardize links by removing
 `?tab=readme-ov-file`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/makemkv/readme.md | 2 +-
 compose.yaml                           | 2 +-
 reverse-proxy.md                       | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md
index ed9ce040..e78510ee 100644
--- a/community-containers/makemkv/readme.md
+++ b/community-containers/makemkv/readme.md
@@ -5,7 +5,7 @@ This container bundles MakeMKV and auto-configures it for you.
 - This container should only be run in home networks
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
-- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
+- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
 - The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
diff --git a/compose.yaml b/compose.yaml
index 13170c7e..e8966f4c 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -35,7 +35,7 @@ services:
       # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
       # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
       # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
-      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
+      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
       # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
       # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 52c830e0..546b8b78 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -36,7 +36,7 @@ Requirements:
 - A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers).
 - Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort]
 
-**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).**
+**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one#how-to-use-this).**
 
 ### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*)
 
@@ -95,7 +95,7 @@ To make your Nextcloud AIO instance accessible from the public Internet (not jus
 | **Tailscale Funnel** | Public Internet | None | Public access through Tailscale |
 
 > [!TIP]
-> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
+> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud.
 >
 > **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet.
 >
@@ -1120,7 +1120,7 @@ sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:syst
 #### Collabora WOPI allow list
 If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain<sup>*</sup> and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`.
 
-<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
+<small>*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.)</small>
 
 #### External reverse proxies connecting via VPN (e.g. Tailscale)
 
@@ -1174,7 +1174,7 @@ If you, at some point, want to remove the reverse proxy, here are some general s
     sudo docker rm nextcloud-aio-mastercontainer  
     ```
 3. Remove the software and configuration file that you used for the reverse proxy (see section 1).
-4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options:
+4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one#how-to-use-this) but add the two options:
    ```
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env APACHE_PORT=443 \   

From 1fff416829cf2f139c0b7203d6a3bdfe3a52b692 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Nov 2025 04:15:21 +0000
Subject: [PATCH 3656/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.0.2-cli to 29.0.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.0.4-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index dae14ea5..65dc31e6 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.2-cli AS docker
+FROM docker:29.0.4-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 1d6a1ffb17c83c24e360c0873e00bc19697334c2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 25 Nov 2025 13:23:22 +0100
Subject: [PATCH 3657/3949] add notifications community container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../notifications/notifications.json          | 23 +++++++++++++++++++
 community-containers/notifications/readme.md  | 12 ++++++++++
 community-containers/scrutiny/readme.md       |  2 +-
 community-containers/scrutiny/scrutiny.json   |  2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 community-containers/notifications/notifications.json
 create mode 100644 community-containers/notifications/readme.md

diff --git a/community-containers/notifications/notifications.json b/community-containers/notifications/notifications.json
new file mode 100644
index 00000000..5d886ec9
--- /dev/null
+++ b/community-containers/notifications/notifications.json
@@ -0,0 +1,23 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-notifications",
+            "display_name": "Notifications",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications",
+            "image": "ghcr.io/szaimen/aio-notifications",
+            "image_tag": "v1",
+            "internal_port": "10000",
+            "restart": "unless-stopped",
+            "volumes": [
+                {
+                  "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
+                  "destination": "/var/run/docker.sock",
+                  "writeable": false
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        }
+    ]
+}
diff --git a/community-containers/notifications/readme.md b/community-containers/notifications/readme.md
new file mode 100644
index 00000000..78ec49b6
--- /dev/null
+++ b/community-containers/notifications/readme.md
@@ -0,0 +1,12 @@
+## Notifications
+This container allows other AIO community containers to send admin notifications to Nextcloud users. 
+
+### Notes
+- It needs to be enabled for the [scrutiny container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny) for example to make use of admin notifications that are sent if a smartctl failure was found.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-notifications
+
+### Maintainer
+https://github.com/szaimen
diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md
index dc972d44..3bb728f7 100644
--- a/community-containers/scrutiny/readme.md
+++ b/community-containers/scrutiny/readme.md
@@ -6,7 +6,7 @@ This container bundles Scrutiny which is a frontend for SMART stats and auto-con
 - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
 - This container only works on Linux and not on Docker-Desktop.
 - After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
-- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3
+- It supports sending notifications in case of a smartctl failure if you enable the notifications community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json
index 4b368291..b367e497 100644
--- a/community-containers/scrutiny/scrutiny.json
+++ b/community-containers/scrutiny/scrutiny.json
@@ -5,7 +5,7 @@
             "display_name": "Scrutiny",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
             "image": "ghcr.io/szaimen/aio-scrutiny",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "internal_port": "8000",
             "init": false,
             "restart": "unless-stopped",

From f3fbfae5353015ca392cbc1662cc874b40b058a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:15:59 +0000
Subject: [PATCH 3658/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.1 to v1.4.2.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.4.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index cce2ed85..fe5d89f7 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2
 
 USER root
 RUN set -ex; \

From 6a8d8d4479809364281fb5428ea26e3599df06a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 10:30:41 +0100
Subject: [PATCH 3659/3949] add some notice regarding how to switch the channel

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index 0ae3d618..e6cd4526 100644
--- a/readme.md
+++ b/readme.md
@@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 

From 50312bd2d9712a08479ee3ec866118d5cf67a89f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 10:53:29 +0100
Subject: [PATCH 3660/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index e6cd4526..c53f4d28 100644
--- a/readme.md
+++ b/readme.md
@@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 
 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.
 
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 

From 10b61a5edea92eab87a4c7de1ca37172c0edd9a4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 19:28:53 +0100
Subject: [PATCH 3661/3949] add `"com.docker.compose.project" =>
 "nextcloud-aio"` to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile  | 4 +++-
 compose.yaml                           | 1 +
 php/src/Docker/DockerActionManager.php | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index dae14ea5..a240fd4d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -125,7 +125,9 @@ RUN set -ex; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-LABEL org.label-schema.vendor="Nextcloud"
+# hadolint ignore=DL3048
+LABEL org.label-schema.vendor="Nextcloud" \
+    com.docker.compose.project="nextcloud-aio"
 
 # hadolint ignore=DL3002
 USER root
diff --git a/compose.yaml b/compose.yaml
index e8966f4c..c18d92d3 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,3 +1,4 @@
+name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
 services:
   nextcloud-aio-mastercontainer:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..e22ab7f6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -433,7 +433,8 @@ readonly class DockerActionManager {
 
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
         // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+        // Additionally set a default org.label-schema.vendor and com.docker.compose.project
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From a48a1d66be90d29d67a98278096f2845d6b1641b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 23:21:50 +0100
Subject: [PATCH 3662/3949] update aio-caddy to v4 and add option for proxy
 protocol

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 3 ++-
 community-containers/caddy/readme.md   | 1 +
 php/src/Docker/DockerActionManager.php | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index f6143fbc..e27df683 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -5,7 +5,7 @@
             "display_name": "Caddy with geoblocking",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
             "image": "ghcr.io/szaimen/aio-caddy",
-            "image_tag": "v3",
+            "image_tag": "v4",
             "internal_port": "443",
             "restart": "unless-stopped",
             "ports": [
@@ -19,6 +19,7 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
+                "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
                 "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 99bf133e..209b9c4a 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,6 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
+- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a6f5d223..d19fd050 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -550,6 +550,7 @@ readonly class DockerActionManager {
             'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
+            'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
             'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),

From 4b782649fdcca71827782269cac81336086ea316 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 26 Nov 2025 12:03:58 +0000
Subject: [PATCH 3663/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 83bc1ef1..12545ac3 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -160,7 +160,6 @@ services:
       - TALK_PORT
       - IMAGINARY_ENABLED
       - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE}
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
@@ -256,7 +255,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}

From 256a259ae6f048f6034cd176374e9a8c645c70ef Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 12:41:00 +0100
Subject: [PATCH 3664/3949] update private ip-ranges

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 2 +-
 reverse-proxy.md                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 09d7d15c..0c03a973 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -741,7 +741,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         echo "No IPv6 address found for $COLLABORA_HOST."
     fi
     if [ -n "$COLLABORA_ALLOW_LIST" ]; then
-        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        PRIVATE_IP_RANGES='127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128'
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
diff --git a/reverse-proxy.md b/reverse-proxy.md
index 546b8b78..e0497c84 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1108,7 +1108,7 @@ Enter your domain in the AIO interface that you've used in the reverse proxy con
 ### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1
 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1<sup>*</sup> you must make the following configuration changes
 
-<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1`</small>
+<small>*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128`</small>
 
 #### Nextcloud trusted proxies
 Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this:

From b2c24c92e307441e945a657c88689ac0b0e9a16c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Nov 2025 12:18:44 +0000
Subject: [PATCH 3665/3949] build(deps): bump shivammathur/setup-php in
 /.github/workflows

Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.36.0.
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](https://github.com/shivammathur/setup-php/compare/bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f...7bf05c6b704e0b9bfee22300130a31b5ea68d593)

---
updated-dependencies:
- dependency-name: shivammathur/setup-php
  dependency-version: 2.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 53707dec..5eefc5e1 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6.0.0
-    - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+    - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
         extensions: apcu
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index bf449e1f..9c74167a 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 22ed9854..ac6aa187 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6.0.0
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 49753535..91d41dfc 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v6.0.0
 
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 21ecf1e6..8f7da955 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up php
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
           php-version: 8.4
           extensions: apcu
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index d8730987..1c453505 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v6.0.0
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
           php-version: 8.4
           extensions: apcu

From 4a8288a527f329cdf5e42141f3f913f64ac9c6bd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Nov 2025 20:44:09 +0100
Subject: [PATCH 3666/3949] fulltextsearch: disable memory locking

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index 0a48b3ea..8afb68e9 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -794,7 +794,7 @@
       "environment": [
         "TZ=%TIMEZONE%",
         "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%",
-        "bootstrap.memory_lock=true",
+        "bootstrap.memory_lock=false",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
         "logger.level=WARN",

From f080ed771d16e3bd196685d824a59ca36eb35b6c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 08:52:51 +0000
Subject: [PATCH 3667/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 8 ++++++--
 .../templates/nextcloud-aio-database-deployment.yaml      | 4 ++--
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 6 ++----
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 2 +-
 .../nextcloud-aio-talk-recording-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 2 +-
 14 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 0b10dd4d..7d6a0c55 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 11.11.0
+version: 12.1.4
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 3388c1d7..e6273a8b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 35b30e41..662d68a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 449a24fc..e91cfe56 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -32,10 +32,14 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139
+          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214
+          {{- else }}
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214
+          {{- end }}
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 6f08b4a6..d65dfa78 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 49dc3d34..a3877029 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 4956ed71..c8ae83d9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 49f2bd53..2a925878 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -100,8 +100,6 @@ spec:
               value: "{{ .Values.CLAMAV_ENABLED }}"
             - name: CLAMAV_HOST
               value: nextcloud-aio-clamav
-            - name: CLAMAV_MAX_SIZE
-              value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: COLLABORA_ENABLED
               value: "{{ .Values.COLLABORA_ENABLED }}"
             - name: COLLABORA_HOST
@@ -188,7 +186,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index b93283e7..5f16388a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c30f6a0e..4e64f6c5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 2d5da82d..18ceee18 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index b6f2e489..81f616fa 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index e0902a0f..0319cce8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 28c05cab..35f29df7 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214
           readinessProbe:
             exec:
               command:

From 6b3af009e252b37a13ebf2e2adca252b09159d30 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 12:17:11 +0100
Subject: [PATCH 3668/3949] nextcloud: allow to configure mysql root cert

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 8 ++++++++
 Containers/nextcloud/entrypoint.sh              | 4 ++++
 Containers/notify-push/start.sh                 | 7 +++++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index 38f980fe..acde7b82 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -7,3 +7,11 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
     ),
   );
 }
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
+  $CONFIG = array(
+    'dbdriveroptions' => array(
+      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL',
+    ),
+  );
+}
+
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 09d7d15c..c0dfd803 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -283,6 +283,10 @@ EOF
             if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
                 mkdir /var/www/html/data/certificates
                 echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
+            # Write out mysql root cert
+            elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then
+                mkdir /var/www/html/data/certificates
+                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL"
             fi
 
             echo "Installing with $DATABASE_TYPE database"
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 859c6309..9277bdaa 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -68,11 +68,14 @@ fi
 
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
-    POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+# Mysql root cert
+elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
+    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL"
 fi
 
 # Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT"
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it

From 38838be0b19334e73274a8b8165dcaaefdd4eb7d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 12:03:24 +0000
Subject: [PATCH 3669/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 97 ++++++++++++++++++++++++-----------------------
 1 file changed, 49 insertions(+), 48 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 6a33558f..fa856220 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.6",
+            "version": "v2.0.7",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "038ce42edee619599a1debb7e81d7b3759492819"
+                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819",
-                "reference": "038ce42edee619599a1debb7e81d7b3759492819",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
+                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
                 "shasum": ""
             },
             "require": {
@@ -409,7 +409,7 @@
             "require-dev": {
                 "illuminate/support": "^10.0|^11.0|^12.0",
                 "nesbot/carbon": "^2.67|^3.0",
-                "pestphp/pest": "^2.36|^3.0",
+                "pestphp/pest": "^2.36|^3.0|^4.0",
                 "phpstan/phpstan": "^2.0",
                 "symfony/var-dumper": "^6.2.0|^7.0.0"
             },
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-10-09T13:42:30+00:00"
+            "time": "2025-11-21T20:52:36+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.4",
+            "version": "5.6.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2"
+                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2",
-                "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761",
+                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761",
                 "shasum": ""
             },
             "require": {
@@ -3513,22 +3513,22 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5"
             },
-            "time": "2025-11-17T21:13:10+00:00"
+            "time": "2025-11-27T19:50:05+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.11.1",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba"
+                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba",
-                "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195",
+                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195",
                 "shasum": ""
             },
             "require": {
@@ -3571,9 +3571,9 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0"
             },
-            "time": "2025-11-21T11:31:57+00:00"
+            "time": "2025-11-21T15:09:14+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
@@ -3624,16 +3624,16 @@
         },
         {
             "name": "revolt/event-loop",
-            "version": "v1.0.7",
+            "version": "v1.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/revoltphp/event-loop.git",
-                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3"
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3",
-                "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3",
+                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c",
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c",
                 "shasum": ""
             },
             "require": {
@@ -3690,9 +3690,9 @@
             ],
             "support": {
                 "issues": "https://github.com/revoltphp/event-loop/issues",
-                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7"
+                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8"
             },
-            "time": "2025-01-25T19:27:39+00:00"
+            "time": "2025-08-27T21:33:23+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -3763,16 +3763,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.1",
+            "version": "3.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "6a740f39415aee8886aea10333403adc77d50791"
+                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791",
-                "reference": "6a740f39415aee8886aea10333403adc77d50791",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
+                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
                 "shasum": ""
             },
             "require": {
@@ -3815,7 +3815,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.1"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.3"
             },
             "funding": [
                 {
@@ -3827,7 +3827,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-12T10:32:50+00:00"
+            "time": "2025-11-27T09:08:26+00:00"
         },
         {
             "name": "sserbin/twig-linter",
@@ -3987,16 +3987,16 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.3.6",
+            "version": "v7.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a"
+                "reference": "d551b38811096d0be9c4691d406991b47c0c630a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a",
-                "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a",
+                "reference": "d551b38811096d0be9c4691d406991b47c0c630a",
                 "shasum": ""
             },
             "require": {
@@ -4005,7 +4005,7 @@
                 "symfony/polyfill-mbstring": "~1.8"
             },
             "require-dev": {
-                "symfony/process": "^6.4|^7.0"
+                "symfony/process": "^6.4|^7.0|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4033,7 +4033,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.3.6"
+                "source": "https://github.com/symfony/filesystem/tree/v7.4.0"
             },
             "funding": [
                 {
@@ -4053,7 +4053,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-05T09:52:27+00:00"
+            "time": "2025-11-27T13:27:24+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4459,22 +4459,23 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.3.4",
+            "version": "v7.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "f96476035142921000338bad71e5247fbc138872"
+                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872",
-                "reference": "f96476035142921000338bad71e5247fbc138872",
+                "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003",
+                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003",
                 "shasum": ""
             },
             "require": {
                 "php": ">=8.2",
+                "symfony/deprecation-contracts": "^2.5|^3.0",
                 "symfony/polyfill-ctype": "~1.8",
-                "symfony/polyfill-intl-grapheme": "~1.0",
+                "symfony/polyfill-intl-grapheme": "~1.33",
                 "symfony/polyfill-intl-normalizer": "~1.0",
                 "symfony/polyfill-mbstring": "~1.0"
             },
@@ -4482,11 +4483,11 @@
                 "symfony/translation-contracts": "<2.5"
             },
             "require-dev": {
-                "symfony/emoji": "^7.1",
-                "symfony/http-client": "^6.4|^7.0",
-                "symfony/intl": "^6.4|^7.0",
+                "symfony/emoji": "^7.1|^8.0",
+                "symfony/http-client": "^6.4|^7.0|^8.0",
+                "symfony/intl": "^6.4|^7.0|^8.0",
                 "symfony/translation-contracts": "^2.5|^3.0",
-                "symfony/var-exporter": "^6.4|^7.0"
+                "symfony/var-exporter": "^6.4|^7.0|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4525,7 +4526,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.3.4"
+                "source": "https://github.com/symfony/string/tree/v7.4.0"
             },
             "funding": [
                 {
@@ -4545,7 +4546,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-09-11T14:36:48+00:00"
+            "time": "2025-11-27T13:27:24+00:00"
         },
         {
             "name": "vimeo/psalm",

From 8185c537323aeb88c4e9f34b54d192814c260900 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Fri, 28 Nov 2025 12:14:01 +0000
Subject: [PATCH 3670/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 034ebba2..03663b85 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -86,7 +86,7 @@ RUN set -ex; \
     pecl install APCu-5.1.27; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
-   pecl install -o imagick-3.8.0; \
+   pecl install -o imagick-3.8.1; \
     \
     docker-php-ext-enable \
         igbinary \

From 190a9824e0acb9f4a6d02d96413e5ad56e840280 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:05:56 +0100
Subject: [PATCH 3671/3949] address review

Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ed3d3bf9..ff33fbfd 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -185,7 +185,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
+        $config['AIO_URL'] = $host . ':' . strval($port) . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major

From 634e819ab15642400c916796356333feb92a352e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:14:16 +0100
Subject: [PATCH 3672/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 53b97dcc..6fda338c 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -548,7 +548,7 @@
                                         {% if borg_remote_repo %}
                                             or the remote repo <strong>{{ borg_remote_repo }}</strong>
                                         {% endif %}
-                                        is wrong, you can reset it by clicking on the button below.
+                                        is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.
                                         </p>
                                         <form method="POST" action="api/configuration" class="xhr">
                                             <input type="hidden" name="delete_borg_backup_location_vars" value="yes"/>

From 411fe4cb531fdf08b24880941ae36a60f09bb7ab Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 17:18:08 +0100
Subject: [PATCH 3673/3949] address review

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 209b9c4a..6cdcb452 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -6,7 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
-- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
+- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.

From c6e7d61a9eb0e36e4c7cd8680e86db8b562f7c01 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sat, 29 Nov 2025 16:40:43 +0100
Subject: [PATCH 3674/3949] Add cute animal to bug report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index d3228dfa..ec25fc4a 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -33,3 +33,5 @@ labels: 0. Needs triage
 #### Output of `sudo docker logs nextcloud-aio-mastercontainer`
 
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
+
+#### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From b4ec51f99e916dbc172b19a5c8473d70e71294f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Dec 2025 04:36:14 +0000
Subject: [PATCH 3675/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.1.1 to 25.04.7.3.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.7.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 10f068ea..071d0751 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.1.1
+FROM collabora/code:25.04.7.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From cc41c3465ed5091efaf576ec563fa9ae96d2384a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 1 Dec 2025 12:50:44 +0100
Subject: [PATCH 3676/3949] mastercontainer: refactor docker api version check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 65 +++++++++++++++++++----------
 1 file changed, 42 insertions(+), 23 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 77c4675e..4ca193be 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -75,18 +75,15 @@ elif ! sudo -E -u www-data test -r /var/run/docker.sock; then
     fi
 fi
 
-# Check if api version is supported
-if ! sudo -E -u www-data docker info &>/dev/null; then
-    print_red "Cannot connect to the docker socket. Cannot proceed."
-    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
-    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+# Get default docker api version
+API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
+API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+if [ -z "$API_VERSION" ]; then
+    print_red "Could not get API_VERSION. Something is wrong!"
     exit 1
 fi
 
-# Docker api version check
-API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
-API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+# Check if DOCKER_API_VERSION is set globally
 if [ -n "$DOCKER_API_VERSION" ]; then
     if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then
         print_red "You've set DOCKER_API_VERSION but not to an allowed value.
@@ -98,23 +95,45 @@ It is set to '$DOCKER_API_VERSION'."
     print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
     print_red "So you run on your own risk and things might break without warning."
 else
-    # shellcheck disable=SC2001
-    API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
-    if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
-        if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-            print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
-            echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
-            echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
-            echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
-            exit 1
-        fi
-    else
-        echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
-        sleep 10
+    # Export docker api version to use it everywhere
+    export DOCKER_API_VERSION="$API_VERSION"
+fi
+
+# Set a fallback docker api version. Needed for api version check. 
+# The check will not work otherwise on old docker versions
+FALLBACK_DOCKER_API_VERSION="1.41"
+
+# Check if docker info can be used
+if ! sudo -E -u www-data docker info &>/dev/null; then
+    if ! sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker info &>/dev/null; then
+        print_red "Cannot connect to the docker socket. Cannot proceed."
+        echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
+        echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
+        echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+        exit 1
     fi
 fi
 
+# Docker api version check
+# shellcheck disable=SC2001
+API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
+    LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+fi
+if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
+    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
+        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
+        echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
+        echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"
+        exit 1
+    fi
+else
+    echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported."
+    sleep 10
+fi
+
 # Check Storage drivers
 STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467

From 2663ffeee5c7a27ca8f2625a6af0bc0bd5fed917 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 1 Dec 2025 12:03:40 +0000
Subject: [PATCH 3677/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index fa856220..2fbf905c 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1644,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.22.0",
+            "version": "v3.22.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "4509984193026de413baf4ba80f68590a7f2c51d"
+                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d",
-                "reference": "4509984193026de413baf4ba80f68590a7f2c51d",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
+                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
                 "shasum": ""
             },
             "require": {
@@ -1707,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.22.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.1"
             },
             "funding": [
                 {
@@ -1719,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-29T15:56:47+00:00"
+            "time": "2025-11-16T16:01:12+00:00"
         }
     ],
     "packages-dev": [

From 57306c8cae44959dad8439d1153aa13fdd14b930 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 1 Dec 2025 17:00:27 +0100
Subject: [PATCH 3678/3949] refactor `backup-mode` handling

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php | 24 +++++++-----------------
 php/src/Data/ConfigurationManager.php   | 15 ++++++---------
 3 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 46967c72..c49629bd 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
-        'borg_backup_mode' => $configurationManager->GetBorgBackupMode(),
+        'borg_backup_mode' => $configurationManager->GetBackupMode(),
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
         'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 6626e3e4..7402bfd1 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -89,9 +89,7 @@ readonly class DockerController {
     }
 
     public function startBackup(bool $forceStopNextcloud = false) : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'backup';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('backup');
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
@@ -111,26 +109,22 @@ readonly class DockerController {
     }
 
     public function checkBackup() : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
         private function listBackup() : void {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'list';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('list');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
+        $this->configurationManager->SetBackupMode('restore');
         $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         if (isset($request->getParsedBody()['restore-exclude-previews'])) {
             $config['restore-exclude-previews'] = 1;
@@ -150,24 +144,20 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check-repair';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check-repair');
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
         // Restore to backup check which is needed to make the UI logic work correctly
-        $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'check';
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->SetBackupMode('check');
 
         return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
+        $this->configurationManager->SetBackupMode('test');
         $config = $this->configurationManager->GetConfig();
-        $config['backup-mode'] = 'test';
         $config['instance_restore_attempt'] = 0;
         $this->configurationManager->WriteConfig($config);
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0b0a034d..c8d16c7d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -423,6 +423,12 @@ class ConfigurationManager
         return $config['backup-mode'];
     }
 
+    public function SetBackupMode(string $mode) : void {
+        $config = $this->GetConfig();
+        $config['backup-mode'] = $mode;
+        $this->WriteConfig($config);
+    }
+
     public function GetSelectedRestoreTime() : string {
         $config = $this->GetConfig();
         if(!isset($config['selected-restore-time'])) {
@@ -664,15 +670,6 @@ class ConfigurationManager
         return false;
     }
 
-    public function GetBorgBackupMode() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['backup-mode'])) {
-            $config['backup-mode'] = '';
-        }
-
-        return $config['backup-mode'];
-    }
-
     public function GetNextcloudMount() : string {
         $envVariableName = 'NEXTCLOUD_MOUNT';
         $configName = 'nextcloud_mount';

From 1cdc4e3beffd18e6fa58a48d0093a6d83c60f098 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Dec 2025 04:33:44 +0000
Subject: [PATCH 3679/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.2.9-alpine to 3.3.0-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.3.0-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ccc283f9..ed2e9e2d 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.9-alpine
+FROM haproxy:3.3.0-alpine
 
 # hadolint ignore=DL3002
 USER root

From ae132c8d396c9532d297b28148d6b4f8a7ac755f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Dec 2025 04:34:06 +0000
Subject: [PATCH 3680/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.0.4-cli to 29.1.1-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.1-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 9c50af3f..f6ecd08e 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.0.4-cli AS docker
+FROM docker:29.1.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From d44d077a632c7744aa215f733ec24d452c71c082 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:11:02 +0100
Subject: [PATCH 3681/3949] update oo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index be1d580f..c2b94d8c 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.1.0.1
+FROM onlyoffice/documentserver:9.2.0.1
 
 # USER root is probably used
 

From a842cbb82a508e6d0d2477d1720c42320035d607 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:12:40 +0100
Subject: [PATCH 3682/3949] increase to 12.2.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index eac34445..2b381c90 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.4</h1>
+            <h1>Nextcloud AIO v12.2.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 83de5260511dcfabc32cafaa576aa1fe611b0c56 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 12:42:13 +0100
Subject: [PATCH 3683/3949] adjust DeleteBorgBackupLocationVars to also delete
 the borg.config file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/ConfigurationController.php |  2 +-
 php/src/Data/ConfigurationManager.php          | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 051f8d9e..45586f9c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -159,7 +159,7 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
-                $this->configurationManager->DeleteBorgBackupLocationVars();
+                $this->configurationManager->DeleteBorgBackupLocationItems();
             }
 
             return $response->withStatus(201)->withHeader('Location', '.');
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 253b1371..e9982eb3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -506,11 +506,19 @@ class ConfigurationManager
         }
     }
 
-    public function DeleteBorgBackupLocationVars() : void {
+    public function DeleteBorgBackupLocationItems() : void {
+        // Delete the variables
         $config = $this->GetConfig();
         $config['borg_backup_host_location'] = '';
         $config['borg_remote_repo'] = '';
         $this->WriteConfig($config);
+
+        // Also delete the borg config file to be able to start over
+        if (file_exists(DataConst::GetBackupKeyFile())) {
+            if (unlink(DataConst::GetBackupKeyFile())) {
+                error_log('borg.config file deleted to be able to start over.');
+            }
+        }
     }
 
     /**

From 095d3d9cc004b702486048e348abbb57594dc5d7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 2 Dec 2025 15:51:53 +0100
Subject: [PATCH 3684/3949] aio-smbserver: now compatible with arm64 as well

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/smbserver/readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md
index 9886f4b2..20d90c9f 100644
--- a/community-containers/smbserver/readme.md
+++ b/community-containers/smbserver/readme.md
@@ -3,7 +3,6 @@ This container bundles an SMB-server and allows to configure it via a graphical
 
 ### Notes
 - This container should only be run in home networks
-- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3
 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively.
 - The config data of SMB-server will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

From 7634a3887f1c1b7bcc7ddd8b83e9b82dceb9c024 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:12:39 +0000
Subject: [PATCH 3685/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.7 to 8.19.8.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 8c46ed97..6e739095 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.7
+FROM elasticsearch:8.19.8
 
 USER root
 

From 0c0f956ea221f34cb785023da648714fb0633a46 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:12:43 +0000
Subject: [PATCH 3686/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.5-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 7e477820..ea0a70de 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.4-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.22 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

From d72181f754f31c4e459cbe06efbe23b348074b24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 04:13:40 +0000
Subject: [PATCH 3687/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.5-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 602d2106..d2db5ae3 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.4-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.22 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
 

From edba082dcecc4b5e6a641093dfc6babeda61f9bc Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 09:26:18 +0100
Subject: [PATCH 3688/3949] improve detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 6cdcb452..a8baf9ea 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -3,7 +3,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
-- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
+- Make sure that no other service is using port 443/tcp on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation).

From 832d9b5ae6776854373883d3b2182bc62e282a4b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Dec 2025 12:21:58 +0000
Subject: [PATCH 3689/3949] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index c1bc4889..2bd4823a 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index b39ca29b..816f57bf 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index cd3a9530..7446677f 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 5eefc5e1..12a11f1f 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 0efebdbb..917df1d6 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 1b083b64..b4c32778 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 883ea66c..8b624e39 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index d406e011..4cbd28ed 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 1f7f2e72..7beec865 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9c74167a..0c5e2c74 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index eb083eed..d90d57e1 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index ac6aa187..c8638683 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index df791fe6..3919690b 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 91d41dfc..99ba4e32 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
 
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 8f7da955..bdae585e 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 2c0fd697..86954033 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 9636502b..689e7e7e 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 1c453505..7e9b5cdc 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 353e5e9d..f7960ead 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.0
+      - uses: actions/checkout@v6.0.1
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index c1452355..06555a90 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index a19f34aa..9d9affce 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.0
+        uses: actions/checkout@v6.0.1
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 9f126eb4..69b1b14e 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.0
+    - uses: actions/checkout@v6.0.1
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 0db006605aabd912e2a506419a1456eb370ffb35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 14:29:55 +0100
Subject: [PATCH 3690/3949] fix spacing

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 904af4a1..ef0d0702 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -115,7 +115,7 @@ readonly class DockerController {
         $this->PerformRecursiveContainerStart($id);
     }
 
-        private function listBackup() : void {
+    private function listBackup() : void {
         $this->configurationManager->SetBackupMode('list');
 
         $id = 'nextcloud-aio-borgbackup';

From 22a784a3dea08775ab63639fe6ca24d06dc8ac49 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 17 Mar 2025 12:06:08 +0100
Subject: [PATCH 3691/3949] add workflow to lint github actions

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-yaml.yml | 39 +++++++++++++++++++++++++++++++++
 zizmor.yml                      |  3 +++
 2 files changed, 42 insertions(+)
 create mode 100644 .github/workflows/lint-yaml.yml
 create mode 100644 zizmor.yml

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
new file mode 100644
index 00000000..658d8b52
--- /dev/null
+++ b/.github/workflows/lint-yaml.yml
@@ -0,0 +1,39 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Lint YAML
+
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  yaml-lint:
+    runs-on: ubuntu-latest
+
+    name: yaml
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: GitHub action templates lint
+        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
+        with:
+          file_or_dir: .github/workflows
+          config_data: |
+            line-length: warning
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+
+      - name: Check GitHub actions
+        run: uvx zizmor --min-severity medium .github/workflows/*.yml
diff --git a/zizmor.yml b/zizmor.yml
new file mode 100644
index 00000000..ee110b08
--- /dev/null
+++ b/zizmor.yml
@@ -0,0 +1,3 @@
+rules:
+  excessive-permissions:
+    disable: true

From d6e0d8b87d8b323d7dca477c0a503ef0d610e956 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 3 Dec 2025 18:29:22 +0100
Subject: [PATCH 3692/3949] run yaml lint only if yml files were changes

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/lint-yaml.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 658d8b52..c88f697e 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -8,7 +8,10 @@
 
 name: Lint YAML
 
-on: pull_request
+on: 
+  pull_request:
+    paths:
+      - '**.yml'
 
 permissions:
   contents: read

From 86f8f71548a258a63538dc35d1b237a23ba6a211 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 04:13:06 +0000
Subject: [PATCH 3693/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.14.0-alpine3.22 to 3.14.1-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.1-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index cc58aa43..cfc1f952 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.0-alpine3.22
+FROM python:3.14.1-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 7d46e12df70052591d6a9bab47ece0cd97da319f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 13:08:03 +0100
Subject: [PATCH 3694/3949] exchange strval with string cast

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/DockerController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ef0d0702..27a06bc8 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -189,7 +189,7 @@ readonly class DockerController {
 
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . strval($port) . $path;
+        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
         // set install_latest_major

From 911cdef763350d64661459b33da3a06563ce2b7f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 12:18:56 +0000
Subject: [PATCH 3695/3949] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5.3.1 to 7.1.4.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/f94ec6bedd8674c4426838e6b50417d36b6ab231...1e862dfacbd1d6d858c55d9b792c756523627244)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index c88f697e..a911f5ad 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 0a23880281bcbd0bc59f50ce6c1efbe3e458c5a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Dec 2025 12:19:16 +0000
Subject: [PATCH 3696/3949] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index c88f697e..b3d2f0d8 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 

From 9d08ce1ce51a38e96a3842539ac91df3ce9b7487 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:14:31 +0100
Subject: [PATCH 3697/3949] readme: add section on how to limit the resource
 usage of AIO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index f6b4f9e2..acc12d95 100644
--- a/readme.md
+++ b/readme.md
@@ -217,6 +217,7 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version)
     - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
     - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
+    - [How to limit the resource usage of AIO?](#how-to-limit-the-resource-usage-of-aio)
     - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
     - [How to adjust the Talk port?](#how-to-adjust-the-talk-port)
     - [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud)
@@ -465,6 +466,9 @@ You can move the whole docker library and all its files including all Nextcloud
 
 This should solve the problem.
 
+### How to limit the resource usage of AIO?
+In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273).
+
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
 

From bd45cb4544e3007d028ed9986756ffcb2fa83c63 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:18:28 +0100
Subject: [PATCH 3698/3949] add additional hint

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index acc12d95..fc46b3fb 100644
--- a/readme.md
+++ b/readme.md
@@ -467,7 +467,7 @@ You can move the whole docker library and all its files including all Nextcloud
 This should solve the problem.
 
 ### How to limit the resource usage of AIO?
-In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273).
+In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273). Another possibility is to use the [manual installation](./manual-install/).
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.

From b80bc2640dba54b8121957f25a97ca2ee976d06c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 4 Dec 2025 16:19:30 +0100
Subject: [PATCH 3699/3949] fix mentioning of docker.io

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/readme.md b/manual-install/readme.md
index 874a5b4b..ea2c2978 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -6,7 +6,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
 - You can run the containers with docker swarm
-- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
+- You can run this in environments where access to ghcr.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
 
 ### Disadvantages
 - You lose the AIO interface

From 57efcd852da78180671212e166adf602e2d6fbab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 04:12:33 +0000
Subject: [PATCH 3700/3949] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.65-alpine3.22 to 2.4.66-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.66-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d9602864..c844c364 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.65-alpine3.22
+FROM httpd:2.4.66-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 238117ac47d879a3d51814d8919acc346da6a1e9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 09:45:09 +0100
Subject: [PATCH 3701/3949] mastercontainer: fix docker api version check if
 DOCKER_API_VERSION was set globally

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 4ca193be..1002ef84 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -116,14 +116,14 @@ fi
 
 # Docker api version check
 # shellcheck disable=SC2001
-API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+API_VERSION_NUMB="$(echo "$DOCKER_API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
     LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 fi
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
     if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        print_red "Docker API v$DOCKER_API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
         echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
         echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
         echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"

From a9d462489c5fa7f568e8ced174177d565662430e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 10:03:53 +0100
Subject: [PATCH 3702/3949] increase to 12.2.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2b381c90..2432ab13 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.2.0</h1>
+            <h1>Nextcloud AIO v12.2.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 19ad65966b24c93709dc521444b1783d7d0a7b22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:55 +0000
Subject: [PATCH 3703/3949] build(deps): bump peter-evans/create-pull-request
 in /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...22a9089034f40e5a961c8808d113e2c98fb63676)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 816f57bf..37e974f7 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 12a11f1f..1b448139 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 8b624e39..060b376e 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index d90d57e1..7fe5bbf9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 99ba4e32..1bd47ac4 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 689e7e7e..f28ad9f2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 06555a90..ee8e4669 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 9d9affce..ba92fd50 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 69b1b14e..be929285 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From f5fbc591565d1a3538791d03463653d5d220d425 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:59 +0000
Subject: [PATCH 3704/3949] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.4 to 7.1.5.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...ed21f2f24f8dd64503750218de024bcf64c7250a)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index b91d8c63..542f38b8 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 02b095040bd76c7f445fb2d197cef57da3478d76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:17:02 +0000
Subject: [PATCH 3705/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/2e4451ef94c5969eee533c487092052d4d1a53af...15f9da4059166900981058ba251e0b652511c68f)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index b4c32778..639b0785 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
-        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
+        uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2
         with:
           continue-after-seconds: 180
         env:

From cd8158c9f6463a018b3334bab10005ceb3e5a2c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 14:42:30 +0100
Subject: [PATCH 3706/3949] fix excluding zizmor workflow in downstream repo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index ee110b08..afc373cb 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,3 +1,6 @@
 rules:
   excessive-permissions:
     disable: true
+  dangerous-triggers:
+    ignore:
+      - build_images.yml

From 1691a19036b32f45068d1dea9f1237c49cf4aa0c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 15:36:02 +0100
Subject: [PATCH 3707/3949] make redis port configurable

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile              | 2 +-
 Containers/nextcloud/config/redis.config.php | 6 ++----
 Containers/nextcloud/entrypoint.sh           | 2 +-
 Containers/notify-push/start.sh              | 6 +++++-
 Containers/whiteboard/healthcheck.sh         | 2 +-
 Containers/whiteboard/start.sh               | 4 ++--
 php/containers.json                          | 3 +++
 7 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 03663b85..7ba63a39 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -138,7 +138,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \
diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php
index 80848974..b59fe4ea 100644
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -9,10 +9,8 @@ if (getenv('REDIS_HOST')) {
     ),
   );
 
-  if (getenv('REDIS_HOST_PORT')) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
+  if (getenv('REDIS_PORT')) {
+    $CONFIG['redis']['port'] = (int) getenv('REDIS_PORT');
   }
 
   if (getenv('REDIS_DB_INDEX')) {
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 8fdff0d0..86ffe159 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -27,7 +27,7 @@ fi
 
 # Only start container if Redis is accessible
 # shellcheck disable=SC2153
-while ! nc -z "$REDIS_HOST" "6379"; do
+while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
     echo "Waiting for Redis to start..."
     sleep 5
 done
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 9277bdaa..2f30106a 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -52,6 +52,10 @@ fi
 if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
+# Set a default value for REDIS_PORT
+if [ -z "$REDIS_PORT" ]; then
+    REDIS_PORT=6379
+fi
 # Set a default for db type
 if [ -z "$DATABASE_TYPE" ]; then
     DATABASE_TYPE=postgres
@@ -76,7 +80,7 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
-export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
diff --git a/Containers/whiteboard/healthcheck.sh b/Containers/whiteboard/healthcheck.sh
index 4f53988a..5909db82 100644
--- a/Containers/whiteboard/healthcheck.sh
+++ b/Containers/whiteboard/healthcheck.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
-nc -z "$REDIS_HOST" 6379 || exit 0
+nc -z "$REDIS_HOST" "$REDIS_PORT" || exit 0
 nc -z 127.0.0.1 3002 || exit 1
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 962df9b9..8975e0c6 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Only start container if nextcloud is accessible
-while ! nc -z "$REDIS_HOST" 6379; do
+while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
     echo "Waiting for redis to start..."
     sleep 5
 done
@@ -11,7 +11,7 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
-export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it
 exec npm --prefix /app run server:start
diff --git a/php/containers.json b/php/containers.json
index 8afb68e9..486a4694 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -204,6 +204,7 @@
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "APACHE_HOST=nextcloud-aio-apache",
         "APACHE_PORT=%APACHE_PORT%",
@@ -305,6 +306,7 @@
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "TZ=%TIMEZONE%",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "POSTGRES_HOST=nextcloud-aio-database",
         "POSTGRES_PORT=5432",
@@ -875,6 +877,7 @@
         "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
         "STORAGE_STRATEGY=redis",
         "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "BACKUP_DIR=/tmp"
       ],

From 3ab5740f0cb70a9be7d3b9df3cc71a85cbd1d33b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 19:30:10 +0100
Subject: [PATCH 3708/3949] add further explanation to failed docker check

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 1002ef84..ad1734f1 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -110,6 +110,10 @@ if ! sudo -E -u www-data docker info &>/dev/null; then
         echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
         echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
         echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+        echo "On macOS, see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos"
+        echo "Another possibility might be that Docker api v$API_VERSION is not supported by your docker daemon."
+        echo "In that case, you should report this to https://github.com/nextcloud/all-in-one/issues"
+        echo ""
         exit 1
     fi
 fi

From 2498911854c16ef7aad74867870cadbf9be8edb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Dec 2025 04:13:08 +0000
Subject: [PATCH 3709/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.1-cli to 29.1.2-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.2-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f6ecd08e..63c8ea35 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.1-cli AS docker
+FROM docker:29.1.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 7fa5af0e8cdaec036b299401553b8e5b636791f8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 9 Dec 2025 09:14:59 +0100
Subject: [PATCH 3710/3949] daily-bakup.sh: fix issue with apache-port

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index edc5bddd..d11f3e85 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -23,8 +23,8 @@ fi
 sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
 
 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
-if [ -z "$APACHE_PORT" ]; then
+LOCAL_APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
+if [ -z "$LOCAL_APACHE_PORT" ]; then
     echo "APACHE_PORT is not set which is not expected..."
 else
     # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
@@ -32,7 +32,7 @@ else
     docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
 
     # Wait for apache to start
-    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$LOCAL_APACHE_PORT"; do
         echo "Waiting for apache to become available"
         sleep 30
     done

From b6f85b04b511e40f09947f1c10f4594930736117 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 9 Dec 2025 12:03:48 +0000
Subject: [PATCH 3711/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 12545ac3..4e2cfaee 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -438,7 +438,7 @@ services:
     environment:
       - TZ=${TIMEZONE}
       - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
-      - bootstrap.memory_lock=true
+      - bootstrap.memory_lock=false
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
       - logger.level=WARN

From 52f67f2de96033bfe687530302ebf6bd0676f0dc Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 9 Dec 2025 12:14:58 +0000
Subject: [PATCH 3712/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 03663b85..866ad126 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -83,7 +83,7 @@ RUN set -ex; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.27; \
+    pecl install APCu-5.1.28; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \
    pecl install -o imagick-3.8.1; \

From 0f3f88da0841c0239cd1fdb106e44c70eb1e251f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 12:29:46 +0000
Subject: [PATCH 3713/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/mastercontainer/Dockerfile |  2 +-
 php/composer.lock                     | 74 +++++++++++++--------------
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index f6ecd08e..4bea57a4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -52,7 +52,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.27; \
+    pecl install APCu-5.1.28; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \
diff --git a/php/composer.lock b/php/composer.lock
index 2fbf905c..24565073 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -2035,16 +2035,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.3.2",
+            "version": "v2.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce"
+                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce",
-                "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
+                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
                 "shasum": ""
             },
             "require": {
@@ -2107,7 +2107,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.2"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.3"
             },
             "funding": [
                 {
@@ -2115,7 +2115,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-08-27T21:55:40+00:00"
+            "time": "2025-11-15T06:23:42+00:00"
         },
         {
             "name": "amphp/parser",
@@ -3111,20 +3111,20 @@
         },
         {
             "name": "league/uri",
-            "version": "7.6.0",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "f625804987a0a9112d954f9209d91fec52182344"
+                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/f625804987a0a9112d954f9209d91fec52182344",
-                "reference": "f625804987a0a9112d954f9209d91fec52182344",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
+                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.6",
+                "league/uri-interfaces": "^7.7",
                 "php": "^8.1",
                 "psr/http-factory": "^1"
             },
@@ -3197,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.6.0"
+                "source": "https://github.com/thephpleague/uri/tree/7.7.0"
             },
             "funding": [
                 {
@@ -3205,20 +3205,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-18T12:17:23+00:00"
+            "time": "2025-12-07T16:02:06+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.6.0",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368"
+                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/ccbfb51c0445298e7e0b7f4481b942f589665368",
-                "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
+                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
                 "shasum": ""
             },
             "require": {
@@ -3281,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.6.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0"
             },
             "funding": [
                 {
@@ -3289,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-18T12:17:23+00:00"
+            "time": "2025-12-07T16:03:21+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3344,16 +3344,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.6.2",
+            "version": "v5.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "3a454ca033b9e06b63282ce19562e892747449bb"
+                "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb",
-                "reference": "3a454ca033b9e06b63282ce19562e892747449bb",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/dca41cd15c2ac9d055ad70dbfd011130757d1f82",
+                "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82",
                 "shasum": ""
             },
             "require": {
@@ -3396,9 +3396,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.7.0"
             },
-            "time": "2025-10-21T19:32:17+00:00"
+            "time": "2025-12-06T11:56:16+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3889,16 +3889,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.27",
+            "version": "v6.4.30",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc"
+                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc",
-                "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc",
+                "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e",
+                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e",
                 "shasum": ""
             },
             "require": {
@@ -3963,7 +3963,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.27"
+                "source": "https://github.com/symfony/console/tree/v6.4.30"
             },
             "funding": [
                 {
@@ -3983,7 +3983,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-06T10:25:16+00:00"
+            "time": "2025-12-05T13:47:41+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.13.1",
+            "version": "6.14.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"
+                "reference": "cf26e6debc366836754f359ece5b68629a1ee185"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
-                "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185",
+                "reference": "cf26e6debc366836754f359ece5b68629a1ee185",
                 "shasum": ""
             },
             "require": {
@@ -4582,7 +4582,7 @@
                 "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0",
                 "netresearch/jsonmapper": "^5.0",
                 "nikic/php-parser": "^5.0.0",
-                "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3",
+                "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0",
                 "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
                 "symfony/console": "^6.0 || ^7.0",
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-08-06T10:10:28+00:00"
+            "time": "2025-12-10T09:31:26+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From a3a8cbff34690706c7ce8c3cf489ed663de92d1f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 13:39:37 +0000
Subject: [PATCH 3714/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                         | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml          | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml       | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml  | 6 +++---
 .../templates/nextcloud-aio-imaginary-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml       | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml     | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml      | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml           | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml  | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml      | 2 +-
 14 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7d6a0c55..01453437 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.1.4
+version: 12.2.1
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index e6273a8b..f9fd44e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 662d68a0..e07f9bfb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index e91cfe56..8f8d6d3c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index d65dfa78..1c6491fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index a3877029..f40d6ff3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -41,7 +41,7 @@ spec:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: bootstrap.memory_lock
-              value: "true"
+              value: "false"
             - name: cluster.name
               value: nextcloud-aio
             - name: discovery.type
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index c8ae83d9..5906d566 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 2a925878..242b9f16 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -186,7 +186,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 5f16388a..114ddc1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 4e64f6c5..d1ae2b35 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 18ceee18..3af2d622 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 81f616fa..9d9c6d80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 0319cce8..58afc7d0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 35f29df7..229395ca 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359
           readinessProbe:
             exec:
               command:

From e5f1cb5955575750602ce19dd8ec0014d1d2371f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 10 Dec 2025 14:59:46 +0000
Subject: [PATCH 3715/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index d2db5ae3..50ba3b7d 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a	
+ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.3
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
 
 FROM alpine:3.22.2
 

From 1492e7ad46c8c137981dff57cc185db880becf02 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Thu, 11 Dec 2025 04:19:27 +0000
Subject: [PATCH 3716/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index d04c5aa8..dfff8ba0 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.13.1@1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51"/>
+<files psalm-version="6.14.1@cf26e6debc366836754f359ece5b68629a1ee185"/>

From 8a3628d1d8560c493d721538ff179fe19096f067 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 11:03:36 +0000
Subject: [PATCH 3717/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 866ad126..7ca67cac 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.2
+ENV NEXTCLOUD_VERSION=32.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From 29dbf6e565e27861264d41c53ae54342d78eb52e Mon Sep 17 00:00:00 2001
From: stefano99 <falchi.stefi@gmail.com>
Date: Thu, 11 Dec 2025 12:16:35 +0100
Subject: [PATCH 3718/3949] Docs update: Add encoded characters config for
 Traefik v3.6.4+ (#7286)

Signed-off-by: stefano99 <falchi.stefi@gmail.com>
---
 reverse-proxy.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index e0497c84..14e7aaaf 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -870,6 +870,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
         transport:
           respondingTimeouts:
             readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
+        http:
+          # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+).
+          encodedCharacters:  
+            allowEncodedSlash: true
+            allowEncodedQuestionMark: true
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From eada5b90fe7ec99141ce2edd98545d4c1db22036 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 12:19:48 +0000
Subject: [PATCH 3719/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 24565073..d829d29f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.14.1",
+            "version": "6.14.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "cf26e6debc366836754f359ece5b68629a1ee185"
+                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185",
-                "reference": "cf26e6debc366836754f359ece5b68629a1ee185",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
+                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
                 "shasum": ""
             },
             "require": {
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-12-10T09:31:26+00:00"
+            "time": "2025-12-11T08:58:52+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

From 7f71a94c8cbfdba9a5c45c62804e238e217a0439 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 11 Dec 2025 12:20:33 +0000
Subject: [PATCH 3720/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 4e2cfaee..9da46d0f 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -135,6 +135,7 @@ services:
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - APACHE_HOST=nextcloud-aio-apache
       - APACHE_PORT
@@ -206,6 +207,7 @@ services:
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - TZ=${TIMEZONE}
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PORT=5432
@@ -475,6 +477,7 @@ services:
       - JWT_SECRET_KEY=${WHITEBOARD_SECRET}
       - STORAGE_STRATEGY=redis
       - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - BACKUP_DIR=/tmp
     restart: unless-stopped

From 65501079013c6df1bedb2ca4c5115909699682aa Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 28 Nov 2025 13:02:20 +0100
Subject: [PATCH 3721/3949] standardize ca-config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile               |   1 +
 .../nextcloud/config/postgres.config.php      |   4 +-
 Containers/nextcloud/entrypoint.sh            | 107 +++++++++++++-----
 Containers/notify-push/start.sh               |   4 +-
 4 files changed, 84 insertions(+), 32 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 034ebba2..f4891920 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -251,6 +251,7 @@ RUN set -ex; \
     chmod 777 -R /usr/local/etc/php/conf.d && \
     chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
+    chmod -R 777 /etc/openldap; \
     \
     mkdir -p /nc-updater; \
     chmod -R 777 /nc-updater
diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index acde7b82..71a657a7 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -3,14 +3,14 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
   $CONFIG = array(
     'pgsql_ssl' => array(
       'mode' => 'verify-ca',
-      'rootcert' => '/var/www/html/data/certificates/POSTGRES',
+      'rootcert' => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
   $CONFIG = array(
     'dbdriveroptions' => array(
-      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL',
+      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c0dfd803..edc6c32c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -20,6 +20,79 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
+set_global_ca_bundle_path() {
+    # Only run if env is set
+    if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+        php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE"
+    fi
+}
+
+# Create cert bundle
+if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
+
+    # Enable debug mode
+    set -x
+
+    # Default vars
+    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
+    CERTIFICATE_BUNDLE="/var/www/html/data/certificates/ca-bundle.crt"
+    
+    # Remove old root certs and recreate them with current ones
+    rm -rf "$CERTIFICATES_ROOT_DIR"
+    mkdir -p "$CERTIFICATES_ROOT_DIR"
+
+    # Retrieve default root cert bundle
+    if ! [ -f "$SOURCE_LOCATION/resources/config/ca-bundle.crt" ]; then
+        echo "Root ca-bundle not found. Only concattening configured NEXTCLOUD_TRUSTED_CERTIFICATES files!"
+        # Recreate cert file
+        touch "$CERTIFICATE_BUNDLE"
+    else
+        # Write default bundle to the target ca file
+        cat "$SOURCE_LOCATION/resources/config/ca-bundle.crt" > "$CERTIFICATE_BUNDLE"
+    fi
+
+    # Iterate through certs
+    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
+    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
+    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
+
+        # Create new line
+        echo "" >> "$CERTIFICATE_BUNDLE"
+
+        # Check if variable is an actual cert
+        if echo "${!certificate}" | grep -q "BEGIN CERTIFICATE" && echo "${!certificate}" | grep -q "END CERTIFICATE"; then
+            # Write out cert to bundle
+            echo "${!certificate}" >> "$CERTIFICATE_BUNDLE"
+        fi
+
+        # Create file in cert dir for extra logic in other places
+        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
+            touch "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
+        fi
+
+    done
+
+    # Custom logic for ldap conf
+    if ! grep -q "TLS_" /etc/openldap/ldap.conf; then
+        cat << EOL >> /etc/openldap/ldap.conf
+TLS_CACERT $CERTIFICATE_BUNDLE
+TLS_REQCERT try
+EOL
+    fi
+
+    # Backwards compatibility with older instances
+    if [ -f "/var/www/html/config/postgres.config.php" ]; then
+        sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
+        sed -i "s|/var/www/html/data/certificates/MYSQL|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php
+    fi
+
+    # Print out bundle one last time
+    cat "$CERTIFICATE_BUNDLE"
+
+    # Disable debug mode
+    set +x
+fi
+
 # Adjust DATABASE_TYPE to by Nextcloud supported value
 if [ "$DATABASE_TYPE" = postgres ]; then
     export DATABASE_TYPE=pgsql
@@ -173,6 +246,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             run_upgrade_if_needed_due_to_app_update
 
+            set_global_ca_bundle_path
+
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later; this might take a while..."
@@ -279,16 +354,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     );
 EOF
 
-            # Write out postgres root cert
-            if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then
-                mkdir /var/www/html/data/certificates
-                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES"
-            # Write out mysql root cert
-            elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then
-                mkdir /var/www/html/data/certificates
-                echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL"
-            fi
-
             echo "Installing with $DATABASE_TYPE database"
             # Set a default value for POSTGRES_PORT
             if [ -z "$POSTGRES_PORT" ]; then
@@ -316,6 +381,8 @@ EOF
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
+            set_global_ca_bundle_path
+
             if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
                 max_retries=10
                 try=0
@@ -532,6 +599,8 @@ fi
 
 run_upgrade_if_needed_due_to_app_update
 
+set_global_ca_bundle_path
+
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)
@@ -649,24 +718,6 @@ else
 fi
 # AIO app end # Do not remove or change this line!
 
-# Allow to add custom certs to Nextcloud's trusted cert store
-if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
-    set -x
-    TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')"
-    mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES"
-    CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates"
-    mkdir -p "$CERTIFICATES_ROOT_DIR"
-    for certificate in "${TRUSTED_CERTIFICATES[@]}"; do
-        # shellcheck disable=SC2001
-        CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')"
-        if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then
-            echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
-            php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME"
-        fi
-    done
-    set +x
-fi
-
 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
     php /var/www/html/occ app:install notify_push
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 9277bdaa..375009fc 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -68,10 +68,10 @@ fi
 
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
-    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES"
+    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
 # Mysql root cert
 elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
-    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL"
+    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/ca-bundle.crt"
 fi
 
 # Set sensitive values as env

From 0be8409c365aa4996c577070b025baa496fa7ef6 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Dec 2025 15:21:13 +0100
Subject: [PATCH 3722/3949] increase to 12.3.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2432ab13..4e25dcf3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.2.1</h1>
+            <h1>Nextcloud AIO v12.3.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 76cae30d5ca4048b3caca5872d67bc1c70c203cf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 11 Dec 2025 15:56:27 +0100
Subject: [PATCH 3723/3949] update helm chart

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 ++
 .../templates/nextcloud-aio-notify-push-deployment.yaml         | 2 ++
 .../templates/nextcloud-aio-whiteboard-deployment.yaml          | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 242b9f16..3911d7eb 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -160,6 +160,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: REMOVE_DISABLED_APPS
               value: "{{ .Values.REMOVE_DISABLED_APPS }}"
             - name: SIGNALING_SECRET
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 114ddc1d..dc33201f 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -53,6 +53,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
           image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 229395ca..410d6ae8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -44,6 +44,8 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: STORAGE_STRATEGY
               value: redis
             - name: TZ

From 17bf4f91d7d20a91ed499d126eb014beb50d735f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 12 Dec 2025 13:06:50 +0100
Subject: [PATCH 3724/3949] nextcloud: fix configuration of
 `default_certificates_bundle_path` and allow to use bundle for mailer

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../nextcloud/config/certificates-bundle.config.php |  5 +++++
 Containers/nextcloud/config/smtp.config.php         | 11 +++++++++++
 Containers/nextcloud/entrypoint.sh                  | 13 -------------
 3 files changed, 16 insertions(+), 13 deletions(-)
 create mode 100644 Containers/nextcloud/config/certificates-bundle.config.php

diff --git a/Containers/nextcloud/config/certificates-bundle.config.php b/Containers/nextcloud/config/certificates-bundle.config.php
new file mode 100644
index 00000000..cc05b06a
--- /dev/null
+++ b/Containers/nextcloud/config/certificates-bundle.config.php
@@ -0,0 +1,5 @@
+<?php
+// Check if NEXTCLOUD_TRUSTED_CERTIFICATES_ are configured
+if (str_contains(implode(' ', array_keys(getenv())), 'NEXTCLOUD_TRUSTED_CERTIFICATES_')) {
+  $CONFIG['default_certificates_bundle_path'] = '/var/www/html/data/certificates/ca-bundle.crt';
+}
diff --git a/Containers/nextcloud/config/smtp.config.php b/Containers/nextcloud/config/smtp.config.php
index 40cfdf94..b57f9b68 100644
--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -18,3 +18,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
       $CONFIG['mail_smtppassword'] = '';
   }
 }
+
+if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MAILER')) {
+  $CONFIG = array(
+    'mail_smtpstreamoptions' => array(
+      'ssl' => array(
+        'verify_peer_name' => false,
+        'cafile' => '/var/www/html/data/certificates/ca-bundle.crt',
+      )
+    )
+  );
+}
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 526a4b67..eea3d65b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -20,13 +20,6 @@ run_upgrade_if_needed_due_to_app_update() {
     fi
 }
 
-set_global_ca_bundle_path() {
-    # Only run if env is set
-    if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
-        php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE"
-    fi
-}
-
 # Create cert bundle
 if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
 
@@ -246,8 +239,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 
             run_upgrade_if_needed_due_to_app_update
 
-            set_global_ca_bundle_path
-
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later; this might take a while..."
@@ -381,8 +372,6 @@ EOF
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
-            set_global_ca_bundle_path
-
             if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
                 max_retries=10
                 try=0
@@ -599,8 +588,6 @@ fi
 
 run_upgrade_if_needed_due_to_app_update
 
-set_global_ca_bundle_path
-
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
     # Check if appdata is present
     # If not, something broke (e.g. changing ncdatadir after aio was first started)

From 2998dfdf435148a637f1a2bd2adb1e95972138ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 04:15:48 +0000
Subject: [PATCH 3725/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.4.2 to v1.5.0.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index fe5d89f7..e2f40160 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
 
 USER root
 RUN set -ex; \

From 4c1947afdcf9994dd4a7d3b74fefe32126e08c5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:36 +0000
Subject: [PATCH 3726/3949] build(deps): bump dessant/lock-threads in
 /.github/workflows

Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dessant/lock-threads/compare/1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771...7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lock-threads.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
index be8273d5..bda40ee2 100644
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
+      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

From d0b5e64272df65b96aa3259dd5228575d4eb13df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:43 +0000
Subject: [PATCH 3727/3949] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.5 to 7.1.6.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/ed21f2f24f8dd64503750218de024bcf64c7250a...681c641aba71e4a1c380be3ab5e12ad51f415867)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 542f38b8..9b5710cb 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 5fef93eabf77b693dbd4b4ce35e4bc60012bab60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:21:53 +0000
Subject: [PATCH 3728/3949] build(deps): bump actions/upload-artifact in
 /.github/workflows

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/playwright.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 3919690b..252a6510 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

From 92d036d04ad6cf10f5c5d2ebaed604b786433645 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Dec 2025 04:15:35 +0000
Subject: [PATCH 3729/3949] build(deps): bump python in
 /Containers/talk-recording

Bumps python from 3.14.1-alpine3.22 to 3.14.2-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.2-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk-recording/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index cfc1f952..beeb517e 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.1-alpine3.22
+FROM python:3.14.2-alpine3.22
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From a66445d4437791835682750bb338eac6d8d34229 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 10:40:45 +0100
Subject: [PATCH 3730/3949] nextcloud: allow to configure
 `FULLTEXTSEARCH_PROTOCOL`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 5 ++++-
 php/containers.json                | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index eea3d65b..d5ca8952 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -972,6 +972,9 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:disable fulltextsearch_elasticsearch
         php /var/www/html/occ app:disable files_fulltextsearch
     else
+        if [ -z "$FULLTEXTSEARCH_PROTOCOL" ]; then
+            FULLTEXTSEARCH_PROTOCOL="http"
+        fi
         if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
             php /var/www/html/occ app:install fulltextsearch
         elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
@@ -994,7 +997,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
             php /var/www/html/occ app:update files_fulltextsearch
         fi
         php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
+        php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"$FULLTEXTSEARCH_PROTOCOL://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}"
         php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}"
 
         # Do the index
diff --git a/php/containers.json b/php/containers.json
index 486a4694..d8556184 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -237,6 +237,7 @@
         "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "FULLTEXTSEARCH_PROTOCOL=http",
         "FULLTEXTSEARCH_PORT=9200",
         "FULLTEXTSEARCH_USER=elastic",
         "FULLTEXTSEARCH_INDEX=nextcloud-aio",

From f415bf201d521111ad40a56654673ac8586d1898 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 10:31:33 +0100
Subject: [PATCH 3731/3949] s3-config: adjust the multibucket setting

Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: Kate <26026535+provokateurin@users.noreply.github.com>
---
 Containers/nextcloud/config/s3.config.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 66e1476d..59217a78 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -6,9 +6,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
   $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
   $CONFIG = array(
-    $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array(
+    'objectstore' => array(
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
+        'multibucket' => $multibucket === 'true',
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',

From 0f0265abd4096ad73eb7dc340ff24bc13e9e97e0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Tue, 16 Dec 2025 11:09:08 +0000
Subject: [PATCH 3732/3949] Yaml updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 manual-install/latest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 9da46d0f..e9362ccc 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -165,6 +165,7 @@ services:
       - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - FULLTEXTSEARCH_PROTOCOL=http
       - FULLTEXTSEARCH_PORT=9200
       - FULLTEXTSEARCH_USER=elastic
       - FULLTEXTSEARCH_INDEX=nextcloud-aio

From 1dadf3ff10c338d6e74bfabe3ab06c0d3f59c989 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 16 Dec 2025 13:01:52 +0100
Subject: [PATCH 3733/3949] Merge pull request #7328 from
 nextcloud/enh/noid/update-helm

---
 .../templates/nextcloud-aio-nextcloud-deployment.yaml           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 3911d7eb..e95b8b0b 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -114,6 +114,8 @@ spec:
               value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
             - name: FULLTEXTSEARCH_PORT
               value: "9200"
+            - name: FULLTEXTSEARCH_PROTOCOL
+              value: http
             - name: FULLTEXTSEARCH_USER
               value: elastic
             - name: IMAGINARY_ENABLED

From 082bbab85561944db7de12b351611e11253bdca9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 17 Dec 2025 04:13:11 +0000
Subject: [PATCH 3734/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.7.3.1 to 25.04.8.1.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.8.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 071d0751..50b6cfef 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.3.1
+FROM collabora/code:25.04.8.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From 06f492397b04dd412e7c111f959f0bfc846897c5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 12:27:56 +0100
Subject: [PATCH 3735/3949] helm: make documentation more clear about storage
 classes

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 4 ++--
 nextcloud-aio-helm-chart/values.yaml    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 02428db8..39aa7007 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -425,8 +425,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
-echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf
-echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 10603a7c..8b17bc97 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -38,8 +38,8 @@ REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that a
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
-STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!
-STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

From adedd78c34948409525d7dd1d7dfbcd801f9bcfd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 13:43:32 +0100
Subject: [PATCH 3736/3949] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 nextcloud-aio-helm-chart/values.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index 39aa7007..f39d3035 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -426,7 +426,7 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf
-echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index 8b17bc97..25fb2c92 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -39,7 +39,7 @@ TALK_PORT: 3478          # This allows to adjust the port that the talk containe
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).
-STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

From 748857a495cc13a513674ea3e5a1d4a76de76d35 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 15:11:24 +0100
Subject: [PATCH 3737/3949] onlyoffice: disable background check for editors

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh        | 1 +
 Containers/nextcloud/run-exec-commands.sh | 5 -----
 php/containers.json                       | 4 ----
 3 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index d5ca8952..6825f04c 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -831,6 +831,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         fi
 
         # Set OnlyOffice configuration
+        php /var/www/html/occ config:system:set onlyoffice editors_check_interval --value="0" --type=integer 
         php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
         php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
         php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh
index 9ef6ba69..e8066881 100644
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -19,11 +19,6 @@ else
         echo "Activating Collabora config..."
         php /var/www/html/occ richdocuments:activate-config
     fi
-    # OnlyOffice must work also if using manual-install
-    if [ "$ONLYOFFICE_ENABLED" = yes ]; then
-        echo "Activating OnlyOffice config..."
-        php /var/www/html/occ onlyoffice:documentserver --check
-    fi
 fi
 
 signal_handler() {
diff --git a/php/containers.json b/php/containers.json
index d8556184..8c507f91 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -723,10 +723,6 @@
         "ONLYOFFICE_SECRET"
       ],
       "restart": "unless-stopped",
-      "nextcloud_exec_commands": [
-        "echo 'Activating OnlyOffice config...'",
-        "php /var/www/html/occ onlyoffice:documentserver --check"
-      ],
       "profiles": [
         "onlyoffice"
       ],

From 7b91fcbbd34c80fde199b0b297769c11c94b75af Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 17 Dec 2025 15:24:28 +0100
Subject: [PATCH 3738/3949] nextcloud: Allow to disable imagick without having
 to enable it each time

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile |  1 +
 Containers/nextcloud/start.sh   | 12 +++++-------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 05b3dd0a..f40de2ce 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -93,6 +93,7 @@ RUN set -ex; \
         apcu \
         memcached \
         redis \
+        imagick \
     ; \
     rm -r /tmp/pear; \
     \
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 14cb35d1..05ccb8b0 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -86,15 +86,13 @@ fi
 # Install additional php extensions
 if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        # Allow to disable imagick without having to enable it each time
+        if ! echo "$ADDITIONAL_PHP_EXTENSIONS" | grep -q imagick; then
+            # Remove the ini file as there is no docker-php-ext-disable script available
+            rm /usr/local/etc/php/conf.d/docker-php-ext-imagick.ini
+        fi
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
-            if [ "$app" = imagick ]; then
-                echo "Enabling Imagick..."
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-                continue
-            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."

From 3ca5f5b3000799c3012530153b7b9ba4a1c7b648 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 04:16:17 +0000
Subject: [PATCH 3739/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.2-scratch to 2.12.3-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.3-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a74fa1ae..f94886cb 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.2-scratch AS nats
+FROM nats:2.12.3-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.2 AS janus

From 576c6a18bde86af0811b05fef4c6b307a8eedd0f Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 18 Dec 2025 09:58:11 +0000
Subject: [PATCH 3740/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 01453437..16e7a82c 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.2.1
+version: 12.3.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index f9fd44e6..6eddefe9 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index e07f9bfb..26eda032 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 8f8d6d3c..c0984e1d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 1c6491fc..b7b54647 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index f40d6ff3..14f19447 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 5906d566..9f0c54c5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index e95b8b0b..3cbfa2fe 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index dc33201f..a9822a80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index d1ae2b35..c8160edd 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 3af2d622..8446167d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 9d9c6d80..c28e7335 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 58afc7d0..a0d36c08 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 410d6ae8..e311f230 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503
           readinessProbe:
             exec:
               command:

From 638c8e262d3e5a11cf314dd500cb6550628fbe54 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:37 +0000
Subject: [PATCH 3741/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/alpine

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 25ac9671..718c5510 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 32c6325ab8b150378f85493c61a7ec37871fc2ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:43 +0000
Subject: [PATCH 3742/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/borgbackup

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 3d4ce1ce..637d035c 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     \

From ad92033faf7d03825e6e5474f6fd80eeb82688ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:46 +0000
Subject: [PATCH 3743/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/clamav

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index eab313fd..196b109a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 93aefb05a9f4bd2dda53c9596c4a8ce436d786fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:11:54 +0000
Subject: [PATCH 3744/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index c4b340e2..769c24ac 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 224e4ed91793841615a3f87e3976476871dffc56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:12:02 +0000
Subject: [PATCH 3745/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/imaginary

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index ea0a70de..79ea1228 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From 86328d650977ba91665d6c97b39a5d602ef354a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:12:58 +0000
Subject: [PATCH 3746/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 812ec840..83b4cab1 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From e136b51fc1fa6b1479e6222b12f97c9ca60ca1a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:13:19 +0000
Subject: [PATCH 3747/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/talk

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index a74fa1ae..fe7d017d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.12.2-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
-FROM alpine:3.22.2 AS janus
+FROM alpine:3.23.2 AS janus
 
 ARG JANUS_VERSION=v1.3.3
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From 667a6ebfad10f461b0cf8b3f20c607bb0d28e36f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 04:13:29 +0000
Subject: [PATCH 3748/3949] build(deps): bump alpine from 3.22.2 to 3.23.2 in
 /Containers/watchtower

Bumps alpine from 3.22.2 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 50ba3b7d..14f6c672 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
 
-FROM alpine:3.22.2
+FROM alpine:3.23.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 15fa3be6555e0916be19c0a788ed3208aa010022 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 30 Dec 2025 13:46:07 +0100
Subject: [PATCH 3749/3949] Update collabora.yml

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/collabora.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 37e974f7..8e464925 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -14,7 +14,7 @@ jobs:
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
-        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
+        wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/main/docker/cool-seccomp-profile.json
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request

From e8176e15f5076397629bc38c1867070add001a9f Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Wed, 31 Dec 2025 04:22:04 +0000
Subject: [PATCH 3750/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index dfff8ba0..8c90cdc8 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.14.1@cf26e6debc366836754f359ece5b68629a1ee185"/>
+<files psalm-version="6.14.2@bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"/>

From 093b553354ce412192dc1947a2cd6bf3a6be2dd2 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 31 Dec 2025 12:03:35 +0000
Subject: [PATCH 3751/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 126 ++++++++++++++++++++++++----------------------
 1 file changed, 65 insertions(+), 61 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index d829d29f..ed6667ed 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -333,16 +333,16 @@
         },
         {
             "name": "http-interop/http-factory-guzzle",
-            "version": "1.2.0",
+            "version": "1.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/http-interop/http-factory-guzzle.git",
-                "reference": "8f06e92b95405216b237521cc64c804dd44c4a81"
+                "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/8f06e92b95405216b237521cc64c804dd44c4a81",
-                "reference": "8f06e92b95405216b237521cc64c804dd44c4a81",
+                "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/c2c859ceb05c3f42e710b60555f4c35b6a4a3995",
+                "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995",
                 "shasum": ""
             },
             "require": {
@@ -385,9 +385,9 @@
             ],
             "support": {
                 "issues": "https://github.com/http-interop/http-factory-guzzle/issues",
-                "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.0"
+                "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.1"
             },
-            "time": "2021-07-21T13:50:14+00:00"
+            "time": "2025-12-15T11:28:16+00:00"
         },
         {
             "name": "laravel/serializable-closure",
@@ -1644,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.22.1",
+            "version": "v3.22.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3"
+                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
-                "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/946ddeafa3c9f4ce279d1f34051af041db0e16f2",
+                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2",
                 "shasum": ""
             },
             "require": {
@@ -1707,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.22.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.22.2"
             },
             "funding": [
                 {
@@ -1719,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-16T16:01:12+00:00"
+            "time": "2025-12-14T11:28:47+00:00"
         }
     ],
     "packages-dev": [
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.5",
+            "version": "5.6.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761"
+                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761",
-                "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8",
+                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8",
                 "shasum": ""
             },
             "require": {
@@ -3474,7 +3474,7 @@
                 "phpdocumentor/reflection-common": "^2.2",
                 "phpdocumentor/type-resolver": "^1.7",
                 "phpstan/phpdoc-parser": "^1.7|^2.0",
-                "webmozart/assert": "^1.9.1"
+                "webmozart/assert": "^1.9.1 || ^2"
             },
             "require-dev": {
                 "mockery/mockery": "~1.3.5 || ~1.6.0",
@@ -3513,9 +3513,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6"
             },
-            "time": "2025-11-27T19:50:05+00:00"
+            "time": "2025-12-22T21:13:58+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -3763,16 +3763,16 @@
         },
         {
             "name": "spatie/array-to-xml",
-            "version": "3.4.3",
+            "version": "3.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/spatie/array-to-xml.git",
-                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf"
+                "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
-                "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf",
+                "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/88b2f3852a922dd73177a68938f8eb2ec70c7224",
+                "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224",
                 "shasum": ""
             },
             "require": {
@@ -3815,7 +3815,7 @@
                 "xml"
             ],
             "support": {
-                "source": "https://github.com/spatie/array-to-xml/tree/3.4.3"
+                "source": "https://github.com/spatie/array-to-xml/tree/3.4.4"
             },
             "funding": [
                 {
@@ -3827,7 +3827,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-27T09:08:26+00:00"
+            "time": "2025-12-15T09:00:41+00:00"
         },
         {
             "name": "sserbin/twig-linter",
@@ -3889,16 +3889,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.30",
+            "version": "v6.4.31",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e"
+                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e",
-                "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e",
+                "url": "https://api.github.com/repos/symfony/console/zipball/f9f8a889f54c264f9abac3fc0f7a371ffca51997",
+                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997",
                 "shasum": ""
             },
             "require": {
@@ -3963,7 +3963,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.30"
+                "source": "https://github.com/symfony/console/tree/v6.4.31"
             },
             "funding": [
                 {
@@ -3983,29 +3983,29 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-12-05T13:47:41+00:00"
+            "time": "2025-12-22T08:30:34+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.4.0",
+            "version": "v8.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "d551b38811096d0be9c4691d406991b47c0c630a"
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a",
-                "reference": "d551b38811096d0be9c4691d406991b47c0c630a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d937d400b980523dc9ee946bb69972b5e619058d",
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.2",
+                "php": ">=8.4",
                 "symfony/polyfill-ctype": "~1.8",
                 "symfony/polyfill-mbstring": "~1.8"
             },
             "require-dev": {
-                "symfony/process": "^6.4|^7.0|^8.0"
+                "symfony/process": "^7.4|^8.0"
             },
             "type": "library",
             "autoload": {
@@ -4033,7 +4033,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.4.0"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.1"
             },
             "funding": [
                 {
@@ -4053,20 +4053,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-27T13:27:24+00:00"
+            "time": "2025-12-01T09:13:36+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.27",
+            "version": "v6.4.31",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b"
+                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b",
-                "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
+                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
                 "shasum": ""
             },
             "require": {
@@ -4101,7 +4101,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.27"
+                "source": "https://github.com/symfony/finder/tree/v6.4.31"
             },
             "funding": [
                 {
@@ -4121,7 +4121,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-10-15T18:32:00+00:00"
+            "time": "2025-12-11T14:52:17+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4550,16 +4550,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.14.2",
+            "version": "6.14.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"
+                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
-                "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/d0b040a91f280f071c1abcb1b77ce3822058725a",
+                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a",
                 "shasum": ""
             },
             "require": {
@@ -4585,8 +4585,8 @@
                 "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0",
                 "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
-                "symfony/console": "^6.0 || ^7.0",
-                "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3",
+                "symfony/console": "^6.0 || ^7.0 || ^8.0",
+                "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3 || ^8.0",
                 "symfony/polyfill-php84": "^1.31.0"
             },
             "provide": {
@@ -4608,7 +4608,7 @@
                 "psalm/plugin-phpunit": "^0.19",
                 "slevomat/coding-standard": "^8.4",
                 "squizlabs/php_codesniffer": "^3.6",
-                "symfony/process": "^6.0 || ^7.0"
+                "symfony/process": "^6.0 || ^7.0 || ^8.0"
             },
             "suggest": {
                 "ext-curl": "In order to send data to shepherd",
@@ -4664,7 +4664,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-12-11T08:58:52+00:00"
+            "time": "2025-12-23T15:36:48+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",
@@ -4735,23 +4735,23 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "1.12.1",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68"
+                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68",
-                "reference": "9be6926d8b485f55b9229203f962b51ed377ba68",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
+                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
                 "shasum": ""
             },
             "require": {
                 "ext-ctype": "*",
                 "ext-date": "*",
                 "ext-filter": "*",
-                "php": "^7.2 || ^8.0"
+                "php": "^8.2"
             },
             "suggest": {
                 "ext-intl": "",
@@ -4761,7 +4761,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.10-dev"
+                    "dev-feature/2-0": "2.0-dev"
                 }
             },
             "autoload": {
@@ -4777,6 +4777,10 @@
                 {
                     "name": "Bernhard Schussek",
                     "email": "bschussek@gmail.com"
+                },
+                {
+                    "name": "Woody Gilk",
+                    "email": "woody.gilk@gmail.com"
                 }
             ],
             "description": "Assertions to validate method input/output with nice error messages.",
@@ -4787,9 +4791,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.12.1"
+                "source": "https://github.com/webmozarts/assert/tree/2.0.0"
             },
-            "time": "2025-10-29T15:56:20+00:00"
+            "time": "2025-12-16T21:36:00+00:00"
         }
     ],
     "aliases": [],

From 68400eafde480f2856ab9a0eecb0c6d9754b1027 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 31 Dec 2025 12:11:32 +0000
Subject: [PATCH 3752/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 50ba3b7d..93f91252 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.22 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
+ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1
 
 FROM alpine:3.22.2
 

From 5b360e96ac7d132a5d9a0db33b9319ca8440f4c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Jan 2026 04:13:30 +0000
Subject: [PATCH 3753/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.2-cli to 29.1.3-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.3-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ebf8b27d..253394de 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.2-cli AS docker
+FROM docker:29.1.3-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 6a356b5390939c68b76707c85d26b6c7aa44b12b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:46:10 +0100
Subject: [PATCH 3754/3949] rp-docs: traefik: encode `%`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 reverse-proxy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 14e7aaaf..50a6bccd 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -871,10 +871,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
           respondingTimeouts:
             readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links)
         http:
-          # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+).
+          # Required for Nextcloud to correctly handle encoded URL characters (%2F, %3F and %25 in this case) in newer Traefik versions (v3.6.4+).
           encodedCharacters:  
             allowEncodedSlash: true
             allowEncodedQuestionMark: true
+            allowEncodedPercent: true
         # If you want to enable HTTP/3 support, uncomment the line below
         # http3: {}
     

From cea609d746345a5191b105b58799610be1effe5b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:53:30 +0100
Subject: [PATCH 3755/3949] update OO

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/onlyoffice/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index c2b94d8c..d028ccbc 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.2.0.1
+FROM onlyoffice/documentserver:9.2.1.1
 
 # USER root is probably used
 

From 06cdd8eca1dda533978e0ff69fd9b4e6501393f7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 09:57:39 +0100
Subject: [PATCH 3756/3949] update remaining dependencies to alpine 3.23

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile          | 2 +-
 Containers/imaginary/Dockerfile       | 4 ++--
 Containers/mastercontainer/Dockerfile | 4 ++--
 Containers/nextcloud/Dockerfile       | 2 +-
 Containers/postgresql/Dockerfile      | 2 +-
 Containers/talk-recording/Dockerfile  | 2 +-
 Containers/watchtower/Dockerfile      | 2 +-
 readme.md                             | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index c844c364..0948fb25 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.66-alpine3.22
+FROM httpd:2.4.66-alpine3.23
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 79ea1228..319325b1 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 253394de..e10895e8 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,8 +5,8 @@ FROM docker:29.1.3-cli AS docker
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile
-FROM php:8.4.15-fpm-alpine3.22
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
+FROM php:8.4.15-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 05b3dd0a..578e7165 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.28-fpm-alpine3.22
+FROM php:8.3.28-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 4da6a372..725b8042 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
 FROM postgres:17.7-alpine
 
 COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index beeb517e..65af7db4 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.2-alpine3.22
+FROM python:3.14.2-alpine3.23
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 14f6c672..fcf4678a 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.22 AS go
+FROM golang:1.25.5-alpine3.23 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c	
 
diff --git a/readme.md b/readme.md
index fc46b3fb..bcbf7d57 100644
--- a/readme.md
+++ b/readme.md
@@ -504,7 +504,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.23. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

From 8a184fdce00484107cebc9442e3741bad4c2a3e0 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 5 Jan 2026 12:03:44 +0000
Subject: [PATCH 3757/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 319325b1..11250a43 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 84c581b8bf1d08a5a89b8efd36d372f5fec791ec Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 5 Jan 2026 15:43:17 +0100
Subject: [PATCH 3758/3949] notify-push & whiteboard: URL-encode passwords

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/notify-push/Dockerfile | 1 +
 Containers/notify-push/start.sh   | 4 ++++
 Containers/whiteboard/Dockerfile  | 2 +-
 Containers/whiteboard/start.sh    | 3 +++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 83b4cab1..029c93f2 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -11,6 +11,7 @@ RUN set -ex; \
         netcat-openbsd \
         tzdata \
         bash \
+        jq \
         openssl; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh
index 4f07907b..26d74333 100644
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -70,6 +70,10 @@ if [ "$POSTGRES_USER" = nextcloud ]; then
     export POSTGRES_USER
 fi
 
+# URL-encode passwords
+POSTGRES_PASSWORD="$(jq -rn --arg v "$POSTGRES_PASSWORD" '$v|@uri')"
+REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
+
 # Postgres root cert
 if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
     CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index e2f40160..f6b8cc7d 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -4,7 +4,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
 
 USER root
 RUN set -ex; \
-    apk add --no-cache bash; \
+    apk add --no-cache bash jq; \
     chmod 777 -R /tmp; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh
index 8975e0c6..e0babd7f 100644
--- a/Containers/whiteboard/start.sh
+++ b/Containers/whiteboard/start.sh
@@ -11,6 +11,9 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
+# URL-encode password
+REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
+
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
 # Run it

From 9da86241d4e96f5486f26c2d1243f8874c234d1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:07 +0000
Subject: [PATCH 3759/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.3.0-alpine to 3.3.1-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.3.1-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index ed2e9e2d..796c855a 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.0-alpine
+FROM haproxy:3.3.1-alpine
 
 # hadolint ignore=DL3002
 USER root

From d178e12ae4df07a08d198fbc60f820aba58a513b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:11 +0000
Subject: [PATCH 3760/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.8 to 8.19.9.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 6e739095..7975bcbb 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.8
+FROM elasticsearch:8.19.9
 
 USER root
 

From 5718c1e7edc5673b5adfbf657ca20ca00ae2af44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:18:39 +0000
Subject: [PATCH 3761/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.15-fpm-alpine3.23 to 8.4.16-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.16-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e10895e8..c5b91b7d 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.1.3-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
-FROM php:8.4.15-fpm-alpine3.23
+FROM php:8.4.16-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080

From 7a623fb12038ac1f0083359102f16c9a99f2bb62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:19:00 +0000
Subject: [PATCH 3762/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.28-fpm-alpine3.23 to 8.3.29-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.29-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 3ee04ae3..6b6be7f8 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.28-fpm-alpine3.23
+FROM php:8.3.29-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From e2b425bcda4956b7d9b1e1e01667d9ddd3ba1a96 Mon Sep 17 00:00:00 2001
From: nextcloud-command <nextcloud-command@users.noreply.github.com>
Date: Tue, 6 Jan 2026 04:23:38 +0000
Subject: [PATCH 3763/3949] Update psalm baseline

Signed-off-by: GitHub <noreply@github.com>
---
 php/psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 8c90cdc8..a9b7140d 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.14.2@bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0"/>
+<files psalm-version="6.14.3@d0b040a91f280f071c1abcb1b77ce3822058725a"/>

From 1f6871ff5cc4dce028b71dd164d982d058376826 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 7 Jan 2026 12:03:32 +0100
Subject: [PATCH 3764/3949] Fix typo in variable throughout the code base

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 22 ++++-----
 php/src/Cron/BackupNotification.php   | 66 +++++++++++++--------------
 php/src/Cron/CheckFreeDiskSpace.php   |  6 +--
 php/src/Cron/OutdatedNotification.php |  8 ++--
 php/src/Cron/UpdateNotification.php   | 12 ++---
 5 files changed, 57 insertions(+), 57 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index c49629bd..b57f65a5 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -77,11 +77,11 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $view->addExtension(new \AIO\Twig\ClassExtension());
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
-    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+    $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
     /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
-    $dockerActionManger->ConnectMasterContainerToNetwork();
+    $dockerActionManager->ConnectMasterContainerToNetwork();
     $dockerController->StartDomaincheckContainer();
 
     // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
@@ -99,17 +99,17 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
         'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
-        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManger->IsMastercontainerUpdateAvailable() ),
+        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
-        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
-        'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
+        'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
+        'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
         'borg_backup_mode' => $configurationManager->GetBackupMode(),
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
-        'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
+        'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
         'backup_times' => $configurationManager->GetBackupTimes(),
-        'current_channel' => $dockerActionManger->GetCurrentChannel(),
+        'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
@@ -144,10 +144,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
-    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+    $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
     return $view->render($response, 'login.twig', [
-        'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
+        'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/src/Cron/BackupNotification.php b/php/src/Cron/BackupNotification.php
index 17da93b2..6fbab65f 100644
--- a/php/src/Cron/BackupNotification.php
+++ b/php/src/Cron/BackupNotification.php
@@ -1,33 +1,33 @@
-<?php
-declare(strict_types=1);
-
-// increase memory limit to 2GB
-ini_set('memory_limit', '2048M');
-
-use DI\Container;
-
-require __DIR__ . '/../../vendor/autoload.php';
-
-$container = \AIO\DependencyInjection::GetContainer();
-
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
-/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
-$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
-
-$id = 'nextcloud-aio-nextcloud';
-$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
-
-$backupExitCode = $dockerActionManger->GetBackupcontainerExitCode();
-
-if ($backupExitCode === 0) {
-    if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") {
-        error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface.");
-    } else {
-        $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
-    }
-}
-
-if ($backupExitCode > 0) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.');
-}
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$backupExitCode = $dockerActionManager->GetBackupcontainerExitCode();
+
+if ($backupExitCode === 0) {
+    if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") {
+        error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface.");
+    } else {
+        $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
+    }
+}
+
+if ($backupExitCode > 0) {
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.');
+}
diff --git a/php/src/Cron/CheckFreeDiskSpace.php b/php/src/Cron/CheckFreeDiskSpace.php
index b462195e..1b5d2d64 100644
--- a/php/src/Cron/CheckFreeDiskSpace.php
+++ b/php/src/Cron/CheckFreeDiskSpace.php
@@ -11,8 +11,8 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
@@ -22,5 +22,5 @@ $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 $df = disk_free_space(DataConst::GetDataDirectory());
 if ($df !== false && (int)$df < 1024 * 1024 * 1024 * 5) {
     error_log("The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!");
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!');
 }
diff --git a/php/src/Cron/OutdatedNotification.php b/php/src/Cron/OutdatedNotification.php
index e652ba3a..628f0924 100644
--- a/php/src/Cron/OutdatedNotification.php
+++ b/php/src/Cron/OutdatedNotification.php
@@ -10,17 +10,17 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
 $id = 'nextcloud-aio-nextcloud';
 $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 
-$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+$isNextcloudImageOutdated = $dockerActionManager->isNextcloudImageOutdated();
 
 if ($isNextcloudImageOutdated === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
 }
 
diff --git a/php/src/Cron/UpdateNotification.php b/php/src/Cron/UpdateNotification.php
index e1d57f6a..2c12e2f4 100644
--- a/php/src/Cron/UpdateNotification.php
+++ b/php/src/Cron/UpdateNotification.php
@@ -10,21 +10,21 @@ require __DIR__ . '/../../vendor/autoload.php';
 
 $container = \AIO\DependencyInjection::GetContainer();
 
-/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
-$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\Docker\DockerActionManager $dockerActionManager */
+$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
 /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
 $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
 
 $id = 'nextcloud-aio-nextcloud';
 $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
 
-$isMastercontainerUpdateAvailable = $dockerActionManger->IsMastercontainerUpdateAvailable();
-$isAnyUpdateAvailable = $dockerActionManger->isAnyUpdateAvailable();
+$isMastercontainerUpdateAvailable = $dockerActionManager->IsMastercontainerUpdateAvailable();
+$isAnyUpdateAvailable = $dockerActionManager->isAnyUpdateAvailable();
 
 if ($isMastercontainerUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
 }
 
 if ($isAnyUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
+    $dockerActionManager->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
 }

From 05d0ea928276819ac71293f9ace4f98a354ab1b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Jan 2026 12:26:14 +0000
Subject: [PATCH 3765/3949] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.6 to 7.2.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/681c641aba71e4a1c380be3ab5e12ad51f415867...61cb8a9741eeb8a550a1b8544337180c0fc8476b)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 9b5710cb..3bb1d33f 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 13b885928b2f9fe695575b47cf00edfa1b5c094e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 13:52:42 +0100
Subject: [PATCH 3766/3949] fix zizmor config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index afc373cb..a991eaa5 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,3 +4,7 @@ rules:
   dangerous-triggers:
     ignore:
       - build_images.yml
+  unpinned-uses:
+    config:
+      policies:
+        actions/*: ref-pin

From 4253308781bf227d46d2283473d567e002f3b683 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 17:27:28 +0100
Subject: [PATCH 3767/3949] increase to v12.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 4e25dcf3..c318e8a6 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.3.0</h1>
+            <h1>Nextcloud AIO v12.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 2ce06a49c711a7e401385f0696752b6b2a473fdf Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 18:01:30 +0100
Subject: [PATCH 3768/3949] fix bug with imagick

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/start.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index 05ccb8b0..a5f38534 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -93,6 +93,10 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
         fi
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                # imagick is already enabled by default, so does not need to be enabled anymore.
+                continue
+            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."

From a83c4e2ed1716acd5b7635063f7377e1cd52ac23 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 15:25:23 +0100
Subject: [PATCH 3769/3949] nextcloud-entrypoint: remove custom logic for
 ldap.conf again as it does not work

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 6825f04c..43432e6d 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -65,14 +65,6 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
 
     done
 
-    # Custom logic for ldap conf
-    if ! grep -q "TLS_" /etc/openldap/ldap.conf; then
-        cat << EOL >> /etc/openldap/ldap.conf
-TLS_CACERT $CERTIFICATE_BUNDLE
-TLS_REQCERT try
-EOL
-    fi
-
     # Backwards compatibility with older instances
     if [ -f "/var/www/html/config/postgres.config.php" ]; then
         sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php

From 6200327a778321afab206a38be20cd6ab088d90a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 16:15:51 +0100
Subject: [PATCH 3770/3949] add two further commands to the bug-report template

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index ec25fc4a..5d6cc059 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -32,6 +32,10 @@ labels: 0. Needs triage
 
 #### Output of `sudo docker logs nextcloud-aio-mastercontainer`
 
+#### Output of `sudo docker inspect nextcloud-aio-mastercontainer`
+
+#### Output of `sudo docker ps -a`
+
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
 
 #### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From 71550aeeccf9a010f9bb4fa59ab1baf366a9be88 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 8 Jan 2026 12:41:42 +0100
Subject: [PATCH 3771/3949] run playwright tests also on push

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/playwright-on-push.yml      | 123 ++++++++++++++++++
 ...ml => playwright-on-workflow-dispatch.yml} |   0
 2 files changed, 123 insertions(+)
 create mode 100644 .github/workflows/playwright-on-push.yml
 rename .github/workflows/{playwright.yml => playwright-on-workflow-dispatch.yml} (100%)

diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
new file mode 100644
index 00000000..af8dec02
--- /dev/null
+++ b/.github/workflows/playwright-on-push.yml
@@ -0,0 +1,123 @@
+name: Playwright Tests on push
+
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
+
+concurrency:
+  group: playwright-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+env:
+  BASE_URL: https://localhost:8080
+
+jobs:
+  test:
+    timeout-minutes: 60
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6.0.1
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+
+      - name: Install dependencies
+        run: cd php/tests && npm ci
+
+      - name: Install Playwright Browsers
+        run: cd php/tests && npx playwright install --with-deps chromium
+
+      - name: Set up php 8.4
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
+        with:
+          extensions: apcu
+          php-version: 8.4
+          coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Adjust some things and fix permissions
+        run: |
+          cd php
+          rm -r ./data
+          rm -r ./session
+          composer install --no-dev
+          composer clear-cache
+          sudo chmod 777 -R ./
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume ./php:/var/www/docker-aio/php \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=true \
+            --env APACHE_PORT=11000 \
+            ghcr.io/nextcloud-releases/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for initial setup
+        run: |
+          cd php/tests
+          export DEBUG=pw:api
+          if ! npx playwright test tests/initial-setup.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
+
+      - name: Start fresh development server
+        run: |
+          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
+          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
+          docker run \
+            -d \
+            --init \
+            --name nextcloud-aio-mastercontainer \
+            --restart always \
+            --publish 8080:8080 \
+            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+            --volume ./php:/var/www/docker-aio/php \
+            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+            --env SKIP_DOMAIN_VALIDATION=false \
+            --env APACHE_PORT=11000 \
+            ghcr.io/nextcloud-releases/all-in-one:develop
+          echo Waiting for 10 seconds for the development container to start ...
+          sleep 10
+
+      - name: Run Playwright tests for backup restore
+        run: |
+          cd php/tests 
+          export DEBUG=pw:api
+          if ! npx playwright test tests/restore-instance.spec.js; then
+            docker logs nextcloud-aio-mastercontainer
+            docker logs nextcloud-aio-borgbackup
+            exit 1
+          fi
+
+      - uses: actions/upload-artifact@v6
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-report
+          path: php/tests/playwright-report/
+          retention-days: 14
+          overwrite: true
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright-on-workflow-dispatch.yml
similarity index 100%
rename from .github/workflows/playwright.yml
rename to .github/workflows/playwright-on-workflow-dispatch.yml

From cdd21ae1ff62f02992670677cd4b7aecc2f49107 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sat, 10 Jan 2026 15:07:08 +0100
Subject: [PATCH 3772/3949] refactor: change private properties to public in
 Container class and update related methods

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 php/src/Container/Container.php               | 148 ++++--------------
 php/src/ContainerDefinitionFetcher.php        |   2 +-
 php/src/Controller/DockerController.php       |   6 +-
 php/src/Docker/DockerActionManager.php        | 112 ++++++-------
 php/templates/components/container-state.twig |  18 +--
 php/templates/containers.twig                 |  12 +-
 6 files changed, 105 insertions(+), 193 deletions(-)

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index baee1c00..6e5d2b54 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -5,121 +5,56 @@ namespace AIO\Container;
 use AIO\Data\ConfigurationManager;
 use AIO\Docker\DockerActionManager;
 use AIO\ContainerDefinitionFetcher;
+use JsonException;
 
 readonly class Container {
     public function __construct(
-        private string                        $identifier,
-        private string                        $displayName,
-        private string                        $containerName,
-        private string                        $restartPolicy,
-        private int                           $maxShutdownTime,
-        private ContainerPorts                $ports,
-        private string                        $internalPorts,
-        private ContainerVolumes              $volumes,
-        private ContainerEnvironmentVariables $containerEnvironmentVariables,
+        public string                        $identifier,
+        public string                        $displayName,
+        public string                        $containerName,
+        public string                        $restartPolicy,
+        public int                           $maxShutdownTime,
+        public ContainerPorts                $ports,
+        public string                        $internalPorts,
+        public ContainerVolumes              $volumes,
+        public ContainerEnvironmentVariables $containerEnvironmentVariables,
         /** @var string[] */
-        private array                         $dependsOn,
+        public array                         $dependsOn,
         private string                        $uiSecret,
         /** @var string[] */
-        private array                         $devices,
-        private bool                          $enableNvidiaGpu,
+        public array                         $devices,
+        public bool                          $enableNvidiaGpu,
         /** @var string[] */
-        private array                         $capAdd,
-        private int                           $shmSize,
-        private bool                          $apparmorUnconfined,
+        public array                         $capAdd,
+        public int                           $shmSize,
+        public bool                          $apparmorUnconfined,
         /** @var string[] */
-        private array                         $backupVolumes,
-        private array                         $nextcloudExecCommands,
-        private bool                          $readOnlyRootFs,
-        private array                         $tmpfs,
-        private bool                          $init,
-        private string                        $imageTag,
-        private AioVariables                  $aioVariables,
-        private string                        $documentation,
+        public array                         $backupVolumes,
+        public array                         $nextcloudExecCommands,
+        public bool                          $readOnlyRootFs,
+        public array                         $tmpfs,
+        public bool                          $init,
+        public string                        $imageTag,
+        public AioVariables                  $aioVariables,
+        public string                        $documentation,
         private DockerActionManager           $dockerActionManager
     ) {
     }
 
-    public function GetIdentifier() : string {
-        return $this->identifier;
-    }
-
-    public function GetDisplayName() : string {
-        return $this->displayName;
-    }
-
-    public function GetContainerName() : string {
-        return $this->containerName;
-    }
-
-    public function GetRestartPolicy() : string {
-        return $this->restartPolicy;
-    }
-
-    public function GetImageTag() : string {
-        return $this->imageTag;
-    }
-
-    public function GetReadOnlySetting() : bool {
-        return $this->readOnlyRootFs;
-    }
-
-    public function GetInit() : bool {
-        return $this->init;
-    }
-
-    public function GetShmSize() : int {
-        return $this->shmSize;
-    }
-
-    public function isApparmorUnconfined() : bool {
-        return $this->apparmorUnconfined;
-    }
-
-    public function GetMaxShutdownTime() : int {
-        return $this->maxShutdownTime;
-    }
-
     public function GetUiSecret() : string {
         return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
     }
 
-    public function GetTmpfs() : array {
-        return $this->tmpfs;
-    }
-
-    public function GetDevices() : array {
-        return $this->devices;
-    }
-
-    public function isNvidiaGpuEnabled() : bool {
-        return $this->enableNvidiaGpu;
-    }
-
-    public function GetCapAdds() : array {
-        return $this->capAdd;
-    }
-
-    public function GetBackupVolumes() : array {
-        return $this->backupVolumes;
-    }
-
-    public function GetPorts() : ContainerPorts {
-        return $this->ports;
-    }
-
-    public function GetInternalPort() : string {
-        return $this->internalPorts;
-    }
-
-    public function GetVolumes() : ContainerVolumes {
-        return $this->volumes;
-    }
-
+    /**
+     * @throws JsonException
+     */
     public function GetRunningState() : ContainerState {
         return $this->dockerActionManager->GetContainerRunningState($this);
     }
 
+    /**
+     * @throws JsonException
+     */
     public function GetRestartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerRestartingState($this);
     }
@@ -131,27 +66,4 @@ readonly class Container {
     public function GetStartingState() : ContainerState {
         return $this->dockerActionManager->GetContainerStartingState($this);
     }
-
-    /**
-     * @return string[]
-     */
-    public function GetDependsOn() : array {
-        return $this->dependsOn;
-    }
-
-    public function GetNextcloudExecCommands() : array {
-        return $this->nextcloudExecCommands;
-    }
-
-    public function GetEnvironmentVariables() : ContainerEnvironmentVariables {
-        return $this->containerEnvironmentVariables;
-    }
-
-    public function GetAioVariables() : AioVariables {
-        return $this->aioVariables;
-    }
-
-    public function GetDocumentation() : string {
-        return $this->documentation;
-    }
 }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 7b092e45..d7498047 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -25,7 +25,7 @@ readonly class ContainerDefinitionFetcher {
         $containers = $this->FetchDefinition();
 
         foreach ($containers as $container) {
-            if ($container->GetIdentifier() === $id) {
+            if ($container->identifier === $id) {
                 return $container;
             }
         }
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 27a06bc8..a924e61f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -23,7 +23,7 @@ readonly class DockerController {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Start all dependencies first and then itself
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
@@ -46,7 +46,7 @@ readonly class DockerController {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Pull all dependencies first and then itself
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveImagePull($dependency);
         }
 
@@ -255,7 +255,7 @@ readonly class DockerController {
             // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period
             $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
         }
-        foreach($container->GetDependsOn() as $dependency) {
+        foreach($container->dependsOn as $dependency) {
             $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud);
         }
     }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..529af1fe 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -36,15 +36,15 @@ readonly class DockerActionManager {
     }
 
     private function BuildImageName(Container $container): string {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
-        return $container->GetContainerName() . ':' . $tag;
+        return $container->containerName . ':' . $tag;
     }
 
     public function GetContainerRunningState(Container $container): ContainerState {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
@@ -64,7 +64,7 @@ readonly class DockerActionManager {
     }
 
     public function GetContainerRestartingState(Container $container): ContainerState {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
         try {
             $response = $this->guzzleClient->get($url);
         } catch (RequestException $e) {
@@ -84,16 +84,16 @@ readonly class DockerActionManager {
     }
 
     public function GetContainerUpdateState(Container $container): VersionState {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 
-        $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
+        $runningDigests = $this->GetRepoDigestsOfContainer($container->identifier);
         if ($runningDigests === null) {
             return VersionState::Different;
         }
-        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag);
         if ($remoteDigest === null) {
             return VersionState::Equal;
         }
@@ -112,8 +112,8 @@ readonly class DockerActionManager {
             return $runningState;
         }
 
-        $containerName = $container->GetIdentifier();
-        $internalPort = $container->GetInternalPort();
+        $containerName = $container->identifier;
+        $internalPort = $container->internalPorts;
         if ($internalPort === '%APACHE_PORT%') {
             $internalPort = $this->configurationManager->GetApachePort();
         } elseif ($internalPort === '%TALK_PORT%') {
@@ -134,7 +134,7 @@ readonly class DockerActionManager {
     }
 
     public function DeleteContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->identifier)));
         try {
             $this->guzzleClient->delete($url);
         } catch (RequestException $e) {
@@ -166,17 +166,17 @@ readonly class DockerActionManager {
     }
 
     public function StartContainer(Container $container): void {
-        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier)));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
+            throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
         }
     }
 
     public function CreateVolumes(Container $container): void {
         $url = $this->BuildApiUrl('volumes/create');
-        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->volumes->GetVolumes() as $volume) {
             $forbiddenChars = [
                 '/',
             ];
@@ -202,9 +202,9 @@ readonly class DockerActionManager {
 
     public function CreateContainer(Container $container): void {
         $volumes = [];
-        foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        foreach ($container->volumes->GetVolumes() as $volume) {
             // // NEXTCLOUD_MOUNT gets added via bind-mount later on
-            // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            // if ($container->identifier === 'nextcloud-aio-nextcloud') {
             //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
             //         continue;
             //     }
@@ -228,7 +228,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        $aioVariables = $container->GetAioVariables()->GetVariables();
+        $aioVariables = $container->aioVariables->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
             $variable = $this->replaceEnvPlaceholders($variable);
@@ -238,9 +238,9 @@ readonly class DockerActionManager {
             sleep(1);
         }
 
-        $envs = $container->GetEnvironmentVariables()->GetVariables();
+        $envs = $container->containerEnvironmentVariables->GetVariables();
         // Special thing for the nextcloud container
-        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+        if ($container->identifier === 'nextcloud-aio-nextcloud') {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
         foreach ($envs as $key => $env) {
@@ -251,13 +251,13 @@ readonly class DockerActionManager {
             $requestBody['Env'] = $envs;
         }
 
-        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->restartPolicy;
 
-        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
+        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->readOnlyRootFs;
 
         $exposedPorts = [];
-        if ($container->GetInternalPort() !== 'host') {
-            foreach ($container->GetPorts()->GetPorts() as $value) {
+        if ($container->internalPorts !== 'host') {
+            foreach ($container->ports->GetPorts() as $value) {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
@@ -279,7 +279,7 @@ readonly class DockerActionManager {
 
         if (count($exposedPorts) > 0) {
             $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach ($container->GetPorts()->GetPorts() as $value) {
+            foreach ($container->ports->GetPorts() as $value) {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
@@ -314,7 +314,7 @@ readonly class DockerActionManager {
         }
 
         $devices = [];
-        foreach ($container->GetDevices() as $device) {
+        foreach ($container->devices as $device) {
             if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) {
                 continue;
             }
@@ -325,7 +325,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
-        if ($container->isNvidiaGpuEnabled() && $this->configurationManager->isNvidiaGpuEnabled()) {
+        if ($container->enableNvidiaGpu && $this->configurationManager->isNvidiaGpuEnabled()) {
             $requestBody['HostConfig']['Runtime'] = 'nvidia';
             $requestBody['HostConfig']['DeviceRequests'] = [
                 [
@@ -336,13 +336,13 @@ readonly class DockerActionManager {
             ];
         }
 
-        $shmSize = $container->GetShmSize();
+        $shmSize = $container->shmSize;
         if ($shmSize > 0) {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
         $tmpfs = [];
-        foreach ($container->GetTmpfs() as $tmp) {
+        foreach ($container->tmpfs as $tmp) {
             $mode = "";
             if (str_contains($tmp, ':')) {
                 $mode = explode(':', $tmp)[1];
@@ -354,9 +354,9 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Tmpfs'] = $tmpfs;
         }
 
-        $requestBody['HostConfig']['Init'] = $container->GetInit();
+        $requestBody['HostConfig']['Init'] = $container->init;
 
-        $capAdds = $container->GetCapAdds();
+        $capAdds = $container->capAdd;
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
@@ -368,14 +368,14 @@ readonly class DockerActionManager {
 
         // Disable SELinux for AIO containers so that it does not break them
         $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
-        if ($container->isApparmorUnconfined()) {
+        if ($container->apparmorUnconfined) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable"];
         }
 
         $mounts = [];
 
         // Special things for the backup container which should not be exposed in the containers.json
-        if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+        if (str_starts_with($container->identifier, 'nextcloud-aio-borgbackup')) {
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
@@ -384,7 +384,7 @@ readonly class DockerActionManager {
             }
 
             // Make volumes read only in case of borgbackup container. The viewer makes them writeable
-            $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup';
+            $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup';
 
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
@@ -397,12 +397,12 @@ readonly class DockerActionManager {
             }
 
         // Special things for the talk container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+        } elseif ($container->identifier === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets used in Janus which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
             // // Special things for the nextcloud container which should not be exposed in the containers.json
-            // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-            //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+            // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') {
+            //     foreach ($container->volumes->GetVolumes() as $volume) {
             //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
             //             continue;
             //         }
@@ -410,11 +410,11 @@ readonly class DockerActionManager {
             //     }
 
         // Special things for the caddy community container
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
+        } elseif ($container->identifier === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];
 
         // Special things for the collabora container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
+        } elseif ($container->identifier === 'nextcloud-aio-collabora') {
             if (!$this->configurationManager->isSeccompDisabled()) {
                 // Load reference seccomp profile for collabora
                 $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
@@ -437,9 +437,9 @@ readonly class DockerActionManager {
         $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
-        $requestBody['Hostname'] = $container->GetIdentifier();
+        $requestBody['Hostname'] = $container->identifier;
 
-        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
+        $url = $this->BuildApiUrl('containers/create?name=' . $container->identifier);
         try {
             $this->guzzleClient->request(
                 'POST',
@@ -449,18 +449,18 @@ readonly class DockerActionManager {
                 ]
             );
         } catch (RequestException $e) {
-            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
+            throw new \Exception("Could not create container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
         }
 
     }
 
     public function isRegistryReachable(Container $container): bool {
-        $tag = $container->GetImageTag();
+        $tag = $container->imageTag;
         if ($tag === '%AIO_CHANNEL%') {
             $tag = $this->GetCurrentChannel();
         }
 
-        $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag);
 
         if ($remoteDigest === null) {
             return false;
@@ -472,7 +472,7 @@ readonly class DockerActionManager {
     public function PullImage(Container $container, bool $pullImage = true): void {
 
         // Skip database image pull if the last shutdown was not clean
-        if ($container->GetIdentifier() === 'nextcloud-aio-database') {
+        if ($container->identifier === 'nextcloud-aio-database') {
             if ($this->GetDatabasecontainerExitCode() > 0) {
                 $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
@@ -484,7 +484,7 @@ readonly class DockerActionManager {
         if ($pullImage) {
             if (!$this->isRegistryReachable($container)) {
                 $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->containerName . ' image for the ' . $container->identifier . ' container because the registry does not seem to be reachable.');
             }
         }
 
@@ -598,7 +598,7 @@ readonly class DockerActionManager {
         if ($container->GetUpdateState() === VersionState::Different) {
             $updateAvailable = '1';
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $updateAvailable .= $this->isContainerUpdateAvailable($dependency);
         }
         return $updateAvailable;
@@ -622,10 +622,10 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $backupVolumes = '';
-        foreach ($container->GetBackupVolumes() as $backupVolume) {
+        foreach ($container->backupVolumes as $backupVolume) {
             $backupVolumes .= $backupVolume . ' ';
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $backupVolumes .= $this->getBackupVolumes($dependency);
         }
         return $backupVolumes;
@@ -641,10 +641,10 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $nextcloudExecCommands = '';
-        foreach ($container->GetNextcloudExecCommands() as $execCommand) {
+        foreach ($container->nextcloudExecCommands as $execCommand) {
             $nextcloudExecCommands .= $execCommand . PHP_EOL;
         }
-        foreach ($container->GetDependsOn() as $dependency) {
+        foreach ($container->dependsOn as $dependency) {
             $nextcloudExecCommands .= $this->GetNextcloudExecCommands($dependency);
         }
         return $nextcloudExecCommands;
@@ -776,7 +776,7 @@ readonly class DockerActionManager {
     public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
         if ($this->GetContainerStartingState($container) === ContainerState::Running) {
 
-            $containerName = $container->GetIdentifier();
+            $containerName = $container->identifier;
 
             // schedule the exec
             $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
@@ -901,14 +901,14 @@ readonly class DockerActionManager {
         // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible.
         // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain
         // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints.
-        $alias = ($container->GetIdentifier() === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : '';
+        $alias = ($container->identifier === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : '';
 
-        $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), alias: $alias);
+        $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias);
 
-        if ($container->GetIdentifier() === 'nextcloud-aio-apache' || $container->GetIdentifier() === 'nextcloud-aio-domaincheck') {
+        if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') {
             $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
             if ($apacheAdditionalNetwork !== '') {
-                $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, $alias);
+                $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias);
             }
         }
     }
@@ -917,9 +917,9 @@ readonly class DockerActionManager {
         if ($forceStopContainer) {
             $maxShutDownTime = 10;
         } else {
-            $maxShutDownTime = $container->GetMaxShutdownTime();
+            $maxShutDownTime = $container->maxShutdownTime;
         }
-        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->identifier), $maxShutDownTime));
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig
index 8375d033..07580e66 100644
--- a/php/templates/components/container-state.twig
+++ b/php/templates/components/container-state.twig
@@ -3,24 +3,24 @@
   <span>
     {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Starting</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Starting</a>)
     {% elseif c.GetRunningState().value == 'running' %}
       <span class="status success"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Running</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
-      {{ c.GetDisplayName() }}
-      (<a href="api/docker/logs?id={{ c.GetIdentifier() }}" target="_blank">Stopped</a>)
+      {{ c.displayName }}
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Stopped</a>)
     {% endif %}
-    {% if c.GetDocumentation() != '' %}
-      (<a target="_blank" href="{{ c.GetDocumentation() }}">docs</a>)
+    {% if c.documentation != '' %}
+      (<a target="_blank" href="{{ c.documentation }}">docs</a>)
     {% endif %}
   </span>
   {% if c.GetUiSecret() != '' %}
     <details>
-      <summary>Show password for {{ c.GetDisplayName() }}</summary>
+      <summary>Show password for {{ c.displayName }}</summary>
       <input type="text" value="{{ c.GetUiSecret() }}" readonly>
     </details>
   {% endif %}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c318e8a6..0e7d1427 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -45,19 +45,19 @@
             {% endif %}
 
             {% for container in containers %}
-                {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %}
+                {% if container.displayName != '' and container.GetRunningState().value == 'running' %}
                     {% set isAnyRunning = true %}
                 {% endif %}
-                {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %}
+                {% if container.displayName != '' and container.GetRestartingState().value == 'restarting' %}
                     {% set isAnyRestarting = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
+                {% if container.identifier == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
                     {% set isWatchtowerRunning = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
+                {% if container.identifier == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %}
                     {% set isDomaincheckRunning = true %}
                 {% endif %}
-                {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
+                {% if container.identifier == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %}
                     {% set isApacheStarting = true %}
                 {% endif %}
             {% endfor %}
@@ -280,7 +280,7 @@
                         <ul>
                             {# @var containers \AIO\Container\Container[] #}
                             {% for container in containers %}
-                                {% if container.GetDisplayName() != '' %}
+                                {% if container.displayName != '' %}
                                     {% include 'components/container-state.twig'  with {'c': container} only %}
                                 {% endif %}
                             {% endfor %}

From a53e315e7fc87e58e20a4bb98fe4e0858d075edb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Jan 2026 15:05:21 +0000
Subject: [PATCH 3773/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.3-cli to 29.1.4-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.4-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index c5b91b7d..d2019e49 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.3-cli AS docker
+FROM docker:29.1.4-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From b998fa8ebf6907f9d3aa14f09446af2675e775ee Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 12 Jan 2026 10:58:58 +0100
Subject: [PATCH 3774/3949] s3.config.php: allow to configure num_buckets

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/s3.config.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php
index 59217a78..6ea06697 100644
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -10,6 +10,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
       'class' => '\OC\Files\ObjectStore\S3',
       'arguments' => array(
         'multibucket' => $multibucket === 'true',
+        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',

From b1baefb959119199291ad0a33226b7e4c8760f30 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Jan 2026 16:03:10 +0000
Subject: [PATCH 3775/3949] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/15f9da4059166900981058ba251e0b652511c68f...e565d2d86403c5d23533937e95980570545e5586)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 639b0785..a4f441c2 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
-        uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2
+        uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
         with:
           continue-after-seconds: 180
         env:

From 95a320a3e470aa50c2fe14bba347464d8c5b7740 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:06:14 +0100
Subject: [PATCH 3776/3949] DockerActionManager: disable seccomp policy for
 borgbackup container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..67134576 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -376,6 +376,11 @@ readonly class DockerActionManager {
 
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
+            }
+
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {

From c2f070b278a4772f3b75818a185817e4b946317c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:44:05 +0100
Subject: [PATCH 3777/3949] aio-cadddy: mention how to remove the container
 again

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index a8baf9ea..a8d673b0 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -17,6 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
 
 ### Repository
 https://github.com/szaimen/aio-caddy

From 81f477211fdf95bdf5386a5a9b57c54623d8e776 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:44:43 +0100
Subject: [PATCH 3778/3949] fix detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index a8d673b0..803bbec2 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -17,7 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
+- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
 
 ### Repository
 https://github.com/szaimen/aio-caddy

From 6fe3337a21ff0e6f63a45b22f55a648555ecd0ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jan 2026 04:09:32 +0000
Subject: [PATCH 3779/3949] build(deps): bump elasticsearch in
 /Containers/fulltextsearch

Bumps elasticsearch from 8.19.9 to 8.19.10.

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.19.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/fulltextsearch/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index 7975bcbb..ed0cafe9 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.9
+FROM elasticsearch:8.19.10
 
 USER root
 

From eadf0dc5cde07f21ebe75cc96aa7eba65e91d081 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jan 2026 04:10:53 +0000
Subject: [PATCH 3780/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.5.0 to v1.5.1.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index f6b8cc7d..37ba25e0 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1
 
 USER root
 RUN set -ex; \

From 9a6e2cbe4975ba09c3a46caaeb14cc451fc59a3c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 14 Jan 2026 11:54:57 +0000
Subject: [PATCH 3781/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                           | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml            | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml            | 4 ++--
 .../templates/nextcloud-aio-collabora-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-database-deployment.yaml          | 4 ++--
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml    | 4 ++--
 .../templates/nextcloud-aio-imaginary-deployment.yaml         | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml         | 4 ++--
 .../templates/nextcloud-aio-notify-push-deployment.yaml       | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml        | 4 ++--
 .../templates/nextcloud-aio-redis-deployment.yaml             | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml              | 2 +-
 .../templates/nextcloud-aio-talk-recording-deployment.yaml    | 2 +-
 .../templates/nextcloud-aio-whiteboard-deployment.yaml        | 2 +-
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 16e7a82c..7d990549 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.3.0
+version: 12.4.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6eddefe9..6cdf8db8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 26eda032..d7627802 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c0984e1d..7e86c402 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index b7b54647..055ecd0a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 14f19447..df30e6a8 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 9f0c54c5..d2fc1375 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 3cbfa2fe..fe72d307 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index a9822a80..5b05336e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c8160edd..0e3a7fda 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 8446167d..1ccebd79 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index c28e7335..8635a6ce 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index a0d36c08..2cfcaa53 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index e311f230..50dfc3c4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729
           readinessProbe:
             exec:
               command:

From 045e5edf841324dd8eff918be27fa9e3fd332efb Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 14 Jan 2026 12:03:59 +0000
Subject: [PATCH 3782/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 95 ++++++++++++++++++++++++-----------------------
 1 file changed, 48 insertions(+), 47 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ed6667ed..ce1ae80f 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.7",
+            "version": "v2.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd"
+                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
-                "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b",
+                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b",
                 "shasum": ""
             },
             "require": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2025-11-21T20:52:36+00:00"
+            "time": "2026-01-08T16:22:46+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -2755,22 +2755,22 @@
         },
         {
             "name": "danog/advanced-json-rpc",
-            "version": "v3.2.2",
+            "version": "v3.2.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/danog/php-advanced-json-rpc.git",
-                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb"
+                "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/aadb1c4068a88c3d0530cfe324b067920661efcb",
-                "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb",
+                "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/ae703ea7b4811797a10590b6078de05b3b33dd91",
+                "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91",
                 "shasum": ""
             },
             "require": {
                 "netresearch/jsonmapper": "^5",
                 "php": ">=8.1",
-                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0"
+                "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0 || ^6"
             },
             "replace": {
                 "felixfbecker/php-advanced-json-rpc": "^3"
@@ -2801,9 +2801,9 @@
             "description": "A more advanced JSONRPC implementation",
             "support": {
                 "issues": "https://github.com/danog/php-advanced-json-rpc/issues",
-                "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.2"
+                "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.3"
             },
-            "time": "2025-02-14T10:55:15+00:00"
+            "time": "2026-01-12T21:07:10+00:00"
         },
         {
             "name": "daverandom/libdns",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "5.6.6",
+            "version": "6.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8"
+                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8",
-                "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9",
+                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9",
                 "shasum": ""
             },
             "require": {
@@ -3472,8 +3472,8 @@
                 "ext-filter": "*",
                 "php": "^7.4 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.2",
-                "phpdocumentor/type-resolver": "^1.7",
-                "phpstan/phpdoc-parser": "^1.7|^2.0",
+                "phpdocumentor/type-resolver": "^2.0",
+                "phpstan/phpdoc-parser": "^2.0",
                 "webmozart/assert": "^1.9.1 || ^2"
             },
             "require-dev": {
@@ -3483,7 +3483,8 @@
                 "phpstan/phpstan-mockery": "^1.1",
                 "phpstan/phpstan-webmozart-assert": "^1.2",
                 "phpunit/phpunit": "^9.5",
-                "psalm/phar": "^5.26"
+                "psalm/phar": "^5.26",
+                "shipmonk/dead-code-detector": "^0.5.1"
             },
             "type": "library",
             "extra": {
@@ -3513,44 +3514,44 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0"
             },
-            "time": "2025-12-22T21:13:58+00:00"
+            "time": "2026-01-07T20:22:53+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
-            "version": "1.12.0",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195"
+                "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195",
-                "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195",
+                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/327a05bbee54120d4786a0dc67aad30226ad4cf9",
+                "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9",
                 "shasum": ""
             },
             "require": {
                 "doctrine/deprecations": "^1.0",
-                "php": "^7.3 || ^8.0",
+                "php": "^7.4 || ^8.0",
                 "phpdocumentor/reflection-common": "^2.0",
-                "phpstan/phpdoc-parser": "^1.18|^2.0"
+                "phpstan/phpdoc-parser": "^2.0"
             },
             "require-dev": {
                 "ext-tokenizer": "*",
                 "phpbench/phpbench": "^1.2",
-                "phpstan/extension-installer": "^1.1",
-                "phpstan/phpstan": "^1.8",
-                "phpstan/phpstan-phpunit": "^1.1",
+                "phpstan/extension-installer": "^1.4",
+                "phpstan/phpstan": "^2.1",
+                "phpstan/phpstan-phpunit": "^2.0",
                 "phpunit/phpunit": "^9.5",
-                "rector/rector": "^0.13.9",
-                "vimeo/psalm": "^4.25"
+                "psalm/phar": "^4"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-1.x": "1.x-dev"
+                    "dev-1.x": "1.x-dev",
+                    "dev-2.x": "2.x-dev"
                 }
             },
             "autoload": {
@@ -3571,22 +3572,22 @@
             "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
             "support": {
                 "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0"
+                "source": "https://github.com/phpDocumentor/TypeResolver/tree/2.0.0"
             },
-            "time": "2025-11-21T15:09:14+00:00"
+            "time": "2026-01-06T21:53:42+00:00"
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.3.0",
+            "version": "2.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495"
+                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495",
-                "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
+                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
                 "shasum": ""
             },
             "require": {
@@ -3618,9 +3619,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.1"
             },
-            "time": "2025-08-30T15:50:23+00:00"
+            "time": "2026-01-12T11:33:04+00:00"
         },
         {
             "name": "revolt/event-loop",
@@ -4735,16 +4736,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "2.0.0",
+            "version": "2.1.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54"
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
-                "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
                 "shasum": ""
             },
             "require": {
@@ -4791,9 +4792,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.0.0"
+                "source": "https://github.com/webmozarts/assert/tree/2.1.2"
             },
-            "time": "2025-12-16T21:36:00+00:00"
+            "time": "2026-01-13T14:02:24+00:00"
         }
     ],
     "aliases": [],

From 069195bf237fab2fe9f831bb6d815d011bea14fa Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 12:47:51 +0100
Subject: [PATCH 3783/3949] nextcloud: update to 32.0.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 6b6be7f8..9c468bbb 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.3
+ENV NEXTCLOUD_VERSION=32.0.4
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From b5b642232891dccc59ef4e7c8bc5bc8c5b7bb626 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 13:41:20 +0100
Subject: [PATCH 3784/3949] Revert "DockerActionManager: disable seccomp policy
 for borgbackup container"

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 67134576..9e8a8ff2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -376,11 +376,6 @@ readonly class DockerActionManager {
 
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
-            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
-            if (!$this->configurationManager->isSeccompDisabled()) {
-                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
-            }
-
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {

From 9e362e1dc9ece2fc4bbfd5f10b656d99cae4e6ce Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 15 Jan 2026 13:48:06 +0100
Subject: [PATCH 3785/3949] increase to 12.5.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c318e8a6..9c55350e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.4.0</h1>
+            <h1>Nextcloud AIO v12.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 59ad7dc98be6eecbe7866add09ac771cd8ccf0ee Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Jan 2026 15:12:44 +0100
Subject: [PATCH 3786/3949] move version to a dedicated file

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 nextcloud-aio-helm-chart/update-helm.sh | 2 +-
 php/templates/containers.twig           | 3 ++-
 php/templates/includes/aio-version.twig | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 php/templates/includes/aio-version.twig

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index f39d3035..9e5aba86 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -407,7 +407,7 @@ rm latest.yml
 mv latest.yml.backup latest.yml
 
 # Get version of AIO
-AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
+AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/includes/aio-version.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
 sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
 
 # Conversion of sample.conf
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 9c55350e..d0ed38b1 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,8 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.5.0</h1>
+            {% set aio_version = include('includes/aio-version.twig') %}
+            <h1>Nextcloud AIO v{{ aio_version }}</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>
diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig
new file mode 100644
index 00000000..b7d7205d
--- /dev/null
+++ b/php/templates/includes/aio-version.twig
@@ -0,0 +1 @@
+12.5.0

From 792ba0dfb352fe6a0018dd7ee470c777da5658df Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 16 Jan 2026 22:54:58 +0100
Subject: [PATCH 3787/3949] update NPMplus images in reverse proxy guide

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 50a6bccd..bdeb3244 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -564,19 +564,14 @@ Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 
-![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
+<img width="675" height="695" alt="image" src="https://github.com/user-attachments/assets/196f53f9-ff86-4da2-960e-f7b7a2ceac0c" />
 
-![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792)
+<img width="675" height="355" alt="image" src="https://github.com/user-attachments/assets/8a45a6d8-fbaf-4519-86f7-c7424ed780da" />
 
-<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
+<img width="675" height="542" alt="image" src="https://github.com/user-attachments/assets/7e880d02-0f4f-459a-a3f6-216bcb1b04ca" />
 
-![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
+<img width="675" height="570" alt="image" src="https://github.com/user-attachments/assets/2812ecc1-ecf0-44bd-9249-b76b30f8c25e" />
 
-![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
-
-`proxy_set_header Accept-Encoding $http_accept_encoding;`
-
-⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>

From d5c3e79b31f34a66687db78bc9f1065bf24b31e4 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:17:28 -0500
Subject: [PATCH 3788/3949] Update local-instance.md

Clarifying DNS-challenge description.

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 local-instance.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/local-instance.md b/local-instance.md
index 1da26280..8abbddb6 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -22,10 +22,11 @@ The normal way is the following:
 **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 3. Use the ACME DNS-challenge
-You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
 ## 4. Use Cloudflare
 If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
 ## 5. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+

From a3e43c5cd913d45b34d137bbecfb806d559cb6e7 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:22:42 -0500
Subject: [PATCH 3789/3949] Update readme.md

Clarifying the Instructions for DNS-challenge so following the links will make more sense (configuring the caddyfile of the external caddy reverse proxy).

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bcbf7d57..66059954 100644
--- a/readme.md
+++ b/readme.md
@@ -340,7 +340,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
-You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
+You can install AIO behind an external reverse proxy where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
 
 ### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.

From 4a65c04e3d7410109ca35121c6aedd0d8e4f0986 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Jan 2026 04:28:14 +0000
Subject: [PATCH 3790/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.4-cli to 29.1.5-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.1.5-cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d2019e49..a719c71a 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.4-cli AS docker
+FROM docker:29.1.5-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 9822a63c44dc965a202b539fcacb2ad9339243c3 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 10:07:52 +0100
Subject: [PATCH 3791/3949] nextcloud-entrypoint: make recording server
 dependent on `REMOVE_DISABLED_APPS`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 43432e6d..5f47a0f4 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -894,7 +894,9 @@ if [ -d "/var/www/html/custom_apps/spreed" ]; then
         RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
         php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
     else
-        php /var/www/html/occ config:app:delete spreed recording_servers
+        if [ "$REMOVE_DISABLED_APPS" = yes ]; then
+            php /var/www/html/occ config:app:delete spreed recording_servers
+        fi
     fi
 fi
 

From 0e22f38d16b4a1a0eb375ce1945f796d5b40da4d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 10:25:14 +0100
Subject: [PATCH 3792/3949] add `wud.watch=false` to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Dockerfile              | 1 +
 Containers/borgbackup/Dockerfile          | 1 +
 Containers/clamav/Dockerfile              | 1 +
 Containers/collabora-online/Dockerfile    | 1 +
 Containers/collabora/Dockerfile           | 1 +
 Containers/docker-socket-proxy/Dockerfile | 1 +
 Containers/domaincheck/Dockerfile         | 1 +
 Containers/fulltextsearch/Dockerfile      | 1 +
 Containers/imaginary/Dockerfile           | 3 ++-
 Containers/nextcloud/Dockerfile           | 1 +
 Containers/notify-push/Dockerfile         | 1 +
 Containers/onlyoffice/Dockerfile          | 1 +
 Containers/postgresql/Dockerfile          | 1 +
 Containers/redis/Dockerfile               | 1 +
 Containers/talk-recording/Dockerfile      | 1 +
 Containers/talk/Dockerfile                | 1 +
 Containers/watchtower/Dockerfile          | 1 +
 Containers/whiteboard/Dockerfile          | 1 +
 php/src/Docker/DockerActionManager.php    | 2 +-
 19 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index 0948fb25..9ccadfb8 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -88,4 +88,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 637d035c..97d6198b 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -24,5 +24,6 @@ ENTRYPOINT ["/start.sh"]
 USER root
 
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 196b109a..e81fb06e 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -33,5 +33,6 @@ VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile
index 72f79928..ec8b63f0 100644
--- a/Containers/collabora-online/Dockerfile
+++ b/Containers/collabora-online/Dockerfile
@@ -12,4 +12,5 @@ USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 50b6cfef..976360cb 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,4 +11,5 @@ USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 796c855a..62590f6f 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -19,4 +19,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
 ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 769c24ac..8122f315 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -18,4 +18,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index ed0cafe9..ff1e923f 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -22,5 +22,6 @@ USER 1000:0
 
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
 ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 11250a43..04f190b5 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -43,4 +43,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..afb3def5 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -264,4 +264,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 029c93f2..425115c4 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -23,4 +23,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile
index d028ccbc..13b4d456 100644
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -8,4 +8,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 725b8042..56090f26 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -44,4 +44,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 7cc1ff84..cc9181ad 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -21,4 +21,5 @@ ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 65af7db4..8df5b89e 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -58,4 +58,5 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fc5f0379..fb78f943 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -107,4 +107,5 @@ CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..6b948c9b 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -24,4 +24,5 @@ USER root
 
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 37ba25e0..0a45981d 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -23,4 +23,5 @@ WORKDIR /tmp
 ENTRYPOINT ["/start.sh"]
 
 LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
     org.label-schema.vendor="Nextcloud"
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..99264d54 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -434,7 +434,7 @@ readonly class DockerActionManager {
         // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
         // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
         // Additionally set a default org.label-schema.vendor and com.docker.compose.project
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
 
         // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
         $requestBody['Hostname'] = $container->GetIdentifier();

From c5b146f84c1b517d956cc5e1796f953b8381e385 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 04:08:44 +0000
Subject: [PATCH 3793/3949] build(deps): bump golang in /Containers/imaginary

Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.6-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 11250a43..a0c583e0 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.23 AS go
+FROM golang:1.25.6-alpine3.23 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

From dbabfe14f0b35d0d6df9e16dd09d626888ae602d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 04:09:56 +0000
Subject: [PATCH 3794/3949] build(deps): bump golang in /Containers/watchtower

Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.6-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..2ee06f51 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.5-alpine3.23 AS go
+FROM golang:1.25.6-alpine3.23 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
 

From f58465f93022b1960428c88d4c5a65c4636aec7d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 19 Jan 2026 15:21:28 +0100
Subject: [PATCH 3795/3949] DockeractionManager: rewrite `PullImage` function
 to re-try 3 times before failing

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..34ca4f56 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -503,14 +503,24 @@ readonly class DockerActionManager {
         } catch (\Throwable $e) {
             $imageIsThere = false;
         }
-        try {
-            $this->guzzleClient->post($url);
-        } catch (RequestException $e) {
-            $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents();
-            if ($imageIsThere === false) {
-                throw new \Exception($message);
-            } else {
-                error_log($message);
+
+        $maxRetries = 3;
+        for ($attempt = 1; $attempt <= $maxRetries; $attempt++) {
+            try {
+                $this->guzzleClient->post($url);
+                break;
+            } catch (RequestException $e) {
+                $message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents();
+                if ($attempt === $maxRetries) {
+                    if ($imageIsThere === false) {
+                        throw new \Exception($message);
+                    } else {
+                        error_log($message);
+                    }
+                } else {
+                    error_log($message . ' Retrying...');
+                    sleep(1);
+                }
             }
         }
     }

From b7d63253db7e5d74a83bd0d5f4bd7c51793c8da1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 20 Jan 2026 11:50:04 +0100
Subject: [PATCH 3796/3949] postgres.config.php: fix `PDO::MYSQL_ATTR_SSL_CA`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/config/postgres.config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php
index 71a657a7..0dc835cc 100644
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -10,7 +10,7 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) {
   $CONFIG = array(
     'dbdriveroptions' => array(
-      'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt',
+      PDO::MYSQL_ATTR_SSL_CA => '/var/www/html/data/certificates/ca-bundle.crt',
     ),
   );
 }

From 88a45d1a8087b8097c257905b91ea77db30f4a6c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 20 Jan 2026 13:20:09 +0100
Subject: [PATCH 3797/3949] add cooldown to dependabot

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f79c4ce2..7fe1067e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,6 +10,8 @@ updates:
   labels:
   - 3. to review
   - dependencies
+  cooldown:
+    default-days: 7
 - package-ecosystem: composer
   directory: "/php/"
   schedule:

From fcdd000731f025f11f6bcfe26c6e47c46bc64e63 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Jan 2026 04:10:21 +0000
Subject: [PATCH 3798/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.5.1 to v1.5.3.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 37ba25e0..31500313 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3
 
 USER root
 RUN set -ex; \

From 3b3eea7ef02e7bf5f11dc632cfc3b654d101859f Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 21 Jan 2026 10:54:39 +0100
Subject: [PATCH 3799/3949] don't ask for a cute anmial picture

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/ISSUE_TEMPLATE/Bug_report.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index 5d6cc059..aca2e718 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -37,5 +37,3 @@ labels: 0. Needs triage
 #### Output of `sudo docker ps -a`
 
 #### Other valuable info <!--- (like additional logs, screenshots & Co.) -->
-
-#### A picture of a cute animal <!--- (not mandatory but encouraged) -->

From 2c968917ebcac51b6c0a6cc033fde63e8fb72cc7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:03:53 +0000
Subject: [PATCH 3800/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ce1ae80f..75e53dfe 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3111,20 +3111,20 @@
         },
         {
             "name": "league/uri",
-            "version": "7.7.0",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807"
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
-                "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/4436c6ec8d458e4244448b069cc572d088230b76",
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.7",
+                "league/uri-interfaces": "^7.8",
                 "php": "^8.1",
                 "psr/http-factory": "^1"
             },
@@ -3138,11 +3138,11 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "ext-uri": "to use the PHP native URI class",
-                "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain",
-                "league/uri-components": "Needed to easily manipulate URI objects components",
-                "league/uri-polyfill": "Needed to backport the PHP URI extension for older versions of PHP",
+                "jeremykendall/php-domain-parser": "to further parse the URI host and resolve its Public Suffix and Top Level Domain",
+                "league/uri-components": "to provide additional tools to manipulate URI objects components",
+                "league/uri-polyfill": "to backport the PHP URI extension for older versions of PHP",
                 "php-64bit": "to improve IPV4 host parsing",
-                "rowbot/url": "to handle WHATWG URL",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3197,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.7.0"
+                "source": "https://github.com/thephpleague/uri/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3205,20 +3205,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-12-07T16:02:06+00:00"
+            "time": "2026-01-14T17:24:56+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.7.0",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c"
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
-                "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
                 "shasum": ""
             },
             "require": {
@@ -3231,7 +3231,7 @@
                 "ext-gmp": "to improve IPV4 host parsing",
                 "ext-intl": "to handle IDN host with the best performance",
                 "php-64bit": "to improve IPV4 host parsing",
-                "rowbot/url": "to handle WHATWG URL",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
                 "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
             },
             "type": "library",
@@ -3281,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3289,7 +3289,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-12-07T16:03:21+00:00"
+            "time": "2026-01-15T06:54:53+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
@@ -3455,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "6.0.0",
+            "version": "6.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9"
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9",
-                "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
                 "shasum": ""
             },
             "require": {
@@ -3514,9 +3514,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.1"
             },
-            "time": "2026-01-07T20:22:53+00:00"
+            "time": "2026-01-20T15:30:42+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",

From b12c36f675274fd159ead5b19f7c74adf83302d7 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:12:48 +0000
Subject: [PATCH 3801/3949] watchtower-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/watchtower/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index cd5238ac..0aeb6fd7 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.5-alpine3.23 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b	
+ENV WATCHTOWER_COMMIT_HASH=f522ce27e1fbe4618da54833025a95be62aa838a	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0
 
 FROM alpine:3.23.2
 

From 708e542270df92a7baf4e01fc314bb45054f8183 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 21 Jan 2026 12:16:29 +0000
Subject: [PATCH 3802/3949] nextcloud-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..6968ac31 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.4
+ENV NEXTCLOUD_VERSION=32.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

From f59b2776c796ea4216ec8c6d5063ba5fb877e0dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 04:08:30 +0000
Subject: [PATCH 3803/3949] build(deps): bump php in
 /Containers/mastercontainer

Bumps php from 8.4.16-fpm-alpine3.23 to 8.4.17-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.4.17-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index d2019e49..ed930781 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -6,7 +6,7 @@ FROM docker:29.1.4-cli AS docker
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
-FROM php:8.4.16-fpm-alpine3.23
+FROM php:8.4.17-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080

From 8eed705a906351ed15e8f379650e1c6d22021d44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 04:08:35 +0000
Subject: [PATCH 3804/3949] build(deps): bump php in /Containers/nextcloud

Bumps php from 8.3.29-fpm-alpine3.23 to 8.3.30-fpm-alpine3.23.

---
updated-dependencies:
- dependency-name: php
  dependency-version: 8.3.30-fpm-alpine3.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/nextcloud/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 9c468bbb..f3181a05 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.29-fpm-alpine3.23
+FROM php:8.3.30-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G

From a7c091a5b26835db3ca579e9266fa02cc37172d0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 22 Jan 2026 12:21:26 +0100
Subject: [PATCH 3805/3949] mastercontainer: also add `wud.watch` label

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index e92d0a86..2fea59d1 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -127,6 +127,7 @@ RUN set -ex; \
 
 # hadolint ignore=DL3048
 LABEL org.label-schema.vendor="Nextcloud" \
+    wud.watch="false" \
     com.docker.compose.project="nextcloud-aio"
 
 # hadolint ignore=DL3002

From 8fb3126ce7e11bdc9d6d2f7c609478ce72c89848 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 21 Jan 2026 14:30:23 +0100
Subject: [PATCH 3806/3949] `CreateContainer`: also insert the max shutdown
 time into the container itself

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 1743c4a5..fb3701a4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -356,6 +356,11 @@ readonly class DockerActionManager {
 
         $requestBody['HostConfig']['Init'] = $container->init;
 
+        $maxShutDownTime = $container->maxShutdownTime;
+        if ($maxShutDownTime > 0) {
+            $requestBody['StopTimeout'] = $maxShutDownTime;
+        }
+
         $capAdds = $container->capAdd;
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;

From 00688a52bd9e85768398eb01c8389f940233268d Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 Jan 2026 13:12:02 +0000
Subject: [PATCH 3807/3949] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml                       | 2 +-
 .../templates/nextcloud-aio-apache-deployment.yaml        | 6 +++---
 .../templates/nextcloud-aio-apache-service.yaml           | 2 +-
 .../templates/nextcloud-aio-clamav-deployment.yaml        | 8 ++++----
 .../templates/nextcloud-aio-clamav-service.yaml           | 2 +-
 .../templates/nextcloud-aio-collabora-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-collabora-service.yaml        | 2 +-
 .../templates/nextcloud-aio-database-deployment.yaml      | 8 ++++----
 .../templates/nextcloud-aio-database-service.yaml         | 2 +-
 .../nextcloud-aio-fulltextsearch-deployment.yaml          | 8 ++++----
 .../templates/nextcloud-aio-fulltextsearch-service.yaml   | 2 +-
 .../templates/nextcloud-aio-imaginary-deployment.yaml     | 6 +++---
 .../templates/nextcloud-aio-imaginary-service.yaml        | 2 +-
 .../templates/nextcloud-aio-nextcloud-deployment.yaml     | 8 ++++----
 .../templates/nextcloud-aio-nextcloud-service.yaml        | 2 +-
 .../templates/nextcloud-aio-notify-push-deployment.yaml   | 6 +++---
 .../templates/nextcloud-aio-notify-push-service.yaml      | 2 +-
 .../templates/nextcloud-aio-onlyoffice-deployment.yaml    | 8 ++++----
 .../templates/nextcloud-aio-onlyoffice-service.yaml       | 2 +-
 .../templates/nextcloud-aio-redis-deployment.yaml         | 6 +++---
 .../templates/nextcloud-aio-redis-service.yaml            | 2 +-
 .../templates/nextcloud-aio-talk-deployment.yaml          | 6 +++---
 .../nextcloud-aio-talk-recording-deployment.yaml          | 6 +++---
 .../templates/nextcloud-aio-talk-recording-service.yaml   | 2 +-
 .../templates/nextcloud-aio-talk-service.yaml             | 4 ++--
 .../templates/nextcloud-aio-whiteboard-deployment.yaml    | 6 +++---
 .../templates/nextcloud-aio-whiteboard-service.yaml       | 2 +-
 27 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 7d990549..6288a381 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.4.0
+version: 12.5.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 6cdf8db8..e540791c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-apache:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
index 404ee626..98e33a4d 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d7627802..57ec7739 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
index 8dc8597d..8b236093 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 7e86c402..cd4e1368 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260122_105751
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260122_105751
           {{- end }}
           readinessProbe:
             exec:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
index ebe7bf3f..5c81ef3e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 055ecd0a..be6a9c90 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
index 9451d908..45fdce3a 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index df30e6a8..bed60a0c 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
index ae759475..efe474b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index d2fc1375..af15d4b3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
index a5fb3266..44a57006 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index fe72d307..8b6e8211 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260122_105751
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
index 18cf84d8..08ab70f2 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index 5b05336e..c8e30d05 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
index 2b7bfccd..986d98d4 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index 0e3a7fda..2bb79f19 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
index 6ff9afa1..5fc10b85 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 1ccebd79..28335e64 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-redis:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
index af82a0bb..a6a9a0a5 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 8635a6ce..679dd66e 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-talk:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 2cfcaa53..8e631656 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
index 4410ed72..87fe0355 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
index 10d17177..65388792 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -27,7 +27,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 50dfc3c4..5788cfa0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.37.0 (fb0539e64)
+        kompose.version: 1.38.0 (a8f5d1cbd)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260122_105751
           readinessProbe:
             exec:
               command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
index 8c8cb5aa..299f1ec3 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.37.0 (fb0539e64)
+    kompose.version: 1.38.0 (a8f5d1cbd)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

From c47ace7718a790c01e631ec3b4398293a298fa11 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 22 Jan 2026 13:33:38 +0000
Subject: [PATCH 3808/3949] imaginary-update automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 0a0c14ce..650c4c67 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.25.6-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 664ca0b26d0e69e1ebda9ea2010113b1f63b4d90 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 22 Jan 2026 21:08:08 +0100
Subject: [PATCH 3809/3949] Add Code of conduct

See: https://github.com/nextcloud/server/blob/master/CODE_OF_CONDUCT.md

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 CODE_OF_CONDUCT.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 CODE_OF_CONDUCT.md

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 00000000..fec85a59
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,13 @@
+<!--
+ - SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+In the Nextcloud community, participants from all over the world come together to create Free Software for a free internet. This is made possible by the support, hard work and enthusiasm of thousands of people, including those who create and use Nextcloud software.
+
+Our code of conduct offers some guidance to ensure Nextcloud participants can cooperate effectively in a positive and inspiring atmosphere, and to explain how together we can strengthen and support each other.
+
+The Code of Conduct is shared by all contributors and users who engage with the Nextcloud team and its community services. It presents a summary of the shared values and “common sense” thinking in our community.
+
+You can find our full code of conduct on our website: https://nextcloud.com/code-of-conduct/
+
+Please, keep our CoC in mind when you contribute! That way, everyone can be a part of our community in a productive, positive, creative and fun way.

From 89be3d9e234af8db8c07847539b6ae8354e16b29 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 22 Jan 2026 21:12:39 +0100
Subject: [PATCH 3810/3949] Add files via upload

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 .github/pull_request_template.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..7958ceab
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,25 @@
+<!--
+  - 🚨 SECURITY INFO
+  -
+  - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
+-->
+
+* Resolves: # <!-- related github issue -->
+
+## Summary
+
+
+## TODO
+
+- [ ] ...
+
+## Checklist
+
+- Code is [properly formatted](https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/continuous_integration.html#linting)
+- [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits
+- [ ] Tests ([unit](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#unit-tests), [integration](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#integration-tests), api and/or acceptance) are included
+- [ ] Screenshots before/after for front-end changes
+- [ ] Documentation ([manuals](https://github.com/nextcloud/documentation/) or wiki) has been updated or is not required
+- [ ] [Backports requested](https://github.com/nextcloud/backportbot/#usage) where applicable (ex: critical bugfixes)
+- [ ] [Labels added](https://github.com/nextcloud/server/labels) where applicable (ex: bug/enhancement, `3. to review`, feature component)
+- [ ] [Milestone added](https://github.com/nextcloud/server/milestones) for target branch/version (ex: 32.x for `stable32`)

From db07c79db1cc692903a637cb0cadd5d9b79755ca Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 22 Jan 2026 21:20:36 +0100
Subject: [PATCH 3811/3949] novodb: add (deprecated) to its display name

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/nocodb/nocodb.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json
index 7ef4cc5c..e93d173c 100644
--- a/community-containers/nocodb/nocodb.json
+++ b/community-containers/nocodb/nocodb.json
@@ -2,7 +2,7 @@
     "aio_services_v1": [
         {
             "container_name": "nextcloud-aio-nocodb",
-            "display_name": "NocoDB",
+            "display_name": "NocoDB (deprecated)",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb",
             "image": "nocodb/nocodb",
             "image_tag": "latest",

From e1718faf0b4364283a4925a8b7163511f272ffae Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 22 Jan 2026 21:24:35 +0100
Subject: [PATCH 3812/3949] Update README with licensing and maintenance notes

Added caution and note about NocoDB licensing and maintenance status.

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/nocodb/readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md
index 4c1281b5..fa23f8f6 100644
--- a/community-containers/nocodb/readme.md
+++ b/community-containers/nocodb/readme.md
@@ -1,3 +1,8 @@
+> [!CAUTION]
+> NocoDB is licensed under a non-free license.
+> 
+> And is no longer maintained.
+
 > [!NOTE]
 > This container is there to compensate for the lack of functionality in Nextcloud Tables.
 >

From 0e868c4570826497fd32b24d3d4bbd7d03d6557d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Jan 2026 12:08:36 +0000
Subject: [PATCH 3813/3949] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                       | 2 +-
 .github/workflows/collabora.yml                       | 2 +-
 .github/workflows/community-containers.yml            | 2 +-
 .github/workflows/dependency-updates.yml              | 2 +-
 .github/workflows/docker-lint.yml                     | 2 +-
 .github/workflows/helm-release.yml                    | 2 +-
 .github/workflows/imaginary-update.yml                | 2 +-
 .github/workflows/json-validator.yml                  | 2 +-
 .github/workflows/lint-helm.yml                       | 2 +-
 .github/workflows/lint-php.yml                        | 2 +-
 .github/workflows/lint-yaml.yml                       | 2 +-
 .github/workflows/nextcloud-update.yml                | 2 +-
 .github/workflows/php-deprecation-detector.yml        | 2 +-
 .github/workflows/playwright-on-push.yml              | 2 +-
 .github/workflows/playwright-on-workflow-dispatch.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml           | 2 +-
 .github/workflows/psalm.yml                           | 2 +-
 .github/workflows/shellcheck.yml                      | 2 +-
 .github/workflows/talk.yml                            | 2 +-
 .github/workflows/twig-lint.yml                       | 2 +-
 .github/workflows/update-copyright.yml                | 2 +-
 .github/workflows/update-helm.yml                     | 2 +-
 .github/workflows/update-yaml.yml                     | 2 +-
 .github/workflows/watchtower-update.yml               | 2 +-
 24 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 2bd4823a..2fff5ddb 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 8e464925..abf5d520 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 7446677f..cfe35ee0 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 1b448139..3a40363b 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 917df1d6..b9ce68ef 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index a4f441c2..f621f229 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
 
       - name: Turnstyle
         uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 060b376e..7440a09f 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 4cbd28ed..4213296b 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 7beec865..1ea877a6 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 0c5e2c74..12cba439 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
+        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 3bb1d33f..010077ca 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 7fe5bbf9..b96ac2b9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index c8638683..ee35830c 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
index af8dec02..28ba7d9c 100644
--- a/.github/workflows/playwright-on-push.yml
+++ b/.github/workflows/playwright-on-push.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml
index 252a6510..483811f2 100644
--- a/.github/workflows/playwright-on-workflow-dispatch.yml
+++ b/.github/workflows/playwright-on-workflow-dispatch.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 1bd47ac4..14715108 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index bdae585e..cbc77bf5 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1
+        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 86954033..0ef69085 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index f28ad9f2..c1b96d24 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 7e9b5cdc..3b04704d 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index f7960ead..95329d3c 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ee8e4669..2f441735 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index ba92fd50..41b0adf2 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index be929285..b26cd1a4 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From d2940b0dc8d3c92d9647c4faf101b4e19e37b6d1 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sat, 24 Jan 2026 12:03:23 +0000
Subject: [PATCH 3814/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 75e53dfe..30c13df6 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -1644,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.22.2",
+            "version": "v3.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2"
+                "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/946ddeafa3c9f4ce279d1f34051af041db0e16f2",
-                "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9",
+                "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9",
                 "shasum": ""
             },
             "require": {
@@ -1707,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.22.2"
+                "source": "https://github.com/twigphp/Twig/tree/v3.23.0"
             },
             "funding": [
                 {
@@ -1719,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-12-14T11:28:47+00:00"
+            "time": "2026-01-23T21:00:41+00:00"
         }
     ],
     "packages-dev": [

From 7e2e0d11daf517a303da09ac4906d032697220d5 Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Sun, 25 Jan 2026 12:03:33 +0000
Subject: [PATCH 3815/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 30c13df6..42bc1415 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3890,16 +3890,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.31",
+            "version": "v6.4.32",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997"
+                "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/f9f8a889f54c264f9abac3fc0f7a371ffca51997",
-                "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997",
+                "url": "https://api.github.com/repos/symfony/console/zipball/0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3",
+                "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3",
                 "shasum": ""
             },
             "require": {
@@ -3964,7 +3964,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.31"
+                "source": "https://github.com/symfony/console/tree/v6.4.32"
             },
             "funding": [
                 {
@@ -3984,7 +3984,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-12-22T08:30:34+00:00"
+            "time": "2026-01-13T08:45:59+00:00"
         },
         {
             "name": "symfony/filesystem",
@@ -4058,16 +4058,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.31",
+            "version": "v6.4.32",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b"
+                "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
-                "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de",
+                "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de",
                 "shasum": ""
             },
             "require": {
@@ -4102,7 +4102,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.31"
+                "source": "https://github.com/symfony/finder/tree/v6.4.32"
             },
             "funding": [
                 {
@@ -4122,7 +4122,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-12-11T14:52:17+00:00"
+            "time": "2026-01-10T14:09:00+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4460,16 +4460,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.4.0",
+            "version": "v7.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003"
+                "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003",
-                "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003",
+                "url": "https://api.github.com/repos/symfony/string/zipball/1c4b10461bf2ec27537b5f36105337262f5f5d6f",
+                "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f",
                 "shasum": ""
             },
             "require": {
@@ -4527,7 +4527,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.0"
+                "source": "https://github.com/symfony/string/tree/v7.4.4"
             },
             "funding": [
                 {
@@ -4547,7 +4547,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-11-27T13:27:24+00:00"
+            "time": "2026-01-12T10:54:30+00:00"
         },
         {
             "name": "vimeo/psalm",

From 0df6c0a645e1a117978d70e109d676977f5dc243 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Sun, 25 Jan 2026 11:41:58 +0100
Subject: [PATCH 3816/3949] mastercontainer: make check for correct volume name
 more strict

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index ad1734f1..a65e29ae 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -166,7 +166,7 @@ elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nex
     print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
-elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
+elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format '{{.Mounts}}' | grep -q " nextcloud_aio_mastercontainer "; then
     print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1

From ebe3d7ee838a7d74dd1129555ad99a80dfd0c834 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 26 Jan 2026 11:55:19 +0100
Subject: [PATCH 3817/3949] increase to v12.6.0

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/aio-version.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig
index b7d7205d..062985d4 100644
--- a/php/templates/includes/aio-version.twig
+++ b/php/templates/includes/aio-version.twig
@@ -1 +1 @@
-12.5.0
+12.6.0

From 27eae80466a43ea5e181309fb150730b0283c9a0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 22 Jan 2026 17:50:28 +0100
Subject: [PATCH 3818/3949] pin all actions via commit hash

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/codespell.yml                       | 2 +-
 .github/workflows/collabora.yml                       | 2 +-
 .github/workflows/community-containers.yml            | 2 +-
 .github/workflows/dependency-updates.yml              | 2 +-
 .github/workflows/docker-lint.yml                     | 2 +-
 .github/workflows/helm-release.yml                    | 2 +-
 .github/workflows/imaginary-update.yml                | 2 +-
 .github/workflows/json-validator.yml                  | 2 +-
 .github/workflows/lint-helm.yml                       | 2 +-
 .github/workflows/lint-php.yml                        | 2 +-
 .github/workflows/nextcloud-update.yml                | 2 +-
 .github/workflows/php-deprecation-detector.yml        | 2 +-
 .github/workflows/playwright-on-push.yml              | 6 +++---
 .github/workflows/playwright-on-workflow-dispatch.yml | 6 +++---
 .github/workflows/psalm-update-baseline.yml           | 2 +-
 .github/workflows/psalm.yml                           | 2 +-
 .github/workflows/shellcheck.yml                      | 2 +-
 .github/workflows/talk.yml                            | 2 +-
 .github/workflows/twig-lint.yml                       | 2 +-
 .github/workflows/update-copyright.yml                | 2 +-
 .github/workflows/update-helm.yml                     | 2 +-
 .github/workflows/update-yaml.yml                     | 2 +-
 .github/workflows/watchtower-update.yml               | 2 +-
 zizmor.yml                                            | 6 ++----
 24 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 2fff5ddb..94af09c8 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index abf5d520..39758f3e 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index cfe35ee0..c901358d 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 3a40363b..66404af5 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index b9ce68ef..7a5509df 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index f621f229..528c6cd3 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Turnstyle
         uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 7440a09f..e182b073 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 4213296b..68b66812 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 1ea877a6..e65d7cdc 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 12cba439..69c42c2b 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index b96ac2b9..aaaa26eb 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index ee35830c..61ae7c0d 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
index 28ba7d9c..2eda156e 100644
--- a/.github/workflows/playwright-on-push.yml
+++ b/.github/workflows/playwright-on-push.yml
@@ -24,9 +24,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
           node-version: lts/*
 
@@ -114,7 +114,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report
diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml
index 483811f2..ab31c564 100644
--- a/.github/workflows/playwright-on-workflow-dispatch.yml
+++ b/.github/workflows/playwright-on-workflow-dispatch.yml
@@ -13,9 +13,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
           node-version: lts/*
 
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 14715108..45860741 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index cbc77bf5..47a6994c 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 0ef69085..8b746c05 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index c1b96d24..6057ed1a 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 3b04704d..07e6549b 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 95329d3c..f453a05c 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 2f441735..69974d3a 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 41b0adf2..41a54a41 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index b26cd1a4..34938de0 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run watchtower-container-update
       run: |
         # Watchtower
diff --git a/zizmor.yml b/zizmor.yml
index a991eaa5..7601baa4 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,7 +4,5 @@ rules:
   dangerous-triggers:
     ignore:
       - build_images.yml
-  unpinned-uses:
-    config:
-      policies:
-        actions/*: ref-pin
+  artipacked:
+    disable: true

From 3e6deb8802848222f3a00b38b101464d3afc922e Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Mon, 26 Jan 2026 12:04:00 +0000
Subject: [PATCH 3819/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index 42bc1415..ee344d52 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -3578,16 +3578,16 @@
         },
         {
             "name": "phpstan/phpdoc-parser",
-            "version": "2.3.1",
+            "version": "2.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpdoc-parser.git",
-                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374"
+                "reference": "a004701b11273a26cd7955a61d67a7f1e525a45a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
-                "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374",
+                "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/a004701b11273a26cd7955a61d67a7f1e525a45a",
+                "reference": "a004701b11273a26cd7955a61d67a7f1e525a45a",
                 "shasum": ""
             },
             "require": {
@@ -3619,9 +3619,9 @@
             "description": "PHPDoc parser with support for nullable, intersection and generic types",
             "support": {
                 "issues": "https://github.com/phpstan/phpdoc-parser/issues",
-                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.1"
+                "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.2"
             },
-            "time": "2026-01-12T11:33:04+00:00"
+            "time": "2026-01-25T14:56:51+00:00"
         },
         {
             "name": "revolt/event-loop",

From 3f85f10bfb7e0cf913b94365209a09edd13b0cf1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jan 2026 13:08:44 +0000
Subject: [PATCH 3820/3949] build(deps): bump actions/checkout in
 /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                       | 2 +-
 .github/workflows/collabora.yml                       | 2 +-
 .github/workflows/community-containers.yml            | 2 +-
 .github/workflows/dependency-updates.yml              | 2 +-
 .github/workflows/docker-lint.yml                     | 2 +-
 .github/workflows/helm-release.yml                    | 2 +-
 .github/workflows/imaginary-update.yml                | 2 +-
 .github/workflows/json-validator.yml                  | 2 +-
 .github/workflows/lint-helm.yml                       | 2 +-
 .github/workflows/lint-php.yml                        | 2 +-
 .github/workflows/lint-yaml.yml                       | 2 +-
 .github/workflows/nextcloud-update.yml                | 2 +-
 .github/workflows/php-deprecation-detector.yml        | 2 +-
 .github/workflows/playwright-on-push.yml              | 2 +-
 .github/workflows/playwright-on-workflow-dispatch.yml | 2 +-
 .github/workflows/psalm-update-baseline.yml           | 2 +-
 .github/workflows/psalm.yml                           | 2 +-
 .github/workflows/shellcheck.yml                      | 2 +-
 .github/workflows/talk.yml                            | 2 +-
 .github/workflows/twig-lint.yml                       | 2 +-
 .github/workflows/update-copyright.yml                | 2 +-
 .github/workflows/update-helm.yml                     | 2 +-
 .github/workflows/update-yaml.yml                     | 2 +-
 .github/workflows/watchtower-update.yml               | 2 +-
 24 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 94af09c8..475940a9 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 39758f3e..81ea8ff1 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index c901358d..5271bfa8 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 66404af5..7bdc5d1a 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 7a5509df..3f09bb98 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 528c6cd3..ba3b865d 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Turnstyle
         uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index e182b073..171fb132 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index 68b66812..8c0a7f45 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index e65d7cdc..61e51450 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 69c42c2b..c0d2d577 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 010077ca..e36b8f4c 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index aaaa26eb..5b420c20 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index 61ae7c0d..38b0fa8d 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml
index 2eda156e..40277e57 100644
--- a/.github/workflows/playwright-on-push.yml
+++ b/.github/workflows/playwright-on-push.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml
index ab31c564..6d2f6d32 100644
--- a/.github/workflows/playwright-on-workflow-dispatch.yml
+++ b/.github/workflows/playwright-on-workflow-dispatch.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 45860741..0c2f8aee 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 47a6994c..2bab876e 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 8b746c05..b051c355 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 6057ed1a..28f9fef7 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 07e6549b..27b8776d 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index f453a05c..103851c9 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 69974d3a..2dcd2e73 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 41a54a41..a60ea1c6 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 34938de0..c04657be 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 59e0776808f377244484d2ed59d499d484e7960c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jan 2026 04:06:09 +0000
Subject: [PATCH 3821/3949] build(deps): bump docker in
 /Containers/mastercontainer

Bumps docker from 29.1.5-cli to 29.2.0-cli.

---
updated-dependencies:
- dependency-name: docker
  dependency-version: 29.2.0-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/mastercontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 2fea59d1..f3079ca7 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.1.5-cli AS docker
+FROM docker:29.2.0-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

From 0213d8e548066624e202a387d01ca3f65791ae53 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Jan 2026 04:08:45 +0000
Subject: [PATCH 3822/3949] build(deps): bump nats in /Containers/talk

Bumps nats from 2.12.3-scratch to 2.12.4-scratch.

---
updated-dependencies:
- dependency-name: nats
  dependency-version: 2.12.4-scratch
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fb78f943..fc8cc54a 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.3-scratch AS nats
+FROM nats:2.12.4-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.23.2 AS janus

From 3f4eecaa9654c5c88c5b2fc5b24f40352f9236c3 Mon Sep 17 00:00:00 2001
From: Julius Knorr <jus@bitgrid.net>
Date: Wed, 28 Jan 2026 09:53:53 +0100
Subject: [PATCH 3823/3949] feat: Add office switcher with feature comparison
 (#7421)

Signed-off-by: Julius Knorr <jus@bitgrid.net>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Andrew Backhouse <andrew.backhouse@nextcloud.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Andrew Backhouse <andrew.backhouse@nextcloud.com>
---
 php/public/containers-form-submit.js          |  58 ++++++-
 php/public/disable-collabora.js               |   2 +-
 php/public/disable-onlyoffice.js              |   6 +-
 php/public/style.css                          | 163 +++++++++++++++++-
 .../Controller/ConfigurationController.php    |  24 +--
 php/templates/containers.twig                 |   2 +-
 .../includes/optional-containers.twig         | 134 ++++++++++----
 php/templates/layout.twig                     |   2 +-
 php/tests/tests/initial-setup.spec.js         |   6 +-
 9 files changed, 338 insertions(+), 59 deletions(-)

diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js
index b7ffd2d8..1382bced 100644
--- a/php/public/containers-form-submit.js
+++ b/php/public/containers-form-submit.js
@@ -1,7 +1,9 @@
 document.addEventListener("DOMContentLoaded", function () {
     // Hide submit button initially
-    const optionsFormSubmit = document.getElementById("options-form-submit");
-    optionsFormSubmit.style.display = 'none';
+    const optionsFormSubmit = document.querySelectorAll(".options-form-submit");
+    optionsFormSubmit.forEach(element => {
+        element.style.display = 'none';
+    });
 
     const communityFormSubmit = document.getElementById("community-form-submit");
     communityFormSubmit.style.display = 'none';
@@ -12,6 +14,14 @@ document.addEventListener("DOMContentLoaded", function () {
     const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']");
     const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']");
 
+    // Office suite radio buttons
+    const collaboraRadio = document.getElementById('office-collabora');
+    const onlyofficeRadio = document.getElementById('office-onlyoffice');
+    const noneRadio = document.getElementById('office-none');
+    const collaboraHidden = document.getElementById('collabora');
+    const onlyofficeHidden = document.getElementById('onlyoffice');
+    let initialOfficeSelection = null;
+
     optionsContainersCheckboxes.forEach(checkbox => {
         initialStateOptionsContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
     });
@@ -20,6 +30,17 @@ document.addEventListener("DOMContentLoaded", function () {
         initialStateCommunityContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
     });
 
+    // Store initial office suite selection
+    if (collaboraRadio && onlyofficeRadio && noneRadio) {
+        if (collaboraRadio.checked) {
+            initialOfficeSelection = 'collabora';
+        } else if (onlyofficeRadio.checked) {
+            initialOfficeSelection = 'onlyoffice';
+        } else {
+            initialOfficeSelection = 'none';
+        }
+    }
+
     // Function to compare current states to initial states
     function checkForOptionContainerChanges() {
         let hasChanges = false;
@@ -30,8 +51,32 @@ document.addEventListener("DOMContentLoaded", function () {
             }
         });
 
+        // Check office suite changes and sync to hidden inputs
+        if (collaboraRadio && onlyofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden) {
+            let currentOfficeSelection = null;
+            if (collaboraRadio.checked) {
+                currentOfficeSelection = 'collabora';
+                collaboraHidden.value = 'on';
+                onlyofficeHidden.value = '';
+            } else if (onlyofficeRadio.checked) {
+                currentOfficeSelection = 'onlyoffice';
+                collaboraHidden.value = '';
+                onlyofficeHidden.value = 'on';
+            } else {
+                currentOfficeSelection = 'none';
+                collaboraHidden.value = '';
+                onlyofficeHidden.value = '';
+            }
+
+            if (currentOfficeSelection !== initialOfficeSelection) {
+                hasChanges = true;
+            }
+        }
+
         // Show or hide submit button based on changes
-        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
+        optionsFormSubmit.forEach(element => {
+            element.style.display = hasChanges ? 'block' : 'none';
+        });
     }
 
     // Function to compare current states to initial states
@@ -82,6 +127,13 @@ document.addEventListener("DOMContentLoaded", function () {
     // Initialize talk-recording visibility on page load
     handleTalkVisibility();  // Ensure talk-recording is correctly initialized
 
+    // Add event listeners for office suite radio buttons
+    if (collaboraRadio && onlyofficeRadio && noneRadio) {
+        collaboraRadio.addEventListener('change', checkForOptionContainerChanges);
+        onlyofficeRadio.addEventListener('change', checkForOptionContainerChanges);
+        noneRadio.addEventListener('change', checkForOptionContainerChanges);
+    }
+
     // Initial call to check for changes
     checkForOptionContainerChanges();
     checkForCommunityContainerChanges();
diff --git a/php/public/disable-collabora.js b/php/public/disable-collabora.js
index 3064ef51..762252ce 100644
--- a/php/public/disable-collabora.js
+++ b/php/public/disable-collabora.js
@@ -1,5 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // Collabora
-    let collabora = document.getElementById("collabora");
+    const collabora = document.getElementById("office-collabora");
     collabora.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/disable-onlyoffice.js b/php/public/disable-onlyoffice.js
index 83482339..c660bd9d 100644
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,7 +1,5 @@
 document.addEventListener("DOMContentLoaded", function(event) {
     // OnlyOffice
-    let onlyoffice = document.getElementById("onlyoffice");
-    if (onlyoffice) {
-        onlyoffice.disabled = true;
-    }
+    const onlyoffice = document.getElementById("office-onlyoffice");
+    onlyoffice.disabled = true;
 });
\ No newline at end of file
diff --git a/php/public/style.css b/php/public/style.css
index b4d5f8a5..b35883d0 100644
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -28,7 +28,7 @@
     --border-radius-large: 12px;
     --default-font-size: 13px;
     --checkbox-size: 16px;
-    --max-width: 500px;
+    --max-width: 580px;
     --container-top-margin: 20px;
     --container-bottom-margin: 20px;
     --container-padding: 2px;
@@ -37,9 +37,9 @@
     --main-padding: 50px;
 }
 
-/* Breakpoint calculation: 500px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 800px
+/* Breakpoint calculation: 580px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 880px
 Note: Unfortunately, it's not possible to calculate this dynamically using CSS variables in media queries */
-@media only screen and (max-width: 800px) {
+@media only screen and (max-width: 880px) {
     :root {
         --container-top-margin: 50px;
         --container-bottom-margin: 0px;
@@ -549,3 +549,160 @@ input[type="checkbox"]:disabled:not(:checked) + label {
 #theme-toggle:not(:hover) #theme-icon {
     opacity: 0.6; /* Slightly transparent */
 }
+/* Office Suite Feature Cards */
+.office-suite-cards {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+    gap: 16px;
+    margin: 20px 0;
+    align-items: stretch;
+}
+
+.office-radio {
+    display: none;
+}
+
+.office-card {
+    position: relative;
+    border: 2px solid var(--color-border-maxcontrast);
+    border-radius: var(--border-radius-large);
+    padding: 20px;
+    cursor: pointer;
+    transition: all 0.3s ease;
+    background-color: var(--color-main-background);
+    display: flex;
+    flex-direction: column;
+}
+
+.office-card-disabled {
+    opacity: 50%;
+    pointer-events: none;
+}
+
+.office-card:hover {
+    border-color: var(--color-primary-element);
+    box-shadow: 0 4px 12px rgba(0, 130, 201, 0.15);
+    transform: translateY(-2px);
+}
+
+#office-collabora:checked + .office-card,
+#office-onlyoffice:checked + .office-card {
+    border-color: var(--color-nextcloud-blue);
+    background: linear-gradient(135deg, rgba(0, 130, 201, 0.08) 0%, rgba(0, 130, 201, 0.02) 100%);
+}
+
+[data-theme="dark"] #office-collabora:checked + .office-card,
+[data-theme="dark"] #office-onlyoffice:checked + .office-card {
+    background: linear-gradient(135deg, rgba(0, 145, 242, 0.15) 0%, rgba(0, 145, 242, 0.03) 100%);
+}
+
+.office-card-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: 16px;
+}
+
+.office-card h4 {
+    margin: 0;
+    height: 24px;
+    font-size: 18px;
+    font-weight: 600;
+    color: var(--color-main-text);
+}
+
+.office-checkmark {
+    flex-shrink: 0;
+    display: none;
+}
+
+#office-collabora:checked + .office-card .office-checkmark,
+#office-onlyoffice:checked + .office-card .office-checkmark {
+    display: block;
+}
+
+.office-features {
+    list-style: none;
+    padding: 0;
+    margin: 0;
+}
+
+.office-features li {
+    position: relative;
+    padding-left: 20px;
+    margin-bottom: 4px;
+    font-size: var(--default-font-size);
+    line-height: 1.5;
+    color: var(--color-main-text);
+}
+
+.office-features li::before {
+    content: '•';
+    position: absolute;
+    left: 6px;
+    color: var(--color-nextcloud-blue);
+    font-weight: bold;
+}
+
+.office-checkbox {
+    position: absolute;
+    opacity: 0;
+    pointer-events: none;
+}
+
+.office-learn-more {
+    display: inline-flex;
+    align-items: center;
+    margin-top: 12px;
+    color: var(--color-primary-element);
+    text-decoration: none;
+    font-size: var(--default-font-size);
+    font-weight: 500;
+    transition: color 0.2s ease;
+}
+
+.office-learn-more:hover {
+    color: var(--color-primary-element-hover);
+}
+
+.office-learn-more svg {
+    transition: transform 0.2s ease;
+}
+
+.office-learn-more:hover svg {
+    transform: translateX(3px);
+}
+
+.office-none-card {
+    text-align: center;
+    margin: 12px 0 20px 0;
+}
+
+.office-none-label {
+    display: inline-flex;
+    align-items: center;
+    font-size: 13px;
+    color: var(--color-primary-element);
+    cursor: pointer;
+    opacity: 0.7;
+    transition: opacity 0.2s ease;
+    padding: 8px 12px;
+    border-radius: var(--border-radius);
+}
+
+.office-none-label:hover {
+    opacity: 1;
+    background-color: var(--color-primary-element-light);
+}
+
+#office-none:checked + .office-none-label {
+    opacity: 1;
+    font-weight: 600;
+}
+
+/* Responsive adjustments for mobile */
+@media only screen and (max-width: 800px) {
+    .office-suite-cards {
+        grid-template-columns: 1fr;
+    }
+}
\ No newline at end of file
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 45586f9c..b449db6a 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -76,24 +76,24 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['options-form'])) {
-                if (isset($request->getParsedBody()['collabora']) && isset($request->getParsedBody()['onlyoffice'])) {
-                    throw new InvalidSettingConfigurationException("Collabora and Onlyoffice are not allowed to be enabled at the same time!");
+                $officeSuiteChoice = $request->getParsedBody()['office_suite_choice'] ?? '';
+                
+                if ($officeSuiteChoice === 'collabora') {
+                    $this->configurationManager->SetCollaboraEnabledState(1);
+                    $this->configurationManager->SetOnlyofficeEnabledState(0);
+                } elseif ($officeSuiteChoice === 'onlyoffice') {
+                    $this->configurationManager->SetCollaboraEnabledState(0);
+                    $this->configurationManager->SetOnlyofficeEnabledState(1);
+                } else {
+                    $this->configurationManager->SetCollaboraEnabledState(0);
+                    $this->configurationManager->SetOnlyofficeEnabledState(0);
                 }
+                
                 if (isset($request->getParsedBody()['clamav'])) {
                     $this->configurationManager->SetClamavEnabledState(1);
                 } else {
                     $this->configurationManager->SetClamavEnabledState(0);
                 }
-                if (isset($request->getParsedBody()['onlyoffice'])) {
-                    $this->configurationManager->SetOnlyofficeEnabledState(1);
-                } else {
-                    $this->configurationManager->SetOnlyofficeEnabledState(0);
-                }
-                if (isset($request->getParsedBody()['collabora'])) {
-                    $this->configurationManager->SetCollaboraEnabledState(1);
-                } else {
-                    $this->configurationManager->SetCollaboraEnabledState(0);
-                }
                 if (isset($request->getParsedBody()['talk'])) {
                     $this->configurationManager->SetTalkEnabledState(1);
                 } else {
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2f722768..8e437bc2 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -27,7 +27,7 @@
             <script type="text/javascript" src="timezone.js"></script>
 
             {# js for optional containers and additional containers forms #}
-            <script type="text/javascript" src="containers-form-submit.js?v4"></script>
+            <script type="text/javascript" src="containers-form-submit.js?v5"></script>
 
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index b4764592..dcf59bfb 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -9,6 +9,105 @@
     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
     <input type="hidden" name="options-form" value="options-form">
+    <h3>Office Suite</h3>
+    {% if isAnyRunning == false %}
+        <p>Choose your preferred office suite. Only one can be enabled at a time.</p>
+    {% endif %}
+    <div class="office-suite-cards">
+        <input
+            type="radio"
+            id="office-collabora"
+            name="office_suite_choice"
+            value="collabora"
+            class="office-radio"
+            {% if is_collabora_enabled == true %}
+                checked="checked"
+            {% endif %}
+        >
+        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-collabora">
+            <div class="office-card-header">
+                <h4>Nextcloud Office</h4>
+                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
+                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                </svg>
+            </div>
+            <ul class="office-features">
+                <li>Best Nextcloud integration</li>
+                <li>Open source</li>
+                <li>Good performance</li>
+                <li>Best security: documents never leave your server</li>
+                <li>Best ODF compatibility</li>
+                <li>Best support for legacy files</li>
+            </ul>
+            {% if isAnyRunning == false %}
+                <a href="https://www.collaboraoffice.com/code/" target="_blank" class="office-learn-more" onclick="event.stopPropagation();">
+                    Learn more
+                    <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="vertical-align: middle; margin-left: 4px;">
+                        <path d="M6 12L10 8L6 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                    </svg>
+                </a>
+            {% endif %}
+        </label>
+        <input type="hidden" id="collabora" name="collabora" value="" data-initial-state="{% if is_collabora_enabled == true %}true{% else %}false{% endif %}">
+        <input
+            type="radio"
+            id="office-onlyoffice"
+            name="office_suite_choice"
+            value="onlyoffice"
+            class="office-radio"
+            {% if is_onlyoffice_enabled == true %}
+                checked="checked"
+            {% endif %}
+        >
+        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-onlyoffice">
+            <div class="office-card-header">
+                <h4>OnlyOffice</h4>
+                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
+                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                </svg>
+            </div>
+            <ul class="office-features">
+                <li>Good Nextcloud integration</li>
+                <li>Open core</li>
+                <li>Best performance</li>
+                <li>Limited ODF compatibility</li>
+                <li>Best Microsoft compatibility</li>
+            </ul>
+            {% if isAnyRunning == false %}
+                <a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" onclick="event.stopPropagation();">
+                    Learn more
+                    <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="vertical-align: middle; margin-left: 4px;">
+                        <path d="M6 12L10 8L6 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                    </svg>
+                </a>
+            {% endif %}
+        </label>
+        <input type="hidden" id="onlyoffice" name="onlyoffice" value="" data-initial-state="{% if is_onlyoffice_enabled == true %}true{% else %}false{% endif %}">
+    </div>
+    {% if isAnyRunning == false %}
+        <div class="office-none-card">
+            <input
+                type="radio"
+                id="office-none"
+                name="office_suite_choice"
+                value=""
+                class="office-radio"
+                {% if is_collabora_enabled == false and is_onlyoffice_enabled == false %}
+                    checked="checked"
+                {% endif %}
+            >
+            <label class="office-none-label" for="office-none">
+                <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="vertical-align: middle; margin-right: 6px;">
+                    <path d="M2 2L14 14M2 14L14 2" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
+                </svg>
+                Disable office suite
+            </label>
+        </div>
+    {% endif %}
+    <input class="options-form-submit" type="submit" value="Save changes" />
+    <h3>Additional Optional Containers</h3>
     <p>
         <input
             type="checkbox"
@@ -23,20 +122,6 @@
         >
         <label for="clamav">ClamAV (Antivirus backend for Nextcloud, needs ~1GB additional RAM)</label>
     </p>
-    <p>
-        <input
-            type="checkbox"
-            id="collabora"
-            name="collabora"
-            {% if is_collabora_enabled == true %}
-                checked="checked"
-                data-initial-state="true"
-            {% else %}
-                data-initial-state="false"
-            {% endif %}
-        >
-        <label for="collabora">Collabora (Nextcloud Office)</label>
-    </p>
     <p>
         <input
             type="checkbox"
@@ -98,20 +183,7 @@
         >
         <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
     </p>
-    <p>
-        <input
-            type="checkbox"
-            id="onlyoffice"
-            name="onlyoffice"
-            {% if is_onlyoffice_enabled == true %}
-                checked="checked"
-                data-initial-state="true"
-            {% else %}
-                data-initial-state="false"
-            {% endif %}
-        >
-        <label for="onlyoffice">OnlyOffice</label>
-    </p>
+
     <p>
         <input
             type="checkbox"
@@ -140,15 +212,15 @@
         >
         <label for="whiteboard">Whiteboard</label>
     </p>
-    <input id="options-form-submit" type="submit" value="Save changes" />
+    <input class="options-form-submit" type="submit" value="Save changes" />
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}
     <script type="text/javascript" src="disable-clamav.js"></script>
     <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
     <script type="text/javascript" src="disable-talk.js"></script>
-    <script type="text/javascript" src="disable-collabora.js"></script>
-    <script type="text/javascript" src="disable-onlyoffice.js"></script>
+    <script type="text/javascript" src="disable-collabora.js?v2"></script>
+    <script type="text/javascript" src="disable-onlyoffice.js?v2"></script>
     <script type="text/javascript" src="disable-imaginary.js"></script>
     <script type="text/javascript" src="disable-fulltextsearch.js"></script>
     <script type="text/javascript" src="disable-talk-recording.js"></script>
diff --git a/php/templates/layout.twig b/php/templates/layout.twig
index 4d842e3d..79c615d9 100644
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="style.css?v6" media="all" />
+        <link rel="stylesheet" href="style.css?v7" media="all" />
         <link rel="icon" href="img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>
diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js
index c88cd8e3..1f21f011 100644
--- a/php/tests/tests/initial-setup.spec.js
+++ b/php/tests/tests/initial-setup.spec.js
@@ -32,12 +32,12 @@ test('Initial setup', async ({ page: setupPage }) => {
   await containersPage.locator('#talk').uncheck();
   await containersPage.getByRole('checkbox', { name: 'Whiteboard' }).uncheck();
   await containersPage.getByRole('checkbox', { name: 'Imaginary' }).uncheck();
-  await containersPage.getByRole('checkbox', { name: 'Collabora' }).uncheck();
-  await containersPage.getByRole('button', { name: 'Save changes' }).click();
+  await containersPage.getByText('Disable office suite').click();
+  await containersPage.getByRole('button', { name: 'Save changes' }).last().click();
   await expect(containersPage.locator('#talk')).not.toBeChecked()
   await expect(containersPage.getByRole('checkbox', { name: 'Whiteboard' })).not.toBeChecked()
   await expect(containersPage.getByRole('checkbox', { name: 'Imaginary' })).not.toBeChecked()
-  await expect(containersPage.getByRole('checkbox', { name: 'Collabora' })).not.toBeChecked()
+  await expect(containersPage.locator('#office-none')).toBeChecked()
 
   // Reject invalid time zones
   await containersPage.locator('#timezone').click();

From 0b6c0733ab996a3141b0afebb794f40c5c290cfe Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 7 Jan 2026 17:29:24 +0100
Subject: [PATCH 3824/3949] Cache config, introduce get() and set() helpers to
 guide new way to set attributes

Use cached config, use set() for single attributes, setMultiple to wrap
multiple calls to set()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 50 ++++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 320bc477..3b09c5b3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -9,15 +9,19 @@ class ConfigurationManager
 {
     private array $secrets = [];
 
+    private array $config = [];
+
+    private bool $noWrite = false;
+
     public function GetConfig() : array
     {
-        if(file_exists(DataConst::GetConfigFile()))
+        if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
         {
             $configContent = (string)file_get_contents(DataConst::GetConfigFile());
-            return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
+            $this->config = json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
-        return [];
+        return $this->config;
     }
 
     public function GetPassword() : string {
@@ -34,6 +38,34 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
+    private function get(string $key, mixed $fallbackValue = null) : mixed {
+        return $this->GetConfig()[$key] ?? $fallbackValue;
+    }
+
+    private function set(string $key, mixed $value) : void {
+        $this->GetConfig();
+        $this->config[$key] = $value;
+        // Only write if this isn't called via setMultiple().
+        if ($this->noWrite !== true) {
+            $this->WriteConfig();
+        }
+    }
+
+    /**
+     * This allows to assign multiple attributes without saving the config to disk in between (as would
+     * calling set() do).
+     */
+    public function setMultiple(\Closure $closure) : void {
+        $this->noWrite = true;
+        try {
+            $this->GetConfig();
+            $closure($this);
+            $this->WriteConfig();
+        } finally {
+            $this->noWrite = false;
+        }
+    }
+
     public function GetAndGenerateSecret(string $secretId) : string {
         if ($secretId === '') {
             return '';
@@ -599,17 +631,25 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function WriteConfig(array $config) : void {
+    public function WriteConfig(?array $config) : void {
+        if ($config) {
+            $this->config = $config;
+        }
         if(!is_dir(DataConst::GetDataDirectory())) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
+        // Shouldn't happen, but as a precaution we won't write an empty config to disk.
+        if ($this->config === []) {
+            return;
+        }
         $df = disk_free_space(DataConst::GetDataDirectory());
-        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
+        $content = json_encode($this->config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
         $size = strlen($content) + 10240;
         if ($df !== false && (int)$df < $size) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
         }
         file_put_contents(DataConst::GetConfigFile(), $content);
+        $this->config = [];
     }
 
     private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {

From 21b14a4a5df379f7ed457f9185faf94323c737fb Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 11:43:43 +0100
Subject: [PATCH 3825/3949] Adapt GetEnvironmentalVariableOrConfig() to get()
 and set()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3b09c5b3..0ee4bae2 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -654,23 +654,21 @@ class ConfigurationManager
 
     private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
         $envVariableOutput = getenv($envVariableName);
+        $configValue = $this->get($configName, '');
         if ($envVariableOutput === false) {
-            $config = $this->GetConfig();
-            if (!isset($config[$configName]) || $config[$configName] === '') {
-                $config[$configName] = $defaultValue;
+            if ($configValue === '') {
+                $this->set($configName, $defaultValue);
+                return $defaultValue;
             }
-            return $config[$configName];
+            return $configValue;
         }
-        if(file_exists(DataConst::GetConfigFile())) {
-            $config = $this->GetConfig();
-            if (!isset($config[$configName])) {
-                $config[$configName] = '';
-            }
-            if ($envVariableOutput !== $config[$configName]) {
-                $config[$configName] = $envVariableOutput;
-                $this->WriteConfig($config);
+
+        if (file_exists(DataConst::GetConfigFile())) {
+            if ($envVariableOutput !== $configValue) {
+                $this->set($configName, $envVariableOutput);
             }
         }
+
         return $envVariableOutput;
     }
 

From a9b648e18fcfd6bd973b13c2dbca19b2260054d8 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 18:22:40 +0100
Subject: [PATCH 3826/3949] Adapt GetAndGenerateSecret() to get() and set()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0ee4bae2..27a98d03 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -71,17 +71,17 @@ class ConfigurationManager
             return '';
         }
 
-        $config = $this->GetConfig();
-        if(!isset($config['secrets'][$secretId])) {
-            $config['secrets'][$secretId] = bin2hex(random_bytes(24));
-            $this->WriteConfig($config);
+        $secrets = $this->get('secrets', []);
+        if (!isset($secrets[$secretId])) {
+            $secrets[$secretId] = bin2hex(random_bytes(24));
+            $this->set('secrets', $secrets);
         }
 
         if ($secretId === 'BORGBACKUP_PASSWORD' && !file_exists(DataConst::GetBackupSecretFile())) {
-            $this->DoubleSafeBackupSecret($config['secrets'][$secretId]);
+            $this->DoubleSafeBackupSecret($secrets[$secretId]);
         }
 
-        return $config['secrets'][$secretId];
+        return $secrets[$secretId];
     }
 
     public function GetRegisteredSecret(string $secretId) : string {

From b2f992d955d26c10bba639bae89ff4156a74899c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:37:36 +0100
Subject: [PATCH 3827/3949] Make `AIO_TOKEN` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Auth/AuthManager.php            | 2 +-
 php/src/Controller/DockerController.php | 5 +----
 php/src/Data/ConfigurationManager.php   | 9 +++++----
 php/src/Docker/DockerActionManager.php  | 2 +-
 4 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index 925ff89f..b4533c1e 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -19,7 +19,7 @@ readonly class AuthManager {
     }
 
     public function CheckToken(string $token) : bool {
-        return hash_equals($this->configurationManager->GetToken(), $token);
+        return hash_equals($this->configurationManager->AIO_TOKEN, $token);
     }
 
     public function SetAuthState(bool $isLoggedIn) : void {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index a924e61f..ab10d3c6 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -213,10 +213,7 @@ readonly class DockerController {
     }
 
     public function startTopContainer(bool $pullImage) : void {
-        $config = $this->configurationManager->GetConfig();
-        // set AIO_TOKEN
-        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->AIO_TOKEN = bin2hex(random_bytes(24));
 
         // Stop domaincheck since apache would not be able to start otherwise
         $this->StopDomaincheckContainer();
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 27a98d03..6b80c71b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -13,6 +13,11 @@ class ConfigurationManager
 
     private bool $noWrite = false;
 
+    public string $AIO_TOKEN {
+        get => $this->get('AIO_TOKEN', '');
+        set { $this->set('AIO_TOKEN', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -28,10 +33,6 @@ class ConfigurationManager
         return $this->GetConfig()['password'];
     }
 
-    public function GetToken() : string {
-        return $this->GetConfig()['AIO_TOKEN'];
-    }
-
     public function SetPassword(string $password) : void {
         $config = $this->GetConfig();
         $config['password'] = $password;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fb3701a4..ae957d35 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -559,7 +559,7 @@ readonly class DockerActionManager {
         return match ($placeholder) {
             'NC_DOMAIN' => $this->configurationManager->GetDomain(),
             'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
-            'AIO_TOKEN' => $this->configurationManager->GetToken(),
+            'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN,
             'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
             'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
             'AIO_URL' => $this->configurationManager->GetAIOURL(),

From 4d8e959608c9c1be21b337bb19b89656e478d8ec Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 14:55:29 +0100
Subject: [PATCH 3828/3949] Make `password` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Auth/AuthManager.php          |  2 +-
 php/src/Data/ConfigurationManager.php | 19 +++++++------------
 php/src/Data/Setup.php                |  2 +-
 3 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index b4533c1e..1d558aed 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -15,7 +15,7 @@ readonly class AuthManager {
     }
 
     public function CheckCredentials(string $password) : bool {
-        return hash_equals($this->configurationManager->GetPassword(), $password);
+        return hash_equals($this->configurationManager->password, $password);
     }
 
     public function CheckToken(string $token) : bool {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 6b80c71b..1c40508f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -18,6 +18,11 @@ class ConfigurationManager
         set { $this->set('AIO_TOKEN', $value); }
     }
 
+    public string $password {
+        get => $this->get('password', '');
+        set { $this->set('password', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -29,16 +34,6 @@ class ConfigurationManager
         return $this->config;
     }
 
-    public function GetPassword() : string {
-        return $this->GetConfig()['password'];
-    }
-
-    public function SetPassword(string $password) : void {
-        $config = $this->GetConfig();
-        $config['password'] = $password;
-        $this->WriteConfig($config);
-    }
-
     private function get(string $key, mixed $fallbackValue = null) : mixed {
         return $this->GetConfig()[$key] ?? $fallbackValue;
     }
@@ -586,7 +581,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter your current password.");
         }
 
-        if ($currentPassword !== $this->GetPassword()) {
+        if ($currentPassword !== $this->password) {
             throw new InvalidSettingConfigurationException("The entered current password is not correct.");
         }
 
@@ -603,7 +598,7 @@ class ConfigurationManager
         }
 
         // All checks pass so set the password
-        $this->SetPassword($newPassword);
+        $this->set('password', $newPassword);
     }
 
     public function GetApachePort() : string {
diff --git a/php/src/Data/Setup.php b/php/src/Data/Setup.php
index f8f43e4b..e409eef8 100644
--- a/php/src/Data/Setup.php
+++ b/php/src/Data/Setup.php
@@ -17,7 +17,7 @@ readonly class Setup {
         }
 
         $password = $this->passwordGenerator->GeneratePassword(8);
-        $this->configurationManager->SetPassword($password);
+        $this->configurationManager->password = $password;
         return $password;
     }
 

From 484ff7994319838736570ad8e7b900bb9580c9e6 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:11:20 +0100
Subject: [PATCH 3829/3949] Make `wasStartButtonClicked` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php |  6 +++---
 php/src/Data/ConfigurationManager.php   | 13 +++++--------
 php/src/Docker/DockerActionManager.php  |  2 +-
 4 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index b57f65a5..59708627 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -105,7 +105,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
         'borg_backup_mode' => $configurationManager->GetBackupMode(),
-        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
+        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
         'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
         'backup_times' => $configurationManager->GetBackupTimes(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ab10d3c6..e913349d 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -190,11 +190,11 @@ readonly class DockerController {
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
         $config['AIO_URL'] = $host . ':' . (string)$port . $path;
-        // set wasStartButtonClicked
-        $config['wasStartButtonClicked'] = 1;
         // set install_latest_major
         $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
+        // set wasStartButtonClicked
+        $this->configurationManager->wasStartButtonClicked = true;
 
         // Do not pull container images in case 'bypass_container_update' is set via url params
         // Needed for local testing
@@ -274,7 +274,7 @@ readonly class DockerController {
     public function StartDomaincheckContainer() : void
     {
         # Don't start if domain is already set
-        if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked()) {
+        if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked) {
             return;
         }
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1c40508f..18cdc46c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public bool $wasStartButtonClicked {
+        get => $this->get('wasStartButtonClicked', false);
+        set { $this->set('wasStartButtonClicked', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -150,14 +155,6 @@ class ConfigurationManager
         return $backupTimes;
     }
 
-    public function wasStartButtonClicked() : bool {
-        if (isset($this->GetConfig()['wasStartButtonClicked'])) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
     private function isx64Platform() : bool {
         if (php_uname('m') === 'x86_64') {
             return true;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ae957d35..42c2d5f0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -621,7 +621,7 @@ readonly class DockerActionManager {
 
     public function isAnyUpdateAvailable(): bool {
         // return early if instance is not installed
-        if (!$this->configurationManager->wasStartButtonClicked()) {
+        if (!$this->configurationManager->wasStartButtonClicked) {
             return false;
         }
         $id = 'nextcloud-aio-apache';

From 06fdf31c8707b6edee57fc93efdbf16930434320 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:09:52 +0100
Subject: [PATCH 3830/3949] Make `AIO_URL` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php |  4 ++--
 php/src/Data/ConfigurationManager.php   | 14 +++++---------
 php/src/Docker/DockerActionManager.php  |  2 +-
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index e913349d..b8f89c46 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -188,11 +188,11 @@ readonly class DockerController {
         }
 
         $config = $this->configurationManager->GetConfig();
-        // set AIO_URL
-        $config['AIO_URL'] = $host . ':' . (string)$port . $path;
         // set install_latest_major
         $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
+        // set AIO_URL
+        $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $this->configurationManager->wasStartButtonClicked = true;
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 18cdc46c..c4032fea 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public string $AIO_URL {
+        get => $this->get('AIO_URL', '');
+        set { $this->set('AIO_URL', $value); }
+    }
+
     public bool $wasStartButtonClicked {
         get => $this->get('wasStartButtonClicked', false);
         set { $this->set('wasStartButtonClicked', $value); }
@@ -475,15 +480,6 @@ class ConfigurationManager
         return $config['restore-exclude-previews'];
     }
 
-    public function GetAIOURL() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['AIO_URL'])) {
-            $config['AIO_URL'] = '';
-        }
-
-        return $config['AIO_URL'];
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 42c2d5f0..7ef920e7 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -562,7 +562,7 @@ readonly class DockerActionManager {
             'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN,
             'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
             'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
-            'AIO_URL' => $this->configurationManager->GetAIOURL(),
+            'AIO_URL' => $this->configurationManager->AIO_URL,
             'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),

From 1d11a4682b3f03200f2e22b413ffb76424464a78 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:06:59 +0100
Subject: [PATCH 3831/3949] Make `install_latest_major` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 11 +----------
 php/src/Data/ConfigurationManager.php   | 13 +++++--------
 php/src/Docker/DockerActionManager.php  |  2 +-
 3 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index b8f89c46..f8f2896a 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -181,16 +181,7 @@ readonly class DockerController {
             $port = 443;
         }
 
-        if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 32;
-        } else {
-            $installLatestMajor = "";
-        }
-
-        $config = $this->configurationManager->GetConfig();
-        // set install_latest_major
-        $config['install_latest_major'] = $installLatestMajor;
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
         // set AIO_URL
         $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c4032fea..1fb03e68 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -33,6 +33,11 @@ class ConfigurationManager
         set { $this->set('wasStartButtonClicked', $value); }
     }
 
+    public bool $install_latest_major {
+        get => $this->get('install_latest_major', false);
+        set { $this->set('install_latest_major', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -889,14 +894,6 @@ class ConfigurationManager
         }
     }
 
-    public function shouldLatestMajorGetInstalled() : bool {
-        $config = $this->GetConfig();
-        if(!isset($config['install_latest_major'])) {
-            $config['install_latest_major'] = '';
-        }
-        return $config['install_latest_major'] !== '';
-    }
-
     public function GetAdditionalBackupDirectoriesString() : string {
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7ef920e7..1c6c418e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -595,7 +595,7 @@ readonly class DockerActionManager {
             'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(),
-            'INSTALL_LATEST_MAJOR' => $this->configurationManager->shouldLatestMajorGetInstalled() ? 'yes' : '',
+            'INSTALL_LATEST_MAJOR' => $this->configurationManager->install_latest_major ? 'yes' : '',
             'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),

From b8130958c557b05499736c32aaa6808a9bd5b8b1 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:05:10 +0100
Subject: [PATCH 3832/3949] Make `selectedRestoreTime` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php |  4 +---
 php/src/Data/ConfigurationManager.php   | 14 +++++---------
 php/src/Docker/DockerActionManager.php  |  1 +
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f8f2896a..1848ccab 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -124,14 +124,12 @@ readonly class DockerController {
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $this->configurationManager->SetBackupMode('restore');
-        $config = $this->configurationManager->GetConfig();
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
         if (isset($request->getParsedBody()['restore-exclude-previews'])) {
             $config['restore-exclude-previews'] = 1;
         } else {
             $config['restore-exclude-previews'] = '';
         }
-        $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
 
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1fb03e68..3e003e61 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public string $selectedRestoreTime {
+        get => $this->get('selected-restore-time', '');
+        set { $this->set('selected-restore-time', $value); }
+    }
+
     public string $AIO_URL {
         get => $this->get('AIO_URL', '');
         set { $this->set('AIO_URL', $value); }
@@ -467,15 +472,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function GetSelectedRestoreTime() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['selected-restore-time'])) {
-            $config['selected-restore-time'] = '';
-        }
-
-        return $config['selected-restore-time'];
-    }
-
     public function GetRestoreExcludePreviews() : string {
         $config = $this->GetConfig();
         if(!isset($config['restore-exclude-previews'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 1c6c418e..8ce0749e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -565,6 +565,7 @@ readonly class DockerActionManager {
             'AIO_URL' => $this->configurationManager->AIO_URL,
             'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
+            'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
             'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),

From c968e9e310ad36d2529e9624abe07d6271b55c27 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:02:19 +0100
Subject: [PATCH 3833/3949] Make `restoreExcludePreviews` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php |  6 +-----
 php/src/Data/ConfigurationManager.php   | 14 +++++---------
 php/src/Docker/DockerActionManager.php  |  3 +--
 3 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 1848ccab..0ee4e522 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -124,12 +124,8 @@ readonly class DockerController {
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $this->configurationManager->SetBackupMode('restore');
-        if (isset($request->getParsedBody()['restore-exclude-previews'])) {
-            $config['restore-exclude-previews'] = 1;
-        } else {
-            $config['restore-exclude-previews'] = '';
-        }
         $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
+        $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
 
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3e003e61..d216fedd 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public bool $restoreExcludePreviews {
+        get => $this->get('restore-exclude-previews', false);
+        set { $this->set('restore-exclude-previews', $value); }
+    }
+
     public string $selectedRestoreTime {
         get => $this->get('selected-restore-time', '');
         set { $this->set('selected-restore-time', $value); }
@@ -472,15 +477,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function GetRestoreExcludePreviews() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['restore-exclude-previews'])) {
-            $config['restore-exclude-previews'] = '';
-        }
-
-        return $config['restore-exclude-previews'];
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8ce0749e..b04124f3 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -563,8 +563,7 @@ readonly class DockerActionManager {
             'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
             'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
             'AIO_URL' => $this->configurationManager->AIO_URL,
-            'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(),
-            'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(),
+            'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '',
             'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
             'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),

From 881e77cca5d4b975f8ae2588dde4cd5a02898043 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 13:00:22 +0100
Subject: [PATCH 3834/3949] Make `isWhiteboardEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +-----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 59708627..a0b45675 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -136,7 +136,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
-        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
+        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
         'bypass_container_update' => $bypass_container_update,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index d7498047..ccca996f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -91,7 +91,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') {
-                if (!$this->configurationManager->isWhiteboardEnabled()) {
+                if (!$this->configurationManager->isWhiteboardEnabled) {
                     continue;
                 }
             }
@@ -200,7 +200,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-whiteboard') {
-                        if (!$this->configurationManager->isWhiteboardEnabled()) {
+                        if (!$this->configurationManager->isWhiteboardEnabled) {
                             continue;
                         }
                     }
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index b449db6a..62034681 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -119,11 +119,7 @@ readonly class ConfigurationController {
                 } else {
                     $this->configurationManager->SetDockerSocketProxyEnabledState(0);
                 }
-                if (isset($request->getParsedBody()['whiteboard'])) {
-                    $this->configurationManager->SetWhiteboardEnabledState(1);
-                } else {
-                    $this->configurationManager->SetWhiteboardEnabledState(0);
-                }
+                $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']);
             }
 
             if (isset($request->getParsedBody()['community-form'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d216fedd..a6dd196a 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public bool $isWhiteboardEnabled {
+        get => $this->get('isWhiteboardEnabled', true);
+        set { $this->set('isWhiteboardEnabled', $value); }
+    }
+
     public bool $restoreExcludePreviews {
         get => $this->get('restore-exclude-previews', false);
         set { $this->set('restore-exclude-previews', $value); }
@@ -207,21 +212,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function isWhiteboardEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    public function SetWhiteboardEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isWhiteboardEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function SetClamavEnabledState(int $value) : void {
         $config = $this->GetConfig();
         $config['isClamavEnabled'] = $value;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b04124f3..72abd49c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -601,7 +601,7 @@ readonly class DockerActionManager {
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
-            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
+            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '',
             default => $this->configurationManager->GetRegisteredSecret($placeholder),
         };
     }

From 6576d3c1e9e8e4d0c118dc3388ab8415152b7690 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:58:50 +0100
Subject: [PATCH 3835/3949] Make `backupMode` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php | 14 +++++++-------
 php/src/Data/ConfigurationManager.php   | 20 +++++---------------
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index a0b45675..6abe1989 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
-        'borg_backup_mode' => $configurationManager->GetBackupMode(),
+        'borg_backup_mode' => $configurationManager->backupMode,
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
         'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 0ee4e522..566f430a 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -89,7 +89,7 @@ readonly class DockerController {
     }
 
     public function startBackup(bool $forceStopNextcloud = false) : void {
-        $this->configurationManager->SetBackupMode('backup');
+        $this->configurationManager->backupMode = 'backup';
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
@@ -109,21 +109,21 @@ readonly class DockerController {
     }
 
     public function checkBackup() : void {
-        $this->configurationManager->SetBackupMode('check');
+        $this->configurationManager->backupMode = 'check';
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
     private function listBackup() : void {
-        $this->configurationManager->SetBackupMode('list');
+        $this->configurationManager->backupMode = 'list';
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->SetBackupMode('restore');
+        $this->configurationManager->backupMode = 'restore';
         $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
         $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
 
@@ -138,22 +138,22 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->SetBackupMode('check-repair');
+        $this->configurationManager->backupMode = 'check-repair';
 
         $id = 'nextcloud-aio-borgbackup';
         $this->PerformRecursiveContainerStart($id);
 
         // Restore to backup check which is needed to make the UI logic work correctly
-        $this->configurationManager->SetBackupMode('check');
+        $this->configurationManager->backupMode = 'check';
 
         return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->SetBackupMode('test');
         $config = $this->configurationManager->GetConfig();
         $config['instance_restore_attempt'] = 0;
         $this->configurationManager->WriteConfig($config);
+        $this->configurationManager->backupMode = 'test';
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a6dd196a..e21984b6 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -38,6 +38,11 @@ class ConfigurationManager
         set { $this->set('selected-restore-time', $value); }
     }
 
+    public string $backupMode {
+        get => $this->get('backup-mode', '');
+        set { $this->set('backup-mode', $value); }
+    }
+
     public string $AIO_URL {
         get => $this->get('AIO_URL', '');
         set { $this->set('AIO_URL', $value); }
@@ -452,21 +457,6 @@ class ConfigurationManager
         return 'dc=' . implode(',dc=', explode('.', $domain));
     }
 
-    public function GetBackupMode() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['backup-mode'])) {
-            $config['backup-mode'] = '';
-        }
-
-        return $config['backup-mode'];
-    }
-
-    public function SetBackupMode(string $mode) : void {
-        $config = $this->GetConfig();
-        $config['backup-mode'] = $mode;
-        $this->WriteConfig($config);
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */

From f235af29e33f7d84197a3861754fe3e5792a21bf Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:56:10 +0100
Subject: [PATCH 3836/3949] Make `isDockerSocketProxyEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +-----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 6abe1989..caff178c 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -135,7 +135,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
-        'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
+        'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index ccca996f..fe454fba 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -87,7 +87,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-docker-socket-proxy') {
-                if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
+                if (!$this->configurationManager->isDockerSocketProxyEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') {
@@ -196,7 +196,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-docker-socket-proxy') {
-                        if (!$this->configurationManager->isDockerSocketProxyEnabled()) {
+                        if (!$this->configurationManager->isDockerSocketProxyEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-whiteboard') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 62034681..76eefae5 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -114,11 +114,7 @@ readonly class ConfigurationController {
                 } else {
                     $this->configurationManager->SetFulltextsearchEnabledState(0);
                 }
-                if (isset($request->getParsedBody()['docker-socket-proxy'])) {
-                    $this->configurationManager->SetDockerSocketProxyEnabledState(1);
-                } else {
-                    $this->configurationManager->SetDockerSocketProxyEnabledState(0);
-                }
+                $this->configurationManager->isDockerSocketProxyEnabled = isset($request->getParsedBody()['docker-socket-proxy']);
                 $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']);
             }
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e21984b6..a44751c4 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -23,6 +23,11 @@ class ConfigurationManager
         set { $this->set('password', $value); }
     }
 
+    public bool $isDockerSocketProxyEnabled {
+        get => $this->get('isDockerSocketProxyEnabled', false);
+        set { $this->set('isDockerSocketProxyEnabled', $value); }
+    }
+
     public bool $isWhiteboardEnabled {
         get => $this->get('isWhiteboardEnabled', true);
         set { $this->set('isWhiteboardEnabled', $value); }
@@ -202,21 +207,6 @@ class ConfigurationManager
         }
     }
 
-    public function isDockerSocketProxyEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isDockerSocketProxyEnabled']) && $config['isDockerSocketProxyEnabled'] === 1) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public function SetDockerSocketProxyEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isDockerSocketProxyEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function SetClamavEnabledState(int $value) : void {
         $config = $this->GetConfig();
         $config['isClamavEnabled'] = $value;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 72abd49c..66368ca4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -581,7 +581,7 @@ readonly class DockerActionManager {
             'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
             'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '',
-            'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled() ? 'yes' : '',
+            'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),
             'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),
             'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),

From bebae7069b41d4c49bc13fa6817ee1241cb4751c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:52:03 +0100
Subject: [PATCH 3837/3949] Make `instance_restore_attempt` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php |  4 +---
 php/src/Data/ConfigurationManager.php   | 22 +++++++++-------------
 3 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index caff178c..235a3ffc 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -103,7 +103,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
-        'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
+        'is_instance_restore_attempt' => $configurationManager->instance_restore_attempt,
         'borg_backup_mode' => $configurationManager->backupMode,
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
         'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 566f430a..df6fbe5d 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -150,10 +150,8 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
-        $config = $this->configurationManager->GetConfig();
-        $config['instance_restore_attempt'] = 0;
-        $this->configurationManager->WriteConfig($config);
         $this->configurationManager->backupMode = 'test';
+        $this->configurationManager->instance_restore_attempt = false;
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a44751c4..12d4aef2 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -48,6 +48,11 @@ class ConfigurationManager
         set { $this->set('backup-mode', $value); }
     }
 
+    public bool $instance_restore_attempt {
+        get => $this->get('instance_restore_attempt', false);
+        set { $this->set('instance_restore_attempt', $value); }
+    }
+
     public string $AIO_URL {
         get => $this->get('AIO_URL', '');
         set { $this->set('AIO_URL', $value); }
@@ -529,8 +534,11 @@ class ConfigurationManager
         $config['borg_backup_host_location'] = $location;
         $config['borg_remote_repo'] = $repo;
         $config['borg_restore_password'] = $password;
-        $config['instance_restore_attempt'] = 1;
         $this->WriteConfig($config);
+
+        $this->setMultiple(function ($confManager) {
+            $confManager->instance_restore_attempt = true;
+        });
     }
 
     /**
@@ -663,18 +671,6 @@ class ConfigurationManager
         return $config['borg_restore_password'];
     }
 
-    public function isInstanceRestoreAttempt() : bool {
-        $config = $this->GetConfig();
-        if(!isset($config['instance_restore_attempt'])) {
-            $config['instance_restore_attempt'] = '';
-        }
-
-        if ($config['instance_restore_attempt'] === 1) {
-            return true;
-        }
-        return false;
-    }
-
     public function GetNextcloudMount() : string {
         $envVariableName = 'NEXTCLOUD_MOUNT';
         $configName = 'nextcloud_mount';

From f8a244bee2e87c6a0bd46d61ee93b39fb4267b24 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:01:53 +0100
Subject: [PATCH 3838/3949] Make `isClamavEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +-----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 235a3ffc..c213251d 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -110,7 +110,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
         'backup_times' => $configurationManager->GetBackupTimes(),
         'current_channel' => $dockerActionManager->GetCurrentChannel(),
-        'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
+        'is_clamav_enabled' => $configurationManager->isClamavEnabled,
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
         'is_talk_enabled' => $configurationManager->isTalkEnabled(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index fe454fba..639f6513 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -56,7 +56,7 @@ readonly class ContainerDefinitionFetcher {
         $containers = [];
         foreach ($data['aio_services_v1'] as $entry) {
             if ($entry['container_name'] === 'nextcloud-aio-clamav') {
-                if (!$this->configurationManager->isClamavEnabled()) {
+                if (!$this->configurationManager->isClamavEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
@@ -168,7 +168,7 @@ readonly class ContainerDefinitionFetcher {
                 }
                 foreach ($valueDependsOn as $value) {
                     if ($value === 'nextcloud-aio-clamav') {
-                        if (!$this->configurationManager->isClamavEnabled()) {
+                        if (!$this->configurationManager->isClamavEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-onlyoffice') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 76eefae5..b8a4bb6c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -88,11 +88,7 @@ readonly class ConfigurationController {
                     $this->configurationManager->SetCollaboraEnabledState(0);
                     $this->configurationManager->SetOnlyofficeEnabledState(0);
                 }
-                
-                if (isset($request->getParsedBody()['clamav'])) {
-                    $this->configurationManager->SetClamavEnabledState(1);
-                } else {
-                    $this->configurationManager->SetClamavEnabledState(0);
+                $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
                 }
                 if (isset($request->getParsedBody()['talk'])) {
                     $this->configurationManager->SetTalkEnabledState(1);
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 12d4aef2..485ca6ce 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -68,6 +68,11 @@ class ConfigurationManager
         set { $this->set('install_latest_major', $value); }
     }
 
+    public bool $isClamavEnabled {
+        get => $this->get('isClamavEnabled', false);
+        set { $this->set('isClamavEnabled', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -203,21 +208,6 @@ class ConfigurationManager
         }
     }
 
-    public function isClamavEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public function SetClamavEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isClamavEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function isImaginaryEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 66368ca4..86401005 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -571,7 +571,7 @@ readonly class DockerActionManager {
             'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
-            'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '',
+            'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '',
             'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '',

From 0c3d919618f5e61173a7c7b3533926fdd5bd4434 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:02:41 +0100
Subject: [PATCH 3839/3949] Make `isOnlyofficeEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  7 +++----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index c213251d..75607e63 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -111,7 +111,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'backup_times' => $configurationManager->GetBackupTimes(),
         'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled,
-        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
+        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
         'is_talk_enabled' => $configurationManager->isTalkEnabled(),
         'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 639f6513..d101178b 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -60,7 +60,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
-                if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                if (!$this->configurationManager->isOnlyofficeEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
@@ -172,7 +172,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-onlyoffice') {
-                        if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                        if (!$this->configurationManager->isOnlyofficeEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-collabora') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index b8a4bb6c..d39efd2a 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -80,16 +80,15 @@ readonly class ConfigurationController {
                 
                 if ($officeSuiteChoice === 'collabora') {
                     $this->configurationManager->SetCollaboraEnabledState(1);
-                    $this->configurationManager->SetOnlyofficeEnabledState(0);
+                    $this->configurationManager->isOnlyofficeEnabled = false;
                 } elseif ($officeSuiteChoice === 'onlyoffice') {
                     $this->configurationManager->SetCollaboraEnabledState(0);
-                    $this->configurationManager->SetOnlyofficeEnabledState(1);
+                    $this->configurationManager->isOnlyofficeEnabled = true;
                 } else {
                     $this->configurationManager->SetCollaboraEnabledState(0);
-                    $this->configurationManager->SetOnlyofficeEnabledState(0);
+                    $this->configurationManager->isOnlyofficeEnabled = false;
                 }
                 $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
-                }
                 if (isset($request->getParsedBody()['talk'])) {
                     $this->configurationManager->SetTalkEnabledState(1);
                 } else {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 485ca6ce..36cea5e0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -73,6 +73,11 @@ class ConfigurationManager
         set { $this->set('isClamavEnabled', $value); }
     }
 
+    public bool $isOnlyofficeEnabled {
+        get => $this->get('isOnlyofficeEnabled', false);
+        set { $this->set('isOnlyofficeEnabled', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -243,21 +248,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function isOnlyofficeEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isOnlyofficeEnabled']) && $config['isOnlyofficeEnabled'] === 1) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public function SetOnlyofficeEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isOnlyofficeEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function isCollaboraEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isCollaboraEnabled']) && $config['isCollaboraEnabled'] === 0) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 86401005..16771c6c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -573,7 +573,7 @@ readonly class DockerActionManager {
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
-            'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '',
+            'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',
             'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '',
             'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',

From cd1c2276e5ca2959ced114d881caf5dfa5bbc8d5 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:03:12 +0100
Subject: [PATCH 3840/3949] Make `isCollaboraEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +++---
 php/src/Controller/DockerController.php       |  2 +-
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 6 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 75607e63..adfd72d5 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -112,7 +112,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled,
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
-        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
+        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
         'is_talk_enabled' => $configurationManager->isTalkEnabled(),
         'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index d101178b..e4e27f69 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -64,7 +64,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
-                if (!$this->configurationManager->isCollaboraEnabled()) {
+                if (!$this->configurationManager->isCollaboraEnabled) {
                     continue;
                 }
                 if ($this->configurationManager->isCollaboraSubscriptionEnabled()) {
@@ -176,7 +176,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-collabora') {
-                        if (!$this->configurationManager->isCollaboraEnabled()) {
+                        if (!$this->configurationManager->isCollaboraEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-talk') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index d39efd2a..56621eee 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -79,13 +79,13 @@ readonly class ConfigurationController {
                 $officeSuiteChoice = $request->getParsedBody()['office_suite_choice'] ?? '';
                 
                 if ($officeSuiteChoice === 'collabora') {
-                    $this->configurationManager->SetCollaboraEnabledState(1);
+                    $this->configurationManager->isCollaboraEnabled = true;
                     $this->configurationManager->isOnlyofficeEnabled = false;
                 } elseif ($officeSuiteChoice === 'onlyoffice') {
-                    $this->configurationManager->SetCollaboraEnabledState(0);
+                    $this->configurationManager->isCollaboraEnabled = false;
                     $this->configurationManager->isOnlyofficeEnabled = true;
                 } else {
-                    $this->configurationManager->SetCollaboraEnabledState(0);
+                    $this->configurationManager->isCollaboraEnabled = false;
                     $this->configurationManager->isOnlyofficeEnabled = false;
                 }
                 $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index df6fbe5d..ff73e29a 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -224,7 +224,7 @@ readonly class DockerController {
         // This is a hack but no better solution was found for the meantime
         // Stop Collabora first to make sure it force-saves
         // See https://github.com/nextcloud/richdocuments/issues/3799
-        if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled()) {
+        if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled) {
             $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
         }
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 36cea5e0..165f9c44 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -78,6 +78,11 @@ class ConfigurationManager
         set { $this->set('isOnlyofficeEnabled', $value); }
     }
 
+    public bool $isCollaboraEnabled {
+        get => $this->get('isCollaboraEnabled', true);
+        set { $this->set('isCollaboraEnabled', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -248,21 +253,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function isCollaboraEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isCollaboraEnabled']) && $config['isCollaboraEnabled'] === 0) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    public function SetCollaboraEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isCollaboraEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function isTalkEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isTalkEnabled']) && $config['isTalkEnabled'] === 0) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 16771c6c..7cb20ad6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -574,7 +574,7 @@ readonly class DockerActionManager {
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',
-            'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '',
+            'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '',
             'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
             'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),

From e009abdd54030b654044f567fb88873b6365dc42 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:03:38 +0100
Subject: [PATCH 3841/3949] Make `isTalkEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +-----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index adfd72d5..0481aceb 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -113,7 +113,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_clamav_enabled' => $configurationManager->isClamavEnabled,
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
-        'is_talk_enabled' => $configurationManager->isTalkEnabled(),
+        'is_talk_enabled' => $configurationManager->isTalkEnabled,
         'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index e4e27f69..9635c8cf 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -71,7 +71,7 @@ readonly class ContainerDefinitionFetcher {
                     $entry['image'] = 'ghcr.io/nextcloud-releases/aio-collabora-online';
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
-                if (!$this->configurationManager->isTalkEnabled()) {
+                if (!$this->configurationManager->isTalkEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk-recording') {
@@ -180,7 +180,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-talk') {
-                        if (!$this->configurationManager->isTalkEnabled()) {
+                        if (!$this->configurationManager->isTalkEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-talk-recording') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 56621eee..75ec29ae 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -89,11 +89,7 @@ readonly class ConfigurationController {
                     $this->configurationManager->isOnlyofficeEnabled = false;
                 }
                 $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
-                if (isset($request->getParsedBody()['talk'])) {
-                    $this->configurationManager->SetTalkEnabledState(1);
-                } else {
-                    $this->configurationManager->SetTalkEnabledState(0);
-                }
+                $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
                 if (isset($request->getParsedBody()['talk-recording'])) {
                     $this->configurationManager->SetTalkRecordingEnabledState(1);
                 } else {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 165f9c44..648d04c3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -83,6 +83,11 @@ class ConfigurationManager
         set { $this->set('isCollaboraEnabled', $value); }
     }
 
+    public bool $isTalkEnabled {
+        get => $this->get('isTalkEnabled', true);
+        set { $this->set('isTalkEnabled', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -253,21 +258,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function isTalkEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isTalkEnabled']) && $config['isTalkEnabled'] === 0) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    public function SetTalkEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isTalkEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function isTalkRecordingEnabled() : bool {
         if (!$this->isTalkEnabled()) {
             return false;
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7cb20ad6..313de7b0 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -575,7 +575,7 @@ readonly class DockerActionManager {
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',
             'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '',
-            'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '',
+            'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
             'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
             'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),

From 190d47810b8501f0788e5e65dc576ae0284f9554 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:04:04 +0100
Subject: [PATCH 3842/3949] Make `isTalkRecordingEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 +--
 .../Controller/ConfigurationController.php    |  6 +----
 php/src/Data/ConfigurationManager.php         | 27 ++++---------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 31 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 0481aceb..34d7efe1 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -134,7 +134,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
-        'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
+        'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 9635c8cf..851b2b4d 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -75,7 +75,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk-recording') {
-                if (!$this->configurationManager->isTalkRecordingEnabled()) {
+                if (!$this->configurationManager->isTalkRecordingEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
@@ -184,7 +184,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-talk-recording') {
-                        if (!$this->configurationManager->isTalkRecordingEnabled()) {
+                        if (!$this->configurationManager->isTalkRecordingEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-imaginary') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 75ec29ae..cf8bf02b 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -90,11 +90,7 @@ readonly class ConfigurationController {
                 }
                 $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
                 $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
-                if (isset($request->getParsedBody()['talk-recording'])) {
-                    $this->configurationManager->SetTalkRecordingEnabledState(1);
-                } else {
-                    $this->configurationManager->SetTalkRecordingEnabledState(0);
-                }
+                $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']);
                 if (isset($request->getParsedBody()['imaginary'])) {
                     $this->configurationManager->SetImaginaryEnabledState(1);
                 } else {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 648d04c3..bd920a04 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -88,6 +88,11 @@ class ConfigurationManager
         set { $this->set('isTalkEnabled', $value); }
     }
 
+    public bool $isTalkRecordingEnabled {
+        get => $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false);
+        set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -258,28 +263,6 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function isTalkRecordingEnabled() : bool {
-        if (!$this->isTalkEnabled()) {
-            return false;
-        }
-        $config = $this->GetConfig();
-        if (isset($config['isTalkRecordingEnabled']) && $config['isTalkRecordingEnabled'] === 1) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public function SetTalkRecordingEnabledState(int $value) : void {
-        if (!$this->isTalkEnabled()) {
-            $value = 0;
-        }
-
-        $config = $this->GetConfig();
-        $config['isTalkRecordingEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 313de7b0..ebd1489d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -572,7 +572,7 @@ readonly class DockerActionManager {
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
-            'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '',
+            'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',
             'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '',
             'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '',

From f16f5b233d72ab22e96bb40a65540a2e6ea7efba Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:04:24 +0100
Subject: [PATCH 3843/3949] Make `isImaginaryEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 ++--
 .../Controller/ConfigurationController.php    |  6 +-----
 php/src/Data/ConfigurationManager.php         | 20 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 34d7efe1..27b2edad 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -124,7 +124,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
-        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
+        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 851b2b4d..75d47f83 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -79,7 +79,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
-                if (!$this->configurationManager->isImaginaryEnabled()) {
+                if (!$this->configurationManager->isImaginaryEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
@@ -188,7 +188,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-imaginary') {
-                        if (!$this->configurationManager->isImaginaryEnabled()) {
+                        if (!$this->configurationManager->isImaginaryEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-fulltextsearch') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index cf8bf02b..c7df757b 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -91,11 +91,7 @@ readonly class ConfigurationController {
                 $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
                 $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
                 $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']);
-                if (isset($request->getParsedBody()['imaginary'])) {
-                    $this->configurationManager->SetImaginaryEnabledState(1);
-                } else {
-                    $this->configurationManager->SetImaginaryEnabledState(0);
-                }
+                $this->configurationManager->isImaginaryEnabled = isset($request->getParsedBody()['imaginary']);
                 if (isset($request->getParsedBody()['fulltextsearch'])) {
                     $this->configurationManager->SetFulltextsearchEnabledState(1);
                 } else {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index bd920a04..65e83524 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -93,6 +93,11 @@ class ConfigurationManager
         set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); }
     }
 
+    public bool $isImaginaryEnabled {
+        get => $this->get('isImaginaryEnabled', true);
+        set { $this->set('isImaginaryEnabled', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -228,21 +233,6 @@ class ConfigurationManager
         }
     }
 
-    public function isImaginaryEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) {
-            return false;
-        } else {
-            return true;
-        }
-    }
-
-    public function SetImaginaryEnabledState(int $value) : void {
-        $config = $this->GetConfig();
-        $config['isImaginaryEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     public function isFulltextsearchEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ebd1489d..a9f2c29e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -579,7 +579,7 @@ readonly class DockerActionManager {
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
             'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
             'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
-            'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '',
+            'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),

From f737d2f598032df2fd2df3ad9c4f7b4319e91d66 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:04:48 +0100
Subject: [PATCH 3844/3949] Make `isFulltextsearchEnabled` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  4 +--
 .../Controller/ConfigurationController.php    |  6 +----
 php/src/Data/ConfigurationManager.php         | 26 +++++--------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 11 insertions(+), 29 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 27b2edad..2b1d6af1 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -125,7 +125,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
-        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
+        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
         'nextcloud_mount' => $configurationManager->GetNextcloudMount(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 75d47f83..4ac53258 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -83,7 +83,7 @@ readonly class ContainerDefinitionFetcher {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
-                if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                if (!$this->configurationManager->isFulltextsearchEnabled) {
                     continue;
                 }
             } elseif ($entry['container_name'] === 'nextcloud-aio-docker-socket-proxy') {
@@ -192,7 +192,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-fulltextsearch') {
-                        if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                        if (!$this->configurationManager->isFulltextsearchEnabled) {
                             continue;
                         }
                     } elseif ($value === 'nextcloud-aio-docker-socket-proxy') {
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index c7df757b..9688c5e9 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -92,11 +92,7 @@ readonly class ConfigurationController {
                 $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
                 $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']);
                 $this->configurationManager->isImaginaryEnabled = isset($request->getParsedBody()['imaginary']);
-                if (isset($request->getParsedBody()['fulltextsearch'])) {
-                    $this->configurationManager->SetFulltextsearchEnabledState(1);
-                } else {
-                    $this->configurationManager->SetFulltextsearchEnabledState(0);
-                }
+                $this->configurationManager->isFulltextsearchEnabled = isset($request->getParsedBody()['fulltextsearch']);
                 $this->configurationManager->isDockerSocketProxyEnabled = isset($request->getParsedBody()['docker-socket-proxy']);
                 $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']);
             }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 65e83524..43680ca9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -98,6 +98,12 @@ class ConfigurationManager
         set { $this->set('isImaginaryEnabled', $value); }
     }
 
+    public bool $isFulltextsearchEnabled {
+        get => $this->get('isFulltextsearchEnabled', false);
+        // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
+        set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -233,26 +239,6 @@ class ConfigurationManager
         }
     }
 
-    public function isFulltextsearchEnabled() : bool {
-        $config = $this->GetConfig();
-        if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    public function SetFulltextsearchEnabledState(int $value) : void {
-        // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        if ($this->isSeccompDisabled()) {
-            $value = 0;
-        }
-
-        $config = $this->GetConfig();
-        $config['isFulltextsearchEnabled'] = $value;
-        $this->WriteConfig($config);
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a9f2c29e..73f4bd9d 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -580,7 +580,7 @@ readonly class DockerActionManager {
             'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
             'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
             'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
-            'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '',
+            'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),
             'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),

From 5b0b9ef8263e740fa854be09dc424d53ae1ad9ff Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:06:20 +0100
Subject: [PATCH 3845/3949] Make `domain` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                    |  2 +-
 php/src/Controller/DockerController.php |  2 +-
 php/src/Data/ConfigurationManager.php   | 25 +++++++++++++------------
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 2b1d6af1..f3e8f940 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -91,7 +91,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     $skip_domain_validation = isset($params['skip_domain_validation']);
 
     return $view->render($response, 'containers.twig', [
-        'domain' => $configurationManager->GetDomain(),
+        'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->GetApachePort(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
         'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index ff73e29a..4e6d52b7 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -257,7 +257,7 @@ readonly class DockerController {
     public function StartDomaincheckContainer() : void
     {
         # Don't start if domain is already set
-        if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked) {
+        if ($this->configurationManager->domain !== '' || $this->configurationManager->wasStartButtonClicked) {
             return;
         }
 
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 43680ca9..d276ebb7 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -104,6 +104,11 @@ class ConfigurationManager
         set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); }
     }
 
+    public string $domain {
+        get => $this->get('domain', '');
+        set { $this->SetDomain($value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -241,6 +246,8 @@ class ConfigurationManager
 
     /**
      * @throws InvalidSettingConfigurationException
+     *
+     * We can't turn this into a private validation method because of the second argument.
      */
     public function SetDomain(string $domain, bool $skipDomainValidation) : void {
         // Validate that at least one dot is contained
@@ -346,25 +353,19 @@ class ConfigurationManager
             }
         }
 
-        // Write domain
         $config = $this->GetConfig();
-        $config['domain'] = $domain;
         // Reset the borg restore password when setting the domain
         $config['borg_restore_password'] = '';
         $this->WriteConfig($config);
-    }
-
-    public function GetDomain() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['domain'])) {
-            $config['domain'] = '';
-        }
-
-        return $config['domain'];
+        $this->setMultiple(function ($confManager) use ($domain) {
+            // Write domain
+            // Don't set the domain via the attribute, or we create a loop.
+            $confManager->set('domain', $domain);
+        });
     }
 
     public function GetBaseDN() : string {
-        $domain = $this->GetDomain();
+        $domain = $this->domain;
         if ($domain === "") {
             return "";
         }

From b4d198f72b14cc52e667bf782d3db51c4fd80c34 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:07:45 +0100
Subject: [PATCH 3846/3949] Make `borg_backup_host_location` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/ContainerDefinitionFetcher.php |  2 +-
 php/src/Data/ConfigurationManager.php  | 26 +++++++++++++-------------
 php/src/Docker/DockerActionManager.php |  2 +-
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index f3e8f940..eb214eff 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -93,7 +93,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->GetApachePort(),
-        'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
+        'borg_backup_host_location' => $configurationManager->borg_backup_host_location,
         'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(),
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 4ac53258..e8244ddc 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -113,7 +113,7 @@ readonly class ContainerDefinitionFetcher {
             if (isset($entry['volumes'])) {
                 foreach ($entry['volumes'] as $value) {
                     if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
-                        $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                        $value['source'] = $this->configurationManager->borg_backup_host_location;
                         if($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d276ebb7..1c93f51b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -109,6 +109,11 @@ class ConfigurationManager
         set { $this->SetDomain($value); }
     }
 
+    public string $borg_backup_host_location {
+        get => $this->get('borg_backup_host_location', '');
+        set { $this->set('borg_backup_host_location', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -379,9 +384,11 @@ class ConfigurationManager
         $this->ValidateBorgLocationVars($location, $repo);
 
         $config = $this->GetConfig();
-        $config['borg_backup_host_location'] = $location;
         $config['borg_remote_repo'] = $repo;
         $this->WriteConfig($config);
+        $this->setMultiple(function ($confManager) use ($location) {
+            $confManager->borg_backup_host_location = $location;
+        });
     }
 
     private function ValidateBorgLocationVars(string $location, string $repo) : void {
@@ -428,9 +435,11 @@ class ConfigurationManager
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
         $config = $this->GetConfig();
-        $config['borg_backup_host_location'] = '';
         $config['borg_remote_repo'] = '';
         $this->WriteConfig($config);
+        $this->setMultiple(function ($confManager) {
+            $confManager->borg_backup_host_location = '';
+        });
 
         // Also delete the borg config file to be able to start over
         if (file_exists(DataConst::GetBackupKeyFile())) {
@@ -451,12 +460,12 @@ class ConfigurationManager
         }
 
         $config = $this->GetConfig();
-        $config['borg_backup_host_location'] = $location;
         $config['borg_remote_repo'] = $repo;
         $config['borg_restore_password'] = $password;
         $this->WriteConfig($config);
 
-        $this->setMultiple(function ($confManager) {
+        $this->setMultiple(function ($confManager) use ($location) {
+            $confManager->borg_backup_host_location = $location;
             $confManager->instance_restore_attempt = true;
         });
     }
@@ -556,15 +565,6 @@ class ConfigurationManager
         return $envVariableOutput;
     }
 
-    public function GetBorgBackupHostLocation() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['borg_backup_host_location'])) {
-            $config['borg_backup_host_location'] = '';
-        }
-
-        return $config['borg_backup_host_location'];
-    }
-
     public function GetBorgRemoteRepo() : string {
         $config = $this->GetConfig();
         if(!isset($config['borg_remote_repo'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 73f4bd9d..a3ea0c9b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -589,7 +589,7 @@ readonly class DockerActionManager {
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
-            'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(),
+            'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->borg_backup_host_location,
             'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()),
             'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),

From a361ab9d20f4cfc4c5c0fc071509756a734bdea1 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:14:39 +0100
Subject: [PATCH 3847/3949] Make `borg_remote_repo` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 24 ++++++++++--------------
 php/src/Docker/DockerActionManager.php |  2 +-
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index eb214eff..16d274f9 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -94,7 +94,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->GetApachePort(),
         'borg_backup_host_location' => $configurationManager->borg_backup_host_location,
-        'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(),
+        'borg_remote_repo' => $configurationManager->borg_remote_repo,
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1c93f51b..5dea0c6d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -114,6 +114,11 @@ class ConfigurationManager
         set { $this->set('borg_backup_host_location', $value); }
     }
 
+    public string $borg_remote_repo {
+        get => $this->get('borg_remote_repo', '');
+        set { $this->set('borg_remote_repo', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -384,10 +389,10 @@ class ConfigurationManager
         $this->ValidateBorgLocationVars($location, $repo);
 
         $config = $this->GetConfig();
-        $config['borg_remote_repo'] = $repo;
         $this->WriteConfig($config);
-        $this->setMultiple(function ($confManager) use ($location) {
+        $this->setMultiple(function ($confManager) use ($location, $repo) {
             $confManager->borg_backup_host_location = $location;
+            $confManager->borg_remote_repo = $repo;
         });
     }
 
@@ -435,10 +440,10 @@ class ConfigurationManager
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
         $config = $this->GetConfig();
-        $config['borg_remote_repo'] = '';
         $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) {
             $confManager->borg_backup_host_location = '';
+            $confManager->borg_remote_repo = '';
         });
 
         // Also delete the borg config file to be able to start over
@@ -460,12 +465,12 @@ class ConfigurationManager
         }
 
         $config = $this->GetConfig();
-        $config['borg_remote_repo'] = $repo;
         $config['borg_restore_password'] = $password;
         $this->WriteConfig($config);
 
-        $this->setMultiple(function ($confManager) use ($location) {
+        $this->setMultiple(function ($confManager) use ($location, $repo) {
             $confManager->borg_backup_host_location = $location;
+            $confManager->borg_remote_repo = $repo;
             $confManager->instance_restore_attempt = true;
         });
     }
@@ -565,15 +570,6 @@ class ConfigurationManager
         return $envVariableOutput;
     }
 
-    public function GetBorgRemoteRepo() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['borg_remote_repo'])) {
-            $config['borg_remote_repo'] = '';
-        }
-
-        return $config['borg_remote_repo'];
-    }
-
     public function GetBorgPublicKey() : string {
         if (!file_exists(DataConst::GetBackupPublicKey())) {
             return "";
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a3ea0c9b..876dd805 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -560,7 +560,7 @@ readonly class DockerActionManager {
             'NC_DOMAIN' => $this->configurationManager->GetDomain(),
             'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
             'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN,
-            'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(),
+            'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->borg_remote_repo,
             'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
             'AIO_URL' => $this->configurationManager->AIO_URL,
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '',

From 6033a4486c147eab303ba9f8120ab4663e348084 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:16:30 +0100
Subject: [PATCH 3848/3949] Make `borg_restore_password` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 23 +++++++++--------------
 php/src/Docker/DockerActionManager.php |  2 +-
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 16d274f9..05c39f76 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -114,7 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
         'is_talk_enabled' => $configurationManager->isTalkEnabled,
-        'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
+        'borg_restore_password' => $configurationManager->borg_restore_password,
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->GetTimezone(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5dea0c6d..2091ddb5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -119,6 +119,11 @@ class ConfigurationManager
         set { $this->set('borg_remote_repo', $value); }
     }
 
+    public string $borg_restore_password {
+        get => $this->get('borg_restore_password', '');
+        set { $this->set('borg_restore_password', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -364,13 +369,13 @@ class ConfigurationManager
         }
 
         $config = $this->GetConfig();
-        // Reset the borg restore password when setting the domain
-        $config['borg_restore_password'] = '';
         $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) use ($domain) {
             // Write domain
             // Don't set the domain via the attribute, or we create a loop.
             $confManager->set('domain', $domain);
+            // Reset the borg restore password when setting the domain
+            $confManager->borg_restore_password = '';
         });
     }
 
@@ -465,12 +470,11 @@ class ConfigurationManager
         }
 
         $config = $this->GetConfig();
-        $config['borg_restore_password'] = $password;
         $this->WriteConfig($config);
-
-        $this->setMultiple(function ($confManager) use ($location, $repo) {
+        $this->setMultiple(function ($confManager) use ($location, $repo, $password) {
             $confManager->borg_backup_host_location = $location;
             $confManager->borg_remote_repo = $repo;
+            $confManager->borg_restore_password = $password;
             $confManager->instance_restore_attempt = true;
         });
     }
@@ -578,15 +582,6 @@ class ConfigurationManager
         return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
-    public function GetBorgRestorePassword() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['borg_restore_password'])) {
-            $config['borg_restore_password'] = '';
-        }
-
-        return $config['borg_restore_password'];
-    }
-
     public function GetNextcloudMount() : string {
         $envVariableName = 'NEXTCLOUD_MOUNT';
         $configName = 'nextcloud_mount';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 876dd805..8b9720fb 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -570,7 +570,7 @@ readonly class DockerActionManager {
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
             'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
-            'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(),
+            'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password,
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',

From 6e5237cd205f0dc6ef069b6026f43a77028d00e7 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:17:25 +0100
Subject: [PATCH 3849/3949] Make `timezone` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 .../Controller/ConfigurationController.php    |  4 +--
 php/src/Data/ConfigurationManager.php         | 36 +++++++++----------
 php/src/Docker/DockerActionManager.php        |  2 +-
 4 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 05c39f76..130d34d5 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -117,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'borg_restore_password' => $configurationManager->borg_restore_password,
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
-        'timezone' => $configurationManager->GetTimezone(),
+        'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 9688c5e9..58337ef4 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -67,12 +67,12 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_timezone'])) {
-                $this->configurationManager->DeleteTimezone();
+                $this->configurationManager->deleteTimezone();
             }
 
             if (isset($request->getParsedBody()['timezone'])) {
                 $timezone = $request->getParsedBody()['timezone'] ?? '';
-                $this->configurationManager->SetTimezone($timezone);
+                $this->configurationManager->timezone = $timezone;
             }
 
             if (isset($request->getParsedBody()['options-form'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2091ddb5..119e81ce 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -124,6 +124,18 @@ class ConfigurationManager
         set { $this->set('borg_restore_password', $value); }
     }
 
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public string $timezone {
+        get => $this->get('timezone', '');
+        set {
+            // This throws an exception if the validation fails.
+            $this->validateTimezone($value);
+            $this->set('timezone', $value);
+        }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -784,19 +796,10 @@ class ConfigurationManager
         return false;
     }
 
-    public function GetTimezone() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['timezone'])) {
-            $config['timezone'] = '';
-        }
-
-        return $config['timezone'];
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetTimezone(string $timezone) : void {
+    private function validateTimezone(string $timezone) : void {
         if ($timezone === "") {
             throw new InvalidSettingConfigurationException("The timezone must not be empty!");
         }
@@ -804,16 +807,13 @@ class ConfigurationManager
         if (!preg_match("#^[a-zA-Z0-9_\-\/\+]+$#", $timezone)) {
             throw new InvalidSettingConfigurationException("The entered timezone does not seem to be a valid timezone!");
         }
-
-        $config = $this->GetConfig();
-        $config['timezone'] = $timezone;
-        $this->WriteConfig($config);
     }
 
-    public function DeleteTimezone() : void {
-        $config = $this->GetConfig();
-        $config['timezone'] = '';
-        $this->WriteConfig($config);
+    /**
+     * Provide an extra method since our `timezone` attribute setter prevents setting an empty timezone.
+     */
+    public function deleteTimezone() : void {
+        $this->set('timezone', '');
     }
 
     public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8b9720fb..ae8e9c83 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -577,7 +577,7 @@ readonly class DockerActionManager {
             'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '',
             'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
-            'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(),
+            'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone,
             'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
             'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',

From ca35006a8595e6abbb0d6313b819ae98b8ea2068 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:18:45 +0100
Subject: [PATCH 3850/3949] Make `collabora_dictionaries` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 .../Controller/ConfigurationController.php    |  2 +-
 php/src/Data/ConfigurationManager.php         | 34 +++++++++----------
 php/src/Docker/DockerActionManager.php        |  2 +-
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 130d34d5..dc0151e2 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -120,7 +120,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->GetTalkPort(),
-        'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
+        'collabora_dictionaries' => $configurationManager->collabora_dictionaries,
         'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 58337ef4..4a36ce5c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -117,7 +117,7 @@ readonly class ConfigurationController {
 
             if (isset($request->getParsedBody()['collabora_dictionaries'])) {
                 $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
-                $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
+                $this->configurationManager->collabora_dictionaries = $collaboraDictionaries;
             }
 
             if (isset($request->getParsedBody()['delete_collabora_additional_options'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 119e81ce..9f037ec4 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -136,6 +136,18 @@ class ConfigurationManager
         }
     }
 
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public string $collabora_dictionaries {
+        get => $this->get('collabora_dictionaries', '');
+        set {
+            // This throws an exception if the validation fails.
+            $this->validateCollaboraDictionaries($value);
+            $this->set('collabora_dictionaries', $value);
+        }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -831,19 +843,10 @@ class ConfigurationManager
         return 'deck twofactor_totp tasks calendar contacts notes';
     }
 
-    public function GetCollaboraDictionaries() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['collabora_dictionaries'])) {
-            $config['collabora_dictionaries'] = '';
-        }
-
-        return $config['collabora_dictionaries'];
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetCollaboraDictionaries(string $CollaboraDictionaries) : void {
+    private function validateCollaboraDictionaries(string $CollaboraDictionaries) : void {
         if ($CollaboraDictionaries === "") {
             throw new InvalidSettingConfigurationException("The dictionaries must not be empty!");
         }
@@ -851,16 +854,13 @@ class ConfigurationManager
         if (!preg_match("#^[a-zA-Z_ ]+$#", $CollaboraDictionaries)) {
             throw new InvalidSettingConfigurationException("The entered dictionaries do not seem to be a valid!");
         }
-
-        $config = $this->GetConfig();
-        $config['collabora_dictionaries'] = $CollaboraDictionaries;
-        $this->WriteConfig($config);
     }
 
+    /**
+     * Provide an extra method since the corresponding attribute setter prevents setting an empty value.
+     */
     public function DeleteCollaboraDictionaries() : void {
-        $config = $this->GetConfig();
-        $config['collabora_dictionaries'] = '';
-        $this->WriteConfig($config);
+        $this->set('collabora_dictionaries', '');
     }
 
     /**
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ae8e9c83..3bbc37f1 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -578,7 +578,7 @@ readonly class DockerActionManager {
             'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
             'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone,
-            'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(),
+            'COLLABORA_DICTIONARIES' => $this->configurationManager->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->collabora_dictionaries,
             'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',

From 228440f2a8905aab4a2db54faa70fc8565776ffd Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:21:23 +0100
Subject: [PATCH 3851/3949] Make `collabora_additional_options` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 .../Controller/ConfigurationController.php    |  4 +-
 php/src/Data/ConfigurationManager.php         | 38 +++++++++----------
 php/src/Docker/DockerActionManager.php        |  4 +-
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index dc0151e2..83d1d878 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -121,7 +121,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->GetTalkPort(),
         'collabora_dictionaries' => $configurationManager->collabora_dictionaries,
-        'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(),
+        'collabora_additional_options' => $configurationManager->collabora_additional_options,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 4a36ce5c..3147fda4 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -121,12 +121,12 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_collabora_additional_options'])) {
-                $this->configurationManager->DeleteAdditionalCollaboraOptions();
+                $this->configurationManager->deleteAdditionalCollaboraOptions();
             }
 
             if (isset($request->getParsedBody()['collabora_additional_options'])) {
                 $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? '';
-                $this->configurationManager->SetAdditionalCollaboraOptions($additionalCollaboraOptions);
+                $this->configurationManager->collabora_additional_options = $additionalCollaboraOptions;
             }
 
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9f037ec4..3c176556 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -148,6 +148,18 @@ class ConfigurationManager
         }
     }
 
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public string $collabora_additional_options {
+        get => $this->get('collabora_additional_options', '');
+        set {
+            // This throws an exception if the validation fails.
+            $this->validateCollaboraAdditionalOptions($value);
+            $this->set('collabora_additional_options', $value);
+        }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -866,7 +878,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetAdditionalCollaboraOptions(string $additionalCollaboraOptions) : void {
+    private function validateCollaboraAdditionalOptions(string $additionalCollaboraOptions) : void {
         if ($additionalCollaboraOptions === "") {
             throw new InvalidSettingConfigurationException("The additional options must not be empty!");
         }
@@ -874,32 +886,20 @@ class ConfigurationManager
         if (!preg_match("#^--o:#", $additionalCollaboraOptions)) {
             throw new InvalidSettingConfigurationException("The entered options must start with '--o:'. So the config does not seem to be a valid!");
         }
-
-        $config = $this->GetConfig();
-        $config['collabora_additional_options'] = $additionalCollaboraOptions;
-        $this->WriteConfig($config);
-    }
-
-    public function GetAdditionalCollaboraOptions() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['collabora_additional_options'])) {
-            $config['collabora_additional_options'] = '';
-        }
-
-        return $config['collabora_additional_options'];
     }
 
     public function isCollaboraSubscriptionEnabled() : bool {
-        if (str_contains($this->GetAdditionalCollaboraOptions(), '--o:support_key=')) {
+        if (str_contains($this->collabora_additional_options, '--o:support_key=')) {
             return true;
         }
         return false;
     }
 
-    public function DeleteAdditionalCollaboraOptions() : void {
-        $config = $this->GetConfig();
-        $config['collabora_additional_options'] = '';
-        $this->WriteConfig($config);
+    /**
+     * Provide an extra method since the corresponding attribute setter prevents setting an empty value.
+     */
+    public function deleteAdditionalCollaboraOptions() : void {
+        $this->set('collabora_additional_options', '');
     }
 
     public function GetApacheAdditionalNetwork() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 3bbc37f1..6afa46fe 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -427,8 +427,8 @@ readonly class DockerActionManager {
             }
 
             // Additional Collabora options
-            if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {
-                $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()];
+            if ($this->configurationManager->collabora_additional_options !== '') {
+                $requestBody['Cmd'] = [$this->configurationManager->collabora_additional_options];
             }
         }
 

From 6c04cd055f363dc52d4e1bcac7a317f428246ebb Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 15:44:22 +0100
Subject: [PATCH 3852/3949] Make `aio_community_containers` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  2 +-
 php/src/ContainerDefinitionFetcher.php        |  2 +-
 .../Controller/ConfigurationController.php    |  2 +-
 php/src/Data/ConfigurationManager.php         | 26 ++++---------------
 php/src/Docker/DockerActionManager.php        |  2 +-
 5 files changed, 9 insertions(+), 25 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 83d1d878..2d3e4f03 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -138,7 +138,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
-        'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
+        'community_containers_enabled' => $configurationManager->aio_community_containers,
         'bypass_container_update' => $bypass_container_update,
     ]);
 })->setName('profile');
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index e8244ddc..6f96d480 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -41,7 +41,7 @@ readonly class ContainerDefinitionFetcher {
         $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR);
 
         $additionalContainerNames = [];
-        foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) {
+        foreach ($this->configurationManager->aio_community_containers as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 3147fda4..a1132981 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -108,7 +108,7 @@ readonly class ConfigurationController {
                         $enabledCC[] = $item;
                     }
                 }
-                $this->configurationManager->SetEnabledCommunityContainers($enabledCC);
+                $this->configurationManager->aio_community_containers = $enabledCC;
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3c176556..72f69086 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -160,6 +160,11 @@ class ConfigurationManager
         }
     }
 
+    public array $aio_community_containers {
+        get => explode(' ', $this->get('aio_community_containers', ''));
+        set { $this->set('aio_community_containers', implode(' ', $value)); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -931,16 +936,6 @@ class ConfigurationManager
         }
     }
 
-    private function GetCommunityContainers() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['aio_community_containers'])) {
-            $config['aio_community_containers'] = '';
-        }
-
-        return $config['aio_community_containers'];
-    }
-
-
     public function listAvailableCommunityContainers() : array {
         $cc = [];
         $dir = scandir(DataConst::GetCommunityContainersDirectory());
@@ -976,17 +971,6 @@ class ConfigurationManager
         return $cc;
     }
 
-    /** @return list<string> */
-    public function GetEnabledCommunityContainers(): array {
-        return explode(' ', $this->GetCommunityContainers());
-    }
-
-    public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void {
-        $config = $this->GetConfig();
-        $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers);
-        $this->WriteConfig($config);
-    }
-
     private function GetEnabledDriDevice() : string {
         $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
         $configName = 'nextcloud_enable_dri_device';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6afa46fe..08cbf9b1 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -600,7 +600,7 @@ readonly class DockerActionManager {
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '',
             default => $this->configurationManager->GetRegisteredSecret($placeholder),
         };

From 0a22384cd90127a14f11dc55b1e73c83daf485c4 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 12:23:22 +0100
Subject: [PATCH 3853/3949] Make `turn_domain` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 14 +++++---------
 php/src/Docker/DockerActionManager.php |  2 +-
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 72f69086..9362815a 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -165,6 +165,11 @@ class ConfigurationManager
         set { $this->set('aio_community_containers', implode(' ', $value)); }
     }
 
+    public string $turn_domain {
+        get => $this->get('turn_domain', '');
+        set { $this->set('turn_domain', $value); }
+    }
+
     public function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -562,15 +567,6 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
-    public function GetTurnDomain() : string {
-        $config = $this->GetConfig();
-        if(!isset($config['turn_domain'])) {
-            $config['turn_domain'] = '';
-        }
-
-        return $config['turn_domain'];
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 08cbf9b1..367b7eb4 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -568,7 +568,7 @@ readonly class DockerActionManager {
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
             'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
-            'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(),
+            'TURN_DOMAIN' => $this->configurationManager->turn_domain,
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password,
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',

From 4e373cb2f8a0be7e809f0a6d2cdc3700e5b8abf2 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:45:00 +0100
Subject: [PATCH 3854/3949] Make `apache_ip_binding` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 12 +++++-------
 php/src/Docker/DockerActionManager.php |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9362815a..7182602e 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -124,6 +124,11 @@ class ConfigurationManager
         set { $this->set('borg_restore_password', $value); }
     }
 
+    public string $apache_ip_binding {
+        get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', '');
+        set { $this->set('apache_ip_binding', $value); }
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */
@@ -910,13 +915,6 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
-    public function GetApacheIPBinding() : string {
-        $envVariableName = 'APACHE_IP_BINDING';
-        $configName = 'apache_ip_binding';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
-    }
-
     private function GetDisableBackupSection() : string {
         $envVariableName = 'AIO_DISABLE_BACKUP_SECTION';
         $configName = 'disable_backup_section';
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 367b7eb4..b1bf847e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -297,7 +297,7 @@ readonly class DockerActionManager {
                 }
                 $ipBinding = $value->ipBinding;
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
-                    $ipBinding = $this->configurationManager->GetApacheIPBinding();
+                    $ipBinding = $this->configurationManager->apache_ip_binding;
                     // Do not expose if AIO is in internal network mode
                     if ($ipBinding === '@INTERNAL') {
                         continue;
@@ -566,7 +566,7 @@ readonly class DockerActionManager {
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '',
             'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
             'APACHE_PORT' => $this->configurationManager->GetApachePort(),
-            'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(),
+            'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding,
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
             'TURN_DOMAIN' => $this->configurationManager->turn_domain,
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),

From dc28eb67372be8bc6848eb17c27673c1ae382bb4 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:47:45 +0100
Subject: [PATCH 3855/3949] Make `apache_port` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 10 ++++------
 php/src/Docker/DockerActionManager.php |  8 ++++----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 2d3e4f03..27364a98 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -92,7 +92,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->domain,
-        'apache_port' => $configurationManager->GetApachePort(),
+        'apache_port' => $configurationManager->apache_port,
         'borg_backup_host_location' => $configurationManager->borg_backup_host_location,
         'borg_remote_repo' => $configurationManager->borg_remote_repo,
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 7182602e..aaef8e08 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -363,7 +363,7 @@ class ConfigurationManager
             }
 
             // Get the apache port
-            $port = $this->GetApachePort();
+            $port = $this->apache_port;
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                 if ($port === '443') {
@@ -558,11 +558,9 @@ class ConfigurationManager
         $this->set('password', $newPassword);
     }
 
-    public function GetApachePort() : string {
-        $envVariableName = 'APACHE_PORT';
-        $configName = 'apache_port';
-        $defaultValue = '443';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $apache_port {
+        get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
+        set { $this->set('apache_port', $value); }
     }
 
     public function GetTalkPort() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b1bf847e..0db11ade 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -115,7 +115,7 @@ readonly class DockerActionManager {
         $containerName = $container->identifier;
         $internalPort = $container->internalPorts;
         if ($internalPort === '%APACHE_PORT%') {
-            $internalPort = $this->configurationManager->GetApachePort();
+            $internalPort = $this->configurationManager->apache_port;
         } elseif ($internalPort === '%TALK_PORT%') {
             $internalPort = $this->configurationManager->GetTalkPort();
         }
@@ -261,7 +261,7 @@ readonly class DockerActionManager {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
-                    $port = $this->configurationManager->GetApachePort();
+                    $port = $this->configurationManager->apache_port;
                     // Do not expose udp if AIO is in reverse proxy mode
                     if ($port !== '443' && $protocol === 'udp') {
                         continue;
@@ -283,7 +283,7 @@ readonly class DockerActionManager {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
-                    $port = $this->configurationManager->GetApachePort();
+                    $port = $this->configurationManager->apache_port;
                     // Do not expose udp if AIO is in reverse proxy mode
                     if ($port !== '443' && $protocol === 'udp') {
                         continue;
@@ -565,7 +565,7 @@ readonly class DockerActionManager {
             'AIO_URL' => $this->configurationManager->AIO_URL,
             'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '',
             'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
-            'APACHE_PORT' => $this->configurationManager->GetApachePort(),
+            'APACHE_PORT' => $this->configurationManager->apache_port,
             'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding,
             'TALK_PORT' => $this->configurationManager->GetTalkPort(),
             'TURN_DOMAIN' => $this->configurationManager->turn_domain,

From 96c9c1a6f91befbba4150d9312bc00173044ade9 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:52:24 +0100
Subject: [PATCH 3856/3949] Make `talk_port` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 10 ++++------
 php/src/Docker/DockerActionManager.php |  8 ++++----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 27364a98..718ad0ca 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -119,7 +119,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
-        'talk_port' => $configurationManager->GetTalkPort(),
+        'talk_port' => $configurationManager->talk_port,
         'collabora_dictionaries' => $configurationManager->collabora_dictionaries,
         'collabora_additional_options' => $configurationManager->collabora_additional_options,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index aaef8e08..fca733e9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -562,12 +562,10 @@ class ConfigurationManager
         get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
         set { $this->set('apache_port', $value); }
     }
-
-    public function GetTalkPort() : string {
-        $envVariableName = 'TALK_PORT';
-        $configName = 'talk_port';
-        $defaultValue = '3478';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+        
+    public string $talk_port {
+        get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
+        set { $this->set('talk_port', $value); }
     }
 
     /**
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 0db11ade..8cfbe399 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -117,7 +117,7 @@ readonly class DockerActionManager {
         if ($internalPort === '%APACHE_PORT%') {
             $internalPort = $this->configurationManager->apache_port;
         } elseif ($internalPort === '%TALK_PORT%') {
-            $internalPort = $this->configurationManager->GetTalkPort();
+            $internalPort = $this->configurationManager->talk_port;
         }
 
         if ($internalPort !== "" && $internalPort !== 'host') {
@@ -267,7 +267,7 @@ readonly class DockerActionManager {
                         continue;
                     }
                 } else if ($port === '%TALK_PORT%') {
-                    $port = $this->configurationManager->GetTalkPort();
+                    $port = $this->configurationManager->talk_port;
                 }
                 $portWithProtocol = $port . '/' . $protocol;
                 $exposedPorts[$portWithProtocol] = null;
@@ -289,7 +289,7 @@ readonly class DockerActionManager {
                         continue;
                     }
                 } else if ($port === '%TALK_PORT%') {
-                    $port = $this->configurationManager->GetTalkPort();
+                    $port = $this->configurationManager->talk_port;
                     // Skip publishing talk tcp port if it is set to 443
                     if ($port === '443' && $protocol === 'tcp') {
                         continue;
@@ -567,7 +567,7 @@ readonly class DockerActionManager {
             'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
             'APACHE_PORT' => $this->configurationManager->apache_port,
             'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding,
-            'TALK_PORT' => $this->configurationManager->GetTalkPort(),
+            'TALK_PORT' => $this->configurationManager->talk_port,
             'TURN_DOMAIN' => $this->configurationManager->turn_domain,
             'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password,

From 903aed1e34797c0fcaaa6bde13fe83b9cd77000f Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:54:14 +0100
Subject: [PATCH 3857/3949] Make `nextcloud_upload_limit` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 11 ++++-------
 php/src/Docker/DockerActionManager.php |  2 +-
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 718ad0ca..b14bb449 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -129,7 +129,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
         'nextcloud_mount' => $configurationManager->GetNextcloudMount(),
-        'nextcloud_upload_limit' => $configurationManager->GetNextcloudUploadLimit(),
+        'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fca733e9..f9525c09 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -634,13 +634,10 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
-    public function GetNextcloudUploadLimit() : string {
-        $envVariableName = 'NEXTCLOUD_UPLOAD_LIMIT';
-        $configName = 'nextcloud_upload_limit';
-        $defaultValue = '16G';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $nextcloud_upload_limit {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
+        set { $this->set('nextcloud_upload_limit', $value); }
     }
-
     public function GetNextcloudMemoryLimit() : string {
         $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT';
         $configName = 'nextcloud_memory_limit';
@@ -649,7 +646,7 @@ class ConfigurationManager
     }
 
     public function GetApacheMaxSize() : int {
-        $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
+        $uploadLimit = (int)rtrim($this->nextcloud_upload_limit, 'G');
         return $uploadLimit * 1024 * 1024 * 1024;
     }
 
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8cfbe399..d42678a7 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -582,7 +582,7 @@ readonly class DockerActionManager {
             'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
-            'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(),
+            'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),
             'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),
             'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),

From 4de73dd75b865b6e5a1e0488ca0e92d30efbbbd8 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:53:22 +0100
Subject: [PATCH 3858/3949] Make `nextcloud_mount` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/ContainerDefinitionFetcher.php | 4 ++--
 php/src/Data/ConfigurationManager.php  | 8 +++-----
 php/src/Docker/DockerActionManager.php | 6 +++---
 4 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index b14bb449..a87449fc 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -128,7 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
-        'nextcloud_mount' => $configurationManager->GetNextcloudMount(),
+        'nextcloud_mount' => $configurationManager->nextcloud_mount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
         'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6f96d480..c81989f2 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -119,7 +119,7 @@ readonly class ContainerDefinitionFetcher {
                         }
                     }
                     if($value['source'] === '%NEXTCLOUD_MOUNT%') {
-                        $value['source'] = $this->configurationManager->GetNextcloudMount();
+                        $value['source'] = $this->configurationManager->nextcloud_mount;
                         if($value['source'] === '') {
                             continue;
                         }
@@ -140,7 +140,7 @@ readonly class ContainerDefinitionFetcher {
                         }
                     }
                     if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
-                        $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                        $value['destination'] = $this->configurationManager->nextcloud_mount;
                         if($value['destination'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index f9525c09..da823439 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -620,11 +620,9 @@ class ConfigurationManager
         return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
-    public function GetNextcloudMount() : string {
-        $envVariableName = 'NEXTCLOUD_MOUNT';
-        $configName = 'nextcloud_mount';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $nextcloud_mount {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
+        set { $this->set('nextcloud_mount', $value); }
     }
 
     public function GetNextcloudDatadirMount() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d42678a7..7ab3bc23 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -205,7 +205,7 @@ readonly class DockerActionManager {
         foreach ($container->volumes->GetVolumes() as $volume) {
             // // NEXTCLOUD_MOUNT gets added via bind-mount later on
             // if ($container->identifier === 'nextcloud-aio-nextcloud') {
-            //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
+            //     if ($volume->name === $this->configurationManager->nextcloud_mount) {
             //         continue;
             //     }
             // }
@@ -408,7 +408,7 @@ readonly class DockerActionManager {
             // // Special things for the nextcloud container which should not be exposed in the containers.json
             // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') {
             //     foreach ($container->volumes->GetVolumes() as $volume) {
-            //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+            //         if ($volume->name !== $this->configurationManager->nextcloud_mount) {
             //             continue;
             //         }
             //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
@@ -569,7 +569,7 @@ readonly class DockerActionManager {
             'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding,
             'TALK_PORT' => $this->configurationManager->talk_port,
             'TURN_DOMAIN' => $this->configurationManager->turn_domain,
-            'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(),
+            'NEXTCLOUD_MOUNT' => $this->configurationManager->nextcloud_mount,
             'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password,
             'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '',

From 3e19fa66d0271eb3b656a0aebab90e17383f6406 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:51:30 +0100
Subject: [PATCH 3859/3949] Make `nextcloud_datadir_mount` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/ContainerDefinitionFetcher.php |  2 +-
 php/src/Data/ConfigurationManager.php  | 13 ++++++-------
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index a87449fc..e312a7df 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -127,7 +127,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
-        'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
+        'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount,
         'nextcloud_mount' => $configurationManager->nextcloud_mount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index c81989f2..22309da8 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -124,7 +124,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
-                        $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                        $value['source'] = $this->configurationManager->nextcloud_datadir_mount;
                         if ($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index da823439..b2dd40fb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -473,8 +473,8 @@ class ConfigurationManager
 
             // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore
             // See https://github.com/nextcloud/all-in-one/issues/6607
-            if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) {
-                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount());
+            if (str_starts_with($location . '/', rtrim($this->nextcloud_datadir_mount, '/') . '/')) {
+                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloud_datadir_mount);
             }
 
         } else {
@@ -625,11 +625,10 @@ class ConfigurationManager
         set { $this->set('nextcloud_mount', $value); }
     }
 
-    public function GetNextcloudDatadirMount() : string {
-        $envVariableName = 'NEXTCLOUD_DATADIR';
-        $configName = 'nextcloud_datadir';
-        $defaultValue = 'nextcloud_aio_nextcloud_data';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+
+    public string $nextcloud_datadir_mount {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
+        set { $this->set('nextcloud_datadir_mount', $value); }
     }
 
     public string $nextcloud_upload_limit {

From c1f8ac6989e9a0064c6012546f0f6060fccac190 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:54:54 +0100
Subject: [PATCH 3860/3949] Make `nextcloud_memory_limit` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/Data/ConfigurationManager.php  | 9 ++++-----
 php/src/Docker/DockerActionManager.php | 2 +-
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index e312a7df..7bace4ac 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -131,7 +131,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_mount' => $configurationManager->nextcloud_mount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
-        'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
+        'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b2dd40fb..c466bb3c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -635,11 +635,10 @@ class ConfigurationManager
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
         set { $this->set('nextcloud_upload_limit', $value); }
     }
-    public function GetNextcloudMemoryLimit() : string {
-        $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT';
-        $configName = 'nextcloud_memory_limit';
-        $defaultValue = '512M';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    
+    public string $nextcloud_memory_limit {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
+        set { $this->set('nextcloud_memory_limit', $value); }
     }
 
     public function GetApacheMaxSize() : int {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7ab3bc23..ee3cee60 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -583,7 +583,7 @@ readonly class DockerActionManager {
             'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit,
-            'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(),
+            'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit,
             'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),
             'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),

From 367e847cc813a674c8977c3b0e7e635588838dda Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 12:55:58 +0100
Subject: [PATCH 3861/3949] Make `nextcloud_max_time` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/Data/ConfigurationManager.php  | 8 +++-----
 php/src/Docker/DockerActionManager.php | 2 +-
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 7bace4ac..d4f4799f 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -130,7 +130,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount,
         'nextcloud_mount' => $configurationManager->nextcloud_mount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
-        'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
+        'nextcloud_max_time' => $configurationManager->nextcloud_max_time,
         'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c466bb3c..44c8cc62 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -646,11 +646,9 @@ class ConfigurationManager
         return $uploadLimit * 1024 * 1024 * 1024;
     }
 
-    public function GetNextcloudMaxTime() : string {
-        $envVariableName = 'NEXTCLOUD_MAX_TIME';
-        $configName = 'nextcloud_max_time';
-        $defaultValue = '3600';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $nextcloud_max_time {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
+        set { $this->set('nextcloud_max_time', $value); }
     }
 
     public function GetBorgRetentionPolicy() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ee3cee60..b14e31db 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -584,7 +584,7 @@ readonly class DockerActionManager {
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit,
-            'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(),
+            'NEXTCLOUD_MAX_TIME' => $this->configurationManager->nextcloud_max_time,
             'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),

From f1ffd0771ce86e253e40e16ef4996fe16a960c76 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 14:28:15 +0100
Subject: [PATCH 3862/3949] Privatize GetConfig() and WriteConfig()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 44c8cc62..e172d19b 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -175,7 +175,7 @@ class ConfigurationManager
         set { $this->set('turn_domain', $value); }
     }
 
-    public function GetConfig() : array
+    private function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
         {
@@ -571,10 +571,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function WriteConfig(?array $config) : void {
-        if ($config) {
-            $this->config = $config;
-        }
+    private function WriteConfig() : void {
         if(!is_dir(DataConst::GetDataDirectory())) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }

From c997332e47e26473536fbffa5e6881293814f369 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 18:28:58 +0100
Subject: [PATCH 3863/3949] Remove residue code

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e172d19b..b30e6fc3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -419,8 +419,6 @@ class ConfigurationManager
             }
         }
 
-        $config = $this->GetConfig();
-        $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) use ($domain) {
             // Write domain
             // Don't set the domain via the attribute, or we create a loop.
@@ -443,9 +441,6 @@ class ConfigurationManager
      */
     public function SetBorgLocationVars(string $location, string $repo) : void {
         $this->ValidateBorgLocationVars($location, $repo);
-
-        $config = $this->GetConfig();
-        $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) use ($location, $repo) {
             $confManager->borg_backup_host_location = $location;
             $confManager->borg_remote_repo = $repo;
@@ -495,8 +490,6 @@ class ConfigurationManager
 
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
-        $config = $this->GetConfig();
-        $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) {
             $confManager->borg_backup_host_location = '';
             $confManager->borg_remote_repo = '';
@@ -520,8 +513,6 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter the password!");
         }
 
-        $config = $this->GetConfig();
-        $this->WriteConfig($config);
         $this->setMultiple(function ($confManager) use ($location, $repo, $password) {
             $confManager->borg_backup_host_location = $location;
             $confManager->borg_remote_repo = $repo;

From 9c9ad02f8a830f210494ea141fbcf400bb87fbd7 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 16:31:29 +0100
Subject: [PATCH 3864/3949] Set multiple attributes at once

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 27 +++++++++++++++----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 4e6d52b7..f1c5400d 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -123,9 +123,11 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->backupMode = 'restore';
-        $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
-        $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
+        $this->configurationManager->setMultiple(function ($confManager) use ($request) {
+            $confManager->backupMode = 'restore';
+            $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
+            $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
+        });
 
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
@@ -150,8 +152,10 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->backupMode = 'test';
-        $this->configurationManager->instance_restore_attempt = false;
+        $this->configurationManager->setMultiple(function ($confManager) {
+            $confManager->backupMode = 'test';
+            $confManager->instance_restore_attempt = false;
+        });
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
@@ -173,12 +177,13 @@ readonly class DockerController {
             $port = 443;
         }
 
-        $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
-        // set AIO_URL
-        $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
-        // set wasStartButtonClicked
-        $this->configurationManager->wasStartButtonClicked = true;
-
+        $this->configurationManager->setMultiple(function ($confManager) use ($request, $host, $port, $path) {
+            $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
+            // set AIO_URL
+            $confManager->AIO_URL = $host . ':' . (string)$port . $path;
+            // set wasStartButtonClicked
+            $confManager->wasStartButtonClicked = true;
+        });
         // Do not pull container images in case 'bypass_container_update' is set via url params
         // Needed for local testing
         $pullImage = !isset($request->getParsedBody()['bypass_container_update']);

From 844831a899fd075adcd820b307faac0c81b20eb8 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 09:27:43 +0100
Subject: [PATCH 3865/3949] Move handling ENV-var replacement into
 ConfigurationManger

It's the more appropriate place to have this code, and we had to touch
it anyways to make it assign the values to the attributes.

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 93 ++++++++++++++++++++++++++
 php/src/Docker/DockerActionManager.php | 88 +-----------------------
 2 files changed, 95 insertions(+), 86 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b30e6fc3..2cbae5cc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -980,4 +980,97 @@ class ConfigurationManager
             return true;
         }
     }
+
+    public function setAioVariables(array $input) : void {
+        if ($input === []) {
+            return;
+        }
+        $this->setMultiple(function($confManager) use ($input) {
+            foreach ($input as $variable) {
+                $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
+                [$key, $value] = explode('=', $keyWithValue, 2);
+                // Set if there's an attribute corresponding to the key.
+                if (isset($key, $confManager->$key)) {
+                    $confManager->$key = $value;
+                }
+            }
+        });
+    }
+
+    //
+    // Replaces placeholders in $envValue with their values.
+    // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
+    public function replaceEnvPlaceholders(string $envValue): string {
+        // $pattern breaks down as:
+        // % - matches a literal percent sign
+        // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
+        // % - matches the closing percent sign
+        //
+        // Assumes literal percent signs are always matched and there is no
+        // escaping.
+        $pattern = '/%([^%]+)%/';
+        $matchCount = preg_match_all($pattern, $envValue, $matches);
+
+        if ($matchCount === 0) {
+            return $envValue;
+        }
+
+        $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
+        $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
+        $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
+        $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"]
+        // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
+        return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
+    }
+
+    private function getPlaceholderValue(string $placeholder) : string {
+        return match ($placeholder) {
+            'NC_DOMAIN' => $this->domain,
+            'NC_BASE_DN' => $this->GetBaseDN(),
+            'AIO_TOKEN' => $this->AIO_TOKEN,
+            'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo,
+            'BORGBACKUP_MODE' => $this->backupMode,
+            'AIO_URL' => $this->AIO_URL,
+            'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime,
+            'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '',
+            'APACHE_PORT' => $this->apache_port,
+            'APACHE_IP_BINDING' => $this->apache_ip_binding,
+            'TALK_PORT' => $this->talk_port,
+            'TURN_DOMAIN' => $this->turn_domain,
+            'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
+            'BACKUP_RESTORE_PASSWORD' => $this->borg_restore_password,
+            'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',
+            'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '',
+            'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '',
+            'COLLABORA_ENABLED' => $this->isCollaboraEnabled ? 'yes' : '',
+            'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '',
+            'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '',
+            'TIMEZONE' => $this->timezone === '' ? 'Etc/UTC' : $this->timezone,
+            'COLLABORA_DICTIONARIES' => $this->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collabora_dictionaries,
+            'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '',
+            'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '',
+            'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',
+            'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit,
+            'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit,
+            'NEXTCLOUD_MAX_TIME' => $this->nextcloud_max_time,
+            'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(),
+            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),
+            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),
+            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
+            'BORGBACKUP_HOST_LOCATION' => $this->borg_backup_host_location,
+            'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()),
+            'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(),
+            'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
+            'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(),
+            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(),
+            'INSTALL_LATEST_MAJOR' => $this->install_latest_major ? 'yes' : '',
+            'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',
+            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
+            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
+            default => $this->GetRegisteredSecret($placeholder),
+        };
+    }
 }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index b14e31db..832480c2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -228,15 +228,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
-        $aioVariables = $container->aioVariables->GetVariables();
-        foreach ($aioVariables as $variable) {
-            $config = $this->configurationManager->GetConfig();
-            $variable = $this->replaceEnvPlaceholders($variable);
-            $variableArray = explode('=', $variable);
-            $config[$variableArray[0]] = $variableArray[1];
-            $this->configurationManager->WriteConfig($config);
-            sleep(1);
-        }
+        $this->configurationManager->setAioVariables($container->aioVariables->GetVariables());
 
         $envs = $container->containerEnvironmentVariables->GetVariables();
         // Special thing for the nextcloud container
@@ -244,7 +236,7 @@ readonly class DockerActionManager {
             $envs[] = $this->GetAllNextcloudExecCommands();
         }
         foreach ($envs as $key => $env) {
-            $envs[$key] = $this->replaceEnvPlaceholders($env);
+            $envs[$key] = $this->configurationManager->replaceEnvPlaceholders($env);
         }
 
         if (count($envs) > 0) {
@@ -530,82 +522,6 @@ readonly class DockerActionManager {
         }
     }
 
-    // Replaces placeholders in $envValue with their values.
-    // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000"
-    private function replaceEnvPlaceholders(string $envValue): string {
-        // $pattern breaks down as:
-        // % - matches a literal percent sign
-        // ([^%]+) - capture group that matches one or more characters that are NOT percent signs
-        // % - matches the closing percent sign
-        //
-        // Assumes literal percent signs are always matched and there is no
-        // escaping.
-        $pattern = '/%([^%]+)%/';
-        $matchCount = preg_match_all($pattern, $envValue, $matches);
-
-        if ($matchCount === 0) {
-            return $envValue;
-        }
-
-        $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...]
-        $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...]
-        $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...]
-        $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"]
-        // Guaranteed to be non-null because we found the placeholders in the preg_match_all.
-        return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue);
-    }
-
-    private function getPlaceholderValue(string $placeholder) : string {
-        return match ($placeholder) {
-            'NC_DOMAIN' => $this->configurationManager->GetDomain(),
-            'NC_BASE_DN' => $this->configurationManager->GetBaseDN(),
-            'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN,
-            'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->borg_remote_repo,
-            'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(),
-            'AIO_URL' => $this->configurationManager->AIO_URL,
-            'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '',
-            'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime,
-            'APACHE_PORT' => $this->configurationManager->apache_port,
-            'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding,
-            'TALK_PORT' => $this->configurationManager->talk_port,
-            'TURN_DOMAIN' => $this->configurationManager->turn_domain,
-            'NEXTCLOUD_MOUNT' => $this->configurationManager->nextcloud_mount,
-            'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password,
-            'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '',
-            'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '',
-            'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '',
-            'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '',
-            'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '',
-            'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '',
-            'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone,
-            'COLLABORA_DICTIONARIES' => $this->configurationManager->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->collabora_dictionaries,
-            'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '',
-            'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '',
-            'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '',
-            'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit,
-            'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit,
-            'NEXTCLOUD_MAX_TIME' => $this->configurationManager->nextcloud_max_time,
-            'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(),
-            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(),
-            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(),
-            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
-            'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->borg_backup_host_location,
-            'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()),
-            'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(),
-            'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(),
-            'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(),
-            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(),
-            'INSTALL_LATEST_MAJOR' => $this->configurationManager->install_latest_major ? 'yes' : '',
-            'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '',
-            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
-            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
-            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '',
-            default => $this->configurationManager->GetRegisteredSecret($placeholder),
-        };
-    }
-
     private function isContainerUpdateAvailable(string $id): string {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 

From fd308d4b802c31169fb2df2189daad638c32a7ce Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 19 Jan 2026 15:18:13 +0100
Subject: [PATCH 3866/3949] Simplify some code a little bit

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2cbae5cc..19ff0b74 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -697,10 +697,7 @@ class ConfigurationManager
     }
 
     public function isSeccompDisabled() : bool {
-        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
-            return true;
-        }
-        return false;
+        return $this->GetCollaboraSeccompDisabledState() === 'true';
     }
 
     /**
@@ -795,10 +792,7 @@ class ConfigurationManager
     }
 
     public function isDailyBackupRunning() : bool {
-        if (file_exists(DataConst::GetDailyBackupBlockFile())) {
-            return true;
-        }
-        return false;
+        return file_exists(DataConst::GetDailyBackupBlockFile());
     }
 
     /**
@@ -870,10 +864,7 @@ class ConfigurationManager
     }
 
     public function isCollaboraSubscriptionEnabled() : bool {
-        if (str_contains($this->collabora_additional_options, '--o:support_key=')) {
-            return true;
-        }
-        return false;
+        return str_contains($this->collabora_additional_options, '--o:support_key=');
     }
 
     /**

From 662840bc25444fb1081af602a0143c6cea2f75ae Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 19:36:39 +0100
Subject: [PATCH 3867/3949] Make psalm accept the property-hooks for virtual
 attributes

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/psalm.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/psalm.xml b/php/psalm.xml
index d7ce38c9..576d82d2 100644
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -20,5 +20,10 @@
 	</extraFiles>
 	<issueHandlers>
   		<ClassMustBeFinal errorLevel="suppress" />
+        <MissingConstructor>
+            <errorLevel type="suppress">
+                <file name="src/Data/ConfigurationManager.php" />  <!-- We're using property hooks with virtual properties in that file, which Psalm wrongly complains about. See <https://github.com/vimeo/psalm/issues/11435>.  -->
+            </errorLevel>
+        </MissingConstructor>
 	</issueHandlers>
 </psalm>

From 77bec5898f84de1e0f9dd66bf3e0ceef8919abf5 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 20 Jan 2026 19:34:52 +0100
Subject: [PATCH 3868/3949] Type for Closure argument

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php |  6 +++---
 php/src/Data/ConfigurationManager.php   | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f1c5400d..c60efda5 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -123,7 +123,7 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->setMultiple(function ($confManager) use ($request) {
+        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request) {
             $confManager->backupMode = 'restore';
             $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
             $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
@@ -152,7 +152,7 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->setMultiple(function ($confManager) {
+        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) {
             $confManager->backupMode = 'test';
             $confManager->instance_restore_attempt = false;
         });
@@ -177,7 +177,7 @@ readonly class DockerController {
             $port = 443;
         }
 
-        $this->configurationManager->setMultiple(function ($confManager) use ($request, $host, $port, $path) {
+        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request, $host, $port, $path) {
             $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
             // set AIO_URL
             $confManager->AIO_URL = $host . ':' . (string)$port . $path;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 19ff0b74..2fb0a413 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -419,7 +419,7 @@ class ConfigurationManager
             }
         }
 
-        $this->setMultiple(function ($confManager) use ($domain) {
+        $this->setMultiple(function (ConfigurationManager $confManager) use ($domain) {
             // Write domain
             // Don't set the domain via the attribute, or we create a loop.
             $confManager->set('domain', $domain);
@@ -441,7 +441,7 @@ class ConfigurationManager
      */
     public function SetBorgLocationVars(string $location, string $repo) : void {
         $this->ValidateBorgLocationVars($location, $repo);
-        $this->setMultiple(function ($confManager) use ($location, $repo) {
+        $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo) {
             $confManager->borg_backup_host_location = $location;
             $confManager->borg_remote_repo = $repo;
         });
@@ -490,7 +490,7 @@ class ConfigurationManager
 
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
-        $this->setMultiple(function ($confManager) {
+        $this->setMultiple(function (ConfigurationManager $confManager) {
             $confManager->borg_backup_host_location = '';
             $confManager->borg_remote_repo = '';
         });
@@ -513,7 +513,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter the password!");
         }
 
-        $this->setMultiple(function ($confManager) use ($location, $repo, $password) {
+        $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo, $password) {
             $confManager->borg_backup_host_location = $location;
             $confManager->borg_remote_repo = $repo;
             $confManager->borg_restore_password = $password;
@@ -976,7 +976,7 @@ class ConfigurationManager
         if ($input === []) {
             return;
         }
-        $this->setMultiple(function($confManager) use ($input) {
+        $this->setMultiple(function(ConfigurationManager $confManager) use ($input) {
             foreach ($input as $variable) {
                 $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
                 [$key, $value] = explode('=', $keyWithValue, 2);

From c65ccd2db02f7dfbf664ce17b7ca07036d5d4516 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 21 Jan 2026 09:54:29 +0100
Subject: [PATCH 3869/3949] Make aio-variables code more robust and
 psalm-compatible

Now the input gets checked for being useful. It's user-generated data in the
end, which might be "funny" in curious ways.

psalm complained about the possibly unset second array key in the
destructuring assignment of `$key` and `$value`, which won't happen due to the
check for a present equal sign earlier, but nonetheless this way the code is
more robust.

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2fb0a413..2863d6e8 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -978,10 +978,19 @@ class ConfigurationManager
         }
         $this->setMultiple(function(ConfigurationManager $confManager) use ($input) {
             foreach ($input as $variable) {
+                if (!is_string($variable) || !str_contains($variable, '=')) {
+                    error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')");
+                    continue;
+                }
                 $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
-                [$key, $value] = explode('=', $keyWithValue, 2);
-                // Set if there's an attribute corresponding to the key.
-                if (isset($key, $confManager->$key)) {
+                // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case
+                // the check for an equal sign from above gets changed).
+                [$key, $value] = explode('=', $keyWithValue, 2) + [null, null];
+                if ($value === null) {
+                    error_log("Invalid input: '$keyWithValue' has no value after the equal sign");
+                } else if (!property_exists($confManager, $key)) {
+                    error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')");
+                } else {
                     $confManager->$key = $value;
                 }
             }

From 6bf45fb5072788a4926a4c3175f996b97b10fc10 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 21 Jan 2026 13:11:45 +0100
Subject: [PATCH 3870/3949] A script to list AIO variables that are
 configurable through `aio_variables` in community containers

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 get-configurable-aio-variables.sh | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100755 get-configurable-aio-variables.sh

diff --git a/get-configurable-aio-variables.sh b/get-configurable-aio-variables.sh
new file mode 100755
index 00000000..44536bd3
--- /dev/null
+++ b/get-configurable-aio-variables.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+awk '/^    public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' php/src/Data/ConfigurationManager.php | sort

From 76d475f2b249aa6447b96d89a1eae56875fb8b34 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 16:40:45 +0100
Subject: [PATCH 3871/3949] Replace setMultiple() by startTransaction() and
 commitTransaction()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 33 ++++-----
 php/src/Data/ConfigurationManager.php   | 96 +++++++++++++------------
 2 files changed, 68 insertions(+), 61 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index c60efda5..7078b71f 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -123,11 +123,11 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request) {
-            $confManager->backupMode = 'restore';
-            $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
-            $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
-        });
+        $this->configurationManager->startTransaction();
+        $this->configurationManager->backupMode = 'restore';
+        $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
+        $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
+        $this->configurationManager->commitTransaction();
 
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
@@ -152,10 +152,10 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
-        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) {
-            $confManager->backupMode = 'test';
-            $confManager->instance_restore_attempt = false;
-        });
+        $this->configurationManager->startTransaction();
+        $this->configurationManager->backupMode = 'test';
+        $this->configurationManager->instance_restore_attempt = false;
+        $this->configurationManager->commitTransaction();
 
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);
@@ -177,13 +177,14 @@ readonly class DockerController {
             $port = 443;
         }
 
-        $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request, $host, $port, $path) {
-            $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
-            // set AIO_URL
-            $confManager->AIO_URL = $host . ':' . (string)$port . $path;
-            // set wasStartButtonClicked
-            $confManager->wasStartButtonClicked = true;
-        });
+        $this->configurationManager->startTransaction();
+        $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
+        // set AIO_URL
+        $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
+        // set wasStartButtonClicked
+        $this->configurationManager->wasStartButtonClicked = true;
+        $this->configurationManager->commitTransaction();
+        
         // Do not pull container images in case 'bypass_container_update' is set via url params
         // Needed for local testing
         $pullImage = !isset($request->getParsedBody()['bypass_container_update']);
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2863d6e8..2caf7849 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -193,21 +193,26 @@ class ConfigurationManager
     private function set(string $key, mixed $value) : void {
         $this->GetConfig();
         $this->config[$key] = $value;
-        // Only write if this isn't called via setMultiple().
+        // Only write if this isn't called in between startTransaction() and commitTransaction().
         if ($this->noWrite !== true) {
             $this->WriteConfig();
         }
     }
 
     /**
-     * This allows to assign multiple attributes without saving the config to disk in between (as would
-     * calling set() do).
+     * This allows to assign multiple attributes without saving the config to disk in between. It must be
+     * followed by a call to commitTransaction(), which then writes all changes to disk.
      */
-    public function setMultiple(\Closure $closure) : void {
+    public function startTransaction() : void {
+        $this->GetConfig();
         $this->noWrite = true;
+    }
+
+    /**
+     * This allows to assign multiple attributes without saving the config to disk in between.
+     */
+    public function commitTransaction() : void {
         try {
-            $this->GetConfig();
-            $closure($this);
             $this->WriteConfig();
         } finally {
             $this->noWrite = false;
@@ -419,13 +424,14 @@ class ConfigurationManager
             }
         }
 
-        $this->setMultiple(function (ConfigurationManager $confManager) use ($domain) {
-            // Write domain
-            // Don't set the domain via the attribute, or we create a loop.
-            $confManager->set('domain', $domain);
-            // Reset the borg restore password when setting the domain
-            $confManager->borg_restore_password = '';
-        });
+        $this->startTransaction();
+        // Write domain
+        // Don't set the domain via the attribute, or we create a loop.
+        $this->set('domain', $domain);
+        // Reset the borg restore password when setting the domain
+        $this->borg_restore_password = '';
+        $this->startTransaction();
+        $this->commitTransaction();
     }
 
     public function GetBaseDN() : string {
@@ -441,10 +447,10 @@ class ConfigurationManager
      */
     public function SetBorgLocationVars(string $location, string $repo) : void {
         $this->ValidateBorgLocationVars($location, $repo);
-        $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo) {
-            $confManager->borg_backup_host_location = $location;
-            $confManager->borg_remote_repo = $repo;
-        });
+        $this->startTransaction();
+        $this->borg_backup_host_location = $location;
+        $this->borg_remote_repo = $repo;
+        $this->commitTransaction();
     }
 
     private function ValidateBorgLocationVars(string $location, string $repo) : void {
@@ -490,10 +496,10 @@ class ConfigurationManager
 
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
-        $this->setMultiple(function (ConfigurationManager $confManager) {
-            $confManager->borg_backup_host_location = '';
-            $confManager->borg_remote_repo = '';
-        });
+        $this->startTransaction();
+        $this->borg_backup_host_location = '';
+        $this->borg_remote_repo = '';
+        $this->commitTransaction();
 
         // Also delete the borg config file to be able to start over
         if (file_exists(DataConst::GetBackupKeyFile())) {
@@ -513,12 +519,12 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter the password!");
         }
 
-        $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo, $password) {
-            $confManager->borg_backup_host_location = $location;
-            $confManager->borg_remote_repo = $repo;
-            $confManager->borg_restore_password = $password;
-            $confManager->instance_restore_attempt = true;
-        });
+        $this->startTransaction();
+        $this->borg_backup_host_location = $location;
+        $this->borg_remote_repo = $repo;
+        $this->borg_restore_password = $password;
+        $this->instance_restore_attempt = true;
+        $this->commitTransaction();
     }
 
     /**
@@ -976,25 +982,25 @@ class ConfigurationManager
         if ($input === []) {
             return;
         }
-        $this->setMultiple(function(ConfigurationManager $confManager) use ($input) {
-            foreach ($input as $variable) {
-                if (!is_string($variable) || !str_contains($variable, '=')) {
-                    error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')");
-                    continue;
-                }
-                $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
-                // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case
-                // the check for an equal sign from above gets changed).
-                [$key, $value] = explode('=', $keyWithValue, 2) + [null, null];
-                if ($value === null) {
-                    error_log("Invalid input: '$keyWithValue' has no value after the equal sign");
-                } else if (!property_exists($confManager, $key)) {
-                    error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')");
-                } else {
-                    $confManager->$key = $value;
-                }
+        $this->startTransaction();
+        foreach ($input as $variable) {
+            if (!is_string($variable) || !str_contains($variable, '=')) {
+                error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')");
+                continue;
             }
-        });
+            $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
+            // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case
+            // the check for an equal sign from above gets changed).
+            [$key, $value] = explode('=', $keyWithValue, 2) + [null, null];
+            if ($value === null) {
+                error_log("Invalid input: '$keyWithValue' has no value after the equal sign");
+            } else if (!property_exists($confManager, $key)) {
+                error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')");
+            } else {
+                $confManager->$key = $value;
+            }
+        }
+        $this->commitTransaction();
     }
 
     //

From dac5cfd917b8d7f7b748facf20874679e886cb36 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 16:43:41 +0100
Subject: [PATCH 3872/3949] Don't write the default value to disk

This matches the previous behaviour and should not be changed silently.

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 2caf7849..d25e4a91 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -591,7 +591,6 @@ class ConfigurationManager
         $configValue = $this->get($configName, '');
         if ($envVariableOutput === false) {
             if ($configValue === '') {
-                $this->set($configName, $defaultValue);
                 return $defaultValue;
             }
             return $configValue;

From 3bb2ce6e4cc979dc772c410e9ac568ed515f1271 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 16:55:15 +0100
Subject: [PATCH 3873/3949] Type-cast get values to fix handling old config
 data

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 36 ++++++++++++++++++---------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d25e4a91..b7916b16 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -24,17 +24,20 @@ class ConfigurationManager
     }
 
     public bool $isDockerSocketProxyEnabled {
-        get => $this->get('isDockerSocketProxyEnabled', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isDockerSocketProxyEnabled', false);
         set { $this->set('isDockerSocketProxyEnabled', $value); }
     }
 
     public bool $isWhiteboardEnabled {
-        get => $this->get('isWhiteboardEnabled', true);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isWhiteboardEnabled', true);
         set { $this->set('isWhiteboardEnabled', $value); }
     }
 
     public bool $restoreExcludePreviews {
-        get => $this->get('restore-exclude-previews', false);
+        // Type-cast because old configs could have '1'/'' for this key.
+        get => (bool) $this->get('restore-exclude-previews', false);
         set { $this->set('restore-exclude-previews', $value); }
     }
 
@@ -49,7 +52,8 @@ class ConfigurationManager
     }
 
     public bool $instance_restore_attempt {
-        get => $this->get('instance_restore_attempt', false);
+        // Type-cast because old configs could have 1/'' for this key.
+        get => (bool) $this->get('instance_restore_attempt', false);
         set { $this->set('instance_restore_attempt', $value); }
     }
 
@@ -59,7 +63,8 @@ class ConfigurationManager
     }
 
     public bool $wasStartButtonClicked {
-        get => $this->get('wasStartButtonClicked', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('wasStartButtonClicked', false);
         set { $this->set('wasStartButtonClicked', $value); }
     }
 
@@ -69,37 +74,44 @@ class ConfigurationManager
     }
 
     public bool $isClamavEnabled {
-        get => $this->get('isClamavEnabled', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isClamavEnabled', false);
         set { $this->set('isClamavEnabled', $value); }
     }
 
     public bool $isOnlyofficeEnabled {
-        get => $this->get('isOnlyofficeEnabled', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isOnlyofficeEnabled', false);
         set { $this->set('isOnlyofficeEnabled', $value); }
     }
 
     public bool $isCollaboraEnabled {
-        get => $this->get('isCollaboraEnabled', true);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isCollaboraEnabled', true);
         set { $this->set('isCollaboraEnabled', $value); }
     }
 
     public bool $isTalkEnabled {
-        get => $this->get('isTalkEnabled', true);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isTalkEnabled', true);
         set { $this->set('isTalkEnabled', $value); }
     }
 
     public bool $isTalkRecordingEnabled {
-        get => $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false);
         set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); }
     }
 
     public bool $isImaginaryEnabled {
-        get => $this->get('isImaginaryEnabled', true);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isImaginaryEnabled', true);
         set { $this->set('isImaginaryEnabled', $value); }
     }
 
     public bool $isFulltextsearchEnabled {
-        get => $this->get('isFulltextsearchEnabled', false);
+        // Type-cast because old configs could have 1/0 for this key.
+        get => (bool) $this->get('isFulltextsearchEnabled', false);
         // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
         set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); }
     }

From 27fd1e82ab74ffa7acf74eefae7b26f1ec7d8724 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:10:21 +0100
Subject: [PATCH 3874/3949] Turn install_latest_major property into a string so
 we can save a version string or number

I chose a string instead of an integer so we have more freedom what to
actually save (maybe we want to include minor version digits at one point).

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 8 +++++++-
 php/src/Data/ConfigurationManager.php   | 7 ++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 7078b71f..47c6c259 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -177,8 +177,14 @@ readonly class DockerController {
             $port = 443;
         }
 
+        if (isset($request->getParsedBody()['install_latest_major'])) {
+            $install_latest_major = '32';
+        } else {
+            $install_latest_major = '';
+        }
+        
         $this->configurationManager->startTransaction();
-        $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']);
+        $this->configurationManager->install_latest_major = $install_latest_major;
         // set AIO_URL
         $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index b7916b16..7ca0f8bc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -68,8 +68,9 @@ class ConfigurationManager
         set { $this->set('wasStartButtonClicked', $value); }
     }
 
-    public bool $install_latest_major {
-        get => $this->get('install_latest_major', false);
+    public string $install_latest_major {
+        // Type-cast because old configs could have integers for this key.
+        get => (string) $this->get('install_latest_major', '');
         set { $this->set('install_latest_major', $value); }
     }
 
@@ -1080,7 +1081,7 @@ class ConfigurationManager
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(),
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(),
-            'INSTALL_LATEST_MAJOR' => $this->install_latest_major ? 'yes' : '',
+            'INSTALL_LATEST_MAJOR' => $this->install_latest_major,
             'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),

From dd5d51cb2a1ef50944e161f2c9e5b4f02808d926 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:12:45 +0100
Subject: [PATCH 3875/3949] Camelize property AIO_TOKEN => aioToken

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Auth/AuthManager.php            | 2 +-
 php/src/Controller/DockerController.php | 2 +-
 php/src/Data/ConfigurationManager.php   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index 1d558aed..f6ab0d10 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -19,7 +19,7 @@ readonly class AuthManager {
     }
 
     public function CheckToken(string $token) : bool {
-        return hash_equals($this->configurationManager->AIO_TOKEN, $token);
+        return hash_equals($this->configurationManager->aioToken, $token);
     }
 
     public function SetAuthState(bool $isLoggedIn) : void {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 47c6c259..862665c3 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -208,7 +208,7 @@ readonly class DockerController {
     }
 
     public function startTopContainer(bool $pullImage) : void {
-        $this->configurationManager->AIO_TOKEN = bin2hex(random_bytes(24));
+        $this->configurationManager->aioToken = bin2hex(random_bytes(24));
 
         // Stop domaincheck since apache would not be able to start otherwise
         $this->StopDomaincheckContainer();
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 7ca0f8bc..340e59d9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -13,7 +13,7 @@ class ConfigurationManager
 
     private bool $noWrite = false;
 
-    public string $AIO_TOKEN {
+    public string $aioToken {
         get => $this->get('AIO_TOKEN', '');
         set { $this->set('AIO_TOKEN', $value); }
     }
@@ -1045,7 +1045,7 @@ class ConfigurationManager
         return match ($placeholder) {
             'NC_DOMAIN' => $this->domain,
             'NC_BASE_DN' => $this->GetBaseDN(),
-            'AIO_TOKEN' => $this->AIO_TOKEN,
+            'AIO_TOKEN' => $this->aioToken,
             'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo,
             'BORGBACKUP_MODE' => $this->backupMode,
             'AIO_URL' => $this->AIO_URL,

From 62a21dd34a1bf8f9c346d92c585c8653b37c9a4d Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:16:02 +0100
Subject: [PATCH 3876/3949] Camelize property instance_restore_attempt =>
 instanceRestoreAttempt

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                    | 2 +-
 php/src/Controller/DockerController.php | 2 +-
 php/src/Data/ConfigurationManager.php   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index d4f4799f..7037946a 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -103,7 +103,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
-        'is_instance_restore_attempt' => $configurationManager->instance_restore_attempt,
+        'is_instance_restore_attempt' => $configurationManager->instanceRestoreAttempt,
         'borg_backup_mode' => $configurationManager->backupMode,
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
         'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 862665c3..c420bba3 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -154,7 +154,7 @@ readonly class DockerController {
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
         $this->configurationManager->startTransaction();
         $this->configurationManager->backupMode = 'test';
-        $this->configurationManager->instance_restore_attempt = false;
+        $this->configurationManager->instanceRestoreAttempt = false;
         $this->configurationManager->commitTransaction();
 
         $id = self::TOP_CONTAINER;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 340e59d9..94e8ae71 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -51,7 +51,7 @@ class ConfigurationManager
         set { $this->set('backup-mode', $value); }
     }
 
-    public bool $instance_restore_attempt {
+    public bool $instanceRestoreAttempt {
         // Type-cast because old configs could have 1/'' for this key.
         get => (bool) $this->get('instance_restore_attempt', false);
         set { $this->set('instance_restore_attempt', $value); }
@@ -536,7 +536,7 @@ class ConfigurationManager
         $this->borg_backup_host_location = $location;
         $this->borg_remote_repo = $repo;
         $this->borg_restore_password = $password;
-        $this->instance_restore_attempt = true;
+        $this->instanceRestoreAttempt = true;
         $this->commitTransaction();
     }
 

From 68f811b25f690af648d5c178238791d76b561719 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:17:54 +0100
Subject: [PATCH 3877/3949] Camelize property AIO_URL => aioUrl

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 2 +-
 php/src/Data/ConfigurationManager.php   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index c420bba3..2bff0295 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -186,7 +186,7 @@ readonly class DockerController {
         $this->configurationManager->startTransaction();
         $this->configurationManager->install_latest_major = $install_latest_major;
         // set AIO_URL
-        $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path;
+        $this->configurationManager->aioUrl = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
         $this->configurationManager->wasStartButtonClicked = true;
         $this->configurationManager->commitTransaction();
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 94e8ae71..eaf944af 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -57,7 +57,7 @@ class ConfigurationManager
         set { $this->set('instance_restore_attempt', $value); }
     }
 
-    public string $AIO_URL {
+    public string $aioUrl {
         get => $this->get('AIO_URL', '');
         set { $this->set('AIO_URL', $value); }
     }
@@ -1048,7 +1048,7 @@ class ConfigurationManager
             'AIO_TOKEN' => $this->aioToken,
             'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo,
             'BORGBACKUP_MODE' => $this->backupMode,
-            'AIO_URL' => $this->AIO_URL,
+            'AIO_URL' => $this->aioUrl,
             'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime,
             'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '',
             'APACHE_PORT' => $this->apache_port,

From 2425a0777234a341337af57c347094eebef7712e Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:19:10 +0100
Subject: [PATCH 3878/3949] Camelize property install_latest_major =>
 installLatestMajor

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Controller/DockerController.php | 6 +++---
 php/src/Data/ConfigurationManager.php   | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 2bff0295..81b920d0 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -178,13 +178,13 @@ readonly class DockerController {
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $install_latest_major = '32';
+            $installLatestMajor = '32';
         } else {
-            $install_latest_major = '';
+            $installLatestMajor = '';
         }
         
         $this->configurationManager->startTransaction();
-        $this->configurationManager->install_latest_major = $install_latest_major;
+        $this->configurationManager->installLatestMajor = $installLatestMajor;
         // set AIO_URL
         $this->configurationManager->aioUrl = $host . ':' . (string)$port . $path;
         // set wasStartButtonClicked
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index eaf944af..5ccf4b88 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -68,7 +68,7 @@ class ConfigurationManager
         set { $this->set('wasStartButtonClicked', $value); }
     }
 
-    public string $install_latest_major {
+    public string $installLatestMajor {
         // Type-cast because old configs could have integers for this key.
         get => (string) $this->get('install_latest_major', '');
         set { $this->set('install_latest_major', $value); }
@@ -1081,7 +1081,7 @@ class ConfigurationManager
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(),
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(),
-            'INSTALL_LATEST_MAJOR' => $this->install_latest_major,
+            'INSTALL_LATEST_MAJOR' => $this->installLatestMajor,
             'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),

From 62856e78bbaee7584a9ad9e6a255e6ec33aed06a Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:21:07 +0100
Subject: [PATCH 3879/3949] Camelize property borg_backup_host_location =>
 borgBackupHostLocation

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/ContainerDefinitionFetcher.php |  2 +-
 php/src/Data/ConfigurationManager.php  | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 7037946a..7e3a3842 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -93,7 +93,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->apache_port,
-        'borg_backup_host_location' => $configurationManager->borg_backup_host_location,
+        'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
         'borg_remote_repo' => $configurationManager->borg_remote_repo,
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 22309da8..84cd4d89 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -113,7 +113,7 @@ readonly class ContainerDefinitionFetcher {
             if (isset($entry['volumes'])) {
                 foreach ($entry['volumes'] as $value) {
                     if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
-                        $value['source'] = $this->configurationManager->borg_backup_host_location;
+                        $value['source'] = $this->configurationManager->borgBackupHostLocation;
                         if($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 5ccf4b88..e7e830cc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -122,7 +122,7 @@ class ConfigurationManager
         set { $this->SetDomain($value); }
     }
 
-    public string $borg_backup_host_location {
+    public string $borgBackupHostLocation {
         get => $this->get('borg_backup_host_location', '');
         set { $this->set('borg_backup_host_location', $value); }
     }
@@ -461,7 +461,7 @@ class ConfigurationManager
     public function SetBorgLocationVars(string $location, string $repo) : void {
         $this->ValidateBorgLocationVars($location, $repo);
         $this->startTransaction();
-        $this->borg_backup_host_location = $location;
+        $this->borgBackupHostLocation = $location;
         $this->borg_remote_repo = $repo;
         $this->commitTransaction();
     }
@@ -510,7 +510,7 @@ class ConfigurationManager
     public function DeleteBorgBackupLocationItems() : void {
         // Delete the variables
         $this->startTransaction();
-        $this->borg_backup_host_location = '';
+        $this->borgBackupHostLocation = '';
         $this->borg_remote_repo = '';
         $this->commitTransaction();
 
@@ -533,7 +533,7 @@ class ConfigurationManager
         }
 
         $this->startTransaction();
-        $this->borg_backup_host_location = $location;
+        $this->borgBackupHostLocation = $location;
         $this->borg_remote_repo = $repo;
         $this->borg_restore_password = $password;
         $this->instanceRestoreAttempt = true;
@@ -1075,7 +1075,7 @@ class ConfigurationManager
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
-            'BORGBACKUP_HOST_LOCATION' => $this->borg_backup_host_location,
+            'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation,
             'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()),
             'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),

From 284411c3695bf10c81d24bc8c16d36263578ce0c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:22:14 +0100
Subject: [PATCH 3880/3949] Camelize property borg_remote_repo =>
 borgRemoteRepo

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  |  2 +-
 php/src/Data/ConfigurationManager.php | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 7e3a3842..eafa994b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -94,7 +94,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'domain' => $configurationManager->domain,
         'apache_port' => $configurationManager->apache_port,
         'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
-        'borg_remote_repo' => $configurationManager->borg_remote_repo,
+        'borg_remote_repo' => $configurationManager->borgRemoteRepo,
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e7e830cc..08924d14 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -127,7 +127,7 @@ class ConfigurationManager
         set { $this->set('borg_backup_host_location', $value); }
     }
 
-    public string $borg_remote_repo {
+    public string $borgRemoteRepo {
         get => $this->get('borg_remote_repo', '');
         set { $this->set('borg_remote_repo', $value); }
     }
@@ -462,7 +462,7 @@ class ConfigurationManager
         $this->ValidateBorgLocationVars($location, $repo);
         $this->startTransaction();
         $this->borgBackupHostLocation = $location;
-        $this->borg_remote_repo = $repo;
+        $this->borgRemoteRepo = $repo;
         $this->commitTransaction();
     }
 
@@ -511,7 +511,7 @@ class ConfigurationManager
         // Delete the variables
         $this->startTransaction();
         $this->borgBackupHostLocation = '';
-        $this->borg_remote_repo = '';
+        $this->borgRemoteRepo = '';
         $this->commitTransaction();
 
         // Also delete the borg config file to be able to start over
@@ -534,7 +534,7 @@ class ConfigurationManager
 
         $this->startTransaction();
         $this->borgBackupHostLocation = $location;
-        $this->borg_remote_repo = $repo;
+        $this->borgRemoteRepo = $repo;
         $this->borg_restore_password = $password;
         $this->instanceRestoreAttempt = true;
         $this->commitTransaction();
@@ -1046,7 +1046,7 @@ class ConfigurationManager
             'NC_DOMAIN' => $this->domain,
             'NC_BASE_DN' => $this->GetBaseDN(),
             'AIO_TOKEN' => $this->aioToken,
-            'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo,
+            'BORGBACKUP_REMOTE_REPO' => $this->borgRemoteRepo,
             'BORGBACKUP_MODE' => $this->backupMode,
             'AIO_URL' => $this->aioUrl,
             'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime,

From 5cac2dcf12531b9631f06ba321a203059f5bd44c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:23:21 +0100
Subject: [PATCH 3881/3949] Camelize property borg_restore_password =>
 borgRestorePassword

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 2 +-
 php/src/Data/ConfigurationManager.php | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index eafa994b..5e8ddbb8 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -114,7 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
         'is_talk_enabled' => $configurationManager->isTalkEnabled,
-        'borg_restore_password' => $configurationManager->borg_restore_password,
+        'borg_restore_password' => $configurationManager->borgRestorePassword,
         'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->timezone,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 08924d14..a2dd399d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -132,7 +132,7 @@ class ConfigurationManager
         set { $this->set('borg_remote_repo', $value); }
     }
 
-    public string $borg_restore_password {
+    public string $borgRestorePassword {
         get => $this->get('borg_restore_password', '');
         set { $this->set('borg_restore_password', $value); }
     }
@@ -442,7 +442,7 @@ class ConfigurationManager
         // Don't set the domain via the attribute, or we create a loop.
         $this->set('domain', $domain);
         // Reset the borg restore password when setting the domain
-        $this->borg_restore_password = '';
+        $this->borgRestorePassword = '';
         $this->startTransaction();
         $this->commitTransaction();
     }
@@ -535,7 +535,7 @@ class ConfigurationManager
         $this->startTransaction();
         $this->borgBackupHostLocation = $location;
         $this->borgRemoteRepo = $repo;
-        $this->borg_restore_password = $password;
+        $this->borgRestorePassword = $password;
         $this->instanceRestoreAttempt = true;
         $this->commitTransaction();
     }
@@ -1056,7 +1056,7 @@ class ConfigurationManager
             'TALK_PORT' => $this->talk_port,
             'TURN_DOMAIN' => $this->turn_domain,
             'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
-            'BACKUP_RESTORE_PASSWORD' => $this->borg_restore_password,
+            'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword,
             'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '',
             'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '',

From f17db4fac17b4051e24650b9fd1007ddaac3e6c5 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:25:14 +0100
Subject: [PATCH 3882/3949] Camelize property apache_ip_binding =>
 apacheIpBinding

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 4 ++--
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index a2dd399d..e80073c3 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -137,7 +137,7 @@ class ConfigurationManager
         set { $this->set('borg_restore_password', $value); }
     }
 
-    public string $apache_ip_binding {
+    public string $apacheIpBinding {
         get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', '');
         set { $this->set('apache_ip_binding', $value); }
     }
@@ -1052,7 +1052,7 @@ class ConfigurationManager
             'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime,
             'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '',
             'APACHE_PORT' => $this->apache_port,
-            'APACHE_IP_BINDING' => $this->apache_ip_binding,
+            'APACHE_IP_BINDING' => $this->apacheIpBinding,
             'TALK_PORT' => $this->talk_port,
             'TURN_DOMAIN' => $this->turn_domain,
             'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 832480c2..5ae45044 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -289,7 +289,7 @@ readonly class DockerActionManager {
                 }
                 $ipBinding = $value->ipBinding;
                 if ($ipBinding === '%APACHE_IP_BINDING%') {
-                    $ipBinding = $this->configurationManager->apache_ip_binding;
+                    $ipBinding = $this->configurationManager->apacheIpBinding;
                     // Do not expose if AIO is in internal network mode
                     if ($ipBinding === '@INTERNAL') {
                         continue;

From 41c92b814fde85bc509a7c51849b3c79dbbd87b6 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:33:24 +0100
Subject: [PATCH 3883/3949] Camelize key names from aio_variables from
 container specs

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e80073c3..3eba45f5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -989,6 +989,11 @@ class ConfigurationManager
             return true;
         }
     }
+    
+    private function camelize(string $input, string $delimiter = '_') : string {
+        return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input)))));
+
+    }
 
     public function setAioVariables(array $input) : void {
         if ($input === []) {
@@ -1004,6 +1009,7 @@ class ConfigurationManager
             // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case
             // the check for an equal sign from above gets changed).
             [$key, $value] = explode('=', $keyWithValue, 2) + [null, null];
+            $key = $this->camelize($key);
             if ($value === null) {
                 error_log("Invalid input: '$keyWithValue' has no value after the equal sign");
             } else if (!property_exists($confManager, $key)) {

From efe8317446c5020c131e2b9a402439b1ccfab688 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:34:33 +0100
Subject: [PATCH 3884/3949] Camelize property nextcloud_max_time =>
 nextcloudMaxTime

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 2 +-
 php/src/Data/ConfigurationManager.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 5e8ddbb8..a9758b24 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -130,7 +130,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount,
         'nextcloud_mount' => $configurationManager->nextcloud_mount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
-        'nextcloud_max_time' => $configurationManager->nextcloud_max_time,
+        'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
         'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 3eba45f5..ff30751c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -652,7 +652,7 @@ class ConfigurationManager
         return $uploadLimit * 1024 * 1024 * 1024;
     }
 
-    public string $nextcloud_max_time {
+    public string $nextcloudMaxTime {
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
         set { $this->set('nextcloud_max_time', $value); }
     }
@@ -1076,7 +1076,7 @@ class ConfigurationManager
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit,
-            'NEXTCLOUD_MAX_TIME' => $this->nextcloud_max_time,
+            'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
             'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(),
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),

From 5373471ed8f5671f59010f3ed6f9b16ed79dba67 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:35:52 +0100
Subject: [PATCH 3885/3949] Camelize property collabora_dictionaries =>
 collaboraDictionaries

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                           | 2 +-
 php/src/Controller/ConfigurationController.php | 2 +-
 php/src/Data/ConfigurationManager.php          | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index a9758b24..3aded9d0 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -120,7 +120,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->talk_port,
-        'collabora_dictionaries' => $configurationManager->collabora_dictionaries,
+        'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
         'collabora_additional_options' => $configurationManager->collabora_additional_options,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index a1132981..27c83e11 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -117,7 +117,7 @@ readonly class ConfigurationController {
 
             if (isset($request->getParsedBody()['collabora_dictionaries'])) {
                 $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
-                $this->configurationManager->collabora_dictionaries = $collaboraDictionaries;
+                $this->configurationManager->collaboraDictionaries = $collaboraDictionaries;
             }
 
             if (isset($request->getParsedBody()['delete_collabora_additional_options'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index ff30751c..71238c4c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -157,7 +157,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public string $collabora_dictionaries {
+    public string $collaboraDictionaries {
         get => $this->get('collabora_dictionaries', '');
         set {
             // This throws an exception if the validation fails.
@@ -1070,7 +1070,7 @@ class ConfigurationManager
             'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '',
             'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '',
             'TIMEZONE' => $this->timezone === '' ? 'Etc/UTC' : $this->timezone,
-            'COLLABORA_DICTIONARIES' => $this->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collabora_dictionaries,
+            'COLLABORA_DICTIONARIES' => $this->collaboraDictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collaboraDictionaries,
             'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',

From b49900150180786735ad66b0e35793f7e672cd5b Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:36:45 +0100
Subject: [PATCH 3886/3949] Camelize property collabora_additional_options =>
 collaboraAdditionalOptions

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                           | 2 +-
 php/src/Controller/ConfigurationController.php | 2 +-
 php/src/Data/ConfigurationManager.php          | 4 ++--
 php/src/Docker/DockerActionManager.php         | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 3aded9d0..cf17e612 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -121,7 +121,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
         'talk_port' => $configurationManager->talk_port,
         'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
-        'collabora_additional_options' => $configurationManager->collabora_additional_options,
+        'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
         'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 27c83e11..c396a508 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -126,7 +126,7 @@ readonly class ConfigurationController {
 
             if (isset($request->getParsedBody()['collabora_additional_options'])) {
                 $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? '';
-                $this->configurationManager->collabora_additional_options = $additionalCollaboraOptions;
+                $this->configurationManager->collaboraAdditionalOptions = $additionalCollaboraOptions;
             }
 
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 71238c4c..1dcc147d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -169,7 +169,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public string $collabora_additional_options {
+    public string $collaboraAdditionalOptions {
         get => $this->get('collabora_additional_options', '');
         set {
             // This throws an exception if the validation fails.
@@ -882,7 +882,7 @@ class ConfigurationManager
     }
 
     public function isCollaboraSubscriptionEnabled() : bool {
-        return str_contains($this->collabora_additional_options, '--o:support_key=');
+        return str_contains($this->collaboraAdditionalOptions, '--o:support_key=');
     }
 
     /**
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5ae45044..9e52fb5b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -419,8 +419,8 @@ readonly class DockerActionManager {
             }
 
             // Additional Collabora options
-            if ($this->configurationManager->collabora_additional_options !== '') {
-                $requestBody['Cmd'] = [$this->configurationManager->collabora_additional_options];
+            if ($this->configurationManager->collaboraAdditionalOptions !== '') {
+                $requestBody['Cmd'] = [$this->configurationManager->collaboraAdditionalOptions];
             }
         }
 

From c4aa148bff296e87edf7ff810d3973dfc4690375 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:37:36 +0100
Subject: [PATCH 3887/3949] Camelize property aio_community_containers =>
 aioCommunityContainers

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                           | 2 +-
 php/src/ContainerDefinitionFetcher.php         | 2 +-
 php/src/Controller/ConfigurationController.php | 2 +-
 php/src/Data/ConfigurationManager.php          | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index cf17e612..fedd7c2e 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -138,7 +138,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
-        'community_containers_enabled' => $configurationManager->aio_community_containers,
+        'community_containers_enabled' => $configurationManager->aioCommunityContainers,
         'bypass_container_update' => $bypass_container_update,
     ]);
 })->setName('profile');
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 84cd4d89..2884aa32 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -41,7 +41,7 @@ readonly class ContainerDefinitionFetcher {
         $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR);
 
         $additionalContainerNames = [];
-        foreach ($this->configurationManager->aio_community_containers as $communityContainer) {
+        foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index c396a508..8bf193e0 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -108,7 +108,7 @@ readonly class ConfigurationController {
                         $enabledCC[] = $item;
                     }
                 }
-                $this->configurationManager->aio_community_containers = $enabledCC;
+                $this->configurationManager->aioCommunityContainers = $enabledCC;
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1dcc147d..9dc6589f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -178,7 +178,7 @@ class ConfigurationManager
         }
     }
 
-    public array $aio_community_containers {
+    public array $aioCommunityContainers {
         get => explode(' ', $this->get('aio_community_containers', ''));
         set { $this->set('aio_community_containers', implode(' ', $value)); }
     }
@@ -1092,7 +1092,7 @@ class ConfigurationManager
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
             default => $this->GetRegisteredSecret($placeholder),
         };

From 00ce78d703c8f7824eb76ba510f0a4f6c83da2c7 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:38:20 +0100
Subject: [PATCH 3888/3949] Camelize property turn_domain => turnDomain

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 9dc6589f..bfdcd689 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -183,7 +183,7 @@ class ConfigurationManager
         set { $this->set('aio_community_containers', implode(' ', $value)); }
     }
 
-    public string $turn_domain {
+    public string $turnDomain {
         get => $this->get('turn_domain', '');
         set { $this->set('turn_domain', $value); }
     }
@@ -1060,7 +1060,7 @@ class ConfigurationManager
             'APACHE_PORT' => $this->apache_port,
             'APACHE_IP_BINDING' => $this->apacheIpBinding,
             'TALK_PORT' => $this->talk_port,
-            'TURN_DOMAIN' => $this->turn_domain,
+            'TURN_DOMAIN' => $this->turnDomain,
             'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
             'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword,
             'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',

From 567f072ee061a91cef464d52c39d85a63e5455d4 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:39:17 +0100
Subject: [PATCH 3889/3949] Camelize property apache_port => apachePort

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/Data/ConfigurationManager.php  | 6 +++---
 php/src/Docker/DockerActionManager.php | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index fedd7c2e..b7d07f6a 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -92,7 +92,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
 
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->domain,
-        'apache_port' => $configurationManager->apache_port,
+        'apache_port' => $configurationManager->apachePort,
         'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
         'borg_remote_repo' => $configurationManager->borgRemoteRepo,
         'borg_public_key' => $configurationManager->GetBorgPublicKey(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index bfdcd689..984943db 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -381,7 +381,7 @@ class ConfigurationManager
             }
 
             // Get the apache port
-            $port = $this->apache_port;
+            $port = $this->apachePort;
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                 if ($port === '443') {
@@ -568,7 +568,7 @@ class ConfigurationManager
         $this->set('password', $newPassword);
     }
 
-    public string $apache_port {
+    public string $apachePort {
         get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
         set { $this->set('apache_port', $value); }
     }
@@ -1057,7 +1057,7 @@ class ConfigurationManager
             'AIO_URL' => $this->aioUrl,
             'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime,
             'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '',
-            'APACHE_PORT' => $this->apache_port,
+            'APACHE_PORT' => $this->apachePort,
             'APACHE_IP_BINDING' => $this->apacheIpBinding,
             'TALK_PORT' => $this->talk_port,
             'TURN_DOMAIN' => $this->turnDomain,
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e52fb5b..d4eac6b7 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -115,7 +115,7 @@ readonly class DockerActionManager {
         $containerName = $container->identifier;
         $internalPort = $container->internalPorts;
         if ($internalPort === '%APACHE_PORT%') {
-            $internalPort = $this->configurationManager->apache_port;
+            $internalPort = $this->configurationManager->apachePort;
         } elseif ($internalPort === '%TALK_PORT%') {
             $internalPort = $this->configurationManager->talk_port;
         }
@@ -253,7 +253,7 @@ readonly class DockerActionManager {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
-                    $port = $this->configurationManager->apache_port;
+                    $port = $this->configurationManager->apachePort;
                     // Do not expose udp if AIO is in reverse proxy mode
                     if ($port !== '443' && $protocol === 'udp') {
                         continue;
@@ -275,7 +275,7 @@ readonly class DockerActionManager {
                 $port = $value->port;
                 $protocol = $value->protocol;
                 if ($port === '%APACHE_PORT%') {
-                    $port = $this->configurationManager->apache_port;
+                    $port = $this->configurationManager->apachePort;
                     // Do not expose udp if AIO is in reverse proxy mode
                     if ($port !== '443' && $protocol === 'udp') {
                         continue;

From f7c5115c7015083f273eb3930e13518fb12b50f1 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:40:23 +0100
Subject: [PATCH 3890/3949] Camelize property talk_port => talkPort

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/Data/ConfigurationManager.php  | 4 ++--
 php/src/Docker/DockerActionManager.php | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index b7d07f6a..16e2918e 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -119,7 +119,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
-        'talk_port' => $configurationManager->talk_port,
+        'talk_port' => $configurationManager->talkPort,
         'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
         'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 984943db..d0c0020f 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -573,7 +573,7 @@ class ConfigurationManager
         set { $this->set('apache_port', $value); }
     }
         
-    public string $talk_port {
+    public string $talkPort {
         get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
         set { $this->set('talk_port', $value); }
     }
@@ -1059,7 +1059,7 @@ class ConfigurationManager
             'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '',
             'APACHE_PORT' => $this->apachePort,
             'APACHE_IP_BINDING' => $this->apacheIpBinding,
-            'TALK_PORT' => $this->talk_port,
+            'TALK_PORT' => $this->talkPort,
             'TURN_DOMAIN' => $this->turnDomain,
             'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
             'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword,
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index d4eac6b7..e66989ca 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -117,7 +117,7 @@ readonly class DockerActionManager {
         if ($internalPort === '%APACHE_PORT%') {
             $internalPort = $this->configurationManager->apachePort;
         } elseif ($internalPort === '%TALK_PORT%') {
-            $internalPort = $this->configurationManager->talk_port;
+            $internalPort = $this->configurationManager->talkPort;
         }
 
         if ($internalPort !== "" && $internalPort !== 'host') {
@@ -259,7 +259,7 @@ readonly class DockerActionManager {
                         continue;
                     }
                 } else if ($port === '%TALK_PORT%') {
-                    $port = $this->configurationManager->talk_port;
+                    $port = $this->configurationManager->talkPort;
                 }
                 $portWithProtocol = $port . '/' . $protocol;
                 $exposedPorts[$portWithProtocol] = null;
@@ -281,7 +281,7 @@ readonly class DockerActionManager {
                         continue;
                     }
                 } else if ($port === '%TALK_PORT%') {
-                    $port = $this->configurationManager->talk_port;
+                    $port = $this->configurationManager->talkPort;
                     // Skip publishing talk tcp port if it is set to 443
                     if ($port === '443' && $protocol === 'tcp') {
                         continue;

From f35a0b43679feceae4fee98876a7cf17c5eb2881 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:41:26 +0100
Subject: [PATCH 3891/3949] Camelize property nextcloud_mount => nextcloudMount

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/ContainerDefinitionFetcher.php | 4 ++--
 php/src/Data/ConfigurationManager.php  | 4 ++--
 php/src/Docker/DockerActionManager.php | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 16e2918e..6319f632 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -128,7 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount,
-        'nextcloud_mount' => $configurationManager->nextcloud_mount,
+        'nextcloud_mount' => $configurationManager->nextcloudMount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
         'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 2884aa32..7ef6827f 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -119,7 +119,7 @@ readonly class ContainerDefinitionFetcher {
                         }
                     }
                     if($value['source'] === '%NEXTCLOUD_MOUNT%') {
-                        $value['source'] = $this->configurationManager->nextcloud_mount;
+                        $value['source'] = $this->configurationManager->nextcloudMount;
                         if($value['source'] === '') {
                             continue;
                         }
@@ -140,7 +140,7 @@ readonly class ContainerDefinitionFetcher {
                         }
                     }
                     if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
-                        $value['destination'] = $this->configurationManager->nextcloud_mount;
+                        $value['destination'] = $this->configurationManager->nextcloudMount;
                         if($value['destination'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d0c0020f..d5ce251d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -626,7 +626,7 @@ class ConfigurationManager
         return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
-    public string $nextcloud_mount {
+    public string $nextcloudMount {
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
         set { $this->set('nextcloud_mount', $value); }
     }
@@ -1061,7 +1061,7 @@ class ConfigurationManager
             'APACHE_IP_BINDING' => $this->apacheIpBinding,
             'TALK_PORT' => $this->talkPort,
             'TURN_DOMAIN' => $this->turnDomain,
-            'NEXTCLOUD_MOUNT' => $this->nextcloud_mount,
+            'NEXTCLOUD_MOUNT' => $this->nextcloudMount,
             'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword,
             'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',
             'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '',
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index e66989ca..12dd70ae 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -205,7 +205,7 @@ readonly class DockerActionManager {
         foreach ($container->volumes->GetVolumes() as $volume) {
             // // NEXTCLOUD_MOUNT gets added via bind-mount later on
             // if ($container->identifier === 'nextcloud-aio-nextcloud') {
-            //     if ($volume->name === $this->configurationManager->nextcloud_mount) {
+            //     if ($volume->name === $this->configurationManager->nextcloudMount) {
             //         continue;
             //     }
             // }

From f5cf7903adfb4eec6e1906a86eb2aa7bdaad61d5 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:42:15 +0100
Subject: [PATCH 3892/3949] Camelize property nextcloud_datadir_mount =>
 nextcloudDatadirMount

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   | 2 +-
 php/src/ContainerDefinitionFetcher.php | 2 +-
 php/src/Data/ConfigurationManager.php  | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 6319f632..0db30a1b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -127,7 +127,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
-        'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount,
+        'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount,
         'nextcloud_mount' => $configurationManager->nextcloudMount,
         'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 7ef6827f..3bbc37e2 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -124,7 +124,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
-                        $value['source'] = $this->configurationManager->nextcloud_datadir_mount;
+                        $value['source'] = $this->configurationManager->nextcloudDatadirMount;
                         if ($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d5ce251d..d1701a39 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -487,8 +487,8 @@ class ConfigurationManager
 
             // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore
             // See https://github.com/nextcloud/all-in-one/issues/6607
-            if (str_starts_with($location . '/', rtrim($this->nextcloud_datadir_mount, '/') . '/')) {
-                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloud_datadir_mount);
+            if (str_starts_with($location . '/', rtrim($this->nextcloudDatadirMount, '/') . '/')) {
+                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloudDatadirMount);
             }
 
         } else {
@@ -632,7 +632,7 @@ class ConfigurationManager
     }
 
 
-    public string $nextcloud_datadir_mount {
+    public string $nextcloudDatadirMount {
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
         set { $this->set('nextcloud_datadir_mount', $value); }
     }

From bbf41cfdd37b29d54b76dff4d67efe1e3df54b74 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:42:50 +0100
Subject: [PATCH 3893/3949] Camelize property nextcloud_upload_limit =>
 nextcloudUploadLimit

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 2 +-
 php/src/Data/ConfigurationManager.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 0db30a1b..209f1d6d 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -129,7 +129,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount,
         'nextcloud_mount' => $configurationManager->nextcloudMount,
-        'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit,
+        'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
         'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d1701a39..ce547bf8 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -637,7 +637,7 @@ class ConfigurationManager
         set { $this->set('nextcloud_datadir_mount', $value); }
     }
 
-    public string $nextcloud_upload_limit {
+    public string $nextcloudUploadLimit {
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
         set { $this->set('nextcloud_upload_limit', $value); }
     }
@@ -648,7 +648,7 @@ class ConfigurationManager
     }
 
     public function GetApacheMaxSize() : int {
-        $uploadLimit = (int)rtrim($this->nextcloud_upload_limit, 'G');
+        $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G');
         return $uploadLimit * 1024 * 1024 * 1024;
     }
 
@@ -1074,7 +1074,7 @@ class ConfigurationManager
             'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',
-            'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit,
+            'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit,
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
             'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(),

From 8b8f60f76bf5595c7ff606510d7f05213cf8a47d Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:43:22 +0100
Subject: [PATCH 3894/3949] Camelize property nextcloud_memory_limit =>
 nextcloudMemoryLimit

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  | 2 +-
 php/src/Data/ConfigurationManager.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 209f1d6d..47c6bb7b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -131,7 +131,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_mount' => $configurationManager->nextcloudMount,
         'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
-        'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit,
+        'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit,
         'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index ce547bf8..1530708a 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -642,7 +642,7 @@ class ConfigurationManager
         set { $this->set('nextcloud_upload_limit', $value); }
     }
     
-    public string $nextcloud_memory_limit {
+    public string $nextcloudMemoryLimit {
         get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
         set { $this->set('nextcloud_memory_limit', $value); }
     }
@@ -1075,7 +1075,7 @@ class ConfigurationManager
             'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit,
-            'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit,
+            'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit,
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
             'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(),
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),

From 0ed83c52588f9ebaffcce44a17365fb81b1ae9ff Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Fri, 23 Jan 2026 17:45:19 +0100
Subject: [PATCH 3895/3949] Move get-configurable-aio-variables.sh into php/
 folder

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 .../get-configurable-aio-variables.sh                             | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename get-configurable-aio-variables.sh => php/get-configurable-aio-variables.sh (100%)

diff --git a/get-configurable-aio-variables.sh b/php/get-configurable-aio-variables.sh
similarity index 100%
rename from get-configurable-aio-variables.sh
rename to php/get-configurable-aio-variables.sh

From 365e1e34e4bc27fd2f8b4fd959e4cfb453cb4f08 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:06:53 +0100
Subject: [PATCH 3896/3949] Make 'borgRetentionPolicy' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 1530708a..ce3d321d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -657,11 +657,9 @@ class ConfigurationManager
         set { $this->set('nextcloud_max_time', $value); }
     }
 
-    public function GetBorgRetentionPolicy() : string {
-        $envVariableName = 'BORG_RETENTION_POLICY';
-        $configName = 'borg_retention_policy';
-        $defaultValue = '--keep-within=7d --keep-weekly=4 --keep-monthly=6';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $borgRetentionPolicy {
+        get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6');
+        set { $this->set('borg_retention_policy', $value); }
     }
 
     public function GetFulltextsearchJavaOptions() : string {
@@ -1077,7 +1075,7 @@ class ConfigurationManager
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit,
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
-            'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(),
+            'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy,
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',

From bfa2b64674843ea14a6542a0078fbe8576776e25 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:07:53 +0100
Subject: [PATCH 3897/3949] Make 'fulltextsearchJavaOptions' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index ce3d321d..41097c8d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -662,11 +662,9 @@ class ConfigurationManager
         set { $this->set('borg_retention_policy', $value); }
     }
 
-    public function GetFulltextsearchJavaOptions() : string {
-        $envVariableName = 'FULLTEXTSEARCH_JAVA_OPTIONS';
-        $configName = 'fulltextsearch_java_options';
-        $defaultValue = '-Xms512M -Xmx512M';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $fulltextsearchJavaOptions {
+        get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M');
+        set { $this->set('fulltextsearch_java_options', $value); }
     }
 
     public function GetDockerSocketPath() : string {
@@ -1076,7 +1074,7 @@ class ConfigurationManager
             'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit,
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
             'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy,
-            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(),
+            'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions,
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
             'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation,

From 63245430efa417d88ea7c13ffea433ea9bb069fe Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:08:44 +0100
Subject: [PATCH 3898/3949] Make 'dockerSocketPath' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/ContainerDefinitionFetcher.php | 2 +-
 php/src/Data/ConfigurationManager.php  | 8 +++-----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 3bbc37e2..ead82363 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -129,7 +129,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value['source'] === '%WATCHTOWER_DOCKER_SOCKET_PATH%') {
-                        $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                        $value['source'] = $this->configurationManager->dockerSocketPath;
                         if($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 41097c8d..090762ae 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -667,11 +667,9 @@ class ConfigurationManager
         set { $this->set('fulltextsearch_java_options', $value); }
     }
 
-    public function GetDockerSocketPath() : string {
-        $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
-        $configName = 'docker_socket_path';
-        $defaultValue = '/var/run/docker.sock';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $dockerSocketPath {
+        get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock');
+        set { $this->set('docker_socket_path', $value); }
     }
 
     public function GetTrustedCacertsDir() : string {

From 4ad8fcf2581f7d39b2dda9912cd4f89e511fd328 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:09:32 +0100
Subject: [PATCH 3899/3949] Make 'trustedCacertsDir' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/ContainerDefinitionFetcher.php |  2 +-
 php/src/Data/ConfigurationManager.php  | 10 ++++------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index ead82363..831a7bc5 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -134,7 +134,7 @@ readonly class ContainerDefinitionFetcher {
                             continue;
                         }
                     } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                        $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                        $value['source'] = $this->configurationManager->trustedCacertsDir;
                         if($value['source'] === '') {
                             continue;
                         }
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 090762ae..63862c91 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -672,11 +672,9 @@ class ConfigurationManager
         set { $this->set('docker_socket_path', $value); }
     }
 
-    public function GetTrustedCacertsDir() : string {
-        $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR';
-        $configName = 'trusted_cacerts_dir';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $trustedCacertsDir {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
+        set { $this->set('trusted_cacerts_dir', $value); }
     }
 
     public function GetNextcloudAdditionalApks() : string {
@@ -1073,7 +1071,7 @@ class ConfigurationManager
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,
             'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy,
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions,
-            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(),
+            'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->trustedCacertsDir,
             'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
             'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation,
             'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()),

From d50dc2db1de2a7fe741db56db2f8dc9f6ae7c62b Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:10:08 +0100
Subject: [PATCH 3900/3949] Make 'nextcloudAdditionalApks' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 63862c91..6e62be77 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -677,11 +677,9 @@ class ConfigurationManager
         set { $this->set('trusted_cacerts_dir', $value); }
     }
 
-    public function GetNextcloudAdditionalApks() : string {
-        $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
-        $configName = 'nextcloud_additional_apks';
-        $defaultValue = 'imagemagick';
-        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    public string $nextcloudAdditionalApks {
+        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick'));
+        set { $this->set('nextcloud_addtional_apks', $value); }
     }
 
     public function GetNextcloudAdditionalPhpExtensions() : string {
@@ -1077,7 +1075,7 @@ class ConfigurationManager
             'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()),
             'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
-            'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(),
+            'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks,
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(),
             'INSTALL_LATEST_MAJOR' => $this->installLatestMajor,
             'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',

From c3477a7eb206aff3653a036395c4591068e85e96 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:10:35 +0100
Subject: [PATCH 3901/3949] Make 'nextcloudAdditionalPhpExtensions' an
 attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 6e62be77..c3f32f02 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -682,11 +682,9 @@ class ConfigurationManager
         set { $this->set('nextcloud_addtional_apks', $value); }
     }
 
-    public function GetNextcloudAdditionalPhpExtensions() : string {
-        $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS';
-        $configName = 'nextcloud_additional_php_extensions';
-        $defaultValue = 'imagick';
-        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    public string $nextcloudAdditionalPhpExtensions {
+        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick'));
+        set { $this->set('nextcloud_additional_php_extensions', $value); }
     }
 
     public function GetCollaboraSeccompPolicy() : string {
@@ -1076,7 +1074,7 @@ class ConfigurationManager
             'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(),
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks,
-            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(),
+            'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions,
             'INSTALL_LATEST_MAJOR' => $this->installLatestMajor,
             'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)

From 22a26268e07308af0419739a56e0ad1f7d5517f3 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:27:55 +0100
Subject: [PATCH 3902/3949] Helper to booleanize environment-or-config-values

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c3f32f02..c35f7ff9 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -1085,4 +1085,8 @@ class ConfigurationManager
             default => $this->GetRegisteredSecret($placeholder),
         };
     }
+    
+    private function booleanize(mixed $value) : bool {
+        return in_array($value, [true, 'true'], true);
+    }
 }

From dc5dc0215c1d304dc45e621f124fe3e2960d5389 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:12:01 +0100
Subject: [PATCH 3903/3949] Make 'collaboraSeccompDisabled' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 16 +++++-----------
 php/src/Docker/DockerActionManager.php |  2 +-
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c35f7ff9..8e316b19 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -114,7 +114,7 @@ class ConfigurationManager
         // Type-cast because old configs could have 1/0 for this key.
         get => (bool) $this->get('isFulltextsearchEnabled', false);
         // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); }
+        set { $this->set('isFulltextsearchEnabled', ($this->collaboraSeccompDisabled && $value)); }
     }
 
     public string $domain {
@@ -689,21 +689,15 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if (!$this->isSeccompDisabled()) {
+        if (!$this->collaboraSeccompDisabled) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';
     }
 
-    private function GetCollaboraSeccompDisabledState() : string {
-        $envVariableName = 'COLLABORA_SECCOMP_DISABLED';
-        $configName = 'collabora_seccomp_disabled';
-        $defaultValue = 'false';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
-    }
-
-    public function isSeccompDisabled() : bool {
-        return $this->GetCollaboraSeccompDisabledState() === 'true';
+    public bool $collaboraSeccompDisabled {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
+        set { $this->set('collabora_seccomp_disabled', $value); }
     }
 
     /**
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 12dd70ae..47522e23 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -412,7 +412,7 @@ readonly class DockerActionManager {
 
         // Special things for the collabora container which should not be exposed in the containers.json
         } elseif ($container->identifier === 'nextcloud-aio-collabora') {
-            if (!$this->configurationManager->isSeccompDisabled()) {
+            if (!$this->configurationManager->collaboraSeccompDisabled) {
                 // Load reference seccomp profile for collabora
                 $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
                 $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];

From 08438aff4259eee999c4f3e1c380190f024ec28d Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:12:41 +0100
Subject: [PATCH 3904/3949] Make 'apacheAdditionalNetwork' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php  | 8 +++-----
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 8e316b19..d5a5e4f0 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -874,11 +874,9 @@ class ConfigurationManager
         $this->set('collabora_additional_options', '');
     }
 
-    public function GetApacheAdditionalNetwork() : string {
-        $envVariableName = 'APACHE_ADDITIONAL_NETWORK';
-        $configName = 'apache_additional_network';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public string $apacheAdditionalNetwork {
+        get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
+        set { $this->set('apache_additional_network', $value); }
     }
 
     private function GetDisableBackupSection() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 47522e23..fd6334c6 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -837,7 +837,7 @@ readonly class DockerActionManager {
         $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias);
 
         if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') {
-            $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork();
+            $apacheAdditionalNetwork = $this->configurationManager->apacheAdditionalNetwork;
             if ($apacheAdditionalNetwork !== '') {
                 $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias);
             }

From 0cb79a387fe128b158f6d7e784b3f47ff5c083be Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:19:57 +0100
Subject: [PATCH 3905/3949] Make 'disableBackupSection' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                  |  2 +-
 php/src/Data/ConfigurationManager.php | 16 +++-------------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 47c6bb7b..07837125 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -123,7 +123,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
         'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions,
         'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
-        'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
+        'is_backup_section_enabled' => !$configurationManager->disableBackupSection,
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d5a5e4f0..d1825552 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -879,19 +879,9 @@ class ConfigurationManager
         set { $this->set('apache_additional_network', $value); }
     }
 
-    private function GetDisableBackupSection() : string {
-        $envVariableName = 'AIO_DISABLE_BACKUP_SECTION';
-        $configName = 'disable_backup_section';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
-    }
-
-    public function isBackupSectionEnabled() : bool {
-        if ($this->GetDisableBackupSection() === 'true') {
-            return false;
-        } else {
-            return true;
-        }
+    public bool $disableBackupSection {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
+        set { $this->set('disable_backup_section', $value); }
     }
 
     public function listAvailableCommunityContainers() : array {

From 5fc4951ba0d4ecfb56bf6f0cfe3c983cef89ad2c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:26:39 +0100
Subject: [PATCH 3906/3949] Make 'nextcloudEnableDriDevice' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 16 +++-------------
 php/src/Docker/DockerActionManager.php |  2 +-
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 07837125..519ec71a 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -132,7 +132,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
         'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit,
-        'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
+        'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice,
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index d1825552..afbe9fbc 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -919,19 +919,9 @@ class ConfigurationManager
         return $cc;
     }
 
-    private function GetEnabledDriDevice() : string {
-        $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
-        $configName = 'nextcloud_enable_dri_device';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
-    }
-
-    public function isDriDeviceEnabled() : bool {
-        if ($this->GetEnabledDriDevice() === 'true') {
-            return true;
-        } else {
-            return false;
-        }
+    public bool $nextcloudEnableDriDevice{
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
+        set { $this->set('nextcloud_enable_dri_device', $value); }
     }
 
     private function GetEnabledNvidiaGpu() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index fd6334c6..31ad2371 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -307,7 +307,7 @@ readonly class DockerActionManager {
 
         $devices = [];
         foreach ($container->devices as $device) {
-            if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) {
+            if ($device === '/dev/dri' && !$this->configurationManager->nextcloudEnableDriDevice) {
                 continue;
             }
             $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];

From 5bdcfd67eb54aa14401a75bb54d92466c73896fe Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:27:31 +0100
Subject: [PATCH 3907/3949] Make 'enableNvidiaGpu' an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                   |  2 +-
 php/src/Data/ConfigurationManager.php  | 14 ++++----------
 php/src/Docker/DockerActionManager.php |  2 +-
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 519ec71a..1ec42949 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -133,7 +133,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
         'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit,
         'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice,
-        'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
+        'is_nvidia_gpu_enabled' => $configurationManager->enableNvidiaGpu,
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index afbe9fbc..e03e2bfb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -923,16 +923,10 @@ class ConfigurationManager
         get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
         set { $this->set('nextcloud_enable_dri_device', $value); }
     }
-
-    private function GetEnabledNvidiaGpu() : string {
-        $envVariableName = 'NEXTCLOUD_ENABLE_NVIDIA_GPU';
-        $configName = 'enable_nvidia_gpu';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
-    }
-
-    public function isNvidiaGpuEnabled() : bool {
-        return $this->GetEnabledNvidiaGpu() === 'true';
+    
+    public bool $enableNvidiaGpu {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
+        set { $this->set('enable_nvidia_gpu', $value); }
     }
 
     private function GetKeepDisabledApps() : string {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 31ad2371..509f4c28 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -317,7 +317,7 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
-        if ($container->enableNvidiaGpu && $this->configurationManager->isNvidiaGpuEnabled()) {
+        if ($container->enableNvidiaGpu && $this->configurationManager->enableNvidiaGpu) {
             $requestBody['HostConfig']['Runtime'] = 'nvidia';
             $requestBody['HostConfig']['DeviceRequests'] = [
                 [

From 3cfe307a5cb7651cb0b54bb7db5f4fac28c64b7c Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:39:40 +0100
Subject: [PATCH 3908/3949] Make `nextcloudKeepDisabledApps` an attribute

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e03e2bfb..57071d91 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -929,21 +929,11 @@ class ConfigurationManager
         set { $this->set('enable_nvidia_gpu', $value); }
     }
 
-    private function GetKeepDisabledApps() : string {
-        $envVariableName = 'NEXTCLOUD_KEEP_DISABLED_APPS';
-        $configName = 'nextcloud_keep_disabled_apps';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    public bool $nextcloudKeepDisabledApps {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
+        set { $this->set('nextcloud_keep_disabled_apps', $value); }
     }
 
-    public function shouldDisabledAppsGetRemoved() : bool {
-        if ($this->GetKeepDisabledApps() === 'true') {
-            return false;
-        } else {
-            return true;
-        }
-    }
-    
     private function camelize(string $input, string $delimiter = '_') : string {
         return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input)))));
 
@@ -1042,7 +1032,7 @@ class ConfigurationManager
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks,
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions,
             'INSTALL_LATEST_MAJOR' => $this->installLatestMajor,
-            'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '',
+            'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically

From 078f3caf8aa180ff74ad906652d11757823576f2 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 26 Jan 2026 10:48:33 +0100
Subject: [PATCH 3909/3949] Move all properties to the top of the file

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 201 +++++++++++++-------------
 1 file changed, 100 insertions(+), 101 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 57071d91..19b0a7bb 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -188,6 +188,106 @@ class ConfigurationManager
         set { $this->set('turn_domain', $value); }
     }
 
+    public string $apachePort {
+        get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
+        set { $this->set('apache_port', $value); }
+    }
+
+    public string $talkPort {
+        get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
+        set { $this->set('talk_port', $value); }
+    }
+
+    public string $nextcloudMount {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
+        set { $this->set('nextcloud_mount', $value); }
+    }
+
+    public string $nextcloudDatadirMount {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
+        set { $this->set('nextcloud_datadir_mount', $value); }
+    }
+
+    public string $nextcloudUploadLimit {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
+        set { $this->set('nextcloud_upload_limit', $value); }
+    }
+
+    public string $nextcloudMemoryLimit {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
+        set { $this->set('nextcloud_memory_limit', $value); }
+    }
+
+    public function GetApacheMaxSize() : int {
+        $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G');
+        return $uploadLimit * 1024 * 1024 * 1024;
+    }
+
+    public string $nextcloudMaxTime {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
+        set { $this->set('nextcloud_max_time', $value); }
+    }
+
+    public string $borgRetentionPolicy {
+        get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6');
+        set { $this->set('borg_retention_policy', $value); }
+    }
+
+    public string $fulltextsearchJavaOptions {
+        get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M');
+        set { $this->set('fulltextsearch_java_options', $value); }
+    }
+
+    public string $dockerSocketPath {
+        get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock');
+        set { $this->set('docker_socket_path', $value); }
+    }
+
+    public string $trustedCacertsDir {
+        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
+        set { $this->set('trusted_cacerts_dir', $value); }
+    }
+
+    public string $nextcloudAdditionalApks {
+        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick'));
+        set { $this->set('nextcloud_addtional_apks', $value); }
+    }
+
+    public string $nextcloudAdditionalPhpExtensions {
+        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick'));
+        set { $this->set('nextcloud_additional_php_extensions', $value); }
+    }
+
+    public bool $collaboraSeccompDisabled {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
+        set { $this->set('collabora_seccomp_disabled', $value); }
+    }
+
+    public string $apacheAdditionalNetwork {
+        get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
+        set { $this->set('apache_additional_network', $value); }
+    }
+
+    public bool $disableBackupSection {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
+        set { $this->set('disable_backup_section', $value); }
+    }
+
+    public bool $nextcloudEnableDriDevice{
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
+        set { $this->set('nextcloud_enable_dri_device', $value); }
+    }
+
+    public bool $enableNvidiaGpu {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
+        set { $this->set('enable_nvidia_gpu', $value); }
+    }
+
+    public bool $nextcloudKeepDisabledApps {
+        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
+        set { $this->set('nextcloud_keep_disabled_apps', $value); }
+    }
+
     private function GetConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -568,16 +668,6 @@ class ConfigurationManager
         $this->set('password', $newPassword);
     }
 
-    public string $apachePort {
-        get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
-        set { $this->set('apache_port', $value); }
-    }
-        
-    public string $talkPort {
-        get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
-        set { $this->set('talk_port', $value); }
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
@@ -626,67 +716,6 @@ class ConfigurationManager
         return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
-    public string $nextcloudMount {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
-        set { $this->set('nextcloud_mount', $value); }
-    }
-
-
-    public string $nextcloudDatadirMount {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
-        set { $this->set('nextcloud_datadir_mount', $value); }
-    }
-
-    public string $nextcloudUploadLimit {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
-        set { $this->set('nextcloud_upload_limit', $value); }
-    }
-    
-    public string $nextcloudMemoryLimit {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
-        set { $this->set('nextcloud_memory_limit', $value); }
-    }
-
-    public function GetApacheMaxSize() : int {
-        $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G');
-        return $uploadLimit * 1024 * 1024 * 1024;
-    }
-
-    public string $nextcloudMaxTime {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
-        set { $this->set('nextcloud_max_time', $value); }
-    }
-
-    public string $borgRetentionPolicy {
-        get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6');
-        set { $this->set('borg_retention_policy', $value); }
-    }
-
-    public string $fulltextsearchJavaOptions {
-        get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M');
-        set { $this->set('fulltextsearch_java_options', $value); }
-    }
-
-    public string $dockerSocketPath {
-        get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock');
-        set { $this->set('docker_socket_path', $value); }
-    }
-
-    public string $trustedCacertsDir {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
-        set { $this->set('trusted_cacerts_dir', $value); }
-    }
-
-    public string $nextcloudAdditionalApks {
-        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick'));
-        set { $this->set('nextcloud_addtional_apks', $value); }
-    }
-
-    public string $nextcloudAdditionalPhpExtensions {
-        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick'));
-        set { $this->set('nextcloud_additional_php_extensions', $value); }
-    }
-
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
         if (!$this->collaboraSeccompDisabled) {
@@ -695,11 +724,6 @@ class ConfigurationManager
         return $defaultString . 'false';
     }
 
-    public bool $collaboraSeccompDisabled {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
-        set { $this->set('collabora_seccomp_disabled', $value); }
-    }
-
     /**
      * @throws InvalidSettingConfigurationException
      */
@@ -874,16 +898,6 @@ class ConfigurationManager
         $this->set('collabora_additional_options', '');
     }
 
-    public string $apacheAdditionalNetwork {
-        get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
-        set { $this->set('apache_additional_network', $value); }
-    }
-
-    public bool $disableBackupSection {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
-        set { $this->set('disable_backup_section', $value); }
-    }
-
     public function listAvailableCommunityContainers() : array {
         $cc = [];
         $dir = scandir(DataConst::GetCommunityContainersDirectory());
@@ -919,21 +933,6 @@ class ConfigurationManager
         return $cc;
     }
 
-    public bool $nextcloudEnableDriDevice{
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
-        set { $this->set('nextcloud_enable_dri_device', $value); }
-    }
-    
-    public bool $enableNvidiaGpu {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
-        set { $this->set('enable_nvidia_gpu', $value); }
-    }
-
-    public bool $nextcloudKeepDisabledApps {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
-        set { $this->set('nextcloud_keep_disabled_apps', $value); }
-    }
-
     private function camelize(string $input, string $delimiter = '_') : string {
         return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input)))));
 

From ec66b359e0d3aaa1324abc172df9645c07a89ba4 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 27 Jan 2026 10:52:20 +0100
Subject: [PATCH 3910/3949] Check arguments to camelize() for usefulness

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 19b0a7bb..06122839 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -934,6 +934,12 @@ class ConfigurationManager
     }
 
     private function camelize(string $input, string $delimiter = '_') : string {
+        if ($input === '') {
+            throw new InvalidSettingConfigurationException('input cannot be empty!');
+        }
+        if ($delimiter === '') {
+            $delimiter = '_';
+        }
         return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input)))));
 
     }

From 659b1ca383c575d27fba77f1b0d9d1f4624a6281 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 27 Jan 2026 10:58:25 +0100
Subject: [PATCH 3911/3949] Fix calling booleanize

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 06122839..e592286c 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -259,7 +259,7 @@ class ConfigurationManager
     }
 
     public bool $collaboraSeccompDisabled {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
+        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
         set { $this->set('collabora_seccomp_disabled', $value); }
     }
 
@@ -269,22 +269,22 @@ class ConfigurationManager
     }
 
     public bool $disableBackupSection {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
+        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
         set { $this->set('disable_backup_section', $value); }
     }
 
     public bool $nextcloudEnableDriDevice{
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
+        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
         set { $this->set('nextcloud_enable_dri_device', $value); }
     }
 
     public bool $enableNvidiaGpu {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
+        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
         set { $this->set('enable_nvidia_gpu', $value); }
     }
 
     public bool $nextcloudKeepDisabledApps {
-        get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
+        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
         set { $this->set('nextcloud_keep_disabled_apps', $value); }
     }
 

From d9d4e3680f94ec14bb32ee534e019868ca7e8db7 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 27 Jan 2026 11:55:24 +0100
Subject: [PATCH 3912/3949] Fix residue from change to use
 start/commitTransaction()

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e592286c..c8f09890 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -954,17 +954,17 @@ class ConfigurationManager
                 error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')");
                 continue;
             }
-            $keyWithValue = $confManager->replaceEnvPlaceholders($variable);
+            $keyWithValue = $this->replaceEnvPlaceholders($variable);
             // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case
             // the check for an equal sign from above gets changed).
             [$key, $value] = explode('=', $keyWithValue, 2) + [null, null];
             $key = $this->camelize($key);
             if ($value === null) {
                 error_log("Invalid input: '$keyWithValue' has no value after the equal sign");
-            } else if (!property_exists($confManager, $key)) {
+            } else if (!property_exists($this, $key)) {
                 error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')");
             } else {
-                $confManager->$key = $value;
+                $this->$key = $value;
             }
         }
         $this->commitTransaction();

From 5b6e0f30a6de38e1ec281443d8b0ce1121fcc0ed Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Tue, 27 Jan 2026 12:04:55 +0100
Subject: [PATCH 3913/3949] Fix assignment of INSTALL_LATEST_MAJOR from env
 replacement

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c8f09890..25263b50 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -1036,7 +1036,7 @@ class ConfigurationManager
             'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks,
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions,
-            'INSTALL_LATEST_MAJOR' => $this->installLatestMajor,
+            'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '',
             'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes',
             // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
             'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),

From 5ba678c0820e748bad54a6748ad65f693b5a40bd Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 28 Jan 2026 12:08:07 +0100
Subject: [PATCH 3914/3949] Non-functional addition to camelizing
 nextcloud_mount to nextcloudMount

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/src/Docker/DockerActionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 509f4c28..db48dc2c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -400,7 +400,7 @@ readonly class DockerActionManager {
             // // Special things for the nextcloud container which should not be exposed in the containers.json
             // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') {
             //     foreach ($container->volumes->GetVolumes() as $volume) {
-            //         if ($volume->name !== $this->configurationManager->nextcloud_mount) {
+            //         if ($volume->name !== $this->configurationManager->nextcloudMount) {
             //             continue;
             //         }
             //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];

From 0ee76078ad32f2d7dd46c38c839965c083b6527b Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Wed, 28 Jan 2026 12:03:53 +0000
Subject: [PATCH 3915/3949] php dependency updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 php/composer.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/php/composer.lock b/php/composer.lock
index ee344d52..77403624 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4058,16 +4058,16 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.32",
+            "version": "v6.4.33",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de"
+                "reference": "24965ca011dac87431729640feef8bcf7b5523e0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de",
-                "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/24965ca011dac87431729640feef8bcf7b5523e0",
+                "reference": "24965ca011dac87431729640feef8bcf7b5523e0",
                 "shasum": ""
             },
             "require": {
@@ -4102,7 +4102,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.32"
+                "source": "https://github.com/symfony/finder/tree/v6.4.33"
             },
             "funding": [
                 {
@@ -4122,7 +4122,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-01-10T14:09:00+00:00"
+            "time": "2026-01-26T13:03:48+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",

From 27020e608de07b035ff53eb508a41e680b06db2c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 28 Jan 2026 13:28:07 +0100
Subject: [PATCH 3916/3949] fix get-configurable-aio-variables.sh script

Signed-off-by: Simon L. <szaimen@e.mail.de>

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/get-configurable-aio-variables.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/get-configurable-aio-variables.sh b/php/get-configurable-aio-variables.sh
index 44536bd3..3093e1e0 100755
--- a/php/get-configurable-aio-variables.sh
+++ b/php/get-configurable-aio-variables.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-awk '/^    public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' php/src/Data/ConfigurationManager.php | sort
+awk '/^    public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' src/Data/ConfigurationManager.php | sort

From 9871a3eb9a75910d32e5aa4c806a5e3ed1264f05 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 16 Jan 2026 15:22:18 +0100
Subject: [PATCH 3917/3949] insert the AIO version into Nextcloud's system
 config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                   | 1 +
 php/src/Data/ConfigurationManager.php | 9 +++++++++
 php/src/Data/DataConst.php            | 4 ++++
 3 files changed, 14 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index 8c507f91..8e9218ac 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -219,6 +219,7 @@
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
         "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
         "AIO_URL=%AIO_URL%",
+        "NC_AIO_VERSION=v%AIO_VERSION%",
         "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
         "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
         "CLAMAV_HOST=nextcloud-aio-clamav",
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 25263b50..124e78c6 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -420,6 +420,14 @@ class ConfigurationManager
         return $backupTimes;
     }
 
+    public function getAioVersion() : string {
+        $path = DataConst::GetAioVersionFile();
+        if ($path !== '' && file_exists($path)) {
+            return trim((string)file_get_contents($path));
+        }
+        return '';
+    }
+
     private function isx64Platform() : bool {
         if (php_uname('m') === 'x86_64') {
             return true;
@@ -1043,6 +1051,7 @@ class ConfigurationManager
             // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
+            'AIO_VERSION' => $this->getAioVersion(),
             default => $this->GetRegisteredSecret($placeholder),
         };
     }
diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php
index 9111a98a..9272e3d4 100644
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -66,4 +66,8 @@ class DataConst {
     public static function GetContainersDefinitionPath() : string {
         return (string)realpath(__DIR__ . '/../../containers.json');
     }
+
+    public static function GetAioVersionFile() : string {
+        return (string)realpath(__DIR__ . '/../../templates/includes/aio-version.twig');
+    }
 }

From bf43a6dae6e1a760f79ca33f800991e355c6c061 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Wed, 28 Jan 2026 16:51:36 +0100
Subject: [PATCH 3918/3949] Lower case method names in ConfigurationManager

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
---
 php/public/index.php                          |  14 +-
 php/src/ContainerDefinitionFetcher.php        |   2 +-
 .../Controller/ConfigurationController.php    |  18 +--
 php/src/Data/ConfigurationManager.php         | 134 +++++++++---------
 php/src/Docker/DockerActionManager.php        |   4 +-
 5 files changed, 86 insertions(+), 86 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 1ec42949..cc06bb90 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -95,10 +95,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'apache_port' => $configurationManager->apachePort,
         'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
         'borg_remote_repo' => $configurationManager->borgRemoteRepo,
-        'borg_public_key' => $configurationManager->GetBorgPublicKey(),
-        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
+        'borg_public_key' => $configurationManager->getBorgPublicKey(),
+        'nextcloud_password' => $configurationManager->getAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->getAndGenerateSecret('BORGBACKUP_PASSWORD'),
         'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
@@ -107,15 +107,15 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'borg_backup_mode' => $configurationManager->backupMode,
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
         'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
-        'last_backup_time' => $configurationManager->GetLastBackupTime(),
-        'backup_times' => $configurationManager->GetBackupTimes(),
+        'last_backup_time' => $configurationManager->getLastBackupTime(),
+        'backup_times' => $configurationManager->getBackupTimes(),
         'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'is_clamav_enabled' => $configurationManager->isClamavEnabled,
         'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
         'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
         'is_talk_enabled' => $configurationManager->isTalkEnabled,
         'borg_restore_password' => $configurationManager->borgRestorePassword,
-        'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
+        'daily_backup_time' => $configurationManager->getDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
         'timezone' => $configurationManager->timezone,
         'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
@@ -126,7 +126,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_backup_section_enabled' => !$configurationManager->disableBackupSection,
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
-        'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
+        'additional_backup_directories' => $configurationManager->getAdditionalBackupDirectoriesString(),
         'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount,
         'nextcloud_mount' => $configurationManager->nextcloudMount,
         'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 831a7bc5..d2519ed7 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -246,7 +246,7 @@ readonly class ContainerDefinitionFetcher {
                 // All secrets are registered with the configuration when they 
                 // are discovered so they can be later generated at time-of-use.
                 foreach ($entry['secrets'] as $secret) {
-                    $this->configurationManager->RegisterSecret($secret);
+                    $this->configurationManager->registerSecret($secret);
                 }
             }
 
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index 8bf193e0..bb55e10f 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -20,26 +20,26 @@ readonly class ConfigurationController {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
                 $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']);
-                $this->configurationManager->SetDomain($domain, $skipDomainValidation);
+                $this->configurationManager->setDomain($domain, $skipDomainValidation);
             }
 
             if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) {
                 $currentMasterPassword = $request->getParsedBody()['current-master-password'] ?? '';
                 $newMasterPassword = $request->getParsedBody()['new-master-password'] ?? '';
-                $this->configurationManager->ChangeMasterPassword($currentMasterPassword, $newMasterPassword);
+                $this->configurationManager->changeMasterPassword($currentMasterPassword, $newMasterPassword);
             }
 
             if (isset($request->getParsedBody()['borg_backup_host_location']) || isset($request->getParsedBody()['borg_remote_repo'])) {
                 $location = $request->getParsedBody()['borg_backup_host_location'] ?? '';
                 $borgRemoteRepo = $request->getParsedBody()['borg_remote_repo'] ?? '';
-                $this->configurationManager->SetBorgLocationVars($location, $borgRemoteRepo);
+                $this->configurationManager->setBorgLocationVars($location, $borgRemoteRepo);
             }
 
             if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_remote_repo']) || isset($request->getParsedBody()['borg_restore_password'])) {
                 $restoreLocation = $request->getParsedBody()['borg_restore_host_location'] ?? '';
                 $borgRemoteRepo = $request->getParsedBody()['borg_restore_remote_repo'] ?? '';
                 $borgPassword = $request->getParsedBody()['borg_restore_password'] ?? '';
-                $this->configurationManager->SetBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword);
+                $this->configurationManager->setBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword);
             }
 
             if (isset($request->getParsedBody()['daily_backup_time'])) {
@@ -54,16 +54,16 @@ readonly class ConfigurationController {
                     $successNotification = false;
                 }
                 $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
-                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification);
+                $this->configurationManager->setDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification);
             }
 
             if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
-                $this->configurationManager->DeleteDailyBackupTime();
+                $this->configurationManager->deleteDailyBackupTime();
             }
 
             if (isset($request->getParsedBody()['additional_backup_directories'])) {
                 $additionalBackupDirectories = $request->getParsedBody()['additional_backup_directories'] ?? '';
-                $this->configurationManager->SetAdditionalBackupDirectories($additionalBackupDirectories);
+                $this->configurationManager->setAdditionalBackupDirectories($additionalBackupDirectories);
             }
 
             if (isset($request->getParsedBody()['delete_timezone'])) {
@@ -112,7 +112,7 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
-                $this->configurationManager->DeleteCollaboraDictionaries();
+                $this->configurationManager->deleteCollaboraDictionaries();
             }
 
             if (isset($request->getParsedBody()['collabora_dictionaries'])) {
@@ -130,7 +130,7 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
-                $this->configurationManager->DeleteBorgBackupLocationItems();
+                $this->configurationManager->deleteBorgBackupLocationItems();
             }
 
             return $response->withStatus(201)->withHeader('Location', '.');
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 124e78c6..e65d5504 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -119,7 +119,7 @@ class ConfigurationManager
 
     public string $domain {
         get => $this->get('domain', '');
-        set { $this->SetDomain($value); }
+        set { $this->setDomain($value); }
     }
 
     public string $borgBackupHostLocation {
@@ -138,7 +138,7 @@ class ConfigurationManager
     }
 
     public string $apacheIpBinding {
-        get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', '');
+        get => $this->getEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', '');
         set { $this->set('apache_ip_binding', $value); }
     }
 
@@ -189,106 +189,106 @@ class ConfigurationManager
     }
 
     public string $apachePort {
-        get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
+        get => $this->getEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
         set { $this->set('apache_port', $value); }
     }
 
     public string $talkPort {
-        get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
+        get => $this->getEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478');
         set { $this->set('talk_port', $value); }
     }
 
     public string $nextcloudMount {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', '');
         set { $this->set('nextcloud_mount', $value); }
     }
 
     public string $nextcloudDatadirMount {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data');
         set { $this->set('nextcloud_datadir_mount', $value); }
     }
 
     public string $nextcloudUploadLimit {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G');
         set { $this->set('nextcloud_upload_limit', $value); }
     }
 
     public string $nextcloudMemoryLimit {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M');
         set { $this->set('nextcloud_memory_limit', $value); }
     }
 
-    public function GetApacheMaxSize() : int {
+    public function getApacheMaxSize() : int {
         $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G');
         return $uploadLimit * 1024 * 1024 * 1024;
     }
 
     public string $nextcloudMaxTime {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600');
         set { $this->set('nextcloud_max_time', $value); }
     }
 
     public string $borgRetentionPolicy {
-        get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6');
+        get => $this->getEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6');
         set { $this->set('borg_retention_policy', $value); }
     }
 
     public string $fulltextsearchJavaOptions {
-        get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M');
+        get => $this->getEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M');
         set { $this->set('fulltextsearch_java_options', $value); }
     }
 
     public string $dockerSocketPath {
-        get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock');
+        get => $this->getEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock');
         set { $this->set('docker_socket_path', $value); }
     }
 
     public string $trustedCacertsDir {
-        get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
+        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
         set { $this->set('trusted_cacerts_dir', $value); }
     }
 
     public string $nextcloudAdditionalApks {
-        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick'));
+        get => trim($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick'));
         set { $this->set('nextcloud_addtional_apks', $value); }
     }
 
     public string $nextcloudAdditionalPhpExtensions {
-        get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick'));
+        get => trim($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick'));
         set { $this->set('nextcloud_additional_php_extensions', $value); }
     }
 
     public bool $collaboraSeccompDisabled {
-        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
+        get => $this->booleanize($this->getEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
         set { $this->set('collabora_seccomp_disabled', $value); }
     }
 
     public string $apacheAdditionalNetwork {
-        get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
+        get => $this->getEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
         set { $this->set('apache_additional_network', $value); }
     }
 
     public bool $disableBackupSection {
-        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
+        get => $this->booleanize($this->getEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
         set { $this->set('disable_backup_section', $value); }
     }
 
     public bool $nextcloudEnableDriDevice{
-        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
+        get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', ''));
         set { $this->set('nextcloud_enable_dri_device', $value); }
     }
 
     public bool $enableNvidiaGpu {
-        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
+        get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', ''));
         set { $this->set('enable_nvidia_gpu', $value); }
     }
 
     public bool $nextcloudKeepDisabledApps {
-        get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
+        get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', ''));
         set { $this->set('nextcloud_keep_disabled_apps', $value); }
     }
 
-    private function GetConfig() : array
+    private function getConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
         {
@@ -300,15 +300,15 @@ class ConfigurationManager
     }
 
     private function get(string $key, mixed $fallbackValue = null) : mixed {
-        return $this->GetConfig()[$key] ?? $fallbackValue;
+        return $this->getConfig()[$key] ?? $fallbackValue;
     }
 
     private function set(string $key, mixed $value) : void {
-        $this->GetConfig();
+        $this->getConfig();
         $this->config[$key] = $value;
         // Only write if this isn't called in between startTransaction() and commitTransaction().
         if ($this->noWrite !== true) {
-            $this->WriteConfig();
+            $this->writeConfig();
         }
     }
 
@@ -317,7 +317,7 @@ class ConfigurationManager
      * followed by a call to commitTransaction(), which then writes all changes to disk.
      */
     public function startTransaction() : void {
-        $this->GetConfig();
+        $this->getConfig();
         $this->noWrite = true;
     }
 
@@ -326,13 +326,13 @@ class ConfigurationManager
      */
     public function commitTransaction() : void {
         try {
-            $this->WriteConfig();
+            $this->writeConfig();
         } finally {
             $this->noWrite = false;
         }
     }
 
-    public function GetAndGenerateSecret(string $secretId) : string {
+    public function getAndGenerateSecret(string $secretId) : string {
         if ($secretId === '') {
             return '';
         }
@@ -344,24 +344,24 @@ class ConfigurationManager
         }
 
         if ($secretId === 'BORGBACKUP_PASSWORD' && !file_exists(DataConst::GetBackupSecretFile())) {
-            $this->DoubleSafeBackupSecret($secrets[$secretId]);
+            $this->doubleSafeBackupSecret($secrets[$secretId]);
         }
 
         return $secrets[$secretId];
     }
 
-    public function GetRegisteredSecret(string $secretId) : string {
+    public function getRegisteredSecret(string $secretId) : string {
         if ($this->secrets[$secretId]) {
-            return $this->GetAndGenerateSecret($secretId);
+            return $this->getAndGenerateSecret($secretId);
         }
         throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
     }
 
-    public function RegisterSecret(string $secretId) : void {
+    public function registerSecret(string $secretId) : void {
         $this->secrets[$secretId] = true;
     }
 
-    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
+    private function doubleSafeBackupSecret(string $borgBackupPassword) : void {
         file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
     }
 
@@ -373,7 +373,7 @@ class ConfigurationManager
         }
     }
 
-    public function GetLastBackupTime() : string {
+    public function getLastBackupTime() : string {
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return '';
         }
@@ -398,7 +398,7 @@ class ConfigurationManager
         return $lastBackupTime;
     }
 
-    public function GetBackupTimes() : array {
+    public function getBackupTimes() : array {
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return [];
         }
@@ -441,7 +441,7 @@ class ConfigurationManager
      *
      * We can't turn this into a private validation method because of the second argument.
      */
-    public function SetDomain(string $domain, bool $skipDomainValidation) : void {
+    public function setDomain(string $domain, bool $skipDomainValidation) : void {
         // Validate that at least one dot is contained
         if (!str_contains($domain, '.')) {
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
@@ -508,7 +508,7 @@ class ConfigurationManager
             }
 
             // Get Instance ID
-            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
+            $instanceID = $this->getAndGenerateSecret('INSTANCE_ID');
 
             // set protocol
             if ($port !== '443') {
@@ -555,7 +555,7 @@ class ConfigurationManager
         $this->commitTransaction();
     }
 
-    public function GetBaseDN() : string {
+    public function getBaseDN() : string {
         $domain = $this->domain;
         if ($domain === "") {
             return "";
@@ -566,15 +566,15 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetBorgLocationVars(string $location, string $repo) : void {
-        $this->ValidateBorgLocationVars($location, $repo);
+    public function setBorgLocationVars(string $location, string $repo) : void {
+        $this->validateBorgLocationVars($location, $repo);
         $this->startTransaction();
         $this->borgBackupHostLocation = $location;
         $this->borgRemoteRepo = $repo;
         $this->commitTransaction();
     }
 
-    private function ValidateBorgLocationVars(string $location, string $repo) : void {
+    private function validateBorgLocationVars(string $location, string $repo) : void {
         if ($location === '' && $repo === '') {
             throw new InvalidSettingConfigurationException("Please enter a path or a remote repo url!");
         } elseif ($location !== '' && $repo !== '') {
@@ -600,11 +600,11 @@ class ConfigurationManager
             }
 
         } else {
-            $this->ValidateBorgRemoteRepo($repo);
+            $this->validateBorgRemoteRepo($repo);
         }
     }
 
-    private function ValidateBorgRemoteRepo(string $repo) : void {
+    private function validateBorgRemoteRepo(string $repo) : void {
         $commonMsg = "For valid urls, see the remote examples at https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls";
         if ($repo === "") {
             // Ok, remote repo is optional
@@ -615,7 +615,7 @@ class ConfigurationManager
         }
     }
 
-    public function DeleteBorgBackupLocationItems() : void {
+    public function deleteBorgBackupLocationItems() : void {
         // Delete the variables
         $this->startTransaction();
         $this->borgBackupHostLocation = '';
@@ -633,8 +633,8 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetBorgRestoreLocationVarsAndPassword(string $location, string $repo, string $password) : void {
-        $this->ValidateBorgLocationVars($location, $repo);
+    public function setBorgRestoreLocationVarsAndPassword(string $location, string $repo, string $password) : void {
+        $this->validateBorgLocationVars($location, $repo);
 
         if ($password === '') {
             throw new InvalidSettingConfigurationException("Please enter the password!");
@@ -651,7 +651,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function ChangeMasterPassword(string $currentPassword, string $newPassword) : void {
+    public function changeMasterPassword(string $currentPassword, string $newPassword) : void {
         if ($currentPassword === '') {
             throw new InvalidSettingConfigurationException("Please enter your current password.");
         }
@@ -679,7 +679,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    private function WriteConfig() : void {
+    private function writeConfig() : void {
         if(!is_dir(DataConst::GetDataDirectory())) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
@@ -697,7 +697,7 @@ class ConfigurationManager
         $this->config = [];
     }
 
-    private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
+    private function getEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
         $envVariableOutput = getenv($envVariableName);
         $configValue = $this->get($configName, '');
         if ($envVariableOutput === false) {
@@ -716,7 +716,7 @@ class ConfigurationManager
         return $envVariableOutput;
     }
 
-    public function GetBorgPublicKey() : string {
+    public function getBorgPublicKey() : string {
         if (!file_exists(DataConst::GetBackupPublicKey())) {
             return "";
         }
@@ -724,7 +724,7 @@ class ConfigurationManager
         return trim((string)file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
-    public function GetCollaboraSeccompPolicy() : string {
+    public function getCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
         if (!$this->collaboraSeccompDisabled) {
             return $defaultString . 'true';
@@ -735,7 +735,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates, bool $successNotification) : void {
+    public function setDailyBackupTime(string $time, bool $enableAutomaticUpdates, bool $successNotification) : void {
         if ($time === "") {
             throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
         }
@@ -757,7 +757,7 @@ class ConfigurationManager
         file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
     }
 
-    public function GetDailyBackupTime() : string {
+    public function getDailyBackupTime() : string {
         if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
             return '';
         }
@@ -779,7 +779,7 @@ class ConfigurationManager
         }
     }
 
-    public function DeleteDailyBackupTime() : void {
+    public function deleteDailyBackupTime() : void {
         if (file_exists(DataConst::GetDailyBackupTimeFile())) {
             unlink(DataConst::GetDailyBackupTimeFile());
         }
@@ -788,7 +788,7 @@ class ConfigurationManager
     /**
      * @throws InvalidSettingConfigurationException
      */
-    public function SetAdditionalBackupDirectories(string $additionalBackupDirectories) : void {
+    public function setAdditionalBackupDirectories(string $additionalBackupDirectories) : void {
         $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
         $validDirectories = '';
         foreach($additionalBackupDirectoriesArray as $entry) {
@@ -809,15 +809,15 @@ class ConfigurationManager
         }
     }
 
-    public function GetAdditionalBackupDirectoriesString() : string {
+    public function getAdditionalBackupDirectoriesString() : string {
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
         }
         return (string)file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
     }
 
-    public function GetAdditionalBackupDirectoriesArray() : array {
-        $additionalBackupDirectories = $this->GetAdditionalBackupDirectoriesString();
+    public function getAdditionalBackupDirectoriesArray() : array {
+        $additionalBackupDirectories = $this->getAdditionalBackupDirectoriesString();
         $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
         $additionalBackupDirectoriesArray = array_unique($additionalBackupDirectoriesArray, SORT_REGULAR);
         return $additionalBackupDirectoriesArray;
@@ -854,7 +854,7 @@ class ConfigurationManager
         return false;
     }
 
-    public function GetNextcloudStartupApps() : string {
+    public function getNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {
             return trim($apps);
@@ -878,7 +878,7 @@ class ConfigurationManager
     /**
      * Provide an extra method since the corresponding attribute setter prevents setting an empty value.
      */
-    public function DeleteCollaboraDictionaries() : void {
+    public function deleteCollaboraDictionaries() : void {
         $this->set('collabora_dictionaries', '');
     }
 
@@ -1007,7 +1007,7 @@ class ConfigurationManager
     private function getPlaceholderValue(string $placeholder) : string {
         return match ($placeholder) {
             'NC_DOMAIN' => $this->domain,
-            'NC_BASE_DN' => $this->GetBaseDN(),
+            'NC_BASE_DN' => $this->getBaseDN(),
             'AIO_TOKEN' => $this->aioToken,
             'BORGBACKUP_REMOTE_REPO' => $this->borgRemoteRepo,
             'BORGBACKUP_MODE' => $this->backupMode,
@@ -1037,11 +1037,11 @@ class ConfigurationManager
             'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy,
             'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions,
             'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->trustedCacertsDir,
-            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
+            'ADDITIONAL_DIRECTORIES_BACKUP' => $this->getAdditionalBackupDirectoriesString() !== '' ? 'yes' : '',
             'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation,
-            'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()),
-            'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(),
-            'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(),
+            'APACHE_MAX_SIZE' => (string)($this->getApacheMaxSize()),
+            'COLLABORA_SECCOMP_POLICY' => $this->getCollaboraSeccompPolicy(),
+            'NEXTCLOUD_STARTUP_APPS' => $this->getNextcloudStartupApps(),
             'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks,
             'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions,
             'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '',
@@ -1052,7 +1052,7 @@ class ConfigurationManager
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
             'AIO_VERSION' => $this->getAioVersion(),
-            default => $this->GetRegisteredSecret($placeholder),
+            default => $this->getRegisteredSecret($placeholder),
         };
     }
     
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index db48dc2c..6fea395f 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -383,7 +383,7 @@ readonly class DockerActionManager {
             // Make volumes read only in case of borgbackup container. The viewer makes them writeable
             $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup';
 
-            foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
+            foreach ($this->configurationManager->getAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
                         $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly];
@@ -940,7 +940,7 @@ readonly class DockerActionManager {
     }
 
     public function GetAndGenerateSecretWrapper(string $secretId): string {
-        return $this->configurationManager->GetAndGenerateSecret($secretId);
+        return $this->configurationManager->getAndGenerateSecret($secretId);
     }
 
     public function isNextcloudImageOutdated(): bool {

From caac0443b3c2639761336d2e9cb639b3a6600d25 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:36 +0000
Subject: [PATCH 3919/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/alpine

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile
index 718c5510..1098b4c4 100644
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a

From 120c9ba9274649e141eea4c5e39c04b8bd2cd804 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:42 +0000
Subject: [PATCH 3920/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/borgbackup

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/borgbackup/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile
index 97d6198b..6e3180cb 100644
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 RUN set -ex; \
     \

From da70dafa3d96799bbcef956d5bfda5a88e02298e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:45 +0000
Subject: [PATCH 3921/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/clamav

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/clamav/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e81fb06e..6910ae1c 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From b3a4eda249f570ef1c7318615f46b11c5f05ab10 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:46 +0000
Subject: [PATCH 3922/3949] build(deps): bump collabora/code in
 /Containers/collabora

Bumps collabora/code from 25.04.8.1.1 to 25.04.8.2.1.

---
updated-dependencies:
- dependency-name: collabora/code
  dependency-version: 25.04.8.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 976360cb..d1693da0 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.8.1.1
+FROM collabora/code:25.04.8.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From abdcc9f551c30ae01366c6757a9a0d5550607a03 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:52 +0000
Subject: [PATCH 3923/3949] build(deps): bump alpine in /Containers/domaincheck

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/domaincheck/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile
index 8122f315..374aba4a 100644
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

From 8e48e92ebcfbdd0a88f1fda6d8680cb694c99dda Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:07:58 +0000
Subject: [PATCH 3924/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/imaginary

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/imaginary/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 650c4c67..b108ac18 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -14,7 +14,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

From d6f1bdd8d39b3d00d2a0bad2a29d7aed67daf0fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:08:35 +0000
Subject: [PATCH 3925/3949] build(deps): bump alpine in /Containers/notify-push

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/notify-push/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile
index 425115c4..838c847c 100644
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

From 3ba704b233f89ba00099e2d5db11b31a5a737c5c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:08:41 +0000
Subject: [PATCH 3926/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/talk

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/talk/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index fc8cc54a..e8d3d72f 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -2,7 +2,7 @@
 FROM nats:2.12.4-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
-FROM alpine:3.23.2 AS janus
+FROM alpine:3.23.3 AS janus
 
 ARG JANUS_VERSION=v1.3.3
 WORKDIR /src
@@ -35,7 +35,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 ENV ETURNAL_ETC_DIR="/conf"
 ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local

From a72b79f63bad3f1c3613692b728d2ba74128e46b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 04:08:55 +0000
Subject: [PATCH 3927/3949] build(deps): bump alpine from 3.23.2 to 3.23.3 in
 /Containers/watchtower

Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/watchtower/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index 83bccc07..fc9ea093 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0
 
-FROM alpine:3.23.2
+FROM alpine:3.23.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

From 7de7ee1244bd19107da284ce0427bc0415d1b58a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Jan 2026 09:47:21 +0100
Subject: [PATCH 3928/3949] apply suggestion

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/pull_request_template.md | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 7958ceab..0350cecc 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -5,21 +5,4 @@
 -->
 
 * Resolves: # <!-- related github issue -->
-
-## Summary
-
-
-## TODO
-
-- [ ] ...
-
-## Checklist
-
-- Code is [properly formatted](https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/continuous_integration.html#linting)
-- [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits
-- [ ] Tests ([unit](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#unit-tests), [integration](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#integration-tests), api and/or acceptance) are included
-- [ ] Screenshots before/after for front-end changes
-- [ ] Documentation ([manuals](https://github.com/nextcloud/documentation/) or wiki) has been updated or is not required
-- [ ] [Backports requested](https://github.com/nextcloud/backportbot/#usage) where applicable (ex: critical bugfixes)
-- [ ] [Labels added](https://github.com/nextcloud/server/labels) where applicable (ex: bug/enhancement, `3. to review`, feature component)
-- [ ] [Milestone added](https://github.com/nextcloud/server/milestones) for target branch/version (ex: 32.x for `stable32`)
+* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits

From b47e89468157cba66f2c1d3f78a344bf38abc199 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Jan 2026 09:54:34 +0100
Subject: [PATCH 3929/3949] increase timeout for backup restore

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/tests/tests/restore-instance.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js
index e93cf340..696a4376 100644
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -74,7 +74,7 @@ test('Restore instance', async ({ page: setupPage }) => {
     dialog.accept()
   });
   await containersPage.getByRole('button', { name: 'Start and update containers' }).click();
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 });
+  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 8 * 60 * 1000 });
   await expect(containersPage.getByRole('main')).toContainText(initialNextcloudPassword);
 
   // Verify that containers are all stopped

From ff3fb24fa772f02825351af5adda03364c77195b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 12:10:04 +0000
Subject: [PATCH 3930/3949] build(deps): bump peter-evans/create-pull-request
 in /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/22a9089034f40e5a961c8808d113e2c98fb63676...c0f553fe549906ede9cf27b5156039d195d2ece0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 81ea8ff1..a61067f3 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 7bdc5d1a..3805a0d0 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 171fb132..05050a20 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 5b420c20..b2475290 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 0c2f8aee..bcbb12c3 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 28f9fef7..b19e1cb5 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 2dcd2e73..92cbb978 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index a60ea1c6..6e150261 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index c04657be..ecd82a69 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From c64ecba63c3ce3e5b07b1ffb566b5a9a5811ac6b Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 28 Jan 2026 18:46:01 +0100
Subject: [PATCH 3931/3949] Update GPG key import method in entrypoint.sh

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/nextcloud/entrypoint.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index 5f47a0f4..d4b4f253 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -182,8 +182,11 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/latest-${NEXT_MAJOR}.tar.bz2.asc"
             GNUPGHOME="$(mktemp -d)"
             export GNUPGHOME
-            # gpg key from https://nextcloud.com/nextcloud.asc
-            gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A
+            if ! gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; then
+                if ! gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 28806A878AE423A28372792ED75899B9A724937A; then
+                    curl -sSL https://nextcloud.com/nextcloud.asc | gpg --import
+                fi
+            fi
             gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2
             mkdir -p /usr/src/tmp
             tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/

From a5efaafef20f1b60116021489db566807a7deb71 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Jan 2026 13:54:31 +0100
Subject: [PATCH 3932/3949] update-yaml.sh: remove the `NC_AIO_VERSION`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 manual-install/update-yaml.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index af746aee..928275da 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -47,6 +47,7 @@ sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 sed -i '/TURN_DOMAIN/d' containers.yml
+sed -i '/NC_AIO_VERSION/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"

From ffd8dac1b4e95c05e7c0c27d66653576d0ffeb6e Mon Sep 17 00:00:00 2001
From: MrAn0nym <63542658+MrAn0nym@users.noreply.github.com>
Date: Thu, 29 Jan 2026 14:29:15 +0100
Subject: [PATCH 3933/3949] Fix: Additional Collabora options not working
 correctly (#7481)

Signed-off-by: MrAn0nym <63542658+MrAn0nym@users.noreply.github.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Simon L. <szaimen@e.mail.de>
Co-authored-by: Pablo Zmdl <57864086+pabzm@users.noreply.github.com>
---
 php/src/Docker/DockerActionManager.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6fea395f..a8891c3c 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -420,7 +420,13 @@ readonly class DockerActionManager {
 
             // Additional Collabora options
             if ($this->configurationManager->collaboraAdditionalOptions !== '') {
-                $requestBody['Cmd'] = [$this->configurationManager->collaboraAdditionalOptions];
+                // Split the list of Collabora options, which are stored as a string but must be assigned as an array.
+                // To avoid problems with whitespace or dashes in option arguments we use a regular expression
+                // that splits the string at every position where a whitespace is followed by '--o:'.
+                // The leading whitespace is removed in the split but the following characters are not.
+                // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"] 
+                $regEx = '/\s+(?=--o:)/';
+                $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions));
             }
         }
 

From ec6850be6371249654f5834bfe85182d0450b2f7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 29 Jan 2026 15:04:23 +0100
Subject: [PATCH 3934/3949] aio-interface: rename Collabora everywhere to
 Nextcloud Office

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .../includes/optional-containers.twig          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index dcf59bfb..68c8689d 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -228,10 +228,10 @@
 {% endif %}
 
 {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
-    <h3>Collabora dictionaries</h3>
+    <h3>Nextcloud Office dictionaries</h3>
 
     {% if collabora_dictionaries == "" %}
-        <p>In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:</p>
+        <p>In order to get the correct dictionaries in Nextcloud Office, you may configure the dictionaries below:</p>
         <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -240,34 +240,34 @@
         </form>
         <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
     {% else %}
-        <p>The dictionaries for Collabora are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
+        <p>The dictionaries for Nextcloud Office are currently set to <strong>{{ collabora_dictionaries }}</strong>. You can reset them again by clicking on the button below.</p>
         <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input type="submit" value="Reset collabora dictionaries" />
+            <input type="submit" value="Reset Nextcloud Office dictionaries" />
         </form>
     {% endif %}
 
-    <h3>Additional Collabora options</h3>
+    <h3>Additional Nextcloud Office options</h3>
 
     {% if collabora_additional_options == "" %}
-        <p>You can configure additional options for collabora below.</p>
+        <p>You can configure additional options for Nextcloud Office below.</p>
         <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
         <form method="POST" action="api/configuration" class="xhr">
             <input type="text" name="collabora_additional_options" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input type="submit" value="Submit additional collabora options" />
+            <input type="submit" value="Submit additional Nextcloud Office options" />
         </form>
         <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
     {% else %}
-        <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
+        <p>The additioinal options for Nextcloud Office are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
         <form method="POST" action="api/configuration" class="xhr">
             <input type="hidden" name="delete_collabora_additional_options" value="yes"/>
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input type="submit" value="Reset additional collabora options" />
+            <input type="submit" value="Reset additional Nextcloud Office options" />
         </form>
     {% endif %}
 {% endif %}

From 12b065f9b629fc094a80125ec3263594d7343cd5 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:11:04 +0100
Subject: [PATCH 3935/3949] Adjust local-ai community container to add Vulkan
 support (#5797)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Co-authored-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md        |  3 +-
 community-containers/local-ai/local-ai.json | 49 ++++++++++++++-------
 community-containers/local-ai/readme.md     | 19 +++-----
 3 files changed, 42 insertions(+), 29 deletions(-)

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 803bbec2..fd2f30ef 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -14,6 +14,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
+- If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index 8e2aedb3..fceb4394 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -4,42 +4,59 @@
             "container_name": "nextcloud-aio-local-ai",
             "display_name": "Local AI",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
-            "image": "ghcr.io/szaimen/aio-local-ai",
-            "image_tag": "v2",
-            "internal_port": "8080",
+            "image": "ghcr.io/docjyj/aio-local-ai-vulkan",
+            "image_tag": "v1",
+            "internal_port": "10078",
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "MODELS_PATH=/models"
+                "LOCALAI_API_KEY=%LOCALAI_API_KEY%",
+                "LOCALAI_ADDRESS=:10078",
+                "LOCALAI_CONFIG_DIR=/configuration",
+                "LOCALAI_MODEL_PATH=/models",
+                "LOCALAI_BACKEND_PATH=/backends"
+            ],
+            "ports": [
+                {
+                  "ip_binding": "%APACHE_IP_BINDING%",
+                  "port_number": "10078",
+                  "protocol": "tcp"
+                }
             ],
             "volumes": [
+                {
+                  "source": "nextcloud_aio_localai_configuration",
+                  "destination": "/configuration",
+                  "writeable": true
+                },
                 {
                     "source": "nextcloud_aio_localai_models",
                     "destination": "/models",
                     "writeable": true
                 },
                 {
-                    "source": "nextcloud_aio_localai_images",
-                    "destination": "/tmp/generated/images/",
+                    "source": "nextcloud_aio_localai_backends",
+                    "destination": "/backends",
                     "writeable": true
-                },
-                {
-                    "source": "%NEXTCLOUD_DATADIR%",
-                    "destination": "/nextcloud",
-                    "writeable": false
                 }
             ],
-            "enable_nvidia_gpu": false,
+            "secrets": [
+                "LOCALAI_API_KEY"
+            ],
+            "ui_secret": "LOCALAI_API_KEY",
+            "devices": [
+                "/dev/dri"
+            ],
             "nextcloud_exec_commands": [
-                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'",
-                "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.yaml'",
-                "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
-                "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
                 "php /var/www/html/occ app:install integration_openai",
                 "php /var/www/html/occ app:enable integration_openai",
                 "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
+                "php /var/www/html/occ config:app:set integration_openai api_key --value %LOCALAI_API_KEY%",
                 "php /var/www/html/occ app:install assistant",
                 "php /var/www/html/occ app:enable assistant"
+            ],
+            "backup_volumes": [
+              "nextcloud_aio_localai_configuration"
             ]
         }
     ]
diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md
index 2ab05996..02722bd0 100644
--- a/community-containers/local-ai/readme.md
+++ b/community-containers/local-ai/readme.md
@@ -1,21 +1,16 @@
 ## Local AI
-This container bundles Local AI and auto-configures it for you.
+This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan.
 
 ### Notes
-- Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
-- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/mudler/LocalAI/blob/master/gallery/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
-- Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
-```yaml
-# Stable Diffusion in NCNN with c++, supported txt2img and img2img 
-- url: github:mudler/LocalAI/blob/master/gallery/stablediffusion.yaml
-  name: Stable_diffusion
-```
--  To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work.
+Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback!
+
+- See https://github.com/docjyJ/aio-local-ai-vulkan#getting-started for getting start with this container.
 - See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed
+- Note that Nextcloud supports only one server for AI queries, so this container cannot be used at the same time as other AI containers.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
-https://github.com/szaimen/aio-local-ai
+https://github.com/docjyJ/aio-local-ai-vulkan
 
 ### Maintainer
-https://github.com/szaimen
+https://github.com/docjyJ

From b55260842d10195d104193cbb0d708a49f519b96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Jan 2026 04:07:42 +0000
Subject: [PATCH 3936/3949] build(deps): bump haproxy in
 /Containers/docker-socket-proxy

Bumps haproxy from 3.3.1-alpine to 3.3.2-alpine.

---
updated-dependencies:
- dependency-name: haproxy
  dependency-version: 3.3.2-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/docker-socket-proxy/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 62590f6f..ffc867a8 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.1-alpine
+FROM haproxy:3.3.2-alpine
 
 # hadolint ignore=DL3002
 USER root

From 716d3b0f17e6ce3805d0c94bfa7c5bcbc112550b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Jan 2026 04:08:51 +0000
Subject: [PATCH 3937/3949] build(deps): bump nextcloud-releases/whiteboard

Bumps nextcloud-releases/whiteboard from v1.5.3 to v1.5.4.

---
updated-dependencies:
- dependency-name: nextcloud-releases/whiteboard
  dependency-version: v1.5.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/whiteboard/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 3a3c5542..c83dd46b 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.4
 
 USER root
 RUN set -ex; \

From 748b2cc73b6182c2df4ac2f16f54d84ad665f7a2 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 Jan 2026 09:20:00 +0100
Subject: [PATCH 3938/3949] only allow to set `APACHE_ADDITIONAL_NETWORK` via
 environmental variable and do not restore it on backup restore

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php  | 13 ++++++++-----
 php/src/Docker/DockerActionManager.php |  2 +-
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e65d5504..7534acda 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -263,11 +263,6 @@ class ConfigurationManager
         set { $this->set('collabora_seccomp_disabled', $value); }
     }
 
-    public string $apacheAdditionalNetwork {
-        get => $this->getEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', '');
-        set { $this->set('apache_additional_network', $value); }
-    }
-
     public bool $disableBackupSection {
         get => $this->booleanize($this->getEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', ''));
         set { $this->set('disable_backup_section', $value); }
@@ -854,6 +849,14 @@ class ConfigurationManager
         return false;
     }
 
+    public function getApacheAdditionalNetwork() : string {
+        $network = getenv('APACHE_ADDITIONAL_NETWORK');
+        if (is_string($network)) {
+            return trim($network);
+        }
+        return '';
+    }
+
     public function getNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index a8891c3c..86b36619 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -843,7 +843,7 @@ readonly class DockerActionManager {
         $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias);
 
         if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') {
-            $apacheAdditionalNetwork = $this->configurationManager->apacheAdditionalNetwork;
+            $apacheAdditionalNetwork = $this->configurationManager->getApacheAdditionalNetwork();
             if ($apacheAdditionalNetwork !== '') {
                 $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias);
             }

From a037be95c73fed8bca8f73482a3b311c5196c3e4 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 Jan 2026 09:51:08 +0100
Subject: [PATCH 3939/3949] fix remaining rename of collabora to Nextcloud
 Office

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/optional-containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 68c8689d..eabcb139 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -236,7 +236,7 @@
             <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-            <input type="submit" value="Submit collabora dictionaries" />
+            <input type="submit" value="Submit Nextcloud Office dictionaries" />
         </form>
         <p>You need to make sure that the dictionaries that you enter are valid. An example is <strong>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</strong>.</p>
     {% else %}

From b1cea36dfa47ffcf3e631b274f702ca160322371 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 Jan 2026 11:30:59 +0100
Subject: [PATCH 3940/3949] add a workflow that blocks merging if a pre-release
 was published

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/fail-on-prerelease.yml | 50 ++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/fail-on-prerelease.yml

diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml
new file mode 100644
index 00000000..5efbe242
--- /dev/null
+++ b/.github/workflows/fail-on-prerelease.yml
@@ -0,0 +1,50 @@
+name: Fail on prerelease
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  check-latest-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Check latest published release isn't a prerelease"
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+        with:
+          script: |
+            const tags = await github.rest.repos.listTags({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              per_page: 1
+            });
+
+            if (!tags.data || tags.data.length === 0) {
+              core.info('No tags found for this repository; skipping prerelease check.');
+              return;
+            }
+
+            const latestTag = tags.data[0].name;
+            core.info(`Latest tag found: ${latestTag}`);
+
+            try {
+              const { data } = await github.rest.repos.getReleaseByTag({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                tag: latestTag
+              });
+
+              if (data.prerelease) {
+                core.setFailed(`Release for tag ${latestTag} (${data.tag_name}) is a prerelease. Blocking merges to main as we need to wait for the prerelease to become stable.`);
+              } else {
+                core.info(`Release for tag ${latestTag} (${data.tag_name}) is not a prerelease.`);
+              }
+
+            } catch (err) {
+              if (err.status === 404) {
+                core.info(`No release found for tag ${latestTag}; skipping prerelease check.`);
+              } else {
+                throw err;
+              }
+            }

From dae8102088335542bcb789bcd9fbfe5d9e085512 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Fri, 30 Jan 2026 15:00:48 +0100
Subject: [PATCH 3941/3949] rename name of workflow

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/fail-on-prerelease.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml
index 5efbe242..12a288bb 100644
--- a/.github/workflows/fail-on-prerelease.yml
+++ b/.github/workflows/fail-on-prerelease.yml
@@ -1,4 +1,4 @@
-name: Fail on prerelease
+name: Block if prerelease is present
 
 on:
   pull_request:

From 88b2121eaad9b47490f857ff26492054410f86e6 Mon Sep 17 00:00:00 2001
From: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
Date: Sun, 1 Feb 2026 11:37:51 +0100
Subject: [PATCH 3942/3949] hotfix: Update Nextcloud integration URL for local
 AI

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
---
 community-containers/local-ai/local-ai.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json
index fceb4394..e906b5a7 100644
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -50,7 +50,7 @@
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install integration_openai",
                 "php /var/www/html/occ app:enable integration_openai",
-                "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
+                "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:10078",
                 "php /var/www/html/occ config:app:set integration_openai api_key --value %LOCALAI_API_KEY%",
                 "php /var/www/html/occ app:install assistant",
                 "php /var/www/html/occ app:enable assistant"

From cba66dec0b956ce10742f0285f6adf915795fbf8 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 2 Feb 2026 10:11:00 +0100
Subject: [PATCH 3943/3949] daily-backup.sh: continue with script if
 wasStartButtonClicked=true was found

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index d11f3e85..fd68e981 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -4,7 +4,7 @@ echo "Daily backup script has started"
 
 # Check if initial configuration has been done, otherwise this script should do nothing.
 CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json
-if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then
+if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then
     echo "Initial configuration via AIO interface not done yet. Exiting..."
     exit 0
 fi

From 82cbbe1829b15dcf3884b33be739133127e8c364 Mon Sep 17 00:00:00 2001
From: Pablo Zmdl <pablo@nextcloud.com>
Date: Mon, 2 Feb 2026 07:28:42 +0100
Subject: [PATCH 3944/3949] Wrap ConfigurationController#SetConfig into a
 "transaction"

This avoids a lot of subsequent writes and reads from the file system, because
now only commitTransaction() actually writes the config file.

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Controller/ConfigurationController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index bb55e10f..c40ee98c 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -17,6 +17,7 @@ readonly class ConfigurationController {
 
     public function SetConfig(Request $request, Response $response, array $args): Response {
         try {
+            $this->configurationManager->startTransaction();
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
                 $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']);
@@ -137,6 +138,8 @@ readonly class ConfigurationController {
         } catch (InvalidSettingConfigurationException $ex) {
             $response->getBody()->write($ex->getMessage());
             return $response->withStatus(422);
+        } finally {
+            $this->configurationManager->commitTransaction();
         }
     }
 }

From cfff44954bcb19b968612ae70c603d97c99d0611 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 2 Feb 2026 10:28:57 +0100
Subject: [PATCH 3945/3949] increase version to 12.6.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/includes/aio-version.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig
index 062985d4..1b62f917 100644
--- a/php/templates/includes/aio-version.twig
+++ b/php/templates/includes/aio-version.twig
@@ -1 +1 @@
-12.6.0
+12.6.1

From c84416df5df8f5efa41be0aadd57b93938914846 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 2 Feb 2026 11:06:08 +0100
Subject: [PATCH 3946/3949] fix daily-backup.sh edge case

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index fd68e981..cd6e54b3 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -4,7 +4,7 @@ echo "Daily backup script has started"
 
 # Check if initial configuration has been done, otherwise this script should do nothing.
 CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json
-if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then
+if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then
     echo "Initial configuration via AIO interface not done yet. Exiting..."
     exit 0
 fi

From b8f594b09a2fa97e998ccd195cf4628f530d6972 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 2 Feb 2026 11:22:43 +0100
Subject: [PATCH 3947/3949] fix logic detail

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/daily-backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh
index cd6e54b3..89ef3cd5 100644
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -4,7 +4,7 @@ echo "Daily backup script has started"
 
 # Check if initial configuration has been done, otherwise this script should do nothing.
 CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json
-if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then
+if ! [ -f "$CONFIG_FILE" ] || (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" && ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then
     echo "Initial configuration via AIO interface not done yet. Exiting..."
     exit 0
 fi

From e95f5cc590f162f2c3c9ac359b5961d1355aca9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Feb 2026 13:26:38 +0000
Subject: [PATCH 3948/3949] build(deps): bump actions/github-script in
 /.github/workflows

Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/d7906e4ad0b1822421a7e6a35d5ca353c962f410...ed597411d8f924073f98dfc5c65a23a2325f34cd)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/fail-on-prerelease.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml
index 12a288bb..a5b876c3 100644
--- a/.github/workflows/fail-on-prerelease.yml
+++ b/.github/workflows/fail-on-prerelease.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Check latest published release isn't a prerelease"
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6
         with:
           script: |
             const tags = await github.rest.repos.listTags({

From a16c7e28c28c0e93718cc6a03cd6ae750e63f391 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 4 Feb 2026 23:11:04 +0100
Subject: [PATCH 3949/3949] Clean up pull request template

Removed unnecessary lines from the pull request template.

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/pull_request_template.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 0350cecc..5d1441b4 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -3,6 +3,3 @@
   -
   - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
 -->
-
-* Resolves: # <!-- related github issue -->
-* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits